From 1bc23db49c2144020925f1cdb76aed82ff95f5d9 Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Fri, 9 May 2025 18:12:15 +0200
Subject: [PATCH] feat(servers): add bragi the poet.

---
 flake.nix                                |  20 +++++++++
 hosts/bragi/configuration.nix            |  41 +++++++++++++++++
 hosts/bragi/disk-config.nix              |  54 +++++++++++++++++++++++
 modules/servers/bragi/audiobookshelf.nix |  22 +++++++++
 modules/servers/bragi/default.nix        |   7 +++
 modules/servers/bragi/secrets.nix        |   9 ++++
 modules/servers/bragi/storage-box.nix    |  19 ++++++++
 secrets/rclone.age                       |  13 ++++++
 secrets/secrets.nix                      |   4 +-
 secrets/traefik.age                      | Bin 719 -> 829 bytes
 secrets/wg-desktop.age                   | Bin 895 -> 1005 bytes
 secrets/wg-heimdall.age                  | Bin 1096 -> 1206 bytes
 12 files changed, 188 insertions(+), 1 deletion(-)
 create mode 100644 hosts/bragi/configuration.nix
 create mode 100644 hosts/bragi/disk-config.nix
 create mode 100644 modules/servers/bragi/audiobookshelf.nix
 create mode 100644 modules/servers/bragi/default.nix
 create mode 100644 modules/servers/bragi/secrets.nix
 create mode 100644 modules/servers/bragi/storage-box.nix
 create mode 100644 secrets/rclone.age

diff --git a/flake.nix b/flake.nix
index 8ef310a..6bd72d7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -114,6 +114,15 @@
           path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.baldur;
         };
       };
+
+      bragi = {
+        hostname = "bragi";
+        profiles.system = {
+          sshUser = "root";
+          user = "root";
+          path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bragi;
+        };
+      };
     };
 
     nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
@@ -161,6 +170,17 @@
         ];
       };
 
+      bragi = nixpkgs.lib.nixosSystem {
+        system = "aarch64-linux";
+        modules = [
+          disko.nixosModules.disko
+          agenix.nixosModules.default
+          ./hosts/bragi/configuration.nix
+          ./modules/servers/general
+          ./modules/servers/bragi
+        ];
+      };
+
       nixos = nixpkgs.lib.nixosSystem {
         specialArgs = {inherit inputs;};
         modules = [
diff --git a/hosts/bragi/configuration.nix b/hosts/bragi/configuration.nix
new file mode 100644
index 0000000..8c03738
--- /dev/null
+++ b/hosts/bragi/configuration.nix
@@ -0,0 +1,41 @@
+{
+  modulesPath,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    ./disk-config.nix
+  ];
+
+  networking.hostName = "bragi";
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  environment.systemPackages = map lib.lowPrio [
+    pkgs.curl
+    pkgs.neovim
+    pkgs.gitMinimal
+  ];
+
+  networking.useNetworkd = true;
+  systemd.network.enable = true;
+  systemd.network.networks."10-wan" = {
+    matchConfig.Name = "enp1s0"; # either ens3 or enp1s0 depending on system, check 'ip addr'
+    networkConfig.DHCP = "ipv4";
+    address = [
+      # replace this address with the one assigned to your instance
+      "2a01:4f9:c012:26aa::1/64"
+    ];
+    routes = [
+      {Gateway = "fe80::1";}
+    ];
+  };
+
+  system.stateVersion = "24.05";
+}
diff --git a/hosts/bragi/disk-config.nix b/hosts/bragi/disk-config.nix
new file mode 100644
index 0000000..8f36ed4
--- /dev/null
+++ b/hosts/bragi/disk-config.nix
@@ -0,0 +1,54 @@
+{lib, ...}: {
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "pool";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      pool = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              mountOptions = [
+                "defaults"
+              ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/modules/servers/bragi/audiobookshelf.nix b/modules/servers/bragi/audiobookshelf.nix
new file mode 100644
index 0000000..acbd2b3
--- /dev/null
+++ b/modules/servers/bragi/audiobookshelf.nix
@@ -0,0 +1,22 @@
+{...}: {
+  services.audiobookshelf = {
+    enable = true;
+  };
+
+  services.traefik.dynamicConfigOptions.http = {
+    services.audiobookshelf.loadBalancer.servers = [
+      {
+        url = "http://localhost:8000";
+      }
+    ];
+
+    routers.audiobookshelf = {
+      rule = "Host(`abs.cronyakatsuki.xyz`)";
+      tls = {
+        certResolver = "porkbun";
+      };
+      service = "audiobookshelf";
+      entrypoints = "websecure";
+    };
+  };
+}
diff --git a/modules/servers/bragi/default.nix b/modules/servers/bragi/default.nix
new file mode 100644
index 0000000..5d58b51
--- /dev/null
+++ b/modules/servers/bragi/default.nix
@@ -0,0 +1,7 @@
+{...}: {
+  imports = [
+    ./audiobookshelf.nix
+    ./storage-box.nix
+    ./secrets.nix
+  ];
+}
diff --git a/modules/servers/bragi/secrets.nix b/modules/servers/bragi/secrets.nix
new file mode 100644
index 0000000..0d4565b
--- /dev/null
+++ b/modules/servers/bragi/secrets.nix
@@ -0,0 +1,9 @@
+{
+  age = {
+    secrets = {
+      rclone = {
+        file = ../../../secrets/rclone.age;
+      };
+    };
+  };
+}
diff --git a/modules/servers/bragi/storage-box.nix b/modules/servers/bragi/storage-box.nix
new file mode 100644
index 0000000..094f388
--- /dev/null
+++ b/modules/servers/bragi/storage-box.nix
@@ -0,0 +1,19 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.rclone];
+
+  fileSystems."/mnt" = {
+    device = "storage:";
+    fsType = "rclone";
+    options = [
+      "nodev"
+      "nofail"
+      "allow_other"
+      "args2env"
+      "config=${config.age.secrets.rclone.path}"
+    ];
+  };
+}
diff --git a/secrets/rclone.age b/secrets/rclone.age
new file mode 100644
index 0000000..8d3b4a7
--- /dev/null
+++ b/secrets/rclone.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 2P4nKw qCVX3JMWNQLJXRSVASI2wq4833CucZ8dkp7SHItiVBs
+np04RcZXq7QnSTG68F2tk7nfaB8yKATEO+qVEZQJ4/E
+-> ssh-ed25519 6+hQpQ rWsDHc5UWMkyjSkc+S/Y0G5c4sn2nm8uiwdHiFLxCVI
+oIU9myTYDBjYE7K7YEH3D9CJ4hNkxKJBqxtEkbSulpA
+-> ssh-ed25519 l/ODWA y/9+1Qy6hby0aCMikyadjl28Ft66G44pBQhJcmbvxnk
+sRFnG61r72tDGYz+WRnNFmnLpFQ9+ZfsZj+6nMAtEV8
+-> ssh-ed25519 7+5K3Q Yk4gRMySBLoMZx1PLolMXB5mr0vl8jhemD5gWDhX4nQ
+BCr8IzKrJAq4i++4tstMQdBax08naE6zXcBc5NG2PM4
+-> ssh-ed25519 fd/ZLQ DvoaL9OybtLLMfZ5PjrxZ65rrWoj1V+GVvqfBUOyJmE
+eiNmcBTdSm7ppdRzo8CGgc7aYF0zINhwlSCdJjtHb1o
+--- 1nEcpDp4PWeRi0LHEgeLKaq1OyLFPv5oi4viiTPpXXQ
+™@î¯¶Õ‡ßòM,¶ãeAê³Eànüý*wí¨å?±Iu)w^G?›(ÖÜÕMßð€Ú’Ñš¬ê-šh†ÃAÆ‚fCOºÄþF¡Ý_ðì¡óù5„Ü8gØÌ›8’UYMý­¼eÍ0U±Csì+ž€D½™(	2ä¦ÿ«ÞÁžÍÖäxU!]u¨š‚@õ8×¸œÜC"&çvà¸ñæ§:A
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c7811ad..35ec08f 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -3,6 +3,7 @@ let
   heimdall = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBs+qYjpeAEHPFUQeatNkhKbXz8+A1VAl21jgifDYJK8";
   loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF+xpWCoBEO/pzAwS1ZZEsiLSarvSVkdxQEo49xma2PV";
   baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvZ7Z8GS4+1+9D6u/BDit4Eij5Ubbii2dzJ/+ecT8iR";
+  bragi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBKMV2vqlDvIkUefl5oEuVjVtjgFLEXyDKX2LWhVQsWT";
 
   # USERS
   root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz";
@@ -10,9 +11,10 @@ let
   users = [
     root
   ];
-  systems = [heimdall loki baldur];
+  systems = [heimdall loki baldur bragi];
 in {
   "traefik.age".publicKeys = systems ++ users;
   "wg-heimdall.age".publicKeys = systems ++ users;
   "wg-desktop.age".publicKeys = systems ++ users;
+  "rclone.age".publicKeys = systems ++ users;
 }
diff --git a/secrets/traefik.age b/secrets/traefik.age
index 92a86c264a6f683bab578abc24392bf546f7fbb5..836d85f2b0ca5e4eb4679bc870b520a6e66d8b34 100644
GIT binary patch
delta 759
zcmX@lx|eN&PQ7u6cSL!4UWAc<azVaPL0GYKsD+VtWr3G@xtpKArN38BX_0SAP<p<x
zBUfQsZf=!{N1lGDr@3R6K|!ULzjJYNMz(1|Mo4O9vQI#<Wsz5rK~PksBbTn7LUD11
zZfc5=si~o*f|+(kU_qdQn|qK~fm2FlSz>`fg_)0Kq+3K~RFGScsb!L>XL>+YV3d1k
zPHt(1N1$6eS8-)<L4`$1Rj{{zm`iYCmUg6HKxB$jl#i3QNnn|`f01W)q+3{Fq(w;J
z#E;_jRUyUZjuqjCCGL)vg+(Euksc{VQ9)HvmFZsI5t+FrrD>JnmKK>FSq7e59#MG~
z8EN|EMG>xf`GuvXl|e;ek=iafRgONHPFemL1+G<*h5;t}?)t9iJ~7ue^)?Pv$T!UK
za!OAs&v#7s%kzy4OL23I^2klE3@9l`*Y{7U^hpdiE;mgn_H;FL<SNN=@hLAV%T6hZ
zNDB5#4^K343AIQH^)zuQPbx_%_0RQnOe}UUD9A6hm>kb2Uhf!DZf@@C=I`X=QIh2n
zkmQ#hWUgNxZk%tKks4l@S?*imUS3vdXq0J`&Xs0h=IQ7aS(=zynd0kb7U<_>;qFsr
z>TeO4rf=#OnHA+1Tw>wunrCcoz@@9JtKbw7=x=5jl4X&uou6N5o?GSTs9l`z<dRjA
zlw_G&YHHzBP#=<}?N*vz>Bz<X`0A(5q|YgO%dftw{1T(|$?M4->9wYI9u5(UPe`BL
zSi|yE)h4DU`hHa3+ej^=`m*Cw-38ve7;fUu>X(&ci(WnVp9rV5=v7;_uOXVZ&911i
zJ<e$}l%AQ?zUjW}yx_~}$M(;xKG>*}d;9xEvD-ISckdMrlPHVs7OtMH<iE<b*JEkR
zqvwyNg?e)IAAUIVS@C?fy@t$MTXN5)TRyD$<h9QJbCKqo-WRiH{$g6jmUQ~|64vQ&
k(n~(hmJBdGcTrjUVzk6Q-`d@+lX-dnEIe?d?`4t@09x}Lo&W#<

delta 648
zcmdnXcAj;DPJNb-iI28nL3pH7Zk|zyd6<QVk!ik1mUo_!zlD)+x^Yo*ag=Lvgm<Z1
zAXi{<RZwt2VVJ9rfoGa!saJlAv3^EzTB4I{V2-7$SxI?VM1_%lgolrxE0?aFLUD11
zZfc5=si~o*f|+(kU_qclQAnn-uZc-^MzO1-TV-mVzFSIIWT<gus70BPuZO--Ri1Nh
zKvYtaMY5{_S9Vgddxl|AvcI8cxS4iXc2ty$NpY2ST9IeEzfrznfQ5H{VL*yyxkYaJ
z#E;_P*@j^*sim&oMPB*gi9P}8ksjIkdH&8-e);9*CAr@ISyg2gj)^6H#m0eL-lqDw
z+4;u#29}Xk`FTO!&gns=CZ@(Y$-enXA!TM30Zt|EdFd_zmJxxI&oYYFSNdg|ni)oV
zr6lK>`Z$J!rA4`z8yXl_W_n}=7Mqv*_-6%pS{OQ8`nZ{J<%JnK<yYmGRi@+zrn*&R
zCK`A~W$6bQn&kL6Rs=;wcmx_5dlY5*6zZ3A>FVk#6c`1V7Umf_78+NU6_-btIvE!S
z8kzWogjINDcm|snra8LS=NgwKReGeBb4|%ti`m|mr?*%~)O6$I;)3co?j;`z7JU0N
zJI^Nh_$}eetvj@%#F97d=NGy3-My>qjQ_rb$QZkGPTKn)uj!ioWLlm`%ui)DON%nY
z9+jZi40A0~7KH^(=~!*C+L=rL(|n6nllhGA=6-RSUZS#6F+(eVdz<ie&gfecy3NGj
zU0U#Ai~f4apj+F2MK3zB=8UM)g$=AH|3~#tv3q{TS^ru!=eY|0J@fCG{(L&^j;i71
rSnHp1Urer?nk-OVA|pP7+2ObWlh|9kkCTsm^=Fh}nHb;@DJ=#7dvfv8

diff --git a/secrets/wg-desktop.age b/secrets/wg-desktop.age
index 5d2e451e335086ab1266d0de3e2910e454d212b6..16a7d0b3e717f9d2542cd613cb63a115dbd84224 100644
GIT binary patch
delta 936
zcmey*_LhBuZoPA6P()csaiqVmUr}Y5kGG{;uBW$aPF09+X_8k^s!vo&iE*&EwwGf%
zmyb(Iig!|&Ux90Oc~)L|R<co*MNw5nZkbnRRb^I=zj;}Og|U~flYg=Sm#&>cadC!j
zYKoDmsiCEUnRZ5CL7+m0x2dsHMyjumQ<`&-zhPO1lWSf<Re4dKzJ+#?Nv5lBrAtt%
zYid<VWQ74&Kz>?kqG^DITa>$Rd5B?gP(e_Zd1O#}YH7AfV3c=}i)UcEZ={)JYNGGN
zkK*+O1^$6SS%xOr#@_x$nW?6RnW0{OnH51!VW}p*$z?$q;l56Od2U7~nfY9P<%T}N
zg_RkJnGw!;2E`#2Y3}(RmC1&|`6=Fs=Gn%jZr(;=;W-A$j_K$=G1oTrHV#xMNXp4{
zO)1RI%Qnsk^{X;YbxX^4vG6K$H_mYL$@k33a(8p93^$B056to9%FW1d*DlWqEB4WM
zvoy{rFEuhqEU_^6PEAX8HPKJZ2sBGi$<jAB^$9nb9M33TZ<1f8?_8RjovvTt7?ETd
z5@ix>99|xjqOEUQT<BL(oMhk^6;@V}Zy9dEmF}Kq;1`;g84&JU>Yo#m8|G_aVeDz>
z5vCmy=2+%tXrvwB=H?h>=$;nIrK_u}5Nzn=R$N$-<x*Ob6Y1|~nwD+qo>dW;>}lwi
z?~-nq=<AYIpK0LcQf!bN$ko&SXYSP0-Bn-J=7#^e-*ejHPMY2J+hU0}?$4_9^{$2P
zuU(gCeEEz!o6?#o36~D5m54+MJX;m0*Qzl8>j9Ro+Cx7}J8#!$uT}91<U2mSHT7~=
z@5H-aregCa^#4r!aekw4$JrIz`#QUBG8Hf0^Wdufn)IJVa#i&=3wqfecbq6s;P7YS
zGLbp&?xQ`C@7{B@vc}DJ>kN(7FFV6&qn3BkU<GTm!=^L)?|+}ay~XH~MQrwwI`3~E
zo9`*!)-6w2%W&-vqu1Mir|stC^tbV^*M5AmaD&T=?75Y}6HVL71Z`cq+ukH<l{7Rs
zT{`eX{Cr<Y;IlUq)^$%XtZ$i-$d<fD(>B{@+N}sCne+_{73b<NO4_x){`yy&@cTFR
zNPMZXyUD|K=Gl_|nshgn0}Hfy^H-jjw@zTP$jPZIYNu{1ZRN8{Si6N^#adq1_}65%
zkhDiL%;xLH9=&Stwd-7?%=weTyhrc+Ie+TdZk@Cpm(2APFCHlUp4=XMbCKgO-g(#3
Pcey6c`PkF(VKpxRma}$k

delta 825
zcmaFM{-14vZoQ?8sZ&^rnQvrfrFoK1MPx)uV0N%}hL@{<fq#ITaY(3_S-xdfX+%Ua
zSE;*Ws!MV~Mpj;gZ$)vWV@{f3fuBpNmqC7LM7C>Iuw_!ANw{ZJu4_;}m#&>cadC!j
zYKoDmsiCEUnRZ5CL7;-KVMV%WWl>0xNo16JmRV4Vr)zO$R&hu{nX`L|sYSY9h?#d{
zx<R5vrbj+kg?5#BYI1o&T82ShP^n>>V`#3keu`6$WmQ_Kr%!l>t4We)W|otmyM@KX
zkK*A@`N6K{h8bRo?iE?-RbF0(9%;d4xgHtL&WS!r;if)@!N#Gfg`rVSM(JFRg^{@d
zAtokCW}YryrilS*Wr;o^#)U!dUfHH*8I``3Ndc*bp}9WpRmGFfGK$w5xEDs6m8BRL
zg=?F*`{o!HC7C3r=T;P^hWiIZB<n|2MMfFB7iPMfxfyWzL}}+ayI5p8M--Ms<~kM_
zTe@4inC0ZV8hMvkL}mm>Bo=xZ6&M>778G;o>gp<FyBAfN6<PWjhj>PK>AQPmM`Zg|
zraO5j=H?h#L{$WtX#3VDdsmf~oBJAYT??3Nr@UnztF-!8)dwltzP`Qf_}k@(-|@=*
z=0y_iWiK~x^xJj4>UMqU$={YU<2)u;-mi<bjGe2mC#t0V=6>sZuM^(3^|zM=MjFnT
z#;5)1RrV=~*!vf)FFt-!wZcJ5iNTWT%tj@bZ<P;3x&L-?xFn{jRveYGsb{sUUmw15
zt1tgonb?_b-<#BLACElS(e^g<;wJud12d@;vEA}zZ6=8_0nEHs$Id4ou#M5=h`KiM
z)oh1eF%5O09mh6LSZJr9r##v89z%rh<hw^i*2K<n3H6$B^~Uz8mb>ETw4d*u`N!GX
zb8@8MU3smR)jK6$oS9rK9$tCdXh%=IQ{=T(?w{Vb*lA`Rnt$2(BzwdvjlkKqp79|e
zpCrC=oV2N0<DmOm%JZzQ-`-~y+ZWAH`fU2?&rH=u3wxR04nk&`%Ql673wOFJ8`_zc
zyw7(1!G-+U9h1FEI<_h)n`yNL+n-mMd|~At69JcLC;R?{_0M|Cb8Yj|O#)#e)@5Qo
U2D~!e+4sZv*!yGFUfHSw00J;XXaE2J

diff --git a/secrets/wg-heimdall.age b/secrets/wg-heimdall.age
index 1d484474a0ff2f3ba40e7de33a77f4252103aac0..eb32fec35f490e8e4fd23b7283a3b108550086eb 100644
GIT binary patch
delta 1139
zcmX@Xv5j+rPQ8DjQMh|%RdJx3zG0-Nv74KBQkrL#xpTN{SV%}^h*`duTbNfwnU6u9
zFIQn{P;r2vXOUZqiK%5-qNQ_cke8dASCV;wfw@I`uB(@RMTNOvSaGC_E0?aFLUD11
zZfc5=si~o*f|+(kU_qdQi+QR+u}`?6ucdQ|S+a#|j$4X<d1<goNN%o~WsYgSUvPo3
zW2uY2b9iPtSE*xQrD=&lNxorNMW8`(YOYV3L70c1evx)ouv1o6pk+v2RIzb+W=^od
z#E;_jC7}g|kwtz*kw!j|J`p83{+Y!d+1mbDk(ME4p@~k0Reol<76s|1+8M=M`egyB
z<pvfhB__GSK8e1?{w7{N{szT{NrrwIK8emIdD>xKCZ2AQ`98krJ~7ue^)?PvF!0Wd
zvb0FbFez{k&MfgTFn3G!3G&SM$#%|*2sg_N&(1LLcT7*q^m24{<T6R~^DKx8De!U)
zGS9N`&MGe|Fm&|y$Z#tyHmT4yi1N+xC<{$a_i%IyogB|7UhfiS?3o*7YU*4RXjoO6
z<6@lV6Ifd5V(C{|P@Y_6VH_D&?i5s-Se9Sm%T?@TVq)rES>{xzUFn<b;$sq0WmM%7
zT$SSL9#Nd?79N_cZDM4e7#SX3&ZVoXtKe7=V&;{b7-DGQ<Y5|Y>JpZc=jjtxtZnJ!
zS(52z5T0FHQC}XRAD*0%63W$L+PLZO->}a;+_z5sE1dr)XP)^T&%4bkmMcz#esqiu
zxx(Ld;q=@&jyZO5{k^y3G>(6%IjNgev|ZuqLH}RjYQMYFjrMPvU-pHkuR}eE#h7#2
z=kE?u{z;2=xOZRk&J<dw(%*A*R^tBMIXV_T&w90^H8`XTD&E&04*MhOcXZ3WDLrQv
zcRgd=qFiM3oW+&tT*V%rU(f%G2d!PMe5A`@??$udlL98a-MoZ(_SzFWPj>KlTvBJ;
zB2`oyv@i7F7S2P*{I5CxzVpPCIlv^e{QO#B#wIuUX+<}VoP8MAXEa0LbI9XE+Zvbb
z6Idg#Y3Y*<aX!MU=1fs~T`5{0!!@=4Mnzi9p2_*#`4{r$>A&hddUsFkN(<AMA9tO1
ze^gr)cXu&UK<Vt8W~+|<IvBd*=&^V87pnJn*eCElI4%G4YXD#0_LSYud>hRs9D2F>
z$0JprC=r%})@JFBO~uO=%C2c%V0y88fAqsztt(EpVimb7_pd4w5=eA1(0uVOaZ`Q$
z#gfKrzq~kScm32^n8W?pRlVfZnybaLQ*SKIyyfwI=hCSUyw%JbemMkhS+s*)VOOwN
zQvSo!COelMw9EK$Sf6Rd9HwvQeznQ|WvtEkR4dZFDpaOuVc#s>)>ZC0_x>%}7gA$&
z^VP~(TJAh^c;5I|%O0Pmz3bq@ZI1U1GT6l9>cYD(%@e;OdS~C)4VCNFWW7Ex{y#tS
zLzre-Lfj$AxuOr8!~*^#hObnKo5=QX{k6v$Wu`k5%kBNDUi2>by=~L~6-_MD_vT(n
WI~;mWKzG{XR?|mjGCeXp8K(g=#@tK*

delta 1028
zcmdnSd4gktPJM1=cwkPHYoSkMsgp@*NlJLWc3EYqM{-U^YE+I<v45niuU}54t9M{k
zD3^Iwx<z_$QkJ)YrG9R<k$$L!L4a3qmS>J<Zbo=SR#;$3nR~K+Wk$GnK9{bYLUD11
zZfc5=si~o*f|+(kU_qclVMSSDQdL-rTbhSOQblHRnOjwHa(bGPbC`QUlBruzPH|yL
zgjZ!?v1M>5S6QN0X;y)Sfs2Kauc2{Nl3!+GvSoy~hjVH{WlmmBWl(02x4)lXj%8T#
z#E;_P{*h@W`Ua66=9T^-WoAZM{t=nZX|6$8*+~^urXDV(7Csg!Ar|KDQEmoYIfkWS
z?h!#2CT^u^QDG%nE}q6o9))GzWj<jp5pF5L`pyx)21S9n>H40N&oYYFdlrVcq?wyo
zRs~ubM?{2LL>8qRL}Z$VM`XDhxj6ayL>U!?m1O(728MWYrE4c;2O0V17et!s=N9Hz
z1cyeMq?G2RCHp0t8U$8kq$GM)Ryt;cmIr%s>FVk#IQeB6Rhk)jRHhdB8wQ6u7DgCW
zI(zw98hR#|2ReF$J4YGT7gksnmpElwaBcGD-tcce*QUsvStr}McPdU5xmN31BYVuy
z?nC60%;tapSi>UEz5Exex4OR8_K;u(&-|5PIiZTX+7;ygw&tu$w08PXAszQ8FTDRG
zr=3XP{uzZ+CMP~T%OO4M%e}3a*xnlEH`(9O`1?&$#O~p>?<d$476(r_R#DH%HTQKz
zOZtD&lg}S3XC%d~y=apu_<w=Jo^sQVmkZZaT0}42Z<1|P@O5SR?*@j_H;Wjxw{ZSe
z-?m9DN=d85L2y><f5uu9@w1ndK1Mmuw&+hbbn#rr|8$xmlatNjd%`RIPOcIBz3k%G
zx9=5A9_eNKolpIsqnEG5BeGe3MOjvKy=3UO7rnj;|H7w=iJUb2sc2$$sh{;_R#SJ?
z^z=n79Eo;K&lg;sxzX*s#DcpD9(oh<*(LcpzP~KlAXK%b==ScG2ygv4n;7C_mK>U&
z5ozZTe|Apaucd;zfsbA6TW9nCD5-z#d@a-BtL4)$i|{RrC&*{&F+a5p)0lhz<B<!;
zcAl<x?)>C&=VSZK%`R-GI#<n}TkNx{nj??7Jlpckwv@0B<)!Nn>)ibHP)T!oo#nRr
zyFXI%^2Bndy=r*&YYyL$B;GB|A=>Zs`PwQsxtw2K`EaWEdEpgt3SA6uTXkOSHIaGu
z`9<lHqY`P^2Uz;t^nEy7c<+9*`(mf6#r5-<(@oZsSHn$JN|O`$w0|wysmkuy+;*n-
zs>->E=d=$*ac|TSVv0Ja-FHeR_~rR&J;7%t@jZD~u{?ICY`E8n8cBDzdixX|VWAY`
Z^HG1!b{?oX-xMRB5WOJ(HLrBYeE_i#tsDRV