add clear log button (#349 )

* add clear log button * use button group for instances
update tools
2024-05-25 08:12:07 +02:00 · 2024-05-25 08:11:24 +02:00 · 2024-05-20 07:48:20 +02:00 · 2024-05-13 07:14:10 +02:00 · 2024-05-13 06:58:28 +02:00 · 2024-05-13 06:58:11 +02:00
93 changed files with 16995 additions and 3226 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -1,28 +0,0 @@
---
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
---
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. What version of AdGuardHome sync used?
-2. What version of AdGuardHome us used?
-3. How does the configuration look?
-4. What is the error message?
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Log Files**
-If applicable, add log files or json responses from AdGuardHome to help explain your problem.
-Please set  the environment variable `LOG_LEVEL=debug` to generate debug logs.
-
-**Additional context**
-Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/bug_report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yaml
@@ -0,0 +1,67 @@
+name: Bug report
+description: Create a report to help us improve
+labels: ['bug']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this issue report! If you have usage questions, please try the [FAQ](https://github.com/bakito/adguardhome-sync/wiki/FAQ) first.
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    id: adguardhome-sync-version
+    attributes:
+      label: AdguardHome-Sync Version
+      description: What version of adguardhome-sync was running when you discovered this issue?
+    validations:
+      required: true
+  - type: textarea
+    id: adguardhome-version
+    attributes:
+      label: AdguardHome Version
+      description: What version of adguardhome was running when you discovered this issue?
+    validations:
+      required: true
+  - type: textarea
+    id: config
+    attributes:
+      label: Configuration
+      description: |
+        - How did you configure adguardhome-sync?
+        - Please provide your configuration
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: applied-config
+    attributes:
+      label: Current Applied Configuration
+      description: |
+        - Run adguardhome-sync with environment variable `PRINT_CONFIG_ONLY=true` and provide the output here
+      render: shell
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: |
+        Please copy and paste any relevant **debug** log output. This will be automatically formatted into code, so no need for backticks.
+        Enable debug logs by defining the following environment variable `LOG_LEVEL=debug`.
+
+        Please also check adguardhome logs and paste any relevant logs/errors to this issue.
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References? Anything that will provide more context about the issue you are encountering!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1 @@
+blank_issues_enabled: false
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -1,20 +0,0 @@
---
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: enhancement
-assignees: ''
-
---
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
--- a/.github/ISSUE_TEMPLATE/feature_request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature_request.yaml
@@ -0,0 +1,36 @@
+name: Feature request
+description: Suggest an idea for this project
+labels: ['enhancement']
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this issue report!
+  - type: textarea
+    id: relation
+    attributes:
+      label: Is your feature request related to a problem? Please describe.
+      description: A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+    validations:
+      required: true
+  - type: textarea
+    id: solution
+    attributes:
+      label: Describe the solution you'd like*
+      description: |
+        A clear and concise description of what you want to happen.
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Describe alternatives you've considered
+      description: |
+        A clear and concise description of any alternative solutions or features you've considered.
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Add any other context or screenshots about the feature request here.
+    validations:
+      required: false
--- a/.github/ISSUE_TEMPLATE/general_issue.yaml
+++ b/.github/ISSUE_TEMPLATE/general_issue.yaml
@@ -0,0 +1,60 @@
+name: General Issue
+description: Report an issue with your setup
+labels: []
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for taking the time to fill out this issue report! If you have usage questions, please try the [FAQ](https://github.com/bakito/adguardhome-sync/wiki/FAQ) first.
+  - type: textarea
+    id: what-happened
+    attributes:
+      label: What happened?
+      description: Also tell us, what did you expect to happen?
+    validations:
+      required: true
+  - type: textarea
+    id: adguardhome-sync-version
+    attributes:
+      label: AdguardHome-Sync Version
+      description: What version of adguardhome-sync was running when you discovered this issue?
+    validations:
+      required: true
+  - type: textarea
+    id: adguardhome-version
+    attributes:
+      label: AdguardHome Version
+      description: What version of adguardhome was running when you discovered this issue?
+    validations:
+      required: true
+  - type: textarea
+    id: config
+    attributes:
+      label: Configuration
+      description: |
+        - How did you configure adguardhome-sync?
+        - Please provide your configuration
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    id: logs
+    attributes:
+      label: Relevant log output
+      description: |
+        Please copy and paste any relevant **debug** log output. This will be automatically formatted into code, so no need for backticks.
+        Enable debug logs by defining the following environment variable `LOG_LEVEL=debug`.
+
+        Please also check adguardhome logs and paste any relevant logs/errors to this issue.
+      render: shell
+    validations:
+      required: true
+  - type: textarea
+    attributes:
+      label: Anything else?
+      description: |
+        Links? References? Anything that will provide more context about the issue you are encountering!
+
+        Tip: You can attach images or log files by clicking this area to highlight it and then dragging files in.
+    validations:
+      required: false
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,6 +9,19 @@ updates:
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
+    groups:
+      k8s:
+        patterns:
+          - "k8s.io/*"
+        update-types:
+          - "minor"
+          - "patch"
+      onsi:
+        patterns:
+          - "github.com/onsi/*"
+        update-types:
+          - "minor"
+          - "patch"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,11 +38,17 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
+
+    
+    - name: Set up Go
+      uses: actions/setup-go@v5
+      with:
+        go-version-file: "go.mod"

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -53,7 +59,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -67,4 +73,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -11,9 +11,19 @@ on:
 jobs:
  e2e:
    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        build:
+          - mode: env
+            protocol: https
+          - mode: file
+            protocol: http
    steps:
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
+      - name: Setup jq
+        uses: dcarbone/install-jq-action@v2

      - name: Install kind with registry
        uses: bakito/kind-with-registry-action@main
@@ -22,12 +32,16 @@ jobs:
        run: ./testdata/e2e/bin/build-image.sh

      - name: Install Helm Chart
-        run: ./testdata/e2e/bin/install-chart.sh
+        run: ./testdata/e2e/bin/install-chart.sh ${{ matrix.build.mode }}
      - name: Wait for sync to finish
-        run: ./testdata/e2e/bin/wait-for-sync.sh
+        run: ./testdata/e2e/bin/wait-for-sync.sh ${{ matrix.build.protocol }}
      - name: Show origin Logs
        run: ./testdata/e2e/bin/show-origin-logs.sh
      - name: Show Replica Logs
        run: ./testdata/e2e/bin/show-replica-logs.sh
      - name: Show Sync Logs
        run: ./testdata/e2e/bin/show-sync-logs.sh
+      - name: Show Sync Metrics
+        run: ./testdata/e2e/bin/show-sync-metrics.sh ${{ matrix.build.protocol }}
+      - name: Read latest replica config
+        run: ./testdata/e2e/bin/read-latest-replica-config.sh
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -11,15 +11,17 @@ jobs:
    name: lint
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version-file: "go.mod"

      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@v6
+        with:
+          skip-pkg-cache: true

  test:
    name: test
@@ -27,10 +29,10 @@ jobs:
    steps:

      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version-file: "go.mod"

@@ -48,15 +50,15 @@ jobs:
    steps:

      - name: Check out code into the Go module directory
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4

      - name: Set up Go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@v5
        with:
          go-version-file: "go.mod"

      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          version: latest
          args: --skip-publish --snapshot --rm-dist
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,9 +1,9 @@
 name: docker-image

 on:
-  push:
-    branches:
-      - main
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * *'
  release:
    types:
      - published
@@ -22,30 +22,31 @@ jobs:
      - name: Get current date
        run: echo "curr_date=$(date --utc +%Y-%m-%dT%H:%M:%SZ)" >> $GITHUB_ENV
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
      - name: Login to Quay
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: quay.io
          username: ${{ secrets.REGISTRY_USERNAME }}
          password: ${{ secrets.REGISTRY_PASSWORD }}
      - name: Login to ghcr.io
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+
      - name: Modify Dockerfile
        run: |
          sed -i -e "s|FROM scratch|FROM ${{ matrix.build.fromImage }}|g" Dockerfile

      - name: Build and push ${{github.event.release.tag_name }}
        id: docker_build_release
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        if: ${{ github.event.release.tag_name != '' }}
        with:
          context: .
@@ -53,20 +54,26 @@ jobs:
          push: true
          tags: quay.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}latest,quay.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}${{ github.event.release.tag_name }},ghcr.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}latest,ghcr.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}${{ github.event.release.tag_name }}
          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          provenance: false
          build-args: |
            VERSION=${{ github.event.release.tag_name }}
            BUILD=${{ env.curr_date }}

+      - name: Check for commits in the last 24 hours
+        run: echo "NEW_COMMIT_COUNT=$(git log --oneline --since '24 hours ago' | wc -l)" >> $GITHUB_ENV
+        if: ${{ github.event.release.tag_name == '' }}
+
      - name: Build and push main
        id: docker_build_main
-        uses: docker/build-push-action@v4
-        if: ${{ github.event.release.tag_name == '' }}
+        uses: docker/build-push-action@v5
+        if: ${{ github.event.release.tag_name == '' && env.NEW_COMMIT_COUNT > 0  }}
        with:
          context: .
          pull: true
          push: true
          tags: quay.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}main,ghcr.io/bakito/adguardhome-sync:${{ matrix.build.tagPrefix }}main
          platforms: linux/amd64,linux/arm64,linux/arm/v7
+          provenance: false
          build-args: |
            VERSION=main
            BUILD=${{ env.curr_date }}
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -0,0 +1,17 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v9
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        stale-issue-message: 'This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.'
+        stale-pr-message: 'This pull request has been inactive for 60 days. If the pull request is still relevant please comment to re-activate the pull request. If no action is taken within 7 days, the pull request will be marked closed.'
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,15 @@
+.vscode
 .idea
-coverage.out
+.fleet
+.run
+coverage.out*
 dist
 adguardhome-sync
 main
 .adguardhome-sync.yaml
 tmp
 bin
-config.yaml
+config*.yaml
+*.log
+wiki
+Taskfile.yml
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -3,36 +3,35 @@ run:

 linters:
  enable:
-  - asciicheck
-  - bodyclose
-  - depguard
-  - dogsled
-  - durationcheck
-  - errcheck
-  - errorlint
-  - exportloopref
-  - gci
-  - gofmt
-  - gofumpt
-  - goimports
-  - gosec
-  - gosimple
-  - govet
-  - importas
-  - ineffassign
-  - megacheck
-  - misspell
-  - nakedret
-  - nolintlint
-  - revive
-  - staticcheck
-  - unconvert
-  - unparam
-  - unused
+    - asciicheck
+    - bodyclose
+    - dogsled
+    - durationcheck
+    - errcheck
+    - errorlint
+    - gci
+    - gofmt
+    - gofumpt
+    - goimports
+    - gosec
+    - gosimple
+    - govet
+    - importas
+    - ineffassign
+    - megacheck
+    - misspell
+    - nakedret
+    - nolintlint
+    - staticcheck
+    - unconvert
+    - unparam
+    - unused
 linters-settings:
  gosec:
    # Exclude generated files
    exclude-generated: true
+    excludes:
+      - G601 # not applicable in go 1.22 anymore
  gofmt:
    # simplify code: gofmt with `-s` option, true by default
    simplify: true
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -30,7 +30,7 @@ builds:
    hooks:
      post:
        # don't upx windows binaries as they make trouble with virus scanners
-        - bash -c 'if [[ "{{ .Path }}" != *.exe ]]; then upx {{ .Path }}; fi'
+        - bash -c 'if [[ "{{ .Path }}" != *.exe ]] && [[ "{{ .Path }}" != *darwin* ]]; then upx {{ .Path }}; fi'
 checksum:
  name_template: 'checksums.txt'
 snapshot:
--- a/.oapi-codegen.yaml
+++ b/.oapi-codegen.yaml
@@ -0,0 +1,3 @@
+output-options:
+  client-type-name: AdguardHomeClient
+  response-type-suffix: Resp
--- a/9
+++ b/9
@@ -1,8 +1,10 @@
-FROM golang:1.20 as builder
+FROM golang:1.22-bullseye as builder

 WORKDIR /go/src/app

-RUN apt-get update && apt-get install -y upx
+RUN apt-get update && \
+    apt-get install -y upx ca-certificates tzdata && \
+    apt-get upgrade -y # upgrade to get latest ca-certs

 ARG VERSION=main
 ARG BUILD="N/A"
@@ -24,6 +26,7 @@ LABEL maintainer="bakito <github@bakito.ch>"
 EXPOSE 8080
 ENTRYPOINT ["/opt/go/adguardhome-sync"]
 CMD ["run", "--config", "/config/adguardhome-sync.yaml"]
-COPY --from=builder /go/src/app/adguardhome-sync  /opt/go/adguardhome-sync
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+COPY --from=builder /usr/share/zoneinfo/ /usr/share/zoneinfo/
+COPY --from=builder /go/src/app/adguardhome-sync  /opt/go/adguardhome-sync
 USER 1001
--- a/97
+++ b/97
@@ -9,26 +9,28 @@ tidy:
 generate: deepcopy-gen
 	@mkdir -p ./tmp
 	@touch ./tmp/deepcopy-gen-boilerplate.go.txt
-	$(DEEPCOPY_GEN) -h ./tmp/deepcopy-gen-boilerplate.go.txt -i ./pkg/types
+	$(DEEPCOPY_GEN) --go-header-file ./tmp/deepcopy-gen-boilerplate.go.txt --bounding-dirs ./pkg/types

 # Run tests
 test: generate lint test-ci

 # Run ci tests
-test-ci: mocks tidy
-	go test ./...  -coverprofile=coverage.out
+test-ci: mocks tidy ginkgo
+	$(GINKGO) --cover --coverprofile coverage.out.tmp ./...
+	cat coverage.out.tmp | grep -v "_generated.go" > coverage.out
 	go tool cover -func=coverage.out

 mocks: mockgen
 	$(MOCKGEN) -package client -destination pkg/mocks/client/mock.go github.com/bakito/adguardhome-sync/pkg/client Client
+	$(MOCKGEN) -package client -destination pkg/mocks/flags/mock.go github.com/bakito/adguardhome-sync/pkg/config Flags

 release: semver goreleaser
-	@version=$$($(LOCALBIN)/semver);
+	@version=$$($(LOCALBIN)/semver); \
 	git tag -s $$version -m"Release $$version"
-	$(GORELEASER) --rm-dist
+	$(GORELEASER) --clean

 test-release: goreleaser
-	$(GORELEASER) --skip-publish --snapshot --rm-dist
+	$(GORELEASER) --skip=publish --snapshot --clean

 ## toolbox - start
 ## Current working directory
@@ -39,28 +41,32 @@ $(LOCALBIN):
 	mkdir -p $(LOCALBIN)

 ## Tool Binaries
-SEMVER ?= $(LOCALBIN)/semver
-MOCKGEN ?= $(LOCALBIN)/mockgen
+DEEPCOPY_GEN ?= $(LOCALBIN)/deepcopy-gen
+GINKGO ?= $(LOCALBIN)/ginkgo
 GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint
 GORELEASER ?= $(LOCALBIN)/goreleaser
-DEEPCOPY_GEN ?= $(LOCALBIN)/deepcopy-gen
+MOCKGEN ?= $(LOCALBIN)/mockgen
+OAPI_CODEGEN ?= $(LOCALBIN)/oapi-codegen
+SEMVER ?= $(LOCALBIN)/semver

 ## Tool Versions
+DEEPCOPY_GEN_VERSION ?= v0.30.1
+GINKGO_VERSION ?= v2.19.0
+GOLANGCI_LINT_VERSION ?= v1.58.2
+GORELEASER_VERSION ?= v1.26.2
+MOCKGEN_VERSION ?= v0.4.0
+OAPI_CODEGEN_VERSION ?= v2.1.0
 SEMVER_VERSION ?= v1.1.3
-MOCKGEN_VERSION ?= v1.6.0
-GOLANGCI_LINT_VERSION ?= v1.51.1
-GORELEASER_VERSION ?= v1.15.1
-DEEPCOPY_GEN_VERSION ?= v0.26.1

 ## Tool Installer
-.PHONY: semver
-semver: $(SEMVER) ## Download semver locally if necessary.
-$(SEMVER): $(LOCALBIN)
-	test -s $(LOCALBIN)/semver || GOBIN=$(LOCALBIN) go install github.com/bakito/semver@$(SEMVER_VERSION)
-.PHONY: mockgen
-mockgen: $(MOCKGEN) ## Download mockgen locally if necessary.
-$(MOCKGEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/mockgen || GOBIN=$(LOCALBIN) go install github.com/golang/mock/mockgen@$(MOCKGEN_VERSION)
+.PHONY: deepcopy-gen
+deepcopy-gen: $(DEEPCOPY_GEN) ## Download deepcopy-gen locally if necessary.
+$(DEEPCOPY_GEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/deepcopy-gen || GOBIN=$(LOCALBIN) go install k8s.io/code-generator/cmd/deepcopy-gen@$(DEEPCOPY_GEN_VERSION)
+.PHONY: ginkgo
+ginkgo: $(GINKGO) ## Download ginkgo locally if necessary.
+$(GINKGO): $(LOCALBIN)
+	test -s $(LOCALBIN)/ginkgo || GOBIN=$(LOCALBIN) go install github.com/onsi/ginkgo/v2/ginkgo@$(GINKGO_VERSION)
 .PHONY: golangci-lint
 golangci-lint: $(GOLANGCI_LINT) ## Download golangci-lint locally if necessary.
 $(GOLANGCI_LINT): $(LOCALBIN)
@@ -69,34 +75,49 @@ $(GOLANGCI_LINT): $(LOCALBIN)
 goreleaser: $(GORELEASER) ## Download goreleaser locally if necessary.
 $(GORELEASER): $(LOCALBIN)
 	test -s $(LOCALBIN)/goreleaser || GOBIN=$(LOCALBIN) go install github.com/goreleaser/goreleaser@$(GORELEASER_VERSION)
-.PHONY: deepcopy-gen
-deepcopy-gen: $(DEEPCOPY_GEN) ## Download deepcopy-gen locally if necessary.
-$(DEEPCOPY_GEN): $(LOCALBIN)
-	test -s $(LOCALBIN)/deepcopy-gen || GOBIN=$(LOCALBIN) go install k8s.io/code-generator/cmd/deepcopy-gen@$(DEEPCOPY_GEN_VERSION)
+.PHONY: mockgen
+mockgen: $(MOCKGEN) ## Download mockgen locally if necessary.
+$(MOCKGEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/mockgen || GOBIN=$(LOCALBIN) go install go.uber.org/mock/mockgen@$(MOCKGEN_VERSION)
+.PHONY: oapi-codegen
+oapi-codegen: $(OAPI_CODEGEN) ## Download oapi-codegen locally if necessary.
+$(OAPI_CODEGEN): $(LOCALBIN)
+	test -s $(LOCALBIN)/oapi-codegen || GOBIN=$(LOCALBIN) go install github.com/deepmap/oapi-codegen/v2/cmd/oapi-codegen@$(OAPI_CODEGEN_VERSION)
+.PHONY: semver
+semver: $(SEMVER) ## Download semver locally if necessary.
+$(SEMVER): $(LOCALBIN)
+	test -s $(LOCALBIN)/semver || GOBIN=$(LOCALBIN) go install github.com/bakito/semver@$(SEMVER_VERSION)

 ## Update Tools
 .PHONY: update-toolbox-tools
 update-toolbox-tools:
 	@rm -f \
-		$(LOCALBIN)/semver \
-		$(LOCALBIN)/mockgen \
+		$(LOCALBIN)/deepcopy-gen \
+		$(LOCALBIN)/ginkgo \
 		$(LOCALBIN)/golangci-lint \
 		$(LOCALBIN)/goreleaser \
-		$(LOCALBIN)/deepcopy-gen
+		$(LOCALBIN)/mockgen \
+		$(LOCALBIN)/oapi-codegen \
+		$(LOCALBIN)/semver
 	toolbox makefile -f $(LOCALDIR)/Makefile \
-		github.com/bakito/semver \
-		github.com/golang/mock/mockgen \
+		k8s.io/code-generator/cmd/deepcopy-gen@github.com/kubernetes/code-generator \
+		github.com/onsi/ginkgo/v2/ginkgo \
 		github.com/golangci/golangci-lint/cmd/golangci-lint \
 		github.com/goreleaser/goreleaser \
-		k8s.io/code-generator/cmd/deepcopy-gen@github.com/kubernetes/code-generator
+		go.uber.org/mock/mockgen@github.com/uber-go/mock \
+		github.com/deepmap/oapi-codegen/v2/cmd/oapi-codegen \
+		github.com/bakito/semver
 ## toolbox - end

 start-replica:
-	docker run --pull always --name adguardhome-replica -p 9091:3000 --rm adguard/adguardhome:v0.107.23
+	docker run --pull always --name adguardhome-replica -p 9091:3000 --rm adguard/adguardhome:latest
 #	docker run --pull always --name adguardhome-replica -p 9090:80 -p 9091:3000 --rm adguard/adguardhome:v0.107.13

+copy-replica-config:
+	docker cp adguardhome-replica:/opt/adguardhome/conf/AdGuardHome.yaml tmp/AdGuardHome.yaml
+
 start-replica2:
-	docker run --pull always --name adguardhome-replica2 -p 9093:3000 --rm adguard/adguardhome:v0.107.23
+	docker run --pull always --name adguardhome-replica2 -p 9093:3000 --rm adguard/adguardhome:latest
 #	docker run --pull always --name adguardhome-replica -p 9090:80 -p 9091:3000 --rm adguard/adguardhome:v0.107.13

 check_defined = \
@@ -116,3 +137,13 @@ kind-create:

 kind-test:
 	@./testdata/e2e/bin/install-chart.sh
+
+model: oapi-codegen
+	@mkdir -p tmp
+	go run openapi/main.go v0.107.50
+	$(OAPI_CODEGEN) -package model -generate types,client -config .oapi-codegen.yaml tmp/schema.yaml > pkg/client/model/model_generated.go
+
+model-diff:
+	go run openapi/main.go v0.107.50
+	go run openapi/main.go
+	diff tmp/schema.yaml tmp/schema-master.yaml
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
 [![Go](https://github.com/bakito/adguardhome-sync/actions/workflows/go.yml/badge.svg)](https://github.com/bakito/adguardhome-sync/actions/workflows/go.yml)
+[![e2e tests](https://github.com/bakito/adguardhome-sync/actions/workflows/e2e.yaml/badge.svg)](https://github.com/bakito/adguardhome-sync/actions/workflows/e2e.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/bakito/adguardhome-sync)](https://goreportcard.com/report/github.com/bakito/adguardhome-sync)
 [![Coverage Status](https://coveralls.io/repos/github/bakito/adguardhome-sync/badge.svg?branch=main&service=github)](https://coveralls.io/github/bakito/adguardhome-sync?branch=main)

@@ -6,6 +7,12 @@

 Synchronize [AdGuardHome](https://github.com/AdguardTeam/AdGuardHome) config to replica instances.

+## FAQ & Deprecations
+
+Please check the wiki
+for [FAQ](https://github.com/bakito/adguardhome-sync/wiki/FAQ)
+and [Deprecations](https://github.com/bakito/adguardhome-sync/wiki/Deprecations).
+
 ## Current sync features

 - General Settings
@@ -37,22 +44,34 @@ go install github.com/bakito/adguardhome-sync@latest

 Both the origin instance must be initially setup via the AdguardHome installation wizard.

+## Username / Password vs. Cookie
+
+Some instances of AdGuard Home do not support basic authentication. For instance, many routers with built-in Adguard
+Home support do not. If this is the case, a valid cookie may be provided instead. If the router protects the AdGuard
+instance behind its own authentication, the cookie from an authenticated request may allow the sync to succeed.
+
+- This has been tested successfully against GL.Inet routers with AdGuard Home.
+- Note: due to the short validity of cookies, this approach is likely only suitable for one-time syncs
+
 ## Run Linux/Mac

 ```bash

+export LOG_LEVEL=info
 export ORIGIN_URL=https://192.168.1.2:3000
 export ORIGIN_USERNAME=username
 export ORIGIN_PASSWORD=password
-export REPLICA_URL=http://192.168.1.3
-export REPLICA_USERNAME=username
-export REPLICA_PASSWORD=password
+# export ORIGIN_COOKIE=Origin-Cookie-Name=CCCOOOKKKIIIEEE
+export REPLICA1_URL=http://192.168.1.3
+export REPLICA1_USERNAME=username
+export REPLICA1_PASSWORD=password
+# export REPLICA_COOKIE=Replica-Cookie-Name=CCCOOOKKKIIIEEE

 # run once
 adguardhome-sync run

 # run as daemon
-adguardhome-sync run --cron "*/10 * * * *"
+adguardhome-sync run --cron "0 */2 * * *"
 ```

 ## Run Windows
@@ -69,10 +88,12 @@ REM set LOG_LEVEL=error
 set ORIGIN_URL=http://192.168.1.2:3000
 set ORIGIN_USERNAME=username
 set ORIGIN_PASSWORD=password
+# set ORIGIN_COOKIE=Origin-Cookie-Name=CCCOOOKKKIIIEEE

-set REPLICA_URL=http://192.168.2.2:3000
-set REPLICA_USERNAME=username
-set REPLICA_PASSWORD=password
+set REPLICA1_URL=http://192.168.2.2:3000
+set REPLICA1_USERNAME=username
+set REPLICA1_PASSWORD=password
+# set REPLICA1_COOKIE=Replica-Cookie-Name=CCCOOOKKKIIIEEE

 set FEATURES_DHCP=false
 set FEATURES_DHCP_SERVERCONFIG=false
@@ -82,7 +103,7 @@ set FEATURES_DHCP_STATICLEASES=false
 adguardhome-sync run

 # run as daemon
-adguardhome-sync run --cron "*/10 * * * *"
+adguardhome-sync run --cron "0 */2 * * *"
 ```

 ## docker cli
@@ -126,31 +147,50 @@ services:
    container_name: adguardhome-sync
    command: run
    environment:
-      ORIGIN_URL: 'https://192.168.1.2:3000'
-      ORIGIN_USERNAME: 'username'
-      ORIGIN_PASSWORD: 'password'
-      REPLICA_URL: 'http://192.168.1.3'
-      REPLICA_USERNAME: 'username'
-      REPLICA_PASSWORD: 'password'
-      REPLICA1_URL: 'http://192.168.1.4'
-      REPLICA1_USERNAME: 'username'
-      REPLICA1_PASSWORD: 'password'
-      REPLICA1_APIPATH: '/some/path/control'
-      # REPLICA1_AUTOSETUP: true # if true, AdGuardHome is automatically initialized.
-      # REPLICA1_INTERFACENAME: 'ens18' # use custom dhcp interface name
-      CRON: '*/10 * * * *' # run every 10 minutes
+      LOG_LEVEL: "info"
+      ORIGIN_URL: "https://192.168.1.2:3000"
+      # ORIGIN_WEB_URL: "https://some-other.url" # used in the web interface (default: <origin-url>
+
+      ORIGIN_USERNAME: "username"
+      ORIGIN_PASSWORD: "password"
+      REPLICA1_URL: "http://192.168.1.3"
+      REPLICA1_USERNAME: "username"
+      REPLICA1_PASSWORD: "password"
+      REPLICA2_URL: "http://192.168.1.4"
+      REPLICA2_USERNAME: "username"
+      REPLICA2_PASSWORD: "password"
+      REPLICA2_API_PATH: "/some/path/control"
+      # REPLICA2_WEB_URL: "https://some-other.url" # used in the web interface (default: <replica-url>
+      # REPLICA2_AUTO_SETUP: true # if true, AdGuardHome is automatically initialized.
+      # REPLICA2_INTERFACE_NAME: 'ens18' # use custom dhcp interface name
+      # REPLICA2_DHCP_SERVER_ENABLED: true/false (optional) enables/disables the dhcp server on the replica
+      CRON: "0 */2 * * *" # run every 10 minutes
      RUNONSTART: true
+      # CONTINUE_ON_ERROR: false # If enabled, the synchronisation task will not fail on single errors, but will log the errors and continue
+
+      # Configure the sync API server, disabled if api port is 0
+      API_PORT: 8080
+      # API_DARK_MODE: true
+      # API_USERNAME: admin
+      # API_PASSWORD: secret
+      # the directory of the provided tls certs
+      # API_TLS_CERT_DIR: /path/to/certs
+      # the name of the cert file (default: tls.crt)
+      # API_TLS_CERT_NAME: foo.crt
+      # the name of the key file (default: tls.key)
+      # API_TLS_KEY_NAME: bar.key
+
      # Configure sync features; by default all features are enabled.
-      # FEATURES_GENERALSETTINGS: true
-      # FEATURES_QUERYLOGCONFIG: true
-      # FEATURES_STATSCONFIG: true
-      # FEATURES_CLIENTSETTINGS: true
+      # FEATURES_GENERAL_SETTINGS: true
+      # FEATURES_QUERY_LOG_CONFIG: true
+      # FEATURES_STATS_CONFIG: true
+      # FEATURES_CLIENT_SETTINGS: true
      # FEATURES_SERVICES: true
      # FEATURES_FILTERS: true
-      # FEATURES_DHCP_SERVERCONFIG: true
-      # FEATURES_DHCP_STATICLEASES: true
-      # FEATURES_DNS_SERVERCONFIG: true
-      # FEATURES_DNS_ACCESSLISTS: true
+      # FEATURES_DHCP_SERVER_CONFIG: true
+      # FEATURES_DHCP_STATIC_LEASES: true
+      # FEATURES_DNS_SERVER_CONFIG: true
+      # FEATURES_DNS_ACCESS_LISTS: true
      # FEATURES_DNS_REWRITES: true
    ports:
      - 8080:8080
@@ -163,11 +203,14 @@ location: $HOME/.adguardhome-sync.yaml

 ```yaml
 # cron expression to run in daemon mode. (default; "" = runs only once)
-cron: "*/10 * * * *"
+cron: "0 */2 * * *"

 # runs the synchronisation on startup
 runOnStart: true

+# If enabled, the synchronisation task will not fail on single errors, but will log the errors and continue
+continueOnError: false
+
 origin:
  # url of the origin instance
  url: https://192.168.1.2:3000
@@ -175,32 +218,46 @@ origin:
  # insecureSkipVerify: true # disable tls check
  username: username
  password: password
+  # cookie: Origin-Cookie-Name=CCCOOOKKKIIIEEE

-# replica instance (optional, if only one)
-replica:
-  # url of the replica instance
-  url: http://192.168.1.3
-  username: username
-  password: password
-
-# replicas instances (optional, if more than one)
+# replicas instances
 replicas:
  # url of the replica instance
  - url: http://192.168.1.3
    username: username
    password: password
+    # cookie: Replica1-Cookie-Name=CCCOOOKKKIIIEEE
  - url: http://192.168.1.4
    username: username
    password: password
-    # autoSetup: true # if true, AdGuardHome is automatically initialized. 
+    # cookie: Replica2-Cookie-Name=CCCOOOKKKIIIEEE
+    # autoSetup: true # if true, AdGuardHome is automatically initialized.
+    # webURL: "https://some-other.url" # used in the web interface (default: <replica-url>

 # Configure the sync API server, disabled if api port is 0
 api:
  # Port, default 8080
  port: 8080
-  # if username and password are defined, basic auth is applied to the sync API 
+  # if username and password are defined, basic auth is applied to the sync API
  username: username
  password: password
+  # enable api dark mode
+  darkMode: true
+
+  # enable metrics on path '/metrics' (api port must be != 0)
+  # metrics:
+    # enabled: true
+    # scrapeInterval: 30s 
+    # queryLogLimit: 10000
+
+  # enable tls for the api server
+  # tls:
+  #   # the directory of the provided tls certs
+  #   certDir: /path/to/certs
+  #   # the name of the cert file (default: tls.crt)
+  #   certName: foo.crt
+  #   # the name of the key file (default: tls.key)
+  #   keyName: bar.key

 # Configure sync features; by default all features are enabled.
 features:
@@ -221,7 +278,7 @@ features:

 ## Log Level

-The log level can be set with the environment variable: LOG_LEVEL
+The log level can be set with the environment variable: `LOG_LEVEL`

 The following log levels are supported (default: info)

@@ -229,3 +286,8 @@ The following log levels are supported (default: info)
 - info
 - warn
 - error
+
+## Log Format
+
+Default log format is `console`.
+It can be changed to `json`by setting the environment variable: `LOG_FORMAT=json`
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -0,0 +1,135 @@
+version: '3'
+env:
+  AGH_MODEL_VERSION: v0.107.43
+  GOBIN: '{{.USER_WORKING_DIR}}/bin'
+
+tasks:
+
+  install-go-tool:
+    label: "Install {{ .TOOL_NAME }}"
+    cmds:
+      - go install {{ .TOOL_MODULE }}
+    status:
+      - test -f {{.GOBIN}}/{{.TOOL_NAME}}
+
+  deepcopy-gen:
+    desc: Install deepcopy-gen
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: deepcopy-gen
+        TOOL_MODULE: k8s.io/code-generator/cmd/deepcopy-gen
+
+  ginkgo:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: ginkgo
+        TOOL_MODULE: github.com/onsi/ginkgo/v2/ginkgo
+
+  goreleaser:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: goreleaser
+        TOOL_MODULE: github.com/goreleaser/goreleaser
+
+  golangci-lint:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: golangci-lint
+        TOOL_MODULE: github.com/golangci/golangci-lint/cmd/golangci-lint
+
+  mockgen:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: mockgen
+        TOOL_MODULE: go.uber.org/mock/mockgen
+
+  oapi-codegen:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: oapi-codegen
+        TOOL_MODULE: github.com/deepmap/oapi-codegen/v2/cmd/oapi-codegen
+
+  semver:
+    cmd:
+      task: install-go-tool
+      vars:
+        TOOL_NAME: semver
+        TOOL_MODULE: github.com/bakito/semver
+
+  lint:
+    deps:
+      - golangci-lint
+    cmds:
+      - '{{.GOBIN}}/golangci-lint run --fix'
+
+  tidy:
+    desc: Run go mod tidy
+    cmd: go mod tidy
+
+  generate:
+    deps:
+      - deepcopy-gen
+    cmds:
+      - mkdir -p ./tmp
+      - touch ./tmp/deepcopy-gen-boilerplate.go.txt
+      - '{{.GOBIN}}/deepcopy-gen -h ./tmp/deepcopy-gen-boilerplate.go.txt -i ./pkg/types'
+
+  mocks:
+    deps:
+      - mockgen
+    cmds:
+      - '{{.GOBIN}}/mockgen -package client -destination pkg/mocks/client/mock.go github.com/bakito/adguardhome-sync/pkg/client Client'
+      - '{{.GOBIN}}/mockgen -package client -destination pkg/mocks/flags/mock.go github.com/bakito/adguardhome-sync/pkg/config Flags'
+
+  test:
+    cmds:
+      - task: generate
+      - task: lint
+      - task: test-ci
+
+  test-ci:
+    deps:
+      - ginkgo
+      - tidy
+      - mocks
+    cmds:
+      - '{{.GOBIN}}/ginkgo --cover --coverprofile coverage.out.tmp ./...'
+      - cat coverage.out.tmp | grep -v "_generated.go" > coverage.out
+      - go tool cover -func=coverage.out
+
+  release:
+    deps:
+      - semver
+      - goreleaser
+    cmds:
+      - git tag -s $$version -m"Release $({{.GOBIN}}/semver)
+      - '{{.GOBIN}}/goreleaser --clean'
+
+  test-release:
+    deps:
+      - goreleaser
+      - semver
+    cmds:
+      - '{{.GOBIN}}/goreleaser --skip=publish --snapshot --clean'
+
+  model:
+    deps:
+      - oapi-codegen
+    cmds:
+      - mkdir -p tmp
+      - go run openapi/main.go {{.AGH_MODEL_VERSION}}
+      - '{{.GOBIN}}/oapi-codegen -package model -generate types,client -config .oapi-codegen.yaml tmp/schema.yaml > pkg/client/model/model_generated.go'
+
+  model-diff:
+    deps:
+      - oapi-codegen
+    cmds:
+      - go run openapi/main.go {{.AGH_MODEL_VERSION}}
+      - go run openapi/main.go
+      - diff tmp/schema.yaml tmp/schema-master.yaml
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -3,64 +3,15 @@ package cmd
 import (
 	"fmt"
 	"os"
-	"regexp"
-	"strings"

 	"github.com/bakito/adguardhome-sync/pkg/log"
-	"github.com/bakito/adguardhome-sync/pkg/types"
 	"github.com/bakito/adguardhome-sync/version"
-	"github.com/mitchellh/go-homedir"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
-)
-
-const (
-	configCron       = "cron"
-	configRunOnStart = "runOnStart"
-
-	configAPIPort     = "api.port"
-	configAPIUsername = "api.username"
-	configAPIPassword = "api.password"
-	configAPIDarkMode = "api.darkMode"
-
-	configFeatureDHCPServerConfig = "features.dhcp.serverConfig"
-	configFeatureDHCPStaticLeases = "features.dhcp.staticLeases"
-	configFeatureDNServerConfig   = "features.dns.serverConfig"
-	configFeatureDNSPAccessLists  = "features.dns.accessLists"
-	configFeatureDNSRewrites      = "features.dns.rewrites"
-	configFeatureGeneralSettings  = "features.generalSettings"
-	configFeatureQueryLogConfig   = "features.queryLogConfig"
-	configFeatureStatsConfig      = "features.statsConfig"
-	configFeatureClientSettings   = "features.clientSettings"
-	configFeatureServices         = "features.services"
-	configFeatureFilters          = "features.filters"
-
-	configOriginURL                = "origin.url"
-	configOriginAPIPath            = "origin.apiPath"
-	configOriginUsername           = "origin.username"
-	configOriginPassword           = "origin.password"
-	configOriginInsecureSkipVerify = "origin.insecureSkipVerify"
-
-	configReplicaURL                = "replica.url"
-	configReplicaAPIPath            = "replica.apiPath"
-	configReplicaUsername           = "replica.username"
-	configReplicaPassword           = "replica.password"
-	configReplicaInsecureSkipVerify = "replica.insecureSkipVerify"
-	configReplicaAutoSetup          = "replica.autoSetup"
-	configReplicaInterfaceName      = "replica.interfaceName"
-
-	envReplicasUsernameFormat           = "REPLICA%s_USERNAME" // #nosec G101
-	envReplicasPasswordFormat           = "REPLICA%s_PASSWORD" // #nosec G101
-	envReplicasAPIPathFormat            = "REPLICA%s_APIPATH"
-	envReplicasInsecureSkipVerifyFormat = "REPLICA%s_INSECURESKIPVERIFY"
-	envReplicasAutoSetup                = "REPLICA%s_AUTOSETUP"
-	envReplicasInterfaceName            = "REPLICA%s_INTERFACWENAME"
 )

 var (
-	cfgFile               string
-	logger                = log.GetLogger("root")
-	envReplicasURLPattern = regexp.MustCompile(`^REPLICA(\d+)_URL=(.*)`)
+	cfgFile string
+	logger  = log.GetLogger("root")
 )

 // rootCmd represents the base command when called without any subcommands
@@ -80,8 +31,6 @@ func Execute() {
 }

 func init() {
-	cobra.OnInitialize(initConfig)
-
 	// Here you will define your flags and configuration settings.
 	// Cobra supports persistent flags, which, if defined here,
 	// will be global for your application.
@@ -92,66 +41,3 @@ func init() {
 	// when this action is called directly.
 	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 }
-
-// initConfig reads in config file and ENV variables if set.
-func initConfig() {
-	if cfgFile != "" {
-		// Use config file from the flag.
-		viper.SetConfigFile(cfgFile)
-	} else {
-		// Find home directory.
-		home, err := homedir.Dir()
-		if err != nil {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-
-		// Search config in home directory with name ".adguardhome-sync" (without extension).
-		viper.AddConfigPath(home)
-		viper.SetConfigName(".adguardhome-sync")
-	}
-	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_", ".", "_"))
-	viper.AutomaticEnv() // read in environment variables that match
-
-	// If a config file is found, read it in.
-	if err := viper.ReadInConfig(); err == nil {
-		logger.Info("Using config file:", viper.ConfigFileUsed())
-	} else if cfgFile != "" {
-		fmt.Println(err)
-		os.Exit(1)
-	}
-}
-
-func getConfig() (*types.Config, error) {
-	cfg := &types.Config{}
-	if err := viper.Unmarshal(cfg); err != nil {
-		return nil, err
-	}
-
-	if len(cfg.Replicas) == 0 {
-		cfg.Replicas = append(cfg.Replicas, collectEnvReplicas()...)
-	}
-	return cfg, nil
-}
-
-// Manually collect replicas from env.
-func collectEnvReplicas() []types.AdGuardInstance {
-	var replicas []types.AdGuardInstance
-	for _, v := range os.Environ() {
-		if envReplicasURLPattern.MatchString(v) {
-			sm := envReplicasURLPattern.FindStringSubmatch(v)
-			re := types.AdGuardInstance{
-				URL:                sm[2],
-				Username:           os.Getenv(fmt.Sprintf(envReplicasUsernameFormat, sm[1])),
-				Password:           os.Getenv(fmt.Sprintf(envReplicasPasswordFormat, sm[1])),
-				APIPath:            os.Getenv(fmt.Sprintf(envReplicasAPIPathFormat, sm[1])),
-				InsecureSkipVerify: strings.EqualFold(os.Getenv(fmt.Sprintf(envReplicasInsecureSkipVerifyFormat, sm[1])), "true"),
-				AutoSetup:          strings.EqualFold(os.Getenv(fmt.Sprintf(envReplicasAutoSetup, sm[1])), "true"),
-				InterfaceName:      os.Getenv(fmt.Sprintf(envReplicasInterfaceName, sm[1])),
-			}
-			replicas = append(replicas, re)
-		}
-	}
-
-	return replicas
-}
--- a/cmd/root_test.go
+++ b/cmd/root_test.go
@@ -1,61 +0,0 @@
-package cmd
-
-import (
-	"os"
-
-	"github.com/bakito/adguardhome-sync/pkg/types"
-	. "github.com/onsi/ginkgo/v2"
-	. "github.com/onsi/gomega"
-)
-
-var envVars = []string{
-	"FEATURES_GENERALSETTINGS",
-	"FEATURES_QUERYLOGCONFIG",
-	"FEATURES_STATSCONFIG",
-	"FEATURES_CLIENTSETTINGS",
-	"FEATURES_SERVICES",
-	"FEATURES_FILTERS",
-	"FEATURES_DHCP_SERVERCONFIG",
-	"FEATURES_DHCP_STATICLEASES",
-	"FEATURES_DNS_SERVERCONFIG",
-	"FEATURES_DNS_ACCESSLISTS",
-	"FEATURES_DNS_REWRITES",
-}
-
-var _ = Describe("Run", func() {
-	BeforeEach(func() {
-		for _, envVar := range envVars {
-			Ω(os.Unsetenv(envVar)).ShouldNot(HaveOccurred())
-		}
-		initConfig()
-	})
-	Context("getConfig", func() {
-		It("features should be true by default", func() {
-			cfg, err := getConfig()
-			Ω(err).ShouldNot(HaveOccurred())
-			verifyFeatures(cfg, true)
-		})
-		It("features should be false", func() {
-			for _, envVar := range envVars {
-				Ω(os.Setenv(envVar, "false")).ShouldNot(HaveOccurred())
-			}
-			cfg, err := getConfig()
-			Ω(err).ShouldNot(HaveOccurred())
-			verifyFeatures(cfg, false)
-		})
-	})
-})
-
-func verifyFeatures(cfg *types.Config, value bool) {
-	Ω(cfg.Features.GeneralSettings).Should(Equal(value))
-	Ω(cfg.Features.QueryLogConfig).Should(Equal(value))
-	Ω(cfg.Features.StatsConfig).Should(Equal(value))
-	Ω(cfg.Features.ClientSettings).Should(Equal(value))
-	Ω(cfg.Features.Services).Should(Equal(value))
-	Ω(cfg.Features.Filters).Should(Equal(value))
-	Ω(cfg.Features.DHCP.ServerConfig).Should(Equal(value))
-	Ω(cfg.Features.DHCP.StaticLeases).Should(Equal(value))
-	Ω(cfg.Features.DNS.ServerConfig).Should(Equal(value))
-	Ω(cfg.Features.DNS.AccessLists).Should(Equal(value))
-	Ω(cfg.Features.DNS.Rewrites).Should(Equal(value))
-}
--- a/cmd/run.go
+++ b/cmd/run.go
@@ -1,10 +1,11 @@
 package cmd

 import (
+	"github.com/bakito/adguardhome-sync/pkg/config"
 	"github.com/bakito/adguardhome-sync/pkg/log"
 	"github.com/bakito/adguardhome-sync/pkg/sync"
 	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
+	"gopkg.in/yaml.v3"
 )

 // runCmd represents the run command
@@ -14,79 +15,75 @@ var doCmd = &cobra.Command{
 	Long:  `Synchronizes the configuration form an origin instance to a replica`,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		logger = log.GetLogger("run")
-		cfg, err := getConfig()
+		cfg, err := config.Get(cfgFile, cmd.Flags())
 		if err != nil {
 			logger.Error(err)
 			return err
 		}

+		if err := cfg.Init(); err != nil {
+			logger.Error(err)
+			return err
+		}
+
+		if cfg.PrintConfigOnly {
+			config, err := yaml.Marshal(cfg)
+			if err != nil {
+				logger.Error(err)
+				return err
+			}
+			logger.Infof("Printing adguardhome-sync config (THE APPLICATION WILL NOT START IN THIS MODE): \n%s",
+				string(config))
+			return nil
+		}
+
 		return sync.Sync(cfg)
 	},
 }

 func init() {
 	rootCmd.AddCommand(doCmd)
-	doCmd.PersistentFlags().String("cron", "", "The cron expression to run in daemon mode")
-	_ = viper.BindPFlag(configCron, doCmd.PersistentFlags().Lookup("cron"))
-	doCmd.PersistentFlags().Bool("runOnStart", true, "Run the sync job on start.")
-	_ = viper.BindPFlag(configRunOnStart, doCmd.PersistentFlags().Lookup("runOnStart"))
-	doCmd.PersistentFlags().Int("api-port", 8080, "Sync API Port, the API endpoint will be started to enable remote triggering; if 0 port API is disabled.")
-	_ = viper.BindPFlag(configAPIPort, doCmd.PersistentFlags().Lookup("api-port"))
-	doCmd.PersistentFlags().String("api-username", "", "Sync API username")
-	_ = viper.BindPFlag(configAPIUsername, doCmd.PersistentFlags().Lookup("api-username"))
-	doCmd.PersistentFlags().String("api-password", "", "Sync API password")
-	_ = viper.BindPFlag(configAPIPassword, doCmd.PersistentFlags().Lookup("api-password"))
-	doCmd.PersistentFlags().String("api-darkMode", "", "API UI in dark mode")
-	_ = viper.BindPFlag(configAPIDarkMode, doCmd.PersistentFlags().Lookup("api-darkMode"))
+	doCmd.PersistentFlags().String(config.FlagCron, "", "The cron expression to run in daemon mode")
+	doCmd.PersistentFlags().Bool(config.FlagRunOnStart, true, "Run the sync job on start.")
+	doCmd.PersistentFlags().Bool(config.FlagPrintConfigOnly, false, "Prints the configuration only and exists. "+
+		"Can be used to debug the config E.g: when having authentication issues.")
+	doCmd.PersistentFlags().Bool(config.FlagContinueOnError, false, "If enabled, the synchronisation task "+
+		"will not fail on single errors, but will log the errors and continue.")

-	doCmd.PersistentFlags().Bool("feature-dhcp-server-config", true, "Enable DHCP server config feature")
-	_ = viper.BindPFlag(configFeatureDHCPServerConfig, doCmd.PersistentFlags().Lookup("feature-dhcp-server-config"))
-	doCmd.PersistentFlags().Bool("feature-dhcp-static-leases", true, "Enable DHCP server static leases feature")
-	_ = viper.BindPFlag(configFeatureDHCPStaticLeases, doCmd.PersistentFlags().Lookup("feature-dhcp-static-leases"))
+	doCmd.PersistentFlags().Int(config.FlagApiPort, 8080, "Sync API Port, the API endpoint will be started to enable remote triggering; if 0 port API is disabled.")
+	doCmd.PersistentFlags().String(config.FlagApiUsername, "", "Sync API username")
+	doCmd.PersistentFlags().String(config.FlagApiPassword, "", "Sync API password")
+	doCmd.PersistentFlags().String(config.FlagApiDarkMode, "", "API UI in dark mode")

-	doCmd.PersistentFlags().Bool("feature-dns-server-config", true, "Enable DNS server config feature")
-	_ = viper.BindPFlag(configFeatureDNServerConfig, doCmd.PersistentFlags().Lookup("feature-dns-server-config"))
-	doCmd.PersistentFlags().Bool("feature-dns-access-lists", true, "Enable DNS server access lists feature")
-	_ = viper.BindPFlag(configFeatureDNSPAccessLists, doCmd.PersistentFlags().Lookup("feature-dns-access-lists"))
-	doCmd.PersistentFlags().Bool("feature-dns-rewrites", true, "Enable DNS rewrites feature")
-	_ = viper.BindPFlag(configFeatureDNSRewrites, doCmd.PersistentFlags().Lookup("feature-dns-rewrites"))
-	doCmd.PersistentFlags().Bool("feature-general-settings", true, "Enable general settings feature")
-	_ = viper.BindPFlag(configFeatureGeneralSettings, doCmd.PersistentFlags().Lookup("feature-general-settings"))
-	_ = viper.BindPFlag("features.generalSettings", doCmd.PersistentFlags().Lookup("feature-general-settings"))
-	doCmd.PersistentFlags().Bool("feature-query-log-config", true, "Enable query log config feature")
-	_ = viper.BindPFlag(configFeatureQueryLogConfig, doCmd.PersistentFlags().Lookup("feature-query-log-config"))
-	doCmd.PersistentFlags().Bool("feature-stats-config", true, "Enable stats config feature")
-	_ = viper.BindPFlag(configFeatureStatsConfig, doCmd.PersistentFlags().Lookup("feature-stats-config"))
-	doCmd.PersistentFlags().Bool("feature-client-settings", true, "Enable client settings feature")
-	_ = viper.BindPFlag(configFeatureClientSettings, doCmd.PersistentFlags().Lookup("feature-client-settings"))
-	doCmd.PersistentFlags().Bool("feature-services", true, "Enable services sync feature")
-	_ = viper.BindPFlag(configFeatureServices, doCmd.PersistentFlags().Lookup("feature-services"))
-	doCmd.PersistentFlags().Bool("feature-filters", true, "Enable filters sync feature")
-	_ = viper.BindPFlag(configFeatureFilters, doCmd.PersistentFlags().Lookup("feature-filters"))
+	doCmd.PersistentFlags().Bool(config.FlagFeatureDhcpServerConfig, true, "Enable DHCP server config feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureDhcpStaticLeases, true, "Enable DHCP server static leases feature")

-	doCmd.PersistentFlags().String("origin-url", "", "Origin instance url")
-	_ = viper.BindPFlag(configOriginURL, doCmd.PersistentFlags().Lookup("origin-url"))
-	doCmd.PersistentFlags().String("origin-api-path", "/control", "Origin instance API path")
-	_ = viper.BindPFlag(configOriginAPIPath, doCmd.PersistentFlags().Lookup("origin-api-path"))
-	doCmd.PersistentFlags().String("origin-username", "", "Origin instance username")
-	_ = viper.BindPFlag(configOriginUsername, doCmd.PersistentFlags().Lookup("origin-username"))
-	doCmd.PersistentFlags().String("origin-password", "", "Origin instance password")
-	_ = viper.BindPFlag(configOriginPassword, doCmd.PersistentFlags().Lookup("origin-password"))
-	doCmd.PersistentFlags().String("origin-insecure-skip-verify", "", "Enable Origin instance InsecureSkipVerify")
-	_ = viper.BindPFlag(configOriginInsecureSkipVerify, doCmd.PersistentFlags().Lookup("origin-insecure-skip-verify"))
+	doCmd.PersistentFlags().Bool(config.FlagFeatureDnsServerConfig, true, "Enable DNS server config feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureDnsAccessLists, true, "Enable DNS server access lists feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureDnsRewrites, true, "Enable DNS rewrites feature")

-	doCmd.PersistentFlags().String("replica-url", "", "Replica instance url")
-	_ = viper.BindPFlag(configReplicaURL, doCmd.PersistentFlags().Lookup("replica-url"))
-	doCmd.PersistentFlags().String("replica-api-path", "/control", "Replica instance API path")
-	_ = viper.BindPFlag(configReplicaAPIPath, doCmd.PersistentFlags().Lookup("replica-api-path"))
-	doCmd.PersistentFlags().String("replica-username", "", "Replica instance username")
-	_ = viper.BindPFlag(configReplicaUsername, doCmd.PersistentFlags().Lookup("replica-username"))
-	doCmd.PersistentFlags().String("replica-password", "", "Replica instance password")
-	_ = viper.BindPFlag(configReplicaPassword, doCmd.PersistentFlags().Lookup("replica-password"))
-	doCmd.PersistentFlags().Bool("replica-insecure-skip-verify", false, "Enable Replica instance InsecureSkipVerify")
-	_ = viper.BindPFlag(configReplicaInsecureSkipVerify, doCmd.PersistentFlags().Lookup("replica-insecure-skip-verify"))
-	doCmd.PersistentFlags().Bool("replica-auto-setup", false, "Enable automatic setup of new AdguardHome instances. This replaces the setup wizard.")
-	_ = viper.BindPFlag(configReplicaAutoSetup, doCmd.PersistentFlags().Lookup("replica-auto-setup"))
-	doCmd.PersistentFlags().Bool("replica-interface-name", false, "Optional change the interface name of the replica if it differs from the master")
-	_ = viper.BindPFlag(configReplicaInterfaceName, doCmd.PersistentFlags().Lookup("replica-interface-name"))
+	doCmd.PersistentFlags().Bool(config.FlagFeatureGeneral, true, "Enable general settings feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureQueryLog, true, "Enable query log config feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureStats, true, "Enable stats config feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureClient, true, "Enable client settings feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureServices, true, "Enable services sync feature")
+	doCmd.PersistentFlags().Bool(config.FlagFeatureFilters, true, "Enable filters sync feature")
+
+	doCmd.PersistentFlags().String(config.FlagOriginURL, "", "Origin instance url")
+	doCmd.PersistentFlags().String(config.FlagOriginWebURL, "", "Origin instance web url used in the web interface (default: <origin-url>)")
+	doCmd.PersistentFlags().String(config.FlagOriginApiPath, "/control", "Origin instance API path")
+	doCmd.PersistentFlags().String(config.FlagOriginUsername, "", "Origin instance username")
+	doCmd.PersistentFlags().String(config.FlagOriginPassword, "", "Origin instance password")
+	doCmd.PersistentFlags().String(config.FlagOriginCookie, "", "If Set, uses a cookie for authentication")
+	doCmd.PersistentFlags().Bool(config.FlagOriginISV, false, "Enable Origin instance InsecureSkipVerify")
+
+	doCmd.PersistentFlags().String(config.FlagReplicaURL, "", "Replica instance url")
+	doCmd.PersistentFlags().String(config.FlagReplicaWebURL, "", "Replica instance web url used in the web interface (default: <replica-url>)")
+	doCmd.PersistentFlags().String(config.FlagReplicaApiPath, "/control", "Replica instance API path")
+	doCmd.PersistentFlags().String(config.FlagReplicaUsername, "", "Replica instance username")
+	doCmd.PersistentFlags().String(config.FlagReplicaPassword, "", "Replica instance password")
+	doCmd.PersistentFlags().String(config.FlagReplicaCookie, "", "If Set, uses a cookie for authentication")
+	doCmd.PersistentFlags().Bool(config.FlagReplicaISV, false, "Enable Replica instance InsecureSkipVerify")
+	doCmd.PersistentFlags().Bool(config.FlagReplicaAutoSetup, false, "Enable automatic setup of new AdguardHome instances. This replaces the setup wizard.")
+	doCmd.PersistentFlags().String(config.FlagReplicaInterfaceName, "", "Optional change the interface name of the replica if it differs from the master")
 }
--- a/go.mod
+++ b/go.mod
@@ -1,56 +1,79 @@
 module github.com/bakito/adguardhome-sync

-go 1.19
+go 1.22.0
+
+toolchain go1.22.2

 require (
-	github.com/gin-gonic/gin v1.8.2
-	github.com/go-resty/resty/v2 v2.7.0
-	github.com/golang/mock v1.6.0
-	github.com/google/uuid v1.3.0
-	github.com/jinzhu/copier v0.3.5
-	github.com/mitchellh/go-homedir v1.1.0
-	github.com/onsi/ginkgo/v2 v2.8.0
-	github.com/onsi/gomega v1.26.0
+	github.com/caarlos0/env/v10 v10.0.0
+	github.com/gin-gonic/gin v1.10.0
+	github.com/go-resty/resty/v2 v2.13.1
+	github.com/google/uuid v1.6.0
+	github.com/jinzhu/copier v0.4.0
+	github.com/oapi-codegen/runtime v1.1.1
+	github.com/onsi/ginkgo/v2 v2.17.3
+	github.com/onsi/gomega v1.33.1
+	github.com/prometheus/client_golang v1.19.1
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/spf13/cobra v1.6.1
-	github.com/spf13/viper v1.15.0
-	go.uber.org/zap v1.24.0
-	golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4
+	github.com/spf13/cobra v1.8.0
+	go.uber.org/mock v0.4.0
+	go.uber.org/zap v1.27.0
+	golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc
+	golang.org/x/mod v0.17.0
+	gopkg.in/yaml.v3 v3.0.1
+	k8s.io/apimachinery v0.30.1
 )

 require (
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
+	github.com/apapsch/go-jsonmerge/v2 v2.0.0 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bytedance/sonic v1.11.6 // indirect
+	github.com/bytedance/sonic/loader v0.1.1 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/cloudwego/base64x v0.1.4 // indirect
+	github.com/cloudwego/iasm v0.2.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
-	github.com/go-playground/locales v0.14.0 // indirect
-	github.com/go-playground/universal-translator v0.18.0 // indirect
-	github.com/go-playground/validator/v10 v10.11.1 // indirect
-	github.com/goccy/go-json v0.9.11 // indirect
-	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-playground/locales v0.14.1 // indirect
+	github.com/go-playground/universal-translator v0.18.1 // indirect
+	github.com/go-playground/validator/v10 v10.20.0 // indirect
+	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
+	github.com/goccy/go-json v0.10.2 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/leodido/go-urn v1.2.1 // indirect
-	github.com/magiconair/properties v1.8.7 // indirect
-	github.com/mattn/go-isatty v0.0.16 // indirect
-	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.6 // indirect
-	github.com/spf13/afero v1.9.3 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.48.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
+	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
-	github.com/ugorji/go/codec v1.2.7 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
-	golang.org/x/net v0.5.0 // indirect
-	golang.org/x/sys v0.4.0 // indirect
-	golang.org/x/text v0.6.0 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
-	gopkg.in/ini.v1 v1.67.0 // indirect
+	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
+	github.com/ugorji/go/codec v1.2.12 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
+	golang.org/x/arch v0.8.0 // indirect
+	golang.org/x/crypto v0.23.0 // indirect
+	golang.org/x/net v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/text v0.15.0 // indirect
+	golang.org/x/tools v0.20.0 // indirect
+	google.golang.org/protobuf v1.34.1 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,581 +1,241 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/RaveNoX/go-jsoncommentstrip v1.0.0/go.mod h1:78ihd09MekBnJnxpICcwzCMzGrKSKYe4AqU6PDYYpjk=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0 h1:axGnT1gRIfimI7gJifB699GoE/oq+F2MU7Dml6nw9rQ=
+github.com/apapsch/go-jsonmerge/v2 v2.0.0/go.mod h1:lvDnEdqiQrp0O42VQGgmlKpxL1AP2+08jFMw88y4klk=
+github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bmatcuk/doublestar v1.1.1/go.mod h1:UD6OnuiIn0yFxxA2le/rnRU1G4RaI4UvFv1sNto9p6w=
+github.com/bytedance/sonic v1.11.6 h1:oUp34TzMlL+OY1OUWxHqsdkgC/Zfc85zGqw9siXjrc0=
+github.com/bytedance/sonic v1.11.6/go.mod h1:LysEHSvpvDySVdC2f87zGWf6CIKJcAvqab1ZaiQtds4=
+github.com/bytedance/sonic/loader v0.1.1 h1:c+e5Pt1k/cy5wMveRDyk2X4B9hF4g7an8N3zCYjJFNM=
+github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
+github.com/caarlos0/env/v10 v10.0.0 h1:yIHUBZGsyqCnpTkbjk8asUlx6RFhhEs+h7TOBdgdzXA=
+github.com/caarlos0/env/v10 v10.0.0/go.mod h1:ZfulV76NvVPw3tm591U4SwL3Xx9ldzBP9aGxzeN7G18=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudwego/base64x v0.1.4 h1:jwCgWpFanWmN8xoIUHa2rtzmkd5J2plF/dnLS6Xd/0Y=
+github.com/cloudwego/base64x v0.1.4/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/iasm v0.2.0 h1:1KNIy1I1H9hNNFEEH3DVnI4UujN+1zjpuk6gwHLTssg=
+github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
+github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.8.2 h1:UzKToD9/PoFj/V4rvlKqTRKnQYyz8Sc1MJlv4JHPtvY=
-github.com/gin-gonic/gin v1.8.2/go.mod h1:qw5AYuDrzRTnhvusDsrov+fDIxp9Dleuu12h8nfB398=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
-github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
-github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
-github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
-github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
-github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
-github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
-github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
-github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
-github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
+github.com/gin-gonic/gin v1.10.0/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
+github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
+github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
+github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
+github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
+github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
+github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8=
+github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
+github.com/go-resty/resty/v2 v2.13.1 h1:x+LHXBI2nMB1vqndymf26quycC4aggYJ7DECYbiz03g=
+github.com/go-resty/resty/v2 v2.13.1/go.mod h1:GznXlLxkq6Nh4sU59rPmUw3VtgpO3aS96ORAI6Q7d+0=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
+github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
-github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
-github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
-github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
-github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/juju/gnuflag v0.0.0-20171113085948-2ce1bb71843d/go.mod h1:2PavIy+JPciBPrBUjwbNvtwB6RQlve+hkpll6QSNmOE=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
-github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
-github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
-github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
-github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
+github.com/klauspost/cpuid/v2 v2.2.7 h1:ZWSB3igEs+d0qvnxR/ZBzXVmxkgt8DdzP6m9pfuVLDM=
+github.com/klauspost/cpuid/v2 v2.2.7/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws=
+github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
-github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ=
-github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
-github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
-github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/onsi/ginkgo/v2 v2.8.0 h1:pAM+oBNPrpXRs+E/8spkeGx9QgekbRVyr74EUvRVOUI=
-github.com/onsi/ginkgo/v2 v2.8.0/go.mod h1:6JsQiECmxCa3V5st74AL/AmsV482EDdVrGaVW6z3oYU=
-github.com/onsi/gomega v1.26.0 h1:03cDLK28U6hWvCAns6NeydX3zIm4SF3ci69ulidS32Q=
-github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM=
-github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU=
-github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek=
-github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
-github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/oapi-codegen/runtime v1.1.1 h1:EXLHh0DXIJnWhdRPN2w4MXAzFyE4CskzhNLUmtpMYro=
+github.com/oapi-codegen/runtime v1.1.1/go.mod h1:SK9X900oXmPWilYR5/WKPzt3Kqxn/uS/+lbpREv+eCg=
+github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU=
+github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
-github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
-github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk=
-github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
-github.com/spf13/cobra v1.6.1 h1:o94oiPyS4KD1mPy2fmcYYHHfCxLqYjJOhGsCHFZtEzA=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU=
-github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA=
+github.com/spkg/bom v0.0.0-20160624110644-59b7046e48ad/go.mod h1:qLr4V1qq6nMqFKkMo8ZTx3f+BZEkzsRUY10Xsm2mwU0=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
-github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
-github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
-github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
-github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
+github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
+github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
+github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
-go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE=
-go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
-go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
-go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
-go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
-go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
+go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU=
+go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
+go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
+golang.org/x/arch v0.8.0 h1:3wRIsP3pM4yUptoR96otTUOXI367OS0+c9eeRi9doIc=
+golang.org/x/arch v0.8.0/go.mod h1:FEVrYAQjsQXMVJ1nsMoVVXPZg6p2JE2mx8psSWTDQys=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM=
-golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
+golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
+golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc h1:ao2WRsKSzW6KuUY9IWPwWahcHCgR0s52IfwutMfEbdM=
+golang.org/x/exp v0.0.0-20240103183307-be819d1f06fc/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw=
-golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac=
+golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18=
-golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
+golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k=
-golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk=
+golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
-golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
+golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY=
+golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
-google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg=
+google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U=
+k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
+k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
+k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
+k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
+sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
--- a/openapi/main.go
+++ b/openapi/main.go
@@ -0,0 +1,63 @@
+package main
+
+import (
+	"fmt"
+	"io"
+	"log"
+	"net/http"
+	"os"
+
+	"gopkg.in/yaml.v3"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+func main() {
+	version := "master"
+	fileName := "schema-master.yaml"
+	if len(os.Args) > 1 {
+		version = os.Args[1]
+		fileName = "schema.yaml"
+	}
+	log.Printf("Patching schema version %s\n", version)
+
+	resp, err := http.Get(fmt.Sprintf("https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/%s/openapi/openapi.yaml", version))
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer func() { _ = resp.Body.Close() }()
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	schema := make(map[string]interface{})
+	err = yaml.Unmarshal(data, &schema)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	if requestBodies, ok, _ := unstructured.NestedMap(schema, "components", "requestBodies"); ok {
+		for k := range requestBodies {
+			_ = unstructured.SetNestedField(schema, k+"Body", "components", "requestBodies", k, "x-go-name")
+		}
+	}
+
+	if dnsInfo, ok, _ := unstructured.NestedMap(schema,
+		"paths", "/dns_info", "get", "responses", "200", "content", "application/json", "schema"); ok {
+		if allOf, ok, _ := unstructured.NestedSlice(dnsInfo, "allOf"); ok && len(allOf) == 2 {
+			delete(dnsInfo, "allOf")
+			if err := unstructured.SetNestedMap(schema, allOf[0].(map[string]interface{}),
+				"paths", "/dns_info", "get", "responses", "200", "content", "application/json", "schema"); err != nil {
+				log.Fatalln(err)
+			}
+		}
+	}
+	b, err := yaml.Marshal(&schema)
+	if err != nil {
+		log.Fatalln(err)
+	}
+	log.Printf("Writing schema file tmp/%s", fileName)
+	err = os.WriteFile("tmp/"+fileName, b, 0o600)
+	if err != nil {
+		log.Fatalln(err)
+	}
+}
--- a/pkg/client/client-methods.go
+++ b/pkg/client/client-methods.go
@@ -0,0 +1,101 @@
+package client
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/go-resty/resty/v2"
+	"go.uber.org/zap"
+)
+
+func (cl *client) doGet(req *resty.Request, url string) error {
+	rl := cl.log.With("method", "GET", "path", url)
+	if cl.client.UserInfo != nil {
+		rl = rl.With("username", cl.client.UserInfo.Username)
+	}
+	req.ForceContentType("application/json")
+	rl.Debug("do get")
+	resp, err := req.Get(url)
+	if err != nil {
+		if resp != nil && resp.StatusCode() == http.StatusFound {
+			loc := resp.Header().Get("Location")
+			if loc == "/install.html" || loc == "/control/install.html" {
+				return ErrSetupNeeded
+			}
+		}
+
+		rl.With("status", resp.StatusCode(), "body", string(resp.Body()), "error", err).Debug("error in do get")
+		return detailedError(resp, err)
+	}
+
+	checkAuthenticationIssue(resp, rl)
+
+	rl.With(
+		"status", resp.StatusCode(),
+		"body", string(resp.Body()),
+		"content-type", resp.Header()["Content-Type"],
+	).Debug("got response")
+	if resp.StatusCode() != http.StatusOK {
+		return detailedError(resp, nil)
+	}
+	return nil
+}
+
+func (cl *client) doPost(req *resty.Request, url string) error {
+	rl := cl.log.With("method", "POST", "path", url)
+	if cl.client.UserInfo != nil {
+		rl = rl.With("username", cl.client.UserInfo.Username)
+	}
+	b, _ := json.Marshal(req.Body)
+	rl.With("body", string(b)).Debug("do post")
+	resp, err := req.Post(url)
+	if err != nil {
+		rl.With("status", resp.StatusCode(), "body", string(resp.Body()), "error", err).Debug("error in do post")
+		return detailedError(resp, err)
+	}
+
+	checkAuthenticationIssue(resp, rl)
+
+	rl.With(
+		"status", resp.StatusCode(),
+		"body", string(resp.Body()),
+		"content-type", contentType(resp),
+	).Debug("got response")
+	if resp.StatusCode() != http.StatusOK {
+		return detailedError(resp, nil)
+	}
+	return nil
+}
+
+func (cl *client) doPut(req *resty.Request, url string) error {
+	rl := cl.log.With("method", "PUT", "path", url)
+	if cl.client.UserInfo != nil {
+		rl = rl.With("username", cl.client.UserInfo.Username)
+	}
+	b, _ := json.Marshal(req.Body)
+	rl.With("body", string(b)).Debug("do put")
+	resp, err := req.Put(url)
+	if err != nil {
+		rl.With("status", resp.StatusCode(), "body", string(resp.Body()), "error", err).Debug("error in do put")
+		return detailedError(resp, err)
+	}
+
+	checkAuthenticationIssue(resp, rl)
+
+	rl.With(
+		"status", resp.StatusCode(),
+		"body", string(resp.Body()),
+		"content-type", contentType(resp),
+	).Debug("got response")
+	if resp.StatusCode() != http.StatusOK {
+		return detailedError(resp, nil)
+	}
+	return nil
+}
+
+func checkAuthenticationIssue(resp *resty.Response, rl *zap.SugaredLogger) {
+	if resp != nil && (resp.StatusCode() == http.StatusUnauthorized || resp.StatusCode() == http.StatusForbidden) {
+		rl.With("status", resp.StatusCode()).Error("there seems to be an authentication issue - " +
+			"please check https://github.com/bakito/adguardhome-sync/wiki/FAQ")
+	}
+}
--- a/pkg/client/client.go
+++ b/pkg/client/client.go
@@ -2,7 +2,6 @@ package client

 import (
 	"crypto/tls"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"net/http"
@@ -10,9 +9,12 @@ import (
 	"os"
 	"path"
 	"strconv"
+	"strings"

+	"github.com/bakito/adguardhome-sync/pkg/client/model"
 	"github.com/bakito/adguardhome-sync/pkg/log"
 	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
 	"github.com/go-resty/resty/v2"
 	"go.uber.org/zap"
 )
@@ -51,12 +53,16 @@ func New(config types.AdGuardInstance) (Client, error) {
 	u.Path = path.Clean(u.Path)
 	cl := resty.New().SetBaseURL(u.String()).SetDisableWarn(true)

-	if config.InsecureSkipVerify {
-		// #nosec G402 has to be explicitly enabled
-		cl.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: true})
-	}
+	// #nosec G402 has to be explicitly enabled
+	cl.SetTLSClientConfig(&tls.Config{InsecureSkipVerify: config.InsecureSkipVerify})

-	if config.Username != "" && config.Password != "" {
+	cookieParts := strings.Split(config.Cookie, "=")
+	if len(cookieParts) == 2 {
+		cl.SetCookie(&http.Cookie{
+			Name:  cookieParts[0],
+			Value: cookieParts[1],
+		})
+	} else if config.Username != "" && config.Password != "" {
 		cl = cl.SetBasicAuth(config.Username, config.Password)
 	}

@@ -72,52 +78,56 @@ func New(config types.AdGuardInstance) (Client, error) {
 	}

 	return &client{
-		host:   u.Host,
+		host:   config.Host,
 		client: cl,
-		log:    l.With("host", u.Host),
+		log:    l.With("host", config.Host),
 	}, nil
 }

 // Client AdguardHome API client interface
 type Client interface {
 	Host() string
-	Status() (*types.Status, error)
+	Status() (*model.ServerStatus, error)
+	Stats() (*model.Stats, error)
+	QueryLog(limit int) (*model.QueryLog, error)
 	ToggleProtection(enable bool) error
-	RewriteList() (*types.RewriteEntries, error)
-	AddRewriteEntries(e ...types.RewriteEntry) error
-	DeleteRewriteEntries(e ...types.RewriteEntry) error
-	Filtering() (*types.FilteringStatus, error)
-	ToggleFiltering(enabled bool, interval float64) error
-	AddFilters(whitelist bool, e ...types.Filter) error
-	DeleteFilters(whitelist bool, e ...types.Filter) error
-	UpdateFilters(whitelist bool, e ...types.Filter) error
+	RewriteList() (*model.RewriteEntries, error)
+	AddRewriteEntries(e ...model.RewriteEntry) error
+	DeleteRewriteEntries(e ...model.RewriteEntry) error
+	Filtering() (*model.FilterStatus, error)
+	ToggleFiltering(enabled bool, interval int) error
+	AddFilter(whitelist bool, f model.Filter) error
+	DeleteFilter(whitelist bool, f model.Filter) error
+	UpdateFilter(whitelist bool, f model.Filter) error
 	RefreshFilters(whitelist bool) error
-	SetCustomRules(rules types.UserRules) error
+	SetCustomRules(rules *[]string) error
 	SafeBrowsing() (bool, error)
 	ToggleSafeBrowsing(enable bool) error
 	Parental() (bool, error)
 	ToggleParental(enable bool) error
-	SafeSearch() (bool, error)
-	ToggleSafeSearch(enable bool) error
-	Services() (types.Services, error)
-	SetServices(services types.Services) error
-	Clients() (*types.Clients, error)
-	AddClients(client ...types.Client) error
-	UpdateClients(client ...types.Client) error
-	DeleteClients(client ...types.Client) error
-	QueryLogConfig() (*types.QueryLogConfig, error)
-	SetQueryLogConfig(enabled bool, interval float64, anonymizeClientIP bool) error
-	StatsConfig() (*types.IntervalConfig, error)
-	SetStatsConfig(interval float64) error
+	SafeSearchConfig() (*model.SafeSearchConfig, error)
+	SetSafeSearchConfig(settings *model.SafeSearchConfig) error
+	ProfileInfo() (*model.ProfileInfo, error)
+	SetProfileInfo(settings *model.ProfileInfo) error
+	BlockedServicesSchedule() (*model.BlockedServicesSchedule, error)
+	SetBlockedServicesSchedule(schedule *model.BlockedServicesSchedule) error
+	Clients() (*model.Clients, error)
+	AddClient(client *model.Client) error
+	UpdateClient(client *model.Client) error
+	DeleteClient(client *model.Client) error
+	QueryLogConfig() (*model.QueryLogConfigWithIgnored, error)
+	SetQueryLogConfig(*model.QueryLogConfigWithIgnored) error
+	StatsConfig() (*model.GetStatsConfigResponse, error)
+	SetStatsConfig(sc *model.PutStatsConfigUpdateRequest) error
 	Setup() error
-	AccessList() (*types.AccessList, error)
-	SetAccessList(*types.AccessList) error
-	DNSConfig() (*types.DNSConfig, error)
-	SetDNSConfig(*types.DNSConfig) error
-	DHCPServerConfig() (*types.DHCPServerConfig, error)
-	SetDHCPServerConfig(*types.DHCPServerConfig) error
-	AddDHCPStaticLeases(leases ...types.Lease) error
-	DeleteDHCPStaticLeases(leases ...types.Lease) error
+	AccessList() (*model.AccessList, error)
+	SetAccessList(*model.AccessList) error
+	DNSConfig() (*model.DNSConfig, error)
+	SetDNSConfig(*model.DNSConfig) error
+	DhcpConfig() (*model.DhcpStatus, error)
+	SetDhcpConfig(*model.DhcpStatus) error
+	AddDHCPStaticLease(lease model.DhcpStaticLease) error
+	DeleteDHCPStaticLease(lease model.DhcpStaticLease) error
 }

 type client struct {
@@ -131,58 +141,6 @@ func (cl *client) Host() string {
 	return cl.host
 }

-func (cl *client) doGet(req *resty.Request, url string) error {
-	rl := cl.log.With("method", "GET", "path", url)
-	if cl.client.UserInfo != nil {
-		rl = rl.With("username", cl.client.UserInfo.Username)
-	}
-	req.ForceContentType("application/json")
-	rl.Debug("do get")
-	resp, err := req.Get(url)
-	if err != nil {
-		if resp != nil && resp.StatusCode() == http.StatusFound {
-			loc := resp.Header().Get("Location")
-			if loc == "/install.html" {
-				return ErrSetupNeeded
-			}
-		}
-		rl.With("status", resp.StatusCode(), "body", string(resp.Body()), "error", err).Debug("error in do get")
-		return detailedError(resp, err)
-	}
-	rl.With(
-		"status", resp.StatusCode(),
-		"body", string(resp.Body()),
-		"content-type", resp.Header()["Content-Type"],
-	).Debug("got response")
-	if resp.StatusCode() != http.StatusOK {
-		return detailedError(resp, nil)
-	}
-	return nil
-}
-
-func (cl *client) doPost(req *resty.Request, url string) error {
-	rl := cl.log.With("method", "POST", "path", url)
-	if cl.client.UserInfo != nil {
-		rl = rl.With("username", cl.client.UserInfo.Username)
-	}
-	b, _ := json.Marshal(req.Body)
-	rl.With("body", string(b)).Debug("do post")
-	resp, err := req.Post(url)
-	if err != nil {
-		rl.With("status", resp.StatusCode(), "body", string(resp.Body()), "error", err).Debug("error in do post")
-		return detailedError(resp, err)
-	}
-	rl.With(
-		"status", resp.StatusCode(),
-		"body", string(resp.Body()),
-		"content-type", contentType(resp),
-	).Debug("got response")
-	if resp.StatusCode() != http.StatusOK {
-		return detailedError(resp, nil)
-	}
-	return nil
-}
-
 func contentType(resp *resty.Response) string {
 	if ct, ok := resp.Header()["Content-Type"]; ok {
 		if len(ct) != 1 {
@@ -193,23 +151,34 @@ func contentType(resp *resty.Response) string {
 	return ""
 }

-func (cl *client) Status() (*types.Status, error) {
-	status := &types.Status{}
+func (cl *client) Status() (*model.ServerStatus, error) {
+	status := &model.ServerStatus{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(status), "status")
 	cl.version = status.Version
 	return status, err
 }

-func (cl *client) RewriteList() (*types.RewriteEntries, error) {
-	rewrites := &types.RewriteEntries{}
+func (cl *client) Stats() (*model.Stats, error) {
+	stats := &model.Stats{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(stats), "stats")
+	return stats, err
+}
+
+func (cl *client) QueryLog(limit int) (*model.QueryLog, error) {
+	ql := &model.QueryLog{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(ql), fmt.Sprintf(`querylog?limit=%d&response_status="all"`, limit))
+	return ql, err
+}
+
+func (cl *client) RewriteList() (*model.RewriteEntries, error) {
+	rewrites := &model.RewriteEntries{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(&rewrites), "/rewrite/list")
 	return rewrites, err
 }

-func (cl *client) AddRewriteEntries(entries ...types.RewriteEntry) error {
-	for i := range entries {
-		e := entries[i]
-		cl.log.With("domain", e.Domain, "answer", e.Answer).Info("Add rewrite entry")
+func (cl *client) AddRewriteEntries(entries ...model.RewriteEntry) error {
+	for _, e := range entries {
+		cl.log.With("domain", e.Domain, "answer", e.Answer).Info("Add DNS rewrite entry")
 		err := cl.doPost(cl.client.R().EnableTrace().SetBody(&e), "/rewrite/add")
 		if err != nil {
 			return err
@@ -218,10 +187,9 @@ func (cl *client) AddRewriteEntries(entries ...types.RewriteEntry) error {
 	return nil
 }

-func (cl *client) DeleteRewriteEntries(entries ...types.RewriteEntry) error {
-	for i := range entries {
-		e := entries[i]
-		cl.log.With("domain", e.Domain, "answer", e.Answer).Info("Delete rewrite entry")
+func (cl *client) DeleteRewriteEntries(entries ...model.RewriteEntry) error {
+	for _, e := range entries {
+		cl.log.With("domain", e.Domain, "answer", e.Answer).Info("Delete DNS rewrite entry")
 		err := cl.doPost(cl.client.R().EnableTrace().SetBody(&e), "/rewrite/delete")
 		if err != nil {
 			return err
@@ -246,16 +214,8 @@ func (cl *client) ToggleParental(enable bool) error {
 	return cl.toggleBool("parental", enable)
 }

-func (cl *client) SafeSearch() (bool, error) {
-	return cl.toggleStatus("safesearch")
-}
-
-func (cl *client) ToggleSafeSearch(enable bool) error {
-	return cl.toggleBool("safesearch", enable)
-}
-
 func (cl *client) toggleStatus(mode string) (bool, error) {
-	fs := &types.EnableConfig{}
+	fs := &model.EnableConfig{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(fs), fmt.Sprintf("/%s/status", mode))
 	return fs.Enabled, err
 }
@@ -271,51 +231,36 @@ func (cl *client) toggleBool(mode string, enable bool) error {
 	return cl.doPost(cl.client.R().EnableTrace(), fmt.Sprintf("/%s/%s", mode, target))
 }

-func (cl *client) Filtering() (*types.FilteringStatus, error) {
-	f := &types.FilteringStatus{}
+func (cl *client) Filtering() (*model.FilterStatus, error) {
+	f := &model.FilterStatus{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(f), "/filtering/status")
 	return f, err
 }

-func (cl *client) AddFilters(whitelist bool, filters ...types.Filter) error {
-	for _, f := range filters {
-		cl.log.With("url", f.URL, "whitelist", whitelist, "enabled", f.Enabled).Info("Add filter")
-		ff := &types.Filter{Name: f.Name, URL: f.URL, Whitelist: whitelist}
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(ff), "/filtering/add_url")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+func (cl *client) AddFilter(whitelist bool, f model.Filter) error {
+	cl.log.With("url", f.Url, "whitelist", whitelist, "enabled", f.Enabled).Info("Add filter")
+	ff := &model.AddUrlRequest{Name: utils.Ptr(f.Name), Url: utils.Ptr(f.Url), Whitelist: utils.Ptr(whitelist)}
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(ff), "/filtering/add_url")
 }

-func (cl *client) DeleteFilters(whitelist bool, filters ...types.Filter) error {
-	for _, f := range filters {
-		cl.log.With("url", f.URL, "whitelist", whitelist, "enabled", f.Enabled).Info("Delete filter")
-		ff := &types.Filter{URL: f.URL, Whitelist: whitelist}
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(ff), "/filtering/remove_url")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+func (cl *client) DeleteFilter(whitelist bool, f model.Filter) error {
+	cl.log.With("url", f.Url, "whitelist", whitelist, "enabled", f.Enabled).Info("Delete filter")
+	ff := &model.RemoveUrlRequest{Url: utils.Ptr(f.Url), Whitelist: utils.Ptr(whitelist)}
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(ff), "/filtering/remove_url")
 }

-func (cl *client) UpdateFilters(whitelist bool, filters ...types.Filter) error {
-	for _, f := range filters {
-		cl.log.With("url", f.URL, "whitelist", whitelist, "enabled", f.Enabled).Info("Update filter")
-		fu := &types.FilterUpdate{Whitelist: whitelist, URL: f.URL, Data: types.Filter{ID: f.ID, Name: f.Name, URL: f.URL, Whitelist: whitelist, Enabled: f.Enabled}}
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(fu), "/filtering/set_url")
-		if err != nil {
-			return err
-		}
+func (cl *client) UpdateFilter(whitelist bool, f model.Filter) error {
+	cl.log.With("url", f.Url, "whitelist", whitelist, "enabled", f.Enabled).Info("Update filter")
+	fu := &model.FilterSetUrl{
+		Whitelist: utils.Ptr(whitelist), Url: utils.Ptr(f.Url),
+		Data: &model.FilterSetUrlData{Name: f.Name, Url: f.Url, Enabled: f.Enabled},
 	}
-	return nil
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(fu), "/filtering/set_url")
 }

 func (cl *client) RefreshFilters(whitelist bool) error {
 	cl.log.With("whitelist", whitelist).Info("Refresh filter")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(&types.RefreshFilter{Whitelist: whitelist}), "/filtering/refresh")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(&model.FilterRefreshRequest{Whitelist: utils.Ptr(whitelist)}), "/filtering/refresh")
 }

 func (cl *client) ToggleProtection(enable bool) error {
@@ -323,95 +268,75 @@ func (cl *client) ToggleProtection(enable bool) error {
 	return cl.doPost(cl.client.R().EnableTrace().SetBody(&types.Protection{ProtectionEnabled: enable}), "/dns_config")
 }

-func (cl *client) SetCustomRules(rules types.UserRules) error {
-	cl.log.With("rules", len(rules)).Info("Set user rules")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(rules.ToPayload(cl.version)), "/filtering/set_rules")
+func (cl *client) SetCustomRules(rules *[]string) error {
+	var l int
+	if rules != nil {
+		l = len(*rules)
+	}
+	cl.log.With("rules", l).Info("Set user rules")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(&model.SetRulesRequest{Rules: rules}), "/filtering/set_rules")
 }

-func (cl *client) ToggleFiltering(enabled bool, interval float64) error {
+func (cl *client) ToggleFiltering(enabled bool, interval int) error {
 	cl.log.With("enabled", enabled, "interval", interval).Info("Toggle filtering")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(&types.FilteringConfig{
-		EnableConfig:   types.EnableConfig{Enabled: enabled},
-		IntervalConfig: types.IntervalConfig{Interval: interval},
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(&model.FilterConfig{
+		Enabled:  utils.Ptr(enabled),
+		Interval: utils.Ptr(interval),
 	}), "/filtering/config")
 }

-func (cl *client) Services() (types.Services, error) {
-	svcs := types.Services{}
-	err := cl.doGet(cl.client.R().EnableTrace().SetResult(&svcs), "/blocked_services/list")
-	return svcs, err
+func (cl *client) BlockedServicesSchedule() (*model.BlockedServicesSchedule, error) {
+	sched := &model.BlockedServicesSchedule{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(sched), "/blocked_services/get")
+	return sched, err
 }

-func (cl *client) SetServices(services types.Services) error {
-	cl.log.With("services", len(services)).Info("Set services")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(&services), "/blocked_services/set")
+func (cl *client) SetBlockedServicesSchedule(schedule *model.BlockedServicesSchedule) error {
+	cl.log.With("services", schedule.ServicesString()).Info("Set blocked services schedule")
+	return cl.doPut(cl.client.R().EnableTrace().SetBody(schedule), "/blocked_services/update")
 }

-func (cl *client) Clients() (*types.Clients, error) {
-	clients := &types.Clients{}
+func (cl *client) Clients() (*model.Clients, error) {
+	clients := &model.Clients{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(clients), "/clients")
 	return clients, err
 }

-func (cl *client) AddClients(clients ...types.Client) error {
-	for i := range clients {
-		client := clients[i]
-		cl.log.With("name", client.Name).Info("Add client")
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(&client), "/clients/add")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+func (cl *client) AddClient(client *model.Client) error {
+	cl.log.With("name", *client.Name).Info("Add client settings")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(client), "/clients/add")
 }

-func (cl *client) UpdateClients(clients ...types.Client) error {
-	for _, client := range clients {
-		cl.log.With("name", client.Name).Info("Update client")
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(&types.ClientUpdate{Name: client.Name, Data: client}), "/clients/update")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+func (cl *client) UpdateClient(client *model.Client) error {
+	cl.log.With("name", *client.Name).Info("Update client settings")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(&model.ClientUpdate{Name: client.Name, Data: client}), "/clients/update")
 }

-func (cl *client) DeleteClients(clients ...types.Client) error {
-	for i := range clients {
-		client := clients[i]
-		cl.log.With("name", client.Name).Info("Delete client")
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(&client), "/clients/delete")
-		if err != nil {
-			return err
-		}
-	}
-	return nil
+func (cl *client) DeleteClient(client *model.Client) error {
+	cl.log.With("name", *client.Name).Info("Delete client settings")
+	return cl.doPost(cl.client.R().EnableTrace().SetBody(client), "/clients/delete")
 }

-func (cl *client) QueryLogConfig() (*types.QueryLogConfig, error) {
-	qlc := &types.QueryLogConfig{}
-	err := cl.doGet(cl.client.R().EnableTrace().SetResult(qlc), "/querylog_info")
+func (cl *client) QueryLogConfig() (*model.QueryLogConfigWithIgnored, error) {
+	qlc := &model.QueryLogConfigWithIgnored{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(qlc), "/querylog/config")
 	return qlc, err
 }

-func (cl *client) SetQueryLogConfig(enabled bool, interval float64, anonymizeClientIP bool) error {
-	cl.log.With("enabled", enabled, "interval", interval, "anonymizeClientIP", anonymizeClientIP).Info("Set query log config")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(&types.QueryLogConfig{
-		EnableConfig:      types.EnableConfig{Enabled: enabled},
-		IntervalConfig:    types.IntervalConfig{Interval: interval},
-		AnonymizeClientIP: anonymizeClientIP,
-	}), "/querylog_config")
+func (cl *client) SetQueryLogConfig(qlc *model.QueryLogConfigWithIgnored) error {
+	cl.log.With("enabled", *qlc.Enabled, "interval", *qlc.Interval, "anonymizeClientIP", *qlc.AnonymizeClientIp).Info("Set query log config")
+	return cl.doPut(cl.client.R().EnableTrace().SetBody(qlc), "/querylog/config/update")
 }

-func (cl *client) StatsConfig() (*types.IntervalConfig, error) {
-	stats := &types.IntervalConfig{}
-	err := cl.doGet(cl.client.R().EnableTrace().SetResult(stats), "/stats_info")
+func (cl *client) StatsConfig() (*model.GetStatsConfigResponse, error) {
+	stats := &model.GetStatsConfigResponse{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(stats), "/stats/config")
 	return stats, err
 }

-func (cl *client) SetStatsConfig(interval float64) error {
-	cl.log.With("interval", interval).Info("Set stats config")
-	return cl.doPost(cl.client.R().EnableTrace().SetBody(&types.IntervalConfig{Interval: interval}), "/stats_config")
+func (cl *client) SetStatsConfig(sc *model.PutStatsConfigUpdateRequest) error {
+	cl.log.With("interval", sc.Interval).Info("Set stats config")
+	return cl.doPut(cl.client.R().EnableTrace().SetBody(sc), "/stats/config/update")
 }

 func (cl *client) Setup() error {
@@ -440,57 +365,75 @@ func (cl *client) Setup() error {
 	return cl.doPost(req, "/install/configure")
 }

-func (cl *client) AccessList() (*types.AccessList, error) {
-	al := &types.AccessList{}
+func (cl *client) AccessList() (*model.AccessList, error) {
+	al := &model.AccessList{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(al), "/access/list")
 	return al, err
 }

-func (cl *client) SetAccessList(list *types.AccessList) error {
+func (cl *client) SetAccessList(list *model.AccessList) error {
 	cl.log.Info("Set access list")
 	return cl.doPost(cl.client.R().EnableTrace().SetBody(list), "/access/set")
 }

-func (cl *client) DNSConfig() (*types.DNSConfig, error) {
-	cfg := &types.DNSConfig{}
+func (cl *client) DNSConfig() (*model.DNSConfig, error) {
+	cfg := &model.DNSConfig{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(cfg), "/dns_info")
 	return cfg, err
 }

-func (cl *client) SetDNSConfig(config *types.DNSConfig) error {
+func (cl *client) SetDNSConfig(config *model.DNSConfig) error {
 	cl.log.Info("Set dns config list")
 	return cl.doPost(cl.client.R().EnableTrace().SetBody(config), "/dns_config")
 }

-func (cl *client) DHCPServerConfig() (*types.DHCPServerConfig, error) {
-	cfg := &types.DHCPServerConfig{}
+func (cl *client) DhcpConfig() (*model.DhcpStatus, error) {
+	cfg := &model.DhcpStatus{}
 	err := cl.doGet(cl.client.R().EnableTrace().SetResult(cfg), "/dhcp/status")
 	return cfg, err
 }

-func (cl *client) SetDHCPServerConfig(config *types.DHCPServerConfig) error {
+func (cl *client) SetDhcpConfig(config *model.DhcpStatus) error {
 	cl.log.Info("Set dhcp server config")
 	return cl.doPost(cl.client.R().EnableTrace().SetBody(config), "/dhcp/set_config")
 }

-func (cl *client) AddDHCPStaticLeases(leases ...types.Lease) error {
-	for _, l := range leases {
-		cl.log.With("mac", l.HWAddr, "ip", l.IP, "hostname", l.Hostname).Info("Add static dhcp lease")
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(l), "/dhcp/add_static_lease")
-		if err != nil {
-			return err
-		}
+func (cl *client) AddDHCPStaticLease(l model.DhcpStaticLease) error {
+	cl.log.With("mac", l.Mac, "ip", l.Ip, "hostname", l.Hostname).Info("Add static dhcp lease")
+	err := cl.doPost(cl.client.R().EnableTrace().SetBody(l), "/dhcp/add_static_lease")
+	if err != nil {
+		return err
 	}
 	return nil
 }

-func (cl *client) DeleteDHCPStaticLeases(leases ...types.Lease) error {
-	for _, l := range leases {
-		cl.log.With("mac", l.HWAddr, "ip", l.IP, "hostname", l.Hostname).Info("Delete static dhcp lease")
-		err := cl.doPost(cl.client.R().EnableTrace().SetBody(l), "/dhcp/remove_static_lease")
-		if err != nil {
-			return err
-		}
+func (cl *client) DeleteDHCPStaticLease(l model.DhcpStaticLease) error {
+	cl.log.With("mac", l.Mac, "ip", l.Ip, "hostname", l.Hostname).Info("Delete static dhcp lease")
+	err := cl.doPost(cl.client.R().EnableTrace().SetBody(l), "/dhcp/remove_static_lease")
+	if err != nil {
+		return err
 	}
 	return nil
 }
+
+func (cl *client) SafeSearchConfig() (*model.SafeSearchConfig, error) {
+	sss := &model.SafeSearchConfig{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(sss), "/safesearch/status")
+	return sss, err
+}
+
+func (cl *client) SetSafeSearchConfig(settings *model.SafeSearchConfig) error {
+	cl.log.With("enabled", *settings.Enabled).Info("Set safesearch settings")
+	return cl.doPut(cl.client.R().EnableTrace().SetBody(settings), "/safesearch/settings")
+}
+
+func (cl *client) ProfileInfo() (*model.ProfileInfo, error) {
+	p := &model.ProfileInfo{}
+	err := cl.doGet(cl.client.R().EnableTrace().SetResult(p), "/profile")
+	return p, err
+}
+
+func (cl *client) SetProfileInfo(profile *model.ProfileInfo) error {
+	cl.log.With("language", profile.Language, "theme", profile.Theme).Info("Set profile")
+	return cl.doPut(cl.client.R().EnableTrace().SetBody(profile), "/profile/update")
+}
--- a/pkg/client/client_test.go
+++ b/pkg/client/client_test.go
@@ -9,7 +9,9 @@ import (
 	"path/filepath"

 	"github.com/bakito/adguardhome-sync/pkg/client"
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
 	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
 	"github.com/google/uuid"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -33,19 +35,22 @@ var _ = Describe("Client", func() {

 	Context("Host", func() {
 		It("should read the current host", func() {
-			cl, _ := client.New(types.AdGuardInstance{URL: "https://foo.bar:3000"})
+			inst := types.AdGuardInstance{URL: "https://foo.bar:3000"}
+			err := inst.Init()
+			Ω(err).ShouldNot(HaveOccurred())
+			cl, _ := client.New(inst)
 			host := cl.Host()
 			Ω(host).Should(Equal("foo.bar:3000"))
 		})
 	})

-	Context("Filtering", func() {
-		It("should read filtering status", func() {
+	Context("Filter", func() {
+		It("should read filter status", func() {
 			ts, cl = ClientGet("filtering-status.json", "/filtering/status")
 			fs, err := cl.Filtering()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(fs.Enabled).Should(BeTrue())
-			Ω(fs.Filters).Should(HaveLen(2))
+			Ω(*fs.Enabled).Should(BeTrue())
+			Ω(*fs.Filters).Should(HaveLen(2))
 		})
 		It("should enable protection", func() {
 			ts, cl = ClientPost("/filtering/config", `{"enabled":true,"interval":123}`)
@@ -64,35 +69,46 @@ var _ = Describe("Client", func() {
 		})
 		It("should add Filters", func() {
 			ts, cl = ClientPost("/filtering/add_url",
-				`{"id":0,"enabled":false,"url":"foo","name":"","rules_count":0,"whitelist":true}`,
-				`{"id":0,"enabled":false,"url":"bar","name":"","rules_count":0,"whitelist":true}`,
+				`{"name":"","url":"foo","whitelist":true}`,
+				`{"name":"","url":"bar","whitelist":true}`,
 			)
-			err := cl.AddFilters(true, types.Filter{URL: "foo"}, types.Filter{URL: "bar"})
+			err := cl.AddFilter(true, model.Filter{Url: "foo"})
+			Ω(err).ShouldNot(HaveOccurred())
+			err = cl.AddFilter(true, model.Filter{Url: "bar"})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should update Filters", func() {
 			ts, cl = ClientPost("/filtering/set_url",
-				`{"url":"foo","data":{"id":0,"enabled":false,"url":"foo","name":"","rules_count":0,"whitelist":true},"whitelist":true}`,
-				`{"url":"bar","data":{"id":0,"enabled":false,"url":"bar","name":"","rules_count":0,"whitelist":true},"whitelist":true}`,
+				`{"data":{"enabled":false,"name":"","url":"foo"},"url":"foo","whitelist":true}`,
+				`{"data":{"enabled":false,"name":"","url":"bar"},"url":"bar","whitelist":true}`,
 			)
-			err := cl.UpdateFilters(true, types.Filter{URL: "foo"}, types.Filter{URL: "bar"})
+			err := cl.UpdateFilter(true, model.Filter{Url: "foo"})
+			Ω(err).ShouldNot(HaveOccurred())
+			err = cl.UpdateFilter(true, model.Filter{Url: "bar"})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should delete Filters", func() {
 			ts, cl = ClientPost("/filtering/remove_url",
-				`{"id":0,"enabled":false,"url":"foo","name":"","rules_count":0,"whitelist":true}`,
-				`{"id":0,"enabled":false,"url":"bar","name":"","rules_count":0,"whitelist":true}`,
+				`{"url":"foo","whitelist":true}`,
+				`{"url":"bar","whitelist":true}`,
 			)
-			err := cl.DeleteFilters(true, types.Filter{URL: "foo"}, types.Filter{URL: "bar"})
+			err := cl.DeleteFilter(true, model.Filter{Url: "foo"})
+			Ω(err).ShouldNot(HaveOccurred())
+			err = cl.DeleteFilter(true, model.Filter{Url: "bar"})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
-	})
-
-	Context("CustomRules", func() {
-		It("should set SetCustomRules", func() {
-			ts, cl = ClientPost("/filtering/set_rules", `foo
-bar`)
-			err := cl.SetCustomRules([]string{"foo", "bar"})
+		It("should set empty filter rules", func() {
+			ts, cl = ClientPost("/filtering/set_rules",
+				`{"rules":[]}`,
+			)
+			err := cl.SetCustomRules(utils.Ptr([]string{}))
+			Ω(err).ShouldNot(HaveOccurred())
+		})
+		It("should set nil filter rules", func() {
+			ts, cl = ClientPost("/filtering/set_rules",
+				`{}`,
+			)
+			err := cl.SetCustomRules(nil)
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
@@ -102,8 +118,8 @@ bar`)
 			ts, cl = ClientGet("status.json", "/status")
 			fs, err := cl.Status()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(fs.DNSAddresses).Should(HaveLen(1))
-			Ω(fs.DNSAddresses[0]).Should(Equal("192.168.1.2"))
+			Ω(fs.DnsAddresses).Should(HaveLen(1))
+			Ω(fs.DnsAddresses[0]).Should(Equal("192.168.1.2"))
 			Ω(fs.Version).Should(Equal("v0.105.2"))
 		})
 		It("should return ErrSetupNeeded", func() {
@@ -135,13 +151,19 @@ bar`)
 			Ω(*rwl).Should(HaveLen(2))
 		})
 		It("should add RewriteList", func() {
-			ts, cl = ClientPost("/rewrite/add", `{"domain":"foo","answer":"foo"}`, `{"domain":"bar","answer":"bar"}`)
-			err := cl.AddRewriteEntries(types.RewriteEntry{Answer: "foo", Domain: "foo"}, types.RewriteEntry{Answer: "bar", Domain: "bar"})
+			ts, cl = ClientPost("/rewrite/add", `{"answer":"foo","domain":"foo"}`, `{"answer":"bar","domain":"bar"}`)
+			err := cl.AddRewriteEntries(
+				model.RewriteEntry{Answer: utils.Ptr("foo"), Domain: utils.Ptr("foo")},
+				model.RewriteEntry{Answer: utils.Ptr("bar"), Domain: utils.Ptr("bar")},
+			)
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should delete RewriteList", func() {
-			ts, cl = ClientPost("/rewrite/delete", `{"domain":"foo","answer":"foo"}`, `{"domain":"bar","answer":"bar"}`)
-			err := cl.DeleteRewriteEntries(types.RewriteEntry{Answer: "foo", Domain: "foo"}, types.RewriteEntry{Answer: "bar", Domain: "bar"})
+			ts, cl = ClientPost("/rewrite/delete", `{"answer":"foo","domain":"foo"}`, `{"answer":"bar","domain":"bar"}`)
+			err := cl.DeleteRewriteEntries(
+				model.RewriteEntry{Answer: utils.Ptr("foo"), Domain: utils.Ptr("foo")},
+				model.RewriteEntry{Answer: utils.Ptr("bar"), Domain: utils.Ptr("bar")},
+			)
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
@@ -165,21 +187,22 @@ bar`)
 		})
 	})

-	Context("SafeSearch", func() {
+	Context("SafeSearchConfig", func() {
 		It("should read safesearch status", func() {
 			ts, cl = ClientGet("safesearch-status.json", "/safesearch/status")
-			ss, err := cl.SafeSearch()
+			ss, err := cl.SafeSearchConfig()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(ss).Should(BeTrue())
+			Ω(ss.Enabled).ShouldNot(BeNil())
+			Ω(*ss.Enabled).Should(BeTrue())
 		})
 		It("should enable safesearch", func() {
-			ts, cl = ClientPost("/safesearch/enable", "")
-			err := cl.ToggleSafeSearch(true)
+			ts, cl = ClientPut("/safesearch/settings", `{"enabled":true}`)
+			err := cl.SetSafeSearchConfig(&model.SafeSearchConfig{Enabled: utils.Ptr(true)})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should disable safesearch", func() {
-			ts, cl = ClientPost("/safesearch/disable", "")
-			err := cl.ToggleSafeSearch(false)
+			ts, cl = ClientPut("/safesearch/settings", `{"enabled":false}`)
+			err := cl.SetSafeSearchConfig(&model.SafeSearchConfig{Enabled: utils.Ptr(false)})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
@@ -216,16 +239,25 @@ bar`)
 		})
 	})

-	Context("Services", func() {
-		It("should read Services", func() {
-			ts, cl = ClientGet("blockedservices-list.json", "/blocked_services/list")
-			s, err := cl.Services()
+	Context("BlockedServicesSchedule", func() {
+		It("should read BlockedServicesSchedule", func() {
+			ts, cl = ClientGet("blockedservicesschedule-get.json", "/blocked_services/get")
+			s, err := cl.BlockedServicesSchedule()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(s).Should(HaveLen(2))
+			Ω(*s.Ids).Should(HaveLen(3))
 		})
-		It("should set Services", func() {
-			ts, cl = ClientPost("/blocked_services/set", `["foo","bar"]`)
-			err := cl.SetServices([]string{"foo", "bar"})
+		It("should set BlockedServicesSchedule", func() {
+			ts, cl = ClientPost("/blocked_services/update",
+				`{"ids":["bar","foo"],"schedule":{"mon":{"end":99,"start":1}}}`)
+			err := cl.SetBlockedServicesSchedule(&model.BlockedServicesSchedule{
+				Ids: utils.Ptr([]string{"foo", "bar"}),
+				Schedule: &model.Schedule{
+					Mon: &model.DayRange{
+						Start: utils.Ptr(float32(1.0)),
+						End:   utils.Ptr(float32(99.0)),
+					},
+				},
+			})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
@@ -235,55 +267,69 @@ bar`)
 			ts, cl = ClientGet("clients.json", "/clients")
 			c, err := cl.Clients()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(c.Clients).Should(HaveLen(2))
+			Ω(*c.Clients).Should(HaveLen(2))
 		})
 		It("should add Clients", func() {
 			ts, cl = ClientPost("/clients/add",
-				`{"ids":["id"],"use_global_settings":false,"use_global_blocked_services":false,"name":"foo","filtering_enabled":false,"parental_enabled":false,"safesearch_enabled":false,"safebrowsing_enabled":false,"disallowed":false,"disallowed_rule":""}`,
+				`{"ids":["id"],"name":"foo"}`,
 			)
-			err := cl.AddClients(types.Client{Name: "foo", Ids: []string{"id"}})
+			err := cl.AddClient(&model.Client{Name: utils.Ptr("foo"), Ids: utils.Ptr([]string{"id"})})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should update Clients", func() {
 			ts, cl = ClientPost("/clients/update",
-				`{"name":"foo","data":{"ids":["id"],"use_global_settings":false,"use_global_blocked_services":false,"name":"foo","filtering_enabled":false,"parental_enabled":false,"safesearch_enabled":false,"safebrowsing_enabled":false,"disallowed":false,"disallowed_rule":""}}`,
+				`{"data":{"ids":["id"],"name":"foo"},"name":"foo"}`,
 			)
-			err := cl.UpdateClients(types.Client{Name: "foo", Ids: []string{"id"}})
+			err := cl.UpdateClient(&model.Client{Name: utils.Ptr("foo"), Ids: utils.Ptr([]string{"id"})})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 		It("should delete Clients", func() {
 			ts, cl = ClientPost("/clients/delete",
-				`{"ids":["id"],"use_global_settings":false,"use_global_blocked_services":false,"name":"foo","filtering_enabled":false,"parental_enabled":false,"safesearch_enabled":false,"safebrowsing_enabled":false,"disallowed":false,"disallowed_rule":""}`,
+				`{"ids":["id"],"name":"foo"}`,
 			)
-			err := cl.DeleteClients(types.Client{Name: "foo", Ids: []string{"id"}})
+			err := cl.DeleteClient(&model.Client{Name: utils.Ptr("foo"), Ids: utils.Ptr([]string{"id"})})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})

 	Context("QueryLogConfig", func() {
 		It("should read QueryLogConfig", func() {
-			ts, cl = ClientGet("querylog_info.json", "/querylog_info")
+			ts, cl = ClientGet("querylog_config.json", "/querylog/config")
 			qlc, err := cl.QueryLogConfig()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(qlc.Enabled).Should(BeTrue())
-			Ω(qlc.Interval).Should(Equal(90.0))
+			Ω(qlc.Enabled).ShouldNot(BeNil())
+			Ω(*qlc.Enabled).Should(BeTrue())
+			Ω(qlc.Interval).ShouldNot(BeNil())
+			Ω(*qlc.Interval).Should(Equal(model.QueryLogConfigInterval(90)))
 		})
 		It("should set QueryLogConfig", func() {
-			ts, cl = ClientPost("/querylog_config", `{"enabled":true,"interval":123,"anonymize_client_ip":true}`)
-			err := cl.SetQueryLogConfig(true, 123, true)
+			ts, cl = ClientPut("/querylog/config/update", `{"anonymize_client_ip":true,"enabled":true,"interval":123,"ignored":["foo.bar"]}`)
+
+			var interval model.QueryLogConfigInterval = 123
+			err := cl.SetQueryLogConfig(&model.QueryLogConfigWithIgnored{
+				QueryLogConfig: model.QueryLogConfig{
+					AnonymizeClientIp: utils.Ptr(true),
+					Interval:          &interval,
+					Enabled:           utils.Ptr(true),
+				},
+				Ignored: []string{"foo.bar"},
+			})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
 	Context("StatsConfig", func() {
 		It("should read StatsConfig", func() {
-			ts, cl = ClientGet("stats_info.json", "/stats_info")
+			ts, cl = ClientGet("stats_info.json", "/stats/config")
 			sc, err := cl.StatsConfig()
 			Ω(err).ShouldNot(HaveOccurred())
-			Ω(sc.Interval).Should(Equal(1.0))
+			Ω(sc.Interval).ShouldNot(BeNil())
+			Ω(sc.Interval).Should(Equal(float32(1)))
 		})
 		It("should set StatsConfig", func() {
-			ts, cl = ClientPost("/stats_config", `{"interval":123}`)
-			err := cl.SetStatsConfig(123.0)
+			ts, cl = ClientPost("/stats/config/update", `{"enabled":false,"ignored":null,"interval":123}`)
+
+			var interval float32 = 123
+			err := cl.SetStatsConfig(&model.PutStatsConfigUpdateRequest{Interval: interval})
 			Ω(err).ShouldNot(HaveOccurred())
 		})
 	})
@@ -308,7 +354,8 @@ bar`)

 		Context("doPost", func() {
 			It("should return an error on status code != 200", func() {
-				err := cl.SetStatsConfig(123)
+				var interval float32 = 123
+				err := cl.SetStatsConfig(&model.PutStatsConfigUpdateRequest{Interval: interval})
 				Ω(err).Should(HaveOccurred())
 				Ω(err.Error()).Should(Equal("401 Unauthorized"))
 			})
@@ -344,3 +391,18 @@ func ClientPost(path string, content ...string) (*httptest.Server, client.Client
 	Ω(err).ShouldNot(HaveOccurred())
 	return ts, cl
 }
+
+func ClientPut(path string, content ...string) (*httptest.Server, client.Client) {
+	index := 0
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		Ω(r.URL.Path).Should(Equal(types.DefaultAPIPath + path))
+		body, err := io.ReadAll(r.Body)
+		Ω(err).ShouldNot(HaveOccurred())
+		Ω(body).Should(Equal([]byte(content[index])))
+		index++
+	}))
+
+	cl, err := client.New(types.AdGuardInstance{URL: ts.URL, Username: username, Password: password})
+	Ω(err).ShouldNot(HaveOccurred())
+	return ts, cl
+}
--- a/pkg/client/model/client/client.go
+++ b/pkg/client/model/client/client.go
@@ -0,0 +1,143 @@
+package client
+
+import (
+	"context"
+	"crypto/tls"
+	"encoding/base64"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/bakito/adguardhome-sync/pkg/log"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"go.uber.org/zap"
+)
+
+var l = log.GetLogger("client")
+
+// New create a new api client
+func New(config types.AdGuardInstance) (Client, error) {
+	var apiURL string
+	if config.APIPath == "" {
+		apiURL = fmt.Sprintf("%s/control", config.URL)
+	} else {
+		apiURL = fmt.Sprintf("%s/%s", config.URL, config.APIPath)
+	}
+	u, err := url.Parse(apiURL)
+	if err != nil {
+		return nil, err
+	}
+	u.Path = path.Clean(u.Path)
+
+	httpClient := &http.Client{
+		Transport: &http.Transport{
+			// #nosec G402 has to be explicitly enabled
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: config.InsecureSkipVerify},
+		},
+	}
+
+	aghClient, err := model.NewClient(u.String(), func(client *model.AdguardHomeClient) error {
+		client.Client = httpClient
+		client.RequestEditors = append(client.RequestEditors, func(ctx context.Context, req *http.Request) error {
+			if config.Username != "" && config.Password != "" {
+				req.Header.Add("Authorization", "Basic "+basicAuth(config.Username, config.Password))
+			}
+			return nil
+		})
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	return &apiClient{
+		host:   u.Host,
+		client: aghClient,
+		log:    l.With("host", u.Host),
+	}, nil
+}
+
+func basicAuth(username, password string) string {
+	auth := username + ":" + password
+	return base64.StdEncoding.EncodeToString([]byte(auth))
+}
+
+type apiClient struct {
+	host   string
+	client *model.AdguardHomeClient
+	log    *zap.SugaredLogger
+}
+
+func (a apiClient) Host(context.Context) string {
+	return a.host
+}
+
+func (a apiClient) GetServerStatus(ctx context.Context) (*model.ServerStatus, error) {
+	sr, err := read(ctx, a.client.Status, model.ParseStatusResp)
+	if err != nil {
+		return nil, err
+	}
+	return sr.JSON200, nil
+}
+
+func (a apiClient) GetFilteringStatus(ctx context.Context) (*model.FilterStatus, error) {
+	sr, err := read(ctx, a.client.FilteringStatus, model.ParseFilteringStatusResp)
+	if err != nil {
+		return nil, err
+	}
+	return sr.JSON200, nil
+}
+
+func (a apiClient) SetFilteringConfig(ctx context.Context, config model.FilterConfig) error {
+	return write(ctx, config, a.client.FilteringConfig)
+}
+
+func write[B interface{}](
+	ctx context.Context,
+	body B,
+	req func(ctx context.Context, body B, reqEditors ...model.RequestEditorFn) (*http.Response, error),
+) error {
+	resp, err := req(ctx, body)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return detailedError(resp)
+	}
+	return nil
+}
+
+func read[I interface{}](
+	ctx context.Context,
+	req func(ctx context.Context, reqEditors ...model.RequestEditorFn) (*http.Response, error),
+	parse func(rsp *http.Response) (*I, error),
+) (*I, error) {
+	resp, err := req(ctx)
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+	if resp.StatusCode != http.StatusOK {
+		return nil, detailedError(resp)
+	}
+	return parse(resp)
+}
+
+func detailedError(resp *http.Response) error {
+	e := resp.Status
+
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	if len(body) > 0 {
+		e += fmt.Sprintf("(%s)", string(body))
+	}
+	return errors.New(e)
+}
--- a/pkg/client/model/client/interface.go
+++ b/pkg/client/model/client/interface.go
@@ -0,0 +1,15 @@
+package client
+
+import (
+	"context"
+
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+)
+
+type Client interface {
+	Host(ctx context.Context) string
+	GetServerStatus(ctx context.Context) (*model.ServerStatus, error)
+
+	GetFilteringStatus(ctx context.Context) (*model.FilterStatus, error)
+	SetFilteringConfig(ctx context.Context, config model.FilterConfig) error
+}
--- a/pkg/client/model/client/resty.go
+++ b/pkg/client/model/client/resty.go
@@ -0,0 +1,27 @@
+package client
+
+import (
+	"net/http"
+
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/go-resty/resty/v2"
+)
+
+var _ model.HttpRequestDoer = &adapter{}
+
+func RestyAdapter(r *resty.Client) model.HttpRequestDoer {
+	return &adapter{
+		client: r,
+	}
+}
+
+type adapter struct {
+	client *resty.Client
+}
+
+func (a adapter) Do(req *http.Request) (*http.Response, error) {
+	r, err := a.client.R().
+		SetHeaderMultiValues(req.Header).
+		Execute(req.Method, req.URL.String())
+	return r.RawResponse, err
+}
--- a/pkg/client/model/model-functions.go
+++ b/pkg/client/model/model-functions.go
@@ -0,0 +1,453 @@
+package model
+
+import (
+	"fmt"
+	"sort"
+	"strings"
+
+	"github.com/bakito/adguardhome-sync/pkg/utils"
+	"github.com/jinzhu/copier"
+	"go.uber.org/zap"
+)
+
+// Clone the config
+func (c *DhcpStatus) Clone() *DhcpStatus {
+	clone := &DhcpStatus{}
+	_ = copier.Copy(clone, c)
+	return clone
+}
+
+func (c *DhcpStatus) cleanV4V6() {
+	if c.V4 != nil && !c.V4.isValid() {
+		c.V4 = nil
+	}
+	if c.V6 != nil && !c.V6.isValid() {
+		c.V6 = nil
+	}
+}
+
+// CleanAndEquals dhcp server config equal check where V4 and V6 are cleaned in advance
+func (c *DhcpStatus) CleanAndEquals(o *DhcpStatus) bool {
+	c.cleanV4V6()
+	o.cleanV4V6()
+	return c.Equals(o)
+}
+
+// Equals dhcp server config equal check
+func (c *DhcpStatus) Equals(o *DhcpStatus) bool {
+	return utils.JsonEquals(c, o)
+}
+
+func (c *DhcpStatus) HasConfig() bool {
+	return (c.V4 != nil && c.V4.isValid()) || (c.V6 != nil && c.V6.isValid())
+}
+
+func (j DhcpConfigV4) isValid() bool {
+	return j.GatewayIp != nil && *j.GatewayIp != "" &&
+		j.SubnetMask != nil && *j.SubnetMask != "" &&
+		j.RangeStart != nil && *j.RangeStart != "" &&
+		j.RangeEnd != nil && *j.RangeEnd != ""
+}
+
+func (j DhcpConfigV6) isValid() bool {
+	return j.RangeStart != nil && *j.RangeStart != ""
+}
+
+type DhcpStaticLeases []DhcpStaticLease
+
+// MergeDhcpStaticLeases the leases
+func MergeDhcpStaticLeases(l *[]DhcpStaticLease, other *[]DhcpStaticLease) (DhcpStaticLeases, DhcpStaticLeases) {
+	var thisLeases []DhcpStaticLease
+	var otherLeases []DhcpStaticLease
+
+	if l != nil {
+		thisLeases = *l
+	}
+	if other != nil {
+		otherLeases = *other
+	}
+	current := make(map[string]DhcpStaticLease)
+
+	var adds DhcpStaticLeases
+	var removes DhcpStaticLeases
+	for _, le := range thisLeases {
+		current[le.Mac] = le
+	}
+
+	for _, le := range otherLeases {
+		if _, ok := current[le.Mac]; ok {
+			delete(current, le.Mac)
+		} else {
+			adds = append(adds, le)
+		}
+	}
+
+	for _, rr := range current {
+		removes = append(removes, rr)
+	}
+
+	return adds, removes
+}
+
+// Equals dns config equal check
+func (c *DNSConfig) Equals(o *DNSConfig) bool {
+	cc := c.Clone()
+	oo := o.Clone()
+	cc.Sort()
+	oo.Sort()
+
+	return utils.JsonEquals(cc, oo)
+}
+
+func (c *DNSConfig) Clone() *DNSConfig {
+	return utils.Clone(c, &DNSConfig{})
+}
+
+// Sort sort dns config
+func (c *DNSConfig) Sort() {
+	if c.UpstreamDns != nil {
+		sort.Strings(*c.UpstreamDns)
+	}
+
+	if c.UpstreamDns != nil {
+		sort.Strings(*c.BootstrapDns)
+	}
+
+	if c.UpstreamDns != nil {
+		sort.Strings(*c.LocalPtrUpstreams)
+	}
+}
+
+// Equals access list equal check
+func (al *AccessList) Equals(o *AccessList) bool {
+	return EqualsStringSlice(al.AllowedClients, o.AllowedClients, true) &&
+		EqualsStringSlice(al.DisallowedClients, o.DisallowedClients, true) &&
+		EqualsStringSlice(al.BlockedHosts, o.BlockedHosts, true)
+}
+
+func EqualsStringSlice(a *[]string, b *[]string, sortIt bool) bool {
+	if a == nil && b == nil {
+		return true
+	}
+
+	if a == nil || b == nil {
+		return false
+	}
+
+	aa := *a
+	bb := *b
+	if sortIt {
+		sort.Strings(aa)
+		sort.Strings(bb)
+	}
+	if len(aa) != len(bb) {
+		return false
+	}
+	for i, v := range aa {
+		if v != bb[i] {
+			return false
+		}
+	}
+	return true
+}
+
+// Sort clients
+func (cl *Client) Sort() {
+	if cl.Ids != nil {
+		sort.Strings(*cl.Ids)
+	}
+	if cl.Tags != nil {
+		sort.Strings(*cl.Tags)
+	}
+	if cl.BlockedServices != nil {
+		sort.Strings(*cl.BlockedServices)
+	}
+	if cl.Upstreams != nil {
+		sort.Strings(*cl.Upstreams)
+	}
+}
+
+// PrepareDiff timezone BlockedServicesSchedule might differ if all other fields are empty,
+// so we skip it in diff
+func (cl *Client) PrepareDiff() *string {
+	var tz *string
+	bss := cl.BlockedServicesSchedule
+	if bss != nil && bss.Mon == nil && bss.Tue == nil && bss.Wed == nil &&
+		bss.Thu == nil && bss.Fri == nil && bss.Sat == nil && bss.Sun == nil {
+
+		tz = cl.BlockedServicesSchedule.TimeZone
+		cl.BlockedServicesSchedule.TimeZone = nil
+	}
+	return tz
+}
+
+// AfterDiff reset after diff
+func (cl *Client) AfterDiff(tz *string) {
+	if cl.BlockedServicesSchedule != nil {
+		cl.BlockedServicesSchedule.TimeZone = tz
+	}
+}
+
+// Equals Clients equal check
+func (cl *Client) Equals(o *Client) bool {
+	cl.Sort()
+	o.Sort()
+
+	bssCl := cl.PrepareDiff()
+	bssO := o.PrepareDiff()
+
+	defer func() {
+		cl.AfterDiff(bssCl)
+		o.AfterDiff(bssO)
+	}()
+
+	return utils.JsonEquals(cl, o)
+}
+
+// Add ac client
+func (clients *Clients) Add(cl Client) {
+	if clients.Clients == nil {
+		clients.Clients = &ClientsArray{cl}
+	} else {
+		a := append(*clients.Clients, cl)
+		clients.Clients = &a
+	}
+}
+
+// Merge merge Clients
+func (clients *Clients) Merge(other *Clients) ([]*Client, []*Client, []*Client) {
+	current := make(map[string]*Client)
+	if clients.Clients != nil {
+		cc := *clients.Clients
+		for _, client := range cc {
+			current[*client.Name] = &client
+		}
+	}
+
+	expected := make(map[string]*Client)
+	if other.Clients != nil {
+		oc := *other.Clients
+		for _, client := range oc {
+			expected[*client.Name] = &client
+		}
+	}
+
+	var adds []*Client
+	var removes []*Client
+	var updates []*Client
+
+	for _, cl := range expected {
+		if oc, ok := current[*cl.Name]; ok {
+			if !cl.Equals(oc) {
+				updates = append(updates, cl)
+			}
+			delete(current, *cl.Name)
+		} else {
+			adds = append(adds, cl)
+		}
+	}
+
+	for _, rr := range current {
+		removes = append(removes, rr)
+	}
+
+	return adds, updates, removes
+}
+
+// Key RewriteEntry key
+func (re *RewriteEntry) Key() string {
+	var d string
+	var a string
+	if re.Domain != nil {
+		d = *re.Domain
+	}
+	if re.Answer != nil {
+		a = *re.Answer
+	}
+	return fmt.Sprintf("%s#%s", d, a)
+}
+
+// RewriteEntries list of RewriteEntry
+type RewriteEntries []RewriteEntry
+
+// Merge RewriteEntries
+func (rwe *RewriteEntries) Merge(other *RewriteEntries) (RewriteEntries, RewriteEntries, RewriteEntries) {
+	current := make(map[string]RewriteEntry)
+
+	var adds RewriteEntries
+	var removes RewriteEntries
+	var duplicates RewriteEntries
+	processed := make(map[string]bool)
+	for _, rr := range *rwe {
+		if _, ok := processed[rr.Key()]; !ok {
+			current[rr.Key()] = rr
+			processed[rr.Key()] = true
+		} else {
+			// remove duplicate
+			removes = append(removes, rr)
+		}
+	}
+
+	for _, rr := range *other {
+		if _, ok := current[rr.Key()]; ok {
+			delete(current, rr.Key())
+		} else {
+			if _, ok := processed[rr.Key()]; !ok {
+				adds = append(adds, rr)
+				processed[rr.Key()] = true
+			} else {
+				//	skip duplicate
+				duplicates = append(duplicates, rr)
+			}
+		}
+	}
+
+	for _, rr := range current {
+		removes = append(removes, rr)
+	}
+
+	return adds, removes, duplicates
+}
+
+func MergeFilters(this *[]Filter, other *[]Filter) ([]Filter, []Filter, []Filter) {
+	if this == nil && other == nil {
+		return nil, nil, nil
+	}
+
+	current := make(map[string]*Filter)
+
+	var adds []Filter
+	var updates []Filter
+	var removes []Filter
+	if this != nil {
+		for _, fi := range *this {
+			current[fi.Url] = &fi
+		}
+	}
+
+	if other != nil {
+		for _, rr := range *other {
+			if c, ok := current[rr.Url]; ok {
+				if !c.Equals(&rr) {
+					updates = append(updates, rr)
+				}
+				delete(current, rr.Url)
+			} else {
+				adds = append(adds, rr)
+			}
+		}
+	}
+
+	for _, rr := range current {
+		removes = append(removes, *rr)
+	}
+
+	return adds, updates, removes
+}
+
+// Equals Filter equal check
+func (f *Filter) Equals(o *Filter) bool {
+	return f.Enabled == o.Enabled && f.Url == o.Url && f.Name == o.Name
+}
+
+type QueryLogConfigWithIgnored struct {
+	QueryLogConfig
+
+	// Ignored List of host names, which should not be written to log
+	Ignored []string `json:"ignored,omitempty"`
+}
+
+// Equals QueryLogConfig equal check
+func (qlc *QueryLogConfigWithIgnored) Equals(o *QueryLogConfigWithIgnored) bool {
+	return utils.JsonEquals(qlc, o)
+}
+
+// Equals QueryLogConfigInterval equal check
+func (qlc *QueryLogConfigInterval) Equals(o *QueryLogConfigInterval) bool {
+	return ptrEquals(qlc, o)
+}
+
+func ptrEquals[T comparable](a *T, b *T) bool {
+	if a == nil && b == nil {
+		return true
+	}
+	var aa T
+	if a != nil {
+		aa = *a
+	}
+	var bb T
+	if b != nil {
+		bb = *b
+	}
+
+	return aa == bb
+}
+
+// EnableConfig API struct
+type EnableConfig struct {
+	Enabled bool `json:"enabled"`
+}
+
+func (ssc *SafeSearchConfig) Equals(o *SafeSearchConfig) bool {
+	return ptrEquals(ssc.Enabled, o.Enabled) &&
+		ptrEquals(ssc.Bing, o.Bing) &&
+		ptrEquals(ssc.Duckduckgo, o.Duckduckgo) &&
+		ptrEquals(ssc.Google, o.Google) &&
+		ptrEquals(ssc.Pixabay, o.Pixabay) &&
+		ptrEquals(ssc.Yandex, o.Yandex) &&
+		ptrEquals(ssc.Youtube, o.Youtube)
+}
+
+func (pi *ProfileInfo) Equals(o *ProfileInfo) bool {
+	return pi.Language == o.Language &&
+		pi.Theme == o.Theme
+}
+
+func (pi *ProfileInfo) ShouldSyncFor(o *ProfileInfo) *ProfileInfo {
+	if pi.Equals(o) {
+		return nil
+	}
+	merged := &ProfileInfo{Name: pi.Name, Language: pi.Language, Theme: pi.Theme}
+	if o.Language != "" {
+		merged.Language = o.Language
+	}
+	if o.Theme != "" {
+		merged.Theme = o.Theme
+	}
+	if merged.Name == "" || merged.Language == "" || merged.Theme == "" || merged.Equals(pi) {
+		return nil
+	}
+	return merged
+}
+
+func (bss *BlockedServicesSchedule) Equals(o *BlockedServicesSchedule) bool {
+	return utils.JsonEquals(bss, o)
+}
+
+func (bss *BlockedServicesSchedule) ServicesString() string {
+	return ArrayString(bss.Ids)
+}
+
+func ArrayString(a *[]string) string {
+	if a == nil {
+		return "[]"
+	}
+	sorted := *a
+	sort.Strings(sorted)
+	return fmt.Sprintf("[%s]", strings.Join(sorted, ","))
+}
+
+func (c *DNSConfig) Sanitize(l *zap.SugaredLogger) {
+	// disable UsePrivatePtrResolvers if not configured
+	// https://github.com/AdguardTeam/AdGuardHome/issues/6820
+	if c.UsePrivatePtrResolvers != nil && *c.UsePrivatePtrResolvers &&
+		(c.LocalPtrUpstreams == nil || len(*c.LocalPtrUpstreams) == 0) {
+		l.Warn("disabling replica 'Use private reverse DNS resolvers' as no 'Private reverse DNS servers' are configured on origin")
+		c.UsePrivatePtrResolvers = utils.Ptr(false)
+	}
+}
+
+// Equals GetStatsConfigResponse equal check
+func (sc *GetStatsConfigResponse) Equals(o *GetStatsConfigResponse) bool {
+	return utils.JsonEquals(sc, o)
+}
--- a/pkg/client/model/model_generated.go
+++ b/pkg/client/model/model_generated.go
--- a/pkg/client/model/model_private_test.go
+++ b/pkg/client/model/model_private_test.go
@@ -0,0 +1,103 @@
+package model
+
+import (
+	"github.com/bakito/adguardhome-sync/pkg/log"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
+	. "github.com/onsi/ginkgo/v2"
+	"github.com/onsi/gomega"
+	"go.uber.org/zap"
+)
+
+var _ = Describe("Types", func() {
+	Context("DhcpConfigV4", func() {
+		DescribeTable("DhcpConfigV4 should not be valid",
+			func(v4 DhcpConfigV4) {
+				gomega.Ω(v4.isValid()).Should(gomega.BeFalse())
+			},
+			Entry(`When GatewayIp is nil`, DhcpConfigV4{
+				GatewayIp:  nil,
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When GatewayIp is ""`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr(""),
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When SubnetMask is nil`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: nil,
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When SubnetMask is ""`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: utils.Ptr(""),
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When SubnetMask is nil`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: nil,
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When SubnetMask is ""`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: utils.Ptr(""),
+				RangeEnd:   utils.Ptr("4.4.4.4"),
+			}),
+			Entry(`When RangeEnd is nil`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   nil,
+			}),
+			Entry(`When RangeEnd is ""`, DhcpConfigV4{
+				GatewayIp:  utils.Ptr("1.1.1.1"),
+				SubnetMask: utils.Ptr("2.2.2.2"),
+				RangeStart: utils.Ptr("3.3.3.3"),
+				RangeEnd:   utils.Ptr(""),
+			}),
+		)
+	})
+	Context("DhcpConfigV6", func() {
+		DescribeTable("DhcpConfigV6 should not be valid",
+			func(v6 DhcpConfigV6) {
+				gomega.Ω(v6.isValid()).Should(gomega.BeFalse())
+			},
+			Entry(`When SubnetMask is nil`, DhcpConfigV6{RangeStart: nil}),
+			Entry(`When SubnetMask is ""`, DhcpConfigV6{RangeStart: utils.Ptr("")}),
+		)
+	})
+	Context("DNSConfig", func() {
+		var (
+			cfg *DNSConfig
+			l   *zap.SugaredLogger
+		)
+
+		BeforeEach(func() {
+			cfg = &DNSConfig{
+				UsePrivatePtrResolvers: utils.Ptr(true),
+			}
+			l = log.GetLogger("test")
+		})
+		Context("Sanitize", func() {
+			It("should disable UsePrivatePtrResolvers resolvers is nil ", func() {
+				cfg.LocalPtrUpstreams = nil
+				cfg.Sanitize(l)
+				gomega.Ω(cfg.UsePrivatePtrResolvers).ShouldNot(gomega.BeNil())
+				gomega.Ω(*cfg.UsePrivatePtrResolvers).Should(gomega.Equal(false))
+			})
+			It("should disable UsePrivatePtrResolvers resolvers is empty ", func() {
+				cfg.LocalPtrUpstreams = utils.Ptr([]string{})
+				cfg.Sanitize(l)
+				gomega.Ω(cfg.UsePrivatePtrResolvers).ShouldNot(gomega.BeNil())
+				gomega.Ω(*cfg.UsePrivatePtrResolvers).Should(gomega.Equal(false))
+			})
+		})
+	})
+})
--- a/pkg/client/model/model_suite_test.go
+++ b/pkg/client/model/model_suite_test.go
@@ -0,0 +1,13 @@
+package model_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestTypes(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Model Suite")
+}
--- a/pkg/client/model/model_test.go
+++ b/pkg/client/model/model_test.go
@@ -0,0 +1,460 @@
+package model_test
+
+import (
+	"encoding/json"
+	"os"
+
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
+	"github.com/google/uuid"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Types", func() {
+	var (
+		url     string
+		apiPath string
+	)
+	BeforeEach(func() {
+		url = "https://" + uuid.NewString()
+		apiPath = "/" + uuid.NewString()
+	})
+
+	Context("FilteringStatus", func() {
+		It("should correctly parse json", func() {
+			b, err := os.ReadFile("../../../testdata/filtering-status.json")
+			fs := &model.FilterStatus{}
+			Ω(err).ShouldNot(HaveOccurred())
+			err = json.Unmarshal(b, fs)
+			Ω(err).ShouldNot(HaveOccurred())
+		})
+	})
+
+	Context("Filters", func() {
+		Context("Merge", func() {
+			var (
+				originFilters  []model.Filter
+				replicaFilters []model.Filter
+			)
+			BeforeEach(func() {
+				originFilters = []model.Filter{}
+				replicaFilters = []model.Filter{}
+			})
+
+			It("should add a missing filter", func() {
+				originFilters = append(originFilters, model.Filter{Url: url})
+				a, u, d := model.MergeFilters(&replicaFilters, &originFilters)
+				Ω(a).Should(HaveLen(1))
+				Ω(u).Should(BeEmpty())
+				Ω(d).Should(BeEmpty())
+
+				Ω(a[0].Url).Should(Equal(url))
+			})
+
+			It("should remove additional filter", func() {
+				replicaFilters = append(replicaFilters, model.Filter{Url: url})
+				a, u, d := model.MergeFilters(&replicaFilters, &originFilters)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(BeEmpty())
+				Ω(d).Should(HaveLen(1))
+
+				Ω(d[0].Url).Should(Equal(url))
+			})
+
+			It("should update existing filter when enabled differs", func() {
+				enabled := true
+				originFilters = append(originFilters, model.Filter{Url: url, Enabled: enabled})
+				replicaFilters = append(replicaFilters, model.Filter{Url: url, Enabled: !enabled})
+				a, u, d := model.MergeFilters(&replicaFilters, &originFilters)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(HaveLen(1))
+				Ω(d).Should(BeEmpty())
+
+				Ω(u[0].Enabled).Should(Equal(enabled))
+			})
+
+			It("should update existing filter when name differs", func() {
+				name1 := uuid.NewString()
+				name2 := uuid.NewString()
+				originFilters = append(originFilters, model.Filter{Url: url, Name: name1})
+				replicaFilters = append(replicaFilters, model.Filter{Url: url, Name: name2})
+				a, u, d := model.MergeFilters(&replicaFilters, &originFilters)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(HaveLen(1))
+				Ω(d).Should(BeEmpty())
+
+				Ω(u[0].Name).Should(Equal(name1))
+			})
+
+			It("should have no changes", func() {
+				originFilters = append(originFilters, model.Filter{Url: url})
+				replicaFilters = append(replicaFilters, model.Filter{Url: url})
+				a, u, d := model.MergeFilters(&replicaFilters, &originFilters)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(BeEmpty())
+				Ω(d).Should(BeEmpty())
+			})
+		})
+	})
+	Context("AdGuardInstance", func() {
+		It("should build a key with url and api apiPath", func() {
+			i := &types.AdGuardInstance{URL: url, APIPath: apiPath}
+			Ω(i.Key()).Should(Equal(url + "#" + apiPath))
+		})
+	})
+	Context("RewriteEntry", func() {
+		It("should build a key with url and api apiPath", func() {
+			domain := uuid.NewString()
+			answer := uuid.NewString()
+			re := &model.RewriteEntry{Domain: utils.Ptr(domain), Answer: utils.Ptr(answer)}
+			Ω(re.Key()).Should(Equal(domain + "#" + answer))
+		})
+	})
+	Context("QueryLogConfig", func() {
+		Context("Equal", func() {
+			var (
+				a *model.QueryLogConfigWithIgnored
+				b *model.QueryLogConfigWithIgnored
+			)
+			BeforeEach(func() {
+				a = &model.QueryLogConfigWithIgnored{}
+				b = &model.QueryLogConfigWithIgnored{}
+			})
+			It("should be equal", func() {
+				a.Enabled = utils.Ptr(true)
+				var interval model.QueryLogConfigInterval = 1
+				a.Interval = &interval
+				a.AnonymizeClientIp = utils.Ptr(true)
+				b.Enabled = utils.Ptr(true)
+				b.Interval = &interval
+				b.AnonymizeClientIp = utils.Ptr(true)
+				Ω(a.Equals(b)).Should(BeTrue())
+			})
+			It("should not be equal when enabled differs", func() {
+				a.Enabled = utils.Ptr(true)
+				b.Enabled = utils.Ptr(false)
+				Ω(a.Equals(b)).ShouldNot(BeTrue())
+			})
+			It("should not be equal when interval differs", func() {
+				var interval1 model.QueryLogConfigInterval = 1
+				var interval2 model.QueryLogConfigInterval = 2
+				a.Interval = &interval1
+				b.Interval = &interval2
+				Ω(a.Equals(b)).ShouldNot(BeTrue())
+			})
+			It("should not be equal when anonymizeClientIP differs", func() {
+				a.AnonymizeClientIp = utils.Ptr(true)
+				b.AnonymizeClientIp = utils.Ptr(false)
+				Ω(a.Equals(b)).ShouldNot(BeTrue())
+			})
+		})
+	})
+	Context("RewriteEntries", func() {
+		Context("Merge", func() {
+			var (
+				originRE  model.RewriteEntries
+				replicaRE model.RewriteEntries
+				domain    string
+			)
+			BeforeEach(func() {
+				originRE = model.RewriteEntries{}
+				replicaRE = model.RewriteEntries{}
+				domain = uuid.NewString()
+			})
+
+			It("should add a missing rewrite entry", func() {
+				originRE = append(originRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				a, r, d := replicaRE.Merge(&originRE)
+				Ω(a).Should(HaveLen(1))
+				Ω(r).Should(BeEmpty())
+				Ω(d).Should(BeEmpty())
+
+				Ω(*a[0].Domain).Should(Equal(domain))
+			})
+
+			It("should remove additional rewrite entry", func() {
+				replicaRE = append(replicaRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				a, r, d := replicaRE.Merge(&originRE)
+				Ω(a).Should(BeEmpty())
+				Ω(r).Should(HaveLen(1))
+				Ω(d).Should(BeEmpty())
+
+				Ω(*r[0].Domain).Should(Equal(domain))
+			})
+
+			It("should have no changes", func() {
+				originRE = append(originRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				replicaRE = append(replicaRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				a, r, d := replicaRE.Merge(&originRE)
+				Ω(a).Should(BeEmpty())
+				Ω(r).Should(BeEmpty())
+				Ω(d).Should(BeEmpty())
+			})
+
+			It("should remove target duplicate", func() {
+				originRE = append(originRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				replicaRE = append(replicaRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				replicaRE = append(replicaRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				a, r, d := replicaRE.Merge(&originRE)
+				Ω(a).Should(BeEmpty())
+				Ω(r).Should(HaveLen(1))
+				Ω(d).Should(BeEmpty())
+			})
+
+			It("should remove target duplicate", func() {
+				originRE = append(originRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				originRE = append(originRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				replicaRE = append(replicaRE, model.RewriteEntry{Domain: utils.Ptr(domain)})
+				a, r, d := replicaRE.Merge(&originRE)
+				Ω(a).Should(BeEmpty())
+				Ω(r).Should(BeEmpty())
+				Ω(d).Should(HaveLen(1))
+			})
+		})
+	})
+	Context("Config", func() {
+		var cfg *types.Config
+		BeforeEach(func() {
+			cfg = &types.Config{}
+		})
+		Context("UniqueReplicas", func() {
+			It("should be empty if noting defined", func() {
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(BeEmpty())
+			})
+			It("should be empty if replica url is not set", func() {
+				cfg.Replica = &types.AdGuardInstance{URL: ""}
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(BeEmpty())
+			})
+			It("should be empty if replicas url is not set", func() {
+				cfg.Replicas = []types.AdGuardInstance{{URL: ""}}
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(BeEmpty())
+			})
+			It("should return only one replica if same url and apiPath", func() {
+				cfg.Replica = &types.AdGuardInstance{URL: url, APIPath: apiPath}
+				cfg.Replicas = []types.AdGuardInstance{{URL: url, APIPath: apiPath}, {URL: url, APIPath: apiPath}}
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(HaveLen(1))
+			})
+			It("should return 3 one replicas if urls are different", func() {
+				cfg.Replica = &types.AdGuardInstance{URL: url, APIPath: apiPath}
+				cfg.Replicas = []types.AdGuardInstance{{URL: url + "1", APIPath: apiPath}, {URL: url, APIPath: apiPath + "1"}}
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(HaveLen(3))
+			})
+			It("should set default api apiPath if not set", func() {
+				cfg.Replica = &types.AdGuardInstance{URL: url}
+				cfg.Replicas = []types.AdGuardInstance{{URL: url + "1"}}
+				r := cfg.UniqueReplicas()
+				Ω(r).Should(HaveLen(2))
+				Ω(r[0].APIPath).Should(Equal(types.DefaultAPIPath))
+				Ω(r[1].APIPath).Should(Equal(types.DefaultAPIPath))
+			})
+		})
+	})
+
+	Context("Clients", func() {
+		Context("Merge", func() {
+			var (
+				originClients  *model.Clients
+				replicaClients model.Clients
+				name           string
+			)
+			BeforeEach(func() {
+				originClients = &model.Clients{}
+				replicaClients = model.Clients{}
+				name = uuid.NewString()
+			})
+
+			It("should add a missing client", func() {
+				originClients.Add(model.Client{Name: utils.Ptr(name)})
+				a, u, d := replicaClients.Merge(originClients)
+				Ω(a).Should(HaveLen(1))
+				Ω(u).Should(BeEmpty())
+				Ω(d).Should(BeEmpty())
+
+				Ω(*a[0].Name).Should(Equal(name))
+			})
+
+			It("should remove additional client", func() {
+				replicaClients.Add(model.Client{Name: utils.Ptr(name)})
+				a, u, d := replicaClients.Merge(originClients)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(BeEmpty())
+				Ω(d).Should(HaveLen(1))
+
+				Ω(*d[0].Name).Should(Equal(name))
+			})
+
+			It("should update existing client when name differs", func() {
+				disallowed := true
+				originClients.Add(model.Client{Name: utils.Ptr(name), FilteringEnabled: utils.Ptr(disallowed)})
+				replicaClients.Add(model.Client{Name: utils.Ptr(name), FilteringEnabled: utils.Ptr(!disallowed)})
+				a, u, d := replicaClients.Merge(originClients)
+				Ω(a).Should(BeEmpty())
+				Ω(u).Should(HaveLen(1))
+				Ω(d).Should(BeEmpty())
+
+				Ω(*u[0].FilteringEnabled).Should(Equal(disallowed))
+			})
+		})
+	})
+
+	Context("Client", func() {
+		Context("Equals", func() {
+			var (
+				cl1 *model.Client
+				cl2 *model.Client
+			)
+			BeforeEach(func() {
+				cl1 = &model.Client{Name: utils.Ptr("foo"), BlockedServicesSchedule: &model.Schedule{TimeZone: utils.Ptr("UTC")}}
+				cl2 = &model.Client{Name: utils.Ptr("foo"), BlockedServicesSchedule: &model.Schedule{TimeZone: utils.Ptr("Local")}}
+			})
+
+			It("should equal if only timezone differs on empty blocked service schedule", func() {
+				Ω(cl1.Equals(cl2)).Should(BeTrue())
+			})
+		})
+	})
+	Context("BlockedServices", func() {
+		Context("Equals", func() {
+			It("should be equal", func() {
+				s1 := &model.BlockedServicesArray{"a", "b"}
+				s2 := &model.BlockedServicesArray{"b", "a"}
+				Ω(model.EqualsStringSlice(s1, s2, true)).Should(BeTrue())
+			})
+			It("should not be equal different values", func() {
+				s1 := &model.BlockedServicesArray{"a", "b"}
+				s2 := &model.BlockedServicesArray{"B", "a"}
+				Ω(model.EqualsStringSlice(s1, s2, true)).ShouldNot(BeTrue())
+			})
+			It("should not be equal different length", func() {
+				s1 := &model.BlockedServicesArray{"a", "b"}
+				s2 := &model.BlockedServicesArray{"b", "a", "c"}
+				Ω(model.EqualsStringSlice(s1, s2, true)).ShouldNot(BeTrue())
+			})
+		})
+	})
+	Context("DNSConfig", func() {
+		Context("Equals", func() {
+			It("should be equal", func() {
+				dc1 := &model.DNSConfig{LocalPtrUpstreams: utils.Ptr([]string{"a"})}
+				dc2 := &model.DNSConfig{LocalPtrUpstreams: utils.Ptr([]string{"a"})}
+				Ω(dc1.Equals(dc2)).Should(BeTrue())
+			})
+			It("should not be equal", func() {
+				dc1 := &model.DNSConfig{LocalPtrUpstreams: utils.Ptr([]string{"a"})}
+				dc2 := &model.DNSConfig{LocalPtrUpstreams: utils.Ptr([]string{"b"})}
+				Ω(dc1.Equals(dc2)).ShouldNot(BeTrue())
+			})
+		})
+	})
+	Context("DHCPServerConfig", func() {
+		Context("Equals", func() {
+			It("should be equal", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.4"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+				}
+				dc2 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.4"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+				}
+				Ω(dc1.Equals(dc2)).Should(BeTrue())
+			})
+			It("should not be equal", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.3"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+				}
+				dc2 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.4"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+				}
+				Ω(dc1.Equals(dc2)).ShouldNot(BeTrue())
+			})
+		})
+		Context("Clone", func() {
+			It("clone should be equal", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.4"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+				}
+				Ω(dc1.Clone().Equals(dc1)).Should(BeTrue())
+			})
+		})
+		Context("HasConfig", func() {
+			It("should not have a config", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{},
+					V6: &model.DhcpConfigV6{},
+				}
+				Ω(dc1.HasConfig()).Should(BeFalse())
+			})
+			It("should not have a v4 config with nil IP", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp: nil,
+					},
+					V6: &model.DhcpConfigV6{
+						RangeStart: utils.Ptr("1.2.3.5"),
+					},
+				}
+				Ω(dc1.HasConfig()).Should(BeTrue())
+			})
+			It("should not have a v4 config with empty IP", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp: utils.Ptr(""),
+					},
+					V6: &model.DhcpConfigV6{
+						RangeStart: utils.Ptr("1.2.3.5"),
+					},
+				}
+				Ω(dc1.HasConfig()).Should(BeTrue())
+			})
+			It("should not have a v6 config", func() {
+				dc1 := &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:     utils.Ptr("1.2.3.4"),
+						LeaseDuration: utils.Ptr(123),
+						RangeStart:    utils.Ptr("1.2.3.5"),
+						RangeEnd:      utils.Ptr("1.2.3.6"),
+						SubnetMask:    utils.Ptr("255.255.255.0"),
+					},
+					V6: &model.DhcpConfigV6{},
+				}
+				Ω(dc1.HasConfig()).Should(BeTrue())
+			})
+		})
+	})
+})
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -0,0 +1,95 @@
+package config
+
+import (
+	"errors"
+	"regexp"
+
+	"github.com/bakito/adguardhome-sync/pkg/log"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/caarlos0/env/v10"
+)
+
+var (
+	envReplicasURLPattern = regexp.MustCompile(`^REPLICA(\d+)_URL=(.*)`)
+	logger                = log.GetLogger("config")
+)
+
+func Get(configFile string, flags Flags) (*types.Config, error) {
+	path, err := configFilePath(configFile)
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := initialConfig()
+
+	// read yaml config
+	if err := readFile(cfg, path); err != nil {
+		return nil, err
+	}
+
+	// overwrite from command flags
+	if err := readFlags(cfg, flags); err != nil {
+		return nil, err
+	}
+
+	// *bool field creates issues when already not nil
+	cfg.Origin.DHCPServerEnabled = nil // origin filed makes no sense to be set.
+
+	// keep previously set value
+	replicaDhcpServer := cfg.Replica.DHCPServerEnabled
+	cfg.Replica.DHCPServerEnabled = nil
+
+	// overwrite from env vars
+	if err := env.Parse(cfg); err != nil {
+		return nil, err
+	}
+	if err := env.ParseWithOptions(cfg.Replica, env.Options{Prefix: "REPLICA_"}); err != nil {
+		return nil, err
+	}
+	// if not set from env, use previous value
+	if cfg.Replica.DHCPServerEnabled == nil {
+		cfg.Replica.DHCPServerEnabled = replicaDhcpServer
+	}
+
+	if err := env.ParseWithOptions(&cfg.Origin, env.Options{Prefix: "ORIGIN_"}); err != nil {
+		return nil, err
+	}
+
+	if cfg.Replica != nil &&
+		cfg.Replica.URL == "" &&
+		cfg.Replica.Username == "" {
+		cfg.Replica = nil
+	}
+
+	if len(cfg.Replicas) > 0 && cfg.Replica != nil {
+		return nil, errors.New("mixed replica config in use. " +
+			"Do not use single replica and numbered (list) replica config combined")
+	}
+
+	handleDeprecatedEnvVars(cfg)
+
+	if cfg.Replica != nil {
+		cfg.Replicas = []types.AdGuardInstance{*cfg.Replica}
+		cfg.Replica = nil
+	}
+
+	cfg.Replicas, err = enrichReplicasFromEnv(cfg.Replicas)
+
+	return cfg, err
+}
+
+func initialConfig() *types.Config {
+	return &types.Config{
+		RunOnStart: true,
+		Origin: types.AdGuardInstance{
+			APIPath: "/control",
+		},
+		Replica: &types.AdGuardInstance{
+			APIPath: "/control",
+		},
+		API: types.API{
+			Port: 8080,
+		},
+		Features: types.NewFeatures(true),
+	}
+}
--- a/pkg/config/config_suite_test.go
+++ b/pkg/config/config_suite_test.go
@@ -1,4 +1,4 @@
-package cmd_test
+package config_test

 import (
 	"testing"
@@ -9,5 +9,5 @@ import (

 func TestCmd(t *testing.T) {
 	RegisterFailHandler(Fail)
-	RunSpecs(t, "Cmd Suite")
+	RunSpecs(t, "Config Suite")
 }
--- a/pkg/config/config_test.go
+++ b/pkg/config/config_test.go
@@ -0,0 +1,238 @@
+package config_test
+
+import (
+	"os"
+
+	"github.com/bakito/adguardhome-sync/pkg/config"
+	flagsmock "github.com/bakito/adguardhome-sync/pkg/mocks/flags"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	gm "go.uber.org/mock/gomock"
+)
+
+var _ = Describe("Config", func() {
+	Context("Get", func() {
+		var (
+			flags          *flagsmock.MockFlags
+			mockCtrl       *gm.Controller
+			changedEnvVars []string
+			setEnv         = func(name string, value string) {
+				_ = os.Setenv(name, value)
+				changedEnvVars = append(changedEnvVars, name)
+			}
+		)
+		BeforeEach(func() {
+			mockCtrl = gm.NewController(GinkgoT())
+			flags = flagsmock.NewMockFlags(mockCtrl)
+			changedEnvVars = nil
+		})
+		AfterEach(func() {
+			for _, envVar := range changedEnvVars {
+				_ = os.Unsetenv(envVar)
+				println(envVar)
+			}
+			defer mockCtrl.Finish()
+		})
+		Context("Get", func() {
+			Context("Mixed Config", func() {
+				It("should have the origin URL from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					_, err := config.Get("../../testdata/config_test_replicas_and_replica.yaml", flags)
+					Ω(err).Should(HaveOccurred())
+					Ω(err.Error()).Should(ContainSubstring("mixed replica config in use"))
+				})
+			})
+			Context("Origin Url", func() {
+				It("should have the origin URL from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Origin.URL).Should(Equal("https://origin-file:443"))
+				})
+				It("should have the origin URL from the config flags", func() {
+					flags.EXPECT().Changed(config.FlagOriginURL).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetString(config.FlagOriginURL).Return("https://origin-flag:443", nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Origin.URL).Should(Equal("https://origin-flag:443"))
+				})
+				It("should have the origin URL from the config env var", func() {
+					setEnv("ORIGIN_URL", "https://origin-env:443")
+					flags.EXPECT().Changed(config.FlagOriginURL).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetString(config.FlagOriginURL).Return("https://origin-flag:443", nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Origin.URL).Should(Equal("https://origin-env:443"))
+				})
+			})
+			Context("Replica insecure skip verify", func() {
+				It("should have the insecure skip verify from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replica.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InsecureSkipVerify).Should(BeFalse())
+				})
+				It("should have the insecure skip verify from the config flags", func() {
+					flags.EXPECT().Changed(config.FlagReplicaISV).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetBool(config.FlagReplicaISV).Return(true, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replica.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InsecureSkipVerify).Should(BeTrue())
+				})
+				It("should have the insecure skip verify from the config env var", func() {
+					setEnv("REPLICA_INSECURE_SKIP_VERIFY", "false")
+					flags.EXPECT().Changed(config.FlagReplicaISV).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetBool(config.FlagReplicaISV).Return(true, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replica.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InsecureSkipVerify).Should(BeFalse())
+				})
+			})
+
+			Context("Replica 1 insecure skip verify", func() {
+				It("should have the insecure skip verify from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InsecureSkipVerify).Should(BeFalse())
+				})
+				It("should have the insecure skip verify from the config env var", func() {
+					setEnv("REPLICA1_INSECURE_SKIP_VERIFY", "true")
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InsecureSkipVerify).Should(BeTrue())
+				})
+			})
+			Context("API Port", func() {
+				It("should have the api port from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9090))
+				})
+				It("should have the api port from the config flags", func() {
+					flags.EXPECT().Changed(config.FlagApiPort).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetInt(config.FlagApiPort).Return(9990, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9990))
+				})
+				It("should have the api port from the config env var", func() {
+					setEnv("API_PORT", "9999")
+					flags.EXPECT().Changed(config.FlagApiPort).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetInt(config.FlagApiPort).Return(9990, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9999))
+				})
+			})
+
+			Context("Replica DHCPServerEnabled", func() {
+				It("should have the dhcp server enabled from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replica.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].DHCPServerEnabled).ShouldNot(BeNil())
+					Ω(*cfg.Replicas[0].DHCPServerEnabled).Should(BeFalse())
+				})
+			})
+
+			Context("Replica 1 DHCPServerEnabled", func() {
+				It("should have the dhcp server enabled from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].DHCPServerEnabled).ShouldNot(BeNil())
+					Ω(*cfg.Replicas[0].DHCPServerEnabled).Should(BeFalse())
+				})
+			})
+			Context("API Port", func() {
+				It("should have the api port from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9090))
+				})
+				It("should have the api port from the config flags", func() {
+					flags.EXPECT().Changed(config.FlagApiPort).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetInt(config.FlagApiPort).Return(9990, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9990))
+				})
+				It("should have the api port from the config env var", func() {
+					setEnv("API_PORT", "9999")
+					flags.EXPECT().Changed(config.FlagApiPort).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetInt(config.FlagApiPort).Return(9990, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.API.Port).Should(Equal(9999))
+				})
+			})
+
+			//////
+
+			Context("Feature DNS Server Config", func() {
+				It("should have the feature dns server config from the config file", func() {
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Features.DNS.ServerConfig).Should(BeFalse())
+				})
+				It("should have the feature dns server config from the config flags", func() {
+					flags.EXPECT().Changed(config.FlagFeatureDnsServerConfig).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetBool(config.FlagFeatureDnsServerConfig).Return(true, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Features.DNS.ServerConfig).Should(BeTrue())
+				})
+				It("should have the feature dns server config from the config env var", func() {
+					setEnv("FEATURES_DNS_SERVER_CONFIG", "false")
+					flags.EXPECT().Changed(config.FlagFeatureDnsServerConfig).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetBool(config.FlagFeatureDnsServerConfig).Return(true, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Features.DNS.ServerConfig).Should(BeFalse())
+				})
+				It("should have the feature dns server config from the config DEPRECATED env var", func() {
+					setEnv("FEATURES_DNS_SERVERCONFIG", "false")
+					flags.EXPECT().Changed(config.FlagFeatureDnsServerConfig).Return(true).AnyTimes()
+					flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+					flags.EXPECT().GetBool(config.FlagFeatureDnsServerConfig).Return(true, nil).AnyTimes()
+
+					cfg, err := config.Get("../../testdata/config_test_replicas.yaml", flags)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Features.DNS.ServerConfig).Should(BeFalse())
+				})
+			})
+		})
+	})
+})
--- a/pkg/config/deprecated_env_test.go
+++ b/pkg/config/deprecated_env_test.go
@@ -0,0 +1,138 @@
+package config_test
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/bakito/adguardhome-sync/pkg/config"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var envVars = []string{
+	"FEATURES_GENERAL_SETTINGS",
+	"FEATURES_QUERY_LOG_CONFIG",
+	"FEATURES_STATS_CONFIG",
+	"FEATURES_CLIENT_SETTINGS",
+	"FEATURES_SERVICES",
+	"FEATURES_FILTERS",
+	"FEATURES_DHCP_SERVER_CONFIG",
+	"FEATURES_DHCP_STATIC_LEASES",
+	"FEATURES_DNS_SERVER_CONFIG",
+	"FEATURES_DNS_ACCESS_LISTS",
+	"FEATURES_DNS_REWRITES",
+	"REPLICA1_INTERFACE_NAME",
+	"REPLICA1_DHCP_SERVER_ENABLED",
+}
+
+var deprecatedEnvVars = []string{
+	"FEATURES_GENERALSETTINGS",
+	"FEATURES_QUERYLOGCONFIG",
+	"FEATURES_STATSCONFIG",
+	"FEATURES_CLIENTSETTINGS",
+	"FEATURES_SERVICES",
+	"FEATURES_FILTERS",
+	"FEATURES_DHCP_SERVERCONFIG",
+	"FEATURES_DHCP_STATICLEASES",
+	"FEATURES_DNS_SERVERCONFIG",
+	"FEATURES_DNS_ACCESSLISTS",
+	"FEATURES_DNS_REWRITES",
+	"REPLICA1_INTERFACENAME",
+	"REPLICA1_DHCPSERVERENABLED",
+}
+
+var _ = Describe("Config", func() {
+	Context("deprecated", func() {
+		BeforeEach(func() {
+			for _, envVar := range deprecatedEnvVars {
+				Ω(os.Setenv(envVar, "false")).ShouldNot(HaveOccurred())
+			}
+		})
+		AfterEach(func() {
+			for _, envVar := range deprecatedEnvVars {
+				Ω(os.Unsetenv(envVar)).ShouldNot(HaveOccurred())
+			}
+		})
+		Context("Get", func() {
+			It("features should be false", func() {
+				cfg, err := config.Get("", nil)
+				Ω(err).ShouldNot(HaveOccurred())
+				verifyFeatures(cfg, false)
+			})
+		})
+	})
+	Context("current", func() {
+		BeforeEach(func() {
+			for _, envVar := range envVars {
+				Ω(os.Unsetenv(envVar)).ShouldNot(HaveOccurred())
+			}
+		})
+		AfterEach(func() {
+			for _, envVar := range envVars {
+				Ω(os.Unsetenv(envVar)).ShouldNot(HaveOccurred())
+			}
+		})
+		Context("Get", func() {
+			It("features should be true by default", func() {
+				cfg, err := config.Get("", nil)
+				Ω(err).ShouldNot(HaveOccurred())
+				verifyFeatures(cfg, true)
+			})
+			It("features should be true by default", func() {
+				cfg, err := config.Get("", nil)
+				Ω(err).ShouldNot(HaveOccurred())
+				verifyFeatures(cfg, true)
+			})
+			It("features should be false", func() {
+				for _, envVar := range envVars {
+					Ω(os.Setenv(envVar, "false")).ShouldNot(HaveOccurred())
+				}
+				cfg, err := config.Get("", nil)
+				Ω(err).ShouldNot(HaveOccurred())
+				verifyFeatures(cfg, false)
+			})
+			Context("interface name", func() {
+				It("should set interface name of replica 1", func() {
+					Ω(os.Setenv("REPLICA1_URL", "https://foo.bar")).ShouldNot(HaveOccurred())
+					Ω(os.Setenv(fmt.Sprintf("REPLICA%s_INTERFACE_NAME", "1"), "eth0")).ShouldNot(HaveOccurred())
+					cfg, err := config.Get("", nil)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].InterfaceName).Should(Equal("eth0"))
+				})
+			})
+			Context("dhcp server", func() {
+				It("should enable the dhcp server of replica 1", func() {
+					Ω(os.Setenv("REPLICA1_URL", "https://foo.bar")).ShouldNot(HaveOccurred())
+					Ω(os.Setenv(fmt.Sprintf("REPLICA%s_DHCPSERVERENABLED", "1"), "true")).ShouldNot(HaveOccurred())
+					cfg, err := config.Get("", nil)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].DHCPServerEnabled).ShouldNot(BeNil())
+					Ω(*cfg.Replicas[0].DHCPServerEnabled).Should(BeTrue())
+				})
+				It("should disable the dhcp server of replica 1", func() {
+					Ω(os.Setenv("REPLICA1_URL", "https://foo.bar")).ShouldNot(HaveOccurred())
+					Ω(os.Setenv(fmt.Sprintf("REPLICA%s_DHCPSERVERENABLED", "1"), "false")).ShouldNot(HaveOccurred())
+					cfg, err := config.Get("", nil)
+					Ω(err).ShouldNot(HaveOccurred())
+					Ω(cfg.Replicas[0].DHCPServerEnabled).ShouldNot(BeNil())
+					Ω(*cfg.Replicas[0].DHCPServerEnabled).Should(BeFalse())
+				})
+			})
+		})
+	})
+})
+
+func verifyFeatures(cfg *types.Config, value bool) {
+	Ω(cfg.Features.GeneralSettings).Should(Equal(value))
+	Ω(cfg.Features.QueryLogConfig).Should(Equal(value))
+	Ω(cfg.Features.StatsConfig).Should(Equal(value))
+	Ω(cfg.Features.ClientSettings).Should(Equal(value))
+	Ω(cfg.Features.Services).Should(Equal(value))
+	Ω(cfg.Features.Filters).Should(Equal(value))
+	Ω(cfg.Features.DHCP.ServerConfig).Should(Equal(value))
+	Ω(cfg.Features.DHCP.StaticLeases).Should(Equal(value))
+	Ω(cfg.Features.DNS.ServerConfig).Should(Equal(value))
+	Ω(cfg.Features.DNS.AccessLists).Should(Equal(value))
+	Ω(cfg.Features.DNS.Rewrites).Should(Equal(value))
+}
--- a/pkg/config/env.go
+++ b/pkg/config/env.go
@@ -0,0 +1,145 @@
+package config
+
+import (
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
+	"github.com/caarlos0/env/v10"
+)
+
+func handleDeprecatedEnvVars(cfg *types.Config) {
+	if val, ok := checkDeprecatedEnvVar("RUNONSTART", "RUN_ON_START"); ok {
+		cfg.RunOnStart, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("API_DARKMODE", "API_DARK_MODE"); ok {
+		cfg.API.DarkMode, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_GENERALSETTINGS", "FEATURES_GENERAL_SETTINGS"); ok {
+		cfg.Features.GeneralSettings, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_QUERYLOGCONFIG", "FEATURES_QUERY_LOG_CONFIG"); ok {
+		cfg.Features.QueryLogConfig, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_STATSCONFIG", "FEATURES_STATS_CONFIG"); ok {
+		cfg.Features.StatsConfig, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_CLIENTSETTINGS", "FEATURES_CLIENT_SETTINGS"); ok {
+		cfg.Features.ClientSettings, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_DHCP_SERVERCONFIG", "FEATURES_DHCP_SERVER_CONFIG"); ok {
+		cfg.Features.DHCP.ServerConfig, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_DHCP_STATICLEASES", "FEATURES_DHCP_STATIC_LEASES"); ok {
+		cfg.Features.DHCP.StaticLeases, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_DNS_ACCESSLISTS", "FEATURES_DNS_ACCESS_LISTS"); ok {
+		cfg.Features.DNS.AccessLists, _ = strconv.ParseBool(val)
+	}
+	if val, ok := checkDeprecatedEnvVar("FEATURES_DNS_SERVERCONFIG", "FEATURES_DNS_SERVER_CONFIG"); ok {
+		cfg.Features.DNS.ServerConfig, _ = strconv.ParseBool(val)
+	}
+
+	if cfg.Replica != nil {
+		if val, ok := checkDeprecatedEnvVar("REPLICA_WEBURL", "REPLICA_WEB_URL"); ok {
+			cfg.Replica.WebURL = val
+		}
+		if val, ok := checkDeprecatedEnvVar("REPLICA_AUTOSETUP", "REPLICA_AUTO_SETUP"); ok {
+			cfg.Replica.AutoSetup, _ = strconv.ParseBool(val)
+		}
+		if val, ok := checkDeprecatedEnvVar("REPLICA_INTERFACENAME", "REPLICA_INTERFACE_NAME"); ok {
+			cfg.Replica.InterfaceName = val
+		}
+		if val, ok := checkDeprecatedEnvVar("REPLICA_DHCPSERVERENABLED", "REPLICA_DHCP_SERVER_ENABLED"); ok {
+			if b, err := strconv.ParseBool(val); err != nil {
+				cfg.Replica.DHCPServerEnabled = utils.Ptr(b)
+			}
+		}
+	}
+}
+
+func checkDeprecatedEnvVar(oldName string, newName string) (string, bool) {
+	old, oldOK := os.LookupEnv(oldName)
+	if oldOK {
+		logger.With("deprecated", oldName, "replacement", newName).
+			Warn("Deprecated env variable is used, please use the correct one")
+	}
+	new, newOK := os.LookupEnv(newName)
+	if newOK {
+		return new, true
+	}
+	return old, oldOK
+}
+
+func checkDeprecatedReplicaEnvVar(oldPattern string, newPattern string, replicaID int) (string, bool) {
+	return checkDeprecatedEnvVar(fmt.Sprintf(oldPattern, replicaID), fmt.Sprintf(newPattern, replicaID))
+}
+
+// Manually collect replicas from env.
+func enrichReplicasFromEnv(initialReplicas []types.AdGuardInstance) ([]types.AdGuardInstance, error) {
+	var replicas []types.AdGuardInstance
+	for _, v := range os.Environ() {
+		if envReplicasURLPattern.MatchString(v) {
+			sm := envReplicasURLPattern.FindStringSubmatch(v)
+			id, _ := strconv.Atoi(sm[1])
+
+			if id <= 0 {
+				return nil, fmt.Errorf("numbered replica env variables must have a number id >= 1, got %q", v)
+			}
+
+			if id > len(initialReplicas) {
+				replicas = append(replicas, types.AdGuardInstance{URL: sm[2]})
+			} else {
+				re := initialReplicas[id-1]
+				re.URL = sm[2]
+				replicas = append(replicas, re)
+			}
+		}
+	}
+
+	if len(replicas) == 0 {
+		replicas = initialReplicas
+	}
+
+	for i := range replicas {
+		reID := i + 1
+
+		// keep previously set value
+		replicaDhcpServer := replicas[i].DHCPServerEnabled
+		replicas[i].DHCPServerEnabled = nil
+		if err := env.ParseWithOptions(&replicas[i], env.Options{Prefix: fmt.Sprintf("REPLICA%d_", reID)}); err != nil {
+			return nil, err
+		}
+		if replicas[i].DHCPServerEnabled == nil {
+			replicas[i].DHCPServerEnabled = replicaDhcpServer
+		}
+		if val, ok := checkDeprecatedReplicaEnvVar("REPLICA%d_APIPATH", "REPLICA%d_API_PATH", reID); ok {
+			replicas[i].APIPath = val
+		}
+		if val, ok := checkDeprecatedReplicaEnvVar("REPLICA%d_INSECURESKIPVERIFY", "REPLICA%d_INSECURE_SKIP_VERIFY", reID); ok {
+			replicas[i].InsecureSkipVerify = strings.EqualFold(val, "true")
+		}
+		if val, ok := checkDeprecatedReplicaEnvVar("REPLICA%d_AUTOSETUP", "REPLICA%d_AUTO_SETUP", reID); ok {
+			replicas[i].AutoSetup = strings.EqualFold(val, "true")
+		}
+		if val, ok := checkDeprecatedReplicaEnvVar("REPLICA%d_INTERFACENAME", "REPLICA%d_INTERFACE_NAME", reID); ok {
+			replicas[i].InterfaceName = val
+		}
+
+		if dhcpEnabled, ok := checkDeprecatedReplicaEnvVar("REPLICA%d_DHCPSERVERENABLED", "REPLICA%d_DHCP_SERVER_ENABLED", reID); ok {
+			if strings.EqualFold(dhcpEnabled, "true") {
+				replicas[i].DHCPServerEnabled = utils.Ptr(true)
+			} else if strings.EqualFold(dhcpEnabled, "false") {
+				replicas[i].DHCPServerEnabled = utils.Ptr(false)
+			}
+		}
+		if replicas[i].APIPath == "" {
+			replicas[i].APIPath = "/control"
+		}
+	}
+
+	return replicas, nil
+}
--- a/pkg/config/env_test.go
+++ b/pkg/config/env_test.go
@@ -0,0 +1,25 @@
+package config
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Config", func() {
+	Context("env", func() {
+		Context("enrichReplicasFromEnv", func() {
+			It("should have the origin URL from the config env var", func() {
+				_ = os.Setenv("REPLICA0_URL", "https://origin-env:443")
+				defer func() {
+					_ = os.Unsetenv("REPLICA0_URL")
+				}()
+				_, err := enrichReplicasFromEnv(nil)
+
+				Ω(err).Should(HaveOccurred())
+				Ω(err.Error()).Should(ContainSubstring("numbered replica env variables must have a number id >= 1"))
+			})
+		})
+	})
+})
--- a/pkg/config/file.go
+++ b/pkg/config/file.go
@@ -0,0 +1,34 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"gopkg.in/yaml.v3"
+)
+
+func readFile(cfg *types.Config, path string) error {
+	if _, err := os.Stat(path); err == nil {
+		b, err := os.ReadFile(path)
+		if err != nil {
+			return err
+		}
+		if err := yaml.Unmarshal(b, cfg); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func configFilePath(configFile string) (string, error) {
+	if configFile == "" {
+		// Find home directory.
+		home, err := os.UserHomeDir()
+		if err != nil {
+			return "", err
+		}
+		return filepath.Join(home, ".adguardhome-sync.yaml"), nil
+	}
+	return configFile, nil
+}
--- a/pkg/config/file_test.go
+++ b/pkg/config/file_test.go
@@ -0,0 +1,32 @@
+package config
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/google/uuid"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+var _ = Describe("Config", func() {
+	var ()
+	BeforeEach(func() {
+	})
+	Context("configFilePath", func() {
+		It("should return the same value", func() {
+			path := uuid.NewString()
+			result, err := configFilePath(path)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(result).Should(Equal(path))
+		})
+		It("should the file in HOME dir", func() {
+			home := os.Getenv("HOME")
+			result, err := configFilePath("")
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(result).Should(Equal(filepath.Join(home, "/.adguardhome-sync.yaml")))
+		})
+	})
+})
--- a/pkg/config/flag-names.go
+++ b/pkg/config/flag-names.go
@@ -0,0 +1,44 @@
+package config
+
+const (
+	FlagCron            = "cron"
+	FlagRunOnStart      = "runOnStart"
+	FlagPrintConfigOnly = "printConfigOnly"
+	FlagContinueOnError = "continueOnError"
+
+	FlagApiPort     = "api-port"
+	FlagApiUsername = "api-username"
+	FlagApiPassword = "api-password"
+	FlagApiDarkMode = "api-dark-mode"
+
+	FlagFeatureDhcpServerConfig = "feature-dhcp-server-config"
+	FlagFeatureDhcpStaticLeases = "feature-dhcp-static-leases"
+	FlagFeatureDnsServerConfig  = "feature-dns-server-config"
+	FlagFeatureDnsAccessLists   = "feature-dns-access-lists"
+	FlagFeatureDnsRewrites      = "feature-dns-rewrites"
+	FlagFeatureGeneral          = "feature-general-settings"
+	FlagFeatureQueryLog         = "feature-query-log-config"
+	FlagFeatureStats            = "feature-stats-config"
+	FlagFeatureClient           = "feature-client-settings"
+	FlagFeatureServices         = "feature-services"
+	FlagFeatureFilters          = "feature-filters"
+
+	FlagOriginURL      = "origin-url"
+	FlagOriginWebURL   = "origin-web-url"
+	FlagOriginApiPath  = "origin-api-path"
+	FlagOriginUsername = "origin-username"
+
+	FlagOriginPassword = "origin-password"
+	FlagOriginCookie   = "origin-cookie"
+	FlagOriginISV      = "origin-insecure-skip-verify"
+
+	FlagReplicaURL           = "replica-url"
+	FlagReplicaWebURL        = "replica-web-url"
+	FlagReplicaApiPath       = "replica-api-path"
+	FlagReplicaUsername      = "replica-username"
+	FlagReplicaPassword      = "replica-password"
+	FlagReplicaCookie        = "replica-cookie"
+	FlagReplicaISV           = "replica-insecure-skip-verify"
+	FlagReplicaAutoSetup     = "replica-auto-setup"
+	FlagReplicaInterfaceName = "replica-interface-name"
+)
--- a/pkg/config/flags.go
+++ b/pkg/config/flags.go
@@ -0,0 +1,283 @@
+package config
+
+import (
+	"github.com/bakito/adguardhome-sync/pkg/types"
+)
+
+func readFlags(cfg *types.Config, flags Flags) error {
+	if flags == nil {
+		return nil
+	}
+
+	fr := &flagReader{
+		cfg:   cfg,
+		flags: flags,
+	}
+
+	if err := fr.readRootFlags(); err != nil {
+		return err
+	}
+
+	if err := fr.readApiFlags(); err != nil {
+		return err
+	}
+
+	if err := fr.readFeatureFlags(); err != nil {
+		return err
+	}
+
+	if err := fr.readOriginFlags(); err != nil {
+		return err
+	}
+
+	if err := fr.readReplicaFlags(); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+type flagReader struct {
+	cfg   *types.Config
+	flags Flags
+}
+
+func (fr *flagReader) readReplicaFlags() error {
+	if err := fr.setStringFlag(FlagReplicaURL, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.URL = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaWebURL, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.WebURL = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaApiPath, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.APIPath = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaUsername, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.Username = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaPassword, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.Password = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaCookie, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.Cookie = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagReplicaISV, func(cgf *types.Config, value bool) {
+		fr.cfg.Replica.InsecureSkipVerify = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagReplicaAutoSetup, func(cgf *types.Config, value bool) {
+		fr.cfg.Replica.AutoSetup = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagReplicaInterfaceName, func(cgf *types.Config, value string) {
+		fr.cfg.Replica.InterfaceName = value
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (fr *flagReader) readOriginFlags() error {
+	if err := fr.setStringFlag(FlagOriginURL, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.URL = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagOriginWebURL, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.WebURL = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagOriginApiPath, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.APIPath = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagOriginUsername, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.Username = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagOriginPassword, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.Password = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setStringFlag(FlagOriginCookie, func(cgf *types.Config, value string) {
+		fr.cfg.Origin.Cookie = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagOriginISV, func(cgf *types.Config, value bool) {
+		fr.cfg.Origin.InsecureSkipVerify = value
+	}); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (fr *flagReader) readFeatureFlags() error {
+	if err := fr.setBoolFlag(FlagFeatureDhcpServerConfig, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.DHCP.ServerConfig = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureDhcpStaticLeases, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.DHCP.StaticLeases = value
+	}); err != nil {
+		return err
+	}
+
+	if err := fr.setBoolFlag(FlagFeatureDnsServerConfig, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.DNS.ServerConfig = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureDnsAccessLists, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.DNS.AccessLists = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureDnsRewrites, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.DNS.Rewrites = value
+	}); err != nil {
+		return err
+	}
+
+	if err := fr.setBoolFlag(FlagFeatureGeneral, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.GeneralSettings = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureQueryLog, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.QueryLogConfig = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureStats, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.StatsConfig = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureClient, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.ClientSettings = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureServices, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.Services = value
+	}); err != nil {
+		return err
+	}
+	if err := fr.setBoolFlag(FlagFeatureFilters, func(cgf *types.Config, value bool) {
+		fr.cfg.Features.Filters = value
+	}); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (fr *flagReader) readApiFlags() (err error) {
+	if err = fr.setIntFlag(FlagApiPort, func(cgf *types.Config, value int) {
+		fr.cfg.API.Port = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setStringFlag(FlagApiUsername, func(cgf *types.Config, value string) {
+		fr.cfg.API.Username = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setStringFlag(FlagApiPassword, func(cgf *types.Config, value string) {
+		fr.cfg.API.Password = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setBoolFlag(FlagApiDarkMode, func(cgf *types.Config, value bool) {
+		fr.cfg.API.DarkMode = value
+	}); err != nil {
+		return
+	}
+	return
+}
+
+func (fr *flagReader) readRootFlags() (err error) {
+	if err = fr.setStringFlag(FlagCron, func(cgf *types.Config, value string) {
+		fr.cfg.Cron = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setBoolFlag(FlagRunOnStart, func(cgf *types.Config, value bool) {
+		fr.cfg.RunOnStart = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setBoolFlag(FlagPrintConfigOnly, func(cgf *types.Config, value bool) {
+		fr.cfg.PrintConfigOnly = value
+	}); err != nil {
+		return
+	}
+	if err = fr.setBoolFlag(FlagContinueOnError, func(cgf *types.Config, value bool) {
+		fr.cfg.ContinueOnError = value
+	}); err != nil {
+		return
+	}
+	return
+}
+
+type Flags interface {
+	Changed(name string) bool
+	GetString(name string) (string, error)
+	GetInt(name string) (int, error)
+	GetBool(name string) (bool, error)
+}
+
+func (fr *flagReader) setStringFlag(name string, cb callback[string]) (err error) {
+	if fr.flags.Changed(name) {
+		if value, err := fr.flags.GetString(name); err != nil {
+			return err
+		} else {
+			cb(fr.cfg, value)
+		}
+	}
+	return nil
+}
+
+func (fr *flagReader) setBoolFlag(name string, cb callback[bool]) (err error) {
+	if fr.flags.Changed(name) {
+		if value, err := fr.flags.GetBool(name); err != nil {
+			return err
+		} else {
+			cb(fr.cfg, value)
+		}
+	}
+	return nil
+}
+
+func (fr *flagReader) setIntFlag(name string, cb callback[int]) (err error) {
+	if fr.flags.Changed(name) {
+		if value, err := fr.flags.GetInt(name); err != nil {
+			return err
+		} else {
+			cb(fr.cfg, value)
+		}
+	}
+	return nil
+}
+
+type callback[T any] func(cgf *types.Config, value T)
--- a/pkg/config/flags_test.go
+++ b/pkg/config/flags_test.go
@@ -0,0 +1,235 @@
+package config
+
+import (
+	"strings"
+
+	flagsmock "github.com/bakito/adguardhome-sync/pkg/mocks/flags"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	gm "go.uber.org/mock/gomock"
+)
+
+var _ = Describe("Config", func() {
+	var (
+		cfg      *types.Config
+		flags    *flagsmock.MockFlags
+		mockCtrl *gm.Controller
+	)
+	BeforeEach(func() {
+		cfg = &types.Config{
+			Replica: &types.AdGuardInstance{},
+			Features: types.Features{
+				DNS: types.DNS{
+					AccessLists:  true,
+					ServerConfig: true,
+					Rewrites:     true,
+				},
+				DHCP: types.DHCP{
+					ServerConfig: true,
+					StaticLeases: true,
+				},
+				GeneralSettings: true,
+				QueryLogConfig:  true,
+				StatsConfig:     true,
+				ClientSettings:  true,
+				Services:        true,
+				Filters:         true,
+			},
+		}
+		mockCtrl = gm.NewController(GinkgoT())
+		flags = flagsmock.NewMockFlags(mockCtrl)
+	})
+	AfterEach(func() {
+		defer mockCtrl.Finish()
+	})
+	Context("readFlags", func() {
+		It("should not change the config with nil flags", func() {
+			clone := cfg.DeepCopy()
+			err := readFlags(cfg, nil)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg).Should(Equal(clone))
+		})
+		It("should not change the config with no changed flags", func() {
+			clone := cfg.DeepCopy()
+			flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg).Should(Equal(clone))
+		})
+	})
+	Context("readFeatureFlags", func() {
+		It("should disable all flags", func() {
+			flags.EXPECT().Changed(gm.Any()).DoAndReturn(func(name string) bool {
+				return strings.HasPrefix(name, "feature")
+			}).AnyTimes()
+			flags.EXPECT().GetBool(gm.Any()).Return(false, nil).AnyTimes()
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.Features).Should(Equal(types.Features{
+				DNS: types.DNS{
+					AccessLists:  false,
+					ServerConfig: false,
+					Rewrites:     false,
+				},
+				DHCP: types.DHCP{
+					ServerConfig: false,
+					StaticLeases: false,
+				},
+				GeneralSettings: false,
+				QueryLogConfig:  false,
+				StatsConfig:     false,
+				ClientSettings:  false,
+				Services:        false,
+				Filters:         false,
+			}))
+		})
+	})
+	Context("readApiFlags", func() {
+		It("should change all values", func() {
+			cfg.API = types.API{
+				Port:     1111,
+				Username: "2222",
+				Password: "3333",
+				DarkMode: false,
+			}
+			flags.EXPECT().Changed(gm.Any()).DoAndReturn(func(name string) bool {
+				return strings.HasPrefix(name, "api")
+			}).AnyTimes()
+			flags.EXPECT().GetInt(FlagApiPort).Return(9999, nil)
+			flags.EXPECT().GetString(FlagApiUsername).Return("aaaa", nil)
+			flags.EXPECT().GetString(FlagApiPassword).Return("bbbb", nil)
+			flags.EXPECT().GetBool(FlagApiDarkMode).Return(true, nil)
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.API).Should(Equal(types.API{
+				Port:     9999,
+				Username: "aaaa",
+				Password: "bbbb",
+				DarkMode: true,
+			}))
+		})
+	})
+	Context("readRootFlags", func() {
+		It("should change all values", func() {
+			cfg.Cron = "*/10 * * * *"
+			cfg.PrintConfigOnly = false
+			cfg.ContinueOnError = false
+			cfg.RunOnStart = false
+
+			flags.EXPECT().Changed(FlagCron).Return(true)
+			flags.EXPECT().Changed(FlagRunOnStart).Return(true)
+			flags.EXPECT().Changed(FlagPrintConfigOnly).Return(true)
+			flags.EXPECT().Changed(FlagContinueOnError).Return(true)
+			flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+			flags.EXPECT().GetString(FlagCron).Return("*/30 * * * *", nil)
+			flags.EXPECT().GetBool(FlagRunOnStart).Return(true, nil)
+			flags.EXPECT().GetBool(FlagPrintConfigOnly).Return(true, nil)
+			flags.EXPECT().GetBool(FlagContinueOnError).Return(true, nil)
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.Cron).Should(Equal("*/30 * * * *"))
+			Ω(cfg.RunOnStart).Should(BeTrue())
+			Ω(cfg.PrintConfigOnly).Should(BeTrue())
+			Ω(cfg.ContinueOnError).Should(BeTrue())
+		})
+	})
+	Context("readOriginFlags", func() {
+		It("should change all values", func() {
+			cfg.Origin = types.AdGuardInstance{
+				URL:                "1",
+				WebURL:             "2",
+				APIPath:            "3",
+				Username:           "4",
+				Password:           "5",
+				Cookie:             "6",
+				InsecureSkipVerify: false,
+			}
+
+			flags.EXPECT().Changed(FlagOriginURL).Return(true)
+			flags.EXPECT().Changed(FlagOriginWebURL).Return(true)
+			flags.EXPECT().Changed(FlagOriginApiPath).Return(true)
+			flags.EXPECT().Changed(FlagOriginUsername).Return(true)
+			flags.EXPECT().Changed(FlagOriginPassword).Return(true)
+			flags.EXPECT().Changed(FlagOriginCookie).Return(true)
+			flags.EXPECT().Changed(FlagOriginISV).Return(true)
+			flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+			flags.EXPECT().GetString(FlagOriginURL).Return("a", nil)
+			flags.EXPECT().GetString(FlagOriginWebURL).Return("b", nil)
+			flags.EXPECT().GetString(FlagOriginApiPath).Return("c", nil)
+			flags.EXPECT().GetString(FlagOriginUsername).Return("d", nil)
+			flags.EXPECT().GetString(FlagOriginPassword).Return("e", nil)
+			flags.EXPECT().GetString(FlagOriginCookie).Return("f", nil)
+			flags.EXPECT().GetBool(FlagOriginISV).Return(true, nil)
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.Origin).Should(Equal(types.AdGuardInstance{
+				URL:                "a",
+				WebURL:             "b",
+				APIPath:            "c",
+				Username:           "d",
+				Password:           "e",
+				Cookie:             "f",
+				InsecureSkipVerify: true,
+			}))
+		})
+	})
+	Context("readReplicaFlags", func() {
+		It("should change all values", func() {
+			cfg.Replica = &types.AdGuardInstance{
+				URL:                "1",
+				WebURL:             "2",
+				APIPath:            "3",
+				Username:           "4",
+				Password:           "5",
+				Cookie:             "6",
+				InsecureSkipVerify: false,
+				AutoSetup:          false,
+				InterfaceName:      "7",
+			}
+
+			flags.EXPECT().Changed(FlagReplicaURL).Return(true)
+			flags.EXPECT().Changed(FlagReplicaWebURL).Return(true)
+			flags.EXPECT().Changed(FlagReplicaApiPath).Return(true)
+			flags.EXPECT().Changed(FlagReplicaUsername).Return(true)
+			flags.EXPECT().Changed(FlagReplicaPassword).Return(true)
+			flags.EXPECT().Changed(FlagReplicaCookie).Return(true)
+			flags.EXPECT().Changed(FlagReplicaISV).Return(true)
+			flags.EXPECT().Changed(FlagReplicaAutoSetup).Return(true)
+			flags.EXPECT().Changed(FlagReplicaInterfaceName).Return(true)
+			flags.EXPECT().Changed(gm.Any()).Return(false).AnyTimes()
+
+			flags.EXPECT().GetString(FlagReplicaURL).Return("a", nil)
+			flags.EXPECT().GetString(FlagReplicaWebURL).Return("b", nil)
+			flags.EXPECT().GetString(FlagReplicaApiPath).Return("c", nil)
+			flags.EXPECT().GetString(FlagReplicaUsername).Return("d", nil)
+			flags.EXPECT().GetString(FlagReplicaPassword).Return("e", nil)
+			flags.EXPECT().GetString(FlagReplicaCookie).Return("f", nil)
+			flags.EXPECT().GetBool(FlagReplicaISV).Return(true, nil)
+			flags.EXPECT().GetBool(FlagReplicaAutoSetup).Return(true, nil)
+			flags.EXPECT().GetString(FlagReplicaInterfaceName).Return("g", nil)
+			err := readFlags(cfg, flags)
+
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.Replica).Should(Equal(&types.AdGuardInstance{
+				URL:                "a",
+				WebURL:             "b",
+				APIPath:            "c",
+				Username:           "d",
+				Password:           "e",
+				Cookie:             "f",
+				InsecureSkipVerify: true,
+				AutoSetup:          true,
+				InterfaceName:      "g",
+			}))
+		})
+	})
+})
--- a/pkg/log/log.go
+++ b/pkg/log/log.go
@@ -10,6 +10,7 @@ import (
 const (
 	logHistorySize = 50
 	envLogLevel    = "LOG_LEVEL"
+	envLogFormat   = "LOG_FORMAT"
 )

 var (
@@ -31,14 +32,23 @@ func init() {
 		}
 	}

+	format := "console"
+	if fmt, ok := os.LookupEnv(envLogFormat); ok {
+		format = fmt
+	}
+
 	cfg := zap.Config{
 		Level:            zap.NewAtomicLevelAt(level),
 		Development:      false,
-		Encoding:         "console",
-		EncoderConfig:    zap.NewDevelopmentEncoderConfig(),
+		Encoding:         format,
+		EncoderConfig:    zap.NewProductionEncoderConfig(),
 		OutputPaths:      []string{"stdout"},
 		ErrorOutputPaths: []string{"stderr"},
 	}
+	cfg.EncoderConfig.EncodeTime = zapcore.ISO8601TimeEncoder
+	cfg.EncoderConfig.EncodeDuration = zapcore.StringDurationEncoder
+	cfg.EncoderConfig.EncodeLevel = zapcore.CapitalLevelEncoder
+
 	opt := zap.WrapCore(func(c zapcore.Core) zapcore.Core {
 		return zapcore.NewTee(c, &logList{
 			enc:          zapcore.NewConsoleEncoder(cfg.EncoderConfig),
@@ -96,6 +106,11 @@ func Logs() []string {
 	return logs
 }

+// Clear  the current logs
+func Clear() {
+	logs = nil
+}
+
 func addFields(enc zapcore.ObjectEncoder, fields []zapcore.Field) {
 	for i := range fields {
 		fields[i].AddTo(enc)
--- a/pkg/metrics/handler.go
+++ b/pkg/metrics/handler.go
@@ -0,0 +1,14 @@
+package metrics
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/prometheus/client_golang/prometheus/promhttp"
+)
+
+func Handler() gin.HandlerFunc {
+	h := promhttp.Handler()
+
+	return func(c *gin.Context) {
+		h.ServeHTTP(c.Writer, c.Request)
+	}
+}
--- a/pkg/metrics/metrics.go
+++ b/pkg/metrics/metrics.go
@@ -0,0 +1,245 @@
+package metrics
+
+import (
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/bakito/adguardhome-sync/pkg/log"
+	"github.com/prometheus/client_golang/prometheus"
+	"golang.org/x/exp/constraints"
+)
+
+var (
+	l = log.GetLogger("metrics")
+
+	// avgProcessingTime - Average processing time for a DNS query
+	avgProcessingTime = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "avg_processing_time",
+			Namespace: "adguard",
+			Help:      "This represent the average processing time for a DNS query in s",
+		},
+		[]string{"hostname"},
+	)
+
+	// dnsQueries - Number of DNS queries
+	dnsQueries = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "num_dns_queries",
+			Namespace: "adguard",
+			Help:      "Number of DNS queries",
+		},
+		[]string{"hostname"},
+	)
+
+	// blockedFiltering - Number of DNS queries blocked
+	blockedFiltering = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "num_blocked_filtering",
+			Namespace: "adguard",
+			Help:      "This represent the number of domains blocked",
+		},
+		[]string{"hostname"},
+	)
+
+	// parentalFiltering - Number of DNS queries replaced by parental control
+	parentalFiltering = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "num_replaced_parental",
+			Namespace: "adguard",
+			Help:      "This represent the number of domains blocked (parental)",
+		},
+		[]string{"hostname"},
+	)
+
+	// safeBrowsingFiltering - Number of DNS queries replaced by safe browsing
+	safeBrowsingFiltering = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "num_replaced_safebrowsing",
+			Namespace: "adguard",
+			Help:      "This represent the number of domains blocked (safe browsing)",
+		},
+		[]string{"hostname"},
+	)
+
+	// safeSearchFiltering - Number of DNS queries replaced by safe search
+	safeSearchFiltering = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "num_replaced_safesearch",
+			Namespace: "adguard",
+			Help:      "This represent the number of domains blocked (safe search)",
+		},
+		[]string{"hostname"},
+	)
+
+	// topQueries - The number of top queries
+	topQueries = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "top_queried_domains",
+			Namespace: "adguard",
+			Help:      "This represent the top queried domains",
+		},
+		[]string{"hostname", "domain"},
+	)
+
+	// topBlocked - The number of top domains blocked
+	topBlocked = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "top_blocked_domains",
+			Namespace: "adguard",
+			Help:      "This represent the top bloacked domains",
+		},
+		[]string{"hostname", "domain"},
+	)
+
+	// topClients - The number of top clients
+	topClients = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "top_clients",
+			Namespace: "adguard",
+			Help:      "This represent the top clients",
+		},
+		[]string{"hostname", "client"},
+	)
+
+	// queryTypes - The type of DNS Queries (A, AAAA...)
+	queryTypes = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "query_types",
+			Namespace: "adguard",
+			Help:      "This represent the DNS query types",
+		},
+		[]string{"hostname", "type"},
+	)
+
+	// running - If Adguard is running
+	running = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "running",
+			Namespace: "adguard",
+			Help:      "This represent if Adguard is running",
+		},
+		[]string{"hostname"},
+	)
+
+	// protectionEnabled - If Adguard protection is enabled
+	protectionEnabled = prometheus.NewGaugeVec(
+		prometheus.GaugeOpts{
+			Name:      "protection_enabled",
+			Namespace: "adguard",
+			Help:      "This represent if Adguard Protection is enabled",
+		},
+		[]string{"hostname"},
+	)
+)
+
+// Init initializes all Prometheus metrics made available by AdGuard  exporter.
+func Init() {
+	initMetric("avg_processing_time", avgProcessingTime)
+	initMetric("num_dns_queries", dnsQueries)
+	initMetric("num_blocked_filtering", blockedFiltering)
+	initMetric("num_replaced_parental", parentalFiltering)
+	initMetric("num_replaced_safebrowsing", safeBrowsingFiltering)
+	initMetric("num_replaced_safesearch", safeSearchFiltering)
+	initMetric("top_queried_domains", topQueries)
+	initMetric("top_blocked_domains", topBlocked)
+	initMetric("top_clients", topClients)
+	initMetric("query_types", queryTypes)
+	initMetric("running", running)
+	initMetric("protection_enabled", protectionEnabled)
+}
+
+func initMetric(name string, metric *prometheus.GaugeVec) {
+	prometheus.MustRegister(metric)
+	l.With("name", name).Info("New Prometheus metric registered")
+}
+
+func Update(ims ...InstanceMetrics) {
+	for _, im := range ims {
+		update(im)
+	}
+
+	l.Debug("updated")
+}
+
+func update(im InstanceMetrics) {
+	// Status
+	var isRunning int = 0
+	if im.Status.Running {
+		isRunning = 1
+	}
+	running.WithLabelValues(im.HostName).Set(float64(isRunning))
+
+	var isProtected int = 0
+	if im.Status.ProtectionEnabled {
+		isProtected = 1
+	}
+	protectionEnabled.WithLabelValues(im.HostName).Set(float64(isProtected))
+
+	// Stats
+	avgProcessingTime.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.AvgProcessingTime))
+	dnsQueries.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.NumDnsQueries))
+	blockedFiltering.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.NumBlockedFiltering))
+	parentalFiltering.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.NumReplacedParental))
+	safeBrowsingFiltering.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.NumReplacedSafebrowsing))
+	safeSearchFiltering.WithLabelValues(im.HostName).Set(safeMetric(im.Stats.NumReplacedSafesearch))
+
+	if im.Stats.TopQueriedDomains != nil {
+		for _, tq := range *im.Stats.TopQueriedDomains {
+			for domain, value := range tq.AdditionalProperties {
+				topQueries.WithLabelValues(im.HostName, domain).Set(float64(value))
+			}
+		}
+	}
+	if im.Stats.TopBlockedDomains != nil {
+		for _, tb := range *im.Stats.TopBlockedDomains {
+			for domain, value := range tb.AdditionalProperties {
+				topBlocked.WithLabelValues(im.HostName, domain).Set(float64(value))
+			}
+		}
+	}
+	if im.Stats.TopClients != nil {
+		for _, tc := range *im.Stats.TopClients {
+			for source, value := range tc.AdditionalProperties {
+				topClients.WithLabelValues(im.HostName, source).Set(float64(value))
+			}
+		}
+	}
+
+	// LogQuery
+	m := make(map[string]int)
+	if im.QueryLog != nil && im.QueryLog.Data != nil {
+		logdata := *im.QueryLog.Data
+		for _, ld := range logdata {
+			if ld.Answer != nil {
+				dnsanswer := *ld.Answer
+				if len(dnsanswer) > 0 {
+					for _, dnsa := range dnsanswer {
+						dnsType := *dnsa.Type
+						m[dnsType] += 1
+					}
+				}
+			}
+		}
+	}
+
+	for key, value := range m {
+		queryTypes.WithLabelValues(im.HostName, key).Set(float64(value))
+	}
+}
+
+type InstanceMetrics struct {
+	HostName string
+	Status   *model.ServerStatus
+	Stats    *model.Stats
+	QueryLog *model.QueryLog
+}
+
+func safeMetric[T Number](v *T) float64 {
+	if v == nil {
+		return 0
+	}
+	return float64(*v)
+}
+
+type Number interface {
+	constraints.Float | constraints.Integer
+}
--- a/pkg/mocks/client/mock.go
+++ b/pkg/mocks/client/mock.go
@@ -1,5 +1,10 @@
 // Code generated by MockGen. DO NOT EDIT.
 // Source: github.com/bakito/adguardhome-sync/pkg/client (interfaces: Client)
+//
+// Generated by this command:
+//
+//	mockgen -package client -destination pkg/mocks/client/mock.go github.com/bakito/adguardhome-sync/pkg/client Client
+//

 // Package client is a generated GoMock package.
 package client
@@ -7,8 +12,8 @@ package client
 import (
 	reflect "reflect"

-	types "github.com/bakito/adguardhome-sync/pkg/types"
-	gomock "github.com/golang/mock/gomock"
+	model "github.com/bakito/adguardhome-sync/pkg/client/model"
+	gomock "go.uber.org/mock/gomock"
 )

 // MockClient is a mock of Client interface.
@@ -35,10 +40,10 @@ func (m *MockClient) EXPECT() *MockClientMockRecorder {
 }

 // AccessList mocks base method.
-func (m *MockClient) AccessList() (*types.AccessList, error) {
+func (m *MockClient) AccessList() (*model.AccessList, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "AccessList")
-	ret0, _ := ret[0].(*types.AccessList)
+	ret0, _ := ret[0].(*model.AccessList)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -49,65 +54,52 @@ func (mr *MockClientMockRecorder) AccessList() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AccessList", reflect.TypeOf((*MockClient)(nil).AccessList))
 }

-// AddClients mocks base method.
-func (m *MockClient) AddClients(arg0 ...types.Client) error {
+// AddClient mocks base method.
+func (m *MockClient) AddClient(arg0 *model.Client) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
-	for _, a := range arg0 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "AddClients", varargs...)
+	ret := m.ctrl.Call(m, "AddClient", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// AddClients indicates an expected call of AddClients.
-func (mr *MockClientMockRecorder) AddClients(arg0 ...interface{}) *gomock.Call {
+// AddClient indicates an expected call of AddClient.
+func (mr *MockClientMockRecorder) AddClient(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddClients", reflect.TypeOf((*MockClient)(nil).AddClients), arg0...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddClient", reflect.TypeOf((*MockClient)(nil).AddClient), arg0)
 }

-// AddDHCPStaticLeases mocks base method.
-func (m *MockClient) AddDHCPStaticLeases(arg0 ...types.Lease) error {
+// AddDHCPStaticLease mocks base method.
+func (m *MockClient) AddDHCPStaticLease(arg0 model.DhcpStaticLease) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
-	for _, a := range arg0 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "AddDHCPStaticLeases", varargs...)
+	ret := m.ctrl.Call(m, "AddDHCPStaticLease", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// AddDHCPStaticLeases indicates an expected call of AddDHCPStaticLeases.
-func (mr *MockClientMockRecorder) AddDHCPStaticLeases(arg0 ...interface{}) *gomock.Call {
+// AddDHCPStaticLease indicates an expected call of AddDHCPStaticLease.
+func (mr *MockClientMockRecorder) AddDHCPStaticLease(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddDHCPStaticLeases", reflect.TypeOf((*MockClient)(nil).AddDHCPStaticLeases), arg0...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddDHCPStaticLease", reflect.TypeOf((*MockClient)(nil).AddDHCPStaticLease), arg0)
 }

-// AddFilters mocks base method.
-func (m *MockClient) AddFilters(arg0 bool, arg1 ...types.Filter) error {
+// AddFilter mocks base method.
+func (m *MockClient) AddFilter(arg0 bool, arg1 model.Filter) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0}
-	for _, a := range arg1 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "AddFilters", varargs...)
+	ret := m.ctrl.Call(m, "AddFilter", arg0, arg1)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// AddFilters indicates an expected call of AddFilters.
-func (mr *MockClientMockRecorder) AddFilters(arg0 interface{}, arg1 ...interface{}) *gomock.Call {
+// AddFilter indicates an expected call of AddFilter.
+func (mr *MockClientMockRecorder) AddFilter(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0}, arg1...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddFilters", reflect.TypeOf((*MockClient)(nil).AddFilters), varargs...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddFilter", reflect.TypeOf((*MockClient)(nil).AddFilter), arg0, arg1)
 }

 // AddRewriteEntries mocks base method.
-func (m *MockClient) AddRewriteEntries(arg0 ...types.RewriteEntry) error {
+func (m *MockClient) AddRewriteEntries(arg0 ...model.RewriteEntry) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
+	varargs := []any{}
 	for _, a := range arg0 {
 		varargs = append(varargs, a)
 	}
@@ -117,16 +109,31 @@ func (m *MockClient) AddRewriteEntries(arg0 ...types.RewriteEntry) error {
 }

 // AddRewriteEntries indicates an expected call of AddRewriteEntries.
-func (mr *MockClientMockRecorder) AddRewriteEntries(arg0 ...interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) AddRewriteEntries(arg0 ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "AddRewriteEntries", reflect.TypeOf((*MockClient)(nil).AddRewriteEntries), arg0...)
 }

+// BlockedServicesSchedule mocks base method.
+func (m *MockClient) BlockedServicesSchedule() (*model.BlockedServicesSchedule, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "BlockedServicesSchedule")
+	ret0, _ := ret[0].(*model.BlockedServicesSchedule)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// BlockedServicesSchedule indicates an expected call of BlockedServicesSchedule.
+func (mr *MockClientMockRecorder) BlockedServicesSchedule() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "BlockedServicesSchedule", reflect.TypeOf((*MockClient)(nil).BlockedServicesSchedule))
+}
+
 // Clients mocks base method.
-func (m *MockClient) Clients() (*types.Clients, error) {
+func (m *MockClient) Clients() (*model.Clients, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Clients")
-	ret0, _ := ret[0].(*types.Clients)
+	ret0, _ := ret[0].(*model.Clients)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -137,26 +144,11 @@ func (mr *MockClientMockRecorder) Clients() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Clients", reflect.TypeOf((*MockClient)(nil).Clients))
 }

-// DHCPServerConfig mocks base method.
-func (m *MockClient) DHCPServerConfig() (*types.DHCPServerConfig, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "DHCPServerConfig")
-	ret0, _ := ret[0].(*types.DHCPServerConfig)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// DHCPServerConfig indicates an expected call of DHCPServerConfig.
-func (mr *MockClientMockRecorder) DHCPServerConfig() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DHCPServerConfig", reflect.TypeOf((*MockClient)(nil).DHCPServerConfig))
-}
-
 // DNSConfig mocks base method.
-func (m *MockClient) DNSConfig() (*types.DNSConfig, error) {
+func (m *MockClient) DNSConfig() (*model.DNSConfig, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "DNSConfig")
-	ret0, _ := ret[0].(*types.DNSConfig)
+	ret0, _ := ret[0].(*model.DNSConfig)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -167,65 +159,52 @@ func (mr *MockClientMockRecorder) DNSConfig() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DNSConfig", reflect.TypeOf((*MockClient)(nil).DNSConfig))
 }

-// DeleteClients mocks base method.
-func (m *MockClient) DeleteClients(arg0 ...types.Client) error {
+// DeleteClient mocks base method.
+func (m *MockClient) DeleteClient(arg0 *model.Client) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
-	for _, a := range arg0 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "DeleteClients", varargs...)
+	ret := m.ctrl.Call(m, "DeleteClient", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// DeleteClients indicates an expected call of DeleteClients.
-func (mr *MockClientMockRecorder) DeleteClients(arg0 ...interface{}) *gomock.Call {
+// DeleteClient indicates an expected call of DeleteClient.
+func (mr *MockClientMockRecorder) DeleteClient(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteClients", reflect.TypeOf((*MockClient)(nil).DeleteClients), arg0...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteClient", reflect.TypeOf((*MockClient)(nil).DeleteClient), arg0)
 }

-// DeleteDHCPStaticLeases mocks base method.
-func (m *MockClient) DeleteDHCPStaticLeases(arg0 ...types.Lease) error {
+// DeleteDHCPStaticLease mocks base method.
+func (m *MockClient) DeleteDHCPStaticLease(arg0 model.DhcpStaticLease) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
-	for _, a := range arg0 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "DeleteDHCPStaticLeases", varargs...)
+	ret := m.ctrl.Call(m, "DeleteDHCPStaticLease", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// DeleteDHCPStaticLeases indicates an expected call of DeleteDHCPStaticLeases.
-func (mr *MockClientMockRecorder) DeleteDHCPStaticLeases(arg0 ...interface{}) *gomock.Call {
+// DeleteDHCPStaticLease indicates an expected call of DeleteDHCPStaticLease.
+func (mr *MockClientMockRecorder) DeleteDHCPStaticLease(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteDHCPStaticLeases", reflect.TypeOf((*MockClient)(nil).DeleteDHCPStaticLeases), arg0...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteDHCPStaticLease", reflect.TypeOf((*MockClient)(nil).DeleteDHCPStaticLease), arg0)
 }

-// DeleteFilters mocks base method.
-func (m *MockClient) DeleteFilters(arg0 bool, arg1 ...types.Filter) error {
+// DeleteFilter mocks base method.
+func (m *MockClient) DeleteFilter(arg0 bool, arg1 model.Filter) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0}
-	for _, a := range arg1 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "DeleteFilters", varargs...)
+	ret := m.ctrl.Call(m, "DeleteFilter", arg0, arg1)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// DeleteFilters indicates an expected call of DeleteFilters.
-func (mr *MockClientMockRecorder) DeleteFilters(arg0 interface{}, arg1 ...interface{}) *gomock.Call {
+// DeleteFilter indicates an expected call of DeleteFilter.
+func (mr *MockClientMockRecorder) DeleteFilter(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0}, arg1...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteFilters", reflect.TypeOf((*MockClient)(nil).DeleteFilters), varargs...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteFilter", reflect.TypeOf((*MockClient)(nil).DeleteFilter), arg0, arg1)
 }

 // DeleteRewriteEntries mocks base method.
-func (m *MockClient) DeleteRewriteEntries(arg0 ...types.RewriteEntry) error {
+func (m *MockClient) DeleteRewriteEntries(arg0 ...model.RewriteEntry) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
+	varargs := []any{}
 	for _, a := range arg0 {
 		varargs = append(varargs, a)
 	}
@@ -235,16 +214,31 @@ func (m *MockClient) DeleteRewriteEntries(arg0 ...types.RewriteEntry) error {
 }

 // DeleteRewriteEntries indicates an expected call of DeleteRewriteEntries.
-func (mr *MockClientMockRecorder) DeleteRewriteEntries(arg0 ...interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) DeleteRewriteEntries(arg0 ...any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteRewriteEntries", reflect.TypeOf((*MockClient)(nil).DeleteRewriteEntries), arg0...)
 }

+// DhcpConfig mocks base method.
+func (m *MockClient) DhcpConfig() (*model.DhcpStatus, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "DhcpConfig")
+	ret0, _ := ret[0].(*model.DhcpStatus)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// DhcpConfig indicates an expected call of DhcpConfig.
+func (mr *MockClientMockRecorder) DhcpConfig() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DhcpConfig", reflect.TypeOf((*MockClient)(nil).DhcpConfig))
+}
+
 // Filtering mocks base method.
-func (m *MockClient) Filtering() (*types.FilteringStatus, error) {
+func (m *MockClient) Filtering() (*model.FilterStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Filtering")
-	ret0, _ := ret[0].(*types.FilteringStatus)
+	ret0, _ := ret[0].(*model.FilterStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -284,11 +278,41 @@ func (mr *MockClientMockRecorder) Parental() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Parental", reflect.TypeOf((*MockClient)(nil).Parental))
 }

+// ProfileInfo mocks base method.
+func (m *MockClient) ProfileInfo() (*model.ProfileInfo, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ProfileInfo")
+	ret0, _ := ret[0].(*model.ProfileInfo)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ProfileInfo indicates an expected call of ProfileInfo.
+func (mr *MockClientMockRecorder) ProfileInfo() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ProfileInfo", reflect.TypeOf((*MockClient)(nil).ProfileInfo))
+}
+
+// QueryLog mocks base method.
+func (m *MockClient) QueryLog(arg0 int) (*model.QueryLog, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "QueryLog", arg0)
+	ret0, _ := ret[0].(*model.QueryLog)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// QueryLog indicates an expected call of QueryLog.
+func (mr *MockClientMockRecorder) QueryLog(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "QueryLog", reflect.TypeOf((*MockClient)(nil).QueryLog), arg0)
+}
+
 // QueryLogConfig mocks base method.
-func (m *MockClient) QueryLogConfig() (*types.QueryLogConfig, error) {
+func (m *MockClient) QueryLogConfig() (*model.QueryLogConfigWithIgnored, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "QueryLogConfig")
-	ret0, _ := ret[0].(*types.QueryLogConfig)
+	ret0, _ := ret[0].(*model.QueryLogConfigWithIgnored)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -308,16 +332,16 @@ func (m *MockClient) RefreshFilters(arg0 bool) error {
 }

 // RefreshFilters indicates an expected call of RefreshFilters.
-func (mr *MockClientMockRecorder) RefreshFilters(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) RefreshFilters(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RefreshFilters", reflect.TypeOf((*MockClient)(nil).RefreshFilters), arg0)
 }

 // RewriteList mocks base method.
-func (m *MockClient) RewriteList() (*types.RewriteEntries, error) {
+func (m *MockClient) RewriteList() (*model.RewriteEntries, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "RewriteList")
-	ret0, _ := ret[0].(*types.RewriteEntries)
+	ret0, _ := ret[0].(*model.RewriteEntries)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -343,38 +367,23 @@ func (mr *MockClientMockRecorder) SafeBrowsing() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SafeBrowsing", reflect.TypeOf((*MockClient)(nil).SafeBrowsing))
 }

-// SafeSearch mocks base method.
-func (m *MockClient) SafeSearch() (bool, error) {
+// SafeSearchConfig mocks base method.
+func (m *MockClient) SafeSearchConfig() (*model.SafeSearchConfig, error) {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SafeSearch")
-	ret0, _ := ret[0].(bool)
+	ret := m.ctrl.Call(m, "SafeSearchConfig")
+	ret0, _ := ret[0].(*model.SafeSearchConfig)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }

-// SafeSearch indicates an expected call of SafeSearch.
-func (mr *MockClientMockRecorder) SafeSearch() *gomock.Call {
+// SafeSearchConfig indicates an expected call of SafeSearchConfig.
+func (mr *MockClientMockRecorder) SafeSearchConfig() *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SafeSearch", reflect.TypeOf((*MockClient)(nil).SafeSearch))
-}
-
-// Services mocks base method.
-func (m *MockClient) Services() (types.Services, error) {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Services")
-	ret0, _ := ret[0].(types.Services)
-	ret1, _ := ret[1].(error)
-	return ret0, ret1
-}
-
-// Services indicates an expected call of Services.
-func (mr *MockClientMockRecorder) Services() *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Services", reflect.TypeOf((*MockClient)(nil).Services))
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SafeSearchConfig", reflect.TypeOf((*MockClient)(nil).SafeSearchConfig))
 }

 // SetAccessList mocks base method.
-func (m *MockClient) SetAccessList(arg0 *types.AccessList) error {
+func (m *MockClient) SetAccessList(arg0 *model.AccessList) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetAccessList", arg0)
 	ret0, _ := ret[0].(error)
@@ -382,13 +391,27 @@ func (m *MockClient) SetAccessList(arg0 *types.AccessList) error {
 }

 // SetAccessList indicates an expected call of SetAccessList.
-func (mr *MockClientMockRecorder) SetAccessList(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) SetAccessList(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetAccessList", reflect.TypeOf((*MockClient)(nil).SetAccessList), arg0)
 }

+// SetBlockedServicesSchedule mocks base method.
+func (m *MockClient) SetBlockedServicesSchedule(arg0 *model.BlockedServicesSchedule) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SetBlockedServicesSchedule", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// SetBlockedServicesSchedule indicates an expected call of SetBlockedServicesSchedule.
+func (mr *MockClientMockRecorder) SetBlockedServicesSchedule(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetBlockedServicesSchedule", reflect.TypeOf((*MockClient)(nil).SetBlockedServicesSchedule), arg0)
+}
+
 // SetCustomRules mocks base method.
-func (m *MockClient) SetCustomRules(arg0 types.UserRules) error {
+func (m *MockClient) SetCustomRules(arg0 *[]string) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetCustomRules", arg0)
 	ret0, _ := ret[0].(error)
@@ -396,27 +419,13 @@ func (m *MockClient) SetCustomRules(arg0 types.UserRules) error {
 }

 // SetCustomRules indicates an expected call of SetCustomRules.
-func (mr *MockClientMockRecorder) SetCustomRules(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) SetCustomRules(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetCustomRules", reflect.TypeOf((*MockClient)(nil).SetCustomRules), arg0)
 }

-// SetDHCPServerConfig mocks base method.
-func (m *MockClient) SetDHCPServerConfig(arg0 *types.DHCPServerConfig) error {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SetDHCPServerConfig", arg0)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// SetDHCPServerConfig indicates an expected call of SetDHCPServerConfig.
-func (mr *MockClientMockRecorder) SetDHCPServerConfig(arg0 interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetDHCPServerConfig", reflect.TypeOf((*MockClient)(nil).SetDHCPServerConfig), arg0)
-}
-
 // SetDNSConfig mocks base method.
-func (m *MockClient) SetDNSConfig(arg0 *types.DNSConfig) error {
+func (m *MockClient) SetDNSConfig(arg0 *model.DNSConfig) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetDNSConfig", arg0)
 	ret0, _ := ret[0].(error)
@@ -424,41 +433,69 @@ func (m *MockClient) SetDNSConfig(arg0 *types.DNSConfig) error {
 }

 // SetDNSConfig indicates an expected call of SetDNSConfig.
-func (mr *MockClientMockRecorder) SetDNSConfig(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) SetDNSConfig(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetDNSConfig", reflect.TypeOf((*MockClient)(nil).SetDNSConfig), arg0)
 }

-// SetQueryLogConfig mocks base method.
-func (m *MockClient) SetQueryLogConfig(arg0 bool, arg1 float64, arg2 bool) error {
+// SetDhcpConfig mocks base method.
+func (m *MockClient) SetDhcpConfig(arg0 *model.DhcpStatus) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SetQueryLogConfig", arg0, arg1, arg2)
+	ret := m.ctrl.Call(m, "SetDhcpConfig", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// SetDhcpConfig indicates an expected call of SetDhcpConfig.
+func (mr *MockClientMockRecorder) SetDhcpConfig(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetDhcpConfig", reflect.TypeOf((*MockClient)(nil).SetDhcpConfig), arg0)
+}
+
+// SetProfileInfo mocks base method.
+func (m *MockClient) SetProfileInfo(arg0 *model.ProfileInfo) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SetProfileInfo", arg0)
+	ret0, _ := ret[0].(error)
+	return ret0
+}
+
+// SetProfileInfo indicates an expected call of SetProfileInfo.
+func (mr *MockClientMockRecorder) SetProfileInfo(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetProfileInfo", reflect.TypeOf((*MockClient)(nil).SetProfileInfo), arg0)
+}
+
+// SetQueryLogConfig mocks base method.
+func (m *MockClient) SetQueryLogConfig(arg0 *model.QueryLogConfigWithIgnored) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "SetQueryLogConfig", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

 // SetQueryLogConfig indicates an expected call of SetQueryLogConfig.
-func (mr *MockClientMockRecorder) SetQueryLogConfig(arg0, arg1, arg2 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) SetQueryLogConfig(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetQueryLogConfig", reflect.TypeOf((*MockClient)(nil).SetQueryLogConfig), arg0, arg1, arg2)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetQueryLogConfig", reflect.TypeOf((*MockClient)(nil).SetQueryLogConfig), arg0)
 }

-// SetServices mocks base method.
-func (m *MockClient) SetServices(arg0 types.Services) error {
+// SetSafeSearchConfig mocks base method.
+func (m *MockClient) SetSafeSearchConfig(arg0 *model.SafeSearchConfig) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "SetServices", arg0)
+	ret := m.ctrl.Call(m, "SetSafeSearchConfig", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// SetServices indicates an expected call of SetServices.
-func (mr *MockClientMockRecorder) SetServices(arg0 interface{}) *gomock.Call {
+// SetSafeSearchConfig indicates an expected call of SetSafeSearchConfig.
+func (mr *MockClientMockRecorder) SetSafeSearchConfig(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetServices", reflect.TypeOf((*MockClient)(nil).SetServices), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetSafeSearchConfig", reflect.TypeOf((*MockClient)(nil).SetSafeSearchConfig), arg0)
 }

 // SetStatsConfig mocks base method.
-func (m *MockClient) SetStatsConfig(arg0 float64) error {
+func (m *MockClient) SetStatsConfig(arg0 *model.GetStatsConfigResponse) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "SetStatsConfig", arg0)
 	ret0, _ := ret[0].(error)
@@ -466,7 +503,7 @@ func (m *MockClient) SetStatsConfig(arg0 float64) error {
 }

 // SetStatsConfig indicates an expected call of SetStatsConfig.
-func (mr *MockClientMockRecorder) SetStatsConfig(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) SetStatsConfig(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "SetStatsConfig", reflect.TypeOf((*MockClient)(nil).SetStatsConfig), arg0)
 }
@@ -485,11 +522,26 @@ func (mr *MockClientMockRecorder) Setup() *gomock.Call {
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Setup", reflect.TypeOf((*MockClient)(nil).Setup))
 }

+// Stats mocks base method.
+func (m *MockClient) Stats() (*model.Stats, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Stats")
+	ret0, _ := ret[0].(*model.Stats)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// Stats indicates an expected call of Stats.
+func (mr *MockClientMockRecorder) Stats() *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Stats", reflect.TypeOf((*MockClient)(nil).Stats))
+}
+
 // StatsConfig mocks base method.
-func (m *MockClient) StatsConfig() (*types.IntervalConfig, error) {
+func (m *MockClient) StatsConfig() (*model.GetStatsConfigResponse, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "StatsConfig")
-	ret0, _ := ret[0].(*types.IntervalConfig)
+	ret0, _ := ret[0].(*model.GetStatsConfigResponse)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -501,10 +553,10 @@ func (mr *MockClientMockRecorder) StatsConfig() *gomock.Call {
 }

 // Status mocks base method.
-func (m *MockClient) Status() (*types.Status, error) {
+func (m *MockClient) Status() (*model.ServerStatus, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "Status")
-	ret0, _ := ret[0].(*types.Status)
+	ret0, _ := ret[0].(*model.ServerStatus)
 	ret1, _ := ret[1].(error)
 	return ret0, ret1
 }
@@ -516,7 +568,7 @@ func (mr *MockClientMockRecorder) Status() *gomock.Call {
 }

 // ToggleFiltering mocks base method.
-func (m *MockClient) ToggleFiltering(arg0 bool, arg1 float64) error {
+func (m *MockClient) ToggleFiltering(arg0 bool, arg1 int) error {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ToggleFiltering", arg0, arg1)
 	ret0, _ := ret[0].(error)
@@ -524,7 +576,7 @@ func (m *MockClient) ToggleFiltering(arg0 bool, arg1 float64) error {
 }

 // ToggleFiltering indicates an expected call of ToggleFiltering.
-func (mr *MockClientMockRecorder) ToggleFiltering(arg0, arg1 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) ToggleFiltering(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ToggleFiltering", reflect.TypeOf((*MockClient)(nil).ToggleFiltering), arg0, arg1)
 }
@@ -538,7 +590,7 @@ func (m *MockClient) ToggleParental(arg0 bool) error {
 }

 // ToggleParental indicates an expected call of ToggleParental.
-func (mr *MockClientMockRecorder) ToggleParental(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) ToggleParental(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ToggleParental", reflect.TypeOf((*MockClient)(nil).ToggleParental), arg0)
 }
@@ -552,7 +604,7 @@ func (m *MockClient) ToggleProtection(arg0 bool) error {
 }

 // ToggleProtection indicates an expected call of ToggleProtection.
-func (mr *MockClientMockRecorder) ToggleProtection(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) ToggleProtection(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ToggleProtection", reflect.TypeOf((*MockClient)(nil).ToggleProtection), arg0)
 }
@@ -566,58 +618,35 @@ func (m *MockClient) ToggleSafeBrowsing(arg0 bool) error {
 }

 // ToggleSafeBrowsing indicates an expected call of ToggleSafeBrowsing.
-func (mr *MockClientMockRecorder) ToggleSafeBrowsing(arg0 interface{}) *gomock.Call {
+func (mr *MockClientMockRecorder) ToggleSafeBrowsing(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ToggleSafeBrowsing", reflect.TypeOf((*MockClient)(nil).ToggleSafeBrowsing), arg0)
 }

-// ToggleSafeSearch mocks base method.
-func (m *MockClient) ToggleSafeSearch(arg0 bool) error {
+// UpdateClient mocks base method.
+func (m *MockClient) UpdateClient(arg0 *model.Client) error {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ToggleSafeSearch", arg0)
+	ret := m.ctrl.Call(m, "UpdateClient", arg0)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// ToggleSafeSearch indicates an expected call of ToggleSafeSearch.
-func (mr *MockClientMockRecorder) ToggleSafeSearch(arg0 interface{}) *gomock.Call {
+// UpdateClient indicates an expected call of UpdateClient.
+func (mr *MockClientMockRecorder) UpdateClient(arg0 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ToggleSafeSearch", reflect.TypeOf((*MockClient)(nil).ToggleSafeSearch), arg0)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateClient", reflect.TypeOf((*MockClient)(nil).UpdateClient), arg0)
 }

-// UpdateClients mocks base method.
-func (m *MockClient) UpdateClients(arg0 ...types.Client) error {
+// UpdateFilter mocks base method.
+func (m *MockClient) UpdateFilter(arg0 bool, arg1 model.Filter) error {
 	m.ctrl.T.Helper()
-	varargs := []interface{}{}
-	for _, a := range arg0 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "UpdateClients", varargs...)
+	ret := m.ctrl.Call(m, "UpdateFilter", arg0, arg1)
 	ret0, _ := ret[0].(error)
 	return ret0
 }

-// UpdateClients indicates an expected call of UpdateClients.
-func (mr *MockClientMockRecorder) UpdateClients(arg0 ...interface{}) *gomock.Call {
+// UpdateFilter indicates an expected call of UpdateFilter.
+func (mr *MockClientMockRecorder) UpdateFilter(arg0, arg1 any) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateClients", reflect.TypeOf((*MockClient)(nil).UpdateClients), arg0...)
-}
-
-// UpdateFilters mocks base method.
-func (m *MockClient) UpdateFilters(arg0 bool, arg1 ...types.Filter) error {
-	m.ctrl.T.Helper()
-	varargs := []interface{}{arg0}
-	for _, a := range arg1 {
-		varargs = append(varargs, a)
-	}
-	ret := m.ctrl.Call(m, "UpdateFilters", varargs...)
-	ret0, _ := ret[0].(error)
-	return ret0
-}
-
-// UpdateFilters indicates an expected call of UpdateFilters.
-func (mr *MockClientMockRecorder) UpdateFilters(arg0 interface{}, arg1 ...interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	varargs := append([]interface{}{arg0}, arg1...)
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateFilters", reflect.TypeOf((*MockClient)(nil).UpdateFilters), varargs...)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "UpdateFilter", reflect.TypeOf((*MockClient)(nil).UpdateFilter), arg0, arg1)
 }
--- a/pkg/mocks/flags/mock.go
+++ b/pkg/mocks/flags/mock.go
@@ -0,0 +1,98 @@
+// Code generated by MockGen. DO NOT EDIT.
+// Source: github.com/bakito/adguardhome-sync/pkg/config (interfaces: Flags)
+//
+// Generated by this command:
+//
+//	mockgen -package client -destination pkg/mocks/flags/mock.go github.com/bakito/adguardhome-sync/pkg/config Flags
+//
+
+// Package client is a generated GoMock package.
+package client
+
+import (
+	reflect "reflect"
+
+	gomock "go.uber.org/mock/gomock"
+)
+
+// MockFlags is a mock of Flags interface.
+type MockFlags struct {
+	ctrl     *gomock.Controller
+	recorder *MockFlagsMockRecorder
+}
+
+// MockFlagsMockRecorder is the mock recorder for MockFlags.
+type MockFlagsMockRecorder struct {
+	mock *MockFlags
+}
+
+// NewMockFlags creates a new mock instance.
+func NewMockFlags(ctrl *gomock.Controller) *MockFlags {
+	mock := &MockFlags{ctrl: ctrl}
+	mock.recorder = &MockFlagsMockRecorder{mock}
+	return mock
+}
+
+// EXPECT returns an object that allows the caller to indicate expected use.
+func (m *MockFlags) EXPECT() *MockFlagsMockRecorder {
+	return m.recorder
+}
+
+// Changed mocks base method.
+func (m *MockFlags) Changed(arg0 string) bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Changed", arg0)
+	ret0, _ := ret[0].(bool)
+	return ret0
+}
+
+// Changed indicates an expected call of Changed.
+func (mr *MockFlagsMockRecorder) Changed(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Changed", reflect.TypeOf((*MockFlags)(nil).Changed), arg0)
+}
+
+// GetBool mocks base method.
+func (m *MockFlags) GetBool(arg0 string) (bool, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetBool", arg0)
+	ret0, _ := ret[0].(bool)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetBool indicates an expected call of GetBool.
+func (mr *MockFlagsMockRecorder) GetBool(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetBool", reflect.TypeOf((*MockFlags)(nil).GetBool), arg0)
+}
+
+// GetInt mocks base method.
+func (m *MockFlags) GetInt(arg0 string) (int, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetInt", arg0)
+	ret0, _ := ret[0].(int)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetInt indicates an expected call of GetInt.
+func (mr *MockFlagsMockRecorder) GetInt(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInt", reflect.TypeOf((*MockFlags)(nil).GetInt), arg0)
+}
+
+// GetString mocks base method.
+func (m *MockFlags) GetString(arg0 string) (string, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetString", arg0)
+	ret0, _ := ret[0].(string)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetString indicates an expected call of GetString.
+func (mr *MockFlagsMockRecorder) GetString(arg0 any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetString", reflect.TypeOf((*MockFlags)(nil).GetString), arg0)
+}
--- a/pkg/sync/action-general.go
+++ b/pkg/sync/action-general.go
@@ -0,0 +1,275 @@
+package sync
+
+import (
+	"github.com/bakito/adguardhome-sync/pkg/client"
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
+	"go.uber.org/zap"
+)
+
+var (
+	actionProfileInfo = func(ac *actionContext) error {
+		if pro, err := ac.client.ProfileInfo(); err != nil {
+			return err
+		} else if merged := pro.ShouldSyncFor(ac.origin.profileInfo); merged != nil {
+			return ac.client.SetProfileInfo(merged)
+		}
+		return nil
+	}
+	actionProtection = func(ac *actionContext) error {
+		if ac.origin.status.ProtectionEnabled != ac.replicaStatus.ProtectionEnabled {
+			return ac.client.ToggleProtection(ac.origin.status.ProtectionEnabled)
+		}
+		return nil
+	}
+	actionParental = func(ac *actionContext) error {
+		if rp, err := ac.client.Parental(); err != nil {
+			return err
+		} else if ac.origin.parental != rp {
+			return ac.client.ToggleParental(ac.origin.parental)
+		}
+		return nil
+	}
+	actionSafeSearchConfig = func(ac *actionContext) error {
+		if ssc, err := ac.client.SafeSearchConfig(); err != nil {
+			return err
+		} else if !ac.origin.safeSearch.Equals(ssc) {
+			return ac.client.SetSafeSearchConfig(ac.origin.safeSearch)
+		}
+		return nil
+	}
+	actionSafeBrowsing = func(ac *actionContext) error {
+		if rs, err := ac.client.SafeBrowsing(); err != nil {
+			return err
+		} else if ac.origin.safeBrowsing != rs {
+			if err = ac.client.ToggleSafeBrowsing(ac.origin.safeBrowsing); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	actionQueryLogConfig = func(ac *actionContext) error {
+		qlc, err := ac.client.QueryLogConfig()
+		if err != nil {
+			return err
+		}
+		if !ac.origin.queryLogConfig.Equals(qlc) {
+			return ac.client.SetQueryLogConfig(ac.origin.queryLogConfig)
+		}
+		return nil
+	}
+	actionStatsConfig = func(ac *actionContext) error {
+		sc, err := ac.client.StatsConfig()
+		if err != nil {
+			return err
+		}
+		if !sc.Equals(ac.origin.statsConfig) {
+			return ac.client.SetStatsConfig(ac.origin.statsConfig)
+		}
+		return nil
+	}
+	actionDNSRewrites = func(ac *actionContext) error {
+		replicaRewrites, err := ac.client.RewriteList()
+		if err != nil {
+			return err
+		}
+
+		a, r, d := replicaRewrites.Merge(ac.origin.rewrites)
+
+		if err = ac.client.DeleteRewriteEntries(r...); err != nil {
+			return err
+		}
+		if err = ac.client.AddRewriteEntries(a...); err != nil {
+			return err
+		}
+
+		for _, dupl := range d {
+			ac.rl.With("domain", dupl.Domain, "answer", dupl.Answer).Warn("Skipping duplicated rewrite from source")
+		}
+		return nil
+	}
+	actionFilters = func(ac *actionContext) error {
+		rf, err := ac.client.Filtering()
+		if err != nil {
+			return err
+		}
+
+		if err = syncFilterType(ac.rl, ac.origin.filters.Filters, rf.Filters, false, ac.client, ac.continueOnError); err != nil {
+			return err
+		}
+		if err = syncFilterType(ac.rl, ac.origin.filters.WhitelistFilters, rf.WhitelistFilters, true, ac.client, ac.continueOnError); err != nil {
+			return err
+		}
+
+		if utils.PtrToString(ac.origin.filters.UserRules) != utils.PtrToString(rf.UserRules) {
+			return ac.client.SetCustomRules(ac.origin.filters.UserRules)
+		}
+
+		if ac.origin.filters.Enabled != rf.Enabled || ac.origin.filters.Interval != rf.Interval {
+			return ac.client.ToggleFiltering(*ac.origin.filters.Enabled, *ac.origin.filters.Interval)
+		}
+		return nil
+	}
+
+	actionBlockedServicesSchedule = func(ac *actionContext) error {
+		rbss, err := ac.client.BlockedServicesSchedule()
+		if err != nil {
+			return err
+		}
+
+		if !ac.origin.blockedServicesSchedule.Equals(rbss) {
+			return ac.client.SetBlockedServicesSchedule(ac.origin.blockedServicesSchedule)
+		}
+		return nil
+	}
+	actionClientSettings = func(ac *actionContext) error {
+		rc, err := ac.client.Clients()
+		if err != nil {
+			return err
+		}
+
+		a, u, r := rc.Merge(ac.origin.clients)
+
+		for _, client := range r {
+			if err := ac.client.DeleteClient(client); err != nil {
+				ac.rl.With("client-name", client.Name, "error", err).Error("error deleting client setting")
+				if !ac.continueOnError {
+					return err
+				}
+			}
+		}
+
+		for _, client := range a {
+			if err := ac.client.AddClient(client); err != nil {
+				ac.rl.With("client-name", client.Name, "error", err).Error("error adding client setting")
+				if !ac.continueOnError {
+					return err
+				}
+			}
+		}
+
+		for _, client := range u {
+			if err := ac.client.UpdateClient(client); err != nil {
+				ac.rl.With("client-name", client.Name, "error", err).Error("error updating client setting")
+				if !ac.continueOnError {
+					return err
+				}
+			}
+		}
+
+		return nil
+	}
+
+	actionDNSAccessLists = func(ac *actionContext) error {
+		al, err := ac.client.AccessList()
+		if err != nil {
+			return err
+		}
+		if !al.Equals(ac.origin.accessList) {
+			return ac.client.SetAccessList(ac.origin.accessList)
+		}
+		return nil
+	}
+	actionDNSServerConfig = func(ac *actionContext) error {
+		dc, err := ac.client.DNSConfig()
+		if err != nil {
+			return err
+		}
+
+		// dc.Sanitize(ac.rl)
+
+		if !dc.Equals(ac.origin.dnsConfig) {
+			if err = ac.client.SetDNSConfig(ac.origin.dnsConfig); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+	actionDHCPServerConfig = func(ac *actionContext) error {
+		if ac.origin.dhcpServerConfig.HasConfig() {
+			sc, err := ac.client.DhcpConfig()
+			if err != nil {
+				return err
+			}
+			origClone := ac.origin.dhcpServerConfig.Clone()
+			if ac.replica.InterfaceName != "" {
+				// overwrite interface name
+				origClone.InterfaceName = utils.Ptr(ac.replica.InterfaceName)
+			}
+			if ac.replica.DHCPServerEnabled != nil {
+				// overwrite dhcp enabled
+				origClone.Enabled = ac.replica.DHCPServerEnabled
+			}
+
+			if !sc.CleanAndEquals(origClone) {
+				return ac.client.SetDhcpConfig(origClone)
+			}
+		}
+		return nil
+	}
+	actionDHCPStaticLeases = func(ac *actionContext) error {
+		sc, err := ac.client.DhcpConfig()
+		if err != nil {
+			return err
+		}
+
+		a, r := model.MergeDhcpStaticLeases(sc.StaticLeases, ac.origin.dhcpServerConfig.StaticLeases)
+
+		for _, lease := range r {
+			if err := ac.client.DeleteDHCPStaticLease(lease); err != nil {
+				ac.rl.With("hostname", lease.Hostname, "error", err).Error("error deleting dhcp static lease")
+				if !ac.continueOnError {
+					return err
+				}
+			}
+		}
+
+		for _, lease := range a {
+			if err := ac.client.AddDHCPStaticLease(lease); err != nil {
+				ac.rl.With("hostname", lease.Hostname, "error", err).Error("error adding dhcp static lease")
+				if !ac.continueOnError {
+					return err
+				}
+			}
+		}
+		return nil
+	}
+)
+
+func syncFilterType(rl *zap.SugaredLogger, of *[]model.Filter, rFilters *[]model.Filter, whitelist bool, replica client.Client, continueOnError bool) error {
+	fa, fu, fd := model.MergeFilters(rFilters, of)
+
+	for _, f := range fd {
+		if err := replica.DeleteFilter(whitelist, f); err != nil {
+			rl.With("filter", f.Name, "url", f.Url, "whitelist", whitelist, "error", err).Error("error deleting filter")
+			if !continueOnError {
+				return err
+			}
+		}
+	}
+
+	for _, f := range fa {
+		if err := replica.AddFilter(whitelist, f); err != nil {
+			rl.With("filter", f.Name, "url", f.Url, "whitelist", whitelist, "error", err).Error("error adding filter")
+			if !continueOnError {
+				return err
+			}
+		}
+	}
+
+	for _, f := range fu {
+		if err := replica.UpdateFilter(whitelist, f); err != nil {
+			rl.With("filter", f.Name, "url", f.Url, "whitelist", whitelist, "error", err).Error("error updating filter")
+			if !continueOnError {
+				return err
+			}
+		}
+	}
+
+	if len(fa) > 0 || len(fu) > 0 {
+		if err := replica.RefreshFilters(whitelist); err != nil {
+			return err
+		}
+	}
+	return nil
+}
--- a/pkg/sync/action.go
+++ b/pkg/sync/action.go
@@ -0,0 +1,103 @@
+package sync
+
+import (
+	"github.com/bakito/adguardhome-sync/pkg/client"
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+	"go.uber.org/zap"
+)
+
+func setupActions(cfg *types.Config) (actions []syncAction) {
+	if cfg.Features.GeneralSettings {
+		actions = append(actions,
+			action("profile info", actionProfileInfo),
+			action("protection", actionProtection),
+			action("parental", actionParental),
+			action("safe search config", actionSafeSearchConfig),
+			action("safe browsing", actionSafeBrowsing),
+		)
+	}
+	if cfg.Features.QueryLogConfig {
+		actions = append(actions,
+			action("query log config", actionQueryLogConfig),
+		)
+	}
+	if cfg.Features.StatsConfig {
+		actions = append(actions,
+			action("stats config", actionStatsConfig),
+		)
+	}
+	if cfg.Features.DNS.Rewrites {
+		actions = append(actions,
+			action("DNS rewrites", actionDNSRewrites),
+		)
+	}
+	if cfg.Features.Filters {
+		actions = append(actions,
+			action("actionFilters", actionFilters),
+		)
+	}
+	if cfg.Features.Services {
+		actions = append(actions,
+			action("blocked services schedule", actionBlockedServicesSchedule),
+		)
+	}
+	if cfg.Features.ClientSettings {
+		actions = append(actions,
+			action("client settings", actionClientSettings),
+		)
+	}
+	if cfg.Features.DNS.AccessLists {
+		actions = append(actions,
+			action("DNS access lists", actionDNSAccessLists),
+		)
+	}
+
+	if cfg.Features.DNS.ServerConfig {
+		actions = append(actions,
+			action("DNS server config", actionDNSServerConfig),
+		)
+	}
+	if cfg.Features.DHCP.ServerConfig {
+		actions = append(actions,
+			action("DHCP server config", actionDHCPServerConfig),
+		)
+	}
+	if cfg.Features.DHCP.StaticLeases {
+		actions = append(actions,
+			action("DHCP static leases", actionDHCPStaticLeases),
+		)
+	}
+	return actions
+}
+
+type syncAction interface {
+	sync(ac *actionContext) error
+	name() string
+}
+
+type actionContext struct {
+	rl              *zap.SugaredLogger
+	origin          *origin
+	client          client.Client
+	replicaStatus   *model.ServerStatus
+	continueOnError bool
+	replica         types.AdGuardInstance
+}
+
+type defaultAction struct {
+	myName string
+	doSync func(ac *actionContext) error
+}
+
+func action(name string, f func(ac *actionContext) error) syncAction {
+	return &defaultAction{myName: name, doSync: f}
+}
+
+func (d *defaultAction) sync(ac *actionContext) error {
+	return d.doSync(ac)
+}
+
+func (d *defaultAction) name() string {
+	return d.myName
+}
--- a/pkg/sync/http.go
+++ b/pkg/sync/http.go
@@ -15,6 +15,7 @@ import (
 	"time"

 	"github.com/bakito/adguardhome-sync/pkg/log"
+	"github.com/bakito/adguardhome-sync/pkg/metrics"
 	"github.com/bakito/adguardhome-sync/version"
 	"github.com/gin-gonic/gin"
 )
@@ -33,9 +34,10 @@ func (w *worker) handleSync(c *gin.Context) {

 func (w *worker) handleRoot(c *gin.Context) {
 	c.HTML(http.StatusOK, "index.html", map[string]interface{}{
-		"DarkMode": w.cfg.API.DarkMode,
-		"Version":  version.Version,
-		"Build":    version.Build,
+		"DarkMode":   w.cfg.API.DarkMode,
+		"Version":    version.Version,
+		"Build":      version.Build,
+		"SyncStatus": w.status(),
 	},
 	)
 }
@@ -48,8 +50,22 @@ func (w *worker) handleLogs(c *gin.Context) {
 	c.Data(http.StatusOK, "text/plain", []byte(strings.Join(log.Logs(), "")))
 }

+func (w *worker) handleClearLogs(c *gin.Context) {
+	log.Clear()
+	c.Data(http.StatusOK, "text/plain", []byte{})
+}
+
+func (w *worker) handleStatus(c *gin.Context) {
+	c.JSON(http.StatusOK, w.status())
+}
+
 func (w *worker) listenAndServe() {
-	l.With("port", w.cfg.API.Port).Info("Starting API server")
+	sl := l.With("port", w.cfg.API.Port)
+	if w.cfg.API.TLS.Enabled() {
+		c, k := w.cfg.API.TLS.Certs()
+		sl = sl.With("tls-cert", c).With("tls-key", k)
+	}
+	sl.Info("Starting API server")

 	ctx, cancel := context.WithCancel(context.Background())

@@ -69,11 +85,25 @@ func (w *worker) listenAndServe() {
 	r.SetHTMLTemplate(template.Must(template.New("index.html").Parse(string(index))))
 	r.POST("/api/v1/sync", w.handleSync)
 	r.GET("/api/v1/logs", w.handleLogs)
+	r.POST("/api/v1/clear-logs", w.handleClearLogs)
+	r.GET("/api/v1/status", w.handleStatus)
 	r.GET("/favicon.ico", w.handleFavicon)
 	r.GET("/", w.handleRoot)
+	if w.cfg.API.Metrics.Enabled {
+		r.GET("/metrics", metrics.Handler())
+
+		go w.startScraping()
+	}

 	go func() {
-		if err := httpServer.ListenAndServe(); !errors.Is(err, http.ErrServerClosed) {
+		var err error
+		if w.cfg.API.TLS.Enabled() {
+			err = httpServer.ListenAndServeTLS(w.cfg.API.TLS.Certs())
+		} else {
+			err = httpServer.ListenAndServe()
+		}
+
+		if !errors.Is(err, http.ErrServerClosed) {
 			l.With("error", err).Fatalf("HTTP server ListenAndServe")
 		}
 	}()
@@ -95,7 +125,7 @@ func (w *worker) listenAndServe() {
 		l.Fatal("os.Kill - terminating...")
 	}()

-	gracefullCtx, cancelShutdown := context.WithTimeout(context.Background(), 5*time.Second)
+	gracefulCtx, cancelShutdown := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancelShutdown()

 	if w.cron != nil {
@@ -103,7 +133,7 @@ func (w *worker) listenAndServe() {
 		w.cron.Stop()
 	}

-	if err := httpServer.Shutdown(gracefullCtx); err != nil {
+	if err := httpServer.Shutdown(gracefulCtx); err != nil {
 		l.With("error", err).Error("Shutdown error")
 		defer os.Exit(1)
 	} else {
@@ -115,3 +145,17 @@ func (w *worker) listenAndServe() {

 	defer os.Exit(0)
 }
+
+type syncStatus struct {
+	SyncRunning bool            `json:"syncRunning"`
+	Origin      replicaStatus   `json:"origin"`
+	Replicas    []replicaStatus `json:"replicas"`
+}
+
+type replicaStatus struct {
+	Host              string `json:"host"`
+	URL               string `json:"url"`
+	Status            string `json:"status"`
+	Error             string `json:"error,omitempty"`
+	ProtectionEnabled *bool  `json:"protection_enabled"`
+}
--- a/pkg/sync/index.html
+++ b/pkg/sync/index.html
@@ -1,7 +1,13 @@
-<html>
+<html lang="en">
 <head>
    <title>AdGuardHome sync</title>
-    <script type="text/javascript" src="https://code.jquery.com/jquery-3.6.0.min.js">
+    <script type="text/javascript" src="https://code.jquery.com/jquery-3.7.1.min.js">
+    </script>
+    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.12.9/dist/umd/popper.min.js"
+            integrity="sha384-ApNbgh9B+Y1QKtv3Rn7W3mgPxhU9K/ScQsAP7hUibX39j7fakFPskvXusvfa0b4Q" crossorigin="anonymous">
+    </script>
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.0.0/dist/js/bootstrap.min.js"
+            integrity="sha384-JZR6Spejh4U02d8jOt6vLEHfe/JQGiRRSQQxSfFWpi1MquVdAyjUar5+76PVCmYl" crossorigin="anonymous">
    </script>
    {{- if .DarkMode }}
    <link rel="stylesheet" href="https://bootswatch.com/5/darkly/bootstrap.min.css"
@@ -18,27 +24,65 @@
                        $('#logs').html(data);
                    }
                );
+                $.get("api/v1/status", {}, function (status) {
+                        $('#origin').removeClass(function (index, className) {
+                            return (className.match(/(^|\s)btn-\S+/g) || []).join(' ');
+                        }).addClass("btn-" + status.origin.status).attr('title', status.origin.error);
+                        status.replicas.forEach(function (replica, i) {
+                            $('#replica_' + i).removeClass(function (index, className) {
+                                return (className.match(/(^|\s)btn-\S+/g) || []).join(' ');
+                            }).addClass("btn-" + replica.status).attr('title', replica.error);
+                        });
+                    }
+                );
+            });
+            $("#clearLogs").click(function () {
+                $.post("api/v1/clear-logs", {}, function () {
+                        $('#logs').html("");
+                    }
+                );
            });
            $("#sync").click(function () {
                $.post("api/v1/sync", {}, function (data) {
                });
+                $("#showLogs").click();
            });
-            $("#showLogs").click()
+            $("#showLogs").click();
        });
    </script>
    <link rel="shortcut icon" href="favicon.ico">
 </head>
 <body>
-<div class="container-fluid  px-4">
+<div class="container-fluid px-4">
    <div class="row">
-        <p class="h1">AdGuardHome sync
-        <p class="h6">{{ .Version }} ({{ .Build }})</p></p>
+        <p class="h1">
+            AdGuardHome sync
+        <p class="h6">{{ .Version }} ({{ .Build }})</p>
+        </p>
    </div>
    <div class="row">
        <div class="col">
            <div class="btn-group" role="group">
-                <input class="btn btn-success" type="button" id="sync" value="Synchronize"/>
-                <input class="btn btn-secondary" type="button" id="showLogs" value="Update Logs"/>
+                <button type="button" class="btn btn-success" id="sync">Synchronize</button>
+                <button type="button" class="btn btn-secondary" id="showLogs">Update Logs</button>
+                <button type="button" class="btn btn-secondary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                </button>
+                <div class="dropdown-menu">
+                    <a class="dropdown-item" href="#" id="clearLogs">Clear Logs</a>
+                </div>
+
+            </div>
+        </div>
+        <div class="col col-md-auto">
+            <div class="btn-group float-right" role="group">
+                <a href="{{ .SyncStatus.Origin.URL }}" target="_blank" class="btn btn-{{ .SyncStatus.Origin.Status }}"
+                   type="button" id="origin"
+                   {{ if .SyncStatus.Origin.Error }} title="{{ .SyncStatus.Origin.Error }}" {{ end }}>Origin {{ .SyncStatus.Origin.Host }}</a>
+                {{ range $i, $r := .SyncStatus.Replicas }}
+                <a href="{{ $r.URL }}" target="_blank" class="btn btn-{{ $r.Status }}"
+                   type="button" id="replica_{{ $i }}"
+                   {{ if $r.Error }} title="{{ $r.Error }}" {{ end }} >Replica {{ $r.Host }}</a>
+                {{ end }}
            </div>
        </div>
    </div>
@@ -49,4 +93,4 @@
    </div>
 </div>
 </body>
-</html>
+</html>
--- a/pkg/sync/scrape.go
+++ b/pkg/sync/scrape.go
@@ -0,0 +1,50 @@
+package sync
+
+import (
+	"time"
+
+	"github.com/bakito/adguardhome-sync/pkg/metrics"
+	"github.com/bakito/adguardhome-sync/pkg/types"
+)
+
+func (w *worker) startScraping() {
+	metrics.Init()
+	if w.cfg.API.Metrics.ScrapeInterval == 0 {
+		w.cfg.API.Metrics.ScrapeInterval = 30 * time.Second
+	}
+	if w.cfg.API.Metrics.QueryLogLimit == 0 {
+		w.cfg.API.Metrics.QueryLogLimit = 10_000
+	}
+	l.With(
+		"scrape-interval", w.cfg.API.Metrics.ScrapeInterval,
+		"query-log-limit", w.cfg.API.Metrics.QueryLogLimit,
+	).Info("setup metrics")
+	w.scrape()
+	for range time.Tick(w.cfg.API.Metrics.ScrapeInterval) {
+		w.scrape()
+	}
+}
+
+func (w *worker) scrape() {
+	var ims []metrics.InstanceMetrics
+
+	ims = append(ims, w.getMetrics(w.cfg.Origin))
+	for _, replica := range w.cfg.Replicas {
+		ims = append(ims, w.getMetrics(replica))
+	}
+	metrics.Update(ims...)
+}
+
+func (w *worker) getMetrics(inst types.AdGuardInstance) (im metrics.InstanceMetrics) {
+	client, err := w.createClient(inst)
+	if err != nil {
+		l.With("error", err, "url", w.cfg.Origin.URL).Error("Error creating origin client")
+		return
+	}
+
+	im.HostName = inst.Host
+	im.Status, _ = client.Status()
+	im.Stats, _ = client.Stats()
+	im.QueryLog, _ = client.QueryLog(w.cfg.API.Metrics.QueryLogLimit)
+	return
+}
--- a/pkg/sync/sync.go
+++ b/pkg/sync/sync.go
@@ -3,11 +3,15 @@ package sync
 import (
 	"errors"
 	"fmt"
+	"runtime"
+	"sort"
 	"time"

 	"github.com/bakito/adguardhome-sync/pkg/client"
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
 	"github.com/bakito/adguardhome-sync/pkg/log"
 	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
 	"github.com/bakito/adguardhome-sync/pkg/versions"
 	"github.com/bakito/adguardhome-sync/version"
 	"github.com/robfig/cron/v3"
@@ -26,7 +30,13 @@ func Sync(cfg *types.Config) error {
 		return fmt.Errorf("no replicas configured")
 	}

-	l.With("version", version.Version, "build", version.Build).Info("AdGuardHome sync")
+	l.With(
+		"version", version.Version,
+		"build", version.Build,
+		"os", runtime.GOOS,
+		"arch", runtime.GOARCH,
+	).Info("AdGuardHome sync")
+	cfg.Log(l)
 	cfg.Features.LogDisabled(l)
 	cfg.Origin.AutoSetup = false

@@ -80,6 +90,57 @@ type worker struct {
 	running      bool
 	cron         *cron.Cron
 	createClient func(instance types.AdGuardInstance) (client.Client, error)
+	actions      []syncAction
+}
+
+func (w *worker) status() *syncStatus {
+	syncStatus := &syncStatus{
+		Origin: w.getStatus(w.cfg.Origin),
+	}
+
+	for _, replica := range w.cfg.Replicas {
+		st := w.getStatus(replica)
+		if w.running {
+			st.Status = "info"
+		}
+		syncStatus.Replicas = append(syncStatus.Replicas, st)
+	}
+
+	sort.Slice(syncStatus.Replicas, func(i, j int) bool {
+		return syncStatus.Replicas[i].Host < syncStatus.Replicas[j].Host
+	})
+
+	syncStatus.SyncRunning = w.running
+
+	return syncStatus
+}
+
+func (w *worker) getStatus(inst types.AdGuardInstance) (st replicaStatus) {
+	st = replicaStatus{Host: inst.WebHost, URL: inst.WebURL}
+
+	oc, err := w.createClient(inst)
+	if err != nil {
+		l.With("error", err, "url", w.cfg.Origin.URL).Error("Error creating origin client")
+		st.Status = "danger"
+		st.Error = err.Error()
+		return
+	}
+	sl := l.With("from", inst.WebHost)
+	status, err := oc.Status()
+	if err != nil {
+		if errors.Is(err, client.ErrSetupNeeded) {
+			st.Status = "warning"
+			st.Error = err.Error()
+			return
+		}
+		sl.With("error", err).Error("Error getting origin status")
+		st.Status = "danger"
+		st.Error = err.Error()
+		return
+	}
+	st.Status = "success"
+	st.ProtectionEnabled = utils.Ptr(status.ProtectionEnabled)
+	return
 }

 func (w *worker) sync() {
@@ -112,12 +173,18 @@ func (w *worker) sync() {

 	sl.With("version", o.status.Version).Info("Connected to origin")

+	o.profileInfo, err = oc.ProfileInfo()
+	if err != nil {
+		sl.With("error", err).Error("Error getting profileInfo info")
+		return
+	}
+
 	o.parental, err = oc.Parental()
 	if err != nil {
 		sl.With("error", err).Error("Error getting parental status")
 		return
 	}
-	o.safeSearch, err = oc.SafeSearch()
+	o.safeSearch, err = oc.SafeSearchConfig()
 	if err != nil {
 		sl.With("error", err).Error("Error getting safe search status")
 		return
@@ -134,15 +201,15 @@ func (w *worker) sync() {
 		return
 	}

-	o.services, err = oc.Services()
+	o.blockedServicesSchedule, err = oc.BlockedServicesSchedule()
 	if err != nil {
-		sl.With("error", err).Error("Error getting origin services")
+		sl.With("error", err).Error("Error getting origin blocked services schedule")
 		return
 	}

 	o.filters, err = oc.Filtering()
 	if err != nil {
-		sl.With("error", err).Error("Error getting origin filters")
+		sl.With("error", err).Error("Error getting origin actionFilters")
 		return
 	}
 	o.clients, err = oc.Clients()
@@ -174,13 +241,15 @@ func (w *worker) sync() {
 	}

 	if w.cfg.Features.DHCP.ServerConfig || w.cfg.Features.DHCP.StaticLeases {
-		o.dhcpServerConfig, err = oc.DHCPServerConfig()
+		o.dhcpServerConfig, err = oc.DhcpConfig()
 		if err != nil {
 			sl.With("error", err).Error("Error getting dhcp server config")
 			return
 		}
 	}

+	w.actions = setupActions(w.cfg)
+
 	replicas := w.cfg.UniqueReplicas()
 	for _, replica := range replicas {
 		w.syncTo(sl, o, replica)
@@ -197,78 +266,44 @@ func (w *worker) syncTo(l *zap.SugaredLogger, o *origin, replica types.AdGuardIn
 	rl := l.With("to", rc.Host())
 	rl.Info("Start sync")

-	rs, err := w.statusWithSetup(rl, replica, rc)
+	replicaStatus, err := w.statusWithSetup(rl, replica, rc)
 	if err != nil {
 		rl.With("error", err).Error("Error getting replica status")
 		return
 	}

-	rl.With("version", rs.Version).Info("Connected to replica")
+	rl.With("version", replicaStatus.Version).Info("Connected to replica")

-	if versions.IsNewerThan(versions.MinAgh, rs.Version) {
-		rl.With("error", err, "version", rs.Version).Errorf("Replica AdGuard Home version must be >= %s", versions.MinAgh)
+	if versions.IsNewerThan(versions.MinAgh, replicaStatus.Version) {
+		rl.With("error", err, "version", replicaStatus.Version).Errorf("Replica AdGuard Home version must be >= %s", versions.MinAgh)
 		return
 	}

-	if versions.IsSame(rs.Version, versions.IncompatibleAPI) {
-		rl.With("error", err, "version", rs.Version).Errorf("Replica AdGuard Home runs with an incompatible API - Please ugrade to version %s or newer", versions.FixedIncompatibleAPI)
-		return
+	if o.status.Version != replicaStatus.Version {
+		rl.With("originVersion", o.status.Version, "replicaVersion", replicaStatus.Version).Warn("Versions do not match")
 	}

-	if o.status.Version != rs.Version {
-		rl.With("originVersion", o.status.Version, "replicaVersion", rs.Version).Warn("Versions do not match")
+	ac := &actionContext{
+		continueOnError: w.cfg.ContinueOnError,
+		rl:              rl,
+		origin:          o,
+		replicaStatus:   replicaStatus,
+		client:          rc,
+		replica:         replica,
 	}
-
-	err = w.syncGeneralSettings(o, rs, rc)
-	if err != nil {
-		rl.With("error", err).Error("Error syncing general settings")
-		return
-	}
-
-	err = w.syncConfigs(o, rc)
-	if err != nil {
-		rl.With("error", err).Error("Error syncing configs")
-		return
-	}
-
-	err = w.syncRewrites(rl, o.rewrites, rc)
-	if err != nil {
-		rl.With("error", err).Error("Error syncing rewrites")
-		return
-	}
-	err = w.syncFilters(o.filters, rc)
-	if err != nil {
-		rl.With("error", err).Error("Error syncing filters")
-		return
-	}
-
-	err = w.syncServices(o.services, rc)
-	if err != nil {
-		rl.With("error", err).Error("Error syncing services")
-		return
-	}
-
-	if err = w.syncClients(o.clients, rc); err != nil {
-		rl.With("error", err).Error("Error syncing clients")
-		return
-	}
-
-	if err = w.syncDNS(o.accessList, o.dnsConfig, rc); err != nil {
-		rl.With("error", err).Error("Error syncing dns")
-		return
-	}
-
-	if w.cfg.Features.DHCP.ServerConfig || w.cfg.Features.DHCP.StaticLeases {
-		if err = w.syncDHCPServer(o.dhcpServerConfig, rc, replica); err != nil {
-			rl.With("error", err).Error("Error syncing dns")
-			return
+	for _, action := range w.actions {
+		if err := action.sync(ac); err != nil {
+			rl.With("error", err).Errorf("Error syncing %s", action.name())
+			if !w.cfg.ContinueOnError {
+				return
+			}
 		}
 	}

 	rl.Info("Sync done")
 }

-func (w *worker) statusWithSetup(rl *zap.SugaredLogger, replica types.AdGuardInstance, rc client.Client) (*types.Status, error) {
+func (w *worker) statusWithSetup(rl *zap.SugaredLogger, replica types.AdGuardInstance, rc client.Client) (*model.ServerStatus, error) {
 	rs, err := rc.Status()
 	if err != nil {
 		if replica.AutoSetup && errors.Is(err, client.ErrSetupNeeded) {
@@ -283,247 +318,19 @@ func (w *worker) statusWithSetup(rl *zap.SugaredLogger, replica types.AdGuardIns
 	return rs, err
 }

-func (w *worker) syncServices(os types.Services, replica client.Client) error {
-	if w.cfg.Features.Services {
-		rs, err := replica.Services()
-		if err != nil {
-			return err
-		}
-
-		if !os.Equals(rs) {
-			if err := replica.SetServices(os); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncFilters(of *types.FilteringStatus, replica client.Client) error {
-	if w.cfg.Features.Filters {
-		rf, err := replica.Filtering()
-		if err != nil {
-			return err
-		}
-
-		if err = w.syncFilterType(of.Filters, rf.Filters, false, replica); err != nil {
-			return err
-		}
-		if err = w.syncFilterType(of.WhitelistFilters, rf.WhitelistFilters, true, replica); err != nil {
-			return err
-		}
-
-		if of.UserRules.String() != rf.UserRules.String() {
-			return replica.SetCustomRules(of.UserRules)
-		}
-
-		if of.Enabled != rf.Enabled || of.Interval != rf.Interval {
-			if err = replica.ToggleFiltering(of.Enabled, of.Interval); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncFilterType(of types.Filters, rFilters types.Filters, whitelist bool, replica client.Client) error {
-	fa, fu, fd := rFilters.Merge(of)
-
-	if err := replica.DeleteFilters(whitelist, fd...); err != nil {
-		return err
-	}
-	if err := replica.AddFilters(whitelist, fa...); err != nil {
-		return err
-	}
-	if err := replica.UpdateFilters(whitelist, fu...); err != nil {
-		return err
-	}
-
-	if len(fa) > 0 || len(fu) > 0 {
-		if err := replica.RefreshFilters(whitelist); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncRewrites(rl *zap.SugaredLogger, or *types.RewriteEntries, replica client.Client) error {
-	if w.cfg.Features.DNS.Rewrites {
-		replicaRewrites, err := replica.RewriteList()
-		if err != nil {
-			return err
-		}
-
-		a, r, d := replicaRewrites.Merge(or)
-
-		if err = replica.DeleteRewriteEntries(r...); err != nil {
-			return err
-		}
-		if err = replica.AddRewriteEntries(a...); err != nil {
-			return err
-		}
-
-		for _, dupl := range d {
-			rl.With("domain", dupl.Domain, "answer", dupl.Answer).Warn("Skipping duplicated rewrite from source")
-		}
-	}
-
-	return nil
-}
-
-func (w *worker) syncClients(oc *types.Clients, replica client.Client) error {
-	if w.cfg.Features.ClientSettings {
-		rc, err := replica.Clients()
-		if err != nil {
-			return err
-		}
-
-		a, u, r := rc.Merge(oc)
-
-		if err = replica.DeleteClients(r...); err != nil {
-			return err
-		}
-		if err = replica.AddClients(a...); err != nil {
-			return err
-		}
-		if err = replica.UpdateClients(u...); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncGeneralSettings(o *origin, rs *types.Status, replica client.Client) error {
-	if w.cfg.Features.GeneralSettings {
-		if o.status.ProtectionEnabled != rs.ProtectionEnabled {
-			if err := replica.ToggleProtection(o.status.ProtectionEnabled); err != nil {
-				return err
-			}
-		}
-		if rp, err := replica.Parental(); err != nil {
-			return err
-		} else if o.parental != rp {
-			if err = replica.ToggleParental(o.parental); err != nil {
-				return err
-			}
-		}
-		if rs, err := replica.SafeSearch(); err != nil {
-			return err
-		} else if o.safeSearch != rs {
-			if err = replica.ToggleSafeSearch(o.safeSearch); err != nil {
-				return err
-			}
-		}
-		if rs, err := replica.SafeBrowsing(); err != nil {
-			return err
-		} else if o.safeBrowsing != rs {
-			if err = replica.ToggleSafeBrowsing(o.safeBrowsing); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncConfigs(o *origin, rc client.Client) error {
-	if w.cfg.Features.QueryLogConfig {
-		qlc, err := rc.QueryLogConfig()
-		if err != nil {
-			return err
-		}
-		if !o.queryLogConfig.Equals(qlc) {
-			if err = rc.SetQueryLogConfig(o.queryLogConfig.Enabled, o.queryLogConfig.Interval, o.queryLogConfig.AnonymizeClientIP); err != nil {
-				return err
-			}
-		}
-	}
-	if w.cfg.Features.StatsConfig {
-		sc, err := rc.StatsConfig()
-		if err != nil {
-			return err
-		}
-		if o.statsConfig.Interval != sc.Interval {
-			if err = rc.SetStatsConfig(o.statsConfig.Interval); err != nil {
-				return err
-			}
-		}
-	}
-
-	return nil
-}
-
-func (w *worker) syncDNS(oal *types.AccessList, odc *types.DNSConfig, rc client.Client) error {
-	if w.cfg.Features.DNS.AccessLists {
-		al, err := rc.AccessList()
-		if err != nil {
-			return err
-		}
-		if !al.Equals(oal) {
-			if err = rc.SetAccessList(oal); err != nil {
-				return err
-			}
-		}
-	}
-	if w.cfg.Features.DNS.ServerConfig {
-		dc, err := rc.DNSConfig()
-		if err != nil {
-			return err
-		}
-		if !dc.Equals(odc) {
-			if err = rc.SetDNSConfig(odc); err != nil {
-				return err
-			}
-		}
-	}
-	return nil
-}
-
-func (w *worker) syncDHCPServer(osc *types.DHCPServerConfig, rc client.Client, replica types.AdGuardInstance) error {
-	if !w.cfg.Features.DHCP.ServerConfig && !w.cfg.Features.DHCP.StaticLeases {
-		return nil
-	}
-	sc, err := rc.DHCPServerConfig()
-	if w.cfg.Features.DHCP.ServerConfig {
-		if err != nil {
-			return err
-		}
-		origClone := osc.Clone()
-		if replica.InterfaceName != "" {
-			// overwrite interface name
-			origClone.InterfaceName = replica.InterfaceName
-		}
-		if !sc.Equals(origClone) {
-			if err = rc.SetDHCPServerConfig(origClone); err != nil {
-				return err
-			}
-		}
-	}
-
-	if w.cfg.Features.DHCP.StaticLeases {
-		a, r := sc.StaticLeases.Merge(osc.StaticLeases)
-
-		if err = rc.DeleteDHCPStaticLeases(r...); err != nil {
-			return err
-		}
-		if err = rc.AddDHCPStaticLeases(a...); err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
 type origin struct {
-	status           *types.Status
-	rewrites         *types.RewriteEntries
-	services         types.Services
-	filters          *types.FilteringStatus
-	clients          *types.Clients
-	queryLogConfig   *types.QueryLogConfig
-	statsConfig      *types.IntervalConfig
-	accessList       *types.AccessList
-	dnsConfig        *types.DNSConfig
-	dhcpServerConfig *types.DHCPServerConfig
-	parental         bool
-	safeSearch       bool
-	safeBrowsing     bool
+	status                  *model.ServerStatus
+	rewrites                *model.RewriteEntries
+	blockedServicesSchedule *model.BlockedServicesSchedule
+	filters                 *model.FilterStatus
+	clients                 *model.Clients
+	queryLogConfig          *model.QueryLogConfigWithIgnored
+	statsConfig             *model.GetStatsConfigResponse
+	accessList              *model.AccessList
+	dnsConfig               *model.DNSConfig
+	dhcpServerConfig        *model.DhcpStatus
+	parental                bool
+	safeSearch              *model.SafeSearchConfig
+	profileInfo             *model.ProfileInfo
+	safeBrowsing            bool
 }
--- a/pkg/sync/sync_test.go
+++ b/pkg/sync/sync_test.go
@@ -4,13 +4,15 @@ import (
 	"errors"

 	"github.com/bakito/adguardhome-sync/pkg/client"
+	"github.com/bakito/adguardhome-sync/pkg/client/model"
 	clientmock "github.com/bakito/adguardhome-sync/pkg/mocks/client"
 	"github.com/bakito/adguardhome-sync/pkg/types"
+	"github.com/bakito/adguardhome-sync/pkg/utils"
 	"github.com/bakito/adguardhome-sync/pkg/versions"
-	gm "github.com/golang/mock/gomock"
 	"github.com/google/uuid"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	gm "go.uber.org/mock/gomock"
 )

 var _ = Describe("Sync", func() {
@@ -19,6 +21,7 @@ var _ = Describe("Sync", func() {
 		cl       *clientmock.MockClient
 		w        *worker
 		te       error
+		ac       *actionContext
 	)

 	BeforeEach(func() {
@@ -46,251 +49,290 @@ var _ = Describe("Sync", func() {
 					StatsConfig:     true,
 					QueryLogConfig:  true,
 				},
+				Replicas: []types.AdGuardInstance{
+					{},
+				},
 			},
 		}
 		te = errors.New(uuid.NewString())
+
+		ac = &actionContext{
+			continueOnError: false,
+			rl:              l,
+			origin: &origin{
+				profileInfo: &model.ProfileInfo{
+					Name:     "origin",
+					Language: "en",
+					Theme:    "auto",
+				},
+				status:         &model.ServerStatus{},
+				safeSearch:     &model.SafeSearchConfig{},
+				queryLogConfig: &model.QueryLogConfigWithIgnored{},
+				statsConfig:    &model.PutStatsConfigUpdateRequest{},
+			},
+			replicaStatus: &model.ServerStatus{},
+			client:        cl,
+			replica:       w.cfg.Replicas[0],
+		}
 	})
 	AfterEach(func() {
 		defer mockCtrl.Finish()
 	})

 	Context("worker", func() {
-		Context("syncRewrites", func() {
+		Context("actionDNSRewrites", func() {
 			var (
 				domain string
 				answer string
-				reO    types.RewriteEntries
-				reR    types.RewriteEntries
+				reO    model.RewriteEntries
+				reR    model.RewriteEntries
 			)

 			BeforeEach(func() {
 				domain = uuid.NewString()
 				answer = uuid.NewString()
-				reO = []types.RewriteEntry{{Domain: domain, Answer: answer}}
-				reR = []types.RewriteEntry{{Domain: domain, Answer: answer}}
+				reO = model.RewriteEntries{{Domain: utils.Ptr(domain), Answer: utils.Ptr(answer)}}
+				reR = model.RewriteEntries{{Domain: utils.Ptr(domain), Answer: utils.Ptr(answer)}}
 			})
 			It("should have no changes (empty slices)", func() {
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().AddRewriteEntries()
 				cl.EXPECT().DeleteRewriteEntries()
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should add one rewrite entry", func() {
-				reR = []types.RewriteEntry{}
+				reR = []model.RewriteEntry{}
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().AddRewriteEntries(reO[0])
 				cl.EXPECT().DeleteRewriteEntries()
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should remove one rewrite entry", func() {
-				reO = []types.RewriteEntry{}
+				reO = []model.RewriteEntry{}
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().AddRewriteEntries()
 				cl.EXPECT().DeleteRewriteEntries(reR[0])
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should remove one rewrite entry", func() {
-				reO = []types.RewriteEntry{}
+				reO = []model.RewriteEntry{}
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().AddRewriteEntries()
 				cl.EXPECT().DeleteRewriteEntries(reR[0])
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should return error when error on RewriteList()", func() {
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(nil, te)
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).Should(HaveOccurred())
 			})
 			It("should return error when error on AddRewriteEntries()", func() {
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().DeleteRewriteEntries()
 				cl.EXPECT().AddRewriteEntries().Return(te)
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).Should(HaveOccurred())
 			})
 			It("should return error when error on DeleteRewriteEntries()", func() {
+				ac.origin.rewrites = &reO
 				cl.EXPECT().RewriteList().Return(&reR, nil)
 				cl.EXPECT().DeleteRewriteEntries().Return(te)
-				err := w.syncRewrites(l, &reO, cl)
+				err := actionDNSRewrites(ac)
 				Ω(err).Should(HaveOccurred())
 			})
 		})
-		Context("syncClients", func() {
+		Context("actionClientSettings", func() {
 			var (
-				clO  *types.Clients
-				clR  *types.Clients
+				clR  *model.Clients
 				name string
 			)
 			BeforeEach(func() {
 				name = uuid.NewString()
-				clO = &types.Clients{Clients: []types.Client{{Name: name}}}
-				clR = &types.Clients{Clients: []types.Client{{Name: name}}}
+				ac.origin.clients = &model.Clients{Clients: &model.ClientsArray{{Name: utils.Ptr(name)}}}
+				clR = &model.Clients{Clients: &model.ClientsArray{{Name: utils.Ptr(name)}}}
 			})
 			It("should have no changes (empty slices)", func() {
 				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients()
-				cl.EXPECT().DeleteClients()
-				err := w.syncClients(clO, cl)
+				err := actionClientSettings(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should add one client", func() {
-				clR.Clients = []types.Client{}
+				clR.Clients = &model.ClientsArray{}
 				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().AddClients(clO.Clients[0])
-				cl.EXPECT().UpdateClients()
-				cl.EXPECT().DeleteClients()
-				err := w.syncClients(clO, cl)
+				cl.EXPECT().AddClient(&(*ac.origin.clients.Clients)[0])
+				err := actionClientSettings(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should update one client", func() {
-				clR.Clients[0].Disallowed = true
+				(*clR.Clients)[0].FilteringEnabled = utils.Ptr(true)
 				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients(clO.Clients[0])
-				cl.EXPECT().DeleteClients()
-				err := w.syncClients(clO, cl)
+				cl.EXPECT().UpdateClient(&(*ac.origin.clients.Clients)[0])
+				err := actionClientSettings(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should delete one client", func() {
-				clO.Clients = []types.Client{}
+				ac.origin.clients.Clients = &model.ClientsArray{}
 				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients()
-				cl.EXPECT().DeleteClients(clR.Clients[0])
-				err := w.syncClients(clO, cl)
+				cl.EXPECT().DeleteClient(&(*clR.Clients)[0])
+				err := actionClientSettings(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should return error when error on Clients()", func() {
 				cl.EXPECT().Clients().Return(nil, te)
-				err := w.syncClients(clO, cl)
-				Ω(err).Should(HaveOccurred())
-			})
-			It("should return error when error on AddClients()", func() {
-				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().DeleteClients()
-				cl.EXPECT().AddClients().Return(te)
-				err := w.syncClients(clO, cl)
-				Ω(err).Should(HaveOccurred())
-			})
-			It("should return error when error on UpdateClients()", func() {
-				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().DeleteClients()
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients().Return(te)
-				err := w.syncClients(clO, cl)
-				Ω(err).Should(HaveOccurred())
-			})
-			It("should return error when error on DeleteClients()", func() {
-				cl.EXPECT().Clients().Return(clR, nil)
-				cl.EXPECT().DeleteClients().Return(te)
-				err := w.syncClients(clO, cl)
+				err := actionClientSettings(ac)
 				Ω(err).Should(HaveOccurred())
 			})
 		})
-		Context("syncGeneralSettings", func() {
-			var (
-				o  *origin
-				rs *types.Status
-			)
-			BeforeEach(func() {
-				o = &origin{
-					status: &types.Status{},
-				}
-				rs = &types.Status{}
-			})
+		Context("actionParental", func() {
 			It("should have no changes", func() {
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
-				cl.EXPECT().SafeBrowsing()
-				err := w.syncGeneralSettings(o, rs, cl)
-				Ω(err).ShouldNot(HaveOccurred())
-			})
-			It("should have protection enabled changes", func() {
-				o.status.ProtectionEnabled = true
-				cl.EXPECT().ToggleProtection(true)
-				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
-				cl.EXPECT().SafeBrowsing()
-				err := w.syncGeneralSettings(o, rs, cl)
+				err := actionParental(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have parental enabled changes", func() {
-				o.parental = true
+				ac.origin.parental = true
 				cl.EXPECT().Parental()
 				cl.EXPECT().ToggleParental(true)
-				cl.EXPECT().SafeSearch()
-				cl.EXPECT().SafeBrowsing()
-				err := w.syncGeneralSettings(o, rs, cl)
+				err := actionParental(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+		Context("actionProtection", func() {
+			It("should have no changes", func() {
+				err := actionProtection(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should have protection enabled changes", func() {
+				ac.origin.status.ProtectionEnabled = true
+				cl.EXPECT().ToggleProtection(true)
+				err := actionProtection(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+		Context("actionSafeSearchConfig", func() {
+			It("should have no changes", func() {
+				cl.EXPECT().SafeSearchConfig().Return(ac.origin.safeSearch, nil)
+
+				err := actionSafeSearchConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have safeSearch enabled changes", func() {
-				o.safeSearch = true
-				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
-				cl.EXPECT().ToggleSafeSearch(true)
-				cl.EXPECT().SafeBrowsing()
-				err := w.syncGeneralSettings(o, rs, cl)
+				ac.origin.safeSearch = &model.SafeSearchConfig{Enabled: utils.Ptr(true)}
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
+				cl.EXPECT().SetSafeSearchConfig(ac.origin.safeSearch)
+				err := actionSafeSearchConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
+			It("should have Duckduckgo safeSearch enabled changed", func() {
+				ac.origin.safeSearch = &model.SafeSearchConfig{Duckduckgo: utils.Ptr(true)}
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{Google: utils.Ptr(true)}, nil)
+				cl.EXPECT().SetSafeSearchConfig(ac.origin.safeSearch)
+				err := actionSafeSearchConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+		Context("actionProfileInfo", func() {
+			It("should have no changes", func() {
+				cl.EXPECT().ProfileInfo().Return(ac.origin.profileInfo, nil)
+				err := actionProfileInfo(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should have profileInfo language changed", func() {
+				ac.origin.profileInfo.Language = "de"
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{Name: "replica", Language: "en"}, nil)
+				cl.EXPECT().SetProfileInfo(&model.ProfileInfo{
+					Language: "de",
+					Name:     "replica",
+					Theme:    "auto",
+				})
+				err := actionProfileInfo(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should not sync profileInfo if language is not set", func() {
+				ac.origin.profileInfo.Language = ""
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{Name: "replica", Language: "en", Theme: "auto"}, nil)
+				cl.EXPECT().SetProfileInfo(ac.origin.profileInfo).Times(0)
+				err := actionProfileInfo(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should not sync profileInfo if theme is not set", func() {
+				ac.origin.profileInfo.Theme = ""
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{Name: "replica", Language: "en", Theme: "auto"}, nil)
+				cl.EXPECT().SetProfileInfo(ac.origin.profileInfo).Times(0)
+				err := actionProfileInfo(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+		Context("actionSafeBrowsing", func() {
+			It("should have no changes", func() {
+				cl.EXPECT().SafeBrowsing()
+				err := actionSafeBrowsing(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+
 			It("should have safeBrowsing enabled changes", func() {
-				o.safeBrowsing = true
-				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				ac.origin.safeBrowsing = true
 				cl.EXPECT().SafeBrowsing()
 				cl.EXPECT().ToggleSafeBrowsing(true)
-				err := w.syncGeneralSettings(o, rs, cl)
+				err := actionSafeBrowsing(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+		Context("actionQueryLogConfig", func() {
+			var qlc *model.QueryLogConfigWithIgnored
+			BeforeEach(func() {
+				qlc = &model.QueryLogConfigWithIgnored{}
+			})
+			It("should have no changes", func() {
+				cl.EXPECT().QueryLogConfig().Return(qlc, nil)
+				err := actionQueryLogConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should have QueryLogConfig changes", func() {
+				var interval model.QueryLogConfigInterval = 123
+				ac.origin.queryLogConfig.Interval = &interval
+				cl.EXPECT().QueryLogConfig().Return(qlc, nil)
+				cl.EXPECT().SetQueryLogConfig(&model.QueryLogConfigWithIgnored{QueryLogConfig: model.QueryLogConfig{AnonymizeClientIp: nil, Interval: &interval, Enabled: nil}})
+				err := actionQueryLogConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})
 		Context("syncConfigs", func() {
-			var (
-				o   *origin
-				qlc *types.QueryLogConfig
-				sc  *types.IntervalConfig
-			)
+			var sc *model.PutStatsConfigUpdateRequest
 			BeforeEach(func() {
-				o = &origin{
-					queryLogConfig: &types.QueryLogConfig{},
-					statsConfig:    &types.IntervalConfig{},
-				}
-				qlc = &types.QueryLogConfig{}
-				sc = &types.IntervalConfig{}
+				sc = &model.PutStatsConfigUpdateRequest{}
 			})
 			It("should have no changes", func() {
-				cl.EXPECT().QueryLogConfig().Return(qlc, nil)
 				cl.EXPECT().StatsConfig().Return(sc, nil)
-				err := w.syncConfigs(o, cl)
-				Ω(err).ShouldNot(HaveOccurred())
-			})
-			It("should have QueryLogConfig changes", func() {
-				o.queryLogConfig.Interval = 123
-				cl.EXPECT().QueryLogConfig().Return(qlc, nil)
-				cl.EXPECT().SetQueryLogConfig(false, 123.0, false)
-				cl.EXPECT().StatsConfig().Return(sc, nil)
-				err := w.syncConfigs(o, cl)
+				err := actionStatsConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have StatsConfig changes", func() {
-				o.statsConfig.Interval = 123
-				cl.EXPECT().QueryLogConfig().Return(qlc, nil)
+				var interval float32 = 123
+				ac.origin.statsConfig.Interval = interval
 				cl.EXPECT().StatsConfig().Return(sc, nil)
-				cl.EXPECT().SetStatsConfig(123.0)
-				err := w.syncConfigs(o, cl)
+				cl.EXPECT().SetStatsConfig(&model.PutStatsConfigUpdateRequest{Interval: interval})
+				err := actionStatsConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})
 		Context("statusWithSetup", func() {
 			var (
-				status *types.Status
+				status *model.ServerStatus
 				inst   types.AdGuardInstance
 			)
 			BeforeEach(func() {
-				status = &types.Status{}
+				status = &model.ServerStatus{}
 				inst = types.AdGuardInstance{
 					AutoSetup: true,
 				}
@@ -317,142 +359,189 @@ var _ = Describe("Sync", func() {
 				Ω(st).Should(BeNil())
 			})
 		})
-		Context("syncServices", func() {
-			var (
-				os types.Services
-				rs types.Services
-			)
+		Context("actionBlockedServicesSchedule", func() {
+			var rbss *model.BlockedServicesSchedule
 			BeforeEach(func() {
-				os = []string{"foo"}
-				rs = []string{"foo"}
+				ac.origin.blockedServicesSchedule = &model.BlockedServicesSchedule{}
+				rbss = &model.BlockedServicesSchedule{}
 			})
 			It("should have no changes", func() {
-				cl.EXPECT().Services().Return(rs, nil)
-				err := w.syncServices(os, cl)
+				cl.EXPECT().BlockedServicesSchedule().Return(ac.origin.blockedServicesSchedule, nil)
+				err := actionBlockedServicesSchedule(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
-			It("should have services changes", func() {
-				os = []string{"bar"}
-				cl.EXPECT().Services().Return(rs, nil)
-				cl.EXPECT().SetServices(os)
-				err := w.syncServices(os, cl)
+			It("should have blockedServices schedule changes", func() {
+				ac.origin.blockedServicesSchedule = &model.BlockedServicesSchedule{Ids: utils.Ptr([]string{"bar"})}
+
+				cl.EXPECT().BlockedServicesSchedule().Return(rbss, nil)
+				cl.EXPECT().SetBlockedServicesSchedule(ac.origin.blockedServicesSchedule)
+				err := actionBlockedServicesSchedule(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})
 		Context("syncFilters", func() {
-			var (
-				of *types.FilteringStatus
-				rf *types.FilteringStatus
-			)
+			var rf *model.FilterStatus
 			BeforeEach(func() {
-				of = &types.FilteringStatus{}
-				rf = &types.FilteringStatus{}
+				ac.origin.filters = &model.FilterStatus{}
+				rf = &model.FilterStatus{}
 			})
 			It("should have no changes", func() {
 				cl.EXPECT().Filtering().Return(rf, nil)
-				cl.EXPECT().AddFilters(false)
-				cl.EXPECT().UpdateFilters(false)
-				cl.EXPECT().DeleteFilters(false)
-				cl.EXPECT().AddFilters(true)
-				cl.EXPECT().UpdateFilters(true)
-				cl.EXPECT().DeleteFilters(true)
-				err := w.syncFilters(of, cl)
+				err := actionFilters(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have changes user roles", func() {
-				of.UserRules = []string{"foo"}
+				ac.origin.filters.UserRules = utils.Ptr([]string{"foo"})
 				cl.EXPECT().Filtering().Return(rf, nil)
-				cl.EXPECT().AddFilters(false)
-				cl.EXPECT().UpdateFilters(false)
-				cl.EXPECT().DeleteFilters(false)
-				cl.EXPECT().AddFilters(true)
-				cl.EXPECT().UpdateFilters(true)
-				cl.EXPECT().DeleteFilters(true)
-				cl.EXPECT().SetCustomRules(of.UserRules)
-				err := w.syncFilters(of, cl)
+				cl.EXPECT().SetCustomRules(ac.origin.filters.UserRules)
+				err := actionFilters(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have changed filtering config", func() {
-				of.Enabled = true
-				of.Interval = 123
+				ac.origin.filters.Enabled = utils.Ptr(true)
+				ac.origin.filters.Interval = utils.Ptr(123)
 				cl.EXPECT().Filtering().Return(rf, nil)
-				cl.EXPECT().AddFilters(false)
-				cl.EXPECT().UpdateFilters(false)
-				cl.EXPECT().DeleteFilters(false)
-				cl.EXPECT().AddFilters(true)
-				cl.EXPECT().UpdateFilters(true)
-				cl.EXPECT().DeleteFilters(true)
-				cl.EXPECT().ToggleFiltering(of.Enabled, of.Interval)
-				err := w.syncFilters(of, cl)
+				cl.EXPECT().ToggleFiltering(*ac.origin.filters.Enabled, *ac.origin.filters.Interval)
+				err := actionFilters(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should add a filter", func() {
+				ac.origin.filters.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar"}})
+				cl.EXPECT().Filtering().Return(rf, nil)
+				cl.EXPECT().AddFilter(false, model.Filter{Name: "foo", Url: "https://foo.bar"})
+				cl.EXPECT().RefreshFilters(gm.Any())
+				err := actionFilters(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should delete a filter", func() {
+				rf.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar"}})
+				cl.EXPECT().Filtering().Return(rf, nil)
+				cl.EXPECT().DeleteFilter(false, model.Filter{Name: "foo", Url: "https://foo.bar"})
+				err := actionFilters(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should update a filter", func() {
+				ac.origin.filters.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar", Enabled: true}})
+				rf.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar"}})
+				cl.EXPECT().Filtering().Return(rf, nil)
+				cl.EXPECT().UpdateFilter(false, model.Filter{Name: "foo", Url: "https://foo.bar", Enabled: true})
+				cl.EXPECT().RefreshFilters(gm.Any())
+				err := actionFilters(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+
+			It("should abort after failed added filter", func() {
+				ac.continueOnError = false
+				ac.origin.filters.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar"}})
+				cl.EXPECT().Filtering().Return(rf, nil)
+				cl.EXPECT().AddFilter(false, model.Filter{Name: "foo", Url: "https://foo.bar"}).Return(errors.New("test failure"))
+				err := actionFilters(ac)
+				Ω(err).Should(HaveOccurred())
+			})
+
+			It("should continue after failed added filter", func() {
+				ac.continueOnError = true
+				ac.origin.filters.Filters = utils.Ptr([]model.Filter{{Name: "foo", Url: "https://foo.bar"}, {Name: "bar", Url: "https://bar.foo"}})
+				cl.EXPECT().Filtering().Return(rf, nil)
+				cl.EXPECT().AddFilter(false, model.Filter{Name: "foo", Url: "https://foo.bar"}).Return(errors.New("test failure"))
+				cl.EXPECT().AddFilter(false, model.Filter{Name: "bar", Url: "https://bar.foo"})
+				cl.EXPECT().RefreshFilters(gm.Any())
+				err := actionFilters(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})

-		Context("syncDNS", func() {
-			var (
-				oal *types.AccessList
-				ral *types.AccessList
-				odc *types.DNSConfig
-				rdc *types.DNSConfig
-			)
+		Context("actionDNSAccessLists", func() {
+			var ral *model.AccessList
 			BeforeEach(func() {
-				oal = &types.AccessList{}
-				ral = &types.AccessList{}
-				odc = &types.DNSConfig{}
-				rdc = &types.DNSConfig{}
+				ac.origin.accessList = &model.AccessList{}
+				ral = &model.AccessList{}
 			})
 			It("should have no changes", func() {
 				cl.EXPECT().AccessList().Return(ral, nil)
-				cl.EXPECT().DNSConfig().Return(rdc, nil)
-				err := w.syncDNS(oal, odc, cl)
+				err := actionDNSAccessLists(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have access list changes", func() {
-				ral.BlockedHosts = []string{"foo"}
+				ral.BlockedHosts = utils.Ptr([]string{"foo"})
 				cl.EXPECT().AccessList().Return(ral, nil)
-				cl.EXPECT().DNSConfig().Return(rdc, nil)
-				cl.EXPECT().SetAccessList(oal)
-				err := w.syncDNS(oal, odc, cl)
-				Ω(err).ShouldNot(HaveOccurred())
-			})
-			It("should have dns config changes", func() {
-				rdc.Bootstraps = []string{"foo"}
-				cl.EXPECT().AccessList().Return(ral, nil)
-				cl.EXPECT().DNSConfig().Return(rdc, nil)
-				cl.EXPECT().SetDNSConfig(odc)
-				err := w.syncDNS(oal, odc, cl)
+				cl.EXPECT().SetAccessList(ac.origin.accessList)
+				err := actionDNSAccessLists(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})

-		Context("syncDHCPServer", func() {
-			var (
-				osc *types.DHCPServerConfig
-				rsc *types.DHCPServerConfig
-			)
+		Context("actionDNSServerConfig", func() {
+			var rdc *model.DNSConfig
 			BeforeEach(func() {
-				osc = &types.DHCPServerConfig{}
-				rsc = &types.DHCPServerConfig{}
+				ac.origin.dnsConfig = &model.DNSConfig{}
+				rdc = &model.DNSConfig{}
+			})
+			It("should have no changes", func() {
+				cl.EXPECT().DNSConfig().Return(rdc, nil)
+				err := actionDNSServerConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should have dns config changes", func() {
+				rdc.BootstrapDns = utils.Ptr([]string{"foo"})
+				cl.EXPECT().DNSConfig().Return(rdc, nil)
+				cl.EXPECT().SetDNSConfig(ac.origin.dnsConfig)
+				err := actionDNSServerConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+		})
+
+		Context("actionDHCPServerConfig", func() {
+			var rsc *model.DhcpStatus
+			BeforeEach(func() {
+				ac.origin.dhcpServerConfig = &model.DhcpStatus{
+					V4: &model.DhcpConfigV4{
+						GatewayIp:  utils.Ptr("1.2.3.4"),
+						RangeStart: utils.Ptr("1.2.3.5"),
+						RangeEnd:   utils.Ptr("1.2.3.6"),
+						SubnetMask: utils.Ptr("255.255.255.0"),
+					},
+				}
+				rsc = &model.DhcpStatus{}
 				w.cfg.Features.DHCP.StaticLeases = false
 			})
 			It("should have no changes", func() {
-				cl.EXPECT().DHCPServerConfig().Return(rsc, nil)
-				err := w.syncDHCPServer(osc, cl, types.AdGuardInstance{})
+				rsc.V4 = ac.origin.dhcpServerConfig.V4
+				cl.EXPECT().DhcpConfig().Return(rsc, nil)
+				err := actionDHCPServerConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should have changes", func() {
-				rsc.Enabled = true
-				cl.EXPECT().DHCPServerConfig().Return(rsc, nil)
-				cl.EXPECT().SetDHCPServerConfig(osc)
-				err := w.syncDHCPServer(osc, cl, types.AdGuardInstance{})
+				rsc.Enabled = utils.Ptr(true)
+				cl.EXPECT().DhcpConfig().Return(rsc, nil)
+				cl.EXPECT().SetDhcpConfig(ac.origin.dhcpServerConfig)
+				err := actionDHCPServerConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 			It("should use replica interface name", func() {
-				cl.EXPECT().DHCPServerConfig().Return(rsc, nil)
-				oscClone := osc.Clone()
-				oscClone.InterfaceName = "foo"
-				cl.EXPECT().SetDHCPServerConfig(oscClone)
-				err := w.syncDHCPServer(osc, cl, types.AdGuardInstance{InterfaceName: "foo"})
+				ac.replica.InterfaceName = "foo"
+				cl.EXPECT().DhcpConfig().Return(rsc, nil)
+				oscClone := ac.origin.dhcpServerConfig.Clone()
+				oscClone.InterfaceName = utils.Ptr("foo")
+				cl.EXPECT().SetDhcpConfig(oscClone)
+				err := actionDHCPServerConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should enable the target dhcp server", func() {
+				ac.replica.DHCPServerEnabled = utils.Ptr(true)
+				cl.EXPECT().DhcpConfig().Return(rsc, nil)
+				oscClone := ac.origin.dhcpServerConfig.Clone()
+				oscClone.Enabled = utils.Ptr(true)
+				cl.EXPECT().SetDhcpConfig(oscClone)
+				err := actionDHCPServerConfig(ac)
+				Ω(err).ShouldNot(HaveOccurred())
+			})
+			It("should not sync empty IPv4", func() {
+				ac.replica.DHCPServerEnabled = utils.Ptr(false)
+				ac.origin.dhcpServerConfig.V4 = &model.DhcpConfigV4{
+					GatewayIp: utils.Ptr(""),
+				}
+				err := actionDHCPServerConfig(ac)
 				Ω(err).ShouldNot(HaveOccurred())
 			})
 		})
@@ -461,7 +550,7 @@ var _ = Describe("Sync", func() {
 			BeforeEach(func() {
 				w.cfg = &types.Config{
 					Origin:  types.AdGuardInstance{},
-					Replica: types.AdGuardInstance{URL: "foo"},
+					Replica: &types.AdGuardInstance{URL: "foo"},
 					Features: types.Features{
 						DHCP: types.DHCP{
 							ServerConfig: true,
@@ -484,48 +573,39 @@ var _ = Describe("Sync", func() {
 			It("should have no changes", func() {
 				// origin
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: versions.MinAgh}, nil)
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{}, nil)
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
 				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
-				cl.EXPECT().Services()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
-				cl.EXPECT().DHCPServerConfig().Return(&types.DHCPServerConfig{}, nil)
+				cl.EXPECT().RewriteList().Return(&model.RewriteEntries{}, nil)
+				cl.EXPECT().BlockedServicesSchedule()
+				cl.EXPECT().Filtering().Return(&model.FilterStatus{}, nil)
+				cl.EXPECT().Clients().Return(&model.Clients{}, nil)
+				cl.EXPECT().QueryLogConfig().Return(&model.QueryLogConfigWithIgnored{}, nil)
+				cl.EXPECT().StatsConfig().Return(&model.PutStatsConfigUpdateRequest{}, nil)
+				cl.EXPECT().AccessList().Return(&model.AccessList{}, nil)
+				cl.EXPECT().DNSConfig().Return(&model.DNSConfig{}, nil)
+				cl.EXPECT().DhcpConfig().Return(&model.DhcpStatus{}, nil)

 				// replica
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: versions.MinAgh}, nil)
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{}, nil)
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
 				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
+				cl.EXPECT().QueryLogConfig().Return(&model.QueryLogConfigWithIgnored{}, nil)
+				cl.EXPECT().StatsConfig().Return(&model.PutStatsConfigUpdateRequest{}, nil)
+				cl.EXPECT().RewriteList().Return(&model.RewriteEntries{}, nil)
 				cl.EXPECT().AddRewriteEntries()
 				cl.EXPECT().DeleteRewriteEntries()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().AddFilters(false)
-				cl.EXPECT().UpdateFilters(false)
-				cl.EXPECT().DeleteFilters(false)
-				cl.EXPECT().AddFilters(true)
-				cl.EXPECT().UpdateFilters(true)
-				cl.EXPECT().DeleteFilters(true)
-				cl.EXPECT().Services()
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients()
-				cl.EXPECT().DeleteClients()
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
-				cl.EXPECT().DHCPServerConfig().Return(&types.DHCPServerConfig{}, nil)
-				cl.EXPECT().AddDHCPStaticLeases().Return(nil)
-				cl.EXPECT().DeleteDHCPStaticLeases().Return(nil)
+				cl.EXPECT().Filtering().Return(&model.FilterStatus{}, nil)
+				cl.EXPECT().BlockedServicesSchedule()
+				cl.EXPECT().Clients().Return(&model.Clients{}, nil)
+				cl.EXPECT().AccessList().Return(&model.AccessList{}, nil)
+				cl.EXPECT().DNSConfig().Return(&model.DNSConfig{}, nil)
+				cl.EXPECT().DhcpConfig().Return(&model.DhcpStatus{}, nil)
 				w.sync()
 			})
 			It("should not sync DHCP", func() {
@@ -533,94 +613,66 @@ var _ = Describe("Sync", func() {
 				w.cfg.Features.DHCP.StaticLeases = false
 				// origin
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: versions.MinAgh}, nil)
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{}, nil)
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
 				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
-				cl.EXPECT().Services()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
+				cl.EXPECT().RewriteList().Return(&model.RewriteEntries{}, nil)
+				cl.EXPECT().BlockedServicesSchedule()
+				cl.EXPECT().Filtering().Return(&model.FilterStatus{}, nil)
+				cl.EXPECT().Clients().Return(&model.Clients{}, nil)
+				cl.EXPECT().QueryLogConfig().Return(&model.QueryLogConfigWithIgnored{}, nil)
+				cl.EXPECT().StatsConfig().Return(&model.PutStatsConfigUpdateRequest{}, nil)
+				cl.EXPECT().AccessList().Return(&model.AccessList{}, nil)
+				cl.EXPECT().DNSConfig().Return(&model.DNSConfig{}, nil)

 				// replica
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: versions.MinAgh}, nil)
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{}, nil)
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
 				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
+				cl.EXPECT().QueryLogConfig().Return(&model.QueryLogConfigWithIgnored{}, nil)
+				cl.EXPECT().StatsConfig().Return(&model.PutStatsConfigUpdateRequest{}, nil)
+				cl.EXPECT().RewriteList().Return(&model.RewriteEntries{}, nil)
 				cl.EXPECT().AddRewriteEntries()
 				cl.EXPECT().DeleteRewriteEntries()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().AddFilters(false)
-				cl.EXPECT().UpdateFilters(false)
-				cl.EXPECT().DeleteFilters(false)
-				cl.EXPECT().AddFilters(true)
-				cl.EXPECT().UpdateFilters(true)
-				cl.EXPECT().DeleteFilters(true)
-				cl.EXPECT().Services()
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().AddClients()
-				cl.EXPECT().UpdateClients()
-				cl.EXPECT().DeleteClients()
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
+				cl.EXPECT().Filtering().Return(&model.FilterStatus{}, nil)
+				cl.EXPECT().BlockedServicesSchedule()
+				cl.EXPECT().Clients().Return(&model.Clients{}, nil)
+				cl.EXPECT().AccessList().Return(&model.AccessList{}, nil)
+				cl.EXPECT().DNSConfig().Return(&model.DNSConfig{}, nil)
 				w.sync()
 			})
 			It("origin version is too small", func() {
 				// origin
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: "v0.106.9"}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: "v0.106.9"}, nil)
 				w.sync()
 			})
 			It("replica version is too small", func() {
 				// origin
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: versions.MinAgh}, nil)
+				cl.EXPECT().ProfileInfo().Return(&model.ProfileInfo{}, nil)
 				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
+				cl.EXPECT().SafeSearchConfig().Return(&model.SafeSearchConfig{}, nil)
 				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
-				cl.EXPECT().Services()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
-				cl.EXPECT().DHCPServerConfig().Return(&types.DHCPServerConfig{}, nil)
+				cl.EXPECT().RewriteList().Return(&model.RewriteEntries{}, nil)
+				cl.EXPECT().BlockedServicesSchedule()
+				cl.EXPECT().Filtering().Return(&model.FilterStatus{}, nil)
+				cl.EXPECT().Clients().Return(&model.Clients{}, nil)
+				cl.EXPECT().QueryLogConfig().Return(&model.QueryLogConfigWithIgnored{}, nil)
+				cl.EXPECT().StatsConfig().Return(&model.PutStatsConfigUpdateRequest{}, nil)
+				cl.EXPECT().AccessList().Return(&model.AccessList{}, nil)
+				cl.EXPECT().DNSConfig().Return(&model.DNSConfig{}, nil)
+				cl.EXPECT().DhcpConfig().Return(&model.DhcpStatus{}, nil)

 				// replica
 				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: "v0.106.9"}, nil)
-				w.sync()
-			})
-			It("replica version is with incompatible API", func() {
-				// origin
-				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.MinAgh}, nil)
-				cl.EXPECT().Parental()
-				cl.EXPECT().SafeSearch()
-				cl.EXPECT().SafeBrowsing()
-				cl.EXPECT().RewriteList().Return(&types.RewriteEntries{}, nil)
-				cl.EXPECT().Services()
-				cl.EXPECT().Filtering().Return(&types.FilteringStatus{}, nil)
-				cl.EXPECT().Clients().Return(&types.Clients{}, nil)
-				cl.EXPECT().QueryLogConfig().Return(&types.QueryLogConfig{}, nil)
-				cl.EXPECT().StatsConfig().Return(&types.IntervalConfig{}, nil)
-				cl.EXPECT().AccessList().Return(&types.AccessList{}, nil)
-				cl.EXPECT().DNSConfig().Return(&types.DNSConfig{}, nil)
-				cl.EXPECT().DHCPServerConfig().Return(&types.DHCPServerConfig{}, nil)
-
-				// replica
-				cl.EXPECT().Host()
-				cl.EXPECT().Status().Return(&types.Status{Version: versions.IncompatibleAPI}, nil)
+				cl.EXPECT().Status().Return(&model.ServerStatus{Version: "v0.106.9"}, nil)
 				w.sync()
 			})
 		})
--- a/pkg/types/deepcopy_generated.go
+++ b/pkg/types/deepcopy_generated.go
@@ -5,47 +5,54 @@

 package types

-import (
-	net "net"
-)
-
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
-func (in *DNSConfig) DeepCopyInto(out *DNSConfig) {
+func (in *AdGuardInstance) DeepCopyInto(out *AdGuardInstance) {
 	*out = *in
-	if in.Upstreams != nil {
-		in, out := &in.Upstreams, &out.Upstreams
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.Bootstraps != nil {
-		in, out := &in.Bootstraps, &out.Bootstraps
-		*out = make([]string, len(*in))
-		copy(*out, *in)
-	}
-	if in.BlockingIPv4 != nil {
-		in, out := &in.BlockingIPv4, &out.BlockingIPv4
-		*out = make(net.IP, len(*in))
-		copy(*out, *in)
-	}
-	if in.BlockingIPv6 != nil {
-		in, out := &in.BlockingIPv6, &out.BlockingIPv6
-		*out = make(net.IP, len(*in))
-		copy(*out, *in)
-	}
-	if in.LocalPTRUpstreams != nil {
-		in, out := &in.LocalPTRUpstreams, &out.LocalPTRUpstreams
-		*out = make([]string, len(*in))
-		copy(*out, *in)
+	if in.DHCPServerEnabled != nil {
+		in, out := &in.DHCPServerEnabled, &out.DHCPServerEnabled
+		*out = new(bool)
+		**out = **in
 	}
 	return
 }

-// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DNSConfig.
-func (in *DNSConfig) DeepCopy() *DNSConfig {
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdGuardInstance.
+func (in *AdGuardInstance) DeepCopy() *AdGuardInstance {
 	if in == nil {
 		return nil
 	}
-	out := new(DNSConfig)
+	out := new(AdGuardInstance)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Config) DeepCopyInto(out *Config) {
+	*out = *in
+	in.Origin.DeepCopyInto(&out.Origin)
+	if in.Replica != nil {
+		in, out := &in.Replica, &out.Replica
+		*out = new(AdGuardInstance)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Replicas != nil {
+		in, out := &in.Replicas, &out.Replicas
+		*out = make([]AdGuardInstance, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	out.API = in.API
+	out.Features = in.Features
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.
+func (in *Config) DeepCopy() *Config {
+	if in == nil {
+		return nil
+	}
+	out := new(Config)
 	in.DeepCopyInto(out)
 	return out
 }
--- a/pkg/types/dhcp.go
+++ b/pkg/types/dhcp.go
@@ -1,89 +0,0 @@
-package types
-
-import (
-	"encoding/json"
-	"net"
-	"time"
-
-	"github.com/jinzhu/copier"
-)
-
-// DHCPServerConfig dhcp server config
-type DHCPServerConfig struct {
-	V4            *V4ServerConfJSON `json:"v4"`
-	V6            *V6ServerConfJSON `json:"v6"`
-	InterfaceName string            `json:"interface_name"`
-	Enabled       bool              `json:"enabled"`
-
-	Leases       Leases `json:"leases,omitempty"`
-	StaticLeases Leases `json:"static_leases,omitempty"`
-}
-
-// Clone the config
-func (c *DHCPServerConfig) Clone() *DHCPServerConfig {
-	clone := &DHCPServerConfig{}
-	_ = copier.Copy(clone, c)
-	return clone
-}
-
-// Equals dhcp server config equal check
-func (c *DHCPServerConfig) Equals(o *DHCPServerConfig) bool {
-	a, _ := json.Marshal(c)
-	b, _ := json.Marshal(o)
-	return string(a) == string(b)
-}
-
-// V4ServerConfJSON v4 server conf
-type V4ServerConfJSON struct {
-	GatewayIP     net.IP `json:"gateway_ip"`
-	SubnetMask    net.IP `json:"subnet_mask"`
-	RangeStart    net.IP `json:"range_start"`
-	RangeEnd      net.IP `json:"range_end"`
-	LeaseDuration uint32 `json:"lease_duration"`
-}
-
-// V6ServerConfJSON v6 server conf
-type V6ServerConfJSON struct {
-	RangeStart    net.IP `json:"range_start"`
-	RangeEnd      net.IP `json:"range_end"`
-	LeaseDuration uint32 `json:"lease_duration"`
-}
-
-// Leases slice of leases type
-type Leases []Lease
-
-// Merge the leases
-func (l Leases) Merge(other Leases) ([]Lease, []Lease) {
-	current := make(map[string]Lease)
-
-	var adds Leases
-	var removes Leases
-	for _, le := range l {
-		current[le.HWAddr] = le
-	}
-
-	for _, le := range other {
-		if _, ok := current[le.HWAddr]; ok {
-			delete(current, le.HWAddr)
-		} else {
-			adds = append(adds, le)
-		}
-	}
-
-	for _, rr := range current {
-		removes = append(removes, rr)
-	}
-
-	return adds, removes
-}
-
-// Lease contains the necessary information about a DHCP lease
-type Lease struct {
-	HWAddr   string `json:"mac"`
-	IP       net.IP `json:"ip"`
-	Hostname string `json:"hostname"`
-
-	// Lease expiration time
-	// 1: static lease
-	Expiry time.Time `json:"expires"`
-}
--- a/pkg/types/dns.go
+++ b/pkg/types/dns.go
@@ -1,71 +0,0 @@
-package types
-
-import (
-	"encoding/json"
-	"net"
-	"sort"
-)
-
-// DNSConfig dns config
-// +k8s:deepcopy-gen=true
-type DNSConfig struct {
-	Upstreams     []string `json:"upstream_dns,omitempty"`
-	UpstreamsFile string   `json:"upstream_dns_file"`
-	Bootstraps    []string `json:"bootstrap_dns,omitempty"`
-
-	ProtectionEnabled bool     `json:"protection_enabled"`
-	RateLimit         uint32   `json:"ratelimit"`
-	BlockingMode      string   `json:"blocking_mode,omitempty"`
-	BlockingIPv4      net.IP   `json:"blocking_ipv4,omitempty"`
-	BlockingIPv6      net.IP   `json:"blocking_ipv6"`
-	EDNSCSEnabled     bool     `json:"edns_cs_enabled"`
-	DNSSECEnabled     bool     `json:"dnssec_enabled"`
-	DisableIPv6       bool     `json:"disable_ipv6"`
-	UpstreamMode      string   `json:"upstream_mode,omitempty"`
-	CacheSize         uint32   `json:"cache_size"`
-	CacheMinTTL       uint32   `json:"cache_ttl_min"`
-	CacheMaxTTL       uint32   `json:"cache_ttl_max"`
-	CacheOptimistic   bool     `json:"cache_optimistic"`
-	ResolveClients    bool     `json:"resolve_clients"`
-	LocalPTRUpstreams []string `json:"local_ptr_upstreams,omitempty"`
-}
-
-// Equals dns config equal check
-func (c *DNSConfig) Equals(o *DNSConfig) bool {
-	cc := c.DeepCopy()
-	oo := o.DeepCopy()
-	cc.Sort()
-	oo.Sort()
-
-	a, _ := json.Marshal(cc)
-	b, _ := json.Marshal(oo)
-	return string(a) == string(b)
-}
-
-// Sort sort dns config
-func (c *DNSConfig) Sort() {
-	sort.Strings(c.Upstreams)
-	sort.Strings(c.Bootstraps)
-	sort.Strings(c.LocalPTRUpstreams)
-}
-
-// AccessList access list
-type AccessList struct {
-	AllowedClients    []string `json:"allowed_clients"`
-	DisallowedClients []string `json:"disallowed_clients"`
-	BlockedHosts      []string `json:"blocked_hosts"`
-}
-
-// Equals access list equal check
-func (al *AccessList) Equals(o *AccessList) bool {
-	return equals(al.AllowedClients, o.AllowedClients) &&
-		equals(al.DisallowedClients, o.DisallowedClients) &&
-		equals(al.BlockedHosts, o.BlockedHosts)
-}
-
-// Sort sort access list
-func (al *AccessList) Sort() {
-	sort.Strings(al.AllowedClients)
-	sort.Strings(al.DisallowedClients)
-	sort.Strings(al.BlockedHosts)
-}
--- a/pkg/types/features.go
+++ b/pkg/types/features.go
@@ -4,33 +4,61 @@ import (
 	"go.uber.org/zap"
 )

+func NewFeatures(enabled bool) Features {
+	return Features{
+		DNS: DNS{
+			AccessLists:  enabled,
+			ServerConfig: enabled,
+			Rewrites:     enabled,
+		},
+		DHCP: DHCP{
+			ServerConfig: enabled,
+			StaticLeases: enabled,
+		},
+		GeneralSettings: enabled,
+		QueryLogConfig:  enabled,
+		StatsConfig:     enabled,
+		ClientSettings:  enabled,
+		Services:        enabled,
+		Filters:         enabled,
+	}
+}
+
 // Features feature flags
 type Features struct {
 	DNS             DNS  `json:"dns" yaml:"dns"`
 	DHCP            DHCP `json:"dhcp" yaml:"dhcp"`
-	GeneralSettings bool `json:"generalSettings" yaml:"generalSettings"`
-	QueryLogConfig  bool `json:"queryLogConfig" yaml:"queryLogConfig"`
-	StatsConfig     bool `json:"statsConfig" yaml:"statsConfig"`
-	ClientSettings  bool `json:"clientSettings" yaml:"clientSettings"`
-	Services        bool `json:"services" yaml:"services"`
-	Filters         bool `json:"filters" yaml:"filters"`
+	GeneralSettings bool `json:"generalSettings" yaml:"generalSettings" env:"FEATURES_GENERAL_SETTINGS"`
+	QueryLogConfig  bool `json:"queryLogConfig" yaml:"queryLogConfig" env:"FEATURES_QUERY_LOG_CONFIG"`
+	StatsConfig     bool `json:"statsConfig" yaml:"statsConfig" env:"FEATURES_STATS_CONFIG"`
+	ClientSettings  bool `json:"clientSettings" yaml:"clientSettings" env:"FEATURES_CLIENT_SETTINGS"`
+	Services        bool `json:"services" yaml:"services" env:"FEATURES_SERVICES"`
+	Filters         bool `json:"filters" yaml:"filters" env:"FEATURES_FILTERS"`
 }

 // DHCP features
 type DHCP struct {
-	ServerConfig bool `json:"serverConfig" yaml:"serverConfig"`
-	StaticLeases bool `json:"staticLeases" yaml:"staticLeases"`
+	ServerConfig bool `json:"serverConfig" yaml:"serverConfig" env:"FEATURES_DHCP_SERVER_CONFIG"`
+	StaticLeases bool `json:"staticLeases" yaml:"staticLeases" env:"FEATURES_DHCP_STATIC_LEASES"`
 }

 // DNS features
 type DNS struct {
-	AccessLists  bool `json:"accessLists" yaml:"accessLists"`
-	ServerConfig bool `json:"serverConfig" yaml:"serverConfig"`
-	Rewrites     bool `json:"rewrites" yaml:"rewrites"`
+	AccessLists  bool `json:"accessLists" yaml:"accessLists" env:"FEATURES_DNS_ACCESS_LISTS"`
+	ServerConfig bool `json:"serverConfig" yaml:"serverConfig" env:"FEATURES_DNS_SERVER_CONFIG"`
+	Rewrites     bool `json:"rewrites" yaml:"rewrites" env:"FEATURES_DNS_REWRITES"`
 }

 // LogDisabled log all disabled features
 func (f *Features) LogDisabled(l *zap.SugaredLogger) {
+	features := f.collectDisabled()
+
+	if len(features) > 0 {
+		l.With("features", features).Info("Disabled features")
+	}
+}
+
+func (f *Features) collectDisabled() []string {
 	var features []string
 	if !f.DHCP.ServerConfig {
 		features = append(features, "DHCP.ServerConfig")
@@ -60,13 +88,10 @@ func (f *Features) LogDisabled(l *zap.SugaredLogger) {
 		features = append(features, "ClientSettings")
 	}
 	if !f.Services {
-		features = append(features, "Services")
+		features = append(features, "BlockedServices")
 	}
 	if !f.Filters {
 		features = append(features, "Filters")
 	}
-
-	if len(features) > 0 {
-		l.With("features", features).Info("Disabled features")
-	}
+	return features
 }
--- a/pkg/types/types.go
+++ b/pkg/types/types.go
@@ -1,12 +1,13 @@
 package types

 import (
-	"encoding/json"
 	"fmt"
-	"sort"
+	"net/url"
+	"path/filepath"
 	"strings"
+	"time"

-	"github.com/bakito/adguardhome-sync/pkg/versions"
+	"go.uber.org/zap"
 )

 const (
@@ -15,31 +16,79 @@ const (
 )

 // Config application configuration struct
+// +k8s:deepcopy-gen=true
 type Config struct {
-	Origin     AdGuardInstance   `json:"origin" yaml:"origin"`
-	Replica    AdGuardInstance   `json:"replica,omitempty" yaml:"replica,omitempty"`
-	Replicas   []AdGuardInstance `json:"replicas,omitempty" yaml:"replicas,omitempty"`
-	Cron       string            `json:"cron,omitempty" yaml:"cron,omitempty"`
-	RunOnStart bool              `json:"runOnStart,omitempty" yaml:"runOnStart,omitempty"`
-	API        API               `json:"api,omitempty" yaml:"api,omitempty"`
-	Features   Features          `json:"features,omitempty" yaml:"features,omitempty"`
+	Origin          AdGuardInstance   `json:"origin" yaml:"origin" env:"ORIGIN"`
+	Replica         *AdGuardInstance  `json:"replica,omitempty" yaml:"replica,omitempty" env:"REPLICA"`
+	Replicas        []AdGuardInstance `json:"replicas,omitempty" yaml:"replicas,omitempty"`
+	Cron            string            `json:"cron,omitempty" yaml:"cron,omitempty" env:"CRON"`
+	RunOnStart      bool              `json:"runOnStart,omitempty" yaml:"runOnStart,omitempty" env:"RUN_ON_START"`
+	PrintConfigOnly bool              `json:"printConfigOnly,omitempty" yaml:"printConfigOnly,omitempty" env:"PRINT_CONFIG_ONLY"`
+	ContinueOnError bool              `json:"continueOnError,omitempty" yaml:"continueOnError,omitempty" env:"CONTINUE_ON_ERROR"`
+	API             API               `json:"api,omitempty" yaml:"api,omitempty" env:"API"`
+	Features        Features          `json:"features,omitempty" yaml:"features,omitempty" env:"FEATURES_"`
 }

 // API configuration
 type API struct {
-	Port     int    `json:"port,omitempty" yaml:"port,omitempty"`
-	Username string `json:"username,omitempty" yaml:"username,omitempty"`
-	Password string `json:"password,omitempty" yaml:"password,omitempty"`
-	DarkMode bool   `json:"darkMode,omitempty" yaml:"darkMode,omitempty"`
+	Port     int     `json:"port,omitempty" yaml:"port,omitempty" env:"API_PORT"`
+	Username string  `json:"username,omitempty" yaml:"username,omitempty" env:"API_USERNAME"`
+	Password string  `json:"password,omitempty" yaml:"password,omitempty" env:"API_PASSWORD"`
+	DarkMode bool    `json:"darkMode,omitempty" yaml:"darkMode,omitempty" env:"API_DARK_MODE"`
+	Metrics  Metrics `json:"metrics,omitempty" yaml:"metrics,omitempty" env:"API_METRICS"`
+	TLS      TLS     `json:"tls,omitempty" yaml:"tls,omitempty" env:"API_TLS"`
+}
+
+// Metrics configuration
+type Metrics struct {
+	Enabled        bool          `json:"enabled,omitempty" yaml:"enabled,omitempty" env:"API_METRICS_ENABLED"`
+	ScrapeInterval time.Duration `json:"scrapeInterval,omitempty" yaml:"scrapeInterval,omitempty" env:"API_METRICS_SCRAPE_INTERVAL"`
+	QueryLogLimit  int           `json:"queryLogLimit,omitempty" yaml:"queryLogLimit,omitempty" env:"API_METRICS_QUERY_LOG_LIMIT"`
+}
+
+// TLS configuration
+type TLS struct {
+	CertDir  string `json:"certDir,omitempty" yaml:"certDir,omitempty" env:"API_TLS_CERT_DIR"`
+	CertName string `json:"certName,omitempty" yaml:"certName,omitempty" env:"API_TLS_CERT_NAME"`
+	KeyName  string `json:"keyName,omitempty" yaml:"keyName,omitempty" env:"API_TLS_KEY_NAME"`
+}
+
+func (t TLS) Enabled() bool {
+	return strings.TrimSpace(t.CertDir) != ""
+}
+
+func (t TLS) Certs() (cert string, key string) {
+	cert = filepath.Join(t.CertDir, defaultIfEmpty(t.CertName, "tls.crt"))
+	key = filepath.Join(t.CertDir, defaultIfEmpty(t.KeyName, "tls.key"))
+	return
+}
+
+func defaultIfEmpty(val string, fallback string) string {
+	if strings.TrimSpace(val) == "" {
+		return fallback
+	}
+	return val
+}
+
+// Mask maks username and password
+func (a *API) Mask() {
+	a.Username = mask(a.Username)
+	a.Password = mask(a.Password)
 }

 // UniqueReplicas get unique replication instances
 func (cfg *Config) UniqueReplicas() []AdGuardInstance {
 	dedup := make(map[string]AdGuardInstance)
-	if cfg.Replica.URL != "" {
-		dedup[cfg.Replica.Key()] = cfg.Replica
+	if cfg.Replica != nil && cfg.Replica.URL != "" {
+		if cfg.Replica.APIPath == "" {
+			cfg.Replica.APIPath = DefaultAPIPath
+		}
+		dedup[cfg.Replica.Key()] = *cfg.Replica
 	}
 	for _, replica := range cfg.Replicas {
+		if replica.APIPath == "" {
+			replica.APIPath = DefaultAPIPath
+		}
 		if replica.URL != "" {
 			dedup[replica.Key()] = replica
 		}
@@ -47,23 +96,63 @@ func (cfg *Config) UniqueReplicas() []AdGuardInstance {

 	var r []AdGuardInstance
 	for _, replica := range dedup {
-		if replica.APIPath == "" {
-			replica.APIPath = DefaultAPIPath
-		}
 		r = append(r, replica)
 	}
 	return r
 }

+// Log the current config
+func (cfg *Config) Log(l *zap.SugaredLogger) {
+	c := cfg.mask()
+	l.With("config", c).Debug("Using config")
+}
+
+func (cfg *Config) mask() *Config {
+	c := cfg.DeepCopy()
+	c.Origin.Mask()
+	if c.Replica != nil {
+		if c.Replica.URL == "" {
+			c.Replica = nil
+		} else {
+			c.Replica.Mask()
+		}
+	}
+	for i := range c.Replicas {
+		c.Replicas[i].Mask()
+	}
+	c.API.Mask()
+	return c
+}
+
+func (cfg *Config) Init() error {
+	if err := cfg.Origin.Init(); err != nil {
+		return err
+	}
+	for i := range cfg.Replicas {
+		replica := &cfg.Replicas[i]
+		if err := replica.Init(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 // AdGuardInstance AdguardHome config instance
+// +k8s:deepcopy-gen=true
 type AdGuardInstance struct {
-	URL                string `json:"url" yaml:"url"`
-	APIPath            string `json:"apiPath,omitempty" yaml:"apiPath,omitempty"`
-	Username           string `json:"username,omitempty" yaml:"username,omitempty"`
-	Password           string `json:"password,omitempty" yaml:"password,omitempty"`
-	InsecureSkipVerify bool   `json:"insecureSkipVerify" yaml:"insecureSkipVerify"`
-	AutoSetup          bool   `json:"autoSetup" yaml:"autoSetup"`
-	InterfaceName      string `json:"interfaceName" yaml:"interfaceName"`
+	URL                string `json:"url" yaml:"url" env:"URL"`
+	WebURL             string `json:"webURL" yaml:"webURL" env:"WEB_URL"`
+	APIPath            string `json:"apiPath,omitempty" yaml:"apiPath,omitempty" env:"API_PATH"`
+	Username           string `json:"username,omitempty" yaml:"username,omitempty" env:"USERNAME"`
+	Password           string `json:"password,omitempty" yaml:"password,omitempty" env:"PASSWORD"`
+	Cookie             string `json:"cookie,omitempty" yaml:"cookie,omitempty" env:"COOKIE"`
+	InsecureSkipVerify bool   `json:"insecureSkipVerify" yaml:"insecureSkipVerify" env:"INSECURE_SKIP_VERIFY"`
+	AutoSetup          bool   `json:"autoSetup" yaml:"autoSetup" env:"AUTO_SETUP"`
+	InterfaceName      string `json:"interfaceName,omitempty" yaml:"interfaceName,omitempty" env:"INTERFACE_NAME"`
+	DHCPServerEnabled  *bool  `json:"dhcpServerEnabled,omitempty" yaml:"dhcpServerEnabled,omitempty" env:"DHCP_SERVER_ENABLED"`
+
+	Host    string `json:"-" yaml:"-"`
+	WebHost string `json:"-" yaml:"-"`
 }

 // Key AdGuardInstance key
@@ -71,313 +160,45 @@ func (i *AdGuardInstance) Key() string {
 	return fmt.Sprintf("%s#%s", i.URL, i.APIPath)
 }

+// Mask maks username and password
+func (i *AdGuardInstance) Mask() {
+	i.Username = mask(i.Username)
+	i.Password = mask(i.Password)
+}
+
+func (i *AdGuardInstance) Init() error {
+	u, err := url.Parse(i.URL)
+	if err != nil {
+		return err
+	}
+	i.Host = u.Host
+
+	if i.WebURL == "" {
+		i.WebHost = i.Host
+		i.WebURL = i.URL
+	} else {
+		u, err := url.Parse(i.WebURL)
+		if err != nil {
+			return err
+		}
+		i.WebHost = u.Host
+	}
+	return nil
+}
+
+func mask(s string) string {
+	if s == "" {
+		return "***"
+	}
+	mask := strings.Repeat("*", len(s)-2)
+	return fmt.Sprintf("%v%s%v", string(s[0]), mask, string(s[len(s)-1]))
+}
+
 // Protection API struct
 type Protection struct {
 	ProtectionEnabled bool `json:"protection_enabled"`
 }

-// Status API struct
-type Status struct {
-	Protection
-	DNSAddresses  []string `json:"dns_addresses"`
-	DNSPort       int      `json:"dns_port"`
-	HTTPPort      int      `json:"http_port"`
-	DhcpAvailable bool     `json:"dhcp_available"`
-	Running       bool     `json:"running"`
-	Version       string   `json:"version"`
-	Language      string   `json:"language"`
-}
-
-// RewriteEntries list of RewriteEntry
-type RewriteEntries []RewriteEntry
-
-// Merge RewriteEntries
-func (rwe *RewriteEntries) Merge(other *RewriteEntries) (RewriteEntries, RewriteEntries, RewriteEntries) {
-	current := make(map[string]RewriteEntry)
-
-	var adds RewriteEntries
-	var removes RewriteEntries
-	var duplicates RewriteEntries
-	processed := make(map[string]bool)
-	for _, rr := range *rwe {
-		if _, ok := processed[rr.Key()]; !ok {
-			current[rr.Key()] = rr
-			processed[rr.Key()] = true
-		} else {
-			// remove duplicate
-			removes = append(removes, rr)
-		}
-	}
-
-	for _, rr := range *other {
-		if _, ok := current[rr.Key()]; ok {
-			delete(current, rr.Key())
-		} else {
-			if _, ok := processed[rr.Key()]; !ok {
-				adds = append(adds, rr)
-				processed[rr.Key()] = true
-			} else {
-				//	skip duplicate
-				duplicates = append(duplicates, rr)
-			}
-		}
-	}
-
-	for _, rr := range current {
-		removes = append(removes, rr)
-	}
-
-	return adds, removes, duplicates
-}
-
-// RewriteEntry API struct
-type RewriteEntry struct {
-	Domain string `json:"domain"`
-	Answer string `json:"answer"`
-}
-
-// Key RewriteEntry key
-func (re *RewriteEntry) Key() string {
-	return fmt.Sprintf("%s#%s", re.Domain, re.Answer)
-}
-
-// Filters list of Filter
-type Filters []Filter
-
-// Merge merge Filters
-func (f Filters) Merge(other Filters) (Filters, Filters, Filters) {
-	current := make(map[string]Filter)
-
-	var adds Filters
-	var updates Filters
-	var removes Filters
-	for _, f := range f {
-		current[f.URL] = f
-	}
-
-	for i := range other {
-		rr := other[i]
-		if c, ok := current[rr.URL]; ok {
-			if !c.Equals(&rr) {
-				updates = append(updates, rr)
-			}
-			delete(current, rr.URL)
-		} else {
-			adds = append(adds, rr)
-		}
-	}
-
-	for _, rr := range current {
-		removes = append(removes, rr)
-	}
-
-	return adds, updates, removes
-}
-
-// Filter API struct
-type Filter struct {
-	ID         int    `json:"id"`
-	Enabled    bool   `json:"enabled"`
-	URL        string `json:"url"`  // needed for add
-	Name       string `json:"name"` // needed for add
-	RulesCount int    `json:"rules_count"`
-	Whitelist  bool   `json:"whitelist"` // needed for add
-}
-
-// Equals Filter equal check
-func (f *Filter) Equals(o *Filter) bool {
-	return f.Enabled == o.Enabled && f.URL == o.URL && f.Name == o.Name
-}
-
-// FilterUpdate  API struct
-type FilterUpdate struct {
-	URL       string `json:"url"`
-	Data      Filter `json:"data"`
-	Whitelist bool   `json:"whitelist"`
-}
-
-// FilteringStatus API struct
-type FilteringStatus struct {
-	FilteringConfig
-	Filters          Filters   `json:"filters"`
-	WhitelistFilters Filters   `json:"whitelist_filters"`
-	UserRules        UserRules `json:"user_rules"`
-}
-
-// UserRules API struct
-type UserRules []string
-
-// String toString of Users
-func (ur UserRules) String() string {
-	return strings.Join(ur, "\n")
-}
-
-// ToPayload return the version specific payload for user rules
-func (ur UserRules) ToPayload(version string) interface{} {
-	if versions.IsNewerThan(version, versions.LastStringCustomRules) {
-		return &UserRulesRequest{Rules: ur}
-	}
-	return ur.String()
-}
-
-// UserRulesRequest API struct
-type UserRulesRequest struct {
-	Rules UserRules
-}
-
-// String toString of Users
-func (ur UserRulesRequest) String() string {
-	return ur.Rules.String()
-}
-
-// EnableConfig API struct
-type EnableConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-// IntervalConfig API struct
-type IntervalConfig struct {
-	Interval float64 `json:"interval"`
-}
-
-// FilteringConfig API struct
-type FilteringConfig struct {
-	EnableConfig
-	IntervalConfig
-}
-
-// QueryLogConfig API struct
-type QueryLogConfig struct {
-	EnableConfig
-	IntervalConfig
-	AnonymizeClientIP bool `json:"anonymize_client_ip"`
-}
-
-// Equals QueryLogConfig equal check
-func (qlc *QueryLogConfig) Equals(o *QueryLogConfig) bool {
-	return qlc.Enabled == o.Enabled && qlc.AnonymizeClientIP == o.AnonymizeClientIP && qlc.Interval == o.Interval
-}
-
-// RefreshFilter API struct
-type RefreshFilter struct {
-	Whitelist bool `json:"whitelist"`
-}
-
-// Services API struct
-type Services []string
-
-// Sort sort Services
-func (s Services) Sort() {
-	sort.Strings(s)
-}
-
-// Equals Services equal check
-func (s Services) Equals(o Services) bool {
-	s.Sort()
-	o.Sort()
-	return equals(s, o)
-}
-
-// Clients API struct
-type Clients struct {
-	Clients     []Client `json:"clients"`
-	AutoClients []struct {
-		IP        string   `json:"ip"`
-		Name      string   `json:"name"`
-		Source    string   `json:"source"`
-		WhoisInfo struct{} `json:"whois_info"`
-	} `json:"auto_clients"`
-	SupportedTags []string `json:"supported_tags"`
-}
-
-// Client API struct
-type Client struct {
-	Ids             []string `json:"ids,omitempty"`
-	Tags            []string `json:"tags,omitempty"`
-	BlockedServices []string `json:"blocked_services,omitempty"`
-	Upstreams       []string `json:"upstreams,omitempty"`
-
-	UseGlobalSettings        bool   `json:"use_global_settings"`
-	UseGlobalBlockedServices bool   `json:"use_global_blocked_services"`
-	Name                     string `json:"name"`
-	FilteringEnabled         bool   `json:"filtering_enabled"`
-	ParentalEnabled          bool   `json:"parental_enabled"`
-	SafesearchEnabled        bool   `json:"safesearch_enabled"`
-	SafebrowsingEnabled      bool   `json:"safebrowsing_enabled"`
-	Disallowed               bool   `json:"disallowed"`
-	DisallowedRule           string `json:"disallowed_rule"`
-}
-
-// Sort sort clients
-func (cl *Client) Sort() {
-	sort.Strings(cl.Ids)
-	sort.Strings(cl.Tags)
-	sort.Strings(cl.BlockedServices)
-	sort.Strings(cl.Upstreams)
-}
-
-// Equals Clients equal check
-func (cl *Client) Equals(o *Client) bool {
-	cl.Sort()
-	o.Sort()
-
-	a, _ := json.Marshal(cl)
-	b, _ := json.Marshal(o)
-	return string(a) == string(b)
-}
-
-// Merge merge Clients
-func (clients *Clients) Merge(other *Clients) ([]Client, []Client, []Client) {
-	current := make(map[string]Client)
-	for _, client := range clients.Clients {
-		current[client.Name] = client
-	}
-
-	expected := make(map[string]Client)
-	for _, client := range other.Clients {
-		expected[client.Name] = client
-	}
-
-	var adds []Client
-	var removes []Client
-	var updates []Client
-
-	for _, cl := range expected {
-		if oc, ok := current[cl.Name]; ok {
-			if !cl.Equals(&oc) {
-				updates = append(updates, cl)
-			}
-			delete(current, cl.Name)
-		} else {
-			adds = append(adds, cl)
-		}
-	}
-
-	for _, rr := range current {
-		removes = append(removes, rr)
-	}
-
-	return adds, updates, removes
-}
-
-// ClientUpdate API struct
-type ClientUpdate struct {
-	Name string `json:"name"`
-	Data Client `json:"data"`
-}
-
-func equals(a []string, b []string) bool {
-	if len(a) != len(b) {
-		return false
-	}
-	for i, v := range a {
-		if v != b[i] {
-			return false
-		}
-	}
-	return true
-}
-
 // InstallConfig AdguardHome install config
 type InstallConfig struct {
 	Web      InstallPort `json:"web"`
--- a/pkg/types/types_suite_test.go
+++ b/pkg/types/types_suite_test.go
@@ -7,7 +7,7 @@ import (
 	. "github.com/onsi/gomega"
 )

-func TestTypes(t *testing.T) {
+func TestSync(t *testing.T) {
 	RegisterFailHandler(Fail)
 	RunSpecs(t, "Types Suite")
 }
--- a/pkg/types/types_test.go
+++ b/pkg/types/types_test.go
@@ -1,423 +1,129 @@
-package types_test
+package types

 import (
-	"encoding/json"
-	"net"
-	"os"
-
-	"github.com/bakito/adguardhome-sync/pkg/types"
-	"github.com/bakito/adguardhome-sync/pkg/versions"
-	"github.com/google/uuid"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )

 var _ = Describe("Types", func() {
-	var (
-		url     string
-		apiPath string
-	)
-	BeforeEach(func() {
-		url = "https://" + uuid.NewString()
-		apiPath = "/" + uuid.NewString()
-	})
-
-	Context("FilteringStatus", func() {
-		It("should correctly parse json", func() {
-			b, err := os.ReadFile("../..//testdata/filtering-status.json")
-			fs := &types.FilteringStatus{}
-			Ω(err).ShouldNot(HaveOccurred())
-			err = json.Unmarshal(b, fs)
-			Ω(err).ShouldNot(HaveOccurred())
-		})
-	})
-
-	Context("Filters", func() {
-		Context("Merge", func() {
-			var (
-				originFilters  types.Filters
-				replicaFilters types.Filters
-			)
-			BeforeEach(func() {
-				originFilters = types.Filters{}
-				replicaFilters = types.Filters{}
-			})
-
-			It("should add a missing filter", func() {
-				originFilters = append(originFilters, types.Filter{URL: url})
-				a, u, d := replicaFilters.Merge(originFilters)
-				Ω(a).Should(HaveLen(1))
-				Ω(u).Should(BeEmpty())
-				Ω(d).Should(BeEmpty())
-
-				Ω(a[0].URL).Should(Equal(url))
-			})
-
-			It("should remove additional filter", func() {
-				replicaFilters = append(replicaFilters, types.Filter{URL: url})
-				a, u, d := replicaFilters.Merge(originFilters)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(BeEmpty())
-				Ω(d).Should(HaveLen(1))
-
-				Ω(d[0].URL).Should(Equal(url))
-			})
-
-			It("should update existing filter when enabled differs", func() {
-				enabled := true
-				originFilters = append(originFilters, types.Filter{URL: url, Enabled: enabled})
-				replicaFilters = append(replicaFilters, types.Filter{URL: url, Enabled: !enabled})
-				a, u, d := replicaFilters.Merge(originFilters)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(HaveLen(1))
-				Ω(d).Should(BeEmpty())
-
-				Ω(u[0].Enabled).Should(Equal(enabled))
-			})
-
-			It("should update existing filter when name differs", func() {
-				name1 := uuid.NewString()
-				name2 := uuid.NewString()
-				originFilters = append(originFilters, types.Filter{URL: url, Name: name1})
-				replicaFilters = append(replicaFilters, types.Filter{URL: url, Name: name2})
-				a, u, d := replicaFilters.Merge(originFilters)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(HaveLen(1))
-				Ω(d).Should(BeEmpty())
-
-				Ω(u[0].Name).Should(Equal(name1))
-			})
-
-			It("should have no changes", func() {
-				originFilters = append(originFilters, types.Filter{URL: url})
-				replicaFilters = append(replicaFilters, types.Filter{URL: url})
-				a, u, d := replicaFilters.Merge(originFilters)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(BeEmpty())
-				Ω(d).Should(BeEmpty())
-			})
-		})
-	})
 	Context("AdGuardInstance", func() {
-		It("should build a key with url and api apiPath", func() {
-			i := &types.AdGuardInstance{URL: url, APIPath: apiPath}
-			Ω(i.Key()).Should(Equal(url + "#" + apiPath))
+		var inst AdGuardInstance
+
+		BeforeEach(func() {
+			inst = AdGuardInstance{}
 		})
-	})
-	Context("RewriteEntry", func() {
-		It("should build a key with url and api apiPath", func() {
-			domain := uuid.NewString()
-			answer := uuid.NewString()
-			re := &types.RewriteEntry{Domain: domain, Answer: answer}
-			Ω(re.Key()).Should(Equal(domain + "#" + answer))
-		})
-	})
-	Context("QueryLogConfig", func() {
-		Context("Equal", func() {
-			var (
-				a *types.QueryLogConfig
-				b *types.QueryLogConfig
-			)
+		Context("Instance Init", func() {
 			BeforeEach(func() {
-				a = &types.QueryLogConfig{}
-				b = &types.QueryLogConfig{}
+				inst.URL = "https://localhost:3000"
 			})
-			It("should be equal", func() {
-				a.Enabled = true
-				a.Interval = 1
-				a.AnonymizeClientIP = true
-				b.Enabled = true
-				b.Interval = 1
-				b.AnonymizeClientIP = true
-				Ω(a.Equals(b)).Should(BeTrue())
+			It("should correctly set Host and WebHost if only URL is set", func() {
+				err := inst.Init()
+				Ω(err).ShouldNot(HaveOccurred())
+				Ω(inst.Host).Should(Equal("localhost:3000"))
+				Ω(inst.WebHost).Should(Equal("localhost:3000"))
+				Ω(inst.URL).Should(Equal("https://localhost:3000"))
+				Ω(inst.WebURL).Should(Equal("https://localhost:3000"))
 			})
-			It("should not be equal when enabled differs", func() {
-				a.Enabled = true
-				b.Enabled = false
-				Ω(a.Equals(b)).ShouldNot(BeTrue())
+			It("should correctly set Host and WebHost if URL and WebURL are set", func() {
+				inst.WebURL = "https://127.0.0.1:4000"
+				err := inst.Init()
+				Ω(err).ShouldNot(HaveOccurred())
+				Ω(inst.Host).Should(Equal("localhost:3000"))
+				Ω(inst.WebHost).Should(Equal("127.0.0.1:4000"))
+				Ω(inst.WebURL).Should(Equal(inst.WebURL))
+				Ω(inst.URL).Should(Equal("https://localhost:3000"))
+				Ω(inst.WebURL).Should(Equal("https://127.0.0.1:4000"))
 			})
-			It("should not be equal when interval differs", func() {
-				a.Interval = 1
-				b.Interval = 2
-				Ω(a.Equals(b)).ShouldNot(BeTrue())
-			})
-			It("should not be equal when anonymizeClientIP differs", func() {
-				a.AnonymizeClientIP = true
-				b.AnonymizeClientIP = false
-				Ω(a.Equals(b)).ShouldNot(BeTrue())
-			})
-		})
-	})
-	Context("RewriteEntries", func() {
-		Context("Merge", func() {
-			var (
-				originRE  types.RewriteEntries
-				replicaRE types.RewriteEntries
-				domain    string
-			)
-			BeforeEach(func() {
-				originRE = types.RewriteEntries{}
-				replicaRE = types.RewriteEntries{}
-				domain = uuid.NewString()
-			})
-
-			It("should add a missing rewrite entry", func() {
-				originRE = append(originRE, types.RewriteEntry{Domain: domain})
-				a, r, d := replicaRE.Merge(&originRE)
-				Ω(a).Should(HaveLen(1))
-				Ω(r).Should(BeEmpty())
-				Ω(d).Should(BeEmpty())
-
-				Ω(a[0].Domain).Should(Equal(domain))
-			})
-
-			It("should remove additional ewrite entry", func() {
-				replicaRE = append(replicaRE, types.RewriteEntry{Domain: domain})
-				a, r, d := replicaRE.Merge(&originRE)
-				Ω(a).Should(BeEmpty())
-				Ω(r).Should(HaveLen(1))
-				Ω(d).Should(BeEmpty())
-
-				Ω(r[0].Domain).Should(Equal(domain))
-			})
-
-			It("should have no changes", func() {
-				originRE = append(originRE, types.RewriteEntry{Domain: domain})
-				replicaRE = append(replicaRE, types.RewriteEntry{Domain: domain})
-				a, r, d := replicaRE.Merge(&originRE)
-				Ω(a).Should(BeEmpty())
-				Ω(r).Should(BeEmpty())
-				Ω(d).Should(BeEmpty())
-			})
-
-			It("should remove target duplicate", func() {
-				originRE = append(originRE, types.RewriteEntry{Domain: domain})
-				replicaRE = append(replicaRE, types.RewriteEntry{Domain: domain})
-				replicaRE = append(replicaRE, types.RewriteEntry{Domain: domain})
-				a, r, d := replicaRE.Merge(&originRE)
-				Ω(a).Should(BeEmpty())
-				Ω(r).Should(HaveLen(1))
-				Ω(d).Should(BeEmpty())
-			})
-
-			It("should remove target duplicate", func() {
-				originRE = append(originRE, types.RewriteEntry{Domain: domain})
-				originRE = append(originRE, types.RewriteEntry{Domain: domain})
-				replicaRE = append(replicaRE, types.RewriteEntry{Domain: domain})
-				a, r, d := replicaRE.Merge(&originRE)
-				Ω(a).Should(BeEmpty())
-				Ω(r).Should(BeEmpty())
-				Ω(d).Should(HaveLen(1))
-			})
-		})
-	})
-	Context("UserRules", func() {
-		It("should join the rules correctly", func() {
-			r1 := uuid.NewString()
-			r2 := uuid.NewString()
-			ur := types.UserRules([]string{r1, r2})
-			Ω(ur.String()).Should(Equal(r1 + "\n" + r2))
-		})
-		It("should return a string for versions <= "+versions.LastStringCustomRules, func() {
-			r1 := uuid.NewString()
-			r2 := uuid.NewString()
-			pl := types.UserRules([]string{r1, r2}).ToPayload(versions.LastStringCustomRules)
-			Ω(pl).Should(BeAssignableToTypeOf(""))
-		})
-		It("should return a struct for versions > "+versions.IncompatibleAPI, func() {
-			r1 := uuid.NewString()
-			r2 := uuid.NewString()
-			pl := types.UserRules([]string{r1, r2}).ToPayload(versions.FixedIncompatibleAPI)
-			Ω(pl).Should(BeAssignableToTypeOf(&types.UserRulesRequest{}))
-		})
-	})
-	Context("UserRulesRequest", func() {
-		It("should join the rules correctly", func() {
-			r1 := uuid.NewString()
-			r2 := uuid.NewString()
-			urr := types.UserRulesRequest{Rules: []string{r1, r2}}
-			Ω(urr.String()).Should(Equal(r1 + "\n" + r2))
 		})
 	})
 	Context("Config", func() {
-		var cfg *types.Config
-		BeforeEach(func() {
-			cfg = &types.Config{}
+		Context("init", func() {
+			cfg := Config{
+				Replicas: []AdGuardInstance{
+					{URL: "https://localhost:3000"},
+				},
+			}
+			err := cfg.Init()
+			Ω(err).ShouldNot(HaveOccurred())
+			Ω(cfg.Replicas[0].Host).Should(Equal("localhost:3000"))
+			Ω(cfg.Replicas[0].WebHost).Should(Equal("localhost:3000"))
+			Ω(cfg.Replicas[0].URL).Should(Equal("https://localhost:3000"))
+			Ω(cfg.Replicas[0].WebURL).Should(Equal("https://localhost:3000"))
 		})
 		Context("UniqueReplicas", func() {
-			It("should be empty if noting defined", func() {
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(BeEmpty())
+			It("should return unique replicas in the array", func() {
+				cfg := Config{
+					Replicas: []AdGuardInstance{
+						{URL: "a"},
+						{URL: "a", APIPath: DefaultAPIPath},
+						{URL: "a", APIPath: "foo"},
+						{URL: "b", APIPath: DefaultAPIPath},
+					},
+					Replica: &AdGuardInstance{URL: "b"},
+				}
+				replicas := cfg.UniqueReplicas()
+				Ω(replicas).Should(HaveLen(3))
 			})
-			It("should be empty if replica url is not set", func() {
-				cfg.Replica = types.AdGuardInstance{URL: ""}
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(BeEmpty())
-			})
-			It("should be empty if replicas url is not set", func() {
-				cfg.Replicas = []types.AdGuardInstance{{URL: ""}}
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(BeEmpty())
-			})
-			It("should return only one replica if same url and apiPath", func() {
-				cfg.Replica = types.AdGuardInstance{URL: url, APIPath: apiPath}
-				cfg.Replicas = []types.AdGuardInstance{{URL: url, APIPath: apiPath}, {URL: url, APIPath: apiPath}}
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(HaveLen(1))
-			})
-			It("should return 3 one replicas if urls are different", func() {
-				cfg.Replica = types.AdGuardInstance{URL: url, APIPath: apiPath}
-				cfg.Replicas = []types.AdGuardInstance{{URL: url + "1", APIPath: apiPath}, {URL: url, APIPath: apiPath + "1"}}
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(HaveLen(3))
-			})
-			It("should set default api apiPath if not set", func() {
-				cfg.Replica = types.AdGuardInstance{URL: url}
-				cfg.Replicas = []types.AdGuardInstance{{URL: url + "1"}}
-				r := cfg.UniqueReplicas()
-				Ω(r).Should(HaveLen(2))
-				Ω(r[0].APIPath).Should(Equal(types.DefaultAPIPath))
-				Ω(r[1].APIPath).Should(Equal(types.DefaultAPIPath))
+		})
+		Context("mask", func() {
+			It("should mask all names and passwords", func() {
+				cfg := Config{
+					Replicas: []AdGuardInstance{
+						{URL: "a", Username: "user", Password: "pass"},
+					},
+					Replica: &AdGuardInstance{URL: "a", Username: "user", Password: "pass"},
+					API:     API{Username: "user", Password: "pass"},
+				}
+				masked := cfg.mask()
+				Ω(masked.Replicas[0].Username).Should(Equal("u**r"))
+				Ω(masked.Replicas[0].Password).Should(Equal("p**s"))
+				Ω(masked.Replica.Username).Should(Equal("u**r"))
+				Ω(masked.Replica.Password).Should(Equal("p**s"))
+				Ω(masked.API.Username).Should(Equal("u**r"))
+				Ω(masked.API.Password).Should(Equal("p**s"))
 			})
 		})
 	})
-
-	Context("Clients", func() {
-		Context("Merge", func() {
-			var (
-				originClients  *types.Clients
-				replicaClients types.Clients
-				name           string
-			)
-			BeforeEach(func() {
-				originClients = &types.Clients{}
-				replicaClients = types.Clients{}
-				name = uuid.NewString()
+	Context("Feature", func() {
+		Context("LogDisabled", func() {
+			It("should log all features", func() {
+				f := NewFeatures(false)
+				Ω(f.collectDisabled()).Should(HaveLen(11))
 			})
-
-			It("should add a missing client", func() {
-				originClients.Clients = append(originClients.Clients, types.Client{Name: name})
-				a, u, d := replicaClients.Merge(originClients)
-				Ω(a).Should(HaveLen(1))
-				Ω(u).Should(BeEmpty())
-				Ω(d).Should(BeEmpty())
-
-				Ω(a[0].Name).Should(Equal(name))
-			})
-
-			It("should remove additional client", func() {
-				replicaClients.Clients = append(replicaClients.Clients, types.Client{Name: name})
-				a, u, d := replicaClients.Merge(originClients)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(BeEmpty())
-				Ω(d).Should(HaveLen(1))
-
-				Ω(d[0].Name).Should(Equal(name))
-			})
-
-			It("should update existing client when name differs", func() {
-				disallowed := true
-				originClients.Clients = append(originClients.Clients, types.Client{Name: name, Disallowed: disallowed})
-				replicaClients.Clients = append(replicaClients.Clients, types.Client{Name: name, Disallowed: !disallowed})
-				a, u, d := replicaClients.Merge(originClients)
-				Ω(a).Should(BeEmpty())
-				Ω(u).Should(HaveLen(1))
-				Ω(d).Should(BeEmpty())
-
-				Ω(u[0].Disallowed).Should(Equal(disallowed))
+			It("should log no features", func() {
+				f := NewFeatures(true)
+				Ω(f.collectDisabled()).Should(BeEmpty())
 			})
 		})
 	})
-	Context("Services", func() {
-		Context("Equals", func() {
-			It("should be equal", func() {
-				s1 := types.Services([]string{"a", "b"})
-				s2 := types.Services([]string{"b", "a"})
-				Ω(s1.Equals(s2)).Should(BeTrue())
+	Context("TLS", func() {
+		var t TLS
+		BeforeEach(func() {
+			t = TLS{
+				CertDir: "/path/to/certs",
+			}
+		})
+		Context("Enabled", func() {
+			It("should use enabled", func() {
+				Ω(t.Enabled()).Should(BeTrue())
 			})
-			It("should not be equal different values", func() {
-				s1 := types.Services([]string{"a", "b"})
-				s2 := types.Services([]string{"B", "a"})
-				Ω(s1.Equals(s2)).ShouldNot(BeTrue())
-			})
-			It("should not be equal different length", func() {
-				s1 := types.Services([]string{"a", "b"})
-				s2 := types.Services([]string{"b", "a", "c"})
-				Ω(s1.Equals(s2)).ShouldNot(BeTrue())
+			It("should use disabled", func() {
+				t.CertDir = " "
+				Ω(t.Enabled()).Should(BeFalse())
 			})
 		})
-	})
-	Context("DNSConfig", func() {
-		Context("Equals", func() {
-			It("should be equal", func() {
-				dc1 := &types.DNSConfig{Upstreams: []string{"a"}}
-				dc2 := &types.DNSConfig{Upstreams: []string{"a"}}
-				Ω(dc1.Equals(dc2)).Should(BeTrue())
+		Context("Certs", func() {
+			It("should use default crt and key", func() {
+				crt, key := t.Certs()
+				Ω(crt).Should(Equal("/path/to/certs/tls.crt"))
+				Ω(key).Should(Equal("/path/to/certs/tls.key"))
 			})
-			It("should not be equal", func() {
-				dc1 := &types.DNSConfig{Upstreams: []string{"a"}}
-				dc2 := &types.DNSConfig{Upstreams: []string{"b"}}
-				Ω(dc1.Equals(dc2)).ShouldNot(BeTrue())
-			})
-		})
-	})
-	Context("DHCPServerConfig", func() {
-		Context("Equals", func() {
-			It("should be equal", func() {
-				dc1 := &types.DHCPServerConfig{
-					V4: &types.V4ServerConfJSON{
-						GatewayIP:     net.IPv4(1, 2, 3, 4),
-						LeaseDuration: 123,
-						RangeStart:    net.IPv4(1, 2, 3, 5),
-						RangeEnd:      net.IPv4(1, 2, 3, 6),
-						SubnetMask:    net.IPv4(255, 255, 255, 0),
-					},
-				}
-				dc2 := &types.DHCPServerConfig{
-					V4: &types.V4ServerConfJSON{
-						GatewayIP:     net.IPv4(1, 2, 3, 4),
-						LeaseDuration: 123,
-						RangeStart:    net.IPv4(1, 2, 3, 5),
-						RangeEnd:      net.IPv4(1, 2, 3, 6),
-						SubnetMask:    net.IPv4(255, 255, 255, 0),
-					},
-				}
-				Ω(dc1.Equals(dc2)).Should(BeTrue())
-			})
-			It("should not be equal", func() {
-				dc1 := &types.DHCPServerConfig{
-					V4: &types.V4ServerConfJSON{
-						GatewayIP:     net.IPv4(1, 2, 3, 3),
-						LeaseDuration: 123,
-						RangeStart:    net.IPv4(1, 2, 3, 5),
-						RangeEnd:      net.IPv4(1, 2, 3, 6),
-						SubnetMask:    net.IPv4(255, 255, 255, 0),
-					},
-				}
-				dc2 := &types.DHCPServerConfig{
-					V4: &types.V4ServerConfJSON{
-						GatewayIP:     net.IPv4(1, 2, 3, 4),
-						LeaseDuration: 123,
-						RangeStart:    net.IPv4(1, 2, 3, 5),
-						RangeEnd:      net.IPv4(1, 2, 3, 6),
-						SubnetMask:    net.IPv4(255, 255, 255, 0),
-					},
-				}
-				Ω(dc1.Equals(dc2)).ShouldNot(BeTrue())
-			})
-		})
-		Context("Clone", func() {
-			It("clone should be equal", func() {
-				dc1 := &types.DHCPServerConfig{
-					V4: &types.V4ServerConfJSON{
-						GatewayIP:     net.IPv4(1, 2, 3, 4),
-						LeaseDuration: 123,
-						RangeStart:    net.IPv4(1, 2, 3, 5),
-						RangeEnd:      net.IPv4(1, 2, 3, 6),
-						SubnetMask:    net.IPv4(255, 255, 255, 0),
-					},
-				}
-				Ω(dc1.Clone().Equals(dc1)).Should(BeTrue())
+			It("should use custom crt and key", func() {
+				t.CertName = "foo.crt"
+				t.KeyName = "bar.key"
+				crt, key := t.Certs()
+				Ω(crt).Should(Equal("/path/to/certs/foo.crt"))
+				Ω(key).Should(Equal("/path/to/certs/bar.key"))
 			})
 		})
 	})
--- a/pkg/utils/clone.go
+++ b/pkg/utils/clone.go
@@ -0,0 +1,15 @@
+package utils
+
+import "encoding/json"
+
+func Clone[I interface{}](in I, out I) I {
+	b, _ := json.Marshal(in)
+	_ = json.Unmarshal(b, out)
+	return out
+}
+
+func JsonEquals(a interface{}, b interface{}) bool {
+	ja, _ := json.Marshal(a)
+	jb, _ := json.Marshal(b)
+	return string(ja) == string(jb)
+}
--- a/pkg/utils/ptr.go
+++ b/pkg/utils/ptr.go
@@ -0,0 +1,14 @@
+package utils
+
+import "fmt"
+
+func Ptr[I interface{}](i I) *I {
+	return &i
+}
+
+func PtrToString[I interface{}](i *I) string {
+	if i == nil {
+		return ""
+	}
+	return fmt.Sprintf("%v", i)
+}
--- a/pkg/versions/versions.go
+++ b/pkg/versions/versions.go
@@ -4,16 +4,7 @@ import "golang.org/x/mod/semver"

 const (
 	// MinAgh minimal adguardhome version
-	MinAgh = "v0.107.0"
-	// LastStringCustomRules last adguardhome version with string payload custom rules
-	// https://github.com/bakito/adguardhome-sync/issues/99
-	LastStringCustomRules = "v0.107.13"
-	// IncompatibleAPI adguardhome  version with incompatible API
-	// https://github.com/bakito/adguardhome-sync/issues/99
-	IncompatibleAPI = "v0.107.14"
-	// FixedIncompatibleAPI adguardhome version with fixed API
-	// https://github.com/bakito/adguardhome-sync/issues/99
-	FixedIncompatibleAPI = "v0.107.15"
+	MinAgh = "v0.107.40"
 )

 func IsNewerThan(v1 string, v2 string) bool {
--- a/testdata/.gitignore
+++ b/testdata/.gitignore
@@ -0,0 +1,2 @@
+docker-compose.yaml
+!config_test_*.yaml
--- a/testdata/blockedservicesschedule-get.json
+++ b/testdata/blockedservicesschedule-get.json
@@ -0,0 +1,22 @@
+{
+  "schedule": {
+    "time_zone": "Europe/Zurich",
+    "tue": {
+      "start": 0,
+      "end": 86340000
+    },
+    "thu": {
+      "start": 0,
+      "end": 86340000
+    },
+    "sat": {
+      "start": 0,
+      "end": 35940000
+    }
+  },
+  "ids": [
+    "9gag",
+    "dailymotion",
+    "disneyplus"
+  ]
+}
--- a/testdata/config_test_replica.yaml
+++ b/testdata/config_test_replica.yaml
@@ -0,0 +1,37 @@
+origin:
+  url: https://origin-file:443
+  webURL: https://origin-file:443
+  apiPath: /control
+  username: foo
+  password: '*********'
+  insecureSkipVerify: true
+  autoSetup: false
+replica:
+  url: https://replica-file:443
+  webURL: https://replica-file:443
+  apiPath: /control
+  username: bar
+  password: '*********'
+  insecureSkipVerify: false
+  autoSetup: false
+  interfaceName: eth3
+  dhcpServerEnabled: false
+cron: '*/15 * * * *'
+runOnStart: true
+printConfigOnly: true
+api:
+  port: 9090
+features:
+  dns:
+    accessLists: true
+    serverConfig: false
+    rewrites: true
+  dhcp:
+    serverConfig: true
+    staticLeases: true
+  generalSettings: true
+  queryLogConfig: true
+  statsConfig: true
+  clientSettings: true
+  services: true
+  filters: true
--- a/testdata/config_test_replicas.yaml
+++ b/testdata/config_test_replicas.yaml
@@ -0,0 +1,37 @@
+origin:
+  url: https://origin-file:443
+  webURL: https://origin-file:443
+  apiPath: /control
+  username: foo
+  password: '*********'
+  insecureSkipVerify: true
+  autoSetup: false
+replicas:
+  - url: https://replica-file:443
+    webURL: https://replica-file:443
+    apiPath: /control
+    username: bar
+    password: '*********'
+    insecureSkipVerify: false
+    autoSetup: false
+    interfaceName: eth3
+    dhcpServerEnabled: false
+cron: '*/15 * * * *'
+runOnStart: true
+printConfigOnly: true
+api:
+  port: 9090
+features:
+  dns:
+    accessLists: true
+    serverConfig: false
+    rewrites: true
+  dhcp:
+    serverConfig: true
+    staticLeases: true
+  generalSettings: true
+  queryLogConfig: true
+  statsConfig: true
+  clientSettings: true
+  services: true
+  filters: true
--- a/testdata/config_test_replicas_and_replica.yaml
+++ b/testdata/config_test_replicas_and_replica.yaml
@@ -0,0 +1,47 @@
+origin:
+  url: https://origin-file:443
+  webURL: https://origin-file:443
+  apiPath: /control
+  username: foo
+  password: '*********'
+  insecureSkipVerify: true
+  autoSetup: false
+replica:
+  url: https://replica-file:443
+  webURL: https://replica-file:443
+  apiPath: /control
+  username: bar
+  password: '*********'
+  insecureSkipVerify: false
+  autoSetup: false
+  interfaceName: eth3
+  dhcpServerEnabled: false
+replicas:
+  - url: https://replicas-file:443
+    webURL: https://replicas-file:443
+    apiPath: /control
+    username: bar
+    password: '*********'
+    insecureSkipVerify: false
+    autoSetup: false
+    interfaceName: eth3
+    dhcpServerEnabled: false
+cron: '*/15 * * * *'
+runOnStart: true
+printConfigOnly: true
+api:
+  port: 9090
+features:
+  dns:
+    accessLists: true
+    serverConfig: false
+    rewrites: true
+  dhcp:
+    serverConfig: true
+    staticLeases: true
+  generalSettings: true
+  queryLogConfig: true
+  statsConfig: true
+  clientSettings: true
+  services: true
+  filters: true
--- a/testdata/e2e/bin/install-chart.sh
+++ b/testdata/e2e/bin/install-chart.sh
@@ -6,4 +6,4 @@ kubectl config set-context --current --namespace=agh-e2e
 if [[ $(helm list --no-headers -n agh-e2e | grep agh-e2e | wc -l) == "1" ]]; then
  helm delete agh-e2e -n agh-e2e --wait
 fi
-helm install agh-e2e testdata/e2e -n agh-e2e --create-namespace
+helm install agh-e2e testdata/e2e -n agh-e2e --create-namespace --set mode=${1}
--- a/testdata/e2e/bin/read-latest-replica-config.sh
+++ b/testdata/e2e/bin/read-latest-replica-config.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+  echo "## AdGuardHome.yaml of latest replica" >> $GITHUB_STEP_SUMMARY
+  echo '```' >> $GITHUB_STEP_SUMMARY
+  kubectl exec adguardhome-replica-latest -- cat /opt/adguardhome/conf/AdGuardHome.yaml >> $GITHUB_STEP_SUMMARY
+  echo '```' >> $GITHUB_STEP_SUMMARY
--- a/testdata/e2e/bin/show-sync-metrics.sh
+++ b/testdata/e2e/bin/show-sync-metrics.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -e
+
+echo "wait another scrape interval (30s)"
+
+sleep 30
+
+echo "## Pod adguardhome-sync metrics" >> $GITHUB_STEP_SUMMARY
+echo '```' >> $GITHUB_STEP_SUMMARY
+curl ${1}://localhost:9090/metrics -s -k >> $GITHUB_STEP_SUMMARY
+echo '```' >> $GITHUB_STEP_SUMMARY
--- a/testdata/e2e/bin/wait-for-sync.sh
+++ b/testdata/e2e/bin/wait-for-sync.sh
@@ -1,4 +1,14 @@
 #!/bin/bash
-set -e

-kubectl wait --for=jsonpath='{.status.phase}'=Succeeded pod/adguardhome-sync --timeout=1m
+kubectl wait --for=jsonpath='{.status.phase}'=Running pod/adguardhome-sync --timeout=1m
+
+kubectl port-forward pod/adguardhome-sync 9090:9090 &
+
+for i in {1..6}; do
+  sleep 10
+   RUNNING=$(curl ${1}://localhost:9090/api/v1/status -s -k | jq -r .syncRunning)
+   echo "SyncRunning = ${RUNNING}"
+   if [[ "${RUNNING}" == "false" ]]; then
+     exit 0
+   fi
+done
--- a/testdata/e2e/resources/AdGuardHome.yaml
+++ b/testdata/e2e/resources/AdGuardHome.yaml
@@ -0,0 +1,206 @@
+http:
+  pprof:
+    port: 6060
+    enabled: false
+  address: 0.0.0.0:3000
+  session_ttl: 720h
+users:
+  - name: username
+    password: $2a$10$yrrX.EvDpUUnZxr74u6euOMeF6dPFd/mEyohDq1LkpH76JyeObPBm
+auth_attempts: 5
+block_auth_min: 15
+http_proxy: ""
+language: en
+theme: auto
+dns:
+  bind_hosts:
+    - 0.0.0.0
+  port: 53
+  anonymize_client_ip: false
+  ratelimit: 20
+  ratelimit_whitelist: [ ]
+  refuse_any: true
+  upstream_dns:
+    - https://dns10.quad9.net/dns-query
+  upstream_dns_file: ""
+  bootstrap_dns:
+    - 1.1.1.1:53
+  fallback_dns: [ ]
+  all_servers: false
+  fastest_addr: false
+  fastest_timeout: 1s
+  allowed_clients: [ ]
+  disallowed_clients: [ ]
+  blocked_hosts:
+    - version.bind
+    - id.server
+    - hostname.bind
+  trusted_proxies:
+    - 127.0.0.0/8
+    - ::1/128
+  cache_size: 4194304
+  cache_ttl_min: 0
+  cache_ttl_max: 0
+  cache_optimistic: true
+  bogus_nxdomain: [ ]
+  aaaa_disabled: false
+  enable_dnssec: false
+  edns_client_subnet:
+    custom_ip: ""
+    enabled: false
+    use_custom: false
+  max_goroutines: 300
+  handle_ddr: true
+  ipset: [ ]
+  ipset_file: ""
+  bootstrap_prefer_ipv6: false
+  upstream_timeout: 10s
+  private_networks: [ ]
+  use_private_ptr_resolvers: true
+  local_ptr_upstreams: [ ]
+  use_dns64: false
+  dns64_prefixes: [ ]
+  serve_http3: false
+  use_http3_upstreams: false
+tls:
+  enabled: false
+  server_name: ""
+  force_https: false
+  port_https: 443
+  port_dns_over_tls: 853
+  port_dns_over_quic: 853
+  port_dnscrypt: 0
+  dnscrypt_config_file: ""
+  allow_unencrypted_doh: false
+  certificate_chain: ""
+  private_key: ""
+  certificate_path: ""
+  private_key_path: ""
+  strict_sni_check: false
+querylog:
+  ignored: [ ]
+  interval: 6h
+  size_memory: 1000
+  enabled: true
+  file_enabled: true
+statistics:
+  ignored: [ ]
+  interval: 24h
+  enabled: true
+filters:
+  - enabled: true
+    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
+    name: AdGuard DNS filter
+    id: 1
+  - enabled: true
+    url: https://adaway.org/hosts.txt
+    name: AdAway Default Blocklist
+    id: 2
+whitelist_filters: [ ]
+user_rules:
+  - '||metrics2.data.hicloud.com^$important'
+  - '||www.curiouscorrespondence.com^$important'
+  - '||bluewizard.com^$important'
+  - '||facebook.com^$important'
+dhcp:
+  enabled: false
+  interface_name: eth0
+  local_domain_name: lan
+  dhcpv4:
+    gateway_ip: 1.2.3.4
+    subnet_mask: 255.255.0.0
+    range_start: 1.2.3.5
+    range_end: 1.2.3.56
+    lease_duration: 86400
+    icmp_timeout_msec: 1000
+    options: [ ]
+  dhcpv6:
+    range_start: ""
+    lease_duration: 86400
+    ra_slaac_only: false
+    ra_allow_slaac: false
+filtering:
+  blocking_ipv4: ""
+  blocking_ipv6: ""
+  blocked_services:
+    schedule:
+      time_zone: Europe/Zurich
+      tue:
+        start: 0s
+        end: 23h59m
+      thu:
+        start: 0s
+        end: 23h59m
+      sat:
+        start: 0s
+        end: 9h59m
+    ids:
+      - 9gag
+      - dailymotion
+      - disneyplus
+  protection_disabled_until: null
+  safe_search:
+    enabled: true
+    bing: true
+    duckduckgo: true
+    google: true
+    pixabay: true
+    yandex: true
+    youtube: true
+  blocking_mode: default
+  parental_block_host: family-block.dns.adguard.com
+  safebrowsing_block_host: standard-block.dns.adguard.com
+  rewrites: [ ]
+  safebrowsing_cache_size: 1048576
+  safesearch_cache_size: 1048576
+  parental_cache_size: 1048576
+  cache_time: 30
+  filters_update_interval: 24
+  blocked_response_ttl: 10
+  filtering_enabled: true
+  parental_enabled: true
+  safebrowsing_enabled: true
+  protection_enabled: true
+clients:
+  runtime_sources:
+    whois: true
+    arp: true
+    rdns: true
+    dhcp: true
+    hosts: true
+  persistent:
+    - name: Device 1
+      tags:
+        - device_1
+      ids:
+        - 2.2.2.2
+      blocked_services:
+        schedule:
+          time_zone: Europe/Zurich
+        ids:
+          - facebook
+          - mail_ru
+          - qq
+          - vk
+          - ok
+      upstreams: [ ]
+      use_global_settings: true
+      filtering_enabled: false
+      parental_enabled: false
+      safebrowsing_enabled: false
+      use_global_blocked_services: false
+      ignore_querylog: false
+      ignore_statistics: false
+log:
+  file: ""
+  max_backups: 0
+  max_size: 100
+  max_age: 3
+  compress: false
+  local_time: false
+  verbose: false
+os:
+  group: ""
+  user: ""
+  rlimit_nofile: 0
+schema_version: 27
--- a/testdata/e2e/templates/NOTES.txt
+++ b/testdata/e2e/templates/NOTES.txt
@@ -0,0 +1,4 @@
+Installed adguardhome-sync end-2-end test with {{ len .Values.replica.versions }} replica instances.
+{{- range $_, $version := .Values.replica.versions }}
+  - {{ $version }}
+{{- end }}
--- a/testdata/e2e/templates/configmap-certs.yaml
+++ b/testdata/e2e/templates/configmap-certs.yaml
@@ -0,0 +1,93 @@
+{{- if eq .Values.mode "env" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: certs
+  namespace: {{ .Release.Namespace }}
+data:
+  my.crt: |
+    -----BEGIN CERTIFICATE-----
+    MIIE7zCCAtcCFFthw5GxzLaZC/pTTlbwju6vYr9pMA0GCSqGSIb3DQEBCwUAMDMx
+    CzAJBgNVBAYTAkNIMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZiYWtp
+    dG8wIBcNMjQwNDA0MDUxOTMyWhgPMjEyNDAzMTEwNTE5MzJaMDMxCzAJBgNVBAYT
+    AkNIMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZiYWtpdG8wggIiMA0G
+    CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCenHJ0SunHqdtBdG8d5Uy8y5KESOPE
+    GCpcjNetSR53binlV3QjVckrA+6tHQBR3yXpSgHWU424fR3eTdHsbS9/8/pAnV0V
+    CAaUntbCr5CJ8ww2zRlGSz6IlxkwJkqx4crmYUcTm6XNcEm5kSoBmFR1s8TiQAQ8
+    CnJyt4m3S5jSKnexAMi2l2LP4F5P5MwLHdpl2sfRYydWOoJty9nSYuRxarv7G7e3
+    N102voL3W2F9Dk8QbKF1Kzxcfmh+4twNz/YfUxxB3tggrCGHfMu4EcvMrFCkKhNv
+    sFcG9aZ0gNj4x54vCOMK+LuVd8JZQMcGBdcxZUq+q4nyj4dxFDKSUjZ+nVjdbuab
+    dk72dVbv/r2j6aGFuZDwPeYrKOyGCUlzyPvtX3qDjrebvalkrua0ApJLTiUntQK4
+    E+8P658GUzwqhKi6COEmgJgZO1+xIhO68OzPS6qj8OvgOw97VJqWsnTkDeu5Xd3E
+    qW37lk62EQ75FCLaWAmyBcxTDlIWNfwvSlI57Iyw0ec9ziN4JP+6pX3QTcj69Kvc
+    ERExUNGWcyQVYiCFigBqL/UtGO73PA4kb8P6Zef0oTx7siw4ysImvQ/RHvbArXPE
+    iqxg/afjJz/w7fTTwk9DRW12hiWj7+ojZMcoYCj1PcOlmZvchwZRdN8Lp37wm11I
+    EYxdoBQVRWk0vwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQB6H+z2IEtiBTOIFnYJ
+    ++CvZWw0CLPSpuFTwpDRIVUbrfhpFoXMwb6ungaqrGNXv3H4HQXl2EwXwZomsy2K
+    /pjk/0rHFdleEtJ4beSv44ToGCL+RqeU38sGuxCDQBCxIqGcbkErkqEYJqaSEV9I
+    elKjBA5PEy+WO/P+J5UYU6aY+59C+ZHrZ8HzoPUGrZ6ESu9Wm/9iOpUn4DWFzOOu
+    E/14QQqpHzHRvpbfOb/dsnEYv7JoiOaXhOedKmx5k+bLhNCXOJiqyqphNp0Io3Fr
+    8i6IxfvOo/6nw9sQ02E6PjNyC5bRq7TUrqffTcCRq7EYhJoK43V7nzLpUBItBF7K
+    FszFnvBxvgPtUdbhs6O8U8pqoPw1vCnoJLnerGfN1fEclV7Sbf3d1hCYXtHzmpZM
+    qflEkJIPSgkr8dyi2JjSQR5AJUtB5/VAZwBATNKNYINfnEVzyle+64iVaKteRt9e
+    yeLoy/ktTZSlQbb7/qg4NtQx9SA5PlYVMLj20S5HwStGQhLIb5lrwzkHNUZmkDWr
+    LUX1ufOfhNpCH2Egn078pyEn88B5iRTga2auCk3siOs9H3wmbT2r57E7ddX3l9Sf
+    MzO/8HyfNoa2RUTnJHdyduAT7VytyJSSRmfeapw9ITngZHGmpPhisKhxb6IoZm0J
+    j10kyQuFfNcZKlNa3D7XFvqzWQ==
+    -----END CERTIFICATE-----
+
+  my.key: |
+    -----BEGIN PRIVATE KEY-----
+    MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCenHJ0SunHqdtB
+    dG8d5Uy8y5KESOPEGCpcjNetSR53binlV3QjVckrA+6tHQBR3yXpSgHWU424fR3e
+    TdHsbS9/8/pAnV0VCAaUntbCr5CJ8ww2zRlGSz6IlxkwJkqx4crmYUcTm6XNcEm5
+    kSoBmFR1s8TiQAQ8CnJyt4m3S5jSKnexAMi2l2LP4F5P5MwLHdpl2sfRYydWOoJt
+    y9nSYuRxarv7G7e3N102voL3W2F9Dk8QbKF1Kzxcfmh+4twNz/YfUxxB3tggrCGH
+    fMu4EcvMrFCkKhNvsFcG9aZ0gNj4x54vCOMK+LuVd8JZQMcGBdcxZUq+q4nyj4dx
+    FDKSUjZ+nVjdbuabdk72dVbv/r2j6aGFuZDwPeYrKOyGCUlzyPvtX3qDjrebvalk
+    rua0ApJLTiUntQK4E+8P658GUzwqhKi6COEmgJgZO1+xIhO68OzPS6qj8OvgOw97
+    VJqWsnTkDeu5Xd3EqW37lk62EQ75FCLaWAmyBcxTDlIWNfwvSlI57Iyw0ec9ziN4
+    JP+6pX3QTcj69KvcERExUNGWcyQVYiCFigBqL/UtGO73PA4kb8P6Zef0oTx7siw4
+    ysImvQ/RHvbArXPEiqxg/afjJz/w7fTTwk9DRW12hiWj7+ojZMcoYCj1PcOlmZvc
+    hwZRdN8Lp37wm11IEYxdoBQVRWk0vwIDAQABAoICAEx3eTh2m1F+oq1iQGXF0+Kb
+    NEZhS6mQyu92mU46F52Vd05RhLS6WXNLAIjmF+7gqYrYep1FB+ifLUSs+N1GYGWM
+    DqSTGTqX9XA2SaxvbrwK+GL9K0e34+x/CA4uD8nFZQf/cwBRhDRQg8KaaQl+0o0y
+    P2OiYEg/8yA6OwMqx4DfJ3gmvB1HS8STU3SqBfMAD/gV60qXxnGsYJAlfJyQv7is
+    L/dmTAJhByfq3gH5xLzBJr3w2UA/OWkQKjmuDk/8aBh+/XsGP+U0hy+mKyLRNZM1
+    qeUTQe6RMcuxp2+4ZKI/vpPHcYorE2iCZaiY8bqGG1J9lnTpB2bw6mfKSH1BdHKB
+    BCpnvMebe56hfNzQgbE5N4XZUHE4fdFRSDe0cLyagN+5BAekaA10E5cW5/7bfs4P
+    VFtJgcj3wSRsnYQ4UZoA/9LE6IeQXuHauUFf9lGvy26oW8FkuTysZk6w5uxyJOew
+    qM0/r7DaGZ6umAsINgLMV/2+ksVDGdOpcHmd7S6Gi26vFKIPdIXWO6BtVej6Mkb9
+    vUKEEnJbx+gdiehAO63WAg9KR77bHwTXFPYGvza3mB1SXrZCGjjfBnI5yQP6VDwG
+    uRa0fY/thbsS8QdHc6lmMJNKJnCyes3sG99qcpOX0HBWRpGt9YzjHMK16uQbMPn1
+    0ApKa/1j/izsQtMkai81AoIBAQDLi/WbQY5jrKesRjSN7AOGND0Ge/NHF7hPIKW6
+    Ql+BKiu3AiADemiXfnpeBS8OtkqxFWNFT6Ob2uv5pF2aRzP1un8mTaSipQu5iEOz
+    tejyiWGMCzKaGPksB/d2spDxaDTs1KIyM+YVP2ynx8IGwet2mRcWZ4ixyQxgaj2o
+    vZeCesxJZSPlt+D0NoPlthwDx4B7D49tU288WEvhPspcAjW3udE4WV4dnmFTZFtD
+    ZmJ9GrW4rQsti6D2f+hnkWi17F+qGR0B7B4yyE66W8y3wzMfq0/tZzBpAH+azwjk
+    qkHIbePrWTpwLwbAK4L4cKENs+yivAldfUj4kgVUhVLCscCrAoIBAQDHfBKKF/DK
+    BsGvWSxo5QahJza2px1walQeE0AifkDYkLI+fyYnArOTUKKAC1/SxI21PWlPPJHz
+    bt2lhF+I3+DFJTDLsUrBUN923rTpt1WpQVvBNzUFVz6JDlYr6VUOVOX0KY+LVE20
+    iPmZLrutgO3JRMMFWOaT0ptV1dVx/Eyd4BiT+NfK06D4ZSHGZ6QAsuUmjc+M5VfM
+    nRbuDlpMgOcBQYQSAfrA+LT6jZorv0mOO6rigNWzIP8FlsJxf1A5o5zL9CYAOOk/
+    lRWI7K4LSP4TTcTW8DnXqVH7q569d2QA/RS2B1EUEdpNuT2aKIAsNNrhA3JCX6S9
+    UZm9KOBwYuQ9AoIBAQCbD8ZNPkXA/RjHDryemXud01HiDK8qK5HHBfH60PF8rqma
+    w02sGKZxMnL6CSzuIkUIXmi/tonHA6HdDjAYhcG5oxeWEHQpS16BOqOI1j3d9naP
+    f0BPUFMSDgehLytoHKClAt+FKzBOY4Dc2Dqhdz1vnfSOptTly2lYUdcjIzu2tOHH
+    z/rm14vRv23/oxn4bxUbqqDzAiqtZ/52W6VBLpXJnw8ZxEsEeVFffAZidC73a0+g
+    noLzcXlwD8T2kTmZzbabGIKWok/nE92V7rUoENZze8hp7MBeXXjYcHwv5twyWjTV
+    Z6YzLEASSZN+vB6VF8pftqvTwsvCQUs6Nk7z7wH9AoIBAA6EH9E+tr3syfFZmtqz
+    N81ITjnyZTkF88MQgY1BBLT9qorTs9II50pkBr8slLeAqBM1OdGTRceiHKzrugv6
+    xp9x+mAIMblpiilbQWz0c15SrDueKdSOqbVNfsXJP/BAC0++KnzoEJN/mDImbW/N
+    vv/zagGcm4LMQ5N2cQbPZj/iy8cQx5sx1TfeHBwU9KE8Y2Jv1VeaZM417DI8hyOk
+    CatUuiiZTkb2kizdWwet7stT2jaLS4Gyd/xPIS0jJ5JaLpHE3XMMsSR4U83X8z5M
+    /HgpI5bEemEQKDAZJ/7/jh5oTDaGx8afGfSn8yyhn9oXqonPN2RPE2zXYEmcjOCA
+    wb0CggEBAI9ztuEtsucOVKa52Itzvk8sZn2MF1kpUPHGF6/VW6a/s45wvvFFW3PE
+    BjqmgJX8s2ZLgOgWE/wEmEpHX+lxmebYJ3bmOsx5eGfA1eZBypWCBYBSfezf/1zD
+    3AD65+gwO4GhnSN4zsrlyVC6SsWEaeu+sxexHt15YJI9SkwCkvZTYoLqe9nMcAjY
+    h41p/i6bhl9ODZPd1+hL631EFWguyMVSVTDgIG141OIYKz5hVQZ08ddrwHB2gPf6
+    JSdU2DFOD6tNCfvTYAMvUfkoIt3g9RDJ5dTdR9J/3efm0ZIutcYcHiASIcubPU9x
+    r8Ww1tZIoBx/s50i7X1JFyuXp0TWQsI=
+    -----END PRIVATE KEY-----
+
+{{- end }}
--- a/testdata/e2e/templates/configmap-origin.yaml
+++ b/testdata/e2e/templates/configmap-origin.yaml
@@ -5,170 +5,4 @@ metadata:
  namespace: {{ .Release.Namespace }}
 data:
  AdGuardHome.yaml: |
-    bind_host: 0.0.0.0
-    bind_port: 3000
-    beta_bind_port: 0
-    users:
-      - name: username
-        password: $2a$10$yrrX.EvDpUUnZxr74u6euOMeF6dPFd/mEyohDq1LkpH76JyeObPBm
-    auth_attempts: 5
-    block_auth_min: 15
-    http_proxy: ""
-    language: en
-    debug_pprof: false
-    web_session_ttl: 720
-    dns:
-      bind_hosts:
-        - 0.0.0.0
-      port: 53
-      statistics_interval: 1
-      querylog_enabled: true
-      querylog_file_enabled: true
-      querylog_interval: 6h
-      querylog_size_memory: 1000
-      anonymize_client_ip: false
-      protection_enabled: true
-      blocking_mode: default
-      blocking_ipv4: ""
-      blocking_ipv6: ""
-      blocked_response_ttl: 10
-      parental_block_host: family-block.dns.adguard.com
-      safebrowsing_block_host: standard-block.dns.adguard.com
-      ratelimit: 20
-      ratelimit_whitelist: []
-      refuse_any: true
-      upstream_dns:
-        - https://dns10.quad9.net/dns-query
-      upstream_dns_file: ""
-      bootstrap_dns:
-        - 1.1.1.1:53
-      all_servers: false
-      fastest_addr: false
-      fastest_timeout: 1s
-      allowed_clients: []
-      disallowed_clients: []
-      blocked_hosts:
-        - version.bind
-        - id.server
-        - hostname.bind
-      trusted_proxies:
-        - 127.0.0.0/8
-        - ::1/128
-      cache_size: 4194304
-      cache_ttl_min: 0
-      cache_ttl_max: 0
-      cache_optimistic: true
-      bogus_nxdomain: []
-      aaaa_disabled: false
-      enable_dnssec: false
-      edns_client_subnet: false
-      max_goroutines: 300
-      handle_ddr: true
-      ipset: []
-      ipset_file: ""
-      filtering_enabled: true
-      filters_update_interval: 12
-      parental_enabled: true
-      safesearch_enabled: true
-      safebrowsing_enabled: true
-      safebrowsing_cache_size: 1048576
-      safesearch_cache_size: 1048576
-      parental_cache_size: 1048576
-      cache_time: 30
-      rewrites:
-        - domain: foo.bar.com
-          answer: 1.2.3.4
-      blocked_services:
-        - 9gag
-        - dailymotion
-      upstream_timeout: 10s
-      private_networks: []
-      use_private_ptr_resolvers: true
-      local_ptr_upstreams: []
-      serve_http3: false
-      use_http3_upstreams: false
-    tls:
-      enabled: false
-      server_name: ""
-      force_https: false
-      port_https: 443
-      port_dns_over_tls: 853
-      port_dns_over_quic: 853
-      port_dnscrypt: 0
-      dnscrypt_config_file: ""
-      allow_unencrypted_doh: false
-      strict_sni_check: false
-      certificate_chain: ""
-      private_key: ""
-      certificate_path: ""
-      private_key_path: ""
-    filters:
-      - enabled: true
-        url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
-        name: AdGuard DNS filter
-        id: 1
-      - enabled: true
-        url: https://adaway.org/hosts.txt
-        name: AdAway Default Blocklist
-        id: 2
-    whitelist_filters: []
-    user_rules:
-      - '||metrics2.data.hicloud.com^$important'
-      - '||www.curiouscorrespondence.com^$important'
-      - '||bluewizard.com^$important'
-      - '||facebook.com^$important'
-    dhcp:
-      enabled: false
-      interface_name: eth0
-      local_domain_name: lan
-      dhcpv4:
-        gateway_ip: 1.2.3.4
-        subnet_mask: 255.255.0.0
-        range_start: 1.2.3.5
-        range_end: 1.2.3.56
-        lease_duration: 86400
-        icmp_timeout_msec: 1000
-        options: []
-      dhcpv6:
-        range_start: ""
-        lease_duration: 86400
-        ra_slaac_only: false
-        ra_allow_slaac: false
-    clients:
-      runtime_sources:
-        whois: true
-        arp: true
-        rdns: true
-        dhcp: true
-        hosts: true
-      persistent:
-        - name: Device 1
-          tags:
-            - device_1
-          ids:
-            - 2.2.2.2
-          blocked_services:
-            - facebook
-            - ok
-            - vk
-            - mail_ru
-            - qq
-          upstreams: []
-          use_global_settings: true
-          filtering_enabled: false
-          parental_enabled: false
-          safesearch_enabled: false
-          safebrowsing_enabled: false
-          use_global_blocked_services: false
-    log_file: ""
-    log_max_backups: 0
-    log_max_size: 100
-    log_max_age: 3
-    log_compress: false
-    log_localtime: false
-    verbose: false
-    os:
-      group: ""
-      user: ""
-      rlimit_nofile: 0
-    schema_version: 14
+  {{- .Files.Get "resources/AdGuardHome.yaml" | nindent 4 }}
--- a/testdata/e2e/templates/configmap-sync-env.yaml
+++ b/testdata/e2e/templates/configmap-sync-env.yaml
@@ -0,0 +1,24 @@
+{{- if eq .Values.mode "env" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sync-conf
+  namespace: {{ .Release.Namespace }}
+data:
+  API_PORT: '9090'
+  API_METRICS_ENABLED: 'true'
+  API_METRICS_SCRAPE_INTERVAL: '30s'
+  API_TLS_CERT_DIR: '/certs'
+  API_TLS_CERT_NAME: 'my.crt'
+  API_TLS_KEY_NAME: 'my.key'
+  LOG_FORMAT: 'json'
+  ORIGIN_URL: 'http://service-origin.{{ $.Release.Namespace }}.svc.cluster.local:3000'
+  ORIGIN_PASSWORD: 'password'
+  ORIGIN_USERNAME: 'username'
+  {{- range $i,$version := .Values.replica.versions }}
+  REPLICA{{ add 1 $i }}_AUTO_SETUP: 'true'
+  REPLICA{{ add 1 $i }}_URL: 'http://service-replica-{{ $version | toString | replace "." "-" }}.{{ $.Release.Namespace }}.svc.cluster.local:3000'
+  REPLICA{{ add 1 $i }}_PASSWORD: 'password'
+  REPLICA{{ add 1 $i }}_USERNAME: 'username'
+  {{- end }}
+{{- end }}
--- a/testdata/e2e/templates/configmap-sync-file.yaml
+++ b/testdata/e2e/templates/configmap-sync-file.yaml
@@ -0,0 +1,25 @@
+{{- if eq .Values.mode "file" }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sync-conf
+  namespace: {{ .Release.Namespace }}
+data:
+  config.yaml: |
+    origin:
+      url: 'http://service-origin.{{ $.Release.Namespace }}.svc.cluster.local:3000'
+      username: username
+      password: password
+    api:
+      port: 9090
+      metrics:
+        enabled: true
+        scrapeInterval: 30s
+    replicas:
+      {{- range $i,$version := .Values.replica.versions }}
+      - url: 'http://service-replica-{{ $version | toString | replace "." "-" }}.{{ $.Release.Namespace }}.svc.cluster.local:3000'
+        username: username
+        password: password
+        autoSetup: true
+      {{- end }}
+{{- end }}
--- a/testdata/e2e/templates/configmap-sync.yaml
+++ b/testdata/e2e/templates/configmap-sync.yaml
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: sync-conf
-  namespace:  {{ .Release.Namespace }}
-data:
-  API_PORT: "0"
-  LOG_LEVEL: info
-  ORIGIN_URL: http://service-origin.{{ $.Release.Namespace }}.svc.cluster.local:3000
-  ORIGIN_PASSWORD: password
-  ORIGIN_USERNAME: username
-  {{ range $i,$version := .Values.replica.versions }}
-  REPLICA{{ $i }}_AUTOSETUP: "true"
-  REPLICA{{ $i }}_URL: http://service-replica-{{ $version | toString | replace "." "-" }}.{{ $.Release.Namespace }}.svc.cluster.local:3000
-  REPLICA{{ $i }}_PASSWORD: password
-  REPLICA{{ $i }}_USERNAME: username
-{{- end }}
--- a/testdata/e2e/templates/pod-adguardhome-sync-env.yaml
+++ b/testdata/e2e/templates/pod-adguardhome-sync-env.yaml
@@ -1,3 +1,4 @@
+{{- if eq .Values.mode "env" }}
 apiVersion: v1
 kind: Pod
 metadata:
@@ -7,7 +8,7 @@ spec:
  serviceAccountName: agh-e2e
  initContainers:
    - name: wait-for-others
-      image: bitnami/kubectl:1.24
+      image: {{ .Values.kubectl.repository }}:{{ .Values.kubectl.tag }}
      command:
        - /bin/bash
        - -c
@@ -19,7 +20,18 @@ spec:
      command:
        - /opt/go/adguardhome-sync
        - run
+      env:
+        - name: LOG_LEVEL
+          value: 'debug'
      envFrom:
        - configMapRef:
            name: sync-conf
+      volumeMounts:
+        - name: certs
+          mountPath: /certs
  restartPolicy: Never
+  volumes:
+    - name: certs
+      configMap:
+        name: certs
+  {{- end }}
--- a/testdata/e2e/templates/pod-adguardhome-sync-file.yaml
+++ b/testdata/e2e/templates/pod-adguardhome-sync-file.yaml
@@ -0,0 +1,36 @@
+{{- if eq .Values.mode "file" }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: adguardhome-sync
+  namespace: {{ $.Release.Namespace }}
+spec:
+  serviceAccountName: agh-e2e
+  initContainers:
+    - name: wait-for-others
+      image: {{ .Values.kubectl.repository }}:{{ .Values.kubectl.tag }}
+      command:
+        - /bin/bash
+        - -c
+        - |
+          {{- .Files.Get "bin/wait-for-agh-pods.sh" | nindent 10}}
+  containers:
+    - name: adguardhome-sync
+      image: localhost:5001/adguardhome-sync:e2e
+      command:
+        - /opt/go/adguardhome-sync
+        - run
+        - '--config'
+        - /etc/go/adguardhome-sync/config.yaml
+      env:
+        - name: LOG_LEVEL
+          value: 'debug'
+      volumeMounts:
+        - name: config
+          mountPath: /etc/go/adguardhome-sync/
+  volumes:
+    - name: config
+      configMap:
+        name: sync-conf
+  restartPolicy: Never
+{{- end }}
--- a/testdata/e2e/templates/rbac.yaml
+++ b/testdata/e2e/templates/rbac.yaml
@@ -3,7 +3,6 @@ kind: ServiceAccount
 metadata:
  name: agh-e2e
  namespace: {{ .Release.Namespace }}
-
 ---

 apiVersion: rbac.authorization.k8s.io/v1
@@ -15,7 +14,6 @@ rules:
  - apiGroups: [ "" ]
    resources: [ "pods" ]
    verbs: [ "get", "watch", "list" ]
-
 ---

 apiVersion: rbac.authorization.k8s.io/v1
--- a/testdata/e2e/values.yaml
+++ b/testdata/e2e/values.yaml
@@ -1,5 +1,11 @@
 replica:
  versions:
+    - v0.107.40
+    - v0.107.43
    - latest
-    - v0.107.13
-    - v0.107.15
+
+mode: env
+
+kubectl:
+  repository: bitnami/kubectl
+  tag: 1.27
--- a/testdata/filtering-status.json
+++ b/testdata/filtering-status.json
@@ -7,8 +7,7 @@
      "enabled": true,
      "url": "https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt",
      "name": "AdGuard DNS filter",
-      "rules_count": 37330,
-      "last_updated": ""
+      "rules_count": 37330
    },
    {
      "id": 1616956421,
@@ -24,4 +23,4 @@
    "||metrics2.data.hicloud.com^$important",
    ""
  ]
-}
+}
--- a/testdata/querylog_config.json
+++ b/testdata/querylog_config.json
@@ -0,0 +1,8 @@
+{
+  "enabled": true,
+  "interval": 90,
+  "anonymize_client_ip": false,
+  "ignored": [
+    "foo.bar"
+  ]
+}
--- a/testdata/querylog_info.json
+++ b/testdata/querylog_info.json
@@ -1,5 +0,0 @@
-{
-  "enabled": true,
-  "interval": 90,
-  "anonymize_client_ip": false
-}