From bd591726ac1a1b2a8b45c08187153cc5212d4364 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Wed, 12 Jan 2022 04:11:18 +0100
Subject: [PATCH] add fwhost1

---
 nix/os/devices/fwhost1/boot.nix          |   8 +++
 nix/os/devices/fwhost1/configuration.nix |  13 ++++
 nix/os/devices/fwhost1/hw.nix            |  17 +++++
 nix/os/devices/fwhost1/pkg.nix           |  18 ++++++
 nix/os/devices/fwhost1/system.nix        |  76 +++++++++++++++++++++++
 nix/os/devices/fwhost1/user.nix          |  15 +++++
 nix/os/devices/fwhost1/versions.nix      |  31 +++++++++
 nix/os/devices/fwhost1/versions.tmpl.nix |  31 +++++++++
 nix/os/devices/fwhost2/system.nix        |  73 +++++++---------------
 nix/variables/passwords.crypt.nix        | Bin 1303 -> 1450 bytes
 10 files changed, 232 insertions(+), 50 deletions(-)
 create mode 100644 nix/os/devices/fwhost1/boot.nix
 create mode 100644 nix/os/devices/fwhost1/configuration.nix
 create mode 100644 nix/os/devices/fwhost1/hw.nix
 create mode 100644 nix/os/devices/fwhost1/pkg.nix
 create mode 100644 nix/os/devices/fwhost1/system.nix
 create mode 100644 nix/os/devices/fwhost1/user.nix
 create mode 100644 nix/os/devices/fwhost1/versions.nix
 create mode 100644 nix/os/devices/fwhost1/versions.tmpl.nix

diff --git a/nix/os/devices/fwhost1/boot.nix b/nix/os/devices/fwhost1/boot.nix
new file mode 100644
index 0000000..2f5f8ea
--- /dev/null
+++ b/nix/os/devices/fwhost1/boot.nix
@@ -0,0 +1,8 @@
+{ lib
+, ...
+}:
+
+{
+  boot.loader.grub.efiInstallAsRemovable = lib.mkForce true;
+  boot.loader.efi.canTouchEfiVariables = lib.mkForce false; 
+}
diff --git a/nix/os/devices/fwhost1/configuration.nix b/nix/os/devices/fwhost1/configuration.nix
new file mode 100644
index 0000000..eedc768
--- /dev/null
+++ b/nix/os/devices/fwhost1/configuration.nix
@@ -0,0 +1,13 @@
+{ ... }:
+
+{
+  imports = [
+    ../../profiles/common/configuration.nix
+    ../../modules/opinionatedDisk.nix
+
+    ./system.nix
+    ./hw.nix
+    ./pkg.nix
+    ./user.nix
+  ];
+}
diff --git a/nix/os/devices/fwhost1/hw.nix b/nix/os/devices/fwhost1/hw.nix
new file mode 100644
index 0000000..c590682
--- /dev/null
+++ b/nix/os/devices/fwhost1/hw.nix
@@ -0,0 +1,17 @@
+{ ... }:
+
+let
+
+in
+{
+  # TASK: new device
+  hardware.opinionatedDisk = {
+    enable = true;
+    encrypted = false;
+    diskId = "ata-INTEL_SSDSC2BW240A4_PHDA435602332403GN";
+  };
+
+  hardware.enableRedistributableFirmware = true;
+  boot.extraModprobeConfig = ''
+  '';
+}
diff --git a/nix/os/devices/fwhost1/pkg.nix b/nix/os/devices/fwhost1/pkg.nix
new file mode 100644
index 0000000..8f3b69f
--- /dev/null
+++ b/nix/os/devices/fwhost1/pkg.nix
@@ -0,0 +1,18 @@
+{ pkgs
+, ...
+}:
+
+{
+  nixpkgs.config.packageOverrides = pkgs: with pkgs; {
+    nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; }).nixPath;
+  };
+  home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; };
+
+
+  environment.systemPackages = with pkgs; [
+    iw
+    wirelesstools
+  ];
+
+  system.stateVersion = "21.11";
+}
diff --git a/nix/os/devices/fwhost1/system.nix b/nix/os/devices/fwhost1/system.nix
new file mode 100644
index 0000000..66fefb3
--- /dev/null
+++ b/nix/os/devices/fwhost1/system.nix
@@ -0,0 +1,76 @@
+{ pkgs
+, lib
+, config
+, ... }:
+
+let
+  keys = import ../../../variables/keys.nix;
+  passwords = import ../../../variables/passwords.crypt.nix;
+in {
+
+  # TASK: new device
+  networking.hostName = "fwhost1"; # Define your hostname.
+
+  networking.useDHCP = false;
+
+  networking.firewall.enable = lib.mkForce false;
+  networking.firewall.allowedTCPPorts = [
+    # iperf3
+    5201
+  ];
+
+  networking.firewall.logRefusedConnections = false;
+  networking.usePredictableInterfaceNames = false;
+
+  networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
+
+  networking.defaultGateway.address = "172.172.171.10";
+  networking.nameservers = [ "172.172.171.10" ];
+
+  # WAN interfaces, currently unused because the OPNsense guest acts as a router.
+  networking.vlans.wan1.id = 3;
+  networking.vlans.wan1.interface = "breth";
+  networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.15"; prefixLength = 24; } ];
+
+  networking.vlans.wan2.id = 4;
+  networking.vlans.wan2.interface = "breth";
+  networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.15"; prefixLength = 12; } ];
+
+  # Local interfaces, all accessed via VLAN tags on the main bridge
+  networking.vlans.lan.id = 1;
+  networking.vlans.lan.interface = "breth";
+  networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.15"; prefixLength = 24; } ];
+
+  networking.vlans.dmz.id = 5;
+  networking.vlans.dmz.interface = "breth";
+  networking.interfaces.dmz.ipv4.addresses = [{ address = "172.172.175.15"; prefixLength = 24; } ];
+
+  networking.vlans.family.id = 6;
+  networking.vlans.family.interface = "breth";
+  networking.interfaces.family.ipv4.addresses = [{ address = "172.172.176.15"; prefixLength = 24; } ];
+
+  networking.vlans.guests.id = 7;
+  networking.vlans.guests.interface = "breth";
+  networking.interfaces.guests.ipv4.addresses = [{ address = "172.172.177.15"; prefixLength = 24; } ];
+
+  services.hostapd = {
+    enable = false;
+    hwMode = "g";
+    interface = "wlan0";
+    ssid = "noowhere-lan";
+    wpaPassphrase = passwords.wifi.noowhere-lan;
+    extraConfig = ''
+      bridge=breth
+    '';
+  };
+
+  virtualisation = {
+    libvirtd = {
+      onShutdown = "shutdown";
+      enable = true;
+    };
+  };
+
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
+}
+
diff --git a/nix/os/devices/fwhost1/user.nix b/nix/os/devices/fwhost1/user.nix
new file mode 100644
index 0000000..1c33f83
--- /dev/null
+++ b/nix/os/devices/fwhost1/user.nix
@@ -0,0 +1,15 @@
+{ config
+, pkgs
+, ... }:
+
+let
+  passwords = import ../../../variables/passwords.crypt.nix;
+  keys = import ../../../variables/keys.nix;
+  inherit (import ../../lib/default.nix { }) mkUser;
+
+in {
+  # users.extraUsers.steveej2 = mkUser {
+  #   uid = 1001;
+  #   openssh.authorizedKeys.keys = keys.users.steveej.openssh;
+  # };
+}
diff --git a/nix/os/devices/fwhost1/versions.nix b/nix/os/devices/fwhost1/versions.nix
new file mode 100644
index 0000000..f241adb
--- /dev/null
+++ b/nix/os/devices/fwhost1/versions.nix
@@ -0,0 +1,31 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-21.11";
+    rev = "00acdb2aa817048fbe1f91ece18fe7de09762531";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "ff377a78794d412a35245e05428c8f95fef3951f";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "2ac65dd85b7fbe81b88e3c2a80d351aba4c4a9d8";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-21.11";
+    rev = "697cc8c68ed6a606296efbbe9614c32537078756";
+  };
+}
diff --git a/nix/os/devices/fwhost1/versions.tmpl.nix b/nix/os/devices/fwhost1/versions.tmpl.nix
new file mode 100644
index 0000000..37c2853
--- /dev/null
+++ b/nix/os/devices/fwhost1/versions.tmpl.nix
@@ -0,0 +1,31 @@
+let
+  nixpkgs = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-21.11";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+in
+
+{
+  inherit nixpkgs;
+  nixos = nixpkgs // {
+    suffix = "/nixos";
+  };
+  "channels-nixos-stable" = nixpkgs;
+
+  "channels-nixos-unstable" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "nixos-unstable";
+    rev = "<% git ls-remote https://github.com/nixos/nixpkgs nixos-unstable | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "nixpkgs-master" = {
+    url = "https://github.com/NixOS/nixpkgs/";
+    ref = "master";
+    rev = "<% git ls-remote https://github.com/NixOS/nixpkgs.git master | head -n1 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+  "home-manager-module" = {
+    url = "https://github.com/nix-community/home-manager";
+    ref = "release-21.11";
+    rev = "<% git ls-remote https://github.com/nix-community/home-manager.git release-21.11 | awk '{ print $1 }' | tr -d '\n' -%>";
+  };
+}
diff --git a/nix/os/devices/fwhost2/system.nix b/nix/os/devices/fwhost2/system.nix
index 06b99f2..2554220 100644
--- a/nix/os/devices/fwhost2/system.nix
+++ b/nix/os/devices/fwhost2/system.nix
@@ -1,10 +1,12 @@
 { pkgs
 , lib
 , config
+, utils
 , ... }:
 
 let
   keys = import ../../../variables/keys.nix;
+  passwords = import ../../../variables/passwords.crypt.nix;
 in {
 
   # TASK: new device
@@ -21,71 +23,46 @@ in {
   networking.firewall.logRefusedConnections = false;
   networking.usePredictableInterfaceNames = false;
 
-  networking.bridges = {
-    breth.interfaces = [ "eth0" "eth1" ];
-    brlan.interfaces = [
-      "lan"
-      # "wllan"
-    ];
-    brdmz.interfaces = [ 
-      "dmz"
-      # "wldmz"
-    ];
-    brfamily.interfaces = [
-      "family"
-      # "wlfamily"
-    ];
-    brguests.interfaces = [
-      "guests"
-      "wlguests"
-    ];
-  };
+  networking.bridges.breth.interfaces = [ "eth0" "eth1" ];
 
   networking.defaultGateway.address = "172.172.171.10";
-  networking.nameservers = [
-    "172.172.171.10"
-  ];
+  networking.nameservers = [ "172.172.171.10" ];
 
   # WAN interfaces, currently unused because the OPNsense guest acts as a router.
   networking.vlans.wan1.id = 3;
-  networking.vlans.wan1.interface= "breth";
+  networking.vlans.wan1.interface = "breth";
   networking.interfaces.wan1.ipv4.addresses = [{ address = "192.168.0.16"; prefixLength = 24; } ];
 
   networking.vlans.wan2.id = 4;
-  networking.vlans.wan2.interface= "breth";
+  networking.vlans.wan2.interface = "breth";
   networking.interfaces.wan2.ipv4.addresses = [{ address = "172.16.0.16"; prefixLength = 12; } ];
 
-
-  # Local interfaces
+  # Local interfaces, all accessed via VLAN tags on the main bridge
   networking.vlans.lan.id = 1;
-  networking.vlans.lan.interface= "breth";
-  networking.interfaces.brlan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
+  networking.vlans.lan.interface = "breth";
+  networking.interfaces.lan.ipv4.addresses = [{ address = "172.172.171.16"; prefixLength = 24; } ];
 
   networking.vlans.dmz.id = 5;
-  networking.vlans.dmz.interface= "breth";
-  networking.interfaces.brdmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];
+  networking.vlans.dmz.interface = "breth";
+  networking.interfaces.dmz.ipv4.addresses = [{ address = "172.172.175.16"; prefixLength = 24; } ];
 
   networking.vlans.family.id = 6;
-  networking.vlans.family.interface= "breth";
-  networking.interfaces.brfamily.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];
+  networking.vlans.family.interface = "breth";
+  networking.interfaces.family.ipv4.addresses = [{ address = "172.172.176.16"; prefixLength = 24; } ];
 
   networking.vlans.guests.id = 7;
-  networking.vlans.guests.interface= "breth";
-  networking.interfaces.brguests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];
-
-  networking.wlanInterfaces = {
-    wllan.device = "wlan0";
-    wldmz.device = "wlan0";
-    wlfamily.device = "wlan0";
-    wlguests.device = "wlan0";
-  };
+  networking.vlans.guests.interface = "breth";
+  networking.interfaces.guests.ipv4.addresses = [{ address = "172.172.177.16"; prefixLength = 24; } ];
 
   services.hostapd = {
-    enable = true;
+    enable = false;
     hwMode = "g";
-    interface = "wlguests";
-    ssid = "noowhere-guests";
-    wpaPassphrase = "the_sekrettt";
+    interface = "wlan0";
+    ssid = "noowhere-lan";
+    wpaPassphrase = passwords.wifi.noowhere-lan;
+    extraConfig = ''
+      bridge=breth
+    '';
   };
 
   virtualisation = {
@@ -93,12 +70,8 @@ in {
       onShutdown = "shutdown";
       enable = true;
     };
-
-    docker = {
-      enable = true;
-      extraOptions = "--experimental";
-    };
   };
 
   boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
 }
+
diff --git a/nix/variables/passwords.crypt.nix b/nix/variables/passwords.crypt.nix
index 3b2898134915be5c77974dda3325e7fbea6f3c99..404dea4cf3e93eeea79d4473006606202cbf3b77 100644
GIT binary patch
literal 1450
zcmZQ@_Y83kiVO&0c%o*PW+@YY=y-78R|Y-KBSO}$kAsa)ZE^dX5*QWOuCOiO<=2i)
zdjemV{R);^*gj3b*}i-4wL?bR-YD%;U#UN3`J>bICT=_0wVU3v?s)L~cbb23|DBsF
z!r2oX?p}DE&hg1+XWC*XA(i`&PO(3~Ki$JF%<H@G&6#^97Vdv8_T-$&P3PM$<oOq!
z)<6C<@fF+4oZGeqzeSkhUmcugzR}OeSIxZ1$+rIeW6hv@4AYKU{SjXC*v9#c@|3>$
zLIQjV=1OuiJa6r3Ez@Vex4^bEVV1zj^v}~mBu{=8opmNWfL&y&b<wP8PKxa|8sTy0
z|EABE-fnl;u4bXDp(FDigM^}Z!&}1pgqwY?2ug}=J+-fX>MGH-+cFCrgCpuLUx--V
zCiCKt{g%(sKU^1Yk36Q%d6Ye@@$M{>pIaG%*1eCLYcoMN@9&9QIZD=-oln-bq$hBh
z^qL)bTzdJ+Gu7G|`^-CI0!+`aM}_|V);Qll|Nbur$N1hIp@uRlb>+w6rc9~WA*psI
zv(;tM386C21;@Ur_r8)pVbbr!lYZ5{Z`)?Ay%`f5rcDn1eOkpkZmQ>*&TkU+zo#8?
zWAWa->8XvNfSgUu+05*x2lMZXsuZ6pmcOy~ix=;w^th6Re;RK;kj(Ron0M{r?GtD6
z`5E?3>3I6+VW+ye>NL-dbJ$ZD&NBQy^&vCgvSrQUCw{&2QdM@m+$Nb+XFG=>{G>(s
zHvLn|Q+BD89n?xPdzNYBV-~n#!KqoFYp1r!91dNZbXGy7iZ%6QV%d#w-7XGmrqzG^
zw$D7}v-qOM3U!A420PbZj#|Pw*D;altE8CK+Iats_a_Sb?Ol=Z@&3z@2H!7>15SKS
z|0*--LT^ci(R63sN70@S?!RBll(s3y{KTuErg^iPKkVE2r>4q!+M&mc3yR;(ICrMu
zfJ3yBjgC-}gvb1cufFH~OH(+x@X9NV4jJX;eiBR@<)%hI<7;eP>+^#z`NVeZmbRZC
zCSBRioW>UVh|x)_BX7Rn(=XQ#i2T>CJKBA*qP=ZTY3fOCj}n)4ZzX0IO?uX%w8cPg
z>Z7H$m$%0+?G<-BP{&&)A#ytWZXV|n5tfT4)8Z#RVXhYy?!CJpR>zn{^<hIPZ;I*3
zUq?=Uw!J8O=(?u;yy^q9l)7ea<$dy8OfX0BqV(?B6XkWZrp2|&e3>)DSnWpB{5i)t
zW;LaAf8N&lR`uV4_@9bWZtFvYW(40qGDrIUwMjN>rXTznn0qtiujl<p)r^O}$LISz
zSh>W<qAvMCsJ~XX!OC)lS4jnSd>qP)DnqLeScLSx;c)ls@mRrARkV2TZsnf0r`E1>
zezEs+igCj`+sKyGlHK{a`&Ud(SvL9B+i7J26BoRfFAR`q@wIKu`N6jMMOA>1g6J`;
zO)qqkc6Q#|^6z`iO!Xf-CLX@LH$nQzTGNuxa`|WKB0J7H%l^`^kO--e;hZ`*TX*|s
zeLd0S$_J+#)s)WuOM7%E^rheBxyNF<8wEDqwa$64J@CoW!}aSgeLE?q&izE_N=)s~
zXTs<H_{N^x7sSZQC+9F-^t_El?4JVZ<nB-1UzQ1a&9qdzW`8B**GV0{k6Ksr-74O#
z+;i!&{EKbhls_^aE`Of0jv@YR*DG0RhYeD{uWorSX>;<<!yIO{BkgC7o>Z?iIBfiI
z{U?Q3v8Q*RJY2i@<C^MAa#62)!tcFSIR9MaeM*RK=RC&MfA?ps-l`rZtmVLd@s@#m
zYnIVp1;4L)yDn&JZm|0M{o1C^yDX+EYpyQllxTaO_*8R`am=O{HoyBkJJ)|ZE0Jq5
z|49{73ww!c)`DyM_RllkmsdQuj(xI+#4U~Dhb}sPtZm<?oKug|dm7;t(|7b*vg-aO
zi>B2T+l`Fv&nxqoR3w;Mwm%b^H_h$t<>jmysjH8l$T)brD!%um;}2CkPT9-%8KwxI
cZ~AflU(ux*dnPqo@GdQ4jG4Aa+Ng^Y0RD*2I{*Lx

literal 1303
zcmZQ@_Y83kiVO&0FiAf9>SxmYEpI#8D-W1mT~rYw<8t$3w~Eq<R_2C9W|lL;zPW6c
zUiq+O!%HvS>&}Ij*k}A*5x9PzbaW%@YL@t9=S8myx${5YSpV6#o#pk)Vn5+m4FYjX
zGoEaj<KTPoz^lizoH=HM<hM^w2yf%Lv?1~SzI7p`!MjRQj2=dw^g4X%#Qow~7rxn<
zW^cM^lFFI$%vpLHZ&RA#jZY6c>J_i|{d9e`bD#MiV;#TMkBS52%jfj`=+5d53i(vN
z?qp8gEY?dxEX-BO$?4WhS517(SaQZAdGocePelLD;CuD_>C#k((*|!1PWN6=c=E-K
z*S7s&T*RqKMvv22_De>qOr834-aF%DJ-N^MD$QnQIvf1Ab8@P#mycW|UHY%BU?+D*
zerzo3>r?OAzAKzQsgo*xpU<g6{KPY!I{wx+2ld)5?_xZd?xw`mU%S+tbl&FdmpRf`
z9{)6nS~lA~sr1Q<+sl|9Ysm*aKjU{Vb^6a!m#&B#FVKwqE^YeQOW>kUq?W$M^3{t9
zEOZ0Q(%L3&b&S&7`HxZVk<3~)ud}`mZ$3X>@`lCky~>t=lp}`In4=%;n#}rfTV>9&
zwdQ#ut*efl|7<^dJ?l=rW4}%w71djD+x**}{Rb!Zh;zvDmPX3TeDMDG`ha?&b>5Pv
zJ3WPB))u<&D89_T;ib=7d5d_a1<KX4jS^d4{QEcaVnsrht%CK8e?KjsUv-}EB7MbH
zna?)u>aIBrqA5H0_@@6~r&xJYk?p}m6RA62CHI`4n(fwLXDYGl$Ast=0W;=(o%C|c
zXTGzq<CE?^zW?N#!nR_ImGgzwr`kMAEu4@k^lkIr^0RS;4^O0pR(?+D&bYgZXY%93
zxLdOy{Qe-3w9K*RIs5)iIZe0tzne6Cy^+_oufOh5T4k~)?{xm)zdLt7m)sMXnQLXs
z^KmvW`w2__bNZ9keZA;^_`tqZvaf~9eeFyxFF9~-O5GcVDJ`5z_nX*wA6MR&a`9Lh
zutH3;cKa-y)sKFqR{T+UAj5Z4s7m8PQb$rA^BcpTg<)<f?F+Zg7IEcRvgwD-Mcv(1
zj~mXvW?E9ds_saaN5VFx<iE8ubiJg6_q2T8vv5tQ^|k&+$(I{1Uim)T!S>_tsJ*Sq
z4Q11<t)4G_J@4O>cZ^pXjvQB$O8Nam;&0C~FLSwab#Z_Hf>jyMqCRi>@co<q{2w1C
zE-f<+tYnC=Y+CT3tpA<an`*U#GEe2#|MNclZHHUvWj@vaA{QNgeljR~bZNQjg_*M_
zs@zhr4O_08vdwPlh6APNC;vMh`tRfVgMuFZ;*zhn>Pm-a_CJ`lAmsEc&6&+@1;>MO
zM1;GUeUCiQIkR2k)O{1RyN0taCakVHVAuRas_gtZSKrPr54aY`heSAD*8G$6l4A<T
zw;dIpa*9krLd-o@k9V!q$rsCBVLQ2Jw_(tWs+AJXi<<H;J_&#L%x?NAX6JJ|llQP!
z@c+&g6OOBGPx~i)@?`jt8qLoe1<WVB-2O}Lh1ZeATUF<t{cLujE^Y4iUFJ^0(u-NR
zL^sO3n>5!asI1a`<3)GL$!A|p*VErOai6Ak#azkWpx7-kiIFc~>xNE@6R7Z8@N0#W
z<bBs2?-Oi9Z!+}!FZ8tFuef<&%WbnjajO;S*_$Wq@Lu{iFYtNMp-VYY3i<0#6&|~B
z{O#@3?H0#e53o5e6ykUw`E+l>_Yd~XJS?S0HD0_4Ub(uxEArDqji<Mbqt2^IzEBe9
f{?p`<o2l{amE<LdS0P9C-=Cg+==kNv3Xxj?17?%|