From 585a48c931010fa0bee1c8dc5a8b7e0a74d6ffce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:11:21 +0200 Subject: [PATCH 01/12] Update secret web01-gitea-password --- .../web01-gitea-password/machines/web01 | 1 + sops/secrets/web01-gitea-password/secret | 24 +++++++++++++++++++ sops/secrets/web01-gitea-password/users/joerg | 1 + 3 files changed, 26 insertions(+) create mode 120000 sops/secrets/web01-gitea-password/machines/web01 create mode 100644 sops/secrets/web01-gitea-password/secret create mode 120000 sops/secrets/web01-gitea-password/users/joerg diff --git a/sops/secrets/web01-gitea-password/machines/web01 b/sops/secrets/web01-gitea-password/machines/web01 new file mode 120000 index 0000000..a3c776b --- /dev/null +++ b/sops/secrets/web01-gitea-password/machines/web01 @@ -0,0 +1 @@ +../../../machines/web01 \ No newline at end of file diff --git a/sops/secrets/web01-gitea-password/secret b/sops/secrets/web01-gitea-password/secret new file mode 100644 index 0000000..10981a4 --- /dev/null +++ b/sops/secrets/web01-gitea-password/secret @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:bcYm9Jx6NS5T2085GmeUJJeLdD1ZtGSfMtXNWcNkeL7F,iv:jR8k0EMO20ZiBXmb1ddJS5x0c95y9vEPvMig0Y0iXBg=,tag:wZBLbCe8ucQSIGrNOjN1jg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVWx6TzM4MEpmZ3ExczZo\nNS9kU1Z5NEl1aDdwSzUwSy93anlPQXdOVVVNClBqMENEWUhLVml6dkRZaVk4OU1V\nNjBNV0p2MjFLMDI1c3paOUU0Zndsd28KLS0tIEJZVFA4akVLMzVSanJMcWwweCtE\nZ2h2NE1mdWJNd1VWZDFyT0tvTmlrV0kKfsW5qG12wP+hI/ZCcZNsjv5ububSITLp\n4SzzyeTzpDrGlu/h52szD0VYnB0w3/fF2Ar/lvBYN0y9MXXYUQGdRA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdmZUaThzQzQ0em9reXJM\nTkNNRlhKRWoxR3dVTXc0TEdXV2pNQytXK3lrCkk1Z1g2d2R6V002d2lXNWtFMmo5\nT2tiTGpyRTE4WXk4c0hYOGdFejBITWsKLS0tIFdib0UzL2dNbXRjZHFYOEVGSWVU\nTDlNN0xSQWgzdFVhV21SSE9JNkM0OGcK2icnV6pvh7PMVp5r51b+Ukgl95XiiTHG\nDjj3M24jEh9UX2bYraGyRNnLh3piQe7Jim3/ZAHSOzl105GulapU5g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-10T09:11:20Z", + "mac": "ENC[AES256_GCM,data:Ie9j/N4dB6qKtpzPrQROPbsGQCfzYL8dhtptOB0XQw+mh19vpcvWyzLqYOorM1eBKrUWYob6ZHe27KXxN+9RtPe+KFABlFAQRENfPBVPi9Y7/XxMiMQ2gL6JQkvN47Aou/jWhPIOeuCXuEqr4VEOa0F6jPLmS9aPPc95MV/cHxo=,iv:/R67c5rBG3nIm6iAJedPdXL8R+b1RGez/ejzBDW4tf4=,tag:2A9njvLHsAzda+kh8PYj5w==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/sops/secrets/web01-gitea-password/users/joerg b/sops/secrets/web01-gitea-password/users/joerg new file mode 120000 index 0000000..4c1fba9 --- /dev/null +++ b/sops/secrets/web01-gitea-password/users/joerg @@ -0,0 +1 @@ +../../../users/joerg \ No newline at end of file From a200ad5f62ed433d59bad1658728b08cfd69c925 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:11:22 +0200 Subject: [PATCH 02/12] Update secret web01-gitea-password-hash --- .../web01-gitea-password-hash/machines/web01 | 1 + sops/secrets/web01-gitea-password-hash/secret | 24 +++++++++++++++++++ .../web01-gitea-password-hash/users/joerg | 1 + 3 files changed, 26 insertions(+) create mode 120000 sops/secrets/web01-gitea-password-hash/machines/web01 create mode 100644 sops/secrets/web01-gitea-password-hash/secret create mode 120000 sops/secrets/web01-gitea-password-hash/users/joerg diff --git a/sops/secrets/web01-gitea-password-hash/machines/web01 b/sops/secrets/web01-gitea-password-hash/machines/web01 new file mode 120000 index 0000000..a3c776b --- /dev/null +++ b/sops/secrets/web01-gitea-password-hash/machines/web01 @@ -0,0 +1 @@ +../../../machines/web01 \ No newline at end of file diff --git a/sops/secrets/web01-gitea-password-hash/secret b/sops/secrets/web01-gitea-password-hash/secret new file mode 100644 index 0000000..6d2bdea --- /dev/null +++ b/sops/secrets/web01-gitea-password-hash/secret @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:zCWFFE6+923po+i6g+ehKgC3FdAEhbmFDTbc6VZIXdBqNO7qvC8K1Q34aZVzQ3HaE6l/p5V7Ax0U0xRypQ==,iv:NJhOMcGg55fznrpM6bSqNvr/lOYAsUUVtfK8eJRs0Iw=,tag:6jadN151/70a7BBXsqMClg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHcHNaTjJlejlJYy90eGFT\nVTloRFV3OVV4enI1OENaeGVpcXpCV0dUenlBCkdONUE3eXhlY1JMRko5Q0VJVFN6\nMkdSR1krYjlJRyswOExRSW9UeUI2czAKLS0tIEJWRDZwRWp1U3V4S0NLOXJDS0ZZ\ncXRFNGxnNXZHNHpvOUpVcTYvM3RoNU0KPgJoJ/22jyUtqGeXfO+DInB3zIwrB+OP\ncjw6Dt7mPYT/OUG6Cq12D6+xMYCm+r4jswtkvWaPhnzGcIOcqMJHwg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUa1IvdklYcENvUzlwdnNi\nbnlidGVvMzZLRS9EU1RzZ0VzMUtvOGRGR25zCklqVTA4T2FIR3l2MER2RjRsbkZH\nRWlxUkYyUjIwSzl5SWJHblMvclZwOGsKLS0tICtaYW83M3lXakJsMFNEc0FjYWdC\nU3ZDUEplYk1tOFRiUUpXTVA0NTUyaHMKdtR+rqRz+Jjf4BfCd5B7ygRLYKTDDRJk\nq0eSNG+i+Xjz/kLWsMpmO4Cevhp0SPyLZV2g2CiDo5vXZQ5Qiy8pSQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-10T09:11:22Z", + "mac": "ENC[AES256_GCM,data:D+NLO8U8mXc4wzQC1OHoba5t+i92P3ZeZy7M8nPhBvnWFznhWBmHRLTI55c8+Q3tkNJI0rBt43+XjC7X1ij36eSza/8O6dh5+jM4UkvFBBJG8ZTPSqakISmPBN1k80qm6G15ELgRrJc0+DNAuuZVuBAwVNUFmaZNx6FmX/G4nRU=,iv:RlhgqQoXAeNFTLRJubVzFJq0wbZwZOeAyZs2nD7IHfg=,tag:6zgWakwYjf93qyMwKlSG9g==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/sops/secrets/web01-gitea-password-hash/users/joerg b/sops/secrets/web01-gitea-password-hash/users/joerg new file mode 120000 index 0000000..4c1fba9 --- /dev/null +++ b/sops/secrets/web01-gitea-password-hash/users/joerg @@ -0,0 +1 @@ +../../../users/joerg \ No newline at end of file From fb452856d72b4aedac25c8d0dc692209b2a7036b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:11:23 +0200 Subject: [PATCH 03/12] Update secret web01-golem-password --- .../web01-golem-password/machines/web01 | 1 + sops/secrets/web01-golem-password/secret | 24 +++++++++++++++++++ sops/secrets/web01-golem-password/users/joerg | 1 + 3 files changed, 26 insertions(+) create mode 120000 sops/secrets/web01-golem-password/machines/web01 create mode 100644 sops/secrets/web01-golem-password/secret create mode 120000 sops/secrets/web01-golem-password/users/joerg diff --git a/sops/secrets/web01-golem-password/machines/web01 b/sops/secrets/web01-golem-password/machines/web01 new file mode 120000 index 0000000..a3c776b --- /dev/null +++ b/sops/secrets/web01-golem-password/machines/web01 @@ -0,0 +1 @@ +../../../machines/web01 \ No newline at end of file diff --git a/sops/secrets/web01-golem-password/secret b/sops/secrets/web01-golem-password/secret new file mode 100644 index 0000000..7a59cc0 --- /dev/null +++ b/sops/secrets/web01-golem-password/secret @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:Nx5x4US7N7vKqAhnn2NFwsBiuh9tnAWCBrc6pbNCDQ==,iv:ijhwJFzxggDFPdXVPwKKG0vI8HA8m21xkdFUhHIvCBk=,tag:p1QbTFm/TTyUaGI1s73MIQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4dDF3ZEVtTVlyMTRLQ2c2\nOTB6WUxvMXdJZ2xrMnlFOElpYmlEMnorb0NrCkN5MzFmMG9GbTc2N0pvbGtTZFdp\nNjI2YmlodlhSaXMyTENjMG44UkxxYUEKLS0tIEhPZEJhWGozdVBMVWM1QkV5cDAx\nYWRBL3VGU0RFY29HVWtTVjJQZVpIdnMKAftERIDtOMw8k3fbMo+KZJ4JYc5UyL3S\n+16m0hWK1BCXkeL2XFGujkzmrGXJF1bxFXCegdH4fnW2+IMESZZO6w==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4WmJobW8xTU40RUYyYlVj\nclk4UndKRTBMSDNFSmc4RGx1OGJyd0poTFNjClhQV3BQdlVEeU8rME5OUUtlTmYr\nTzZhR2srYnlzL3l5NUZlVmhFV3BOcXcKLS0tIFVMUm5tTVBXckRsVHVsc0ZrSzB1\nWE02MVJZNWtYc201ZDBrc1d2SUptcW8KPSqT5mBQymSksUv3j1y6vgnMuwQKbiXW\nCtzVtF05hv2Z21L+XIV3LOpJ98GGUoJu2uq7qjKIM4CYX+Jj/GS9Nw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-10T09:11:22Z", + "mac": "ENC[AES256_GCM,data:6EeQBxukfz2iNypbkasgDSqb8vMiRaORrA8OvYP5+YNUUguF+jCmSpOUHOM6d2KMF6vGSPLiG15e5IxW7x0QIotMf91Bj46FquzT8PS1hcPTe4WIcg/FHAlLNYqQUgZ9ZlojekkYqs13P8NvFW9pY+MSeYMRQFQLrXvaakcYDHs=,iv:xXALlG13aSaiKiAFUAE/8cZnjh5DaKlinKemoM5tl9E=,tag:x3xVmQwufZav5Yhwxp8cUw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/sops/secrets/web01-golem-password/users/joerg b/sops/secrets/web01-golem-password/users/joerg new file mode 120000 index 0000000..4c1fba9 --- /dev/null +++ b/sops/secrets/web01-golem-password/users/joerg @@ -0,0 +1 @@ +../../../users/joerg \ No newline at end of file From 7e39d50ebef2ce5c2bec15be4e82158405345039 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:11:23 +0200 Subject: [PATCH 04/12] Update secret web01-golem-password-hash --- .../web01-golem-password-hash/machines/web01 | 1 + sops/secrets/web01-golem-password-hash/secret | 24 +++++++++++++++++++ .../web01-golem-password-hash/users/joerg | 1 + 3 files changed, 26 insertions(+) create mode 120000 sops/secrets/web01-golem-password-hash/machines/web01 create mode 100644 sops/secrets/web01-golem-password-hash/secret create mode 120000 sops/secrets/web01-golem-password-hash/users/joerg diff --git a/sops/secrets/web01-golem-password-hash/machines/web01 b/sops/secrets/web01-golem-password-hash/machines/web01 new file mode 120000 index 0000000..a3c776b --- /dev/null +++ b/sops/secrets/web01-golem-password-hash/machines/web01 @@ -0,0 +1 @@ +../../../machines/web01 \ No newline at end of file diff --git a/sops/secrets/web01-golem-password-hash/secret b/sops/secrets/web01-golem-password-hash/secret new file mode 100644 index 0000000..35997e7 --- /dev/null +++ b/sops/secrets/web01-golem-password-hash/secret @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:U1NXeka1c0Fe55r8D6lAQiujSHbOW6zLjZ85dmtk02q9Szcjj79A6v/jFezqjbQjTtBvBs7tn39/MhQ6CQ==,iv:WPd7Jl4qldLztNUfErlF0dlMo4fe96aJUpiJk0GJePM=,tag:ruIMTtbVOYE7Y4XXhoBSww==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnWHlzTzYwckQwU2VKSDhW\nQmdQdWRSOFgrYk1ZamtDK3JPdkQvcFhrUWhjCjVWbWJYZFUyWnloM1Bram1Rbm1Q\nclZ4NExNOTVCZURFRVhqbGpvNEh5WG8KLS0tIFFkT1ZEOUoxS2NlcFZ0NTFjQmp6\ncUNHOFM1ZWJFaVk4SzJQUzMzbXFXTlEKDUDq9ErdYGm0KYWoXaG8/mVRuW/Sy7hW\nUIzOJ4gdPfB8BxGN5y/Nb0dX+lHN/M4qebcW9KXXPI6Pa3Y6aXCP8g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age17xuvz0fqtynzdmf8rfh4g3e46tx8w3mc6zgytrmuj5v9dhnldgxs7ue7ct", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEMThwK1FPZUdaNnFmZnJm\nZmx6cWs4QTlwVEd2UFBhdHpIYWdZNW5BMEE0Cjg3bTMxbTFWSGF0UG0rTktrdHpG\ncFBvNDJnY1hWbmxKUUhpRHVpRndhMVEKLS0tIE9BemM0ck5MQWw0YTBRUHpIVjI1\nQTI1c1B3T0FOdkc5MVZZSEhzUFNiNncKuTDwqvXvUcXSX0q8aqlKHr4YewKuL82v\nf/6Mow2JDODVJXtdG36ZBUGQWfCcrSDHVrZjlcoTGyxiHXYh49Y8hQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-06-10T09:11:23Z", + "mac": "ENC[AES256_GCM,data:ELrw2J+ar72JSJVWN2qJl3SvmtZUIDaeannl75UJN1Z/HZ70F6HDfasu8gtfRraAc5uKuBviyKm83eElwXELV5ZHz5IMkEvFNYOJsAp65YBzfEZuAMoPMFsBYE9U0MTJeYuN62/j13X8Lyld2JPDyPy6INgozFr5XgWfLgkHfrA=,iv:W51r68thFudKRgl9yaSClSG9ByRMfDzFETIWAycBNHw=,tag:8oRyvy53Cvn1u7UH4DuhMA==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/sops/secrets/web01-golem-password-hash/users/joerg b/sops/secrets/web01-golem-password-hash/users/joerg new file mode 120000 index 0000000..4c1fba9 --- /dev/null +++ b/sops/secrets/web01-golem-password-hash/users/joerg @@ -0,0 +1 @@ +../../../users/joerg \ No newline at end of file From 1b7c3b44f8283d82ed4bf729abf75008bc755ce8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:21:00 +0200 Subject: [PATCH 05/12] switch to simple-mail-server --- flake.lock | 94 +++++++++++++++++++++++++++++++++ flake.nix | 10 +++- modules/flake-module.nix | 2 + modules/mailserver.nix | 39 ++++++++++++++ modules/web01/gitea/default.nix | 11 ++-- modules/web01/postfix.nix | 79 +++++++++++++-------------- 6 files changed, 192 insertions(+), 43 deletions(-) create mode 100644 modules/mailserver.nix diff --git a/flake.lock b/flake.lock index 3aa4251..ceeba8f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,21 @@ { "nodes": { + "blobs": { + "flake": false, + "locked": { + "lastModified": 1604995301, + "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "blobs", + "type": "gitlab" + } + }, "buildbot-nix": { "inputs": { "flake-parts": [ @@ -75,6 +91,21 @@ "type": "github" } }, + "flake-compat": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -95,6 +126,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1712450863, @@ -170,6 +219,33 @@ "type": "github" } }, + "nixos-mailserver": { + "inputs": { + "blobs": "blobs", + "flake-compat": [ + "flake-compat" + ], + "nixpkgs": [ + "nixpkgs" + ], + "utils": [ + "flake-utils" + ] + }, + "locked": { + "lastModified": 1717515088, + "narHash": "sha256-nWOLpPA7+k7V1OjXTuxdsVd5jeeI0b13Di57wvnqkic=", + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "rev": "0d51a32e4799d081f260eb4db37145f5f4ee7456", + "type": "gitlab" + }, + "original": { + "owner": "simple-nixos-mailserver", + "repo": "nixos-mailserver", + "type": "gitlab" + } + }, "nixpkgs": { "locked": { "lastModified": 1717868076, @@ -190,7 +266,10 @@ "inputs": { "buildbot-nix": "buildbot-nix", "clan-core": "clan-core", + "flake-compat": "flake-compat", "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs", "srvos": "srvos", "treefmt-nix": "treefmt-nix" @@ -240,6 +319,21 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index e576194..dbf7833 100644 --- a/flake.nix +++ b/flake.nix @@ -8,12 +8,20 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - + flake-utils.url = "github:numtide/flake-utils"; + flake-compat.url = "github:edolstra/flake-compat"; flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs"; treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; + nixos-mailserver = { + url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.utils.follows = "flake-utils"; + inputs.flake-compat.follows = "flake-compat"; + }; + srvos.url = "github:numtide/srvos"; # Use the version of nixpkgs that has been tested to work with SrvOS srvos.inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 75c9140..9c57836 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -27,6 +27,8 @@ inputs.srvos.nixosModules.mixins-nginx inputs.srvos.nixosModules.mixins-nix-experimental ./web01 + inputs.nixos-mailserver.nixosModules.mailserver + ./mailserver.nix ]; }; } diff --git a/modules/mailserver.nix b/modules/mailserver.nix new file mode 100644 index 0000000..49034f4 --- /dev/null +++ b/modules/mailserver.nix @@ -0,0 +1,39 @@ +{ config +, pkgs +, inputs +, ... +}: +let + mailPassword = + { service }: + { + secret."${service}-password" = { }; + secret."${service}-password-hash" = { }; + generator.path = with pkgs; [ + coreutils + xkcdpass + mkpasswd + ]; + generator.script = '' + xkcdpass -n 4 -d - > $secrets/${service}-password + cat $secrets/${service}-password | mkpasswd -s -m bcrypt > $secrets/${service}-password-hash + ''; + }; +in +{ + mailserver = rec { + enable = true; + fqdn = "mail.clan.lol"; + domains = [ "clan.lol" ]; + + loginAccounts."golem@clan.lol".hashedPasswordFile = + config.clanCore.facts.services.golem-mail.secret.golem-password-hash.path; + loginAccounts."gitea@clan.lol".hashedPasswordFile = + config.clanCore.facts.services.gitea-mail.secret.gitea-password-hash.path; + }; + + security.acme.acceptTerms = true; + + clanCore.facts.services.golem-mail = mailPassword { service = "golem"; }; + clanCore.facts.services.gitea-mail = mailPassword { service = "gitea"; }; +} diff --git a/modules/web01/gitea/default.nix b/modules/web01/gitea/default.nix index 2aa750f..85223ca 100644 --- a/modules/web01/gitea/default.nix +++ b/modules/web01/gitea/default.nix @@ -27,13 +27,16 @@ in package = self.packages.${pkgs.hostPlatform.system}.gitea; settings.actions.ENABLED = true; + + mailerPasswordFile = config.clanCore.facts.services.gitea-mail.secret.gitea-password.path; + settings.mailer = { ENABLED = true; FROM = "gitea@clan.lol"; - SMTP_ADDR = "localhost"; - SMTP_PORT = 25; - PROTOCOL = "smtps"; + USER = "gitea@clan.lol"; + HOST = "mail.thalheim.io:587"; }; + settings.log.LEVEL = "Error"; settings.service.DISABLE_REGISTRATION = false; settings.metrics.ENABLED = true; @@ -49,6 +52,8 @@ in settings.session.COOKIE_SECURE = true; }; + sops.secrets.web01-gitea-password.owner = config.systemd.services.gitea.serviceConfig.User; + services.nginx.virtualHosts."git.clan.lol" = publog { forceSSL = true; enableACME = true; diff --git a/modules/web01/postfix.nix b/modules/web01/postfix.nix index df71ad0..5b296db 100644 --- a/modules/web01/postfix.nix +++ b/modules/web01/postfix.nix @@ -1,40 +1,41 @@ -{ config, ... }: +{ } -let - domain = "clan.lol"; -in -{ - services.opendkim.enable = true; - services.opendkim.domains = domain; - services.opendkim.selector = "v1"; - services.opendkim.user = config.services.postfix.user; - services.opendkim.group = config.services.postfix.group; - - # postfix configuration for sending emails only - services.postfix = { - enable = true; - hostname = "mail.${domain}"; - inherit domain; - - config = { - smtp_tls_note_starttls_offer = "yes"; - - smtp_dns_support_level = "dnssec"; - smtp_tls_security_level = "dane"; - - tls_medium_cipherlist = "AES128+EECDH:AES128+EDH"; - - smtpd_relay_restrictions = "permit_mynetworks permit_sasl_authenticated defer_unauth_destination"; - mydestination = "localhost.$mydomain, localhost, $myhostname"; - myorigin = "$mydomain"; - - milter_default_action = "accept"; - milter_protocol = "6"; - smtpd_milters = "unix:/run/opendkim/opendkim.sock"; - non_smtpd_milters = "unix:/run/opendkim/opendkim.sock"; - - inet_interfaces = "loopback-only"; - inet_protocols = "all"; - }; - }; -} +#{ config, ... }: +#let +# domain = "clan.lol"; +#in +#{ +# services.opendkim.enable = true; +# services.opendkim.domains = domain; +# services.opendkim.selector = "v1"; +# services.opendkim.user = config.services.postfix.user; +# services.opendkim.group = config.services.postfix.group; +# +# # postfix configuration for sending emails only +# services.postfix = { +# enable = true; +# hostname = "mail.${domain}"; +# inherit domain; +# +# config = { +# smtp_tls_note_starttls_offer = "yes"; +# +# smtp_dns_support_level = "dnssec"; +# smtp_tls_security_level = "dane"; +# +# tls_medium_cipherlist = "AES128+EECDH:AES128+EDH"; +# +# smtpd_relay_restrictions = "permit_mynetworks permit_sasl_authenticated defer_unauth_destination"; +# mydestination = "localhost.$mydomain, localhost, $myhostname"; +# myorigin = "$mydomain"; +# +# milter_default_action = "accept"; +# milter_protocol = "6"; +# smtpd_milters = "unix:/run/opendkim/opendkim.sock"; +# non_smtpd_milters = "unix:/run/opendkim/opendkim.sock"; +# +# inet_interfaces = "loopback-only"; +# inet_protocols = "all"; +# }; +# }; +#} From f12e6ac3b933aba1749a50bfa363cdef23c3d828 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 11:52:34 +0200 Subject: [PATCH 06/12] gitea: use non-deprecated mailer options --- modules/web01/gitea/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/web01/gitea/default.nix b/modules/web01/gitea/default.nix index 85223ca..cd41223 100644 --- a/modules/web01/gitea/default.nix +++ b/modules/web01/gitea/default.nix @@ -34,7 +34,8 @@ in ENABLED = true; FROM = "gitea@clan.lol"; USER = "gitea@clan.lol"; - HOST = "mail.thalheim.io:587"; + SMTP_ADDR = "mail.clan.lol"; + SMTP_PORT = "587"; }; settings.log.LEVEL = "Error"; From 6977384cb07d95f7fc6416b4f9b27bd20fa14c23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:00:10 +0200 Subject: [PATCH 07/12] fixup dkim key --- terraform/web01/dns.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/terraform/web01/dns.tf b/terraform/web01/dns.tf index 43cb504..ec8d5d9 100644 --- a/terraform/web01/dns.tf +++ b/terraform/web01/dns.tf @@ -43,10 +43,10 @@ resource "hetznerdns_record" "spf" { resource "hetznerdns_record" "dkim" { zone_id = hetznerdns_zone.server.id - name = "v1._hostnamekey" + name = "mail._domainkey" type = "TXT" # take from `systemctl status opendkim` - value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpQeJirqh8VFGHRQBemqF5CeicC/5qHJn3vqKkVIOQNqkgp7IE+EZDg+MXoxMQZEJ0RbO0JpZZgYpOf3jf8o5w56WbE4dbpbi+9112R57k5w41R16Q0EUjf7MbrLJqcF6mtf+3bPklF9ngdcWhgN024YfhR9SlebCOapCVYqVt8QIDAQAB\"" + value = "\"v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdw2gyAg5TW2/OO2u8sbzlI6vfLkPycr4ufpfFQVvpd31hb6ctvpWXlzVHUDi9KyaWRydB7cAmYvPuZ7KFi1XPzQ213vy0S0AEbnXOJsTyT5FR8cmiuHPhiWGSMrSlB/l78kG6xK6A1x2lWCm2r7z/dzkLyCgAqI79YaUTcYO0eQIDAQAB\"" } resource "hetznerdns_record" "adsp" { From 6593b52d04e032f90ce6ca8c72c6ac0e9b35a906 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:04:50 +0200 Subject: [PATCH 08/12] update terraform state --- targets/web01/terraform.tfstate | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/targets/web01/terraform.tfstate b/targets/web01/terraform.tfstate index 20063f0..a389b3a 100644 --- a/targets/web01/terraform.tfstate +++ b/targets/web01/terraform.tfstate @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:9Fikbj3oieQRzwHaPbimbANvZdZSAxOl/2xGcflzjduMfxOmciQQ9chjnyw7m3jVDVrMF2MjVzXaQg6ge95+i4WQhfmwkVTZYbWAWZ0XKwkARTiYpqnJCPAIfmAhv0gUWEvyL9ntAgvMBBwOC8aslX0+LODjaow6eR6Sg7vXv9RHVdQgk7BtZ9UiL7Zz5dxyvsjc8WJJCC5l4EFh+c2IwEHpW5Ao79eagRzKxJ7p6eVfXFWU664Bs7V4k2yKyxZi2uGZgqJK5RUAeGj/kI6xeIUaE85X+LtugNM9tlCYVsasEcjrVWV60ohJ+7+HAM/uO53tNvc6gc3p2mioXDtGpnYYk7V95LFXkmXpLC3RAJNL+DNW9ntENuf5IQFt6ChgzUf2cQ5Uatoq/9bzS2w3JAM1N/OtZZ7vHPZfI6QVW8S1mhLzmIOBaMZPsTcMp/ZUbI9IjqkW5dqZ0DeNJkSjwgqx171lRt512Z6T70/hdYUAZMz2aCWrPt4faa/zB+cwQqgLIuMVCU4McJHwCI0wV7aXG+GRzrV+ig/ApWu0IVvRoKFrJwRv4PTJ0BLQxyvKVNxcWfxSJm+AJMuJE9isKdTDxdI5+NKgz6wkudGbIkh9jgwzICVt3G8J6JHtuTDsuMz5C2Ppnz2YCv4smkBzWdEaiV/gdabfjQ0+fNFgfkxM4xORywjVmp5hk+UpSvUDuf+hIckl/alYnj1ndG11Pu5i0iy9X719NPWiTgpviMY3mdyB+cLx3+1mFT6BSaPZsVGxfxT7HhZIVk+vb16ZhgqAOmuR+nf4vsIZakvL7ilcsMedialgGHdeoBzsrvXBiXSkMNltlmAWao8LR9iBzvhfUrVxm9XqXfZGAaP14jk9n1LD0/lKVMEHllO1mSQ9LiLaMflTbfQugi/KBMWWSolEOlUSO8dtMrBablx0lIoNQeuzl6wMx4Pf9vnWIR6tHncnpSGlmA/ihpBvIQG+z8YBT3Zehsn4IAu6TetUFryr1kIYjvSHOxequtWkDtujR7Qx8vJInSuj3e7TcTGE5rFNZ7wwcWVDc6u2thNHK7Q66heE/MTUcm+hlu82e0BhBezFUEFfXMwNI/vk7ugwngESO3JxvToDfBa1T9dZWZbpk3XZzEKsSRNZC6OWj/LV4z64ZC5dPYrcuzbQcESDmk+5Ocqnsy4DuwHmv9c4rME5peMo+h/+4C5dcUm3FQ/T+uemrOaJoKbROiioYpHQ8ZqAjqzlYjzbtmu35uAO5V7OvjW2awHkUkUnFkLDxIkCY2vJm4kRalCr1avhnJosyUZPJwvti4AEDFE/Euqk+0EsoAcTNAAsVARJjcXF2+Atbh8KQhMizQ8ROzaWuILmLlfLcmue+UPYwzSUs9eTOikjNAET3wtwm12fPWtPQT0HLo5alsA2nYrFOkDpo5E1oOO9hUycs4mA+AurD5qjTjORqqGpg3Fu9gAcpEfT3YY/UjwFtUgZoPCzyHaS9d+t8PRoowsDOfWGej2A5aVsxkjHOoXSWTP5Y9jSq/ndssB95wjx4ZZarCztjxy3Rqaj/cUCMoYoKQUuN1Ha+fPFK0PsdKI3GcGSWodbxc7XtRIbKM6IdKjNTngrkVgRQhBAA0LpqSJACLnppFKefYlfXjsUh5gkmihkeJ7Z9OTew8ZH5eRRc+cvXNZrD7hxYrpjOF2kiKdhOmVVLu7PQQKH2xT52i21yraeP8fex7TLDpHoUncepuNx624JmxC2HRZJP5s5dBTZ2pYWvIKznareX5rC2JNS2J57VMjEjKp39STYO1loATcnPCBLhApi46HHHNtOml/EJYaveA4g+Fiw4Q27/D4NK7XerECa1cnS/g4SnYCMkxc+XHwpz0jERjELtJC832edpcNQ1LKFEu6EEK6ztXRwwl1ZnxnyhwWB+ufC/d/9JyPiwh+A0+EvM4oMEXpHQp4HY5GZG0ynjEqCsFxm5hOdl75Anbgr226mq1F9MMgbcNWfE/IFkqJt1iond4aKYe9ckyfkI6qIhwevL8IvpMN5Npi0rHAauJJQJk1Dm+EX4+iDAirPfDTRInuqYhNyL7E7Rtq+m7f2fUhzfGM58DFAArJ8FprvWVyp9vAOKeeU8RE9KLaSGTXoZo2O/KRHeWRYdCq+BlWjnFTIpHQlKRNyYryOR1l8Y/9NfSxeuHqPr9QdAteSHUg1SuOd13Sn43IzE3Ml1JqwiHnBhQ8Mtgg8I7wK2P49ddSBIAP+/tPoxy7gZnQdqYnNmqWzLQ21AtEqCP1bh7vMKUTQLseGmMmDt5E3hdpuS2Ur3DrLTqKCTBvm2nL2VXCbC6P22+keAhlhGT2lz0WI+/5rbQN1aq18f1itcgeDon3m6wTi3v0ZlunyFjw6L5ObFCn4Nfu7chtwYTeZhxlKgqMgXtDltrJLww2vEr82DgZlW2Yd6H8EBheOMBvfneazzJ3Vc0YIqQ9b6LjZJkynG9ca8RMzh6paQQmGLcuA06+rg9BlzAlqVpoyW21oIb1c9I4h3AqXHylXRNt5Orxv1i/lARnpgc+Ivlv6j5gNmrkzTrsQM3z8SyX4BaYAW1UpG/tMHKNYUYGRyfSaI3OyOz5kSvobTnrdvoy2+zRf6FVjfvNmlcpwuFeK3jvVf06Hj/wkFRxOWBKR58i8Ww3a4jVPqCGO2XJsPasP3LMQ/shR9OkMtYHKqBPDo6UESrbT1iX02m9HWGCK4LJHgsRepp9ELDbDHt4SbDmsaF0awbQggLdfzBSEQQEAsNToyTrAuUlJxsdcy+h8/EN/Cq1QQ+BitJ3gjfgWxp3gNHvrFPNIr/RlgozjP3LQr9TIgqvtc3ld2fKjLdoIGiv1BdTr58Q0oG3vBWT70NG0JPZaJpAl9dJ9Pilrey+zF4hiZBOlxcgtJ3mP2mMuo3lpLUSso9R1QyDjd+o759mfni8Qml2SonEdb7uvEE5nKll5hDbe+FZJLbleZIXs+Piqo6UNg0Ar8XOdvwMDNuFyObsS6TAiiluqHvCjJUohfVhIgqN1KaK2zCtKrbnyEPzWMtrzFDvWCpXlTXhHf3I2P0CVf0MsdOvrmVJa79R7NqSF9frJkm+CIcEIGrjh8B4/4bohLo5MYGP4Klm9DL0c6oPyckk9zXYzb7vGP6z/fJAQ+/UnNg9qKnbxo5jq5oIT/KgRTOA5dDSZr/QaKesAYZBjivUEJmKoszDYZzDSc1PRaYv/j+7L1cLXIIAs1kqRi/5FHiYgT0wjzvaTMLiPgwwMfpLCHQoMyTrNWgNjonn7UeEOSvc08LCqcvgM6asu8nZto0EzwPAbZljLI419escwzyhx2YkLuM40N8S/LVemWb4/B8jsQBUQkaBgFRZO4COqLqSLfpI3akJ/Fv8SR5y+p7lznGLhsBQ2MOcAo2GIM1tgZXamvBapBLicCgkPAEhZvYOoQSJB0tfyYCoc3NB5PBUDt/FKaegNYKqPp3rNwnfY2RxNmf7Wpe+nVRYESdAdKQwOGmudAaHqIznPsRWS2w34FkzDek7A7mYra0246kRdK1OHyiXWjuX7sw5pnWnXCP5VjZED2gsaWcQ0hoKW/SqvtFURDhCIVuh5DWzGqSo1mwmZ8fn+se8ppRDMpJp9tJetQ7zp/YS326o14m3lV5rWqdtAOyJ0+0i9CcPl+sY6A2fkAL+YTzLBhH339CD1wJy25FujMltYU19bBcomN6IYAvfE/U5B3LZzB6+GJqLZ+iv67ouDYs0rrHdo6H+AK4Xjhm4HK2bZfGTYN7VnipvdDOPEXcc+67MW543ZEFXGVhDii69gj17xahU38g9YBnJ+Rs4bAjCgRBtsI2aBI7Ycj2cGKd8fPZ0aYfYf4eNftWlQn3UUxaA2jW5XXezMguQg1TDtixI1sDqPaYoBuSV6lA9uTU6ZlqasoZ2NDpbwGPaR/38eH7hRptwNw/wjXR1JCThlqBfciureGLUL9Yv3MDueJ3REc/RWVjfng2K+j1DeysFcxAWoXjiogDOAgZUPa+9lGd4QE4GDg/rykGTMOCIgzNep51uEu0FRJbgg3RQFYfj2ShRmzGFJuCtGIAJNY4QwhjqOpmaf3vFjj1TrR9Xfjzxxaz6a2qexYnfTm37d1G7UDEnfxkjC07P2XU4O1QcxngTaZq/MCy3aE/m5vSII8GWfi1EVy48PE02s+xzZ9MSqalouCsV4iV3dEYdWmuYW5KHJ9feDYPzf1SHu9GSEXK2MZZqVpGTOcJ3n53dKPt1NRrCnvC/KcMuVEbj8sOXkjBnuUEhvxFTgPuKVaGBfzeDdXfPEyjuAFtOFGbjJsP8IOR2R5EPCzuLHvBJMySVJCvKxbXSHRpus6n40KmsplLaKlI3cLWT/UNrAJZ2Txk9RUxx3zZzpiIE15yNUfDEy11/yQKvgClMYB6aNNajs6DqI8Isi5T2hgTcpvmZUfk3YlmUF2e9b4uhBs5TMUY5cjcl9eWV4mwiPKwOI0wUkosZujfbXmHVDe8wieF7ZXFWGbxg/zMNM3rWMn7jQTLFmqBWASqq+LTt5wGLBO0wFn/b41YZM+1c+YDZSAaITL9jWuphdxn0ycKras53yH/41tWQxY9LILRGs7hbS6iGmVWPEkJU3xudkrarU3ODDh821WXIhaNPUUTpyE1j3D7ZQqPG7z7vKVbHeFRar6SP3ItwqkqTghow21JNv/TMOLbX04g6r/iR69cUGDmZwqJOu1ZlVFrWXYwjk22MuBsQfzHhjXH6GptC3gat8dKqgQLyjMFA+YC5ZHf/1Yy676bEheeN1QvGVBSEH2IIg9qi9v1vYVoLYYyQHJqWlZ6Gpqd0NvvCrffrcSZ/zBeKwqurZaixpSW47Jj9g34f3j8gf6SCDxidg//hTlE8QHhFp1g0Ja8dGajEQKJkSIc+F5mP+3/vim7BrC607fER4EXRskXqr5pJj8caeO1eiAENV3yrLOYBDyHYXDOtweQz1JSovsymhx6+LPhOCPdZP35nd0n/mYxWAQDz+tUndTwjq3OSOOyhuUQ3r3NVS6JOvP0yAeQ8j37EKpr8m5ljO66kgPLuveW2ipGDrYDGt44PleXW7ORosMw/Jx53GCcVgO/a3JSX58PXDzhkc62AXnL3HFlrqhMyqKLs5XKwyX+Lbzf+d12Qafc6YdBi1I+aLZA4gwdKS9aBtaIgrxcNdM8gUL+qWirULGIc5qtdOlgVfsCKMyBINq9dxeyKtZzTyA34bf2HeH2TRKJlzyU/5wR3TDqieOxcGKHFnbnhH63PQQ5dcfMeX/CDFmemRDQEjscN446hhIsfI5BFrLsI7lhwTyGI8WKgWDal5mJTDaN/lxas1Qe5g3cxSvEa7opBW8Bk+FD5sPnjgVYQAN7JorWk9ObEuhlKdjKe6aEvhR3PUKm3Eycv8qgV1Si+sBzFvJBIiy990jswAgYBCHShJywM1NuJ66qmpn/RqkIVz/zSYcMZiBmzvf6mi1OFJcFvl2YHm9vTXXSgPG+lzPZAw0bIZx1ZkFXVGWXl2F1+y1TzaNJ1j8yjMEdch+uNid42JPm+o3fFREd9o9Kig/VdvlwrSIi/A10wB7Pa2jwv+iMY8FQCwAhL0Ly4E9ClC4IiVWrmk9UFnCYpKHfLRSH5ieCjSexxxM8XU5BQKagIY4Wbet2HaX9o6RfXHRfnThJPo3v7+8YoHHm+V/QNZuZJa/ArZBinO+OzKMa+jdnCxRJbeaFvF7oOlCsWSUKMeSmSzNDbyMM4px+oFkwqtLsHAzAaHwxSAU3AhE/ur+5wLBx94v/IqTxEOvsI4nMLCtHy5einfreP1afceQS06Q/zJA2AXGCeuHw82IhJeS3S5uFEQD0W7G17AhXhwhTSJtlLti46BbCmoZ6mpCNKOaB9gmXvnB1BsZwHa27U0AhvjaRkVoE0giYq3s0y+JVOlWbkmpEJGE67+n0O9Xn8sBCwI7XDgiBDRx/eKqVuQpY/h1730gXsXZdlp4cv9JrKo9wC/aickGpz8eUzQZPvkcJ1XVXKGnKPmeAjmWwcWFQmVQ6wm5GJoG0hOtzlzqSOOC0IDJ+sUcIyzMcfQWtPSyr0C2QezHOvToHarUPD2/S85XdgK/aYp5Oysz8dzYLQE8A/i9HlNXJfCMDke8kqFv9tIL9ZO9HoV+ndxOxMZbLeBR/YVabljo0yjWtjVzvAvDXh3hzAAjPhmLMfSggQXckKaBw/3ZTo5+CSqvNDPJR4LI5mCQvttg0vhQ5lMHdu5hQF6zUVUnqzckctjWhAK6wW5Y/dYsBhGDwfw0ldb8nRgHCycjXLZOxuUpanxtBY5dDg51gPo/1Yzc4udFxlZozES9ktM5aUosDJlH9J6mBaZhw7da4CzD/g0GaMKsRaLQr4H7bskudvnpPZPbMa95JGrEQjUIfcaS7pBomYGubJ2uPj53/5QB562BYbwKLSW3txi/qxaT9aCN9ozD327Y1P2aHyBfwxEcXLrE2RKMrYqs4fwThbQyGqqiJkSYj+VKaXUIRGKd8owxW9Yw95rkf24tjXVKpx8JXcPK0+B2FXAgKFlwL7cRLhh/PT61tyy/oTZYDAIz0vr/zyQhXNFaVc7PoHyljeIA+dvlk0e13KoE6ZNqL/+nrTMX+Hw/4nghNqAFm6uc3weJPVTopiYy4MxZjOPhRGFwUufBHR/+JOemISPqWX+fx7/+H2qT5stDWNrSyGBcT0O0ojgAeUqfIVq4X8S4EUUE/78Fj4d8g5R5vRQNyfz8hMWrQMV6Q+i6opdLK7KzYtCdfBI6OE4ByEFiUfg9T4Sz41q/X24yFWjAZLFztzlzSAtma1G/7WedLOARawv+F85WxvW2ciyBqzem3O4JSIWDc8VSjEoe9PhAQ9CAynTxs1rt5hunvZKn10hINebVRHP7bRRyQID/VE4V/7KeTGcw6Y9zuHAb1GoFpynJw+4aU5zUmBdNGux9+xwSQ3ChYr55nbF3sgfvDbGqGc/SoenPRBA9mhSRszPsKJMXewaU6TfjjT6M3wQ2crmuqliRR9GVpL0beTJW/MiZ9ZT+4sZnPiO/mktufcTd0a+q6B9opbroIMI/Kf0QPvsLc2M+/CRdzTlS/2oAnNDqypiT9VTs8WGZLk+h/PMGEVpe4MIyN6uOFu2xVIR+P1vQXUMVdfr1n2STdTt7iBX38m6T0fhHZP64dYg+l/dBBodUYUuvkLZ+JcanKX3eui8Oi0JE8BKkUGXoN6l5tv8/4by7p+VeN3WA9PnGeuUlAamVFaZvWbDm/d89Pd8RRo4u07wuHt0MViZu3o/LRa8/Nnl3ozK+kfPq/mL2O3HLovlba4ODYso+a/CsdHDrIBtCsRJ4YqVrKl/QGFLu61j5WgtocL+/HLGUA+B+wPIdz1UBLHxCH6Z7P4krN9LCm7OPJGA0MXZeJ++T/mSHi0YX2RobSvwTYT6ZdqCWv+kEhZ9KNsmSdscMK49/umoD+W1dL4OSsft80IsgjpKkfaX9mvwuTkiie80JtYvaTnXob9TuAp0Un/YA6duQahUJS4GuO3w1G/sbSCaHwqFZbUEjcM3EAo7vuJaUZxqulTZhtIG/gQ+vxOAGDdqUJQ95fQNZVxOJYcOX7QlzW4DPUvpyYJg0GDoePi7VDME2K82yjkkrQq2OhjKsC8nvhkqbtHAa7cpt4o7HB44ibIH/UxlsTFWCqqKS8T5eIOpLoNoQ2DlDJD1EuIW/oywH8u7NGe+kqxObZ4wrUQuor7YeTK6ukrqWlBeSoK3D/qRnwuzm+q48bV/tzNAejEchqwxgEDCCFqLYXHhH/uRNROXx+H2oyiubYeYL37oS9MBMPajfMN+FrfRttuwWNnpMOKOA9IRwFzF5TGBJeW7HnEheEp90NC0LvZOc+FXqa95GTRdkdfCLWx3bHo0KfNGEMHPWvD7jIY9vWfu8OU5AncVi02tgbfoXN9FEEYLvDsUohjjMQHRXGcSGA276NX/i9Hs1Xlnm3JK5IVG7MVFOaV3khEdCVedPz8fQI++P8JX35efulFXmerW+N3xADw6C2NoarHLsqQfRps7IcAfiFePEeMGc8H4qQQ9KdPWmW3XNiJnJCsV+OiEisyOJfRv7IHEf/Du49SZT+rDBOvNvOsea3i1v9jDqovfjnLifzsGLjHlUIuq8c/9fjjAvPWZbYlVI4pNyvkhUoU1HBO0MELF35HULQ+C08QeyiRClUCEwql9nvXKYi+Wx/jKIKdwBVzal92Y5Q+naxca/xuLSEQGE+79VGM9ZwwIbKS+E04CdPlkDsr0VPhvQWMZnGIXWTIIULDt69F9N/+86aLiwuVphKyP6tW/WWaABkdI1RcT3ouRvwgY69v2GTZuDVUpsIqnJMFRvAHjhkPhDk2i59q+uMidC8DK07bZ1A7AqQM3qd2NpHRR6vrt5P7a1uxvdlyPBU//MYOsTJMCqwCLN/kaDkemq+J4philwvazD3vX8iR04rw1ZS4lbSu/Ge7l5aphjM/pi92ynHcif46kVuqMj3c0+yj24/MEedIwc1zQqRDE/lNiUc8aOqq5vFq/GiY8/6PH0S5ZOkaqpRMEaJjD+fc8nBptgCxbwtF2UeB6+zpODKsDhLEulJ26vcj8TwNgop2x0ktoxbrzvhc9pJpZCU3liRD+fllABV4upgJ1T9BagralqLZGTrodIbhh4PhcYh3PHEuXYSHp2mdjS60oPr4KybfhQ7XmNWnsPxbKNhWJ71a49jzFDYz2A9iK3WkNSWnMkqNLMIca1IidxVk5sgzgsg9DIDZyRkjYyEcs1J6h4i6Bdo+1ZHhnJEXKa/we9QHr4Gp5DpwaJ4aeQPdtBUcPLZT0dRVPXKo9prLbtqF/e/N7M2p3dOQ4hH94rJg37gVk6FfC7kbcpRkf/nwSFYUvKYuMYqNhKd0/4znjyIqIfsSB3BeOudvofTqHJUznBV7FBPkjqERJ+A//B/QwSCZluqBTV1NRsYTViJ3eXpjwC03qCwOX5oWd/s2Ywx0D/GkmmqT/6h12mDjXtAkuV6pFSmBE02yUhH/p6F6Zs4k94QZ4ojP88u1anXT0E0ocL80R4gsKhJ/YTxYzVZz3iiYGtMS1BlrUxr1DABtw7IIi8CaNrmCAwThRC/JM4ZKbrhXaqL5zEJAv7dt5uLb0gREabco8kaPemWVN5cl5oHOAQJOPuJPsnWbT/AW5lfKhDpi94S+M6HTutl9j78nOCpKxkiPZmmchy48Bd7VDMhfyvnjv0YFNA500ngRa3xjH6RGV0qoyVrEOpwlHTUq5MmhTaD5x9G3O15BhELqdMYv+6TSr9TvFMXazrB8Tmm31GGvU7va9RV3kBrptOxNUuDUWOm9C99uEE7bpRgz6gIIvxAim0QIM01MCOFytot6OOMIGZa45GlLlOYvnwftJSun9c5Gcm4lwWL400q4erKggeTulGBNj4vjfnp8SMotA7qfhdpbXbTOOicS5WSCvew31IpxVs57YuhjjC/3Kfuph+LjVMx03McjYx6nnfUq9GRu9lmahpj0FhxOnuNDaq5HnxXP2lwKIpP32659hskjZfy3O0cz+MWcX+kv9lwT97pNZXP22oHW7R4WGs93eC7iHklQpnipg24M3lvunByONHmqcNAV//nQL24tZz2JM79wCoC5fLjDkGwD6N+50eSrFQqee6iyzjwAlbtzLnCFj1qXo5CQt+NFnLmmXBkOvZrzQWKsXS29l7X+2agJcDNTA9LJUB8Rr2H2XiSju38UIsFsy5v4LOY05t8MkziKoqWFPtt01hegKwDqhNnGSLIH3cynsiaSGAhAUmW67jpgv8iO8SevmrgeqTOcRR9dSVkbgOIYON8Etne86GyeEtG5T+1h0PBWKJhuYPDPD7esv0Y+e9R/VYZ5FXk36foDn0G71ISKMTTqaRqNVpH5JcqLIw0rVmJEAxY7obG9mpbbWnud79CcpCZv+b1SVZmFWVDc2PHOIaGC70yEd24t7VDWygJEqmYpTY2aAQPf8ytxZl4WlMLqHfCQjKkTP91UgphyYbMPmAujEYH13JY/thTphYJivjxeKIFv6zA6xqW3x6RcnNzG4vC0OfC1QIYbFjNRrEKh7YAJyX/RXiIqj7CK9Ql/OQDB7WxI7WqUyX2fAvKm18NFxnxOLyLsHp6g9rC8x7J0IxulsVIDMIWO6Fad5BMVD/DC/lDOTyvj2NC7rxtrjc/w2IleawB+n/vX6/O00qeoGptaRVjpiD2X6LV8H9XenVbfwyg1dbS2zK9ladToHsjPyKmp+z8L6Q5xIHUaFyp/EP5Qo/zOP+OdXbjkNoVOcJaQzm7F+xqrwG2vbt0mjEWDTtvbkTAX2V4ewKqIRTxq70Nc+JFeQBxn65aDM9/VgdifzQAO8ietfastPt3JKWGDFQg3TQF+iZoPHJ3tV4BafVwV4KPSh9VV8wMD1mAWgJ3UV20idFhlz5iWxO2CSQxJWJ5bvUfhDCjLDAxdX3uFUFSPMfMtuZOI/QsQjXFG3Ki/iGKz2/R37EO4Cla7QdH3zjE81c7gUhSCb4i1Ls1Mn6NOTZh3Dj4wu2MMXWbm0IWZHdyJNUMpkHOkvUDjn/cnsYaVyQNUZbq/4k8JvtCyaiP0XTABFxZjbYJDow8NmXwXxHo8F9CVNYXRRSop2dOeACceR+SEtPhiRVufkJbitVnvriFObkUGpqzmGKHgxn47bEz0h4mUPkLfjqjhshFeBpOpWQlSGDSG0PRc1dg9CVuDDvhV5xcpb7h1eibFR56xQtWjLLU71gsJXsXhRVNWDFwRFVQQlenEye5UdexFnQP/P9ywkxoRq46Fqk+88C3neZy6FzPK2G/ujl+EVZ5VPwO4AxiJYwPCbg63ocWcuHPa8gK43BDoxkvNYfb2pYV+NX81DCQaEAmsMfxXFr4RT06SWrhFn4T4BbJKDpZiPtGN4UlTN8OxXCo9btTU+in9PV4STjczHTlSS31et3i0ZWlLChbRluCTm/WoCAhGSX437FYD/wTZPInNKk108EAV1sP921nkHXBCmA93obCdLp8km5CR/kZ7RWmbQlnRdJn61OGyUQGPFOTDvu6PMmnF4SVlLBjEwWnuQxtfN6Z0QaBDC4x44t3AGEFHHm8uVUz5kxMEN3c3w+gmoGI5oV+JTloebQmu3wyOYW57GPxg54Zsr4gvIaxlzEBtrh7hNIUKDkMJMzdn2fRKtQUS32gyDqy7KtdcMqiQ/YHcLmIa0VFbVb2+txioi9ZREf0syNg3U1PG+EDrCL+sDazwmzQnEhaEFnvw82rgTz9Qt1PPPfoMjMnx9a3BTKpGcpM7DbDo+V2Q/VYvuGLgk9TeSqmmD6ksoYXsOONAbW5clfgrSZVTDGypkRVYvnw++8RDvIubvHdbjfq23EImG6cm8sRaJiZflvvcZRG7Bn56gZlr8vBtkQSSHmoR3W+zWNYZ6VFEyPs6ieFlFS1UqZfMnhj26ZWiG9c0GuACKwpSamOQJOkLMTKlaatCIgBdH2mCosNDc+zMwbCQviWX1VTukg+qS2F6KR+Cy7eMCXET+S/CO9UO3XzMm78fof896h+GGY3GPHDU8uLGF+FyxMjTWCnEM+s5AGVhW0MXtFypgJNGdKpkbGq2uPdDX04wH+nvTxHJ7aZKcAVwp1TEyqa6lPBU4eB7Jz7fooaXij51FDxSlzJfEmjJfdPA6QTb1zTeC6aOCMX8Hu1lBc3kXfPLeycM/frv5o+eTtSiYuWcdCXoD72Uah4tNrMUBZWrd8w8/fYv6A5KfMJYTKrgoFebluA6mMI1jy1ReD9q7FXpmjzOkwN9ay05dRyRyeRrmjvW533AdkXWp9LlYcfRq2ue2idv/bVeqvfXo74HxPXaIedvb6w/lAnpVRo9LENIhjC7d6s8A5mp2jFMSiNKqqRNsaWxoFdf2UXe+nG8clXyF3D1KLslcHIGqZWImVI12n6oFaVL/7MFPl4+fgGUrfEthJ0iriDIxdirDPa7UCX4qHOcrku99tSTJvTLYC0qp7/nrhjxhHAlzA96nvNi7NGOZ+4+TldUcvn/owOXr2J6H4/JDwHcPNjXooVnwiUFgnNID5UoKR/89EyUTaF1xJvAwsbghW79INE/GkCaaxpqS/0zOofHfOE6RZpCSb7P+AlY3sxiN9EMajmSQkHbNqBHl97t9aOo6m5EuefQhyWPv8EoDO6zaRxLGMgECx0RkN21dLge+FfTkJ4/lbDbINl4dulgZkSJSvOw0UdD88MdVUaKeNJoOqxyEn54jRrQkWTAl8fz/5XsrrrW/8r7wt1/G8tYWMCnU/nWn8V3OOLNTp3qp1Frkr5SjAT75eCnRSE6NgggQM9JDMa1nYuxdl3enhSo18hwc8bRS0sNNSEOiaAELrhLO5PoaAK+PpKRrIZsSJamAK6jqKGzBQzPX8LpTdcGJ1z2wqGDqHdeUE1igPOma4pf6ldZoZjR8gDwW/fpFCz6HPiP2w+BRbRxAPNi55vU+8DOcT6OKHE3GqS1mG2xUqNBD9e6XZAi0jGydEdOHkzhx++hemGSrugd/D1mH4Era/00yOyvNiMr9nTwgHSxsiTzc2hVML256xhLG8ZoxjHAeZKUjmNmWfZlZ2TsydcWm0KcR/FxzEWZcUV7VIkNUzSI/bp5nCxI/sCuDlxYmtgNXV3DaMPKO+U3wmxW2ecdq4uKrAV4urPg9nGZjPNnztKpQA3hWFTBg89eTrJjbxssCMqiSaJLRnXMezIrjLm/hLSs2HEgjVfu+yhvfkcCiEGCMBepAQ1Ur1JTc32OCY7ai0zTZ7C4vSFSESKcYe6k0M8DP1UzBbDV0gwTX+zAttziBmwVzEZhAy3aKxSo9r1y6E0YulbVuofGwMmqgIIS8blmDgWyzW+vzlbXhXEC2it3osthZHYU/dIY5UF8J/eIsEJX+6zHS0Y54eI/ya40IEkm2xtnjLVQgoajmkE/XXl73R8Hll92x93Ol69fdT2xNlvw7rr1xwX01dI2it85VA9e8lFM7J6DtAF4YtN3/xrLOUdtBjtvvqBksfbExuAXWQbb2e33UKfYE56S+NvwXAzwiyXQh8GnOQ5BFMX7+vDrg5XnGAlg9Nw1r8Tlf7zBeKBoqpJg4PfRyrgSFO1t/63hFigtUDMhBhq5WmNjA6qEMy22FJBAbkrhTEsw55ObVzZE4ZvpHIvjCigGoKBz9AB54kaYfSn6IpwR43nuT5EEZZu6+BNwPShlMCUTXg4eJrIuZpIkeRpK8zTj8Fo8RI8mim0gGKcMLmOty1zxlH6E8WVpVLkQyjqbQ0Ll9lZoBVYcJ0YJkkYpNgdFA9vSqLzDh00QtRWdPN2D1e5zHfMLI0pr/10+SLohbVQOLTz3lidtPq0hNfSYIw5KmVDKOf8sLJJcD5vANQxgNx06E3WFFlPV1D7wMUdsmiSCSv26uO/tef5u8bCyWol7qgel/asZOHRckEJhOq4a8r0Y45Ev80ei13USiDSoGGUExMPTF8yap2q6t5b9oSBMMnQWUv/ZF3j6yo1kk7skov00FOZo3M+fHo9NQnbwxZpP8uctc32t91/6fWywVjP7G+UObmHfeX+5kqm4/ARmhsGJ5Of92hqlVDVLEAKJXbvq5gYZYAladt2sbzNLK3vr4EWwnfbWkvfAqQRg7OZWSP+7f3WOuRwksGMW4+VYmKxPze8Sa+qsgF2y/av8wEfCo+hW5RJRg1z6n8g0PijXQqLljbed7TUHqWXxaLcTpOdhzdtncyX4kVzhQugrQIw5HOArlbf/hI4+JRtG9VwmBotkY39GDUEIMq1R9rSWcEt+fzt+N/X0XOa4LS56CGF4O6WLk5kYY9s+CWIJbKCd8ofHw8zBVhOnyJs+u9KwPDoQbAve7Y17i1IjBH1gxNSfLAgnuIcW59LepAl+apDR+sRJoUk4u5XZq866xl4FhrTSdXXH5k5bgePl4vyyYgfMLec+E1eSgV20/qTwpjzmx+zLregaBlyx/dU+jr5lGQLeO+xjCx4sPK0BASea5sCWiJyqAv1l87BbbbKq4n1rkHkxK+jlH9xHmeIXtOkvEGLDIcE7teuPv4TyqSAmaD0z80yacCqDwRXPMErUFxBhjkP025YyHXe/mCRzfFmjNTmSN/W5VwpHjxLE3q75TG5mPCkhuPcIqKlWa8GK7m4tCtyJtz7Cb52U3v/iqm/6FzPB4TgscrC03ocvkuxrdpMCfGJKpaPz47QP0IdolKyL/+yiJDW53+IlY1tS6Cs7IbZ+mc4KhevSH3fp6mCU+9IJSAk5ux/m4TYZEgpzlAtnx9phLlhhshBQAH079gS9UImqYhZiwdS2bTA0uOKfYm7GVg+Gt80nHL/80zf1Mp4YHKY+bHIRMQ1otf0xAswU7pkS+J92J0fkSqzn9OPwRMzWJQ7uzHY9R5xAjrA7PYxevvQUXILd/NbwDoUeuKCs0e9jG9e2S3cagpEEft5X4/j3jIXCQjbU4lc5Ju4IVLiU0OktExG1v+CWvLTPEbwqcKbe7Ke4g0/3dmy2H5bE36shUXtl67jJDvywRYBSkWVBVRjzON8M2OoFlCiCmM9hlwPFPLQQLHUEeRark/9DIxLfVBoow01MNG5ryIIgIhiCOiHD9F6IKkjeZ1oQZAs1XCLz8dt1CbTTtXvnsaReDvyw95scX8i3vmX+MCvkHpdI938F2ViKL3tBSPTBZTO7zssC3BrocQ4k6N0uZwXW6T472VaxE+n9Jj81x5vzsOny01cdlsHbgNGVEg91yOyov792JjoXAHova7uJCoU3RAbplEUgEr4hxg31XX/uDA8qWBjVm67J3w1EKlyYv7kKL6XdyKgeqzFOlTaheAhDr3z7/2/soQwK+BxI2WGaoEnsvcBEmyPWzP9ycnVDUHxuxoBgQAFDe6vGp+8hLbyHYVL0gtJThmv+XxOY6d1dghHMPPQJNCt7BwiRjmt7+88kCyXxH5548OyhUpfwipySjMjKx2Qr5zIvT1tBbX3xRYt23KD8mEgM2tBH3qTX86sc260UXnVY7cJkQFU0P1jEyzpBxrbpIh0Id+XyRB+vIjQgpWiNSS/hoPVFMk6s/fk/J1ZZA9wbO4LG7EjVblyC5pF+dptFyEE3YAZfv4BoTkugqdqn52bALI4XRrsUNWhwBL8977wDIZjVEVg65yBdU/VkdFKxEuXicPyO4fw0D6vKwOdN8jLR35nZ4k1aA2UkGT0DGsMLAIfEzjRtw6slOupvv4LfgyR2Q6idc61PA1l8HdL9MlLM+6wQ7WfxGWTKfjrc80exTXGSKJXl1wNHL2glrQ9ND28U2SrJm3A5BBSepd9bnLVgywRoO/x8gXWDODL+grxw0LbFHHBnJkfgMisLvbeM/xnEsiQoczzhN5Vhjqr6Pu84fXGMkpqfohjq7XxSf2ETEh6eN6n8feMaU3DVXP8c5WYSg2MjCGaJ7M6a6WgjmmAoYOH48BSSSLMdDcwLAmHxI7FrCvJy+oR5F722w/1I2++mpCaGAsqimoTBxaiyFnN9ig3NRu3w9mlkCkhwWOrlaVfUT/O9kIGzYedderSxdqQ+8NtWKL5aqvrpvZkgEYe8Navp7yF/EKI4Chm6T0B73VhDLdY+7FPEchr7APP1W/LkU0J9SglV2dO1+KmKfdhRGMCN60wivJKEqMB4DRKDa9Cifo0klxfuUFFYnVp8JJtuIwTG0PhreZK0O6Tgw2ui3FRv5HioQiCe7xfPyMOcRdsLAFewLyln6gfGCEHCXAszGhOW2hPFHl0g+ZHMmeN3rkOj70XiMRbJ1F3DDqZp3qIMrUXA1rf6uNbYnYHih1HIhoLaK860HM0/nZIqRiCCknN0B/7RjckL4UtxzSghfHLUv21ozvBDMZaCKftohRYUyrWYvhJL03BlUV6fhpM+vdjsA8RaEdimdvjrAAlIU/7IahGpX5LRITu1uHDKZ6x2NRKzwSOJcL5mEW0qGUcAUVDQcUuaqWfrcHGgfLeDfTSC0RcgUTQhpANBkELadj9UBNSiHsV0TaY7kJEYB1Lk3OTiqmN76obxCILvTH9Off2VUiESg9g5noi4BoxQyf0scwP4GvlNiVyTslKTF+gJzYV00fn675R26HOLUQT7z9VqBWcQfvK7BoMOEUSPSM2NMHhh7zmVU8cGNydPDA0JnaMcfqKt6nLl81p/1GxrUOTi1ZfECE3aMk3Ywvn+dGTN4v4u24oW+j8PQFrVPz6vd/JTt2IjWjsi17GJl/IxZR5E2HE1M0Nq24Lxu0QjW2QiWviKV8+qDp+REePOhWs/s9PORcYECf8WhXlFDd5EXn/TTtbkNR106P79EMz0s86H2hhjWc/kewgjSi35yuBHqXer0WwakvjmCreITCFnLtJDVGsdFT4CucQaSCwcFlQPZAkyuU6WaTegdhrVvZGgif691Tt06z2UxziMtWgJgBIGkyZYwPy7rgd/nziAwK2s1AUOpuzHP/Mxr8p4C/ckKpY6zycoLI3/8+BmmCXoCkwOT7hvSdr6CVlsR0RZPC3ZwC/y3uYBdGXueXAGcGxS2i3dpR996FbsVeEqogulnjcMuQ0NpTkhoPispH8WzR7AC25LAwWGLtk8QNjcKsubeyFDzLRnWZkAm4omAOEvOOYo4hbYgTfxwdz1t++d/VBb3iLUl3sGOXEgMcaofpr55dwz8l6TwI6XIyAjoEDZTDNfxVvHDNFO6/ePrabgK8zrBGQgZJwagIUdkRrOg0rAkuc+C8fIPjskuuWLHLqwCyx//vqsUzEXlJcUUCvfvGE/K5lM+85NyMG2kWFuBoxxR0DXd+xbH+RTGR/LPRHkeATPTBeiJSjS0u9qx6tZ50DPKb9U3KBsf7fapfo9bt+AWpus3gOtvAgDERAt5GW0JyYktwXSARZ3vz1BurW3kouhpNroUlIHnnyJYYnaN2tV0TkJrdUZV6nFsZxqqYOzuUnsq8g4GAg5B3GPp5KPrQaZd4XPryoGx+14MsvF4OPjPAwXyihH5cVejlUxL8AIDdOPL5lot8iATSlvJLZmrW7YC7X6rYrNwDaQ32HHjgbd/IZSQUhAW+uHmrqRz8khJPXIJtxF2kKAXqNaY6eN/j+kz0ArjKwjKPU2X6v4CxvNxfTRx40MwiDUEL4EUipUgRGp/qDPgzV2+GOj7QZkirX1ZZwiyUeOT6u0Spk7E1jUiRq79HDV580Ml7o8JoBY0QcYFrqkv1OOUpjue7B0hADvtocnLs7/zu/aBgJ2/e70p89ww3JGRcq9rheQwj2xq+UmRWI/LoIeCNMYWB/pmS4okVmu9A96iaR+vW5p45er54hAjyOseIjTr4vTCxoJuN7CpzdUKvJgQuxBzh7UTGk3qXs9yZu//wfwxFqAoZNMp9ijhpPSJDOeDhXiFh2PYX0rjSxRG8ffqp9JtV5SZRufdWkq7iMa1mW80ELv/MNP8571a05EfGVfgVH5PuKa26/H60ER6BxcCP+dDDktSdCoVNy0XZ/NqGdtpnycys0S03NI9W5bKr1fBLVVSd7UlwGMWGOm5nzRWjZsBBk9tH3ZOFI2Ut4SG3cfgmco8AJZehTMkDEXX6WmEFD9sE5A/AatbpTYCsH0RBbi8+CXT798VVX4G+Rw954f19J9/z9jINQoEMD4Ode7J+fI1hnck3LlqIzAas3wKdkL644DNye7yj2mmGZnhZsJtn03s8t/lX2vMzWcE7goQUDvUE3/ieRLqMvexpEjVnn5iMpa2qKCOHLCJar+s0Pbcl+LLgXuSsYAkSvAHuLKWBTYNOSFu1A1xAw90VZ/xUnCnVYh2XxGR+tW6R95L8qujJZlIQedDf0zkylg6meHDI7yPU6mulbpHPrrCVEUiDoV3ICDTwfJ2Il4B9Vfk/QQEm8GJo6A3CvZOVU9hca3qGoPe7C7tyxIZW8ciME3zf+dltTqzFIGjHeSEt7MyXtOXpoW1cm5NOdfTGFfmyYd0b5o7Yh+7j1cCIDmdFzzD9gK1HGZZIdahoLZrElC+roniagQhNFfEFYXxMZdgAycxOT5+CkoqWBE6DV+MQAZ3TwJnMepSmgVAAc2t8z5v1kNYmzIaiwKw/pL8iLzjyTzduJk9/YSofFazm9QzivLGpixymCfEICxOYu0TIaWmCckiVM5Kq3RYYY/h0c41GlMH+K3EtXQ1bdCmHIIIcOrqYXEHGyLeUyBEjnvoZ+R7bNbMa8/EoBmS+5x9wkjLAui8kXgOA+e/9AuvwZf9hUxp61G0xmCUlkk90PhTb8EvWO+QlVvzEgBX3txb3oEHlm2RaOcItdD5m/lS9aGCWCfDUzG8lktLoHB5GLFjupO041JWhuZugUjfQIfgWnupoYdZS7uFCTB9ZLegoTzrLNtc4Nf/VHo3wKXeVKouiCkmoaBtP7fZiPrd1Vp1ABX+q3kwNuvTUhyZz5NwZVYSdihVqT5PYgC/D6cRpAlvE+VUruG7EK8ArLmlLXmxpfjmEvAFeqn+cz+Pt++zENSdLBVGxb5+EoPb6KiCDQFwfHLv6Nodr6byefODcjUYHONvdqsYh/NQPHTehCLmrGuSfal7Q11mA/GpnU01YhQ5vQU4jn4JG4pArIrOgjg4AriQD+vbvZqVQEDUMJyIzw3kLaDgddHrtniRg/sxk/py+PyfbyHvC7Jh1NcxdKoKIyd2Tp86Tljtbgn39ho688zvh9Db2R0kVsj6AhYBPWqHzZTTHsJBAWzAFZfGy45dW+2YVIS+eIjg1yuywEdveUM+WWqEwArX3nRencjh45vd8UNQuL9Ks2jYcMGEL4mG3xYqIBW3NY12SS+5JNN27tktrg/l2a99je3iOn2f7Xug2bNCo/nU+EOBdiTkCnXZnVIka8iqxwCtz9hSH1OChBQeSQ6vZxAhyzp5IX0dkbjiys4Zb0UXeqXlhmSde/A8QHXuJUDPp6FxZkErJP55qrF+G2WGRsurUZ7vWwEaAWINPnPuBdvWXBGqP7AL/aB8Tp+8F0vGeLCMQvuXOAAc9PnLZ8OjQDlcg0kJY5KNX+SuCl2V0j2okz+4PAS/i5DWYS6o9VDZdQMK9gy40yLKA3Qq+d9AnNNRu7W8vCCyxvwM0f+eilbaayJJ69omg2kZB4mcwrKedCPQd2N4VUodtpS1F0Lp4wOddHxq34hQ6kUc2FRWniWAUq06cLW6LeptmKeudx2oe5VHJHSZdvVDvc37F6byn6/AfO+YVoPDKCxIg0lrqvVStpMCU7fSlw93bbXLsNXr5Hu1PH5ycZ1e/x2Oy1GCYAJnyVzeZAxUVQtBLwr3FLmZ2Bwk95qYdo0p+u2EQ6s9V779BVFPGu2m3pxPwtgF2G/zbgnjtUXgeQFZNz7JcqCURYZhQzSHpsPyg2CdALSunX5HWOqoedF2JEUQ9Ga8w9LPNVUbINFpnyI+UW38ueJ8XRRH0wKU3TD6I650A8LOr7i5zL2e3gD4Ajj9DbqaEdRxT7cUjBTj8YuzMadjaFZzHYqMW7I7WtTrnGv7N8G20tMk+76EpWT/iSg1oYg5GB8mK7RX9ZR+FexGp9lsQO4OhsG7y++WI/qwFGWwppSH7gnCHO7oKFzf0tScMuBKBufzsQ6XAdW065N3poAeq4d7/BDWX0pCDkq46HgaEHKew9Jycnpuqo0MSdR7foedjI6nZlvqBoAcPZ/JKvM7iaiADqAksYTibk+8GLBqhvZ/W9oTX/V/K0gJV9+a97jMoKXHO+YRmHAAMzMzVb6veddoMTH/aIzdUTlEaZG5wg5C2wRU5t22uIgimtGx1O6wMo8DvUQ+FkUqx0NtWMVK/HKDC6U2wGP9z1LG3w0VckUTmHnoNWiVJnDQEDzuIqZ6kRSNJRYCrYBlWVEdwHcN8pzkhYQLH5yjUeTB+mYRtlNmkAYbrFlpD+EyQ0b0jr78VreLAmyqlxtNzl8EoUvmFJ9luuD4J+B/abiGQQSLe/tgVIRLVYJ/Cor5TAX+x4hfXYnbruFh76xdzqKHEWW/tqJpywQZDP6QkxLNB/zEN1P7i8+lBnTqN4U75o7csKqwXo4vQYelFuTXP+Ca3pbYKziiUB5GvB5UfMCBTNEhakVhaJgEiChldWHaTSeZSS4ay3z0j52GEYCMfnPA9aqQfTMU7/7qAIRSIgx/N4efGuccJxzt9io2vCcqpvcx76u3yHT0sFPq7rpKuhS3yb0a10ut0xiLssVe4g8OQYGnbby7PuPJc3HBSnlLZpIsPCjt7zCdo1o8wQIf0mtzVCMUeTvUijZPyPXr7UYhoLfFVR675MOUVIOxPLuI8SPaxwYM60D+XVctOtQgZZOzQd9DHL4DwrCs/9FdVEmgY8YvHP3EKsqzDKPrUDoqSvuHNSzddoY+KrqrkkJGW+oHkTIZ4muJtt6JCTSezuJ2xVpBsjKOC2ZCdYklefbITxJ5PpUlp1YLprJQqKCqi9GEyifPcYcgNhFk/JHqitCmav2feE3mYHjKsmRt/uQRwwd9la11qAcQnz6Zvwu0iNaF2laG8sqc0MGbt3UP5zeI4FeZR9GkLCoA83lzHwabvcl61GyMpncluSXLABbUej4MSCGSGeifD5uHK6FQ5YaISJCedHO3NSViDv2+2nytbX4CRMqQ9wQ36ki8Sf/ekuRQ0H7XxwCy1KuJIos+0NSSsPi9kZVpJvQxDX+Vyxef5C5aJC/WXnG92D3m935kzvy2Ps8H6AmDx+eE3pBfERcHX7AEm03QA4M2jxQVIYLzsK8UiALAAgPnLhuHH9Bwkyo4IK7HJXihyw3KoTapWtZXbI4YZvoeHisDaNoCSHggaKVMOosERSgaN693o6P3xuYgexwxvXbZV9Km3/UZu1ROSJmr5JssCrKnQszQ7SbSoP7v9iNIzDBUr9KeuLvyqYXN89tA3PmkjKx64DTyWZzf+jB+9bM1urQLW+UBGp7B1KQsZq8lXNvO/7xOfkOo7ClxPeMaUrFA2//fdrX89jSm+rUPJwo63JPXYavYvTWL3TCkxiNFoyjHpiGEK37Lu9vjjyZjEXmycpxzFcTyzENGxph4xTOG8zxOwu1iXZfkx/2INpFgJPOjYdVK+OAWpAfxZLY9Wuvd/kZh16MI5F6PrT22YNTdiW42HXwXl3W65iqT9JHs614C+ZJmobaaT8Kzc5rN+CNSMVbtKS3itM+PpxUQyeoS2AgFfDDeJGxRWsEHc8BuMrPzOgDnWv0S8lwSnUeSLEhmQGMFKOcIrrugDl0ZGNwYATNDT6sw909ndgyHFjc9tNh0QHIMh2FG1y3s/72hbwpbVV3/6JIUqDx/YinEqAYNZKNH4H5V4INK7L1sB8tX75C2U2lfuhPjuHKGOzKvjrIVYBP9natdDruJS4wYb0W57dWfUPqi8WytPIgTTxbI8tzcBWpXgXFd82VPzUebNP43KLl/hbD49Db8GikdGl0C+U5ouYdMxurJAdSSrOs4+AtXqr6qT6DwSnpgrxvJNmDAi0WewnANggXOi6y5htpONNu9rJ2uIYA29uzU6SkT3csdt7RkBDEeOpvof2hbObmSlaGR7t79rXNvpeoIBRUKvxeVLgjqWOHxbmH8nrQHSZmJO0ruy0jsAgZ1Gw3t4RPE8w6BdyPYYnJRZ9jDIM4CNc/MWLhJbygeI0qZ3lQRaerpYaIrR3thVjPO0nG+z09x9jllivCEzt4RhynpkXFtjHXNXKm8DECL7QDe5M+UyF/Qh/2DsXrLRQyHnhAecYfkHqcprvYxQOpYFs/8jSOI1znZlC3aiqdq9ACAnTrxWafnXQbJ7yk00FCRfveONK3p9TyLGhyc0xMmIZiuuFUrEQ3y7t+Znt1zpz3XgymB2vG0vyGPcKuA46Zs6dx+JAGxvGJg0BNmVNmDIbQan85v938pJt6FsA6D6keAYmxV1yuHsNx7nNQjxhBlRgoYEvEEqrZqbNgE17wh7hmGX87p4hnd2nGU2IUzXeLOCqQJtdP5FL/LXKWFzVqDeZsqKEQ0bIfDKUwD9hKVtNzjEuxNnVm1EWDyr4KJx04ahmuSqQdsJBcUGL2nN3RRVx417mYIo6Gc2dPm+359yNnIzX5PZPwyFoesYksDPH1MJx3YTRnioLWS4rbMfHMFUEdq/gBhy5BE4dJY+AzmTn2az4jLxwO/fYXHdjK0S+hgfiyeXiMT6ku4Ql1hRIdbmBBPcqE8Fo0JoRhHOD0RnXAA8PchZPrzm2L2i3E1FLrj0FyRjNq96gwo9Sd3SvabWRXEz+xhDD6qyinijud2Hh21kjQkLaPOP3FJnhy8CoxFXw6aD1a77ZjVVnMIpOdXujmxpxV6MXj6qpwSnc3OJsQi4T1I6EpB9Arh/TJZHt7FHkX6aLQ4LT2TFSLokPylhmx/Ruv1eKUl7KrXHIeHAlar6IS2zaUVRj/H80HWxMZeII3jn38rmFQTCDAF2xyBDxjbi3yN5lmGu+o68XlcIj4HyQ2RuAvjBn/zzFZZrZQNK3CpL2lqBCMo3Q+xIuKMmGuH6PSVrG1eHuRdyqLCQBjUC7tk34UcdupVC3OJ4PvCLjjFYvR+fjD8/whfBUXw2V/KhJ9HB9LjrnVAbobtGMCr9cpucVUpgpWe5r4Hj5PUSSO+2rusZoK3HUs/x2n1IWlok1IKiprCvJpDNXQb3dh0VAlDHv9ZlXTragPyRIfso4aBQqxm3AOIui448W74YK2Sk8h824tT2BQ/syc3HvbdZb8FLaADf2CYuKddmByBh/gzUg0JqcjDnF4LkU9lOWg4KJqLeca9SlDBV9LnB9IiiokWNiZ4bSLn4li57cyGDTj3qqM0LDfhk/kH0nuxf74FAO6MrP1wmBIbIPk9zMG1wfuQR7ZndYaw+L1hqOqdDhRQv4W7J6RFajtXS2KztD63rpTgGQBTnyKN+fqwVUwFyiqLjl/Hdpg7lnLNcvw3iLzgYkg3mcNR6FuJDPHEnKWRaZnYylI6tSmwEDo2Mkew0axnk1UEBNxLHG/kgoa7oiP6lQkBDlcH+5pqedtEafhgoNU/71Az+cHVJK3vKh75zyolPr+SpMeza48f+tLy4WtN9zuOjPmfXlOZNAmskm4025ie/hcj8iLSRA5bYIb3LmcL+/cc7W9Tz5sLASAOeKrc59tAa9f61ar+GUg0wCAObihDM9H7Q6XfQeyS4N9zi+HxK5hGa0qgspd2tbL47w/X07L/f51E08r5qVpeIrFEuTCLVarlKC3fPvmgfIn27fVnCQoLHMsoNg31emOLnFvbe7lWF6OYMkODAqCqXtZ//Z79o0XURUHfKb93ny589LvXJbwpzMrpfsL0QxCP1apUF5dsRQhHePbeAUCEW//m/kAG5kwjKjIFqIj4QuyAcjr9bTcAej2gcWouHGpoejWvaNR0LZu/gZPZJ+jvC4bkvRNSijo63RMucWmvw4N+iqxrCDS9CeFIX9RjRTmKLB/5lNURyG34E2ogki2Gb1WlMKHEcpor0/gqJ2l/B8CyvQvXibsxiCcxVYY4iRVGpXFloslXPnbaTTSAKO7WKxQYdf8eJgXO/oYZgDyDjQq3xgU+g3AJnAOOFIGFPFTKwLnWJtHx8dnpnHZJvCcSVq/I1w/+kA/aCKppxZluHv2Gn2xywrWWntxbjBzpd7p7de6ifSifjtEL7TRV9UxSdjJC1E9A26DronXpwXmKAtE++3WHpuY3/jgNMhgZ+WovODPrwStSjhJghBuuBuH3n7ACRcrm/K/ukyZTHPPoaGNodK96z3vCK4Tc2bfxaYtscUrpZrirHXG6VUqkFrqGNvvMMe+lhEq8d/0leykt93Or+QlbaBSUkSsgivBnOU3ru1NN3ftTsrvC4vxd2ncggnMuAvoJwtUs36/Q1xJYzMPfEKct5D+KZRGx5iOlM6eUOJuPLemlyhFpAgk8ixb5ByV7UANvwvMtTeoXa239cUBsh9FwQYGyltKg+K7vg3TW4RZ3BofRPx04T7pXsXtv8s4QU1EY+fkCmLpOUo8GEvBZ3adF9uSK9Ri6Z904XWDYo/q86wX3U1RuO4oPtOMOUKK2r6dRyJijeLU9H4t6EumqQNfpOgQv6AeRC+mVKppkK07bNeVyse0xiUiTnjL2eRfLdAKd5Zqzf1TQ8VBJPvNT5EBqJG2w4yrDKu3QqvDXU2kHywl6hLX5kPpgb5P40W92TIEahsEAyGnA+bMPVJXgmogVIVHvjkGleuJ/sHsFDFutNhQ8SQ8NW1/QUivqNOQmWBxuHc6FUnKHabxZaTIjfnkvDXNpu93WZ7TxSO3EM+TxYhP6srY9Omi017i7h6zoJo4uGPcbOf4RmVzuNW8v1hd7VxLSnfkA357AJN9XcK/WcbeynNqp+YsbrVviZUKmMnQSAq+fNnbPsz0gU5fMqJpru+hQ85LL5QC4a473WBudeWiiM+9ndVPUgLm0fAtUDp0pXd3psVVWZwr+xcArC7HxmjrA7krNDzj/kyeO91Y0Wnc4vLFk3TqOXtfsASut0/H3roOjdwflKixmsjs1+xRzBc1gjsGwMyMVIT+QIBB5Vv+nYTDAlHq3+aTgcpmViRx8yWM7OQqLwRaHr6NBbS5jAXNUKifb1ywG41N5Zh8gSNXiCUe/mC+rz1nugnNBYDuMJZgIOl6gM3rge3QRuq/ehdAYeaI/TM59ffJ8msJJk4IW0cskQmYagJMJs2mgNzJB+5PRURLK6PfRLxcH5HxThcQq0vzma83gCr4FJWwpBhuiOub9aFaRJBmaf327hOa7bqZ09u+ep4TG8Wl96H9YaCC/QpGK394cIjT8Axh28Cy/p6p3pDorSeyeEUjbM6TYVsSDtIvGbLbZyoU2ZvBQBKEKSPbJZJjs8zWvnClNiK+Nw6/2wk8r17K6FqcHNuJABJedcNE1+Uib28nulK70S94anR7YPeUD+f8y1QunX3fd9K9NH2truel6CjAiLGZdbS+P2pgPCASBfQOwkQHKUpuuboMDp3j5VdRrNGzJ2+ysNi4coy9zIUzcWY75p8L6neLy7zA2WlOp+aZttyCc1ByZazrbR17S9PvJcRumI31Sp/bwBE79raaNLT1MJIS4H9LHNCf3GBsbaJvynUhiDZvhDx6+bOy52T4pQIp3EiwqSmbfLEbY3XPhJwaCSGMtanaKcN3CP7TnAj7n+O17vGV4mKd8e/faHaI1m1XB/TI/zu6qMJR1Ppp8,iv:7egIXI0F0Ld4lDV4cJhAjtdVml41x1hr5knXVpjUdRE=,tag:vBrdp9RetBWbK0BSTN6zJQ==,type:str]", + "data": "ENC[AES256_GCM,data:Ra9E0fMFhdOt9Wh61/FRPm9eSCTeZgvZ7C8owatJy9q9opKw4ugfzEgCfNKg2lBl2CX7sn1s4AetoeEy61wxHB+FdUu1irAy1jyTjC2joK0hFHAD5+ZZ8l4699nELlX9nmgii2+88QLDglKL7gnr8pH+8nrIViexCdeLq7Hin/feGszQPBm1eZV9AKwyAyxGJXKBVYZhIjBLM+2KSu3T/tklcakdJ2WqCO9SAn58iqQ2ne5jtzBkoygKffJ5Dy4oUMZbLNgFRua3Odo+1wxMiX95IimAFeXARNp+9qAxSWNFmzp1TKbHoHI+8vvaP8cN3vsCzwslpFj3TRE4vtd5OQkFZIevRdrDn6IEyhGqdFRhw8XpRv12C2K/wdZzsPpHktQoMXtyV4lSbHt4pipX3Ok05IHg2H5Vv6dKHAnatZYFHxOJKqLWCg26LrfdlLkptMO3nb9Sk748TkgGQsOsZN5A7wz14BXHpJGQkxGeSMpNffd1KUPELDgRsrhTlZxCT4bQtHzF21a52Kj+8V6Gk2+C8AU7e2MW41SA9yMwbE+gAadAkw+QqFtoicE3d9IIXXvUfe0XgiHkh1ylgkW0k0CG26teBhXaGZIkkwmXPlUeIhxYWgcPuTmwplc2CzlqDY1JJU9aJfAlTOF9TEsIDBFGo8oHt4p9JLpMgehS+OT6FLF/tBntqEJ7Fnpew35LhJXvJ6zF5ee9ugfw2Wnpzxx0NFk9cLjeCGvDKcYKDfsIAQilXThy4IRKGrg4bmFO0MhpH4OTbuTggCoAu0uwUhLCRInd2h4/1zMCNF7xrpmaXq3cZxj4Jp1MQe7xselZv2DPd0Qec+Kpz2Hy98nCo570d7xTeLs2tSVAVWYq3OEv6k6e422XSk6If8N66VjzO2ZA4AHri+EHGo2LuKDSjjXjWvftfo/5H9cTJT6HyXuhjVE3/5Jg/30F974uzxhxFbME0yYLkik7NVuY/+clf7qVsYwkqZM40XEuvSir6mZ7VYDemElN71JKcCx5x1XvSX2/nay0P6PXSthz68TJM8hieFvw3wWBtQMQDQ7HA1lpyKlqzKjf5XsF5xlxYgCAU3D2gzn9aqm7GMqDZcjwFtQmQEdOnkHLOJSMk1V4Sb9gXjzZPxZ1FPTxx7jIL9CR+efELZ25HaBoqsONviEJSQNL8zEXnXJ+MSYVmvvgT2cVMsaKcMsQyQLKybfLWr2srE9lAGFWjYJN5QO/iTWxUIH6j2dehVo/ZaR68Tkk2oDJ6YxEt5UQaIOkV9qd8LcxEf24vd+W5wWkGnwiYrItkfZvV7L0nyN7q4TVRj5nOlbxae6DkFZE3guFBUX4p8s5KtN1dMj7Xxzshctxu2EdZkpFYHVnmeuRTJ+qRBdBTQ2mtZ+3jBHy0/GWy5UnCW/o1nFXzGJfbkgVEWdjGDBRpNcDeFtCETiKhdp4DkiSRYOvT3SgY4TKqgKt1MktOX5q+zGriXooqa4+1mfGpx4VFNynq8I/7O9VLPO7h1+3BdAv1r//mkTBbVv2IKY5tKJWqqwqQOSRIs+LrYlmQX70ShXSAYiTh1a9xLCR2OMD3i3x9JZnycTbG9uBG1UWsP5dTXmABu2tKwD1rufvl/AqBvjGAmho4Y9rJ0aFqUinUBGoaJ5H4BOuTT1KEtxWA3S+bbJtljJWcl5YHFQaOZJtHFKvuNGiFH9624RkV5NMmNs547OpDRNVOu0qiXnfsoOJ+DGoZZoWUYNO0v3rPOSfhQxdAPkwoDG/pPQDCS6g6YdKCSBiyrwlw91MS/sxk14ssKOpOfoMeawKxHgta6nS4bQV3V/XVmaMWlPXfEo0kluqdiTuKQ94aMfSm0fHyQMrU/u8zOSdA0P9QDGJJPuNflIUnJHYU2HIAi5GXFSsa965T9lz9qrPM4r8aBk6Mj9coeWtvHz4eKQDAumehcV7SdahTDWlvhdEck6ZrqaK2e6QV9dxwsq5wqBtJpvHfJGfm7XDAL3GmFeoJ5kvr1lsAt3lugd0ff4xgGrn83hF5TaI5XWaO0bc3/IGeHVi4wq0dfMiekv8H2dBh5pMskX1LKdWwjybg+vxvA5ogtLnBHASgtXQ1N64blCBukU3B5+Sg2NtC8AlLBt8+Ha3psRINDgLHQw4IetxYSTXnZyMfMcb86FalQvYO6dqH3kDTBHbTJeghkv5GmmH+7vg9O4fO2JAY5D2kVbOsADFQ50TisMOYwsf0irXmA7K6b+OySCqUXvFNSnw5uzqZYTcsFfa2chwEnzkwKFQhcKD9qZaUxOZzQLNxgiehiRUB4fXQ+HSBn0iKftFgxqIRD1paR5pdNdHGfpRImMG5aNVedqZW4WWPC5w/7YTCJj76XegfLnT85/5lDaEy5F1dRHC1LoN9TSomAPENcvQEc1r3jmC57yggE5KYyr6Mp42Tq/sTdhARZRfnSf2ui9QTbW+tkt5RB+Ej5b5pNtURxNl7DwQDgPPmRg4yMPEjgHmsxFL1eb36MLgYoGE6+hJ4MViHXaktt0nmx94uvMRlI7qlBWGDc3Bsjd3q5A4GN3ac/2Y+LhSnUVmF9SSNtQeAZzK5j8GhOlWplYe+dJnkFpmJoeF/NYsMFwVMJM8oYTAzQS3eUyF9tZuV2rU/fdAtl3A0OunbIPWXl7T5R935BX2FioUtabqKZCiVSOTMLDCWd9tWzV1qZ9XLuDeDXAhNi2xHmUJqtiogfJJVXeM4sAnJbTjSK1bxO25AgHs2vCoPIUteJJF0Nn+MpobOgRa4gT//9sL82+1D10vtgCUt9f56mtLKxs5un/6abA+D5sSo5Jku4XgO4uEAEcON8Tyc0BykcbK+8kMtwbKELF4ISW+2wJJqu2016jWhYE+6O/FpY3zGmWpessXHB4XjjZAUVcj7bK9fi/WMv+W6p/I31mXPn3/4sMvz87AUftnYrRNZd/xXmCVbr4eQ6xMLysOAqeI+Go6laRte2bsc7eoJS1mStY5uUa6aWPgdy/5aOfjcaDpQNAyPrmD3lKXHm6yYiG3kY0+W1jlNdY0eFx0S8acz18KD5Hj4ishJBVNZ2Y/q3OZ+KjM9kbaZfHL9BZ6ItX5SXaM52Mgfo/gfh21cOpEjsSd6cYcUntiTIW437iL+AD6PJ3xWsXDNC/piHtdy0kLOB4MVCNSU9LiWjZB1ku3j16MkX4eNf0rjs8cEPBQk/hxvcmSyjBOrBUEmdtOpcTZANeY+sduyg5Xgnbfeg4yonJEcR7+WoT7hnZ9HxBWWh1ECLcZfigYaXUk4T7+qQJpS61sJ90m9VmKMZddkqyjBid0YAyd6PzE+lyyLneEuuo2uu7uygmNPdVvBgn/s5Z+mYXix0MGDo69JHSI7Wx/NROiixuQrqBfInTTq7SSaa9QSdduoc3nvAKysJ4sU/qe4nfD+THw81Lb5E9WGeDKf3gzSB/jq3UGxOht4EMm7iGorRvbpTESTji9MAiZbRlnPtvJq2t4HP6OmrQgBJN1nNDAz1tT5Z199VXY5GBQDokVHC2RkA1s5Ze0d9dNKdyO56lubASfcSvYuLwFXo/NNQK5JfJsxdJSAaOWUHho7emnc/nuIaIYIm1gerYVHf4ahn8ThqxZ2/S+cod95uH/ZDPFUQMJ3Kbx/q4n94f7Sv/tFnXgPqih4Br1hcdnSCrSM/kwWekrtBe0gQsjdLJTiDdk21+mZSPPCEJ6ZM872XlnsDGWJ7PHNk5FmGpyzUpCA16m4MJy/YJkPik1LVtEkEK+iuLOnx/jPkYSv1+Eu0qXHZhVbsgAX0Vi4PmgD+aCOzoupkCISO9xnlkd8tiGwcp2X6cJU9lTu9xFWO7MrDI/TYmF4lOPIgKn9KFyP1JGudH51Y1X9oUAapWuaBhj0PL2tEDcoY99sJVh/Gv07u0mT1Cd4FcvAOJPo8L0zm9dML7C+8JzVIxNSJN0eyjtw4UVNs7adhZi4CqdQxdA6k/6nGaHxZa56RrLUd09zfVwkjrpt2j1oK+Lm7u6RCXsIu0BPiKqXn+5ntx79Zer9VLt96Ck61s76ks+ZvroYJ+iesKw76M69mhVhqTZ5oj7KkAlZQynxot8KGFJxPZKOm0k3JGGUgmkuj7IdOgM2qFbreNHZ6cWHj4h3QPfpZ6V7R5H0Lrb7bDhJofQyQH+BvmXgxyMpXFkqms15os7tRzDxW/5bsgRgShfMjySuxmjKS/NBbv1qggc604rZyi9tUeMKe6Rq21F5/uXwhFz7zlSmZ9BmeH88JhCzn3FL7TeqEG9CFEXcq+wqsOZf9AaK3VS/bZQ98wQr5HHRYiFOIMwZmcnoRc+/IeubyTFZrTWmar7mw+Gmua7lsIJzoyW8rZ1s8SVPjNusahXEx23ba+gPn9C/NRamGNstWbc8V+PoRLzn0vW6AFpdHZKsJKvUGPaRQd/DqZreMvaz/e+KgdV4Qr24maEIqyfhGh6jUabYdFucJQluFALTw1mTnCqigox3QZ+F75XEAd9tIK9lVznm4RfyYJAS8NUd5bVzMq7wPHr8hoqlKycwIklumH/Gy7lXGem5sZxjHRNmW3k0KBVgBfs/hgi9qZnitSbHqNdfXMKXdnazd/dEJZqacmNvmM9y5wOVSOGgaAEuGImHC1cTtcBeu2bSUZtpSKQuhLOw6QBSUSaUKeZHnciaAtjnPuq7R36Yv+qypYlbDjUbpSTHKyuXyCplhyW1//Q6r8vfh3IzZgsPPwPWj+vkgjDaxgzjyTnIxacPK2HAUwpVKpkMaUyQROvSvDpEUND/Xq8Z+f3mYuoMdCoqGaFn3k7EiOx83lqSyXSiSYhGa4wu4xYh2RLiJzfa+NDBb6aUpwjgjaTr85jZ9gL1eSDH37q4z9O8Wf3D5O8N7GTePbnbrRT5Boae9IKqvP4qKr7Uf5bqciVn87paeGUmlZHXI7SeGTRDaAErza8/A+5HOG0X+RQXCCYBuOiJ/+d7TKCSajOMht8zooysXCIHOHzeNr37fBVr9u6ZEIpJxLOJMZFzo51LI8CPq31+NmjxSr+quTDgzy3rKQX82H/W28ib/+vauz890BUnwlYoaDZYCQ2+GfMbMabBts5kzLVqPXKAMlE5NgIthIfS3f+QYOW94wCViKSNV3FRef6Ji3vfMo39sl/N7ek784svcalRj7cAtnbgwHgJzLGJxB955P7SmiYkleT0+LSwDx4oVGp4O9LIKj04KdCEKEIOFPe2V4g/MWYR96lG744uvGX6it7bgYvxzEZgbiMr38hz8Lwl/vrm7jAn+VmRE8liz84xHhPE7CvKi9pFw2jSSRplm67bXNwfudEHbgr/vzWBkH6Zw86k2qEM8KoPvDsk/J2PsJT56O8XvwZoxA+tGur15NgyGnxe+JWvcEd6hpn+bsAsYoxJSu7ZWoDsUvjK5pzbQA8JitZ0qa9vvoP+G6Vcw0QYn/OyFMJatwgqWHlY+2u3828QIClPSnuzqaihUl8JFXoawsbIpssDsj3KPnh2UaC6mZoUEbf0AA3tZlzoavF11hLeoAZn0zMYVWlxgiMu1O6yZrz+jPr6u8cMJ3i5NKePvNp385zptS1XSBnNuQJdCdvwumX+p/qjkDO4taH1omIEnH3o7zYXtlL9rOUXCobQw/TiEmaXF2Zb9hb3IWONq/Q4AtrIKxVNs+ihH0CNsg8EPOFRe+6JT4r59CJ9KE6394r0hnVuaOD9F2Y12piwcXCQL5ytBxyp80Hb0JPW2NeQUURaZLbVlrGXWnPOiASjA+1dCuDCFYu7/eG+YRxmJLrs5oaoFB10h5+LnJ+goZPqsGVv0DILE5ZNS4uu+CjKUW9XgC5MEWLvmdAf7InsMjxu4spdOgLsDf+Vodlsbw+J4u/45QLUtlYom175TvBMNilZPTeZXkm2ddkLvMjb+m3phP0RGRjcnsjUiMsy9i1HB28IBghshLYVTO/FZuA70eNSsKO7VIIxH7z8Xd9SjyzvFzDwykfGRu85VygR9+eb3AemKPMbOeO8gFmrrSMakr1OAufjHhF+nMmtNnrJfJlO6MPtOYEh+npiaRtl8K0y04jLGSvGbI/BhDqiUUEcj9R3hjJBUzpmgyu0x4TC0g/YvwzSPTBGOSCZlUdrTDWgd8fysz4bcb1GNYj72ejGGD6tFPIVMCEkTxFyUsEPnv1nm3utXmF/J1AfUDXOk/tioQ2MzalBsMI4b4chfsbUh02ORvxQDAopwCCAMVmCdOaDRPYFXdMGbhazZKGfOOixVJpHtT4RqpOaCrpfR6pCTP9cDFvAOnMUd96hUjik6oNJF5NbhrSen7mlXBvuLC71+g5+gsVIeX9KHxCKhmswLDu7i1cYPoD49G1elNrtI3ktW5e7IVgVdReIZOJl9Q2U8g789a3hligrKWa6142lwFTYdzZ0UU1xZhLHbdauGuxMv8jjlaFlFuDIaicCOOLYonCDlhz49jujvkBKIA3LNuvwm82JBEoh59Ou2lGTWzIZRpuyljy48R6wmFnmyW7F4lrnqaAypSP2NOAF1uyBfEA+44Tv8bX9eWEo0HL5TcEg3gZbsDvZSZiDv7UQSaaIrfQvp1SZzIvTMUSWHmyvetL5HMo2mOnbEnf1dcgAOhBaicd3xaNeba24Zhn51YNk+gKEiStxWX3VUjmoqoC+29bFS93Ynw6++kGhTl3UCG6gX7iexXqPJBDwgHpftwW2xSzTD6Mu63FeG4MOjoVrPqsU605qHw8thyPpHnF9/g/NHk+gxsCe4qsekVkB04Pqj+u/ldomXm/rKMgo+V5WI8CtreTK+e2ZgQ7QWvzsdxKrsuss8GOpHDZCXQzsx5B2ey75v37YTJyJP645ustdxHgkVXqcBmWfoPq5fUG47mOB05HcLrJ3/Lgve6i+xS5+yDZ+h3Xfm00b1NdGDPUKlWKkEdDDsDqxRO1qa3XI+bwdvg2d9nKFjWkpO/zjjhsOoh5K+V4esvgQTqT7yDkA2Y0EmO1LJTLB58pJ7l5LNisYwdC7WwHZ56uzk2SFkq3CZTByFXhNSjJKoVVVVIsyxp+1NlPfY0fIjw8GG6kxMrrLsPW81JHAPtzhL4BGn/3HGAdIM9St1RqiHwX1KLCePEHY/tvoDcZPdjs6mahScnN6xoS/C/DGjPPigL4u2xWz8JkU8oDQdhQ7/IdSgqc6vxzRHqCU6r0Vs8/J5PvAzapcN5TWMcRrd6GPRHHC2lL8gVFMtSWCLBMk3b9t7UjLBsJWffPHk3FILPshP5HwPSksTdeQYjRv0nmpTd2vF1NwzsJ9pGC/+DdsvBgIDTaW8tZ7G3tJ/tAKB+cInA0EOn7CsfJ+PEpsW3nFhp1f1sTlWpRvuaVPFltWXMI8rVtC89kvtuF0KiMZHoTAnp4uh9xHPRHBAvX/GTDNBT5rJ6MOSsjnDV4kaBt+kUEC6EWYg+pW9vJnFagvP2GD6qHJpzdxTLdkw6pRsArVLtpGh2oBG1L/TKn7UQ08O0tbrgdUtlhCpr3yoqKZgfh+Q8EGV4J2PKzMYbtBhHCPAWt9sJtUA7rtqMrI+Jok2B4q9v77eQOfeaCSVFkKyIASoBRVwGZh3HmjWra6rC2s9QGExh4B5YmBrru7JNK2Yd/+ZSqZABXIrP+3xQWQUtoDazK/f9T0RwODNWUzBmmliOoUqa4YjXwEoog7Di72lGe1MNqsyvbk8+nLAhzvIHxWZ5763i9KbqfbBihufq0EJIOBd7gGF8S0UmFx8Rkx2csE+f85FtXml8HOnS309Kr5XgAN+4EzckUaodC2fOBrSGr/6QrWsVvfgE6VphUT0vKhp11Da19EJs1wd5lk5UyNwpwJsQG3kl7sli1yGIJtskxVDImw1pDyRYchk29jy6CSBDMAZUwqW4Z9b1rNrpmwK5PRlgvj7Z3Gl+p+v7xLBfWtjmEF2iZGnskaCrzwpblm1/K4bqg3GAy305Jt7nqqGVmQpvkwZeE23nPWCAqtr0fH+ccCd4nL8vVTKStK9GJbo+7f4XsdInrux16+Dny+TwMt0/wWzCyOmoJ4/ZMMWWIxeyL/zgoh0RzQBvZEZHJ4ZY4z8o+9gmwO5jyMw55v41O+lk7ITKtnz2aRk/RSEDEZoI2UHXbxqlMLUwe59kN43doocLOjrNlphddyk0UdyAWVkIEGUWRkI/0F//EgScUDoq2J6W6Dvtq84geGlYUm+mZKRY1WHkrsr/gLSiABgAjgn6Z6Zc15fqqI6muaaL2dj+ZXS4f3emNkqzxtToFHszVrBpvjICdQk7wYIVSE1GYG7EMIT70M+aJ2bdNJm6ki9X1Jh7BI3J7//sK2MQi5eyBydgY2/013A1OwcEb3dNmX2fqPqlpyFWDH7Q3LNctIlaD6Uz9yt8kD1l9G6pOyrLqi+CS2MnoDV1jIPuPdpkP+CUVgqGWahsNXwuXFjzObFvun0iwQ9uJHiH18L2BmE4b4b/ymAnE/7r0crCTnLSiXSIZLaqq0IF/EeWCZDTjKc07L3W/XqvqdDtLiZ8EXwXp0RLqaisZOfXzqnYhRZQhGYeMdCJT7+OPxMy7J45sSIceoUENH8g4FKRMNW2dkVx7SnKBLcn5inMn46jx8Elat3Ma6rFsMFY/gJhydccIV2PIronpHqz3tKS8irr32kYXG42I1WkoQgfSCJvTD+hItxQcFMf4c7WbKh8KQne7lmTUHYjO+JtFhNJHJYv80ovDeq0T8vP9j/Whenp5g/ddgZ7FtAzFLF0geD1XeAXPGxVWSQ/VlAXyf5IBVHiH7zS3lMrfWEdSTY0K6mlUFVievZ/OC/0ZQ9hZJ+PlsfPHN3xrJIlgvVw3SFEhj44EFoO5XIxdBKcK7P2OJR7lD5Zo2B/7Jod0viGsEgSrk4mSz1zXbiEggSzM13CdoPFFXdrXBWF/o7UQppG30CR2YYn7WOFZfXfeBrAJtmraXnU3kxp3I/IJENbME6nMNv84hwUo/LVqx8qt0gIqgiXFplY/Ys7MLmxyFnc3YnS8DYdnm8WmqMRylHK2HZvURmHXhzdjrGmlhZBI6rhhQIqYrvLzy7WgT/fNTFK98tlw5nD1DMlYLkqGsOt8OeyeLm9veAflnkWmu+0jpud5+8VtBFZhXs/v2qoa02rr/eqOH60S37JPyCPgtCZxG47Ih2/TbMrUZwvTjPeyv7x5320zlF7bO8mbbkm6p1hCDLxwTpb9rjIGwVzTpGq3pUXjb3TS+v0DCfE4zoWamV9IDWfzUIjjZbCOiBcXnkApEcE+tm+rU6oDlbwoX+JyJdkakCy69YEhcT2wzffoRTouqbQ2Y28G2kfQSLg56i3I1Tni/dJr0+3EFvw4olD91UWABanKdFknjzCPpyTdpGZ7IjsSMvNnz+JAsYkgCLpiFlln8aYNPVBKjJrRmNZ5EWo/ONiXkaOuMSwktQbblr7YPbW7h10nMU7Arq+hSAew0016JNGTNnWvrTJubpwqHj2HUiV0cAw0zGJtndYHurnSW4MyfP5CsvaNzKFfLhg0OoPdqxjXQEYAkzTFxZaYHHC5UKungYRfpYowEuj00hD28HI13na79hLcgNagvA3Xo+5cYMtCOVIN+/YoL7rFmaOh3LTA+Sbaezw2Pup79yZC99DvBGlXS078cTv2XDS71UAAuJQHRWlfyWNE2yuuhw10VEe8sDYyXLjuR45GJo+6nvmtsYjbWLdObtm7rUWHSAJpto8znUE5mI7hhQF+yDh57X1RkrYHxBga/wiMUhXZaikYbxzWZCSkoNzKLV15/NACKQiaInJ3ZoIIuUFsFCFrHZfCI+Kh6Or8hc7pUM31Qm0GhZPQUG1GkDX3GHohxLBx8xFHJAAqn4S3XyuCpwQN3UTI3oyJnSQGGyvf481FY8at04KU4kPqhwYQpwSue9lZ014AONSJt/c1HdS+EkUfF/7D2sFiZuneAr+hmT4nyOX8ljd0hZ9rpKqMiwLNRl5buBELPUym2qxw0mFWH96enc3FLIp9oYERigcj1TJXBCyxlvv5q81ZOsq6R6NXSYTqI94Kn7X1CmlqON2IEx4sMCatbTmymwimipEGjO+MI5GeBvXbn7qzMjlsNdKXeovQbD8FaP7siEZ91bUrR2Xp9DMwVaVoiASKkfnz2uF3NTDRSc1zgao90f7+Vz27gpKnRbwInMcz0DHeoq3Ng/+QHHf+O3NUu/fB1mGWq6EDUUcEFY0USALzDr6UryUxjDlpas/Eba2H8xhiIezSCZ+X+bIgXfJiyusNf1nFzGq4PMispu/ikWeACgyLIzxcwZQKSCAQzT3MZozemsYBIBZGz7b5RDWoolXpjz+dCXWYb6hQGVk9Ef0U5q7XOjEDKBiMh0mWkBcvsEYq85izMZMo+kKxSFaRxA/lTISTCeTRkgOqHP152TtWIKH2v38LoNP7+kHaSVMVTIdMb0mccPZMVoCU53mHlpsvGfQ9inEA//s4OnoAP4s/43kUvb2Y3YmfzVYKXNzP3N2HHGJIo0IvcE+o6sDVtuEZjtZVvUydmKqv0bGDiP1YB0l4GNGbTH2bkLA0mQ7sTThefUEPQw0pzMnHrrzTUOdbdRQ30Ggu7M6a+i9GRmGkEXPusus40I81wv8ZJPUOdDaiOcgsmqEBOzwHGr0a4q5bhz5e8kp/ST1UtSKuOH3pxy95yYJCV5EsFJybhSUab5spYYMg1qRUjlviO8PDqMuFqva0zZepKJxc4ZyzMwFza7tGOLuR3iwEdY3Do4/BW7V5VZMu45fqtllluRLdxaGqwcSgm+Su1E+Q1mR54VA4GYrWaUBadQHDAx1k2FYdzhHf2aoD5mPTYMSM57QbjplYdIHj0UMh9Qe2sZqZ2U7OsGudZiCrYuD9fxTy02nQqUCiO9VD9gQpVtklcRT0qAhkXT9PmR8xE5OKfYxRdqxvm1cpBRsCcQkIkfaseNzbUp9QlLl/4jQ36Eh3QYetbU8I3JcoQhVMGtE29RdM81qm5qSM6mavGcNoRpHgpAh7OMbdt3ZCkc+y5RlCQtu6uCUkiyCmpzppuRL6CZOE7i3r15itJmHMySnKapQ9phfYqMk2N88guef/cC0vLliU6mkEYAFyJSxRAmfWiUwYj/Fkww5tDHnSBQZ3KlYqsa25qb9TDYItXFiY3bm2L/ivXZ8JE6COhKH5JZ7KrqCsB1nDJCedEcrnaGvdyl/662tp/bIYRmPmK0h7M/8Z0FBGqeexdrYWtBrYo+EB9T640mDC6Ndu8B79hvhMDrRXlVe2ODksEG8HuvQwyI6yvAIf9L8yiaTv6x4nPKM6vQPCtfdG5V0BKTcLNE3S1QQbdGOhBeuQBQtPo4456xvvDgfpkw3kVcC88oNaefRVeeVmhnV7fQ1KHo45nGbvaCOBFu4GgGyTHSyho/tLjVsfe8FiIp6eHyBe3K42981scIHSfdK7LcnPN3UwOHnlEvtx7pX+Qfk6OqDJOYuT07Q8vyu2swD3fmYt9aoRS6hU9hkQIMFPkULYOnwqW61H6t+VcqNGU5FuXt3eU4nZqOjYXVu3cfkSXD7mUqlQEjzUwgMkYG64FYxTPgV9lfMrM2PQ/8B73tdPeHqJK+ZApKMVe4vTWH+/vTXq+D1oIkT2HuFcEZ9bU+kpBMNt/8pzHZ2bqSjxYi+dzDo1OEGPukxLCDpSOgcik81DkNKSxkI0YseqLx0Wn7Z1bZYa+0o64z6wBdlJ2xAjvgAnk1MDE5ce3MT2cOI1oAQM7skYPal46zzH7vjmnBbLykyszayCXtmdIdUghR+qtHs1Ly3FbCCM15Ej8mp2KF1BE1vpJiHFxoBYnX17AtWch85WzNu0NprwFLqtlprI0iBsGk9VtGUnOs7AuePO6reJ0CVrryHU7VnS7k7T+UePhUylbhXYQmhHc9Y36DTz94twLKB9VFt9Q35j8jWvAO//ZkLQF1nP8YMiAUuavBhPK5wtmXt+K9aOhDBungk5wlTdzAATxD1NrqwZs9ZlJEYUxnPaPYZTwTzvUFDNwy7bxQV9/IJkODyNpb6Zz0dzOXdiAtOO/V+swXEEH6bSFTuyp+10mfJWvKFp/zkAqsEc1GJvVjxRhsYwnP4Wtc+PgvCRMPm6wjLMXBhM01aicm1EPczpe7kR9gbWHe3mrUX3TvdP6PLsiWU3VZOT7QRtA0EvMtYHBQPjlD3fe8VGDEt4MmPQx26q1Sp+i0jRnMhPcwMd5L5pU72cWPQ7gxEkRvLB/OBakF6CQqIwVQUCMz9Bqnz/xLQeo5oyaLpfHcetidVTMi5D1FFVQjZ7Sb9DtlCDwcXripnw0vyRp4Cb5iRJ2uvCjhuHwTeGqSYV4YfZzvjQnY2XLcFbvqnvHol3PaInZih6jZwC3FTio0FuaCH2vqQG9A0RTzKuZzSRogXZr2FLX6wjX0BJ0dMQ0VFvAXm9ryDLSDS/i3QMTGFP1AUIkr1F6RMssjYceocS/d31VwgLIBy6weIZ5UVSHtLseGR+G8warnBV5a6vxlfLMwVRSbFtskgne5+UFSd7+Dg3bn8lpe//QN2vDuqleFJcowKma57A3h72MGUltOB5zWRWhz2ZFFAN/EZ2VWDQhF5MZcUXJ3+OOkB5dr9VT0om7wyaKOIusxo+xumSF9e3qdWEMfYLV12Ef45+hHEVOqIlN+lDrXY10fLfcYJELNa346837dYeBnGsqZJ2NB4KRo+0ZmhrWsVxwS8vqfdL8nZkAR4FtfL4aad0OiOAN3L8oj4zN5wCtSzrKuSOj5H0u0JnJbDJ4mqjhWaX23Q5r4UIJjSTh84TEtc+oXY9EzUAqYulSMwK583pFcSF1cIQO+0QHxyI+vr9bgrTbnC7xRt4qMpCzBFb7QjRdf0y7SGPtHpnQNr5k/KhmmD6OAiyZ9KpQ3gPbXB+mdlaxJLKipUl7j/2p+4A+81zICqR9yOQkXl18kHGZRDp2Wr303p4mYhRxcprY6X43Jh1BT8hg8oY+uswH3V4CdskLg2JFFnq6Wha1LkzO+epTS3AU4wd5SNnG1PjvjO0xxL2ugE4o8H05z2qqckFUcNWcR0UIgyfwQgM+JZFB4Los/eOMVoQwMFq17d9cmMtHK6Jav2YR6YvunDQQyHu4paWyTBsWEetx0LvVZowWP53KpECFJqj6DssCkxcuL8zeqDtuUXEpQVEOsuXkUzpI4K54+LjsoDm/fMvelwR8oU0muVoSSJEXnGDewge5FTwHW1Bd1bnFOdeLV7RYgRsiJZluiOseKapMIHxs4Ry1C31yxwHsoTZk1zi9EH5N2gpJqZJ/LKRJntZMUypunKDpas1EaCo9FB+W4jQi78U7OyhjwdgT/osVfN9xtAGM9aVcFP8eksD/Tct34j/Bv8bXf31XjIxGYOiMMOg68K13f1rHG1nQkRXQ+ygsROX9kZ5gSbAd0N4vLvhm8DdearqPArza9F8k+24r53x2xT8HgUt4xnxdiA3xN8n8Wsy4QWg7MYtatIBavSpSmrTCR/VkVSt7G+wjh54TT9eAY9umsNSsMB92C2/rtBW1abSLnPjzjZAJYDPRzNdeoRFi8ZwxWfX13pazRTYqekiVUjG7Cdcztl1TSmqF1cFaENHD9Qjv9pOjaaWhPiGpCRVH+hR96CEkeyuLd1rOSXUXxIBhrLxnQCH5jQxSjrWDCrwyrO3ejA5bqPzjR223MbXI6/ihNNdcn0X7/o+1ev0JUDRKJf02NGjl4aWr65WtMFp70muh1XL8vVDaSG9IyIA7pz+JAno3KCt9b2/hqHgcBNZEf7a0PgA3cL7vjnHKftMvffWoJBc32TC2NbFimQuz6APgS/lcEWWFiHjWCYITysS74xk/pLGCWSn/GicXo5QWsNoUuJo3o2H6Wpq/H19s8npebVGxNzkc3vJlXFmVrLm94ds6RrqOqAeN2tcyiKN0ynqTXHKQ8EdxVyg6UhYX9Z80ZsyjqjbFkjwEkLB7iimsphszsK6Jp+CQBcyfNLKWV4nC1bZLTfMZnKgepPOmj0EWdZLRxCcbJQz2xTsvH2Gh5DEv2VXPyvVRQJJGzJxqjOifi4LL3aJ7evzejYzHBzZZppPdW5sbe1PMs4iFEZb+fdm7jUdfMEKRlpAJVSYOpwgws8t7DDkoYnoF6AnqbiXfMgM/jD0BpHFpAQUQlPLo4nr2mAFIuRU282u0bCkPgsuZ4bo/lL6hMDzE8S13IhBwqlQkjSzo9IbHWUQs8K6nC3CAyxDnG6Pe/V8eByTUSA2sriw/fXNAmem/bR/9sOIP6+R5yTOzRl7rvNPMXuLMMdcZDKSd6jFU+rRrGxRFGUkBNXZIIMrv8M10PfrGvCIvfJxLYKBNdRnBTP36ADEFBdmRGdBT9FlwxRwKHlxtzH+dotuKf4amdcXVf2wXQNUojLSWIxf5/12u4eFxRIs9SrCbpWQmb46Vuw+2y4G8qfIHTNSs67gqGL7GJayjY93erqHjv+lOSAlVYp7oaPgbCYEjI496Urqn+NshKIEYFj7loj49DRnD4IGrgq/raxChFVxQpshLA6+z2JYIKSsHcZ+/ot8qIzxKV86qbQktSgyTBy1UKkCSYu/NPRc7KnMwto6bqOx/R69cgokJ6yKyK/RQiSvmb+/yuq6jI5EhaWsD2utGsUrF6EDmYR76fYJulRYTmQVhgrGXX1wtqC58eNTzn8KUpyAvHFyNay0cUGcqvPGW/mK4YntyIjyi8ZvUd4IWXNSGX9qj/wYtSlbwtAwzVejJedOXFLNTk/ioQDZAcX/QgrbvucDngqIH+AnCFuDHsiTk526kuNrGIQAP6vwJjeX/l3CtqFkVGAd1HMKw21wXS8iIaTgUr1uS1tL1nfb338cD5T7/83udcZ2OezVfLCh5du6rP7RNOcjMM1EER3q08RkerT1gRkjtPcOUB4Ew545u+xCy3rreE7iI9nCDGlzSjYLRaJqMgsVhu9HPyVnOP4bAScxgDgHKG3YBeP79k6yi+SmnhPuz/QG8lyXeafW2LzD3UPzGINAh9f879faTLwi/oNE4ZTVZuHXGSgmeCBpFt0IufKPU5vDta9z7o91ABe4bmtkC+H6uDslM46zx0gy9hfYvK9st+MMVQHgjpgi5IQ0Iad/qfq8C8U5pfXqRTdwhO5blNzw150Gtj4cMY5rqpdX6Z8EsdEvDOb+1iK4FKmJ+aXZxPzVSG53eHcTGI++omeJHqYzEv6OWAp++4l2AR2apEd4I2Q4RUSLi4NccabMiZc4EOyhlsEqt5g8qk6duulmnZCZlvwfpLM57I+ewPge72fHmqyORPPUcUQeoSyxZBggu2VCfUu2siFeKS9o4isd9P1goOLFwIZo/VAIz0CHHF5FXrK4nJ+cShGom+RyGXQ3ZT9OiJWvP+fKejLI2+xFqy8KqKAzBTr9m46fEJTyl2dNcGKoBWLB3zIADVzj7SYFudfhmuGzEPRmsRD2m5IL50TfHD5qklwfl43ftJCPYfAcg0qJseYkT1Ckx/pDyHKnzyvVXq4d3EC5h2OFT/NsGgfdSNO5TXs943yz4DaUYQB4uVfEU8k3OlMFdDRES/CukXCsvAy85qE/ThZPo2CfO1Oz2hr3zFzBhJerxV5CpQLFVv/Ui0BpFCtTBesW32e5hKVSVXQM0CdM+ztrB+TsFztjylEWHQboWMo1Eo5habu/dMP5mGkJ61GidwXrHTf+EA+uLFSMTH8q5m7uHI9uzLZLzllhKt6DBG49QVOHR2pRJU0eGc0jjogLdsX60FxlU8CBwyAYHSUB2N3QmiruV/XDHCJabHNE+RJ4Ym8dIkiCwPCD+4nbJ72vzwzd8H/XWzg/cedo3kcyUnJP51GrB+WJhK+1eIc3ePDtjZcgSH5qscKzDTmjGBVsIFr+upGU4/zW4+xDgtbSU/YhvASjBXgBlWfNYSA0zp0Fx7TcJkCvi6h8G54ACtf4F7y+4VAQxPVE8ZCN7PvsL2O0Jc1IWk1nEshY6rpmFmlOpjJY852V328ls8WzwQMOcd2h91Rh0rJealtP/2j8Ns1Z2MhUn6d+Pa01B6Th2sE4OvRKDov2kjkuiIfURKHlYIpK3R9PrFmLQZ2SR7w8mS2SnO2xEtJTyJL/2U6YHc3T2wDLcc2BZaWGLhJm/NpnKpQ8hb/PzmJJIPxpYUUbTmwowJU7AF3Sb9o/0XwASWtoTUgox/iNBgOiX8jk+v6sczJg6Twbx6/fZv+vZAQ8fPErG/00q7RO0IH/6CO2Z3qvY3YaTrUsABCCgPsbUVUpKDchF2KlBpSFbKNwiwyFJFBQVyy0EBaTC87za9UUGgtq5YdbFLBD9ExJ/gsEGVA+CCPOW+fdHs2p/fHJkj5PuhTDJEp2UJTwnlt08HHyK/86aRapN+8bhVhmACsBLHOZQZ8py2TailFR3c1IcjmXSBr0CX3dYEDAvbgtYUsFlQSo6kTkCDdpTAB01JGe2AqNq9kxyY3MwS7X7vlZCgOB7ijLhIi6/62j/LCA5KRa9xfw4dNd4BCTbILne1WIEUFTE7AyeTuIfsQ/tfoOCT3vCuS/bp6kbNR7Jij9SJLl2aJBnQDlL+BBHxlsoj2e77jDHvudn12Av51rGVsAjEEiVk0N4hclAyJuKzNZQbGLP6MT/s/3KwkLnKohldFjltDatQh8GeDcjUnWjnST24yFFzp6Lnu6yv0WZEXDiNdI4PyGwnIh0dJLgaoo6f7kbv7pUDhAj6+86nklVJMj4k+UNp1cleYq8uCmSQQ1mxhK7ANGBAkhI+nvT2A5Jx1ewZxHwrsd8Nh36nXwsAok3lCCsK+qluZ73I+cYJOOkVg8KmdxE+CVO3rkbInpi5IlhTPegzjkjUkLb1tVbJvU1baNvGThd3BJfi1R561t0ZxUqTcAVbUsJHs5FFgaVYp7YaZF1o9JSn78FXL+0MXK+xV6TJNXsJX6vIZYw6m5YqAQwa4W8qsDSzy5evypXZl+Flj/Ia8l1MyfUQifn3uRGN64uNpcGcRTDRyzT49wkVKB0DPnuX5nouCAaj6YmtpFABAqqh8WoktRAbibipwE3xjgG6xNLxyiPdP947yL8bP8ellqKxi7wxz3TqyMoSEdBpSaUexsKe8UVoWYudoXq1MdivGGSs4KHFHLQALoRgHs0qgFcgg8t3d4jx7qQu16vKq7uLT3RsH0HSNRkCLdMXzAg0vR62ct7rIhgM05Z8qYglFbmAJKvwGULps/HdxjByi7bzJaSrLhy2esvH8xpSWv9fMqEoD2S7g3GY6tbrnI2veCLuesCS+036KM079ifMVbyUZQTpDy1gNjDLrrCJmihtjDK4ZSPUapkKnR31iiX8WQEnnZqhoi3g2zAAvLQr1jgJ5jlo6lldtSIYsmxM/ixRiPlcIhVAgdkz80SGcvW2lkD6/3W5YwdMjl181IL/MJ7Djn95uEFE0STJiw2VTkav3wCmNz3OkS1H6LozlXZhOk2E1iPKn7Wgfyjhlzgmz3zM0etJ+1XR1B9lO8zb/79UKqua29HQocaVX3262g8gsSnut4Co4Tb7YiFkyMPl6VaBlrFxHdr+/+pl080BY4WREpzb/EYt20L2FsS3Skl1/nMcU3cPfVI2bCShUjS1QNuz0ugWOgexUKO1sUXfNApsCemWscx3jyH+Ki4GjOQa0E9yHEkd8Y87sDjT4GpSa1BQ7fg5yxgzh3afmSWqpgcYns779dHsDNd7OO4bpzXrmAZELC2cJ2vxhSjWJqukcMcOYws43GlXk384ei5TzPDEBkpMIkuVcHoe8kIn9BRSITsDIRRqHQ0yVqoICYJypVIStPau9p/3fD5oTwfX/N8ZUAKOD6BcWZUMvhf8+irT7p21EYjbrcpCHbLotj9brelB3stH2jZGsLe80hy+hdn6mSw5UzLPQF1tZti/+mXdWKAJEL3XAEFtmWDx8e8sBBCyz8tjkD8kbRC0LsU1ZKrAsplrUFJWsf7yRL+wqoPBRKRLIRGVrgTIdWOD7wmWzpy6Z0KcfJLaDxdW3ZBdeXBo4WqUn3QPromF7KOjDdYjKUTgmcjQd6E4IY0n+mhBcOiBofkyUJNP0OZwY0AIlN+Axx+HrTLt1wxo9n7++KjyR/Ut0S62hOO0bAFNRoQ5/9u1Phk0TIzTS+YIcLdMscPFZd5IRzM+ojMtDFFbw/RTl/dphtXl8gU6KbUJP6xDelKvuop8kjHELH5TLFXXxBLuzFOUPNicxJh2+g/ZbDbZHyDc7UY4XZfmkUtQ1xLC6LVXCrkUEd+pHM1BDWTLX4DBt1hADFXw7wuMxP2efIkMi7iEINU/8TLqQgmYQNty2hXo12m8O2DTm04Z/gBLG+0HyHWLkt+BDWsgT2bqvv5OHoMUScZVIWYgYVE+e7UiF116aQ0kc3u/f8v58GDFKwZEnEGfmhHFWOs3hDPdye55IfInTd1tUtezi0NCMsDhfAjsSHAGubjOHSJ7FJ5uHCFUWtJZG35byekP1ZmZXYLxBUVCqAgsvh1ryoj9vKaCF9qBE++/hy2o8Ei54rXxca739rcyPv4C1gFInoGwAL9T0jk/FYyCxAwCJkSbkF/Niyk/SasdRqjFVxZ6Slo6/ZrvgGqJg7mhZ/aZ7GJo2C/NtyK6sigpaMWSkbybHF6CpaVyZ5XYCe3bw+Hw//tXUNoRp07oMgxeIMSFssjEf9PqaipK5/SUhY0rKFpiZMmND0sZuXmkSAYDKZ7LJhZD0eVLA7RAXMWOjaQ9fXDFFie+11+OcxiXScxG0Mt79wgI/vlDyFumugtXGgef8svtHZnrUlmV7UShCfRjB8M6GPonhzv3ZaKaOy0wDVlvSB79VKwZManx0RWum9ZBIBsqqBPpMLWjAbwlGwI/dgpDIcTTmN/dQPmqo8ys7zSgXyw68GX+R0ntdRhneQc5Uxo/exd33AacCQ6KRRcPC3170sWrmBB+efrb339np62NSc6q7cZ8htdR3FvlfEraZvuI4oRMVE9YuB/tDHz5FZ+nVeNzubbbQpIZIeD36eCNhIOM/8FEDE6c3mzgPvQc8OIglv1XkHeTtDeAe1Ss4wrvuDfbwyM/47ZeEFi880LbZRRF45e1bb+OrGkvldNAQBXh4CuR5tqY9ZJHWMCnopcKfG+W5DfympQCuyl5xT3seapUR/Yy9l5RUqRvnYyFCej5vHs7vpCxgoO8xwqpA27En1ilUYArat5LF/8OgEQ+MRRx3iku99cLHT443YC29YOKF4foZ+SsAma6gbgQd8Q1IF+0xnv7CVtRHWEbPyDNGLAfvKZLvQFAu3igAhfLS/3rengUz+pjxrrFcN06RBVvBXEr/wdGjBr4Th6/XM1EQ7Gj/s6imp59scyNLqoWbELrk6nusCvTPu5JjIITHA1zajK2Nx2mOY6ouvbeVYIHz4l5Bv7KWaMpn4AQJtjPjJgwpZ/PHtSCxP8elXhoJkOkdLkR1Bv0WjK8+vIVEXHnTbmqW3WcRBhVxmNHj79gDWX4GxtjOVcsXOVmUVJgP9b5k/sFKx1vPOcqIYhCVibz9XHhAoCinuMLepHcFh962sVYghDv7nx/d+lI1BzhkzgJk38R3nx9PU9ST1AmkG/KVrJbwkLILa4MifUF/+wW/gFA+2oRh/awL054PwZWVvVlezvUazPXIdEnyXY9WcvQMwWNHSVF9YAqlMNG/KI8mq3wd1o6rDuhURkEq86SyJY0SYdhfCH6fC91PFCr0U8uZpFarU4lvUmBIoVGcKY2ysu+6Bdldle7SDfC499L9vq0trfXxrJVkV2xgAUc7fExk8bGlvTK+oinLHecZPat9uZYlzXTdec/DnI1LCaj1oB4PwH9vsVeK5vQas+292U3ckFNZTJmVjvapqFVr20cZ1/6wWFHNqyZJWofimdZDdvnO5hfHYbVneMmgUrsCLh0zMsnyLReh939dUUdJbrYe4Rr35RNbpxu8l29ZZzaZkuGKWqRi0cJ7lLUoIEfw1tpt4fyMp6gruVuPQvEDSamFEv8E74grb+82Oc3uqy1w4X5PjA+bAV5arsbqLHNiZdvljLMG/QNRIubImQacM6qhbuTMG3kEaIlYRzen50lfxaXyxMw999wFFZ8DRT9ZZQwXRUHzuBWWxvFlO4whP2dM5PNROzOXYkjdgYXvKurDRCCw2qTRX0mVD9YkZV3GNwy/VGCXWWcVkC0zKPhsXLaDNOMl1wXTaPMSKy9y7vj/7562uKex1HRthtff+pT1Li76pcgk61C1OV/nJztjouO+s6QjvlMXWDAOqoDVAVy+bU/Zzo4nlsThxVyPxZgjaKLBd3Tyykxg1ti0dwDor2COF6V9h+mDppOnwD08Pihe3I6OzGf33koZiYf6UrV6C2LDe7n/VgqYsg71TCMMnC4dbDFl2kemGWF7W2NIR6JNKWkv6HDWgScp8a87DPf919PlfHf2Jjx+91Seqnnyz8Jb/J6PK8xw2to4LWeRYxZCYIOINcwHgE1SUiP0bL7VaeRM+YK3I7AnlErrx6xGu7UzRXW6oB3zjT3qQLET1OmVoEkvJ+DpGvlY0px56wjjr7JaPnpvrI4hCkVPH6qFZiw9kdktjWP2n4D9v44vGLsQXFHxvytt+Yshz7K9AvDZxZj8SV6koIh46r7nXqldRWa/A8dIzsY1iaaux/S2oBYxI9h8H7vb23Azs7rUzVo8XC61xErFUZe9p2WVEOQc9jys+LRVLV8tXLSZDwYRSBJJdTyNKcIOapz4ZPzyu7aAFwpVCrOw8QOL0x8Vu807sqQbJScLIOXnglKCzGm+sSqj9NLenXn5w0RSDG1OKXchZbFKGiN3Zn/XpbJGfxcL9OBPgFpipUZlvjFtoqt660W9+blnNRrRDSVeo31MDEGAIAgyCo61R/19hvtHzd5xFpUo/ITE6rPoTFqQw3UESVt+v24OeNkuuZGYJ61EAdxfpwTkh8Ot2kNg6R4UNPyAx+hDgPRv8c7/DMnRtAmAPwKW+GwPiF1z4VcgrpGP/d0hyybdnf5/SUBUKaQwD/IRmWo/iDEGgj/v5ZsWjX5pqnOcaK2toJkJQaVFfq8Vp4IA026L+8IfBy9MIsXxbTnQWaVybok3OEdE05gSrfYQ9nbiFL7bfi3OgqO3qJExPsRrSZwax5K+QupT6bs4MU5/Q8hCz3GsJK2RhaRMvILn4ZBSfA+CSm4+1CaUoQwXnrwFj8AEJplVmJuj3KiZbTsU2Ux/DS3bI2J1ldXS8vNE/CzH3riTGShXp3Q2dy5CbBxBipzVO5UpI6rZ0hr7FbmEJdt47N0/0UPXSoX0H2ncHohIIPZJCAfsUjCcZ33/qR8ncy57a6MjI1Qh711wT8tq596TSwdbAgKipYPl5+qyCxgY4Hk4B0D9jPw1TrlpX2cIs4awb3LxpR0poBraoEaauh5BPg5iMnHgJng1ADlvGJZrEX9ZNSvy0krjuZno0Uqg+zQiKVHWasZ7aA8VWOZF8mtovOFR2VcekTKUW4HAKZWbaB+lFOYIz6acAyO9ykRN8xGEd62ePxXKRSiSBeaQE+j3h69M9MltAzshZKUKTtnFHn1B0zuBR+l6qr31uB3YgHMlVV+TDOsNhlnEU7wLBfC3z8PSrRxFOfnNB5WeqLC9TI4Rru74MWY2VyLJpQdTCq65171bqumSvsBNDdPpTcCdagldJ0qvQHGGNaR7lA5IlGx4rtCxmB4kUdnRijds94JvuN6SDIOHBIiR88wdHSV2bLwXXqhVr9Rx7XysO2320Ne2utw7MtsZRJhSHzzoD2S4F7ezydvEi1el3YoH1a+wbu1P8SqflvaqtHG9FX+B47iYQxZrs5trm/DFaxApMLKpJOJwEFemRuOnWcASXTzLTIahmvitHbd8i1Qd3+/bW6WdUe0Lzt4HBSECJ1sYtjKA2AhISjmrTYfxyu5jmXPP7Hab/w/AH7QFkX9cIDkX6RSvTN90P+pjreBr3i+b65G0r53UxCRXrHLXlRVHp4hXA1Vzx2BT8o6dZnBJcT5oVJbo6p3WXSvCHUw0h9avaxmBY5sYXImJ5k1F8Gt58OVyLTGljQcXoKoOfFbyqiE18yFLTKu+TTdGXk6c5Ibn1jXxRbddqwZmby3E+kWxtjc2Zs+fBNhVhgWsjeJO1r+gbuOTTQ2AqyfzAEr5liPji5Sowj6Rs0QEixs8JCwdmZYBVVZ9B9kHgBBE7OKsCN7/MalnMsqnkDvqlBlnnRp4HbTYI6JbEwSo3agJXlVOeN9pgC9W3rmlD/syoDMzE2kVoXeLoGhDkRC8d5biDnTiOVfu9QuiHVFmTET9iFnlyUMSbBhQkMLwXI5UzI7hQk6G6Cy6REFQ7DL2uGjm7FEsORmheruzIYppgNPxTlMmbAG1CS5Srh6EOA1KkeUzd6Tbvn3aFtdbKsn0NIqLDIHXYqeXY2HtOpdfennG7MWayqSNH38VSYpbuN48lnLCvx+h9/b9Ea3FmdisWOTUbyBh4nUH8P1Nxf8dXGW1NIuzoXpVlwOht8xTwdQPNsa/s8jbIuZ2tzuwYXpVwS8mSTErtVAFTNUBu7fE69FAiwVO8FGGSbu7ldC+7C/4RlgCPpMwZhEsfb5KaFKWLlHWDXrB91V8UTlnkkP18s9vkFM1IQDRcNx1zOSY3FinIadu2RI+eGmN/2h0fiOiDbLRbzBRIZqXqoBtDRWQUvINmvaAE6ZcaaatOLss4dIsO97Uxj5Z/c4yN33avM30uj4pCsuvPKzD8klyPDiSn7MdACUIJ0DRYjWiIJVioSL3NKoRasFdKF/8jBcg4eR4505iIdRi2L7zcxd885QGUV4bM0LKz1aq8FbKEywvy2ut48TYGQngUeFi0Cmqmcjmb+1IQWhHTs485eP3bAxrkmhegPxp1bRnndgLRj/0nPF73tsyNiclwu/l2b7mvdhKlCQ6C0GM23I51MiCpOrtgcgkLnKsaYSkNKd33P42DXQvmgzdu+A9G//sHm3yEWmPQtv5t6H59erZeKBQsSLhubD60tVigv42tA05kWkkQxs6seGJ4gvhE69N2l1RycOSlv3Qvfs85v5xunxF32BRBpBaJDb88kki10lsPQLprwvuVveJ2B9GMtp3KS4e0lXzVkMF17IY9REs2gHauhXr05IbVBN5KHvOI6752a5fqo8tx+osQw1l3dxbfBubSPhx+GwoqaKyQGcYaRy1maoyY8U6iSyJ5PU5TTA0FYy6G/HQtkP9j1qnzXmblkP05zs8mQX4JR4EZzwTmDpEK/G4pm15I2yi2pAglheTb6cGFpxVWcJ4Dxe4zbI2luK13ydj5cDUepEVZhJxyAPppNaohtrRZ4BSH5DtOdOl2Weu3S8LzzIwVN4j+Nrru5DKc0XUbDKwTCZ24YgjtbLr4N9LI5g3eMlYhj4RaNCUksvrnlAwphAJMLmkkuep9NaiS1NivhhCXF6sPpJwp94e9NQf1kQe5oLLZD9ZPMJsnrw8gWCVn9XP9/riEpRdSXAOxuzcO1B5ovGRgu2KOQgMFpsILZFrPHBRxFFVhOADMgftcQU3YNDb5wCE1PdA6Hw2lf+M3buXrBADSi+c9HdcspuGJTU5Iurli6DTdd/ucWgacPNtxoQh6N6w7iH5y99SCfw/RpDDSPdP/idO96Udc/xGrrhylsg3ejprjD5gi9OFQpbIhnUZckoNFi0NZ46GMR/UxEqPHNRh7M7SLaCfXgPN5x+79O9y4lxR8bIQGaIbUJrlJVHGyBEfSmUT9ISHZLhu63fccnJ1rdT0g9elxkI43qaATlSnJmq5M1b6P6F+l9HyCYyx+yGpTCidFE9upm6vbbj3he4bs3zwLsziNazszA/OF8Nrnb4Mna5McYhoB5+l3zJhKSzrgoM9aZh88ZCah501pLvQmOyH0N5yT+HjTMsNilkRmY4N7ByTFtNlKp2UAnhrD9dJldTYcksyaR3GmQqd/iMTlW3Q8ag8whqMX2KOabs5q7PtTww4vFSA4q0SO9z6nVynQzuqlYlDCZ3GqK5hNH3/0nIVEYnh3oOIDZDl/+O6zOG5Fh6/CJv3XDh4XIRbXlnXC0THSx+e9prcYkRUb8CTfe69ZBpBvPpSw0g2v0eaWQCozlElZOwhM6s6/rGHD/4FbIZCVzuTBXLs5e0y4azQk+ksR2J4KosgXN9dQ5Sc516M8vsRa9adqafDe0tPKi0TWzDbIoy5gFOdBxcgjgEQZhKCIxLMDXe3UoKiZ6Wz3hCuLkTPfiME0ofsF9VcS5iEElIHCM0mjSJIO6yYsvgN1LF60JvQsFFiXgG+Y4R/BkZUoSKiZjq2PgJpTgidOaa6zw1u5xGMd9uTCIr8RJdNt1AlYyhDeQmMjbV7p3U+s+rl7pWBuPVzXtFPeu0TqF0XlrfKuUPWg4Pbuh6iaGrF0z9SmZTWBwn5QJNPWOcfZeU0WD5d4EI7K/2xyEEu3cbzlpI60iM/Ek89He9E8UqkkMLQdRep75qbAAOFvWZ/fF458FAkzaCzo+RzepYaMVksssJjpmj7sUXVTtmvAhT/OP5EECLdPBhLrwDN00XvbszqnXx9Q5rHqRjmDorGvdpbljvQNLUDX5a+QOSCvN5o/lJacZHtsTwwBfV0cKzKH+kdVlyZHiGNpC5b1+il39s2BrQYUMYDJcExX51jCswhxvxhsf6moyZc/lEopRBrNzPBMFTCwoFPxVx158BvgFsCv4TSFejrhN9Hytsh0SZJATFBD4rwDMrmR2BK/fZROnKsR1h+ealssisVMOvk2Y78VRAF8tKkHigH/u7Lqm0uCHQpNn5aMOCRVcFtiLVyEzUd7N+/NffUH3rrg2c5zViSXA8tuAK3p7rC51ct7ap3MPWkvGIrixROxtBvYtZJr2TrzOZAz3PR8rBTqZGd/m1R+mHo8llRewPUubjiMeIFL1N6K109MPjB6Zc6/2YogP5Sl0OS//HlKI9HZRK1+/rxt9YcBo+426ibmzJVyqADwWpHn5xG67Nmd0ffRhp1Ktyrl25t2Yr3D9/FP61jmNynZqa3XoF5nmwsUxygrfG36XS0NuXbQy1zVvTRbUzqgJpehuLmRIT7o0dxkpcWwfXjyrmstmsFrzCJFpfZMpilhmNFH/mxFuhz5fa3PXrYmqE/EOujRwdbxTE7nSEfD4MU0pGfiVpOBbtsbTMiZYlL7X814MomlN4FW4LvrMT6BDunYX5GS8UkcDmm8cnTchsO98LkIqxl0,iv:SgX7Xf2xRGpwoSAZwLUQgTB8lcjH52lIkpE9EB9IBls=,tag:Ku7hHB13/hgUf5LSbvBfVg==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -8,19 +8,19 @@ "age": [ { "recipient": "age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bEFyUCtQZXBUSjdBMWRv\nN0ErTVNNVk15WUdEQzY1M1VRSzBuTU5oR2drCnNEVmlpTXRLTlViZ0lzckNiRlg2\nTitqOWVNOXdJcm5RQUJCTzlsV3c5ZnMKLS0tIE85TUJHMVhYN292TjFaMFBRcEYy\nejlKNlJydktFdm50MlB4M1g0RDJDM28Kjkb5HxDgiKJHuiIRd8/ju9DJ3qljD9u2\noR6SMNtTSl+fIpQmDGPxc7E+WkDD68fwFlku+/P6cjm+3Xco6D3K/g==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSzlodjNJaTFjWXlhZlRC\nM3RvRTBQS2dhQ2dDZ3ZabFgrQkg0UmFZR0hzCm1FZGU2T1RZU1JtZCs2ZWpsaTJ6\nRmNZUkpteTBnRWN6WERsckxzNHJBUTQKLS0tIDQ0alExbzdrd0ZNelRzMzRIRHBR\nZ1BNVE9MR2UwaDhyUmptcnRxV2pXcWsKfZB5Xofp3EOHpOQCji6xgmnRHE+DgNST\nw/hsfNRpHKj4zoR9hRt3VgP4SNatgoEPe+Djaovi0iLs1bfJiJKO0g==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUUM5V25ya04xdEdnQmJR\naHdITzhwS1NTeHRWbUlKaUU3TlFDcTIxK0FrCkRjVnhjNGFMOXdIOXYzMEFDRjBC\nNmRvMmpZN21SZDg3YkRhNGhSd092YjQKLS0tICt2aU8wU2hDQ3V6Y3psNG9TOHdZ\neGdmVmJVdU5MZUVMR0J0NE5HOXNCczQKY+aQq10kz/R8peujYG1QG0ZBYDWHgh8K\ngcakEha+HQ421B9+Wpe7C0bUksD0NpSwEKukDd3ZZDoeUdarZRKTDw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBa1dsSVI0bHNGK21zazI1\nYlR6WDFBVVZtT2VMalF3UXJIUU5XQlFNNVJzCllYYUtzbFZTc3hiZzlxVXdDRWlJ\nd1M1dDNlWEdhMy9JWDNFQ2hrcDFiUVEKLS0tIGlUaXRsRk1mL3pDRGZsWU4yNENu\nT1NJUkV4Rjh1NDN3N1B3SjMvNWJiclUKtToU5+0DtJ5LoieYwGOI1cId0pboaAsi\ntIaDZPXdiN0DkY15ovWMvcDJB8mrd1mgGUTAMYRbgGFjUBY6fVI09Q==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvWlRLOU4yZE1BZkY3VHU5\nUU9heUh0dHZWdVVlNEpZaVhpSmRwL1h0V1NzCkJYd3h3QXJ5eE0ybGJzUEhiU0hu\nMGMrZ0JTTUxMNkFONks4VFlIUWJrT0EKLS0tIHJ5dUVKZ3JienpQK3RwYW16dW8v\ncU4yTGhVT3JidFZuYVdzeDdhaUVMd0EKp4xFp5Pejge+xa9sFawIL9vslsa/nw5u\nbQQ6623XGkQJABhAEB0nviL3OX7UNlUbIpl5YOe8Sv8Bd/IOW6K4bg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwb0JFUWFuTXlyU29GRGlk\naEFLb0V4Y3VNWTFCQVNmaG9DcnZmVFJwcVFzClpLNzBqOVl4VWduQWQwdENwR2ta\nUTJ2K3JPcHdDVE0vTWRMaVRUQ1I2ZTQKLS0tIGFiYThoZHA1YVdxYU5xM3ZYR1V4\nRXlZTnNVMlVlaUlKaW14Rnh4QXJKc3MKiTXWF5z5EOu9qiC+kpCuGXp6bAmMz8nO\npw16sssn2Kse4MQ8T3gMevoS3LdN5pb+2Uy8ZLOKwkd1cziyzX/9WQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-04-30T15:07:37Z", - "mac": "ENC[AES256_GCM,data:0REuFHG0j9o3SUC0m+GG4SWETBbdNMp88jzY4LD29HC1SoeAaDwYTHo80+8ovAarJhr2cIYhmAeodIZrYV0Iklmod7e7RHwMt/nGonDJ3G6k0uI8+0wN4/N/qX9KGWXeezFZIoMSX9PI8wLAlMCWqbUFcKTbHJIxu6axFJOOni8=,iv:tCFa7IneYFKvwEbUiJWMigUFpJECHzk8CJ3AbnMVp9w=,tag:eaapLhvpwH8JMVdma5ug1w==,type:str]", + "lastmodified": "2024-06-10T10:03:52Z", + "mac": "ENC[AES256_GCM,data:9vUc+bzCMQyykgIJpI/FJipSzWBbRCW9+oX+mcP2xQQHiXYdSo2RW1gpjtpBLolkSF8MmrH4MhqdSGu6wIsypfIjPMo8nEvwWGZIkkQcf/ci9oOS3uDPz9k/g5Uw5LMtegjPuOJH6s4mEIa9vmDDH0wGJjOEhXZJgpYtHhN7hXc=,iv:9ONB2awn+klnUGax4i6clh+7F5xHrxVVIXfPrAlzmjE=,tag:XNxbXh2dCDafWt4IIHpiIg==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.8.1" From ac170ab19063f559f1f482ad250ef88150002448 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:05:16 +0200 Subject: [PATCH 09/12] enable pop3 --- modules/mailserver.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 49034f4..4c79b87 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -21,10 +21,11 @@ let }; in { - mailserver = rec { + mailserver = { enable = true; fqdn = "mail.clan.lol"; domains = [ "clan.lol" ]; + enablePop3 = true; loginAccounts."golem@clan.lol".hashedPasswordFile = config.clanCore.facts.services.golem-mail.secret.golem-password-hash.path; From 1dc9adebf10808340377a9e784200dc99452f573 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:10:20 +0200 Subject: [PATCH 10/12] use unbound --- modules/mailserver.nix | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/modules/mailserver.nix b/modules/mailserver.nix index 4c79b87..4902d1f 100644 --- a/modules/mailserver.nix +++ b/modules/mailserver.nix @@ -1,8 +1,4 @@ -{ config -, pkgs -, inputs -, ... -}: +{ config, pkgs, ... }: let mailPassword = { service }: @@ -26,6 +22,8 @@ in fqdn = "mail.clan.lol"; domains = [ "clan.lol" ]; enablePop3 = true; + # kresd sucks unfortunally (fails when one NS server is not working, instead of trying other ones) + localDnsResolver = false; loginAccounts."golem@clan.lol".hashedPasswordFile = config.clanCore.facts.services.golem-mail.secret.golem-password-hash.path; @@ -33,6 +31,21 @@ in config.clanCore.facts.services.gitea-mail.secret.gitea-password-hash.path; }; + services.unbound = { + enable = true; + settings.server = { + prefetch = "yes"; + prefetch-key = true; + qname-minimisation = true; + # Too many broken dnssec setups even at big companies such as amazon. + # Breaks my email setup. Better rely on tls for security. + val-permissive-mode = "yes"; + }; + }; + + # use local unbound as dns resolver + networking.nameservers = [ "127.0.0.1" ]; + security.acme.acceptTerms = true; clanCore.facts.services.golem-mail = mailPassword { service = "golem"; }; From 1c6b7b61d5f03a45619ff9723580cf30822cbfc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:10:40 +0200 Subject: [PATCH 11/12] clanName -> meta.name --- targets/flake-module.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/targets/flake-module.nix b/targets/flake-module.nix index b4718c5..c4a3c3c 100644 --- a/targets/flake-module.nix +++ b/targets/flake-module.nix @@ -1,7 +1,7 @@ { self, inputs, ... }: { flake = inputs.clan-core.lib.buildClan { - clanName = "infra"; + meta.name = "infra"; directory = self; # Make flake available in modules specialArgs = { From 9ea094537494b0b12b1d5ff46880631d7ab0119b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 10 Jun 2024 12:14:25 +0200 Subject: [PATCH 12/12] update flakes --- flake.lock | 71 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 36 deletions(-) diff --git a/flake.lock b/flake.lock index ceeba8f..8ffc153 100644 --- a/flake.lock +++ b/flake.lock @@ -29,11 +29,11 @@ ] }, "locked": { - "lastModified": 1717897980, - "narHash": "sha256-CR85YGXFUaskmVRLa3WbAnD9+PgYle0TGkQMnEshuHQ=", + "lastModified": 1717983619, + "narHash": "sha256-HUv3M9M2YX1ynL3Mhvd1IitsGqFLvkLnfu87X+07zC8=", "owner": "Mic92", "repo": "buildbot-nix", - "rev": "0d88c6776110ecf6705e9bfe1b777e6be6277da2", + "rev": "2058d5e8ca47f69b204fe2ddd07bc1ea417ffdba", "type": "github" }, "original": { @@ -59,11 +59,10 @@ ] }, "locked": { - "lastModified": 1717937354, - "narHash": "sha256-qms0yCxEPvF/Vz0K8g5sBvPJlfXkYEmZuNT+hL7KYIY=", - "rev": "1eaf6cec391232a0b1f655fb4bf28380b89f7799", + "lastModified": 1717997057, + "narHash": "sha256-SQtmiLGFuZTuRT+IhOD8K38PHmkhof3mHM4aKIP6pW8=", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/1eaf6cec391232a0b1f655fb4bf28380b89f7799.tar.gz" + "url": "https://git.clan.lol/clan/clan-core/archive/main.tar.gz" }, "original": { "type": "tarball", @@ -78,11 +77,11 @@ ] }, "locked": { - "lastModified": 1717177033, - "narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", + "lastModified": 1717915259, + "narHash": "sha256-VsGPboaleIlPELHY5cNTrXK4jHVmgUra8uC6h7KVC5c=", "owner": "nix-community", "repo": "disko", - "rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", + "rev": "1bbdb06f14e2621290b250e631cf3d8948e4d19b", "type": "github" }, "original": { @@ -159,22 +158,6 @@ "type": "github" } }, - "nixos-2311": { - "locked": { - "lastModified": 1717017538, - "narHash": "sha256-S5kltvDDfNQM3xx9XcvzKEOyN2qk8Sa+aSOLqZ+1Ujc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "64e468fd2652105710d86cd2ae3e65a5a6d58dec", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "release-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixos-generators": { "inputs": { "nixlib": "nixlib", @@ -199,18 +182,18 @@ }, "nixos-images": { "inputs": { - "nixos-2311": "nixos-2311", + "nixos-stable": "nixos-stable", "nixos-unstable": [ "clan-core", "nixpkgs" ] }, "locked": { - "lastModified": 1717040312, - "narHash": "sha256-yI/en4IxuCEClIUpIs3QTyYCCtmSPLOhwLJclfNwdeg=", + "lastModified": 1717770332, + "narHash": "sha256-NQmFHj0hTCUgnMAsaNTu6sNTRyo0rFQEe+/lVgV5yxU=", "owner": "nix-community", "repo": "nixos-images", - "rev": "47bfb55316e105390dd761e0b6e8e0be09462b67", + "rev": "72771bd35f4e19e32d6f652528483b5e07fc317b", "type": "github" }, "original": { @@ -246,6 +229,22 @@ "type": "gitlab" } }, + "nixos-stable": { + "locked": { + "lastModified": 1717555607, + "narHash": "sha256-WZ1s48OODmRJ3DHC+I/DtM3tDRuRJlNqMvxvAPTD7ec=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0b8e7a1ae5a94da2e1ee3f3030a32020f6254105", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1717868076, @@ -286,11 +285,11 @@ ] }, "locked": { - "lastModified": 1717297459, - "narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=", + "lastModified": 1717902109, + "narHash": "sha256-OQTjaEZcByyVmHwJlKp/8SE9ikC4w+mFd3X0jJs6wiA=", "owner": "Mic92", "repo": "sops-nix", - "rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075", + "rev": "f0922ad001829b400f0160ba85b47d252fa3d925", "type": "github" }, "original": { @@ -306,11 +305,11 @@ ] }, "locked": { - "lastModified": 1717807544, - "narHash": "sha256-djHfn29HdlfWdmyeu3rqlVS8k5q/xRh2P0mX2RAafb0=", + "lastModified": 1717980384, + "narHash": "sha256-nK1IFT/W/naLOolOdXZkKnvbmkj6tk7B8sIUfgXdhMs=", "owner": "numtide", "repo": "srvos", - "rev": "64ae31cb29923128f27a503a550ee4fb1631c4c6", + "rev": "7d912e0f5d9b1049a748b6257019fa312f4064a5", "type": "github" }, "original": {