From c8a9b3cf43e9d765215760c8dfa9bf9101faede1 Mon Sep 17 00:00:00 2001 From: materus Date: Fri, 18 Apr 2025 11:50:53 +0200 Subject: [PATCH] update --- configurations/host/materusPC/audio.nix | 2 +- .../host/materusPC/containers/arch.nix | 7 +- .../host/materusPC/containers/default.nix | 1 + .../host/materusPC/containers/fedora.nix | 75 +++ configurations/host/materusPC/default.nix | 2 +- .../host/materusPC/hardware/boot.nix | 5 +- .../host/materusPC/hardware/default.nix | 4 +- .../host/materusPC/home/materus/default.nix | 2 +- configurations/host/materusPC/network.nix | 1 + configurations/host/materusPC/other/apps.nix | 12 +- configurations/host/materusPC/tmp.nix | 84 ++- .../host/materusPC/vm/win-vfio/default.nix | 23 +- configurations/host/valkyrie/default.nix | 7 - .../host/valkyrie/secrets/private/default.nix | Bin 15041 -> 15214 bytes .../host/valkyrie/services/dcbot.nix | 23 +- .../host/valkyrie/services/default.nix | 2 +- .../host/valkyrie/services/pleroma.nix | 2 +- .../profile/common/private/default.nix | Bin 924 -> 955 bytes configurations/profile/home/editor/code.nix | 12 +- .../profile/home/editor/emacs/default.nix | 8 +- flake.lock | 589 +++++++++++++----- flake.nix | 4 +- 22 files changed, 609 insertions(+), 256 deletions(-) create mode 100644 configurations/host/materusPC/containers/fedora.nix diff --git a/configurations/host/materusPC/audio.nix b/configurations/host/materusPC/audio.nix index 4b137fe..ca1ef32 100644 --- a/configurations/host/materusPC/audio.nix +++ b/configurations/host/materusPC/audio.nix @@ -1,7 +1,7 @@ { pkgs, lib, ... }: { - sound.enable = true; + #sound.enable = true; security.rtkit.enable = true; services.pipewire = { enable = true; diff --git a/configurations/host/materusPC/containers/arch.nix b/configurations/host/materusPC/containers/arch.nix index 7681e6c..a589d74 100644 --- a/configurations/host/materusPC/containers/arch.nix +++ b/configurations/host/materusPC/containers/arch.nix @@ -82,7 +82,7 @@ in execConfig = { Boot = true; SystemCallFilter = [ "@known" ]; - Timezone = "bind"; + Timezone = "symlink"; Capability = "all"; PrivateUsers = "no"; ResolvConf = "copy-host"; @@ -103,6 +103,8 @@ in "/run/udev" + "/dev/fuse" + "/dev/snd" "/dev/input" "/dev/shm" "/dev/kfd" @@ -110,6 +112,9 @@ in "/dev/tty" "/dev/tty0" + "/var/lib/flatpak" + "/var/lib/containers" + "/tmp/.X11-unix" /materus diff --git a/configurations/host/materusPC/containers/default.nix b/configurations/host/materusPC/containers/default.nix index e997ef4..3f913d5 100644 --- a/configurations/host/materusPC/containers/default.nix +++ b/configurations/host/materusPC/containers/default.nix @@ -2,6 +2,7 @@ { imports = [ ./arch.nix + ./fedora.nix ]; virtualisation.lxc.enable = true; virtualisation.lxc.lxcfs.enable = true; diff --git a/configurations/host/materusPC/containers/fedora.nix b/configurations/host/materusPC/containers/fedora.nix new file mode 100644 index 0000000..063e750 --- /dev/null +++ b/configurations/host/materusPC/containers/fedora.nix @@ -0,0 +1,75 @@ +{ + config, + pkgs, + lib, + ... +}: +let + ttys = [ + 9 + 10 + ]; + +in +{ + systemd.nspawn."fedora" = { + enable = true; + execConfig = { + Boot = true; + SystemCallFilter = [ "@known" ]; + Timezone = "symlink"; + Capability = "all"; + PrivateUsers = "no"; + ResolvConf = "off"; + }; + + filesConfig = { + BindReadOnly = [ + "/nix" + + "/run/current-system" + "/run/booted-system" + "/run/opengl-driver" + "/run/opengl-driver-32" + + ]; + Bind = [ + "/:/run/host-root" + + "/run/udev" + + "/dev/fuse" + "/dev/snd" + "/dev/input" + "/dev/shm" + "/dev/kfd" + "/dev/dri" + "/dev/tty" + "/dev/tty0" + + "/var/lib/flatpak" + + "/tmp/.X11-unix" + + /materus + + ] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}"); + }; + networkConfig = { + Bridge="br0"; + }; + }; + systemd.services."systemd-nspawn@fedora" = { + enable = true; + overrideStrategy = "asDropin"; + serviceConfig = { + ConditionPathExists="/var/lib/machines/fedora"; + DeviceAllow = [ + "char-tty rwm" + "char-input rwm" + "char-drm rwm" + ]; + + }; + }; +} diff --git a/configurations/host/materusPC/default.nix b/configurations/host/materusPC/default.nix index 23d59eb..c31c86a 100644 --- a/configurations/host/materusPC/default.nix +++ b/configurations/host/materusPC/default.nix @@ -25,7 +25,7 @@ materus.profile.nix.enable = true; materus.profile.nixpkgs.enable = true; materus.profile.fonts.enable = true; - materus.profile.steam.enable = true; + materus.profile.steam.enable = false; services.logind.extraConfig = '' NAutoVTs=4 diff --git a/configurations/host/materusPC/hardware/boot.nix b/configurations/host/materusPC/hardware/boot.nix index 76e3b0a..00654f2 100644 --- a/configurations/host/materusPC/hardware/boot.nix +++ b/configurations/host/materusPC/hardware/boot.nix @@ -35,10 +35,11 @@ in "iommu=pt" "psi=1" ] ++ video; - boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" ]; + boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "kvmfr" ]; boot.extraModprobeConfig = '' options kvm_amd nested=1 avic=1 npt=1 sev=0 options vfio_iommu_type1 allow_unsafe_interrupts=1 + options kvmfr static_size_mb=64 ''; boot.kernel.sysctl = { "vm.max_map_count" = 1000000; @@ -50,7 +51,7 @@ in boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ "amdgpu" ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback kvmfr ]; boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ]; diff --git a/configurations/host/materusPC/hardware/default.nix b/configurations/host/materusPC/hardware/default.nix index 4c8de3b..79395d2 100644 --- a/configurations/host/materusPC/hardware/default.nix +++ b/configurations/host/materusPC/hardware/default.nix @@ -16,10 +16,10 @@ environment.variables = { DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1"; - VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json"; + #VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json"; AMD_VULKAN_ICD = "RADV"; RADV_PERFTEST = "gpl,rt,sam"; - OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/"; + #OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/"; }; hardware.cpu.amd.updateMicrocode = lib.mkForce true; diff --git a/configurations/host/materusPC/home/materus/default.nix b/configurations/host/materusPC/home/materus/default.nix index 1462705..821b62a 100644 --- a/configurations/host/materusPC/home/materus/default.nix +++ b/configurations/host/materusPC/home/materus/default.nix @@ -17,7 +17,7 @@ enableTerminal = lib.mkDefault true; enableTerminalExtra = lib.mkDefault true; enableNixDevel = lib.mkDefault true; - editor.emacs.enable = true; + editor.emacs.enable = false; editor.code.fhs.enable = true; editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_18; in [ llvmpkgs.clang diff --git a/configurations/host/materusPC/network.nix b/configurations/host/materusPC/network.nix index a709151..7358b44 100644 --- a/configurations/host/materusPC/network.nix +++ b/configurations/host/materusPC/network.nix @@ -30,6 +30,7 @@ networking.firewall.allowedUDPPorts = [ (lib.strings.toInt materusArg.wireguard.port) 24800 5900 3702 4656 6000 9943 9944 22000 21027 # Syncthing + 17000 17001 # zomboid ]; networking.networkmanager.settings = { connectivity = { diff --git a/configurations/host/materusPC/other/apps.nix b/configurations/host/materusPC/other/apps.nix index cc801b7..a2ce3ba 100644 --- a/configurations/host/materusPC/other/apps.nix +++ b/configurations/host/materusPC/other/apps.nix @@ -6,13 +6,23 @@ }: { - services.jackett.enable = true; + #services.jackett.enable = true; programs.nix-ld.enable = true; programs.nix-ld.libraries = with pkgs; [ ]; + programs.chromium.enable = true; + programs.chromium.enablePlasmaBrowserIntegration = true; environment.systemPackages = with pkgs; [ + + (vivaldi.overrideAttrs + (oldAttrs: { + dontWrapQtApps = false; + dontPatchELF = true; + nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.kdePackages.wrapQtAppsHook]; + })) + #(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; }) materusArg.pkgs.amdgpu-pro-libs.prefixes (pkgs.bottles.override { diff --git a/configurations/host/materusPC/tmp.nix b/configurations/host/materusPC/tmp.nix index 8df4d53..466b959 100644 --- a/configurations/host/materusPC/tmp.nix +++ b/configurations/host/materusPC/tmp.nix @@ -1,33 +1,29 @@ -{ config, pkgs, materusArg, ... }: +{ + config, + pkgs, + materusArg, + ... +}: { - programs.gamemode.enable = true; programs.corectrl.enable = true; - - services.teamviewer.enable = true; - systemd.tmpfiles.rules = [ - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" - ]; + systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ]; services.flatpak.enable = true; services.gvfs.enable = true; - services.xserver.xkb.layout = "pl"; - services.xserver.enable = true; services.xserver.videoDrivers = [ "amdgpu" ]; services.dbus.enable = true; services.dbus.packages = [ pkgs.gcr ]; - - services.xserver.displayManager.startx.enable = false; services.xserver.exportConfiguration = true; @@ -44,15 +40,10 @@ ''; - - - services.printing.enable = true; services.libinput.enable = true; - - environment.sessionVariables = { XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; @@ -64,11 +55,8 @@ XMODIFIERS = "@im=fcitx"; SDL_IM_MODULE = "fcitx"; - MOZ_USE_XINPUT2 = "1"; - PATH = [ - "\${XDG_BIN_HOME}" - ]; + PATH = [ "\${XDG_BIN_HOME}" ]; }; environment.shellInit = '' if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi; @@ -76,9 +64,13 @@ ''; i18n.inputMethod.enabled = "fcitx5"; - i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ]; - - + i18n.inputMethod.fcitx5.addons = [ + pkgs.kdePackages.fcitx5-configtool + pkgs.fcitx5-lua + pkgs.fcitx5-mozc + pkgs.fcitx5-gtk + pkgs.kdePackages.fcitx5-qt + ]; services.pcscd.enable = true; @@ -89,21 +81,21 @@ package = pkgs.sambaFull; securityType = "user"; openFirewall = true; - extraConfig = '' - workgroup = WORKGROUP - server string = smbmaterus - netbios name = smbmaterus - security = user - hosts allow = 192.168.122. 127.0.0.1 localhost - hosts deny = 0.0.0.0/0 - guest account = nobody - map to guest = bad user - allow insecure wide links = yes - ''; - shares = { + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "smbmaterus"; + "netbios name " = "smbmaterus"; + "security" = "user"; + "hosts allow" = "192.168.122. 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + "allow insecure wide links" = "yes"; + }; windows = { - path = "/materus/data/VM/windows_shared"; - browseable = "yes"; + "path" = "/materus/data/VM/windows_shared"; + "browseable" = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; @@ -113,6 +105,7 @@ "follow symlinks" = "yes"; "wide links" = "yes"; }; + }; }; @@ -134,13 +127,21 @@ openFirewall = true; autoStart = false; }; - + hardware.sane.enable = true; hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ]; environment.enableAllTerminfo = true; - environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ]; - environment.shells = with pkgs; [ zsh bashInteractive fish ]; + environment.pathsToLink = [ + "/share/zsh" + "/share/bash-completion" + "/share/fish" + ]; + environment.shells = with pkgs; [ + zsh + bashInteractive + fish + ]; programs = { fish.enable = true; command-not-found.enable = false; @@ -149,9 +150,6 @@ materus.profile.browser.enable = true; - services.davfs2.enable = true; - - } diff --git a/configurations/host/materusPC/vm/win-vfio/default.nix b/configurations/host/materusPC/vm/win-vfio/default.nix index 610c5cc..6f7a57e 100644 --- a/configurations/host/materusPC/vm/win-vfio/default.nix +++ b/configurations/host/materusPC/vm/win-vfio/default.nix @@ -10,7 +10,7 @@ let startedHook = '' QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2) - for pid in $(cat /sys/fs/cgroup/cpu/machine.slice/machine-qemu*$1.scope/libvirt/vcpu*/tasks); do + for pid in $(ls /proc/$QEMU_PID/task); do renice -n "-15" -p "$pid"; done renice -n "-10" -p "$QEMU_PID"; @@ -47,7 +47,8 @@ let chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render - pkill Xwayland + fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card + #pkill Xwayland # Seems to fix reset bug for 7900 XTX echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed" @@ -64,9 +65,11 @@ let echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind sleep 1s - - chmod 0 /dev/dri/renderD128 - fuser -k /dev/dri/renderD128 + + chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card + chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render + fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render + fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card ##################################################################### echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind" @@ -152,7 +155,15 @@ in - + virtualisation.libvirtd.qemu.verbatimConfig = '' + cgroup_device_acl = [ + "/dev/null", "/dev/full", "/dev/zero", + "/dev/random", "/dev/urandom", + "/dev/ptmx", "/dev/kvm", "/dev/kqemu", + "/dev/rtc","/dev/hpet", "/dev/vfio/vfio", + "/dev/kvmfr0" + ] + ''; virtualisation.libvirtd.hooks.qemu = { "windows-vfio" = pkgs.writeShellScript "windows.sh" '' VIRSH_GPU_VIDEO="0000:03:00.0" diff --git a/configurations/host/valkyrie/default.nix b/configurations/host/valkyrie/default.nix index 9586372..52f7edf 100644 --- a/configurations/host/valkyrie/default.nix +++ b/configurations/host/valkyrie/default.nix @@ -165,12 +165,5 @@ dnsProvider = "ovh"; }; - security.acme.certs."podkos.xyz" = { - domain = "podkos.xyz"; - group = "nginx"; - extraDomainNames = [ "*.podkos.xyz" ]; - dnsProvider = "ovh"; - }; - } diff --git a/configurations/host/valkyrie/secrets/private/default.nix b/configurations/host/valkyrie/secrets/private/default.nix index 01dc9e3e7a5f4f80008a3fe37a57daf5f3cfb70f..7fa95359d64d68a27d5216f9c04339af3fac2d1c 100644 GIT binary patch literal 15214 zcmV-!JCVcyM@dveQdv+`0Qg@8zs!0sR4(?2Q(VB2!rpi42>HhV@4DQ6f&?8nRfDUn zI}TBP2S+dUNIK;A)>duE@vpVHEVlhSyWKr{Tk`Va7Ve?xgN?hhe>lg>I@JFXRsmFBH3Y7GaE|A9C#h^M2#xlnIH4bMHEv zr$yf$2}*6*WG0M5zIX@z_Z{^wLzyBsBm}NS@#iR({7BcSDar~P2!IUiPw}6U(c}Q_ zO@FQ{*d1nFx^~HDvi{87jl9g>+`g8SIN7jObV|fPpOJfDkSA$TkdD0%V5PW!Q4?_$ zK?TIMHwYFQh|Da-7VTNPO(-rke=4dl#t`GK-g)KN-iUE3fMekKze}e)st1?I^Ce44 z&uE2dGioMbhVwyW#+|m6CYLlr21)g!;CpY&kd6WIkJ7zt{Dd_@Nnspv#_PK-398nke!WmVAS)g*5 z|MAwy*0X_TWzQ?;9x|GOSShoreTDTyuy+vS@x>Py z3T+L{S_TsK-YNX=R#Y{k6#)ES+E3dd12FpEa@#eHtTUqa(U%ylV3i)@3#87@ZZY%U zinTM8oA7ZXCwdq>j&HlE=$|%uuDgi z;kf(f3l*h5y-A`kbSJI?uXCON|2~~C!O50NejY8jX2rQf{2>#(KNgA>_Mk-xClLaU z?3R`bn4?!diI??zeCm!-Dr?!ipEP>fEZ->g4qLoa8e~u~CEQ+SlG<6?7KnUFsm^JR z*rq&hX8|$2V%zjhvaY4drKE}gakY>@j$3woA@r-l^qNj3zjIJ+dG^Y>hDDTe0xHt~ z!bRMiqvS!oaB|!hP}_Jb$J^F5+eb~_Q9)eaP+fZ8%op{W5^Z$j2uThGChAXJawSdVCVwe%%>?48U^@F&vT5W6Y$)a6Ptw_ja4vzOTn{H0EaE9PFZ;N9Gn zM?oJ36S4^xO*Yq&Q|Y#8WS*^b;*sjg=Ca7^Wl{T}-j(t3qiDoX{j%3PO$xrOe1BDV zLP-Q6pv7WrxD$niawrsvscoYpc27;WL|WqW0;jBq*pHfEYD-JbrtwIp%9fEd(k`12 zx1ulnn;45S428qR94Jcz+Fx9`R~jpzEcvS%99E?7!6%S{BloC0hVQEC7(31(MfZVKKq=UW=!Pc)-*dE)QI< z9U`z2sB{4M9o#ZDKzuDg{Z>2WycEV`xOf?l*6n4ms()RaVlHqBi!X2^5py`C!Wxz2 z&B5mZ5!dt4YG4rr7kYp@%#_`x(PNE{V0N=WtntD;bF|vQkz^b`b8?26x zY1Lk`&A+IIf!9B+^txsIV+9thB+1(dQE`LPU<&cY+w111N(rx#?K>E1GFE>a3agWR zKgs%iTc-W2w2~D_2BsAb4G1w1z!k9@*=mbb`-wPGT0c#Z6{ryuvUe`d!3Yv-n`=)r zMr~AAdGMng;|-$jf9X6-qgU_~VrG)mxJL+ny$*82Y;{V9sYgHj5#}!&fYva0U{q`e zs?E8vOe9{8pu;U(ndK~9h6nsb9$Wj?v-nP}S1u=ODpG)7!LvT8b)cIEPk2iI1GW&6 z4)Fa;c+WaQF-n-i3<9boT!!>^L*izJf#NS=)?@;FH_w`6s)IHVSk&GAQ7E9@7h>SWy&qr`he z=3QE1eDQSI)I6^(_X7tEhb{_3*s#bm8Ot=5f1<63UhCN{f{j=}$+`?0F>X@*Mm;gI zk(p$L4O6{WC|a6~h(bULA0D~e6l}>#4J(M|&;pOxBK$CjRsv?TU0uxq_*5KV747sO zdf*rUtrjQ5>ZtFb^(irR`;zBkvI6jTOIWI>E}2L=D<#z3DeqfDu6XMS4BYopEnS`Z zw8qpMP~3eaySKi=gRY={SJFWl7Mic7{pDRxLpY!rnyWd)F)l+ zrihpr0MKh9c{x#q^vKq_KI}OrGg^-ac2)DoCq;il8zR%^KPnsU&j%l2FrjfGt~Fsl z-w#z`kN(3g+L~(JUp8UJt;~-c#lqicQx}Z7J@=bno*ch2w)lp7aRdd62(5 zBAe~eYB~xFj1WP?wd?AKMA@!6_ozM42iPhAM?~+>s!E`)*&A|&w!FdF1!+8y3+qKO z`X&NKJhm-?HH=F2f z3B#)v#$$t1)o<&SAa^iqz0}VbiI1_A2?4x%wg=fnuf)gy;s1mlw&9RVg5;pLP`vLK zF7G3?gg21ps3e3YNU^mAlLD%8A>7-(=Ysp}b=D@_;T+){2F~0!CN~HuM7mBZ-Cwub3SkMJ8o-W&Y(`}efXQTUosDy z(e5Tdmt(+ZOHkg=PiBhC!fo^x<1+!w4g^spZp+f6dey>q%nIx=7aPJl7p5ky@)={9 z!|UuOCGUC)HRkaqzGZ-$8ll&XKhTQ@s-V!LE~7JBr@j5e2k`dy02?IUDry7?x3895 zY(20S&^mx%nJycbqGf9CQuFD@jq$GN0SbS*CI?uQT+?0749>iR{d`qL9Z$@;*|W;r zOUb9Xim&wx`sfQuA~a|=-skyx%;C>q!qwEm|91^yIeSPf`DZ`WbA$F$nWaxO?$Bbn zI?t6uPD56Aop*OV37&RKsz5m==#JuP^z+z|qh?H)zIB;BJHw4B*3PQFZxIy@bMi4W zo$URbAB{dF+<#IdvHa?$I}ggKkzF!oBh|2xxz3EO@ql`%quHcP>O;{}UDaZfqM>%x z!Ynd$bl$J%Y1^78)uWeHAQ>tVH*NOFk^-P)hx^l(luUUMqO_CVyWA2sbO?#*dEVR0 zO#(!~DmUAKDvASMR3F{Q{}5gHP&0Z$ns4VIquu5h8*ya(;Bx|VWhFx_)4P6#fIJsM z{S(D4dnGHIZn zXGUg*OG>o1;~-4TOhH<-Dz&tutex@v)Ov?wj}~LQcjOo?FV224>{=z&VWP*BoUP=V zL1E?ng7UngK=CB?0Q*bOYX9IqmUcOyk0AOof`?xLeB%;tvS88z5tQW6S9O=;w>c9z z#^+6f@@?Mrc-^oAv>ie?;f2s?;)DlZ2aq`(%S?+7S5mvhIhCg;-fO7wvc>=reGF*7 z?cQ*CKeiFaY&Q|SAgWO`HvPmPay?AQLV*hABxng+vDeeR@a3_4>YhT-2dkE;S{=JE zCpA|UhB$KuJDe-*3R43F|JA(dRorc78YmpsjjF~N!exwsI`rl0M zH3LS1%@Zs0w39*!<(}*R1!olOpm=m>qtT0H2ZAMM~(v;R<{NofEZn4!vU ze}z$bSfhB}(JFV*Li!gi@En=PX>E$x#>0g5q^uje#-O>sDQ}WHI!;L4TOmaq|Ul zw6Wp|FSr~~8j{EL<%5FFxHI^F!6H|8V@v^0+>QDqU|qj0W-8xmGJpEox;jATAt47K z*u05AUiTfYZ?-xcPw*(2A(FoUdkERvKDIuIW=H7R5y^4cN`&?c8D0Z02tQ z_enUW$s}t>>Qs25=)Zlj^>d z!99T!b19zrpg>Ti9O6v`WcGJ6nxedRs0Ta&=}c9w+>JRCn)A35Q?46EA(Y<(kawM) z{F+gJ9P<`>d~C2PYn!Mc$S}VLs(PF5j+4T z7-N8Ab*y2Hc%I6C=94KQO#u&nP%2uewPaUkL508F*E|@mPVbLRR>Js+P5_@hl_d;w zz^ed1#fO&U^0QPC{BDuzS8`e!al~t|dNqvxL5P)APYxf}<&b@&i;1kA*t(fKNCZ3h z%3({dX`M1giR8ZcqN_k12p^Od-QHH03(NZ*RvYK!UMO=vqZ+<3nx@1o`*Fggmn#C# zyR~@-hX~Q5J|OvT6}RqDOJ;`UU+>ULi4@xFp|I8XXd$ac6&6-MCmd%+Zwy-M`Qk^E z0m#ML$#D)+zDfTa`g~^dB0TZUwR%WzsVht30*%-bFuT6e*LwOPyCQDnZyo)-(3YfA zKAMBD?1I49MtnN=9NY`?f+hM&m8$4R=Mq2uOBd`pqIykz!4(*atF%Qy`5uc8Ir^DDLO%uFJW$6QQEm`_&5geD9l@AW4Ag$%ZSf zAujwlP{z`7s9P{09qm=KAMMIAb~jqNju4CM6G>S(Qv}r9xu?=-*2;G2id&F^*O&(< z7l1;9hZ>;%svKjjpJzP!5>7nI{=3AIs8rI{zLGA;Z5;*i2Gg@~j7X^^Ab26$|Q+%!Wlzeqvq_g%tp)MFVzN9me0ZYoXR8%JuePo z=yC=IGNML&(LsmVTb*oc-yQT}ME(BcvAdzWGhK~qzn5ZA*MBRpyXbq0#Hc+h z|5_W;98G0xm|6ZQ-IyF%O3cVrisnq6y!dix#cH+h}}B3KSa+mHR|{6`IUwJp@fX9

zmQTh?4Cc&y5q?^2{U-FbN}o~9D7R+~?E)&_&LY|7OZcWcF2w@QK{Ri%naKAYCy{-L zXm5EpaH+odWlXFKJ40w+guI$Dglg|-4eU+-u(Vc+RzYsM8XF;E2LT8ihf8(!(vyvL zmPara~ER}T7Tbi zG!VrGG5XM}R;b}=q=s+U5BX_toH%J_EMyYjb7)^BcG%!ortB%YeY`B%1)cDe$7zYv z=FVwSD95ar%jR^6mpnRUK^Wf(z!dg)JgE%n0tH|>IxUk}5Bdoh7JGbyvfq%Xl8(Qu zoILJ?PM2z*dF$plf+i_C=%^A41(B^*Qd5JRc@DZIZfX^nG<=+TnlExCXkQ}?{nH~{ zbfsgqmC$cQh?;5XOoTFWCUCQaGaNhbRA!4F_8!@ypC_?#(Ke~L8Gp1q6!}}n#G#V5 zt_|3%9e;EST9S0&_T<0S?u1$1Lfp7=Brw!xpb+TaYae1!N7%%JQ9O6M;~H0j0bNZ7 zE>r|Zq4d2l6(F9|mlW1h;FEskJ{k`%k-}d!D%Uybcglj!osY{d`2$7Y3@O%O{2MRZ z8TLXO9p3OO>t5>mPzP;4vCp4<9e;XvKa=|yKBE7-_%?2HrFmg&Wsb(b?Jgzv4xMZ7 zS*i`l_O+7%wQd4Y*c5g77`Ad_AOde}ku1LUUnqOgLAk5b3ciX#TyUnnTT4ZjVnPEC zy{o6}gBxspuVT)Bhd>hxDII-l1Gk`HiB0n-G35tNqJpoY|gBhsI}nC-jL=G0phHu^s7%56`d; z{t4TzE2X=0FSoaX2gR-Jx4OEBhwoUgT5~+_^YwZz&FlgzU51yNTDT>~lC;8-GL!{w zPHOrl>Gy)Km$om@LSck6g#r?`4yjnoxZuX?U0pCL_fN|IGVrCxsCB!!WbGq#?%Q~zFM&Ni$kD-iEhC}*i@+dplSsi@p_``3p{~makg*#&G__om_yg^U*Vs{5bPQM@{F+8D zG2A7rae*R{aTmb9zSBZ3F#*JmV?RK<>gM7M+?P(chaLs9CQ@%wpJNk1Zd51R!`nILe$c|dqe_}D9`#yl`f-;0wHR-kJd`!uiY{l5Bdt;? z&w0NoDs>k?1k={=MGqCCDZFs2f}ok#&s;cQq>SY%5zVN?dlRTRGe~Cx4A}2P*sbxn zL14xAQB3t4OTi z@K9w!P3%x))CZAe9Snxx7X5$MG{O8YkGT_6MMO4Nf^{I*5lJGVxX#@O&4SvjzyY70 zHe$deX`UiL``6f<4&u6qHVYm}XqoHpMKp2+AJtyr&~Rp#dTD*e0>zVzJv%u~wywk> zbz#ygW}cqK+25L|^96TTz^q}*&aQt^6Teq*rju%BPr=%Ti6F6WlSm&5IM4iOHJb~K zcEKFtw;&b|2z;J~8b(G^h% zkF}NrE~FCX0F=o?#C@nz?D5T6;=Z*7Uy>FEWFd4%2yK;;Nz8MG$c0y-!n1OIy0dBd z&UBIV8Hity|0!>IV=!Va@UT0M4Pzc?XtT39TkFj{=2onlwpJ0PMef?I9#iZU;L)AQ z;Cb0=-RekCD4KbtQ_z2e&U6W}O*N|bl6?W4g71rsT;d2jNb&yWY+H)ab(IEvHW4}| zZ|nt_hk}QebTqRdy#I4-l2Cz{nT1LF(c z<2zv3XHP3&0IW8C{Aw4~Uwn7GFhY%m|+&WA};p4i;jp@CH8GYt(Gs*Kp zBaec}7exHy5pBr+JtfN<++VeG7ja!sMs6JiZ!9sFXMPPGko@sF_qAXj_w-dj`{M=+ zcTX2(x)o-3@rR7)f^XcJqOk9e^i3)Gh-;N7h(Y`&2+gIT&f7AwPupMo%OV8+sdu&P z+c+(xbIgknMcK8)yzw6~5tn85W*^w(gC9Ali9#+n^hpzuBMup^m4#T7)NZ`Jde87a zijCdg=A#A4ytx61NQm?{q}QpjQ#*QVpbZ@B7i@DDAwl~gmds({?)eU3N8@Bs=rwu~ zU<=x^hMQcSpk_5v;oB6Q-J`!kOPzvINHv41w4Y6!Mv&4zwt#o1T6G7^!!H3K3A?3$?V z@;z1FavwY8J{P;Gl*po23A>pjyLQjKYzC}axf9d!atBIqdwS{Bb{}IQS?6?!sKMIj zIhCB@)*r7_mvR_<+~S)5pQ@A~O9YV<{_x|MTl#szYch3)HqB)KdQ@=%<3SuafUf>T z@vy}1in|#$46sZ^>GB5P#x5`UJ(d+bRA|$q2^sZ-bWtGa2X-6;f`_!ye>O2wts6a&OZn#>uAAsVg@dOCPWnC$8wQ9isKN zd3xK@bLMIJGMnuM&0Q>WGmx=uNvVwh(HsSW8FhaOLt}V{-tNU-fX}YkpbOrJ1-*(> zMjl;C>8LL7blUk(C039v7H;fYd~(d$>EwQl6YBY$mN_*4z5Oo=k)L!X+R86w~B`B*ke+6AziA89}#ks4Ta?~=!l z!-E3Z-4a8&_I3G%>Mfy6Ji5FoF(-evktU7yn_F&l2@P%rCptxSYvkux%D2KryYls$=+|>7dz)O8VgLbFU-Es|STBK^LPaqFa&l zu8z+8Jm@q)>FVEnK#~pJnbpr28Lj%6hY#TIg|9C$K7^VVihw^4c@vv1A8#u;a68w< z$+FU<_|hUDbaLxl8U3lhrux*44t%j6n6y&0QO{LW9kx?8dMfyt|)t?;*)U){R1s500gAL=(|Te(8D-Un8PY)CcpgQ>F{%yTorWxSA7b*^Y_|INA}Ns|!Z}C^B;xL_a(yEyB%6H{^E- zP&@zDW2fh9@#A)shlH_5T=Lj})w9U!(P@t_0lQxW_!o9s=7Q+y2bZv7k36M8P5u}! zY=g}bR{g*1XCtSB0dT_Mq(`cSs~c4=TDQmvwSNFR$d_%CoZbgg4=>`WJir=~bUz-= zR;&;@6-S1i_0b_8V!_tmz~M>%imKo2X7sSD8caG7gL>l(9)A?k=3xS_bHiVDfNOE7 z$^)`^kE%4Y#gQz_jm@0`I`_=oIhVmQqayInQ}TDEZX=pix!AITi-S=lo|KSx*jv3r zsP7UhF3<0nkjN$k2WPXoa*9owRcD==7*<)C6y&fgNeoO0pBZGdLo%u#0s?8Dh1i1; zu#dD>o}|TMoz>F2I!MHcagqsos4my~Xma`*DO`FZV99fj^#m{>_IpX4{7I|C9Kv>{ z$NF8{2d50mYU==*298Lg@gZwIuF#cBkWJs)|7?4*VLJ+>>vFsufPi&I^?i(!0jdp< zS}$_Uk}2H+^@H(_s|u0*aWC+Y=w+*zJ68&X)@BSSOlCk2>2*>(V|fk2k&Sa6k|<#o zGNk$}-6SU7GFtj`>%o11ai+KasF91+vsANOLR5*y=Hm_>a70fTFf0Oy(61?yoB^0ea;n8`8J8 zO~PrOE%Tivt#)tDQ$knRGNA4v@EY$_@(9F>EF zC+~`6JP|YH$`)fn>47{l=gl(7=NcjcZ6<$CSp3O02U>sR)D_Qjs`Hp7b4IHW5DDWm^U1xx|lIg>A7@1Nf*vuS+NY!LhGwIf%@J239IsZfr+gI-a&R9HxYnxNj= zFJ(k0HR|YS@KFD`ooyXFc7VM~m1|M)CPE>?c1yaQO8`AipjqnQnVK7Izei3ZGXFLg z-TKybw=P7crQ9@v6#N-Epa7l2s{oJv@p<|;z*PZp6nwJb7Mdyq0T)u%G9mlv)O+j5yaIfpRq!mvBf^a4Y5S&x^;gr*WfT>`>fTl{hDgyeEknpT z49_O~a0*674#vWQ=2$}8(@(mFPfIs$LoHUxRBwEa4x4g0hkfTnuemd`77Oqj=Xf31 zq+eL}F>OX39aLg``PJE__=wGqx<@iWKZtiVTGs@>Fa+S>-)&e3N5Zhy&?QH4awEaY zaHO+4HMhjb69b}>>G`2#?&L2wLs5(m?ZVyF=xd%x`?)_TBPy4z%LQyJ!f3iZ{XsdVDC>RtjwqfJL-xUqA~(e$k6ONT0@e~#li&~~J;osaC{gu8du zMSiJy2o7W)bafG^I$zX`wSi)olM`90sJOQfL5Q^*_!+4%A#5TQ49q-sPWzqZ$X}o^2F;F!sezRLbQH{>&>WOA{ z+BEZ&04hAZH6;@cx>0t!h=1Armqq(rt=Qj~;Ho5^{)}BIst=OKFsT*t!V9OzDa`tf zd3;jl@UY<}!tOaE?+XEV&8EU21YzODf1fj^7Qlzw#Z@IPnhA7Ets8;VzP>NMQ;<<~ zo(KIU6f-?6D(?9Ac=B$rFUWQCwcuw=p&^OmpX4DA(^N0ts%=yD0v^z<3VTy

8$;FvMv6)cXl--5rNQ%3*1 z+t9B=E$+OZsQcOB%U#>Y8K=oFTM+;k6cOauqBrsa>pZhC+6r#jIy!A8yqKA&_1aaak zWgkN^2SatFRGTahOmp2Ot2z=xs5T#K;^>=Kgv1pcgvMlZpR#mMb6z2jq7@|)P?8~^ zGRBtEPRu&QnY=YhhR+}7h=FrHD)K7-3+%nRLcd^(WxT`FY5;?&(#W)iK~JD{^*UO{ z$S7}fo{vWbYtOvef{o*tsVa(tD`s85=ePpl%DW^~%&WP<+KLA*Z3!jP1RGl-jg((2huqXn;0WV=@&z*8fmWK5Rd03WqDZ_~ej za3+)C7fu4&zzN7q>EbS~#X08%@6!&-ucPy2Y;FwwCtZX^+z}ISNFKfBC{Lu7Dea(T zx0Zf6;#zW=kFtVANxI3j7RUVIfyiG}6Y$uxr8; zmQ&9orgb{GzLXrK{Vk#d5~ClT-GiGIVS0HGNONP(#q@N`?^_E8D>ekGgtSeal6J1~ znzu*UwD869za8X|;64K7eu1~&ODC-t6weO&Cw;tzuA9-`oV1watZS>N2LIfT7&h%? zbYrH|EISdVXNBpqrOa9u^0iWWVMd*AmF5w+U3#}r32(haYz5qKE$X zzl=USLb|2puxaZ704?g9e1vSr#|WMK>Y0nzz<+KYidSw_P1u2CykHPa^#4w6wdD~UZDciGU?YtFsT+)18Q5L^BU1GlDROKJnJ^rg>@9zSZ_<4 ziMRBxci^5GW*A6gvg8OSr?atm&XtHvs1{5#)RU30qX`x@b>pe3hXsVwt6`zxYm4>C z^vsBuY+b1{Od04x^h-=(BXSHGw4i%6sfEL=y5mgPjcDK7>QBQ=_wfKu)|uH{{`eA99<)=y;=d0F5C#Ia zhi^exz~I`#Siw{|L=W~ zH`EEF!xj!BnngN4H=Zi#u;+B0A{(|*m>&vqv?I)WHN(@IcCBF|8#q%L+8J{-Wf1r) zE>25nK6G<6F?b)W+i7bI zn@vSj$k133-`*df<_Ji=FD-K(jxCpWx6Y(F%gJ)c>$Dj-EC7on-B0Q0xZp~Dm8YF8 z_7I&E=DTzO=qon3KeT%)6|-VbG+e!{4`JsDo|Jo7%!D*5qU<6QC|=^ThAjfkraH~q zk$C?x|IHrqA%R96yzvLxkulOm__qMUZ|kd)eECe12$lA-%{u2nOF+@EFE|tNc~UYb zRA?rleaptr$D)CX{xZz<+I4Wv{cGJ}#v06_Xl?K?*AB(5@8mErV8|7#ng2H-!^$NM znkip+a3L_ohB7RaXLGbwoA7@J6O;7~mOCi2y1Se8-uoDosvQ7M0dNLXw&T$}i#~bQ zVKH9bCCJ?N0#woWq4!n$(9E+YV{cXq&%2Xds%k|vcQVX6tu0;eQO|><_wRd#`iHz- zRkrv2FfT?%TO$)TH8ya9-n!pxW8xfQ*h8ECJ%#wEJwfdY>8M_shM85doj$Wc#lZkc zfTsn;9pWHj0-p4J65&9F@~Tg{}AOQGNUqpJERL8555D z@|YIHiV6UJ4g?vx*=rZ=qr1dC==;gP$=#`0>Y13Ynvgm%an~d_}1G4h^+*1xxT<8<-7L*F)f-naugOemW5jn;f}#kDQJS-6!BJ|ff#CJ(5_L@`N1v>lQ69^W zXf&%xM6qsM0c4j3M|F|6K|&Y$QH`G>IQz_4T!EF`DTBAUfq$P|4MI{z|NWQwf<-5N zEpy%*GIYBN3)vw2%8|Tz4?$hFlT-Hw`of+SXgNK;Gr*YVW|)NRmi-{p`2GoxKqfbN zuE1HqwHVEMsPVe%pw}=$HxQ!(z>Y^&Z2trhzd<60Esu5R5BV%U@QYK{M-18u8RyeS zrX3;`Bm8AJFUTn+^~`@P_`DwCrJ|#vN^v$MWp36D@(%CThR%DF{p@eN*i?QtJlh;e zi(y>%kvq{K>&u*bsrN!ca_}KhdRjmUSiqCFz;2~sPJ|buJRZ##+`NhI%}qH6oPaPJ z{Sx5^O3_-ng(m-VCtZcT@G2I``f~YpaJU-s`Ag@0YV$pcxkOYhddaANU*`h>s+WT(?k4r zR7QH8XSm)oy5$CH?#lrO?{h4kGr{f^I!<*`zY8(C-QpgyRyc#kSTQ)FAI77p#qwIs z%KDmhwZ?+EYGYz%8TunQ476rA3yoxL)Qreo`;+E`$B#4z@Pq@jHE zwnJPr9&#g)k^+GQt=$H6mi4H`3s0~Imk^dARJX-N*B!C)r{=&T6%8IYM@2pCnFSRh zwYOEbkm_cZ{+CaChaHW3>2rZPJ?CuvIsuHniwJMNRgAue+!f-m#cx0`VO{>d~db$@+5BR5Z=waOpFsrWEsx{f!Mm(R;CpZ~~PEFST1`AeJIXz>F zE__ocI3l9CN|@dRayHjsuI5btrWc3cYyRg<@M{7lD|WR(BMkvY8Rc9DY+-}i9MmC7 zKbtVNO$II^_U&~3QJ<9@Q=5wZLU+~Fk(8K8CwK3{)^HO({lqmPm{OpvKuu9c^bs)(?P>$rIMyb%u=LJ_=A`K)W*8CA+!#R z`eg+rGzO=$LvQM|HlU+Xh&b&?9BhS$6#jxKd&93&Vrv5;{ADlC8ZDIACiX)QfD*61 zMZ!m_l>B3WVE;(?6np((7CUMRX!ESDDbB@uV3emu+DrRnzSV+C3|dM2(MCLnEZ!Rs zSTLxaP2ar2+7&>A*Pxmx9!UYkE5g2g_tU&>6DZdCzXr;~L!N0N8zx!&DcWa&O1or< zvD|@gIn&Ex48W9D#6jEYTo3XFs)DP4$zwA&z3t%LH6AKO67Mxnp)U}$_%(jqGnH>t zu+RKz+Szv{b$A2b>Z{J1v*)A*?4ZzJ$hfhK+I8m`0+p6hbrYy=JARKynVM#LT1d%t zz;twu&;^~jXFUB8zoJ7i5YEt)`nlS=c|He1%})lc?$za;3s3B8&|L`z3kTExWCifk zpYJ)$!-BhBAoA)|c?W=}bB>QYchdKqzPt#KI?npw6GjR5NrZr zWxo$qN7<#+&m*c&V#g1Y_*P?D&1KW1UJH?ra0O=63m);CA5zd~ld>UhKqUKFWO*Ib zaBuxDD6OML`i{v=3j2su>_Kz<2bD?4LRdE-d{$b`2wtbEkV3I&rM7n&hKOj#Hx>Q!B7?lQ0)_G3Wr!#s-?+@)+JZe?IN(93Xei+gld~Ve{-KV0{$M z2ja#d^Rq&}Tsm~z7Z)HKxn=0NJM|CFzo48Q;S!GDxcoi6<2T_Vbb}y_S8(1ahi;>Oxt4nGs)6>>JYKBm)#J^ra#(T%OUrE>El*Imm>X* z?>&FR2m<;RSYS?xWdTRsoAt<%kP=hAJv}TPt<-l|6ZD%7MUw!lE z>$B~*e;B^>-4u1fE0ID*s5ylR4Oxv9WTg?Jb!052Z1{{+rq^iu>bM0G%J^y>6+w~_ zBBe(Bxu1fwdkQoEPJmeI0l|v_VA&^PqZ<`wb^v8gA-$=~oiEtaVg0naqcs!Je?z)e zwFVXi(>L~*%&3vZ7Ihf zOSOG6M>FqXU^d;_ktBV5?%gm{dyb%KQG`CrLKeAB4Q>iJI(^9faL-V0qm(6NQZ^RT zzlRd-KR^1DtKS#$Au7y)M6IHBiL8m{}-_h!CZ#`t+iYv?lS+Saylf2TNSP?`%C1SQ%XD~Dep-t>WyLo(c>m8+~y zhIokPCJ!6`v&;bu$oZ4LPJ@`5Lf^f{=6_uh!v)^ray^ zN<+k=SB3>gG%5(e6S&KCUp*!ZNWsvjOVu}=m<2vwXluU8NFV7eAAp4A8w?o^p| z%mqcbZxn@Nrtm`L1J5Z7Tik?}1X&tN0&w61&Z=${bm;is3JjAESZ`Qg^NQZm#a#P- zl<0+F2v)syweNA9U;5exRUj8bkpEp;h7cJo-RdB0nAC{1hJ!qTg!Vt@WNv#KDFz$m{c7yb}h-3uy zn5c8II49&fC@(?y`$!~qt65Xs=>eI$Hi_ub%4n*rJ2II@yJBB25_%!iMD=dsS>{-? z>BXs_7@rq1+ioPQzkwdjF4i>kpPAr6@>3I=l$t@miDI1nw3n3!l*gpIvmVIB3jwcY z9_oSSvh;!{n6es*@FLfdmEp7*Tzjf3pVSc3H{L|qC)UlDh?EYta@+FNE=r`KH`L$n zx<>AUYgdqt9$Q!-HG#gFcE0wrzA%xCcD1Kf6-^EYd;o+3X1Ip2AqfK_2EKFVcXW(r7HlN=bN4YJo$3|g3B9p?2RzuwD{0y6_9VWWXoeE zoU28sCDe8{qFT|VzgAV$C7r)ZZM(DYZE;cAJ%N^VPSC%fW9ZF!1{4#kn#UWECJYgH zr|k<6B)$(Sj$;jj{L&lF1wSW>Df08W!d_&qSPv@E20_Pn`RdF+63Bah!5AD*V8m#jcj+)kS1j7~W5~IN8y2Y6IesN$61R_eC zmjgo+rjk>YGl6mMVA+7BoQx6Pesw6u0Jd)65G_p*Pm3wKc?my)U|Fg+2gy3=qU=jS of3{B3aIamRO^LGX$KuVs>4fNb$XvyNM@tFN|Av^}=LXSXuXIb55&l4hEWMdZQR zi^6a_?kmb^h~sdjLlqs=*Nl%sVtpUwaeOP`YWc`1)@P9u_C)OTy10f(WGO1T>JMY^ zy#T*lEbz(%RMZA@Q@Ke!3(H24~r479}@iH z9g7$t3Z)m%IznzGK_|*K*mQw}R6=VggG3;^wcVKaS+VtQMqM3Y#_vze8=4B{!PBiEH`YmPSWCqma=Q#eap?Q9gnK9J9uS>NRJJAxU0JNp~V<{BiOB4$0CFoT7d zNm%2A9*?@6?Z)*FO}$00C$GH&D!vLyY@69fx41}rEEv|g0`VR2;|7ui>3Qad9UZeB$~Wzw&!%;Ug3< z(*D=QVOSf0G54cW5w&(rTwP`D+FvW@$0!yToJ~HI4~Y#q@J>g=;t4aNZt_MGv6@Da z-}3?siTb-+V`{m!XaCaWXk$HyeO#ev5HUp^GmFity)H;5N@|Tou&m1Ip zfR*={#$LXFdxc)`FU|R}Grcp7q83V>lRZiZf^9`=5|4-P`tiEWPm7#4J8apA&;L5pvQkw><*E>9aSP#4^VBacUU zmu%Lq_W29^jbR6%iKoDdFq$Q~hObpqT$6V3W53V*zsgcyXC+Mb3r5@J&s8W~i{n5J z7JC+^8p@I{JIFd*p&o`-Al*^10tb;@=(vVot6X&-2k=fhe7zT2>xW7VPy2U=u*knX z(U2YMi}LZ>=4nR5X`Pvm6?ZUvT7wILiG83;_(pD->C@%IzcK;tx%sR80SzJjg$Mi?cVN+VIEQNuJJUoAJ0|6TC~h7{CgWxYwPLD$%R~ z8A$KK%;kBX0Lev&64s?bmjjk#>ia%wFPJKf44Sg5LC?*kezA}@t+q`jG1tUmdf(a@mm4ziTApMvpv;` z)mHy!odPi{NPU>MO7L_*A`hGDD_d4hcWi_$;8V${(SaQugF>a~`S9Vh!QTa>D?47! zHs+ssWwqGj?<)n$88FU8)8p}zE@qQ$*N{+a44)FunQNL0O$?T$vv~aPWUdG=7E0<; z=Vm4=nTtVDw1u;zbkrq$s!3Q1(N0$w>?r;d-L77B##81>_!wRe$^J*cN8Mw%vElhl zU@i;24P3n0(p}UCCXxZ__yK#zE+7w$wApeGDO@uTXGS4SlCkOis;2o_;K2sK*+wDu zs++vA6C2cv?wx*S_)%^ReAw=Vu_PJsx_TS|J3^0x*STkjzU z#e&7TPH2OT@`slWf4zDzw7Ncj0sE37p*{J0ywaki;ED{QaSJ(CHORXx_{ePI@`m>=82p1d zA=|;&y-VO#5kZ`K+}fVb(?s-p#F4_JGF9xW>#S_ol72?Ml1LR|xFvLCnk8h+Ah>Tj z_m6*ZIem@#&iz!bQyD8>AS!Bmge8I>fnyMt)Yua2`FD@)kr+1 zroR5Q%vEA?xBm|WBuWa+kVX&ft0XlhG&@k1MZVQMEKw|h2Zi=A5rqyi9|MaQ?fSD_ zi+qoX-MPUsz^{Z`d>@SQV^RLpXxa|S3dfVSc+*se_wT8yCb}ZAIe3w|{Dn~qN@3%- z24CE1=!xq<*{JM%?pX>({FR4x_C;!0LHhCFx6{EMBznrmf)ZJgP^O4_d_Rxk>n`d4 zwBxZ?GUdz0NLPMIcLy$HK5HUtsWyLlW0dLNBSse4Yr1a&O612Xgj~wxRhK=4jQvS_ zZ4yd2-MQ>tWG0^xpRb$-V{W9yLIC(J{d!0pMeL$e#xbS{DP-KKGKCZZw(;orTISc0z3_B)p0_3;aeV1DdvRG32Z-mm)R6-J6(M-_gcu9X| z+HFS7zqH*jrU0np4Zw7LXjXfnj>0;w?N?N-NppO#QW&5!dWmjq{rEI&pvheSm#FP% z?nxx6`NJC+XDnu!xD(UL|CfWB%OIhUr&k^-CGriNVHRA$F%uZd^h$iR-x`c)jpMAb zg;NH_hg2E|NBW%lTHtxSuLw<(XYbi}d&*~vR^u9lx8b=Yu0c@92>rp`gwOwX)B8Kk#@f>h9g1v5i0 zV>Rm;9^6O~5~T+yue;{b$)A|?Z0knpL`8%5963q_kKN19+Z>Rg=TsG?^y2ck%2(Dv z%tM3<*+l8|w{7sE149GFV^fm2?Gj3q9|&iq9kvb|h;G4-rIMgRMomyW3!JBxit+>P zcczAX;0hjV;7&iLi_rFljrk|1;Tu$kQ@9nT&xF#ZZ_e6g9R>+JP;BY{Fv}x`IRJ3& z)Jt(A_@MLy2O7Gd1Gx&r`ZGR!cFXF-x9~zdixU^=qAB-z2>CDt|Dw)gA+xcGO>PSb zMW%p#VqO~&aIPZPN|BjFx2C0fvP}v-9OdC92HJ$ENt(t&n>>uk zz++%>`VM^g=r9b^(K=*gSJeewK1KN#oB{S^`b#Gk?NjIlUU9ebaX@t?$4N3~Y-t_8 zL!8|3hU^~b*vqJbeF6(@vq7lwkH<-!1BZ|IG=vA9@`50`XB^TFM$O*n{TO;@39}o< z!HQglsI@a7eX)Oeo}aH?=TU;9MSH>V4(-bf1jZ&Lv>8_{s=MlFkRfhmA2ta}>ux1p z{aomXg(}%zB}XA|DJA|D6wU8Z;MPrEwQx}tYrH2sy?1JJPz6$2;~r~b7G{uO1gsSY z8%??ctwk8wUyICvHi8;@tn80SQn_}?ePo})m^rXuw7@AdVaB-UC4tj%oD_ErXoMIZ zdtCc9Z}6Dto(Xm~!8#rq05QPOiw1b@vAeD|eqFL7A>sc$p|>QxFQdEO_(NxP7K$wq zw+b+5W>Z=6aa*S5s&#ypPZsTwC*YVr0N8**Ytx|MoLiKhHHj~ZEbv4NNu&OjpY@I) zcTcnc|0Ch(nnNdy#zmS5H2!|Cz+NCB{6K-2oLGdr9k<-wn()ijm^}mhxeQdhe@(!? zNQmDKB{BJro;Ka*MxrG`U}A7|$`ZmgO9z8DHdh_|^|z3G)5UI=k83dP**iS!(Z_Fn zvDI~lrwCVv-@`W={C$U-OCtG=^GcWUmFUqR08(L~%z5RB^rP#$RQ-ztsLmlbY+Rr$ zzS?xestVB#m=JI+=PLO(F6c#=bF<1k_?+u}`g)t^U;0?hL})om14QT$LZ$ZDWt)hJ zdL(9BmKxU)kRh+eo^elg2SZRycL>J|D?^IK^jc*;PZ!WE}xOyzoDnRZKO)KpBND65PeaTw`U* z)ERRU;D&FYSI?M3N7gU?Yg}$y883)?2@5i_kz*og7G@Sylo|3ammY>U*6r00+d-!= zT96<z?&>q*U+j$6Ha&Ta(hT?9XHHTIGBpE4cgo15t z9VP)vQB`>b>fdDMXSU%S+bw`TVw`vy5%#=-Q`IL&(@^t&Ad$=#8#);lafECnT#286 z3&_JSwT}mSLFhV2Cu1hI1R$U`cduIjO(Na%y}l?o?OoLGZjQsv%E-=MXAZ)|x8iA| z*GJu#>E6u4n%-ygO2Z@_RLnu?0+2_7+etWMpN$94IZ8-t{!utqrSbq}pm0Nwk7{6= z!$a0WZ0`oa8A1sVvpWcz@wtH07Aic+K#>CS0dIgtiXW-+)r)||t$+rH&vSiu_E6SF z`dy*4pZHz$lvTmzT5?cS>QiQ>t}_>tEj~|TUF#RKoiWd#Okmw+A_=r}9<}s-3+Pm5 zq7;$9{my`Lz(dDuZk6FwHzd}XMHM(X?kLf`9(UjcXJxd3LU4pkPruXrYOdn{Q!d)s ziwq7UmzMJyUXB;!SCOHcQGvio0v!XCp~_))*)R3j=Ifbm_A{ceBg_WJl>;2nPGdkd z%PC0OTWDaPc^#S+xCO5#p~FoDK9|ef)I7RNssS1~6kY>Hly|Od!A<+1OB4{#YGI6r zrEOUsg1=ZZTI3M(ZxooGMz%>9q05f)gXOfm2sxyRJFJ6~m!gVfOTMsvJLICf<3G)K zYWLaMRKbxhD8|a3mA_r%7>qU!$eR!|u4bT@C|Im-oBwDOcyW0C)7X#UCLyJo;E1HL zcBWqOSNGdBa6Nef6ChFvDqJe?TL{r7ZxGAWZ`kVCf z78OlPX2i98%t17#2pUMB(Pe&;GpSy5dl+aJLzE?+>;WjvWbNK4Ah&|)5Q=P|fKZ=k zRWsU7FpU;!vrv^S2p82IR^mpM?2xAE*XZ?=TPQsRBzA69sJa5Y9s5`7PiJN4uTmsi z(PB~#fvjo8(rDxHC;ymg3E~4VepDIQLF`Wut-Y6;IVV$WPk-S_Nwf29ji{Y&N3 ziJkzG!AQy1LI)pi{KqV~!3mafj-TY_>)wj1?-ZYE4#ld@gpaa!NIG0KcHupaYFCpM z??b`HEB>8wUoPler6#&`KD3Ca0M$C&&{fS-Q37#er1qOZzCiZo*Kor;V+nO zq~1d5=0=iSbGpmF%DwzS?W{^P21e3)*9)(tv7=A$$`ie@xsD#@u(ft62YN zp$1qy3Pg$bDJ~Yq;K0{oGsc;>PvUm6F}^){tN#I*-ODC#nnLIjfwfhEnMS?Oih-%` zqEWn!l8#0Q!*-`3Itwmd4SoJ4@9*!CS>Q;{-6DNIlvqIH&pGHk{dZk%5-8g$09$lWP6Nsf%ebg-Ejq?s(xlr^mPm?vKCqFu@fIIOOMtF`r|LrOxbXpLDmT@18H@97X(K+>tFiUwTqEjs! z$XfUYYMWrEvg#T+`l|G_*Q_UM^;M*5e)aTdN3vu?cY_MSi;P>9cjvuN~-gHX3Ia z{Fl$;vHq6VS(g6W%`t1D&l7TfZBt0>hN3eTX*OQoKDT4}>5e-2<`KO5!OnnSlq<7! z=CtkRVlg8LY=PPC#Nam;t|dZFG3K#l;VV^(R8IX)yqAM0Q|%TXS5_`%nlg0`XC%@o zCj2jH8f0%6D8%aV=qT49j?bM>F0|#dNOT91b)@#qWq4<>-d!IT za2`5Z{DrWZ4^QJg1GhS4qP_i5phLo+V|gcETxe<-{!8Q zRZUFB0xH%BWrl)ShWIi4znS+Hoy`>MF=^&5p3!g>PeHc);v9s`G=NqemmUiqx(rkm zFi$X{atZNX`P7_8RhtfwAV7(68n4d{+yokZxDUzD6S&9;JZJ*!-xJR9Ry6*n+*9N0 z4bx1&OVpSKN?PpJ!DH_V@^}05>;W-MdjCn;tXCH=j_RO8VbYJJedj+XFoW4I`l#oL z2P#9JbtnkQQ?aWkt-EQWVUiKOVKUwJar!Al`xv=Oz7ol!0O-NIFx!}IW7~U7L(?2_ zy}3KT^<5fDV#bQ;MpAwWv{hf=Qahhg+fo~s?0KtR31n!f?kN)y^d9qng^uw>piGM3 z$hfwM&bp*^DXaX;YFoTiojw*ffyq5$z4gPM41dD7xffE`pmic7;y!M%O1CXYx*Cd& zU~(MCvMk-4>B2(-eE^4nKK{gJGQ%uc<6_~~v7R#gx=sE5d$lURH*mm1Be^|)by^8j zYVaPFclIY5pE7e)iCs!D2I2*&0jH9vKYAVeq(q7UvAz3$*@3#sv->3op2rqxxFoRa zIi6aaQ{C)f(=xu}%3(hZhiTNp7RuJ__~4OSHlwdNS~XNi2+BAO70O@-n*X_TB*2m? z$-WCdEEz@;(-#PR#K;7o6FtF4$Bi_Nid$?^5Td}toGr&w)!!A}iJp0XK5q~2QOgZR z(Px*pxK&inbj38YN;c)jXcH9Vufpd9H@?KJi+DflmLE=jB>xG3Z1WM>?!uh9brI{_ggeot9oI}~Q(wsaG#R$&pOEyF|j7aIdB6|t&;CDUd{$g6L5`RT9dlJlaP|S_d z62r94r|vuNx3}z_W*sUobYsfTpRX;G&n+i3NTyljl~g88R#ziVGvp5!WUrVKZlZ?# zaXg~&J;DB6`kM7w{H;I2%pYd@VHF`h+@hq*G_3`CNitPBfSx6Z*iH$BZ?-6bj4n%6 zuah58d`N}tx$wLJCXoCS?XkBwbL?eVam0X-$K(>T^l)ia_Bg|_WO8M=5HhEbY zWJ{Y5Xwrz0jI>lH2SBufkk`ZfJM3{gS=J7mzd@!*Qo9n{P|;hK<=iBJ&2e^6)!iQu zX)e=!of!~y79)gct=)UYB)bwTme4` zqpPSb>a)mki;5#Ca6Bbxo-Apo5ERFOf=R=w&V{#IGxaIpCJOgtCEyFCq93SahBT`o z7JkS!nbHJNhk-bk1&TLRbx(K2I*3NK`WqQ`>XoAWY0L^IBIs_qRH%qIRI{wr0qX6q zouTCz>elRQR3 zF>|NwLN-W*7BqzRSRP}2fx*rI?6pBV*GPCIz48y!giS&&(JI8$yNUhuRJHSR=(rPlI|Hxb^{PqrSRboTuV4m82eN~@xmOuOTadWPWv)F_ z*aDpW@(E13u72(M=E2V{a;w1>K208LF+CV1j!`s;#(Yn^ffe`7O@B|)EHq-OPYq@V zQyx!7+F8Z6VDGL208mXk*bs@5%_E6qwL@9CW%{KY^*_Tv51oyE@ii)oSyByk{&=Hu z%~)p3loO+QjN+7|GDi=wiz(DMhPxB=V(11|&J8^RQKd84QiR86zvl_?(;oFF9Ugnc zalsU}2B9iwIh$yVs>mujXEEnfj*^@P`` zN<0EAbiBk`N6jjkYWquoH7wS*QPR$*DnO;E=>T>H)ygLP=0#}Z*>ahR1(j4EXcNG($g&~R z&gu2s%PLWwW)R;?V$<@ZP!(5MV#jj4i(UsC@j`TO4Avbnvu=|l2VZJ+THbxv?jV)y z9=YXO++YVlg@uZ>%9ZTbj!FBjlU0tma@ zxS#(cm4pLlXjBaD(5De|J>L#Xc$P}u+g{~x_U>fNzO#&lMIYKJwIWJ$!=mvURIP_m zn*Z)iIS-d8IKawwK+n$WX|c*CbjBBzWGizWc7Fho=mbZ4#C`KtWam*Yw>ke9!p73I zICuN3BN-G-aeF_TqYZcYS)T%Xi0Sve>dnNv`I^A9T3$=bZgj!l)LWm+-1Hk!N<(J5 zlTrQI%0A{MRk7}z9Mr8quo?1jzXCVGJkP?s8bs3m*?}wc^nOWS!rAFf2Gmpf53z+A0gvIC=d3;`IHzD-6)YJnoG5RRtSz}x|;uf z<+03tDYOy)<|#*RsQ)hFfF@KhC4Mvmg*StuZ8z#U)-4g=7?P>>l)5CY267 zPo!OR4nWQR=IKXxvYJ`UV`jR;vi0l8k8)?ToebQDP}tjhP(2k@Y6^F!i1lIS{BPlf z01`Zm$U_`dU#zeDK=L{I5iK3b?1?F9k{O#))&RrNx5RM9CKgja;6%weZ2tvcO#dF- z(gb_Pa@w+dZH5I>szVLjS4g?cibE^SNf{e@ndD@ybOTwryfgb&uujn4v|c35r197F zdJI)%ny*`j?+NLe=D%;R%_=MysD7QLK{scQ=x=iy@6mvT)~e8)|M`DR)Nfj{^c@gC z>WGj#49&s626NArlBLhPCLO5cx%;KPfz;!-`Yy-|9OYOMEKxYC3h)5MCuqZh_fEwx z z&dymLSpxDprmyUR?i1|^FD@x~R(e0|f`%oeMhFKc2zR%HxDoDdGClMxPSJ}1bg+Bz zY|}8nQO{UQlj&#OQ;?C(d$432k1B9s5Ouep!ycMS!x1q@%4o(*v12%qugm*^NabJ8d3C31sF%A%f(gU*;?OtdSS^&EC(*hT`_~BMJ z$smV0xkjjrvQ80xA5V=@)4sS@eeLQBu~EN(6w^96b!iz0zrW$$o7kHvw#EwW zKCFG4y&ufN&K5B7ZP1PQz1ArfDndF$nOjQXuE4~$Fs}2tCUL+Rf)DgpE;H9vxUNf? zA~g0HZD`CI2OXHGa?uW|X4ZoLA!#LIFvF*H@;A6g0+XE2` zNvoAT-2>(gW?=n*4u^kK9$Pyi#EM|HUIAc+iW>?waP{i-bvaps{P=;p#=np@>k*YS z0E4nRZMhTu|4vt%BdT9WxyjrrUej~}?2|>9AAy=5=N{G2IzAQDbu_2}5?3-YqQDQd zU*n&Fdh#c1EK-{7jEKSbp&;^qI}CF(WDR9Lvap2UVqnNL&R4%UWF=e8a+=0}7s5>4 zV9t-zh@2|>>gO0%-nrW_3kzHgUc#H&y)2uC4hskc!|WQ3B(la5{$JOUGT!B5Pm>xy z%dUth+-o|H<>B1oSiLS>UJbNIYcz=fo+$w}Ly+Xj6&%9<#s6muD2t3UvdRAU-VXz> z$Uk|!VCm06a3l5<7e4|3b3R=;yRWX+=BbWWKFo)$q$nLrWG>t^RCS8B$nR{O^rEfd zYj7=qjq;+uLZev!v{yF^G$M@5U0y4{HiH+JunSd@Skup3LM8f3kzR831qW=$FE>wV zCPcaO1qMP`YW`zA7%koJY+|@E049v1ChywuAZQ$Ypy9{SGVU}Z3`v#?tXPL(31}k9 z)Q-HD3xY}7xUa4ImOg0mpqpL&)Kqw0>c*-D+-Q5tK|D*quL@*a0xa+XGkXj?$E zg9W~?F#m=raPTXKfv}ddU9O7GJE)a`pI3I)7PWdI?qo&lg+V@Ph*&l|a14#sZdb3@ zc?rYNgukxGD2&P#F+8b3C|buzkLflef`7q1P5mT7e(q+VLB#B zU4&wVQ@K;iXVc?i((|+Kwbgn2)Gz4af(ut`%M?Sub{*I_T*QfmQFP>hI`Z7EIKZb7 zo-g&0Q?C~(wRZk-qCKQUdl&$>3$<;z3fE+(`j;$sy)b%~#GSu=!KjHqY80&a^zjWg zXxsp|^zEqE8(k!y=ukPGVJZMV|SRSX#z zd@9;tdA@kg*(zL6RcZQ$e}jNib-`L>e5OtDjmzR9%k&6LFjw$Ij!TI<*m>=pQclVN z=LDfw!zZG+(&7%h4LVGL{l7sVIDCTALeYpSUIqqceuIwo=mcPI+RhfO*!%oZroZS3 zB7DW5Bo4AeW`-aQbdsy4xN*5ie*A<&>e#l};E?9kAT{|qysi;BIh~KtDrNyj zc7H1drAmz%!-C+Ml3Z89O9a<>%#zEl@0+?t1iBh%5AE?Tk;V zuDUT@4MoMWc2I*L9X#r9rzmfpf+%<-BT+2)K_L!WP?}+knMrjNTPy>n4q$0<1@mr^*@TGQF<&I-IMV`778V%Tx1@v9xwVzbx^Bfa3E%%dK~*I2+XR+P>@ z>Oc!lK6}1!9fx+A8N?3J6~*}Y*#a80HO#KFfvs4Bc+J0-weF`TMUU~?xH!@ir{-0< zyG|X;R3zRHt5b|kPD`mCgf+VIuWLEV$%#B@kE^EymJzl7kLWsXFFE-Upu{y3D~t96 zcSKnpmhixut`b9t#5cl(5--sk>QN1^}=t--T*?88AndD}S+g@+f)hBBtT%GsTHQ z{Xj+jX^vz~aBl>P34n)miH(B^DX$eG*V@V}R}T z-;FS3LTt7&x6lN0PQyuiV6v8Gg1fB;i<~39t^8FSad0uCV+#=D9#z z3d;QnsxK1PPOV!$k+W^&95{U@aiZ`npTFH_>kQwve>MCL*uZ}kh2oJE$~NgufWuy6 z1++z$SKw1GGm(-Z9>cnIpTnNA(JE7BiIqzj9ZDhI^00xG{2vA6_QIjPSV&>-C-md;YlG`dOSmN6D?fCoF#2T=M#msoc0E zek6Y7TI3Vpq=^RwaXLeVb$jzO;`x{OFXw)m`BPh4E)KsI%_6Jceom_n6(cs|y0x#O zm1%L-16~P#l5H_EGk-dMhiIsFMghrmJ`6@!-ROze2|Xq3>%%JqJgi=$tv)EOS)brf zHQz~gD@pn4_+EKhY*g};VYDg9Vs0RopF( z_T=AhA^pV2^?qyxCMKk8de(|}oMk4xSlBfVn1Es>;)C*;ee@q2=?dkJ_ELhc{2NK& zH#$zF=D*TC2}~}hRkeH?;TW9>;Na+Zko{k~>)#*z;o!gMF(VYW@^H{#eV+-k9tPX- zU-e+D&2ljC8`(|U;q6FUOEax#9kPbyhH;$r8h2E-rAc%O6HMdgPQrSl7sSEmQ6F5l z&VM=oy0DUfFD?FQ_5fQW@Nx-pdFi1?qqStw;(7D)KA$Fd3-cUyY2WP6jat2=4Si}B zVo0^FBhem*J$WCfifBJQK7R)X5;UZVHBSvVR!f*XwZL zr?lVQR^(uW1_~n`hV(j_8MNe{CZR`qMYHtS{du;(y3y8lZ@rr~;fo8*KtR{-b<)R#z#*9b&L5AQ|URj=Z&&HywFuCWGZ5DLJCCHhj)PFoUA~orYha{tW4nkstCidK+Wp+i;0!MqZ>?m*n<2?d&5^OE#&nZd zyUY{0I176RbX>wLK<|cG>4lZ4$T<{>$;-!65&sxT-|o3ZcIYI8gl_o8s2y2qIoMg` zfy3!P-s<+>U63GdZ}(}*J;9wTE#H-`-!~+x_JNv?4k(_57uE6UQMfa1$kp)n%?Lk+ zAj>gpL4o1*uJ_rUXApyDn=W<48wt6R#neNgEOLM+LP)a#V4Et9)lIB*6M5;eXaCz> z0kF#`vAT@H3LuBx!%KA_M*rUOsrgqYEN0L({f{G^GIH7vtnB%1Jbtpz;f93NHGDPp zCCvW$yXT6{)WPOG6*=(RFJwS`Xtf95Y*^vnzuNEc6x%UwjVM}C@~`htO8eU&%QR>V zP)L#r3TST~kNSH%^MWMeojbM^4MDkMjwzrwl`U~@68GpHrEd-iQE>uW9MOR@CyH)c zAvlhEp9(Xfqr-)y4&B2oR`K?pl^=E_*SGM=8o+(Hs%vkw&HQ)amSw#Dw(rHUyURpo z>iuWoWU3PW>#GxcA1jINeeXTm-at5lQw@UN2?u@{p9JX3g;_F~6Xsvdsewjd@0oS% zOw;6=WU^(!_2geU;5ATsCgjE;@K2ipxw~Ysws@xH6wHNx`_~u?=kBCSsvZyTuDpn& zg@XW31RC+~l90XIr1n%4TeZ}TOjT6nS6L2OT;!jq_)_IOQ)K~Pw7o8ZXI%n$l^EE5 zieW1;mMY{hBb=UzzFQ(vFsEvs$N$yfbS;YfQ zDS5W;s_o!|GlLlJckKb4Mq-vd|MuFPjp!hsnn0WIfJ&!LxBXvznGDuqprzBCfgdOuHnei!Cc=YdM+RJ9K8rfsEsC@Q0WyLL z(tGZXV83b-q1qLa=6*e7bsCyE2jf*=H<06rwhr{bzcfU{B{nW7Z(u2G_~qc!C!red z-%w-cqanf3E}YvYfD*ZObm>ZERv;z0W|Q9TNUG6)K1fb**rGP`>eYS|KE$nQ3DJk7 zzpG9jC(7eq1L=10s*=PypX-`XJ3ad?{ZwYri|x-qDX-g|g!TY-WrhRN%V%tET~r>z z-o}JYSRiR$g;#=E;20`uxV@iH)=e~0-y9a*n_Hb9@Uj^Olh;+ z&%$f+IZzW%#j3r0BGyX z?JfD{kKD}4-(POxYmPB z$gv&zW)$L|TPJNMYPQj5##1s$;aK_FmQ=hQUX|g#R_wyq9Zz#jJi;w|93q`izxENO%U0e6Kk5ClM3`b~b8~pn9XqRpG{Yj9G4qu1 ztIcs*qh^Mv?earpV&*oKa{Ty4Khxa5QPh@oTA{AA;wu<;Me z*RO?^7VV!53#u&YrY)}mIisqP22&4f#-{RPIb_oa6Mg!FwY;^`lp{MlV}lwa>bG#` ziC=C5j$kFo&D4wnMv~9ohd!AnS5Ix5weFb*YkJopU9lSe_V_lJC_s@kavqgvdpK?zFZr+a&GiI@oxn(S@ssTd+~;cX{B;D162wIfHt0BIMP zOJr*}Crw{YAQ-y$_nsjEhyeNxQXTSjYuJ0E+9)wKDE_K!IP!)uVpX?Ig0T)1uGfq$ zIi6om$L2s=Ax6(S6=?chQp)V0EKSs-OaGbI1$`W(6C%MZX0NcNxdZ)6S_8CEon+xx z5MS186y0`h$Wi*NO7~p*!>-iQQxlGJL6JWHrEyDiT`h>`g(zs_6m|L+w4sF;lifc^ zv=!_%7ar(F)%An(dlwf~+5_o0G46=ir!png>}q zE}*Og|1k7pUz>M0*-?j1ym2E@nd{)=<+$QChngB#Ypq?>B*yJG}>blzm zdWvWpg&_}F5@W-mE&-`L_rL0iX@wz&)CJu>#bEYQ_{5}c(e9s(a?~+Q6-X$oc)rf^ z*+q>PEaJoG0#LmOwbm;6-=;RB4xAPB_2DiK%%3#(+l=yL@0pMD@Uvh`8MYy1N=eZ| z$H2xCc_k7u>aQteZEw6$!8pD!ZLXpE!&!2{0q$+L`%Q3hSOMLzb7~~-J9Q_5AFSKE z$oVJ(^t>!kPbx)AawcX?@5|FyW5n5$s~H>yof1u<4bcJ@vBR4BLV@=zma1{sbQ4h| zOFy)%*%2Dx%?@Na>bvt%Q`EumrTm&Q6^kqozEW{(=?jCdUAk+HddhI}`amizG^HKt z?U}SF!f#_aOeRuX*5Ntga#EdaQiD%|3in`?2vJe(0w7Vc3L1SXYFpde{qKa;nfvX&X!`s^j%i^6VLWaK1^x8eF`nV9~hp- zf!!VqnDc>$uo2wqW`oJn*eW(?5S(1z=SS=>(cfyqtGC0FvX*9CTr4X1J{O5oNUDeF z1X4{c?89Fe&bpm%IpaQ8lLl%bO)nQO^y2P}@ZIrKEPOF8 zNgJ+My1sLZm*b|sexS)z74&v;$ax5J(_0Tw)dkQwEU@)v(K#i#|H={8i_)n<$ckf; zaXtUV6L;paGbVRYBeprV4q(Yj*LqVPp>c=$y6Rjd+b99WoQ^Kbpe6QRTpb9jPQxKQ zsEHa($ad-8#AA$?1$Anbj_9zZbUM*^2~zG5&#ofFks2<X4fV4g49xqXA4Zouk3T#o%;bNQ#vepbcI{v7e?(aSk2 diff --git a/configurations/host/valkyrie/services/dcbot.nix b/configurations/host/valkyrie/services/dcbot.nix index d861849..fef3d8d 100644 --- a/configurations/host/valkyrie/services/dcbot.nix +++ b/configurations/host/valkyrie/services/dcbot.nix @@ -1,10 +1,13 @@ -{ config, pkgs, lib, materusArg, ... }: +{ + config, + pkgs, + lib, + materusArg, + ... +}: { options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot"; - - - config = let cfg = config.valkyrieService.dcbot; @@ -24,18 +27,12 @@ systemd.tmpfiles.rules = [ "d /var/lib/muse 0776 root root -" ]; - virtualisation.oci-containers.containers.dcbot = { image = "ghcr.io/museofficial/muse:latest"; - volumes = [ - "/var/lib/muse:/data" - ]; - environmentFiles = [ - config.sops.templates."muse.env".path - ]; + volumes = [ "/var/lib/muse:/data" ]; + environmentFiles = [ config.sops.templates."muse.env".path ]; }; }; - -} \ No newline at end of file +} diff --git a/configurations/host/valkyrie/services/default.nix b/configurations/host/valkyrie/services/default.nix index 33bc442..81436a1 100644 --- a/configurations/host/valkyrie/services/default.nix +++ b/configurations/host/valkyrie/services/default.nix @@ -10,7 +10,7 @@ services.adguardhome.enable = true; valkyrieService.pihole.enable = false; - valkyrieService.pleroma.enable = true; + valkyrieService.pleroma.enable = false; valkyrieService.dcbot.enable = true; valkyrieService.secureyoursoul.enable = true; diff --git a/configurations/host/valkyrie/services/pleroma.nix b/configurations/host/valkyrie/services/pleroma.nix index 9bf335a..e3bd2a1 100644 --- a/configurations/host/valkyrie/services/pleroma.nix +++ b/configurations/host/valkyrie/services/pleroma.nix @@ -50,7 +50,7 @@ in "L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}" ]; - services.nginx.virtualHosts."podkos.xyz" = { + s ervices.nginx.virtualHosts."podkos.xyz" = { http2 = true; useACMEHost = "podkos.xyz"; forceSSL = true; diff --git a/configurations/profile/common/private/default.nix b/configurations/profile/common/private/default.nix index 2a33b9c4bed06a2615948b491e82cdb16ec67aa5..c47d7094c92bdd1a48f99dbea8faca3244edec47 100644 GIT binary patch literal 955 zcmV;s14R4)M@dveQdv+`0J&0-xzsFI$)pa)jt%RFS#M>*0^0+A@3S&@KY`SKD3mh}YYrfY*c`?<*DTtGZ`{Z+5}lFf zC5YC}BlT#vMr>cTMmu=ROWS?8BmKz2fyC2*X0B8}_3C+YurXE!{dFgM^&S(kVIIdy z!vgX5Uy6rs-@ZT5I|S$2QIGsiv98bafYa$5Ib%thhLEk_%CT`ogX+RRnNoj9AQ);IHU&^f~O z%}!5#TFbp*#(|T^ zIuxB$mtR36J4sNo5aRW0Qiwp!m?$3f1d`Rl6h;=Ci&h$$%_4GO$OBWL@oaDs9FUtT z8{2U)GRPLV*)?=fgC9cAtEAPE^HK4swo;|sQ_yzGT0>imvl28)o>|5fpA7DdJ|bG- zhuR-)45sisuC^)RAqlbE|I>(yqkP?mUW0Izo)z>))-3v$LsUE#PJhsXoPSO=3o;&2_A6eW4~=X9rv5@x1)Y_k>te9J_#Lb z!Ps~{6rCfpBm3Y$qy1@|#7=V?QC_xA`r8?G9b-ZwSfZRQY<(K=Fn!q1$#nkuD40AHX?36u}No;=WMs z*n){@hV&UAE~+TQo>;wt%!aDF$twsMV+5@q`^~Q7g&d;k2`-n*y?8;PhJjMR*bJ4& zsrmJA&QP#I`T37xx)H4eCBJNm3jZ06B0BJ+etVuiuSs1B_PS^J&<+`k;|BvjZr&Qo zN_5SFsZ@o(uRmO= zV7aDXW)yCUlx|VW8#_6{!kNJ6LOuA`eH?YP3=8)+ z9aAPhVz!WHUtAv%Z}LpcGJozz-l7n4kkUZ8sNffj9;S5VeVr*4*hQym;F-+(sh1Lq z3e8MD;}UR(n~{Cu!b~X)0%k>S-cd-O>6_5~hYTtR3x$|Ma!_*}?y=)oqOG#EiPKf< zXApM*JX=qfHFz|`zqIlVs4IedhV@V4`|AiRud2dkbBZi)^{!9%l4C%4skQ-XLr%OU z!>{w*sA2d(UNKG6!P9D~owTb}_AdUv{mxU+b{Yp9{-W`bV4qaRrOie4wtm<@9#LMusTAp+)P zRCV)V<;8xUN%jABrqjWGVhx~Y&4uCG@igxQlLwc)Y@#{lN2<-y4H@zDI4Z8|Qp!0