From 1160081e82d4e7d1f38f7c42dfb9ccac688b07f3 Mon Sep 17 00:00:00 2001 From: Gonne Date: Sat, 14 Dec 2024 17:31:31 +0100 Subject: [PATCH] Address first round of review --- README.md | 3 +- flake.lock | 53 ------------- flake.nix | 7 -- ...owlistPassKoMa.yaml => allowlistPass.yaml} | 12 ++- .../kaalut/allowlistPassMatheball.yaml | 48 ------------ .../kaalut/allowlistPassMathebau.yaml | 48 ------------ .../kaalut/allowlistPassMathechor.yaml | 48 ------------ nixos/machines/kaalut/configuration.nix | 56 ++++++-------- nixos/machines/kaalut/mathebau.aliases.yaml | 8 +- nixos/modules/mail.nix | 75 +++++++++++-------- nixos/modules/mailman.nix | 8 +- 11 files changed, 84 insertions(+), 282 deletions(-) rename nixos/machines/kaalut/{allowlistPassKoMa.yaml => allowlistPass.yaml} (72%) delete mode 100644 nixos/machines/kaalut/allowlistPassMatheball.yaml delete mode 100644 nixos/machines/kaalut/allowlistPassMathebau.yaml delete mode 100644 nixos/machines/kaalut/allowlistPassMathechor.yaml diff --git a/README.md b/README.md index 1bfa35a..4cb4de0 100644 --- a/README.md +++ b/README.md @@ -202,8 +202,7 @@ network configuration. And service configuration that are too closely interwoven mailserver configuration depends heavily on network settings). It also contains the root configuration for that machine called `configuration.nix`. This file usually only includes other modules. These `configuration.nix` files are almost usual nix configurations. The only difference is that they take as an extra argument -the flake inputs. This allows them to load modules from these flakes. For example, nyarlathotep loads the simple-nixos-mailserver -module that way. +the flake inputs. This allows them to load modules from these flakes. #### roles `nixos/roles` contains configuration that is potentially shared by some machines. It is expected that `nixos/roles/default.nix` diff --git a/flake.lock b/flake.lock index 728f1ae..d49ea69 100644 --- a/flake.lock +++ b/flake.lock @@ -20,22 +20,6 @@ "url": "https://gitea.mathebau.de/fachschaft/alias_to_sieve" } }, - "blobs": { - "flake": false, - "locked": { - "lastModified": 1604995301, - "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=", - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265", - "type": "gitlab" - }, - "original": { - "owner": "simple-nixos-mailserver", - "repo": "blobs", - "type": "gitlab" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -86,27 +70,6 @@ "type": "github" } }, - "nixos-mailserver": { - "inputs": { - "blobs": "blobs", - "flake-compat": [], - "nixpkgs": [], - "nixpkgs-24_05": "nixpkgs-24_05" - }, - "locked": { - "lastModified": 1722877200, - "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", - "ref": "refs/heads/master", - "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", - "revCount": 593, - "type": "git", - "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" - }, - "original": { - "type": "git", - "url": "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git" - } - }, "nixpkgs": { "locked": { "lastModified": 1732014248, @@ -123,21 +86,6 @@ "type": "github" } }, - "nixpkgs-24_05": { - "locked": { - "lastModified": 1717144377, - "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "805a384895c696f802a9bf5bf4720f37385df547", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-24.05", - "type": "indirect" - } - }, "nixpkgs-lib": { "locked": { "lastModified": 1730504152, @@ -220,7 +168,6 @@ "alias-to-sieve": "alias-to-sieve", "flake-parts": "flake-parts_2", "impermanence": "impermanence", - "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs_3", "pre-commit-hooks": "pre-commit-hooks", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index 2e6f161..e8ecd99 100644 --- a/flake.nix +++ b/flake.nix @@ -6,13 +6,6 @@ url = "git+https://gitea.mathebau.de/fachschaft/alias_to_sieve"; }; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - nixos-mailserver = { - url = "git+https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git"; - inputs = { - flake-compat.follows = ""; - nixpkgs.follows = ""; - }; - }; sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/nixos/machines/kaalut/allowlistPassKoMa.yaml b/nixos/machines/kaalut/allowlistPass.yaml similarity index 72% rename from nixos/machines/kaalut/allowlistPassKoMa.yaml rename to nixos/machines/kaalut/allowlistPass.yaml index 826123a..4d60823 100644 --- a/nixos/machines/kaalut/allowlistPassKoMa.yaml +++ b/nixos/machines/kaalut/allowlistPass.yaml @@ -1,4 +1,8 @@ -allowlistPassKoMa: ENC[AES256_GCM,data:TGFyk/kVc5+EFtjJXUVTNEk=,iv:QQDiOK81JDQXnuzgrcDHVtu+Pm2Ki7H2sEBuNMSKY9U=,tag:mgd/jPMl7fjl+dH6d2sKTg==,type:str] +allowlistPass: + matheball: ENC[AES256_GCM,data:4y83ZJ4=,iv:+B1hTSGs5cskmUA9gLpRHPjhxzvwOrplB+lIbNUKtz4=,tag:ZsKA2A4ltbI3px1Z16EgvA==,type:str] + mathebau: ENC[AES256_GCM,data:ZlIv0MrCVtsyF3t9Gr/zcg==,iv:ZdBlnx4/zQZjT75ssB0osfDlWVerUe6yvwbMxlXpHZs=,tag:ytlNq7zP2WtPafcSQFZ6RQ==,type:str] + mathechor: ENC[AES256_GCM,data:d5KyoD/P8/j+poJSGF1nDA==,iv:ayKtvj4EEqUtMLi/7njbxuUql1A58WNi729svHtZju4=,tag:JqWoxxMN5mVN+gaQTmBv1Q==,type:str] + koma: ENC[AES256_GCM,data:bB7px1n5q1+++sctsmIMJg==,iv:DIJGpC9+JyFv3SU9dBVLdnEkRlZzY7DBRAL4zXSbpec=,tag:WaZUGvYtm+5ys2RsBNILog==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +45,8 @@ sops: bDdvdHc3Y1NmeE5WUzl3cXVRc3pmOUkK+9WueS1wDQDJlenec4jJCfynbPnuOFYR HFsWmvEZJ+XhH6N9Q0phCHQgZGiR67FH6CHkCblmb6ZfZcWSEe1oTg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T09:05:51Z" - mac: ENC[AES256_GCM,data:/OUhbhrO36jEdQUc2+fPfYc13Qezbedo534r+dtULWNR3upzIkP1EnZmTe//TQcKe6GYE/AIWOCIdmfj5+TdXZfoFGZ4YjjFof2HYvDjNKHq7m0F5PFmmzNNkpzUdwHBj5N1usPRoPbsYIpfV74AUJJEeBSTpE76vIATNuE21Js=,iv:Rnh+uIDOPW0vdHPhjqyce9xl7MtURMTrp9kYoWZ6zOA=,tag:jONUKe1pXReqHjtnqCOTjw==,type:str] + lastmodified: "2025-01-05T13:49:19Z" + mac: ENC[AES256_GCM,data:i7t/Hb5aW0lIvPLk84geQ792uUGP25vX8FC7kK/3H19tz5i4zsIcvl1d+oB5gJ004gP5pRogcuKL1xHUUl+A0UXXNzRpxc0BBVZaxnIhjfPunORbmZeJQRP298tQpvYYqI/pGhjrlit37U9jecGf1l12Cgv97sGW42d2F+S2Soc=,iv:My21fMF3SEr6mg2+eh8KA6B8tzmQVEDy2BG3hfkafrU=,tag:xdU6j8ti8Z68rbiRxkj7Pw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/nixos/machines/kaalut/allowlistPassMatheball.yaml b/nixos/machines/kaalut/allowlistPassMatheball.yaml deleted file mode 100644 index 46c9791..0000000 --- a/nixos/machines/kaalut/allowlistPassMatheball.yaml +++ /dev/null @@ -1,48 +0,0 @@ -allowlistPassMatheball: ENC[AES256_GCM,data:cnYmhQ+2sNMR,iv:hSn9JbDce2NZdzptY1Miik4+VFh0i6ehQAGxcd9dJWg=,tag:XI1bE6Z84ppIxPYOasNO/w==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHS2ZFM3JQcGx4VFo2M1Fy - T3pnNFg5dEhiaEI4SkNFbDNmV0Y4cDZHa0ZJCjd2SmRwMWtod2pxbEZkY2ZhbWhT - cEFJVHVyU2R0dncvekNFdzNpODlCMDgKLS0tIDRLSGFISXpXMUlzdGdDK1pBb3JX - N3RJVUpsdFZySTVWYlkwbStCaWVRZzgKInXWOMB5LX87zIKcdllGcOBc1CJHcSWP - htTOydt1XQGlZ809yT1Ovnsenk7SIFrtUGCgpSvju4C68FyS8fgJKQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdk1qdTBZRWYvMFgyZ3NN - QkZpb3BjSnVqRFJzeElCYVp1NDlyQitITGp3ClRtbVhBQnFvU0t5cUZGK0MveExJ - c1RtT2lRZm4ybkgxQ2VmV290SFRId1UKLS0tIEttRFFqTWJHbW54MUxCMHZ2NVA5 - NkFnM3R4eTEvdm85TzE5WFJLUTZMclUKpyGsJAAlqRagy13dH3AyeNi9v3oP8R6C - UayJeCPN89IyDsaIsrgAJk67+t92N8wTRIpOzfLEBQzz1WVBYCTPhA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dhzugelagj6vge5jjxwwn0522ngf7fhxn04sxy2tm8557rtme5tstprwnj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOT012TTQ1V1ZlMnZycVB6 - empqdFc1SE13b1NNSCsyNkRMUWZ2aUdIRlc0CmEwYnp6WVI4SmRaVWRqTUZ5cWJJ - SXpUb3JLT2hNalc2ZlBhOTc2YWdDMkUKLS0tIGFPdW1OS0xFYjF3K01YcVh0bDQr - TjcxNTM3cjZrNnN1RThYUW56WHQ1RzAKvNCz1CW4VwI/YPqzpYfhpvhukbhE3g3Q - 31JZhyUViS/tutNy3rUpP+6zS2sY4yKhoavBTmMwI8W9I0JSZaVc5Q== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzQytnV3hWODAva0JGdFF4 - MC84UmdaKzd1MVloK0dXL1NjS3pGaGY5RGw4CnF5NjlvSUU1N0ZlMHMxVXlhekxH - QkJJR3MzQVdJd2ZrT0t0S3FKMFZaOW8KLS0tICt6SEhEcm1QR0MwQjJ1YllRSlY2 - QlZ3Zk1hdkxpNllwSTNxRlZrZWtuVEUK65FpDbLv+S+MvF5+rpTyhjfi9xOUekTP - WupHKoeMMzAFxRK7DcH8bREib731JgBPbZEl8QZcY+xZDORnv1XZhg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T09:05:51Z" - mac: ENC[AES256_GCM,data:qA7d/k9vSQIvtdHOx20yfi98s5jgdGPYsP2c1rNrX4MeZnJ4RE+KR8wR37A54AvgOURUnTJUSfDNKGuTIPxioRC1j8iNlo/y0IefkbTaO2CBoh+BHurlh6wweTKI3LRUk8V0i5Qn/5INYc+DEzfsiA2g+QcbT5d0fU98+x7V/yY=,iv:xcgMXDFDN0Vo15rr2Eo6QV/Y5+X0t0mvAfuFmN1NDXY=,tag:PywW0L+VspBh2pZGXbM+sA==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/nixos/machines/kaalut/allowlistPassMathebau.yaml b/nixos/machines/kaalut/allowlistPassMathebau.yaml deleted file mode 100644 index df69566..0000000 --- a/nixos/machines/kaalut/allowlistPassMathebau.yaml +++ /dev/null @@ -1,48 +0,0 @@ -allowlistPassMathebau: ENC[AES256_GCM,data:DuCBcWAC61JW,iv:g0zYvVmTjsJESTq3kkWtaiypYPLIE6zkFyYLeOp/qhw=,tag:pyK6KMuPLkhLSTPAzbVxdQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaaWhNaDFEREcrejY2ejhI - L0tnOEtTWktNVDVoK1JQd3pBY1BndTY1NUFjCjFFSEd2Nkc2TVVMYzlwRXhyenVq - WmlCZkc4VWtFS1drNDRjRXR6SEVoYVEKLS0tIDRCQjJkdUM0V1BGV0hVNUtNQ1d4 - M2J2TEtPTjRVVG8yOHd6WThRNm5SU2MKVIAU8GCGklXvqNf0bpahJ4SsvIQxMged - m6mznRxcK9QPMApHayOBgw+8T+3IQkaEKGRuhI1y9UXahGSr8yxPYA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRTkNiVWo3SWFmaFlENm5C - cDlJdHM0OXBnTFdYV1NtTHFmTndndTdwQWhRCitMTVJIcnpiRzEvL3JzMTZJMW9p - NTlIREJ5VVpLTVplWVNhSFFDMlVpNTQKLS0tIFkvMjYvVy9DZUZSVDVvQTkzck1F - ZHM5M2tRVUVIYmR5L1FsR3VxNUZSdW8KWIq5Cjbd12SqQfXRZDpUxTnUZGCyMVb+ - XxCixIFoGYZRTBc15k/Z6yM5OxYnSv3tbioF68PYtPaaRJrw0ICDxQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dhzugelagj6vge5jjxwwn0522ngf7fhxn04sxy2tm8557rtme5tstprwnj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUWVHME1JN0gvZlNDQkFt - YTFsRG12UWlLckVLanNGQlozSXFaVGhMQWdzCndPdnRnNFU2dUpQangxUGU1RGVG - Z0Z5SmxZVG1jYW91YW5Jc1UwY25yOEkKLS0tIDJ1U2w1RzhpUk5WR0JUbzhRSStE - VnZpWUFwaHFMa2V6NlpQR285RGU0L2cKeN08hqlFz4re9iVwKmp2THEs1vZFqNXg - uK9Em5IeCx3pBjd5nnguAM751vR9X5O91ntA/R3MoL2bxGhbXHbOmA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYStiSFpMWjh3M0EydEU4 - YlBpcFNYRXJTN0k4MWQ3blFmdW4zTHR6MWhrCmtsVkpGNFlIT0xBQU9SSG45czhU - NzlKSm9RMStFZXpselNBa3NpNGM5SzAKLS0tIDh0LzI0SkdlM0hONmF4RndCV2Q2 - VmwxWjcxVG5Kd1pPYUdpWDJCZkU3Q00Kbc8dYrQ2AiRAUfzXl6Bdj1mlbwlHSKzS - 6B/wzrIB3yws4QXCdZsIifxsGqJh/74UdQSXEab0VNwaHqsyXecIjw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T09:05:51Z" - mac: ENC[AES256_GCM,data:JLCK4mH4yS4YMhrmI821s/TfONkCyEx8x+pFHD/QOoU4KHyhDIggEhTYo31JFpWIQdDZMPbeFaUN+IvQwh1pqD1V92XfJVC0zHPiwhG7W2kI8WFAONVqI/bbMJ/ne4am5w/koGpQNPiM2RIo+9/9BKOkyLJLB7XTqPBY/FNW2n0=,iv:JiHwaSbPJSJYofiFABjn/AehSKyRrlOKHXBs1DGZcFQ=,tag:ajR0zYdHWxQcY2DhAuAzAw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/nixos/machines/kaalut/allowlistPassMathechor.yaml b/nixos/machines/kaalut/allowlistPassMathechor.yaml deleted file mode 100644 index 011559f..0000000 --- a/nixos/machines/kaalut/allowlistPassMathechor.yaml +++ /dev/null @@ -1,48 +0,0 @@ -allowlistPassMathechor: ENC[AES256_GCM,data:CuLKFiBN6JwB,iv:cwiwShPKrGjjfuglRttmG/AB+qblJ/6ZLyD88mAsZ30=,tag:JIJjHJ4it077RSD3pSOBgg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnQzBXNVFObnk5OWtaemNz - UlFDTFpGRmJ6N0xYUmx3dllzS3hyWmNURmxRCm1CbmpSNWRkVHR5M21ibmJ4ZzNJ - elZQQ0UyN3lOTmRwQ2tnL1lHUFF5djgKLS0tIFUvRUkwSW0wSFhCMFByTkI0eEo4 - emdnN2JoMDVOb3FUTmZhZFIxWFhxZEkKDWFrvxDHjybQ2b9hORThAG2TihGdvaK0 - EHrzz0h1NVEO/nLUJSXRugGJ+J1GqThgOG1WCwJ+2Fk4Hm+q040DWQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkbmQ3ZXdhZkV2VTMxTUFK - eHM5aXAyNXdtV2ZkRVZKTC9GdWtDWUJtdFFFCkdBMWs3OFltRjFLVU1rSG52NGo2 - Q0dnS1V2c01EdVRuRGlsZ0lQT1JtUG8KLS0tIHErblZ6U01HTm1FUVJTZjdGQ2RB - bE90R0NsdkQ2UWNrbXZydjR5YTNGVWcK46c5ec7plT6X1874abnSSryG+cUZq/QT - 3LpgQs26dc9nIARiZUk/2UTPiUwxFesi7e4I87bWh5A+mQOHNfRAyw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1dhzugelagj6vge5jjxwwn0522ngf7fhxn04sxy2tm8557rtme5tstprwnj - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUmJXMlFlb0pUbkduWkJK - SWhlUXNqZ0FQeFlEMFppUWR6MHFyS282emhJCkNLMDdaQ2JXRExLT3F2Y094VE90 - bTdmNGIvV0JHNlVldTVxUmdueTllYWsKLS0tIDAvNlhRQnFKSW5JT004WDFhSGEv - M0hKbWxuWjRlUWlRaHBQQUpkVlM4dTQKm4vPZTHMIfk79dTOO7mP9IZaJZbu3hx8 - J/y5xwUFVakqPaX144YZXjjStsjp6H71jE+z3EWeqvW3hwI8XAOv/w== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZGFsenFjQkRBTCtsVXRI - VnpQZmVld0VFZ09hWTdlSjNzczA1T1VhWkZrCkpRUml1UFJrU2laQ1FEVi9USEg2 - Y3J5VlZCVG83UUh0bnRVbkZRVWVMMlUKLS0tIEl1VUFPQ3NvMm40clFTMHcwRzlC - dENsZ2ttbFI1aGdFYlZ0M1crZGlRek0KWF+sAOdOGf7GKkY3ZlfPkXGGDwSf89Lk - uvSkh+2Y9RIkQ7HRUvWxPBPi4vBUUhM7y5+lA8sNi+lLMzPyzVeKaQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T09:05:51Z" - mac: ENC[AES256_GCM,data:4LMhli417gbzauxvsx+cSA0VfCt5+dr1lsGdzVqNts/ELcCxlH2599V/xPdgZJYvbvY/AUDEVc6/7vodqtxsI9d99P9AD9IRaETqHkQ2RmPfyUHLJL8kgLdcql6zBdlZTpy05438Bs53sOQMWCcUmE2TohH9jlvmwpqCaRgfYf0=,iv:BkfHGIFAdlSIjdLvqOeaeoIkBaMQ5yXqYBFgGBrzMjk=,tag:7+vgwa89KxeXWNvfbiKSsg==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/nixos/machines/kaalut/configuration.nix b/nixos/machines/kaalut/configuration.nix index 82cb306..2134b42 100644 --- a/nixos/machines/kaalut/configuration.nix +++ b/nixos/machines/kaalut/configuration.nix @@ -1,4 +1,4 @@ -{ +{config, ...}: { imports = [ ./hardware-configuration.nix ../../modules/mail.nix @@ -10,26 +10,29 @@ # System configuration here services.mathebau-mail = { enable = true; + stalwartAdmin = config.sops.secrets.stalwartAdmin.path; + # see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH + stalwartAdminHash = "$argon2i$v=19$m=4096,t=3,p=1$d0hYOTkzclpzSmFTZUplWnhVeWE$I7q9uB19RWL0oZKaPlMPSlGfFp6FQ/vrx80FFKCsalg"; domains = [ # lists.mathebau.de is forwarded to another VM and does not need to be listed here. { domain = "matheball.de"; - allowlistPass = "/run/secrets/allowlistPassMatheball"; + allowlistPass = config.sops.secrets."allowlistPass/matheball".path; } { domain = "mathebau.de"; - allowlistPass = "/run/secrets/allowlistPassMathebau"; - virt_aliases = "/run/secrets/mathebau.aliases"; + allowlistPass = config.sops.secrets."allowlistPass/mathebau".path; + virt_aliases = config.sops.secrets."mathebau.aliases".path; } { domain = "mathechor.de"; - allowlistPass = "/run/secrets/allowlistPassMathechor"; - virt_aliases = "/run/secrets/mathechor.aliases"; + allowlistPass = config.sops.secrets."allowlistPass/mathechor".path; + virt_aliases = config.sops.secrets."mathechor.aliases".path; } { domain = "koma89.tu-darmstadt.de"; - allowlistPass = "/run/secrets/allowlistPassKoMa"; - virt_aliases = "/run/secrets/koma.aliases"; + allowlistPass = config.sops.secrets."allowlistPass/koma".path; + virt_aliases = config.sops.secrets."koma.aliases".path; } ]; }; @@ -38,32 +41,19 @@ vmNetwork.ipv4 = "192.168.0.17"; system.stateVersion = "24.05"; - sops.secrets = { + sops.secrets = let + allowlistSops = { + sopsFile = ./allowlistPass.yaml; + owner = "stalwart-mail"; + group = "stalwart-mail"; + mode = "0400"; + }; + in { # Password for the HRZ API that gets a list of mailaddresses that we serve - allowlistPassMatheball = { - sopsFile = ./allowlistPassMatheball.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0400"; - }; - allowlistPassMathebau = { - sopsFile = ./allowlistPassMathebau.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0400"; - }; - allowlistPassMathechor = { - sopsFile = ./allowlistPassMathechor.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0400"; - }; - allowlistPassKoMa = { - sopsFile = ./allowlistPassKoMa.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0400"; - }; + "allowlistPass/matheball" = allowlistSops; + "allowlistPass/mathebau" = allowlistSops; + "allowlistPass/mathechor" = allowlistSops; + "allowlistPass/koma" = allowlistSops; # Virtual alias file "mathebau.aliases" = { sopsFile = ./mathebau.aliases.yaml; diff --git a/nixos/machines/kaalut/mathebau.aliases.yaml b/nixos/machines/kaalut/mathebau.aliases.yaml index 57f20a9..f8fa3ed 100644 --- a/nixos/machines/kaalut/mathebau.aliases.yaml +++ b/nixos/machines/kaalut/mathebau.aliases.yaml @@ -1,4 +1,4 @@ -mathebau.aliases: ENC[AES256_GCM,data:byT+/1+e9ca9WPakGluQQnYeEzMJYTiQ4DxzyrB9y0FGmJuwRwZsErgBmxjPDrT/yU2K4q1/f47Oij0NpPLGvHctJ/Lkvyj7q0ovbvKlypOQz13Zr5B7csVRtKbXCEPw64Rk7iLWnWSjku0aIXmmol3ajRPaiiqw/iCnkUtjWpvJEfrnsdOh/zwgSw7nE6jUYDL7FsbJgd4yqi/zOTtDcRXM6cxsKWoOr2Ei5YGwxB6VWwiPJrJixj4yrQYOyRsocyjFHFsmFKV/8M/2yOGC1ojUOuLr49JQ0Ux3X5GaRC9mH3UFVc8XdgkdlD+L0QLcz8g10t1Hmoh7ApGjUYfMINjj+EXBDn4STnmvBU6dyIhRbq0xZaDiVR2NPZHgfmXpbek024iPV7gWB5DGGAVKMIzx5lovdTBXNVRijQX98LQE8zlAHNXaMhih2Erltt/MY66hVJZY0nRCc67GE80Xg6/vtleKg7grUfIXZFcJVlE3mEat3aLAlmZj402s1p2CHD6uD4roCOxkKMmHVV6uQ7KE06Cnmv4jY7wz5jp1zO3AY4ezeWhCfyFB4LIIBoZCjNRvINr0yP8l2B/hi0RXw/HUzNMwINqgE6lgvqdXKleN1cwj15KTpqpVSqjnjIl7KbHsgAqa0/OPeL9S60aXrAKKocUqjgC31LrtAdfHMHDVqukV48ssKN0F7XhOZzEnq1yVBQkMmFIM9l7hDZfXnn7ePgPzZyKDV59As2qvndFOX4+mqb/WlAxoV34bB7Cs40ob0/braOwZxPXvPtdfA3bdtSalOuYrAIUmB2ixpuBCZhwG6PWM1gtlJshjgvWk3AS7UyGCGMv1AhfpkI6UoFc0Lai9eeHu1ro0DeM9W8r2qlzluMAfjMPjST6z5zg/2HltGfDVwM0xg7XDcTFMK+mhWdNJ0SOak+mgpEukLZaQvE0LRS7IGuXsLI/MX2A483sL2anrkL5PDlMbqgJgl4SIA0a6QeUiO6+k0Sc145+KidetdBNx8ZFRr0bNnIPdszaEXLTeIVbNil02d7e9MAx2i96FsZILSGwoAWXbTRUmDwH+axlBKwAwxPHPTVtCjoHx0vsOw4SnVdDEI24z1VbembqDZFxg9CFu2hN6IQBsW0wGD+gltPPD2PFL4m8RuKui3L6psINYd90J7p4Dq/3vzW6iOQl2E0frxCpZyzrKLQOREao8pOol0aDJk9KcVAmuBbuHxiDzvYS5k8sKJhK/8zlMn8msIwvPTzcLLdB0Vu+6VCX9jCNii6Qzh5BS/Rn+dumLxaRZ17zbf5aiaXuSxSTmiZ55yBDScj50jW60r9N348o0L3+EIuuhWt5EvHAqhFhjhDdwFQPVfGz+QnXCahVrf/T8vsgwp1mXPEb5Bk6XBRm6CFR4q9G0GEm2WiRZlx3LEVH59ovRvpaR75Fwvucdqz1Lv+7cCaHVss9L98ubOW2GRTKi7wH+GOHMDdDvw8DJAdEysQ0dTnO03mv58cqXuDYE9/NZvCByCqpBQ+gP44F78/CsiHfkEIeI+wCXvz3MW43v9qvYQT2kUBDZhBrW7tfsx5amKdozYsE/KMmoL4oB3XOg+f/KPuMXdY/xFH8rOfUoPhJa9LyZXEPDfySK7baykcC7Jejtryxuw4fjgTaGhCi8ssCt4r+4vjV2NugrMcPsKFgIPzzj/4nEqPsZTvXC6Amvpb7e2HJ4PQ28o8yHaKZUqlzoG6bGZ6KzVZ1hqoHHqIMRi0wnSnYV8DwWo4ocAEf+xjTIxRb5PTCYk2KBxBx7lmmdIyobLk8t5i5ZcSc1U0cIxQJUaDvbpnPcMsyFpYHRg5cFpD7O1q8KFdi8XvCkqUW27EPwTK/GEBKMwnsB2UxKJM0czgtgERBsjubMLdFAARqar3X9VCmEdLIAUHYWC20zehsnA5P+eYgY8UQJ/Uy8o9icTOyzdDXkU7gUr55VTCmFUk1v78zBLBlbNhNu8vUw6YFfmYp5als12tijsTV/yYIhv9VeggLPjwGYjNXsduuh7s8Frm/hdea7ZfTiD3eU1TlrSm6TUNCenz4DiyaTpWG9fWs4Dy922w9gGg9ui57/aG6GUrFLbP44FtL2XvP3VVWNcF/o/EUMZXuZfcKbH7DP2mncwOe+W7F66vqD6NR9kLDDKVdhfFsVrbNhG5V7toV42pfK9jXHO2I9r8MQ8sUv0cArcEolLNDCZCgu7vaCw9NWMk2zYMgnyTnOKlK1Us2T9kNjbSwrEWm8zMyxgFFLle5lboP1DdOYd+5Hw55Z9Fm0y6WUrxWkCwUUlA7PuepPcN+nxQWaxx3M6OQLd0VFB8A7WsWIHTN3nvgXrbLFkNdJrH0DD3dIYTWVfy5s/xbOyOHjPjyeR9NzKYgildnoV1oTwp1RzfPFPv0s9mKmKWx5CKqhEECeb9UfFYTtArCZIoxtoMh5UYFjr2F8OW6eAuNfZp3r8N1TBv7t5h1ToMoaRKjMwFuUYOC1J1X7drjPNiBfHHRt+Z7ba1jEnv99DYA7yQ1BaYcR4WPwBSbuRx33WkHlAigqH9fSB4cDa8mspt8W0DcCX5KjgpNG35LZvIn4PdPKwkMg4InumNEs8MDudL0h6Vaw44iAA0HdSW5oK1qQICMyFjBiVXZmpS8TkXOzHsIxEbw5OdWozVUAAUbmr0ZCcgZLWLxmEqkob+PNfxtHlGv+YktIEAbI0369X5ur1yfEN6I3UooInVuN64Uro2evUAqeClqtCXiEoaoe8sN1iecf9xYH/Z5rBhsnPyhMpj+eOQSYpfiZEsRjHekAOM+3HN+VCgtRpNtwAL2BqKMbYQioiEFTS6jJPuLzQ5gffBYj8LwzEUVHFWF2Cz66TxxaLh+TjEk1mpka7SHDLQ5RyQEsryTzKo7Ngg2dIcx8KOzhAt1h25Otl/qtFPnZi6lIwIZNPNsdmZsLErxBj8WOx4BNGKvF/xqSvZx6vmW7GjGrZGm/9NTqZWFlGQWS/e65ij63xTZpD035N8ihKhnhFQ6chqfz8XOkvRM71oTooWUMPtNdVbcusQ9ViI/3wmE0XQbRH9LW5dWIYRwy9XFJ4Y6e0qv9mTvXfo9I9iBFzDz9Suym8VqhyynZNeTgFoRz9/rJ6HAA4huPgzs7P+0UdlcbDsYyTQ1NSx3piXvnlS0kyZdt2PjGp6uRmF/ikecqmvcJ9rHy/d1j52T0gfVE25On54RzjB05uzO3RU6BLwY2GJNky1nPIs8wFJT28pExNXSQsley+zp/COrF3Nmn64pTSgkHWyb6x4u755IeUTVK/RYxDfwtqfjmVaOjQ6ZgvM27F9OPoMgjy5+KkwTIuA/y7lnM3xw8kChS37Ow9v3jQ5OyBdXgqqBeba90FsKN+LmRxxXHq9l9417toaOfZddrGpAVMec3J7yTRRpQ3WoMuvG+NKKMWSKH4gxwyJUbN5PL0fSDiuDFb/If8SZseI+qBDfRCr4uuXGmb8gUVIKmMPnJpqmF99Lrqn8Y7w3sil8OYhi7qJsTzq8BMgokzR7bqZdHe/kZze1jAwHYCQ+nw6EshsUFvALTD4Hi3n5L+QVgWnFUthb/NT/z4JI79zdGGOrSaljmHD6cNQxuBXp2EOr6dfHge1G0e0h5Up2L/KBYxZsn6shckMM/Xekr7Mi9PSt9qwUyM5xDbi1PjgD9gbF6nDm8AJ0yLtEoW17GIsQ0X+2SG6jUmLdAFroSRVAAtIBRVRTS7vliyNBig7KHZL3Cay52EIq+EiNhOCo6scraT9wfM4+aqGU+nusJyKCLs7HkaIs1bkqm64W97Yb20Bgtt9CZ6EbzcGoeJtBHkQIwW9QyTVyGMzRmZuuNolSLWIilgkXotWYNwez+00XDdC1qaKltz9yg/kKE41C/T8kN6YrwkkNpy/APQKWYCK2/pMEZW1RGBTKSd+haM5Yyfc9OQQYpKtdCZXdkC/CYkDE2DpKtOV23QbcruNzExm+obpJHXz121gS80CWyZIUgNVkm22hhF6u0pQ+g7wWRgwwtFTx3g7nvsv+41/t5Tc64zwOWfnCHDoLv1pAto/yL7aSJSqpDDhFNR7l4XGDvkV7oyIEmPXcCDDYPPAOucsdfAJMHxcl68vpfzXPZ9JgA10qMe/7yOlv74tX5JoV9xhji6+HQRe0sQ9dN+igoAF14kiU6uWAVsDLOznhaZC0fdFyG0DY7g6hF7OWXkgeJEbXBnwhT1Gs3xsPS8LqZ+c/9kspm5kttKuXrAEXdyPYT1IliDgNNEZtGkc7dvNJ9Md5msm7AGchddK229Bek01DQO5rnR76MqdWzIHd/Ad272iQfX90UJAh2IirePVdOPQ9oe8/X+3ZMaHbyL6a5MlGJr8IVBJzClu4/BdiaKJNjmE+ULvU94Afazw+F4nbayhF9KwKydH/0WBeACI4iMAFvTetJ6zIjiNvvbHKBzTiPADYN4qp6rC0h9BfrtmA9v37/oSmyVl/1IzjWzbeHQSpqwvtMef4IpTl7WpuB3xSzknloC5dzC4sk3sJwZ/46hhmZiQ7oF27upDLB7ReoTnkgQjKw2AlhDW/P32m4GErXFkUF905NlzfhqlWmM7wlFGRTGMICOwXDWRz9G7dHRPuJ5LFU0sb4Xwt0TNkqvl1UA0FeAqzF4TkxYlXr+tUNAhoCCL5Koupm+L56jjkpljdRKYyXt3aTVo45dCZMi2dBheUjUXQjA64ko5+04haWi607NuyBl183bDqTMMt2X9I6ghK0yNq++1hAeVHpSAEbW0knebLrv/KaMcN76nDenCPoAAvaiDrYAtFc/lvofsBHg9YuUBBUHpZF4iY611iCHNvsWh4VBe4yrnPfvGdgBxrJDvGpBs3w/8MRZweUGifsWwjt1+257Zt2TXvmVkuVCogKXMajFus58ZJs/FNGUkMMrV/jMbc5V3XjhlThFKDsNuoUPvUYv2qzv0HybwVyiIL3vZ2rMdOv2JKrE1ftsDxsXFGJUrLPjy1G/5mgHENh+oA9TAQu0Eo8HEjpNhdyFsuU4ImLl9UHtj4GVsLBrxNb7hsieHVwGfMyPBVjDZ774Vk9YaotpgcEDiNUO+YqTIA1xcPgQxnPXbbmupSvpP7oAvZbi91bNdioeiZGV66RUdtnsSeg07wBph9LjIE93AKSex6WVNtsif/YPW3M3pvRGXPpCB/mqrowwX/fzAYA5LcNCYbOwhwSFALEiy1htU1w4ujHmHqugsuWEFPQL08Yjs+X2emKzCpoVtxQN2D04WvjAH2LDufk8aJddj6pGpN/6VO7ZOttjuv3nwjvQSUqQVtuZb738joxRZII5SOYOHeKIPzB9RAPOxkYgH5EYUqA/ZZ3/+f3yhf4NxT4cL26wzSS4bI9sXD2oUI5JglOM1nKHiUy89sAqNswpkkBXTfSKLPL/lAFz1kfCLveTaldfZGGmHAqNxgb+Mlww2bMd3RzvmOovuoR552cb8QyekRTPCzgIqKVTKyn5tRrlaP4cSIYCU/EeArywCKMkXNEhUK/ZECTQIFvinqoMdfNAO9XrAQEZZroJScaYe0ODItqofjEedMvKA6UmA/AW62xyifiquftsg4/o7gfnSTbqBxcdbKATxCiJCnYy1eqeJBZ651YHyQcR7bpHewPhu0fgBPXtl5/vbcZPj9BpSZzPiro0gL4eCn4tzRl+8N8n3LYIIJaBmWLpk+lXCZsoH8rwCO5wAZH9024m/3MJ2Y+LkDYF53T76cLyps+g8Pj8L4lkF4bNjVb/qKZAZ786wusZBjehFhZPwwR6wM5E+FcUlHi+gNr+WpcR74apKsAx8UDeed2LrEgZUJ8xyUBPCRZ0UQyKqPhVmP/RGZnFBU6qwsvjT3CRUuYvlToLjxkydGrkCwEjF+PzjJsMgnkphNKmQN1nRTEuSiPGy32fO0Qg7VlDlO1x/tcgZErbvKRgrRve8L+gPvWMxEXPdbbhJfhxj5N8nG3/+lhmvwFIVzOra3d6EvzgxoWsyvg6H7zELrEM36gSE1Aeaa3HgBQCZ/k2/BXO4Ua4d40vLaG/bWVMbhzOaTASB32picHyr2FwyoSEdDqMt2+qgrdVLm3pUwl6pZygkJ+7EWYaSnf/0Fydt8+C/QHZxlz0Cv4h+H5rKGlerJu0it4hgw0yq4miaXxtPPEdnV1WF3FkNENO/RjVFOQHQeDz/C9JYKKulgw7jg1zdBe8HyYdkMf3VZqkfAf3TP+jN9lcTkPcWVkRZjJYN5dG/jclBlCE1S8Vtc1AQztlrbF76kPeVRCd+vkMmjkVi0RUTuc/M5o9TAxYZTEa268eQyZGnD/YylOULeshfvgWztm0qjexpos7l5lLJihvH+H7itYGqsJPc97PN2WDHGqM2jeZibonRtY1B//YscwPICWqaPWw8eLgQ3G8/WM/P3SFKNWtQNISaciYnfgadCEaKNr9DlNF7IjHJVon1O14AcMQ0u/wRs4x/y4yhA7+OjRKLwEIynXyajSNRkRl8QrljAf+gvShDqGn0qP4oVjI6BwRdvn5ZD71O4uIuN92xXzqNXpW45DwbcOUr9ntWDe+80ayFqRmhbIieyVniWJD2Rhd8MLBWGCqlLbtEY8WHFQCB8E6xznTMnMcKtO4Utvq7RDXrvxNBP1VfEw7Xs7tPBJammdEugx2JnLspMUsYW8zpt7c5dGkOihzqvWBg+gEJK8qW1cfmYsY1uw5Tp0wkjK+Ui1/0yJ5vRtBqJnyqYLzGfaU02ty5TReKZd9JZ430zwD1o67KM+HbvQqLijsIt8e4MYY43CS+9TAPQbjRzSmUBSSSuJdzii6Mrls7RDqjhieOt9zgI5jBLSQfu9YUotXsgLP9mZ+xwlX9SEhT46vcJTJz+EPGiJEMwIsThTWlZNHf/JtD86ArcTHy3CGY0MZTjWHByxv7wP9zZNWxEmfTUd4tZoPP2KgT4tnqOJisL4L2mYvB6tPeM8RjFmDGAjnphaawKRghRI97C7A2J1omMT9ON+hvrG8v2ku6z8hnFTb9CWJHDP1f38Y0SGlA+vy9Tv/bECToEBReux4dhJMLug8vMzluLPTtsugVEfwHDA8Z4d3Js+aPe3p48h7wiK+gaRCKPe3s/jL4fisJLlnoiUEHpk3N+1aoefVUEPuMxpt36kdTY3rP9FkMU72deMYUNw/ARMW5RKcJOfv1C6+ctlIUvNGUppaxDOJupy+V9HkKOFS8BgtPy10NDhV6ukKIjKyJBpMVGIUqVZvSSHhn4lxee2ZXw7cpggnIx+TB9cT6MeZ99Li5z9gvGHpj3rYWgF2KfmtYUXYoOM+8cpOVmd8igb5bfc5alcQoOI2OdgHUDq06FEIHRF5uQQpFQ2suEV9WnhA0c+Pa+mLPBwazM7cRTi0BZFVcafRzRP42ybwdpYG1H5vUKmpoaGVY8c1DffcRPLjvW5Dvz0AOcWU8j/RSmEONBggf3APp8V713Hx+nD9+tn+8Z1GubOUEUgATtioZhDG6WwKN6ti4XL8b4l62aviSGhZPD98B9fsmshci1aUMUHTwJWSX1NzBMGly2GFax+OgOSyN6ymsowRTNvymKdQlKwQKqLR/0PvEewr6v3smGbfFhUQVUQmV8vr/RG9QWBWo7kblj6ucklIfsuZOCji1xXjSx1/L4D/tm6JVqeeactI5baMcLRllyG0n545liqzJAMkxYibRGXY1U3E/brmUBE2pWM8a867o9EuY3HvB4CM3UNh1fejUylZmQLfWFOB9Fva6jBf9VBCEg47SfF2A/G1b8gZ0kOe3riwOW4gdredh5v6HCXZB/h0AyZj3wK40Vj6BYaKDtGiiWAyXw99TIDPSBNGuMRdJ45Hc6Ot3dDO/naoPzoMFtZEBj4Jku788ZIkVEDeYholKSj/Yu6jFFcfexkVPWw7xm347LKS+ELgjbQ2/Ff/D97/zKMuwyUcD32VHv6KTTh5GzxPVcaRI51n7SBmgydPkxG6Xu1ZSGSutk8/5x6DuYhnOUQpmB0nUpDKMQz7AWQ6wlqyyAYwdls16Tbhi+RRTnvovBLR+GpqwCG5mPXwC4rL9eQZ4tAc328XIrLIyjI+JPD3rRc1uFBHluLAftyE/RDWz+XtFxR01/9ri7MZ1I7JyGArtav79tMrLMLx/0emFbgRws+yCzPUPSbkeb+0tPd4FsChxWfSyCgLunzxXwDFQI5M958E2VWMCDKL1hTHWEj7sOqwcij+Rb2sBTA8vU45Jbi5iBUCxwN1Sxr1Lb5UMrN1Ks42I4JP7USWUN9PW2OcAofBH/pJKRKYntn/QxuJhEKMvWTFUkAaSh2lf74IeVgoHxZLqcgN857JfVSQZJ93xToMe6d8WeGO/zAkCdJ66VqIFUOeeHZ+ohAISZ0hTQQPisCP438L/1eTwyoDuxzs0jyPMdaZvz5iwd7BfJBlYPIh0+ACT4EG0w+flkUj3pnmarMB5phF15t4wk3ClH3hxKq9QlQvApKKtxnwLjI17JIbHbc94eIxo1UC3yFOZaWkxf9XVZQ3hG8ikw6b7zJPIENnA9HJ7KHf43Ux6gPQGUOy7Nsrg1QHHewCCxY2slCFV32SRUbAJRzH53UomwCRB0ESobReSdqJU+uT9OFzMIcR5UctAeLpr1NcidkArevFgVN6IY10a11vHV31x9fZn1yauZjxkSpV9y4BPXkGxIt0ASkrviDBBQaYy8w81/Y/Uy/meF3ZF0J6285uhfuHpfhskZrc2jYVaIyeeRAyrNqHIKdrTGuDnlV3L1Tr/AZRI9EqBC9yanLEt88hlPtj6aSgBPmtRAELAI3gZIY9IWtzsoJ8FLdzABSNjnrAIX1ge1mCs1jCsX8jWtCFlpk484D7ydjoAP/dgfyNvXPuYzhWA2t6THZjcF3+I5E8rP91tHauIjKUGhtQ1QDHx40vr+InElNCboZyhN6lay2NFUNIU6Oq9X5BH9Fs3+Mmjb3eShm4SzcLx2OhM0/5sBrEuGe7SG6JVtagqHsmrTImSmqehl9LIlRbPiDtI5emEnCx+/aDYJJd9NGjK63KrL5kIZ4JBozJq2TQvbkbHFw1OrJkZcsPIfVnokd9W5s8T9ufvaGMLdmQoD2SFJUdi7fimm1jMxiQD3qtqQxaMg0fEbxXrNW4MP5p92n9Cnn/dFLiDoEufPHV3UMdKdRws/wmwQlbeZJXyzK+G67jkxk1TFoWOvUXzAsgTU+KMPBoZopexAWRsntfunfnVaucFvCXmQ7vCBkPCby7Rovx/tESy1x0ZCjNblz/yYSsMm9aj0vu+oJgRQ7pbRv+1i2psiITm6bMQ2cMBUvNWYHOItqnnSQBXHubZAF7rsWUKb0rZEGLAAQbvIHpFUI6FmaiM0bwHnIC/xNs1Q3JGDdgQnrGa/+g0PpNKROdF377MCBw6NuNnntUEDg5rKWKkWmUtyfAPD1hhym69VbgT1IWuEbaim20XHuAmpc0owVa5zhYfVlmQiEzPyoD4onFVFB/nG2WxbKxesTwQio6FBlbCYIwxtj/jPuw+o3wIMqO0bcAqE57U9GcyyJjBCZbGm+exeGx2pk4MxlwO+SmBPINHrh3pUQH+OEvEgeTlR8UN9ZV/JoZbDN6fkNSxr7zoCvsZaCraQYdkg4wJT1Fe3S6ySFqrBYFkEgYchCJu1xl6reuFqRpV69SqjqgQNuA4Z9PTKWj9Nla5+0DRJFh9XkjLfY9YFt1TArLXsjMuUwjiSu4SwX+WePJIune44L/bxeOmmfbU0oNhHNwHZNUzDWUP6nbmB1lch0uqUBUfddC6nhbez046nFDu+Am1Iy8LSKVhmL4EakfNtV97x8iZhQoRZgvj7zdGiRi7jPlzz9VViFIjJwTt5kcYhT/f+7VVkb8FwF36vqVjvzG/+2p31SWkEnNxxrgXXxUsda4W7WxLzC1Dojbd6QrR9Bd6rugIKRbFYiINxiB4usei7Bmn7VwXMcrNuF5/JXD+5axGMMEPUf7toX69rFArl+VoLlWmfMpja3JGN2JLfknntZ88GkCmzIKZUYAFM9QhvKSeXCxYtsski/IZK+KU8Xdio0ak1vO4FCtIIzN0xBSR1Ve2dUu4UpOYsklHJIULKu3SGJ4Ud8gLYc1ZWlyYSVRCinF9CRQMSxbx3NTA6kOHxxTezJYzNV4vhqwOPRCPB08lzmr6irOEuXss2tTiP57j8F2Zi5eYspQ1qBju+lhB4szOK5r6jmZXLwy7IZOep5DO2X7pWbYRjSPz4YCZNmGiVSTbOPowRWyfMh4njzz09sZpigopf9cwCxcAe2RrWKOjPjsJAdwtyRHffaq5QRo1shcxtFZnOAMn4CuHcgCQbawLadBnRAcigOq1NM/NbGgyDUI5L9Fa8fvX4zsxQ0ItR3RtVyVXcHuZSfyS+nZEcyIz5WTveDLDIXzodT7IrAQBg3Z3b9/tWoq0+RgMO/Z7hq1OloMw+tZvg/zvLrR/vwRFrOu/+gNggnMZpmfPEZsdSKqhKdOCvp+denOFyISj0iDKbF4Wak8jw6sujWIRzAOw3KfK4kFYQA4bl0o9iwyTXNwZGaY2/wbkKHDPissXzBhCxdtfzlaDajArDHVASQQI/3cIBjFSKLhlZkOmDV00Ob23Ukq5+itMB8q3kCXKsVEJgxubBFGFX47aaLZY5BHxSYgHixjQnHDOV5QLge/vEPz52+S2U5AgG4nEWTrjoZj8kdXGv5qbRia3Z8VQBqlHjlBjlyAHnFxEqd1iN0iK6dpO587AFlC0My/+087cMb2QQ/lLXxw3AaRsknIS5TQZqkwyJS6euiegVwHXA4041bnovFCCQCN/dIpSOPo1mYPkAOxSWP7xc9We4p2S2qigQuos1OQ8bBlkOS/bq5aTjNCZjJ0e/eNs3bZ+mmLlXxSL/aAFZDIse8M5HhxZMXRyA/OMheq/rb0TtOv7nbETKuB+ddTET+TfTsmYDK1oNBmf56PLAnFcl1VMjoyaEI5Wu0dNhqjorXO96rDOQ+8YL++c5tMDecXPDdITKemRsEoNC0uY+CSSDNDlBGYGahVAmnbKpoOrM8bt4lXp+kigyixvKHD/lLGE4pluNbku0oRZKfnNcogC75zpyiiP4qlHtVdjF509uKbe7hGY9hsr+afJsJ38V5XzqHYWPiw/9YeI44wX0jCAoJOxM2037MKmffo1BTvN41X1CIWyrYxxdeAf2DZN9B/Uuzkb37Nu2dyW7juuGKc9qrxaXrPSYwXtvFV+8kMkOMGtsc622YDoTlCmvtPCb/Wze3Su8EXeI9lCLXTffhsKAAivc7maJ3Av348YLiJ35nvRYl84V2H0l22KDDOILjFupdywJZad4pcqwaoqOe5wqi00SYMwlBcw3PZf74Tkq0xFGh+Gj9DFFJqnAbYeq//TQ7UQxcYoWXJcKmGCkR+t2mQ+KnRpx3I7mMMbjrIckRg/bHeoakjIjyS+yF3CRYWqpjX/zeJ8ggC2nVXFGYY+biwTb55eUb9PxioePc5q0+aI0jrGX++R960ZguUls3mT5erLnsy3NYUwexHnsl/XkpzVeQRHbW6i3ST9mqxs546mRNbCchcmYwpwKYIiFjJsIVb/5e2jCton+TznVGlZ902DWwUq1Q0lFZ5VJ6KrSazy+Hms0PvloXhz9r2zNtXy+Zp9q7CCwli38/y6AnkOWj0UtlMBHoIxxFm8ONf+uS8D62pixYUJmD5AZlraggnZ5uVhqCK7ORfZ8l+btsWdtcmb4wUqyjRRCzqZ5Q9eabXDYVA1eTJlgD1S+i/WuBIfTStt9FE3Gtoqe8hwhS7vW3Avg6DDMEVbjh6bOKFsbLtGhpuQpq4jh05jWbQ8pzlNL2Gk09luAUnvJA5fTlM1OteAA1y/pLsJMikkkhpww4BEqtxYq8Gk/rmMnwXni6Jn82wGDRHEoB7O3G4mN8ZV1m20q+IVIfHnRufjjFx108ol11/V7zRGu58cGXH7sLTI7wtgBDbjD7942j6HfkyTN3ibDUXZMQQYMOfrLBvQCZodhLlbi35ZmJF1i+DjLjNAETqspEOL4Cwzac2gM8WUuQ/XD66YuC3QW+Mm0H0AL1Jaro/MExNDlQeAe8meZSyQu1gHJh63tRFlx+63NmnXsygkVSnJ9S2NfQsnNk24CSsv4L9KVa1+JK6q0nFa0gjM5wxKzzZy9cQr/aXe1lnaDBw2n9idnFh/EQUtA2rrlyCJPzWXIYl4JHaV6HjrcmwW7gL+xsvw/rKEWzXXqnZ+HMshrTKp+O3c1wqs0O8PTbFpH1UQAZvBQ07pWua5JR8LBbXGXziM96+oqxJTNw93AV/iLfkUsf6cMeA+xxtqhjZxK8nd5V2hnAPGPAgy2A40sy+RCWJm4KA2XGjq7Mr/YFlI9e7b56Dj05qad6aDBLzRVxYG3s+mREiILrBuBdqyAkJA06IvalbeatVc+/U+w9iJdH54y9LT+fa/PFoNqPzXv5NNTf6OueSzfb0e5MugTUpdc86pUWYvGkMaNztn4Ox8Cemt6j5ki4DERGB3/CjAtmR673Vm4Oj2+i9MIBvtIfDHs9ahBfCnJfU+5AxORKt+uMQhq1SUS9SZ6OXoLu0hw5V/ev17pFpnBEboKN2OtHiKT/RCD16r9tNN7ysXe8R6IqoWj36xpm8VLtX29JKeN4uopERxg4xTVKKAX8Vew+i2i3gpO0nN+vVE2uo1zN4JcjYAWd8WQrgCIgIbfqbsCJI9IUOoWtKU+Gdv9emr6eNd0CRTMIG6q9LCF9RTE25aZkSdYJjNCCilqkGyFK1lE63+FovGkIG0GFBseHc9/Cvw822iFt4dG0DXlk2HKk/9g1foVMgdthmRqFXjKLMV5oAtVJAr+HvwNWo9I53LkyIGfv1vFbToZu/hwNrdcpjQVOFafCJs/SahZA4SHCuqCFSelrocW4GY+RcllvGGrKzKMMbgkLJsAlELp7su8YL9IaAef7J5TTkNiCMBLUYcqiq3arrOsSsoUy1A/d14TtOEeC0+rqq6jQroMxGZ6DhltX6QYHb2hSrKqeKhdlVcEHkuR5O0jskszteNkmkbLLTT0urpQ9K/QfGnri2Dpu8ZCttOoZTu2fZxu9gxGm7ZUVZ1uy3GjHrBqZUdEv/xk4pwuL2ZlSdPJXIk9Lpv8yPar+NU+XFCNtqECcv+121Zze/uhA3OjDIYIXHJ1TcYnUVQc8sAvGF3VDLrZ4ClJtn6iUxHyVoCKFdmuzX896tQF9VWnR0NXGA3kFqXWP9eakEmgHmhl55+8aUeZmir5ZSUIU5KQdWI44wjslv/d4PLvd0y0nNF3YlmeUU0OLfMIgYaekip7b4Qzd5w2xdAB7RxlCIkB8RwggiYn1v4U6/ixXSa6LOqgsQDKROc2Ewm5MSqcvpZ+7B85H0iR8v/5SjxRGWAHtZgxsksPCr3VReZALXxuj+mpcihYG4sGt03KaHXQZvqIPfnW8Pq7fKY/E03pdNrSZ/KcbK1KFsiyQ4CyZCokdaUtj/WJCkQ+WMjZH26XEl6xVsfiFAyJEYccNRb0iiXg2jqzdQ9P/C/jNf5voRbgbzL5X+O90VI+0VpIPPY+hkw27ziFyeMucl/MeHyL7gjd1rm7PvNipz1YwxHo1qTVM7AuRUuwC8ORPuUaNpBbh6g2dsyzs4uZAl9HWfyOo1Jp6fDIVFJ9lMZ5jsbn9qjihpV/+ispc0Kwwj26pyPtpxHKXdFgUIvaneYxujdevEHFWyHNrV+LmB3cQFUPrId4tGcKt2eqqrHZ3pjPvT4IzOgusBKH6Hw456B/fKtMGcBhPEvjcJcXxyvYBACLA/PZVLLAUZjeSq1uBOBjPWH8LtUX51a0ry4xMZq0Zk99sxMgFGCAbI4BQ5DpkuHvLWH5wZ6Kq3fxzPrWzbgmVMLaa7tlsYpLB0zYGAv1p4TGKthZqgSp3fxuyXnqN/AaRmUbR3qMFjr2ZF34Lpr2mXrob5SZSCOKXyuzCprktgn4pjdSpr+iVbI/Z6hIiFKPbKt2QA2kVi9KapZar/zLyu7173HYJ8wNVybHCCOoYD3jhPlxEP+2bUnL5z+PNdSF7wA6FYa2saUc5svOD0acnwTHIdfJ/+FViLcE9eMhzcFOWma9YNtIpfJRhS1wDYofqLWxygaN0l9eX/7UoBuDvT9+005SD4NUgIwxPmoJbS6bgdc2L/4gY9eSuu09QDK4XU+cJejhguLugizfhOQtRrXgPTf3Br6qQAGdAcyoRloq9XICJwIympl3sFYzvoaImz5d5hT/3Cb6U6vAzmmywlZpns0HiNJzXOO+QObkmcxhqNokyA2EkajFrnoZ8oLChVcylIqD/0C3A/mP35T2AhfTNk7oHq7L4aCH7jIhK2QdLnBBGGJVGPWJd8ixYudh9OKHORK4EWPGtA+HlD76Hj4MUhxonQ2KkiQ5bfGBdqlC59LAEgD3THuv+TAORa6tE5kjih9hNkre2WxEYlvYp4Mwx/cNP3UjOZGHxnYnkR0WEzplDhtF8fjBCHeeEC1KFLbSH1KIMKs7dcz0eliwSytyBeNKYc3iqTC7nhMK5mQ6i9tG7yo64XablQokeu637FdSy8h5hLOOe9KpNllJZ6BFrpl8Dgfu/fdvdvWJg7ezLedu/dfYg4f82hxtyopyb8DjSRlkMRfEdOtoXYomZ035gH26yB6042YJwKX1KZMTWTgGMhezlWifzdUC5qhRNifwUNIg8oK22vh/lJ1rLjoUSmzS7ucOGkjIVXUjKr35GMuifERwpkjLxMtqMtd+be24VW9UnkKVO0E6h1lZBFdjyPJGY4aSPJbMt0sz7o5EvoLHlKy7/S29w8c1dIFjY9ms8OLTbwNSRNmfaEV1lrV1h7w5CqQOO2YjTPqf6nDKiI0lRqVhOAEt+I9WWqviu9QFMAbGzDb19FzpDwVPsME5myRfDMsW8o+1eEHaNJ9m9ugx+Og7zj5GsSPDHecnO0xlqbBtGBpGESWbHfpEGw3rrE89UUPpbp5XU+KLcD4wBzH3wSZ3HszLd/ZSQfsIOYg0naDF+juyu4k4l5i+W7LCtOFKXWdGk0wLirFJJxx0BLuEv3x71AVeAGg+DdwGMTP2FBZYISRjOOS1Gt3dx/3oRWFc5ry3PjO+eM/TIVzsUB0N5L3ZrQhVdrtt1kAPdHoDgDJGPlMF3K9cpYJPOKTQR3cbtMdVDMOLqqPagmBuEnChzOxbRthgmBxRrwoMEKKULj1FWA9A2XvsBcRLS2iNcHc/Dc51SjoIg8bUkHoobCQDnQU7o1PLH439cJRJ0wxkbFWp9OmlP2OQ1SCbK6TRqCoKPyHr7mhVitC7vpU2tHK8F97u9lnMmoeidtQjz0ziKPgz9yw0FHVi7hz5GMf9vORwipNHmHOitjPl828zhBv2DVwUk6w8lFVsknCQPMLBqx2ibqiaFHSb9xEYrfEsC0dOI+df6rypguaH/UOD/FB62kS0aTfw6k/9KCfmY1Ejud85S9rqs63DcR35ztt9oPzj2/lVesKkXWBAwqYr/Ge5LIjVwqpsYDYm5LPqK5DAvuoXnxYa+uFgySARfZRbdj9s6/MoYVo8rWxjgd9ylI/E9Yj0GO/zfFh6EiAIJMJsriWtk6pTPT2L5wAiPeZXdEGl+lSlv55uy0POT818asV1YYadXXjanSLOpAzrVd9gFvdD4cI6wcQFCB/Vrr/L+iawUuA9WMS4bJRrextciTgKOFu3zrKyJvBX/EaF02qza5y61Tbq5KA33/CwkD6iUTyG3b4niSHdMNdEO2kmbK6SqFzfj4JtHLbC9EarET3kSZFhnzOnxwcTg4jRhbWwSGMAiSj2EU2I5Nm4SZIpNI4kZ89/8g1TE2iITYgR0EgG8QOCkK32jrwykOaB5HcLYvZoFm3qGbaez73+vNLJXsgqtiOtqjJSyHfxjLzqi4wMZRe+ZINPBr4R/H4LpubpNk9PaGp46VKlm+NxWvBN4ueDX5XNwfDkHtH1hdQDWVLKrvUgqXC5T11sidk/k/KyxD4vlTokVV3O3LhnqyEFZ1iTjwa8qlqDKONUUosW+3SA/t+v164bMSFfXhuilEGBnftP8EDsJUhaIwO6Iwolv8XQwUtyCJMDiZ2rffS5lqVOehOwU+/TuGtEnErgIxuxVaYFJbf5GNuLeN/XCfPKGytR1/iFXHCxDn2k2JFPr48BRdV50d/OH1w7p5wIR2EsrQJHK3rV/YS/QruuzGT36byezvNnZN+MAQGIGv0wNK73CmkSFFOcjCUpDz7p+2GxnD9iY4dErHCacESSzY/14Ln1MplgtqtbzhbBj50sEekJpvfz3X/Pe3Q0fuxxZc/zpm1OEQWTC8E/bIitjPimyyscGtbLSrFmzmGBaIZ0VwtS3eOqpCx4QgDodhsFR3zxC8a3F/JCeia+8xgNLc9MCZKNYOkMX9RtH7Q9GO0r4gGDgIaKzBdZIq8m6J4pDp/LsBdFwXN3259X46qWWpPPHgOIGBdO/EHpLKT9n2I46UwbhwmkciVHQJVeDT/n/sLLls0sc8JzcZJJSLONpxrxTTFWFfFlGVXU7iixOPKiWGr68XC1FBfBGKj/+5O7izTJ+v7nZYk/EhOpNMXXq0E9jHyy5cwp6TZIVvy0XWz51u/t5k6mugicUmPVxVCiUfh5UaFUOybSOA1tmvY15JHQ+4YEJd8S9CPQQIqqA7zdPYKMFq5duKZ6fV6ApqykCICGITwlML+6Ouf1EURkXj5utmMrXjp6XbbzGwg9g3V050bLcNg6gNxaMBiO78K5dl2WJrwCt2Zsv4BJ+nppbkcM9FVVfaxPIxEk8g9dq3KjhMoyeOwE7LhEfCDmxNt+0Mx/jWrkomuhQam22xZJ9LvZaA8mM9zybdPCTHmTKJmUO2rZvHmUvFMXNVKf8dqbfQssk0QuaSKZgq46vW1IbtFYfyFKy7TxKcVFK7wbplehXE9KQfWwvosZL4N4FbTNJCMQ/8K1rbVVpPv5HfjMuWXX17jIkOtaf98Ubf+rt/UU3pkEkNc4XnCLjvV2DIdIWV3qeiVDwuTQrIRJMwIjQb0sNS9ix1ACEaPhKNSKpDlx+B1VUn/eFylz5fNoLHF9/IqKxMXyrcgnd119QBBqUaRfQSWFrMBpyNy/WKphoX7zhdFHCkHZOZdi3FyzkTfMJGKWxUBIKPiHretpIqfNFwvjnPVhajC7I21Ts8snd5UJxNa+b/pPK3mLvH3Ot5YQ+pFzJ+UbTWuwSF/ZLoNKbzmEd/Ki5FddvzFAWP/eU657CIYkSn9JEikJkCJiJ/bqLjYUVF7ILNFJPVeC5hervfqx5KmVC23CWLBWmMtD0CPGlwP6KIh6Omg8h+bXiuNzzx8+H4gRmwWHI+HnrMqcr+OnAzmAVyXL4A6KM6WthVwp1bN3dPygutdtQ0x0yCH9b5Kigbo/4xjPF+JoEduy5x/Ul1SP0YuFY13KLoGggedDwtVRI866Lv5VL6SWkBK4tdheWsLYKcssCwWqbng2FWfNgeq+F+lVwrSPmTUvhKArhxKXTf0OZDoS3eK+7Fep5EnsXgU5bVU9XVUUSIKG9FDig1x5k3mauvC4FFnzf181CgEnxhbixgBjUElm1ZpMewMiYeed5h+dChUjqGeniUm5fWi5HHno4tg3/nKQkua/egnEYPIPD0WzXXM0hfQphVDtomLGJ6sjrB7LIDIzINmC31+ruleCTnDEGfbuTVMcSJXqRDycY6nxCNqlCvmM4F0PPTO+Tss90V4XBwSgYhEprC5fCbizmXq8jJZrrJoS9DZSxu2DV45cHE+qLM/llzETVRBbF34tM1zJi8tKpjZXiQ1jGu1RgegEkZ3OXfTQBFtkSqhfuXnHsy001B5t369N4m8CuVJA42hKyN4ZBtRrO0x9NFD0n3hXBpoL32PqLoe56qbMMizCfkZtZprqE7bkf0dngg9EG6n5Fa3b8VELDwrza5+TppBWPvdM8X8gLlMsFC+kb5wYbrdCHjdRCM1OH9l7GCpdmpkiCfS5R+46U8mHKZeaLWtAQDvgDc/3NAkJ0Z7EVGtAgegVGpER2HqiIDukQK2/aqCX9trBkjjCEpYT0qLdBpPvtDqOJ6zJn4bwiVQ/AWsT+DAHGjP0F0NtHlzSe1a9LZPz4PZT6y2nyWK2+VZwC2uCJGF38WCG/h5/UhgmcZFITlqOftFBIledGDgxXlw4aCbv7Nzro9cMJ7RzsRKfr9NSFSGL48WwdIitO/HmJoBijJYBahmEuzncc6AntUnWLvEnk0WuP3qcsURoOpzguFpSbGPtMgJPinNoXFAt0wmijGMgauUZI0vizZ5JAK9kJt9toz6Xieg0XYj0EArMMQqN3NT4w5TSahXbJqdy2rEU8b29aZw==,iv:+PtXcxSjm3145ES8+6zexVmn2Hizwo6I5eOS/9RA2DI=,tag:vk/beGSoGSxykzD5/bsJXQ==,type:str] +mathebau.aliases: ENC[AES256_GCM,data:4hqljO7S5F79g8BhL38VG5E2U8VKNANsj3dPAz335traGv2ZFSPUKreIi0x11e11E8sOf1aK3sLj0HnAcRzQrKhyf9b6XjM9Ks2T5NAYuXdpmcpYQyMC5HQ01eVwbKSAeMBtsqggEZOYIeQR5OGCoT3vZTDKH0TG4Y6KgrKsXluezYo9ZM2VuPd5B6STxb4thVEe9UVtGE4AV1W30QVkvx+Qr8C5MIvfgJlIDbscN8RbEsotAxixJu5nG5fDxSbz1hyII2IyMn903y57IqT88cQHDkH9ZKaFh0p5Ip52HfD8DxH1Xa1c609wdn15JAA+PIg/Wem5yLLv48kaIgZapf1FOEORHXBJy7aBfGN9YEudmUBS16HAsl+GmqQ5VExXRQbY1Pcxh6m0+jK5uQyJYReKuRL6x1B+bG5TgRXJkh8BjJ6Xz7ZNyuKX5yE2scgpwCzk8+RNhQwcjNf26UmQVyQuStbZh6KVkT+QodJy6V94b6ILc0cltfWvGIj6RwuZO1jNhIqnByrxIYhsrpDZC4aodDA9kzALUdQd3SwFDfeKps5YXy52I3fKaigNlq3l3QqM6he8BrN5ijeKwIpPswLJC+mgAYnQPK/wfXdiGwn0rferAaSBSGzoudP+XEtgyDKgxJ9JAd+C4Sbp4q7PyyKcX8MWAlIyTU5SvB9Yxgo4CEkGA1UNzw+sfTe1CdADdS8zO+0mUpF1bKbjGUZYxiJFzLyytFpFseFqq1Fpe7VHkRkq4s/dlVqOJ1Jh9YZJPBUEKFj32458q+WhIDOig/xQffh4e4ygVIzRKEaqfL3avk97rryXcLI+0k/eicgBK5SZHebxmYyRy4oMdUL8fFedbgOlvIqvUrUH1S1eEG1HuYUSpXUrC6Vs6jFtSSG260q+LcwxXpIaTxMunKy5vn5PRuqKRe5DFEj5YHb6HlWFvi4+7V+MmfK9cEyup5hNJhNLILIiSDx9SLwvKmhtre7FMImtrgOs3zj6P8GvpY0X0lzPuEh5XwsPK2bYAMFD2FWi12zwGGfwVyO0Phg3X3D9E7eeQUF+YuVONqaH78qM3EjXxxOKCuaaI8WDHI/SxqgT3xCE/Fc4d1+HqbDZ8N3yGGYYeJEcfV5tRaY41W+gJ7Lnn8+Pdpu/kEOWfk7pQmDezOerVFgDMP6g+vM3ppio2IhpSwd7oV2VBmMtHGUV3DHqUJTgNSs4OB2W3PEjR2EClTYt4Tipko+jhCXYjYdYVMjduGtRytSnzZILxR5RadIeA5lfV9I2K9Llk6cmtpnzC2pzSjtVMI5SWMG1G7eKM1ViUkZv5Wk2GJ+k0LHRhqjDgSCB3/V6IhCzWbA12YOGdAfaGLgTJg56pbKuAm5CHX9GTwLyvHLpTniUqICIM03Zf+66YFvIKPrCRoxumcotbBQw3Ck3MPFc9OYnM+4g3FMqitDn1tHhEFBcFIrfyNnEgIZ67FXELG2lMMq0pscPqaws4yP5JesVwR8a/ZIDlrjMeQKXNEGZaOMVLtp+Tm6Zl/rkFnR0LM6FYap1T4YzE5MqvvkhCeO/5grmKS+9Pfr8NHrBGZxQvQ7peO/01xoql9hFc3RwNqmCUdoEavx1o8AoXSGNJCj6F6brx8h3AU/v00iUDFlwmOzHrsLrZ1rjavcHFd2tuGTXUcRUBnnDQvFDnGB0MD/2OMitOwkTdzrRMjV0xsgSalLciwUC0PRIIXbMsuRcwX3e117APaVTvqwi7g9iEKlkoST5914QkAamVuBqk+wt7RDgEg7Oa6PbOBy/xQAgNyMb96isgTayjrtFfx5q7xgawlaeFDE5xVecKn6n0f1BRB+p2atLxfSlvexLsm815udA7Jbz9OXaXXaS2RV5IJbLKAqJ7hNq2xBApcGXjteY1GULLEPZ283RycFsxsunVzcnsHY+Wy099qK908yJvvjUPlrnJG57ZYQjZm3YL5oRXLhYCBU/FfOtBoROO7odxUAVY8wmXm5JJskM2N3ixJsoXKwzOJ5ADmeJUmIRTtycBzzheemN31wS7qXnk4Cbp7Zw18Zsticq/EUEXKp2/jeEGGTR6UGmUBwzvIUSa+yuZ9A9uClcqHYNtx2MZsIt18gPNhrLw9Nwxyc4CZSDJH9xCvwt0gfmcsyo61W7HoElZrj/9CbrNvujFO7JmHBk2oHRdGtrGOU8c76BXFgIAVIg/QPyIscV9rq4w8sE7TeLqHPa5k/rgTQWF4uI/jes+WDWNp/DlDA6sXe7ihS3sg74tjDSYENn/BzRlaecSY4LlTja3zkk6tMxWzAXws8OJLHpEIX+awzpQPJIF9tAC+U+Drr4aSR3XD3Ko7RyAEMZakXoK7tALGBg1kiEurGdIirhICCdnmNIcbk+WKCKM61gKhU8V8ahA5piaLcLWiADBe8Q5oQJ1S5lQwvIWyD9m6lgfC57jABXIZqT74It76Ie7sXiByP8gEaxEX7K6ZbhDz9/QGy7MIKaHqTphwjR258L6bTwzGSk+uUep7waXpRyEMN2C0Eat7rxVLFwG5OYxvyiNtLWHqjjOFfNEqUBMbBroTOSGnPdCcxoBoWSZO4gSQvw2TODH/yemntvxU473C1veT9dIUwVYjEsuG/lAyM0WoZpYDYUKRnzlS8n4v2x6XDBDxf7bBQyC5fCcU60L6YUFzjiSBsck1uJpWyQJAwsN9Evw8znFIdLBKzCO96tKjMsbdjfj4bhNBEAR5utp1IgIQRV0ju0vBbuw/A313tNxY/qlHv66DQUCAGyWRnxjxS88DOr4kLKk0GhhenZ3J1GzXmJYJdXN30HRCgBEKLokfmHIBnl6E5tAtb0ERukeqh+Fk95xmC1J2RLJzGN/7OSZtQA3DKbPCpEdWJ5pHIhEp3F9SCWMj0SqwACdyX75tXP3FRasx1q+5rFmEQ9HmBGwEvbsrqhvCO2NMJF5l2U9Wrk2CxxiTklSrurOU6VvGMwWdqo9ct77fKVHfKDEPwgPj9BcL5x70jsR8bpg9CdWqvOfgfbLYzKleVWv8OYC5i6NoXX3LZu7i8F9jYOWfx3T9HvHCALXhsm00sVJ8A0BEAn7TboAvDv39kywdB5J/22otfCjAeZQrgpsg0OHSlIanhJUi6SVuH/8XQ+nG8WEkRWbbtwVhDAqwbuw+2RB9eUqVur8H5x58t8uiaUi6oqK4Od514xMG1c6wKJxobrNKBNdLL/5EzGqmw9suvf+ewibCsoylTMVMiIUBHFb0KX9MkuLeXWCfGTu3VIRCYIf+aI85UNV9/4jk8rpPw02sQiunEhiHFXuEaPK7GnMOMpaqdD9+2dVSqB+oaMdkX7uL6jnXPY05WQpGUxK6ZZrOvwXNLK82jVhxqnTSIqswYkrq2OYoQNlT4kt0IwYzXlrd7/z8un+pPHNko5efOhOSup8btJTeuJo5RnDfO4XjkTUFgJ9oCu/J2yS+Fc8GXeFTsqb8f5DRjIfmKACXGPyEmrQKsqy4xjSOUwXE4mKTuUiPf9TSK9pe4535lFTKXpEAFIhge4SyTgWhvAJYFb7BBbCe10Y+1wRFHFpDLjELba+UPeqsg2xmVdktOD1OQRotAZKuUJ1hf4g/6zo6M0ndziUyNKkfSCbgE8nIOTPHqY7Sj0Tn2icoof4w7YaSC15qWJPPkZsdU4nXGPjikVhszFlR/x+a46Pj1yNMJ00t10TM70rGHj/qKCta2DFFnsqYhy+Pr+zJ0Wwh6r/87htq85roHi75+pjhiBqfqrXvlnVpeq5S5RndVRbzsEXoKPq0wb5FWQMKTY+JW5/ezosWBADtSuleQIsSoTQSALNlH16RkdOcz8d+s8Ewru9O4ISF521ENKkPv9CEqBHfpvv1eH3InxHvPbeGCFHmRyDW8lLqrBiLIh+YqraCHbHvyzjnN6kku5wOORyPRM/liy43lmDQgIGNIW7BHWhPFwEtQ0nPP68oPioMI8oqx8Rh6HM7KoIZdpwsnLXNLPS/ag7u9Om4ia2cu/KonTTjvRxYW3Gn5HXKD3rO043vjJOixX5Ez8oxMWIK748xRcLdkSoqA0uDcVxiMdR6IqrXmcXW51TSplSNNCOd6tQDOn8t9DEOBVk2477fE3Yo3knC5RwCASoa+15QFMUmuAo0VRCHiT4Skjm1+om2G+wve6VnJdEBKvL4Q12R4IQcuNzC/rOKPD35BaShVDv1Q76qlWvMFs9vX091UimSn8hkExd3J5oxWopYGuz3cCLsepGY7Geqbc/60ijLp6LpACNye1Q1YAmX0C3bhJeAdBVmnsXEyu2n5Y5j/BLLQ3XCt398D4EPv8/2IQi5eiKiJ4TA1aUlAqgXc1PE7cd4ntBEV93Hi2m8do7f5QukkWOB7DhshrkYw3IGDEAK5OHPVcflpODv/NZsKveMu0MkkX11pkeMZdcW18iumUc/+Z7VqE9YQ9Jeqw+mYApzIy2j7oWBEXvXUROoXgfI0/QORem5HC9eBfELazar6jUlyuEtzpMibwHWevO5TIMvSjp9VitUhIIHhxiL1FJs2UcphQY5HC1UbvqdKdKYOtSQR4GXPQi3/cE0Fgi8KtKA40Wvztu1eLfQR/6pQxakHxCQGZvBVqF1YFTw7cIJ8JTm9F/nIgKmB7XkSdFRwBX0pT97xumX3JTfGjn8bwoJyYfjHX8hi0q2s5dGbIk+jLbjDNwFQNk+yqOCgcJxUTf37GM3+ScYBH8acLrKTkiDbt1IMIlef9oV1AkLEQa7QH22LNewaKAdCjlfCZADC4gBOXUxJGcCKVqlqQzHcgJYmpJqyCT6fCINGHDcesVtKcFPsI27R4+S7lnaEfzeMutLPudmyJg6dSKmzUX1f8W8rVB/bbB2EaW2j0BpteOfHSPBkjtQQ5yNE9ekfb4nU7O1PVGD+TO3IyPbppLWXRQAbtByAXaUWlhHOpoMLujQB7PIs15i2tITUzPOh7Npq5KcT7VYSwDPOSOdMoItRR1G3Jq4zklRhYXJsBCWj8w+9VAZhQhfMgz4ufL/oVn0k5x74JCdT65F4WXnz0fBXqrf1HYSDAmhC61u6aVXkAwI5m9Ba8l+fYaFjGAH+9R1mrF5gBsnPSiconD+fahryqb+5+K48ELJzSPV6awZIq2MHf43+ll72j2nrffbQYJzxtAlVGbPa4WCCJ5HfqBn7orCmu7bftSI9+zxI4J3mndefNvjUFuivDyUZgs3ie6puPnNLk+KLfcJaqIxF6hEjLH+uBwe8yESNAlANxNgDRYkBbPfzQo7qF6y3G2nx0fnPbLTNDIjSqwar7zZjIFdgJioRPD6VnV5iVJxcRhR3eTsIZQzzM95DbdHPUTp4+fjuBNcfesMF0sS8iG+PwEZ+A2HVNJy1NAzkDQHiC3Trj+HbRi16xHYKFWkRYUud+I3BygFxHYP3P+KOHAUTAoVFSMT0bOsqE0fX7RQVxGmS1dCKajPDxe18o3Ag1kDrydLDAzJ7/DxWU3c9HfeNVj2lc/WLT/jDKWKR1bZcFWtDvlk3sZrxpmNCVr9I4BAgpFFlYfyMaYZ4ZfCynOQdv4NI1Jb3I4EQP+fykT8hXyum+bI8L3MG3KCIFE5XDXkBASOnQe/6fqfEbE+JU1Sxx9w86YOOJZbGE3jf/RiiNId9I+N+eRbjJMKhcdpzrmUATbCtxpN5/atRvHUrVJmcIYJwpyredxIBfc45xXEZTbZn9oYFjm+OzsQxWjo1orj+C2ywseSIyxeMswOk6OsxgeXEDhygbGhNLa7f9vJ27k8q2fGtyAAlTINnk6PPwC1lgRkTuh/tBGut24DkN6tTSRUZS7XY1MfA2GgT5BRj8pbRmb1v4v6lnmZzMpo+jqfRwm28TB683PEa21ZIg3AoNFtj7sL+DgOV+3YtoYE5H8TZyhRRAZmJuT7dzQjvVwT5BY/JAGsdq9ojtfsQv+ZYaG8aiPbNfCieHX3guEODr6BulGZmo6z3mC2Wa+gidCKHaAniu/ioWUpSPu0WG15GrxahbFLXyX9bwjAJcQn45Vodt2CCV2U4y9u1mm/sGEYe01hWwsCfSfekk/OqWRJXE4rSGrs4qxDXe5Oh+GGkMTvLfPYk8ZeiSrUjG7+3mjmwtJDw2tYetJH5BaNx1zfHMTZR4uybzTtPMIvvDN6xalAgoe8T83b5oU+nm3AoX09S8y2DADD/VhBijPMWufzumrKnFufzAymB2+jms+T3qjNypSCHR4xuQzFm6t0wq+1/Zpx9CUIUk65Fdj9mH4ZlBMceMQ5xEASb8zYqJSkA+a21utKb30+HfwUvGtkk4T/BhE7iUA2Eg4a163WXpci6rzy+evlrKFyPX0VfF3Id4QHiDlmsAb/5vHxjXMu/dGVRfOMd1qFtMU6/1DYR9c43J992RqYU9mWM2Fq6J+rYYm9h/iV7ehzIC8FibwR/OdehIUVvX6wg/RRkUjJuwddcQYXNEpgZLF8gVwBiZiro9r+cLBw19iXiMkWMXzhTDjVVCno/1jb01teN1s5uWmAo+MAv5seVm5Mn19YzAdv0p/uWnvB/Q4Y5NPnAHuxSPzNcVCdQR7n/TXQYPyuR+02L6cCb/vVEmrJU4G9GsCBUmEL9T5/hG3YbfXEfiZyMZloE2+1hp+SrcIMS2lC2ODruMjMtf1djM+lntYpMkH3mgrcllDSuRCGdne42nK1OItK1Q4gHRY+knbZ8uHuSFMTfaQQIbhUK2NCp3pHkht1Y4CSIMRPUxEA44HfIo5GXpAVJ0DB+NyZu0XZU5C0jpQob7Zbykqov3a2HHdbzfQYCPJIED0ZKRz2M/eYpL4SJXkng98VHP9P6fNW2NOL+GCLj8KR4Z7dMiCNhtYkPAYdPDSCCptaP/cWVTPALl4RHoWwXSg5fJLX9FcKSKroe3V4TU166Go2AxLJtdHlNuI1SpU715OPyI4XIaD/le0NkusvVWjZClEUvHkvjU51tIRCJsDdtAp7qUDupBY0uzYfPwMyKUeJRpviuZop15hoFinHNhAvsCM/qUk7Qrde6r6wLSqCPk6ICbn6cXk+iv3KX6DwmE1t5LIZZYUY5bFAkXVpkJmcEwBdHjGlSDphH/Y1Hg1eNWnYcO5aXS7kjTCjBa6w0sjGZGGrQON4EmxbtPGqRQUvhvNEE7aj1PgOc2LnjN503s2CBsxSvbFBlMyWVdr2b/6L7dtCwTijF3fyaVaQm1hitiQqmW5jsilOvJgSKmD+a8TXmL23Vi4kqdVh4K/J31mU3YYeh2ekJ4Sn25pib8yiGnW/1ESOPUMu+92ztBqsbR9xKpbr0CJEyfUDsY4Ra5vpELX4TPVQwzcAn4EcEDBjHh3OvFz08zsbAvWwmZ9ZLn7pJH9rDGsLbqV2Y/9EUg3d3KL2r4KcL7ZBf7nikebFWnmG7o0FneD1g43FUVo6p5mS2hrANmzIoFlyBlNlAlD3Y6UesiiQZtGGBPQOFYDXZF0vLi0oEIu2bxKJS3+Ymo3+W7I3P3AmGCQmRKEo4mXEX/hO3FEHugoGhXblfAQQg0m2MxGvZOG++K2b7xUV6tls1XBHer80MX8X7DZ+qBOqo0t4M4AIJZwmuH3RQXXYspNoEi5y9oTg1SMTzBELYmvMcHOgqL+uh+cm2ETUFXEvois49ATFwUYLKjH5OatPQInakUGeo/VDDpNRcCHbEO+cnQtykYwdyrInGbh074DRBsF3rx7ZMxY6cea7RMeAU6LfX0veGgx8nI/WljJ8fr5GwpjBNE+volBcC20ZmdwO/Bqy6JTSHd9U5qIR8oWiFLDuiBi3qm1vM4KOhlrYzJzHYTV4QaMUIUAOl5gd6UIOwYCuOayN2gsxAedTIlSj4WeGsQScK2r6wLlz6/4FcL54HZKjOvygHkUeHxDFMe/LMscxSGzjRCwPYkMfLOPEQ3cD4rQDDmvUooO68zBEwiC/h0VcL1gpb1S36zlt6hj/IVVV8n6yWcdXdZUON5JJesI4e1rSYr3ktuRVtf+bgU68zaEbQXQdXH3IwyA24V3ddmyWaMdvdY/FHAOcKwzwzXQ66rGDSB2YGZZ21+InlmWOJ71ySScq5ri+Y7MXSfmCNjN8uInvDZDWoTGsXkTA/FmMbcKxb4UjOar6y4fi6ZiMk+JeeKjEC2TKXtivZYGPebokU9otR9pX/6K/hn/MS00+S1w4GRh+7xle4eGiEzaiWqY/IsK/66npuDvhWBosm1fiasO/wEDzrDq8xvkyHwnSn9CJConCO7TW+Gru3Qa3qPW5C9llfhdHiKL/wc2fk4nNLvsV278778y1co3bG1PgAoIvM6oaJZwGC5K+IT3nH74aBSR8So7qqXuBoiy+frUBsg63C+e47TlmNb2k9xElnmsuZzSf/Gotbrb9CE6NLdvuf3zvxCqrJqVKb7jpZ8OJG9ja0BNemLEC4w87DHWD1LuiLbPCNulXlM4t4ybQksPrGvGkJy/uERyht8VTC/tAnf3VVVN1dnvi2Le8L3tGveJHEpQnxO0CpNh7/MZxLfp97ANJD3aFjFlPeR5FX2OylDY1XkBnUnDVM3PPb8JW91BGiKOllUE3soezSAtQF7dXG/TLebmJFtQkvCAQxSQAr3pV8B5itQiwK/sUbpOLjHKu3oV0m/H+VGFps23FPuARCCXQ2by7hT4bLhDA5HxU/PGLyu5TwkA6/UiMeQ0sh4ELGZWFuSUVKH1rDNIp3bXTndiIeguE/iQpyyNfUpdX83ixqkDWJU/mh/psuMBB+8NsqKe0nkC+xxZ2HzYOnHrFOeJ/YHECeRiHofKXZRKRfzMNYVIpMvENT1feuhyujCn+eMgqKQEbFuGM3RzZ3GbdUvtHPWRKH3KpbsF/SLqJGGq9kjMXRMBuprnAaz3vdQyzA34GyOoNsj0szGV3wi7xqdyuBKDqL/bnln5z/7QhUG4aFrFc2PiLtibDOJWrEjNfVld6sx6b9qZ2m6PNf0+rP2QCznn0SJ8rNeugGvL91HRBNsAHiNd+VyH13ZWPbEXTp8AC9/5Hg+WOsRJf7soOnEImrqGzbL52xpWwYBYTvop7j6eccweMtHd7XqV7OBjoP0z0xxYWGu48HlIGXrKRHDvvHNb2PXQQXNmcZ05Txm2hqrIZ5zLCHE2hiugW7hiWq/LCG0rqgecyDbO6KSSZGs/H4K5zklZajOdLTshw8WSnK/CHRYolD7V4u1R3ZmfZe2PNg/HnOWfTQORIMDvg6HESWBtc2Y1gmGb5hzJ8/qLqMgjVE80bnn9X+oYzM0hRXIOZrUoozuRYihrFTqR6Mx1R7lUFzpXSGidj2L9ngaedTcSkFbxprLN/+dDbmOd5Yaj8fbhMtR+R1eLn6IO2hKBINW5up0GMFlSKpHm3OTBRjjxV0uVLlmKK1WENm+sVhsmzA6J2p8Pfx1A4YTVRSyVknFoaZ+dOELaerhouKBjfbhj5izvj8K2ETcl6wjgN19D/OSdHpp4FtLKrr46FG1Z8ng4qrt4HW8h+uNj32SO/Io6h5nt7RLV2B2SKH/mjd7OCyZyUaV5ujFWtdoMJ35nnySFD0kN9xLL1wjULvv5p9yAlkUGKhWimn3P8qhRwLkDaHhbk/1rgG9fe6BN0G4SnvPQeYkI4ngKGvoKCzkbjuh+7l9lusAYfkevTcM001H2a4UN0goLEdO8dNGJdSppK+fECr57li5pfRbvW1BzizIzSRJVDYq4kP8plWS4W13no6da46zQ1TXIL1M+smMZ2Pu1BFKiU2qs2iOOBKFrV5baZUqGyVXrcee2R+jqLTO3cd8+SZ3fYj3pHTDMMJn0AjJLkN+D2qmxod/49pCCAyVJnaRLBf284VaEN9+3yG534Jft1/tu+7vukOKa7L784r/dxTktg7obnfY1R2t5aG0NBjcmiunGrqqdCsex3z5rner/0BrM4ybgwr0lINxVkoq72ifq+qKSY+lb7gefkTOJPjptuS0Pvo+VhwY8Rjs2CcNfV5hQ8O4yoclFbRz5J+3G7o+We+fGOYd8bS+uzoeWFhdd+x23LTm4Mj/n+w5m5+vh9xW5yajKekquCWQ27Uf3APcLgTLFW/PzcPvB2oLN2O+L2PTjQR5KPieDMVfYL6or6/cxvmxFl0Rc8iFAno4gnK/24BgkW9t0d1IRcVUxwrMGZxrAt9ormJ2qtHdgHiXemEcUduIYw/GlfQ45ByNMahudl9pLIV+xPncMzRtRAYQ7S1IsQbwx5Ccd98x79uz12Wd5I07gsEeihabHx1xPcjo8mhR5m6q5buQuwPNgT76a2Skf7LQ7B5rcUYoWqnICjHVcjNzAjfjPrBYYd0bVf9kM8Q5I6rNk96zNCbWxc2tsgwDENZZSNXnV5b74c0CzlvH/h2QnSZIedzgRxCYI4qeBlD6PmSwnUAvIa1B7CAts3/KgT+oet8eIYtY3Xtg/+vRHVXRXKpsTNtSAjgIwzXIJjCBjtGrEmhGoO2WiaoxNd3ue0x5ntA7sNcBUkWuNXUQNAZrzjPUQE0+2XN7ZG62ZrV9NeiWsLDoovd9x8g/MT06lXLRqca70luuwCRZvbQIdWgNhg/6rtoRhCyMXaSwWmD5HYvK2fg+zWDamGCAcI6HNU2JLVjbj/bOzifZ7qvd6O6ugNumKr7zTxWjobk0l7Jnecuo2391K2qM4ED7XwtEqtEyrUB0ipzMDlxz1X3kaoTFUnUbVjFEBUMD9g7EKe9NfeG9xWgzdHeYGLU+qvvC8dQE6eAOF5L1yDCmqCO1cabRUgW1FEdzQh8sPCed68/AEZRrx62m8yiEdh1EM+m925Q9a9jKdGFxD3lwTqn6pMpvRCJRtXhwXh/JFMyK8wFzVxK4gvDAn+nPjhC2awgI6aS5EukGm6q5/+p93xa8xU+s3nxzAht34vymQLUJD5wQOr2Mv9VGyZYeYGntAvpRA2U1UPA6JDkBh8iK9kY01UUgk7efqnDOwpKqTH6By/JmCcNohOnKYoGl/k4Q/eos3SGoUmdyz52E9fb1mdpvWpxygSF1atizFthR1nU4tvbLMO2goBsI9r15tyacFjJtCXyb3WrbmOVG7ZCcgonrv363ShJ+h6Nch8kGdQlkQn5StsbBp3ixrlTBMhs3YwdIAWFob2WjWMeEksDZEq3RxeDV642XvpZ7ei5ZzMc8tS1D2lFJh3zrDzzVUQyV1vM+3D2fgGpnZr/9QyK4cwKlLYa7s0dQLyAWVkkgeu3BKzyxKDn3wxNx04RnNW74zCvzDYNx1kwYfQ89Vt5SKbgYyl9duDdDm2l1O+kbu7Mjuap8rJxuvoF6v5ohsVw+fKE1iZ+iW3i9CyXcKxunHSM+NM5uJI8560166ghDfN1rRNa4EGaHiLqbKOPaPS3G5CYIQECb9DGLuAexBvne9x1yJ5Y7H75//lycp92oHC5aGLmN+6+zo7iDZ8cUYFE72eh1pxEjbyWZdB/VfEoU21bkABYtO875vyq/A2ezyv5zMfFIMX7Dsi5AUjB0ohokfHoHQBRe+ulgWwugiGSFaoKcC9h/WPk6nUb7a0wJg6RiXb4BLWLgkxtW0gDo93j7rzXBvganqiH6tT8t6w/qd/kTb4jh51owneG6U2/SMp6VXo8Yil+Ks+K2swgfD/o2oG4aFKe0arnBLxrWFUqus2OA+T42jlcXvm7YB2519EG1OnDZus72ZzfB0J8jsv5IPgWpYn9MtuAvmJfQMw+MR1uSK0azZOERLrZpiul+iPLIt2YChbSS6iys+g1v4rzbG+JHGQRNJr8yTqy9W0wpEbGQUebJsIb7FoWqIrNaWgO/kmYfebG2CeW6tjxX/zYr4I8Dve7cv/b0V7KM4a0mSz7a9QOTVmQz1uWkjEiON+ckXoaQfMBb9YpG8KRGywZYzta6xFCpjko/NpjjMn0tgTnlkYFPcjBgoJETg/eJSCSTetHiLO1fLo9KWWas68FXKYo2HePSeJGiSjT9O+jwd4mLkoD61o3FiJ4JqfJ7iRFdX//M5HcbeCn9n6haLnPolpPHpD3CRxKy1nXDYcpcLSsP2b/r98p3KaNpG/i/eA2SyaYMHbpu9HAXzxAGqpllAtpsCMBPPnCTcTPchmo9WHUd7OHb1xbgmy+9qhzKQGkEiHEPkKKkUnP8dPkKpmX1rrnh7SFxh42A7E0c+6ZkEY1q2tV08jc6kwRADc5U3q7xZ4u+S40Nlq8UxHs3qEm4a/1EMY+I0zGpCKK2Ync1Cr+rn4I1q4V/IY+jKk+yFqfVE+ygOA2eDklXBrzWVQOuAWNvMQSZEubwnHrTlJ+nFEKXVZUUZGUqO7/8eLHdXPh+d/l6u0q3WR2MqyHtPZK3bObgRF3cbteyOGzymktluCvSakpw2vWyTqQTP8YNpH7fXrZ4K3tnexpfONvTlBvwWwZiIZKyH5hyOYMaERKUhKh32Aer1j/rcXmq0u0eAHPmyt0Bj3fKLH3iDYaWENR5VRNauE0Cm+dIP97KZXnPSwo0vXpyeDv1nFUmrkzVh9acS4oyhBCuSJjeLM96mUUEjzHqopCk6V0q3d+7pFwTvQ0LLuBxoDWfh6WP8sHjIZezJWahvzlTvVG2zEpIb1QBFoY4BAWJ37owPyZxHftey6XYbiILZRo5f14YbEGvDER+3J5p+4Z4n2SVXAS68q5OXyZ1gZtseQav9/jsvlvbuH71dx60zOAg4orWDgSkAV3+EnGScue80ITssl9POXW+Rr2OM0xYMmIIkgfU5jJlLMMDpv0I89FnEOp+RAwBJxzPa8qdOr3mZ1RZ2uNcylggn1kThkv4SsCw+SpvYTAdyx8TB8/H01imShkOyB5W7RneC2dQeIiY16lQJRfpkXIV42nCtaCdnLKnwg8tZy7ySwFLW3mst8mxaHjl1BFhriyIvyF76vEcLyYRX9gNzFR7CKai4XwqCMj+f/x6TrcT9s0LEW7RsNIUD5FINXpoTlH/GqSci3HLM2jeSwKnCMSz/2xO1Y0D5e4VtDioCux1CWZSAEXcgZCJXSI8pXr7kevGtj9gx1sVXbMK9XSxOPYinP+pOb1TeXRP7aJg1TrrkeTxlXNznmRv5fUJLF30F+n+Dv1pOWgKbz9UoYVFfLCNGDZhdshK7vAW1ieWXecxoQp/rSzHkx07S+xSQ+lKVrLwoxiihH7PKTTC512Fpsl42SO1Ai5hnjxPZYJQQrOg7WgJvCkr0Z1jY/LHJAlJGbUJY6J5WzhpsRGuWCjcwJ2u7eDylE33/aoD8NAa2unSIhOkFcR24oqoYjgdlDj/SKgdku3bpUceMaKiucPVgC0sGGTdwAYKko0WrjSI6YjcB2Zitv5J+sJGDxZin5dOJRvVhgM+sjNNUvTaeR9WIRwtSe1JKgGetZQfX5cKbfHnA+er9yiHu40Ey+HuVtpAu7etX+qcHllldeorX43QcGmlFeXWRQsxZXJffu7WdVNZtE/B9do2/EmstSiBORPmWo8P0nQptZmg7F11Y8vdPMOznzDrNRDXEfF4NI+rMmNBtJCguiH+ALpv5Ek4zZXCGVaDBblvsuJZdhHDMHXsXRf8PfferA1A3hbrv3PXY/kRdyTPTyL1qPk/PYI4FPplLDpuI8UMls+Alj6Y1/qYdr0fDc+3pM4C2PAncr89LyGijDuOliTZD5yJwN/qIyWQkx76LUi1V59yMcgGjlk81rUCKM3vtVd8WJ6HxQ6kshgrSugm6bWE6LxEOa/Jl+W7Od2PcyQx0kWt9f5s0qSWyKA7GO3yyXpPit2ANc8JAMtglBhoxhdN+UueVogwj7Pb0PAI3TEnwvwpe1vxHfwKRzSMdK1Gc9jTtm3QyxuMapLDj1k22R7WikLN6+u9NjiWwZGiv0Yux1EHVHe1fCVX7237JtiuBzKwbY2yqGrrKWIsMwD6KlB9FXweYh4V4F+Hzc4JJ3CjVbagXRG4s1NVCPRcGJcJYJtRFvVfI6l0ffST5azAKxIH8LR7M9hWMjrWXMknP1j/e+j6sGF/Pj87rNZ/zqh+mYOPU6Fu+8m7yowM74sVH5Z84ED9CuyucnblIsBtV36Y92HkJRnmNbeh3F25aaN6SK0JxD70uIssM1u32qwM2I921ijZLf3WfKuE37HSGi5AFPiWYAmklB0I/EKeF6qW++OsEEvXHkisjaQsEXf1NHc4f5hsauS/qXbxbFV2+yoRgr9LQqxoKD/yjbnnOtB1rjfks0p9MXFik9DDY0S99XTUarQp5qqsGYurp0FVktHzkziq5/68Jyw5TE4WGqEAVdI/NcW910CYLtSoO966YSApq2VKKXEcr0HN72S+otXjpmSRQKorDzjKsjde9rb84Tb6FoaPifWFOUD8vjgWTjWlXGT1U98xFPNLBXba86LhdnjwSmY87Cz8VI5MEx8Kd5PKmM1UBKMhS+2MC4zkUCYVjNzgGRfHJYaSLgbSPGnO40TekL/abmSRUlbdOkuLPSSlo2TiFNQEmIlpToPI79656oqifMIVqHC1h0ZX9BbgTaYSNQTLc/g7UC7kibMI240QYvGXIZI+pVL07ueGXxv97TOIE2epxWWjMeyPil2u9t8jHogrF1xu8nJzJHgFHvFteQlAl77+Ue27shJ/OWG81DONefR2mG8dCT3HMAA8QmKElEpLhw9mIqUy9gHH+7eWMU9z5lTcGQNEkCBIIsPU89+A4RSObvCGsaPpq6CoMfhwdQGRwTHu2/+mFAUqCgfSJOYO332vVJk/W5y7881U2M0AHctVOZoy18QN5r830P2NvbP4uvJqJVXg6nhiJhos2m1uTSZbj2JMWcoTisPVoZfJ8KOuaNCYct/GOQrTpuXDYDwbog8SC80VQf20wgIljTielk55gg7vztJr3nRQvFnWTFNKgyg+W2eg3VbwBo7K0oQWYMu1uKXsnNiCqo9j8EULZVK+ByEFiPar5V/WV6vu0v+cmhA3aRTtlQkUS1jCORaykcvidK4l1r/Efy4PTTw2vs+sLlAJOxdVoxkYiceze/8hucKUh2bgU1UDr/3Jbsbe/wLXodE3QeTZFtclLF7FhOyLeXQlsneRm4N0oS3Zv1874Imqu5LI8tlQgC3w8lxlfpggQrwBsYtzE2kdWohZORpOTXaUvUCzMnZZJ1W5+sr49QvF5GjJ86J/HGxbiQIvniFRkgHtyiacVAqQna2niD8MQh3J91P4IV/qyNJ1uTvcGLZpAS6JvLlyXwvAjaGVnOv7HJxhpD07VKG0imkM5msu5lKjXD6sH+oYriugxVs2FT/+HXaHipHdVgPGnbJjVePfJ4QpwWvU5xVwCsh8fCybXD/4MQUd0DsC3F1yIwyZ3HNQ9FrCnxBxfq8tIYcdgrL5kBUQbT/VvrpEsHH9H/07JSGCZEUX9CQVRId0xLh0yUzeRBw79gNSmzxYxTZTwHT5RU3oPjpJ2uIkR584IkxzpLZlwNb6mxIEunBBRKUPTLNgQgsaPpVcXPyD/BZvwLUbCTJ9ZG/KvOxagdbL1+XcoguCVRtjtwjP4MVCWPJqt+x/YxJI8NVxn75gK0F8LyEooJOX+0FQGHVn23SyPUcBudkZkRHf3jJjs0zu6kC4VeMXcK9wYtVJeBRVSznGfA9507aGK8bZk1exMAcDkeHBWJB9b2v4SMoDFuTx2bDFW0WRC8BpiuG8boVEZAuhaiRtjWjmPM3Sbw7/p+HUVONhFf5H/3ZKu9xhHwvUPVqSBzUVocyAZPgcJdSkQrykHKBdNoTmzZAbqobelLS0gEOWzx36WqCClUIvNTrMbZYxrvKWvv6sYD/4mcNHl7JI7Ob+iFQP7UD7JunEr/JLybCE0QwpROdjSLPiuVx001pA5JcfL2vW041FtjJcj4iQXJB04PAqg1bvbI8NMbn2H29JlybgUxYFGIT8rd71I3szfOcn7frNtPypjHWoLL2Ns/Zq40CdGZINmcMMZXPbwT8qhN/efBGZEUtUIR5vnjodKF+sW5EUj5T1HlXnN3zH8UCWdceKbMMRlnibyKXYwmJ+JjGn+4pWsPLuBCws06d9AlNhJEVsUMbPmLt5w1no6pzKVo0aJnHJ+F6RRtb3fs0TmFXS0FmVGdFFswvYhdsCyyY5g5OxhaVTB/WB5dYmi+bknJjh/iK8L1gSISCVxXWC1F/wLttR1FLFNRsFEM5YuVjMjEWbto/Kt4i0Mwj2byyJZJ19W2HkodDDErqQWQTkggTlAaceXFE0EHN5UnSwuviG+7y0XlpO5JslfDCk+pxMb9M1Mq+9c1HSO4shbUZx6staVdUB9pLHBc18iCu+e7om71oJORgqrQFASM7ZJzd6UTkx/MAZdeO6r91r3Jlxay5Re7X+neUBlKtaB+2+OUwNIDFJVxvEiS151B68dIBl3rpJxd7+ao6zG38pnCTM2UxOmUaLYXyLetVi+yT5uxxJDV3v2u4A0n1B2eeSYfjs4lh1upMi8i00mX+tIfpV3l4nCJAS+lFhXJUu7eyFzRjRljf59P3CWaOSoGkKgcf1p3U4QK3mJi4USBlymfBDf3RkXUdhbKZkWpk8Pa53FVT2yzSOg9xIT/XPi6mAkflhkAcgA+o5GOJByUQH6Un9ha5dj0hTj+eCsA3vhs/wh75BA5Ftqx+jth7bFSf6nrEXaZRdBZXOH8V5xiyuw7Qs1Z6Tk5dv9MsGbD83rKc+j7QTvdIo/OOnvn4TnzsGNu1EHaAvduczlzCiokBjnYxuBLC5e5yc02eV480KZwJhUasVX3l04Y1LzAaMT8TneAa3j8RqC9CesTM59WoE7V+PRDDp2nzUMGnhomP+uD3McxuF8o0sRfztPXp5Txl9KXTKwA/zd9Q4WhLhmpPjiMUETZbV8+yr+EfJRhqmDm8mXEgGIZ96+xaSJYRLKybS5JkFW6fpLY7//p/V0rYcWLJeL7/Jq4oahjb2aZkQ2FSBWr+iw4JZ3/AOgxvRdKhMri2Nm9khxADmbjx14np5FnnfbEoNZ45xVfZPVuMHYfTEpNoENOu/gOrYN6i+p0/fV0yipZIm6U4oNwTf1EMSVO18jt20pDuH/0VwqwVDLQ0cgCqeuGp+z4E5SOPFjQkVs6conZfDxXdl7C9UCa5SueQbCp/p+lHMxiz4l2rRkD+ndmSATUA9Twc3PGmzOLEY5xiDGEMFOfoVGdi/hX6i2DqDxLiF23o6vUzGCs2fzgWcmx6gmRh7za3PnFAsBQ3dCB1j5xvncrKQZdET0FgyYNSdlNuaQdVU0HRDm+i+0mHyaplDM4DBLdJAWAoTKaRMvddoECtl5aehlyWPYn19aKKH6Rv4Il4YsRWR0ThfHVnT9+QfZxBVeHE620Orf9RC8CCA7RqSarrJWLf+vEilPKjNrfr3c2HkVDF9j4MvCxz1d3wULOFAaKsvJTAe8dovdsYSYEY4KvLEr2D5LitxovFH1NvrRr2ddfMopetIgo51iyrrXSJZU6Xytk/Yjuu4JcHWZyx+EhmI6iu85iA0s55W7mw+5aSSBx03FAioR/8lV7i+2qHTODSZALlU+IeBPe1wa0T1kO4s6xjgC6BfocjPauOqaCHUxrVPTKWsYpRK/Plymo4GeE157SWAAdn/zup90Rx2BOYyPaiZHrdiBMDJs36tn1Vy8X8ZWNrA4hy+4p5zEEd01ps56GjQ/KJDiijwd1z2T4ANy4dvxNaO075MekOeg1k3B72491qkSU7mp13elAimqCD6hzFrhHfxRD7JBkdNGZD3cryVFyA2RkozdpTBkTj+fZn31quhk5uVqzORF4X8LV2Ew96IsMNEO03bNDx4JY4AXlzugIVIfmmysJoagX/VC3Z84bTk3zmfzgfylLh9EgS3GI03R9iRM63QV2l+C7rYVW8cRKx65XXX+/vYHJpq2miyyruwYSLJaQT4U8cIKnnfb89HcymQgNTuYW0fKpNhsm72Js8V9l9CY9LXazFCiRgUooOArhKhAwaBJgXtmhkIcjoM6qNwKAVK5EzWC/aIsAYO67+kXfek0QTcCqvGP+AakQOnLcH2Nv6D23frgViUmg1oar90tyqFuny04oTwF9hmLwP+kU4FqrVv8wNkYGXFBONik8+eGTJ6jukpLLeRoKMoQUX8JCD2GHnBOMFOlg202s59S2EOYTxPyG6WOuKrDYOwz5p7Xje0ZWzDfdXDpljx6RrhFpBzIfiIPJ8ltuAzWLE2o7YsjRfUzM5w5RvXz3Csls2QccaOXTKLLC36j9V8+dl1kkKkRLGL38ejco7AEC19rmDYIB3jrpJ7enBevrY8vkWJ/pDKmP7sNWeKfkmOYabdFH/y0vsefrKmjxpbpj+Bzqp2Hbztgbbzg/T7vSi5Zke5EQ+shAmzNvBicFrBnBGMUcRcN+XOcur7KzOPdOmqxjgnDh4Bdq+u2jNtSV7VY6q+2pb9kksuvxYFJT+GO8qs+e5JrTUudptXA7KkupVJ5+U7v3wBO4IC/Is=,iv:gMs8Nq2+e7nrBSdeXz7Qp6MrtkvN6gYwLXuP1nm/Hy0=,tag:MLB5QxP2A7E6GwgZlI71FA==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +41,8 @@ sops: Y21YcmlWTkJDRUh3czJEUWVGaG44cXMKoibsYSOYv329WNzktBVJ18aGAMXCxz3B c9938x3U7BCsSatnNch/cTbxPFYt8GhgAXXZb8/vsT9URH+9/K2iuA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-23T09:05:51Z" - mac: ENC[AES256_GCM,data:28fB2H6tdToWcVoGFHYRgSMeLwTVj66lESwITzhIkXnZK/5sLdJA+JS/gw58IhxXoO5oUsRgsB+mbfx6IKd5NuU8oJvJhOJi6kkR796gb09pNww/2zlssCck2SmHOJBpPXSZWl6MLRt5pMoU3nCPjESE7GTSBro7MO6n8Ycn8Uo=,iv:JssdLAzR5tv5n1dTpy/nRoOHYZ9Svy67uBPQk4vFLXI=,tag:wuUZqFXXdjdsSbMWIGFv7Q==,type:str] + lastmodified: "2025-01-05T13:45:59Z" + mac: ENC[AES256_GCM,data:wESfYT9AJDcOKI4QSzXLi844ILNtDa1APlcvhNHfu80mS6JFXifUgbOV8YW9D6TA7X/NIhdpiIiDt2bdmK9GJbSrbNJH1yz5Pm4nEabVdHCU5aJKtlagxkNwzfHfDaRznM6NQTdIFDqsaSSokKYyZiycNOMdisQ5JpbYYig/KTM=,iv:GaYceaZ0drzimn/TTXPBP2Zt81w6YPLNf1oqRtkWt/8=,tag:ptEQRoIsBVSBqSdg1XdLsA==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.1 + version: 3.9.2 diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix index d024b62..6079f8a 100644 --- a/nixos/modules/mail.nix +++ b/nixos/modules/mail.nix @@ -1,7 +1,9 @@ /* * Building: For some reason, stalwart is not served by cache.nixos.org and thus needs to be built locally. * Be aware that this needs some hours, about 12Gb RAM and a few Gb free space in /tmp. -* Forwarding mails: Update the Sops-secrets in the machine directory, rebuild and deploy. +* If you only want to deploy configuration changes and no software updates, consider building on the target VM. +* It has stalwart in its nix store and does not need to rebuild it. +* Forwarding mails: Update the Sops-secrets in the machine directory, rebuild on the VM and deploy. * Everything else should happen automatically but new redirects might take up to two hours due HRZ infrastructure. * Using the web admin interface: Set your SSH to do portforwarding of some local port to port 80 of the VM and * and use your personal admin account or create one using the fallback admin password. @@ -22,24 +24,34 @@ mkEnableOption mkOption ; - inherit (lib.types) listOf str; + inherit (lib.types) listOf strMatching str path; cfg = config.services.mathebau-mail; in { options.services.mathebau-mail = { enable = mkEnableOption "mathebau mail service"; + stalwartAdmin = mkOption { + type = path; + description = "Path to a file that contains the stalwart fallback admin password encoded for HTTP Basic Auth"; + }; + stalwartAdminHash = mkOption { + type = str; + description = "String containing the hashed fallback admin password"; + }; domains = mkOption { type = listOf (lib.types.submodule { options = { domain = mkOption { - type = str; + description = "Domain name that we serve. We also push its addresses to HRZ."; + type = strMatching "^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$"; #Regex from https://www.oreilly.com/library/view/regular-expressions-cookbook/9781449327453/ch08s15.html }; allowlistPass = mkOption { - # Password for the HRZ API that gets a list of mailaddresses that we serve - type = str; + description = "Password file for the HRZ API that gets a list of mailaddresses that we serve"; + type = path; }; virt_aliases = mkOption { - type = str; - default = ""; + description = "File path to a virtual alias file applicable for this domain"; + type = path; + default = "/dev/null"; # there might not be an alias file and reading an empty one works with our implementation }; }; }); @@ -47,8 +59,6 @@ in { }; config = mkIf cfg.enable { - environment.systemPackages = [pkgs.alias-to-sieve]; # install converter from alias files to sieve scripts - services = { stalwart-mail = { enable = true; @@ -57,12 +67,13 @@ in { server = { lookup.default.hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO. listener = { + # Do not enable JMAP until https://github.com/stalwartlabs/mail-server/issues/618 is resolved! + # Luckily, this bug does not apply to IMAP. "smtp" = { bind = ["[::]:25"]; protocol = "smtp"; }; "submissions" = { - # Enabling sending from these domains privately blocked on https://github.com/stalwartlabs/mail-server/issues/618 bind = ["[::]:465"]; protocol = "smtp"; tls.implicit = true; @@ -73,7 +84,11 @@ in { tls.implicit = true; }; "management" = { - bind = ["[::]:80"]; # This must also bind publically for ACME to work. + # Cthulhu forwards requests for http://fb04184.mathematik.tu-darmstadt.de/.well-known/acme-challenge/ http://imap.mathebau.de/.well-known/acme-challenge/ and http://smtp.mathebau.de/.well-known/acme-challenge/ + # for TLS certificate challenge validation + # whereas the rest of the management interface is not available publically. + # It can be reached via SSH and portforwarding. + bind = ["[::]:80"]; protocol = "http"; }; }; @@ -111,6 +126,7 @@ in { {"else" = "'hrz'";} ]; tls = { + # we only talk to HRZ and our own VMs anyway mta-sts = "disable"; dane = "disable"; starttls = "optional"; # e.g. Lobon does not offer starttls @@ -120,13 +136,13 @@ in { address = "mailout.hrz.tu-darmstadt.de"; port = 25; protocol = "smtp"; - tls.implicit = false; # somehow this is needed here + tls.implicit = false; # Don't assume TLS on this port but use STARTTLS }; remote."mailman" = { address = "lobon.mathebau.de"; # must be created in DNS as a MX record because this field does not accept ip addresses. port = 25; protocol = "smtp"; - tls.implicit = false; # somehow this is needed here + tls.implicit = false; # Don't assume TLS on this port but use STARTTLS }; session.rcpt = { @@ -136,12 +152,18 @@ in { catch-all = true; relay = [ { - "if" = "!is_empty(authenticated_as) || rcpt_domain == 'lists.mathebau.de'"; + "if" = "!is_empty(authenticated_as) || rcpt_domain == 'lists.mathebau.de' || starts_with(remote_ip, '192.168.0.')"; #TODO restrict trust by IP "then" = true; } {"else" = false;} ]; }; + + # Stalwart gets its configuration from two places: A TOML configuration file that we control in this module + # and from a database that can be configured from web management interface or via Rest API. + # We here define what comes from the TOML-file and especially add "sieve.trusted.scripts.*" to the default ones + # because only TOML-based keys may use macros to load files from disk. + # We want this to be able to load our sieve-script for mail forwarding. config.local-keys = [ "store.*" @@ -165,9 +187,9 @@ in { authentication.fallback-admin = { user = "admin"; - secret = "$argon2i$v=19$m=4096,t=3,p=1$d0hYOTkzclpzSmFTZUplWnhVeWE$I7q9uB19RWL0oZKaPlMPSlGfFp6FQ/vrx80FFKCsalg"; # see machine secret for plaintext + # see passwd on azathoth for plaintext or machine secret in encoded format for HTTP Basic AUTH + secret = cfg.stalwartAdminHash; }; - tracer.stdout.level = "debug"; }; }; }; @@ -201,12 +223,13 @@ in { ... }: '' echo "process ${domain}" - # Get the mail addresses' local-part - ${pkgs.curl}/bin/curl -s --header "authorization: Basic $(> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need. - # Post local-parts to HRZ + # Post local-parts to HRZ, see https://www-cgi.hrz.tu-darmstadt.de/mail/index.php?bereich=whitelist_upload ${pkgs.curl}/bin/curl -s https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll - # Cleanup + # Cleanup submission file rm /tmp/addresses ''; in @@ -241,17 +264,7 @@ in { }; "virt-aliases-generator" = { description = "Virtual Aliases Generator: Generate a sieve script from the virtual alias file"; - script = let - scriptTemplate = { - domain, - virt_aliases, - ... - }: - if virt_aliases != "" - then "${virt_aliases} ${domain} " - else ""; - in - lib.strings.concatStringsSep "" (["${pkgs.alias-to-sieve}/bin/alias_to_sieve "] ++ map scriptTemplate cfg.domains ++ ["> /tmp/virt_aliases"]); + script = lib.strings.concatStringsSep "" (["${pkgs.alias-to-sieve}/bin/alias_to_sieve "] ++ map (x: "${x.virt_aliases} ${x.domain} ") cfg.domains ++ ["> /tmp/virt_aliases"]); wantedBy = ["stalwart-mail.service"]; # Rerun on stalwart restart because forwardings may have changed. serviceConfig = { Type = "oneshot"; diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix index 5cfa63d..f4ecd0e 100644 --- a/nixos/modules/mailman.nix +++ b/nixos/modules/mailman.nix @@ -35,7 +35,7 @@ in { proxy_interfaces = "130.83.2.184"; smtputf8_enable = "no"; # HRZ does not know SMTPUTF8 }; - relayHost = "192.168.0.24"; # Relay to eihort which relays to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp) + relayHost = "mathebau.de"; # Relay to mail vm which relays to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp) }; mailman = { enable = true; @@ -64,9 +64,9 @@ in { systemd.timers."mailAllowlist" = { wantedBy = ["timers.target"]; timerConfig = { - OnBootSec = "5m"; # Run every 5 minutes - OnUnitActiveSec = "5m"; - RandomizedDelaySec = "2m"; # prevent overload on regular intervals + OnBootSec = "1h"; # Run every hour + OnUnitActiveSec = "1h"; + RandomizedDelaySec = "10m"; # prevent overload on regular intervals Unit = "mailAllowlist.service"; }; };