From 0c8f567a7ee7fd09002c97013f0d4cc7933dbcfd Mon Sep 17 00:00:00 2001
From: materus <materus@podkos.pl>
Date: Tue, 23 Jun 2026 12:13:21 +0200
Subject: [PATCH] valkyrie: init

---
 flake.nix                                     |   9 +
 nix-config/host/materusPC/configuration.nix   |   2 +-
 .../host/materusPC/home-manager/materus.nix   |   2 +-
 nix-config/host/materusPC/services.nix        |  40 +++-
 nix-config/host/oldie/configuration.nix       |   2 +-
 nix-config/host/valkyrie/default.nix          | 180 ++++++++++++++++++
 .../host/valkyrie/hardware-configuration.nix  |  47 +++++
 .../host/valkyrie/home-manager/materus.nix    |   5 +
 nix-config/host/valkyrie/private/default.nix  | Bin 0 -> 848 bytes
 .../host/valkyrie/private/forwarding.nix      | Bin 0 -> 16640 bytes
 nix-config/host/valkyrie/private/secrets.yaml | Bin 0 -> 3272 bytes
 nix-config/host/valkyrie/private/tosave.nix   | Bin 0 -> 2850 bytes
 nix-config/host/valkyrie/services/dcbot.nix   |  38 ++++
 nix-config/host/valkyrie/services/default.nix |  17 ++
 nix-config/host/valkyrie/services/pihole.nix  |  56 ++++++
 nix-config/host/valkyrie/services/pleroma.nix | 149 +++++++++++++++
 .../host/valkyrie/services/secureyoursoul.nix | 141 ++++++++++++++
 nix-config/shared/default.nix                 |   5 +-
 nix-config/shared/private/variables.nix       | Bin 904 -> 925 bytes
 19 files changed, 687 insertions(+), 6 deletions(-)
 create mode 100644 nix-config/host/valkyrie/default.nix
 create mode 100644 nix-config/host/valkyrie/hardware-configuration.nix
 create mode 100644 nix-config/host/valkyrie/home-manager/materus.nix
 create mode 100644 nix-config/host/valkyrie/private/default.nix
 create mode 100644 nix-config/host/valkyrie/private/forwarding.nix
 create mode 100644 nix-config/host/valkyrie/private/secrets.yaml
 create mode 100644 nix-config/host/valkyrie/private/tosave.nix
 create mode 100644 nix-config/host/valkyrie/services/dcbot.nix
 create mode 100644 nix-config/host/valkyrie/services/default.nix
 create mode 100644 nix-config/host/valkyrie/services/pihole.nix
 create mode 100644 nix-config/host/valkyrie/services/pleroma.nix
 create mode 100644 nix-config/host/valkyrie/services/secureyoursoul.nix

diff --git a/flake.nix b/flake.nix
index 884ce2e..7247682 100644
--- a/flake.nix
+++ b/flake.nix
@@ -136,6 +136,10 @@
           host = "oldie";
           stable = true;
         };
+        valkyrie = makeSystem {
+          host = "valkyrie";
+          stable = true;
+        };
       };
 
       homeConfigurations = {
@@ -149,6 +153,11 @@
           host = "oldie";
           stable = true;
         };
+        "materus@valkyrie" = makeHome {
+          user = "materus";
+          host = "valkyrie";
+          stable = true;
+        };
       };
 
     };
diff --git a/nix-config/host/materusPC/configuration.nix b/nix-config/host/materusPC/configuration.nix
index fabe199..b2474ad 100644
--- a/nix-config/host/materusPC/configuration.nix
+++ b/nix-config/host/materusPC/configuration.nix
@@ -51,7 +51,7 @@ in
       mesa-demos
       libvdpau-va-gl
       nss
-      materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
+      mkk.nixerus.pkgs.polymc
     ];
     extraCompatPackages = [
       pkgs.proton-ge-bin
diff --git a/nix-config/host/materusPC/home-manager/materus.nix b/nix-config/host/materusPC/home-manager/materus.nix
index 3dce13e..ee7ed25 100644
--- a/nix-config/host/materusPC/home-manager/materus.nix
+++ b/nix-config/host/materusPC/home-manager/materus.nix
@@ -30,7 +30,7 @@ in
     eza
     wezterm
 
-    materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
+    mkk.nixerus.pkgs.polymc
     neovide
 
     curl
diff --git a/nix-config/host/materusPC/services.nix b/nix-config/host/materusPC/services.nix
index 8b54b4b..5d63614 100644
--- a/nix-config/host/materusPC/services.nix
+++ b/nix-config/host/materusPC/services.nix
@@ -1,6 +1,42 @@
-{ pkgs, materusArgs, ... }:
+{ pkgs, mkk, ... }:
 {
   imports = [
+      #region Suspend/sleep
+    {
+      systemd.services.pre-suspend = {
+        description = "Service description here";
+        wantedBy = [ "suspend.target" "sleep.target" ];
+        before = [
+          "suspend.target"
+          "sleep.target"
+        ];
+        script = ''
+          if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then
+            systemctl stop systemd-nspawn@archlinux; 
+            sleep 1s;
+            while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; do sleep 1s; done;
+          fi
+          if [ $(systemctl is-active windows-share-mount.service) = "active" ]; then
+            systemctl stop windows-share-mount.service
+          fi
+        '';
+        serviceConfig.Type = "oneshot";
+      };
+
+      systemd.services.post-suspend = {
+        description = "Service description here";
+        wantedBy = [ "suspend.target" "sleep.target" ];
+        after = [
+          "suspend.target"
+          "sleep.target"
+        ];
+        script = ''
+           systemctl start windows-share-mount.service
+        '';
+        serviceConfig.Type = "oneshot";
+      };
+    }
+    #endregion
     #region KDE
     {
       services.displayManager = {
@@ -80,7 +116,7 @@
     capSysAdmin = true;
     openFirewall = true;
     autoStart = false;
-    package = materusArgs.inputs.nixerus.packages.x86_64-linux.sunshine;
+    package = mkk.nixerus.pkgs.sunshine;
   };
   #endregion
   #region Syncthing
diff --git a/nix-config/host/oldie/configuration.nix b/nix-config/host/oldie/configuration.nix
index dc64e5e..0efcd31 100644
--- a/nix-config/host/oldie/configuration.nix
+++ b/nix-config/host/oldie/configuration.nix
@@ -225,7 +225,7 @@
       mesa-demos
       libvdpau-va-gl
       nss
-      materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
+      mkk.nixerus.pkgs.polymc
     ];
     extraCompatPackages = [
       pkgs.proton-ge-bin
diff --git a/nix-config/host/valkyrie/default.nix b/nix-config/host/valkyrie/default.nix
new file mode 100644
index 0000000..269d551
--- /dev/null
+++ b/nix-config/host/valkyrie/default.nix
@@ -0,0 +1,180 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ lib, pkgs, materusArgs, config, ... }:
+
+{
+  imports =
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ./services
+      ./private
+    ];
+
+  programs.zsh.enable = true;
+  environment.etc."current-flake".source = materusArgs.self;
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  # boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  networking.hostName = "valkyrie"; # Define your hostname.
+  # Pick only one of the below networking options.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.networkmanager.enable = false;
+
+  # Set your time zone.
+  time.timeZone = "Europe/Warsaw";
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "pl_PL.UTF-8";
+  console = {
+    font = "lat2-16";
+    keyMap = "pl";
+    useXkbConfig = false; # use xkbOptions in tty.
+  };
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+
+
+
+
+  # Configure keymap in X11
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e,caps:escape";
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable touchpad support (enabled default in most desktopManager).
+  services.libinput.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.materus = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    packages = [
+    ];
+    openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.materus}" ];
+    shell = pkgs.zsh;
+  };
+  users.users.acme.openssh.authorizedKeys.keyFiles = [ "${materusArgs.files.ssh-keys.waffentrager}" ];
+  users.users.acme.shell = pkgs.scponly;
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+    wget
+    nano
+    git
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  services.openssh.enable = true;
+  services.openssh.openFirewall = false;
+  services.openssh.settings.PermitRootLogin = "no";
+  services.openssh.settings.PasswordAuthentication = false;
+
+
+
+  # Open ports in the firewall.
+  # networking.firewall.allowedTCPPorts = [ ... ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  networking.firewall.enable = true;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+
+  services.nginx = {
+    enable = true;
+    package = pkgs.tengine;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+  };
+
+  virtualisation.podman.autoPrune.enable = true;
+  virtualisation.podman.autoPrune.dates = "daily";
+  virtualisation.oci-containers.backend = "podman";
+
+  nix.settings = {
+    experimental-features = lib.mkMerge [
+      [
+        "nix-command"
+        "flakes"
+      ]
+    ];
+    auto-optimise-store = true;
+    trusted-users = [
+      "root"
+      "@wheel"
+    ];
+
+    substituters = [
+      "https://nix-community.cachix.org"
+      "https://cache.nixos.org/"
+      "https://nixerus.cachix.org/"
+    ];
+    trusted-public-keys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
+    ];
+  };
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "materus+acme@podkos.pl";
+  security.acme.defaults.credentialFiles.OVH_FILE = config.sops.secrets.certs.path;
+  security.acme.defaults.dnsResolver = "9.9.9.9:53";
+  security.acme.certs."materus.pl" = {
+    domain = "materus.pl";
+    group = "nginx";
+    extraDomainNames = [ "*.materus.pl" ];
+    dnsProvider = "ovh";
+  };
+
+  security.acme.certs."podkos.pl" = {
+    domain = "podkos.pl";
+    group = "nginx";
+    extraDomainNames = [ "*.podkos.pl" ];
+    dnsProvider = "ovh";
+  };
+
+}
+
diff --git a/nix-config/host/valkyrie/hardware-configuration.nix b/nix-config/host/valkyrie/hardware-configuration.nix
new file mode 100644
index 0000000..51d0051
--- /dev/null
+++ b/nix-config/host/valkyrie/hardware-configuration.nix
@@ -0,0 +1,47 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ lib, modulesPath, ... }:
+
+{
+  imports =
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; };
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.tmp.useTmpfs = true;
+
+  fileSystems."/" =
+    {
+      device = "/dev/disk/by-uuid/924b1a69-2256-444f-baf6-d2d9405e451d";
+      fsType = "ext4";
+    };
+
+  fileSystems."/etc/nixos" =
+    {
+      device = "/materus/config/nixos-config";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+  swapDevices = [
+    {
+      device = "/swapfile";
+      size = 4 * 1024;
+    }
+  ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = false;
+  networking.nameservers = [ "9.9.9.9" "1.1.1.1" "8.8.8.8" ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
diff --git a/nix-config/host/valkyrie/home-manager/materus.nix b/nix-config/host/valkyrie/home-manager/materus.nix
new file mode 100644
index 0000000..8dc78c4
--- /dev/null
+++ b/nix-config/host/valkyrie/home-manager/materus.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  home.stateVersion = "23.05";
+  home.homeDirectory = "/home/materus";
+}
diff --git a/nix-config/host/valkyrie/private/default.nix b/nix-config/host/valkyrie/private/default.nix
new file mode 100644
index 0000000000000000000000000000000000000000..f3fe10d9f38a161be1f4534eb17ff84fda99b4f2
GIT binary patch
literal 848
zcmZQ@_Y83kiVO&0II-;|^X1QPR<3h({&gvyWh>8wlTsHmX9s_2G?tPOKYz3Ay2ROD
zw!cR%N`_w9`r*v&(n%Apn?)*VZ$HEKEssxoUgF=t-#4dyxy@Fm(H^~Of3%UW{>zxO
z=!eBOj-*~vnXGA1D-kRqlEajdInm2I<4O7J*4EbMLwfm(o`~ypN&5$^@?tpu@TS+J
zU7>xMi>?K25MCTnRCV8q=}2V3+=UIz+uocD@;>??%uz`2{Kd-}zW&!(MeJrB$lD|-
zenfIs$f3@~UwE_9P6hv5SjyaQblE9KXUpIE@Oy{6{!f>w<$I_V|FWo3(6(Op-nP_+
zf<=x&%lCcvJX(KT(pxb;bWXeN?fV{a{85dUKTI&SGrRwMh7hk=fAgZw37WOtQ&smZ
zVUwJgrEe73zu7_W^_=d<jM}?Zmz(J%?=uw&%6aEAKXLZaZ)w`KPZjI*_Ix`(Eybe1
zB>KUU{7*-+Kfle0+n2s5)^)?m<xHC%Fl&le?S6i@;9>vtE6T^6mD_Eet(IT#ui3$P
z&H9k*3x6G1tFphO;!RiB%)>v{+C4fvnJ;1H+Np=yJQ<G5IY-K^^qjD0t>OC6)3;{V
zU;g3u-6ir=g_3~%wT7wU?yp!&Wj*yLZCq`&EY3|k(9*VZIp@or@|V&M-7(DxRo~R|
z=z+P)<B%^CPHOzB`on3z$T9qTO#i{g3CuFLrzFid@Udf-U;FZ$-UW|Wi91iN*Z%mQ
zV=KGMtm|LSvmb2Cp2FH^(9p@^*I!gAH8(s;?@hRb*T-*nlvs2<(vFwTpX0gVd*;un
zMgKR--`=}t;^zF+9u;n9Aq`cXrPb4RHeD;0Ot7t1ZDiE4j||eN=n*MnSSjqxtY*A5
zMB1g(?dCo!E7#0W_Lp5p!a}tk?YX*W`;_BbFWF7D$~;&xXWN2(`#15we>U%x+r<|<
z+Hb7vPzkFS5HGtXQ}N^S*A@0FmTo&DeIci++O6^7P4C}1v*%uYz<lujz0@^3vt~zW
zuBhC!e8x6~30wSKJUC<4Dsh)+re_}h)pf@H-{p;#yMG_JDt7NNSKdM~(;12mQ>Ptm
z(c7Kc68()MJ&8>+;pyoG{2UxVOr->mu=p`mY(F_$Vfx=c^E0Khv*oh1pXHh-&6UfY
Q{6TbgZIrd8`JA_J0s7mZF#rGn

literal 0
HcmV?d00001

diff --git a/nix-config/host/valkyrie/private/forwarding.nix b/nix-config/host/valkyrie/private/forwarding.nix
new file mode 100644
index 0000000000000000000000000000000000000000..504fe58d668a0480af13c403b7851cc897d3a49c
GIT binary patch
literal 16640
zcmZQ@_Y83kiVO&0@csHiE6U))rJ|~+eYZF(%<o?OFIBnf(9F+suVv1QQ4sNX@nP=W
zY72!Oi+ud{u$snlMIBPo?%%zK)!FxIrv0q_>r1T`{<;|w#45gsS$g}i_Y)Mqx$}$U
zvoB>WWcb4t(x$I_wMYJvWug6R0Tqc~&yLh`2v&S;+%q+1@rFkGzKA;pT20fp?=$t^
z#9E}Hw5+PdVO3n(YSy45`XbB*3L-Z)Zi%g^ab>J96nhy{w3%rwhkdM4!5ub!)i%MU
z6DB+9w`{$;x2}M}uc+Vb-`g3>c3PeOd$27q`AiF&eenIH9rFTytuhm|jp6DR_`Cb@
zr(1lkLTeoLZlnsWFa40gyLtW3W52s)4zH~#HOll{wtc$aWb=z3rWzh%x$iGG<pWp!
z)x&d7s(*TaZ!_=v<m}*%$5T2M$VC+Q34HorD}HlPC*w}{nTI}alUx`WvwZUEEpE%$
zk4T)X4bt<=y%z55!POY~yFuln=F!g_d5&&R>J-YSD-{~)uFRToI(W{>3-PTbxexdc
zPn*EIy72$ndxgi&ZQ~dA*^wivpm610`K*U~kCsUM<-c?JuTP#ni(db;RZFj`wsb5o
zTH(fQ`}2d)l64_`Za=)9YjCfbz`*_A_kOtlud*MljqzVOMU3`+Pm>cgo6xqdfAb=v
zUmg=$=UOLvxa4>pjqxdBnl15f&W+l_$ySPC1=0J?w@hvi+qZpF`03N9^X&hhKJ3%9
z|KeM=v>(}gJIgsAuQKU)JYniHLla@6MK5m(SeYI9zmqY2n>?rZnQ{k<&O<heC+DR#
z$m;K3VHf{{^YWX_{qv?Tv+!BRojWh}+Kq4BNjFbyN(_rj?PBQ>P)(S~G4IpX&`_7t
z$CVmoM3&{)+N-XaoqmePW?xuH<R&F&v75)kU3TZHBna<2F}3-`)%H&t4uuB&c+<?2
z<E`Pg$91VlcY#epcfsaNFNRGbJEj?Y*O=)hEtg$c?{n;^*@yEQpKlxrpZ|QN&dc>h
zGnL&16}4_HbKjB1tJLV6+P;FftJJh${)@R&R&gXv@I7{A21CbHjz|xMg}gb*cBPK5
z9z?gTTwv)MX`ORaI%BT(l)}{q+dfR*Z?e`jLw1?U&Zu@KZ}vEb=@QR29o3k>|I_uH
zb0XOe8#IIF@&EWUw@`k<M47UuSAVi9Z1{b;%yRn!OLtbAd6rqCsV^SXFXvpG(vx}l
z_TBkvGXtbfh_?03m5SY>GtDGv&dU8MGny{($#X5@l3vSyIlC=ba7%2Czy3^vyCGcf
zx7eJBw7z!vpTIN?t6jn3p2ti*<ah6IJpTK~2JL_Ou8P-<n|97h*{CDU!Vtm#C&rC6
z$((oJgO0yvF1|Fr{QJbVkn&WWdv2_zZ5get8|EzUJm<}saHe>N|MumTGxrKaTPVHu
zUG<=+@^IYmT>X!Z&Fs+^TGHL->AiWVH*a6&^hMitH2+)Qx_X1mnkBdOmTi_?lg_)N
z@n^f<fzaP8c>7&E<b-YspVlrj>y?_cTuyafuTlJg55euxnf%qiC+I8;f3Z&5s4=_6
zQT@6l>o42Ok3PjQi%m|Lx_Wxuk(&#4YH6?G__gqcK+R^?FG{`P22Xjmo?bU|-;>Xs
zF|M~nFFYyVoVmbzlCsVIttafZlx|+9$B?@I^!ptXH(j`#n4@#^R!HB^N!11>^9s6V
zxqmXR&XGzhzY)xQaF;Ce3KNBO(!m?fXf;n%;XnP>OIOlO{fkI#Z&Jm^sU?ZubNw}B
z|Evny`e4V?nDYrALMoR##7R79m~Y^D!qsEdrah5d2V@Q{S6*auEA8yAw9<bYr>yF_
z6Y=iXvl-Dn4BXRi8MJM6dLz`Nap98m>n-a(eLAdoyL4;Or?}K}$Gj(BeRO0^X^_M1
z6IOik(zjzi&z4+x<St_q*WX1OKO4lBZ<fqe=S&FDd!wjX=zcECe*NX!w-}q%1Ty*@
zUS)0$mS@|{`upKDp9gt2)?VA6rzgCmSL<b58t>xj7tiOFPPgY5o)(>va6$Q<_(QeO
z2+OxmciD(8t`V9mR>`V!>fd{=M~#=Y*4<>?y=F;<hE(H0W>rPMCp@pW#;E8O{X4l|
zVrkHXDFKsWBFjs)?{$1<m$_`h`kVV=nftn0^LKe_IVKV;5q6DpndSU8`%QbZ)7gws
z*)Vi6OQwIyl+d?5pYphur#>j<nv$)Xv-S1fjaPe|@{b4kytq=KdUFGN#=Vx!{Rek5
z|FsNFy5M=v{fP3;u7dx!R<ZbYxZiWAn7CiP>hmf7M~&a6>}Ii@A+K}GLG{i(f4e_x
zbUSYZn_v0Nl)YY7cCuKmYu28)XX*D1Mg0D}(hWE3X^-!`yl><Dtuiac&n>?Y^`(OK
zu!z^>1o^ktcA>LAzKT23y(`k?Ti)Im3;aZPE;V?R;HN*O<<%Tk?H=XGISUW8n~A7C
zO;7V#)3Nm|!<kJpFU+dXU|6B{yMvYUsms66&z|r0{hG_Oe(w@i6)yqx<nwde9k(@X
zUn+EAV%4W}=HHI98dYuD_+vrN(TdgIZR6H0Wb-ppJilO?+}7}UEjDlX^mId)E}Ckt
z{N(1<+m|!f1g(Cvdvjf+lhaQp%S`V{%Zj!|wwSq}(ptIHda};Nr$LuYwB$ctUT!3p
zXKK8SeHZshL1W+5SAKh$UROx^`XeCi*`X;GHY&_l?t~<`eU`oR{>y>+%fER)eEUgj
zxwg>1eY4c+=h_PA?x{OgT&?TB`$_P{2MGc9#g}aioX{aDv-!h~hg_Q`u8E2eJ9T2V
z@XzNCI+-b78#mmV{9TiW^<J>i!}3>?Ul|1)4LbMa;jXCDyk5U*H6!Mlq<y_qemY|F
z^IN8O<|;e=e0JyZ3dZdh19B5P^xn>TbfYYeK``;GK-DwOq-DRDuiSX-_u)m!`h-bO
zes)cH7QbTNHdSwz;&b!-9b6yf$EljLI4iMTn7y>5=zP<~iWkir^A$4=C!YRY{?7m1
z^$964Su6X~G+F1~T_5p4PKD)5)%E@NAHCk-W?92DzjuCN;FhIo>y}xc?`3u2`mMww
zIcxidu9FAW|Gi|BvsT;p`K6RYe1-oPG*+C9ny|=4$;58e?S~J~Nt!gZ&16X5-Evhf
zKe}Aa*<J2_!>%2_zKErrFRy2ky?^_0-}dcZyRL7EvF+<@5$T!6JmsP0(fijo2)3TL
zG3RtSy3$p&EBU^n^qO?FR~$JXH62}L1I<!d?jE1+9uT+w!|O|C+%CKdb6&FE;Cx*a
zdd+O#>r0d7Nc2UVG#1}px3%Vy({H<(m9DQ>EKxC5+%)&0o#z6j56$|mk4=tP&;6s<
zKgG2qBUooT_nK!MD$6$ZM*W<AXQ`*$nH<xL%N)5^$ornE3_N&Y){Vb^l8TdL*_V~g
z5_ERbIqN>d&taRmZ&s4E==oEVGTd3(*4k^xn7MPTSeUAr|5U@I`;M6U-8)+{IQB`r
zaP!m(KdNT(kY7J|`O?@g@84fO^Xs<8-j1%FC#J4SoMzP|yg4F)J^kdH^ruSc*Gwcz
ztOL@IyPvG-3#@X{zj-ui0+)8SUa8QLu7h73ey#O8!na?iZn4;IrNbHm|69K^)LVEy
z>(X?O-DvVFK&DRqQ^3aBPqV*iaRjwVZ!<FZbGTmbf8^S*gUeV}i20UhFh0CHb?M8O
zA1|u$^F-VDF^Fa?zcPnmo5{paCISa`F1F|`-M+{B_4md(hySwt=G10-t#)zh<{Q6e
z%#?4kdABdFfpPM2v%A#}GX<I2KB}Av+R|eGy5{hNwFh#oSoIZo1i8HG3wK`rm9}l;
zaicr`)UM^v-I2C-venB3H_wSnSE;(hZ@NAG-dlqjC%xE;D~X&o8(uk-<_jOoyEey_
zK}x^<!kG=5yIj=-*kgpYFS^emq^%>;)%d(j`sMExVf7aZXR)(>Z1PySX7-*7s!>@y
z*Umj@3tqbX(>K{~AL@)l)sN_Z@9mZ}u&}suuxCR{kcUpt<6U<bL@RdRTc{`^zvDN@
zDptw847WobM|JU5aej;0K3~XUrt>MYO%feh+3MPHf0tZUd--n3&)h4!4?0ymo+8<@
z%=TPLRZQ9huKDeA+g=DgxZL6Bbz^_vx4)dhCW<AQwjzbTPxpC8souUn^>*H(8Lw38
zidm%{(z%!V1(cY5Z9I1NLFBa86Bz7kqj>EPWGT*1*R|*AtgE-0C9vV2W7@GPV%9VE
zeoncPt2fay%Xfa8^2<cygWG!#XfJ!i@-)`IJBue(e^c}xsTrrtMT&nYg!Ws+&$3yQ
z^!x21g&K~N*|!rvY}bl;l)0xrd}8G4S&Yvu)*YT^z58iTO0R*Ix9XXa3kqLX-0Ir0
zRjul4dgFFYgUKn2>P?hW{^!i|&->!Sdc&>a>WY>vZ-uWO2|MGwL7%b5-$~c)n{OrS
zChv=NDP=mUn+xi0gl;}M@!`*F1)WA**IJymf6^D-6qxN8%hY=(&^qJX?}bmaP8{k|
zh*e@T`hP9hTjPjeXx^=6-e`^!Cmv7zKlg{-PtS9?*BtI_=#TYzu_yIz<HGQdN$U@5
z&n=W<myc1iJt=52M`p@Sws-OgH`>0fllfq?Hu9|0r|N^t6h9<=QE+s8|8lOxJjuGq
zO8-AmJnEBv%`7xH$+>ao&GKDG-FIrwR-S9|ywgY5b@!3P9oo50E0gbRUXin5hE1tr
zmvZFi`Fg*<i})MvyZNojG-So^7#Vgp@0_*U*T>nMd~&MtLEuZ7d&ep)^1tm^*Wp*e
zuwv4c4Mp9rB6y2+7(*uri>)`kEbu|ZI*0dtt%BIquTNFY_9t%)IFLF0`V)p7We%I1
zHuR;vX%Jkh&l&P%Z}8fyTm3x!9=?d3_?r76<GRyKbIm>ruyZ}#za~C;{%z-!BdM3>
zo-x}m?{B-^>3V|I<}=d4yuXzGxcRQ;^{VRM*ziVRyHV%m{!gl&|8lQ=ShrfmIOX7*
zXFDEO3EtgdCzbYD{`1#eH~$7yd|Wwo&JX^#uTruna6J4SE8}dveAZ{CTL!(3dAq*O
z-FW1wQo3~7m-u|9GnSVwBuhWIBqlkZdDe?-SF*#oT`c&{+?%z&=ZY!=|MJ7nx0SMs
zDnu;z&0YQL+O%@#@`9@-zuK9v8f$zxu|{pj9Z~rZ#r3nh-&-$Gct4jX)9%l&U1e<L
z$Gw*R_-O69{^tHQp9KT69m?IJzRExCyy}v)$?AIpgSgzy%4*Hka^;;{PpV&u)k{9`
ztwZ3Wl+_Lu{%cRaEs@}jnkITph%>`ZGDGk9yPp~kEMFRDKS<#8I&}M0boa{2tqM7h
z!?P}g9a1vN4-n0N#{QGp{Mh2kSLYsGzR&y6Rpi2>AD_EKzAvzybTD9-h&|_TcahRt
zpE8a#&r$zzFh~8!wRuj3{+!RxNxd+W)=g7<ceuP@Hm|v%XZi{rF+uG`H#TQfSbpbl
zn&aYks#NimgrntlJLA8rId`SA#XLWye*1;bMd{TIce1ANg+A9~yAjZHbr;W;knQbr
z{T`@FJ1Y1TZBcS`uAca>@6?^#$N6gyZw^0p_4TVh$I$++6AX_}2jA=n+c0Sp$JXA7
zGiw?bq+LC~A%5BC<L?ZAyF`5ZP_r|SKg49goIfE)ma%iGZJ2VtEJCN;LErVB(-Xls
zmKU3n%%irk%>TxB()3T<p>N$g9)6kMBlcAG`zF2Da*MS()-%jweRKTwrCkgE)lWaw
zez-ksD*vm3RIPl2v*Nr@I=5`!oqVBTrutj?`ioZo%a}sXKl;9L;|iv;zO(mK6nEQ%
zuMyI?KUZ^0{*9chP?NBE`c6UmE)x}^CR?q)>)w*^_3_z-YV+Neyfjamv&8;({QjG@
zb2w{f#oar3YRdh%DIdFq;!C|OYSwALuAbM}u<5y5VWxvsm~}$+KThHBj8ok5EGc{Z
zEEM>XEYjlAOAIzXoaFC!Y;RQ5s(rj~H|7;D>^!$L*w8$nbMk|C_x@U#Y@L78HD1yF
zk<Y;eBI|wFw@#K3ot|>wXP<x5Dx-77w^q#HD5<&{FHt_@J=<g_LEEVF?loI>nI>!v
z^Rd{zI$YyfUUzV>_Vf(`k1lV&^Vrd@^1b%!e=9FWoo}#Xy6a_fb@^xIYfVh0-#Hsk
zNVlo{dnI7&(D?I)#?;MW*R@xDI_6*JdOzZ{!K`=o=hP4IzhYrrFp<CJ-Cf>Exqdlq
zW$GcHTDhcs{vKml>uJXS$K007<lF)#V<i#glROXP(^hd#nSDYj$X4?F$B7eW)o-7-
z!(%ynq)38YHcOPN?Dcl{*bdRHiN9C7U#zp+_dUe-^7^nNFBBptZm^wb+x1^z<$?nK
zN7~aj@_SEeXFF`Kcsl8^-_EXz%QFSfNVBf8X04Ur3Q7BYasqR1x7)WJeG~aa49-sY
z%ewW?vv{YX4u95aDXYEV1>L`<%-eMEyrO&j?`2GrXNztK?0=zC5q7xn+0`vicHK8z
z9BxrpSa)KBOy-O?oau4~B^Nn<iLx&4XWjYvpx6HeRaMsgVgmp2B>eZ@f4^((WFc17
z+H+@0W_WsCT~=hbOD^w?acNJ!aEa`beI+xT871U?9(ws|SJuLWb#+sZ^6IoFv3=iV
zVzbt9BA4Xx)lWJ5ye-T4m$U6WUh-tpKCiaw;LODTd<`+PR)(+HzwOF;rAmuA6WfkQ
zGR{0a&GqHi>^hxdIo*@*SKhW?-G5MZp@B|y2fx~y8%7UjKHRXkcrMe6A6#D<>i$kj
zJaEfBEr{(4M{?Hl8#5H2Gzy$L)04FB)WO`BD+D)W&b8mxxlBXkugR-P_KRa=78I0~
zB^}*Y<9S5Ojp34^{nszNDZ3n1ZUzRa?|F3n`44mHgD>4RJ70b|>&Doxa#q{?`NX{B
z<yTAQh;3$>etDzau_b)s3l45sFtJKHrg!Uwzh52KZB~3Mnsi9V=jK}-k1gBz_Y2!w
zt;zl?ve<QMLs*qrUNV>IG(Yp@;ZjZWr#$|0N}-H%D`(aPsY1O?$;WlXl4?z4HfYAF
zOuv(PAdy9^_*J2pug{-<(h^7aHf;E`Wnv1~ygM8_<uhE4aDEAR_vU-q(w%|~2j`rg
z?rc6ePgUY^*6f0$Nm?Z`&2piCj*2aIl@U8|XKKbA1)*KFmcniv=~6OzaY}oX-^`y8
z)x5<<(4wj@qc!7J+J%6XN9y!z9=4t;Q(bygN0{y1w{t9#M;I<&zqCk{W7}S#{Sqep
zUNaAcH27+;`8z57e_XlKwz{dS;_KlOuI|}#5h=A#gS=a%-=6iIP_|&pzR$kvPJc5}
zSR<sjM7^BL_t<l#y=o<5W;2?~e$1Esm2SOjV&AiN+2Y6N%O*TOs*t)}(MtR4p}w8_
z?b~!XKUq9V{%Ck|uj^H<>~|Wh32QWW`E|XL3F`<wJ<a^?%QXksFWD?HkXkq`;jrcM
z_Dd5gR07^iZeCt=Xn87UYMR@@xY`AW?RV{b8^NyhXhEpX_r7?C$gMg%yTc3ae2uzm
z(s!jGXwhSbJF8sof8KG(;&O?PGRI%jqxlV5j*nKHh)iAbqE92PEq>-j=D&-U-iUhW
z*}2_+KZl3dSLT_r%+E8$7GC|d=7!WP>1+B2GXA~Q%@2{}GN1RAZ+hw_bL~Fn(;Jye
zERQ)xpF4U~wJ3Ae;*v_CJ-^;fl;)jr*jYMHM3zm=%60K{rixPTTGPTydK;u{6grQ%
zes_6!_f7rZ=f^admdgL0V|aJ*cf}*t=j&@L0*{~kd@w)g`iUlw=f7hl*p<Z#v*eCU
zTl2~)`$9ak)@I$5hHW?ddC$HrnO>i5z{7BGnT&<R*8I%@lYJ~>jy$@o6yXvd{N>Z4
zuGf#FIbA;9Hx!%5SLXd!ko)bQJF^WPPHM5WpIoJ0`i`&tl;!TT5@(cowGR|3hwR?T
zVe7x^hf>)a<Jo7LbrvRw<nEYU{xA4MLu0XpqUlOku9$@^{so4wFFxGD^Wqn4AIn3}
zRWq}jetr9z^V|CVBZj&shSzpv&)Kc>Z%0Y@v~RC`Sslxx`!?T=={{4Y^5|qo*9Mad
zA1+>T@|-WbV@m6*Or~cm)ITi|*?RJ_#T3E1NeA8?m1{b?H>R;ceNN)JJMtwNOLG*Q
zPA`0Z|7fdSjdIH0$!30c=1%Rh6Ix)=7xMl0(!{HWwz0JT3GrLiq&<H%PY_Ft&GM+9
z>jK$6>fUh4T>kc9Dp!~tcf|THQC}_;l-g_&KC5<cf}7vjZ6?>1Zr1IPYEAdwH{psw
z#ll}r%sLWYYgJohQu^Yqy4|e^DxdGLGa~+#{G}s7^PL4}G3OV$+0AZDNDwZO+}t@a
zetx-Cr&;=n_REHcoYw{mg?)dbc7t(`r=rKbk1I~L8|>De>ujdFbVA{+)~$ScOr~Bo
zX|tU<w!TyB3tRKtLT7u**~!xXV^v>yTwYL~^XR3#)Yp$2x2Bfr-1+RmxbIT<=Sczo
z{%^`(ab`;gt3l(V82x~dBZV_h^UidB_{FIFmAuRAQ`L@(odwt4)0=Wn@yiwScg%AF
z=4NipeiU~*K0^P~Og&vkS?wEg`ZuJUXHPg(nBB}cUHQO^+$zVFa|3G~wwe}R+jHOM
zzH|r6(w>7~!dE|JYxwT}+U5XPdfXz`=~La3I=)IP2G4e}+|rpWVINZv=cxMr-J2bs
z*;>yp4`RK-e>?wWuI`En&!^2fxAn1t?8!Ib!k*`}WLQpFy<Yuaaawm(-m3%uLqG1A
z6xn?J+Vai0IcIcEiuS+P5qLYF<M5NGB4)EVJ#~em<>oI{Zu#`0y#7+l*7wT;GiE5B
zRnCnPdeb^Tch!m}*_fC2f{$#yzOQEKrJLmn*`IFKPFQt0T6p!=llF428sg6uE81E)
z8E`+ny-kO?eY%0#iniMg>XYqNj_oSFT+d)^Sa(lnZo|w&F*p5Q3r~Nask35>mb>({
z549?RUrd6IvKIChZMii2%kKU^r+-aI&ibS}S8Q1^-&yA@7w-d#P06QD@Dz&w^>58P
z|6-f|7Ok1y2agzp&-x=Hep4@|PtjGlV*gIQf*6|#U0dRwGJBni*u#0FB|+lRb7`)R
z*>C>pRj!%fo!9kZ%lhP_zr@aNDA=*_j`WW^MSoId;+|ya98nfO+qlbB@O;n0)uHDc
z6}L(<aqZvoLvZ8f(^|J~vA77h%$WN0!-R&2#!_`&?MK~FC4X-1R^yFv%3-mdHoN6y
z*uTXtbq7|=`QX#?<mHr?I}%?k4E>&_Cj9E4QTLjv-bA75qpxqB{PRxX!ts7#*AMFh
zm;F=qHTm_+zS<?dux`$h6#uRqzq8COdz!5@DiwEg#h#m75*Nyq_kvd<aN--|x#ews
zJ@zG>3Hyv27<SK)S@>|(&VNy}O7s10Kgs><8pH6n{{G)bt8Q(Q>(h|_Wgz@uvuF0>
z<*On-+jDPJII=6^W0}jB8*3dJ$};Vibvi|F`tbbT#m=3=G0{z*>z|)4oqce}>cH7?
z+t%-zKdntH*SN#)<F$sC{3Ul3LbnOYHn9k^sRnNQ5qT^0NAK&-zpK4hFRx5qA9d-^
z0gi)p6Z_>wB2x9ASY)LX%;>PPaMIv?Cch+7b&Znm`jiI2){~z#A1^kwQDV%KPGMzD
zu+H%I+`E#~w?fV2L-@s{hdx|>mWf?I13x{F_&32~Kl_V<Z+33Ca?MsJnzF{2xM>M3
z=MzvpCRejalsD<4%_D<LOFz4{&q<%K>hj^4r=MM3RQY`A6oW3m68?wLD|gH*pA|D_
z&*Y^&&E@`$EMJdIxXEyvh3~D(mBQsQZ-P&LIJSJ@!k4;6+%>Y@8me1QoMt*BmJ_@D
zr1s2`wEMhI&Zh3SKeVE}F~_Iq)wx?|UN(H3V{oBZpZ&PZzsXY=E>68WE!rjT_1ft&
z{#^xY3&c+duAjT{$mXznPZ>X(UAY>0{oCz*m)abY8V*!wd^&SueXvSfF`LYlrN;uA
zzkV|jUM?JbQQb%Vw8)-IhqoNw!Vumv>p|SPgzFJ6`eVKSAE;XB|0nP3YSBBl8Tckx
z|I;~d*2Erb^HZ(qmD$A}p?yb`-nvcRKmUpH!40!ndTc_@7fh?w+%S8qP3|+hhCS}K
zu4#F;+dp5h$<n@Kv1WnXVaG2ve{x=R7uR;?T(SQ-t)~B>N==647yA#4E&F+jm1eT<
zQZ!!>v7jSTEUu*T5>s`r>MN($0a7eB)9yF5i^S$VI=ELO+G0y1L)E4QFTAp*Smqw=
zoV#`s)6y4DZR95XTIiS1wI*wW&~f?bTM{*2L{;6*^;5GL3Lj56^hD!i`TZHsEUMd<
zvwoQ76s;pJwe^SlagIBVeWz{bW>h7~u!;12+`!*$C)>tYKcy#ZvH2wy4d?xrBaWzi
zowSGT=JXeAJGLHN82y;9?A3(^?MsJe%bj5`4Y+HNyMOKT%$>e@9#Om2XURM|ch{VE
z=WdtjVt>mY@h`To+nn|F<<l#D?S~&<njjF=Q`Drp@9ndz@e{3Qcq`9Pu211;D*U;x
z;D5eAdB(-f*Ww$}_s&n%cr*1{Y@%)L0;6zCHYxrMmn0;<WI7ck7DQAAB_-({Q(|kY
zt%`Et@S1D-ro4Ln=_CJF$W8mF_9K0hmZ5Y}wa`r4Eq_*={q;V6_BETMx0%$|`&nM|
zPSNiQUbHo)<*}9j!hZ{#_H!po?~JZJrsa6l`tFg*>t9sO+h$-<d+4h;+s%!K-1c04
z$|-udlG82OT5j_5%?x25f;gM|pT}`spRdEK{d9S!U+Ih!TR97y9=J{M-F!7>q3u&!
z#hXP53kCP8ePc*{)Yo~!$!$*t^Vvxa8DFN%s}sIqYHKO1RJEvJ$A^3tR@rkxez{M!
zb8@Z<xggK*hW&Cj|23nqwziWV-@_*@cRld6HPJ+GgQ>j<i&1l_??N3O-K9=D|32jp
zzr>wv)@F0zTJW8@Oa6!@n{8b=U5;&fh3osPZ%qG8np1yQti#2cLniv_^B)37x>oZy
z?vLYfnt0NF-p$<`bgH%`Y-0{?c8cWmsVZnF+>ukJWwnE;tp8@WfAiuipA)<nG=ICe
zc9P@F6GhS@Y07ek{L47crQJIA?YlzzjmTdM1?BI}p3!WnA=(r3^1JMsZ*R^;FW8$`
zD;xHFYfB)bqw*i$Q)yFN-T7VbIV=`jv?P80m9}fjY<EhGlRZO>Vm&79Ip4$`dnxQz
z+AQ}UJZq-in|(F?UZVxijZO1z+JD`CC_;MjUkjhxF>bS-y3Azw&;8QIQqs|Ot<8jG
zYJJ&f@BS?{<dor&>~=`mQCQ92aK)$NU#N#`qFiI=j!XZ&c2+aK{rl#8i9^i#jcSGG
z<x35AK5&ZOFT?!7l552kt&c0!T2Aif_PBf6;dtlO59+5bi(S3fpC(o*S@B?kTI$24
zlY2jeWf_;(KF`}Pr`90M{rZNKllzPNdlocjcCAQO5}GmJ$W-B3Vphvig<a~6P4YpH
z)p(CxWDlD+As}m_T<g|b9@#Ut_&xhN*)7m9@7_9Fv4>4QuP#0;Il`ZPcJnRg2mXJP
zv|k%s<zE)~#FKkfzi8H^ot+ORTHX8-?H2m!rcX>w)#lp6Cl#`~{y+I<{Ayb1=Hz^q
zk|Q%rKZ_jSpYU$3hVT^eeoo=TZaNEdERRV~zY`(<e?`xfug70Kn`X+nmG4^^b6aVB
z!r=-(%RH0f9xsK0{JfHSR{LvPmp}Kkd@+5-$=<BGo}|O>F83Ju>V5lS6-xj4Ki@KK
zdU1y1A$h5?w2xa&{EN3YR#={~T;g|p{Skxjq5f^#J&wgOJZJhclYN(Zz3>XBN&Hu3
ze`WJ^zWl$4ce|za^b_-iOQ#$6JJxgU=A8U~d1Z0ct0O)!YD>9xPE9y@B1ByD@rTV1
zRh(xZJKmY5TX1SdQs_F_r&=#-0{EUrZ~7Z@HaJ24fr~y@$NbQnyVsZ9{>XiSC2mXS
z`ID>_Lbh}CS?|w%7^smmFMHligZGLiJ98OhPVf7)?N>o+#K{?FnU=GZH+}JW`(XB)
zSSj16(?|ZiE=yVNu#Nqq`5W69|Jiq}wr-5Pw~zCZxue^OR?YRRx{cn1#TvejJea0?
z`71-;Re6C))89xn7DQDmJbGPhRr=5Dd3nU|M>jL7=RFT!>lMTEWBPJ~4ZruXJj@T(
zc(VAS&Fs||PX5c8D9~<pbDh`9^;1+9-fzAtutMNTZF6?#gr-OAB1&tSXWLrdl{fI$
zJTH>i;-<^rwRUn$Qd*E}gQ<}~*x|df|BH>pVwb#IcU;PUZr^_qvz>+4CoB%@(2)~9
zQaX8YL9NBVy=%pES)^v$#1wn%ZJIPs^jN&T?V(@G@BU@3`<uGIBUf$muK$@50n!(*
zKM3Y|X>z~tw!Xk5yH|gEi_^3x2PjH@zE~jkc*|Tlp|3VNZ`ZKSn`0vRSNy|<y$t-)
zmoH^Zcj|k%YXASG3zXc2XKap)UHU^{@0)eU;(Z^>Jqp|r%wwspb;fGt5qH)}Zh1d6
z4?j-ubN#(w_FdLp{^hHFei7$>wc+!14~f5CqWf2B&XNB<efit=0JX`6;v2+#9BV~Y
zKXRU&_-nzA_1ujb=fBCmxGYiFa`WYkrM)iaLYwct^0BT=zMOb<&Emq>$-gAF>o#3l
znWMk|TVhm|OJi#KslD9Z;%8R6FJ12(e$@Er%j0YokK_s}q<-E%@i@BfMBDs?Ka-d3
zw!JNX{p5jtbGySd9qa#F`mZrCdFopm%qtop-0)L}|B7!^#9U6rlGE3ZS^8+}2ZbN!
zHJZcXJlpI4qS)$f5{X?01DG#P<?61;D$y60eywVM<r23mv-KmFpecm{Q(vDnpEqxR
zVX^3f+Q9G1oi{iBI{mCi@Y~nsmWd^O_wwATT<)FPbGCbJ!E9NP%Pz_b1QLtH3XX<u
zPJ7Dk_*_hD{;`1PTw0+C7jw?_9NAW}<8!X`?boO4w$=qaKiQ%kcs*s+x<bWsQ*G)J
z4%|QXS!zb+RD0d5Bh2kGvX2e@>ilOU-b=bCw#cnL>Gj^CcNs4qoP1hyR4i=W6NA^j
z_bk}=HuHCKR~O3}{<dB}{g_mOaG<l5ym?{Un^h^NtAkhmxFO^-DN6E_!k2Zg=Pvni
zammj$YF}R+z5jhu(#p^2(T=AMMs<rv+fEl~s66bpEas8!iR;2C1z+YKVX1hpqk8Vy
z6)9iit1|_k1r)v6VQc#7^GVr9QAXkVK8pJ|e_S@RSZeah@!aS4-$ROi$@#8rf91Dx
z--ZOKo4Zu<Z|!&N_Oh*6a!l#ywh1xsj#bN?iJ38VO_S&RU4bU|91O!FxZX`_eHe65
zCc5okPt4X&nh9@8IAdS4ZV&OexAdH@BHxPgIfpOTyjnl=;XChx)6RdJF?I6t3_tDN
znO$;1+sc=%ed_4-qk+La`p&N{{}$cV^0jw7)gr&RAaCl9if5+pH(U^0G56=0xu%yQ
z?aR)Ho==>iaWP%|{Q1)AI<aJ5*3wg|3xjv<oP1ZQqB};9x$$N(<GhRScyHc*XeJbC
ze>rCJ!<>w7J?zm>yLCeXTvZ|r<J^i$_nMTee+r)*-u3NP+bN&9ovw<e^SmUKE_=M6
znbEfQ;Oq2L-D}U!3%+(_|9gqwS@U_*OjI9nWzF?wsL{Ujh-I$A-1(M=-dX&!QV#de
z+TfSgzx`~O{{7i2T&^jK37A)%I~w%)-L-dYf9I8!afOwAcsu2<$Di9hJJ%NUc_{zX
zW_(}#u~Fmp4owE9J^I3GC&ZWSXTQs_F5$!Z>V&)dI7=k+H+bjI@Vy|(R-^FHde1ET
zIf6|mwL})Xa$cK#{=HI|+N|SK6XfRJxO}(1Q|5N}gWUJA_pUQsI45N;HhG4(iP<go
zdbi%6*N(>;$=yE|v}VbZU;2;L^e&tER0*9v_Dtq;M<QofLk7#{ch}96^e*J|^d($e
z8@Mv`#!u6q%_#@GIgU;ce`zLb{8>?V%eI`tbk@#O^1@D+j<>yx6a5@4c&p@jP%Fo!
zt!59rH0`UGn8$tA-!nNuW%lX~0>90UGnGbZonXDj`D@dI>wVL;G*@Lh+q~Ltp(j-S
zd_PO%%LFOwvY*~BsuK-#z08+R;%!r6HCXxet%PCI@5>SiLZv0@o{3AZm|5l7e}D4u
z(^l{GA0~_U^iDZ{t=jhE`!?sxfm^tK9F8jpxyQP!GyaqGl85_)#7-^q(dM6GX4@pB
zoo>uM>*qQbF{uJaE1S;CQ%*N_U(}D&JY|>4_1OA?LG6X_I&2wVrieV(zvu6kcINnH
z$>&Tex9pDeE-Y$X*BYQ~{^eZ!-VZBh{&;Pd;q>kDX6~YF5mo80FW;L?a{lb57^okd
z`SSVWW4wP-8WV4<&;2(4{HL?C<u-r+x@<@1l{Y>$*RK?9S?_!1jmc$G_su0YQ@?I~
zs?acTy+&WA;-*!<I|HU(i#c}wd8>Z+=fX?6sl3bgpR-@Aowh~b={2o${!3J2jD&)>
zb*6Odyxg=?&Ew2k>xd8ai;Y~5=I>ql%r;&sCPDF~w8G^OF5YA368CLZsm%*+QID#<
zpI7ZFoIR)Lvdxjj_kx!g30GG=Jv(WYyJBgRK$`jUGr!MAi8X8IeR$7#{*bisGTD}_
zd&U``6K~D_6!dHDn;su`<_DsM|L-WSUd>@tvqN&f<E5*2SM93)6eW8gNBQvE`CAX{
zV157kzst>)FVfchob>phs&UoKn0vxI&#>Go*;>&RyQJ&;9kox)idubVrsp2LdQ(|W
zob$4T7^8<fm)YSBFC>`noakfqzCL^Fttt6GcVy@%mapb++#q@H>Aj_TbL!TdHTikY
z`qk`<d1t@AoOsVQZ+G;wb<ERimfb&Poc`&o-H)iR5g(QRIv@HSx%i6xsng80vv-8r
zaM>2VTqykfZQj3LDI3iX#(C2FZ_GO3tdq-dG|%+Ii=fqqPWy2j&8RMOUASh2k8r5u
z{-$jQ=66e<xoMwinq|m*_M+6*pN6h`%@tq$uKQglqP!%n<fAO__gC4977J{Iz8P7>
z%k5df@nd>nZC-(QOx&TH-<^(z^e;L#b=%=96CQ-r{ViN%pm0ZQN$w=8$W0d+V?H~m
zD$A$XEVOy`Z~MI#(KpUHe0Q=xSk0KIY<%$ag>A|`KOTvEchTRM+`eCOqeV^s%kwPv
z7jSp3kzeU4n{n>$+wAKrjYKAM^S{6H`K<59Rjqr^Iq$gQ{KR7Ii92)Fr26TzRWGoe
z(>Y^<M5%sI=koint<LM7o4%zvCv^J3wGquJ%VnlIz6qJRvFE@m&C~l<$V`;-se1a%
zbH=sft7psF@Vp8*a%8>B5*xEMhf01-I2zM^ey{!wUhf}|P2c|5x~S>o=`F?Hwk%D0
z0o-o&=gvqOpPpSiXU?XOJ-j}<7sOWdg<ZIlRw&E<wJwDBhBp8ARX-1Pe)=>a^z!Qm
zADFH^VUul-()-pEd}6n$k$yu}kOOnU()z+(td8w#yiyK?aeU&k>6z}Sp~kUZezWjR
z(~T1jw;J?KzgE<~L`UxzLqHwd5AT^War=@ze!ovn2|w_mwPEiMf3wMU3VP`aieKzI
z+_;|2o$c7uu)S)M+L0YMLjIMM@>{!wt}2dYo9Ak6Fn{On-8-)79XBbj5PK74WG17#
z{=sJ->rL}2OZBop8N@XIot$@}LO7?xHz{GQOkAMRzhdw5ZEL@s*`R7D7izg<Q_*S_
z&)<gJ>2DtH&9MLa)a{mNS%O!x@b`}FUuR=wSq-P}{iuH?VDTTDjXU`}9(Sj1Jh;V(
zy}#wl>GLfY4mIuGS=#-6Rlm)p-FpjHzUJO(e&NhM|D=Ts!psQ*iu*gSMebr+5j<~M
zTYi*;PKV{@gxc(G?JMDb*vx*2|NqZ6we#7=Rbn!4Lt0awKKQ-PZbs~+%JXbNKaWnf
z_TTnAZA&G$-|~`B|LS0)YfMgmL!SOvu#xRWrqPVu`gwI}UuLvq$wW16%+6W4aOc4}
zp(nlz&phJGc=+4W<oo;kuI&D6cmLL$6{VG_&nwhV9<SZE&q-zTj#S70NgB(=&aH_#
zV=5M|ocC3PDd$soG24u&^=nqh+GzgXxcB>%KYDNE12{G+zhvmYd-$`G#d79DK8yLR
zv#K6NDcDPGzjRph(an>xd>4*o2R*#9-I=eB|I?-kM~@^eJ?!)U&OFxBhfa8YFScbl
z+}mdR?~c`j!dc4}Xc%ezO}Mx|;8#S*n-@GR|I}xH?=~##S;BYtUr+y!Z@<1C`+G$w
zYfE0svvppv!RJMnSWhudHJOzf+!%YIAS`<|!}m#Bcct}<`)x|wGUxX`R*kQx?)4np
z`Etw7hD@LN@4lW`^q!4r|I(Sxhq&}zXFC@)huZmXnz>kk^Dp1hM<QJ(?wXk;&s`Li
zBi?XCqh@X>yGl)!(A^(jKOH}N=+!FO^}(rgUWc}b^$T!|Y@He$$hq^AdwTwF!409R
z^LBYS2-|UM&CQNha!q04D>})%r?2{?+59QNO!*JL{+rWu>FKpgi(;mC-j3R)DCnWu
zs@7n$&yLl$`;RFv+pItTnR>JY=KG2sZ7{0X^{eb_Z1-CC`;ih-(LXE-xH?;}p7322
zb?dBcD#rv-cE)2$hbD2pT)ENq%wd&;by;~@X$!vSZZ7x!Xx*K#)q2sqzk$sWOzumS
z+|^etS1wFF@qNp2HysbZJ$KpPPupB^Q|Cr|qsd0g4|kWlTseI#?dr){;+`U#3VyuX
zqh26mv|3N&tXo9ev~_|(NqSStj#OR?EUmO$7(JI`N?qBMyj3%AUi!Uy<9o~h8q<=?
z-dpdRlf%fjZ=tV*&(1huj_VI96{o9}F>ZKt{qDoMd3)?MCbm6X$)@nnW#6w&E`M8C
zucQS|{m6A@|Hs=ZRU!&49P|J721K8K$FNvoQRU?tmv-at>C3tf?6g+6?z$_LS#hqq
z(e9!x@r}M=Sw@_^FWQ_0v;S>q-aY$9?aO>erv<BLy*=<VH8x80_$=R~4%TH~nT}l*
zo29&JR?fyv>tE=)E`F2Q-@9dl@H1ToyAqd07w<bY9p5`mR%65dD$$%%x<7w6ru~tO
zx@>x)OfdRp@sh@mzplt??N=ANSJmst>cX}^V0u35w27y=qzxNp#}t?Uc&#w+$d_>D
zIoCea&pLc`DPL^Gf&KRu?v@gqp11$;+qAG_d-+$sDapKaI_JLm(hnE*TcxD+G)Ny-
z*~k6)U~}gu;rXejBDqf;w*O|WT7Udr!)5*Kg79CF*PoquUAv*ynB~9RakY1c+Y6s}
zy}Fgw>%F3o&u8NniI2kS$2U(g<&4gZl+G0YySn@RCYOy%glv_Knr_U<*Oal|F!^?b
zbBSR2`Kzw$B*Y*3Yc}$1I8wpeWfK$qcaL-U^t1o332e~hU!t@iiDmlF=0kiDNAAA5
zp~m`7-=%!*?!Uhc%sw9F%CGo&rf<oTnYS|^cd2#k@BG~9%D=7b$&!a>r8<kW;+8z(
z=w337`+~pgWLE$7?tgiF2Q*hR|2^<oqI3f5hpI0M?PnCs0>gY6ZMQp46Wqrvqr7>?
zjW6qpcl5GFFM2O=S*G)4?6T=m^K7mi@{+ZEx!%0h<Dy+r&}E*#oY|`HW@g)~$SU?q
zyce)dE3W<|Ci;AWJ(tmH!DrlC(>X(b{FnabbVc!h-^}6<@;OE+Z3{{*vfrKjs$F!`
zq|v~dNoo1_(6u-E>JBzfIcQ#%EpYPRPlG+Rvss)Er>}bY^xyTA=}#{%58igp?%6%v
zb83q=?3NR5;M$}2=-^g^jg67>PVYM~$xHF_J@)7GM7L>kp4{GhHtR^=>Vqnu7tHDB
zlyNK-x%~8g;jHYwm8+(*wjMj*bNiiCio9g3VpMQn>Gg}Iuiwu5Z0B{}rF+Wj<SI>p
zldo>b#KitvZWejrPs61*COSt2QyI@JI`s5|l|@0Y`di;Q1<HryHD7yo{9CeibLyUy
z|B5fw|3nHn7nGa29Orwt@>}3qE8#Q08s5r=SIpvn<#Y4X?rlA%#Z2c}yzk+ud#k{E
zZDE7RQO-qHk|(M^t`qS0^834jb$_UEgeklG*AMKxPM#O^&-|!0Vw0T7+I=PRMdizm
zCH~L%i#<x$JoTqrdcN~H`}Y|g|6B6%e}``_6#n&W#kM}@jmzeE&P-#spJ%fBV9Tqo
z;!^+rMwB;fD*k+f?^=Dx>FDXjd3#x>Zamvo>9a&Sv9g9kp<<!N3@)9ZiTBTX9!utM
zw`j7mdbw8i?(J{Jul_O$-BL6-9yv*PX?nz)(zY$<p3Y5QaBh8v=Cx;8SqGQAT(p0I
z_wC(|vBtMLx#Vi(Z?tGnU2cCj{Z(SdrtiC5yPKDp^v#M2><XK}Y$LMfYqIfs?iEZ$
zaW_}4o3i-z(WIo@-f!Y_P6uywQhUM9`6Vtr#C)|?72l?J=|7I|Ir!SjAbale>Uur#
z!^>o2e6rWXKi`nKbdBll`g=P+ea&5~k+$HoN8=^S>mFCC(u~am;=cW{jH=oDHT+-w
zwyC!mttL7qJ!2?H*sy%1@uj8V(>@tYFFUP~DD=(Fv;Xi5Ei0G3N0#j7jIdG?I4<zv
z<@#Np9OmBBIdRjFkEOr1<Y>4;)P%ol7K<yGCfwL~qNXX}^RL@1T{`o&*BO6V($Ce!
zB+$O**$Sr*-|{E?VBveyv3%X6_SDJj<<SZ!_iYO_h-|jexp(G*!j7AtKQf=z&&~et
z|Nh`D^RSe<*57Y7w=?F*h;PcCGwEufW5%r6tm~#WE%FfH?^6p8{}=H~PdrR??}>_z
zyuW*H$V`49%XhH*{DJqydv|bLQEe=ZV~KlXm)dZ7$J90U8L|-@^J|%J9<OB*J0uod
zRyoOrRmDnXYpA;bYkkQ<dwp}4j=x;zwno0@{C14x>+DZFc72QI+t2%arbvGR&q0e-
z9^IL|0=Zj?Prs3E=a7&R7gwx)xx`^r?H}vOFZe&)I>5TS>&qvboFvBPKs&+qCzV+$
z_hk<Jd472@Z-+f!m8U?s&;Ml&yAMdzPB?te_R67ya*>}!j2ZPiif;6D+jnl!-S5@Z
zzIWd5Gs`%R$IMuj^u^LOd*Xjb&Y6XFp6}kYPhy?x^kGiNgZauU^JYdaDY#i>eq=*N
z(AFApXV(Iiq^|BIH;$iuW4-LUZm3YD!T;q~qVA*}pPgb~cKeHOLxWG|t-l5S!oTP8
zKY5_Zt!#XL#ao@!kA>?ezes6+Yr*XEa7#(&(`cFejD_u=&n{nmNau+h=N3URjnAKA
z6Xwh9TVCjsd|92_ZLahN&t*)C&Nj0elnPj`DILn1{hsq!k9lmj<hq76(>AxhV`XVr
z5j+28D#Mmzo~)TW^IBbhT;H|4T_`u-V%_n;rqWxhq&L^<8rla(YGkB-)YyJg-$!|J
zeN0rO)a{y1`Ruzdv<3KV|Fz!X%6S;@;mWh=7RqeD6nuVns%5mAmWwU-nU>yA_sL$Q
z!bHe*%Dy9qLK$7(t?h71-s64M{L1k>zvEl;*0T9b-tY3?DqbLb@`;4A+6xjyBkN;&
zn$CsDx5?aAp899~HoJ@8xVD=LD0Ok(%(j?d!PGCE;T|&Y<>ze=8G;3LZ|yv^Cq?T;
zg0LaGhsk^s?)+Dli!M1_O|4(MhfRHsS4sVZyyb24TA3~^Jnda}x#Q3z$Ju;ycYb;7
z6vCUZ&*13B<=;MDVRtg;&vV#!;M1KvMis+fCpTQz|L&9c?cW84M|Sg<8gKKM-F^3Y
zDf9i8Ju|kn^rp$Z{&($E<e8%Id2z2KXRegt4&UH;>6hyN`^i5ie{ozr{jT2k3Mb#q
znfo}LCvtLCe?PQN(eX{LnqYSRQGv%!?R$mKb}DajyyTyD%{KRk<@%i`85G+eO}!?$
z{?@gJ(vAw-k2|{V{h%yp=ke>s>Vgw$q1>`}t^b&pew=eISWb|Wqnh*1#%sJKr>8S@
z*|8kE<(JL#fBqwr4G9GnU&1<TSY?v)HRhZ-rF>xzXNUgA?gQ*AmZZH-y_C4c!0PX_
zI1iNo5s_#<>-OezK_a==3L4D?KHtB=adrET997neX?Yte{!HF;^v$z7lN#8P*2{Z6
z{-^%LmQ~#${P^!D%fqges6XM0eb^PMzdc+?sOa+&&V+M{ttImlb9Y|;=qLMSZ$nAl
z41dpQ@g+J(Tv&b<Em4`4E+FnPb@vJ%m96VvGbg5XyFTjB|K4)su=|Av+0W;+&HWh_
zb0R=0$KqF7bN64JllIejS&sa*ys+`k7iA6MSD)kdW_?ile)66y%ZJk+K6M&?*e8)R
ztCv^OX{MC9?jm+e!PAF?c|G3>A7G!#H|s02Rj9rG+?mTaY~U656Kp>9Hu>O%KWFzd
z9Gj4Ny?f!^-#5dyZGJBFZmF4u&|Moh$wLWSo?111katf%VZMHisb`?fV$%%<`GT#t
z{w`lQY5KnN=Mw#Ud(Y0du-9n%d9zK6@9i88`CyNTQ<cB!`hGV?f4bTA^Wjm}?|a!-
z+C}g<aNp?>4!6B8VZHJ$Ka=dP-k|kNY(?rz&n9n}G9^GH-dpI~fvy=B9M)^Z&+y!l
zvGuMoTWv*0d%XAO<}Dk4F8#L4$=jbX`h1++a}jY_r)f9)&-iJo3DsSD>c!v2+p=`+
zg1VPWtFGJiU5UDIK0u}8@cvRJKI22mJ*Otm<9nhM!ECX@lhvEEVdCoOB@@M$_MIv&
zTDN9H;`P})d%tA{S^36&Q)4-^@}RW)uav1JmqnXX9?X}yJ3r%BrqWLCj;pq80vfNU
z1%9krqab@_sW0pNkeU8RcNDI=y2J8m_D}T*IYqg%qs||ca9QYe)_s<wLfX`N=D8nl
zrQ2EvRF&T~VRhL!kGW%u$b~Z3^!umu?RIc}OZ7eytRUL7HExZ1)23}Hau;mBZOl6N
zSNFC5#tUrSv(z=82<=<*B`b;jl)?M1{Dn_^Jm=iVJhwgU;k`{l8#Jwc<mtrje0;O}
z@54=c+m0Q+_iVzB<6kBR-dV%Ye`}d((d%PuFAtu+*r5`*pW$Sx*tyG&rz)4Jx_3WZ
z9QdQ`#@-p}%G1|g+IqO+aqgQadD~BG?t01ZN;q*XE+pjZfmzZgOI^2xCnkG09PqZR
zVLi`t^Ytk+`C0#OyI#>!b6$IgDJ!pQ3hzUol#URk7TMQFd@W=e50s^xdo-!#?v>N8
z|E?{$Y4qJQzeV@GSj*(;_kPR%_A$I1Bz2W<t$6X<PmVLar|2CkvGjiN#(IlV%g5tB
zr{4TpJwHTRR3&oPmqRaqEsQtm`1tC!W^R1JY6d3Tg{@7MO^FrP>Y^+xe2f|1aDDpu
z(SqUpC&~HNMydDLi&lPL$ZR=-!Nnvqz3g+yx%{*7JF|RuF8;Bl?t9XDy?ym761mk?
zU-0I?`5n_SrLenv?yFQY>kZ8td}jGyV@dv6wtiC0d_|x3MNOYdmYsIb=It*D+csZX
zQ-1$ivGxL~eFmwvx-y(or@3G9ec|3^S-oEJu;~`zW?_ZPpZub;;?9Va9y%N|<=C^D
ztFvB~YlM90+bKKiwNub#g$rLDU6Za(%XImX%&hTw>zRga8xvB*g<FKhF9mMvoSUzh
zKkag#T+h^mMbQt{-7MXH#iyFOy$C54%Fn!zv5~jC$=cfg$@@fW(Xb@lkc-b)vr^`C
z&o&6UYxeER;WKP|3ND{lo8O|WU8nJxfvGjAMCzC3BL%HvT2%_UzW4S$_c&d8O?2Y(
z&iPf&?>2_k6vkGpQhCX9cmMb2r^}r<x<e#aPSM#pu~S{<8&gm8*2K<^m!e5~9^UB+
zUG$vQ<M@^XFTS7Pt@Sy$;dkd1<<hVA4A#~bGnbejyz!EyR#h*mGfw7{U7aQKEj@>$
z#Tsw73VNU4BJ#(-xMXRLujsV?4_cM#r}xeFYn$Cr!sH?1-9E=aWA;3z6EW2sNzMl!
zn@S$LZ{WJ`(EptwX1xFJ_I_}ZD=>Y|7nV0ullk3Tj%okiCEPi{Y@Yml)#UqfjDl~C
zr+>>%e6aqp-HK+*4vquC94^z?gX-`6c(?Fw(HeK9TT;v75*o~%ju)&_*#9kMMZ)BL
zUsl*<Dn{@JCmxL{vp<{g?dpj&UZ$R$3lDw!7PtOi<)ukC^jnPFqL#PiUeqY{;q`s}
z@ytC{9`{mP)7LRVf?AxDU;lS2uX0`UfYVDS!TsavDOtC--Uz=p*S<Y7N&3aArpT(8
zW86>Por%a0n#sN;J9HcOZpJ<*yFKZjJHG4Waj%e*p73UieddnRjP?HxW<C3T{H~Y#
z+KJ|VjsH{M20C^gnEPykma~akg|5rKwl{{7tqa&PH=8C_2u$rM{qX+1_YXTEukgol
z5B8jQm5&Y#jWIoW#WBI{NY;7@rr%NPoowCB&g}X#b=|ysYzecgIIG=$e{(jnPSbf*
z)7~7CuKY6p(UjNI*LgcM`Aam-Z~1;q;ZAg@^E<is);XCn>st3L;n#3KnVu%Y`18NK
zZqDkL{;h>eCJ48@U2tJt%jezir1s~Z_-!}s!$dZ#hTn0^e&|))pEP@pS@4RRk0QOE
z9NJX8xc-9izj^l6LT^sJzWja0`Q0<D)yh8_2`Ml;>%Uo}b=r99irF4tT--I<d}nX$
z&b(ab@~U_HHz6-h*FTdjYhP44?~{!b;|e<}Vdi>0XYRT$0vYa;*FV`iF`aRy)+-Kw
z>(~IfcCSsG0r4$sM7YD$Zv9xL#j(p{sovQwb^2W!7gg@{lRkMn|6u=;)y7_PSS}m>
zU%ISemxE&UlKLPWu2<7}j_ry0?fJ?6-FiO3c-2b}L*)}D^vEAcJ37z!j?T8Ig2m~#
z1pLn3RJiQ7+a=GXIN_pb0oRnRjC*D-x&HGvXP-&jywta=cRv#Jd-LS6$3LDsUmjQd
zo72koV~UZVgtv>WarbwI9h24^tDo@m_6@njB@^DADPxoKbE#VOU;c%_ya~%T`7CYR
z`t6wRCkqWv?#UB=uUZ{4TQB=oa(!R#_IE#471>VZU~j(TdG((o*MS<NiS8RO7aD%p
o{py*0c&WzT%V*kH;`YBcIX5NgWLA)i8n;qjO__C)?WxPY0Q6d8oB#j-

literal 0
HcmV?d00001

diff --git a/nix-config/host/valkyrie/private/secrets.yaml b/nix-config/host/valkyrie/private/secrets.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..03696ff6ab993590569654b125623e0cc2613cd1
GIT binary patch
literal 3272
zcmZQ@_Y83kiVO&0nA%x?Ze`4xZL3rl$J@_Le*4p{>~WsT>Fvu-E6lJ}&sVX(bK=4m
z{`^^L9`PdQ!`N1SaS1sz-MTE!E^hJJ=)&nCVNA@^zbA=(RR3qUd@IN9@Qq(vxCArO
z*z<N-Mg8@!YB_XGXLHk~Up*IhE!c2;R-nZpwVAtHxUVnQ*q8LRieuh{2@wTZ&yw}u
z)Xo#%E%wNOy>De?Uv$1h@Ydtpw}UkUL^Wgm7`X~&{i|f|(LJ#JQ^U&=hb{k;C#;DQ
zv3c64GS}x#_0GNBO|IXaPw8gfT+z^=5Efbf`<$&I*F}w2E0qm98N1#--pRl4!R5k@
zN9!(?eCS>ARKw$<*V48rTMK_%K0l|T_<e=D7Q0>G>hlbjBR<QDe7L=SbMLD)Ryy2;
zi$2cPTh(+SLp0>F-CE_D_sn&k-<MQYOWUD2G34kz9i6Ecj#V^O%`5cUv^sj06NfO@
zTbq0N(`HQkQ0%RIJW}F=$M1_#K8s@~H^xQvo(U^d@s2$4SN-vw#!a`w+orj1$O$wK
zo9G~(Gg;!tT;l~jQFlJqd8F@UKbErhWr{)X<=hy9E3dy_@chFf)SfCRwrtY>wK4hX
z+w26j9*U<;KeJKfQR$I`EFO!xB4%gt6z;nJn7_vJ<jEN&{@&%0oZ)7l+}1A2`~IN2
z$Y5!YqS@3{Mhm~4lQsSmr6%lPeyqb*BI?10DPK?Pyo!>NZ{qn|XKP;X&3j;b-P707
zGyd;ooz%*B<2#4abhhtbRzzvE@NR2a*w18ps(rg&x(N576?NORE05K0ERZ!^E^~gv
z+yz~mZx*q9yK$qF!{)ea@(ETRexoO4slq-C%Yvpxc%;Z^KNmgz=%&$I$0OZWYIp=?
zx1}*{-*Qv!U@M32w&OFkQj%wddfG6(aZk&;b#S}#%u@@FE#Xj^@=KzjY}QSSmo<wm
zEX)o|U%efx-T9}}b@3mLYpN@j$qQKu?wWPhV|LT**?dO)hZkSj_u&1mRoV9I_fN4^
z$gR(a`pvHVu81{UWaFRnlWbVbzO66MX*kkkKJTeR=xc2@>18kTcf70#__N$j#a%A_
zS=3dRyL-;79g$qTa&qC<n)bM+>3w%PJ~v%elUOjV<-`Q9*uPsI2mf1C5znu^VY|$#
zOWVc$SDd@4yCcT6MSh1E*Yfn5z^~ihzhqN?I`6)tal>Y=1T)X`uaY?!mMo0&>n`8g
zqP@(Uc?Ii&H+Ck*Hx_r8I=4+u^Pe+yl4!nsrhDk^hxcP-Ec<4LcV=|3yfzT|<5sx(
zi4tr4T!Emydsnvjo|gT4Lb1%#Cx<yg$wJl7|GMs)mI>~hAttx@e`dcI(eTh=ZkWGL
zaoZ36SsC&x182oescDE7HYt^G*rHP*DQZ!(cKyqc{O7Kh?rht2?b)s67d907tHsF5
zIc(32Pgm2fU#5AoK#kEWtTLs#Wx*T4v+AwI-#!H8Ge||h%J??#L8w{7db{*r0hf9{
z^F1?eTBO`jFRXfZH6QQOjhnWWKV9#AQ2SauQ>gyaSK-ZXCw<ZHF7)zxb@H89X`7Vj
zUw-93Z<nleX{_m5@N(jm$7_~}YEN($iR4p|_swhFdvw{&c5gH8dsFUn-PKs<ADO+-
zc(vmC#XH`Wp5HY0k?A*=2##FFn8owo&Mw#0>AA4;$n3(<!<@ITa`if#aGu6~<55(h
z>7I}LH!_X#+|F|ryzBav{z-e5bn4q#tuO1>DSrKZv)`k0yV8lZ^V)MRKX-g!;;r4V
zVW-cgqyCTeo^RZ->i?;{l%K~-UG>`?R~)pI;}_!DwSNDLN1P|N?mm7%@7%6WTH>=#
zFYtK(hTHA8f$E}lKWc-QJZiq8r14Sl$AABd=L^#xUSYd0BKYC5%VOp%<u}1El=_{$
zw`P8+d@NM@FJ66$?lOf-s}{`Qe)ei=>rFG$rujC!A#=FDStgtfD`%T}P2jaID<kuX
zuO)1oer~kCp2a(Xal^5H-y_f7UF@-cuKp~?XYS6jTP=65GK!v;5^8XX_xG$r$EPn{
zJArR@+o@yS>>_WHWoMmQB(m-8(XIf0>$TdZZZ~@RUB%mcY>$`So0z|6l}mYSvAVbS
zVx2g<;~u{9@(B&k=HFG)kGQQNos!p_XgK@v841x}f3CG2thsEK$MXGb-A$K&{7&&+
zoVw?A1su$~R(e?qXS{3Wb=Xy)V!-ul_JplGdpo>6s&AA}zqS3&jSu|Ccb$H~^YM}L
zt?+N6Tl-q-8s5G$?+u?&#>Qjw^!Jawf2*(F;$qlwZtcPs|MbgC915gdFQ*C?AKd8H
zTG_F2WkO%J%I0hya~aoNau0u~>`eb1SI(ildg;x1O|O}+UbMSuAGge)-f9l-&J#>+
zyLAsRPYd{HxMEp<_u^-kna=CAd=K=wHNLy+IcLtwTZ<c$w>PQ1@ZER!=8ro@ZU27;
zl=tR0ry4F?Rx501^E&5SznF4<OZ@Iv9y0p>%1_69yD)|K@ZH58Ta$9i+WVe5`Yk%q
z@at@^_=ydvXJpKkEe*o^Mf!?^xbh$VJeI#BHz83-E<a#O*NjY67u)jRK?f}rOSk%0
z|DWsT{%q^Kn_8b0r!SSWeSYrv$7dg!3xg`Zt^K9VaP)@7+)ualpBZId(byE$em4Cf
ztLv|or*mGqZJf{%<hbEN<&x&VEYWf&ZEK~@F<idHu{kGOi1WE`$5ydR7k1lwi96o1
zlgxJ5&33yi^v3>_do6t-`?{w3H?P<tylG>AiI&;UsxD#0kA=puiL;8fHqN?zr#$-F
z{*F&)g}zTdnVZtzu;9S@zh^W<mA8k5ZQb{KMl)BBeIAeI{3!;C`&Lb3X9-eS@384h
zquK0k-HUP|Kl^^Qx^{;vT*`D|+O|vfp|ZcjH{+Vf=*^ktinCsbU2y1NHFeMO>ThIw
zfB(5lQ-nDqclqgCiW$%Dr`IW6n#_G<%JW?Bkdrs;-b%)>ebrW;Cpg`1Yi{<^9clT8
zj(_i8q~-na?e0RM^!)$9%S`wj_^s2vD6V`XqjXB$Nb>R7V}i#;;uKc}ByV4y{qHZw
z+)EQI9{#e~F}r9QL*mrzv;Ud07ko)Ae%pBD#D&zoHqnuc#d9jXcIV1$Gp~2_6Ag@8
z%9^n*v23-jD9ag}E|p}{2?uX!d{c_p+x+*gim_n$g%7&hD$B!Dj7#SG)O*NXJhmY<
zrCr(P*}dtJIu`%9meo%`6}BWTfLkEx#yU-j3R{_|+X{(Kul+iF;m6O4nAM3>Shg;g
z+Tgt7SSj=LlTPMOp1#j~7N6v|+;Z(t{}y?dnEfw(56(RH$?5g;37j`h^RHeJb#P{A
z!t_-aesgfB9iF`+BxK(E*J_)lm(AUHU9dy=(b;n!gcn`v4L9E~RaIxkij61J_xd}X
z|968seEx#)-vti@{-(FpoqKzp*>|40$QS*GlKE$93LN^qr<Yhf=T$INULV4d!oIsn
z*xNZMQDUzLkDv8?jcV1P`Ds(Ois$Thu6}dKGJ;)c`B}~I>sl6z-iF;dllJG=-uCy6
zkFu{sObGdGD4oAov1jJ2XD_m<E_-@EKKl2=hVwD3KTM`M{XZZ4Kg#AF`*M?Yai@>X
zJo2D)U)cUfVq15W+5LW*8<%N*a9iCP0d*GlO`LIWD)W^Y*z12ynUYgjv3Gj@L=pa)
zh4F2V>>Bzs85YKJaTq-~Q!OvQS?V>HD{Ez7&@`)?deVjewuyvBNQU0rzCmXH?^Lex
zniI1V=Pg*AnZfDzrsA4qees0<rED$^A9GK0`euo`@=Wl1|5bL==Hk<O{hJFnCt1v}
ze5oh>W5Ol1%a-cTuY`HMIJ)4k?{Q&o+4A_k&utI=y!WiIR?>gvwo0~Thx)sYTgLWT
z_^q?`uHOBe&DUE_xL;*`-u}J!4t7s!{nL4L-TzMcqer%{`d579SH$r*;nA7y!4sty
z1sl1~?d)m!HF3%OM#)>-kDV&@aQbqif~g?9Nooqu`{QQ0x)RT0swRDyH~+MW^X3$T
zUE4#M_#^yREx012vNrjs$y)Y5i#t`{K4}bH|Lb4owA&YL>vWlw7xe2?zB68U=JAQE
zlS_}THSNu;xXT~j9@i7!Ech*3H)D;8*{}D%UT#~L{-D5a=k#+j>{SQ4EOY0mh3`Ao
z;as(1_u;J%iXJFxSr}HgyZBVL*2D)Gmz;i?{McGCLEQRf9ou6zq2}i`YGJHZRg+h6
z6z3QRu$~szQdu8b`R%Hh!M;?p-L1KMme!@|L~Oo%(Rp*cT-nE04cihcRTkN7+UDW*
zSnFl)wmPXhN?-5!&*#?MsxxN_%ZKE<Ve6Ou+qpVPF@ZhU-zF(m`<T;Bo525TRGqpO
zta^C7^XD{8b){p6D*g9X%Ki9R%gMOym$!fy1KU%%bxf1p6h&PoNY{!69S=CKbYhb*
z%k=AtKVMGKzaaVWP@Jfm<_Wi@-#7nrTj_q_@1bs%d#0aUd^^ssh~d5d@)DC@y@kS)
Xul#Zk8*IW@@BUfAZzg{}&Fc&R!WK`{

literal 0
HcmV?d00001

diff --git a/nix-config/host/valkyrie/private/tosave.nix b/nix-config/host/valkyrie/private/tosave.nix
new file mode 100644
index 0000000000000000000000000000000000000000..784fd9a72c62727741cff4e81fe05789f01ff4d3
GIT binary patch
literal 2850
zcmZQ@_Y83kiVO&0cxzqhw!Js@_suU+ZE=%wMPeqbFJ1Wl<_Wb6|Fd{P_<jg{WBIJ2
z(2&3X#rwApF2^TyUcNc?@oUb-R|BWm9y{@6^+$2#U59vs7BG2#+NRQ+^4uX{m&t4I
z2N#cW%-vF8a^<Omf^P^<M6PS<9h>W^>z4RlI(%jMlgyAcT&7nnU0fcvcTE>Ruq$an
zY@m_#0Y@I?3u|ZoTlf4+gg5K<es1%_XT`+|zun)I)pj7le4*AyZQ&A!N3y&%e-$ju
zHt8tWxor#l(r74H7<EFRuJphI`F9tOyL~#<zjzUk*O!Lt!OJ`U{#tWo1LKnaD@5c1
zFYEbS?Ozcjz0;FL{nGxuyAD5kFSIbBB|R$0JLbaWXmLN??{_->&iMYQf%oC-E0-R!
z=O5GE@%KT&>!(UV_aeK`&#2?^t#_+8*cr_Fr%-ms+l-61bIV0V%O>y5*tb-0TgI0u
zx8Cl&*LFA}#@1rRp|b-2QlB?WEBLxip-AoJ)~KL=vS!-_cRc-S%Vkn)_si5P`Uj8Y
zN0({KuCD!g&v}pVgvpn=(vF=Cp317q8FWWyU%OV6B+u_x3u5MM`t;Or+3Q5ZYB{#j
zc{<e|GqvxV+)viwP5Sg{Ro*Al^aFFw_J0waI{nDX1<B_>b{8tHabD52$?>qdV06ld
zl$g8{_shKRzN}2Txx-wd(5ye`g_7|-uD!h~pWXzRZ7O<{{B5F0XaOfzIP>#&k%n10
zwU=jY{$Rrpd$0Sd;_+u;3asl)<5Wx^eR$^FW-QXddDzD0b*adk)dw~D^~A(3-+h+V
zbntHBUj^B<u4&Q9JwBqr?#|OMiKVvPb+~tssdVwJ_ml66FTSnd>9yg++1lQTp)p>G
zv+8W0#EN~I#QT4l+`B~vEV~z^8+a)%JUyR3m}l!*)2D9FZL)0Mm9O&@yx!Qx^f-PG
z`%Ne5?LT@hF&?m3eA_8Z&vQ!Yfy}7~EA6Vzv#xn`ldI+aqT_CHde2KanAcn8HAVB3
zu3%OQZ~M)0Wse{4%l-#;I-TV*Z=-(5_m*AYeYjzn)J!k8l4BEgZF;neugUtCVepBU
zzZ2H4+GV$d@$p8bJxdlSR&pLL+mI72Bld>t!%_aCt$cFr4<}A;e!O76@J7yQyQhZB
z*{zaTnwojP_owrVgQcc&lWXpNlVfLF>b2AIN5}ctQx>nUoahaiBLC+ImvZ6b<7zji
z&rx2eE6uZmFH`mO{Yyqabv|URZ<_e1nOjx-M9i+N3%(u){mpMwEY(OXO-Pda#If#K
z?CcdU%MQevT}?`pf2qBvURdwIG`nS&MPDC`In2vh{^xd3z$0&CyIZ=Us{(gTUAJ^$
zM$5Mi2XqutZwq}ZwZ3rt{JutW4b8hk9#dt^Zp~XdF-hsvgv~))Uf#+05H>qNT6h1|
zKbykBLpz>m^*(4+S-SN9%!4eYn~uF?xVqy-MM373*ISmZcpVn^K)l)O!ohVM+~wPT
z>c3#m)t&ue^B2KKCQ}}9hW=S{y~w@i+R7{o?L`HKQK3vH{u@QEl0RjnEn`3Hxa6b6
zn2dAB9tSx5fBtz(+l&_sWd`31xEGbkFZ>r4H&gk{-6EswF_vj+t#-eZ)$5N=+vC8#
zvw4@#f^J>$&izy7Gd(}q;K;f6gv_M<QkK78zP@^6%QOuI%g!y)Zt|a0OK;R{c$(kY
z@$lu73z5co8`Ec1i|4Nu<-J?YA9Er#o^MK9;_~`uVL!JoJ#+oiS^d7t4v$=>^I3ad
zSlF#<={Ji{QHST^%r_g4{?vUOz2vE$PI>#|bSqJ<iG>Y}pP%%wO{nQ)HQ#&Wq*jXb
zM8>Q~QIolKtP~Ts>@AG-4$pUc%v^MCx3t_!|MS_r7p7<Zzb<`Xxy8KtSyuDs?_;=d
z*y-HcD<OI}bUt;>bn<wk@4PuRdd;r)E6;lh<lM>im|pYi$K|E`_mck}%k7#Gz4BwT
zSLchs*Q<LLM|}K$=4P~h;+>Sjf4@I(nq_U68I+`Q`=2&@TbV3>?EAR(J@5W<{#3A$
zPcymZ=-DWKmi@6$;Q`BMju!7MmEP>_jh9VG&zb3-bi(!I!jSL-vVLELN_I|Pb7_6b
z?Z&ES?@f*sv;PTQEdTUs;7sFPo6}M~YI!Cw=odJOe%NbvOmX6;dm4GyBhFY~ntt;5
zR>juK8w=JgyLF5I;i9hm9M*FuKF<G=&H1#Hd!N6XJXa#C@%dGuXAa1e9eF1&lp`2)
zJHNo@pU;(ZVN0#0llB_T=$e)!mbH0?T7-^~b7=*O?4<oyrfH`d)N8-~;S$Z+l3v=M
zHhY@vdXti$szIC2Xf(;b^tG(vOr0uyeYyO?tBX!Nj{IgPsL9B;Jfp|#K;kovgw>`Y
z?h}^#EDJs9e@XM>b#|W}VbxN<kN>dKZA-pnv@NVv_0k^C?r+<7pRtjzu8C&o-4k6Z
z@M@0u_Ul~jrx^YoY1r-6cPMyQY<Af8J5||_%-IBQ#IzSZKPj=_$@=T6rkN+i<{Wh1
zc4w1Rame&%eXk`Ow*C?6DNpmhHvR6q(xvw<PDqOXWL~u8)z8~sHm<2VsA@aUC(U`&
zG?VM6QbM;s-l6k#^QALFTNXb&x6rqG_Ro$5%<%%>XFu~ixJ|uAyyb92^72zZh1{%4
z+$uP2*4Y2qu)mstd8x<jS8EPb6)C=&^J>egK$~NpD_&}sZh6=H)7`Q=S@L&}Shc56
zSJ978ZVap$EB6Vfu36RjEO*(lkY4+%{tKlH_8q);P4anoSitgYokEXv7q{J+R90X<
zZDM?8VUMovgQ}ZVOb=8A*D0TjUe$M=rQ5X5ezL%orl1cCCY|a0{5tHd=Uk?SKbLQK
zeiK(WtuNND+xGPC#l-jDnmLvn)X{Hy!IfN^U~zZWq@Thnme+LzuN21j2=x8+*qi-&
zbA!dL#=GbD2t2v-Y*uxeeTUwJrgfTY;v3_?>@%vZ`%*oxz`WS+*_FojOGd$!lfRx}
zw%{>-%C^-y)L>d9dr^*)j_nhrmVGB@hk3KKO*i~(C^k7}gTbMGmhyAIpRIc4zuRT4
zz|5y@H-AVkdm(A$kvVfG)24&v%T0fs-(ui(d+!|E9Mu)+rs@o)+6yZxt!16Bdwz`i
z%UN>r62tQX=7yXv7qn&kWtNEqocw><I`U7%sx4PJR!;e{SASipLc~V?=8ot;XHF+9
z*rB;qJ9Pqo!kY@kwxoG`yB2>~SkT4(;;rqT9%gkXk7ZsTd-`t7o<8ODez&YEMqm0~
zG-@=*E{b5U4v~_G>hu>4c&43y=VRaj?s_L?IoHrqcNvkXoHN&a+ta;je$bBPEzIS7
zE<zVQkKVk!!nVL?$F7>l3(9KqZ1n!d@o!Pr+P?khw~O<Z{_QoI)YO#x!c)}ra@xaO
zg^2~Wwr$;S>ejw_J}Wc8lDWAjRB1-pm0SOBzxi$XCO5cGMQP#7%<sYJbx!;K#S8k+
z3x2xBo8{!~c!MjPq8iG#8-K|*m1MEr<v1bE^jJT;-0j)BBYAo9ex;kgey>eTo3=b;
zLbL1wWxg}F?6%!)I<PN(>x_TFJ}u3!mre-X(^v3faz?+V%}s}odh;r-Zd2LK_hZT_
zt-H!hyk*9>Z}2JTyH7c@<CSLVEa&f*S7lE=-}IiLt!3`==OS*Y500GS(ztoBWu}(E
z;-;`r-jgXDpE`dw*qjYoxBb`lpMpgj`&a3Iy!}>@rNQ<5uTxb`9~Tw=elw$$Ygeu8
zu4Dd9=M(fi4wRT$>aU()Uc=gTE->rh`s{vzoLTo4R4p!9{&H&ATJty8?{DX~db-Nt
zBXiVp<?BCPzhARY)m6ULIA?#M{F5p9mAfq%KIuK5EI%vT>Hh8mmk<0cFgu#`XJwf7
zr@z|QD}s(mCh(s0G}rGs`~67Q&bs{;g<>qrsx=;QtYOK?^UOONS8Ej6b&Fpd0I`6g
AY5)KL

literal 0
HcmV?d00001

diff --git a/nix-config/host/valkyrie/services/dcbot.nix b/nix-config/host/valkyrie/services/dcbot.nix
new file mode 100644
index 0000000..05e5cf7
--- /dev/null
+++ b/nix-config/host/valkyrie/services/dcbot.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  pkgs,
+  lib,
+  mkk,
+  ...
+}:
+{
+  options.valkyrieService.dcbot.enable = mkk.lib.mkBoolOpt false "Enable muse bot";
+
+  config =
+    let
+      cfg = config.valkyrieService.dcbot;
+    in
+    lib.mkIf cfg.enable {
+      sops.templates."muse.env".content = ''
+        CACHE_LIMIT=512MB
+        BOT_STATUS=online
+        BOT_ACTIVITY_TYPE=LISTENING
+        BOT_ACTIVITY=Coś
+        DISCORD_TOKEN=${config.sops.placeholder.discord-token}
+        YOUTUBE_API_KEY=${config.sops.placeholder.youtube-api}
+        SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
+        SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
+      '';
+
+      systemd.tmpfiles.rules = [
+        "d    /var/lib/muse  0776    root    root     -"
+      ];
+      virtualisation.oci-containers.containers.dcbot = {
+        image = "sl33ping/muse:pr-1195";
+        volumes = [ "/var/lib/muse:/data" ];
+        environmentFiles = [ config.sops.templates."muse.env".path ];
+      };
+
+    };
+
+}
diff --git a/nix-config/host/valkyrie/services/default.nix b/nix-config/host/valkyrie/services/default.nix
new file mode 100644
index 0000000..81436a1
--- /dev/null
+++ b/nix-config/host/valkyrie/services/default.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, ... }:
+{
+  imports =
+    [
+      ./pleroma.nix
+      ./pihole.nix
+      ./dcbot.nix
+      ./secureyoursoul.nix
+    ];
+  services.adguardhome.enable = true;
+
+  valkyrieService.pihole.enable = false;
+  valkyrieService.pleroma.enable = false;
+  valkyrieService.dcbot.enable = true;
+  valkyrieService.secureyoursoul.enable = true;
+
+}
diff --git a/nix-config/host/valkyrie/services/pihole.nix b/nix-config/host/valkyrie/services/pihole.nix
new file mode 100644
index 0000000..d025eb3
--- /dev/null
+++ b/nix-config/host/valkyrie/services/pihole.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, lib, mkk, ... }:
+{
+  options.valkyrieService.pihole.enable = mkk.lib.mkBoolOpt false "Enable pihole";
+  options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; };
+  options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; };
+
+
+
+  config =
+    let
+      cfg = config.valkyrieService.pihole;
+      dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" ''
+        no-hosts
+      '';
+
+    in
+    lib.mkIf config.valkyrieService.pihole.enable {
+      systemd.tmpfiles.rules = [
+        "d    /var/lib/dnsmasq.d   0776    root    root     -"
+        "d    /var/lib/pihole   0776    root    root     -"
+        "L+   /var/lib/dnsmasq.d/02-dnsmasq-custom.conf  0776 root root - ${dnsmasqConf}"
+      ];
+
+      virtualisation.oci-containers.containers.pihole = {
+        image = "pihole/pihole:latest";
+        ports =
+          [
+            "${cfg.dnsIP}:53:53/tcp"
+            "${cfg.dnsIP}:53:53/udp"
+            "${cfg.webIP}:3000:80"
+          ];
+        environment = {
+          TZ = "Europe/Warsaw";
+          FTLCONF_LOCAL_IPV4 = "127.0.0.1";
+          DNSMASQ_USER = "root";
+          VIRTUAL_HOST = "pi.hole";
+          PROXY_LOCATION = "pi.hole";
+        };
+        volumes = [
+          "/var/lib/pihole/:/etc/pihole/"
+          "/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
+          "/nix/store:/nix/store"
+        ];
+        extraOptions =
+          [
+            "--cap-add=NET_ADMIN"
+            "--dns=127.0.0.1"
+            "--dns=9.9.9.9"
+            "--hostname=pi.hole"
+          ];
+      };
+
+    };
+
+
+}
diff --git a/nix-config/host/valkyrie/services/pleroma.nix b/nix-config/host/valkyrie/services/pleroma.nix
new file mode 100644
index 0000000..efb964e
--- /dev/null
+++ b/nix-config/host/valkyrie/services/pleroma.nix
@@ -0,0 +1,149 @@
+{ config, pkgs, lib, mkk, ... }:
+let
+
+  socketPath = "/run/pleroma/http.sock";
+
+
+  socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
+    ''
+      coproc {
+          ${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
+        }
+
+        trap 'kill "$COPROC_PID"' EXIT TERM
+
+        until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
+          do read -r -u "''${COPROC[0]}"
+        done
+
+      ${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
+    '';
+
+  soapbox = pkgs.stdenv.mkDerivation rec {
+    pname = "soapbox";
+    version = "v3.2.0";
+    dontBuild = true;
+    dontConfigure = true;
+    src = pkgs.fetchurl {
+      name = "soapbox";
+      url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
+      sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
+    };
+    nativeBuildInputs = [ pkgs.unzip ];
+    unpackPhase = ''
+      unzip $src -d .
+    '';
+    installPhase = ''
+      mv ./static $out
+    '';
+
+  };
+
+in
+{
+  options.valkyrieService.pleroma.enable = mkk.lib.mkBoolOpt false "Enable pleroma";
+  config = lib.mkIf config.valkyrieService.pleroma.enable {
+    systemd.tmpfiles.rules = [
+      "d    /var/lib/pleroma   0766    pleroma    pleroma     -"
+      "d    /var/lib/pleroma/static   0766    pleroma    pleroma     -"
+      "d    /var/lib/pleroma/uploads   0766    pleroma    pleroma     -"
+      "L+   /var/lib/pleroma/static/frontends/soapbox/${soapbox.version}  0766 pleroma pleroma - ${soapbox}"
+    ];
+
+   services.nginx.virtualHosts."podkos.xyz" = {
+      http2 = true;
+      useACMEHost = "podkos.xyz";
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://unix:${socketPath}";
+        extraConfig = ''
+          etag on;
+          gzip on;
+
+          add_header 'Access-Control-Allow-Origin' '*' always;
+          add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
+          add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
+          add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
+          if ($request_method = OPTIONS) {
+            return 204;
+          }
+
+          add_header X-XSS-Protection "1; mode=block";
+          add_header X-Permitted-Cross-Domain-Policies none;
+          add_header X-Frame-Options DENY;
+          add_header X-Content-Type-Options nosniff;
+          add_header Referrer-Policy same-origin;
+          add_header X-Download-Options noopen;
+          proxy_http_version 1.1;
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "upgrade";
+          proxy_set_header Host $host;
+
+          client_max_body_size 8m;
+      
+      
+        '';
+      };
+
+    };
+    systemd.services.pleroma.serviceConfig = {
+      RuntimeDirectory = "pleroma";
+      RuntimeDirectoryPreserve = true;
+
+
+      ExecStartPost = "${socketChmod}/bin/pleroma-socket";
+      ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
+    };
+
+
+
+
+    services.pleroma = {
+      enable = true;
+      secretConfigFile = "/var/lib/pleroma/secrets.exs";
+      configs = [
+        ''
+          import Config
+
+          config :pleroma, Pleroma.Web.Endpoint,
+            url: [host: "podkos.xyz", scheme: "https", port: 443],
+            http: [ip: {:local, "${socketPath}"}, port: 0]
+
+          config :pleroma, :instance,
+            name: "Podziemia Kosmosu",
+            email: "admin@podkos.xyz",
+            notify_email: "noreply@podkos.xyz",
+            limit: 5000,
+            registrations_open: false
+
+          config :pleroma, :media_proxy,
+            enabled: false,
+            redirect_on_failure: true
+
+          config :pleroma, Pleroma.Repo,
+            adapter: Ecto.Adapters.Postgres,
+            socket: "/run/postgresql/.s.PGSQL.5432",
+            username: "pleroma",
+            database: "pleroma"
+          
+
+          # Configure web push notifications
+          config :web_push_encryption, :vapid_details,
+            subject: "mailto:admin@podkos.x yz"
+          config :pleroma, :frontends,
+            primary: %{
+              "name" => "soapbox",
+              "ref" => "${soapbox.version}"
+            }
+
+          config :pleroma, :database, rum_enabled: false
+          config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
+          config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
+
+          config :pleroma, configurable_from_database: true  
+          config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
+        ''
+      ];
+    };
+  };
+}
diff --git a/nix-config/host/valkyrie/services/secureyoursoul.nix b/nix-config/host/valkyrie/services/secureyoursoul.nix
new file mode 100644
index 0000000..5305ed8
--- /dev/null
+++ b/nix-config/host/valkyrie/services/secureyoursoul.nix
@@ -0,0 +1,141 @@
+{ config, pkgs, lib, mkk, ... }:
+{
+  options.valkyrieService.secureyoursoul.enable = mkk.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
+
+
+
+
+  config =
+    let
+      cfg = config.valkyrieService.secureyoursoul;
+    in
+    lib.mkIf cfg.enable {
+      systemd.timers.secureyoursoul-steam = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "*-*-1,7,14,21 3:00:00";
+          Persistent = true; 
+          Unit = "secureyoursoul-steam.service";
+        };
+      };
+      systemd.timers.secureyoursoul-p1 = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "*-*-3,9,16,23 3:00:00";
+          Persistent = true; 
+          Unit = "secureyoursoul-p1.service";
+        };
+      };
+      systemd.timers.secureyoursoul-p2 = {
+        wantedBy = [ "timers.target" ];
+        timerConfig = {
+          OnCalendar = "*-*-5,11,18,25 3:00:00";
+          Persistent = true; 
+          Unit = "secureyoursoul-p2.service";
+        };
+      };
+
+      systemd.services.secureyoursoul-steam = {
+        description = "Make curl requests to archive steam related things";
+        path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = false;
+        script = ''
+          STEAM_IDS=( ${ builtins.foldl' (x: y:  x +"\""+ y + "\" ") "" mkk.to_save.steamids })
+          EXTRA_LINKS=( ${ builtins.foldl' (x: y:  x +"\""+ y + "\" ") "" mkk.to_save.extraLinks-steam  })
+
+          steamladder() {
+                  for id in ''${STEAM_IDS[@]}; do
+                          curl -X POST -H "Authorization: Token ''$(cat ${config.sops.secrets.steamladder-api.path})" \
+                          "https://steamladder.com/api/v1/profile/$id/"
+                  done;
+          }
+
+          webarchive(){
+          for id in ''${STEAM_IDS[@]}; do
+                  curl -X POST -H "Accept: application/json" \
+                          -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
+                          -d"url=https://steamcommunity.com/profiles/$id" \
+                          -d"capture_outlinks=1" \
+                          -d"capture_screenshot=on" \
+                          -d"capture_all=on" \
+                          "https://web.archive.org/save";
+                  sleep 180;
+          done;
+
+
+          for link in ''${EXTRA_LINKS[@]}; do
+                  curl -X POST -H "Accept: application/json" \
+                          -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
+                          -d"url=$link" \
+                          -d"capture_outlinks=1" \
+                          -d"capture_screenshot=on" \
+                          -d"capture_all=on" \
+                          "https://web.archive.org/save";
+                  sleep 180;
+          done;
+
+          }
+
+
+
+          steamladder &
+          webarchive
+          wait
+        '';
+      };
+
+
+       systemd.services.secureyoursoul-p1 = {
+        description = "Make curl requests to archive related things";
+        path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = false;
+        script = ''
+          EXTRA_LINKS=( ${ builtins.foldl' (x: y:  x +"\""+ y + "\" ") "" mkk.to_save.extraLinks1  })
+          webarchive(){
+          for link in ''${EXTRA_LINKS[@]}; do
+                  curl -X POST -H "Accept: application/json" \
+                          -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
+                          -d"url=$link" \
+                          -d"capture_outlinks=1" \
+                          -d"capture_screenshot=on" \
+                          -d"capture_all=on" \
+                          "https://web.archive.org/save";
+                  sleep 180;
+          done;
+
+          }
+          webarchive
+        '';
+      };
+
+      systemd.services.secureyoursoul-p2 = {
+        description = "Make curl requests to archive related things - part 2";
+        path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = false;
+        script = ''
+          EXTRA_LINKS=( ${ builtins.foldl' (x: y:  x +"\""+ y + "\" ") "" mkk.to_save.extraLinks2  })
+          webarchive(){
+          for link in ''${EXTRA_LINKS[@]}; do
+                  curl -X POST -H "Accept: application/json" \
+                          -H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
+                          -d"url=$link" \
+                          -d"capture_outlinks=1" \
+                          -d"capture_screenshot=on" \
+                          -d"capture_all=on" \
+                          "https://web.archive.org/save";
+                  sleep 180;
+          done;
+
+          }
+          webarchive
+        '';
+      };
+
+
+    };
+
+
+}
diff --git a/nix-config/shared/default.nix b/nix-config/shared/default.nix
index df203e0..ba78d52 100644
--- a/nix-config/shared/default.nix
+++ b/nix-config/shared/default.nix
@@ -24,6 +24,9 @@ isHm:
   ++ lib.optionals (!isHm) [ ./os ];
 
   config.mkk.var = import ./private/variables.nix {};
-  config._module.args.mkk = config.mkk.var;
+  config._module.args.mkk = rec {
+    nixerus.pkgs = materusArgs.inputs.nixerus.packages."${config.nixpkgs.hostPlatform.system}";
+    lib = nixerus.pkgs.lib;
 
+  } // config.mkk.var;
 }
diff --git a/nix-config/shared/private/variables.nix b/nix-config/shared/private/variables.nix
index 4e787c3ded9d1a5acc9e635d62c3266dff740f48..e79c278661daaa193c98a6cb472aba723aff82a2 100644
GIT binary patch
literal 925
zcmZQ@_Y83kiVO&0P?{3G=k;NG%Sp>8h4@_m=Ke6I{&uPI^l%lXBEP4<8g^7XzOys$
zX7ZfX2Yx)f_(Ur_zdKZI<%5HgY|~F{e6;SRae;mDUy0cJbA^6IC&cW!lQubc|Mr;L
zOBZY#1YN3DR8+k4P5$2h^^_3X&Ku_+E?OMfc3mjwDT6|S8oO7N;6-`!;2m2Sy$YYD
zzfr1<@d;JlIs0+r-1EB&>(uR&CiyHj+9+@KNp|zWi<Y}5?akZcVz$xyuaL?YhJOoh
z7&vp3<@;#`Uop6&rT6i{%FekaOS}&mKFYV=y;7oYw&Tre&*MUp`|4~WCYq-voIRZN
z$8~GIiL~wX?`M*hDy-oYc=fc6sm4NZf2vN*s-^^vsPwes)6{-*X=<(!TJqnquZTS<
zDo6Bmeb4mn$7@|SH&1q)sN<+owB$Y)fA1ZE4|++O9%9NH7HT}L-L?MS-;dun#dkkd
z2o&`HY_)s2$8GQPqN3gc*+GVhcc0qXy-9A1`X0^ERVSNrZp)v)pI2Qjl6z3N_h<7$
z!|2r>JZWape%eZN4)B-#K7C0yRd>IS=-e=;XD%z$w;sKe-R0wP`*7+EH<t9v-HN5D
zJ==1=30$Z+>!i0p&gSZ318&iOJE!c{nKJ$Ahq$vB-x!9nzuo#Zsn}fQrsYZ1{h?>0
zlB*ch``%yK<`ky?=lTRoB{@gS02lw4ZVLroOg|P^RKN9JhTMZo)*GK)VL6z(`&Hrs
z#^>|?m1qjDV9+`ex;ArK0k3U`$&RVg;-SA>x>Y?d3M(@T#tSlw?~ar5?VZi;TrlTO
z$%CX;--pX@XTH3>AU`OfeP4LwZkNBe0(R#v|NHT*!p~K*a@IDxB(@a4Uai;Cx%^XK
zMD*3oK8tMcRjFEQzAcdQ<huU1Rf{_zN;O5&vR?CC-@IbqR}8!5C)KX*U3~4we!EKz
zhDQx&7Kc93`8jE4U5V*ao=z>vgtd1sA3wUX^2$f=0Aa_{Ns4@ZQ||Gzo9H>I@7;a2
zX3dLMA={E8pY@l16K5zF->nzn<@We4dq{rWeD>4rHSA2zN8hd7$FgizYg+f}nvWGH
zuJ-7Cy!q6&GpyZy)}z?fm+x2mW&WNr^@3jGnMe6?=~`$0JyGKDm~c6(X_@cdw;~dE
zKHt3Gdi?dNLw+8e>JOaWIfbPa8GVr1DEiY&WND+w(=P7teWupmR$r-Mb>VIiJInQp
sUG;$K)w_}^dpqyO`7xz$^_x8JG{5-L$iiLA@{3(JW$CdnCVjL30KbXCmH+?%

literal 904
zcmZQ@_Y83kiVO&0Xw>997SVU`STX}&Ztb7wRJrWdJl#7RRw}dRc&&JJSbgRfpIOES
zIyDZ6zx?+oD=l$X2D5ih8f!Y|lu4`w;r`1ze$L3(p0tkLUsA&&Q^wqS{%@755i^=h
zzqA`W{<xDF_4t49{LQH|rhPLvkx;(dbmZKA3Dxy;o&MgMxH8~{$pqoe0?bMOSxnWY
zTvgkA-tx+`kdkDF_#4OTPHn$YyX%~_lhE;P<^KO!pZ+g9I%9TD)_FU7&jp`nT(y+m
zA+ap3Y*Cj{^O26=N3#z`$yhMX;B|U<aPN_ryZ)j(V)cE)cX6`ZE^JEkit~Cb<}odD
zZ?5P3KOxf{JzZ30crB`Bd9q{LCgoc%lNPO=vq+oWA}KUM+*$1Mi^=Z}SspzpQWWLO
zdYfs{oV4J_>Jxf8>$X(BeI}InATTG(?UzQ~>wM2I3omr6oE4jEQL?uDmi9@8duBZ>
zo*^-rk$W`lt{=3Ic%ATEY~9z5e_hr-J9xU@Z>jr%iH-g*)68#+Jz~A^B6V4}gtkdz
zin8SY_=d3LW1&;Gh6_c{Z!z(x{&n{&+q3v(l3E!LTeU1Q&u;EK_4DjEt_dCfHEb)m
zcXPi#mFD1i_EUBfo9fiY|5i0VyH`tJI+46+Kl69j&Sg!;^ImL>5M-MBoxAY5MZEH&
zjBl@Qvj`VSO$go0z1U;w0zR3OogW-RTx04doy<MxduF*|slcr!Q=t{xziCXi{8F2^
zzv7U5_7uBRorYHlm%ILaJEl|m=DxVh-SR^-a%`^eJMn4uo5+-a>#y#~dCuT^wIIcL
z%7&h=OjQ$(?%ezFyUKR!{d}TV|I9qUSFHSg+ly~!=JGXndY!Rg@sGDS|F~`S#!RhE
zJ5PC>5p4aM`*^~x?GMs@l^9E<UPOEn+wPbnzS}p`Dl=HQ?MS4mfRkowY=O2?h^OA<
zr|%Q=Ja)`}8@cRwV?)Feul+Y>)}>s$_(6Ar$+;U>)VDjzTyCj$;GdtPZm<93>3#c6
zTdW*yuG-98e8)>XVa3MfzgEw)&~;sS>o}`p-i>QZRvYeZ4u8JTwe<XN?X1RGR*oAN
z&Dp~n6jwIasQss}kzCQ=VC_9qSfze%YT9x5QwZC{`x2!r*UN0I?5nCQo4A8Son8N}
zNm{hzQ%q1Be<oLDmsutMbAO>PajzOxXTIlcQ_Y^;9#SRUw%vSXP$J9Q$5Ov6uXE(z
WRan>8VDppRY{^-HC;I{wEu{dzgt|rm