From 93541beed7f339016bc755be2e0ea29cac18765b Mon Sep 17 00:00:00 2001
From: Jimbo <jimbo@nixfox.ca>
Date: Sun, 24 Nov 2024 16:53:49 -0500
Subject: [PATCH] Move variables to more convenient folder

---
 hosts/extern/boot/default.nix                 |  33 +++++-
 hosts/extern/default.nix                      |   4 +-
 hosts/extern/disko/default.nix                |  96 ++++++++++++++++++
 hosts/extern/filesystems/default.nix          |  11 ++
 hosts/extern/hardware/default.nix             |  29 +-----
 hosts/extern/nixmodules/default.nix           |   7 --
 modules/extras/default.nix                    |   7 ++
 .../extras/overlays}/default.nix              |   0
 .../extras/overlays}/packages/default.nix     |   0
 .../overlays}/packages/hlsdk/default.nix      |   0
 .../packages/xash3d/change-zip-date.patch     |   0
 .../overlays}/packages/xash3d/default.nix     |   0
 .../extras/overlays}/unstable/default.nix     |   0
 .../extras/variables}/default.nix             |   0
 .../extras/variables}/displays/default.nix    |   0
 .../extras/variables}/domains/default.nix     |   0
 .../extras/variables}/ips/default.nix         |   0
 .../extras/variables}/look/border/default.nix |   0
 .../extras/variables}/look/colors/default.nix |   0
 .../extras/variables}/look/default.nix        |   0
 .../extras/variables}/look/fonts/default.nix  |   0
 modules/extras/variables/secrets/default.nix  |  56 ++++++++++
 .../extras/variables}/workspaces/default.nix  |   0
 modules/home/default.nix                      |   3 +-
 .../programs/terminal/carapace/default.nix    |   4 +
 modules/home/programs/terminal/default.nix    |   1 +
 .../home/programs/terminal/zsh/default.nix    |   3 +-
 modules/system/default.nix                    |   3 +-
 .../system/settings/documentation/default.nix |   2 -
 modules/system/settings/minimal/default.nix   |   1 +
 variables/secrets/default.nix                 | Bin 1986 -> 0 bytes
 31 files changed, 215 insertions(+), 45 deletions(-)
 create mode 100644 hosts/extern/disko/default.nix
 create mode 100644 hosts/extern/filesystems/default.nix
 delete mode 100644 hosts/extern/nixmodules/default.nix
 create mode 100644 modules/extras/default.nix
 rename {overlays => modules/extras/overlays}/default.nix (100%)
 rename {overlays => modules/extras/overlays}/packages/default.nix (100%)
 rename {overlays => modules/extras/overlays}/packages/hlsdk/default.nix (100%)
 rename {overlays => modules/extras/overlays}/packages/xash3d/change-zip-date.patch (100%)
 rename {overlays => modules/extras/overlays}/packages/xash3d/default.nix (100%)
 rename {overlays => modules/extras/overlays}/unstable/default.nix (100%)
 rename {variables => modules/extras/variables}/default.nix (100%)
 rename {variables => modules/extras/variables}/displays/default.nix (100%)
 rename {variables => modules/extras/variables}/domains/default.nix (100%)
 rename {variables => modules/extras/variables}/ips/default.nix (100%)
 rename {variables => modules/extras/variables}/look/border/default.nix (100%)
 rename {variables => modules/extras/variables}/look/colors/default.nix (100%)
 rename {variables => modules/extras/variables}/look/default.nix (100%)
 rename {variables => modules/extras/variables}/look/fonts/default.nix (100%)
 create mode 100644 modules/extras/variables/secrets/default.nix
 rename {variables => modules/extras/variables}/workspaces/default.nix (100%)
 create mode 100644 modules/home/programs/terminal/carapace/default.nix
 delete mode 100644 variables/secrets/default.nix

diff --git a/hosts/extern/boot/default.nix b/hosts/extern/boot/default.nix
index ece0152..972bff6 100644
--- a/hosts/extern/boot/default.nix
+++ b/hosts/extern/boot/default.nix
@@ -1,7 +1,36 @@
 { config, pkgs, ... }:
-{
+let
+  commonKernelParams = [
+    # VM/GPU passthrough
+    "amd_iommu=on"
+    "iommu=pt"
+    "nested=1"
+
+    # Virtualization nonsense
+    "transparent_hugepage=never"
+
+    # Isolate devices into IOMMU groups
+    "pcie_acs_override=downstream,multifunction"
+    "pci=routeirq"
+  ];
+in {
   boot = {
-    kernelPackages = pkgs.linuxPackages_latest;
+    # Must be Zen for IOMMU isolation
+    kernelPackages = pkgs.unstable.linuxPackages_zen;
     kernel.sysctl."vm.max_map_count" = 2147483642;
+    kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:1f82,10de:10fa" ];
+    blacklistedKernelModules = [ "pcspkr" ];
+
+    # Needed for GPU passthrough
+    initrd.kernelModules = [
+      "vfio"
+      "vfio_pci"
+      "vfio_iommu_type1"
+    ];
+  };
+
+  # Use second GPU on boot
+  specialisation.gputwo.configuration = {
+    boot.kernelParams = commonKernelParams ++ [ "vfio-pci.ids=10de:2504,10de:228e" ];
   };
 }
diff --git a/hosts/extern/default.nix b/hosts/extern/default.nix
index c4a1b51..c1ddb3a 100644
--- a/hosts/extern/default.nix
+++ b/hosts/extern/default.nix
@@ -2,13 +2,13 @@
 {
   imports = [
     ./boot
+    ./disko
+    ./filesystems
     ./hardware
-    ./nixmodules
     ./wireguard
     ../../modules/system
   ];
 
-  boot.loader.systemd-boot.enable = lib.mkForce false;
   services.btrfs.autoScrub.enable = lib.mkForce false;
 
   system.video.nvidia.enable = true;
diff --git a/hosts/extern/disko/default.nix b/hosts/extern/disko/default.nix
new file mode 100644
index 0000000..e8471a3
--- /dev/null
+++ b/hosts/extern/disko/default.nix
@@ -0,0 +1,96 @@
+{ disko, config, ... }:
+{
+  imports = [ disko.nixosModules.disko ];
+
+  disko.devices = {
+    disk = {
+      "${config.networking.hostName}" = {
+        type = "disk";
+        device = "/dev/sdg";
+        content = {
+          type = "gpt";
+          partitions = {
+            ESP = {
+              priority = 1;
+              size = "2G";
+              type = "EF00";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = "/boot";
+                mountOptions = [ "umask=0077" ];
+              };
+            };
+            luks = {
+              size = "100%";
+              content = {
+                type = "luks";
+                name = "${config.networking.hostName}-disk";
+                settings.allowDiscards = true;
+                passwordFile = "/tmp/secret.key";
+                content = {
+                  type = "lvm_pv";
+                  vg = "${config.networking.hostName}";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+
+    nodev = {
+      "/" = {
+        fsType = "tmpfs";
+        mountOptions = [ "size=4G" ];
+      };
+    };
+
+    lvm_vg = {
+      "${config.networking.hostName}" = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ];
+              subvolumes = {
+                "/nix" = {
+                  mountpoint = "/nix";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+
+                # Impermanence
+                "/persist" = {
+                  mountpoint = "/persist";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+                "/persist/.snapshots" = { };
+
+                "/jimbo" = {
+                  mountpoint = "/persist/home/jimbo";
+                  mountOptions = [ "compress=zstd" "noatime" "ssd" ];
+                };
+                "/jimbo/.snapshots" = { };
+              };
+            };
+          };
+          swap = {
+            size = "8G";
+            content = {
+              type = "swap";
+              discardPolicy = "both";
+            };
+          };
+        };
+      };
+    };
+  };
+
+  # Needed for impermanence
+  fileSystems = {
+    "/persist".neededForBoot = true;
+    "/persist/home/jimbo".neededForBoot = true;
+  };
+}
diff --git a/hosts/extern/filesystems/default.nix b/hosts/extern/filesystems/default.nix
new file mode 100644
index 0000000..60aeaf3
--- /dev/null
+++ b/hosts/extern/filesystems/default.nix
@@ -0,0 +1,11 @@
+{ config, ... }:
+{
+  fileSystems = {
+    # Remote
+    "/home/jimbo/JimboNFS" = {
+      device = "10.100.0.1:/export/JimboNFS";
+      fsType = "nfs4";
+      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
+    };
+  };
+}
diff --git a/hosts/extern/hardware/default.nix b/hosts/extern/hardware/default.nix
index eb19a42..807c3d4 100644
--- a/hosts/extern/hardware/default.nix
+++ b/hosts/extern/hardware/default.nix
@@ -1,32 +1,7 @@
 { config, lib, modulesPath, ... }:
 {
-  imports = [ (modulesPath + "/profiles/all-hardware.nix") ];
-
-  boot = {
-    initrd = {
-      availableKernelModules = [
-        "nvme"
-        "xhci_pci"
-        "ahci"
-        "usbhid"
-        "uas"
-        "usb_storage"
-        "sd_mod"
-      ];
-      kernelModules = [
-        "dm-snapshot"
-      ];
-    };
-  };
-
-  fileSystems = {
-    # Remote
-    "/home/jimbo/JimboNFS" = {
-      device = "10.100.0.1:/export/JimboNFS";
-      fsType = "nfs4";
-      options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ];
-    };
-  };
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
+  boot.kernelModules = [ "dm-snapshot" ];
 
   networking.useDHCP = lib.mkDefault true;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
diff --git a/hosts/extern/nixmodules/default.nix b/hosts/extern/nixmodules/default.nix
deleted file mode 100644
index c1b57a5..0000000
--- a/hosts/extern/nixmodules/default.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ modulesPath, ... }:
-{
-  imports = [
-    "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix"
-    "${modulesPath}/installer/cd-dvd/channel.nix"
-  ];
-}
diff --git a/modules/extras/default.nix b/modules/extras/default.nix
new file mode 100644
index 0000000..82d0015
--- /dev/null
+++ b/modules/extras/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./overlays
+    ./variables
+  ];
+}
diff --git a/overlays/default.nix b/modules/extras/overlays/default.nix
similarity index 100%
rename from overlays/default.nix
rename to modules/extras/overlays/default.nix
diff --git a/overlays/packages/default.nix b/modules/extras/overlays/packages/default.nix
similarity index 100%
rename from overlays/packages/default.nix
rename to modules/extras/overlays/packages/default.nix
diff --git a/overlays/packages/hlsdk/default.nix b/modules/extras/overlays/packages/hlsdk/default.nix
similarity index 100%
rename from overlays/packages/hlsdk/default.nix
rename to modules/extras/overlays/packages/hlsdk/default.nix
diff --git a/overlays/packages/xash3d/change-zip-date.patch b/modules/extras/overlays/packages/xash3d/change-zip-date.patch
similarity index 100%
rename from overlays/packages/xash3d/change-zip-date.patch
rename to modules/extras/overlays/packages/xash3d/change-zip-date.patch
diff --git a/overlays/packages/xash3d/default.nix b/modules/extras/overlays/packages/xash3d/default.nix
similarity index 100%
rename from overlays/packages/xash3d/default.nix
rename to modules/extras/overlays/packages/xash3d/default.nix
diff --git a/overlays/unstable/default.nix b/modules/extras/overlays/unstable/default.nix
similarity index 100%
rename from overlays/unstable/default.nix
rename to modules/extras/overlays/unstable/default.nix
diff --git a/variables/default.nix b/modules/extras/variables/default.nix
similarity index 100%
rename from variables/default.nix
rename to modules/extras/variables/default.nix
diff --git a/variables/displays/default.nix b/modules/extras/variables/displays/default.nix
similarity index 100%
rename from variables/displays/default.nix
rename to modules/extras/variables/displays/default.nix
diff --git a/variables/domains/default.nix b/modules/extras/variables/domains/default.nix
similarity index 100%
rename from variables/domains/default.nix
rename to modules/extras/variables/domains/default.nix
diff --git a/variables/ips/default.nix b/modules/extras/variables/ips/default.nix
similarity index 100%
rename from variables/ips/default.nix
rename to modules/extras/variables/ips/default.nix
diff --git a/variables/look/border/default.nix b/modules/extras/variables/look/border/default.nix
similarity index 100%
rename from variables/look/border/default.nix
rename to modules/extras/variables/look/border/default.nix
diff --git a/variables/look/colors/default.nix b/modules/extras/variables/look/colors/default.nix
similarity index 100%
rename from variables/look/colors/default.nix
rename to modules/extras/variables/look/colors/default.nix
diff --git a/variables/look/default.nix b/modules/extras/variables/look/default.nix
similarity index 100%
rename from variables/look/default.nix
rename to modules/extras/variables/look/default.nix
diff --git a/variables/look/fonts/default.nix b/modules/extras/variables/look/fonts/default.nix
similarity index 100%
rename from variables/look/fonts/default.nix
rename to modules/extras/variables/look/fonts/default.nix
diff --git a/modules/extras/variables/secrets/default.nix b/modules/extras/variables/secrets/default.nix
new file mode 100644
index 0000000..ad5fe43
--- /dev/null
+++ b/modules/extras/variables/secrets/default.nix
@@ -0,0 +1,56 @@
+{ lib, config, ... }:
+{
+  options.secrets = lib.mkOption {
+    type = lib.types.attrs;
+    default = {};
+  };
+
+  config.secrets = {
+    # User passwords, generated with 'mkpasswd -m sha-512'
+    jimboAccPass = "$6$gYpE.pG/zPXgin06$2kydjDfd0K62Dhf9P0PFvJhRNz6xIC/bHYaf/XYqyKcLyZNzPQpy8uy9tCRcSYlj1wwBhzVtTRyItwajOHCEj0";
+
+    # Cloudflare API key
+    flareApiKey = "ICUi1Zj0e_boCkeUJbXP9dJusv_qX_zhKWQGPcFe";
+
+    # Wireguard keys, generated with the wg command
+    wgServerPriv = "WHxxi53Yp8NRZhT+BQnvC62BckOeG1x2SOvkWlm0tGo=";
+    wgClientPriv = "MK9j0eYlgv+MZ9sSYO6C3lfqScpLPwcBqEckJ7o7tU4=";
+
+    # Icecast, plaintext
+    castAdminPass = "Gw9P8tW$omeq#reZA$b^jDy9VN";
+    castSourcePass = "KkFDeM0SHIL*s6!d4x*a4b#bcq";
+
+    # Photoprism, plaintext
+    prismAdminPass = "gr3SkIqSBjDmypyxU!Zj9*CJ4X";
+
+    # Matrix secrets
+    matrixSecret = "bea7db528a95d8225c5fe6bf92614816fe9d31496b510dff78b1608cfb36f82a";
+    coturnSecret = "@OvhK7r4wu!71d9dcmQ$Z6PkqA#LP0niyJHLTiMVJFILo7@6ks3wwmjWJ*zDBV43";
+
+    # Pixelfed secret, must be 32 characters long
+    pixelfedKey = ''APP_KEY=W9qein6055k9GdvwGbdJ6WxQ71Lr51cQ'';
+
+    # Transmission credentials, plaintext
+    transmissionCredFile = ''
+      {
+        "rpc-username": "jimbo",
+        "rpc-password": "w%QbIEZhoi4jh*j*PKaZLkKk96"
+      }
+    '';
+
+    # Email cleartext passwords
+    noreplyPassword = "5mpEp3P^n6A%r3fznJA5";
+
+    # Email account hashes, generated with 'mkpasswd -m bcrypt'
+    noreplyMailHash = "$2b$05$7VibcFKXy5Ff9sUMh3KWBeSXkInXNeaADa71Md/swt5RCk5s7UnM2";
+    jimboMailHash = "$2a$12$vHeFInRpfp.lpfR/k8ptNecs3ztKjkRTr9hae0DP8yEN1ZHKM2sxe";
+    lunaMailHash = "$2y$10$ksBfmuuojCWnzFqpBDoE/OoGZyqfP.Luo2il7wWcqHemHgqhpQdi6";
+    cornMailHash = "$2b$05$qpG1aOA2tv3zLjzwh8/kyO3zZ8BZxvXcav0ioX7Y3Tps0tyhE/c7q";
+    tinyMailHash = "$2a$12$beq/ZO3hRz5mmGe9Cvvx8u/sNJcjVHlQQ5axv8IBmdJav60n7fuK6";
+
+    # IPs
+    jimIP = "99.247.177.43";
+    lunaIP = "71.87.124.226";
+    cornIP = "24.66.98.13";
+  };
+}
diff --git a/variables/workspaces/default.nix b/modules/extras/variables/workspaces/default.nix
similarity index 100%
rename from variables/workspaces/default.nix
rename to modules/extras/variables/workspaces/default.nix
diff --git a/modules/home/default.nix b/modules/home/default.nix
index c1f6d01..d060006 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -7,8 +7,7 @@
     ./settings
     ./wms
     ./users
-    ../../overlays
-    ../../variables
+    ../extras
 
     # Imports
     nur.nixosModules.nur
diff --git a/modules/home/programs/terminal/carapace/default.nix b/modules/home/programs/terminal/carapace/default.nix
new file mode 100644
index 0000000..625d54b
--- /dev/null
+++ b/modules/home/programs/terminal/carapace/default.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  programs.carapace.enable = true;
+}
diff --git a/modules/home/programs/terminal/default.nix b/modules/home/programs/terminal/default.nix
index 680d658..6cc9c7c 100644
--- a/modules/home/programs/terminal/default.nix
+++ b/modules/home/programs/terminal/default.nix
@@ -1,6 +1,7 @@
 { ... }:
 {
   imports = [
+    ./carapace
     ./fastfetch
     ./git
     ./ncmpcpp
diff --git a/modules/home/programs/terminal/zsh/default.nix b/modules/home/programs/terminal/zsh/default.nix
index 4289067..2acc44f 100644
--- a/modules/home/programs/terminal/zsh/default.nix
+++ b/modules/home/programs/terminal/zsh/default.nix
@@ -2,6 +2,7 @@
 {
   programs.zsh = {
     enable = true;
+    enableCompletion = false;
     autosuggestion.enable = true;
     syntaxHighlighting.enable = true;
     oh-my-zsh = {
@@ -34,9 +35,9 @@
       seneca = "ssh jhampton1@matrix.senecapolytechnic.ca";
     };
     initExtra = ''
+      ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
       source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh
       source ${pkgs.zsh-you-should-use}/share/zsh/plugins/you-should-use/you-should-use.plugin.zsh
-      ${pkgs.any-nix-shell}/bin/any-nix-shell zsh --info-right | source /dev/stdin; pfetch
       setopt HIST_IGNORE_SPACE
       setopt RM_STAR_WAIT
     '';
diff --git a/modules/system/default.nix b/modules/system/default.nix
index 831a9c3..893b2d3 100644
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -7,8 +7,7 @@
     ./programs
     ./services
     ./settings
-    ../../overlays
-    ../../variables
+    ../extras
   ];
 
   time.timeZone = "America/Toronto";
diff --git a/modules/system/settings/documentation/default.nix b/modules/system/settings/documentation/default.nix
index 13fb7e1..84dc696 100644
--- a/modules/system/settings/documentation/default.nix
+++ b/modules/system/settings/documentation/default.nix
@@ -5,6 +5,4 @@
     info.enable = false;
     nixos.enable = false;
   };
-
-  programs.command-not-found.enable = true;
 }
diff --git a/modules/system/settings/minimal/default.nix b/modules/system/settings/minimal/default.nix
index 0b9712e..00eade7 100644
--- a/modules/system/settings/minimal/default.nix
+++ b/modules/system/settings/minimal/default.nix
@@ -6,5 +6,6 @@
   };
 
   programs.less.lessopen = null;
+
   services.logrotate.enable = false;
 }
diff --git a/variables/secrets/default.nix b/variables/secrets/default.nix
deleted file mode 100644
index 1cbcd891b21536d4e0ab6093f52a8b702ce32d52..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1986
zcmV;z2R--zM@dveQdv+`0KI#KV<)qbCZ1$!S0Hb5Pc=Gljg34C)Dfv446=T!@#d+p
zJy4A7-|Q<$JC*QlhKfW5J~0BXFi!OIr}92Ju~XhrbYIu&KppR?0xa4!=9h=bRN#G1
z>B-1r9R;|<$jyCjjIh7SV`b^6+NP#ny@jay#HJ$K;zcPR2v?xybkQeQbJOd)$1Ik7
zkUItKLNu0g5tfzKE$um1HIi3R&(o}xO{eAl+lC-@vnJDepYP_P9(twbc(?w|LaMUj
z7~H>_O!I++#j{{aD*G$9jp85wm8A3hAcDpTWy%(aW*ICIg;46n`iy0>APiF1m)hNo
zS#wT10Gs(zT3qF<D>#0k7Ok^1A;TVeS?_FwYTi=G#$^-Ob<?|NA&}m6uegx6`NtaV
z;;X)Foh4daV{YXU$NutdJ(%Fq?@!wLM8wAtPh?5go21{j$B375rvQ~rBn1Ap<%>1)
zH~o5{MmrRn1S3u)iMOVtA>GdHRo?Ut^^+T6)wa;A106167hx`=`+kIY=ru2b2UyN~
zzgtuf0K+LxzQ`CZR*<)2;t^nwTuEb<=nF{yygohNIUgQDUBhi{n^s@``}c1&^r%;7
z1kN<RD5~^RPyAFW`;<E%V8z?smHR_@)9MMt?(ToUzNG@L6i4sUuNt#nsnJBP-0g~>
z-W)PUFC*B6>Kq~o$3*b3KXkHmd$Ep@q6{x}LNOPwiqFxaHh-ILWhMqSJ0D~PyFoF(
z#VOm7;^430vsBA_HzfWg0XUe%TG^%NW25U}SLJ3yimAb4uavbW^uz*|d3%nE!-($~
z`FGX@ml)6*5e1l)@g%(sDTK?{{CGWL%n%=Nvl4Gdn<|!oG_~5c=p9xsQrA;Xy?X$a
z$*-~`a#LwhbnVbxPZDa_+gOPTS*8Nr$q*HsWGjB-?52-;H%QER`o1x15b3+5C)5m9
zlZ94WhoGMdAx5v5BD1oGxuz?Y<#Z$=^nXaU4%0n3vL*B4HQepy#92*Isb*4{9=4P3
zdl5zAO@x4!E9L<uCS!LyuBx76J#I<3aZC?B-fG?+(Avt|ol+%F?dXj_acvM<jJ54|
zpj@lTS!r8L2EZ9wGzD!CQhSlmT-D(dvh+SwDI(^azS*`=5Nlhyvm7L^8*RI1>hE>0
z;*a}GBTjn#u!Tx%7==A2ICnlKGyky&Pf70HM{gy2W_0yMS(fT-N+3y_;P%+$Jg*qc
zlPEyR6>+BFG2A`%ZS0Vy`H!|?+rp|j1-<93j652ixHn=-;2*6-pKm@I!_hM$l_C46
ze{xsjS;f4Pybzq3j8+g>4=9#%ss>`~I%f<E(8t@F^|dRx%(A}A2yFL{z!`|XSm8P7
zaX?YEam~1Z6<$AyAQg=;=2N-;i(qA=XsTd)I}|qZz37R+s2O_a+oMB<-rMi@uk6@E
zI_Jwj8xvhZh=lZYvc9PUE?taA5X9~|2cCwti}fl@<)JWUXvq^)5j~25^!EazSsFhX
zgB(bN@!nlSTtF~as5t^u(E`EP0_UaN^zz)GTakC!s;&lzcfy2YB8(X~6I*lX`i}9-
zsm9bPaoEzs!mEaV%{3V4z`tKk394&6CQNstC)z!V#@Ewd^8reriHX(6;aw$3Wl3V`
zoXb&3?QuqrcXJ;5Zh`s#KZmU46Ws{sodk=MfU2dtYJs4j%|^X3-j{BC_9;!cDxT$N
z6(+%;Zq#&TW|VO}qXx8ME(5qkATBvVhR;Kl&u(494emkc&f;<r<lhvH^o`#@+M_@L
zRUs)qs_Oez9=2DDRVGrn@cbz|oxR!#0&o}@T;lcK#l}721NO6oQ`z)mORoz8_Q|So
zbGYt!c1n)p1xB02lRR3G$^-zV9ADyo-o!n(1%|-w2JvImWi>phe(CwWmmw93_}fJ^
z6z*@jWLZ4k`!EWJ`-1sXTyV5QH)j|E3^K||c)TC}_KB2D8Ds-5na^oqeeygC&~AQh
z(fiw`qZ~F&2H8YcEe^IELX@C>KqGd$L*0_GwA1olr_!E_#G$tNnu=7YduSnGg<|l%
zpqttsAo%F@*v=ngV8;yaRiZ*m$?u2F=Nx6X^*D7~=gg32=I?T`?btBb>PtcJ=y<In
zvynPT!9*^Khm_9Vk=Q?9+4U79PaQo}gOn&-W(O77c1tP<{M0&s;_8Icv`5O7;IVi!
zOg;epwQFM&!;_*=Y;ShxEMYTB)28r6YT=9hHNksnw>J*3?TRs7)kUx9dZSqWu|aW~
zg#x$}C2u19ujOgJj7g-eTf*JjS0?geT(cJW^OIVI67iGNDI!dH4x?f$!k}#;y#BkP
z7hORM-%z>RA-sR3Uc2!^Z*a9!%qoq|rH$r?0#fs@;yHBKiUoH*1jDE5o9}4FqoCBX
znKD`;U#0U_hB_1j%~hzT`i1c~Eeb-@G=%o(=84pe5#1}){UHvlB06fq-b?}poea-E
zQC4T4;6s?1a~pGrTn<r54;vkI?Ch0i_zvgntxaQQegJ19x@EMC?GTB@Dc2@CnbD6J
z#WXGWY5H!DXfZnGoUPeg8X4t_)j?3f{5T;8T1)`hjDK_!%z#2(*L2S@!JgBgau7rP
UR}w^U$PiTfPeVvM+*k>LKb7(7*Z=?k