From 07632b962cc35c74e2a01ed90c8510dcea53c6fb Mon Sep 17 00:00:00 2001 From: nx2 Date: Wed, 6 Mar 2024 13:49:22 +0100 Subject: [PATCH] init commit - working on easyroam --- .gitattributes | 1 + .vscode/settings.json | 3 + configuration.nix | 193 +++++++++++++ flake.lock | 48 ++++ flake.nix | 47 ++++ hardware-configuration.nix | 37 +++ home.nix | 370 +++++++++++++++++++++++++ secrets/passwords-and-certificates.nix | Bin 0 -> 2431 bytes 8 files changed, 699 insertions(+) create mode 100644 .gitattributes create mode 100644 .vscode/settings.json create mode 100644 configuration.nix create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hardware-configuration.nix create mode 100644 home.nix create mode 100644 secrets/passwords-and-certificates.nix diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..45b5ca3 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +secrets/** filter=git-crypt diff=git-crypt diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..2931276 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "nixEnvSelector.nixFile": "${workspaceFolder}/configuration.nix" +} \ No newline at end of file diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..7e4a605 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,193 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, allowed, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + # boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.grub = { + enable = true; +# device = "/dev/nvme0n1p1"; + device = "nodev"; + # useOSProber = true; + efiSupport = true; + }; + + + networking.hostName = "NxXPS"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "de"; +# useXkbConfig = true; # use xkb.options in tty. + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + + + # Configure keymap in X11 + services.xserver.xkb.layout = "de"; + services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound. + #sound.enable = true; + #hardware.pulseaudio.enable = true; + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + }; + + + # Enable touchpad support (enabled default in most desktopManager). + services.xserver.libinput.enable = true; + hardware.uinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.defaultUserShell = pkgs.fish; + + users.users.nx2 = { + isNormalUser = true; + extraGroups = [ "networkmanager" "wheel" "audio" "video" "docker" "libvirtd" "uinput" ]; + useDefaultShell = true; + packages = with pkgs; []; # all in home.nix + }; + + nixpkgs.config = { + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages; + permittedInsecurePackages = [ + "electron-25.9.0" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + ntfs3g + fish + starship + git + git-crypt + wget + curl + killall + nano + micro + yazi + bat + du-dust + htop + eza + zoxide + neofetch + direnv + openssl + ]; + + environment.sessionVariables = rec { + XDG_CACHE_HOME = "$HOME/.cache"; + GTK_THEME = "Adwaita-Dark"; + }; + environment.variables = rec { + XDG_CACHE_HOME = "$HOME/.cache"; + GTK_THEME = "Adwaita-Dark"; + }; + + + fonts.packages = with pkgs; [ + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + atkinson-hyperlegible + (nerdfonts.override { fonts = [ "CascadiaCode" ]; }) + + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.fish = { + enable = true; + }; + programs.hyprland = { + enable = true; + xwayland.enable = true; + }; + + + + + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "23.11"; # Did you read the comment? + + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; +} + diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..fdc5cc3 --- /dev/null +++ b/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1706981411, + "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "652fda4ca6dafeb090943422c34ae9145787af37", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1709569716, + "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "617579a787259b9a6419492eaac670a5f7663917", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-23.11", + "type": "indirect" + } + }, + "root": { + "inputs": { + "home-manager": "home-manager", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..3ff76a7 --- /dev/null +++ b/flake.nix @@ -0,0 +1,47 @@ +{ + description = "A Flake lol"; + + inputs = { + nixpkgs.url = "nixpkgs/nixos-23.11"; + home-manager.url = "github:nix-community/home-manager/release-23.11"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { self, nixpkgs, home-manager, ... }: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + user = "nx2"; + allowed = { + unfree-packages = [ + "spotify" + "obsidian" + "zoom-us" + ]; + inecure-packages = [ + "electron-25.9.0" + ]; + }; + secrets = import ./secrets/passwords-and-certificates.nix + in + { + nixosConfigurations = { + NxXPS = nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + ./configuration.nix + ]; + specialArgs = {inherit user allowed secrets;}; + }; + }; + + homeConfigurations = { + nx2 = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ ./home.nix ]; + extraSpecialArgs = {inherit user allowed secrets;}; + }; + }; + + }; +} \ No newline at end of file diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..18ff2b7 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/9770465e-6b0e-40ec-944a-953fe71cf47a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0A97-7A2D"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/home.nix b/home.nix new file mode 100644 index 0000000..988bcfa --- /dev/null +++ b/home.nix @@ -0,0 +1,370 @@ +{ config, pkgs, lib, allowed, ... }: + +{ + imports = [ + # Make vscode settings writable + (import (builtins.fetchurl { + url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/mutability.nix"; + sha256 = "4b5ca670c1ac865927e98ac5bf5c131eca46cc20abf0bd0612db955bfc979de8"; + }) { inherit config lib; }) + + (import (builtins.fetchurl { + url = "https://gist.githubusercontent.com/piousdeer/b29c272eaeba398b864da6abf6cb5daa/raw/41e569ba110eb6ebbb463a6b1f5d9fe4f9e82375/vscode.nix"; + sha256 = "fed877fa1eefd94bc4806641cea87138df78a47af89c7818ac5e76ebacbd025f"; + }) { inherit config lib pkgs; }) + ]; + + home.username = "nx2"; + home.homeDirectory = "/home/nx2"; + + home.stateVersion = "23.11"; + + nixpkgs.config = { + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) allowed.unfree-packages; + permittedInsecurePackages = allowed.inecure-packages; + }; + + security.pki.certificates = nxPwCa.easyroamCa; + + home.packages = with pkgs; [ + firefox chromium + vscodium gimp inkscape + kitty + zathura remmina + vesktop thunderbird element-desktop # zoom-us + obsidian + spotify spicetify-cli + obs-studio bitwarden + hyprland-protocols waybar swww hyprland-autoname-workspaces rofi wlogout imv mpv + pavucontrol fontpreview gtk2fontsel + lynx tldr fzf + libinput-gestures dotool wev gnome.nautilus gnome.gnome-themes-extra gnome.adwaita-icon-theme gnome.gnome-tweaks gtk3 gtk4 lxappearance + element sssnake pipes + + + + # # You can also create simple shell scripts directly inside your + # # configuration. For example, this adds a command 'my-hello' to your + # # environment: + (pkgs.writeShellScriptBin "nx_connect_to_pnx" '' + cd /home/nx2/PNX/vpn + sudo openvpn /home/nx2/PNX/vpn/firewall_phoenix_1_local_RW_Phoenix.ovpn + '') + ]; + + + xdg.mimeApps = { + enable = true; + defaultApplications = { + "default-web-browser" = [ "firefox.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/about" = [ "firefox.desktop" ]; + "x-scheme-handler/unknown" = [ "firefox.desktop" ]; + "image/png" = "imv.desktop"; + "image/gif" = "feh.desktop"; + }; + }; + + + + # systemd.user.services = { + # ydotoold = { + # Unit = { + # Description = "An auto-input utility for wayland"; + # Documentation = [ "man:ydotool(1)" "man:ydotoold(8)" ]; + # }; + + # Service = { + # ExecStart = "/run/current-system/sw/bin/ydotoold --socket-path /tmp/ydotool_socket "; + # }; + + # Install = { + # WantedBy = ["default.target"]; + # }; + # }; + # }; + + + # Home Manager is pretty good at managing dotfiles. The primary way to manage + # plain files is through 'home.file'. + home.file = { + + # ".config/libinput/gestures".text = '' + # # Swipe threshold (0-100) + # swipe_threshold 0 + + # # Gestures + # gesture swipe left 3 ydotool key 276:1 276:0 + # gesture swipe right 3 ydotool key 275:1 275:0 + # '' + ".config/libinput/gestures".text = '' + # Swipe threshold (0-100) + swipe_threshold 0 + + # Gestures + gesture swipe left 3 echo key k:276 | dotool + gesture swipe right 3 echo key k:275 | dotool + ''; + + ".config/hyprland-autoname-workspaces/config.toml".text = '' + version = "1.1.13" + + [class] + Signal = "󱅵" + DEFAULT = "{class}" + libreoffice-writer = "" + pavucontrol = "󰕾" + "epicgameslauncher.exe" = "󰯷" + "riotclientux.exe" = "󰰌" + "[Cc]ode" = "󰨞" + VirtualBox = "" + KiCad = "" + Gimp = "" + code-oss = "󰨞" + VSCodium = "󰨞" + Alacritty = "" + kitty = "" + vesktop = "󰙯" + "cyberpunk2077.exe" = "󰾲" + "Tor Browser" = "󰾔" + "[Tt]hunderbird" = "" + Element = "󰘨" + blueman-manager = "󰂯" + obsidian = "󰠮" + libreoffice-calc = "" + zoom = "󰬡" + mpv = "" + chatterino = "" + "com.obsproject.Studio" = "" + "leagueclientux.exe" = "󰰌" + "[sS]potify" = "" + "org.remmina.Remmina" = "󰢹" + steam = "󰓓" + "galaxyclient.exe" = "󰮡" + "[Ff]irefox" = "󰈹" + pcbnew = "" + ".*.exe" = "" + Chromium = "" + virt-manager = "" + Bitwarden = "" + "[tT]hunar" = "" + zathura = "󰈦" + discord = "󰙯" + "VirtualBox Manager" = "" + "org.inkscape.Inkscape" = "󰕙" + "VirtualBox Machine" = "" + lutris = "󰊗" + "[gG]imp-.*" = "" + + [class_active] + "(?i)ExampleOneTerm" = "icon" + + [initial_class] + + [initial_class_active] + + [workspaces_name] + 10 = "ten" + 4 = "four" + 8 = "eight" + 9 = "nine" + 6 = "six" + 1 = "one" + 3 = "three" + 2 = "two" + 0 = "zero" + 7 = "seven" + 5 = "five" + + [title_in_class] + [title_in_class_active] + [title_in_initial_class] + [title_in_initial_class_active] + [initial_title_in_class] + [initial_title_in_class_active] + [initial_title_in_initial_class] + [initial_title_in_initial_class_active] + + [exclude] + "(?i)fcitx" = ".*" + aProgram = "^$" + "ueberzug.*" = "" + "" = "^$" + "[Ss]team" = "^(Friends List.*)?$" + "explorer.exe" = ".*" + "(?i)TestApp" = "" + + [format] + dedup = false + dedup_inactive_fullscreen = false + delim = " " + workspace = "{id}: {clients}" + workspace_empty = "{id}" + client = "{icon}" + client_fullscreen = "{icon}" + client_active = "{icon}" + client_dup = "{icon}{counter_sup}" + client_dup_active = "*{icon}*{delim}{icon}{counter_unfocused_sup}" + client_dup_fullscreen = "[{icon}]{delim}{icon}{counter_unfocused_sup}" + ''; + }; + + # Home Manager can also manage your environment variables through + # 'home.sessionVariables'. If you don't want to manage your shell through Home + # Manager then you have to manually source 'hm-session-vars.sh' located at + # either + # + # ~/.nix-profile/etc/profile.d/hm-session-vars.sh + # + # or + # + # /etc/profiles/per-user/nx2/etc/profile.d/hm-session-vars.sh + # + # home.sessionVariables = { + systemd.user.sessionVariables = { + EDITOR = "micro"; + BROWSER = "firefox"; + # YDOTOOL_SOCKET = "/tmp/ydotool_socket"; + }; + + + + + + + #https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/applications/editors/vscode/extensions/default.nix#L1539 + programs.vscode = { + enable = true; + package = pkgs.vscodium; + extensions = with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + viktorqvarfordt.vscode-pitch-black-theme + ms-python.python + ms-python.black-formatter + redhat.vscode-yaml + redhat.vscode-xml + ms-python.python + mhutchie.git-graph + github.vscode-pull-request-github + esbenp.prettier-vscode + gencer.html-slim-scss-css-class-completion + donjayamanne.githistory + mads-hartmann.bash-ide-vscode + + #jeanp413.open-remote-ssh + # ms-vscode-remote.remote-ssh + # ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + # { + # name = "remote-ssh-edit"; + # publisher = "ms-vscode-remote"; + # version = "0.47.2"; + # sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g"; + # } + ]; + userSettings = { + workbench.colorTheme = "Just Black"; + editor.fontFamily = "'CaskaydiaCove Nerd Font', 'monospace', monospace"; + }; + enableUpdateCheck = false; + enableExtensionUpdateCheck = false; + keybindings = [ + { + key = "ctrl+d"; + command = "editor.action.deleteLines"; + when = "textInputFocus"; + } + { + key = "ctrl+shift+d"; + command = "editor.action.duplicateSelection"; + when = "textInputFocus"; + } + { # unset so that ctrl d is not set twice + key = ""; + command = "editor.action.addSelectionToNextFindMatch"; + when = "editorFocus"; + } + { # unset so that ctrl shift d is not set twice + key = ""; + command = "workbench.view.debug"; + } + ]; + }; + + + gtk = { + enable = true; + theme = { + name = "Adwaita-Dark"; + package = pkgs.gnome.gnome-themes-extra; + }; + gtk3.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; + + gtk4.extraConfig = { + Settings = '' + gtk-application-prefer-dark-theme=1 + ''; + }; + }; + + home.sessionVariables.GTK_THEME = "Adwaita-Dark"; + + xdg.configFile = { + "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets"; + "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css"; + "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css"; + }; + + dconf = { + enable = true; + settings = { + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + gtk-theme = "Adwaita-Dark"; + }; + }; + }; + + # Wayland, X, etc. support for session vars + # systemd.user.sessionVariables = home.sessionVariables; + + qt = { + platformTheme = "gtk"; + }; + + + + home.file.".ssh/config".text = '' + HOST nxace + HostName nx2.site + User nx2 + Port 50022 + + HOST nxacel + HostName 192.168.178.32 + User nx2 + Port 50022 + + HOST nxrpi + HostName nx2.site + User pi + Port 50023 + + HOST nxrpil + HostName 192.168.178.31 + User pi + Port 50023 + ''; + + + + + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; +} diff --git a/secrets/passwords-and-certificates.nix b/secrets/passwords-and-certificates.nix new file mode 100644 index 0000000000000000000000000000000000000000..a0d8f7f9fd436035e52202af0b49c87b42c559cd GIT binary patch literal 2431 zcmZQ@_Y83kiVO&0I3)czc&g;YZ9?*~vgxNe4R*{G+mleU<(bgrxIlZId23YKrfhxf za?XHt#Yz{cKaCGR?qtiX-X+@MYI{HP##_DXJ7FhC$`@!@jj4LR3n=5Ei!6@ujI1CujwnhHhq#vpZa>5 z`+vI|bJUg3t$rveYE?eowK=CYxZy9*=tqXKjWeJr`2h8 z>Fj?pUv(U0T6B*`@UOVIhq~p{`?GSLZBJX4R84uQ^ttt4&eN!CBAx4^Memn?ExEpt z@#%s4!Y!4-`3w%CPag02_igob`RuB7@fSGn&c7e_qIG>+)Gp6Gm+SU;9;&-Nzb}*} zY4(EE98L;r_UJ}DvHz65_U(HK^|uivE6jN^T^1i4)sFR*;mIJI5OtBsFu|A`$<{Na~AEw^wquG~?v_03vsmsh;u z53E0W?Qv0O_5AQMrD56kZyP+y*XuPe)0GG_YmVoS;?X)%Ti;iyc=PPD<%JG&RJx{2 zI&7RGy`|dQ@89v9BAsjUoo|>=ySAN=d;Uc|RBP^ry>r_)A3It--zMj1{-0ATXX(jr zwO6ixxG}}K{rg&Ne@}(XO~;yBp75BmHJ@i>o0 z%q@Ma@o)M;&-jyDWakE@GiBfDm@LS8$Z^-%58-F71_vK#{@Lm(t@S9Id3Mp0yeU8H zo42?cedUw%-M&(_3N_x#twKf8Q|&aP}( z_FTv7ngCl#OGTl=X10A!e; z?8b5`^o*f{xJBr<9nwb@KYY75aPgUvYP*xKxnHb3<@n&=eYSl%*ZuGR*uI3Fum23w z(wRB2(=u#WjvNU~H_>=lz$&6`C1{?x+%nMVQUB_RPd=|$;G*JvCobmgcFW`a+;`I_ zr@O!Vo*BS9`{VcOmu9~|`u(UlYU|n4CwNt0%U4x{1tl+^9lNRQbanTosM9CCL^V!5 zx~a}H_wwA?{8B#*LnAHB%&)99vU2aU5m{*a?+V+@j9X_`NN>`&`+DxPPqOnd+5F90 zkLbk|yqjR^{qtXag;At>$CN*`@Ac|0 zTgc?-^(I33QD@i8DoM5?hN9Ke+8cBH7s`1*zhU#d)hoUo{4?w^AnWG|*~+HIis@Ei|+-Jb`&3w+HVxunnk#FJdNB67z& z4mQh@Hy^@xoiW}Sb?EXmr%#)8D;W!l_lh6vIai-@%|fXuz2)kU`OEjGHLhN`R-Dr! zW^UTefA=G_`3pl&TlD=pRL2?GCbRfx6$krat%RdZ`+{7^yk;QFwV85^8EAJz6M7n2+Uo$bCL$_VoDaOQ^8Bef-zKgt zqUT@y{K}$6d)=>lc)#2c`ty0d40rnLT@2G|H8u#a9WCK2DL2`CpyGEHk4U%4Q+m-wPL%NJa|tjp^8W#jD`hU=L( z{z;m@ZTZAvCC`gi?@MYXHZKw=yqfT1Ra46w9cG6ew;KLE{_yVEM?ts!f2TRl&0Bu% z^~R9mu*|3eH}hlOFC454C&aDXJwK(6hgFU_TkVN(p}3_|jBnxH7Quq+MysoSDlB~a zQ2O_RsEMwx#4>ZFtRKI-@hx`deBPJ^hm30eo)+d@#20Kg@x6BBjg*x>Hful6b~68N zap+oI7H`@04fmpi_2;giEv}*U{fpKj2Pr+#&(+fd*YmAxN{{^ixr*&~mR)a4#15sGJnvkkgmCZKLHKSEj;=98pW>{Nj~kS@TNq+rvkT zUeA)fsQ$NLwo6m~zk1Ut3;3CrdbHl(yn;2R@F#yz`rl9I&SW2QWq;9o(UeCbuxo9t z!UY!7^a*!1yuNxw>Ai%`>gdCovt_4EE2>D|Z*u;_xjULi|N5Hpt7Nybh)aFjn)hy@ zPFCrSmrsQz9m~FX_2Dz$Ww-WL#l#BV>irq~`RbiYA(Q3>4|immd=;1*YPoS<{DIY* z-b_Bp*TlPL%Z&4HHtlu4&geKXU1CbYBI)}@pZA?I`~2k0o$Cu@#Y#3ke~@Q8YmL~} zBi~(iPPh`eqx{AapEIAf+~JV+^|0B~`tM8jlHTRnj~8cuKDm0w?YiBzruF=8a@ztF zJO4<0+t?#k$CJW;R8-yZUUkBh*DLq6|B-rNemSMJ?|Wfc`wL~YeM0?Dk4~+0Uf#qj z@<4U2@vFOw^|w81TRU^>Q?cdAUlKf~CdgGk$vgIPuS=ef(@w+2IK?n8za_i%ZUanz_TGPAbuob;@nVoqv1Q Yd9H19dw<%pXJ_1%O}R%mS1)h}03;v1OaK4? literal 0 HcmV?d00001