From 7a56104845afaaf80217caa3b711beccb6917eaf Mon Sep 17 00:00:00 2001 From: Bun Date: Thu, 17 Apr 2025 00:11:26 -0400 Subject: [PATCH] Nuke the fuck out of Wireguard slow as balls --- flake.lock | 16 ---- flake.nix | 6 -- hosts/droid/default.nix | 19 ---- hosts/droid/users/default.nix | 4 - hosts/droid/users/main/default.nix | 9 -- hosts/envy/default.nix | 1 - hosts/envy/filesystems/default.nix | 7 -- hosts/envy/services/default.nix | 5 +- hosts/intuos/default.nix | 8 -- hosts/intuos/filesystems/default.nix | 2 +- hosts/kitty/default.nix | 9 +- hosts/kitty/network/default.nix | 13 +++ hosts/midas/network/default.nix | 12 ++- hosts/midas/services/default.nix | 1 - hosts/pear/default.nix | 3 +- hosts/pear/filesystems/default.nix | 8 -- hosts/pear/services/default.nix | 5 +- hosts/prophet/default.nix | 1 - hosts/prophet/services/default.nix | 1 - hosts/qemu/boot/default.nix | 7 -- hosts/qemu/default.nix | 14 --- hosts/qemu/disko/default.nix | 87 ------------------ hosts/qemu/hardware/default.nix | 10 -- hosts/qemu/users/default.nix | 4 - hosts/qemu/users/main/default.nix | 6 -- hosts/redmond/default.nix | 12 +-- hosts/redmond/filesystems/default.nix | 15 +-- hosts/redmond/network/default.nix | 13 +++ hosts/tower/default.nix | 2 - hosts/tower/network/default.nix | 21 ++--- modules/system/secrets/default.nix | Bin 2005 -> 1829 bytes modules/system/services/general/default.nix | 1 - .../services/general/wireguard/default.nix | 28 ------ modules/system/services/server/default.nix | 1 - .../server/mailserver/simplenix/default.nix | 2 +- .../services/server/wireguard/default.nix | 44 --------- 36 files changed, 57 insertions(+), 340 deletions(-) delete mode 100644 hosts/droid/default.nix delete mode 100644 hosts/droid/users/default.nix delete mode 100644 hosts/droid/users/main/default.nix create mode 100644 hosts/kitty/network/default.nix delete mode 100644 hosts/pear/filesystems/default.nix delete mode 100644 hosts/qemu/boot/default.nix delete mode 100644 hosts/qemu/default.nix delete mode 100644 hosts/qemu/disko/default.nix delete mode 100644 hosts/qemu/hardware/default.nix delete mode 100644 hosts/qemu/users/default.nix delete mode 100644 hosts/qemu/users/main/default.nix create mode 100644 hosts/redmond/network/default.nix delete mode 100644 modules/system/services/general/wireguard/default.nix delete mode 100644 modules/system/services/server/wireguard/default.nix diff --git a/flake.lock b/flake.lock index 38758123..222406db 100644 --- a/flake.lock +++ b/flake.lock @@ -1,20 +1,5 @@ { "nodes": { - "android": { - "locked": { - "lastModified": 1744517047, - "narHash": "sha256-o7HeWj7P8xSIYuN2pdAF6Hlb4rINYe1ZN3oIbHxAZXQ=", - "owner": "nix-community", - "repo": "nixos-avf", - "rev": "968a3e4d14fd4158b3cb7a4894753160cc944c04", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-avf", - "type": "github" - } - }, "blender": { "inputs": { "nixpkgs": "nixpkgs" @@ -457,7 +442,6 @@ }, "root": { "inputs": { - "android": "android", "blender": "blender", "disko": "disko", "hm": "hm", diff --git a/flake.nix b/flake.nix index 5cd71881..70115fc0 100644 --- a/flake.nix +++ b/flake.nix @@ -16,8 +16,6 @@ impermanence.url = "github:nix-community/impermanence"; - android.url = "github:nix-community/nixos-avf"; - mailserver = { url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.11"; inputs.nixpkgs.follows = "stable"; @@ -44,7 +42,6 @@ lanzaboote, disko, impermanence, - android, mailserver, minecraft, hm, @@ -66,7 +63,6 @@ # nh os switch /path --hostname=host nixosConfigurations = { tower = mkNix [ ./hosts/tower ]; # Main Desktop - qemu = mkNix [ ./hosts/qemu ]; # Virtualization Testing envy = mkNix [ ./hosts/envy ]; # HP Convertable pear = mkNix [ ./hosts/pear ]; # MacBook Pro @@ -76,8 +72,6 @@ midas = mkNix [ ./hosts/midas ]; # Dell Optiplex 5040 kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 prophet = mkNix [ ./hosts/prophet ]; # Oracle Neoverse-N1 - - droid = mkNix [ ./hosts/droid ]; # Android Virtualization Framework }; # nh home switch /path -c arch diff --git a/hosts/droid/default.nix b/hosts/droid/default.nix deleted file mode 100644 index 1539d1fc..00000000 --- a/hosts/droid/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, android, ... }: -{ - imports = [ - ./users - ../../modules/system - android.nixosModules.avf - ]; - - networking.hostName = "droid"; - - avf.defaultUser = config.sysusers.main; - - system = { - desktop.enable = true; - stateVersion = "24.11"; - }; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; -} diff --git a/hosts/droid/users/default.nix b/hosts/droid/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/droid/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/droid/users/main/default.nix b/hosts/droid/users/main/default.nix deleted file mode 100644 index 9c6469d4..00000000 --- a/hosts/droid/users/main/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - desktop.enable = true; - gaming.enable = true; - production.enable = true; - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/envy/default.nix b/hosts/envy/default.nix index 2634ffd0..8d51adcf 100644 --- a/hosts/envy/default.nix +++ b/hosts/envy/default.nix @@ -13,7 +13,6 @@ networking = { hostName = "envy"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.25/24" ]; }; system = { diff --git a/hosts/envy/filesystems/default.nix b/hosts/envy/filesystems/default.nix index 6fbd2d35..9bc9c66b 100644 --- a/hosts/envy/filesystems/default.nix +++ b/hosts/envy/filesystems/default.nix @@ -12,12 +12,5 @@ fsType = "btrfs"; options = [ "subvol=Steam" "nosuid" "nodev" "nofail" "x-gvfs-show" ]; }; - - # Network mounts - "/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; }; } diff --git a/hosts/envy/services/default.nix b/hosts/envy/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/envy/services/default.nix +++ b/hosts/envy/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/intuos/default.nix b/hosts/intuos/default.nix index 9ee1f094..73445bcd 100644 --- a/hosts/intuos/default.nix +++ b/hosts/intuos/default.nix @@ -12,14 +12,6 @@ networking = { hostName = "intuos"; wireless.enable = true; - vlans.internal = { - id=100; - interface="wlp1s0"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.102"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/intuos/filesystems/default.nix b/hosts/intuos/filesystems/default.nix index 37b9e0a1..7634dc52 100644 --- a/hosts/intuos/filesystems/default.nix +++ b/hosts/intuos/filesystems/default.nix @@ -6,7 +6,7 @@ options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; fileSystems."/home/${config.sysusers.main}/Network/Kitty" = { - device = "11.0.0.2:/"; + device = "10.2.0.1:/"; fsType = "nfs4"; options = [ "x-systemd.automount" "noauto" "soft" "_netdev" ]; }; diff --git a/hosts/kitty/default.nix b/hosts/kitty/default.nix index 82b244b8..8afe152c 100644 --- a/hosts/kitty/default.nix +++ b/hosts/kitty/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system (modulesPath + "/profiles/headless.nix") @@ -13,14 +14,6 @@ networking = { hostName = "kitty"; hostId = "8745e22e"; - vlans.internal = { - id=100; - interface="eno1"; - }; - interfaces.internal.ipv4.addresses = [{ - address = "11.0.0.2"; - prefixLength = 8; - }]; }; system = { diff --git a/hosts/kitty/network/default.nix b/hosts/kitty/network/default.nix new file mode 100644 index 00000000..203fe0d6 --- /dev/null +++ b/hosts/kitty/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + vlans.internal = { + id=100; + interface="eno1"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.2"; + prefixLength = 8; + }]; + }; +} diff --git a/hosts/midas/network/default.nix b/hosts/midas/network/default.nix index 06685c47..17b47f4f 100644 --- a/hosts/midas/network/default.nix +++ b/hosts/midas/network/default.nix @@ -9,6 +9,16 @@ address = "10.1.0.1"; interface = "enp0s31f6"; }; + + vlans.internal = { + id=100; + interface="enp0s31f6"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.1"; + prefixLength = 8; + }]; + nftables.tables.forwarding = { family = "inet"; content = '' @@ -16,8 +26,6 @@ type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat ip to 11.0.0.100:22 comment "Tower SSH" tcp dport 2222 dnat ip to 11.0.0.2:22 comment "Kitty SSH" - tcp dport 2233 dnat ip to 11.0.0.101:22 comment "Envy SSH" - tcp dport 2244 dnat ip to 11.0.0.102:22 comment "Intuos SSH" udp dport { 27005, 27015 } dnat ip to 11.0.0.100 comment "PC Hosted Games" diff --git a/hosts/midas/services/default.nix b/hosts/midas/services/default.nix index 0ccaab19..62d64889 100644 --- a/hosts/midas/services/default.nix +++ b/hosts/midas/services/default.nix @@ -17,7 +17,6 @@ trilium-server.enable = true; vaultwarden.enable = true; webserver.enable = true; - wg.server.enable = true; minecraft-servers = { enable = true; diff --git a/hosts/pear/default.nix b/hosts/pear/default.nix index 94fe1974..faf196c0 100644 --- a/hosts/pear/default.nix +++ b/hosts/pear/default.nix @@ -3,8 +3,8 @@ imports = [ ./boot ./disko - ./filesystems ./hardware + ./network ./services ./users ../../modules/system @@ -13,7 +13,6 @@ networking = { hostName = "pear"; wireless.enable = true; - wg-quick.interfaces.wgc.address = [ "10.100.0.18/24" ]; }; system = { diff --git a/hosts/pear/filesystems/default.nix b/hosts/pear/filesystems/default.nix deleted file mode 100644 index 39ad5cc4..00000000 --- a/hosts/pear/filesystems/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, ... }: -{ - fileSystems."/home/${config.sysusers.main}/Midas" = { - device = "10.100.0.1:/"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; -} diff --git a/hosts/pear/services/default.nix b/hosts/pear/services/default.nix index 0b5409bf..7ce624b0 100644 --- a/hosts/pear/services/default.nix +++ b/hosts/pear/services/default.nix @@ -1,9 +1,6 @@ { config, ... }: { - services = { - globalprotect.enable = true; - wireguard.client.enable = true; - }; + services.globalprotect.enable = true; virtualisation = { libvirtd.enable = true; diff --git a/hosts/prophet/default.nix b/hosts/prophet/default.nix index 92c958f1..9303b80f 100644 --- a/hosts/prophet/default.nix +++ b/hosts/prophet/default.nix @@ -14,7 +14,6 @@ networking = { hostName = "prophet"; hostId = "97a21a38"; - wg-quick.interfaces.wgc.address = [ "10.100.0.19/24" ]; }; system = { diff --git a/hosts/prophet/services/default.nix b/hosts/prophet/services/default.nix index 9499a7ac..7de2570c 100644 --- a/hosts/prophet/services/default.nix +++ b/hosts/prophet/services/default.nix @@ -5,6 +5,5 @@ mailserver.enable = true; mysql.enable = true; nginx.enable = true; - wireguard.client.enable = true; }; } diff --git a/hosts/qemu/boot/default.nix b/hosts/qemu/boot/default.nix deleted file mode 100644 index 9ff2e3b3..00000000 --- a/hosts/qemu/boot/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ lib, pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - loader.grub.enable = true; - }; -} diff --git a/hosts/qemu/default.nix b/hosts/qemu/default.nix deleted file mode 100644 index 4dac575d..00000000 --- a/hosts/qemu/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ modulesPath, ... }: -{ - imports = [ - ./boot - ./disko - ./hardware - ./users - ../../modules/system - (modulesPath + "/profiles/headless.nix") - ]; - - networking.hostName = "qemu"; - system.stateVersion = "24.11"; -} diff --git a/hosts/qemu/disko/default.nix b/hosts/qemu/disko/default.nix deleted file mode 100644 index 74f43547..00000000 --- a/hosts/qemu/disko/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, disko, ... }: -{ - imports = [ disko.nixosModules.disko ]; - - disko.devices = { - disk = { - "${config.networking.hostName}" = { - type = "disk"; - device = "/dev/vda"; - content = { - type = "gpt"; - partitions = { - boot = { - size = "1M"; - type = "EF02"; - }; - ESP = { - size = "2G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - main = { - size = "100%"; - content = { - type = "lvm_pv"; - vg = "${config.networking.hostName}"; - }; - }; - }; - }; - }; - }; - - lvm_vg = { - "${config.networking.hostName}" = { - type = "lvm_vg"; - lvs = { - root = { - size = "100%"; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/prev" = { - mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" "noexec" ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - - # Impermanence - "/persist" = { - mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; - }; - "/persist/.snapshots" = { }; - "/persist/home" = { }; - "/persist/home/.snapshots" = { }; - }; - }; - }; - swap = { - size = "8G"; - content = { - type = "swap"; - discardPolicy = "both"; - }; - }; - }; - }; - }; - }; - - # Needed for impermanence - fileSystems."/persist".neededForBoot = true; -} diff --git a/hosts/qemu/hardware/default.nix b/hosts/qemu/hardware/default.nix deleted file mode 100644 index dded8092..00000000 --- a/hosts/qemu/hardware/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, modulesPath, ... }: -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; - boot.initrd.kernelModules = [ "kvm-amd" "dm-snapshot" ]; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/qemu/users/default.nix b/hosts/qemu/users/default.nix deleted file mode 100644 index 57e7f20b..00000000 --- a/hosts/qemu/users/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - imports = [ ./main ]; -} diff --git a/hosts/qemu/users/main/default.nix b/hosts/qemu/users/main/default.nix deleted file mode 100644 index 9366cadc..00000000 --- a/hosts/qemu/users/main/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, ... }: -{ - home-manager.users."${config.sysusers.main}".home = { - stateVersion = lib.mkForce config.system.stateVersion; - }; -} diff --git a/hosts/redmond/default.nix b/hosts/redmond/default.nix index be47776f..4d3236e6 100644 --- a/hosts/redmond/default.nix +++ b/hosts/redmond/default.nix @@ -5,6 +5,7 @@ ./disko ./filesystems ./hardware + ./network ./users ../../modules/system ]; @@ -12,15 +13,6 @@ networking = { hostName = "redmond"; wireless.enable = true; - interfaces."wlp1s0".ipv4.addresses = [{ - address = "192.168.2.200"; - prefixLength = 24; - }]; - defaultGateway = { - address = "192.168.2.1"; - interface = "wlp1s0"; - }; - wg-quick.interfaces.wgc.address = [ "10.100.0.23/24" ]; }; system = { @@ -28,7 +20,5 @@ stateVersion = "24.05"; }; - services.wireguard.client.enable = true; - environment.sessionVariables.WLR_RENDERER = lib.mkForce "gles2"; } diff --git a/hosts/redmond/filesystems/default.nix b/hosts/redmond/filesystems/default.nix index 119e3997..c6bb7542 100644 --- a/hosts/redmond/filesystems/default.nix +++ b/hosts/redmond/filesystems/default.nix @@ -1,15 +1,8 @@ { config, ... }: { - fileSystems = { - "/mnt/Windrive" = { - device = "/dev/disk/by-uuid/582C6B802C6B57D0"; - fsType = "ntfs"; - options = [ "nosuid" "nodev" ]; - }; - "/home/${config.sysusers.main}/Network/Midas" = { - device = "10.100.0.1:/storage"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; + fileSystems."/mnt/Windrive" = { + device = "/dev/disk/by-uuid/582C6B802C6B57D0"; + fsType = "ntfs"; + options = [ "nosuid" "nodev" ]; }; } diff --git a/hosts/redmond/network/default.nix b/hosts/redmond/network/default.nix new file mode 100644 index 00000000..f87dee8a --- /dev/null +++ b/hosts/redmond/network/default.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + networking = { + interfaces."wlp1s0".ipv4.addresses = [{ + address = "192.168.2.200"; + prefixLength = 24; + }]; + defaultGateway = { + address = "192.168.2.1"; + interface = "wlp1s0"; + }; + }; +} diff --git a/hosts/tower/default.nix b/hosts/tower/default.nix index bf95d667..2f15c2c3 100644 --- a/hosts/tower/default.nix +++ b/hosts/tower/default.nix @@ -18,7 +18,5 @@ stateVersion = "24.05"; }; - services.wg.client.enable = true; - virtualisation.libvirtd.enable = true; } diff --git a/hosts/tower/network/default.nix b/hosts/tower/network/default.nix index 623f0f19..74bbcda4 100644 --- a/hosts/tower/network/default.nix +++ b/hosts/tower/network/default.nix @@ -1,15 +1,14 @@ { ... }: { - networking.firewall.allowedUDPPorts = [ 27015 ]; - - systemd.network = { - netdevs."10-wg0".wireguardPeers = [ - { # Local server - PublicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; - AllowedIPs = [ "11.0.0.0/8" ]; - Endpoint = "10.2.0.1:51820"; - } - ]; - networks."wg0".address = [ "11.0.0.100/8" ]; + networking = { + firewall.allowedUDPPorts = [ 27015 ]; + vlans.internal = { + id=100; + interface="enp42s0"; + }; + interfaces.internal.ipv4.addresses = [{ + address = "11.0.0.100"; + prefixLength = 8; + }]; }; } diff --git a/modules/system/secrets/default.nix b/modules/system/secrets/default.nix index 08d97784dbffa8a2859c872de6367454dfe93c9c..476566e00c0ebe154311ba68e072aa84523dcf86 100644 GIT binary patch literal 1829 zcmZQ@_Y83kiVO&0U`@ZPz!9k{!MT{N^~3kCJG;${I8Vv=zx(FxHP2?ot1CwxE*uiw zwfpVN?Hk3T-OruuW3V=t`g`!54F9Ufn*uu=0zN5kzTo5QlRDwzYo{3;8fh7^ipwf0 zHMYBPZWmnlckkEz3g4P;iz=`i8abW|ooC;j=zCyk!TU$Qr>`^ruM)-}`blfM%vbj? zDHg`VmGg9tZHvCS@RrOE!z`PW134@+k{_%%YjRxc?bC(7m^uG`UKpac;eJ`vw9ZZ$ zy`;Nmm21z z{6)xC#xIL)wg{d6FDxsj758@6rt3CNVUdfs2wpuq+qBTEbk&EfZ51c;S54Q}64bW5 z)ycL0@x#JOE1S*t*=E14&Xmexm*;KVs=asX)+PL33b!rTU0+=P!zF)BmtnrXQpPmy zALfRxe+28zmar^2ab@{Un`HmRrGLYOT&-8X4}N)Iew9{@Z{5OY1~aCno5|U1+MjRz zi6PRT){=C?O``Ai(J~GSrvX?~UTH0Rc=M*)HPK$r_i@mA3?EA!P)hz8_ zrnDKkx9Tjm{QiCM^Xj%o^8^l_PwTlH$2FsG3-kYf+)FIXT~eBUJ^6lj@%tmvW=Ghh zEnb;Q1>gN>VkUQNMeWqR-Rx&w4(Iytq`1i}=Rfu`>dHk1>-Q1cc1diskzTvx;H>WV zsga)#%9vKKIl6s!&HQJo>O~EAoBiUCTdOMi9xE4jpYV|V(PpV*eaUiP{dB#j+va~Z z5SQk(^=8zc(DHZMC7_CZ)Wz~FsiJ&+u z$Nhy)SKF?KK8#wo<+n$tLEoj4Dc9{LFYr8{{8?Q2ymGUDA+J|-!cPGf`KiB8^3<9y zW>-6x?<~C}$9w8@!+Ou1*G~E9e`3OKk&*z-qx}&8RWO;x2JmrzH`UL6tzA2O2YprJetLpA}b*9W-jg2K&`7iKLu#^i5e1-KLixy>^3-?1SG^6Tdbr-mj22De_{+)qkru&VL_s zA>r;nJ#Lqo4_KD(mrvXEH(`Qv@OkguZ-Qr^_e?dIqQv>1b!TW$z?1DgR)LAveoMfK6;u{iPBwH?Qj4uAgKzW7!XctuppnaP-TGUGo>G99z5R z!tyQVljDNi)k=C!AH9F#*8QoI)?J@$p<9sA=5zM#9--iuJer$s?x<31P}|FMZ_nwQ za_Vhgc!IN8epEBa{Yzo$Es@FGGPikNb+wva$enF|&SSn{~>WQFP}X;{z}5tMgSje>oxKJ?YT;e=nLh z@k+7OIx}8OP*@xKsAO7Ap&j$DZ3#)=%1&&R&anD7E2QDmr3>rVO4^wvn!IIl3AW#G zs8;3fD>Wmn_yaq;&+bm@I$N}t;lEVO*Q=}@iFF?r`W$nb9+oLi*1LWP5W{B z^erWoGs&`@Qu}t*UYhIs@5_N_e++-;zthgD`?LG~wVjTQsdg9p__$6?6OR_R+|}9Y z%iesIt4|^RWA z*6uqDHG)J;1hbqSCQ1y5GA+KX>lxh`qmI%cW-vmKr#ItG>|_DOEP_$1>)P z@%vWHRG(DeH`lc}QA_ZY_UnX6mD|qvWN%o@%U5{Jy5;cqPfC$y>{svpR!{%8=w`@$?^FN)-kz0A literal 2005 zcmZQ@_Y83kiVO&0XmJ-T-g6)?qI(|0+RLA$R=7kIeH7pMrKc{wPWR%rgLe~@fBaT2 z?94q9+g?_)bE{R$G<7}3CyjqQ+&6VcmdhF}e!u@OU-zzi8w0bB=5MraR#noQwowbKu@U1lm>qxn~|q$*QgQsP$Y&v1iHhwrgZ`M~(QT*LXy z!OF(3(*9O?>iVpbp_&KZu4gZBnDDa5HGFp1er~?`!N2SS_jCwth}HWuVY464%&3C1 zmHKamBqvO4y(B%!wp~x;##$cP`c*}~AM6{RS%12{e@?^l?&PZFbh{$#Dc0cb8@%yJ`B^UB6aHe=>Fe%YJNe0K{z9Xj(}jFRWTr39VCFLj&;Ay% z*}iC{4!=P9v#3YU?md+)(ekl#{O^AKcG8~pwa;ediY{g5nA!Je`RD6t#j5J_qIuiD zuXp|`oqN+Qw{nrg zmt*VXE!W-utF){C^53p}kNN7Nc8_;`i;l@F5I*zuLu6--(;rb@%l!cYDsjpyjHi|U zUT0A~m7{3ygk>j=Xl~@&@v-uaG}~mMSh;OGYO^am_QobuWiJd>cek-DxqaB~*mpstrdEJ2rklw!+~WFZboRmnXg&&spYaZPBncNJ5EqrhmNS@vd7A(qg|?TrbI+ zA+dMEH}<}^sC};b9Y%(>zb>$K*moUVT*IS0vwT+LoC6jTYd&vG?KWV(XStMX59h80 ziLo4)&1T%NV~Q`B5%Xnw7)MF6b;8ATX=l|cpuKv9BfpM$>%bF&?j@RsG zBH5O7HXro=BIw_9?flK1QUz8e>zDqvzg6{vZprlU9p~Fz&A2Gs7z8c-3)_ z1!j|sPPor77}$>DlHe>axK$bMj)N>)S87$XQN5DAZVLDAYXHCL~8uPvn6( z+uCf|B{gL-9cwH87%voF{gC-Xujt0ZDUos634b=yp?*DqTrs_G~4f- z+Rmt#MLEA#u3xf9yK21a$MB?F*9ZFy|zDMbrBn_CGNW^ z8k%*T+GhFnSY%}WCWA_K5t;8lYKyw;@>QNp=%4Sh&Msw3@SNC%3X9bIcC*$CPJ6yj z(fQ2e&KKP8CkyfIe4sz&pKYzOJXf5i@I~KXg>0|gQ(d=I+a@}Gn#sC${ewKfS(K7`A2AMBzD)R&4&D;Tyb0{*rIheUo_% z@dd9MIFieM924$+Yck6{C?JpZ(e3X0%-fziidODBnKWnB%BZxJCu}Sj`MYXAOj~Ky z@j~gRm2-vP=d;HqUtct5!Dm^G9mh8H^>k)lSsD0^Nlv53;=?J%4yKjApKW?Fo5z6X z!n%Uc2Xo~=?t1rax_7*h)Y=QOecR@%9%$J6db0Y_bs1^PUr&(DnEub!>P%*K=>iwk z$=i3gNQ*`p?qa&zQydj$ed;Mg!v}|D-tj)`HOhCan=ozf$}$ttvP-vpC6~@R79?U@ zzAv}$v&_^Dyeyih)a);KH3?>K)tjDrH#H>Vu`lZ-|FRW#p3Z;JBWlu_dSU5)FSDFu zbEV#E)TQ57&^Y%r`?T%NP2WCvUSos5C8K1&r|yH<&AZ9 z((6@ECd;m0$5p??%w2KY$u?VNpUe-(C0CW+IC9+gK=|V3A1&EIdbev6pSzUabbr`& p?9%jmrZxxuCfi)wxmo$wrI=M~Qxy*I{cWBRGHtuo0-={l(*SKT