From b9c23c303997536c439b37d19ffde91a66e44bdd Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Fri, 23 Aug 2024 00:30:11 +0200
Subject: [PATCH] feat: invidious hosting

---
 config/services/invidious.nix                 |  24 ++++++++++++++++++
 config/services/kanidm.nix                    |   7 +++++
 hosts/elisabeth/guests.nix                    |   3 +++
 hosts/elisabeth/secrets/invidious/host.pub    |   1 +
 .../elisabeth/secrets/kanidm/secrets.nix.age  | Bin 2245 -> 2273 bytes
 nix/hosts.nix                                 |   2 +-
 secrets/secrets.nix.age                       | Bin 5824 -> 5825 bytes
 .../elisabeth/keys/elisabeth-invidious.age    | Bin 0 -> 827 bytes
 .../elisabeth/keys/elisabeth-invidious.pub    |   1 +
 .../psks/elisabeth+elisabeth-invidious.age    |  16 ++++++++++++
 users/patrick/firefox.nix                     |   3 ++-
 11 files changed, 55 insertions(+), 2 deletions(-)
 create mode 100644 config/services/invidious.nix
 create mode 100644 hosts/elisabeth/secrets/invidious/host.pub
 create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-invidious.age
 create mode 100644 secrets/wireguard/elisabeth/keys/elisabeth-invidious.pub
 create mode 100644 secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-invidious.age

diff --git a/config/services/invidious.nix b/config/services/invidious.nix
new file mode 100644
index 0000000..fefa154
--- /dev/null
+++ b/config/services/invidious.nix
@@ -0,0 +1,24 @@
+{ config, ... }:
+{
+  services.invidious = {
+    enable = true;
+    domain = "yt.${config.secrets.secrets.global.domains.web}";
+    settings = {
+      external_port = 443;
+      https_only = true;
+    };
+  };
+  environment.persistence."/persist".directories = [
+    { directory = "/var/lib/private/invidious"; }
+    {
+      directory = "/var/lib/postgresql";
+      user = "postgres";
+      group = "postgres";
+    }
+  ];
+
+  wireguard.elisabeth = {
+    client.via = "elisabeth";
+    firewallRuleForNode.elisabeth.allowedTCPPorts = [ 3000 ];
+  };
+}
diff --git a/config/services/kanidm.nix b/config/services/kanidm.nix
index 0b5f39b..d71f343 100644
--- a/config/services/kanidm.nix
+++ b/config/services/kanidm.nix
@@ -140,6 +140,7 @@ in
       groups."ollama.access" = { };
       groups."adguardhome.access" = { };
       groups."octoprint.access" = { };
+      groups."invidious.access" = { };
 
       systems.oauth2.oauth2-proxy = {
         displayName = "Oauth2-Proxy";
@@ -170,6 +171,11 @@ in
           "email"
           "profile"
         ];
+        scopeMaps."invidious.access" = [
+          "openid"
+          "email"
+          "profile"
+        ];
         preferShortUsername = true;
         claimMaps.groups = {
           joinType = "array";
@@ -178,6 +184,7 @@ in
           valuesByGroup."firefly.access" = [ "firefly_access" ];
           valuesByGroup."ollama.access" = [ "ollama_access" ];
           valuesByGroup."octoprint.access" = [ "octoprint_access" ];
+          valuesByGroup."invidious.access" = [ "invidious_access" ];
         };
       };
 
diff --git a/hosts/elisabeth/guests.nix b/hosts/elisabeth/guests.nix
index eedaa8c..3e96c12 100644
--- a/hosts/elisabeth/guests.nix
+++ b/hosts/elisabeth/guests.nix
@@ -30,6 +30,7 @@ let
         homebox = "homebox";
         octoprint = "print";
         pr-tracker = "tracker";
+        invidious = "yt";
       };
     in
     "${domains.${hostName}}.${config.secrets.secrets.global.domains.web}";
@@ -180,6 +181,7 @@ in
       (proxyProtect "oauth2-proxy" { } false)
       (blockOf "paperless" { maxBodySize = "5G"; })
       (proxyProtect "ttrss" { port = 80; } true)
+      (proxyProtect "invidious" { } true)
       (blockOf "yourspotify" { port = 80; })
       #(blockOf "homebox" {})
       (blockOf "pr-tracker" { })
@@ -310,6 +312,7 @@ in
     // mkContainer "murmur" { }
     #// mkContainer "homebox" {}
     // mkContainer "pr-tracker" { }
+    // mkContainer "invidious" { }
     // mkContainer "ttrss" { }
     // mkContainer "firefly" { }
     // mkContainer "yourspotify" { }
diff --git a/hosts/elisabeth/secrets/invidious/host.pub b/hosts/elisabeth/secrets/invidious/host.pub
new file mode 100644
index 0000000..d3cfb38
--- /dev/null
+++ b/hosts/elisabeth/secrets/invidious/host.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGadvYM2iRdTri9xboKlTHG91mE/agT5YwQdJhnB94uj
diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age
index 7ad762c1cefa0c61823ec1cc53eae9dc7ff951c7..05af5e91ba32961f5da6b0a01ddf161cd95c9703 100644
GIT binary patch
delta 2232
zcmV;p2uJtD5#bS#AXjxxS~hJmP)k!oFLGLSY;7`8c2hJ{IWRdlP%$!5Ls>>eR%LTR
zLU1rba|$$LMnq>bMMq3zbZJa_b#HQdHe_aLH)u^kQgl*pYGGDKS9U~ccXwe+G?PyO
z6@PSdVR>RsVly~(RYE~hYELvPGEG-;bSqCeZ#HB{Q+juEWLP&jSyyyUQwl<DD{@M4
zc4&1>RYN#=Xfj$cD>8FaNM%@SQZz3)Nij!Fbwy2Kd0H@JO$seOAaH4REpRe5HXvA3
zQEOE}AVF?oW>08SaWh0tXmVFVacNFSFhoc)QZHg*cVlm1YDi6WW^hq8b45f|cXbMH
zK~Q5#ZE<olN=8goOgL{#HcnJYWH&=?Qe|y<Lq%|KL1uSPR!VhxXIYa^0Tq93HaJgd
zS!QiEVoqjKcXD)4Y*I@@Q$;y;FLXsYQ&?kaT5m^kPf2GpOH2w&VsA2GPHitwcUp9J
zO*eK}R5LO%NKSH8Z*4U~PE~edI8113VOCE`I8h2MJ|J*ub}eu+H8vnMc5P5}Q6NET
zX+>^nY;SU5V|j8;Q&VA3SW15|ICfNTcx!AiGHz5@c}z`rF)&R^ZYydEMPpAeLwaL&
zOEye*H*HKdXk<q*X-92sMRhA;Vpw@<XhcV9W<+LAX-{(sEj}Q5XK-9CXL4m>b7de~
zEn90j3QBrGXhBjkS4CPlT24}DR!vZ9a$|5*NkvXLOG{5|MlWtgadLlfcv^T*cvDL;
zF=%2~VRS+>WnxfMO+qU;S6K>IW@j)#Z8<_!PI6{eK?*G`Eg)KGD?(;rR8}x~V^wcs
zPD)R9Sx{Fua!PP3GFNyoR%2vWRa$FVSWGfmK?*+JML;;!Z?7j<#=9~}@VH`7Uq$`0
zVU>5BC@k0!g1Y4no`iq=ZCRIv8fpqt9Y~(qgIp<+nquSiUvWVNyaS9Pufd8npYEcA
zR`FV*AL_NY-ShzaP0yN&bK<!LfJUp$n*F`DBiivGyX}#MF4l-Fr7NR04NZf9@R&|(
zI7u53XLo@;UT<52j9#f#LTD9!;L$Yf=nx=^D%-6vpFSX<mXUv7sfodRL74C%$UieR
z_zPZY$eV08-WH5lRNmyrW=gb}pf~mmLZE&~wFf!)SOX_p2UQv+Zqk=>`T}eQs|9+q
zF=O6<O=k<45F+h`V??yF5E+p2r;Cqszpf1$Bra}CWpLj~pJUNQtD9<*k<4a#+SBhA
zaN)V-X61}V`JjJ)j4R!H%6gXFx}IA~{m4%AV3Eto=%s`^4Bjm%@hY95%aN(BQckVY
ztPvJft1W%CO_tr1=E5{qKZjCgsD=N-@MXtl{<%kJWanswmBXy=peb>qX6;cBjY*%)
zjfN>lg>>~4zqo7@M58NtkqY@_@^kazVqcFJ1u7~U%rSqtO(y)k58iG^)sB+&H*J|?
z_>ee7XNy{yCR{hlmekPdujwNucE!k_u^qztF640~_3!{xJ&AshvTuG$DYySER~0=l
znwbRa1K69z`!?AUOlixgJ;*?fm}|DlUGJT5oX%>5WYI(to$m07&^hJ+j>(Wit8=w#
zlPz@ep<;j0$mPayfo*rF?U?fM6#ivmV4P+v+JOMWRens0k2G|W0IEOhPbq+2gH3;E
z`iK^~N@0Z4-vP~z1!!$L#=1|WyeT(mfr4wpL^(={{}&lUWwVcVk+ts9XM;mlXzEF?
z4wEi@*~Gu&oUo@60^Swoc)a^aMB?~lz`s%W>)(G_@F6Xixl9zlH$$&E+FTmcnJ`iG
zo3v%J;b6p*9A4hyg|^}yKo$UIT<3B_!o;khpSWlEI|6p>sH!Fi&p*PWdgWT?{&S)l
z=`|vV|5k2Y{UDl|*PU&^5Jmun>(Z5U<U+*xtQ>D=mvYjwa+Twst8Az;Fb~WW-cp#p
zwGw}u1=9A{Mv-~<7jIf$>GPBvC(Z1IC8wP6tU_JUo6Ok-eXfVWUK+V%B1J+{6X@{!
zu!O(+5s0c|$~O}d?j>;!Iy7-cTM*h|Hl);$0RE-nENq^aQ}@?)!7NoBQ>IZKlVCNa
z1K%di<q!DEOBem8@dPqX^blIHfrC%rzrugItQ=5^7v<~b(z2?dRdRBFS+XpAg`uT0
z)sBfsKNsfFo{3`jefGcaYAgV<21B3Yfggxs7Har<2i@ow6Ub(EXd<#px*RC_1U}4P
zWNlD%S}TyT9j1}g2cfpjRs=V!nG$zK+uHew=b{<{iM>{b8$5&36~XfSdA~FC2SI<7
z<^6Vl@>O8)^st%5%H*)^>t1l^_@9_BOKPx9X^jt@&<Wz#Z`9D*dn;i<H80%fLFyrj
zX@6eLyCujPttwVLKm_!`ufcQFbWlC#8w*A-xbT34$$3VNcdrclMYjni9&)L%jWbO+
zd*NGwjWc2g^E9ZaKaHc6hd&jII;?+ey*4d5m{6X-fF$duujcgpL3Cb8I}O5C$sU2^
z4neO%>_iew+$oXRKe4}<%j-q&7LprIDo0EfBGwrXC1*$WYa;pWU}OWjn)N5YKuKLX
zyaUR=a?)1t*b1&9PibNpi#ZM%IJmLwMv|en%8;?3Ms1a%I16N*BOq=_oMC@M3lCAu
zem+AX@T+eC1enV@GjI>+uko!A>#NbE<fv#;V9|zXD~5CLw2yS7VH)I<b5J84R7~d(
zkW_j{F*>EoQYx2rv5o(}G{I~#(}T9knrECE4N*)1#0z}Pk<<N$vb%tPHOsaL(P-`-
z$ms8m%v$%}@h*#Xhjrwr*vNmRkT0)`RDO6L@jU5pI+`0+M-m6`1Z*z%Vb*Gl`qtjM
zzN8O^Pb?l<0s3VyhKLt3_M-zvI}0gm5k{f_E44#)G6(|@CY()%$+9!Y6|k`Pum+mv
zcAn8Nc2e62Z7LmIq5Ku@9ZVC9Vh^cigP6bgRxOveFBi?5bd9C9TN?~GAFl-3S_Tes
G-$v3pBj^GE

delta 2203
zcmV;M2xRx+5ycUZAXjo}GjDH2Vn!=wYh-6DaA7fWb~95~V=y##PEKfYV^}YFS~gBN
zX;M*aV+u@cF*r~wLS=VHR#<psQF(D?Nij%7VQE2SM|pElNo#adVNp~!LN`}%bCXX2
z6@PO}ReCQgOi^hxPEct~Sb0`%NLpq|L2+|rV|O)Sb2x1)b7eSkYH@RPb_!%KN@qB1
zSX6F7b1`{CHcm}3PiuB#WlU&pa8+`3OJsLAQf^~vQF3rrMG7rGAaH4REpRe5HXvA3
zQEOE}AVG6hMo2F!N_2QIGj3&dM{i4bbwoK(R$6CAVqsS~L{L+6Y(jV|LPSAmXhRB1
zb52J=a#T=9dTT*!Lqu+7VmEDRYeY#hODk|xH%m%4W_3AXL2@=tY)z9-0Tq8|PeW;F
zMK*I*ODkDOcs4dyR%uQ%GBa>&F=8)MFGX~CcrRx$Nk&*POiBtiIb(K3N<&vSPfJcK
zWO`3zFK=RadMi0|MOJx1SZ+;5MNe9EN?KJ~cS#B@J|J*ub}eu+H8vnMc5P5}Q6NES
zT5~y3HE?WAN=#{YFfw;&c4U85GI3#RbwX)0FLOpPF<D|VF)LMSZAVlJLUdPkS8{i4
zMon66VpwZSP;hNAIYDkhSy44^O;<%SM?*<jOI34AL^(+cEj}P*eJy8lWnpt=AU}9Z
zE;Td?PH}ihd1pgtD_2=)F?Vb<Q+ReUOEG0QGJ174VN+;fV`X7YS8;zaSy5<0axYeS
zad2W+Fg938D_A&MYe++OMG90;XGLLRWkWPCFGX^93N0-yAZ9T&bW$@^XhC*qFGo~W
zWJPX5MK@YOP-b~6P&6}iOKEmESYcLVHCi}t3I#zg^)zty4DNGFBszE*B|Av+jt`_P
zXqV|%90<>;Z0YwEEFpjN7ixigMyPy3*$8x*E8;s7_=TeBorG0fz5PZaJf+CHC>l%B
zGXQsy#-cSs=XtKWdF5=~4W`PW3l8c2dA?a;*tJZ0ZGLw6R=4A)6xZBJFkLbq7L`fX
zvAY@C|0M%gu`-i=TF`p+OUKBkuh8nq30FHVj8BI?=4|RHwhw=u_+`Vv4ExbD8D;r6
zWor#j#N#M{&{b|*=*;qp(2%{MDX#W;$>(02mLh0p9W8X5yh@_><`dNHXbUC9@O`O+
zIXufVBJiu;Pk6#x#4A_uuj?laf96qTJ%|Z{^%l^i(xx(e2noNPd^<@uo13;4k#2)A
zeGk=yRDwY3=39S{ZKdNp9V!C-NxUz^UtZOCxNa3DS*FCF(ZnG8`ty}N=^v{jOD8)m
z0}+u}>-3escI^Q^T`?iP_?5dsG=FV6J@Ik~GFdfCTMuVQ13W4}y0H=-F;fUyPx7Q;
zkw_rkSj=Ca!#gLxiY`T!V6WnVF?0V#EmT-(9V-huZkK;5ZJ^k<9wTH)9OcD2*9uTX
z&FMiQ2*!Tj1&czSRNUBOh+nLc;U4-LpK3fVud<K$!6(g3Vz`QSnO&74eXJf4AoU=c
z;oe-z1l}#t`{bP#vtS-Q)K6eHLX$xwJta3~ikp1^hMpsk>OegJPs!qE$H?z>XlyCy
z&LVy30^NVDfH__Ede53=&47C6cB@w@`wdB(&MbTUN*x>|_pbKdV;VL(S??`s42AlT
zc|vwLt{j?pRs`_4FpEK_^c4_Ekx78VQ7wbW+UXGx`Ve)e5_-6xM&qfpx9Ud%8i>4E
zjVrFBJVY2QUHF6ns~1EBp$rM@6iKSQOv#cv8=ikjV<5bE!{^w%-b66bhO4vVd=s27
zmrGBDx7`lI;u!0lws2WYu76h83alA*ld_B9qjfg=8$ZG$h%6$*?>tdje?*C`eDhnG
z2Ic3Xvn&u|sUlBG;S;E%ZV9@1(vmny@H@660W@0_@VhoRb5XT`$wGI5obqj<iTIgK
zs4suJGA~1Fs(*|X8VI|+I*FM|sjp)2l?xngju`Na+Ib46zV?9|#&*evYq&*yR&jhs
zK`cvz0-U<{o?K|)%PN8ifqhavYt^gECvj>zkcFe}t;Js`O(huU;@v?>trf#Qn#D7a
z@ig;~A93QZ4F0Tw0mAFXbt)$GJ4n(}ky3y0ir3u31fU4r7Q{eLu%j47?_AGfH*^Xi
zUWY|mipOpD@{Vt*sop?bc*)QUB}njCRz`1++kI?v!=j|tO%8EMdzAVkeIaE-EN|r?
zeQVs^8-KZ>b`C*{!VU*yG&H;)r-&{mm(nmAa{*1?jprGD>Vi*-v(skL)&xtu)m(pP
zK$baMO^P=E-JU1Tql|3qd!ssnzsiZPnU1I$d-D+i4ikPC_|T)}m2~QlMt^JLECKPn
zEtqjO#EA0b=Tj;?l0J8D2$%;7sYQ`h#aM#wrG+@)K`cMfYAcmXoCs;~^#nFc99d3x
zGR8F}OZH89NZPd$<f!t^9Oj7S2aSIo6DD15ogz6D?DU2Ag<CrTjV@yxRe^CWe<bj9
zuj@@9IB177KvgQdHB0&9DUDX48IQjYX4ICJts>}h(Q(t-BwE^Hkht^i@2@iNRj;wm
zvn>2a{WhU9+e)@{p9(n5{{c5=S-RK*KBd{tQmLs3+ry2*De!XKPQaVC)?j~D0d$_A
ztez+E<96DK=5W7un%e#(XJ4H0wA~9aGtw^CI&C_kpdqpf!PzS~F_NX?jjDYgNP|r#
z6iG}-2s9rd+n{%q4>t!b+@Qh3#P1DE_b0_`@0wloN1xJCSzm(POg_Z6jb6+GX5_EA
z7uiUlJ*pqYtfr{|gfXE>FeGnln}y&Bz1hX8t4ieA9UvMYA5zvPi=K!2+PF!7(-7eC
z^3Vv*3EzhSZ%~wJ6?dy^FcF|67uM<V{uY+6SmV)C5P+Roc_&1I3RVaOIW*bxT7Nj+
dK8-QlzN<rq<x`nMS@}dXib4OuJTow<LF(!3!C(LY

diff --git a/nix/hosts.nix b/nix/hosts.nix
index 1b825b9..bf8160b 100644
--- a/nix/hosts.nix
+++ b/nix/hosts.nix
@@ -18,7 +18,7 @@
         name:
         let
           pkgs = config.pkgs.x86_64-linux;
-          stateVersion = "23.05";
+          stateVersion = "24.05";
         in
         inputs.nixpkgs.lib.nixosSystem {
           specialArgs = {
diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age
index a3f6e9d8c00a71d4a9a32998e53f691920ddd219..834e33e4f298820fbc44ba5a96e8ae8547287c1a 100644
GIT binary patch
delta 5812
zcmV;l7E9^CEx|32AXjy0RAqQZOJ!_WZb)-ZaW!OedPGGuH)}&eF?up?STHzwa&=O5
zS21x@MG9nUbxmYXZE|lkR4`#yaA8bNXlg<?V`NZjRX9v%NH<PaD?~{zLrOC^bCXX2
z6@Pj(W>jZTQba*{OL;X{bv0;aRy09VFhMk7XJ<`OR&Z%#FiuovaZ_bNG72_ob4OBH
zM>T19LP=3+ZaHUnZbDT<b7^EpD@8Y1b74g}T4qK?OL|LYa|$g!AaH4REpRe5HXvA3
zQEOE}AVGCVWmiLYP+EC*ZAeZrO*UssM?^4GMpk7nb#HWZPDgN9QCUf9cyB^=b3zJ2
zFJW|Sa8_z^LPU0FD`az2bSp(jZ*XpUX)kjtGIus%RcuUDD|$ytZ&i~|0Tq8}W;jE7
zc6n)Kb4Ef>RWLJ3Z#H^KXH+ynb8KWoR&zlwP)=7xG%!P2Sa1qCdNFB4QFC!eIZ{nY
zG*xFyOG9=@ct=A;aZgiJcS~$Ha%XxsXis5ANoNWzJ|J*ub}eu+H8vnMc5P5}Q6ND#
zZFpKVctmV3a8qMTX<1foMq+<SOK2}}S66g;Ni%Fwct~b%D>*?|Z*w&YR#RDMSw>i6
zF+?(QZ&X%KZE9;-N;GjraaUDyLo#ntHcC)7d2(4#R5&yWEj}PaTWvTwNitL|XL4m>
zb7defJT+5pS|C_1I|@%rR7qGfdSho=Xf$<jYIkByY&b_zO;|H$3N3#vEg)HTD{w(j
zFm-ToG<r#TZ&GAzdSzNsL2)o>VoED=GHO|QWm07?Vsv3nK?*FIgni1G0S>JYzYkj~
zG2Ov`kC8nH&bE|IXc2R#|2%a#N6=SmK!Y9KmPOlP5|H0Y28Q)qmLYjfV-Q%xoBwn4
z*+rpR5=^$9;6XO`u9$z=-ZrzBMRufJMA{RktKX9kgeJG4F=`YToCrrC_r%C=9yb{b
z6H}*(fcHRxsywBABG!n4Qk%X<iEa6&Fyi+DuU+t4R=kB#K6)p7Y8V2{bqJ7_rvvE3
zVMDneQ|Wg({b-});B#fyxh4?4iXA@mm$u3=zsc5LCochX#+HBHoBdKb?|>Bd<BR{U
zez3X-SFyD_41wCC#cJiwU0W99i>|V*rh#%-A43&Zinc|ksv<czWlckVr#+aS-6;|#
zXB~ihO8~UrsIUdUW5$YHt~?0LgU8x70adIk$&|4x?jp2iNW+~f#{)qFK^~m3s9G6l
z79+c()LKV*5@CNhZ><2Swsa0_BYXk0YAZ*<OnOLsK~SH{Mkk8AIyNv;gSy8k(>dU<
z@a|nvjy`?%DU;+5aAw;Wj3jQw_Yl+NL;@hv@@0=q#&36N(RHSJvSl^y4-PC#Kw-W9
zj&uyW?&u6qH;#=Q&s!lq&3s=mVZ4nmM6|KFldG2yx2=DpQKCFe<X`k77NOqz!m)%g
z%(F|Q99v!|5UoGB!^89oLO>&p)4tszO|%-_>@Lf1Phf69dmBsDCqif>J|k6hCQu|8
z4ht!COnTT|TA3BX6eClM{*s5L{isd_lT&NyM~-nx(f7EGDhZ;x9so>2!yu;8rWcC{
zLnKVUe?xzrOZielZDPYy35cS;wd>Nf;~M$6eg&cgWM^yHdz{4bHM&-Czs8?IM@vg|
zkUtAV-5T&d_x(OSw#m3jcw9TvD-}7G_gRf1eEf9Luoz2Y1a?_5^Vk#cj3vVymGzSi
zN%}1f3}oN6HCc}4F)=?oQ&!{!m?88_e}H&U;FW)!EK9!2!qJ?-em}OPu?*(i5OsI|
zgk~nmLoTAJ<ZoNd7a(9tB}PnA@6_oP5vZWOI6iuSVcIWn_(-RH;fL5Co5F<Z5!w>L
z>Xeh&ACDrerfKQ^+kF^zI%*_h+!hcTEQi^I`Rq-8NTa*wQsKiMH{%j{=#2ap&3+AZ
z=vsfev|xG?i4b_<K_n4N|8>Nwp6fHFfTE(>Q}Esv;$mbnNT!Uda8O+M`2F!-wKz(Z
z3)H-<G52!ng<%~SV?%>qdgY_pp=;XO@pNwW)Nj<GrFdeC4U1uxw^^6gbCn1N^44vZ
zVEDT|RBV-3ZL0$l1Lk5o=0AT>ORRi3Qo4Vc-kssfZwEN{ZU4?CD3!D5CNvo0TId70
z&&4bbXN+7~*E%>=H`Sl`=QaF*xcEma<Q+!5SBY5b;I&7014J63EtHB0%_E(C0c{Y$
zUen+fU+|h_wY3VO3U`{<%t$<>QCiUz{b8DjQ?+W-jK=LKxbHAu3K%kPs_Jz8UKoD{
zpaw#|F{5%{DOY2{HNq*3r35E)j`>A&WoaP1U2%A&Jbn<Cu*-C2;9FiJH$XI-P42*P
z4d@-E@%!oP%I+$JN^kpcdkd0{Lzz!4Y(EAjSN*;zGC*ll?Dw5z$Kg0h+|qJpi4N9G
zt)+FbrEMf6njqkZY1PoYwXHWF%Y=VA-r<R+H3HVUd2=vu0;Gx2Xel`dE`oGZI2jM>
zMJBW94WW1mQWk?i5iG#Q^&akzBx!&B;xk-eCt3(ApOF9R=x}1yu1BozNiIUkUuUQh
z+F<`16_asFo!Z{0TUR_uNrU;QSy#(d)ItNW+)m-+nHesmvFkjm9k2Q<1n+<3cq^Vx
zf>Sj}aFlF}%{LUs;`uCHHU>%hGp6+F)W+{-G#5=oS<gO`$CwpA<H?3bUr&EHrOvLV
zIyXu%dlYEJcPl>AXNX$SV{=DeT-9T}dMqhTVpSARdZ?7&1Z{oMd`D$<Vp*fDT8XMd
z_kDyDFj`XbfUf{Kf3}%w_7{IKg`bT!g;knNVFJD$YnTGW9D4$9=zV<g9M4o1$+srq
zV~SiPrd74QH(wW0<T2Ph_PeNZAcyx6FhJF6KH6pS=aTd<{}_WGCq>^58uN)4TN?j3
z)?;LDD~(MfE2v+`ozfSS+Y}SI(j|C6FJT@VeSzCybeB~Q&k@rv)Ode_>~>B$HDJ(2
zG%sX{GCi<09~PKko(UY6jz@Tf+z6jX+vI(s6;|1+wmn>Z3yIU}*^hyXZ$yU$orwMc
zLROok&N*5cfy6T-4op)SgZU8NdFz`-@v4cU(t^E((O8LJwkwsm*4H<C$C&Wc+qFm!
zq4@+zWK4nli`Cdkbdi5f;2V;&dkt18uZd2w_(`~TkSu4piN+Y&NGXq}Lfd9E8J#5;
z$;}m#C^P-YaDQK&%w1k~6z!fp+Y<S<JU8`!6|t&|de;%hNl7lX7JL|bNAAw2HRRH`
za|b5DXl$+_oTnjMx>bDnGDoM@{RS((Rlb~ByIGQc?QQk|BWr&EFtr10W(U1AT$3m$
zD*#OCIhv=9X+ImFeF;`Roc%Y6FrtP;Sw#KTa8Wff@xj;8qrdLo$6#rEyfCQFFMk!|
zWafTsj|zg3Ra68D2*X7R_!2AYZf(`M=%BaL8osd@Q?p_I&Vpgm5<p7^>-FO9fLqJ=
zQC5h`-`KG+tQvpYxvyph$p9IYPM70pfkDqEbA8BBphq=;R&a3&u{RQ24041NnGa41
z_Yp=NU5dWbG+?e^=T&i>fwG^ltYdwj-p`RVf7Xxhh;z1%#&vsK3iaqUi5U$N38vtY
z^#diJGI=jI$pLklf<msf20_BsS?7=v{qI<CiOy52A8&uf2KHPS#mjf0=e6kQpc^%I
z?i17;yPxxQyA0jWfWctAGEkOCgmSqMjTMy@SgE^eclT%9giZSJZ`yQcxAcH<8O;)#
zaG^cT=;rP~NBS~fsc1}(!jy-6l4VqDu*#b5oJcGBNkx~?)I-xCj;aI4#JOzLv(j$N
zLIk6-JT`yA{cXWMjs0&}-12G45deFmBf&H2dg^NA6o^vRPV{;G0WkFd+Y{@3Y4Aju
zh7Ot*t0-v#a;~HtFcSyFvs>`s(zp;?nE*U&-#cYA;p>2eDraFP1rq`yHdgmb!})%!
zXOQmDO+DK8LFuPk;n{wwfuD4o2)WGp&ELUV5RrctlD+@R6c)=}E$Q4fFMw+ZyVtde
z_i)IM?u1daGh7I}G0!P|ZhJ7O>uK@v(2Paw(%5}zy1H)N7~(A@pT5he;}2ie)TcF@
z6#xOtHnrmFE6X{s$K6Kqa3t?XFe|7zFGjk&ku@u=Xqe`fbMU$tV5jnVkunL(e~>;9
z7jS>st0SShwS5d4wBEP)KAbB!G1;|T#!)@|@?Hd>&dbXTT~aUj*g|8B_$O_!6+;AU
zR!RvQk@471G_;czyzt^OK>dc+<k%qeshBb|uf16EjM!w<%6ghI(GG1Ddc5?{YR&?C
zsUS;i-JGH>&`pjRC_JEB{Juy0sB0WKWJrJY7C562-~t4byBf$J`Y~W-`%sL}w^c!E
z@;RPzuvM|n?uL+Z5ObM$ul1~c2i+HUJ}xc0urdA&dkpa)q)DxUwN7eKwIC7aFJ|FD
zzD5D>>}XyNO_&wkYETt<SF=I{tlu&{;o1^N6*kWgQC^`z=$GAxV^DvP9pBG@gyMgk
zkRHNP;WtI0&uTGYL>;OSF>yVJZ!D{{;(I`T{(PY>GW6|{qDOr8c}o%3<1Eab^^vx%
zCOPN`O}Y=*oJ8Nh&OC#C_6Z1?MfawRlk~T4=!YgxR9nuX8hE}LDvI;I`htpXC2<Hb
zyfb(><Yb|TKMS{EX8$RO;u5~c4kUloU%_{Bp#=a!2+;*{ShBelT)`{C?n01RRdWjh
zbEI2{H(&3#BJ^x8>Rvg!)4^<Gp2}O)S~Z|n9rKwEsbRvfw_pVVN%Bs)tH^;egq%sp
zcn4_iTVHzOeyO(&FpZFQU^V|k@OoC2A(^+5_``53qXp?J^gWHL+v*^P0F{6FubRpV
zFcL*sANtCulWP+=Gs=nxZ>~F>ZSK2a2fOlt@-J_I%}sys{P53)X~OtL@xc@}3IkhQ
zSg$Umg?AiXxSR$=ylv*ALWw*xX<#P);LE-eAV~b8h;Ju|ZOA?#oN6#&iwUypQe_x8
zM<Z3`OPiXQ_@Abvr=LCc{=0v&sX)+d=6S9j+SCbvhxtL>OyBxNN}L}%&v5uLa?^=g
z@7Cp{`jme^x|o~(+^Yc>@gE;BepXtWq1tA`g}1lHJe^ySfSrBH!`_KTo;>p4E*`;9
zY`Bw=Vdvcr(!M%J%i$Wl3FK35+ir`=0aVyw<XsHbrvSvvnIEevbGm=4!D_QzWd5R?
zs#!>jwv&1|Qu4iGN+iT{CVJ`lm{pz3%z<g4eN~E{Gr-#?%em}GB8E<-fSbC_u^`8d
zoE8L<o*>3N9%LSB8#L{2V@nBBUMY7hhEO=<uD#d0JlG<+!4A6vf0A6(nPBE`LcNvb
z6Glu&z*`#U-{^=wjhTOJVn7Wi<1UN@S4tI^gRK-e>8YXe-M5+lM3Sc8`5~F?G*$n+
zGz;4Z<Q()#;t*FA4A3nv5iHLhqMdtUt#SNuMVHa_2kmM@+BL?Zj15TqPg=`8-cX+R
zKSft}z&(#R0Ll<q6kpJLs4X7|AnyQjl~H$j9IAh!MkLdDQcZvDuQb5(qTC_Ry`&wr
zAE|Q4M~Bw+FUr(PXAI14=YMLub9T^k|CuQuYtjVD^<mQUoN64hMTO6~pg$dtmrPW`
zM+;$e9l8lv292>#KHbdU&hv89tqsTx9}mH7+n`qLn1Is<Qi~@HaTHUYXixW~=+eP_
z3XZ%@f1viBBjJC;H3GTf^?k1ngm-Q9dL$_XABSWjlI4J^#0Pu3K<NB1$wu&g3h;vX
z^m1}Hqw7-iptow?!?KizX@kA%$ZuO+K_;3f(`gbbRTgABQ`l}N2@$pt!dYS;I8%ci
z1`;Z67e*a1KO1H=ycEO-ElN*Xa*`sAYJW%S;q(FmyJUYG^3s=(EvB8et?HlKT$8<;
z5wk|DI>D`=Rc)2cpGguvo_{M0oU2458@mK0DTc~;@vgy4x637{*>IB?ueY#E1@6)n
zw~l1m`L(bs<NH>R>0~(SqXKSGuu)>32tX=x5HlYJT&Gn1#bKBnO&BkPFwI?v%x|RS
z|9d=@H=KWFYHSOPno|93-}1sN{a!+rG_xrbQgu*3;#=h%*J2$BA3s<z-a?a5Yzwtx
z1~eASylJ&YveN*9JyHB}(dBkgi*y7+8^Aql3yD3|>N2=RSD3kuyT%3ss0A@Y?fL!>
zFr@{aDZ{~}DEu>n@M+PM6jnx}2AtyYUBuke=bL{9BHPKrk>0fC>`>x98GKiT(pr?}
zZgQY2vS)tVF}ADTTtcl@@RNW}PoSEdwVD;NFUgqH7%c(+b~1;go+rOg3A1R&z5<PB
zn4B(y-=0gpo!Bao3srgUq`RuBLQr(1{PI`4OTlQ5?L^Abua^MGaS7*VxHR&3VAij`
z-n4(9>=-KIqCtQ;YzSDlj2w3G3ES;d<rXh%oNSRl#feqnfp4Ofd$>97NZLaH2<Aow
z@smJYzlap*(hZ?cQs=!G?Q@xdWP($Vw<pH3Cz{8mV*(As;XgIPU?+?MPt5I}*C{Q?
z7zp@Nb*}|98-XkdZ7HRr#C45WBCQ@R;OT$7M(S5wAUTRjBl&MikQC0t7y-hfsreyQ
z%t|XrhaZ33s$jPW6J(@lkOgg1h@YZd<2`gT^}%oTQAaCKfxov$_%!1Z^QuyGoMLYe
zcMtwXLYZ<7^nSNreF+D*MQgrnGhiY9woZ(wz6O?~eRfaw_-P-i6nJ?dvZrsKc8-5S
z0hNxaxj;G`qVi=CmQXM}!+8i#+fyu@w7IQ@8WW|(o|)esaEKRQH_IUF|8Z^{VKx7F
z7c}TZ@D?uDSFJO*!9~Doay&gMv0(X?9e2HoahF>_=;{+4>fEtD1?L?wU1GY(i~IzD
zZK+<QG@ztd*{uG>mJ(cnwms8HQ4@dlSt1lkYppKST&WISWu5$JRVWe}GNEypEl9x<
zrPP$(!yDPD?}Yoyp?!8~S4Vj31Um*@r(^-XCO+?XZq&#KsmKHg3ObkbF$!@(Z1D$`
zvl&?4H@Hnq9Y|u!eHMLSfB%CyD|zi-U@}$ePPf}ZP}5}NY3N2}`Niei_pg7^O3MX8
zkx^j@aU|rrJ4Kn%CUd12G-R%9i&7|x^>%FNi{=F8JM>0@2h|e*B<%7ZTA8%j#41Xa
z?dTv-$%k=~axKLlaglf?flm5C$A*{o4~7#tyrB>81g9X#d9_+728%}c@3(>b;HwQP
zv0fx=!<uq`J#gF9I+4L_E46<<ROO#UUr3SoxtJTABOQ@8Un(gn(DiuU*DWqfXAfS|
zu$D&()8jH}gnX=gX~7U!xxF6vGe}Tr3uB@WjG`LY>JGlE>0W)Y<d3KK`E-*9O$_kG
ztx^V`QE3`5Js@l&SX7&w!`SI@-S4-dvjiK@em)2u`~aAY24H2gc}jmf%K+lap37gW
z?PAgYLAXuJ0pHeop?zX6di7#x3*ly2e=`YP<R4D(7yb=k52}j?0aT!zR`5jz(XvtR
z;BVTie!-=a`pv2aaU?#TM-Zs*_^=7q<*Eb@PQ&ao&{x}!e~9mU_!gVQ_yxe6tde)-
z;}+u`CI#s;-)m=JtCN4S#+IW^O;Me_EFMjmuu+m6lU$R%%zp<;im{wdLeX_&Qb6)2
zJvwGanRoDL9@Os<)n!$Kibj<fq-yjax+WNX8%7HGBp4=!Q5hCeKFvgoV?P<mf@20^
yx*cZlY?Vt>FBUclEe+|9+5)ZIv)%n494sZzXUEu=n;ds#SgHuc?2rv?r?}c6!m`5v

delta 5811
zcmV;k7EI~EEx;|1AXiB@V|iLOMoM98M^sKwPftctbuw>HL_=v)MRa#ZLP%w1a%_4+
zOjKc4X9_Y<bx~?YWO^%YZZvvWHFq#Vb}~0LVl*^2FEV*;I6_D<Hgj-CIcr0DW0Ow-
z6@P6@SXDMRX=yKHHa18~bZbjAdTei0NOww8VQO!2Y%(@kXl7M7OD{$;VhUC=OG7zQ
zHd0YUMRaXxGe&H2Mo&3;P)BNVIALgKFfVgRPc~zCYcDf!Zwf6wAaH4REpRe5HXvA3
zQEOE}AVGR(N;f!ZdPgr)bW>1PL1#00bwp}Ia9VeDPf}t^P;qojQDkUEa!^lVGGz)-
zQdKc!WHwS}H$-Y#Ib%^aPh?m!G;&dFL~KY#VOm6Yc2{FKPeM+0ZdsF00Tq8YW>|A+
zSvhV>X;NWXNI6Akad%2#cVszAGFeVVHgIr3d2KLHb1Oq^a6<}Nab#h1Pf<cab#_`+
zHZ&`BS$b48VNq9NH&HMzGFCTrMM7&zXh(B*a#0E`J|J*ub}eu+H8vnMc5P5}Q6NEZ
zL~%7YYA||Hb82%<Q*3lJIZl6NHhE4%PC0ONMPf87ae6RENm+4ZZ&6VSQ%_fNVP$Vw
zF;j11bZc~LLvu+|T2p9uP&RN)QZqI&ZB$lxVK*^ZFHkrNEj}P&S4k-?XL4m>b7cxq
zPb+LpP;GEgaXC(TV|PMrRC;YtS#DTCY%p|8VRbQ2dSY%+b46-yX=8tEWn)1|RCO^?
zRylV_Gg5VSZBRy43Sw}2Fivc53N0-yAXj2zH$+G<dT4huY*TkhD`-kMZgXgBWMpkm
zPcLO>F?nP{Wo<WPLvT223M7~Ohq2p%Jz2T6>`KyffgNb04B6%5NL8{NWucd7I}RFn
zQ{*U|&q$<MkZ3NMZ90Fl5_LvDB&uOr>n6`*jag;x)*C@i{%8O|`docCI=8;=&$cmZ
zXJ(EIA)kUG<1)K-I+{Id1_7B$ybC(A@4;M4$oHTp3t&j;^$x!0clG}S`Tud&FP*hM
z^*)^yuNiV>pefn|o4X1e<AJ&=#^qZD+KGmars@<@x&-QvQ}BPVYfOhIuu}y@@lqy>
zk)9U+mmFG60(u;t9Gp*Q3UqwZmJo|_fx19QBLSL~KrPIWRH;8mj9nYy8Laq6v>}^7
zHNciG0_0QYaAjAfF}+OmkXyy=>qZdgZHW+nf!_mkkN)utYmX$kQ2?I)6X*e`fG*Vl
z>s;C~q-meP$bf(8+YHE+kQtl$H<N+ZZJe**eY)lk@kq$bQ$h2x!`}7Dd8la?27LE#
ztYY~FbOHx#IFej8TP<qh0qB1t#b6Aq8tahHj|M;G>~N?bT0w2u9PT7EaZiX)L3MZo
zdh|%pG1QJFX$qy`$EDec=fws2y#Vg%lK!*FiPIE(9mIb@V)szLCVy6R3;N04@F9c6
zcLd-s41AOHi3ClzQTM%*PPUX}+}1Vjwfhpp>wPBA=syO8=}P|62BjP%^j-=)=OaZ(
zkhn4Ew^>AC1zzY2AYJY=q}$MYHQ+bUd1okwW9Y9Hm9?vTQL13%p-hK6eB<FxdjkY8
zPZpW9FHV0){g!4$r>u_{mJzKr@!cNEWKhX3(uOHI+Wz(8##H>~`tiO`;J$fS&*EI5
zKvr&!$bbyi5>%kM0EYKi68t6`c^=$+LF2o}E;n1M&z_YrTYjA03bWXKZs%P+#~{DU
zOb%odGPsZ9MPbT+)B9Lx27W90dDJad+@?!z!PtNDYNy$QV+f=a$w<R*<8^=z`1fzr
zV6226#Pg~c&7h7n`Fe>Fc1S{+Lv0Z|h}jS^uXa(<=53;1ZOOj8X|3pllJ|FANeO;l
zkw@}st9wod29xl76f$SFynG6j1C`kD&Z)8n4349xD`al+HAuB{Oh^fK;WC<6pt+^R
zBoTj)Qj>-LEErNC^6<DrVF*e``yp`Zj|SFG>UUM-HHB&Q)rRO;PoA^QoWYPEwnG{c
z=`Z{(sH6kevyDM`#ZK07;~ZkyFzrxb1f|-J9if<frN}L9lFB<&U!Ho7_}5qAEH1B+
zIiER$aqd@n7tlU0AS%l$20*^k<hlHevEhFk-ay?$r1Dr)YB52wPT>!CXhih31T=zT
zDEwy4T^Y~|A)r3J(Qn3EHf{e+(620vjjwfGB(D9n>+S(cyx6#wRmv~#)0iFbNh(Zh
z*cBWsyJ58w{g%p3w&hJ<lsf8iUoSoFE`w*j;=YY6m)r#FDB}Ze6F6V51xB6~r$c`b
zc}WmGOR1B@9OB`S#(X>_1;G+st%Pu|^N=BXdecu5IL!Vo+0TM<Hgpk3uRh5Pr97WP
z#7mL;*@>fx@hcqJz|dd0It`6&X#u5Q->K<k4D2uXDm|E$#Ao3QUF2eBU3obi=ZJ&s
zpily<=MZAmSy<Q)Hr(nsjfWg98B>3?P=D?%E;X15q8`$FiUAEo-e?mYhz>bfJEa;z
zwN{DHQ7R)AiDtcSKQp}E?g=WRJ2No|X+kpDrO-)!*sW4cAcnf1y4D^N5kvm;Mxrax
z?JdjIqF88P+z3@zUCzubO|!4Wu)uQm`i0r>621ATt<7G!rdZE>Sl5a0@OOXRewgB}
zxtoZE)o<T$lrY3R!JDTXweJ^NB)h*^xHR2|pjAZn#<|yYj@X177#dT4;kn)oi{y!g
zw%?TCjRi9Pa|O4m9F91$|Bg(r+#}SjtA)+}3PRo<iLjNW3cxkgrl#A}xB2*>$0ir2
zZt~Sc9pt~GZ|#4H!uohc)((G~DV@C>nmiiMXT;~nV3MSPuJ=`b%>_%fF8!Avq~gaZ
zq|fVn)Qp9z7E+c-;0s20sQ}K~el3`m+qf{T#3UVXQ&zi(#xJ2l1xRA4HmtKR<0jpZ
zBHdkzitV>EaXvJ9bNK<kiIu6mm0<0QZ^}zZA>!&0QAEJA))&){LhFC7?T2TLgZE51
zBD8(}Oazgz0F0iY3VM0@C2xYEZ(AUfP5)=S&~Jbcc^_hD2oL>!Hrok|cV-)+^NYn>
z>_kGbNocqz_egx<xjatEpgyuuAK7g`S}-beOJSY5sf=DDmH(9Mg!*1ZgQ^!iBk_bA
zRaCIG=^J~b^wbE-xY~as%`?Fe6s=(GY0kJXx_}tN|7>HZ8*S9bJGq?rTB(VAqDTpN
zEmdhib^hQK0i>(>XE>$Hn;e3;x{rZQQ+-s_4vS=?Q%cHSOc#IM&fi7xcJ|&+*He1z
zVo2q__CqW0u8uOu3^a11?Zb|c&q{zSN9fncY&eg{qQ7CseiDBzNlnj!^yk?vDGqJU
z5#%1ent7c-h!HIB1ii=gL{Fch6AkMXdXYv-S+vK~JnM=#)A#neGox2ItiX-uE2%09
zLxo3wp$BNNrK;f)ZmBj|;;XUh8S}sK-Cg7747i0G2Ugv0K*nYF1w0oG!6N`X5Y<*)
zr}W7QqT-H~9iM;Oa;QalTNsw2<+9$_ZDIM+$<;{qt<)<O64feB6&(_ijn~HVFAQ7i
zM^-!e(wbnRFM_fMuXRi7PfNd1;dgM%L7wZk`I!0C*_&Fj#L_Ug?Tv;IsEoNXp%Q~+
zyBQQ3R}ZOKNqLF3y~#p5Sv(@z<-#0FHTb`t2D+jD0hxd24%S=yeur9Kth2QSP;(b)
z3suG^d<j{$<Zh@cuPu6GD3Wc8TZC5>(woBg03}B>GsPotq(h*vP$BHFbhcF25m`f?
zr*t(D_3YK!u9junY1b7WZNtOWd#WvGZ;y6;66Eu!H$M!xCR}Ih;oEJfex28@vmg;8
zz1IURx}1OFn1FD|4UM@oK0e6brFr}P%`M;#dg;~ivY#f;YW9L8b`t@=YVv<BjGjLc
zyMK_+A~TLF2tUErdQeLTpu#psqS(d1Q3a3`_EagcJ_TX~zrj^AG5Y#zAQBu^wpzXS
z*j@BXjfx)?CPzQA6F2Q?iMFOtSQU+jBchY1eeHkczt_exYG14}%idi+-2|%2-`fKD
z;Y-&Qgua68$!Xo2R@~X^YXIH5I+3>>n79HxPxT5!5U;oAMeTRyx3e%tXH!AQE$H#*
z20&3#I5Z(ay?~J3NU`z-sn5`fWq8t66mEi<8Vt*EH@QCeb>Px<S`r;<`~cIz1szRu
zmi&MICqn;vvN7L<7x9DIlwR}r4O&KeD07#tYDwM`WPbmlnVS1b1oU>XjAMWA94Gv4
z@B7na4mu!U<1TPSa_s?`#M(IunjRz|6gp%NOx&ztB6-0YKeo%{Zsf1OB&DX{_qN6&
zl4sLfqL53~mYALAbX4b)+cuylj$rXe<2!#+LN&OBQE1_1B{w4Dmb;&s1pw%&aw_f4
z9sd%irsOjH%1>_t|2z=Bc!<Mh4619kVBfgtKNn$YDn%=Xc5<b6t<vS%jBDlT$f04k
z1jAYYTC9)6tjI058`prGx*5iqKcH2WYGng369B~Ua1P6t^Sr|UjID@w*sZ*f#qNLV
zSJcM_9!ml%fwRFDtTY_tN@qB4RGSg*VO9OeR_AU$^*%6z9ZBh@(R(TCF?>mb%2tI~
z7-5%=IiKfz+sw8K3053e36piKQnWBSstGDm{%bFCOTal55f-<eQ8!(>XjS{~hv88%
zo9#j$+77+ek`8pNPfePp=)}^IsfT~bx116PWxWKanzo<<rVUub$2sAaUE8H(UI5nI
zM4as9X?0`#$`7^x=*bc@^o|vllnvZRlfdgTofQ=uzId3TNk73knb@{xD}~T9!XEQ&
zCA2)H?@cWvIgt4rvVqjCXs7a0<5e-N(6DcRZNj*V27^3&Y*`PZ1foT;!nJ>1b>m3X
z{WQ9%fehT_=W+wM%j5Da$pH}Vu>rQGe?@ydaAGq&+X-4u=@{#hj|ECyC<K=V{D$vP
zzeUv5@gVKwZm|oi;t$YAdco;1S91axDjxx23ei6bck8+<@N0#KkalpWgh#qD_Wj!V
z=GitePm%qTffhtC2nj%ftVe$hs;h@nW8hDuVm;4(C&&Thr&l5=a0`{L)G0u6cZjya
z9Dz;Gq=o(!oV}$}W{E+vs1}-FrcJ@UUze40PK1Ax(s>wHmRe~AYq+YJ*tpyJ)o(82
z=#n@}hmf|4ERhfQv0%XOavRt65js-ZV2_wRq4QZX`$Ipt@EI|*-o=0NEMEr2W;rO$
z-u-Rw`Hl!%u%9oT`EqiO$iPtll7Dm%Og>91U;X8!&m_!vaN={7&Pk*q(cS2PTrjQ+
zDf@`tZwag6lWI<O-f+Ug2az6l2W5Q<>qA3~;k%w-UYl?af`)5!JLYq<N)=A;Eh@0|
zfLD9OU#(Rlx;JNEl^%aB&cOXd+*O1cXgg_9H8k{QCTHQV(hZ|ImLS9Py_uGl;s!GE
z0V*vCk&dVyEZ<HTdb1@_V6#B3*|m19Xdj9bh}K$)v}PmMygMhLt?%?q+_v9}$5JRF
z#g}Fqfk5I8LpV;O-}b>!y1cEaOSO@-*CG1k&^`xx>3shFcJF`P9)mcSl>)_xpHTxb
zSO_q#{wCj=1;0t6Qo1>wTfKb8b>3)c-YSK9u~Ha@P4B)ME81Qdd8n~+G%&C@MT`EI
zr`ZZkO-R2-yHn(_K-W@vw}amm=bP10Z}k0UiD&pL9U41;IrC5Y(RT&RR`{{2;{LvK
zH81*!5C*{R0^xtgTV~9=?IZ~HWqM(0iaR9ZjlA~S?uwLAB3DT@6%E52QsZ5luO%QX
z%C`MUK_RwyUKU@VQQa*5V3}73ulN2KA(ltvv}Y}*O$db$f=oC_3YUqFyBQ#Aw93y}
zAZ;}39V}oi-dSFfs}g;qiMaDyMBGSek4!JF4o+V~e|Ue>z={kRC=Oc@m-2G+%|qTJ
z+nwN71#!#GlR<2bT;+c)+3+YZMJaNYA>MEYp1GZK$SD1BuM$CWJ7ajrzfcNc5@AB7
zbXslnd#O^Pg>FJE-Z@iwvJ9*L#V$hGtdSYZcCJ+KzuOrU6fxtdEb`310M+FI9{k5U
zZ?4SfKly*{p0r+LRu|<2eySm>K=O@FOpIunemzpi{yf0KanNbNaww#{3p8Dl8jv)Z
zH`fZk6|BhkY&9({yJ^ep#=-rQ-7_Brs^Ok171;#ezmW@?{4TTpT!VjzwxEqy-HvnV
znwD%(BqA@wa|8z32T9CATy>F}Yd}wUPkOUpcgug{Q6scy=(Jyj)Eq+WIiwDL6B!m3
zDLuFz)K?~(m9FSm<j-aC;Ua$wFJOb+n{03u?ZzdvLvX(Rno|b=r{e$z{?%`CXb{_0
z)MUn#_%uWr<k$7)w?V2fzi3j!%23}l-8rS#>VBTxmpD5QWm)^fX&Hn{nbO{m!xv)~
zUu=K$Am^mIFPyPzBBb)1@u7^900X6K`8VG))o7|-ApXz@Or@OV%E7CxEfJ-O!klPq
zkl)>7?y<X|;cHYE-~AEPBPU)wk+W#g*RvX1%X>pATSZ`dum`o6EpQV`cnUYP1`AW<
z7OrTUdE=~yw*IwN^9No0Y=($E;K@7~S#5ujvL-uOI|!day7ay@Ft9bxqT3tLIp@1<
z3!W(pA!;GNWO%p<sxB3`CCv$B+^J_>ZX2%DgYl>nEK!R)^zAL5f5mpf;k?y95$jNa
zbW(~T1IRX=HE2*aHoUveQ(VTl6fE*+CTXM2rqX_DW0P0I)n2`Jb17qDSILJp5*&Zi
zW6y(OM~hU?#lfXDZTl%*oaabL%zFQFxWbGlLvLG~0-<vy*!Zb4Ypl76g*a(W0e`tJ
zk)Y|QnTc_6bwr_$>g}*ky_4H;Q>~8kt}v<!TB+Wv%9kHs=;2gXDnOT`EzdGAqdk7#
zyy=@YZ9%l0g>6{Ug&cyR0(29&%7%a7|2hE-e&-~+us5{&t=O3C3F8c$!_59-*f7JC
zfFbM|73${&iRxNe29TpeI(9^VOoe6jaEB}~gMYN$>3P=XL+LfX)agX;N*z%z`V=ID
zr6X2j9dt4pu+6pC5TvqcY~&Hf$#`F?$?ABsw0rHd(Rq|@&N0~iNDO)>d~JWWjRAei
zn0S9;Re}Ar6%?&u3!bNG`Z6nokM&*lJI(iyf?!44Cy~u$%*A>Vi?@@%DdM2zjPQAY
zlgY^H#?<9q$3x8;MF=_)%5}D`gUO`Vw82XM+)m_3UE&nlnY`26*k@OT#@nVGQYWd_
z)c4{*eE_HuHw0Nu!dLj!fx&;}DKPc7>JUnzk9Rliv@U4+_K5uY2vxWk$t@%X&eT?o
zY52VdU2Po2SmuOTyTK$-(X|Je8tQZfK=!ua%H8vS>TchFB9{NiEswVOW&`!Yb2r26
z9hS$k#syTt+&s&GO>IBh5dz`zH}~`{{|bFGx)AuVxYSGUBOvHTq1}Il?v9|Qs=HY7
z>5yQIAEZ1b8N*D)atd&%%Qa6IZBrv7K4GPs&K!tQ-7551(_IW<<3xCx-`FitKD6Xv
z?@Jo5&I42F<wBBNc0?S&4+&j#!=Z;ehhU>zDdNN(mKCh)`>sIV5za9>U|^5WeOzm{
zRw&@&-|BZwJ(&k(e+qxBbQ4B6e96;M$Qv~TN{gKQ(DGEwCi@dpYNfssV=4q=y^GXY
z7Sn1P_^a2B-MvY?Saq6eCmybN#>$~UBK)i&S3VKoi5wy11fG*1LFmo!TF?sPB_VhU
x@A^hexWLO(6)Z5-o}=e5Jz`~~GQRWa5i2$wSS_@WBg`^>1IY(EVjeCjY6ZaB_oDy+

diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-invidious.age b/secrets/wireguard/elisabeth/keys/elisabeth-invidious.age
new file mode 100644
index 0000000000000000000000000000000000000000..0219ba94bba8bcace510fdcfd51f58d01942458d
GIT binary patch
literal 827
zcmY+<yRO@0003ZMs*D7ckUFrCm6~8Xu^oru2q!sq9ADyV^4n5{65kzPe&6jQv9q-j
zNR_ByVxoJeZU_VnbnDU)B;J6b6LerWPw?qGh5ppf-D-qQT;!h?Rfu&2GQFCB8ATDx
ziN9NqJCbDNV~TTPIl`<ya@+OhvdgN2$+TlyY0|h|V|b0=U0vK5AU{U}9l><%5M57c
zC5nNz-l|cM_SXjLyLxP1-Uu-6rf^2l6Nd|9p`WnryzyEU%u=Gvaw%A{vpp?}+W;#B
z=~$o{8qlz;jKSK7$T{4eEG=?@i`LY*Q?eV}y;cshon)@*eAp0$wktD&CYAn{1x)Q?
zu@g4-WZa7lQu3o5_fg#`BFG33^%7kqoZ!^j4h46HSJXBFY4i{hRK;V>5V@UG3eL5d
zk+z)xn9#9jMClP0bH3cmx2*qPm!#^K=~Ba>xTCy`mR6P8xS;A~#T7YRVTTqpI(i1n
z0?BGHw?l<RPnN?i7$@}@CbM;B<YCS?3>mJxat|n>cI#Uf)n#g<O;{}5H-%lAePFBf
zESEe?%gMtW<+b1d3t_C6q)BqlU^pg%;&C6Ug)zYMjl$6m59TSrET$O~MwWvum2><}
zN9T%Vy|I?|XCF_)%0Jcq#ESY&>evo)LMhhsHgqU@oykzPh*w6KOKgDgq`r4o!T@8R
zQ9-*e&gXcsCA_n{O4aTpVB|HS3IBzCd9?`Tl^{0)S-@lBYmx5R<APJf%TT7UjK!YS
zR>nXTweF+-Yzb4aNCuNfrqk)9Z^?}g1pvegmh5$|IJ9bfNG>YcDJrJeg1E4yXj#yf
zjePm`cYpr&&rAC5_kTUR3cr2$$2VUYkN^JV{?{+|@4uA~KRqLwFP=aB`4jN`&i!{@
my?g%rwfW$|J@(0y7eBn_Nc*E-uReJB^wICHe*Eygjr}h?(ie>Y

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/elisabeth/keys/elisabeth-invidious.pub b/secrets/wireguard/elisabeth/keys/elisabeth-invidious.pub
new file mode 100644
index 0000000..d427d93
--- /dev/null
+++ b/secrets/wireguard/elisabeth/keys/elisabeth-invidious.pub
@@ -0,0 +1 @@
+34nMC0dvuS70Rn+685ExtKqQcEHdJvUzVvTcTZNwoVM=
diff --git a/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-invidious.age b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-invidious.age
new file mode 100644
index 0000000..14d0a91
--- /dev/null
+++ b/secrets/wireguard/elisabeth/psks/elisabeth+elisabeth-invidious.age
@@ -0,0 +1,16 @@
+age-encryption.org/v1
+-> X25519 rqjulMMqQvFeDApkCZo4KQvgVbmZ/TLOpy3fe9CQCTc
+j3JoyoBWSZtVDka4qqquips0HmZakBuToEjNe+ZEccQ
+-> piv-p256 ZFgiIw A4e5w+3n+gkOMBeSI5VklW1kJ3846byVint8b7HGer4Z
+jY/O+b0JwsNxpSvEtrWB1IaeVACDagAaqfLmoy9VGrw
+-> piv-p256 XTQkUA A8WfkKXTvoJ4M4gX/t3xaK8wy2pZbLO9dBHrlUqKJHjr
+I6WsWbqg+DIrOR7cJCk5cHz4gz0d44RhcNSqUU/9VSA
+-> piv-p256 ZFgiIw Axn28eRfih6xjAKMw9ZFXHN4jKs013d2IhmLTAwl1Ixq
+RldIXTSGdfjC5o4xzOttzyX89zAsuJGitSeoyts62mo
+-> piv-p256 5vmPtQ A7sqh4eBJsdzALHPVdbk2WJ5YH0M8iSBX/wP8DtI7Mpm
+tq6yVRXYXKwQD3qbvvBdF4AuFehgvgS7lq2DkI5hI6Y
+-> s?-grease 38 Pego6HDg _|QaxRe
+rexAgfgN8bC3JvURMFuCxfHxnIQ88B2hvka0BmvM7XJSWA8gAGLxjhOr0sw6iygG
+6R+lshVeDfexCFxX4KWENEVzb9f4JWCqcGA
+--- NtjNfHsaetHNRBHHwX0ncFGEb5hewYNhg8/WmJCLg80
+O���J�Z��u��#�|4|�/kd��	����n��^@߅3{��85Gt������0m�.!�׹���X��!��Q
\ No newline at end of file
diff --git a/users/patrick/firefox.nix b/users/patrick/firefox.nix
index 672e8a6..d17f04a 100644
--- a/users/patrick/firefox.nix
+++ b/users/patrick/firefox.nix
@@ -39,7 +39,8 @@
           "media.rdd-ffmpeg.enabled" = true;
           "gfx.x11-egl.force-enabled" = true;
           # enable if grapics card support av1
-          "media.av1.enabled" = false;
+          # invidious kinda depends on av1
+          "media.av1.enabled" = true;
           "widget.dmabuf.force-enabled" = true;
           # General
           "browser.toolbars.bookmarks.visibility" = "never"; # Never show the bookmark toolbar