From 5deba06fb014ad2c20ba25774b8c7a530a740535 Mon Sep 17 00:00:00 2001
From: Ivan Malison <IvanMalison@gmail.com>
Date: Mon, 7 Oct 2024 15:00:14 -0600
Subject: [PATCH] [NixOS] Trying to mount bucket

---
 nixos/k3s.nix                                 |  36 ++++++++++++++++--
 .../secrets/api_service_account_key.json.age  | Bin 4262 -> 4926 bytes
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/nixos/k3s.nix b/nixos/k3s.nix
index d13475ed..7c614795 100644
--- a/nixos/k3s.nix
+++ b/nixos/k3s.nix
@@ -1,6 +1,13 @@
-{ pkgs, config, lib, ... }:
-with lib;
-let cfg = config.myModules.railbird-k3s;
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+with lib; let
+  cfg = config.myModules.railbird-k3s;
+  mount-path = "/var/lib/railbird/bucket";
+  bucket-name = "railbird-dev-videos";
 in {
   options = {
     myModules.railbird-k3s = {
@@ -14,6 +21,11 @@ in {
   config = mkIf cfg.enable {
     age.secrets."1896Folsom-k3s-token.age".file = ./secrets/1896Folsom-k3s-token.age;
     age.secrets."k3s-registry.yaml.age".file = ./secrets/k3s-registry.yaml.age;
+    age.secrets.api-service-key = {
+      file = ./secrets/api_service_account_key.json.age;
+      owner = "railbird";
+      group = "users";
+    };
     environment.etc."rancher/k3s/registries.yaml".source = config.age.secrets."k3s-registry.yaml.age".path;
     services.dockerRegistry = {
       enable = true;
@@ -22,6 +34,24 @@ in {
       enableDelete = true;
       enableGarbageCollect = true;
     };
+    systemd.services.mount-railbird-bucket = {
+      after = ["agenix.service"];
+      description = "Mount railbird bucket";
+      serviceConfig = {
+        Type = "simple";
+        RemainAfterExit = true;
+        # ExecStartPre runs as root (the default), to perform the setup steps
+        ExecStartPre = [
+          "-${pkgs.util-linux}/bin/umount -f ${mount-path}"
+          "${pkgs.coreutils}/bin/mkdir -p ${mount-path}"
+          "${pkgs.coreutils}/bin/chown -R railbird ${mount-path}"
+          "${pkgs.coreutils}/bin/chmod 0777 ${mount-path}"
+        ];
+        # Use su to run the main command as the railbird user
+        ExecStart = "${pkgs.su}/bin/su -c '${pkgs.gcsfuse}/bin/gcsfuse --implicit-dirs --key-file ${config.age.secrets.api-service-key.path} ${bucket-name} ${mount-path}' railbird";
+      };
+    };
+
     services.k3s = {
       enable = true;
       clusterInit = cfg.serverAddr == "";
diff --git a/nixos/secrets/api_service_account_key.json.age b/nixos/secrets/api_service_account_key.json.age
index 29aa33e763aa7295191f8da11e83c59fab5e572c..9770c2367502696f154e924715885c82cae7524e 100644
GIT binary patch
literal 4926
zcmZY9=X(@o+XnDRXAz=w1aV^^gbc~n*#c5#d+%))1ZK<Z>};9co!y<?4N(YH3>c8!
zTR;#EArO%kAw(pQP#%y@0I8xx<VmFS@Zmk)5BLY%_wPEc>pV`x=PmSx-LZ5e?kB=U
zM9jxXvS@{4=p>01dOd6qWC`g`U(6DP=x!DcLF$a!L{V`97pa60Xu;8xRird&2r?XS
zL|wv|$tIAPV4BjS2)hJm#zbk<5FU>Q{d}ufM+z0VSxVVab2wsS2GTN-g>e5%Lqs04
zj}FGU>4?~g+I>+iWZ|K>DkP4X)EYOY^YYWWI2;xDjGm|v5C>?Wj_q(G;+O&ra-1N<
zb~+4<0F-uVC2SVSCNUMClU9aVu$v^`*0c&|I!Mv^Fq@?8Qi~3wL>YU4!wC8KAlm?C
zs5H)S*{z6N2ZJ~!w2R%elokNJYOc|z1>9+YmBWrJtvVRR?J+(_m-Zp*xHBBjMB{{&
zdRrrvRv*ttCzML24n}Y=;^u%-GcV*%Bwzze>;~f+o!lm6$9*=HD;)94j5MQ3sEn!k
zVxF6DTO53?Q18)2?06)h3UJ+&HG<gv8kK{~bvdE8HA@%?Q$~8sX-1P2i>adoT0$D4
z*p`5cWn!cNuOsQxYFRc{%pp`8ct}P|<EC&pEVsycn8J!8u#aN7lNNWJ;9wC>h*X0B
zEKDm&AVR4Bf0Hp1q5CLRifN>I0HZ{e<Z0u)2nVqta7r0ci8%qEmjYq8CKhz4RNj;r
zG`h(orQ|0R7-8l+WL^#;Pr^E%#7j#$c@mRf&qn+)rGufd1^@*v6??IOnT&;_N{+;8
zMhzw`lvLpURFrG51)Mg4JD@iax=0wp6f~FtB)KUC%;H8trA-odsVKKL!d00>G0L0Z
zP;vt!lrc%!OqeT?U}}!qtf2&<kSytBP=<^QrST~#B!DDuen3JQ5EL003PZ*mN*UyA
zFv#!<v|ff$2|K-3$Q4MVIt|-y@blABzgKC}c~U_GO&1j#)F?}4OGQF}5{X(IT!$wl
zi4$HcSHrRM9bjC~)QZG-ge{h_+!8^6tBrX%X1&tP7ctxn8q?tkcttTxg7a7wCqL~L
zNWH#)-4>Q92?azqMO-`#2Sq?!DYIf0SQ?Zk6>K$w>*ATr89c+spbQE-dGer?rl!D{
zPQsJ;#i1BTi2*kw739Bpj<RCLh}mclhuJL1rNRX+>Dx(C8&N+&(MdKp<Oo7iGuxs8
zJXVR=q0Ts98?1@JQK!@mh`1_Yk|&mU-X!0FdSD(Lj8GDT0Jor+A0f3urWljOGLRGm
z5SvvfNyxawo0@oA3z*%?l#iZ-jj#?5DRB))&s2D$1eoAs%m6QAaDc*8QV?aa*nlmf
zR`@9zLle#zqc%{3QdS0`XYgZUCzoYI<$wwbVhREXQPCLSixMK@ZB3DJurd_g5mL!y
z5tk(lLOz`vQUbWl9wr?Tjx=hEgC2dtqA-IRURZ1k&`1LjN^&{cI0$1F8!KW82SQ4x
zD(=?0P?sHHN*tC@j6>SET=;G6|29czTx>^D6iJ)qPDli#v5b{rOIU<T6y=KC#;7u7
z)(f1bI7<0wQL~;a47yYph;ck-0A{DsK0(N2QDwp=p-RqXpoxGnD#<uv%(pcb!FDhy
zI!mC7kxaYU?qftz$iR2ol}OmdlY@y6>IRG|JRU(JWF(DPr8I*ZLt_q%nUrXyZYv*B
zNQGw16<|7iV3LCqIOc#gDCS7}jM}#~wGs4NA-c_^Pe~93(@wI(1SJiz^$NBe^Rl=E
zXm*&yARxs!nN&h=z?d`*i$da2u0za6sI-$r{45+W003yR3e}+5?QvLfEy!{?V-oAz
z8l;v7BorNsB^4@>Nf&o(TrnOiiQCn2ky-DiEHGfCOiUL;lP1j36q6mG#S=zIY=Bu2
z9cE41`Che7<`j@R2$R7f#A_zCNE`@S!E^@r*WH+2GYCL*6!xU_?5My)M%Yf4h`{ZH
zI<Bx_O2m@#cq~zcLuOSOW!|8fOH(V86y%Qygb|^_z?7@lphX$OH5lJu1WZ9#<N;uw
z*(|XD<i9d0WN-~JitfbU<k1cAPzd72nSj)lR%w#nlnRwf_$qY<(?U)JLnsI{257+u
z!1r3Es6MWY`VbWpkh@?LNxDKlKPXYlU>*m@k^;i#Q~s+<d{BS`80mQ2&a^@nAxoxF
zQf#v%Nua4Xln8{?fj2{o)CvNjVj5V&@=IxaQOafzCp>%@h@we2$OE}V!e<nRj1gv1
z=2HZ4v%|yU0Wf5I`)&@NR~|Rg6+D(6!iA;?DUafkureG-B_(!dM8-;M_<9o*7uuPK
z%8wx?h^Cdh$b=$F#zY>Y)ETfRT`~oRM+{MYLLWkL30vSq*fKf6b#dR;m?1<Urs$L(
z@z{fos4b0)MGliBj0odwM#S$-c#K|;QiJ;WkQxYkK%0`5aRqo@t|Vze@OYHva-*n3
zWasM)9s>c&LPjk!XdsPJC82iyt0yfHrjuo)%k0*KR}z<t<58YN7&8bk+#;3{JSs^#
z_2RTrU=qV`f|rb@DH@SsitK(inzB2XehaBjvfT!g7SW?-Pt>lCNx(qJ;^HU(B<!OV
z78cSyMi5c!NnVsE6S`rI1$WCia=Se4Nr#isq$C7N7<#jcG7BAC+JMJ}*!1*>#sRlG
zUYk>S>)8`U_Qra79hknJMK;?Y-XH%|t*ZL8`|o#%E?pC=1w%(ah|TTgxwcHbY}EaN
zW{V16u)cA8@9yPK&%6Fw=w5xgJUhDWa_;x0N3;&zTIrQv&%n2RvbVy)nlfknj!UI`
zU+<PL+&Zq2s<;s05T2HT3wi(9{KK`A`_9<Z>>VW?r};N_<P08gpg6j&yc^SUS(Wwc
z!&XJFAJ!Hgm_}{9H|&>*d6%h~^v<6v2Q3;}sbY<uJFI<OYeOy2^Wzz`HeE;Q(#Fuo
zRnN=5xcm24uCQ#+{HB~m%No1&Jp1dze_Bd!zC?0AIKEwVj$2XvNxXf({H#;b9!^*9
z>8qkh>-@2UG@;=|&nDgb@anU@SZU3;ocV^syoCq9Tba191_$y5s!sQRKVf~puCmv~
z{q1pU@yOyQ5olY@{@YP~`-3~Owi+{KuP0nOOyf;XOk^AevaZ^%_v@r7c>hyl$${?9
zu9LId=qIzhgPUglV4HMr-s9^N{-~zaPuJZqJ-hH%bVdK=cP>V*%70t-A1ti!Hx6YM
z*4FNuy!yFw;K2Foe-yO-^lRkE{SiZ!52(!feY&aSpI;``o@4$w-M_fN_j*;QUg1T-
zqN)e`!5xW%dPDUo9?&cfv(~)x#pub3dHsG4_6k^x$H%S6Tvt`Hi1zR{^x}oZ7q{dz
z^Q=?KKVr;(aq0Qe&gze?Q;<!Up9<$KUVm-O(5{oP(^?na89(A1`e*U@5p5eUpV;1`
zX@nb@nwVg}yy7qfk6F;RO5^|h`zqU?$A1(wu6}vePTzSw^r|2K`t@Z7lKa<+2bX)z
zZOYtLE$#5_t6eu+TX$rSAE#=+syJ)q`f-ESr{^E}B4$chuUmRf`Et+m+z#ctUt(kD
z-g4jBU9X)w`S&STb<^K<ZWz&A`1Hhx)i);#Z+$4BCW3p-OIV}l-K*)k<+k;}M$Yh(
z(#V5%WY~IoMfd6h(Gi9Jb(1R|>g!(<kF$HN-0^#A(VvI<-K*YJpN4>nGr!3=BC@n^
z&L<}~_1+4VRaC}CJb*sPemU#X<Zdm_xox^h{(xi`hgor8yryKoyeXD9ujzC1_ql_h
z40hVPWBYriN$9?^*0LtSEcwup6?pMtck=wpeuH_sY06{$CyuP`U%l&mBnKxKJsI=!
z?%IhRUsP4D3{<Yj8+@wI&zr7YevdKg6Z;ee-B-k~8CQ6%iQF=wI&`Sgc=248RUMvo
zOOsXiWxL#brSHmbFK#^r?`_(;DEy^BA#U1_jpJ|bc&xoP{8L|X|AwBUr0@Q<=uDLL
z<;DJ^we61-eb8Dkr@rXWdrb?D&iwF*qtSnMOtW57a+vH}9@OxVH96~_ohom6o!z*8
zXQ#jnJEm28CgZCQhWB1R-|*y<>HxPksA<?dAp2I&5Bfd&&b0LSzGI2(XB|u1mb7eF
zIk|!EE0=aUJK*n|b9!E1yYANFbGH_rn|$b?y!tHpSzuXx@w=b5{nV+fes(a)pP##O
z`xoEMYu9-4m|^jSF%K$~bGm5iI<36gbprqRxu3JX%RNNS2^%{6q&+|2w#&Y&kFM}=
z59SXYFSVdo;a1Uh)3M&W+NN?&=giL^e}N?4s~hyu4X%{l<b2ZS*1&L=ZFk$1aL07#
zHq3B5S<=GED#j0ewV)8~tsjznvA0+EIlz(=uI;BM^=Y1b>4>Y#>8eS`gHFM=s#iC^
zd8zI{4ZN7s^vjDzH)}@0=7#+%JFWb-_>cajExm`u*YuseaoMQ9u725fX6nDkwB1`r
zO&eHYmXznL_>Iut`d%69SZCk|?R&CWZ3AXLUH9TDddbn!c}w`g;aFjZ$|YAD#_eU#
z?N{)y@%iFosg4b?5#xV6{g_v@JjBp`A=6vab${eNjLz2G&l3M#-J-j)9Nga-W?OiV
z)?GaJWWvMK?Is9+elYS6!Ef33*HwU4>-v|%_U|seqxT+aDlP5Vthn)MApdpl)RDVd
z6JwjG*Dqr|-ktX7`P7;TuDvg&F*>c`>IYo-%i3w3`N8^B!I`nc4~Yz9!39&l+vK|+
z-~RN6$2H=4YlVBuf84Qe8k1f*YoP0Tr?GQS|MvJ>=%1ZyPpGf7jxFl6E%{FUPJ>~R
zCG%k(*=3J+_IL>{zUEDHu8thOyxX_EJd?fC)9+O*>b61n$x$xcdaY&T9iW|W-*f-{
z^7_8I!5fJ|!**?YRI)q&46SqZo-PHCuZ}5Sv#I#2`O2zE6E!a)cfQ&F;BK_woz9_W
zvLi!u`=Fe<x#>+D?7;Q^EEaaJIVLmBsu(-&=>Dt|wi=G$aKeRtdaiaZ<n}0*ar4%d
z8(YtFihf*GJ@o$BR9<1O{HrH@HjjR%>wk0J(QY``+<(IIU8ir%{>RwA?QZMWeH(6$
zkL=fX_^waO>+Nm9qstrE--ic&HhspcZdH92fjdth{`F|~*FAbI5bwQqPhNZYLEybX
z(oHu4M>gNj3GAo|=G=RFH`TG=;R$J~^0`xxb8^X<87o(vyi$fV4Y-~AJPSJ$+2q_b
zz;n9nz`ZX7c^`V~GOxzGDyw@;@7p8zz27tpA3F0$I#5tEyR>V;2B2U5poj52i#jfA
zzRzf@vP_*&=2|l4d`=IeXYk9H=9+&7SC>)MIn$8I#0Sq51A*j`L8Y@!j2!vFNr~QO
zas19Z)u-Kx+uJikJ~OT{|D7GWTUx$l4>7LfFjLbs{3)`u{)((AZ+=@l<0ip?&u4EP
zp4yr`XMUOZQ#B8MekbR~7TVen`J8^IrhW!Gnn!Eyw`=9#Kg{}%@}jPtKkxdw%ShHR
z%e)Tnn?{T~UfsWB_r(0mvl>(1yqfUokRG<=hm{SgLwWg6h~wvqBZ<{{yxcWV^QD~|
zMv1l+eKd36ZgfF0^*&R`KDnBCWLnF?qu8X*L+&@`=U?R;KPxIeUOjEgl><w2wb<<X
z6BRdZ>vrEMm*>uXo!z@H`^2`(Q&-TwRX?l_H0+|#W3E2U72&}Az`A~|3r}9#pH(o*
zC(-Qt$$cs{@9CmC=-Axeu<b^zW7t;nQN_W)XInKT!_Au`a~3jxxifFEvfa=NQ;U`_
zxKjIB+297Cc1>e;Q}K%phaTmPY#o)TX`8jS$NEys+M9OQ$L)MG{pVn`bN<CW&Of`{
zJ@GKrf98-`>in|qcsqPW#rm(ie+Nt%UK_G`od;U+yd@ip;6)|#xC>sG>qk{AxQJNT
wd#xq%s&0R+`21_tsqUNlOrJPXJi$@%s7|pV`104P)s=g`xx>k+J@N7X07=x#jsO4v

literal 4262
zcmZXV=bsaW+J+IN1w>FOQVwB75#y4XOp-}JftmE4Nir#;3#3dYeOi*q1Xx&C6p-d&
z0asmQsj><v0)n&!6b>Npf`SMLh~hz5iu5A*`r-Bc0Dr;td+y)$+;^BFE6H4x6PbLH
z&JCeCN?rsdmBXbxpQt2b3Y7}fN(qYdv51rsy`nlDGn=hWb%yr)m7FKTWpL7=5#7EJ
zf;t6nfYzpYZw`?75_&URfGw)DJ8o9T!|FmQK(Pje+y!t20}TuLm^|k+216kI2rZ1p
zyp*)e7s{+EMWjka4VQz$C1)g=VX{_2i!+5{!NKMdZh;5G7>G&yDDKe6J$BGu4Cw4O
zzM%8jogks1NP;Yr8mizTP@gO4F=`&6In0EZ5u^%@t5goL5R*iyK*n#w%OGsFn|);s
z#Oh!h&a-YW;#b;~8A`&UOj1FxB$o?Ev$22$kc&K%MhIUK%d&z_8*|%Sb_ycY2E)U*
z@fMs?Q__F}RnRtyH**=i#c2@oUexN0hfpB^Wf(;;SM=)1RM2h9>qC-g+{%>{4q3{D
zdyG1F*bpjf&@_x-g|Lc_=ya)=M;=Moz(h3kFwK_>=LAgZ&gYDgEL1YY7|~ER1A<&G
zSWRM#$|qSf1c|&iQE;aVAf_-#A`oRP$Pip6L@{U33NxSqQR+j0=;ShnL^7H82wK#@
z>$L**4~^r)QcAFv08A23i`lSC=fUJ@8dc^9r_aKoPKabpDz`DnM*~5aX3T!2F`r6n
zO9E43IM@?*$fBqkQo==@#A?r@M#P!rJt8hDQ|X*tPub&Q7BLYnUkET!9y}KJh6660
z%dSho6bM?)eml#%Jce=!rZW<!AsJ@1bPh^ItyI{MLrYYe#*-vl3^_op-iHG|C1zr5
zQJ*o8F1ZQ8C+Z9!q>5?-5m`}YkProD$r=l}O2(W=V{rPTrc@+p(nR8gU_KHTf@qwJ
zAr5)M8dN!Dtb&L|QoIg#xq}E}HyP8U1S<&&PqG;OTP2!SYmKmpG0H)_6w)gqCcVy{
zK}yMpoI>p(pCYBxSePV+6+xa(>QcsFlt&~)$se%<@KiC7)G8dJPgQmiLFAvb|M|&~
z(L$RMsVu9`>2f+d1}F<Duiq5}GFH-CFhV6pjK|O*5{Ep9Gsc@hgGB8^B78AHXjzZO
ztIU8!)@TpA%y?Q2>K!(XB9*ghTt0Kwl+Zj(vtjWhEl7D+(4tN=de#Z>rZATzl5URx
zYM2~?p~b8sKr$)H7YJ}6A1+Bb&2}!4$8;1bcW5Y`)na3qJWG}eUO9jnNOL5KF#_R=
zIHC{J(%z`0L`e${KWk!O(!wH2!pC4S2VB%B3XIhuA{Z1EOn{A~ykRDv#U(O=MO=^x
zMq^eVmmqmm=>~bDRWBAYpfaozFm2J`COstYQa(&GmxEwgkZN$f!(oX)v<^3yElvmT
zD%&mkLIJk=^IC;BLolA0%!~UNGcUpOX|sSAa)DU5WYQzNBdb>kb{KQzfgqT`<OHvA
zh9d+=xE&AE{x8X>tbl}_q7CrEbP07uoJ^$XmKSogN|_YWCNcygTFOA>MaUv4V7Rv!
zM~o28b3ihy;e)h|)0b47hU0Q}G>HN+E}RS%;lK5LsJTH}5d;KjKCic9L8}o@X0^D?
zXNu~4F;fsOvjD;*EDS27T}p+H(%7@KL?s%mR=qnIr<0`Jp@ijPB3ppuE^U+sJsBJC
z@ufJenT%>h%fmDqrb^<7G{RA^0gW3HwsI6oxZGUSud`6BQzuyUML}NXp`4j;K*qQ)
zD)EVcLz{)8xWOw#g3d$%m6M*lx?t8pr9eSm4ud*XK$CW;m`9o$v6<3(LF&TwkW6r-
za2Jr_R2jnUX9&3-RdN=&%B)7cnAfWjL=^NUloCraWiM)Jx2P|16vx=Cu-n4~y|E%4
zu)yvj8w`hGb2%K$h9CJifb^<lh&0bBG&aryq%j*H7V|0&5_lIX5azH>$>Sy@YUL9u
z5O=B!fJDe3I2bG|C@@aN(s_ANZ{m2bJLHxJ6@W;|-71DMhRiWl;So!;a;2LSq)bK*
zW^h-6)1>Hxf#YQyttrKT0BMcW4j`3xIzfLVmq}<1yd+Pm{Th>pjfrB4g0cZRZFG@x
zqdryEG8P!f7l1%n0m?;`e`F^pBn`<hDF<2QOcn^)40<?bw4%kRiT5&DOCqmwI&uWf
z=k-zE28o`GAQ4pdavE}Gi}FHLUdq||ye#Wu)WrbIB4wVUWa&s&?~EW??*Dh<pXLgx
zNmCw^@&QU76cu)gaZ&O_(r92UfD04S$~35jOG+vOg`#TA=~SV(gi|=w38s)Q!S<ru
z<D)QBk~I+tXN(k+Wn0$AVQMiSv&#MH^uta9*|0_@NTGB&U33_{NkOI$$BS-@p%@Fs
zjF?3o#+)%BgSr&FCyhkHB}`)0L|8sWW&$+kGJ&KA^a5s&hb!p<e~+^Ua{>;?V%7%8
zc;Jzq^f3SdVp2HiPnnaT!3uI5t5cOA9OR0mFQhB@xkNFbje8S-Pe4_W36sdYMl)i=
zg9)$Bk@Hh3O*SLu?4kwC8B&lki^?MzpGO5l2ITJ~D=VcU3g_{1K8UFF6p%|0etX8r
z%HjZnW=Y(hb)bGlhDU5FG+~h3vCjTZe7<GBe$1Pn|L}3!aR&hXjn_Jb>EyDL*p62|
zcq9KuXy=z_yUv{a@4ue-%4)evd>e~3^?P~FQM3Q;_Vu>ySC1~c`SXZ`;n+Zb)8xGi
z`_{LaH*Em^iGuv{*vu7EcAu(g41G4U=jm0i<6Bzonl`0F_wqYSsz>d(GElPq3;V5?
zPhF|M9sG9K7VI6*mL5&fHHQ|658iB)!dI&Hv^hAq=hTz!&NZ(2DF#iv+_L%GCjZOj
zF5%UdOD~?Tt(m@hNmG+l^5UCg%l$6uIN7RM^XE*tWclU5H-iT>?dsGxaP!`Yva{Pi
zng7L8$L{P|GsyOA^MOlWrIx%V-B?lB=IgCEcf#H?{2<h?mN>M*{>J;G$NaGRd-li8
ztDvgr;uYP`+_~B3a#HrSX4J18b~k==t?k~w`t3Czslt)w%<dzFy0>I6wQg<}j|8};
zE*;-EwqeHA5r!GB4m-8Ka@@M$xbS!Xt!w^c&@&Es71#aaUdQgxA8pxPZ+QOXD=mGW
z9uevJU*G+E<NMVn$jg^krt9>!QO8EbjypdY@ZNjpg@t>jZEJ?EPKlDwVed!BUEcf=
z&%N92w>GLVzE+EF8#kW4InU9h2fwv;S7V*lc;-m&gKsX-XW3iJ(+wTQ-jVn2TUmG|
z)9+Bz&tu#5p)WA;fjci0Z_S(W`IR5u`s_y6>d~t%9)I!h@NfC)6HAxI{qX6u_>8$L
z_f3ie6W8|23HNWg2K0HozL56aM#VXu*Y5kzq6w|%O`fq}apUUEudmuXcR+GquOEM(
z^5Ie%zVKV7tNqY~bwA94B(3g_8Pd|K2i!2DTT!=ATYjnYxf9b>+p4Rt8+Yom2YW5M
z{ItE>+(NhX<?#=WSA+8{J)v2H8ZNaAl_>^wIo$2mNAQlGudO+~2=BC-fHLsjx#1rh
z-ukA2Ha>WJ1F`en_rBk6$}j4+P%~ZrHdAU|?!ReXYd0-uH6iI?&%CrA?s)y+)NcIt
z<c|7R_h~oJTD|V#T*r#4wa<1)$=V<v^^1IX^Ots|ou{@eL!>8U)H5Bo?uD0jo#0sV
z#*Z`a24*q`*BlvdY~HcukHO5IT^B5aRxaO=Uq1E8)eWyK>;GZsixY<m_qCJ$c(94A
zuV~w@az)=KI_=A^pE_(lw6NptffL^y@a3E*M*!<*Cc1t+sdvrFEw#S8BTl~l*yiNq
z<sG-SZ@s>zTzZP`Rdv5A`VQ9r@V>fp;ZMfi0)}v{zB=1*bWkTh->cKJVE1{echp^O
zUU_Nv{hLV719hjS=lK^==Mn!ii~Ii7uXnn3-Tb#!7L%Fh&>>4F5xZ6K*?s&co30*2
z#+GkQ?R-1DX!^*m*ZLo9Ayz%!uy*U?@98U!-04tl@88n;;MI*ommMGc0Xwbb6{b2p
zebo7?DU-9^=F-Ej-Kbp(H7y=aZrr`-%1_PgF1zIH){(VKb04>_{&W17pH{#N6odbB
zxlMFg)sP+Do&P>|6mEyvPM;Z(^0a{WfZJ0B&E9)&^w`CToYOw^Tt)QNmu1i2?M@AN
zvPM1e>Ye`d;V1hX6#CwK_U`mUk(#Pq?A~ijm}w8%4y~w7u6&|bp()Yju{#Sdr*~CO
z)>kyV*-wA6_Q?wq+V0C<sNVkjsPg^OFZCT38~#H5kWSU(bc627CqVpF=cZi6%zyQ~
zR&n}-2zy5CKQB2my4TB5)$=v%rt3XEp)WqWtwYCmCto-IHRYLeJ#PQ$c$}I$zZHje
zKfdbAer|o~JIR&9_alP`*sDj)VuxK4hs^$>_g4*{jof#7`QoYtbtd!5#@}}Je{RX>
zfj4Fop^g1&Ccg1Py50YbYWaFidm}e^9lf8Q+_1m0ewoSW^wzceb?f_m$Vu$g*0&ce
zd#4M!u*XGx&EAy*OW8dQ<5kNm)@>hx8!tTVe&KKlzk0TJed^}IxASXTA35ZIyLNx&
z*s<Wv`-)}f8ylsg_Y7LG=|JZ#n>QU@AwSWo&#((M6%Rh`y}G^b?(gf5uj+g(o7hVf
z)=uc(GUQHqd0l(Osa<h$?c@W`cNtpq>5P+17h(n{w<$-_^ceNl-)o2+@b)<iJloKt
zH`rYNrENPOm_x4r4fMyI!V`<)+=*BBx7Igp9~0<%e$1BsH`|T`e%r9-^!a(Z>zfxJ
z4}9GF+U&%Uc_ZH?y41~RJ)tu*^&UUpv~8$<V`quvnP0oS_C5RFjnBUysv6UCqvwNl
zqyI`Q8a{ZMw8Q(Fqdoe1r=(5SkBp_OO$QSfFWv1s>*w#k`LoUR4ysy@Q1N5ye@)7!
zNcSeHZseXbWG6qeAHB5rUVh8rUn-v)+$`aC_^%kQ4QfR;uH68~H#{b+dZFd1uT}Lc
pCG&{-uix6&FwT#Rn>eK0>%_NRemdIirE~i2(s=`_#yig&{}<ATkoW)q