From c5f949506a2eb7f906197de36d330923d735384d Mon Sep 17 00:00:00 2001 From: s0me1newithhand7s Date: Wed, 25 Mar 2026 17:56:18 +0300 Subject: [PATCH] staging(no atomic commits thank to git-hooks) Signed-off-by: s0me1newithhand7s --- ada/services/firewalld.nix | 2 +- flake.lock | 803 ++++++++++++++------ flake.nix | 489 ++++++------ florence/default.nix | 32 + hand7s/default.nix | 16 + hand7s/gtk/gtk.nix | 7 +- hand7s/gtk/gtk3.nix | 42 + hand7s/gtk/gtk4.nix | 37 + hand7s/home/packages.nix | 3 +- hand7s/home/shell.nix | 7 + hand7s/home/variables.nix | 10 + hand7s/nix/settings/trusted-public-keys.nix | 1 - hand7s/nixpkgs/overlays.nix | 6 - hand7s/options/gui.nix | 11 +- hand7s/programs/atuin.nix | 22 + hand7s/programs/broot.nix | 13 + hand7s/programs/carapace.nix | 9 + hand7s/programs/chrome.nix | 1 - hand7s/programs/direnv.nix | 1 + hand7s/programs/eza.nix | 1 + hand7s/programs/fzf.nix | 1 + hand7s/programs/ghostty.nix | 2 +- hand7s/programs/gitui.nix | 26 + hand7s/programs/helix.nix | 133 +++- hand7s/programs/index.nix | 1 + hand7s/programs/noctalia.nix | 20 +- hand7s/programs/nushell.nix | 24 + hand7s/programs/spicetify.nix | 4 +- hand7s/programs/starship.nix | 29 +- hand7s/programs/yazi.nix | 128 +++- hand7s/programs/zellij.nix | 26 +- hand7s/programs/zoxide.nix | 1 + hand7s/stylix/base16Scheme.nix | 12 +- hand7s/stylix/fonts.nix | 24 +- hand7s/stylix/red_ish.nix | 32 - hand7s/stylix/wallpaper3.png | Bin 63857 -> 37752 bytes hand7s/wayland/hyprland.nix | 86 ++- hand7s/xdg/configFile.nix | 22 + hand7s/xdg/mime.nix | 11 + hand7s/xdg/portal.nix | 35 + hand7s/xdg/terminal.nix | 12 + isla/boot/lanzaboote.nix | 2 +- isla/boot/tmp.nix | 2 +- isla/console/console.nix | 2 +- isla/disko/disk.nix | 2 +- isla/disko/lvm_vg.nix | 2 +- isla/hardware/cpu.nix | 2 +- isla/hardware/qmk.nix | 2 +- isla/hardware/zram.nix | 2 +- isla/i18n/locales.nix | 2 +- isla/networking/firewall.nix | 2 +- isla/networking/hostId.nix | 2 +- isla/networking/hostname.nix | 2 +- isla/networking/hosts.nix | 2 +- isla/networking/nameservers.nix | 2 +- isla/networking/networkmanager.nix | 2 +- isla/networking/timeServers.nix | 2 +- isla/networking/wireguard.nix | 2 +- isla/nix/settings/allowed-users.nix | 2 +- isla/nix/settings/auto-optimise-store.nix | 2 +- isla/nix/settings/experimental-features.nix | 2 +- isla/nix/settings/substituters.nix | 2 +- isla/nix/settings/trusted-public-keys.nix | 2 +- isla/nix/settings/trusted-users.nix | 2 +- isla/nixpkgs/config.nix | 2 +- isla/nixpkgs/overlays.nix | 2 +- isla/nixpkgs/system.nix | 2 +- isla/programs/gamemode.nix | 2 +- isla/programs/nh.nix | 2 +- isla/programs/ssh.nix | 2 +- isla/programs/yubikey-touch-detector.nix | 2 +- isla/security/pam/services.nix | 2 +- isla/security/polkit.nix | 2 +- isla/security/rtkit.nix | 2 +- isla/security/sudo-rs.nix | 2 +- isla/services/fprintd.nix | 2 +- isla/services/libinput.nix | 2 +- isla/services/netbird.nix | 2 +- isla/services/pipewire.nix | 2 +- isla/services/thinkfan.nix | 2 +- isla/services/zapret.nix | 2 +- isla/services/zerotier.nix | 2 +- isla/systemd/oomd.nix | 2 +- isla/time/timeZone.nix | 2 +- isla/users/mutableUsers.nix | 2 +- isla/users/users/hand7s.nix | 2 +- isla/users/users/root.nix | 2 +- isla/virtualisation/docker.nix | 2 +- isla/xdg/icons.nix | 2 +- isla/xdg/mime.nix | 2 +- kyra/default.nix | 57 -- kyra/disko/disk.nix | 11 +- kyra/home-manager/users.nix | 2 - kyra/networking/defaultGateway.nix | 17 - kyra/networking/firewall.nix | 5 +- kyra/networking/firewall/ens3.nix | 57 -- kyra/networking/hostname.nix | 4 +- kyra/networking/interfaces/ens3.nix | 36 - kyra/networking/nftables.nix | 7 + kyra/security/acme.nix | 18 + kyra/services/alloy.nix | 99 +++ kyra/services/caddy.nix | 60 -- kyra/services/firewalld.nix | 154 ++++ kyra/services/netbird.nix | 12 +- kyra/services/openssh.nix | 9 +- kyra/services/resolved.nix | 39 + kyra/services/sing-box.nix | 78 +- kyra/services/traefik.nix | 459 +++++++++++ kyra/systemd/networkd.nix | 120 +++ kyra/users/users/alep0u.nix | 1 - kyra/users/users/hand7s.nix | 1 - kyra/virtualisation/docker.nix | 14 - kyra/virtualisation/vmVariant.nix | 11 + viola/services/forgejo.nix | 2 +- viola/services/homepage.nix | 2 +- viola/services/postgresql.nix | 2 +- viola/services/privatebin.nix | 2 +- 117 files changed, 2520 insertions(+), 999 deletions(-) create mode 100644 florence/default.nix create mode 100644 hand7s/gtk/gtk3.nix create mode 100644 hand7s/gtk/gtk4.nix create mode 100644 hand7s/home/shell.nix create mode 100644 hand7s/home/variables.nix delete mode 100644 hand7s/nixpkgs/overlays.nix create mode 100644 hand7s/programs/atuin.nix create mode 100644 hand7s/programs/broot.nix create mode 100644 hand7s/programs/carapace.nix create mode 100644 hand7s/programs/gitui.nix create mode 100644 hand7s/programs/nushell.nix delete mode 100644 hand7s/stylix/red_ish.nix create mode 100644 hand7s/xdg/configFile.nix create mode 100644 hand7s/xdg/mime.nix create mode 100644 hand7s/xdg/portal.nix create mode 100644 hand7s/xdg/terminal.nix delete mode 100644 kyra/default.nix delete mode 100644 kyra/networking/defaultGateway.nix delete mode 100644 kyra/networking/firewall/ens3.nix delete mode 100644 kyra/networking/interfaces/ens3.nix create mode 100644 kyra/networking/nftables.nix create mode 100644 kyra/security/acme.nix create mode 100644 kyra/services/alloy.nix delete mode 100644 kyra/services/caddy.nix create mode 100644 kyra/services/firewalld.nix create mode 100644 kyra/services/resolved.nix create mode 100644 kyra/services/traefik.nix create mode 100644 kyra/systemd/networkd.nix delete mode 100644 kyra/virtualisation/docker.nix create mode 100644 kyra/virtualisation/vmVariant.nix diff --git a/ada/services/firewalld.nix b/ada/services/firewalld.nix index 7cd83ae..59366bb 100644 --- a/ada/services/firewalld.nix +++ b/ada/services/firewalld.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { firewalld = { enable = true; diff --git a/flake.lock b/flake.lock index 15fe6de..c7317d3 100644 --- a/flake.lock +++ b/flake.lock @@ -208,6 +208,64 @@ } }, "cachix": { + "inputs": { + "devenv": "devenv", + "flake-compat": "flake-compat_2", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1774017633, + "narHash": "sha256-CWhnwL2M83/ItapPVeJqCevRoQttesYxJ1h0Mo6ZCXs=", + "owner": "cachix", + "repo": "cachix", + "rev": "e8be573b417f3daa3dd4cb9052178f848e0c9d1d", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "cachix", + "type": "github" + } + }, + "cachix_2": { + "inputs": { + "devenv": [ + "cachix", + "devenv" + ], + "flake-compat": [ + "cachix", + "devenv", + "flake-compat" + ], + "git-hooks": [ + "cachix", + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "cachix", + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760971495, + "narHash": "sha256-IwnNtbNVrlZIHh7h4Wz6VP0Furxg9Hh0ycighvL5cZc=", + "owner": "cachix", + "repo": "cachix", + "rev": "c5bfd933d1033672f51a863c47303fc0e093c2d2", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "latest", + "repo": "cachix", + "type": "github" + } + }, + "cachix_3": { "inputs": { "devenv": [ "devenv" @@ -277,7 +335,7 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager_2", "jovian": "jovian", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -350,8 +408,8 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_3", + "nixpkgs": "nixpkgs_5", "utils": "utils" }, "locked": { @@ -370,13 +428,46 @@ }, "devenv": { "inputs": { - "cachix": "cachix", - "flake-compat": "flake-compat_3", + "cachix": "cachix_2", + "flake-compat": [ + "cachix", + "flake-compat" + ], "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", + "git-hooks": [ + "cachix", + "git-hooks" + ], "nix": "nix", "nixd": "nixd", - "nixpkgs": "nixpkgs_5" + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772738982, + "narHash": "sha256-9MN0FV0XeYJV7kFtUxY6uQMxbZmlrPQLUm3yLbEEJ7Q=", + "owner": "cachix", + "repo": "devenv", + "rev": "22ec127af85396b04af045ec20d004d11a0675af", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "devenv_2": { + "inputs": { + "cachix": "cachix_3", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", + "git-hooks": "git-hooks_2", + "nix": "nix_2", + "nixd": "nixd_2", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1771066302, @@ -413,24 +504,6 @@ "type": "github" } }, - "devshell_2": { - "inputs": { - "nixpkgs": "nixpkgs_6" - }, - "locked": { - "lastModified": 1768818222, - "narHash": "sha256-460jc0+CZfyaO8+w8JNtlClB2n4ui1RbHfPTLkpwhU8=", - "owner": "numtide", - "repo": "devshell", - "rev": "255a2b1725a20d060f566e4755dbf571bbbb5f76", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -473,6 +546,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_7", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1774423251, + "narHash": "sha256-g/PP8G9WcP4vtZVOBNYwfGxLnwLQoTERHnef8irAMeQ=", + "owner": "nix-community", + "repo": "fenix", + "rev": "b70d7535088cd8a9e4322c372a475f66ffa18adf", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "firefox-gnome-theme": { "flake": false, "locked": { @@ -506,6 +598,20 @@ } }, "flake-compat_10": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-compat_11": { "flake": false, "locked": { "lastModified": 1767039857, @@ -521,30 +627,14 @@ "type": "github" } }, - "flake-compat_11": { - "flake": false, - "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_12": { "flake": false, "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "type": "github" }, "original": { @@ -569,7 +659,39 @@ "type": "github" } }, + "flake-compat_14": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1733328505, @@ -585,7 +707,7 @@ "type": "github" } }, - "flake-compat_3": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1761588595, @@ -601,34 +723,18 @@ "type": "github" } }, - "flake-compat_4": { - "flake": false, - "locked": { - "lastModified": 1767039857, - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-compat_5": { "flake": false, "locked": { "lastModified": 1767039857, "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "NixOS", + "owner": "edolstra", "repo": "flake-compat", "type": "github" } @@ -650,22 +756,6 @@ } }, "flake-compat_7": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_8": { "flake": false, "locked": { "lastModified": 1767039857, @@ -681,18 +771,36 @@ "type": "github" } }, - "flake-compat_9": { + "flake-compat_8": { + "flake": false, "locked": { - "lastModified": 1733328505, - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", - "revCount": 69, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz?rev=ff81ac966bb2cae68946d5ed5fc4994f96d0ffec&revCount=69" + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_9": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" } }, "flake-parts": { @@ -717,6 +825,27 @@ } }, "flake-parts_10": { + "inputs": { + "nixpkgs-lib": [ + "nixos-anywhere", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_11": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_6" }, @@ -734,7 +863,7 @@ "type": "github" } }, - "flake-parts_11": { + "flake-parts_12": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -755,7 +884,7 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_13": { "inputs": { "nixpkgs-lib": [ "system-manager", @@ -798,6 +927,7 @@ "flake-parts_3": { "inputs": { "nixpkgs-lib": [ + "cachix", "devenv", "nixpkgs" ] @@ -817,6 +947,27 @@ } }, "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "devenv", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760948891, + "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_5": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -834,7 +985,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -851,7 +1002,7 @@ "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "lanzaboote", @@ -872,7 +1023,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -890,7 +1041,7 @@ "type": "github" } }, - "flake-parts_8": { + "flake-parts_9": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_5" }, @@ -908,28 +1059,22 @@ "type": "github" } }, - "flake-parts_9": { - "inputs": { - "nixpkgs-lib": [ - "nixos-anywhere", - "nixpkgs" - ] - }, + "flake-root": { "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "lastModified": 1723604017, + "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", + "owner": "srid", + "repo": "flake-root", + "rev": "b759a56851e10cb13f6b8e5698af7b59c44be26e", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "flake-parts", + "owner": "srid", + "repo": "flake-root", "type": "github" } }, - "flake-root": { + "flake-root_2": { "locked": { "lastModified": 1723604017, "narHash": "sha256-rBtQ8gg+Dn4Sx/s+pvjdq3CB2wQNzx9XGFq/JVGCB6k=", @@ -1014,10 +1159,10 @@ }, "freesm": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "libnbtplusplus": "libnbtplusplus", "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_7" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1770541033, @@ -1052,10 +1197,56 @@ "git-hooks": { "inputs": { "flake-compat": [ - "devenv", + "cachix", "flake-compat" ], "gitignore": "gitignore_2", + "nixpkgs": [ + "cachix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772665116, + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks-nix": { + "inputs": { + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_4", + "nixpkgs": "nixpkgs_9" + }, + "locked": { + "lastModified": 1770726378, + "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "gitignore": "gitignore_3", "nixpkgs": [ "devenv", "nixpkgs" @@ -1075,30 +1266,10 @@ "type": "github" } }, - "git-hooks-nix": { - "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_3", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1770726378, - "narHash": "sha256-kck+vIbGOaM/dHea7aTBxdFYpeUl/jHOy5W3eyRvVx8=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "5eaaedde414f6eb1aea8b8525c466dc37bba95ae", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "github-actions-nix": { "inputs": { - "flake-parts": "flake-parts_5", - "nixpkgs": "nixpkgs_9" + "flake-parts": "flake-parts_6", + "nixpkgs": "nixpkgs_10" }, "locked": { "lastModified": 1770427665, @@ -1139,7 +1310,7 @@ "gitignore_2": { "inputs": { "nixpkgs": [ - "devenv", + "cachix", "git-hooks", "nixpkgs" ] @@ -1161,7 +1332,8 @@ "gitignore_3": { "inputs": { "nixpkgs": [ - "git-hooks-nix", + "devenv", + "git-hooks", "nixpkgs" ] }, @@ -1180,6 +1352,27 @@ } }, "gitignore_4": { + "inputs": { + "nixpkgs": [ + "git-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_5": { "inputs": { "nixpkgs": [ "hyprland", @@ -1201,7 +1394,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -1223,7 +1416,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "system-manager", @@ -1445,7 +1638,7 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_10", + "nixpkgs": "nixpkgs_11", "pre-commit-hooks": "pre-commit-hooks_2", "systems": "systems_4", "xdph": "xdph" @@ -1748,8 +1941,8 @@ "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_6", + "flake-compat": "flake-compat_8", + "flake-parts": "flake-parts_7", "nixpkgs": [ "nixpkgs" ], @@ -1789,7 +1982,7 @@ }, "ndg": { "inputs": { - "nixpkgs": "nixpkgs_16" + "nixpkgs": "nixpkgs_17" }, "locked": { "lastModified": 1768214250, @@ -1808,7 +2001,7 @@ }, "nekoflake": { "inputs": { - "nixpkgs": "nixpkgs_11" + "nixpkgs": "nixpkgs_12" }, "locked": { "lastModified": 1744631782, @@ -1827,34 +2020,40 @@ "nix": { "inputs": { "flake-compat": [ + "cachix", "devenv", "flake-compat" ], "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "git-hooks-nix": [ + "cachix", "devenv", "git-hooks" ], "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], "nixpkgs-23-11": [ + "cachix", "devenv" ], "nixpkgs-regression": [ + "cachix", "devenv" ] }, "locked": { - "lastModified": 1770395975, - "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "lastModified": 1771532737, + "narHash": "sha256-H26FQmOyvIGnedfAioparJQD8Oe+/byD6OpUpnI/hkE=", "owner": "cachix", "repo": "nix", - "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "rev": "7eb6c427c7a86fdc3ebf9e6cbf2a84e80e8974fd", "type": "github" }, "original": { @@ -1866,9 +2065,9 @@ }, "nix-bwrapper": { "inputs": { - "nixpkgs": "nixpkgs_12", + "nixpkgs": "nixpkgs_13", "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix_3" + "treefmt-nix": "treefmt-nix_4" }, "locked": { "lastModified": 1770308099, @@ -1888,9 +2087,9 @@ "inputs": { "cachyos-kernel": "cachyos-kernel", "cachyos-kernel-patches": "cachyos-kernel-patches", - "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_7", - "nixpkgs": "nixpkgs_15" + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_8", + "nixpkgs": "nixpkgs_16" }, "locked": { "lastModified": 1771091677, @@ -2031,10 +2230,10 @@ }, "nix-mineral": { "inputs": { - "flake-compat": "flake-compat_9", - "flake-parts": "flake-parts_8", + "flake-compat": "flake-compat_10", + "flake-parts": "flake-parts_9", "ndg": "ndg", - "nixpkgs": "nixpkgs_17" + "nixpkgs": "nixpkgs_18" }, "locked": { "lastModified": 1771115839, @@ -2099,14 +2298,56 @@ "type": "github" } }, + "nix_2": { + "inputs": { + "flake-compat": [ + "devenv", + "flake-compat" + ], + "flake-parts": [ + "devenv", + "flake-parts" + ], + "git-hooks-nix": [ + "devenv", + "git-hooks" + ], + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "nixpkgs-23-11": [ + "devenv" + ], + "nixpkgs-regression": [ + "devenv" + ] + }, + "locked": { + "lastModified": 1770395975, + "narHash": "sha256-zg0AEZn8d4rqIIsw5XrkVL5p1y6fBj2L57awfUg+gNA=", + "owner": "cachix", + "repo": "nix", + "rev": "ccb6019ce2bd11f5de5fe4617c0079d8cb1ed057", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "devenv-2.32", + "repo": "nix", + "type": "github" + } + }, "nixd": { "inputs": { "flake-parts": [ + "cachix", "devenv", "flake-parts" ], "flake-root": "flake-root", "nixpkgs": [ + "cachix", "devenv", "nixpkgs" ], @@ -2126,6 +2367,33 @@ "type": "github" } }, + "nixd_2": { + "inputs": { + "flake-parts": [ + "devenv", + "flake-parts" + ], + "flake-root": "flake-root_2", + "nixpkgs": [ + "devenv", + "nixpkgs" + ], + "treefmt-nix": "treefmt-nix_3" + }, + "locked": { + "lastModified": 1763964548, + "narHash": "sha256-JTRoaEWvPsVIMFJWeS4G2isPo15wqXY/otsiHPN0zww=", + "owner": "nix-community", + "repo": "nixd", + "rev": "d4bf15e56540422e2acc7bc26b20b0a0934e3f5e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixd", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1736643958, @@ -2144,12 +2412,12 @@ "nixos-anywhere": { "inputs": { "disko": "disko_2", - "flake-parts": "flake-parts_9", + "flake-parts": "flake-parts_10", "nix-vm-test": "nix-vm-test", "nixos-images": "nixos-images", "nixos-stable": "nixos-stable", - "nixpkgs": "nixpkgs_18", - "treefmt-nix": "treefmt-nix_4" + "nixpkgs": "nixpkgs_19", + "treefmt-nix": "treefmt-nix_5" }, "locked": { "lastModified": 1769956140, @@ -2167,9 +2435,9 @@ }, "nixos-cli": { "inputs": { - "flake-compat": "flake-compat_10", - "flake-parts": "flake-parts_10", - "nixpkgs": "nixpkgs_19", + "flake-compat": "flake-compat_11", + "flake-parts": "flake-parts_11", + "nixpkgs": "nixpkgs_20", "optnix": "optnix" }, "locked": { @@ -2250,8 +2518,8 @@ }, "nixos-wsl": { "inputs": { - "flake-compat": "flake-compat_12", - "nixpkgs": "nixpkgs_21" + "flake-compat": "flake-compat_13", + "nixpkgs": "nixpkgs_22" }, "locked": { "lastModified": 1770657009, @@ -2423,6 +2691,20 @@ } }, "nixpkgs_10": { + "locked": { + "lastModified": 1770197578, + "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", + "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", + "revCount": 940249, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + } + }, + "nixpkgs_11": { "locked": { "lastModified": 1770841267, "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", @@ -2438,7 +2720,7 @@ "type": "github" } }, - "nixpkgs_11": { + "nixpkgs_12": { "locked": { "lastModified": 1742283249, "narHash": "sha256-hYz59vIFHjPt3l4iaXwCGUPu85EVRomzZRONksMVmgY=", @@ -2453,7 +2735,7 @@ "type": "github" } }, - "nixpkgs_12": { + "nixpkgs_13": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2469,7 +2751,7 @@ "type": "github" } }, - "nixpkgs_13": { + "nixpkgs_14": { "locked": { "lastModified": 1767892417, "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=", @@ -2485,7 +2767,7 @@ "type": "github" } }, - "nixpkgs_14": { + "nixpkgs_15": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2501,7 +2783,7 @@ "type": "github" } }, - "nixpkgs_15": { + "nixpkgs_16": { "locked": { "lastModified": 1771045105, "narHash": "sha256-6/VriPJZPqQfOyujd1AEjSYzgP/In4dtmQAbvhkkhyI=", @@ -2517,7 +2799,7 @@ "type": "github" } }, - "nixpkgs_16": { + "nixpkgs_17": { "locked": { "lastModified": 1766070988, "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", @@ -2533,7 +2815,7 @@ "type": "github" } }, - "nixpkgs_17": { + "nixpkgs_18": { "locked": { "lastModified": 1755593991, "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", @@ -2549,7 +2831,7 @@ "type": "github" } }, - "nixpkgs_18": { + "nixpkgs_19": { "locked": { "lastModified": 1769900851, "narHash": "sha256-RgCgXS3WiG9c/1wxFM6OXmmv39dSaLLON9VeAbTTAIM=", @@ -2565,22 +2847,6 @@ "type": "github" } }, - "nixpkgs_19": { - "locked": { - "lastModified": 1767151656, - "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { "lastModified": 1770197578, @@ -2598,6 +2864,22 @@ } }, "nixpkgs_20": { + "locked": { + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_21": { "locked": { "lastModified": 1759070547, "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", @@ -2613,7 +2895,7 @@ "type": "github" } }, - "nixpkgs_21": { + "nixpkgs_22": { "locked": { "lastModified": 1770019141, "narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=", @@ -2629,7 +2911,7 @@ "type": "github" } }, - "nixpkgs_22": { + "nixpkgs_23": { "locked": { "lastModified": 1771008912, "narHash": "sha256-gf2AmWVTs8lEq7z/3ZAsgnZDhWIckkb+ZnAo5RzSxJg=", @@ -2645,7 +2927,7 @@ "type": "github" } }, - "nixpkgs_23": { + "nixpkgs_24": { "locked": { "lastModified": 1770380644, "narHash": "sha256-P7dWMHRUWG5m4G+06jDyThXO7kwSk46C1kgjEWcybkE=", @@ -2661,7 +2943,7 @@ "type": "github" } }, - "nixpkgs_24": { + "nixpkgs_25": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -2677,7 +2959,7 @@ "type": "github" } }, - "nixpkgs_25": { + "nixpkgs_26": { "locked": { "lastModified": 1770107345, "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", @@ -2693,7 +2975,7 @@ "type": "github" } }, - "nixpkgs_26": { + "nixpkgs_27": { "locked": { "lastModified": 1682134069, "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=", @@ -2708,6 +2990,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1764950072, "narHash": "sha256-BmPWzogsG2GsXZtlT+MTcAWeDK5hkbGRZTeZNW42fwA=", @@ -2723,7 +3021,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1743014863, "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", @@ -2739,7 +3037,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1761313199, "narHash": "sha256-wCIACXbNtXAlwvQUo1Ed++loFALPjYUA3dpcUJiXO44=", @@ -2755,23 +3053,23 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { - "lastModified": 1762156382, - "narHash": "sha256-Yg7Ag7ov5+36jEFC1DaZh/12SEXo6OO3/8rqADRxiqs=", - "owner": "NixOS", + "lastModified": 1774106199, + "narHash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "7241bcbb4f099a66aafca120d37c65e8dda32717", + "rev": "6c9a78c09ff4d6c21d0319114873508a6ec01655", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1770197578, "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", @@ -2787,7 +3085,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1770073757, "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", @@ -2803,20 +3101,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1770197578, - "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", - "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", - "revCount": 940249, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.940249%2Brev-00c21e4c93d963c50d4c0c89bfa84ed6e0694df2/019c2c37-21f9-727c-86c5-0523e601d163/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" - } - }, "nmd": { "inputs": { "nixpkgs": [ @@ -2904,7 +3188,7 @@ "inputs": { "flake-utils": "flake-utils_2", "ixx": "ixx", - "nixpkgs": "nixpkgs_13" + "nixpkgs": "nixpkgs_14" }, "locked": { "lastModified": 1768249818, @@ -2922,8 +3206,8 @@ }, "optnix": { "inputs": { - "flake-compat": "flake-compat_11", - "nixpkgs": "nixpkgs_20" + "flake-compat": "flake-compat_12", + "nixpkgs": "nixpkgs_21" }, "locked": { "lastModified": 1765418479, @@ -2968,7 +3252,7 @@ "lanzaboote", "flake-compat" ], - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -2996,7 +3280,7 @@ "userborn", "flake-compat" ], - "gitignore": "gitignore_6", + "gitignore": "gitignore_7", "nixpkgs": [ "system-manager", "userborn", @@ -3019,8 +3303,8 @@ }, "pre-commit-hooks_2": { "inputs": { - "flake-compat": "flake-compat_6", - "gitignore": "gitignore_4", + "flake-compat": "flake-compat_7", + "gitignore": "gitignore_5", "nixpkgs": [ "hyprland", "nixpkgs" @@ -3065,12 +3349,13 @@ "agenix": "agenix", "agenix-rekey": "agenix-rekey", "ayugram-desktop": "ayugram-desktop", + "cachix": "cachix", "chaotic": "chaotic", "deploy-rs": "deploy-rs", - "devenv": "devenv", - "devshell": "devshell_2", + "devenv": "devenv_2", "disko": "disko", - "flake-parts": "flake-parts_4", + "fenix": "fenix", + "flake-parts": "flake-parts_5", "freesm": "freesm", "git-hooks-nix": "git-hooks-nix", "github-actions-nix": "github-actions-nix", @@ -3092,17 +3377,34 @@ "nixos-cli": "nixos-cli", "nixos-generators": "nixos-generators", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_22", + "nixpkgs": "nixpkgs_23", "noctalia": "noctalia", "quickshell": "quickshell", "sops-nix": "sops-nix", "spicetify-nix": "spicetify-nix", "stylix": "stylix", "system-manager": "system-manager", - "treefmt-nix": "treefmt-nix_5", + "treefmt-nix": "treefmt-nix_6", "vscserver": "vscserver" } }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1774376228, + "narHash": "sha256-7oA0u4aghFjjIcIDKZ26NUpXH7hVXGPC0sI1OfK7NUk=", + "owner": "rust-lang", + "repo": "rust-analyzer", + "rev": "eabb84b771420b8396ab4bb4747694302d9be277", + "type": "github" + }, + "original": { + "owner": "rust-lang", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, "rust-overlay": { "inputs": { "nixpkgs": [ @@ -3184,7 +3486,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_23" + "nixpkgs": "nixpkgs_24" }, "locked": { "lastModified": 1770683991, @@ -3228,9 +3530,9 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_12", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_24", + "nixpkgs": "nixpkgs_25", "nur": "nur", "systems": "systems_7", "tinted-foot": "tinted-foot", @@ -3514,6 +3816,7 @@ "treefmt-nix_2": { "inputs": { "nixpkgs": [ + "cachix", "devenv", "nixd", "nixpkgs" @@ -3535,7 +3838,29 @@ }, "treefmt-nix_3": { "inputs": { - "nixpkgs": "nixpkgs_14" + "nixpkgs": [ + "devenv", + "nixd", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1734704479, + "narHash": "sha256-MMi74+WckoyEWBRcg/oaGRvXC9BVVxDZNRMpL+72wBI=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "65712f5af67234dad91a5a4baee986a8b62dbf8f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_4": { + "inputs": { + "nixpkgs": "nixpkgs_15" }, "locked": { "lastModified": 1770228511, @@ -3551,7 +3876,7 @@ "type": "github" } }, - "treefmt-nix_4": { + "treefmt-nix_5": { "inputs": { "nixpkgs": [ "nixos-anywhere", @@ -3572,9 +3897,9 @@ "type": "github" } }, - "treefmt-nix_5": { + "treefmt-nix_6": { "inputs": { - "nixpkgs": "nixpkgs_25" + "nixpkgs": "nixpkgs_26" }, "locked": { "lastModified": 1770228511, @@ -3592,8 +3917,8 @@ }, "userborn": { "inputs": { - "flake-compat": "flake-compat_13", - "flake-parts": "flake-parts_12", + "flake-compat": "flake-compat_14", + "flake-parts": "flake-parts_13", "nixpkgs": [ "system-manager", "nixpkgs" @@ -3637,7 +3962,7 @@ "vscserver": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_26" + "nixpkgs": "nixpkgs_27" }, "locked": { "lastModified": 1770124655, diff --git a/flake.nix b/flake.nix index af37367..aa0b97a 100644 --- a/flake.nix +++ b/flake.nix @@ -29,6 +29,13 @@ repo = "ayugram-desktop"; }; + "cachix" = { + flake = true; + type = "github"; + owner = "cachix"; + repo = "cachix"; + }; + "chaotic" = { flake = true; type = "github"; @@ -51,13 +58,6 @@ repo = "devenv"; }; - "devshell" = { - flake = true; - type = "github"; - owner = "numtide"; - repo = "devshell"; - }; - "disko" = { flake = true; type = "github"; @@ -85,6 +85,13 @@ repo = "freesmlauncher"; }; + "fenix" = { + flake = true; + type = "github"; + owner = "nix-community"; + repo = "fenix"; + }; + "github-actions-nix" = { flake = true; type = "github"; @@ -367,7 +374,7 @@ self ; } { - debug = false; + debug = true; systems = [ "x86_64-linux" @@ -376,20 +383,201 @@ imports = [ # modules - inputs.agenix-rekey.flakeModule inputs.disko.flakeModules.default - inputs.devshell.flakeModule inputs.treefmt-nix.flakeModule inputs.home-manager.flakeModules.home-manager inputs.git-hooks-nix.flakeModule inputs.devenv.flakeModule - # i can't really deside between devenv, devshells and devShells they are equally good for me - # for now, at least, i'm using numtide/devshells inputs.github-actions-nix.flakeModule ]; - flake = { - # home-manager, sorta broken when standalone + flake = let + inherit + (inputs."nixpkgs".lib) + nixosSystem + filesystem + genAttrs + map + ; + + defaultModules = []; + + defaultPath = filesystem.listFilesRecursive "${self}/kyra/"; + + inputedModules = + map ( + { + input, + opt ? "default", + }: + inputs.${input}.nixosModules.${opt} + ) [ + { + opt = "disko"; + input = "disko"; + } + + { + input = "home-manager"; + } + + { + opt = "sops"; + input = "sops-nix"; + } + + { + opt = "nix-index"; + input = "nix-index-database"; + } + + { + opt = "nix-mineral"; + input = "nix-mineral"; + } + ]; + + kyraHost = name: + nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ defaultPath ++ inputedModules; + specialArgs = { + inherit + inputs + name + self + ; + }; + }; + + kyraStack = + genAttrs [ + "hazel" + "lynn" + "yara" + "ivy" + "mel" + ] + kyraHost; + in { + # Main PC + nixosConfigurations = + { + "ada" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/ada/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # Main Laptop + "isla" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/isla/" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + inputs.lanzaboote.nixosModules.lanzaboote + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # homelab + "viola" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/viola" + inputs.chaotic.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.sops-nix.nixosModules.sops + inputs.disko.nixosModules.disko + inputs.lanzaboote.nixosModules.lanzaboote + inputs.home-manager.nixosModules.default + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # WSL2 + "wanda" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/wanda/" + inputs.nixos-wsl.nixosModules.default + inputs.stylix.nixosModules.stylix + inputs.home-manager.nixosModules.default + inputs.sops-nix.nixosModules.sops + inputs.nix-index-database.nixosModules.nix-index + inputs.nix-bwrapper.nixosModules.default + inputs.nix-mineral.nixosModules.nix-mineral + ]; + }; + + # custom ISO + "florence" = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit + inputs + self + ; + }; + + modules = [ + "${self}/florence/" + ]; + }; + } + // kyraStack; + # few words about kyraStack: + # it's my little fleet, 5 identical VPSes + # really nice that all of them are 2 vCPU 2GB + # tho ssd/nvme/hdd memory is nothing important + # and being KVM VPS / pure VPS too + + # home-manager homeConfigurations = { "hand7s" = inputs.home-manager.lib.homeManagerConfiguration { pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; @@ -407,216 +595,12 @@ inputs.hyprland.homeManagerModules.default inputs.chaotic.homeManagerModules.default inputs.sops-nix.homeManagerModules.sops - inputs.nix-index-database.homeModules.nix-index inputs.noctalia.homeModules.default inputs.stylix.homeModules.stylix ]; }; }; - - # nixos hosts - - # my PC - nixosConfigurations = { - "ada" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/ada/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my laptop - "isla" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/isla/" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.home-manager - inputs.lanzaboote.nixosModules.lanzaboote - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # my VPSes: - - # VPS 1 - "hazel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "hazel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 2 - "lynn" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "lynn"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 3 - "ivy" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "ivy"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # VPS 4 - "mel" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - { - networking.hostName = inputs.nixpkgs.lib.mkDefault "mel"; - } - - "${self}/kyra/" - inputs.agenix.nixosModules.default - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # homelab - "viola" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/viola" - inputs.agenix.nixosModules.default - inputs.chaotic.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.sops-nix.nixosModules.sops - inputs.disko.nixosModules.disko - inputs.lanzaboote.nixosModules.lanzaboote - inputs.home-manager.nixosModules.default - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - - # WSL2 - "wanda" = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit - inputs - self - ; - }; - - modules = [ - "${self}/wanda/" - inputs.agenix.nixosModules.default - inputs.nixos-wsl.nixosModules.default - inputs.stylix.nixosModules.stylix - inputs.home-manager.nixosModules.default - inputs.sops-nix.nixosModules.sops - inputs.nix-index-database.nixosModules.nix-index - inputs.nix-bwrapper.nixosModules.default - inputs.nix-mineral.nixosModules.nix-mineral - ]; - }; - }; }; perSystem = { @@ -630,7 +614,7 @@ flakeCheck = true; programs = { - alejandra = { + "alejandra" = { enable = true; priority = 1; includes = [ @@ -638,7 +622,7 @@ ]; }; - statix = { + "statix" = { enable = true; priority = 1; includes = [ @@ -650,7 +634,7 @@ ]; }; - deadnix = { + "deadnix" = { enable = true; priority = 1; includes = [ @@ -683,72 +667,45 @@ gitPackage = pkgs.git; hooks = { - alejandra = { + "alejandra" = { enable = true; settings = { + verbosity = "quiet"; check = true; }; }; - deadnix = { + "deadnix" = { enable = true; settings = { edit = false; }; }; - statix = { + "statix" = { enable = true; - settings = { - config = "${pkgs.writeText ''statix.toml'' '' - disabled = [ - "empty_pattern" - ] - ''}"; - }; }; }; }; }; - # numtide/devshells, basically a devShells but better - devshells = { - "default" = { - name = "default"; + # cachix/devenv, basically a devShells, even better than numtide/devshells + devenv = { + shells = { + "default" = { + enterShell = config.pre-commit.shellHook; - commands = [ - { - name = "pre"; - category = "[tools]"; - command = "prek run -a"; - help = '' - pre-commit-hook is a tool to execute linters / formatters before `git commit` to verify that code is meeting standarts of code setted up in projects; - ''; - } - - { - name = "fmt"; - category = "[formatters]"; - command = "nix fmt"; - help = '' - nix fmt is built-in formatting solution for nix pacakage manager; - ''; - } - ]; - - devshell = { - startup = { - "git-hooks-nix" = { - text = config.pre-commit.shellHook; - }; + devenv = { + root = toString /home/hand7s/Projects/flake; }; - }; - packages = with pkgs; - [ - just - ] - ++ config.pre-commit.settings.enabledPackages; + packages = + [ + pkgs.just + config.treefmt.build.wrapper + ] + ++ config.pre-commit.settings.enabledPackages; + }; }; }; diff --git a/florence/default.nix b/florence/default.nix new file mode 100644 index 0000000..aaeeeaa --- /dev/null +++ b/florence/default.nix @@ -0,0 +1,32 @@ +{inputs, ...}: { + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" + ]; + + services = { + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + }; + }; + + system = { + stateVersion = "25.05"; + }; + + users = { + users = { + "root" = { + openssh = { + authorizedKeys = { + keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDp2IIdR5jV1HyG4aiRX7SfTNrXDhCx5rTiFU40qkOKq litvinovb0@gmail.com" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hand7s/default.nix b/hand7s/default.nix index 8600f50..4dfb40a 100644 --- a/hand7s/default.nix +++ b/hand7s/default.nix @@ -5,11 +5,17 @@ "${self}/hand7s/wayland/hyprland.nix" + "${self}/hand7s/gtk/gtk.nix" + "${self}/hand7s/gtk/gtk3.nix" + "${self}/hand7s/gtk/gtk4.nix" + "${self}/hand7s/home/defaults.nix" "${self}/hand7s/home/gui.nix" "${self}/hand7s/home/keyboard.nix" "${self}/hand7s/home/packages.nix" "${self}/hand7s/home/shellAliases.nix" + "${self}/hand7s/home/variables.nix" + "${self}/hand7s/home/shell.nix" "${self}/hand7s/nixpkgs/config.nix" "${self}/hand7s/nixpkgs/overlays.nix" @@ -40,5 +46,15 @@ "${self}/hand7s/programs/direnv.nix" "${self}/hand7s/programs/noctalia.nix" "${self}/hand7s/programs/iamb.nix" + "${self}/hand7s/programs/nushell.nix" + "${self}/hand7s/programs/carapace.nix" + "${self}/hand7s/programs/broot.nix" + "${self}/hand7s/programs/atuin.nix" + "${self}/hand7s/programs/gitui.nix" + + "${self}/hand7s/xdg/portal.nix" + "${self}/hand7s/xdg/mime.nix" + "${self}/hand7s/xdg/configFile.nix" + "${self}/hand7s/xdg/terminal.nix" ]; } diff --git a/hand7s/gtk/gtk.nix b/hand7s/gtk/gtk.nix index 95d197c..6234463 100644 --- a/hand7s/gtk/gtk.nix +++ b/hand7s/gtk/gtk.nix @@ -1,5 +1,8 @@ -_: { +{pkgs, ...}: { gtk = { - enable = true; + iconTheme = { + package = pkgs.morewaita-icon-theme; + name = "MoreWaita"; + }; }; } diff --git a/hand7s/gtk/gtk3.nix b/hand7s/gtk/gtk3.nix new file mode 100644 index 0000000..ce810cb --- /dev/null +++ b/hand7s/gtk/gtk3.nix @@ -0,0 +1,42 @@ +_: { + gtk = { + gtk3 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents, + .menu { + background-color: mix(@base0D, @base02, 0.11); + } + + tooltip { + background-color: mix(@base0D, @base02, 0.14); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/gtk/gtk4.nix b/hand7s/gtk/gtk4.nix new file mode 100644 index 0000000..f688b67 --- /dev/null +++ b/hand7s/gtk/gtk4.nix @@ -0,0 +1,37 @@ +_: { + gtk = { + gtk4 = { + extraCss = '' + headerbar { + background-color: mix(@base0D, @base02, 0.08); + } + + headerbar title { + font-size: 14px; + font-weight: 500; + } + + popover contents { + background-color: mix(@base0D, @base02, 0.11); + } + + button label { + font-size: 12px; + font-weight: 500; + } + + button:hover { + background-color: alpha(@base0D, 0.08); + } + + button:focus { + background-color: alpha(@base0D, 0.12); + } + + button:active { + background-color: alpha(@base0D, 0.16); + } + ''; + }; + }; +} diff --git a/hand7s/home/packages.nix b/hand7s/home/packages.nix index 9ccc0ea..d0fd64d 100644 --- a/hand7s/home/packages.nix +++ b/hand7s/home/packages.nix @@ -7,16 +7,17 @@ xh dua nvd + tlrc dust sops rsync procs + sshfs sbctl gping comma trippy bottom - ragenix ripgrep kubectl gitoxide diff --git a/hand7s/home/shell.nix b/hand7s/home/shell.nix new file mode 100644 index 0000000..650e35f --- /dev/null +++ b/hand7s/home/shell.nix @@ -0,0 +1,7 @@ +_: { + home = { + shell = { + enableShellIntegration = true; + }; + }; +} diff --git a/hand7s/home/variables.nix b/hand7s/home/variables.nix new file mode 100644 index 0000000..726737a --- /dev/null +++ b/hand7s/home/variables.nix @@ -0,0 +1,10 @@ +_: { + home = { + sessionVariables = { + CARAPACE_BRIDGES = "fish"; + DIRENV_WARN_TIMEOUT = "5m"; + GTK_USE_PORTAL = "1"; + AQ_NO_MODIFIERS = "1"; + }; + }; +} diff --git a/hand7s/nix/settings/trusted-public-keys.nix b/hand7s/nix/settings/trusted-public-keys.nix index e5cc01b..db02cd7 100644 --- a/hand7s/nix/settings/trusted-public-keys.nix +++ b/hand7s/nix/settings/trusted-public-keys.nix @@ -9,7 +9,6 @@ _: { # cachix.org "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" - "ags.cachix.org-1:naAvMrz0CuYqeyGNyLgE010iUiuf/qx6kYrUv3NwAJ8=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" ]; diff --git a/hand7s/nixpkgs/overlays.nix b/hand7s/nixpkgs/overlays.nix deleted file mode 100644 index 8db0844..0000000 --- a/hand7s/nixpkgs/overlays.nix +++ /dev/null @@ -1,6 +0,0 @@ -_: { - nixpkgs = { - overlays = [ - ]; - }; -} diff --git a/hand7s/options/gui.nix b/hand7s/options/gui.nix index c440f21..eefd593 100644 --- a/hand7s/options/gui.nix +++ b/hand7s/options/gui.nix @@ -6,8 +6,8 @@ ... }: let cfg = config.home.gui; - ayugram = self.inputs.ayugram-desktop.packages.${pkgs.system}.ayugram-desktop; - freesm-launcher = self.inputs.freesm.packages.${pkgs.system}.freesmlauncher; + ayugram = self.inputs.ayugram-desktop.packages.${pkgs.stdenv.hostPlatform.system}.ayugram-desktop; + freesm-launcher = self.inputs.freesm.packages.${pkgs.stdenv.hostPlatform.system}.freesmlauncher; in { options.home.gui = { enable = lib.mkEnableOption '' @@ -45,7 +45,6 @@ in { vesktop ayugram anki-bin - obsidian mindustry lan-mouse monero-gui @@ -70,10 +69,10 @@ in { cfg.sessionType == "Hyprland" ) [ fum - timg dconf iwgtk tokei + gajim ifuse yt-dlp termusic @@ -86,17 +85,21 @@ in { yubico-piv-tool yubikey-manager libimobiledevice + ungoogled-chromium yubikey-touch-detector yubikey-personalization self.inputs.noctalia.packages.${system}.default ]; }; + gtk.enable = true; + programs = { chromium.enable = true; spicetify.enable = true; ghostty.enable = true; git.enable = true; + obsidian.enable = true; }; services = with lib.mkDefault; { diff --git a/hand7s/programs/atuin.nix b/hand7s/programs/atuin.nix new file mode 100644 index 0000000..d974cd1 --- /dev/null +++ b/hand7s/programs/atuin.nix @@ -0,0 +1,22 @@ +_: { + programs = { + atuin = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + keymap_mode = "vim-normal"; + }; + + flags = [ + "--disable-up-arrow" + ]; + + daemon = { + enable = true; + logLevel = "info"; + }; + }; + }; +} diff --git a/hand7s/programs/broot.nix b/hand7s/programs/broot.nix new file mode 100644 index 0000000..b0fb242 --- /dev/null +++ b/hand7s/programs/broot.nix @@ -0,0 +1,13 @@ +_: { + programs = { + broot = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + + settings = { + modal = true; + }; + }; + }; +} diff --git a/hand7s/programs/carapace.nix b/hand7s/programs/carapace.nix new file mode 100644 index 0000000..49a3a69 --- /dev/null +++ b/hand7s/programs/carapace.nix @@ -0,0 +1,9 @@ +_: { + programs = { + carapace = { + enable = true; + enableNushellIntegration = true; + enableFishIntegration = true; + }; + }; +} diff --git a/hand7s/programs/chrome.nix b/hand7s/programs/chrome.nix index 0259f9d..b67b690 100644 --- a/hand7s/programs/chrome.nix +++ b/hand7s/programs/chrome.nix @@ -4,7 +4,6 @@ package = pkgs.google-chrome.override { commandLineArgs = [ "--enable-features=AcceleratedVideoEncoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,VaapiIgnoreDriverChecks,VaapiVideoDecoder,PlatformHEVCDecoderSupport,UseMultiPlaneFormatForHardwareVideo,SkiaGraphite" - "--enable-unsafe-webgpu" "--ignore-gpu-blocklist" "--enable-zero-copy" ]; diff --git a/hand7s/programs/direnv.nix b/hand7s/programs/direnv.nix index 84af0d8..20b7998 100644 --- a/hand7s/programs/direnv.nix +++ b/hand7s/programs/direnv.nix @@ -3,6 +3,7 @@ _: { direnv = { enable = true; silent = true; + enableNushellIntegration = true; nix-direnv = { enable = true; diff --git a/hand7s/programs/eza.nix b/hand7s/programs/eza.nix index 2ac0ee4..ac804c7 100644 --- a/hand7s/programs/eza.nix +++ b/hand7s/programs/eza.nix @@ -3,6 +3,7 @@ _: { eza = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; git = true; icons = "always"; }; diff --git a/hand7s/programs/fzf.nix b/hand7s/programs/fzf.nix index 31960f5..4c1c4ff 100644 --- a/hand7s/programs/fzf.nix +++ b/hand7s/programs/fzf.nix @@ -3,6 +3,7 @@ _: { fzf = { enable = true; enableFishIntegration = true; + tmux = { enableShellIntegration = true; }; diff --git a/hand7s/programs/ghostty.nix b/hand7s/programs/ghostty.nix index c1e2e65..9f1dca0 100644 --- a/hand7s/programs/ghostty.nix +++ b/hand7s/programs/ghostty.nix @@ -12,7 +12,7 @@ bell-features = "system"; - command = "${lib.getExe pkgs.fish}"; + command = "${lib.getExe pkgs.nushell}"; confirm-close-surface = false; diff --git a/hand7s/programs/gitui.nix b/hand7s/programs/gitui.nix new file mode 100644 index 0000000..23f9ddb --- /dev/null +++ b/hand7s/programs/gitui.nix @@ -0,0 +1,26 @@ +_: { + programs = { + gitui = { + enable = true; + keyConfig = '' + ( + move_left: Some(( code: Char('h'), modifiers: "" )), + move_right: Some(( code: Char('l'), modifiers: "" )), + move_up: Some(( code: Char('k'), modifiers: "" )), + move_down: Some(( code: Char('j'), modifiers: "" )), + + popup_up: Some(( code: Char('k'), modifiers: "" )), + popup_down: Some(( code: Char('j'), modifiers: "" )), + page_up: Some(( code: Char('b'), modifiers: "CONTROL" )), + page_down: Some(( code: Char('f'), modifiers: "CONTROL" )), + + stage_hunk: Some(( code: Char('x'), modifiers: "" )), + status_reset_item: Some(( code: Char('U'), modifiers: "SHIFT" )), + + shift_up: Some(( code: Char('K'), modifiers: "SHIFT" )), + shift_down: Some(( code: Char('J'), modifiers: "SHIFT" )), + ) + ''; + }; + }; +} diff --git a/hand7s/programs/helix.nix b/hand7s/programs/helix.nix index c8ae19c..c24e064 100644 --- a/hand7s/programs/helix.nix +++ b/hand7s/programs/helix.nix @@ -2,7 +2,15 @@ pkgs, lib, ... -}: { +}: let + formatter = { + run = "treefmt"; + args = [ + "--stdin" + "$f" + ]; + }; +in { programs = { helix = { package = pkgs.helix; @@ -10,52 +18,133 @@ defaultEditor = true; extraPackages = with pkgs; [ nixd + ruff + vtsls + rust-analyzer ]; settings = { editor = { line-number = "relative"; cursorline = true; + auto-pairs = true; + auto-save = { + focus-lost = true; + after-delay = { + enable = true; + timeout = 3000; + }; + }; + + soft-wrap = { + enable = true; + }; + + inline-diagnostics = { + cursor-line = "hint"; + }; + lsp = { - display-messages = true; + enable = true; + display-progress-messages = true; + display-inlay-hints = true; + }; + + cursor-shape = { + normal = "underline"; + insert = "block"; + select = "underline"; }; }; }; languages = { language-servers = { - nixd = { + "nixd" = { command = "${lib.getExe pkgs.nixd}"; args = [ "--inlay-hints=true" ]; }; + + "ruff" = { + command = "${lib.getExe pkgs.ruff}"; + args = [ + "server" + ]; + }; + + "vtsls" = { + command = "${lib.getExe pkgs.vtsls}"; + args = [ + "--stdio" + ]; + }; + + "rust-lsp" = { + command = "${lib.getExe pkgs.rust-analyzer}"; + }; }; - language = [ + languages = [ { name = "nix"; - comment-token = "#"; - injection-regex = "nix"; - indent = { - tab-width = 4; - unit = " "; - }; - - formatter = { - command = "${lib.getExe pkgs.nix}"; - args = [ - "fmt" - ]; - }; - - file-types = [ - "nix" - ]; - + auto-format = true; language-servers = [ "nixd" ]; + + inherit + formatter + ; + } + + { + name = "python"; + auto-format = true; + language-servers = [ + "ruff" + ]; + + inherit + formatter + ; + } + + { + name = "rust"; + auto-format = true; + language-servers = [ + "rust-lsp" + ]; + + inherit + formatter + ; + } + + { + name = "javascript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; + } + + { + name = "typescript"; + auto-format = true; + language-servers = [ + "vtsls" + ]; + + inherit + formatter + ; } ]; }; diff --git a/hand7s/programs/index.nix b/hand7s/programs/index.nix index d7475b9..dc16de9 100644 --- a/hand7s/programs/index.nix +++ b/hand7s/programs/index.nix @@ -3,6 +3,7 @@ _: { nix-index = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/programs/noctalia.nix b/hand7s/programs/noctalia.nix index 662f6cc..ad629d3 100644 --- a/hand7s/programs/noctalia.nix +++ b/hand7s/programs/noctalia.nix @@ -19,9 +19,10 @@ forceBlackScreenCorners = true; showScreenCorners = true; screenRadiusRatio = 1; - radiusRatio = 0.7; + radiusRatio = 1.5; + enableBlurBehind = true; enableShadows = true; - shadowDirection = "center"; + shadowDirection = "bottom_right"; }; appLauncher = { @@ -40,10 +41,12 @@ }; bar = { - floating = false; - density = "default"; + floating = true; + density = "comfortable"; position = "right"; - showCapsule = false; + showCapsule = true; + contentPadding = 8; + widgetSpacing = 10; marginVertical = 1; marginHorizontal = 0.6; monitors = [ @@ -119,7 +122,7 @@ }; notifications = { - location = "top_center"; + location = "top_right"; }; controlCenter = { @@ -147,6 +150,7 @@ }; dock = { + dockType = "static"; displayMode = "auto_hide"; floatingRatio = 1; onlySameOutput = true; @@ -198,9 +202,9 @@ }; ui = { - fontDefault = lib.mkForce "Nerd Fonts Hack"; + fontDefault = lib.mkForce "Monaspace Aether Nerd Font"; fontDefaultScale = 1; - fontFixed = lib.mkForce "Nerd Fonts Hack"; + fontFixed = lib.mkForce "Roboto Mono Nerd Font"; fontFixedScale = 1; idleInhibitorEnabled = false; tooltipsEnabled = true; diff --git a/hand7s/programs/nushell.nix b/hand7s/programs/nushell.nix new file mode 100644 index 0000000..296a012 --- /dev/null +++ b/hand7s/programs/nushell.nix @@ -0,0 +1,24 @@ +{ + pkgs, + lib, + ... +}: { + programs = { + nushell = { + enable = true; + extraEnv = '' + $env.EDITOR = "hx" + ''; + + extraConfig = '' + $env.config.show_banner = false + + $env.config.buffer_editor = "hx" + + def fish-run [cmd: string] { + ^${lib.getExe pkgs.fish} -c $cmd + } + ''; + }; + }; +} diff --git a/hand7s/programs/spicetify.nix b/hand7s/programs/spicetify.nix index 56ab174..3f7be81 100644 --- a/hand7s/programs/spicetify.nix +++ b/hand7s/programs/spicetify.nix @@ -6,13 +6,13 @@ }: { programs = { spicetify = { - enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.extensions; [ + enabledExtensions = with self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.extensions; [ adblock hidePodcasts shuffle ]; - theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.system}.themes.text; + theme = lib.mkForce self.inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}.themes.text; colorScheme = lib.mkForce "TokyoNight"; }; }; diff --git a/hand7s/programs/starship.nix b/hand7s/programs/starship.nix index 5228038..cd8615c 100644 --- a/hand7s/programs/starship.nix +++ b/hand7s/programs/starship.nix @@ -3,15 +3,17 @@ _: { starship = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + settings = { add_newline = true; format = '' [╭──╼](bold blue) $username at $hostname on $os - [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status + [┆](bold blue) $directory$git_branch$git_commit$git_state$git_metrics$git_status$kubernetes$rust [╰─>](bold blue) ''; - right_format = ''$cmd_duration ($character) at ❗$time''; + right_format = ''$cmd_duration ($status) at ❗$time''; os = { format = "[($name $codename$version$edition $symbol )]($style)"; @@ -33,9 +35,18 @@ _: { style_user = "bold green"; }; - character = { - success_symbol = "[✓](bold green)"; - error_symbol = "[✗](bold red)"; + status = { + disabled = false; + format = "[$symbol]($style)"; + symbol = "✗"; + success_symbol = "✓"; + not_executable_symbol = "⃠🚫"; + not_found_symbol = "🔍"; + sigint_symbol = "[🛑](bold red)"; + signal_symbol = "[⚡](bold yellow)"; + + pipestatus = true; + pipestatus_separator = "|"; }; time = { @@ -53,6 +64,14 @@ _: { show_notifications = false; format = "was [$duration](bold green)"; }; + + rust = { + format = "via [⚙️ $version](red bold)"; + }; + + kubernetes = { + disabled = false; + }; }; }; }; diff --git a/hand7s/programs/yazi.nix b/hand7s/programs/yazi.nix index 234c8e9..396e8d9 100644 --- a/hand7s/programs/yazi.nix +++ b/hand7s/programs/yazi.nix @@ -7,6 +7,8 @@ yazi = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; + shellWrapperName = "yz"; settings = { mgr = { @@ -42,33 +44,63 @@ }; opener = { - play = [ + "play" = [ { - run = "${lib.getExe pkgs.mpv} ''$@''"; + run = ''${lib.getExe pkgs.mpv} --vo=tct "%s"''; block = true; for = "unix"; } ]; - view = [ + "view" = [ { - run = "${lib.getExe pkgs.timg} ''-p k -C $@ | ${lib.getExe' pkgs.uutils-coreutils-noprefix "more"}''"; + run = ''${lib.getExe pkgs.viu} -t "%s"''; block = true; for = "unix"; } ]; - edit = [ + "edit" = [ { - run = "${lib.getExe pkgs.helix} ''$@''"; + run = ''${lib.getExe pkgs.helix} "%s"''; block = true; for = "unix"; } ]; - open = [ + "doc" = [ { - run = "${lib.getExe' pkgs.xdg-utils "xdg-open"} ''$@''"; + run = ''${lib.getExe pkgs.tdf} "%s"''; + block = true; + for = "unix"; + } + ]; + + "hex" = [ + { + run = ''${lib.getExe pkgs.hexyl} "$s"''; + } + ]; + + "exfil" = [ + { + run = ''${lib.getExe pkgs.ouch} de "%s"''; + block = true; + for = "unix"; + } + ]; + + "book" = [ + { + run = ''${lib.getExe pkgs.epr} "%s"''; + block = true; + for = "unix"; + } + ]; + + "open" = [ + { + run = ''${lib.getExe' pkgs.xdg-utils "xdg-open"} "%s"''; orphan = true; for = "unix"; } @@ -78,23 +110,83 @@ open = { rules = [ { - mime = "image/*"; - use = "view"; - } - - { - mime = "text/*"; - use = "edit"; + mime = "video/*"; + use = [ + "play" + "open" + ]; } { mime = "audio/*"; - use = "play"; + use = [ + "play" + "open" + ]; } { - mime = "video/*"; - use = "play"; + mime = "application/epub+zip"; + use = [ + "book" + "edit" + ]; + } + + { + mime = "application/pdf"; + use = [ + "doc" + "open" + ]; + } + + { + mime = "application/{octet-stream,x-executable,x-sharedlib,x-pie-executable}"; + use = [ + "hex" + "open" + ]; + } + + { + mime = "application/vnd.*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "font/*"; + use = [ + "open" + "edit" + ]; + } + + { + mime = "application/{zip,rar,7z*,tar*,x-tar,x-bzip*,x-gzip,x-xz}"; + use = [ + "exfil" + "open" + ]; + } + + { + mime = "text/*"; + use = [ + "edit" + "open" + ]; + } + + { + mime = "*"; + use = [ + "edit" + "open" + ]; } ]; }; diff --git a/hand7s/programs/zellij.nix b/hand7s/programs/zellij.nix index 907eca4..a910b23 100644 --- a/hand7s/programs/zellij.nix +++ b/hand7s/programs/zellij.nix @@ -6,8 +6,32 @@ programs = { zellij = { enable = true; + settings = { - default_shell = "${lib.getExe pkgs.fish}"; + options = { + copy_on_select = false; + }; + + keybinds = { + unbind = [ + "Alt n" + "Alt i" + "Alt o" + "Alt h" + "Alt j" + "Alt k" + "Alt l" + "Alt f" + "Alt Up" + "Alt Down" + "Alt Right" + "Alt Left" + "Alt +" + "Alt -" + ]; + }; + + default_shell = "${lib.getExe pkgs.nushell}"; show_startup_tips = false; show_release_notes = false; simplified_ui = true; diff --git a/hand7s/programs/zoxide.nix b/hand7s/programs/zoxide.nix index 0739e21..0527806 100644 --- a/hand7s/programs/zoxide.nix +++ b/hand7s/programs/zoxide.nix @@ -3,6 +3,7 @@ _: { zoxide = { enable = true; enableFishIntegration = true; + enableNushellIntegration = true; }; }; } diff --git a/hand7s/stylix/base16Scheme.nix b/hand7s/stylix/base16Scheme.nix index 6cea17f..169ffc6 100644 --- a/hand7s/stylix/base16Scheme.nix +++ b/hand7s/stylix/base16Scheme.nix @@ -1,22 +1,22 @@ _: { stylix = { base16Scheme = { - scheme = "Tokyonight by Folke Lemaitre (https://github.com/folke)"; - name = "Tokyonight"; + scheme = "Tokyo-Night-Storm-MD3e"; + name = "TokyoNightStormMD3e"; base00 = "#24283b"; base01 = "#1f2335"; base02 = "#292e42"; base03 = "#565f89"; base04 = "#a9b1d6"; base05 = "#c0caf5"; - base06 = "#c0caf5"; - base07 = "#c0caf5"; + base06 = "#cdd6f4"; + base07 = "#d5d6db"; base08 = "#f7768e"; base09 = "#ff9e64"; base0A = "#e0af68"; base0B = "#9ece6a"; - base0C = "#1abc9c"; - base0D = "#41a6b5"; + base0C = "#7dcfff"; + base0D = "#7aa2f7"; base0E = "#bb9af7"; base0F = "#ff007c"; }; diff --git a/hand7s/stylix/fonts.nix b/hand7s/stylix/fonts.nix index 1cea8c4..6b67bb6 100644 --- a/hand7s/stylix/fonts.nix +++ b/hand7s/stylix/fonts.nix @@ -2,30 +2,30 @@ stylix = { fonts = { sizes = { - applications = 10; - desktop = 8; - popups = 10; - terminal = 10; + applications = 12; + desktop = 11; + popups = 11; + terminal = 12; }; monospace = { - package = pkgs.nerd-fonts.roboto-mono; - name = "Roboto-Mono Nerd Font"; + package = pkgs.nerd-fonts.monaspace; + name = "Monospace Aether Nerd Font"; }; emoji = { - package = pkgs.nerd-fonts.symbols-only; - name = "Symbols Only Nerd Font"; + package = pkgs.noto-fonts-color-emoji; + name = "Noto Color Emoji"; }; sansSerif = { - package = pkgs.nerd-fonts.aurulent-sans-mono; - name = "Aurulent Sans Mono Nerd Font"; + package = pkgs.nerd-fonts.iosevka-term-slab; + name = "Iosevka Term Slab Nerd Font"; }; serif = { - package = pkgs.nerd-fonts.hack; - name = "Hack Nerd Font"; + package = pkgs.nerd-fonts.noto; + name = "Noto Serif Nerd Font"; }; }; }; diff --git a/hand7s/stylix/red_ish.nix b/hand7s/stylix/red_ish.nix deleted file mode 100644 index 6c5ae1e..0000000 --- a/hand7s/stylix/red_ish.nix +++ /dev/null @@ -1,32 +0,0 @@ -_: { - stylix = { - base16Scheme = { - base00 = "2a1617"; - base01 = "5d3f3f"; - base02 = "7a5bab"; - base03 = "bb9499"; - base04 = "eea1cf"; - base05 = "f5dddd"; - base06 = "ffebff"; - base07 = "ffede9"; - base08 = "e36b70"; - base09 = "ac878e"; - base0A = "db7356"; - base0B = "a78897"; - base0C = "ca7a79"; - base0D = "b28776"; - base0E = "d8708b"; - base0F = "ec6653"; - base10 = "2a1617"; - base11 = "2a1617"; - base12 = "e36b70"; - base13 = "ac878e"; - base14 = "a78897"; - base15 = "ca7a79"; - base16 = "b28776"; - base17 = "d8708b"; - scheme = "hand7s"; - name = "red_ish"; - }; - }; -} diff --git a/hand7s/stylix/wallpaper3.png b/hand7s/stylix/wallpaper3.png index 97a0dae58d08a5302c421e9baa677ea3c24b98c4..fdda3fb1cec3619b4b99555c98781ac1003577ce 100644 GIT binary patch literal 37752 zcmeAS@N?(olHy`uVBq!ia0y~y;Adc9;3(i=V_;yIummtT}V`<;yx1A_vCr;B4q#hf>{ z4H*w8FdW!ms4G)(V833OACs*RtLX*9>vka97!Y8>hkJYo9+*|fmH?*V1cxC5Gn@lr zICL;dfM^7E;yHlefLH=a3?L7Im=N3`z-$0v!N?Yg21XbgOe-8=-~lt>gyN`E7)C>d zfq`K(tuQc*<{$N(Hs&;H2*YTYFpQ>?(Y(VjS`>^H1q`D_0mEofFj^Eaj1~o>MFGQTQNS=# zih`&;4Kc8_0H9756puEHM{C28k_Dhi9z=~M`_W{Nnd}9Am+62~hrx;aRZ`Zcl-*d+ z7ClJ_qODF!a6wcqJUwvC}0>Z3Py_p zhS8#6v?yR0EeaS$i-OUjfMK*K7@4+P&YP;Rc<}^0VEk`n(7@oe;K8Kn1<_|TBAB@${v17?Vf1(ga7q|Go&hv= zh>_t(PeB_!*$R|DMo+c^wLGbEj$q21`PZ-Vf&vwR5190=Km7`QfcRDzJ3v&6(b{#ib_J!7(b{#ib_JyaI@hlD-`+-mtWB7(|Eo#a6qF)tbff6#Mp4X- zqQfXm(gNoGL0$_mjJyWQ)1%%Q)~R88M6=XEb`85yOZ%&InxWL5R^N z`e-9(v<4il0Y_^IV6-S0Eeb}90*2AkLKsF*3mH8vgkiKO7%d7wy`<5TMMsYl96dvf3ax@4o}N1x z7=*5Rx;Tb_GS+C1W2E#rR@7RHfnr?ZNxp5b>{Fy2iKCatjouhFdQHseyeh-!1k>mQ z)93^fsFEDLM{@M?xY5;CqjSwebFLXwf1 z@BpuK{!wAwS7=s^IIYV2sCW_yXHM3h{dpB4$B2Fqr{1U z7sPN-9~A(F1Htg%xqj@~wPVl1?k{Fo_T`@bb-Op!JRpq>I*OvGK`L7Ezv1TBJ59>( z4!gIr+xCG%K4C+P`T-~Fi|;SLkGaj)w-BULxx=@i^;$i5-}Uo-zvY-pPP1Brgx4&a zr@bKm?w%{}84~Qu*5z8K@-m!GPcGK}*O_0m>1I1414CHAc}9~p98>=>7}S_5e){+8 z)`|AD_cMO6JbqXC^XTeRw^gq*FzBqCr>@At(6Cd}{Y>e}PXSYlvp7u|7@AcZ*ccLS ziZnfQ^_jU`c{UqELIx-a=>8z}XBR&QWS$Xu$n;Zk~p&eN4lFDE){FfeQuaA4l>OMVNdT_-N{^+WR1m`7<9B5O&A!IPtKib>}kSqV3ME%Gedw%`Lgm! z84L|i6&lzW9`xRL6#3=M0*^(E3}Ukwq!=3Jd(BI}!G3t+xsI5+k6t{y3>ykS;mW|k zQ1U3fmLKG@gnMRY+mqgFPCI|>*|m3H+iUxoDjvJsXJ%kXsH?f0rs;cSR&sK2_VZic z?(O|8RmGsQadNs}j?Mj|743=w4$KT|TCO~moOaN>Z{<<=qNenXV({5aRc<|iT zxBJ`~_bg;LVK`vat$Kb@dRR**7b8QP8v`%HhB;GgHgD3~Um<$MjERA#nL&yn;bzA? z#UKG*h6~n=ApcFUKCH1^?#|n44h9BoFOVLUq}}OX=LIBOXJB|SkwFUN`UXFEXl|I} z_r;chfk939Hz&j98}aeRu8Ir?WHJsiGHfvLG3Hn+?0i`0_KiEc3Vxk>H+}v$TY-kD zp!kbmSd{)^iiFg(NtParZ4L~)3L03=9U7#AG0e4&=xSoVpea48Nv- zpUKMREm*Sm?rZ-2mH(!0Wnp*{;=s)C<)lyZh6q2~9k;&=u)X>=*ZpJr-sfTU7ccM}?MxpGUPNzu4sFP7-S=7JU%~5VOY7X37>bJ*fvOOlJ;D6%zS*)QyzrC#X3NCT zUfA`&5h+&30s5}(Dyia(>+%g$$)xQrf)G#-MDmSn(%-q9c7_?8Tv@kIE=H}$RUBCXTEmy+L7s~uPt9#GtrpGfdnlLyhUrJwK?X{4x zAr(|=N%-I9U62j(lP2c^Mut}%^BOCKoS7NCkAaLSZE-vR3XiY0EDQ~1(6V5Gu>I?5 zP`Y4X&`}44-o1?*cW&Lkuk7d1)g`C@{fg>;%osLP&w=5=ed;j9$x$y7Tti{3(o4{cPiYgxmP`sPxg3`nR5B>G`EWSR-yT6#>#r$rk zgomI&S!4Cmc!S24#}P)-v!fknu^reH%*e~IW=ln4wcS&N0|{@}uaD)6{&XtP%uGDz zX^chf($eEzeV`=QtU#S9I3pj5)Z za5;L%sceQB>Wn4~8;Zm>dhsprd11*SJv-X^`Zi~d?Rjyps&yC)T%rmX7*-#h(tO}k z#QwynL-&q;kz|l~3NDd;ZP~bUsYKb*J$tI0fAQ!{{`=Lm{=~Bf-{!h6zV`Xv-rq0( zGdRrTdQo=dypk7xL+FN-Sib2mw;DjQ0+YkjL!n6g}8 z@X0x8lo8grP5MC5WXE!?brGw@8I~mrIWZ)h^qk*#b)l*WgMo?G0>*}?<*yFj-Pg{* zz_6hUmMc2ve+88+3=9m@CX2~191yznUDClmgCT(fR7y`f3(kg22NX^$U~ISt3J4w1 zm&Oj8_V3%aap%?V8VsO}XVd&k84Or1r8h81nlN0@w_Omup*Yw2--B0X3@^Hu zoo875X8rosuhQUBPvOGO-m`1Dm#?q+{6{E|H<`spnHoO-+5QB)V2eR+~ z7QH>Z?>IOW9uNv*F_19vhG9$eL-T9jqWFs=EEWI`DzEAX*gU^vh;(T;h` zqfg!8uZ$TQ)FT)pYI`#)fq(8`v1c+P+9G;I1lUV7Lpa(7JHy0 z!^rS9>MPfa$?1ME7PU*?2Qn}yd(LNkmR4WuyU~W>!aCtv{srlvBEgoWp;dhUO05}- zxG$wQSl*70-z~H4Pb53Ttxc~)FSxg}+eI1rYk4uunrz4X#YxtL;liTO_l&#@Jd?jj zE{Ol-$b4YYj@suJ@9q8F{P*zQSGpDq4UD&L+}ZW#QRw}}3=9ksyB@}GU&18S5DF?q z1rDv9J^hy)2Ll6x&StPV3=9ko?ja7$8@kNQwzJ)q%Rb8c|C3>Z=#zdm1_M(@69xkj zH8~auHDMtphG0-3Ai?s|7@R$KI-aHG3%|TPnQr?>o=a#g)O3P<1&p&U-%Nv<78Mh6_hJ zK~fj@ipR4sn5$Z)~v>;lFHDNr#{3@YD#9$gKpiWm<3 z0XdL?fnkAg71#%#%YL6zwmrfa)+i>!;PAX=FH3~rEXT_i-dguNaftiHZ#>JOW6Nm5 za6wm?pJ`3s=|t~&9>VMA%g(ncel+`e{8w862CL=lCJYxA_MTn)_v_Yu?u-Zi%&98a z{$7!Rfq4-~M)ale0j{El+zb8+VE{L$_?)xwSZV_xnJGEpNarKe5^QJq$iBrRrC1>@MH` zUXfvo4>un}LKVoNQ<)N!rpND@gmB~2K3z(p=gT-@G^-vt;Vw5G@Jv9hw6QK%?AJ9@J|3&V>ht_+3+ znnzO^wyc|alVj<5hye>$h8Zz2XcROFGfbPoAjOd3V#VO#KIZ{TgDR-ickK3!JCpbr zF31-1FdW!q1!@m994!E)Gf>fgpsDix^lbTWwrpaZHTAy~=8&F$}g+bzR(G5__OS*aE&acS($qWot%l=3< zv_2@&WYAG!G+|g{b^keIgveo=%&On#7T+$H`)bR@AhBriVP-}X1BLDHZKR$}=ZZ)w zvtkfC@$c8I3;&AV#??psU}QMKxqvZYDJVKN{y5Fb(EW68{JPp3-z6CC-MC@0k%xhy zI|Wh@zD_^BJHGDL_XviB4wefH7iL!oZv3nVD%!#QGX@5RxfbBmR0l1~4ouP8U-48( zX@UE?)Rt!~7Z^5lJyK6&hzR)oI(s?aZ#k9?hg{BIxO4uO94HEX&YTQkh~Qw#V2H4k zo*n)Bb#`q(6GPggd`Si!7LW&J?%!aH;OknznDFCE16#w?VtAVMs(_{o1_p)(Rgu?U zd?VP`80lItB;3r&$=j(S$&kR|a-JcofZ+g_pbztg8kQQKIldwhg;50z&Ci-lGpI!H0(Iot8BRO@G-mM5tgl@QDjJnRja`O_9KTJMxP|i>Oh9qA zhU>36Lqrm|^}@m6z$$v-fXxc-hI==885tO6*n?W&(42mu>F#TO(Qr`G3{Yrbiz@hZ zrgLugZIDkTtkTyoGKBSt$v9Y>nQiamam1(&8aEmqrPcN*4$gzMiVdl$!JO{jP#>WS<@G>-m z%47xxS#WLb%+RpY$efdb=T!CnnBN=T8-gN%VM7b3VaE`mXcfY+X2IRp{NAqli3+Id8iA z?|gfA_xtklNT||U|r|VNX!wJo%ygYDDDdTu}?W}igKWoF&g-pMAmsc)-JXwZ;;lQMi ztdb34pzK!pV;2Vl>#hQm@`qoh?rYzWQ1gW;}=i>gfj6 zX10bnu*w6Iif4&2{8DOQYe-%2A2cq*tO6RIN%(0Q$<44=z=8RIQ9-I9!xiaU_fJJK z6((9Sa6f^S0}KoaJIu`5joKd`dv@*I*0%zO?(O}}EGfir1=NLNVBl6ec7eg5=CrWG zZWc}kh6X*J<=1|^_>l1a-d_QyKlQt7*0L?&K7G0A@wd6|dX7v9rh6exodZle{yduc zzDH-m!!LD=Gmd@=aVRhRCC2z`*cIQ!};k zMp)z14K|_|7&gojDQ0AVRC){yVXea384S`-gBp!tm!FES|0Q=wsdH!ZR5k_%19?!f zk~53h@5#rl?uspo*&(gc1BjBN;iutW5e9|>cQ_V+h6ov6w1CF67#J8{v_SIHGDsI4 z)ZJtT^?w-{8X|K+op%-qB}S724wkKa3=A7I;_R)>E}Mpc>(vz-;Oz?r27`MSA2xoG zbPHtUHHcY1U-r8#3#hnyxfhaR53lN$ZJMJ2PPo&0xL*A0oX5z}z`Awg&eTh~3=57O zV!3eo?@Ul<7*yiUKRTnOVCUs@28IUKr8C$VR)CsvpbR`WVg_gc2Bby|G-?Jal|h45 z;O+%Z0Z6%h5@U5!%JfZhBZ=Ge;p_S4=gb- zIH-e)eb+?-Yz()a1{pKF0QJnpdfuO8FxYKzyv=ww!v#~@1&j%aGx~%W(k321`)>); zff|kliK;m{d7AGURFn6!HFz$)aC3ej!wl)k0*AbA+_-aV=eF9{&zA0EXF78vJeA?a zp@h{7%h%i6R6aWb>f^{NGW38WyFsz*`Mjm)8FWlwfe6owuml6?5SS#fIWfHGP&>_V zL6*^kL8oo;;pX16Yrp*8*Urq~eMmEo;l&g&8HNoKLGNV#zrSt7z`$_$J8T5|K!s2` z!;8Mv-3$wqwH7ckG)$9~mFxJ-z`z0KU3(eE&)@*gxuA{!sAa{#pu-c~%+L+W_zVmi zB+SgV>&@AB>AMDl+5%SgZm(oewqcO4K&pd4$z%gV5`W3{Bl==!;tX@)fz5JZwW`@E zMh1q22Q{_K36`LS&6)FWt^1qI-ZC&SG;go|`|zZ(I!KOlMMIn}JV_t3fCL_>Qj1Cu zast`MV6~75T6DpJ3!JSQM7M6-dG)&hLk4L0ukUuZ2Y&`geZq^RUo|Ba7rr~p=z(Ov z2EUAhj3s&Be>qP-2~x3Ufp9H9LqwhW`8gblZ(?rqt((%g(xRT3q4>e%SAW*Nx%x$V zcC_}7RgF_s8`v6-K8WUGC~*{tSbzEJ=1tjksqq#YW^H-EV70ycechk^{gDRTr56|s zx&!MyAE$@Zr)%ftJ`<+J=xB3e*e1Wy25*XLKc_P8UaG)sSU5jkP!AnidQa5*Q zs|A((?x5mJ^`$YW2zCxuKc5lF%y9ac=}QKN3!023J_pJ}7$S^bF(#J&FyLp{dx2R> z>LRn$i;4PY7!2g?J}{T0Bp1JiXSo-R)0i%F_%CwUFVh;4@icS&ET5LtO*#qlWQrNA zQj^w(s)5Grqo4XLS9{ti8KCn=KJ=fx>l|K&4O7g_wwJBTy}zq+<@?5-k7qxxuStjo zb*mVjX_;6;ks(15loDP9 zAHJ~j&DYJz!Yi2>4jceAu4c@?Vz_v1UF+fbMeGa=VKW(|7~1^0qs6>;8oS+T`+ohp z+XM~#p1+?vO9W}Rog{M#_b1SO^n1_`V9l9{tNN=MhV+k9BdGgp7kzDz{s5eRi=m?_9t0^OwaO4?o^4 zme!Axm6Z$O<5^JJXUuS64j0JuURH??wa(&xlSd3`TkdT91ew^#+8M9Ra9E{5ZrYEj zC)1f2inOd=#@^ycPVQ|~IhU&0yzMjt!vW~jM{>ud7qNFZ^6yt}DbB6l@Upl-Prf1a zDU(9N3DAg}L6A-*s3mguHGjK|t$OwMciamY84@f&LqQ@>*P4BMcUQjXcCV472?GPq z@k2Ee85k1yAaS?6{@vZ(@=g&8zF4+wD9()r%_lO0@?68Ko2<#d<~+aH{pjoF$9MJZ z-&Tt-Ff?#wFf?2Z)2Q@|v$wXhvH^|h{AoAYJvrU4MgO-P3j+gaS|!4FanbXX@2CC6 zO={T~7}_3##wpp-zyCT68YYardE*Xf=%@C1VC}D(*Uy%^`p-8v+YV|dF)Uz`^4ikF zlAzhETj@7Vp*GE`GAm!nJ;C*e^ZaHxhjNgQPOqtaC-e61ZvEOgQ%DExsjsUH^O_Fs zjwl{kB#%H!Ak2dd&!VYW8?j z2?Il#dIK9ngwSS@jmN(1JT7%ZZD+AF)8%aulNlJ!_<_yj$BlTZ?hV+cA{y%4BV0iWn-fo)Vrk#4a`un@@lkBu>dUo{o_couzMP}@;_%pM1)4@8= z`Hg))D%cEsxK?pQ6&MtJEMBr$lzF1nx_2?Rw?#4)UoPGK{AbIp=kx6>zdm>;Gmj&} zS86)*fdtM4iBgjaGY);}eEVr{)zTxi=@-+be7?QAyZ`IAj0A7CT?Hi-2FYx1ow*rG zTo}$S;QbbykTc!##>0yffAqbNxjpayoLB)<%Qqzxf9t>4*^x53Rdwp$44b|Syh|6<~*~Uaj4q-{GsQ2tH0l_UAMRT zJ2z)_jpfI0v;OQ==&wDTaOj2RlBoeF9&zg*`FDGrBX3$j%rWz>TsDSXpmFmE3BzMv zp;0fNi)cIvm!DqGp{%t>%5KTCV~0Y|^G*-`mz(%!aa`uvqF3|R6*acXAKK06dpKS4 z_m$TB$Ci8lKl)v7&)m#{JaDS{IBVX`zi-3qca(mZ_3-}HX2 z_o&FHV=+e(c~oj<0OiZyb5otUbu{%GG!I{n$0rpXcT& z?_RLv{YHiZETAlJdwcJ{f@vZZS;61$YkVoccjL~j`1sTB3tk<(>-1}mT*Um@PYwpB z?%jNYm4QL58`J==y6pY%^Ob+!R@>M7J$nA~*WXX?SXzC3@NNauvANl|lZBsrlKrGo zl0u5Lphcc-)@fWHaZu2`Tg&ppCwb7B~E-Z{*WTWFs;FpqfzY4JdQ0I zQ^jT}&3S6PqE=VEbX5#<>-X%8*7Jr9ewh`D<#Jc=SFQ=>e`m&XGg-N>=BntY7pHjl z?e5JDG)sQG;q3%eTMWUwBVxoUH@ zTu(0QiwvlU;ayQ|A}E{H`P6xyK7d>{*Clk3xJ9cGgo^Q4PsPcMBnUH zE#L9yQD}FpMH2H1Px-Co@9Qdd=ZZ%id1im(N8`I6LW~S^g&a29fa;~18kT8MJrBkH zI&3e{Uuf{a$wP{JzWjINEm`a5%f7Gs`Lbr->rdU`AKO>nzdUP-W&G!-PxbG#v9vJ0 z**UengkeE2Q^vI8clPBl8+13ew>>RTIX}x;vufVw53kPZR`u;H{<+r1%4SB=+$qcp z4y{^e@`0Cg#g*UlZvSRT2$=QfAnS~~;BhsBnR_A~XKm5_|KH`m&i#mgZ{K`hxu^JV zZIxuY*ZkAvdNt0wYoA|SaOwH=^L?OYE}6e-ejZ(YT0d@XRl)Zw&AZ*(*((L+|KrY& z&N7+uPG-88c=SJ`mx?-Ph&c#oU&=@?0_@658oyX1EaY>(-tEv0c6Sa{fGP?|#-P z=E=*+>wU{u3tBq!P5h_*=PUnSd`S5I>+s}ssn|5}-68oYJL?~|e=26=PJeK`p3y`* z`|;bYG0Ez^3^PD$BNj~TZTxy?hH6!x8|#I|RyiTh&b3+}k>shR{?dTbSk>pdqSugN`Z>pyFN68%%BPgm-bkEu6JUD|5J zu)(43+INP8lesy0Kbv?rXqcI8&%0lFCHdE%UpGIlojpCubN*xb1#R_hpI%u0yK_o@ z{f-Gm6VoQ=J(y&=B3+)5LF_1Wyz#)KVpGEdPA|5p>XIJo4U76gMd&e*{E6i9~>F*@V zZyNLDvR|8sG8~u#8p5A?E&1W+p28q^-Fcrn86Vp(pQpHC(~PP&!ThT(O?F|ptN&V_ zAtHt;gCU{xtLgm*S1x|8c_ylna$#ZNo2l+se==vc&9$En>U>V?XOLouaIF=!^B1>0 zUvGE&)TXD0PJCXnV~&*gp%-elRxalm7&g>^rhZSoRIQz7QZ=vsg-n+A+|M6PDiwo6 zOtL|}{L`TJ?3!sm&zoBWez}vs@pFVQZ+_1I-mo?n1_mBbFDF9uvwn?S(U&`3C!*zw zcfPXxH|L-I`G<@Q410wgz9%5}^%xRb&s6R^`0V0mo8t79dJGH(>9#(<`4|lRi}h;c z629DteRt=V_lb6^$Ck}6pH;IkFx*U3!04 zW#%ze1_lOW(B!ChcHU=Rvz~d?C+8lHvC2R5@6xH}oTqOmJ2Epk><0}FPrGo3Yks?c ztvK5R`|EeA0(?vkCOkbHE#sp%pHC1p-pyzdaPWF*!osuaweQTU)^W}~y?<`Mr16Ws ze_xL19+Wp_V0h6D3Q?`%jNOKFUhJHn^gJ-Fey>pm14D!zXm-;(iLdoMq?F8@JaNmv zD^DjqcT`r#P!mhvkymt2VSN2EpbMm&%u#=aSJM#ZlRKoSB%zc47 zmUd6S|1x9(1A}uxNkze@Go13(5+a~UZq{w!;SSlji>BMsw%xt6bFJ&y;OK0Hy?=Hb z(A!nea_sMJMuvuMpwU*HCF`v1`hB&c`Qtj1zR1juiMOa-dRLgo`ueuD1q_fCIR_rS zG^w5E|7DMiVMaOYgSponvq5Y4iWf6UMdWP!xLSiT%&S~>{_Dl*JBuBc?`8dL^+LdD zw`56_4gu6gcj*S)JM+)J1{+*1WNxl?#dt2QI8^NK@ooz!>Hwo@?%=+Mhes z=DJS024`0RY*YEj%^nAU}pH+9ubCZi- z`#zC%s#(OneEpKoalT!k^_!rX-u?Tg3;(5d|GNW&Tb6lko_W#t?R7Hbc~NYlZ}is5ct}ByG>feVQ}v@{;0@OS)y7 z7~Rf$CgyyUOuv(s^(y+MM=HbKkKcE@zrPwPFu(rSlhyx!{-3eV!Yb|T*~`x}a>V;4 z?47p%?<@ZQyS^^p=z1abPzFOn=gI~)hPI_^zw9&$dZQXH`+JEq_q?i?8b%jOEuRX? z$;zFHFj~)1HIHj|<(sCU3E}eBSJdQ0F8ua$JNy2;xFFkY99HWO&R@Z?%YlcNK}VIb zB)`O-p%&Z-E>-0LSwk6LlwrV=7d(AK2eO*}XpHw$Gho!k0$@!{sv`f&jzj>J=9(~c^cHtKx+wGgQE;)rb z=ue2yxwGNh&d$Kfk}0RAEw@v9ays8g^x+%V3y#)&3<;f}N$y|M%LC>*y}nrdLWe^x zdb{<1wOHY`>$X+dn(t5loNi-flac+-YnSll=b!!OgVuAbmHL)H?|+Dl?7g$y!R;?1 z=e?f&Jbvk+SApSLPiEi$_v_Zm!v@}hB{3(SZkQl^^n0BlJA;78u z&c?$Ng8AdEu5KxR|Ig-k`SwY6%f-%{eo}g2F8$<}PppL#$M4tKiLu@p3<(=SmHR!P z>2~|;%I3Vf6Wz1%nSA^=)82bBi=NL~y7ZWouhzlIe%6zpM2pDYym80t<>xu`e?59` ze{SCdwO9+MFc#b2AuT(nhv#Q-@-pb?f!4_Mzr6JP=5yiISHd?1&vz^jym~uj?^e6x z36|OOtlIL*TW3@h*j-|&{p>S;v+wG;&!jzl#ryQS7A(FIF2#@_2y%~{&qTZBFD$b* znjV>;d_qk5`cBvL3#ZuiSH03qda=!Gq3ikL%ih1{WNX*@T|K+7?6}WatEm2-$CLN% zu~NHuZ9OxC#4PX@0np5T*lCxSpI5}4*W5H`#YES{K;}+`<9+qt3eP>%)SADpa+6JF z{)E}4>z6Zh%wrY=WiTWtY)fAwO{nLbelV^WBc{|Smw(0;a)!T|9@L;-}2#e z+_T#}id&)??-pnsD%mc!Txm`cr~dkT6C9ZtoD~|_#DcmuvT$wCIQ6nP^~Id~^>&M; zOdDLy1C_gf+UKvZx;dfghZ9fie-YEO<}T-LyKC3n?%joW9t*(cdu4=D>@cK)er@7oiGTD9x)FM40UWPR!M zk>;Zu#w7R=W9em#w$&vHvp3u3UGX zQ}-opUG1DFx^iEVCV)CUU;eA{OP)w%WQg!(%2;r&pou3T_3USjEgI~5EzTXPPdrq5 z)%$brFST>6)*<&Ie&o)xJN}}wVYzvjm)-w+f9C&v^xVGeugFifX za7J9HZZjK0l}ZEKEARqAMF#EV-={2D&v?eza_;$JUz65^T}wSz#d*wkJ*GY1CVE1lw}zuR&pDEi7y zU_ERMWsd1^~X!!>@oC8%)8pOMeClA>y1f! zxR1N^N4-;)hD_luNR^%){nYc}vTZ>(AC>5vrEc|=v)lgF((Ki#_Y>UD|Evu%&E9F+ z{-QFVZGzqTh5y|^CGM}Co`NMYmT$!z{r7(CUdY&BDeS<^klST><#qb;T-D}Hld3cq z&0WV@9RKN=w4s;w6en@6MVFahOFLhle(&;ggX#aIJ?%svp4<9%R=Q8%*MhDE{e1jl zOYhq;{N>@35A@~3Po4GIj~K@q% zl^-T7Ez_vwUt(^3ecR)O@4s$-eCXo)+0WzO&bi5__-6h3xmGzpEBpEQ5B)MRmRZJg zE02}oOe5EeG7Y7Msavc6CNAIo|AyWQ0}cK4_c&J1bw0Z;QM&ikm&!o9-X#$`1K4Hn z?c3rcv{z$&w&~I@JMZrgTlxRkoo&TTHr`AN{JV`4+RAxg*vhE&VxDL`j#ugdJmv zbhY`F(!T#X{NwP2Z@;c|C-Z^E2G6|R$(8i;b4jq^GWKQfUitlT zI48$=!HUu3fb>W0Ej`S$PCwt!)mry$LFAP!S7z+8+VS_A8*4!!6mV=2c zBe__6-d0(^UvtcsgR1=d$uqaVEc^WDjv{C*T_XC$7h8dbrHk(HKj0PDJLvN1&WER0 zrTg1OTy+=yx+Xcf&E?|}hus&0o?ddZJ$ggwMc~Wg6 zL^7z+--TNlAr)>+zmo{&&kxE4bArSXG@AR(vlN{7-IgQaL)6ULzL?ZsF_piUbmu-j z{kdne)HU%W@oAIKyGd;Nx?%smvR4Q1K1*Jv-0VAF{B=i3Nkze{56dt1=|=ZmJzIDd z)GYk;dA-xiqswA7-`VkUFM1s4Bv`_c23JIGFHw7 zjpliG_gwid(6F$&@~d0L>^7gfvQ2kZh^(Bt)v9_TPLw- zZIQ{f)@SLgMTdRnSAXf=|1WLP@B8~czkoE%r@j~0?9qFE^nU%HyEp$o^?c)6{qN=E zlIp*4n~QU+pM!VpeB9z|lNWv~KHj?Y$K}J}e-iSHvKU_U?cc=Uplo=wL%jU>lEsT1 z3QC+LJC9C5}^6D+IxKvoK7X%pk=eq1?~(`Au@_;;yhMm!J1->VIja=^w6Wy)uL) zw&K;PYm6(SCco^N`>8PJmrV3xKHvDi=6ZAXT{=~iBr(_h(!-aNEuJRCyp^usFMX)p zuomRvL%(`WbQ4#_pEG`8{`=z1;)mxJNASw#@BH)V>WXVJLJ{>B85St3DY7uU+Owx> zvC&$MCnAS^mbGclzpOt$XTxjt-0$aj#VyP(Xx>S@@@-n(?I)g^($-It&n5@|`g8X4 z`dt#Yn_jI;cJ`T8zTTckG3U?UcWd{4*M7fk|GsJ4ef4EL@BR7wzWls>Eod>wV*7u3 z_kwQhzvMJY^!x(G20hRq*u*EbYghNodp`MxNzJrt?8X!rB?3iZHeYK z0k#=-@qhjt-#2ep;?H6mu^rU$d4C)qfM$eD2ki-6i?>%f5e)p4Wc8ze2O#Z|S4VweP^ga{aHw zXUKi^)9(}bbWVC|QuGpos`Bc~Wy&_3>F3|(<}Ho8G_~X*1H&%RoN3prCFf86`*rK_ zw|U!_s`C0-zI^@h=($UKc30jrzZ|^g`qX>-_f$D6rVIc4**433@3R({p2+X-?#e&d z2kKw!>)NEPJuCn2o{-NIBDnsZ{k&eQpW&sg){^tQM>{O9q+I}|_Mgii-naYx0cx2EmaZ)S$KLJrOxcInJ1%d&T0EEU?aqqMSkcFu;N!~65*o~yTL4d#D$ zEx+C9#YV2H@19l^=2+J7I0w6TFiQFTEcX5N$8XIao0jdzZ=BYTyL<1aVoO2x`@eto z&d_U?dwuQR@87Q<&i`Nk|L)qt?=g3pb-`6O$H6(*85CPMx#vgQ7xnepJp0*`Ya8C* zdj4#@(`QA~_-AjlK@qfg+p!izC3eWrcBYHC)?m!EuL;nMTs_WupH-hJ` z*V_DE5nn3aR3f!r$K}hNmr3b0drf;S9<|My|Mm5Bp4NECz{4JqUHejtBPaiQx-mA-gXJT5X7_;fzT^$3)V$_9-;Rva ze_6bo>*eP~?&n)o%{#Y8Ri1on_9$ZC*)TR|W>- zU!bumiI$b={~A?4e0tT}dFlC$zY7YI#qXaN|7czBlk3Ex`E|DcuNV%=>X@S4hdY8- zU!5?~^=Fz`z2EGlKZ<|D_s^N}_L$`7Hnn{hcVCxZ7JUg6wuN@d8q@8st9(6sdj4t9 zZnF6Ik2gQx_y5Q4PPyAJWfrb}cI~Y9HBpC|H<>_toD^CF`uO;t#d{pR^P|P&)UjvR zN`m>eS+||K4RXZJ50!kk zmYMhT{6$bNm%UuS?%(6bA7=ONzb`B8Jbm_R8CkhGR%EZcv zZtdD#{dd0okMsP;-?9Ew6MR2YYr*4tAHUSwP7ivsWvlqKogMB84A0Kr=T-x)Ub=e8 z>&u?~`^qfO%(`}V`NWdt&*FdF30(j7(24AMOQ)~=(+6r*{)jW&EaJG`v@j`h-;GnD zCab3XeDOh{=Hs*Q%I?lXe@}as{A_=e?!)<*vT{-r8q@ zGm<;sxja4pGvo2yWp=Ofa`He^5+|+uza5?&_uSE;Ik)xg-sER5*jszMcF{{YiCr9Wk8!#?wqKgDJI-BbSl z-?3-c?$>>7|FF&A=Zg;uHaYFoojlF{`Qo`B@3_tRQhLQibb9bulV}+ z`2D%{zf?dAV5*^ye7k zwbQq3U%iag@lU9BuSJ^qwkMW*ZZlVPU5%SpoF5WdA~AjK@h_HcyC(B34mPaq%ht?K zH(d2@$K`8RYp2?~SDt=WlDw*lFaP|$5Ich!X;Aj+-CzIx;C6XCyK22XzKb4P*OgQh z{Fndt@ySeKY5h3Sb4zuv8A>upSb)~Fx6IAH{qW@p?H$Vnb{D)^zutCUWgz#Ik~5p1 zADa_?TF2jf{=&YjBY_;te$VRN;Q4OO{e_EXthebYl8F8A>t^BZfx7`&GXyR(>1SnL{e1Yb`uU+2#<0(2hn`{|X#>J6HbD?F*LMA??oTibr@rg=R?X zzh5^$nxEef+P8de>)S*3OwQyoOW3KeYhYshVj|m$*63kfm%2KpN?3CH^>aLC2OANxJB{m9iot~*z>sLErxtO%u@t-{6 zsr}NX9}^zh-u?0W?&9xxCBIJAeEal#Tb2A#H<`?nKLcy)Yu`5K+uw=jS8Vx^%b{5F z|6{p)&F{o{UiWWR|9^T_+OW1ycIo4tb57^aZn?vs`2ODC>);)UNzZdSsv~b@)c$2u z6I#C-JblN`#M8=9#UwpD`s1xF``DQb!gpVnKX$t4w;V_5sfEQt>a(S0vEEvADl=JJ zETi?wvv@U0>B1$xdjnQUD(}}kv}up}u^ZEi|J+npZ0R+bH>qgjpOU+!{e1j-ZSm%N zK5J<1-}mEZ|HJMsQ(@s(lF9F`h5Fe<>^ML9|L5~{AI)U*R^N0z=x_>L1TEpUtC!br z2W_+5b9=?F7z^oh_Pm-?@9ivmSIF`ITm7&9|DMkOr@G|J&$pNSWZQbrh8HSsy!7Ye z&Ei%GsRcVLX1d;A%)sWtU>o=AoIv%`w{vd3d&I1IAYrae@gt`lkDQw3kb@AZ6JS8w@n zBl1~UwxM`mx7PkG^>=?=e)qLq-2VUed&V!+*3K{9$or-Ba_rw$P@84b{(WKZTIzlt zU42*IzIX42%Vw1yKg-LvmtXq4xBC14NxfQXr+>OKySKATpT9rn^q!jcS6eTKzx#jK z{#}f<;O&wXDJ-+1r}$Ta)_fn=KEH2nU0DcgnB$(X>5($^-#jCZ*-L_A+T!+?bKG<7 z^h>_Xv5)nAb*sRjRq}0BrFpRWoe%HIrXIVjlDob#{rI%N<<=%L1VRa?u{0|qLnxFk-Wyzi=PhWg^kfGi3Vflx5c9Wu3h*vFZ z-@dyzOknTUzw`ft=0rZ&969ykcDme88wLg+cZRzsS}%ulZ9l>j6|T&1?AMF_{oP+D zt@W-v_%t9qy}YC%AYQiU#IC;ots}iE!^a^)k~$ddMvxw>g-Sa{ycDR;bZ&H z((F_1+ApeJb#G^X*llP0qI>@Th`hgdt{-VmobdF#@1Dv_YrL%7F11eBwdeX1!;)Da z4Boz}{{C+IegQ@XlP{b1v2S4Dl6_HhDV<@~3#DqWUZ$w{BJs9q2YV--in8{af4TJC zTfJ?f$?-WcmPaEW{JPC#eRqXhE`zxJ|BsKJ+fUm*`IOU}ZL9v>KcjSGRp8S5pr(P| zyu39cHP7Yu#M@iXTe0{2#fOgF&HB^ruP=FMJI%g->;8SyzWaa*^0RD_?~;p4Dkj`( zb^Y1R4BF^YRptDCOE=!|T)bUa{QuhSL>1m{H*49$Z$3S`)+wc9VmRkc zrNUv4TTxd(cOLs!`r6-6-Pf>Wp_J7WEzk6tV-j5FZ9Xir_!sDJ{+y>O%db>Yl=4uyeyX6q*M51PLGuTa>;i$Hj7NQtKJ=Y%+xK&v`TMmA^D*xWFZPVX~!_O~7v+2jS!MYl|Lzug@!NtlWOH z#QRreh)Z3QsKK0so*2ndKm_kEC`ifumWM28x#ryfrCxcl%OXhTMy{etC z>-aNY-DNv`7S^3K)?1i%()4im`bCS={nyUt7UuWcHRs0!k*Q@D*>*iV^7!vGdvULM z+`B_>E$4bz^pLO8e$l5Qv8NB%K*>ysVb`Tc4v}lygj&{`|5>U-JRT~XBRAfw@h`- zoQe;#pU3-xZ0BCSev8qn&Rd@R3;$T=f2;|aC1kAme(K6tpM~vb4#^&8Xm|+P&2kIW zv%Q}5vp6-%O3SHNvslh{cb-+aysf&hseHtXJ!!AZxWBHi>MAwLQkm*&`Kj~brz5!> zdztPX*&4s+vS`&b)^GQYKL#}hH%`5ky5-TKm)aZGSe!2awNJll+g3hv`SI!O`L}$g z^VycU-TC&cY@YtSY@O+r?H8kCpUSre?#_Bz`^S`#VVQCRTf?-Y@6PA8PFl=#`Ba=t z>!frpsb%Lc-nf#V8CLpm>a^=YzLQM5ciiA!zW&HJ?&|OFuCMtVxOd^{t;d{CoJjgL z^Z13@{uO>QZ*QDt>f06-y&Y6Ayw=~xwe;Hgz5C0Jr`exR{4;fD@rqlHS$@Y%IOkrr zbq@_c6Pd9RiO=OT_h${PYQ$1IAl>q0||1;~pMegbJynbngP07*g-*oir zlZ&-g&#_ux-*#NDGKc4Gb<@o5gLzrJhJVhcy^)+1cC8@w^>eY`;YX_8ZkuM7mGCrT z+vRuX7e5nSlk?3e`9(}|dV}0cK^AUb2405TuBYege=e`jObx8OW4!9v=Jn?vfog<5 ziCvzD#jbCv`z#sFGWUM*BGv0E=cbnD2^C%o_cX7ZW^jDFk*Vpt&!7Di)1LYoy;xZt zv*e3q%F|<;<()z6tt+1$ahYy0C3Kp7e^f%OVUT7DxU3_G!IaW_I2>&_=+cMf>-Bef7z+^2H@}ecf#`nG#mVZ@hc)L1C*= zMi9&0X&Wy~w{cc)GpWBPCY`c<^+T2h<83W{`u2NYKA&%Qa=G8!bDiD)#s2-84N85# z>%PYQi+S-Z{wC+%g3~KpP4}e#)c30qYi(yZpu=+Ez^5B~{~4UiV5!aA_{VY&ueg@} zns>Gw9WOsW-u&F@vE(kX@b}r(d7o@n8!U|f>(%jH^0vLXTkliXw|95Xx8F8(Lurom zYfZ6BT`#4a&j*#*OtjduF?qILGpLyYnm_)K_x;Ju%g+T4U621$^Zb^N`r)>)e=&XY z+(oU=%UNBIn7ddWyc1%B4QN+^_|>cncRr@ipY!AI{PcJ~#f*7|<$bLyRwnEe{rx(7 zdi)+PeXBhm<}^x_zO6s;j9=#IpUdis-Iwx0byd`|H81Y2eI6*j+$2jaW%Zuo@~6js z{%PU;{=(wzrTd5Et)zn9z1FY07sxjE-OTm3{bq-sS+V}p^F7bq zoAaM{{(6RnNR9=KPam!p{M+^Pyl!6mTeGTtdp|q>C_9$==gF1k-HI)DU-SFVvrKgR zlo~X7uUY1rkH2mf<~$CVY0U)#BaW^VRRxrRmh?nb+zaIXm?-kD9TcqQ$Duzg=XPGBO+!a&SH$wq&cu znx<{L?8Ubf)mZ%ha`L>=Jo)d)M@JPZdKZhn;J^uyak3(%Dawm+5BN z{hi`=)n&QFy02}ASXavI@T{I}x%$-Rq9NJ1=WmwQuY9 zfB$|R=|3f19^!VsQ|-;^g`O|woR^JuZi7168P5Q)LPJ{%)IP5tif~4W~}&Qxv$0IU&#^gN%nVnA9h~PsDxarl?!Y3IwfawGM!4${71e7`d%NZ> z2A|v%F1xK_)*1O3LeGnmdr!F;wr2lyS50b7IuGpuCvJSownKRDI@g;D?y7CA;eUU; z+4<8XZhq3X!-2XBFYAKFR-}_p*6dE3-)*9Z%})0{McqBY?eFhY=E%)`AG3Jg z#+r7g7jymx>^vTNZ_@wbz_Mv|noVpCFZV#U`7y6qcl1{kPY>v9hd(#f*G{o7fB0># z`}6sBKf%MtWwY#mZQP+hRqxvCq+b@duGaiJ5V-Tk3cGVZWwZWSW`(%7vqRU+?ooZu zHP>8n{vw54&u)IUKl1Z@p^EA4;@71&SNd3l-+Lc)c(Ub;N1r{{Ebv$Eu|L1|YjI82 zmvyF<{il}4#o1fSl^VMLD?5_=>FHJJ*55sMvoA&N{c--&yi0lC|9cfzbftm@9$v0! zXtVpt!F~GSkInvmfBv1X?O$|D$1t+?e6QE`_coIp`2!9glTv)`6g|U!Lt;|si&ci- z{^$`2 z@^91jFFQp|Kd+qjx>bAo0rRitUgtNxoZ>G2YO%ZSPR~rIpIptetoy4LHNNL|R%>Q! z(BxP!J^s(RmHO%q?n&RDtNymKa{V&rN0A-N$My9Ux3w1pC4M>(z0}&If3@3IrWNvu zPixQF*9vtnczkBs?)W;XeKngk=h+k|JwNm9+}5|C)DCKhicNl@n6m}M>Yo2!VqZnN zN~PqFKgW&lW_kWy(7*rR^B+HrMfu9-+D(71D06k1)v4>bGSR7%yPVqO)G8Ghe|ixx zHRHNY`W4B!p6MIj)LO@vxVN**|NU5gFpH&ulXF3M)4n+jcQaT2{_J3q`90?RomI7& zpVo;wJwMgDWPWswaB$7Ex)pB%3rZ>`h&w(n_v7DR@axpc53}cHFPu8-h16Z&Ddt|5 z&30Bc8vB=9U*Es++&~aC3yPY<%^aPCn!Boq82D-(nhyN&meKj|}RnKfL}>c6ZsV7xj041#{GQ zABAfIiwhtZK#k>XH2kY zyYttwt5(8^oqt8*UdoR6x~ktkg<6MxofC@XN#1pQ*^8Qgs<$ic ze}SC#hD*rF<81V$W7DS3{QvF2_4s;0r<(8c|CgMvIk|Y3z5m*WUh{sr@U6A}_}jkz z%klfV$9JYP%;0A4OSBAOg2hWq5zT03qi{)MW_rgIEDSK4oPh5O>aOGhExjVX7T>PiIJpY?6 z<>z*NVh!JcBEc`GP@&W zR+ifxwPR-2JUWX#dilJ(J?#6tw(NRwA#~;fQLVY!#m|o`wrt;7T-QE5JpYJw57(*B zt>IT({4J6bC%=2XaYEU-tH0}{@hgOHe?K3^S(PX&3BUNN~bR|D^{GvOl^B=4D=Y`5T;V=9ZSuZSZ zTXnBeQRjj>Bg2ciAXhETS@dT$>#Axm@fq8%7BAlPYUe-2scR*;lr^`wM=<$5<3Hoi z(^FOP!l-eT{pp~{^KtvP{FyKA7q1y&)xPqUcn{YC=eM&?y2srM<4(+*)2a7WM{m!E zeL+`N7%BNbo9w6`#$X%x>&}Khmbs#rr`q@LnzgXtt;gZ;g9SPl+8G&MfL3y^>g8G> zzT$-@o5oA8&yv&4T))If_-GuxP-&UJXMWMFMbsZeKe4$-f(B%XN}Tk&s$pc>)y{dUghii_lM*H)?YRo zvL5m6J2iJ7;lOEa$t?BslY5l(AOb#51TRuPKVhB5O?Af)C z2~CI8wDfQ1>;3-}cB1d|i=CUSwicW}bpGe1M?#;PKqrp9nRB!6>22QV8Wm0VJZ+bG z9&y2v?)##5`A@!3x#*twTdg@E61Qa({%*T_$8y)7M_13?EC8*f+&c03Io|4sv0*;lb0Z(i;z1?UCMk zeEx6U`g6UyP3NXsdvCF5=sdHKX;)(7x1Oix7thLn^0GKCMm|4tM>)p=@wrMF3=*d! z9j66nRlnM-aA8rzzdaf+iz~J-cPTc#_<2R=%U9CxujwxgNRwW@@Nuu9%$$-xns$9$ zil3}IpL~Ah^5fbP|DSo6+ddWdt`c5<<$e6RUw10)78b8d{QTmS?uI#b)8j9$WG^?r zm)7x=p-|yvabAdEiC&z8K>a(Vo_QY275^=H2|8BL^ks37UcFrD`BV2?gx@M8pD)@d zAmYgEV9RK7dgbd&mIUq3jq&BukP7$NC|QBr`A2O ze(`#B{~lkw-6$_B=krBTz4hY8SM|FLtn!(SWOy$>|FZ13>4g6QAC{$`yPYQcFxSsE z>v8|o)2(?wCco2kj$ZBaQ2+lIeNf{Hgt<%Vq!^z0aPv)@T&do0P4`jCci(l_`j5Gt zFP;`IvTer!?&a&BEUcMTxbE3bHVJpP#j7s9em}qNT)pY5*6*TL&x5%8Hr8Ku&)xpA z6;$hkx;|OcCiriQjQ?&`|1_KL(O2Hfrj~Qp=~Q*eE__{jBgNzCGwJPlajRzf8QbR^ zs}6g|vGJ$dzN@`imjln+w0I|rGQCi&v0+GXCCXzCchVcXC-&^V$HLx~#6(Vro4iAGUf!!aJ7t!hotI?JzrZLF@6*}O>(#vGe}8wkKRfNpYu$YH zk1SVLL|9I>KQ3W4ZK?RL|5v(iZ)2#+JhJ)9$6}|m_ctm2Kg!tfF5}=qFHpHBKL0;k zv>v;U?m62XHM`3!tKQvOAt#$GAG)t_*9FV+PiHzmJpIAOXPafTBrrF~DfIWPA_tlJ z8HQ@-Ry!Wvoo?hOdrri8`9EplzbEykv@Z|&_~)`ZXm+moWIdnak+#Q%o;|XbdTsH~ zyLG?Rbm(t>Jz>|wPxmvKK0lo;J$uQel?#u9X8HpCP39=r?U6i_^0IhEZtSG=*O|JY zdiL52=ipgp220OFdrD3LH#hI<>U}8etT&YJg zCD!&Wm+rLPum2Of%kXTq5C5vep93_KW`IGdnPyEc6$ERtmNqj7X1+f zFKOJ&6Xd>sAN!}a{&@xt8ynqL%iH zUeS5oU2~4C&Yl~QY{o3f*4E`0ul>Bzyj!#CoVCtzH+I8*Kf^CqBui=*OaEJV{{AVO zARo}d2iNZX{`mZda}QrKkE~ONul=FhVh61(KjK{Y+vUeQS z-BzHap0?F^+4+TU8FoGN`1Cj~Ch(_c$DetXKZ}0`KK-j&dPYO0{?WCoHqCukzfWcS z^6%HIeKHIOCS7b=Y-;2#6wSmFd}_M?pMU2ouf?30%We79{r}tj|DNvuQyp;zbc#Xw z`#QzSn>)Ad-M>$)`0%GG*{y7Rvc0ROZrT29)~_W2FXz}-SIicb%iSA!D?z&OinMiS zQh71wvM)cso#S_}U&}E)S*7;jm)V;x2lK!4o9KA|-p_~4%l(5AKSg9FpZk2IcmMsn z-0zpy6x7?cy%g49-l4EZX%exSUmJZYdrWAg&TYSZTNKVrhb zof6gsU3(?lc46KmyW@5Ypp$+IW)=ooU*C56=((vU!xx$#Ittm3asSG?Y0KVl zAKq~&^GcOBb6;TcnptzsPXHZzU4J7!zWUF-olbXZ{=J;MxBPwmr!$@1;`Kc7IkK{H zJ|U`7PCLMZNMD?DXV|rGPki)qxnj$QgWKif>OQ{ub`CU4`zM6mcHzzRA9EJ1FWL2f z#TUz~0pefw&Apysv~AB_uZr&?9yRRQe9eo!mN;|tpPzS|-`^=z>e2Vb~xO;=p{sW8E%42XeV06If6X!H znW-e0E%Z%v*OzN0t@Ad1eOt16wZV*lt;d3P--{@;tTz<={r2Gc`j6M|@2M-B<0o-M z;6wiYU(Rz{4Bm6eZu(xbNa;lg)$0pYD#1^-MTX9>=&L^h+lDWU; zg4_CUFO6P2ds(b#r?>q4!`v@>%HP*juDv$JUj6^}`2Xb(9lx%B)Fv{!ZMk&v-IBv` zGCvo+s@q!U%)`4uMs4qde%B|ldZ3fcJPMr-sZQ{B{qf_?&JPdrK8Iv1QrKF#u~=CB z{G1)N&jRNxUoD{CD)8y&?t3=Z#YNX^JoN>QMgRF`ab-(X(&8J3l8^W8_jHQw^Wr`` zi+lCDJHlp5GeI4K$U@L!$7GKv`-W?=bsx3*bj2)||Jd~5-SqpL;{SX#SKJc3eYT%y z%c|{~^GY;DmgfEW`|i7ZyTGBkA0K}A@87-W`!Wa9btmU;&VMIn-n{s5^NsUQa@lNy z_4_`3aN@`;mK8Ob{`mTqoqo5bCv$z&yw$Z(-8A->O!gD^smA+n9^ZeXOZ0x`!>7Dk zb>?--T#W*)O!(cu|Mu?hewtq%Z+@Pn-*?;EzU7U`#o1jiFA1)RtC`X#!*KfH*(3XP zwwlX7*e_FmUR1Gxts(35mz@R2lwJgQMLo8^{Ga>0>9>bd-L5Kz9dlkRRU)!!&*H<) zi*rgUzn1*mXc%{|MBXQm&G<} zIXQVp`3$Ch@BbZjk9D`_&*C??0_``Z-&w>JyHI|~vW#yTapW3lJ@r|&~%HEt*fTfEH5BDYRcb&f`ZUvAms z;E;KInl>t?taksmtP^%ho&MZu_0yvB_xm>OFKK#mM2mH%Q^JGb9p*tN5J{{M&_ zJqvbvUjDrD^7CKE)Se!CwXuEfp3fDNd(G}IdL?Sb;alkC1}c{{K;@FxiS7lT^<;P# zZz-y~qEeDq^nXR=FBvC^t3JB=N_lct?oVCxmmV|rbCqyAezUdk+8GUtIbSSSt+CT9 zS)q}#Z1WD#c+a=9M%v3e=Df=}b>oZWp112JtpES_>(<}P<;yN!e7{`kr+)X_q+3yw zH_vds-|tl16Ue2lGItsWFB@n%#pO^z-&6C|z2+ajJx{k%wq&o`)ANfpTG<%HS{bAm z!d&l7S#aT7;*_Fw=Bo}LyTTZ`DkOKsKF;?p%AE^~Qw@tISBk%GpIE1-|Nqf*`(y7; z2A-Omy!*z&)U(2%b8KQ(e|>*wNnv!9I;f+6{%pj|w))S1KqnrWK0QA@e$Orb?yw!%;0>%_vzD!b}970;*q{}ucKRD;CUeOzY#@!zkg zHJ@We>VIFA|D>|_z){GzRhgs$u-SCt3_rf@5$Y5s8-w8>-$Me$#+)%k&iy%^JKE0yH9mm zeo`pfvUj0~6obSLJLVS^SEI$n4VW0Fo^rkLbbhwaM5+CCWik7f)m>Wk{LV>Zb+dWl z{o9IWPG#=M`eoFg^)=u}ZldK=Y3|k9&(2Mc-_s?!=J)IDzvomf=KlSvCqv+eoFIwq^I{IZ-LfVrrKaWVN`FV8p-w!JH)&{uA9^N-4;h3ew z>@R&YPONAt;ah94D`0ctlxX8{tvQMrm%dp3eD*WEGI_F^ZGF(^-i_a7RQ=*-Zd;@> zZ^CWJ(t)?u{jY9MF&FV(c=Q6p0fVoS4)bk_7sc?iGL$TjVX@tI-NmO;?bXKUo3|Dj z^xQS5Ws`MYaZ2lP#;yxH3#wD6Px|t~rX+8Mb^ZU3<@f7loH%|bHqOp*(fqttr)gio zuB21%w}kH5QDb^e>XyZ3MWd>B#+ceB0(wFrLvE^kfm z;Y_PZm!EG7>fFpVzHQid>@BHJ-&Wqds-?-t=sh2XRpI^Nc z>=XWP&XR9WcZU4?v+V1it#1X+&E;Qv^nz6p1B3JBbcVZuk8KzhEZkGFB~iIAaPse| z&d)_IhWY7i`~7tJ%ISwhirJF?S%ta)36>=;3vDvg`Dsv5M z`9iB}V}7iiJv|R{5ZU{Ce@Lv|nEB0(p1$OflOZ!nGGv8+1odRtHnH z%GOOZdLeM=X!liVhk17XcWWN|-tW2eR`}@drv`fK!FxZ>t>6E7-Q8Q&_FJF(t=;wc z+IilqbB<|9@BYx~carDA#fJx5*UQKK`E!5Pmb)A`xias4+39(^cgG5+6Vm@@UV0wp zCo8%u>q+VNk4K{KEK1TW(dn+M`4)5LV7g{&pJ3UY$44&go&7FGgh6NW_qv_igyJVK zG%OJ~zU1|V**;8Sn`GW@XW!pvf5rVg?`ql4s~;yjh1k!S)woo8cKzG+C+BJ}kMqf$ zoBwvN{cqLJ+`7l2U)s3r`S{~?z2DUL#>>wCoYSbdI(Ds%t-!t7-;XATZBy1Lxu>zD z_vhqycX!LzOV7@qV$IR-rSy;Sx2DR#$`ue|%( zuCDj*_Kj`Qt+$?^I(&DrZnegUWNaXLC z>XSBpv)og$zhM54C5CVOG|McN@5RS^7mHpyQND3PZpF_B+Ua>QUheJe?!2?2MJ_$R zFZai)<>Sj@4#oa$pSwPRx&m9ae`?IP+R`F$%X_~4k8g(y%v#E4=RffmET13D|1NJ& z#n$57-{0oC$4+rNzU=K6Z#LcoTEUFGwi4F&#T~A@`5p_s*}v${Q_H29n%R0W;_-DJ z^PY!^SsYjNonq%-Vv%bknpkoBp852yxy~G~=4K!Hvo7Yb<kpt8YS-|9oeT#k2BzY-1;$_nEO>li&Euba998+H4op z>;9*|XJT0G$=&xf{S-HY7O4GLw56i4Y^R5De#*rE^~uHB|8tGZO8nAZCR=NL)eE07 z?R~KEi5jbe@9p^>p1o3h>G@C4=BK(J1@*R9mYkm&?N>ED`C^9Rb6>%@ir>$!Eve94 z-W{3pC%x|If!FEBD~%+aK*!GgT&}pyi{rgp%ha{}$ISMw6r64R=h6E8oQWILmDfy3 zUw?MFjLw&zEBEYKY*%}3cK#Nnc`lkJ_a&mY>;sorPmP7!Lf+QpTDKHee}C8hV9E_A zD=V8HFE;!4+5cAg5yy7GD~NILAC?QuAsN{_?mX&_Z4Kw@Ua^d0*T3`b3x8R}`}LkW zC;fEQt6%E9YHwf4xcPsYR`h&A)i$H@l^5Txc(HSW_4CfSUzU6K|C~0>%A%d^uR{=L zR>k%?X0`_MaWX-5M#|f~G;9JFelofL;BbiP(N?aTKQ*53S?j%C+q8CG$-aXIk7k4g z7sjk8$Y1^E=e2vkpPs%u>wNBvW5JPJws%t{wH8z_=a6a$HM48Dwnl8%1|@Yiu6VV^ zg(nZs0(ILmKdn*@gK)`ce-o-PG1Z< zSL$-kwASy2x#61Ub?+ozx}vXN!?*OMaPpEF+yDD5_HADCQZM%0zqCIMbE8z2e>IlB zTU&C{-oPY(cVOfzIn&HvGFxZcwF`ijHlBJWoqW6D30LgG$87VvcANjJ`|dmOtBTh1 zCn@vnem#Eg#9`&gyrJnB`-MvJZ99258D>m&N-=)9bCC_xx#_~i8v}W#Pk#Ao?&*`I ze_PsjPT@Hg#u=<)v1QSPvu6GC;_a>Z6njq1<$fd{*2@E-fFm?Pb|6IW+I!q zFt9Y$v1HB4eA@=To9 zx{q49TYhFvsyOZ9KhbP9X!2Ay_gGK{W666FN9GNij%daXd~kk`|j9LLL! zNtDk2dJ*{l`4o!1@1~7QFYwO3zWloMy}b61t^T*T=ix)Oo zgq&5E+t^aZShx03O!_#+~r#=f~x$DX>_tJB;P^493p`>^8YzwYc@W@Gk#gP`xMwiT1|Tz%7@ zPdGc{x=jgRDDS?@x~)cMir8Xj{MU{Dw_=|3WV5TXs`GAmB*xdAG<`htXpPZ}Ys@b^ zFF#+u|Hsc2+oU%hu<mT}Dy(I3U4RKuJx<}${ytxevSL!tN{nt4nplc@Jae7V7qJZ0z z6+{2*mHdB>|FWy1;irzmbh*|G0jK`DpVgSrbX09;u}@&O)vhV#`#-&$JmswDssL{8 zoTWeWZ!x*+s^nKqh&yz}-~7~D>;7GNM=s_u$g<1qW;lQ2OXa0)(t&ZlHb-;nrtb2a zzu3m*ocF@VR-WyfPCbtJ%&@EA|DP29nq89m;vL?8+$X;;7S-&Sx0j>J)H;KC!w!}U z2I@b}pFI8N!K<^#$?)Zh&nd>wGE6NKex=v?+;`H~M69MJ<@G zFL$@0_b(Zz9ktH`KeL@O{nYF!e%4%TzTrMu&F=glF566oxl8ug$<0rX&s?l^OuUidOG<_XW1ve_TT>E)pFrED{ffct?asEdB1{7I<89ivPkaYQ$N%DSx?_B z(zbrpwkB)$v(mG9e7zP?GffT4ZcALX-uKUw+xlfmFo)QxD)WDJ<=?(ouD`A8v*N~G z#*`e*k`=Gc&6)nhTt50?%;`6&kH6{$YbC#U`uoWmVH5C0HJ>N13JGywW)7KgVC@-?mcU zeCAxZr1SBf-=I~*=bbZFK6jgvUf=3q^L5g>`G&R|F842pO}}8wXE*esl9y zzIkWs%3Hng=P{9~dp;^|JX>C|J=jlNvlO`IyTe^IwKb$9lC&X^i+XW*mhB7Iv|(K9h= zZ_&&wIo2?@d##eJ)?KxiRX?v3%uPH{$@`v5%*B6-^>uOU>9?(}ZxPS8J5=Ob`>=fv ztGiM1`CgT!bx(Kw`*GgV{d^|RT(d_Rt67gPIe*pbcCSYMK0&q4fX|kG*=1cd);Zb9 z(%R>XKd-h5(kzJ!u<>S?oBw%Z^~nS-Ww@Gh>{k-eXd#0Y>`tkd2%{won=3QB`Q0$eSyQqtPs_B;-7cBEP1=g=i`j+&w zNG|r>ouJD9e|V0cUTq%q;6{@6J)2JL|MosVyl#uG-fw+sLHhazIqUlgdk(MICasuV zV0d(QWX8UWD)wvVCvRSGp`hlR`sz=o-kHoR3V*SZ`Nan_R=&-mj?dlOo=Mhb-3;89 zle$o|i7lZNbcm^|=)OP8BXs{2=iCTcmy#poc6_&})6x}FZyuP{aeh)$kJFN%9fmy` z9dWZ%cKva3JF9VH$&JcI^Uh7xEMB2CN4|9aCwuLD&)HSlm%Wz-SWjtszoO3lMtr>X z^3S@j)(IZhNzR*OcYXU^58wIA*Xih)+?UvDc;&s|;xqeyx<#gHmQ+;l(vaJ+EPKve z{rv$fwl5v6^W%+Q>U4Zud;Ywv-!CCH55X@<7taWTj$mgy6<@x98#L9s?^)}u{C`t> zO_z0R9eR@1Y=4I#}ef0Y8*R3TFs%pO7De_slh(l_D`{mlWR4ZYY3rq*6Uiy9etpmfBbJzD= zD3iDzU{@U~aral{zo+L{+7>FlJ*BSLj|hzb|Y4WnJN?=XS2sUU2w! z)8B1f3zl;)n0>}PBCaSgJx9Bi@4egq#p@2waH>1#B5}rM>C>PW6>XYdEi;#LSn1VV zTKs(pV@c}KFGi^s&h;^G;CdzXQxtTm-(2IjH37^GmbY)*v5LF;`8IRsJn;V7U6m{6 zIG#7&s5{+$`ukwLZoS)oKVAOtbasupUh(ss9|;ny7gsKIsQCDA_Kat5tjj&ZA6+jm z^UHpD?RK83At3hui3=J>NW$@5K?r4{cux8{3t?BQ+F;F$u&wcGEWc)Nc6 zT&tSTpD#XioLpP8=1}EIwVA(b;P)8zuK)6FuDkmAIX5gf&;2g@tM2*Pmn&BGgBI{w zU*87mL_Tx9@Y7XdbI0B*hr54+<^&I>Ti9EHI|*Ajno}?RW_@blAk1>%<74k~XU2wi zpgn2#onIVWu;}@ndwYMk>WO`RxgWGs?C*y}#V%d-fRD`n55G;(TiW&VM&p(VDMwX) z{kc42^PZOmw;y^}g-7*%{BM2zT&sZG{=d2RQj(wFD)XJ(TePv*@|CaZgrBNEfBv=p zdnZEJww-TP!0X>>CigEsy8B6Gi?!{ug~^wnf2wJg-FkP$^g}lzrwO!OsaXtK^ip`a zH@x~y%Y=D(0d_h;&=5=P1Y!r6=%vVlp7x!a4IsK&Szbpue<&9n{pf0RyUbezcqI~|C(QV z6FT)~u%bMF{^n<&N?IT0uA03sQ>1QoRB_37u_aG5Y`yQLKmNM;v4GQ=xyQw<`(M43 z$-3=(M!ib!{O{}4Uu=>eShTyzER2-z*{GIv@ZyGVl_9r#x8#>ieBM`OzFfOiF70#g zraiL9R~)dFZMl4;Cs{n=1u6fmC`ni|Fqx*3-5uV*$bGY7{snX z_aXe2J342|{@eV4|;Lv=HjZ>XVSS}IbS-h ziR8<_UUTo8tv$za`5^g)v--YGb-nO>e%TM9Q@0Czmg={!E#ay8?4FW%yAae;-O0It zF`{VWstm#XeSTRRi#Gl|ulsSC!}}bLP~CaS#+QGoifr0bw6Mg>BRIZK;^Pv&iyQq6 z&Ri%lwY4cLtDEyz>-`47RY_kyY}@O$;+FEK3p*3*pTFDmY}Q86yqxmc^41rVy8XX@ zde!?=#PR&i6<>D7xZN$i{M_^CW_MoeB9U47B{o~co-qG=IZgk5&W)!ARnK!QPOW>$ zp?Kufi$h;!3LA6JzPJ$}bAI;p4gW4*`}Ftt{kM0kMQ``$+>x)HyMQqw5421F{-x>m z`e9#W+_td3*v0#0?cVR-uRB*nGe|ghneSh;K$cyZ8I&v^7ufSjMOQ zRDFK*-1be3&(~-0X{Bqf;b%OZy>G$MdAI&SzvR!`T#t6>FS(rd@UFqH-2T4# zw^Z-m`}yw8L;u*SN1A(QeeTGNpPljF_vks^_cH9p7Zv z>UIC0Fa4vpeZj@zpn2^ZUUR+pVCH;MT7G)-<5NF5lMf~e*tIl9VD5e6zncr@ z7u`&FTGI6MM7EYmvX$AkDHSs$kFTh)dH*lwM`hREgb?9LUt&Jr*_A zL$jXpuYG&W<@KIB6O%Wdn$K-4U?y4cl+Wl@On6Kfr}wYnbrEB)$rHCHBa^Piue zJ)?cc#;}5ODGXsP3{nkCx2`EZ#c%&9{Yrq00`pX6%qrI&K;uX?0zH=gF9+r|xHcEjhK=PX#{p*2sDL^LBWJM{S4YiaVC( z^ZhOump#l-t$nxpt=lBOw?13WeU2^NcwN(+9HX$=Z;OCUA?5e z$E!>GeZY?N!=Hseo~ulL=Xz$r^dCnoby|+vR)H^2iHJJ=T{lnhQ(s$>Q(!#Don19d z2a0%PmujrN@NTDor+CqpQ+2YYh9z~|14~<9K0jr>B%x}<&d(917mFvKJ6#zR&-eXu z^6S&F*0~?=T&U?AAseuJxRYwf!4RD|ZE6 zz1I47`^i=7eD$tj zK3VVY{r$P;n8oJ%Dv`UdPniR{!MsQn%l0 z>ioSE!uncw%+znJo$7>Rmkn$d-t1OUi%~9 z7iALo&i&#qE_qS;_LbNCQ=8_r*={Q?dAfV&g8SUl-hZ(?1KM5w@sMdk0LulPsXutt zW3_qLY)bw0?^?CbwF%ZGxhTPjdz8fSu!WCIMw7Hn(M!DZuq|bz=yrv z&#t{pRVqHQz?y5pa_{-=lOOu+ea0U5FQy{4_=Tj<>b19{bXz|jKYA_w!eXWu8ycqe zbS((K+%!*LQXyNY&6DBmrq1{u+}DGdSEtQ9HNVT)=ht?}5JLg6Jve_20)9vTR z%^zfSzi)F0ZgSME*7Sy~t zc-LmdTkVFvpbry|Pk&i8t4J~T>7C|_7auyty^op4r@ig{33W4_k{Uk6o>%W>mOd3f zwXu3)mv*q;{mhfad!6z>-dJ1x{@!24wsSjwaSBCW3}lEcp1;tvRxb6}RQoyMQ}~iv z_bSM>?)n`(Y0~`*k)gkDe0nt{SiH}^+gf^|QU=4c9tNp~lRW!3-ZGkMe_p-TPxZjZ z`HO{~pYkwC^O3IKZ|%A(+`}`dH>*F>Ps%~gdHK(+QpYY-9xd6q*X`fxKda`>m>QyX zy|s0D>lypnbuUd~_xVfAwQkqD|Mb26zjrV8np^wvENH)3ws^s7o~l<2RabagG8?(C zeAyY~>pc5eRek2ht$#08n{(N|K79Ldi2LEwlkdNqrF2Zgnnh1`{VEY-*QgeR=)H1|NpW3z5PEuHGTP--w)4ieS19p{L%l9 zWaI3u@9i$P|5yI{+0wiE_P(0Vzx4O?ntjUToP9e!{`CH+| zBi!5j+i0^J^W#~dHF(v36MtEzRvOlxn;tAC zFVSw89GUH0`A+7)_kOJ-eXZ4E({&?hLBZPy6>UgippO>V`u-)&-wy7^f}I= zc4owGTml^q>v#YD5B85QJ}mg@wQeUw?{!Qpk2={p?_%rS z^pNZYu7xEPA1$Q%?zntQU{`}ON%`J#XBTpB5Kbt7;0 z?b4q|S3CWZ*%VO0XKVOu=j`R>udX!jUb$@Fh5F=~LbuIbFP#2V#1N6nlo1xv!#3@u zaMtoi+r27nH?A{2_rml{ZMx+y`|Wa)M`r%L7xJm^+}!1U(fca@T|GDRTGxVh@U2{n>e;X7Mt?;_F)7>rWpn(O2dsi#ReHq~HB}QP5%YqP)9%w(O91d#=As z1-vVAGxX%cjaP2*>fGy`cfacI8;kjFMaP;GUmg1RLN_fiR=L<#m-n&&@ zU%&Ugqsg_4yKi1I;(l4YPkB!LuO)Sxb{zCtx;69Z`8p#7v+fspp?f^%pP%QQzLsn5 zrd<`6K5Tnhvj5||)2l@#OD65_ES8V@4f2Kg-M=qI95(No_E=eSf{y#o;%H0Po_YQE zc2D%0_j#S*+UKm*-`~BDx!rg9`&l7Ld%Nm9dz+OxQ$PGYet+r7r+M%H2-N2lmM&$T z=6#fVXL0KJ*A>Y-t=)GnF#0E;{POzwKJND(Pb>G?EbMz3S1EO%?Ei|Vtml%WZNz6K z@f(!Y)O@@1w*Nif9#;1XbLO|zI?7kK-`#Pw_Wr}2C#xgRY?{-T^kRygIG=Lt_PTTa z_9b_pE{;33;PCFZ4P4YFHjk=vrMmLg8#`G+Yf2%*;T~(uXg4 zM;>R*dnB61|NG_EJC!1dI<9o#}kIr7SaP-ey6+ zwX0r!Hd=DN_1g1XS>w~6h0k3wv0r*#F>a>G_b-)vw##OFTozj99A;J5c2PV_N6Ga9 zgN_xW$pw$PgLXU@gr?Y^pJ%uHo}lL8v&swKtvYaN`!5U8#Nx^bo0Z4Y&(Gy~Sg5h= zs&(YkPk|f{b8hhaJ8@KgeSL0g@$>n1l{Me)oV!^r^jyRAREO;O%Wt30x9enHwFsXh<@BaIHw|@VZaD2{|A9~Y8``E<&;yLqo zA2gY0mnpJqzP|gz;*fhcoz3&z|9mL>_j2-wZL9%@w~DVXT3y~PdrB>C@#{ z%}&0ptQRYP*}Rf4ZU17q<%+?o*viJT6rBEm!9<-d?9?(!TbN)3If5yQdl)6Vq;$&VRdi|NeWY z3#4Y6)b^=vdE2M>_RwO`0!|0}l&9PG=14F0ntJ*CW}cPLrucLRUGJEieLLU$dhtge z&ppl$HKe$gCU5^`@-g8S&!dC;7su?FV8_2nf&E#kW{{0sB4XUsrCkJ@UQxBBX7O zRZRZ>=k<5~x7YiW|9JK@T--0d^MC(-U7dw@8utd+&dSsOvUF$Z=b*SmtLLG!-meWl za^$7r)WhelpPci5fk;@9PDkJ4PG{YimqM5SJDFC!SoX&;GM_rN0|2j&eo#C91zD!H1a>E4~_@@nVB>d>frt&2ScORh7PXqD+b*^@czU}Vwr zQ@?v&t&RD=!eCK!$rSVZGYs4G+|L`boZmj*X_xtyB`Z5W?VR~=`vZ@Q&u@G;_t$#; ze5p_V_qTK9x%PLxUig#i_yh{ulOnYGv!~P2O4_ z*aUL^0kK_wDtCR^x#`2s?=LK^PAyY6HDwuXa4NV`WrKo zuU~hEbm-#ghh7xDey+yol^Rf+_gqU9lU+LVsf5+^a=Vo=x^Ja^9BE!S#qPK? zx9nuD?O!Zz-PA1?EU|me$l&e9!0VIAxh^GzQ>VoA!s*rKYOgp2q#KrH6j`*M-x5skrMJDZ80{<{$1@sq8L$X}WR)-&Xl*v0tXo#Gf*3Nbzyv z@X=gm)BRg=x~jnbHb}4Fgo)Z(y87p@cOUXD6^5Ap4~?|kE_K^=SDoq< z?>~ojxa`&``+9fhw%Xrk7Dt=w&#fvbFEj=ncHAo7JTGU%f;-(ib@IQ??t1jt{`m#o zfj4?CzxHr}j+Qt+zc%ReB=M@yp1;yu2Ob46^7?qPnt%?}|MmX=^828TLBE@( z*}spg-|=_;|BD;gvllMfJi&oC;P6Tgf7>0uZ#T#Pf3$x8%#4Q{54+8Y(oHeuI(GZ` zvvaIJPtExv_0~y3cK*7PTMzR_7q?ZQ@V(lPbN&W)lM5U) zTGz6ESCMM6lyhy^B)QvOUu5p?s(krvuDkX1ZRP87@9(O7dFA1wt&e~Fd;I>};r9Of zdp|kU3$LfSLu~~_VZH=-knz5!?_^&7w8<)R|Z=`_3c;P zcH0YDkude7l*Z1mZlu=n)yPydQQTJADjKTw*UYB|Ly*Ns(-5gSWaUyHQBPV`q;OX z6_b~xzWh94@$(A@r@x(Iz5jCJ%~P3KkcJq-r8?{yyJ7m`+I+H%&VC3F?i{ofbs`PHD<5& zdgq#-x_j?=x_wY?6;!qcqtRUoZ-(Af0hW#+{J zlkNJmb_c%LVe~)3ApUUm_jmX2{Zw?@8*Kh)hEP2!`K@FLmZeltPnG= zJ!flIo%cLP!zJ0!)^qFmX5aarxi1~QeeL|kC5iENiyxfZ`gX4I?fkq-IVXPIPw@_D7vT16i*r5_ z^)nU;9$)cdr{~im8=GhOC0A$H>6uutPh0)+fblDrz|XDQwR72WeVKN?cv+lLmLT)s z{)Lw^vT`|l*0xQvW8R>_a)Ci-2B^u`7+YYq8`SWwmvZ6&jVY|%`~7hD_x70IbDp1j zT6cWovg+jL?P}oN)`n_)k#(}u4Yb~^%xs^fbl1k?)awPGPrdlDr}Ag<(xRuCf6}!C z^z3WCpZ3q6FB#0Tw>WqAvJX4&+}SyO%EN1Cy*DmCac=9|?)m?JtdC}&ez?GR<&6u^ z{#-s~Q511%c6r724?q80R@Y48&cFY+?(%b~je_ond93D}uB-X4_OkfZCeW1`f9J~2 zx4mxDtoQy|>;15M`yU?KEx>N@ifNYSk$WyL9~f^rtJA4pnKOCOC&_*H?r##4m6bd4 zOzw2xW!?i$**}hZFz_B|ioCXJzQoEo^-|xiAAY>~`6HdI!=Cd$=aekY>e_!r_3@uy zxBmT#I=u2;A0L0x-r~CCt`(myRKBscTcu#dcJ}E$naayOvr2YP_bsLpOVKvubtcaHvZ37^X>2ds7-ZRZq1{$v`bd;Q1|bbf6gw_ zIAdP%`tIAc-)}wFuwVKGbl>X!|5qw4`!?)TFu%Wkd4;H9m0i_)H;doTrhyWX{q+~e z?!Rxl@I|R-R?#iRH=R?XG+X<$&E|I&o^Z^4dUE!i6%+O21Ab4h|1}-7DEaYuJI>Qz zcQHg*@cuu#N>EZ4TF zKFn|Ke)CVAdpoKHfLt<7byto&4-Szvll(mh(n){^kX3 zp5hc=_fhLxl~q-NW_;B9=%}SN(NbUQre6MhD(l5lf%MF{eL1oXOH~@!5+>?o|14fw zx8LCT%)r$7y&twozFxcc`|Rm9;yF2acXw54zOVkhKDwSuIc>_Uj1QX4ecU{~-t*jh zjqg_0*S`I@yWh6(Qgc=uj^ry2XNo3@@`xwT5d?Tby=PRTECE*4jm z>s@`uGWj;_>8FaxL_hZoY13INY ziyh+)-LpGeyxNH^R?h!3kJVk{^9#7kJ-T^&FTefMtMO&N zt(6T&e2%D8o{X&ApKlMY_y4cbO9_2DRq+-B^Tb11r`&)1x>>kNZJo&DD|?oErA}_C zId}5U&U12Y0(DupqVKWJa!G!A19aN+$G@*^Yx`1H1@1e$e5KCmUIjK$j$^By2lj4z zY|8u5G|cUMa7ot;z1qIky~4Ixi?VeN?LK}|@x<-ImbANDlHYz#T6(@!J6S9A-(8t= z)>rjFKI39EVc>oYt4C@}_oc>K)TYkUFUvUzKHJ%9MWC+8jcfh6Zx(TN`%0EPZK)G} zdaG5w%XMFTPV4rya*vEa8&rFuZh_W1TYg*6bE^E&+tzivD|4iRI?J1Pe0VZbxb@im z);U(8LE=e^pUEbapW9db+x+}~Et|)Go+?KDt!Yl2@Ur;e=e#NItrfp?IGd{_`R4lx&J#|}P+K?WN`;E$|1T%kmS6ui+fMrZ zx37M$b=S_E9O~=Ab!zGr&#t`FsaJj`Ofun4=E_1fi z=Pw42LL#3=@AP?}->CFr-Q9hkHRk5BCS);XFo>PJRKp0m@>S;W(JkLUb(@Q}_Me~E zUA(V!isSRlK;PB9{QLfHczuku)$Q;{r++JrU)*tN&G()6?!|`%o0hx$%B`4P@$T+! z`S&{o;$yOBB^{4GReIL&p44sM-HS>-o-Utf*i!KD%hb33|MdU<|Dpf(|DW<_f9p;; zy<+i>TiW1lm%;6}DY=F&+HW#ie|?;AcA6NQ49C9AyC1&I|M>S*{Aq*syGM*%D=NcZ z1avJ-{x#I&J z-^Du>9cGzo`@JX!ZxVa*@n-Qxr5$(E<)v+ppWgobvO#%0sBH2o1RXN+@Yc7}0zvUj z&*J~MwJx8^?HN9I`HA(FuHNq#(wWatD+<8)Ig2>KED4`-kF{G zccOLHuZ?@lwe;`4D5!B3>R#|$?r2fe0{f>7%-`?nU$2_i!^&{1>oPy+Ozfra8@DW* z@MqZ<%l-a)mIkacTO4@TEa+tMi{wSyLgc0HEmPFgcw^;qV*Zv1ORuF|;|{rHb8Us` zgu2=Lm7ktF8f>4r@Q1m1+1hE#RdXi!K7Xtq{>IPHJ}xrx-`;?&>qF0(&v5_j+)=pr z)T5hQwu{B3b+0xI|9npDT*ngW<-Se@zyEtmL_tl{uytqY=SwAwC0)m~oHzFFzt6kZ?R=o!<&X;VbJ9)=CanKC#frDa z?OE0_RiFbK>dIs`{bY{L=MJvBG|N%Uq+a|JC&OgV-{PP>gX#aLtG6mnJ^xx{ z%I&-a>;;OeLf8Ed4YH2TUwpwcbbC!LQpDEIAf1N^AkO0MFZ5e*A5(f8YG%jMk&~#7)yO zj|9rwwo6W$b?s@a#UiKfwx9V7!m0|V6GO6ugSQp^?`_LT5_Bi#^M_B#yWfc!#WKjIS#RoH#p3_zi)BfT z(K7B#Wtl@0?Xxx&y75Mrn(ui&Nzj4WAcZM|fi1Ulf56cXN$>CdHPGYexa`(izW)At zbF->Gt!n@8i!MZz<&|ET8XW%gf6P{q#T%Y!OFKND{^9(Om|*>dKa;s<=BEmlObXvT zja%#ZG)r|u243Z+XHvPYyG%Rdb~b-=>DDdbetAMi^g>__ci#Iy1=;Wag0`M#uK%p@ zY`)XCNc*fdbufUH>y3!GyNgI_J<|GsT}=6MtVWZglLzhRa-_ahKlO*{{y4hG=cE>8kt! zTA0xEa+Y$Ujo-Yg0`vPVVypjHN_xnaEL`vX^#0aaTK_g$-_448$L|NZ;*xpmk-PIJ zI~}m{R_;3#`taw|=b2K6rK-Qb`#!_{iLn3F*S8Ms7G1N}=J66=*YMz3jT<)ocY9HE z)%RoE^z(5&vnHs-71$&16Zp9^uVEU_s% zHb1ztWQ|Y%`|5v7Ky%vfewX)$&a}J!{NhygX<5@Y%woB~z%!Xas-ZDzqJCiOkCkc{ zPR?F*Z&&5YfVWe-J|(#ppYZxQt0b6L@y*@c_0`YYK{Zy5=3e{bt#p8)`HCbl%Rfeb~kMW9{DW z&YJq(r~4m!e$NrIHF{D(Q z=vqAM`3KNdtW#}TcI*stkF@}8aoQ-JyJRwB>t>Gi^JS0ApQa`E#kt4r4GaXh|ajr!M*9FtWp@>bXOh)!NG!%#G9uX8S& zZuvXcvr}fAoo+DSTszk+d3S+`)mrn;Nw43Fy)XXwSsv6v6{(wA^t`j|N!?L~jZ@7o zBrkq`YSQy7ox45ze{al+TBGtbH*F@<3rmx)exJCx)9!z7uiWVRKJ2-U9YePh1Mh(c zYi@}z53KFYe$)_>VN;qk_4#R2!;*g@FBPZ0(x1~mv*_ogAHN2JA)KTSkt z-pg6@d6sinl}cp_O};vZd*#Zjx-I7t58O4=+G@(5_&0KO(aGXdbCVDMI&^c#r{w7S zi!P;YX8CJA>C?`=dfSeDx-xgOxW4y%_sFfnKN-Hp=ozyxWiYg*n(jC4?b`Lq_=Q34 z;+`j;y2H1Z*Ks_4^mxTSdxw8Fp0zf9Ju8!RGEuRC?>(F9%X7T*C&rar+?qUXqKvHE zo49%lEm^;(=Y`KMv)H!E>YZcea&F`I`)y~{${m{ZVrR^!Ieu+N>z^5~k=t9o_`{8L z>TErdUyN8UEPOS)@>Y5}=i=lSGE?=xaOU@a_Emc#V|pmHO8nN=tmmH?vn&!VS-j;O z-pAET?B4d(R)Aqv)YXdb$_wEQua_| zy8U$Vpc&bP$;H}bTyoM5prd|Y{;$g8*jZdBdQ{}`Ow|TI;R#}!9vdurQh7yzTkxBW z@WZ7xEWN*sL+(Yp|Fu2!_}PlxTUBc1vQ7P;GaE#B%Q-M_hzR@nJ1Dg>d~(o>Ye%`x zihTE(<-T3Q;km8_7q9sfzSAkwe!X}(Z{0HP<2Qc&Eqa<3!^6k(=a=kKdf_=A)R33|C*Qw1 z><45hO!4$w{rwg7u&ZbOzdUES-|v49XGO>V<-D2Zn&*8c{JZ&1l(TiI>72Kl?&3}L5-@Usi)^JcCreK{2YDa@v|_o*cpumZDCIz9htHIsb<{LUqUbU ztP1&Qyx44N*fTwC5uN^5|7>1O+tcsfwK@Op9+PeICGTo9d)`^``8_><@!sCw!7`pw zVGiNnzOB@$>}!3P>^(2|d;i9?{d~%i2b294Uf8jz@bjIhi7Tq+%~Hx>U<2jDfIs*D z$N!(d|IhS#`;Wiv*MBlU6IhylcJh>+u9rN$&gQ+{3o7JqTsKWCFzxTME!M7I`jhRe zmigLKS!WM9bEOwvnkII&q)3A$_vs(2(s`YoSz2%Az9@YfF1^L*bjH$8Z|a}Vx0|_$ zqbf)G#it=#R#=7_aQ%kY+bZSlxKm4L{(Vd;1UAs=X&+D9YzisYi_1c8bi~-NC z*fB6GHn1fKBu(`DAp7#J)8?0F?3?|9`mg`;yU_aT^q+9equs{aM3pKeS*9*~;T^4) z=%;RTX)#x=&7s}1ld5vw{G0PmEZ@i5`+3x-onMcgI{d;Z`kUlb<`;)9n}!HGOkeyw z+;JUt1xJTM${CJ=zD0# z{gd$x{2H_JxP;X*zr|e(xKkHaGQ{4jS^ObdVzsAS?2076gW5tU#3mI0QQE6fLlAm1s+M;E{ zt^02$&uBV(Z||0ep>Nmz{`dI(IeXsz^YgNUPW}CLv+&`xz_aE#(k9`?s}uj7ui3ro z{Lxe9&(4~k`ri4n_)WIVdQOYVXD)Nn^~JaUFEWeuTYC9TtKy!S2MTuGE^&eDP)E~b6HS@~_!T8L$uQH3Db1z>Ha{Q5KHQ)KtVs_$P*VL=Jz8u)-KT&>W z_~(KUOV`A+awb`vi^Zbrw~H-x*mlx(`h&f8RyIFY+7fR~D@+dgLt56&SAb!1r&Q)7xWVmv<cQcM|bv%mCrY4DtH!hNHvJ6H?S>8-zOfLrQPiJGfLZgwIKJp&)O@?*X16+x1;rX(2g2w`Sg3g zB7dE+F}?rz(@Jh`b?;AkatjLs)4i5vE4>WRn&S8Q$I{!`WuGOU{e$jHx)gWQW{Yeo zPiOk5IJHiaECDy;_j`LguMwaBBA5Sx=XIvGjd5ja`y^qvYln_X|VDVof%++5>U(B)y(0=lyHzx=_)Q<0h6{875ZI`Ntwvq7PlBoWL=^>MOrygE5Jv<+jt3m`z_SEal_pvRG z{cvv4>O1Mud1p-jW@WvzUvs2tQBV} zL)30R*|<=|?fBf)6Q+snTDRR=_Rf;sZ&$3?{%PK2-b}HnFN*~nHlHxDWnQ4)E#knu zA!Ula|EjwZyF4$MWZI@Z+-Mpb%(gRHknEGE>x0t7qLC;kz4piyqea@ATSU*<-EM zp8IK$)Hfc@JH@-sNy}>X8|c^br75Hw)NEo~AkLK0a8)R}iEm+p_s`EdZmkw)ryH1A zuiL*j(I+Nys^rpMgZ=(b4uc?dP_u1DyPoL;?)ePbOxJq;=UZW4vl(JS|2ultZkU&Ja`L~jvcG(A24Qnma`ZT_xx7e3oBI(LJMAuQmm%Yv_g?^ne4 z*6unbQ<cKTB@kp4C{8<0J3&viRSmrRQ}dL5{uIxsRPeIO0)@)3$S7 zo`E^{nP<-bF=@AP=G)@sSzR*HY3U9@7SYBRmof{R-du5}Msrbb9 zzIMEmj>)<=FAZO%`dyDu-ZQ&u`t&*XEluxFu-m*Q?89M+4X0wtZdx;%IB-Auo*o}O zJL2HG^YC0e{r{);iGBCK%sO%**EBr$Qp7f!C0B1UB;;jT9qPX&eEL(ZvHyJax$TPs z%xnL>oP6rhi(f0Ye^PDXG=A}kWvyxLI%f{ZEgN$x-6Qfo+nDlQux2cI&vJp`jQ_7~ z!uQfHFu#<#IQQ{+JI|NJGx9)dT4_y6tPz1_0c@9F=r;-BkN#O!|7(%|Nt7c*|o z@MU*)7k+y{)~53y)9G-HEFQn3tn9p>4=fFC%#aYUo#c=gR>lbB1~!lD>%2DR9eVLeUvW;5#l6#$-ds5G?1HjRa3)7d@>|#X$WEi@ zKVGlhdO){y`YkE9{C~04){gRDI&Yml*m?ii|Nr~{-T#08|JVIH3IcEbd9r5x@u^w) zrF`zv#xK(1dEbUGCG;{#HT0?6$Tiq6BU@n_pe!#h_sN{&<&B<5?wo7l$BQ21Wi?)J zdeFpUwYq9zWcBmJAEiH}@9(P&|9Scli^`82HV1u{3k)SH2fwd<&iul#?y>Cl_YAW( zea~&lPX8WdSfrn;QFhhn`2G98lnzdsonC$4nd79_hmSlB?>HAQzHo}T$FqlPMfa~-`1oOxp(<>e;&@BGT&H#-v0azp@I(5 zEEkd=Eo15leDm+l_eO{AwCmF!&fmws#Cm1zegVE(^t%bS z!)BHX48EU)UYVXw*Z*b5l5zd<&rFWxE*lLz`M;Z=etf%N*79kmj-HOnx?geXQ1O~J zV+Ip%2408HA>OJPbwy^o_xTtv;dmHgHQPV)-xSZ7S+eI3r{->p>QJ5x+NgJoa{*&U z_owG2XZ+7O*-Xswn3!h4y3+Hr(DPr@q+BmBnD{a9Ivk#2ub#av>P9KUGWX`WKDIfN z{#;!ApS`t?$lfR@vC|wl-?!+o*iq zds^A!roglRf1bQ~^z-*QxgWys4;k89&W?>=_NOH|vvS1}IZg&IAqW4nm*4My{ac{n z%FBN~N^4Fk$~OOMIetC9?)TAf_xSpsx#sn;k20fr?h5aDrrpH0K$Gdk%F5r*?%pUsfsneWxF1|MO#ee%;@{&-MOa`mk5s z;(!0TcZa^uE8?5|;Jj=@8s~!L&mR7B`(@*BZS@iboikJHm#aNxtvq$VdXwCFfBEzN z!T${E9uY|VFzb%y*T@qzXcY=o|=C-#d6k<+u~p46iqv~CwY{e z*8Qj_)3tzcg+BwYLu}BAl%r2GnjBL$UADWKFB6pKJn`wizbyJpo#hWZg#KJ)z97PA z!ceMNuXa!VEFn_p9ZEPv1Zatf#XlFF~$zt^nv{jE^*JM-TQ#thIV!>B2T zRZjQYd2IMK`^eMte^b^obJjiXeExpl-w)j^>2?gg0uIc<#`c!gKVLOJe|&C9%s(4@ z%kKYQYISS_I7L~LJ4auu*UCF- z3F+7O?cerr;;bp_Z)B?JJ51Ysb7`gQiTkfF@8Q;HVq0LuXu@;!dVJmO?}`T!FU8cl z7BWst<9=|Y{+Gk79CM*1l83Y)s=nxN>G|>X`~2T_0v0|IwM!-UKU1COzQmGI=ziS= z7O_ns#ycu5djGub|5HlB?#r~ae|!$IOc@d_-PirwCMUK|Q>c|^bruhwcX;Nm*jcgh zpyH$2#-3OEgNeGslpovuPfa@eKq#L@X6etjuMY{D{&=fyH;JKBz=8Soyt@Cf(^AFH z-~V2#z;i3==jT69bk2Ttp2fPsant&TT$6n7Z}PYQHAUS%@>6(2%FWW#cE0~ilz*&g zReG_0{~xon=^hPBI2JUP+W-4-_O|)^Ei4NUr2YJS_^+>3_oWYSm&g2eY9(Eyij(JG>9L5`2^&Of|;zs){V zCe3(_OFW5({cX;EnCqK4k2S-|X$G?z1H)6!1(NOE&)*B{8#X-j*ziQk`fXS2M zbC*@dcC9{}_3<@}*y^|g5-R`RI!`P3C*k{GQe0!WU|QD#MvDmyvkEtyYHjo=TR2tx z&~d@g{bs*|SMR(v$E{u7Rzo56;ji_~o~J|{wVT);C@^I(@J*=rS^V#9v9ed7w0+3e z{hgC{Pn@2^Fn!Yxi3xA~@5>qlv+y2JWVygFW$6jkHJgI`?tc=jnRSTcOjx(z)C1;v zPdOa~E^SZIZ~M8uaF?;s?tO253;Y7Ld_RHoh(5ZWQoMb~K5(hVEXO@}(p)xqdzJ}V zOwzyN)upYOW>4akpS+j<8K@7T!f3*<^oZ!P{<)K8vT;Vs-B+8vfAh&amrWOEtDX3H zo>67?AyCN#R;Cj7Z;s}_t$Y5=;gAcu*X8leO+fWto2tdGUEJx8n>1^daY$ucKKl8) z`1$+$YrY;dN?~HT!0=}IAItw2CcjbWc(D1&)#6lr!z=3{GDR2{r04{S=0Rab6U5kJ}qWsN@q;u zI}_HOGWqzQ*BX;+MH4~RUOD{tET~-l^85WYr}WYb$?6Sk3H(pbU(DG$Vds)FucQ>Z zK4zb~?&i-r^SSc^ZU6oM{n%{dm@*i?NjUv1-rp~^a82g6D4qU%_r0ffRs7rc$)oMR z!AE|n^!aWHS1vCQ?Cft4PV}9%+VOAwNt5KCPm(Qb4y8VD2!5uXzW?99&-3@&=KYJe z|M$W7QU8L)pr%X5r{@`!HP+vpmdDrs-}&jhp^A>MM9Zw8yoy;x+n91h-*a@v%jdXO zc(Kg-R8ar9p#Jmg_x9`m{=4QeOHj~(IUt4O>G{a@+_N?J)@^w9QTt!3#?vL4!Lt@m z+%KUfw?A#=xyFQ_Z(RRuow)Nh@KR<6jPV+T+tkl4ku>0r9$WyGojSoyaj1`~0 zG0k&Tsg6_m-Me|J*ZGWXQ5M!|t6McE?(|EG1O@krqp#KT@9#Oi>CM~O<>Kq-f2p;& z@^$r$vIK+gJ8E{QPzHPpILZNhYUxozhDe z96tGDnU(4(W2TvoKaTVoo#=0F%2*)yd9v~RZ8O;zO%7Z*y2CM&*TLJVvbtmH=lyZN zjaC0MOb~fqm)^JTol77?vPuJ+#N=~X_qDE=_*%GX03F8L#c9+h@a;#W?2V{xSCWq*8~*S8)6;ZHqo&-R?y z^yc#$)0;CVNVfaixG`;bdH6n&t|lID`+RJ3qsN~;CrlP7sMlMm zRIlY|-e9wDZkhb5B+dJ(pFcgG@J4cC>dnJ{eJ%8Zg4zRmr2$S?PDldY>8rh7-aL%pWA5o}c;Yd2Wy#dnMNf z?^D;0?fG$ILdCNgKOP6qQ_5ff6(oOD*9fPrc73G%>d5u;6HAllT@wy`biMsdN<#bI z>t}wRycx27^}|gM4l~YPuj@MvNz=a{PnYlGPtllS#M;^4{M9(%*uCtdhyVI={WcHg zz3J`sr*Eg`$Da%i3Jq)zl%Jk=lxf%b>2+RWnTj3X&E-EQ6s=KcO`ojoJmJ$+#rH2> zooi<{TCa2_(yn^q&RT{EsWTa*8a#d$3mi+VtkDiu;9A+WgV(I}t)!&zN3Kkx4Qd}1 z%X)oml0N@Bc%o>cuhgDRo)=etJHF3i*YX0HG7im5(GZG5s!!s@3V-{x!$cqu8t?s{ROQU-$&qsajcn>+Xa{5Wj>_G!by zKazjV7yX$n!KjgztahPS#p{n|lD6vw2d-!8>EP;B#95_*%_BC3zeQ;3l%v=Aztt)@ zKlJUXyu_mP^H$g;)usYzQ~6E)*SVY*a!7fc5|5YN`6*w>fqBWfDuomFswW;jUNd3W zA+_5fYdEKS9n4<#)#cp9tFbeL+LXNhykQ8s@GX7%ac>6R2_{d^2PD)LExRVl^84HBZ6v++%e~8Qt9)KGYr^#TOE!D?c*O85CIN1w0g?thdPdY}E!0#&(F)%=N5ey|qz&d!{tl+lpFxqwkfRJ%|| zL{#-@r_{m&Ia?#-?yo9pog{Srk@0$^I|l<8mbig@-D+9srhNWf%lDv7C-3p3YJ9lD zR;9goBFK4D8Ke|kPt9L^qfp6MN^8;$-?RE}Qa5Xzn*O(_q*VO-x;yF0&Wsa87)@S& zy5M~3(5wqVmZwYS7)Z^W6<@~vva?fgMRS_|`I$5OZp^=NFK#i1l!9Y2*8)C*;r!nP%Pvk%(cT`_P|~B>@Xf=0 zv)sFUAFZIU{gXbPzb{w+_wREzzGeDx_B&QiJlol6C>5Y^&v)AK?T=Iz1w5VA8M9gE z_aD1QCMQK4nU|#dFq$xYHNElo=cBKaPqGwCai=``ao%*3);zaU2EFf@tkfb;7fYTr zHve>nw}Ep<#lL?~SMwj8UczYN;Pi<5`;)adpJ&fIsq(Vdz;>3=-b&NG?_UJ$@?p5T zWBa;57G49%_?prwsW&gb->?0{m?@*7<%sw@&xuC*cW$5k!m($yvHu6DioXxk!h3AO zdu)39KbJhbaWsRW=kEOdw#WY8b!Fh4(DkDxzjBUd{k?>r)6=VRg!Tj}yzxI1#%=ld z@L%6MYYSsb|Hdd!j2C7*0@8Q%wK}NPc=WY8Ydt6mLAo7hM83@l;NR!@M9L!ahV~pC zznKRt)^K+2v9Jqf*{jIcagkw$4Wo%e)RFFNCvGRD-@-SSp9sCoxqxrBdE_+N*t@MR z_cGQPDl{r(G+dlHe@^HP3lRrq6~%jsN4jS^&E{oG(N68j*`#|g&a6r^p=wPa3vWoU zF7r~s`1+r3FTdY!UGj(Z0)r>VQq^g;jb*~SB_^DZ=D4Yq=RHF@plz9O_MwKFoY{4? zH@`pRIdq_VL2Hab1gN8TzkR}r?(6>d_EnZ=q|RoLO8E7N%l+qPDQ2M;{PV=G%~VV` zQK(c3x0rHA>+`d{yc=~n4<6`VApb7khUWl-?VbA~`#<%Ch3+umTEG~jXv5XEb5En< z<#Hwco;D3#P#LMx`N`YpbBph)L*~4DIHVeWv0PvfUjF;D)L-*!5r3J!9_{j*KE*+4 zzuV~C&#qo+c&v(waRg? zJUjW(iwmhL{^EVUT?-hO`7-btq@J38J>o{r()%C7gnnu~$w>29wq~lc%2b1M{^$1n z`*hpr>1wYS<5-Jrh24xZ%os}+!3#Kt*Hi5CgWm2=+ZJ`=%C=1sX~97glPY(~iF+u< z&6z*P_V2&lYwo08=7~&pSo9%hnLqad70w01U%yVjU-$89;C*+-E#5yr&#EzIOcpw` zPJjCG?WZ3{ch*dB3JGbvQrgS7Fe0n-&*8sk`|WE$t*PmIT6SGZi`-W8P3he~sR<71 z84aAm4(hKSeVr^{|6|$v#SFKW{;Blk(qv%x^625eWlx^1yIm--eG`wz5@C}AA)E^s zmwAG$Gd=t1X182_%8WCU74)j!-eC!1SmE5fICjd8v^F;{sLffbHU9F%&sby|IKZBflGb=GdDgXBE6d$gLjSOd3$?x=Y-WOZp8@ww( zyNPXv1fxm7#7QlQLI3t-meoquT`Wt!Kha2yLAP_|qUFncohzIl3)Ja7)RXCY`da4v zk$2C8f0r=`I53M=>dB}*JFYDDqeDfv`Zs{FEi8_)AB`9~Gc z{o*W|lO!1#KrQSUePO5PKUYuJkFS-8Re1Wf`REhni!Yv;{VjU8Vft)8Prdz7EAmbE z8fSRb?qcLqZD0dy*#Ga-?H~J<7tP36ZJ~2H`fjM$u_Mxl7pSRUR6E*ov$BfFL~WdA^x(}I_3PS{q;eY9{*f3*LTu9vFOim)f$f zw${B)X(_ALOg#NwsWwjdylnBZ8Jq4a)E#iD6V#o*_r-4khKvRVsRS-7je5Dc8;XMe z?Fr@Rk}`*>DnZ#ww;;?>wYhc4<=OjgQ}n3A&oYW2>B z_eEE}Gcp8R|MTRH;c26TH=iF0inqKs%Od)OaderXTK1M18ku!P&!&mAa87=+g_G0u zbTL!=rR=6pN1Q{9fAZ^`_dl0*efs9tr$20JWLv*_qh-;LUmN4ygX8NJ z_H-3Y58z+d&)a$7aHD4sBdt zqZ{mozM3@Cvfu6!^DdQ}ks{K+(}bm_#V#!FSDWnaUw3@brVE@^ zM(TnNSu7VAl$ZUf)Yje}`{=}pr=NXhtbL}Q{$FTYU0z*Ln!|}rZyx?rJNu0zd+uEJ z-SWoKy3?LVnw_(;+MjH=dtb@^drLT^5_}pLbder1#U(YP@7%m)D@R@@#{yD_OAVZ>+D6Q$%bb% zQo?2Sm;P7yZKHN?YQnSq9zXuZS~GsUK6`(>P1x?BD{KGf&fKt7VcJ-=NZPm`%kTzn4id@Jb9~uMQICTWOvE`A5WLh<6o^F{rvE=^x9oB zEt_YlN9VrnyL)=#mB2Lq>Wqi)1&-~!rMaO@@Y{yz=DYXt7@ys6K_PUPPiTdY)S)k8 z4$M9NF;A*L#XWv&vir&OP0M`ey`2*~$9MLp&8gd>{(L;`@0QlPcU`Pn<;uwJf80W^ z+?rmljaQL3^v~JnTXfFk=wySlT%n8d@9&v?Bb9~i>5BKv4g1ePs$|6)lLYPAi+GMe zvi12p(vME0Opb27CSKgAIHj3)^2EgTi&yWi|NFcC$TV^9>ynqY)vdl;=GHRdSN|Km z)z?|xymMg3wICA)}?~Zdi{rRyi<&sgtZH*q^OnK_> zmb}Z~)O$`S^+w+LL&ANxzng7-?QPuR2I@N1$}@R-C-#2Jua#%$IriamVUU3RyDYPH zC+h_w3|u^aWbgBQOC@?5!iHCCs-?C`DBANjsHQ>_Clf1b{NbU7_pMn;+0 zfQu0ppbNSR`vuN85|{?2`seci(B$D8WKXInY2$FwNBUU+(R z%5tsbu>tq&G$>(j9*-KJa$sD(aY)by!q+JwI4Z~4lU=KZ6$NWb%%q*90BF3 zlKLI{C$0!fc$O2y!fU|A^rG{_4*ttxr{-&_Y2G%mx8&BYY2JJ?N%WSQ&f*5?V9%ee z^Q^C{xn5vctkA$F!Rx)%cbA69<{;g}Gg(W{9JSQ0y*^DVEzWgEzfwlSLtzJIo>-lF zu?=~fZfKl*!kCb;Cw!-h>xH8tj?6ss8Ke?qL^AVE=^OW)SDPEnwPNml@9!U&*xIx1 ztlC!O6c~Tw%!G5yJkuDY5-v=!7w0(Lv!TG$j@3nO_NU41Yxl_WNKM}#s(F>CZ{53? z+*2pQyJy?5^6)tv_lm1vy}+QX;Gna?W}m6uZja~OXTrEw9uGTp_`6Xt*AebbymF@s zCa!dt`##Ldk-6mk)7AX``~R;yGhf7knP>W^=S+&q!W-TR9dq{yQ{d^l%bjuZ(~mGA z7s;d76E|xV9oBl5DX>6a{QUj*e?h&Yg`4l)&|2fcx@LF8MrNLXJMJ7sC&k&@^3=rvGmDe!XaX} zy(~7D75a%9+eKS0^fC%KIwzjtZuO4+n#Dgw9sC1M&bKuvkk_s$em^HsJA98X)3u~~ z4j!p?rG*0NlB%uIQ#p$TRNX;6aS1g>6X7qPuC^QTW+a@@(dzp7q)0OC(@~Yq-4^@1 zT8&R@Ons=MZ4j+{=k@1l=i_D=R6jMJ8r!<9%lXM4CJ7NnlVD*v(|tc)oiJu!yzI|T zhktL(T%wP%-LzZ1ySrrGsgx8|%hOzE!nlPyv+msd&gHDKfL)^R=gFB2vsPB_*bnmS zZS(gvujYK*R2%f>7cU zj3x&*97z)Utr30nW}X&KMIVGl*Pn-`xb*LJd!Z>_uCBu6c>cgh@7N&>$E^_>O#L} zmW~jyD4!iK#Ut#h4Wo7UbZwZSl+n;A;K0n&r2cr)lq;eJ-QTKg?5B22O`Nhq)4nxk zmf2J7n%?taQ9e@y<+?;1#RFJ)4Fs4n8XP(NkDZ!d{_)pAqes6^35afJXXI%)eKD?W zMZ}J~$Ab#Dars~0X2|eMwSn!${PahAKP}a^>+-HOs>+ypr$GO`qRx4Nw?gwfrXAld zr^dbF1H+5C3{nf~|Nr{_|Ab1??#SS&6XjJU|Au{@Y;2m8Dxo?{scl)`pW=z?jZ6<0 z=`PcMcCkaTKvOxDDWhTDS^sl~gzio*l+21KyI8-t=Z4gDeY%hE@>f_|@S2^AC_KBYqce)@NnPrPFy`5CwW8%didSlCr z1_r4G{zX@l3{6BXPfwXr7U)&4vDiiSnZM-EcYEJFGF;iSc=c|Ji8(u%3>=s;8tRTL z+Z*f(?CS$kBL7N@@08a3~qQ0j|00cVnfB>BIae=I3hWlv~exxnz3 z<8<@W&EmE4CkmdPo-gVk`om&6i|y{nUgn;t8(#%4GavBaT)DIZdMb}W;-o!hI|G))~1&q7Y40V+4y}ZI!dhTHUE7bm0$nJi!_u`0u z!2xoMxSqtjaxgS2HL$&iifHE!?S6Wh>#sRii<|09$*s;cx6|*lGo369w3?Dpy8dQX zqVZyff1xeQgk8kX-?vs?P|lRm;CFPn{K728r{~!@SNj@gX$QKRp0iE}h?#PV`}U>0 zdVyNda6&r+$RSJr?BscRUUlU&jkFrRq#YS^@)+1BN{C%(UA*MSp<`zp4uZy@dRbY& z_%ZNakbQdIM0=U&Hj{0)Wu1OsNia?S zwbvw(J;4H`-PJB6^lJ2^H3h+iR`$`lN4`g&4CPM}yQr|;Mr!(cG4X567pxgg7@8-< z%W{TxzuX^~@ZKoeRpN_NO8lfX8)nqqY~S>j>wo}gD@@A|b)|k++9n;lYJ{?-}Ni2Y&&4GdUKtsoYQym{$fef#e*5*uKPGEbrk{`dQmb<~DU-K( zY1*8$mxluHUA#J1DPw`Oo{@-vgR#ygb&m;GlPiDazbSh0d0iwsPw#n#i)|bB%vviJ z=gP6=?Q8x0Z+{C&=rNiwE7i8KRQ^@y-LN7q_@}e0pL4>GHBx*+T?^jEG3V~C_`Br2 zbHWam3k+XQu0GEv)b8ySaes@w%8!Ej$1P2Tol{rcyrLg))+mhKFoxla69aGXvbAQ( zhS9nzt5RDMlD0*i5L^87;5 z&dq1IV9RL2@R!4Ny5b}c-N4lK0#?t3pWn>dcqY%fdt;fXd-};I7cVR*xaGx}+3B)% z$%PZA^8^^~f>z@8_g|d1=ycI1Um-Qin4d>1Pq&`CxqNBS@we{R{w>Nhe;rWhS$$?* z^OMsdPrp`cO7L$#H|g^e&?>Ee*XuLN7%!;mE3zzL-?-9Ar~CES0yl;I$L5_WX#LLK zRxfwn-@Lfx>BqMYTwBXbU;jA&|LcDLXTEKIZnvgYgjHx9E}f8-zgTv6vs21?C6)#5 z^}m1H|GW9!kYU2KpC@l#n|l6&R3T4srP-hd3Oe{- zcAS5V$t^KF!@Jt)*p=x|KjzvroSm}mezLanrahrPQ?Aure9T|+{>`VwJ)i8iez4B| ze`=P|>f?_+haUfY8TDn4Y2!f?0p%ge9Kttae4eoJlKYGZZZr)GUWOecbd9XqA9KQLgMB&^FMuGcJ@rLvoL?z7Uf;Ga%SVP?irS0lfng=E=V$(Fs$YF z_LA?h^{A6wC$jFwwe6+4{rOAJS8G-_AM7ez^?Ay-8&xa|q?s}pqL%-6WBrvsWqWCm zq6s2hE$N6iP!nBrCd1GJ^Ac{g9kj>GS6SUI`_QB zm4{zg7Vt7KuXg2*{hac_1{qI}&NPeG?U8246>xBV{Y)J+GCx6M z;(|Y0!ly*d+bS;`tXrWGYthij*~;|rQQA!=hsP`zF6>$kTI{3fV9&DBR8v}Cf88|R zDAq?IyAoG7=e0;5%-JfiWZLu47KSZe47_W9e{2WMb6o!(=x}{c-G*5Pd5X&d&En== zHJUqdQP|}Df)%RT)M(z?U|I-$Mga# z{rq=5ndO%L$(%`A4zh}MH%l~o=fS;&i*t8vxxDm8mc@&P>I~M0ZUS~s7FNhKq)p{o z@V1^Qbx+OLhfi1Y*UGat8-Ukcx%n$_Fql>xdAOi^sSZ@xay@81X6O)KP~2gj zSK_cEU}pb{%S$WV1145Ykhmkgy;*1e-j4ldCD0|YkD^j5YgT8x4mhQiEp+GbhgR;n z39ke41lqgGS!U;oR){JxoE36lz95$Q!10-S`mbpr3da_C8?uzlyQXqu)qw>Uc|ny` zA!xy@$Zm;Zjgw5Z6PHd?pR!Q=p-O4B?G!zkt4ElcZe|(o-uLEv0>cb8MiT~JZbsjI z?F#IHmURO83N0H8CS6PU|2SY*LCCWl)&-GF84Oa3eU=#=jr_{_?q%Dx6(#yH_tRFl z&St%9{F(v0T=er4dwDNO{k41~0^Y4+*z)}4_xq`l-=639*UF#Z0Htxa z7*XwdyD4w>ZL%oQI<75Xd$?oAsjDix?L+<*o@?eh5SD*`PxbF-cfo5pAzB(_Ht_v5 ze=+g=*UK}vMukkg<{0uR?Ag7j%Q;&G?lb3nEvSFY7CVVSs(~$H<`wg3U7LL}T7EXp z?$eiiGnG7$_2tY;wR;M0DrK}%zCUa+tpcwzT_72D)YLOY%lNxig^fLLuwSl%Z1LLF zo_rC#M)$Zr&ED&0QY`R1!h+oB})TJ^-SK5G7@68S~-%fx`zD91O462EAj z*zb6SfvG@)(S$*?l_z^!6i1R)wA}qwENk5U_qthBCdNFPHam9-NOR)5*4gVBSsny1 zWiYJjII4g8akT0R(HHvzCqJ0C??k-RlD#jX!pEJ=49cLkwN-S98A4KjULBp?H1oES>~kwherX z*(WrCb~!xyIyr6sG6pGzU1s){+^$nTUADTyaLD86$4`rqs`rYd>YbeMTcg z@YQ2lp$xnS5)V}=KUvO|xN73gE8A`MUFBRjOG5HY7=s|AswX0O6V{&1I%Im`#np{A`%3k~r`>lq=V!d( z&A{uRxv~66&enjv(Z@gi2z#1YtEOmM#C3gP#3V<-d0}bl5)GjBa#Mt~{Xw%p`}$MY zm^7pXoH@*O#rxXy^S^u2Qxk>HF8fX{+n?X7_*ZC?flpeRY|wtIJJY3~xUeONGnz2`ez`v|*oVDG(LrFgrDHSv3j!?Pg}0W}lx{C~?;F zm#Eduh~HO4{GQzWntGp|>3{&|0>&GfI>(&c7PzdiJDI8MbJT4{FOU0<(;fe{3Y5%G zgcZuVhnJTawVW8b zKqj8QwT5pcm$S0dTIZ?q&6{lYnW|@3?bv^@b+MydHNy?iks`bQ82P-+t97bja|)K7 zG2>>I;-~DE#5ISD`M`0KBR)MbOvJP`E4VUV_MXEHov)L4CSRX^QQUm`uTSSK&!vLb zZ{BeFSsYw5Z+m1~vTT~N?JeuShvMc&R%x8fR8BH~yN^HR&Y>KW9)_G(>J9Ve&#BzO zBC+ZC=it}vZZ`Ag>-FcevN$|CWn#{;R^^JHoY((HZY}+76348Z`tns6Z8hxu8jU#VwxX;2sr*%Ghv+V&&nF#P zE|-3N`c!j!x%2+cz9m17yH5R=3$etSi_2Tksohom;3Mk|L*PV^1J`9GE5Qt zmEY3hdN)#*%Ww8lx&4}Mo9vQzgr1oFXlZ`_)z1s%Knnw2uln_352#ZU_oY@u`CCD~ z@VxqG>ggx_R&_sr4_X{&b-zyMBzwaiIi?q&{VVTZFdP=Q(^&i8tv1!J$WPKuh)wU= zIobKE6kqaXPB(~3tP2i$C;RdBd;9DEl|Ty)ZXIIyU|DOx@WW?chWXQ}HMOVa&rVWF zobgOOT|RkP?*IJbb2oiXESZ+-9$uc8DDw(53@|S>a$1gHiSqr@eH>OdC$c2?UbkJq zD6wg4UhS;!p=P`HU2)$e_<8bXi%FASSbbW)dEy%Vn}$5La}V3IHedK%Ej9U-Ol?W2 zxSRF9JrlE%LVm5U|KDHNpK|3+9>a|#Oi~FK4mtlh{MYxNc=dnN-yubtey-pBZ}o@k zYu5^2+m-9*vzpiK)7OU0SCw|ZTRY$L-*amvL)Ho#`?F#7f9vYJ(ii`IXC>yQbN{yO z=Dj5ye@s6ce(&3~c=GN)Idk?jB|Z0T&SIaqf4cAbts#4&>gLS6e)H4K<9-)9&zwm+ zDrvWSUr*_msqRK+f0Vw}nkc__692l7|KEPvz?gCM{=a|y_1|iF7~Wh-H4Sz=81;T@ z&e^Q>W|sC|5A%OUOkF1R%VD;%WZh+tunji*cx5d=7aJMt@^8#`TKD%{OYax435WQz z-$rx)-&ON1sjg^Q&-Z|z2k%r}yZ&d>l;z!g2abSdHP+SKJ-g0nHrL0GM}(fQxcVY7 z_sEfDQ*+Pll~^NjlIuqH`9~}EQs!8c-tbb;fq6-4_?*3BasKa}Pi05_3dxb!4w~vTo5%O~Z)JpCYPHh4;=-ZSA!BIq}Y!JMQUB_Ydhst0yWMZ!V1X z|NJX{^ThSWR@t@llhP#^E~zxIJy?9ik&*jYdnc|*t}7B- ztns`eHQRRLrJ0ixpKtmxwK=-Jeyz*)>Ys1&Z`rTedQ$Vv>g2cACi~WY+M>Q^g5|c> zm%j@bUQC`Y!1Q6}(~oa2Ijx>ob1UiUEfM9&fSozV+e-(AJX6Bf-Oyp7j^ykT$ncSeoQVjDq+GI>P$a3k+&8zSKsr}x=?;|Py zd+P5ScD8|j_of*1T&ig}@;CZEJA=djvb{4WaPg!yC&j3qYTs!6Md#dgyWlo{bCVMZ zW~%m+FvK~Z}_ihy!PZjL(oEQh0>o# zr_1h7Hh;{S7{*(v~ zK6I_4tEk}!=K{tbC!$vG+p)=L22Yo1{brHpVPe^e-T!9@t~+_HsCFYaJMXL1v|Y?h zpjkSF%wPE?r@cQ*Ety^B?c-N9Wqqs8vm@&dEHKU67IkKw{%^aki?6rO-@RK7Jit9k z?Q!xC9a%|*>t|+hbuB2hSb65^q{i86#a>Nh1f?2}>7Smbz1+{JDbRmyOJ%Fcl3an$ zSH-Q5Nu2q0C_%43|7$y=$7Imz>1zyUFV!!04EueyXp{N531Qo=wI*+iT2uOjeW_;>HKt|n-dvp9d>$$%r**`7Y(>HR**R5ixf{P^XqTb3C#7zML= zN9SHD`S`1It^_C{cubM~k@j-`MV*VD-e=Ccd3a=N&1+ZsXEo>XS)+NpUAn%%>;xF9 z6dKq(rd;PY^UJuzwp7W$HapfLV?uV?<|J{x+uy!E^{;u%IYEli#Gz|X-G)NN3-i~C z9TQ%lvUNi4gg54S+oFEN_$en{Z2rjN(F<8`Exmp9OifXZo~)RjpE(mu4$X{<|9JQK z-j#yumi8J*ON+d7d^jzoj!6Zya@Zs@MA@VvZyN8UW1K#cQn3~i+_4r63+xz89E#Q~ zkosOxCl$7wskR|2ZMEy4i*_&r?i#p*W{k-qKPPGcdO92OFhgh+nxf|S>CQpBVNbvu4KhN4I z8IyGjQY}SWKE}x1pS1|Q4NoO~Ta*rHg`b9+lee(P1c6nB+dj@pWnN#nk-NR?u3L+y z)Vif@A_}Y^Pewd9fAR5;iO&2r-=qcazwnSgb7|R*E;EnBOz$(7rmeVFj;pLmJ9;*I4YtsEJqb0hA8=gvPXUt}hV$kZ6mkM2fJRvf`aaK}2^DLp;4%w0y zr`%{fKH(B*6T$WPy4Mpqqf{H%8eVGE?~Wyob{{XaRfw8~ORh2S-g|eW z?Yw1PRXg_YtoVDRz;QLp1%?9(5j93)W%FjGo;@FN-52uiT-Kr|qn6cdVrF21I z+ZNt3F9tOq23tP6nH&ZVryoZLW=h}rs*vimBJHMj?zHXJX6O7k9k^I7Fa%uubdx(! zGdXed630jC9$`D)pAX}bnZ3D?IL8 zyc&Dsc5wJT(6-#CAJ>{)IQvPFjzRe$YfB_E_wLkx5hHHBfs=E zFiciyU}I=t=9nj;oXaa^9<7^peR{3@(UKN_rxxxtFS!g1!5Vw`A8hyfc159ht18L67?Nzrfj@w4zLoXeiwm^)3@u7S_y&iy^LpVw{P@5jK)z>xZK>Fr4oKDWL% z`UKxFHQdvCdD`;aRi_zmU4Gg&pFxU&;Z)GSGcS%jU3&AjMXW{CrkZa`f1FA!514?w zuwc#N)z+r{ZzJXIuey{P^bP|GFc$^y%A=a)-VhNfR{jj<0CY6m(!_VED^jIoa-L?uNokt1ei%EzEnI zB)H{NZNo-T+%q%_aF?z~(ahW5?&pfSrR)$99Y**n~Q?Os~r_B9hoY6PmG+qQ- z@4S$kJy|4vx_j+x@x}{QZqGOjKs{!L1P9QBb}h%{l!V*MxZS0bcC6=^bs|i)rwO%3m2NFQZFV5x?ca(nkb4-U3Q9`Nqji7Tb!A>^Wlm_gx34n%*;gTuMGP4S4*xwH z{{LmYhexzf*MicA3=)0qzh{5&|0oZR2nXX+B29t4-<~okt2VGPFf^obc$Q}_F|ZMF zTy4lMF@68vzw-az{FY!~U|{$*J2oD?6=BhPX2u0Nq9ErSuxL@rkeEAtygjX;mO=uhp~dFT{gQ9xf8W0U|06xUUJ~rVmjR5tAcliB nI5rpgTe~DWM4f53P`n diff --git a/hand7s/wayland/hyprland.nix b/hand7s/wayland/hyprland.nix index 907ee9f..b5122ee 100644 --- a/hand7s/wayland/hyprland.nix +++ b/hand7s/wayland/hyprland.nix @@ -1,6 +1,6 @@ { - self, config, + self, pkgs, lib, ... @@ -14,22 +14,22 @@ ) true; - package = self.inputs.hyprland.packages.${pkgs.system}.hyprland; - portalPackage = self.inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; + package = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.hyprland; + portalPackage = self.inputs.nixpkgs.legacyPackages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; settings = { monitor = ", 2560x1440@165.00Hz, 0x0, 1"; general = { - gaps_in = "5"; - gaps_out = "20"; - border_size = "2"; + gaps_in = 8; + gaps_out = 20; + border_size = 0; layout = "dwindle"; snap = { enabled = false; - window_gap = "5"; - monitor_gap = "5"; + window_gap = 10; + monitor_gap = 10; border_overlap = false; }; }; @@ -39,9 +39,9 @@ kb_options = "grp:caps_toggle"; numlock_by_default = true; - follow_mouse = "1"; + follow_mouse = 1; left_handed = false; - sensitivity = "0"; + sensitivity = 0; special_fallthrough = true; focus_on_close = 1; @@ -64,27 +64,29 @@ }; decoration = { - active_opacity = "0.85"; - inactive_opacity = "0.65"; + active_opacity = "0.92"; + inactive_opacity = "0.88"; fullscreen_opacity = "1.0"; - rounding = "10"; - dim_inactive = true; - dim_strength = "0.15"; - dim_special = "0.0"; - dim_around = "0.05"; + rounding = 24; + rounding_power = "2"; + + dim_inactive = false; shadow = { enabled = true; - render_power = "4"; - range = "4"; + render_power = 3; + range = 20; ignore_window = false; + offset = "0 4"; + scale = "1.0"; }; blur = { enabled = true; - size = "10"; - passes = "5"; + size = 8; + passes = 3; + vibrancy = 0.2; }; }; @@ -92,7 +94,7 @@ "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpaper.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hypridle.service" "${lib.getExe' pkgs.systemd "systemctl"} --user start hyprpolkitagent.service" - "${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default}" + "${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default}" "${lib.getExe' pkgs.hyprland "hyprctl"} setcursor material_light_cursors 20" ]; @@ -100,12 +102,12 @@ bind = [ "ALT, return, exec, ${lib.getExe pkgs.ghostty}" "ALT, Q, killactive," - "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.system}.default} ipc call launcher toggle" + "ALT, S, exec, ${lib.getExe self.inputs.noctalia.packages.${pkgs.stdenv.hostPlatform.system}.default} ipc call launcher toggle" "ALT, F, fullscreen, 0" "ALT, L, exec, ${lib.getExe pkgs.hyprlock}" "ALT SHIFT, space, togglefloating, active" - "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png | , killall -9 hyprpicker" + "ALT SHIFT, S, exec, ${lib.getExe pkgs.grimblast} --notify --freeze copysave area /home/hand7s/Pictures/Screenshots/$(date '+%y%m%d_%H-%M-%s').png || , killall -9 hyprpicker" "ALT, left, movefocus, l" "ALT, right, movefocus, r" @@ -163,18 +165,34 @@ ]; animation = [ + "workspace_wraparound = true" "enabled = true" - "animation = windows, 1, 7, popin" - "animation = windowsOut, 1, 7, popin" + "bezier = md3_standard, 0.2, 0.0, 0.0, 1.0" + "bezier = md3_decel, 0.05, 0.7, 0.1, 1.0" + "bezier = md3_accel, 0.3, 0.0, 0.8, 0.15" - "animation = layers, 1, 7, fade" + "bezier = menu_decel, 0.1, 1.0, 0.1, 1.0" + "bezier = menu_accel, 0.38, 0.04, 1.0, 0.07" - "animation = border, 1, 10" - "animation = borderangle, 1, 10" + "animation = windows, 1, 4, md3_decel, slide" + "animation = windowsIn, 1, 4, md3_decel, slide" + "animation = windowsOut, 1, 2, md3_accel, slide" + "animation = fade, 1, 2, md3_standard" + "animation = layers, 1, 2, md3_decel, slide" + "animation = layersIn, 1, 3, md3_decel, slide" + "animation = layersOut, 1, 2, md3_accel, slide" + "animation = fadeLayersIn, 1, 3, menu_decel" + "animation = fadeLayersOut, 1, 2, menu_accel" + "animation = workspaces, 1, 4, md3_standard, slidefade 20%" + "animation = specialWorkspace, 1, 3, md3_decel, slidevert" + ]; - "animation = workspaces, 1, 7, slidevert" - "animation = specialWorkspace, 1, 7, slidevert" + windowrulev2 = [ + "float, class:^(yazi-picker)$" + "center, class:^(yazi-picker)$" + "size 1000 600, class:^(yazi-picker)$" + "stayfocused, class:^(yazi-picker)$" ]; misc = { @@ -185,11 +203,12 @@ animate_mouse_windowdragging = true; focus_on_activate = true; close_special_on_empty = true; - initial_workspace_tracking = "2"; + vrr = "3"; }; render = { cm_auto_hdr = 0; + direct_scanout = "2"; }; binds = { @@ -264,8 +283,7 @@ plugins = with pkgs.hyprlandPlugins; [ hypr-dynamic-cursors - hyprscrolling - hyprexpo + hyprspace ]; }; }; diff --git a/hand7s/xdg/configFile.nix b/hand7s/xdg/configFile.nix new file mode 100644 index 0000000..64cb8e6 --- /dev/null +++ b/hand7s/xdg/configFile.nix @@ -0,0 +1,22 @@ +{ + lib, + pkgs, + ... +}: { + xdg = { + configFile = { + "xdg-desktop-portal-termfilechooser/config" = { + enable = true; + force = true; + text = '' + [filechooser] + cmd="${pkgs.xdg-desktop-portal-termfilechooser}/share/xdg-desktop-portal-termfilechooser/yazi-wrapper.sh" + default_dir=$HOME + env=TERMCMD="${lib.getExe pkgs.ghostty} --title='yazi-picker' -e" + open_mode=suggested + save_mode=last + ''; + }; + }; + }; +} diff --git a/hand7s/xdg/mime.nix b/hand7s/xdg/mime.nix new file mode 100644 index 0000000..1c1102b --- /dev/null +++ b/hand7s/xdg/mime.nix @@ -0,0 +1,11 @@ +_: { + xdg = { + mime = { + enable = true; + }; + + mimeApps = { + enable = true; + }; + }; +} diff --git a/hand7s/xdg/portal.nix b/hand7s/xdg/portal.nix new file mode 100644 index 0000000..c56d593 --- /dev/null +++ b/hand7s/xdg/portal.nix @@ -0,0 +1,35 @@ +{ + config, + pkgs, + lib, + ... +}: { + xdg = { + portal = { + enable = lib.mkIf config.home.gui.enable true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-termfilechooser + ]; + + config = { + common = { + default = [ + "gtk" + ]; + }; + + hyprland = { + default = [ + "gtk" + "hyprland" + ]; + + "org.freedesktop.impl.portal.FileChooser" = [ + "termfilechooser" + ]; + }; + }; + }; + }; +} diff --git a/hand7s/xdg/terminal.nix b/hand7s/xdg/terminal.nix new file mode 100644 index 0000000..64d9c95 --- /dev/null +++ b/hand7s/xdg/terminal.nix @@ -0,0 +1,12 @@ +_: { + xdg = { + terminal-exec = { + enable = true; + settings = { + default = [ + "com.mitchellh.ghostty.desktop" + ]; + }; + }; + }; +} diff --git a/isla/boot/lanzaboote.nix b/isla/boot/lanzaboote.nix index 08d07df..8036b8a 100644 --- a/isla/boot/lanzaboote.nix +++ b/isla/boot/lanzaboote.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { lanzaboote = { enable = true; diff --git a/isla/boot/tmp.nix b/isla/boot/tmp.nix index ac46b34..904e141 100644 --- a/isla/boot/tmp.nix +++ b/isla/boot/tmp.nix @@ -1,4 +1,4 @@ -{...}: { +_: { boot = { tmp = { useTmpfs = true; diff --git a/isla/console/console.nix b/isla/console/console.nix index 1e60d13..e3a24c9 100644 --- a/isla/console/console.nix +++ b/isla/console/console.nix @@ -1,4 +1,4 @@ -{...}: { +_: { console = { useXkbConfig = true; }; diff --git a/isla/disko/disk.nix b/isla/disko/disk.nix index 221caa2..8c60a0e 100644 --- a/isla/disko/disk.nix +++ b/isla/disko/disk.nix @@ -1,4 +1,4 @@ -{...}: { +_: { disko = { devices = { disk = { diff --git a/isla/disko/lvm_vg.nix b/isla/disko/lvm_vg.nix index 8e108be..1c255d5 100644 --- a/isla/disko/lvm_vg.nix +++ b/isla/disko/lvm_vg.nix @@ -1,4 +1,4 @@ -{...}: { +_: { disko = { devices = { lvm_vg = { diff --git a/isla/hardware/cpu.nix b/isla/hardware/cpu.nix index e5746c6..441946f 100644 --- a/isla/hardware/cpu.nix +++ b/isla/hardware/cpu.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { enableRedistributableFirmware = true; cpu = { diff --git a/isla/hardware/qmk.nix b/isla/hardware/qmk.nix index 543ece2..8742a19 100644 --- a/isla/hardware/qmk.nix +++ b/isla/hardware/qmk.nix @@ -1,4 +1,4 @@ -{...}: { +_: { hardware = { keyboard = { qmk = { diff --git a/isla/hardware/zram.nix b/isla/hardware/zram.nix index b973787..0d77537 100644 --- a/isla/hardware/zram.nix +++ b/isla/hardware/zram.nix @@ -1,4 +1,4 @@ -{...}: { +_: { zramSwap = { enable = true; algorithm = "zstd"; diff --git a/isla/i18n/locales.nix b/isla/i18n/locales.nix index 09234a5..f456740 100644 --- a/isla/i18n/locales.nix +++ b/isla/i18n/locales.nix @@ -1,4 +1,4 @@ -{...}: { +_: { i18n = { defaultLocale = "en_US.UTF-8"; supportedLocales = [ diff --git a/isla/networking/firewall.nix b/isla/networking/firewall.nix index c1d1150..4ec736e 100644 --- a/isla/networking/firewall.nix +++ b/isla/networking/firewall.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { firewall = { allowPing = true; diff --git a/isla/networking/hostId.nix b/isla/networking/hostId.nix index 4e2bb58..5267b08 100644 --- a/isla/networking/hostId.nix +++ b/isla/networking/hostId.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hostId = "3c4734c8"; }; diff --git a/isla/networking/hostname.nix b/isla/networking/hostname.nix index ef6faab..c1ba168 100644 --- a/isla/networking/hostname.nix +++ b/isla/networking/hostname.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hostName = "s0melapt0p-nix"; }; diff --git a/isla/networking/hosts.nix b/isla/networking/hosts.nix index 10e63c8..ffff44d 100644 --- a/isla/networking/hosts.nix +++ b/isla/networking/hosts.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { hosts = { # EVA00 diff --git a/isla/networking/nameservers.nix b/isla/networking/nameservers.nix index a4d22c1..31726b9 100644 --- a/isla/networking/nameservers.nix +++ b/isla/networking/nameservers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { nameservers = [ # cf dns diff --git a/isla/networking/networkmanager.nix b/isla/networking/networkmanager.nix index 278a693..cce7f65 100644 --- a/isla/networking/networkmanager.nix +++ b/isla/networking/networkmanager.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { networkmanager = { enable = true; diff --git a/isla/networking/timeServers.nix b/isla/networking/timeServers.nix index 88e14c4..9289ea6 100644 --- a/isla/networking/timeServers.nix +++ b/isla/networking/timeServers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { timeServers = [ "0.nixos.pool.ntp.org" diff --git a/isla/networking/wireguard.nix b/isla/networking/wireguard.nix index 2ee5c02..bd2336c 100644 --- a/isla/networking/wireguard.nix +++ b/isla/networking/wireguard.nix @@ -1,4 +1,4 @@ -{...}: { +_: { networking = { wireguard = { enable = true; diff --git a/isla/nix/settings/allowed-users.nix b/isla/nix/settings/allowed-users.nix index d483d0c..0239519 100644 --- a/isla/nix/settings/allowed-users.nix +++ b/isla/nix/settings/allowed-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { sandbox = true; diff --git a/isla/nix/settings/auto-optimise-store.nix b/isla/nix/settings/auto-optimise-store.nix index 14f13c5..cb7a22a 100644 --- a/isla/nix/settings/auto-optimise-store.nix +++ b/isla/nix/settings/auto-optimise-store.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { auto-optimise-store = true; diff --git a/isla/nix/settings/experimental-features.nix b/isla/nix/settings/experimental-features.nix index 7ce7e89..9c45bc4 100644 --- a/isla/nix/settings/experimental-features.nix +++ b/isla/nix/settings/experimental-features.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { experimental-features = [ diff --git a/isla/nix/settings/substituters.nix b/isla/nix/settings/substituters.nix index 762ec5c..f00d6d2 100644 --- a/isla/nix/settings/substituters.nix +++ b/isla/nix/settings/substituters.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { substituters = [ diff --git a/isla/nix/settings/trusted-public-keys.nix b/isla/nix/settings/trusted-public-keys.nix index e8710cb..4a128cb 100644 --- a/isla/nix/settings/trusted-public-keys.nix +++ b/isla/nix/settings/trusted-public-keys.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-public-keys = [ diff --git a/isla/nix/settings/trusted-users.nix b/isla/nix/settings/trusted-users.nix index e4a9dae..4eee825 100644 --- a/isla/nix/settings/trusted-users.nix +++ b/isla/nix/settings/trusted-users.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nix = { settings = { trusted-users = [ diff --git a/isla/nixpkgs/config.nix b/isla/nixpkgs/config.nix index 27b79b0..b93e4ef 100644 --- a/isla/nixpkgs/config.nix +++ b/isla/nixpkgs/config.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { config = { allowUnfree = true; diff --git a/isla/nixpkgs/overlays.nix b/isla/nixpkgs/overlays.nix index 2881eba..8db0844 100644 --- a/isla/nixpkgs/overlays.nix +++ b/isla/nixpkgs/overlays.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { overlays = [ ]; diff --git a/isla/nixpkgs/system.nix b/isla/nixpkgs/system.nix index 63fda3b..3cbe59a 100644 --- a/isla/nixpkgs/system.nix +++ b/isla/nixpkgs/system.nix @@ -1,4 +1,4 @@ -{...}: { +_: { nixpkgs = { system = "x86_64-linux"; hostPlatform = "x86_64-linux"; diff --git a/isla/programs/gamemode.nix b/isla/programs/gamemode.nix index 5fd437b..c8f046e 100644 --- a/isla/programs/gamemode.nix +++ b/isla/programs/gamemode.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { gamemode = { enable = true; diff --git a/isla/programs/nh.nix b/isla/programs/nh.nix index f43fb06..6d9937d 100644 --- a/isla/programs/nh.nix +++ b/isla/programs/nh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { nh = { enable = true; diff --git a/isla/programs/ssh.nix b/isla/programs/ssh.nix index b7b9d20..5028eaf 100644 --- a/isla/programs/ssh.nix +++ b/isla/programs/ssh.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { ssh = { startAgent = true; diff --git a/isla/programs/yubikey-touch-detector.nix b/isla/programs/yubikey-touch-detector.nix index c9815c5..92fe31f 100644 --- a/isla/programs/yubikey-touch-detector.nix +++ b/isla/programs/yubikey-touch-detector.nix @@ -1,4 +1,4 @@ -{...}: { +_: { programs = { yubikey-touch-detector = { enable = true; diff --git a/isla/security/pam/services.nix b/isla/security/pam/services.nix index 565ef37..f4d42e5 100644 --- a/isla/security/pam/services.nix +++ b/isla/security/pam/services.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { pam = { services = { diff --git a/isla/security/polkit.nix b/isla/security/polkit.nix index 7604e82..77e04d1 100644 --- a/isla/security/polkit.nix +++ b/isla/security/polkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { polkit = { enable = true; diff --git a/isla/security/rtkit.nix b/isla/security/rtkit.nix index d3604df..dd40f89 100644 --- a/isla/security/rtkit.nix +++ b/isla/security/rtkit.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { rtkit = { enable = true; diff --git a/isla/security/sudo-rs.nix b/isla/security/sudo-rs.nix index 772460d..4f270c9 100644 --- a/isla/security/sudo-rs.nix +++ b/isla/security/sudo-rs.nix @@ -1,4 +1,4 @@ -{...}: { +_: { security = { sudo-rs = { enable = true; diff --git a/isla/services/fprintd.nix b/isla/services/fprintd.nix index 47c72bc..172b999 100644 --- a/isla/services/fprintd.nix +++ b/isla/services/fprintd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { fprintd = { enable = true; diff --git a/isla/services/libinput.nix b/isla/services/libinput.nix index 111040e..4eac635 100644 --- a/isla/services/libinput.nix +++ b/isla/services/libinput.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { libinput = { enable = true; diff --git a/isla/services/netbird.nix b/isla/services/netbird.nix index 071330a..f375f14 100644 --- a/isla/services/netbird.nix +++ b/isla/services/netbird.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { netbird = { enable = true; diff --git a/isla/services/pipewire.nix b/isla/services/pipewire.nix index c4bad1e..37c7c5f 100644 --- a/isla/services/pipewire.nix +++ b/isla/services/pipewire.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { pipewire = { enable = true; diff --git a/isla/services/thinkfan.nix b/isla/services/thinkfan.nix index 78a42e4..c53ddef 100644 --- a/isla/services/thinkfan.nix +++ b/isla/services/thinkfan.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { thinkfan = { enable = true; diff --git a/isla/services/zapret.nix b/isla/services/zapret.nix index ad671e1..c512ea0 100644 --- a/isla/services/zapret.nix +++ b/isla/services/zapret.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { zapret = { enable = true; diff --git a/isla/services/zerotier.nix b/isla/services/zerotier.nix index f58210f..b864ebf 100644 --- a/isla/services/zerotier.nix +++ b/isla/services/zerotier.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { zerotierone = { enable = true; diff --git a/isla/systemd/oomd.nix b/isla/systemd/oomd.nix index cbd28f2..bb9a200 100644 --- a/isla/systemd/oomd.nix +++ b/isla/systemd/oomd.nix @@ -1,4 +1,4 @@ -{...}: { +_: { systemd = { oomd = { enable = true; diff --git a/isla/time/timeZone.nix b/isla/time/timeZone.nix index 57bca35..cef1656 100644 --- a/isla/time/timeZone.nix +++ b/isla/time/timeZone.nix @@ -1,4 +1,4 @@ -{...}: { +_: { time = { timeZone = "Europe/Moscow"; hardwareClockInLocalTime = true; diff --git a/isla/users/mutableUsers.nix b/isla/users/mutableUsers.nix index 54415f1..9bb56d0 100644 --- a/isla/users/mutableUsers.nix +++ b/isla/users/mutableUsers.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { mutableUsers = false; }; diff --git a/isla/users/users/hand7s.nix b/isla/users/users/hand7s.nix index 8c0df47..e36405b 100644 --- a/isla/users/users/hand7s.nix +++ b/isla/users/users/hand7s.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { users = { hand7s = { diff --git a/isla/users/users/root.nix b/isla/users/users/root.nix index 595a6f6..e1374f1 100644 --- a/isla/users/users/root.nix +++ b/isla/users/users/root.nix @@ -1,4 +1,4 @@ -{...}: { +_: { users = { users = { root = { diff --git a/isla/virtualisation/docker.nix b/isla/virtualisation/docker.nix index 1edae88..805ac30 100644 --- a/isla/virtualisation/docker.nix +++ b/isla/virtualisation/docker.nix @@ -1,4 +1,4 @@ -{...}: { +_: { virtualisation = { docker = { enable = true; diff --git a/isla/xdg/icons.nix b/isla/xdg/icons.nix index 53ccd0b..7c75adf 100644 --- a/isla/xdg/icons.nix +++ b/isla/xdg/icons.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { icons = { enable = true; diff --git a/isla/xdg/mime.nix b/isla/xdg/mime.nix index 4b6af20..9197f59 100644 --- a/isla/xdg/mime.nix +++ b/isla/xdg/mime.nix @@ -1,4 +1,4 @@ -{...}: { +_: { xdg = { mime = { enable = true; diff --git a/kyra/default.nix b/kyra/default.nix deleted file mode 100644 index 7624558..0000000 --- a/kyra/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{self, ...}: { - imports = [ - "${self}/kyra/disko/disk.nix" - "${self}/kyra/disko/lvm_vg.nix" - - "${self}/kyra/boot/initrd/availableKernelModules.nix" - "${self}/kyra/boot/initrd/kernelModules.nix" - "${self}/kyra/boot/loader/grub.nix" - "${self}/kyra/boot/kernel.nix" - "${self}/kyra/boot/tmp.nix" - - "${self}/kyra/environment/systemPackages.nix" - - "${self}/kyra/hardware/zram.nix" - - "${self}/kyra/home-manager/users.nix" - - "${self}/kyra/networking/interfaces/ens3.nix" - "${self}/kyra/networking/firewall/ens3.nix" - "${self}/kyra/networking/firewall.nix" - "${self}/kyra/networking/dns.nix" - "${self}/kyra/networking/wireguard.nix" - "${self}/kyra/networking/defaultGateway.nix" - - "${self}/kyra/nix/settings/allowed-users.nix" - "${self}/kyra/nix/settings/experimental-features.nix" - "${self}/kyra/nix/settings/substituters.nix" - "${self}/kyra/nix/settings/trusted-public-keys.nix" - "${self}/kyra/nix/settings/trusted-users.nix" - "${self}/kyra/nix/settings/auto-optimise-store.nix" - - "${self}/kyra/nixpkgs/config.nix" - "${self}/kyra/nixpkgs/platform.nix" - - "${self}/kyra/programs/nh.nix" - - "${self}/kyra/services/openssh.nix" - "${self}/kyra/services/fail2ban.nix" - "${self}/kyra/services/netbird.nix" - "${self}/kyra/services/qemuGuest.nix" - "${self}/kyra/services/caddy.nix" - "${self}/kyra/services/sing-box.nix" - - "${self}/kyra/sops/age.nix" - "${self}/kyra/sops/defaults.nix" - "${self}/kyra/sops/secrets.nix" - - "${self}/kyra/system/stateVersion.nix" - - "${self}/kyra/users/users.nix" - "${self}/kyra/users/users/alep0u.nix" - "${self}/kyra/users/users/hand7s.nix" - "${self}/kyra/users/users/root.nix" - - "${self}/kyra/virtualisation/docker.nix" - ]; -} diff --git a/kyra/disko/disk.nix b/kyra/disko/disk.nix index c0c6cc7..231e00e 100644 --- a/kyra/disko/disk.nix +++ b/kyra/disko/disk.nix @@ -1,9 +1,14 @@ -{ +{name, ...}: { disko = { devices = { disk = { - virt_main = { - device = "/dev/sda"; + "virt_main" = { + device = + { + "yara" = "/dev/vda"; + }.${ + name + } or "/dev/sda"; type = "disk"; content = { type = "gpt"; diff --git a/kyra/home-manager/users.nix b/kyra/home-manager/users.nix index 6590188..0a5f3e3 100644 --- a/kyra/home-manager/users.nix +++ b/kyra/home-manager/users.nix @@ -4,12 +4,10 @@ "hand7s" = { imports = [ "${self}/hand7s/" - self.inputs.agenix.homeManagerModules.default self.inputs.spicetify-nix.homeManagerModules.default self.inputs.hyprland.homeManagerModules.default self.inputs.chaotic.homeManagerModules.default self.inputs.sops-nix.homeManagerModules.sops - self.inputs.nix-index-database.homeModules.nix-index self.inputs.noctalia.homeModules.default ]; diff --git a/kyra/networking/defaultGateway.nix b/kyra/networking/defaultGateway.nix deleted file mode 100644 index dd70ea4..0000000 --- a/kyra/networking/defaultGateway.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - lib, - config, - ... -}: { - networking = { - defaultGateway = lib.mkIf (config.networking.hostName == "mel") { - address = "45.11.229.1"; - interface = "ens3"; - }; - - defaultGateway6 = lib.mkIf (config.networking.hostName == "mel") { - address = "2a0e:97c0:3e3:2Oa::1"; - interface = "ens3"; - }; - }; -} diff --git a/kyra/networking/firewall.nix b/kyra/networking/firewall.nix index a9a2c40..e7dcb71 100644 --- a/kyra/networking/firewall.nix +++ b/kyra/networking/firewall.nix @@ -1,11 +1,8 @@ _: { networking = { firewall = { - enable = true; - allowPing = true; - checkReversePath = false; + enable = false; }; - useNetworkd = true; }; } diff --git a/kyra/networking/firewall/ens3.nix b/kyra/networking/firewall/ens3.nix deleted file mode 100644 index 7df7284..0000000 --- a/kyra/networking/firewall/ens3.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - firewall = { - interfaces = { - ens3 = { - allowedUDPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - - allowedTCPPorts = - [ - 53580 - 53590 - ] - ++ lib.optionals (config.networking.hostName == "hazel") [ - 443 - - 25565 - - 24 - 25 - 110 - 143 - 465 - 587 - 993 - 995 - 4190 - 53570 - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/hostname.nix b/kyra/networking/hostname.nix index 7371866..bbd139a 100644 --- a/kyra/networking/hostname.nix +++ b/kyra/networking/hostname.nix @@ -1,5 +1,5 @@ -_: { +{name, ...}: { networking = { - hostName = "kyra"; + hostName = name; }; } diff --git a/kyra/networking/interfaces/ens3.nix b/kyra/networking/interfaces/ens3.nix deleted file mode 100644 index 3820e1f..0000000 --- a/kyra/networking/interfaces/ens3.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - config, - lib, - ... -}: { - networking = { - interfaces = { - ens3 = { - ipv4 = { - addresses = lib.optionals (config.networking.hostName == "mel") [ - { - address = "45.11.229.254"; - prefixLength = 24; - } - ]; - }; - - ipv6 = { - addresses = - lib.optionals (config.networking.hostName == "hazel") [ - { - address = "2a03:6f01:1:2::cb1e"; - prefixLength = 64; - } - ] - ++ lib.optionals (config.networking.hostName == "mel") [ - { - address = "2a0e:97c0:3e3:2Oa::1"; - prefixLength = 64; - } - ]; - }; - }; - }; - }; -} diff --git a/kyra/networking/nftables.nix b/kyra/networking/nftables.nix new file mode 100644 index 0000000..71bfec3 --- /dev/null +++ b/kyra/networking/nftables.nix @@ -0,0 +1,7 @@ +_: { + networking = { + nftables = { + enable = true; + }; + }; +} diff --git a/kyra/security/acme.nix b/kyra/security/acme.nix new file mode 100644 index 0000000..00eb68d --- /dev/null +++ b/kyra/security/acme.nix @@ -0,0 +1,18 @@ +{config, ...}: { + security = { + acme = { + acceptTerms = true; + defaults = { + email = "litvinovb0@gmail.com"; + }; + + certs = { + "hand7s.org" = { + dnsProvider = "cloudflare"; + credentialsFile = config.sops.templates."acme.env".path; + group = "sing-box"; + }; + }; + }; + }; +} diff --git a/kyra/services/alloy.nix b/kyra/services/alloy.nix new file mode 100644 index 0000000..d863d04 --- /dev/null +++ b/kyra/services/alloy.nix @@ -0,0 +1,99 @@ +{ + config, + pkgs, + ... +}: { + services = { + alloy = { + enable = true; + + configPath = pkgs.writeText "alloy-config.alloy" '' + loki.source.journal "system" { + max_age = "24h" + forward_to = [loki.process.production.receiver] + + labels = { + host = "${config.networking.hostName}", + job = "journalctl", + } + } + + loki.process "production" { + forward_to = [loki.write.viola.receiver] + + stage.labels { + values = { + unit = "__journal_systemd_unit__", + } + } + + stage.label_keep { + values = ["unit"] + } + + stage.match { + selector = `{unit=~"(traefik|sing-box|crowdsec|alloy|netbird).*\\.service"}` + action = "drop" + } + } + + prometheus.exporter.unix "node" { + enable_collectors = [ + "cpu", "diskstats", "filesystem", + "loadavg", "meminfo", "netdev", + "time", "uname", + ] + } + + prometheus.scrape "node" { + targets = prometheus.exporter.unix.node.targets + forward_to = [prometheus.remote_write.viola.receiver] + scrape_interval = "30s" + job_name = "node" + } + + prometheus.scrape "alloy" { + targets = [{"__address__" = "127.0.0.1:12345"}] + + forward_to = [prometheus.remote_write.viola.receiver] + job_name = "alloy" + } + + loki.write "viola" { + endpoint { + url = "http://100.109.123.164:3100/loki/api/v1/push" + } + } + + prometheus.remote_write "viola" { + endpoint { + url = "http://100.109.123.164:9009/api/v1/push" + } + } + + otelcol.receiver.otlp "default" { + grpc { + endpoint = "0.0.0.0:4317" + } + + http { + endpoint = "0.0.0.0:4318" + } + + output { + traces = [otelcol.exporter.otlp.tempo.input] + } + } + + otelcol.exporter.otlp "tempo" { + client { + endpoint = "http://100.109.123.164:4317" + tls { + insecure = true + } + } + } + ''; + }; + }; +} diff --git a/kyra/services/caddy.nix b/kyra/services/caddy.nix deleted file mode 100644 index fe3ad02..0000000 --- a/kyra/services/caddy.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - services = { - caddy = { - enable = - lib.mkIf ( - config.networking.hostName == "hazel" - ) - true; - - package = pkgs.caddy.withPlugins { - plugins = [ - "github.com/mholt/caddy-l4@v0.0.0-20250902102621-4a517a98d7fa" - "github.com/caddy-dns/cloudflare@v0.2.1" - ]; - hash = "sha256-1/jRWotKCvx7QncjVSVGYXb2gAmIiokC/ZbCUelG5Rc="; - }; - - globalConfig = '' - debug - email me@hand7s.org - - acme_ca https://acme-v02.api.letsencrypt.org/directory - - ''; - - # acme_ca https://api.zerossl.com/directory - - virtualHosts = { - "hand7s.org" = { - extraConfig = '' - respond "hi! :D WIP btw" - ''; - }; - - "git.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:53350 - ''; - }; - - "bin.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:80 - ''; - }; - - "zitadel.hand7s.org" = { - extraConfig = '' - reverse_proxy ${homeIP}:8443 - ''; - }; - }; - }; - }; -} diff --git a/kyra/services/firewalld.nix b/kyra/services/firewalld.nix new file mode 100644 index 0000000..1964f11 --- /dev/null +++ b/kyra/services/firewalld.nix @@ -0,0 +1,154 @@ +{ + name, + lib, + ... +}: { + services = { + firewalld = { + enable = true; + + services = { + "ssh" = { + short = "openssh"; + ports = [ + { + port = 60009; + protocol = "tcp"; + } + ]; + }; + + "stalwart" = { + short = "Stalwart-mail"; + ports = + lib.forEach [ + 25 + 110 + 143 + 465 + 993 + 995 + 4190 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ); + }; + + "consul" = { + short = "Consul"; + ports = + lib.forEach [ + 8300 + 8301 + 8302 + 8500 + 8600 + ] ( + port: { + protocol = "tcp"; + inherit + port + ; + } + ) + ++ lib.forEach [ + 8301 + 8302 + 8600 + ] ( + port: { + protocol = "udp"; + inherit + port + ; + } + ); + }; + }; + + zones = { + "trusted" = { + services = [ + "consul" + ]; + }; + + "wan" = { + ports = [ + { + port = 2053; + protocol = "udp"; + } + + { + port = 8443; + protocol = "tcp"; + } + + { + port = 51820; + protocol = "udp"; + } + ]; + + icmpBlockInversion = true; + icmpBlocks = [ + "echo-request" + "destination-unreachable" + "parameter-problem" + "time-exceeded" + ]; + + interfaces = lib.concatLists [ + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "yara" + "ivy" + ] + ) [ + "ens3" + ] + ) + + ( + lib.optionals ( + name == "mel" + ) [ + "eth0" + ] + ) + ]; + + services = lib.concatLists [ + [ + "ssh" + "http" + "https" + ] + + ( + lib.optionals ( + lib.elem name [ + "hazel" + "lynn" + "mel" + ] + ) [ + "minecraft" + "stalwart" + ] + ) + ]; + }; + }; + }; + }; +} diff --git a/kyra/services/netbird.nix b/kyra/services/netbird.nix index 071330a..3f2a353 100644 --- a/kyra/services/netbird.nix +++ b/kyra/services/netbird.nix @@ -1,7 +1,17 @@ -{...}: { +{config, ...}: { services = { netbird = { enable = true; + + clients = { + "wt0" = { + port = 51820; + login = { + enable = true; + setupKeyFile = config.sops.secrets."nbKey".path; + }; + }; + }; }; }; } diff --git a/kyra/services/openssh.nix b/kyra/services/openssh.nix index 6d54477..fb2f45d 100644 --- a/kyra/services/openssh.nix +++ b/kyra/services/openssh.nix @@ -3,7 +3,14 @@ _: { openssh = { enable = true; ports = [ - 58693 + 60009 + ]; + + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } ]; settings = { diff --git a/kyra/services/resolved.nix b/kyra/services/resolved.nix new file mode 100644 index 0000000..ad91e2a --- /dev/null +++ b/kyra/services/resolved.nix @@ -0,0 +1,39 @@ +_: { + services = { + resolved = { + enable = true; + dnsovertls = toString true; + dnssec = toString true; + llmnr = toString true; + domains = [ + "~." + ]; + + fallbackDns = [ + # cf dns + "1.1.1.1" + "1.0.0.1" + "2606:4700:4700::1111" + "2606:4700:4700::1001" + + # google dns + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + + # q9 dns + "9.9.9.9" + "149.112.112.112" + "2620:fe::fe" + "2620:fe::9" + + # open dns + "208.67.222.222" + "208.67.220.220" + "2620:119:35::35" + "2620:119:53::53" + ]; + }; + }; +} diff --git a/kyra/services/sing-box.nix b/kyra/services/sing-box.nix index f29526c..d4b5656 100644 --- a/kyra/services/sing-box.nix +++ b/kyra/services/sing-box.nix @@ -1,26 +1,33 @@ -{...}: { +{lib, ...}: { services = { sing-box = { enable = true; settings = { log = { - level = "debug"; + level = "error"; }; dns = { servers = [ { - type = "local"; + tag = "cloudflare"; + type = "quic"; + server = "1.1.1.1"; + } + + { tag = "local"; + type = "local"; } ]; - final = "local"; - strategy = "prefer_ipv6"; + final = "cloudflare"; + strategy = "prefer_ipv4"; }; route = { final = "direct-out"; + default_domain_resolver = "cloudflare"; auto_detect_interface = true; }; @@ -32,54 +39,69 @@ ]; inbounds = [ + { + type = "hysteria2"; + tag = "hy2-in"; + listen = "::"; + listen_port = 2053; + masquerade = "https://hand7s.org"; + up_mbps = 100; + down_mbps = 100; + obfs = { + type = "salamander"; + password = lib.hashString "sha512" "randomstring"; # not a real string + }; + + users = [ + { + name = "hand7s"; + password = lib.hashString "sha512" "userstring"; # not a real string + } + ]; + + tls = { + enabled = true; + server_name = "hand7s.org"; + certificate_path = "/var/lib/acme/hand7s.org/cert.pem"; + key_path = "/var/lib/acme/hand7s.org/key.pem"; + }; + } + { type = "vless"; tag = "vless-inbound"; listen = "::"; - listen_port = 53570; + listen_port = 8443; + + sniff = true; users = [ { - name = "hand7s_1"; - uuid = "${singboxUUID2}"; - flow = "xtls-rprx-vision"; - } - - { - name = "hand7s_2"; - uuid = "${singboxUUID2}"; + name = "hand7s"; + uuid = lib.hashString "sha512" "uuidstring"; # not a real string flow = "xtls-rprx-vision"; } ]; - tls = rec { + tls = { enabled = true; - server_name = "vk.com"; + server_name = "hand7s.org"; reality = { enabled = true; max_time_difference = "5m"; handshake = { - server = server_name; + server = "127.0.0.1"; server_port = 443; }; - private_key = "${singboxKey}"; + private_key = lib.hashString "sha512" "uuidstring"; # not a real string short_id = [ - "${singboxId}" + "shortie" ]; }; }; - - transport = { - type = "httpupgrade"; - }; - - multiplex = { - enabled = true; - padding = false; - }; } ]; }; diff --git a/kyra/services/traefik.nix b/kyra/services/traefik.nix new file mode 100644 index 0000000..fb60af9 --- /dev/null +++ b/kyra/services/traefik.nix @@ -0,0 +1,459 @@ +{config, ...}: { + services = { + traefik = { + enable = true; + + environmentFiles = [ + config.sops.templates."traefik.env".path + ]; + + dynamicConfigOptions = { + http = { + routers = { + "site" = { + rule = "Host(`hand7s.org`)"; + service = "site-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = "*.hand7s.org"; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "git" = { + rule = "Host(`git.hand7s.org`)"; + service = "git-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "cicd" = { + rule = "Host(`woodpecker.hand7s.org`)"; + service = "cicd-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "oidc" = { + rule = "Host(`zitadel.hand7s.org`)"; + service = "oidc-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "bin" = { + rule = "Host(`bin.hand7s.org`)"; + service = "bin-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + + "lgtm" = { + rule = "Host(`grafana.hand7s.org`)"; + service = "lgtm-svc"; + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + + entryPoints = [ + "websecure" + ]; + }; + }; + + services = { + "site-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8180"; + } + ]; + }; + }; + + "git-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53350"; + } + ]; + }; + }; + + "oidc-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:8443"; + } + ]; + }; + }; + + "bin-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53352"; + } + ]; + }; + }; + + "cicd-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:53351"; + } + ]; + }; + }; + + "lgtm-svc" = { + loadBalancer = { + servers = [ + { + url = "http://100.109.123.164:3030"; + } + ]; + }; + }; + }; + }; + + tcp = { + routers = { + "minecraft" = { + rule = "HostSNI(`*`)"; + service = "mc-svc"; + entryPoints = [ + "minecraft" + ]; + }; + + "smtp" = { + rule = "HostSNI(`*`)"; + service = "smtp-svc"; + entryPoints = [ + "smtp" + ]; + }; + + "pop3" = { + rule = "HostSNI(`*`)"; + service = "pop-svc"; + entryPoints = [ + "pop3" + ]; + }; + + "submissions" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "submissions-svc"; + entryPoints = [ + "submissions" + ]; + }; + + "submission" = { + rule = "HostSNI(`*`)"; + service = "submission-svc"; + entryPoints = [ + "submission" + ]; + }; + + "imaptls" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "imaptls-svc"; + entryPoints = [ + "imaptls" + ]; + }; + + "pop3s" = { + rule = "HostSNI(`mail.hand7s.org`)"; + service = "pop3s-svc"; + entryPoints = [ + "pop3s" + ]; + }; + + "managesieve" = { + rule = "HostSNI(`*`)"; + service = "managesieve-svc"; + entryPoints = [ + "managesieve" + ]; + }; + }; + }; + + services = { + "mc-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25565"; + } + ]; + }; + }; + + "smtp-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:25"; + } + ]; + }; + }; + + "pop3-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:110"; + } + ]; + }; + }; + + "imap-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:143"; + } + ]; + }; + }; + + "submissions-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:465"; + } + ]; + }; + }; + + "submission-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:587"; + } + ]; + }; + }; + + "imaptls-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:993"; + } + ]; + }; + }; + + "pop3s-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:995"; + } + ]; + }; + }; + + "managesieve-svc" = { + loadBalancer = { + servers = [ + { + address = "100.109.123.164:4190"; + } + ]; + }; + }; + }; + }; + + staticConfigOptions = { + api = { + dashboard = true; + }; + + tracing = { + otlp = { + grpc = { + endpoint = "127.0.0.1:4317"; + insecure = true; + }; + }; + }; + + certificatesResolvers = { + "cloudflare" = { + acme = { + email = "litvinovb0@gmail.com"; + storage = "${config.services.traefik.dataDir}/acme.json"; + dnsChallenge = { + provider = "cloudflare"; + resolvers = [ + "1.1.1.1:53" + "8.8.8.8:53" + ]; + }; + }; + }; + }; + + log = { + level = "DEBUG"; + }; + + entryPoints = { + "web" = { + address = ":80"; + http = { + redirections = { + entryPoint = { + to = "websecure"; + scheme = "https"; + }; + }; + }; + }; + + "websecure" = { + address = ":443"; + http = { + tls = { + certResolver = "cloudflare"; + domains = [ + { + main = "hand7s.org"; + sans = [ + "*.hand7s.org" + ]; + } + ]; + }; + }; + }; + + "minecraft" = { + address = ":25565"; + }; + + "smtp" = { + address = ":25"; + }; + + "pop3" = { + address = ":110"; + }; + + "imap" = { + address = ":143"; + }; + + "submissions" = { + address = ":465"; + }; + + "submission" = { + address = ":587"; + }; + + "imaptls" = { + address = ":993"; + }; + + "pop3s" = { + address = ":995"; + }; + + "managesieve" = { + address = ":4190"; + }; + }; + }; + }; + }; +} diff --git a/kyra/systemd/networkd.nix b/kyra/systemd/networkd.nix new file mode 100644 index 0000000..8982b55 --- /dev/null +++ b/kyra/systemd/networkd.nix @@ -0,0 +1,120 @@ +{ + name, + lib, + ... +}: { + systemd = { + network = { + enable = true; + networks = lib.mkMerge [ + ( + lib.mkIf ( + name == "mel" + ) + { + "10-eth0" = { + matchConfig.Name = "eth0"; + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "45.11.229.245/24" + "2a0e:97c0:3e3:20a::1/64" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "45.11.229.1"; + }; + } + + { + routeConfig = { + Gateway = "fe80::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "yara" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + IPv6AcceptRA = false; + Address = [ + "138.124.240.75/32" + "2a0d:d940:1a:1500::2/56" + ]; + }; + + routes = [ + { + routeConfig = { + Gateway = "10.0.0.1"; + GatewayOnLink = true; + }; + } + + { + routeConfig = { + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; + }; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "hazel" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "90.156.226.152/24"; + Gateway = "90.156.226.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + + ( + lib.mkIf ( + name == "lynn" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + networkConfig = { + Address = "138.124.72.244/24"; + Gateway = "138.124.72.1"; + IPv6AcceptRA = false; + }; + }; + } + ) + ]; + }; + }; +} diff --git a/kyra/users/users/alep0u.nix b/kyra/users/users/alep0u.nix index faf1630..78766ad 100644 --- a/kyra/users/users/alep0u.nix +++ b/kyra/users/users/alep0u.nix @@ -4,7 +4,6 @@ _: { "alep0u" = { description = "alep0u"; isNormalUser = true; - password = "alep0u"; extraGroups = [ "wheel" "docker" diff --git a/kyra/users/users/hand7s.nix b/kyra/users/users/hand7s.nix index 497573a..11f593a 100644 --- a/kyra/users/users/hand7s.nix +++ b/kyra/users/users/hand7s.nix @@ -4,7 +4,6 @@ _: { "hand7s" = { description = "hands"; isNormalUser = true; - hashedPassword = "$y$j9T$eHfq328GBp7Ga8xsbOTV/0$kcihv7zWLqSkj2jKAhI1pdbTSwvaf2RY5Rokm69XTL/"; extraGroups = [ "wheel" "docker" diff --git a/kyra/virtualisation/docker.nix b/kyra/virtualisation/docker.nix deleted file mode 100644 index 59e76bf..0000000 --- a/kyra/virtualisation/docker.nix +++ /dev/null @@ -1,14 +0,0 @@ -_: { - virtualisation = { - oci-containers = { - backend = "docker"; - }; - - docker = { - enable = true; - rootless = { - enable = true; - }; - }; - }; -} diff --git a/kyra/virtualisation/vmVariant.nix b/kyra/virtualisation/vmVariant.nix new file mode 100644 index 0000000..c81ecc6 --- /dev/null +++ b/kyra/virtualisation/vmVariant.nix @@ -0,0 +1,11 @@ +_: { + virtualisation = { + vmVariant = { + virtualisation = { + cores = 2; + memorySize = 2048; + diskSize = 20480; + }; + }; + }; +} diff --git a/viola/services/forgejo.nix b/viola/services/forgejo.nix index 84774ef..2f5683f 100644 --- a/viola/services/forgejo.nix +++ b/viola/services/forgejo.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { forgejo = { enable = true; diff --git a/viola/services/homepage.nix b/viola/services/homepage.nix index 2999560..2a2a8f3 100644 --- a/viola/services/homepage.nix +++ b/viola/services/homepage.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { homepage-dashboard = { enable = true; diff --git a/viola/services/postgresql.nix b/viola/services/postgresql.nix index 62c57bb..3b3ad12 100644 --- a/viola/services/postgresql.nix +++ b/viola/services/postgresql.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { postgresql = { enable = true; diff --git a/viola/services/privatebin.nix b/viola/services/privatebin.nix index 0db50ad..24ee0f7 100644 --- a/viola/services/privatebin.nix +++ b/viola/services/privatebin.nix @@ -1,4 +1,4 @@ -{...}: { +_: { services = { privatebin = { enable = true;