From a6b046e28b0405ff18655348d72631f31a53d0ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 22 Mar 2025 23:17:02 +0100 Subject: [PATCH 01/10] readme: mention youko --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index d11785b..c6dc540 100644 --- a/README.md +++ b/README.md @@ -22,6 +22,7 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, - hijiri-vm - linux vm running on my macbook - ude - another linux arm server - kogata - my m1 mac mini doubling as a server + - youko - my linux x86 server - modules - options which in principle should be reusable by others - system - my opinionated nixos/nix-darwin modules - home - my opinionated home-manager modules From 678005a0ee0ce524cb8c07db00530867528b1e65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 22 Mar 2025 23:20:03 +0100 Subject: [PATCH 02/10] hosts: remove legion it's been a good ride, but it's time to say goodbye --- README.md | 1 - assets/ssh.nix | 2 - flake.lock | 107 -------------------------- flake.nix | 4 - hosts/default.nix | 1 - hosts/legion/default.nix | 47 ------------ hosts/legion/desktop.nix | 112 --------------------------- hosts/legion/disks.nix | 14 ---- hosts/legion/hardware.nix | 90 ---------------------- hosts/legion/msmtp.nix | 36 --------- hosts/legion/nas/default.nix | 59 -------------- hosts/legion/nas/media.nix | 132 -------------------------------- modules/default.nix | 1 - secrets/alert-nrab-lol-pass.age | 13 ++-- secrets/alert-plain-pass.age | 37 ++++----- secrets/attic-creds.age | Bin 452 -> 452 bytes secrets/forgejo-token.age | Bin 479 -> 479 bytes secrets/github-token.age | Bin 693 -> 583 bytes secrets/hercules-cache.age | Bin 979 -> 869 bytes secrets/hercules-secrets.age | 26 +++---- secrets/hercules-token.age | Bin 888 -> 778 bytes secrets/leet-nrab-lol-pass.age | 12 +-- secrets/legion-niko-pass.age | Bin 395 -> 0 bytes secrets/miyagi-niko-pass.age | 14 ++-- secrets/nrab-lol-cf.age | Bin 380 -> 380 bytes secrets/ntfy-alert-pass.age | Bin 1017 -> 1017 bytes secrets/ntfy-niko-pass.age | 12 +-- secrets/rab-lol-cf.age | 15 ++-- secrets/rabulinski-com-cf.age | 12 +-- secrets/secrets.nix | 9 --- secrets/storage-box-creds.age | 12 +-- secrets/storage-box-webdav.age | 13 ++-- secrets/ude-deluge.age | 12 +-- secrets/youko-niko-pass.age | 12 +-- secrets/zitadel-master.age | Bin 354 -> 354 bytes 35 files changed, 94 insertions(+), 711 deletions(-) delete mode 100644 hosts/legion/default.nix delete mode 100644 hosts/legion/desktop.nix delete mode 100644 hosts/legion/disks.nix delete mode 100644 hosts/legion/hardware.nix delete mode 100644 hosts/legion/msmtp.nix delete mode 100644 hosts/legion/nas/default.nix delete mode 100644 hosts/legion/nas/media.nix delete mode 100644 secrets/legion-niko-pass.age diff --git a/README.md b/README.md index c6dc540..8d5da60 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,6 @@ Collection of my personal Nix configurations and opinionated NixOS, nix-darwin, - hosts - per-machine configurations - kazuki - my linux arm server - - legion - my linux x86 server - hijiri - my macbook - hijiri-vm - linux vm running on my macbook - ude - another linux arm server diff --git a/assets/ssh.nix b/assets/ssh.nix index afdc92c..c699be9 100644 --- a/assets/ssh.nix +++ b/assets/ssh.nix @@ -9,7 +9,6 @@ hijiri-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6tfXLB6xhcl3rtI5x9NXSs12U4LVy06RRlyZxiORa0 nikodem@rabulinski.com"; kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImsFb9qRxX0n2Bmy00T8iPam+Fc3mgKkm7dfM7AQRHN nikodem@rabulinski.com"; - legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHX2MNGZGSTedYAepZHgcx+KK0A6ASulwSrpf9ytb5h nikodem@rabulinski.com"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIf4Ypws+1v9WL9MibW1dELpa/7YixElaBE7S71jsTy nrabulinski@antmicro.com"; ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDm3M/i/4wP2BM4+9hHAOMospwvlBZ+FT+pJtVgaaMq nikodem@rabulinski.com"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGK7H4Z29d72HJlI69Vt0YLOyuPcn9XxYjvMZfql80z0 nikodem@rabulinski.com"; @@ -20,7 +19,6 @@ system = { kazuki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEyYhYWDNmKSrpcslD3NzWW+lQmDcLJdjLh7CSkL4hW5 root@kazuki"; - legion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0Ktyj0FSn8KLRwRGd0Tp/qNUPXV7+XyxAsWGWdMYp8 root@legion"; miyagi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILbUcsZrZgGHojG+1yVyNEW5Fgr7/7qNaWxOt+lFrJaD root@miyagi"; ude = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZW15ObZ6XG776pdEvs9yqSuIiWlbGveEVA774Ri9/o root@ude"; kogata = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICPN/SXBcIB1WN8GIhYrQrqzFGuVkEP4o0E+x0uQ4f2l"; diff --git a/flake.lock b/flake.lock index 5d68e57..3cd382a 100644 --- a/flake.lock +++ b/flake.lock @@ -190,22 +190,6 @@ "type": "github" } }, - "fl-config": { - "locked": { - "lastModified": 1653159448, - "narHash": "sha256-PvB9ha0r4w6p412MBPP71kS/ZTBnOjxL0brlmyucPBA=", - "owner": "flakelib", - "repo": "fl", - "rev": "fcefb9738d5995308a24cda018a083ccb6b0f460", - "type": "github" - }, - "original": { - "owner": "flakelib", - "ref": "config", - "repo": "fl", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -351,25 +335,6 @@ "type": "github" } }, - "flakelib": { - "inputs": { - "fl-config": "fl-config", - "std": "std" - }, - "locked": { - "lastModified": 1701802971, - "narHash": "sha256-Zo5fJpXbe+xXOTiDT4JG2rExobMJTmFZ72+3XTMMHrQ=", - "owner": "flakelib", - "repo": "fl", - "rev": "b71a91517f6b16aa5faefe8ec491d9f3062d7a20", - "type": "github" - }, - "original": { - "owner": "flakelib", - "repo": "fl", - "type": "github" - } - }, "flakey-profile": { "locked": { "lastModified": 1712898590, @@ -531,21 +496,6 @@ "type": "github" } }, - "nix-std": { - "locked": { - "lastModified": 1701658249, - "narHash": "sha256-KIt1TUuBvldhaVRta010MI5FeQlB8WadjqljybjesN0=", - "owner": "chessai", - "repo": "nix-std", - "rev": "715db541ffff4194620e48d210b76f73a74b5b5d", - "type": "github" - }, - "original": { - "owner": "chessai", - "repo": "nix-std", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1723603349, @@ -621,44 +571,6 @@ "type": "github" } }, - "nvidia-patch": { - "inputs": { - "flakelib": "flakelib", - "nixpkgs": [ - "nixpkgs" - ], - "nvidia-patch-src": "nvidia-patch-src" - }, - "locked": { - "lastModified": 1742460640, - "narHash": "sha256-Qks0TRMOiuVKjcSPkg251Q2/wdU5ooMt4b2f2numPzg=", - "owner": "arcnmx", - "repo": "nvidia-patch.nix", - "rev": "c85990250376300fe11413e22458911f408f64d0", - "type": "github" - }, - "original": { - "owner": "arcnmx", - "repo": "nvidia-patch.nix", - "type": "github" - } - }, - "nvidia-patch-src": { - "flake": false, - "locked": { - "lastModified": 1742384429, - "narHash": "sha256-5O0TXVrLsFrULXli2vB2iJ7TECUckMHKvJZYmdkcnGE=", - "owner": "keylase", - "repo": "nvidia-patch", - "rev": "07080317245ac30c38001d2149810b2dee3cce1f", - "type": "github" - }, - "original": { - "owner": "keylase", - "repo": "nvidia-patch", - "type": "github" - } - }, "racket": { "inputs": { "nixpkgs": [ @@ -697,7 +609,6 @@ "mailserver": "mailserver", "niko-nur": "niko-nur", "nixpkgs": "nixpkgs_2", - "nvidia-patch": "nvidia-patch", "racket": "racket", "treefmt": "treefmt", "wrapper-manager": "wrapper-manager", @@ -764,24 +675,6 @@ "type": "github" } }, - "std": { - "inputs": { - "nix-std": "nix-std" - }, - "locked": { - "lastModified": 1701802337, - "narHash": "sha256-JCVCyjDZ6LA0xyVoDZzRXjy0OgWOZo3OpeZEVm/U97w=", - "owner": "flakelib", - "repo": "std", - "rev": "443d1c8246b3d96a4822b02af907ca0d833e8b63", - "type": "github" - }, - "original": { - "owner": "flakelib", - "repo": "std", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 217b7cc..c49e260 100644 --- a/flake.nix +++ b/flake.nix @@ -121,10 +121,6 @@ url = "gitlab:famedly/conduit?ref=next"; flake = false; }; - nvidia-patch = { - url = "github:arcnmx/nvidia-patch.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; fenix = { url = "github:nix-community/fenix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/hosts/default.nix b/hosts/default.nix index 03d464d..d8ed8b3 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -9,7 +9,6 @@ ./kazuki ./hijiri-vm ./hijiri - ./legion # TODO: Custom installer ISO # ./installer ./ude diff --git a/hosts/legion/default.nix b/hosts/legion/default.nix deleted file mode 100644 index 92c95be..0000000 --- a/hosts/legion/default.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - configurations.nixos.legion = - { - config, - username, - ... - }: - { - imports = [ - ./hardware.nix - # ./disks.nix - ./msmtp.nix - ./desktop.nix - ]; - - nixpkgs.hostPlatform = "x86_64-linux"; - - specialisation = { - nas.configuration = ./nas; - }; - - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - settei.tailscale = { - ipv4 = "100.84.112.35"; - ipv6 = "fd7a:115c:a1e0:ab12:4843:cd96:6254:7023"; - }; - - networking = { - hostName = "legion"; - hostId = builtins.substring 0 8 "524209a432724c7abaf04398cdd6eecd"; - networkmanager.enable = true; - }; - systemd.services.NetworkManager-wait-online.enable = false; - - powerManagement.cpuFreqGovernor = "performance"; - - age.secrets.niko-pass.file = ../../secrets/legion-niko-pass.age; - users.users.${username}.hashedPasswordFile = config.age.secrets.niko-pass.path; - - settei.incus.enable = true; - virtualisation.podman.enable = true; - }; -} diff --git a/hosts/legion/desktop.nix b/hosts/legion/desktop.nix deleted file mode 100644 index 7d80cd9..0000000 --- a/hosts/legion/desktop.nix +++ /dev/null @@ -1,112 +0,0 @@ -# TODO: Proper desktop module -{ - config, - pkgs, - lib, - username, - ... -}: -{ - # Needed for nvidia and steam - nixpkgs.config.allowUnfree = true; - - settei.user.config = { - settei.desktop.enable = true; - home.packages = with pkgs; [ - brightnessctl - dmenu - ]; - - xsession.windowManager.i3 = { - enable = true; - config = { - terminal = "wezterm"; - modifier = "Mod4"; - }; - }; - - home.file.".xinitrc".source = pkgs.writeShellScript "xinitrc" '' - xrandr --setprovideroutputsource modesetting NVIDIA-0 - xrandr --auto - exec dbus-run-session i3 - ''; - }; - - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - gamescopeSession = { }; - }; - - hardware.steam-hardware.enable = true; - - services.logind = lib.genAttrs [ - "lidSwitch" - "lidSwitchDocked" - "lidSwitchExternalPower" - ] (_: "ignore"); - - services.pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; - }; - - programs.dconf.enable = true; - services.dbus.enable = true; - - users.users.${username}.extraGroups = [ - "video" - "input" - ]; - - # NVIDIA stuff - services.xserver = { - enable = true; - excludePackages = [ pkgs.xterm ]; - videoDrivers = [ "nvidia" ]; - xkb.layout = "pl"; - displayManager.startx.enable = true; - config = lib.mkForce '' - Section "OutputClass" - Identifier "intel" - MatchDriver "i915" - Driver "modesetting" - EndSection - - Section "OutputClass" - Identifier "nvidia" - MatchDriver "nvidia-drm" - Driver "nvidia" - Option "AllowEmptyInitialConfiguration" - Option "PrimaryGPU" "yes" - ModulePath "${config.hardware.nvidia.package.bin}/lib/xorg/modules" - ModulePath "${pkgs.xorg.xorgserver}/lib/xorg/modules" - EndSection - - Section "InputClass" - Identifier "touchpad" - Driver "libinput" - MatchIsTouchpad "on" - Option "Tapping" "on" - Option "TappingButtonMap" "lrm" - Option "NaturalScrolling" "true" - EndSection - ''; - exportConfiguration = true; - }; - services.libinput.enable = true; - - hardware.nvidia = { - patch.enable = true; - patch.nvidiaPackage = config.boot.kernelPackages.nvidia_x11_production; - open = false; - modesetting.enable = true; - }; - - hardware.graphics = { - enable = true; - enable32Bit = true; - }; -} diff --git a/hosts/legion/disks.nix b/hosts/legion/disks.nix deleted file mode 100644 index 74ecef9..0000000 --- a/hosts/legion/disks.nix +++ /dev/null @@ -1,14 +0,0 @@ -_args: -/* - let - bootDevice = args.bootDevice or "/dev/nvme0n1"; - in -*/ -{ - assertions = [ - { - assertion = false; - message = "Disko config TODO"; - } - ]; -} diff --git a/hosts/legion/hardware.nix b/hosts/legion/hardware.nix deleted file mode 100644 index f1b8f71..0000000 --- a/hosts/legion/hardware.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, ... }: -{ - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "uas" - ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; - boot.kernelModules = [ - "kvm-intel" - "i2c-dev" - "acpi_call" - ]; - boot.blacklistedKernelModules = [ "nouveau" ]; - - # Needed for enableAllFirmware - nixpkgs.config.allowUnfree = true; - hardware = { - enableAllFirmware = true; - cpu.intel.updateMicrocode = true; - }; - - services.smartd.enable = true; - - # TODO: Move to disko only - # TODO: Actually set up impermanence - boot.supportedFilesystems = [ "btrfs" ]; - boot.initrd.luks.devices."enc".device = "/dev/disk/by-label/LUKS"; - - fileSystems."/" = { - device = "/dev/disk/by-label/LINUX"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-label/LINUX"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-label/LINUX"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/persist" = { - device = "/dev/disk/by-label/LINUX"; - fsType = "btrfs"; - options = [ - "subvol=persist" - "compress=zstd" - "noatime" - ]; - }; - - fileSystems."/var/log" = { - device = "/dev/disk/by-label/LINUX"; - fsType = "btrfs"; - options = [ - "subvol=log" - "compress=zstd" - "noatime" - ]; - neededForBoot = true; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; - - swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; -} diff --git a/hosts/legion/msmtp.nix b/hosts/legion/msmtp.nix deleted file mode 100644 index dc51c15..0000000 --- a/hosts/legion/msmtp.nix +++ /dev/null @@ -1,36 +0,0 @@ -# TODO: Potentially make this a common module? -{ - pkgs, - config, - username, - ... -}: -let - mail = "alert@nrab.lol"; - aliases = pkgs.writeText "mail-aliases" '' - ${username}: nikodem@rabulinski.com - root: ${mail} - ''; -in -{ - age.secrets.alert-plaintext.file = ../../secrets/alert-plain-pass.age; - - programs.msmtp = { - enable = true; - setSendmail = true; - defaults = { - inherit aliases; - tls = "on"; - auth = "login"; - tls_starttls = "off"; - }; - accounts = { - default = { - host = "mail.nrab.lol"; - passwordeval = "cat ${config.age.secrets.alert-plaintext.path}"; - user = mail; - from = mail; - }; - }; - }; -} diff --git a/hosts/legion/nas/default.nix b/hosts/legion/nas/default.nix deleted file mode 100644 index f01145a..0000000 --- a/hosts/legion/nas/default.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - pkgs, - lib, - username, - ... -}: -{ - imports = [ ./media.nix ]; - - boot.supportedFilesystems = [ - "ext4" - "zfs" - ]; - - boot.zfs.extraPools = [ "yottapool" ]; - services.zfs = { - autoScrub.enable = true; - zed.settings = { - ZED_DEBUG_LOG = "/tmp/zed.debug.log"; - ZED_EMAIL_ADDR = [ username ]; - ZED_EMAIL_PROG = lib.getExe pkgs.msmtp; - ZED_EMAIL_OPTS = "@ADDRESS@"; - - ZED_NOTIFY_INTERVAL_SECS = 3600; - ZED_NOTIFY_VERBOSE = true; - - ZED_USE_ENCLOSURE_LEDS = true; - ZED_SCRUB_AFTER_RESILVER = true; - }; - }; - - fileSystems."/bulk" = { - device = "/dev/disk/by-label/BULK"; - fsType = "ext4"; - }; - - systemd.mounts = [ - { - type = "none"; - options = "bind"; - what = "/media/data"; - where = "/export/yotta-data"; - requires = [ "zfs-mount.service" ]; - after = [ "zfs-mount.service" ]; - wantedBy = [ "multi-user.target" ]; - before = [ "nfs-server.service" ]; - requiredBy = [ "nfs-server.service" ]; - } - ]; - - services.nfs.server = { - enable = true; - hostName = "100.84.112.35"; - exports = '' - /export *(insecure,rw,crossmnt,fsid=0) - /export/yotta-data *(insecure,rw,nohide) - ''; - }; -} diff --git a/hosts/legion/nas/media.nix b/hosts/legion/nas/media.nix deleted file mode 100644 index 501e811..0000000 --- a/hosts/legion/nas/media.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ - config, - username, - lib, - ... -}: -{ - age.secrets.rab-lol-cf = { - file = ../../../secrets/rab-lol-cf.age; - owner = config.services.nginx.user; - }; - - services.jellyfin = { - enable = true; - openFirewall = true; - }; - services.radarr.enable = true; - # TODO: Remove once https://github.com/Sonarr/Sonarr/pull/7443 is merged - nixpkgs.config.permittedInsecurePackages = [ - "dotnet-sdk-6.0.428" - "aspnetcore-runtime-6.0.36" - ]; - services.sonarr.enable = true; - services.prowlarr.enable = true; - services.jellyseerr.enable = true; - services.deluge = { - enable = true; - web.enable = true; - config.download_location = "/media/deluge"; - }; - - services.restic.server = { - enable = true; - dataDir = "/media/restic"; - extraFlags = [ "--no-auth" ]; - }; - - users.users = { - jellyfin.extraGroups = [ - "radarr" - "sonarr" - ]; - radarr.extraGroups = [ "deluge" ]; - sonarr.extraGroups = [ "deluge" ]; - ${username}.extraGroups = [ "deluge" ]; - }; - - systemd.services = lib.mkMerge [ - (lib.genAttrs - [ - "jellyfin" - "radarr" - "sonarr" - "prowlarr" - "deluged" - "restic-rest-server" - ] - (_: { - requires = [ "zfs-mount.service" ]; - after = [ "zfs-mount.service" ]; - }) - ) - { - jellyseerr.requires = [ - "jellyfin.service" - "radarr.service" - "sonarr.service" - ]; - - radarr.requires = [ "deluged.service" ]; - sonarr.requires = [ "deluged.service" ]; - } - ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = - let - services = [ - "jellyfin" - "jellyseerr" - "deluge" - "prowlarr" - "sonarr" - "radarr" - ]; - mkService = name: { - forceSSL = true; - useACMEHost = "_wildcard.legion.rab.lol"; - listen = lib.flatten ( - map - (port: [ - (port // { addr = config.settei.tailscale.ipv4; }) - (port // { addr = "[${config.settei.tailscale.ipv6}]"; }) - ]) - [ - { port = 80; } - { - port = 443; - ssl = true; - } - ] - ); - - locations."/".proxyPass = "http://${name}"; - }; - services' = map (service: { - name = "${service}.legion.rab.lol"; - value = mkService service; - }) services; - in - lib.listToAttrs services'; - upstreams = { - jellyfin.servers."localhost:8096" = { }; - jellyseerr.servers."localhost:5055" = { }; - deluge.servers."localhost:8112" = { }; - prowlarr.servers."localhost:9696" = { }; - radarr.servers."localhost:7878" = { }; - sonarr.servers."localhost:8989" = { }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - security.acme.acceptTerms = true; - security.acme.certs."_wildcard.legion.rab.lol" = { - domain = "*.legion.rab.lol"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.rab-lol-cf.path; - email = "nikodem@rabulinski.com"; - }; -} diff --git a/modules/default.nix b/modules/default.nix index 32f8e5f..24a8f46 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -33,7 +33,6 @@ in inputs.disko.nixosModules.disko inputs.mailserver.nixosModules.default inputs.home-manager.nixosModules.home-manager - inputs.nvidia-patch.nixosModules.nvidia-patch inputs.attic.nixosModules.atticd inputs.lix-module.nixosModules.default { diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index 85d17ab..a5e31ca 100644 --- a/secrets/alert-nrab-lol-pass.age +++ b/secrets/alert-nrab-lol-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw XYwseCo1fgFTMZ4IL13orBFdnWo0is7fujpJ5vDEIXo -5L2q/5umRSXrK1YGUXeUS3rpUlaGGwCKqzvUpQ5nk8s --> ssh-ed25519 GKhvwg 2fSKj5gtCn8oj35oOgL3o8TxkkZNBlp+xy/W4mYghm8 -fNse8uiLWps7zSIY8826MRAY1PyO++G3+7tT6TDQeag ---- /1Qqdeo1Tvw3EQDGKc5D85eXTnJ/vmdtwfHf/WuvGwQ -ZQr.KG;1W9>GjE(~]3"i )1[m;ܺWqn)vsEY,0X3I1P` \ No newline at end of file +-> ssh-ed25519 84j9mw Uex/8V7Wq/9Bz9nvJRwfl5F6/QexinaDIhe14gAqWng +/lvX7cziXcohWI8FS8eybbdAaWDgN2Nvv2/3/DDaCFg +-> ssh-ed25519 GKhvwg JmC8WUB4SkpEy9nYGo9sfoNPx1pOAqvq0YDqd4l4vWw +F7KRZaLxCs7eYlPvv+yLovyFAxkahr/p5apcL+Bilfk +--- k5tZFrWFA+pUvgN2TYuIXzHBII2bLhB308qm5LFGJVg +g0ZTJJ)]>p +?LM>wПuYx "/"$L Y1T׸m֑s~ \ No newline at end of file diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index 032dbb2..4c3882d 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,19 +1,20 @@ age-encryption.org/v1 --> ssh-ed25519 GKhvwg 5euhetVuCUsVmzsFBVQr0U709Ogv6j1m+rhaS1ZXQhw -p9dTjCsqwXRFgY1qvZOmlpJGYIz+hj286sP/oaX15H4 --> ssh-ed25519 H0Rg/A MrlNR2XgW04Csdhpd1s2Tfr3gsD8l1YWj5l/5EJEtGI -+3RiO5GHLJOstxEKvNvAlZ1ycWHLUun0K7raJ/86a/M --> ssh-ed25519 84j9mw 2wIXF94Zbo3fB7fRzQWGv5mCwdiomYVoFU8p25olt1k -S2A2AP8clxTkJBtqRTTSeHeKCkcveEYaaU41di0v9kM --> ssh-ed25519 5A7peQ G+MxkpWskys34yRKVC9CEXdfqujMUG/v4Vp9WvPYRw0 -BA+l5LIAIX0/KeSRcxLRybQ42OZV/ZX9pLCHhvkI1gc --> ssh-ed25519 ioPMHA EXnV+gYXCwuE9kL8HJDxwGTWRqfJQt4gO4IxDXNXCDM -s2Ji8kJ+hl+3vy/kIIHyngIw6BGouXjLTbIK/AQYfNI --> ssh-ed25519 g2vRWw Ir+r+/jelVmGjtahgKwTkiwZUWSxkCHJrYFkm+GqTDQ -GsDZu3gaQArHOEFQH4qoJSQw1mflKWvWNYpI+RZgI/0 --> ssh-ed25519 IFuY+w tWgf0Nelr0ji9Kr9fBt+2rdr0alagGG960uzW8RL9yE -FW5Wt5OMD887sClsLF/q4AlTDocImI72az465K/qZPs --> ssh-ed25519 rA7dkQ 9apitDrmj/hY9bCHadtYFZmjGUwqXtFZiUypjt9Z1BQ -l+4ZTzw1rAYQV9dWn2sAr6Q1UtwunbelGr+UqMwetsE ---- dmVol02/2xV9zEOzA8+n5fyyjEk5Tsq/3W1yZa07ntg -P`nHmXD`7{3P}vTb \ No newline at end of file +-> ssh-ed25519 GKhvwg ZvzKWT14nrdbiVRJf4hK3Gmb7pkLA1YrzIAXi7GqUm0 +OqGUgm/4oefj+J6JrIM42FPq/2tH/evQfKYQGCSMIc4 +-> ssh-ed25519 H0Rg/A ucyXgt869tI6HWLjrsg5o65HBBHnjiAyJ2T7aCps7iQ +h58tIKkuHEFM+7VRl6u+3vvV3XQ0r+XqvUo7OdLuKEg +-> ssh-ed25519 84j9mw 2a5d7xIwqwF9MuAKv490mGUMYiDvZWK8+sLDjShpnmk +7CH1AzJQD7nrq7aKZJy54+74awO2MHO6RySq29/MH18 +-> ssh-ed25519 5A7peQ 8h1pfClbTdBZuSZyw1LcntL6QIDXukYkJ+SBmcZMYAE +d8gix1GBYjqe8nYc/gdOxEvsYNo7+W+vhQZq/RFPeRw +-> ssh-ed25519 g2vRWw E4b+U5rVKsurdddkOSeDKmhIQW5iK4hdoRePQjohM2w ++WlMZ6Yd9iCqcm/WIrzRSRU9fmqdtc2Lb79wgB945Kg +-> ssh-ed25519 B2veVw 4APxbmXkGw6O319hX1rPpgCz2BNXs1fa71eopRvgsFI +AQ3FsW+H7qYg90JG8904/N0FjxjH4S70S1Gyer1BiXI +-> ssh-ed25519 IFuY+w +W4IMgBS9ihPCEGWQw8DrsTkF8Ih5H1+ZjhmGdPimQE +qlMFMVpw6uvH/OqGx/fIBFcP41RlXxyXKJ3//1N7mcQ +-> ssh-ed25519 rA7dkQ 1XI21LILuaiYGHbdgCllU+H8N+/YPq9FyrOUTp0AXCI +vklhN/5KOmbB0MaQ4F/iIuj5ReLiBrmFQunPtJu0o7w +--- 5T2/adM9me57EcbMcLPba1MIisFzJnXLC+inc57bJdk +Ji'6&&o +k4-hu}2|1DIl9ܦY \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 6d72b95d8a061682a14d8cee73b541ab275eef8f..e901eb77e21b8f47a9b512855b2011f6c334488f 100644 GIT binary patch delta 417 zcmX@Ye1v&|ZoQXdNu<76W{HbYx_*XpP*#O^QJ7&=c%WyMuYP2@x4U1WsdI?AVWd+s zSFW#nfnijZQ-wjHYiYW#V_s%Oc37T;g-2nEUumX(dZky1etvd&kV}9Cm#&>cadC!j zYKoDmsiCEUyLU!edAfpEQdvr=b6UA$q?w^Xctt^GNqw?=PH=LhrA3l^s$Zl_p?7J8 zM|M$RluIa=Nusl3flF#so~yojg`=@oRYjqTX<~U`nWdj;exgxGvPYnQRE4&)Q-Ld& zuCA^^o_m!=j#F`zxn)p5aYklHh+9r@NLX=HfO$?@qMx@@l$*18NJ*4YS!yxYoajI5 z%$qigE7rHKe=YEBX6p0rS007(g#_JmKeIr<@KcIsb>f@ztF+ba4=(<@b&|N!sjX_i z`7TNNRb(G&oV_UM{Pbg*`#F~OGPBNzX-VAEEYw@KW^)%`enQ5x9Y0SpFW>gM{r5hCzU*Htv&Q;0|1xsqZ$AJ delta 417 zcmX@Ye1v&|Zhdx?QDUVcadC!j zYKoDmsiCEUyLU!edAfpQfT_1}TB>hynMIVFQB-PiKz)R1YLG!uQbl5vZ)9Giwoz$C zRC+*^qhUT*T2P3eXH{{SNpNYYw^^j8NtRQNM__TOd3HpYQ)xk9MN&$Ur%|eti=ii% zuCA_vX=;&MXjo)mMrB4tT24x4u%(w-Rd{k_xW0C9nrVTnWrTNWxN(VNZcaYe2PMC2 ztj~{q`BdNhSKzCR(}6o2G5411IBV5!wA=K1&gDNECtgQ-ioW0!nj3gbFjIO*bmVE} zEyCuEOIOdH^fIM-AMcKwy9O_>`79A+@O`4-#*nl^tm=QlsgQ7w;|;0xlJ-5I`xYBS0Z8+ Qgf^V{%@TKa_ngum0LK`hasU7T diff --git a/secrets/forgejo-token.age b/secrets/forgejo-token.age index 13f30a6df5f61458036e2b88da5733517ad52dca..f16f8e1c0958e8ab2e39d408d457a5771b041714 100644 GIT binary patch delta 425 zcmcc5e4lxOPQ7bRab$^;uZf#~Qf6hLrCC^!cSKc|YlW+Eq+3{!L5N3Qdaz-5j!~7f z30J6dQI2t*M^><#cZFAEhFfJ?xQBLuu~$Y;R#I|!MUuW_dQ!4!PM&{-374*&LUD11 zZfc5=si~o*f~Q+)q;|PNfU8kSNM*84siKDTx)SrfDfzpqUT)X4TP2YX9ms{ld>fNVl zTI+U7o;ELVWH?;9?_t1c^_oo|ml^b^t(fHb)#<`|i`LLBI-0vaYH+Rg{~@`>vh|p9 V=#TwVrUbNnwx=Fs6|O|u3NadXiIE1G9v-QlE@io9PM(owCfNZ2q3PaPQF(r)rRC*?`HtmWZe>xf zsh)*-#cqySsAIJzE#E%WiG`P9_b6 diff --git a/secrets/github-token.age b/secrets/github-token.age index 03ad19efe076c613adab0adc8939799c046be4a2..58d43ca2221a7897a93d333ee54d69df5e9c9949 100644 GIT binary patch delta 510 zcmdnWdYol~PQ8zLl}Axog=a)rfLoB8ep!)oXr_;aSy4)|zKda+f1*WVa%q{LWtd4$ zK9_;HQB`_wSeZwGTcMM0RgzW2&}iSVo|scX?uFq-&0od!}nvNM2S%aB_NjxQXZF zI7W%^6T?HyB9lE0gPmQI!gI??^0I@&avixG4P2eG(h^I33qlezwX=%D zD=VVPEK?JUa}B-Il8Su7!iq}VUGojiLh`wEb#)ag{F8$%(^E|x-K$KUs~k-{ok~1i zoJ+HeJpH}h3SA;A^+Q7fBZE9$BcmL-ET(O*^i(?fob&nAL(CJ+=Tw(CGnnPK9@<~% zwEbqoyv6&qU48$4-lDn5Ddxw8!Y3aS+a}~SJ~?)VZPhLHbAd^&S7+oMcz67}FgE~G C6}5T* delta 620 zcmX@kvXym$PJKpET9{LXn`fp=NLf;@xxa5@Qf{h|wxxNvr*U3kMPyQzlV4CoP_U(k z30H8UcUnnqu%otxPi9F(UUp$(xtV!Ixv{xLv0titvA(NcMXqnLe^^RcAeXM4LUD11 zZfc5=si~o*f`v(zWp24bet~;Lj(MW7X-IK!mXW@rOMQAuQm|=KftkLmOGt63OLnln zXO?GrR;ZIBmvgzPzgc;SWm#3Bb9z#EMTK)wRc?e=pog};W2#|!d8LPQvWHJvfopO$ zx^~qqF8ba%5y6gL>4u?!k;PuFRZ+f``sL0ZY2~>lWrmi?N#Q}2 zfn5F>E{Xo;rrDMit|`v02JR`9US^rzW=@8NnW_3YCY8=(6dPW(T z7ian<8fIr3c$9c#WICDn1ttZ12by?C6uWr2yQjELj%SppPc$v@PYDmrakVTgHY^E9 zGB43Kh$`{$voK0D3(EEN2rw+Ea!=I{3r^=M_X&4ObPLT6&vr7+@pbi%Fz^g^4GeLw z&<}D6aWgDSDl2u*w=A~^%r)WC)zwv~3`;h%tTOaB4E6Wbwlq%3%L+3n&rU5&G6^mT zH}Obzip(?!G^o-xNbwBh`k*8_yUWD#^%Sw4Ka;}yP0KiEgl83p-rBV5ZN7h_%+bF> u%E78Jj|%hFJ&xY|A!F|s$AuTOTu)`Zob$Ku%DqJ`mrHgoo}Bf+$r%7gSJx~6 diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 783c7f309280746233edec2a94fa38d3831fa709..48de2e92d78f71dc7278119e66b146191eada756 100644 GIT binary patch delta 779 zcmcc2{*-NkPIy*jYH(6$wp)OqnPp13zkX7hTasIGT263Aaao2zep;@vgE*#DMHZI%MLwo!hQ1c&rip$QX?Z5)sTE<4T;*v|UPi}EryHLxu6N_Gh`a}Dt=$}vjMOARzn zG7rh~(f0KZEy;5U3lGWW%5qDxa106w^2{r@2r|!!bggjr3r$Z8$}-PMOU?F)@^mT- zh{&x7_KHmA($&>f$jLS`Ely4@$SqGZ@yhf`^$1T3_AE0tvAiA zOfyMyHXSbDH|iNzrYEC&CW8td^|LGTHR`n=#*llHXr#I&5_}&-?s%>&TF*qO=Un*wN%{-`9A`kS delta 909 zcmaFLcA0&GPQ6D;WnPMRc1l@sl}CATWPpc-OQ^Ytev)y4e?X!|ZfH=tS9(!cN^*&@ zFPCvrc1~eYX^~H{k&mx-Xo*QmNq9TRAF|6OSqF)y1%PQRj^-ja(!}eP)?##uyIC?pQCfAerZl= zNoq=FWQd_Bmt%!TRk(MycW_o%W>us|rmKmUk+z4idts4lk&{PAR%xofX+VUrbEuyM zx^ys#oC$Keg;YY*-nynZ{|6j{5GUiAKeyLHQoq7U8C$ zu3RQYu1R^hrIAqvC0Uih;o4#OVNq^n=6QZOiTUB)DW>ja7Cwc!IT?kfffGN9hew!I zn0T67hFEy{hX-pXg?X8kmb-aIdS`gM8ad^q7&zvaW#pNsho>2Pa=E5Eo9CE>yE_Ml z7G=6Sx))}p`MY}tMEQ7Uxn*PqmPb`&2IQBPg?SYuPmX7lsE-N=b&Co%iO4C;FOKwf z3iYsvEGaF@P7ibo^pEh%tO!jnHjYfrPIgV^^7l)3EG&%7tSoX&Psf$V@Jd3=XMu3(YmjOE&Sz^tKF3G|kHMbj?XK z5A@5gbgQf~s`m*`^-Rond%`cT9e{G%GsrvbL4H)uW}ZQy0YZJbq$Glri|?~|BG2({x8L)n|>;kZKn6lv)ekC zH7M@-Yj7t#rt^U9;?|-EzHqS!J!pO`gguhVo^T~tvjcz&Jzq4fi;w=iLb+0FBRCCD~?=(2J z=H>_8s+DRw>51E=mkMgFvh68MV2|4ucyj*!cVZ1(jA7ULTCOiFNZEGB_I_f)5=E)_ z&06aLM2|0bxsY<}MjjnkSc7O(H@xpR7=!je}j^>p}7xA<$gzKPR1#cYzK7jmWB n({TOf+|XOXVyAmpbnegG%F1cJFm(E&Lx$?yjj1~(&y@uLNoHQ@ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index 8b55761..b192321 100644 --- a/secrets/hercules-secrets.age +++ b/secrets/hercules-secrets.age @@ -1,16 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw qVTbaORT1Ouwq1uA0cWQ3Q85tLYcq6xuZ9UhcMOTTSk -PE0VZp1P9K4IAnm/BIDusGsp4dtLvaN0/m9q9gNnfx4 --> ssh-ed25519 ioPMHA +m127XNN1vH6Tg6XGuHDbND0giQgGsMLE7YUKagZbXk -tKyYRNLt1UgnQR//64yAunpHjE7JyB/Mkdmc4gkMTWw --> ssh-ed25519 IFuY+w x4WynTbStig1Ay9gyaplDcNlLQT0kMOFOJwVvcco1i0 -i8M7n2tfBJoFNmQHs5jEaZdfKc1UmjL5y6oBCos1mDk --> ssh-ed25519 5A7peQ +XJDHQntGS+FcrFgy9X/9RDOrBMNCI8rHsicV4Z5sBo -i6xfceBN4DE9EYF8Q4PaJjX7qbELJaJ5dxMGoAIE8xU --> ssh-ed25519 GKhvwg fzJcotOtNhVeNwOdMQIwPT9GmgbE13HYmCkwbFlCCkQ -mNtYtoX8IUDgHKAQRA5e7HLZgYVI9wCF8QMm530eFEo ---- EIWU+anFU1NSYiu3O+xncDnVvJVrwHzwaAX1YhsaOj4 -%DJ#0AD -qz,3sHVbTުˇ8[ ?VgNVd -ĝȗL=̵g%ι[md6oqE4ŏF3@P\(MDM;%^ܫpxp):O9,iBT -sǚ-JWE\0£y>0;yL{t.g%W,X} JJdg3\#) 0h=lhBBXb$^ BM[~u? hlc;zk \ No newline at end of file +-> ssh-ed25519 84j9mw bwa+uUxySjFDjOaCzRiZyYVKl4po1YDaOoDQLqqObSI +ayXv7BKF5lkzM3ai3rHL8irPetF2Nlwoji2VHpRsD5c +-> ssh-ed25519 IFuY+w k98+p1XfAR7f7kbahEwTzZVA45ulV4t3INkOQMsU3D8 +1QbRrGvE5cMMKzSNXK5LfBndDBJITd6gTBg9dJWir9E +-> ssh-ed25519 5A7peQ NyqKUm+8hfHcJ760y3EttpxygXxQXKFXURU8pHg1bAw +Rh7EqnDagUFvmIEsFkjkE2tVzlhWrGgANKy9UQM0D7M +-> ssh-ed25519 GKhvwg J3b+gGMaemGwSb7jfeCug9bcjXUJbU8BBGRoTXw2lw4 +tmMZY+0SSYVxZSMDQEBWCYzKUHTVbFH1iuybHyBvor8 +--- Uh1N32VLTQ2mxhsxu40FbIv0dQkqPdfBk+q3nJ/xPZ4 +;tضl̙RyhٖQBXzi%JN@֧FDv8.D,_J(<p-<Afl)FQf+6mHݲſ~yN5؊Ñb#]y{MSx9XO3`R<|O4(K@wdMq s%XdGrWm6 1NQGJ~݃xkgRCv뚑&v޶NSf6,`K ъk1Z!T%[,a6X־NL5k^V +g}C>m5rd7Mn= \ No newline at end of file diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index 54dd108e0526d2c42e8ea042ba4d575c947948c5..a7a66a7668c205a2f884bf56be0a0aac9004575e 100644 GIT binary patch delta 689 zcmeyt*2OkKC)~>{Rlg)F&B?FKSKA{f%RIm-x5(Y6#IV>surR{1D#Izb%-uUbud>83 zkSn;vDXrAdH#pQg#m_jcFex+HJIKt)&8gDKFCs%bF(}kKAj2oEDmTqEed0&)a6?PO z%qk=8VCSgZ0GA+RHf`R-Z1 zA(c5szJ|d8t_A7ZC5Bl!?pdK39*)`tjzz}#ToJy;`L0I372baOWjP++iQ(Dl5uWMJ z1zzb9l^&@jd3ipWJ}wa%o}n(qlg~1W*Jt>;YI`ObdQ_xqS9q3$XO!e*1!rc41nL*K zmAm?e1XMY>q(=t3xaNeWb9tBK>w9H~1sIxC6q$vkxE2|j88{XMm1U>pxklwW=DB4j zM_S}L21gnAa_Q>oDwI}L|w{t1SqQcoTFhr9q(N*S>)B-ZJyd4NDDb{#mX5 zyCgMZo>9S-xzpa{?Ela&9vrypR7Pr&rTqENRptAzxN84K#`Ei* z?qucK%lDUC6GrTW+NEsv+ORlPpdo~FLx%``ax0RItx delta 819 zcmeBT`@uFrr`{sbEi^qO+q^u?!rizyG&``+GB`gmI4iU$Fe1&k($Og=O+Pgy&nz#) zlglj8+|$=WJ1f#ZuPisiIm$qcq1Uz^Obr z)hSp%J2TgWOWVNN!y>f8G~7M0G^oNk#5FUjD#ENFKiw^&%rne5BHhQNwAeAXD$>vq z-8xUV(n#%c1;?yZ_pH?LypnV$(v_f;6Y1EKhx>!k}yyPwza|L9$xtsa8>4$oSm4pWvWLG*GCgznC z=T({~8ixcLM0xua8igksdRk^DbLr~pDipY-2PRe;R2byu1vxsEr4?BC>xZSf7`uc; zq@=kQS2-3|)R!k`8f9h`mUFeo9SK|if9+${|Gko_OLaIbUw?hPSahaAd1P0t@=2M? z9~Ny7v`D?BFe%uCNx*K24xy?i0`h~*)4I9b%E%Zcw?HgXHJSpCNZa;(2Css2~^}_mDaR;^n0MMW~g8%>k diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index fbf07ad..4145d0d 100644 --- a/secrets/leet-nrab-lol-pass.age +++ b/secrets/leet-nrab-lol-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw qRlII1WyhanH2pNwSnl01iMlPWQ7tsyiNNOHPLNMflo -ZMtYsPCDsgcbN1qoAYWTBQtfBWGHzi4WKbGtpJSzKRA --> ssh-ed25519 GKhvwg Fck+71BDUxko70r43pDKCYaa5OKZipR4iNveNrJaiC0 -uZZhlsckmE+mi7Oq8+gtisDFmLEoy0Pm/9BKgRi9VHo ---- i/jgJHw3pEnMDGSjdK47mOkt87oI8szIHiIqimXVyXY -ߵSAѶBzwg@"PY^+E[',K[X~Xg{2c4 \ No newline at end of file +-> ssh-ed25519 84j9mw 9ygN4fWQWX889zSTchiwqVwxTzHzl+3PSelEpeGx6yA +v1GTvSMdbwC6U0QZtaD7/b5QbJ9j4J3F10eCUaT5COY +-> ssh-ed25519 GKhvwg 9I2sycYPtBMPZenbWLueANm46TTPzbgCa//4oKojGEQ +aEX3TQpWRAcrtJaiTMxB08L8OY/O/4JR+/zoNPl7Kxc +--- 6EB80pdWxmL1yVM+klouel5E59m2C88Dz0SH2DiT6nE +hkdJw|g~v^jq\ ' yIcdWYF?N/0+h=85# \bm~1y"qAT \ No newline at end of file diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age deleted file mode 100644 index 455628db805bf50b05111f41424a8b93b8b241b7..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 395 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7%n$JOa8z(f)-NoH z^wQ4{$Z$6fFG$n(3C}X}uF4N`3p6tbvosI$%*abD%P&lI%;(BVEpsjjO!f7v%5)AX z^EV65i86MM@GZ^BFEX!63d+^at4PZWO3e+|4n()j-8-YKJY69;z|kwPywJk3D$3HW z%EQ&T&^gZ_sU*|QB*{4}J=irOxWJ&$Ex;%{ER?IrEj_ZzsIbs0OW!jmxzyar#HA{t z*fdSsBiPI!%P_w*#jwyM+%HVq+=5G2S69K*DFUA5o_HDcYOV dEnEB}ug<>Xa!PXT@!sFxud2Vg ssh-ed25519 g2vRWw Pdv9mU1heeteeLbLFVUAIyZxmCWHNmhnw0TphSVMczg -xks6yrF0BziJFp1QHSJdv5Svo1bCu9DF6s3wa2h0Xmg --> ssh-ed25519 GKhvwg H2DeS0HP/vWKRrBszwCffNgIZo8nVymGSkWEH26Y/2k -2y9DCIwpFsFXpgOwOrrD9+HpRzEuno1fW2upd2FLbZc ---- LNHsLxE4XBziNhnXmARcxB7UWhcKNvon1sDdX6mfZaw --1dm -fR,[#[-;M}vi4x~=)oN^n"XB}W583惍fv:uZ ɶ \ No newline at end of file +-> ssh-ed25519 g2vRWw 8FCO/eYVK3KfOvdyk5Va3R9jXaSNzV+ArFVhJwJPDDk +zRBpyAtdJxg4TSsgUep66Yv2CMUUAI8IF3pL5+MI/88 +-> ssh-ed25519 GKhvwg eMLyDK82QCKJrVjtfuy5DKTNFOc39zdJxJNFEXCO1Ac +6AamgzEBeT1018cy7N5GcvgjypGPLqF+2P14h//jTtA +--- jhq8ZEIoUjMq5PH7tktWMKQuCLMKifY/UfjjM1Qn7UE +Q8cV2 ƈ4$h+ey +0#aJ`ng{@.sIgϞc*Q'&k,CuIwɘ +rENշ@FPI?ђ \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index d3b901588a4989d08f60b9d04d047819a807653d..bf3032b5b9c19ee0cdf3dbbb19a21c51e7570d32 100644 GIT binary patch delta 345 zcmeyv^oMDJPJN(3QB-b(iFb-cMTB8cQHiIQNu@!Waiw{3g}<3aN@jLSijP^Dua8e| zGMAUDt693fn@@Rgl22}`TX|q{lu1QUPIz)buyar z$x7)v|ANZG!#(P@&HNmv6mun}=(hWAt(%?v3gTtzw|``FzpAsJ9aKNRyGg2Wk=p;G sw&B^yC*)4|D=;ulXK7(H^-gT}oRFS&)IsTPRMITZrqm0M4|$mb06H&wvH$=8 delta 345 zcmeyv^oMDJPJLp5iC*sM3GZiO161oxMP`DQE`@~V^xNuX>wU)uyILV zI+uTrQ)WO_eoml^kF!%ys*g)Sd9JosX1cy#N}_gXaA~EVx1URJzNu$OGMBEMLUD11 zZfc5=si~o*g1dJ{S$VobRhp%KP;jMlR(g7gNm7MpQoUoIc43BFc|@pJsgp^Occ4*$ zkzZh8o?)N?mw8cWUYMhkc6y{iuAgaudq|jpcUW3(Qh1L-SEi2v zm#(g^g0q`ha*=;xP+_@+SxRX|x}m3EXo_iZxka(5TWGjhR$x>{aj}7`k&|I0SBGr* zx`}R5aY62@gv=f@X9*iS-G6#YddBQSA#r;aJ2p-CeXX)z<+NC-N^{ERO>%d$4f2k6 t+`hfiGv=`8)c+nTAtX zGf6Eo@JLTf4E4{kD6uql@ii{=%quQRbILObD@V7@!X(Qww_G8@DaqV0r?NC6+ta-w z*hf3eqs$~E-^`>i%e~CFq|n{nH__C~#L%SF)qpFzG%PpC$IB$D(%Gyi*Do~6-!&qw zDAFU>!ZI@=sIWZ1$i2)oC(I-w*cIJ2Q%CcH)If!(q)IctkTQcp3;#gN!m@mGmoirq z|1kf8;EXVDR|{|R!0?db{5%5}=X|bI-;lI$pU_ax+zi*Wh#aRJi}c8RN5e>OgY>il zCyTJk@I)gY;~-~8Lkz#A8`iIxpEnJnfSYwm4qawrR4>A1g4}_x%>NBJu$`1C(tyhBEwI+xES3w zPq)%Y?Q(_UDhp%xa>tw~7mKI@qihdt^Mdj`*N_13;Is&rp!DE~D!-CcM@RPvHv=vc zr^?izh{})xOYMjP|I8wnvH-_4m%_A)%D{+-!W7q%kl;dn=R)rQ0}Q_vIhvaAd2$))X9c)<=Y^L! zmnUm`XIiF*ds!4Gxu=$Rn3%al`DUB@R955`2In}YTA=&Q-8-YKJYB)iqaxI}GTF#C zEiv58Pru4P-83r5MLRRs*U>Y>GsWAvz|<`=$j~VwE0W76CpS4fBs(i9*U~fHw8+&t z#XB?AwKyp^AS%->H7_d9C(5M2A~Gp7$&*W0S69Kp)z~mU+sC*py*wwfBqO}CQoFb~ zBgMfE#`6#OH0a$^3KdN2~W=Q z2sNuR_74ipsn8ECbuZD@c1jO34Js=xN;65zwm`Sd!X(Qww_G8rtT?qiEjvHVOFzh@ z*xw@3J=7>Dpe!jr*f}Gt+^x#e!?!FmvMkco(S*xUKRqow%-AO_J-{!xsyII)Kd`{a zEFz*J*{3o)G2gh*IX%F<*d;6_&llY`Q%CcH)If!lz(P+Cf8SiE)Rbb2h@42T%t(`z zESF;M>|!5B0~bfb(9k63@L+GBtVphO?JQGY<0vx^6DPwe3y*xyfKsR6kUaee_ex9S z^lZa2cOT;-(~8PaA5V1KGV=p`JscI%jf>M$O0&blJxncqiW1YaeG3Xgax04ygCojK zJzaw;4bAjTT#XFeGP1dHoXP@AvQu-*ER70$Oe2!g0!vFwjNOw%atvJx(!z7{wDZhz z3JQvhvQ5x!OE)SD3NKek3o|p!Dvxrt$PTSC_j4^YF!b>%@=1@3G>S0G4Gb&`4~gM z&C{(kQoCHi-^nc9FRLQ5GS}SL-967EJSd{n)i5%m*vloaAkfR-JAJlBNF zBH1*%!rafTJfk4fC@HugC)dK=tJ2u5IK(%{$v-zSKitSI)F3}OKhP1~wjxLKlRAEOY;|!b%L=+`Ti(%F`9h&611qT~mD` zJdH!Wsv-+R1IsIm&9ah8vc1!iQrz;wQoTKl3mmo6Jo34+Et2&;s{DLXEHhHvtGtr3 zEj(N@bAw&dEYggt5|f-lN`eACi+l==k{r2ob#)cA!^48J-I9}Xja{|#!#s`MtD*vv zLPC5!Ou~$dy~;d`OFcaG(=tmUD^0j|h}hIUx-T1<{(;qCp=^6;&(+1!#-S7b^-Q_H uaCXsh`IwuX=a!uA7O~j7Q_ArH=Vi9*e;Ih$`fWQtE4+yRJkKR%<9-0&{!*g= diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index 276c72f..c42dcd5 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw VodL+EHOjoXj8R/F0vMQzEcnnCFzzes0QByGCDCgVQw -tZLaDA1FLFwbK0AGo8lpTJjMUnPhJh1czYVLIYjkcEc --> ssh-ed25519 GKhvwg gHaR4I4l0I+/XrbjTMp/mevEzxPJXNLB1eHs33WKwGw -GTAzrhyyDylZgExteDGpGbcS/TFX1q+NhF1FWHzNV0s ---- QS1dAgdS96KwIprDjzz6OD4qSIZs4/m9JEIsi3+kgPk -zPCSxf -žic7_2~jA \ No newline at end of file +-> ssh-ed25519 84j9mw 5fEqoBEGZ6AZRfWuU6mej6XNl6hDrxMIMMlccp9CVzg +QvontdV2/amh/i1Ldmzup8TB+lN4b0+YuoT+UFWiPw8 +-> ssh-ed25519 GKhvwg 5Qm1FPvbv0ZsJiJ0Rjm0CPm6eWKvfQ4XHAOmEUWWCiA +eu1MXEWfo425lbnq5tAOnGqpLgRVIOCkZKegTQQjw/I +--- s1g2UCKwlew0wCJSxGosBzn1K0TEbPlrIl09iZ58bMg +P$N{LrxS:=Wxc(J|48S \ No newline at end of file diff --git a/secrets/rab-lol-cf.age b/secrets/rab-lol-cf.age index 4b5734a..3ed93fe 100644 --- a/secrets/rab-lol-cf.age +++ b/secrets/rab-lol-cf.age @@ -1,9 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA ftS+6CMGsySkp/KbDBLPKeWNDK83bZ2VB8ZKMRijkkY -U+2wopG3G2AvI4KUD9tZGIrHZSM3UdyDdYmbbkllWPo --> ssh-ed25519 84j9mw xek41MX1ETVgRZa24I7n5U/XkJOqItQWK3Qz1FfkDCc -40CWzCUmxsjgmiObbqKuSieifZ2vNo965jOeTrZ8hT8 --> ssh-ed25519 GKhvwg X2YSREIPjoaWaku9qrVu04hOlZjUF3LFEUZaIMgg02s -jbjT6qoIFGXRv2wrkzf2GHx3tcku/tgWfK6Sns3uFVc ---- B/FIIz8dDg9YXbtDxfAQFZj9PCLHwI/mboBJQBuFmJg -4L7H3F ̈́"fU(L~%sbԀ~Z}Z>2KO'Q\W[όe1^I‘ \ No newline at end of file +-> ssh-ed25519 84j9mw qUAkkpjjETyLa0IZfbm8yJ2opDBBsngbrrNjwu02G0s +kpEKDzWIfskgnZYR+0lgtCKqv0KwfpxRTq9crCsjvto +-> ssh-ed25519 GKhvwg FKrEGsx5mPhWnq5vNgFgxM816v6ZAG16pmdukuBWDDU +qmPRvA2bd0W3QlR6h8BLC/O+XjTp00vYXnp+tXakXDY +--- 7FE7FzsRmCKPvjr3yOlot32FV0lod38Hec/JRaxP+8g +xA}~ H]TLزոl]0>C}J:0nCEaVb "dV!Rv z 9jO + \ No newline at end of file diff --git a/secrets/rabulinski-com-cf.age b/secrets/rabulinski-com-cf.age index 6e80a30..ad35e32 100644 --- a/secrets/rabulinski-com-cf.age +++ b/secrets/rabulinski-com-cf.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw d9KZV9S1hRXBvVcFe40S0NqWKlQ/AdRgAqdYXKicXR8 -SgTn9MXrft+sRr4I96fqQHzAdm0b21Bd0eSoYFfq7/4 --> ssh-ed25519 GKhvwg B9qTfegTwDH/X0nQMGvTKCsK2GyzJ7yWgFIo+nKhsGc -Is4Hi8B2/9s0pz/quvNER2hTkabPbr7qeILL4PhQO1c ---- 1BhfbNEwYq0ra5slik651qbC8jffR2FmnDHV3FDtom0 --oSԐ-?{r]5;+0 GoE9tHXjqj2@3@ mmkyQ;_W϶Q~ \ No newline at end of file +-> ssh-ed25519 84j9mw O57uksGzyC2Obzy7AYk86DnEFQNXt43g5CqM4Vp69jU +1fW8YTn28ju1O3tX62A6AtvfzsmKzmhe79c3DmGUPrY +-> ssh-ed25519 GKhvwg s3WZPik8t204g4BlxpHeSpnL4/IgM+JdekXJYx7EFVo +N0Pyre1DwiLFo4HUE8SFDmNnkE4XJtcyHfn63cMlQJo +--- WPllwfNX5iXFmVC0pGCNrH4T9EGRhmRwGayE3bY/YC0 +d p/ݩ3+dvv& R xdSy8 ES e}Nb#6w.wE0Q%? \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 57943fa..b04e231 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -13,21 +13,18 @@ in # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "hercules-token.age".publicKeys = [ keys.system.kazuki - keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap ]; "hercules-cache.age".publicKeys = [ keys.system.kazuki - keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap ]; "hercules-secrets.age".publicKeys = [ keys.system.kazuki - keys.system.legion keys.system.ude keys.system.kogata keys.other.bootstrap @@ -35,10 +32,6 @@ in "alert-plain-pass.age".publicKeys = [ keys.other.bootstrap ] ++ builtins.attrValues keys.system; - "legion-niko-pass.age".publicKeys = [ - keys.system.legion - keys.other.bootstrap - ]; "storage-box-creds.age".publicKeys = [ keys.system.kazuki keys.other.bootstrap @@ -54,7 +47,6 @@ in "github-token.age".publicKeys = [ keys.system.ude keys.system.kazuki - keys.system.legion keys.system.kogata keys.other.bootstrap ]; @@ -72,7 +64,6 @@ in keys.other.bootstrap ]; "rab-lol-cf.age".publicKeys = [ - keys.system.legion keys.system.kazuki keys.other.bootstrap ]; diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index 8b0a272..31a18e7 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw auP2WgwsaWjyocQkSzoYShO2kSLjn2UArvAVEhKgDiY -4Uh423ZjS7/Xo6TxLJzWqXgHZAu0xouH0UvFZuJuEz4 --> ssh-ed25519 GKhvwg JHtyTS12OXspSKP9r/a61cfp+ubYbsAXFmEijMTex3Q -wZYrJ8yIZ3v5cdBzpiI9ocaTpHbtmebEpbr59Bz3rhc ---- koWJ57H+ErMJDxW6JDNL2ImmZb6o9v2BJtaFi2OL+dc -Io5q&CU*[T.HɊʺkkpOYs,g49ʼn$^l-A/QX \ No newline at end of file +-> ssh-ed25519 84j9mw tKQQB/cd6JHCLQLrix2WGW5hHBUNC+pqDZXvTmOlOkw +lnx4olU3W8dgMwigYga/NYcjJ/C59J/uVdYNOfWmN2I +-> ssh-ed25519 GKhvwg iWTl/jvU1aBd78yAZUsOgcG6JaK+vO8Dpx61dYMjmhc +2Iu6OHlLlhJLy/cxI/zSuqRhBnoeGLXINbDyMIvDZD8 +--- eOl0sze0EOvfcAarBav7mb4B3jdBvOE+fF166oukbrk +!lxq*T,.Xk6^ ssh-ed25519 84j9mw 8RHYGSsbQG4F+mKMbXJu9aFv6xN3ZyxRBBhFJ3H8EFY -sRQonxjyqPLnL3AbfugdmraHzVK7RE3LjhuzLirImGM --> ssh-ed25519 GKhvwg aEEIBlvZ//KmEqkX1pkZrT7QK9sopwKKiD6YUa9lA3k -srUtd+v0kDfbCsZ7OwPvzRVIualWm8CA4mhgdNAJm+A ---- yWhOlkbF9GUT7OsMu3R0/Dc+nP7DrUetuPLZJFySPpE -70P`TsT=*=sp>mtY{򑷅-;M0zCm}gO TGjˇN \ No newline at end of file +-> ssh-ed25519 84j9mw C3TpEZsxJIYJ3d5vsQkCcCTity80nLsyxm5zCBZOMzk +56z54taf+KUJjDugfCGKlcbeRZfDzi3+eeanKPINS6E +-> ssh-ed25519 GKhvwg uUXJkGw54Q7dCnYobwV1zihOPa4R1FydJZehlFc5MA4 +6Zbym9jLykqsYjmb6rKIa6GExAKVVvEkvCQrzl6HB/M +--- QICnyH0PORBpoNgT3pjuhP1p8AHn9gD2OIae/9G23x8 +(}{Ԝ2˓i]UmiLmv>ke'6A̯Xi<:fU)~&Aˡj# +D?_E-H \ No newline at end of file diff --git a/secrets/ude-deluge.age b/secrets/ude-deluge.age index f9cdd04..f398be0 100644 --- a/secrets/ude-deluge.age +++ b/secrets/ude-deluge.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 IFuY+w EOJQpXxn+NL/BJjpdo8mIGfOYxcMElkVIiGx7KftrQ4 -OcglvGhSgb1mxH8M19ZMf3m6lSF0clzH7Mjikf7cilM --> ssh-ed25519 GKhvwg cr+0J59wCjYBONBcDulN8lpvZiCvULHqnwDu+eKQRAo -9q87PSfr4kq8lCDrw5Od3D1xJjSSmVv2/TXBWEBtBpU ---- FmVR9tb8wjYFb/FBTrblXMCUAMw5KQ7sX8WojcxCrbk -C<\}Jf|6G@WXc-"ϐAGZ'x_Ԡz,@n" 3[? Lb@e \ No newline at end of file +-> ssh-ed25519 IFuY+w ZigoLhwVERGG/r7uYI3DKX7jijKt+4tsiTWpbIdUTXE +k4jmQIJXr7yJOY3pkc1VnoqDgWkNr84k1AgYF7jNjRs +-> ssh-ed25519 GKhvwg FMZOLDeE2Yw1Kd8V7NTL2oQtWo4IKDUoHu/Z8Su2hHI +QF+L/Qf35wkOcgGWWRGANMJCG5Vz80epjQuwa4IdYQM +--- ZUTRNDrgxdsZsNSP1Z3BLxw4EYexr873aJrbUvIgE2I +yZͪ MXd塸*5j"*ZU ф|ݕ]a8 "Zb][9SU . \ No newline at end of file diff --git a/secrets/youko-niko-pass.age b/secrets/youko-niko-pass.age index 4c85947..6e910ff 100644 --- a/secrets/youko-niko-pass.age +++ b/secrets/youko-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 rA7dkQ etmPKjKz102knTx/qQAihC9bFvRENB0Q1DtnaQyjfm4 -GPt9OCIwT+/Q/UUDtkHB8d7T6znHy1y1NEUeI+SCeMg --> ssh-ed25519 GKhvwg qdCxGyXrdD+WQa/il8fIlV7OKdREqd40Qk0PKITHxlk -OBJ9gg+KBHi2s1HYLazy3K+yh8tvnUvmuH+riWU7K8c ---- V3FRy0/TcUdUaBDUK+93r5rH26Is/KVuNJC+1vFMsOI -wO.➌aA&ޝz [ oXĂu,ajxGƜu/eL̛/6S[SU \ No newline at end of file +-> ssh-ed25519 rA7dkQ ucrMqUlwttyHHFkJ/c5tYpHohefNYe6aJnxHMUjkUxU +RgsGaMLmtziGu/n6MiDJmkTZORTh2yYWoSS0eu9i6PA +-> ssh-ed25519 GKhvwg u7Fjda07e17aJGV0ZFK/Mt2ZbF/3b38MLydE8WKs2gY +gO2rNP64Nkhr5GShWP8zhxeT2YUKEkqN1Oc6/3l6PKU +--- H9oqwkU/uI5fZAdy+qkCW5vw1PBaahe28FTUxhEFsds +xSmL69ʎG3<4[Z t}<OdcY}>XQ^]Ki|BwDmqHX]FeRt%`Ҥ0IV \ No newline at end of file diff --git a/secrets/zitadel-master.age b/secrets/zitadel-master.age index 6dbbbf435a30fa5c1bf6a6683046c43dc7c5762e..9740ab25e8143a7f5355d32ed78bfddbcd176746 100644 GIT binary patch delta 319 zcmaFF^oVJKPJKzPzrJgcab%!(VxG2HUW&hGc|cOJe}!3Tc5Y!*NP2Esa$%UGe^f?b zD3^aliIclWRhe^gmP@&xuWxx(xPe7^x^rb&Nls{vd3t(TXqbU>X{dQ=GMBEMLUD11 zZfc5=si~o*g1dJ{S$VpGlV3rlk-tSmiEma!Vs>^~cD<#cQ>sBpVo*SiW3XjPRfcv! zrk7)Zt52RMS4m`WhDDy4WoBeWYG|=`o=KodqPKr)po?*oS$Rrox|6?=d7yh}k!i3a zm#(g^g12FEVT6HWWtEwCu192fS%9BwVMUgkez|r*ZfLq&mZ`HrQJICWMTTE77iWlC z7>{@UTnp_p%q!T%OJv#SrLdi5o*z4Z{|5$<-OujFl&3bfTz%7j*UD0Ow%%@+(}|3G ROJy&FEIO^e&du+_T>$^^aMJ() delta 319 zcmaFF^oVJKPJNg~YNfw%h(%RsSz)M2MV4i7NTPFInX`{+QhrpfpIeBNXOgpve`1#X^>I6o3TksqP^v|KK9{bYLUD11 zZfc5=si~o*g1dJ{S$VpGn^$&*VP?2tQBZ|Tu!V7+Q+=daZg7crxVDqNZ>B-HTeeAJ zaZ0duK}238SEheadPH$@o^eU4i@AGQK~7P*rAL6Tab$R2aAUrO^6r+7YI^ypOKlEZg}m&*zibRR`Uh SbIRsgP2Jj3dSt)NO$7j44RiMZ From ea9c4b1d9b199c5aa63092fd7c1402f2c2313ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Tue, 4 Feb 2025 23:29:50 +0100 Subject: [PATCH 03/10] services/kanidm: init --- secrets/kanidm-admin-pass.age | 7 +++ secrets/kanidm-idm-admin-pass.age | 8 +++ secrets/secrets.nix | 8 +++ services/default.nix | 1 + services/kanidm.nix | 85 +++++++++++++++++++++++++++++++ 5 files changed, 109 insertions(+) create mode 100644 secrets/kanidm-admin-pass.age create mode 100644 secrets/kanidm-idm-admin-pass.age create mode 100644 services/kanidm.nix diff --git a/secrets/kanidm-admin-pass.age b/secrets/kanidm-admin-pass.age new file mode 100644 index 0000000..2b229b2 --- /dev/null +++ b/secrets/kanidm-admin-pass.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 84j9mw W4+Z4WjOyUl4mWPqVykNWRhf2/8qfVOSM7QCFPNMZTA +0ndQjslMwjQqguN25nBQtCchpCLhoD/vrxh1yNVeTNw +-> ssh-ed25519 GKhvwg H8XcFJDZTA3IzxmK6wbB+PVM2gCZ4ysAPjL5j0LgeE0 +kehTMRIVOZ5ubtO7w8WF+gU3sjYXMQtd5hH+wcv3uSE +--- 72ntrRbWq8pdkk/GrsVupTttfY9t+w3l+2KQbQyNn/I +iyd$vVl TK$4G[MI[#tz:r9~ESA6}׵ \ No newline at end of file diff --git a/secrets/kanidm-idm-admin-pass.age b/secrets/kanidm-idm-admin-pass.age new file mode 100644 index 0000000..0eac321 --- /dev/null +++ b/secrets/kanidm-idm-admin-pass.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 84j9mw 8zYeVXx36dpC8TxMdoM1GdERoNNj902KwTF4h/r4inM +n3mYra0BeM4gWsZ7Roilu14o/GajX1iWw0fcy0q31yc +-> ssh-ed25519 GKhvwg cqd7YmVpbxqZxaVluHDZ8Yw0gNfJCKMmoWa4mEoXym8 +Gbcj+PJaqyPRRGX4olr7mmJ5IoEGlQaogYbj7i9E/98 +--- LoQPWI+m8s3NjalUh0+xdW54c8lgddBmhPoIiPbmR8I +Җ܉Y +9!42DVP9N]G;?ЉS ' \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b04e231..b5ee4f6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -88,4 +88,12 @@ in keys.system.ude keys.other.bootstrap ]; + "kanidm-admin-pass.age".publicKeys = [ + keys.system.kazuki + keys.other.bootstrap + ]; + "kanidm-idm-admin-pass.age".publicKeys = [ + keys.system.kazuki + keys.other.bootstrap + ]; } diff --git a/services/default.nix b/services/default.nix index 1837462..8cf5ccf 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,5 +2,6 @@ imports = [ ./attic.nix ./forgejo-runner.nix + ./kanidm.nix ]; } diff --git a/services/kanidm.nix b/services/kanidm.nix new file mode 100644 index 0000000..b288e14 --- /dev/null +++ b/services/kanidm.nix @@ -0,0 +1,85 @@ +{ + services.kanidm = + let + port = 8443; + domain = "auth.rabulinski.com"; + in + { + host = "kazuki"; + ports = [ port ]; + config = + { config, pkgs, ... }: + let + cert = config.security.acme.certs.${domain}; + in + { + age.secrets.rabulinski-com-cf = { + file = ../secrets/rabulinski-com-cf.age; + owner = config.services.nginx.user; + }; + age.secrets.kanidm-admin-pass = { + file = ../secrets/kanidm-admin-pass.age; + owner = "kanidm"; + }; + age.secrets.kanidm-idm-admin-pass = { + file = ../secrets/kanidm-idm-admin-pass.age; + owner = "kanidm"; + }; + + services.kanidm = { + enableServer = true; + package = pkgs.kanidmWithSecretProvisioning; + serverSettings = { + bindaddress = "127.0.0.1:${toString port}"; + inherit domain; + origin = "https://${domain}"; + trust_x_forward_for = true; + tls_chain = "${cert.directory}/fullchain.pem"; + tls_key = "${cert.directory}/key.pem"; + }; + provision = { + enable = true; + idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-pass.path; + adminPasswordFile = config.age.secrets.kanidm-admin-pass.path; + }; + }; + + systemd.services.kanidm.serviceConfig = { + SupplementaryGroups = [ cert.group ]; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."auth.rabulinski.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "https://localhost:${toString port}"; + proxyWebsockets = true; + extraConfig = '' + proxy_ssl_verify off; + proxy_ssl_name ${domain}; + ''; + }; + }; + }; + + security.acme.certs.${domain} = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rabulinski-com-cf.path; + reloadServices = [ "kanidm" ]; + }; + }; + }; +} From 653a847af2246d090e3e6888e318f49f2c3b740d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Wed, 5 Feb 2025 16:28:31 +0100 Subject: [PATCH 04/10] services/forgejo: move from hosts/kazuki --- hosts/kazuki/default.nix | 1 - hosts/kazuki/forgejo.nix | 62 ------------------------------------ services/default.nix | 1 + services/forgejo.nix | 69 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 70 insertions(+), 63 deletions(-) delete mode 100644 hosts/kazuki/forgejo.nix create mode 100644 services/forgejo.nix diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index df92f1c..8464cb5 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -15,7 +15,6 @@ ./storage.nix ./ntfy.nix ./zitadel.nix - ./forgejo.nix ./prometheus.nix ]; diff --git a/hosts/kazuki/forgejo.nix b/hosts/kazuki/forgejo.nix deleted file mode 100644 index 9f200e2..0000000 --- a/hosts/kazuki/forgejo.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ config, ... }: -{ - age.secrets.rab-lol-cf = { - file = ../../secrets/rab-lol-cf.age; - owner = config.services.nginx.user; - }; - - services.forgejo = { - enable = true; - settings = { - server = { - DOMAIN = "git.rab.lol"; - ROOT_URL = "https://git.rab.lol/"; - }; - oauth2_client = { - REGISTER_EMAIL_CONFIRM = false; - ENABLE_AUTO_REGISTRATION = true; - ACCOUNT_LINKING = "auto"; - UPDATE_AVATAR = true; - }; - service = { - DISABLE_REGISTRATION = false; - ALLOW_ONLY_INTERNAL_REGISTRATION = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - }; - federation.ENABLED = true; - }; - repositoryRoot = "/storage-box/forgejo/repos"; - lfs = { - enable = true; - contentDir = "/storage-box/forgejo/lfs"; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - virtualHosts."git.rab.lol" = { - forceSSL = true; - enableACME = true; - acmeRoot = null; - locations."/" = { - proxyPass = "http://127.0.0.1:3000"; - extraConfig = '' - proxy_set_header Connection $http_connection; - proxy_set_header Upgrade $http_upgrade; - ''; - }; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - security.acme.acceptTerms = true; - security.acme.certs."git.rab.lol" = { - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.rab-lol-cf.path; - email = "nikodem@rabulinski.com"; - }; -} diff --git a/services/default.nix b/services/default.nix index 8cf5ccf..6da3b28 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,5 +3,6 @@ ./attic.nix ./forgejo-runner.nix ./kanidm.nix + ./forgejo.nix ]; } diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..2f69a55 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,69 @@ +{ + services.forgejo = { + host = "kazuki"; + ports = [ 3000 ]; + config = + { config, ... }: + { + age.secrets.rab-lol-cf = { + file = ../secrets/rab-lol-cf.age; + owner = config.services.nginx.user; + }; + + services.forgejo = { + enable = true; + settings = { + server = { + DOMAIN = "git.rab.lol"; + ROOT_URL = "https://git.rab.lol/"; + }; + oauth2_client = { + REGISTER_EMAIL_CONFIRM = false; + ENABLE_AUTO_REGISTRATION = true; + ACCOUNT_LINKING = "auto"; + UPDATE_AVATAR = true; + }; + service = { + DISABLE_REGISTRATION = false; + ALLOW_ONLY_INTERNAL_REGISTRATION = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + }; + federation.ENABLED = true; + }; + repositoryRoot = "/storage-box/forgejo/repos"; + lfs = { + enable = true; + contentDir = "/storage-box/forgejo/lfs"; + }; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."git.rab.lol" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + extraConfig = '' + proxy_set_header Connection $http_connection; + proxy_set_header Upgrade $http_upgrade; + ''; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + security.acme.acceptTerms = true; + security.acme.certs."git.rab.lol" = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rab-lol-cf.path; + email = "nikodem@rabulinski.com"; + }; + }; + }; +} From 6d3115f9818e69e317d75f4a10ca6ef5cace1fd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Tue, 4 Mar 2025 13:47:56 +0100 Subject: [PATCH 05/10] modules/system/containers: enable nat for container interfaces --- modules/system/containers.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/modules/system/containers.nix b/modules/system/containers.nix index a0942f9..26e7e7e 100644 --- a/modules/system/containers.nix +++ b/modules/system/containers.nix @@ -85,6 +85,12 @@ let services.openssh.hostKeys = [ ]; system.stateVersion = lib.mkDefault config.system.stateVersion; + + networking.useHostResolvConf = false; + networking.nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; }; bindMounts = { @@ -95,6 +101,11 @@ let privateNetwork = lib.mkForce true; } ) config.settei.containers; + + networking.nat = lib.mkIf (config.settei.containers != { }) { + enable = true; + internalInterfaces = [ "ve-+" ]; + }; }; darwinConfig = lib.optionalAttrs (!isLinux) { From 106d1d1341da19f3940a195b4ad9215f2ebc8661 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 22 Mar 2025 00:30:42 +0100 Subject: [PATCH 06/10] services/forgejo: forgejo but make it COOL --- assets/forgejo/apple-touch-icon.png | Bin 0 -> 8112 bytes assets/forgejo/avatar_default.png | Bin 0 -> 9047 bytes assets/forgejo/favicon.png | Bin 0 -> 7939 bytes assets/forgejo/favicon.svg | 1 + assets/forgejo/logo.png | Bin 0 -> 27323 bytes assets/forgejo/logo.svg | 1 + flake.nix | 4 ++++ services/forgejo.nix | 13 +++++++++++++ 8 files changed, 19 insertions(+) create mode 100644 assets/forgejo/apple-touch-icon.png create mode 100644 assets/forgejo/avatar_default.png create mode 100644 assets/forgejo/favicon.png create mode 100644 assets/forgejo/favicon.svg create mode 100644 assets/forgejo/logo.png create mode 100644 assets/forgejo/logo.svg diff --git a/assets/forgejo/apple-touch-icon.png b/assets/forgejo/apple-touch-icon.png new file mode 100644 index 0000000000000000000000000000000000000000..78da40f37eb4f0f6268d42694823fcb211b5ecda GIT binary patch literal 8112 zcmeAS@N?(olHy`uVBq!ia0y~yVAuk}9Bd2>47O+4j2IZ?%ROBjLn;{G%wRmC6ew`~ zcUOqY)u1Mh4u*iPsGvowRxxlWa4cY8?GV|;62-NOL8PI;OK$};r&CDL)Rt8le$AzR zEcMV3tns}gYfBVT4CZ&lSKWgkscE|qk z;h24vZBLxOwDabhZ@f9q9_uZzIP)!NrN}oPHs(3!(|_o2{H>GU5~XXUF!|(%6#*In zMeDfF*4@o8k;-{rV$~S8{&=0*`n^>zTZpQcp%4&dHU(r{lc9r?XCNS z&HpXE{PMu{>*DKtmj^5CsXy}JXN|_Y-20PHs>JAt?=Y0%+o(R(D{*gJarld%l`Z@N zT&)k}E@p^am*r#MxA#3~qJcz%-}1wI!?dPe$lLy~{!X6xy5*NM-*Nd~Hjy@e*O0&1 zYw01$w#0@Hb%M(C&uxU(~7Ck7iDDZ!AHLJDISx0Ph;bXb8X~Oa@ zdeaZr*tLIe*l_!;f>7rML1npq`#%f`Ml%cc1+6Ub&uB~h@a#{Wy^WFt&!aWRA2(ia zH<0SR(cu^=?jqR|-lmI6Vu1oC=Tuuy} zTn#QPO9KKN6qJIPI9fOYm|D14GzCQ`tl$t?(D12lULwQ4((>)ye;KyqUZ0nH`}dyT zlTF_hSloEOG3meFq=N|#VXLS1rdr4>JN?wDp4FY#hhfUyw`Io!O=9HlL?q60STldk ziysOy;dT6#ad{?EIcE&}cE2Pv6NU}DVvn2hjy-oI4sUdRs;vF!+9TH3 zwP6<}<Jho^dzNJmZS!S>DMpIS(8M{!S$ok%ja!Zq0dp2S{BltA(5tQqy+MyYT9~J+BpuY6 zb28;dMTCynymJdgPxQM*-^>Y{v!HtKyj4s`SR9SGw>zskRoKXhbRVtwXJn+hHEsX> z#kLlGk63!WWvm*P)J;9m9QDtA-ud)PvXaTip7!i#y_;jUg#G<@X=~fE8kLPN^)lwH zuXuLnVS$3Fr;5;;dmbu>>_X&Kc1$=ZbGZKf$BGvfHbU;lx3AcI)2G}~*>iUNj$3!~ z%>O0rxtcZ6&cm?XNzrbZl3d~xFV$;xn{Qr;zmOr)`}}j|rKXc9O#y%X7@7inaDMl-IFQ}Z6Y9TWzY|81>YsdE2|G#O;+}qluz_s6r z|6{mIqYy_`XUh_H4-bb%js_-9CMF>#M;8Vr5kUnG1r~$-{K8!q?%v%!-InFTy4+iH zXBMCPv+~$2CZ}^TT2n33Yvymvy5hfl@`nB#v)5(|CjM1?vfO+n=N?^A`P#hD;+d`t zEpAJLD({~8{@eCjm|{>!+_U44AL=dGe*5k2UFW3EJ>ML(j;(qjV~kk9jakOYQ$H~t zO$xkm`C~5@-keq!p3yu7EHzUagz@4p}15oGe`gB44Tne;h+Ge5EJ)*l=_a!15>$*D8i z%J4-7?7F+|2&2n`HT>S5-6xOny2*vFzy5NK$MVY)FJ`EG{yFFHw9`))2{#C}zW#dZ zMTdF%#CiqRr2d^T=X@QqQ};xzeWaC9!q2nKaNXInDMmHluk)wy@4XbYwk<4zubp}2 zjO$5@ofaOrr^!}3FY2h}s}mN#8GS!Ic$aq2qI%kzwLeYFw|Od@xo9(YBG2TLF2DZn z+Y+TKk}=6|`AT`aCYeU76yXqCmPYpnTQ9y`@2Rk&xim;i>9d@{;WslkZo?2;-go@@0FL8x_B|{C>~+|K=Tb@uuZzY1ifyf4f(`UUbpZEoXi) z?N#yG9ydL0*)on$pVcm0HNU@|J*U=Da(~9Df|!$1b6m}roOffsG{L~sRP&<)Vm+l_PF5bqM^tx!Wq9^ZUyE3+eyLTPDpb+}% z^UkWTS$0nL)!){9QrWiAPHBox?ZlSVj9li@Nv8e3V*xO-eAOs_Is4M|t|$?Qwf5K7K!^v_aIu?C9g;{fqsT zgH|^;hh)kqZWgp+OJX&(ZB=%9GBMNt`Z=vT`)YR=@i(>1RGccdxg;$6_S!88cdy#t z(w}>q{eFJYmlqdnTKXC$)Wyzs%+Gy!X{m3Qp47ray$8H*%~D+Y)GFBkS$l{KUoso986T%+x4`8+H1bfB)|i}Sp) zOt(7{iv(^(ZaH`&bh+cAzC9oQOZ<+JJofvS;;sW<;4H?xDqj^ z{2Ln*m!wUUGw*HB+*R`{Li^9DsoLV-M7Q+q+`04ql4}#TGCb2!_lmxKq;(_?W00O<(RlU{>7X+|2>$)_Ruuh%q5M=M&fk~ z%4Scjwm#(DFXuVEfaTNTlDqrs>*E+y!)A#5$Xj$)$#UUSx4U;XCJQb2_2jQk{JuG& z$0BMURM~84E8~>pU+>CrLg;Kt@BjHTXKJ>{v2IH@pDsO@MPbQzq2?LN7Wta4+&YK7 z-IVu>HJm$lHF5Fs|H@nralwjTBv!fF9r0}3QDXCR{r;*!rTu}-t>R|GmfL8 zu@M(F=eT$ot_y5E$-VIDyt^^!H&hx~npVyFp4Jg!$hvBDn4gbv*WQ4ff z)>`E-O{@$p`Ota$iGv6zGmxQf)l3xV*NSH*m&YiPS{`srQ;5)y%re0WE7gQ0J ztYUQJrm(Wl`rrxHS?P(2TZ+nG6!=I@Fgf+OaOQ)3m7kx*|6aNDSWGQr(Ehr=yJo4h z{QrJ!ZS-Z~Ti>J)^-N}Yx76^txY7iv8m?a#bzfTF+*ey&<+l)2}v9d1qb$0P-JhEzy=#~ZdFPKTY{XEH;+jQ&f)J}G`M>h?Zr&pM) z{>r4R`fcB=1^a4#28o)?H(T^<{+tUFIe&b48EmR@#AA{+oBvnm`PSv@g0@ZDTKW6i zTKQEDANy^kCRUf(Ox(Q8SE=^po7!JrGIxp3YI?HFl;>}qUQ<8oSI7R_&nv#Yx%s7~ zFEjs8y>pY7)Wc6#SBF>seH`O>Zlj)c<4o^~mBy>vn^yQKmlZj!kKVqn=ySikeV8+A zt)=i4HovtO*!kr|B(xT-_*Hm)QJ(x`KgX>4XP*{Ncsp^m*$&T~<8S0@tv2mjvR&xa z6;T)WC3cIRwD3i);g`1yVP(x#SarEgYLf6Ro4K>Mr~VHOSn#B`SU+x$hhIjr!P;}e zVj?T<9WykyTzGiF@-LPmTi$L|`gZbKZhG6=1q*r~vNj8cEM~cNl5_2!jtfRCtUCi8 zOxW+AaCazjlD95f^NHn%&#c7@7W@n-Q+8T?ZOc=;sDOkU;`hJ3xjDK0!ki%6gPp?a ztL|uMB$SEN%0zPbM(b7ub93Da>Iqdn1kT#TwFhVAI+|tq0@40xq#H^ zoq+)h*0bH;@*qud%bo?x=KlZpTYoiAm}8^jq=1$tot8FH?XZw}9TwhtA|ey!c4xky z({kX4jHrly|*uO z(u_;nKM7uWIQQ(~2^qFC*Y41Z-4*gO>vMU(ob9Tfn?L8-etUg=eW>&UBez9or*u8f z?Y^*$>06rY{KedLe}9E$HtjEd&gT?$w<1Y+XXktMn@jIDu0Htd>uc@0Udspj0%cpS zaqv#*u=%+*di$zB8VL*Xr%gV;T_Wx6t*y!{t$v!z>=V)2mV5hIb#lJ1c=bKkV>%tL z?;9#jGW#5{>2R2D{e10I?e8*nhJVDO)k{`5y}P@6dwE!{$%}h?tHUoYNWPe`dZ}^F zY*V{5Q|r=KA+A%~)nr*!;uXHC#4q5VW+*Uq$-0GC6FxpVTCb|j^soCu_O&&VySaP< zPQ2P*5dMtKt!0u*VU|nGw#>_F?n}RM<{k|=8M!56qWO&<*H7;3Oq*AH`|@&s?X#NO zg6i(nnKZRLKHeYg%b{TOP0=ao-kGeUcf(3GUz&9r#7cdrco!j=9ruOfxYZ#6VJ_XB zX0ay@)&KqZ`MKy8-;52WrnY4Q{`}orRK$ahw_pDA%EV2e$F%P6mkq}co}RA1xZv5( zXwDdAULQ5)T}mdUUyt3pG~d2{UCj%(t83M^$=u$5@I>wJZ#RFf4eI0Qx%Icg+`@6eSkN-MTd|1%n&*Qh3<_i5f-Y*{( z-g0`8WbNBqTTjh?y3dqPFJ{Mto(t#h#zxOF-MMByHw5NW4$qDxjs&_t%R4WZ>g$Y z!xHs3sJq8QGVr`SbJ50=9JLP)G_KMv5cl{fmsK%=`^4s@FIKQm_+Iq?<;#~`Rn8d- z67P=Qd?oA{cGz~M>DAbqlVd(@k5#NXKReF!PfChSgsU~5%I7OTe|~;$6Mtf|x<41! zZ}*J!y%9@;=kDCWdWGkdlH>d*lP16A`t(%u9`pV;Rx@VJ`cz@se(a@tRR>f3_hPgB zx+y0;UQD>*jp-Q!*E1(M=EiSQtS?xdxQ}nbxyPdOXFd4v@bLclZl{aC zzrWXhVZ2beUi0GZnGTNC{*XP1?2Tg4pe*#F%2GRyPx^Vk2l zbZ2k1d7s2zb(0AkpBXh&%^S56Qp~d)v@}E)hB{l%J~MOXOwUhp>tc2WeP3}vuY6Nvv&XP<&+fc_pPe^|8MUrCKp5DJ#|40zRTBJ zw)cLOjkud?Y!bYZVOPK1%+%AL4^;g8)PX3d_RJ@>-@ z?DujBxsjU;7~1vC+78~RaWgRUv)GpV`{p*;;+*rFb8naV*IMS^ee$MyLwWhuZ!7Iz zzTO?UcURWK`2Sp4nQxcWOj*l2V|}x`TxCjL*^9T^@7tYzKK<7k&fubSCGEZMYu_hd zC`&FoQ2)%TYvY7(rZPUY^0_Ks;`jV7p8q?>`u`iYzb_W|&kB6oF|q!O(pIlWebPF+ zb_FwSc$1|x>D$hA`%3;4gwLw`c5H1?P}yb?haY!yG`2Ine7F03-1+un^Jmz|{V=+n zvzb>)ool(m;W^nM=kFZfSa_(HUHGZbZOebZn(pNGz5j6YeBHKHoHn2CnH=Q3{pH>r zfwz%cd8|wpG_QR6W5%;($!GSy^vz$z(|WwVAml`ST*brIsj}5k9`7s87N4_RzN#~$ z`Fs&)!0)EXM#sx1u&?8;TYWtuBI3oay*lrdqgTy;IwAGJoNC3oe&r)3N>?4W_*y18 zDeQZYHaj=W_Vdj1bFuKiS8~HPB>|5ns%1e_WY!c*``9hmXA7= zr6zye+t-!IE|jpzYvHUZ_ZQfzmdNgzD99N5z*WC0aKfd{9-GW|PPiz&pj=8*Z#%nD z`#-Mc?8-kaXMN1p#%`M{rk&T$)Lm6)zWL>>^61ma=B6)<&)XDhbba%%GOjI?;goDz zw&3EMuTwVMZkV#@`u&v2z8Y$!&hous#V<{!E;bX?wfg;Lv;S02^Cj0@<8wU z9%i?Fy=L<&o(a2p*G;`sCF58;VcundJG$~#w;JDE%jM&-de|ad#HwgwZPT*#)Lj!p zHnt;jq4v9PZo0`cOU=Syhse&A98HIP0=7Sx+-?}`^0xKC`n_69R{mJAmZeK$xuVUa z=7{%f=Vv{e^iA4m!~cJOp4%5Q7RH5?6lO)0GJY&8I^Z$+LBwk|rQg@Gk9V0#`S#ff z6gvN{-}&%FkK}pFh6i@7ZgcJ?DQO2hko&N>IHmfA*PZB-YYS}eb`=i7s3{&jC|?S8jwb$j8mqgOw>eTlx7E)~D$ zjLZ5T_YZn5jMUg}cSkLf$7Wx^mOt4%Cm2jZ+%7A8y|V6$cCzc9s`u6Rqia9UzVC9Z z|0Cb7yfxk_Qf|%cLRY_chO9ly%k=uq zieKlmDPHW;BbOsP{Y_#oEL~NV`d4!E>n71h)2xFpKHjg%|8M@4yU!d^nJ0YBQ@Zm+jB|D?cQ-C9j9hU0Ew;aK?N8kE2Jo`ZG8FsrhF# zSF>F0*US2#=C=L&%eLQLwTt7^#4WPbl3N_*i%uv8E{)o{@!Pa1)_?O)O^BHDUv2*H zLs#zBCV#Tl|MP(T@67o1`xY))bg)*UpttW2)4orwFI~1iTfRj2>#>sme}3&zDdTJ0 zeYu0<`^o#Ud;fmxRTp}3FHPMj(%Cel^Iyi%sI9MxYq{pUVOe*2Qr+Rjv)G;bA1{{Q zno-s)+JEeJkoBLJv-6^UmY4r|W*+J*lI(X&^|@Nz=29D7)-3*IUmi2BynFin`HNYi zGuN0DysST8|8J3DdeF41S5M3)zvR+)i@T6pG#!8v0S7EySb`!1kulHCRSiV%fMCiME+MHJF zt2p#L>cS;Hz3g0F5S^8qzhlSIazDmB34aQmUQ7(#^>*7)S!>^elRgUk`S~|g%{awx z>&nCeTc@6k0Jh%C7fa$Enp(f#v!i0=4aPnP$$pLyKhG;Cr6)r1 zq9XZ#-|Y#No8G0X*G{b#-n%eYAfZR=vjESm841(A%`pxNR4Z%i*u|>YubOtPirtbU zdyUjhvw1$O%14Fu?tWm;duE!ELwN}0uC_flck?Hvr2 z$7Rc}q^!OZ9X;PEr|GiMl~tK~N>V%7USFB*sQe>GVprsX%O#| z_g`!kcv1IMJAUVyHqP?Khg?l}wq$N)ko-~Az;1RTH)h*8-l&<@E+?N0@aVTlO@Hn3 z?Dfr1$pRCO8=lK+ckmujS8)D3qinNA{H@?%hFHh#Q26f#nLGpCeiUFf*AFxqha2Iohm$2Xif z`Fg2-t!7xFz(y{kSBcs0o!#G^S&-a*Da`(T!Un4~lH0fGE{&S2@me6Hx8&*eWx4KG zIs(#DY^;o5oUrfqcrM3UrMFaN^J|yt*v9n{IYm7jKR2J_v0Aan?!ui#2iAFpXqXx7 zR{wY`>Yeo2LLrHgH}^jFm0xIx^ZVF2D~RPNFVC)nG5N1tR<&K`u=k4pxZ9IUruBGk-=ASy6RTGmPXV#mnsmEF3zx&{qc^OGM zQU4czlJH-5sO=*Q>s$wiV-ucUIlMQZNPWfTIq$VC!dO1$Pm5_vpSpklpd^$mFJSuXvdEe-%i{3%rN;j%c_e<-4ib~v#d0% zi&*itrNVsv?vDbCnXJ|2PEI;-hI5tI%xZUCHrv82A9ptW7jQCTyD_Kc(@E7_3ucxg zm5JteOD=m(t$*jt&RA*qqG6TbJC^Ut9S(vWTqaM9)H_^Qjr@1Tn6O>&o_R*^!2}CV z>4g#{#R4rNE<)O!Z#;WU3|<5WIEj|*ZCtT5*t>su$?X;mtLaSx%Z=%{w9zxqKq~R*5e&1X6G0*Z;ol z9W`%CcKx@_^Dk~u@X1rClV!f1W*=qSuQBDqdpXW7M`iay?I~HQ4%ehg9m5=c2cL0W zxcS>l|N2?_dDF!cer-LiC;R#5F^*sXiLH$vD()U#aGdFmfH~j)#R)65a(ZT6n`6Ky z(!A}pl7r?{e~&F<9ycSUMZ+eq=yL35)`~AvV!V6gV^qUp!H|HIje-j#wp=Pds*s+Qxngo?W8Q*_3*COOYIhp?`mmmtO1 z<;Xvy)}8li?9=e3-AfNs{%8^_uCN3CTzPGv-`6KJnMD S8%+!h3=E#GelF{r5}E)S%a%z1 literal 0 HcmV?d00001 diff --git a/assets/forgejo/avatar_default.png b/assets/forgejo/avatar_default.png new file mode 100644 index 0000000000000000000000000000000000000000..ce6f7721b476e5d1a24838136d736eaa7b640ccc GIT binary patch literal 9047 zcmeAS@N?(olHy`uVBq!ia0y~yU^oH79Bd2>3~M9S&0}Ctmh*IR45?szbBB4tn{#qU zKW;Z$mwS5~5;|6?9{hXtsr#or)3)1(-v8v9Uz%p^`Tfs%2hE#O)0#EAKB=FUyb=5C zpor_o$LH*fewfbD?0U3Zsd?_)xiJd%5mL)Ex^&jB3R&5-CUWyB*P=O=2Ckes@zYeU z=&TQ0AJ<#_{M^Bd7X$SsrTGLhEoP`bQ@6RvZ2z85U%ni9et!PK%-h@6#wfgxD0vp& z_2>lK#(18(xryJ-sOcuJh}x=k zrc69|H|d>EU`s)ou;h%?r-eU0Bz7F{mp^>S`<>O__2$f(lOi`Y*=(Uqb9?*o`+DnJw)LHvXS_5NmNI1y!gMGf&35NX}r}%J22W^t(`S$JGi@UqGrX)hG^OZ`ZS(r|`ewPeS`N%G$((d%{_-;uXI?94 zv#I=~pm1)U?dttEUmb8VKiXG1@prFFr_jSsPfv5K311(VY5v8izRT$Hu2Tj@Pdr#c zzQ4Ph+Au%DX<3Wkyd2r)u$4heKfJqZ%_90=Zl*o=3{BNZj`4e|L>a$+eI2giJ1c~3 zXZuZK)soJG=S~QA%(JaN_1A5JZrq-TXXm0f?~8nYV1h+q5=)!S#0R~zc((8cJN0jQ zqu4xqw)8ap_`U~UzP*k9YqVOycy2AvT&q&2fRZ;i0@;4HE=}lqt9|I6p-YDVBRijr zgNH`QiV0`tZcMA```euO|KDE@oye@EUQ@l;swP<)9xdCNU@tjI-M{bl_I%|fJ@WQ( z&(89uX>FA_)Xtw@nIj#t+<*Qx`>U@Girl`^>bTmWk*VVIGhQd5c$?F6E_NOEN!D~; z8?{v+=GV8ktLqzQOw-(UxbbYlg;l}J`S#WS=gaPpv)y%OwpH4%#62kyn^HKNy1y}> zong3`=bKD%;N6&%Lq zN88^{KfdFW-I-a-d}phDe#&LsDtBg6tcuEqb{*z_CpQ@u2i4pRwESsa{LDw<;gL?^ zU&$hI%PRNWUK?%BVt!NX{95f_!X5X{#7yaUW3u_pxqCYbm3s~?U-0X@qUFqmdv2Jw z-Q8WTyddSME|%@zu@BGhbm?2?F6(yonPU-H zA9VG{-QCH@`&vy4_V@m)-pVIYR_5|C?f8>N6V@uH6+Ss3__y3~x1sZqlnc8`UJ9*w z`ru&mtwx>4_cm$2`;>6(=uy_&+wRZ)o$Nt9s%6HkBx%K(oQ#_TLYv%4Z*qn27 z)5$*>r+Esy6MubqY0zNvYwJBtqovl(*Jc41ax|)YA?IvH+6xaXx?{yZe zvAAR#S7<)RLeINHNwDK#;Xx-B?st6L`OVg|AG{M#?mo)f@i343;N6D_lN%e~*Z%+f zt~_q;$rE#LU#;C;{i^)je;w;0eJ62%Gb=UrCsB?=5)>GT0~fR*kq4yG4m!ox$->a?c@mSi1wyK{Puqo z&L7EqYAO_Eka9xc6La+Tyrt23JCAnnQ@+1h!%KBTn7f+4?KNh`*(TRJEX}LGz0t7n zb4n6R%1=iiNl*PJSXhq5IL%$`q~cQ`2<2H)KiKR2Y=LzQ((d_sgSheI+&z z9`=Hw zUSis-Ev6IE!1YaIUC*HmP2XwWYgpH`rQIudmi$Ix4@*^3(6dtJLyjk!tq4^Y;H;q77LXUkRsbzZQLJ zxAVy@gEB=1+pH9x-F)L57WgCRy`H_{r$bWf2Czg zS6$K0OHX)SzA1TjMv{w}SIT6I6>__38?T;k74q=+*5JHV(#~?lb3);7r^+KtVx{lz&23_eV$b&cqdc`(t2*bI z8`A_A?v87cCdu(9qs}Y+C_3b_zwU3!o_*h6HPm&f&TVL7vRaxn!6(ur@A@l&>RqXC z?(W`x@3LXzRTsn=ZbY74)F*2lWD~i&O!sd2 z{o1M%r)Fze%@bb!V47~UM#}-EeKq_c9f-!stN>$hjk+9T>B?^TrMaC%SES$W-H z-P%jf?R8cKE#+#Rn!oR-+p#Ad;$mxzb)1yEBr+~8YLyH99n|AkD_$#9#{67v+x{Zo z>5*qIzvL)ubd9h7YuYO65>h?Yq*T9K!D9U(hI_v%s zd==i1Q+w1kFMoL2BJ$%v3H$2RAr}@$I5Yh!J}ji#ykqiI+iCYSE^JCYeS-f%WBub^ z^DkFF%1-6UEC}A77t3XMQd?)2SMW)1KIs=PLCNzq-_qAfA3GnMeJd^`Ed2GVq2^7o zPf^z@#m>&RpWhJccqaW)E7z3sE$We{GxsYkUaif-J=4Eoy$k<$yVaKN-Wvk;P4$~^ zm#f}!(&PLz-RPi*nFfhXc{g84dmFX~E%o}D#oeWw^6}Bpr?dDry_>woBPFhF?*01z zvF7!=PdSP4N*FX8I%EI;r+@9F6qR!?6|bqTG}&4F+%IZ-p6uGl&1}MI@6HA49xc~> zZ7lZb`&$;n6K2z{B=c%l%=kKEt;)62FI^6b_0I@ScgcA>C5D-uZ%IY-E90uX&YRQc z&Q%ECAQZ7Bs;&@~caCZ(37$>6ex6!t!HpZf-uw?=#OP^8f9OTU#>A znj~^AcwG4Q_O|8|kHvC(txhq935G>q(-V8C6|{syDKYcKg@q?3Ph5YwjaT|azDd>< zkAHT*UM`=n@#H{;()HidizX`RG(A{*R%bz#jTTo{zJkze|D8ooKe)MR%6s|!|M%B0 zaf8sr`why1_0{uiDqkGw6c#B9uyi{;x3E{}k}y;Cmkr8s-zF-%U&`HnSB=>xa#M=q zO64cr!3G=t{CM17^xscYymDIWt?eRZDs}F+;}+(LuHt6P|GMRX;Hud>Vjrt|PT?~4 zSmE@-D$L8%(bYluobtgVpKhkl&on(2qxZG>*QUg{uC4EOYCIBalHoi(MKk!xyu1*- zp!uyOpIEPQ7|?#<1>B#io|#i;LY~-(0-z;tW?+uPF-*82O7|URwG!RC(E+ zobI(*mke?y?wMcrYvq@Z4!?A3e>`lT7xiM#Nrx?8US4)rJ5hehRcgbFiSBZox1(EC z)S1!+uCzGK*ukk6yNjjRKsR=m$h?x0M~ja2N*`u#+|0+r`0n|)=m0sh#l1FfC0Y2h zvKA^<6iiI+%dUO5^LfA@2|xReTif&bwWo9NTkP}Ontk1^*jp=j8K_arv%i0x&&zEY ztK;@sMc!E&ySr@N_NUCHksP!6x`hQ2#XjUNn919nz5js_deV|*bpJWry`uP?NdXu&MfP4JywQp*1{4aM>b9V zh;xe`9&Qg7*buSBZF%oh_A_aUW}Q0I6j+wrt9aaN-Z!gCMmRK4AL{lxkRov6o`8c!wP+d56B`~L5H@zrm)8ad7jmis(G#qXz~ z{*fd{Pt~=h_qLu&UYD%;YisTFqd`l(L}w}lhs=pM;j}yDlb{&)t%nPjcl%5z(()^r z-1hU~k)nTpD!=G2xx2f3ai(@qc%s$SR#}#os$&`x+UNK0X5N{9f1i=%w~gz93Lh0} zu9RG(HeuT1LeCXs- zW`lpbH;EqJv2dH=r-RjBU$tIkcHO-(Yv)Z>p4_!ht=u%_FZ8&6zf;W5roYZC|H}gh zeaD;PkKNA9Fl;{7BkBD2*H`BdbscF7}mad-HtB>2BVtu9qc!+)_FM*Tw97a#qy*@1M`-pNQA}c*vf7{p&$?`6F|__fF@% z_e74_x#^!x&4QXE;W|3=pG=9|oF=*RpoGSkM-CHn-&7iI+>kV5o`PN0r_SO98((*+ z9^)&$RB+(WXd)yOFf?<<ZDS6%ZI^POjNv-_2Zf%mc8(o0{jMdwfSKVW(KO6fw$fHPsn zB`-b|mCm&+URHPR)#92{8DdqRD~mW$7V{2f8JIqt>Q*wqLcGI-C>p0;Ll`uR!x4O7qG zFtz=5BiU`2IZyugwLvcetv%XN%dJLcloh)*hdtcnCSUn>#^r{pU)VJ zXlLxtscZUiEV9FP|Hf>m-A3vQHdxxRM=vl=KPU0A@WH+8`p1%CvZ4<2QYXH&naIS- z^}zV${r~^Wk8;^O%kvRv3HiY==d4ex@Hu{torNNw3jcn+E?v#HtNeXkr1riKoZ9_d zT8}JrVs;o*9iAARuyK-fyT$y7#>*FaIX`{99zR)LBXCj6#n)CPF9a+fo>ZTIEW)`M+O?XYwn&}at!2X~T6V?TXcE8`} z{bP+)>8lCCcep;g87z_iaoql2;+I_lXJ4~KNPo0+?G`&*aD#(O$ZwWOCiDHx_qdML$;Z=KTil3kBeQ-jg^tf#Kfkm@!z2^_ITVU{d&gAVEHzpr1NH9s# zb+XtkEu3;=L*f%=f&FP;cJ2H1O1p?DsNm`50{O*^&*eBPTJCc*c6>OKJiB-Ey-lg7 zAJm))I3vF%!-LiBu)1#C>Ip>$rmp!NX+C2^*2e8SwXJ_`v#j7&w76KfuTw=}=Cu`p zi%;e)k-s)og?2ynnw6< zde>*BIIp8iX}#t(j;ri)6%8!&XI5?uSCelz;JNsEE00%u!tBQhyVK0lyp4sYhw(|y zZ*1Ii;@06`y{40|&cAAt6j|YMo>Og6*BX^m40m^x7UysZo|>kcUDxzu#mvmd$9j9? z#22N^ZCb?p@tjf1YRAv}&WEs7`1x~4Sr(~$nj?6+B_sC9A1}}28Kv{K&ircYzF)8P zrTHye%}EW#s=R#9mrLI3d?vVdi%sNjFg|<5RI++SYIL`rf1y)R$P>#w;gSzd zomkay<$8#3p+|tz6SZlN4mPs~pPr^0ct(m(Tjk6W%O4SvMw{~A+~03+`E>91d&S93 z2UH}t^*D737^GFX%?q$`=v35ww0*LXhrO846dBn|2`3%ynR#tIu=v-%-|rWHa=qfG z@g(}edkMoN7E6}@wT~w=H}_BAv2W){i$Qw0@F^*mcB};qS3sr?zx{ z6Y5SoKhO6g)5QgCa|$&&lWUqDu>D|J^XiiC$&H&*PCBtQ6td25zr(x!xYMQ0ODjs_ zo-zeTb|gA!udZnImymw2HhO!T$+i4U6%!ZNNoTWn zdri}M`Li+P%$~Ee&CNp@58rsw(0Z)>#Ehdl!I_&PHa<;k-Fi7UA@4d@p8g~c0ey|5 zyA=3WO)q(MrPJq|lS@qB%B&uP+~0ynWbanJUTYXDyh%@3NazF$hvdZbcQ+=p@8n4O z`z7JZ)-~2sj&Dg8WLds2T;ZIj(=y+S%Y3DmPiE#{us-^H;%dcj|1((si!RFa-I#aR z>SvBs`MWu@Rl@_j!rrINc0St4U+OMDEns`(-m0xj8l<=roR4UHJNA#iu>6?${Tkt^ zflL=STRc`&IjqvLf0EG#Ju7$Bt>RIKPpx}&LUfIwPE)~yqq7g@R-5H~YO9{$F)hi* z>7Ds00anH}MH_M!E?{0HZ6F!&M|w4@Q~Lzo%1=)`i<(ykFQ2r7^G?Er1&&qwj&p^H zJ!LlVWZU4u_ilIDTP1VH^<3sv6Bazn*Lhm7VY{C^_oMYou6I0?$_&~Y_(k@$*;C`J zP3KP6)%^PM@`=!=ZSIGJ`6jrrTQNTu+|#=F{wRfj2u9==% zK1E1)!;_xJOm{j~3Uaf~acFaloMqzuOhh}3=YMR@cO#Lc-ghAe+RCTIjxLyZp=Hf} zcezTIz;z)@JOqzuEnK3tw43$d#-KeiyL4Z$lrdO2%Sq^4GlSFlhrt}yGeoR!JozsjeWL8!8_&$bdEt#mB+eIT z2&_wG)tgxCF0gafRqt2g2ZiSe3h~P=d3?Xtz5OTe?)mrErJLs{bldMdbNi6)oM+u9 z8FRfBv&z4F{{D_oKC5{^ujraBQEJ)#q6u0XIevY;9)G!>b7N|jy#B)M3hhtQ*DVhv zbcbzxdg77&q#OUYE_CDl8+Y;8EYsk5GHEe*+4AkH+u>@gy3fw+xjUy^FM8G6 zI~#=K?_XNNx%BwT`*n+bw`M1Ant1f@;U8XlcN(idvxhqznUSpB^M8Mz^p6)Zj{~OP zf4}ede|7hyMJp%Nb*^hzwt}J1_%#D}Y^J8}w!;6#Gi7cZkMnpoH}3q!-9PThxtv*6 z_~Q1F((0$hW(6<0t0N}ekl#AzubIT_qdz}i_B2axW{&yE79ZVx$>-LS11yKGU*G@F zYTLyn$riP{nz%UbMrw#nTlU?gb8ctRwHvLk-bY)4z@Xw|G2LC zQ(2SQwN!Nn(NR-=r@xEDD)i!s*p~Sj~LjEweB5d}Rr_(>Wa$jc z=er}!wdYUnEuGb>uxZ6PIrm`A+{&VZOp%Aa9$eb3?svg&osZIF_NcSDSN#qOBz$Z+ z!p#06Y14yakM~5KxcSka@9xF$k~{Y1wy&e|&O1CUX50ASZOI*ny6D|yo3sRWoDf`j zBTF~UdI!%xF1|@Ne||oHG^a~hY>xEPeI471l4Q%6^qLPnG;*92(XTasQuL}FhabP3 zk{WZ8rFqZP^M*5Yx-IiO+2rn98)OEZYR-3L*DKlWnp);Rw{`WYX@B?sKK!-6zd)t2 z{b}u&dy}=7ew%v#g?6H--{iax5B{HfsA8n(a^w5Er`wOJuJM~z673k?dh)8XP}%!q z+ah&B=WR+n%(gecx%R1XUW#n8;(>l2hGKobN{j3RlBGX3pEvlhkc-)!O@2{zV34Tp z=8vYrncITivE?co32Ibp3qRR#ziOHJv@KpOOJ^&+d~?$vZ?S=!rr96&ZSqlP&(1JZ zUe=-$@@0ZaQcYdj<0GBIC&WLcN}Mth`!yr@R>ZcPn@x{|Cnfvm@B5k7m3vuWYfsmt zjP!l(unByW$wJ`$@-x`mfJS z*l(0{otkKxea+?e#*p9B?jODF_vG*t?QlNN@JGI4536TdJr;a^|Ig3Qrz?Cy?G|)@ zaX#;}CHp$xRi_UD?pK%l2f3uK`EbquwASXDpG6_Qj)6TZq@orbFu%q9pxoGcbK2QU z&63=!Ek5tPa`IHqG^H1%e2X3aE`PFMFY~N_2X-lGJ4{ydOZ?p-H2U%E`0>F|l~*PIu(<-gdk30*Cw##40TY4xS}i@W7& z#ccgvGritdG0&dE>V%=yOo1(`ew%MF-%GjCc5`k2c7?0ar|tfD9POMWbZy?rgWuSf zb_yKq>6+Z3=CSbAZe7Nf9*2m>F>I^`CHqh8teC1)8MkZfxH$(&k23p9yRt6>&vTUQJ1yt}9&F z{Zg7FgIM0H`Ao`4ZrILQ!|~OkQ2v_S6xOCz_C&Gp*wU-_yH+j~=VUXmhf*6St;c?fp~t@{Ctfe7pW9HJ|MJq( zD;tyDZN0)u+DzL*Ln3QV@~+t)aeu?4N#8#=xJ%3BdAHT_tgz{S7p?hITyL}3#w_od za}yGFPQL2rHSg7_!FLW2jLaAERg9w#U$`TD)->37qg;Q4vb0N_o#Nq1lfUY%&Pv(z z=YUtjL=P>8MFmdp@9oWec&K&KYQZX%Zb3J`wH#lbPYhku@c5HJ8Zu@VdM1Buv9Lc{*4??v$T>9Uhv#j^72xU#lejQGg=uLrh4`j@9&u~ z;mFKM@tRA&ZI~B0Ex=l=eA5HzpV8ZHK07=6W%9eKmY84LcjO

~F_8d09k(kxq(O z8_SkY(_Y_FKbv`|b15(P(!vSOa;5*6oYsjKlvd8L+xY3gqpRJ~CI=$hUOW=hje2nZ z%2IFfmfaVQbP5~3JXE50(fQQ>#ZKK%#XfF({6@fb+Re@BueDQhMWb})s-|)0&Rl$~ zNrc&U$&v;x)oIz0vm-M8WH3u5zxUqf^J`K&zjtI| znVH6#RXP^?Gd0(-hGuL`yMI$>k6_^bsf!L5eSG8^GHbf$CIh2sibsl+vlq5ZSzwb| z5>fZ}Yq;&wZOb;bR87*E@K)@Pl7s^v?v)|ZI5WZ9{@;#~I?uN<0G)mJss zC^co0PQXkiZ@p{Nb(-?_{Y-mxd%OOlO(#B;U-;`~y&*hgCYyKYH90Xy=XO3-@2&+o zYkVe{21!``i8!^<&&!*AkEX6>(#^l?eJ1_Vni8>UgPzBh_cM*tHL`T7W^bPRaCJ*k z<&084sSoKpp7gUWZN4ziN$uopEt80%4P~2GRD66?^6HA_rXws?_9t0>#zs0lcKsjp z>1yt>g~}K7e7|>332QulDa7XaitE{hJm>O_9PI)XAJ#J}hIDnt7cXRHU|?YIboFyt I=akR{07Kqp4gdfE literal 0 HcmV?d00001 diff --git a/assets/forgejo/favicon.png b/assets/forgejo/favicon.png new file mode 100644 index 0000000000000000000000000000000000000000..f6e48b91dd003a13e5c21999d5341a3c5cf546aa GIT binary patch literal 7939 zcmeAS@N?(olHy`uVBq!ia0y~yVAuk}9Bd2>47O+4j2IZ?PIY-K zy$Pq(@ke>9cO04M`sm%scgJiqgy!tnz579-%8uR91xY)0^A-PF?^n1g?ku0d-M?FQ z#$Oe0U3mZX?e*(re(s-O$-n>jOd>NxIxy^YY%_-LWU4)-?3JS-?}aUGtbT zzpaXO`MW8#ft%BOrMb5!z1hM1^wVkm>3<8KP7S}+`lsXM@sHuNlVmENOtd(3vL`%~+6qPO|*+5ainJtNy-r^UKsXEnBFU7ckA?}szjscpHpTlgD# zn~M$1WLl)T#r4)SZ&j%IbW;7E<(0q}9`|Z?s=jmE`Fh>%l4`S1xrzsj((LCGaxz+i z7Q69!wzBa`-8fp)*Ozj3dcBio*qRx8KA*Fmq?dfGXQSbV=s9Kk?m1TedbwOxwC?ZM zaLv$FQ(^<0d+hrj7qXqY=q|5&xSfBx&xx~Vr%v{_yLrsv>W-SPe>#n7f0cMnHNRhT zSud^dO}~@u)dI;=_y2t}pR50y(OSuj?N-8*5I4(zKOSHH*K%!r{C&L_+CA!h+6CON zes4`Y%=VGH%=OJ*`Ob-#<-P__)7$^|+w3Wt!N=ZK9hrVS=VST*zu&$6{Q7>JoTeMC zqf{I&^XQrSVjc+t2cw6J`|UoxtD55O{zYUHd)P!J*C#ul&zrnpMfm!8d;fSWDcY4dH}zxZS?2C>*XS-x1%Y%)jDBd+SDYV~{jBPVv8^<)2=@bc19sWU=9 z3s)>w`L^vxs*9R( z(F|7MDSLk}_w|Yx8=F->uNF=D`T2SG{Fv&uTg_ImCnc7&9A0R__VkFb|CCm4ajzM3 z>i_-xwlBVC;b-&R1^XknW=%Cu-Xq!8EPdwj8{4NBybnFQ=q|tY`yR_Szv3yo-|vfV zT2TN0pHoi9hx9i`vR-iXDHm{^l1!hY=sitmqQ;L;r}c9k$`4+6*?(zsx<6;vak=U< zdIfgV4kZ*6Kl`Zhr1sSz8?Cgnvr^xGm*JV(T&P_=c~+~C$nEX<)9e2{mM@$5e(~XW zuLlLyM(ZOsIw`sE=Xg!i$yC+%O3pCZ@M713pHHX9w=9X4zH)uh;r$ct*O{en3t72h zWzf>Dz1ROAxlqBk)OWU-5Zn8`-{-|X$y(Dg^Pxu1-2ko7RZDhD7CxMny>8?8Us^o9 zfn|4O#iqxW&5V7qplACh8T|!mydQZr3Kvy=ezq_?%!;L4L^mpAa^m4b+ddij)t2As z4BAssC~1;0;Rr9^%Qv=l!p;wwres}R<#~fg)+!{TXWs;#j1ati_!MruH^I@`S`=fKbGZmEKdydky3vgby}xO z+o$o(-?^;|FYrIz{eItMjR$A$&lWI{=w2}YjO)#Q>q5S=qsKS!$q9WFVt%F%Luz_Wo&{_%8BO`s*621zYA$)R46*xiE<*f6vFZEqQmN-tBnImw9Ey z#5q;3Rv!ALxZiOf@9$(|8}7$0=~If&S-M}hEj;cO)3Q-K_NL#IMaQh?f3uvi^md(} zgXy=~>)mWu)qXh0UTQn>yu$oG|04?wp6(Civ;7jltK`kJd`?l3&8_)-*1RhJMB6vMH+OGH&rW#A@$BsE0PhW|t*@@G zzP)#KPva-ntX&~833hLN?@B(pob=XyMQ{&KUxDe4uK9`XJD!gyRgJxyLI=;b5~bQGIZLkRS~wm9iBFG+04M>N8RuH8`uAO9`@O2wDuU;voHT7dYrI-zx9(2m^SNcp&r&TM z?zvWey&BGZH^27P%H=Ipx9+v(3ZI$sOKkbV=+!5kw|nJsNme+$NuOV>=Q&q={X5e5ZLY)6*S~`z}A}Sn_D5U7bvdK?NVH`{TJ%x`CGp=sWuK@wlQH&+U-@IZML5eWXsM=c3h!3s+DhEhHg@BZL$`>bvaVriu2iV`T8y2*Qv7|GQB2i z<~d>FJKbfqCd-^uU++AjFj?TDrpNBGw|hRnN@LCCT=ez1kl+5gzi)2UA9BbLt~nKI z(0znkf6s-yb1O`wmho@cXBhb5-|zR)d%6)$jLSm;P@k^wo4HW30hDx4oS=nSP(TH>=Y5`=+_&Cihz8AL#GkKDtHiZT9tb zQzu+(p1iB{byd7KSL?~U4evUnB&WG%O!f7<`sP^aF{cWFdmXi(coJeKOx25x`oA+~ zXVI)I(NqS3-)F!5y886=bnk5jiHBIu-)#I})AH%%^7&rV7B+_Q1l>OOy4O4Ko5`t@ zOaIJ}Tlo3QWoM~*$E-R$9!;?@$h%`vJGbQVRTd`m1>A1@s}E01eW9@RapC5ytE+a( z*Zo+iw)Yu(bh6fww19qD>#$86`TyT1zOb%cV~{Mi@UHjX$~y7bl8HQWHW4x#JEm>< z{xto|+=naX&(d*N&U>c*ZCmET_xoypd({*a7)fR9KXp>WIPJ`YC6^bw^RJ${@bC9~ zRj=1dv_)A}%(v+-{Xet&mZ;{*+a>0AOD5k{`FVZ+zonwD`F&!JonpFjWf@CSq{6q5 zYXKK39xLQrWBU^Q!uoSS-S4;No)S?uw?BP(aaS`h;$zAN1} z=Y~Pz@1W=R{B1tAT-&Rl;c;X3wgrkCCvENfQu%CV`kS~i4xQW82b)+YsaSYkW;0Qr zQ_ys8j>wjSGbhyuXPi^*{bQW-^?`!%sduj*zpyqAe0FxWI;ZRF)4dXgPImwQ6xTZ4 zulxOWm%$RAb@P7779J5Sx{=r(xoa|S*5CXU@?1&wCF_5!TD|U4lJ%2!nU=Aqew}*1 z|Npwm2EO~sO7Gq7&+IcwKPOXYai}3BNBTneg7-d0FWjoPlzBe4d>-$MTQ97W51mmj zv9Q>?m9aJ}!M7=9PP1~8oOUX6_qN~ve!oBZkVCQZ;I4#R{#6Qpj<2w0;d8&B6S?Wg zymR#l3VXVuWG_GDPz*W9_Ce9~h^u(ms_@ui z%Iko<9S_+GEu7X!RGYIo2wi z=TQO6(VfrdNk?7&<-X?AvcrM_e#=U)o;|opLPLCEnN6uhQ$y0HZzXcwjm0dd7Pia1 z3hI?<{P5v0|Lumn_JtcPI)2IUvGaT8FW;0U!L_$(g~ zyi8w1RE|yS!a&KbENhkT#oxc8a#5#tUQJX$`@NgD4o_J0H7f0N&9|HBODjJ=`}P0V zmzRq(%bxVTdLO$vt+(Z18?SVWQ0_IRUnM-fhjwV)s@#(N`r2A4mitS+#SlbZb-U`1ojT{Qn$>3?Zxm?rQ$3>@xX9(0_=)Ag*5-l6{?Bur z+juTM5ZUMTbZU6qMgFss{p~b;XPaGJ&dDmUG;pz7R7;E6f?rz}?Or=q@248G+95U@ ztByA(XKYKKSDEG&EHUfz>-UR2l4iu7$a$wzq37oI-)Fh3i2ru6%zY;oY@0oKW8iwh zh@RA6zqZPiY4u2%dcAqjV{bpDRXbRtdatcPP~OQc+rMl|J^f{weD#}+zf2Z>o>KQW zzVhkRqQ76SzYe$e*PN@g=i@QyUk?*i*InjN`nScFO`a=XGDbJ$-Q|XBn|1~|2A=VW zuaCOC%v*1#OTGU0n5H((1$(bejo?#Ws*;y-fHlbY*WB`Z7rS$BY*@I&>3E-Pt@MR6 zyBFtWPMc_xdHLnd6_<6FO}=$WPoboG0{gVw%du@69|T{q+E;h@PsIHx^K7e^&5W73 zGxzqkUW*g9pGzIAZn~QB{&>*L&y;=LZE`^MT>qq;6>0uVS^B@@Qd)GC*Up>I_2%d= zvjzD(pNe&I?c)AX#QXA#Lb{{e4YAnk>tb8iZU6S`-q9Nu#lNn;r+?$>1@5{h6WuS> zZu-6O-F>&CtJm*)b=vfTzuH>o*+!|SUi><`ex6nIww#UoCOrEb!IA9FTkZAR^tsjV zH=8fVPPxgpSN_$!oRAIi?~a>h?0-|Tx$kvuTqb`i z*xy!l=ApVRaTb|xGEEPs_}^O3C|h%~?Sc4qDTDcJR`t)mzkV33_UHTl|6ljbGpt}c zHZN*L^{JU=n`(YOo&NQa<<3baAN0(c?yGX_OY}Qd_xJ1dNo-YGC*EJbXDm74wBwBj zwy_=Sk2=keuv#pqn$EPm;pLk=iEW}!x=r}Ibc~mWt`6H5bNKc8{qx?1I7+L2H2!kK zn%C^%)c@1%Q$KFl8^Mz7SQ*p5%ggWclM}19y8k{n!1?b8o2xIt2Q}$JOsH zduw!V-?HKeulJ0*L+XQ0t(M%sUHIF9hZfw^AL~u|yMt5wvAzXc^@|@}4YvdAZ@%=g z&G1+v?o#7+Yww;~xeLEax|+mvqkeq+WqQssHbP>VQSL>v@*3x7@AC8Kd|bH6@6z{M zI^pZ)l>Rw;{+I;k-OG2TY){V4HJHzLdwc%*S?VRr{pS9u_`B=tOudqmzM2s)H=WkI z%;B&|%rs=Hb330^sfwG+WL6IgjTgUH@C&`#f1~tI=TU>yuE$Fw*!%rIw@*3px+1Dh zZRJAq`S(``mc2}x{jE+iRMtKzyr%N+l2fU7Z2rxwey90iPxbLWS;r8C+_ua@{jTG8 zcSyJ=hSzY)A3D9!NUry%lG4$_77>|T^*N5oO8d9J{qkC0>&EV{Po>`N`RwN@+^gKb zO6|w?`*qpZH^`h$31Ysbv{k2}ratfRP74A1!+byDa{~6){f)9&DelR*@a=|wXI2I; z_u3U9wTJ%|lc`qSkB98`>m0u~US1l$KJJ(Cx*d)|plSGdw&X0gq$K7;I|-x`gl8C>XT z>i8jfi{I8|%au8%Jf9ZNaXc>a%-5=MzJ2|^G_KF4E7fCa&c5_bC{&OsS+P0&{ItK0 zZyMeyr!#R2-)A!^-l6gP%g;@64-}^q&h0Vq-v9Oe{rk7)f6$*{xI9sBXU;BhnP<`& zk?J!Km`%-R{&oNVzwIuZ!5dce?VCDL*}d)O!D}}ij&_N@-D>W7|3%j<52>`Pp8tG$ zKb>mP-~Z>*c1GD!e>b}T$-Q;+N@lH}sh7g`^8CXuW>YGSFGp0r-TP#HnIA!NAS{s$l6j&t5pEikG>AmXVVC}_=4CQOT1Rgv1AjSt;vG(FJ-H{IZci=URwM6+oAK9mER~NcwdbB+-IPz zX4`P6Y}Py(*3P9b_I$gQJxO!Q7O!dp^Nb4)k67+Uu%10~QEAp>b$>DYgxA+Lh1IM- zo|wpIGqe1|cQpyEwQIgbPT+0c_v@AReKEx=Z!YjBN*%u&C9Iq$aAWcEx})9V=kv{- zvu6n~KTg+aZB=^l=z{u}JBJqiD6o!en)pHG*`jlS%@GGOzgM zw)mclFZMSwv%eCVFhkt-qN} z?ElY_e@{Jm{(9qTd4UIU3#1C?oO*gwwBUo>3!7W*cjaWYzukMJWFwsH7<&8f0|Axo z#m~<~D9!-?!TT?eqEdaX$=}l}vKGD5m@C z>^lF(XOGsY?~*%LksP$|ptHfYn9b>WOWGx8RX=0iez$Bk-z=VO^O$u1o=UiSV70gY z-VnLkFM+(rwtwSGxto!)=$(m5$Jxzko_x!<);TwpN}mbdU~p{S8m&H`9D;9Io@q&hirt&Cl#yZ73*mbbatj&pq90hO77e z_7k)Fx#Zr7n=FrVQcT}+Y+beMUOn4pt784v(@g*VI+^k9pnK>lm7O*@L9Iu(@xCan zkU2I_$wK()+wJ$K)ox6F86H}87SC_kr^ z-ur*q|2_I;#TgqWa#);vqJ4j1@zY52dn>-z=-gl7eXrX8f2GyYb9>iF+r?DO|MLIu zt(C#YWI0d7Y;wFSlkcoMKXC2Fx-mHhGlf8TFveS7?@ar&$M{$H0wfX&^*JY9_z}x`$_K2X^S$RAOEdReBLx~?&Ot6Qa}8E zyX^IPZ~o)2>}tQ*`6=mC{GKOg6fLfI<-b{_f7+?6Z*Se_7c~9b&MLC!p)HqENJ)fD z_T8z+b!%RItF)Q5xpK3Pf@zlS{0n<>W?6;i-#IeN^#5~bgUOZCd7p3|(OUE8+ijlw zb;{+}^!SEv8Ts=&er0WJv}rS1w`Nu8x$=fZo~LB)Wi-!Skoes5{qHH=`qOwHANRfx zQ~UL**^1rCIu-Z&zs%{py88CygJE}faoqGwxyINxt@(l6>&%o3Z|-gL<@cX)Nj8Jm zeCnhfYKOJlxt9CyYBibuKu)Y@*U~8tU%q@`-4}R5>>}%@%l`IjJ-4YeEQ_7rw6*it zmLpHDn4Fk)V)9};vHizqOE+@vx-QquZ}Xv{jq!=(gDB>iul%C^&pcuOck3N@*&}PC zw|{Hf`Re?I9TRohI^1{PI~u{{{M_Qq()nG>Zl+6za9?WNx_@7HOIy}!Q|$}2=PaK; z2|w(zoSP>mmL+sm$V!Kq#w9(M80Wpc5wf=G>#MT2XO*p=U0d|zW;>sa_LUp!#Q@gIN zJrP#nlohkxwEN6!$@Do316!p!o_^RZ_f1KsYvD)rtf<;;ha0Z)WV3BwmV43M%{Y+H zVT+qZ4c=P9fEj*{7v6X2~$$W_|0w zx5A4%>jZeL1PjBAX$=iqs8?hc0Pr0hK^d6lj0$*_}BUY9W3+ zN&kfvybTws{NT-xe__MHGZr1&W|x-S zY2s_r=~BNICMq6Z^HFQv=gf8AZFCwr4}T1wQu9al`9rHSt{=0ao9dTmU3k0w{<_Ok z7CN`5d2hI?mGh;(^GM){dB>&)Ozu4r^81x(xlH`n{tJMF8 z4F12(vrT*78Y)_>O5iJYn`xZh*YWUzT-%f^;dkft)^u_n{3!OS$?x+Yp7yj!)lQD5 z6POC79Ccl>lu@S3>3Dqp-R|#(iWdL+qA!~6{d3|Mz*D&py&ud<`8f@(#*sOpmYoInOqW{igl2 zw5_cE2Us4iXgwWxYP$aZyr@gW<%;lO=Dh_xsr9)5@eQ1Z z10|v(`ji-bZsq)QX!Bz>TX3B9UesB^n#q4(bo;v9Yq%fn`ZdT$q3?77_bJivn8E|| zHG=qV?(Pkj5N>%~cgC@D!nQL}0e9vqWaXFnZ$01gV8>yx)+t9s-S_?V6-x^2vFxkb zG5Mg5eEpw|fArT?P1<_xz-xnJ7U$9w)<1uLX~^J^aYvJ@P#`1LOQip!0? z+ue$D?(d7`pH~ua+^pc_N7by)^Z&k2v#=_8k-)r*U9Imw`_%*6(x+%j9AIEzVDNPH Kb6Mw<&;$SuzuV*h literal 0 HcmV?d00001 diff --git a/assets/forgejo/favicon.svg b/assets/forgejo/favicon.svg new file mode 100644 index 0000000..7cf10f5 --- /dev/null +++ b/assets/forgejo/favicon.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/assets/forgejo/logo.png b/assets/forgejo/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..ca1d3904f876192769a08040304cf026f6e32d30 GIT binary patch literal 27323 zcmeAS@N?(olHy`uVBq!ia0y~yU}6Aa4mJh`hA$OYelaj)HF>%?hEy=Vxy!i4_vm-_ z4~z_q0+Totl_rR=a-OY^kbXp z;`>m8fq~(}GM-OD%Tt$#^f59pFf2};!2fY>0mwxj3Xd1{GdFlh>VwSMu-D5-gKeYe zPR2L<3=9c-UOE2%cw9dC&ySC#%?;lUZDU|yP?*@GJ&*s#larG#uZ`ZmBKP*TU5pMp zdU6g;V_;xdu<8}#{SArENe>@BoMM_Cc2^-`+XiC>1`UnmT|H-w_8s-qFaH_&wP3z= zxt^g}@-d#xe;G_$WEmM8tR>5B-@Wu^-Qgr8nK+OCYsku=i*v2ZU+iBMx_X&3!yjek zRt5%!-4$NPe9HIVaP+-;H2=~P&PuD&S0YP2COTb@WaDCB*w8#_)uMd4!T>j?hZzRG zr60w0qg=H9{`z{kbQ-%+7l$@8gTt=xc^AKDe^QL%KHijKlvfe=#U%66g}v3^JyeyH znz+PtR=n1c?%_)_Wnh@#dW=g_q}ihXY3%b=Yj?fSjoPAMoPB-W(u$9dURs^`-!hef z!J+j!g)^wHX*3`ldS?$<4BT(k-ItWLy31 z%HPk@Mn>Gn9gpu=HtXO1`u}#7#a~~Ao|>XLdEH?j;e{*=43;TtraPux+>#mm_(*t2 zh={0eRLJ-Dy+RNEJh4AJ%Tzhucc#(NHOZl(3mF&~zS{PeSG(;hd71I=&(AOM-qZC= zZ$J4vhvE2)1-mYAi|H(wu_9vQqIHL5rcU%>;bve^nQG|6Hq&)w(9#!2I)#@6tqf8< z!?a_;m-njYx#t+AdL?UVsP)NMI(bf3yIMLU-^GA|!GTfo_ZhiAoI)xF*M7;{R5)1O z-kyIw_tQS@$C-@V!X4-Twtx2P%ge>D3%>XINqR6ae3;i0oyPzF%uM6Un^I4o5P!et zbKkr3l1c}@xvkQBw|HwWh%Bs#six_bJ? z!}iNgP1j%lySSQr!`kbi;#LlCTuR>FGX2DU&pqLiVRY9G28M>7i~2!Jxc5!} z|KTwI6a5;Un9t>NH^wh@&{(-^M$Gg3^Iu(Ax%jn7qS2<#84L^!kBt0g+5Xv_dfM&v zwYAFiRX;u`ifV;;d@sKyxQ(efM7-$HkocbV2^8wmZ>HC@QZI{wo@kh-(cFa;+4akQ|19$;p^7C-Z4EjMM#T*VS@j$xXtbVgZ*t? z_y7GS&3afozGmTX8GDZC2K`X+f+r^?ifE|&&wKLa(5^mXR|bZL|UHJg;q$*lf$=GvT- ztut43Z!LQp#nt-m?(WxC{!@CwSs5BOd;iEYuKw}-IB}u~*Y|gK7dNqTzp}dEDCx<{(C~T6*RVs|y{2lF{QXtBY18fP`L93i zZaM9tcEIRfSm~x|y3s)zxwp1-3aNN3_$~NFkb&XcB{#R0NU!_rVs}efzkR#FbF$j5 z-`{sL=_GG?rBv8?JmB?}m6O*o+fE1!VPLRG7AtGo{`qh4G9N|j$Xz8X-~B!#o-i|Z zS-OpWz^5lCE4hvfUG}IEI;gVIMJX|!fnjD!jzRU0=VxY4E_-{+we0ZnT}J8W*8KAO zp1MRh;q0ydTeGezt&Z53#Oh!BvQB0`XEhT;#l6kHR;BOx_v^JAXZ-G07Zx_Z+ifbU z$R591@7xm4$tS#`wq`AT?NXi-ktM{iU{6nW8h?FV#i!^kb8~NOaQyx^t$RZA+j-(` z=JyJf*tH+Zu8-WDcC~bguaOW}H3LJ&LXSP)G$yHdIti=!D5yW+?T*}(5?FhFw$Y@H z35{!3J+e5yfr9iZ)4^X06z7pO)vmsOweImh9{2-er3Q z8pR1SFf0srJXX5-Ox@n9uS(_;=6Q48&AS`yaN+NYT@rgPp5x2AyDN2?!V8I0Y|IWF zTTQ%QpALRh{OpY4c8mIdHq-UO=09p$VEwRCagwTcTFSl6-0MPCybO>z%);Q1QTD4| zxw+)v@keI)_k8k#H>G&SMt#4+)bz|XborXNy;e7SJ=Zq08)f_f$ZS}ftcAuL= z>S^JW;N^Z3Wpi(D>lIS9HVadm`GyUdzpZ)61AB&sCWrc~CH79szKW==^ zTJdt}^b_ay{rTj*S*Nko7<4-DKZm3UPBF@0@Z>smPz`KX-6A!h>S^iy^e}CVu-zBz!1qPm1e}D?)-H&L1HJCN|am|65)q^I@~wgF~{ z_{;nI_j5ECEM#E#@1S|V;O^eG_bXptU$0&vG~L{9s@Bw1clo*+nv_(+*491=ggufACBKVNORB)ITB zz^>%Rz;I^s@2PsRv)0A!^?DF37A{iEy)I-`=ITSO+>?b1T@Rm{s{PvPrmo~pR)&WB z>gD^sPkZqE+1c4F`=+yBdy*Ha$;6bk((2vw`SpH&rQhB}-s@TX`{KH(g7Gt$8EpQv z&$RtB+ayz{o5en0OGaR5^}Pub9UAWUhLzr%svSOQvhN&=i#eJLCSL$4t~aUvQU2z} z#Tyke#TT~aM#t{nr*YtY-|BNK@9i${pR>+yuGOx-vT(OVMh1VU!1*WBZvJiKk#yR~ zK3UE8(%tFNoF7(;hw#QOcH=E-_MWa6xXfo}$=uxeJt;;K3=T|^_OosOR8BTLa`s>| zd+GNlg-m}|ZCit3y{2ldyk!;S#>H4S zG31!+dAGWMKcAn>J#^^Mi=EHs8EZ>S@!TQG@NV+{*`i-(8YZ(jURbqbn$QFB{8dsr zYJY!w;x=dg?D{ja{I=gHjbvg}*xB=RSG)cE@cG8+e2xGA{(8OMq zR>$qFn)#OfhsO?9h9wtLJ)U|@QsLB%*)f5MnNQYg$!>mr;RoWgL$V{Uua8&X{-}8O z(^FFqUvywt^Hblj`Um?rSI!+=xu2e#41K%b%VEyaX@W0r?pVL)6W30e>-G<1SG=>8 z;%Hc0x4D$RzD`3oe%~A>{w`7NWxLqIT@w`k=J(6la&)AfpZ9j(;zkC6_+ut#-_H|X z!fNQOwI$=CQ#pTKl*62!0Mj?|^?zL-T)ueV71M#t3HQqPyn8rbD^x3Ld!DT0hnnwq z%Xd{5q%sy3IT&vJI{(Z51EPCAJvq7fb%S_niXg)Sk>*nV|0yRYJ$$Oc61FB{;qL!s zf*aW)LwkQ+i_X9JIN|g(-CdWa$aoi;2pkanHB0tu^qvYs$Bdw@+3QZ9SGu-f=Bhw; zUMZIkOYZHhp8b|RL!aTmIXiRDPr|o~|1DU3byMgODUI&PocsIcDjaiXe*Z8-p&_?c z(^7Fd7Nj$e!N)?}( zVfci}LW+YyHRaAV+dun%z0ziS{lHdYR`%79BNArs+~}UVM2ulttH}P!&(D@>hp!WexXmtK)3CUquHe>YM$6Md2d?c6FfG`|z;JqQ z)uR(L43%YVtEL?I#l|DCVE1t`@duOd?Aof|G5gus*|T|>ZgDbjw5~FeTTwUNbF$jf zudlBQ-#Gl`<>k`v*Q1zfE(Kj}P6jh8Juk44iFJcK!vU)w=HGa*`?pF^C^9s@W1~4zFL;TV{cD9opSaYvyCc)g2bki7W&O02Th+HjPsjkvvT)# zKCuUrgIAdvtoi@@d<&=WnQ2UEoD3Yt3iqGgb^qc2f8Xtyes^|sEMVajTCwgW4`ZC| z>R*Oe)<#c1uz!|mcA6PShV~uJ-968YZk@=`SlrjsWpwIVT-&*KeA6rU(WZmKGdbh9Mue9#n9ZRO_$CBAc zzxIMk;gxsi@lMwYUB%$neh`%0Z}2NT(tf>`-R|AV8_LO1Uk)tT(zE2yN`>~G)2sGP zQ1KMHwWCnE@o(w7JCWb3&#O7S)(pM-+H0y-phu#;gY-kb>nRghm7I=+Nh&Y?uKeV< zPouKRw2hwSch!AoxtwFDsd6r!>&v=Y1w4D55 zTQ%(gD`VN0#qWN7l3rYVU`^!alKqcwF>U#^LMr#?r>7z!H~1fX`@>MbVp-~Pzqww? z$NQcJ?w$B-bN2OhHHXbMX@#u}YUL8w^NHM)@^FdnK^cKR%E^0r%2SsJhq3pTT;Ejl z^V63H2bqibBKB65>ZAof^gqw``16#+#6*^ZhIM}`%-^%mSn%uKzIP{{&9=yYaBE+! zwQk&=8ESrWJoZ+7UF6m)b@8(oF;eS1r`ObEm*8G>jU1pd3f?cnE`^_|JZPL}!I`~3Bg{-~O=4RCsY82+E&V5x~)W@>=A#eNZYik#;-}kHQa^I@% z{vTq}sV2^!6!&*6zjfiv!OMrF&2ki;H*<+l(uxj^j@jZan0;_}0T!?@zpb zUsm$whGE_7C#(85N^<;Z+rwmNcWO`I)p;*3FL$3PKmF&k+4&{=*D^85Z4Q~r@Zwmn zbc*bUd)4n}+8X@gO3zsRtFBv2S84a}-|zRYOg!8+#iH=hjCpbqDvOtVVB7Wb*2Lh$ zO}l$!EQ7w!t_rnblTKS#VJ7r`!4|O{#n1Ufb)&AlaSRN<5g&Q=yR=D$fF7D5x=k{!2 zx^+_F?t(Dk9_9sy62_pc6J zo%Su^hs%xY30KP>3GR)aV^!K^_veGN+>akt0u~Q0Z9Thl)wdHf3>OCqu-$q6=H}*I z_fI)6wz(L+t1uIoAHU6RN7-Acr|0HIUq2~-qQdz`ufOYDS+u{ZqLLItPKGR@xg zD|eaiY_qPt@~3v_E?#}uc%JICLXWS1cOEfjelY3$FDtDNc5dgt9lw6sd)?0?hwA!P zEGxYmcQE(zGT)G0C7JQ*%-2qz(4Vt%HBV4#?~|v(Y!ein*{;4%TFFp*ZR_9P--T~@ zAMcYrE61|9^{-D*?exR#{K5;bS)QF?*gUWHTVy;N9FES?)9Q()7jy ze(YDpXRP^ASF^eP%@U3VwZdC=j7sx*49*{WcxhR}eV*c*n^G^^GQ2ybq4#ES!>j6= z4+q&<`mO8#*<4*0dwaU$0cOd)sVWh*lQT*@j#wMLwzI$2KY38l*^?#=trJs9q+96@9VQ-#){fd3TS678{9td9Q zHPvMH;)k&*3?*voyz`4b|G(^(-_RX$zj5=k##>ichp&v>oVJgLN$;jXzJu!3@`rCa zZ)|7L+M0Fs(h{Hcx>fR*pPik}`DVRqw^*9_|9^+%>_Te)DLS_a%!uAqvQqzOo7^dh zq{+NZA5(I|Yx}RQjSl8v&|2ZfCEy*R+K_*LpKn6_9?4Y^8|>zhRmPN zzWw3Dhb#*|9~F;(@vExrVbaskUZaW+2}N>0e!X75_i3NM!kX8iSD)wI*w~ z)+%JG+*RYcsS{%&j*DG={^!~3e2xP?^X+O&YHijRZ0uX*_HdNt| zv*)V_{Q9lEC3NHFs;^nD`#4e`Es#+9>B2UzkYu6=#4bm-`@6;e;X zyuAFxM?g%>?dPYb#=9Sy3ts!W`IYhiuh-*QHWt6Uq-tmVK3AZ?&#h2<-tXt;*7*!> zy;4hG-(Jrp9{v2Lg1_z8DVw?1GCaTd++2OLPorw9>DBPsv~_*r>N6xCJypzK&XOnn zR$i(##U|wL>I#R~ya$eS3YY%<<@+!x+*Z0pyT?*qCwf~?fAy<6k>|Rz6yIq|mWP~X z`2PO>@*U1>j_VdZPc42B9;V6h^`!dz3Hl7nd}c0seR*oDcdD}yZ~5c1^VH0L=Ne7o zd_A-G&-=#Bxwp;Yzp?gA5sYVXPm}x};_mSO=X3c_tl*YT?ao~V>R*>h-IL{ccX3my z_h#w8`iH8rR@-Gav+;8LDG%9@a&po=Hpa_MQ!F=R$MkD4pP6m$f4%=T$Mjz=R~59w z)+mHKE_28?|9$RI)T9$T-u<+ktm5euzAi@bzhmdaHeTr}X%-!>4?2N1lJ24P->qE9fOY4G6IWA@HI)8I>`pcKg=bLHEMn^`Rwm1_PnO6KDD>>gSAtd1M z+@sy%%V#h|?5o+i?!TF+-d4x0Gr3}-?PlCxRBAuTK=Nm6>6D<_bK>ze6PcK;S5zKe zG5xQSWb6O4A%AO=kM}K=V0f_j(5`*AgLYgIJ%3Cico`34->Hm8GkSOqS$$h&r_P^p z;QzBTGn366o>(X-@1E~pbLZ=y>Y!ylnIh(0oDE-JUw{28H~OK|%aGoKOOp@YwJLv? zQ#Sd3v|Cal@7$328v_@+i5Sdqd%CJR?eF6jd3MILq4n(HrQMnhy3yNS{K{c}=(K)? z)Z+U8|5)CMNlJQNT^(+|`=r0nwFz-w+fMv^TPbeMlD85xE}HiD@r0f;O7Etv`d8x@ zFB8nLyX@_yuh;!sxlKb&+5A5Sz~DN zq3mg@{{f@N2j9&;waR{R?(J8mO0 z{OfdMmNl+YOglf%_Z~x?%S_{Rv)u>(`?vU2OD>7Be%9nJAoKd#+RxK;RxF+VrhekQ z|Gqnmo@(eZ>?qk%7w}4N{%WbD%gcP9@E$nUE3Fy1DP@;@a7z!DlF6hOX^i`Rzq4+7 z5V^BRb^q4cUnh1st?hcX|K-ii>PJ}*%rs8_Vmw{XIOwW?xL%AxJj0(~uh)y%*VWwR z*NSmd6qH&UGGDXy*O!v7uR@y^Jd||ZY$v3)ctJ&w{S*y;fe@RkUym{#N)=mu?M713 z5w?T_4UB1*_ozFU*cdGAIlSupm5s^nO%J3@GA3+SUJ`la@idJf>*J+=Q*FJ^EGwCE5}Xs|Ld9_WL;k7>+|bG<@x&M0Slc( z!WsVm`@Mc0KcA3Z@!`#a_o`m&c4;#BZ3$i(q`F!9kBsC;*Mg&yH^zOf)CyncBM?%< zGx_%2HT`G0_odAY`M<|=vYLoH!=58+U)MLcb}w=6^!>1W!v+Jbhz$zgm9={}c%SG9 zs+~8}I9-S(yrN>qcI74Ur&cWamG0ceqsXAc_`_W=RJrE!S#uHg1{LXhee87_P5F~v zZC>Iv_0)-+8|z}NSB0;a3tba2F|PJ&s8-k-iKl00Pyh7%y#L$V+s);o{HjS2a=qw>skmOziOq~%BAQMNjRj9niJmjc{5C;OyV+KFuKt6n9QkkO?SAW+W?X34 z_y1pY)b6sk!mqzqe|xh~#dDIz|J&8y-wC!HJ26pt>-8{OFjQ_yk9<)ZhPSQ@l3=bI$E;zUBQdRbn1l zhBAM7aj}_!sq^~dpKr{=pM3s$@c$uh{R+m3mGAQz7*0>qy?nQR7RU4ztFsu+oqekhDggBJuLM7@4!8NSI()s{ zg^()@4BcY7m+rQ|;+~$dG^-(Wb=X9EhE4x_B@CN_mixWE99_RQYHQEtoeT_(X6ff- z?(SVNt)TPVDz+Q@YONWMl!pJ6&foL!a`S$dPN8F;95yg8_{_J9E%#rg6tigeDn<)e zr6XcyKfk`c9X>blymHZ#6OP8|=Z-wvw}839bF$jYcfO)6-d_Su87AdAM(RySh-9 z9Y-=knG>?aYECY+&$^;9|I^RUf(|L~nHjWS-rv9f-MmnT9Y<6`nP)r=XXoJOU;gXs z>+0GM>1St6eRh7nKLbP9<=y4^clW-od?<9;W`9i+3#SKr!sBDTG3obTAKqX3`dZ23 zW4ufZ8y20n`|VTy|CCltQd?I0Hm-zI^NW8J|NpSH5K2v###h_x1YP=<7eq85!2Bi`<;H>h}$2NzNAUGeK9Q*ni|R&d<5IX{Oze z;AK9Z_W%DFGcw$8ooiJZ@_qB|Lk)}!38(I7@BPQb%5`C1?Qaf-1Ad@#{;KWUNd*&c z&f}e6k{MKF{=g;R>FMd;t)AXr7i+z%`n%rBgU#&xFMfP{ye0d(-md!pc8m?BQ#6C! zO5?2`zG8IPlydUK-3_Phi=UlY#$UJY-S^k)_fKLJ<$w9)zZp*pp#E`(NzxT_eSO2!T?>Mnug5f~@`S0l`CLCO@WY;TgzRavrIMX|NZG&$ex ztv!{S4MpofbL3op<+X2a7~a}dy87ccyV6%7QZ^L^rJ(63nJ=fb*MEq%etz`9`)Au7 z+*}yEFPtsW6W23hXJ$yqd46v09d;(EkB^U=r%C?Eogu%;CidPEPvOT0Z*R>Ge|2$j zdtgLI@`(wGZb$X{3LhW4_~zzj`J+=bgXR8ie!uVcxgX!zc_a?hv$Y$F-e2Y`t(=^A zv`chl#Kxp4+TnU$v(0qt`zEm5FPM-jd_brq^UU*|RSXAuA4MHV|H=H}gY$==gL5p4 zIT&;bPj$w-h3vnox$YiIM{5wsX}s(HH-(2vlS6wCxX(Vr5VNbK^V*uoi*Ge6RlF-|zRC&(6%;l6TkYaqc{JH--f7nj+8dzyHVV zI8ouse8e)7^FfYH|Ay=9V!ikO`NVB+Q&~Jeux4@KVz-c;MX6eWi&*%@emrqFu>5i5 zXIcM~)AeF!nafJKOIVk@aEPz{I<+t;@zax&HFGBVvlIxaw98**ZkVba{_35iJcqdC z(ySKH?12Fz8_)H1v5PM+_m@7+D+8)(a&K>wJjmQBsvRb=G2^0A)TWfqkNf}s`RxDi zxs1)%e=qhwZF2eZ{G-);bp{5%lx30(SH$#;e6DiT#NF;>U|{(1V?!E4fZvW2<*VEt ze2rCSVqkc2fB*hGh7XGhCN{2evnYQjV=2hMa3Fnt?J{YG6j8lP;TIYDY&Y{TFdSGu z&4jsO$syOORZkb^d*oLnTuutrEP*x!_4hJC%AB`*Vm zgNsYcI-v(44~;@Ym>V)LFPnInfq|jmSm0gGhJ%MvPpy(ly0fG3i3tM(!)&wMOS}wr zVtT&Y%f#Jbv{ry*X8H%{4d#=vv`1bbpB9noE z0kqtx>PNh|Ug_D*hO0tWI{7g(Fa)d!P`t{Ju)kns^1R-_RUw*1QVa|YJd#E$*cj@$ zrr&yWQ=;a z1-`S*b}>4*Jq((^N-E{_G~Fj63=9mSS|I_pfATrRvlmG*=)~-p08;wkX8Qb4UWPIb z@zo2Y7SK9M zRtx22n8q!j92%?)>XR@qFj(K-o|y-1v?o6xqA9qN-%8+nlLm~?ULxS;~Gk)fO|L?8fc@kh6a(i1YC@k{! z{rwhwmtn!W3Z5guvaCAc>tsN#^L=}3YbkTXa#owf?sVtWGczVKFfhDP^PZ-&s{McA zLYB#)iAxo2^yxjFOIm6axCZzAS5$M@|hdNn=1&eJ&U%mP+!F^T$n z({!UV&d;+wcE9-Nr_^1QpVfZy+tmD+@agI4<)HFR;hJBCSw%s>6gyUwSIYKrg2w{&W4ne zLb1~F69oMo*7$~*>hxzYGBEv}wy*ww-DAcR`8WQg-QAKItQEaY=joZ5lZ8~hj(k_X z?z$>u<%^%s=P$ps)H@i|EN^sjabekc6*Re+y_(;3jze(h;cu_5c0b}`Fep78{K4kw zIetUGM?ss@e6^ysXe{-gZ^y>(>hky3*OR?vZ*RGNd~`H;tLKiM z@nmB7z`B2~oK3}qy5DcjUtM1>Z<=}O$O_#_MyXyld;UuN|MQvOwrO$weeV4YzVmve z?dxiG6+C2OWcVY#|KjZ!@d;azNpP!%EGgrxN%)f6}Bz*5TsB8|6b~#bu_Jj3H zQ0cb$_5Wtx;bu5D-#-6M$@`m|)k9YXwHl?J$=KPhByRZlY<(-2=pyrb70s`%t@S=T z%XG0>?yU>QE*YMyyx!@_m8YFzspg;u#eTRD9P69+f<;?3#jFD-O#@0qQA-{bk&+39cU@s zY<#&oXsOqix7+UvweZQuKR#Pg`}>>ewU?VyPpADfPrBzTpL4(d|K4w(x8&Zw_WW$W zy8pZ-zO&6FU*@X&&+~C^<1zFz+w=e5?~t`ordpw^MDklq`~*KZH2HJvIQj1G?nrAOs{M1%m*o7Li{1Opmf8Qj zWBC5iv*Ii7_x;w}Un>2461TYCndeg~52SZ)jhUy)!Sz77qD%JLH_myt_*-|EzYl6; zVx2O-Gu_XEQSivUO{u3#uK#K5sX6ri!QBVG8yW9Al;q#s<970LPkjAf)BO)K?r*BR zJNZ1fbkUbRgobxj_a{vZbvSS)#AMgn>sx*-Jez;> z&xN?nX}rs)T-lduo^_=o>&gnp{Cz*w_NNxBtrOUjsvNaF&)1RBCSq%8{KNYN8Xx5} z?`>c7E63(T|IKx^prIzvc7^i2ySX`5+*;N4T-mg2bNTzYb9;N)SMfG~-o?&tl6U9E zwc6J5bL|rI&t5w~2j1)RAKu^hEJ~ig=4AW>HojodEubNqo31G-D*N|7PRzRe zK$yjmagR&t>wQKU7Zf%%@yS|g*xxrkZ}a%^Ug5ewAKf=+$2zmH{#mq(Vb9__dVKPB zZ%(i$g9eDIzrFc#h+9A4WK&smw{)Ir6WgkldQA2iZ<^|R!Ys}mOJDtS*#Y-AJARyey?+0>n^!7|71kFQ zPcu5V;aI+*o9dRAmzPURbBC{uN|kA~uKJ>pp7i;b!IQ-`e$osd__8@HTsO&Avp!$E z;g__|d*w&L_E`sVlZ^!SDk*Q~kn+%Zyy|)D1JiZI&(BSa{m^VGW-fAX>G{iLbMF7y zxIJgyw6MRwLF0nw?&ROt(D?1m&BL=JDi|JBGpXJ=vaw9+kXLQl`G@D1=dEd~|6FrF zpw`dNaSdBd(y1p>=0c9_%3nOq-!ywq`1ayr^S)oNw9h?UTYLK7_xtrPpPik(2^DR%cMkV5-A+PY)g# zp7@qNP55asgXD?a+L^)Wf+tcl-$@7v#&(}K~w z=S^1GX@|44xJQbd&1$_fJ1C@`=TD2iyYueG#^ibWq4O@fIhbds06 zQYw9Yt@qA@S65e0QSqFlzOVk(m6dBJ-D&O@vNBT?$UoQ8@bH)Dw)e_06VEs8c>n42 zq)+z>e}Bs@Qj9aYdalRixV(`N*M^?yCY+fu6IY}@IWh56->q%A(VMu|3B9<&cmOmn z%k*zr*6R~W*G6rfGXLlE`SohsA4ciKE&FSJ(nIq=(Z8bXlh-DxdTUv0U%$Pb z>s;`ID~ty~9cHGwT}RIy+a#;SjpyW)Jh@jA`u8*G> z`{@bSJUJnln*P-4YS^LFwz*ae4~!29Sj_3Y#Q9f6N9W9@qq!CEk@VEQfqEPVa`ug`Bb%%DJy1Hh! zd-|y{Iq21Jp+-&+0R+7`!pP= ze7$!2hH#Yw*VaZa|8-`M{ehD|Rclrr+ZF1@#<*>Q$Fa<_R%^4D{jcRRI87Waoc^Cz?|VH#(fNeexA*tozhGo|pWo1MzUZcP&V;1zhxzS8>hkWX zyby_rS1o^cXJ5?vg+@Xg8|H?r(rT2k|NCXKc3#h%BZs_pFfE+S&hY0MOXK0@@*FYV zJx@t*3@X|o)On@@iiS|usAELOI$nWJD}lyc%hhuxvhooo8OZ?34ztE-6HS2Od? zvhekB`||AirWhWn$g^OpS+MIy=H+Fkuexu~DYJV0;^N{I!#!Ufy=bpbm>#R(+9hJ4 zE2L8U>r0`_rq%oZ{W^X9b&OME~=$oF;zdyf=x$5Sw{YXW6INe^5)YuK0R2+}7TjpX*IY&n$K$ z_Y}h&`~QEIU6kT8d1Ckuu02|h7rtV*to)R+N%5&=Se*LP*gauamibB_=Vws!nc?t{ zeNOj1&DxgY*S8(p`DCZe2d%SA5%x}5BItBvdZ4G9x8!;5>rL}RWUXp{ec5*VZq=_Z znNRySyY)(?gr1#kUjB!n!Q1G!e9Zp3yMcd?@I5{G^XQ3X`ab-rJW~YY8UDCiNlp)$ z`>X!{Z~2>?>B7Oa{B~j)p}o@PWgiaT|Gw#R10%!r7aJTe$yn#H?9pDl@&ZGKs&nPB zsr@}STvvy!onn73c6ZstP}7VH2R<@4?5q7f=|7|V&C($Io4ZQ2BV$uimJ}%`EcKdt zV$r!18hSO81CMnZX`NUhzSrhL^cSW#hgZFSw0o14>@uMS^7iMQaZ zR%jlxcewSM@b&W^voqY?U9SG0`CqKn%J~IhKGqL}x#!KdO+Pm$#W6c2MTl*pi<_h5 z)GSjR!^`G? zIudJoyt}Mw84i5Ca!{Iw0kpoaEMR+H?9-f;qGnQ`1CPpDmlb3^-Jjamaq(jQo#l(< z7d$y2q5p^N*X^&zEt8M&M6a_CUms^1CM%yA_wdwI?Y>v)$;WyWt$#e~)}J!}|A9tk zksNWom<5H8k4Y}?>=M`a^PHse@cg4?9Y=&3>y26R!c0qEU0M0^%F5s)Z%XFXot~zf zk{Y@yr0`GwmekYJSWYlM&;<=)Y+|;%w(8fP&(F^-VckKVV<4%4Tr1 zOO)GlAKSg~qX(yI6hA$cdW2hl&w=^RH)@2e5ct3OxKi}CoIm%Ajz!kjE_-|E{er#g z4uXdAHc81%IdLY;zb0&+(B@rPS65lqF?@K~E-%E=^2jag{)<~%SFiot`#~qgV5!$s zEx)&CPqUu4`@Lr3-3?`LZ(Z3}TmAS5Xzx+RyE{9N?XA1LE!RzOYqz-muiAd*_u&sF z>wtPcvUW8$e(VlgA9wcUonGa;&h30l=h;?E-HZ)h=Cks*oGuH?laK>Kq0RmB_Vd;} zJ26o?<+=?UXszTQhK9|{9T&(medDiVxT!LA-KMsG)$jMF@4V@Jt|@AXhv4E{N!#=8 zW;{C5d5nkcz3hhWUTO1J`|hVoo@8Nh5j)S~7*qM?!NKNjHyKXMPF~ZOFJ-~XuyLwp zu-fr2lfU1upZ`V)6tU|wDjpr-)QZ^fVDbL>>5e~*OI}_&x?+FfiwlbJ{SLQF7k_bJ zWLz)$!M`N={*OA)>c^j*!M`}wk0zC!Wj*lv z!NFtv73-W2G&9C=mCl-LT^_Wj;$z6)r|Wu_xB4zITXyxWW@FDBqe+5+N|LMJ81$ao zEc*T3UFFq}zZNd%XZUeLgvG6qiPeCCqw&;KZEb(ApW-2Fqe8F8yKzZZytlvn;(LnB z@3)A8PzUQDPbT}z*fUHpc4uikxb?-{ zOa4-3IUZTtG#@=Z9_;?%`~CXYzr0#L24xlMpQsQxEbq9Zr}pB`Nykt82yzRSe46rP z(!?7|%?*Ey4xM1C;L^#ww8VdlYQKzV&W4(Ydn7Ch6dV&iyvyZbXj&h<-0#%;11D!5 zuvg#hHBD#bYi)Z@=^q*l_LJI;&bh00)km8`(8W+3XIgDNk~G^W)>= zQ`=tM*=c<9U;`twj6H*db(xN1LIIn_@-LI!dZi}De)wo|wfw=>A3K^?1}}g0>!hsY z%~swk+!y&@?(2EnwX`kk;?IAiT3XHH?fdWv}$FD}K~xmUM*U z+~nMp-s-noum9M;y@c0}vhCSJj@MM%}l=3{yBRZZ){BHnzxaISq0whVd<$>OJ{ z>wo`Te&C9IxYU&|y@rR5&04)Lq*uyRetLt>5wkTLXoGG5d*m7f*dA{7Yu81c;*1czDu&DgBq=?Pj zs_%4#m&J*wtKzbDH5QIl-`czE;N zQ|~{1K5sv{`~qlI-oFdJ76D9>?FPP5KNuOpZ)_I6mp;)b)$6$JALI0MJ_0gdUtixI zcz?tH*~aQN&T)N?pebqXbBAx4S%_{~q#&#y z-(aM>EBV?+OZx+lAApuiEc21vZ1-Vu!Az}HZ4cNPme2UY>*DHK=yp{7*2HeLR$9Ik%hKKAyKK@kh^+e1-UZHU3-Vmuqa}{(4dAH~aKWZ3`YNAKms+Ifixe>xDN2-Wvzi zfqFs{8CT@q-j;U#|D+z9Lr?czG!>9H{>ZiC)BH~nOJ(owub&^Z+%NZf`##oN@)lbw zj`c|9Ui1ewyEm==e!o8c=UfY0%L?18B6^Ew2u$!eW)`Zv)OYr@K3QwGXAP&ds<*{< ziD>q`46x3+vSQ*}b_V(SKZdP*A3k+o{q3)lXOvFjes=Drj7oVl$2|KI6vGOn$O+$PUZu=2_T#(8aFAuqRt6fo)>KWkHD zm3ByI%FWDW>_%B!6^F!k$$QPUD*ckb`M}f8sc*OC-L=}Zc(!?dQL4#qyFWkI=>J+> zdTwR3(Wz;=**OB6^}lw?>g7F7TkPKd?D76xum1(OX*1s9X{=9j-}>Kcq2D~4nQvAV zKR>rkmZ88aYC~I>sCLx4`VY}Y=g-}oo3)-#zPxyK{{Fw$qU9#*9THhGxiIE>!~OdI zwg)GFdw2Ks7DwUte*^lL{`(VFcjNXF9^(%|5t~v@I^8p`@ISOI z_qI%I>zB*^_Nv=o-rc=@d-nh4o{B^17b1>1hbF7}%m^^#Uy z>f!nRaRsGr8|LjSey(Md#-?AfcTTsc<nZn(4>T}7QH!trI(2)ty^F(|nswPB z{}laa7&QKqH_5!@ax<*v%!y+ao2TTmF@Ods8&f}aGppa@%$olo^OITbEeYx9xh~;c zKc>gm75X0YocH!a(cj-(9g`K+TEqSo_pr6`N-xV%ulu}lvu^aZ8;cwS^4~mKDzRZ( zue5p4x|p3!m()QkrcO`OEq;|({h&25#r%(@Y;JpZX=!)i zoMTUSFiqc73mVSev^#8VROHWx=b1&Mr#iGso9A6npI;-i;UUMH3O|d*-cTBAGz$|Kj|Iy^0(1FVF3~O(;br>XC*iNQ7C!5kHODiQO@M5udggqpX;hiZ9H;# z{^kX__xH`c!_i>;ukxQ-Mc9$d3gPrGITQ5qPE|xZ1YDg|c>4`o?7o`HuYwls^1dgh z>E0I3J?I&5=+L1#o0!7`TXl9E%sw_J=Ga<>YwKdYJtwQxewpnt(@6F0ot>8p)n$LQ zUV0K&;CIYhNoB#3p3V1`Wq=N<(L0phH#OHV^OB0Y?BUFdi(EbA{++k|E+cDE&~S&Z zp`Lxu$Bp6Z<4XSgD0F|z`LJhR+&fnHR2zLKE~5$&fgrcb%Y0)u2WEeLb@i0lihzYp zm(#3w{9wyJ!*%QMeE-=od#k3-;bb^;`0&c8ty%ZpvCi&E=Z|nwl62mCcMrF?p3m>^ z@5>JxF{m#MRP(bce#T>YcA4*N5$Q>Pq~`>IM%uQ8T0ZR-*Z&kP`9Ao;%c!{1Pd2~o zZ}JcQV}5OYe7}p^IyU!yxut)8ey-jve`fkbpN6MbrW781a_Hl%snTW~pFXNQ{r>*i z+S$Rz#f54v`=4{2n4s8fxc6jd@|s8Q?(Uw`K3D#c+s#C~g zO~W9!@I>ho;uk#KTDB+0)I6N~>a6+wkh=GR%5D>+3qCDg8N57bciCGDN1^$B6^|aC zw4NSc@sQQ;ZRQf6dG_^o^M7x1IkxfAQt$RRQx10ut8*OSwft*c_U6Ug?*e*@XKhfO zBV_UH>7!4QmF{VuKxa&B)6sk{Tu@jfep%Ez&*UFC&BMojU~|^JI{x<5C&JrU zSEl-WPP{ca`@D6ovBLhlTKn~dZbaNRK5rvDsombc`O})t%Zxd~nS5>Al>1YK%NqVp%Rl3l{8?dJ%E?J{R8F2?1yA<8zqdE@!-Iov z_A|_KrSfHJlq&ie{}-=&T=(jVW)X8kE4TQpzsr`L^w5xDH98&f6>4jts_1_wo`ReX|eoUqLncMSxj+Qkw3qxfUJSV9r zMzVEGihO&>Ja5Tmqr0yU^4l3Kdt>(W{QoCg=K2&AFL7q?+EqWFfgz+~^8IBsKYir? z$y|S2A!8M^FYx`^VE3Qt`IGW*g_)+D5ZJu5;ohN-8!QV}zj|bzeNAVDbg|y4Efr4W*MBaY@GGmK zk2yZ0h>=An{m)@`{ugID1iLc--8f#T_m!JLVfkkNZ*Q}!_TPxwv*XkM|KF#_C(ZGB zk+3@KS9|@vJ=?sEKw~<086GU$%*E`;CYiXZ`|sm^`yhoob_EUnM~=LBcy95JTvhK& z_o}{D)Hi&(Z)u*!vs0Sk!|9_F&&~CHug)I5Wxmzq#DLPA@)B=4bMo zN9*@%{r{`&J)P|-kD2>r$2Cr`u^o|-2E^7f8W=Os1@%C z4iQ=T$2g_q)Be3%>+M;&_Upb`74-CC`jh1L8ev9;>Q+s|GoP@es2DM zZldxN-h8Q$zu#+Ej^F?BStjF}&)z2nc`~hX40opQzFr=-V!__+AG+Da|NLA(dv}@U z|JZvLFIfM7+gdL^-(ttE97#)t=k*UCW$t1;kgCIaBRtagU;R0*r`Oy6Z#-{jJpYw` zn2y^?^KJXT-4d=pHtkUB$@xlp@yn89cVGJT=H}M zHD4e6D*gA7Rp+SM{HIU55~SzX-+SG|`re37m*K|s4GUj>+?~BTY~rc4wZD^g&76@g zxP`y|-+z6dxn6!IB`*RtFKxJWC~QHY!K8m5BTJ7%nP z>V(6Nr5S;y8d_PjtMhfng2V#z;T{u-JW-eztTS>6zw|P z&R?8paaSRsX#?vIpXpzo@0t_$efjVI|4zTo_uupL^X#&mx9h^*cFN1Izg*mUV8$a& zhofH>S}iL7ci+B#9>W2nimv|~BO7G%_j!IlH}~^Ozx}Va*DVUyPkM83Yxb7yWx1ED zndL*vx*eO@W~y>jc{eOwdS&WgS;fttSQ+f!$csL_F~izC|5)eg2B(?Vim%_!KVEV9 z!o+WHYyAXweZO1&^4h(in2y`;%uuxTQWjOuItMp;fY4*>58Kzx&TJ?9&W3zRapUqk59m)FP_xqFLg5m2w zEpwTFng8<@rEtMwHHI583l0eHuU_}8{LSa{d!Ol88rN9tyx7RhzQbitp1_A*25&Fz z$GcuFI{WZzh4hW<3mQMQpIF&?_Jhg2m34nB*bXgc|NqRX)k5Av=&ywggTDBS_pHB? zTg8|8Dx1H)yL)>cLqWV-9pkji;iU)Trp->>!MEjVp;khu=lR_Ady>jhCYZlj+5cr_ zKTqK{r}CT+%nbA1^pg#sbFJ=4Z%SZIHZOnwOmMGK^?bV>n-ugFEjSteue*MF z@y5^3&MrQEB3y8D3`3V@{W-=1v)Sa?&(1Qv%*(Lu#0iB1LQm`RSLt0cs(!NinfyGX zo5!aqxxRR}GT4o&Z|>96$1}9@&s)C_*kSe5u;K0J?cwX={$6}<6S^v7OVLxWrWtQ_ zA3b17sELudqIYufl$V#5Ugl-06G}L{{r~k8yV}_gGR?o9xbu7VzM^)0`S*od4HK2! zwfuiI*d@PQwx?3Q-f=}_@Kh%Wkz@Vx>!lf7PHJd6u?4*>`?r3R|MO>?X8l>*6I{Tg zsAs|Q;LG;^&*xS9RXXoWudE4P?RgTqa2;ialRGXl&xGISJPJUVT$ zY?ng)pO5W#wE~a4*rO-^{ISrH?fh~o4E}<181wF0Eq-IV-_ZK#RPAt$d}_CndUOC-cMPfpe>XU4?;cUGyLmXhQYQVFPQ509@kU140;a6jtdq1Mv+#Q)phsle&@dXU&uGlEC1#u)$=M5N;~=NZ?K;Tx&HC-@#}mEeFeTX z4G$g)r={&*e2IxkYi>{VJl^>hg-KTL7e#$z`2GF;a+}Ie1^>TSe{kL&u`%h&+Gum- zh1bq1T=6NrfCoMm| zIsN>*>5Po>jgPEe%Gdwd7#REc%F197jz4bqU9YY6n5HxH<@29D^O`tC8y+9;|Lnbd zU459SfWhq0-gA`)?=ln|>A(K_C-2=iZ|5#QSIIT^qvSJ1=eB@WE>V%vbII~EjZ%&7 zUD{p#-Ve0cZ|$bMqrKARNq=g8?08fVS^e+p_4x0Z^3J=<-a74j$A4jCvU{xjU1jBc z4Es;7&-$>(=2HV z-#XuqWy7TP`~Th2u?#R`tlR4QF-+hCi+V%m_rS$&fv>NveR*8Io+sT`0!z&-J>mqkKJBfUd}ImIcT{Zuj3wN?dW+EcfMg<)0Tc^Q_9IjuXoF` z{y4kYNUqAP=;S0-PKAaa4}V3>um1UTdZlo{f&K%3|9n0_r}E6}yuYB+K|qUz?^oE? zzr3{c%hT!cpMLF0+GSU8@cF+=&WHLUJD9Q`PiKy`x9g8=V0i!U{r&y+j4Y?t#qQpc z{T5WHIo#NmEB*e#_g@pv%reamc>SPw>t5g4W*0jIm3y}SWn$&h5c+aNcV7L!%2&6y zub+GG2cvOI+V4y&jt|}Op}aDOc+wh{$X{6zsJyG>rO;32_4my)FC9s4-*08nEdPJ+ z!ecL6Dkqp^U(<=>e|rA>Rg21kgk8%OYJYt>Hm~*5)6>$@%s(?8-rSsivX7x+8{cMz zMq&SBuA$G28XO*7x%6jQ?l%L!>3XvAyN$0gCntY?cJ|7a%;5Rg?gTIMIT_qnc9Zk` zX0{lYryC!bt1V|-!tu4NT>xJ(e`(q{|OHbg|KOrW*W;)o(hUPY$)9KtLW*e zLVKPF#d&PJQW8h&-mo%MGg=t0eYXAYx`qhL$2Vu_@BJdg*s>|)?Vq2YMYkSImbY2) zH1^ByZ*P^WnHb{MUH)^-oU>!&4B;ve9AMg@bKoaK#a{bsGe1`d9F%4{oBe^g zA=Yo-j1=~oScjgJAXAm;s;nC()&Ku{J%Tys;v!ag&PQh|Pi?Q!Yx;bz`u)Wh7Z<;r zU;j_hosq$B`C4g)GvWfu`bx|TVh>(j9d4OxVE>}hc>dyVYZ=n^i|NPtG_&z8vj6{Q za>I}BXLAqEG%96o(2%TbJ^#Qo)cKPYHv3Uarr-!&_M0@6Xjf{@<$J(uP4seE-*OlHXh_&&_FPk6gcQZmd>$&%roQ8O3loFj$>y+>ufad8Y>Q7$Qa!dg@o*cjv0oQ2 zC+Ea2QEjV#dw1+&*&@2P_g_%7_Uqg2{I7MpKh9kKKmIaf>mt7>{bz99HHqA^46lTQ1ugCE(#O~O%{KEj z%ek>&Im@dHQ+;H=El7?o)qnHs>}=Qg7r&UUiD%EZt6ft2`RE?$%IQwy_aXR zuKIr0;I%@qIFpOZuBE)`tCxJ+{8E6+$?sv~fzDsIZ!fUe!rbec8z4C4sD{qo_SI9g zLcOF+vs4x?TzF|ys&{8k&y}f5?y(!ay1stC-P@n1|6l(yhw<_D>W@dod+)DLJluAS z)8Fd;&C{o~v*RlGxEpuuuuxPg65X34Cnz{^8vCs_#r}}Ke1Dgujgu}WnuwM<_Xftf z_|K5{a(J|Es%~`Hu|8RCetA0)rA1#ZB`^EfF#qs2yXCr0jT&25DV}^5>-zcv%NMIE zDb@u!U117^-?_x~)=b`E^i_;qka7Qy?+X&9gzdZ#sN%mPJ3~II!_H}Lpn+D0PTQ$P zcRg|2SunAHS%# zMX0u4ZGps>e37nI3jQh1A)>B}%rEGCDK^_{Tfi>sIQycF3FF?zIQNMf5}~CLy;TeR zUYJa}^5o&e#4|28wq{TN)70_e!NKNB%Y3D4BdoU0kL14?eS&>wm-?yxQwtnIM6bH@ z2CQ)QU;JzTYAY_6rxWbG1Shhu>QxFz7im7WXlI78Raf4E*)Ia6=Kb5#skcx$Lp-WA zZL$6Z_Y8|F-mPwmE5x)KKka((ez~$$tIF1wVuvC(r%7&J-Fd=x`)A##EhlC~&Tl*4 z=VBr{)zKwSk^R*BfVe4hpEzE8;Sp8N*CS_p%cA?d^ z(U6jLm^AH+1F!64oBVq=m4AM06u3Bf?~(mgU$gGsn|<%%Svse=-1k6ZmItMuIiabReFDp+eDj5(>g*FugJ@~PrCL++7V{qM}U# zfv3KF@tb?tFyR2h%J}_ttB!w~RU&qDk^N#GMWt2kcCO|VmZ;CQy0JFe{PDu2KYmmw z7L}{}%`sT^$@cRZ<4OAQ`+DYSe&RUmvQUG)NK>-ULE)bsQ6|6VZOrh9i+ zsdvYnhw3$Zh0M~+FpF7|rVV*Y-(4X;IEfg)XP=0GmlYA`%iS zlsmsJ*Sx2RB?Gqq({H>Dul0CV@5| zl`*EyzWH14$EE*_wJnD#GUs=^IVNn|t+vqHBW9z*h3D*F>{iDqUf6rtB{KK-x3@1V z|ITv@4iwSq>*&Zi%>UIb`QmF0j!LDe+^mZuwuq}Lp3JD?=#op9k(Jerulu* z(t{zJ_hx8GwYe>p%;5KOdUUGf&8m5c7j~6qclP#971a(qF;zSKh-=5A0RJPLwJs^u zx)V~IwqF!1kv*z>@{HFM4aLO7#4643wDa?HkN3+@U$R6+(QA1t$L*BPjyKxoyIPOr zy>!_=%QX8`xBk8i9iC;rv(>E2-%YVDf5#E1HODzZL0ItSbsv>J&{1dqZ%-4|kBf0~ za$4d&UGLMwcKK7AQcpj5a&q#XEQda!3jtqFH_R7$F@J@Ol2Y}f<_4>){`yPnzuzst zv^_um@ySekd;7no+kE}2R)?;hR`T{%s9x+Y6_@{;*>1D{{`0OZOh~GuqeJH`zpYQ^ zwf&F7Z2odaZV!C<^vk`y)!rEyD@3%z&P?lOti2KN|6k|2xV@`(2ThWVQ$DF7BPbYo z>$``{W&K}QcGUgdwI+6VnBCtm!7uOZ++4V7*8ctbpNcbfi|dOm>XkO1wbyOk;-C|o zIyw$bw79mTF!^MMar(IvmzH{$?&#O!>CtA}F=drIcXSe?LH)lP#Y3VD>Bm{tyYHN! zDk%8W?fC?YZOO;^3b*dqVPQMNRh<1;XtSJc)r*g7eqGsjQgCf#{7j?NCkLC^otE6I zd@h^5e)>a@Rc#7|KF2?&nZ_!-xXNtnS@7=8&Rre`+dh@PxNz{swdLVLQYIM*cb4l% zZCO!KRh3q8AmHDhpS_h#Q?W9 z@C1vn-DSC+K0YE!<;y=SzPh?PeH%kXgO=iHMJ26vImN=9KR-S?xhNg)lNFASkKgQi zAZ&FWuZmI?duOs0SH%2t>Pi#W@B4M?=Gq3v6Ga^zH5XV_`d)^uc=9AgQEB3d6CRsc z4tc(`lt~Y31MF#VRUI{Pyp4FzZ)U8KC(M4rb+F7aeV5a*{)0|zNboVKFzFgCgzyEJohsToW?Rn?&Sg$xv zb9M<~w{>_lqrJU-O~gj0jyrSZ6k|6gxo&nnP_~+nLrJMhPF1<^%<0qKpq8P_yS%@@ zzMjitEpZ10vy7+L%bCA+m%SBIDi@cP&E3YZqyH4h;in$HS?Ew-Uw?B`YPZ17-|HGC zsd~@SWtyhst)z6SSxnJWQ(j&^a(mufft{OY8mC)H3tSP46cU`M9@Ve1^wYDm+Qw;T z1eD6f%x^guWz(#6FtLsw|C zRoNSjetCN_rE<__$j#r~lvefXba$K()^$$`o2=&BGrz6lj&D%VBo3TUeRb6-B|R`OFztOK zvxd5o(x$0N8Jt3AZ?YT=kFO0qH`iL-rL5%RBiE1LzL{0?Zvp8R>0GB=IBogzSxG{~y~u=Q+ay|LRq9Gm=8Jrm}o^8>B6X-}*e3lBekwDW;tc7}Pcu01o|C?z8^UbV|itzyN+C`o*Gkx5|#Ko5iGw$BK`%eomiY}t~+%Mici0;2=do$G$4nd<^HJl2Ly z?q&>Fe?2uLq3s6~m4>J9k=UGei{UvN7nJWa@D+-Mn!_ zfMNRe3Nh>1XOHnRq`$4vl3+My(wSXV6~*vpcf7W~{&7<-gPDmg&4COIwkoP+?&~tA RGB7YOc)I$ztaD0e0sweu;!ywq literal 0 HcmV?d00001 diff --git a/assets/forgejo/logo.svg b/assets/forgejo/logo.svg new file mode 100644 index 0000000..7cf10f5 --- /dev/null +++ b/assets/forgejo/logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/flake.nix b/flake.nix index c49e260..821117f 100644 --- a/flake.nix +++ b/flake.nix @@ -65,6 +65,10 @@ # racket "*.rkt" "**/rashrc" + + # custom assets + "*.png" + "*.svg" ]; settings.on-unmatched = "fatal"; }; diff --git a/services/forgejo.nix b/services/forgejo.nix index 2f69a55..5e7be6f 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -37,6 +37,19 @@ }; }; + systemd.tmpfiles.rules = + let + cfg = config.services.forgejo; + imgDir = pkgs.runCommand "forgejo-img-dir" { } '' + cp -R ${../assets/forgejo} "$out" + ''; + in + [ + "d '${cfg.customDir}/public' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.customDir}/public/assets' 0750 ${cfg.user} ${cfg.group} - -" + "L+ '${cfg.customDir}/public/assets/img' - - - - ${imgDir}" + ]; + services.nginx = { enable = true; recommendedProxySettings = true; From a71d6598e9e65f81e0cc20e89c8b487c9c1f9f33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 22 Mar 2025 00:31:15 +0100 Subject: [PATCH 07/10] services/forgejo: use latest instead of lts --- services/forgejo.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/forgejo.nix b/services/forgejo.nix index 5e7be6f..84c34ef 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -3,7 +3,7 @@ host = "kazuki"; ports = [ 3000 ]; config = - { config, ... }: + { config, pkgs, ... }: { age.secrets.rab-lol-cf = { file = ../secrets/rab-lol-cf.age; @@ -12,6 +12,7 @@ services.forgejo = { enable = true; + package = pkgs.forgejo; settings = { server = { DOMAIN = "git.rab.lol"; From c181ac46330b896f147a217b48b7b4c1fd2a7c1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sat, 22 Mar 2025 00:31:30 +0100 Subject: [PATCH 08/10] services/forgejo: enable git hooks --- services/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/forgejo.nix b/services/forgejo.nix index 84c34ef..afb7b7c 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -18,6 +18,9 @@ DOMAIN = "git.rab.lol"; ROOT_URL = "https://git.rab.lol/"; }; + security = { + DISABLE_GIT_HOOKS = false; + }; oauth2_client = { REGISTER_EMAIL_CONFIRM = false; ENABLE_AUTO_REGISTRATION = true; From c78ddc7f9d33bf0df9e0bc0b22cbd97bab467f51 Mon Sep 17 00:00:00 2001 From: Daste Date: Sun, 13 Apr 2025 16:50:10 +0200 Subject: [PATCH 09/10] services/forgejo: increase session lifetime to 30 days --- services/forgejo.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/services/forgejo.nix b/services/forgejo.nix index afb7b7c..33095a5 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -32,6 +32,9 @@ ALLOW_ONLY_INTERNAL_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; }; + session = { + SESSION_LIFE_TIME = 86400 * 30; + }; federation.ENABLED = true; }; repositoryRoot = "/storage-box/forgejo/repos"; From 429743669160084ecb7212ae761da7b139c9c17b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 13 Apr 2025 17:15:20 +0200 Subject: [PATCH 10/10] services/forgejo: move data from storage-box to local volume --- services/forgejo.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/forgejo.nix b/services/forgejo.nix index 33095a5..e887ea4 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -37,10 +37,10 @@ }; federation.ENABLED = true; }; - repositoryRoot = "/storage-box/forgejo/repos"; + repositoryRoot = "/forgejo/repos"; lfs = { enable = true; - contentDir = "/storage-box/forgejo/lfs"; + contentDir = "/forgejo/lfs"; }; };