From 0ad10eca8854a5df992069731d8f6c303d6f89ac Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Tue, 21 Feb 2023 14:52:38 +0100 Subject: [PATCH] syncthing --- home/features/desktop/default.nix | 3 +- home/features/desktop/office.nix | 1 + hosts/lkk-nix-1/default.nix | 4 ++ hosts/lkk-nix-1/services/containers/#cal.nix# | 8 +++ .../lkk-nix-1/services/containers/default.nix | 1 + .../services/containers/little-link.nix | 2 +- hosts/lkk-nix-1/services/containers/nginx.nix | 8 +++ hosts/lkk-nix-1/services/default.nix | 1 + hosts/lkk-nix-1/services/syncthing.nix | 20 +++++++ hosts/lkk-nix-1/services/traefik.nix | 54 +++++++++++++++++- secrets.nix | 1 + secrets/littlelink-lanakk-env.age | Bin 3525 -> 3630 bytes secrets/littlelink-m3tam3re-env.age | Bin 0 -> 3649 bytes 13 files changed, 98 insertions(+), 5 deletions(-) create mode 100644 hosts/lkk-nix-1/services/containers/#cal.nix# create mode 100644 hosts/lkk-nix-1/services/containers/nginx.nix create mode 100644 hosts/lkk-nix-1/services/syncthing.nix create mode 100644 secrets/littlelink-m3tam3re-env.age diff --git a/home/features/desktop/default.nix b/home/features/desktop/default.nix index 5b29cd1..8dcdbf4 100644 --- a/home/features/desktop/default.nix +++ b/home/features/desktop/default.nix @@ -17,15 +17,14 @@ xdg.mimeApps.enable = true; home.sessionVariables = { - QT_QPA_PLATFORMTHEME = "qt5ct"; WEBKIT_DISABLE_COMPOSITING_MODE = "1"; EDITOR = "emacs"; VISUAL = "emacs"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_DATA_HOME = "\${HOME}/.local/share"; - PATH = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ]; }; + home.sessionPath = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ]; home.packages = with pkgs; [ alacritty diff --git a/home/features/desktop/office.nix b/home/features/desktop/office.nix index 7d59005..062f44c 100644 --- a/home/features/desktop/office.nix +++ b/home/features/desktop/office.nix @@ -1,6 +1,7 @@ { pkgs, ... }: { home.packages = with pkgs; [ + nextcloud-client libreoffice neomutt tutanota-desktop diff --git a/hosts/lkk-nix-1/default.nix b/hosts/lkk-nix-1/default.nix index e287271..06d26ff 100644 --- a/hosts/lkk-nix-1/default.nix +++ b/hosts/lkk-nix-1/default.nix @@ -60,6 +60,10 @@ file = ../../secrets/littlelink-lanakk-env.age; mode = "770"; }; + littlelink-m3tam3re-env = { + file = ../../secrets/littlelink-m3tam3re-env.age; + mode = "770"; + }; }; identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ]; }; diff --git a/hosts/lkk-nix-1/services/containers/#cal.nix# b/hosts/lkk-nix-1/services/containers/#cal.nix# new file mode 100644 index 0000000..3a2ebbc --- /dev/null +++ b/hosts/lkk-nix-1/services/containers/#cal.nix# @@ -0,0 +1,8 @@ +{ config, outputs, ... }: { + virtualisation.oci-containers.containers."cal" = { + image = "calcom.docker.scarf.sh/calcom/cal.com"; + environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ]; + ports = [ "3013:3000" ]; + extraOptions = [ "--ip=10.88.0.23" ]; + }; +} \ No newline at end of file diff --git a/hosts/lkk-nix-1/services/containers/default.nix b/hosts/lkk-nix-1/services/containers/default.nix index 632465c..d62709e 100644 --- a/hosts/lkk-nix-1/services/containers/default.nix +++ b/hosts/lkk-nix-1/services/containers/default.nix @@ -5,6 +5,7 @@ ./little-link.nix ./matomo.nix ./nextcloud.nix + ./nginx.nix ./wordpress.nix ./wireguard.nix ]; diff --git a/hosts/lkk-nix-1/services/containers/little-link.nix b/hosts/lkk-nix-1/services/containers/little-link.nix index 3214669..db7e12f 100644 --- a/hosts/lkk-nix-1/services/containers/little-link.nix +++ b/hosts/lkk-nix-1/services/containers/little-link.nix @@ -7,7 +7,7 @@ }; virtualisation.oci-containers.containers."littlelink_m3tam3re" = { image = "ghcr.io/techno-tim/littlelink-server"; - environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ]; + environmentFiles = [ config.age.secrets.littlelink-m3tam3re-env.path ]; ports = [ "3011:3000" ]; extraOptions = [ "--ip=10.88.0.21" ]; }; diff --git a/hosts/lkk-nix-1/services/containers/nginx.nix b/hosts/lkk-nix-1/services/containers/nginx.nix new file mode 100644 index 0000000..daa7f26 --- /dev/null +++ b/hosts/lkk-nix-1/services/containers/nginx.nix @@ -0,0 +1,8 @@ +{ config, outputs, ... }: { + virtualisation.oci-containers.containers."http-images" = { + image = "docker.io/nginx:alpine"; + ports = [ "3012:80" ]; + volumes = [ "/opt/service-data/http-images:/usr/share/nginx/html"]; + extraOptions = [ "--ip=10.88.0.22" ]; + }; +} diff --git a/hosts/lkk-nix-1/services/default.nix b/hosts/lkk-nix-1/services/default.nix index a075c1a..4621e0b 100644 --- a/hosts/lkk-nix-1/services/default.nix +++ b/hosts/lkk-nix-1/services/default.nix @@ -8,6 +8,7 @@ ./n8n.nix ./postgres.nix ./searx.nix + ./syncthing.nix ./traefik.nix ]; } diff --git a/hosts/lkk-nix-1/services/syncthing.nix b/hosts/lkk-nix-1/services/syncthing.nix new file mode 100644 index 0000000..566dddf --- /dev/null +++ b/hosts/lkk-nix-1/services/syncthing.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: { + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; + overrideDevices = true; + overrideFolders = true; + devices = { + "LK-DATA" = { + id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3"; + }; + }; + folders = { + "Bildvorschauen" = { + path = "/opt/service-data/http-images"; + devices = [ "LK-DATA" ]; + }; + }; + }; +} diff --git a/hosts/lkk-nix-1/services/traefik.nix b/hosts/lkk-nix-1/services/traefik.nix index 06edfa1..1aa3d89 100644 --- a/hosts/lkk-nix-1/services/traefik.nix +++ b/hosts/lkk-nix-1/services/traefik.nix @@ -11,6 +11,13 @@ dnsChallenge = { provider = "godaddy"; }; }; }; + lets-encrypt = { + acme = { + email = "dev@lanakk.com"; + storage = "/var/lib/traefik/acme.json"; + tlsChallenge = {}; + }; + }; }; api = { }; entryPoints = { @@ -39,6 +46,15 @@ replacement = "https://\${1}/remote.php/dav"; }; }; + nextcloud_headers = { + headers = { + referrerPolicy = "no-referrer"; + stsSeconds = "31536000"; + forceSTSHeader = true; + stsPreload = true; + stsIncludeSubdomains = true; + }; + }; }; services = { baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }]; @@ -61,6 +77,10 @@ [{ url = "http://localhost:3010/"; }]; littlelink-m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3011/"; }]; + http-images.loadBalancer.servers = + [{ url = "http://localhost:3012/"; }]; + syncthing.loadBalancer.servers = + [{ url = "http://localhost:8384/"; }]; }; routers = { api = { @@ -112,6 +132,15 @@ service = "matomo"; entrypoints = "websecure"; }; + matomo-weltkarte-pinnwand = { + rule = "Host(`stats.weltkarte-pinnwand.com`)"; + tls = { + certResolver = "godaddy"; + domains = "stats.weltkarte-pinnwand.com"; + }; + service = "matomo"; + entrypoints = "websecure"; + }; searx = { rule = "Host(`search.lanakk.com`)"; tls = { @@ -138,7 +167,7 @@ }; service = "nextcloud"; entrypoints = "websecure"; - middlewares = "nextcloud_redirectregex"; + middlewares = "nextcloud_redirectregex,nextcloud_headers"; }; wireguard = { rule = "Host(`wg.lanakk.com`)"; @@ -178,9 +207,30 @@ service = "littlelink-lanakk"; entrypoints = "websecure"; }; + http-images = { + rule = "Host(`media.lanakk.com`)"; + tls = { + certResolver = "godaddy"; + domains = "media.lanakk.com"; + }; + service = "http-images"; + entrypoints = "websecure"; + }; + syncthing = { + rule = "Host(`sync.lanakk.com`)"; + tls = { + certResolver = "godaddy"; + domains = "sync.lanakk.com"; + }; + service = "syncthing"; + entrypoints = "websecure"; + }; littlelink-m3tm3re = { rule = "Host(`links.m3tam3re.com`)"; - tls = { domains = "links.m3tam3re.com"; }; + tls = { + certResolver = "lets-encrypt"; + domains = "links.m3tam3re.com"; + }; service = "littlelink-m3tam3re"; entrypoints = "websecure"; }; diff --git a/secrets.nix b/secrets.nix index bd8aae3..7cb6af3 100644 --- a/secrets.nix +++ b/secrets.nix @@ -16,6 +16,7 @@ in { "briefkasten-env.age".publicKeys = [ root ]; "littlelink-lanakk-env.age".publicKeys = [ root ]; + "littlelink-m3tam3re-env.age".publicKeys = [ root ]; "traefik-env.age".publicKeys = [ root ]; } diff --git a/secrets/littlelink-lanakk-env.age b/secrets/littlelink-lanakk-env.age index 399d9022554bbfee5829f4ba702e3f77c8e3ea75..b9176d3cfdfa8fc7f2b9a5c5987c6707da526fd9 100644 GIT binary patch delta 3625 zcmV+^4%YF-8?GFXD1S_4IcIoiYgkotPi9VWdPr?{GdD?PLQF&}K{;A9PegBdMmJAp zXKgksPEbj7XF)4L`F+COGsgIMn*VnNO^Z@Q*A;` zMs0CXPE=Y%Fik>tR%}i%dT%yoMsi9EQ(;7Ea#cxgV^nx(VKib+XVnkPNdRA_7Z%0p7 zLkcfKHdJt8bzxafNOp2_M00jSNmVd(M{;&qWll;|OjdGlMrU(LQY%7EFm8EaM{!eY zc6xa;azbe0OZ#7ykGgM+@MS3%I zQe|~eNLE=ed1y6fGId8+VQ^YUM^spKXER}F3RF~daAsC=Z$&dQFEejBa5gq>L`qOM zcTYBOM^bt)T2fLtVNf?qZ#8vQVrxTlQ8#!uMolYAP=8@|b$2UHcWnw~G-6Ikcymxq zQ&voDH9>b!P*7w;HaARZa7#CHFl|w0WkWYlGeK~0Pd76&NKsL5T2MDOK~Zf)by-Yw zWO;82S3-GCS#wZHNGp0uVk>TXY+_AIF)&F{STjRIIca%mc4%W{Y*9&7Rx&kWQCD?# zW>IQxT7NTlXGd6CZc$NbataD9J|J5sT0A07Y*j61a%Ew2WgtR0GhRO+Ja#X3Z6IoT zb80d~E-D~mXE0z2X*G6cbxu%cb4_?OQ zZZHY7y(GN>7_uXtNO`9NhY$a&N7W>|la{DFYjOhlgoD3QlD0Scu}-egfmTZ-H^B)O z!hgJctv3X$OhfZmrR3bY#+Ax#x-5s{GI1a;KioXYNA;G*7+n{ump_KCX08+%*C|5! zX&KxhNlxpM!z>)Fm;YFmk zA|_PYE)RY}pChk$V;gWxyze9a3iqboIS`Im{UyBA(y`35oHjwQ=d&Pl8ax(m4C8sXmcH zca73;WGMo^hy9`aC=r=nHa4In9e8OJu$3u7vNX>L$pt?xm4CQ(+UP~EpDHeL;eYmk zI#^SZt+qccYXJ>zcVa56C3mSvp&#hZ3uGWBA>83_Vpg&plr~`wqn;4_Zjsd%&1#It z;^;OuaBq5F2@8>`e5O7EMz*%}xA9z4`))(L2lEj_a)e=z7S!fHG6EEv2rpuCFB_f{ zFpmqujmOszECjn4c8m-(A3K>9i+{clvFH@Z1t;ZKxYYY)SA=;x7*6Y@Qc^<)bdv>Ji9GOLcw}0TfbBF{O zJQt)+)K(MzR0jt&V3$b_=K1w;#Vq%@H4lWRh{oZ`{wa|Bh%E^ThCtXMG4PLaKkY}_ zSj84fk9;Z2u~Rn`M~8TAk{ZfV<%E2LYm0f36c`T`-?D@1Y@Et7Q}y=!CXS&8kq>F9 z7_`PUbR_(&J!}ubZ)+~}Lx1oFBy*_jmX^6P9pIXv+KSWmeXz*FrL+n5EF@*^0^ACV z$#X&jeBxKObxBBg>rRu9Ng@a_UbdGxl-a~uP{l%|bEyp_!m`*t;074;%o>jvjKUhf z)Q`%AHuG_uL0S1gRqXS2tYi;84Aj;Uw$N@bkp0!XMgaQw!9GJ5M1OUFO}6)r0a#^g zu+B8cFWrExsFQQwVgr>biVp5v5%-0mo>cp@t3x_qYw^MTw~SemcaxE47flXi)|_!! z-E{TSocJUymo#*(##(_iFr#@Qp2TMYFWt_!Hsl|S5IB=T{u z)?s@c_eh>4xO@WP?k8A;Xl#e%ui&Bi`hV7hB3|bLrcnr{|9@olwe!rPa+v#h_rP0N zl8h!n2v^n~A!FXpC`>Na8q4%%t5-*&S>a=L%GKbp&RpD_j^;_QcXL8?p0TEt-QNAv z-p^)`>ZP=#5I>aA;D2%w_mnf`6(MKl4qU>rXh^jkX5x2j*`qu%b{368@FBJqC&fS7 ztqI4plk5!=4u6GYI*GE2yLxJI0P}VTB>9VDX!cE5j)e8S9Wq}6jQIt_Nn@HG9`%Ii z(=8n*EQHg@T?n6nRsQKjrRFtg40{jJSMCFgos(zEKJ`zN^VVVqlZqK<2QAnvxRh?G z=`s!o`F48iJDs8a*qHpy-xq67dCv4ljLitan`&``P zUU|uTCo6fs4CbesN(;TVWZQ@D$)0rwX)aA1a1mti!l@9wtjvu{|@$KS>zf z%5~CASAV_@cH4WI+?kN}dth&u20Mx<0slAXbR~Fa<$EW`ptG8pX1D6L@%iSzXtJ8j zu=EQcfuginpGn2CyU;;sXCfpWG0xT}#Kw6aQyOWWyz=2%t2;*SY>71?VlMa##w^$= z!DPGYWWNW{PoeyJ-T&Hgd=9Pb@d~3_5D}CkR)2udpwyDv!6^D^h~M0_vG2m^uv~}| zv=m(Jp=NlCP_SAp@arBisiS0L*Xr3{8DjC|d9x@&BC^w408fQ3_8h67nnw%$!lX_= zaGMrg*Yu6-$RFcg4|_gG5H6!TGTR#dF8GT#ZFGe%dRsFwR9p{L>9b%4bD-dnWD4(}gzmS2iyMHZaus65=6*^)kVRnd%DCb}xH4QABsX?+` zTfbsTz_}FJUCkK!+l)trtO<9F%gfTpAi(~YGZg7x9e}f2sJ;MsXvJW%{PLAY36Aa1 zYa(Rdk$DdbT+*(^sZWBkwtbdur z#TpicA(tb4f?qak3K3eAQzz9QHEgI;>$u*7xdl9J4=z-piQGhcAf{ezUT~)L1|jjK zl9zM)=VZ^B{_dDlBDSl_uJa9K7y+-Pz84P*(KZVJsT_keq~TdKgvG7Y zL^PAyKba276kycWhp$J9W(6ey%71D_Dd?|NSBz9RP{4)idY1u7Mzt5?f9`!|rqP5* zmQvm5J7#Hxn3-%NgW!=cSk!x9l2K)UfAUN$Er`Is*m)^#vDr&SePIq3f2a%sbPy7p^2JLS(%L(!9i&Z*h9ij8 z0l5l;s9!5Z9)!aoq8-fQOn;9Hp@@+WHZQ)nRzqqz_?S`@U9PAKV(tz+!%-x(25=DD zHGu(x^kk2YHWrN}W_T_!CwLDABSl5g(UQC*{4!f4AvvG_5#8u76gG5l7-dvu8?oKi zxU~BRXL{o)qN)i8_ofcrRD7*5K!5*h2Co8$*jM5Aj165T`y<>f>^c_A5{T<4 za-cx6z|k+58(%x2yrakrQtX#TN@m5xHRx#($B z^A-Tf0$18uZ{0^1dJ~#ZWTW@&O0uPNW{W`H>W3t7M?Ls4cDc~I)xUbqRM$C=Y)esl z3}A!7ez&J~pqpsB2+4yy6N-L7&^z8@RNN1JSlP>ZyqIa`7%FBE|j delta 3519 zcmV;w4M6g)9K{=uD1T>1WH4uOSZZ@}VKi@bHF8BvO=?(XXm&(0L~u)3Z8=XvD|TmQ zLrpbuSaMo0V@y|3H8MCxVOe1-XirRGZcGYjHbZ(^LrraQL@!KLWJ6e4NjPNmw*zYfEQDX;DKfOG8d=aY=4bNOyW~Q8+|uS9e4;RC;G*wVdb!{eVQ*qiGDdT8RSGRFEg)+& zb7gIBdR0eLIWJ*YD?wReM`$ZGNOwgtWlmXnOMiGaR9a?8b!T~PGg%5maT~f>kGcSo z86nDL_ZMW9hIC+G28tEW-bV5xX<3g!=Ax(@g^E@k0%UtPFK(ALGumQvlBN=P#{=@s z`M^raOP}v1_niB+-hDu;4oGjsiYIwY#0QAUGxOoh3?N#{#vBsXH!C|1BC${C_}xW;NaH>qBtmqWh@j!qAyyTNO^!flbdp zRYLA}d*c&nV?`BR8pzndLfW=jrh6E(qQo)$6$(U1*2M&W9U-kzgj5Axn5>efB|Y4p z=(g;6E4>uO*kjN>Fz6^-G|>7Q;c z?suRC*Iu2pGnyor*I#f57=n%L8x8tN_l}G!r}TG4y5q#|G^l|Wm-O`oM#RqiZ(`8W zB+wPv&jBWA+(NZqNb$2&&a9y(8QJY%q4G9WAddd5D|9}KxUs~7-*T-3)k}3HpU@Aj zH#qCnI`P@geqD@^Dz4ds{J-LGj(-M=vh(hY-SM8vTD1Wx^P8}t(yM1T&_j}uTyML7}sFfA}! zIoyT>bYS{qEBZ;qjGeH7?U++c%LDXgzTFtSVdeIUm4;IEVrWeUgF%KC5r1T4nw7k^ z#-wdg(rN@)vM&7U<3Ev;^!}?%Nf|AHWg>~;hHV#c$RT>qQVj>zSYScIQ&)`e6$T6Q ztQl=5aDW289vUElUbSY-rEXJY-ACyoWN6ea%SfCykDIIPGY*IJw7x!T%Tn9xC|Rk^ zgTObKg#cj|+3dy9ziC`_>VFzB7za;j7f`uIM(K6rqZodaPTWV|2^FH{Lg6}d*0kUq zkR$30{hHPK%2CP0L0p!-BpO8zl>~AI-+8cq#JRE51!icMZT~k2S${e1%epN#$#t;Q zY$@Dq7@+c$nkP6GSN2U;Iy3A`nI@rvK=c8sYfzCPgqdEg-hD&pEghg{S8k%+VIx?& zp@liiA>Evf_J)>e(3lO)@JF|>kU4jCmhlE|S0Hvc@@l(G>>T56Yu#S23MT-+slI?| zcui&%(gg>dr_YVD7k?Ih>xDLIDbTOngmcc=W`lg)Y|Vg%I;`W83kta-Q}z?e4&6sn z?O&!HDTk|?bCrNZ52s$~x9S@}?T)C@(}KxUE*7YA9>(8gr13U>(@8c+F2S%uQo=C_ zSp{p$hLF109^V$2+J%OkUjQ2r8CWUN%}_>4b2cQzM2Xu8D}QiMx#e6O_3Gynid39H zxdK(==FI6Ht~LO|1C{UTV-mnP)&zRMbO9M#?c$vMs^^j7zgkZ%1D8pxy; zARZ&8tOeLTSa!XV$ETrgj< z_jy!mu1&j17TC}GYW=t0CU(u5@(+_V2ErnO@q?{Fk%C z-FRN9^?w@-#vjF4Q_$*>s{^eVoIpR2g)r>Dh#eSaMzXTMYqEO5&nW847oCQ=XrDLj zRup|k`Tq)$ZR{;z!x&(`?@u|kukg#(j1>u;1#hOL)f19y(DEYF#Fr9FkB4`zn;Ny* zA5+%`xx1^tnLphpF94Uv2i9pB`BXweAb8!Puzw@Z zS1Qvnotu+XXsf@tMTP_G8cH~y(=IVB=L86m4f9oRZ8keyk+9!3M#d|W@MB9Zay6%Y zo9i7LA2K=CgU~Zi-6~n|2|piVjGIf zXz(=6<^&m~q8+=IG?n-*`7oLFY9i!{E*|6J#*?mh!ACH)cK9A%f3Zy)K7u?nPUB9u9@@2vr~y>D9D}5k z(G_mCfUPJgGu>|wJgOv|fg-=&6`;ppC|1A4Al4y^>9$N-N1+5x%`?>l^`SG$Jx{599hlhMzOuyEQI9IcI%dGAc$os5H^t{E(WZ5Wz|pjD;M)bWkHkQT z&FOaY44TcGa#$O!;2D*`lr|FEEXNL6ozcJ^%{rH>EHN)=kgm8}AA`6pPJa|3&kr;V z?4pH;qxPRs?d=d&15rB>;~BQ?Y^@1h00|gC>H2V6PPk<>AFbGMG}lf$RJ!_Lq$?YE zVjOy0fU;|mw}`+H7>w(&tA8f)sjFQI?ZbU|k+swj#X}OQb6n77Q4GKctwzfevlmk} zJC0@#@a{VAAOv14p_AS?y%;grD1m#~DS3C}IVJKpVCk)DJ-C6z8~+1X8nQ=?WheWf z+TpUf4{s{w`L9<-Oq4fNzXMTTNoS4lrQ8G}@nwu*m0NetLD#vQs(-w=b%&t%(A@C8 zUuhjecsF&nwSvRZ3TShqVasxTMWYE>K`PvSP>@lVK>0JaHcd|&U3VH}r{*67`g}OI zcJ}wVFa7b%Uvt_gJd4+`UI2wteUw=;unGvMO`E`Lopt>Di<49PF&IPSYkj zgP>!-4cXSonA725rfM%-lE&0L(aPpzx`WlFf*k2UL{>`t^Ee>OV_E?wvz7PBeE$$F ts)(3Z(Vv-9FBi=~SFP*8d4k-9Rd^ijSKCfgPtg{hW)E}G_@UaSBB diff --git a/secrets/littlelink-m3tam3re-env.age b/secrets/littlelink-m3tam3re-env.age new file mode 100644 index 0000000000000000000000000000000000000000..bb0c4e2dd6d4762efd067f72e1b8558861db05c2 GIT binary patch literal 3649 zcmV-H4!-eWXJsvAZewzJaCB*JZZ2CqSK~QBeO<7K5XfJwiOlx^Jd1G->YHM*qPFPiHcM3CRK}IW7O-?mtR$*0YO>Q(o zb$3T|VnT39XlgZ6LvL$0S7S*_Mle!VPIp>KL~t^BZAxQJXiRxYLoi`tY*7ksPjppR zae8nxFlS9zcu_S&Z*xI*HbgmBD`8D|S#NJMa7=b?HFZlcWMXA?Y)fZHPB2wYPAhgr zH)u65ZBlRwR(Wn#VoozuN>MjZcUN+0Gct2hMoCpmH&{@4LU==CVo7E= zNLf)YF=%UeXl7zHD=}D7ac68b3QIIWaBFo!T1_)$XH9QGaBoXkb#`<^M@TSjbVW8d zL^xAIPFX8$Ra!AHSus*=W^z|gS$9)7NJB$PODk+<2QZRZnRx~g& zM`n6tQEo_iN-b7deSJ5V55Rz)O4AZJBpKMG|rQgKarcXL=TP?jV|~BKUT10W^Jpuc8t~#L@(o(X7Z%yk^Mw3+f#jpJeW@* zNM8Q1NiLAa9h0&&wJotWO92xUWnT}ZYH&G0TGOZk>xn{dz z%CBswd0Ab%^Tpo-g@|!!)p8&dzAEO~pLiVMtNXmX3*7pH0hey?kX*-jWE!5eV&B7R z(z~9QV7=Tc*-5Rl{NY|}5&PR64c3Ts8!$;CTt}NT#y+uHOnk%2l7a`r4=Rs|Ld({) zfxiw4K--?zL55ceJ5Dq@8Jy1Escgfpk0QezwB;LI!bxx7{5S3zzJr`o~U- z68Q_O9CxRml+w=&@lz8%+H!a8CCSr{OAUavw1z{8CQ5Swxu-?9YqPOdk31#}EiC+z zrYUQ0%c!7pCU+v;-N>z!jX`(2c(cJ_mIuJQO)LM*)7Dr$=7L~iN@WJi4MT`y)oaa6 z+?bo~-N`5kg|PQ_WeErWE4lJ*-Y}XXTPoo4$`rt)mQYv;(4q1#Rda0bEG;*>F6T9lWxBIyA+5%S1F(bo|^N%OIa|rOi^As=)a^e?%&y6&) zuX|(ZC8vrO+fOwK39h(9Pf8ytNCD#$;cG69&fC@XY0F)VPIs2XfMRae=TI}vS#V#q zYSiP8iVfjU`_1TdkG z{SUjj5vZN`qFmLKm_uiBvaY22dLVns7WQ|RRhm#$Pl2Z150u1j%4}f1o>W7A*`1-* zj&Oh0d50MD*H*NrSSKbZ4g`^Z<%FL+-*B*E2R<KzWSJi+fwr4?7d6!w_uQr&NXi$>w?v+ad6x5y@Jf4zO-W|#n7<_Z4@s4lUH{t`% zIh(QWO(ScEAbsZncS*EvQ@LV1>w;`_%;_KB=9nLt;~s~|(r%&-J(`ji&fCwtr9+a7 zk|8F=RB5N`U{-s281)#`@zn17S*yhwA_^jZdjz|}f#JT&0~`{WPlSmQNRJB4?Uf_& zI1~$p^ggJ@;WVJoi>Jjyyqda0%$v&wVJ8>hYu0X3{*`(~NzF?rL_hReg$R1Oo~K!`SjtKtStt&PLx zUI3V-eYutSJU!07y)y47Tne1~2A-mFV{n-t@rm+XElwiibUz2gR)HweFoYI$rJH= z(bnQW@+B8tMs+J|Q6-ZY4?Ib556PTAT{z7?Mw*@cZ&A(Av@dkd9J^#0jBQBtcIZbZ zRs!ZSxLw?!8T-{Uh|M-}EKSk~k4-z!WLbcw9_IXOP*LI{Vz)_n=bjt5z>t7#s<4Cl z$%oRYOepo27_(oOP}`~Ch`Bh@fW0|fGXlgoIHAE+zxX>h2fNvoW*y!nve_vwz9 zB&0KX_N8KQ*Z@8(YU#HEUVaLo(lQ@U7yL9>b<)tpOeB4^9OFoF@cI zxsZ%e`rFCstomMGT#6!)}%O!dJW5xP~FF+*njE^R@TRBsU{$Gf919FB*_-3HtRl;bx z*2zt6buiuT0NVPqzPKGFnB(^6<9o-3fXTL7kvr=5VvDzhMwg(iO z)nH$bsDGxA;pq9f`~k#>*ywp4O-YSs@J%b8;9@USnJZPM7zOi=AV>M{^>0bsMX$n0 z1?~3}u_5>F8YZy*Dru`WPn`BFkb^W>ZnMTFp`xr>KDSqhN;D+F;YR=Up3sjcZC&jy z^gAa*G1M59km)owD?s=YwsMxQHg5||8+HyMwLFu1Hd`f((MjW^r%Wp1!fk!cIwOf=2C+3Q_c1N!A%XZa2-RAw;F;SBbOed{ z;&GuFpklSi^7>5d;gaUPa0&-;^{WTjZ4fjjw`2ubnMA5sK0W=;Ommknt-h3JodtvtgA zxe3~Iv3z(ooy8t6 zI+DRepUdgZ*#4n#-XyVzCq;yQB<*L7yM4Mi>>`C22g= zG+s^O+>In}#4r4fJnUFc4eI3x4%%*&|Pqi8U*2HgQ}4lTbG3~7XP zh;lZKR`qg>)xnt(!5e%a`jTJcYGeb`<~%!jUQD#h*h1=%85@t6!V@WBfObVhtH^6KYoUSd8qwTC^kk~|y)ab~ T5GrHR-NOfcG!Ge literal 0 HcmV?d00001