From 747481c4ea4fc5e65d01ca67e27f9008fa71e1e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 8 Oct 2023 19:32:00 +0200 Subject: [PATCH] fix: get networking on pie working properly --- flake.lock | 48 +++-- flake.nix | 8 +- hosts/chocolatebar/configuration.nix | 1 - hosts/default.nix | 14 +- hosts/droppie/configuration.nix | 28 --- hosts/pie/.env.firefly | 239 ++++++++++++++++++++++ hosts/pie/.env.firefly-importer | 126 ++++++++++++ hosts/pie/configuration.nix | 26 ++- hosts/pie/ddclient.nix | 44 ++++ hosts/pie/default.nix | 2 + hosts/pie/dhcpd.nix | 39 ++++ hosts/pie/firefly.nix | 99 +++++++++ hosts/pie/hardware-configuration.nix | 29 ++- hosts/pie/unbound.nix | 15 ++ modules/core/packages.nix | 2 +- modules/ddclient/default.nix | 245 +++++++++++++++++++++++ modules/default.nix | 1 + modules/desktop-extended/default.nix | 2 +- modules/graphical/sway/config/config.nix | 2 +- overlays/default.nix | 6 - overlays/overrides.nix | 41 ---- secrets/.fwknoprc | Bin 2504 -> 2500 bytes secrets/b12f-env-secrets | Bin 2548 -> 2533 bytes secrets/cat-test.ovpn | Bin 7289 -> 7326 bytes secrets/crypto_keyfile-chocolatebar.bin | Bin 4628 -> 4589 bytes secrets/droppie-ssh-root.key | Bin 1755 -> 1805 bytes secrets/dyndns-droppie.key | 27 --- secrets/dyndns.key | 20 ++ secrets/firefly-db-secrets.env | 21 ++ secrets/firefly-importer-secrets.env | Bin 0 -> 2678 bytes secrets/firefly-secrets.env | Bin 0 -> 2211 bytes secrets/hdd_keyfile-chocolatebar.bin | Bin 1619 -> 1557 bytes secrets/hosting.de-api.key | Bin 1122 -> 908 bytes secrets/keyfile-biolimo.bin | Bin 4832 -> 4848 bytes secrets/keyfile-chocolatebar.bin | Bin 4693 -> 4676 bytes secrets/mopidy.conf | Bin 2841 -> 2753 bytes secrets/secrets.nix | 20 +- secrets/vnc-cert-chocolatebar.pem | Bin 3355 -> 3474 bytes secrets/vnc-key-chocolatebar.pem | Bin 4800 -> 4814 bytes users/b12f/default.nix | 1 - users/b12f/session-variables.nix | 2 +- 41 files changed, 940 insertions(+), 168 deletions(-) create mode 100644 hosts/pie/.env.firefly create mode 100644 hosts/pie/.env.firefly-importer create mode 100644 hosts/pie/ddclient.nix create mode 100644 hosts/pie/firefly.nix create mode 100644 modules/ddclient/default.nix delete mode 100644 overlays/overrides.nix delete mode 100644 secrets/dyndns-droppie.key create mode 100644 secrets/dyndns.key create mode 100644 secrets/firefly-db-secrets.env create mode 100644 secrets/firefly-importer-secrets.env create mode 100644 secrets/firefly-secrets.env diff --git a/flake.lock b/flake.lock index c9ae64e..5c81ed7 100644 --- a/flake.lock +++ b/flake.lock @@ -40,9 +40,7 @@ }, "agenix": { "inputs": { - "darwin": [ - "nix-darwin" - ], + "darwin": "darwin", "nixpkgs": [ "nixpkgs" ] @@ -61,6 +59,28 @@ "type": "github" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1696360011, + "narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "deno2nix": { "inputs": { "devshell": "devshell", @@ -322,27 +342,6 @@ "type": "github" } }, - "nix-darwin": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1695686713, - "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "e236a1e598a9a59265897948ac9874c364b9555f", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "nixos-flake": { "locked": { "lastModified": 1692742948, @@ -498,7 +497,6 @@ "home-manager": "home-manager", "mobile-nixos": "mobile-nixos", "musnix": "musnix", - "nix-darwin": "nix-darwin", "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs_2", diff --git a/flake.nix b/flake.nix index 906457a..7c05160 100644 --- a/flake.nix +++ b/flake.nix @@ -12,9 +12,6 @@ flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; - nix-darwin.url = "github:lnl7/nix-darwin/master"; - nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - home-manager.url = "github:nix-community/home-manager/release-23.05"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -27,7 +24,6 @@ agenix.url = "github:ryantm/agenix"; agenix.inputs.nixpkgs.follows = "nixpkgs"; - agenix.inputs.darwin.follows = "nix-darwin"; nixos-hardware.url = "github:nixos/nixos-hardware"; @@ -49,8 +45,6 @@ systems = [ "x86_64-linux" "aarch64-linux" - "x86_64-darwin" - "aarch64-darwin" ]; imports = [ @@ -100,7 +94,7 @@ }; droppie = { - hostname = "backup.b12f.io"; + hostname = "droppie.b12f.io"; sshUser = "yule"; }; diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix index c746c28..395932d 100644 --- a/hosts/chocolatebar/configuration.nix +++ b/hosts/chocolatebar/configuration.nix @@ -1,7 +1,6 @@ { config, pkgs, - flake, lib, ... }: diff --git a/hosts/default.nix b/hosts/default.nix index 248ff40..b961d9f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -57,7 +57,8 @@ ./pie self.nixosModules.yule self.nixosModules.printing - self.nixosModules.paperless + # self.nixosModules.paperless + # self.nixosModules.docker ]; }; @@ -80,6 +81,17 @@ ]; }; + iso-arm = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + nixpkgs.buildPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + ]; + }; + iso-graphical = self.nixos-flake.lib.mkLinuxSystem { nixpkgs.hostPlatform = "x86_64-linux"; imports = [ diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix index 984306e..e54c97b 100644 --- a/hosts/droppie/configuration.nix +++ b/hosts/droppie/configuration.nix @@ -23,34 +23,6 @@ in { networking.hostName = "droppie"; - security.sudo.extraRules = [ - { - users = ["${psCfg.user.name}"]; - commands = [ - { - command = "ALL"; - options = ["NOPASSWD"]; - } - ]; - } - ]; - - services.ddclient = { - enable = false; - ipv6 = true; - domains = ["backup.b12f.io"]; - server = "ddns.hosting.de"; - username = "b12f"; - use = "web, web=https://ipcheck-ds.wieistmeineip.de/callback/, web-skip='ip\":\"'"; - passwordFile = "/run/agenix/dyndns-droppie.key"; - }; - - age.secrets."dyndns-droppie.key" = { - file = "${flake.self}/secrets/dyndns-droppie.key"; - mode = "400"; - owner = "root"; - }; - # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie age.secrets."droppie-ssh-root.key" = { file = "${flake.self}/secrets/droppie-ssh-root.key"; diff --git a/hosts/pie/.env.firefly b/hosts/pie/.env.firefly new file mode 100644 index 0000000..be16ce7 --- /dev/null +++ b/hosts/pie/.env.firefly @@ -0,0 +1,239 @@ +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +APP_ENV=local + +# Set to true if you want to see debug information in error screens. +APP_DEBUG=false + +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE +# The variable is used in some errors shown to users who aren't admin. +SITE_OWNER=firefly-admin@benjaminbaedorf.eu + +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=en_US + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + +# Change this value to your preferred time zone. +# Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Berlin + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES=** + +# The log channel defines where your log entries go to. +# Several other options exist. You can use 'single' for one big fat error log (not recommended). +# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# A cool option is 'papertrail' for cloud logging +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. +LOG_CHANNEL=stack + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +APP_LOG_LEVEL=notice + +# Audit log level. +# The audit log is used to log notable Firefly III events on a separate channel. +# These log entries may contain sensitive financial information. +# The audit log is disabled by default. +# +# To enable it, set AUDIT_LOG_LEVEL to "info" +# To disable it, set AUDIT_LOG_LEVEL to "emergency" +AUDIT_LOG_LEVEL=emergency + +# +# If you want, you can redirect the audit logs to another channel. +# Set 'audit_stdout', 'audit_syslog', 'audit_errorlog' to log to the system itself. +# Use audit_daily to log to a rotating file. +# Use audit_papertrail to log to papertrail. +# +# If you do this, the audit logs may be mixed with normal logs because the settings for these channels +# are often the same as the settings for the normal logs. +AUDIT_LOG_CHANNEL= + +# +# Used when logging to papertrail: +# Also used when audit logs log to papertrail: +# +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= + +# PostgreSQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null + +# more PostgreSQL settings +PGSQL_SCHEMA=public + +# If you're looking for performance improvements, you could install memcached or redis +CACHE_DRIVER=file +SESSION_DRIVER=file + +# If you set either of the options above to 'redis', you might want to update these settings too +# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or +# REDIS_PORT_FILE to set the value from a file instead of from an environment variable + +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwise. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 + +# Use only with Redis 6+ with proper ACL set. Leave empty otherwise. +REDIS_USERNAME= +REDIS_PASSWORD= + +# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. +REDIS_DB="0" +REDIS_CACHE_DB="1" + +# Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable +# Setting samesite to "strict" may give you trouble logging in. +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax + +# Firefly III can send you the following messages. +SEND_ERROR_MESSAGE=true + +# These messages contain (sensitive) transaction information: +SEND_REPORT_JOURNALS=true + +# Set this value to true if you want to set the location of certain things, like transactions. +# Since this involves an external service, it's optional and disabled by default. +ENABLE_EXTERNAL_MAP=false + +# Set this value to true if you want Firefly III to download currency exchange rates +# from the internet. These rates are hosted by the creator of Firefly III inside +# an Azure Storage Container. +# Not all currencies may be available. Rates may be wrong. +ENABLE_EXTERNAL_RATES=true + +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + +# +# Firefly III authentication settings +# + +# +# Firefly III supports a few authentication methods: +# - 'web' (default, uses built in DB) +# - 'remote_user_guard' for Authelia etc +# Read more about these settings in the documentation. +# https://docs.firefly-iii.org/firefly-iii/advanced-installation/authentication +# +# LDAP is no longer supported :( +# +AUTHENTICATION_GUARD=web + +# +# Remote user guard settings +# +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= + +# +# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. +# +ALLOW_WEBHOOKS=false + +# +# The static cron job token can be useful when you use Docker and wish to manage cron jobs. +# 1. Set this token to any 32-character value (this is important!). +# 2. Use this token in the cron URL instead of a user's command line token that you can find in /profile +# +# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/ +# +# You can set this variable from a file by appending it with _FILE +# +STATIC_CRON_TOKEN= + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lots of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Set this to true to build all locales supported by Firefly III. +# This may take quite some time (several minutes) and is generally not recommended. +# If you wish to change or alter the list of locales, start your Docker container with +# `docker run -v locale.gen:/etc/locale.gen -e DKR_BUILD_LOCALE=true` +# and make sure your preferred locales are in your own locale.gen. +DKR_BUILD_LOCALE=false + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +APP_NAME=FireflyIII +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= +FIREFLY_III_LAYOUT=v1 + +# +# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. +# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. +# This configuration value WILL NOT HELP. +# +# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff. +# +# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. +# So when configuring anything WEB related this variable doesn't do anything. Nothing +# +# If you're stuck I understand you get desperate but look SOMEWHERE ELSE. +# +APP_URL=http://localhost diff --git a/hosts/pie/.env.firefly-importer b/hosts/pie/.env.firefly-importer new file mode 100644 index 0000000..f1fe1bb --- /dev/null +++ b/hosts/pie/.env.firefly-importer @@ -0,0 +1,126 @@ +# Firefly Data Importer (FIDI) configuration file + +# Where is Firefly III? +# +# 1) Make sure you ADD http:// or https:// +# 2) Make sure you REMOVE any trailing slash from the end of the URL. +# 3) In case of Docker, refer to the internal IP of your Firefly III installation. +# +# Setting this value is not mandatory. But it is very useful. +# +# This variable can be set from a file if you append it with _FILE +# +FIREFLY_III_URL=https://firefly.b12f.io + +# +# Imagine Firefly III can be reached at "http://172.16.0.2:8082" (internal Docker network or something). +# But you have a fancy URL: "https://personal-finances.bill.microsoft.com/" +# +# In those cases, you can overrule the URL so when the data importer links back to Firefly III, it uses the correct URL. +# +# 1) Make sure you ADD http:// or https:// +# 2) Make sure you REMOVE any trailing slash from the end of the URL. +# +# IF YOU SET THIS VALUE, YOU MUST ALSO SET THE FIREFLY_III_URL +# +# This variable can be set from a file if you append it with _FILE +# +VANITY_URL=https://firefly.b12f.io + +# +# If set to true, the data import will not complain about running into duplicates. +# This will give you cleaner import mails if you run regular imports. +# +# This means that the data importer will not import duplicates, but it will not complain about them either. +# +# This setting has no influence on the settings in your configuration(.json). +# +# Of course, if something goes wrong *because* the transaction is a duplicate you will +# NEVER know unless you start digging in your log files. So be careful with this. +# +IGNORE_DUPLICATE_ERRORS=false + +# +# Is the /autoimport even endpoint enabled? +# By default it's disabled, and the secret alone will not enable it. +# +CAN_POST_AUTOIMPORT=false + +# +# Is the /autoupload endpoint enabled? +# By default it's disabled, and the secret alone will not enable it. +# +CAN_POST_FILES=false + +# +# Import directory white list. You need to set this before the auto importer will accept a directory to import from. +# +# This variable can be set from a file if you append it with _FILE +# +IMPORT_DIR_ALLOWLIST= + +# +# When you're running Firefly III under a (self-signed) certificate, +# the data importer may have trouble verifying the TLS connection. +# +# You have a few options to make sure the data importer can connect +# to Firefly III: +# - 'true': will verify all certificates. The most secure option and the default. +# - 'file.pem': refer to a file (you must provide it) to your custom root or intermediate certificates. +# - 'false': will verify NO certificates. Not very secure. +VERIFY_TLS_SECURITY=true + +# +# If you want, you can set a directory here where the data importer will look for import configurations. +# This is a separate setting from the /import directory that the auto-import uses. +# Setting this variable isn't necessary. The default value is "storage/configurations". +# +# This variable can be set from a file if you append it with _FILE +# +JSON_CONFIGURATION_DIR= + +# +# Time out when connecting with Firefly III. +# π*10 seconds is usually fine. +# +CONNECTION_TIMEOUT=31.41 + +# The following variables can be useful when debugging the application +APP_ENV=local +APP_DEBUG=false +LOG_CHANNEL=stack + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +LOG_LEVEL=debug + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES= + +# +# Time zone +# +TZ=Europe/Amsterdam + +# +# Use ASSET_URL when you're running the data importer in a sub-directory. +# +ASSET_URL= + +# +# Email settings. +# The data importer can send you a message with all errors, warnings and messages +# after a successful import. This is disabled by default +# +ENABLE_MAIL_REPORT=false + +# +# Force Firefly III URL to be secure? +# +# +EXPECT_SECURE_URL=true + +APP_NAME=DataImporter diff --git a/hosts/pie/configuration.nix b/hosts/pie/configuration.nix index f6fb708..d9e8b6b 100644 --- a/hosts/pie/configuration.nix +++ b/hosts/pie/configuration.nix @@ -1,6 +1,3 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, @@ -22,12 +19,24 @@ in { boot.loader.generic-extlinux-compatible.enable = false; boot.supportedFilesystems = [ "zfs" ]; - networking.hostId = "34234773"; - boot.kernelPackages = pkgs.linuxPackages_6_1; + boot.kernelParams = [ + "boot.shell_on_fail=1" + "ip=192.168.178.2::192.168.178.1:255.255.255.0:pie.b12f.io::auto6" + ]; + + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + authorizedKeys = psCfg.user.publicKeys; + hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"]; + }; + pub-solar.core.disk-encryption-active = false; + networking.hostId = "34234773"; networking.hostName = "pie"; networking.defaultGateway = { address = "192.168.178.1"; @@ -41,6 +50,13 @@ in { } ]; + networking.interfaces.enabcm6e4ei0.ipv6.addresses = [ + { + address = "fe80::dea6:32ff:fe5c:3164"; + prefixLength = 64; + } + ]; + security.sudo.extraRules = [ { users = ["${psCfg.user.name}"]; diff --git a/hosts/pie/ddclient.nix b/hosts/pie/ddclient.nix new file mode 100644 index 0000000..9a9af07 --- /dev/null +++ b/hosts/pie/ddclient.nix @@ -0,0 +1,44 @@ +{ + flake, + config, + pkgs, + lib, + ... +}: +with lib; let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; + + getIP4 = with pkgs; writeShellScriptBin "getIP" '' + ${curl}/bin/curl -4 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r + ''; + getIP6 = with pkgs; writeShellScriptBin "getIP" '' + ${curl}/bin/curl -6 https://ipcheck-ds.wieistmeineip.de/callback/ | ${coreutils}/bin/tail -c +2 | ${coreutils}/bin/head -c -1 | ${jq}/bin/jq '.ip' -r + ''; +in { + imports = [ + flake.self.nixosModules.ddclient + ]; + + services.ddclient = { + enable = true; + protocol = "dyndns1"; + domains = [ + "pie.b12f.io" + "droppie.b12f.io" + ]; + server = "ddns.hosting.de"; + username = "b12f"; + usev4 = "cmdv4, cmdv4=${getIP4}/bin/getIP"; + usev6 = "cmdv6, cmdv6=${getIP6}/bin/getIP"; + verbose = true; + passwordFile = "/run/agenix/dyndns.key"; + interval = "1min"; + }; + + age.secrets."dyndns.key" = { + file = "${flake.self}/secrets/dyndns.key"; + mode = "400"; + owner = "root"; + }; +} diff --git a/hosts/pie/default.nix b/hosts/pie/default.nix index 541edac..869abf0 100644 --- a/hosts/pie/default.nix +++ b/hosts/pie/default.nix @@ -6,5 +6,7 @@ ./unbound.nix ./dhcpd.nix ./wake-droppie.nix + ./ddclient.nix + # ./firefly.nix ]; } diff --git a/hosts/pie/dhcpd.nix b/hosts/pie/dhcpd.nix index 2c55cf5..ebdb4f3 100644 --- a/hosts/pie/dhcpd.nix +++ b/hosts/pie/dhcpd.nix @@ -4,6 +4,7 @@ services.kea.dhcp4 = { enable = true; + settings = { interfaces-config = { dhcp-socket-type = "raw"; @@ -76,6 +77,44 @@ persist = true; type = "memfile"; }; + + subnet6 = [ + { + subnet = "2a02:908:500:b::/64"; + + pools = [ + { pool = "2a02:908:500:b::/64"; } + ]; + + option-data = [ + { + name = "dns-servers"; + code = 23; + space = "dhcp6"; + csv-format = true; + data = "2a02:908:500:b:3077:4e39:7763:b5b7"; + } + ]; + + reservations = [ + { + hostname = "droppie.local"; + hw-address = "08:f1:ea:97:0f:0c"; + ip-addresses = [ + "2a02:908:500:b:3077:4e39:7763:b5b8" + ]; + } + { + hostname = "pie.local"; + hw-address = "dc:a6:32:5c:31:64"; + ip-addresses = [ + "2a02:908:500:b:3077:4e39:7763:b5b7" + ]; + } + ]; + } + ]; + rebind-timer = 2000; renew-timer = 1000; }; diff --git a/hosts/pie/firefly.nix b/hosts/pie/firefly.nix new file mode 100644 index 0000000..1e0bbe3 --- /dev/null +++ b/hosts/pie/firefly.nix @@ -0,0 +1,99 @@ +{ + flake, + config, + pkgs, + lib, + ... +}: { + age.secrets."firefly-secrets.env" = { + file = "${flake.self}/secrets/firefly-secrets.env"; + mode = "600"; + }; + + age.secrets."firefly-db-secrets.env" = { + file = "${flake.self}/secrets/firefly-db-secrets.env"; + mode = "600"; + }; + + age.secrets."firefly-importer-secrets.env" = { + file = "${flake.self}/secrets/firefly-importer-secrets.env"; + mode = "600"; + }; + + services.caddy = { + enable = true; + extraConfig = '' + firefly.b12f.io { + reverse_proxy localhost:8080 + } + firefly-importer.b12f.io { + reverse_proxy localhost:8081 + } + ''; + }; + + systemd.services."docker-network-firefly" = let + docker = config.virtualisation.oci-containers.backend; + dockerBin = "${pkgs.${docker}}/bin/${docker}"; + in { + serviceConfig.Type = "oneshot"; + before = ["docker-firefly.service"]; + script = '' + ${dockerBin} network inspect firefly >/dev/null 2>&1 || ${dockerBin} network create firefly --subnet 172.20.0.0/24 + ''; + }; + + virtualisation = { + oci-containers = { + backend = "docker"; + + containers."firefly" = { + image = "fireflyiii/core:latest"; + autoStart = true; + volumes = [ + "/var/lib/firefly/upload:/var/www/html/storage/upload" + ]; + extraOptions = [ "--network=firefly" ]; + environmentFiles = [ + ./.env.firefly + config.age.secrets."firefly-secrets.env".path + ]; + ports = [ "8080:8080" ]; + dependsOn = [ "firefly-db" ]; + }; + + containers."firefly-db" = { + image = "postgres:16"; + autoStart = true; + volumes = [ + "/var/lib/firefly/db:/var/lib/postgresql/data" + ]; + extraOptions = [ "--network=firefly" ]; + environmentFiles = [ + config.age.secrets."firefly-db-secrets.env".path + ]; + }; + + containers."firefly-importer" = { + image = "fireflyiii/data-importer:latest"; + autoStart = true; + volumes = [ + "/var/lib/firefly/db:/var/lib/postgresql/data" + ]; + extraOptions = [ "--network=firefly" ]; + ports = [ "8081:8080" ]; + environmentFiles = [ + config.age.secrets."firefly-importer-secrets.env".path + ]; + dependsOn = [ "firefly" ]; + }; + + # containers."cron" = { + # image = "alpine"; + # autoStart = true; + # command = ''sh -c "echo \"0 3 * * * wget -qO- http://firefly:8080/api/v1/cron/REPLACEME\" | crontab - && crond -f -L /dev/stdout"''; + # extraOptions = [ "--network=firefly" ]; + # }; + }; + }; +} diff --git a/hosts/pie/hardware-configuration.nix b/hosts/pie/hardware-configuration.nix index 2274708..1460bff 100644 --- a/hosts/pie/hardware-configuration.nix +++ b/hosts/pie/hardware-configuration.nix @@ -12,20 +12,29 @@ boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "zfs" ]; - fileSystems."/" = { - device = "zroot/root"; - fsType = "zfs"; + boot.initrd.luks.devices = { + cryptroot = { + device = "/dev/disk/by-uuid/742f819f-98e5-457d-b21e-30443455fde3"; + bypassWorkqueues = true; # optimization for ssds + }; }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/DA7C-BE8B"; - fsType = "vfat"; - }; + fileSystems."/" = + { device = "zroot/root"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0D5D-B809"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; } + ]; - swapDevices = [ - { device = "/dev/disk/by-uuid/8ce4ae9c-2db0-41b0-8468-91bb184707d1"; } - ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/pie/unbound.nix b/hosts/pie/unbound.nix index 3636edd..80f8670 100644 --- a/hosts/pie/unbound.nix +++ b/hosts/pie/unbound.nix @@ -17,9 +17,24 @@ "\"box\" static" ]; local-data = [ + "\"droppie.local. 10800 IN A 192.168.178.3\"" + "\"droppie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" + "\"droppie.b12f.io. 10800 IN A 192.168.178.3\"" + "\"droppie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" "\"backup.b12f.io. 10800 IN A 192.168.178.3\"" + "\"backup.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b8\"" + "\"pie.local. 10800 IN A 192.168.178.2\"" + "\"pie.local. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" + "\"pie.b12f.io. 10800 IN A 192.168.178.2\"" + "\"pie.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" + "\"firefly.b12f.io. 10800 IN A 192.168.178.2\"" + "\"firefly.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" + "\"paperless.b12f.io. 10800 IN A 192.168.178.2\"" + "\"paperless.b12f.io. 10800 IN AAAA 2a02:908:500:b:3077:4e39:7763:b5b7\"" + "\"fritz.box. 10800 IN A 192.168.178.1\"" + "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" ]; }; forward-zone = [ diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 51faea2..fbbc6d0 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -20,6 +20,6 @@ in { findutils exfat - gitFull + gitMinimal ]; } diff --git a/modules/ddclient/default.nix b/modules/ddclient/default.nix new file mode 100644 index 0000000..e3ee366 --- /dev/null +++ b/modules/ddclient/default.nix @@ -0,0 +1,245 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.ddclient; + boolToStr = bool: if bool then "yes" else "no"; + dataDir = "/var/lib/ddclient"; + StateDirectory = builtins.baseNameOf dataDir; + RuntimeDirectory = StateDirectory; + + usev4 = if cfg.usev4 != "" then "usev4=${cfg.usev4}" else ""; + usev6 = if cfg.usev6 != "" then "usev6=${cfg.usev6}" else ""; + + configFile' = pkgs.writeText "ddclient.conf" '' + # This file can be used as a template for configFile or is automatically generated by Nix options. + use=no + ${usev4} + ${usev6} + cache=${dataDir}/ddclient.cache + foreground=yes + login=${cfg.username} + password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} + protocol=${cfg.protocol} + ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} + ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} + ${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"} + ssl=${boolToStr cfg.ssl} + wildcard=yes + quiet=${boolToStr cfg.quiet} + verbose=${boolToStr cfg.verbose} + ${cfg.extraConfig} + ${lib.concatStringsSep "," cfg.domains} + ''; + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; + + preStart = '' + install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' + install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key + '' else if (cfg.passwordFile != null) then '' + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" + '' else '' + sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; +in with lib; { + disabledModules = [ + "services/networking/ddclient.nix" + ]; + + imports = [ + (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] + (config: + let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; + in if value != "" then [ value ] else [])) + (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") + (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") + ]; + + ###### interface + + options = { + services.ddclient = with lib.types; { + enable = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). + ''; + }; + + package = mkOption { + type = package; + default = pkgs.ddclient; + defaultText = lib.literalExpression "pkgs.ddclient"; + description = lib.mdDoc '' + The ddclient executable package run by the service. + ''; + }; + + domains = mkOption { + default = [ "" ]; + type = listOf str; + description = lib.mdDoc '' + Domain name(s) to synchronize. + ''; + }; + + username = mkOption { + # For `nsupdate` username contains the path to the nsupdate executable + default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; + defaultText = ""; + type = str; + description = lib.mdDoc '' + User name. + ''; + }; + + passwordFile = mkOption { + default = null; + type = nullOr str; + description = lib.mdDoc '' + A file containing the password or a TSIG key in named format when using the nsupdate protocol. + ''; + }; + + interval = mkOption { + default = "10min"; + type = str; + description = lib.mdDoc '' + The interval at which to run the check and update. + See {command}`man 7 systemd.time` for the format. + ''; + }; + + configFile = mkOption { + default = null; + type = nullOr path; + description = lib.mdDoc '' + Path to configuration file. + When set this overrides the generated configuration from module options. + ''; + example = "/root/nixos/secrets/ddclient.conf"; + }; + + protocol = mkOption { + default = "dyndns2"; + type = str; + description = lib.mdDoc '' + Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols). + ''; + }; + + server = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Server address. + ''; + }; + + ssl = mkOption { + default = true; + type = bool; + description = lib.mdDoc '' + Whether to use SSL/TLS to connect to dynamic DNS provider. + ''; + }; + + quiet = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print no messages for unnecessary updates. + ''; + }; + + script = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + script as required by some providers. + ''; + }; + + usev4 = mkOption { + default = "webv4, webv4=checkip.dyndns.com/, webv4-skip='Current IP Address: '"; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + usev6 = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + verbose = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print verbose information. + ''; + }; + + zone = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + zone as required by some providers. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = lines; + description = lib.mdDoc '' + Extra configuration. Contents will be added verbatim to the configuration file. + + ::: {.note} + `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses. + ::: + ''; + }; + }; + }; + + + ###### implementation + + config = mkIf config.services.ddclient.enable { + systemd.services.ddclient = { + description = "Dynamic DNS Client"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartTriggers = optional (cfg.configFile != null) cfg.configFile; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectoryMode = "0700"; + inherit RuntimeDirectory; + inherit StateDirectory; + Type = "oneshot"; + ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; + ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; + }; + }; + + systemd.timers.ddclient = { + description = "Run ddclient"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.interval; + OnUnitInactiveSec = cfg.interval; + }; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index a8e008a..2ce614c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,6 +10,7 @@ bluetooth = import ./bluetooth; core = import ./core; crypto = import ./crypto; + ddclient = import ./ddclient; desktop-extended = import ./desktop-extended; docker = import ./docker; email = import ./email; diff --git a/modules/desktop-extended/default.nix b/modules/desktop-extended/default.nix index ed0334d..45b3f84 100644 --- a/modules/desktop-extended/default.nix +++ b/modules/desktop-extended/default.nix @@ -12,9 +12,9 @@ in { users.users."${psCfg.user.name}".packages = with pkgs; [ ungoogled-chromium - gimp wine + gimp present-md inkscape gpxsee diff --git a/modules/graphical/sway/config/config.nix b/modules/graphical/sway/config/config.nix index 629fe5a..b811c30 100644 --- a/modules/graphical/sway/config/config.nix +++ b/modules/graphical/sway/config/config.nix @@ -19,7 +19,7 @@ set $up i set $right l # Your preferred terminal emulator - set $term ${pkgs.alacritty} + set $term ${pkgs.alacritty}/bin/alacritty # Your preferred application launcher # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. diff --git a/overlays/default.nix b/overlays/default.nix index 27401c6..6f3e7f3 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -32,12 +32,6 @@ (import ./neovim-plugins.nix) (import ./signal-desktop.nix) ]; - - nix.nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "nixos-config=${../lib/compat/nixos}" - "home-manager=${inputs.home-manager}" - ]; }); }; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix deleted file mode 100644 index 80be2f3..0000000 --- a/overlays/overrides.nix +++ /dev/null @@ -1,41 +0,0 @@ -channels: final: prev: { - __dontExport = true; # overrides clutter up actual creations - - inherit - (channels.latest) - - nixd - ; - - inherit - (channels.fix-yubikey-agent) - - yubikey-agent - ; - - inherit - (channels.master) - - factorio-headless - paperless-ngx - waybar - element-desktop - signal-desktop - ; - - haskellPackages = - prev.haskellPackages.override - (old: { - overrides = prev.lib.composeExtensions (old.overrides or (_: _: {})) (hfinal: hprev: let - version = prev.lib.replaceChars ["."] [""] prev.ghc.version; - in { - # same for haskell packages, matching ghc versions - inherit - (channels.latest.haskell.packages."ghc${version}") - haskell-language-server - ; - }); - }); - - vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;}; -} diff --git a/secrets/.fwknoprc b/secrets/.fwknoprc index 6bf3691232866b9adb793b235d3fedafc187bb21..fefd74d6fdd2377530c980d0515175e5c6ec7c69 100644 GIT binary patch literal 2500 zcmYk7$;-QZ#@Gp2S&-44aad;nAez!D3T34T~yLdb9 zfcvNK`aZc20|-HO#NDOREkV6gn0$1D>BNa6=%58std8zS_*LQE2AN8g%7aQ^_cpOp z0c__(>kfsj!%=~h1d&+gk{NO8lG+ujO_^=%=rGTD3dfIWUGLuEftz|UFoHuNyD+if z@)DY}2g{mHMCP8^PxUxKtElz6pznuM(HrP=CMG-EcYO$H;EtO^k_Jpn;{x7^ZrLup z^0W@KsD$t3Rd;A1+Mi{0A(5q7^vW|T!cbQRY}+}?pcI96 zVyCu4*_mgglj1M_6eK!Yz&* zye!CMsL}B%lAF?z009-!Q8dTi{&6qvlWxg8mtw?w%CkE}pp zlYS8t&B#_TE8I)MWT0*}$*P(NO@|vE37`(JsN;TNgViFd0zL_hRC~-76C310RP_mp zPdU3eo~|dHA@}^c5=@%rl%eshS1_hz9)RsMc^k{e5|ay=urwT%glJ-hnFhy_NVLxE z*|+O$KQ@S0Op9aMOq{17CA4zCD64afC!`Ptqem1>%5Ln4c+`4#E(kp)>{N*wgPm;PRKRFm z==8~5^n7!j1aDVT2Bem5B1E>_ixk%+IXbMY_?Y&n8Yqr=YXUsR6$i!1!NNCqi?;D{ zDdAbRXrZ{CP4QuJ79%Nbp!TAM_DLs1-w!*WiH&B`?N;r^XmH$t0P%-0 z1+%Th^I;Di;%c*3)WkQAQ|`DBH*EXjsJB8-6M~k6BtW!+h*|EU1f?^%M@aQ*YD#5; zU+SqSK|xqTYBz{6-I&{SLuDPiWo4Y3LCbA#Mw|oJnD>WL6tvQUnTR||C{Bk`C4qLj zXT@tu>6(XOY8L0csqz~SzpAJ?$NWTrgs4O)z&2-RiHHuGlxmmrQ*0|Pa*5N)IVVaJ zpETAHR^~Jr{24iuYArzf8n26V46$Qjs}|7NLEs0Ma#Lj?=j>5SAE>gScBj-dtZ6J0 zp>jF7;hHO-4^bU^7$QapR{9iNR?uJq4SCB%k@cv3_t-Vm>IT7nYVih=&4@B;p5P(XQ-{2AXY~o?L6%W*4~My^pn2sI$SfS zB$Oi<Ls#y5s~WSGCPgBX zR0I!BIw-5T5RMTFNs_f(Zr2-R@*pk%RV>M#(p*~!L0 zn@sahDWT^x5|1sP39Fph8DQ<^3QPmbySYe?cITLB@oICKhlj5~-S+<29qWw^U+H9> zH)l^KY^HSkwshbISK~trc(X#=xyCXAx?N~m$&bh2a1@|u6xUd4Qn+^8)GG#zW=CIb z2xJ3yUVOyeYbdyBzX2G|;#zCXT{!b>0kp25Pr66fmsf=xl8|4zT=Zu8Br+)5616-E zROxqJMW{K^%ViGq(r(4Vl{%ZN8&DBZPYk`iibBT+4<`gd$c&g9$sVz_yMeS3jm?A0M~}H){A=y=sCNzjBrtmb+evYLRgzwn|AKQeNk_AIAQxo9zUm)4?dqA_V;lY zx_x-}Jn@BR?mh{ut60u6((uQ&&JztrPbOyaTpi?5i^P58NM6dN$dc~_IOY^DKow%$ z`+H^v^H;_n#kqYu!BY`}jBS z{pDX@y?UQgUVJhQpZL+MAN#rL>+k>f(@(tfo%g)}y#4YIwHLnlAJKj3m#_W(m1lJ7 z^`Cw1%RhbdEAw05`0bxQ_tdi=fAxFce?$74{K|9B{`%Vv)O_>Z-#z`u2OoU!q4&P@ X8S3j#{?*hWtSiBRCF|cUEn>hvOZj`4y?qMZH-V2NJh+rh6Gw(W(OH(7bCqie3U# zmgL$4>~r6fN2S#ENgiQTlE zqq2f|X=kZziE9>d+SWdsayx|_xZ!EyN)@>dj>i%;4caIQic|Q|I-V?zn}D9dt!Wiq z2yzTlh>s>2WmoRfMWhxvR-5>{i-EUy$aqaa+>2ripR(a!j4O6LjQ(<6_bAl{XHfT(ikG zD>8`);L~NiqzyvlF;yY4Xh-MGA|0;$4wubQHCS`p#Z}2AEdprOYR6KZ?Wtt#(q&%~ zx4tIesMkeR)Kt{soU2=m?s*U@#&nvV!A{O0Hrw&iPK(w745R4GS;O`dXmxo+v^%_# zbSuH&<7(t$O zZqVJ?N*7j{+4DAOY$!zOYGtWPJ9XZcJSeUZrbbi%hkmy=7$adjjFq^)XA^I4u|1FJ z4uxJhzNY6{EjC>rAC_8kcMZ)58FsW22ZXsCrvQ5oA^QVjK&hXuabQT5WUpd5c{+u( zY$z9!Bu32|C6?Um7G@D-$EBzsl#@f4!F>XlU>y33G4BGIthQY_%!(gDLbK&{3#BJc z!b03XWfH{v-{TKkgV4e5klktc04{DncA?s5$S7|%bRdF>-qm@fV~Z-v9Mjc0mJ0)b zu|u~#$#6Z~=0k2S1uLgRzBeuhQtREyAOc^9uXcXcy^ppA$uh~k0(mFZi>5R_d+RaN zKjwtu!f;Kj?F#8Ew&+(p^^>v_0&vY@0mGdRw|hnH+{H?RNC5^uByOlHU5f@J7&WCb zmFGjqMHra5%oQ3ZL%HYR^X5{*$yr+!2{TJay?~s+8hif+>~*Mt7RxxE{O)v;m*^nw z?IX3j2cvFAe-hOu@Vqu*GI|*@CNoq!G>K%!&!BXoni=5XsbB?%f{j+7Z;)%sv2K(T zntR|@Ol6JqyVMx;;Xch|Pnyc1krmb?p^3@Q=&9T@_gnAV?7DK(g zT6Xnj;~I0f1Qmq)yBQovkY0E8>T1cT3JC<*gt2YCp$fg>&6P&m2qSiXppojU;^Riok<6QTfL71m)#IrPvVx3#;UyJEUR)Yht8 zd)wlvP{}o9f_lBX8r&r6ESKL#uS{zcRf7Fy0uD+yv?@c4bX+rYPn}fae$?k1mX<7` z$3EUl0gs(0$XN(XHS1vs9nlPkLhS|!ba=o^GahW>DAR5$eC0giLRyjLfVaflu(aIs5N+)^J-#+H*;An0g{QBf6KLZT?#vAo?3)8>%Ssg??a`+>j< z&W*AhBFm{W2P@WyFdRK>Ko0$su0Xb~8P*@2(U0QYX~Fq?q9Le9?*DAqcZoGm5fn;2 zF&dX}M42Qu^-VBb>U>+33j?4jvQI|tkQ0O69;5t%t4J3dX33y)0l!>)kOh&lGAq_v zTcg023>HKoYCsa4Bx=F{7J+Ti@8^2g@69Mz?@9675tfXOm^Vk384MfWqOpA6txyuw z5juIiiX$BR3Sa5F&!ljvC*8#*g4&dJj#tV3QmiG%#`nX zCs39mXm$z^=#3R6XeEx@=6Y0ju7yA;0gEB!DO-2%%9Ca-mc^5}O8w7c&adxjJ;?eb z7?Qi_#h307=__~mD}jXzUj+`Hxm?w=altB9Me1!v)TjvCwuKD1PFc!@a;DbtnA_Ib z&crrAD}U<6YS-t4p`RKW5Of82@ZiB+t#Fl$l@+{&NmWPt7~}G7M#ANO6;L%aJ=q~R zG^|@S0)F<^?_c@eV?X`Ud&JNG@!s>#z0E!PVe}C$AO{pL+PG*FW>S#~=PG{pY*i|MM^MM<4#-h4_tM{Og&|IZhK* f`?3Z+@go0&K>qFVyZ%dm{q?JlJu!Ux>tFaUMa)bP diff --git a/secrets/b12f-env-secrets b/secrets/b12f-env-secrets index a70de4ce58121760debb66551a1dc1fe3b902030..2999b5583b5b64917a4360d6cbc4d4acc6599aa6 100644 GIT binary patch literal 2533 zcmYk7OUU#F8HG{0F)nniP(Q&%C4A;KlVsGYx!-4!ncNj6lgs3uNis<$S!fq7)s3Z4 zE7ekqJB99AU09(|6r@m5!6HhxTCHMh5yk1^2lp==czMoqf>V4S*I_rGFIiK6s_9P9 zhyeGWyX*V(K911!8rj^L^}$h$JB2r8P3Tf}0F5Pt&wB%u%FCg%d&g&o4Si)apO7fF zEj>WWk`s)3bGH!<@j_g#yY{R~XZc8h0?wPO{u1MLA4ZVbKS=BP;Es%f?05pYr+K)lSUu0!mykfR$x&((R5K_Q%XxKbuS-PNk z$GP}`>1?fdwB@fV?Yc@kZZDlx>!7+kA_t?0p;ok`tR0zn)~@zb!1k_9P{73zTlS&l z6z!Q!wWOoLES(iqtpvK5!!?rln+6S>p}3&siO1Lbv>_oDMP@)Lx*ALsMoBc0?n$C; zds<%mo4`K?vvie2!ElGFl$?V-)x3@gbD|NPeKC=(ly~?VV6rV!#M={9Y}(DvS0ISd z^+9UOk+ecSCp3p}F-|&J#{$J|mfI4Ts4*vSvpWhVdUAoQbP0NVU!7ZlbUgvJae|TB zK*_TS?N6CpO()Gp+5-baGNlygT$YewBau*nD}lo_VCnHR$90IEaG%v0c%Wlsh$19B zH2H;5R+6QR9=dK#v0B2?iVapIZXb5*>C9AXwgR-^tn*jSYS=5{kjG_W1-+g32PB8U zwU>j5q;5|(rh3-wI104khj~jct&jF%eib<$$ZXni)rM0HLs%I6(jb;K1#-1l#dVtn zv^>XjZu<^X1eS8z9;I}X!hQ~-j8qqNA_FT9EeQpiOL<8Wi(KGlBB3t9+r2@e4b(Wk z?Hpt2Y%1OZjvurJWdc$;-PH@Xb43bU%b2A&csgG;VwLNNB)AQ6qh)mRQaujPYVHAU zZ2fc-1yPxL`pS1%S-^#*POC~kMJVax^DfyMzJ`^}gS7WrgPu;ZGXbryfnBN1tHcI* zp=9`C=MYy&DU=Hyve$5H^oJck&FrOExJx*hbdy&erqK>Z#>k{&V^IRn%(ZFWtQf2d2zIkhHcFG7gb83NRl1=A!c8F(oM(eO zvH}-0O7q~rOO9bj2^jxoUd3QxDy>qqb zoI_iQEkF$$T4i;!2Aa%%=@jF@8tVue5Y8d|h?mLz0k9ZjRc)v>&mDb=>Z)oZ!E0@@ zv0>fyA&+kv@nRoTmC3tUy$}XfmLnc)c zC{oJTglf6MHn;;FSp`xvsuj;!0@l@FEvXD>)}C9(h1ZA&E1Yf0+r}LV1?S{qrALv* zr)4Mi-MXnA49df7ABdex;yXm_&XTU*YWM$W6g+!?DWGP;zCxr@Az_-(R^w8I%%K{N z1>YxxIutuMIwFO~7NfYq6DQ`%2~1%;F^7!MaKr_e>j_dB{k+gOL3(>6bQM)zt$HW- z;&8I*(>T*vj`u8RaV4)Pq{edRHs^L)Opvh30e*vTb3e~2%z^AnGG!)l9#yM%6R-?* zR2`Up1o_jgGgC@#S`kfGg%loL4pO-VfmFaWmP%%D%hryo^bHRw?v%S zSi86CDfLkU;YZOW`fU_9H^B?I%9h$u0GuMoGOk%DLMcEewNrX1C#aiFM$WNISyg%A zuju2Z5OilA+UUaN&UkFPOmpqoiC~~b46d?6_~7rNX7A|D80*+df>}51Ht^7O3a&@O zSscBd04XGQvaX9rD>B;@$9XaYj;J8!P;R+$>0x$w+7zsevHn_xj1W=_625I|IUxL* z39tJRpUtt6CkfyCN9`nN;{?DidnC?AU2PYkv;`}p^pv)bHZIS##PH%yQ|;63@G_Z> zj_3%gT|F%iZvN&Yl1poVL4CL^WzIO5C&DGt6gIXEy-1mR!BlDrM9#!%B~_f z2G40?URMrpcwhyRw^2z3uch>j*j)Cw&ZEL4^+yG&Qmd?(o4qU*Z)9>6Dp;5aMkf>Q zz@&Nsu_Td_Au0f3sHk;N2J6yZJdV|NYXa631`nXkrEAePg7j<+JAA&M-s8BvKXq}? z$3U$W+bbvHTF95PXKksQlVjR)WPCnXW{{lKAr7`??dgWH96P#6g#vYhQ$GB zhP23*>y`GHU=3b5G^?Z)wP~nxC30mG!|9rEHaD-{-`~{&-6i7HqI0G>L6yPO#6`TV zJzCs!Ouy@{-FFo_hcR&2l8vMqO;U0167s-9=-yh$$FMZ_c7oTe0sGrz;G5XV^Kl{f| zzW3~Z{jZbi3om~Akv~7R{PYKp{_cIhe5ZOhfB)}4|Kv-*{mqA{?=O#i=EskI<&jUM GfBPS!LSAd+EYb&dnleNq6b0fp`Ltuc)@?*`y8In=lORGH6NYm^Ri{^X4{( zl%~vpks@#L!4I<2&d#SoRrk}DkL%hR!(6|WT@WB>n4pIVfghy}m++20g+-JBePOVx zs!G95EMfm(O*|iu%$S003n8swm&{hgWHc}?j(Ci-9d>LvH=xk=W<_bLxPXnh>@7|X z9n}c?#hNW}w?7joa+UohCoV@?2u~fHJDP>NhV7*1eTMP)5GI?iyapl0-dPhxK4Ufjm6UmdJU-jevGJ($=D)PVe|^E-i~mu4X^ zD2H&yHrt#I(g`X9&Wakn6Tp3 z8A8}R5NmkY37Ltm^2in_vS>K9b%NyP;$?a>k9)OxSdR-xa+bh`B$-8gobAnE*S`f2I2I654b+Nj@ntdcDNvw-L8Y^~y~P9DV5_4sz`1WCYMy-kifX5lN3qk99@5Kh z7)OW_Oq5s0?Kq&VHaeSWjCa#F{;HdvF+iyw0D}bAtsZWSYFj5|zCV zz>y{}+_AAQelo&pICutxAGItWs+BBS6Za@CDMC7L;zwy8T7zbp8_X#l^upv!bgh+JXa+Lid?)0-5f=I-Yn&B^ymv-3p9BlC$4d8){4|-UucB6vq z>T}$@8DfH?_nLo^iqc6zK_WJ#s!QyS>EpUv39w%I8EG7Y)P`gpV_Mfau09}aCjfZb9Zz}(4~MfM2Z$z%)N;%Um2xsd z8%YX7x8p;9e8I}hg6LX=ED4K^=;=DmSOAeg6;P*LzCrAsmKrc{>QiV=5@St!Lm}`w z)ymxs5ny#r7;#vK9&v;t#MxZh_3_41THycDsJ6TbvjDGvq&rD8QqM!&(;Rm&Y($Pw z4=no-oC>l}=nMWVWq+g_1x4^NPM+5DGH{$@e*44M!O_tPp$-I&uumf>BpkGh}fxyM`N?GBX7?d&Dm>> z+EQY+rUT*J(>>#>{algmdAny4zW`|V+C{x}l*yr?AVTV72(jS3v~;K!W+Lo0?a@_a zdmfLc2x`jnzV2?ZgN)l2@}?RA#OdL$;LXkwsRR+mVJh*N0`X1T-_WX`OwpMgMhlLh zGq+d^$Auyums2)IXW6c^1p(@Z%Vi;zFiw+?A>+k0S#4JhmCv3S8x1Jog7o@Y)`SS^ zDa;z9mRx&;t(NAjaim27GufXMj6AHw)zBNBn=Rf6Np&-U>5R{7-`|8vrY=05hB;r) zlSH|CzUUt1;jnPH=>WR$JS!3t6d}p-@PJydcJ4!B>7fj)ysftc6qDuG+pGWSs3Ou4q6(obHSvXw%V0#3DIrE^;vW_rzTTX}?;VZ}&N7Mk-Bf(ti02Zd2uq}kvP7X|RY_Wj?#OT9?E`RZ4~^s$e> z{xkB$U)=xlr{DV^{k!+}kKg##C;s)?d&zSjdHjXyvtR!K{N@k8yIGr$-k$!3Ip4>A z_viaRdgrNsKTzL#{WpL3>cDM|Jgkjyez!`#y{RP zpLhl+@4xh?zkTPy%hvnSH{X8h!Ao!bDl&iiPzXn+Or>^U;Q7VU0L=3 diff --git a/secrets/cat-test.ovpn b/secrets/cat-test.ovpn index a7ffd69f0cff810698416e7009d5308dfe62839a..0aa1e4dfeba6a8d10277ff2758e3e697cb993145 100644 GIT binary patch literal 7326 zcmYk8`CAP9`}ReY(JfoLLu5@xX5X?k%`{uH?=vZ8pJr?JO_D9Lw4sHNY^Ac)O^6gJ zR8qDiN>YgISwfHR51-?B{(|d$ywBJ9x-N-I5vnlA%r2ufF5a*t-mC)IA%M^oK^BWT zR3V2V5D-id*T4}(v4X53nG}cB;BdmLWYD+=TKcV zfPo%?(=tU!7nT-jAc1fe2@b*`@@(7)lte`*n^cepO_T;{g$P;yn`X91g3xkFoKyv1 z>0Kx_Nh*UgfMTtK!^X*lQCJd!!gCX-2!oR3G;>r)GG2%`MiI0`v>ePA(Ulyu4rM1% ztvC`0U`4X%R=kF1j$~QYP886@rKp%3rVIzcarG{@6GpU=BFR#%S+AG#4vIH(ha}6*hMI;bH84|WbZqovFG%`mam79PP1w+nZ;wWYp z434LQtPHANWfc>ICZ!NBvBzrx4jrEg=gLiPl}0FJs)iN_gnRtHMKQtH@71{Xv#MIiKAfB}UfxGfSjgdFF9 z(c{T57f*_`!0iU|Ukmx*9 zvI7SrN>Er4GtMa1ibWp+6YD8Pev~v0M7B}+764Mu(TRW}28?KwfvI+( z*(h*9BNcoJNvkjubTXnTk{~4s$ZnVouhyv5#0VP6ZKS&`Dmk5P$5{ZJC_Gtj5m-@i zRxMpg1WN@VP#jAYkBqb%O(>Mfr4~Vz3OW-<5XppAh)Ic+Dv2mAUkauXHF60VV9@il zVxTZy8*g-iDN6RRt!msq$#xVN+8f}$LaAhC6xeF^OZa}K^SS4At(|~lvK-9 z82L^iiedmbVKM=U$7buncYTjEG@-uK}8ZE5m+_~r{Jp%c#g)wBXWuHt|*gC zge3?Fe-*1Y^I6p4%G#ZhE1QG`V#qJUT!vdfLuaC86&kBH_t>@XeJ$wAX0 zI+KpWprKXqPK%1E7lU1DwiJxfA=Ma|92OBN728cwK%v0?R~-tr1|v5E2qttKlOz$l zIB*bO#Du{ydaGH(BdHV=t4!;Ls7PR-9*dy})C4lg3UNb`C=-+7|7+(;db$ESnr0F+VSrt(#EP8 z$TGG8s-&voWG*L*!ofIbFbowOfkB9AVq=ur1fbv%C_Mqp5U9AoD2oHEwi)acg%(d0 zNqHC;53J_P)o~VtK>>G**hG{~C`P#HXevd)bC|H=2t2^1bvWb#)87d34jze4puqp; zWsP!U=q$IJfwXX8WTZ}L;tQ;@|Km6W7E8f|s>}+BMG+LtjfF2+Nzw*|bAl8>1}Jc$ zQ-T5*v@(4hhN(30q-?t>QYg_fAc_SPv5}U)g|OP#Jegf9q46Xj2oWC%xD+s_2>5GI zRnfXHt87ZMuaEziyJI4PI-gEC;o$>+YTC2<%6R^TE;04Z3h1&?qg5-z?fv7z7tW?h zS-VOzZj##SA`W`337&KR7HwGnepE7K+ri!|AxS?%7(vm5qn|sZ9U}sp$8>w7$3B8y za4#KEQ`2%LR_&-8al0^fR-XHOrG8TzSqseduWL3H-46YnwP)QckMaX?62#Bpngs>E zW8Kr1EpJHv7M9%9ww~UYxV7DVL+0?KJkAY$`Z?-HwRKHx^rGBSV^i+JW2#Ft%P-!$ z$omS(E_?6?pLF9?bNrM=td7Ws{$(oLyo{2Fh`0-5-m9kWzTCJl0S0<59NKqZ2;q5*uDW;nay_eAyM-mYv%ipRFsHP=g7z#M4G;5O+U zUFEOOuNy$VAH%<_=j>KYE^J<#_~2?n_nLa|LlO*S?9mv_KJVcA9X;FY8%Ioe{bV4x z73O6mDFIWtk?(f3&DIbTlW9l%4BW+o@foY<>1gUN^SxJuUblP4`hS#Tb&tu3SL&{pWB|-w7YIo0q|QRcxuOD-X1{3fvin|yiU+6 zJ$)cs|Fd%aGI9`NxOV-Wi-g36%j84wozst%Zkb(n?^mObV%vk`=?ss+Yp+V)_*6a< z>}?vkLCMoTh>8j;b!;cGJDc{ohdw6Fe(_Aa-A&?GV>h4q_UB-S-#)|{zfZlvTgP#q z(cWG9p@*VJ)xPmm@0bf7<6pThr3IPr{#tAJyPga>H9maACUwi>n*+Wr;2qaDS+8aP zesTU;*9^U1A^75-=iv6E;+|b14$Hap>9tY+wBk(%@)j*E@|#&k-jcBxHfY^#YI%Fc zQC7C!I{L!8zT>peULA6LRehG~6iAfcz`rb5Gh)$|wS|obj?N#m7V~Vl4OI4BkbUOE zf(eG(xWr2>FEim^pQa(H`8ApC!w0lqF9Zi73g@3bA^QJF=cFTRa?idvmOpdF z{XFPS1KM34m2G`h{AA9l(Ft1weJztV_H##}FSJcd3%>#VG0c8unH5MMg!-@E+rJZfS^33pv$yU?9>=T;zm>K><+%58pSP1khf)Wr@S1SCX%ab4WJiyR&Z!9IcwPl4=@SI1-ZfrP> zSQ33R%JZlUdy4t}?8v!f&}+iL^qF41rnKIdq77FB3x|Varaj1teL#CZzUxzN+US|V z)9^Fco@Ux%PH@qD(e5!57s~E|nbEEtF?cvc_X=Us8o#5bywy_7d z`rc_DyOnvsD>nxBrT5K4&Y9#3UqoLt87nq4>}Sl|yGq3qZ2R2M5Pta&TC|?0nVQ?! z_0xOt`i;hp^tMdL;cYzdjc-e4eU3l;F6!49r)TlRlRY^D&yWA(t2onjvF<$JR+Sk&dDjNeL+@ltk^ zuX8A}5u3Q;(64nms z1(n|Zrz0)mmczfEH@af0drziE?--enbl472C0)5-2IbN(b5uBpK zdfKB8?V9uR+~VfU9luZHcp_(?QE%rRS@XE8_2e*Y)p6e>Me@BFyTY+SakqIg%!?0n7s8SUQMBa*N;d6|FY-M`FY+`8O= zE6>NMoPL3|pGAFvu|JkT8f@@vTDgo8u(4z9+mb(}fJerbGYd{_KbHQ=??d2R(fJV0 z=@s*!&6QU6KmcpV0Nc75<3GiyTP5gZ97$-eJm=#TssF9=>T_7T8Z@Dc>R#|xb=~bf z8dvt*2?%iqX>1*G^=(Uf%F;e^!N%GBf@?wS8dS zA;*b(6Sz;`FJT|y6>*5&sO(P{CscR_m{*i;7p&mOmNj~{etlBoc-;izRYwJM+XmNL zudCmE&x7^D7lxy%UM%iv-jVeQ`J*c zI3SyLLv!6+u*#LZ{8obPoVt zd>oz=)+z|OH=<~B;%f20+PU?sqj$yROr3stM56Oij$>`hEL-a8eBGzqjTweJ|pvm2odd!e)RnV@Sio?l7oTIq(059tAX-OM*!a6k9Yr3=50pRONBnu$z2`Eqpwkzi40AgAyg$5YA1b~g`?R}qE0^Tg zmbw{ddk{G5l|YvSteZZmZn!E%Cug-ErOjK%$-|u8=GDHW+HnB|DehPkpK%Lup=~J( zU)ytiwDJM5jybVtp6BS4_{}db-Vxu6V_kYgD+0FNia!fPJeKbpT(Z3T^FQ~4&S!|n z5yth!hJ8$%H0jpR>e{poiiwe-u?>58pf60s>#aY0UNI?Hzq#jNqbEHr`I`3N+w(2H z!@{__9b;TWT<^Rsef14tzi8`T@Ct7agF5=w-uh*IV;xsLJKRe&AsjbzRDrkj(s9w# z&e;oDq+OOy!S{lHwOo&~t;Pw8S7q3J@5(kik^+8xrGHzsh^bFKb#@a{dl{=j$E--b zxj}s~ldw2o;OC|zFA`=~{KzGdW+parj4S0vUKW*FVbe9N|!kaQJ(!SGK-wi2P^sZ%~S3hx_c#z8Ek1Nw; z;m_wa?dOwLeL6`9Oep{4mDuqI(}%#L0I}y$Z|2^MRKtABJv>ZF+lOlttfg_*C?pg94weDcH?P{}fF)oZ!;Tz!BxC-5U+i+{}vH zm^b6v2d(#$=a+pwTX&-MW7GxnDco#-&rw?JB=vn(+V10-u#CQmD+YtNc!}KsA3!r# z{9IGbdknmku?h40kecmv>}He?>wV*ObmE`)0awN>t}K+^bro3pXZ`G}r(){Xenj%u z2)erWL35k@=KGZtD3(ohmmPC8&X;Ol_g!^)E_k`S<9zYShMJP6-;XDjSFcsBX4dsy zv+|M0LS8I;bY#)%KZqyW9qPHDQralwl6Al439Ba2Mgn&gg56dBIL>+IN=ZK}MTU)n zeVm&8;+Azem!Q>IbLyDioqZwZ{RqO9m{;nOi{^({nf36V<(vBN?W>Tnw!Uaj#GG&) zc-DWR>Gjj^gVQ&}J0Ht^&WC#(IrNOoc=Mrh{qWpLV}7T!X9Uo4+op)mtvHEV`Gue7 zlc5=r>St>PbYJ!c_I4zfhOfjN?51@tE0Rul_@f(IcIZIgr*~&#Wx(#Kzn4M6K88>+ z^w+Wf^ftgeel30ad&=kZX6x8gkG4)bcFy~Qg@J24a-^%x`B#M+KHl!)YH%P zKj8mv2hSXr9G5(G4{Yh{_IZuu>!IRBUm8LW)@d}sb8L7QR{QPb$o$to&iHv`?J3Ua z>e@RZ^WB@to>}AHMI$~IU~lF8OG)GCVAb_U4oeP5&-BnVn8RJ^y^B{o2JxM*t;VS5o$&A6sya%-isXeiJU= zwq(2E0;C==Z(lnD)b;LD$8YcG`zLS70S*t{%*$9F@VNHA?bfS%z*9b7Hj3h~e(Q*9@^_p5bcWV1oALB{jbB1= zV%YT)RiBqG8}Vf~zH8Rm8%2?{wI=0Ym#Xc-_3sb1`@Qsl#VizU2_7iOS@vX#xoTS@ zC3bvmKi01*vFP`Y=ck7bOwGwU1P2z?n)(DeQ4p+AE{g~fL74QqA&*C-$KscZjCJ3Jj; fUOQ#g3FR~F!;!wJt6rQk?bu}g+IM`uPQG7=dnN%)YJQ3*wMsXjJ^ zQjrlKD~jy#_j~ZYuK$Dk>HWU1`+B|Z2e(wEh*KETt!{IM#$=2)Sydnh1Q3@HX|t*0 z6mlp60l`G_j9ej&9SL<|_)5D5ipSUy5JiSntMo{8d^r#&#naS$K8;EvCZ$VsP#T{C zNFw4{XfT>=6=&E5_;jk1YZW0SEDS!$jZ|xBK$^rM^Wf2RI1v56G^G8KS= z_iGch*2OxGz^{LL_zIN9$6)ZiYXeI)G1+k=q>|X&!O7*86v(JY9h%+P#99lXR^r< zDGm)X!1-Dmz;3kLh+?rApPcTp>l|3Sj%dTV915@mr}A(dSPKb@B_tEXA{j@Fwm8vd zAl2%jIt3J}nc|cYBmg^E0!>2lj0Oc;Ax%c3cx){RYj(iNa)ic8gd0^rp~ZqnScz7t z0L)8y*EFK94a4AhPy&CAY&|q*DNSr}I8%Ssan@@qTZ5S0T z1A#U0fgB){M+ZV&O1xA@aD(jxE*Zmw!3<2f6QC5pSsu1J8EC_#yR1SoF&V*;f*5L- zNoh)QOUXbSjhA7vsv&%;9FE|VX*iKT$$FSj$Rn$rc9)H1 zPR?N9G6+tj-UfnOS!%E>$)0W|=|CWXPzsk?KoT__qDI4=c!Db($E31=05V8yK%n&q zyB-eI;n6yoSR%7zs3{VLUgl;xaB`*%#bklpYyw|N$B3*dmsv<85i%$!H_l`-A^{>C z$;9HC6*P*|O;*!+IHDYC)|nJ;RfdwDLC>%xCsSp7I|)g5{*UATSp&sM(KJ=03E>o( z|Mq}Ug*KVojU;i!=~RnGCzQE4N}vE?*}^k%XXgOu8gFi5(J z3wIgZa2}ng5HM*BoPc0)vV>sp|I+@?8mLM|6*>WAwB6;j>g5cN1fPs`QUxjl5@xqs zxg5MbiI}9-3cy%`MI=LlEnGO#DRoiZ7%Eo5pGKm~Akqw^9EiXXX=E}}k)AGxJH-Ml6AMZA|$B|NHmX@KWo2>|#1*r!xVR{RhOCu#IA&?9wnTM4scuqaYZic|IE{%gAu}NV}f*#Ex zt6V|`$}AB6O~hKc3>X%JQaG7_{~rw<5zhrD0f-ui3{RD5EnESQjbYmO$;m{SoFm}K zxdafFC_|Fz9JoS^RjF0*WG%&^w0m$#bTeNI&(P9MPyzsjP7>-}NSKtRL%`E9%5<_q zV6_7kVup(@@R)Tjkc|V=GhHUT2<5>b%}%xk4l~eXM$X@5p`jLl3{OOmaC8sei6cWf z5+p~!{(DmS28>!L(Ma_Yq>DxYvXpj#OaNBNJsKfgmkiUujS?orgL3`lU8Yq7rFIY6 z1yym4GOPgS)=9M742xB5XW&R`8eZrWL6W&B9y#5}lzPB46p8?)I;;Yk0%@emtN^o= zVirPqaxDSLhro>PBs|XTrU^W1i6RLr6&m#}p@l8$g}L!q!lw$+{NW-y2(hnz@6LEI*RN^XMEsREz@gaAA6 z1_?3)PNYF$784(6P7;zWR(FOCN#NrFa$AOrp+FnZIw7B7aZ4aL4&4Z6>ZBk8m&}&P z*-V>MDR!}BCWA3OLnciZ2rz0#22uc`J1I$G3&3Rc7-dW~Na-ev6k4MjE>c;o7LGjK zgwboQAQZ)b<-3zvOf}s0e;ji)d>YOyj8j<^Qkx>ujF8SD;6T7gTuKI#2tv6c6CJp@ znAFHc041NH!?T1uw~glp#Kpx$is?4B!>+O$AT%1yO2p_PPCLUb;qrJiwL!%vi>y{9 zjewWi>?XkZ;)d!h2D_H9gjzS^YpbFCX} zrr{vWg0(kYg}5W;;-L+^*E0Ol_RTz;5km z-P~KV4=6g72AcXP$c{0nwp2D|;sa7wJ_+^ltsZx%{)P^^>zaNdF6m>hA*^%#g#6=~ z)gL3HwbP4wN_>h(F7lw_W{VbSSDv07TOC}J`{FgQ#_*xM|6%88uPZ0=r$RmzX-BOO zKldXfe$;bM*=KKQG^+J<*7&vO=nek!KcT(aE|!$GjqS=lc(3wDe%Q~!l8WqWbUrY> zt@m!4H|G?jH7zsX&D`wY`J-WU>C_{h*YlTcLdJ|-7~FxK-@d?i_$Am3%k{p)Eh}5M zJUvO-w(V`&nXu&6+_+B7Xm+r#r(6ltL~5|esYCu{9qoEcKza4_4q%>YqwSu?aW`p zJ6pN&chs3y?i0!f@6v(jA4L{ieM#d#0acM3RGV`Z8(TI={omYh{63PlY{w(7V(&eX z-OY_Da{kk$T}?MnUz?5Y;GJDkT>7Zy(q8@T?nL7K5y3xylXhHYZ9Ci8`=xE-sPO8h zQ=3I4sXK#KAD!L*0h(_MY|VZ}V)J9~^(W^=?=FMfIhp2RvwgQrA9%*M@lwBqMCU#8 z`x7vjEQb~9Pag!W!oH|E2_ zk>MTi>nlhbTrVS%d7Q;b#94@Tg`@0F)wtR>rOR&=k(CQ*r+?7ijPQg%Zv$TY{L}J@ z=eL>7@?}2$tqiHnoj2~BiF~>8LM8X&vS&wcN+;0AVb_ZGapJLk{@0K9daZ5c9{iGG zo*Q^X6}*ez`=h*X8UM@g^HalzCaqF#kJ-Z5Vg2>GsH|bk+S_kR@4TRF^C}%bVT!qN zO``YRU{qt>velL{RLtvwFw=#Eq-xu`11~qR828erQol6qA6XS8i2J8+6k^t>oC!X2 z1|a@f9mDt)zVp97_JAuQ4=DMf#U)zbF~1_84FyZIHRJPERIJ#mkJWVkTrnPGI)UQu zm4pw7KTTiU|ImxJ`ndMM@wEEj$rAe9a__Z)uEAd&56%s(t-ZPC)^7IEjGm!OB~KEd z+}-{OLx;+B^-s?DOmPe}Y-E&_(!EJ*Ru`bJEwp%MPG~J`E?fNRGqC^R7~#BUiWz(J zR`#t|3}SfcIk(!dCtwL#T}?5g7a422l{bR?urnlgdm6@UOE2AgvUO{n#87_swoNwU zZoF&8nw;5ud9k*|?{W21M9^KI_lQp?tMe%!#AFs$>Qc6#J}Nf;h)O-m$gm(t=uJN&s?#;>}=T*9_EMz zew}-=WnKH1I^wAvEh`?#wjJI*_TCfv^0BFa)!kdrSK8;Vdw%r4()mhQHQwqSb3OT^ z*NW%rqM@y1J2O@lvuoLY+05IEQ>&^*=`Dw5S2b`nO`#93e0W+F7Jrue=XBXxb^hfY zq{eIw*!`el&iAp2R$Rn{;Fzehg7AKydQMPx3`;^NoY?KHT6H-@`t$|A{YXY&{?Qdz z4d+%7S~EJc6Gpt+u<)cLJO2ER^2qbxnY6Kt_q#Wa#4Jbk6x~{$+%($Y)m6GY9y)2& z_T_Wh&K!**+`!8fQ}kAR(p~=!E!)a>C0zP$MMCJ5*yx)dlm%# z`t9`W4P(>PsfeufYiCm4>Bs+~SG;%mZ;q)8=d4QT(Shj7FnOIIXGlQ2{l4$|_@38m zz1P@A_IlSkQ?6#!R-9K}ABDI()_>f;%u&c0i>b>@CAgEN!>d$U#IgG|$A_VQ_sSmE zt+?H)V2tzYZb_ULyuO7829GT?_^ivj^@2&h>A!Hr^25Q=p-u6dwn>n0r_LDLUSeaWW#Ll2K$nU?vj`epNi$5YC`4~;w# zdNJJZuMzY9Ic^kxJ^gIY&6^1L0^+8%S%#jx$$#?w&M%)FxR3c=yuWAqjw>~^knXiC�Q?loVv{dVZZWlRE)w(&;tsQCzu#`7H?}mb7{48C0c`wCZ_g$#&c`=%C;I?n(lz62)!J ztGUP|bZA+_ksDh_pU4gY3S`f99_rF(>eDyhQ5tlIsE2DOi+dGG>&n7w)+Wvkhh(xi zp|_7;pD_xLAiX$x=iNZ_o!z@u-GO5sf~IA4>{)RpFXQ~MrSk%ZeY!TQFZxIdjhUS@ zZCY2u!IHv8-OX{&`nZ>^+QL%9s~$SB;uieRtUZfn&iCIRcgU3Bm!3wRzj%Mx z&o%XIqB)cht@*Ni$Tz5yJiBnggYOMt%KPWcKEbq~o6yS^f2_HtpZzu?%Ls_^`||Yl z@XAS3hsXBQhqZ6$l6=^61YW4@nm_AD4CJdd{Qm9d?Nyn>2ROr1gStD`-|p(j6c;&S7{Q~F0I27TEa_vY-#fi?T)Q?D=%F`*M(li!SjA?cyVLmWL9 z8#WbuFiq~7_94D^Ls;g%R~4TpM09oduX=!qi=G=Z`Fj_zY4|wyNg86p%ZThwx8)(ef`HN$BSQ=Bu{ggYX(|()tuoM+`Q8p9G~0x=jHF$$MpYp zY-~rx3|9G~z~?9B?fjwpxiYb40F&If*38^9b8E=S%!C?0UHcV!>nq!-9a2~^aO~e# zSIp&`dE$h$Lq=`uICpGa^OyrSJ}r6IhLu$lJyT_zb*7dpNdm(<)TN3t`<++Gg!Ld7yn0ttEM;OTIHPjl_l@m&UMBg_BBKeREPt*LTmzSa&qUG z(8Sk8%`PmhAeXQ0*b}r=^v3)Ce(#yo!ODRePJ3tJp@doeX}wpMO!;l;PWN`JcIMGn ze_3yRIps`oZo}pnl6g}P?Itr5x!D?#Fd=hzl&&%E`BUA`#CSOQ=qo7W!cddYXY=XS zw!+=MZIM%4?gcFe-+Olanb#vr15qgBc`;q|J7+6^-G$}a*vmY3ljV|om+{iJ-BJIo zJQ}=mv~@Ip*rN&BhbLBTJas2`R$gMjuixvJs7ewtMOkHei+r|rE?g7!ibXyuyWBx6 zL|qZzzw#a3x#+`xmq=ZcuC6FV|Cj?IMR;}6A9Vz8yWv3GIptlo{*PaFZ|JNsz^le~ z&?ENJjg9z})Q_5LFM;b>WB#4a{PzWo>|6C@YQ8ymg3p#~pFici#P52kKK)t~1!s(( z%V<@+WE4ne?I=4jdBkITO0YC=AbJcu zSF`+E9qrX>|B|qfNH1*v%k(7yKeq{^$yIBCpYSe z!??}y z-M@_DTL(|~3}4x^{WQ6APSnYWJU^*$ut0N4{}tYjyEe*?{Tpyaulc;^E^F{=UB*|$ z9ke~{5AV>URyM1z{gY$z!6Lr+?N3BmQ&!TG7+-x~WaY~9osg_-o%wz_YpM3IS{y31(d#HwxoP%m1F ze0vhc{5~og2tgtacOJSn8L%10YTGt_e8n{qS{A?U-d#NsG>P?m*nfd(S00$!pYh^; z2UXvtlg8|mk@E(_+BPSRL@zHs1k>RcBqZBL|H)~&TN>u|gfZ#<;KXysaQ49NaM^^3 z0rmNW?jyT7h8jv&kNm9r3w@mFQRL&O*ds$qAL`*|?yG12ZAw(2E?4<=7gr+a;lMeO z1+zCV-_$ytBd+;w5q~EXG%$xyXem9G(qmtkx+;NA{ju|U>2vUp{He6E?@fWfOwV5I z-hS@E=X2`d*q33z@$b#r> zckB|hV2dI+FlOnvP`Q3)zGO~W&ij@U!v6WPeZ$S%vo62arAUzJzZQ4vxV@w60jHu# zKQ2ohj1%*VzK^Mhdm?IyxcuS1sEKiv(lctC$nas*yV~~%S?8&ggMyDoC&w)o57JDx z(w05D%LnJIJhT6D*7~Hn_v;KB&>LAMBU^elvd?V(8e=lQi3p zl*+32Su+2*J1aJvh;;3kL`%6bnM*8K5`~#q`6+W}{+H)>D`TkjCpqt|G)3~vVMjZ2 zye@4#m9|T9JQ1~`VJGFmg+x)|mWY%aHh6tnyf>vJmt#Lt7$~n@rKmhjt79cqqFg?{W%n~i{XFX0&?U`bQ79a^(JDt~5KKwlt6J#*ihm=ChloT-5ra}sjWt-8E7h6DSjNV69Hf|BB2|JgH( zW5`RC-&T(Q;yMJ*@QzCOKv;e~wipzF|fyHm}cxICohGq7RXh*1~v$iGvcg8lczH)(U{Y#C4N=?xw>@!+w+Wo2`( zD6c98k#|56f--*Av7NJ0M$CC+T;Wwy@U&0SFtOqNrmL;ktor_?(EA(XoES{&D!}w$ z@b4Kr3@_j$^Jv&$Zx4*D4XPsCQnJFR}NyfEF zWt2#fE>VDtYw5AW~y{sqs6=XoS5MS{X0v$#z*wb3x&Xi7^^isK_Q1C z5D-iZ6fZ&3RWZp3u0_E$xuq^8E!8UE+embr9VSL&Xm~Q-AWVhg*hDaa1>+F40I{3w zFltE@5Q)Vl5qUB&gd#*C$#k8aPQuFdEUMT8!y4o=V>18$Xcns^2C7og1Wtg`U=R~L zSgTz`w_C7OJ&lVKx!DwzRsu$(z*O*5vK7NJQ|KU?ghbPTnHV`yDlpP1K()~-06Ad* z2}vcfqhur`%4$H9*;<|)&>$co9RMwkuO$gcOb***L@6jL1P{#y2`osCE15yk+a)fyn@?nl-C&atDkU)} zTBwJrl(OMWoZaKrvWNf!j(~Dn8FDv+2(`nQP7zrw=dgJ=kPWE9i6m@_!KTx~)e?pZ zk4M14U=0}0w^>9w2?b|$xY#a$heqS+pe_%FFE=xg2AhH;GbpttBEf*uI1%m?4hTe} zIu%$CRH+0i$WWA%1`z>uY@UOcY}V;)0KUS;B&3jCMkz@vG^Eq{LKn|0;PALuE<*~n zBaAc!5hn+O90&+J#YQB{7%;p>W7R0I3K<_J-~!M_kpX34rIUGDwMN9!;i)1fLoKHu ztR}5QW0E5@NEiG+rD~PiW>pC7M6^M|R;kUYQmdE+w1WZvKMgI3zy<#&2Fv3Rp(-;< zKo%;*AU$2;05b$A23br;>(NexRVx#45KfW-iWM52CI;7OXEM1SCJh4?rt4fVfDw~o zw79iWIGSimcF@%NbS*|=!^`Mk6o@RrJDqwp9cq$dc^;@iCbWsjAaWGwMs@*}5L*Z&F5(sv~;CefS2B*U8TA`bdF_K+MT{_6=vFdGN2?E3> zaXChcEQJQptC3m;-KAA?fqIaUn(nZuJP4JXMTfyOVv~iVPGyz8Hj-2C zV#3l<7(B}EPKSAH2q*$7Ap*D{GZZ0rh@GxvY`VduP!RY^9noYE5G7JqvQR{qVw^&X z3(0_4L`;qV$(F#>d>+%2!ZA2(N*xsd)X`{i1IZwu8l)zI*3LAu(K3NNT_7^@oo+lq zXW$8KTC$tU=aYpgRG5TK$0_6sR|_ zEgX)8LPzl>RNQ|*v5*u!pKVg<&1f2wj}oLJC@i%Sr}1E2SRTNsh6+_250nIFnBf96 zh>ql`wP-z$%92=s0*468<;#Ikm!6}cq9q!SmCB?OLEsdKfo#JWba)j2L4_r=QZX(G zUaa(B#D-Kb-7LVf;080@<6x*$xpbnK%z!iSQtJP9Om?IT5>yt2#Hs)|A$kkQE>V&_ zV2Z_v_qfSe7!dCPGU(70p-n1eTWxZ9vI>xpkPssgSVb;aGE#_g^93-D-H5=zuxO!0 zhLxxw9!xrriDqiuC@|Cn2IS5H9a^0)n=namsy)!_ugw>pej^_a2$F<3*B^VCIxzmp zO`8hXWqeKJRID$FTQv9H>^0hX7r2=V{1*8UPEKCUT9^ra9C3Z)BF4)MOMH2adcxnm zx3|ppVH!75eU)#UI}U{Y1nowWj|R8Cd-N~tGUaQ}>Xqa3lRm9?k7oLv_ZwF^7%0ET z+jb6(Ia(aH`*IyNV9VvKle+v2-IGa>Y1E#ss6ux^(lpTNL#~FJ&Vy`Y%~AY7m!mG? zH$_#~o4>ZT&%Il81LrTPzIo)a8?sS5Bj)#G3kNw_gY^DYm)2~_8MHUc9=+7m^1|!7 zw?~I=*#+l+zqyBe(AE0S&d|)N^5SU4+NLQQU_gCm6eRiDhLw@R0CuSDyThK0^ z^bq1T@9mquK0+`d>=#-5=Lt&XqT`1LimrVbbxu#aDJz;GzLGqrA!GgBr`AqaJ~F+nbd}`>*KdPBHvl#tYN|Js}xCh6%XQ9Oj*$quv4}SJJV-6 z|L-DgMrDR>*KotuJ=x7m8z=JZA3w0#-@hORJ_%V9JM4=NEAYGhY5SB6*6A6p&Uo;) z$A9fw8X{dC{5kEyvroU&J$K~Zc1??aagi8t4i-BluI9`-OBC<>2qJsJ=Le%_r>46K zk3ahUud(E4%bjr2_r#ylMV!Im{O`A$I}b#eu-LS7`~I4?rq46A`^%DhZP}B1*z)qu z&KXU>ikcnbEXZXNCQQ}y)3)ssIShYD7P-G5vZi>^f{>MWdA|$0YXEL;l4M9Q3*F!L zWqZ@iJBnkEq_uUM1r>-DHs1DLIW?^B&kcv_Grr8K-*|_dd3^WQyhC|u(9}f_0w)0ufAR`ewPvYY*c$yW$ymndyRRx{0AN%m~&t;^`zrr*Vx}( z!gDo0vYsD)xLlXGxGTmoYvQujJzjT(zW8yX#}-rMiN1$RqP#W~TL$;*qvGDLmmZdIsp`c~K1!0$>k^eUpJ`a;`*JdL+bo|eJ6 zp}co&)2pc4E4R%TY=2+8Dt5}$0=kBr^w0S1FT^{VaY>#jUaeD(qObd0q?j*wmy76$ zhX-4Bi){T{waV_%;9eGE;Zwt*IbcW>=_x+V#&dW$R zyzuFoFE8$mf4L{0R_8T*P=_Q}t}LnCuzB2z>f2XFSI!QaygoN}T9HMzzGe5}vbkNc z0aGKoy0oCW?LK=zk(1jwf6j|4@SElmPq{a?Q@f_;Tu^OM$5cbjr}b)r@XoD)PG}`p<{^e9O-!@YEB2 zaY7GHE}SwUyrt?#p|0oG8#A8mzdyXs1{m6t$!>1)hf4h$bH_Ex2ecjXwR3ZZ$hI=Q zZ+1^(iB~)K=abgXAl1gxT~wc0TX4rqi;AzrVUAFuP_Ip&8uS5qJzk@8e9@)LU$^B3 z_1`S2IG&TW=Ze}r?n-9js`5uE+xiwZ@&1VFA`GN9@NZSNa$5S`-9u?ltE)j@&Q79! z+dX(b?bD8@e#QH;bUCprE^Z~pAs71aa|3Kk68n;&W2#G`hc7jMn+|%eqjlOTr2M_P z3jYPcuFPLQq1KJw{O!xKFN-#vfz3L(iW2qUNyNF}7xQl+wk!#SfpZ*NFYvPXnJ|Gagg=x%l1&DHO(@^=gWe!crz;lz<0+`PyBM@n$A?|2}P zK`QfFbq#eHxeD|?jF&e=>XHOKe|TUT|7@mq+J{myN5Mb5K~fbnV_@_3^Mc0kvlEAF z-4$*G5&1#(urSQqlHBZyEy6C#d9ap7Y{{LpJ<)dCM6vSTf-up4-J+yTi;P@l+p_x21 z{ohyTOM@dHM?k8{f>(4(Q6{)+_QKCV+0yRe^OwB0dp0HeOn>Tz)=GWOoM1(tAD$et z_jdP=6YDE9M&$(Bn>M7_Fh!g|nS&+mUN9vccx z?SGy-jv}SG6rB1~&bPq>j>J_6riKo;?Xd>T z@sAU>PpryyV3#LW@t6E$Pf~T8&R)86^y}vp@a*>Kg!s`r`P7@X=S{+`8(!sR_s*YM z*>xjy`zaoEW$A^&mb2#$_yukUi1oL;x~?LxtJ4KnA-6i(>XLE{9W&oh+6s67a_-ajEEa<*fu)m7ZKuN+r= zop_KD{>!3$Wo1pr@~`{?e(#5fERWr@kgfP*1Y#JF=Sgvy@EWg;iSrgPD@(F={kpnk z!-#IR_|v{=9e;=V5XKnD2T#eu?}KyboyASL$r8krYs ziLf=!JK$Dfh-(%o^342e8d1f`<%8Atr;NDlC0nyXj+AapT8crFZO#Ab%5uI&0&Z3NvZo`0%mG z#_oXn^1oY4HkU2Qe%kqB`rL1crzf4-kB*-1IiKLa3d`?3aM5$w@rhgViuvm1U`N)B z>1;i`Xt@fb>Ct+5D4g`Mu)+y)azF0jdF+;1`1s5Z89kW zjV7_Tnt)?NF(4k35QG=2ST-;gfnl+vB0f~d)duUx(u8=i3K5mSh-9-QFe6lq6@W1j z90`O42Sg?)gDKa>8)amWMrwsQ7*I%%$t2{EbXt)DY>bG92omUki9iu1*mN)wp5ri* z6+AZEVkg*9QU!`k5(l$*SOiaN0Lf%@r3`|BQOGs|E+meJR&YWhIRGn&Ndl7~2_ayd z0*;4ScvOyBiH{@(>j*F~4y|_B1vVAJ0;oZB2^kd!Bgqj~l9dG~+MpV%jgFv3h*b0_ z3z{Gy+ z1Z0VUr5Ay*4i3?(A{uCMOtVr#N9%)Wav=#O2Rkq_izE_4(Q3Fhf{rADU<6hcjRXZm za5ab|B5Npg6j&0cf+0%l^7HphvibN`gn)QsAh82acml(PJqDygIP`B zLoh5T$tpmC03}4qC5Y8JGA_a%EVIJtbUIoNWl0neHH(E|V>rrqf)F7lS&dRaOm*Nz z7MY1mQR~T3j6V;tLHb~(7=MPYa(z9UG>qy`0()&GC(f7Za|ax&ir zg4)P5DpREq!o}JI5+Mpf25YQB6f6X1#A7TFAsqwQaq%Vvlg_4ypcXQgh81yfoG5!7 zN`+U(GeANultPS@A*BqZ4l9rem@1-$n59NcU5+*#7L4d+BR1M1<41n=?yhUWi>l8r@5jI#JV#EPvmWE1~ z@c<28rclTcG#+1xf`bJZ5EsYdTToGQCJoM$L`nsGxz1t-*d!bV2LwBCe`J!GspINiS!L z*db>En^*wHC_>0ZfHHx| zrjp`}m?%07VnR~P#yAtofui%`1vae43Wr2kl?aHGMkj}`)gT0dt)psf`glFfU`;@x z;cyv}!r|jMY%WWfz@+e?Jc|i~r3-OFy~P|XH(6m?s2RY+;SfFz&L@EWhXyKq9fOXA zL*dYVC+`#+7QNg|6&Lu83#SrWT`*Cc4YU7?dS7@n_iVV^Uju>8AK}eSoe$Rc z^kM%!*#<#h{a zAjW1Yel`3}nksV-0#)xDYa7f=f3EtxHK=!_=3brNbboua#UY=PO=0-Hmb%sr07Ls;Huu}4i^E6S zz2;{LHU^AZOK6RIr48cdEWb5AJ|)avmo;{oEobNQ^6kXfQu4yV_txgF8vi?N4^ee; z79-EP=<>uTJ(i|j`@YBy^&~yMuwp}Y#JN1Lwy5MDBQBO^I~H@ zZ_igTa!VrIBlQHmY<4QR=nGI3bMNW5tRu@Wr!3Ft-F|Gw$>f3{htC!J$7 z012(GPoF+IHjOnq6nfPs>fy)BZZu)i6yKbfvAkd3(PB2%Et54^0Q~OmJ$xZWkEmGx z{b+CV*Bv*HU9M8^emq#V2DMH(KZV&$Y!8l>h~IXf9`$jC^vp)*-b!Bmp=z`%`}5KD zze(PA60^3B9ct*Iyco5+N7}uam389XGrot<|D_ZbRpXK(IM0iQl z%iX(c3qr3Qqkrct#m05CcIAZjE{x7N^zquYk*+%r(W<;b>dV2o#59kF>)7!6tH>*F zEbW2J`6LPDK}S397v(i9OcBG_yh?S-#q;Ci))THBwe^Rv=iWSubx1}UXFYz~x8uO= z@S%tEFK>5s&Yyg(Wd~7u*yEEu zG$Bg^555pL{$^!nc_h*R9f)PTU(MAi znG?1ndsXU>?d?8IwCB^1z1jYrCD*2vN*h-#`>B~Te@ej|G^!`Y;IuKc@oE9+=EiFL zE9Lu+6UiHB+dmiV5(-19Ir9bVJ^H?%d!|0mI(7{t*|mIbu?rEZf-eiqEbRSK_$V=K z(f;$KxA#AtlJxm~orVNlFFjy;UAT2RbcL{%ITd@w@;W@0hjnvjjembMdUE0R&g$+x zzWTb^<~A@>^N$ngO-R{YbyLwVDmG=wReD`Bw|2|>L5(Vaw$w!ZIL9wu658R580J5Z zTQDCSiJM$2UK^e!2ubNZ)WR=Xo<67Rg>P1cj)Q5>ou95WA5QBuWbiY~pJe%#O(%rKUa%d&9B$Zt1a$nw ztlcO41|)-36J=9>*GFepu1bwC5H`Qj<^EXsYf|E@HqnOb{QK(}KDJ3KciqLgbyMv0 z6`5CZU0B;Bl*A_P>_&O&=?7K3cwhrtE_MrL$Awv(is9vF*pYfVGnnm(i*g zv~G%WkgiiQclLRT(JtdAZ7Sm+F4bggN+kS!+hgGK+SPsGXR->0T3@;OpTkZ#(_OXF zqw{=$_uA9}LH(vL`8Xw7oheK#6!xiRR!`hpu=|0*U6*lxn5O*N_RlaBBIoOgWW z5O2FrTkWnJ@8%2=$i5@nI_-?2Bh&YqGF1D2M{Ilj?S8%wXXtnN6sOLHHLV#^#pEO) zcilJhey=Cr+GgC?vvM1zK)=!V$J4kk#zv=AX=$P-ENf&!4SmbfYp7{tw-I)?yv0_W6&-Z)1HF+U)-aOtjuu^5I#}(DNyGy^+sZEBrely}OE&Cx&L{ zh4EXAdykG*J?qM5CPkElKdPvklbJT@*z1z)u*K5~65d^?70d5Gf_->0$`lepLNw&8yQ11>8`@}<<-o^rn| z`Yz?@sww~w_3Ryt**Z3XKWlu@$hVoezFhW>_O#xbJ-_eX!ap1!#%tZG*Cx2jsr`F7bc6HhMTd5&nY0jj-KU)JMBl*o=qZ3@ zpy`rYx)@gKxvr3=_+h^Scj5`Rl&*R|qWW8eo&NTsuA};R40LB{kI(7X|2?O{X}p@B z)4wzdMC5fuUm!et8h$*o3vTow=@z z{aLwdxjVVj$kRiUQiiVi&OG(^^p#Da(>i6m=@N|^LY^KcCO3v25zvvxvx;ede7G=k4#L=I?_!FHrF)Xvm9S)#(#}tFuU(G1eDxtc;W0?Fx@uKy9kl2ObW>_s6B;{l+W^G5-e)1q diff --git a/secrets/droppie-ssh-root.key b/secrets/droppie-ssh-root.key index fa6fde640b043bafbd4d91ae278c80a0f26959be..8a43c1cf53bdcf95b56c327b13bdb14f95649142 100644 GIT binary patch literal 1805 zcmYk4ZR`^V0f*xZV;pd|Rh6hD~w{g*ty zJb7eY%W4zVPu$RSCJ#Bjo{I`VcH>+S7+Gxqmdgcn4i+Xs9-HgWDk8}n`Yg^7!3?G4 z6zkXf@gynwkuTz*OWP32O^eA5SFm(snMayDok0ajk=R!Tbqo+IQCkFvR>5( zxQh4xNAm-DZpMeBSsNH)HC9fHfMI85X@C~{jOZy!Bc>If3(6D4f>VmE;~8Swu$$bN zv>jr8!ZGvCG&f4P0uF$9NTeOn%ynXwP<>A$ATMp#WY{dF!>;WGUV(RgnkW#Uk5Eb? z4H2CzhP0bYZJu$P0IMf_q}5Bd)D_?cl&EewQB$^+@NKm2@Ri8WQxt{@6>#XIvobl9 z8BD7uCLK*7ShE`d1r|pgxx(AN&AK5p6?m%KK)RFI(K0i}Es$ZAZVTo93~Z=mYa%fn z!<+}ff!wibk{|^DD_9UUDKWJ+qY`7-wa@qt;B#Z%vA-(pXb3m$@Lf=RG~(q|G#a!N^p4$7+0k(>%rE@VmzlzW}FdB z;Or z(&MsZao-(JO@vCzZBuQ}n+How zJtOuTs5rIDp%Ngy99br1Xp)f&Vpp?rIva$6>JR4Qfvm^?If#oMi5W$@<5$TtgO`-9 zBJ-k*psKA>{bsRD8`22hS-SP! z&_@!K_qoih-s+)(-C{CwGbO~n(WjzJu5Amc3^po4v8oe5Mq<>i8XLPUxtVUxGPbaPx1Vye2+Ac;JjE|17!8p&2L;zw2i7`aFhSiKGoSZFLmM)iaM4x^UO^+MQ53`ek>SdyCVJftKUKtQLRalY1`G+_uvf*vnqOh1KK zzMSC;S{+AnR%<$FNjb6f-;T4)cwJWaH964c8qERFC6U0>#E5P+xuh5sRCI)@wX(vX z2%m9X4D?14oGNOn=LP4Mzye|E6B;plHKtNR$U4v-;dFqo7Rs7=ETp7yo-NJyImS_) zTN4V%X0vlrBET?`h*~EI2Dok`<;Dytm`%YEO|&(3eQapuacT$>6tHRfcjqhjZMkuI z^@Z%JP3K-Y_ls-aIwktgU0Y1}E;|EUu_U^a-<}N>V`RMICqtE=~*x{9z{7W0}xv*l*=1n(Vx(m8^M7w>_ zouA(M`11$TJu5%A^uU!P)pgeoJhzPT;%B#Bcqd#h?ml$=slnFH`7>_^tK`*Zt{h(U z!=)SlxTOB&i|1Z@?bXxCYnZ;e@-y$_t}S3CRAf%evu$$PJy-0?{A`F;BrzP37kamP!)KKSwWz5DN9 zzTw@@Z;*$>*MIb{@13~h{hqzQ_1Pl}&;0VHzviod%{Jb@@BF*hp8n~c4_Dkqyn5GT zS0DcRciX2wT6llaK6`Cp+44KzT=M86XQ3_cti`t6-0^zuEo7O#{@xE3E}Gx}W?}6e zi;u?Hmp6RU-M(l0k^b91_{RAa+QRWOyJha#pL{3#0{h|854LQU{W!+M~o+k26gQ%Q-Xq-U@}?o%hbn&d$uv?936!?#|BcJa-;D zyECJqB;_H!rVZDU2BY;64XH#hQ9()xQ42|%*3?+<4lEBf3fTCg7S4cR)E_4P|B^5H z@^y!UrGeWI5^rLR-7k-WAvlGBrM(MbI9eKL*+K!XERj>?568$DI)- z=O;8-ZsJ+mi;;{Sc3~jyxe?m#4e^HIXZk$Gh+(ao(~G5%T%ZZKFeTlL0{S&ImauqO z5yeV_&2%W5p0d4|bSgkdy3=f33X%em5XE*d#=40crZr}kSQWBLr-c#5C}A?9hhiy@ z=QLKSUr(lUq{V`B3Ra8Qx6eHCdBbDy)s>qI`@t_yACw0_l5fM@?4oem-aC&Fb zuOXt1+Mpi0E(Jk$76q`PItbmd?s-ha;51Zihj_O2|Fta)5uhqSMcml4^ztmIApM|M zj1n7?H76!nMKa(N^m7%N5cZZTfS9=jY0#}8CC2{zS-dw zcMR1SkFxVgP3W*i&~6}8wk+1NxDFA9RZl^ZkER;aXyAa$%%G_*BRtxU5t!FptskN+ z#^u}95;tuYY%<%1bi?B(QX;{i`XA1aQ6i(nJYCI9MWDu6eNvVqwQNtEN><61xt`Tw zmZMvx38F(_s&$4aUx^A!5Xo<8!U7%XX^y$O@+*f&Q`IQR~{(AfL@>}{Mw|;ZuXIFlC z;TM}Pa_aLprKc9xKle!Y{OOD9#~0}*-hSv#__;F=oR@d(9{uXvqrTCHGcxUgAbGaQ?A14=A z#OpTS*!#or_1$fx_1lx5sy!8aci*|kpM2)E8}9iHbs*X}Z4S2`UEKNXJ$LUBPJVP| zTYhox@>lksoj+Fl*z)yP#LMC2OK;xw$_M_Hqt<@)v+<#x&u>4=9XNCD)$iSU>BLj_ L3i}@ diff --git a/secrets/dyndns-droppie.key b/secrets/dyndns-droppie.key deleted file mode 100644 index d4f7e99..0000000 --- a/secrets/dyndns-droppie.key +++ /dev/null @@ -1,27 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa kFDS0A -lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj -3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm -eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L -jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv -Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd -enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY -XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J -fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f -DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c -8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4 -QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc --> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg -58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI --> ssh-rsa wVtlwQ -RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ -J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg -bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP -EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp -KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0 -SJDLmHOos2RKTmx06aidDg --> Dz(k-grease ~FF p m)E{J3E -7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP -MzOYiM+PIQmn ---- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4 -l%uE\ ?2\&wG&@W~9"^Ɔon^xOIuO21c*m%)#جeI6A/i \ No newline at end of file diff --git a/secrets/dyndns.key b/secrets/dyndns.key new file mode 100644 index 0000000..2642b29 --- /dev/null +++ b/secrets/dyndns.key @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-ed25519 8bHz7g GloMoc3qIJq8coOIqGLIWtAwSZMu/tJdLDLt155o+RA +XKt0Hw50VXh3YYYbKEqpVAAo4aj6X+24mX8saH6nu1w +-> ssh-rsa kFDS0A +dG8ZmFNRKsg0sihla32+amA5mlD/tzPgauOtsH64wAvQjPz+aBr7xL8l5usR+nMV +BldXVlaYfipevHmWGE48vvNheAbBLNZ/0iIfJpV8EDdcUZd7v8Ijgp5f4zns2nRS +CGHQRGtcxD1OtPl0Rg5/zF/0vBnmsIUyig/NHmrRaWF08WZBZhMgIcnoRXpUlcnj +AlrW9ElfSTKRsOT2F4AbVcKBrbagSjzJ9ZrIJ/D4gxW8bE6pYkHd5sflXbL4TsRY +4G3kBKC41Co5Z6byv4gaT+y0AfX7/Q6f1lvaqOOAbBzt18TaEZYDoe270L53Wfzy +VPlnM41vo+EsGsKhzTaWLTmBaawSWRhxZScHygZhu+SgIFLEDpU2kOY8XlKp6yuv +82jyEW+ts9069hGvmzrt5yr+HLMzlhEOPfGYqrDgbmuJsq0E4PQPkQOLeGROxaUs +zceCwfg4HUFDRHVa8KBy1HjovjkLzl/auvJaUUre5RTGLp7QWYX5rqiME7AndgfV +joxVMJY0tkrvollNI3xXmfU2xeuK4Jm7Jw54lJ13KaYk1QqC1sMNCo7cuEUIw8Ic +N3aAU6KRX1ltZ3IIo+vJYVQO34UWNa9Xf6uGFTzX9HzpUYEkHbv90Gx4ck+2sYvi +3dBfz1koiFyTfOT094zqDuecH0MsmWExtefBDvU7gcU +-> |0I<)A4-grease +g/FEYilOi+UwM+E98Rvpav2jqeLUlVeDAo4PVWHNhjIbas8iJV6eKwwJMNfuEJ5D +wdh+HTDijoUzaYTPgYqcKg +--- N46xNnGnaWTUqGo6Q7R0VNqgPpUEu0D2VDgOnPZhgiw +zpaf&H~prnOk͵C`leۨǾ"Ʀ&L41)y%:;35樋ܛ \ No newline at end of file diff --git a/secrets/firefly-db-secrets.env b/secrets/firefly-db-secrets.env new file mode 100644 index 0000000..4f673bc --- /dev/null +++ b/secrets/firefly-db-secrets.env @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 8bHz7g vV/SfIESf7TVyAJLgMTm0Tbkd4jLRpcNH/L3ZAIgqyY +KIm/ih9nmdCVkh/c6ol5DwJARivS5s3v6LXXIOuIh9c +-> ssh-rsa kFDS0A +IYso7nT1ccztAARLNc5UsbTM1OE6fYuCrPyWnv4b0FFyYGeiP94baH2zPUKbnCVB +t2VdtU/B+ywqfdD92LnA0t9huzlSVLIA/If6lg4xZ8dZH3rTJ/lhlCmHhMOXNcJ9 +ytLCz1DSatQfmfPQ2NqBthh68IR/vMStop78l/9p2WWY7v6INIhq5lqNgBHsbRxH +P+qQcLKFCNEMib/8h/3aNghfRFe/JL+3/B3M+e1+Ee+ASv1EuheJLbZCEhdUo1Z7 +/nJOCH418bbUWRrRx8fwgmqTS+0ViD1jFWdNgf5akD9HU3WMEAStTS0NDi0yWSxC +5ZsAzrYSplZeXZ+U3G/sNqMsDqHzffWr9OW5o3h1R7/F5P9VBwq2yN1kGaliSK3f +ePbD4QG/qVMsHCXKUfL8BbytljP8BtLdpsp72ZDwtnujw/NuB8SS1jiWzYmZEeoy +1zRBY21KbE4Vrm7vqSPPEnlvEsIyTUfeZrk5JDTqb/TbvFsunXc6g6m6QbOdcExE +SjRPBG0OzYgSNxIt6eM3lnXlp/1UGIZIuu0SaDbmMpZ+KevFg9qQhLRvcwRHi80W +elOxVY7jU2u5AFF5hdD3J4ANijOz/JFDcPYD0RBrjyrbWXFuL6HvBdUmOo7HZpZb +cQeQKBfQX+czuVEwdH5zRipxo65/Tt8nN2vCI0Nyx7o +-> JWdGKAh8-grease > +RgQ2hCi5bBfRsqGIvrwmrWE +--- e4oH/zzH6rnwTpoQI5T+etz/BlQD9Kry7lYsAw8BK14 +b s^*"Mc"*GsXqUhUsEi/3I6^mpY9 +s^yXX~Q!weČpreiE| ʱe3$l +%Cꡞ{3EV+4A \ No newline at end of file diff --git a/secrets/firefly-importer-secrets.env b/secrets/firefly-importer-secrets.env new file mode 100644 index 0000000000000000000000000000000000000000..a3e9c3bc899b7ab9f8432928d35d02e2ce70eec7 GIT binary patch literal 2678 zcmXxi`CrTl1Hf^%aqJXUsGOxjHCuCE$uReQ)!ebn`JHL*`Odu+x!OqO2uX$9XGG+v z2W1g9thJUxD^kLyRgT(cpC6vT;PZODUmrD~PuAPCu7JaBvfEPZE&%RDLX$}`AZSe1 z>rhxMk{CnKu!49XMntEpgMPYIB4Gyr31dOZ zo<#=KWS+<=VYs1Gy~pJ9vnUoI2ug7RCl^d7qZ9-*Lm;Bj5JEv9Kw&Vw0y+&Y$9R}L zF@sIfQ#fV-XHI9z{M4@y*QVYR5ON0Xsd80}eRhXs#9$PFMJTFrd2 z=vBm%1bAcLGrz7`#+-1cU}GJ&>X&8rx8_E8syil+Mq82lI$y2||KoWP1l`qIJf(22 zV)fs<(YfEuwU0g%_6n%;NWN}ZbRf07`U3ZIyXMME_jmH#>MIxK-`i_=H_)x=3I9U< z5(!Qqb*UGVCsX3)RJ^&kESf%}qF2(53me@=VpnHZ=$1tkkMF@5PP};B+;yP|!1k{J zt{j_U%ayfu0I zUtPW_d)mB+x^2|vSWU!7mE7=DFI(g6J2OVMPF(e@Z0fJG#_hkJQL+wyFZ=iM__;S4 zMmPL+@N$JLd}sKVs=k|piIHAz=Bviy!F5mBktK1rswKV4zod-7Sa|u#ZS8wHx`a26 z9wR?X8Gm=h*MY>hrB@uoV|1J(Z`qwm_R=3FpP2g^DD5ri*c_~+-HXmo8p$Fl$CiCz zOv_Ak@0)r$wW;W@knPx2@6x~9Q|45!MkLLggXOJI$qmZziAO7MClG~yKIY~-sdb(Rtj&vGMZZvTFmv(Z|=8Tqg25N7AervPi z?c7bfWF>tyTZVS$FbFCByh%K6)V8{V8QrH?-+mr)jM^Lr?QUyN+4pR?3HYhyW9W+k zX##oG>sKUr?LR14lx(k(l)Got2h}v@^Ia+V>#aL-&kuLch+bUXR3U#Al3doZC}CoJ z`%vNZjkCKqJ!*ZtM@=J^gj{dEy>aR-&)3~69Y_D}pNwv<`PlJ}=PZ5I8v1U!gP_R< z2DjIr3Q4Vdp7&;@Zb&3lH7cwW0l|p3J7NHxwj}n2McIaV&y?swsFf$zJ$oEwY|n+t4|$+|>D`bn3Fc zgP)aK66fFH1~13%cwID~-n4N1>27cS4cCXyBMv$HW4dA}hmt<4CUp8Bhqtc?Tl*Hy z@K?|q8jn0X74yP*HtTTtWx?~R(BDF=)$MO*PoKT@X#9h;t#_mPTdTIdqn_+8@0Cjh zYs>i5^E*pvbHD!^YC2NG?MvNekiZ|kcU->3`8DLbq)g`m{ldyKV~L0UoLghrKS4u) zPKR_NkJj5~WpW{zs^tD{=R) zt(`P!$2fu|m_N<&&G{vse+24G)6Hw|5pfGHZ>2F;d*AH zw-?MzNPTkO&BV6MlGKLuUfin6yTe)@grX9Yk#(Vv_l5bZ~;8V&S9;Inh~CNqi*TcSuMW1kcXyKsHj8y z?D)dR|FnmOZ(J~bH-svwnKkkGS>dH%w(w++C#{dCfCVbM1bb^2-&rsM2qletGN95t zfPA{>oG^czvM^SerY4!=(zLGkcoqit6!9mp5(XnwVTr-#M+id4LalW1Ag-nsC&-AupMCRt$v3%Dh@gK K;DfN;AN~s>zj53E literal 0 HcmV?d00001 diff --git a/secrets/firefly-secrets.env b/secrets/firefly-secrets.env new file mode 100644 index 0000000000000000000000000000000000000000..6a78902e12bce2a56ab502b49b54854334506c27 GIT binary patch literal 2211 zcmXxiXML`IVnIw}#P|P(+$bB-2sGB=O?wKSri2_nQz*=Q1 z0t4w4A-xhXnl1#(a!a#tguu9Y64*k zs*ZALd^KvL5E3wgI{hY%$QqTIHAsYs=!{&u$&ZTgAOd+9I){p?#Zh*^_J0k-Ey*5O zr~`NuD*)MCFpjH&0hgZ!D%2Q>gmJIhtVbCEf@6=v(zs9W*NJ>`78AtiBpv0^SbCdP z6ObT5GM{1=LTZ4O&Q8L$b)AMWqxPl!yxz$U+u* zlqHwuE8S8aB2ehJ;*+d6=_5jF9ElsKk)YTsM_CL7 z!)Z~f+*YsHOC`J}fsifbU}{4Vz~clcDjMXIo45|SGHTVbgQSigMOkVkMhN6ogFNW+ zBO<#P6svT4h^G~p{0QWXxJ)Vw&q$bx%&ZuNPWQ%S0kPj5ljwC4rN1EPaR5@fQEv4! zNSH&Q5oeJe&G$+|KCH;hGYB+p9St-q9TJO6Sip8uAhs$FurV3PX9NOl1h?X_C935) zfdZY|W-2g5Mf@OLX&|+r2s686JcGi(_lccS8ABWoLJ^1(#{rbBAxV?Xi%Hd>*a-TI z7(SEPByd<&1gM7$m_OuEa{_u?Z2%=~G0h+5=6hT=w-PmDNg-HP z+>QW2zEDT9gKnWSWMv0}A_gk6n4}>uQ^cma`mp()lA@G zb0ejfeSt31S5Hn)-{^cal6kjuGIQzs8^h|08t?2Hcs_RTn4@Rgu4d*fd^N7+(Dq1O zQN#VF{pH*_9gPM_uir0?}mSv@@pFN z=KW>g`wjgkK5c%x^W(AYYp##}BB8XWs)q9<)RM3g>t>5LgbSFbR}fp8Qaz>B^RK6V zGk1hzbrt+3x9L)1dEUB_16^x!?}|sXoL8S-YUs?lAwM}`ui?ypwl?e(@f3@dZLc3D zh^r^vKJ+hsiZ(XnM%x+l#4=%JdIiZ^70n+~Bj-=oSnmJ3|9o@nWW$OzoX^<%#8a1# zn#lUBcfR!M`y|ajYS-q~4s^Y3Jk#EdMIJse&pb6@IVWo_ylMKbtJ+O<9ea8!#D!!Y z<<9maNZ}DTuwc=RBUwkFnqM%1w_}R!+iA@IhQ?FR{YX#@+>&>v$f|nAq(=UBp&&J}we9f!uEiC#oh$Q} zU7=RjjIOIF@6Am3#J4)B0VE1rlCvN3a%^w+ELxiR)7;D{73->3&Z}=p{xsGPFJ7Ot zXZpqCW&1LO#NBu?su(q*+_^D_^DBmbnAuFkpJgo{+~{1>FsSCNntKv_Gj3r_zGy*& zHRx@^I(pb!4}qE4L%Sud-HSb4q7jvo@OQKGyS{someZB;&s&$+Pa%PQVb>39G=S4b6WRZ;>`C?JIFLgZvY=U>+AmhA&bQ+dyh_H;fP_wR)>%GTA~+x1-0SNT3V)ssEGH$3)3Vr5Ia zPdn>C(uN6Q_lD-u{VN{5IJ>*$Amz%4ZxVx7f9@a1d~>*lSATcL_9vUEJ9^O)j4?RL z-!YZ$6|K0?mwgT2mav0Zka1^=LsYta&beGVnOB@W=xLYMQif`tcE78-1hvolid8)G zy}fpG=Hn%ubJs)m>;=p$u&-3G!_;^C@48_rGT+= zRlBDAanH8a#B1-ythIa;s4Kg8O?;$j`qs5$XZO8(&6W>t-us}IH{~p^Sn@^NtJuU} znu8OD*S2kwPZ(l6K5;WN03bG*tcZC$vgt>$&)f`8~yP{>|I%wI<1= z1D!p4&X@MPJJU83!)LhR0%ojY=*R?rBWv2(^FY#u<5upnjz>*DTpz8y_&7#^*CfaqS;v*M7Sj5%Hw3_wT+QE76HSVIPE#u^Tb(U|Z)J|-S*<4;G&C7mKEht3m3wAOdo-3Da11Jki zp0ysJZVCsIASuSdy^G$p)-D1p1H{HWCf0GNCtmDP()_d+?r^oLXX)cZS)V4iBVF#q zmb?h5!1D<4zC2XMBiwWSTJ|$H;|7)`Io?U?k#@E8>8@Hd`4r<7BiDD~DzJM-ABnrX zN{PJho`XspU341C>nYxuoTqIAc8btokACGfe%AXXO_kg8NJY|4=vbCyl7|wq(@N0I zK@JV(a^K5i{&@B&6^)+KcsuNpQb9j86Fft`L!`3V28tB{Ro+W&)6L_?{na6(r|Wdx zl=lJwJT|((1dRGV8MVlbly$&VAwCK`H*Js~L zyA%5`@OcgD&r2EQ*<)C&2IH|y5Pz%1eZ#1Ebe)Z8Bbrorrh(58k<-U7L=zcX20;Yr zN1bYnVLjsKHQzX(U|vDO&~VH&^*hkgO}kEa%YJyHJl(07E651slBS*MyCHOeSfH|t zviYzK7ToTLykM_>Z6oO-cdgM)irQ4Wj#K;+vT%-e;?_ldLh^+XCe0)Y2c?AW)UerM zFI!t;!F<5d?3iciVkT$We}RQOk(Y+(My0!+OINZBmv=NxZ;nf;M6Do-JQ+eYvbm^u z@@AvSSlh-BbnMWBFmUQsoLa-wv49Lzi|kScQj_VDZ?_Cl*Il#1PcJl zm1Ec(@&|K%DE!(LF82QZ{&wSYLly05KsXISV%Z@Zm1|!iflT_`-6lp1OTPM$K!Qu=}KwSMG*~k z`h*5L3SJ@HR0yP$pcGI*3#7;soZ_4lgZwq`(qZeT>fXJ%4**#(==GN`<5<29WBk&{ z;sxa(k+9m@M#ZLXd2Yv>D9kL2bmd{-Su{P15_3f=;*{mQ>PNME;Hqh70kyghWwR4o zfR0aUlWlRR0ey7^kf3U-Uewjp4rkOs;dw68u(48)Og3v;YRa88bEASpt?xKvj2+Yz zG(0wjOY51Jwkn3H?R07rq@|B-xAsC!IPGOO!lM)JM`8i2uCsIMRr*Dv1nY=H>(MQ< zRy3y0-U9Pnrn>m?I1rQcZZ+!rKcs(xIGst38lk&=XmPbx}FY0SPYu~fQr>`b9c+(&@~2N zF)U{fpf_8r86vpo132_ zoOHj|ZBZO$0cLFP`;PMrCrONb!G)O7z{^8!i6>ockEuxW2~Tq{Blv;_a0oKdL_;FL zhs4Nak!T=(IbNxfX2#S}v6~8RHi`Fo>t=yO@{^MKcYeSRU36Bs?`hv%g9D%jD-?*k zE2RNHoc0YyPySOZOO`vMJ4$T`k~F!u(_UlunvrCWtI|Z7 zV%IYV{ZR#Pu zgu!%{BHWtLqsWk|IEYu7KZ?^+uFg$^izIhYVV#GP6_kk?o-vhwM4~|1OEE{MLNpq0 z&hf;FHA&8l=l~j=r(F~dFI4RdGI0{u4QL%xEY;yNuI+tKd@;T^K8jV6U z6vws*;)7zLi~S6s*Voq<6UMJt*b=@q4Za&rBI-O5(s6Ed#46i(C~q#4^GMuucc>@l zA6g&(`X?g))jz*|yP)XbpttXucgEj8_~?)P4}SdhH`xcDfBNpXzx(=IGl9SQ_pko& m%|GJz^q>Cs?eBl|{=f3Sex`l#;g_HM=`TP3;?Kw5{O5nqpCAbU diff --git a/secrets/hosting.de-api.key b/secrets/hosting.de-api.key index 32c936ba522366c4bbeb43a58342c389f8c5020f..fa629c7eb05c7feec4f2b3c56fed44913c9d79fd 100644 GIT binary patch literal 908 zcmWlXxy$5q06?uof~Aek?tqOFW+%zy8WAzaOfr*9^2>d!AUS@MWR9GZ;~N)Yv2zz2 zLD<4_JB97kzeKRIu#&~rVjI8hACFhOD1&oYChc8)EvoWS)njQg1|8LjATJ zurlXV-;j2&xC}m>Ibwt5Rd6k9Z0#1_tvmL&{s1&Cp;Q})5Gfi%zf*lr?UyoD=jqK) zlO4@el4ONFZGh0pbY-{-E1GmgaTH_2&LrPk?O8d{%?={wTAA7l&6Xo6u9xDf$q!^a zc(owht_;=f(39kDhYENg4=|=k&!hlG;VRuJylJdu16j(Lg*g^0ofqk(>{&7IEobei zwR58h<>;d0DWNFb3`QAW>ju6Z9rQE}=osx`=hYOVc~@1iWm@q|CWcnCn%wTl4MplI zjcS)B+Yrg}dLNQyZ$JJ>tB>uReLT-v7n$zwRb6euEhlz6hhFrL%UtRaTp9rS7&M>=}3GZOjb!NY&uUthn5!+$Soxq9^G z?~h-8`{ySQV$fILJwCki=4JD~_K#UpPYjv=@cD1=;Xi#{|MB$2U&GIz6;D6?@zqx! T+`{kMSH~ZUcb`4!+TZ^NtQ|26 literal 1122 zcmXw%yX)h00KmcN$e`fhT;V_^)V!Lc5l`tiXaq-q09K7xDZtySoz~}SvkMTUN!gg%Btghay+aq$tp!qwq%O#z+ z7k^gpoPn+&WgA!~zB`cp_Kf%JLWqExYUfs6f}AJ#EO1OxZIW;cw_{5V5+){MWlE~1 zV@4A0DJZ5r9*0ZW%_NvD8`vh0SRhZF;?@MYEL*I8I!d94y%hz8bh zW2>^)onw{53#U$Lfjf$dO6ZNTJD6s&^&G|Tk|8=&^l~J%s?8|jW}_%gC_78|rIGUFIW3A(+(4?{}I=u)$u9_%B(L&|hd6xsD z*oXKa`hdw@b{jT@*WKXqa1A{PoW`k#`+y08OGEsw*E_&$*fYbdr9Fj^XbRho%Tu&pldC>nG}*4R zaHj{XiyVr6$Av70ts$5fz?D6ox*hC9lWz z8@K24V;lRIcy?ztnQ!;SZ1e6+$|K_Tt5--wc0$Hv0c%F;ie&6^z1TaVh+b~uRh(9a zxDRSA63!uf(t(qn#P36nHP~ZLQy$|ny`{m>BxKAJd2m0uEsQ>@~ diff --git a/secrets/keyfile-biolimo.bin b/secrets/keyfile-biolimo.bin index 4fb697238b1b796b4386e0ea4081854a8fb03868..a548fe9280c433719aebdbc50fab6b9fa7758c19 100644 GIT binary patch literal 4848 zcmYk4_g~EmzCX)@Y zYP3Rt;diUROeU3sGx}{}flng9xsa(w4IPg&8?paqvpeLGSe0C-06;W_S)gH&T^x%P zi8Ui_5Q;$y5CuAbl4{`tc#qXj|;Gz3@S@+ayrN;jg-erWr*x*7T_~7 zp=g%}L^5N@EWL(hPPkE+^5?XEK!n z0@@5w(9$>xIN7JhqCk9r0i~%d47~?NHBeF*VDtGNrp`^l>QQQwQAf~etV}CL?Pmd8Fp@@dYhfy` z%SZ&%wFs%m;iTFbG%*i}6fs#kiBbR(8w@a{6N6PkC;-WYHQC8rfm|o$Ilw4zDg%tM z^8IG9pN6-K>{=X#0H@e=dI+7Pa*4=%iUex~>Gev5nys|hJW7ggjHlzMCw zt4wM)sZv!Iyb{5Nn3+@*)<6TWc)U$WC(9jjfrXDSfS?E=M@Z6<&0_q2u}pj%RbXRz zyhgJYO4o>RDvi>pKoN{-I+e+0k|VfYmCh&8N{v*kRiSa}#UPALK_CEtfX5+-O=i8w zL)X(}CZ&^1AzM-vVl>+!!5BCsml4eR{~sI3L;(~J((xGr0K?WWpiCCR&QLRiexFXQ zrI@8qvI&AAFr7xD1ttPWPNY=j_wtEm9EPP6m{?}C*2&_aKrk%XX|xgGVj`WuR6B8K zgn=QH`(!9POl2ptj0-22EPAv}Y!F(~2o#WC;gX>6$dKg85!XJ8kuNXmI)@)u$2&tg`<~nVJM9|&4J~@xH!2& zEk&_F94}Hr1AJbc$!JNFn#5|oj*rsVnGk0xPbY9XkWRhdAfjk&Mkde94&_H}Yj02-d9Bh?Wr~_DL7Ki0c!&p>mw@xP{p_M2NSS&M}(%2A; zTW|D092_}~szs9lGtJLMDd8ZzQ7JQPaDEwDsP?m=Iy%wM7GMl=92?M@Jz9~#Wzai4 zc&|^0W4iTr7N6?yYj6k^&Le@z5gsoH?r?h0fQrc^83hy$QYsKY1XLeSX2)_oejXh! zm$|4=zmx^zaFITPPKy^20Jq3bgeg5>s@#MJfu*Sq7zGLDiacl^hv>9O1ZFqdYSe2b zUY3Nwl2b(rjo&L_3rYX`@$~6jZn`uMu&d<`btHn%5_zEvPNY(sz9cdV#FM!AYHBJ0 z%_OPmZjS}6pt91qLIq2wAWCFbda90T&|5JIs~l-$bHG#x14tFCELbsGO284kW)L0; zck1yff!GQVTp9;TkJgF_6amd`(Q!Ev0vr?<7Z>S~scdqO*r`!4{Qw8BswIHmoQBX4 zyaFq!U;MSa#FLG51iFYY` z>@g7Q_uiE9ah$d*$=!Q0I~Ga@6|WwAqpjUkYRNoxc3OgC+Gkl?tvxyE1Y^OMgFCOy z5AXTritRa>8Cz3U`Ewd|PT8HEU5U){S-)nHl0NM>44Jffo4hCQNaLDgqJnR{yIXET z_jcr_*MX;(hP?e0-8(&N)b>PTxTuhzS@ZsJdtlJi^+U^sWp~!6hrS;(cwhO=sJ#L3 zWAoyMW3I2d{~5gUF*9L#C?L~oFlbepwh-adKu zl^@d;wnv#fvT|JY^1><+{vQZ0^Vv%0!|3Wy-OBLdXR}nnC)zHC+(eGPF=|;i<$jHC z-zoa8NBkWLmt)x}$@dPOKF6GYz9;W1m~)%;IPUvdbkN$-oBYwIh6YX987f#dyl6=E z&pj!s=1%yOGoitEli}lsZD@HX&wkO82?^dk>NP52unBQ1Ct>~Rn8aPJy$!?P%4Yrg zM9ZNUH60<|tm!_O^zFeVWp(wvaAOKb^-4PP&XKlZOS8$#uYD?e`|`T3NvMYz!k!7c+IBx71tA%uDH<9NQtTo25<8d zJ^72{Dq~wp<8j7&Y(m3>?`L1u5f|@lox7pu=AtaiDvGwG=g(cFXW>v(({NGj+c{06 zXROS^Br-0(n%JDoC>NX;{^)tH7}`+(d+oeXb%uP;amUAs>PrypJb>PPf9<-AM}u<1 zM?ga^-H>&us|Gg=NnZW9>)jo5S%3D`rs})n3s23i-?c39s~3@V0&;ZR>U(|725a%f z4dJ@ZLtTvpb2d%wtC|gT5Lw}Ad1I+>L!MmR#eG{rxn7E||N5K^))o5Jwaj&?UdwZt zm;dS;l&4wn_jY1h%g4IosHOA|5eYA~G`!aM&041&AD(@t_;=2sqyOT{Pe-~>hIpzg zT8=+%7;0=QiMWvCI91*^rS15{X`MUn97)JIcHa0dmononYC-4y-Ola)^zzEhr5h*o zd>HgHmAIyWdoQ^0;qq0gYpdEGZO|LrzOwPRN+zL-wswBcM|r;W?yt@gG>VlWvhwCP zYsvkyuYBLBP_LnvY^l6=`sbA}@QEnxsraU!JAQ#R>W<}$he%yT-|8B5ms7r^pP!2& zWdtsne~otkcdB_|`gDW;+{Pw7^p)`EGUt_+6_tU-GT(vNui-z^@x#Uq+mU#t^IUQK zte>+mU&m=Xf4y6MY5du~qpNW%CY6o(y2>4cULd>R52R!*vK&FI>${qoR)kY*dA03C z)Q9-{8zuBt{-N7QwT~tyFRr?Mpf-2t$Ntg#yONZd!`ps6t6IOMNMoqU=(ZnYuRLKM z*Pr}7u9wAKxH$iyRXyU=@R^x{Ve-1p^oD?W$JYAFy5V0VtVzG89|#C=vt!a(nw{Si zf{+T~vFh@bCnp~6B6oWhiX%Iaf8b43p&G;S_VihxnGw^If4pf}n2`Ie`P=3Zm3ZUG zu*|vB3I3W}2_^jQwSUg&8E(+^*WOuFGd)Xu_VFE#R~a@i@VMr+W$%u{kF^nVK>_2+ zviCg1*DQ+hQtmX(&8YuzIr-W02*dWMONjw17p?DE#K~#sCZiYwXO=E3*qX8t=5__F zTdJ#7)Xs^qteICds)ne-KdLCby6)o4VNDkFp8LlRVXp0hfTp~~?mfT1P1mjMd^&%@ z?#m9zxmQoHl7f_brm!vYpij|pc_oa6Uv^RoKI8Cb52=+S?Uj$CHAheWA#M0|4%Gd1 z3HOz5(b`Gy(`Bj)8BJo8J@8{l|JYsWC#x3v=UR><@)?6dcKq%SMM5(>_SRjTps!qT zmCL;Q_#l(jjQBK}^rm%NeaPpdrF(%)(g-r_| zk&vCq{$6-)eplt#ZI3?l?;zs?*DCe;cUc7f_^GfZRcl{Jmd)-62?{KY_~)KsTk%fl z=?ABxL*WB>`@4K;#RvE52Jb3RCL%to35=v3NEq|;&&DnKH|a`5Al|aT1o8D51Fwq) zY<*-Y`JeO-oc`AFBco+Q=b}D>c8{q{(j!W;{#{b3*?w3V%4h4+_1ov#K60aDZqx4Ls-MtLbmGc zPeO^HsBymOmg+1f28Li6Tdg6w7&&FJ? zU|^1FQb}}k#?%Y&G}a6rE#x40_Ac##(#kQLPH!t2bX>FYaMQH9fI7p>geuS0J^th` z4#eIO;#|*P{`|>jtp$SqQMgA!;KppTxqZL|EDKh>j+puB$(3P@%FkQQ$E;ajVJ};L zs&G6e4zQhm)E0I>w#u@?xi943>Ct^_ax&)s(EHglyr-M88@H~n9$fq5*{;K8!P!n* z^NTZ6Dj=mN&m^0p>;4&>uUkC6Se|x!BV4yK@w$z2t-f>Sv~ljD;Kk=}5Bps#XkM*u zC&xG4Y~TAJRMz_F>qP3$d3zK8eK(~EM ziuRxO`C&Dn?Qd^XF59Z5^bcKjRJ5Uf4hI(!>f~&-l$M!MiHk0#?J^_7c+`cXUB@!ReXvWxwEOFF+jKc*SFHqU3qB6gpS_ftzC7`>n%&g_=>ynOCC<< zKZhjL4Adtb$e^G5zKzwg^+j3Eak2khaM2}OFcRf4&$@MSUiP%H=>;_6yHQmM6DZ#I zEsn%_m@+Is`t|!K8Mob8`!7K><&&33{+RvwEPMulEo=?nj%b>bv!-Nn!Nu@etV}K$ z(z|-qruZQF(@kH3Yh2||80=*w(CYRU;Gkd>_n$GHgNk~e-6RR0%cJ{i+U)N($B!Fw zJO4HBthhJs@ILQ}oE;620_}xE0UK2N9_K9JJn4$rTz7vd>c_tu+t0JscE^C<^JjOR z+3=Ldi7h9^osZa2VjsIWA@p=Y#h736PsJY4*g=SH(D=iBOY7I~;n&~0is4fi zz9sh1TzCDP%iAm7Oax!QQ@I=Rt!Vz!M>D%RU9&X1?{3emO8HY*eEH?l8~yt8JANIj z11h%epB%OS+@Yi~P~D#yBXSj+Y%?Plef)9ZSI)+jU*N3EBmPMJ7xYHsD-}eqr%n|t z(nH?~TL>YY&VdR(UVd~r<$dVH-)~2@kIR}db>ih}{N;h0n^v_=7ADLy2^Tym{;q3H zip#PJ)yqppvgIAM5Q z@tATg@yE27p7x0&U!8e+WtO;T^wz@WhUY4$qdPle{EyD*O&?J8Jft literal 4832 zcmXxkg;$gbpapQSkU<3t#aO{LkP)WKK&SJYo?&K?nC>2?#8^dS5d=Ze1uR4m!B_)j zRX|X|E>sk-15sE6YmMdYd*{5r;GT2O?_Rl99jmq|9X^{&Z?(i(9a@MR28xZ3bUJmh z4yQcQNFfQJco0BWqv32D1xeD;eIy>kDF=K6of<9FsaQ4xo@Am>P*RD&D+1fGfW~FV zIN<^Tg<#cs5d<0AO#)dJE|bEENsu%AXeXHHfhI`7ZYB<(!hJfG1gB8TjRrPZXvOF` zP@#rt@oOwLDOn)~C~yadNQQw7bTB#r(9pnGgN6#Hd3<;w-cO^7=>P-|OYmBFGBsSw zkXcZ672Hk2`v5BmWwDvrUb2nia53Q^1K{Y;skOoVj%k)$=(+~KFIG7zFaj;|xp2DE^ z8r=ks!EE;7z(kZUfeZ-9OpjcJBNByfoLmXGh$uuIo}-XRU1+*WfhL>OOtwlTVymeT4~0h8^G#_A3mT-f@yG^+5g^l?LNeD% zCx|6hE`f{nlF3BB-Api(AWo^*r17%d8X6sfWn)B0GSnvo99+K2nuZ18xneSeYo$;D z1rMusfE9oZ<5Su!IKEPc^)e`Ui9p0~hzWdx1mPD#Sd=s}LBvp{fh{5=-a?{*h%hAs ztmcv^IFC4uP0@JqHaXE`bL;I?mWz+3X^}Jn&dl?o)g)?~n1-N>9WEu7>ac2bt^|Zu z2f~w#COtt!l;foinS}45Kov{`(n8ZJ30!!Z(@#_D_*e#u!PQGtRy~eDqbOZ8C>oGs z=uDZ@i3Ty4G_zbtVky8*4Z?wetF?4GUaVl_WMn#1V<3|JST`8UMC-7||97lb!BHp} zE>dU_BrtiAK0E?$VXH-A5{hMkOC7!eE%AC9Df_(U0s zz<7N@3T zKu|eUhG2U9Y}kK<%{UX;!^A=e2DeFwg<***rWDUaI~;l#m#qM}T!4fl8No)3QSKs0 zp;9$Q1wy(N1{OKNKqQl>Ca8u=fYOO9w9k$eTFojbBLPBEdwf)bOKtJUtO*Q=8KaWJ zB^IHYXjc(65G07B6JcRE8V)QKKrnVTHjT-bn2ap81?whYkw}e~BU2bH2BuEV_3*HA zl9~X8%lv4Mm+H5peSjTgNT2~}b|nIXgVB@{o=z@>8a!^7oaU48EIg-ytd?qh4!4j( zh6%V{H=0W}tHo?DK?CPlZF(pUWMSC|L@opE<5J0HrNWrzbu;K%Bb2Tbn;3Snn@!Y% zdGa(a51b&9TGE^rtVpO68-!Q}5>LYD^&prFA=FXbZXMS~A|?m`0p4x38mUr*iEA~n zNCaU5oB=5C8i>T93sntBc z!bQ=mjd-?R1m;n6b}yD|HhZufEf@v1xDap|k4+Qc5?CB76%XhIAST`*MB#K23JU;Z z{I&$RkioYY{ALQ;kVbI0@ItqiuVsV5QX%&L9H+%<9csB#9f^>+c_0~>4CuI26%Pi( zqNN-Go2Ky@DJ+Nw!&X>HW-=aZ@#1lMuNbPb3bZ_pK<5((xK^wIgLK%HFf52DWyo|Q z;J;IF8O=UPf|#Qgz-j+gXkic}9uFusHZ~Hk6d2t&5)6>&^jMFTm>1M4IiDN0DphX45q(euxCFW38t*w@u4jKGOmiPs0zc1j(>Y5cgp_uy>ytMfy`Qh#o=F>MhZV-zTfXG~4NbcI+Q2V3;oljd-dtzxDHj#e9f9PB ztCB;em>4ftjjHemcd9Q}-W>AZ*(wWwR#Ru>C9@y&XT;Qxtyi8}Gv&`cA(h9m;Xl41 z);&vpOEXkWdh^T9JV6IMlQ2JH;0=d*HtYSWEu-m;drR-VKPj4*C%tm{!SU>fm^I6z zz8O0En>SMmw?@_4_s=yQ`U-q~HuKHz&W_D@ZU!u1foDBAysJp_f`)E7EUBxPeaekK zcz5@j^tPJ$wT-ACdlne1&igg{TGQYWA0^4v#$*jQ<%(ZrPHr9wtQ^~r^&-vic+KlX zmG6e=1$S~l!Lcyk@cy4$pY9uHe$|AhUvEt$&AexwaFKhSHsNwn$78Im_nCWV%>3?4 zUAG=)#9e&%asAODbm{Rw`aNss1Jw)Xw=4Qfv3hb`7CZj#_vZb(qn5?j_X@|RN#->k zbnf~5^5p5ueaR)!EynlMKHp?X(kFc028VG`V76&V;PsfXoek6cAKlBJt|IJ-yYOS_ z7!>?(I&KoPyx@jOd#R*+={&9K2TotHVBAIl<=e7jwCRHA&fM&k`z!vIH#$T^6vDpf z+XscepA+o;IIvcD=w<7)Qx63Pz+YXrB2%vxeQJ><>|9+p-#gg! zA1WT~9QSp~s^>XRR^N&#k(YsrN4*FP>nvxiL!E*aM7PatsHhl5yfjJ>F=PGckvjqi z*Cq4EL2AC-1#<8}WS@5ZqMAST?lYaC>rLQSZfg5q3K)-b(S1wc^E8vWw+`V?G z=oV13XZ-fSa{8wU)FqgeU9E9fKOWi6-LYEpKCtTg9(~6rRaWwb)+{k@)k^D*pqbro zXLW>{jD=Aj)vX25egEL$A(R?fXm`dfx^n5HZ8sObo%8jtnbY+BvGB0#XCB0#DYqIE zg9Jr@y;Kq)ytr>aQ2TAij!I76-D?o7r*GbRwsc%4!s}bB|6wNNg?efKGgJ?!sTxk2@25;|=As zFyqF@<3N4Icfq!av%!<{>3Et#xV(k2_~)q}|B8eoia$}$U!0_ERc)HufXt)s|J+ad z;O*Z^s)^u#-YI^pf(C*2RnYdj&j!EoEi~i*TfC~N^zN=BP)+(k^w^+NiywEuvOaVC zn`SoUzC`8kUOa}oZ(lxRPRqPW$_>^Oy&gIuhw%7GSXb@vjds%P<81$*FNwE#i`r); z#vZ7?z8unX`T7X}8tVc-e`%JWHXf z8Gjbv7E#i%iFRohyiFcF*HvFL68_OsGsF+Af2wGlHq!KPLzzV?j89p%=g6K4%cZP7 z6Ql=U^@IBS?*q>}$ImBk-jsax;pN7N#{uEo+}zy7#-t-N`}@LSgclHvk~81ZA|6oIZM3{I~&y4hu z<@G^+Vv*`W%_V<+Y6UjAE4=ZWa)S(bUdH_qf8^YR@{}r&;(Et}c_WLS2Y#(n9=vOBYsF^1HVI>)PVWTIV-sj@g$uD|q7pGWY~HW%JZd28z7z z2KqpTq7r>3A~O^kx~UUg7{lksE(ZADO(zYA>a2ff?w@+PrfSpDp6)w6j>Nj@-(OQc z+02vTo|haf7rbvsi?g?1`LuWPex-cwj@v7y(oRf`yOQ~39Qs-+Iv}*&+(0N4gaMxzO3n{ zl1XW2_k372DpmZWf)O}S$Yx7q50sCX-?y)ynYhOhr1|xE74?PIbnXfJ`~t!We<5G| zwymnVW1wLBsl7l(z^3W*|5)s1j(sq3=}|MxeYP~bEBC|bmaX8%N@w{Sa?LGK7C`ik zlh>~CwmcZT#?I)y`t)H_I8X6M&CDq&nS;m;6c>8bJGbPomu;z=9l^U6`Wr+lsi+Ey*LEFuOZ8F8dc~#wDTZDx%V7MO3XANwAhpy}dX3^ejIy|Kd4m z^~mCp;qhPK*Rq~nPaig*KDk?7#?U+4?nyFAo_GR1q1p1SZ~u)7e}Dhp$kH-0KI7zJ z$s(e(9WYiwEsmF8I(tJtWJD#2zibZ5`aGh9USHDKNW`5ESRH)S|JkVwF_mu$bE^`9 z5+~W=yfFyT4u-DNSyH0jCPx%8mAn7#{?g5%pm$bqe`~Lh zooZe>9b;PZDqjqEB8Q5Y2Q@eE^zb7^QRXAa@m@m1wAEie9ca~s`9rUNST%9h+6jyC zjf|eGt%9+d#;z|ZUj|#h{GK8`f>{+9u72`(;6qaN<&=b>r^?AN@YW4a_L3xYtt~wc>1K zz#7@$)0oF$M0|o#!q}eTV*me z+r?uSJv>i&@6CL-sMs0XxbN`UCG?f#d%aO96eM!e>Oo;fu6$YXKN8VDGEry@;-M#= zw>``;_Tmle({HWw_l+AHQQT`>8g}bs_4xbH?Ky9iE577^oi5587|JcgK3(%+g8b}V z@$`!<1x?t{4(spJ%!HT8Ea#sL0O)bm%1kB-L-1WH;K?#y-UKc2MVukggf zt`)CXk3%yOrni)CXs$Mig!P8=O?6$TmPNl`(6aH;>T$Ujw(z*Ad8yj5J5|$*i$8>< z4=hIiyw#jZd%5;bzpdYP(te>2bocDEj%h!<$rRD>rdhEiSI;jz7q{0u@OoJ*Y=rDX zDEx2YDC_n&{rrHZb;VIdlh9F<9TVgFw)C$3=g#R9nis#a*s83C+3j=Gud*})3umAg z8E=gKcu`P?iQ652A4#Veo({|Hm~GF#6dC?HT;bP0+_rH|OW#~Rxix)onxeaM_$bfX zt{FYxhTygt{{}x1_ii3uRG#s$^b9)&d}#ftoteiX70UV}DZ%CA5$4w?M?W?$U!>2w WFTEHJNcBzgrgI5X-uCe2W&Z<#qcpex diff --git a/secrets/keyfile-chocolatebar.bin b/secrets/keyfile-chocolatebar.bin index dec7a831f576f0066cf373da8e66c76d89d02a61..550f4d394ebc0bfa6b036fda454530329d118733 100644 GIT binary patch literal 4676 zcmYk+_g@W)!@zMRs$-Lk>fREP({c6+ab}&)-lKG#y*hgzu96j!sAN=9g@)+)K0iFK*Yg*AetEw>QneDKG|H_Wvt4U4E;CuxU?&s+iVL^dG$5q{ zhD1WK;V^;}Lsf^vX)-LwAws!4EUKLERDd;VB3H(t0l6F`8&5S7>?lJ5o(|>mYyh2H z>*NUtdX|esK*j?(Gz3_xFyqJuunI-gq2&w`ozG_^5FmE-|JAHEX*f)+P87NT3JS*Q zh7(bGHj+uP2w9032T@@1a#3#F3}TK*WE7)0Yz^I;D(6e!UIfvI;=AE?1i?-d z0?=j;j9|m+h-3&h!9Yd>&0Ld-0%VvS42+7ar(&Hz7u#mm>6v6YR_$iuq$YyKptTvn zW)YPPO9epi1})o!1MBrPlZQ-0s%>Z)T!sU?9Ac8391pg;Xk;GD%+zzaHao>DL!tDX zRK8Yfk&3CRc$yIaMw{FT@pijdEYh$UEQAdLQ5k?@9!A8cX$dr&kSRB@3|cBh>NROF z9+ghUu%HcG8G}LcI$?SyAQeodD#Qk7s@!TL6W}yrA|+lgR~Q)rF`Ed*Cx9hZHkd`h zt2kmAM_?rr*-|}~izRCf5EqyNg#fg`L@LLuAW+l^TpL>}xATN{i$`D+V4-{jn95>% zl_rY{4@-=T(H6GZ0LE%C0JI9>;FD=8CY|DOVz3^(nuX+| z6mBkt2Ikmd5_UZASmJ`3NhD$Ba*;In4AU`7{MMT1*2D+5Ja7XrUsKeEHBB*H5e6ctJlCzHIb+Q zOT64EG<(c&u3E|US`%Fw5*2Z*raztT}V2T9S=5o)ies+%z@d|I6@ha@RrY!w#8 zbQs7|8PaG%$fzuQfkA_!eVf=7%`FVQfUZciG!knWB9;S2fzaL+Td)u5X-RHP;`}sCPA33d@;t$@JN_M z1=~f!3$YLti@;FhQmIZ6L!$vYB=In!+F{~wTtYxR+GtVpaRRZ12SGZVXmf%`MZwvK ze4PP7K*%(F7y>5uDsZWKmqgZtwJI!X06JNMM}kbD4B(Td7)eyT`rdkRU|tREJ4RZjYejofu(l=Kp;@K zGF735y6jkt8lz9t0!7OIPCVYFMnjl7PXeDShDcI*d;!m%;C2D1n~$WB&mMgFAfkQ8 zi66*4VY{|=?h^cf?j0AFdD4=^SUW3}2&_+A7T3^RJZb8jHdolVuRfbNKN+_c=RT^1 zJP-WRWhzJ((yHTE2&H9b#It(e5-;3roCQZDpoJis4((m=V!^sC^sL&Y4fAA< zn@gIX-RyuBZ@%Ayj(-L7=#x&F2K)ALJct1zq<4P~|To0{O3YE~@#2FB>L4;0{x3E0&~uTpxu7e4d3w zMZFWgsO|oa?74c(g<3xA%8T`@M-MW>YY+5IJTk*~?PmqR2tjvDde=LQJ-4%PWNU!` zDc`^>OH}=EjqeBdt$g=0fxm(j!Fo3D`TDYRccJIkz22JlY&&Jjqy^Po=_^kJ4_^-e z6s<4v`!G9fpY!SS744PHqDrC`IajcPU~;y<0|bbpYn$Ya0yymC~5? zlc&9XjCti_&WxyA7Z`PUYV2KFA9fA%3AHu=cfO&wGBC7y>sifcouiwjnUFoZFd}RP z1au@CGDjfx_5UMu?9I8f4Y#^0p2StG;_Pr)zAoZBmPJg8gT1XkSjYS3^Bbxc$fA}% z{&3&`YYXt!pIGTU%CO@gk@vL08gRX!>7SYX(BOojVgRQ|*t7DfT31HM=v`KbpBQlU z;^ER-pR`#>SSo7_0u#_m_0gT~tOaGLv-ZVqa;;Kb%De zO4`-6(`QJ&V-7yVRN+p5xnD^AB`JB{?Y`y4InM~yzi|JxQ>gIbLt!=mcQSb@?7gP- zXqW8$s^4-zDRY8HQH#?{yRS9U3TMnsTPQ6Jdb~3YrzsiWrRZp~N5kv*N$UZhntznrsK?^(qPvK~BkXmsYh zApFC=^+-?0KP;awDF+vYz`oaQ-Z=SwOGd_<#_65se7g%oJ*KQz8AlbDKV~gx2li^- z7(PF8r^vVTmprnfE`BTOscNhk`ml7*RCLz$ClPIrMKv0s;Zfx`P2?b3l=aQM>Ix`f zMa9s&T}o$&3K0Om^D-h@`}X|Baz{oE4u7u=zK~GEWlT{7m3-2D$s5lJ?L&_|3l55k z4;cy~okZ06ul!m#0MKVg)uj8s{pd*Vo^*ZQ#08m`@}u76Mx7__94FdWE}wopLOFg* zN33#XZJ5G(xT&8Oexk)SGQS^=)*YBw&{HszBg((uM$G56UjEeHe~Z=gY3QANTz}y# zPfXcl`s&@X^Zeq|@SAHoP{SWD2Cc!ZA>Ar%um3K|<~XV%8mqUL_U+wv`+n!%hvnAu3I*fR zA=fAp3cjK4n;wj>@3~s|>jU?Sq`2Dk_kTa%a{>MqPua0&+3{6v{kWNU7j0B9v!R8y zJAI2!)A-@lr&~>Z5o6dGI+-3eelLPxvd=wuc;VN68f4n#%H&mDwIgw}?SCxK zzpEeT*YV@*#kjqPozXn+jMy__Ig1WQpULZAv9J1lR@^?nsgZ^8<%agiur|lNdJAnh zCdLVotq*WA=KLhT#OMsmV837o1`^IHP6ak!Q(rz?#H+y^4F{jDS_m3F)cWR0ekuA! zNQwk^TKHo1xYQ5(4kh+od$={{(AdoP2Uht`T*6zL*wG8h$gmyI4dk((Jbk(*Ly(rc z>f^CoS9w)K*Yv^f*MiGt)cvyZNR{vW2TYOAaFnx*Q9}E)d*h_QQ(;YsW@rEW!Z&VC!!%mk%)> z{KXF}?Yz;#ei-y#htAZ-ulYAg(*zHEtQWQ1Ik7lVZT%~MLg8Mq?Rv|aMJ1yHtNB0i z3&Qi6exVT`M6cbqG-F0hWSSs;;nt-?$;Qc|${jTu#si<1CjL4v68N!Y_sE}rwZG_2 zZB`ARUgb_7f8-G1$(>yIK*^#NF-Q`j^CjA+61!FS`vLoFOw_>Sk*>LskE(xtJ(a+V z=@mX-SvyvWty2Vp7Dvq8)i4s9o<2Gl4lZ2S^r_@#@5*y^xrcmZFS=;$Gk=3d?S|A$ zAa)g^lRjU_pM{gZJRUr zx%Vfrpy)@2dOrsfk+a+wR05xI&Rtz12z*M0zXa_suc2O=G<~i!bqWPk6Jzen2^+Yu!o)%&l8vI{==Wjm&wx8PE>a+fp0Pvp5ohLn9 zB5+z^()DvkFj3>U^aQ1X~XKaFF!~8`JktIJ1o_~%Xc=@U-=GSUh zU+~XI&{bn9iS*suB@cHF27hd5ztR!@H)#KB<)^{l_tYO*vE#(HkGZtPox`&?HLvq( zUXN_7T>A?4al?7t{Gc>={id5&kYrtZD6|;3;aN9-LiXsq&6n;*MLs1K4LsfT%YEV0 z@3n333HLw|8dGT+3j=$x9(HWbtMwvTQI2 z)E0~GXWT1JEiuVM22v!Nq|AE=JHc04^Ji@IgvLhM{D?nJRBhekc>=gAE7_8__8hYH zyAU)hP`}8o3(j?ofYLV^sTLx zm8%~lR*V~5>HEk!3Qe@nH*hl-pJ4UQwiX*1wMlzoWNlj81mxkujmbyZA-~AUM=pV` z%xL+^UDlJ=6tyCKi{I#(X%8nqT{gvbHl}9mo7Y+EDvt=*J=+m5vhC7XX!E!3`_Q2U zEb#pyQub&pVF`Qa_S%(uW?x~(maPp*VTi__Zw|YAd~e}@uFARq+G}YAo6Ku&HhEq| zWM}{Trg+`!%S&dm)pEZv>(1{^&9n`+8X@NUlkdAMgx$pn zjf2Z%vaHL*PUpX9(pB$8N7W5XDF(W3eCqQHk>rhiq6%DxsQ?mQFt+eNKfc`29ETX@ z-oEtD-zP~`JC5*%3YYr)MYtOKf|@Abd1EsDo1frKTGGLCaj+wcO3A3)B?9d~mlD_d nRv1!osy7wB!cXbjEQUynjxyKX6U)~Av+JI>H@f4@&K>^)w1ob$ literal 4693 zcmX|^`CH8iBZcGL0%)WmedIR;SKlj7YC~G&3+!>onm7mqgA&PXPNhHsu#iTl znn$w3^j^P_i8m9xFt!wl$^8T+*~e0n! z;6{TaZoW%|AnV8|m0AW9%4rCk8tv2R0S(fCLSSKWfQ(`hQ#B%!=l?iXDPc$?G%gH= zlL0hM7!=Gi2(TOsj19xeln9apF7uNa5GjJh0z_tlk%)^mLyT4<&qo2d;W9iHhI1O} z8lKnb@)NiMBZ)xN;;AAGMC7MRr3AA*jzn_t|G({j*1$9xs>lN}>cAL)Z-$f9VmFfD z;j)-8n9t{vsPzgI7^e68To4CTgtxIcVjUYxL<4ZEm#&dW%xo&dBUL*=N}F4$ry}`A z9f7ED;z%YbMQ6mtsW2qAS@`b?w*f%_j;@P8gCx_M*5{F&j`)%q%pK$|mY*G%KD!XVL6RBSfX)#|roky#%aBa{#f( z08;1`ZWQU?1ii{`@bPRMt_5a`bMSd6Fh^muW1VyZhH3({$bi*`@SFTjGAGt1^n;BC zITGe$<3TX0&BgSq%{YSy&_YuS zS<0ND$6eouY0X_=D{nr}`2qD2)2^cp8PJLP;_*3nAyNUIdlxF)n}I5aRiAP%4HDPu@C}XZTCV2Xa~!PHmei z{Ea=<`My4krrU7;fva@a`1}#;?@Ax-yvWR+WG(D&7oV?Jup=CvJE^fqU)<=+l&iAC)fDIsQo5#n`i&;#IEi-q)$3#8 zUwsHlg-r&RRK=lV|)FCl-15Z94P$DGhH7&SJ#PoQkKLT4c)jDsnSnXYIj4>VJa0UBZOgNi2~)Eh zuMVEASXw=5`|Q-#S;6PbG5>@J;h}M}YOcAgp#HA07SU?auG|Mc=pa9|z@6@oZeg96n0jIJbs4E+z~+ zYg|{o(_Y*%;v0JR;%TOz0ltVq3i#nySTcNJyG7Kprc9iFw&+j{|%jPgURsJ#imhs6@SeH0Ez8Y;&6t|qtOb?zA3uHJL;i+{sOL$SpK9yZ z8NwnDY$KxgsVgNocNuMd;eJ>?itx-{CO0crJ^dvG>kdN zTIQPdb^OwY&Dt?RlhWRzF+;|KvU4F3unb2e`h{m_oDBlKr{Mgmq9Qs`RL2N zb$|SLy?SKt$N!vJbdi7w3MBk_wXo&uzG-Y{XZhl%+Td=33~Om~kq(h6%S#gB(geZI z8AaP{->wFH3yOrxmnJq{)jx~;et2hML1OXohI=;z3wpPf6{~}#;mYx4S1>sxzRTh7 z+`62SkbBFUYYz;A)Q+*GkDe(>*Ji$nj!2KcsV5cL=JqY;e2%|#C1m6!R_v8mqv%0T7Ys13r(pO;GTd7I5iGn;x|SA4Q% z4mmQ^^5KU*9}bJ&N%~INb2aQ(&#(k`CIz*AD1Q8jz?OssKVFIDB^~a2)J-3TFSwZ{ zG=#n0adK<0@P!LJ4gd7Q$7wo9s|Fp-v|gVWayPpooR=1Sqp+aX{NDsDc2F_2(oj0kuV{J+p_wx5}ML%}yO^{b}r0sBd z|GNt(b3m^Qe(?mFnxOCI8_E;@x3Z%Dx7|4xT4w<5}92dd2dD`$5`%5smXy{;7}U^ z7cj7U7o7eXKQpF>GtK_{vV986BiQ1@*{6G`d(-dv-ffM@ zJ1t~}9@-2Z(>SMa=v#a5wwm3)kGo8&PhFTlH*aT5v$+*wA{cw_Va6JZ{88R#t_0Zi+OS#9Y)R(N`>^>^w&8 z*smlsL=w~$;^%=i)R?)NZ>yDbeC6Ja;jiu(5eK`gW(6 zcjmiVZ(Uv@eRe|~G2!JtqBU!GLBiJGN#)0?dj=f900s7_CosWjxn2DFeM)Q))BE`!rK#1RFyten!JH;txM1KKwN#Bw4bz%1qd8ns(?m_3XRmX;+$_ zq{%jxY3YR{oIv|u%39-X*r<((KXY-0;BDaclU zet(=&_iE!q>g}?5R`yk9c7_&jIysBaSwzQJM#-RY4hmdTR-+S^e~{^{3T>a5%u zdV6`2$XA@yPq^aqtpH}6-*xQRx#%x1+YSvoR?wO|@9>Rdow(wDv1V1(8+13B+6YtjQDW_YZFm-+mxLeyUKLle?Kv5d7vr)LDz#sxW^8_I@jfNvqpH z`HNMWpWCi1hTLIPoyMH|>)JW$CfCKVq{#TfWSnnYJp6Z1-my7#PW)Y5<7aD@~MCWrjq4n-l@im`6#1Gz@;vWM`sGl0NHuGf0@rM&aiA%?w+_WKkYJ=kF{?+S8 zZ-*c0k6n;b?hl#V1Q6#`eGa(sc|S}u_%lO(f9dnmcT)+91INqklPq0tknM*3sNVP= z!p%uuErX}g8V%TMu&iZ`-4Tkcz@f5_Tq%cPEhZ7ja!oCMb1dhvF_ zL2h4Ij^;{YO0D^IB2cM>1aCUs2M(XE-`2-lyE7mr`N~3|k3kta8ZxCPU{TSKB;{QL2)qbqw3fk&;{;<#-s3%|H^v%Rn-Yw-d+Q`F&IADf;z0vcBJ@?)m- z%8jzYm0?e)d6Bm2ujUg~kvLf~c*7_2hx7+)vm!1#sq`mbyGFs5lZr#+OW*&q8@ahU z50(^DUivyMe8u%=9ToGx-i8!^++y?5i zg|9~NS_6kc>nga`pq&dszkbCX`W1bk`>zL=DZ{dxZ)w}3J8KfK=2>H3TtG}nZp-dG zk@h*dPQUixXVqp+c{Z*N5xf_1e1@ zTtIL#qEb%XRzd!lBUT@2H zceqn~QO=f=bo#Ay;nxZn*s*I%mIXUpr;eg9xus571n+O*CnhsYRyrOf*_ukavezr_Ck@Oz zp0>!WEp^}T8Y`f~5;!I-%h5QX9JDE6olZN;&4Fm{|{`h+H~cjdO9YKItw| zoMyp(O;a+S0fB{3q{~s8>hNurl^kB8bwp$8J$lhtj7vzL>l87pt++13L7l)b9Hve5 zN|-a4p=BY_0N}`B2?`x1U&0Fn=G+ROiHO$Eq*|emLu}rqIj@2zt+?J#bFsnI<`K2h znX*dFn$r(MKsMHTt2r-KE$(FPG-umVS201G$%dR8Be<3%HPX$OVVLlJjm*2UW3OZr zM(5*H?1&0b%lnoVcMT9hv%#DLd7F@IHw?(cAfa-}peZG*avwx%nukCb=BW_nVQH~m zfi8*-bYKm3sg6vQ^HQ)ZdeDJm4;_hcD7N5?@Z_-RS2Dbsng%j$z+lSEgnmgZshI)t zT@o`AAOuN1=EvQIg2=j%#2wKQeRd5O6+g$u6K0*DGSOZLu0%xZ*`gf#d4U#+2etWT zgpCb=QQe}?lCOK_6(^hAUL!_TgwN%VIF`$+ z^no4Noo)pMyj+v1KFpN$*i&$@F&uPzL~Ow@*~yNleF`GsSd+02=%XT=l~@(es#XxI zw&$-V#2W7t1ARzg_=qr|5kE_`yuqn?UYEqgFv$gE)6BrZdngW=D-Gmfo*VYO%vcSn z(w6kN9c212^j4|NEo6DTo+1TV$5?CHj8%R!A zv_||maO-Ysl(%%tuT?q2k@Y13Bdc{apCJ8UfYdp`Zm7UImqc+Ecbs0y83Qj6{8@vA zaK6;YiMncueNCeCr0g5SOt;fThnmcKETxSE0Wyl-0s_32nCNgM&IU$fmKa2z^G73w zZ#os6wK930+H(h;kmYdEv1#9)bcI;mu+*Z48*(SA0u-KCqo`y)6*4(h)zVnFJfTJ; zA9@knB#}H4=L8lsnsn~iy=9#xtZ1$DbjfG1$eQwiz!{zP7%oPxoy;X6CI$m5XmnhJ z&KcPCF^ELk@;Z|vNQByE6pUNrl1goc!fOtn>Qf*Zt|_%PH0fM%7iGJw#x2rQS5Twi zcrVHo*yLwQj60Fm>BlWwhXql9x~1&ONSBO26lgW+rd68-qq;*j`DsNPVl6O5sT^p; zEXoSgOOZlWvhhs+e~u%jtwBw|2BnbomVqvKbE7CKk7A~CL+hhd2VOBYrX))=8BH=S z^1PhvV)LZJSa%R4A>S{%nG1}0WU*0)QVpho2inZi%XrqzPVOmnBfzag|1Cpx8C?L96J6%q(Y%xIFXwx_AQ^Ij39coROO|@;w7_Zh8 zK^aVDRi1!4Jd}e);Zj)))IBA|blS_<5|7Z@h{MxnigPTba9NPDYn*3WEuLl2CLC1_ zQ_l)jUss^Q^#`D5*#!Wntj8uBno8<&NuqOF9{3#<2Vr*7?RFz`(8JmY*I2o1zc%C= z#R78Gw$V@_wKk~-g$1nYvxQM5O24jP-jsEx8!ZSytE`b&3EH&Ob*cwx@+j@%j?B(G ztUrYtI86n-JL=)%5m3b-i$Fy!bYYt=mujVNe8qu!Ed%RL?XCb>UQy~3X_9kQX)#b} z^?Fh@l`JlR3@VfW!!>j&VRVR4Nl2Akykq5cvfb<#u0*qqx#bPlDPJ=cBAs?t6)BDF zJl;4e+;9@50vu@gp%I|+yj_lh$XB(xUtf7B%HT*|U+06i-?Rw~QQV}N(U@ChrdLQ) za$$~^Y{9cN0w}$HgP#zS$uL#t-ncVWMwa6C>1CV2hmr4;wNaSaMTsH=Ux|%anXOv5 z)WcWvC2t8}9S~e`#LXE(@z6og!uu6T^=csQu7*D8prW_t+#FGoWXy`6a(q!8VR!fo z*VXW!v&^;g}r1`PsO&ncM$|H?>E; zxW40U=fuffmtOnQ^@p!0KOgV^{VRKZxJP{{`uH*Drv6`#y!Fn7FJHOui7Sp2@qHh> zw}rpv%FDL2Z$5-Sc=dr3pZmsx_noy3Y5(K;Z$=N?_SP%AejW?k^Mm~l#<#rpo5Oz^ zZ##1HS>(M((U*Vp=*}aTKV-f=*#G*rbMD!l-1$lEjvt%5Uu#zT9(m)*=hx5u>&f)S z_dncs_6^5=_1kB|bDKAvJUHXj2mZ^APrv8-H>KabQ~%r>uV+6=>rU44A`>sQ_S!U^}AZ=SzDA^yGd)??eZ{pbAV-u+vj{PMP^4n99Q zhE1RF+`%~|+8<^)_`@x<= z%8t8_UG{}PA9z-Np}TMEANRsHK7QKX`E6$(`-G}rSABKUN5AwhNAA)OZ8}7K?Xtdg Od-URWuHMbQxcVOo@zIC? literal 2841 zcmX|?>+|dcVTOkmsm9_+r+~wU&Z!nh4L>%?CfS6xrzV@-B)gm2CfQtSmE5zN&1IA9 z=7LDAFvD~dynqg46{XdxpdwaFdt}Zq&fw95jLfvB42Jp=(qcE@vp&XzXrQ3+hbWhW#QORcOz( zSnlLKHK_?SCPx%v)dOM?!A9yK)MgDRsLA3DAt{4tLQDpeK(&$4-WRwjiE5!jroB7& zh1t^EE|~3nzHI}G!lS@J70boh#Tp=L3*Ti-F(o(6Y81plERb_6o_XU%GZHMZVR<~4 zQ_YF&@iI0UOJBI@9E-xFD!kH$f!@xrP8v5gC{RNk5yPStC82^A2Zz;1oK)`njv<*v z0iv&R9QX)^!Q=@oQ;oTDLN#oA7U*LuP!p@+=V@69&Op!;aXxDK3`F2z+~Fn$>j^Mr zdI98mCI&H(T=HPF(d4s8%}qnhyt z2dWu%c#w+{P!mx(T}94pykF% zO;~M8${WiUYTioTt?RJ@)w z9Vm058183q)LB9qEi5!u2kd@4GrNBEo6lwG%1W`!UDXn7QhF(EH?We9jT#rb9udyS>qHKCbDL8Ph z%A79j1GY}~GFUSs3a60DVN52=s0M5}ojpLhgdIx<;$;5NOkj7l!~j+@;Pp-xxH*j+ za52yvnuQ}w%VX7=Fbppy$^leRv6ExJFiDs7hwj=~)0A^e($FjbGi91u59x^HMQ{=* zS}`8f9y*4Lg+EM26A&wGMhVrQQN%08`yOSZ$L%|DUh8Li_I1U%u<#zxC)_E=|9`e&>IzpS$V0EAQ|B_op{MuyMV&J@Wax zU;3|KUAW=GU0?XpSHJkLzuTOD+quUcJoA(8pZ@mx^`pu-}ka^dR_1owXP zXSa{foT}AFF2`>B``~%IxcX(~@8~z4{$7lBpT2l}zi*ws_x4XLZv7+ik~cIDedDFy zyXuh--~7GR|DeAb{NlPh-w57)zQvw=`r+Rq-n0756#vCTZ+A}Ka_yxze)l8qj!!>( z?km6Z-{1e#FR#7(qaQkT_Uvi)@gLvu$zQ+khadFsndJ5#zxQ8WJHAu8>eA=#Xh)yC zM*P5Q@BH}-7ypBN?kAsn{jFEOgTMMK$>opz>4z_V;s@_Ny8X;epVmJALh!!f=kT*n z|Ni*R=bZK6s)R|ueczvb>Y3T|Pn~@6zU<0(pORjB@)N>k=O2CM#lKJ=zJGM{CEq&r qeptTpT`&FipTF=Y?YsVve(){(J6=QI_6PCf-?;9ZXMf|SH~b$Eg!@qd diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ed5b0d3..db808d8 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,7 +11,7 @@ let droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos"; droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie"; - nougat-2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINELr5Bvr15GqCHevg9QP8oYFgmaRUUHcPFf4MZho9gI root@nougat-2"; + pie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcTORdlVno0B9R6Yh9qmlOZKA/ZQ8RBzXK7/1rBbE02 root@pie.local"; baseKeys = [ bbcom @@ -32,8 +32,8 @@ let droppie-user ]; - nougat-2Keys = [ - nougat-2-host + pieKeys = [ + pie-host ]; in { "keyfile-biolimo.bin".publicKeys = biolimoKeys ++ baseKeys; @@ -45,7 +45,7 @@ in { "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys ++ baseKeys; "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys ++ baseKeys; - "dyndns-droppie.key".publicKeys = droppieKeys ++ baseKeys; + "dyndns.key".publicKeys = pieKeys ++ baseKeys; "droppie-ssh-root.key".publicKeys = droppieKeys ++ baseKeys; @@ -57,15 +57,11 @@ in { "cat-test.ovpn".publicKeys = biolimoKeys ++ chocolatebarKeys ++ baseKeys; - "hosting.de-api.key".publicKeys = nougat-2Keys ++ baseKeys; + "hosting.de-api.key".publicKeys = baseKeys; - "concourse-secrets.age".publicKeys = nougat-2Keys ++ baseKeys; - "concourse-db-secrets.age".publicKeys = nougat-2Keys ++ baseKeys; - "concourse-worker-key.age".publicKeys = nougat-2Keys ++ baseKeys; - "concourse-tsa-host-key.age".publicKeys = nougat-2Keys ++ baseKeys; - "concourse-session-signing-key.age".publicKeys = nougat-2Keys ++ baseKeys; + "firefly-secrets.env".publicKeys = pieKeys ++ baseKeys; - "keycloak-database-password.age".publicKeys = nougat-2Keys ++ baseKeys; + "firefly-db-secrets.env".publicKeys = pieKeys ++ baseKeys; - "gitea-database-password.age".publicKeys = nougat-2Keys ++ baseKeys; + "firefly-importer-secrets.env".publicKeys = pieKeys ++ baseKeys; } diff --git a/secrets/vnc-cert-chocolatebar.pem b/secrets/vnc-cert-chocolatebar.pem index d7003993ac5e194250c2f343f28b8ad04e855bcd..7765f521c551eeecdcfb07977c8a00d3667f77e9 100644 GIT binary patch literal 3474 zcmYk6_ghnkqsFcF^3@=sQb4L;v^Xk4l9R2VhU}e_lXc=E<7Cg1PKA_%T( z#ezZ|RJ1s8YbzFKwPL|l#Z_?OM7iD{?(^Kg;C-I={d``770E_CCN$~`+P$6}FKQ)V zBwY41d>~-UM$7<}N@C&xwt*qG;srqpAPLA3*h*#iAR^BJik(^oL2A%Ty{O7+CeX|} zloVyh1YR6njG3iku1~@O0s)JSN@v-eJ||u8Sa9-F`@!TQ8EyhB@F1$2v2O#LoOTWHJT|pfx0Q7}xma}cMV;U$SFDq4Unr}$ka z9)S&EOajah`h;$!+nR-w8|5xH!zOmS!ctj8$dk$~F$3sg6HRsrf@qMCn#lF%^8$2NnKEVl`yN0ch3+X^tq9#0I6 z0%V1RL1Nl;0*A=sa~XAHhr@3(M759?4B{ffPo;WPD5eMK2y7Ndjf^arIUGe~GNIe2 z_xO2qkJb}%22h<*Yg0JI0TnT*ph^`X7A$8H{5US#Oi~eHNj?|QQpgdKmxKoGQrHb> zEszLsx{UcECmE2!j*!f4)XC)#H;4uJDh^~+f)=ujgZuwzIC&h1$ij&O;)uu<3xfv8 zMwk1DG(JTlup(B_<`4?`EUM5)r%1E{CdB{?h*&TJuuLc%q$z{~J=G$#$Z=jrG$0We z~!oe{l&$TAX;h=N1`HBKYI4+-oD z6X!JueIcm{WoRVcpu(o4)5BV(M(+w)EHQ{GWBc{QpogkeQ#3pp0hACVCZotk@xj2Ai!W;}D!3atavW#k_=tX3V4o0jhgPE?-sX&Xt&k0+UuqkW}D-bPDWL0}$ zmLImFEW4eSkIRY#7)}i;=5py^Oyjnb2o@LzKp-;(Vd)Vx#%4Z-%Y$z%aDD6S7 z&Y}^yDR$KBvODtmMxIoq!yy8*TpSieXrdS+LX)!OIu~lrB3 zr(;OVhCl~xu(mvJFureo&2pGjwK*|ASugWd9<2NR=Q0c3Ibu_C+nU0vrw20rTvi}1 zQ51Zp?Xqi&PRz}Ga{tDIj?R&-YdSu!ENqCY=HJ#HEs5pKd~3YgxaEv-fYv99O79k7 zn<2>&w1c$g>ut|FPVH?j7~3+au;WhdfY_Orv>z@{>aTRx>;UfP`ZLZnoRvOQ)TY&x z_HFv*^9eWe^^i_IuVI;X?$eXSe^lK5ZtQ_+4O~NDf+DGIX3>|rpv)57GUP&f5_omi z-qQWQHoTB-I$vELny180Bn_vwJl>L!v3tGiH2>c{1&M$3K3ueZ_}HoZ+>NJt+`ER0 zi{9<{=J=vRHyM8mM_(!~Uu8RN+B<-cGgGe3o$$}4g8g?!)Xth7zB*o~9K6JT;)@rq z#K9fvBhu2Sa&${;{Q}PXXs=-5&_$ca-70R}JcobB&RKi1+Owo-PHsU;Vf+xH~ApOo1AK55PxW%13pS4%1z2H^*#rxbMd7KIA0KAPP({A!KAp}INo zOwO^)S%>;$-Itc8)fMPt{bsk8rN14=d8ixh%gNaD@#Q-1?k5}Y^F@p5=FeGJPMO#9 zU7%;ypx&hy5>E2Ay}0(7>wa4ErOc(3gzWwGjS**(KT=MxrzJ< zP{QmUr#O$%5#RW&yUaXeu{@i;Hs!~8=T!NNfB9*Cz3|cPE!`6-$0)bYoSsr;sZSda z+xuqpfZW;-Da)I8Zr+iXpHz6Z`m@RjhmzFsHTSAZ|IG+wY&XZbelJU_xG^zNv3mQC z^DDX%SLE7iy2`npy?58KtlWJHWb4T21?YY5vbA|V*7CV07Q}b8R^ZPEA@}-9+{A00 z9bezDd^0G;p152BA1YZscgP=KJl7`ra*wyS|88K8&VygJB5M+t6^;}x#%tSG&eLVw z{oYe;e?7{?gvK)uuWa>_R^{zWJ@j}^_-uX>ePR9Vo~_5LcV<>}NAKG3=lSZQk4S_3 z>51brPrs>nSzb5f;H-1=(Emneq*==$yQBPckjMsWVK?V2%M0DJ%3b0t=~ zYS_x?w0QdK_TN?&>|6T7{T|o;zb`oB?()vHzx+tqxds4UtF-x4L83kpR1A1lq`CBJ zL08kR;HTf@{?Pj1b;%-S9Gp3;2m$UVH*$NCA^%-^yyaBGobqX!F8<{g7r|X*9#@w3pgSFSc($HCVWZ-^!=an7`)R}y{pF_b} zoc`Cfm!H>nK0kAS@qzna;Df=@wN)cBGmV}z(vGhFkG?+II&Hw>t~0eaRm(v91yj)- zc(YY;px=U5Zy9A-PoGdSjtyE-`l3TZ7}dmsvYY3%w;xYP%x$$|CB~bTw%mOt+=1<< z9#^KsuiyH4#-MEr)vtDOw;tS3xwh=^J$V``9y7Swm}KCgqp45LkTMp+%(|mj^e#=5Sh@zD&62__(ZP;Lv1K!mv4g4@$e*mW+CT zbL-dGjI#~8Lg zArv!WeZ%|ls;W+2Tlgxcb?E&cYvU^~ru@t4JVSYUWfdD{A^b_<7fEbRF zkzkx+wGhn_qs|TG;j|JhV29P55S1&&c~CS=)md0T-09R)Z3MAKz;GfG zrq*GBU5H8wpwb{+?@>y;Vo<8Yu^~W3aG5=9fRJZ##2i7sE+AnlFpt%QdW zeUz;GBGIUI$T*(TWULFu|A#_woFkpyO z%2!8JX1N;(cr}OsG?I8!JCp+#A5r{OlgiVnP zWNJidB)Taf8IKeQnt~3$o1mi8I3l{p!Z2G@Hme;6=;Sd6OB%3wf(D9{tQWb0W}D4Q zr!q)BGH4UWXcUwU`}CkiA~AaSyl}{$7li0iBPoKpSsVur0*tymgNi1$>U{yWg^}k8 z#W9B-bE);1S`Z-m6;hqh9_1N0GBU+$2^a+&hbJ7SDy$Tt9SllvUlJfG@&GR@W|lj7 zCZ9PEnzRa6SSfT`#S)@CWOG4$H^alF(1d!94z)X@T!Ke}!@?$;LBV!v zA*YjTV6fFTK>)yFJROC?(85xSUkil+2gX$!;}(lbAD3Y6FZS}JGMh%GwXuyjj0;01 z8iB%NE0h+sSSN^JR*g<}{YM;?zVCWQV1JNpU2BLW?NRQJCx&CmJ8bhN2p&TF>qJa<< zB{1WREXM&M4~dx!|?)?~)ZUw=u7a&2BQKq1H-6q5a$6X3GqM{fbewH6IxlPKv7z!xe298!0<+uoZ zt<|S@wX{7_{Q4c+BGq;xjd5)QnFHLup~;3nD8EuaR-XGA$2ua;0Pj z#QmR7@Qkg5*P9KS)@8^pC6K1Pg1Lx`h9KG;}5T z=g^YA+!oQ)9@ZswYbQ*bKeL|^|Ksq&!iR~6rpGelElqf^uu^eLVa@H6qk2Db!1(Kx zo>K$iw5NAXxrgtx?Z$O2?M7a7){~AcT+X;9{btV%N*1P;d z(Oz21knQOc-0i~;^dT=Aaj_)l)LLTX(zL6T)g5bo7(TmtLHWvOxKB{+y`TNPZXM(& zU&BW1q%D^|?bGKWv`O9|;X^ELV_@mW}GDWRdyN0ch-)|~@42F1_Klc6(pDJ2$jpLa+Qn2`d zxN&KBW6}DGm)pj@xX9FIfbBcrQo#ewUjE~6cTIa=y*~PU0B20ys*#H}wDRg^s@}n3 zuVhuMYQRl$d+E~Ruigyj9{aT>*h)zMqb$1+o0FNjY4_HlF|u91=g_(bwICU&?#Y63 zihk8>7Nm^rIdE@c8YQhYvw8XCAK@vbGapU6#d(?kbkUQ2S?L4Qs#1ZnHz8?tTgS*r z9eoK)2V_!X(FKy($9komeMd&m!5?RL*2ymIKUa51vm;^Q_*_V{tGvh4itl-y?(CfA z_NqT0lx^vCyy0%&Ap1_QPyNtq@Sb}aAI^opTbGHXl+4+AYxGa0xu-d_?H7{XD+Enn zAJzUJu?qV5!`pw>P2Qr!Kku8NPc2=L5siGN7uJNSA#c&Mw;DQx3>iwh4n3iPa5Yf^D@@$Is4Ub3-*leYT3{@ zL4UYr-z)Zk*U*4ro^BR-&}~nTYCENJ*$XylprHSib;0_`iL~jg#rdY08~2WDK>Dlq zcPD2J?u95PehoFnUo92b8n;eV4x;zBGYfi7PPK0jH{751IID1SZ%0CVuNrJmYnmKP zkrFqR6mKc&-dS5$wlI}(C_Va@qU7sI6JIY_mGr1+il}0~F-O3ecT&`L{Oa~2OEW1i z$8_3l=W_Rstk{^C>3yAc_WYlW#-u9~n0!TH>efqBvZGVFb{?=_|MtlCBdNQ4e>$=H zn?Y@>jf=O#wTJT$;WJlWn?W9?znECloYik24sOmUttF=x<L~pZ_u| z_IKKm8b;E)#9jWy7attVIQis{ zhpGAKtYZ6R$`6($?xD;2jyrWZVK6^X{orAK#kdozp!>66hvwi2*|o4U{O6oA)m4pt zVaKZLy zbwFE2W?B64_6_L;-qV>U%EnxtdUpK5wnw4R{FH?0;+vz6mv>&;$DcIh?_b{KK0*s% zym)}ExNO`rB9QiNhk541&$UItq3>HNaH+#MmvGA)RkM{P@y};OrrzsLA4<4X*8Z&R z0{ZyQj%Axmog+lug3+sIMeiS!JRN&vK4Ism`x(sZyXumcl^)+po6+54vJalTY<0o} zN9(C&1!pF_I<^1s$CVdkXKWaQCVY?`$1fpUQ1qd1lM^IqNIk3FmK4 z;(E8_KA!i1kG?3T9w+J+XO|~`CCD+)-zJ#$R{q_hd97>G*S8Fg@vwrL+sLCueHJ!+ zuFmsb+4ud?eV-e_hn`!5mP*N8s%crp=~j9pR2e;&GjHm)%`-Z7bCQu(Zu_*sY3Ba` DP1b%i diff --git a/secrets/vnc-key-chocolatebar.pem b/secrets/vnc-key-chocolatebar.pem index d2853d11118e869904b6dd50809054417058ec70..154c5ecb1ff9cccf0574031ee3eac356d95b0eaf 100644 GIT binary patch literal 4814 zcmYk5_g@T-Dut8VtE}6rTU|Ge+`g{c`!1sOuCyaELa2=1M5wHil_E)$ znd~TJmihgBfB3v!pTFRFes~^+*mtO1#_##(0DNmCwE|}7`zMpUz*t>34*FrG=T#Erl8?ii7pyx z6RBus6_P84TU2NUTh2+)%gu0_TMfkN^i+zPl3=9KWd@lMC5Jh!ED9XzCW>%E08bz` zpk+LyhDg())Oroxz?4vk6dO#+VhXJmG}#ctL@SM0Gf)CGs(2Qh-YSoU^HdZu&_IYK zA^<=P-Kvxs5CS|0E;EauNS#}ZQpdZwY8V5l1;ZK9bg+@kgg~S^1Pn`J5hYrkoC_7k zaA_nH5h4M&RRl8F#%8P07zGN8HX9{q5f_A_b0A_P25AP`aVUw+VuvGTa2v{CAzOe{ ziOp>#!l`;JlC7cu zK~uSA989DzDa|q)!3Y#eL0}a{lt7{r;8KblpujL_U?&DEhMQvfX0}Z(gW&XVwVnmU zfmLdTj!3aU%o+qC+D&l?$V^47Mu&~Jiuef}nbU~Tx&Z&1Mgobz1!Dmcs9I~qfh7i7 zG+76c6VNt+R)cdY*sxfbRY<`RHS}1wiep8{5QYSz8Ow!HqK!Hg9VXZ7LD5JU0Ku0d z>_iqvN~ektE)|O$&8PESTqMUT=NTn*BMsxEaCHf2lSnJj=@O_YB^@Or30+biRj<~V zPyh_W5@SKZp)?2$gEVO%2@V_zD5K%=45^eFPbFJ~WVc?X<#L#6rr4qb5@IEC5{ysL z)8RBdQ;G)QTxd62N=C~mEP=*kgyXqDf=F)BQ-Mq&U#-MiP!5O=Ip6r(2gVktTMBcFM-55Z94Q7c9!yvgF5~dp@#@a1-9))72 zAdCzcD<*~xAy7mXDjxxX@l*ta+zqe`usVr27K3obD^((m0)a7DVHQ0@fQ&YP;SjA| z?83&_+;{~Z0d@e99ET~I$uL>DK&M13iH_F;EC?M`DH5n)@j|v8pP)jB_%ONHflUzb zVvGW)%gQ!m+z5d?fs8h=aYh$MAjgSFB7w$1HpszwKu_WrumlIn z20;L!2DX+;1;J=ix5P|Vz|2~pkZ)7MIYKrcj0gXJ$1C6wDzidjQ3Qo^?F7m4AapQS z6&eHW?q}6a3HVFx7Balr35uc`}LeL_O(jgQ_13B~EjEtzf^z2Hst-6Trn0MEC9_#|g^NL=4qF6rCzktOY4mL`t(nG-=u%lLC=)V`Ji@9Yy>ip$40 z`0u>%Zr9q3i*LO6gM<>!a@sROIzu({awdy$*p`4KjE z%_@SzV5F0QXXoANeJFovd^F>1 z5%RChICl13?eD^$2ZDYrj{vAVP6z_0-|ILNv}Q)k?HlvTI;Q)7nDwLSABK*;D&W@%~8BgVMdhQ)*d_ge>~Aeb;k(rY1hu-Cg%- z@r(*aaqcs{(K`LTZ8 zl)Z4JZ(~M0CIZpC@Lb61v)t;E(hO47Bw*`{u;;_GM^B9y|$PHOP_A7 z_ABm5o_6FGpzr&lOu>%MwB%4lX9IdTEv(an1upv=+NFENd_n6uov-po?Ws1@#91vV zjNeg5_2aG-OtPV&8H)LnU8i0@EM7^=JfDxL9Zn9-+$fye_vY!C5%(?VaoTlbX1o5* z6q5|9qHk3X3a;H=H>Ih$`fA4)-6ErfTw)&87yj43F=N4&3Q7LLLAU3+^nm>VcU!XX z=~uk3bEdzUTG?|c_v!M76@<*!qJ1;_p5DISRNzeVRDSK;vU(<_I5o<)WBs@KC3{CI4#8kL;axkFd`jTLhD0$4N()|Ez{Z06gEOQlGmd)?PUA)+3EeGp2YvX zF5ixp?JD?GcYW^I0e{m2#%Au7Ut8Ddmejlt7$5Ah9(kqv=+wx^1*MsXNp^iFB)6n& zif$&>@bOI9VDZH>8P~R9{W|TKn9ti3+v|Z#B@gd=E3b9E?gCVAgn9LRXNL!Izs{SE zq)$9}Y|}A<|GjBpWf7!{Kkr-(o|OZtFJAv})HN)>!#8tE)QDj6>S?!A!pdiXw9EfO z$0d`_`iIN45AL^J06{CL0O;Qk;aU&PZOpz_x&qOFH7xdeVC3uRJe49hfa)*!q9rQ zzDZnk%R22x_p|LUiO)72#ffI0(1r2sgpdEwYoBi1-|}w`lsu9_$tXI~coX(jRh2DR z>u&uT#v4)dcm{K==dT=aau*eLL)*FGUWE&@{f%T~RsFlbOC>8*$Fgz#ZGbI{4NJ?# zzu(*tR>a5E+l-)s-P_(y?h$Jj4Zi<3>SJYgdn_d}V<#WBUgm$aM|v^fP2im2i8q>~ z-pG6!b4%xPMmn-T9$qz&=Q#pzyl|$hena1aUd4(=NPyyN6|y@#<#NQP{mXI)fw7Cm z@YTC~Ou2`StJd#6^>oX-Nc_*4C;6u>x}~A~KxstE{&&&Jl0&QHEqj&R4U;uPkGA0NEN-}d*K)X=JA&u^hiWjD zRvj8=HRlFZq)h}U0R7&OmH-Dr8~gl;y)E z6yFt{iQ8En2Qx1OEZr`f{%LUEJg@bk^TQ6m8|d-abrV;0R>hg#&XO$=k;Yu#onk0$ z_@24`VQL4@oKyN{))UYyVcTsaVTby3b!=}&FMV2FMb0?rmx9+=79mh9$liRT%#ZOY|-FSYSOqC4g1P?MsH5`g63^-vCi*GciYF*NvMq*7#miOcElC~Y*I|sk* zzeOdP#*vLb(?BzR{&TWd-iyOO9g3@1lizej1c$_gVJ&@At6UzEf79W`4xDfN^r1jL|{isj&WcH zXZYBUgHX;nY2jb!o%#1wT_tWWLhk0^p@7j%@~t6V;iQJpTZdbq?kaG}+PzPKz;>2& zc$TrR@?}>Xpk(9y_3(=EH^2Szm~y(J#wRJ_yyT6;zv{s3OLg{VOEQq|(X_#+g44~I z4==WTV{;h8^NOB-EGXNw2ALcFVEcK~@WR|Vt(yzi<({ms-0*zPTWtN8%CGiA*_4_tV&;x` z)+ET8FZ@-ISBah}na}z<^V?39nYyfLR!+KHOk2CW zQ|Xg*Z0X@sQ;WW?oY?f9h9u4LbPo{_Q=9ys>>(M*)o<;m&i^yO2siUi2LDy0uJ0Kh zS-3sq$G#6o$A+cr+iFjcLa#-Z!QJt)KTk(#1Ua4iE2Fhn_EcS& zAHKw0Fu0-NdR|I#vc@JO4m3Y}v7)(mUvFL1EqUf`fyIpl{-9htSl!pwAGGjbaxkQ@ z|J9ro_xDIt@V0N0@1vLxg(dn zuh4gXS>`p+awX)+H=J~3X{oC9W!q+-<_@fvZx dC*vmO(z1`}H0P|Bi6N|+TuMPg`^NdK{{v%^NTL7$ literal 4800 zcmXxj_d^Vf1IO_^Qo0g~l2MmL8qe*8>bdLozN?$^JQxc|L9pY@YLgbLCd-{fa{}2c#W5JD1cKDbqgyC=ynrm>V^tax1!Bbz*#?GP zYZ4`>VP=tyN+82i0gMC-3xT9-Ktu_cE1)3F^bQzNj=CeR%g`7`zO5!L&loZQALp2e}5(G|y zMpFa~G6*M2Q_*=?riKS2rs}}3G-|vM;GiW4;**n+@pi1nnm~gS;AFU#i{jvv7@nPE zwsJXfN;KPG)FmY7#bPKC4%elD6h@YoVr7w-3O&F|MVo8_oDwBbft)6_T24=us?;#6 z3C7l8Xb`fQK_x2%5Rjh5iRZD*7`EOaRf~j1fd~XnLs%&QijXRkpjj3jOlUVMX(SmA zW=~@gY&aF4CZX%J3Z7I$NO95?P$5Z55aI+pKHMmf!q`N;M283C0XPtxZo$jZ3XvY2 znt)~`P~~t6RlrGxV~scz7>u)ER5k;e#g|gmCPReCuEB{_2nK{>0>kkn4iNyB#Qpc1 zlWByS?KYAei`B`=2s0;)I^dnNpvP%1VfPG6kmn>qz1x&t$BonJ>P@E;1 zBs3_%JQGH0G4cQ=CY&$UI?Yx(nvFFI*pd{rNXchgOnf?u$xcy%r5Kx8!NyxrqW?RV zCqoek2nGm^lb~rzAcMlDsgeA68&}W8LQOJ=-3nn49SL@@#-x+8H3S`uMdXu2ym%hK zsG@^$P6UV{NI@eEY95%3qJz*xBS}ZMswgbDT||n|DI!$*RKow){#OlDsiX>Q0E9+B zNFa*HY7H?VPKe>sj9eJa$>!Lg@jQ#1WD{8_auQO?N7^|^l@sKk(M6VIL8?xx5yc5o zMJfQDF3?i-IEq|OAtt0)7+3{Y!jDU(SuAi03ymRbzyzc`9!=no9aseu6QRP(MMN+J zWMSYyC^R+|z``@oY8I6fK~*T>Vy%@Zl#p!+2C_p##YjXcNF0)^V4~uosaT32%^^ao z=~g=%Z%E;(EU4r-HWI+qD7Y3l%V6emAuJ?;f}+r=DFP@}K@khBLWG@afjO0U9UX0C zT3J-PEm@QtPj_ll9C|trBQ~M|G9i;7Q5(!wJ=P&%r;3$an^H=b;-pxk2$o`iGgx>w znJgB_pxOuoCK<)oYT*=|h{(4lu%r?A2!Mpi;G1+zoihz?Lcyh)2!c=xMI)U~H3Wkc zsc6Fg_NRr@xhgTpY!;AB5I)*Q;}Es+6gHC&OVI;RX?ie%uSZ%*aui!9W0OI8Enmr0 z>sc0wTx@n=v^coTf>2w)Tswymj}+QvHVXv;cRH-`b}pR>AnU|x1%+csB?x&b7L665 z1ydy!t4;wy!ga)Cs9l7iiM8|;rp=&MrOD!z5-M1y#1ZuvxC0jtjR5?QhBX9Xp^%Kc zD5Y60vB-fUs0{`TPZ9uW0F2T^MKf78B$ut!2v8;(&Msmog?gvRVMLl?WCaHh6%_@< z8IfqT6~w116b`D~k?K@nG;)q9nHsOMfb=LLT4q3L6*^q9&;a;(^M2j^eQHeyP>)Di zy?*`(`^M?YV)F%#d)(wLS>DbLk#;e)SoB-*$bGZj>*=zADXPQQFWzO8hBh(K#+=Tn z1Mc%)By-hE?&9b6Avdj;r`*lBa5!LP2K4Pp;?^hl=Gn8O(VJ>w_`Ul+dVL={I$Sxj7wi4^4DbV7{ z#=k+HiY=Lk5+z`X$qw7-6T+hBfPYc7owtHk-~OXxmvGs+k##@6Ufr0zlKf4vqD2lb zMs?K_?lFO`n4F--C@^p9y2ZhV3{pRhSG%mpEg|hD-GA`UwE>C7R@O*gnSl8-wqfzW zuJ{>VeZNH?OL}+;)`Z>5V4y^&JX-DJKfik9c7`(BW7m&HKv&?SJ*u}y?q!~e(@gy& zyuL2Td}{A*uj}M9=tv(%j1luF|1HWt=*SwxI)x~_?D+lZH47hK>tEp-{vco}Y7H*G zBbpg|VlZJ~tB3#nxL;2%xHs3Vc2A5x+1FY3SW$AN=SqH9_6+HX=Fx$x5SNaJ%3SjE z=sf%Pm}NH4by7qA#hjKL@5GlSe^&`N?RkBuWnA>?LVwe*pz>Lv(Jhjl6DB{FoQ^wq zG*Z1eijnu_(C4M&A0Va7)Nh>7Db*|6rIy(JJ9}FKZ~TPp?Y;D*p^o79psjeS2WVzn zflID5e{5bs5SB?Mg|deJUNr3ihBU$Duc;$HD{k$2qH?DmT()6WdDEnVhM=#ws`2+F z#`ke27uiccq3XC%dqI~14CT|r*qgYC;hOe0ZGPW-AD>?RHS^q3ZpCJA&BS|2j!{AR ziWg_PSnWxldP;j@<;VK77p+=*Td~RQiErB&`Nosovjsg`9HmAs_q{?w}y56{yje``HH^Q)jg-FYXDLI1;jT$H>1!7r z^H%)Mizzz$Y5%6UqP4oPx^SJpW$=*P$FcJCzsES~$j^`9R*di2-9YG>^z%nUwC3F} zXEtDiN7mkZ9O1I$A#=EMxId}Bj#0DguNvxtX3D?vWw?gUp0}^75tJ6h&7ymIGnQ`F z{{$Q;9{E}@aRN8AqW$@@m3Jr{UlPy=jlb*-pC>sU0UUb&mJ9C!1U>65(uxNW{^Naf z<{b(VWyKZN$!onnFAwsE@PgiRQioP=>tE3RFt;FL!mR-z;@@AD(X-%tfKN=2{wDq1 zp}$?{(@)5nq4L{2byIov#;Ckn#IvJ=+Q_cTjlTC|_RUV>M6EqsFWCOTW9s;G^H9JW zpj%GGJl9vPokctI-u0V*j3ye-|6+&DV9VP=|W^q;aFTjuue znF-&f`5~M6hp{|6@!Oiqn0JD0B}oZ2F1#%Ewv6vj!Uf{&^ixmfyj>#`8S1|U7*2i9 z%DyeRQT@yIacsovP~@qG_3AO6qIwAIyr>)jqvU@wO3}uH0_(?-Tc1-qp|i^yPDxZ4P;(!DopK8hv#5#r?Ubw`^?PTh=YU z*i#5^0}h@`TtBu(5$SXMLUd53NlsuMzwE^W?b^4B?)S+(RyXfUes-_x#y0z}@yQvo zo{y1pe@McDTlU@WspuGKc*KgoUb3P(qx~iyo(Y`3X4ZLN)_}sCCT#|$PJxtTCZFni znUc@=;2jP+=K9aVp@z|ymWeBt_zmqSe~10O?piuN)4g}-cXN4t{|x8zl99VQcvZ;D z{B65t`>h_xxxVbs#RC%Rt-brtEeMQ$Qa^TnR#l0-S@&9Yp&|jgK09*n^sE|ard!pt z!Vg20ow>=LWl7^ycF86n-^Y8&;o`^lwj{NN4^9X^Cwn!u&2X^QSHL)0opNLiKj}?C z-!WNBd2LbW9e+R2f*paAQtE5EFC5g^5TS+G!yCAH4TZlSCysady-+?^oQT|hc%y6L ztNO_6s(9yQ;nO7JVxMU{*^!o78Ai~QFIrLkX=}1KIRX~)HYW!dH}_YTsx4TQJeACU z@M`RK!ND!qs9z`d-1^kk)`!j6G@7i_D6a4#M~k}yA7aq+zFqBiyPmk=J!fc(aI0^A zq~k$*@QFQh)+o*`&<~yWeBn@^{?Z{o=VreKsCyrp*bwTn=zPwb1u40qQAkJK%y*U3 zBShX66K0PK3Q@~PFTE68sV}~SD?F8Z;F#yvo~KB0fqqRocxMe^U;`}|^sc>jzGq{D?~B5zsf$&c^@@T%{bJkN@MF!s&(J}cZ-KtRo>fc! zxsc_=1pK8voV&C$5MJljckQPH6Z5SM*WX$N!gn1HxdZ#N_G4%IGHEL!Rm?dZ z+GNtVeCYbKV0-qgMc?1@p9@OYZF5Ic!%FAP`r)gpQMs(xm9Wry!#(Ht^x5u7{`|~K zU!uY)xXJr@$eggu*zWzTg(s>vxJ_6v>NY7$u?jeQ$*RVJley#YiC3=gZNxn{`-5AS zGk#QszTDw0A1rK=vNz{oVfbgea&vAPe*c)`y7RiR1=p06kTzE0BCGg5>^QV&*v~Y* zGQjlpbM|mHKJeC#4*b2M+RUT}*#L^*tZg1Wc@KnKZLyYU%Ru=*OPl zaY@GQ_1F0)`4{I!>TktmGhRF3EZ(46hN z)wHwwulkC!VLf4AX_Ch)Z|o4v?b0tCVaa+eAyGdcT*zx&KQVphIdQ&sg)YY9^*NW_ zqi*ZNHs(H)e^&;7KEEz