From acab9208580f53e7c1d8f47e3dcb13a09682c3a5 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Tue, 7 Oct 2025 20:58:09 +0800
Subject: [PATCH 1/3] WIP: SSH configuration restructure

Backup of SSH reorganization changes for future reference.
---
 nixos/common/global/ssh.nix                   |  12 -----
 .../global/ssh}/borgbase_hosts                |   0
 nixos/common/global/ssh/default.nix           |  43 ++++++++++++++++++
 nixos/fuchsia/services/borgbackup/offsite.nix |   5 --
 nixos/fuchsia/services/borgbackup/onsite.nix  |   5 --
 nixos/viridian/services/borgbackup/key.age    | Bin 1087 -> 0 bytes
 .../viridian/services/borgbackup/offsite.nix  |   5 --
 7 files changed, 43 insertions(+), 27 deletions(-)
 delete mode 100644 nixos/common/global/ssh.nix
 rename nixos/{viridian/services/borgbackup => common/global/ssh}/borgbase_hosts (100%)
 create mode 100644 nixos/common/global/ssh/default.nix
 delete mode 100644 nixos/viridian/services/borgbackup/key.age

diff --git a/nixos/common/global/ssh.nix b/nixos/common/global/ssh.nix
deleted file mode 100644
index 243ff12..0000000
--- a/nixos/common/global/ssh.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{...}: {
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "no";
-      PasswordAuthentication = false;
-      LogLevel = "VERBOSE";
-    };
-    ports = [22];
-    openFirewall = true;
-  };
-}
diff --git a/nixos/viridian/services/borgbackup/borgbase_hosts b/nixos/common/global/ssh/borgbase_hosts
similarity index 100%
rename from nixos/viridian/services/borgbackup/borgbase_hosts
rename to nixos/common/global/ssh/borgbase_hosts
diff --git a/nixos/common/global/ssh/default.nix b/nixos/common/global/ssh/default.nix
new file mode 100644
index 0000000..9afd284
--- /dev/null
+++ b/nixos/common/global/ssh/default.nix
@@ -0,0 +1,43 @@
+{inputs, ...}: {
+  # SSH server configuration
+  services.openssh = {
+    enable = true;
+
+    settings = {
+      PermitRootLogin = "no";           # Disable root login for security
+      PasswordAuthentication = false;   # Require key-based authentication
+      LogLevel = "VERBOSE";             # Enhanced logging for security auditing
+    };
+
+    ports = [22];                       # Standard SSH port
+    openFirewall = true;                # Allow SSH through firewall
+  };
+
+  # Trusted host keys for internal infrastructure
+  programs.ssh.knownHosts = {
+    # Desktop workstation (fuchsia)
+    "fuchsia-ed25519" = {
+      hostNames = ["fuchsia"];
+      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_ed25519_key.pub";
+    };
+    "fuchsia-rsa" = {
+      hostNames = ["fuchsia"];
+      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_rsa_key.pub";
+    };
+
+    # Server (viridian)
+    "viridian-ed25519" = {
+      hostNames = ["viridian"];
+      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_ed25519_key.pub";
+    };
+    "viridian-rsa" = {
+      hostNames = ["viridian"];
+      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_rsa_key.pub";
+    };
+  };
+
+  # External backup provider (BorgBase)
+  programs.ssh.knownHostsFiles = [
+    ./borgbase_hosts
+  ];
+}
diff --git a/nixos/fuchsia/services/borgbackup/offsite.nix b/nixos/fuchsia/services/borgbackup/offsite.nix
index cbcca0f..9df6b4e 100644
--- a/nixos/fuchsia/services/borgbackup/offsite.nix
+++ b/nixos/fuchsia/services/borgbackup/offsite.nix
@@ -78,9 +78,4 @@
       monthly = 12;   # Keep 12 monthly backups (1 year)
     };
   };
-
-  # SSH host keys for borgbase.com
-  programs.ssh.knownHostsFiles = [
-    ./borgbase_hosts
-  ];
 }
diff --git a/nixos/fuchsia/services/borgbackup/onsite.nix b/nixos/fuchsia/services/borgbackup/onsite.nix
index cbd6b06..77c8945 100644
--- a/nixos/fuchsia/services/borgbackup/onsite.nix
+++ b/nixos/fuchsia/services/borgbackup/onsite.nix
@@ -76,9 +76,4 @@ in {
       monthly = 12;
     };
   };
-
-  # SSH host keys for viridian
-  programs.ssh.knownHostsFiles = [
-    ./viridian_hosts
-  ];
 }
diff --git a/nixos/viridian/services/borgbackup/key.age b/nixos/viridian/services/borgbackup/key.age
deleted file mode 100644
index 3b93402a26bfb94bc920c23e11bee79aad772ac0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1087
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$$Vds!b1zqLEO&R+H+3#d
zbt^Qk2u(E%4b%3@3GvT#@+=CdFtx~Zb<c9m3@CCk3QF_gGR`XZuQYKA@X0arbq@##
zEBExwN)Ag8jS5cp@r?+N$}CIq%<?I5&C3e~*_CTmrJG)qnpm8wpcPrD;OASU5g6xL
zs$io~oaJCzn-<PhQs}RpndfI|ROMY&VeXQVV_KF|npPAQ<;bP0tE*sX<{n@Y7UdI>
z>8@`X;p=PZXI>PQmsJ&5RGeer<!_$t>{6+nl4M!zTg+8Ag-J#Et?KT@*BV<(vTP(w
zlho49m+^fS`JiRM`&8brsyDwrB(yeg$=-_1dpo{LvAf0<&%7RF$Gl(5^=aF=d20&m
zuTMD`C+PN$(dlv|``1>^zKa<Qd<S_vtQhR(G=D7EwOV)!|Mq*<-5>synd<NG*t>D{
zeeXxAdCcuQ`4=57)_K28l>ft-Czi+gALt!+5^H%Jx?<gz$s1-rFG&4w#KJC8I$QCy
zqzT_?yE6gPLNxwwdwE`T+DZ8p$wkq-o5Ff8Oiq8xv({pT<3fYP&`vL<D}hyYI{e&Q
zS<dA-#oRep-(|-7$ne#B!J5j~?{CkPw_LS$=E_s&7k!d8JQ?S<`_Z&psU6d^*Ecx+
ze|W5Gh12Wc8|&{CGezkAiIK==n{6{wL&$%PXTgCz*`Kun&z4MByC7OGaid;#Ug;(`
z#m<+Fj)(Q@9IR$09qwK#-O~IlkRvxsnQ_AfCHv$5o<Gl*6VPA#S1hi=ymDf{K%ixq
zOy8zok#@Ht<{of;zgPFn)|L64pVwO7)Lpu^GUb$3ix=ymI_G|tgU5Sc)Nx3D3|+D5
z`HB^cvX;w^p1$aO;rGiVm5oZbxm^On;!0B5?pEKPdt#n_NTQXq?!@cTn@(MGNbPz0
zKk!?q{n-_l70zcWO}b>(KQ~i#=jnioy5HKNvo|%J`4OSNEAZ#_yL{_-t!!g|ZCBfH
zG@&Z)-1DFNUX=tXaWcJTF0Z)JZa8iE!lT#rF5%9~(Vf;iYwEfLl@%uY_UPFr8cROb
zUwpZVS*M4!^U>tE=;f1EN3P7d<y>~&S5G2Gu6W7Pt2?)vEqj*sc2Pz7`J3u)#sv&#
zR`ujGC<yM_H}_P-yN;;CzdU!nRMA@MZuvd?MBkF>|K7}q+?Vk?WP%sl9Pu@lmUsFt
z%KgvDT=Y9dCx7OO{FPk>dmkAdQB7Fk{WAJM*;@aKsbMyJ%TJ}big)~J^!#*!|H;Lt
zZZ=ADQ{-fhA3l<w=C#A%RJzjc$$#zzK7X-U`RG$Y#)b3d1};rc5ZNCz-|(QeZ-hw$
zUqp#iPSfsnGc9!|b8j;>V<}v)Bj4l0<(KN_Ums;NNGx44BUQ9)l^OH4@`p_Gj`LcE
uR4Ig9;$+p`IFnoK(x#wl?@x;Z?=$WYsrzDo)$*W355t+&Q-4m^lm!4pVC(Jx

diff --git a/nixos/viridian/services/borgbackup/offsite.nix b/nixos/viridian/services/borgbackup/offsite.nix
index a64c666..70657a8 100644
--- a/nixos/viridian/services/borgbackup/offsite.nix
+++ b/nixos/viridian/services/borgbackup/offsite.nix
@@ -81,9 +81,4 @@
       monthly = 12;   # Keep 12 monthly backups (1 year)
     };
   };
-
-  # SSH host keys for borgbase.com
-  programs.ssh.knownHostsFiles = [
-    ./borgbase_hosts
-  ];
 }

From 85dc4193493b6a9341cb0880097bb239e9044842 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Tue, 7 Oct 2025 22:33:20 +0800
Subject: [PATCH 2/3] refactor(ssh): decentralize SSH configuration to per-host
 services

Restructures SSH trust relationships from global to host-specific configuration
for better locality of concern and principle of least privilege.

Changes:
- Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module)
- Move internal host trust (fuchsia/viridian) to per-host services/ssh/
- Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian)
- Add viridian SSH server config to accept backup connections from fuchsia
- Add fuchsia borgbackup passphrase for offsite backups
- Configure viridian to create /srv/borg-repo/fuchsia for remote backups

This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian
(onsite) and BorgBase (offsite) with proper SSH authentication.
---
 nixos/common/global/ssh.nix                   |  17 +++++++
 nixos/common/global/ssh/default.nix           |  43 ------------------
 .../services/borgbackup/passphrase.age        | Bin 0 -> 411 bytes
 nixos/fuchsia/services/default.nix            |   1 +
 nixos/fuchsia/services/ssh/borgbase_hosts     |   3 ++
 nixos/fuchsia/services/ssh/default.nix        |  18 ++++++++
 nixos/viridian/services/default.nix           |   1 +
 .../services}/ssh/borgbase_hosts              |   0
 nixos/viridian/services/ssh/default.nix       |  29 ++++++++++++
 9 files changed, 69 insertions(+), 43 deletions(-)
 create mode 100644 nixos/common/global/ssh.nix
 delete mode 100644 nixos/common/global/ssh/default.nix
 create mode 100644 nixos/fuchsia/services/borgbackup/passphrase.age
 create mode 100644 nixos/fuchsia/services/ssh/borgbase_hosts
 create mode 100644 nixos/fuchsia/services/ssh/default.nix
 rename nixos/{common/global => viridian/services}/ssh/borgbase_hosts (100%)
 create mode 100644 nixos/viridian/services/ssh/default.nix

diff --git a/nixos/common/global/ssh.nix b/nixos/common/global/ssh.nix
new file mode 100644
index 0000000..29414c4
--- /dev/null
+++ b/nixos/common/global/ssh.nix
@@ -0,0 +1,17 @@
+{...}: {
+  # Global SSH server configuration baseline
+  # Host-specific trust relationships are configured in each host's services/ssh/
+
+  services.openssh = {
+    enable = true;
+
+    settings = {
+      PermitRootLogin = "no";           # Disable root login for security
+      PasswordAuthentication = false;   # Require key-based authentication
+      LogLevel = "VERBOSE";             # Enhanced logging for security auditing
+    };
+
+    ports = [22];                       # Standard SSH port
+    openFirewall = true;                # Allow SSH through firewall
+  };
+}
diff --git a/nixos/common/global/ssh/default.nix b/nixos/common/global/ssh/default.nix
deleted file mode 100644
index 9afd284..0000000
--- a/nixos/common/global/ssh/default.nix
+++ /dev/null
@@ -1,43 +0,0 @@
-{inputs, ...}: {
-  # SSH server configuration
-  services.openssh = {
-    enable = true;
-
-    settings = {
-      PermitRootLogin = "no";           # Disable root login for security
-      PasswordAuthentication = false;   # Require key-based authentication
-      LogLevel = "VERBOSE";             # Enhanced logging for security auditing
-    };
-
-    ports = [22];                       # Standard SSH port
-    openFirewall = true;                # Allow SSH through firewall
-  };
-
-  # Trusted host keys for internal infrastructure
-  programs.ssh.knownHosts = {
-    # Desktop workstation (fuchsia)
-    "fuchsia-ed25519" = {
-      hostNames = ["fuchsia"];
-      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_ed25519_key.pub";
-    };
-    "fuchsia-rsa" = {
-      hostNames = ["fuchsia"];
-      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_rsa_key.pub";
-    };
-
-    # Server (viridian)
-    "viridian-ed25519" = {
-      hostNames = ["viridian"];
-      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_ed25519_key.pub";
-    };
-    "viridian-rsa" = {
-      hostNames = ["viridian"];
-      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_rsa_key.pub";
-    };
-  };
-
-  # External backup provider (BorgBase)
-  programs.ssh.knownHostsFiles = [
-    ./borgbase_hosts
-  ];
-}
diff --git a/nixos/fuchsia/services/borgbackup/passphrase.age b/nixos/fuchsia/services/borgbackup/passphrase.age
new file mode 100644
index 0000000000000000000000000000000000000000..d1539d8dbca4849adf445f8dfd2f897171b0231f
GIT binary patch
literal 411
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14$Sl(>Ffuh$$Vds!b1zqL%*#&6sc;H)
z%S{V%O--(_a4(3kObyF7@kojYGjq~5a4gR7H3@X83iiq7%J(pE4$X2hEH<#H@XYWk
z_VOz#GRz9g^AC;;F*I|FFiWva$}l(c_DnYc*_EXl<d|fnn_iTfSe&Y$;bH1fm9DLz
zt6gd0u3#PGQ<Sc+V3DsB7GTU(ksNMj9GG9><elmhlHylr>67k~Uf^w9m0zswYiwxl
zXj<&=nC6+5<Z4=)QIwOPm|+oa;K-$`tE=E@nC|bG9~zNZmRII(l4DVnY!+E=SZJ9W
z6qx4~=$w=3=xUZ&5$P9Rn$G2Tk!@{ZvqI_gWtSIQJ6qg1d2ywjSk@fJ=_vwx`%LAx
zr5=*(FVtC<UQqnuQIgpF>&9Dco|wL5U#r7*x6Jg)%Z1*)+&38+wCAPXymCV@tn{?6
zZ}Oq!eTgx;ajJ`Dy(c}JnB{2mjqBUJ)pxg68Ca-Gh@IJW>fffs!(Itj9NJICuM>Gz
Htn?88)Q*=z

literal 0
HcmV?d00001

diff --git a/nixos/fuchsia/services/default.nix b/nixos/fuchsia/services/default.nix
index 06bcaf6..b689b8e 100644
--- a/nixos/fuchsia/services/default.nix
+++ b/nixos/fuchsia/services/default.nix
@@ -7,6 +7,7 @@
     ./pipewire
     ./printing
     ./snapper
+    ./ssh
     ./udev
     ./xserver
   ];
diff --git a/nixos/fuchsia/services/ssh/borgbase_hosts b/nixos/fuchsia/services/ssh/borgbase_hosts
new file mode 100644
index 0000000..5df945b
--- /dev/null
+++ b/nixos/fuchsia/services/ssh/borgbase_hosts
@@ -0,0 +1,3 @@
+li9kg944.repo.borgbase.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMS3185JdDy7ffnr0nLWqVy8FaAQeVh1QYUSiNpW5ESq
+li9kg944.repo.borgbase.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCwHsO5g7kAEpqcK4bpHCUKYV1cKCUNwVEVsDQyfj7N8L92E21n+aEhIX2Nh/kFs1W9D/pgsWQBAbco9e/ORuagHrO8hUQtbda5Z31PAo4eipwP17VQr5rF3seaJJNFV72v89PGwMOWQwvoJte+yngC6PYGKJ+w63SRtflihAmf4xa5Tci/f6jbX6t32m2F3bnephVzQO6anGXvGPR8QYQXzSu/27+LaKnLd2Kugb1Ytbo0+6kioa60HWejIZ/mCrCHXYpi0jAllaYEuAsTqFWf/OFUHrKWwRAJD0TV43O1++vLlxY85oQxIgc4oUbm93dXmDBssrTnqqq2jqonteUr
+li9kg944.repo.borgbase.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOstKfBbwVOYQh3J7X4nzd6/VYgLfaucP9z5n4cpSzcZAOKGh6jH8e1mhQ4YupthlsdPKyFFZ3pKo4mTaRRuiJo=
diff --git a/nixos/fuchsia/services/ssh/default.nix b/nixos/fuchsia/services/ssh/default.nix
new file mode 100644
index 0000000..7f41e1a
--- /dev/null
+++ b/nixos/fuchsia/services/ssh/default.nix
@@ -0,0 +1,18 @@
+{inputs, ...}: {
+  # Trust viridian's host keys for SSH connections
+  programs.ssh.knownHosts = {
+    "viridian-ed25519" = {
+      hostNames = ["viridian"];
+      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_ed25519_key.pub";
+    };
+    "viridian-rsa" = {
+      hostNames = ["viridian"];
+      publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_rsa_key.pub";
+    };
+  };
+
+  # Trust BorgBase repository (offsite backup target)
+  programs.ssh.knownHostsFiles = [
+    ./borgbase_hosts
+  ];
+}
diff --git a/nixos/viridian/services/default.nix b/nixos/viridian/services/default.nix
index 51dbd2a..42bd7ee 100644
--- a/nixos/viridian/services/default.nix
+++ b/nixos/viridian/services/default.nix
@@ -10,6 +10,7 @@
     ./murmur
     ./opengist
     ./snapper
+    ./ssh
     ./traefik
   ];
 }
diff --git a/nixos/common/global/ssh/borgbase_hosts b/nixos/viridian/services/ssh/borgbase_hosts
similarity index 100%
rename from nixos/common/global/ssh/borgbase_hosts
rename to nixos/viridian/services/ssh/borgbase_hosts
diff --git a/nixos/viridian/services/ssh/default.nix b/nixos/viridian/services/ssh/default.nix
new file mode 100644
index 0000000..f4c1796
--- /dev/null
+++ b/nixos/viridian/services/ssh/default.nix
@@ -0,0 +1,29 @@
+{inputs, ...}: let
+  # Fuchsia's host key for backup authentication
+  fuchsiaHostKey = builtins.readFile (
+    "${inputs.self}/nixos/fuchsia/ssh_host_ed25519_key.pub"
+  );
+in {
+  # Trust fuchsia's host keys for SSH connections
+  programs.ssh.knownHosts = {
+    "fuchsia-ed25519" = {
+      hostNames = ["fuchsia"];
+      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_ed25519_key.pub";
+    };
+    "fuchsia-rsa" = {
+      hostNames = ["fuchsia"];
+      publicKeyFile = "${inputs.self}/nixos/fuchsia/ssh_host_rsa_key.pub";
+    };
+  };
+
+  # Trust BorgBase repository (offsite backup target)
+  programs.ssh.knownHostsFiles = [
+    ./borgbase_hosts
+  ];
+
+  # Accept remote backups from fuchsia using host key authentication
+  users.users.root.openssh.authorizedKeys.keys = [
+    # Restrict fuchsia to only run borg serve in /srv/borg-repo
+    ''command="borg serve --restrict-to-path /srv/borg-repo",restrict ${fuchsiaHostKey}''
+  ];
+}

From 6723c0e0b6eb236bfd6db06de88b89b8f8cb7ee7 Mon Sep 17 00:00:00 2001
From: jasmine <its.jassy@pm.me>
Date: Tue, 7 Oct 2025 22:37:26 +0800
Subject: [PATCH 3/3] chore(secrets): rekey agenix secrets for new
 configuration

- Add rekeyed borgbackup passphrase for fuchsia offsite backups
- Remove unused projectsend secret from viridian
---
 ...13fe910c59fe6344a048e24e98c923c-borgbackup.age | Bin 0 -> 466 bytes
 ...3ab42e4fc9cfd4f093251c178bdbaa-projectsend.age |  11 -----------
 2 files changed, 11 deletions(-)
 create mode 100644 nixos/common/global/secrets/rekeyed/fuchsia/b13fe910c59fe6344a048e24e98c923c-borgbackup.age
 delete mode 100644 nixos/common/global/secrets/rekeyed/viridian/473ab42e4fc9cfd4f093251c178bdbaa-projectsend.age

diff --git a/nixos/common/global/secrets/rekeyed/fuchsia/b13fe910c59fe6344a048e24e98c923c-borgbackup.age b/nixos/common/global/secrets/rekeyed/fuchsia/b13fe910c59fe6344a048e24e98c923c-borgbackup.age
new file mode 100644
index 0000000000000000000000000000000000000000..1aeaaa879010b3da769a5d5db5c4cdd7b467edf7
GIT binary patch
literal 466
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73d_j~b5uyo53Z^R
zEHI1mO%L+UaWjpK@+!{u@ijKc4E6OY@UJoq45<pWbS%hnDdzGGHV-c@^C~lp$WJ%&
zFU&BBbaeH}wD5Gx2@Q0&%&Dj<^K^7{$?%OTPX^hRn(ApCZEUZbUX+?xoT{J_;hCvm
z=HnF~#8p&Ml9rlP6=mpQ<ZD?LQDW#3m{;!R66R&<<dW>;l$Pb`oRL;!>}8Ozof(kf
zlx`B~W1Qhu?jPVDr5)x{62w&+6zP@~>E>hTsc+#`;A3WPQE5~Vl<k#K9AQ-MUFnjZ
z<R4a?o@$ZmVp<rb?@?)xt?!g*7Mz#k$fc{Rt6*U1TjE*eos^#9nOUBfm+o4X;%-=E
z;*{@MX{H~NW^5Q>;HI7G5>f1*&9&=!z<sX1`{JVe5-lcZZU6IWO6<+9=a=%ePCOUz
z7TjTGmT`UEC*xCI`L^>G7H+?~-lO;StqEz<j|<IeTN@X(_N%?vN1X}B{@v9n^tq*a
zby5340fqCE!a8!Vtzs6u`*lX%<><{aXZFoGcsgTxyvoAq=eD(nF&G3K?}`X9{<$f$
L%Su8Ze!^w|cxSL3

literal 0
HcmV?d00001

diff --git a/nixos/common/global/secrets/rekeyed/viridian/473ab42e4fc9cfd4f093251c178bdbaa-projectsend.age b/nixos/common/global/secrets/rekeyed/viridian/473ab42e4fc9cfd4f093251c178bdbaa-projectsend.age
deleted file mode 100644
index 0c1e6c9..0000000
--- a/nixos/common/global/secrets/rekeyed/viridian/473ab42e4fc9cfd4f093251c178bdbaa-projectsend.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 KTkZog Up5AjKprErUc0nI98az6EFmtxev7vdg+PmNzQgizHTc
-NJ+/pzyDbSgmm+0jx4C2X4ISoJDD004HlN1Ul3vrmzM
--> RGCv~-grease
-Ov7OyKCQF8tm4G+cXFlibXFROTAHhssk1JaozlPpUmnFOX5ao78jVORa27WHEF/H
-XxEDY0JQU6oL2fM
---- hV6JhDfXuYLaf/iGqjN6Q/N6tnDR6J1V627DDLnaGZI
-��5����cŧ�����u=�
-iFd�ϲ�[<D��0|#�!rHU
���D��kH'�HJ��@5AsK[@
z�pmP]@�����j���/)A�d�.�סM;{h6z���)�כ4+/a�w��F�ap�[X<δ
-�T
-?H�o�o
\ No newline at end of file