From a9b70d6e04b6b54ecd180552968f7415cc091465 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Fri, 26 Jul 2024 14:40:05 +0800
Subject: [PATCH] Use local storage

---
 nixos/common/global/age.nix                   |  20 ++++++------------
 ...29661998a1ca74449720287a7d-smb-secrets.age |   8 +++++++
 ...6936afe4252144b692d20dd-enrollment-key.age |   7 ++++++
 ...bc204cd826947442f56c6ddc28829f-traefik.age |   8 +++++++
 ...5eb4596f26d9f0e380-traefik-bouncer-key.age |   9 ++++++++
 ...8bf86376b696948d4139797cfc8ba-microbin.age | Bin 0 -> 8473 bytes
 6 files changed, 38 insertions(+), 14 deletions(-)
 create mode 100644 nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age
 create mode 100644 nixos/common/global/secrets/rekeyed/viridian/026c5a7ee6936afe4252144b692d20dd-enrollment-key.age
 create mode 100644 nixos/common/global/secrets/rekeyed/viridian/28bc204cd826947442f56c6ddc28829f-traefik.age
 create mode 100644 nixos/common/global/secrets/rekeyed/viridian/2bf24f1e069b0a5eb4596f26d9f0e380-traefik-bouncer-key.age
 create mode 100644 nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age

diff --git a/nixos/common/global/age.nix b/nixos/common/global/age.nix
index 30a6563..f5c6e77 100644
--- a/nixos/common/global/age.nix
+++ b/nixos/common/global/age.nix
@@ -16,21 +16,13 @@ in
     agenix-rekey
   ];
 
-  age = {
-    # Master identity used for decryption
-    rekey.masterIdentities = [ ../users/sajenim/agenix-rekey.pub ];
+  age.rekey = {
     # Pubkey for rekeying
-    rekey.hostPubkey = ../../${hostname}/ssh_host_ed25519_key.pub;
+    hostPubkey = ../../${hostname}/ssh_host_ed25519_key.pub;
+    # Master identity used for decryption
+    masterIdentities = [ ../users/sajenim/agenix-rekey.pub ];
     # Where we store the rekeyed secrets
-    rekey.cacheDir = "/var/tmp/agenix-rekey/\"$UID\"";
-    # All rekeyed secrets for each host will be collected in a derivation which copies them to the nix store when it is built
-    rekey.storageMode = "derivation";
+    storageMode = "local";
+    localStorageDir = ./. + "/secrets/rekeyed/${config.networking.hostName}";
   };
-  # Required to persist `/var/tmp/agenix-rekey`
-  environment.persistence."/persist".directories = [
-    { directory = "/var/tmp/agenix-rekey"; mode = "1777"; }
-  ];
-  # As user not a trusted-users in our nix.conf
-  # we must add age.rekey.cacheDir as a global extra sandbox path
-  nix.settings.extra-sandbox-paths = [ "/var/tmp/agenix-rekey" ];
 }
diff --git a/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age b/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age
new file mode 100644
index 0000000..0d75c86
--- /dev/null
+++ b/nixos/common/global/secrets/rekeyed/fuchsia/146f3229661998a1ca74449720287a7d-smb-secrets.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 jVljVA ILfVChFf5s9U6CODItB/TqS1tUaAEeoLAGiNKPbDclU
+MCyVqjOPexZm+is5JWG5zfbS26nJj/Z4mk6SJDufBPM
+-> R<DEa-grease +b`?*<b*
+/5YP7TzDWxztiGzrMKkUYSBzX9wcz6HSR2mFNX0JmfaTVcnJFrl3KcqfJeNf/z1w
+JIBgF+2wzeD5I7PCcNjmHGn0f+W9kAImbw8
+--- LZwgwtMUkIk4l/juYhY0i7kNFurvMAgcjhrYX4PsSEE
+7c5���
��{�>��ƥ�Ր�II�9�s��~�a�{��'��<5�|�o;_�*T�'|y��s�vt(�X�_J.�`���r`�"��|�*��[�
\ No newline at end of file
diff --git a/nixos/common/global/secrets/rekeyed/viridian/026c5a7ee6936afe4252144b692d20dd-enrollment-key.age b/nixos/common/global/secrets/rekeyed/viridian/026c5a7ee6936afe4252144b692d20dd-enrollment-key.age
new file mode 100644
index 0000000..4a1914c
--- /dev/null
+++ b/nixos/common/global/secrets/rekeyed/viridian/026c5a7ee6936afe4252144b692d20dd-enrollment-key.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 KTkZog wTpircyIN9PphOvX8FtFMU6Qir790QIhdWGGhp+NSS4
+NxK4uP2YyJXdhuixQVslEAEecvTu2HUM0JNYxN4uT9M
+-> Y"s_\v5`-grease [YNL^5 eKm) 9eS1} r
+BWWX7A4Jar3ojDWzyxayQ0Vi95RG2tE
+--- o0F6BEiHny57JBW9psAG7JgxoIO0jzbIJ9AG9cROdd4
+-s;'��/��G�� r�ȂI�w�2��P��*E�����W��~j#4
Zw�V�
\ No newline at end of file
diff --git a/nixos/common/global/secrets/rekeyed/viridian/28bc204cd826947442f56c6ddc28829f-traefik.age b/nixos/common/global/secrets/rekeyed/viridian/28bc204cd826947442f56c6ddc28829f-traefik.age
new file mode 100644
index 0000000..fa3afe6
--- /dev/null
+++ b/nixos/common/global/secrets/rekeyed/viridian/28bc204cd826947442f56c6ddc28829f-traefik.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 KTkZog UtP8CzqqbmeIL6dRQ6UQFP4/ZZWQBPUxbzhqdMnPwSw
+EMkbY1yoyamLXQ3e8cFK+NW7NSgoWS3/zB0O2odXanI
+-> za72-grease
+kRZubf60Uy2ne30UxkeIsgOuKPfx44pvVyMHGxlaHXhC8InnJu8JFAiYuFsc8ky7
+e7c5
+--- 15mIrLf9zjT7wEgTsFaUcH5ADhBAf4drxiueUSd/gus
+˞��4�����bE#.]a� ���<gg�[)ɿ��
C�]h=e��Ū�ňEpT��I��{�����B.�0���r���oҒW	�d'T�\�%����e�_�\��ɜ5�+����,�m0��J�M�W��CsW�=�Dn);Z�&�X�!�G�!�+�aW{e,�M,�����ol+6�S�
��4���	&��$K���\4sJ���ժ��
\ No newline at end of file
diff --git a/nixos/common/global/secrets/rekeyed/viridian/2bf24f1e069b0a5eb4596f26d9f0e380-traefik-bouncer-key.age b/nixos/common/global/secrets/rekeyed/viridian/2bf24f1e069b0a5eb4596f26d9f0e380-traefik-bouncer-key.age
new file mode 100644
index 0000000..7fdedc5
--- /dev/null
+++ b/nixos/common/global/secrets/rekeyed/viridian/2bf24f1e069b0a5eb4596f26d9f0e380-traefik-bouncer-key.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 KTkZog eD/tQAdKjWDDg1sI5fYeLrVTsYA11Pqb+BvHKkbBIxk
+VHZXnKoyb4QhC6+ir/B+yfAdJ76d6koegb9LGS60Ik4
+-> m(_p-grease 9:63B,o
+GI8IPaOpdPBzOiUcj02Be+Ep54hnawoZ6ypt47k
+--- 8CrSHUUOTWZ11AKVsXHCfSfpcllFwv2Q6xJMHpPQYe0
+�7ă~���M#�eꚶ�0�@T
+�ƾ�t��$ʏ�P����Hz�6��
+��<ȼ->:���]��ʙ
\ No newline at end of file
diff --git a/nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age b/nixos/common/global/secrets/rekeyed/viridian/4108bf86376b696948d4139797cfc8ba-microbin.age
new file mode 100644
index 0000000000000000000000000000000000000000..e9b6d06990f1a1d44c38ce4258a37b20aaaff29a
GIT binary patch
literal 8473
zcmV+!A?Ds;XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LOH^xGZ)YHC
zIZZZFXfJg$Noq!9T4iNKYHe6EYDiUiOn7KVa5zseVQN8hP<k>_GffIPZB$ZLPBmzB
zQf@LcOL#(bHZg5TbXsdyWo2?UWmPzCRBTH`YAZ2sY%mHfJ|H4!cy}#la%Ew2Wgskf
zbSer{dUIJ$Lo!EkPkClGL^Wq?OEfSzcQbHkGe=W)YC#GuEiE8=W@1NAV|Y|ULpet^
zYE)8bYk5(2YDq6NMmI@HXmvO%MN(sPa(OgbVp$5&r92@zutpjr!h;b+#gB`8ga4w=
z)T6)I0;IU*)oJ{rhWR|Jf`j88mD{X}57u(08cX36!!AvR{u<Q*a6f~G8>E>Jk12I4
zb+m}6gC1-k8Lv;n7q-yWuzQUeT6LDEvI#aF_2Qzu;dS?6^G7QctV(#%exmK|9M`&m
z<x`jinKH&A8EtiB*KaO%sn;eu>r69WyMM@8k$aFZulEV679)qJV(OP76Kl8z>7OL4
z(Ja&Q4(l4->_dWbx=;Zr9sEx;8M1{)sDg9=o^m-_l4HOIS)UGqEEHQTnlCsD;P|v5
zNNJtG^O0FHEjCcIb?*R8Ef&h-#5R9gNsncmZKeFMZ$8vuAI3{}ca2BEJDZ!Zc_YDC
zL|`bxp9zXmwysQEvqPu#Z|kSoYE;#*@9wE*{;te>O~LN@Ob1)kQRIodgYs!2`e?A>
z@68-%POpT^kHh2h?mOT8!=w}KI`TIKgY_DH4I6w12Qa2Iq!A71v%|pTgHJ#uBe?bE
zd$#e&pqK0f`jyXPxp*GCS^(V#;vu<ulwm_<^ydX%UkB)B;zmA)9lfpEkn%V5gjhRq
zKYc^qMq6fizxq%hSoe-UPwJ>!muXhU`%Hn;?1hudJ>{Vs7Latm6tk8%Aq2Qou9m&0
z8$nX*D3(xjwW7`19%lL{8k!+#Y}5Rs{72rKji9cNcO7qu@xn~5cD&I}!y_C8XEeS3
z{RMwMMD81u%mwqJmo<06KwlGSsxC6y{+lk2WM!Zf*RmWy_}5>cPOPiHjO?Ss+EM`@
z$Y=cfhN?2uXZJa}NV!LwjkZ#g!{5j%cTT@Olhc7ac)G(YGApS?uKvvr*vArGRu8Al
zLIqdHvx>(5w;4)n8ck9!WfX~wEOtfB8F}7IZ^7&Zl_pfWTJzT`i$L_T2p(os<>=71
z@h%@^4>gQGpTB?_pvn)K_y=)k_T5u5s93+D0|(j<@cI7xMfgZp=2dUO?D5vkHa>!I
zv@(kVZ`+$inhJw}PNdfnA@<O;MF>C|rk0W8aaITWyZi6!Glz1Zh|AA}aNN|%zUuV7
zO{om9%^^)~8t@t+_ytW*S-uB14K`dvxZRev=flCqKh!$WkN#$#d?uf5KR~DDK_O0)
z0O@bG?BbM)7W;IG6P>b>YwB8TJdjBbHq|RKRne|KA*DR-xsxRjq0lhKLh65*oe1qu
z9KMAEioE~z&qmn>X4e|fb*>>t++CtVmM5;ZYAxobSQ+iTIMG1z9TDms3$2A6p=CG0
zzaeYh8XjHY2v#``FmexM2){~~KEEKV&95~e<Wf-e5Txljj9!SYQ;6Y-q(>8P4{|aH
z<Hu~6<^$l$IaUf*e*zfDP*bwQ1)1X>1}@VDPd0V864^&E++YQant#2uqN@PWA7i~p
z)}oG)Sj7s8GJiZ54GIb=Frxa`aU+x9Xc2gsDKOUH9-)~L4AhCQ0dbWpaN{`v-8&w>
zP^m4rQ%IoD4{?$RbBC4Me>Mk%Y#b`r!Z<V%(MiL0<Xi@=>b(ds2w}jtBi-sAE3oS7
z6OTGHfENwzn@`-SD~fKx>rvXv*XID|il)xXHwr(7j+-OV5GbMiTRABWiv;cH88r%=
zZ+AMWG3k$~k)8QAxC41N{Z?{<fAn&4xoY`5+2C;i1XYV&n|+<43pVWR04T$?P0jeU
ztK@(a9*KE|amr4xD}W0~k01`Q6GEUxVxxD3Ju+=wwBtm>H}MvE_;7OlMJigVN&E+Q
zaon0CvEcTC5r&VH;#vUMb&b`7d4P&6|MuVfkgM&jX$dSxa!`qd=W6<B^Dt#TXIjum
z#e|x7Snqs2iSE&i-y*{}J8EAAr#>`BwQh&AcK*XqW5F(L@J5*x!zQV36uiyTZ}Hdx
zJ~=1nD_|6KeEp1A?dRtqC^*cb@~W(is#W5pA63p1H?cL&Za*eP;61iLziBZt8$vY_
zIFag_lN0*O7>r8vMQHML*3Oh%hQRDU<P}B!=t@dncy9WUwwA<+h%;%X;?R<)F2=by
zH>Un1rinXz_G`{HcEFX4a#;SS=x96+PUQNFd`|oU_zoZtp&F4#QTT0m%eH+nvDyL|
zYFspxuv9Q>D_mUZg1yk~GO^o^5v>gMOcdvvV&Ovu9}IJUU8+&9BfeGU2scS8i+%AU
z>a)26^I@7_U9DxvEO_u3SC~9K299)I!av8xr`P+tz|F+qkn#`;3kf_O)+}d<Nr0lY
ziNaeQ<EkAzn)=}BFDe5tbkI@CsdxcC*jTnqneop@n>vKc@gG!h;E9SZH_y<5paO1b
zE3p$K(;sJ(n23}gH+`;JqQR;gb-cQUlHjYH@qFMR0WOs4*gqmC1lT<AOE!z1@38fy
zF8+yU%h|Rvm9fL#LXBpT<=~Saqc&>|=OuKN>1zH(H=%R$2cfw8Q|6>Lwuu=_zc$rp
zH;5q}w)lRfOHV$!b92L25ZDsjSV;f5ePQGzeN!rPA6`(A?<KMEihYE|bW)Er7QPl+
zOQ+&nm{Rf%<x&v!1}I_!PETY4$%)8meBD6%U;Aw@Xx1$G)rtQ%8P9}nQW%ce$2;C*
zE2+Wmas}aEcSWi7Le!>!4TuKz==2i4;+DnM$R`Dl(f-@A2o+x+e2be2?iND5avl6!
zj0bb`=;m-^@(~Cp8#y=z^}z`D!+D&GY;Jr<M{c?di)k9@Bh$o>ztR!UsTP3jwaG&y
zi9HlHD3xZKot=|uevKcMFwY=-ZF()SwThdeSkMRu{QN0qEtRsI()MHMi93!p2+=ZP
z^_sI2>kB`c>#*0biA>SJR=t0PfKtyG(uBJ88uin_;PRwEW?-Xlc7AtyN=CWzP7{Ip
z;%r>VK6y;A^AU2}K8XKvCVDP$C@H!Yc_s8Jq1=Vir@`Y*>HU-<LYSmG_TNMiYh5`-
zdCoZKISz<63$d@8NvTIsytTkb2y93@;5*+iUKc*-V`WYte+I?2)QQQ*QYv#1npCrX
zqirMK!x?bb6}gF<s970y3CVeK68^S}4Vacle^YA_8b@hD`b0Ct&_#jS<q#a80Om*J
zc7C&)w#&1b2)35gJwBJq+yjdBxjslqU<nX!*h}-(Dgl&D6gGio!p+l8&Z{FQEhVmS
zRRbj@{#Po`{ajwuk^o^1^5TSmEoJ?<7?D<!C@bM@GfZ}_9r*vrEWn|Tk%E{j)MEw&
zD~(Gkd?xPA%i2lPmtglbTJ?K6#by?U@Z==or#AgVyfTS;w~63g`7T^h#lQxLunFY|
zT`NF?k$}*R?1h9xp8}-asWaU)dfU5j5KoOWg#C6@z6vr%s;&Sl<E-;oN0?4JgUNs)
zD6?3^fF&KdjqGV&=ncpv$8zywl;*9<&IBZ6@WGf3D6Zs&QkN3RU%dP$VncWw<iFc?
zL&;vIAD-*+oz?{g$mk_*y7<iD8gcrM5<drxpogFKD8z2UzJ<T>2D|f8Rk~Exw(r+P
z`VVZM9T#RY@PS*k%9L(VW{gld{S`nIg!yzOo=D_fAj&IDq{?09I{Hs_-#-G&7S=N^
zl(p?S?_+Aiq#9eaPb`{1VCicUAYBh@V+DlgXh-T;h}R7G#Dfdht<`Rt3vuMldm)SU
zD!;u8)JO`ja<uI~xvIfNdWP!>r__EBCsv+M7*w$V?orJL-E{2^^fS%*B)QYf_WY~X
zm++Q${*iC%z&8AEvti^rx5O=_up7a7!SHspb{{DF1A5-C45!|dj+_#&hB3&_*93}X
zzPjZj$JH11l5V_DIMsm<(Mm6(#{j|g&N&{&ibCZA3Qkg-v9A3je5&))OWwal`GFNM
zwW$V!o0_bx=Ot8b@to>v$yYv`HoZA+j&Aa5z`$?i3ZSsSEYU8m838A^ebXzY@a)IZ
zyneom2+Y=;gTYEg2049TuhYo29j4KQ5%3CF7eJ!p9Oc=Z%qURn13PR}=p0C40oNX*
z_C$eiU-|0}w1_K>pu>!6w(?-%fk&CnhlV0`1|sLx8b1d2R+`q6z}by>+zBX$7#>GD
z0>Nm@=>R{_2L?vprROa<R)(PKCYS9Ox8B`vxbUL$sN*3~W5%DGu)^g3Q5NQ9bM;|z
zFwYHu)YPNI#bR}*!SS1F%u`^m5*!At_Y_anH0w5@#E0lsW1g9!X*i%LJXJMsXO|M$
zhk+eE6{f|?_ERq%y#uPll8kF63&vxe@}%gu>YQm=4|slNz|S%1vD-kr>!c2qhyEB7
zoY2+!Mf}m0>YIW*L1P<>_j4WX!&MArK;kWH0Ipto7<yMY`B-2uIS5#!x76K<)N`V3
zv%AD&;$b9eW7knuT?55ja9Nn8T`LVCoxLt_BsNQ)`6*!Ho({cbT2|q?^K<Z+uFVZ$
z<2#+XvHLqj<(N!w@rtE)$HIk2HRzS;C$g;FFFIq<K4?eZ5pJW@!_1m9=IZy+rm(i}
zKiA*ymi!#xmK3LOJ$bWsMWamF2YU2Ud~+KOyGsrW?-#WFQo$T$xC#4t*_81n?23RT
z<PRd80Y2?TBs@^$<u!U+mISh^OQyM^#L=vx8*CObH?Fb(42M``MC60jw<&R)Pu7gi
zP-R0~=$*#^`UPytAOP2Az(a&rObVpPa?$kkBO0Qmro~Jp&c(9g{NbYzSe%hSunrl|
zI@fHiDTCk9OcOVV3(-+!jE>UW@k(I}__*)}rD70}UW=cwy^6Cm4AaC;a4|==nI4pq
z0Jv$ir$D{W<`$(3Vewz?^0~s(r&Ub~=Y1YH0so`R3yY{?Eblt}L9Rjs%;POtRuGRu
zzS;}jPQ(!Qk1jgGKPE;UuvZ19N%su?nN(JwejoR<_7Cl8e?Z=v0U`BrBs3SHc$aiE
z*#GEHn*q;<V*v4;nSYMSG;giLs11Jfy~T#OQR39UinnRx$N5g6Ry-)2l>ML}A0*qY
z!%?Mc!jN6TG|lKIAHwoPVh(=6M+r!Xy^@21<W~tcv9m1aNyIN#sS=P4QeaK_MyDe#
z5cZ9uOL!ypC7){$%s0s}yHuH3e}+LZ?fiPbp^$e_%@tN=;3A@`l7VPF_6$8@yNLiw
zCgm)#pp9Nx)3i&tXv(R-HBDU7|Ce)B3mHb{2^LY^RGe_PwSnfn^yC~m1@Ip;1Q|Tg
z5z!>wrMfP%0kc(ln{9)VR_9BLd{?W9FBPqJTn{_NDoh)7F^G5d!b|>(?kBYc-EorC
z^WGF+Jt@lAEB(ED9Ol5zh<gY(mpc4m%oe%mP_8qCT>+tXi0wVW9<1a((p>AHIDB%Q
z5$kEMNtBjbDRRBy1-^F=FlGBuje{G+9Vq`A@cuNWdqjpS!FPR0NGw|fJ|${@OkO7v
z;5n?Wyv16ADzsR_2iXWd-r4GTGlM32a&Qa$6@Oa-ufFRs0M;9RVXeQ{-FW;ML|!<R
z@{9fjs61vcmg+cKF?PKn44@a1H&M`%qrA>bZx%J<m-dJsRXHO4he{v@o*RFJRvl7|
z)Pp#xdhn#G$*FLVa5&R#S}i@6Jz;3W)Z-M1;6U+Tz?G8E0fXA_9v~7e%}|xzNc_tP
zMHL{t)k2n+rZvGj#8hGcwbnl8*kb!$fQ)Vj48K1lJ&h#qmFFD2&c}sfB#_G7!<Oi9
zk*RcJ)am`!$0uicqSbo|pk<dO>2=7hyjkGzb-}yH$}j#QM&ZA2M77Ru`0X@+cKZPR
zq^Lido5$ZqN{X0-{t9<%W`Aqj0(GPjDW8>u)S_^@Hvg8FbBSCHd4=DR!VSk?CWdNv
zg9>{k-=QXq1bhB^P|wBDQi^I~TY0^XhA|AqRNhT;V@(Db_CoU_iM<bZY;#U8djSQO
z={2y5n^TQ7C_0*-!7dWbTB?T7?BLZ!;Fe3xqU(xic9(&WZZ3T&1FL)!oj;W#zaNMe
z_I>)(UllI_JE<ytnM%_}M6q~@7y}NnmFo)D=N0I&T>^00Z3IjewS3L=@dJ=PS-fB`
zY2f5Rv-(}qAfw}0%3z9#on$10&9%05^oDf4s<?n!POFRCCt8|8qc;pY?l~tRNT%b(
zw1sr2;P?>=+eps&WA1hbm;l3t4BRz?Vn8WgKJ>}n+%tcQI@n^b(7`*~1|Um^<SA%f
z5nWZ+qYgHv1cz=}zJ#i|x2(-f<9t109qS*FJCwJRC&;K^g$<(`oqobajQ#zi6TpLu
z_<FMZW5z(+(_Q0>{83@8*o?-roQ}I7*-vE}@0HJhOaDZoLEgoUL|fT)QGU=Wmj1W*
z_N6$qtUx2|$jQXPK3|Yj_K7<vD5ppz<Z6-hAS7=jwqeaQ%F&-Z-HGzOdZ|QdOX&)_
zQCawvF?2W3ZVwJ=?d&I$!JAJAtK)j3hG(wIrC7?EW>`<wyKga+K&UL732pv+48>ts
zr5hFqw369rtsi3tou-RyGRi9PA#1VH&`WJDO6C+}R)mv4YUWr?5?EJw_DiC6@s|*4
zq&Va>yRBS9RDC7L1(3+5t?@r^ZQTX;f|zofDd>F{My{12;oBU-&l|@iGj5V0gEKak
zjrJ!oGal!}%6Z1Gb6cz|m;bW`vMzAm-h<!LIFe&%kXl&drrY?}lLJ&0C}>Jcvsq&*
zZ9DQzR#M`|0jX~>_up|R$jp=sW(euRJZeXCWJH^0kIT=;#Q4U%y*k$5-1f=tH#LS6
zeG;;z<;eysN<VIB^$PnF^A0kBLfP6Dsh@%xPU1s{j!427rvt(}V7+ir<L4;HJLf?r
z7NiXs100tnSiL!Mpc1SmL2gJzJDMLkjL)o7Rbp5Qd}unm>`tT#r+qFKuQ7FrP8l8E
z7JE(8-Zgu;?cUibq}k`rheK;8@qCSZ`k9(|9rT7LJB~i7&`Yg~9(}pOsO*8NTgyXp
zNe3VolU!Edf!45#Q|?@cGjmv1^;CCqRn5aBM4hD%(Y6*8kx&3jHi=_;=Rp9hEqj!H
z<hpr(9vLZKMFMw1!v1$Uu5SL-zS|MehE?w_zZF`^X4hS9SLx)T5(}B<-qe;#BMBxV
z102!{!82b+bx^hCCIM%N86$au#_9F;hb9-zGKFVD^}QWcfY<|1U;Y;U@1&H8j0RE|
zU3lGbXbW;qFE<rCKDb+%3->Z5@K@%}wUqv{HD5UINZ_M)BYr+BF^7=cSyKEkz7oQj
z)H3VNE?{lU8YBK|m*{R|;H-RogIwCmj;~JlfGMU=>AK11yVLhdpihkG9lxmR_B8{w
z^|W)y%Q-w@kWS3GfJig5@Y|w7?25#pIafEQCkPQ0aRr0U{5oL>vfgA6W72t~DpX<D
zcqRtP8oYvF8uT)&0ybl5i5AynAGUBzEU)_IT$wO&tnIjVR(Ecrz=x7S{7G{Vp=a$+
z-F*XsDMp+0Ee|Za^Q#iyg5;CWs+c3io22Bt(Vy=SVI>}$XBX_p`gzIADz5NZf@Ftg
zLvG)q`+$y||7m1Z!A|$eU?>Eg`kMx42zmLA)0BUWHlBR)Z>MnLhHJgl9yqxxp~i#n
zRa)8uW~37+WM}sFRI_me)MfdFWPZi<<W1eK%0o^1?3x@cQr*;e>oAq-PjXVH#<(h8
z>zIq2V2k$HQp1cORaA<1aqSA4HNU6#zs|3R#VL6?<e7>Ysrm}KR3D}CZ|S~uwFfyF
zk5lk#4Ts0qxn`x?(LfpJkz|z_)iS#6S>%e$!|G)Y?lTRpFGB!gVqo9)MTMq7=*A;q
zQA-_3teR$Kk+f1Shh>tPV`|Nj<?cNe+rofkI)u*AbYBM@riDu6lqc@dAn6U=4Rp2Q
z=a)eZgEd1*9>=OFs)r!Z$RuOOxa;SP5irUiM!zCJlFbLPBD6Jo<wTgv4-si+-LKKx
zCM-V_hV*l~4t|U-LKN$CtQ+1Ip_8szSM)Z$ATL>tKOWor)P&nB5;~Yp5JzSC_|ht`
zy9~F+xLOHQyK{k$J#2;|&?o3CM=o*G#Z)%a_edu7HK7;DkL2`twQq_|qAbRuE;?b5
zmCczaEg_0aeR*$GCyQPFRne-$vY}1IhvG8O9=FY`BA$f9e)|)jz9@B0tHiVIga@3G
zX|{e}rGrrzu6|{056@Bk9H`a-HU=z-8lrvQhxJ7wyq<*mWvW7mGVVcp?sC}ERh3{x
zeloPYuLMpa`-}Q4!D%$OLK7lfeg&Y*+DQ}Y_ax}<#F|1fMD&qIV%2`^Cm#8dD`YB!
z)n$^5K45QK1Z*N!$RQs6ab}h?{wdoC6@V|z;&e9QVd$vziJB9ldq>!gaak8v1gs1-
z%h{u#0mrd3L*oHB><}2PpQa;*2XcDKZ^kZ_*Z`0)X!?vc{WZ83<RaToU3IU_c#S0m
z-<iB9zTRjE+*-XHt9q!kxe#6-eQY_SX52g=h$k{vb^XTStM>AneK80YZQ5yPuAcG-
z7?cWbD=*TlKK3-qrB3<@X$2`wh%b!oJJc~z!4L_RDXoFs#nx$l*`hH%&Skj{&{1BO
zk<b_@p#nInciXG}C<0*U<dmrYqBb(XyuTg0KeuV?AH(DU23ti#!_Pql^TJ7_MsDS&
zX6l-#4daGpKs0I}Mtto6`WIZDMMW%u+`LCx(jh1)Z_km+Al$i@&Oohxx!i%NhFHyx
zTlnB~b#20AC>0C2I5qsMZ{Vrum=K)m6_ODf29kXozfP~4HgDpbSCSz@+5ULLgTMem
z8#r_$pg9kA?YL`0lYL-W*=T9TgMnv4KHl*E86cG%N+O>8_seSC<it%Hz=QPyE$3^&
z$pB5B8HR+kzJl;!a_mdp2K|7V|NifiO1dy=l4|-<7b>lFD^gdgH|_q<APqH%c|Ybr
zlrYxK+;e1_igVT5tucXxw6*Sy_UCFO5|CMGWn8PP;mpepBf*=@wpaioaL#>Dx$><D
zv*;nbx+57#kUEydqIDk`-gi?PZFrcxAzfzP{7C&6Jc&2}^)Fs%3WPWtM}Zc}38FVX
z9&#A^n7``i&-<>7v`kat`cN%5I=AYPuQI`lgz;2(*0aRUrbva*KGU?m>aq-Q6l}Ng
zfB%i7q5v^;{>piI&o6LfV*R~xMwWCdZ+GEc>|&jY(|c0QSMEgGy{V+iA1`r#yEe5Q
z*KJ`XXatQxW!CrE<kc7T#<za6AE#UMrxzwe+F_+2{e)bdIz+cPSpga=axQs7?of{Q
zUYv2rVK@R`?VQn$BS#|fUnA%m>*X6-@@s9|9K%f70!mG}f0Gv$*ma-hXYw_I*M1A>
zvZBCj4GEoFU3D@Bij7o%k4z~Hq0nY_kDRkUWvyIcjO6kH6+EW5H?V#`I%Yd}{3Y1I
zB-4f9z{z@IF-9YO<~fhQLw}I!Ir8+YL}3X?ZWGJh)cX+BKbn46AQy9vTD*nw?<h)P
z%}QUq&J;AuEDYw0QcE<08jCqj@HQABd~R@F0@hg;H&_L6`iz$6M-lnB-5Sqac{WSY
z`y(KbrC<;igyz~a(~&_ZE$jVNz9Ejs8a`9sD1wAAU_^?+UfKSoVr@%yL~um77RUg^
zLk*JkYrzpp%V|8k>s1fBzSk_HzVe&%lBH`Fj+KP|Hxo{VZdeNg2elVnZ0wu=;o(RD
z8jWX4|15I6&a(Bb&x-{#G%G{;OMdG~L&fgXWXApni351n3#0^p>O3JvLA6t40jHgS
z-e?G}YD4N(1D%%h9I{jxK^acai8S@u9Ta$(a>KgMxMUe(eX1gni#D$n`I)_tgBhcE
zzdjBW*9NS-0aR`3Tmkc=GK<GoF+N*KVb+Gi`{Y^eDK(=NRx?11>n{Wo+zlXAM#j)>
z*US9)@>Ay62l#dd%147Dz&}C3?v(S(WqmB<pH)X3(VS-+&B@c{NUcYY&H!*Wx1!H<
zf!$JT#qikEap!)Iuwng4Lgm{QbLqaFB%lo3>dH?FukBACrIi^DpGIDsNb0C9*BeuV
zjE_Ooo}_g#Bp7IVGsWF(2cz=~%$mC(<uaTz9w{qEq=cbf7IsDN`^EatV3Jjgx7^g0
zOIt<0BZqS}4w_P%36iBop{d=?C%JH^ROE~HI(PU3{Fh2cSG4P~GZ}SJWz7`Jdde~?
z6mD-9mJOAUR5lkJO)QO>xYrJo85EGs7imX(!&m3>(oJxGzguj(vBEfR1k*D&s&!Ax
zq2hr+(;;N2Vf)n%;B%foA9_u!FRUA_d$NqUR!}CGlQZXW+CqE<z-Y^AFB9Qovl*mR
z{mvwo>jrw!88qURmSA*OGtJyq0^8_vdeP85#V(O2q4gFQ7db4op9c+99SK_o;okp5
zqOf}IL_h;@M6T3rHpT8|Hi#ibh!=8@k8KaKIXOdVf&T^vMf=8F4%MVSIoY!`W;e9b
z(@v{@pnG2tH7lwUz0Lu5{#d1DNqlASd&&SXnW05%65Zc%CweuSz7RcmfSus#ZLSHf
z_5NBt`H3LsQo~S@a@>g#W^tHu%AVI^l`1$XtWTy|C74`iowkrr&Yj@Vd1ar;!=pVJ
zP|ITBwy<?`yPVPE`D!TQisBHnR@AjNz--OadB{63o)0GBddfMiuspe8t`dDt=z0A?
zmQw<-fJj0kGqCU-Ge%nMh-_n%;T~jnAg;Bb`hFr1p$gF|aqV7)NgO`mRgEA0#g=@?
zI(+}Z+rT15w-)yzv<->e7y%(5C9aB(z2~1r*XK)~K#da(FD+*C(&3lzQH^Ukb=i3M
zgzr8>T%W6=pwKQ=Py8mA&`R3J?q(!SGEz&FdN5G;KA>FeZNr|vCd5w(Dg!XMk7-HE
z{RSly8D9)!{D#TiHlVuBjY)w%p`W!11yeXWa$TFisW&hx*eqY?aov&lHop4@%E@Mj
zH-<4S(kP(6<c#mycK!Fp(h7x<UkxtX`n1$chk%v1l*-I8f5mL|7|`)_Gz``2fJFi0
z#Z<!JGIS`ZI%E&ejZcu(dI?rL;bV<rik66pXO^tw{Yw7NY<SC_uA~AF|JhVl?61Z~
H9qIf^ZV*>%

literal 0
HcmV?d00001