From 4be87f1a60a2029d1c66b0d1e0d003726cb35e41 Mon Sep 17 00:00:00 2001 From: Peter Lehmann <36541313+peterablehmann@users.noreply.github.com> Date: Sun, 14 Apr 2024 00:29:57 +0200 Subject: [PATCH] topology: init --- flake.lock | 216 ++++++++++++++++++++++++++++++++++- flake.nix | 26 ++++- media/fritzbox_7590.png | Bin 0 -> 29301 bytes modules/common/tailscale.nix | 2 + nodes/cache/attic.nix | 8 +- nodes/cache/networking.nix | 8 ++ nodes/mns/networking.nix | 8 ++ nodes/sync/networking.nix | 8 ++ topology.nix | 86 ++++++++++++++ 9 files changed, 353 insertions(+), 9 deletions(-) create mode 100644 media/fritzbox_7590.png create mode 100644 topology.nix diff --git a/flake.lock b/flake.lock index cc17b88..a102c8d 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,28 @@ "type": "github" } }, + "devshell": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1711099426, + "narHash": "sha256-HzpgM/wc3aqpnHJJ2oDqPBkNsqWbW0WfWUO8lKu8nGk=", + "owner": "numtide", + "repo": "devshell", + "rev": "2d45b54ca4a183f2fdcf4b19c895b64fbf620ee8", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -119,6 +141,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1667395993, @@ -167,6 +205,85 @@ "type": "github" } }, + "flake-utils_4": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nix-topology": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_5", + "nixpkgs": "nixpkgs_2", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1712579727, + "narHash": "sha256-+KDfJEKXwIpKvVmQ0K0Ta2dmx661izUxQIKIkXcGW8c=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "eaa1874c2dec76e916362df3af9eb4cde636adda", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1711401922, @@ -200,6 +317,22 @@ } }, "nixpkgs-stable_2": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_3": { "locked": { "lastModified": 1712437997, "narHash": "sha256-g0whLLwRvgO2FsyhY8fNk+TWenS3jg5UdlWL4uqgFeo=", @@ -216,6 +349,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1711703276, + "narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d8fe5e6c92d0d190646fb9f1056741a229980089", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1712439257, "narHash": "sha256-aSpiNepFOMk9932HOax0XwNxbA38GOUVOiXfUVPOrck=", @@ -231,7 +380,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1712420723, "narHash": "sha256-VnG0Eu394Ga2FCe8Q66m6OEQF8iAqjDYsjmtl+N2omk=", @@ -247,20 +396,49 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_3", + "flake-utils": [ + "nix-topology", + "flake-utils" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1711981679, + "narHash": "sha256-pnbHEXJOdGkPrHBdkZLv/a2V09On+V3J4aPE/BfAJC8=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "f3bb95498eaaa49a93bacaf196cdb6cf8e872cdf", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "attic": "attic", "colmena": "colmena", "disko": "disko", "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2", + "nix-topology": "nix-topology", + "nixpkgs": "nixpkgs_3", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_3", - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { "lastModified": 1712458908, @@ -306,6 +484,36 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ef41a96..e50a152 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,9 @@ # Attic attic.url = "github:zhaofengli/attic"; + + # Nix-Topology + nix-topology.url = "github:oddlama/nix-topology"; }; outputs = @@ -31,6 +34,7 @@ , flake-utils , colmena , attic + , nix-topology , ... } @ inputs: let @@ -69,6 +73,7 @@ modules = [ ./nodes/mns self.nixosModules.common + nix-topology.nixosModules.default ]; }; monitoring = nixpkgs.lib.nixosSystem { @@ -78,6 +83,7 @@ modules = [ ./nodes/monitoring self.nixosModules.common + nix-topology.nixosModules.default ]; }; sync = nixpkgs.lib.nixosSystem { @@ -87,6 +93,7 @@ modules = [ ./nodes/sync self.nixosModules.common + nix-topology.nixosModules.default ]; }; cache = nixpkgs.lib.nixosSystem { @@ -96,6 +103,7 @@ modules = [ ./nodes/cache self.nixosModules.common + nix-topology.nixosModules.default ]; }; }; @@ -105,5 +113,21 @@ }; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; - }; + } // flake-utils.lib.eachDefaultSystem (system: rec { + pkgs = import nixpkgs { + inherit system; + overlays = [ nix-topology.overlays.default ]; + }; + + topology = import nix-topology { + inherit pkgs; + modules = [ + # Your own file to define global topology. Works in principle like a nixos module but uses different options. + # ./topology.nix + # Inline module to inform topology of your existing NixOS hosts. + ./topology.nix + { inherit (self) nixosConfigurations; } + ]; + }; + }); } diff --git a/media/fritzbox_7590.png b/media/fritzbox_7590.png new file mode 100644 index 0000000000000000000000000000000000000000..1f539dcd69541ebb40ff0faa6f8ed979ff99b881 GIT binary patch literal 29301 zcmZ@FMd#($Y6HGTYkP+}K#NvbHxh`)={w#>mJ_?W>lmnx>VN{dY^d@0PZfR`!jJ z4IlmAzl$IJ&d!##jpN7QL&?VkQ!`6#ZT+&cG6N%132`Y+Ej?8=4P67H#>RRbJp(Ce zIT;ywU427s9ewj}RzgCesHmt+Oe`Fn+{nnt=;#fq{vM z2?8Mri-pFs%vQD;CyOoYLJnYZ)m8KmX=eNkrx$}Kt@LS^a+=Qg!J=gB{d1@g@yTxi?ikB zrOnOt5A7dIKp@bEGcq!AaB%PyIb;1j59d5sz>3wkO-I}Q&$0r7!ZoBMmGrdP z1o%x&jqP0QPwz=TfWYpat`>38A7HS-H>&^`m_iB&IfQahTjMb)wvv;*s=9jWt4dl% zMs9w7NonZ^cJJ@M7nb`L_XE$KBYH)IzT4WzCnh?&xcLVL4K4ZHyt{`-Mr~gCczF9P ztTnU^xsA^>bdN@id3kPBRW79dIA8u--R^wB%aW56`|7cL+7tNUCrm)zYbjnS?Een`-}dc5&mb$JfR*$L zAk1TjgM-IB_v<|v<*dhzcTG^K<(5l!aXq$6|;@nfMm8 zO^K*}CBX-R071rTkJsp;El!p(l26IYoIcz=3ioY~+F;>!j0v;R?GFPMoSaeplWc#T zFH6Z4ib#lQQULYwVGUf<4MS~>o>56Bi7E)@4#5TF!} z9~o%Sn=#%!J~w~KmA5BS-{|sid0)?Npr?9`YC?M;#2D|MHxD9`ZYmGkcgb^HhAA52LS>hsK5s--duLs!UcJjvf?3&j}8mN>pPYzXjrLkRJTm~4(p|HvxheK~20wz?dMQ&)hZoO(Ev{u8$ zr+|wN%XOcQvFJ#c^v`k6jq+@1f#XK4?9)n}BTd$zEiZl!NT{U%KSs%y;~-F7N*@cF zeluO$Mf8NEzUWd_2TLk@wXu|Fy3MHkA>yWjMj{79dtkBAitGu!J;SL};s)OHhnpJt z0~EL`PYk7M*q{jqYrv(}(A$)`{S;~PzaS-~r*gd_Qfx)-k$?o{o7Kr|bh_rf7I(y1 zb&kJ0H^V~pR5YMA92VSEesAf(1!wQ-qJ35_kWc#q`1?hHlcR!fOna z!Kn;b;##Gf$fBSus5F3_%3CmttM6)dDH1~;Hyea!6V>|A>2sV87GF~XYmD%bqBwCd zLMnQY%{WcqahJsud6OkpGZKVyTvg{M+c%3v*!m{z29)r`78U71C|KfOB+@^DO(-Zi zG9S{X$wM3*5VOSjg>s|_u@-{wlETTZ1}YvWX;dY&u)(R$f}a=xA+~77wM7Z#7N0^) z`WZfZS3t(ds4dua8x*xL>hCh~gf|iM>vh@0(;q9yD`Y{=gyK1hpLbo9hd45useddF z1q#{1Uc+mKOgqk-Sk^5g`!e~E)ZnH=d+MAxG#MckGEV}`?T zoXW_pLhEu_(2O$0-UvggAWTknN%UMd>X#vi&w6N$-WIrXB#x(?y)q2F5>mm_U~DJn zT_KGROGy7SLkH#YZ!s`8f1|=SA3KAXB7}?vMx4AV1sCi_V@7QwKZxpDt#x$uUrm7; zQO0zD5Q2p`c!F_U$Y(hgcGRFDajpxsryd91SX%7&td*qFH_l~NcPo<+2>9330cGfk zWsyS|ou8WxBdmz>27-;6l`ZmKHIngYNR9d;II1mN4DyZBCu;~&aU({^wV2GbYz>e1k8FL1y>*${!Ht<&mL5aU{LP@QAQBjDYWtsa0Y1zfK zVbbZ*j|!~-4oRLAMYG9N6fYz3L$Q|vw}4JmWJvb{n7iETH{gs-`S2M)Mql&}&rZ@9 zjp&~Tf{N!w=|rrPu`3{*ok2JtDVDA>W}JlLU&QF5P4mub8Pirt@yfi45~N>B(z>7i zdr41_(xCflQ-{YvN;f$1ee+UFG~HenG)v7vm!fxX#%Yzcgj~b{Fr~;IHt?D>d!qAO zCYgPtwn6SyL|A{)KQyT!Bf?h#h?A@sDIWque0~GsuHi!X3o$7}QA~>h7pLGCrCvf3 z#LJtPNq@bYi-R)1Qonp1CJG#tK-34_v8It4!+<;!dLbznAFL-e8lTS+ zfy3y^Ao;uf9XW0ICz>5yD6cfOp#S*}oP-o{#$}B31x$2Duik%!mhjqI3E-!Hn{;Bl z5mC9WgJ9t+$?Y139b~($V#z$$2I4Tf;!y68Hmow|KNJtp<5eYY!&OR2HQT@*s}2WkiXHGN-w-pj}-rr3s<(Vx}=USg3GRY%y=p%%=(fTCHGJ0=DNDt=B~_weQNoWf!Jd~A>`H?S)2q1 zsw%d!Bd@q@`eXVs5$fvl?RulZ*GwS`;+5~=|m7Q-hGStWfC)q(+87G08|bg*nMR>SICq4Hxz%lx^AC?&Q-BDc(OLh2VZ zsB!A`u7~>6SbR-%nCg2o{jMbAScjUgc|)w!=!#np$!1;{Y{_1G)-xL7@TH9PY|O$L zBYuRY#8!)H%XS8H;Zm>{E7!5T{@_c3PxKsNR11?;)#wC_DB(^B9q7gHI1=CZY;?J| zT$HEe9<1N2I#=BRC(yo&Bkmk*)WCX?g|cRs_BDK4j&c>+jFE2D8^<}7_W*vTAtWu= zJtI~8(rjmF>2!xCN%Ni!&7Hz!0{^SWEgi;$a}*>8s)*M|gwy|}nXCcKS~BC2+jwK< z9D*}-(c}i^=!YB1c?tOoq^;gI`=|OB(060R8V*`Pi4RK>VYz*WN zX-#*FVl6D9_$_cDsj83u@3$9!X>>2Qm{g#QsB+gh-@!Dgawx;!hOuydmy~&L>oNZt zCC7<%2HB^}%-UwTlPX?#1yr^wG5_oGdhyj17A31{#j2~Qz1$M|im{QaiPlwtR>&+=7_|_%1>OS&RxLK$n{?p;SYlIH}wf!fo zAHKwQLw%%v1N4$<)(~cIgEyBkRD$d8A)i+=PkwrEqCt^@-ldpL(Lz|0&^1JO zrKo*;d)e`c#jBg6rSoORYHUN)gQwi3o(vry_-1qYj{kjZb-F4FE0BsFwMV5GRB14eHDqn^* z<14q%uRnH+*3Gv^w4p2E5MaM-G|TTlF^QC#6~P_^BIZPiuo-QKMHH+L6+FHPqpl`o zTBY;vhS8?%Dm|Cy9vqVPn#xB^gdutE$aNjjKh zcE7`Kn+F-CsF1cJk=IqDz!zyD@Stu9hhIj(AQmb=v3_v@d3*RAG)Q>d7_RsE5Adgn z@I8hE?_ux&TP#kkn2Iv=>abwZ&{S2rty)}x*J#g5+apDtIpJ{?pQ3UMj9tLej|zLI7~F1mT_oB zKhYv4kvDJ>2BLtiaAs1bxW6fb$dJ>~#9bSQ3tR2L6aPxCb!ej>R)6A6i*BP~h@r1U zs+8}>1AqLKgN=*a{R@dGil8P)`WIQ>=8(VW2X!EZGxH0>uv z3DCPeX==px`y8!r6idRs641iYo7Y*zLK;oL#n|C99-%8CP^xRA5f5ou2Ij1U(O)YX zhN>She-BC%j}X3dB8GN`cZChU57E5s;MzG|OcKlm^TmL+RplX(+b|qj;X_2iL?Y|C z0vg0hs)x zJn4lWHPsd(N^A(mKB!#iErQJ`rG%$aY+Px}n}B@N9y7jm6%hTsbw!=R->S>hiT1=R zc(0%Mc5G7em(=&Rm*pJs82(A}wqN-5cS0BAkD9O=>kA}wqXVQaX{3H$wu!EDB2q@>{=5~wN7%jEcRy;=%bdUyaXc(E2&UI}Jj8S|)=UeOJ;QUt(c3J^O}zgn6ltuooN=8-XAHZA8C3IU-uHqk zaH@hh{IXh}ey&fgcPujz5eY8&jWCZb%mX&uC_=PMueWRuIei?H?`WX<=U25;@%m1s z@8;B!%xU&~fC`i)DpTS7FT7bo^GkOm zSOR1`UT9b5n+~LvdBdi+q95F{;QEi~^cw(P-THs&0{O+J{I9nKCSKgbqAZQxa@T9I zC}I&#+yayZm`1^1XyMi6k{W(rRn9|+U2o0zYK$(0Y2s{njh>?%%;eWUZ zh{B`HF{hg;UhKmfs2R4|%nL_X@Y8G(9u(r=8AgyHNv%bb6xfx@2qFIaZ%6Dec2TRL z2<%(PgrRSvIe`?`kS|Ejdno(C^OQQj0?gzQ8B2-q3}lNH2v;?~HD;5D7fr)JqXRAn zIKmTz2#>5cI-WQB-`b=85b(d$!ERq#w0HBO{*cVAlbT}lcPnxhg(lxsxnX*ugR1gu zUck@n^R~Q^{@qaQZ$ZN z_)@uTX4}#b?vt5It&X4E9)|6{*Sj5fEEw6#zJ51XB%=$A+1%fz?B~N6SCxn4Dg)f0 z;XaS>-P8JZe|_eqWr0#Mr1miUQ5uJ{6a#J~W+Qd)MzobK%a4E%1AD~6DX8g6-7>Y158wZk0Bd?XEoseae_co?3%E;8j!)H4VXyV%w|)t*y+3_$ljv)a(EV4)aD6D^E3ncwh{9L%Mbw%kWC{B8!O6Yu(O+aESMW-3lYP zN{{~-PlA`|d=#%y2hgaNTY!%MzB|@J9pX6rtf|WWkD+|ex^efebv2|%F)lYyMrWuB zLQnRp%&ZwO<%W80cc&g$z2(05Gp5rX0RdGo=yERS<`4Hq2X!(uzsv5A;b55nw6q(%zL4=a!Js)S~UYXRiL8s zA)h})-q(H(_H9KKcP^*CZMojPH;?q?L34SWderXS;ieayg6{k(^z-qEIU;+rU5uH& z3PqOvJlyUU?m!@kczeD2?nI-d%LU8;W67Dp?>}x~OU?<>aD*`i{Qd7bph1lUx-waG zgs%HwK+OIx_${zKUOr#+aO-NOM}(8T=hhww^Wqo#39Q-mx&7FIBac=7xx0Lr9lic1 z;W=qH%j!Hm7deVP41-t#`5al2v^Wbv=s%T-fXnH^=DzHnCZybTPN$_(^}w*}-*~c%1=1_8PMtX2T=$QtI@_#HYgLG#!*dY;7HSAAxm)2>(|mtuj>LF7Z0?iTx1A02dut} zuw~xXsaa^>@BS(w?Op$(hyFYAfNAMe_M;aMld>EC&;?SAPxQBtH>I((_nf`7W zzGVE-&J5vCkA?lz2MX4fa-fu8y_%Z^dHA08#`Zzw!)~ceO?>jyYZxm+Fq*TQ62)bM< zyVbS22!3SM`nvn!-2E{G6YIn9ljwf8jdrl`x&K<>K3$uLixSsX}oeZ{UDDCy| z3q-yuq4)2gTz|eM!+OY#mQOLIy=MkjFF4_j@c@ zsq~dlOS0NTlm&Sl4HyQpamJ9FDg7PE4eAL{TTkIiVk}Ca^5LLIOz5IGiKpFpvy9yw zW?*9WrF<(uj(DFMzhnCdcKd(imji$w3s8LR>edAkh6nkZjiY_p;MM=+Xzi30iV4Z3 zfS-!7$17j%0yjKtumiRIxBsl$p3rV|7X2egFAJ!Ol>BpIy^%?u*ZBRM5Dy6V!#KYW zzpv4q}JfRgD-cVb@^)VQXUWvb6 za(|v{s0i@LRpsIeY46X^<4mPAZ+Q5RGDf;jp7xsK*7-{BIZ9xVKE~Coi#bz>v~9IM zylU|z8yb}ptx$&%KX745_GWdO5BQ7&4>z>?C5|hHKazobm2t?-{gh~EKEhkIZXpw2 zehk1kBs{*|h2Wesl8qq-J~zhtUuiDQ${RU)T@O1R z;muAfs)&jw0S}j9ZF;rP0|pWPuWrWZDS(O8{?}Xm_38!c(!ISkoKDGUJ~vN6(LYI4p%I-7tjmzFoRyQmvl>zJ&6Sns7>be_~pOo!hP{|sXMVgSwL_R zO~H3XfJ7#r{>HaX)~bLp##&@HDpvF7I*Y?7$E{1rObxtaX`-GhbXj7da?mxgi_o2Q z{CK}Xvl{vRK-%^+1pHsKN7A)Qzclvn9#comh0E_=4muN&0@lB))naUn1)>oPH zfWyZ~BItrqVjX;(X3k>%XMthSh&U0|NfEHXfrkkDcrAnQ@{0{jovp6^(5^EvA{njh zgP}TE8!?c1FzMdJ=)Ov%DSEqw62r$uU0NUhNPt|BkisgSzTQ*(>)ZDf33MWR-UnT8 zLw`qZVOyeZ%`OH0Qjr3Fx?pwn%Bq9tyE$dX?JB|Ev&P)imqd~KyO7^C#c&eQxMaWr zj7Neq(4J#fNi7}-Qi&c5?4RO-PLYlf(=ix{mVSBTySd~8oLa)%*Y)aM66I#hWl-CD z_au4LNqT)AHDqQdR+OeFKG(pRB3$M0DK7{RLl@}L)JYW)tn2@j;LXK{$}HRi|n zr&Jz8>zD?+t@1F8q~7#YQiCrkw8EnZDAhz!tm)a`z@YPVWg`CC8(?84C1$=OHx<{Z zE1~~*+8RvMB;!AeA%WvW7jV&T@h{l+_l^7hm+RJF_MK&^vpv4*m3Z@YviwQK%{S!< zbQ+?(T4q+{*+l_*q(|B>h6Fm1-K7uKPGf7h_jP zyg;r1ZBv*HreqvgEz{E6dHx~q=(090+(9Y&j^}5qRCz4*?k>~V8dhl) z(Oc2yv3>DIuKW2;!c3u0V8w6^&d>-igsz<$a+}lvA4pYPiIqpqAoAfF%kHG};m~Lh zIQ`S*+JMNPWg=T{8!*{0=!~@f zAnUlmOQLKNW`4u)BB zc^da#xx6$v#H?WBHTFRd~LUq7)DGI9LC=j8{Zg@wu3*sSIK4E)dH=X2=sR%dp279H&ONhnmi zeRlO-{K4qZ<;4@Cutu!sBd3T$?zC*&>eL_ex!|4R(v;QkSFm^O|G5yQ%y zWkutWdED*j>m86;LkYa)Pq(?X&msD}9;>jR?#hEBXTeRXt$8pyyy?~1;CXy}J|nmJ6Z{ z_fpA*Y4a*UTL?pw7qe0}{LNIkHAFp3bIAlp`PqM$9skKklix2*jHOw}xIT5GVsEQ~ zsXFNRYIf3SJxvLZI)c~z-BZ)Vf+{- zgQ^zM4{B8f%H{j*2z9y`rMa`SKDLL?t9<1s`Og@@bl)rS;HT$us#qehTj_@qEz(osNc&fH*W2)H7Sj_>(p4}ar6W47oQ`2$bhEA&uvwmY)pc!9+W z?fyUidj=R;a9dbcA;Ilqy4mCFs}}_~cc*TPTw7LYV!5lkLDUk?xXG2Rlcwv%?^Uj^ zqUVYpTmp1vIO8H6Y?pf^69qIoSt?$yu@QV&A{wH^@|NTGyKRIUWnYXTF@l2w5hn6x zh7m#-M)nma8{bMQD7>4+kiRWWcT^Pz9EydpCN^;1+bR6*>ZqRhv+;9n;>luQ=yC#! zFL#xhF`$o(o?K?|Z7%_t4c7Nhq4^GB0>6a!>vuM%OhbJG!<)-$UwF8*z`0WMaK8iB zcm2Xox`SMaB1U+m^vj59byHeDzH-U|{W7g^)kNbVsvL4{dva8{tGG^TmGVbJf0w0u zPhxd*e3PT=VI&j*p1%K`d2eUIkqTIhIcECqD=8dg zDFO|VvKC&iFXP9@f!6!iQ?zKQ@FGW&pt+B0ACofl{79FPeClo-W=>M(aw%g0#QyQK zN#9X(qbOJk6|@o??(sEJf>o0s3=)U^D%+qo=XRe(<+_uUwQ4?mL480gGA0@7S`F!M zQSKeKI=VmRgqq%YXzx>~|J5$R>k4Ms#9UIX^?oG2@?c9Wi@V%AcYWPv)*PL8Z$E}) zfvlgkCM}%}#M%g)h5A^DrT~Rop!FmA21%;{tiI`N;n}v889Q0Jpd#sTOH*Ltt~y+z zkVMTxTXbsH{(A_G2oB5-2)SFhB`%!5j@vzzvZiRmnys~~sRP>|L%ZUG)SK&qV`i4H z?EJf73yLFF&8uE&ml~s}hmatgZKH=%yLJvKe8#k7o2PNvB$?(G*act7Jmf;_dK_ub zqSI*Twn$w7!K{VApwzt|5JrR;rkgjoBA_$YkQaS+UYd$5JC@esmzf(rFBT>6B(D1U z->VZj#WxK2T@{F9#55#u=!O;{$*Nia?sEUWO;+(bH>)aOJzemAP?kN@7vj>}wcfkQ zcURv`fg8+O7V5cwR(*}w* zeX4B8ed9P7%c$k4p~zwyd++`Pw?F572U9?t6G*;J&OfU3PQIxLW0V?v$_Usz(hRgn zqo`Q|Ov{1hlizFbLQafXopg3C$D{FB)+OD24x|GEa*uK2Bf9BB(w9ovaD2bg0r|bm zc<+|C;X8|6MDtl>rZ+-)tOWH_ixl}@cg6#j(2`0L)z3XfB(jY2Fd|c}h{24=pTreF zN5k6_m3UkG(SyJgI239=qjO&$zvm1e)C`BOjX#(3dY3_T0AtnMnF6jxU~$ASy;Bu| zodveZS$_PbE~?QE8BFmB`5yY=+A~c|&`M#x;?I=eFFvtM3Lc0T_B1g}mq7Of1GV1_pIN*mgK88`fe>5>B0#tEjR-YIr|0;w$+j zzla3XlJcL|UYCy<0SZhPJeC^diTe)Y_WEl88A#cIij}EdtUd}i5Vz+6tqnf$XL%sp@iT~so6%uEbAqW5n z`Ez)9<08zX)1A4}MiNip$C+a=T1{+I5-XJdtrBoqCh)BT+BNH$NTI+M2d?{2nn|ZQ zS>`Hk`HvR!d>_Xv|A7u-RY}_llbscb6v^(+aw)uXEn8S`BIH|{sl_UZ>VDcI*+Xi- z&gwD?!SE`cWgavN1YRQ|<@0*GlkPRcjbt$6ZZ&;DZEWg#`ge2CT+W1usqG*NKGh1d zQe#ydZiOh>7}i|d6keH_{)#2k^CW#RJ<}Wh z`PDgl{IDv8qy&chZ5}BYq$eF-J&=umzk z;^*^l-n;lvE}L>gTr+TLRJ1{og_<1TgJ;8|I7`}iT#+EcL)tf2w^Bu+t0ItxQ^)a! z8pt9+R^8R&f4@~k8`-)TWM`wp+j$1Dk-XpLQT>-aPD#XI3D|6p zdznw$>7_gjkpelKgq+@YCxh|2y1Ey_ey-Q|L)$wx_P@i?VuxM@BryMIbM42anff~v zF1`OWaK_3aoGlxRk52nxS)*utC&5G5^X)+R==5*>0T!&>13ytU?B{ggHF#B-n_|pQ z`0b4tVJrA710{r59F>oOmb?ZTS88{6nA~o&wDqFP&!@Susp;HGes0d(dY zTxz<|G9aGE7nVMr9k$}D^w6@GQln}bL(eh*H|=dy_=(feKwTG!kv#2drah;QT;9MQ zER>f9?{8T=)1qS`*f2yRIA-V1X6F!uKkUIB=DYnI0^|r0rVkGVa@5R2T?|>;x_ui9 zCkK;@oj&i0PI2H?Ba(f~f4vshS-b<(4G+|-EonL(#bPT{tjr~ZoBC`RnN7BwW z8sU9N3PBFJFk_(A)fj{}2kx?*odDhjtdnjI>kER%yzac+;Jrn8GsImH?1^>gvLifd zneKO;3lX1HuTJq7U&vci_GB*5cv*cE@@diyocW4~YyI3ACdzV_x6K4ob>XdOapk*s zU-K(iq*up(`DnFmzLgsMxB`1|M+Oc|omh*11O|8_c-Z2JW~TLAX>A4H%zb+dus%u> zCPDGInWa+=N2%%|Gp-3U{@->bm;18YkR&v-O;*9*!tbW`UxGc z>z}*k8?cx=7&UzRrtBuFH%tM>&fG0R6t>5EJ& zf-FLdzsw%L$MzeMiNor1ELr5>wyH3l(!(4&=w(VcU5Mf9IQ82?PGW?}RURdvw?ZNL zN2%>*YS-^_l{BkeD_FN}H#0vYwAsNbJBl-dfTCLoo;D&gfA&BSls=&7O}d4&h~5D? zuj-^VnjCKL*T|KC!)14m>6g?AJ4vDQ;Eu1CJ*^9JW{7anf*jJRf)Yd_l*v>>9keH%j0l|=roRSFSCdqdic(y@l!kxFVO-k)c`KSEkglY#9i~S2UuS}9 zfKmPzt-aG^H{0&LKA&GIi(Y)?>6F)u*qE?YGrXcl=EO%JOfc4dyqT;53}tjAtRw`{ zJ3W2hh|PRnHL1s0ggx;mg}DQB^UnSk(XKCI9tAvpl;01BL5_4Cqw_a1Fr-2rSG&F8 z1i{n1#$XT>aqX|K@;^K@qgXIq(Ql_SgA~|r>ZEgA`j@2JoA)Csy@`sV4@4x6WMNp!6 zauX&)+4W(Z{kQYSKeJm4l{-FFJ_q~U8dUGM*?blgtAE~jW-vAp-y(k81@tQe%n6$n zI!M{*LpgMieIo$ZFmltpYls4HpD`pkNzM*4ennmOQi z|EiugzRPMBrP0>XHVZ!p=yQ}2^%+J>%{gBnJsH)+aq3P?O;d(uWK50`vFPAPnCYAj za|dm|e^dSnv6BAnP*t#u9c?6pQH@C5)|H&(8l7s<#y|lvWzwTv#o-$B^5B(o{~&8O zWD8DX!v}g%U`Q$stIi~C4psh2T#D2~hI%Fi!le_DdpPm zYvD1ndpxIJ_Q<$4>LDEAq29ga+)>F_T!z_Wq)~^lWfAjsPUYsgyDUeq{ zWl*73UBbyAEtEwp>9E-2^Q0l2miyy2U^l}BOA2)~3)gFQ4_e9t}B)QL^B?Du*g*gm->bM#+9AzNlsXC2UhnvhR$&tEZ>W3&rL-C z;#P2>X7uTJYdAZBi@5-~(&^$8SD?8aIAJ=*4ZGz?#^l2-vuMh-Bya;S2fLapQl znp;1=bE7;sThEqsBO_H%1?8%DH2Mz4xf=(f-9_{aV)!A!x-W7ezy@|=^W`tKm^oAp zZT{@vL@;kw@}>z3sgXogD$ET4iUf+JmXcX1MIuDvoawbGy>@TP?MT^Bgu*u%ye36x z%`Kr1<$DpV+~hPVq?JQ)6j%dp8+r6>Mq>NQ2a@y7f$A6n<0WSp(apO&_NlKm zRqndf)zzsPm9bj7&`3S<{-{y3RF|I!np~w1$@P&6v;Ib!0|$wfFe1qPJPU9OW+(#I zCQ{xQU1@q{>{^WHo&{837by8^Hr&*!Z6MD(ft8rXcr~w$Mcfz>8*;R^Ajt&Ia@4I) z`wFX`6|Z*`d-$MRSJyLatCWk!C?L>5oOP%wL~I0}^_@#KbR1H%-|?^x3?K)4$~q^@ zN}_v%SMfmmG*<@@+%M>(?OK5{$Oj{)Q~u~f*sFUG`(VyylP2 zS!ar@0JLfKa9ypg2a)m+W#l&ZT=;Q36_k2PWM8U*$7HNkH$h#r#Y2WJeeO@;t3ad+ z50*phL#~DSv(&Qka%-EANjd}zb4{osW{4u%Ue|yLJj^QU+q&lg3D^TpEFG?iOxSNT zUA#u=&6D-)h8>rZwzZ7lr!zcyNw-n{n3f(Cz{E|Eh!)D;9S0QIlHYy$_Pt;Jb0o&?S<2aGY*brJ?_Mo zjiEJX?5xi-x%w&dagHD`n+&Q3E+=NLCU*6i6W?|l&QzQyiHa5~JMqGp!yBUX%48j_FQ3(!d2_T`C8Es0b}?D~Ds4DxgGt?@y4B~iv`$&Gu7l#snTP@^eIy7JfpJTmB)Nary> zeQeJ%8b%Ltz12Ei#JJO|a{U;i4`vvbqxH@QYMzWj<>w{X3SF8iSNV(u_S{&5Z6S@pF& z!8IwbyGtp;kFZ&3+z(+C5FHAg-_X!}f8pro)Zl=U!g*pT1^#eZu5Q2fN0+@-a5jHp z!1K2_xcc$9k_*MSCHW|1AE$f6SNNF?Ui9RQ>572tA=9;{8~SZ7N6&H2B|O0HN)}=) zubo()jRa7V=px)!5Oa_n9rM8UnjK>f32z|9osXTyKk^ne)a_j2w1ePZBvWmu167d? zz(GmDowpEIaql~3bvj8zH3WaRY_CtQ;($#Nq_)JP07jfQ8a(;8d*&`jNxj}gxE%bD zSPFyy?hrq8x;|$&vb-lj;Yj`c`rf8u^Xsjii^Hw^`=+M2xVTquk@uIM3B@(|iC0)y z5jg@#mTx)b!~ra}d=0iMCsRZT;iBe2q;Qy#iXVq@FX0F+MvLIz7|iR5sK{@0y@;b~ zmWW?>Q13-(#38qk1bNey+F`?W0?7u(aWZ)>E!z7(rp3%SRTQ5wQK*X*9gF-~^wNjF z#3+SOdYQIIW<&V%5@}|E5{zAvD!%uCDQo}kFX@Kfx`S_Vug?$2^NT!y?qu$e1YYcr z|K3sn8mQfsx=pr!5dy_PpiX2Y*bY!xD>?q0@RHrLk*2bZRb;*}2X{LKK@pPtkF?|$ zWhmfGpBln>`b%w5?~QzI*&LXT;Ez3A^KL6FekDR$(e{y*Ep&-c=G~{K-eL5#(Pizv z?h85hB4L`?v!qrI^5rphq0*a6-FfQyAa%rt8BSl~ITThqb#ZSZp6Ag(uGXhehoZo+ z5}LefFZ95#m@VQk!d+5USxGfwwn36$q}m2CB#0@SGuFWN`v25)-GNa5|KGe*jwk;ivQfArcc)7q zq_in(Uq`Y7bQ#5&YKiZ#KASa~9wR$PKvjcJ>17rjvk!JxR>D;Ym06oQL=lOY5sAw2 z3c?!FuTsOaIQm>(CZeCdI0YsTGh>%^LSG`z*B~b*t|a&hF}hYoB;DJCiiQvKaW#Zq z$Yg9}cqQ~uB#kWs7N2((8@s7+4S`hofo>hm%90;%IXiI!Out1YnG0(mUSn~?^-LdI zP&ttuQ*dTfgb?IQ)RVOoCpncaxsR1G33Rh7tv?0TzFxenoUc}R>EZG1@5pXuErF)o z+iKL+!V}T-0O%XYYU%frw_j8Fa&NLqvb;$7Y(bK><~jqz$tycJvvd;Vhs#uWcDO($ z!U`0Z>>h$HcdTrvC$P6q^2~h-ePKg4g8Pe@C#wCtu1>lpb*=z&lAty$*Ujl+?8BuY z`H{4WIDH8N*6~4Xb&7FDkjgdf{)NbA$v@wePSGx9!HXVMsziO={LGSc7-S=jtt844 zCrgRe`&;3^^wiN@mC+)Msw7be~4+~ ztBa_B=hKB>pQJ*dJ<8-FUG}#5Ls4b(w3uPw#!hwTY_kQbF{^#n_GUkrPKLxWn-nHV zo{TVViSq9MwmDYmLRIZh=h9OrWHCdwX)JpDa2M2vuqnc3BKaJmRzc1Qh!_zPFg z`o#}=xr0D@GgEo2=G!a!NoyUMoAG+j?-BVq&MJ&I_@9>kxXk}sqNaN{y*5d}qK^yq zhd85xe)tUm+@Gy5mLqCp_d(L^va>hf^LAL#W9ozR!;4D#N$}72$nr9jz|YW^dJdQV z@f<(@dX4h#FRDrnx#4&LH97n}wQ${Lkp33aU#m3Y{ruu_MX^#CWljF-A0o`I=Z%2# zo**fJ9?j+?*d%G8dpu-qp+i}%O8DgPOFT=`iT&^}A%)`DHg8tiyNKUAsAq2zHg%kR z3mycJnt!_!(FuZ^t&F78X92F>uk6W^7dvgH=SBG6Wynw0Srx~BfI=x*G%FPpw%$BO zM8|zJoWwd!GLi`DRk<*?Trh4CcvyEY=@3p!l6+4U+MwV^ zTx?g+>PkokNp_@%>y@rNaXI)q)v-oqiM=;Z8E`%0N1j3nyq<;fsGYE;A9o_4t#C2g z`xZ>X{^|M$pPPA)FB*P#e@PI0Q$rINoKFGAo6Rpu`C!@!Mu|7pU5lu1C#qbCHz~A_zgFO2Dkl%g-%^xTpm=Yl@NBj)cyPKNA_m_t>7CW+ie! z{LQyOrO#L1h^*PtohQZ_?K79r6&XuV;?V<1s-o?>ydx*Rasqx#FO{Y$AC59%C7Uo$ zPYuLiiGu3?oxt)0WOu_n|9&SJd)RyK~*~-Fj@uuIYs;+|p&BIH=rac(Y{;Qc$*#NQ~)C zI_AAW;1vK--kO~U_E}PLQG;tu(HtL|ghgLxabvU?4&Dss zMY%n5d7{Q2-~n@25&Eo+_WHa9(1~@G2VQ$u2JWIrMbr?}51}WD&-742IXvyN3CGb3 z;5h-wlUywME54d}P+#KNwBvO^SZ0@5wMHYBt)u(^l`T1Y%3e8Hp9oSKKF~icI#FjaF@{!rOC-9%Ve~Z8K+2^i4gU-y_iL=^AO{01J6Ri zxPRO|ccKDSN>X9st8OH*6VDbqkptt89Cuz-#Fe{wtl`5}Q{*UO*Su-y zA&|h3Coxt=Uc=OTuEj;CKrJw!ZcdSyz{v>Ov}zYAP%o(z^1ILfVvCzW@Mk}V(IY_q zuls}23Ss>gR)()CRE;3}lg4L=se<_9-9t~G2GX5opjQ1YEsw;w_ZIJFM@Q5JmThcT zvS@w1m6QVr*%5{MPnPnJhG0G2^MouN!xNa#qvCfld{i!^?fUTU{W>R6yx92p%0w#S zFh2m*3~_`+VCKMG+9ywjPs0cnV+EWqf=xSAOkA>XVt;?Rc&L;h++y$z=7nYoY1M*U z>MySyQ}Vv|Xur|zjOu-k*n4RTn6-pViK1_nEqMjbt5>Asa@9?WrYVW0&1kOJ5&P3@ zoobVN)-=R-wUb39i*vy4Gz^?tA<;8qp^Vr`Lmi|}w3S4``QiS}N_Zb*Iuml}ade=G zc%5|}#6iuA$xrSsc;io+jfeSes*t!`MR0$+TSB?Bi1*gBuRYq<$(e5~l9Hvu$_)S{ zLUByLO2*%j&1RA6ZE}~H1<+^-VM}XRIc`a)PxK!_y~@|j)#U&}ZNEA?rtY5K^bs33 zbP9XSciKwN!@*kMxpz2~>32Xg9PHYS|2&k}Vx>Tz{uu%uN2s8Ssg?>A!A%E77gL2E zCr8?CcA*DodGYw?ku}Sl9W!Gt3fq4}`t#EKn=Iemd9#J?c>^Aa)I{)TAx4W=cH&>s zEc$XEW1s-S7-Q$`X1m&4Q)PovNq9Ma1&Ic@3D9J+)s+A;`B$%q4 z)i!E|>|K)7y_}TK<2^aM+$=qRR+~1fpWAa=OZL@@>5M(dcvHWV{1$viv$MN9u5Er) ztIK$-(DbIbj=$e=!y~oczOKz1e;DY_m>E_S(|?S>p+jJCncNK*4m{K`>^+g1=K(<{ zU~zO7q$ZZsENAO)_X*w^!BcXsj~z2NT$M8{Oa zGpaIP;Dvuq2Rz2uaFF3>Q}fg5@-v1*NYDmveY$pFI!xtxt@jX>5>oB-CVWc9z+T)D%Z|<*-fB8uFr{{lF{=99gAYpEit9} zQ4;mZ!MP8~BbJ`W+)P(}Ke6Fkj$z~YRhr-VDa6Vl(J_V!H%6G-fP zB}-KGjbQQI%YeX#rtTF0_XGuU=9}O&h>si)axri&RhM0j zwbj_bo#}4<`ZgDSgEXK}wD&!cqN8Yw0Xv0Mp`XU$g83rkw(mLW{LHvu6zR{1hx*q^ zOanVWCqxaFqiXbd^P(~~w?U!y+Sk+Xc$(-U@OVM!^9CN)zSUg?MD1!Pwezx~Hk7nOe6a0tA z1c+F&IXDAf2Lx34^ft6^JQ4~c0i&=r>Fg#GK7TQ0P{ZB-St!>-Mp_4a^|+|?YAZN` zv7Sr86x*qQaGqvOdR(#V8I}b4`qrg8FA;C0Jd(*eJ>IF?si{bj8vVJQJoF+e5Xooj z)dIvb-&K%7i}HWns!W74JsZ1M8N=`=O|grZhrC@*rM)@Ku6uQ98{xbAhIZ*hZcCn( z?t5N{^|5a)(#*ONFFy}LU44L#v@qj2a z{*gN@PF8X~7zL9Bkj^6 z+q^NNSN_pY%44u5tB8(8_RXDoc}(awsU31_>kZoWd1w3Co02izjYhe{X{O3R9W$j6 ze=&0g0~t3PIRyY55h9;{f<83g;FnaI>(;NX;bmLbWG8h;Ns zU2SAR{fcrFJ0%)xF3{ff2ZCP1I3^I1%|{p4%Usy(FUE1B@3 z^nf7G8kQ8dHOL62Xqi;fqXlf=bz8^zPhf9^wRk|Doivi&TIl76%ppCrocD2!k%`UE z9>7iMDcWJd3`aqtdRo6&0e%TqKoF1q_}%92UaA|UZYx4V~?%5p$;yCv^%O~m}HQA zc!##kV+5lPlUH)m_J+};{=-;AOcv;@VNzMw*4mv@(aTwcA|;TqP{Mmg5c8x_-CFqM zcu#}(m5Pu8Ayno-c}ai!aggo5&c3X3dq{8dTEN4-7yWUNj7{dl_DxAb@kq4BZaSQ7 zpuDc5)Gs^Pm2u;wP-^SvH#=Y*CNLiP*cB^(!+i3ET zW%m2J%qu^Xw*8$&Qkfn{wh6k+2rPyda>Zm1^1f2@=0#fUjt@YR}=1I}Ey z5R|a3VNElA2;tOu<-VP-O2glV0>z2Kf=#>?kDuLJe23sYQg0DpVNg;Ezpnzw=RxGZu|=Iok@_PJjW z?!;mu-sbY`{?iF6v17OWu&hUy3z@x@xPK1$s?(4FzQ}gdZ+St(SPY&hN_Mt{0N64>>uOq^^uc@LGs{%$WT8{HdSIo9$syO(q>awaC`+d-%B z!48uVfcN{&uDn0o%{OEj!$~u}x*e?UV!xN%NpB8ActUS;+Mpe>VevPWO9ahBIcGb* z^zco+G|LlL8+TE@5R0pFu%O5Bk-CK2*P+@Uw}y~_SyuUW5IUEkmffV-J{!qd48?0-D2sU zb4(K>)N6C5GbYBke1#)vj2qjfG@CeTkAHlnSA0ka9iGG+>A%izs`eHiGSsdZhtEoO z8u_19D;IHMia5CPL~R}2s!S#*oR#WiegiYjgx;*Ej{3{YJ<0)-k^Ut)6lGU zTw|+J?WTfsy2{ZrA`r@eVo5616<-nibizdFj6U(asf`l{@=E}`f1Z zp%;p){!ON?Rt_(37Oahk$$p*UYh`opuyC-Oe?2+4hRb}l53|?*X|lWugpUD z6x}#k>b(=k9gh;)IH}Y`o%-wbIFPir&kZ$&Tm!j_iP)NEzUO&t}A<6)-MqC4BA7lEPfR|BR%7dN+@cV;?KasT<8{ zA?rQ0ZzA+o`sp7Ti>$$a2Sy1#dTA&zz2gmt?gMgi4F<@?!lQi@&OqS$ zKsb$U$}3R>SV7F3yIa-l>MpW`oAbm1myBLmXB+ z|6o>CRJqK4ys#$hv9DK^X!;5FFL)Kt@BEB-fzH=d!9Y-s+*^fMF)z+59qJfj^xl^0 zCb66*Mp}N<_boF}_9(v|VL4UubkpnN`z^e*xfOK+RMt_aD#E&XX3A+MEnhwT7!tG#{zy6#5xKW*K>Uv_pg@VljAFtp_}CqzQ=kLEAV|mFK5QXa z^wrp@>BD|~Igrc*etAmcT-#l(tdQF`Z|ktV8BlC<`vJV`U1ZZDSkrCw)cjM{+EsMq z)va)qT&qS9eMFO<4#K*fCFS5Sa|@BNDGh=lT_oHDvab>9`OhKf402`SUSst%o;00R zl5fj?Llr_3+#0Y`(YNe_I6OI>#5g_M_{E)7zTTuUs@i-2jhe zIz2gHh3@0tDl;Q%e7(M6t#9Q|cc$8OErTztLVyC&{%ouJ{5@ZPP)W{(W*6@lPelNk zlk;;gJBvKF*A6_2zH7Mu4zIJZ?K&e=`Is3SF!UFATAjth5;O`7S`B}XJ$nN1q8|u_ zZ7YfZv41m_o)CbjW#qgPWAI}94^pj5O}jq#t11TKh%qDLrq^zdkj?X&tCV1=cQbi~ zXf;jI#SoPSp!L9y z>!hbkJH}|AnN>AEG0lXLs=DeJ`Rvn=>SEV^PxO=z`1i)ehRo_T z%#7JzU~OOdvgVV9jZZV(buiHOADMgswLi=NdYT%lv=r~S((^RE5(~Dtwx#q6vIf^e z8b@ImHd(05P5snRIGHiez(VT?z+{J@}+iK!SN| zzw->V9fI(oS6)K-B|Ti%Ip3bX*?M{(@*aC`Z|WldZ?sfm_Jmd}+HY0{&uK|FSRluCMl_cm~S5 zCO8C=uq}jgPQf221vR9_!N8v*8LImRPOXSxHk=sSq_ih1O=Sm?9x#qwKrT$Tu(SIx zif;pv91K27Y)-jDk6ydH!L5(kWODcyo9iH+|N58RSw;Jy(Q@8QtJKlHivLoeN(3wo zyY=i;9C88p$7?i^2Nfsw7W-$nI?U(N?vWiInZxl!>^g0`>pQf?0#5ORY+u>*pbxF> zZQ?ME^gZK9QDwH*sWm0k+$XAr)*j%~wt_CZa7_4J+_IYXiDV)Fv}z<obE9faY%}^ST$@QRGtD>O@RgeZ zMI)4NOaW|uGE{~1b1jnG99b3cc24^qcCYOzE_PL1gRq?8@86!E@F2Lz`)h(zHR$^8 z*+Cu}E7kFV&IK@Z?700e^xTo~Pbw2~8I|Y~J~r!Z&0ds3W~FO~92P>mVqzM2UN?X# zde1-+1U?Yu(^xS&apgsl$`jUwsZT$SJnULRuEah6zP48&U%Ky+=NlBp1-wO`9mEiW z=A^V_Yy4~3usntBcXJw~DUq1{C|o*-=-agO^UGu$^k&ZtMFPpo8!dBqpXKFR-sE-b zNByI%W}FVnMH=qM1kl;#XG{i<^sdimv4+ZT7B>-w5BOq}8Q0TW#la~wcec624WC(d z?2g6JRWbWxTyv<*DFwP^vrv{v6GDL-F2z8J$wg-bwEY52#t0)`t7Il$i=n2smSN>( z?3CYlYh@#;t6%4xuPx(RZ`{!dFuYmn9(8>M-Kb%JN*e!uVHm#;?6Vi=gloBQ&4&s0 z(iDYIo%BZNgCAkr-eKm6989y8^mYO}O(%uCA*RBhhH@tgj9L40A_pjyoLil2n}aZ} zNZ3;=be<1KT1AG}#}KtC-`ZtRLuRYXQ(dnr$3v%Sn}^DwdCDm-x6#`-wij|w6~_;{ zyijH{jugWKdHQ_wzjstk+Icz;^20cs$ya+pHvX>8LHMnuOZ5KM&y68jQw7{(DsMUX zHxgWYzdh`iVu*)DR48Io1V6gQWqD@(4IElTKSEiuERTP$u}i*1_idhjhrfu0mMzEX zZcz&F(n<3XZ{YtyCdp?efVtU6yu2ElXBYaA_AEv(5$b@DnX`G~@4s`$MWY?gW%M+v zQjmoNbF0u9_`Gc9T+vimf9GaKmYR@$?iOF zNS0&3&4d(|2(f0T)EDofFJ%;r5X?60bAJ5djm?~PuxEd2SC$QS5RHiI$ad$V{+6Tn z!ui7;P{j5p7j@WZope6rEAQ*ON0D>3B50(E*Rxu@r4W zC-a8ZvwYcHC{vYV(m^jIz-$!wzy`{O-aFTpOz(DE1=t)FZGfY!kdM%Fq%nEVCG^I7 z+#ov%m)&eZ%VeIQFnglPT8W|aOC7UX=b&7-(Bx2U8Pqj+#Qt7oz--g(+(Q%vGClLU zPKT6k`k=(rWOg%_ZEBNKKhL0FCHPk&c=wv|&dIa0R_lPGlWz%{>k^PZszFzl(E+3G zDCKO3`VDRL&vsh$+u0=s!mj3mk|*lgsRB)g9=uUGeA?7UHtocGUKL(bqklUv+`oWo zpU+#qlHU`*r3*qqyD&GE*Zs|Ldlvq`kuOs}EDz#v3KEVM(d0mmr(dTl*jxI*W^p@AyN8tP=!1 zdYbBcC=lAGLNh^}fGHO%H0FZtGu#W=Z}Iuoq$ETj(zaT}Tuh@U*44oIM=)zBpcAOY zGny6Qu`4-|NV2ihfqd3Twn4~2;y_=o7RfQ{kyaS^ko6~y=8blHtW;CFtR|hJk%OOY zP}{R1vFmMGkmEyXQd50GE($LU0Y-8FoP)6hhk~&YQ2JzTu~X>KO5oV#R{2}}Bi#;i zo=2^XDmq`LZk^GL`$jZj53UIRjeOnS8@N+28m39|@1_^UV?FONyxd-C+cMY=+M)fK z{`qmIb)sd#b`Xf-eGmQS(~5B~FH~p)INsscSIaLX?)hr)muXpzaRZ_nk z=ItKf1n6e?{B}8p-`nDA;u4T=%4`wJ8EX3KTxosD+SA$7PqZ^TK&8U2I>*n^xVkDV zN*+L63IDV+xZ>z}_8IK$)GbdTe(0(qE1|gPle($0jF&&9`wUkwd`O;}=m4yi8iI{E zZZjTK{?}zLLT*z0`Z>14N0xj%3FCTl(|uH_Z_}#6i{}4+7Q6QV@C2Z8Fk)jezVM(4 zqUn<76L8!$>*MrGRhF6^*pq(a*i9BohV1*TE=O(Q;g(|o!`$Jqd!#W%LpV`#pNa4w zXj+=SFSII5(lC>|gLKPZN9XFZx8)ex8J#@z>(Oxvt6rG@2(Fi{HU?S;^>f8tH(u@e z=-AgAWbEKfp-sR&Jx4*<;EnhKct~I5Y;;R|xEh?uivqZiPhRk^2xv9#vO*WYw20PR zkgw%16$@^;3Val@@W56LNJNGB=tqQw}vC&Y58vpO7!_b!p`qOb^%(70E}# zVY4sk^P-8MF*(L(!!Y=V3@76Vu#M1=r_#k_PW4IjB03H{k6vPV+LFyl`s!yrSDbi1n5_x_T=8(`0bsTSjrd;{jRD@Faa=LB{4SOG zRh2FBUMA;qnD69cm3Dlqn>ypa%uD=|m%PZADZRb;Gp|l9IQ}#fPzgmR&etZu#eynW zk6w-%tY2McrnN%Ij1bx|h#3Ajh2dwal$UUX8yAaf`3J5mg4EIVZ{n9kA9BbyWIjV9 z1hsj~C!=Pkrq+`CgplhenI|g2CVSHJqsvG$>cNx}lUGo@HnItbyg(QCZG}7Dv@2Pv z9#b=lC31W*0$!L{wb01z&@|T-r1jJBNhjgk#8#n^8aD8Xc^&$W89>T31^pFO(>LHpG7Fuek2&rEjy}v@Q;n8V-pr zs-Ke|=u%{V;lUL7ssE4iS|I~wK$bR>K=#|>psM``{E-Ky4Zb%F^7C_AH+e(l4$UuP z=`TjwbKRIPE0lsMN*fEKFN-c#2g_K1)qn0Sq3Z-#M@^=}o?ovzF2^s0-~m zL-E7$NiUQ?@(0*`Y`b7bYh#~y9&+ZB?&K?*@r3$dJ@&7Yx@eDRQiRe#XQ`r-eT=Z- z)_({-0mY5|ONkH$_0yO45g_;nkjgLonAw(o%wdm_O=3#6?l&=4d29`E&9Wsg&hoz) zbCdp!2&F**Qotb)IV@^0Lr`TO86{;DS*A8ylrH|j^SZ#sDWCY%z$kUOr2{m zmy>N-BP--WOlxcmzBK|S_{}oJf+xgnXV_K(v5Zt|#mO&#sig{I-wDNgGu6}fSxkBp z$o`c_Z(lK7@_mTXnqb`Iifmr4ms|#J@J5PS2XJhFjtTBgSFZ|nKdoho0=S7=Y_gJ> z5Cnm(or+d5vL-!ji+i<-SEI$^o$wDPq%}8|pR%pm1mL~#m;SOsisTr6_X1?G+V0>j z#`!|{W>#mhlqP>HjxAp~g(>(00o@ok%Nqr$s13vh&mr-@OifM{=s#O$nA_lK?TIM0 zO6&t8U=D8x;3;^K=ybZ_GIUx-_pc*| zW((#EPP7M+3PFBhhh7vrpK>&WLNt_Usy_(gM6Ypv6WkO{k~|wkX83D%09_^VQSbw{ zpy3=mJ0#49wk;KaoEw2Jv^!X1LdPT(g7ax1bUv5q&`YwRsgbLeaj@7C@ql@tz0zJ+ z+Z}6Fp+7AIUVTp^q()dlW7Cd`P>A9KWUcPTjmjZ=()%1Yt@-lxoki;pjj#|)w#uz+ zC5)~Ur$dq0$LGD_{e1N;0H11LW08;R>To(Dld`KT>4VjU-k-Curge;iJUpc%lqFXI zuU>!N3XH@ROFRqmoVw%}!T~W*BGS$wMM}ROwBs?%DXE7_`x+p8;zwd|(XC5>)I7r= z?4o~v1dPkUDPL3S@N$oAjqJ1`b&0lrH!U}1HXfx=ly>soS~xOKEJqP=P<^ZKH35PZ zj00d@`uRf4K2|wi3>YvxHm2Ht#3;OUMv;Q5K;>xT40=kuG_1 z%bN@KJDLq+hydhw`om;2eN|o{5MnePvbK!9NP7qSf_tWa_9LnyPd^jireUOs)IT2} zWOYiZfNrmt`Gy%6MKjQ}xNY5e^91yO7-${*t{U-?edzGE* zVJw)dnJapdNf%6`6qK!7qmnfVS}Fi1Zs-;U!GSG4Fm#s^J?)Gv+H;ad9nSz!ye{sO>%mjnfLK5>Tr zumHjbmu#nxuBtBDqANFq0T3P|?ct}o5~ppC{}X)o1=e8D6S}T# z`BA%B^)B`KzM_wkGv$X02=5T-eF;0Qh_oMjkiI%IU%2C-b|^kjNW0VT_Lf}LDYkDk zHu}nh^n2b8?63^FdU~z^^w@=PH zjN$5ENup$7nJPQbJLC3UgSXAsXz$qikd4IuZt4h1_{wFfNZGP*AzDvaa0YHYP5C8xG literal 0 HcmV?d00001 diff --git a/modules/common/tailscale.nix b/modules/common/tailscale.nix index b1bf523..5f6c197 100644 --- a/modules/common/tailscale.nix +++ b/modules/common/tailscale.nix @@ -3,6 +3,8 @@ , ... }: { + topology.self.interfaces.tailscale0.network = "tailnet"; + sops.secrets."tailscale/authkey" = { sopsFile = "${inputs.self}/secrets/common.yaml"; }; diff --git a/nodes/cache/attic.nix b/nodes/cache/attic.nix index c5ce51a..e941734 100644 --- a/nodes/cache/attic.nix +++ b/nodes/cache/attic.nix @@ -27,10 +27,10 @@ listen = "127.0.0.1:8080"; storage = { - type = "s3"; - endpoint = "https://s3.wasabisys.com"; - region = "eu-central-2"; - bucket = "cache-xnee-net"; + type = "s3"; + endpoint = "https://s3.wasabisys.com"; + region = "eu-central-2"; + bucket = "cache-xnee-net"; }; # Data chunking diff --git a/nodes/cache/networking.nix b/nodes/cache/networking.nix index 1b663bd..d2bff44 100644 --- a/nodes/cache/networking.nix +++ b/nodes/cache/networking.nix @@ -1,7 +1,15 @@ { lib +, config , ... }: +let + inherit (config.lib.topology) mkConnectionRev; +in { + topology.self.interfaces.eth0 = { + network = "Internet"; + physicalConnections = [ (mkConnectionRev "Internet" "*") ]; + }; networking = { useNetworkd = true; useDHCP = false; diff --git a/nodes/mns/networking.nix b/nodes/mns/networking.nix index 21896da..e25251d 100644 --- a/nodes/mns/networking.nix +++ b/nodes/mns/networking.nix @@ -1,7 +1,15 @@ { lib +, config , ... }: +let + inherit (config.lib.topology) mkConnectionRev; +in { + topology.self.interfaces.eth0 = { + network = "Internet"; + physicalConnections = [ (mkConnectionRev "Internet" "*") ]; + }; networking = { useNetworkd = true; useDHCP = false; diff --git a/nodes/sync/networking.nix b/nodes/sync/networking.nix index 6b8940f..f185120 100644 --- a/nodes/sync/networking.nix +++ b/nodes/sync/networking.nix @@ -1,7 +1,15 @@ { lib +, config , ... }: +let + inherit (config.lib.topology) mkConnectionRev; +in { + topology.self.interfaces.eth0 = { + network = "Internet"; + physicalConnections = [ (mkConnectionRev "Internet" "*") ]; + }; networking = { useNetworkd = true; useDHCP = false; diff --git a/topology.nix b/topology.nix new file mode 100644 index 0000000..3e86dac --- /dev/null +++ b/topology.nix @@ -0,0 +1,86 @@ +{ config +, ... +}: +let + inherit (config.lib.topology) mkConnection; + inherit (config.lib.topology) mkConnectionRev; + inherit (config.lib.topology) mkInternet; +in +{ + networks = { + "Proxmox" = { + name = "Proxmox"; + cidrv4 = "10.0.0.0/8"; + cidrv6 = "2a01:4f9:6a:4f6f::/64"; + }; + "Internet" = { + name = "Internet"; + style = { + primaryColor = "#FFFFFF"; + pattern = "solid"; + }; + }; + "Home" = { + name = "Home"; + style = { + primaryColor = "#E67850"; + pattern = "solid"; + }; + }; + "tailnet" = { + name = "tailnet"; + style = { + primaryColor = "#38761D"; + secondaryColor = null; + pattern = "dotted"; + }; + }; + }; + nodes = { + "Internet" = mkInternet { }; + "proxmox.xnee.de" = { + deviceType = "device"; + hardware.info = "AX41-NVMe"; + interfaces = { + "enp9s0" = { + network = "Internet"; + addresses = [ "65.108.0.24" "2a01:4f9:6a:4f6f::1" ]; + physicalConnections = [ (mkConnectionRev "Internet" "*") ]; + }; + "vmbr0" = { + virtual = true; + addresses = [ "10.0.0.1" "2a01:4f9:6a:4f6f::1" ]; + network = "Proxmox"; + physicalConnections = [ + (mkConnection "monitoring" "eth0") + ]; + }; + }; + }; + "Fritz!Box" = { + deviceType = "router"; + hardware.image = ./media/fritzbox_7590.png; + interfaces = { + "SFP" = { + physicalConnections = [ (mkConnectionRev "Internet" "*") ]; + network = "Internet"; + }; + "WAN/LAN 5" = { + network = "Home"; + }; + "LAN 1" = { + network = "Home"; + }; + "LAN 2" = { + network = "Home"; + }; + "LAN 3" = { + network = "Home"; + }; + "LAN 4" = { + network = "Home"; + }; + }; + }; + }; +}