From 38187bc92cfee365ee51139340d3507c09671ca6 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Wed, 15 Jan 2025 18:19:03 +0100 Subject: [PATCH] +m3-atlas --- flake.nix | 9 ++ home/m3tam3re/m3-atlas.nix | 17 +++ hosts/m3-atlas/configuration.nix | 110 ++++++++++++++++++ hosts/m3-atlas/default.nix | 50 ++++++++ hosts/m3-atlas/disko-config.nix | 39 +++++++ hosts/m3-atlas/hardware-configuration.nix | 26 +++++ hosts/m3-atlas/programs.nix | 14 +++ hosts/m3-atlas/secrets.nix | 26 +++++ .../m3-atlas/services/containers/baserow.nix | 26 +++++ .../m3-atlas/services/containers/default.nix | 12 ++ hosts/m3-atlas/services/containers/ghost.nix | 26 +++++ .../services/containers/littlelink.nix | 25 ++++ hosts/m3-atlas/services/default.nix | 11 ++ hosts/m3-atlas/services/gitea.nix | 33 ++++++ hosts/m3-atlas/services/mysql.nix | 23 ++++ hosts/m3-atlas/services/postgres.nix | 25 ++++ hosts/m3-atlas/services/searx.nix | 28 +++++ hosts/m3-atlas/services/traefik.nix | 60 ++++++++++ hosts/m3-atlas/services/wastebin.nix | 27 +++++ secrets.nix | 6 + secrets/baserow-env.age | Bin 0 -> 1631 bytes secrets/ghost-env.age | Bin 0 -> 1530 bytes secrets/littlelink-m3tam3re.age | Bin 0 -> 2262 bytes secrets/m3tam3re-secrets.age | Bin 1188 -> 1298 bytes secrets/searx.age | Bin 0 -> 1163 bytes secrets/tailscale-key.age | Bin 1042 -> 1152 bytes secrets/traefik.age | Bin 1066 -> 1176 bytes secrets/wg-BR.age | Bin 1342 -> 1452 bytes secrets/wg-DE.age | Bin 1343 -> 1453 bytes secrets/wg-NL.age | Bin 1343 -> 1453 bytes secrets/wg-NO.age | Bin 1341 -> 1451 bytes secrets/wg-US.age | Bin 1344 -> 1454 bytes 32 files changed, 593 insertions(+) create mode 100644 home/m3tam3re/m3-atlas.nix create mode 100644 hosts/m3-atlas/configuration.nix create mode 100644 hosts/m3-atlas/default.nix create mode 100644 hosts/m3-atlas/disko-config.nix create mode 100644 hosts/m3-atlas/hardware-configuration.nix create mode 100644 hosts/m3-atlas/programs.nix create mode 100644 hosts/m3-atlas/secrets.nix create mode 100644 hosts/m3-atlas/services/containers/baserow.nix create mode 100644 hosts/m3-atlas/services/containers/default.nix create mode 100644 hosts/m3-atlas/services/containers/ghost.nix create mode 100644 hosts/m3-atlas/services/containers/littlelink.nix create mode 100644 hosts/m3-atlas/services/default.nix create mode 100644 hosts/m3-atlas/services/gitea.nix create mode 100644 hosts/m3-atlas/services/mysql.nix create mode 100644 hosts/m3-atlas/services/postgres.nix create mode 100644 hosts/m3-atlas/services/searx.nix create mode 100644 hosts/m3-atlas/services/traefik.nix create mode 100644 hosts/m3-atlas/services/wastebin.nix create mode 100644 secrets/baserow-env.age create mode 100644 secrets/ghost-env.age create mode 100644 secrets/littlelink-m3tam3re.age create mode 100644 secrets/searx.age diff --git a/flake.nix b/flake.nix index 8567dc9..299aa9f 100644 --- a/flake.nix +++ b/flake.nix @@ -69,6 +69,15 @@ agenix.nixosModules.default ]; }; + m3-atlas = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + system = "x86_64-linux"; + modules = [ + ./hosts/m3-atlas + inputs.disko.nixosModules.disko + agenix.nixosModules.default + ]; + }; m3-kratos = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs outputs; diff --git a/home/m3tam3re/m3-atlas.nix b/home/m3tam3re/m3-atlas.nix new file mode 100644 index 0000000..1794a09 --- /dev/null +++ b/home/m3tam3re/m3-atlas.nix @@ -0,0 +1,17 @@ +{ + imports = [ + ../common + ../features/cli + ./home-server.nix + ]; + + features = { + cli = { + fish.enable = true; + fzf.enable = true; + neofetch.enable = true; + secrets.enable = false; + starship.enable = true; + }; + }; +} diff --git a/hosts/m3-atlas/configuration.nix b/hosts/m3-atlas/configuration.nix new file mode 100644 index 0000000..3a637ee --- /dev/null +++ b/hosts/m3-atlas/configuration.nix @@ -0,0 +1,110 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{pkgs, ...}: { + imports = [ + # Include the results of the hardware scan. + ./disko-config.nix + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + networking.hostName = "m3-atlas"; # CHANGE ME. + networking.hostId = "15b60253"; # CHANGE ME + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = + true; # Easiest to use and most distros use this by default. + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + # services.xserver.displayManager.gdm.enable = true; + # services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [neovim git]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + }; + + # [[Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/hosts/m3-atlas/default.nix b/hosts/m3-atlas/default.nix new file mode 100644 index 0000000..47932d0 --- /dev/null +++ b/hosts/m3-atlas/default.nix @@ -0,0 +1,50 @@ +# A staring point is the basic NIXOS configuration generated by the ISO installer. +# On an existing NIXOS install you can use the following command in your flakes basedir: +# sudo nixos-generate-config --dir ./hosts/m3tam3re +# +# Please make sure to change the first couple of lines in your configuration.nix: +# { config, inputs, ouputs, lib, pkgs, ... }: +# +# { +# imports = [ # Include the results of the hardware scan. +# ./hardware-configuration.nix +# inputs.home-manager.nixosModules.home-manager +# ]; +# ... +# +# Moreover please update the packages option in your user configuration and add the home-manager options: +# users.users = { +# m3tam3re = { +# isNormalUser = true; +# initialPassword = "12345"; +# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. +# packages = [ inputs.home-manager.packages.${pkgs.system}.default ]; +# }; +# }; +# +# home-manager = { +# useUserPackages = true; +# extraSpecialArgs = { inherit inputs outputs; }; +# users.m3tam3re = +# import ../../home/m3tam3re/${config.networking.hostName}.nix; +# }; +# +# Please also change your hostname accordingly: +#:w +# networking.hostName = "nixos"; # Define your hostname. +{ + imports = [ + ../common + ./configuration.nix + ./programs.nix + ./secrets.nix + ./services + ]; + + extraServices = { + flatpak.enable = false; + ollama.enable = false; + podman.enable = true; + virtualisation.enable = false; + }; +} diff --git a/hosts/m3-atlas/disko-config.nix b/hosts/m3-atlas/disko-config.nix new file mode 100644 index 0000000..74cb823 --- /dev/null +++ b/hosts/m3-atlas/disko-config.nix @@ -0,0 +1,39 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vda"; # CHANGE ME + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for GRUB MBR + priority = 1; + }; + esp = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["noatime" "nodiratime" "discard"]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/m3-atlas/hardware-configuration.nix b/hosts/m3-atlas/hardware-configuration.nix new file mode 100644 index 0000000..4daad50 --- /dev/null +++ b/hosts/m3-atlas/hardware-configuration.nix @@ -0,0 +1,26 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + lib, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/m3-atlas/programs.nix b/hosts/m3-atlas/programs.nix new file mode 100644 index 0000000..829e7cf --- /dev/null +++ b/hosts/m3-atlas/programs.nix @@ -0,0 +1,14 @@ +{pkgs, ...}: { + programs.nix-ld.enable = true; + programs.nix-ld.libraries = with pkgs; [ + # Add any missing dynamic libraries for unpackaged programs + # here, NOT in environment.systemPackages + ]; + programs.fish.enable = true; + programs.nh = { + enable = true; + clean.enable = true; + clean.extraArgs = "--keep-since 4d --keep 3"; + flake = "/home/m3tam3re/p/nixos/nixos-config"; + }; +} diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix new file mode 100644 index 0000000..6335b06 --- /dev/null +++ b/hosts/m3-atlas/secrets.nix @@ -0,0 +1,26 @@ +{ + age = { + secrets = { + baserow-env = { + file = ../../secrets/baserow-env.age; + }; + ghost-env = { + file = ../../secrets/ghost-env.age; + }; + littlelink-m3tam3re = { + file = ../../secrets/littlelink-m3tam3re.age; + }; + searx = { + file = ../../secrets/searx.age; + }; + traefik = { + file = ../../secrets/traefik.age; + owner = "traefik"; + }; + m3tam3re-secrets = { + file = ../../secrets/m3tam3re-secrets.age; + owner = "m3tam3re"; + }; + }; + }; +} diff --git a/hosts/m3-atlas/services/containers/baserow.nix b/hosts/m3-atlas/services/containers/baserow.nix new file mode 100644 index 0000000..35bb145 --- /dev/null +++ b/hosts/m3-atlas/services/containers/baserow.nix @@ -0,0 +1,26 @@ +{config, ...}: { + virtualisation.oci-containers.containers."baserow" = { + image = "docker.io/baserow/baserow:1.30.1"; + environmentFiles = [config.age.secrets.baserow-env.path]; + ports = ["3001:80"]; + volumes = ["baserow_data:/baserow/data"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"]; + }; + # Traefik configuration specific to baserow + services.traefik.dynamicConfigOptions.http = { + services.baserow.loadBalancer.servers = [ + { + url = "http://localhost:3001/"; + } + ]; + + routers.baserow = { + rule = "Host(`br.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "baserow"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix new file mode 100644 index 0000000..69620d4 --- /dev/null +++ b/hosts/m3-atlas/services/containers/default.nix @@ -0,0 +1,12 @@ +{lib, ...}: { + imports = [ + ./baserow.nix + ./ghost.nix + ./littlelink.nix + ]; + system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' + if ! /run/current-system/sw/bin/podman network exists web; then + /run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal + fi + ''; +} diff --git a/hosts/m3-atlas/services/containers/ghost.nix b/hosts/m3-atlas/services/containers/ghost.nix new file mode 100644 index 0000000..72b353c --- /dev/null +++ b/hosts/m3-atlas/services/containers/ghost.nix @@ -0,0 +1,26 @@ +{config, ...}: { + virtualisation.oci-containers.containers."ghost" = { + image = "docker.io/ghost:5.89"; + environmentFiles = [config.age.secrets.ghost-env.path]; + ports = ["3002:2368"]; + volumes = ["ghost_data:/var/lib/ghost/content"]; + extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.11" "--network=web"]; + }; + # Traefik configuration specific to ghost + services.traefik.dynamicConfigOptions.http = { + services.ghost.loadBalancer.servers = [ + { + url = "http://localhost:3002/"; + } + ]; + + routers.ghost = { + rule = "Host(`www.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "ghost"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/containers/littlelink.nix b/hosts/m3-atlas/services/containers/littlelink.nix new file mode 100644 index 0000000..3545886 --- /dev/null +++ b/hosts/m3-atlas/services/containers/littlelink.nix @@ -0,0 +1,25 @@ +{config, ...}: { + virtualisation.oci-containers.containers."littlelink_m3tam3re" = { + image = "ghcr.io/techno-tim/littlelink-server"; + environmentFiles = [config.age.secrets.littlelink-m3tam3re.path]; + ports = ["3004:3000"]; + extraOptions = ["--ip=10.89.0.12" "--network=web"]; + }; + # Traefik configuration specific to littlelink + services.traefik.dynamicConfigOptions.http = { + services.littlelink-m3tam3re.loadBalancer.servers = [ + { + url = "http://localhost:3004/"; + } + ]; + + routers.littlelink-m3tam3re = { + rule = "Host(`links.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "littlelink-m3tam3re"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix new file mode 100644 index 0000000..002b1c2 --- /dev/null +++ b/hosts/m3-atlas/services/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ./containers + ./gitea.nix + ./mysql.nix + ./postgres.nix + ./searx.nix + ./traefik.nix + ./wastebin.nix + ]; +} diff --git a/hosts/m3-atlas/services/gitea.nix b/hosts/m3-atlas/services/gitea.nix new file mode 100644 index 0000000..7a2f218 --- /dev/null +++ b/hosts/m3-atlas/services/gitea.nix @@ -0,0 +1,33 @@ +{ + services.gitea = { + enable = true; + settings = { + server.ROOT_URL = "https://code.m3tam3re.com"; + service.DISABLE_REGISTRATION = true; + }; + lfs.enable = true; + dump = { + enable = true; + type = "tar.gz"; + interval = "03:30:00"; + backupDir = "/var/backup/gitea"; + }; + }; + # Traefik configuration specific to gitea + services.traefik.dynamicConfigOptions.http = { + services.gitea.loadBalancer.servers = [ + { + url = "http://localhost:3000/"; + } + ]; + + routers.gitea = { + rule = "Host(`code.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "gitea"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/mysql.nix b/hosts/m3-atlas/services/mysql.nix new file mode 100644 index 0000000..c2b605d --- /dev/null +++ b/hosts/m3-atlas/services/mysql.nix @@ -0,0 +1,23 @@ +{pkgs, ...}: { + services.mysql = { + enable = true; + package = pkgs.mysql84; + ensureDatabases = [ + "ghost" + "matomo" + ]; + initialScript = pkgs.writeText "initial-script.sql" '' + CREATE USER 'ghost'@'10.89.%' IDENTIFIED BY 'ghost'; + GRANT ALL PRIVILEGES ON ghost.* TO 'ghost'@'10.89.%'; + + CREATE USER 'matomo'@'10.89.%' IDENTIFIED BY 'password'; + GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'10.89.%'; + ''; + }; + services.mysqlBackup = { + enable = true; + calendar = "03:00:00"; + databases = ["ghost" "matomo"]; + }; + networking.firewall.allowedTCPPorts = [3306]; +} diff --git a/hosts/m3-atlas/services/postgres.nix b/hosts/m3-atlas/services/postgres.nix new file mode 100644 index 0000000..57cecaf --- /dev/null +++ b/hosts/m3-atlas/services/postgres.nix @@ -0,0 +1,25 @@ +{pkgs, ...}: { + services.postgresql = { + enable = true; + enableTCPIP = true; + package = pkgs.postgresql_15; + authentication = pkgs.lib.mkOverride 10 '' + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host all all 10.89.0.0/16 trust + ''; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow'; + CREATE DATABASE baserow; + GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow; + ALTER DATABASE baserow OWNER to baserow; + ''; + }; + services.postgresqlBackup = { + enable = true; + startAt = "03:10:00"; + databases = ["baserow"]; + }; + networking.firewall.allowedTCPPorts = [5432]; +} diff --git a/hosts/m3-atlas/services/searx.nix b/hosts/m3-atlas/services/searx.nix new file mode 100644 index 0000000..6600c50 --- /dev/null +++ b/hosts/m3-atlas/services/searx.nix @@ -0,0 +1,28 @@ +{pkgs, ...}: { + services.searx = { + enable = true; + package = pkgs.searxng; + settings = { + server.port = 3005; + server.secret_key = "@SEARX_SECRET_KEY@"; + search.formats = ["html" "json"]; + }; + }; + # Traefik configuration specific to searx + services.traefik.dynamicConfigOptions.http = { + services.searx.loadBalancer.servers = [ + { + url = "http://localhost:3005/"; + } + ]; + + routers.searx = { + rule = "Host(`search.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "searx"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/m3-atlas/services/traefik.nix b/hosts/m3-atlas/services/traefik.nix new file mode 100644 index 0000000..a72acda --- /dev/null +++ b/hosts/m3-atlas/services/traefik.nix @@ -0,0 +1,60 @@ +{config, ...}: { + services.traefik = { + enable = true; + staticConfigOptions = { + log = {level = "WARN";}; + certificatesResolvers = { + godaddy = { + acme = { + email = "letsencrypt.org.btlc2@passmail.net"; + storage = "/var/lib/traefik/acme.json"; + caserver = "https://acme-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "godaddy"; + }; + }; + }; + }; + api = {}; + entryPoints = { + web = { + address = ":80"; + http.redirections.entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = {address = ":443";}; + }; + }; + dynamicConfigOptions = { + http = { + middlewares = { + auth = { + basicAuth = { + users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."]; + }; + }; + }; + + routers = { + api = { + rule = "Host(`r.m3tam3re.com`)"; + service = "api@internal"; + middlewares = ["auth"]; + entrypoints = ["websecure"]; + tls = { + certResolver = "godaddy"; + }; + }; + }; + }; + }; + }; + + systemd.services.traefik.serviceConfig = { + EnvironmentFile = ["${config.age.secrets.traefik.path}"]; + }; + + networking.firewall.allowedTCPPorts = [80 443]; +} diff --git a/hosts/m3-atlas/services/wastebin.nix b/hosts/m3-atlas/services/wastebin.nix new file mode 100644 index 0000000..ffeb0c2 --- /dev/null +++ b/hosts/m3-atlas/services/wastebin.nix @@ -0,0 +1,27 @@ +{ + services.wastebin = { + enable = true; + settings = { + WASTEBIN_TITLE = "m3tam3re's wastebin"; + WASTEBIN_BASE_URL = "https://bin.m3tam3re.com"; + WASTEBIN_ADDRESS_PORT = "0.0.0.0:3003"; + }; + }; + # Traefik configuration specific to wastebin + services.traefik.dynamicConfigOptions.http = { + services.wastebin.loadBalancer.servers = [ + { + url = "http://localhost:3003/"; + } + ]; + + routers.wastebin = { + rule = "Host(`bin.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "wastebin"; + entrypoints = "websecure"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 22afefc..6a228fb 100644 --- a/secrets.nix +++ b/secrets.nix @@ -3,6 +3,7 @@ let m3-ares = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG+M4CygEQ29eTmLqgyIAFCxy0rgfO23klNiARBEA+3s"; m3-kratos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDl+LtFGsk/A7BvxwiUCyq5wjRzGtQSrBJzzLGxINF4O"; m3-helios = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyHuLITpI+M45ZZem33wDusY2X988mBoWpD1HDeZNRJ"; + m3-atlas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBYK1wsFkUPIb/lX1BH7+VyXmmGSbdEFHnvhAOcaC7H"; # USERS m3tam3re = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; @@ -12,12 +13,17 @@ let ]; systems = [ + m3-atlas m3-ares m3-helios m3-kratos ]; in { + "secrets/baserow-env.age".publicKeys = systems ++ users; + "secrets/ghost-env.age".publicKeys = systems ++ users; + "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; + "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; "secrets/traefik.age".publicKeys = systems ++ users; "secrets/wg-DE.age".publicKeys = systems ++ users; diff --git a/secrets/baserow-env.age b/secrets/baserow-env.age new file mode 100644 index 0000000000000000000000000000000000000000..7777a772ffaa11a503b9556b5e5e13a4aa31bbf4 GIT binary patch literal 1631 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP@$>O6DpznSGD|Z^ zOLTSeOw4dKvdl`)Dl1QRO3${;Nh}Y@$ng!yj_|e2&GGVbFXzfK4=~LtFNzE=Ge|Aa zkMKwgE-fp|3#v#-t4gzUFOBdwEb@19bSZZ84n()jG`l>x*ipgVCCn^0z$YNYGqNlz zI3?RDq9jE>$HghawJ6OcsEXU2T%-hLFzaTXt%P}$4Hxk`8%M_DH&p?GxZSx}IaFc@EqR1kXoZuq;^27@L zq`WX!SLc-6GVK6u7fL~-=u)dbQ5&jjGdB;49gW#Lwtf#%#1B60z$l8gHv-dGyOBn+$|F$oJ@1e z%nJ>SldD`T0$d}5(j&PH0;7CN3yLGt!VJqI^?lvE%LDU$48z>RGXkRw65aEIwf!n8 zBhrJ4D)M2r6%{8cxCG|7nwN8VW+of?`Wq&e2Y6Ri&4Nhr1VNm8EMNhG$oLI2*Y6 z8~8eBnHp#0rsr1}=7qQ=X5}TjWM^4=S32qI2L^ejrMQK9ob5)l46=&w^ z=NmZr`XsseTBfG@g%m`XX6Ar>l=&7Er<!*0QI(kHvCz<7W zl%y6Jr5iZ;nIw6dS7sz$ zRhX8Vq~yD#m%67I8DFVk#r1}}>L>3k%dqw7ICtGAj__&7W<`mDFhh*NreX+_rId3nWnBrV~uEBGQK3`Hp z2G^ogC8fgYihJM6^{F#S&nQ)X^6c$bnMZNg(-H(lzN_8a?b6qIOw1*u>V3(7xr51P z&#!%X)zT}>Ireyegp+7bhj(Ew%Y9)M<)hz3E)@%9ecIS>y}8ZOOw#c}NBQSBCf7Dg z|J}*=)k3pp`Ks4*crHYJ$nWhFd$c^uL%#CA+LqZ?@6GE3w@mX9=hIgBYhp6#g{0{6 zRhqt8KWlde`HSVhi0iojURbe{_5LNL#)f?nP3P8nm~)9g&Eyd@c*W^mH8Hf*Xs!LH z?wH_Pi=V%8<5}2Y9;8#Y^^sr3^h2F*53d#|&fIj&@Tv%FXMO&hs<%5A@6^ayrn9nR z@uua@&ORG*8K{eVV>X0na)8go#d0 z8OJ`}Q7qV7ST>b$QaOiOcKlkctDeu-Zc24zxsb_sB6Z7mldPldGfu~ENHOA466d;E z%k})7s^{0uwH@m#{#l*>w(CCWtz`4>emZC+sv>cZ)wEl JO6DpzoE3n;M+ zi%K>!3$IM6G79l@EcG=GH_9}0H_*??D)2L^%J)o9^RV;@3FOkxPY*ZDi7?kTFH8?I z&Gsw_G%&X)3kWK8&vYy-b}4r@EDUokNKSD|3q`lhG`l>x*ij)T$1^K5r`XfUEiy#k z!o@u)G21&REhxy;*`howJUb^j(97S{qSDXL-GVE^Gugk=qtejDywF73**7RNEF((a z)5JO3x!AudqrlO!tSHyd*VG`$FdN-A%M_DH&p?H=s=$25FeB$A6N7v+qdfmAH$&5a z5aX=ekoQNB1&CTOO5i3 zor1$HJX~`O{lda>Gd#J>lZ&d7eO!u7%kq+qLrs%QJ%gMR4Ff_-4MGikO7)#xBZ`8w z^-CO!eSKlJ6%{8cxCG|7nwN7qI%nxu2AG!lMFyAnIa&ngc)EC-nWX6Z2ILw#rln;C z6?yq*RHZrvmpi%zMVR`QXonYv6(^Y(mlya3W|-!4MH>1znwV4>XP6aQW+oaZhXxy$ zC#968r34!~7e+YyTX-auMV7f08D(ULWS05pdwDn)8o37fCzWU$We4WFa5=jNJ4JeV z>!%d>R~ZK7J4J*imWD=og$0F&6sEi7dWJ+KhUbQbL^%gWI%cKkdAK@;l)4*KY8!j| z=a%}1<#H9emK$gIhq+f7hb3p`n+GHX<(r!tR(J*HCZ)Q0CWdAwxtmrQBo=sBh7|;* zxCbO$_WKB^BhPTa>vMhZUN5N0voq z6z6#5=2`@~1!xBwM0h49r9@Sxr@Ocm8-}_C8KzfpRh9TeIOT@q8arABriHoa7YAh( zq2IN-wl(~5t<+(;hxfDC4Y5SE1`c*o*29>9oBpI4{28X7W zl%*5~=5vLYXBUNM1h`}dSY&$#2L^c*niRQJnB@j$JC{`^rWd-0I_2jldKp>-q*Ume z6-T9-FVk#B>8(fXXS<`mKEiexS16NB>DyT_*q)GnU;Cw zWtxYU2WRSgXM1=An>jgh>Bf7g1blbD^7Ltz;Jnx+Ulg~c)-WnDFVWajd!BjI%VT-R zVs^d0vAoW=Ty?LfLd0&TFFrjsODj&+8s=`^baj1=m*R{i5>ne)Om#c=o;##t>C0Bx zvUJJY>Z|IR`+r8achCAU$;|B0%j=sD2k&gq3jUKmZ&KuppjAz-pYvDGWef^RTyifZ zdBcV5SK5=9GS+1N@_RompigFA(A(7ii$WWk_RXI6!fMe$CB1luxPv=pEYm*9&>iw8 z@NU2M%quqx!+K=f??pzM{+{Bw>V>cUWtq}u5&bV#7yth-ID6be-ItlQ@AbOlvtO{( zUWi#GaQn;i6?;2ZuiZ2Gt@Fo+o~si_@% literal 0 HcmV?d00001 diff --git a/secrets/littlelink-m3tam3re.age b/secrets/littlelink-m3tam3re.age new file mode 100644 index 0000000000000000000000000000000000000000..3a27dddb780c2619d4dcfd3133742c6f0e438957 GIT binary patch literal 2262 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP@$>O6Dpv?iE-m+s zu+TP-%rh|dOvw%R$PW(9^$t!e%{NMM^C>XPaw-kgu5fY=G2u!I%XUt6(+{rHHVQM& za7s^htu)IIjm)cX$uZFO_DRi1DoagFH!IK2O-8rPG`l>x*ij+d*x1cP+a)iv!aY6G z#lpQXI5{u0DnHW6GceoJAj3D;)u>#%G$+s}H=C=X)X^j}x5~RpKd2l;pznELU{fjGdB;49gXAEh@ru+}(oB{4;$l{IxwyO$w^alS+zx3@Qyn zldH0QeFEH^%8WeI!}GbEL$t#)vNO#KGEL0F(tLxeioG*E02sg=7~6Cb@@4Rph6HC%aj41-M0cCVIML7Z|u(x)mgu7L|E~ zIUD+!N2d6N7N!PSSfuCcR|K17d*%cL=qH*wRi>3@=jW#8d7C%~`WTm1av8X}2bKny zTUeSKnK`+ng&QQLndB7s2WD87MMdO91ZW%k2YH#KRJo*NXqS0K7`R6n=;wzRIwuSsB6n5DXTXQp!%xEmWAIl7ydczPBXmKCKZRVI3QI=Yrx=2v)_l$lq! zW|{aFd#1P)dSy6inpVy114^n1+OeSR|Qim%8aErdAs3Czl7fmXri0ndD~qWt2I4`{g?qM->%jS>y+n z8~K}MmT~2mMmlDg7KJz`Mr0bAnFeP2d8T-qrWU&ACwoOkMFu)mx_BEET0{jJ24v`0 z6{l-^XC+n``*^xVT11&T1!Qt@>FVk#I7hlvx)@akrx_SjhPxUCR^}F)S(>_31^ZT} zSVo3MrfXLgCFWa%8Rw>R$vkHLeJ1A7e~*`1Z}{|9E2jVJQrv2p+ZZT3yS6zFM|{(We}KF0jso1F#>TtPf)&mQ_{ zyt_2(@v5cPp-JgNnkvml!VIoPZrUWv-zQu7=HNSlc%j4Bc5d0lsV26@H1K-TkH=q9 zkLT4*yOFSB6Qi4l+D6s5g-ahuXSM&A_h~&C{nPbV^WSFqm-164UEkKoXrR$~Os@Ti z=aPS=;gglqUc|L5y?BGkgZKa81v8Hq-%DhkDk107DDvjJQ`D|5sdvp+YNk(aTsDdG z`Qz1J4Y#~Zd^CII)GYVFXEO`(Ouo*kHCkj}JLCTB<5J%bq#RN{EB;*j-sH>g_O@AH zD0!tJ|N5oJZ4;H*?bkAd3|8q*Wjdi6uetS7hLqq$1~%M{QrYz%Joo* z9bLaqgq2Mf`^gu#I{Ntjr6J;)Z~aVvEuS57G)U=d}LLhaL?(n;w;say8*Y!vTdWtn)0iUkm)5{&~)V z>I?qwQwkMguI~SM!Q%3dZ9o3SPET}<%`PaMqW8}4z1)p`dx{nmf7+e5cJZ`Y&Wzb} zV#+=q`>M5S?v?4x4=!Ikacd(B6JM#9;KfQq&P{9P?7qbicyC|tsh6g$D)Bd%LZU6$ zHpra4xa60fZ+o=kT^sX${r__H*6RG8_Y%BxlUhFfz5jp0%BhdEg!xoXCw%z4yz=tN zp!Ghd0t6E?#U(i1|0N%JVKsmAyTG)ooJVgktoZxTC~y^P@eY9}M;m{eMm!Ikecyd=*=r@tkF*--6qhELL-Uscbrvr18=(_+Ino(AX@Su#fR>H`6{i zIo=7>XtH~@WL9n0g9PT+^{d`(d1}tPR&kev*ZspPxrU*?=cI1E6dH59&A#>3jg^ci zxmo71GV`(eIBP7tmwD^y!X(v*^T#ghrNxx?9eHUUxZ3SE|rQ z_J(-}#SX4$_E!3E!G6yfhSu#fuyGQd&S)^aZl}wI~hkmg=e)GSvM*4mX z^KlD2({;)I_PY5oGq=mPO*6ly%aLQNz%<4F=k}ajos35l>c8xt$jvjUvvL0R7<&MY C*|I+X literal 0 HcmV?d00001 diff --git a/secrets/m3tam3re-secrets.age b/secrets/m3tam3re-secrets.age index 7cd37c590a2e28477f2cad67506d9c03d8b066ff..71c04e6690a07301490aa9d99100d7f755e0aed1 100644 GIT binary patch delta 1258 zcmZ3&If-k6YQ2e{k9SeIf`3$4VVZkrLAYa~c7B+Z@5<= zm#&>cadC!jYKoDmsiCEUX?A&Xv7|BK)tVHiEnXwws)mLK(bGGinB*f za-MOOYo(v1cBpxfX{ZU8SA~9la$bIAYFI&FL2#CPVo_ppK!~fNqDx8nW45p zXlP&X`zNW+6CTbWghP79)$sc z6F-XAyQBmfCI*KT6!@kZL?ydb7<*cj1?Cx>l;j(hl_dK3d8CCqY8QrkWEy&M1(XEj zM^$AR<`@*4npqlaCkE%Gmh0;mI)z4tx`z4t=9Q(E=Q&rJY5S$ad{R`LsNfQq<7!^c zd+VVt6$mzA8Z?cwTX5g8id=$7Me?%|Q@;_K>SUX+%ipJ{Ai z5td&R6`~~IoReY{$Q7XPmR%KCW@w(2 z6y_P^;%4UW?P1~)R*;?Q9qR0A=31PYpH%1@6j5mrnD3P4pIaVMQj!yz9+>LopA?vq zQN&g37;2GJneCdAl~ro!TT<^H6ClNbF?v^6jth|Z64&T@2H=jmYSdA8EI_dl^VpA=Ir8ZqVMHe zmgE)`Xjb9nW@PAT=x3gmTwWfYnwJ{xTjXjGYM>oZmStG!V`1cC>5-mSSx_2cQ0AGI zYmk@D#igsOs}Nw|=U(saR&E;N6;_rWV(b|1>y>X*ZW3Nq<>p=$o>v@V>5`P<8k|z4 zZ@}fxa`Cn8O$9sOma~lWBd^Z&BjXTnTe4OAV9vC9J8l7~ z>;$vgi<7^e3wp9w{y;~$|D+2pWq;$hSX9s4B-W~=eAMK?wypj`jE(gPYwNead$?Wc zeA?Blr<*M+ieAciJ&D)(hAqh7h2D@^1xr!hUzbICZD8? zv}3eq+TAT|G5#sv_VW~1p3dLTXKsA>+Z5p>**E*3=|r<|jfvS|8vm|sk<;9^!!}by zXr*HM=3y! zU`kQ0r*}vwSBPm~mU&KiaYc@PqPccPM!36|sbz?%S7f%Og=v{rVscrqZF5h0!tDWNW zi&M-Zjr9Y=%KQRceM-%8%?iuYBV0>M4NOD1bnO(1i!*eKiW3!F0&`r=%ekCAP5tsL zT!X?x^W7=~%=|1f-Sms=Q~mPFeanopf|5$i%RN)geZ!-Q-BVp6iVaQuD=V^#oifW) zy&b(meZ7OZs`P^kOv0Rk4UDy20-Y_>P2Cesef7hGio*h;a=h}L!ULR33cU<1!opkv zJd5&!Oe+jSea#~yOiB_v$Jvv!YzW0 zyi$xSi`^o_P24iQ6J4@PlA~OVgNhBzEfNEA{Vk)aJWPX4xzZyn9ZM2Rsw`YBbAo(A zozjE-vh;nNJl#Xw3SENDwT+8ha?2du3aXMU%d#_EqEai&Tr$%#-2BVjwS5fCQnCKXYX6}+FfZf1vVCGmL2IAX9!tI z9dvpZGx=(BYno?zKd~6ZuOQ8@0b^M z^~}8QUm_v+_NhhZE!JgKkufK(sF(MfKI05CYLs!-D!x6vQEWzVf9_A59JZahxidZg)l}!QT4xcYFKht{YEJoXuS6tU7u3A|WpT Di~5x5 diff --git a/secrets/searx.age b/secrets/searx.age new file mode 100644 index 0000000000000000000000000000000000000000..dfacff68121a6c07e2846523e1ef313bcbcc6f7c GIT binary patch literal 1163 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP@$>O6Dp&9fjVSgq zaQ4p6@G(p*^~x`)j0h=9P4_bm%8N>jC^hyhGD-^f@eWT5Eavhob#sj@bPp;oEl+X^ zEH*YREet8~a?&>mOw}*))2?t%4h{5kj`GON4n?=kG`l>x*ij+G!n`2Gv^?C*Albt` zKQ*za%FWWWBr(O!KQucx-K{XaDzw1ZrP8DzIG-yjqdZ63peoC9AD=kLzkdjbN`fxr~;45Y_8PwQvFEx^o&w-gNgzpZNsv{FS%yBg@=L$A1^H29F%}5GK@rX+I&5ZQ&NGne^h%^o_OpB~6bu-m> z($C1ri?A>W_A3u@vM6`<@HF%ft||*JFiJ8H_2&u>sVvP7392$O4M;DDFikNwtjMx7 zEG*0`Pb)Idbt)-N4)+aC%t?<7w@6J5&oD1ZGYd}gN_Mo!&-O41ta9QiNGN;UK}El*7`;)?Vu2@5i|jL7nHFLN@tF!wXaHw?{7H4b$P&vNt1%{3^D zO!urTDlM)m2?#ST4K*uHEb4bjr&M3$Nhv3iB!ttSl>Y z@hdI#^w3W&2sKPGEjAA@@(d^~Dy{NxaSAdjiZu4CvIsUW%`^0MizuuriOei0F*ot^ za?^I_aw{`)GYctj_Q=T%%#O@7^3DiI^be~H&NB3LN-<3{ib@YmGS4;B&P>XvN~_Gz zarZY)^YzJ03e2@A%X9J$;NsHN)l~?|E-DQPG*8SgD~U9V()V>NbJDH~4-6>DPAtjE zsW2-INb@ZW%SiEXisWLSR2Eiof6)rt9ObRbwlVXSU)SY}E{aW8trhvqpxvh?E?u0Q)_pU~wG_O~;7)^ceS?fXg*emxAw&C;FzYRYB^uJ_fpqd8=t3*UkU&a`JxHv;MHO0u()X-AFG`l>x*ij+8*vBzNJG?X^wZ1gDJkTqrEIZO7Ag`=AAlE1@ zu*^TvIX@~R+1uMCy(*n6JHjj_qu3)VJUrjAG|wY9BDJW%qbkhYvaBdSHQ&cX-_N5g z#5Kqw#nJ@bI?EK3NY6lpM17MWb5p}4SL2*OQzy$rx2mk%l%mLpq@pUDG8c=2Kx50~ zD7PY$ER#?ZuHaA~ujGh8pAy52Dx(OWRD)Dk1K%p=%u>IM6t~1=LjzyeVzWH`GMB)> zi66!54NHPueXjH_IYJq^q)qY{HcvwRJFd|cr^DJo7>a0$$DH81B% ziE?pq@ytrC%J%T|H%K*hv@j|zt1l}LHZRMz^o}y{DvWSTu5`3abIb56H3$q%w@A0h z^e)aY3vu(-x5!UP=E^sVbjxw_D)cf*H+J(gc1jN{^>!^PcMPfYa7{D!Pft%Q)OIbc z^2*9Db~DROsz~#6F)KGtcF#}u$#x91H0BC6$|)^243F^Cx5&ti%J-@?s?Txp^E7gC zHOQ)P4Js|w_lxrPDa?*cF7hok^>Xzv4)sVha4j<|&T@21Nh%KGaxpeaObo2dOU+LT zH>k`q_Azq}$Z!vKjw&m4EppBZsHmzc4Dd@0_j30t$uf0`@b^n{$&B!{sEjBwv(U~k zj5G)hF02d)uMA5|)A#X6FAwo?4m0)*PIJu;j^L_rDKpG6DGe&l zC^7Ri42pEiNKW?h_0cb^EKUn6an8t$G|VmxDRQk!a*A>fHO{c~@pey6HPA0EE3OPO z3(Vr;($&>f$h63>s`t+FbTszMPI61k3eWK?Q^X;D&eay_Ze#d?}=5NTw{r-acS#RC= z5!Dx6{+sojt=jpkecCmJ#)#^>s;9f@-4P6@Apo&ozW+6HC15B!xOE#uO}W@ MwXW>$%-@QS0Uj%YZU6uP delta 981 zcmZqRoWwCfHO@4yiD$S)$@-Pfcn&%D$-tiZ(6 z+&nKS(PIDZ?dDJ1f`Rx7@ol-^4d9BHytv!qFs6zsfYd(4`>A#H3U^+f=`N z;z#lDazpp9JR?W{K&P_optNlNioB%2u&fNDpv)jIH~*ZFfIQR4r~p4lf8%m41NRV< zoG1_X&@_|us-*NvzlvP<+`Ld1x2j;zAV2TC$dI!1R99Ey;(U|I@r>g2SCQ+7Yt_2q6>7Lr9#*v1V0VRfE`Q;W|85M5D6=mAq#`)P{Q9c!s z7EZyg7RA9HVOfEpuAvoG;g!xM#g4fpRf*YLx^@c1#TmLq#fb_ofjO?`H5Vc<)uaS+JWJPQ651aej#pI0qMm7UYXejS(QHJr5R31!A{{>S-y$k z#m=6ECdv9-h90h2>FFtzRgP63*TXd0|OK`C0h}zGlXeKKbD$ zNonTkz8QH20qMpDjwP7^sh;MJTuFHm+D56VVcsS=CC2G~%AK}A6ohRG@3 zCdRq>E=DCOu9>Ep{*@{E-frG$CZ0JdKINt6g=R*Er4}Zs;b~=Q4E;1 zk?FyPLHQbDQ?=%QI7gsO_$+_jJ z1z~Q!QN9sDmdWWkhM^T^As)$wu7z9{&J}5;RjEmq#TIV$sf9%z>25|IMTwqnRS`-4 z;pxu)Wxio%87T#6&K|}2B|#P1B>@#tj(L8DrDi2w76#sqToz6_PM#?tZmB_$5yfu# zi9v?iMZv+Pc?Q}Mfkl;x7LKKUiH3fr&c0t`-_0^adRlH; zWL8>$rN4_KSD{ZvMMRlX;ENtly*cp zm#&>cadC!jYKoDmsiCEUX?A&Xv7>@_qKRc_Ua3czNxg4sWsaw>b3stJXR(E`cD6-D zVn(=$r$L5?nTKm|MMyGNa-@G%R%*FVBMnzFsL0)05QINh{ zmP>MSzDG8?b(Se6k)DAHkx6OhB`L+e6>h;L;W@^66@~^rUQQ+<$p*zX6-kcSxjBxJ zzD9|bmX?lzT&~H^mYJSW8LnC8PTon`$tB*}p5940sbyZ4$(g~KhJF!FQHl8`B`#^% z6F-XA7kgw``j&J& zm1hU1mz8Ok8~X*g`j;g|_*SJvhIy2^hoxCq=9MJ6Rt0(*6r_5>d{R`LsNfQq<7!^c zmF!mOU#6dAP?qjzoa|$0WFApi6jpDL99R~vuU+bCl4B9(Z&FlJ6qQwx>7pHxYMGmr zoNnM#;S`vpU+hv6=+EVuc10oLm%@>Xxounq*QLkXY{T9TKRWo@*SH z=9C>&>=p`4>6?>ZXl4==mX+cZX%^&C?w{_Nn`~T=W@1@ZmRx0N zlFwz3TR9TZZkk%_MXOeDFsc&fEADC+CR%n{8@8ai@&1IBTn3HE-Xp);`>0V!K5#;A%p62UW zY!OsumXefb5nkaI;ZYRs>YE*Dndo7VW00O`Qv+x9u(62@kmK0nbRgsmJT;<|xQdm+^RZte`WagccVVdDwTx67; z=gY;Qa9m@H>N~v);>utD-RWa&?+!d^-O0Z7yVUWi72M%>rkWJzg=tG`iExM8A!nU9Bek$<3fUPWk5 zX+V~vp?84Imz9z}u6R6V0cB~fMy2|dnc=3s0q!LM8QxWuQN>~A{`!$#iN21L;~B;4O)Wjc!_5n$ zQo}>bi*s{*0?Iv%ii14OO){zqE1bhC{qvGt^Su3?Q>xOr9L=4QT@v-Z%N(`+J>Ap8 zExZgo3p4XgLkuH>P5rV;oIDeYLJ~7mz4XhubnO(1i!*eKiW3!F0&`r=%ek^M1DuU~ zGNbae-IF{L-3m>^GP29-3o3&vv_o@Es=SKBoy^0^U4l(aql(fzbDT?a97B>E(+!g% z%aXmr^|LLwQmVY2f?X|rU3}aO+zc|zk_^H|OeFF_sy^~DBN|TEdxjcMaTrvZa0{nur%6+TSN>ZZg^OCgP($kVEJkldF z9K(X$%__<&D!e=_6I~-5gI&vPVgQrt7^gUWNmyv)1;i#+n&{e%6z zUA4=yDqSs&Gr}w)EX`6&g1l3mJ^f7!Od`Y53=RFOa?*3nxT1{968(#ujZ-|s$_%P9 zlZ;c$eM|FUx%}m1#a*EOo%CpVPGZVu-BZ~qpOdZRs0>XmyT}^YeBe}SA zb#)bzy`8-4y)*oijf1rF(sHs5%2NCd_07t1i;T*=jIuIZ!c4M#yvtKEGxPGf)MLXl zPp`PO^-kjg>u=KnbS4X*S;px4JbHPLMY>?_`XKL+C&!MxRTIAv|Hhv2WP+w0OaInX z-3^zIMPFI9;LMHf`!e3Y`f+7Z!s?i&7=b+vDdOcZdj9J18Y@kgELY_``DNqv&Y=A> gc!WMN7M%w0OEaLfB*mh diff --git a/secrets/wg-BR.age b/secrets/wg-BR.age index bddf08a08b30299107908a3381b67f2cccc389ea..5b1b362a3405895f6838b1bf30860779417bbd8b 100644 GIT binary patch delta 1413 zcmdnTwT63wYQ2e{k9SeIf|qM#dU{2$iKS1Lp|gQ=hM}W-R%O1IXJ&C=NKjx>dPI;x zW@5HSj(J2Rmt#e!fm^nxqpQEOZ(@*sNR^XUVpXnNW>9EZPJm@(xM6yrTXsrja8^_( zm#&>cadC!jYKoDmsiCEUX?A&Xv7>^aS5;+Nio2_ST79m6cCogXg`ZQEYifR2Qbc80 zWS)yxh)HNtXo_i3iAyq9Qn+(~XHvLPfl+#~VPS4YV3MV?VOd&GN=mjzPMJ|go>@g+ zvVK)$X{s-}b(Se6k)DAH5g7qh85K!hxj~Tu0i_;Bx%$2qS;lFhd5IM^*}jHu2Kl8) z=DxY*{+U^xT;+M%f#zNzNyQmCk(J?@rD4hWSy_Im#{L1RL74%bg`ws7Ri-JqhWWnv z6F-XASGr_6R+N`#XC>xkxI`IvnYozxh8mc;hL}V~B_(H+=cXG5>WAi*TDrP&d0C`p zgn7D~g_~vvq}H`|7LlCe zQxs}e9F*!(TxIH0RlucR<>H^`5$KhilbxRK9%d0?5g6fZV&azJ?vv_cSr$;??h=`l zRuq*?2?>bT9jp&VOm-i6lug25ENV(UR>!L>|0`45@K1EX;7c2U+R=p zs%_|8l$`IKoK@&&W|W?i^YfzX{>0g)?VqB3_5a4Iw9-5O?P?YJUomy6ySeR4h z?86mUl&l}>5^U-eT;yG08c^?*YVPZ3l;Ijw?jDjD7?$DY66jJ;6zQ3nTv8nAQejq= z>zbKtoRw%)?&GCjR^pe*nD37FptD;OOobmRO%0U=)??XzX2* z>XTX?S`ifx5n37GkzQ_KS?ZQwl4Fro?4Fn5V^$pIm*W<0YFd(?W$w!5?Cx7y?&o3= z?2=d*Vqj<(5o{LdX;kFomStvPnc-}Zo)_esTTq@@;!$i8=44n9Ql9Bk5>y&g;gRW> znO@?|#igsOt6-6u?^5q+P+DeCm}g#Dp5mM2Rb~)TQJf#*l$sIYSdrshnD6HrX_!+M z?91hNB;2Xrues~hnZ^IlR^5Bx79E*hU!bKHcY03SF3+#KsZ*S$ql&^F4O7`7XdCeIVd(q>|rDpL(@f+(GomW@vyO8*H z!Y9kjMWSg1<$eNj%$k$fqBn5PQw&(l`!Z;IIP207&*Zq0h1YirFFaCYbW>#7ggZNh zJWlT{iZDxkd-}=RCHV^PS_0%gXKabQdH;<2wN^IYQtQ`cZnXHMeT)0VYE{YCkIJf=PTL-4OH>`{!8 zVhDOY&uBVS%AO3r%6a|ZkC_t z#E;_PRjyfO*_Mv!kw&4e5#|ONM&|ma1zG+EM(IJBsbL;2o)M|pk-q*GZUz=yA$gW2 z*_NI@rP)R)X1PV7DLy`BNufywjs_;C`594#2B9JO;f8tX<-rz{;~B;4tNguEg5Apk z{8N)kLec{)T?2eQbIQyuOpJ@83Z1gbgM9N13rtJQ{S6Jc4E@b~%S;?ALqiOzT-{PV zlG5DVJ)Ba!s@&52{WE+^4HHe1bIqfC6HCjvbnO(1i!*eKiW3!F0&`r=%eit*gZ0f^ zy@Qi0ql%5)d~;kaz4f*04gJe=LVf+K3S7#KD#FbCvb;^Ql0#kHlbmz?0#g%Rl1;)Y zE%HJF-OYTsA~SvR%p+2ga*h3qvI_jud<=^!3(AsR)AAinj7v*OQws~i9E}6qQ%z0M zT}^|-LleD?gWO6YiYp@w^vk>oxzY=rEP~Aw1AP2UjD5>2@}08kwKK~zGhE9eOU&Gz zi_3gW(n}(}GYTEevno?l!o3W=DvV3B^#j~;{mM#8BMP_*BTBr|O)G;>i1Ko?fDm(%*A`AST&7HF?y>l~y3rzy^0^L(0O!Bq!J#vzhGu@I3^^07%Ec4QX z%!-54vWqQKjJ#axO*12+LUXcnJY?S6aHIb6G3llilPVBU+vkN0*dFfjY|PuuZq;!DTJuHTy@|Ltl1c42kE zG^ync`!8MHEPo<^c~Nhr#;r<9v)ZU)N}|y)fVM_4n1|v7i1l?iRWdQL&JBuU#j{ zvW=yiIM+Yqk{0{hel^xB@Z{Q*Ynrlt>x1SPJZLMTQyYla~}(O`iEg zV>$24`_9vuW<*^V-21Nn-749$Tc3Qc%(IUBzRjn3y5Xh#4>l$e8)Mu2J~I8ewy5^F z$H&VL;=erFzO1Br@>F+`;-!-tUf;`^&&I9Tb!DT~x~Q#J`|7yoUjNi9bW5`PT5Lq| zjtQ&ZRDQ~seRXGQO}4>vF`+lB1rz4PpKkbFe`K@WT@#DbUo1Ac#KwD--a2Eq{PCuT zt8MP*sH^;5wVHdC5ntkjdCE#jYrftP=1_8ad}Tq!O%MJp99yH;@~?e0ugT}qykjyO O{$C4T%KctiFa!W_3iMh4 diff --git a/secrets/wg-DE.age b/secrets/wg-DE.age index 48c672d5ddb943fad1df515a5340d444184514d1..adcf046f779bf828e7b4c433ef5294d3278b6f24 100644 GIT binary patch delta 1414 zcmdnbwU&E=YQ2e{k9SeIf_tDvP;!W$TSi)jnMJX7QAugJb5LSQs)2cGrKNswU|vRK zT8L$uc5q%XSDs6Fah11UMwWq@S(>@Cb75}2wtjk%c4elvk9K5%VXBLhnL%chho`p* zm#&>cadC!jYKoDmsiCEUX?A&Xv7>^ITXB_>NpWUaL4B@kS(K%AQiWeifsaLISw&Eu zZ)#|weo=U_udj2MOI9FPw!d3hl)txYrHiw^Npf&`c!*BZju1$jljffk{TrDYb5My{rbWkvY`5$-n5mfDfwSycfZ z<&LH$iGjsjp{d%A?v+)=X&F(KhUrBHWu;|~ZblWpIWAQZxsDlTWkDu>zQ%6aMIo*e zKZ@6z`6at#=T<~Um6_#xW;o|rdZmYkI)|lOB!}gt7i5`+yEr+e`DVHLWMp#{8Jh{-*!`VD6yF}Y4E6u#P#5={?*VsHI(!;O9 zv?@TmNG`q~t+|bOaqRcm?A}7P$-!a|PB*4Ec$}rW{CCexvEGjGC z*W1OzwaT!hGPy9=v%<98&A&w7#k(lfID;!YP`k9qJSQR}*sCDivZ^rGs6Mrz)Xm%2 zD=fQM-#n+nI48r*z~9wB)YYdvyu>FptuU$}%|}1WJ-aZ_$SBW?t6bkG$;+q0Ff$@5 zFW5K4C?GW?&!;FTJ1xgFv@+Q{D?2;K$t<|Y(K#zIDIl#hGtDJDCnw7&+`!V`zog2@ zgsZ?MIKr?pIMubtqb$TQqTVwzzalpx%sJdJ(8w{!DbLH$A~n^txU|%}EI1>>J1W#I z*U>k?ywEQtpsJ)iqoj~4pwvsd%q+V!#i_`(Lf@+@JIc3MJ2|POC@(+R+uI^9(WyAt z(bY7wB;P36U*A$Y&)h9H$v4H%xzMXP%+=SO%hfNyG08PFD8Qg7zdoW|+bb%~*|EgQ zur#!+w9ulew6Y*H-QU95Kh3*5KdmUw%g4~T(!?{|Gryw5GAq-^%$&>6E!)ql#KJ7N z%*e^y$KO9aucF*IG~D0Pq{6W*E2JPVH9axX)WW|sAl)UbJUpVzKRYos)zz}dyujT% zup*L+OIKG{AvYyBuRc4~*H_;#%d^-$$Js9{Ks#UCJftGiJ44&pEV42*&(k|C!XVr^ zl&kQPOx&pt+cNg4eY56UH}&PZKRX`0c%kB0ygi7EwMhEcU4aJQ55k$*saAK|%`^_N zyjNLzy{5>%^qDd1Rs(a7+C|4*58EABmUSyr(C6Ch6Fcoa{oi}s+g9(U$(K+jJjLU^ z`2UEwfOAtM8aN(CeVQ+zmM0rLxpaQV;ZHd~95i%N9iA9ytlV6C>5KL$_pH~NHD6a| zChXIRc`K1vxN_|Ra5hsV7P7IJsU};PuJ_Ti-3~ zwmmw`~8oy`O7>YMg0yd2+F%LU4FSNlIEyl5>$!k$-NIlT%nwm~TpyflE+gg{Og0hNGiF ziBFkNnn73~S88dtepys*xT~kDLAG~6pihBMK$MxIewklIq(^#wl733CrI%BvcV%++ z#E;_P8GdB}fzFotnRx{!#TlN3`2o3ANnUQ=rcObD5eCNI7RH4>hJ`t0$r96Z6cB@(VnTE3$pL@*|vbT?4dz^HYm_Q+-U* z42mrCjS2$G%uKvef+|81jne!qg2O6;y;4oMbnO(1i!*eKiW3!F0&`r=%enFl%gZtf zgHqB1lM2ks10o}|0}PGo(=GCii;Rr&jZ<>7O0o@&{LCxDyn^!+gHpUgf~zWnJTh|K zQcOLvJ$%f$Qqz+3gHoK#)5Al3j690Xik!_{{WFTpGTlrHy&Tg^BEyQyOOg!y{Zh(Z z3@enH9Ts_Rp%p5I!GlIiSoINw#ot>P6GtDgu+{^vF%fh*G+`_#5GTb6_wS7&4{DO;( z-IJZNJSsCXjmrW`t4iHNER8BHB7(z9jLfnfq8vm&#L!?}vhD?JPIT|>jPUGjVb^89_g^s@?cs|t&~Gkq)F(nG@Xa*8sYQZv#@ z`~oa0^Ya68{L`}iOTDwaQd70FvOIvn&164SX`n^1M7FQ;I7Mjom{nxjcOGy-Q8~U5raYE7A)K zL#u+S5?u=ojGPLMlTuQ0f}GqUl1uWkb1e$e%KghMjr{YR3v=^A0xLs{i%Jts(zv*E zb#)cWERr+o10&4*0?W!PT?ztBajwOGgGoH&9#%wqny2?l1iMti#$!ZZf?1B zaP7^~>x;^>b1wAitX4diD`*)gS0i+$>cQQeJ6V4_?=4w1xq|0%%;O!`@_)Ykm-O7O zyS?ILjo;dD3QO0%*(W_aM8zv_iYt@!`4uY#1?+Mr%vh$NQ@>tke~}hPR^;^;YKugD zw5-ECfBJ2js#qb~aLrjdSA*;Oua_$3CP#Ix&QCv7&ePR?qvTE5IYoYzz`G|E7C%)# zkh4^Bv9sDl!J4<~a~+L?O*V@6>V5z8dEqY6)SJOF+3WdjdiiBtF32|D+SFh+f7a^=pH&+}_V@60 zB(uzvy!BsmpQ~+3Amj3htK@&|SzXA@a(%foU%;iSPAAW-5;M(`Y+z7-SY`js*UbLE zo!6$7x2@y0?e=vG5#o%>;>qcr^*`)SeL;-wEwJ diff --git a/secrets/wg-NL.age b/secrets/wg-NL.age index 2a815aeaed6ae92c33b5fa662b9fc448d03b6b4c..cd14daacc7a913e2ac9e9ce562f12f7434e28f5a 100644 GIT binary patch delta 1414 zcmdnbwU&E=YQ2e{k9SeILRy4>cyg($r@v3AtCxOhih-eJrCWh#l%uw9ZeXIec4?J` zg|@dzW|~tvS5aw>ajI#Qb4jsDie*4VPO@)^zLCDEL10;sdvIW;XPCQVXlhPSmT`eE zm#&>cadC!jYKoDmsiCEUX?A&Xv7u#Jks(20{uV*O9=VRCUa46DscBVC=}{gTndRCcPC=%IX=%BR z6F-XATl$sfdSr$8IGGxR`sY;S6&ZL$W*Ue2TYC9L___IcRr%$nndU|Yl)D#mMHyrk zN2LTE>@9%Ex>gFHn;T>)f9_Z?pS(u)wot2Sp zVPI-%=2;Tr?`-7f6UF6|Q)T2_knio1?-dl5Y@nT-QIwLAkz?SZALdmVRashTS(H{8 zR*@Iw5o8c#=nOMZ-5@6;MX&Rd28=0Q!5t3VO;aVTyU*PR+ z?q*c!k)s`%>XMZ0QI_cz?CGA7nB@~v9_|`s9`5buV`*Gk8Bvm0&Se^2>}*z;V(8&r zUSbyD6l@UbS?V9`<6Y+LWfA3Omg|!nQB-M~nBwlAZc<)SkY8#T>6hl{QV?X~?5eFD zk;3H|;TvV??H}Z0RO}t@5m=vU6ciR(RPN~+S>O@qZef<577-Mf!etTRpX(TGXzb%z;8|~IneCKq9O++_ zYwlQ{Rvu*#W$y0llar_&9O>$kSL$yXURYS{VG$7!?wVRzY;NRMl#$Ej65$pQU>f3S zp5+EepPF2j=$Gu8W#*FOm7MHX5@=bRW@uVyTo#z3 zZ^5-|7VnWcq6waw$|vf>a_SGxs4VO;%3jyT(3{0NBYFz!n>PZilip8m-F@ivy}q)m zU3)HFKbk)|*QmT*X}XTQ@73SiAMN?q*3#=He=AGrR%aed;n}{jV#|7Y?_$Zqo_#y3 zUTUiQ8@95k3KnKnv}?%KC#=<-vft9;{Ip$M7SCLiD~vMVn!f0{-MZ}7?K=y1ZS!lK z!K$%QmSu*Oo5QY6F&AE)JU+8C?ZJo0Z`ZdORldpilk_Uw&g5c|fY4vl*p(Vzuhe_? z6#mFu-DS4#M#4#L=91glUL_|x>Q^mZE_~Gf%d!I5q}dOdBM(b9%UoM}c*ehv=I>tI z^LS8rQ%?BP!WrAR3>q6F-S(TA?c8j>Ik9u0RdHeAZ^tgtWb4H-#ZmL$E^TyLUuM5k zc6kl+{wYTsSn_VnWN@%!JO9J_!L35sq&3k;jNH99yS%wko6ov|?ZVmF0dfzerLsHh z=jHGDcvRR}d`*PoLH1AW4GhscHm+K2bYs##8_Ng(VihJ7ospQXvf&K#Ql@uH%o13p U9a;9~l$Xkr@>^S7R=+L*0AUCb?f?J) delta 1284 zcmZ3>y`O7>YMg0yd2+F%LRh)0Yg$EMR;IRjuuE2Wj(=rXNI+BS9+PVvujegp=CyeK~#QnzGu3VZ&XQPZjP5{xOtvqW?H$nNlsLLPI7AK z#E;_Pxh5$Fg^`shVF8|&DaJ`=?y135Y5wlvrH;vI{yE`kzGWfl&N=R`h6dSOjvfJp zL3u&BQK3dbneHCuey$clzKOvR1{vM~&WSnZVSW+5k&b=^WhRl6;~B;4{mjzRQi4MY z9bE%_ii_Ox!`#DNT(f;sOnpmys+>)t%u`B>+_Rnhiz*DbQX*V4L-f-;i_OC;^79KL zbF_mB0& zE3?b|%zgdMlil5Yyj>&e(>$Ug%kmGdv9fEwX)$b5e`71EZXi9eql(2l7oGc zl8p$>kY_e;W`d%LmGu|{GgO%@+>aS4{j*P3jJ?T;`w`2VMoCRCAE34 z^UMtD_zw3yxajOAnzHNME5-2g*O`}vGux(Jkh=E0eSfaD#fsMzCtVx7ZhiifZ|U_$ zZ(Z`u8xy0xl;00=;%BQr{D{r?))I^7j`Q1+Vh^15nou|2TRKJjOHggnOnZ6t!anA< z8PZ-_u2(;K2W~pjZSZ4{S&h~%X}iDE5AAI^5!Yttz4&`CXLHoHN&huADhrhS37=V> zESyuU@$gc5OuErt<~8zm|LkIea{v7i_UM21rS4(8Mu+p%O*Qik_kWolM+EJnAf*d0L+B-qWzcWp7$x__A7-$4PqoHD3OUuioDMVMAH@*`4>D9lx$U Ma>27GWcPC(0KB8=t^fc4 diff --git a/secrets/wg-NO.age b/secrets/wg-NO.age index b1dab2a1914b26c929bc44b3fc12afc93cff6ebb..7c3885107422c54488da166b87c6b2248927bcb7 100644 GIT binary patch delta 1412 zcmdnXwVHc^YQ2e{k9SeILb+L5c9v0)Pr7e*W=^tUP+3~2qkg2HZ@5cper~>*dzz)W zL2h`mx2usaS45tXZ&-#!RFa!%X0TU~PjE=0n_-%MP_ed0PI6F0Ns3`)ahRiPXi1(4 zm#&>cadC!jYKoDmsiCEUX?A&Xv7>@xNMvcaN1l;iMtxXbmSeI8BV5XPQ=+dfIp!<&>sY8HIZp zcvlp~_fvVwH4aOVie&^$kvEVtY!qdYHP?^3Vy3`di! zu-uZ+aHn#=a{mnd^suZFk93ptaF3Ft(j=~curmKrV`F_+pD;6nC?7+U!g^2hh|Fy7 zwCqHakigKiq)6?g;E-~!JQwXWeUqGw^m4PP$kNh{oJwC0-{OeGysEIAw6xT8cLT#D?O+Q>u6)ZB%qf|rRg8CB2ywHLY!{Yn^ zeV07Xyh;zJu&ksU@8SX{_cAj}kBrbD*F?wCTsIe=$`bG7NE5&C01vL>st`|4}x#IU?73!hB0B3Dbx@B%Y;ldv3j3-^k=Oe61n?I^DbCnxjF z?9>V_E?r$+h4L!P)Ov$T3xnjG(&7>mLr1riA~&OC4}IS}kMt6+oNUu%V;}vX4Cmw! zU#=(h$<1ABkHt6r zcv7TrY`wP=qja(-|5U@&x5qymH7ry3xOvMyS6!JCdHZD-XXx+e;fN}ItRQ>$bX#6y zmhyW9djrI3AXSl8W6wju{E)}|PXw{;%`}+2qHZz|zjwqhV z!STVh;&_(xk`2OPJnfr)t)8{=+W!BdEcdU+I7qHx?~LD?sm-A)xqn)%AsuFJvTV!T!0ye#K@M#+JoFS-yE8VHw`VPOjyX;~B;4jm-RWOM@!X zEpsxxyo19MeTxlTT|+ZN6CEqkO7kizi*ka}ogA|>UGglrQc{eJs@zQj3w*U*eakBJ z3rr(Yi+sIIBJ;~ka|;W-f}Kl)jjKHTO!OnUbnO(1i!*eKiW3!F0&`r=%eex5{7p@Z z!rYzAot%ABb3)9LGOEn#%S-}7bJ9$+lg&z9D?*IYEIre60zCYk_45K!a`Mx&Eu2e2 ziu2qv4LzK>GThwLE1k2=Ec3n0{0u$Hyd#~pdSvdT=|%PZU+&4aarQc_(@yu-PC9dpW3QvEy&^eZX?N-Qk1 zgIz+REHW+J!vcy7UGqY#va};YEM2`z^%KJ^jM7TO^-DbrEps!C1APm!i(E3eEHb>^ zoqZzRvhwxyEj@GU^UagJoqU|jgM3qh%ZfrPygXfkEwu~FTwL{&68+4wO)_#UGeTW_ zoHB!xqQXOpe7GXQBdScZvh#y0a~w-Oy|WFyyaK(m{fhitE&N?8z5J8SGW098O+B5= zEB(AeqO={;g3>LrO2SGjBT6bgD?GU@(zGp2%_>VX0wN9SJySy>3sbc%D?Fppe2OiL zqLRw1e3D(GEF!X#%UpBQ0#gj!-Gf85a{?_x4V zw_JP0%pUKlZUid(ToX*0A4OZoj?w z%!?tvziNTF2*VR8XTIdyZw@XB6U&__9R2e7wOgCh-8aZ^)_<#EpZPf`E4AR?x+|q# zr>paySFM&3s<&d3f1+(Qr={Ulhhy}~Ri!RLm*O8Tudj;#5-7s{ZMBv5?@QAp3oSD{ zy>9y&wm$pHyWKQ6N?lK2=XbHH1_}Oq`B_fJ?_apg-nGpo-1KFG5&sh=&tt6jyKG8l zZd6a0p{eH|dwS&@ftY%2zoYveywZ(KtZwQ(pAcE;aUsSe$@x|Hjnwjgx4s$sI&(w@ zb4++(uXIA=#lzccu5is_OS&{;%Daxm(oR`w8!gjKL0c1%ctzkwES$dC0{bb_8W^)Zk@-( zya{i1yKb2x+U)Z=@hFdd=p9+JMcb}B7p!LbcJcaTmI=RBA1Mf)#wE|F+Q=(?eqrr7 JmB$R5QURG^{{cA2wJWQ9>xQJ_(1X{dgR zX_#M8K(13HS9(E6S(%4>KvIgocV2d8j;Wt{hI3N6V{m0va+XPeg>Sx#dxmzTQ>b$& zm#&>cadC!jYKoDmsiCEUX?A&Xv7>@_X{DK;i+{3qVSQD3mbq(wVzRlpQ;4%~hFN58 zP*SK*idl-0V{T${czH2bX@E~ zX+g%p>5-w1TmfknCWaBdQRXSWmEPq>S&<NxTI=Zc<1k(8TPl~kCP zon94Ep6=uxWT|iBn8Ov}S{e}MTvBLi?B-PDlO9@RnBnP{?e3ge<)!aj;+^i9Vc_eg z9gtJ#6>08n6k=i)UhEf9mXc>`;9BC6nVZVx8(Lfz6zN>l7SO z>f)E{n&}tj=9TQ2=NaNJpWlXIP%@k?E4+Zt4^q;o_F*otu;u5Rp=t7+~m_ zSHa~GT$mH(?3rv>?(XF2R#oq8=n-k?R8kt1VHsrXWSkdSQeYSy>11h;80;UIWlmsS)SXyk3g<(rX{ZfaRk;gqi(7UFFj9F$>{>uKp0VPX*;XldXU=4_A= zW?-C|Zs3{YUtZ+n>XGVSUl_$z;TcdG6cmwE z?pAJ6V3L^O5~*LTog8kSK~OrXOCAtskMC>yaGgscl>oWMEY2W$tY3 zZo(zJfo;;eXV>i)9bO*0zaYxH@yY#F*B`swh+KU=$9RF8<;K5v?`)R#&ipcgf9B=p z;OqSJUTnJP|B}-|LWp&>Tfc15+b)ZmYU_3TR%!FZt=pJhzEL-7k?NQFo^peqKT>}@ zl9LMa>o8}!x6>fpR{o)WW&F`jcYg5|6H_nl>d$;)8fclZQ?f~gOXu63@=3+l4!sYW zepJwN-IEs=Brk>UIh1gI@uk%w8LN`nXUp+9eO)uhWYAt+xpcWHDZF-HgxGu?G&qjn!9<@ zs|VdSH)qLq+j<+`z0Ur>V!26>&`s7q`rfmnmfm^P;QZM9!9~7h&sI)WI_vATWTM~6 zm*u8kCtv#{IdQ|UcK3Zv)lUw$atP^O(M>E6yI$us>3xAKyF~J;*?W&(D*mF%8+m2h z|5FZKOXC#sLqz{>HLGmu$et#WZg$^&if8S>N}DD)%OW#M6S?a X%$C~x@A|FZVefcPL^14BE|&%Xu&oz= delta 1285 zcmZ3-eSm9%YMg0yd2+F%LY_r-hL>T!MN(pVmUe!aVMwr9V2-oDg-e!eWJYdX^FS7b7VK?;~B;4y@OJ{{euG| z%!?C^!qWXrEYb=c&D@i6OWaKgvl0We3kwRfi*uYaa`H^LQv6LVBAiT(^_|OttFkQ$ z(*3eL44sP-JrgSp{SDnLb1F-60?m`Po!l(AbnO(1i!*eKiW3!F0&`r=%eg$g-9tRf z3k=IceR9mhyiLu+wY^O01MzoGgnA^#esOJab*ja@-8Ov&|z@^Fp060;_T>v%*3x%Crj$d<`tJ!}2SP z!@@n%3yS?L%PLY*Op-FHl0$tWxgzr2vx_qgJ#qsg3VbVqg7l5*-3ltwJhRQs+*}<) zk^%zLf?T6gEi8)+y|eROe3Fta9Sw3*%6u{%3rg}MlYO{c!rTh|vz!gGP5m+gGmG;} z%e>8VLW;_>Bi!{33`=qYJ)@jV^HWT`1AQ%mJdFL^EiH1&qsl^a^1UjZB29g`3O&sn z6Z5sh-Lg_ri*my219IHTGc8<8!YrN315C}re9ZHcgS?X~olCqeqaq_B%AA6tGRnLw z%+gItUDK1RJh@5&O+88?3e(HYosxY#OFcb`^@GB*iZhDx{K`x-P0Dh83sW;PT*Je) zwIj1E3@pmc!gKR;Gb=*f%k{I&os79ma$U_Tohv=FECb5xU6Zw|JWN6(gPaV~y-X?` zlS+LmEWG?JT*I@=3Vqy+k_-%7g2KF=)3m))aolf|2N+DvfP?LH~t$J$Maydu7G2jVisC8V?6wppt5|LV&6^?CRE@XDD& z?9tUiC7h>DgnSFUEc)zkS;)c*f|4!~TRvta1x|J@(mq_zz4?Hmk$27AYqNyEzRuiq zV6w%p?}fb;a~0TE9;tXLRVZnz{lIf`zRNV5%F|!EdxJHbI;{3E&-}a4#b~0&Lp$p% zEp9e%x0{Q^;sd4%)=!A|*R38|&3En4tXL__T%-Q9MfPtdUetLO99RD4g~Ric+w?W` zGFNKm{#18pmDwQlr`~<}!tEs~!u25vt){Vh8jSN6wG~%BWMmHc!BJ=Oe$~?%7SrB% zw;i$#Rrpb~>2djvr4t^>FX}raW^U7#d%U1=@3*v%vbt5p25am+&WKtReQCFSJ*iLN z*kdns5&j29Lj=s4%8v!98Be@mquMOjep=Z_%c0=ti@CX%_SIc!{d346tt@H9JA=2s z^R@}{^xj}!bL~Xm-<$O8mKR9+? MwfSGgS@Yo<00TGWm;e9(