From 1302f23133f52dc27f59a48688f28efe0ae2cdf6 Mon Sep 17 00:00:00 2001 From: oddlama Date: Tue, 17 Dec 2024 01:35:42 +0100 Subject: [PATCH] chore: update flake, disable unifi by default --- config/graphical/fonts.nix | 14 +-- config/users.nix | 1 + flake.lock | 168 ++++++++++++------------- hosts/kroma/default.nix | 7 +- hosts/kroma/unifi.nix | 15 +++ hosts/ward/net.nix | 180 +++++++++++++++------------ pkgs/TransferOrb.png | Bin 13036 -> 0 bytes pkgs/awakened-poe-trade.nix | 35 ------ pkgs/default.nix | 1 - users/config/impermanence.nix | 5 +- users/myuser/graphical/games/poe.nix | 1 - 11 files changed, 215 insertions(+), 212 deletions(-) create mode 100644 hosts/kroma/unifi.nix delete mode 100644 pkgs/TransferOrb.png delete mode 100644 pkgs/awakened-poe-trade.nix diff --git a/config/graphical/fonts.nix b/config/graphical/fonts.nix index 3a95ea1..6890945 100644 --- a/config/graphical/fonts.nix +++ b/config/graphical/fonts.nix @@ -27,13 +27,13 @@ ''; - packages = with pkgs; [ - (pkgs.nerdfonts.override { fonts = [ "NerdFontsSymbolsOnly" ]; }) - noto-fonts - noto-fonts-cjk-sans - noto-fonts-cjk-serif - noto-fonts-emoji - noto-fonts-extra + packages = [ + pkgs.nerd-fonts.symbols-only + pkgs.noto-fonts + pkgs.noto-fonts-cjk-sans + pkgs.noto-fonts-cjk-serif + pkgs.noto-fonts-emoji + pkgs.noto-fonts-extra ]; }; diff --git a/config/users.nix b/config/users.nix index c8c865c..4530289 100644 --- a/config/users.nix +++ b/config/users.nix @@ -41,5 +41,6 @@ actual = uidGid 970; flatpak = uidGid 969; plugdev.gid = 967; + unifi = uidGid 968; }; } diff --git a/flake.lock b/flake.lock index acfe139..a232c50 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1732704340, - "narHash": "sha256-zcX8QIaaJJ5Us53vaWMPH2LNkZBCSwTH7pI+FgXCg+0=", + "lastModified": 1734208773, + "narHash": "sha256-K2ugS2XJSyF3lYCrT5SCJtSAqndn/c5OwPkC5Nl18BU=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "662522cf89fde332157e527b4322d614598631d9", + "rev": "1472730015a2b3da0de09d9f1538bab3a816f618", "type": "github" }, "original": { @@ -368,11 +368,11 @@ ] }, "locked": { - "lastModified": 1732742778, - "narHash": "sha256-i+Uw8VOHzQe9YdNwKRbzvaPWLE07tYVqUDzSFTXhRgk=", + "lastModified": 1734343412, + "narHash": "sha256-b7G8oFp0Nj01BYUJ6ENC9Qf/HsYAIZvN9k/p0Kg/PFU=", "owner": "nix-community", "repo": "disko", - "rev": "341482e2f4d888e3f60cae1c12c3df896e7230d8", + "rev": "a08bfe06b39e94eec98dd089a2c1b18af01fef19", "type": "github" }, "original": { @@ -669,11 +669,11 @@ "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -708,11 +708,11 @@ ] }, "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -762,11 +762,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -901,11 +901,11 @@ ] }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734279981, + "narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785", "type": "github" }, "original": { @@ -1092,16 +1092,16 @@ "gnome-shell": { "flake": false, "locked": { - "lastModified": 1713702291, - "narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=", + "lastModified": 1732369855, + "narHash": "sha256-JhUWbcYPjHO3Xs3x9/Z9RuqXbcp5yhPluGjwsdE2GMg=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934", + "rev": "dadd58f630eeea41d645ee225a63f719390829dc", "type": "github" }, "original": { "owner": "GNOME", - "ref": "46.1", + "ref": "47.2", "repo": "gnome-shell", "type": "github" } @@ -1113,11 +1113,11 @@ ] }, "locked": { - "lastModified": 1732793095, - "narHash": "sha256-6TrknJ8CpvSSF4gviQSeD+wyj3siRcMvdBKhOXkEMKU=", + "lastModified": 1734344598, + "narHash": "sha256-wNX3hsScqDdqKWOO87wETUEi7a/QlPVgpC/Lh5rFOuA=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f7739d01080feb4549524e8f6927669b61c6ee3", + "rev": "83ecd50915a09dca928971139d3a102377a8d242", "type": "github" }, "original": { @@ -1134,11 +1134,11 @@ ] }, "locked": { - "lastModified": 1732482255, - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", + "lastModified": 1734093295, + "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", + "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", "type": "github" }, "original": { @@ -1174,11 +1174,11 @@ }, "impermanence": { "locked": { - "lastModified": 1731242966, - "narHash": "sha256-B3C3JLbGw0FtLSWCjBxU961gLNv+BOOBC6WvstKLYMw=", + "lastModified": 1734200366, + "narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "owner": "nix-community", "repo": "impermanence", - "rev": "3ed3f0eaae9fcc0a8331e77e9319c8a4abd8a71a", + "rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "type": "github" }, "original": { @@ -1237,11 +1237,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1732633513, - "narHash": "sha256-6LmtOmeDpv9iHS8l0GNcppP11dKIJFMZLdFyxQ+qQBM=", + "lastModified": 1734041466, + "narHash": "sha256-51bhaMe8BZuNAStUHvo07nDO72wmw8PAqkSYH4U31Yo=", "owner": "astro", "repo": "microvm.nix", - "rev": "093ef734d3c37669860043a87dbf1c09fc6f5b38", + "rev": "3910e65c3d92c82ea41ab295c66df4c0b4f9e7b3", "type": "github" }, "original": { @@ -1344,11 +1344,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -1364,11 +1364,11 @@ ] }, "locked": { - "lastModified": 1732519917, - "narHash": "sha256-AGXhwHdJV0q/WNgqwrR2zriubLr785b02FphaBtyt1Q=", + "lastModified": 1734234111, + "narHash": "sha256-icEMqBt4HtGH52PU5FHidgBrNJvOfXH6VQKNtnD1aw8=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "f4a5ca5771ba9ca31ad24a62c8d511a405303436", + "rev": "311d6cf3ad3f56cb051ffab1f480b2909b3f754d", "type": "github" }, "original": { @@ -1387,11 +1387,11 @@ "pre-commit-hooks": "pre-commit-hooks_4" }, "locked": { - "lastModified": 1732192922, - "narHash": "sha256-xQO/3I99TFdiXTN5VoS28NpbNlCQWQUvxmPQHlfkzmU=", + "lastModified": 1734266385, + "narHash": "sha256-k9P9Sa6jw/Xre8UDp7Ukk75h4Tcq8ZrK+nz6A2MC1IM=", "owner": "oddlama", "repo": "nix-topology", - "rev": "2b107e98bbde932a363874e0ef5b1739a932bbc5", + "rev": "ba6f61e594a85eabebf1c8f373923b59b3b07448", "type": "github" }, "original": { @@ -1402,11 +1402,11 @@ }, "nixlib": { "locked": { - "lastModified": 1732410305, - "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", + "lastModified": 1734224914, + "narHash": "sha256-hKWALzQ/RxxXdKWsLKXULru6XTag9Cc5exgVyS4a/AE=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", + "rev": "538697b664a64fade8ce628d01f35d1f1fd82d77", "type": "github" }, "original": { @@ -1426,11 +1426,11 @@ "pre-commit-hooks": "pre-commit-hooks_5" }, "locked": { - "lastModified": 1732216602, - "narHash": "sha256-svG11P+vsHYKoDj1nWSGHoep4f+rzbRM/fdWPSVE/Uk=", + "lastModified": 1734380133, + "narHash": "sha256-gvbWJGjTpGJwyvK72Rf+z0aMVgKzpu+UWxbh7naZtvY=", "owner": "oddlama", "repo": "nixos-extra-modules", - "rev": "6841242d5f7c32fc8a214014f1c97ae935ef8b8e", + "rev": "558954ebb2959ea47bfa593f6a74ce54a21bfafd", "type": "github" }, "original": { @@ -1447,11 +1447,11 @@ ] }, "locked": { - "lastModified": 1732496924, - "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", + "lastModified": 1734311693, + "narHash": "sha256-ODRrnbaUsOe3e4kp+uHl+iJxey5zE3kqiBqJWQxrlnY=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", + "rev": "a5278f7c326205681f1f42a90fa46a75a13627eb", "type": "github" }, "original": { @@ -1462,11 +1462,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1732483221, - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", + "lastModified": 1734352517, + "narHash": "sha256-mfv+J/vO4nqmIOlq8Y1rRW8hVsGH3M+I2ESMjhuebDs=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", + "rev": "b12e314726a4226298fe82776b4baeaa7bcf3dcd", "type": "github" }, "original": { @@ -1498,11 +1498,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732521221, - "narHash": "sha256-2ThgXBUXAE1oFsVATK1ZX9IjPcS4nKFOAjhPNKuiMn0=", + "lastModified": 1734119587, + "narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4633a7c72337ea8fd23a4f2ba3972865e3ec685d", + "rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5", "type": "github" }, "original": { @@ -1538,14 +1538,14 @@ }, "nixpkgs-lib_3": { "locked": { - "lastModified": 1730504152, - "narHash": "sha256-lXvH/vOfb4aGYyvFmZK/HlsNsr/0CVWlwYvo2rxJk3s=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/cc2f28000298e1269cea6612cd06ec9979dd5d7f.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_4": { @@ -1711,11 +1711,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1732726573, - "narHash": "sha256-gvCPgtcXGf/GZaJBHYrXuM5r2pFRG3VDr7uOb7B1748=", + "lastModified": 1734368549, + "narHash": "sha256-D8LYUU+IWbpmyjOAKEnKVOhd7Qfe7q+DvUNZTYoitKY=", "owner": "nix-community", "repo": "nixvim", - "rev": "fc9178d124eba824f1862513314d351784e1a84c", + "rev": "6c30476a4d5f761149945a65e74179f4492b1ea6", "type": "github" }, "original": { @@ -1734,11 +1734,11 @@ ] }, "locked": { - "lastModified": 1731936508, - "narHash": "sha256-z0BSSf78LkxIrrFXZYmCoRRAxAmxMUKpK7CyxQRvkZI=", + "lastModified": 1733773348, + "narHash": "sha256-Y47y+LesOCkJaLvj+dI/Oa6FAKj/T9sKVKDXLNsViPw=", "owner": "NuschtOS", "repo": "search", - "rev": "fe07070f811b717a4626d01fab714a87d422a9e1", + "rev": "3051be7f403bff1d1d380e4612f0c70675b44fc9", "type": "github" }, "original": { @@ -1928,11 +1928,11 @@ "nixpkgs-stable": "nixpkgs-stable_5" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1734379367, + "narHash": "sha256-Keu8z5VgT5gnCF4pmB+g7XZFftHpfl4qOn7nqBcywdE=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "0bb4be58f21ff38fc3cdbd6c778eb67db97f0b99", "type": "github" }, "original": { @@ -2189,11 +2189,11 @@ "spectrum": { "flake": false, "locked": { - "lastModified": 1729945407, - "narHash": "sha256-iGNMamNOAnVTETnIVqDWd6fl74J8fLEi1ejdZiNjEtY=", + "lastModified": 1733308308, + "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "ref": "refs/heads/main", - "rev": "f1d94ee7029af18637dbd5fdf4749621533693fa", - "revCount": 764, + "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", + "revCount": 792, "type": "git", "url": "https://spectrum-os.org/git/spectrum" }, @@ -2223,11 +2223,11 @@ "tinted-tmux": "tinted-tmux" }, "locked": { - "lastModified": 1732608183, - "narHash": "sha256-T5k5ill+PNIEW6KuS4CpUacMtZNJe2J2q5eBOF4xWuU=", + "lastModified": 1734110168, + "narHash": "sha256-Q0eeLYn45ErXlqGQyXmLLHGe1mqnUiK0Y9wZRa1SNFI=", "owner": "danth", "repo": "stylix", - "rev": "7689e621f87bce7b6ab1925dfd70ad1f4c80f334", + "rev": "a9e3779949925ef22f5a215c5f49cf520dea30b1", "type": "github" }, "original": { @@ -2499,11 +2499,11 @@ ] }, "locked": { - "lastModified": 1732643199, - "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { @@ -2519,11 +2519,11 @@ ] }, "locked": { - "lastModified": 1732643199, - "narHash": "sha256-uI7TXEb231o8dkwB5AUCecx3AQtosRmL6hKgnckvjps=", + "lastModified": 1733761991, + "narHash": "sha256-s4DalCDepD22jtKL5Nw6f4LP5UwoMcPzPZgHWjAfqbQ=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "84637a7ab04179bdc42aa8fd0af1909fba76ad0c", + "rev": "0ce9d149d99bc383d1f2d85f31f6ebd146e46085", "type": "github" }, "original": { diff --git a/hosts/kroma/default.nix b/hosts/kroma/default.nix index afa46e2..e50a17e 100644 --- a/hosts/kroma/default.nix +++ b/hosts/kroma/default.nix @@ -28,6 +28,7 @@ ./fs.nix ./net.nix + ./unifi.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -121,10 +122,4 @@ dockerCompat = true; defaultNetwork.settings.dns_enabled = true; }; - - users.deterministicIds.unifi = { - uid = 968; - gid = 968; - }; - services.unifi.enable = true; } diff --git a/hosts/kroma/unifi.nix b/hosts/kroma/unifi.nix new file mode 100644 index 0000000..43b8131 --- /dev/null +++ b/hosts/kroma/unifi.nix @@ -0,0 +1,15 @@ +{ lib, ... }: +{ + environment.persistence."/persist".directories = [ + { + directory = "/var/lib/unifi"; + mode = "0700"; + user = "unifi"; + group = "unifi"; + } + ]; + + services.unifi.enable = true; + # Don't autostart. + systemd.services.unifi.wantedBy = lib.mkForce [ ]; +} diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index 2caabac..4512838 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -4,6 +4,12 @@ lib, ... }: +let + vlans.personal = 10; + vlans.devices = 20; + vlans.iot = 30; + vlans.guest = 40; +in { boot.kernel.sysctl."net.ipv4.ip_forward" = 1; networking.hostId = config.repo.secrets.local.networking.hostId; @@ -42,86 +48,106 @@ # Create a MACVTAP for ourselves too, so that we can communicate with # our guests on the same interface. - systemd.network.netdevs."10-lan-self" = { - netdevConfig = { - Name = "lan-self"; - Kind = "macvlan"; - }; - extraConfig = '' - [MACVLAN] - Mode=bridge - ''; - }; + systemd.network.netdevs = + { + "10-lan-self" = { + netdevConfig = { + Name = "lan-self"; + Kind = "macvlan"; + }; + extraConfig = '' + [MACVLAN] + Mode=bridge + ''; + }; + } + // lib.flip lib.mapAttrs' vlans ( + vlanName: vlanId: + lib.nameValuePair "40-vlan-${vlanName}" { + netdevConfig = { + Kind = "vlan"; + Name = "vlan-${vlanName}"; + }; + vlanConfig.Id = vlanId; + } + ); - systemd.network.networks = { - "10-lan" = { - matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac; - # This interface should only be used from attached macvtaps. - # So don't acquire a link local address and only wait for - # this interface to gain a carrier. - networkConfig.LinkLocalAddressing = "no"; - linkConfig.RequiredForOnline = "carrier"; - extraConfig = '' - [Network] - MACVLAN=lan-self - ''; - }; - "10-wan" = { - #DHCP = "yes"; - #dhcpV4Config.UseDNS = false; - #dhcpV6Config.UseDNS = false; - #ipv6AcceptRAConfig.UseDNS = false; - address = [ globals.net.home-wan.hosts.ward.cidrv4 ]; - gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ]; - matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac; - networkConfig.IPv6PrivacyExtensions = "yes"; - dhcpV6Config.PrefixDelegationHint = "::/64"; - # FIXME: This should not be needed, but for some reason part of networkd - # isn't seeing the RAs and not triggering DHCPv6. Even though some other - # part of networkd is properly seeing them and logging accordingly. - dhcpV6Config.WithoutRA = "solicit"; - linkConfig.RequiredForOnline = "routable"; - }; - "20-lan-self" = { - address = [ - globals.net.home-lan.hosts.ward.cidrv4 - globals.net.home-lan.hosts.ward.cidrv6 - ]; - matchConfig.Name = "lan-self"; - networkConfig = { - IPv4Forwarding = "yes"; - IPv6PrivacyExtensions = "yes"; - IPv6SendRA = true; - IPv6AcceptRA = false; - DHCPPrefixDelegation = true; - MulticastDNS = true; + systemd.network.networks = + { + "10-lan" = { + matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.lan.mac; + # This interface should only be used from attached macvtaps. + # So don't acquire a link local address and only wait for + # this interface to gain a carrier. + networkConfig.LinkLocalAddressing = "no"; + linkConfig.RequiredForOnline = "carrier"; + extraConfig = '' + [Network] + MACVLAN=lan-self + ''; }; - dhcpPrefixDelegationConfig.UplinkInterface = "wan"; - dhcpPrefixDelegationConfig.Token = "::ff"; - # Announce a static prefix - ipv6Prefixes = [ - { Prefix = globals.net.home-lan.cidrv6; } - ]; - # Delegate prefix - dhcpPrefixDelegationConfig = { - SubnetId = "22"; + "10-wan" = { + #DHCP = "yes"; + #dhcpV4Config.UseDNS = false; + #dhcpV6Config.UseDNS = false; + #ipv6AcceptRAConfig.UseDNS = false; + address = [ globals.net.home-wan.hosts.ward.cidrv4 ]; + gateway = [ globals.net.home-wan.hosts.fritzbox.ipv4 ]; + matchConfig.MACAddress = config.repo.secrets.local.networking.interfaces.wan.mac; + networkConfig.IPv6PrivacyExtensions = "yes"; + dhcpV6Config.PrefixDelegationHint = "::/64"; + # FIXME: This should not be needed, but for some reason part of networkd + # isn't seeing the RAs and not triggering DHCPv6. Even though some other + # part of networkd is properly seeing them and logging accordingly. + dhcpV6Config.WithoutRA = "solicit"; + linkConfig.RequiredForOnline = "routable"; }; - # Provide a DNS resolver - # ipv6SendRAConfig = { - # Managed = true; - # EmitDNS = true; - # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6; - # FIXME: todo assign static additional to reservation in kea - # }; - linkConfig.RequiredForOnline = "routable"; - }; - # Remaining macvtap interfaces should not be touched. - "90-macvtap-ignore" = { - matchConfig.Kind = "macvtap"; - linkConfig.ActivationPolicy = "manual"; - linkConfig.Unmanaged = "yes"; - }; - }; + "20-lan-self" = { + address = [ + globals.net.home-lan.hosts.ward.cidrv4 + globals.net.home-lan.hosts.ward.cidrv6 + ]; + matchConfig.Name = "lan-self"; + networkConfig = { + IPv4Forwarding = "yes"; + IPv6PrivacyExtensions = "yes"; + IPv6SendRA = true; + IPv6AcceptRA = false; + DHCPPrefixDelegation = true; + MulticastDNS = true; + }; + dhcpPrefixDelegationConfig.UplinkInterface = "wan"; + dhcpPrefixDelegationConfig.Token = "::ff"; + # Announce a static prefix + ipv6Prefixes = [ + { Prefix = globals.net.home-lan.cidrv6; } + ]; + # Delegate prefix + dhcpPrefixDelegationConfig = { + SubnetId = "22"; + }; + # Provide a DNS resolver + # ipv6SendRAConfig = { + # Managed = true; + # EmitDNS = true; + # FIXME: this is not the true ipv6 of adguardhome DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6; + # FIXME: todo assign static additional to reservation in kea + # }; + linkConfig.RequiredForOnline = "routable"; + }; + # Remaining macvtap interfaces should not be touched. + "90-macvtap-ignore" = { + matchConfig.Kind = "macvtap"; + linkConfig.ActivationPolicy = "manual"; + linkConfig.Unmanaged = "yes"; + }; + } + // lib.flip lib.mapAttrs' vlans ( + vlanName: _: + lib.nameValuePair "40-vlan-${vlanName}" { + matchConfig.Name = "vlan-${vlanName}"; + } + ); networking.nftables.firewall = { snippets.nnf-icmp.ipv6Types = [ diff --git a/pkgs/TransferOrb.png b/pkgs/TransferOrb.png deleted file mode 100644 index d513cc3ee3117e98349cbe62db9d4efe1a78d518..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 13036 zcmV004R>004l5008;`004mK004C`008P>0026e000+ooVrmw00006 zVoOIv0RI600RN!9r;`8xG4V-6K~#9!?Ywt<9Oc#b{k>+kH}x*tvSmrO+fC^|5!vEmIF2IlwqYp?U{?@+*K-0ekvNI1%6<`5`1pis@4^v>I0cQHn?~%|B zAOs#Mi2~98F9FvNm;#uDz#%2w@pE%+R`cyMX3iZqcH+blRaMmt$Vw+AC54{eV06{W zH#XJRH~vLR)(AlY5)o(L+3Nc*6ZPK!oC2872F-4>toZ)D|Mlb}k3Ts&DI)-~sgb@&9TO^gSr65TwM<&C1CgSpSoU zeIg{5X}BmDp@nFk-t6 z-FQ~lSZly;2`6=(=4e#YfwcX5cW~n^cTiJZ?WwFd<)zO?rwRy3@Bz92s{k8kyzYP7 z4gD*m->x~OqzibsxVZ3_37!O6T3YC6ZzmK8KcvG45-w3;dft%C+>Eqzr)srGtHYIS zvRE@4D=PT?pI*Y9;HIMVDC<92&HmlTh{QtP=Jxg#Knbu6KnRkgB*?$ffqWyt32+EO z5R(&L2c;OAXan~U!rIhPF zUMB&0-3>QOUnDI1Bq(Q$zeoF%XtTSL?oQ6gH`Uiwv3v7-l$Y(r>u*FF zK1`Mfhigw0lL4N2?ghq9oXWBnUO<>Kk(y3xYdc-OR(xG;WaefuaCkArW5-cmvhS`~ zEV>Oi4nzc)`-AOo^5(v2!1}+}B*2Ei9Jg%}c<`1bOCFsxWik&va6i3)81AHGqTv9! zSqYfUc9IgD_yPf{PB-ClI_c@@Af~~#U3)?5_=7zR7&L|tUVDdW3ucf#C=FdT(b3RN zM?(Y2Lk3Y_)4-}%p5dd9*S!in0@M;;ZN%+gfIbHHuYGxmgRc5gn(&Xb4T z$tek=HgEW>2zUpG2!TudlQ!=g11=svsj| z(9r{!%`j=w6mI?QeeB+KgeRZ=klv`3(PM^VQv_Wt-5fnqLVMe3G)?Ej)$il&>E_t} zV(T zW~ZUPm$%+siOD4S-Vg5K_M85bNW{bHRiEBSa#S(t}4BT2#QID=wz=a0xEAmGqPh_U=ANQ)>@NsSf5ZoXv_C-y%7| zjn>=D)z{AAz=2Y9UBhFsk&}@`MP=o6fnazYP;u6}_bUg@{|s8BrO<(iLf1AZ;~ z9=-}_d_|T0y1<>yGN!#{-9l!a_ zuQ+t@2-#UhXfnWoo%@+KWg6eR_dj|1>E}pINu_9bA-;}odb(n$ieSa7%SlPeBPT13 ziF3cj2XCxk_=M@?4=?79?|z5k5rdWYSAA##)(b(B=mYL6dD*W6T)z`A34v2W43sVBYS!#7!|aDl4-^*-rf}Fq zyd9mq_`*wkxNbc!Eqw%C7ks|El*yAO(NtH4z>lh07&m1GTefaz<7Yc)YHXyXzK;F- z4lrrz1g^j7O4hFV7^~SyYfBs5Jpm?8o<>?yGM{hQLAS4m(YY#bzw#Q-yttl6o_K;i z+c$Gy&wfsyJ~i7H2>o6_6oEa?y8mse>gxh$5_}P2xK%~jGWUW@uA4IL0&G?Xv(B4O zW=y{WAb_Jg*SNO$%k>KBy#Wfe@AOm8>-1fK|v7*OAh4# ze-#3^_*=%w{}mWtRn$0eRtddMyM6cX9{uyw`uY}Dy}N?c%xsPwIYcDlq-Um4a`Yq~TMEU)hcS2VT-JQJjz9hRHyBZ!6)RV> z;DQ;fTeFktb1r7d%@?tM-{<`B`wua8+(-=7%GS-L49HHy?TlenU3j%tcJA4IKk!E( z$dD2*XZAMamx1wB#U#KIU-J#0JZan`;fThIOP{8@r-SETe2GXfKvPp2bLY-t!uV0V z`ugk4nLUfQ-&sjpw~z1L{X_QcJ-~T$X0v(orzE-(P)sJSx#}`PAsgqTIP zbp9D&p6#A3EGY*-;BC5ISZG>mXKfU27C`Fe0T-Ly8h zuw=Y#dKcAI<+zo5PA zU;OeFMvfdoa*C7o`WjyU>&w(OxAL7^e@s_>8<$>n5oU{(nwnF5uy*BfU6&){`8W$fF3mVy{%9P1;v^Qckt1MsfHgjf7XXl>1j2%6kJ8xS;Zr%W_Rx|C*J=E7W z)7Dl+AkfW*O*;wtz33V|{imns4F@qh?ObuuET&GM&Z;-xBxBGJDvy`a)Y6GX(b&7| z5Z&G$jvhS7(Zk1xMGS)eDEqhXCNsf`A$7k0(7jxG^S4;F{B^u-Eos46G*80&aW5O= zOIY_+fa}}$6gcQh3=U39P1<YEz*Y{z<2Zt=gu)+4 zs1gDe&Qyof!MpFgLo}ul35T$m&A1a>fPu|o!R1QC;c!w@ zQ%6xOOaM(;#oUG<>$w6#38;cgsCn+hJn%WvZ+wdu^onA&17qEQ!t2Ea)^59P& z;K@HfOIJrLm8UDo8<5G!QKPxy+8cQDwO6p2%`Cp~VwS%28b#x$QMPjrCrVF{KQt4s zFG5FaEAPC$nxyn0{ORTAxap1?$R9A2_J$@t{N!^gj~_*gXzbm8l4};sqpP`t#@;^dAyZerxu+<)Ia94oo49pVw&no>FsGIb6^3Q7DA84=QGlgDnh;U3|cc!8!CKQv6q{L)|A}|bzE)9Bn{Tw}7PEJlb1qB7{-?x`X9{Dvs zZx=V*cmoqBO{cA;fsiJ-@w#tOP*}*q3oj-kJ(UmFd`PgTof9WdFmh5c!-__+dHohz z+uL|y**cC_MMzC{)85)dcTX2Kn-g!h4~t15BRdC+MI{=EVn~Ii)+$1g@UId0=-Xb1 z#aZ{2RJFet#wrAf5?U3wTbIUEv&D%N3R=X6)oMYDX{f3RMG8!+35V5+)nv!e1xs%I zPbN${pJ+sNlfD2j?|l2ljM;_L0fVlmUz*~#IO zgY4aZnC(0E5DG=vw|_6i!wVQZAQz9@NlD33%8ngp>+ZdL^63T&@^iW9>KnN7Tk}Xu zN@PHO9@&KxsH*d#XaPJ)S=h`1RTzXr;Pd;jyHn9(8a7qZ(%DQT8hZ&rYdkdR->>+G zz@43tRO2e@i2v>bk`g_(XFZ8&?%LYZSj{R?JcZo96mz5AHcWp+C#)w3{q$OFn<+_VWO*G;6M{wCacw8BH+*zp7jLqsK zH7y-~D1z7P6w%r-9vk8I|ws3 z-|++T1{YFacM>h=M+-&JHI=mFbTX3DusbqHPD&*jjq>9MAKv85%Gn`^Rh4B+ALYIG-X=XQgUwq%W!~(W967w76XjJ5%F4#&a1ac7>1eDa z+FpyrnLtT-Ig_T%V&aV1)K#6LslFCrc2YQe9Ob1)XlSTIC5DP1Dh<-pa}b7=P$Y^g z!9i7JB~zwOV$Q7T96MSlfV<9bfFy)oyw70dRYcUoqT+FhUUu5rrLk!4D zXU@zy>_1$>wyoQ_@w!C}96Xv0dr#tar-N`2vDio(kU>`$+&X_8>7FP%DuQ^jMqn5n zv^G}kGhj!2Zz393*}n%aZUmiq1G0|)?AMPghfAxdt~fz;#Su=OEWzvbVm4d(;oUzX z><_bY%^Jc|!Q--$l068E$x3bcLBc^l-M#=JEkZCDV$8&;EV}$gwtVs-y}ezORhN@w zPoZ#lF*TM519V7L`CKN^Ny5?QP9yMue$T#-mF?Pfr+450RcZ0DqtZlgUCb z7$hqzo6hEDPF0lhy?ee#V?!N3e&7L~c;b)DJ?}iWZr_W@oJ>bc0}-E}sAeJ%>>@iW zg|40e`S}C6=9<4=AS*3Ry)@Ma@L5z$ z&LL#m&1j0iIlw{Hk?lux$$CZLq%YGQJKL^_xO*_g)it4}wg!p8q)FpAd7_N`A$iQ5 zJA}Otm%p1M^(}ODbyHYaOlnFRh6Ha`3RdMiBNBZ!~6E(?ds&{k%Js5-OW|kU(GewUdx9c ztis_=V8^yCJoCpV7?3lN`|eu8^jVX!dK{#sB$1k$LnIO<(WTH>-w1|EN=h=zUwxUh zWDg@oPi5)yH<&-~0=BPtf=e%%NLROlDbmj1{7kOA{RU<&9EV>Eqk7CFWq62h9iDC9 zzOZrqwIlsSe*#GN`~6&g`6V1Yu#Xcbt9btDCwcbSr+EG^%W*kO{Qi;O5(osj{>Gb_ zId=vwmy>8D#wC|u$An3f@O67J8&)b#9>HWbVdxQJK_6y^i6bR@x#rR!(Ip@vhz1Lo*p`o2+%a-!WD=Rp5vWlXCDtmWr zp{Q^aR*Q|smMYrXTR2`?g3W42DDd6ye~)l5M7Ot>rO!RZun`l<$Vlh0Cm!YW@k9LN zq5BDU_*r*&4_8bCCDBf6pqu0=$qX4fh!fkk64gPR!R2qfYQL(Qg}@qrXK-SI>l%l{ zMpI)Wwe?MCT9~rZV{~c{up(J<`|V_8xUtw({<8c9UVLdeYd=~= zT9SwFEV+rN{`@4qKqqajL3ZujLt>H}ha-W*dv}nLkxjrK;7HkVni?BWWE8`INF+oo z7Nxh>OH_j=|M&-X4NgcB82%$z)$QIp2g>h;iEaSDHP9f2-EQg$K5UWhrmIz5;J|8#cR@O`A3l_J^>TY_zvGqw6{&Mou86 z>l79Zps~4`zpnm(P)|22-&#R!)d?rE!p>d0XliaIe@GEKcI>6S zvzdX}`6M}0>Gk=kuC1e`wVseafJsE@=?$SO5RFAi@OZG>Z3O*6h8Gue!J>uV&!)YhM?Z)n~6Vo&%PoB)=$>aIqefQGV z+KFzM*mrO*Ri`SctEs24rW$WoJITqZbhOk_JZ>5~CU$P!#I)(tNJ>s%*X~_-65Qku zE#T0h1BAjsg5d~tbq!3NJ{_dN&h0zccla>H#bcQ=^>Sjt9)iJ6LXikUQOQblU{h7n za|R&H0t|ydAb{DdVp3Ih?c701N*X1H_Op8J$C!Y|)(+OKS;?%$SI`kmARO){AOZ|3 z${^WpWn`9%L)*3wYVYjb44gz@i8~16Y{n@TIB@6? zV~Y!T=DDYtIeiXqu3U}YTg}oZe@e~CW-2>EC^40eAxM_6Z||P{-(7ssLer>G6KHPnvuodev{(d_s$#cVx!{5eNKa3t^u%!{jUU4` z*Idn@0ht^>euS;tcT#oo7;_e0#D=x&uo)(D(i3RyY{8_MuqX;ygYrQ&(bUjDP0eYl zYic-sx{~(xHcAd3q@l5eXe@$BF_Y-YCO3C9TEtJ~=~Hxf`zg#Hip`NsC>+4-bP_c* z>g#H8sTx8Wc!OaKU8A?x%aWUKLRBPH)ph*(;a||&+D?0CI~Oim$Xjo|#^ULtFnjFy z{4vV5ou;y?6Om-6zPW}Y+qYK%Z^wZP^#j-MRb_njAC03ZW4eCrf<>3#GjH~cLX*jw zyl>A|yEmwl?RJoyl7h?QVa~j{Jn`t`l%6=wE3drFTkovKY8Kq{gL~Pza}yUYn8(k5 z{s>7n8_zuYdu%Q%C{|QwDypF}X~G;L-cG!JADP*Cm@Q^H+glOXuqXyYhK?l3lZljO zG!(kqd&x<2k(`>!vEvOS*~5fFy||s}xGf6Klmxs1AG#h!5dzh0#_#j<(b|tmOH0G! zP|*#^Bft9%^A}ve;tMaL%ct|hpZ{rAEWa_Fl!=nJ~IaEe#(`hEmSi}c= z-Y3iRH3;9j}#|32dw?v&Aj(icP2#^Rg0d7^n14Qf=_4);~E=VaDUQ8&gk)T4h z%Suv83j0dS`FztRZn~!XfP5wUaHIcd-A^0ZK|r88vDohxcr!rK5@5 z%uJ$z9#o49hr@-`b)r5mPFEtTP-v(qrL(<@psy3V(@rF8kerfYFzJ{39Np(#V!v_x{5P?|OhuLO92vAkfbq$BZf!%Il@1A{hb#=04%?Fg7s-Yk+ z1CtPZxb_pmnwR_Ty^Wl~BiXifGoj`^r!<2P;;E(nIvM?3RW*Q^?Eg(*MuL-QC?} zXJ?U{o6D*-pP~RS|K%xKTG|K%f;{=BXQ|l#DL1_QFmG&bB_Tmltx+n@)RO$ohRr|B z0LNL^S1>3LLeO=pvV1~CRh>sQTQFN~s7PX(hN_qul9^0NWi4B_e9onpT+U}3Kf~>^ z@Lvz!&yw42X2+IIeDL8%Jp24}BxPl?`n45gW@e&Cdx>f)!B`ZlNdY9`a0s)iU{fS5 ztsU&xzLS=gM()1*PU`Dh@P>8l9yeA+B_++lr=NX>EgUAMKwEDJm(_y9t|DVmqyo`c zj6fhnEEYpi6ow2Lf`Z1#5k*{b$)&vX(lYAn>lr<|7^~HRFJR{Pk3T};;3Q6!9eG?4 zeK|?w7jc~YGT?MT#`RVgkOUkLMWSo#n(7Xps5(Jsptmq5BL^EAQjZYUR5Fu2>?=J% zTT>N(er_3UEzPtv*K_DV2^}5X)YjJU(z2Jx&K=6(?VG6YXeA{%gJ3X>stANMFc28h zz-)DqnvqAz(fu^EG%{<(eDp|^rLX;&@85L?lP8Vm!@qur%OR+*Zo)vvY>JWQG@~YD z5;Y9`J*}jsr;y;W(cRsRu1gdFLQyz%ssf9}%z_0A*uH%mg@uLqeO^jS%UFELRorsR z?W}t3na-B>&ZiYcsPygV2RW;9Q#l8;ek$q`B1pm#x&WuDAXJ6Js^FJxZLQBAZ>YhZ zkWM5LAsp&P4+a^Vo59YldwKoUm-zOLw^Mq&jE8>yGscY@PwnX%YHRB7b$7F`>NG`p zgQ%>o#A>l(Q6(m`39r{jT~j@tlr+XnJ)a9Nx`v@SIW*Or=Cu{CasPey)7V(c?|$(M zI-5>VcH{`j>Djp49<-Q2Ug0pzN|er)c6=e7%&bfjTrLCxAtc^jKe1ShQKLq1^mrA^ zm%qZ*S6@XW5@G#@Ed;}16rquymy6Ark^*E(DSP<`#noT7S=0Zae&)sEYU>a}WJt*_ zLko>hPtVR)Ee;YAk_q{Jm~9S(p|feve$o?N%$l=+=Ee$U&z{M+v7_*Ld+BWJV&vG7 zjGaA~4S!ujOIHiosp*7zI>{M4ki{2XjmxSqq9~8M?!S+w+Is41Yj|Sma|D9{7A~C6 zM<1;ve`q0#FFcP8AFm~QKn|lvk0TO;lSg;sP;`Vek&%@_M`sV+-JPUoB-7U3gRaGx zI%P6;tC@8hwz6l}b{ZQS$mJ^J|D973J{O{ID}i&;O8-du ztFR3TQ6v!wekthz=~D!eKqz`#kA}!dO~aCyO;myr>>(%FLy7{={^cdCW`%`|zQw@< zds(>nLOxl)fwYWNE?KmQ=bn3kKfbyGJ5W(wOEer~?5J^=?G`%Pn#dhAi0#|9p$Ua+ zZoP}rV<$OPc8U!fHWD+UlpQ_7+K)cRq(D<+9f4qojgq|!$>g4&-c9L|5>A$v zgHVWuHLMnuK)_FZLp^C}sW_}E4Vuy81e2{wYEFogvLj2<%*lb|3D*x&6x ze;IK7;OTKs8$#lj;FXeY2?1Tw8B@#00iw`nI*2=4yn!vrH5zRqsa@<#C1JMZ%D@)bm4 z3JpySy!e+FNJ~%P+t**moOyGxI?WUpk6`iTR|6LI9Xv>7)p6`L2T7hJ$_^c%s-}jS zGiGq*)mKti--_9+qD6Ir!4OSNjaV%zGiT1^y_GB3f8YSKXU_p3G0}~;s|}M$aq$mQ zN?!%Iv%{1KeeI1w`iiC7!?75dDTxHbLF`HC1Qi!eon4ruq;NnQ4IMrn|HH#foHU(p zU3xLaBZ@##`1#L&iMO{KlNR7FuPo)#>#t+&s?{7jun(6BDo<6g`O}Sbceb%}>o)f9 z-AhY*1A_+TF=R*{L4PlWBZgBvDxZvu40?kBv}g!v7&_Z=( z9m%PwD2jqm1T8IXn9XKlu^1jt0(ahdC)1`)!(y>fFmxb3pO;`Th+!CC+Bouc3Jay^ zO9oh^#0N|mI5>a)(A+%yyQzIg-YqO zAFsalA`P|moUW{=sskGcHr&xGHh5e8JQVKq442{AFT(rh`zd+{(Rj3mT`XvoQ(It$Ez|; zsmU26re~q43PO)yG8vdX30N#? z4Ku;`P*oYCF zKmP(ORx65Xrs{Mh5-LRBHtFA$vwq!jeHDQTN;%~g_*Dlu=0+WCw35Pqnx@HZ^A3kL6+>42523C`qXwXN@Fi=z#1p_HTpy0Hb zsA_Cu!}^c;_6;{8gvyE)uVS@WX>MuZl~I)gc=3qiZpw zlpq9Fo1Iy+W|Ene%V(c&!rS8~B_*A-jC4L*x5n!aMV}G^g){5ae;PPN^rhL=c(23J zrn*z}b=8t^w5){o?oRTH#$ZNAi$oA+8+MZkiz0AathnrE>N{u<5 zU~f0a4jo76epFTO0|tqzNzZ*@9qM9t|nt|13!(_4G3j_#;q67jV48x$H zAfNWuX7(H?*(mxFm=3@v&navD+MPA=gr^XYECg+VV0dj=S;@)fmc~^rZOv_=Sakf{ z^DaRZCcNGr5*&6kT_PnYLLt#@r>eP~OZg+u7EFoOo>uzTlrI(vHWRRrCD(oAneN0(qVt0+Q{>~dmP zVaLHE9N4o9kH<|zLjzr1UF78EkdvFsz(E5Um^*-JQztPvZ!nuSe$HEOzDttbMUo>K z30TbvhSZQUimEE8LZZdONC}#uqbdqgH_&y7)Q!H;I5CZAB#O!6K($zqx{lc-Xl-g@ z)QCd7-X3=EKeA51QbmvypDq#NoIbCw+acY*|JpYbNnjJ;6yQSOQG`e^4B4SeW+Wvi zKXuD(_hSwDIB}wsP&h<)dlSKc7q`=nY8do}gLr$o=nO=$*vvTGZai)$g9i^r*L8#< zP)#Z)%E~$2*vh!HOj46FXbovZR1;`ntRhH6*9b)-n1w{5VYOO`hIRar5HU?h6)F(} zOp1c4CNfIGVp zPK|?S1)P1w#v)Nl*`iBkr6eZ&e)_Zvl2nV0NGt~7AZjd1M{6CruAvHv5R#Y{BN*@# z49DmRhKOm}7kPXO;C4DmbbClOJBdjPUAjaV8VM;0sDx>4ZUS_4y|2Db({)U$nTVzn z)if+N8>*t9swToQjV^CDV@4G*Y1~LUI=eBORl=bNYu9f(BH<^B;G_VD0d4ewclIEJ ze+sy>|E7N=Pk(W>H6HW0q9x}9|PcnOEYL?XfM(U|tJ+hP9?yThKQXkf{Zqx$|10qN0Tl5G3+6Zj-SHj)3jh*}5Gb0#sFXy{GdF+xKWS>HrLMMuXgG*j zNMgEOPXf%cvjp6hp5!H0U;SfUD@rET@Bmj6ZsbI;EAY?GkCK-RYk@z}16rT_glV?1s@sDo!o09(TGIK_K&$fTgxc&3%k}Tks zDKq9@K6BP0I@{YYysgwX)#DAtFiFs)j?{Hb(jX!Y3|$h51W8GB6P5-hMWwU7o*utX zrln_#q@*NVRtxn_4b<1w)kdQF8$wWupgvxXWs}G-5R~$Z9eE=Tj1~tfO5aewnEYF& z$uGOvZxXn(ThGn(0oY$9;1L3k01Sz4NNyOIn|pQEfWn-ZAsAUa7NHw7*4LqFVGL;y zh=y>f0-Hr(b2+JLsHN=K(bKxYdI6n^pv90BstPHFfnmTYMX*~40w5e9wYb{#x4%c_ znb5-c;*ejg!?m-{f9Z6H|E{4_XMb;hpQ{;xUG%XpNq|#IdUVMEU?MQSxOm)Ui!Z%} zNF+pWR|}zNh(OSXjQWX%{d9Z194R?iV;J16D0IcuPDo^DJk77gmxONFx4{zZpGpzW zDMmSysQ9vhrC({B#=l~kS3d)l_^2RDd{~N82omG0j7o{7OD=UyQ#`?6~|d$Q`ehTAyj=l?55 zH~u^1f5JolLjE6&RJLC}n001s}R9JLmVRU6WV{&C-bY%blc-k{EFf!3KFw-?O z4>2^fGBB_*vd}g(vNA9L070Dv4Z1RST>t<8E_zg0bYx+4WjbwdWNBu3004N}GcqtT u)-|xuH8cw`GPW`_ure{!HZ-y_FaQ8SuLTUGVp^&I0000