Release 0.7.2

bump version
Merge pull request #606 from silversword411/develop
2021-06-30 06:53:33 +00:00 · 2021-06-30 06:53:16 +00:00 · 2021-06-29 23:49:14 -07:00 · 2021-06-30 06:46:07 +00:00 · 2021-06-30 06:46:07 +00:00 · 2021-06-29 23:42:02 -04:00
732 changed files with 59407 additions and 70939 deletions
--- a/.devcontainer/.env.example
+++ b/.devcontainer/.env.example
@@ -0,0 +1,31 @@
+COMPOSE_PROJECT_NAME=trmm
+
+IMAGE_REPO=tacticalrmm/
+VERSION=latest
+
+# tactical credentials (Used to login to dashboard)
+TRMM_USER=tactical
+TRMM_PASS=tactical
+
+# dns settings
+APP_HOST=rmm.example.com
+API_HOST=api.example.com
+MESH_HOST=mesh.example.com
+
+# mesh settings
+MESH_USER=tactical
+MESH_PASS=tactical
+MONGODB_USER=mongouser
+MONGODB_PASSWORD=mongopass
+
+# database settings
+POSTGRES_USER=postgres
+POSTGRES_PASS=postgrespass
+
+# DEV SETTINGS
+APP_PORT=80
+API_PORT=80
+HTTP_PROTOCOL=https
+DOCKER_NETWORK="172.21.0.0/24"
+DOCKER_NGINX_IP="172.21.0.20"
+NATS_PORTS="4222:4222"
--- a/.devcontainer/api.dockerfile
+++ b/.devcontainer/api.dockerfile
@@ -0,0 +1,24 @@
+FROM python:3.9.2-slim
+
+ENV TACTICAL_DIR /opt/tactical
+ENV TACTICAL_READY_FILE ${TACTICAL_DIR}/tmp/tactical.ready
+ENV WORKSPACE_DIR /workspace
+ENV TACTICAL_USER tactical
+ENV VIRTUAL_ENV ${WORKSPACE_DIR}/api/tacticalrmm/env
+ENV PYTHONDONTWRITEBYTECODE=1
+ENV PYTHONUNBUFFERED=1
+
+EXPOSE 8000 8383 8005
+
+RUN groupadd -g 1000 tactical && \
+    useradd -u 1000 -g 1000 tactical
+
+# Copy Dev python reqs
+COPY ./requirements.txt /
+
+# Copy Docker Entrypoint
+COPY ./entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
+
+WORKDIR ${WORKSPACE_DIR}/api/tacticalrmm
--- a/.devcontainer/docker-compose.debug.yml
+++ b/.devcontainer/docker-compose.debug.yml
@@ -0,0 +1,19 @@
+version: '3.4'
+
+services:
+  api-dev:
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["sh", "-c", "pip install debugpy -t /tmp && python /tmp/debugpy --wait-for-client --listen 0.0.0.0:5678 manage.py runserver 0.0.0.0:8000 --nothreading --noreload"]
+    ports:
+      - 8000:8000
+      - 5678:5678
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    networks:
+      dev:
+        aliases: 
+          - tactical-backend
--- a/.devcontainer/docker-compose.yml
+++ b/.devcontainer/docker-compose.yml
@@ -0,0 +1,261 @@
+version: '3.4'
+
+services:
+  api-dev:
+    container_name: trmm-api-dev
+    image: api-dev
+    restart: always
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-api"]
+    environment:
+      API_PORT: ${API_PORT}
+    ports:
+      - "8000:${API_PORT}"
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    networks:
+      dev:
+        aliases: 
+          - tactical-backend
+
+  app-dev:
+    container_name: trmm-app-dev
+    image: node:14-alpine
+    restart: always
+    command: /bin/sh -c "npm install npm@latest -g && npm install && npm run serve -- --host 0.0.0.0 --port ${APP_PORT}"
+    working_dir: /workspace/web
+    volumes:
+      - ..:/workspace:cached
+    ports:
+      - "8080:${APP_PORT}"
+    networks:
+      dev:
+        aliases: 
+          - tactical-frontend
+
+  # nats
+  nats-dev:
+    container_name: trmm-nats-dev
+    image: ${IMAGE_REPO}tactical-nats:${VERSION}
+    restart: always
+    environment:
+      API_HOST: ${API_HOST}
+      API_PORT: ${API_PORT}
+      DEV: 1
+    ports:
+      - "${NATS_PORTS}"
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    networks:
+      dev:
+        aliases:
+          - ${API_HOST}
+          - tactical-nats
+
+  # meshcentral container
+  meshcentral-dev:
+    container_name: trmm-meshcentral-dev
+    image: ${IMAGE_REPO}tactical-meshcentral:${VERSION}
+    restart: always
+    environment: 
+      MESH_HOST: ${MESH_HOST}
+      MESH_USER: ${MESH_USER}
+      MESH_PASS: ${MESH_PASS}
+      MONGODB_USER: ${MONGODB_USER}
+      MONGODB_PASSWORD: ${MONGODB_PASSWORD}
+      NGINX_HOST_IP: ${DOCKER_NGINX_IP}
+    networks:
+      dev:
+        aliases:
+          - tactical-meshcentral
+          - ${MESH_HOST}
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - mesh-data-dev:/home/node/app/meshcentral-data
+    depends_on:
+      - mongodb-dev
+
+  # mongodb container for meshcentral
+  mongodb-dev:
+    container_name: trmm-mongodb-dev
+    image: mongo:4.4
+    restart: always
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USER}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
+      MONGO_INITDB_DATABASE: meshcentral
+    networks:
+      dev:
+        aliases:
+          - tactical-mongodb
+    volumes:
+      - mongo-dev-data:/data/db
+
+  # postgres database for api service
+  postgres-dev:
+    container_name: trmm-postgres-dev
+    image: postgres:13-alpine
+    restart: always
+    environment:
+      POSTGRES_DB: tacticalrmm
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASSWORD: ${POSTGRES_PASS}
+    volumes:
+      - postgres-data-dev:/var/lib/postgresql/data
+    networks:
+      dev:
+        aliases:
+          - tactical-postgres
+
+  # redis container for celery tasks
+  redis-dev:
+    container_name: trmm-redis-dev
+    restart: always
+    command: redis-server --appendonly yes
+    image: redis:6.0-alpine
+    volumes: 
+      - redis-data-dev:/data
+    networks:
+      dev:
+        aliases:
+          - tactical-redis
+
+  init-dev:
+    container_name: trmm-init-dev
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    restart: on-failure
+    command: ["tactical-init-dev"]
+    environment:
+      POSTGRES_USER: ${POSTGRES_USER}
+      POSTGRES_PASS: ${POSTGRES_PASS}
+      APP_HOST: ${APP_HOST}
+      API_HOST: ${API_HOST}
+      MESH_HOST: ${MESH_HOST}
+      MESH_USER: ${MESH_USER}
+      TRMM_USER: ${TRMM_USER}
+      TRMM_PASS: ${TRMM_PASS}
+      HTTP_PROTOCOL: ${HTTP_PROTOCOL}
+      APP_PORT: ${APP_PORT}
+    depends_on:
+      - postgres-dev
+      - meshcentral-dev
+    networks:
+      - dev
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+
+  # container for celery worker service
+  celery-dev:
+    container_name: trmm-celery-dev
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-celery-dev"]
+    restart: always
+    networks:
+      - dev
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
+  # container for celery beat service
+  celerybeat-dev:
+    container_name: trmm-celerybeat-dev
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-celerybeat-dev"]
+    restart: always
+    networks:
+      - dev
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
+  # container for websockets communication
+  websockets-dev:
+    container_name: trmm-websockets-dev
+    image: api-dev
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-websockets-dev"]
+    restart: always
+    networks:
+      dev:
+        aliases:
+          - tactical-websockets
+    volumes:
+      - tactical-data-dev:/opt/tactical
+      - ..:/workspace:cached
+    depends_on:
+      - postgres-dev
+      - redis-dev
+
+  # container for tactical reverse proxy
+  nginx-dev:
+    container_name: trmm-nginx-dev
+    image: ${IMAGE_REPO}tactical-nginx:${VERSION}
+    restart: always
+    environment:
+      APP_HOST: ${APP_HOST}
+      API_HOST: ${API_HOST}
+      MESH_HOST: ${MESH_HOST}
+      CERT_PUB_KEY: ${CERT_PUB_KEY}
+      CERT_PRIV_KEY: ${CERT_PRIV_KEY}
+      APP_PORT: ${APP_PORT}
+      API_PORT: ${API_PORT}
+    networks:
+      dev:
+        ipv4_address: ${DOCKER_NGINX_IP}
+    ports:
+      - "80:80"
+      - "443:443"
+    volumes:
+      - tactical-data-dev:/opt/tactical
+
+  mkdocs-dev:
+    container_name: trmm-mkdocs-dev
+    image: api-dev
+    restart: always
+    build:
+      context: .
+      dockerfile: ./api.dockerfile
+    command: ["tactical-mkdocs-dev"]
+    ports:
+      - "8005:8005"
+    volumes:
+      - ..:/workspace:cached
+    networks:
+      - dev
+
+volumes:
+  tactical-data-dev:
+  postgres-data-dev:
+  mongo-dev-data:
+  mesh-data-dev:
+  redis-data-dev:
+
+networks:
+  dev:
+    driver: bridge
+    ipam:
+      driver: default
+      config:
+        - subnet: ${DOCKER_NETWORK}
--- a/.devcontainer/entrypoint.sh
+++ b/.devcontainer/entrypoint.sh
@@ -0,0 +1,178 @@
+#!/usr/bin/env bash
+
+set -e
+
+: "${TRMM_USER:=tactical}"
+: "${TRMM_PASS:=tactical}"
+: "${POSTGRES_HOST:=tactical-postgres}"
+: "${POSTGRES_PORT:=5432}"
+: "${POSTGRES_USER:=tactical}"
+: "${POSTGRES_PASS:=tactical}"
+: "${POSTGRES_DB:=tacticalrmm}"
+: "${MESH_CONTAINER:=tactical-meshcentral}"
+: "${MESH_USER:=meshcentral}"
+: "${MESH_PASS:=meshcentralpass}"
+: "${MESH_HOST:=tactical-meshcentral}"
+: "${API_HOST:=tactical-backend}"
+: "${APP_HOST:=tactical-frontend}"
+: "${REDIS_HOST:=tactical-redis}"
+: "${HTTP_PROTOCOL:=http}"
+: "${APP_PORT:=8080}"
+: "${API_PORT:=8000}"
+
+# Add python venv to path
+export PATH="${VIRTUAL_ENV}/bin:$PATH"
+
+function check_tactical_ready {
+  sleep 15
+  until [ -f "${TACTICAL_READY_FILE}" ]; do
+    echo "waiting for init container to finish install or update..."
+    sleep 10
+  done
+}
+
+function django_setup {
+  until (echo > /dev/tcp/"${POSTGRES_HOST}"/"${POSTGRES_PORT}") &> /dev/null; do
+    echo "waiting for postgresql container to be ready..."
+    sleep 5
+  done
+
+  until (echo > /dev/tcp/"${MESH_CONTAINER}"/443) &> /dev/null; do
+    echo "waiting for meshcentral container to be ready..."
+    sleep 5
+  done
+
+  echo "setting up django environment"
+
+  # configure django settings
+  MESH_TOKEN="$(cat ${TACTICAL_DIR}/tmp/mesh_token)"
+
+  DJANGO_SEKRET=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 80 | head -n 1)
+  
+  localvars="$(cat << EOF
+SECRET_KEY = '${DJANGO_SEKRET}'
+
+DEBUG = True
+
+DOCKER_BUILD = True
+
+CERT_FILE = '/opt/tactical/certs/fullchain.pem'
+KEY_FILE = '/opt/tactical/certs/privkey.pem'
+
+SCRIPTS_DIR = '${WORKSPACE_DIR}/scripts'
+
+ALLOWED_HOSTS = ['${API_HOST}', '*']
+
+ADMIN_URL = 'admin/'
+
+CORS_ORIGIN_ALLOW_ALL = True
+
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.postgresql',
+        'NAME': '${POSTGRES_DB}',
+        'USER': '${POSTGRES_USER}',
+        'PASSWORD': '${POSTGRES_PASS}',
+        'HOST': '${POSTGRES_HOST}',
+        'PORT': '${POSTGRES_PORT}',
+    }
+}
+
+REST_FRAMEWORK = {
+    'DATETIME_FORMAT': '%b-%d-%Y - %H:%M',
+
+    'DEFAULT_PERMISSION_CLASSES': (
+        'rest_framework.permissions.IsAuthenticated',
+    ),
+    'DEFAULT_AUTHENTICATION_CLASSES': (
+        'knox.auth.TokenAuthentication',
+    ),
+}
+
+if not DEBUG:
+    REST_FRAMEWORK.update({
+        'DEFAULT_RENDERER_CLASSES': (
+            'rest_framework.renderers.JSONRenderer',
+        )
+    })
+
+MESH_USERNAME = '${MESH_USER}'
+MESH_SITE = 'https://${MESH_HOST}'
+MESH_TOKEN_KEY = '${MESH_TOKEN}'
+REDIS_HOST    = '${REDIS_HOST}'
+ADMIN_ENABLED = True
+EOF
+)"
+
+  echo "${localvars}" > ${WORKSPACE_DIR}/api/tacticalrmm/tacticalrmm/local_settings.py
+
+  # run migrations and init scripts
+  "${VIRTUAL_ENV}"/bin/python manage.py migrate --no-input
+  "${VIRTUAL_ENV}"/bin/python manage.py collectstatic --no-input
+  "${VIRTUAL_ENV}"/bin/python manage.py initial_db_setup
+  "${VIRTUAL_ENV}"/bin/python manage.py initial_mesh_setup
+  "${VIRTUAL_ENV}"/bin/python manage.py load_chocos
+  "${VIRTUAL_ENV}"/bin/python manage.py load_community_scripts
+  "${VIRTUAL_ENV}"/bin/python manage.py reload_nats
+  "${VIRTUAL_ENV}"/bin/python manage.py create_installer_user
+
+  # create super user 
+  echo "from accounts.models import User; User.objects.create_superuser('${TRMM_USER}', 'admin@example.com', '${TRMM_PASS}') if not User.objects.filter(username='${TRMM_USER}').exists() else 0;" | python manage.py shell
+}
+
+if [ "$1" = 'tactical-init-dev' ]; then
+
+  # make directories if they don't exist
+  mkdir -p "${TACTICAL_DIR}/tmp"
+
+  test -f "${TACTICAL_READY_FILE}" && rm "${TACTICAL_READY_FILE}"
+
+  # setup Python virtual env and install dependencies
+  ! test -e "${VIRTUAL_ENV}" && python -m venv ${VIRTUAL_ENV}
+  "${VIRTUAL_ENV}"/bin/pip install --no-cache-dir -r /requirements.txt
+
+  django_setup
+
+  # create .env file for frontend
+  webenv="$(cat << EOF
+PROD_URL = "${HTTP_PROTOCOL}://${API_HOST}"
+DEV_URL = "${HTTP_PROTOCOL}://${API_HOST}"
+APP_URL = "https://${APP_HOST}"
+DOCKER_BUILD = 1
+EOF
+)"
+  echo "${webenv}" | tee "${WORKSPACE_DIR}"/web/.env > /dev/null
+
+  # chown everything to tactical user
+  chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${WORKSPACE_DIR}"
+  chown -R "${TACTICAL_USER}":"${TACTICAL_USER}" "${TACTICAL_DIR}"
+
+  # create install ready file
+  su -c "echo 'tactical-init' > ${TACTICAL_READY_FILE}" "${TACTICAL_USER}"
+fi
+
+if [ "$1" = 'tactical-api' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/python manage.py runserver 0.0.0.0:"${API_PORT}"
+fi
+
+if [ "$1" = 'tactical-celery-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm worker -l debug
+fi
+
+if [ "$1" = 'tactical-celerybeat-dev' ]; then
+  check_tactical_ready
+  test -f "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid" && rm "${WORKSPACE_DIR}/api/tacticalrmm/celerybeat.pid"
+  "${VIRTUAL_ENV}"/bin/celery -A tacticalrmm beat -l debug
+fi
+
+if [ "$1" = 'tactical-websockets-dev' ]; then
+  check_tactical_ready
+  "${VIRTUAL_ENV}"/bin/daphne tacticalrmm.asgi:application --port 8383 -b 0.0.0.0
+fi
+
+if [ "$1" = 'tactical-mkdocs-dev' ]; then
+  cd "${WORKSPACE_DIR}/docs"
+  "${VIRTUAL_ENV}"/bin/mkdocs serve
+fi
--- a/.devcontainer/requirements.txt
+++ b/.devcontainer/requirements.txt
@@ -0,0 +1,36 @@
+# To ensure app dependencies are ported from your virtual environment/host machine into your container, run 'pip freeze > requirements.txt' in the terminal to overwrite this file
+asyncio-nats-client
+celery
+channels
+channels_redis
+Django
+django-cors-headers
+django-rest-knox
+djangorestframework
+loguru
+msgpack
+psycopg2-binary
+pycparser
+pycryptodome
+pyotp
+pyparsing
+pytz
+qrcode
+redis
+twilio
+packaging
+validators
+websockets
+black
+Werkzeug
+django-extensions
+coverage
+coveralls
+model_bakery
+mkdocs
+mkdocs-material
+pymdown-extensions
+Pygments
+mypy
+pysnooper
+isort
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,25 @@
+**/__pycache__
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/azds.yaml
+**/charts
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+**/env
+README.md
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1,12 @@
+# These are supported funding model platforms
+
+github: wh1te909
+patreon: # Replace with a single Patreon username
+open_collective: # Replace with a single Open Collective username
+ko_fi: tacticalrmm
+tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
+community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
+liberapay: # Replace with a single Liberapay username
+issuehunt: # Replace with a single IssueHunt username
+otechie: # Replace with a single Otechie username
+custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -0,0 +1,40 @@
+---
+name: Bug report
+about: Create a bug report
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Server Info (please complete the following information):**
+ - OS: [e.g. Ubuntu 20.04, Debian 10]
+ - Browser: [e.g. chrome, safari]
+ - RMM Version (as shown in top left of web UI):
+
+**Installation Method:**
+  - [ ] Standard
+  - [ ] Docker
+
+**Agent Info (please complete the following information):**
+- Agent version (as shown in the 'Summary' tab of the agent from web UI):
+- Agent OS: [e.g. Win 10 v2004, Server 2012 R2]
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Additional context**
+Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -0,0 +1,22 @@
+name: Deploy Docs
+on:
+  push:
+    branches:
+      - master
+
+defaults:
+  run:
+    working-directory: docs
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v2
+        with:
+          python-version: 3.x
+      - run: pip install --upgrade pip
+      - run: pip install --upgrade setuptools wheel
+      - run: pip install mkdocs mkdocs-material pymdown-extensions
+      - run: mkdocs gh-deploy --force
--- a/.github/workflows/docker-build-push.yml
+++ b/.github/workflows/docker-build-push.yml
@@ -0,0 +1,78 @@
+name: Publish Tactical Docker Images
+on:
+  push:
+    tags:
+      - "v*.*.*"
+jobs:
+  docker:
+    name: Build and Push Docker Images
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repo
+        uses: actions/checkout@v2
+        
+      - name: Get Github Tag
+        id: prep
+        run: |
+          echo ::set-output name=version::${GITHUB_REF#refs/tags/v}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+        
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+        
+      - name: Login to DockerHub
+        uses: docker/login-action@v1 
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+        
+      - name: Build and Push Tactical Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          file: ./docker/containers/tactical/dockerfile
+          platforms: linux/amd64
+          tags: tacticalrmm/tactical:${{ steps.prep.outputs.version }},tacticalrmm/tactical:latest
+          
+      - name: Build and Push Tactical MeshCentral Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          file: ./docker/containers/tactical-meshcentral/dockerfile
+          platforms: linux/amd64
+          tags: tacticalrmm/tactical-meshcentral:${{ steps.prep.outputs.version }},tacticalrmm/tactical-meshcentral:latest
+          
+      - name: Build and Push Tactical NATS Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          file: ./docker/containers/tactical-nats/dockerfile
+          platforms: linux/amd64
+          tags: tacticalrmm/tactical-nats:${{ steps.prep.outputs.version }},tacticalrmm/tactical-nats:latest
+          
+      - name: Build and Push Tactical Frontend Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          file: ./docker/containers/tactical-frontend/dockerfile
+          platforms: linux/amd64
+          tags: tacticalrmm/tactical-frontend:${{ steps.prep.outputs.version }},tacticalrmm/tactical-frontend:latest
+          
+      - name: Build and Push Tactical Nginx Image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          pull: true
+          file: ./docker/containers/tactical-nginx/dockerfile
+          platforms: linux/amd64
+          tags: tacticalrmm/tactical-nginx:${{ steps.prep.outputs.version }},tacticalrmm/tactical-nginx:latest
--- a/.gitignore
+++ b/.gitignore
@@ -42,4 +42,9 @@ api/tacticalrmm/accounts/management/commands/random_data.py
 versioninfo.go
 resource.syso
 htmlcov/
+docker-compose.dev.yml
 docs/.vuepress/dist
+nats-rmm.conf
+.mypy_cache
+docs/site/
+reset_db.sh
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,43 +0,0 @@
-dist: focal
-
-matrix:
-  include:
-    - language: node_js
-      node_js: "12"
-      before_install:
-        - cd web
-      install:
-        - npm install
-      script:
-        - npm run test:unit
-
-    - language: python
-      python: "3.8"
-      services:
-        - redis
-
-      addons:
-        postgresql: "13"
-        apt:
-          packages:
-            - postgresql-13
-
-      before_script:
-        - psql -c 'CREATE DATABASE travisci;' -U postgres
-        - psql -c "CREATE USER travisci WITH PASSWORD 'travisSuperSekret6645';" -U postgres
-        - psql -c 'GRANT ALL PRIVILEGES ON DATABASE travisci TO travisci;' -U postgres
-        - psql -c 'ALTER USER travisci CREATEDB;' -U postgres
-
-      before_install:
-        - cd api/tacticalrmm
-
-      install:
-        - pip install --no-cache-dir --upgrade pip
-        - pip install --no-cache-dir setuptools==49.6.0 wheel==0.35.1
-        - pip install --no-cache-dir -r requirements.txt -r requirements-test.txt
-
-      script:
-        - coverage run manage.py test -v 2
-
-      after_success:
-        - coveralls
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -14,6 +14,20 @@
                "0.0.0.0:8000"
            ],
            "django": true
+        },
+        {
+            "name": "Django: Docker Remote Attach",
+            "type": "python",
+            "request": "attach",
+            "port": 5678,
+            "host": "localhost",
+            "preLaunchTask": "docker debug",
+            "pathMappings": [
+                {
+                    "localRoot": "${workspaceFolder}/api/tacticalrmm",
+                    "remoteRoot": "/workspace/api/tacticalrmm"
+                }
+            ]
        }
    ]
 }
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -2,8 +2,15 @@
    "python.pythonPath": "api/tacticalrmm/env/bin/python",
    "python.languageServer": "Pylance",
    "python.analysis.extraPaths": [
-        "api/tacticalrmm"
+        "api/tacticalrmm",
+        "api/env",
    ],
+    "python.analysis.diagnosticSeverityOverrides": {
+        "reportUnusedImport": "error",
+        "reportDuplicateImport": "error",
+    },
+    "python.analysis.memory.keepLibraryAst": true,
+    "python.linting.mypyEnabled": true,
    "python.analysis.typeCheckingMode": "basic",
    "python.formatting.provider": "black",
    "editor.formatOnSave": true,
@@ -41,4 +48,23 @@
            "**/*.zip": true
        },
    },
+    "go.useLanguageServer": true,
+    "[go]": {
+        "editor.formatOnSave": true,
+        "editor.codeActionsOnSave": {
+            "source.organizeImports": false,
+        },
+        "editor.snippetSuggestions": "none",
+    },
+    "[go.mod]": {
+        "editor.formatOnSave": true,
+        "editor.codeActionsOnSave": {
+            "source.organizeImports": true,
+        },
+    },
+    "gopls": {
+        "usePlaceholders": true,
+        "completeUnimported": true,
+        "staticcheck": true,
+    }
 }
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@@ -0,0 +1,23 @@
+{
+    // See https://go.microsoft.com/fwlink/?LinkId=733558
+    // for the documentation about the tasks.json format
+    "version": "2.0.0",
+    "tasks": [
+        {
+            "label": "docker debug",
+            "type": "shell",
+            "command": "docker-compose",
+            "args": [
+                "-p",
+                "trmm",
+                "-f",
+                ".devcontainer/docker-compose.yml",
+                "-f",
+                ".devcontainer/docker-compose.debug.yml",
+                "up",
+                "-d",
+                "--build"
+            ]
+        }
+    ]
+}
--- a/README.md
+++ b/README.md
@@ -1,21 +1,20 @@
 # Tactical RMM

-[![Build Status](https://travis-ci.com/wh1te909/tacticalrmm.svg?branch=develop)](https://travis-ci.com/wh1te909/tacticalrmm)
 [![Build Status](https://dev.azure.com/dcparsi/Tactical%20RMM/_apis/build/status/wh1te909.tacticalrmm?branchName=develop)](https://dev.azure.com/dcparsi/Tactical%20RMM/_build/latest?definitionId=4&branchName=develop)
 [![Coverage Status](https://coveralls.io/repos/github/wh1te909/tacticalrmm/badge.png?branch=develop&kill_cache=1)](https://coveralls.io/github/wh1te909/tacticalrmm?branch=develop)
 [![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
 [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/python/black)

 Tactical RMM is a remote monitoring & management tool for Windows computers, built with Django and Vue.\
-It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang, as well as the [SaltStack](https://github.com/saltstack/salt) api and [MeshCentral](https://github.com/Ylianst/MeshCentral)
+It uses an [agent](https://github.com/wh1te909/rmmagent) written in golang and integrates with [MeshCentral](https://github.com/Ylianst/MeshCentral)

-# [LIVE DEMO](https://rmm.xlawgaming.com/)
+# [LIVE DEMO](https://rmm.tacticalrmm.io/)
 Demo database resets every hour. Alot of features are disabled for obvious reasons due to the nature of this app.

-*Tactical RMM is currently in alpha and subject to breaking changes. Use in production at your own risk.*
-
 ### [Discord Chat](https://discord.gg/upGTkWp)

+### [Documentation](https://wh1te909.github.io/tacticalrmm/)
+
 ## Features

 - Teamviewer-like remote desktop control
@@ -34,109 +33,6 @@ Demo database resets every hour. Alot of features are disabled for obvious reaso

 - Windows 7, 8.1, 10, Server 2008R2, 2012R2, 2016, 2019

-## Installation
+## Installation / Backup / Restore / Usage

-### Requirements
- VPS with 4GB ram (an install script is provided for Ubuntu Server 20.04)
- A domain you own with at least 3 subdomains
- Google Authenticator app (2 factor is NOT optional)
-
-### Docker
-Refer to the [docker setup](docker/readme.md)
-
-
-### Installation example (Ubuntu server 20.04 LTS)
-
-Fresh VPS with latest updates\
-login as root and create a user and add to sudoers group (we will be creating a user called tactical)
-```
-apt update && apt -y upgrade
-adduser tactical
-usermod -a -G sudo tactical
-```
-
-switch to the tactical user and setup the firewall
-```
-su - tactical
-sudo ufw default deny incoming
-sudo ufw default allow outgoing
-sudo ufw allow ssh
-sudo ufw allow http
-sudo ufw allow https
-sudo ufw allow proto tcp from any to any port 4505,4506
-sudo ufw enable && sudo ufw reload
-```
-
-Our domain for this example is tacticalrmm.com
-
-In the DNS manager of wherever our domain is hosted, we will create three A records, all pointing to the public IP address of our VPS
-
-Create A record ```api.tacticalrmm.com``` for the django rest backend\
-Create A record ```rmm.tacticalrmm.com``` for the vue frontend\
-Create A record ```mesh.tacticalrmm.com``` for meshcentral
-
-Download the install script and run it
-
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/install.sh
-chmod +x install.sh
-./install.sh
-```
-
- Links will be provided at the end of the install script.\
- Download the executable from the first link, then open ```rmm.tacticalrmm.com``` and login.\
- Upload the executable when prompted during the initial setup page.
-
-
-### Install an agent
-From the app's dashboard, choose Agents > Install Agent to generate an installer.
-
-## Updating
-Download and run [update.sh](./update.sh) ([Raw](https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/update.sh))
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/update.sh
-chmod +x update.sh
-./update.sh
-```
-
-## Backup
-Download [backup.sh](./backup.sh) ([Raw](https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/backup.sh))
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/backup.sh
-```
-Change the postgres username and password at the top of the file (you can find them in `/rmm/api/tacticalrmm/tacticalrmm/local_settings.py` under the DATABASES section)
-
-Run it
-```
-chmod +x backup.sh
-./backup.sh
-```
-
-## Restore
-Change your 3 A records to point to new server's public IP
-
-Create same linux user account as old server and add to sudoers group and setup firewall (see install instructions above)
-
-Copy backup file to new server
-
-Download the restore script, and edit the postgres username/password at the top of the file. Same instructions as above in the backup steps.
-```
-wget https://raw.githubusercontent.com/wh1te909/tacticalrmm/develop/restore.sh
-```
-
-Run the restore script, passing it the backup tar file as the first argument
-```
-chmod +x restore.sh
-./restore.sh rmm-backup-xxxxxxx.tar
-```
-
-## Using another ssl certificate
-During the install you can opt out of using the Let's Encrypt certificate. If you do this the script will create a self-signed certificate, so that https continues to work. You can replace the certificates in /certs/example.com/(privkey.pem | pubkey.pem) with your own. 
-
-If you are migrating from Let's Encrypt to another certificate provider, you can create the /certs directory and copy your certificates there. It is recommended to do this because this directory will be backed up with the backup script provided. Then modify the nginx configurations to use your new certificates
-
-The cert that is generated is a wildcard certificate and is used in the nginx configurations: rmm.conf, api.conf, and mesh.conf. If you can't generate wildcard certificates you can create a cert for each subdomain and configure each nginx configuration file to use its own certificate. Then restart nginx:
-
-```
-sudo systemctl restart nginx
-```
+### Refer to the [documentation](https://wh1te909.github.io/tacticalrmm/)
--- a/_modules/win_agent.py
+++ b/_modules/win_agent.py
@@ -1,457 +0,0 @@
-from __future__ import absolute_import
-import psutil
-import os
-import datetime
-import zlib
-import json
-import base64
-import wmi
-import win32evtlog
-import win32con
-import win32evtlogutil
-import winerror
-from time import sleep
-import requests
-import subprocess
-import random
-import platform
-
-ARCH = "64" if platform.machine().endswith("64") else "32"
-PROGRAM_DIR = os.path.join(os.environ["ProgramFiles"], "TacticalAgent")
-TAC_RMM = os.path.join(PROGRAM_DIR, "tacticalrmm.exe")
-NSSM = os.path.join(PROGRAM_DIR, "nssm.exe" if ARCH == "64" else "nssm-x86.exe")
-TEMP_DIR = os.path.join(os.environ["WINDIR"], "Temp")
-SYS_DRIVE = os.environ["SystemDrive"]
-PY_BIN = os.path.join(SYS_DRIVE, "\\salt", "bin", "python.exe")
-SALT_CALL = os.path.join(SYS_DRIVE, "\\salt", "salt-call.bat")
-
-
-def get_services():
-    # see https://github.com/wh1te909/tacticalrmm/issues/38
-    # for why I am manually implementing the svc.as_dict() method of psutil
-    ret = []
-    for svc in psutil.win_service_iter():
-        i = {}
-        try:
-            i["display_name"] = svc.display_name()
-            i["binpath"] = svc.binpath()
-            i["username"] = svc.username()
-            i["start_type"] = svc.start_type()
-            i["status"] = svc.status()
-            i["pid"] = svc.pid()
-            i["name"] = svc.name()
-            i["description"] = svc.description()
-        except Exception:
-            continue
-        else:
-            ret.append(i)
-
-    return ret
-
-
-def run_python_script(filename, timeout, script_type="userdefined"):
-    # no longer used in agent version 0.11.0
-    file_path = os.path.join(TEMP_DIR, filename)
-
-    if os.path.exists(file_path):
-        try:
-            os.remove(file_path)
-        except:
-            pass
-
-    if script_type == "userdefined":
-        __salt__["cp.get_file"](f"salt://scripts/userdefined/{filename}", file_path)
-    else:
-        __salt__["cp.get_file"](f"salt://scripts/{filename}", file_path)
-
-    return __salt__["cmd.run_all"](f"{PY_BIN} {file_path}", timeout=timeout)
-
-
-def run_script(filepath, filename, shell, timeout, args=[], bg=False):
-    if shell == "powershell" or shell == "cmd":
-        if args:
-            return __salt__["cmd.script"](
-                source=filepath,
-                args=" ".join(map(lambda x: f'"{x}"', args)),
-                shell=shell,
-                timeout=timeout,
-                bg=bg,
-            )
-        else:
-            return __salt__["cmd.script"](
-                source=filepath, shell=shell, timeout=timeout, bg=bg
-            )
-
-    elif shell == "python":
-        file_path = os.path.join(TEMP_DIR, filename)
-
-        if os.path.exists(file_path):
-            try:
-                os.remove(file_path)
-            except:
-                pass
-
-        __salt__["cp.get_file"](filepath, file_path)
-
-        salt_cmd = "cmd.run_bg" if bg else "cmd.run_all"
-
-        if args:
-            a = " ".join(map(lambda x: f'"{x}"', args))
-            cmd = f"{PY_BIN} {file_path} {a}"
-            return __salt__[salt_cmd](cmd, timeout=timeout)
-        else:
-            return __salt__[salt_cmd](f"{PY_BIN} {file_path}", timeout=timeout)
-
-
-def uninstall_agent():
-    remove_exe = os.path.join(PROGRAM_DIR, "unins000.exe")
-    __salt__["cmd.run_bg"]([remove_exe, "/VERYSILENT", "/SUPPRESSMSGBOXES"])
-    return "ok"
-
-
-def update_salt():
-    for p in psutil.process_iter():
-        with p.oneshot():
-            if p.name() == "tacticalrmm.exe" and "updatesalt" in p.cmdline():
-                return "running"
-
-    from subprocess import Popen, PIPE
-
-    CREATE_NEW_PROCESS_GROUP = 0x00000200
-    DETACHED_PROCESS = 0x00000008
-    cmd = [TAC_RMM, "-m", "updatesalt"]
-    p = Popen(
-        cmd,
-        stdin=PIPE,
-        stdout=PIPE,
-        stderr=PIPE,
-        close_fds=True,
-        creationflags=DETACHED_PROCESS | CREATE_NEW_PROCESS_GROUP,
-    )
-    return p.pid
-
-
-def run_manual_checks():
-    __salt__["cmd.run_bg"]([TAC_RMM, "-m", "runchecks"])
-    return "ok"
-
-
-def install_updates():
-    for p in psutil.process_iter():
-        with p.oneshot():
-            if p.name() == "tacticalrmm.exe" and "winupdater" in p.cmdline():
-                return "running"
-
-    return __salt__["cmd.run_bg"]([TAC_RMM, "-m", "winupdater"])
-
-
-def _wait_for_service(svc, status, retries=10):
-    attempts = 0
-    while 1:
-        try:
-            service = psutil.win_service_get(svc)
-        except psutil.NoSuchProcess:
-            stat = "fail"
-            attempts += 1
-            sleep(5)
-        else:
-            stat = service.status()
-            if stat != status:
-                attempts += 1
-                sleep(5)
-            else:
-                attempts = 0
-
-        if attempts == 0 or attempts > retries:
-            break
-
-    return stat
-
-
-def agent_update_v2(inno, url):
-    # make sure another instance of the update is not running
-    # this function spawns 2 instances of itself (because we call it twice with salt run_bg)
-    # so if more than 2 running, don't continue as an update is already running
-    count = 0
-    for p in psutil.process_iter():
-        try:
-            with p.oneshot():
-                if "win_agent.agent_update_v2" in p.cmdline():
-                    count += 1
-        except Exception:
-            continue
-
-    if count > 2:
-        return "already running"
-
-    sleep(random.randint(1, 20))  # don't flood the rmm
-
-    exe = os.path.join(TEMP_DIR, inno)
-
-    if os.path.exists(exe):
-        try:
-            os.remove(exe)
-        except:
-            pass
-
-    try:
-        r = requests.get(url, stream=True, timeout=600)
-    except Exception:
-        return "failed"
-
-    if r.status_code != 200:
-        return "failed"
-
-    with open(exe, "wb") as f:
-        for chunk in r.iter_content(chunk_size=1024):
-            if chunk:
-                f.write(chunk)
-    del r
-
-    ret = subprocess.run([exe, "/VERYSILENT", "/SUPPRESSMSGBOXES"], timeout=120)
-
-    tac = _wait_for_service(svc="tacticalagent", status="running")
-    if tac != "running":
-        subprocess.run([NSSM, "start", "tacticalagent"], timeout=30)
-
-    chk = _wait_for_service(svc="checkrunner", status="running")
-    if chk != "running":
-        subprocess.run([NSSM, "start", "checkrunner"], timeout=30)
-
-    return "ok"
-
-
-def do_agent_update_v2(inno, url):
-    return __salt__["cmd.run_bg"](
-        [
-            SALT_CALL,
-            "win_agent.agent_update_v2",
-            f"inno={inno}",
-            f"url={url}",
-            "--local",
-        ]
-    )
-
-
-def agent_update(version, url):
-    # make sure another instance of the update is not running
-    # this function spawns 2 instances of itself so if more than 2 running,
-    # don't continue as an update is already running
-    count = 0
-    for p in psutil.process_iter():
-        try:
-            with p.oneshot():
-                if "win_agent.agent_update" in p.cmdline():
-                    count += 1
-        except Exception:
-            continue
-
-    if count > 2:
-        return "already running"
-
-    sleep(random.randint(1, 60))  # don't flood the rmm
-    try:
-        r = requests.get(url, stream=True, timeout=600)
-    except Exception:
-        return "failed"
-
-    if r.status_code != 200:
-        return "failed"
-
-    exe = os.path.join(TEMP_DIR, f"winagent-v{version}.exe")
-
-    with open(exe, "wb") as f:
-        for chunk in r.iter_content(chunk_size=1024):
-            if chunk:
-                f.write(chunk)
-    del r
-
-    services = ("tacticalagent", "checkrunner")
-
-    for svc in services:
-        subprocess.run([NSSM, "stop", svc], timeout=120)
-
-    sleep(10)
-    r = subprocess.run([exe, "/VERYSILENT", "/SUPPRESSMSGBOXES"], timeout=300)
-    sleep(30)
-
-    for svc in services:
-        subprocess.run([NSSM, "start", svc], timeout=120)
-
-    return "ok"
-
-
-def do_agent_update(version, url):
-    return __salt__["cmd.run_bg"](
-        [
-            SALT_CALL,
-            "win_agent.agent_update",
-            f"version={version}",
-            f"url={url}",
-            "--local",
-        ]
-    )
-
-
-class SystemDetail:
-    def __init__(self):
-        self.c = wmi.WMI()
-        self.comp_sys_prod = self.c.Win32_ComputerSystemProduct()
-        self.comp_sys = self.c.Win32_ComputerSystem()
-        self.memory = self.c.Win32_PhysicalMemory()
-        self.os = self.c.Win32_OperatingSystem()
-        self.base_board = self.c.Win32_BaseBoard()
-        self.bios = self.c.Win32_BIOS()
-        self.disk = self.c.Win32_DiskDrive()
-        self.network_adapter = self.c.Win32_NetworkAdapter()
-        self.network_config = self.c.Win32_NetworkAdapterConfiguration()
-        self.desktop_monitor = self.c.Win32_DesktopMonitor()
-        self.cpu = self.c.Win32_Processor()
-        self.usb = self.c.Win32_USBController()
-
-    def get_all(self, obj):
-        ret = []
-        for i in obj:
-            tmp = [
-                {j: getattr(i, j)}
-                for j in list(i.properties)
-                if getattr(i, j) is not None
-            ]
-            ret.append(tmp)
-
-        return ret
-
-
-def system_info():
-    info = SystemDetail()
-    return {
-        "comp_sys_prod": info.get_all(info.comp_sys_prod),
-        "comp_sys": info.get_all(info.comp_sys),
-        "mem": info.get_all(info.memory),
-        "os": info.get_all(info.os),
-        "base_board": info.get_all(info.base_board),
-        "bios": info.get_all(info.bios),
-        "disk": info.get_all(info.disk),
-        "network_adapter": info.get_all(info.network_adapter),
-        "network_config": info.get_all(info.network_config),
-        "desktop_monitor": info.get_all(info.desktop_monitor),
-        "cpu": info.get_all(info.cpu),
-        "usb": info.get_all(info.usb),
-    }
-
-
-def local_sys_info():
-    return __salt__["cmd.run_bg"]([TAC_RMM, "-m", "sysinfo"])
-
-
-def get_procs():
-    ret = []
-
-    # setup
-    for proc in psutil.process_iter():
-        with proc.oneshot():
-            proc.cpu_percent(interval=None)
-
-    # need time for psutil to record cpu percent
-    sleep(1)
-
-    for c, proc in enumerate(psutil.process_iter(), 1):
-        x = {}
-        with proc.oneshot():
-            if proc.pid == 0 or not proc.name():
-                continue
-
-            x["name"] = proc.name()
-            x["cpu_percent"] = proc.cpu_percent(interval=None) / psutil.cpu_count()
-            x["memory_percent"] = proc.memory_percent()
-            x["pid"] = proc.pid
-            x["ppid"] = proc.ppid()
-            x["status"] = proc.status()
-            x["username"] = proc.username()
-            x["id"] = c
-
-        ret.append(x)
-
-    return ret
-
-
-def _compress_json(j):
-    return {
-        "wineventlog": base64.b64encode(
-            zlib.compress(json.dumps(j).encode("utf-8", errors="ignore"))
-        ).decode("ascii", errors="ignore")
-    }
-
-
-def get_eventlog(logtype, last_n_days):
-
-    start_time = datetime.datetime.now() - datetime.timedelta(days=last_n_days)
-    flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ
-
-    status_dict = {
-        win32con.EVENTLOG_AUDIT_FAILURE: "AUDIT_FAILURE",
-        win32con.EVENTLOG_AUDIT_SUCCESS: "AUDIT_SUCCESS",
-        win32con.EVENTLOG_INFORMATION_TYPE: "INFO",
-        win32con.EVENTLOG_WARNING_TYPE: "WARNING",
-        win32con.EVENTLOG_ERROR_TYPE: "ERROR",
-        0: "INFO",
-    }
-
-    computer = "localhost"
-    hand = win32evtlog.OpenEventLog(computer, logtype)
-    total = win32evtlog.GetNumberOfEventLogRecords(hand)
-    log = []
-    uid = 0
-    done = False
-
-    try:
-        while 1:
-            events = win32evtlog.ReadEventLog(hand, flags, 0)
-            for ev_obj in events:
-
-                uid += 1
-                # return once total number of events reach or we'll be stuck in an infinite loop
-                if uid >= total:
-                    done = True
-                    break
-
-                the_time = ev_obj.TimeGenerated.Format()
-                time_obj = datetime.datetime.strptime(the_time, "%c")
-                if time_obj < start_time:
-                    done = True
-                    break
-
-                computer = str(ev_obj.ComputerName)
-                src = str(ev_obj.SourceName)
-                evt_type = str(status_dict[ev_obj.EventType])
-                evt_id = str(winerror.HRESULT_CODE(ev_obj.EventID))
-                evt_category = str(ev_obj.EventCategory)
-                record = str(ev_obj.RecordNumber)
-                msg = (
-                    str(win32evtlogutil.SafeFormatMessage(ev_obj, logtype))
-                    .replace("<", "")
-                    .replace(">", "")
-                )
-
-                event_dict = {
-                    "computer": computer,
-                    "source": src,
-                    "eventType": evt_type,
-                    "eventID": evt_id,
-                    "eventCategory": evt_category,
-                    "message": msg,
-                    "time": the_time,
-                    "record": record,
-                    "uid": uid,
-                }
-
-                log.append(event_dict)
-
-            if done:
-                break
-
-    except Exception:
-        pass
-
-    win32evtlog.CloseEventLog(hand)
-    return _compress_json(log)
--- a/api/tacticalrmm/.coveragerc
+++ b/api/tacticalrmm/.coveragerc
@@ -20,6 +20,5 @@ omit =
    */urls.py
    */tests.py
    */test.py
-    api/*.py
    checks/utils.py
    
--- a/api/tacticalrmm/accounts/admin.py
+++ b/api/tacticalrmm/accounts/admin.py
@@ -1,8 +1,8 @@
 from django.contrib import admin
-
 from rest_framework.authtoken.admin import TokenAdmin

-from .models import User
+from .models import User, Role

 admin.site.register(User)
 TokenAdmin.raw_id_fields = ("user",)
+admin.site.register(Role)
--- a/api/tacticalrmm/accounts/management/commands/create_installer_user.py
+++ b/api/tacticalrmm/accounts/management/commands/create_installer_user.py
@@ -0,0 +1,18 @@
+import uuid
+
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Creates the installer user"
+
+    def handle(self, *args, **kwargs):
+        if User.objects.filter(is_installer_user=True).exists():
+            return
+
+        User.objects.create_user(  # type: ignore
+            username=uuid.uuid4().hex,
+            is_installer_user=True,
+            password=User.objects.make_random_password(60),  # type: ignore
+        )
--- a/api/tacticalrmm/accounts/management/commands/delete_tokens.py
+++ b/api/tacticalrmm/accounts/management/commands/delete_tokens.py
@@ -1,6 +1,5 @@
-from django.utils import timezone as djangotime
-
 from django.core.management.base import BaseCommand
+from django.utils import timezone as djangotime
 from knox.models import AuthToken


--- a/api/tacticalrmm/accounts/management/commands/generate_barcode.py
+++ b/api/tacticalrmm/accounts/management/commands/generate_barcode.py
@@ -1,11 +1,13 @@
-import pyotp
 import subprocess
+
+import pyotp
 from django.core.management.base import BaseCommand
+
 from accounts.models import User


 class Command(BaseCommand):
-    help = "Generates barcode for Google Authenticator and creates totp for user"
+    help = "Generates barcode for Authenticator and creates totp for user"

    def add_arguments(self, parser):
        parser.add_argument("code", type=str)
@@ -24,12 +26,10 @@ class Command(BaseCommand):
        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
        subprocess.run(f'qr "{url}"', shell=True)
        self.stdout.write(
-            self.style.SUCCESS(
-                "Scan the barcode above with your google authenticator app"
-            )
+            self.style.SUCCESS("Scan the barcode above with your authenticator app")
        )
        self.stdout.write(
            self.style.SUCCESS(
-                f"If that doesn't work you may manually enter the key: {code}"
+                f"If that doesn't work you may manually enter the setup key: {code}"
            )
        )
--- a/api/tacticalrmm/accounts/management/commands/reset_2fa.py
+++ b/api/tacticalrmm/accounts/management/commands/reset_2fa.py
@@ -0,0 +1,57 @@
+import os
+import subprocess
+
+import pyotp
+from django.core.management.base import BaseCommand
+
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset 2fa"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        domain = "Tactical RMM"
+        nginx = "/etc/nginx/sites-available/frontend.conf"
+        found = None
+        if os.path.exists(nginx):
+            try:
+                with open(nginx, "r") as f:
+                    for line in f:
+                        if "server_name" in line:
+                            found = line
+                            break
+
+                if found:
+                    rep = found.replace("server_name", "").replace(";", "")
+                    domain = "".join(rep.split())
+            except:
+                pass
+
+        code = pyotp.random_base32()
+        user.totp_key = code
+        user.save(update_fields=["totp_key"])
+
+        url = pyotp.totp.TOTP(code).provisioning_uri(username, issuer_name=domain)
+        subprocess.run(f'qr "{url}"', shell=True)
+        self.stdout.write(
+            self.style.WARNING("Scan the barcode above with your authenticator app")
+        )
+        self.stdout.write(
+            self.style.WARNING(
+                f"If that doesn't work you may manually enter the setup key: {code}"
+            )
+        )
+        self.stdout.write(
+            self.style.SUCCESS(f"2fa was successfully reset for user {username}")
+        )
--- a/api/tacticalrmm/accounts/management/commands/reset_password.py
+++ b/api/tacticalrmm/accounts/management/commands/reset_password.py
@@ -0,0 +1,22 @@
+from django.core.management.base import BaseCommand
+from accounts.models import User
+
+
+class Command(BaseCommand):
+    help = "Reset password for user"
+
+    def add_arguments(self, parser):
+        parser.add_argument("username", type=str)
+
+    def handle(self, *args, **kwargs):
+        username = kwargs["username"]
+        try:
+            user = User.objects.get(username=username)
+        except User.DoesNotExist:
+            self.stdout.write(self.style.ERROR(f"User {username} doesn't exist"))
+            return
+
+        passwd = input("Enter new password: ")
+        user.set_password(passwd)
+        user.save()
+        self.stdout.write(self.style.SUCCESS(f"Password for {username} was reset!"))
--- a/api/tacticalrmm/accounts/migrations/0001_initial.py
+++ b/api/tacticalrmm/accounts/migrations/0001_initial.py
@@ -2,8 +2,8 @@

 import django.contrib.auth.models
 import django.contrib.auth.validators
-from django.db import migrations, models
 import django.utils.timezone
+from django.db import migrations, models


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/accounts/migrations/0003_auto_20200922_1344.py
+++ b/api/tacticalrmm/accounts/migrations/0003_auto_20200922_1344.py
@@ -6,28 +6,28 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('accounts', '0002_auto_20200810_0544'),
+        ("accounts", "0002_auto_20200810_0544"),
    ]

    operations = [
        migrations.AddField(
-            model_name='user',
-            name='created_by',
+            model_name="user",
+            name="created_by",
            field=models.CharField(blank=True, max_length=100, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='created_time',
+            model_name="user",
+            name="created_time",
            field=models.DateTimeField(auto_now_add=True, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='modified_by',
+            model_name="user",
+            name="modified_by",
            field=models.CharField(blank=True, max_length=100, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='modified_time',
+            model_name="user",
+            name="modified_time",
            field=models.DateTimeField(auto_now=True, null=True),
        ),
    ]
--- a/api/tacticalrmm/accounts/migrations/0004_auto_20201002_1257.py
+++ b/api/tacticalrmm/accounts/migrations/0004_auto_20201002_1257.py
@@ -6,24 +6,24 @@ from django.db import migrations
 class Migration(migrations.Migration):

    dependencies = [
-        ('accounts', '0003_auto_20200922_1344'),
+        ("accounts", "0003_auto_20200922_1344"),
    ]

    operations = [
        migrations.RemoveField(
-            model_name='user',
-            name='created_by',
+            model_name="user",
+            name="created_by",
        ),
        migrations.RemoveField(
-            model_name='user',
-            name='created_time',
+            model_name="user",
+            name="created_time",
        ),
        migrations.RemoveField(
-            model_name='user',
-            name='modified_by',
+            model_name="user",
+            name="modified_by",
        ),
        migrations.RemoveField(
-            model_name='user',
-            name='modified_time',
+            model_name="user",
+            name="modified_time",
        ),
    ]
--- a/api/tacticalrmm/accounts/migrations/0005_auto_20201002_1303.py
+++ b/api/tacticalrmm/accounts/migrations/0005_auto_20201002_1303.py
@@ -6,28 +6,28 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('accounts', '0004_auto_20201002_1257'),
+        ("accounts", "0004_auto_20201002_1257"),
    ]

    operations = [
        migrations.AddField(
-            model_name='user',
-            name='created_by',
+            model_name="user",
+            name="created_by",
            field=models.CharField(blank=True, max_length=100, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='created_time',
+            model_name="user",
+            name="created_time",
            field=models.DateTimeField(auto_now_add=True, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='modified_by',
+            model_name="user",
+            name="modified_by",
            field=models.CharField(blank=True, max_length=100, null=True),
        ),
        migrations.AddField(
-            model_name='user',
-            name='modified_time',
+            model_name="user",
+            name="modified_time",
            field=models.DateTimeField(auto_now=True, null=True),
        ),
    ]
--- a/api/tacticalrmm/accounts/migrations/0006_user_agent.py
+++ b/api/tacticalrmm/accounts/migrations/0006_user_agent.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.1.2 on 2020-11-10 20:24

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/accounts/migrations/0008_user_dark_mode.py
+++ b/api/tacticalrmm/accounts/migrations/0008_user_dark_mode.py
@@ -6,13 +6,13 @@ from django.db import migrations, models
 class Migration(migrations.Migration):

    dependencies = [
-        ('accounts', '0007_update_agent_primary_key'),
+        ("accounts", "0007_update_agent_primary_key"),
    ]

    operations = [
        migrations.AddField(
-            model_name='user',
-            name='dark_mode',
+            model_name="user",
+            name="dark_mode",
            field=models.BooleanField(default=True),
        ),
    ]
--- a/api/tacticalrmm/accounts/migrations/0009_user_show_community_scripts.py
+++ b/api/tacticalrmm/accounts/migrations/0009_user_show_community_scripts.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2020-12-10 17:00
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0008_user_dark_mode"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="show_community_scripts",
+            field=models.BooleanField(default=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0010_user_agent_dblclick_action.py
+++ b/api/tacticalrmm/accounts/migrations/0010_user_agent_dblclick_action.py
@@ -0,0 +1,26 @@
+# Generated by Django 3.1.4 on 2021-01-14 01:23
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0009_user_show_community_scripts"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="agent_dblclick_action",
+            field=models.CharField(
+                choices=[
+                    ("editagent", "Edit Agent"),
+                    ("takecontrol", "Take Control"),
+                    ("remotebg", "Remote Background"),
+                ],
+                default="editagent",
+                max_length=50,
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0011_user_default_agent_tbl_tab.py
+++ b/api/tacticalrmm/accounts/migrations/0011_user_default_agent_tbl_tab.py
@@ -0,0 +1,26 @@
+# Generated by Django 3.1.5 on 2021-01-18 09:40
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0010_user_agent_dblclick_action"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="default_agent_tbl_tab",
+            field=models.CharField(
+                choices=[
+                    ("server", "Servers"),
+                    ("workstation", "Workstations"),
+                    ("mixed", "Mixed"),
+                ],
+                default="server",
+                max_length=50,
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py
+++ b/api/tacticalrmm/accounts/migrations/0012_user_agents_per_page.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-02-28 06:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0011_user_default_agent_tbl_tab'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='agents_per_page',
+            field=models.PositiveIntegerField(default=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py
+++ b/api/tacticalrmm/accounts/migrations/0013_user_client_tree_sort.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-09 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0012_user_agents_per_page'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_sort',
+            field=models.CharField(choices=[('alphafail', 'Move failing clients to the top'), ('alpha', 'Sort alphabetically')], default='alphafail', max_length=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py
+++ b/api/tacticalrmm/accounts/migrations/0014_user_client_tree_splitter.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 01:43
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0013_user_client_tree_sort'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='client_tree_splitter',
+            field=models.PositiveIntegerField(default=11),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py
+++ b/api/tacticalrmm/accounts/migrations/0015_user_loading_bar_color.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2 on 2021-04-11 03:03
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0014_user_client_tree_splitter'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='loading_bar_color',
+            field=models.CharField(default='red', max_length=255),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py
+++ b/api/tacticalrmm/accounts/migrations/0016_auto_20210507_1526.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-07 15:26
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0022_urlaction'),
+        ('accounts', '0015_user_loading_bar_color'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='url_action',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='user', to='core.urlaction'),
+        ),
+        migrations.AlterField(
+            model_name='user',
+            name='agent_dblclick_action',
+            field=models.CharField(choices=[('editagent', 'Edit Agent'), ('takecontrol', 'Take Control'), ('remotebg', 'Remote Background'), ('urlaction', 'URL Action')], default='editagent', max_length=50),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py
+++ b/api/tacticalrmm/accounts/migrations/0017_auto_20210508_1716.py
@@ -0,0 +1,173 @@
+# Generated by Django 3.2.1 on 2021-05-08 17:16
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0016_auto_20210507_1526'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='can_code_sign',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_do_server_maint',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_agent',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_edit_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_install_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_accounts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_alerts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_automation_policies',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_clients',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_deployments',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_notes',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_pendingactions',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_procs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_sites',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_software',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winsvcs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_manage_winupdates',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_reboot_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_autotasks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_bulk',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_checks',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_run_scripts',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_send_cmd',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_uninstall_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_update_agents',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_use_mesh',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_auditlogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_debuglogs',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='user',
+            name='can_view_eventlogs',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py
+++ b/api/tacticalrmm/accounts/migrations/0018_auto_20210511_0233.py
@@ -0,0 +1,181 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0017_auto_20210508_1716'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=255, unique=True)),
+                ('is_superuser', models.BooleanField(default=False)),
+                ('can_use_mesh', models.BooleanField(default=False)),
+                ('can_uninstall_agents', models.BooleanField(default=False)),
+                ('can_update_agents', models.BooleanField(default=False)),
+                ('can_edit_agent', models.BooleanField(default=False)),
+                ('can_manage_procs', models.BooleanField(default=False)),
+                ('can_view_eventlogs', models.BooleanField(default=False)),
+                ('can_send_cmd', models.BooleanField(default=False)),
+                ('can_reboot_agents', models.BooleanField(default=False)),
+                ('can_install_agents', models.BooleanField(default=False)),
+                ('can_run_scripts', models.BooleanField(default=False)),
+                ('can_run_bulk', models.BooleanField(default=False)),
+                ('can_manage_notes', models.BooleanField(default=False)),
+                ('can_edit_core_settings', models.BooleanField(default=False)),
+                ('can_do_server_maint', models.BooleanField(default=False)),
+                ('can_code_sign', models.BooleanField(default=False)),
+                ('can_manage_checks', models.BooleanField(default=False)),
+                ('can_run_checks', models.BooleanField(default=False)),
+                ('can_manage_clients', models.BooleanField(default=False)),
+                ('can_manage_sites', models.BooleanField(default=False)),
+                ('can_manage_deployments', models.BooleanField(default=False)),
+                ('can_manage_automation_policies', models.BooleanField(default=False)),
+                ('can_manage_autotasks', models.BooleanField(default=False)),
+                ('can_run_autotasks', models.BooleanField(default=False)),
+                ('can_view_auditlogs', models.BooleanField(default=False)),
+                ('can_manage_pendingactions', models.BooleanField(default=False)),
+                ('can_view_debuglogs', models.BooleanField(default=False)),
+                ('can_manage_scripts', models.BooleanField(default=False)),
+                ('can_manage_alerts', models.BooleanField(default=False)),
+                ('can_manage_winsvcs', models.BooleanField(default=False)),
+                ('can_manage_software', models.BooleanField(default=False)),
+                ('can_manage_winupdates', models.BooleanField(default=False)),
+                ('can_manage_accounts', models.BooleanField(default=False)),
+            ],
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_code_sign',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_do_server_maint',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_agent',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_edit_core_settings',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_install_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_accounts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_alerts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_automation_policies',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_clients',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_deployments',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_notes',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_pendingactions',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_procs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_sites',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_software',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winsvcs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_manage_winupdates',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_reboot_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_autotasks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_bulk',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_checks',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_run_scripts',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_send_cmd',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_uninstall_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_update_agents',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_use_mesh',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_auditlogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_debuglogs',
+        ),
+        migrations.RemoveField(
+            model_name='user',
+            name='can_view_eventlogs',
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0019_user_role.py
+++ b/api/tacticalrmm/accounts/migrations/0019_user_role.py
@@ -0,0 +1,25 @@
+# Generated by Django 3.2.1 on 2021-05-11 02:33
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0018_auto_20210511_0233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="user",
+            name="role",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="roles",
+                to="accounts.role",
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
+++ b/api/tacticalrmm/accounts/migrations/0020_role_can_manage_roles.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.1 on 2021-05-11 17:37
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0019_user_role'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_manage_roles',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py
+++ b/api/tacticalrmm/accounts/migrations/0021_role_can_view_core_settings.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-17 04:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0020_role_can_manage_roles'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='role',
+            name='can_view_core_settings',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py
+++ b/api/tacticalrmm/accounts/migrations/0022_user_clear_search_when_switching.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-28 05:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0021_role_can_view_core_settings'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='clear_search_when_switching',
+            field=models.BooleanField(default=True),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py
+++ b/api/tacticalrmm/accounts/migrations/0023_user_is_installer_user.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.2.4 on 2021-06-30 03:22
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('accounts', '0022_user_clear_search_when_switching'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='user',
+            name='is_installer_user',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/accounts/models.py
+++ b/api/tacticalrmm/accounts/models.py
@@ -1,13 +1,53 @@
-from django.db import models
 from django.contrib.auth.models import AbstractUser
+from django.db import models

 from logs.models import BaseAuditModel

+AGENT_DBLCLICK_CHOICES = [
+    ("editagent", "Edit Agent"),
+    ("takecontrol", "Take Control"),
+    ("remotebg", "Remote Background"),
+    ("urlaction", "URL Action"),
+]
+
+AGENT_TBL_TAB_CHOICES = [
+    ("server", "Servers"),
+    ("workstation", "Workstations"),
+    ("mixed", "Mixed"),
+]
+
+CLIENT_TREE_SORT_CHOICES = [
+    ("alphafail", "Move failing clients to the top"),
+    ("alpha", "Sort alphabetically"),
+]
+

 class User(AbstractUser, BaseAuditModel):
    is_active = models.BooleanField(default=True)
    totp_key = models.CharField(max_length=50, null=True, blank=True)
    dark_mode = models.BooleanField(default=True)
+    show_community_scripts = models.BooleanField(default=True)
+    agent_dblclick_action = models.CharField(
+        max_length=50, choices=AGENT_DBLCLICK_CHOICES, default="editagent"
+    )
+    url_action = models.ForeignKey(
+        "core.URLAction",
+        related_name="user",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
+    default_agent_tbl_tab = models.CharField(
+        max_length=50, choices=AGENT_TBL_TAB_CHOICES, default="server"
+    )
+    agents_per_page = models.PositiveIntegerField(default=50)  # not currently used
+    client_tree_sort = models.CharField(
+        max_length=50, choices=CLIENT_TREE_SORT_CHOICES, default="alphafail"
+    )
+    client_tree_splitter = models.PositiveIntegerField(default=11)
+    loading_bar_color = models.CharField(max_length=255, default="red")
+    clear_search_when_switching = models.BooleanField(default=True)
+    is_installer_user = models.BooleanField(default=False)

    agent = models.OneToOneField(
        "agents.Agent",
@@ -17,9 +57,125 @@ class User(AbstractUser, BaseAuditModel):
        on_delete=models.CASCADE,
    )

+    role = models.ForeignKey(
+        "accounts.Role",
+        null=True,
+        blank=True,
+        related_name="roles",
+        on_delete=models.SET_NULL,
+    )
+
    @staticmethod
    def serialize(user):
        # serializes the task and returns json
        from .serializers import UserSerializer

        return UserSerializer(user).data
+
+
+class Role(models.Model):
+    name = models.CharField(max_length=255, unique=True)
+    is_superuser = models.BooleanField(default=False)
+
+    # agents
+    can_use_mesh = models.BooleanField(default=False)
+    can_uninstall_agents = models.BooleanField(default=False)
+    can_update_agents = models.BooleanField(default=False)
+    can_edit_agent = models.BooleanField(default=False)
+    can_manage_procs = models.BooleanField(default=False)
+    can_view_eventlogs = models.BooleanField(default=False)
+    can_send_cmd = models.BooleanField(default=False)
+    can_reboot_agents = models.BooleanField(default=False)
+    can_install_agents = models.BooleanField(default=False)
+    can_run_scripts = models.BooleanField(default=False)
+    can_run_bulk = models.BooleanField(default=False)
+
+    # core
+    can_manage_notes = models.BooleanField(default=False)
+    can_view_core_settings = models.BooleanField(default=False)
+    can_edit_core_settings = models.BooleanField(default=False)
+    can_do_server_maint = models.BooleanField(default=False)
+    can_code_sign = models.BooleanField(default=False)
+
+    # checks
+    can_manage_checks = models.BooleanField(default=False)
+    can_run_checks = models.BooleanField(default=False)
+
+    # clients
+    can_manage_clients = models.BooleanField(default=False)
+    can_manage_sites = models.BooleanField(default=False)
+    can_manage_deployments = models.BooleanField(default=False)
+
+    # automation
+    can_manage_automation_policies = models.BooleanField(default=False)
+
+    # automated tasks
+    can_manage_autotasks = models.BooleanField(default=False)
+    can_run_autotasks = models.BooleanField(default=False)
+
+    # logs
+    can_view_auditlogs = models.BooleanField(default=False)
+    can_manage_pendingactions = models.BooleanField(default=False)
+    can_view_debuglogs = models.BooleanField(default=False)
+
+    # scripts
+    can_manage_scripts = models.BooleanField(default=False)
+
+    # alerts
+    can_manage_alerts = models.BooleanField(default=False)
+
+    # win services
+    can_manage_winsvcs = models.BooleanField(default=False)
+
+    # software
+    can_manage_software = models.BooleanField(default=False)
+
+    # windows updates
+    can_manage_winupdates = models.BooleanField(default=False)
+
+    # accounts
+    can_manage_accounts = models.BooleanField(default=False)
+    can_manage_roles = models.BooleanField(default=False)
+
+    def __str__(self):
+        return self.name
+
+    @staticmethod
+    def perms():
+        return [
+            "is_superuser",
+            "can_use_mesh",
+            "can_uninstall_agents",
+            "can_update_agents",
+            "can_edit_agent",
+            "can_manage_procs",
+            "can_view_eventlogs",
+            "can_send_cmd",
+            "can_reboot_agents",
+            "can_install_agents",
+            "can_run_scripts",
+            "can_run_bulk",
+            "can_manage_notes",
+            "can_view_core_settings",
+            "can_edit_core_settings",
+            "can_do_server_maint",
+            "can_code_sign",
+            "can_manage_checks",
+            "can_run_checks",
+            "can_manage_clients",
+            "can_manage_sites",
+            "can_manage_deployments",
+            "can_manage_automation_policies",
+            "can_manage_autotasks",
+            "can_run_autotasks",
+            "can_view_auditlogs",
+            "can_manage_pendingactions",
+            "can_view_debuglogs",
+            "can_manage_scripts",
+            "can_manage_alerts",
+            "can_manage_winsvcs",
+            "can_manage_software",
+            "can_manage_winupdates",
+            "can_manage_accounts",
+            "can_manage_roles",
+        ]
--- a/api/tacticalrmm/accounts/permissions.py
+++ b/api/tacticalrmm/accounts/permissions.py
@@ -0,0 +1,19 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class AccountsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_accounts")
+
+
+class RolesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET":
+            return True
+
+        return _has_perm(r, "can_manage_roles")
--- a/api/tacticalrmm/accounts/serializers.py
+++ b/api/tacticalrmm/accounts/serializers.py
@@ -1,17 +1,29 @@
 import pyotp
+from rest_framework.serializers import ModelSerializer, SerializerMethodField

-from rest_framework.serializers import (
-    ModelSerializer,
-    SerializerMethodField,
-)
+from .models import User, Role

-from .models import User
+
+class UserUISerializer(ModelSerializer):
+    class Meta:
+        model = User
+        fields = [
+            "dark_mode",
+            "show_community_scripts",
+            "agent_dblclick_action",
+            "url_action",
+            "default_agent_tbl_tab",
+            "client_tree_sort",
+            "client_tree_splitter",
+            "loading_bar_color",
+            "clear_search_when_switching",
+        ]


 class UserSerializer(ModelSerializer):
    class Meta:
        model = User
-        fields = (
+        fields = [
            "id",
            "username",
            "first_name",
@@ -19,7 +31,8 @@ class UserSerializer(ModelSerializer):
            "email",
            "is_active",
            "last_login",
-        )
+            "role",
+        ]


 class TOTPSetupSerializer(ModelSerializer):
@@ -38,3 +51,9 @@ class TOTPSetupSerializer(ModelSerializer):
        return pyotp.totp.TOTP(obj.totp_key).provisioning_uri(
            obj.username, issuer_name="Tactical RMM"
        )
+
+
+class RoleSerializer(ModelSerializer):
+    class Meta:
+        model = Role
+        fields = "__all__"
--- a/api/tacticalrmm/accounts/tests.py
+++ b/api/tacticalrmm/accounts/tests.py
@@ -1,8 +1,9 @@
 from unittest.mock import patch
+
 from django.test import override_settings

-from tacticalrmm.test import TacticalTestCase
 from accounts.models import User
+from tacticalrmm.test import TacticalTestCase


 class TestAccounts(TacticalTestCase):
@@ -155,6 +156,33 @@ class GetUpdateDeleteUser(TacticalTestCase):

        self.check_not_authenticated("put", url)

+    @override_settings(ROOT_USER="john")
+    def test_put_root_user(self):
+        url = f"/accounts/{self.john.pk}/users/"
+        data = {
+            "id": self.john.pk,
+            "username": "john",
+            "email": "johndoe@xlawgaming.com",
+            "first_name": "John",
+            "last_name": "Doe",
+        }
+        r = self.client.put(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+    @override_settings(ROOT_USER="john")
+    def test_put_not_root_user(self):
+        url = f"/accounts/{self.john.pk}/users/"
+        data = {
+            "id": self.john.pk,
+            "username": "john",
+            "email": "johndoe@xlawgaming.com",
+            "first_name": "John",
+            "last_name": "Doe",
+        }
+        self.client.force_authenticate(user=self.alice)
+        r = self.client.put(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
    def test_delete(self):
        url = f"/accounts/{self.john.pk}/users/"
        r = self.client.delete(url)
@@ -166,6 +194,19 @@ class GetUpdateDeleteUser(TacticalTestCase):

        self.check_not_authenticated("delete", url)

+    @override_settings(ROOT_USER="john")
+    def test_delete_root_user(self):
+        url = f"/accounts/{self.john.pk}/users/"
+        r = self.client.delete(url)
+        self.assertEqual(r.status_code, 200)
+
+    @override_settings(ROOT_USER="john")
+    def test_delete_non_root_user(self):
+        url = f"/accounts/{self.john.pk}/users/"
+        self.client.force_authenticate(user=self.alice)
+        r = self.client.delete(url)
+        self.assertEqual(r.status_code, 400)
+

 class TestUserAction(TacticalTestCase):
    def setUp(self):
@@ -184,6 +225,21 @@ class TestUserAction(TacticalTestCase):

        self.check_not_authenticated("post", url)

+    @override_settings(ROOT_USER="john")
+    def test_post_root_user(self):
+        url = "/accounts/users/reset/"
+        data = {"id": self.john.pk, "password": "3ASDjh2345kJA!@#)#@__123"}
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+    @override_settings(ROOT_USER="john")
+    def test_post_non_root_user(self):
+        url = "/accounts/users/reset/"
+        data = {"id": self.john.pk, "password": "3ASDjh2345kJA!@#)#@__123"}
+        self.client.force_authenticate(user=self.alice)
+        r = self.client.post(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
    def test_put(self):
        url = "/accounts/users/reset/"
        data = {"id": self.john.pk}
@@ -195,9 +251,37 @@ class TestUserAction(TacticalTestCase):

        self.check_not_authenticated("put", url)

-    def test_darkmode(self):
+    @override_settings(ROOT_USER="john")
+    def test_put_root_user(self):
+        url = "/accounts/users/reset/"
+        data = {"id": self.john.pk}
+        r = self.client.put(url, data, format="json")
+        self.assertEqual(r.status_code, 200)
+
+        user = User.objects.get(pk=self.john.pk)
+        self.assertEqual(user.totp_key, "")
+
+    @override_settings(ROOT_USER="john")
+    def test_put_non_root_user(self):
+        url = "/accounts/users/reset/"
+        data = {"id": self.john.pk}
+        self.client.force_authenticate(user=self.alice)
+        r = self.client.put(url, data, format="json")
+        self.assertEqual(r.status_code, 400)
+
+    def test_user_ui(self):
        url = "/accounts/users/ui/"
-        data = {"dark_mode": False}
+
+        data = {
+            "dark_mode": True,
+            "show_community_scripts": True,
+            "agent_dblclick_action": "editagent",
+            "default_agent_tbl_tab": "mixed",
+            "client_tree_sort": "alpha",
+            "client_tree_splitter": 14,
+            "loading_bar_color": "green",
+            "clear_search_when_switching": False,
+        }
        r = self.client.patch(url, data, format="json")
        self.assertEqual(r.status_code, 200)

--- a/api/tacticalrmm/accounts/urls.py
+++ b/api/tacticalrmm/accounts/urls.py
@@ -1,4 +1,5 @@
 from django.urls import path
+
 from . import views

 urlpatterns = [
@@ -8,4 +9,7 @@ urlpatterns = [
    path("users/reset_totp/", views.UserActions.as_view()),
    path("users/setup_totp/", views.TOTPSetup.as_view()),
    path("users/ui/", views.UserUI.as_view()),
+    path("permslist/", views.PermsList.as_view()),
+    path("roles/", views.GetAddRoles.as_view()),
+    path("<int:pk>/role/", views.GetUpdateDeleteRole.as_view()),
 ]
--- a/api/tacticalrmm/accounts/views.py
+++ b/api/tacticalrmm/accounts/views.py
@@ -1,23 +1,34 @@
 import pyotp
-
-from django.contrib.auth import login
 from django.conf import settings
-from django.shortcuts import get_object_or_404
+from django.contrib.auth import login
 from django.db import IntegrityError
-
-from rest_framework.views import APIView
-from rest_framework.authtoken.serializers import AuthTokenSerializer
+from django.shortcuts import get_object_or_404
 from knox.views import LoginView as KnoxLoginView
-from rest_framework.permissions import AllowAny
-from rest_framework.response import Response
 from rest_framework import status
+from rest_framework.authtoken.serializers import AuthTokenSerializer
+from rest_framework.permissions import AllowAny, IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView

-from .models import User
-from agents.models import Agent
 from logs.models import AuditLog
 from tacticalrmm.utils import notify_error

-from .serializers import UserSerializer, TOTPSetupSerializer
+from .models import User, Role
+from .permissions import AccountsPerms, RolesPerms
+from .serializers import (
+    TOTPSetupSerializer,
+    UserSerializer,
+    UserUISerializer,
+    RoleSerializer,
+)
+
+
+def _is_root_user(request, user) -> bool:
+    return (
+        hasattr(settings, "ROOT_USER")
+        and request.user != user
+        and user.username == settings.ROOT_USER
+    )


 class CheckCreds(KnoxLoginView):
@@ -60,7 +71,7 @@ class LoginView(KnoxLoginView):

        if settings.DEBUG and token == "sekret":
            valid = True
-        elif totp.verify(token, valid_window=1):
+        elif totp.verify(token, valid_window=10):
            valid = True

        if valid:
@@ -73,15 +84,17 @@ class LoginView(KnoxLoginView):


 class GetAddUsers(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
    def get(self, request):
-        users = User.objects.filter(agent=None)
+        users = User.objects.filter(agent=None, is_installer_user=False)

        return Response(UserSerializer(users, many=True).data)

    def post(self, request):
        # add new user
        try:
-            user = User.objects.create_user(
+            user = User.objects.create_user(  # type: ignore
                request.data["username"],
                request.data["email"],
                request.data["password"],
@@ -93,13 +106,17 @@ class GetAddUsers(APIView):

        user.first_name = request.data["first_name"]
        user.last_name = request.data["last_name"]
-        # Can be changed once permissions and groups are introduced
-        user.is_superuser = True
+        if "role" in request.data.keys() and isinstance(request.data["role"], int):
+            role = get_object_or_404(Role, pk=request.data["role"])
+            user.role = role
+
        user.save()
        return Response(user.username)


 class GetUpdateDeleteUser(APIView):
+    permission_classes = [IsAuthenticated, AccountsPerms]
+
    def get(self, request, pk):
        user = get_object_or_404(User, pk=pk)

@@ -108,6 +125,9 @@ class GetUpdateDeleteUser(APIView):
    def put(self, request, pk):
        user = get_object_or_404(User, pk=pk)

+        if _is_root_user(request, user):
+            return notify_error("The root user cannot be modified from the UI")
+
        serializer = UserSerializer(instance=user, data=request.data, partial=True)
        serializer.is_valid(raise_exception=True)
        serializer.save()
@@ -115,17 +135,23 @@ class GetUpdateDeleteUser(APIView):
        return Response("ok")

    def delete(self, request, pk):
-        get_object_or_404(User, pk=pk).delete()
+        user = get_object_or_404(User, pk=pk)
+        if _is_root_user(request, user):
+            return notify_error("The root user cannot be deleted from the UI")
+
+        user.delete()

        return Response("ok")


 class UserActions(APIView):
-
+    permission_classes = [IsAuthenticated, AccountsPerms]
    # reset password
    def post(self, request):
-
        user = get_object_or_404(User, pk=request.data["id"])
+        if _is_root_user(request, user):
+            return notify_error("The root user cannot be modified from the UI")
+
        user.set_password(request.data["password"])
        user.save()

@@ -133,8 +159,10 @@ class UserActions(APIView):

    # reset two factor token
    def put(self, request):
-
        user = get_object_or_404(User, pk=request.data["id"])
+        if _is_root_user(request, user):
+            return notify_error("The root user cannot be modified from the UI")
+
        user.totp_key = ""
        user.save()

@@ -160,7 +188,48 @@ class TOTPSetup(APIView):

 class UserUI(APIView):
    def patch(self, request):
-        user = request.user
-        user.dark_mode = request.data["dark_mode"]
-        user.save(update_fields=["dark_mode"])
-        return Response("ok")
+        serializer = UserUISerializer(
+            instance=request.user, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+
+class PermsList(APIView):
+    def get(self, request):
+        return Response(Role.perms())
+
+
+class GetAddRoles(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request):
+        roles = Role.objects.all()
+        return Response(RoleSerializer(roles, many=True).data)
+
+    def post(self, request):
+        serializer = RoleSerializer(data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+
+class GetUpdateDeleteRole(APIView):
+    permission_classes = [IsAuthenticated, RolesPerms]
+
+    def get(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        return Response(RoleSerializer(role).data)
+
+    def put(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        serializer = RoleSerializer(instance=role, data=request.data)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+        return Response("ok")
+
+    def delete(self, request, pk):
+        role = get_object_or_404(Role, pk=pk)
+        role.delete()
+        return Response("ok")
--- a/api/tacticalrmm/agents/admin.py
+++ b/api/tacticalrmm/agents/admin.py
@@ -1,8 +1,8 @@
 from django.contrib import admin

-from .models import Agent, AgentOutage, RecoveryAction, Note
+from .models import Agent, AgentCustomField, Note, RecoveryAction

 admin.site.register(Agent)
-admin.site.register(AgentOutage)
 admin.site.register(RecoveryAction)
 admin.site.register(Note)
+admin.site.register(AgentCustomField)
--- a/api/tacticalrmm/agents/baker_recipes.py
+++ b/api/tacticalrmm/agents/baker_recipes.py
@@ -1,14 +1,12 @@
+import json
+import os
 import random
 import string
-import os
-import json
-
-from model_bakery.recipe import Recipe, seq
 from itertools import cycle
-from django.utils import timezone as djangotime
-from django.conf import settings

-from .models import Agent
+from django.conf import settings
+from django.utils import timezone as djangotime
+from model_bakery.recipe import Recipe, foreign_key, seq


 def generate_agent_id(hostname):
@@ -16,6 +14,9 @@ def generate_agent_id(hostname):
    return f"{rand}-{hostname}"


+site = Recipe("clients.Site")
+
+
 def get_wmi_data():
    with open(
        os.path.join(settings.BASE_DIR, "tacticalrmm/test_data/wmi_python_agent.json")
@@ -24,11 +25,12 @@ def get_wmi_data():


 agent = Recipe(
-    Agent,
+    "agents.Agent",
+    site=foreign_key(site),
    hostname="DESKTOP-TEST123",
+    version="1.3.0",
    monitoring_type=cycle(["workstation", "server"]),
-    salt_id=generate_agent_id("DESKTOP-TEST123"),
-    agent_id="71AHC-AA813-HH1BC-AAHH5-00013|DESKTOP-TEST123",
+    agent_id=seq("asdkj3h4234-1234hg3h4g34-234jjh34|DESKTOP-TEST123"),
 )

 server_agent = agent.extend(
@@ -41,8 +43,12 @@ workstation_agent = agent.extend(

 online_agent = agent.extend(last_seen=djangotime.now())

+offline_agent = agent.extend(
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=7)
+)
+
 overdue_agent = agent.extend(
-    last_seen=djangotime.now() - djangotime.timedelta(minutes=6)
+    last_seen=djangotime.now() - djangotime.timedelta(minutes=35)
 )

 agent_with_services = agent.extend(
--- a/api/tacticalrmm/agents/management/commands/bulk_change_checkin.py
+++ b/api/tacticalrmm/agents/management/commands/bulk_change_checkin.py
@@ -0,0 +1,93 @@
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+from clients.models import Client, Site
+
+
+class Command(BaseCommand):
+    help = "Bulk update agent offline/overdue time"
+
+    def add_arguments(self, parser):
+        parser.add_argument("time", type=int, help="Time in minutes")
+        parser.add_argument(
+            "--client",
+            type=str,
+            help="Client Name",
+        )
+        parser.add_argument(
+            "--site",
+            type=str,
+            help="Site Name",
+        )
+        parser.add_argument(
+            "--offline",
+            action="store_true",
+            help="Offline",
+        )
+        parser.add_argument(
+            "--overdue",
+            action="store_true",
+            help="Overdue",
+        )
+        parser.add_argument(
+            "--all",
+            action="store_true",
+            help="All agents",
+        )
+
+    def handle(self, *args, **kwargs):
+        time = kwargs["time"]
+        client_name = kwargs["client"]
+        site_name = kwargs["site"]
+        all_agents = kwargs["all"]
+        offline = kwargs["offline"]
+        overdue = kwargs["overdue"]
+        agents = None
+
+        if offline and time < 2:
+            self.stdout.write(self.style.ERROR("Minimum offline time is 2 minutes"))
+            return
+
+        if overdue and time < 3:
+            self.stdout.write(self.style.ERROR("Minimum overdue time is 3 minutes"))
+            return
+
+        if client_name:
+            try:
+                client = Client.objects.get(name=client_name)
+            except Client.DoesNotExist:
+                self.stdout.write(
+                    self.style.ERROR(f"Client {client_name} doesn't exist")
+                )
+                return
+
+            agents = Agent.objects.filter(site__client=client)
+
+        elif site_name:
+            try:
+                site = Site.objects.get(name=site_name)
+            except Site.DoesNotExist:
+                self.stdout.write(self.style.ERROR(f"Site {site_name} doesn't exist"))
+                return
+
+            agents = Agent.objects.filter(site=site)
+
+        elif all_agents:
+            agents = Agent.objects.all()
+
+        if agents:
+            if offline:
+                agents.update(offline_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed offline time on {len(agents)} agents to {time} minutes"
+                    )
+                )
+
+            if overdue:
+                agents.update(overdue_time=time)
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Changed overdue time on {len(agents)} agents to {time} minutes"
+                    )
+                )
--- a/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
+++ b/api/tacticalrmm/agents/management/commands/show_outdated_agents.py
@@ -0,0 +1,18 @@
+from django.conf import settings
+from django.core.management.base import BaseCommand
+
+from agents.models import Agent
+
+
+class Command(BaseCommand):
+    help = "Shows online agents that are not on the latest version"
+
+    def handle(self, *args, **kwargs):
+        q = Agent.objects.exclude(version=settings.LATEST_AGENT_VER).only(
+            "pk", "version", "last_seen", "overdue_time", "offline_time"
+        )
+        agents = [i for i in q if i.status == "online"]
+        for agent in agents:
+            self.stdout.write(
+                self.style.SUCCESS(f"{agent.hostname} - v{agent.version}")
+            )
--- a/api/tacticalrmm/agents/migrations/0001_initial.py
+++ b/api/tacticalrmm/agents/migrations/0001_initial.py
@@ -1,8 +1,8 @@
 # Generated by Django 3.0.6 on 2020-05-31 01:23

 import django.contrib.postgres.fields.jsonb
-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0005_agent_policy.py
+++ b/api/tacticalrmm/agents/migrations/0005_agent_policy.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.0.7 on 2020-06-09 16:07

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0011_recoveryaction.py
+++ b/api/tacticalrmm/agents/migrations/0011_recoveryaction.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.0.8 on 2020-08-09 05:31

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0015_note.py
+++ b/api/tacticalrmm/agents/migrations/0015_note.py
@@ -1,8 +1,8 @@
 # Generated by Django 3.1.1 on 2020-09-22 20:57

+import django.db.models.deletion
 from django.conf import settings
 from django.db import migrations, models
-import django.db.models.deletion


 class Migration(migrations.Migration):
--- a/api/tacticalrmm/agents/migrations/0021_agent_site_link.py
+++ b/api/tacticalrmm/agents/migrations/0021_agent_site_link.py
@@ -1,20 +1,26 @@
 # Generated by Django 3.1.2 on 2020-11-01 22:53

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):

    dependencies = [
-        ('clients', '0006_deployment'),
-        ('agents', '0020_auto_20201025_2129'),
+        ("clients", "0006_deployment"),
+        ("agents", "0020_auto_20201025_2129"),
    ]

    operations = [
        migrations.AddField(
-            model_name='agent',
-            name='site_link',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='clients.site'),
+            model_name="agent",
+            name="site_link",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="agents",
+                to="clients.site",
+            ),
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0023_auto_20201101_2312.py
+++ b/api/tacticalrmm/agents/migrations/0023_auto_20201101_2312.py
@@ -6,16 +6,16 @@ from django.db import migrations
 class Migration(migrations.Migration):

    dependencies = [
-        ('agents', '0022_update_site_primary_key'),
+        ("agents", "0022_update_site_primary_key"),
    ]

    operations = [
        migrations.RemoveField(
-            model_name='agent',
-            name='client',
+            model_name="agent",
+            name="client",
        ),
        migrations.RemoveField(
-            model_name='agent',
-            name='site',
+            model_name="agent",
+            name="site",
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0024_auto_20201101_2319.py
+++ b/api/tacticalrmm/agents/migrations/0024_auto_20201101_2319.py
@@ -6,13 +6,13 @@ from django.db import migrations
 class Migration(migrations.Migration):

    dependencies = [
-        ('agents', '0023_auto_20201101_2312'),
+        ("agents", "0023_auto_20201101_2312"),
    ]

    operations = [
        migrations.RenameField(
-            model_name='agent',
-            old_name='site_link',
-            new_name='site',
+            model_name="agent",
+            old_name="site_link",
+            new_name="site",
        ),
    ]
--- a/api/tacticalrmm/agents/migrations/0025_auto_20201122_0407.py
+++ b/api/tacticalrmm/agents/migrations/0025_auto_20201122_0407.py
@@ -0,0 +1,27 @@
+# Generated by Django 3.1.3 on 2020-11-22 04:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("agents", "0024_auto_20201101_2319"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="recoveryaction",
+            name="mode",
+            field=models.CharField(
+                choices=[
+                    ("salt", "Salt"),
+                    ("mesh", "Mesh"),
+                    ("command", "Command"),
+                    ("rpc", "Nats RPC"),
+                ],
+                default="mesh",
+                max_length=50,
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0026_auto_20201125_2334.py
+++ b/api/tacticalrmm/agents/migrations/0026_auto_20201125_2334.py
@@ -0,0 +1,28 @@
+# Generated by Django 3.1.3 on 2020-11-25 23:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("agents", "0025_auto_20201122_0407"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="recoveryaction",
+            name="mode",
+            field=models.CharField(
+                choices=[
+                    ("salt", "Salt"),
+                    ("mesh", "Mesh"),
+                    ("command", "Command"),
+                    ("rpc", "Nats RPC"),
+                    ("checkrunner", "Checkrunner"),
+                ],
+                default="mesh",
+                max_length=50,
+            ),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0027_agent_overdue_dashboard_alert.py
+++ b/api/tacticalrmm/agents/migrations/0027_agent_overdue_dashboard_alert.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-01-29 21:11
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0026_auto_20201125_2334'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='overdue_dashboard_alert',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0028_auto_20210206_1534.py
+++ b/api/tacticalrmm/agents/migrations/0028_auto_20210206_1534.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.1.4 on 2021-02-06 15:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0027_agent_overdue_dashboard_alert'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentoutage',
+            name='outage_email_sent_time',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='agentoutage',
+            name='outage_sms_sent_time',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0029_delete_agentoutage.py
+++ b/api/tacticalrmm/agents/migrations/0029_delete_agentoutage.py
@@ -0,0 +1,16 @@
+# Generated by Django 3.1.4 on 2021-02-10 21:56
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0028_auto_20210206_1534'),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name='AgentOutage',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0030_agent_offline_time.py
+++ b/api/tacticalrmm/agents/migrations/0030_agent_offline_time.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.6 on 2021-02-16 08:50
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0029_delete_agentoutage'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='offline_time',
+            field=models.PositiveIntegerField(default=4),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0031_agent_alert_template.py
+++ b/api/tacticalrmm/agents/migrations/0031_agent_alert_template.py
@@ -0,0 +1,20 @@
+# Generated by Django 3.1.7 on 2021-03-04 03:57
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0006_auto_20210217_1736'),
+        ('agents', '0030_agent_offline_time'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='alert_template',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='agents', to='alerts.alerttemplate'),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0032_agentcustomfield.py
+++ b/api/tacticalrmm/agents/migrations/0032_agentcustomfield.py
@@ -0,0 +1,24 @@
+# Generated by Django 3.1.7 on 2021-03-17 14:45
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0014_customfield'),
+        ('agents', '0031_agent_alert_template'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AgentCustomField',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('value', models.TextField(blank=True, null=True)),
+                ('agent', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='custom_fields', to='agents.agent')),
+                ('field', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='agent_fields', to='core.customfield')),
+            ],
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py
+++ b/api/tacticalrmm/agents/migrations/0033_agentcustomfield_multiple_value.py
@@ -0,0 +1,19 @@
+# Generated by Django 3.1.7 on 2021-03-29 02:51
+
+import django.contrib.postgres.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0032_agentcustomfield'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='multiple_value',
+            field=django.contrib.postgres.fields.ArrayField(base_field=models.TextField(blank=True, null=True), blank=True, default=list, null=True, size=None),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py
+++ b/api/tacticalrmm/agents/migrations/0034_agentcustomfield_checkbox_value.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-03-29 03:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0033_agentcustomfield_multiple_value'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agentcustomfield',
+            name='checkbox_value',
+            field=models.BooleanField(blank=True, default=False),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py
+++ b/api/tacticalrmm/agents/migrations/0035_auto_20210329_1709.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.1.7 on 2021-03-29 17:09
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0034_agentcustomfield_checkbox_value'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='checkbox_value',
+            new_name='bool_value',
+        ),
+        migrations.RenameField(
+            model_name='agentcustomfield',
+            old_name='value',
+            new_name='string_value',
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py
+++ b/api/tacticalrmm/agents/migrations/0036_agent_block_policy_inheritance.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.7 on 2021-04-17 01:28
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0035_auto_20210329_1709'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='block_policy_inheritance',
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py
+++ b/api/tacticalrmm/agents/migrations/0037_auto_20210627_0014.py
@@ -0,0 +1,23 @@
+# Generated by Django 3.2.4 on 2021-06-27 00:14
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0036_agent_block_policy_inheritance'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='agent',
+            name='has_patches_pending',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='agent',
+            name='pending_actions_count',
+            field=models.PositiveIntegerField(default=0),
+        ),
+    ]
--- a/api/tacticalrmm/agents/models.py
+++ b/api/tacticalrmm/agents/models.py
@@ -1,25 +1,26 @@
-import requests
-import datetime as dt
-import time
+import asyncio
 import base64
-from Crypto.Cipher import AES
-from Crypto.Random import get_random_bytes
-from Crypto.Hash import SHA3_384
-from Crypto.Util.Padding import pad
-import validators
-import random
 import re
-import string
+import time
 from collections import Counter
-from loguru import logger
-from packaging import version as pyver
 from distutils.version import LooseVersion
+from typing import Any

-from django.db import models
+import msgpack
+import validators
+from Crypto.Cipher import AES
+from Crypto.Hash import SHA3_384
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad
 from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
 from django.utils import timezone as djangotime
+from loguru import logger
+from nats.aio.client import Client as NATS
+from nats.aio.errors import ErrTimeout

-from core.models import CoreSettings, TZ_CHOICES
+from core.models import TZ_CHOICES, CoreSettings
 from logs.models import BaseAuditModel

 logger.configure(**settings.LOG_CONFIG)
@@ -50,6 +51,8 @@ class Agent(BaseAuditModel):
    mesh_node_id = models.CharField(null=True, blank=True, max_length=255)
    overdue_email_alert = models.BooleanField(default=False)
    overdue_text_alert = models.BooleanField(default=False)
+    overdue_dashboard_alert = models.BooleanField(default=False)
+    offline_time = models.PositiveIntegerField(default=4)
    overdue_time = models.PositiveIntegerField(default=30)
    check_interval = models.PositiveIntegerField(default=120)
    needs_reboot = models.BooleanField(default=False)
@@ -60,6 +63,16 @@ class Agent(BaseAuditModel):
        max_length=255, choices=TZ_CHOICES, null=True, blank=True
    )
    maintenance_mode = models.BooleanField(default=False)
+    block_policy_inheritance = models.BooleanField(default=False)
+    pending_actions_count = models.PositiveIntegerField(default=0)
+    has_patches_pending = models.BooleanField(default=False)
+    alert_template = models.ForeignKey(
+        "alerts.AlertTemplate",
+        related_name="agents",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
+    )
    site = models.ForeignKey(
        "clients.Site",
        related_name="agents",
@@ -75,6 +88,26 @@ class Agent(BaseAuditModel):
        on_delete=models.SET_NULL,
    )

+    def save(self, *args, **kwargs):
+
+        # get old agent if exists
+        old_agent = type(self).objects.get(pk=self.pk) if self.pk else None
+        super(BaseAuditModel, self).save(*args, **kwargs)
+
+        # check if new agent has been created
+        # or check if policy have changed on agent
+        # or if site has changed on agent and if so generate-policies
+        # or if agent was changed from server or workstation
+        if (
+            not old_agent
+            or (old_agent and old_agent.policy != self.policy)
+            or (old_agent.site != self.site)
+            or (old_agent.monitoring_type != self.monitoring_type)
+            or (old_agent.block_policy_inheritance != self.block_policy_inheritance)
+        ):
+            self.generate_checks_from_policies()
+            self.generate_tasks_from_policies()
+
    def __str__(self):
        return self.hostname

@@ -109,14 +142,6 @@ class Agent(BaseAuditModel):
            return settings.DL_32
        return None

-    @property
-    def winsalt_dl(self):
-        if self.arch == "64":
-            return settings.SALT_64
-        elif self.arch == "32":
-            return settings.SALT_32
-        return None
-
    @property
    def win_inno_exe(self):
        if self.arch == "64":
@@ -127,7 +152,7 @@ class Agent(BaseAuditModel):

    @property
    def status(self):
-        offline = djangotime.now() - djangotime.timedelta(minutes=6)
+        offline = djangotime.now() - djangotime.timedelta(minutes=self.offline_time)
        overdue = djangotime.now() - djangotime.timedelta(minutes=self.overdue_time)

        if self.last_seen is not None:
@@ -140,33 +165,30 @@ class Agent(BaseAuditModel):
        else:
            return "offline"

-    @property
-    def has_patches_pending(self):
-
-        if self.winupdates.filter(action="approve").filter(installed=False).exists():
-            return True
-        else:
-            return False
-
    @property
    def checks(self):
-        total, passing, failing = 0, 0, 0
+        total, passing, failing, warning, info = 0, 0, 0, 0, 0

-        if self.agentchecks.exists():
-            for i in self.agentchecks.all():
+        if self.agentchecks.exists():  # type: ignore
+            for i in self.agentchecks.all():  # type: ignore
                total += 1
                if i.status == "passing":
                    passing += 1
                elif i.status == "failing":
-                    failing += 1
-
-        has_failing_checks = True if failing > 0 else False
+                    if i.alert_severity == "error":
+                        failing += 1
+                    elif i.alert_severity == "warning":
+                        warning += 1
+                    elif i.alert_severity == "info":
+                        info += 1

        ret = {
            "total": total,
            "passing": passing,
            "failing": failing,
-            "has_failing_checks": has_failing_checks,
+            "warning": warning,
+            "info": info,
+            "has_failing_checks": failing > 0 or warning > 0,
        }
        return ret

@@ -181,6 +203,27 @@ class Agent(BaseAuditModel):
        except:
            return ["unknown cpu model"]

+    @property
+    def graphics(self):
+        ret, mrda = [], []
+        try:
+            graphics = self.wmi_detail["graphics"]
+            for i in graphics:
+                caption = [x["Caption"] for x in i if "Caption" in x][0]
+                if "microsoft remote display adapter" in caption.lower():
+                    mrda.append("yes")
+                    continue
+
+                ret.append([x["Caption"] for x in i if "Caption" in x][0])
+
+            # only return this if no other graphics cards
+            if not ret and mrda:
+                return "Microsoft Remote Display Adapter"
+
+            return ", ".join(ret)
+        except:
+            return "Graphics info requires agent v1.4.14"
+
    @property
    def local_ips(self):
        ret = []
@@ -220,11 +263,17 @@ class Agent(BaseAuditModel):
                make = [x["Manufacturer"] for x in mobo if "Manufacturer" in x][0]
                model = [x["Product"] for x in mobo if "Product" in x][0]

+            if make.lower() == "lenovo":
+                sysfam = [x["SystemFamily"] for x in comp_sys if "SystemFamily" in x][0]
+                if "to be filled" not in sysfam.lower():
+                    model = sysfam
+
            return f"{make} {model}"
        except:
            pass

        try:
+            comp_sys_prod = self.wmi_detail["comp_sys_prod"][0]
            return [x["Version"] for x in comp_sys_prod if "Version" in x][0]
        except:
            pass
@@ -254,33 +303,107 @@ class Agent(BaseAuditModel):
        except:
            return ["unknown disk"]

+    def check_run_interval(self) -> int:
+        interval = self.check_interval
+        # determine if any agent checks have a custom interval and set the lowest interval
+        for check in self.agentchecks.filter(overriden_by_policy=False):  # type: ignore
+            if check.run_interval and check.run_interval < interval:
+
+                # don't allow check runs less than 15s
+                if check.run_interval < 15:
+                    interval = 15
+                else:
+                    interval = check.run_interval
+
+        return interval
+
+    def run_script(
+        self,
+        scriptpk: int,
+        args: list[str] = [],
+        timeout: int = 120,
+        full: bool = False,
+        wait: bool = False,
+        run_on_any: bool = False,
+    ) -> Any:
+
+        from scripts.models import Script
+
+        script = Script.objects.get(pk=scriptpk)
+
+        parsed_args = script.parse_script_args(self, script.shell, args)
+
+        data = {
+            "func": "runscriptfull" if full else "runscript",
+            "timeout": timeout,
+            "script_args": parsed_args,
+            "payload": {
+                "code": script.code,
+                "shell": script.shell,
+            },
+        }
+
+        running_agent = self
+        if run_on_any:
+            nats_ping = {"func": "ping"}
+
+            # try on self first
+            r = asyncio.run(self.nats_cmd(nats_ping, timeout=1))
+
+            if r == "pong":
+                running_agent = self
+            else:
+                online = [
+                    agent
+                    for agent in Agent.objects.only(
+                        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+                    )
+                    if agent.status == "online"
+                ]
+
+                for agent in online:
+                    r = asyncio.run(agent.nats_cmd(nats_ping, timeout=1))
+                    if r == "pong":
+                        running_agent = agent
+                        break
+
+                if running_agent.pk == self.pk:
+                    return "Unable to find an online agent"
+
+        if wait:
+            return asyncio.run(running_agent.nats_cmd(data, timeout=timeout, wait=True))
+        else:
+            asyncio.run(running_agent.nats_cmd(data, wait=False))
+
+        return "ok"
+
    # auto approves updates
    def approve_updates(self):
        patch_policy = self.get_patch_policy()

        updates = list()
        if patch_policy.critical == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                severity="Critical", installed=False
            ).exclude(action="approve")

        if patch_policy.important == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                severity="Important", installed=False
            ).exclude(action="approve")

        if patch_policy.moderate == "approve":
-            updates += self.winupdates.filter(
+            updates += self.winupdates.filter(  # type: ignore
                severity="Moderate", installed=False
            ).exclude(action="approve")

        if patch_policy.low == "approve":
-            updates += self.winupdates.filter(severity="Low", installed=False).exclude(
+            updates += self.winupdates.filter(severity="Low", installed=False).exclude(  # type: ignore
                action="approve"
            )

        if patch_policy.other == "approve":
-            updates += self.winupdates.filter(severity="", installed=False).exclude(
+            updates += self.winupdates.filter(severity="", installed=False).exclude(  # type: ignore
                action="approve"
            )

@@ -295,7 +418,7 @@ class Agent(BaseAuditModel):
        site = self.site
        core_settings = CoreSettings.objects.first()
        patch_policy = None
-        agent_policy = self.winupdatepolicy.get()
+        agent_policy = self.winupdatepolicy.get()  # type: ignore

        if self.monitoring_type == "server":
            # check agent policy first which should override client or site policy
@@ -304,21 +427,34 @@ class Agent(BaseAuditModel):

            # check site policy if agent policy doesn't have one
            elif site.server_policy and site.server_policy.winupdatepolicy.exists():
-                patch_policy = site.server_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.server_policy.winupdatepolicy.get()

            # if site doesn't have a patch policy check the client
            elif (
                site.client.server_policy
                and site.client.server_policy.winupdatepolicy.exists()
            ):
-                patch_policy = site.client.server_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.server_policy.winupdatepolicy.get()

            # if patch policy still doesn't exist check default policy
            elif (
                core_settings.server_policy
                and core_settings.server_policy.winupdatepolicy.exists()
            ):
-                patch_policy = core_settings.server_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = core_settings.server_policy.winupdatepolicy.get()

        elif self.monitoring_type == "workstation":
            # check agent policy first which should override client or site policy
@@ -329,21 +465,36 @@ class Agent(BaseAuditModel):
                site.workstation_policy
                and site.workstation_policy.winupdatepolicy.exists()
            ):
-                patch_policy = site.workstation_policy.winupdatepolicy.get()
+                # make sure agent isn;t blocking policy inheritance
+                if not self.block_policy_inheritance:
+                    patch_policy = site.workstation_policy.winupdatepolicy.get()

            # if site doesn't have a patch policy check the client
            elif (
                site.client.workstation_policy
                and site.client.workstation_policy.winupdatepolicy.exists()
            ):
-                patch_policy = site.client.workstation_policy.winupdatepolicy.get()
+                # make sure agent and site are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                ):
+                    patch_policy = site.client.workstation_policy.winupdatepolicy.get()

            # if patch policy still doesn't exist check default policy
            elif (
                core_settings.workstation_policy
                and core_settings.workstation_policy.winupdatepolicy.exists()
            ):
-                patch_policy = core_settings.workstation_policy.winupdatepolicy.get()
+                # make sure agent site and client are not blocking inheritance
+                if (
+                    not self.block_policy_inheritance
+                    and not site.block_policy_inheritance
+                    and not site.client.block_policy_inheritance
+                ):
+                    patch_policy = (
+                        core_settings.workstation_policy.winupdatepolicy.get()
+                    )

        # if policy still doesn't exist return the agent patch policy
        if not patch_policy:
@@ -380,32 +531,162 @@ class Agent(BaseAuditModel):

        return patch_policy

-    # clear is used to delete managed policy checks from agent
-    # parent_checks specifies a list of checks to delete from agent with matching parent_check field
-    def generate_checks_from_policies(self, clear=False):
+    def get_approved_update_guids(self) -> list[str]:
+        return list(
+            self.winupdates.filter(action="approve", installed=False).values_list(  # type: ignore
+                "guid", flat=True
+            )
+        )
+
+    # sets alert template assigned in the following order: policy, site, client, global
+    # sets None if nothing is found
+    def set_alert_template(self):
+
+        site = self.site
+        client = self.client
+        core = CoreSettings.objects.first()
+
+        templates = list()
+        # check if alert template is on a policy assigned to agent
+        if (
+            self.policy
+            and self.policy.alert_template
+            and self.policy.alert_template.is_active
+        ):
+            templates.append(self.policy.alert_template)
+
+        # check if policy with alert template is assigned to the site
+        if (
+            self.monitoring_type == "server"
+            and site.server_policy
+            and site.server_policy.alert_template
+            and site.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+        ):
+            templates.append(site.server_policy.alert_template)
+        if (
+            self.monitoring_type == "workstation"
+            and site.workstation_policy
+            and site.workstation_policy.alert_template
+            and site.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+        ):
+            templates.append(site.workstation_policy.alert_template)
+
+        # check if alert template is assigned to site
+        if site.alert_template and site.alert_template.is_active:
+            templates.append(site.alert_template)
+
+        # check if policy with alert template is assigned to the client
+        if (
+            self.monitoring_type == "server"
+            and client.server_policy
+            and client.server_policy.alert_template
+            and client.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.server_policy.alert_template)
+        if (
+            self.monitoring_type == "workstation"
+            and client.workstation_policy
+            and client.workstation_policy.alert_template
+            and client.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.workstation_policy.alert_template)
+
+        # check if alert template is on client and return
+        if (
+            client.alert_template
+            and client.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+        ):
+            templates.append(client.alert_template)
+
+        # check if alert template is applied globally and return
+        if (
+            core.alert_template
+            and core.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.alert_template)
+
+        # if agent is a workstation, check if policy with alert template is assigned to the site, client, or core
+        if (
+            self.monitoring_type == "server"
+            and core.server_policy
+            and core.server_policy.alert_template
+            and core.server_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.server_policy.alert_template)
+        if (
+            self.monitoring_type == "workstation"
+            and core.workstation_policy
+            and core.workstation_policy.alert_template
+            and core.workstation_policy.alert_template.is_active
+            and not self.block_policy_inheritance
+            and not site.block_policy_inheritance
+            and not client.block_policy_inheritance
+        ):
+            templates.append(core.workstation_policy.alert_template)
+
+        # go through the templates and return the first one that isn't excluded
+        for template in templates:
+            # check if client, site, or agent has been excluded from template
+            if (
+                client.pk
+                in template.excluded_clients.all().values_list("pk", flat=True)
+                or site.pk in template.excluded_sites.all().values_list("pk", flat=True)
+                or self.pk
+                in template.excluded_agents.all()
+                .only("pk")
+                .values_list("pk", flat=True)
+            ):
+                continue
+
+            # check if template is excluding desktops
+            elif (
+                self.monitoring_type == "workstation" and template.exclude_workstations
+            ):
+                continue
+
+            # check if template is excluding servers
+            elif self.monitoring_type == "server" and template.exclude_servers:
+                continue
+
+            else:
+                # save alert_template to agent cache field
+                self.alert_template = template
+                self.save()
+
+                return template
+
+        # no alert templates found or agent has been excluded
+        self.alert_template = None
+        self.save()
+
+        return None
+
+    def generate_checks_from_policies(self):
        from automation.models import Policy

-        # Clear agent checks managed by policy
-        if clear:
-            self.agentchecks.filter(managed_by_policy=True).delete()
-
        # Clear agent checks that have overriden_by_policy set
-        self.agentchecks.update(overriden_by_policy=False)
+        self.agentchecks.update(overriden_by_policy=False)  # type: ignore

        # Generate checks based on policies
        Policy.generate_policy_checks(self)

-    # clear is used to delete managed policy tasks from agent
-    # parent_tasks specifies a list of tasks to delete from agent with matching parent_task field
-    def generate_tasks_from_policies(self, clear=False):
-        from autotasks.tasks import delete_win_task_schedule
+    def generate_tasks_from_policies(self):
        from automation.models import Policy

-        # Clear agent tasks managed by policy
-        if clear:
-            for task in self.autotasks.filter(managed_by_policy=True):
-                delete_win_task_schedule.delay(task.pk)
-
        # Generate tasks based on policies
        Policy.generate_policy_tasks(self)

@@ -433,76 +714,40 @@ class Agent(BaseAuditModel):
        except Exception:
            return "err"

-    def salt_api_cmd(self, **kwargs):
-
-        # salt should always timeout first before the requests' timeout
+    async def nats_cmd(self, data: dict, timeout: int = 30, wait: bool = True):
+        nc = NATS()
+        options = {
+            "servers": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
+            "user": "tacticalrmm",
+            "password": settings.SECRET_KEY,
+            "connect_timeout": 3,
+            "max_reconnect_attempts": 2,
+        }
        try:
-            timeout = kwargs["timeout"]
-        except KeyError:
-            # default timeout
-            timeout = 15
-            salt_timeout = 12
-        else:
-            if timeout < 8:
-                timeout = 8
-                salt_timeout = 5
+            await nc.connect(**options)
+        except:
+            return "natsdown"
+
+        if wait:
+            try:
+                msg = await nc.request(
+                    self.agent_id, msgpack.dumps(data), timeout=timeout
+                )
+            except ErrTimeout:
+                ret = "timeout"
            else:
-                salt_timeout = timeout - 3
+                try:
+                    ret = msgpack.loads(msg.data)  # type: ignore
+                except Exception as e:
+                    logger.error(e)
+                    ret = str(e)

-        json = {
-            "client": "local",
-            "tgt": self.salt_id,
-            "fun": kwargs["func"],
-            "timeout": salt_timeout,
-            "username": settings.SALT_USERNAME,
-            "password": settings.SALT_PASSWORD,
-            "eauth": "pam",
-        }
-
-        if "arg" in kwargs:
-            json.update({"arg": kwargs["arg"]})
-        if "kwargs" in kwargs:
-            json.update({"kwarg": kwargs["kwargs"]})
-
-        try:
-            resp = requests.post(
-                f"http://{settings.SALT_HOST}:8123/run",
-                json=[json],
-                timeout=timeout,
-            )
-        except Exception:
-            return "timeout"
-
-        try:
-            ret = resp.json()["return"][0][self.salt_id]
-        except Exception as e:
-            logger.error(f"{self.salt_id}: {e}")
-            return "error"
-        else:
+            await nc.close()
            return ret
-
-    def salt_api_async(self, **kwargs):
-
-        json = {
-            "client": "local_async",
-            "tgt": self.salt_id,
-            "fun": kwargs["func"],
-            "username": settings.SALT_USERNAME,
-            "password": settings.SALT_PASSWORD,
-            "eauth": "pam",
-        }
-
-        if "arg" in kwargs:
-            json.update({"arg": kwargs["arg"]})
-        if "kwargs" in kwargs:
-            json.update({"kwarg": kwargs["kwargs"]})
-
-        try:
-            resp = requests.post(f"http://{settings.SALT_HOST}:8123/run", json=[json])
-        except Exception:
-            return "timeout"
-
-        return resp
+        else:
+            await nc.publish(self.agent_id, msgpack.dumps(data))
+            await nc.flush()
+            await nc.close()

    @staticmethod
    def serialize(agent):
@@ -511,101 +756,18 @@ class Agent(BaseAuditModel):

        ret = AgentEditSerializer(agent).data
        del ret["all_timezones"]
+        del ret["client"]
        return ret

-    @staticmethod
-    def salt_batch_async(**kwargs):
-        assert isinstance(kwargs["minions"], list)
-
-        json = {
-            "client": "local_async",
-            "tgt_type": "list",
-            "tgt": kwargs["minions"],
-            "fun": kwargs["func"],
-            "username": settings.SALT_USERNAME,
-            "password": settings.SALT_PASSWORD,
-            "eauth": "pam",
-        }
-
-        if "arg" in kwargs:
-            json.update({"arg": kwargs["arg"]})
-        if "kwargs" in kwargs:
-            json.update({"kwarg": kwargs["kwargs"]})
-
-        try:
-            resp = requests.post(f"http://{settings.SALT_HOST}:8123/run", json=[json])
-        except Exception:
-            return "timeout"
-
-        return resp
-
-    def schedule_reboot(self, obj):
-
-        start_date = dt.datetime.strftime(obj, "%Y-%m-%d")
-        start_time = dt.datetime.strftime(obj, "%H:%M")
-
-        # let windows task scheduler automatically delete the task after it runs
-        end_obj = obj + dt.timedelta(minutes=15)
-        end_date = dt.datetime.strftime(end_obj, "%Y-%m-%d")
-        end_time = dt.datetime.strftime(end_obj, "%H:%M")
-
-        task_name = "TacticalRMM_SchedReboot_" + "".join(
-            random.choice(string.ascii_letters) for _ in range(10)
-        )
-
-        r = self.salt_api_cmd(
-            timeout=15,
-            func="task.create_task",
-            arg=[
-                f"name={task_name}",
-                "force=True",
-                "action_type=Execute",
-                'cmd="C:\\Windows\\System32\\shutdown.exe"',
-                'arguments="/r /t 5 /f"',
-                "trigger_type=Once",
-                f'start_date="{start_date}"',
-                f'start_time="{start_time}"',
-                f'end_date="{end_date}"',
-                f'end_time="{end_time}"',
-                "ac_only=False",
-                "stop_if_on_batteries=False",
-                "delete_after=Immediately",
-            ],
-        )
-
-        if r == "error" or (isinstance(r, bool) and not r):
-            return "failed"
-        elif r == "timeout":
-            return "timeout"
-        elif isinstance(r, bool) and r:
-            from logs.models import PendingAction
-
-            details = {
-                "taskname": task_name,
-                "time": str(obj),
-            }
-            PendingAction(agent=self, action_type="schedreboot", details=details).save()
-
-            nice_time = dt.datetime.strftime(obj, "%B %d, %Y at %I:%M %p")
-            return {"msg": {"time": nice_time, "agent": self.hostname}}
-        else:
-            return "failed"
-
-    def not_supported(self, version_added):
-        if pyver.parse(self.version) < pyver.parse(version_added):
-            return True
-
-        return False
-
    def delete_superseded_updates(self):
        try:
            pks = []  # list of pks to delete
-            kbs = list(self.winupdates.values_list("kb", flat=True))
+            kbs = list(self.winupdates.values_list("kb", flat=True))  # type: ignore
            d = Counter(kbs)
            dupes = [k for k, v in d.items() if v > 1]

            for dupe in dupes:
-                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)
+                titles = self.winupdates.filter(kb=dupe).values_list("title", flat=True)  # type: ignore
                # extract the version from the title and sort from oldest to newest
                # skip if no version info is available therefore nothing to parse
                try:
@@ -618,69 +780,42 @@ class Agent(BaseAuditModel):
                    continue
                # append all but the latest version to our list of pks to delete
                for ver in sorted_vers[:-1]:
-                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)
+                    q = self.winupdates.filter(kb=dupe).filter(title__contains=ver)  # type: ignore
                    pks.append(q.first().pk)

            pks = list(set(pks))
-            self.winupdates.filter(pk__in=pks).delete()
+            self.winupdates.filter(pk__in=pks).delete()  # type: ignore
        except:
            pass

-    # define how the agent should handle pending actions
-    def handle_pending_actions(self):
-        pending_actions = self.pendingactions.filter(status="pending")
-
-        for action in pending_actions:
-            if action.action_type == "taskaction":
-                from autotasks.tasks import (
-                    create_win_task_schedule,
-                    enable_or_disable_win_task,
-                    delete_win_task_schedule,
+    def should_create_alert(self, alert_template=None):
+        return (
+            self.overdue_dashboard_alert
+            or self.overdue_email_alert
+            or self.overdue_text_alert
+            or (
+                alert_template
+                and (
+                    alert_template.agent_always_alert
+                    or alert_template.agent_always_email
+                    or alert_template.agent_always_text
                )
-
-                task_id = action.details["task_id"]
-
-                if action.details["action"] == "taskcreate":
-                    create_win_task_schedule.delay(task_id, pending_action=action.id)
-                elif action.details["action"] == "tasktoggle":
-                    enable_or_disable_win_task.delay(
-                        task_id, action.details["value"], pending_action=action.id
-                    )
-                elif action.details["action"] == "taskdelete":
-                    delete_win_task_schedule.delay(task_id, pending_action=action.id)
-
-
-class AgentOutage(models.Model):
-    agent = models.ForeignKey(
-        Agent,
-        related_name="agentoutages",
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    outage_time = models.DateTimeField(auto_now_add=True)
-    recovery_time = models.DateTimeField(null=True, blank=True)
-    outage_email_sent = models.BooleanField(default=False)
-    outage_sms_sent = models.BooleanField(default=False)
-    recovery_email_sent = models.BooleanField(default=False)
-    recovery_sms_sent = models.BooleanField(default=False)
-
-    @property
-    def is_active(self):
-        return False if self.recovery_time else True
+            )
+        )

    def send_outage_email(self):
        from core.models import CoreSettings

        CORE = CoreSettings.objects.first()
        CORE.send_mail(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data overdue",
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
            (
-                f"Data has not been received from client {self.agent.client.name}, "
-                f"site {self.agent.site.name}, "
-                f"agent {self.agent.hostname} "
+                f"Data has not been received from client {self.client.name}, "
+                f"site {self.site.name}, "
+                f"agent {self.hostname} "
                "within the expected time."
            ),
+            alert_template=self.alert_template,
        )

    def send_recovery_email(self):
@@ -688,13 +823,14 @@ class AgentOutage(models.Model):

        CORE = CoreSettings.objects.first()
        CORE.send_mail(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data received",
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
            (
-                f"Data has been received from client {self.agent.client.name}, "
-                f"site {self.agent.site.name}, "
-                f"agent {self.agent.hostname} "
+                f"Data has been received from client {self.client.name}, "
+                f"site {self.site.name}, "
+                f"agent {self.hostname} "
                "after an interruption in data transmission."
            ),
+            alert_template=self.alert_template,
        )

    def send_outage_sms(self):
@@ -702,7 +838,8 @@ class AgentOutage(models.Model):

        CORE = CoreSettings.objects.first()
        CORE.send_sms(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data overdue"
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data overdue",
+            alert_template=self.alert_template,
        )

    def send_recovery_sms(self):
@@ -710,17 +847,17 @@ class AgentOutage(models.Model):

        CORE = CoreSettings.objects.first()
        CORE.send_sms(
-            f"{self.agent.client.name}, {self.agent.site.name}, {self.agent.hostname} - data received"
+            f"{self.client.name}, {self.site.name}, {self.hostname} - data received",
+            alert_template=self.alert_template,
        )

-    def __str__(self):
-        return self.agent.hostname
-

 RECOVERY_CHOICES = [
    ("salt", "Salt"),
    ("mesh", "Mesh"),
    ("command", "Command"),
+    ("rpc", "Nats RPC"),
+    ("checkrunner", "Checkrunner"),
 ]


@@ -737,12 +874,6 @@ class RecoveryAction(models.Model):
    def __str__(self):
        return f"{self.agent.hostname} - {self.mode}"

-    def send(self):
-        ret = {"recovery": self.mode}
-        if self.mode == "command":
-            ret["cmd"] = self.command
-        return ret
-

 class Note(models.Model):
    agent = models.ForeignKey(
@@ -762,3 +893,38 @@ class Note(models.Model):

    def __str__(self):
        return self.agent.hostname
+
+
+class AgentCustomField(models.Model):
+    agent = models.ForeignKey(
+        Agent,
+        related_name="custom_fields",
+        on_delete=models.CASCADE,
+    )
+
+    field = models.ForeignKey(
+        "core.CustomField",
+        related_name="agent_fields",
+        on_delete=models.CASCADE,
+    )
+
+    string_value = models.TextField(null=True, blank=True)
+    bool_value = models.BooleanField(blank=True, default=False)
+    multiple_value = ArrayField(
+        models.TextField(null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    def __str__(self):
+        return self.field
+
+    @property
+    def value(self):
+        if self.field.type == "multiple":
+            return self.multiple_value
+        elif self.field.type == "checkbox":
+            return self.bool_value
+        else:
+            return self.string_value
--- a/api/tacticalrmm/agents/permissions.py
+++ b/api/tacticalrmm/agents/permissions.py
@@ -0,0 +1,63 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class MeshPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_use_mesh")
+
+
+class UninstallPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_uninstall_agents")
+
+
+class UpdateAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_update_agents")
+
+
+class EditAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_edit_agent")
+
+
+class ManageProcPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_procs")
+
+
+class EvtLogPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_view_eventlogs")
+
+
+class SendCMDPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_send_cmd")
+
+
+class RebootAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_reboot_agents")
+
+
+class InstallAgentPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_install_agents")
+
+
+class RunScriptPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_scripts")
+
+
+class ManageNotesPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_manage_notes")
+
+
+class RunBulkPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        return _has_perm(r, "can_run_bulk")
--- a/api/tacticalrmm/agents/serializers.py
+++ b/api/tacticalrmm/agents/serializers.py
@@ -1,23 +1,21 @@
 import pytz
-
 from rest_framework import serializers
-from rest_framework.fields import ReadOnlyField

-from .models import Agent, Note
-
-from winupdate.serializers import WinUpdatePolicySerializer
 from clients.serializers import ClientSerializer
+from winupdate.serializers import WinUpdatePolicySerializer
+
+from .models import Agent, AgentCustomField, Note


 class AgentSerializer(serializers.ModelSerializer):
    # for vue
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
    status = serializers.ReadOnlyField()
    cpu_model = serializers.ReadOnlyField()
    local_ips = serializers.ReadOnlyField()
    make_model = serializers.ReadOnlyField()
    physical_disks = serializers.ReadOnlyField()
+    graphics = serializers.ReadOnlyField()
    checks = serializers.ReadOnlyField()
    timezone = serializers.ReadOnlyField()
    all_timezones = serializers.SerializerMethodField()
@@ -34,26 +32,64 @@ class AgentSerializer(serializers.ModelSerializer):
        ]


+class AgentOverdueActionSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = Agent
+        fields = [
+            "pk",
+            "overdue_email_alert",
+            "overdue_text_alert",
+            "overdue_dashboard_alert",
+        ]
+
+
 class AgentTableSerializer(serializers.ModelSerializer):
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
    status = serializers.ReadOnlyField()
    checks = serializers.ReadOnlyField()
    last_seen = serializers.SerializerMethodField()
    client_name = serializers.ReadOnlyField(source="client.name")
    site_name = serializers.ReadOnlyField(source="site.name")
+    logged_username = serializers.SerializerMethodField()
+    italic = serializers.SerializerMethodField()
+    policy = serializers.ReadOnlyField(source="policy.id")
+    alert_template = serializers.SerializerMethodField()

-    def get_last_seen(self, obj):
+    def get_alert_template(self, obj):
+
+        if not obj.alert_template:
+            return None
+        else:
+            return {
+                "name": obj.alert_template.name,
+                "always_email": obj.alert_template.agent_always_email,
+                "always_text": obj.alert_template.agent_always_text,
+                "always_alert": obj.alert_template.agent_always_alert,
+            }
+
+    def get_last_seen(self, obj) -> str:
        if obj.time_zone is not None:
            agent_tz = pytz.timezone(obj.time_zone)
        else:
            agent_tz = self.context["default_tz"]

-        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M:%S")
+        return obj.last_seen.astimezone(agent_tz).strftime("%m %d %Y %H:%M")
+
+    def get_logged_username(self, obj) -> str:
+        if obj.logged_in_username == "None" and obj.status == "online":
+            return obj.last_logged_in_user
+        elif obj.logged_in_username != "None":
+            return obj.logged_in_username
+        else:
+            return "-"
+
+    def get_italic(self, obj) -> bool:
+        return obj.logged_in_username == "None" and obj.status == "online"

    class Meta:
        model = Agent
        fields = [
            "id",
+            "alert_template",
            "hostname",
            "agent_id",
            "site_name",
@@ -61,24 +97,48 @@ class AgentTableSerializer(serializers.ModelSerializer):
            "monitoring_type",
            "description",
            "needs_reboot",
-            "patches_pending",
+            "has_patches_pending",
+            "pending_actions_count",
            "status",
            "overdue_text_alert",
            "overdue_email_alert",
+            "overdue_dashboard_alert",
            "last_seen",
            "boot_time",
            "checks",
-            "logged_in_username",
-            "last_logged_in_user",
            "maintenance_mode",
+            "logged_username",
+            "italic",
+            "policy",
+            "block_policy_inheritance",
        ]
        depth = 2


+class AgentCustomFieldSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = AgentCustomField
+        fields = (
+            "id",
+            "field",
+            "agent",
+            "value",
+            "string_value",
+            "bool_value",
+            "multiple_value",
+        )
+        extra_kwargs = {
+            "string_value": {"write_only": True},
+            "bool_value": {"write_only": True},
+            "multiple_value": {"write_only": True},
+        }
+
+
 class AgentEditSerializer(serializers.ModelSerializer):
    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
    all_timezones = serializers.SerializerMethodField()
    client = ClientSerializer(read_only=True)
+    custom_fields = AgentCustomFieldSerializer(many=True, read_only=True)

    def get_all_timezones(self, obj):
        return pytz.all_timezones
@@ -96,19 +156,17 @@ class AgentEditSerializer(serializers.ModelSerializer):
            "timezone",
            "check_interval",
            "overdue_time",
+            "offline_time",
            "overdue_text_alert",
            "overdue_email_alert",
            "all_timezones",
            "winupdatepolicy",
+            "policy",
+            "custom_fields",
        ]


 class WinAgentSerializer(serializers.ModelSerializer):
-    # for the windows agent
-    patches_pending = serializers.ReadOnlyField(source="has_patches_pending")
-    winupdatepolicy = WinUpdatePolicySerializer(many=True, read_only=True)
-    status = serializers.ReadOnlyField()
-
    class Meta:
        model = Agent
        fields = "__all__"
--- a/api/tacticalrmm/agents/tasks.py
+++ b/api/tacticalrmm/agents/tasks.py
@@ -1,302 +1,347 @@
-from loguru import logger
-from time import sleep
+import asyncio
+import datetime as dt
 import random
-import requests
-from packaging import version as pyver
-
+import tempfile
+import json
+import subprocess
+import urllib.parse
+from time import sleep
+from typing import Union

 from django.conf import settings
+from django.utils import timezone as djangotime
+from loguru import logger
+from packaging import version as pyver

-
+from agents.models import Agent
+from core.models import CodeSignToken, CoreSettings
+from logs.models import PendingAction
+from scripts.models import Script
 from tacticalrmm.celery import app
-from agents.models import Agent, AgentOutage
-from core.models import CoreSettings
+from tacticalrmm.utils import run_nats_api_cmd

 logger.configure(**settings.LOG_CONFIG)

-OLD_64_PY_AGENT = "https://github.com/wh1te909/winagent/releases/download/v0.11.2/winagent-v0.11.2.exe"
-OLD_32_PY_AGENT = "https://github.com/wh1te909/winagent/releases/download/v0.11.2/winagent-v0.11.2-x86.exe"
+
+def agent_update(pk: int, codesigntoken: str = None, force: bool = False) -> str:
+    from agents.utils import get_exegen_url
+
+    agent = Agent.objects.get(pk=pk)
+
+    if pyver.parse(agent.version) <= pyver.parse("1.3.0"):
+        return "not supported"
+
+    # skip if we can't determine the arch
+    if agent.arch is None:
+        logger.warning(
+            f"Unable to determine arch on {agent.hostname}. Skipping agent update."
+        )
+        return "noarch"
+
+    version = settings.LATEST_AGENT_VER
+    inno = agent.win_inno_exe
+
+    if codesigntoken is not None and pyver.parse(version) >= pyver.parse("1.5.0"):
+        base_url = get_exegen_url() + "/api/v1/winagents/?"
+        params = {"version": version, "arch": agent.arch, "token": codesigntoken}
+        url = base_url + urllib.parse.urlencode(params)
+    else:
+        url = agent.winagent_dl
+
+    if not force:
+        if agent.pendingactions.filter(
+            action_type="agentupdate", status="pending"
+        ).exists():
+            agent.pendingactions.filter(
+                action_type="agentupdate", status="pending"
+            ).delete()
+
+        PendingAction.objects.create(
+            agent=agent,
+            action_type="agentupdate",
+            details={
+                "url": url,
+                "version": version,
+                "inno": inno,
+            },
+        )
+
+    nats_data = {
+        "func": "agentupdate",
+        "payload": {
+            "url": url,
+            "version": version,
+            "inno": inno,
+        },
+    }
+    asyncio.run(agent.nats_cmd(nats_data, wait=False))
+    return "created"


@app.task
-def send_agent_update_task(pks, version):
-    assert isinstance(pks, list)
-
-    q = Agent.objects.filter(pk__in=pks)
-    agents = [i.pk for i in q if pyver.parse(i.version) < pyver.parse(version)]
-
-    chunks = (agents[i : i + 30] for i in range(0, len(agents), 30))
-
-    for chunk in chunks:
-        for pk in chunk:
-            agent = Agent.objects.get(pk=pk)
-
-            # skip if we can't determine the arch
-            if agent.arch is None:
-                logger.warning(
-                    f"Unable to determine arch on {agent.salt_id}. Skipping."
-                )
-                continue
-
-            # golang agent only backwards compatible with py agent 0.11.2
-            # force an upgrade to the latest python agent if version < 0.11.2
-            if pyver.parse(agent.version) < pyver.parse("0.11.2"):
-                url = OLD_64_PY_AGENT if agent.arch == "64" else OLD_32_PY_AGENT
-                inno = (
-                    "winagent-v0.11.2.exe"
-                    if agent.arch == "64"
-                    else "winagent-v0.11.2-x86.exe"
-                )
-            else:
-                url = agent.winagent_dl
-                inno = agent.win_inno_exe
-            logger.info(
-                f"Updating {agent.salt_id} current version {agent.version} using {inno}"
-            )
-            r = agent.salt_api_async(
-                func="win_agent.do_agent_update_v2",
-                kwargs={
-                    "inno": inno,
-                    "url": url,
-                },
-            )
-            logger.info(f"{agent.salt_id}: {r}")
-        sleep(10)
-
-
-@app.task
-def auto_self_agent_update_task():
-    core = CoreSettings.objects.first()
-    if not core.agent_auto_update:
-        logger.info("Agent auto update is disabled. Skipping.")
+def force_code_sign(pks: list[int]) -> None:
+    try:
+        token = CodeSignToken.objects.first().token
+    except:
        return

+    chunks = (pks[i : i + 50] for i in range(0, len(pks), 50))
+    for chunk in chunks:
+        for pk in chunk:
+            agent_update(pk=pk, codesigntoken=token, force=True)
+            sleep(0.05)
+        sleep(4)
+
+
+@app.task
+def send_agent_update_task(pks: list[int]) -> None:
+    try:
+        codesigntoken = CodeSignToken.objects.first().token
+    except:
+        codesigntoken = None
+
+    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
+    for chunk in chunks:
+        for pk in chunk:
+            agent_update(pk, codesigntoken)
+            sleep(0.05)
+        sleep(4)
+
+
+@app.task
+def auto_self_agent_update_task() -> None:
+    core = CoreSettings.objects.first()
+    if not core.agent_auto_update:
+        return
+
+    try:
+        codesigntoken = CodeSignToken.objects.first().token
+    except:
+        codesigntoken = None
+
    q = Agent.objects.only("pk", "version")
-    agents = [
+    pks: list[int] = [
        i.pk
        for i in q
        if pyver.parse(i.version) < pyver.parse(settings.LATEST_AGENT_VER)
    ]
-    logger.info(f"Updating {len(agents)}")
-
-    chunks = (agents[i : i + 30] for i in range(0, len(agents), 30))

+    chunks = (pks[i : i + 30] for i in range(0, len(pks), 30))
    for chunk in chunks:
        for pk in chunk:
-            agent = Agent.objects.get(pk=pk)
-
-            # skip if we can't determine the arch
-            if agent.arch is None:
-                logger.warning(
-                    f"Unable to determine arch on {agent.salt_id}. Skipping."
-                )
-                continue
-
-            # golang agent only backwards compatible with py agent 0.11.2
-            # force an upgrade to the latest python agent if version < 0.11.2
-            if pyver.parse(agent.version) < pyver.parse("0.11.2"):
-                url = OLD_64_PY_AGENT if agent.arch == "64" else OLD_32_PY_AGENT
-                inno = (
-                    "winagent-v0.11.2.exe"
-                    if agent.arch == "64"
-                    else "winagent-v0.11.2-x86.exe"
-                )
-            else:
-                url = agent.winagent_dl
-                inno = agent.win_inno_exe
-            logger.info(
-                f"Updating {agent.salt_id} current version {agent.version} using {inno}"
-            )
-            r = agent.salt_api_async(
-                func="win_agent.do_agent_update_v2",
-                kwargs={
-                    "inno": inno,
-                    "url": url,
-                },
-            )
-            logger.info(f"{agent.salt_id}: {r}")
-        sleep(10)
+            agent_update(pk, codesigntoken)
+            sleep(0.05)
+        sleep(4)


@app.task
-def update_salt_minion_task():
-    q = Agent.objects.all()
-    agents = [
-        i.pk
-        for i in q
-        if pyver.parse(i.version) >= pyver.parse("0.11.0")
-        and pyver.parse(i.salt_ver) < pyver.parse(settings.LATEST_SALT_VER)
-    ]
+def agent_outage_email_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+    from alerts.models import Alert

-    chunks = (agents[i : i + 50] for i in range(0, len(agents), 50))
+    alert = Alert.objects.get(pk=pk)

-    for chunk in chunks:
-        for pk in chunk:
-            agent = Agent.objects.get(pk=pk)
-            r = agent.salt_api_async(func="win_agent.update_salt")
-        sleep(20)
-
-
-@app.task
-def get_wmi_detail_task(pk):
-    agent = Agent.objects.get(pk=pk)
-    r = agent.salt_api_async(timeout=30, func="win_agent.local_sys_info")
-    return "ok"
-
-
-@app.task
-def sync_salt_modules_task(pk):
-    agent = Agent.objects.get(pk=pk)
-    r = agent.salt_api_cmd(timeout=35, func="saltutil.sync_modules")
-    # successful sync if new/charnged files: {'return': [{'MINION-15': ['modules.get_eventlog', 'modules.win_agent', 'etc...']}]}
-    # successful sync with no new/changed files: {'return': [{'MINION-15': []}]}
-    if r == "timeout" or r == "error":
-        return f"Unable to sync modules {agent.salt_id}"
-
-    return f"Successfully synced salt modules on {agent.hostname}"
-
-
-@app.task
-def batch_sync_modules_task():
-    # sync modules, split into chunks of 50 agents to not overload salt
-    agents = Agent.objects.all()
-    online = [i.salt_id for i in agents if i.status == "online"]
-    chunks = (online[i : i + 50] for i in range(0, len(online), 50))
-    for chunk in chunks:
-        Agent.salt_batch_async(minions=chunk, func="saltutil.sync_modules")
-        sleep(10)
-
-
-@app.task
-def batch_sysinfo_task():
-    # update system info using WMI
-    agents = Agent.objects.all()
-    online = [
-        i.salt_id
-        for i in agents
-        if not i.not_supported("0.11.0") and i.status == "online"
-    ]
-    chunks = (online[i : i + 30] for i in range(0, len(online), 30))
-    for chunk in chunks:
-        Agent.salt_batch_async(minions=chunk, func="win_agent.local_sys_info")
-        sleep(10)
-
-
-@app.task
-def uninstall_agent_task(salt_id):
-    attempts = 0
-    error = False
-
-    while 1:
-        try:
-
-            r = requests.post(
-                f"http://{settings.SALT_HOST}:8123/run",
-                json=[
-                    {
-                        "client": "local",
-                        "tgt": salt_id,
-                        "fun": "win_agent.uninstall_agent",
-                        "timeout": 8,
-                        "username": settings.SALT_USERNAME,
-                        "password": settings.SALT_PASSWORD,
-                        "eauth": "pam",
-                    }
-                ],
-                timeout=10,
-            )
-            ret = r.json()["return"][0][salt_id]
-        except Exception:
-            attempts += 1
-        else:
-            if ret != "ok":
-                attempts += 1
-            else:
-                attempts = 0
-
-        if attempts >= 10:
-            error = True
-            break
-        elif attempts == 0:
-            break
-
-    if error:
-        logger.error(f"{salt_id} uninstall failed")
+    if not alert.email_sent:
+        sleep(random.randint(1, 15))
+        alert.agent.send_outage_email()
+        alert.email_sent = djangotime.now()
+        alert.save(update_fields=["email_sent"])
    else:
-        logger.info(f"{salt_id} was successfully uninstalled")
-
-    try:
-        r = requests.post(
-            f"http://{settings.SALT_HOST}:8123/run",
-            json=[
-                {
-                    "client": "wheel",
-                    "fun": "key.delete",
-                    "match": salt_id,
-                    "username": settings.SALT_USERNAME,
-                    "password": settings.SALT_PASSWORD,
-                    "eauth": "pam",
-                }
-            ],
-            timeout=30,
-        )
-    except Exception:
-        logger.error(f"{salt_id} unable to remove salt-key")
+        if alert_interval:
+            # send an email only if the last email sent is older than alert interval
+            delta = djangotime.now() - dt.timedelta(days=alert_interval)
+            if alert.email_sent < delta:
+                sleep(random.randint(1, 10))
+                alert.agent.send_outage_email()
+                alert.email_sent = djangotime.now()
+                alert.save(update_fields=["email_sent"])

    return "ok"


@app.task
-def agent_outage_email_task(pk):
+def agent_recovery_email_task(pk: int) -> str:
+    from alerts.models import Alert
+
    sleep(random.randint(1, 15))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_outage_email()
-    outage.outage_email_sent = True
-    outage.save(update_fields=["outage_email_sent"])
+    alert = Alert.objects.get(pk=pk)
+    alert.agent.send_recovery_email()
+    alert.resolved_email_sent = djangotime.now()
+    alert.save(update_fields=["resolved_email_sent"])
+
+    return "ok"


@app.task
-def agent_recovery_email_task(pk):
-    sleep(random.randint(1, 15))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_recovery_email()
-    outage.recovery_email_sent = True
-    outage.save(update_fields=["recovery_email_sent"])
+def agent_outage_sms_task(pk: int, alert_interval: Union[float, None] = None) -> str:
+    from alerts.models import Alert
+
+    alert = Alert.objects.get(pk=pk)
+
+    if not alert.sms_sent:
+        sleep(random.randint(1, 15))
+        alert.agent.send_outage_sms()
+        alert.sms_sent = djangotime.now()
+        alert.save(update_fields=["sms_sent"])
+    else:
+        if alert_interval:
+            # send an sms only if the last sms sent is older than alert interval
+            delta = djangotime.now() - dt.timedelta(days=alert_interval)
+            if alert.sms_sent < delta:
+                sleep(random.randint(1, 10))
+                alert.agent.send_outage_sms()
+                alert.sms_sent = djangotime.now()
+                alert.save(update_fields=["sms_sent"])
+
+    return "ok"


@app.task
-def agent_outage_sms_task(pk):
+def agent_recovery_sms_task(pk: int) -> str:
+    from alerts.models import Alert
+
    sleep(random.randint(1, 3))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_outage_sms()
-    outage.outage_sms_sent = True
-    outage.save(update_fields=["outage_sms_sent"])
+    alert = Alert.objects.get(pk=pk)
+    alert.agent.send_recovery_sms()
+    alert.resolved_sms_sent = djangotime.now()
+    alert.save(update_fields=["resolved_sms_sent"])
+
+    return "ok"


@app.task
-def agent_recovery_sms_task(pk):
-    sleep(random.randint(1, 3))
-    outage = AgentOutage.objects.get(pk=pk)
-    outage.send_recovery_sms()
-    outage.recovery_sms_sent = True
-    outage.save(update_fields=["recovery_sms_sent"])
+def agent_outages_task() -> None:
+    from alerts.models import Alert

-
-@app.task
-def agent_outages_task():
-    agents = Agent.objects.only("pk")
+    agents = Agent.objects.only(
+        "pk",
+        "agent_id",
+        "last_seen",
+        "offline_time",
+        "overdue_time",
+        "overdue_email_alert",
+        "overdue_text_alert",
+        "overdue_dashboard_alert",
+    )

    for agent in agents:
        if agent.status == "overdue":
-            outages = AgentOutage.objects.filter(agent=agent)
-            if outages and outages.last().is_active:
-                continue
+            Alert.handle_alert_failure(agent)

-            outage = AgentOutage(agent=agent)
-            outage.save()

-            if agent.overdue_email_alert and not agent.maintenance_mode:
-                agent_outage_email_task.delay(pk=outage.pk)
+@app.task
+def run_script_email_results_task(
+    agentpk: int,
+    scriptpk: int,
+    nats_timeout: int,
+    emails: list[str],
+    args: list[str] = [],
+):
+    agent = Agent.objects.get(pk=agentpk)
+    script = Script.objects.get(pk=scriptpk)
+    r = agent.run_script(
+        scriptpk=script.pk, args=args, full=True, timeout=nats_timeout, wait=True
+    )
+    if r == "timeout":
+        logger.error(f"{agent.hostname} timed out running script.")
+        return

-            if agent.overdue_text_alert and not agent.maintenance_mode:
-                agent_outage_sms_task.delay(pk=outage.pk)
+    CORE = CoreSettings.objects.first()
+    subject = f"{agent.hostname} {script.name} Results"
+    exec_time = "{:.4f}".format(r["execution_time"])
+    body = (
+        subject
+        + f"\nReturn code: {r['retcode']}\nExecution time: {exec_time} seconds\nStdout: {r['stdout']}\nStderr: {r['stderr']}"
+    )
+
+    import smtplib
+    from email.message import EmailMessage
+
+    msg = EmailMessage()
+    msg["Subject"] = subject
+    msg["From"] = CORE.smtp_from_email
+
+    if emails:
+        msg["To"] = ", ".join(emails)
+    else:
+        msg["To"] = ", ".join(CORE.email_alert_recipients)
+
+    msg.set_content(body)
+
+    try:
+        with smtplib.SMTP(CORE.smtp_host, CORE.smtp_port, timeout=20) as server:
+            if CORE.smtp_requires_auth:
+                server.ehlo()
+                server.starttls()
+                server.login(CORE.smtp_host_user, CORE.smtp_host_password)
+                server.send_message(msg)
+                server.quit()
+            else:
+                server.send_message(msg)
+                server.quit()
+    except Exception as e:
+        logger.error(e)
+
+
+@app.task
+def clear_faults_task(older_than_days: int) -> None:
+    # https://github.com/wh1te909/tacticalrmm/issues/484
+    agents = Agent.objects.exclude(last_seen__isnull=True).filter(
+        last_seen__lt=djangotime.now() - djangotime.timedelta(days=older_than_days)
+    )
+    for agent in agents:
+        if agent.agentchecks.exists():
+            for check in agent.agentchecks.all():
+                # reset check status
+                check.status = "passing"
+                check.save(update_fields=["status"])
+                if check.alert.filter(resolved=False).exists():
+                    check.alert.get(resolved=False).resolve()
+
+        # reset overdue alerts
+        agent.overdue_email_alert = False
+        agent.overdue_text_alert = False
+        agent.overdue_dashboard_alert = False
+        agent.save(
+            update_fields=[
+                "overdue_email_alert",
+                "overdue_text_alert",
+                "overdue_dashboard_alert",
+            ]
+        )
+
+
+@app.task
+def monitor_agents_task() -> None:
+    agents = Agent.objects.only(
+        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+    )
+    ids = [i.agent_id for i in agents if i.status != "online"]
+    run_nats_api_cmd("monitor", ids)
+
+
+@app.task
+def get_wmi_task() -> None:
+    agents = Agent.objects.only(
+        "pk", "agent_id", "last_seen", "overdue_time", "offline_time"
+    )
+    ids = [i.agent_id for i in agents if i.status == "online"]
+    run_nats_api_cmd("wmi", ids, timeout=45)
+
+
+@app.task
+def agent_checkin_task() -> None:
+    db = settings.DATABASES["default"]
+    config = {
+        "key": settings.SECRET_KEY,
+        "natsurl": f"tls://{settings.ALLOWED_HOSTS[0]}:4222",
+        "user": db["USER"],
+        "pass": db["PASSWORD"],
+        "host": db["HOST"],
+        "port": int(db["PORT"]),
+        "dbname": db["NAME"],
+    }
+    with tempfile.NamedTemporaryFile() as fp:
+        with open(fp.name, "w") as f:
+            json.dump(config, f)
+        cmd = ["/usr/local/bin/nats-api", "-c", fp.name, "-m", "checkin"]
+        subprocess.run(cmd, timeout=30)
--- a/api/tacticalrmm/agents/tests.py
+++ b/api/tacticalrmm/agents/tests.py
--- a/api/tacticalrmm/agents/urls.py
+++ b/api/tacticalrmm/agents/urls.py
@@ -1,18 +1,16 @@
 from django.urls import path
+
 from . import views

 urlpatterns = [
    path("listagents/", views.AgentsTableList.as_view()),
    path("listagentsnodetail/", views.list_agents_no_detail),
    path("<int:pk>/agenteditdetails/", views.agent_edit_details),
-    path("byclient/<int:clientpk>/", views.by_client),
-    path("bysite/<int:sitepk>/", views.by_site),
    path("overdueaction/", views.overdue_action),
    path("sendrawcmd/", views.send_raw_cmd),
    path("<pk>/agentdetail/", views.agent_detail),
    path("<int:pk>/meshcentral/", views.meshcentral),
    path("<str:arch>/getmeshexe/", views.get_mesh_exe),
-    path("poweraction/", views.power_action),
    path("uninstall/", views.uninstall),
    path("editagent/", views.edit_agent),
    path("<pk>/geteventlog/<logtype>/<days>/", views.get_event_log),
@@ -20,16 +18,15 @@ urlpatterns = [
    path("updateagents/", views.update_agents),
    path("<pk>/getprocs/", views.get_processes),
    path("<pk>/<pid>/killproc/", views.kill_proc),
-    path("rebootlater/", views.reboot_later),
+    path("reboot/", views.Reboot.as_view()),
    path("installagent/", views.install_agent),
    path("<int:pk>/ping/", views.ping),
    path("recover/", views.recover),
    path("runscript/", views.run_script),
-    path("<int:pk>/restartmesh/", views.restart_mesh),
    path("<int:pk>/recovermesh/", views.recover_mesh),
    path("<int:pk>/notes/", views.GetAddNotes.as_view()),
    path("<int:pk>/note/", views.GetEditDeleteNote.as_view()),
    path("bulk/", views.bulk),
-    path("agent_counts/", views.agent_counts),
    path("maintenance/", views.agent_maintenance),
+    path("<int:pk>/wmi/", views.WMI.as_view()),
 ]
--- a/api/tacticalrmm/agents/utils.py
+++ b/api/tacticalrmm/agents/utils.py
@@ -0,0 +1,37 @@
+import random
+import urllib.parse
+
+import requests
+from django.conf import settings
+
+
+def get_exegen_url() -> str:
+    urls: list[str] = settings.EXE_GEN_URLS
+    for url in urls:
+        try:
+            r = requests.get(url, timeout=10)
+        except:
+            continue
+
+        if r.status_code == 200:
+            return url
+
+    return random.choice(urls)
+
+
+def get_winagent_url(arch: str) -> str:
+    from core.models import CodeSignToken
+
+    try:
+        codetoken = CodeSignToken.objects.first().token
+        base_url = get_exegen_url() + "/api/v1/winagents/?"
+        params = {
+            "version": settings.LATEST_AGENT_VER,
+            "arch": arch,
+            "token": codetoken,
+        }
+        dl_url = base_url + urllib.parse.urlencode(params)
+    except:
+        dl_url = settings.DL_64 if arch == "64" else settings.DL_32
+
+    return dl_url
--- a/api/tacticalrmm/agents/views.py
+++ b/api/tacticalrmm/agents/views.py
--- a/api/tacticalrmm/alerts/admin.py
+++ b/api/tacticalrmm/alerts/admin.py
@@ -1,6 +1,6 @@
 from django.contrib import admin

-from .models import Alert
-
+from .models import Alert, AlertTemplate

 admin.site.register(Alert)
+admin.site.register(AlertTemplate)
--- a/api/tacticalrmm/alerts/migrations/0001_initial.py
+++ b/api/tacticalrmm/alerts/migrations/0001_initial.py
@@ -1,7 +1,7 @@
 # Generated by Django 3.1 on 2020-08-15 15:31

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):
@@ -42,4 +42,4 @@ class Migration(migrations.Migration):
                ),
            ],
        ),
-    ]
+    ]
--- a/api/tacticalrmm/alerts/migrations/0002_auto_20200815_1618.py
+++ b/api/tacticalrmm/alerts/migrations/0002_auto_20200815_1618.py
@@ -27,4 +27,4 @@ class Migration(migrations.Migration):
                max_length=100,
            ),
        ),
-    ]
+    ]
--- a/api/tacticalrmm/alerts/migrations/0003_auto_20201021_1815.py
+++ b/api/tacticalrmm/alerts/migrations/0003_auto_20201021_1815.py
@@ -1,25 +1,31 @@
 # Generated by Django 3.1.2 on 2020-10-21 18:15

-from django.db import migrations, models
 import django.db.models.deletion
+from django.db import migrations, models


 class Migration(migrations.Migration):

    dependencies = [
-        ('checks', '0010_auto_20200922_1344'),
-        ('alerts', '0002_auto_20200815_1618'),
+        ("checks", "0010_auto_20200922_1344"),
+        ("alerts", "0002_auto_20200815_1618"),
    ]

    operations = [
        migrations.AddField(
-            model_name='alert',
-            name='assigned_check',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='alert', to='checks.check'),
+            model_name="alert",
+            name="assigned_check",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="alert",
+                to="checks.check",
+            ),
        ),
        migrations.AlterField(
-            model_name='alert',
-            name='alert_time',
+            model_name="alert",
+            name="alert_time",
            field=models.DateTimeField(auto_now_add=True, null=True),
        ),
-    ]
+    ]
--- a/api/tacticalrmm/alerts/migrations/0004_auto_20210212_1408.py
+++ b/api/tacticalrmm/alerts/migrations/0004_auto_20210212_1408.py
@@ -0,0 +1,172 @@
+# Generated by Django 3.1.4 on 2021-02-12 14:08
+
+import django.contrib.postgres.fields
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('agents', '0029_delete_agentoutage'),
+        ('clients', '0008_auto_20201103_1430'),
+        ('autotasks', '0017_auto_20210210_1512'),
+        ('scripts', '0005_auto_20201207_1606'),
+        ('alerts', '0003_auto_20201021_1815'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='alert',
+            name='action_execution_time',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_retcode',
+            field=models.IntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_run',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_stderr',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_stdout',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='action_timeout',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='alert_type',
+            field=models.CharField(choices=[('availability', 'Availability'), ('check', 'Check'), ('task', 'Task'), ('custom', 'Custom')], default='availability', max_length=20),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='assigned_task',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, related_name='alert', to='autotasks.automatedtask'),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='email_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='hidden',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_execution_time',
+            field=models.CharField(blank=True, max_length=100, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_retcode',
+            field=models.IntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_run',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_stderr',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_stdout',
+            field=models.TextField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_action_timeout',
+            field=models.PositiveIntegerField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_email_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_on',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='resolved_sms_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='sms_sent',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='alert',
+            name='snoozed',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='alert',
+            name='severity',
+            field=models.CharField(choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], default='info', max_length=30),
+        ),
+        migrations.CreateModel(
+            name='AlertTemplate',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100)),
+                ('is_active', models.BooleanField(default=True)),
+                ('action_args', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=255, null=True), blank=True, default=list, null=True, size=None)),
+                ('resolved_action_args', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=255, null=True), blank=True, default=list, null=True, size=None)),
+                ('email_recipients', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=100), blank=True, default=list, null=True, size=None)),
+                ('text_recipients', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, max_length=100), blank=True, default=list, null=True, size=None)),
+                ('email_from', models.EmailField(blank=True, max_length=254, null=True)),
+                ('agent_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_include_desktops', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('agent_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('check_email_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_text_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_dashboard_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('check_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('check_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('task_email_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_text_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_dashboard_alert_severity', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(blank=True, choices=[('info', 'Informational'), ('warning', 'Warning'), ('error', 'Error')], max_length=25), blank=True, default=list, size=None)),
+                ('task_email_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_text_on_resolved', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_email', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_text', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_always_alert', models.BooleanField(blank=True, default=False, null=True)),
+                ('task_periodic_alert_days', models.PositiveIntegerField(blank=True, default=0, null=True)),
+                ('action', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='alert_template', to='scripts.script')),
+                ('excluded_agents', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='agents.Agent')),
+                ('excluded_clients', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='clients.Client')),
+                ('excluded_sites', models.ManyToManyField(blank=True, related_name='alert_exclusions', to='clients.Site')),
+                ('resolved_action', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='resolved_alert_template', to='scripts.script')),
+            ],
+        ),
+    ]
--- a/api/tacticalrmm/alerts/migrations/0005_auto_20210212_1745.py
+++ b/api/tacticalrmm/alerts/migrations/0005_auto_20210212_1745.py
@@ -0,0 +1,31 @@
+# Generated by Django 3.1.4 on 2021-02-12 17:45
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0004_auto_20210212_1408'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='alert',
+            name='action_timeout',
+        ),
+        migrations.RemoveField(
+            model_name='alert',
+            name='resolved_action_timeout',
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='action_timeout',
+            field=models.PositiveIntegerField(default=15),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='resolved_action_timeout',
+            field=models.PositiveIntegerField(default=15),
+        ),
+    ]
--- a/api/tacticalrmm/alerts/migrations/0006_auto_20210217_1736.py
+++ b/api/tacticalrmm/alerts/migrations/0006_auto_20210217_1736.py
@@ -0,0 +1,72 @@
+# Generated by Django 3.1.6 on 2021-02-17 17:36
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('alerts', '0005_auto_20210212_1745'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='alerttemplate',
+            name='agent_include_desktops',
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_servers',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AddField(
+            model_name='alerttemplate',
+            name='exclude_workstations',
+            field=models.BooleanField(blank=True, default=False, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='agent_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='check_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_alert',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_email',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+        migrations.AlterField(
+            model_name='alerttemplate',
+            name='task_always_text',
+            field=models.BooleanField(blank=True, default=None, null=True),
+        ),
+    ]
--- a/api/tacticalrmm/alerts/models.py
+++ b/api/tacticalrmm/alerts/models.py
@@ -1,5 +1,21 @@
-from django.db import models
+from __future__ import annotations

+import re
+from typing import TYPE_CHECKING, Union
+
+from django.conf import settings
+from django.contrib.postgres.fields import ArrayField
+from django.db import models
+from django.db.models.fields import BooleanField, PositiveIntegerField
+from django.utils import timezone as djangotime
+from loguru import logger
+
+if TYPE_CHECKING:
+    from agents.models import Agent
+    from autotasks.models import AutomatedTask
+    from checks.models import Check
+
+logger.configure(**settings.LOG_CONFIG)

 SEVERITY_CHOICES = [
    ("info", "Informational"),
@@ -7,6 +23,13 @@ SEVERITY_CHOICES = [
    ("error", "Error"),
 ]

+ALERT_TYPE_CHOICES = [
+    ("availability", "Availability"),
+    ("check", "Check"),
+    ("task", "Task"),
+    ("custom", "Custom"),
+]
+

 class Alert(models.Model):
    agent = models.ForeignKey(
@@ -23,21 +46,584 @@ class Alert(models.Model):
        null=True,
        blank=True,
    )
+    assigned_task = models.ForeignKey(
+        "autotasks.AutomatedTask",
+        related_name="alert",
+        on_delete=models.CASCADE,
+        null=True,
+        blank=True,
+    )
+    alert_type = models.CharField(
+        max_length=20, choices=ALERT_TYPE_CHOICES, default="availability"
+    )
    message = models.TextField(null=True, blank=True)
-    alert_time = models.DateTimeField(auto_now_add=True, null=True)
+    alert_time = models.DateTimeField(auto_now_add=True, null=True, blank=True)
+    snoozed = models.BooleanField(default=False)
    snooze_until = models.DateTimeField(null=True, blank=True)
    resolved = models.BooleanField(default=False)
-    severity = models.CharField(
-        max_length=100, choices=SEVERITY_CHOICES, default="info"
+    resolved_on = models.DateTimeField(null=True, blank=True)
+    severity = models.CharField(max_length=30, choices=SEVERITY_CHOICES, default="info")
+    email_sent = models.DateTimeField(null=True, blank=True)
+    resolved_email_sent = models.DateTimeField(null=True, blank=True)
+    sms_sent = models.DateTimeField(null=True, blank=True)
+    resolved_sms_sent = models.DateTimeField(null=True, blank=True)
+    hidden = models.BooleanField(default=False)
+    action_run = models.DateTimeField(null=True, blank=True)
+    action_stdout = models.TextField(null=True, blank=True)
+    action_stderr = models.TextField(null=True, blank=True)
+    action_retcode = models.IntegerField(null=True, blank=True)
+    action_execution_time = models.CharField(max_length=100, null=True, blank=True)
+    resolved_action_run = models.DateTimeField(null=True, blank=True)
+    resolved_action_stdout = models.TextField(null=True, blank=True)
+    resolved_action_stderr = models.TextField(null=True, blank=True)
+    resolved_action_retcode = models.IntegerField(null=True, blank=True)
+    resolved_action_execution_time = models.CharField(
+        max_length=100, null=True, blank=True
    )

    def __str__(self):
        return self.message

+    def resolve(self):
+        self.resolved = True
+        self.resolved_on = djangotime.now()
+        self.snoozed = False
+        self.snooze_until = None
+        self.save()
+
    @classmethod
-    def create_availability_alert(cls, agent):
-        pass
-    
+    def create_or_return_availability_alert(cls, agent):
+        if not cls.objects.filter(agent=agent, resolved=False).exists():
+            return cls.objects.create(
+                agent=agent,
+                alert_type="availability",
+                severity="error",
+                message=f"{agent.hostname} in {agent.client.name}\\{agent.site.name} is overdue.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(agent=agent, resolved=False)
+
    @classmethod
-    def create_check_alert(cls, check):
-        pass
+    def create_or_return_check_alert(cls, check):
+
+        if not cls.objects.filter(assigned_check=check, resolved=False).exists():
+            return cls.objects.create(
+                assigned_check=check,
+                alert_type="check",
+                severity=check.alert_severity,
+                message=f"{check.agent.hostname} has a {check.check_type} check: {check.readable_desc} that failed.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(assigned_check=check, resolved=False)
+
+    @classmethod
+    def create_or_return_task_alert(cls, task):
+
+        if not cls.objects.filter(assigned_task=task, resolved=False).exists():
+            return cls.objects.create(
+                assigned_task=task,
+                alert_type="task",
+                severity=task.alert_severity,
+                message=f"{task.agent.hostname} has task: {task.name} that failed.",
+                hidden=True,
+            )
+        else:
+            return cls.objects.get(assigned_task=task, resolved=False)
+
+    @classmethod
+    def handle_alert_failure(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        dashboard_severities = None
+        email_severities = None
+        text_severities = None
+        always_dashboard = None
+        always_email = None
+        always_text = None
+        alert_interval = None
+        email_task = None
+        text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_outage_email_task, agent_outage_sms_task
+
+            email_task = agent_outage_email_task
+            text_task = agent_outage_sms_task
+
+            email_alert = instance.overdue_email_alert
+            text_alert = instance.overdue_text_alert
+            dashboard_alert = instance.overdue_dashboard_alert
+            alert_template = instance.alert_template
+            maintenance_mode = instance.maintenance_mode
+            alert_severity = "error"
+            agent = instance
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = ["error"]
+                email_severities = ["error"]
+                text_severities = ["error"]
+                always_dashboard = alert_template.agent_always_alert
+                always_email = alert_template.agent_always_email
+                always_text = alert_template.agent_always_text
+                alert_interval = alert_template.agent_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_availability_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(agent=instance, resolved=False).exists():
+                    alert = cls.objects.get(agent=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_check_email_alert_task,
+                handle_check_sms_alert_task,
+            )
+
+            email_task = handle_check_email_alert_task
+            text_task = handle_check_sms_alert_task
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.check_dashboard_alert_severity
+                email_severities = alert_template.check_email_alert_severity
+                text_severities = alert_template.check_text_alert_severity
+                always_dashboard = alert_template.check_always_alert
+                always_email = alert_template.check_always_email
+                always_text = alert_template.check_always_text
+                alert_interval = alert_template.check_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_check_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_check=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_check=instance, resolved=False)
+                else:
+                    alert = None
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import handle_task_email_alert, handle_task_sms_alert
+
+            email_task = handle_task_email_alert
+            text_task = handle_task_sms_alert
+
+            email_alert = instance.email_alert
+            text_alert = instance.text_alert
+            dashboard_alert = instance.dashboard_alert
+            alert_template = instance.agent.alert_template
+            maintenance_mode = instance.agent.maintenance_mode
+            alert_severity = instance.alert_severity
+            agent = instance.agent
+
+            # set alert_template settings
+            if alert_template:
+                dashboard_severities = alert_template.task_dashboard_alert_severity
+                email_severities = alert_template.task_email_alert_severity
+                text_severities = alert_template.task_text_alert_severity
+                always_dashboard = alert_template.task_always_alert
+                always_email = alert_template.task_always_email
+                always_text = alert_template.task_always_text
+                alert_interval = alert_template.task_periodic_alert_days
+
+            if instance.should_create_alert(alert_template):
+                alert = cls.create_or_return_task_alert(instance)
+            else:
+                # check if there is an alert that exists
+                if cls.objects.filter(assigned_task=instance, resolved=False).exists():
+                    alert = cls.objects.get(assigned_task=instance, resolved=False)
+                else:
+                    alert = None
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode or not alert:
+            return
+
+        # check if alert severity changed on check and update the alert
+        if alert_severity != alert.severity:
+            alert.severity = alert_severity
+            alert.save(update_fields=["severity"])
+
+        # create alert in dashboard if enabled
+        if dashboard_alert or always_dashboard:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in dashboard_severities:  # type: ignore
+                pass
+            else:
+                alert.hidden = False
+                alert.save()
+
+        # send email if enabled
+        if email_alert or always_email:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in email_severities:  # type: ignore
+                pass
+            else:
+                email_task.delay(
+                    pk=alert.pk,
+                    alert_interval=alert_interval,
+                )
+
+        # send text if enabled
+        if text_alert or always_text:
+
+            # check if alert template is set and specific severities are configured
+            if alert_template and alert.severity not in text_severities:  # type: ignore
+                pass
+            else:
+                text_task.delay(pk=alert.pk, alert_interval=alert_interval)
+
+        # check if any scripts should be run
+        if alert_template and alert_template.action and not alert.action_run:
+            r = agent.run_script(
+                scriptpk=alert_template.action.pk,
+                args=alert.parse_script_args(alert_template.action_args),
+                timeout=alert_template.action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.action_retcode = r["retcode"]
+                alert.action_stdout = r["stdout"]
+                alert.action_stderr = r["stderr"]
+                alert.action_execution_time = "{:.4f}".format(r["execution_time"])
+                alert.action_run = djangotime.now()
+                alert.save()
+            else:
+                logger.error(
+                    f"Failure action: {alert_template.action.name} failed to run on any agent for {agent.hostname} failure alert"
+                )
+
+    @classmethod
+    def handle_alert_resolve(cls, instance: Union[Agent, AutomatedTask, Check]) -> None:
+        from agents.models import Agent
+        from autotasks.models import AutomatedTask
+        from checks.models import Check
+
+        # set variables
+        email_on_resolved = False
+        text_on_resolved = False
+        resolved_email_task = None
+        resolved_text_task = None
+
+        # check what the instance passed is
+        if isinstance(instance, Agent):
+            from agents.tasks import agent_recovery_email_task, agent_recovery_sms_task
+
+            resolved_email_task = agent_recovery_email_task
+            resolved_text_task = agent_recovery_sms_task
+
+            alert_template = instance.alert_template
+            alert = cls.objects.get(agent=instance, resolved=False)
+            maintenance_mode = instance.maintenance_mode
+            agent = instance
+
+            if alert_template:
+                email_on_resolved = alert_template.agent_email_on_resolved
+                text_on_resolved = alert_template.agent_text_on_resolved
+
+        elif isinstance(instance, Check):
+            from checks.tasks import (
+                handle_resolved_check_email_alert_task,
+                handle_resolved_check_sms_alert_task,
+            )
+
+            resolved_email_task = handle_resolved_check_email_alert_task
+            resolved_text_task = handle_resolved_check_sms_alert_task
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_check=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.check_email_on_resolved
+                text_on_resolved = alert_template.check_text_on_resolved
+
+        elif isinstance(instance, AutomatedTask):
+            from autotasks.tasks import (
+                handle_resolved_task_email_alert,
+                handle_resolved_task_sms_alert,
+            )
+
+            resolved_email_task = handle_resolved_task_email_alert
+            resolved_text_task = handle_resolved_task_sms_alert
+
+            alert_template = instance.agent.alert_template
+            alert = cls.objects.get(assigned_task=instance, resolved=False)
+            maintenance_mode = instance.agent.maintenance_mode
+            agent = instance.agent
+
+            if alert_template:
+                email_on_resolved = alert_template.task_email_on_resolved
+                text_on_resolved = alert_template.task_text_on_resolved
+
+        else:
+            return
+
+        # return if agent is in maintenance mode
+        if maintenance_mode:
+            return
+
+        alert.resolve()
+
+        # check if a resolved email notification should be send
+        if email_on_resolved and not alert.resolved_email_sent:
+            resolved_email_task.delay(pk=alert.pk)
+
+        # check if resolved text should be sent
+        if text_on_resolved and not alert.resolved_sms_sent:
+            resolved_text_task.delay(pk=alert.pk)
+
+        # check if resolved script should be run
+        if (
+            alert_template
+            and alert_template.resolved_action
+            and not alert.resolved_action_run
+        ):
+            r = agent.run_script(
+                scriptpk=alert_template.resolved_action.pk,
+                args=alert.parse_script_args(alert_template.resolved_action_args),
+                timeout=alert_template.resolved_action_timeout,
+                wait=True,
+                full=True,
+                run_on_any=True,
+            )
+
+            # command was successful
+            if type(r) == dict:
+                alert.resolved_action_retcode = r["retcode"]
+                alert.resolved_action_stdout = r["stdout"]
+                alert.resolved_action_stderr = r["stderr"]
+                alert.resolved_action_execution_time = "{:.4f}".format(
+                    r["execution_time"]
+                )
+                alert.resolved_action_run = djangotime.now()
+                alert.save()
+            else:
+                logger.error(
+                    f"Resolved action: {alert_template.action.name} failed to run on any agent for {agent.hostname} resolved alert"
+                )
+
+    def parse_script_args(self, args: list[str]):
+
+        if not args:
+            return []
+
+        temp_args = list()
+        # pattern to match for injection
+        pattern = re.compile(".*\\{\\{alert\\.(.*)\\}\\}.*")
+
+        for arg in args:
+            match = pattern.match(arg)
+            if match:
+                name = match.group(1)
+
+                if hasattr(self, name):
+                    value = f"'{getattr(self, name)}'"
+                else:
+                    continue
+
+                try:
+                    temp_args.append(re.sub("\\{\\{.*\\}\\}", value, arg))  # type: ignore
+                except Exception as e:
+                    logger.error(e)
+                    continue
+
+            else:
+                temp_args.append(arg)
+
+        return temp_args
+
+
+class AlertTemplate(models.Model):
+    name = models.CharField(max_length=100)
+    is_active = models.BooleanField(default=True)
+
+    action = models.ForeignKey(
+        "scripts.Script",
+        related_name="alert_template",
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    action_args = ArrayField(
+        models.CharField(max_length=255, null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    action_timeout = models.PositiveIntegerField(default=15)
+    resolved_action = models.ForeignKey(
+        "scripts.Script",
+        related_name="resolved_alert_template",
+        blank=True,
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    resolved_action_args = ArrayField(
+        models.CharField(max_length=255, null=True, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    resolved_action_timeout = models.PositiveIntegerField(default=15)
+
+    # overrides the global recipients
+    email_recipients = ArrayField(
+        models.CharField(max_length=100, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+    text_recipients = ArrayField(
+        models.CharField(max_length=100, blank=True),
+        null=True,
+        blank=True,
+        default=list,
+    )
+
+    # overrides the from address
+    email_from = models.EmailField(blank=True, null=True)
+
+    # agent alert settings
+    agent_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    agent_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    agent_always_email = BooleanField(null=True, blank=True, default=None)
+    agent_always_text = BooleanField(null=True, blank=True, default=None)
+    agent_always_alert = BooleanField(null=True, blank=True, default=None)
+    agent_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+
+    # check alert settings
+    check_email_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_text_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_dashboard_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    check_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    check_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    check_always_email = BooleanField(null=True, blank=True, default=None)
+    check_always_text = BooleanField(null=True, blank=True, default=None)
+    check_always_alert = BooleanField(null=True, blank=True, default=None)
+    check_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+
+    # task alert settings
+    task_email_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_text_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_dashboard_alert_severity = ArrayField(
+        models.CharField(max_length=25, blank=True, choices=SEVERITY_CHOICES),
+        blank=True,
+        default=list,
+    )
+    task_email_on_resolved = BooleanField(null=True, blank=True, default=False)
+    task_text_on_resolved = BooleanField(null=True, blank=True, default=False)
+    task_always_email = BooleanField(null=True, blank=True, default=None)
+    task_always_text = BooleanField(null=True, blank=True, default=None)
+    task_always_alert = BooleanField(null=True, blank=True, default=None)
+    task_periodic_alert_days = PositiveIntegerField(blank=True, null=True, default=0)
+
+    # exclusion settings
+    exclude_workstations = BooleanField(null=True, blank=True, default=False)
+    exclude_servers = BooleanField(null=True, blank=True, default=False)
+
+    excluded_sites = models.ManyToManyField(
+        "clients.Site", related_name="alert_exclusions", blank=True
+    )
+    excluded_clients = models.ManyToManyField(
+        "clients.Client", related_name="alert_exclusions", blank=True
+    )
+    excluded_agents = models.ManyToManyField(
+        "agents.Agent", related_name="alert_exclusions", blank=True
+    )
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def has_agent_settings(self) -> bool:
+        return (
+            self.agent_email_on_resolved
+            or self.agent_text_on_resolved
+            or self.agent_always_email
+            or self.agent_always_text
+            or self.agent_always_alert
+            or bool(self.agent_periodic_alert_days)
+        )
+
+    @property
+    def has_check_settings(self) -> bool:
+        return (
+            bool(self.check_email_alert_severity)
+            or bool(self.check_text_alert_severity)
+            or bool(self.check_dashboard_alert_severity)
+            or self.check_email_on_resolved
+            or self.check_text_on_resolved
+            or self.check_always_email
+            or self.check_always_text
+            or self.check_always_alert
+            or bool(self.check_periodic_alert_days)
+        )
+
+    @property
+    def has_task_settings(self) -> bool:
+        return (
+            bool(self.task_email_alert_severity)
+            or bool(self.task_text_alert_severity)
+            or bool(self.task_dashboard_alert_severity)
+            or self.task_email_on_resolved
+            or self.task_text_on_resolved
+            or self.task_always_email
+            or self.task_always_text
+            or self.task_always_alert
+            or bool(self.task_periodic_alert_days)
+        )
+
+    @property
+    def has_core_settings(self) -> bool:
+        return bool(self.email_from) or self.email_recipients or self.text_recipients
+
+    @property
+    def is_default_template(self) -> bool:
+        return self.default_alert_template.exists()  # type: ignore
--- a/api/tacticalrmm/alerts/permissions.py
+++ b/api/tacticalrmm/alerts/permissions.py
@@ -0,0 +1,11 @@
+from rest_framework import permissions
+
+from tacticalrmm.permissions import _has_perm
+
+
+class ManageAlertsPerms(permissions.BasePermission):
+    def has_permission(self, r, view):
+        if r.method == "GET" or r.method == "PATCH":
+            return True
+
+        return _has_perm(r, "can_manage_alerts")
--- a/api/tacticalrmm/alerts/serializers.py
+++ b/api/tacticalrmm/alerts/serializers.py
@@ -1,19 +1,121 @@
-from rest_framework.serializers import (
-    ModelSerializer,
-    ReadOnlyField,
-    DateTimeField,
-)
+from rest_framework.fields import SerializerMethodField
+from rest_framework.serializers import ModelSerializer, ReadOnlyField

-from .models import Alert
+from automation.serializers import PolicySerializer
+from clients.serializers import ClientSerializer, SiteSerializer
+from tacticalrmm.utils import get_default_timezone
+
+from .models import Alert, AlertTemplate


 class AlertSerializer(ModelSerializer):

-    hostname = ReadOnlyField(source="agent.hostname")
-    client = ReadOnlyField(source="agent.client")
-    site = ReadOnlyField(source="agent.site")
-    alert_time = DateTimeField(format="iso-8601")
+    hostname = SerializerMethodField(read_only=True)
+    client = SerializerMethodField(read_only=True)
+    site = SerializerMethodField(read_only=True)
+    alert_time = SerializerMethodField(read_only=True)
+    resolve_on = SerializerMethodField(read_only=True)
+    snoozed_until = SerializerMethodField(read_only=True)
+
+    def get_hostname(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.hostname if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.hostname
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.hostname if instance.assigned_task else ""
+            )
+        else:
+            return ""
+
+    def get_client(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.client.name if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.client.name
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.client.name
+                if instance.assigned_task
+                else ""
+            )
+        else:
+            return ""
+
+    def get_site(self, instance):
+        if instance.alert_type == "availability":
+            return instance.agent.site.name if instance.agent else ""
+        elif instance.alert_type == "check":
+            return (
+                instance.assigned_check.agent.site.name
+                if instance.assigned_check
+                else ""
+            )
+        elif instance.alert_type == "task":
+            return (
+                instance.assigned_task.agent.site.name if instance.assigned_task else ""
+            )
+        else:
+            return ""
+
+    def get_alert_time(self, instance):
+        if instance.alert_time:
+            return instance.alert_time.astimezone(get_default_timezone()).timestamp()
+        else:
+            return None
+
+    def get_resolve_on(self, instance):
+        if instance.resolved_on:
+            return instance.resolved_on.astimezone(get_default_timezone()).timestamp()
+        else:
+            return None
+
+    def get_snoozed_until(self, instance):
+        if instance.snooze_until:
+            return instance.snooze_until.astimezone(get_default_timezone()).timestamp()
+        return None

    class Meta:
        model = Alert
-        fields = "__all__"
+        fields = "__all__"
+
+
+class AlertTemplateSerializer(ModelSerializer):
+    agent_settings = ReadOnlyField(source="has_agent_settings")
+    check_settings = ReadOnlyField(source="has_check_settings")
+    task_settings = ReadOnlyField(source="has_task_settings")
+    core_settings = ReadOnlyField(source="has_core_settings")
+    default_template = ReadOnlyField(source="is_default_template")
+    action_name = ReadOnlyField(source="action.name")
+    resolved_action_name = ReadOnlyField(source="resolved_action.name")
+    applied_count = SerializerMethodField()
+
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"
+
+    def get_applied_count(self, instance):
+        count = 0
+        count += instance.policies.count()
+        count += instance.clients.count()
+        count += instance.sites.count()
+        return count
+
+
+class AlertTemplateRelationSerializer(ModelSerializer):
+    policies = PolicySerializer(read_only=True, many=True)
+    clients = ClientSerializer(read_only=True, many=True)
+    sites = SiteSerializer(read_only=True, many=True)
+
+    class Meta:
+        model = AlertTemplate
+        fields = "__all__"
--- a/api/tacticalrmm/alerts/tasks.py
+++ b/api/tacticalrmm/alerts/tasks.py
@@ -0,0 +1,24 @@
+from django.utils import timezone as djangotime
+
+from alerts.models import Alert
+from tacticalrmm.celery import app
+
+
+@app.task
+def unsnooze_alerts() -> str:
+
+    Alert.objects.filter(snoozed=True, snooze_until__lte=djangotime.now()).update(
+        snoozed=False, snooze_until=None
+    )
+
+    return "ok"
+
+
+@app.task
+def cache_agents_alert_template():
+    from agents.models import Agent
+
+    for agent in Agent.objects.only("pk"):
+        agent.set_alert_template()
+
+    return "ok"
--- a/api/tacticalrmm/alerts/tests.py
+++ b/api/tacticalrmm/alerts/tests.py
--- a/api/tacticalrmm/alerts/urls.py
+++ b/api/tacticalrmm/alerts/urls.py
@@ -1,7 +1,12 @@
 from django.urls import path
+
 from . import views

 urlpatterns = [
    path("alerts/", views.GetAddAlerts.as_view()),
+    path("bulk/", views.BulkAlerts.as_view()),
    path("alerts/<int:pk>/", views.GetUpdateDeleteAlert.as_view()),
+    path("alerttemplates/", views.GetAddAlertTemplates.as_view()),
+    path("alerttemplates/<int:pk>/", views.GetUpdateDeleteAlertTemplate.as_view()),
+    path("alerttemplates/<int:pk>/related/", views.RelatedAlertTemplate.as_view()),
 ]
--- a/api/tacticalrmm/alerts/views.py
+++ b/api/tacticalrmm/alerts/views.py
@@ -1,19 +1,108 @@
+from datetime import datetime as dt
+
+from django.db.models import Q
 from django.shortcuts import get_object_or_404
-
-from rest_framework.views import APIView
+from django.utils import timezone as djangotime
+from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
-from rest_framework import status
+from rest_framework.views import APIView

-from .models import Alert
+from tacticalrmm.utils import notify_error

-from .serializers import AlertSerializer
+from .models import Alert, AlertTemplate
+from .permissions import ManageAlertsPerms
+from .serializers import (
+    AlertSerializer,
+    AlertTemplateRelationSerializer,
+    AlertTemplateSerializer,
+)
+from .tasks import cache_agents_alert_template


 class GetAddAlerts(APIView):
-    def get(self, request):
-        alerts = Alert.objects.all()
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]

-        return Response(AlertSerializer(alerts, many=True).data)
+    def patch(self, request):
+
+        # top 10 alerts for dashboard icon
+        if "top" in request.data.keys():
+            alerts = Alert.objects.filter(
+                resolved=False, snoozed=False, hidden=False
+            ).order_by("alert_time")[: int(request.data["top"])]
+            count = Alert.objects.filter(
+                resolved=False, snoozed=False, hidden=False
+            ).count()
+            return Response(
+                {
+                    "alerts_count": count,
+                    "alerts": AlertSerializer(alerts, many=True).data,
+                }
+            )
+
+        elif any(
+            key
+            in [
+                "timeFilter",
+                "clientFilter",
+                "severityFilter",
+                "resolvedFilter",
+                "snoozedFilter",
+            ]
+            for key in request.data.keys()
+        ):
+            clientFilter = Q()
+            severityFilter = Q()
+            timeFilter = Q()
+            resolvedFilter = Q()
+            snoozedFilter = Q()
+
+            if (
+                "snoozedFilter" in request.data.keys()
+                and not request.data["snoozedFilter"]
+            ):
+                snoozedFilter = Q(snoozed=request.data["snoozedFilter"])
+
+            if (
+                "resolvedFilter" in request.data.keys()
+                and not request.data["resolvedFilter"]
+            ):
+                resolvedFilter = Q(resolved=request.data["resolvedFilter"])
+
+            if "clientFilter" in request.data.keys():
+                from agents.models import Agent
+                from clients.models import Client
+
+                clients = Client.objects.filter(
+                    pk__in=request.data["clientFilter"]
+                ).values_list("id")
+                agents = Agent.objects.filter(site__client_id__in=clients).values_list(
+                    "id"
+                )
+
+                clientFilter = Q(agent__in=agents)
+
+            if "severityFilter" in request.data.keys():
+                severityFilter = Q(severity__in=request.data["severityFilter"])
+
+            if "timeFilter" in request.data.keys():
+                timeFilter = Q(
+                    alert_time__lte=djangotime.make_aware(dt.today()),
+                    alert_time__gt=djangotime.make_aware(dt.today())
+                    - djangotime.timedelta(days=int(request.data["timeFilter"])),
+                )
+
+            alerts = (
+                Alert.objects.filter(clientFilter)
+                .filter(severityFilter)
+                .filter(resolvedFilter)
+                .filter(snoozedFilter)
+                .filter(timeFilter)
+            )
+            return Response(AlertSerializer(alerts, many=True).data)
+
+        else:
+            alerts = Alert.objects.all()
+            return Response(AlertSerializer(alerts, many=True).data)

    def post(self, request):
        serializer = AlertSerializer(data=request.data, partial=True)
@@ -24,6 +113,8 @@ class GetAddAlerts(APIView):


 class GetUpdateDeleteAlert(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
    def get(self, request, pk):
        alert = get_object_or_404(Alert, pk=pk)

@@ -32,7 +123,40 @@ class GetUpdateDeleteAlert(APIView):
    def put(self, request, pk):
        alert = get_object_or_404(Alert, pk=pk)

-        serializer = AlertSerializer(instance=alert, data=request.data, partial=True)
+        data = request.data
+
+        if "type" in data.keys():
+            if data["type"] == "resolve":
+                data = {
+                    "resolved": True,
+                    "resolved_on": djangotime.now(),
+                    "snoozed": False,
+                }
+
+                # unable to set snooze_until to none in serialzier
+                alert.snooze_until = None
+                alert.save()
+            elif data["type"] == "snooze":
+                if "snooze_days" in data.keys():
+                    data = {
+                        "snoozed": True,
+                        "snooze_until": djangotime.now()
+                        + djangotime.timedelta(days=int(data["snooze_days"])),
+                    }
+                else:
+                    return notify_error(
+                        "Missing 'snoozed_days' when trying to snooze alert"
+                    )
+            elif data["type"] == "unsnooze":
+                data = {"snoozed": False}
+
+                # unable to set snooze_until to none in serialzier
+                alert.snooze_until = None
+                alert.save()
+            else:
+                return notify_error("There was an error in the request data")
+
+        serializer = AlertSerializer(instance=alert, data=data, partial=True)
        serializer.is_valid(raise_exception=True)
        serializer.save()

@@ -42,3 +166,83 @@ class GetUpdateDeleteAlert(APIView):
        Alert.objects.get(pk=pk).delete()

        return Response("ok")
+
+
+class BulkAlerts(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
+    def post(self, request):
+        if request.data["bulk_action"] == "resolve":
+            Alert.objects.filter(id__in=request.data["alerts"]).update(
+                resolved=True,
+                resolved_on=djangotime.now(),
+                snoozed=False,
+                snooze_until=None,
+            )
+            return Response("ok")
+        elif request.data["bulk_action"] == "snooze":
+            if "snooze_days" in request.data.keys():
+                Alert.objects.filter(id__in=request.data["alerts"]).update(
+                    snoozed=True,
+                    snooze_until=djangotime.now()
+                    + djangotime.timedelta(days=int(request.data["snooze_days"])),
+                )
+                return Response("ok")
+
+        return notify_error("The request was invalid")
+
+
+class GetAddAlertTemplates(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
+    def get(self, request):
+        alert_templates = AlertTemplate.objects.all()
+
+        return Response(AlertTemplateSerializer(alert_templates, many=True).data)
+
+    def post(self, request):
+        serializer = AlertTemplateSerializer(data=request.data, partial=True)
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
+        return Response("ok")
+
+
+class GetUpdateDeleteAlertTemplate(APIView):
+    permission_classes = [IsAuthenticated, ManageAlertsPerms]
+
+    def get(self, request, pk):
+        alert_template = get_object_or_404(AlertTemplate, pk=pk)
+
+        return Response(AlertTemplateSerializer(alert_template).data)
+
+    def put(self, request, pk):
+        alert_template = get_object_or_404(AlertTemplate, pk=pk)
+
+        serializer = AlertTemplateSerializer(
+            instance=alert_template, data=request.data, partial=True
+        )
+        serializer.is_valid(raise_exception=True)
+        serializer.save()
+
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
+        return Response("ok")
+
+    def delete(self, request, pk):
+        get_object_or_404(AlertTemplate, pk=pk).delete()
+
+        # cache alert_template value on agents
+        cache_agents_alert_template.delay()
+
+        return Response("ok")
+
+
+class RelatedAlertTemplate(APIView):
+    def get(self, request, pk):
+        alert_template = get_object_or_404(AlertTemplate, pk=pk)
+        return Response(AlertTemplateRelationSerializer(alert_template).data)
--- a/api/tacticalrmm/api/init.py
+++ b/api/tacticalrmm/api/init.py
--- a/Show More
+++ b/Show More