From 7f512583e092dbe541d1fbcff8e1bff76b38b708 Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@nixfox.ca>
Date: Tue, 29 Oct 2024 01:07:07 -0400
Subject: [PATCH] Separate some more files and extrapolate more non-secrets

---
 .../networking/wireguard/pc/default.nix       |   4 +-
 .../networking/wireguard/server/default.nix   |  12 +--
 .../fileserver/public/nextcloud/default.nix   |  64 ++++++--------
 .../public/nextcloud/nginx/default.nix        |  18 ++++
 .../fileserver/public/photoprism/default.nix  |   4 +
 .../public/photoprism/nginx/default.nix       |  11 +++
 .../services/server/icecast/default.nix       |  82 ++++++------------
 .../server/icecast/liquidsoap/default.nix     |  30 +++++++
 variables/secrets/default.nix                 | Bin 2237 -> 2039 bytes
 9 files changed, 122 insertions(+), 103 deletions(-)
 create mode 100644 modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
 create mode 100644 modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
 create mode 100644 modules/system/services/server/icecast/liquidsoap/default.nix

diff --git a/modules/system/devices/networking/wireguard/pc/default.nix b/modules/system/devices/networking/wireguard/pc/default.nix
index 5a4e531..f120f77 100644
--- a/modules/system/devices/networking/wireguard/pc/default.nix
+++ b/modules/system/devices/networking/wireguard/pc/default.nix
@@ -11,9 +11,9 @@
       privateKey = config.secrets.wgClientPriv;
       peers = [
         {
-          publicKey = config.secrets.wgServerPub;
+          publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8=";
           allowedIPs = [ "${config.ips.wgSpan}.0/24" ];
-          endpoint = "sv.${config.secrets.jimDomain}:51820";
+          endpoint = "sv.${config.domains.jim1}:51820";
           persistentKeepalive = 25;
         }
       ];
diff --git a/modules/system/devices/networking/wireguard/server/default.nix b/modules/system/devices/networking/wireguard/server/default.nix
index 89ac746..ec01605 100644
--- a/modules/system/devices/networking/wireguard/server/default.nix
+++ b/modules/system/devices/networking/wireguard/server/default.nix
@@ -17,14 +17,14 @@
         listenPort = 51820;
         privateKey = config.secrets.wgServerPriv;
         peers = [
-          { # Jimbo Pixel 9
-            publicKey = config.secrets.wgPixel9Pub;
-            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
-          }
-          { # General Nix
-            publicKey = config.secrets.wgClientPub;
+          { # NixOS
+            publicKey = "OKUH/h6YSURI4vgeTZKQD15QsqaygdbTn1mAWzQp9S0=";
             allowedIPs = [ "${config.ips.wgSpan}.16/28" ];
           }
+          { # Pixel 9
+            publicKey = "dPCtjm67adMZCnyL1O2L+uUOk0RbjA9T/tht1r+qcE4=";
+            allowedIPs = [ "${config.ips.wgSpan}.2/32" ];
+          }
         ];
       };
     };
diff --git a/modules/system/services/server/fileserver/public/nextcloud/default.nix b/modules/system/services/server/fileserver/public/nextcloud/default.nix
index 7c2129e..c50d2f9 100644
--- a/modules/system/services/server/fileserver/public/nextcloud/default.nix
+++ b/modules/system/services/server/fileserver/public/nextcloud/default.nix
@@ -1,45 +1,31 @@
 { pkgs, config, ... }:
 {
-  services = {
-    nextcloud = {
-      enable = true;
-      package = pkgs.nextcloud29;
-      hostName = "cloud.${config.domains.jim1}";
-      datadir = "/mnt/nextcloud";
-      https = true;
-      config = {
-        adminuser = "jimbo";
-        adminpassFile = "/mnt/nextcloud/password.txt";
-      };
-      settings = {
-        trusted_proxies = [ "127.0.0.1" ];
-        trusted_domains = [ "cloud.${config.domains.jim1}" ];
-        overwriteprotocol = "https";
-        mail_smtphost = "mx.${config.domains.jim1}";
-        mail_domain = "${config.domains.jim1}";
-        mail_from_address = "noreply";
-        mail_smtpauth = "true";
-        mail_smtpname = "noreply@${config.domains.jim1}";
-        mail_smtppassword = config.secrets.noreplyPassword;
-        mail_smtpmode = "smtp";
-        mail_smtpport = 587;
-      };
-    };
+  imports = [
+    ./nginx
+  ];
 
-    nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
-      enableACME = true;
-      addSSL = true;
-      locations."/" = {
-        proxyWebsockets = true;
-        extraConfig = "
-         location /.well-known/carddav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-          location /.well-known/caldav {
-            return 301 $scheme://$host/remote.php/dav;
-          }
-       ";
-      };
+  services.nextcloud = {
+    enable = true;
+    package = pkgs.nextcloud29;
+    hostName = "cloud.${config.domains.jim1}";
+    datadir = "/mnt/nextcloud";
+    https = true;
+    config = {
+      adminuser = "jimbo";
+      adminpassFile = "/mnt/nextcloud/password.txt";
+    };
+    settings = {
+      trusted_proxies = [ "127.0.0.1" ];
+      trusted_domains = [ "cloud.${config.domains.jim1}" ];
+      overwriteprotocol = "https";
+      mail_smtphost = "mx.${config.domains.jim1}";
+      mail_domain = "${config.domains.jim1}";
+      mail_from_address = "noreply";
+      mail_smtpauth = "true";
+      mail_smtpname = "noreply@${config.domains.jim1}";
+      mail_smtppassword = config.secrets.noreplyPassword;
+      mail_smtpmode = "smtp";
+      mail_smtpport = 587;
     };
   };
 }
diff --git a/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
new file mode 100644
index 0000000..4350dfd
--- /dev/null
+++ b/modules/system/services/server/fileserver/public/nextcloud/nginx/default.nix
@@ -0,0 +1,18 @@
+{ pkgs, config, ... }:
+{
+  services.nginx.virtualHosts."cloud.${config.domains.jim1}" =  {
+    enableACME = true;
+    addSSL = true;
+    locations."/" = {
+      proxyWebsockets = true;
+      extraConfig = "
+       location /.well-known/carddav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+        location /.well-known/caldav {
+          return 301 $scheme://$host/remote.php/dav;
+        }
+     ";
+    };
+  };
+}
diff --git a/modules/system/services/server/fileserver/public/photoprism/default.nix b/modules/system/services/server/fileserver/public/photoprism/default.nix
index 59b01ef..7368339 100644
--- a/modules/system/services/server/fileserver/public/photoprism/default.nix
+++ b/modules/system/services/server/fileserver/public/photoprism/default.nix
@@ -1,5 +1,9 @@
 { config, ... }:
 {
+  imports = [
+    ./nginx
+  ];
+
   services = {
     photoprism = {
       enable = true;
diff --git a/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
new file mode 100644
index 0000000..169d953
--- /dev/null
+++ b/modules/system/services/server/fileserver/public/photoprism/nginx/default.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  services.nginx.virtualHosts."gallery.${config.domains.jim1}" =  {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:2342";
+      proxyWebsockets = true;
+    };
+  };
+}
diff --git a/modules/system/services/server/icecast/default.nix b/modules/system/services/server/icecast/default.nix
index f2aff00..61c64cc 100644
--- a/modules/system/services/server/icecast/default.nix
+++ b/modules/system/services/server/icecast/default.nix
@@ -2,64 +2,34 @@
 {
   imports = [
     ./nginx
+    ./liquidsoap
   ];
 
-  services = {
-    icecast = {
-      enable = true;
-      listen.port = 265;
-      hostname = "icecast.${config.domains.jim1}";
-      admin = {
-        user = "jimbo";
-        password = "${config.secrets.castAdminPass}";
-      };
-      extraConf = ''
-        <authentication>
-          <source-password>${config.secrets.castSourcePass}</source-password>
-        </authentication>
-        
-        <location>Canada</location>
-        <admin>jimbo@${config.domains.jim2}</admin>
-        
-        <mount type="normal">
-          <mount-name>/jimbops.opus</mount-name>
-          <stream-name>JimBops Radio</stream-name>
-          <stream-description>Music gathered by me, Jimbo.</stream-description>
-          <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
-          <genre>Anything</genre>
-          <type>application/ogg</type>
-          <subtype>vorbis</subtype>
-        </mount>
-      '';
-    };
-
-    # The audio stream
-    liquidsoap.streams = {
-      jimbops = pkgs.writeText "liquidjim" ''
-        settings.log.stdout.set(true)
-        settings.init.allow_root.set(true)
-        settings.scheduler.fast_queues.set(2)
-        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
-        
-        # Define the source with random playlist
-        jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
-        
-        # Ensure the stream never stops
-        jimbops_fallback = fallback([jimbops, jimbops])
-        
-        # Output configuration to Icecast
-        output.icecast(
-	  %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
-          host="127.0.0.1",
-          port=265,
-          password="${config.secrets.castSourcePass}",
-          public=true,
-          icy_metadata=["artist", "title"],
-          mount="jimbops.opus",
-	  encoding = "UTF-8",
-          jimbops_fallback
-        )
-      '';
+  services.icecast = {
+    enable = true;
+    listen.port = 265;
+    hostname = "icecast.${config.domains.jim1}";
+    admin = {
+      user = "jimbo";
+      password = "${config.secrets.castAdminPass}";
     };
+    extraConf = ''
+      <authentication>
+        <source-password>${config.secrets.castSourcePass}</source-password>
+      </authentication>
+      
+      <location>Canada</location>
+      <admin>jimbo@${config.domains.jim2}</admin>
+      
+      <mount type="normal">
+        <mount-name>/jimbops.opus</mount-name>
+        <stream-name>JimBops Radio</stream-name>
+        <stream-description>Music gathered by me, Jimbo.</stream-description>
+        <stream-url>https://icecast.jimbosfiles.com/jimbops.opus</stream-url>
+        <genre>Anything</genre>
+        <type>application/ogg</type>
+        <subtype>vorbis</subtype>
+      </mount>
+    '';
   };
 }
diff --git a/modules/system/services/server/icecast/liquidsoap/default.nix b/modules/system/services/server/icecast/liquidsoap/default.nix
new file mode 100644
index 0000000..de82af3
--- /dev/null
+++ b/modules/system/services/server/icecast/liquidsoap/default.nix
@@ -0,0 +1,30 @@
+{ pkgs, config, ... }:
+{
+  services.liquidsoap.streams = {
+    jimbops = pkgs.writeText "liquidjim" ''
+      settings.log.stdout.set(true)
+      settings.init.allow_root.set(true)
+      settings.scheduler.fast_queues.set(2)
+      settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+      
+      # Define the source with random playlist
+      jimbops = mksafe(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))
+      
+      # Ensure the stream never stops
+      jimbops_fallback = fallback([jimbops, jimbops])
+      
+      # Output configuration to Icecast
+      output.icecast(
+        %ffmpeg(format="ogg", %audio(codec="libvorbis", samplerate=48000, b="256k", channels=2)),
+        host="127.0.0.1",
+        port=265,
+        password="${config.secrets.castSourcePass}",
+        public=true,
+        icy_metadata=["artist", "title"],
+        mount="jimbops.opus",
+        encoding = "UTF-8",
+        jimbops_fallback
+      )
+    '';
+  };
+}
diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix
index 7452a13fe40fa6f183e408f23ad2c563cc59859e..6febffcd9a35b52a0800b35e242951b55a0a3bef 100644
GIT binary patch
literal 2039
zcmV<T2MG88M@dveQdv+`0FS2W+e?QMK&6s}TK>80@i%LD6dNl2RiUp&sR9pFksZP=
zwxoEU-E8lKiq{UEpk!BQln)4W3!A)_UrVX1_pm&GE`7l<g%{%_^0Fy4iv2{bT>!gO
z`<>IRRopwKM^Mz#?vW%AMhPDOyt<jQRb&1<(#DyFUov?X15QUO0rTN>P9g=qWRQb%
zxL?lPNH_`2%eNdK>W|=qHWvTe1=C~N2lD?VZSlgf`yjo<>WFu;7?Ocv{BGVx`=!|Q
zd&Kq5>~&gd(k#fU)_zKza~ex6fWLAzRZTkB*N<O*5zq-exWQU3D8Fge0^qP3@3IDu
zZpLsHnuxT?e*iu)wf@knC8VriA$_*<HDU%ch4uo-?#<@fv^seWM@-f-vi%q%Nml(n
zlzvndIs{qz;}dgE>iYVZrcEh}l}+R_kxJ7a=eDl|=5n9MLs$dV6jZ58>qJEI%Ly9d
z)Y<JkTQg;oD1hv<&x&O7SeKsizk=L^JqEtjMS0ZS`&DqVNVQ`wo(VYK-Z*K|wi8OB
zMSm#pry5H5i_vg~z!gO2D>`ldtpm}`Lzv2ifGI|gJ)O@v^a`WyjwFCZA(^2~8hKyR
z>4VzaJWcwW1(?@UqK%#1M@Aht1Q2wyPaK2Epu=%=@qkRs8|&hM%e6up;@bB7vg~~5
zv~a9m5PwX@R^(a;QOwSNe)kRqcCMWRt~T{$KmxLk?WVDK(zUN*U39jSQ@%suFL4J^
zGG*!SRDuZZF5n;vl(9Y!!)f(6PUjP7i2p1l6e<D3PK7A6!}Ma)X|-Zuj=I4u{$BV@
z`y@zo9X<JRPuvyAgOM(-!-Y+6WYla+t&wIhGoTE`-qJ@wb*mVQl_28m;|F@H>RJ+q
zf66MmL%9^brFq)-fCv>L-{#etW<2q%AYT}9L;S+>wv-Kd&!sE27~Xo`j(fqhyIay}
zt+ZRVT%~8PS<MKqjtef8>AYkGH3Pv*xz0uEFqe#Sbwnq~9b6ZndkeJKxXbU!Zgzvt
zVKl}A9CktkAjrY?U(!u@HEZA|9x}6)fAv*)qz@vfsGSN!lvnJ-FHH43G#HXEmOis6
zSh2;vb>{Jtgw(+&70aru6wNP`{DTV@$pG@H5UO4DWcwHIT@z<__s+p1ueF7PIf|;(
z?tB#Q{5Ebo+-rC?<au~X6OnMm$zf5p3Nz7`0!R<vTVKaSS^KJl?1%*^iei`K7m!k{
zS!O!=%YKP3a-O;Kjz$)Ushme;*DtQ=1aa7{7*l{n{;He^SG#+s$*Y1|itMR_i=U>f
zijly7k>8z&psx?NW-8hcoJHz@Tc@xZ6ik{pp6o=5O^BaCMh&crU$~OP8HJiH00=N6
z2yJA0S#mzeefaUin>EJ0HLt|<qZVXYe3lqWV=XjL9$n+#^60Ls_ye7>&*pT?QrnQ;
z&AGXi+Cl!;JPb?bEZgW1|GT^Xj*`I7tek@#YW+H+IYA&v<3%Dl(xr%WYdBW2;oj{3
z<pTshDqx)jmkzElA%;#hCb7K^^zo3b>W;KoV};5;qniC-%F<QGD8Ga%pd)ppxnenX
zBvRlEWZafTY?<!6ZMb-$hV(@Z7TSkW){|jW1mrym6rC_`&2^r%i6Gph+Ju`nPsCi!
zxGXC|8*C1_@zU4+U&JEJl#BnA(m>J->~*<lZIj0&qAVw7l_<(QQg6^>dH-~m1VI5G
zJlTl_P_|KIXPn^Xe*5DFz`$Re_>c>)KB=4a6HA2xks6Y;%dy?Ta)!Vju69C6__cCn
zh>k-Uf>Y6wf>4po3Te44^u}#D%46$`@$kKU(cMTb@gQJucS1cQR()xc4kg+rN`a{T
z7k-@M^>yc^`P%}(9$Mg&h9M_}+sQ|VPI?hLk9hV_!*A@OE)uHr&t}dl6Og}VH!n^p
znR_N3Pf=F9dxrNy!rx$8I}d02aPqH$HeWnTH@0DhCzryp6E$%!MxXa-t!<?Qi<yTO
zDo-1qYE07AhXOh|rimX1lU|JPZF;_4QDqKqzOR{o1+d=0u1nhcT0;z8v}I4PGhd3G
z10bavHy%UmX8kL>zB;{Z&v>Pml?g1q8kXnTL3Nw}i<i}i<3oVj`$a_k2TSXn6TXx9
zVMfYwW8DD^E&i6ODX<_LzRn3oNmd_GNvkFHL)2@h`8S^`S(m8Y*dKQ>Hks;=s6RtG
z2>+e_1E9ss(1<U3qr>B#$6!tk$68|($2zuFIO3^&(83fF|Ecq9dAOdb68G4t04wd*
zKPXnNcEFfq(w22=Pk<1%#P1_Nc(~jMr(?0M93!9<*A10ho%S)V0&zedlnsJhyV`5E
zv}w3#j8++E$4Q3vB-E8^nNLgSD569qMm4BH)<Fa(bMxrTg`$CN7#|cxC6CsUsV`sX
z?-Sn)7;{fO8UMf^Ap2|*?Enly*`WIKSZOgy;6iA2x)Utr{wo3SoSb{78cEQ;Mef3S
zzU^5gkZqUk#B|&FmTu&4fXU}}{**QcY=@1PPfYTlA9Tx!qU5p)MP6$O`k++g)4*{=
zSi8<!y-1&a>?M~oi(@~nTj$V~;ipvkW)EDnZ5LgHVKJoWtCQDqraOWLIMLzofJu<Y
z0)^6#=N2Nu52vU;@9WqBSN<AVF0yl0XrHLNYIf<SU}C>fT57uGLHsA~w2RiIS`U__
VYLaA0eE)I-p_lMIN*fl*hz+ZQ0Mq~g

literal 2237
zcmV;u2txM&M@dveQdv+`0JxSES9EB}ZzPXwM&_n8BFnjEEJcQJW{7<#q1&6eU@ws$
zoDiXMAZH%=@f@T4`mmo0bWIW3UahrQ&ikM<?sXM&em*Feas&s5kg6|1m(^&dME6f+
zqPmFMU{=Y>Y>NjAzW^rh8tv@vRQHj^wy1=rERF2ME`b)>I=QZ$=xCCLWE|`&w{;Yh
z{G>JENjdw11O|{B=Ir24zo(dQvSM03hvw+osP>ZIJG5FE?`evO0NCQx?YH5!vhb4h
zg4!Wf-*F~97O_#9<x@l$;=<-o<EJ!K(q9{SDe)-!yUQ|8Cybq%2DxSH6TbsX9=8bI
zF5uW9cWMYC+!@EXr?j%c6A~F>H0!L!mufxWA^i(7EHs^>Cy1Va*@jHSStC2RNqVl7
z<|5BHK6h^M_=J^ytp<+&*N^SFjd)vOs*h<kNiqX$e^n0T5LMCTvP7|_=&JY2D;7kt
zTe&{`)cvMG_$K#ZU<RN)_ZZnE+FBhRVmJ75F5Pj@>gFhVhrzE7^GOwv3fRX00#~+O
z2^5^nA7b39tqHT4`Tu?e-BE4|)On}ljOeA?-FX+ma|{qaWXhyin}%NHc~zm;hi5gN
z@3_D3YBDMZ_766nB_NG2oX9V=AmH-&#TVsgQdwbakp(?gSJyK@JW_=VT8g6y*w0o3
zb8Rn1H_w+*<k%{!CpEfo-=RAP1Z8tsdbwW=jb~T;gP{*kRg87zKnH?hI8e!c3}v)m
zvk{@ALm+#CTg2mobb)KvMAoCl)+Q%(6ROnFWE1?E#?!tjXoa`=d~u&ekZzH+fB~GZ
zU4DmIYJ)Y3@CKubOh;GN+$W;8LP<bK?kOI7884!b)e8Yo{~2mOOr7=-vWdiYy^mq1
zX`H@=mFYe%u3cTAdKxT^Lo1TeF|HZe03Pe?vH1$5lZ|pcx0}i3#7r`VK<4}jIH4na
zlz{2<(2;gxUod6~hpQ9?vY!iRB9QoThpWM=Fw^LM-2m3S@?e9tqqw-ui_=!?2)%%)
zn-oY75QMzA>xXC84-kJ*8EZI-druGU4B}*XHFSIkHdecqF!xR-$U(^I5>DOI<Liq=
z>d^WUHj-MO*~^*dkT^7fjI-}u3e3>?HcCmW6)qtb*|K+psSsg*I3}tWYAj9oOM}9{
z*EZrfd!+5^)nE`o2F6}J4bWH1_ZMt+eztJp2U!h?aNn^FRZ*YHv+l;9lYNOd<Re$E
z6CeV^cMoj~?s<t})*F<IFuf=kHvgee0977t9{oiHwsgz8ZA#H5MqJpY8R#Q19+gwH
z7}L*${CJyNEsePxb%A%kaf2;>9Omf9k|=MdJrZ5Sy7k3S{?Rou(k6}=$K3RSaj$5R
zF(a5npeF`TFG?4k{R>@9NQvqfoVWcbYA1<xuhAv}6bMMRUq{2+y)O}l1#}nWOO49S
z-?R3246u68ByDFX;Pmv3z{M$!9v_X;*MK>AizYD7W7OXuHWOg$Z=e;~CTBr5ru$9k
zKpoFv)N|JbdNYO+s=WR#o&5`NLL#*CG<b|y6>@KvcoTz6$w@C8p)hRBy|o^iCTvZ`
zFOX$-NlYquZLCUHClFV@GpaAE`}sNqn!eXqII*hnbIP9_cdq1uK2#%&bz3DTOi}fc
zJWyh$=`G0jeA<nIeMd?+lhbIR>+uNc+^J@{V6*9%@#Gd>d|@l97o>lQx6KHkGtR0`
zoJPOVYzZ5ZsIl~0Oc#=l<<V`kJ3<*M#o7TSBU`N8uVQz!-1jIOy$vdf5y3nli4z+>
zoN3<;*qVFpwDw?V41;wfzBys#0bIy2w7l6bmX}}izA||*L}k^>N0ru_FLjdoag~WS
zt*?~?chw}q0#qt~LWu41BrtR;XSJ3UK~`VpeL{Ttx1gs3^dS5={{r6doc^&<w@r>K
zO8AV|3eT4j-Wgup$dr$D3u#>@+t1c!5#iU=T7U8pv0uqo0Wfk@^MQHPs|D2LZTrrA
zvi6GL1yUvTK5xj|uf3;iDobYLC6@^=xGv0tY-zjf?VNPmH?5W$M_d_aoW5v&*X^rK
z5aNp}4HmPepTg9GMAEgl)rB#|+bU|R5f;xKv6w3kRK1vujCvs{SvEGZkp=u6U!Oon
zrVZmLU9oU@HnqfE06yl}Vm>=?hY+8^*&6~v%*Nwak~(SAXYv0fZIdo}p-6yV2ba^(
z%7qJ@n;V@o9~^qSd<xd5ElM&mn#ECsJ{NVRHE6|GgdCU5Pd~;|&-GG+kWbF^WAENN
zq=EXI+A*dUB;<RG%&FUuV=P2!*%tus@jyaLl5Bp@#B|9Co8gXIxXe?8D9CdOyOa|8
z&^0viCQ2P^1Ib1W(81*<KWZ6QD))H*AZQi|6NH7w5$FN5m8O-xnnKPN<Z{8`#R$y&
zj1ue3JaWN{C1lJIy6XWEwc0RT&Nhq(<=f3JE_=y-u;oP>C9~I}tEH{%e4Lo_+i}tJ
z;;fh=Lkfw@xrk6VRq&Y=AawXKYBXcjgfY`%4R&6Yo);?+@<6|4L;PH2C<Qv2H3n3n
zD~3*TUrGkP(d}V9<8_2~lgkU*<bnttQH#6RGF8Ig8T0~Xo=2w~Wa5#(V#Sanxue&!
zahVT;O2o=YrebHvwlF0tup%lHrJ)J<uGH=bt+~DA!7c=R?-Kj>4fP#C$HRHI@x4~i
zqA<$jB1)CIMaAO9yNOm(4SL-wi4oo1zB)i^fT{z582bUMIWtLiQYoi)z!H=%cQKGd
zou3iOD@BTvBqh&-Dx@iW*7eElk??@`GGEs=)!C+I?!|4x`y{6aAsCy&ILF_Q(sZPc
zU^~qxK#A&KY{#LCp98`cH{{bHck-KFl0XV_kakj-cc#Eru{vQ-mN|VrXl&|80$evC
zOvS_8g4r*Yb<>hfq68bH37?2Z=SR}boL<Jp4yTdB_%yA1CtHz$;s<Ju`3>-LNP04J
Lf9QgZF9o4aMl(x0