commit c0e781bf006a515def513235630c9f257d870f50 Author: Sascha König Date: Tue May 5 08:30:51 2026 +0200 first commit diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..7d5fb9d --- /dev/null +++ b/.envrc @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +# Activate the devshell from the Nix flake +# This loads all tools and environment variables defined in flake.nix + +use flake diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..807d598 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ + +# Use bd merge for beads JSONL files +.beads/issues.jsonl merge=beads diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4d423d5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,35 @@ +# Sisyphus work session data +.sisyphus/ + +# Editor files +*~ +.*.swp +.*.swo +.*.swx + +# Build artifacts +result +result-* +.direnv/ + +# IDE +.vscode/ +.idea/ +*.iml + +# OS +.DS_Store +Thumbs.db + +# Opencode rules +.opencode-rules +opencode.json + +# Local agent/coding-rule artifacts +.pi/ +.pi-lens/ +coding-rules.json +coding-rules/ + +.todos/ +.sidecar/ diff --git a/AGENTS.md b/AGENTS.md new file mode 100644 index 0000000..3e421c0 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1,45 @@ +# Agent Instructions + +## MANDATORY: Use td for Task Management + +You must run td usage --new-session at conversation start (or after /clear) to see current work. +Use td usage -q for subsequent reads. + +This project uses **bd** (beads) for issue tracking. Run `bd onboard` to get started. + +## Quick Reference + +```bash +bd ready # Find available work +bd show # View issue details +bd update --status in_progress # Claim work +bd close # Complete work +bd sync # Sync with git +``` + +## Landing the Plane (Session Completion) + +**When ending a work session**, you MUST complete ALL steps below. Work is NOT complete until `git push` succeeds. + +**MANDATORY WORKFLOW:** + +1. **File issues for remaining work** - Create issues for anything that needs follow-up +2. **Run quality gates** (if code changed) - Tests, linters, builds +3. **Update issue status** - Close finished work, update in-progress items +4. **PUSH TO REMOTE** - This is MANDATORY: + ```bash + git pull --rebase + bd sync + git push + git status # MUST show "up to date with origin" + ``` +5. **Clean up** - Clear stashes, prune remote branches +6. **Verify** - All changes committed AND pushed +7. **Hand off** - Provide context for next session + +**CRITICAL RULES:** +- Work is NOT complete until `git push` succeeds +- NEVER stop before pushing - that leaves work stranded locally +- NEVER say "ready to push when you are" - YOU must push +- If push fails, resolve and retry until it succeeds + diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..7ba97cb --- /dev/null +++ b/flake.lock @@ -0,0 +1,1254 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": "nixpkgs", + "systems": "systems" + }, + "locked": { + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "agenix_2": { + "inputs": { + "darwin": "darwin_2", + "home-manager": "home-manager_3", + "nixpkgs": "nixpkgs_3", + "systems": "systems_3" + }, + "locked": { + "lastModified": 1770165109, + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "owner": "ryantm", + "repo": "agenix", + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "agents": { + "flake": false, + "locked": { + "lastModified": 1777399938, + "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=", + "ref": "refs/heads/master", + "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055", + "revCount": 85, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + } + }, + "agents_2": { + "flake": false, + "locked": { + "lastModified": 1777399938, + "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=", + "ref": "refs/heads/master", + "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055", + "revCount": 85, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + } + }, + "agents_3": { + "flake": false, + "locked": { + "lastModified": 1777399938, + "narHash": "sha256-xXPqUQezDdDtF8MbpZnwD1HkybOYwF92evx8rJ6OXCU=", + "ref": "refs/heads/master", + "rev": "9a91f1ee0cf011a7eaf1f16a9e17610b0457e055", + "revCount": 85, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + } + }, + "agents_4": { + "flake": false, + "locked": { + "lastModified": 1771353084, + "narHash": "sha256-QsrA7+md+bw1ACQeuvDn2mE5X11gM0hqVGse58spedA=", + "ref": "refs/heads/master", + "rev": "5b204c95e419eb75b04c5f85e1bd56ed56a5abe4", + "revCount": 60, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/AGENTS" + } + }, + "azion-scheduler": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777529010, + "narHash": "sha256-1Ig0lcwYTxAgskM6RM/R6jkx6Q5W5jAkEL+0DomaHhk=", + "ref": "refs/heads/main", + "rev": "dee96ee1cc75a16a04803a735dc23ca3f0f300fb", + "revCount": 4, + "type": "git", + "url": "https://git.az-gruppe.com/AZ-Intec-GmbH/AZion" + }, + "original": { + "type": "git", + "url": "https://git.az-gruppe.com/AZ-Intec-GmbH/AZion" + } + }, + "base16-schemes": { + "flake": false, + "locked": { + "lastModified": 1696158499, + "narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=", + "owner": "tinted-theming", + "repo": "base16-schemes", + "rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-schemes", + "type": "github" + } + }, + "base16-schemes_2": { + "flake": false, + "locked": { + "lastModified": 1696158499, + "narHash": "sha256-5yIHgDTPjoX/3oDEfLSQ0eJZdFL1SaCfb9d6M0RmOTM=", + "owner": "tinted-theming", + "repo": "base16-schemes", + "rev": "a9112eaae86d9dd8ee6bb9445b664fba2f94037a", + "type": "github" + }, + "original": { + "owner": "tinted-theming", + "repo": "base16-schemes", + "type": "github" + } + }, + "basecamp": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1774505501, + "narHash": "sha256-7UiRrDptj7yuEFwToOfdunUMz/i3jRLR7CmMoYQjq6k=", + "owner": "basecamp", + "repo": "basecamp-cli", + "rev": "f087e6ef84002503d0dbc75ea1c8c928a8928d9e", + "type": "github" + }, + "original": { + "owner": "basecamp", + "ref": "v0.7.2", + "repo": "basecamp-cli", + "type": "github" + } + }, + "basecamp_2": { + "inputs": { + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1774505501, + "narHash": "sha256-7UiRrDptj7yuEFwToOfdunUMz/i3jRLR7CmMoYQjq6k=", + "owner": "basecamp", + "repo": "basecamp-cli", + "rev": "f087e6ef84002503d0dbc75ea1c8c928a8928d9e", + "type": "github" + }, + "original": { + "owner": "basecamp", + "ref": "v0.7.2", + "repo": "basecamp-cli", + "type": "github" + } + }, + "blueprint": { + "inputs": { + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ] + }, + "locked": { + "lastModified": 1776249299, + "narHash": "sha256-Dt9t1TGRmJFc0xVYhttNBD6QsAgHOHCArqGa0AyjrJY=", + "owner": "numtide", + "repo": "blueprint", + "rev": "56131e8628f173d24a27f6d27c0215eff57e40dd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "blueprint", + "type": "github" + } + }, + "bun2nix": { + "inputs": { + "flake-parts": [ + "llm-agents", + "flake-parts" + ], + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ], + "systems": [ + "llm-agents", + "systems" + ], + "treefmt-nix": [ + "llm-agents", + "treefmt-nix" + ] + }, + "locked": { + "lastModified": 1777369708, + "narHash": "sha256-1xW7cRZNsFNPQD+cE0fwnLVStnDth0HSoASEIFeT7uI=", + "owner": "nix-community", + "repo": "bun2nix", + "rev": "e659e1cc4b8e1b21d0aa85f1c481f9db61ecfa98", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "staging-2.1.0", + "repo": "bun2nix", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "darwin_2": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777713215, + "narHash": "sha256-8GzXDOXckDWwST8TY5DbwYFjdvQLlP7K9CLSVx6iTTo=", + "owner": "nix-community", + "repo": "disko", + "rev": "63b4e7e6cf75307c1d26ac3762b886b5b0247267", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "disko_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", + "owner": "nix-community", + "repo": "disko", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "disko", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "llm-agents", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777678872, + "narHash": "sha256-EPIFsulyon7Z1vLQq5Fk64GR8L7cQsT+IPhcsukVbgk=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "5250617bffd85403b14dbf43c3870e7f255d2c16", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "m3ta-home", + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nur", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777771528, + "narHash": "sha256-YycygK6n7KeW1YCobdFJcORWzkmrvNcp6xT+IovA0d4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "0585fbf645640973e3398863bbaf3bd1ddce4a51", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-25.11", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1745494811, + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_4": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777913624, + "narHash": "sha256-4MwfrGuqjsnEORQbM3cmkmG/9cWhDV63dTDguDj4FXw=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a89686d115e970e200eb2caa7603f3673050e00c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "llm-agents": { + "inputs": { + "blueprint": "blueprint", + "bun2nix": "bun2nix", + "flake-parts": "flake-parts", + "nixpkgs": "nixpkgs_2", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1777873616, + "narHash": "sha256-W4FRQJ/X6amooqaD6DjLtOiUzUIzyBQOBPAijRMCE44=", + "owner": "numtide", + "repo": "llm-agents.nix", + "rev": "91f891c781adae47bfa5539d80f8528b82bf31fd", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "llm-agents.nix", + "type": "github" + } + }, + "m3ta-home": { + "inputs": { + "agenix": "agenix_2", + "home-manager": "home-manager_4", + "m3ta-nixpkgs": "m3ta-nixpkgs", + "nix-colors": "nix-colors", + "nixpkgs": [ + "nixpkgs" + ], + "nur": "nur" + }, + "locked": { + "lastModified": 1777909626, + "narHash": "sha256-blEbEb6DOUI3oPs30cxuctCw2EKeF5MG2A5GhxMHReI=", + "ref": "refs/heads/master", + "rev": "d0921278e29f0596e3dd4b63a1e5785f0b444444", + "revCount": 17, + "type": "git", + "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" + }, + "original": { + "type": "git", + "url": "ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home" + } + }, + "m3ta-nixpkgs": { + "inputs": { + "agents": "agents_2", + "basecamp": "basecamp", + "nixpkgs": [ + "m3ta-home", + "nixpkgs" + ], + "nixpkgs-master": "nixpkgs-master", + "openspec": "openspec" + }, + "locked": { + "lastModified": 1777903274, + "narHash": "sha256-iHAUmHCT+4406yRjvBfJ+SYVvKwGVm4Aq+U/CqINOJI=", + "ref": "refs/heads/master", + "rev": "98424b0f3de5f37d9b6cfc67bf52cd901abeebf2", + "revCount": 277, + "type": "git", + "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs" + }, + "original": { + "type": "git", + "url": "ssh://gitea@code.m3ta.dev/m3tam3re/nixpkgs" + } + }, + "m3ta-nixpkgs_2": { + "inputs": { + "agents": "agents_3", + "basecamp": "basecamp_2", + "nixpkgs": "nixpkgs_5", + "nixpkgs-master": "nixpkgs-master_2", + "openspec": "openspec_2" + }, + "locked": { + "lastModified": 1777903274, + "narHash": "sha256-iHAUmHCT+4406yRjvBfJ+SYVvKwGVm4Aq+U/CqINOJI=", + "ref": "refs/heads/master", + "rev": "98424b0f3de5f37d9b6cfc67bf52cd901abeebf2", + "revCount": 277, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + } + }, + "m3ta-nixpkgs_3": { + "inputs": { + "nixpkgs": "nixpkgs_7", + "nixpkgs-master": "nixpkgs-master_3", + "opencode": "opencode" + }, + "locked": { + "lastModified": 1771355771, + "narHash": "sha256-Uhq6aMCuzKqC2UIAbEkx+LQS77MGEVDEL7zpfoW6VB8=", + "ref": "refs/heads/master", + "rev": "dc206b13e256941298868d559fff9be31d7e0e34", + "revCount": 119, + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + }, + "original": { + "type": "git", + "url": "https://code.m3ta.dev/m3tam3re/nixpkgs" + } + }, + "nix-colors": { + "inputs": { + "base16-schemes": "base16-schemes", + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1707825078, + "narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=", + "owner": "misterio77", + "repo": "nix-colors", + "rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1", + "type": "github" + }, + "original": { + "owner": "misterio77", + "repo": "nix-colors", + "type": "github" + } + }, + "nix-colors_2": { + "inputs": { + "base16-schemes": "base16-schemes_2", + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1707825078, + "narHash": "sha256-hTfge2J2W+42SZ7VHXkf4kjU+qzFqPeC9k66jAUBMHk=", + "owner": "misterio77", + "repo": "nix-colors", + "rev": "b01f024090d2c4fc3152cd0cf12027a7b8453ba1", + "type": "github" + }, + "original": { + "owner": "misterio77", + "repo": "nix-colors", + "type": "github" + } + }, + "nix-vm-test": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769079217, + "narHash": "sha256-R6qzhu+YJolxE2vUsPQWWwUKMbAG5nXX3pBtg8BNX38=", + "owner": "Enzime", + "repo": "nix-vm-test", + "rev": "58c15f78947b431d6c206e0966500c7e9139bd2f", + "type": "github" + }, + "original": { + "owner": "Enzime", + "ref": "pr-105-latest", + "repo": "nix-vm-test", + "type": "github" + } + }, + "nixos-anywhere": { + "inputs": { + "disko": "disko_2", + "flake-parts": "flake-parts_3", + "nix-vm-test": "nix-vm-test", + "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_2" + }, + "locked": { + "lastModified": 1769956140, + "narHash": "sha256-D+RQ+DaIC/GVwv5lUs7e8jSmh8aPc77Kg/gRjaS25Zk=", + "owner": "nix-community", + "repo": "nixos-anywhere", + "rev": "92f82c5196a5f8588be4967e535c4cfd35e85902", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-anywhere", + "type": "github" + } + }, + "nixos-images": { + "inputs": { + "nixos-stable": [ + "nixos-anywhere", + "nixos-stable" + ], + "nixos-unstable": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1766770015, + "narHash": "sha256-kUmVBU+uBUPl/v3biPiWrk680b8N9rRMhtY97wsxiJc=", + "owner": "nix-community", + "repo": "nixos-images", + "rev": "e4dba54ddb6b2ad9c6550e5baaed2fa27938a5d2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-images", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1769598131, + "narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1697935651, + "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1697935651, + "narHash": "sha256-qOfWjQ2JQSQL15KLh6D7xQhx0qgZlYZTYlcEiRuAMMw=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e1e11fdbb01113d85c7f41cada9d2847660e3902", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-master": { + "locked": { + "lastModified": 1777902845, + "narHash": "sha256-xsIOaugmxbeQ/0lklO5epCy28yCh9pdU3Ko+alWHE9o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b8b8208c95fa8ec83bd3b82e0529def22f94ff7e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master_2": { + "locked": { + "lastModified": 1777902845, + "narHash": "sha256-xsIOaugmxbeQ/0lklO5epCy28yCh9pdU3Ko+alWHE9o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b8b8208c95fa8ec83bd3b82e0529def22f94ff7e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-master_3": { + "locked": { + "lastModified": 1770917518, + "narHash": "sha256-XSwv/tVrNo/L8SPH8Lx9xZH1PrZd/3Z3J/0SH7Xertg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "3f4a3c08f2f318ee29fc8a2689f390071a94aaf0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1777826146, + "narHash": "sha256-wQ/iN5Zp5VIa3ebBibijPnLyKhor+xEbDy4d0goa9Zs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "73c703c22422b8951895a960959dbbaca7296492", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1754028485, + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1777673416, + "narHash": "sha256-5c2POKPOjU40Kh0MirOdScBLG0bu9TAuPYAtPRNZMBs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "26ef669cffa904b6f6832ab57b77892a37c1a671", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1770562336, + "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6c71932130818840fc8fe9509cf50be8c64634f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1770115704, + "narHash": "sha256-KHFT9UWOF2yRPlAnSXQJh6uVcgNcWlFqqiAZ7OVlHNc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "e6eae2ee2110f3d31110d5c222cd395303343b08", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1777917094, + "narHash": "sha256-nhBnb6RAZt+ZBzxoK76t/3qGojDab9MQJteOYecYa1c=", + "owner": "nix-community", + "repo": "NUR", + "rev": "44ae25141598a7756dbb070c9a2abec090141c58", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "nur_2": { + "inputs": { + "flake-parts": "flake-parts_4", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777917094, + "narHash": "sha256-nhBnb6RAZt+ZBzxoK76t/3qGojDab9MQJteOYecYa1c=", + "owner": "nix-community", + "repo": "NUR", + "rev": "44ae25141598a7756dbb070c9a2abec090141c58", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "opencode": { + "inputs": { + "nixpkgs": [ + "zugferd-service", + "m3ta-nixpkgs", + "nixpkgs-master" + ] + }, + "locked": { + "lastModified": 1771271829, + "narHash": "sha256-43vPMyO7DsAgKrh0Wmt7jLDYCWUsaj30nBITreyYgX8=", + "owner": "anomalyco", + "repo": "opencode", + "rev": "d8c25bfeb44771cc3a3ba17bf8de6ad2add9de2c", + "type": "github" + }, + "original": { + "owner": "anomalyco", + "ref": "v1.2.6", + "repo": "opencode", + "type": "github" + } + }, + "openspec": { + "inputs": { + "nixpkgs": [ + "m3ta-home", + "m3ta-nixpkgs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777872738, + "narHash": "sha256-yiWvZBgVT/NkxxVpFYZ5p76EXm3CvQKZNh98Fw5Uyew=", + "owner": "Fission-AI", + "repo": "OpenSpec", + "rev": "435458be5658ec8774657acb197df7e84f0e7783", + "type": "github" + }, + "original": { + "owner": "Fission-AI", + "repo": "OpenSpec", + "type": "github" + } + }, + "openspec_2": { + "inputs": { + "nixpkgs": [ + "m3ta-nixpkgs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1777872738, + "narHash": "sha256-yiWvZBgVT/NkxxVpFYZ5p76EXm3CvQKZNh98Fw5Uyew=", + "owner": "Fission-AI", + "repo": "OpenSpec", + "rev": "435458be5658ec8774657acb197df7e84f0e7783", + "type": "github" + }, + "original": { + "owner": "Fission-AI", + "repo": "OpenSpec", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "agents": "agents", + "azion-scheduler": "azion-scheduler", + "disko": "disko", + "home-manager": "home-manager_2", + "llm-agents": "llm-agents", + "m3ta-home": "m3ta-home", + "m3ta-nixpkgs": "m3ta-nixpkgs_2", + "nix-colors": "nix-colors_2", + "nixos-anywhere": "nixos-anywhere", + "nixpkgs": "nixpkgs_6", + "nixpkgs-unstable": "nixpkgs-unstable", + "nur": "nur_2", + "zugferd-service": "zugferd-service" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "llm-agents", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1775636079, + "narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { + "inputs": { + "nixpkgs": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769691507, + "narHash": "sha256-8aAYwyVzSSwIhP2glDhw/G0i5+wOrren3v6WmxkVonM=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "28b19c5844cc6e2257801d43f2772a4b4c050a1b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "zugferd-service": { + "inputs": { + "agents": "agents_4", + "flake-utils": "flake-utils", + "m3ta-nixpkgs": "m3ta-nixpkgs_3", + "nixpkgs": "nixpkgs_8" + }, + "locked": { + "lastModified": 1775717435, + "narHash": "sha256-KpleyhSqHWWTKwvnedrzOyVg5Calj6tj3A+37SGmuIs=", + "ref": "refs/heads/master", + "rev": "18a902bcc996201c709b36813c962790c308087f", + "revCount": 13, + "type": "git", + "url": "https://git.az-gruppe.com/AZ-Intec-GmbH/zugferd-service" + }, + "original": { + "type": "git", + "url": "https://git.az-gruppe.com/AZ-Intec-GmbH/zugferd-service" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..86c0074 --- /dev/null +++ b/flake.nix @@ -0,0 +1,168 @@ +{ + description = '' + For questions just DM me on X: https://twitter.com/@m3tam3re + There is also some NIXOS content on my YT channel: https://www.youtube.com/@m3tam3re + + One of the best ways to learn NIXOS is to read other peoples configurations. I have personally learned a lot from Gabriel Fontes configs: + https://github.com/Misterio77/nix-starter-configs + https://github.com/Misterio77/nix-config + + Please also check out the starter configs mentioned above. + ''; + + inputs = { + home-manager = { + url = "github:nix-community/home-manager/release-25.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + m3ta-nixpkgs.url = "git+https://code.m3ta.dev/m3tam3re/nixpkgs"; + + m3ta-home = { + url = "git+ssh://gitea@code.m3ta.dev/m3tam3re/m3ta-home"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + llm-agents.url = "github:numtide/llm-agents.nix"; + + nur = { + url = "github:nix-community/NUR"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + agenix.url = "github:ryantm/agenix"; + + nixos-anywhere = { + url = "github:nix-community/nixos-anywhere"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + nix-colors.url = "github:misterio77/nix-colors"; + + agents = { + url = "git+https://code.m3ta.dev/m3tam3re/AGENTS"; + flake = false; + }; + + zugferd-service = { + url = "git+https://git.az-gruppe.com/AZ-Intec-GmbH/zugferd-service"; + }; + + azion-scheduler = { + url = "git+https://git.az-gruppe.com/AZ-Intec-GmbH/AZion"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { + self, + agenix, + agents, + nixpkgs, + m3ta-nixpkgs, + ... + } @ inputs: let + inherit (self) outputs; + systems = [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + "aarch64-darwin" + "x86_64-darwin" + ]; + forAllSystems = nixpkgs.lib.genAttrs systems; + in { + packages = + forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); + overlays = let + all = import ./overlays {inherit inputs;}; + in + removeAttrs all ["mkLlmAgentsOverlay"]; + lib.mkLlmAgentsOverlay = (import ./overlays {inherit inputs;}).mkLlmAgentsOverlay; + + devShells = forAllSystems (system: let + pkgs = import nixpkgs { + inherit system; + config.allowUnfree = true; # Allow unfree packages in devShell + }; + m3taLib = m3ta-nixpkgs.lib.${system}; + rules = m3taLib.coding-rules.mkCodingRules { + inherit agents; + languages = ["nix"]; + }; + in { + default = pkgs.mkShell { + buildInputs = with pkgs; [ + alejandra + nixd + opencode + # pi-coding-agent + inputs.agenix.packages.${system}.default + ]; + + shellHook = '' + ${rules.shellHook} + echo "🚀 NixOS Infrastructure Development Shell with Opencode Rules" + echo "" + echo "Active rules:" + echo " - Nix language conventions" + echo " - Coding-style best practices" + echo " - Naming conventions" + echo " - Documentation standards" + echo " - Testing guidelines" + echo " - Git workflow patterns" + echo " - Project structure guidelines" + echo "" + echo "Generated files:" + echo " - .opencode-rules/ (symlink to AGENTS repo rules)" + echo " - coding-rules.json (configuration file)" + echo "" + echo "Useful commands:" + echo " - cat coding-rules.json View rules configuration" + echo " - ls .opencode-rules/ Browse available rules" + echo " - nix develop Re-enter this shell" + echo "" + echo "Remember to add to .gitignore:" + echo " .opencode-rules" + echo " coding-rules.json" + echo "======================================" + ''; + }; + }); + + nixosConfigurations = { + AZ-CLD-1 = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs; + system = "x86_64-linux"; + }; + modules = [ + ./hosts/AZ-CLD-1 + agenix.nixosModules.default + inputs.disko.nixosModules.disko + inputs.zugferd-service.nixosModules.default + ]; + }; + AZ-PRM-1 = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs; + system = "x86_64-linux"; + }; + modules = [ + ./hosts/AZ-PRM-1 + agenix.nixosModules.default + inputs.disko.nixosModules.disko + inputs.azion-scheduler.nixosModules.default + ]; + }; + }; + }; +} diff --git a/hosts/AZ-CLD-1/configuration.nix b/hosts/AZ-CLD-1/configuration.nix new file mode 100644 index 0000000..30c802d --- /dev/null +++ b/hosts/AZ-CLD-1/configuration.nix @@ -0,0 +1,136 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). +{ + config, + lib, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./disko-config.nix + ]; + + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + }; + + swapDevices = [ + { + device = "/var/lib/swapfile"; + size = 16 * 1024; + } + ]; + + networking.hostName = "AZ-CLD-1"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "de_DE.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # services.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # tree + # ]; + # }; + + # programs.firefox.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + neovim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + ports = [2022]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [587]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/hosts/AZ-CLD-1/default.nix b/hosts/AZ-CLD-1/default.nix new file mode 100644 index 0000000..80e6a1c --- /dev/null +++ b/hosts/AZ-CLD-1/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ../common + ./configuration.nix + ./secrets.nix + ./services + ]; + + extraServices = { + podman.enable = true; + }; +} diff --git a/hosts/AZ-CLD-1/disko-config.nix b/hosts/AZ-CLD-1/disko-config.nix new file mode 100644 index 0000000..74cb823 --- /dev/null +++ b/hosts/AZ-CLD-1/disko-config.nix @@ -0,0 +1,39 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/vda"; # CHANGE ME + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; # for GRUB MBR + priority = 1; + }; + esp = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["noatime" "nodiratime" "discard"]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/AZ-CLD-1/hardware-configuration.nix b/hosts/AZ-CLD-1/hardware-configuration.nix new file mode 100644 index 0000000..7caa8fe --- /dev/null +++ b/hosts/AZ-CLD-1/hardware-configuration.nix @@ -0,0 +1,28 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/AZ-CLD-1/secrets.nix b/hosts/AZ-CLD-1/secrets.nix new file mode 100644 index 0000000..37a819e --- /dev/null +++ b/hosts/AZ-CLD-1/secrets.nix @@ -0,0 +1,81 @@ +{ + age = { + secrets = { + traefik-env = { + file = ../../secrets/traefik-env.age; + }; + baserow-env = { + file = ../../secrets/baserow-env.age; + }; + librechat = { + file = ../../secrets/librechat.age; + }; + librechat-env = { + file = ../../secrets/librechat-env.age; + }; + librechat-env-dev = { + file = ../../secrets/librechat-env-dev.age; + }; + librechat-env-prod = { + file = ../../secrets/librechat-env-prod.age; + }; + litellm-env = { + file = ../../secrets/litellm-env.age; + }; + metabase-env = { + file = ../../secrets/metabase-env.age; + }; + n8n-env = { + file = ../../secrets/n8n-env.age; + }; + netbird-auth-secret = { + file = ../../secrets/netbird-auth-secret.age; + }; + netbird-db-password = { + file = ../../secrets/netbird-db-password.age; + }; + netbird-encryption-key = { + file = ../../secrets/netbird-encryption-key.age; + }; + netbird-dashboard-env = { + file = ../../secrets/netbird-dashboard-env.age; + }; + netbird-server-env = { + file = ../../secrets/netbird-server-env.age; + }; + netbird-proxy-env = { + file = ../../secrets/netbird-proxy-env.age; + }; + outline-env = { + file = ../../secrets/outline-env.age; + owner = "outline"; + }; + pgadmin-pw = { + file = ../../secrets/pgadmin-pw.age; + owner = "pgadmin"; + }; + vaultwarden-env = { + file = ../../secrets/vaultwarden-env.age; + }; + hetzner-s3-az-intern-secret-key = { + file = ../../secrets/hetzner-s3-az-intern-secret-key.age; + owner = "outline"; + }; + hetzner-s3-az-intern-access-key = { + file = ../../secrets/hetzner-s3-az-intern-access-key.age; + }; + zammad-pw = { + file = ../../secrets/zammad-pw.age; + }; + zammad-secret = { + file = ../../secrets/zammad-secret.age; + }; + zammad-hr-env-prod = { + file = ../../secrets/zammad-hr-env-prod.age; + }; + zammad-hr-env = { + file = ../../secrets/zammad-hr-env.age; + }; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/baserow.nix b/hosts/AZ-CLD-1/services/containers/baserow.nix new file mode 100644 index 0000000..3ab0a81 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/baserow.nix @@ -0,0 +1,70 @@ +{config, ...}: let + serviceName = "baserow"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers.${serviceName} = { + image = "docker.io/baserow/baserow:2.1.6"; + environment = { + BASEROW_AMOUNT_OF_GUNICORN_WORKERS = "4"; + BASEROW_AMOUNT_OF_WORKERS = "2"; + DATABASE_CONN_MAX_AGE = "60"; + # Proxy: tell Django the connection is HTTPS so cookies get Secure flag + BASEROW_ENABLE_SECURE_PROXY_SSL_HEADER = "yes"; + # Published apps run on different origins — allow cross-origin cookie delivery + BASEROW_FRONTEND_SAME_SITE_COOKIE = "none"; + # Valid base domain for published app subdomains + BASEROW_BUILDER_DOMAINS = "az-gruppe.com"; + # Disable Caddy's on_demand TLS — Traefik handles TLS termination + BASEROW_CADDY_GLOBAL_CONF = "auto_https off"; + }; + environmentFiles = [config.age.secrets.baserow-env.path]; + ports = ["127.0.0.1:${toString servicePort}:80"]; + volumes = ["baserow_data:/baserow/data"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"]; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + middlewares."${serviceName}-headers".headers = { + customRequestHeaders = { + X-Forwarded-Proto = "https"; + X-Forwarded-Port = "443"; + }; + }; + + routers.${serviceName} = { + rule = "Host(`br.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; + }; + + routers.azubi = { + rule = "Host(`azubi.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; + }; + routers.ausbilder = { + rule = "Host(`ausbilder.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/default.nix b/hosts/AZ-CLD-1/services/containers/default.nix new file mode 100644 index 0000000..787b308 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/default.nix @@ -0,0 +1,20 @@ +{lib, ...}: { + imports = [ + ./baserow.nix + ./it-tools.nix + ./librechat.nix + ./litellm.nix + ./librechat-dev.nix + ./netbird.nix + ./portainer.nix + ./zammad-hr.nix + ]; + system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' + if ! /run/current-system/sw/bin/podman network exists web; then + /run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal + fi + if ! /run/current-system/sw/bin/podman network exists web-dev; then + /run/current-system/sw/bin/podman network create web-dev --subnet=10.89.1.0/24 --internal + fi + ''; +} diff --git a/hosts/AZ-CLD-1/services/containers/it-tools.nix b/hosts/AZ-CLD-1/services/containers/it-tools.nix new file mode 100644 index 0000000..223b6a0 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/it-tools.nix @@ -0,0 +1,27 @@ +{config, ...}: let + serviceName = "it-tools"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers.${serviceName} = { + image = "docker.io/sharevb/it-tools:latest"; + ports = ["127.0.0.1:${toString servicePort}:8080"]; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`tools.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/librechat-dev.nix b/hosts/AZ-CLD-1/services/containers/librechat-dev.nix new file mode 100644 index 0000000..a0efbd2 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/librechat-dev.nix @@ -0,0 +1,133 @@ +{ + config, + pkgs, + ... +}: let + serviceName = "librechat-dev"; + servicePort = config.m3ta.ports.get serviceName; + ragApiDevServiceName = "rag-api-dev"; + ragApiDevPort = config.m3ta.ports.get ragApiDevServiceName; + envFileDev = config.age.secrets.librechat-env-dev.path; + envFileCommon = config.age.secrets.librechat.path; +in { + virtualisation.oci-containers = { + containers.meilisearch-dev = { + image = "getmeili/meilisearch:v1.12.3"; + autoStart = false; + volumes = ["librechat_dev_meili:/meili_data"]; + environment = { + MEILI_HTTP_ADDR = "0.0.0.0:7700"; + MEILI_NO_ANALYTICS = "true"; + }; + environmentFiles = [envFileDev envFileCommon]; + extraOptions = ["--ip=10.89.1.20" "--network=web-dev"]; + }; + + containers.rag_api-dev = { + image = "ghcr.io/danny-avila/librechat-rag-api-dev-lite:latest"; + autoStart = false; + environment = { + RAG_PORT = "8000"; + DB_HOST = "10.89.1.1"; + DB_PORT = "5432"; + }; + environmentFiles = [envFileDev envFileCommon]; + dependsOn = ["meilisearch-dev"]; + extraOptions = ["--add-host=postgres:10.89.1.1" "--ip=10.89.1.21" "--network=web-dev"]; + ports = ["127.0.0.1:${toString ragApiDevPort}:8000"]; + }; + + containers.mongodb-dev = { + image = "mongo:7"; + autoStart = false; + volumes = [ + "librechat_dev_mongo:/data/db" + "/var/backup/mongodb-dev:/data/backups" + ]; + extraOptions = ["--ip=10.89.1.22" "--network=web-dev"]; + }; + + containers.${serviceName} = { + image = "ghcr.io/danny-avila/librechat-dev-api:latest"; + autoStart = false; + ports = ["127.0.0.1:${toString servicePort}:3080"]; + dependsOn = ["mongodb-dev" "rag_api-dev" "meilisearch-dev"]; + environment = { + HOST = "0.0.0.0"; + NODE_ENV = "development"; + MONGO_URI = "mongodb://mongodb-dev:27017/LibreChatDev"; + MEILI_HOST = "http://meilisearch-dev:7700"; + RAG_PORT = "8000"; + RAG_API_URL = "http://rag_api-dev:8000"; + }; + environmentFiles = [envFileDev envFileCommon]; + volumes = [ + "/var/lib/librechat-dev/librechat.yaml:/app/librechat.yaml:ro" + "librechat_dev_images:/app/client/public/images" + "librechat_dev_uploads:/app/uploads" + "librechat_dev_logs:/app/api/logs" + ]; + extraOptions = ["--ip=10.89.1.23" "--network=web-dev"]; + }; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`chat-dev.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; + + environment.systemPackages = [ + (pkgs.writeShellScriptBin "librechat-dev" '' + #!/usr/bin/env bash + set -e + + SERVICES=( + podman-meilisearch-dev + podman-mongodb-dev + podman-rag_api-dev + podman-librechat-dev + ) + + case "$1" in + up) + echo "🚀 Starte LibreChat-Dev-Umgebung..." + for svc in "''${SERVICES[@]}"; do + sudo systemctl start "$svc" + done + ;; + down) + echo "🛑 Stoppe LibreChat-Dev-Umgebung..." + for svc in "''${SERVICES[@]}"; do + sudo systemctl stop "$svc" + done + ;; + restart) + echo "🔄 Neustart der LibreChat-Dev-Umgebung..." + for svc in "''${SERVICES[@]}"; do + sudo systemctl restart "$svc" + done + ;; + status) + systemctl status "''${SERVICES[@]}" + ;; + *) + echo "Usage: librechat-dev {up|down|restart|status}" + exit 1 + ;; + esac + '') + ]; +} diff --git a/hosts/AZ-CLD-1/services/containers/librechat.nix b/hosts/AZ-CLD-1/services/containers/librechat.nix new file mode 100644 index 0000000..f65714e --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/librechat.nix @@ -0,0 +1,169 @@ +{ + config, + pkgs, + ... +}: let + serviceName = "librechat"; + servicePort = config.m3ta.ports.get serviceName; + ragApiServiceName = "rag-api"; + ragApiPort = config.m3ta.ports.get ragApiServiceName; + envFileProd = config.age.secrets.librechat-env-prod.path; + envFileCommon = config.age.secrets.librechat.path; +in { + virtualisation.oci-containers = { + containers.meilisearch = { + image = "getmeili/meilisearch:v1.35.1"; + autoStart = true; + volumes = ["librechat_meili:/meili_data"]; + environment = { + MEILI_HTTP_ADDR = "0.0.0.0:7700"; + MEILI_NO_ANALYTICS = "true"; + }; + environmentFiles = [envFileCommon envFileProd]; + extraOptions = ["--ip=10.89.0.20" "--network=web"]; + }; + + containers.rag_api = { + image = "registry.librechat.ai/danny-avila/librechat-rag-api-dev-lite:latest"; + autoStart = true; + environment = { + RAG_PORT = "8000"; + DB_HOST = "10.89.0.1"; + DB_PORT = "5432"; + }; + environmentFiles = [envFileCommon envFileProd]; + dependsOn = ["meilisearch"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.21" "--network=web"]; + ports = ["127.0.0.1:${toString ragApiPort}:8000"]; + }; + + containers.mongodb = { + image = "mongo:8.0.17"; + autoStart = true; + volumes = [ + "librechat_mongo:/data/db" + "/var/backup/mongodb:/data/backups" + ]; + # Enable auth once users exist; see Mongo auth doc. + # command = [ "mongod", "--auth" ]; + extraOptions = ["--ip=10.89.0.22" "--network=web"]; + }; + + containers.${serviceName} = { + image = "registry.librechat.ai/danny-avila/librechat-dev:latest"; + autoStart = true; + user = "1000:1000"; + ports = ["127.0.0.1:${toString servicePort}:3080"]; + dependsOn = ["mongodb" "rag_api" "meilisearch"]; + environment = { + HOST = "0.0.0.0"; + NODE_ENV = "production"; + # Mongo URI (start without auth; switch to mongodb://user:pass@mongodb:27017/LibreChat after Step 4) + MONGO_URI = "mongodb://mongodb:27017/LibreChat"; + MEILI_HOST = "http://meilisearch:7700"; + RAG_PORT = "8000"; + RAG_API_URL = "http://rag_api:8000"; + }; + environmentFiles = [envFileCommon envFileProd]; + volumes = [ + # Config file still needs to be a bind mount for host management + "/var/lib/librechat/librechat.yaml:/app/librechat.yaml:ro" + # Use named volumes for application data + "librechat_images:/app/client/public/images" + "librechat_uploads:/app/uploads" + "librechat_logs:/app/api/logs" + ]; + extraOptions = ["--ip=10.89.0.23" "--network=web" "--dns=8.8.8.8" "--dns=8.8.4.4"]; + }; + }; + + systemd.services."mongo-backup" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; + }; + script = '' + set -euo pipefail + + BACKUP_DIR="/var/backup/mongodb" + TIMESTAMP=$(date +%Y%m%d_%H%M%S) + TEMP_BACKUP="mongodb_backup_$TIMESTAMP" + ARCHIVE_NAME="mongodb_backup_$TIMESTAMP.tar.gz" + + # Ensure backup directory exists with proper permissions + mkdir -p "$BACKUP_DIR" + chown root:root "$BACKUP_DIR" + chmod 750 "$BACKUP_DIR" + + echo "Starting MongoDB backup at $(date)" + + # Create the backup dump in container + if ${pkgs.podman}/bin/podman exec mongodb mongodump --out "/data/backups/$TEMP_BACKUP"; then + echo "MongoDB dump completed successfully" + + # Create compressed archive from the backup + cd "$BACKUP_DIR" + if [ -d "$TEMP_BACKUP" ]; then + echo "Creating compressed archive: $ARCHIVE_NAME" + ${pkgs.gnutar}/bin/tar --use-compress-program=${pkgs.gzip}/bin/gzip -cf "$ARCHIVE_NAME" -C . "$TEMP_BACKUP" + + # Remove the uncompressed backup directory + rm -rf "$TEMP_BACKUP" + + # Verify archive was created + if [ -f "$ARCHIVE_NAME" ]; then + ARCHIVE_SIZE=$(${pkgs.coreutils}/bin/du -sh "$ARCHIVE_NAME" | cut -f1) + echo "Compressed backup created: $ARCHIVE_NAME (Size: $ARCHIVE_SIZE)" + + # Keep only the 2 most recent backup archives + ls -1t mongodb_backup_*.tar.gz | tail -n +3 | xargs -r rm -f + echo "Old backup archives cleaned up, keeping 2 most recent" + + # List current backups + echo "Current backups:" + ls -lah mongodb_backup_*.tar.gz 2>/dev/null || echo "No previous backups found" + else + echo "ERROR: Failed to create compressed archive" >&2 + exit 1 + fi + else + echo "ERROR: Backup directory not found at $BACKUP_DIR/$TEMP_BACKUP" >&2 + exit 1 + fi + else + echo "ERROR: MongoDB backup failed" >&2 + exit 1 + fi + + echo "MongoDB backup completed successfully at $(date)" + ''; + }; + + systemd.timers."mongo-backup" = { + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "*-*-* 02:00:00"; + RandomizedDelaySec = "30m"; + Persistent = true; + }; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`chat.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/litellm.nix b/hosts/AZ-CLD-1/services/containers/litellm.nix new file mode 100644 index 0000000..7165f2d --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/litellm.nix @@ -0,0 +1,37 @@ +{config, ...}: let + serviceName = "litellm"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers.${serviceName} = { + #image = "ghcr.io/berriai/litellm:v1.78.5-stable"; + image = "docker.litellm.ai/berriai/litellm:v1.82.3-stable"; + ports = ["127.0.0.1:${toString servicePort}:4000"]; + environmentFiles = [config.age.secrets.litellm-env.path]; + environment = { + ANONYMIZED_TELEMETRY = "False"; + DO_NOT_TRACK = "True"; + SCARF_NO_ANALYTICS = "True"; + STORE_MODEL_IN_DB = "True"; + }; + volumes = ["/var/lib/litellm/config.yaml:/app/config.yaml"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.30" "--network=web"]; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`llm.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/netbird.nix b/hosts/AZ-CLD-1/services/containers/netbird.nix new file mode 100644 index 0000000..6cf61d0 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/netbird.nix @@ -0,0 +1,243 @@ +{ + config, + pkgs, + ... +}: let + serviceName = "netbird"; + + servicePort = config.m3ta.ports.get serviceName; + + domain = "v.az-gruppe.com"; + proxyDomain = "p.az-gruppe.com"; + + ipBase = "10.89.0"; + ipOffset = 50; + + # Derived IPs + gatewayIp = "${ipBase}.1"; + dashboardIp = "${ipBase}.${toString ipOffset}"; + serverIp = "${ipBase}.${toString (ipOffset + 1)}"; + proxyIp = "${ipBase}.${toString (ipOffset + 2)}"; + + # Database configuration + dbName = "netbird"; + dbUser = "netbird"; + dbHost = gatewayIp; + + # NetBird config as Nix attribute set + netbirdConfig = { + server = { + listenAddress = ":80"; + exposedAddress = "https://${domain}:443"; + stunPorts = [3478]; + metricsPort = 9090; + healthcheckAddress = ":9000"; + logLevel = "info"; + logFile = "console"; + dataDir = "/var/lib/netbird"; + + auth = { + issuer = "https://${domain}/oauth2"; + localAuthDisabled = true; + signKeyRefreshEnabled = true; + dashboardRedirectURIs = [ + "https://${domain}/nb-auth" + "https://${domain}/nb-silent-auth" + ]; + cliRedirectURIs = ["http://localhost:53000/"]; + }; + + reverseProxy = { + trustedHTTPProxies = ["${gatewayIp}/32"]; + }; + + # Proxy Feature + proxy = { + enabled = true; + domain = proxyDomain; + }; + + store = { + engine = "postgres"; + postgres = { + host = dbHost; + port = 5432; + database = dbName; + username = dbUser; + }; + }; + }; + }; + + # Generate YAML config + yamlFormat = pkgs.formats.yaml {}; + configYamlBase = yamlFormat.generate "netbird-config-base.yaml" netbirdConfig; + + # Script to inject secrets at runtime + configGenScript = pkgs.writeShellScript "netbird-gen-config" '' + set -euo pipefail + + AUTH_SECRET=$(cat "$1") + DB_PASSWORD=$(cat "$2") + ENCRYPTION_KEY=$(cat "$3") + + ${pkgs.yq-go}/bin/yq eval " + .server.authSecret = \"$AUTH_SECRET\" | + .server.store.encryptionKey = \"$ENCRYPTION_KEY\" | + .server.store.postgres.password = \"$DB_PASSWORD\" + " ${configYamlBase} + ''; +in { + age.secrets."${serviceName}-auth-secret".file = ../../../../secrets/${serviceName}-auth-secret.age; + age.secrets."${serviceName}-db-password".file = ../../../../secrets/${serviceName}-db-password.age; + age.secrets."${serviceName}-encryption-key".file = ../../../../secrets/${serviceName}-encryption-key.age; + age.secrets."${serviceName}-dashboard-env".file = ../../../../secrets/${serviceName}-dashboard-env.age; + age.secrets."${serviceName}-server-env".file = ../../../../secrets/${serviceName}-server-env.age; + age.secrets."${serviceName}-proxy-env".file = ../../../../secrets/${serviceName}-proxy-env.age; + + # Systemd oneshot service to generate config with secrets + systemd.services."${serviceName}-config" = { + description = "Generate NetBird config with secrets"; + wantedBy = ["multi-user.target"]; + before = ["podman-${serviceName}-server.service"]; + requiredBy = ["podman-${serviceName}-server.service"]; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = pkgs.writeShellScript "netbird-write-config" '' + mkdir -p /var/lib/${serviceName} + ${configGenScript} \ + ${config.age.secrets."${serviceName}-auth-secret".path} \ + ${config.age.secrets."${serviceName}-db-password".path} \ + ${config.age.secrets."${serviceName}-encryption-key".path} \ + > /var/lib/${serviceName}/config.yaml + chmod 600 /var/lib/${serviceName}/config.yaml + ''; + }; + }; + + virtualisation.oci-containers.containers = { + "${serviceName}-dashboard" = { + image = "netbirdio/dashboard:latest"; + autoStart = true; + ports = ["127.0.0.1:${toString servicePort}:80"]; + environmentFiles = [config.age.secrets."${serviceName}-dashboard-env".path]; + extraOptions = [ + "--ip=${dashboardIp}" + "--network=web" + ]; + }; + + "${serviceName}-server" = { + image = "netbirdio/netbird-server:latest"; + autoStart = true; + ports = ["3478:3478/udp"]; + environmentFiles = [config.age.secrets."${serviceName}-server-env".path]; + volumes = [ + "${serviceName}_data:/var/lib/netbird" + "/var/lib/${serviceName}/config.yaml:/etc/netbird/config.yaml:ro" + ]; + cmd = ["--config" "/etc/netbird/config.yaml"]; + extraOptions = [ + "--ip=${serverIp}" + "--network=web" + ]; + }; + + "${serviceName}-proxy" = { + image = "netbirdio/reverse-proxy:latest"; + autoStart = true; + ports = ["51820:51820/udp"]; + volumes = [ + "${serviceName}_proxy_certs:/certs" + ]; + environmentFiles = [config.age.secrets."${serviceName}-proxy-env".path]; + cmd = [ + "--domain=${proxyDomain}" + "--mgmt=https://${domain}:443" + "--addr=:8443" + "--cert-dir=/certs" + "--acme-certs" + "--trusted-proxies=${gatewayIp}/32" + ]; + dependsOn = ["${serviceName}-server"]; + extraOptions = [ + "--ip=${proxyIp}" + "--network=web" + ]; + }; + }; + + services.traefik.dynamicConfigOptions = { + # HTTP services and routers + http = { + services = { + "${serviceName}-dashboard".loadBalancer.servers = [ + {url = "http://localhost:${toString servicePort}/";} + ]; + + "${serviceName}-server".loadBalancer.servers = [ + {url = "http://${serverIp}:80/";} + ]; + + "${serviceName}-server-h2c".loadBalancer.servers = [ + {url = "h2c://${serverIp}:80";} + ]; + }; + + routers = { + # gRPC (Signal + Management) + "${serviceName}-grpc" = { + rule = "Host(`${domain}`) && (PathPrefix(`/signalexchange.SignalExchange/`) || PathPrefix(`/management.ManagementService/`) || PathPrefix(`/management.ProxyService/`))"; + entrypoints = "websecure"; + tls.certResolver = "ionos"; + service = "${serviceName}-server-h2c"; + priority = 100; + }; + # Backend (relay, WebSocket, API, OAuth2) + "${serviceName}-backend" = { + rule = "Host(`${domain}`) && (PathPrefix(`/relay`) || PathPrefix(`/ws-proxy/`) || PathPrefix(`/api`) || PathPrefix(`/oauth2`))"; + entrypoints = "websecure"; + tls.certResolver = "ionos"; + service = "${serviceName}-server"; + priority = 100; + }; + + # Dashboard (catch-all, lowest priority) + "${serviceName}-dashboard" = { + rule = "Host(`${domain}`)"; + entrypoints = "websecure"; + tls.certResolver = "ionos"; + service = "${serviceName}-dashboard"; + priority = 1; + }; + }; + }; + + # TCP for proxy TLS passthrough + tcp = { + services."${serviceName}-proxy-tls".loadBalancer.servers = [ + {address = "${proxyIp}:8443";} + ]; + + routers."${serviceName}-proxy-passthrough" = { + entryPoints = ["websecure"]; + rule = "HostSNI(`*`)"; + service = "${serviceName}-proxy-tls"; + priority = 1; + tls.passthrough = true; + }; + }; + + # ServersTransport for proxy protocol v2 (optional) + serversTransports."pp-v2" = { + proxyProtocol.version = 2; + }; + }; + + networking.firewall.allowedUDPPorts = [ + 3478 # STUN + 51820 # WireGuard for proxy + ]; +} diff --git a/hosts/AZ-CLD-1/services/containers/portainer.nix b/hosts/AZ-CLD-1/services/containers/portainer.nix new file mode 100644 index 0000000..8657412 --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/portainer.nix @@ -0,0 +1,32 @@ +{config, ...}: let + serviceName = "portainer"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers.${serviceName} = { + image = "docker.io/portainer/portainer-ce:latest"; + ports = ["127.0.0.1:${toString servicePort}:9000"]; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/run/podman/podman.sock:/var/run/docker.sock:ro" + "portainer_data:/data" + ]; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`pt.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/containers/zammad-hr.nix b/hosts/AZ-CLD-1/services/containers/zammad-hr.nix new file mode 100644 index 0000000..775a58f --- /dev/null +++ b/hosts/AZ-CLD-1/services/containers/zammad-hr.nix @@ -0,0 +1,296 @@ +{ + config, + pkgs, + ... +}: let + instanceName = "hr"; + serviceName = "zammad-${instanceName}"; + + servicePort = config.m3ta.ports.get serviceName; + elasticsearchServiceName = "${serviceName}-elasticsearch"; + elasticsearchPort = config.m3ta.ports.get elasticsearchServiceName; + + envFileProd = config.age.secrets."${serviceName}-env-prod".path; + envFileCommon = config.age.secrets."${serviceName}-env".path; + + zammadVersion = "6.5.2-22"; + zammadImage = "ghcr.io/zammad/zammad:${zammadVersion}"; + + ipBase = "10.89.0"; + ipOffset = 40; + + # Domain-Konfiguration + zammadDomain = "hr-ticket.az-gruppe.com"; + + sharedEnvironment = { + MEMCACHE_SERVERS = "zammad-memcached:11211"; + POSTGRESQL_DB = "zammad_${instanceName}"; + POSTGRESQL_HOST = "10.89.0.1"; + POSTGRESQL_USER = "zammad_${instanceName}"; + POSTGRESQL_PORT = "5432"; + POSTGRESQL_OPTIONS = "?pool=50"; + REDIS_URL = "redis://zammad-redis:6379"; + TZ = "Europe/Berlin"; + BACKUP_DIR = "/var/tmp/zammad"; + BACKUP_TIME = "03:00"; + HOLD_DAYS = "10"; + ELASTICSEARCH_ENABLED = "true"; + ELASTICSEARCH_HOST = "zammad-elasticsearch"; + ELASTICSEARCH_PORT = "9200"; + ELASTICSEARCH_NAMESPACE = "zammad_${instanceName}"; + NGINX_PORT = "8080"; + + # CSRF & Reverse Proxy Settings + NGINX_SERVER_SCHEME = "https"; + NGINX_SERVER_NAME = zammadDomain; + ZAMMAD_HTTP_TYPE = "https"; + ZAMMAD_FQDN = zammadDomain; + RAILS_TRUSTED_PROXIES = "['127.0.0.1', '::1', '10.89.0.0/24']"; + }; +in { + virtualisation.oci-containers = { + containers."${serviceName}-elasticsearch" = { + image = "elasticsearch:8.19.6"; + autoStart = true; + volumes = ["${serviceName}_elasticsearch:/usr/share/elasticsearch/data"]; + environment = { + "discovery.type" = "single-node"; + "xpack.security.enabled" = "false"; + ES_JAVA_OPTS = "-Xms1g -Xmx1g"; + }; + extraOptions = [ + "--ip=${ipBase}.${toString ipOffset}" + "--network=web" + "--network-alias=zammad-elasticsearch" + ]; + ports = ["127.0.0.1:${toString elasticsearchPort}:9200"]; + }; + + containers."${serviceName}-memcached" = { + image = "memcached:1.6.39-alpine"; + autoStart = true; + cmd = ["memcached" "-m" "256M"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 1)}" + "--network=web" + "--network-alias=zammad-memcached" + ]; + }; + + containers."${serviceName}-redis" = { + image = "redis:7.4.6-alpine"; + autoStart = true; + volumes = ["${serviceName}_redis:/data"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 2)}" + "--network=web" + "--network-alias=zammad-redis" + ]; + }; + + containers."${serviceName}-railsserver" = { + image = zammadImage; + autoStart = true; + cmd = ["zammad-railsserver"]; + environment = sharedEnvironment; + environmentFiles = [envFileCommon envFileProd]; + volumes = ["${serviceName}_storage:/opt/zammad/storage"]; + dependsOn = ["${serviceName}-memcached" "${serviceName}-redis" "${serviceName}-elasticsearch"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 4)}" + "--network=web" + "--add-host=postgres:10.89.0.1" + "--network-alias=zammad-railsserver" + ]; + }; + + containers."${serviceName}-scheduler" = { + image = zammadImage; + autoStart = true; + cmd = ["zammad-scheduler"]; + environment = sharedEnvironment; + environmentFiles = [envFileCommon envFileProd]; + volumes = ["${serviceName}_storage:/opt/zammad/storage"]; + dependsOn = ["${serviceName}-memcached" "${serviceName}-redis"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 5)}" + "--network=web" + "--add-host=postgres:10.89.0.1" + ]; + }; + + containers."${serviceName}-websocket" = { + image = zammadImage; + autoStart = true; + cmd = ["zammad-websocket"]; + environment = sharedEnvironment; + environmentFiles = [envFileCommon envFileProd]; + volumes = ["${serviceName}_storage:/opt/zammad/storage"]; + dependsOn = ["${serviceName}-memcached" "${serviceName}-redis"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 6)}" + "--network=web" + "--add-host=postgres:10.89.0.1" + "--network-alias=zammad-websocket" + ]; + }; + + containers."${serviceName}-nginx" = { + image = zammadImage; + autoStart = true; + cmd = ["zammad-nginx"]; + environment = sharedEnvironment; + environmentFiles = [envFileCommon envFileProd]; + volumes = ["${serviceName}_storage:/opt/zammad/storage"]; + dependsOn = ["${serviceName}-railsserver"]; + ports = ["127.0.0.1:${toString servicePort}:8080"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 7)}" + "--network=web" + "--add-host=postgres:10.89.0.1" + ]; + }; + + containers."${serviceName}-backup" = { + image = zammadImage; + autoStart = true; + cmd = ["zammad-backup"]; + environment = sharedEnvironment; + environmentFiles = [envFileCommon envFileProd]; + volumes = [ + "${serviceName}_storage:/opt/zammad/storage:ro" + "/var/backup/${serviceName}:/var/tmp/zammad:rw" + ]; + dependsOn = ["${serviceName}-memcached" "${serviceName}-redis"]; + extraOptions = [ + "--ip=${ipBase}.${toString (ipOffset + 8)}" + "--network=web" + "--add-host=postgres:10.89.0.1" + "--user=0:0" + ]; + }; + }; + + # Init als oneshot systemd-Service + systemd.services."${serviceName}-init" = { + description = "Zammad ${instanceName} Database Initialization"; + after = [ + "podman-${serviceName}-memcached.service" + "podman-${serviceName}-redis.service" + "podman-${serviceName}-elasticsearch.service" + ]; + requires = [ + "podman-${serviceName}-memcached.service" + "podman-${serviceName}-redis.service" + ]; + wantedBy = []; + + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + User = "root"; + Group = "root"; + }; + + script = '' + set -euo pipefail + + echo "Starting Zammad ${instanceName} database initialization..." + + ${pkgs.podman}/bin/podman run --rm \ + --name ${serviceName}-init-oneshot \ + --network web \ + --ip ${ipBase}.${toString (ipOffset + 3)} \ + --add-host=postgres:10.89.0.1 \ + --user 0:0 \ + --env-file ${envFileCommon} \ + --env-file ${envFileProd} \ + --env MEMCACHE_SERVERS=zammad-memcached:11211 \ + --env POSTGRESQL_DB=zammad_${instanceName} \ + --env POSTGRESQL_HOST=10.89.0.1 \ + --env POSTGRESQL_USER=zammad_${instanceName} \ + --env POSTGRESQL_PORT=5432 \ + --env POSTGRESQL_OPTIONS='?pool=50' \ + --env REDIS_URL=redis://zammad-redis:6379 \ + --env TZ=Europe/Berlin \ + --env ELASTICSEARCH_ENABLED=true \ + --env ELASTICSEARCH_HOST=zammad-elasticsearch \ + --env ELASTICSEARCH_PORT=9200 \ + --env ELASTICSEARCH_NAMESPACE=zammad_${instanceName} \ + --env NGINX_SERVER_SCHEME=https \ + --env NGINX_SERVER_NAME=${zammadDomain} \ + --env ZAMMAD_HTTP_TYPE=https \ + --env ZAMMAD_FQDN=${zammadDomain} \ + -v ${serviceName}_storage:/opt/zammad/storage \ + ${zammadImage} \ + zammad-init + + echo "Zammad ${instanceName} initialization completed successfully" + ''; + }; + + # Backup retention service + systemd.services."${serviceName}-backup-cleanup" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; + }; + script = '' + set -euo pipefail + + BACKUP_DIR="/var/backup/${serviceName}" + HOLD_DAYS=10 + + echo "Starting ${serviceName} backup cleanup at $(date)" + + mkdir -p "$BACKUP_DIR" + chown root:root "$BACKUP_DIR" + chmod 750 "$BACKUP_DIR" + + ${pkgs.findutils}/bin/find "$BACKUP_DIR" -type f -name "*.gz" -mtime +$HOLD_DAYS -delete + + echo "Current backups:" + ls -lah "$BACKUP_DIR" || echo "No backups found" + + echo "${serviceName} backup cleanup completed at $(date)" + ''; + }; + + systemd.timers."${serviceName}-backup-cleanup" = { + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "*-*-* 04:00:00"; + RandomizedDelaySec = "30m"; + Persistent = true; + }; + }; + + # Traefik configuration with proper headers + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + middlewares."${serviceName}-headers".headers = { + customRequestHeaders = { + X-Forwarded-Proto = "https"; + X-Forwarded-Port = "443"; + X-Forwarded-Host = zammadDomain; + X-Real-IP = ""; + }; + }; + + routers.${serviceName} = { + rule = "Host(`${zammadDomain}`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + middlewares = ["${serviceName}-headers"]; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/default.nix b/hosts/AZ-CLD-1/services/default.nix new file mode 100644 index 0000000..1e341d4 --- /dev/null +++ b/hosts/AZ-CLD-1/services/default.nix @@ -0,0 +1,18 @@ +{ + imports = [ + ./containers + + ./gitea.nix + ./gotenberg.nix + ./metabase.nix + ./n8n.nix + ./netbird.nix + ./ntfy.nix + ./outline.nix + ./postgres.nix + ./traefik.nix + ./vaultwarden.nix + ./zugferd.nix + # ./zammad.nix + ]; +} diff --git a/hosts/AZ-CLD-1/services/gitea.nix b/hosts/AZ-CLD-1/services/gitea.nix new file mode 100644 index 0000000..16b1dee --- /dev/null +++ b/hosts/AZ-CLD-1/services/gitea.nix @@ -0,0 +1,41 @@ +{config, ...}: let + serviceName = "gitea"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + settings = { + server = { + ROOT_URL = "https://git.az-gruppe.com"; + HTTP_PORT = servicePort; + }; + mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; + service.DISABLE_REGISTRATION = true; + }; + lfs.enable = true; + dump = { + enable = true; + type = "tar.gz"; + interval = "03:30:00"; + backupDir = "/var/backup/gitea"; + }; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`git.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/gotenberg.nix b/hosts/AZ-CLD-1/services/gotenberg.nix new file mode 100644 index 0000000..a8bc1ec --- /dev/null +++ b/hosts/AZ-CLD-1/services/gotenberg.nix @@ -0,0 +1,10 @@ +{config, ...}: let + serviceName = "gotenberg"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.gotenberg = { + enable = true; + port = servicePort; + bindIP = "127.0.0.1"; + }; +} diff --git a/hosts/AZ-CLD-1/services/metabase.nix b/hosts/AZ-CLD-1/services/metabase.nix new file mode 100644 index 0000000..94c7853 --- /dev/null +++ b/hosts/AZ-CLD-1/services/metabase.nix @@ -0,0 +1,31 @@ +{config, ...}: let + serviceName = "metabase"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + listen.port = servicePort; + }; + + systemd.services.${serviceName}.serviceConfig = { + EnvironmentFile = config.age.secrets.metabase-env.path; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`kpi.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/n8n.nix b/hosts/AZ-CLD-1/services/n8n.nix new file mode 100644 index 0000000..1d083df --- /dev/null +++ b/hosts/AZ-CLD-1/services/n8n.nix @@ -0,0 +1,31 @@ +{config, ...}: let + serviceName = "n8n"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + environment.WEBHOOK_URL = "https://wf.az-gruppe.com"; + }; + + systemd.services.${serviceName}.serviceConfig = { + EnvironmentFile = config.age.secrets.n8n-env.path; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`wf.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/netbird.nix b/hosts/AZ-CLD-1/services/netbird.nix new file mode 100644 index 0000000..84ae8ed --- /dev/null +++ b/hosts/AZ-CLD-1/services/netbird.nix @@ -0,0 +1,31 @@ +{pkgs, ...}: { + services.netbird = { + enable = true; + package = pkgs.unstable.netbird; + }; + + systemd.services.netbird = { + environment = { + NB_DISABLE_SSH_CONFIG = "true"; + }; + path = [ + pkgs.shadow + pkgs.util-linux + ]; + }; + + programs.ssh.extraConfig = '' + Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p" + PreferredAuthentications password,publickey,keyboard-interactive + PasswordAuthentication yes + PubkeyAuthentication yes + BatchMode no + ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + CheckHostIP no + LogLevel ERROR + ''; + + networking.firewall.checkReversePath = "loose"; +} diff --git a/hosts/AZ-CLD-1/services/ntfy.nix b/hosts/AZ-CLD-1/services/ntfy.nix new file mode 100644 index 0000000..f23ece5 --- /dev/null +++ b/hosts/AZ-CLD-1/services/ntfy.nix @@ -0,0 +1,32 @@ +{config, ...}: let + serviceName = "ntfy-sh"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + settings = { + base-url = "https://ping.az-gruppe.com"; + listen-http = ":${toString servicePort}"; + auth-file = "/var/lib/ntfy-sh/user.db"; + auth-default-access = "deny-all"; + }; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`ping.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/outline.nix b/hosts/AZ-CLD-1/services/outline.nix new file mode 100644 index 0000000..b78cfc7 --- /dev/null +++ b/hosts/AZ-CLD-1/services/outline.nix @@ -0,0 +1,41 @@ +{config, ...}: let + serviceName = "outline"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + port = servicePort; + publicUrl = "https://wiki.az-gruppe.com"; + databaseUrl = "postgresql://outline:outline@127.0.0.1:5432/outline"; + storage = { + storageType = "s3"; + region = "eu-central"; + uploadBucketUrl = "https://nbg1.your-objectstorage.com"; + uploadBucketName = "az-wiki"; + secretKeyFile = config.age.secrets.hetzner-s3-az-intern-secret-key.path; + accessKey = "CRT7V4HR5CG9NHICD2WW"; + }; + }; + + systemd.services.${serviceName}.serviceConfig = { + EnvironmentFile = config.age.secrets.outline-env.path; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`wiki.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/postgres.nix b/hosts/AZ-CLD-1/services/postgres.nix new file mode 100644 index 0000000..096adbc --- /dev/null +++ b/hosts/AZ-CLD-1/services/postgres.nix @@ -0,0 +1,182 @@ +{ + config, + pkgs, + ... +}: let + serviceName = "pgadmin"; + pgadminPort = config.m3ta.ports.get serviceName; +in { + services.postgresql = { + enable = true; + enableTCPIP = true; + package = pkgs.postgresql_17; + settings = { + ssl = true; + max_connections = 200; + shared_buffers = "4GB"; + superuser_reserved_connections = 5; + + idle_in_transaction_session_timeout = "10min"; + idle_session_timeout = "2h"; + + tcp_keepalives_idle = 60; + tcp_keepalives_interval = 10; + tcp_keepalives_count = 6; + + deadlock_timeout = "1s"; + + authentication_timeout = "30s"; + + log_connections = true; + log_disconnections = true; + log_lock_waits = true; + }; + extensions = with pkgs.postgresql17Packages; [ + pgvector + ]; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow'; + CREATE DATABASE baserow; + ALTER DATABASE baserow OWNER to baserow; + ALTER DATABASE baserow CONNECTION LIMIT 60; + + CREATE USER kestra WITH ENCRYPTED PASSWORD 'kestra'; + CREATE DATABASE kestra; + ALTER DATABASE kestra OWNER to kestra; + ALTER DATABASE kestra CONNECTION LIMIT 10; + + CREATE USER librechat_rag WITH ENCRYPTED PASSWORD 'librechat_rag'; + CREATE DATABASE librechat_rag; + ALTER DATABASE librechat_rag OWNER to librechat_rag; + ALTER DATABASE librechat_rag CONNECTION LIMIT 20; + + CREATE USER librechat_rag_dev WITH ENCRYPTED PASSWORD 'librechat_rag_dev'; + CREATE DATABASE librechat_rag_dev; + ALTER DATABASE librechat_rag_dev OWNER to librechat_rag_dev; + ALTER DATABASE librechat_rag_dev CONNECTION LIMIT 10; + + CREATE USER metabase WITH ENCRYPTED PASSWORD 'metabase'; + CREATE DATABASE metabase; + ALTER DATABASE metabase OWNER to metabase; + ALTER DATABASE metabase CONNECTION LIMIT 15; + + CREATE USER n8n WITH ENCRYPTED PASSWORD 'n8n'; + CREATE DATABASE n8n; + ALTER DATABASE n8n OWNER to n8n; + ALTER DATABASE n8n CONNECTION LIMIT 5; + + CREATE USER outline WITH ENCRYPTED PASSWORD 'outline'; + CREATE DATABASE outline; + ALTER DATABASE outline OWNER to outline; + ALTER DATABASE outline CONNECTION LIMIT 5; + + CREATE USER vaultwarden WITH ENCRYPTED PASSWORD 'vaultwarden'; + CREATE DATABASE vaultwarden; + ALTER DATABASE vaultwarden OWNER to vaultwarden; + ALTER DATABASE vaultwarden CONNECTION LIMIT 20; + + CREATE USER zammad-hr WITH ENCRYPTED PASSWORD 'zammad-hr'; + CREATE DATABASE zammad-hr; + ALTER DATABASE zammad-hr OWNER to zammad-hr; + ALTER DATABASE zammad-hr CONNECTION LIMIT 50; + + -- Group roles (NOLOGIN, for permission management) + CREATE ROLE admin NOLOGIN; + CREATE ROLE dba NOLOGIN; + + -- Personal login roles + CREATE USER sascha_koenig WITH ENCRYPTED PASSWORD 'sascha_koenig'; + GRANT admin TO sascha_koenig; + + CREATE USER jannik_mueller WITH ENCRYPTED PASSWORD 'jannik_mueller'; + GRANT admin TO jannik_mueller; + ''; + authentication = pkgs.lib.mkOverride 10 '' + # Local connections (Unix socket) + local all postgres peer + local all sascha_koenig scram-sha-256 + local all jannik_mueller scram-sha-256 + local az_test az_test scram-sha-256 + local metabase,az_kpi_raw metabase scram-sha-256 + local n8n n8n scram-sha-256 + local outline outline scram-sha-256 + local vaultwarden vaultwarden scram-sha-256 + local zammad zammad scram-sha-256 + + # Localhost connections (IPv4 and IPv6) + host all postgres 127.0.0.1/32 scram-sha-256 + host all postgres ::1/128 scram-sha-256 + + host all sascha_koenig 127.0.0.1/32 scram-sha-256 + host all sascha_koenig ::1/128 scram-sha-256 + + host all jannik_mueller 127.0.0.1/32 scram-sha-256 + host all jannik_mueller ::1/128 scram-sha-256 + + host az_test az_test 127.0.0.1/32 scram-sha-256 + host az_test az_test ::1/128 scram-sha-256 + + host outline outline 127.0.0.1/32 scram-sha-256 + host outline outline ::1/128 scram-sha-256 + + host metabase,az_kpi_raw metabase 127.0.0.1/32 scram-sha-256 + host metabase,az_kpi_raw metabase ::1/128 scram-sha-256 + + host n8n n8n 127.0.0.1/32 scram-sha-256 + host n8n n8n ::1/128 scram-sha-256 + + host vaultwarden vaultwarden 127.0.0.1/32 scram-sha-256 + host vaultwarden vaultwarden ::1/128 scram-sha-256 + + host zammad zammad 127.0.0.1/32 scram-sha-256 + host zammad zammad ::1/128 scram-sha-256 + + # Podman network connections for Baserow + host baserow baserow 10.89.0.0/24 scram-sha-256 + host kestra kestra 10.89.0.0/24 scram-sha-256 + host librechat_rag librechat_rag 10.89.0.0/24 scram-sha-256 + host librechat_rag_dev librechat_rag_dev 10.89.1.0/24 scram-sha-256 + host zammad_hr zammad_hr 10.89.0.0/24 scram-sha-256 + host postgres zammad_hr 10.89.0.0/24 scram-sha-256 + host litellm litellm 10.89.0.0/24 scram-sha-256 + host netbird netbird 10.89.0.0/24 scram-sha-256 + + # Netbird network connections + host az_kpi_raw kestra_prm 100.91.49.26/32 scram-sha-256 + + # Deny all other connections + local all all reject + host all all 0.0.0.0/0 reject + host all all ::/0 reject + ''; + }; + services.postgresqlBackup = { + enable = true; + startAt = "03:10:00"; + databases = ["az_kpi_raw" "baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"]; + }; + services.pgadmin = { + enable = true; + initialPasswordFile = "${config.age.secrets.pgadmin-pw.path}"; + initialEmail = "sascha.koenig@azintec.com"; + }; + + # Traefik configuration specific to pgadmin + services.traefik.dynamicConfigOptions.http = { + services.pgadmin.loadBalancer.servers = [{url = "http://localhost:${toString pgadminPort}/";}]; + routers.pgadmin = { + rule = "Host(`pg.az-gruppe.com`)"; + tls.certResolver = "ionos"; + service = "pgadmin"; + entrypoints = "websecure"; + }; + }; + networking.firewall = { + extraCommands = '' + iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT + iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT + iptables -A INPUT -p tcp -s 10.89.1.0/24 --dport 5432 -j ACCEPT + iptables -A INPUT -p tcp -s 100.91.49.26/32 --dport 5432 -j ACCEPT + ''; + }; +} diff --git a/hosts/AZ-CLD-1/services/traefik.nix b/hosts/AZ-CLD-1/services/traefik.nix new file mode 100644 index 0000000..dee15c2 --- /dev/null +++ b/hosts/AZ-CLD-1/services/traefik.nix @@ -0,0 +1,77 @@ +{config, ...}: let + httpPort = config.m3ta.ports.get "traefik"; + httpsPort = config.m3ta.ports.get "traefik-ssl"; +in { + services.traefik = { + enable = true; + staticConfigOptions = { + log = {level = "WARN";}; + certificatesResolvers = { + ionos = { + acme = { + email = "sascha.koenig@azintec.com"; + storage = "/var/lib/traefik/acme.json"; + caserver = "https://acme-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "ionos"; + resolvers = ["1.1.1.1:53" "8.8.8.8:53"]; + propagation = { + delayBeforeChecks = 60; + disableChecks = true; + }; + }; + }; + }; + }; + api = {}; + entryPoints = { + web = { + address = ":${toString httpPort}"; + http.redirections.entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = { + address = ":${toString httpsPort}"; + }; + }; + }; + dynamicConfigOptions = { + http = { + services = { + dummy = { + loadBalancer.servers = [ + {url = "http://192.168.0.1";} # Diese URL wird nie verwendet + ]; + }; + }; + middlewares = { + auth = { + basicAuth = { + users = ["sascha.koenig:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."]; + }; + }; + }; + + routers = { + api = { + rule = "Host(`r.az-gruppe.com`)"; + service = "api@internal"; + middlewares = ["auth"]; + entrypoints = ["websecure"]; + tls = { + certResolver = "ionos"; + }; + }; + }; + }; + }; + }; + + systemd.services.traefik.serviceConfig = { + EnvironmentFile = ["${config.age.secrets.traefik-env.path}"]; + }; + + networking.firewall.allowedTCPPorts = [httpPort httpsPort]; +} diff --git a/hosts/AZ-CLD-1/services/vaultwarden.nix b/hosts/AZ-CLD-1/services/vaultwarden.nix new file mode 100644 index 0000000..c158084 --- /dev/null +++ b/hosts/AZ-CLD-1/services/vaultwarden.nix @@ -0,0 +1,32 @@ +{config, ...}: let + serviceName = "vaultwarden"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + dbBackend = "postgresql"; + config = { + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = servicePort; + }; + environmentFile = config.age.secrets.vaultwarden-env.path; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`pw.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/zammad.nix b/hosts/AZ-CLD-1/services/zammad.nix new file mode 100644 index 0000000..61513f4 --- /dev/null +++ b/hosts/AZ-CLD-1/services/zammad.nix @@ -0,0 +1,35 @@ +{config, ...}: let + serviceName = "zammad"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + openPorts = false; + port = servicePort; + secretKeyBaseFile = config.age.secrets.zammad-secret.path; + database = { + createLocally = false; + port = 5432; + host = "127.0.0.1"; + passwordFile = config.age.secrets.zammad-pw.path; + }; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`help.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-CLD-1/services/zugferd.nix b/hosts/AZ-CLD-1/services/zugferd.nix new file mode 100644 index 0000000..ff42a86 --- /dev/null +++ b/hosts/AZ-CLD-1/services/zugferd.nix @@ -0,0 +1,10 @@ +{config, ...}: let + serviceName = "zugferd-service"; + zugferdPort = config.m3ta.ports.get serviceName; +in { + services.${serviceName} = { + enable = true; + port = zugferdPort; + host = "127.0.0.1"; + }; +} diff --git a/hosts/AZ-PRM-1/configuration.nix b/hosts/AZ-PRM-1/configuration.nix new file mode 100644 index 0000000..3a4c9ed --- /dev/null +++ b/hosts/AZ-PRM-1/configuration.nix @@ -0,0 +1,41 @@ +{pkgs, ...}: { + imports = [ + ./hardware-configuration.nix + ./disko-config.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "AZ-PRM-1"; + networking.networkmanager.enable = true; + + time.timeZone = "Europe/Berlin"; + + i18n.defaultLocale = "de_DE.UTF-8"; + + environment.systemPackages = with pkgs; [ + neovim + git + python3 + python3Packages.pysmb + ]; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + services.openssh = { + enable = true; + ports = [2022]; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + networking.firewall.allowedTCPPorts = [587]; + + system.stateVersion = "25.05"; +} diff --git a/hosts/AZ-PRM-1/default.nix b/hosts/AZ-PRM-1/default.nix new file mode 100644 index 0000000..c413841 --- /dev/null +++ b/hosts/AZ-PRM-1/default.nix @@ -0,0 +1,11 @@ +{ + imports = [ + ../common + ./configuration.nix + ./secrets.nix + ./services + ]; + extraServices = { + podman.enable = true; + }; +} diff --git a/hosts/AZ-PRM-1/disko-config.nix b/hosts/AZ-PRM-1/disko-config.nix new file mode 100644 index 0000000..cf1ae0d --- /dev/null +++ b/hosts/AZ-PRM-1/disko-config.nix @@ -0,0 +1,34 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["defaults" "umask=0077"]; + }; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["noatime" "nodiratime" "discard"]; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/AZ-PRM-1/hardware-configuration.nix b/hosts/AZ-PRM-1/hardware-configuration.nix new file mode 100644 index 0000000..fbaa087 --- /dev/null +++ b/hosts/AZ-PRM-1/hardware-configuration.nix @@ -0,0 +1,17 @@ +{ + config, + lib, + pkgs, + ... +}: { + virtualisation.hypervGuest.enable = true; + + boot.initrd.availableKernelModules = ["sd_mod" "sr_mod" "hv_storvsc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + + networking.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/AZ-PRM-1/secrets.nix b/hosts/AZ-PRM-1/secrets.nix new file mode 100644 index 0000000..7247a57 --- /dev/null +++ b/hosts/AZ-PRM-1/secrets.nix @@ -0,0 +1,37 @@ +{ + age = { + secrets = { + azion-env = { + file = ../../secrets/azion-env.age; + }; + traefik-env = { + file = ../../secrets/traefik-env.age; + }; + kestra-config = { + file = ../../secrets/kestra-config.age; + mode = "644"; + }; + kestra-env = {file = ../../secrets/kestra-env.age;}; + kestra-secrets = {file = ../../secrets/kestra-secrets.age;}; + n8n-env = { + file = ../../secrets/n8n-env-prm.age; + }; + pgadmin-pw = { + file = ../../secrets/pgadmin-pw.age; + owner = "pgadmin"; + }; + pg-cert = { + file = ../../secrets/server.crt.age; + owner = "postgres"; + group = "postgres"; + mode = "0644"; + }; + pg-key = { + file = ../../secrets/server.key.age; + owner = "postgres"; + group = "postgres"; + mode = "0600"; + }; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/azion-scheduler.nix b/hosts/AZ-PRM-1/services/azion-scheduler.nix new file mode 100644 index 0000000..0286b2b --- /dev/null +++ b/hosts/AZ-PRM-1/services/azion-scheduler.nix @@ -0,0 +1,36 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: let + serviceName = "azion-scheduler"; + proxyServiceName = "${serviceName}-proxy"; + servicePort = config.m3ta.ports.get serviceName; + schedulerProxyPort = config.m3ta.ports.get proxyServiceName; +in { + services.azion-scheduler = { + enable = true; + package = inputs.azion-scheduler.packages.${pkgs.stdenv.hostPlatform.system}.default; + port = servicePort; + proxyPort = schedulerProxyPort; + environmentFile = config.age.secrets.azion-env.path; + }; + + # Traefik configuration + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + {url = "http://localhost:${toString servicePort}/";} + ]; + + routers.${serviceName} = { + rule = "Host(`azion.l.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/bpi.nix b/hosts/AZ-PRM-1/services/bpi.nix new file mode 100644 index 0000000..23a7281 --- /dev/null +++ b/hosts/AZ-PRM-1/services/bpi.nix @@ -0,0 +1,80 @@ +{ + config, + lib, + pkgs, + ... +}: let + serviceName = "bpi"; + servicePort = config.m3ta.ports.get serviceName; + appDir = "/var/lib/bpi/app"; +in { + users.users.bpi = { + isSystemUser = true; + group = "bpi"; + home = "/var/lib/bpi"; + createHome = true; + }; + users.groups.bpi = {}; + + systemd.services.bpi = { + description = "AZ INTEC Basispreis Index"; + after = ["network-online.target"]; + wants = ["network-online.target"]; + wantedBy = ["multi-user.target"]; + + path = with pkgs; [ + git + nodejs + openssh + ]; + + environment = { + PORT = toString servicePort; + HOME = "/var/lib/bpi"; + BPI_BACKUP_DIR = "/var/lib/bpi/backups"; + BPI_MAX_BACKUPS = "10"; + }; + + preStart = '' + set -euo pipefail + + if [ ! -d "${appDir}/.git" ]; then + rm -rf "${appDir}" + git clone --depth=1 https://git.az-gruppe.com/AZ-Intec-GmbH/BPI.git "${appDir}" + else + git -C "${appDir}" pull --ff-only + fi + + if [ ! -f "${appDir}/server.js" ]; then + echo "${appDir}/server.js fehlt. Bitte server.js in das BPI Repository committen." + exit 1 + fi + ''; + + serviceConfig = { + Type = "simple"; + User = "bpi"; + Group = "bpi"; + StateDirectory = "bpi"; + WorkingDirectory = "/var/lib/bpi"; + ExecStart = "${pkgs.nodejs}/bin/node ${appDir}/server.js"; + Restart = "on-failure"; + RestartSec = "10s"; + }; + }; + + services.traefik.dynamicConfigOptions.http = { + services.bpi.loadBalancer.servers = [ + {url = "http://localhost:${toString servicePort}/";} + ]; + + routers.bpi = { + rule = "Host(`bpi.l.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = "bpi"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/containers/default.nix b/hosts/AZ-PRM-1/services/containers/default.nix new file mode 100644 index 0000000..84c48dd --- /dev/null +++ b/hosts/AZ-PRM-1/services/containers/default.nix @@ -0,0 +1,15 @@ +{lib, ...}: { + imports = [ + #./baserow.nix + ./kestra.nix + ./stirling-pdf.nix + ]; + system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' + if ! /run/current-system/sw/bin/podman network exists web; then + /run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal + fi + if ! /run/current-system/sw/bin/podman network exists web-dev; then + /run/current-system/sw/bin/podman network create web-dev --subnet=10.89.1.0/24 --internal + fi + ''; +} diff --git a/hosts/AZ-PRM-1/services/containers/kestra.nix b/hosts/AZ-PRM-1/services/containers/kestra.nix new file mode 100644 index 0000000..50e52fd --- /dev/null +++ b/hosts/AZ-PRM-1/services/containers/kestra.nix @@ -0,0 +1,38 @@ +{config, ...}: let + serviceName = "kestra"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers."${serviceName}" = { + image = "docker.io/kestra/kestra:latest"; + environmentFiles = [ + config.age.secrets.kestra-env.path + config.age.secrets.kestra-secrets.path + ]; + cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"]; + ports = ["127.0.0.1:${toString servicePort}:8080"]; + user = "root"; + volumes = [ + "/var/run/podman/podman.sock:/var/run/docker.sock" + "${config.age.secrets.kestra-config.path}:/etc/config/application.yaml" + "kestra_data:/app/storage" + "/tmp/kestra-wd:/tmp/kestra-wd" + ]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web"]; + }; + + systemd.tmpfiles.rules = [ + "d /tmp/kestra-wd 0750 1000 1000 - -" + ]; + + # Traefik configuration specific to kestra + services.traefik.dynamicConfigOptions.http = { + services.kestra.loadBalancer.servers = [{url = "http://localhost:${toString servicePort}/";}]; + + routers.kestra = { + rule = "Host(`k.l.az-gruppe.com`)"; + tls = {certResolver = "ionos";}; + service = "kestra"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/containers/stirling-pdf.nix b/hosts/AZ-PRM-1/services/containers/stirling-pdf.nix new file mode 100644 index 0000000..c86c001 --- /dev/null +++ b/hosts/AZ-PRM-1/services/containers/stirling-pdf.nix @@ -0,0 +1,30 @@ +{config, ...}: let + serviceName = "stirling-pdf"; + servicePort = config.m3ta.ports.get serviceName; +in { + virtualisation.oci-containers.containers."${serviceName}" = { + image = "docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest-fat"; + ports = ["127.0.0.1:${toString servicePort}:8080"]; + environment = { + SECURITY_ENABLELOGIN = "False"; + DISABLE_ADDITIONAL_FEATURES = "False"; + }; + + volumes = [ + "stirling_pdf_data:/usr/share/tessdata" + "stirling_pdf_configs:/configs" + ]; + extraOptions = ["--ip=10.89.0.13" "--network=web"]; + }; + + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [{url = "http://localhost:${toString servicePort}/";}]; + + routers.${serviceName} = { + rule = "Host(`pdf.l.az-gruppe.com`)"; + tls = {certResolver = "ionos";}; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/default.nix b/hosts/AZ-PRM-1/services/default.nix new file mode 100644 index 0000000..437c613 --- /dev/null +++ b/hosts/AZ-PRM-1/services/default.nix @@ -0,0 +1,14 @@ +{ + imports = [ + ./containers + ./azion-scheduler.nix + ./bpi.nix + ./n8n.nix + ./netbird.nix + ./pgadmin.nix + ./postgres.nix + ./printing.nix + ./traefik.nix + ./traefik-routing.nix + ]; +} diff --git a/hosts/AZ-PRM-1/services/n8n.nix b/hosts/AZ-PRM-1/services/n8n.nix new file mode 100644 index 0000000..a06e284 --- /dev/null +++ b/hosts/AZ-PRM-1/services/n8n.nix @@ -0,0 +1,32 @@ +{config, ...}: let + serviceName = "n8n"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.n8n = { + enable = true; + environment = { + WEBHOOK_URL = "https://wf.l.az-gruppe.com"; + NODES_EXCLUDE = "[]"; + }; + }; + systemd.services.n8n.serviceConfig = { + EnvironmentFile = ["${config.age.secrets.n8n-env.path}"]; + }; + # Traefik configuration specific to n8n + services.traefik.dynamicConfigOptions.http = { + services.${serviceName}.loadBalancer.servers = [ + { + url = "http://localhost:${toString servicePort}/"; + } + ]; + + routers.${serviceName} = { + rule = "Host(`wf.l.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = serviceName; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/netbird.nix b/hosts/AZ-PRM-1/services/netbird.nix new file mode 100644 index 0000000..84ae8ed --- /dev/null +++ b/hosts/AZ-PRM-1/services/netbird.nix @@ -0,0 +1,31 @@ +{pkgs, ...}: { + services.netbird = { + enable = true; + package = pkgs.unstable.netbird; + }; + + systemd.services.netbird = { + environment = { + NB_DISABLE_SSH_CONFIG = "true"; + }; + path = [ + pkgs.shadow + pkgs.util-linux + ]; + }; + + programs.ssh.extraConfig = '' + Match exec "${pkgs.netbird}/bin/netbird ssh detect %h %p" + PreferredAuthentications password,publickey,keyboard-interactive + PasswordAuthentication yes + PubkeyAuthentication yes + BatchMode no + ProxyCommand ${pkgs.netbird}/bin/netbird ssh proxy %h %p + StrictHostKeyChecking no + UserKnownHostsFile /dev/null + CheckHostIP no + LogLevel ERROR + ''; + + networking.firewall.checkReversePath = "loose"; +} diff --git a/hosts/AZ-PRM-1/services/pgadmin.nix b/hosts/AZ-PRM-1/services/pgadmin.nix new file mode 100644 index 0000000..81763e3 --- /dev/null +++ b/hosts/AZ-PRM-1/services/pgadmin.nix @@ -0,0 +1,21 @@ +{config, ...}: let + serviceName = "pgadmin"; + servicePort = config.m3ta.ports.get serviceName; +in { + services.pgadmin = { + enable = true; + initialPasswordFile = "${config.age.secrets.pgadmin-pw.path}"; + initialEmail = "sascha.koenig@azintec.com"; + }; + + # Traefik configuration specific to pgadmin + services.traefik.dynamicConfigOptions.http = { + services.pgadmin.loadBalancer.servers = [{url = "http://localhost:${toString servicePort}/";}]; + routers.pgadmin = { + rule = "Host(`pg.l.az-gruppe.com`)"; + tls.certResolver = "ionos"; + service = "pgadmin"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/postgres.nix b/hosts/AZ-PRM-1/services/postgres.nix new file mode 100644 index 0000000..e651041 --- /dev/null +++ b/hosts/AZ-PRM-1/services/postgres.nix @@ -0,0 +1,67 @@ +{ + config, + pkgs, + ... +}: { + services.postgresql = { + enable = true; + enableTCPIP = true; + package = pkgs.postgresql_17; + settings = { + ssl = true; + ssl_cert_file = config.age.secrets.pg-cert.path; + ssl_key_file = config.age.secrets.pg-key.path; + }; + extensions = with pkgs.postgresql17Packages; [ + pgvector + ]; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow'; + CREATE DATABASE baserow; + ALTER DATABASE baserow OWNER to baserow; + + CREATE USER kestra WITH ENCRYPTED PASSWORD 'kestra'; + CREATE DATABASE kestra; + ALTER DATABASE kestra OWNER to kestra; + + CREATE USER n8n WITH ENCRYPTED PASSWORD 'n8n'; + CREATE DATABASE n8n; + ALTER DATABASE n8n OWNER to n8n; + + CREATE USER vaultwarden WITH ENCRYPTED PASSWORD 'n8n'; + CREATE DATABASE vaultwarden; + ALTER DATABASE vaultwarden OWNER to vaultwarden; + ''; + authentication = pkgs.lib.mkOverride 10 '' + # Local connections (Unix socket) + local all postgres peer + local n8n n8n scram-sha-256 + + # Localhost connections (IPv4 and IPv6) + host all postgres 127.0.0.1/32 scram-sha-256 + host all postgres ::1/128 scram-sha-256 + + host n8n n8n 127.0.0.1/32 scram-sha-256 + host n8n n8n ::1/128 scram-sha-256 + + # Podman network connections + host baserow baserow 10.89.0.0/24 scram-sha-256 + host kestra kestra 10.89.0.0/24 scram-sha-256 + + # Deny all other connections + host all all 0.0.0.0/0 reject + host all all ::/0 reject + ''; + }; + services.postgresqlBackup = { + enable = true; + startAt = "03:10:00"; + databases = ["baserow" "kestra" "n8n"]; + }; + networking.firewall = { + extraCommands = '' + iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT + iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT + ''; + }; +} diff --git a/hosts/AZ-PRM-1/services/printing.nix b/hosts/AZ-PRM-1/services/printing.nix new file mode 100644 index 0000000..5301f2d --- /dev/null +++ b/hosts/AZ-PRM-1/services/printing.nix @@ -0,0 +1,40 @@ +{pkgs, ...}: { + # CUPS Druckdienst für PDF-Druck aus n8n + # Drucker: Kyocera TASKalfa 4054ci @ 192.168.152.137 + services.printing = { + enable = true; + drivers = with pkgs; [ + cups-filters # driverless IPP Everywhere Support + ]; + }; + + # Avahi für mDNS/IPP-Druckererkennung + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; + + # Kyocera TASKalfa 4054ci deklarativ einrichten + hardware.printers = { + ensurePrinters = [ + { + name = "JW2OG"; + location = "Buero"; + description = "Kyocera TASKalfa 4054ci"; + deviceUri = "ipps://192.168.152.137:443/ipp/print"; + model = "everywhere"; + ppdOptions = { + PageSize = "A4"; + }; + } + ]; + ensureDefaultPrinter = "JW2OG"; + }; + + # n8n braucht Zugriff auf lp/lpr zum Drucken + systemd.services.n8n = { + path = [pkgs.cups]; + serviceConfig.SupplementaryGroups = ["lp"]; + }; +} diff --git a/hosts/AZ-PRM-1/services/samba.nix b/hosts/AZ-PRM-1/services/samba.nix new file mode 100644 index 0000000..d20555f --- /dev/null +++ b/hosts/AZ-PRM-1/services/samba.nix @@ -0,0 +1,7 @@ +{pkgs, ...}: { + services.samba = { + enable = true; + package = pkgs.samba4Full; + openFirewall = true; + }; +} diff --git a/hosts/AZ-PRM-1/services/traefik-routing.nix b/hosts/AZ-PRM-1/services/traefik-routing.nix new file mode 100644 index 0000000..d72eed5 --- /dev/null +++ b/hosts/AZ-PRM-1/services/traefik-routing.nix @@ -0,0 +1,31 @@ +{ + services.traefik.dynamicConfigOptions.http = { + services.ptrg.loadBalancer.servers = [{url = "http://192.168.152.102:7784/";}]; + + routers.prtg = { + rule = "Host(`m.l.az-gruppe.com`)"; + tls = {certResolver = "ionos";}; + service = "ptrg"; + entrypoints = "websecure"; + }; + + services.AZHA.loadBalancer.servers = [{url = "http://192.168.152.47:8123/";}]; + routers.AZHA = { + rule = "Host(`ha.l.az-gruppe.com`)"; + tls = {certResolver = "ionos";}; + service = "AZHA"; + entrypoints = "websecure"; + }; + services.AZDESK.loadBalancer.servers = [ + { + url = "https://azdesk.az-group.local:443/"; + } + ]; + routers.AZDESK = { + rule = "Host(`it-ticket.l.az-gruppe.com`)"; + tls = {certResolver = "ionos";}; + service = "AZDESK"; + entrypoints = "websecure"; + }; + }; +} diff --git a/hosts/AZ-PRM-1/services/traefik.nix b/hosts/AZ-PRM-1/services/traefik.nix new file mode 100644 index 0000000..8b7156c --- /dev/null +++ b/hosts/AZ-PRM-1/services/traefik.nix @@ -0,0 +1,92 @@ +{config, ...}: let + httpPort = config.m3ta.ports.get "traefik"; + httpsPort = config.m3ta.ports.get "traefik-ssl"; +in { + services.traefik = { + enable = true; + staticConfigOptions = { + log = {level = "WARN";}; + serversTransport.insecureSkipVerify = true; + certificatesResolvers = { + ionos = { + acme = { + email = "sascha.koenig@azintec.com"; + storage = "/var/lib/traefik/acme.json"; + caserver = "https://acme-v02.api.letsencrypt.org/directory"; + dnsChallenge = { + provider = "ionos"; + resolvers = ["1.1.1.1:53" "8.8.8.8:53"]; + propagation = { + delayBeforeChecks = 60; + disableChecks = true; + }; + }; + }; + }; + }; + api = {}; + entryPoints = { + web = { + address = ":${toString httpPort}"; + http.redirections.entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + websecure = { + address = ":${toString httpsPort}"; + http.tls = { + certResolver = "ionos"; + domains = [ + { + main = "l.az-gruppe.com"; + sans = ["*.l.az-gruppe.com"]; + } + ]; + }; + }; + }; + }; + dynamicConfigOptions = { + http = { + services = { + dummy = { + loadBalancer.servers = [ + {url = "http://192.168.0.1";} + ]; + }; + }; + middlewares = { + auth = { + basicAuth = { + users = ["sascha.koenig:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."]; + }; + }; + }; + routers = { + api = { + rule = "Host(`r.l.az-gruppe.com`)"; + service = "api@internal"; + middlewares = ["auth"]; + entrypoints = ["websecure"]; + tls = { + certResolver = "ionos"; + domains = [ + { + main = "l.az-gruppe.com"; + sans = ["*.l.az-gruppe.com"]; + } + ]; + }; + }; + }; + }; + }; + }; + + systemd.services.traefik.serviceConfig = { + EnvironmentFile = ["${config.age.secrets.traefik-env.path}"]; + }; + + networking.firewall.allowedTCPPorts = [httpPort httpsPort]; +} diff --git a/hosts/common/default.nix b/hosts/common/default.nix new file mode 100644 index 0000000..dcb5355 --- /dev/null +++ b/hosts/common/default.nix @@ -0,0 +1,76 @@ +# Common configuration for all hosts +{ + config, + pkgs, + lib, + inputs, + outputs, + system, + ... +}: { + imports = [ + ./extraServices + ./users + ./ports.nix + inputs.m3ta-nixpkgs.nixosModules.ports + inputs.home-manager.nixosModules.home-manager + ]; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit inputs outputs system; + videoDrivers = config.services.xserver.videoDrivers or []; + }; + }; + + nixpkgs = { + # You can add overlays here + overlays = [ + # Add overlays your own flake exports (from overlays and pkgs dir): + outputs.overlays.additions + outputs.overlays.modifications + outputs.overlays.unstable-packages + + inputs.nur.overlays.default + inputs.m3ta-nixpkgs.overlays.default + + (outputs.lib.mkLlmAgentsOverlay system) + # You can also add overlays exported from other flakes: + # neovim-nightly-overlay.overlays.default + + # Or define it inline, for example: + # (final: prev: { + # hi = final.hello.overrideAttrs (oldAttrs: { + # patches = [ ./change-hello-to-hi.patch ]; + # }); + # }) + ]; + # Configure your nixpkgs instance + config = { + # Disable if you don't want unfree packages + allowUnfree = true; + }; + }; + + nix = { + settings = { + experimental-features = "nix-command flakes"; + trusted-users = [ + "root" + "sascha.koenig" + "jannik.mueller" + ]; # Set users that are allowed to use the flake command + }; + gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + optimise.automatic = true; + registry = + (lib.mapAttrs (_: flake: {inherit flake;})) + ((lib.filterAttrs (_: lib.isType "flake")) inputs); + nixPath = ["/etc/nix/path"]; + }; +} diff --git a/hosts/common/extraServices/default.nix b/hosts/common/extraServices/default.nix new file mode 100644 index 0000000..75ff01e --- /dev/null +++ b/hosts/common/extraServices/default.nix @@ -0,0 +1,8 @@ +{ + imports = [ + ./flatpak.nix + ./ollama.nix + ./podman.nix + ./virtualisation.nix + ]; +} diff --git a/hosts/common/extraServices/flatpak.nix b/hosts/common/extraServices/flatpak.nix new file mode 100644 index 0000000..140c71e --- /dev/null +++ b/hosts/common/extraServices/flatpak.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.extraServices.flatpak; +in { + options.extraServices.flatpak.enable = mkEnableOption "enable flatpak"; + + config = mkIf cfg.enable { + services.flatpak.enable = true; + xdg.portal = { + # xdg desktop intergration (required for flatpak) + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-hyprland + ]; + config.common.default = "*"; + }; + }; +} diff --git a/hosts/common/extraServices/ollama.nix b/hosts/common/extraServices/ollama.nix new file mode 100644 index 0000000..fe1b53d --- /dev/null +++ b/hosts/common/extraServices/ollama.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.extraServices.ollama; +in { + options.extraServices.ollama.enable = mkEnableOption "enable ollama"; + + config = mkIf cfg.enable { + services.ollama = { + enable = true; + package = pkgs.ollama-vulkan; + host = "[::]"; + openFirewall = true; + environmentVariables = { + OLLAMA_HOST = "0.0.0.0"; + }; + }; + nixpkgs.config = { + rocmSupport = config.services.xserver.videoDrivers == ["amdgpu"]; + cudaSupport = config.services.xserver.videoDrivers == ["nvidia"]; + }; + }; +} diff --git a/hosts/common/extraServices/podman.nix b/hosts/common/extraServices/podman.nix new file mode 100644 index 0000000..77703f5 --- /dev/null +++ b/hosts/common/extraServices/podman.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.extraServices.podman; +in { + options.extraServices.podman.enable = mkEnableOption "enable podman"; + + config = mkIf cfg.enable { + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + dockerSocket.enable = true; + autoPrune = { + enable = true; + dates = "weekly"; + flags = [ + "--filter=until=24h" + "--filter=label!=important" + ]; + }; + defaultNetwork.settings.dns_enabled = true; + }; + }; + environment.systemPackages = with pkgs; [ + podman-compose + ]; + }; +} diff --git a/hosts/common/extraServices/virtualisation.nix b/hosts/common/extraServices/virtualisation.nix new file mode 100644 index 0000000..e5b67e1 --- /dev/null +++ b/hosts/common/extraServices/virtualisation.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.extraServices.virtualisation; +in { + options.extraServices.virtualisation.enable = mkEnableOption "enable virtualisation"; + + config = mkIf cfg.enable { + virtualisation = { + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + }; + }; + }; + programs.virt-manager.enable = true; + environment = { + systemPackages = [pkgs.qemu]; + etc = { + "ovmf/OVMF_CODE.fd" = { + source = "${(pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }).fd}/FV/OVMF_CODE.fd"; + }; + "ovmf/OVMF_VARS.fd" = { + source = "${(pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }).fd}/FV/OVMF_VARS.fd"; + }; + }; + }; + }; +} diff --git a/hosts/common/ports.nix b/hosts/common/ports.nix new file mode 100644 index 0000000..e3537b5 --- /dev/null +++ b/hosts/common/ports.nix @@ -0,0 +1,63 @@ +{config, ...}: { + m3ta.ports = { + enable = true; + + definitions = { + ssh = 2022; + + traefik = 80; + traefik-ssl = 443; + + gitea = 3030; + outline = 3031; + vaultwarden = 3032; + ntfy-sh = 3033; + zammad = 3034; + it-tools = 3035; + zammad-hr = 3036; + zammad-hr-elasticsearch = 3037; + netbird = 3038; + azion-scheduler = 3039; + azion-scheduler-proxy = 3049; + + metabase = 3013; + baserow = 3050; + + librechat = 3040; + librechat-dev = 3141; + rag-api = 8000; + rag-api-dev = 8100; + litellm = 4000; + + n8n = 5678; + kestra = 5080; + zugferd-service = 5060; + gotenberg = 5070; + + portainer = 9000; + + postgres = 5432; + pgadmin = 5050; + }; + + hostOverrides = { + AZ-CLD-1 = { + baserow = 3050; + librechat-dev = 3141; + rag-api-dev = 8100; + }; + + AZ-PRM-1 = { + baserow = 3051; + kestra = 5080; + stirling-pdf = 3032; + bpi = 3033; + }; + }; + }; + + environment.etc."info/all-ports.json".text = builtins.toJSON { + hostname = config.networking.hostName; + ports = config.m3ta.ports.all; + }; +} diff --git a/hosts/common/users/default.nix b/hosts/common/users/default.nix new file mode 100644 index 0000000..f8dbc85 --- /dev/null +++ b/hosts/common/users/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./jannik.mueller.nix + ./sascha.koenig.nix + ]; +} diff --git a/hosts/common/users/jannik.mueller.nix b/hosts/common/users/jannik.mueller.nix new file mode 100644 index 0000000..9ac7164 --- /dev/null +++ b/hosts/common/users/jannik.mueller.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + inputs, + ... +}: { + users.users."jannik.mueller" = { + hashedPassword = "$y$j9T$09RgD3AU3PK9Oi6JGLe0V1$i8J2ZOD1h1b6Zpw28ub.kExujoDKHzokeXzkM23Tfd/"; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "flatpak" + "plugdev" + "input" + "kvm" + "qemu-libvirtd" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvZazSuIoWoRWhkAqQDMLeurxVUyy1MTllp1wfw1tzq" + ]; + packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default]; + }; +} diff --git a/hosts/common/users/sascha.koenig.nix b/hosts/common/users/sascha.koenig.nix new file mode 100644 index 0000000..669c6aa --- /dev/null +++ b/hosts/common/users/sascha.koenig.nix @@ -0,0 +1,125 @@ +# hosts/common/users/m3tam3re.nix — Central user definition with m3ta-home integration. +# +# This module: +# 1. Creates the m3tam3re NixOS user +# 2. Loads the m3ta-home profile system via mkHome +# 3. Sets per-host feature flags based on a host profile mapping +# 4. Imports per-host home.nix overrides (monitors, HW-specific config) +# +# To add a new host: +# 1. Add entry to hostProfiles below +# 2. Add feature flags in the hostFlags section +# 3. Create hosts//home.nix if the host needs overrides (monitors, etc.) +{ + config, + pkgs, + inputs, + ... +}: let + hostname = config.networking.hostName; + + # ── Per-host profile mapping ── + # Determines which m3ta-home context and sets each host gets. + hostProfiles = { + # ── Server hosts ── + AZ-CLD-1 = { + context = "server"; + sets = []; + }; + AZ-PRM-1 = { + context = "server"; + sets = []; + }; + }; + + profile = + hostProfiles.${ + hostname + } or { + context = "server"; + sets = []; + }; + m3ta-lib = inputs.m3ta-home.lib; + + # Check if a per-host home.nix exists + hostHomeFile = ./../../${hostname}/home.nix; + hostHomeExists = builtins.pathExists hostHomeFile; + + # ── Per-host feature flags ── + # These enable/disable specific m3ta-home modules per host. + hostFlags = + if hostname == "AZ-CLD-1" + then { + # Full desktop workstation + base = { + shell = { + fish.enable = true; + nushell.enable = true; + starship.enable = true; + }; + cliTools = { + fzf.enable = true; + nitch.enable = true; + television.enable = true; + }; + secrets.enable = true; + }; + } + else { + # m3-helios, m3-hermes, m3-aether — minimal server + base = { + shell = { + fish.enable = true; + starship.enable = true; + }; + cliTools = { + fzf.enable = true; + nitch.enable = true; + }; + }; + }; +in { + # ── NixOS user definition ── + users.users."sascha.koenig" = { + hashedPassword = "$y$j9T$ORX4btVZgs9Xjq2oIvzJm0$lXiPwaa0D6t.eMDIx1UBesEAMOkWXBoGwpeI7X0aS8D"; + isNormalUser = true; + shell = pkgs.nushell; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "flatpak" + "plugdev" + "input" + "kvm" + "qemu-libvirtd" + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZbg/Z9mnflXuLahGY8WOSBMqbgeqVIkIwRkquys1Ml sascha.koenig@azintec.com" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@MBP-Sascha.fritz.box" + ]; + packages = [inputs.home-manager.packages.${pkgs.stdenv.hostPlatform.system}.default]; + }; + + # ── Home-Manager configuration via m3ta-home ── + home-manager.users."sascha.koenig" = { + home.stateVersion = "25.11"; + imports = + [ + # Load m3ta-home composition engine + (m3ta-lib.mkHome { + user = "m3tam3re"; + identity = "work"; + inherit (profile) context sets; + }) + # Per-host feature flags + hostFlags + ] + # Per-host home.nix (Hyprland monitors, XDG/MIME, HW-specific overrides) + ++ ( + if hostHomeExists + then [hostHomeFile] + else [] + ); + }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..e997b27 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,37 @@ +{inputs, ...}: { + # This one brings our custom packages from the 'pkgs' directory + additions = final: prev: + (import ../pkgs {pkgs = final;}) + // { + zugferd-service = inputs.zugferd-service.packages.${prev.stdenv.hostPlatform.system}.default; + }; + + # This one contains whatever you want to overlay + # You can change versions, add patches, set compilation flags, anything really. + # https://nixos.wiki/wiki/Overlays + modifications = final: prev: { + # n8n = import ./mods/n8n.nix {inherit prev;}; + vivaldi = prev.vivaldi.override { + commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland"; + }; + # example = prev.example.overrideAttrs (oldAttrs: rec { + # ... + # }); + }; + + stable-packages = final: _prev: { + stable = import inputs.nixpkgs { + system = final.stdenv.hostPlatform.system; + config.allowUnfree = true; + }; + }; + unstable-packages = final: _prev: { + unstable = import inputs.nixpkgs-unstable { + system = final.stdenv.hostPlatform.system; + config.allowUnfree = true; + }; + }; + # Flatten llm-agents packages into top-level pkgs namespace. + mkLlmAgentsOverlay = system: _final: _prev: + inputs.llm-agents.packages.${system} or {}; +} diff --git a/overlays/mods/n8n.nix b/overlays/mods/n8n.nix new file mode 100644 index 0000000..1b1ae3d --- /dev/null +++ b/overlays/mods/n8n.nix @@ -0,0 +1,26 @@ +# {prev}: +# prev.n8n.overrideAttrs (oldAttrs: rec { +# version = "1.112.6"; + +# src = prev.fetchFromGitHub { +# owner = "n8n-io"; +# repo = "n8n"; +# rev = "n8n@${version}"; +# hash = "sha256-r/MCU/S1kkKQPkhmp9ZHTtgZxMu5TFCl5Yejp73gATw="; +# }; + +# pnpmDeps = prev.pnpm_10.fetchDeps { +# pname = oldAttrs.pname; +# inherit version src; +# fetcherVersion = 1; +# hash = "sha256-j+HJhvzrcu8JsezcFJxfgteOgTspWQb2ZSN2fEl7Voo="; +# }; + +# nativeBuildInputs = +# builtins.map +# (input: +# if input == prev.pnpm_9.configHook +# then prev.pnpm_10.configHook +# else input) +# oldAttrs.nativeBuildInputs; +# }) diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..9850520 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +{pkgs, ...}: { + # Define your custom packages here + # pomodoro-timer = pkgs.callPackage ./pomodoro-timer {}; +} diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..41b3a34 --- /dev/null +++ b/secrets.nix @@ -0,0 +1,50 @@ +let + #SYSTEMS + AZ-CLD-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItSijmU5YwcJcoshtmYxpxBaVA4TPaCMk23ws7KDkAH"; + AZ-LT-NIX = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg/nFOPx763xIbepPsdYRE49R7HwvikXhLF/iPgH1Jh"; + AZ-PRM-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID6gl9maUQ99I4t8mCAdfUw6lrA9NYx2EbwqGOmKts+l"; + + #USERS + sascha.koenig = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZbg/Z9mnflXuLahGY8WOSBMqbgeqVIkIwRkquys1Ml"; + jannik.mueller = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvZazSuIoWoRWhkAqQDMLeurxVUyy1MTllp1wfw1tzq"; + + users = [sascha.koenig]; + systems = [AZ-CLD-1 AZ-LT-NIX AZ-PRM-1]; +in { + "secrets/azion-env.age".publicKeys = systems ++ users; + "secrets/server.crt.age".publicKeys = systems ++ users; + "secrets/server.key.age".publicKeys = systems ++ users; + "secrets/traefik-env.age".publicKeys = systems ++ users; + "secrets/baserow-db.age".publicKeys = systems ++ users; + "secrets/baserow-env.age".publicKeys = systems ++ users; + "secrets/kestra-env.age".publicKeys = systems ++ users; + "secrets/kestra-config.age".publicKeys = systems ++ users; + "secrets/kestra-secrets.age".publicKeys = systems ++ users; + "secrets/kestractl-env.age".publicKeys = systems ++ users; + "secrets/librechat-env.age".publicKeys = systems ++ users; + "secrets/librechat.age".publicKeys = systems ++ users; + "secrets/librechat-env-prod.age".publicKeys = systems ++ users; + "secrets/librechat-env-dev.age".publicKeys = systems ++ users; + "secrets/litellm-env.age".publicKeys = systems ++ users; + "secrets/metabase-env.age".publicKeys = systems ++ users; + "secrets/n8n-env.age".publicKeys = systems ++ users; + "secrets/n8n-env-prm.age".publicKeys = systems ++ users; + "secrets/n8n-db.age".publicKeys = systems ++ users; + "secrets/netbird-auth-secret.age".publicKeys = systems ++ users; + "secrets/netbird-db-password.age".publicKeys = systems ++ users; + "secrets/netbird-encryption-key.age".publicKeys = systems ++ users; + "secrets/netbird-dashboard-env.age".publicKeys = systems ++ users; + "secrets/netbird-server-env.age".publicKeys = systems ++ users; + "secrets/netbird-proxy-env.age".publicKeys = systems ++ users; + "secrets/outline-env.age".publicKeys = systems ++ users; + "secrets/pgadmin-pw.age".publicKeys = systems ++ users; + "secrets/vaultwarden-env.age".publicKeys = systems ++ users; + "secrets/vaultwarden-db.age".publicKeys = systems ++ users; + "secrets/zammad-pw.age".publicKeys = systems ++ users; + "secrets/zammad-secret.age".publicKeys = systems ++ users; + "secrets/zammad-hr-env.age".publicKeys = systems ++ users; + "secrets/zammad-hr-env-prod.age".publicKeys = systems ++ users; + "secrets/outline-key.age".publicKeys = systems ++ users; + "secrets/ref-key.age".publicKeys = systems ++ users; + "secrets/exa-key.age".publicKeys = systems ++ users; +} diff --git a/secrets/azion-env.age b/secrets/azion-env.age new file mode 100644 index 0000000..a8b8905 --- /dev/null +++ b/secrets/azion-env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBEK3Vo +VUJGUExER0VDZHROdkN6S0pPRTVXSEhvVWpvV1FSNnZUcStLalRNCk9DZGN2ZFZi +cWlhUDBlQkFZSHVxN1ErYmdhTW5ZbVhGb20yZmtnY1MvWEEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEFUc3B1alN0NElwcDl1empxeVFack9hUzFGYlg1bUVRbllNWkNQ +MUlBRVkKaUNQNGhSV0pQQ2VGQXFHM2s1YmFPMTJUWUpZVFNrdTFoNmxlTExYeFc4 +dwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgeG9ZZWNIUHo5c09kMWxmRXJieXJOV0Vo +ajEzYTdCRmp5aVlwT2p2Y1ZnYwo4M01URmZwY21idzdQSkszYW5qcVRKdVpkaVRR +NXhiSVg1MmlMVlpGNEdvCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5U2V6eEl6ZVoz +L0RCblpuR1Y2dGhxZC9YREFhYVBrOGVESldZOHlmSEVVCkEwenhZbkJNK2RoaSsr +Tm1DWXN4TjBldXN4VlByN2IrZ2NvQ3c5dEdJUFkKLT4gVid1fXs+LWdyZWFzZSBc +dSBLCjdpZ251emhPemFyeEQzYVZhTE85WUtKemhmWVBIeUp1Ci0tLSA3cTcva3dC +NytiSTdXMFVkUmkzZ1psbndvMTcwVk42bXArdm1ZSXA3aXNnCgcCLDRJcYeVXN7A +OHS0d2J+1TEvSHAEtrnTQjTqYl7ceaS8TFYF/DekImVCoDBjKI2294On8eiCOlUX +V9k/GF4OVXQfLcvxhRSTj/h5G8kVXvOodjftlIrx07SVTdIaxJZNAEqyTQi89G8Q +Uxu4pKPJn53u3KGPga8xdxEbPwv2VTWp879z7ge3e2me4qT8VZagq06IkeTfbun9 +Pq8qY6w= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/baserow-db.age b/secrets/baserow-db.age new file mode 100644 index 0000000..370ba01 --- /dev/null +++ b/secrets/baserow-db.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBkeUZi +YmZZdk5zeHBBTkxDdkRyZ1QyZmlRdGdhOUFoRW8rRk5YSHVYYzEwCjgxTmZQNm14 +TUZuSkxGNUhYUGhIWG1jV0FsdG52bENpS3hwb09yMDhvdGMKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFFmZlE0QnR4YXFBMlcvVGxnQmJnU0xkQWdidXlEMUJpQ0Q3OFl2 +Qkc4WGsKWGhNY1dORTdvUWJvUzZJSG96eTVvWk4vR0VsbitHR3YycE5hcDhYanFq +MAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgS25HRFRaRTZZLzVoV1IxNEdrakE5UWM1 +TTRMTS9VLzJiQXVXakJVZnh5QQp4dFZZekVZSlBwVEJ6MDBBNzFSTklPMTU5em1J +QlhDMDkvTURhcXpDbXhzCi0+IHNzaC1lZDI1NTE5IENTTXloZyBQYkU3ajVUNkdt +YVdleU5Ya1VJUkJwclFiTlBUdXlrMHpNMEh5OWRCNzJNCjJzMlV5ckpTbWFvR1Ro +MTBBcmtobzlzbG1HWmxlRkpLMkhoTHhwRE1uVG8KLT4gPH5zLWdyZWFzZSBYV3Fx +M0sKenM4Ci0tLSArOERIa00rcWhPeUdsbHFqSFRvOWVEN0dlTjhRbDZCVlFrVzZG +QnZMNWxvCiVRTPOhecBLeAXqlUijvGmRXFJhmnDdPxE4/PGCOKJZwBAsn/TNS1K9 +M4bdsdSB +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/baserow-env.age b/secrets/baserow-env.age new file mode 100644 index 0000000..9ba67c3 --- /dev/null +++ b/secrets/baserow-env.age @@ -0,0 +1,23 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBYQ1k5 +L2hTMDQwaFNaMmpoUGV6cDlkMzRrOVBjZG5DNitLcWdRTHdlbTBjCm5HVGxKREN6 +VVRqbk9LR3RVNmpoNmc1Y2l6Nk4yT285cUEvaXBacmZMNG8KLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFg1eU9PVGpuTlhQbUN2THRHcERCOUF2ZHRibXlBUWtGUUhKcUZs +OTlORmsKS3p5Slo1ZWtqdTlWbUVlZEZvcG1XZTF6VTBqazNUZDlRL3F3cFpKcUxJ +NAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZTZhUlNFVXZxT29zdmNRWEdBbFNud004 +aTJnZEM4NWtVREg2YWxyZDdWbwpmOVVMcnVRamFMREd1K25PczdqWlc4N2hjUVlw +MXJTVzVzcXRyZENoVndJCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5QW1UbllFZ2NM +LzVUVExVK0psZDZuSG4rdXNDRkYxblVVNnpzMjNlNVFFClY4ck96ZHJ4MndRMVhn +ODlwd05Bc1AxdWpTSEpjTURqUHdkbWpXRWozUWMKLT4gOz1aLHAtZ3JlYXNlIEsK +YlFjMjVvdkt4WElTdk5IZHNqb1dBcEMvYVNZUTRJb3V5WnhHcGdPWTY1QUVNMnpu +R09JMC9CWTVEQndSaHFjTgpFdVRVRTZIMStyOFF1dE8xeXRTTUVadllLRlBveTd5 +YXhMTXdEZGNWamI2cgotLS0gY1U2T0s2NEZtbmVTcmIxeDZrNEZJTzVuY2RlQWU2 +Z1ZFbHBKTzlESEZvUQob76pZzXMo/EvmWmKwXQBlBjbwdImpHYOu85+JuC74SjAB +NR2m6BkYK/IUPQ6ZNegTcax97YsHLqt2UHMx5vxQqSPcG+u8ThR6XUxJ0963Lzbb +Xt4ygA4nH0LIT5lsuH2kG0cLAnPGtINh4k6haqVx00jeKAhONqQayQ3pEW1gXw1R +YAkBQ9RdgYWyj1Fd5+4APHwmOp+84NZrgHLbgVtr5ocPdeqtxZ1bfxpUPFVRPT9J +sJKubUtbg0eB1f0Y0Z2JaBH23AuJ1DP2Q7iruA/foRS4hFBpS2FlMO3NbKP3RlCr +TFT57KvUbXjpE4yB11/lJw9Yxvtq+EtDPaYud6uif6DjN1cLNPDad1KYa0pR3qRS +L+3b28UiF9PrjJQGz6RiSfCQj896uRRQLVwIGYmEnezcJ4DEdw0uu8o62/swzCNx +JGI8zwftm6pHo5Fb9qPbkFLRAaKV94JjFdFmPRltpQ== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/exa-key.age b/secrets/exa-key.age new file mode 100644 index 0000000..8a146e6 --- /dev/null +++ b/secrets/exa-key.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBWMVBr +TDVmNmlTSkFrem9JREI5Z2djS0NWS3RQVUFMeVFZeExjUjlKSW1BCnZxQ3FCTHVG +SytRUWs0UFVRdzI0UGJuQW5STENicHVmQWdRQlh4THZUYmMKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHM5a3VheSt4ZXlsNi9UYWx2amR1NWlTYWE2eXVRVU5FSzNYaXkw +cnp3MUUKYnBZZ2dQbDJMb0NVdG5oM2lKeGNGUWdrdThEMEEvbTRzTTFEajZJWmRz +awotPiBzc2gtZWQyNTUxOSBsR3FWWmcgSkdiSmloMlRraTdidWl5U0YyNjVTeFFP +K3l5a1VuUzRpaG5NTzBDRG1Scwo2eDNsM1MrYXhzMDhNT2NEVWFseGR0ankyRVdj +VitBWDBPQnk0eVEyTzFvCi0+IHNzaC1lZDI1NTE5IENTTXloZyBCaHBOUkMxS3M5 +MTFZSUhPZi9ja1hNNnZyM2orbkdtblVrdFBlWThRWVdRCmQxNEYyTW5SdDZiQkx2 +dHFLK1NicmZXOUU0UWNTRmZsYXRYRUVFQkxEeGsKLT4gcS1ncmVhc2UgeSkgQzZZ +WDg1IW4KSGcKLS0tIDRhU2NNNzlaU05rS0NJTTV2bEpnK1ZOQkZFc2IxWkNZeko4 +NEtmajlVRXcKLf10VyJLLFwaRLCulJN/YGiMqIqwV+9Hfyjns9Exx3mASfBW4yJR +qwjpGpVhKIaTNiKo8PdJofw5y6tOCz5NTDmgpVI1 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hetzner-s3-az-intern-access-key.age b/secrets/hetzner-s3-az-intern-access-key.age new file mode 100644 index 0000000..30610c6 --- /dev/null +++ b/secrets/hetzner-s3-az-intern-access-key.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBDcUZI +aCsvQzBoaytUZ0NpRVY1NW1WV0dyMXVjVnowZ0FlQkNKeDU4ZzBnCnVzcElPTXVm +QjQ2MjA4YlNYRjF3dmtpUFliMWJIMVJYWkx3Z2tsTzhXeVUKLT4gc3NoLWVkMjU1 +MTkgQ1NNeWhnIFZZQ0ZTemdKTno5UUpuRjF6UENydjRtNGZnWWtRRVlLWUhPOXZL +YlpzRmMKem9yUDY2eFhBNGpVbnlibmw5K0FkSElGdzR3Rnl4VEpxUUtxTGs1ZFBw +ZwotPiB+LltMYj0ldC1ncmVhc2UKSE9TOFo1T3E4WFo0Z2hHS0hBTmJkRDQ2a0J0 +NW9qWXpCcncKLS0tIEdzKzR3WW9rZnpvTDdKQndqN1VBTWxMY1hidkhXWUZoTWhh +bE9RM1dnY2cKeguIFY/T8kg7t6pDHyCVSdx88fbkCbefaHkLT3ZeLFlEeyIxvvrv +HTgpP0kje+G9jKjku7Q= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hetzner-s3-az-intern-secret-key.age b/secrets/hetzner-s3-az-intern-secret-key.age new file mode 100644 index 0000000..402e5b1 --- /dev/null +++ b/secrets/hetzner-s3-az-intern-secret-key.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyByQU9Y +UUdPWmxxSTZ6Rnd3K2V4Q0NQMnRkUXhvQkg5NUMrNVI0YmJ1NDE4CnJpQkZZNFVj +SWw2ZVdKV08rd3poZE5vaVBNN2R3bENBOGp3a2JIdzFNdE0KLT4gc3NoLWVkMjU1 +MTkgQ1NNeWhnIEkzWGkwVDBkNkw5S0VWbVFlYzN2OWM4dWJZQm5NakdsWUlTaGNa +Myt0ZzQKZ0dWQy9JaW1YOVdoZVU1T0ExUm4vaEcvRXFGS3ZDVXE2N21ySjI1S0dY +WQotPiB3dzxrLWdyZWFzZQp5R0tXWjBJelF0NFk2MlF1c1ZrdHlxWWprWkN2Mlc2 +SVVmSTRMSENOVnNVUWFJVmhtL05VeWNJZE54TWFTdm1tCkVTUVQKLS0tIGZ6M1JS +aWlmeFQydERNS2ROdnBGa0U4anFOVzdITStyblZQeDV3VVFSWUkKXRiSMZZLMcrq +gCXaaUBC4GtG21xSqqsD3MoBNJ+V2XzWC8UFFo8sQiJQB1Pak/CiicRnFkyEbj7m +qAfbhKEAroS3kErgbL9w5w== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/hetzner-s3-az-intern-secretekey.age b/secrets/hetzner-s3-az-intern-secretekey.age new file mode 100644 index 0000000..07d8b3a --- /dev/null +++ b/secrets/hetzner-s3-az-intern-secretekey.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 JqYQjw U5No3H94fSASBcRRZLgTBHxByB95Ziyf4PF2zyrjWhc +IbrSOSlaCOphRfXDGkrXONxqZMKd7wQTbeR/C1MWvOg +-> ssh-ed25519 CSMyhg MW59VNnTF2MEGytjYT1opGF/W3gwmmtnt6njTKbu0gQ +KSnptKwX5I3b5fNMzYE1dMcklmqM+Mehm8zdcjIOKTM +--- F50ScuHxKrtaxMrBPi8yNGPbLThR0nYZoneOCN6vhhY +]pkxuQu6*E)i-)ߧA(m^O \ No newline at end of file diff --git a/secrets/kestra-config.age b/secrets/kestra-config.age new file mode 100644 index 0000000..fdb6323 --- /dev/null +++ b/secrets/kestra-config.age @@ -0,0 +1,29 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBRYXF4 +cisrS0NGeHZIckRrV2FzNjA1Ym91Tk83czRUZVhXNkJseFJMYmc4CjJlUlRMcmFD +TGxyZjRhd0RxRXQyRFZBZk5CT2VpczR4QTliQkh2R1pnZlkKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEI4YitPTXB3VFp3SzByUStDTms5TitnQUx3aFdQY09rZmNzTjAz +SWJsV0UKc0t1YnRzVXFiZWZDRkJZd1Zld0ZMZE4zN2pJYXp2OGQzOW5BQ2htcG5r +UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgS0hINXZOVWlGNzZRWUlBYVE3S0FMVXBs +NXZGZTRDRXBuNGp3ejM4WnhEMApHZWZyT0ozZXU2WHNJMUcxUDBRZlFhU3g1RWI1 +UVcrMlBUSjArSURWa0pjCi0+IHNzaC1lZDI1NTE5IENTTXloZyBhTE1oMmh2Smc0 +RDM3T1B5UGhLeUVVZG9CclNoSGhQWGRXbVgrSnU2UURFCkhidDBoNTUrRXpzeGgr +T2VkRjZ5TGJaeWE1K2U4RjJKa3AzMVJSQ1ZjQ1EKLT4gcHxQJFotZ3JlYXNlClVP +d09WTS9NR1htNzA2WFNnbUh2TGJWdVhVSUppMVZkcFNSQjJwazZtelpFNXhXZDBV +MzVoQzJWWW5JVjhlYlYKb0NCNkl0YXA4WWZwZCszSVdWUXlKYzZQaXVTS3VDT2lC +Tk5DS05idAotLS0gMmMzYU9uaGJJaUtzNlRNNExYUWFOQmZKcEwxZFpQZC8vTVJ1 +MDZ3TXNPYwrXl7PIzv7lRFfBOlmJ6i74CchhE9HAet4uB5NFOfDt3Q5BjCMd/lVD +ZVENpsyjyxhI48gqLOEUAFn8UhOaxYcnu6F0f436Az5AiQfzvcmU4WKi6XRJ12qx +7jg0wi04xIqujcQNTSWG9mOJ9P/8VrlRJ5HRVo0gE8MaulBuxzmMFJr0ZSAtQXXO +DNLltwJ0r6Sy9yLeakDyAxSPOUZSH0B9VzWFmTUcboaWbbDSoy8+kSNpiue81O+i +Wy6Dlpr2e0A2HJEmQHHE71Ur6Edpwl+xn3YJjYN4bqMO/KjbrXerT3/Z+gHItMWy +Z6QHxMDCw7o/iGhTTp9ALUfFG861x64z9YXoacX1jGLq/bs/3SXaCy/keXMd/y16 +XPRm0P07Ux+wPKKKIyQ64hEemTj7c5KAlPnlrqvbaPCbx0/QONMZz4kXKFEgzXqi +B6wr4PnsGsDOKe32IysYraZ6MTyYrHX7/5udOy/YMwb6SiX7Fm5J+XgE2rH4XevA +q2kn1UcXTglW5y2ot24HHasCh+bZLv8OiG19qQq3nC3PsYpWYT1lMcm64uBWbvZ7 +ejkWrwOZF5FnKEnaj/OKRg3EPSoOkovY12/2X6boehHUTGfga4jZDVvPLgOLwlfk +27VNDynyZot98qYquTcdVyVTNNWvOre53Zw9AM0+XwxcPAUWrFXE99cimoT3XQlp +c1V4G8xUgANT/Er32o3yhmItmnRrdtT4oIpqlVJEZ3ploYJKmbxVBnAvTzby88HG +I4vmrAaE0omIE/GQ1+cNONfk55Paezw+DM6LEGy/SW4OZamqpd5aIdYJDLSUe0wQ ++5xH8m1iszJm8s3f8ocw/dVGgK9M74k= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestra-db.age b/secrets/kestra-db.age new file mode 100644 index 0000000..f94d0d1 --- /dev/null +++ b/secrets/kestra-db.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyA3bFpG +UjJ3UDRDd3pFdFdoaVp5MjlrbldmUU44d0xqNkQvOGFoSjNKT25jCmNVQjczbU9q +ZWh1Rk9oNC9DTXJPQlBrWEQ1YjBKU2Z5RVpvNU1GdVNzczQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHZqOWZPRFdKOVVNZWhlT1hmWHJ4N3h2Zko2R3owU1hDRjNsYjhX +eFB2Mk0KQWJnT3Urb21abkhiUHpQM1FBcUhtcWFFQ0hTMzJ2UkJYMHo2aG5lVU9F +VQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgbTlEd25LQ2hURkl5U2trM3U2UnVyaXkr +QnZGbnRxVkdhbWhYNU9USG1Cbwo1R21MWFhPT2lMcTU3aEVwcnJCbVdiRzV1YlE1 +VVFlN3packl4dGhOanBvCi0+IHNzaC1lZDI1NTE5IENTTXloZyBwSnRIR1BIUmRl +N2h0SitFYW9GQmY1ZTUrZnRDRlJMeUEvR0kxZTlLalVNCkU1ZE9abHdIOUluaUNz +bkpvNDdUM21Vd1k5OURhRVBvVis1MlpEcER2cXMKLT4gSndpSGluLWdyZWFzZQp1 +ZVB6cVUwN0tSRXY2YVl5STVPL3RkYUNIbDFWTmFWZVBvbFRMT2F5SWR1UWZzODZF +VmpFaURuNklaT2llZ2dVCmQxYVZnT2FBWlBWVUZGOUswOHdHb1c0R0ZrYlRodVJx +YlZtcmhtVWY0aGJPam9UODV3Ci0tLSBKcWVEUzFVWHFaUHFlMkJtMXd5TlRvME8y +cWUwemhzZ1VYeDF3ZkUxMk13CgitI44UftlBnDaKhbYE3XBHopWw5UdrhFzB2KLM +7MnMleigJjEoKmi2b6wjld6x +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestra-env.age b/secrets/kestra-env.age new file mode 100644 index 0000000..4cae947 --- /dev/null +++ b/secrets/kestra-env.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBjdmNT +bnJScmdlUUZPZSsvdmd2eFJZZEswcjdITDNPeU5zS092OVMyamlZCnNLYi83TFhK +YUhDaWlxL2REejNSdDllZVdmNFR5eXVWWlhVVnlIZ2QydEUKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHBvUTJiZytRbGdJUkRzYm5YbFQ0bEJXaytaU2h1NkJTS2ltWXFw +dnFQaFUKSUdpU3hqTjZCTG5qRGpmcjNqaWMzSUoxRTNGY1JNYlJnUXV1TVBqMFF1 +dwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgK0o0YkptWkRUeWo1ZndudFpMVlJGZjNZ +UWVMNG5nMUJZU0NqYmpjcSszawo5TVViZ09heVl2bVBRWElxOXVOL1NsOFlZRS9q +TlpGZ25PZ3luZ2UvNm1rCi0+IHNzaC1lZDI1NTE5IENTTXloZyBTY0x5WEZLQnZk +KzFUVVV3UnFYU3AzRU44NXZibWJsTUk2Z0t6MU5CVkZFCjhiSE9taHdiV3prNUpC +OWZqK2RZVUJZZkxYMjlYRTVkZDYzdmRqaTU1U0kKLT4gbC9qNi4yQyktZ3JlYXNl +IHt0LQo2eUpaZ3RwZUEzVjk1Y3hFa1ZPdHVacHdvL3V0WVRUSFZyVndUU1o1REto +NWlxZWNOcWMxU0srQjg3cFQvVTh0CnkyRFhUMEtmQkRCcmgxWjdaSmlDZVRDUmJJ +ZjZlRkVPc0NTZgotLS0gR01PeFhpNW5EbExTT2pyeWFvelZ1SEEzazYybjd1b0dm +K0hyVVNFZGF3OAp3+MW8cSEB7t8dq6oHBdvo/1iVRmKrN64bdO0mxpLkbA== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestra-secrets.age b/secrets/kestra-secrets.age new file mode 100644 index 0000000..e66cf53 --- /dev/null +++ b/secrets/kestra-secrets.age @@ -0,0 +1,32 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBOMjhu +Qis2Zm9sMnJBSG5WRmUrbHlibkNJU29FSnBoVDg0QWZYU2dCbW5BCng2Ukc5amJp +T0V2TEFDSnJWK21kdDQ3WWJNSmhVT000ZUdRNmY1MUNnTUUKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGNxU1BMVUEvTStTUE91THBPTzAzMEtMWFJGUnU5VVNhUU5neFhs +dC9vVTQKZkJaYWJubEh4M0FZK09WelRJUGdLNEcrK2hrYjRabi9zTzgwU1N2dm1y +ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgQXlkbDdZMU96VFRNc1cwOUZUNWFEY0ln +cW5TRkxEYjFnZTlqcTdpaFFIVQpMTUhNLzhKdUREdGxQQmJKanE2UHR2RElES294 +UkNoWG0xYk9XSHVhdFh3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBnaklaS0FtVTNS +WlRNMllEVHhVbHJVdDVmb0xhUG9kbjZFeDF4NE5mWkdvCi9pSkIrQ29SWUdMUEkz +RGxzSnJzNU9XaXNlR1kvaC9GZjZxdjhpbUNheFUKLT4gJW5aVS1ncmVhc2UgKi4g +Jn1hYjYscVsgfmMuKWx4V3AgRCZ1VkE/dVwKNE85RW5MdThyN29hY3pGUFFPdzVo +T2w5N0ZVSktodDhYeUlNY3U1cVZ2NWEzN3FacFc0Z2pxekUwMVNPZlRubgp3RXlv +U2xYeFUydwotLS0gMFpFVDhuWGJUc1lGcFRTeGw3QU1Dbk5JcHkyWGhJU2R5bTFt +ZkJnQnlaOAr/tWaezrRSqKKofd2Si/8xBW8PfwGOcR7UDG3JBAXt3Fg0tQmGGJKv +32ZN2uoV2Vdc6KegRzCPdE2Qu/DB2eyfdg4vQTON7RleiZNahqZU8jVijgJpchWD +Pmi/sUBCIAjv3X0xAQyC/FBkTuX+18QiA/Si08NcFZ7OEqxBGn/zqvN4h7o9JM0U +81GLh2rIsbOLmy5bXzEIFLjiK6foXlYCjcaHcT0pXTQ5r3TEMdSxq78sFs6RF9Eu +x3/cMw50tD8HbJE0CD7ybWR8z099zweGkjDxYvaNFHu00JdY6Hb1FCrBuSyvwqzH +0ANoyiNCZdMhy1riggpjy0BdYZKKWRxmbz22kL4ZpP6ztZlFdgjStqYGRMdc+3Mo +10P4ebgs9RU1G0R30lHgoyA3oQtYl+t8Gf8R6QihoCuhHZpmohIG85Rsl+kxjwz0 +pttBjD4CCRKv3iOXAkX3tC2z1FDipR597Zn24IM9/DpEFrvnloFRhZESJofFgIe7 +7+EpjRlZTEo31DbT2VJhPCgJr+poby+wy/VfAAHdaWucGBPtfUvIVYteyqA7BPSo +dVUckv3LEBiFO/YPviz95ktdH0ztPfn9/hfRfD2mZw+RD/oDIV5ABGtqPJ/icBlj +AcE7nSRRUEk4jjPWMxNcX/sGzVaFeBZR2jppmUfPOoQl6k5QfoS198uT0vzCCj9A +9xjmeot//7iuV7Va9Tzg8mgoAa3kdZbrmbibQUo0wtc6fbH2wDGm9pgFHCoKpGqv +B8+8FiZ8G3lA5AFzKRrpN/z8he5abp34hz98DlHCvFF0jfq7JF7bYeCcdMzpTiDl +HJWSK9YkD/1i2TtJw1rO4eN6AqtnaZ7eWFxTIG8v3Oia5RLpJLRFur8dy/sG9ayc +Oj+JFPc8LkD2ium6SvpEhXjPLuOdEZ4WFf1Q73zyd/VCfuligDbBhJCtpgliakga +HXkZqG2QeUQOPC0OaFNxc5Ras31+V9XP2xB/BhfRTwd0pmqw6k4skHeNbGubBFEB +hirD25EGY1ZSLtSaLkX0 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/kestractl-env.age b/secrets/kestractl-env.age new file mode 100644 index 0000000..971728e --- /dev/null +++ b/secrets/kestractl-env.age @@ -0,0 +1,19 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBrRUFE +TjJybGM1YXhpbis3bUU0SVBsMGlIenFkNWpMUnhEMmlIK1pBc1VjCkkvT3IvN2VE +T21jb3lkUk1xUUZZaXBOYlFhYTRIMjlBS3NuQlA3VFFYSDQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHdmb2c0blErQ0k0cTlKVzRFRCtaOUxhZDhvckloUW9HVktqQU9O +ZjRzMDgKcG8zYUhQZnRCYTVJMHhzZm1RbkNoODFwSC90RnVuV2tXUXRRYzlYM28y +SQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgMzNyWUVuOTkwcDd5TmE2eXpXT0xQRkpk +VVFzaXdHdjg0R3BESTI2VGJ3MApkWk9mMVpydS9OU0NkcWVxNjcyaitzUzd0eGdZ +cDNnZzZtM3ZzSm85NjFJCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5ak9RR1pZV1lX +M0NCTnZpTHRKYnZUcEdMU0J0SmxOZmlrcGN0eEVsdXhFCjNyZWdCK1dOSXVrTlNt +d2FJai8za2ZtS0FlUTZPRm40ZzVGdUwybTdiMjAKLT4gTy1ncmVhc2UgKVRVMlRz +eiBlRChgIyByJApIWko0SW5LM2k0VExKbCtaclpCUlBVOFdjcEY4NHhxNjhLSXpq +MWRRcGFzUFdUT3l4TTRrMGhJRzg5aVFrd1U1Cmc5QXFEVG9ubS83c1M5Z1ltaWIx +ekEKLS0tIG5FM0gxY0JpaHBIVjdack41TTYxb0N2OXhuSEJFamVGbXdvdVpLQUww +a1EK+4IOFlZ/BEmN5diOyV9hgLUfHf3SOijxq4Z0ctIAXuNZVXaSpP5mRXGb4q1D +xkk0MMF5F17yNnhLIM2Ca5PEH2chIb3yUhbdLJTiTtgyF3tEbo2YtAYXT90zKBB1 +p9Zi6cxl63s4+yela7J5lXb8dPA2nCQA2obrB8wkexuYATF0KxNyX4vWK7Yj6DP9 +rt0nxt5umpbBmqfSsuGd2cWg/RveqNDim+q+DVNO9fyhnsMs1e0Wv4f8Jg== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/librechat-env-dev.age b/secrets/librechat-env-dev.age new file mode 100644 index 0000000..402c9c0 --- /dev/null +++ b/secrets/librechat-env-dev.age @@ -0,0 +1,72 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyA4UHBE +RU5DS2xpVlgwcnRvZmZWblFuMzVBMEx6VXlTWnBvbzZiWWE2SnpRCmQ2SE9pTHpZ +ZXZ0bitLWlR2UVBUbG82cHlSZUtlVTdLdU5NbzN6VDROU2MKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGd2b0xxeE5KdFBvZ0RYZWE4blB1NGlTSGlOUW9WVFBmZFhzQkIv +K2VueVUKU0ZoVUx4WjRvZnZnbS94amJIZzI1SnJ5MERIV3lOcE04UmhOSm1DUUlK +QQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgaEdWUURiSXpWdGQyWUlkckwxaEFmYlQ2 +YWpTL1FrZDdVcVUwaERHMEFYYwo4Z1F2Zm1ySzdtRzJsRmt6UU82dFVqN0ZrdmFY +ODhnNVZ4TFRSZzVjR3FZCi0+IHNzaC1lZDI1NTE5IENTTXloZyA0NWJlV1JCK0lI +QkhxWmRaMXFSN0QyMlg2WnR6R3NWRWdya1BmSEduU0JFCnFGV2pLbzlmSjdIZzNB +WjlldEJPeU5SaFhJUjdKTGVKdEhuSDFjK2VvV2sKLT4gcVZLKi1ncmVhc2UgfEFk +VjggJHUgWmByT0RAIHR+CllKRWo1dVAyNk94d09jcTRDUElvYkgyUC93dWdjQXU2 +eDJKMEw5eENyc2dBOExSa2d4ME9BNGVQZW04MjRZN2EKbStZK2JiZwotLS0gamIw +aGFtMjNqczJWOEFRc2Y0akdrd0x4ZG53QUExZ3FZL2pvSGlJODhDQQpki4tky/NT +0BmZkRu3s8ouulHNP8+9dCUCOnOg4khq2dEBDrorFP4VTJTFRbGdZhS3N/zGd0EV +9pfAcHIgNvmw0X/85hxsAszxEpcW+RckGfQGeicncNtVP5TpYTWJAtLqWKszcv+1 +dzbSSlsPs6Az7SBoa6qjo2fiGp2PttgYehfEw6eX6I4WAr+Lr1AqwJKLXkFL8sva +LeZfddhExkDtZ9Iwoi5hCGHNzViO3YY5Vjxb5cXsOgEmn6645a/eb2MADGQnvSFk +V6g4XxmiQ61Dx6b5eda9tEckvQvk2JuWRremjmfp89TWesPkg8y9zXoNhWBhIzpp +aozJ7Zq87Hl9uiKB4Qzu2I2GeW6rHQxsriFvybxlKkwMfVPoxzOe8d+hS1UVQ6gS +yuBnmVFig0FaH3NSQyEbF7A6cud78xLPDHUJyOxOwIwerL29vZXu5u3nFJFqpXh9 +MI1UHGDJxlKfEQLto43wgQhnJ/HbeAniYDM5qN9GE/vZZ2LDgUMTmRnSsen2bAea +zyvyV7JMsKTcV4epZ/HH0DWEGOvefyq1cwDlXejD/8J9D5z/q58kfXaNI/Qw37xv +NkHhnRiPEUn4wyQSgMvJuiFl1bYC5Lxm6eOfiPz8mGa5ZSzwRfWvbSAFvUIwEehL +5hWWTybrfWH3PNm/4ubrtjyHVUktF44siH2xQXA0Q3pbV7I0chTb58ZhCXF3cCOf +xvJXhWwy3/LkKnII+mc+/SpFf/OPCNQrGzqtS0N2gdihqRXz+JRj3Jr7Dh1AtAbr +Rfg4KWJNIpibjBt90T0gVhxYDJmMUM2iBFVeFcW5Qu+VHPZnwoY8GnR77ilmdO3R +6O7xPlRtllKR95O5AcCiG/rMIduRL1SJGRhHW5ThLtHVCUrCGiVB7Hq5oDfY6SP/ +ZAEketzRPfEfR6ReWw9ltxXORYTzp1CnvivkO859jT7w1DC9DAadlVbs8aA4ShHF +7g/lZv5Sg/FXWIw4iNfBhzy235XHPBcCX8TeTUk7IUzGe6kKECmIznfxDxg/2Pbq +oqPW+GH0HVNTYTZ8VsQaimyjznXKlt95gKxgjs4/Y7tEu53Th5T57220cD8zQeQ9 +JGe8LUbWiyIG69Jhs8nPwhzcCAjQ6MxRtVR2QX8Mla04HZwiHmHKkP+N209PFT+8 +XCh4/1afN3jL87flCsuYFdOiXP54amCFG1YXxHDDAigwCTPvC6Beiid6+UU5e1WL +cHwwzEgV6ILTnuEMV17LEhAenfcu63IaO5L3xi34kEDHwdLUD7eJINn9oGOMiU7Q +5N1tYRO01SBQL9Fir9gvvo2Hjg4kfQiflDViu4fLoeVHO7TMzWnd4tq5/YvlXqqW +KOI7tk69/iYwTh84khT6SFgSu1i1Nqpd5Fm/LBmRMln+CaBppygile6NYHAAWUPw +ChH3ImySZumbLgMvk43LCMXE88RH6NpUL5+pEBjUsmPotLUmAxy3KqCooLsGhXbS +TqyT1ilMWN3O/KTBc51/KCVtZEK2ChuFgHs52luwQG6+XjNvJ5EPB/S0dq6Jw0rK +qW6zNj/YP+SbQTj/ZUltL1aBwoMuw4ht36VQIpT8wk5DxenNsiQU6eAYSzSVprQ0 +pYpKC8DhYXIgxzvOyFVNbB2arOZDAbZF31JzLrb97oua4kqpHytru4n1rCq4vK1F +H4fbAb1rcZN1F8owL+XCu79kp+fjYbX1/pUymonfxuoxMH+Z/V/8YzJH1EZhzFO8 +u4NfbJyZNRhpWf/9XLWecPRdF2aeg7ci8giw1PqP0+zrMkF4ZDGVDuppb5NJ16m0 +cX4BXlZLQGCdya0sp5kzEI9Aumo4sGVpJxhvBabQ4ilmA41ixdGVFuGryU1er/4W +vSER4gSQYNIfZJwC4HBeDMUT7SAdERq5kk2SPnhPJok/u4+2pKAalffETq2nVDj1 +fJMYfYZQizCyZY28GXDphkxPjMXkp13+QOYngXgSgXYcykO2xA3Sd2IExmN2Du3t +gBX1kTDlBEBmtAZFVTLrZAQHwz64Q7UK+9OV3xWBkMVkMXawWk/Ad9t43egzhZpw +biCP+4iTwMsCa4gvv14gBgzD2dqDYRi/MyqCAEZ/nCQ5cbhz1TW87THJSIOfyLJF +43QucJogqsNHSWaOZNeU9cWSUhanRMATVZNmXUTqnfjeoTuENOv3M1vczMpHbIt1 +P0KVpZPLC/6H5fk2w+bk5ThuQ5dV9K3qzRdANRqCp68PAwMYlB2ILU9+5gWikpTb +o3Rc7zfJwuRA17NeDG/Bh6z2NwkTusmmxArm8H8aJg/r9xO4x4t68cS70SHmB+yB +Ut7biGdeseM2W9g5jiXR97h1gNMJDysPHbJhUYfoTQad4k1vEZ4rbLbRqFcHfHyL +TkInYDR/7M3Tk3zG7tleT7H/8lzGDBG4hwCT/wnUVvDQIEmRY/SpKPv6gINw8buc +xSy2Eu1Q/84/FdO/wnYdCQchOz0gcjB8naipIxh+n3ykmwHjMh3HJa2CyLD+SnuR ++ztcohQOmsbMOUTf2oDJ0otrfIMO3djvRTeFY4axu7qu66miEaKIn6vpaL1/nhnk +hTjZyWzbY0m7dnQJAuAFG6qf68wQZuDfuWQNlVCUQMZIcSwIoIHyJVkzMebdzUMj +lS/NCip3J4W3AcFJRo+hLKbWN5YIu6BrqjVj/os8YfiKr1w143qC6hOpqI4X5Mqz +6YSIwRMwcynxANpsVaXuRGPNsqsUaf6WfsPhxKKY+Y+t0DpX0ErCP2958P+v8oVl +4sPFH9pMOP9eUjNAzO7Tii6StSFfajQ4iV6/4GnUYgeYEevNkkpkUc7o63KNxpmj +KghltJ/m/z3Y50wMgYf3F3UHEZ7e6CvBzqliR7TSLyoygsEz+1THW99M0pAetSBB +7oztNuL8AWyE/eoCFX1OWx2iaqfrZQ+il3DTCecvhxvPjLl9eN/wPMrqEqIahyzc +ImjmHrLG17KjZFo7aThn8gnUPcl4VbnMVCy4mGdaptvkedIoLC4HedtV4nHvQZSO +RTa4C3flrg7Yv4YNxuapnp7Iu36Ru2peABh1cLRFXOX7KKnMjREParKUuoIG9mRY +YVjLLLRn/wHktNiVyOusdRgfoaGmeokwUbRHhA5PmDkEOKoRSRN9vUadMGAo+gdK +9iqMcnNX1xSXsyKViuWw8C4pj9p2RZwOkYiAajuayMWJhOJUnKvD5KJvbO2A6AxV +KgjyOoZzLm5ECl332DexIdjdBG5opLVFsKmV6BUOtZOtQ3zSVVmujlmbPLIRu4wJ +0bPEGEt00AnnkhPoAFpN5vBtTjSQvAsyBeHLs2e5BCtuUF9hsvTBQsR2KjxMp9Qa +soyEaT5afJL8rDCs4Inmays6n5mRz5JTX5oKH+S+mAkTGL/BG4R6eSnL8gsrpHZU +cfAsdESTSCulfiEHyRJUgTobEAkonXiUKiw4wFNIyis2QJHgcy8+g7xiIcJSLt4m +ij2vWbdeVHxEOsRYHk5EqICPHuhIN+KLFhQh3lDM2gtQ7OYZq6LyoKPTUo6r/bd7 +2NZgU0QiLN+ylbfpRZ6T3cu5487uuXljBvP0eJjxsHFloF0ijFQFmcMS5WAqsXaT +6zmnvdYXqZ+rGKF9aQIE67yT9w== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/librechat-env-prod.age b/secrets/librechat-env-prod.age new file mode 100644 index 0000000..94608bb --- /dev/null +++ b/secrets/librechat-env-prod.age @@ -0,0 +1,70 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBrem5H +MnBHMlJnYnF5bXkwbkRLUDdrVmlWbnR2ZFZqemJ5R0F2ZW9tSkJnCkZqR2hEUHhs +TXlDZStkQUZFSTlmTzByYy9vMS94YWZUNFEzaFRMeDk4Z2MKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGJmZmkrREFBY1UveVlSWGc3aXFmWHBkbzMxWUg4enpMMXdKb1c0 +dlhKa3cKekw1UklpRksxVTVWZUxVRXF4d0VaZi9JLzZJTGYxRDNibWdqenY5WWhW +RQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgS24rVDFjYTI2bWxUWFg2b3ltT0JUVCtG +MXYrTDBhM2I3OFRkVVp3d3kxQQpBaFBEcGdOT013dHRidUFjcVhqN0M5bEtkMzFR +Z1dlNDV3cUpaR2NsbmJvCi0+IHNzaC1lZDI1NTE5IENTTXloZyAvaDE1RDNmblA2 +M2o3M0o4MTAxakpVR3JwUWV4V00rbFZLVDVHYWtxU3hvClRUeUkrdUUrT0dxUzFk +czVwS2tYUjdTWE9URVlQdEkrRUNELzJlWDJJOUEKLT4gfS1ncmVhc2UgSnJxZyNJ +UyBUdyBtS1A2RT4gJ1JsPztMCgotLS0gMDB0bDhWeUtZSzBlNXE4ZjRzVWxwQlVW +V201TWh2M1IyMjdqaVZRRlRKawoD+/nwNWeHHqKEggiWOCmN48bEUYR62hxg35M7 +OOlDcZJ2GtHiwlJewfGTgNcazqCrQ0f4BDw9bcEr9ys1Qo7On4qMB9/0eodNzkR2 +P0knsGfzwfHdGfU96RzQhtPott20PXdTRmlvwzfVsB50uhx0nsU7UjVGgOpUSxkd +bVHgDREp6Fgu7SJ5SPFC5PvwxNvoGkQxtRuRNstkl/HAS63B8So1Ki+WX5/+LovZ +f9LbgyXeOXSzBKtk52n93YQqWS5VBPUuvbKFst2k/uvhcVJtQDWyXO7uCguzUtGC +aplzKH5D4xfQbdYLUgmS6LYHrL7G5eCu5SJ6hQqsPB+jUcElTddNcLTwGB3MYdzg +wTHvQVRMCBVX0r5iSqz+wU0yw+LPzMn2Rs5UU+gEv7qXgCDnwJNbfgbCDnngOFjS +mTOW0o7AfWH8mV/wC60cMUSNbDrbc3QxJco6PhlW72VHCoJq8GWfxcmPm46dsZ4M +Z+lGOhMfcNFcdSQ9OxXsuqBHXBAx/3O4SZQdg30SwyBb82CkAVtx3OCx78u+0Isg +fOCgFeT1DYm9mWao6l3DQwMntytfdC5e6vaM5Xh9ZB0Huwf+ywJRZ2mNx/QWXpYx +bGuGgFtaNxZtpgKFOpW0oMI58vvqrGXvmquMWXaaBMIYsQ6WqN7UUZAv0OjQ0LcP +MxcBcDD/38rOa+uqK/Ot8tD4tljxaJX2QbsH2SMP3zZqQ0wtPNw0ugm5llK+XBd2 +K6HyrtcDU9ncMSWO2KvSUK9ZzSjEFU3rQo5LGrBB6fdfk9qxNy2xGKMNGDLdvB55 +YfDH4lSPzG5YU0IQM8ISzjYcprQ9mCUWGiTP/UcOmWfosAdTJMtb3FrgTqNjQMfY +ZVT7RDO4LdtsIoGtIk+6j6SeRM7O1bK+NRBKgR363O1ykuMSAGsNny+9cx3kggMu +bVAlTasZttjvxsxhlz9/URlXuSOYfM7bEoSwn99ThhZMkebzXqp5IVSVMllkTAmM +6+raLiNaxnRnKPu2WLsS+qeuCsYqXNiIYntkAchq0pJ8GkcyzLBPxw5DqN+X94RE +ADLYsMKS2JSbTbX8qz9MdbZ06MKjkw+B5BEcQnt0phWqniWs4qOxct29WODCXtB2 +cmO/iKa57eO644FGrCExPjNnuB+vKSZw4Cp8JMzTj4JTLpBTdB9xF/fRrpYd6Ij6 +cScAnRJ8LskOSDn/NEHZ963nPkct7YtkE3pg6c0G9IcTwFyyXl8Js0B5Wz0s1coV +d27PTL1yQnoL+Kc8cUdLLoPeq/boXsHtGkxeD2jYOi+3h93VWO3FWzuqnw8mO4la +utq0IoCECck080l6WhL21OxTkM1eYwktgPSIdCgLaP9GaXHXTnI+1PCanlaIT/ys +BXjHUu1BrBYx6eu0ZwhG6digaeO+f0n7CilKdrfgfp64WbCzQepGEj3y3eaSJjsW +doc1c0hvD3uP38I8ElJXQv2VHT3FOI0Kvq0G13YERZJ/c1RBZ8XbFV6liiwO6ika +RfvOxGkme66tEIv5jcpggcBMpuogAVTznYNPTy3M23ZnwmAXy+24ndxuwluUE8vN +ZtKudSvZnV2qLkDnewz4NjJQr+STVMQByrDdrKj6I1n73/OsiEs1wc7j/LVHXxfS +Eoydj/wBJRZl6a+5AXC0LsaNhbudCJWLjvUrUpkGeHIBcdZYm2eD0Rfu4QfMjxY1 +syXs9ryVNV038xI86RTlDPzPQCxUa1mBfjm1eDhGrjNv6w9hj/LCUY+au+hWObI+ +AuqiabTXRepiKQQTxdbIPbFN+Kdu20dLasOkxN4A1cTXdMhOkhbeoAwuDLsGHapD +OiPtLaT/Rk3htUUtd7jsd3WdXcooj1r6PkxR+CwMSd5iXkP293rCkzYyOLMu1VcA +Omg+kb5K2kUtBRv76qBoy74zy8C0DUPosNghKJUcu1Cee2CZ9J4O9gj2FU22CLEn +FyXPxrlqIvXoeAUw6U508gvtJAeC886kSocuGlszE6KEULOcZ6NDHk0V+r9UJWqe +VM/lJLEYHs5ERNnGCUikHizN9sjPJzcm6SVxjob5WlopigkX8dJGuB6rC+YL+Eil +qSDPVDhF+kfUP7ou1XBVInnz5ZbJrWu61OHOmcQlKyWSy5X7ACmuwNnuYI8aRQfP +p6hob3oRCN6lOvWyJ7mBjOqBM2GytHTFxY+QceoIGwkyn4PppvUmtVeAWtq3/+pz +3dsBnxgAjZcU2YUo0H9pRorWFesBteM1o+7Xty3iiNJlC4C1zLEMt/X7VLKMd9qi +JmDzaU1SdtMhm0AxbFxumQy+b75CwfluoZo1SCVnZRRJQMzi1cDAClAZSocaAQTr +tIlv/yp3iHyZtFXnR1kqV8Gsq1ixv/4pbQdq7d1qfU76O2CVhKbLW22diedMhVEV +mN7LhQdBAmZMZol8WCH18q22+KRHe9ip65mZsN/ia2CrYjAlEpsSkbuoLXKCa5LU +hE7O3wKwbQWRmQtrty9iDQM6jca2Qg/MUDb5Hx4i/KYTaZoIqCPvm+rZPIp+w2H4 +qAvHFWi5Rnoxpz3FApYCRhtRADVOhKw4yzVcqLIse57eDZoCLCd5aFUDMoXEaesb +zfolTptlZ4SdUlvTk8Tie1GhKpe05LZrRELrsRnfXqXavo7XukyN657H/GOagDho +cHMBcwQJ8QUlqi0LLo0MgmiDePU6V5sim0IcBbpo0JSb03vI3Ba+zw5S8o3pGXi5 +q6NHIj8WPGNLTYQtjcAm05mjrPjHWFaEjfY1GnWtOB0AAesqwdjVHapy9XZX9JdT +U38380dB08kfd8kQp7gyPuH2vQhQbu0C+Bs8XFNUAhvSkz9v9wJBjdK608cSa4aZ ++wOsT22DprU5YvucUXUUTtxD8BVcklwseCoGh5GhTgL37uH1Un9SRAVf8FYvr8bW +4ksuWBbG+n/sKMAJXMAanKhf7OO1g0amTPy0o/5Avx0pwbcdYtjgDm8yqQP5kDP9 +jkbNj7FiODyusExdxnlqH623E2ZoKz5/7fK1gLdWgvxEs34JwZ98kYKkikbiJgFR +bJ/u1njKMk1cI42jE7Gf+Z+sQiVq3808hzqXAa8sKOWXij4agLUzSsZg8ni+pmN/ +H8XgVYfSxFFcJ/W8ahZjEfYtV4Imu2Qj0s+jqJyR2fFpLq+z+LQOFMx1i3lYn+bW +zPPiFgyW1ALhlRuL8ZuIwEOTrKLgOHiEeb2VYHgtOEKOVDaQNJQfbcHDja3/c2XG +uo4ltAJ9yM2IZYOvdlT4y9ir0KuPM6t7EOBPOulWFtCezNVG/c5Tq2LJTK1PLwf1 +AvTJTYW1iRCg7EjvtEAxoe8P49N8cwnAJyvHOpY7k4Joc9pmcXfHTCW1OhAyI3ET +9lngDcvRtoh5lZvAd+SCWxtNrrzMgCskh4xmwLrwEYt6N7OQ6U9bEbZ8anyF9+Hw +ICU9T5pW/5Dz26Vcc72p7dUEt01dOshXCHB3V9hJ+Nc9bBEsIpuHyuxL6rnLtj9q +txgDRXF/O3ouhqaR5Y0aiDMpBZ5C9AuWepO8jpW68AuBVYlAZL1ThOzq6U9NjQxq +WuwoGMa1k4BYuQLpZG/8HVVKpfhWb5FghKtLO814 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/librechat-env.age b/secrets/librechat-env.age new file mode 100644 index 0000000..530bdcd --- /dev/null +++ b/secrets/librechat-env.age @@ -0,0 +1,554 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBpYXRY +YlFGUGY3cjZuWjMrU0pSQUhOaHZycHFNK1A0Ykc5UWFVL3hWcmlvCjNDeDUvenhZ +NUNKSHZCZXVQaU5udVU0dURpMXJpYmRVSy9HQ3owUG9DRFEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHpwc1d3K2tSbmZTTnFLNXl5clR5cXZ3cnJNVW1BYUV1VURxT09D +bHdKbTAKSnFzOGdPeFJ2dkRrL2VDRk5LNUhDZm0zY1VlQS9WemNBVHh1U2FQS0xL +cwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgRkFGZGY3UktVNWVWdFcyUUhJemR0TzFJ +V21iVFJPWmNKMXJ0K3NQVVoxMAplWGEvbThPMWl2ZVZiOVVOS3hRcHhRdmRLc0Mw +bDhXNUNtd0taUUwyeDR3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBaTk5BSWRpbHlB +U0w1N2k5VmxtNG4va3AwaFA3YnRsZUdZYnNJSDV2UXpFCjNwWGRVdDhWN3VQQWRE +OWU3bDJ5Qk4yNjU0NFdtNEQxMzV4K1NjV3FXK2sKLT4gKm9eNCdwZS1ncmVhc2Ug +dkhgJCBOViBQNSBkeiwKc1B0WjJ4MVQrRGhveVJIOFJzRVBQRk9QNEx6azFYMEpN +OTJkWFk1U0E5akVyVklVR1J3dFYvN2kzMEZHd2xXQQppbGhuTERrZzAzVHRCK3VV +THZPTkl5Z2tsa0dXV0M2ckoxMkkKLS0tIHA3NXQyNU1XOUZFS2JRYVozWTVGa3NN +VDQ0ZWJRZTJUQXoxeGdsWGtSQ2MKqSGMY65VFFfbQQJnanilkpdaBh6qY2sBegh+ +nqJo+jncb3rSrzXnsgg+h3PWfGEMahBpQ+DSaSNuMg42xT3iyqMO+Ud/wjOW2/bd +K9d71AsamepCqAzMtI7ib12z7dC1tIXF3tcQaLd5aMCHnNef5BEWK0q63sMrfVwM +UpoRGKMDHCbOfCMByg76gWKmA7Nb0pB2qzV3eI9EGSjsx42Pdn//6/MZaJdGQwuw +u4pxfNoadLJGQTxdMLldytBgifcPFnN8zJPsPsiu5WmaYkKwOz47sLfyx3vu/Esx ++8Yex696pI+NhIgm5ZQb2WnVoutwIs0mQOGf3+Mz4RMA65hgabt0Af8X3ZS3MspI +5edJz6fII6AG1K+xreTh0ZJlw8j73YY/Sf5Er25kyhnDSG7MlPnOuHZkRTrWWlgN +idjT1KeccMVo9d54ghGbWKVrLo5PWF0kMKi4kRVw7XveHm7+PfGVNr74WIGtDXiu +h2jTXBgg4uUtIiVnCdI3RHxY31FcCYWNrd6BvL5X4rrL04OqeLRAJA6Uk66gjNlo +EZ9aOAjgxxApaqZIdbGeY1ZN3D2IpbiHd9bEK5LvmuJ9r+9/xAveqrZwVYZklKxH +gNH7DMfV0T6iEaMu1ieSVzsFg57IreUHAdeq/FolRoCP+nr0MSL6KAO+CRujSwzz +LlCG2lCjHd7tVRIOerp0GQjudxDDk0aznS727s2Jg8fcpcMEY/L8GXXeMniJi9kM +cu57heamu60uxdU5LnBmSwith5PWp/C56ykeMKnqrFeqdtFc9jd11i9vYJFxJI3H +XOiNiV3tf1rApFYOMYenvM59Y+DGxYTmTbw4Yii5aEXhTzARwzoFjkChFeCJh+nN +1bERRHsZON6CDs9vMCqVohHUJUmGICh9k168ZTxgRJJyOY5Q66w2WBrlfUGoFESp +ayYbCjVc3t7tFV5Xq/40fbM7vHLQWq2H2a32z4MuzaGfhiilKkXdu6qMzvGf7vY+ +k0FiHiOy9Gq4Jx/ONNjNpITykmJy6WuM46UV0isYyv43qQR5ev0aIzYJzulxC0qy +D3Pd0OqA+ym9kojl8GmBbG2saMVISN7YDWOnAOG76Kvg30NN1LgKnyRSztL3A9Sx +lJbH4VWUUTWcL0QUvmY2Sz1sFTMOYbM/5tiX0OFt9GYcBMWoeY1MIIYLQuiQ1BJE +yp9XtaX7vzOwH9O12YiyLebVOjdZqFDbqrAm+wFw43i25ggjCZpiH8ZSAaVHpuBp +/oX2qa7Ux3YhoXpfGuQ0UBBy9M8wj818alVw2+rFZR2KKneq8tPKAiDiWGroR0E5 +veHLu4gBkr3ddSG+yd/zykkcLPUdV7gN5MyVkkYJcDfo9HLhflSRYvrnrEPjF1pz +Kt3gxpsExL4m03SDGyesL0Z6rkUUPbqh0+FuoI4gS/PFs+2wS41zDipNrP8j0yXz +K1ApJg1w+JGyS1z6Wem2x0UoRTH3Uw9wJQZDG4keiZGzOahoZY+bTQN3fpVGMR1Z +4gxr8f/3DHnPgh+9xXkxI2xFnXlBWQdf7SWJDOzcw12FT3t0QQxcbAFST4JGqvMr +yCGBgR6bk806/f5dGpZth1PuJI08OUolMwzjuS2zd2wIS4n5c7Z6sjdoAvjuqRqB +X3k6rYV5mvPwuwjTBAjiInx9JOQHCwc7wegwndEkKe3qedo8M3mpTDt6+CPTPaYZ +NUQh7xonTs2ILnNKm04YRlzUKL2w4oOtr5DWer/lNleB2MuzN3XzI48rgkrnSdMt +8Qjt5JfNVuTM/zWZHUFKELE/DOE/7NhI7Qg1JvtOwbmsGGld8mdK/yEElXGA8YNv +mI3ASXvHDaoWoVk+OhjvYHrUDvtcYEqX8VX4XOmpWSHjw0l5ITqLTOIX01UC+vZI +yNoFCAEYplF7MM/a8+cmU5hJlOJm7oCSQeh1iORo1Xem1a2eLxW9DJRUaiWLJYWI +DCuItReaioFnXFOq0djabQWUYn2tfqhQva8MxVixbNDRIVQ+YzG8/4eMzXL0HkUD +N2NmRyc1w4cgX8utCbSPTa4nMnd3hU+bw6veXC97Unc23BKulsvuooH7nsmxmnMV +Oat5KncszzJoUGv9dBVp8vrX+Y+0SdG8E0LDkQ/HAyrZLGoy2n+Hkcaa/bXrpx/4 +Xrt6T3sOXuk2hu21vYVHxsXcoRyfe3tAeTxANF++MBLO980ceRdziSwzG6+V8XHH +xPLOyQjvGOeJ8+Jm7EHNMxxw2roZ1QCIRWbwEgTvGOL9rumGGWk11D9MtkpfODa6 +hFKw6NBY14/0kfZSjic3vvXTmdrjq1kA5nxIABJxK74BNHg2J3icerAVEc5hwTpn +ef+bW2jj4SR8tNx2AWbZQyILWpX9YHKNKPoLcLd5Pl74euVtwyZE8WXrYdTOvObI +ZWQnxnP/EfHZ4YAeK4cNK6fbkOxklVybJEPLiBkULDOQGX4TFiMWtzyfXDN27cXJ +kgJjxS43PxlkuZDTINrrZyaG9dCO3roO3uSBOxd2K9W61F/4tWtKw/P+MmAm4D13 +wGQKbGaUFgvwC8gjJqVUVPmhiiFbooF8vfQLql3fcEeG9JWJtGkCA+d902wLAlfn +NDtGqccp8Xj2pyfmhx9tIDqlVtNwL4AW+zw3hyx8rJrJS09IeehgacmP57WHDQLc +2eL7SyURjwLdMDvHPl4wWP5WLHZWlGmSN83eTux8zZhXAmVJsDZtV+aepq/nXtQq +DpMbdBsPv0BsmChOY1Qq8HVbtWOJUNZ/GxEyOJchdomVl1EHqYP5xS+E09kJ9Udj +o1mVcDiVAcNfYH2kB2NumR/EdMgm0IkfDhX02iDufHQUGizLznfm6ga+H6qgHo7x +zukUa/ztvmNmKb2iFSoisXR1agxUbjmdq0r17oNa4eWAfUkIqd/i9Uk9tBwsQKog +EeADbwGGR+mpuEDbaeMBnYLAV4VDC8oYu9xApgbpM/B7kAC435J3jTjq0fFjCtbo +ZdBMnQoahQYZwvuq7Fu5OFa89FG2G1qB0aru3mFznVdH0mfUDSckRiBdpZpHVKUW +4P4ILLF4SValw2tHUn2G2guEfpjqw3+4462s5cPuQ79lY3iwekwPKe5ElKwRol25 +rwtLCpeAypsQ4ycxfN1h+geAPaXfRHC0N9F+TuhPtlC3aoJ1a6gwSvpiWz988+V5 +k3etLIN6cV6XixGae26kSLLp9kCAx35CEZ6ldu4/vH2Uc+jPn5Viv4RilzA4mxF6 +HGFQ3EyIfuQjgazO+aStmmE/8rOHDMZ0YbfZ49KVGUzykzPxYZI9k+GzY7Tm9apE +oYLYpGIkK3fMGNWA6nQCPv/DZPolT5FnJIPU6Z82av1DVaam9VGvc+IjbOqG6NCc ++iDYEguP/EmCqF3NeOmMcunbGxr4KQy/RR181WvhcEOxVsd8GcJsn/P3r2PA67HL +M/PJK+XDJPswk8TLE2uvw70/TRL2n2eK1r8rHSvSIaOs5SRlU57OPnUn/s/69QTl +AzNwaGYlX5z5uNkVga65MUQ7yOy5HdM8Ix6v4YEVptzlLV+av8dHQPAuZDico27u +R6okXdcPuslVkqzE2u4eDcDGHv9xSCGnTH+f/SgYrxSoV90KqJRYPacJyxbYjV5v +eDsEJkDkW6vfd5OfPVzyZetew8ZulCN58CHSzlL0+kh78QADei17BoeTGaw14ZFi +YxL6qeDZHbD0e0NxMg3o3ucP5dh/JdrvM98txkQStLGM/N9bMB1omvXUEXlGmDWq +PTKR6jeiZ4msW259RmCTtugeVl0NEtIDNMdV5yqJt01hax3d/NgKLMd8neEAA0H1 +P355YjUHwkBvHFYdlJQZdhK3uv2E7UaqiMobUkthG+++Fcd3iSVYgGk1dJMDFxlV +HnAq+6s7zPe+9ifmG2C1ajZ/7mEJpApQ8zaKmgN/IPm5JBSab1oLlt1Osmoytu08 +UMvNrIeY3ciER3RPhYA7+miIA35zyyznGIxpTgjUiyrLjZieZkHnxQ8hoXqNFQ4+ +rLkgzq3MLLkGeapcQTP1Y6Y1xmfdUZmyn+IZB8fABrdaBNSdIqhPPditTRn0EK2w +lMSdTHu56cTBrx5E4UfM9IZ4flf9JOHcyj0EYjZgHH/OwQiUOHBko4RoOHhzKqix +rJPzt181HKVCVT3BUYSefWS9PvK3XYYSI/vfkgfdAUF5Y0AYEOjtQStdpANMOsqN +RZdJO6xy34xy85fjzbf1lZrxxuFsLmJJ37yDdjS3FLJmvcTupKwXeuqnZt15oLCn +DaVKKVZJU2aUC1t3gZQXkaMseaHtV3iRlLSn6jFI0lwUlc4VDoYLG/7jtkayfxGa +X+06qlpXYYbyG/TGUuT1xX0QB7wH480hY8UYFIiz/pJNOxfJoqSSPiDFx4sLd7XN +9EcGy7rkFAlKgJr3Ssb+Kvn0dhzY+Kv8b8DOvRzzKlc4Gm9jDwujKxZxFL4n9yuf +CZaJzzxOgQH/KrkRtS45eeIr7lk8GLqNCIaaYCLTIjaxkac2sxC5PmCcvg5bm2TA +5prhd98UYPY2miGCdU4EEI6/Qh+6oCsPoAxnhFhdYj4QYRMJHmbOLohWskir8tc3 ++rp1EDaolYkqiFUHC76M8UYiSttetHGwapDzXaFT0YrKLlfL0i6YPUy4cTwRH4O6 +d/F515TsgAOKB+zML/Unxn3aQyl99YLcSdEHVXmztggQO51Wmb7YzJRQidAZKbdi +11Tq+uTYNd2aJKRWOlHIQJIZUtRs8NvG9zZCy1vCabq5O6NeIpGjiYy/WgCvt90F +jByZd0/OP9nf0Nf73IGXjTuDKufSRmqucjNvSFTl+sx43DuNTmTWin4wKx24zZbi +zrgLzss4E9XuP7bSXo6BqeShEpj96wXl/A9GKBvTvgD5+Hclp8APezeanzzFnA94 +iZ7KHQjo5JvIBWWCbug/j69PtURJcZqP3t3zf6hIsHSWkDpg0feF4l7EpCzr5l6h +0tad9dkOOlv3K8SXeTotFdpXLTiKb0feHtLL5jefzZyB186B42iaqolDTQ9AFkKI +HIXVatx8Ls7V2243XuJAoJcodK/evTseC8LOXHLiiKeSQBdJgKNlzllfaRmoCh50 +BPeI5+So9nrzVu87lZOUsNc+TQftfqBKPej4BoLb2aMqmrooWmO25AI6roiq8Y58 +OyWIXcxgmivRf9imbPJv1NVNbjLMY+qvTCG1wTHkX/ke+aRktt3yTHLJteHWB3WJ +EOjasCutTlMDFOKxV0hBmERtGMukSD0B+o7JC9DzHE5yOCi2kcMcfM0K0L2HvpTu +o5MeAP0ssSoMgCTzidTh//JxpGzflmSGCASzouLc2/ffMyG3YmqnQhYlm+nrzGxt +D7WzuLl2FYtFwl8AMbdjXGLE9rTUsUaz89W0ZsRmtDPtENkNHhzpMxYldjrMBbND +MyYES3dl5I7DFuqwgz4TvY6g3+s25Bm6s45zm2/ij2pUd4D2LiNXOtTEaocdCFgW +wjywBvkp9m3eyfNrZXx+545XngMcp02eC/HhQtcLFZpmR2sUxiO2rRiuprNMde9J +Ihx67klj8WbHVf9us5+6b2/5t9YcInfL/JmXvG0SeQl4LULdDbvtn66jJQz0TsY9 +zE/IWcAjIHCb5OCLUJndhzRSbWGqvr9uiuTUlOz7IxdhmJeb8RwfrZz87UABXDSA +NHCTMmjdIZAsW6MK6Moa6uGm06bEju5QNDr+IpMnwN1EIyOCvcHLnnk1ApMYSrGB ++m3xdpGPc2UwzSSxikOSfuBvZku3eIl7+RHlyvHq4+yRXakWGQ2drwWOKBWd70hA +TbvU9uxLr7AVSURVx1D4KACSJo7wy8Ln3Y0EinfJViNnU2TYMWyYWP9780DEq89p +0CkZBFFeXDZoNuFqJcUpVzZsamAIkK2Ky/5P4+YhDN8pw0OsW2hrA8sPB/ES6xtM +s8ExfWpduWOEl4mPRzoTQSqlTM19lBO0xpPxhnQd1rPZxpXt98ii46FU6XSBwjnj +He1WcX6WvUU3WY/NR+Udq2yysmSU7GmmLz6O6DaiUGqUa9o61USsu7dX/LtSHy8t ++hlOxcJrepRWkHyLypGvDOomxM6EdpxdvPUEoTkX0PUdc523o6KE1fyPmYsjcA52 +0xfgDsO4MWEVXNp1Djljy0ZQJKd0nDheCTWy99FUP5h3L5FwMziSZFa+l//zkxxW +eceuJNNlN1+wGw4XVu79BsdyEW++qB9h3vprGWtPtsWZSJnDV/6OBAOWrdAXcSMh +e/uW2o3U+x/xXedopEKr79RVNEYaFph46jJLP3RfKHEhBs10i8RE07JYtzEPHnbr +uzkvnFZWaTVBI4ybS16QMRcglvUAeJtrrW/uaprhTRlNw28jxMYyl+0362Sd1+hF +CT4q0tQH5AXeTB4OCVuBmPdW4c6OGFKfep54BX9gomX9DtLbgICGm5AZ946Pc/1r +JxFwTHEfJTUSANLGPzzSKoVVI0WXufTwgPTGe82oqv3v5I/DQKth/9Z5V1APZ+jp +0BFZxhqJlGK5tzeXBabnvD4AWkaDsjkSfyOsxV7s9A5pbkDO35BDUVpRT/PAa4rk ++09VpfdZJCPBKmnmvzYwCUxSvuL3TBWvHjy0fYA4qVyG6WOe2hQhXDyVmir3n1r1 +IqqosoXKD9hxIsjmaSVlPHH6p1DVJ2diCmnBUwpyp4z8pX0n3wMZwoWZ+MrBjD/2 +gSASmyKd2OL+q3XNyp8CFZ4ZWweJqdwgAmn96SDilvgjK+hvyv8Rpii0eM0OGIYH +V7a7EPchtZR148hxjGR48SYOLueK4OYq0IEV3PA2yjAPcvk3aw/lrFw3E3JxuugP +zL30MjMm1fpcCMKU6kQoo1TXcSKfeSmfV5rlnyKNPO0ntChM2TMHuyhKtaUvimyf +8CvqSNZQAkLjauSCH7Y/uUxLoocwSAr+iK5rZE2KVe33oG4psKh0Vpq6JRyW7dCw +VIEsZXkpg22HeONmX1KxOhxvjaoYL+q40KcEjOll4t0Oi6U7tCyvtxyHJKF7EOwY +UCEbbiZAW6G3BSdGsAg+Ml4w69m5LLlXqxP0qNcOVmsK2U0YZTTTXWrwoHyb2slG +c/d8wuq8bePe37YggUlRWDGzwH68y/hxobkHKABkzGWCJF/qHzZAMPCOhkFs+uHC +c/6YgprNeoFCxB+0iMwvyPG5bLEAdOth70pj2CnfyYmv/MzRALWlbqVfqWc2dlts +aUZoqoK6xi2ZOK2eRUNohWLaBIC48y2p6CLBwXbAWpNjBdQgHKnXtDdmBYyuUApJ +6o7fTjQ1QvvVnKPsGmpC4qvCpvCytgvvB0HjlIVpojsgA3xQh6f8pabONXsxMS4r +DpTx3T3pT4iO4AHdKl5uOK3x/a7cmEENvOG/lNswKcw7rIbX0ZAuwcXPHCTLUnwV +Wi958Y8fXMV/00bvRWW7ig7rNpKmJus537EGGgZaydJNwjAsJarpj8ijgcZHjxO5 +RuFP/vNBWbDVC0kpaQ7QftVliO1D8WTlqETVULve3g5ERkkxz08jKa5SfNP/kYGL +yoXhgJ01tbNP7mfuS1rAiL0jskk2DUMeptg2Gr7LBD0VwEoopc3vOR974AWsqBj8 +GZIxHLFB7Ub6SN5p8HDL0I4+eZ1/5YwMP55riakyWXmZ5o3+Qwf4awAXrEvsaBHG +1s9QQOhJtdxeWhsOolcg6Hh4FU+CCT1x/COjwyKfHteKpC/ywlGNXdZZoce9HvXc +tnjLWBUofsFywh58Mio668BJT8iBponP5bS6X2ytk1D2iij00p8+S/IscytAWj1u +5oJFuyNk8WpQG1yU+ViUsgGerFQY+4Luvl8Jo08bKzyoO5yuL98js6HJlQ6U1yVL +P/xfiK5szRJcinRb0nPz27XK6nP3Ve8LYrFKPYK8INzL4L9D8CSGJWcp305aIjGq +Fh9yWF57SDbmTu2DrDih49gYbscbH9gBTizIKmgINM9kIJhC7I7ssj7ZxtpFYGf8 +SsEJ7UZkdoarqSRfDE+NGBr7hcJg3w2zNnRI0AINXftHPO8OKr6NrXz/LvnnsW+3 +ebr9qhQjidu/LBRLbefmwSuGtBHyFKbDlbxymol+ilxe1SKMOmkxJ5rUjM7+FNER +ZuHG1TUctV8Is7St7QmRJ0EP2CDwiDXDjypbriq/OOB+mtU9sJ2k5gUYTOmnIKAJ +arqYg+Vrij1iXwKKaiwmkwmw+rATajORaKq0stRyNVzO/VV+uEBttpcYbkFYIXEe +HRYZzXCok9xXgDexRhsWWjb1JtnnD2hv2xpUSPUGzkV8G/LSoZeSIoon5aWxuv2r +Ntm7bJ1a/eFVPh9cMzKqLm2+PzjukhGJC/M69uTi6jLOblsV2RYxsfPusNeWRDbt +RNHYa4LAvvow+qBsLC2xGy2mhrJ9tSsSBL/77sCak4JQtqzJ2pyMvZIM1ioOFzFp +LaR5AqzSP4trf92rAhs9lU8M7STrtk+iYYtqBJo8K+l0PS9tul9RkKKjfTzXFTcT +pkY0CPtxSS1pKWFCuz86CWETFnX1VF6SymfSTldzIeSgHxBmR8WOSc0Md6ap4Bfm +qiIBoejWSGTLE3dPCK8HjyrV4Hdl31T8xetNYyb06hB1/AGkW3gfE0pvWef+cc8G +AgoIntWA62ClyFsP+hqgGJko0zcMv3/o28ApUfI6iF+bzDgReIglzpDnSoBrErwX +ucZ7eeCrsqx20I5y6T7PEyuJp7DlYnE/elYTJfEjjcUXpKQ2XxONXfnSCS9ajcZB +qAlHwxm6khJFK8hevAJ5OnFOLrrhSjIfYspMCqNvMRnj77JdUrADkr2KHtwYYWfh +3uWKkK/fGpAVNiyJt++EAnTVm+nfcT74P79PzJwQab/I1B0QRheYaObh7uC5r+Kg +WgGdqycSwQz/DTtkYG01dYlhb0h5ZurnYc6Dz6SDFipmHWvUwwpSX01we2XkK2aV +TDKY0nDLaZKxtm6WQR0GF8aISHsF9e2niojlc5ViQlcexemUTNO2jyJL/bJjKQ3g +YoOEspdzpiRbvOPXW1flUMXctXzrAtbNz8rWppuJEH9UEK8ox7Cuiqk9ffPWLjp4 +0bHyIAcsK1IZjDFnzaxNDUD7cSkTaocC3WGgCJZybqYmOKz8K8ICoQu4OU/EdHzb +/6r+9efc+HZ0uRcIjGh5uFPPnJT/428cDqNwYxtxTz7+yBz8OncqSpROb54AR5hP +JJMV7ufJBjH79zWWeXGEB7KIhfo0VQ3AB/iSCH2bc3ZKoIcNZEGl3uYGQ+92qldJ +a/DAHRMy0SnSfQ53udHYLFVpvB5klkS4lylRwgiCYijPnO4bAoTfTNjh8siVws/v +rtb0+XeerU4IXqqgFNweREeTg8F5hSIJ83L7O9AXB9eShG8eHtnq/szz1VmK4PGd +pa15HPxCHaScfD3hq3EF+osBDKwPYGVwsJxQxKqpQRzFUMtjmNBECU6FZFs18xyQ +PTKtob2dqzOCug6OorkE1sTA6ZV0eiLIHC6IXttXKBBB3OpTJ47p5zKDuEhn56i7 +TjSj+gP46dHpo5923wr2X4PcSY+ECI2YApgXU600+NIg/vtFspL+1+7SorcetL5v +o51/U81sAuYa+K0eCtZZtNUHcDG06I7W+23B2HWuQJFrYTdYRIQbi+l9Ok2+dKXJ +zJpNeDMb75oS/iD3Zr1kmWCaj2BPek5zJ1caLn09WzLrqqUhbijbTDSYCnx0RXCe +8t4FA+j3akZjNYVDlKsXZQO0Iog7r3h2gMdPYIng6FLGMZfbZ3lnQzKRu1MWdVs6 +6yhzCDgnAYvln+duymkrunHtDq5XiN5BaIbfRx/y+FOVivhvYZJhY035LoRsOjDT +hEyR7xHop+GXQ2cbnfnG58DQMmPoJm/Ol7PB5wwJttim+QSX4ax4w3qBClcrncV2 +lbXXAXSwWh+Qud0M/ZtnXGaygeRLJHnSk1sNsmH7cTuzibunKrQFK+HnIlNVc24W +tH323QMJhEokhaSlDqKkiPAOwvn3dR13bvsbr3kLWQt0bGjnNiA3cSkC1UcJaNNw +9/9t1r0jdnHINtsT3V2UhUtZyiw8xOVuMW90Z952+MZzXU0rmCHgNcfS5UfVWLYW +2oyQDrK1OoItBjx//vGtjlcxCjTahaUUNuWuVigNd2DqCahuzf3dw8vvYxk5BDUR +8KPT0tJs3nyapBODTh9DD7E5uaG8NKa08AtjF7RloVO1QpPo3g4KWe9BPnYfu1Mk +4HyXTK9xEOKW4nqalCM+WCDmGNlJhNWjOL5KLIAge+BG2Pb7E3w5cNszqgaGZUd+ +Qhl7K9nMQ4lmc/WS7WZw0P+D2kuZ2JHcET+j44CMVGW3Tn6mmS3uCUxQJIxfkZDj +76jhLCwRBhY9hygfI5TCbTXSiYdUgueef0EWOxtBOUzt3mGHVei+LcSkrDvRACNG +eq7ynJeYX5DTt02C3wVac3yXwgH/eDIInWlV9ewUagsqezpN+mWCgLIdeH6Zrt/Q +wu/7hZr+cUwjLDAqoUahINvWIGrYZfmnR84oXmdLUHeNUYPIsM6i3xC+fTl0h+bv +opHalkZCbQeu4R41MrNGgAtzvd0vC2tIor1eFiP7gr7NCa3FBa/usK0rtlcte/Yi +WTjpc8yj39KGW+Lw4IZ8vho3vFY1s/imNvLQLy092z9WUavrh/s7h7lM6S+0kmgm +uNaqE9yPM4e8AkyJBl91ePYRq6U0V08xW0c7zHDiuvaktXGor93PjAYWnCBBTpB6 +jVcrCbc5jBNXOr1CZncKgu0VPraTeaAdmzvI8FuRJ/w8/aKO77cLGfZEu5OT1Sh/ +UbmBvGNfWHgEiNFyW46G1hm3Fm6eYdtmpJmZazN/IASI8sxdX4q3aIUXpTJs+6tO +vJkAliox9TCm13PIt8BcqqH+D5Y06rnokyOKq67ryqrIuYXZvk1ajR/mEOOa/k8C +xMD1hYOU+LmbE7vTXzPlvEP1xABBvz6TUMjgW5kT0HEYwkpjaI/eR5kerknYfRH5 +84rdFn5ZTFqNTRhikodreGwvNQLTQsJos0IH1q6hdTYOt5qseV+Y4HO6YTTn8Q9U +BZsH47L13PTxYXTKPQ3ZQI0uLhiV2baBm8cm3m3ux2Xgrl5p3e47wGZL2rqFQ6Pe +0f0uZhBM+J4h/OMKWl4fhnVDs189dQ/A2/vaN4toWKpkghnbUoWYNGKSBTURBFzt +ZQsOARv1u5tTl4LdI6uZoyDZT7KMXd6no2CKGCYEwfY9K2XERrBNQB5KF5K2l0rc +ksdrFIKF2VkQfHdYHt5IZUiyqoHBoquttgaUufJ2mdZKvix9gksqK85unyAgUKxC +jbT9VtBna0SDeUBNqd0mYxX25XStX7hpquK3Ob+lZHg66XyXyarPS/G4XexOL47J +NM8ZOjbhjdNgPW+KOAdcItfFC650PpW9ekCxJtXg4w21JxARQqt8DaNOmuIT7wdX +6uQOC9+LNm6WWg5rL1Wzs62xzkLXfMb9NAgPfoNstTLNw7LDsQIWZlnOhnQiJs2Q +mva1GABZfevggSw9yWyck1Nj8YsEDYcF39jcfjW6LNpjR68o0O/BzAuq75losjrl +pmh74fHcbum7wNB/TXBplNQUxFrfttWWRVCAZGBVR4lgNAvOoyssokOhWTA2+xGy +wTYhokUiZv80ly8Z6V+ixjPZrJu8FRkdD3GQY8oBL1WQ1lBpAnHTvZ4DixpZk2N1 +w2qKSCpjv/czULtoO5Y0Zy4xqay6tJU+BTTU7YIwx2WSV+sgbXSrK5b+rPjfP9v6 +uDmH8S4ue6wGtnli/qDtNh1CqkK/G5TIGu9gBPasNL5HrpSWVDTvTA3GgeTatXSl +1l+r/56cSSwu5CzwenM+QM7MuBV2nDSVPmPbNXcFYzmWeO59kAC2Cim1KmurwQV0 +7O2YRn1A8GVtVLAVd54rhRBBsiIxrbF+dWVeY+6kN8KxA9M9/WRUxps3R7TCCnLt +HLtv8pCbGgiVe07CqV8Zrba2ZjkL4nYC9aB9khUix+77E7H55CH1bfuCpHvFGAKJ +ZzAtZOjq0VJskI27pOdZPrsqZkuoNptDK4QBnbzZ1lVAGAkGZ7Ge34DJly1ABy8S +SUZ7nqc4YvGsFVTolEcJaU/ap/5tBFx/HWRTxSrx2A5505XC79UFJ+xMW56hMr41 +hAdbysuwrce4Brhv8F2PuokJGbMKBST69Vvg3vTmarnvSQ7K/Nf/DnOR4JIjJTIo +SPTnYj3FUfDRdUsdxSShALVZHoWihZgvOAqA/bts5I6pNXJ0IiXao/P5oThvSqHD +WlsOP29yuHZI4wPY9jM3CLCUZt0JrRrIAHWGtaTwithiaqjvAguTVmXdtY7tcY6p +2d0XTyPGjR3XXsni02Tu7ThAuXPEiCVrwK2ihVTlX+ZHKcdnHtIZMdRJIsNuPIz/ +4WuH540iPxUtkgfo7S/z0sACc1ZN095pvZAafoD1bchdzDBLkFT6lnIHeN1CJ8TN +Rr2yswwN9Oh3iB1gKtaOTT/82D97eARTb/7Ii8Pwd/GjDzJNyt/nNOezr95QfX39 +fl9/0ifxoohsD7PJpyN1urQiysVKlSmpG14+z20ax86FEftYAEARoe4H1H5qp16i +JkE4YBf5sC4Of1BN3YS5Op+uLqEpebsaSPxDWi2ABeraGu6Zg8LorK166/KYo6Wo +KpPtmQX15pGUH7KzxU7RdJ/wUy8YrdaziQe9L4rSuArE54t1QN5pFOXkUS3s9N1e +/JMAA80em8K+j8roiTc6jFNiFyDojZT0szKRb2paa1WjgJ+fEo622BXFqEiGlRbj +8gXzajJDIhFqYBK4kAFfbo5KvNjXwfPUlVjkCipNfaDeDqcbFNB9R+Hy/C95DUN5 +KinBdETXduvV4cM0Z2jwFibKtJEl2joKBrMREOd9XAn0VjvHC11htlN7NVFc09sX +v7mJ1M6F1B6ITYh01brt756bF2eP7W7Reem/tGc1aFlnrTFuB6jTHQJaHlQ9bYRm +RlqjPExS3xbzovb7UXngMe9KxY+QjHjSSYVAz3+CSPPY5mFtNNvI0MXNF2/w1T+t +nxXpCcFIjOguaCWjh/IQlAN777+ERgpfjb1CzN/kkLHbRJvMGlkl9OsI0toQmn/L +S1lo8AsIQA1r7c2huzxTja+u19vFxLZE827MIPxcaPLXzcf63PyBxZh8qBlgIwvp +sFlfOIXHdEz35hyq2j9dW42D3BS3t5kFTsK9V1WsngnqGq2bsVlqO8KMhlYyhqml +ZHJ2JTWRxMsyYQs+H5bjMT1LGQDOvW+8IoUeSfqcYHNw9DZs40mwtoa0Rj4npIAs +L/jpXo1f3e42iWm0VWoIPynP4662x88pFZ/14nzCXrzt71IL8MeIl0g2HsxcTCU5 +K3DoBe/BdEJsnDn38NcZ5jth5KLDEH72Y/QYfxdjpR32bdZFm/yaCDfbHu1Dvz1c +7947VweUAIoNiZTZ+SORDNGQrXqhbxs1aMnsiOTW7s/JcvedXoyt4nb/OnEs4X7c +dgNuagcUEl2yQLfhsTelue0Wgp8efOjIz+pdAHxeuBjc/yDIQp9L114IcqykoNMz +ormXeTU0CRflEJCfibGFiL0Ul/mv6HUWXTBffST3xoSHDA0X0ZkSrIt9KqUB8g9Z +Or+jZ6+XkAmY4opB3slu0DjMtypg11OCAWTNQk4liXaO7nIZmH8ZvIgwBhiZMvtc +2lz2JvFAcvpQoZ+NArJs9irhGvDYGI4SbKQoLCdheAzft1OZROTB1KV+29bvxyYr +uWlqSEf6ec5VSglqWIYlBN0KBywZBzToWz9JAhwBKRjEGtAfZ0ZJOQC9ep94p1J8 +qb4vO1rXE+0fQaoq46chfZ5i0I4NMMTsAdukds/wAPpz7YUGOl8OCd8M6wY9psvF +s+w+xLkN0O2R3k8ZoYwWPpovyw8uDpKoVOvl89Yx6BdHK0ANpAJuhi9b2Zm48+EF +BgoOewMJTcVo5TNVh3n3Kww0+kDQPBYX9dZ5JM7iMa0TyTXSHy9ZmyjmZDiD0u0S +tCJQkZJRUSPCTDQsAbekx0DvRWex3eGBG++2gxr+MBc1fLRtuZ9w8LD8JzGbZ5/+ +2zfUycUdJHb184KUGS3pGMW/gwxgTFuaP7owg0KWsxVBYd/oG6XwFT+t81O3JlkF +50+Mj7pOKd8mX385KdB1FrwukEWGk49dAO6TlzL5UAUdjlzyHwcBVOZPVNZxl02b +iBsPOQNkm4yHxJpaxVcd8HSsdpRBwUXylsOmHJv01fu7bRDkLotdijIdTKMOAugo ++0Rc+Y1mNna73FJ8FCk+4fjLgkxexrNObEsYflbU/CqZXAt0yzhP60fJuLFhAtI4 +mI8+s+aIOt5DMP9EiItYk1G5I9ylT/LklHRNAYo3SbYR5ZrTywnDR33FVPRwQNsb +4Z9Vxdc6BRx7RqdPYzZYelh9Pm1tvJmVoU93dszrdln8uzDvxeULtDtlN74BokZ1 +O5nYrqHNj0CrLvpNVCPgN/ONKrzvfCL7X+tpS4CprtHj8YkUtPharzNiNL19ukeO +h7ZcNEoU32bEqs6JGg5AoWg7IpF+qclx/iWyJ2Fxj/0/Zhsa5fmPh3T9BVdBYIZz +TPAanPWBuvB30UIP0BOE8SUK1dBkWvgRkabTKvSeYwBVtwL4R8oqt/y65+Q66AiN +HmvT7ASQdMiXhOtnPJWU/nZc1OpWFGqeSxnXV/iab5Fjx24jctIradRyMHO5WZAT +nSyTCPm+8AqzGf2Xt2fVEPT9Ql/Cet4gsIA4OK42+YhgqAATdDt3gfdgrNI52jHT +gNvpGnaD3DQZxEThL5XVHoZSoPZRuu5tQVH3Ok4i6HVkP1CGAGSEmFhEpVBdl3iC +TqCD3Ogj6Dqj/Ptw6qa22Wg0GWhr9Qj/oyvFmyiJQ/FSoqA1S3poD7r9O8VMIdYp +YEyuu2W60X33EDFpOZOASAHumZdFwXktvzgS1uDorroqPBGlGrUTfFVG+YZpJLR+ +Tpu/psZkpoW6l3tuFdUHhu45VhgWkbQwLdlKDVWP8xidq/LCqYKt97oLByCa1CuE +C+c5kKExJSgsW6vsPJlTlTHwyGG8aU+anv4bHANZr1TdUPYxcAu8fuyRtz0+g4qY +Ukp6nEndf8dBL+xZ/LlR3CbpLzJUNu89TxLiaaElLCfb7+lwYa5EaFR0ZFqwzkPc +nlpyHidhTfxWRqxpIgAPTjOX5UTk7SgT2JAwnvHgrrCiJipQAVPhhFdCelKX65wG +IRudWIqBfqsN2waHoSF+wuRqgcDbndpen/vOXaRoPyq824tiB50BsWLb3oZ7MQaT +2vRq/Av0zkBaYJJuD6h4GOvH333bqeD0rrDJbt3Ydxdz0g2Ap+ifebP/AeUwYC9J +TFJtGy8g1FuG+gdRR4oIOJhsuenLxLO3+E2UUXVWatbsi/TnN2LeugzmjYb9jL9Z +NgpRj60InlO8uxi/mnmyJU497RBVmnmRDeXU4CvEq29+eCwHfC4fSEkaUuamzCAl +Jw19r5eFSok/OmtIUQrvWGIhmrVAVUMLpja4vFECIkPKWBKlP+PvQLKqMjab30D2 +OVgt4Al+kZiBk6kOuV64zxtyKqDIpefidoh07W+DNMtJJ1hhkzjlGeLuOcIYtlJu +rZpvyx/lX+2xLk/xnaTUPjRij2Y+/CM/a5lp1qhIZYx7ylsqBY27rOCKKLMC+Jpe +HEIZBPWRgLeRwtdpPyrPZ+sIqnbVAdzLMRo6C8CSKkjgAAW2PjjUOQCFzqek9LNC ++7y0TnP8C3hC0y/VSMYT8j4UM8sVuJPg/+2lsGK6/4S2zUM1bDkVFEDFbnE2uWDl +5jCHsb8jqAzP8gznVaR+Ae0Opq7shCb+aAmTBuz4lH45mAJYDc7RSIJS0nTzT2Bq +5/aeiQoHaHrg2qfrTQhFf/APpMpsk3Cl6qXESliiuOTta/cEtbIIC2LI5IEv3zU6 +ajQDps15uzu7iGS5X5dCCAWyQwTaQcPqMPdqAxAkcxcAche9Janf5FT16LEMN4rS +dUNXqcr1WlvZ12WlPdlrp3lgaIrUzYrPrz8lYqRAoZa8T0yxC7j+oQLD4ALwjLEq +zwD/KecLHdN+oermh4Kj1A22TNzGt24IYqoIsRWTvRfvXf8gdr7CHkipUxo5P6kW +QORc6o31T/qVd60XKPOhfAQMQz5Wj3YOoMd08JGxF8S9f8b/N4bZwdMk/jO+EgrF +icKBVN8cBnn2946P5NKetYNv1GJHOuLwpkRon57IBjO2Vb9+RPIxJooxxA2i+4Rm +qcrNbYfT42Jsk49OMFMSS6gushhS70ZLOaoLQL5VxcNeTu8MQlawWTSJWEJDiMVR +O/TnSVLiJPvy0NY46AIxLHANIPSDmFR3EfyMd4QnOGs0uSW+YY81MFYFfW8g5Y5k +WqSkauk5U6PWX2nFIOlhf16jQBiV43WHne7UuzsJOtZa9T5vt7/Fbu3jYbdNrOmb +c1pwP1sMt3OoqfI9f2aiYdFY5Ah+JOeT/beB8N+L1jU/gNbLL8oIa+gNJH/eHVTu +rXWxutIHQHr4VUjU9YX3itQ5f3BoYTiXfA2TSq2LuGii0+NZZJ0ux0gG9StuiOlO +IsoYl+muiPbhiKUnK7QamJFpuibhMtNykf38SI7BCEF5NOyLIKpGJFR2cUT4VVPS +TEz6hoxJIrROk/DteyjXqz9TJ0oz/EhtvH1aV3/NqHBE1ylS/G/yS3jQAUAuWkNl +kM621NqMkBlZeqLUQRb+pIKEa57tr0IZwWe/W/m3hbEZdn6pavuLE0NAbAd/ThmY +KcZCvHjFlCBhD3isRSyjmQ61GNalHSUjvOEJRx74/Vnhf74rr8aWkkAREgcisRVV +Zr0yizP/7XfG+bwnOKyHMVNyCyjo1fhVOY9xqaKt1zGooB8WU2UagKYagoIEq3dK +zEBPhdwf4XeynQ3v0T+/vbI52NWdEzlBZWZen3jjimrkdUh5zb53Xf/g810b/R/q +B/J6zGvjfjdF4zPat/XeBbW4nZe6HjTqtckIC+R3w2qZP1a75k3tm3J46/Dc11uD +Ql85tGf/YkalZ7WaqAoCsLQMt+tJfIJePUUVTfKZgM7YZmBvjiHelSrObGK7GP8C +01JojMP6VdIuZKjEra0ZPFXByCgf2CocVwvesH4fk5iVzO/neH025QMetB7hGQI2 +BgV+ewrOrUf8OPv4bBl1/mJWGdW8QvDX0jDUFr9YC/SCOSC4VF5pbPXQjScOC+II +gQlawhT8djpGg54lhi7jLhmBUPZNzyHcajusxrIcpFv08FNLPJc7xQMy90u6QNu/ +2uJLpODUTikVb/9f+RGK+SfxlGVNOWqRw1SaFe3tTWBbHGWqUNbDoV89QnsXgIrk +0XVS1gD43zcwMWM/q+196N9MysMuXGkCdo6rbiElhFi0XqwbWbTYwhRLM3GhiS4K +QJK5kSHGrLjUZ61Xo0cTM6cODeWb7LG4ZkWeQFsygm6DyYc8jaimTy+01VllROpT +WPU3TG7S+GWxUIq2xjMdCFQBURzZDWjSDJc5Lvfz1g8KzAqj3iwePaTHO1mrTe4K +1HUSbitIbwCBPfhFL1NVQOu9mnYSY0fPcSkR/0p/Z2HcxA+joIHkqSXgnUf3tldM +iQnUdn5MXbiP6twaL91uxSnniavpER0JKq8amAaW/vUmNh2izHQzHfi//kgrqj/a +yXlHxTJ2OK9SUmceRU4fRY7+1yUgkr+OY5GelVofkbSmFEZYlVRLPffYWlgKfvVP +averMtCZGf8ymuyXZ8OLDax743Xyg63YQC8/7JSuZXRI952g/6LSWs7O90yh0497 +oZcwOen0NzJ2HHcFpYL8pe+9HJBIWaWs8AV4QDRl57xvt3+LnU57dZviQOQKj0Zi +6jpweTcFO/eWzR5WCClYt/dVXaWdknctAqrb3OHjzbEx52WeZ3MCQH7RIng/Te2t +OlTjBr9E7OrFyFaFPXCUwMvyy0wg3A9P/6taLmSIRFXx/q3o7J1A/vuHtzLu31UJ +rV0GSf14JmLBJNIAHzIroKxrXgn4IA6ndOmY6GrKEBajALSz1bP5inDj2xxDnnl1 +iIYubDjaDO2cQSiJ0SFuT5c5xhWaVNwvaz0SZstIaxhowvcT/jJhl5svdQwmBi9b +Xyu28jxZYwv/q+Knr+TdPgz/rIQtcCDm40Q0qi7fiVbBTuMN8nrCUVpbwZUkN48E +FGzd+p98A2SzXQesq/3T68pANtxz236d1ticCnG9uwDoQRpFYtwBz531rVCA5bWw +tFqL3f2Yz6U9/lSAR1mrUZHrngfKsXMtFNgGdkn+2p7xF6Uu3LsTfIwVyhtZeEhQ +C/hInmvG1Gkf7a58LxrJXozeSS+hKqCDL/zSyrYCJ2MJy9Iu/RFuTUBqQmcrHowm +2wSWPuaBysz+J66Qsr6TrYMrmgOZtk0g3TEQlh1aHXoj5CeG2MdJKWOOEzsLcUEg +NZdzYCLd8yiW4Ru3eX7kzfms7bnQg3KXh861yNBejjweSNpov/tqQnHPSnYnMdAl +nXAzQR9V9cljHtdPvrX2XVL9jtyFl+FU1HT1CTS6LMFhkNQ1cvoYySYNdvUUU9KZ +yJEtffDmzKw1+0AsI3U7XqxzCr2MdPEQ4WF2okculzw0BkMQ9ayNwgllaUNKxUDX +oWVtQ8D7BbVwUKrbUPIdy4vY1AG/m863LEDnKBm/zTLFnhgUgMy50Zt8ZKcfwdxO +9mPgG36SePoQN7OsPyZCVDmQJah1lJG0VZ5zKCDAtzqp4kpDHrWX2AisHFLoHopI +Tc79kOvcnFk3UGjOtsAITha5sQZNcy3bh5M3pnE8ZzeCnoC78Kapyyf/nq2GIcjK +dXbvDgiIqd8evTR55wxWXIud/xZleZvhez/muvY2DlOwGe7V69gy+0af3RFKZaYY +V4UgjdhBJ1YGEi6Ibd+oOWnZNpdxjNi/jYRyrmWT1OxyP0NT4BFStK0bwiLQBdGt +ZRd4tPwRdHltZ26vn1q17bp8e2FLIJdxRLtAFrH+hGgNLiBBqO4HJH38RZQ1Q1p2 +DepHPlyvrN8CC+ltG1SJt0fghUTBTDUzj9x5B9qioqplRBVi5bBu2+W1anyVPRoN +1mCKQCJyZ2QAkFknmH64qu1QBJUbjfQbYbQuibsh/9AfqzMGS4WdqFCzzM87Ql4K +/5PoKPw6XBjeKO9K417Gnj11bQ6T4FrW4KOqziW6LR4qn9dgJ19Igy+Ju3/XkJMF +rWrtljKSQgbXeQ7VOxpupJjJRfCaZlibrscgj555Fh59/tcL8c8Ac9luPVobs29h +iGxofqprBu5XCv0SPCE5HxIyQoY/IzjoHc3hCzSdyXVfo0qEhR1iOga/noTpppec +mDfDuRCt7EUnqHjUbxDHc4ESAq6mLhQEJeHnp4//QsmFAN4/EWHlpVLH+hukoLOf +XwSloDIbLM5DzvMUUpRK4lhPC5gu1eRiO8sZ2XLYqPpY8tf6fLp25HTObJYlRDKp +Zf7mQbIZodFxq3U42z4BBMKBor9lQ73IkDXgw2pFQYpHQZ698R06hRjUwyguFLeZ +uWhKoBNa0OUwV8Czfo6/TQXVVWjj0iveAH7sCU3A+E7pIlPv+/h8rkI7oHYoJCPg +EG3d8g2opBkzCDkfXy42aDHlK6kr5nOiFAXyTyP0a2ccoLMs+HqclNE8HbHxKvDz +DiPRuu1HfNFgrUhO+/68oBxpSKeYCLuenO/Ssv6FW5ZOhgop+ip5kiXUcp7gSzlm +tEW565ApS5kKN2/VKwF+evwz8ItEXoNIDdy3x0p68fKoQZXKLTQVsD/h2Pb6CK5i +yS5jhnMUFXQnMbJF0BlNmXXm+O6AM1jOM1ii6fKQ3yRQJhqTrZEVYM1ryEUlLemm +rTnf6O005NF3nT6bBhB75s+3AwGCfk/pl5KRhaD4lxbXSTBoCKGIEI/iszPjMaKw +XTsyP+HXI9wCkMVZhDvcfm/EDsTf6Bs+wBnzrABczmNIDF/OCW5c2Hqi2U3y2+hU +aBvrzUptWcUIwEpJ3XIJHBZ/MG1E6DWu+v+j7NHAO6vgKsucHe6KfCj4ZhugH6L6 +RomvEFUmS2DCkFstEvMWGzMAN38RFgBUsyILR4wxMsUKWab+IwqH3WgxLbESGsqs +g2VoP8UYdGPg5hR6PuYLRwelepIDb46jaDORiRVypO0QAwPQDcmsFzTypx0+eEfm +V06FJtfQf1QqGBzxm+GMf8MJ9ZF8yWaOupuf8eM1is4BdfG6MlipnfPNkR7ETWHR +247UjVfbrz0tDHP8W4YvmBwlBHJiONLt/vrRvIn/cSi4X6x1BUkAUoRlUXYnOJrH +35BJpldU0RjvZWfch+y4anJzz8EvuwePZeQPrUGDWAYUruC/QMa8konk675t8zkH +FqdLv/XniMLCa6icgqxXbcaNWFZ7FNKEdKcV0BoUTInTjB4GY7UGtkeKyvlMOK6K +18lPVfxGHBzu1OjL3cZ3+3ff2uQpuNeRYlV/Y9li3U5O13YlKpIrIq4n/mxOH8rK +PTYvXrr866fVByDX/mLP1dFBKLgMfNpo1iFeBdRA90gncviwPLzzqfcZmKS17BKu +fP8W84qecVtEZpP36iKp4Vg1ouFcDgheHd7snud/nIoOTn2WVx5fIXRNSmOBLKox +jykx/T8KJ6DXcNwIMmCJdZ/IvR54lmUbzuXIuUbc1yNqA1W1xjZLTvh9eRXp9DKr +6y9ozLgbHnwt2RFgw40wXFwFtox/4qbxH6Wgl0w6KT4k5yi5KbtBbwYzdtS7F3n2 +vimTy5p5mwMxkYmpdMuMFMBenpmPpP+/69YK0qCknAlCLkZtojpsAO/edJuLyiY9 +CzM0BlGVrVYjpffSgoARBRu+k/L615ceySPGtPwgFLONFZ6W0x2dsg5rJYIPcDcU +G5sNdX+dHm9pHwWQogt0slnG41uBSCjzxDqetN6NqFJA0wDYFRRRriN5D3H3LAU/ +Iq7YMRWMz0TWvV6o2toMZTIHJNgFOBmx+N3HKibQg5KFdmtCVx/O8+dYOp+zvUDH +LNq2fXbzcXjGIBctQHLxL+LHjWVgbpmJIvr4Tg62AXYHZTUKrfff8dFRyjLx6X84 +Pf43LbbhvmKnxdMzM1DVSEEOW4DdhY06vVWAgwKocoMo5HJZ/Sm3tHIjJfqCwVtk +MjcxzyLzN8wbrXQeLlfvIwMu+SnQLWHA9q7F04EE3jXwe/pMUhLaWcxluUKhTUmL +BGmEkGXOyIJdpwLLlQtV3+Bo5tOH4+1qjGWKaIJxniOBprfubiQMKCSoefAMSKxu +7zZ100IeF4r1le+71tG3OeJwvyZ7aZCPrCrqlW0V9PyNfLG1n0yridp0AvbFc/Zo +XpJYiZ9yTerEeYgsIjEcQYG7LQ4r1FdKvGGuR4BPZ46dCfWG+6fl+bFoesGtJP9l +luOmHFvrPY+UZec7h330ZZnHyq1lZrxMCbe/kmL779/0hs+EArDoAvxqJ6WOoF7Q +LVBOFxxW1TLqXuKwdyYt5GU35gLJruVxk/NrxE+Bnig/sDZOj05qsGemaGl1X5DQ +de3T1O4oqKVXSs5BeBLMEQUhqq7Am2tQfxK1Ww9NlYOUJcBG/jO+Iq/t3AiXhM6d +UaGf37GJ72uQ9kEuHtzSpW08gNvc8CtxR+Mwq7o/YD0SJkfvfmZvYLgPhih25TJc +Z4oqneWOQNHBF8++JH9/BDg4qTq/at0kWOts5XEB5x5yF99KCLMsu5QJkiEppsSU +IEEsvZg7Fh8NQwrsk07QetiXpj5LCxAlad52sDQkUvo+SwAmYBhPntsX5/6ZdNe+ +LK2wvYpV7HxWdXL0Rw6Lmy5w05mXTzO+BRqUXZGKdyQF1YRGKeEk+2au+G3uJ4Sx +pJ6dooan/mZvFO/zBEis1PjaxT1qpCpyH6CCjxvG25sOOsMNhUySJIuadBmTfXE0 +EGbD9Z8zzYTX5LDnF2nvTih1Ltopn7oGadB1IDovg6kt6A1Ow4F5g0fLJAr6TB+C +gEAIyYcXaNua9JNLEN8E10XYuDiGOLCtUpTJpZeRC4YtL6iipJYXpw4C2ef9Ug2U +wddygpZ2qehFQzKylvTDlmUi1Q7IgcVPDB4j1xhCpDn8UMBvRle+xh2bMQlPpXA+ +gEPF2kNRXP8UPXSh2vpiLMwxac68DWkhoPipDyeTwWczK+f+mBM0Pyi7hQdtBh0e +fEAEjbVgimwCdSw2ogqQp57cUhEprvHNWpUdjhh8w4+OepDlFS+86k7MfThxhTEU +mYUM43wXlyQl3oJinryKVaW65jXsDrg9spZa4oKeigQyjhLKQ52ZB320XKJZzcs8 +KXhK30p0QAtaGjpiewKpUlCZGUCdHYDIgKqRgHiTKoF6jFWPZ81djHWXzNQaOEth +qi4FewVfvW+GT4mv7mQyeM7WGKs/GwhffqJhkdJJTTMgyI6DcOXzroyPBQ9Ud36B +tRG3rycuiXAkVR3bwaqz+JjiU+wkXpr/q6qnRd2TRK5hiL3FB+vg068OGcTDMtl1 +Ugm0Z98tLSuu78/KwOnNN2AQOJZqWEt5I26i9v2mLvU5advpVSBYEi5CIeCbfvb8 +LHmTgZ3LwHZm/yhq1M4IJ/bXDbpyXLdh3CYaiDOYOyOF1Zgg4vAVUdMiXKXYBSyJ +ER8/VKeK/Zqm5nh87IlHV2EvpFHZ/PYziHeS1csa/+Ha59eLxkNiZdrrGQ424ven +Eiq2l/h9bCd0rXGvpIy39Oxix1UiYW63+E8YoQ83kslFvwoS3CgZCnhg/WmvPIEy +9yC5zmVk3B9KeoXUVz6kEoxxpseVFApYiLVf1ZZfL4qtF073kOV4qm+C5NXK1ecK +hR/AARHugal/RlhQqHNDIK4DKnbVaSCTPr8EPCLxoS/3wfBJFVX+Gzd0Jz/WGjYB +j+wOJ7DJBDcS1oBJ+Ox1F53u5ITeXzRdyqv1O3myK8u2MarPS7aWLX8ozvy7V5+4 +K0Z/AmJGUp0QnhK4INua8SINL22GJeH4S4bVoIFQoMtbyD1chkXAA6JXhcW4w3i4 +I8mOoMLj6vhabqpq92aidanlzMdUKbP9hjr/wTALjmjJ8bLXHU7QVAj+X7N6aMWa +o/PxSeWBDTDehsEOD47guHkF+GxMOzBSpEkiqVOj4WdjrhKY8JED7SW6MS9DQvAS +WNhoM3IqnUcb8k266qfH0VB5EvoPfRHI24mtPd1H9wOb8e218/aHkKG4U4qYSlK0 +YOWmANY/wpvC915QyW2g/EU65GMeDPTB5/Xqt7zK76Ns1wzooFlj3T4Bf0D+LPAc +DL7yI9p5b8UUbgt1ajvfQohSEgyGjRSa5qwNVpvnoahWgZrBhOlQwQPyMczuzAmS +aL6WB5UvokVOA0twlbwU1jWBsXxctwcvENAvVOymzDDW38l9gt4TT9mn8cbnWsmr ++9RMMPEzu4DDb5um7aD2b/KgsOYEZ/jyEiTIto8Pw3EfbylzPuzewWOESqMLmJ2o +DpoL84gyZEFewpWH2EuA39tjuS82nZR1QNPZYZA4HwVtM5kRa4+pkErLdhrglKFK +L8ZKsZB4cOePxm2ihnhJ8prjipRI/oOJVYfEVyc1QlhPw37ctQNKQ3s0H1xGEZ48 +XPWs65Lne7sz1ARQe5bIy5RXifHdOnHT5DT0aB3TX+4FfEsQHrC90KCo28+Ukv+3 +1yIp16H/WBFHoq1vv8F1LXkVc6WJIgagqigvoWWWYi3diOTdBT8FfcDwUVH2/tWA +P0mwXtSq2Bge+vouTAAa0EizxQQzFG/sXx7y2o4dzDUPipQz5qcDTKjexJioMJfd +bEKPrzKUAwpeotBQ0g+Ke82o8D5Fi1CCaEEn6Mu5KHIqrcQPBuodRU9dIfcje4vo +FHk2nqC98GM8MfV+6VVf+Rdqs/cUm0n7DlhyvqoOEeV8fhwg7rMvGAortdCoSJe7 +x3Rwep5qwTxmVahImJDjAG/If0sn65cgM3B3a7Mjl9ugDHmlFIYeYquzbmSBnHHo +WrIzuDxDrLPble+L+ERzCdrdmbSb8FqPK/pMSFtmVHa7yAvwogBbt91EKGldBNpf ++KrLbmFq2YuyZaPZKJkW5CAzt/1scNxa56NM8PwTrmaiE0zEYiNFco6GuzCkwVoR +xQVm7hXDs045MH7h1XEK5RUKCT7xDN7kAXQi294k8ZCRdDrcQHSq1HVU2BWyfEF2 +rmqEhwT7o7Q6eVlH3H0PDm5Z8eWnz0qjYKYgy6ZXoORAxX6nYwElqTcHmj2sxiN8 +PF/oWlYyYAmH/6UVMzTFtKB9n9sHqIjJ+XjqXRLbNbHlKZp5YoBlX/WlAZhsFdlW +u+kI9dIYbfFSTRfbhxWp4Q2IvMxeW3seiz3BPAcu7NRPflAWnkjEs2hkM700Ipfn +jxjxK2Naqhi8GimhXSGiPoZCf4SBlJpkdm5tvd8Zv7BLv/CsrVvF65WJjUz8iU0q +0mtF4AzHIjXXUSjf9ILJOkxtR2FQduft0SvS1/2HsVtk7VB4Q/lYfTQR3OH3xh1W +UWwZfg1LkQ1Aqp6HrvzRFfsSm9tJBb1f/XgXvnMsZfRLXC99u+suyyX4nZZgn+bq +gzrde4RqT+BTlG7tiy/M645s1sQvblYxMRfXi2Jfcu3eICQu3+Bzv6rPjlFXo8ic +CGN3YZCZ/+IzUG1lmtjioMpl/V32geta9bhQdAEbs8fK/cTebu5agWtIoa7oBC68 +Dfn7vn5gvF2IXpN+8QCsSstzltlLg8KMkapbChIQWlVjbyTJy1VxeriIaa9pb0gD +eEilZyHmUmANInJkqDmokoVhI9RQEPpezq4Rb6HT4WdIfMbMdNNIwBhm4hSEBBvG ++2Q8Se3uFeRn/XUi6WoNAfnimCcg8Y3oedP58ntKWjF3AnIOkmCgx6vN6jw5Vtxo ++3L3EbtMntWHocJe6LCFjcQAmPamjQHmVUP3q41dNqtUwoKpg0CfEkSW5ROXreBE +D3Nd2xK6nb4oUOAVxB+ekbevdLyqik7e28WzyMqrLjzXuPKZra3Mw5faU1FI7VCw +BcK8K7RUvDeXNLC11fqmF5F8hrlSgsUpgPVs3KgJpwsrxipOZEmTHWwppSs6uqYD +9/+TI1asgy2K470h2n23B0jRtkSuNW0y3t3OX9GeJ9BlKgmYhTDRAkbNzXgwpVpq +VeA0I+Xx0cAswMKP062Xq86YrlfZRqLq11KLA93Ov2t92AcmYt1ZxCHEpEpEv/Wc +7QpkHORFGYWZMCIQoiQQ/a2sRPQY9Cb0IcTqVTJFNu6IKNs7gw+9CxIDaHKDZxky +Qp5GIxe6O3aYefzJQpBbjefItMuD0yID/aZrRP49uhRd+uqkY85QOD1fdkXC/5bN +HbBO/FepcZmfCwTK10nBH3UfEhZTnUf8wr+A0DdeYFlx9QWdeEDXHReGHYvZevpX +cvriiNIETVvUIfkwEUasjYuGf34ip55Ec3PZfg/I3/KaxMM38BcarHQdFstU7j8X +L5GFSwjs0ttex8I3hXtnbTXp0jN3pDOwWSmEDuD6s2dT0q2Pe/BC1zrcwwmW6+SK +UJ4che4FVDApfTCmQ96vOAe52rhs2dpyUncr5UuZvgqaiaWxUwUjVDy8BbRBLP96 +485Szf1lDoAOZ2+GP1BKMyzG52xmxNjdLdpqJ2+PbcdjMcgnaMz4x8Vyqmxwkrbp +XMaowQRjtJYGYqtAtdQLq/7ZVCQsxxN2+WC1hWfa3fg8NV8FEKw4c8LXogudCdPF +jeyowBV0ltTwB8VoVoS5IHXUpFbWtO34MNtnvRHGO4HpgJCeHAB3ysr1gvKlaIw3 +QWqZ/uaLfrIhpHnQ6XrR6S+uwNDPfDtPdcXRMyMrEu7DxrEOjOQame00BpmD4EJa +zBKpjD+hOMoGgCKSA8plBI5bqR2K1G7MwefGCnGqUXY2nxKKKqqdsQLVuhRhcBe1 +GqPZzp4zjNkyp3+SfG4K8oB/VfOqiAkHDyfQ/Rs2lLj01PMz6cKQSdjKKly2GYN9 +eAgsGY31a/PB3LJqNXesHBoRjddwaCSaOgZxng8MYPh38KQXunIGHdzJAyc4GoQq +rtnopwiRTNdg1RYbMbRUCAzcUWToUYWUQxrj2wy5VkSCa+E8pCjkfV0oP26+6UUf +i38ca4oYxKyB+0CkPegblp4oMP8OQKSoVpCob+zXA0dTe9WJ4fH0qSqcOvn4wj8z +Z539pWYN1rD/7mXTUXE23ozBVkFJgz/eqFNtHVIqFQfxLtVJwBpAYdyTvwNJvCun +b4Ly1GGo8VCVOUDTr7VdrPeKAbcJjTZhh9aLeq+OnDpVOEN2lzePbctntATGwAZo +3silNUc1MmdV+pMxvSrSJRRgF0K8NgmqWWPHtEzdyArKoMPcALtpbRdxhW6MBk0w +2y6+Mj3KDzOoOA6PUgMF4MfqPf5c/dnkWA8vD91GM7GK1PwU2kDPZIpJSVYTgnvM +IlNj2hu6BSbL7DyLpkc/8sWsgsLVsdJHdRzlh2DkqpUBB7D9UqHAZhNT1o++i/1r +SwKC6lgn9fFti8yfIjSeAZHQfTsFais/iD4HwkPrdiaCweWa0HAB0Af7mviSUPpb +Fvo+Rqnda6yVANT/giaqtG8fFX05QFPHRK38Z1zY8lM0BEnao04KvsxcMXjl9j9z +J09EMRVGECWby/v+XhMBLj2hNqFA1GQJYByzTfESr7qxuaV9CQ4HEJGVJ7YYEq2S +ymScA9fud5KeYFWNwQuO3Wvt5uTGVyNJwPfDp40WtQqCWcXziTXjv8Zn2H1AKJjT +WYZCknsQmVFhgAfUmfj8GFAFJBa/WNNcxhwS/stN4tsbsePYXlVxP+Ps5QkKm1ux +HYRfdb87uiJGvsNs/rB8tnTMy5c6pyYH0ly64rWGNo5QOTVXuM7UbdEho/OZoQAR +SOmR9fxIvOuaKOK45mQ8uDA13RdwTdWbWCu+gDFh8dN7PWaOnjnPWEgal0LDubfz +IxoO6VZEQ02LfcYbn71vuCABDeNMYzMgZ0xvfxU2N+2D8iv39UCFw4zFBfIKp9YA +x8uSmdUY4fKR97f3R+f+JwRxHcpYSjnB1rAgdqzJSgpOBYR1aroPeRO1wIv2WRgS +FpsG3K8YgBXj5E5AwpbP0EJ1KGjVumhsyifm8cKRw42RW9CpmVueW0nymdkZ5+Ay +ctvYLLC/J1G3JtbO8ydZAH2gpnyrk1pur86QJv4uYjQDHy10tQdVfeoEZVzN9FQx +uLlCWs0WLQngTKKRlFKAfTNoLZj4e3V2jLIJNSAnKAJNgM18yKwuL2+rOuTAmCE7 +H12asZJeo5y24da1cL9BmP8A0vRyN0l6GvoWPU6sFT3gUQGyerjSzKWHdrEq7+UO +5DgApwT39b+bX/+nG0rdY+iurDMMJLypwfNVhTEMpqsdGl7ZhadKHNDcSXqCLLsg +MRxjhKoFpI+1bo7UNfZUbIdJo2HiGo6/AidXOeFTV/oGRm3Rim2wd776ka2aWK+8 +9utkdRM6vGkcwP7fF7/wzFGiw5fo/HYf1LlzC6lidp2BE61Jl//+6Yelp9b/qz4/ +6XBdcu21N+g8blypc5D78z75lLeL6RzxTvna7EyEZucGs0+74/Sm5/8VSPl0nu6m +1sQUc/ZmeCNL9s+5N3BS/zprx8+ZV2yP4BQdZjgvuZmSrmRjuIhgHg/WAUf/IH6b +i0jdi0urNOCDX+5pboPt74yHfZ16l5QesgUdqf+TS/RumM3k8DQemLueFBWOGC5p +5aYd7AeXn3I42etRXxZJyxVKmjHu7uGhSEumnaCygx+l+/9+howoCSYFF05Oak0h +W88ovFiHuSODSFBHD6yTZ6oLQgOzvLX6mjpU9KW4UgpSKsoC+T78Gr4qNQylNpXc +CUyYm5u5ilOadf8BFF+tW7UisWjVHWI3zM1G5LxlPaJJdmb3Ah1uy7eY4YH/X8of +ZxCT7oPUxaC4m+RSZ+1PMsE2XpLk+BNb5+gEzr6wgi+wX14OH56/ylazJuPe9fnv +tSpmPzwsTphlMmh+9w+QvfnCC5m5eh0g8CbQXQn2DQ0LhieLsmdw9PyI5eK7JaeG +oY3cwtckITnXLr+VxUVSUIgW/B3Y8eJdoXbMpDIefLAPJnqMXilxuLBCOj1RKexn +SMeHNlBghtDhKwcdRsP0/zGHj4mx7JcSm3JH0592jTzyDva2xuYfGo1roGYFonrJ +k9Ow4OR1+cEDLXY7UgcwNJTAFHNyuiTVS7Vds+N7rR0zkGXs+L8+Ui50WO9YXrhG +wiRz3w6LuaPPdIu3IrfbrKk0VdR88dnX8ovg2yduozwqh6hRRa4DkPwuowlqNdGw +8T3YN7YUmUHkabDAlaP6AiWAX2iHDmGNGbhTv3jc2mhP1YvQcplWqGzseawjlzQl +ml/iyw6JfMVeEb/TLdczV1gt5rol8S9e6r5KcAHpA9UcJZJreDt6ail5rUYqkrLl +J/45MjdFLmVpPPobhH6yHQYBWIdf+esyG/i6RB3Jw5eGtvWEWsXFn6g1Uf9jZ13Z +s9aAQQ0FyDVsbNnMTY1fvSHotEl8HPUPdvPO5t58Zfk6HjqCewSdgfCWBVxsndKF +RAtYgmRSfHc2oMxJwQsTuBQpyCFztemf/K0tk0y3+aiQDr7wz3w3SYaIZAPiKkU7 +wwn66Md2fyGQkuwYhtX/ny9wmiqj7MxQlEGgfaQo4YPqZtEb9Eithpc9oipIZ3Zz +2aRnYXRRPqI9hGpoPe0s2UWIU3A2m7DgrFUJaWH3/ZcXpHk/zMf/GlBjwmhLisBL +fguk4Ny9mTPoKPjo+t5PNE34hVVZEtOEX2W7EOSvBPFBXR8TZELqWD//pA0OwQCh +xhzzYGc8EqxTCftj04Eeo8ZuPSBWdhCevBwwQK1PcRVuqph7wqDQ1Xxv+NagXrE/ +F+3utUOndE11zYjl23E8qTd0UJEK7H74qKv59D1ISZpavawvjPxVbRPWJoDtgPg3 +t5G9iyC3p9EohqfulufzBg1E5hRPiX0LhCcssKFEHmHPa4co0oP9lbkQA90zBHKD +1UZMjJZ8vkguuSH5Gy0bZT5rGK/wwdQFyQGk+GO2T49QevnxWQV/5u+qSX/JW7e2 +y8zg7xww/4Viy4wUiD7XOyqxZev+qvYgyX0g6/VApZGq1mCeYtJASVoirBpHObGc +607kbUvxpYCqtA2rN6lr5yARP2+fuvG78SOywkXh6ljN/gpi/qT3VLFK54CdUz1f +2NxyD+fwfNzOGsbMb3RPAw3kaf9P26oxo6A07d5q19HDCl5vPRg72rSF4zz8zsiE +aEvQdQkXzNJXGZJ8AG6HzyLqer6myuFT7liJGtOUq3lRDK/nOm31wOVVxSVPTToZ +I9PVLUc3XNQd20jTiwuqFOBKI2qBgLYPLtqekiED6VOp0lT/tjER2LH9MBV6KwEW +6J0E7LhqU8Mj2FjwVrET5Nnb315uXEgItV0gLgGYJZN2N7zrxRi0QBKbEYzK5rAz +BgGpodMuVsnl4syFb/O7Y4//I17I+/Ph3GwDAZBx8Rxjy5NL8JyTVn2zCCtrx/+E +EfGw6PRMrLYPryGMIXta5IIjpltGF2FDBJ9PTT1/x66jevmmNSP1wD6p7aDKY6QL +9+y05kCxF6EGKGt8ZhjBxG9DcrHJyiM7GkTjmHY0wOw2P2/s3scw2hA8pUxCrWc7 +NmcmzmQRRyUH6oSenMxelLiueCvcO+htT0XMsfLLIdfECqUXEdc3loIApDrCxm4S +yFYHV0Mk88o2rOyVNU+XpKfHvXaAO1EJESpBP9NvlLqvhg8c2A3xRRR2WUV4OC8P +lOk0jgCJeRZ+B+DzGA29kbNCx/bOZt8sQ23erNPz7PtGCKliuUBshCE18II+XVUJ +B7QW7JWV4kHvyNLJZELJe9PuC/rpYg6KPaDz7lfAFsNggRLspK2bEyHdnZjH/cLj +Hf6MoWGhJ/JjVIVlZr1jUYT7YaaXy4jImw0NocRE0PXAJ7aFZ6GsPVFmmMIa+4Xi +FaZFK0yQ7RoyeYWF948yZQGEsyIFbfz4GmiOvcJqUekCOAFWjDwSbV8UEXRhJ+6k +LxrRO1Vi/HT3zSGj/ZuY1+caEEnyYLi1TM5JWGeNZAl8qgWCRdf/sMIgHhzV1BMC +WCS2wm7e25O1LMKF/G741mTdvjbA5SuCV1hZ+R91USpncUYZf8358kt44kygt3NN +auOUW6asQuUD2PymEHgPK/uXVR7tPkei7GM8qY6l4mPY5zwMLxwYLflyzxBcNA7B +LXkIWTdWfc3WcsLbHAz4gR/TgQGB4wdKCiaijkNE6fT1SmdeZ3RBNYAInWlskEuX +3rYrafxOxDF5v39xBSQJ8yEptAX9ZMsTcQsW73elc1BhvYFliFP2xmdKE3UE43hV +qfEN2Uh2ao3mY8VI/+eT/HDfeb5t9ikbxnlPL3SDTjfp/PA3uPdSjcDHOhdySdJR +yO9LO6xYpT/fI26uhunUlRe3d5eQFLiqfhZnWX+bjAKMOxke3MNaqsqOJ3ILPfDj +Pf8lltz59jg52vkTftekl+JWyLQa7TLPRPGcmg0HJHD2TLVFhzeVBpRHPPWH8YqV +3La5GR8eY+ALYfhr6N3WCtGWtT4Bz2go3hRO8C612YkVmRQQ3QoOfckS8yVzrmpD +kCSaaaB3RReyi2v/O74nR6yExTmh+h8uvsV8hBqg8pN0zaQdxZ2eV2AuO8PKKZ/9 +cf/1s4LoRBC+D2L5BlRL9/6kZimkEGkZlxIsopIfcZEpUX7jvWULbe3nAmw21sx/ +QpBMo59nTxAv8tws5AHx+bTlJ1JD5NWKTe7YeTY0ln5HFScJDvE765wgMZb1ViWJ +OJS8xHb0LAlNSK0d9P1ES1DIAKMl8KWzFpGwhH8tQzJlLsXFTiwDpliQ41YOAroT +ilpMjFBkY+HNIPvAMg/rcV+6FszTfAdyyXcT4n4mux+fRtLEiaXw4wTJ/QiBtf4f +KS/OaLxHdsKw5DFB02iv/bpeGW1PXCxP4D0SSwvlBTvfHJDZvJeX3mLQtc4I4jwY +rLp+8uaF6dIDe3x7oINfwbhwywQjPD5FtMyGyMVA7I1EXXs7ZhfDuG9P6klNdni7 +2MtWlw2eZZeTxLuQ7Psmqj0RJk/eETilGQEd49N4apaJ3s4CtIk+fnid9eJRXoG+ +bkcoVlhqhTBq8/r4Zce0H9N65RBPuqTEBgF8BhoAWYuC1V02+blRqZr5lg009hl+ +TTYSG41RGGDBpzuiLPTwOcJaPM4+RKUU/0emYTUvQMjf5U3Fck/6YjFcY0/TOWMN +lATf92xUoBzcoklXRrWIpQCEXonUSAqc8fS3yGpiOYubhyuySH2b0LdtxhDgmSSe +lKBzOPbCjVLE5I64ayffmr3nq6yKBaFpg2dJXKURitsfF4fry10Epb/Qcb76jalZ +lq4RYX3S1iWg2D+aquY3ixmanDJ4H1iWpJ902CHnx0cbo3a7TbCFovYC0fX7nuXX +b38ycf0NSQ6UspIU5j5K+1N61Ual2XjvoxODIz9GMk9peiq5O6cImstkHruyALlC +CmIu8yH2VRGh7hXfxlR8kGrcfadVzG09aJHprJgnRWWWi+aFcE9Cp4qR+px9lclK +UVhfIjNQ+uTXM2Eh1hztrxmO5Ny/l8APqv3Xigli/ptTYRnb9wpx4m2DR4XJVJdN +IOwkT1SRof7fcRa56EOLvm0MpYfKE6Cp6dKtRGfe6EGWbg75OXJdJ2/8dPRwVjU4 +jOxL1nvZ56PniBv7a7ZPTjv3yEMP4jpVxVGkM7T3/WxiWzslsTgTX1z29oF0Oi9A +vNzifU5+aEVNOlE8QbNCUoRTnuxKrb/cXMzLlt+JXEp3nfqtcH8wZmuC28g+MUVD +HoL/6UA/sx+f4FDu+8tFRnmeYrU+R9BsB6MoHuRRW7++5lv5SGJwmnTKAlcPzQe0 +nBqyUhz5jaFI0oPCVUitd7ukgGWiQx98lYVSeN+CxfBtRLp/udMkqjby5Mpjt6jQ +s58etRqSRPKdbX/9FYFT9qSiMYi5wIUzwsHvLqFPNPzcdjs1B+47vlfiP7xME9cm +9i+paMdI6CebLi4BVY325jHgQ9eVYxZV8RcsJwoaeoicDL3Z/VhvbeXEJ4IDB8pO +zHXk2EcPpBpCGMLw7Wc2sFtonhzWG/d8DblK6WPMxx7va9X3wuqa7zXWVNLIaS2b +HqPMBuYP/HJb63mgE+U697f30MZFRIiCvnF3SRKAXqfyUPIe7w0ba22zcpyVTPho +nZQRy4KnWpiwIdQhoI+j8WYgEK9uO3UwWkj594SKrF1UAXQ+Er3cNR2EdtV3zG21 +an0LWCZP3C0H1Hca9B+7eTBCpQLYvBxU0iOcq8iysqEuGBTxLW5FTlCd53jqY9fU +K8t8x+J7A3yNmwy7VIMPkzrvelxZeVSaNOHbjPBMPCAiBf2FRSmXK+i/lr9l5F6V +WhTfGLxJ2KgzKvwGhi2rvpFebF9NeLnDVv0YlMNUnSD6fMVlfpMpqFJ/FqkYgETb +Fds4XSuj2+dOj2gVkxb56wf2nDMcN37EKxd7Y3/qKQUS9upCOfPzrnZQfib2UWRJ +eqrtw0edUsKEsh+f/285h2iXAazK54War9UHkO7aj4rT/ICab8rrIAUJppOmzTvw +kFadZBJ77YIQ07XkIP/Aw+DeErwBXR6Lz8nFbSg/IVdx2x3T2F97awofNiOIiUPa +pUma04q3uXEd+mD/YwB+3EYdieqJzhomi/g6gOMUdssKL/hxiDZdeZNqUC+r/xE5 +dUtzTBbg60i5AHu6tRq7R1qUE1fA3uAyN4RxX3RzfasZiEQLhL+cn8xjabqYQJks +CA7H+iH1F+y/AKabcV9KAOkXceKjfskAMXBCfeNE2WYI1Ib/inEDBNEgO1tLYpCC +u/s7aTMyTIpsdAtWwd5j+GXb4/zuxU+cwqfSmHkMHdPEOrUYSMkKCqroKdkizyoG +nE8MaxLWZBNqGF0R83GnPZaqoEhzXLqeEBFhHXtSSACAMjpx72EbGs+WhGMQhnxu +jV8Hip33ZgE9zWbcBvoO8WxO5+mecgYIYduMZd854msry5NHbl3hP7AVzpT4h4Gy +iqJK0rzHK3FCtAc6aoXna+1cQFkaSxo6dVej6XP0eMewcGs4UAKrzx9gPJTm+UTC +CpstNSQY80IKnhyiblUTutTkW9XCKGfGjtavenl5JRJj3Q1KciC9Zy52H0sHOFxG +28g1/v52VU+Ua/qTF4fpgofdnQPDTgmMKWh1NvNfoIUFRZLq/7KTtH3Rc0HjmbJX +yp0Rwro2vhxmFqP+aImH624rDAjXMzKhqUeQsfsrbJQzmEDMQE0VViYAsYUaMs5H +ZAznDUnFyI755N8f/rQS9bxbE9x/jZRlW+W48ygWvIBOkBh26/JnMNTuLNPaBubL +bNBa+zL9EFF6UrfLAVPaGzl0P9NR+fY5ySoIDWOgrNCDAy1OinQjL37F3VOWunsu ++eD6xe2qAsmfTVZJ3GXcw9D+uEWP7/4TZCQW9mqumcYKEWqkNl950qRWNqwKhBHS +jfLX1HsK1t0WV+8nyLIhIaFoZGPl3JPDPvVGBiAWC3Urvj4nK4i2QMDxmxU0tGAn +74NYSHlZqeg8u6Gzyv6v75ayQKeZdu3/D+Nk+swP+aOya257d+/ML+DSXh5DB+t5 +g2I+aXhRNRoejSxvWdmIVjFnUnJGsHCCPmHHRZC3DMULmzElOqAj7WVERTPm3Jlv +2/ZLN2SQMVtnl7mC7iGNleqkfROSVkEkod8Lr+z9bU5CnQpEr8DlC73sgYQ8lQVx +w2D1EUbo6UhWp290twSxivxAD+K2mPzezhwH9TFVQAvd8ZyoVe+x88HOSXESm37N +ZHX68oBId8WwomwN+esz8IrnUmFSAg7h/+8E8wwaqazhk3BOc8Mu6WMy+0lz3M/E +0eOQIY8vChblBTzyJGSwsmEBA6GBy+wWlTCLpfv8LeyKwUOyHOgA83OvboWrNIDG +hXnv4RiFuhwEjz8aPLJgfSU1WojLR/lFm0UUQPQ+wKbJpeYjFRO1Y6dtjDwTjPNH +10k+gKqCxmuVkwjcImoKBQpGz13xPpBveSc0qb/soA7djghDA2GiEheBNzU6FGWp +pQMY5+P7s3RRlx2fbM0pk4XtHs87dOUQ0iNO/b01+Te1B7rzsGQAx7yu8ZZXQ5Dz +m/XRorl95CjRP57+AMTtOb+oSk60S8eC31qlNhCwdxl+PkcqxtiyJOfJ740dFu3x +SoEpLvAqNToF1ZSuF9etiQ3RXEjp8tK6klvsaGdKbM+SrgPnazJq4J9oAJ4EtRwO +X8oG+jhIDwPyGEBNg6zu1NF2zs9Udviq2XXdRRlEhdpH2rL0Z5EgPpxKsMojRIOa +jLbww6Y8PvihK/iLpXoNfDG28lizJHNtDGsW67Ad4nNaXWkmpXxwH07Fo0YXF89S +An9W4Wg+VqYGE/AoxquvpU9ufRBCDa9b0WK9zEBB+IvdrqO85EnnXL5DZMxoMNHO +3fGrh+GwMPjJrpzdKf9QGJtuMgTqOG0ainCBtM0rb1YxBbBLWKZVGHs09nvkmGzC +mR+bpp7vKqORLM30Tvg= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/librechat.age b/secrets/librechat.age new file mode 100644 index 0000000..279ab16 --- /dev/null +++ b/secrets/librechat.age @@ -0,0 +1,502 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBBQnNs +YXhLQU14b25rMDg5djF3LzNKdjdHK2RsaEYvM2tqWmFsWHh5WEV3CllnZEZQbE5Q +WFBJRWVsWlA4R1FhM0dpZ1FRRDBLQlhvNUc4S1FTWHk2MTQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGhWaW5WSVE3dzdJN0FXc3V5VFR6UGhYS1FBeXAzRk9IUHVYTkRQ +NWpNWGcKcWwxR3NDTzBIQTJNNy9yTmxHTDArVXlXZlpydEFhdnA1WXNjQ2F2ZXpZ +RQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgUGRBVzZPaFVpNTYyVzZyYU9WbUlwcDNL +dWxKRW5uOFRzNmY0MW5aN2ZCdwpZOXpQcklTcng1eXQwQUdDTmkxMTQzSWlldHk1 +UGtFV0RSQUYzbG00OEZBCi0+IHNzaC1lZDI1NTE5IENTTXloZyBjVlJjbDMwdWRG +NVYyeXNxNkk4cGQ2YTdFNDVINUFsUEhwTVpwTUpuZHlRClZ4WE11NFNTejRJVkRR +UFZZZm1sNGM0V3FuUlU4RW5YbHZRdFpkMk5FTU0KLT4gIi1ncmVhc2Ugbj5qejwg +TCA6VCJMOAptOEo3bGtSODBSSnJsaUdhZG1LaHNIeTBHd0NFVGJJekI5VjFFeGhv +Q2tnRTB6TjN4RDRVenFSZVZzbmdFbVRiClhHaFF6WmgrUHRNK2EwNVdnV0VHN0hZ +RUhIbFAxRFlqbmp4WAotLS0gRkhzM1ZrUmRvTnFXTkJaaVlKRklVcFR1bUtENk8x +OHA2RStjNVFjb1JISQqemBHxakhUQHThV6NqsfMw8cAWKWFTdrKC76BBw7zYFcwe +TePr68pI2bLfScnTZ9Q4V3kWQUW+5rVWvc0lo0sApPWHgyxA/aYRV0tS9nirRIeC +qaocDs5IyFSAqnVJt70sHZWIbUC8HZdeDDsQZT9nvN0sKphVCeHrijBmuIwmtQYh +KugDqVrPHLW7ZPfdKmFPC+pqmA6PUHKXUPDlrP/blmQk3vpdzsVTYtRKNEoejrL9 +bRz+4PoqZup+PJqFLBXRkJRvlmVmUKx22D473BfcpeFEK3Qs7Uxsjd1dfrRcoJ4I +Zx0Qy2oa24I1oKVg4e5LxZMpy+ekpBs1WMx7UtDQFF6RiXpXut/vmbOj8JXVmE/G +dk5wxsT4gDzxWLzqrydq8ms8lzGHI26YEAk1zHCi+/fdKKz88j2emtr20nj1wZeM +9tS6V5aLZKkpfmgN5CDzgwDmN1cXwrbkl2RfQB8uBereEJydor+RcF/MXdx43of7 +E/vVFfw/qbZXA8+qr1CWszi9S5qP7rQxsEVpQhAY8c+8VS9vtMBcygEu3etPE8aW +fOgI/SprwugYzHCNZonkiDEVqQ1GHq4d/nlZc+f/o3XD1OhkWJ1SgBxyYXrWrZJ6 +r8I1zvTfS+0w7wSZq8UZToAaiemoOJtHxfiDK4D+FN2YsKBH/VgHET54Z2EkMUNV +6/G6G+cL1Rr2okDsNwxA1xxYt5j+3KNRX/lyiBDaG9pglVadXHJ/OFbRj0B409wM +TsW5UVHFk2BIs92MwaU7W1EwS2FIe0U2pCcO+WopTJeS/hyfQDPM1SszVDTfhPnX +oRbE4aiCBQMRpvaDH5FUI1r5goIIDHhmWxOP391PT/QU1Mk1qUblazAsNK0WC2P1 +ATndNQxcapvwOb0uplbAj6vZOX3esUAvGNDkmdjcdz+S1IETBLdEwAuk+NgMENGz +biVKh9oxzHbuJx5sgKJbyW6nOnADFqyy/ST91X9ly+EdWOtB9kMr6BwKRWmRS6hL +FnAv1W5S0M5LyCD/ejt2KEtJgDPjc0aJXYZNz+HJFCFK3FVEK4NYRXMCFGVB57IL +oRjDUn2JWZCPRlHTXmUk9NA1GabNx2CXCxlqTx41tB/SrsQLUdUMmlKOy32GucHb +QPlON6E6WI8NLrDEai51vFSe4D2whQGitBMIdvyWrJ9u63x0N0cayIXK0Qke7+yB +DBqgkKoRh/Y/bBH8kNdN5WFpjAJiXTjrehDhf1SLEGLLqIhX6f/nVpqWFz9w8pE2 +oae2PliCsPb07Yd7/MfC5aoxsfRm+xbdt3jOrUzlaQV/rWclLQOaM4bTmW2/KUBe +JbtiSxArrT4Ngh/vO2s7xQyFy/UNsH11w2uSbKQzsgwo3c3GK7C5nYsGje0BGju8 +CFR6DbareVCjYiyKiPTLFZn92DVhclkrLnQbCS0P2JQdoj7UiHs0UcAVOJNh7WGJ +c5F4WnGuY3wH2esE7NzsvO4peCXR2jpOtPWEP+IqZW0eJE9KQkQmt9v+wFG8tT1p +kEM+Okawfs3FlYTf539ttH6yJYJwd8dyEsXBhGe8snmTZzGGpxKHnheelXFMd/8/ +B4M3nmL7eCgVZRxSWfwqIuQ4W/mpLYQ9G1S0SjWR1b2CSGU5NO4OhkrCqr58jvrm +C71g/WvSlKd0fEr1S7IIlTGfM0rmcB6xL2kDrjotcxFIEEBT8+3opfFf1zco1mO4 +SbL8bLEC9xQDhI2N/EcLJQyXznYJZqxmSKSzZowDZNr4HMOImTUahFIQe4kgCy6N +Q6Kw5FnB2GfjInFp+ngkXOCJ2fgfNaKz2xKh/fxoDaM99IQQ+U7inrKFpvBd/kN1 +sTWJUx5Rw0nTJ24uBrvFnmP0ivsg6JgCbfeXCIlHAU51gg4tOmglGEM0qBQGR+he +X2jzc9YTqiTEWlAIpBgjaj1wVStbgQMZ9r/WKAxMdxE0JK2JVszqjds3t+EWBoCl +QfAREPp1pxzITkVg58Ogq/idrjWZeIk+Ua4H/g5T54mZqr5KPwPeq1ffdQh+oyAc +Nqoy4lhT6Zy3UcaJhXaqE9DVcWg7swnUyX6DSskQcsMjUjCnrZVnDCk5qMPou7Wu +ehpIPVIBKj1ETJRTXfs3hvCfTuz3UAc7zG2CGN6K+zw+ziR+rcu4dM4HVze3XFZU +/lbZ5spxQyNDN8awUQRuluEsPNhEwO/45OT6gEHCgQW/T/Hu6MsxuqM4fIOlkLTL +ZfzRPFb3FZ5PiEE3rPDiRhbAuvql6QrHTlDbMQwV3/MJHXMko8d2wFeuhjJzCNNc +EBcsokdM4ohCEnhE9xy1u0W4LyIchM8OMX+Y119+jMTQr5OLbtVbStGTeotwLAhZ ++A+MDBuwHFqpT0NW2t77AmBWXlY2dSS0TRh2TjCM7mHxoZnr3S4hDMlefSbpjseV +bj4WHHMQvq4EqM5b7M0NxCqsC152iFEuqOHo3GAhCr5ccHxRUQex6amQt65atAQv +FAZtYjCAsNZf1quh2FyVOn5y1gtnsFjyIO1NScr70kWucteajHvVXi9YQbsZO6/r +00VJ+ZbVp2GWaC2ucYwkgUdX9LGYQjPigoH9iqi9ArzPBoVDsaMUhbETHVsoVPMv +M7XMAWoZ5iI0NoqYvGNcM0pL6pWuVigGAeCf8DSQJHdw3GhCrSL/3RAKoTDaER3O +18Hg/U1nAwL91fUoNRIku7+S/deSFX9vzOdvzWnOZsm8aTU1IdTSxGfp6ospPp/T +1D68AayxcGWQHI2GDEli2xXKRrR9uBdQucXfKia7gUOs5WAA5UilJS7MaTxO1vCO +tQmRDJIUAZnMY3Sm52DQd8Dx+UHgKPHxEp/Dd9ZLbFDaAeUPQ920Z63BgoWCQTe3 +t75d0IbsdHz9GbklOsntG/Rv8WZnM8He4kdp9fkh0D9UfLxi+1pJIuaOLbC3vAeA +N7AH0o+v+VaeUNtEzQH2DUzq9lhMQC3J3NqzqNoaTmIMhUP1MhuJr8/sDIYlbPY3 +xA70FIF1OVFjPsMcQL23oJvIvEvAdgedvTxSYjMUzG/uLgMLZeLJUH8THUtKTYlv +NMND5qFQYeCWzzNZI49t1A8BGYghnwKniAtmJGhZDuXdS42vQ7XQVTQxnrzqZ7hI +zgKGZbBDAs4J27KbFzow2Qy9u76SgoLRbI4XePUGGb4v0wwmHESu4TyulptOIYdc +CL6/tuHyJ9KPAWGKlzN7KmxNcbyr76n5sfTqJ1VI6+0X5HGEwRoFHkQ4pGiYvhPa +qok7AiXKxzgrbNveB7HmcV5U9cBcRzp7fUiJnsjTxGwDgA9LmWsr7EmcUWcDP6Da +ypdyiRMR1zCQwk+0PT0MsZMgyfvLIzuTeKcEw7hOPOTTY6HN0gzpQMxsq0esxIdn +asQMSVpl6ui7rsqmQP6OjT+FFhxnO+MGymdtgM4Fn8k26McJl/i1WqdyC5A0bC1N +lZBL4rgUyhWwFmswSuNgJ+K4KFGzNh3hEW7WdptL7RIWSWVtkhLJ6qHHfI25oGbo +NmhGnSsw9bw5cCDBcM7daTdpWF7iZM1x2F4K5q6XtdBNl4V+VK1I7fXUtUycRRe6 +UjL4gM+RrsCtDOkLLWRuVtlnzWTctbWZGXZFzusUvb1dmCUuLfWx/tv1jQBFtkR7 +l5tE71zBhXnb1YuEFyr6XdhPCTlSPZ/nS5YhFlkoo3jwU4//8LN98/E3MQSnDO+Z +hwiKq1FVUS1CrKG2QiiCCy9gKR12gaOipsmBS0CfdeuZH/tznV0lA++bsaml5bSK +3OmAvKmhE365euvz1pKlFPLthwcfPfLsb5SPTVXHNQsKIBjEBYmUtz2TCSU4aguU +RtuuwQRdUG82b38Im9VpoGaqBmI9H0qbuEoyWIC+e1RSrxR6feg7j6gQ+O7y3tSy +t64XFPf/D5qpJovJoklUemkpQDs9my6izmuVaz51LX2Pt/4HCqdODDep79FGEmaq +vUSLbBJVn/OstXHlRLdxfXUNZ5Ab9PJGQQkFdBn0+S0uunGp3OK1aA9QwnxZQPqF +1/+dBFRaXp1jh+q2E4GF0UjyGMYu+GjT9a8pDSfiMLqdx/4yuj8vwDiMR25pENQT +y0BypXaEzHBQ7GBVU8jreYWSdnMqZV6FdWosg5A8BqC0tYBBohwIe8uHjmI7HbvI +CalQxGXi3ZqzBn0NgnvA3L2/oFbcGnrLS1FJBHzBb+eg0CO+sL6wfiZSMFOE5s3q +q68D68fgQ7+Ve2V1EWdRKI/7/KITwgTVFo0YAgqGXCgWAna7EfMQPOmtlAl0MWLC +lkoCPgtSwPkyneIgwN1EnLxOGhuiZCagx4eQ6XYDtRXr/MYigvDYwA7m5oQ/dplU +0g5IGg8TbNXKNqhwyBWikdBmUhHmGZ8lJ2gT7EStZFNS7V1d4OjeututLlV4gAC3 +jtSGAG1P2zJWlv/uD3XuBoNR6ZMTtBD1LYXgmXGQ+wfwX7DNc6WMdBB1YftFolrk +l8cU3f/1vKUz7g5klM4J+tBdFacAj2WaZ6SC+1kMMbkWFAjkhnUYLAENs84tOP/q +0C1+ZRbk2HED1jF0FEb/zaMPpoRhzJwzzVIVwOtsSL3ZedzaX1P1OLv/jov/4OHJ +6tBZY8oFhJ6E50a7WJTwooOxCPFCO/xgqcsC3DEzJIDcUJdUWYgUNXjSF2uM5u7K +qn1NLQx7Fcyq7QsSb42rw+CbtbFMp7cLATn2Ffqe6DkPxwypANhixAVZEW2o6n/u +df11do6Gpn5InbQjJ/flpr60kRs23MWGjhT+GMlzA63xGDzQrwAoLp7t2723HtGs +N3RNlULnZt2I4HJWmWSmupymznAGHoiJNStTrpYM90IkPxMqeUr3i2uz6HDGCs9L +GCmap99l7527uMbwccxcyzo9Cs5cextOFC8STuNjre/PKrFKw+g8O3+76cyR05GO +HFeHffrS8NNl2c6hDVI28bJxMy+5I6RbPVfZPy5pKf1tKaEpWUBexU6ZN1THJ0Jk +1PUTG/8EU/w8Nuj1vLmXMbBusFyNi/GfLXutrjykPUM74Ldbh0GLCusnOI28xUCk +Lqf74U4kT4vs7gXehIQvcpqDjh+hhqlwoLNxdmKNceTnCcFIY0ftb1f88K/KzRB4 +dyKS8gd6BCX/r2jjF10U1ZTrO3YsAa+ejjJU0oDukrj1rAVaCOXEMgqNliBLXoQ9 +og8DgKAKblx2WhFVpRqtWpRY0AW/bpzlYyKKw//Lrw6NyBxJgkAyPlw98ucnj30c +F0vT2rjcj3XyAUR9sNIvSe0Z8LNzassYhcv2lIZ09rM7BNfyDK68muzIYZIUggb6 +J4Nxf3m8jU/9L7B6WH8iULvVP2om8EC8LJ9o2cqAXQaeACQBLBOyYaaZkIdcaRLZ +ZPB2oih5GCFej6OJtdzP76IWn2sZgSR1jOJG9ZHtlaOBVQObxlGAkAF3PvdYvnH9 +nsdVqECU/oAEoosIioauhu6b8qpiInm7K03tCoWBz+EulXPg9uRa1gdDv5hvpGoi +gVMOyirJTc0ZIKaTZG8Zx6KqHRvEu2itAs3Lya62wac5W8etORnn0Zkj656zo/XR +2C8zpIUKZ4NRS2HBfaLJbObPGkwAazNeXvW49snh/y9UidUKR1Af8zBIAxGcjxGX +GXTttIFSfc4dmqNZmrEsOiNH1hnEoxsx1b9sLCmiXigxuZsbog8loGwMKTvipxEo +lEaG2avm80vw8hGAuzYFgnT42yypU5ySe0iBtjqQYxLvQEZ5jf9KsWc4Giy8bPG2 +JZLi234jOYHJO6urdVFzEa2Gz50j1AsF3SCVn+v1dt2p5BllUhf/y9/AtxHf6WKc +xomsJIrzcQKPVGV9FF0rZ7A+cTj+py9t5XcSWZVerYnRzQ1E/6O+JLDprDOo2fvx +jnVjZyqLKJnRxpPNAjJ/jYPh3t3m3jPjBRMhStle/TxIfKor1b4Zuas4II963HaU +gn4k/uDVRj16CmQKblPfP0YNDieOBDKSFzMJlvajGV6fZx2bdM0IpZQYesB8eBEk +CWMLh0c6gUeWEgBLHVIie8eD0h2NuGGGCTpOHEcfQ2aQMPk2CFmufB5ugPaoyOpL +K8wWPEMXJeYOsJJilFiiVTPfUs65YdcB22J/bUP7DPXdX+OHIBwJ/S54O45BxCRF +KxgYo4NDaPPcYTloTaHYyAmNc2WNTKlYd1G2VORQ5oqm1sJJoKL8ogCmxamC3ojp +0Rur5OoUGa36qtacXl+gh0NG5sblWMlgY1SsbbLONyKV6gBKKNsNlUhiunwt0U/a +rdnEr2FWl9yl9KKTprgHHNgJz2xhd74Ir7j2vULTYhT/+t3iggMRJ+KaiOpycFoI +CnV34UCAD6t3Wz9D8fNnygJsI6RcAdLnRgZIxF31sMO42YAPdYqYmrpMz3+l79fg +WcfFWGYfE6Y33KLl+UVs7FPBG/Jfw2rE0gu+GkPaBFc4Wh+dTwZXN6SBxM5OCnJ5 +LTp69FOze2D/J8gcNv8CAockeuZzuWPGMhMhxcNsrhEZZA/nXa8dTPf6eoATwL1d +nkVcujiKB6lYNFI+F5Jo9rvEQojPvYeWPy4rIGBXjE6wdopJnybB+jjfNuZGiJEa +AonIgMo/cnJdNmPp4N6jIRHXBzrwVlSjgphSDIRhD3somVT/l6KyvcUVDVUKd6rS +a5VmM6Qopdx99OvgNm03cFd4QjUeih+OESKpkJnY836cm3xU84LPo/Se4YBl8YW7 +3saF0uai9dzI1z462uDvHZgvHKzm/C886lFG0XhC7IsLdyqTzKtyuQV0POSNNvPI +gFYx3650FFr+kWRUS1CcAdCW6zcXqU8MgQ5PYanR06yI39bJWElb0yt9ejbYplmS +MWFIWgGd+uZFJ2p5Z84b9dyTyqSfLfjvwT9b+Mpf+5WTWbmj/m/5JEPVcCCCxtcH +rKhw5ZoNYssOgvLf9mnstUu6JWWATAvfzjxD4lQUgA7u5LeQr0Js+ryIzvSD+JpY +CI7KhPI1jAPa+SKBCA2aOIXLAXjBxOyYI41eupG9MKJE9A9OACicEpGmPMlwp1Zu +vykhFRROiRXua+rxAEBJ8I67ARNqilaCcyjeW2ew64YUuUOoL/CKRvHbOr1NhTQP +X2BuWGriqnDc0TybWAOmvk1N3a5UW1D774++Lgf6wpd2mVolJwYdTp8y7l1y+I2o +3YjZ0GObmB7ICitt5ND6Lr81U7TjEwTOIzE4bxHE44o1Cs4AKzojMU9/C2XGcW1E +0cqnw8lbdOjqW7Fq1XXj7XoApi0sKbBx3aAYDRb121JiSuaAPksxWwUk4mFTqJ64 +KAf64NhxdFLgIUlIUzwEXOIVLVUAU5PbQSeLy/sHy2lYRJP6RSUaIHn03PPRZf6L +D/EF7inyUKP3c8Bn0T0Q7c6ccYiT1rhFjELDcgDmyfLAfs+GAcut4/peK2Y2k+Lx +opv9aFo3kueYGrK/wVG7G0fg6PxgVnwJOCmXBHjvoTXS7jAo1R9StbxD6poFh/GO +FVSoj7uMl+hx0m5EwVO7AfPc0tZxiMWD3xV10eDV4/IePaF5u6spXhhivTdZferf +Z/I/XKGOLvMoR3LMM/WIbIkNd4bK5a9zJzieD28iSZ6pRY1+Ag3OQIO8LySEHdzn +GsQ7WNXDck3m6iZCC58laI9vrf3/ZdsZFiJLFYQj5EauTijVzsBRrPwj2g8eSU+1 +WDv4rr1DVUcytr9n2Ch1RvefigPCOi5LxsaBNfICJzmttJ8LDhiwWhObudL7NNM3 +DEmsu5wJxlX2kUZzjDFGkgFbBqPKeT9TyAiGTRliy1bgkCX+SgeTPdSzaphWi6qk +Dqcnkxi5uVLqXKMsRD0xY38/6fnwItuTENaJ9HQqPO63BpflMzDfMQSjqEmb4jLz +EZvaLv+9PMne5xAWnkso9TveD61E0sbzIhDAKh1cirrH2EWtFIQg55ODdPEQ7NRH +GXyWlZ6upbJpRCT4URRt5Dh5QbJeC0z//yIRpGzp+Ioj2sFy92gixSkdu7XI9jFv +YIX5w2f+tH5iQ6a2U52v5o1sutoLAr9h/I9NGRwjcMgUqj83sxyMXMg0oio+YfTr +OUhldZm34gdU55okEluPK5GgcXo0m5l2Su2ZiLManJcnHMxV2Hnh8Lz1uTXY2VFk +32JQUveOTq66ellHr8LjFmq9tLUr8x8F81ddwa7sef/Oq15uF5xxySD2o0IJp0RE +x9DApjQJEh19mYjfrUly20m7aXNDAu3bE1WSoITKhjLiFXC+6nWvVps7oGVdSNHZ +DFhkcckrquc/sB6zyqVe7kMQEqZSY9WrjZk+A8mhVMzIilV5kFqEuQEjIRnsmoFS +oGvRlCjVNf27BYegnrfVfUpf17uOadJlRng1W9gr0dzBym8WtoQR1r7y+Ms5mSAc +5aT60WRiGDzcz0CfdtEyvSSv2mqA4sXbnQu8v7FoxHuw6SCBNMxkw69Z5ichZ+se +tTwsnUEBlnYKQOOjGFPY6szx2X+RinGgmP0FjVoH0b0CBcqJTJwuivbEx5c/vEeH +pSuM5x6vayr25VdPUDwj879+g1EtOUhrg6gLHk3RIxHOUlcg2C9AL4E/+eDEVT/o +CmjRBOCRbIXP5DhdxLO3j4wbhqXI2BR/RQTHcMqLTPiZrGfDd6pvdmnuAuTvxktd +5jAwU1In18LGRUrD0M9MrK3e8Vrpe6YHdl+9sYWF7BGRgDrdgOn2WabOoHxtY062 +df3PKW4gu1P3LQPz8nsJnMlZPccprDCaddzEV92bArQR76xgokP1Kq/3JcMi4vf4 +I9PUZXOHhTYGseqBXX42/aYgXpTzvGtNTLQUpfc7LkQ2QvHDmqnYxuWQ93dxztJe +Kkdpgd1tFOuzNYCIYIiYOfNx4ZVaoLmp2BiXDO3550yYecLnJLGiTei8FVWRT5Qa +9/uLiNf5EhHjJjEt2uzpEGSvCUOdf/2Acy1qNKK3WEJ784SdrRiEfUBBngl36f6j +B67QWEAty7j62fnGbgSf4ZqVzUTwM+C2NXIWHD9pLjebpocfW/5GijWARFzL/8RT +st23niDQq9swVD/c2FfJkJ9gViOMIdv925yycVp2YAlFVsN4mAbASwvIyUgyy2d8 +b7R2QN0UdTnbd2ByApAegTR65o3yfF9RP39oNCR4EWun5nH7uuifkjLfL0IFP1lW +pvz1qxys46iHFzdDrBgPBbw/QFb/SRmEQwU+a0XafZ0z/50fILn+o6Kr1aQ4EXp2 +8QM1SipkMWS7uZ4mbbujNqe3XAjAd5y5exgVbqBdMAcvdRQvyFouxLn6YEvM2ijs +TvPxibwvja/8fmZBa88p2TXITKsX7uY4K4TvYVh6d9ucJsNxDx4jGXsJVVEFMwoz +xbvhFOSurBcbZSZSKH2xzTHi3YRDw9FefVqcOwkjDmJ4v244soMVGGVuyqA2CJyz +91QoZSbIPNxIm+8WQWSqleO5SGrtJghEWkXuMZJgzBBBks9v1OSIqyY6629YUK9m +bTgFZ+pWjeLUKPZd24WGsVfmPBFFXAKwL98X9uf6Pm4QXQM+Iuq5c0s7JennE3js +4tWdmh/KWUPfleJLOtqv5g5Gbsnjm47ruMBNGDTWpnw+KCbL2J4/4soMdMn78iY9 +DTqU5X5EKZ3XFpRprTbFu4tya3ZZ9FMHAzfmTIKDKueckvFF6YHhcHbtzr6FRT7U +INOuX/1Bjtxiyu4a68yxwiGB7KoiKmAM2oZuqy/ojiboa3/9FDFLjFCPLPS864U+ +bEFtewaPUKRGat2IghYZ3hsepl96Wv/Z38sBbMq2owQCZgeBKZIHTqHs4isu9YGE +wvVM7ZJx2LhtObD6oMt4m8hHi78D+1kQr79utd/kb15pi60nGd1p4NEbalv6NlQn +aIQ4JjBc7OEc39cvuEvExLATezprKurQ5HpXeOSjZgtQUBIhp8gHtdAZ0cxPt5NC +b01ddDOTwoDEuTZeKZSRJV1vf4zOZbGe3yTXrJzR49FsNJ6Y29R7lTAb0VQ+pmhX +yA4dLcdpY8t3LEp3mAWCzWOBmu3fkYoXkrXHJBNuynchLv3LiUcy405Yof4hhX/G ++BI9DUv2ySEYVUnnkXmGs6XE8sOaT+FeysFlpRD4CageqFN0vHzz1ZEBEsMxudPX +KB+3fygpNrdrA+MZwGb+mh24qv3G0cbALXzl0FNfCv8lD56WIm7GNp3C1c/sCd+c +HodZmGRF7uj0yqV/qXYOmZQu5OD6JIfGLtmOOAP0cNRvU17uuH9Hlh/xtDp0kVtr +fBibgoEV2QIJDsz5P5TXu03FMoSOQK7WvTpQ98l3IJk9qThvPewzpinTwCT9EJji +j+6brIlnrqV6kBhq5AvxrMG1J9PZLx5M6N2DrW5dMKli1UoXs1hxiAriCyFQLDaX +CBh7gV2xi4LQf8tpR4/p2ra+Z8wxoixsGThJMhgwBzgrkc4Wezrm4dDqs+mD7mD2 +1M7kuSQ0mtf5tzm1qXtEARyvCJGL7FEJWo7gBIK6oF/YPI8NmiapseUZ4FiNXn7R +3LYvJ75Db0Ebwbykr3TI5SbGSatlLx2KOsEA3g2R8SUOwaiaV0eh90+XY1e1kVcQ +Ch9HD/VdFm3Y7yj0sQLnuWF8k1ky9jG1GYEsBV9ZQ73DsVCtvKZ8hTR4CgcOFESG +QtY6mlpaPmLiqGcz5FFzc1cyw8vWg5hmeSeuPFmI0dFOFg21IUCPvAvFZ2kEawj/ +EocNiED1tIAFRw7bwpTzHTxgZGJYooGc+AjO9fAZaohZk9u5X02smIKX6qgkqGRf +YnITO+IvzPtWrYhJ7MpJRZO9ch38o8IDind6Vh/Yeu+7gBwSX/Gyy6Vad059Q7Yq +2Ujx5/esv/ltA88yGSUFBqwcE55soybenj+c4Uc3yyeh8/38BzhphF8W5WBHu5BY +5ius47GbQCkS6AU4X1H2D80/cxFTrgdjWk23BpYUzNOTwd7RLI4iV/Hb4DLLN/yg +ClP8Valyw5n5Q9IjsvNBrpdKKi59MG7qtCmiK25XhI7kATxrVgZ8LWkdsEDMqohx +n+9O1+N9C5JNXoJFBHQK6TNc6WlTqNCrTr9sfiSlCZLthQv8bY35lgaG2swYRYpr +K07SnwtunkPFsmH3JpxmZF87rYYQ/nDX46cTLk+Q1i5SDwxWrhT7a7M1KssZ6M8m +ickzYkB2WAo1Hqs8t8gbXCAyW5LbhTKVOBervIH/LGmo6wjsd4lnXpT+UQaDijtB +buTRbISSIAIdgDsnJkoS6X9K4CgnyBOp97l/hPueR4PFQjM+bmshvJPfWlYgk1l+ +yn04ZxrFxcc51UdBsgFyRsYafyh30wfR9p0TLILbMcmj/BbnrGiD9urxmFnXRG2z +LePVX3l1KxE9hwjQumdcKuN/FHaQBKuCav+cPCsnx/ocEsbY1kk5Xs2D1q6dhWcB +oYTAKyPpn1663uxo8QZJvToxFoI2mzFKH1pJOJ/747qh+AqPlN0oDmXo3HkNajAF +Jqkki8q1rJHtI+lp2AZz8GfhpKLXwzUKHjNFGYYPKqnU588sn5XLocCc5fxNCCV+ +QcYmYGn9kcCTyjPsdnjQYHNGZt5lxeKvp0e2zIqei4p497QkJ0pKA5rgxIGqARnP +JDU4TYXmgP0CxyOSGHAVsq+OMZEMJW5PwFgq5g0rW5SXNkF96+i75Vge48yPnzYp +uv9a/zHmE/wh2zLNvsWm2sWvMflTOpRInyMo+EfJBIU2U8pBGqbZFnmLtCRPsCCA +RWeldcPp7K98lZFxwNCnq91yU+xRY1dOoMQLP6jWMDm3aQCT4+Jl/HdgdAlaFG+P +diDoPpFLUUfRZi6+lmv5VDKJ5XQXTDMBjyscIXXJ7mhC8kto3NCyTFfIXVBoEHFJ +kqprxLVPz/9Z00pZF2/Y2i9+AJQLfL7rgkpxdOuxJJ9s13xc1+/rkGx3FeiypEAo ++AgHJBtwY8N2nPoQfyDIeWI2ctc4MLkdMhr/Od5lj+Y1lYSLkN3mp9XcOwynASmC +K5D4c0Z7Q33IiD/MMQC7sUDmtgFTerVt2V+hCqgVdwIH/FF67+AmLPhe63VVxtVu +pXp//BH9yJ99qWVXEu1jh118+Sg8oSb/6JY9y2EtYdsg+dcTkQi0PvMdDrlR13/5 +5rejVYZwufLv6KUf+/sq7kqWsPK9VOaghUVLcRq9T2u8UhZRP9rqzHnHOt/DZBLg +G4Wlc2imShpJTPzR13wfYunm4XqUizgrnzFNP+WUYZQgBh1lsQnXRiMmzzIw4czE +IA2vCFtxHGagZbZ0aQIIsPuMdYPtkQqZ/jpJI8vXkyvCygI/1OswIY/x4n2/Z2Mj +7hRwyj3Fm22opOXGuWXnDzBbH1uSN4vNLbZryH82EWjVwWyYILVTR6ZRBHI3HvJR +gpOm7l+j7EyDjOsrOTZX6zjma3KqJFkyVwe/k/fk/iiHVt6rkKBbEFwF27btZP5u +f1EEDDVTBNidzWo68mTNMOw7E4mO4mpO6wToBZNwMW8BSqfj8Zp/hQJuKi2UTsGD +zPlxy5S6Z81k0chvEuQtHIn1tnoWIpfBGXzt2Vdb5FQYjv+o8GrpaZOL59Ku8NdU +9InJA3uOdy1JhMMuuRKbmNgigBpoIZ7uWnqC1yDmv7oHk3JD6qrFyg3wdDXSMcJn +cGxhBPLnM53NwCBo1QZ36bBykS5EC/HcXwDjjK5OcEHVKXlBJ3dCAHUpgdVJRhcz +2IMOR3TUMCfOXflgu1ZTUC2n/jawGlsnBtO58BtyEXrhH2pJGQOzPwSrWTCFTxUn +HouVdQdYgWIX6SOq6uSwqY3vCI1J5eR2YJnYx4y02UREWuszHnlDAGubNAauZSFE +k4o3SplzmI4yEDXERYM/WPddFR3QHMVw6afKiTRfQb7repL92UUNnpEVOeByPnGC +o1+4y9k8ztCK8pot4y/NR4t3hE0U948879lHn5C+3ZxfNZ3GAseOeZPDxD9NH3MF +SJnCpiO6IVlHo7IMAlZmhj7Dk40pNByF76OxrDkAYtzwJDPqChxugfBPs2UypAOz +QD9je3FNiUd2uG4bMfBKc9JcE+bfVZUd+nbnenZyP/JU4qkxhrNDH6dnj27F3qMj +00er5GRqHTbm9Q2hOx5kRXxSBWhAUCuwrpeB7FXUeskR73++cNLYJg3vjy54dedz +I4ODVhdqXvksmuMm8d7BB2sBy2lf5Z/j8r93yVtBBL8UZdr7bM59fHuYmBIH3Vs0 +TzxODjn+IYi5GsSaAF9DEoMT8pqZjI55sSetipy/5K+oexb0S19jAcLcG51ZWwWM +gSFHsIi7ofwUY6vAnbER4h/SIxj25FR2huX3qaN84GZdnRQGu4HsjtRojqB84mUn +RdiGFfbowrSTiRHj/5iSS1dc87mm8249JJ2EQJ1ZSSeHEyCw813i1h6yeW+rvqSF +/oi60IlTkWBV8S1r7sq0U+SE4iadNsUU3rlpSmh3+Tsz0uOHDmDRtmqGbkq6IVtW +E8o6s30Q/gXW4tTGLGb1XyvtpPmL3MEqGnTJaOOwD/xuZwlGAL2sDeUT/qte9X0H +Sft7sFZvJTS1p6txP6jvXTLzAn62ajqcDR8JWZWYmy2xQqzzKTjEoUb526GeDt4I +ie0w9txbs2Jam8ZBr9puuYQ9YSz+BxTj/hzqErUTS41AZMptXaF3RJrK+qTonYca +BmzZytPYdVkb5ijy1OE/Jn2SpmWIoFDP5TEUBsjiJHlKyjo8VXrTjuRO8BrXTwPy +SqsNwkW2BB2oRphVsS59i0jGsRCE7taaAsO7a3K4rY7b6VjW/Wh1miM5eYoMAGFm +NQ1eqfYJCcarSQDFVZI95yyzkeKPlL92roHWv/T4Jgx7SejIdq7GvpqJNPjvXa5e +3Lg5hs38YM+1uOwQRmZfMYC2XdfaxO/yqX2jW1bDFhGzhvfzhbG58xWpDg9HkD6c +F/WJeIHHkmBX0NEqz96JWkitKI1HB8X5H6XeMVpT2B13XL5x5vaY0lcJb3tvxiEm +ja5Gf+ukq7+Y0VxxTL6L+rBh67lCa3ewMyvqdsGURKDVyxm/Pw8/AhxkUVD/Awqw +6JDa1YQdzEf3EYjHH6D1OpT6wZBQImfjyPED7kXiIPQ9ojWn6sQ+AgYbAKjPkuy8 +5aRLeluoFf0MNpUyJC2faXDHVZirDQ9L6Kw+FPNHL9M97+5MOryQivs3wfXXUybS +e6U91up35B33BQxwZN8JzflLFHI1uSEu+l0oaSXNWFgc95v28Q0SEu0r15jl1b6o +haN6abRNMAyTdfDCcJDdhO349RMTnDIHSoJULtxNW1F2MQCk4I45607F/PNutemk +BBDq88vp5A+dqd+OPFQuukZRsWSr94nd/1WizcAHd/y7SMGdZ2EykrPzpVQ06wD7 +WiA4p1/12t3EfbPQuAj8i4U4D+1j+erAFpnBQai7Tl9wi9gGQOxyd0lgoc9iMiPr +YncdkZXoKXDWfBaya2haXaXET/E6AVMVcLSBAnWrZ9Gr/9vf54KYtVBZRIx3NOTo +78AppSv9QPoomVNkirFMPArGsJvNyn8+toDRD3lJEa0AHrXHZbqDcB6/M7xtNFJM +XJk9CtxDIUzPoVhODyhL4/N/RHppzbzyK12LzOzg4fzxHy0amRNoN7DzWELWGvt1 +ZZFRut2hQJI8yeECqllidTdkZeLDmGNJ5i4lFjUuPH1mllbIEb8xGJ3kH0haZCqt +eBCBvtyY9OnhNbNJG1a3PYlKsCTv6uWYPA76rIHHxB6m33Blups0mTBVCuzhAJnm ++FMXrVehoZ2RgiLvsy9qjDz42PKqKtkDeTZnwpSMpNUzyHbRy6iZ7br7jvStDvwZ +UyrCtXpKGvWxYYE8v62xyMgkLOrVcTGCJ/R2oeZ8Z6A57g1Bzxd4i/fIHL+I2OdK +TYe1tZM/FfcMziL2gnWzLVU/gaF4HGtlr8P5RKDdra+fF1tizTXDw/B08J0Ir3bB +3XG9AcutBDqjHU5q+HNv27ARhoTgxTbuElfZk82JGGMQwwKSsZy9bZNCudJwgixl +xk+XnrIXAqzBiMEr3nKcKKqQITbK8j4FUpD6iYg7QRq3wftrhkae79DuXwWZLa3K +Bnrjyb3Bh00GJb1ZQ+NbAN/sWLDHm7iUQs6yPMEkkRt3osYbDJKsh9Ikqj/heUtT +PKykCLAr6XrW1Mj0MWDgxbPqp+DLX/zesv4JoJihSg1bkgexwLAwZYFUL8BX/5G9 +4Jy1eDkkpWbRQ1lSH6DW0yxgf+bUT475w7W2zreuSWmkfSdk+DSqskoM9es6SJvC +ZpfhjA2dQSNR6TcUoL8Trh1SD9M1FPtk7dIzmXIlUjtxFdbCee9rG/kO4ftgTGuo +nbT6DFtJxJaPk+3n5R0FW3U44jfiYJ013m7TRZ0wIxleGYQaMzGbw67EwPEhBz0D +ttreSCtJt/PgBaIGMqg3ARf085F/pb71OKVXYpY6o9llBsrCCk80Cq22zXhjuKdB +mVTsjHBZMJbAex9JWteheMIpJpcZCyQ3Fu8CmEtJh+ebuXS+BPe2N3ScSAUOoVzd +xoFI9x6GIjpnZOP8nmttVZuz8YDpQKsuV3Eqmh9WgfKQpGTEIi5cx7qNyNb1CGwQ +LydiXjUoW+7xF+PubKa0GEvJ0RT4wOFXSfNzU7MkVwAqlEtx0HjGmAVL9glWVjQV +UZh3y/lI9U6Pifm6tMG3jDsOJ5pxeUrkR8iaGk9jAgIXVdcf2ysy7K/NBtj27Iap +1AZvYfvCZfUcFWOIl1GcMKXGiO/mHSBGkMDEyzO6hNN3uuFYnQsDjUlTVctwDUth +dutKc3yeNZGX108Bwxf5irHCGJr3dY3L/jvwrhzs/R3/MyrYapR6Ztirgu4xRYeo +H/XdQjmdOHjD1KmbW3SW4RM9maaNvPlzHMKbYOHqTY/Su6OzqyQCq81MXvTf26ee +meZHkyV3HJNheLUrC9p9NyFIto1hJVNVsuDafuW4RE+DzAvijfIu1/02X/PD+rTI +ZslnAbNu8JvZ9ljaYLJObPMS0LY7WxeAfLSJxnaUOJIohGc2+ryZdL4GLX4a0uK+ +tuq9LhqYwPFf4Hkue8WBv4cxizB3mpEC8e79sdTR/tBNvq9lMuyQY0RGh9UBv9ZF +njuDv1yIUKRo7mrRjapU7Fxi+2YJ3hnNcyvmQ2oRxKkrj4m8mOLZZlW2UmdUzAQe +O68Ac1doIvCKltUbFBJ+/KzCxBWlhO0CnDPYWxX9nOvBAXUlpww4Z5ZYAo+x0B7T +FJ1t9JcdRPdQMgao2OXHK3zZApaB/xU+EoBnOMmB49/0REzGD1Zt4zl6TA4cz5nB +1CLVfMiP6d40DvPefko5+E217CScdn+nCztvkSy31kfHDnZrWQMcpn6V2sy5xZxX +Jc13MT1rMnoSTomxHAoFbkCl2CZm/bqVNznBvSKtvnl0rm9Uvhm/Gc533kBE+R4f +bvtSIvkXUhcGzojW2AFoIkUvb99Nbo5DNPJQq/YnMhp7sCqrmHJxJEPDhVSbltlU +SafszIspf+3B2O2Y08mfDR5ANm5wJborH9yXGWjEeMpjF2VgWWg3ONzgCYeLhDEx +tIwpdVlA0XBJhSRZLQA8l7vpi5dn4CUdiYjqtTy7y3D9jDo+BZAqFMaAIUxqt1Qt +nHjdX+J1j1f2oqukOvwU2G3teCxfNSK3Q4dawNhbvwEYhD7ydidcpT1KjI6ReosJ +cMfCcApIS5lugFkA8lkt/V1C5PsEr07BvzRezxl4yArZsqGnmdgrzkpZ0S0NPSke +2i7fUuxhxkMXZch6u3OpZ8mZSC5hZxR/iZEAKftOZTt9YGnsLYR1qt5doJwvsYr7 +wuauWRz/Zbrx2zijliV7yYpuMdV+nufYLyIzdRjXo8PXsND6Q4YZJ4lEPiDOKfJH +B4y8xK1zz/Vc52jVli2fXQeIFw6iDPkbk8Eq2/en03RVb4F0AuT4DnDeiht9n+E6 +3x9vBQELGz/qArVncCG8iMUlJctLPKk0pPp9WZqvk6SkfQSu/2Jsm7Y0zs00kIQx +kcIVBylFSmfzc/tW5PxPWmb77ESxCM3UZ6ZMoqkE24mH3on4p4pLiRB+usXTu02Q +IOev9NDTV9iQbs3c7br3x0axktIt/rav9PAzLsthCmA9bJmxwiAq4B8vKahgrW3b +JgJq5qsDC1jLR9APZm+c1vLM+4KKQq8k+c3PNRuDgxbbvPW0pr3kNZC+BApZ1yDl +u4zMIvgorqvW6QZho/XB54ZckMp6a96plqzc5cn5GRJBiHxVp3WM7H0Q8/m3yR1W +klbEwHozhDSSrvmuRy9DnrIVPFMWAgl71TuL9/zcYe6PJ0s3opLJ62QUX8VX8P4B +KD4A7WRBY7+XHI9bUpDxyDSKImtNzEoibQfjZmpwglFvppLnA1d5k1Dd9PW//Vus +AnhB8S6R4K1lYfI4YP2eUy7Jd9+0oKUhxBfRXljO9csqQvfsxjdFbaePyTSXA/Wq +Cp4S746eIB/WijeVB3YAb01n5b+jVGPeaAmMv4l7CwKmN93MZViNAJyHdDMg1IaF +UCqiGHgHdMLBpIQBlzLH7OEfFgSjfAGvQKtNsrb1mPoxg1PacW5NhFlMeRKCaxZT +TfgbPb5K6TBrjZ64G1GX0oXIX0mGaxIBvbdWDNGc+1zNfL7ynAjn8uyqfwqg2sH4 +Nvi3+0jVagyStGQWI/weJB48cw6is+djXJQ6+qKRFqjs9YLZILrrJlEo3AZDOJUx +B49BG83AzB5Vt5UE2BC1lJYRhwcCeUzKa17Fr8RYvMWLXPVKw08xQLVU8BULbTUx +E9hOkD32sm8SkGXJFbx9/hDxAGR0XXi1guOVCOTx5wQtkv0SZwtL5VD7Z5906bF3 +tlQ0k1iWH31zeyimr3cJBA23Vzd72R8MfRRVbQWg+dHaQcinq4aRSFJYhgh+vW35 +WaKhy5wNXaZpfmnr8uAnE7fLWr4ALWqndOQMaG+PXQQVoGWC/xQkPVium+lXClt0 +3rYitLIN1rVbMrRelIwbjLCXgp8UoIRDEbk/bWM2tR26taUNaVFzR6a7mH/NwhO8 +cx8BYNhwlmvYBsYyshaGdFdsIeFIZ+7wvkmee44rLII4fuSS3fY07FpVg3nVZuAO +AaqCnWl3pK4LBfmQs/d2d0YthER9X+3idXB5Dl5oiMLgtjFhs19XnKxgMvj+Nb4r +hzpZ017s9ohSxIf1onS0PAw3bAtJN7/heX1/DxOY4CdTo7qq273g0beWFcDAlTTI +meLszPaZKHF8Jo9CN/MsT5Q0VEoBOj4Ij1pmHiSnY3Zld0PJkSJxEo5HTZYd5TNI +PR7X8mwzIr/bShEEuvEamLoX2FMIbDZACE4Op3BWXVHpXiwgqa/FZyit/UpbDdme +5/QBjF1v76LefWa2rzopqWX0SN4TOy+9FivGe2zAmnSpkEkFgUHOutadiSXoukLY +uRtfEaZketT7VWTY8gWmJKLq+1hc1jdR3CdHl6ycUrlS7jRZQSi61I0iwWj/ye59 +tk1tJYG7l5sFo+iMVfxtLYmBatCn4NNadN5bv83UgjKiRrv+TOKi9P3Tb/Le3yog ++GTYXrdKoxOOXiPUamrBFT69MM1R9k7NHarb7D8m6ILnL4V2tbe+YdCnWd7XIRbm +kODoAKeIsNCF5/EHxsnHmffezvMqonX8LcPjXhEnsbuii0KZJ1SRAt7OHXEMzuAZ ++e497RYvmGO+iZbW++8m05b95hn6ZqVZeSdvb2BKOqT7EaRDiBWRXz/mF3N+xqB9 +SRGfIRyXCqR5SwN5DK/R0EMVX/J9O8/6qeD+KGroMDNLwmZ4MyX5/wl6RcW4NH65 +U2vRPdt3QXZ25eInJeXb31EmIvjNm+KaVZ2WzIJyELSL3mlO6OthX6LJUMYMlvnV +arOu6sp/SF4qxwohDzP5JCcMa7i4SbN0iBLX6aEf54NflDhWEn1omzgkXj1BZ40J +xlen11GQ8C0UpDsOb/KFwX/wCf6qkZ0P3f1ZZF6QeLTdBjDZeQewb2va0gQRGtAG +rzrPBVGXIq8sVmwyKzScfqsLbBo22heOARWWv0tFxyseLC9P7PQhidKTnFK+z2/C +FxE1C/MO6Hp5meeB05DJvnoEffmzI3n6+VN+KHNV/Dysp4FpCPliMY2MNO7LaTve +cDtys+qPOUaBTxuV9WVYixDQ4gVTtyv56Aa7a1bcs0Z0TW0Y+sd9xZeO03/40crT +i6R9KXYx3MtCcpMEMZ9IavVGsfdQJVf3AGCDnD4lGTnMSLjJgbsFTq/kCwEpU7NT +U1Tl/g9ORcKr0HKZQip/znXrWQp2NHj7nDs8T8jXQnCkhoLbzRA+C/hyLJy5m4H/ ++8p/x4Wiblk1W3516HE0QkK7DDGwIlt5mWItuJd2CP/0CoLSg5i1fu2JXLWcsOG0 +ofiGK99D8FfNcy3M0xbZxNpq+3GpNKf58ciQ8mxgufTeDLQgusCsoNM7ZcLc2CrS +PqhwcPabE30eG1DfkvQtNHvcVCd1iKUCHk/ewNVdthu2QxCg3uyafHgUdIlDxmQi +vVuTklD2uaA3oNBzP3MnylC4/Seizj2yX6mY77meYxSxVHvHzUb8cYJu+M07aa/j +IBAcBnFkBqt3Fl03cdCfekOxpuTc+RaBdGIDw8Hgrfb1yPY/wzUWDAgnHUd96gy+ +gKBZLey4tqwkObdHrPibe7uF0BzwLFU8SI+weMvDXim1Ye41xbEHKqa3zYFgQLYm +rG0OCiVmBz/6IpwlR79HTfvw1LTzr6ivqhear/RwEOLewS1M2fFESBedb5gYeNtj +/nfhdaqxu13S4izAtcYd0QqlvENNTkVUcoeCTB5cqvKdjob7EyocrNIvoA4pHSTt +PswkS+BC/Mi5oStlTVZfWWWOsVlBd2wWJXGTvl7IZcb6WqzHF2HhNlEbKIm9pkLZ +hBqSrWE9PKAo4gPmfMAdE3NSPjYvUA2mK8Xbi53hxeqthcpIyt+901vjvbPFcP2B +IiZ7lUFS874wUFlZSXwg/7STiFmzv4YrmVO1ZGoiNvGmcPJ2jiOI482ETWvpHo4S +URQ5amh3/cojKjlEhFl341e2uub4OFEMIqh6/DxeDoK01UVUHRyjyTztxjyucSbw +eCYn0qkzGUz+jmOToZip2JxfHyWdZyHOMxe2PsTIzv628P5qGLRAcmc31IY5raIj +6zm7QGisYuEUkBdkeh+2sV+P0KU4Pu92CWNQI+FjDDiFI3ZYY8xD/AuRb/n49cqt +guf/BPLPU+ABCfoYShTGQRwx5B0ATgN+9U5xMYhxi3aD2bErmSyrUpK4HEoSqyAa +K/WD9GXIVxoyr8d4Z0sHzvSpiG6ZY2YGy53ay6rvEC5xEgq8RgHixNReZ/uw3C9W +1RBnibFj8qoBFikVCnJwvDbtFXXmiprnNsJjL67Ld6uEg25Nhr30D7zDdhTU1156 +vcSl98QQrOKoo+BZtwz0LvmS7BjdUPHh171el+O7TBBiUL0LktxjEuvKSxuL0DUy +vSLi/exAlO86LblhDfTHdvzVVWhHdmvj9WdaS620ZwUjsWy0fgk2ww8RoOCEKhHm +BK3WAbgkltop+It05mD1Dmh3VXTmhMTDMWx92dWu7VsYpjIkLQf795zaGPBgwgGj +HVmCwuxeUKjctSu3kNSZRMtNDnbdgmxjGHRV0sA5TvwAKZLePxU7HVVcJFA3aWpn +XhU3PG/EPow425E5gDvkQiKNPmUfMM8D2fhR4xWQK2tjqfkpcOOwO89+aQJreLuz +AYltwrAfwlcWjhDOvAmSPuvudaBlEnLiih30IGgmEu66/JniF9f3ieoQcs9j46ql +bAjZtWwM4UWEOti60JgUtgCjxx+FWVpnjC/IFN3rXnT7IhqlVxqgRPP2UZQiB+lf +yM4UQwnWjNaQtJljtUn4isKph7E8q8+4B3tKjG1c4VA1yfno0nKXgnKPzeXnauIs +lPyxHqa9pi8bi25EgXSJsgMh2CCZP8OVhnMVOctgnm5XBkFhn1NTzzb2ib24g7ek +ZkZkbsz70T9VAzrgDFmvFZ/SNGx38YaX1Y8RySRgDX3/6uRgGSknF3+j+JYWSWKf +lidsiSwtYTez+BC9y9VqQAUey7r4MhZ3z/5V6dvDsohjMoPh3CzFdTxP18qA38Ub +3DoFzfN5RkoI5PEh2By+eK+SoE61asG4Hnkup5vzO8edWjC0bTdJ9PcXlvgTHjjq +w3iR+mUE9qmkankF963JXBIJHEsXhchfYasVLddbWCUBmHAwyiafrwcJkmcKm75c +CYGtGcDDHCbjO2gorea+iVw65Ecva2w8ActKZWNezMGbiHWpx8n4PnyKi5A+GPw9 +IoeaX6EWrqFkQdgInwoRJZHU12pLiXOT6RvWGw/mDtgpgswsQVb6KeVeHJUhGTMM +W/KDBvBJNoI5WIGzt/ZJ7iDlmDmtGdc795BhMv51q7igaVvmWMXodIuFMWwREJnD +hR0U8zi/a8yqQf8dt7F1fQOoYB9UbpwFckZIKbxGUsPMYq4XCSKmI92RtBEpHnuC +QisR+c8dVLriyKWYBK3tcYEFT7YE9PYmkUE0wBQQFPIh8T9Cp+EpDyRR00AYwvhA +XzlcJIf+QJ3U8xXe0jHXXtBfgyoGsOgbqUpcfcVC6d6nCLBDXdoHd9Rijaa/3I/u +PQ97W1RP7znqs1DvnMQbl5dgS2e03grkaem9CnqDPNUQNZpeF1IV5s0qBF6882ti +G2sKDjurJbOU9J+MZsD+rvKas2wrJh0F9lmdyNxWfzQwaHhKTfRkviNKXXwvw6ir +QcjXL1N0hK1ybJwSHrI6wwyN7Xm/I+KlEmTTFjAY9bALXpF2BrAhKumGQkwMlFVq +ZfiRZ0ALyG+WY/RfFYKYNDGh3l7quFSBMLupNPPJ3eZ3RvMAzZolfU4feDDKdEJ6 +ix9uXPiU9Cif4ycVXv4ERjH1MzH+rSbzOfpnC9p2qr2N3H/VYqb+4FBqoONjj5Vw +LCeITLGPIddgEYIK9pnaZPDIG8J8A/cRqQG4kw8h1cfQSKr+7pL8VjSTL1eGL+6A +pRHedjAlDDDMrlsEWHhnidy8IZUlJDh4dmErGJYcrHavtIrAUY1kP9BDsofmXLje +we7OD8dSvqsYK+AtZUV4zvsMZSCfIVnyYGrJFMRM5Wn09WTczmqvOs7e8A8tQVLF +VVYLNSyAt+qUKHs+ap49/nenyDGuFizb2daXgiBJT1giC/ZPTmW4cASITV0L0uwa +pOeaKsbJ0csBgdLGW8ICKIQcKD6NzQD01BltLcZKmWe7VDKbF/sxoh1ZruNtpk9D +Mtddgo7Wn77iINL6xtGiDsljsy0x2qehkSXGv21r+08C8J/IjerkYeDWmlm2B0SV +YXo8BDz51O7UDjppytje+NygnN8044QgDOpdwaxlsQU3wYoKPJJHVnByZz3Fbix5 +pAqzbPoXM5rqnIbIAkQFn/C1mCX6IsEpuZpfRmdq99oqlMCfu5pg79XYCXFx2yyZ +NgHcaT06emx6iK1RI/c2DQDo11LTobM3teieCeke/5jFItZayAAyuNUhKXHYRdRx +gyCfaM2KhI74cruVXFE8oGJV671U6rRPpfsLqw+FjScRoacvrIpX2wnn+ESk4I06 +69QK01p1vyEP+KzGaQjOL7GfUpNWI96veVCVCN9usrPuzY7kH6vmJrGuWy7bQ4Ai +I3XwtCtxoZAuSP3lm8nTZkPM44JYfrTW2msFQ/7TqqS8rxFgp2avy1SghgISLJU7 +cU7M4cGVXtuIgIZRAQqK3hxUSjayXIUmLz7W/cEmU5QDQy33e9zfeT8kMRiV+m5o +90Nbgxik/ItY4Li6BfuMCEfpPxcGHjDt8AU50EMPQFx67kv/rdrcP6BvkVzSv6Gp +uYsVrzxPRXAY94g5mkp5a8iD+0Vp2kHafUWUsOoyE/eboDy/XU3GWCJu12RlgiSN +QZi8NPpvVCxnCI4swxbo3kB6Jzi+fq5wygtpCsxrbFfACrnMEZFoIzcG0egqZUUn +Dvu0xuSlIn1CwDuRscNhpBj2Iv8T3RTcy8vJM0qXhuoH5Pe4gqvzMgUZlHQXX38c +WBgf/MC1dJey47wz7MIh8Mzym5hWZeByTBXMySWPX4WBmeBUxitUg3NqHA4HlwsC +Wk5QKI69ubAk9yu+3fkPtekpDwBCKjW08H5ujx5yjq4+R3RRTfw/juW/lGnPul9+ +Ly2dpa6IrZFo3q13WdV2P9SMgT0MvvO2/s/FpGzoj8dNXSeIDkRh9r7vzpl+lute +dkH/OoH4H4p/mbxb/Hbd71VrUhQDXIDFQsDxBBjah3WO9MxddjFHi1CAKb6vxeg/ +WKLoVnkCOTX5oHAs7s3XPez6NuhgrMyHbiGh1KBPi1lZ3x3QnAoqJbj0RrDO5Ama +BOe1fCyi7/B2B/tb32W0PaTgPj4NauNOKuZ6md/fgKdrjV7YJUu8h/TCITLig3Wi +h73GGGrtFozjhPCsGkdUWhQRrHgElVzITA73HmruEFL1GfLURrraiG95lGY990F3 +LsupQrMmhDbDLSQemMcEg5nS6rjn3kJn+p45bsZb4ThvKwhuI1j0VsPKvhm9C93j +of7Oc3Nx0miJreLPghujAnUn1wkv0bEJc5GEwBAythEVLNQFcWaVqDHovbWOpP9p +rDU/O4qzodoh/ptWrH6H4p7+QamYoK0OcEJStDMpQAu3OV9B7k3L99o/FlCuo/99 +c9sPiId47oaOqMVz4/XQUwOce+F8B1H8vIoZWC2pj9AbLlZgkpiVVo50HP/uWf2r +mQgk4pLd5c9GAwXGlcqk7gbjb9MXfKRhs6lt5NZ3hQb4A3OLdwGpOwTUAMWYUwaP +Us5vWIu+8uiicP7Nthbq9usG/vV1LhG/Q+fk69QKLiz5aZYMxf9xGCNRTeT4u/dG +SdgwQFkVZaf5nTwkVQ+paR9DYdAo9hhxy65AJ46Fcl0PH/DrQzNOY93uAKBN6OuJ +8uJM0etn/MB9f+ikcxxn81JRtppO3DeAhVZyI9cFgV05c8IYfC33rAYzxxOecexD +o86rjCmOq0eMSbBVDekzkDS5TkxHPOinKrVtO/AV4o9KDLEEX+DWbYiIbh/3qU17 +EhoGpOiiTQBjw8jOpdEHS9lCFfZVHOczY6U6x9GDkF6FVgje0RITNkeWZSNJUvPM +WDSj7qmgzkp0wvEY8Gj2XRkY+mXkIIfx2WzMYeLL9NXXv6ptH23GPdf9hfTMkIA7 +SmAp22hQEVKvFZ7meHtLAONfgz9Y3Sx1n1HuA4rH6u4kvdaEq1cupT46D1DnXjSH +uR3G1R6iStzQTvoLbbYsLxzc7CXW0iH+ssfld0jzFzyiRfPu7uuMDVKzDocQ6p1W +wb8nw0XyH3ETBuxJYEh9JEY9O9GM6ILzUClSa40dVlNqhUNKTBSuH0ZIAQwUbI0U +ALETYAYOfwYk1BGbmtSj2gK/YrHrwAs2QxVpiI8nQt1AfokEFoISHOazZokgSULq +i1rmlZ4u2TpC1hy/dlLuUKW1Htd643/qJ6x4bFWLrXdyHOjG38T46pPbRaMGFq77 +dO9G5GsjWq2CPsBBHOiXyHbuRt7KLx7cIu5Y6Gllpf71+O8ytckbfKatJQJNdSFD +/UVjx79s8rqbw/tqDDMlpFHxjV3pjWMY2xh7+WIA7m9v4HvtG6Ld3DtraFm06+sl +KXpQSZreWC1Gx7cmYHGhJQmSK8s/ug3VasrOdumEy1KcOcgFlGyls1EPEslDVHfD ++jslOFhGZ4/BnX3KVbTSs4S99eJFKlpIOHeBYMmDZJT0Rrn0vDG9a6jAV6JnSlGL +NwkmBXX4bCg6Uwedf1ki0aXn5N5fc3sujvQI7Yb9hLZlBak71Byv5BBxUmvnZHHK +oBj9kqHdPxilZ+2MmUhFZHqPW54WfNEedpWxW7i+QxP9IV3MCDvDp7P6yIsapg6C +o4Qk0qv1xYzgV5Ba1D73r/kGQGQbW/aJASQRngmJPGPUY0d3l8qPSlbp90YOKP4d +CBmDA6T2MgWvd9LXA0p3whhy+O/0gDqKmzHTMdcdgMqUrD2YDXBmKdsEmu2Sh5F8 +1xRVQuuLZjSP7GkYLTqyZ99DRNHh+tphQlr28ahrIr1nogxlKwviNlUpudiALJus +5YtIzD6r6GAVaMIwPC9eM8A0KZPoN0ZOSBc+CkcTN8gpPJ1ZCQhdauYjiimln+D5 +uiP92p8v0XrAvfQQaWLbgWhOjbrPXycgz0zu6L+HGknXen+CyCFTUUCVpKDMtstL +b74YvD5KurwsXeAIX/L8EKFQ3A06QuR/r6lk3CkazEBZeWY8EPJU1eq1pEiJNyaG +Ccppsh2gNjq5eB8fZqZatS7wqkyl89p45lnu6zK+kwaWnL4vlQQtoP/4rKVEWd0f +WL8dUn6L9IDzj42E9xLIW0gSpQHAQcS6UQ/G5Lxtkr+j4P/pnHI0ZRfRdc1sPO7w +PFj7Vc9cCZvZhx4/sbxaLxhlUrcLta1W8lq6ea/V6WmqJMDlffwFKnGBaUtxOx3J +rvpVw20XRl0gzwukUcZdFGmt961jVLoxI4ANsXBEwSc/VMZdI7zHfAQUESm/4d2M +qVd/RjaJU9W7yl/Q31NuMTlIlsnxOCt33y9bB+6iyLidD0Cut/TgtjeLTDyW2X+K +8vHj7A7hl9iJBawybjX0KfE5gTanReBp7CXH0ddxIHqPIMdh8M9UawszqKcNS9V8 +Cnv2q5mCqoiU8w3kcr/TBekWUOH2Nt7zJ3bvnuZ089XxerIwrYf/pAhK6NJ+e46f +X8rSeJ28jBDGjtec2KF4ctFXhgubIV44ks7VUKWoZ6jSnNHqyBLZtEHawpQX+eXa +eaBetJpa6ys15HHVpnBM/7EsplWRjTTvB5BpvkLHkXuYwVY/U5MI/DDWE3MXbnLO +cy6HkhyO3/dj8Tfe9NaT+6v7SLVNI9Kw50HqVsQMRfMxqI4SWuxZ1MYCruXz7ryZ +JJLFcI5xxZ17/YuCC18KBBD/r4kCUU18EN9Lh6zgflYJqrCLPqF8qLX+5WyEDW5S +1+nzL0zJphP+bYObzocxgwHR1SxedIFJCWTqYFd2/vcWUe75QemY99hQ+koXXS09 +nqnm3NH5SCL6+QaxySZh2POXDn/sC9SAiCDVjbEU72PHtJ/VQTyoPqLEcr7iAJjo +GqtMEpr1tBBbFQWKtv2KyEgyGH8kKPKg4YI09BhUP5KXHg/IIkluYY2M+EGGd9F5 +HGh+05noYTaOvg2mx0suGNVJ3e9bNy0S/4FpCRxg8VI7v/m0Xr49k01tLGPM0kd0 +Pyp9XKMpmEfPBcjsdX+4qxo35uIDKzxcTGUjRwhF0cUcvlheQC7dBuE2BaXwHdm1 +nOsB2kRpSjk0aouvLleZcGkQpsEF0Lf5LA2ubgrQ+2hA7IqFIERrrBw9l3s9/88+ +eNjNuHTN+qdHbZ8WG62PaAzPv2hc8u2QsQMsmj9W1csVHl4lUhM7C7QCc4xAHRLp +oYjUAfUS7dAGJtafCIj9Ym43OI87b2uv2J7vTb+6WeeS25G0/T35Akbmx1XeMd8h +dcRVdmt24lAnWbgXTvLSy/hRSAGLhfg6Z64Rps9I5FATuzDE7z0lhV3IUEp7YFcO +OvzZHP7FtfXSSPOe9BShqVSN+p2uspy923kErBhWCmTcMX+ZsGqBW3Bg5eDnQVhc +hwP2flxLZUJTFbj8Tau1q8I/V4NaQ5B75q2ak63+fcjRn8KOfos1twLBUzFCbDFC +MDjh3QicYfcEH53OA8wIqMvAIhNDpq2ZnpBby5D6/UnEJyYNMGwmIdnngLsMxnQU +obp/5BIsC+q6/mIMS/JDAEcCCeriJSRgwbIYvprJDiIufQCelwU1OC5RdoQs5+xG +O6s/3MXtakjj/QTg73+JzISqo+5/+3ksbDoPawOEl7DQO9o+LnU/1Rj9uKSnRjQe +g1giAJFqcn1ekX7IACiApfGQ13nVyRyj79duAICH2KE+N3uMNsGW7agmsggn+Kcb +pI3+5UySXJsa/7T60gQb1MujSf2AGgls2W3sYf5njYj7EJ9hzq19eIir9HtfvTJo +sBVLy0ht5JVjT60RH18G3rr2KIWyX0Ao5sZRRDS2hZNH1r4taIBjSGQaRwh3bzS4 +8OpfjqU+5JKwn1zdSkXMMpLyevnsNBBNOZDddV2MKo8nZxJld0LT77zoXoOh9lGT +MT4ZrcGc6Yu4Aqaf4QukKAea76n2569vtsF8cjsiSKaSPiU97V+Ia0sXdx6yRA0S +et3kUhRwNZv8TWc4hXeKZxktfBQi7MqUIh+kHQ1Ma89iteMxi8NSLWWspJSAzYzb +VqzlfMX2KeVXrq78KDrSmPROInqN4SHB/q8ayh/ZSdMESxv6yhObKTB6/6W0PWML +KN189cvo0PQVq6gXbRahOS7eURxTWAcpHhK3DLbL/v5PPtOjAPOk5zrKdNao8/Lj +U8VUptuNhVvVhtZWVL/Qtc/rDRQK3TlKkzDH+RkGlXr3TrpouSZTP12rEpBRGtyc +nuSXtzCIdPXZaC2fNXpPtGenqrRi2wo+4NzN/qjXIWB0Uu7Uk3WHMjc8II2engBy +7SZwuvVvogQFgdvyHKaieSLmno0WBGLDvuxGE7/8eZwUvLS91Wvl3d5nlxHUwOiN +1wuoCdaBbHOxh8wE5J1/Sf2kwT/pkgp0YKPP3oWbDQHNibrCIhhQxadxH6yIr448 +rMxdry+AXiV4u5ghFBfktLhcVDG5j2WjdB6OlyDGMSPjILdLzyivFcPgbdC0LSj6 +z9oAPMJHZnTzH23H6OCfa7S3BDvzhTIbszgM7WlW7M5h4chTDmk0Q4k1AtCRtuFz +QHVZ+wL/Yk8hi0I9/4SFPHI97b1UC2vL5dZOXI1UL+pVsQCLgWmrGADAVdUuhsQ9 +QuR7jP7Zazru3dAQwOAln1BCTGc1KW2tn20SzkFe8Y2V42IA36cPe0dPSPrDeHo1 +G9wuhWpaHVWbupj0+AtQKgOp1hkTpO+aoXSCAfqxg4gz7K/uzCWP5mIvOjERDikF +sTqCJ3e5HwJB0VGRbYOQYgjEZpO7a3zoQ+DV52owJP18SLdbaKIm4Tl9cmY8GeyN +k+XueiKbpQ4MpeFGA6NcSPnqQckig2J7dohQQfSQOqeeofoHfLzPq+fPwybc6xMB +02OxU3F2JuCQObBxbK4TljC7xH4O1Sjrvf9gB4WkloV1W9AqzfTL/qxjePkZwkUO +zXYjRGzM92f4r/2g04swAq+jKLyucKHIwNrSuWfewpmMqbc9PFS+RD35omte9yJu +RL0er4RwUhpNhcMMK4J/YK7l0UG/ybb0LkW5PIwbmpxhi4lc8r7YhslbwtthAEWK +QH7+R3Tf/GqHFp+vItagnhRYQzeeiCYTAmNqSmrnvDzSqOHT/breDNAqs/GGQ+qU +7n1bukVoYisUNI4RWL7CxgeoMHJAO7H9jqSws4Dg5RONYE64agc0TkKUB7Wi2fot +nQPUGHsAA8cK0/K07C3Y8vfTOgNvrlxjOCcR3foNC7LSGFhHY9ytyisDBDZyCngi +YpWO7mK7U7gjM1pBgvWPbIMSqyuGiZxg5IlTdku6sbyM01RHCtVXnNF4ZENduxLK +R0LALE/vo88MckiCqngf/EyzZzCap2XdB+089IhFS9ToaVi7FovmmFCT7ba+8FoL +GzKk2EAmVxMYFJg398YryO3L1oVLLP59UXN6L+e4z9IIFx4P00pETukU0D2+yrEo +Ab+f0o715x+Fowb/iNSti6dWJhKYgWs5P/47RyUle9AFGgLwgndcwUh9XZutSGm1 +hkreuJJJvINOzDQIDDc0OMJwwX1p3bHVjvvdq4/uJn8WTjOi4nf8MD7BKJPgxf67 +F0EICZ+aexOZCfarmHclyFpLSd0f4Kx/N74ILuv/zNu6knF1cH99IOLtZhsrJ+FH +XqPx8BJZC5a5wGCC094pablA6orUxIFm+mUMevSH8P+bIpSIYJx3+h1blbK7fyy6 +NAr1rJ7+OLFnKvgA4CahzHCTb+IF0nwS+vVuImrPIGxyiO0RTTRdNWiOVyOZu5fI +JxwgA+vVKx/T0fX71d0iW3TpGQ1Bxoi/X7760EDoJS9dZgpb6nV3a/MnT9ijFXI6 +EvgIsev5lwpYgcPb1Pnoe0H8ZF26I1zlyinmHt+hEHiIdTpUG8A9dqKrIs6NZMeU +m5ekoY7KeuEurUUAK3mZqoFxXTkNu2u8/iTA8g7WEDn5dM4Lu9b7f+RLkv7wj2GF +5vjTpADsVYRt5xa6HDJnFeBI+yfpwP8HgpOVlHqNWYKKZ/n05CzHX7F1F5gO48gK +3L8anEgbcpFtIYsQUrwTIdyljQAluCA6eVV5NjOTNN81zcg8fPP1kh5Bc5hLhCI9 +2nGF9yQPZgN4sICXTHY5/cu/fcyU23f18ylmtKGuP59Ti/EFJ7snZEzqhRfvKZ91 +ScA+3hHB2DwpgpWsI1J5rYKMVTZx+LLtnMJjJvtKqUoife6oNzElzDHMMh8NuIRO +MFKrIjtLA+3lO8MPWd3+vvwkurfDHSUc0H6OAWzgglUAqSdCIjmT2buCfqM2Zqvs +Hg8UBwnCa4M7fqImkznq8hML8Prktw8doz1NRlCKDarWG8eTtympeFZjjKLdsoqA +N/bKSjP1Tk7FbMY9+qxJmnF1Eh0zlb4xa9N1B/YVP8BtMCnqOhV5rPY7NxbxE+Ql +gz/oacA0lzKwe9n2N6KTR/N8vnQVD/OH0WsfR+Yv94OFygFjEPHQsgm/vciVVMoe +0b+GFubge08UacsP5OJCEur5mx+oIQoLGEnGezdTKgHvufBCoVb/Mwv3NM5u/3QA +L1cmky4YY6QyaXRIKt4JDltgHRhxpKxmU70xCf2zwverP0H/hrt2nJ1RGdl7aZd/ +Vbj9z/sDK+zL2MaCpgIo/+mQXdVwhuS62FsYpucT4f7vPLP116XeusDDkPwdOv5Y +s7ar8lZpD1fmHDEuuxITAKlzTr2ma+vFODgcM6lPydgMEQuPy7OqbNMqRhpgcpiC +XDcdx/hpZUtyEnfcRe/LMCYJ2zTGoRmyojcyWk+cl83nvGIhCtR30EDSzce1Grq+ +BcOnYb/uweZ4bKU/TLEFKIVPBp2O5XNHPnPaYBJvW1m5hUML7tP4pqpnSY44+Tbg +5VJqbecgoopIb20k3VChUti6uh7aTkAgDyvth4TqdlOZ6AfhGFPM3a5J47YNV6Sy +imCcU7VzsQVfuC96neO/nBv3oIrBoJm+fSjsx65f418t5E9wEKoXU2UfoGOYd1Md +0pRVZyve+ZI9ooAnHCYccHSAvePtCCM1cr5skTzBm8xhJAtfl4e7i1i4tRA51HZT +8MqpExuCojWzg1sdwiGb46prm+kCFDCWgIiBYbfzTIXQXqeTy1Qcfyt6cLvklm/+ +HpQEWx1EVd0NGU6JFjtPwxGphQiYfmh9LsGB81Xb2iSxUapwEDygeAs9KwSmf5xQ +5VU4kZ+bzf3RiLJi4zuBxvh5mAXqoMFoIfM2eVpSzsHZx6OlUj8npD76wa6YlQW/ +wFv1fjQsJJu0KWVsKJfn9Rhuix8IjWg301xVf/SNLMD1HlBQOyFVDOxVmfEbWml2 +E92J7D1uyYtCMOuxjC/s24Fpve57i8d7TPtm6y0atX1dq5eizooGef0nkXgstAsB +bjMe7gZ1PLZpUQ5P2X8edGZCBnfmP5xj42fT9lQ0dSkUAPc21y8aNE3j1buxuP82 +YZXwext2VIfqOgkmCcOuu61CDccGcLe7gJ61sFKGtaFByzdgPy3wkPdaZ3ZIcbxS +xtIrN/zubmaKJwHdkwBJgGJMLZeVedhqifey9jBx84fzbTUzjdvKNpPdiVt93Mx+ +8vlol4ZpCESf2xZuQr4zvl2FJzTuaUqtroVM2msBcZvbkvziV1pygGKEz2AuMeqT +vhhIxYk13LpEL7h541j2QQD4kt3Dslde+E+5Sxbq1Ix5et3Qvwwzy5wVjZxaTgxa +U0antPFXOL0jREa64YwJf63P6tgSVn7M+6Ifin79IONiuk+W6VUPFMzKuuCr94PC +m2ihoe3Jt6aW4QbNZg+xPC4NySA55nDYUXI5awtm3PE9zlJ6C8OXTGq1KPZV+A21 +lkRqpRzo+x63/uYs8YNCP9am2tJ1WyZtCYDPRGhU5MHv2bID5qDFlDBLiZwscknz +Xajtw6wJpglnUevu29o1/mnvUKt/+V899TAPv3VnLYrQhpLEALXZN8kbxq8uq78E +RQLYsJlZ5S2QjDFAYW+biHf0/tQCCKmwNewQdPmC57KlDnog44SRysnifg== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/litellm-env.age b/secrets/litellm-env.age new file mode 100644 index 0000000..75786f5 --- /dev/null +++ b/secrets/litellm-env.age @@ -0,0 +1,20 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB0NW1T +c0J6ZEVnaTVlMUh3c21GMmJ2ZStHQnErU2s3WWlCWERwUmNEUTNRCkFNSDhMa3BT +MTBNNzBKRm9tdW5jWlVmbHF6bEpGSHZ3aTRob2I1YmpTYmsKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHpCcXhSeE1hMll3cGJkb1ZhOWl1ZXA4L0RRV1ZNN1Mxa09paGRP +YmliSG8KanJ1MTlDMExqdWgzVmVCTnFHeDBsNFRBdmtrTFJvcDhJdVp4Q0o5QkUv +dwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgNEVkYytqT05ZNjc3TFNKV1ZmS05zQkg2 +SmZlOTlVbzZObG5od3VDaGtEMAppSkdDMkZwUENDMzdDaGhHZ3FvUGhxREdiK3dk +MlU3a2VEOEU2NU5MMUdFCi0+IHNzaC1lZDI1NTE5IENTTXloZyBRR3l3MG0xa0Jz +U09rcWFIL2lEaCtvalVHVWtsclFNQ1BkM2lDN3grV2pZCll4dmp6SVJMSlJscjQx +WXFNMFRZYTMwa000aG8vWGx6TDd2QjM3ZEpmckUKLT4gMEAjLWdyZWFzZSBJWE5f +VXQKcjEzR0ZJeWJab2d4K3duN0owL01pQ1hpeHB3NXBzWFBYbWRtCi0tLSB4VnJx +TjFnQW1hc1U1emlJM1lIUncxejNzZUxwM0F1TG1zZUR2ZlIvUTdjCt0GcLJkRjMT +C21Y89R2ob0cX8Th656sXau8Q2O/va78XNMKuYw7tFvk6ZBd4xd82vuy0SSxM+3f +3JTpbP7oexYsFDf5rg0tYVQbNvDU/sSyGzsLwIhiKNuyVavl268ptVGtYk+/oLOX ++uogoOsBzcdRL9aUHAsWWwaaVx5wZrGHBlF6eAUlCY6JlN3Ofxt+wOAVq0I/xy9x +iT7CO+qnCNJwH6e6kYY8GH0wXTCLDNmSver1yNUhtjt/T2qWcckRzkzLpt3wXpfU +x38Sgisk0XBVbtHwRnZjWlZqCGLGk8nIg50EPKUfn73eNSDl6o3F4jT2RpWv+yLv +TR4LjHI8wqlWsyKbMbE+5wb8mcI3EQ== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/metabase-env.age b/secrets/metabase-env.age new file mode 100644 index 0000000..2227821 --- /dev/null +++ b/secrets/metabase-env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB0SVBW +L0g4M0o4NmlDb0lBd1cwV3pDVkR0M1ZVVy9uQUNIL0JRNmNIWWdBCng2NDU4cUxT +ODVlS21LNkhJUWRlQlUwYjA3QmhmN09QOTl4WW5heVFZbHMKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGo1MGlnQ2tRbWYxYmFBNHoxRWpRUGR0eWkxMUJPb3hjUFdRNmhK +TXkyMU0KVXY4Zmd1M0pxcW1jbEFORkl2S0xkREx2NmxxV01QTHo1S0JkcTBRVmJw +NAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgVFJUNlE5OVR5cXQvSHg2MjV6NDdsdXk2 +YUpQVnRMbXRHUG8zYkRLNmxHMApNbG9rQUdjRldRRWk1NFRPcnZ0ZjRWbHFCRCta +TG1neE9BWEllWThmOXgwCi0+IHNzaC1lZDI1NTE5IENTTXloZyAzZTIreGNTb29R +UHoyNlpOeVAzWmpkdVFFMmJ0cldIaFhnRXM2dGVUaUFrCmZiYXFCZ2h6S0piYnM0 +V2pBcDhYdWpJRTRxczJpMHNtb1ZKczJLajRDYU0KLT4gTjl5V0AtVi1ncmVhc2Ug +bj58L00qIEkgL0YldVpACjVzV2ErSUVPblVMK1UyamwyTldFQlZlTjBaeFEKLS0t +IGNQeTg4Rno0WE9HY0hjZk9kVDllM3JBYXdSeWtIUjhsUkliZThCdy9ObEEKwwAH +z3tGtuJPK3A17ix3VO+taqpfCj3gnmkqz/AvCc0QnUcWT4VYvq62bk7eJYG2YkNi +bW1uFgfi3+eBtbZ8IyP00NY2I9gaoQcT018sjSfJlAAjRg5I4FhDt52vklHUECWD +nV8gA1EZ6yYmcjaug82/esQ88riuEdhuS20K08/O7AczfMWmWR0gJCB4yJ/HQMy6 +ljgvGwYcfl5J54b4g+CNz+cib6tfv8Uv2A== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/n8n-db.age b/secrets/n8n-db.age new file mode 100644 index 0000000..cf96b7b --- /dev/null +++ b/secrets/n8n-db.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBOUzJp +WWFXRkx5Tnl0QUR4UkVna3dqL0RkUDc4L2FML2ZONW1xdk9wbTJBClBrMGhETUxX +V3hNcWNSYm9xcmtTdzFndkZXUFBFSHgxTWc3WnR4WG9yd3MKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFBHUlRUdTcyeHg5M29HZElJWVZUL1dUckZZUzJ1NWZBcnJCM3ZZ +cFBDQ1kKRm9hZEFwb2ZqciszVkZpbjlxeDRaVFN4WGh1Uk1uVTZjSUZHdVZlZTd4 +YwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgcHV3QmdPeWZPbmpOaVlkUElFbGVxNVZE +QVpZdUxzVzM3eDl3RVhoYmEyZwp5MkNxWDh1czhoNmVxWnNJdTNYeFlBV0VDYXNG +Z3V5ZDVuQ0Z2TlJRVmZJCi0+IHNzaC1lZDI1NTE5IENTTXloZyBrM1drcTA0YUdZ +WEx4S2xqRjlEN2s0enRTMVhIWEczTjgrY3VybjRTOURVCmEzQmVidTNwT2pJNE5Y +MjdKSmxrVisvcHREbnpiQnd5TFhWU3ZEYXVodDAKLT4gZlFLLWdyZWFzZSAjZyks +eSwgeFwKOWNUS1c2SkRVSlZ4Ci0tLSAyQ1FzV2htYmFJWFJHMXZSOEo2eHdWeWIx +eXNLZ1BwS1Z1WmFvLzhIL2ZVCiGw1Yk57rkI5NDZz9Vvz2K1+WlerYUOH/Bf6drc +bTQaToEAGH/KtwuLktMvmDyn +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/n8n-env-prm.age b/secrets/n8n-env-prm.age new file mode 100644 index 0000000..07aabcf --- /dev/null +++ b/secrets/n8n-env-prm.age @@ -0,0 +1,35 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBBbzlJ +U0xXd2RyeVJXblFzeis1NTUvTitCZmxlYVMxbWhKNTlwTEgvOFdzCjFEa3FjTm96 +TTdoWWIwV0lDZUcxbDJkQ2ZpK2t6aXJPNy9aZXQzbDkvYlkKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEU4OEt0RlhUZlRlUzNTMlRCSDUwUkhUbG8vZG9NSUJ1Q3JxVm5T +WU1FMTQKS0huejlvdkFJLytRcUw5dU9XdnkyZUR6WHl2TkFtd1FobGxZUGduRXZU +SQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZW9ZZllzOU1EdmQySHBiRWM1L1dzcjgw +L3JhWVB3dnVHSFlydEZwNFlnbwp4eWRuTWRCci92SGE5V1hJT3NQZ1lsWkpkU1R1 +cVJ4SjNLTUlONWNaMERzCi0+IHNzaC1lZDI1NTE5IENTTXloZyBSSis4MWhxR3JV +RGY4V0h0NUdYMDJzd0dqOFZzRnJ0RjZIbVYyYTNSWWlJClhhVWhiNzgrQlZQaDND +VTBMNlZKRFNsaSs1N3FsM0taRFVpZ01ha2l1alkKLT4gd3FhaWNcbV4tZ3JlYXNl +IDp0ZnAKZHlLcHJSOElYTEZFNmFxdDBQTU1XZnhTRXVDZiswanp3cnkzT0dzeSta +aFNTV0ZOUEpFYk1KYUVJSGU5NlV0SwpKUQotLS0gY011RXdUbmJrOTNzVmtNOUpJ +c01UOTl4OXZkLzBjTXl2NzNQNlNBT2ptRQp7QiUkXygzzq4vn+JyEikKiO5Tlp9H +QNYQGTLaWJpkY8afT04ux3/JiAKdkEpbQA8RPNbDlHc7YYQ04UMY3iKPnWTbZpLT +PaqTamseLzubX8vKdvJnD0QsEnuUxNSDu68FGW9MNDPrQDvM4A47hmHNX7bdFl1J +cE4oH0VAHdG1yg3lcTyaRYp+dfKIv2dpzpvnPLHB/IPdpaxFSn3YVerMXCMYelR5 +otSBUyqf2iY0NyEqkBDYCmNiD5tRCUuwteeMMmpvUbXpzmnpDj6U0QM/R6C7BQPB +/K8cKE23SgxamvkMqK/blgTNlUcO8/KAJrkSGqeQ37m2RrCgUVB53tVaInSFi4ds +K1PL/CmVGFTF7DCOSTsX7CzyivG+Ii0asonyVlsbURMVbf5WhWWUxBMMEvY2AMSC +l1lHij3Qbc39IHY70mezkIuU1jlGtTrb0pmoymWfSSpiCTYKKky69y1mxRB6m1Ir +kfwI0ykG6mbyHG7FfHkzwCYI+5qmbdGs6VcaK5aIiCCwz0fd/MW7z3TnKW8gikaY +hOHK5Pmse5B/JMY3lG96G6cbT3vm1YVDmutRp5lFMwX7TmiCiYBIyTdaVkekbNzg +iPryKQKTlpDNlmpGr63O4+id+fU5Qa/d6ja92D01PzweeSxRPe0Uh9Ps42oOlGzS +9k9sKuXFVaeG5TiJIcV6rukmYEuYWo/kaFRK4bq6lYhxxhQEAcxGyprC2CHkFYHl +5slXn+l2XYX0X/iltWkH9H8BW/g9rBfUnZgPYHdx0MypOzPH+S4inomdCNJYytZ1 +h5wu20m/pjxmc2yLSy/psTrwIDOft0b6NQjvVfU+74ZBV7rREcY5ymAFdioEAEyw +2QleXg9ihlkeg7GSgsvyPFgh/T1GysZdo8QatBbNOS/hiEidCiUpfyytHlf7ZM3V +nQmZDKt0HRs0pHfWwLAoT1yTp2pjr9BMSJ8KItR2L2pGo0EpgAGMG+p7ssbIt9VR +QhsIyYxDQyeKasxoyFogW28KnMySr4uKBHuYEk5ht6d7spv2u5y+/FxxhSZaHqgv +fvsqtFOuyHI8Exa9QsbyF3hp0JBmj1BWGYJGLZrjFm9TDQ/2y3bG9AJXuy4CDUgS +tFIIb1wAXJnd7ndomGDVr8kdcFlR65IKcZbTlzt/2hFxgxq7QQyVGyfAeqpNRp2U +512yBw98SKYxrcvV0nFxkUPzS1E0IEnxappsnaW+kN8XcdiAG+oOAM9PIoc/vQFc +1FNOvJhUTg5wCZFbfZkCbWWKP+hk4YhoFzw56m8pwlDwMQKkc9whKuCvXX5bSb0= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/n8n-env.age b/secrets/n8n-env.age new file mode 100644 index 0000000..93fd6bd --- /dev/null +++ b/secrets/n8n-env.age @@ -0,0 +1,36 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBhLzMr +K05GUnNuQndGa2JoSm5TT2ZpU3FOTTZ6aG9SdElHREVjQm5BRERRCjBwelhQTjBi +L1JXOXhSZ1BpNDhqdGRCV3dwNFFjbXdPSzNINXVFRU9ydzQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIDFFd0xzbDhEOUNxdDdudVFLeU1yM2VqR3RwOHZFM2VQMmpHNStS +b21NQ1kKdUtHQU5qUHlLd1ZwNWxpZ1Y2ZVN0NVZVdXlvVUkwdEdPbkdPU0UvcTB0 +MAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgbE1KaFR5TmFnb1BKb3lKek5DdVNjZVk4 +cmF4UjRpTDU4WFJVU21penlHMApUM0YwSnU0cVhVUS85ekpzT2Y1N3Q0Y1p6THZo +OE5hQWZYYVVEREg1a2d3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBRL2t4d0ZvNmxm +K2tDOS82WEZOZGxXa3RGdkZKSFliS0JzOEZiK3JqY0EwCm13N1VhMUIyK1VuZm5l +TjV5bDdLYXRDWGF6eDVOQ21zTTVLQ2hIem1vT3cKLT4gM18/Lnp8SS1ncmVhc2Ug +bmV+X24tbkogV3plb14KcEh4alk2V3U3ZitUZ3ZsTzJTbDdvb1VuM3JlL0FCZVl3 +bTNCSDdkOVJTWDZMSGNqM200eEd6OWg0TS9VRWhYSwpIYlVEY1FWeTR4b25zTDZp +Uk1NCi0tLSBqOGFrOEVmbTY0N3pCM0kzVExBcXdYam85WVpGZXZVUk1YMU9pSTdD +NjhBCmMGbE45ce2jAoYuG+L27X0LDsJxOrydZqA/lZ9I21J+9LTIpLIDiMlr/n7C +FNOW39bbaPudck8b0THImIsuu+ylzMSpt3CVXdZIzaB4hRKctLRv4zRL/UkbfMsl +mPFcdxNPkqmZsABgTui6b5suxdB5aWFx4EYcDIAjokZFuLXHrbIYOYNWEWBA3tVn +ji1n8aVPw1keln8qmzYJiL9bjGxq3KB7NJEhzGrqDVcn0koXpynSJxz+dlw6jmO4 +Nk+wych9gLOq6g9agDUXjpj4Q7l1cUmuAD+Xh5CPVJIV4xpjUDm+GCBLryFWcHdH +XC1MEnr/x5OuX0/XcPL7pRXvOjxAPgjSn/omisZtFNhBKzmNZZG2XLReyDJttXQ6 +QoNXp8DhoaPBFES6fi6NvYE2KpjSoTjHFRuJuslpmPGPC3yOSXpJlwlUI9wC6TTh +8rXYvb3mxT90KJK9SoKvSUFN5/63N15IzD8PFc1A5lP1MAL+pPUF3vX89mUGKB92 ++8uKs5RqhOFJSgYSqmdC10TUdg61WTsXlivbue6l54v+rfIKxaNAzxxFEvkYWIwP +Sl7tG7bwr+joqg2p4JnGc/nD4UU7zAwXIZGefmPMktpDple6JhsggvDy4FLebdpk +NTjTSsYCWTLymXcW+K+syibVc3jH6RFLW9n9rVmsVDHxSXFDOcPEdjEOS2RMOMdB +RdDJMfx330a6lXVjM1VhCotPnVQ9j51KjfIzsduXJ39xRremTGzEsbrY8a9dmVgO +T2++xCPnuH8oGqt77AozSLCUKfh2fKrUQRkuROwjRgBsx0KB2W6+lY3hNZzgvUq2 +VLlZSLQApl1tR+bZE+OOZFOYw6s4CjEfBToL5ovwVIZFirLVHog1iWdDN5qc8MPy +7Lr18UWWEFJ6ceaCZEaFLvOeNa36emIeqwReIkUG3IGlU6CMcbGsCpDVPKI2CKFB +WRCuYFckOKcmmvlcHxdg46c18uwAHkSwVV6wEWPrw68jPTyYaYu7UEy4p0wVYhcS +cOiGqb8Nkc+xkBwF7zyvkiDWx9yWSBwJHz6pLQJ2kg6W+IdIxEKgv/VrbpuzoyE9 +PJ4QVdz5/f4aGAmw/iSrIsl48gNoScUvxGZjrE0dqBj4yu+aEy7Xj8fST7XmyZgw +DRcOPowQD5hxdtkG63uesZvFSlNNfouoR4klRPoCkJBHNRrtIsmaPJiw+WZgr3hj +rf/MeswTbtwaFuCUM2AwrHCRTKqRenc5c9+jl7JNAB0sBnJhukumA4tK3v/8eXtK +y8wGLyS6WAgK0pptoY7ntcz7djhlyYg= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-auth-secret.age b/secrets/netbird-auth-secret.age new file mode 100644 index 0000000..d2b3e6e --- /dev/null +++ b/secrets/netbird-auth-secret.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBTN3lq +L3FlNGlnQUc4ZVkySzlpaG1lbTM5WlhvNDFBUDVrS1Y0Y284N3lFCmJXREpYd1Q0 +QkljSjRjRlVjV0NtU1RQN2d3bHcybzRsbi80clI5Zi9MYVEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFpWeEdJQlpFUVBiQmNSZGlydnQxbk94UmVvTWd2K2ZxQjQ0SllU +QXcyRVkKL0lmdzFGdDVQdWxBbmNFaGRsNW01N2ExaG5tK2dhVDdTM1hhdlFOb2FK +cwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZURGdjg1R2VJTnJqTlRYeWdVS2xnTUJp +TWp6R2ZjNkdwNElTeFJ1ZG8ySQp3UFltbExRb1EvYXdoMStqaTVFV0liNkJlYmow +bVhyRGRFbFFjdW4rUGpNCi0+IHNzaC1lZDI1NTE5IENTTXloZyBFTVhieW5TYTZz +OERHc2RYbFBoQnJIQlBTVmlXWnUwTjZsSTJBTjhndHkwCllSTjlHckxMZURtR1pq +RzF0blJRNmJXazNITFRTZXR1anBiUkhaWmcyYzAKLT4gK2UtZ3JlYXNlIHUnIEkg +Rgp6T09qb2FNWlNnNk9ESG1VakFaeUZpWGRabnR6Ci0tLSBNcmlHY1JSMkdzaUhx +cjlVNm1xdE9BVk5tTVFGamNQc3VYeXBMbmcxcFZ3Cpwa49J3NyyWv60TgFKXkXiY +vN8zmVgsbyD+WWGrTgkZz3GAhZbixmwT3AYlZrg0WSbOIFChi4awfCAnPd64NnYs +cWkoutlG6f2SMWVa +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-dashboard-env.age b/secrets/netbird-dashboard-env.age new file mode 100644 index 0000000..4e6d2aa --- /dev/null +++ b/secrets/netbird-dashboard-env.age @@ -0,0 +1,25 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBZNW5E +TkNEM0lrSkJGbWZER2pUbk5QN2FBOWduejU3Vjc2TU9lZ2dCcjNvCjBwWGNHVmNZ +eU4wWVk5YUNMWDdkMTVIdEZVYlBnLy9Zd2JGU0lZWUJGNGMKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIHdrZndQdFNLQjFkMUFBT1NyZkJqYWM1SEtrYTI2TUdtUVQxVFk4 +Uy93RDAKNHVLdnJLc0t5N25kd2kxZEg1WncxU2hrREdPM1I3anBkczhET2g3dXF6 +ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgOUVsajNrNkQ1RGdOeXdzdk9tNkZzUG1M +bUFSZFdmVy9iWFpnTzZjWncycwpma3dUK1BwOUVyMTFGM1R5YjByK1duZmlRWHBx +aHByeXlIK2dBY0JuVVBBCi0+IHNzaC1lZDI1NTE5IENTTXloZyBydzNidUlXZEU3 +R0NPc2FmeVhmSUhaNXlPdW9FUnpaam81dkRSamxsYjFFCnRMSlY4Y1Q4eUxWOFY0 +dnZZQVhrRFFTRll6U2hvRG5FenROWUtUMmMya0UKLT4gZ346RS1ncmVhc2UgIzpS +dSVPIGFgcDoKKzA2K091SERpQ0ZPNVFRVEl3SkoxUFFDbnFLdmNrS1NzRXVGTUJr +T2NWbnQwRW51cXcKLS0tIGtBQm1zNGhINk9pMXVMajFBNUFlM0pNNEpKSi9WUjEw +QmJxN0xONk0ycjgK/rP65jS9PAVr7E1IFR4+vOiP2qp1lYKBWQopIchhb0EFq45k +XjTUoQFq8x+lob74gj4LxnE3jGuyxbyxR6BbfjwyGKizO9q+M9a4XH4HbDxeAvTJ +RNCUH0w2XyJgSM6aEJT6Mb6iNJRXRephhyzR2fYyrzdQ968yLZNkYybrezyv4gYB +EfEBvRd6bfmxxPPcRmK3rJeOWd0naphR2u4K0KJDtaTjArD32WBsAimCyoEGqlSp +7lJVr4yFovCYEYjPozkLzc/f9coV/LKG31Yf5QW87V/HbPO9EHcq4MdbvKvi4xA5 +qFuVDeX64bFq2ATm7n1kWlnAKut+xhYK0wBNSu3ewsuIlWyrytVKOAestiDlFGSP +iet2nYj8rVKv1ZNx6rvUAZm1C59MOQzGDdRkWfAhyL3/5K6WwLFSytubX+CmHduB +8VqFEt9LGtAW2PeSmCNmlJR5D2LNJmrzLshEJVkuAs088CKbRv3cc5GVGIEf9BHG +H6lWAO7Dp3ijdiOHr4JdFQna9jqsjBhOFaMprt/lI47kETCLvDpnUlc/Jm8X/nOK +NrhU9YyRvx2QZNXZCWQ5cW/6XwXi7QEx/ln3ezh4Mv//ZHAHmJrI2dDs2D6a0BQq +t6VlZFj0eGXqfRoZqpPH6hxCQLmhlVI+vXnwglBGk4hQPd1i2A== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-db-password.age b/secrets/netbird-db-password.age new file mode 100644 index 0000000..f6edce2 --- /dev/null +++ b/secrets/netbird-db-password.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyA1UHBB +ZCtta1llMERjQ3pWWnJZWk9sbDYzbE1qTlJ3RGRMNkN5eTI2MlhZCkUzVDl2ZkJD +UnRaenQydFZvcHJicjlXc2N1cVJRL0VqeGlabFRMckVsUFkKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEw1NWJPalpaSFdqTE9QYXh0TWV4eG9ydGZ3a1VIMTliTzFNVGNy +K0YyQWMKTFlCcndISDFQT2RPWHVNREYxRFJnL1IxRXFVWGxSdzNYVS9wczFGZ3pm +NAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgRllZbkhLb2Nrcm1QcitSVE8xZkNnSHhj +eUFrY0E2RGRqWk4vTXZzdWZFcwp1T0w0TFJiRmVaNWhYVDBFakFuQllqSGUwN3Mw +NUhydWNkWXV4M0pURnh3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBOVzZqNHIxR25B +TUYvdkdjMSs0ckdrWHk1NkdjeGlTTy9mVFZPTXhTVWdnCkpPSExkZHdNVFRUaVgr +NVZpeDRrTGcvY2xwMHROa3d4d3VGVHBUZTErR28KLT4gISJsWG5xLWdyZWFzZSBH +TXgxIFxyKCcKUGxuZTVCNll3aVFSbU9XVzRhOHZjWXBBVnE0a3hHbk5MY0J0RlFl +dm9hT1VsOWdjM21tdEZGZGtKdE1YSmt0aApNMzBaTkZxQ3pPUW1HMDgKLS0tIHMv +Q1dZczNWWEpnb08wdU5yOHZCZWZxYnB5RHQvc1BMVVBocklIZkdpTjAKFU29fabQ +zrltjK2cFcSdV9f/LLq+/Hm/0HW2Op11Vs/Btg5NK/yS+AW5+AnAp3s= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-encryption-key.age b/secrets/netbird-encryption-key.age new file mode 100644 index 0000000..a106f26 --- /dev/null +++ b/secrets/netbird-encryption-key.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyA3anBt +VEN6R21MenhIZm00MklYS2dNaHFYYWhTQmFHSk5BMHFLbzQvWjJVCkNKaUxrdi96 +M3VVV3k4dmRHd3BjMm02bUVDUFl4bmE1R0hKVXJ4Q1YydncKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGU3QTFQS0VsYmpGSFlUNjhNTlA1TkJHY0wwNXhCenhwdmg2WjJu +dTk4eDQKL3FLL1gyOUJ1TjhGaFBLNGZFZXpHdzBZdUcyTHBDSkpxQWtHai9uUFRz +MAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgOWdNbXBGcTZ6eVdXZUw2ZkZIM0xZanhi +MHIyZTA2aU1YQkdaL2IvUDBUVQpvSElFNWFKSXN4UzZWZkt2WlhtK1NYcFJHYTFq +NzZHRTVwWitPOUdWNURNCi0+IHNzaC1lZDI1NTE5IENTTXloZyBCMzVxczU0RFJE +SmhlS3h4OXRTWityMkp4SnhMN1NYdm9tYzRtUjhBVms0Ci9sMWtTYzgrblZPMUlJ +dG4reitkdTJlU1FFUExrQWNpbk9ITzFkdnhaZkkKLT4gJC1ncmVhc2UgeyFhIFUg +eUwueTEiQy4gN2hLPmIKRFB6cG83R0dBOXZkeFF6SmN1QW9zdHVoCi0tLSArcGtW +M1l6MlRyYlVUOFdqOUd0NTFWckE3b1YyQkdvZ1BYSDZ5S1BpVDh3Crt0Cq8Rs/JG +ocaVzmIsjZRfvk/Z0RYzSOtrdN9aLEn/XZ88qghD8poRMicQaxm3Jxpt6mhMPS7N +FBhRO1mDN3hdyfTh6Wr1eM4tfh0y +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-proxy-env.age b/secrets/netbird-proxy-env.age new file mode 100644 index 0000000..8709cf8 --- /dev/null +++ b/secrets/netbird-proxy-env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB6Qkh2 +eENEdjVZMjFRbHA4UGplU2FObkg4ZHBCOWkwTXBsKy9ways0aFdVCkhqYXBaTDRY +NS9KY1FKcjV6SlZjbFhCV2p4Y3ZXVWdFZy9FR2FzNVlBR28KLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIENMTVJCdkpQZ25LSC9nU1dqK1Z2WnpHZ0tSZ25lT0tKVDNqeEow +UmJHQmsKL3NaN01sRDhqbE00cTJIOTIwVTgzeUZtbkt4Zi9iLzIvblFENFcyblNC +ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgeUIweTlXY2J4MzR6YnVmMXoxQ1piNlcv +Lzd5MUlTQUljeTBQc0hJbzlUcwpYQlhMcG5uNCtKcmZEc1FyeHJONVp1N3NLZ085 +N1NIK05iV21kdXZUZVMwCi0+IHNzaC1lZDI1NTE5IENTTXloZyBRaDdQOERuZnR3 +eXlkSmZwUlpOVmJLSnUwSzZyS0ZMYmtKdFk3RWt2TkM4CkJxMUVrcHVMcXlES2d3 +VlhnRUtLRGpiMmNhRVdSbklValNmemZwS05hY1UKLT4gMHY0RVo0Jy1ncmVhc2Ug +XitpLSBFSkluR3YgLTBHfVY0dXMgcUkKTzh2RzJjck9vaURXUnlCdzVQelB3RTEy +aU9OaEowL1JPOFhoWEo4MCtPdkJOaXJnTXdjdW5OMVMKLS0tIFM1U0YwcjEyejlK +L3R0NlFVR2o4SUg3cVp0VGJHSGNMSXZiZzZjdXYyM2sKP4P1QxABPu65mR1VQeym +poM/S0TLXiOffDZnRgu3lg/sZ6oWPNiUC9h4e58ZGPo7spMTFfU6OpdZ1sU98OFM +VebDFdBbWRrthaAYklbAa236hXLVkxPDWT4E6iaid8Sys9xBNrDhDJ+XYWeMX4FA +4NF2/payDqijP3ZtHPDXrDEJRHnhX6yzLIxDBPIm6af9 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/netbird-server-env.age b/secrets/netbird-server-env.age new file mode 100644 index 0000000..0a9652a --- /dev/null +++ b/secrets/netbird-server-env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB4QmJM +R0wzRnBEUUdKMEpnMEZ4Y3hDS3FHbzVCSUpIeVJ6a21xd0ZrRzJVClVma2RBK1hV +djZTVWx2TDdkWmFWMzlKN01yTmgrbnRuYmF3cjA5VXZDakkKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEU1Rm9Kam8zZFZaT0pQSXJ0VzV4NWdSUytZVnhGMEV3a3NweTRs +Zk4vR0kKZ0FldCtML0o3b2J4Zm9xMWtzTHMvTEhMQjd3SENXSWNEVFBHTmxnMFpo +ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZG1OTTVza0VkVDRuR3Y5K1czZnJScTg3 +NDN3WTVoVXFsTkI5N2ZkK3B5OApQbUtiYWZycW5pN2pzcitQN1F0eXZmUk5Ua29p +aUVoOHpRUGRXUjBTVWV3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBsa0lzelhFaU1w +MzBjUHVub1g5cmZJNzZTSElMSUU1VHJWNTA0TEg0R0RjCmlyYmduTnRmK0tQbDNx +YndaVzQ0bmwvSTF4QTJlNnJ4ckowT2pRd09rYnMKLT4gen1BLWdyZWFzZSBWSSFS +bTAgTkBqCnpPakZESmg0WnBTR3ZPaXh2MXpHR1VvQ3M5OGJ0QUVlWjdrcFRjNWlP +UFMrd0Q4RUdET2QyaE9SeEdKV0gvK2IKUWZDNmVSNExaQQotLS0gV0txT1RnNVFK +K0FuSGU4VVBtRzVaY05XSzQ2KzNrZkx2eEpjV05WU3Z1bwoYtiMOoy3cJVJ+zRC1 +HQpg0VrPumvAgU96Ql5BOHeQewJGWPLehNlQcdd6MMsmbAqHgr9HO8OV1Q2VL3U0 +h7y0stLCoKXaMwsFBCL+HBvRtEG+/b7r0nW9IRYmhMZ8l2/yTjZQ2hupVAor+FEF +LXeQe0+QaQrXlWgbzJsmOpG2i/LyVnTQ29el +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/outline-env.age b/secrets/outline-env.age new file mode 100644 index 0000000..00dca33 --- /dev/null +++ b/secrets/outline-env.age @@ -0,0 +1,21 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBFV3NC +NWV3bmw3bHZaUlVHdC9GekJSazJIUVVOb2xlY091emloT1JTblVNCmo5Y3BmZnlC +TkFzaDBUSUNuVjAwaWV3UVhJdkorbllLR3lyaFRrTlhvY2sKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEtvRHdHV1UxZDI0L0xQODdaR1l4dkVYcHBzM09ReDVXckdDQVV5 +ekdWSHMKWVBYOU92Z29ZSnZ6WElNdzMrOUpyRFFEaHRPZE40NXF0VGFCOUY5bUp3 +UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgQlROOFE1VFoxaHY1NDRhTCsrOTZJTGt1 +TUlQKzR1LzZwb2hLamVtZHpWTQo2cUNnR2xJaXgzR25HcHRPWlRrb1ZmUlhwbWJv +TkJLRGg5SUpLZk1ZQzBZCi0+IHNzaC1lZDI1NTE5IENTTXloZyBlKzZ4MEZyNnk2 +aVJIRjdOYXB0WTBITFVYM29tUTV1aXlyRFRQWTdsODNNCm8veUJEVW9ZU0JWRTFJ +WHNJbVJtOHB1MFJNUkhUU2krTXRWUjM0Zi9zMkUKLT4gfTwtZ3JlYXNlIER9Cnho +N1FlWGpKUGN5enZrNU93ZDJ3cUNrWW9NUjVBOFJUCi0tLSBod0pwaEJnQ05iSnE3 +aGVqSnllMEpOcHgzd2wrNWl2Z1BHT1ZJNVozemh3CovsqvKiGIKS3b17xCLpmp8w +Pd55k0Qgovl1EHbcFjrdKmcDvFjmOaQlNOl1zfqxb88u9AkPtpNZzdxOa0E+YdM/ +keofxFjI7sXerNEV64QZY2yle6odUpzq9CRS8SVdTFcibvCsKWiJbWYVZNWH5kah +iyfnmjnFiWQCZCbkpImw4qSALE6NQw+uM99qv4dG0wm4VZ2t042WAsPuiFGfg9Z4 +bvuq/1PAxiTMxUpnddNFhTBR7/3aAb6uzbLOMCANVDPtnyTRANapCoS+2MY/7TGz +lzf2157ekRefOYc4wzZKZJZuqDBO2D2XO5LZx55NbLWIBfOvKnAFSrgfEF80D4/I +gpWiQrhoeBL8gJCo9XoSvuHqsXiE7JFAj7OSSzkSAVraoLyfdU7J5iLmEYrnoBwn +ld/EZIdIY4XO/FH/XkpBQ71Wt08f0LPtowUXEeRc5D9FkTOdLjoX7DGEl3Q5ww== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/outline-key.age b/secrets/outline-key.age new file mode 100644 index 0000000..314d6b8 --- /dev/null +++ b/secrets/outline-key.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBNaW4v +L1hjc1FtN25BYVpEMFpaSVlwcko4UkZ1N081QXJrWTZsb1NyeWdVClg4SzdTMTlY +T05xQUk2VmJoMDFzRmxwajdmYmloRThRY0ZsbVZENU4yYXcKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGdyVlhuQk4rb2hJUTQ0NGg1clF1ckpMM0NmMnpOQmxnNlJRb1kx +OWtWMzgKMmZiOW9KMUUrSTdJRVdZVkxERXBXb2lPM2htM0syUVlvM0s5WDBqSnJE +awotPiBzc2gtZWQyNTUxOSBsR3FWWmcgY2QrR20xcmdGczBucWg1MXBOVjdhclFa +eGkyVjRwSGxMTjdJUEFDL0FUZwp0OEVKaVFqVm9YK3p4U1BlUmxTTmhLT3RVYVZk +eEtpU1VkT3RvZEw4WEZjCi0+IHNzaC1lZDI1NTE5IENTTXloZyB5M1lqYnJ0Vzdy +R0JsUlJWQjBpUmZtcVV6cFViNDZVZTBTMzRFbGVwNWpFCkJIcmFiT1lDN2xmNUdh +UFh4TTlhcUI1KzQ4MHdXSjBIN1RwbzV1MEtlejAKLT4gIi1ncmVhc2UgUistNiAp +c1JKRSYuVyA3WEFSZHMgQj1eYwpscGpWSHBVT08xdUJ0WHd6dUJ2OVpSam9VK29T +NG5lMXJBQXN1MzdLTnlTUmdreDFteVk1Q0tWU1dXaDRSQmlmCnh1QWJWelhFaGFF +UHJaRWFaUER3RW1IQnhQbzNZNU5jMXFUSG9IVjlSaUM5blE0K1IvK3MyUlhyOEFD +UmU1ZwotLS0gUS9UMGMrSkp1eHE1ZXdvK2NuS1VuRWVJcjcrTUVxYWdtT0xsM1ht +NGwzMAp+/8ljDP/BuXO0W79ytfqeShojmbsE3+myF0wWp+aHmRUBdV/99qAzKaOM +oKAxwVXtsAOlFESNk/Onrr2q0gO/KSMHlE/WCHyc+oQ8HWk= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/pgadmin-pw.age b/secrets/pgadmin-pw.age new file mode 100644 index 0000000..ddab29c --- /dev/null +++ b/secrets/pgadmin-pw.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBLNnNn +TVNDbFp1WWVHS0J1YVJtZVpYSkdmQmRsdVl6QklJSjgwMXJPT1ZVCllvRHdIc1Na +Z1VqN1dISVY4MlNWcURmWEJiTjN3Q0hHT0YrSlAyMFd0YWMKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGJ1V3o5bkFRbHlxTE45OEhjejEwR05PTzhtS1RDVCt0bG1MbVdh +Rm1zaWcKZjl4aUJpdXdGNGQvc3llNkVwTHdxZ0hYRlpqd29iSS9SMlBNNHFQRlk0 +UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgYVhmajRITVo3RHd3WVNhejRZcDA5UlNj +UzBrMURzQ0dkNmEwL3BNejJGUQo3MnZDczVCMjhCMm1JL0I1SjMxQ1dlVjFuTGdJ +Qk0xcEk1WTZvWjZWbFRrCi0+IHNzaC1lZDI1NTE5IENTTXloZyA1amRvUFFHNDFq +YlB3MktrMEJwdjYweXRYL2JvNURhMFBoWWFTL2IwZlVnCkVTV0c1MytnRTRwWUZ6 +cUNYRGhpVnJYTUczRzcvdTZrVVgxRG5CZWI1OHMKLT4gcy8wPS1ncmVhc2UgVGJf +dmd4WSB3YiFECkg4UkN2N3QySXY4YzlUWXJ1S3o5Z0lHRzM5dkc1S0UxczVmSk1S +VkZWeFpHcWt3ck9SbXAzL0RnY0sxYzRqWEEKanVzbjRONlJzMDJZYmpSQXRsc1lI +eGNLRDF2ald0akdpUzVRMENtdlMvSG0KLS0tIGFGUFUvNUZzRUw0NEF4TUgzT2xG +YldCNzBWSUNIUjZROHgweFlrS0U2OFEKZ77eC2qmlp7GA4idRyw3Czky/xuEN33d +iIFQUU99qo0sWlnm8WE6AH+F+oIu+4ik0wWAOF0g +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/ref-key.age b/secrets/ref-key.age new file mode 100644 index 0000000..a1813e3 --- /dev/null +++ b/secrets/ref-key.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBaT0Mx +MVdUU3BsakFkR05Mc0NObG5OejhqVTNGS2FpZU9objhITWFDaUhFCm9remwrUlZs +VnNjYllXNFlDWnJmYzl2VWFQaEpEcjZJYVd2WmlRL0h0NDQKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGNPc1FzMnNFalhHbmV4eDkrR1N6WmlJMUtlUTZBOE5jMU5iUE9t +cUNZVHcKY2JhbmVQRWdjdHUyaWsxdUdHN0VCcW9pcWlJa3VLMWZyWDZ2M1RDNjhv +NAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgQm5TVkhSWFFNVzBNVElTRDVVakpaZ1RP +NGQrREV2eldjTkRKQ2tPd1VYSQpPNjErbmovUTYzZ3VSOStVUSsvNXhmRFhNS0FT +bkZEUFp0NXNoWDQvQTVRCi0+IHNzaC1lZDI1NTE5IENTTXloZyA0dlRDYWQxQWZo +eW00NEtmTUNTeVVFQ2psMmV0b2h5VGI1bldNK0NVU0EwCjFjMmR5VWZXcG9UUFBv +Z2Y1eTdvM2tvNHRoSW9hNnJzQytXTFd5M0lNZUkKLT4gbSctZ3JlYXNlIGJfLi4g +SkB9USE4J0IKUE9nNFgwdkpnYjhNYi9ERW1ONUpZaVE2YUVYUUJ6TmljNWtDdG9x +NEl5MXhIb2FLWHY3Wm5KOXdGRXhhV0E1eQpvU25BNnUzbQotLS0gdEdjd1orKyty +MnNuaFduVTJWdTU4WHBtWVZJcHZQMzhUUkdhKzNLTEVVMAqjeXkWDCOkjkDx1h/s +YvIT2+Hp0ovVICvcvtWDR+ANKqn/fcHSf4cj8Gjx0bUgNtdPSk/q4tCq61U= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/server.crt.age b/secrets/server.crt.age new file mode 100644 index 0000000..1313ca6 --- /dev/null +++ b/secrets/server.crt.age @@ -0,0 +1,53 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBxcGkr +bmpoNGVOR1IybjRCNlF1dk5iVjByM0lHS3JGNU93K003d0hMdWhrClIxZ3FqaVlK +MDh0UEdHQ2lGbktNODkxMExrdFNWZ3ZlNGNKUHp5TVFlMjAKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGFPT05CQzEwaHZKQWdPVkgvZDlpc3AzVW5XM1hJd0ZWT0RXb0RI +clRMakEKNGphYUg3Z00rZXQzVUlvbm8wb25Oc3YwWExBTWdYU284cU9IYUpVZ3VP +OAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgK2VSYytURExtOHJhMDAzakdVYTV2Q01P +QWNYRE5XTVcwODBpZmRDeWEyVQpSckRTS0NBaUpTU1RCcTJVdmwxekNzcTB6TzZs +U2hUeTFUc3kvSW9pcXdRCi0+IHNzaC1lZDI1NTE5IENTTXloZyBPSEhSU05ac1h4 +WHVWUk01U3NJV2ZHK0h6VlJHeFo2a1MzNVNRcG1wNWgwCks0UFBiWHE2SEV3MjB2 +Vks1TFQzbDJzWTlxUXh4bHF1RkpmR0poT3MvZGMKLT4gbTI5LS1ncmVhc2UgdSBr +Q2ogJVUjektuIG44NApwWXcKLS0tIEQvZ3ViKzdWN3YxVDRxaC9OKzBUT3FNck5r +akJlRzBwMFY3eUhzMlpiM0EKx1a4jRv5B/jeVRuGyTy1ALemEBaQRms+s3x2TNuD +Abg9qjy6cEljUFh21/k2jEKKplcXRb4wZCtfu7SFca0fHpfjqmv8AzG1JzqWBrDi +xVTUjHeld3YNm9xqdFVB7gWbRasu4SZ0MJK+mxkBgQLosfQHh19HYmn5ItaiF9+Q +5r2uuntW29nVO2c7eCGa//aAk7dAjNxZ+KCqiaPzMg/JhQgIP6Owyd8H6tBKVKR5 +dlKJv/lttl8F8A9nHyOueRMxR63vROgR/fK0vKRezbzaoXpWd/Ojl63YH1k9+v7a +Ys9OxeHKWpF2OhBue9h0rBkXmBsZIMmiPVlZ7MZc8gLBc/3YA1cHA7wgNwIzYUO2 +ttyCw6XBL5rv69tdoZUKuj+K87C3+IyILKHhSriFDtmDS1Oa4niXmKpoFru7zMeT +8y2GFT3FDqqLbKdTjKWpkLA+LtMurOcDTj5kd5HM3W6nlYfcKbyYjC61NrT9d04X +XbUFDkTo8nv41e1HVqtGxX79W0hsXCjK5CWD7IF/EIiCipnBguVbKMJ7MKPlKSry +K1O/a+zS2lU4IT5ZrinW2H0tZOcXXBsvBdqJXyFlfAUH43IyysXwxJ31SMWBLsha +JDCPiQX5uRRyX4kZXJB1Jf7mF9ooQ1wn0/xPr93mtE7rA6GSqa2kjX7G/9KeEkN3 +IrGkVBLouVL5vB+sXo3o0dV+xOTXmYFpgwvIUqhbwyZqeZMlHpZdY4/DJSXqy1MP +XD9fYeIKvSQnEroIyhlELrMYsHbPwiuhqtVMjGl3+beKfOMr7IlN8W36lay7q0D/ +L7aAQY0sw4yTa1z+Rje8wOHXrsaadPmkZt6AdE/5Ah0sVedHikKGjlY7txXoIlG3 +g4I3s75R0cBzDZyfQU2l3Nn4uHHcNLLEgyeSgQ1FV8uGxS1rblq9HBEzzl7Vx/iD +EK1zFdeYrKZA3pVTpjyqjSpzG2lkTQf55akdbW6tShvBEdUnb89LxcVbICCTT43C +9Q6STQPXw1jKvEh1rt7c1kyaZJlEbdA8KU9TorbbQLh/PCFtFAdAd0GEsDj+Bkz8 +D0J7nJ5u6UVyrdA9dI5hwDEZCNq+i7iq78k+D2xKeXL2+CJ/wKD6tyxxJNrQBTAp +qacm8t1MMGobeeuZbKFHmFWgl9WEXFJRVjC39wCIw5njebj94TTmvNtbS++a0XwD +m7y2xDC56/hyAzxzRDBmdavkpJ/RFvSkNI/r7XTkV5kgShiBNq7Izm0RT+n9gr67 +I5EwLveCTBT80Ct3jkkA8KXS457+wPNYFS/wMYL3KOJcgh5XwWNvU6e+wqEV0nU2 +97Vq08995qudghlaZaDCMH5a3uv5AavobrgCWT8H7/lCou20PVnwgDnQI596g6a2 +M4vy3b/rHtAR4eDeFHew1DUcNXcGuW2Tw2FXi3Qsmste7+PylB0Du3ErWTiwYrM6 +WDviyBD2C39MXhxk0SmPBYUkfkV8Ff31zIEWtI7c0Mt8vgCS7OxJsC5cyIKnErej +fZg8mWM5Jr6rYIuB4wo8E8AcXlzwSh13UqOVzyr0ohpQ9Lz7xeYNhtN0pF3eVj2X +gEq5vvGDh5drJdi3+qUAU9tU6sI005dh/7hkWnbTnbQ+lViEUSqrDxngo9+vh5Xi +mxprrn6ZGq0e/v9jU1jEUifwDR847daSKLGBJNgyt8zgezkhG1cSI8YtRPI5EyKq +X8MaUTT+vNYm4pvEa6LlnVnVI3hoCSvQxJCJ/AuNVHSS5eAFnc8zEqElVDMP/RW7 +pPEXVEHZ3YX8SXhkxAL4FOGRKom8xs+UG1W4X8mM4rsZ79yipSw6A7R9zhXQ+omw +wrM55bt8VbW9/OT5WKL/tR2ZvaEpDZ04lBu2ANaqq3X84zshVHhIAj7wy9OiSocE +OkZzzhqWzJT8+MnlP8d7EVev1mZT5E2LKGxrkBvZwXH0MeUR9tkFVVEsU5Oa88XY +9aIiYMFTG4xIQGgcO3KwTX5OL5LiaPIz/Kgx76fmx6CiOB1jufeihQ6e1k8o0iIT +TY7A9fYJq6LpOXJpf2A5KfQm1eJdbFgQIu0m6E//guBnHaymyw0emb4KgfW4lSOd +VF15GBbSkibyr1c9P1ZkXrME3xTx2EDCjHpAESM8IWm0Gl1fY4nBwd0U9FaJAPUM +mDhTnOAyNDeLWSpezEQGdvflTwyx5IL2XW5VQ9rtEutWmYUxUpGZF+nRS+FASwwk +9utIgHK7HNpuyjoN0WxWPBWU5eW4xZbdeanGGqB4LJhTDn65TfjTYoOjiIYlKXMM +t2gdjnKVmjXnYUyIDIwmXAo+M+78QFRSI5FNbn8XLkoRDNoeoHsrNKfmAMU3PN0P +iUlVAkLWz5gjSe1M/h/QK13s4wkxIE7Lr4lT/v0a4/KpHPnN597KLshgPE9USjxz +rAq0pqPUoTR0vq6/43yTe6l7d+nfAlAM787vTTL8obSkgVJzD3vUdaeaRWBN9YMX +CMVomA== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/server.key.age b/secrets/server.key.age new file mode 100644 index 0000000..3511c48 --- /dev/null +++ b/secrets/server.key.age @@ -0,0 +1,83 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBMTUR5 +bFVQRzZpYXpsd3Z6emY3bDBnTXZPYjUvMFVSWlRYaXBuWTNGWEFzCk5nKzhzZDh2 +YitvUWVsbnFZZ2tBMnV2T3RqUXR3UGVycDc2SXlmUXExcjAKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGxaT1gvcS9uZWZmTGlQKzVjbGlDZ0kxckhVZVhFOVVpckRqdjBz +WEZzV3cKT05RYnVwY1QyWE55K0I4RGxQVFZaczVVWkxBV1VsVzFzQVBXOU82OFgv +VQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgTG5hNktnNXlGUUpuNGFPQjAyNHdTdzZE +V3M2VTNJQXRtbmN5Q0NQOFAzYwpuVmtjR3dNQU9td3ZQM09SRlo4czhjcVVSTFJY +WHNudzkzcVRTVVlxYjlnCi0+IHNzaC1lZDI1NTE5IENTTXloZyBqRVJXazI4dUEw +UG84bUwvUVpRMXl2YUozUnJyRjFvc0VaWEU4VkdBNWt3Cml1L1ZXdWVFM3VXMjFT +ak9sQWVBZE1wL3BaM1NLL0Zzelg0c1Mxd2xmeXcKLT4gVHItZ3JlYXNlIDNjdzZA +cC9+IE5JCk00ZjFTa2JNRkV4c1A5QjE1SDJDRi9YbzBhMzBiY3RrRVEKLS0tIGtP +a25JRmMycHR4aVhIdnZWVUFKeWE0R3dza0dtSWZadkk4NnROZEJ2b3MK/bcPydJe +F8igxyn5G35RIxnurUh27uRHG3vvAUUv7eOIdtdjCP4oEy9yMmCGhTIcPdud4roA +ChpKOEnFzbjXp7VqiNsFYMPwA8In96gSAjxF2a555geICnYN1XioqgYPefOKCFlb +p5jigZ170etOUY4ZptG6jXeZaBsvWxyv3ZxOkBBOyTPAMbPV+qnceQJFFcJaZDx9 +yMMXWFRsvvma1N3TMVxj6ELWbhFsxYzrc+aWA9TlZuT43ojRMb+D31jD0IvoEm56 +rwDyMFuLZpMYPsQM4UIpKA3KpeIwWv0Z9gNIkEp+zGQLmXCw/is8Q/lSQpzguhGQ ++45ULPkDFMyZus/gwqTEvxwX+NJPJW3lNxnImJpqKLvqeY932wfjfCNdaSvoqcVP +M22LRPUoHI9q3p2aoxTC7ExMIcgrm8tkAXkGCb4GvxWtxttHtjhvYuHgqFYL9rwf +h+R4U4/qg1ANcjZ0PPEwSJyqb1Z516pXww8KLFpyvRV9/yM4fcb5hgPNP7Wfuh7t +iNVrvBwguseYBtxF3PGDr+wX9IP56gcR2ydBkKZKc62yBRGuvDX1QRNBA2nDRscb +6SmBDi4QaqY6B9jGisTPS7XUpdRyz1oOIegcIX3cAjTtQ1Zn0Q6cZGxvOTARi9wN +DYmupAhbVEXNIQImvyvV/Apch6mO+xFwReOeR1fOBUO+SsqUR9pdAn+x67WyBEXu +oDtVYKqDzcgR6yzgbDtQQnrs1glCfDz3fkHBhjHv2cnoSnYlGBOmTYCYdn3ICjhf +bvXgrQIHOP+09UNevh/Qd590nt9Ky0H+AXw8T3ujQBuRtUDzSKnAj2hsKg63w6uS +TqbQKHB+qWvvPRlE3zps8iM79wj27S0t3llhWGDCXLY7dSe27QyKMwO85Z5xC14K +qi7IiRVRuujXZUdBshHQQhI9zkwaNmCHJfpbGaQ4xdjW2Oo9Xk7+B7stQjolLaBg +IAPpKIxH51YA5ZOouIf0djAo7hTSnknN6tP4xIeMN5+eeRS/fE1q84GT0sKvwqpq +O5OCcgqw2FuMsLxTQqdZRk9ug3YlxcPdNSAVTPazS3P0kbbibhXRq/DOrdlwLl2C +2XGNAWr22kZ5xa8ACvy56s5S+W4byD+TpDYc0biU+kM4CrOzTVx3ftn1+WVQHbjM +ovDZBCHkk6V6Cj2erjnI7keTo70oszcuz3aDAAAJ4Pd9pp6NR+aGfH/wUUiPsw65 +Sct9z/xa9SOoCvk7U6L/zs7Q/tIDtE9QhMBa7zu/TmcDRCAEPAZGvoGrbMYuQl5d +LNDvLgzfnVCQC5MfGMrwNqP7i+XYw9knS/T1r9atByqmM/jIlQFrdOVohrmZFrIJ +By5jFIbPp80vS0oF42XUUKbnL0SvV/jGHAiGBAXlFTJFkWT3BsDHxYQP+YMuENFz +cd2rGVXoFqu3L6HDpEAEf7MGNSpAcb1t7AZWsV7a3bp9RNTorZhcC+l7jLLRxAv5 +FRi2guc+Oh7lurQPklDlnn/Ab8X52MtO3L9GK/hBkauLc4HwLWNKcjZNjkY1aZ9J +it3cRkGVEYbVQC9zK5rT1SEm1FBRXg0vsGDn7INYdFZFzAwarAzPi+tVrNnMC+19 +EsE30zS1pPKNhpyKqSgArog8kuU+76Ed7PsgXASXYJ5QWNy/3yn8JTfZoj9yKiCf +/ymFXbUFfkjzMB5qozpGPhzbiGsLfNaTG+rWdbkuuBUa3i6emgI1glDtttg1bkv2 +6rxTz+ZlJE+h8FckhK57OnM059IRrMRhB51jVTsWrUat5vIefvh18+0g9y0Gi7EO +4uCNOuQva0Jr5KTnHcFUHn+VuljmRwcRSnCx3H2QOeLjGkgwHFre1ohHL+WQXJWy +tZ+q6JHZk1lO+tIlWJo04hhb3xX9NuOSvp1eFL29hEzdrou+LRsQIZsjWD0LQGtG +AdfOxhdX+2q2sRpjKvpuSXQ9MCxzKss9Nx/rKUSZusQrz1ImRy9X6skvgdxU0XZy +Efhsves9rcM1EBHivwKM5aXHbl9yL8U9RI2pMyuJBdM5Rm3Mli9yPx4OxfdDjESQ +5QvCWcg0AgmrRkWrG/vsZFJv5IaCWcYGgDtiltlz7YCm1VgNKP6mcZ4q+0RzS5VO +njuId6AGPQBAi+WRLtbKKOJ7QOpJjMMiyYilZ5Etodm6Bw7t7aglKSSzO+bUzlUl +gr1Z16UhpLyCFcuNo23TV2er/3gJjj0f7cCGCe4P7YSXE2mYmXIT5ZUqqKbCjCrT +oXmcZmO8Q3acfDRmMxmp/+9Tk8imSIR4sHSaqDAAwYI9LAp9nPAom85YgpFW8zAs +9ZrxvP/S3MXfIqodOQ96m+RxSeEXnkczZxL7hQRBPvFHKGWEUxuiUzNs/g4Tv9VM +I9MsOhxCSPCxx0xmEjuZwPdN/C1QCpfMHtbDbQERiEtE3l5rTvFBJ/5VjmWzlYu/ +kpoW1n31mOiMPjFz3DPBgCdbyjo0aJBohcuKdcBGM3gwLCj61mu0FliYtErPXcs9 +xB4Fj9d+N5foIpKXEZWJH7IMwbjDc4yfhX0eBBiNB70gafJHeWgnLGa0HYjTEw1L +2YTU0jNjJDsrtRj/ejTPQyGI/qfRPNSsiW0woZval2FK0DO2krHkjP7tNXrSA1A+ +kavIS4gdxXmBmJGd5kpSlw4OwLPyAlIFF2Psiyuw7GEdO3X6IIVcXz9Sq1gIeQvH +Uv+iH9MmOJOJKkTOLE+4lhkstBjkezXIK7la7ND1cAIK7zrNcaal7uDQOj1DWMei +cSIIOEjSM2ugzsmIvlmn3iKdxJYODPR1gnlZvaeXG3S+zTpSPbeWDiwi6BwG87TA +XWISDkVko9TF6zlPjF4ufrACrPCwqVX/ITwrPfBa/QCc8/P7BKDkDC/1gFQ7z8Zp +qhW+3tsSZK6ZFMVYXEzuHbjWXX4BR/AIkZ8mv6X5XFdUA2BkFVV/hRet04oJsemC +VerV0qu3rxuMvVwpUGsoWT7JlSQXhZcFPS/DpQCThNkiNOR5suPfOuT3uy+qpnJB +O0Lq5Zyq73mcZd0vtevNz3iTxIdbAay6k29CGUhjipcKLkK7qYyUaUOG6YNaAXwP +kO2qjNG6/am9WZowcTGhr7W3EW2CSgB4p0RCqVvn9Ambxh92ApoLR9g6e0DmdeA7 +/8mpSHsOu1dyfIEUWk26b3TSet+TjQqgccrx9H8w7bBBaMgWOklx88EeI0ON8SJ0 +yzJ2DIwnU1sEQR+T7AwaPWF/rXFcqGTRhKPE1Qh7gQvPYJlUL1P9PvoorCRzftAk +VJ2vNEuNEfo9XcF9jxyAWKUprF0yYofFOTNDt2lR085uTINm7FHpCVJd937o1qg9 +ynLRJfi9FacFhLjJymHVSRe3vxmDkSiMzEn8hH2XXfyTZC7/qDJ71XH/LE+5UcFk +odTDF77EJJTqWctO9G1vGzZhAHwA6vAl+rLU6XIHwWp+PcbGXE8B/LNqWog+z5x2 +78sPQH041V2IzeVg8W/K4cs3GcfINyDvZByNeoSXaQW9AkRa9rpbxEwerpmYYl04 +qPwpDJ43C3/xVXqnCfCRBBcefHuKpYeqXiZQhG0M65pT0u4PjLW2uAb0nLj3Rmih +dOVi+dHEzjCvUtA8xwMybcVxS0s6J3fOc5N4EhDVf7zwDeDxbHhyCs6CER7+OXKd +V4kL5Ql35lbghYI2XFfaV6c8ko6Mi9IGmqQ0hW5YR+WDkvZXA1cWG5qf+y7zyXll +8+Dcesbyt8VENb8W74xv41rjrkASPLlYdi3qWgpbifUHFkD6ib98Yoy+NGTPtdOF +VGIBxHalZKxZeR/yrIs2nrwGMy1H1rYcG3Oq+uC4Edsi00xlLV5KnvdgEtaOmxlO +Xp1YfcyQfUqxALbVBlJOiWxzhvFTa1pW63ZI4Adce+epKrIz6Jw1095QFPGkZzkS +5Y+8qfh9f0r0Bjt0sypelrWjv7cIN95KEYDjz1U1RhcPkQGz41RrYuoP+5c49DdF +rjNiz9wkKVRx3C08TAtsiZm0TvC8zNRD9Pbs9AckN095dQfyouIGb2dw6MctaeKo +BHTGK9yrZiLZnBUkmZJ157YTH6m/5ajy2LwmhpoXnVQEgbFHa5au5lU7o6NhrpW7 +995sWn5DJN6AUrWyfk32TorEUQWTraFIFcUyQh4U1PoC3NXIJbWlOj+m+KwFpA/W +CgrSqbHv4TXd9YI3So4tixj2gREO4KPHKX0ky9rno1YXQOuf3iNWJUm40Vjx1eRt +VglBdYksTl/8su59rdBFC+HNOAAZeNSo5rOp6YLO3K9sum/WkGmeHh2ybE90O4K1 +Walnv8SHIolSKzAoACFrsm36o2QX/D3VwDAZYKqcsLaJhFq5KByXR1vgPbonIECN +seGaazCKCLP0DVuqh5SrJ1g+FQUT5KWA0R2fwok2 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/traefik-env.age b/secrets/traefik-env.age new file mode 100644 index 0000000..fcbfb14 --- /dev/null +++ b/secrets/traefik-env.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB2V3Nq +SG9HWXRlME1FaWc5dFJLdWxWblkvdmJnZmF0dWFwZnVMTUZ6WG04Cm5YUFVwQmNW +cmZQd3B1b093MStBd1FzaFgrQlJPb0dwQUVLNjNwdjJsdUEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFJDWkk5Y3NUSFl6dXhINXZiUzJvNWVGZmVldHJacHNLTWlOVTA0 +M2ExMmcKRmY4NXhTb1NhSEJ3QjZKMUhDNjFkUnF2aVF0ZFB4ZlhESCs5czhVbXRJ +QQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgM0x0bVVoVHRKdVM5bW9QTVVrWitIZVRP +OFJmaE9FaVQzRmdQSnRYZUZoYwpERHlUR0NxZ3h0MzJGMS84UVc5MVBRSUlyQkZW +UmZta2JTOGxnZCtUanBjCi0+IHNzaC1lZDI1NTE5IENTTXloZyB3dnlJQm11U0pa +U1c4K3ViRk1DOVplRUZrZFJReDFPZ24zbEp4T3ZROWlrCmxicXNISElOQ0QwL2NE +RXpIdDF0eloxOTgwb29rTGJvem42azV6c0cyUXcKLT4gWj9ET3UnWkctZ3JlYXNl +ICJRYypNKD4gR0BURkcxIH03JXUKUHAwaThlaHZ0MWJrWE9BSUN5cmdXczE5UlZn +aHVlRHJDckFEK25vejB5VU0vbEtYMzUwCi0tLSBydjU4M0tiMWpCd1VoTG1xamN4 +aFhiYnRCb1F5WXFlQVRuUDZwUTdWRjJFCl/ljCpW4REfmAlzzZBXAS/iObv4S/Lz +47sGJNrxehtC/hP0p99Zsv1jowI75yJ/JTtAzRQensy7t1I7yOInAUO0HZzqQ5n+ +xGJa8O7IKn8FrNlTAFb3J+6Rm9NsO+r4toQ945D9lrXrDDl7oR6CytjcNz6ttYAO +ebmYbLFWSr0HugkZ3mzIDZb7F6gv88cyqeKejWxHz/DRdUfld7Vxm6ITzIneNAc= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/vaultwarden-db.age b/secrets/vaultwarden-db.age new file mode 100644 index 0000000..e5e8ca0 --- /dev/null +++ b/secrets/vaultwarden-db.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBYK3lV +MWU0THFvclVpeE85cmNKeEJySlMzbHNNZ1RoYTFrWmlEbjlPb1ZvCjV3VVE5ZG8w +bDdacTZONFNTNnNac1ZsRGpQSGxDejlkTWdrUExqbmJPTlEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEp1a1lsWWNBWDdVdVJrWk0xRFEraHg1WW93ZDBuaVNXU0pxRXli +dW9GUU0KaHYvZkpobE1lc2dXVHdQQllaY2sxVk9wQWg3ZjBsNXkvd3Q0WHhGaTAx +QQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgK2NrR3pHUGlPSnMvMk1pZnBhb3FEdS9r +TTIyVUJYYlExWTl2eE81cWMyRQpqT3BUcktFeU82YWg3VDNZL215Q1BRRTJ5ODh3 +L2xUZTd1MVFUK1VGcTVBCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5NjFCOU5NVnhT +cWd5YzA2MEdya0tpMkFwUjU2d2ZaODZpSS9ndTlCQ3hzCnkzL3VLc0ZvS1UvNnIz +c2RYT1dobU44WGFiMTFMOTk2MEN5clF5bjlycXcKLT4gRnUqaS1ncmVhc2UgIVc3 +Wkp2VEggTSYufD0gb2Imc3MKUWkzZUh3SGREb3pWSGFQOVEwUGN2VDJCcE1RWmcv +WXJhY2J3a1lHTldRelYzYVdGUDF5VEt2SHpKaTFMZFVrYQpTeTkrQWMvMDBMRGU0 +Qlp2RzEreTA4Nms3VklZSEFWUFJYQQotLS0gcENnSFArbHZ0bzJiWVBxcjk4SVZp +UXRXRkNqZDRBdVJXSFNUU0JiMVZCNAoV4eJdHQRq/+2FoUAct/AZJ5Cjp83O+Ao3 +YpFfqiC4XlrsZAnv/WwfbRA/raOBiw== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age new file mode 100644 index 0000000..89986e8 --- /dev/null +++ b/secrets/vaultwarden-env.age @@ -0,0 +1,446 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBSS3lv +VHBhQ1FpNGpicHFmTHR3cTVkR3M4V2Z2K3N3QUhKazVMTmdYNWg0CjNjNURDeHpr +N3dvUlJJZFNETWx4SngyRWx1L0pVbjV6YjBTVHBZVlZ4SXcKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIEhGTmREdVBJeEtsR05XL3QyVE5NMjMxTy9YUC9MZ0VHbW9vNDk0 +TmZnUTAKOVM3UEJDNEtySHBVNEZDeFpDZXJTdEFjYmxxalcycjIrS3RYZmhIaVpX +cwotPiBzc2gtZWQyNTUxOSBsR3FWWmcganJCWFcxOWdDbUtrdW9nRmJ5UktVbG5s +Um03WTRWd0xpc2xpQ3hrYzhtYwpEb2FuWDllMVJiQThqZytHVGYwcU0yTXlEYk9M +VkdnMXhpeHNNbXN4NXZZCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5SWZ2c2FXeFRD +c2lPUGkvUS8xaHM4RDloc0Q5NUhjMjZzbDcyWXAwM3dVCkZZZDlZVHZlNGNFaUpm +cEo0TklNTlZQSUFrNHZzeGViVDViUkFBUGhQMUUKLT4gLWJ7SC1ncmVhc2UgbX0g +R2AKa2xjM3FQS1JNREN3Rkk4RlE4RzdNQkdxN3BrWlNrcEpDa0RuTVBJSkpTbkJD +amVGVHBscWcyWU9leVlVYzJjRQpKMHpkbmJRRjFCU3p3WEpxZXlaOGkrY1MzVjBr +UEo1ZHhRdTc5V2wwCi0tLSB1VC9pYi9Zb0FobWFYSEZDWms2dHlORjJZM2V0VnFm +U3owZ3FhR1ZIRFdBCmIF4M4HUvGftb9PuF/QRR1D51E9GVfGBOnKq/PHvv01pjSs +Sm1Wga8igk11OYXt3shnA4tgXKtBaziTEtPYbMkyEhoj8ewY/cbWii/9x3F5PREu +mHOnQqdvhgnd0kgsf0t/+NaUBLHsCToqmBBlf1H4PxOqr138DOVJ/595ZVXvUE7B +L9zhdZk8LN5HAe2JmkfBqsPF3m4rvs9eWXjqewaKKYt5sSJaT+KTSZW+xYOlhpeD +BhC0FrsCQO7cHG4+ocC+1QMUResue29sO9a6TKeWRK1CVouwmTs563tnOLJTL/FE +D8Fyou/pobTZX/GPeX7C0BmJf47HhatqbGHxSKrZaL4FXWy3w+vnsUtFCCtcQAUM +RTVyWBO2W4TUX21+CE6TuyCNfgMBWkWu2I2d9w1HnjPLsodxufYUgVifnZCGaZZM +XqXVi+gKruUsdJa44x4u623nHrf3R69lUVyR1u7ohwfWBQ+qHTBZBnvnTCCYDx6f ++hhGXgOOxqpFQ5en/Y+S8xKteBfh7QENRJk64+lL+Xk2gSumauqt8NHkjmeOi8wo +/Znoefhk8aLVCaCfXpNdRHHHZnVB8z7XTWiyvvnFlXlMNwhrkuofSw23C6qdD7XK +rCzVX25pp2dRIgVcfwSqApGs5KKMvd0+4Zwe72iB4HmQnnbtGCsQ3G9gvXMMwicw +ScRoi1n8mDAFmS7dRB0bCZoCdECL8u1uCPKg2L/DIK7FTOXhCOKXtlOteyDegbUj +y4U7/tPuDdModOc4OOWf6+Y+oZt3qHLrg2mqt+SqQ5PQvIYPpBRLj6rp0s25FCP+ +ezgKA4tnlF0Hr12Y/Uik9e3bSjIJnnx225mAD19/67ivFmhHWI1lTzrtC0duG0wL +spbDib6FsBFivYbfsYk0CPKio/LfWRzM+m1BhZICjnrB/lsp4X8l/IVcvJXXePon +Oeky7mWm2pIGytY59Ej87027JaRJelf5Vs8Y4wIni1m/xHWQx9sMi1J0x2YfrHFn +FO5ONrTjDVZrzYe10lhOnTCLIXMmFgovLAR6yY7gxTnSExuF8rI/LQYZjpG7jaCF +Lq/wv8U1Qj5+oqQFF8f81C9nNZSFAEKpEhwr5tF69PzUiG4Fq55bTnDeJSHNz8bC +I+Rl+Yaa+rKZX0UyW+AHMlvqhY43snXzeAO6P/2F2f7eb8tVSDWMsxdMwjDxG1JY +j4pEFilYIoZlPg31vUtoz9Gamzk8jHjpTKI2apYg+TNnC0owx1xt/7aib0f0gFkb +TPs3KsVwnhxlK+jvg7B51UDGm0cRSRwt0yv1eYmUJblkv+UbCw9frHqGR1Kqu6dj +MH3StIoJLfQW6WlAANKkCg7kM2CR20Meh1tVcZXEUwTlH59TkkVAYbtAfyrAub/A +sDVZ2yT/cptceA4thQLZJR5jLxJeCfSDqOTHnLUzaZdurIHApDRFQSxEcv1BoKZB +mdwBCllYlg1UMBpnpJfeMQo0ohh1Y697aeRcWww9O4aZ3VqvG55pW/n9PqmB1Z4Y +G5fIJGnDHTdsnRCyDDn+T9OK0Y+DzDh+fID+iG5GdbyXjyzghH+3Eqv1YxgxF71r +iqB/+a0ZSO3XED3yBDxgw5ur7UmUSwWPhuQSj2b5VzmkZcrk0TbCm+Mn4Qt4/9MX +2xf8feRCssk5bFgABhSHuOtqkH6NvUU0nPuhCORPuJuA+KVAidDlVP+8ChJRS1cK +8YkE0WZWvsateeVtb7keclf+9BPXJtA7dRwXjDnfF4Tn2pcq4KsysC0AuEYUQ2Mz +1DzAzCHair1XbhiBouSf5/VYDE64j7VjTFYbNlCiUqRGwcLd9zclgKe4gwCiBEw/ +x+C+uxFtjNiZFuYCBb/cCOm/FrEoJJCJb05Zu7xiyIv8X1hh5odeBq7jS1qlcz5V +okNe1j2p6SC2uammLTJvmTh66E0XnBNNFFH9Dx5lktRY109nsJuzaM/x9M3CxEzY +73GAWjUvMi0lLRg4Wcckbm4W5fUxCT32VmgT1AVn86JV+MQOs4UUFWreEWTGLzz5 +HiLbzj034TVRLF8f5NYtg/1DkA2IkxeYlbVBu3/l6tWl+xEUitCeH3YBFBAK5CoN +lGI2qVcIt0/WYS1PwoN8PMFhZfN13RnBmmIvVBv68Cf7Cxw7y1V+AN1UF9cZCzM+ +G4K6cQR2D7N5EHhEObyOeTO7f64dzOJwE42GCk5HdqfhTca0pupznp533pRnMA5u +oGZCQTuD77nIIH5uOnHAf+L1fg+17z8en/+1LCO68prtJAUvo32aMERvzzDD+8QZ +lE0pRUWgjXf9KT/dRaLMAvdnrUMTDirhJUJepUTKgAjUVyJMEudrJv7Dgrtd4Pro +Ut+kwlM+g98rCCTlYTXi8USX65PG4NAtYDqeXg3NuwqfKGqi5uKjIx9CTGNirfuq +3PC9zZR4D+/efhbs3b9PGzbCIusz7nXbenTSNwABJkxLr7czAP6iROpcFDPxOmFj +Qs7N2zNSxZd0qv6SePtv7/hQHbAPHhVdX0xaVtS5esXgEGA0n/ny7/txEk10+8sE +JDFfRD+LAL2nKbTGpsqVbwJMkVd8Di805eKNKPihl3jTMpw4IdgqwoTCP4rfXISx +rMoHHT9FIbWF4oXLujbKYnq8HZ2PM7ZfNyFDu4cDQXZvv+5Pnq4hsWguQR56YVZT +43nOrKukldoL9EQwRMoe+nbMw62zo7FfvycXff4GZJgdC4TBw/FegcMtUW28pKKT +D70xaR7/BHSgTpQYhV34XXN1HPUtneCTYF8hy1M94CDKe66ulp6GQhGjvztCfyqK +gLIRymT71neZTfdhN5Y62euN79VS91xIKHqZIKWj9hJ+zrUmU5p5DGD/oPtC2lJT +ulR/2dcwTof/NKbU8xMtfFzDW1R4X/Tdbq86kLGeGMyLoBUXicMJuFGHJMBW9Z6x +uDRMCqunW+aWTMaaYtO+B8ioFLDSiZCyN8zfo6P3ahcyGzzw3GruGJirdUSrCl8Z +XtTy+WsIBiOuGPoPZyHorvhyPmuw1pSEruA4MvrSUiqpsJG1KrCHK0G+tuWIeLKo +sleuUGliCFrE66jw0ftSaiJh43Verg6W9hOESoDlf5EK305bP2uLgUGP+yuDuSYO +/3YKvhMC8ongcRlhgcJraZBNCT985Z4fKvi3l8u3t5LL+8Qb/AKlx4QVSOKP4R9O +ufA79QeN8NNiwDokpiLLqJux1bHopkLby851laI67/+J0ytGuJXDDmhc5u8/sXsI +9g0RaMyH1iaXVE/CtEbd1KwfwgmQVVn/J8mZrRw2UxKQ+3rW5YcOl7WeE506XRE0 +3AW3obUkX5N007/fbma5RZUL1oC8dYG1v/5ibBQ21WfiOO4C6arGa387U7aktnSF +tYD4q2zGG7diLcV8l2qQsRZZYaNSQ1w7VhvXZHssNmk6B+xV5YqNnlShSlyLWeqh +gU7Cjp+eCDngrbtbntldujmO+zmyb8PTj6mkkQgVt2bfwbUs/TmpveGX6BzHZMKZ +1+y4omAdldGNJ2dagrohgJTLnao/mQJKLSZefPZsCcV76q4zqnedqPryTxN3SoMp +6qUqhSP2St2F6CzNaYH0oorgMTe6PnwHY6sUIuB6/U6K4YSsGfhtkAmUMReQn5nK +EBJZ8NAX6wCEoxGt09/4CGg/MwlJM4W6YKlSoPNgFxDnoaH51j54TRR/ur6MS4Zw +6O3XVRVKSXvphvZ/zMIU+5s6LEDPyuHsmAwy9sai6UfttDEf4ge347d1eQ6Y2OI7 +cwWelTSG4wHxh5IcbJ7jMzLeGI4OinCq0JwkSEgSFHKb5fCBHzO/qLwTdTvMXGgD +X2ZGGY7FKruArhovVdbznuyPySLfzG+SG64cQmWJf2l77e+i+7Tzo0p/LeESSaGB +5AQDYva2KkMwOMxsBljqv85EE9QkbsrMH4xtkZXHuYIf/oRo/Q+3waUGOuKZyIOh +AR+VSANwqE9DQBg0g9jUrJCK3+ojVbdlCb/2DBD6w3OeFghUZNo0/cifmuMXJ3xo +qishnJwZcUgC2OPHMYufy516g5GazoR8107aUdH/ZyCI+geFk4NVIbDBBrY3LFk5 +od4dGziUFPombTPhU1HEdYEAZ9OfqEmj1920GE+7XF/hJdwfV/ZZGHq4SNLk5zpy +AmNecQNo2xuYlGFuz+YT+vi2AYg4zu6iZygykBrV0r/owiPjFzBGiAtlVobM7X4Y +Cd3WfmVylNfu8GS+ELgLPK1RXuH/Kw/ExyOJBXV1SUeYXE3OCI1ayRPfvGrcoJwv +wOjDTSZaFNpx/BFLSGbwJZJk5kWiAdRfXQ9wZmFb1byZRMYLT6L5bxAUYahW6SNN +XD2bzkHPEcg4yKD+hNPRXzZgq51oF9y3my82Tw6jI5q4J6HfoFl+pVIFulh6aUmJ +yNl7GZ47li5z7AdKjZ4RvNT1ScA5D45zBShU+4CLbrqV189vQfglX78S48N0rk5M +wNUxzdcbSJWGNkXaxUBTnXfdiSfIGUGtKUUURBw/vi0/w49NziM2zv8GbnijsY7F +7664VDp7zAclIcDwtNp5QkCM6fWMattinF7eRAHQRFjVDPDJPLDn+IhSq4Rs0Ny1 +KxfFRbhis7o/MVELuhuJpJO7FPTPQ8FsHUtto3sEYvGGqQIxJ1JJoAJ7sQ7jPv+C +TVaIl5XBx91sUnHiThPnUhmYpBJn0hj9+2kPOQIEwZ0/AxsDdRI3BgVJl6M1fAWa +l+4kfPzND/MN8i2yezh4d1Qv+w7ut4mDgnEs50Cp8EaL48XiDHbMt/GWBGQvj74B +jQDX5dyd1zEzcAAes5R1yg/8iv+vthqD+drYdf5Tc2jnhEaX1CQE+PhntiVFN99K +fkS25n+vMH0yzLDzfPdAyxvgcVCNNsggeas2UhYSL5zUUolpxYnbPLM+naKxGRIU +RX/F87tvbKuL41WOl0HJPO5I0smadCU+08c66h2i1nkhEsQDKEYqRE33k9Oj4RWu +7k0GwPToapi8HySDDODvrLvkdK3K2l1aPGvxpW+jJjeAPwZ4c7+0WabtgB0voUQH +O7AKBnLyMyTmsUo+Dn0opSfKIPE24xhq8PLpRoYmE4Zy5PRN0Vxjbk50BrHswbGj +XE+RdGk/OqP5ZUJIlUU2hohl0esF4MQ1nRhte4V82WiSnsck+w3ReJkPR/vBNAwU +7nREYkapY/NUkMX2Mzt4uhuZw+AzDrg4gNisADPykR3pGrjb52ORhRT8pqb1vdxw +XVyT/S7QS7w/3atS4D6IeDxcbcUGWD0mHusxg4BnUKS+qgMIRRWj/SBnDpCa+jUf +3+RBdFaTe8ygHairE3Ekb9TG3Me32XQAL5R1mnoIXOlI+BSFYhidFUs9W/BAZqis +CDDg/r9inr4dCYUyK7GI0Yvi88P8bcDItUlV/88eNOw11h8YO3S1k4HmPsMk7mxk +0AHpf/RLZEf0ES1zR+8PJCxj/lQmCGblJ5nA2Fsc7fsBEu8s6i3niLAfUBGqWW8c +B1R4+gGrXlUBF033CcAuJbBXjtteQQCAiwdUDFXPn7RYOpaR51QJ3/OaGTkhnhE7 +7aerayLfEFxFBNpaIu67FB8TorzykDu4eXDHJI25untveYYa8Xb4z1IjYKqHOrtL +4ClAppxafSm4yMqglJZOp6i5tWNPCQzDgcwS05oAMkpdByOarJivCNW0x1+25qYl +MvxYKOkcQ71S3yk13OCp47u/joDvgj464a5gwRffxkODdjeYg+nin5rjMQH1yPhY +u0+M1CVPlMc9TvUbc9dsQrFblWlRiU2nLRtEJBJkYpTs1e27QVtNvw441mp2fvxO +xeLNxMMUPw98UUU6HayBVcJjJwCdP28tZ8fqjybOlg+lRMmuF469/EeFmiMHBWdz +gq/jSYgHzaJRZPUf5C4cHPAgxI+NgC0Dp7+SYAZHvsjEpUStQiSAD1Rt6ylJkutI +PnCv0a/rQM5i8LaT9LW2tjZ2azAWVU6XOcRPM1A8QGwEJpVHJjDbuw47NtjDTApO +BqSM8O5IE+farBQ7zHjXAeThwqv2XklwCFsBv71dPq39N8mUJxlc4ot7GFVSDMDl +iQaV8HiBSEqnfF3MNT0FslUlaYKwB+7pdwpRyiPVqkxDW+kbzMxc8735XvVDcvR/ +XkO6atsD7HMeAryYzw7sRbL5xLjK0wSqtAZ7IJyGb9z986YQt0IMpGt5HEN364FN +5T2iFqIaCbtZH9Ojj6/eWq76J9UEsrmMNZNam+FATqK/nlecal2FeyMMJmUb5Pge +n12IJWQW5K8n8V5rhPbwiQhI3qvWX4yUIjJbiBfan91MDOyovV6Z9vr7mEATvuWn +9WqWWAPzuQSNSxfE0nyaC2pPNsjc9+uIFxFh5Qp/PAf9KV6mZZg+uJY7UkSeRnh/ +PWI9Oa+XWDmrxKKDZ3K61TDJSK4D5dGsIWmUapY0Mny59ZReJDfpUFR4iO+Cs70I +axqzLnzYYYStlGbLA8LFUYzSsaHsa1JGTOqqPjQYPS0k2LKPEQk1lzepAL+vINpJ +7L9ZW1qJFI/SHymM/KsdIs/xw5UMFaZmcf074T8pkFEKj519ZjZ8Tklv1/pBTJdx +Va0IFALspT7P92Qd3fS6d96gs5CQJSldcVL/XnLc8tcJwPeDXJrKIDDjh8OVF8Ux +EzAHRt9pplBp4AArag1/8z13cg+/YhWDipozw6C8HPrl+hh4K8C/bgvx03a06vqO +MOjxW1t9njUKSPY3Evx0rvRKmDGyj1G9s3HFAI/LhFvw9axgf4HpT0MMGlofJ7Gi +a7rx1azsxzYj+OP5IhMW3C3f+4qRKDJnXYHwK8ADh+WPeStGIedGMVMBrAKThHUv +poBFIHK1zgayREQ+3/ZipJAxYSc05ytx+HnjS0gkEtFqfI4OvDUItfjVpTgiABk1 +FWVBShV1Az9MeN3rw27xjHBh69k9O34DvD8Pvn858l9B5159dLZnzrlUqkL+g67z +w/8xFmHhqQDiw203Tfrx/Ui/OiP/R9fEi5cWWdpbQdG9BbNYrsjLwmPlROEgX03Z +auvZP9PwkuqSNa5aAii5/kEerZWR84t+9ctqg7KSTnIEMQzKK2f+tRcRXCLwt7a6 +enDXlrlJDiB0TBi9OGeKPx0NfEhbB1vpa8CKgHooBVlOjOJ/ZTrvkNgolhPbM5l6 +agJvBdBz4xOdjCX3w1SzCcUB+8zCd95nNsGMTRMgA22Db+SM1gDyIhedVA98C5oh +hudGil0xpJrQhJuYwvsBpiqQ1y4bwl9+8hnXT+v7nGxvcU7OXZoNVsknNHvDlwMN ++KPbd3Q0dhA+aYiMTI3oc/iTfF4tF0RLsjUAelh4KUXQEcZQHsFDsRfrfDRO+3YO +siBDebDkNgtJ9wkdJk3+kMA/813i8SqeD14TyZoXlgEb0igAIfbl0y7vUL1Iq8dq ++FnQf/chG3//cofVi3i0PpX9uVT+bpHST1Y9HVhgK3iI7/CCltkLUJQgNO2T3JkB +CkCmRwWWloxj/sIesJfB/XkWFAtSIlH+/8zVQhdvjwSrhC13FG72FzXEDrIi6k5g +B9psKrnaauyTtdGnNbazqzmKlqiRjiSEGYEHp50cHySxlGHVqTxc6Vj2dENjdy3t +F1MjZlBDYlM3Y9NhSU6BFcfvJylprAIUwv+dZvGzm6BPNzCTfNrh//g6A/1aJACJ +sTCQbZWEMMde4N58zxoJj/WeKOYiIt/cwerghqUtZDL28R3L5j3C4yC0/olhE++S +NDXjVMHya41DmSX1XRQraYP8FSvR0Dm+G64Ea8P6ieDM1j1hejVNw5TESUWT+H0q +UhKbEgzypTkGxKpXaXf4utmIgY5CQlZj9B5LAsxvFwRhe7tipto41yi3DWnSjFwT +MnB750V5ZupNWUcaMZB71RCZHrQA3FBesjmO6XjI91WRNVsjJW1cPwia+NsJGcuR +7moRY3P5mCiPgLP1wB1Mjf7ZKnJ+Lj4slFQbTQTVuM52f9mmTXXqnTFL0xJSMIcr +xtR+SxbshAh7Fkj8aM/2LrVzAC62F7sI6YWjRKfUG1kyFcmEFULXbCOUJIL5ChQr +fnbvA2T9NIVgveSXQUxk2BH0HQ2S+gmB6pwzl+oij3isJzqvT4as0sWnTfC2ccnZ +8AYTaOzSPHIRD5+Bae3TLExcCXvVp/5OdC0nZ8c9sy4kTNWqr4c6j5bAzwhWKV0V +/QjPt4nifUlHL5drb4MCI8PC3DxITOMWZOokbuuzUokUe+2QN7RVNqPQhenc6MGZ +l76tok/rFXkBfeZjR6d6ykxeZyb5aGK3vkW3fpjMOqotgbZZ0XL5/bbrCcjNXnHb +Cc1X4T6NXBERu5f68V4tYsOnIg8XagAaHL/OlbXzP3vh1WIwoYCeouTLHGUEmeYC ++CegARplWkDmQBenVawpl7y7Q3wiD6DfBOZ8+k8IK5+x6WyYIy+NiniXUGPRPbcJ +KcIBpm7rXM0Hus1WkyPPfSuuD8+TL/SirsF/E4ctncF8xuREQDOp9bClsh/9sPFd +mmU0+1hWufdRlbd20Mgs37a7L6bgCSD3AirJkulflWT61uuXmAbLWWs3cdZ8Zy6D +a4Z+FzsUBl8WUV+DlQ8136hG48AZDBGNtGn1hGLvT9sWVd2lMX0HRTw+y2UuwKll +Hj0SXmozcBEHNLs8bymFKW9Z0qUQMWYL1vIl2kuchlZJMsFL+ApGaIsA4I1GiJOR +Vq1WlZVgeUcTCpP1ulC2jwoHQ4ufC1X6NRJa9v0WnC8ZtInrdsL0EbgmlNqQrdRc +dARnhpurjBT/rDIi25EPZGhnNkrWP4kwOdYWwu2wIC0EMjFXobQ3ejzp+eOs8q63 +QcA3+w7ozlqojNIpJTBH48l8fsnn0RUwZydmJsyiKCMTspRV/VCtpA2Po9WljeGK +xEVmCazumBektCtYgP2fOTL3rWUa7CXEitxmcMilEd1POJH9pzkmoIVIbjgcUe4p +SpTenncERyWvz3K9AM0oW71ivPDtk/EQCW6mspwHoy/C0JpSbSdngrMQ1xiT4tye ++MuKkOF/SgG9hJzhWgw/lomBBTxWtKKdwAatmAUCLJcGxmWUE01/9QgXs91f+k2d +Oy3N2IJGT//YY0tsyaWD8YvDyExGg8EjlEfD6dc2zUCXO94I/bQ8T9y50kiqksF1 +ApQYv+RYP/BZKh4Tt/Hq2Oy82nT9ZDrm7Tucc5QffQTqAybcFQXcr2Qme6OxtuU/ +mVzYcjOTy3BnRURASq7KrUZwB5ZVok0DeHJwFqojBG6EkENYHlOKohJO7inXGVPZ +EvjeLw5whz+n7BqSNw+s6URp9P2G+nGGtJObMlgxfDmLxTu+xlo3WoyMEjpBsHCz +F6up5uxB3KqC+dkIz6emHJzQJnbNkaNf1d8LclmCjeskKPbDvI5ze1fdZEpUzjhf +koeYYQObUFFvOvrd8cNkt3ABFXk3hTC/6mS170tLgnJ1bIcu49fhzPtb5zGudhhV +XbXG+hEQ9tSrDKItTxS91eKWFa8Cv9inUiNPbVJ4t6bU6gLDp9naWhMWrJiqj7zW +5HpAup0rTs50f9UVU8g+TR7IGheqcd7T7sFMiu/GoZj0ixe5UVINxTGy/SSn67Fg +BLh6M+e72wog9njTYYMrmgINA4ytRIWaaQAwj7OeUom9tRkKGDBG/XkTt5VZUNd4 +fugFM0Z/ER9tEZBbd+pFs2hUceoRiq1/dD86zto7rB7Np9l3OdKRurfPFoktaTwh +iMMV9NPOZ+bSQnWvcNSxUx6L0EfRtwN9v9R1D33Pl0BH2o3HLKgWxX5YBvqA2AEj +kZe+NHAOQBV8IAIJho/IWb+EVks6Dy0r9CDu7sWBcmz2WwXZ3vxbllfQm5v+wzPo +gACckqzahdwy8d8VervLvuiqTrXmpfuINm5J25cL2mplBx+2voMcmeXT5d8/IUx+ +EqgH9DKLkWdv/Tmyu2Jw3ADwKJvQ9IPHNKFBs8r4Ni0olphFjxDlHJTCfNCAWk7a +9EtaVvsaASEOAwzqqCk7BT6Oa19foJ367u20i2jfb0JdBIfHW9sLbCSXzW2mRHcW +dHJHc4cJhlhqIRUL3rMinCYsP8l6ld5gPNlkjMmrJHfoUvEqPXwpRkBm1VVce+Nc +iyyiMZjEwloX+ZPI8Irw0PteYGIkZ4Du7LCvp+bo6W8jxE60yd+q3Iwmet2EtbVk +tw1ULWuSVZoHRpPXHqDzhJemVRQfhAW93MHirwdX56jo1lirc4nFxp9is/0ygGRx +Q447tS5EavLQcsC536g6oLsc1gpL4NHmymsJhVTJVkSGVucWm+WD7QxCyvwuvN8m +tzBrUe25JQI/xDUMqLUh7Qf/rEvKGnp+7r/jDCo2qUNzqlgb6H874x1wGFdW7E2h +aM3/KPBybk4YsgdkwWOBCQE/LmigwPA9UGS90gwvyO4/EZSGbYgdh8WJU3QLuOSQ ++yPjvYCVT/CrXmvN22k4aGGPTKIKKNTFB/DSIF8bjHFbeO0NCK2tsXCXVrG5+Wk/ +kbbeH9kGRszunGqbwbe3H863zPcHTw7BlajG/zofXQNt3YBXSXoc4TmAb5gYH1BQ +BN38/tHADgKbNYLKgaWyC7HHHUuarJ4XXHkkZrM9OmRqOo0Moz3WRwqrRNrH1i9I +cS4RxErDzqdzvZy8XRZlv0ImoZt/g0tGIlSYUKRjeBxUEY4O/oMo/esJm+fmBB3d +yb7k5Ao7J1jhie8uSs+NKfLBSpQvRopOZhkpRyFfYXrBWdg5TED7aADbdipfxgl2 +CcZWu35Ums2tESvtymL5EyTCxlsGrdHmBXt6LIumc+tVIbHmu2IhEKUaxcBJQlz1 +nc2EpMKrDNi5EI54Q0doTVXSBCui90HIgpUAp1DcyknbDqawSHPmscvXduEuEMds +WTfmd/BjX7CXPqO33bRfZPivB335HC3Q+oFZJyMmkQ/g46Tfyoi9TDkofO+k5S0Z +BiQGlgGC+U9/x6rGlFbYjh0N+qwYM76NRiollG5KsxauSjBtj6hatNz4P3oiu+qq +NJnFFvQ8/RP8ukPss428czqaqTCLdCSY94qSM8IUTr2iJVMhrVqMQR/4o3i7x8Rq +hAqAYaTAukv5iNbeJ6t+WiGg850WvfGKfU2QGhV9pIEpTozk8uyxSSE1qRyNy8z1 +nv/XNxKQZcLCfAaCpuzXkCDw/+IBBObR8bRIBwsewMCS7gYWWKmsS6pJyMg51uOj +mbxdktPKeZsKNwB8u7i3KW+mnMwGIh9Kz75/xX7ycH+1qT8pMLubHO/k1/+8bBk+ +LEmHEk92Ehv9yFtxE+SurzyQuHymeqBJfodQeV5rXtnsAsHxDi4Qx1C0ueOmgCgR +StcHk9Ym5aj/K4rVZXSe5+cbZu5ptMHRK2IcRAhfVFO4OTWkcpCj/WH3drF7wWur +2Viycs623uI3K7oYfwXp3CXGIoWIO44H4IPrnP+gnP3Wld3XHe+Ev464FiP53HW6 +GBxUt3BOW3G0n5ai3ujvEvP9rRk5e/Ie+LQPkJLd6sT/7oTlrgG73i5C8/oQggRx +sXeCAZjMyIEgB+oSk/rOZFZQTXzRBE52GHzGOlM0ZAWxcRRRley6SnHohnRmIKwS +sTyjwrv6wLDEk0ftyOX7S6HBiD5i7opubnVw98Xl6lGFwu6A7yhOnT5NweHr19g6 +yCmqFt9a/vQIHN5AVP2J/MT6oHyz92uwO1YcdXkc1xwdnn1PKNLxIrrLT5zYQ3nH +qVUKr7UE4QDDibwbld1Gh/q+mb8rW8cpwhcNITipgXchm77N6XMeOonAbrzVVypQ +MeMs9HlEJGIUGvv52i8ZE67TBsrsJmsE3gVOK1KCpOrKMh128iFh4YgulcZC8wwT +2nq7H832bWmsSO9h24b3g829i7hrvNvYXH1MDZLULOzkEyqg4PCz15tSa+dkNWU0 +nzaMF885LEuIJdp7Kr8pOwxwqPQTU1+33nvDppmrD1g/OpDY1FrxL7k4AfmGkF1w +qKAy/2nH58gw3UBxE32kfWNYxnBvVtJ0H3uQw0TkcKbWGUB37+1BACDpzHZVuIu9 +rnmHqn/5lUJY6fOdjPCaUMaSTnQK2sRFfDTYd0+CnB1QzgXBfp71ZgCdd8n9xS+l +Q64eLK/bhMxIVfx/0ogPix9F0iXYCJ1a5fBsDB/FqIWAk5cU6un88wlukaxEpb48 +/h2bx1w9duiNtBQhhkX4FfS8jBvhdkjTXMyqabxqJDYNRd0cs9PKIaz2oUXtHoJJ +d1MeAJFy8dRj3tQHiL7V0OeVc7gXle5xOXsOgjFloYyWLnPFEfdl0OF7NCqSE1se +r5sRbdGGTCmUoKeXsqQN5bNvpQgzKZhhY6Ml1do5kToOYh+csztIdqBjVWDPdFAf +Cq9GA39NE+F1KCTRx1tEr47Gz1VC9gcoKrWglKV2Yx6il5P30/4IZNhj6VyZqQcL +PIUDHpfUckZj2qNFSGWlHSIbwAVHv5fV0Skt+pxhE9+x2CD7LAr1aOeIRKquLMgA +CM9PFz1c0vUPAzJhO0XDaRo3yb9v+v4AJwy6HqRShQVQvmuFfvthmAvFl3OPXWXt +1Os/MNAFm/SeR6PXzczUeea6HgJFhWDqV5CiP/Qz+umlTnG8I+pQLGdgv0IDV8Gl +dZwKl5WvHOHY3QzF6hFdd3rRLx0JEIVHJYSB4wHHbaK/y4sznQQ0NNtl1cmMMWqK +XNBdFVcrtMkSHA9SknbGZNrYU/kP42iSHhDN2X8rQnuF6JIXdgDGEfW9FxiKa6/7 +d9L+gQVodx4xrOkObEAmHedvcW2qq3YMt01EDdRvwxCD7VHNxOI908XeELlJCFnq +qQCGLyGMEBUqRzS1xvn3BaflANaqbHNLFDSklaNpL10idfC/zUiHSYcmOoIwFOaf +UJ0mCU4UIznfh/F1kb5Ick4DJVAmhjCFd6Qg76hBv2wKhgz6T3fmS0nwG2hsY71Z +OBuTloLvn2Cyim0bZZDHtoZhQKZ0M4MQlQHByQ0Fdj1ltuDpZsrYKqliczF5LGF9 +zjPEIAdZMqmxqYVS5pbyaxUw3XXTb2r1U/DUcw9CiIai4nAWC/yTHxZdS/d//cmN +pl1u9kgb3ewoy2jcD1nffsBaSdNainU6E0uqwurKADtLg39vBwYS9ZZxvEetCpgw +QCXhp8wIrNxn1lqdYwsUUQg4UQkDUTSzoOHiHG2BwnGoo286Zm/oI5um8UtesVeq +U/p8sK4lm38Y/8nI/7OaD+sarmuwc4h/n6fEEo3F0tln1+Jel7v/90TFatMel5l8 +5GVsSRTF+y4m3m2Rz1ThMNa4Yf876g/39vqZ369QaFzyyFJ+oF2LAdMrm014lKaR +bZy/fEvkXujridYDCU8c3/ek/KoQ310y0QaMeqVFHXQieKxi1XBnjbNHXf2SrysM +3P333vUInGnPFN5Fyq450GoUYUH2yAqxaP4HSvbCHt3xmLCSg7nhGKSGDRB8afiF +wFjsTlAD7+t1RTAjYevbbhXUPUUz7P9Qq8v3O/JQCbqxLJpH/4nT7FnWE4Kv1B+y +cME4/Nxz8jVNSpB+IMeJRXXTEetE624tEma4j+x7WJIaIWlqxm8VTcMrPNlSI7iR +gtQmR73hJretP2ZfvQelSIPD0FvhP8E59c+WlCMkiHY62i8DWXsRiULK+zE/dbPi +9+EBzGD0L7N2ZZS08/5KEbjFtG/sY3rKHns/JKDhbXx6t0DiFP2aGRwbUEU9Lole +cf9oSk2Ep1fsnn5pwRJYQP7Fqs9P4BOZILw7HH/t+Slr4xMXrBoQDmH73dRXf0ng +GRpbYDMHchslOrDmi2kYOiLgedBVaAbfUQB/ZU58zDj25U1RvHNZXgqt+bgcJauM +1AnrpjWAI1H0v+BYV4VSlkvKXVplu++wVHs1tyVXV8/17TKHe+wUSHm7CQ1vjiT8 +erMLdcKmlGUvGwebCd7xIUCVEmTS5vv1hf6yULD2iQy1uAeQxf8EJ4iagE5aLiMy +kntDgVURtESJ0Asb85UiV80SoH7XiZvbdRCY0ieUvJ6fpNrwYe6rmdqYGtf360iL +UpwIVPaS8fidfXBOs9h/xm5KqLplyiYK/lDKbayusiVILLs++GuztAiHmqNG0Vlv +XJuIbOtckBtH0U10xp68FjMzaLWPMEmre/nuOGvBL6mkH0kl0HqPFkmt99ubjqmU +BCMBBob0GXfJ8wkjPYVtlljOqx1IJP/Ev+SF93M8X5DsCtCC7DBU4JjOQT1oFAud +WEFvlQxzpWB68NDSMElGGsMJIbgFoeWPw6muhxYeHPGBqsCOlDoHV3VUpQW4tG6R +sOHKKf8VkdBdRQmnbYFdPCK63Pq0oYsGrzi0PMyGvTfEJl74SFJVCtjUtKgmYw/f +xLOHqJUv98+uUuEFPleqIVNRzyhOk8bb/c1u4McjrxqKMj+TYonYcwaiWHBwNhrE +USd0WGuW5ANPxvObe4X1do4HBZA9S8u26pfM2M4GsvuO8ngtkHB7ROOTAQL9EOhd +B9BXteWj43TTaiECGgDT6l/DxR65UGwltSUlTANzF1oGMAwBlgbaRtUU4CkRLd8x +N0yqwAl45R9hw9qGVbNsrYfKML9JHq1o2ZuLRYtNEHqgjto+BMnsGJhvarT091hb +OnW97goizycrjAf/yFJAYaxSKkdn8k54AMp8L+aZ+CBXhmQ5rKH3fsNicLnTet/C +WLZ6+2bl8DRXXcshKvaF7e6SRSnxS+eN8r2WKF54xlrZFMaNVbAplvrtQ5W3LxS7 +UJB8u7+xEEc1hAnkowjlW/uBaLVCXPMidlZZgMk5ScuqyeNzZRkJhcR33exPq49Y +hG1AGhQVWzTiW/mu7rttJhECkDBEBHpne5EbxDBxa5NRCLaVKo3s57D2Po/7DF1/ +w5GWBl93+mIGFMMI7LVw0W/ckXT1rk5l+TxejZt/zJDnWzenp2jnuiAkoPBIOSvZ +hcBJUW4UZtn4XAltgQNH2maz/mQHDsxrOWU0Qg+2s6MOLfpx1Qf9bu1+uCwBfcT8 +AWzheBg2klhkCy1d49IbeFFsWFZQvUzJN9+/3vNjZl8sZDV0e5aBZ2vO5fRxL/kJ +tF0CJppUTRukTGXas9EQVuaIW3DlHxr6b3KM9vc3VTQptkhJoAimKiiOc1AIgSye +Vbzt0RGw3EV9LrT7KyAQ4MobeAXAQmrPBaot9qxaRDkI1O8VR8ksB2AamBCYlnJ/ +2e+IYLiaUSUUzxB27sKqJRRxqOYnHeisbA+Lk42bwRmctE4iqAyxgKTP/ahvY4eo +awI+ORqG1cyrKECt10zEdzKkavQkeanPUZAtLTYLoKvsXb0VXVLfDvhqmbMb4wTE +dM72bx9LJOY4M5keCiRqej8zvLITLxXPNd655ks+ODyTc321kUfn5LCMq+32ywjk +1iK78caSoH1IMFteTGLPcOVfjRTIRjwsTGyYwn8nhyvfhFraVbX4B6G3xcTNFmhk +i2fwazb5OeJZVEYK9JOEQvTtgoql0Z6Na2mKaVpNTFR7NXotrq89BUJ8XmClmE3W +A04ct8kdZkwfIuiJW/XhuZREiZOF9OwvKy3FdXsWQQ+t8wWdgFvbRteCHKILXeA4 +6bHImdBC22jIlqr62z3PnGV35pwzyWaFCsvQpp0a4ofpHlStIIy19+cEQOH1HEjn +/vyPTz0ExX1kWhMwKdNGNHjW1IyFi2wWhjUdfL73ozbx0r1jP+jQ7tB7g9bA7Ygs +ke1KWbIZzPABPXPTfXIH2d6h0jxLD47ZGREu5kxE2HL8y6j9YEV3juJfeTmtp27p +E5ya4K1oRMkakZ8qE02v3GWjgm/c77er9c43DzAlrHU6mXqtDninJDtf6PTmOfq9 +fnLYIctd+9tf+yLJj2XBE6XGYfAgzfy8sJ7yyBvLXKfkWNo+XXSvRl61kPj9IVcu +oOPP3iU7SP+qn4/WagzhmjMNYc0C9XaZK+eeFzDZeu9vKEeSKI0BzaHVQXrnvsgA +dmaks+P3H//9UOElyaBxOaZZanH3Ldpo7zjtC3vOE5mv9IoeL+BZxaXFiYKCtYQ/ +Q2A4pWO1b36AtrxISGxsNfRJVQcBBXO6xXoNvAqkSYGMIghu9X12cHj8KevUq6Sp +WcMDAj5hdl2M8LjjmJPUxROugco0WnD0LkgKuWHdtZuuiEDbmSFJlLYHKHNaWB/A +2oCQtMav1bq7KMf0UhFz0VgcUXouRYBfv9ZmxVNBo7pBkHa7I9+SlMiEkhMFxTsy +7PTEZMQ3CJuyKNvt5icthb/aRFkpF3XdxJUMcUTiyrgXOb0jBg777H9aeU3wxGj9 +94LP4NP7XX9J1qyrglUV0yljHmWx07x4zVXzO2vapRpKrWFLzDv8Xw3T3vZW7VKM +LtZy3C+Lgd07c+q7hwQalS0cKVeGTO176B2Yacm5kVwrPY6jLaMidLimuomMTKg6 +nHrTW32sDeVxS/q5YzX36dQKWb1vFWsJ1D9E8YqkeWa+R9r/xYelBGEFjKL5/PAr +bvRoA7ucVCesKYBJyMW/QFojD7flgzOldi8sJvAs4zvGXSi7RKFDS4j4hsfR+Zab +1Ok3Lya6pHypdDDoSwTeHcW4xOT4sCzw830pglhfFbEXlghNRjhZRP59ZKfxvAuu +a8q3DEQMJPRh6HO3FzzEeqx5iMC48mFDk1iaubUEFerO8l0H2WE2Fcc+0lEVPY0c +jAvim3onuWd/HJHvgak5zEVtiZff1b+5zbXigsJ7TrNkwxDlQwssiOT3Ewn0gZsg +5O/m/5CFBur/w8FFPjTd2++x1l+LTL3dr7tZDfr1Lb6w2Olh0/uzrM/LwMrlwlXH +K4YdCo+wd4kZbejYG5L8oEv5KV0TeBBfMhgk/L53J6Ti3nQuN4yjKNmIos7HpUiV +FIQK0i6DWnPddI4jMfYlSNreKZvzqyZARxrDTVzTmJtenrShTslJ07CjTfh1UlOE +Q5OduLqi/r4TSmQFaECPmeaXweRgToeq34xk52U+QnCYjO2+4MQilzkNSJh9F/2R +otXclAE10WU5IHbLNESBocpqoT3VU0nve9acTFoMefgt2Il9kL2qYKMZJF9ARJjs +mE+6fQJBfUV3yPos39FR2TB18S4Vl+UT7Lo889WLjGk7i+V+tKVTIv6tw7QQ3s1F +REzF5bvr1EkbeVZ6y5lOPAQ7jwH31ywixF8UOOIqGbUNf4pVkwwsbsBOXYKrfzg/ +T3SGXes3xPsXuUBvtieDbpwvr9SPevoAvftsfHu9OGpWbhA3H2znHcpvwk7PEX1d +bs8W5MrXi5axNRXA1uIxIDJutGh14FZxiCvEl/DDqTPIxICFsRHfH0qg28Ap1PwJ +nPRIM9MkvBya2w2tlTMqm0WG8ruVuHPH0R85OSdIkWxXsZ5013RaAxlRpKbOWSlb +5wFgiVIvUsbhujRKCO8JVPWAEfMweHTRwPl1I6ZjiwEsikmsixpzcZdG/g7KjW9I +BnezoHvoEE+LfWjj0lX26LECJaBaQ5vktqy0ci7X8MPhvNjzx9yyciJZSEmFKsG4 +fz3T68+/+8rdvD/Hx7ttKbfbMR05zX1JT0SfBk91y908geiDIvdvtoRfHJXYzO28 +GYNW0AXdwXh0hwb8puPLU7gS+Qyl/htA1xo7KfW2Edqv/r+TD58a7YUj8z71xj3K +Z9aL0wQXgloixKE+w0GKCIhR5ZDUlsPnBy4M8ReMQdkJNnQujg92yIwt7kr/IqtH +KeANiS4v+IaBdDdUyV9DiBrwU1tnByc8M66W7g08rzKVpaC2HbR/72hidnQ5OOr4 +CIo3ukBugU+vOuvqTAlJt+HbVw6nO9IW+PTM8Y4/cDlgx+YS67wvQkMt/CR3ja3J +LyzBjAcm7y7JfVbuP7bu5Arrs7Gk3pvdqF3e6iVkC64UdeTZF9SsLHaMNuEuQ2e7 +fNp622d4hzWx6Upd5p21tbvlHTtBN0MYS2M5I4q4lJUdgx8mmw0hwKoSAQUOCL9Q +r3vZ9mRWHoRLd3FR0kKDWWDYwhpmEsMDuV+Iig6zzjE8kdCdPkpHXdUJWxGsKsax +lD3NPOF4sd1tNlOfYbo8cbBS/TUWcYM0W/4iA2m1CL+zGgKPvpq07N7Aqnd9Uig7 +WHOZrJgMEp1EtJ61w6P671b8xWQ9ddWcTcfckfe/RaimCJ4tWhBBn0B1M9yXipxg ++RpCfKp6yfBtBiZSilcPGZ5Rg6B9kYoH6B39ca5rAvTtLLoKlFEaODZMHueXgWT7 +xiyxK7NJGzTsKbU94CO9wL140hcqCawJk6Iw2WYgfuyOlPbqLiRn8hd3TAIyh6GU +D1vSFNCcT5TI/1IuLSOJoEtCZXygcbjHO+GC5nlfTGsEeseoGRYGD7VqSYThlLDc +EvtjP8gxrUEbkpFY8GyTHxldsn5diaYJjre+OnJvu4NBkhNC3IkJytqdJK/j2L/b +ASVUZGsiyP6LA+xp32b3Qlevp0qJGiZedAuj/QHrH9lV+NyJOt/1J9sNiEigU93E +qyDYTyxvKQwmJuIcw+3N55gpHF4rnNzIuvHRa1hlQSd10T4nnpkMixpKfhQfiA9j +dCJtSO3Pn1sGT32ehEx75XG5XELfMfe2If2u6uqE06fOU6F7nvNT201lHuLLo1Bn +F1/yG2+MTCQbjszO7OpvHrshrOwvHRLJRvn/Oj6VF0VdEgfGmvRu85OmRSSMT0sv +X5IByM87WWXDA5d7BD0kZNR6FVUsr0x/v/GjnDF2rxcFyku0bZIePMUOpWs2NR+S +QxmwEv+jspXUGBhzu9CRlBpZ8HMZfy4elxn7+HAw12mQGDKQvDzoaZcTwc0IW5eH +bM906m1aU3Ienqb/TzhJ59CtvNLXRfWWmRp621BNBwUdNQTrcmR/GUtjC6XebBDn +CkMrk16yer0nsAAKQ2qwVccBj63DXYZr5o9h5J05cOQCGODizpd8UdhHSyDMYrj2 +WTZmvUso3Hb7QtoyxYunxJDU4lRls56LWQuifrs/F+ObFU69fs6NVbjGxnCzFfx5 +ySza8J2+RiRsWX1G+bJHKHQmfrkyiuLjnHiYwPdv+BCcObmT+Th5UQYkEjiflM7g +oErNG4qE/st7FPAt/oVKlCsLjgjAccDHJvn7RoJvRlb6l7MijzItRpshCrUwqcOB +HkYEnuCTRl/RIBl+yMgLNx/TBZLqc5ISN8T1Ruir8WA8oVDE26VFIjQMd+xOtxjS +l/0EbyA8+q4PRrgO40KeYD8ClSZ7ocSgrx7H9JbC3X0zdWsRTgoaGX1F6AfTf5gG +vsoickLa4Hmj2aBC2OxugViserKX3ga9rzyhO91cZ9Noa3K6BQaT1sOj/Y4IhuWU +Sddzyf57kVzzLB/NA/lXz89wg5yuIzampmo+C3e+2L5XXRlpkLRKympU+KJ/yctP +kQyT8X4Re3aD5mhC6ox6j++ABOXvVBN+CorpKjI5Dkb35L/VpPKmVjESBWOcI6yo +xQqtnrZaa1bfkSm6NxJmt0aoyJPVskPJWb2Zc+bK86+IlGBDD8urfo6qHjQt6MYC +GSBLpCcAgVWLU7YDFRUYoQrExR1FurVr8qUTPvOXxPlFnizARNIeSV4QrRl+U3n/ +SzsR3PAAGJIjkqi0nfC7eVh57WGoCLkODd3VES4Xq3QrvOPb5c6h2bVEe7hhz2zF +eZCqUhYrAy6ZwYu1wPFMc7A+ukw2iE8ZAI70/f1sm4rnhyMtpgYE/JNnGNcE+o5A +n6k33vLcb3D4opnBLReVcnQCRB1/h9cV1w/Qc2HHDGJO98sJXlvWmqKQCYbNZY4/ +Jb2pNK1t/ffb8wjYGrsEPbX+xutMT1tFu/qZMNgx2jLaoTxuhUqIstaDhTNCoUqG +gH8fkjuq5oU1Tccf7gc0LowX2PejJvyitNR8Eth6H6mBgLhEnWMcnk+101SfiFI9 +AD6X2UcqhN70XNiwrAw+3sbZIzXV+cf18rOl3GJzbtw8dIusxdXKBu71WbC5kuE7 +YM38DUv+6/IF6YnfFCn3IAjDPGvjDq/Zng/xapxvp3n3BlW4edLwWb8zIZg5WZg8 +xJgd0GQAT7wAWQ1caJyR9O9Q5aFHy592mTEwVuXyflJAB3yszuWjDbnny21q+loF +GxqKOUVQm1Hu0KH8uPGyZYjqrMFFbRpETb/BfNfDOoH0keX0iHWhbMwtaNk3bPXj +JH8OX10pyImGt/Nslq+KwdPe6qwof1SWQ/nExedMre2LdYe62GoEmn2L0Y9qaT4p +G9Gji9D8IN1QQcNR8MNol1lbK0Czow1jcSKMGRn3bdvdzeTqYlgI1mROXZa940vG +TQOHA7Hc0UfDyR7zELyJx86iEpVWPcc+WyoSaHz20JAcaLZm1zHIu9hnaUdz39CC +fGCx+mJl4twB2f0Z5KMNoe8x4MpadaGqz4CkIILSflO3v/3JOf62OItXLSXZbdv7 +txG4tE8UeTRUxW9TgkbiRLj17vdRLxTgA+NHUCbboLIJHo6FBgSMZHqx8fMTgVCX +ZrHtpeIJbU9uUJf7ANSbDqjDwP/W578juUfd2tBvAhjVdZ9rMIDxB0D2L1u0TL32 +WI28OPRWe2aM9RLYM9+O2JDZwPeo6Bc5bRYO9ipbAWLn5IZ8pM8cjreIPJiBqWDz +FeQRuMIETlhiQ4jGDKQJWXlfKUrONf1qawyiIE9AOyK4/RTMhXfV+PvEEDGSJqza +Hgzn+zwwGEvfyfuBqbE/SLOA3/Au4/J+5LYRB4tITtkCLmpzwDxDJx91d6gPKBGY +99tCn6LoBdZq4eIVZi00Xj/HBk08aMQOnqfoLSOAMjU9Rp70oJI5ChFhjAQxDzsa +oMJ6jhm7ssD3zr70BGD4I9KsWyRbL8nz5s7MhJozeznhSA18CoJjZMle7HJS8xOY +XRpuMpLxlNEY9AcKrVT3GLDyI0uou7UvBUZ5S3//+6y8NcCed3hGxZvDloyXz4BM +bpj9vd+dWdZno8toRitwPMEJ1PlW2+/2Rx4KzCLavy1NUKjPVs3aE69/Z9la79Qv +O834kn5+A3VPXRF+JWsCMqU4SE2E/xbudzjBXvN9yvGdKVRGw2fmjbs4Q0jMTzD5 +NCh0q1GTmTjExxAFAdhRW31kJDFLi0kG5zn1v6igRBZwvb7VrMFEcVWTb/nCn8wi +88pGy50YmGO1tIDlNZyTJu1ehq8nmmQUstq4juvNHSfYowI8Sf10S7kepQLh2kzR +lWzyjlu96ZLQsatfFwp0AOf+OtxCGms4iSh3eKnd7uHR8iDIAA+p0vHeY4wp7Ln9 +MpSw8tLWG8T7CwtsS6Lbytgli+ZsYOc9RVVjmn5l3BFXmQtcBgvWB7b1l+EQDfzD +YVOULp6C9ou/+hRc2ByfOpsKkA5JDqmsSXYABbcEzXPSlDcEPFriPB8QaVdxkPH7 +yRdbkUVqPpZbP4A8qvlelPWpEZfeplReNQ77EtT8/SABUQimtm3f0PzPsQWMS08Y +yWQWXyGEzjfA4pqkX/Xg+/yyLhpyvAkDysY/DOC6gttKIswkQFnOXYc6WJ8jAzXo +CO4E61Tr1OKXKopmiLeToZ/7jsDEg13N7yYHok1hs6ccAuykVFObjFuat5tc9BFv +AHIUW5LUr4ySzexmZCYkQ3RT/77TBkw8Oy+BJ3iXerqAyVoeknFgH3Hzy1s+OexQ +e6gNPQWv1uP+loRzkTRGIHtL6jjWakYRsO8QCSZFc2UDyJQuuEFaEzoQ3bzDAvkY +CgwP+dJSMfvihd5b7chcNQ6qdyUTWHIpEDzRgoszTn9Kjlydt6/HAcHZ6BAfDdLH +grhthAyLnEZ0Xu2uXSSHSDyBShPXRQblGwIwN0kxDD7mRuPSYn+OcxhfbrozUTS1 +raHzqNafcXZDLlTRXUtRW2hA5Jzeee0QZL3Y1+LNsuFD+6dknkcMi8mCZxNzl1L8 +mwf+87swjh/IB7Np5xgWzZcjMx4mEB53gS+2itTznKABY+F0wnLQ5+DLVNLDNiWp +Uk09p9KCWZj39BtQGWmDs93b63UdU+f7LAgoFLJ6nJN6ySAms1sVpq6bmr2rsTc9 +f9klvbvNtF9tK7HkWWTpVTm3OeUbeiktlZAvbwbS3no0yu94P8+ksz2i9pNruU81 +U0eEfWtaM6Fc+ybXtIChF9CwUCn+l/h1VVRjvaW78a1XcQr2A8kp44VWE0p1v/Pj +t4Fomr0VVXYxremx2bsK8KjSBHGNVqUAVP5SM18YzvxW4qQlky3KgLJnm20QXHgj +ty+p4+CElF6qv941Y3DsPiOjS+zMyV5i9DfZnP7buLNb+uk2YuA8SP6qvw02o8jD +N3YPNrxwQX47agoVMwTALmMebMFwuyjb5BIK1aFVwK8nn8BNuLRsGMOyiU7I3i0L +ja/BywsxhBOiMbcypc6tly5il3AfI2/vdu7vN/YkE0abeH2cd972RQVYvhY5zNxw +BA4FJlLJeOF8EfCDzfIO5uQ3+4f/05KsNGcRM8QtP++7OZ/e4dSTAvOJFq5fC4ag +XT8wHKrPlIOq/Wh5gxZDIRmKShe/WljEDYNEwKHydnIiywjX9Kz3+tTKs0oszXlS +zCh8eyJgybyQQgcxkAqrRfQCsx4vJ1nhlu5M11t+a224s/PzKCQx9i/s8rnwPX/4 +QbKXsXqsmodTCwpif4AMljELglNaqz0w/4THUIPnDn66cZlxzfZ5QbZPJZtbbbbe +pvtL/Df/x6rv7Snfabaj8aczZTENl8xZpzOJqgzaiwZF1f1Hn753xO4JCFkFdqHc +rj9m4M0WTkuoIWSz668+fil9ClRL3WuqgDc8HJY3lKST3YYBP5eh4Rc1DgIr6C5D +WQBZFAeDnL3qjh7utrmQ+V5admFROIqSQWt8odpHRKhaneVA2sHGE0lY7OQuU2Lf +EZUSpvX2DMQMosowZwNkk63fgecf/he06Sm2ltHQkJaEXDSzUG2RXLSVXQHO3Up9 +1QhGuh4vooIuRUVchbYLWLFdRtzcWEztPjsER7DAbkop32209sq3Nk18yqzVU8Yp +/kqmqqsYiBr49WXGjNOJUxFRcDy8A8BOh/67+xqDaApvT215m9SPbFG0wKz/qxMI +LlA1zWHEAcgSK5/iDdsXotsJa4+nRzkGiHQN/utB0rBsN3n2ZMu53W4EyBtY5V0t +FidpNN2qKdo3vFm5Gth1eDjfy81B9tUjbYE279GwRK69TO4CmX36Jz8SZThvEUlO +0WBTh+TE8VVPqhktzZZX7UcY1BWt4zmzhSUQEFD9gknuuiDNXUck/oe+GDVe4wjr +aBojtb5u6UD9jCwgL0ndyiVyMx/0PJGjB4dD4Hj3EeH6MG8Uzu0daySruV1LTWmr +RbUbWls7SLm7R8GBh07gFScZVhGAmKbR/yxOoohIP0Q5zFC0sRjZP20etUEq2WUO +X0GI+2iDJRFpD+frFB2A3MAFJUpyv2k6+AzOUHeJp2Xd1gK2DB7rl2T0IqNieXiL +4dr6FsywPlwTcYyUBJuMoQUmGHEFahoYwBvfUFoy/Ou7C8jUh7I/HZgted7RNnaq +06bab41Qq+XoQifb0cLt2cDFE7BFyoiDNpqwCPUR657TDzX+Bhf5l5JV9SWyekVv +pWxBmxtkE4Stmds+EVZuX9EbHA/lpVpmX5j2Woz8QUbueyQB0C8GOJtMrcrxzfNo +YoUrJxlcz/J6FxvckPy08UlstI8E1LAA4za7z///1OVwgIji2uSFxOPypP7nLd/Q +BZ7iiJ/C03H7+O2bTZefI7EmPxOAJhnFNsRLImYTU1L+BHzbjiTI8G+I3wLJNuMz +m5GrQN8FOu9DLb6SDjAt7vaAIdypbw8NNnJ3bI487YuYK1r7wUvVgHl8yn8uhB/u +yQeWDJqIMKYBZ15/hdTUcfbE7F+Cu0x1cGY+10SZItCv/Qasd0izJ8LAqQhSccvc +5wO2FAf/KtZXkzB0gdHXU2V4mTSzK28xIyV61UBgwX04v7kNfEae+eZIjVeIZpTZ +aOhDiY29F0PSydEUfiYoq0g/9aVHc0LyLVS/dfHuSybb+REtAo5mw6VhVG1Sxv5F +9qp83AnZK7Cy7zAvwc3xFMMsloPhNQyDBW7oMa1kCXRRM7JhTxscNXBJpiTb4cuO +mAwIIV9Uh/7r3uaj+vjVo2FHquj3O07F06jkq9e43DdPBCSw3Vwp4TftJT7Qwaef +YIVJyMXJrpyCPZ86NdfnawEQTMTpBjlBDRFjJRRZMoKcxLsUAiEPCy0Lw7dujQbK +mk0WKg3m4ayYegSYpttf5dhTuv4ODQRo3c2L7TDnOIx2U6O5g5nAoi6URGaPb1Di +aubdlqhIzOUbSqwjylCXT4seULoxE+d5wmBwpS4v+pxWRiVthWdtGhAhorCnHxD7 +cejziCVphVBhCVbpt22taJk4VMzXzhEtBv7jvz9w33ewW2ym2oIe4G/DupE35AZh +1hIE2mYcsBNYta3GRApIcMJMKiPLpfx2/FrT0nXJ7IQOMQjyhg+9U8S/GcOttD5R +ofKFzmeTsu2hyhkaSk3e7lnaoVMEW0YSTBLpbdLpb33vRqtdOeb4C/mViFLa7UAw +Oh0FwMhDWNpPoGZu/786KtQt190gbHloIrsyc1p7d7X+7R/cjtoMA+aFmAumrffZ +LOP+7QMIZMssnLK0HEhBn9kxW6rYnRwafg8udHnHsphCt/ZhE9NtnNihGN0nVZrx +AAf9Zf8a444HaB2LO9t61TM9SAXaMADdmF3KUngrSWGGLt34JSAJi27Xl1O/+j0E +qKlyH/LLqnSBG+atZhORi5IaRKmnRwmT4CSpWwbhtXJLpkHOSQYIsF2NEbT1oC5G +HT6eLvJ4cGOL9MJHZa3qsR2lj/LHFXbRzIucEyTE2kKZQueywlXb9VRpdLeeCo3e +XUN8u6Mt6LEhlqYUMonsQxW1FC5avJScDZfwL72burEXkwCwlhq2H5l4H++yDzwt +D1oTYMQomYxv+gc1YSZqhTTzO8rAdZDSeF0ZBU5E3Kzjkbx2UsXMYKOIRz35vbGB +juD2iye6OHuKPASq1ia0VQBmSekk/ABXiQSoeEB5bDxPjPKuZWJtPxA8AK5IngoC +zMh5TAQ2Zw3z5m4srCMYUniwQ4XXxeYC7oKn15EB2/1KZPTMjkvLAIcd568dmu1R +BV+XkulVWp81s10HYYxgAryAl8eYXyGK25ynuoVnFxIGYMoar1UbVCM9cUGFKlv8 +z7AQ2sziQ3PRFI6i5xwmT8HGtFMjiaVrNdklJo1MO/ODu/2oByzod/+JxZLPiIv2 +Up6i8Rz55OePTFB9aELS8b0WsuVCoMWm09q9GLgCSD8t72UHbIDA25QS8T8q6OzE +MMuj2gWkqWtamrnMAVBjd8HaFUdqqz+CSGNwoPGDSdTWYekW/h/F08+1+W/T/Yts +pHk8DecqWbsakXLVnIk54+y3MbQwa4lc4WXSYj4Lq7uYYKYGzy5vKmMw2MQv0s20 +zYGpKif1OxiUDFAqK+/2abmoxtb/dOuGNjqOIegwLfPVzqb6jLKgpdEm1zWfhElg +ONGJLBDVaQW8EvgDdSCMkcFtrUaAhHvnAQ4Ca+eMfUil0IebsHvqz9hELohPs2ip +5lY0hgLYuSLkGV4dj1WnMU3njbvn4lSRWUsrs47mKtje/YNbbLN3X0dKWhC6Hbk5 +3ijYt/Jicw//71I1WusdB3j82AROfP5xd23zae9ZAOkjrtCkV0vlkLWK+6c0Py8L +CS0KGK/9FB3ehDvpg8c2K4S+jKiK4lrpnx9X8DQE54W3jzO8pKfk1f33NHIsZhsH +Rtp/1mNM9XUHcRKxTNE7i6uiUTaJpiMoWyCP0g/SpoViEe813gggNUBR+l7nJfo2 +c46n++oSg5GSZQDPUqdcP2mrCGhEjbSUQAfy21FyaX932prwNNY83GMsikv0mSoQ +ltZQP7hGvWCIscs1ryFn91deTL62X70cEq9iHpD+watNAZYl50yt0hPjM1HGtbIW +VG1+CEWWRG6pEcy7jO7U5pEdLeE2yXfHMlVbU5duZX8QtZXnfAEPFJT0b1Ril48l +JjY0K2NnvQ46SHF6aBgphJgYV3m67IA+l5vpnWESe2ZDXVMmo7EIcqqa1WfDLJhl +fLXGiYAlh66+lIr8fG84SUWK6MERNTbJrME7AxZ7nEZGbDVWd1J55ivr1hzD33Nn +bOC6jhHJz+kioD9xPsLI5AzrcrWEZ/77oQ1oe6BL+Nb6Gii2gX1ISOxpgw5USHef +sEDSYDTelFRyHggW0a5Stn8am2zk1iW5WcqwrrRMjYCKshnn+dF1FtaYRLgtE1Nf +/pjXyf+PzFByD5xisz9ToImtc8FHFirl4l6wfmtFSD8igL5j4m3eyPZejM73KMkJ +zE7dDMYXbqFvNnehLRUbYnk7sJ+QMQpdGRTRjsGrHK7UIVspXzFuPGBA5kAdQ3GC +Nt2OrZ/RlrJOUpAhmqgPBy3R8k+2BVbWbxFj5hzF6TngsSfBb4efXa+CSZShMjaf +MbxsGncTLzefKQJL3Qr234nOu+/q0tsMCxcOyo4qwOmNaseUInRZqiYZ+ruC9God +XlkcC1mRqQLIM/swiBWA8E+6aRJ5nSzlkmBbegYuMD290rbxJYoakrccf8r2Yng7 +86ayFb4twNJYjXyJvKyfdEMI3l9S6dHiwXIk5wxWnexq/pM8PF6buR8O/T1XFzcX +Ql22aTD01OYA/l6qSZLuVxjwyjiwNKlAYXqm38NSu7n+ahebsVmWYHMtYT4xj0EF +LaBcox1kLUrNz+gsyK5b/qQmv49ZeaUoGxDDDtWHAtDV3kRFOSh+yfzzgeqqD1EA +RmCINWDkYeSTSXST54bgE/4TQ26nEX2sTXMoOf3+/XWjpPGEwvbuLcVKmNSiq3AE +GCGFQTWQ3hpDk1HuZ+KfROdATZTYHhYv0mtW90I9KY2CwT7Qz/1ufoY0aoclIHzN +xddUQKTvwR8Uuy9EaDaxZSwmCbVsNeP+resQk2rZZYeiRzWALORoQo3bSr/BaWOZ +CaKA5kAxNyOYhtSww452qJ1Cckkh9aSftFNSx5KZwUP3tN985vnqnLtYMIVkr1cs +JNgy/x/fB53p0oTbzENRGK9T/4ppSsDbtRE1NNXjxNaNl7+peS8zNGLTNy2GQQaH +0Mr53G+ct099rFZ6ktU2RAtN52rFRZQsIz55Mmwui1g9S44QaBF2P5ihQ2TKflnm +IQqz2GLolWrfxzfv9NvYHf/l/gzL+pT5b73X9tRiilW44vWTwBSzkA0k5bQRbu/O +CHhGxrfFbxihp6S8hrkjZp/Snowzd7XsabCHTVTkl6EXzrpV3lJ6J7tIgIAmukPW +R+hf0jT55eTV2lghCJ/hW5xahEfjrs/+EC/wiQ1iSXsIEXsnUMtUFh+K9FzekwKR +mR8rZlPHvoKyYlfCpzMjay28FChCN7/vbh8krt73eTuJdXJ9IbjbdAt4Rh5TZaxE +ugNjVsHq4wuAo0+mZ36DHqCQ0De3BI0c6vB8tI6cn2PRClTaNpUnngzGYyOAZQ8D +eYN+3U9N1pXnjUjhK154NAejPEYKsxcRhPgy17In68+nt8yP6ffJiISah7yIVmmM +z4iumCL8WZ5QY+j0cyLrvq84fwkrjUDKlDlQHini/kw/k+n8tzSET2gfvbiRgJHT +6ErCV8GMPItjnjzX +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/zammad-hr-env-prod.age b/secrets/zammad-hr-env-prod.age new file mode 100644 index 0000000..ada8ec5 --- /dev/null +++ b/secrets/zammad-hr-env-prod.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBSTFpI +WjNiT1c2dEQ0ejNRSUM2WmVkVExmSFdJaVJmUlNtKzZlZCtKa1NnCmVLMTlQakY2 +UFV2aGs5bTd5N3plWmFmYmFNV01oRThUOFdLS2l1M1NyTlUKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIDlLeU1KeU51S2YwY1NFaUQvV0dPSWUxbko3emlvcGpLamk3dDNr +RXlwUTQKeWcvVlVZeHdRYXhmQzRyZ1ZXTi9VWFJCZHBteFFEUkNGMXl4UDl1Vk1q +WQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgdDRaejJLZEZHd3ZOYVdIL3d2amFoenVB +aGU4R09iU2dua2dtdVpwYzdYZwpsR1lsd0Q2RzAxamxMTzF2SjBYZHhjUmd0b2Qz +aGFMNWd6aTdzTTE1b29nCi0+IHNzaC1lZDI1NTE5IENTTXloZyBXSzRWR1F5ejNW +ZUg3ZmxnMjllWGhoQUoxeXA0SW1WM0Yra0VUMDc3dlhBCmxFYVZSbk9yY1hyQ3dM +ZmVuNHMxa3lNWGhBallueTRtT1lWTmJFKzZ4dUkKLT4gKi1ncmVhc2UgL00gdWc9 +JiUtIFtVKCBLTStWQCsKMjFMcDlnUDBhQWU3OWJsN3BjbkhjVVdOMFUrSUZ2Ykdq +UjN0elQzNnVvMGtHUDdSYW5ob3A5am4xeG1HdkRISgo1cFN6RVpHalliWDAxckZn +VG5aUlJES0NLa3pTCi0tLSB0SlJKMC9BbmZOTVpTeDVjY1VJSVJ3NkphNGdHRFZG +bjJSckp4U09Ndk5BClz/bPom5zepJWwlFcBbXaGC6QrlTbhgFyIgOto8VsUZ8yLd +cdahYAHcqSyxOA53tyuTOVnz02dc36P5L1yeCqWQyzXVoVlE9FlhGOHqmRUVVgC/ +7J5FIvfdcqfe +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/zammad-hr-env.age b/secrets/zammad-hr-env.age new file mode 100644 index 0000000..5e619d9 --- /dev/null +++ b/secrets/zammad-hr-env.age @@ -0,0 +1,16 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBrbHZx +bHBmZlVXZnRGWWpFZHI0L0thTXc1bFJ2a2lXc0hkcXB6SmduK0NZCnFLbVowMmcx +TGRMKzFMcGx5bjhTOEduR1hBZmJIZFJEa0RPYjg1M3N0ME0KLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIE80UnlMVjU3bmVacGY4eng3S2ljU0dXMU1GTGcxbUpPY2JPc2F4 +RWZobVUKYmZpWTlkZHczYXROeDErTmV1ejJtK0Q1SW9yT213ZW1uR3hXS1FzMytw +TQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgbmFoUXFSOWtFdDVLbVJIUEp2UTNubk5x +Ym92c2o3SjNRU0Zua0d5ZlMxOApyejlaUkVlbkhVb1pmOHp3WDREUUlyRjVDL2k0 +aEprUklqODA1WU9GRFVRCi0+IHNzaC1lZDI1NTE5IENTTXloZyBST3dLalJyVjlW +OFduZkxaYXlSZWZhbDh0WXM5SjZyTTN0UFZBcmd1aEF3CklsR1NwR005ZzBHN0sw +NXZrU082NkpBQXJ6U3N0MzZ6azhoUWFaUHF4RE0KLT4gWi1ncmVhc2UgZD18IF94 +dyBpJCl7fl9CKgphcUZPY3hycGZwYmFrNTJMaUovZEJ2SnJ2OXdscU11Yng1Sllo +c1BNUW9UZmJnCi0tLSAvRmR0VmRHUm55Y3NxUTc1em9lbjV5R21tNENFWFF4R3N3 +Ym1IRXZBb2dBCiWjOnGgwkvBsVi2BdYd+mh5+UM2s3q4/2yHInexM8jpMwxPRO0M +zFEXVtzhxG2K/N12Gy9yrwW8a6GtxFH46Ag= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/zammad-pw.age b/secrets/zammad-pw.age new file mode 100644 index 0000000..a394927 --- /dev/null +++ b/secrets/zammad-pw.age @@ -0,0 +1,15 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBNR1ZB +QTRsRHUyR2E4dHpDNUJWZTFhd2R0VW1wU2tlM003YnUwRjg3bFdVCk9rdC9uclZI +R0QvblVLQTRXTkxJbGtXN3lTaUFTR1NIZk9wTnBvVjRJNTAKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIGRCSUNORkhnbTcxaUFoQWprV0htVTM4QVBGUzdYNGw2VkNmSWhW +ZkcwR0EKZmN4T2hVTzdOYWhibmw3aW9WeWZhNVByMHVvcGJGUzQ0K09jQ0lRek5a +UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZHlLUG9LcCtiRk50Vnp0QkgyZmtTWjZ1 +c2RIdkg3cVRJL2NrYW5paEhEZwo1THZkSkNCUUtWQkgrTEwxTWh2Nk9MSnVNWTJ3 +NWh5RHlCVDZoQ2RtWmdrCi0+IHNzaC1lZDI1NTE5IENTTXloZyBEaHpWVDJlRFJX +Ynhma3dnTzVhN2tGaFJrRmgrVmNzd3JzZHc0NVZzbFJRCm4xeXlhVjMyVGhPTFRj +Y096OTBITTBvOEdna0s4WkFsbWZFM09KVEw5OXMKLT4gJEFrLWdyZWFzZQptcnJk +RjZHaVZtWCtlT1hSMTcyNTVXV0Jqc3QzKzZlTWpkNnA3eTBqTWhsZQotLS0gWVlz +U0VSY1JqZ2lSTS9aeHBjUlhWdjBhV0JFMWVJWmRrQ3RlaHg2Mkc2YwpZlTfQO/a0 +OjJ445KKy90AkMKViF6EUZReWzWWpRyCS1VjteIexNsWeofJiAn75Q== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/zammad-secret.age b/secrets/zammad-secret.age new file mode 100644 index 0000000..c6a09fe --- /dev/null +++ b/secrets/zammad-secret.age @@ -0,0 +1,18 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB0SFdr +Y1praEpxM2RKU3pIL3R0eFBhK1R4Vyt4SkdZbzVmYzh3NDhwQlNZCmNOemNJcGsx +SHkva0ZPczF4ZXI2cTgxUHlpZjd4dHpPNHZOWnVCRG1JYkEKLT4gc3NoLWVkMjU1 +MTkgU3JIYXFBIFdUV2FFZ3hTRnMxMVZ6cFpVcnJGcmpjRUhMSGoyYXlnaGpHQkY3 +dndUUlkKcDhwbU9BSU1uQlhBRUZNem5WNTJDbjViQ3hSWWhQVUs1MHd5ZVBwWEIw +cwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgR1Nyd0VkR2taWXBWQlFVdmVOd0tFRDlL +LzNqR1BmRHFybVJpaFlWVXh3MApBeWxZWGZhS1dJa1dvUkdZZlZjRE1lK1N6ajQy +dTFvU2xkNnQ3UHRYY0t3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBsaEc2UVFvSHJC +aCtxMEJBdnlBdlkzblU5RmdlTXJQKzBTd0Vwc3QzUW5FCjJEVkIrMlIrNWs4RkZM +SUlFcTYzOFNVbE41em1MaVBVRWFISlNrWStSbW8KLT4gdGRBMlgtZ3JlYXNlIGZr +byB8CnJDbC83eGRQY1NqcUtudXduaVhFM2p6c2MvMTlObHFBTXZTQnNWcmROc216 +ekx5NwotLS0gZlFTOHRMOFo0TDBtU2xSdUhoNjR0QWZGM292WE1HcWNZYUV1UjYx +Y2w2MAqV1vb47Onevy57P9B8sFUuy/UwRGrOLi34lxZwcnw9vbH+7ngcaFsMDBsz +kTyjrqA2/hPYDENK4PAU+r+1gu7OzdvdWt8gLRi6IuDjM5z1PN5HTHXFqmPUHaUe +5QxeYBf5JrWr7AjZlGAHaJ8eiEXkWmX/ioNT937gPv+o4BH37nr6YL0bfptYh352 +sfh3aaXIbJb8cHpjgXnRV8B9/p+YqQ== +-----END AGE ENCRYPTED FILE-----