diff --git a/flake-module.nix b/flake-module.nix index 1c9cbd3..789d7b8 100644 --- a/flake-module.nix +++ b/flake-module.nix @@ -88,7 +88,7 @@ ./patches/sieve-rs.patch ]; # Replace the string with `lib.fakeHash` after version changes in order to get the new hash value. - cargoHash = "sha256-0U0Z13a2vRxMFnaaHeXBjvYDjKStgqmuDboUVssVMQw="; + cargoHash = "sha256-gb2oFlVA/vE6DoWWW8SCFA3l7rtV2RuosPUY+6IcKNM="; } ); }; diff --git a/flake.lock b/flake.lock index 02016e4..ab4a759 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1742970612, - "narHash": "sha256-+/irvF5TgMTCyHWE30BhearVDmeMHRFSBG4D6kCGlHc=", + "lastModified": 1740490964, + "narHash": "sha256-05mpcJZCX631rNCxJohUu+nhVOlAc3EfcNPBzOFSHMo=", "ref": "refs/heads/main", - "rev": "a9a819e659c0fc1baa84c83c50ec839e6819249d", - "revCount": 24, + "rev": "c37b6ec8654db4c6e3d79acaeeccb577a9fb66ce", + "revCount": 21, "type": "git", "url": "https://gitea.mathebau.de/fachschaft/alias_to_sieve" }, diff --git a/flake.nix b/flake.nix index b2699bc..4a6baaf 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ inputs = { flake-compat.follows = ""; gitignore.follows = ""; + nixpkgs-stable.follows = ""; nixpkgs.follows = ""; }; }; diff --git a/nixos/machines/nyarlathotep/configuration.nix b/nixos/machines/nyarlathotep/configuration.nix index 57d00ff..64a20ca 100644 --- a/nixos/machines/nyarlathotep/configuration.nix +++ b/nixos/machines/nyarlathotep/configuration.nix @@ -15,12 +15,10 @@ stalwartAdminHash = "$argon2i$v=19$m=4096,t=3,p=1$d0hYOTkzclpzSmFTZUplWnhVeWE$I7q9uB19RWL0oZKaPlMPSlGfFp6FQ/vrx80FFKCsalg"; domains = [ # lists.mathebau.de is forwarded to another VM and does not need to be listed here. - /* - { + { domain = "matheball.de"; allowlistPass = config.sops.secrets."allowlistPass/matheball".path; } - */ { domain = "mathebau.de"; allowlistPass = config.sops.secrets."allowlistPass/mathebau".path; @@ -75,18 +73,6 @@ group = "stalwart-mail"; mode = "0440"; }; - "dkim_rsa" = { - sopsFile = ./dkimKeys.secrets.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0440"; - }; - "dkim_ed25519" = { - sopsFile = ./dkimKeys.secrets.yaml; - owner = "stalwart-mail"; - group = "stalwart-mail"; - mode = "0440"; - }; # password for https://stalw.art/docs/auth/authorization/administrator/#fallback-administrator encoded to be supplied in the basic auth header stalwartAdmin = { sopsFile = ./stalwartAdmin.secrets.yaml; diff --git a/nixos/machines/nyarlathotep/dkimKeys.secrets.yaml b/nixos/machines/nyarlathotep/dkimKeys.secrets.yaml deleted file mode 100644 index a923ce2..0000000 --- a/nixos/machines/nyarlathotep/dkimKeys.secrets.yaml +++ /dev/null @@ -1,40 +0,0 @@ -dkim_rsa: ENC[AES256_GCM,data:cVzKHs/1H/8UL2aQ6fiXLFn0Y0yTGUUss/G9NiXtJMwWpa1SDuONs6CaplWF/c1z8Ph4b4GgQQHQqXGKnZIacpUlv1C0y1W5rr4DNqsWQ9F1Ncx7NIZDHJ3nQ2KKXy+I7NgxwdIuqBtg9ZticYZjf1ArcWUGnt+UEDmgXw4fSo05YS+scg0o5hyrkrduZntBBlUu8hH0qMrE8usptGAmR+iwJ33U5Xan0G0eURVCQJ9xV7tUkZERmZi1TtEmuKa7TCTzNWTHWjuDFRdQ0u6EWajCVa8/UcswTKuKLh0h9OU6DPt8lHYgshiSF1SRRiDq5ytjAFMMpA0hfrqpDx2LQtnyZIv/E8ZGtt5QeikUUTgLMmrqIkMddGufPp8lvFCLh1dlCf1QuiQQmNyMsNPAuu5UzUNCel4ideJFYm3hEoPUQ8uHNmujCOi89NpTwFyp9p0By/4fGWFPezn9VxOKhID0/zKUHp7jUAbZT66XbyDmv6TG0AYGNWhWsrjcCyGKCybOjV7+Wm5viVDFY5chojHciQMG/nEu47vBNJwUhAD/r0T3hisfixuh3rtDvj6w/UXB6xkQi8TDyfjWpZF2ay/DwNcK0HAyOfAYyXVWU7Ck2D8NY3+YQrxaYhY/GAjBM/R0n/dpHBh9EInlyEFhvZhB5KwEuaVHSxtcudFxt5IZ8wzEC8PZIuFHnPJDXfjth5SjzVaQ6tBkvof/eMQmc2XDMofZoQODPOYL5RUifWDx7fQlgsKgLmhR6PgWigqZxis4V7XAT3BiqaYyxxdnYK08mR7dmm04o+TPWx6gQ7xTpW0zoufetBglwuxdEuzWoaTEs+vH5YCJfEdZ3ddk7IT3R8pTC3YrAIrD+IWkxolVk4nUvYWkaO+7pVSGO/QFI0ZaHDV4qK8cCD2p315LecL2bSnymXPKuHCGQHauwvgyGgja5+fs7VtteYPNLc71TONAWAV4Gh+LIejKDe6gnovEkHSKU1/q9qkELMTbnjYLM42CRGfg9K7Rf0ywwdv654yQr6wC/+wzDLcfmcqjiw1a3woEecAsqQ+RmpiFq80eCi6ZZCnLCa+kseV1+j48B1lwgQZg+9LwrV8YHG0ciW8IxhZ9O0wUMv/o2Udwo+NfA5iha+EcIBSr7VoV/PVIKZSpb3JeNbfZ/AwOr1y8/LyyoX7VtvIK8jOdulpOtwHAZ0GX5dYrH/gWgjdyfVbd7irehO15y1L5jbNulzouv69aLYwwQxUcmRK+O/krNDDp6Jy0Clz6+di2Lvm8W7ykk7NwMgTqlyUIi7jWTC5xEzY22bANqMuyE2s1sFdfxqLY7Tbb5PBJ9uzy45mwbM0760aOca1fAawwfwgsL4FkgHHQxn2SIMxmOB3+5kgCrelLKzk3Eu3Hq58rW53oVX+hSUd9YGLuCN0Re7+kybkHfWF/4r+A682Z5Zp5GLla/kCntZDPYODtz0Wl62AC21MAGv/RKWaUGWPaktx9M3w28YHa+mffuiCUSMdlN5TB12TVhsF3BSQ9rNztEfSuEtZzS8HbarsGg25wuv6gUQ36whBvgjmJJ/5/7Zc9a+l/mhKIblek+U+J5oKkQkiV3UuUdGzR7iYMXE9skt1b3JNYer6BaJQ+uaiJQsu4KVWj4H3G47owbtO9q7JMVnQ9SwbjuGf8tge1VV/ppD0t3Ay8S0bX+fd3dkDRR9zEG0UfKuWvpsLjyBqs+b/tsntMMB89BRrle4mZFhKlXVorQ7n1KV8o+2KC4y1Nkbg10HcPPQmsL+YGQG3OkWixpslMeIv8Y89RjBVxY/5A4BiO9FIe0Zt+rpAFUoFLvujkQc7Qau+b3kRFDk7agiETblUQxYMSPu4IqMxS5OM5mlahcsfEaYFn2AT9EBCGVi+ZKu+rufcsVkMf3TmOpMvXX+u7db8EvC1iosY5UUP6RziFd0WqUHbpRSrXXusPm038ddM5iifw5dW4s62cWfrcGZInD2mWwVXDtg3lDgAZZAK3flIMFnaTi1XTHJ5YrkrUm/DpYORsCXm2sLYPhUGdYT5OXYSjR6/3D6VyTHoxODLQSbc7t53LePFNw8cXK26vw6hDl/34ZE8NzE9RKBGI94FlX26VupYdcMdVWs5Ko+Q0ooFpYKGazDW+lLXWX/ntRODDcm+c0MI5Bq9zSt6b1WKoCrMZpDYEjMdjBdAdiK6Ia7zlOdOZwn97Xp1Lav0G7+eO4xwSTS/busXsOBSAKhk/Q3njkgBtnDuI71U28XP1BjGaTEQuXM0yJ0DX,iv:QbZVXp5FQhmYZvXxXNxWKrNm5GqM+2P3a5pPk499mlc=,tag:F+KNoPRnoLLhOpEj6Czj6Q==,type:str] -dkim_ed25519: ENC[AES256_GCM,data:cZHm7bVpQ/VhYLt2CnNk9364k+J5ybgSLrR7Vm1GsCU6JcAvHl8Y5R7mqwgS+gTnHX7K02GuIGXa8909/aEotE0ZMY5irKJ25SGJqTaqQafbiMOz65CRQh5trtcMBF4s4wRYOkDGgz09KkELbkDHyQZFcrGqvgM=,iv:p9ROj/epqR3xtrimXF1onJJHH9JUqNG9z1MxKVu9uPg=,tag:m53rXkcu+ernS5JX+k8YcA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1rasjnr2tlv9y70sj0z0hwpgpxdc974wzg5umtx2pnc6z0p05u3js6r8sln - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6VnhvWHdsZWNHemlueFo4 - L0xCTGp4NlRuU3YwRWJiSHFBbmtURTNMQkVRCnlSbFc0Q2xINjRvU2tQeStQc1U5 - VElxcTVuNm9MUm01RkpGYytrYWg0czgKLS0tIHZqUWhkMGRNNjJvUTQrOHBpZXVS - NlpjeDQxbVZIRHFCcmNtT1JSVHp1K2sKSNcC0fcOar/KKzs1twaozB8wfdFT9OdB - 4quV/ycNpJpfs6+2r0RTLBxYFyusybu1swosAni+PJsRXS82+PTXHQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1epz92k2rkp43hkrg3u0jgkzhnkwx8y43kag7rvfzwl9wcddelvusyetxl7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsUTUzYzZuMkYvcTlrUmRK - aStnak5IWitFUSt0eVBQOHIzcTlrMFRFTjA4CmlYUTdobXFUK2tYMWtFekNqNnhp - R2RRRFdHc1p6bFVjYU9lbTRBeEM3Y2sKLS0tIHdsRW1wR25pVkZIYU1yMm9sQXpr - NFhiN0pyaHVWT1h5eVFXMWZDb0sxUGMKIVkYYheD8F9aaAyCA+m9ZGlV8vKbAW4r - H6FUe+ats30abxoYfHZfMJv17BxJtpodksSxWjnPYm0dfRf/EF/vSQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1ktwclxa640l89le6yecm8v2z6hmwr4lusd6x9gyzamhv57887szqtqp59a - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvU3NzY0Uxc0NhY2xJZyti - TCtTS1crV3hzMXZNV3k4cm0zUFNuY2tBL0dNCnNpYytoaUI1eERhdG1PUlZ2eE5C - R2UrVlBwcXR2L1VNR3RJL1lEQmlTSDgKLS0tIFJyLzhZeG5zejFmL2VkYy8xVEM1 - U3QwOXlRdU8yd3ozL2hUVzRXNGE0bDQKT7SLAqICsbFmRUF+3s2avpBt0dLUbHLX - AgQzx5v6GpMMNwCkCrOnpFX6al7zkRSYHe7hbn03BBORz9mPHek5ew== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-02T07:58:00Z" - mac: ENC[AES256_GCM,data:OvERjDFfHTJbTfwq9BmXBQy6pjeyIhao6zP4we0KeYL3skbw4+aaMixjUFzjauby0C7nJjEPBSk6pwK3lN+rScS5g7J8tTNtmhfEDQbfsS5zNDKzIQjYxbUbDr2cTPWwCA73gRGMwLbyNvdfuEp46jNV8OJ8km/y2nyG9lDcBb4=,iv:0RSU2MdZWiYEapwXGzevP9/vc/Sk1MS6a0MnCRQyIs8=,tag:vvngXS2IRzH999yzo4JyFQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.4 diff --git a/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml b/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml index 898deb5..aed7177 100644 --- a/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml +++ b/nixos/machines/nyarlathotep/mathebau.aliases.secrets.yaml @@ -1,4 +1,4 @@ -mathebau.aliases: ENC[AES256_GCM,data:DwycjpOR2pyha1hZbcH3U5H8dUzTrHo7OySew9oBGwlbzfTFXkmEdbg4g51dL6lWWuhDdcoPd8x8tmB0trs+x6Gfm3yTED4z8sV5MFqlcY1pKQ2430xDoJpGLRRB9gzm9J09kOdf+MH3aUhZkfhboPDP+X0sXst9g/vAhHoutuTNla2uEiZjzcZnJz6p849V3pyaxkwc8aKg734AaYNF6tuHvkqOdAXwONhlC8xz50hISlui6oreemgvl67I+wcRinYfldCtV3Gdm8+b0/96kYVsa5//xqWbRNn8LPhEoe1LFraBKGLW/tdMXYAhEH4w6ff4GdGqTVPOz6w0eu64aIX3jY5Hubbf4fY/QQaD7CefqtSnAJ/dsDh09fVm9x7aSwWxAQeXEaP4n9YpARkYRS/eO2VsK3oQr9a6FYDX7wqrEK0+1HdPwXPnbFFpKnfOBue5PEyePAE3AdYxiaLH03cmrC0wNxILFhlYun5qF7APCWNTVsg2t/psYjLqcLAgDNoDMcVjoxs5CxgL3fftX4xkMAO+FebUD2Y8k168VWslOxJUrBQdYt/T0o0XrG7z86uOM7Jjo9SW4qELFONc2jbsd/kSKBOATkdJYFkujozESVAWra7fO//adBHmFmoZ8Q6pzepDd9loZmLGr+rARoFmdfnCeHbSchcP7+68YA1ARv7Qvb7cmTCxG5ItwAp2KeIEwp+bjyhinvZKjFagVyuu4aQI5thEK2qqiYZ8pglanyIn2J7POuC44F6zDiZQXIgsAyW4VLwa5qpO0FKfX0pSKnvOjjPVTAFi+rY4YdX99uvcfTQLvDOXMN4O15VtJT50QCh3hgU5EEBRq63+Q9yjXxxz+8Nej3b641HTkBuD0tP+NbGOkzArZbJ+jAlreLzaKR2k7v7IXwdegt7DBPvm6niPgsz9Ra2Q8d93XTvev6vpFOluIY51gKE0DVKKZdZVGvseORU3DOtA5SDe09jiRm8/X2nPSNBCv7gSeL/dNoaKc/2tSYGZNvppVKy8JCQbGdAr4bMwjdoboP5Pf/TK6aP0cbxfoxEuy9QqNvhkdCOJmcsWZvs6INmY9Gaw1WjfT7ZVa0UbIdmMvMeHM8HeLPbBUO/cY7clGMCzAQGPCCfKsRzRtrK8UBheSkVcA6lz3dlr/mvJ0Kv3sFD++MuGShbguNUulVuarDSFTmzPvkWJqKxPh6ufIwBSPhd093LeHLhBfz8pVhxT3tkdAZo0r1qI2RspHY3rFm6TZeAA8t6QFTtFDL4L9MQreINZmcwaL9P7T4+r6u+G+4cxjxdfyc7lXmapz2gxKGs3zLRaXxohCefvc6xsRRUk5P36s0QdtxJXXkZXtMc6RHZLPD9wettc8bgKoDT5BA2FYf6vSB2cIDqxUlk6ALz5YCgzRMbEcoDDNlzviM7DSXNK8hV+FvO57P1j+tPQSewogaViOvwL6buJ0JbMDSW/QRbI5rgRaCcxdY8PZ/ykWH0ltCGBcli5Mdt6Waek5JrnEQYJ0JMb8/bKgHYOEYxlmoyOBrIaBNx6vW6ZY2maDo8+fQLwKRadOid7FAKqVj+pFdfvgQyNUXpezClSOGcfdLXm7ODK6v5t5RBuXTqNg5InXbxklPdlAmPhC0V/W9XKthvZyQr/UqJAdelmeeb4/swMzCS4bjA4uy4szpExtWf9D1q/uy+nxt7wPrmkXkfb7JAWpIEvMdVN7UBzowogiWoMKLr9ZN+2FR92UV1GOYAwgtRs8RRHjXmAiProhU5maFbh7gnC5YGZ+UPAce8PN6jiSn7MJQTvKm887c4u+SFnVX1oXPcGvIYFpsoqihNNc55QX7Xs7/ovE3CJCJkJ7oz6lZFeiNWiZwTnvVX7weiZ8eSkaz+qTWV4sV6JkW2zeF40ipaUoLxFuBB22q3+l4vIbEFTRlxCIeEQGi6V2HCMk2wn2vJcUUpS4ISepD/D3BkWVIsbG176T3aUjogzsprAod30FTcwR+spR/gHoPY7rPyeXAFdV4esD3NFmtJvnd0rOnnlDNRJF8OvjLOGYLxE96YQRTcBi7+UXw3cGbtAmfvAGjywZ9icC3OL80/nJgVipfZlcvjrHacyVy5k/PsC8CKvhGAd8ugJ+fNXz+vouBYT4TKAiOtU9hmtXWDH4iHQ0li0lXtDG6LaJxsZWQEhXDH39NTTOOrpP2d0raoE016zxVBDq5Iusx7sdy9lnhGjf7FQ6xGvoBY2KXNzNwMoOxgD3zuSGZ62hNvjn7IaXXYIqOm85yCvh6oa5ZCpBBYeJ2KOJsDaR1W7jYJxmi/G93rLddlV30bMMqN5NJBJT5Ive07TlwHPGOnXsk5UQP01Opy+oPfxrH5i1EAiCpchZ/s1FanZCJNu/k034MwEJBxy3v5nWOoNt8x1LVek3++gqnqiPJh98w2XQwZm8Ps6R4UQO/qDmBTp4iSTa0jyn7gKjw1Q8aBNCAn/HxOwaxjz6fb+ixz1DxqKYVw9u4tPSh5GHBYOpLs49nEoXleO+imVHUg100JoJBNC7tsmlHZERyzO9wFFGVLzBk4daVTuPK4D0Fk847Jd9p3eB61vgybETa0U6JSMTK+q33pjPbcPrUK6P6om7iHLU4xfcWSRh+4Iq8m8IJkShnKN7qtVQYEk22NZRtZJf4YBDS9sEv9ZsUmn3ERxKx+1CzYr/Gb7WT22TaDnUWmWzD6L5w2n3ZSJig6Et15MTo6pzY+1Ujg3yJMPzyk+/m1ZEujXVvwWsnOagQ/hQ8E4IN4lg4scF95l3ERjsLx5df0IomzqjIZeUJLSTedGtp1/+ycPXdpYfhmut+9ql6tQnJ0mnkNGkEKuXIUT1FANw56/DoYczt35/pwC4TZTvkoDQ48l64QYfudNBQ2B9mBXm6Zwp62szhQLJIgSARsVUL6VJMStPzWw+n6h9q3OqF0LfvO6BpUD/urHldNAFHv9/LTH4ioGeHzDhsZbh+GsmVr3b80AqGgVrEulhIKCwIAC4vff7eC42OWdC4new5bQqRRUmLarbu0kDyVdqtvss2H12Ud0SD4LmGSxy3Frw3Jf95OsxTkrcwUKly5xYH5P4Og41r/W6cPxqZsD48xyFjsJsOiW4hDlq9KKnLh774fHeCd/vWgSiDRBY440ULTOeU3/zb9K5HYDdXYPJVr/nNgiOz2DeVimrB3uoRXAECsTiG1GEmdt8PQXcaN7t4XFylJMapuOSqwFpUFWKsPRx8qpwKrPZJuEzAVQ6G4q0O2pD+KLpKRJXiaDjlVdeRO/MYambMnFYtDV23zOT6RsUZbakmXQ9UHcKAQ5CQvezemT/4D3Ziw12SkKmk9THsXIauqvKS63wHTZbNDOSRx0uZoJKa4gRJhguxj+mepU/9Tfj2RIKUsTlf6sc3NwgP9eMiQqhv4pJVEt09p0Ma+q7aOTVw2skDAmSy+ydoFLZN3P3Vdhb5PPC3cp4jUDXsn3L8BTfFzY08Q4Vc4O4NS1NBZzXbbFTINd/xh9BapEDDs8/wJMKw1TzfX3H8eKKgJYiczrA25D06nVVJizDkni+0MaExBzoNo74tD69UmbZrUYCVJZfi6UtdEPimvRZgrLafZo8kBC5lHJbQJ9sUDl/oaBVxEOQFQ2i0zsRLFl5yuShyva6eEzdQBSJJ+pKJAanx5v+8mr8iwnn3q+IjC+00VVpPPXQ68X3rpgiaBUdVJcnyzg/b5OEpiHPDjUFezmJgueLmJDEP/EiYprsUwy4lYyf1lgxWaGM29m/5jXTa7hHpU+UHNsCxtmwHuaVabDY/wNv8kLEX5HwI+NFV642JUff1ywor1i7SmzzJDkSuJPOIxkl8Mh3gHst0c0WMRoDXn6BA9103A/XOzAoxfoHTJcy+hmBmI93fpQkMqfOq54kbCIh6jxvIearcj1GVcIPabHXB8GqvyJHxFUaNP/QgaqjtMUBA7PLZ7hHcS9IUgGi0+07UEUJSpwtDAI0YrSwoxSDlCHrWP7bH+N6Qs4U3kShTDfG8nLGv9c0/fUF9xHrHNILLNDDSRum/9ouSqGDYTjr2n2DGPH1rbW4pMX27JDKg492ad9Oe1A44G7TyLitsDrfnuq1NJCcEcXUD0Dl1oU5sV2BBnnQxswFf6iWSaNf1TFIiotA25DUwepHeNUdn9JCdQlW9K6GRASFMbADjxLcCIenEga0Jo07gdJuPoCo36BvRryNSkGZmuhz7kouws6Lh+iNXCyMpHqS7BuIiWUjbpk2pJlEYZwnuX2gITSUd3rZbiS1eLrHhPRK+gE3BMVau0EYQmKHsayxm9MIvs+HxRGswB3j6DrM9zJ5Zjr04X9Yr5zaRGdYydhiusZ1sLL1hR0kfKyakOYhPV+iclzH2NMHjgeiJdZ2gZM94OQUzOjSXy5112UCplbhFVJq4Pgh/aHRmI6qp5DN+R5O4ZabSHDNNkU4yS2dlpiaAGn48SemTON7HOW3qPI1Ysid6zj9U0j5qRqnW31jciRMCEisvIENZtxxKup/bsyRWra/r2plA8a0hCPkg71hHmvFgdNLOpO1ZnQStI4BCLWOYJ7qk8pu4h8U+QuRvUcO0FHusdVNIdg4gEuDN4PCS+B46Pfy9HVoFJd4RXWp2VexIcQOg7XSASN3I3A6cL1OCJ4Z3KmUxJToyXQuC9n9Q+yi1ccK5x+0JqxidkcBroevONpdZhw4ULKgh0ktaWVzEq8BiMVC4mQldfTE4A85Ifc+voh3MM6TRBviCXoWSwSx3K39Mul/agXTMNFzA7KD0PogeeeseM49zGPnXwYDHLXUrK+GTPe4EEXoOMFcULjqA3TgWYrbkGETfMRd20atqvJvY5L0rn2A2FNIJ14sqL25N3flrq+TLo20IBYBAdJBarWqp608F+MuRlpnM1EGV3F3d94giS4g0fX3DhbMiezmFBQjuZncs1IoIGttPKpVkV2Iznp6GuIrzg3zo1UGu5tOzD6taX4DdQBv+ark9I0cxfv8X765pus9hX4QZCfEBgRM36qTpzKXWdilGBHOZr9pIEx9zurhJAKJb+cQuK31wH9wxtrTEtcn/wLXf4oJQnJBETdV696UXbUdLn16uvMy6CWCdhKZolwLGUzjzKy/viVM30+Zlbb4375HJDpklouLVQ6Plj2PAvyftuk7sT6pSCV21D1nxyM3TeGhPKx5f30kv9ZjBokW5MQ90+D1PJ5vf0oGAPJhVHtn2cATG9Re09Zcm4Fx3EoDTbj31MjjB28WNzx92K276lj+b5SQ45EnqwxWy+prHOrbgS4Kx7CMuyO7a3bntC171q7ZiZ2/stNyxVUrL6SaXctDeVRe94N2sR3SbrC3AuR3urD8QBEQImuL3atDnl9op7qL3fzxhLvaSKdDa5h7AchaKDMKeUT8hkmagg5gq1ryxR38uSfv1PiIeCv4vv+9OJG3RR7F0NY49yxqz1orzMyt09+7BZbPQK+Cx7Lqv0y2D+YyyWE6a+nx0r36rh43yH/yidwkcPaaSXXRc9MnZk2wo9OW6RiG1wntlKl2cu/voj5Ii3SYXmkpqxOYmrzb4l9ltTTu6il9GUH4GRcL9nUO/soQg7yJH38stQK2etkHMdO3mqqrS4oR4EMScRlwDFmIaQwZTCz6jTYKa5nZgdPxbqtwCAI6Ulko9BYILcItDUj2/3Q0SxrPa03Jm3vnnqvdEI1Xw5BNkfCTOd2nzqMEYLNRFB1E0vTCPWECAi2qRnrVxVl8TxPx3FZv5QdbR2H9CSkW5ZlaGxBw002WDjnm4peuCcrrKRuj8YoH9svDR5vKulQCNVHhq7Ja4QSN+eH8M+VNqQc/Bz4pZK2BgNU4YwAXBYdwlt3k+EVOoHYMertBbiEidRnx4wsOOGueinfFSDOdgvt4l5UgsHpvThsSURtQFt6KMyXcol0QONKzwVMB4cULHso5bavkbtgzxF6RqUN7zJhQgRwBBgAT6InFcyLnNPhmxXqCWaWORvIN06lGToN7kcZhIwKxyNyap2BgFjD2ZexQZhZrS/yDm+okSXAiSvuZTHLMc2RkL9U0wLpJnVRhqcuuw363aVOJWqH3IGvLk3oIP73pvAZF1y88jcXdyPbDR5oxQoli0fVWGX4HTsm68FJ51apo46G/yVTNYoDpvrjqF4NZvXuQA9R0aVBoAcsqGqAqK8RxwRp1tcoSOyB6cNYT2G0IrDGxm6wmjzOAcxygx3k4++o7aYX18Y2ecjAFJsNXYZzjvm/JX/F7aPTDEiXOhxQWzE82DN4rfVSfPVPcifH5kd9HAe7psbWlBNMBUi0C82DGLs3OYGktlPZW4de3hxSFn56uztDKN89r1/W10BUOMt4cbRg4Uo9NPpfuRWV9MdzR5N4GUuUZ4IGrXpT7vkHjLnKheoxH3sKTAnbpCmIuNx9hr7UsulXuqcQKot7RlRKPpOa9TVLzUKflZtZVSvlnAVqDm/R8o+OE7Psn8ySvuA/TumqYmDauewD9R1HJVbW4Kb1Yq0SJ/2J7dBTrh0zcl2XR+WSB4kDxICoT98q49KrIta385fsBrsN9vahTMs2TUQtPrGLBIxD0ZclPD92fhngQak/LP0JcZoddUIZ/x5ZJt8Oi5VLJrkocjsnSoRG5sxIHWSUZy2EF8+UUXY5dIbEGQEcjPh2lxEOGD37Vatw+1VbEk73SRvQKFGRrRQ6WEgK6B1S1UXWj4IiR/FM5pYTWh6Tuz75UnJ0liBNOLB96I8qND7vTcY6dLOi4PkhoiIjj/ffHkYKD6N/u3LgngZiwdjiKEIsGN2TPAxsKVh4UQHd+3B2Czs2/Nxz3M7/JwebFCIXRG5tnUNZgtrFv4mQoOS05yiemwtnsJDlvQBTr9LGugkXAEew5TgFgkmvqQjm66aTCiiCDGlGRzExggEilmZUT0QixxL9lU3b9I5SsCFaFonTXsZsDhfT93z19jGtmU4r6Yrzdnu/kXXB9s4LICPe2nYPcu57RKynnDUXK/9M9YxxVSL3f7d/1AVmWyC6eHdA7jEJUHCGvcpVHbJvAnDqnI5ShrV6tgwvj9h8Df/cq6CSPB4oBtHxBcR3S2l/zuQMvzfcVHlO5eeiVjKRWH4U46Hj0z95UexVuv8Y0nkLwrpkgYYr0DeEvWhB2uDvYk3qwUtf2hrNLSHQtet/141WLEqBkln8EX/BmZtdlryGBgj2PKF+XUwf47R3qVsvE8lTwGRtC++XYFlFCoamxU3TFJkWcvyO/CvtatYJVQAGV8J11g/4O2Ws70xkg+U0BJ4plQPlGcDp4rI1Vkvo6+3l3aotURKxgfY9ByX6x+xfk1L9yyejQqbGk74CHhlUKdIdgLPVskXb00f7pBE8JfqFd4FqZpjGcFHPeBzuhL+XskIOIlQ9kYUqHb5oGgq6ZOTT+r/UlIrDQghqQnjvBD/CxHnWZCMT8TSHb3QSNvf3Uc3ml9mpzMxLzoDfKnufCW13bDy+fuNonGDVke1APSVmALSeCQhMiWHwDtIqyEPBlQ02yEoARXv/tXO7w6WkyUAzjh/p6Q7CnEv8VKXEvCr3Mpu1D0r638BLmC5VPY+ZP485Qcn7zSOocP6TLTFfIzUfnWorD3w8HdH1zfjrTNi9KAjD1P3CycQYa03d+Rrb7RTOku54yII0clh1cMQszFBM7405m08nZTsCbvKiz3wLoH/7c+9TyCpA3Qt5MmETsbGzsSsdUlSJHk+5fO9rtdoSTsjzKhXuVBHlBQ7wpF/mUhOYO89wc32BHcumCbXlgoNu8lt5vNRsjYIPsxLRSxMbVqz5CMCk+9gPR/970LUQ0EmMAhIHOkjekukK3Kqdd8qDSQHuALuDW3Iw4z0y1pPxiSqIwfSqZVFtTBayjPSJ6SGgPslBB8HbvOCNwmuP5G7ujo56E4wyHFkeI5yBWhBxqzk3lJdGE/UD3ImqNYIgbYLq9f8+nBsIfV9FSjn9bJelACqh1L6Vm6DAijRcrt5vIfEaJYszFO8CsmJJS+WUNIWF8DvF3H+0fXjhV+Znb5nrk/nksB4s2vJXSH+G2EOuPJB3ZP9vRhhnFyjENSRNOfWZNyvpBWRLz0aoD+SQcCjJJ+VDYT5Fkp68+5bQA6/dWagA+TPkxcWc6LjfXAwvBMDwoi+pb+8RCNTUML1KA/67wv98S6wcVD9NzjUoVM4HyKqbdchKOM2WBQfrsYXEkQGmZVnBVPzs0UJn0p3Q7rX3CXE7+H4RRbDyu+on1IB2yxJmsBRX3g6kgX2w/wXwLLsVKZokz3nR1BH63k6DqEEP6wWvOkFNrGRrfDLknfFeBeFpn3hWtcebVpNV0QsLsNivGta5pwQxiLDdH37DnI93n/omxxJvXZQTzcOaFMvKxrjw2rg1snLKs8aFErynEmt0cPt3zfJztWMmuUA0t0dT3xAIF/WxtcW8asKmy6VkybQPUkfyWCVyge4961fzXY9fSHvDLh55s5G14znwvuk6L1/wVq9UoQ9HNagH9gcl4hbicO8yxd+A+hi9tUEgZAAQcavPOaBvWtGPhsNvDhiKC8NvAeb6HbDSr3kT+abo69h71P7zpftCWkFLu8+oxzYxQxmQpJQoIkLqk7uK5PhVg3MYJT3mNZNAwm5FxV5E9wl9xSYQww7W2EH+WotcTQnttEC9CpXNJjMk55m3kyJd5nW2edrGeP9GDrN0Hs786wbbxth1cwG+8PWYAwHTde5lZu2ALcbEGtsKx93oQQ56ZEfiHgyh3Jp4SAcaNPGk0/Wky56QjxGSv0yOUotVfKGPyWZTot02EWNCAmtIAF88YWZP+pDeZX2p3gSLZNCRypneOa99LCBgT50Toq+52GOFADUhcSHXNiJozHwnHyz7whmAY2Pti3CvbQ6ecKjUxOwUEVAgg8sxCXEsZRGkv+EgLJ3yFU65voRJlVPITHT7B7PsS+sZGY2EXAACIyD2R029s1R7GWe3dT7qY+3kyJrle4/E5WJ2QQJN7wWa9xlK168+8oRDDs24qrvRTOw3iY9+crg7sz2N3mKz8AppZiHS9aSng+/yrAnzUuaDYQWuPhxgbIZq2qSwUgRnaGB1QSNCFB+0tqj9OSRgpgiaOFdINe1tILkG9N2qB1JBlEGOof9DYMOrCuTJggU8jBkz7BSxJVpp4wB7e4myv704yfB7+H7KtXumuewL7dw7UD/rNCnZymRlHsHd2yX4A+1u2IcPtkdlg+04MV0oFZpzpnxJzQkKekPyK+vm7R3Rjt7x4sN+2eMK957LZ+5A5yS+5vJxBlXkewLVVWEzRoGhRtOfVGoThajtWcFM6fT+qVkuFFD76BieKJFbA6+30ssDtSXVgbzZYhkP979migcS9SzjB5jfUiJh9TE7qfsXeG1N7BgyXrtt7R8SG25Cr0TYzVGPi65D22pikYpzjuB/IIGnWakyZYd+a8WvJgebo/nFmpgT8ZLn4dU0lfM7q4qxXEL0qziQA2rzn7FxjYcPfn83CTDsbUcOXS9tiMthPkMtgYHTtj/z6WVtvfW4nHgLvfMKPevcb/aVs/C8GbWTB1u9H9wOsfu4yBJJJ3o+/Wb2LyGnqWbe/mi6UXU2S9cEBf8MBR2AK7TwYeFa9Me3rHMWqqxxP7ZiU7wqStoEpF21NS1vNSez1lu3BNQzeR4oy+a4m/VSq76k+VFbkiVqcQRFt5esvb1ukAvcKOuLsSrmNFcdCb6q9Qt+V3X1mxu9EROzcvQrtMJdygOM34caYdGnKzYpe2FmnVWd/QJV/r6Aku3nladYiUJ3NWktOuAKc9ZuoIWxmRCP38iLet9ZCtuObaPKhUpfsaqAgYTckAmNd2S83GnhGS5ddOtx+WQUYXNjz089N/FCg+MF2vD5pwKpC69P9UNSjeBN/NcHXsMgnYgO4485y8PretSjUMjUOJLmdnKhdkpkhDjTECCLlo3v96rxURaNXg5qkXtwxrTQJVkCIJvRCNb5bSG3HSBkYSPFq5OkJEqgK7vqasMna2sSavVseEXoIjbs8RaXc4uuuofZM9kJu+cnDwhk/VkWLQbh0Wix1lRTntonYy+FiqJinEDAbbySUdiG7Xb7DhVgZmBRk/wZ9NBiNR/SCzJEIAOX3YzT1HHXfcLEnPW60PwsxXxWJ/ixt2RZM9bq2NtQelaoyAxiXlMYAUakXLoAC16w1mpPHpM1EwoHxXEcXqt4kx0M33hlOyihZCv9BveCAIDEwsc2Hpe57z1PC1AnEAgihaBSe8u0QYY+SSxXxlKB0RuPP1YHXumcArfwZtuuG6sgdY+vpgaQOQ6l0xflvFHCgx4jmfqKY4bSV6Ox++ORHlI7iM/pYyb+BbFuXAFLXmoaYIwt+GYzmlY2dShWRWQhMT6CJUoa66Z+AbLy/PofOt+bKxSqxDaSQRlBl6T7DB+xzgdywaCaYFjZThyA8vFS5seLo5iA7tw8HxY2febWpMqBypThWiXCkq6WGYCnfpjgOUb9OjgPtfHtdce54dBfun7CXFUM5vAAFYWX1L/9SUVEUT8HTrD6HtXKNPtJvzIfDstMsK6RDXTkMdglcuyoK+pOYpX3tAlOzcVjvPDY9XBhTTB9e5rYfavI0SpCCo5OAHWri6WUWHtkmZc3BCrRMVl7aX8M2T3slVIhGikJfyqE+UzwSDaOSg3oBdkoxyowg4pumuXVWtMY8U8yPzGZwmwDzT0ZnjgbzrfSI08qcMwDdvbuY7kaOSJNIZsPiac6JFyjBTszA+MzO1W3RF470/AhJarjSMkC8krB+/dRK/TyRsP2SLY8s3Tk33Mdp/jN09pDs1O4Mwvh1tlv68QyNv0WPxIJ+gkdoehWITu+vaiaQZKfizxcpuz/YfmzGgU9jLsMyhwKL+neN4JSLoS9msmcTyx4EcXIw/8KirIMM8EL7Q4Sw2oClIDKU0PAWrb9yhKTNZkEfdSr/RTNODig46DSuRu0His8ioI2dxNvqV4DDlORLNsOOQXNBxFX5xwf8kvIF4tJSLsNGNhXY1WdmxeGXWomIT5HLrGUuUpfUe8daedUqoaHgQ29Niom+S8Mq8p6Np+uZytFoYlBGH3JMcIKG094lqmd/oeVTqNwEIXoloSMzK/1ZA2Lxaf6rBopn9JcU5oRxKnlqwmjH4A1jL0CoohQZlRE1SnwI/U7NA02bFy6+9K1RKRhvTAAd7mdVDZH5bVIm/zmQxlVjwRF4UZbpjBBsLehNZIlaMli1x7MZokOy44xCWOJ8iIOwVhULXmgZYjTAVr+tX4dlnU8sANTk3MGx0UI+lKC4FFPnwJM92CjKAPjkn/K8db4R4+YUvz11eoZFLrcIPPPQxQpi4Xv+S4pXZOmqey6algH/vLu4MdQAqCV58MO+BFiDJimk1OUg7hbNRjQ736BAg6/20NprGVZKspWDpfjlHpkTXPGtK5tvikwBDQsg7FhPRjgw6+/s3vxY/QktmqLvGDBfXFLyd4ogCFqM/Xnv2E3C3qHPmigMp/s3AmtXgcRKU04rPlMJAfWibeweURC6Gdb/Wl5HEABxDH2JNLYZQyQJEMUUYphV1NXh8zQKKdZRNu2GRiD4d1dWx7LeEviRb6amgivtAFrmvjrytiYtYiDOImpoAEF7sCZGnB3EcwUqr33Rgem4N3pzTadlUUEVtqvurkbJDqyxHI1GC+0CSsBNnOTnVPwULoSMkoSO020LEp/NBoYNA2Uzv+h1YPSwYWpwKT97tv0iruIM5sWnvo/XpoCublcYgQVJEcIuVoNZghsmZ1oam6wUbymC1n/tXuMgLYhcxETW45yttb1lGziR/9qjbweXG2JoAUnC99j+l3RLAtVoO0TH0PNSaXViKSmExp/3UnxjOklQPjwlBhrOORG9XkT75sU55J6P30fiFDPLUp4ZEJUdyputVs1StrB6/GC0VjXdpYQIZ/SSismafzS7ZRiit0oFlli2W9RlfOv9oXEeXcKJgtvW6MHoqg9Z81Z6u7Na0IFaTk/bbAh1uCrLf3KVeX97tnkyVJvVtrIzDayFmKwJtiD43Py8xIjf7ufLmMj5l4ZyAn4Qm0bZMA7JXW4/DVjPPD3Lwjemv2+5QJIB+45d6SMcDki4mXyFgdLpZ4b62KqVvvvVJc2BEKQEWmW37Vq0fq1TYK61wPbRRf8WIVqTDW4ML0wZfzRthA1/b73tmBdLF31kCzWxEHaWXrtC45ndYVK7BUVDwZTM+t79ho1CcelOwMkZ5GnUo3nLBJZ8KxD2BS0a5gnHaY+a5NITPzDU3HpFY46O6ijd2eeL6S/A8m1qXHAoamN0hzjr/KsjIHoTzE4OsgaEWdhzMuJVaIGX7CDK/dWioF80SkeI77IqPWkbVB7lmT3NpHWdM3/YfrKhDjTOsXqRZSBnZXZKuN6/3iPCrX8owtHTUimH03ZYs0ynlJMR6MeCRJOWPwRdx8qSWELMga+P+BTIPyBED8ap+V3UE8jP1rGgFwaPmYWHGWcxOXcfdqvbuJF3OlkS9UnTL+WHfUgxJBfJtUt9ETabpRwQG8fG94sMLwlA3bQ6+VcZqcInU2j1SYM0eCbx5WVTVpKV+Jjia/5+n8CyjLg+RrlsBywpV+/KyN/3iqM48ytj3CYJCHAY562CYm4cV+picfMl9c+wASmdnSytYTGYrvy29JS25wa7fen6LqjtjKfyPu9a3cWMoP8E07+xT6kzAx2AgO9smORuXAV6q9CgXnZ8o1LWY+9rXp/fRXAxNHVaBXCciueJrvjukDsfY9tHrfy1RDpSkzOCS6lpzgJcQcFqEQI2Az+/iRZRLhGhx8Jk7YCu0mC3nbiQPSP18oJJs0DN9MdhlxJhArxwxwLakuVykVN2GsUiimr/YpYwaxuLT0kON4VicgnjfmV+FMQKXCkpfB6eZbuBeZjSTgr5I7rlV2GbZcdPqgaMdhKzoN5rNHr+YWeambHtnQq+e0GR12QO5q/BvlUmWc14uevBbf5DmohnY7qLOy+4RfHdVvEF35plGc5s/eIxuJ2uqf/O2crYaixGXOBIG+v4Mfq8e1adnDX6CkT0U6kFJFLWpRWVHZW4yuljs5WJ7vK3WGbMZyA9ITjXeqztjHBQElK8gaENAVP72Gg9pOPT5UqbBswOAqpgdCx9dasyGhhp47JRQ5pOeoamtYyAg+iosb2xtAD8D5s2EzXr7hSYjuuIzDShwyPJKQvKG9crRb5ovJKdGhi1sCPunJTpPhYNi8tno+uS3KFEhRiIbIO4/z26ys39RUoTR6B3eLfEHe+q2zkbLWO0VvYLvXrUHhpZQYQ5uBrLSOy2EaxVmQx/3DSzoXswLH+Nnifmb9nQBvZYNhBxf4/uLvcnwbpuKfNVEGVvC9lMRt17wxsi+I2HYGMEgYZqqxvt4v76q/P4w+3tG0txHKXPOLcuC3PL5tNdeFvlQHQ4pdyzo7V9PEbshDeFpbc6e52i02086lkOo3nhWYyGlnWJMHrw9oNpl6Z93LUr2O3J50YmAdZR5SU5tS6KYmvkZOJ+WGe6pGDqbmtutWDQyYeNrk/UJ7CxBMkHtom5s1C6onEjsbd16YeCmMvYKiT9mLR+tlACw2vNubZOkcZUCFKuutRgXd2DF1Vi1oBr5/cYqOqfAQzTiFvnp6wg5fe0bvpv4d8dpcbS+B1EjVPywKJ2LjuP4fR6d+XqWD2V0Zha7HWQovUHQMVAGcoWRJb0WETWLboalH+EiTPygapik8FBGc00M9jpnLOKMrDK1tYZs+8sjHeRKhNg2X8dUX57euK9UDQdCHzp89Aacb6K3DQn+aFyA372qlWQVZnqKH4K7QkEVm1DSKCbKpg3FIsN8Nh4pBNoC2YFMvbMEIDC+2WMVydR70yaHDBviVQEanM+TgpVmjfMjwN5i5jH8l7NHH9IRRDhWZcqKZPNuhTJR+TfqLhJrPjZfHGxABgtcfE8uE1VY5E4qT84aNd6MfTeI3K0VzqxhbVlN8b2omdlibbbN+es29SW4rNqYg/AeE64RQ541VGEyO+ciNXZOjD9PIqDYueXcuSWsgQTyfn2aJupTSOfM2QNJwk8+yBZOQ4wTUYg3lg54AQN67QnKl5Isl/qt7EyaJ5N6gPpGgiXHvOP/r4jtXE4pZpUv+9PTPV9btaQWg4B8LLx8rM5/HPej/NZjZXC2TECxQgKWLD2kpyl5xqwlxtGjnK0i5+Vb3SnaOxMcizoVvdKFn+MCFFTyQqTkVkN/FGnnRohvSoSag8V8/Me7xxHhLDf+gEEHsYSN5p6gfozGIgoEGW+8XaD5+UgCTNftK9dt5zMy/kXz5/LdDL46/aGlTcb6NyNqoOlYq3vaWZNZRv444MRpcqhLibOzlkuk3mJ8F12HxFD3ZvghsvFF4n9apKH4T8CECuDSgFGkUXKRZLCp1T1dv1RCOCqJjkn2nYfg9oqefyhU/NJ5FtZQClOIaueUub5Vw8iYs4hyeXKOZ/HfODw0APWDfINps5m0/0u8sVB0ncVCxD6XzRZylDviZRYOB97wcsXJwTpexEQylJkAqBZKoYQr+5EEV6tS96C++jdNDpmZvOsytyO9vewHmS2D6Rf7yTfsMREfbMOawJGrUo4dryzgjmnPSODze9W7PK6/2O52jc1kEc0VFtdRkdvIFN6H4kA2qcT+1bnYl+zWpUuuvj3Z1sNDeMjxpbpF/t7q+Z/euBBsk0sElCnGq9AyRNDSfHVfeviQwW7DsiszG+nMVcV3lNwWfLXW8lQyPPeN9Rkzlxkh5FezB7kz4uYzkkD8xQbL7JI4+gL3DbTotakokmyF+bI1yLJ/YgQGNt0BwkabXGEGrKAeiqPMZGLXx4sfS0zy40XDZCMp9UysBcPD0o4QX9mR+S5k7zi9I2kiXnR4jSyKc8Y2MtpJ/2kxtKAqm3zt7J9ueD2Ji0sXq4YW2cOALW0znsPI248p1XT9wz56pwu3pCqe18XcrIgis0+GrYqDElsnVrFoIJSXuQTpDKLmqjAF3V69Qcv2A3VNiXUBzVdKTy8RWskpYqeHlew27ss1cIaOPtO/v91di2wGNy/42nWWCZW/cgxnwnDipzqCv3MutiazruaV0SZb869yumXtH7DQej2TYuvWZWct/244FUQLwk4Z0II/gIU5Y9OssRjBWpAExf23C9M+jTWUjV4oWN4PBX5krpGJtIE/9a6qp+OaFNFniNOrplsEXwVngZqqGzV0yITlIn2/+uIRT7rthBSOKl+9W+Zt19WGMWLmxkzdUx7L7RFPmZjhStB9obioFYBKQP6uzh+RAeyHiT8339CxeciGk/RgIcIPFRz4NJGcy5053RwaRL1i42IL6B9xVvdkb79ON83vB4ZE+rektgTLMbQKPI0WGT/KjDLg8Jr8rAA4Upx9PXhpxa6vENcK8xRVwBYR6lWgv/oEVGwWQdGuCzxk+GzNJdduswFZBBDkjwupC7omYUnum0QMdhlKuogUC0ihLTneRXZux8FGiK6n5HZ5SMEKix0Bm/pgEru7hHbZXstkp3sJySiZNVgvryNXwjI6Klw3sBinV5dn/0H9mwLcBTbwf3WDZSUD+8fleBltUsp+ECNrSaboE1s70EPNfCt/wIIhK1Og/66yjADPal5EiGS0SgR2EPGafv4YyrZcbLx3XHCo5i/1tMAG8GgiqVYzOvTy0MEaKBY2krThz2jUgAY/dJrdJQUwUUGHhq4cgyFiL6S6gRybqZDuiDiqh/kAeKUxhwtGxpkhUQWXTEydNLo0PV5gEecZFEb7stX1AvT4ILana4sFj9rzYxQOj/Pw27/KRFkGXZjOJdJuVpcfaV8SpteG+QuG80zve7DzYEPxpmVY3Vffd4gOFeIbpCk4SeP8jLTWV6t6Qyx5EgB0ZrJpttvjBzgZGj5v8Gw4oyL0w1VRlPc3z5ObSY+5qhweESKbqKxNizaEY42bWav/7leBIbX39leYRVenSzxaUG/vBDfzIoCsUjzTo4gV8QinbDeL+fTp3O0QJI2qz/ypG4FOJrxBsWUzKNDLJKCpcfx2p/oggG/g5tJd9KlTtJkAH3SYvIj6xYGoEV3QaN49/tDG4696H2X9gsRdWUi3/9Ls26fCsnblTZqWxTJ/fSGkLhZ+WUoq1jGIuXX2uzdB4rxeTu4+kZVVntWzIiqVlbkaMD1poi8BURddQBkJtA8dJwqrsN3Hq2eF4Ht+33IbBmgL8AN/jH18w4d4Sic6kzH3GhoERxquRp4xTrEcdeUs/kYye7wvMj5iZqYPZFlqUw2H9yJHRFi6EhMXaFw4Q8PqS7SARGgFcC8Z5lPuEjDkqEDGaysod3uPdn9V7idoS52WL0PNLy2UHZ3OAKrpLyKYkdRX1Bt7MZDziDBQRfT0N4qBCS0rAdB9QPik/lUyo2YkjziAyQKSPKOkWWUNpsBTDSbSTI40czPLgxokSQ1gWC6fgana65DP5yk1S/zEtVGdWB2CR5ZIXx4wM8G+GouWRPI0olJIqY7txQ0c1SRIeVjLySImsIR5wSLs2PlHapngyWFPQ59HH5Y031sIvdjrYR8FCcT8tPeQ2Y0+BbLSEUIHQPQzorQ6xiPG+HTSFXqekRIT1dnAo6BXtxJYubeJcTiaTFVmLYLou1YJqd6XeV14qPLG0YXOWYiWjNzznqnwO5I4R1NuchLB4GXky7cObDywxg7/KpCNGNrK1N8LpAWoMdwpx+ctichhgvbsyAcqz6OlxmpnFGkF5cXY76jhR9ZFTkBr/Ig+56XZcmqwF1ltKAKtVF+H2vU96eow7GFvRaz9UN4lT6zB2dT45zRCv4q/wfnJk0tjAGNndxV+TN4qmam78hRIkVXYteYud5fn/qN6R0vMyKTY2/tNXJGYIuEZsYE6CtM5RASaxLMZofQcd9Anz1q0Y8e5m0b8tWQQAJxNoXu5cMngllcXXrzsltBWurxXBRqCJra2KwtyMXjZ1/lXxj3pXuUYtwEqV+NiKBCIGi8nrmoeXUK+vRBSNQJSrJVgahObCP8r783itDjCdAUSIg+bi0zNxbTXel0fGFAHWYqN1L/5M4/Z1E9U7qA5XxSpE1biyuJ+uhDsKn9rw2DiXgLAzAGVyyrTRxAbCugLYiXdMaZR2ThGEq5ATHvfVh6Ne6bNCmCU23MnJtHgR9+JlySgJa/EV7HSnwS6r9qKUoZu2v1ZsP7fwW8b7SyHbNaH6WE/dLclbmrap0wi6ryRsL3UtfhBceMSUo3IQq6OsZjkQrtEF/9mHliRUi7FY2uSQ9Fjw/ka3kY9f39IqS1joKac5cgMrXbQEY43Ru1lMXLEiBgOyRz+cHk4tZ3JmwMhWg4jlCgeRvLcf6Pm4ht4f0ZVdTIRgDKiYXwUi10xtPmU1kk5VpaLSxslAfOQODlb4TC8WZmjryNMuhdmYwn9Ris7CNJL52qRffjLDP5t9FDHfyr02YQXkVFDmilRI0MZjWtgoPE4CASaOuVGgEZaoQy/RCQvFtkgkZ6LjOkRUNClPGTMe9Cq+EIPk31xpZLni4w+PJW82id2PqEKOgxXNo6cigL2sfdX6cUqNu6k9JyjwiLU+F8kRg00SDD0UnGs/j8mpL/IR2qJ1phiOEbjPz8PtI1ry48XjCbN8gu8OfOpfHA/ox7XBO+40mQahr0qncv8gbj6uWLoEvtF53p0w2VxFGxPnjkb3z1yMIoZNBC9Q7+IvmS7EtyrpAFO8kaXv5vOz2Oht5yc66ZMYZe+aecYOkXzoB7bofjXJ2KzHCVkeTGFj0lmAemJr3USkz5FoJ/AB5xDfdZ55fFw6kEHDwQm8kTHvt4q1KjAlcwIVlD+ED5OABAWXNs+jUiaZRXq/oyiAjnauHqFKZuPKX15kbi2atoKF/Se431nAqtD0ucSUKHRsKb5TBAbeqEx1fsO1jJNYd6RDF+D9Nbi3WdGBimrEq7MuY9CiLZccG1qh6ggzyeIWodWOV8ErEvLF64+j1mjdmwF3Z3NO7V338ClcUYh65NRg7DmOlJjKR6lN0EtXPjdP5kPuMCsdOeDIh1mvKEpRkfavCLTSROy3yJmTxdEFFrYi0n5sl9cYfSLc1LaXLrNapdtg8ATzWVIq1M1l3ou5VHUSFPMX0X3ZeJVS7p0qFRVqazOp20JABqvZ4ypc3vLENiFPdJG6Kr5umCRtKw5dKrq5OJuVkSqcooYpNXWQmMZ0V9rcbG3wkFDB/n27StVum4ODXkcWTs70Q8caGd182HUCnvakn3ZXzRaHS6a1H9/XCYJz8M90LtTpEPE7FGkjP34NqwOH9XigI0I9jpqkLzv4K0VfYj34LLjbA7ODfxZWn8QiNmS/UswvPVB/UXdoOeHZXiQ1cf5YIrBTlQGLfDpY8bzQVtdfsniO6I8cUafrK4Yfh3H7grFjRliTKpAkcRt7lSuSRsqwqfUeldb01UyK796j3oJh2R5xfhEdYW6J9dF9qhlGYgJ4laSRXj+fGyVRqaJZSAEdockEo1toO/+ghc3jkPeKS/DlhJfjFccraDRHup2sZ643+WNz640tBq5zxxx1JTh6o2g8d1uQGt2bSHdZfHoMt7IdSR+iy1Fxxz4+FCy5OV33WgexF/rO8DAijtEAvm92j,iv:L+u+63QfFnriEGExLS7JDkMdz1/L9pzu8DgJtIqz9LA=,tag:MS2qZSEKPSQXEG6t2ZAiPA==,type:str] +mathebau.aliases: ENC[AES256_GCM,data:dSvAQESvLgq+k5YF695dUaBI/uMjKNg/AQ3ABa8UXXi9WoK/I4W+cwTFyppWOgKYg+p1APzJ+yfR4THlUkUOVQNcSCq4pUCcVPzv2UrkeYCOa7/0TOhEZGp4Y5AcfjQ9MH8TdX5FNZ2R4l6RrFJJTD5RKbUjuFtTkw0jpwNnICYiPrl5vm7vcN19nvurvcWERx81+rYRDEr6qWxsy3gCopZl3KGQJ2ZlM0p909xYYGk1u69nWBOP+5icEILMSSbM+dCztFS+ubDJCn1nEhmVNCqlfVIgbLkwbG1NwdC9H7RRndURskjni0m9+lbW9jY4El9OBsohQz0pkQp4W2sA5NSJvwkBDbEaxyYc9DwvpMwR5PUXxcx18fyLEXEmUuUaskiuhwBpwgf+uDsPro3DHUy9qQuGG5bk6hbmpHs8DWlyjJt/pdxAJIqEwKo3OH+QOKn/yjOGhBV9lc7YPevgaWT0859bGbfGi76hmFgAymU5/n/Oy7h6sCkG9flA5H2eoR4sjeg0OBJf1T7ZOvpCyVISBKxJBG+BOeik+0cLx6EoMhIINx2vZM6A0DBc+kLBk9weGdcWcIBDR0ml+x++JbuaVrHIr0EUbtssfmcjiW3aYL2CRjIoqdMqk1f66xwP9QhZ+0ziqpkB99mOsQb9Bkm1Zid/blpYMscd5u1E1hnXhunWFi8gXjDXYTGQQ9CzrKE24B2U9KP11mkvaWQjoveNuj8eek3u7W5gRGOAy6hoJMMwKTXIWu4YJbYT55Q6Ppvb1WNeptxuOlCfuXipOExqmwVntu2DMF1AXXImMS2UM27zChu1QvLuAqs+LKmMY38CKR5D5SzDnXNX9gQhXSyX1XHE9ed290prA1LL0TChG7QYCfnDmHuphbT1ea2l/I/2jqfZGuos2+R8chhjgCzRztuWeNF9NG43lBP37zS8/PFMb94A1YMyhGXM7k7nu6SJh1g8HMPOGXRS9athte1neOQ9YlNNAokV/PalBgHoafBPKqbMY3ovVHPT7SR8/wMkTjjXtzUS1V8GPNqQBHYR/eLTi5WTVd2PENmTbu6MQf13kTVLOzwcJIehWETTwmEo21LJSzA8ZvqgOKGYloPlsL6zpHwrPGATx/cH9eCDf3I/bxsgXAT8v6CjmU+VT02Sd5+HgKAaXLKE0aGF7hX7ZOzlhi4f1MgfaZHT+LbEag8tTzJH79P6AZtjFdBA3G0VV1sViIlSEsq8jbRdaf8dQqLlErkXFV51hnqsGrTUsOeu2kWvsHe3oQ4zGcAkfhsXEfRzB6xpOOwd4XanFgDaDxQ8CXDZ/sFbUQIBwwj02LakZEWx+oMcQo1HTpBhdoq6LVwyRCNHTzBkWdrB40iMJz5HZcTLL/eXXrdyGzNu0E1l6J+FY22O+7FRO6hzd9OGRPJAh6ATQOPJXCk6U4TSL9d1suyR/bJcBGhOwog7Y+RvXnBIwqg6zWWhv1MWjd1810F5lf+elK05Q1PmIbMbdGPhGBZ1yFhYJw550Dl6RskvqJpEMXXQ6b5glJenIE2b/WNNr8PQwqm3XKKY9V53xpvTHG5pcsyf7rmL0qHVZYLP8NBBTFnfhtVHT4fEHuaXc/Qi8/mF2Rcj/0mefVGZ8lvqaG4DvibnMTxDIQ30BWx4+m/maVXslKdGjl6Xhq5FRGpBA0SqZljAFnl9Lg/xhoMVta4XGWWsjixXVlzswxiNjCK4dUQGiE98foNi4P2oCeolV7lDWqPzQGjx2f+S4d1ZYi23JpiUXrmnalBiXlQ8AD+swtXbpbixoFLKT+nWtFwAEZgvjyxLSVfoHySEwWa69v4kNzYVjpAuqyEoD01HkNExCyE6gunpJglggbP2sua4TrRler8GcuH+tqkswm+Pnvh6pNvvkp7ZZ+lcGjUbQo/QllnH7E9uytyZhDLxsawOOhp8c+TYOAB8V+7TNdotOR30Hs5dwO+gum8zoGyeijP1/uSvk4ztxBGaJGWuZXq4HHSq3zDhOvSCnbgrDi5W2nwCkMHCcaA+9XLHWWOy6GLRIHqdDjagKRdmjx2e0MsQuXZIqgSdflNYLahuk/JJ4cqnRykz58ILQi7N7URLxs3SdJvfMZB/7ltCR5hc5raDupBWKJz1dX5qd9ZPY4QPRnSYKVuro49162b0qHwLdu5xsZUJuUey3lFvo9WHW+GcVH/irNH19ua5YzKJWd4qHHbhE5hsi91n4sWxH6gUfs5IF2fY8s98PU5VVstJlHhs8UrjbiYQdn0EhSxEBW5l+3eKLze2nPHCDbiQ6oe5c1uURBgA569ABHcapXi93ZY6Qqge0j1J8sFdyd7I3sOY7fjY6hdYzNH/nJCBMAh9iVMvu5X4v6Hh/E2J6tkZX7DinD5eoGUzxRkSejVRytfvbRLCXthJUePN2MOqBkAOEGCagDfNJx8MgqqoMgv3p/yBa9YxyxbHbaEwVv9s9EHQAabftBo7UQn47reFp6uPD+LTBkBq66oFXAkh6TxcRHjboPg5tVg9cVEg4nb+o8ylL/uyiw3svcnpH1k8WkvE8C71plitgO8cKEyiBdtQCUHi/5xn7DAPzkHO40ywDEtA747jrsaX8oNIwqKDmOarZFuYfPh33H9P6bjJ1++YUWZs9R8BTtAAeqpNthRI1Eww7qCyzthajQpxK0mQMQjj5rrWPvEnpmwKGKkBoAkQgA2FIukn+JV9cv/uM9z5DXvN2VMxe0GfH/QnYana98sWMycWjsQJMK6LDyqy1rC34Z/W7HpeVJPR4yXR94lZ+lepKrTfoVTlBmkZIadZn7TC1HIC5PZdscVRA3hOv8TshwTmT0XijbYmRqafQowMBXrTCe9xRxISaIZgbbG81/GVJnUvJS+uBLT7P3y2ekPczmfoV9DTb/TDgYSvQgVDHZc/qQrhmXMDcsOe4hiCIyJ9NlLHJMXEVvO7BQgFrC5GSsddsrd+I2G+f5p+lDReaT+EHY2yLfuSOq5uacYCXbTn2VEl+pwYqYS+ORb6PO4VLbc9MOwbYdhPQb8+jIwAm0NAYnIdOoRifsiXCDsFAU/z6epjqh2/xy5keZxwQ0ZpewMkKX3BXBqPaDRakHJhzHMYQzCokNLQDwViNYA8Ln0zfN79fjveBkn++jj2tl+x/0cYLEya+BOQjTyEo1bAWPiENTRRBW0xo5b/ynvY5KDQsJ8uz4oJ84UH3utjidw6ZeAG9ukoLxQrAR4rM+Pj/IhDYEjbmDjmpkk3REp+4ONJtaKPRL2VenIViKZfuZw0gfFY4glqtUwzDHWYzRGBSRSR0LIPiOehqgWYt+RFUJBmAuwiuBsfW5Zk2TzN46fsrKD2RBf+uZY94Dhl+L/lJqRXW5liegQEbxbGkjaRWkRTWqgimEPVXlMw3ots3skpj0ezC+5BVcvdSu6ceKBmINcKtkskfzHEx/OEO180U7M5TasfIYePomPJCqk0kht+TEzv2NLMI+k6qy35SsUmEiEaHu54ahII0ciHE56l9zUzLChhGklqu+SF2Yx3vAmcoI0Z17siVG/VJRil4vR7DdFfAqKDEeYjoqGrJRcxNnXZGJWwOTKkx7mH0d/i4z+R7Z8l0kHjsPN4piNHWSo/FnpyOP5EMnlCuO/4rMgmIOdv3LNmdu59bkbb00JCC9VU1ZbAH/uNLrFPNYhfA7VjvlApckgNwIkZKi1cElcUUnm+OJTx7lNmEGJwYJNNG1hxpZuvh2vBzySfYwH9LV34KTivylMqENGD7arBR+ghFfLXpTjnjaRiwAWT8fKyqloj9JAt7RO18DCt9JvYoaS75B/2F4h58+nl/nTmjZubLMf/HYgHEO9k2W+q75WTkz/0HiAEXRD29VTR63c3uPtlLclUEYzlUfHfsDglAUzslAkHmPxhfEfqyCPpjPKgahpMVxRg+9HQgCSxhdYEp1HjJ3ucaHE1AvaU4Z34HmcyyaJGkcbeE7tP+4jM++SZZW7xvd7uSeTVOEz0W03iSSBzCZ2timms+ILH0TSC3hTQpSYlZIqZaQjI+r/G9JvNpBPHCzWpi0OWwD01cpttty7i5P94UNIFHXgSvRFVRdrLpyiHKDeEXdFwSbhCiUmhChjf4L+u7+CI5iIil+KXFhH9RgWEIBT3sYAv9kxuOL3EHGJvHBOz9sR2FQg8X8/OkQkAJF5b99pssxSPSGrzNmoNu5IriyUyYi/P0UWH7L5FLJiKg/2LUXoNa3vD/Rs8z5fFeVVv/GaM6SB3dr1SHFw/xKt0Z0b6NpVd39T1cNNCd4eo+VBbB4/GX8mBi+ARg8NG+VbIrhoudaxxGWEbCt1wIYRE1H+mV28PgC9rOOrMiGk2aTSI+zMGcp+jLpId9zLrR/2V8h3SfLhJTBQJGw6e3QQ3k2IlY22Xw8fY4dvHk1E36+EaP5WHWJlWgnO+iH5ep5t9Kyez+6FdhHnDM+4cc9Ud3JZP2/RAofFMvqRyt4xL84K+szSUwaMcwJDRAlgoikJ7GGOQGIan5VcJ3EXzpfaEkrspijXZ5bYrntvKE9R8mivvhMw+m21c3A2qYn1Vprh0Tcb2c/oPkx+kqMzvKVniNGj0ky6+ancCW6MTmtGSbJv2lfr8R9OjKBrCMpBAe88Q/a2bvYyg+EYtyWx3dpsqyCpXN/wtgDs/N3uRfaSCGRq2F0erhbkYcJYkUwxcsD5c9LQzQvTkL6V55VWna0+tlFrZikBafQCsx3OHPynheU3T5KvE4Kra50Vk52S/a0LDK3ZZOmGcJgruK9u1P4IS4bxj3fP7D9KAadZSWaqxZVbdx+LbweQMyrpScxdD5AOBI+9S7/17syWQyWDd4jA5ADhokMYxbOponnDfm2rhbpMhhwu8OVWBZmPBIGwcECcBGNLBKkKfwoGR0ipOex6+JYfqK73XoOltJMeBUCUtEu1T7rnigfrBpEHJUJxC6Jykk4gSgvFh8lWgYoHIsYYSIkDhuBVD45FViaXq/IU4jBLHiMcNKD8F0TioI6c2TmKkO34LeroFk6KWP5w7R78oy7nO6wYjmcMx01hLUUNfTJjSWNDIyMMoonALOScg3teiDU6fvGfOmfmnjJKjXFX5Zmg48qrVgTrazRDz5TLUMdrBZOREWQJ0V7QPQAk2yk24R8Bcz5GP24txRpkaVwmgoNGHofCFY6WFj13UsDe81F0he0vSq3/FaxhPXQiBpaStuzXyAQNGqPPx3GoXRIZLq5KiGSQTiDVs0Tq5SciHH93G2vRzOQ9zHaYyQJ60fkXbFKY3E7Gbfj/j/oXODmPMxcmCPPqjvYI9gx3oR78BniEAeTq/0r7cRTGx2DcaPh5hZ11tpsBA5MRDA77B8/UjIo6glpk7BNBq2wyw6+dMUixhJ0a6Bn611rZaQDjOTO7hhQPSDUdjfWVzaosB6upriQtLCW5DVJQmc3f9auZnEeVXFI5OL70HxrWY5jbyMVeWMZHkV/4n2fn9B8ynKAzwOvHMy1eHn/F+XHsjIhVh1lCN41lgh87/qEAo0nh4xFefu7wtUChh5tKQiQwb0V7bxwvcTsnFwJf+9j7U88Rz/NkdAMquj2y7CLrdLqqVPJMbJYmRkUW1ko+S+I9V/qnSVjgMalG8Xk0Sqd+tdeboQuU6ygZlt9YkEMmFLhnmKsxEiMonXVudwSJ7tPxWnvj6Q+fbs9EY20NHPR29uT3dgxKzCXWCiADn1kEgeRi/KI0dr4tgrf11sXxrhC2cL5XMpVKJcswvQhnXB9TWZJgakOsy6lU95DYrvSmEz5nS9yIDzAChIB5nUXB6Mos5V7gA39YfrWm1TuRw528YLUdy0gjPGAVO9KfysoGd3IzOR5QkPE2iafkiRa8nuSWFuYjXuoNCTvy1t9UhO6X6i47kAohZerLEBzP9/eotPKtOASrFllg7RPlJO/OIA3y3owYCkB8bhDb07kYwtEhzLX9v14IBEfYq7vA3rcOPr3jSXVU+3Whv7h0VN032SXGq0yORoKmC4yjaWYN9XJqXHOaaq+79yxJai0Vs7tVyq9OcgD3tTSbSWp6ID6EGoT9rYTME71wUvmVG1LGI9DArT3sNDnyhcKUa9Bg/SZecX+32N1AZMxhKLIR2fsOKG7+MfEBC3nvf4VnFGpeBCybSm3WJqygvuHSU8aA3obeqHQPka1rpgtrl7Jc8zho3pAU0dn4lOxH6Hfo3eYZk1z2LF+XMoVj9V5WstfEPxIR/ndRllK0LpcLsZ2/D8llpQQNQC4sGbXzjKE8YzsIp3oh9uVHcdNXlVu9mQkndwHqAOtsKCqyyHT86gV+uiJOp1gz4j0EsbAqR5o4ui+EjA+wjpgLUctylmv6Zq8GfdWNyNUYl4s3Y+1Qw6M3b2Gl11tftQqHC2ajaUcjumLJaX3qAzoO7yyDjObix7kDmwx3e+M1/T1ku41YyBLuFCpKbC1kUmyUfazcQgzdc+tVvYJc3XrM0uKpkSRA41cSRsc82IEjILzxUox9jT7ApKxDRquSJWJc8Ri1Xk5yplFyZkUzYuvUMHEA/IuuA8Mxr2Y1Rc9Y2esOfZK9JgFhPylTZlYpv7Pklabb9KJw6pe6rLoHVtW83yNmnHME+sqSKyz/U9leJbfSKkXS+h0ez42R1Qs9eb0Hmcam9sSOjxQZrnxdiMJxZt7YFJNwaE6AqpANTIcgmOcZl0KLbKoPN9W/9/1LGB4ulbAhdB0CWCqvF3cvm75RxwBvpbsZjYsthFpKXnUF3yWnFNnACtyYGlSdsyt5CYhGYY4DnENzb6meNEkKOg3YMgupoxbeXS6YA0vxQzqEjS+f1eK+Ad5ohQK5puv5S4xtuDxgs99O91E9acCHsAaxKHwoYUuxA96RPyAUlq0jxyoBGtPXpW9sq+wLtVnytLRCfP330W1GsnixN6iGuPtBDekXkb4IVJ5+fE9l/OoKYsmN3oUZRVNdVQNuTjv2hW6mLLBxsuOSVSic/8InMd1Y/0EdyeVaC5oVx4DDyuAhkOXiBSQTSV8CFsvPaiaGpnnHSUbnpoSjmGK1QVnPJySdHtWt3rFJGOLZ2g+U66wjUmADqSyhSZGNKuq+yhFsMTHoBmoEp4qq6kfs5suEd0vdZXfmR13yQgdzYjHNIVQYAGeyTlRDrV5XiJIDFZ6x3pp8/JvlPPXSJA+dINRFHWH13zGKrE5BCkiXxQ8bs9UVMazRZ1x3p2Cx9PNPasjFHRu9xQ5TCnQH0pmmXZuyRXcTmFUyI8uyz6AOhpUqlRWbHNETMzijnkZHYsIRHAB+y2YNZrINRk9KmqXenqIXfG/eH/mUBe31CM9AwCNi3TbQNDDwkZeigbcpqW7/Xt970V0R8cFQKE2H2L7Rk2XWpI+pDSjL9rrXQwqO9o/0/eR5kPsdKBuDRaaDX05Xv0oXv6mZFcBfpq7y3qB/b0tYGKGVB+eePRavK5QVojVKBkwNLN0LpyI9Yb+tL3vyVsVWoPRGwekjAqKqInKzpHF0HujvPqzcFjjFxFrV6E9FeUGTGKH3C8yxenuve+YQaTGcK9oDwfKHgPdV6Q35EfSZVnPlk6a0TfyCerdrqaYFriSpTIlvTJFv9eh7m+x3z5JD2DKSXV2KBEDZmMZ6un6ff7q+g7Sxq9VuBlYhX1buxEP3BkdQT/qKqGP7mj0JrmwzEbyjUIeRdMBdEN0zlEYkhCjBI9KvX/HNV6ERKcurn/7h8Zf44DkDA2jQxKeBtJPGABpYNDpnmXPkglgWoW1SPUxCCMKPSPZExgIkDt9acQhJF6fYJ9wPwbFhC7aRxSj09IYIZdgJ/yCxQukLi/pEuojDg/oqN30PoBi7r0+VP39Mh7bBvSuPuamjexV4m7Ujxv5BdEvl+PcaR1Wdj1p0ctecEH/zBv0RA4qggY+dvG6nrGS/uFRJRRWAaSFuUcnk2iJV7dRs+29BBmKS+jjTRIsp4OgvUeYppZYBP8ZVC1Iqk3JhkvlEB+iBeFErkpQ2m4v8jhgYDSi2KQcBvtD9dKqJeKRg5jJaH9pzr2N7HsOZXZSzd8/xYJwNaCwblucaMQZsb0tD+ISF0APKYh8Xe94SLaZidoKMujuKGFltO4EQIvKSOiYTNSCqanT23fpOSk4nwOme1IDFEGq5cJldErUYI3sxEmF0du6AUqcGio1P/GLUHtJESB6W6QcrqeR2i4pgShkwq3g8Utu1BEUOtNEsHKXff2oV2XtTMH/msaXe+wWJo+OTXh8+TUJq761q3uelbMeevyuAjJvmkZZAdXYCJsbspMrg6ujhkDCl08dBjI/WAYhAEgUl2SjXevyKmacy91AnIP9VlVGA3NNJ4jyX8h9jr25TtW4vaWCt2SWdWhSj0wGfpJEtN8MXsG6Tb/XZHegUzA1oWEh3Tq5tciGksJ7HmrNc6imeAKnHKRYWMmK4aeat8R595IKEK1Xx+Pv4xDjxodIX2zWa91lzFdWBo1K2MwczR7KXFnQYMgss/gMmJqW3Hj/zIyE4ul1+j9QAP/ddsnq2/2rwGo5nIceuEPKLBIOdKxhymOq/w5GP9yf1i1vORDH72lDyFOSY+JzuyR8zVNTR6opbJAgvD+3UOmGN3xHNbW/UXOUw+ggX5uuEGKox0Um0wIoN6VsoB0kvdkeKy3c24puzU1aCcPhoUf+B7tyN+rsgfPSvMdrFxrKdjth8qAgGfloLH1tZMwTISYDestd6z0slKkHWsm9k5a/9VGeJXu7MtTuoFzvYLsPCJI455PBepCKbnjhLiHC6KtOtvVz+4vTUCSutdh7YpI+otnu5wfci7zaU39lx3DVAHat9ot7DKFZlFDkVcoJcrEuGrHBsSiMwLUiQYbT6YcPC5AZY8EZrYPXGp6VD0NTkpcJsf/8PC/eI7XCdqd+giiZLyDZ5UhkGzmkoqL4oG7qYsaZ0QNht4QtVnTIPM5b9QKEaN+m7b9NBj8fphFP9vy8tkir7J2cjAOUcA7tZopHRjwa9Mk1VDrHKsXDa8TyFPE/Djf0NgY7v9SaFozNss9U2830w5kRYcqlMBMz5+34db4LVF8CZJGJqvdKI7jMs76YqlpdVpE6D5oBI6c5y2Xrp9fYKbVYrt8JPGYm+X7DGKdeSoWAXEBrDRIPifpSWl7PLn/jLfZFOFf1SDiA0fG+pH9ufRUL6S0G2xwcO6U32diMf2P/+ZpiQGk+wMsmToSLiyoQzG0eHT5+WdfxtYjoC+wNkxKC8cWxNZTBj+fpi5CsHsCd9rPz17ueK7VCZ9jnPAdSvDNfIJGgZ7CrwDHLt1mlGtfjtmY1IWziGEfH3ygxnwmxWtHJdt31UTiAbLNoYLsElKYy++67JryHIPbqbR1ciXvHjCupjwfBZ+i/LpDmYEY3Neawo56hEoSmxPJyShBGBUpRXLLdOv6w3siPy6vi9f8O22tC34tD1mzg576wmL9H5SzTzPmayHPaYkPMhLpuyshe4TZZ13c7la+V+Z7BJYVwXQ9GRu2cSXiowgi/FEofAYqEpUynVwBtlrzU2z6b2LpikEpP/ifkoanosFamG1NOmHruB7v8J/YCzjBejdLU7qRWnLnd1NqLQ4KkbJ86I2FCQ/MMZF10dp6RrzVuC8Sf/CQzTyy0szaRgAO6DVj5yXJoXiMEcGrwUICA8ayB12ylmGrwcsWlMyrejxEoDmqNN1AHQ2dX8VeMDkFQAt9pTo2GXPrA0YvBjT8HqVW2eYTjY0uEhKuajjDg8/n+NxK/fYFHwLa6sEMNannVWUGXhsfPc3CP/Muvhdirr1SH0Ksa7S+IR27LSE/EpUZ/VGJW0SaTd2ywqH4i6zb3fyKs2a+4qzSe2UTHDMa/qLLtxdAIS09DqOH2tIk+FHMSkI8nVENnOrFZJemSk3Kw82EAqLsBN/IzQ9JXRH3mP7BcGOhVPFo6wJPFsRTPUklIoV7sOBrAEi68qbNP/ECmAz4hlCYOOHVOgp6vjaY//dB+QmLyt+naeU+d9bas0DvmfkN4M5qnm9s6qd7GPs2bD9nOkz0Zbjg7g7gtNtVOiJcfGCU3Yetn/XwlsoDexl+Dq9zp01PEgk1+gxdA2cDY8PTxg9TdrkAsPvUxlbW/ZW4Ub++ObMHfPTeYC2AE4idx/FVYH8NXOYNpHRF0ZNJykUSvXMFi6+dKSw6G+j2BzEYIbryUKtHF1S8ET5J1vcnHX58ULZ9DlVhGjZ0haNHidZhWGn2SeO6YSUxEYrPFYRZbu58dmNMpsb5Dw7IL6i/9dkG58VnBP+e0pYwR4Q7PY82KYqHxfnKuAfKuB4KFzecyz7AvLGQkZrQQNP1gpdJ8GdiL82fL+/2DBXRxRuXtMsTL73Y1cjH8zHpGoydwPnPurtWvWHnHRLhB7CKQHu86CY+wRx9dOvY8grIXJcckDpnLM4HzH/4Doqp0n+JEjTkKzNyGm4v2bvocEYGAQbTz6FRflTXjxhhCdgPXL8hn7gyKRaZM59ugbSqdm+MOmxbtQz3S6UmgxVAB04ZBDozUGV1MJs/tSn+jArvvQE+N3AgrdAAXJesaR8CMWpA/ZWclJMsifC/NB0y2hBZrcgve+BpYsmVRfUh4AUz3n9pAkaL6tFVI16gYjMLzWQ+yaNh3cyaYalCSyU7U4I9yJYnmjnsOeVCz2XVHFl9sDvKAXVJztNzvxvfomy+77kqH45Bs89kAej9VH2feAO8rkJjCaCysOrFWyDgWIiz4YWG5m47nQruEqxWOqAV2TlJhOlO+7SNHO7nYnizIusCJcIPuCCmI8NySrsxMvUC117/u0vcA9hvuzoDB3oJHLNua71QhYknnYtOBKK9h98obLrfe6PVUTdPTI4UehpGK8Nf4+TqVGxt/f9YRkrlHFQLPUKTWTM1p/iK9L+70fZscGJsqGAAzC7OCDJB8dP1mEv7wg/TGKJQO+HU2X9OJnZqeRdxKoeCzBhGZxlxPdNhWPE2zAELWAX8ALJZ/VCMLmLLSx7zN4qxI/iYIj3WScKLpdaXqDIM4f85MAlKVPma759NTMaa/g2HRplFpS/8+HBDhiexfo6ylFjaeJXrOa/tTo+esviG2FYk/bcLMdVGqKR6t0gwdMh+gjmJDo0UkKCHgHCjivj1a/20kkpdl6xnOtNNG46/7wacclDm9Kw3WzX+O+4OglXFtU+ngxITNOE8OvKGmJC9wolzKKft+u7QrcrB70TQsJgjK7M95RzOnUBoq4qqBw4zicTrLojDJyZfTdPRxQFwFD15hj2ZP0c9ud6Tsy2kFrl3V8kl7a3jf+TGXhFR+ht+FxGkMKXgYUradYImeUTnQ95MY+maFyY0iXdAbet/wxUv9m8q8Bx1MIkLbZLq1ajfCM197+jjDdAmJraRqazPgw1AWfisa1wYwMUlSZ5LiaVl6dP/rrQLx+Ifb2L2QAAQFRvoDtByA2i5NQb+5XzPLWDQrSP+Vr/9sop5hDypHIsLUZfPDeLWTNDKhaJ1PtIxl9/eVv6iQOYZ/+4JqXoY3yx5Iu9zUHpo5QsdinIBpxMwZVt1QRl6tNfOiQyAGbV+kTRbafAFSpuEFJ55sMJCFypOSG4/5A1qwrLymeav1/l3KdD7lVPBoLXDFaYUMTdTYu6h8g8SlUIGwxCw2J3kYe9F8kwr5u/RXdyYCy4b+GcZ+z/SGINNfjDu70rmbwuzNr8osRpmAhAnkfauRgKand3Txi9Q+gOafAneLvG6+ulP8REz2VyJxIDkigrl6BhW8H41GYzyrncTfUk2d9jSn04bKRR4mW1iuYiizFALIAV9jzxlb/k7jr4IkisBCxHqSYEz96AtS/JX9XGTQe1BtWZagM2s3oifp1IRALhzo9r4pCCREo6TgxbSBCFS/3fZDxxMzWPO3y3DTX2JMkFKTDR99t0eMpDxwZ8+W6mMBabPrsR8OGgRevosNT9U9huDSvxYv9Zzop4SnpvYx21ZufiYoj+lrwjCw7AU7goFV8oM/na+IJuHmd5/2weiZmQ2+PfVztpXUgNRMPIYQwgmg70VEYGVPlJu5CK+DegPHOttdojVrKCixh3c7tSVXw2rqRmaYCLbIaQcZXXmgmAhEdiPLj9XOXo1Q2gY4hM+nyXtuCwwdFAQnHu1Clk4tzJKwg631PM3qkeWfY4iNpEYEbdoC5yjsDogJHtrM6FA8GuTvktet5aixycW+Da8urbDrutHJxS0+8Cm79BiLzRMGjSPk6wHoxGPqrnahay33E7TuPA+UUVCCWncOjkzFBi/otstuN5Radvx4teaWNDFZzls3viQISXNkiCyjWnJu7PEtpfXeLLAdQn2sYIZdzbfrWEpgLNwBWuF4MfCw/dg2t1CtZfYxd6lJ1vcCmvoUMzK+kXAWMSZCckxEMNVtEfW5vkPYhkAsVG8+oN6pg4fiYxn5ukE1qvGpMgDs2fxsV3agGLcWzN4wo6KhYeaLXfcf64e3iQyjGGQNL5WSdUM+7gzfG+I7ldh/9JyIK8DejEjWSunQnwehG3iur2+c0+XoVIU/t626f4cRamKnLYPVG2z9PqA9p/8lX3Y48BoxFvzG6ckJZ6+4h4/hcAo4AyTGTIMk1BE1OUR57BxZp+Yn7ymrljk/tBl+nxTj5Oy8Y0Jyvx3q5I7I44Ip3wrKBm7ZikhroMFtAfPr9gBXpqnnioyMiYAOyBwRpMKH2l0kBgETuKtsuB5CRdsXLYJgB/ZC/oAnAatyDmjSjeEN66xhLCxYbrapiKkx6ivOIE3G8n//eoxjL4/Ay5BIxWZPzOkwLeyevNCjdfki+5h9ZGkvnD/WafwWa/2j8bV4YZbfElsXW07zMN90V+uLJAhzCtAtix3qo4pA9uUvQ/3GdVdqK2/0CPjOY13Si+2Eyhf552YRR4BYO3v4c5PH9VbcXzxtOpbkgUrTbLbFNIINjxPR+ho0SLUGfF8qbE6zXrzSCNGaTKuZbKWWoIlEXY6UPM58vNwG0vjN9JqKRBuRoY8R9C07ASDsm96qQyIcCHUer1VIVe8Ej6tUdus1ncrAzBMZhGMjeUSLH/UepNCp9aBlW0dMGOFV8okJO5Jt8AobgaohDVntatfQX2vD0BbrOUPE7SmlUCGgwr+nC/kWx80sCekTsu74I3oTsWDaXnimTHgil5hfgNv50lwKq+5dRY7noiMEaI5MJEYDAtLhvQQtu1jj+t+UU/WKnL0vk/Wx9WxjgtStAW1i0ADvCBOsTeQv4VdTmVt5t0X87y6Z9UKsoiMRzpDBTsxEACtJE51oF0oZJLOKcshRgNoXafo9IsDe+t7dv+raRhAO8eacBzBqabW1VTKPcRFKX+ZQtMLNtsNQvN666O6JGs1BHazWZPbUCHGFWqk/xYq7tWtaeKLw5CqRyl5cR+6qyWgMEK4Jnyc60U980WPOcKOKo/x+nbPQ5aO4RBvp0MdAlFqRd8fK0WEk05opxWdYrysn3Sc0VKc0eqMAMC5jUGoQzozGQtg56NwtXbS++eVdW0dBwg1d4GVC38t/M27bblQgtAD/YwRr9eEcGt/yOZCk3x83rzIlLF53lyD84YuU4YC/H/+XxJS0EDAE61ml2JXTxZPzy+MAXVDtjsR8RdOZhTmItTKM/xcKgqc5RUnxO1IuhUAJMfPh14s9c7THzJRA7r/aKFeszJ/KfJbOJnZsyCpluDuNpmckfmUK+lUk+Y/QeRMhd77CH3sQlbw1Tk64Rt0Zx21G6tRfqt7sRuhnVyELDQItdMYcTKmk3pMQTxEHCnbNNSbTZcqFgpX/AFDxqea09QLRyw0+rSypEX0kOuNGJzdTHpUh79gpvjeiOTBt+yID57br1XPdazJ2Mrwl4FBnbo8Q/QVJRrBMzBfZm1odzsW5eUGUmXQhJwJbPOOsFPi+LGdwLgigh8S+EU7UM188Xx6Kwj+vg1raoLClkymtX5LZSP5sZGgclB4lOAqX5fhsY2n23Q5A2CAWYcq7X0zGcyzS6VAOj1PBx9y6QjGBhlHSHaIG1aXnjw3m2I52jZooZRovHs+l9gGXtjGHzMT6X5oQmqCxP8zLuawsDmg/RPf0VmkG3+AiidnESCmrD9xe1w0SwesW0PONI9djYJZ9W7EfHnGHl1FIGX+95TeS2qZvUiQt8CnChGq7trswiRERz9Q1S6sHBfKLOJpfWBAf/Po3ZcZzPqXhrlQrwx6sb4hFWwfaTOm+RlqGb7sbInWeji/AxUBcNTq4sLCq3SB/jppCFe90SccCqiYQI7wi3UANBOdr79OdGudlwlX8jhkYYEEIx20cl487BA9ojGewjXkJmmTdhVYPvewbd0P2R2SRrmGlUL/5/N8qoUmNKWYHCV7mprmVoNu/9RIwoRr+oDwblng4ZqUlVWXe0tZooRTqIr8e4HzmPC9LJEyq1silHUbLoHkSehCnEOlyGrdxRKqSlonW05Jdi2aQ3SP9WVJFqI2S1U9n9i4WTX3cYisdLJI6BNSse6H+hOY1yTh6NWefMp7c7r4HwT3pa4WlWUF6XgI40aAwn4NDkTdSe9JlNIDm8yxXDOdP9sNrDcrKMn4t6pE15eozBJVqkFRJO34IIGmSZ5ZbNlA9jIeEfvpRol66aqrpA5c/as38MfAVCDzZBb5xbfAN80fYC+cZ6C/3qNnRcnz4qzSKQVpSVBJucBz0u8IH6HHfIQFaP68AkTYbayxWPBph6lDsSdR2991+hm1Uw10ZJg7jReDC9WgAPgdAjxvcCDuNZNDKEBmTNvAk3fbISZ/2WuOjd6jWkecm7I6qXKmRtFuJu0tCjqicpRQ4wBkYrU+RzlASOUDoC0/bz6UjTLeVm87+kKNry+F+n0MgcTjvW7u8tDlJe6t3PRcM8qFzJ15gWk0WUWebcf+GQqTcvGHQc16l+4qqxKlavkifsP975aOwT2TFVb9fhNZum2pynxItD5VVi0sNbrYG2qXj04BmhxRVrJcxsxEVIitwoaWrjiXrYfdnCyhdv5Bzce1Cqetqe2dgTrgCMzXuAgkmbaChrG28TQ5rCkWnDfkNmaq6N5cPzeOE5qAejwtY0peYMkeOzy9xbL+QUGtAgp2d8HHK905v+n2tV8P9FnMpEZUby5wq0IfKMufboIAJyY/yP69od0eEGrbN9qEQHUxlyvHmb8oKGbnCRpM+GHVVsl7+DcsoHQsudKcfpjPRAsVAb/5dCHTR9wEzQqv/UyMTe3xABpT9tjpnyiT8Q1MvdH6nzpJ5UaXPnRoatDNIgq2l4QJ9RrRQwhX2/EckSYVL4s4iUHXm+a22Z4kva1801Ig5OJQa6qhfevJEMK0IAnh/NL5/EPc8faEHn+F12g/JvcVJZnL6VSgqZMLP8naGyAmClks3pLAw2gQYTuNnt8Atqdr6rmeuWRHEmjas4eQHGodDTFEDv3jROYnKmdB/JJ5ey4WF7PgGwaqf0iFBND0pTSUj/SiijIDoFekC3ZQd/17EWeF2a+nCHp6/h7wi6uCI9h2JbGuZj/uxmOsnK+zXWurtzygyyZPO2k8OZRYAdIijjwrmwqt4/NSaOtkL6GT90amDWZAoMYjEkUZ8+vaDVdSUyrsACLuHIefygOdgh2+R5jsmbL+s7X8fpEkV38hF+FKlRFdRHEdg4vc6xZjotbttJhUC+C94XvrNNKDxTirMjN6eq2+Q7McJQRNXeZdWF0ZSC8EAm8NQTCCV5IQSEZXGCRFpo3qzip3BfNrpsNNGSwLsrn+5BIFQm4EvqS0EF7kci2RwdqTCsblt1CQ2pZHRc/aop8P9wyWTTNG7JcbWMKJMJPdjvTEW+H9w1LmJLW9mEIK375TKWt9chmDcmz5eAg01n9SHHn3oj72o+mn6TzzCvsZFCkfIUlQwFH4Y7iljD0YIJ06Ar1XbIRo/GsZUwfI6gnKd05tO0ZP43MKItEzhCsQ9Z+XWpkHsw/riE/hZipyobv7ZgKl+iBa5aA2icXPcChs3MWWrhR3awoSkeP6hL6es2c64CXaofzfx1tzcT1B3XklX+l3VxEaTGvlsdQQBcVBt/sNWk4wbIwkMa+RZBJrnhyfO2aLjTt+XQHrMZiyCB9f7rndc5Ny2Tzn5WQJTafeHmkl1aPoVHqrGZ5WnJnjRcrk+bVwVx2MC2nhE+7yn6sEIwH8IaUwuh6okOBjcfPDL0Is/N9O9zwlmRTASMFQucuK/RRmZzvmZikztAztErV6gaQEjvDTtb7j0q9VH8ostEgETkU97ej5ngYTQ0NH4cXnbMBF+lnBmcx6MrvxG4KhK19giDFxZlDRB7iBagxjm7oAXrrFwgP7BA8ByT9+khHyg22h9jELbZ4UpIuuu614+yaO+MPcmiZJKBv71MltJTcQz/LBTx//uQqBL2MnBWgNMF289jyg7XiiJ1lQfnQb8b4bzoyuXzLNZYMqON2ZwV7jbe9yfEEwBzhM+NhLLoothbi/6yPU7+mPzZH/QwPQEDjbjFE6vs7VSiqVvVfbiKvjkwy5YYJ0k4WMetIdbRbknVu54UY5br202wx0Lf1/funtVrgIi5DnixNjWOzN1T2jrPyhd2BtxLJpANY/xsCZMDkp4fX3AYFKNa2TkLB45KIN32NvjPxgjSnEIqTWXCH+haCRgwoVWj2qH4GU0BaqawyGGVho7XIFlNaO2GAWckjUSFFSAIixCaN9itSrKBeAsGVplCvrSCX974qjArY9ky8SGue833HuoVKVCkI7EVA1Yk1dAbaQEXj5ZDyU5wkH7+/qiANI7a0VPP1LK1FgVL5JNn1/v/pPoIf/0qOacAJBQac0JUgXPGirxKchdjMc8WLOtfLEw2FUocjZtmVcPvqNnELxCO+JwKvvWdMBFe9oP3821f0txp+uvCu6dxnOrK43zAqEuq4Nfi78EJZNnPvEoPIugUjnr1YKiIuU3Xb9vPZ8i7/T4CnPK/8Fr5uWfZ/CocynebDaclrKojSpa01vTgaWA5byxQhgy97dJQsKnaDEgAFqoO8XdrC1bbC+9s74HHn6irLCri61xS4UjxWSMHV+PNIOBNHbJvSZHLIexT62VSRNkQc+7KP0U9eWoaX1hu7Xd8pBuxNbr0A6JOOKVXZxoLU9Hjr5qT39kEGdgJja1ijQkFDpwhdU6tK1haUf2YpbGQarTEQyP/t9Du0hzjJM4t1gkQsQ610096X/O4fRszsA+91J6sDczbuVv+zNl89TB7Qkv5DDgrgFfYcWFhfaTEVDZdC/WdZtxrKx83S8AOs4ezy2ueUG6Sjrw8Xq5T7WleT8l2E98ZBHPWW/KE0lrC5enp/7voUavowVLwcJ0peNRb8EZ/y6SZW0vr4CcxHCXjv2RBWnwXxHw5pDfRHwcgvRq2XSEQiVP8+/bABHbvjVNZjA2HGBiNChp3s49OneLsH0FWNnmDM5FTpgotyUOvOh30H4mgo5vNsnIHb7HPLUxa5aKGCcRQUQ8lXpjw3ekgfgy7A2IbISLPwfUqdClmJ6D0hiTQBdgUPbUsjq8CHxAkyk+ayGWnJOk284VD33fivPHRF4Gf8zBRtBFJvHbyrrH26wiWPVtmrPpulCESBVok/hl/PQhpu5evmxl+o/2j2YYc/s5MOi96/jEVhPpW/H7hRdrJAyv7wRZWvmjxjNbhNqCEip/BsXku0/Uft/ZfxtE8/xACAcJg4xF+4Bv/JTE60xX6fksTAgDI9L16noXcGcqrUiNv1TNAYdxctAgqwhUwT/hV+oOuzKhtQLCLK5ojehQIYFE0w2qIT1wLH2Jk66KvMD51lQTGV2KQZN068wWrAbH+vGsAQHlwQKaAat4RkA91hF1wFvvHtEC/QxvF9OvzExSei5/T5D7anAq1xI3DW99qTQ1spIdrtGwECTjRq2AmFi1Q//kQdWmEJpTEqKXRclKVdF76uQhExiCEklxHTtu2UcNMcyQtGv2vFVPIfzpwvwppmCewvIc3mP2dNME9GRDfRfBPi4NYv/8jmlDbKJyScqyrp6QSmBSaoaGpQEYpAPgc93vmPr2IxdzOO66CIhLxZzhfOiHaTxgRiNl2pdFayotmdYTO+HPXgY0KP4kXLcy8cjW7isQ1/yfwydyEAKOb+eiulRFOimpRNvQklud/LiuT9ZDetX0CxpS0y7ujLKMoxfFvylMZMcnuE3/KDw1IFN0HZegmwXbHzpABDRxUxIBlqPQ3bPPviV0HMYj4rQu5acm0X5juLkQKce89iGGYaA348lifhxB5Ocplzy3SRgEDaVHTzzGw4kZoYIBNKN1cH6AlqdtAK87FGZsHpRp0Oc/jw7WjwbGam1dxolK/n+4H11Um8POkL7pH1KePIesHaZR/kjNYV6jx5vGOv8vEnaiki5MAyJnD1tBNUgB4GMaJ4drQIWo6RETfupS3vcGwfZF9JD2Tpw9fsgVFW+MqNpbZgrmVjc3QC0jTW46eH+qQBtYhEDuDmGAVs6pm9ljxua8fjZ1qoX60fWdpvegFPCe/tyXzHaL5/5fsuAKfuXT/q0APHahnuLnLl/3W6sx28JOWoRI9aDOrGOPSQVYIjP2sbLeyiXjSrN8fOcOSSOVr6uXyIb+tllbzw7c01zfjbv96H,iv:2jIbgMhGa8GWlDQeQNuAOrxiC03V7sdfy8EorUcjP5M=,tag:8/owPwtrW4khSqCraE+PDQ==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +41,8 @@ sops: clA0eHg5bFNRU0lyUmRJcUpSZ0F2dmsKKm0EriU4LFfV2PWm2k9Q7T2gOgG540Jy rjfQny0dUNM1ofzYSLDXb+Kfm5/aVwNEX/Hl1Jya5ERFJswKbVlCgQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-24T12:47:21Z" - mac: ENC[AES256_GCM,data:LVW1sW/kbA5Ft6YeoNSgfSDhvbGWl/5mJYeKuJWclxn/zCVADU7Z63pisVVzAzg1rr94lZ2ncQw9AYSaN/8EQ1mvwdG7quf18uj8QGC8KCF7S+C5M768kZ7dYbjTlMyQ9J5s6C+G5EeRiEjP4fpUgduW2p9KvEQuPX6LvP5gOrM=,iv:kaaXs9hvIRxZjJE2vW17ziJEKf5ZeypFDGj1YVwIKv8=,tag:Az2oJO4N1RyTi/ON1r8URg==,type:str] + lastmodified: "2025-02-25T17:40:56Z" + mac: ENC[AES256_GCM,data:5jtuwMlqF+0FFo/QWnogC+Gm4ADUrhZLFJ9qoLMxDfrY8c8AHPDV+rNk9e/zO+tmqWcNmktWsVrK8xhmCTD8cszTMHdGRxjtqvjVatd+xjAziBik5SFR4pWO7doVx25iD6DOItARW8yxRLk+yMhTgWpe6ozxFhnGH+YdEH/rVNQ=,iv:f3xIO/MSBVfIeAfGtMUzqhY9/U10we/fftRe3/88uCA=,tag:nBSRI/FpOIqrknmlos9Vvg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/nixos/modules/mail.nix b/nixos/modules/mail.nix index 2835164..4d7f950 100644 --- a/nixos/modules/mail.nix +++ b/nixos/modules/mail.nix @@ -1,7 +1,6 @@ - /* * Building: We patch our version of stalwart and thus need to built it locally. -* Be aware that this needs some hours, about 20Gb RAM and a few Gb free space in /tmp. +* Be aware that this needs some hours, about 12Gb RAM and a few Gb free space in /tmp. * If you only want to deploy configuration changes and no software updates, consider building on the target VM. * It has stalwart in its nix store and does not need to rebuild it. * Forwarding mails: Update the Sops-secrets in the machine directory, rebuild on the VM and deploy. @@ -66,7 +65,7 @@ in { openFirewall = true; settings = { server = { - hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO. + lookup.default.hostname = "fb04184.mathematik.tu-darmstadt.de"; # Because the DNS PTR of 130.83.2.184 is this and this should be used in SMTP EHLO. listener = { "smtp" = { bind = ["[::]:25"]; @@ -83,7 +82,7 @@ in { tls.implicit = true; }; "management" = { - # Cthulhu forwards requests for http://fb04184.mathematik.tu-darmstadt.de/.well-known/acme-challenge/ http://imap.mathebau.de/.well-known/acme-challenge/ and http://smtp.mathebau.de/.well-known/acme-challenge/ and http://mathebau.de/.well-known/acme-challenge/ + # Cthulhu forwards requests for http://fb04184.mathematik.tu-darmstadt.de/.well-known/acme-challenge/ http://imap.mathebau.de/.well-known/acme-challenge/ and http://smtp.mathebau.de/.well-known/acme-challenge/ # for TLS certificate challenge validation # whereas the rest of the management interface is not available publically. # It can be reached via SSH and portforwarding. @@ -96,28 +95,19 @@ in { directory = "https://acme-v02.api.letsencrypt.org/directory"; # This setting is necessary for this block to be activated challenge = "http-01"; contact = ["root@mathebau.de"]; - domains = ["fb04184.mathematik.tu-darmstadt.de" "imap.mathebau.de" "smtp.mathebau.de" "mathebau.de"]; + domains = ["fb04184.mathematik.tu-darmstadt.de" "imap.mathebau.de" "smtp.mathebau.de"]; default = true; }; # Reevaluate after DKIM and DMARC deployment spam.header.is-spam = "Dummyheader"; # disable moving to spam which would conflict with forwarding auth = { - # TODO check if HRZ and our own VMs conform to these standards and we can validate them strictly + # TODO check if HRZ conforms to these standards and we can validate them strictly dkim.verify = "relaxed"; arc.verify = "relaxed"; dmarc.verify = "relaxed"; iprev.verify = "relaxed"; spf.verify.ehlo = "relaxed"; spf.verify.mail-from = "relaxed"; - - # Sign *our* outgoing mails with the configured signatures. - dkim.sign = [ - { - "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'"; - "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]"; - } - {"else" = false;} - ]; }; # Forward outgoing mail to HRZ or mail VMs. @@ -141,62 +131,39 @@ in { starttls = "optional"; # e.g. Lobon does not offer starttls }; }; - remote = { - "hrz" = { - address = "mailout.hrz.tu-darmstadt.de"; - port = 25; - protocol = "smtp"; - tls.implicit = false; # Don't assume TLS on this port but use STARTTLS - }; - "mailman" = { - address = "lobon.mathebau.de"; # must be created in DNS as a MX record because this field does not accept ip addresses. - port = 25; - protocol = "smtp"; - tls.implicit = false; # Don't assume TLS on this port but use STARTTLS - }; + remote."hrz" = { + address = "mailout.hrz.tu-darmstadt.de"; + port = 25; + protocol = "smtp"; + tls.implicit = false; # Don't assume TLS on this port but use STARTTLS + }; + remote."mailman" = { + address = "lobon.mathebau.de"; # must be created in DNS as a MX record because this field does not accept ip addresses. + port = 25; + protocol = "smtp"; + tls.implicit = false; # Don't assume TLS on this port but use STARTTLS }; - session = { - ehlo.require = [ + session.rcpt = { + # In order to accept mail that we only forward + # without having to generate an account. + # Invalid addresses are filtered by DFN beforehand. + catch-all = true; + relay = [ { - "if" = "starts_with(remote_ip, '192.168.0.')"; #TODO setup vms properly - "then" = false; + "if" = "!is_empty(authenticated_as) || rcpt_domain == 'lists.mathebau.de' || starts_with(remote_ip, '192.168.0.')"; #TODO restrict trust by IP + "then" = true; } - {"else" = true;} + {"else" = false;} ]; - ehlo.reject-non-fqdn = [ - { - "if" = "starts_with(remote_ip, '192.168.0.')"; #TODO setup vms properly - "then" = false; - } - {"else" = true;} - ]; - - rcpt = { - # In order to accept mail that we only forward - # without having to generate an account. - # Invalid addresses are filtered by DFN beforehand. - # See also https://stalw.art/docs/smtp/inbound/rcpt/#catch-all-addresses - catch-all = true; - relay = [ - { - "if" = "!is_empty(authenticated_as) || rcpt_domain == 'lists.mathebau.de' || starts_with(remote_ip, '192.168.0.')"; #TODO restrict trust by IP - "then" = true; - } - {"else" = false;} - ]; - }; - data.script = "'redirects'"; }; # Stalwart gets its configuration from two places: A TOML configuration file that we control in this module # and from a database that can be configured from web management interface or via Rest API. - # We here define what comes from the TOML-file and especially add "sieve.trusted.*" to the default ones + # We here define what comes from the TOML-file and especially add "sieve.trusted.scripts.*" to the default ones # because only TOML-based keys may use macros to load files from disk. # We want this to be able to load our sieve-script for mail forwarding. # See https://stalw.art/docs/configuration/overview/#local-and-database-settings for more details. - # - # Unfortunately, the set of served domains as well as the catch-all accounts are still not configured via this nix module. config.local-keys = [ "store.*" @@ -214,47 +181,9 @@ in { "lookup.default.hostname" "certificate.*" ] # the default ones - ++ ["sieve.trusted.*"]; #for macros to be able to include our redirection script - sieve.trusted = { - scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script - return-path = "sender"; # set the outgoing MAIL FROM to the original sender as specified in the incoming MAIL FROM. - - # If we are the sender, we sign the message with DKIM. Else we leave it alone. - sign = [ - { - "if" = "is_local_domain('', sender_domain) || sender_domain == 'lists.mathebau.de'"; - "then" = "['rsa-' + sender_domain, 'ed25519-' + sender_domain]"; - } - {"else" = false;} - ]; - limits = { - redirects = 500; - out-messages = 500; - }; - }; - # See https://stalw.art/docs/smtp/authentication/dkim/sign - # We need two blocks per domain because the domain setting in the blocks does not accept variables like `sender_domain`. - signature = let - signatureTemplate = domain: { - "rsa-${domain}" = { - private-key = "%{file:/run/secrets/dkim_rsa}%"; - domain = "${domain}"; - selector = "rsa-default"; - headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks - algorithm = "rsa-sha256"; - canonicalization = "relaxed/relaxed"; - }; - "ed25519-${domain}" = { - private-key = "%{file:/run/secrets/dkim_ed25519}%"; - domain = "${domain}"; - selector = "ed-default"; - headers = ["From" "To" "Cc" "Date" "Subject" "Message-ID" "Organization" "MIME-Version" "Content-Type" "In-Reply-To" "References" "List-Id" "Thread-Topic" "Thread-Index"]; # default from https://stalw.art/docs/smtp/authentication/dkim/sign#signatures except "User-Agent" which somehow breaks - algorithm = "ed25519-sha256"; - canonicalization = "relaxed/relaxed"; - }; - }; - in - lib.attrsets.mergeAttrsList (map signatureTemplate (["lists.mathebau.de"] ++ (map ({domain, ...}: domain) cfg.domains))); + ++ ["sieve.trusted.scripts.*"]; #for macros to be able to include our redirection script + sieve.trusted.scripts.redirects.contents = "%{file:/tmp/virt_aliases}%"; # generated redirect script + session.data.script = "'redirects'"; authentication.fallback-admin = { user = "admin"; @@ -300,10 +229,9 @@ in { echo "process ${domain}" # This line gets the available mailboxes from stalwart's Rest API, searches for their addresses and collects them to a file for submission. # The regex searches for alphanumerics combined with some special characters as local paths and the right domain. - # Exclude @domain.tld which is not a valid mail address but used for catch-all accounts. - ${pkgs.curl}/bin/curl -s --header "authorization: Basic $(<${cfg.stalwartAdmin})" http://localhost/api/principal | ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&*+-/=?^_{|}~]*@${domain}" | grep -v "@${domain}" | tee /tmp/addresses + ${pkgs.curl}/bin/curl -s --header "authorization: Basic $(<${cfg.stalwartAdmin})" http://localhost/api/principal | ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" | tee /tmp/addresses # This line searches for available redirects and adds them to the submission file. - ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&*+-/=?^_{|}~]*@${domain}" /tmp/virt_aliases >> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need. + ${pkgs.gnugrep}/bin/grep -o -e "[A-Za-z0-9.!#\$%&'*+-/=?^_{|}~]*@${domain}" /tmp/virt_aliases >> /tmp/addresses # This doesn't catch all RFC conform local parts. Improve if you need. # Post local-parts to HRZ, see https://www-cgi.hrz.tu-darmstadt.de/mail/index.php?bereich=whitelist_upload ${pkgs.curl}/bin/curl -s https://www-cgi.hrz.tu-darmstadt.de/mail/whitelist-update.php -F emaildomain=${domain} -F password=$(cat ${allowlistPass}) -F emailliste=@/tmp/addresses -F meldungen=voll # Cleanup submission file @@ -311,15 +239,12 @@ in { ''; in lib.strings.concatStringsSep "" (map scriptTemplate cfg.domains); - - unitConfig.JoinsNamespaceOf = "stalwart-mail.service"; # allow access to sieve script - serviceConfig = { Type = "oneshot"; User = "stalwart-mail"; NoNewPrivileges = true; # See https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html - PrivateTmp = true; + PrivateTmp = false; # allow access to sieve script ProtectHome = true; ReadOnlyPaths = "/"; ReadWritePaths = "/tmp"; @@ -341,8 +266,35 @@ in { # This service is defined by the nixpkgs stalwart module and we only modify it. "stalwart-mail" = { restartTriggers = lib.attrsets.mapAttrsToList (_: aliaslist: aliaslist.sopsFile) config.sops.secrets; # restart if secrets, especially alias files, have changed. - #Generate a sieve script from the virtual alias file - preStart = lib.strings.concatStringsSep "" (["${pkgs.alias-to-sieve}/bin/alias_to_sieve "] ++ map (x: "${x.virt_aliases} ${x.domain} ") cfg.domains ++ ["> /tmp/virt_aliases"]); + serviceConfig.PrivateTmp = lib.mkForce false; # enable access to generated Sieve script + }; + "virt-aliases-generator" = { + description = "Virtual Aliases Generator: Generate a sieve script from the virtual alias file"; + script = lib.strings.concatStringsSep "" (["${pkgs.alias-to-sieve}/bin/alias_to_sieve "] ++ map (x: "${x.virt_aliases} ${x.domain} ") cfg.domains ++ ["> /tmp/virt_aliases"]); + wantedBy = ["stalwart-mail.service"]; # Rerun on stalwart restart because forwardings may have changed. + serviceConfig = { + Type = "oneshot"; + User = "stalwart-mail"; + NoNewPrivileges = true; + # See https://www.man7.org/linux/man-pages/man5/systemd.exec.5.html + PrivateTmp = false; + ProtectHome = true; + ReadOnlyPaths = "/"; + ReadWritePaths = "/tmp"; + InaccessiblePaths = "-/lost+found"; + PrivateDevices = true; + PrivateUsers = true; + ProtectHostname = true; + ProtectClock = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + LockPersonality = true; + MemoryDenyWriteExecute = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + }; }; }; }; diff --git a/nixos/modules/mailman.nix b/nixos/modules/mailman.nix index 66ee109..f4ecd0e 100644 --- a/nixos/modules/mailman.nix +++ b/nixos/modules/mailman.nix @@ -32,6 +32,8 @@ in { config = { transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"]; + proxy_interfaces = "130.83.2.184"; + smtputf8_enable = "no"; # HRZ does not know SMTPUTF8 }; relayHost = "mathebau.de"; # Relay to mail vm which relays to HRZ (see https://www.hrz.tu-darmstadt.de/services/it_services/email_infrastruktur/index.de.jsp) }; diff --git a/patches/sieve-rs.patch b/patches/sieve-rs.patch index b0882f4..b706d03 100644 --- a/patches/sieve-rs.patch +++ b/patches/sieve-rs.patch @@ -8,7 +8,7 @@ index be36759b..b4316639 100644 version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15ac54053752c25a0e545dd1953de716abcc80b12cfe0b6c2f2c1c73759d4f45" -+source = "git+https://github.com/stalwartlabs/sieve.git#56450c6ccdf76f1de95931db24896599159efc53" ++source = "git+https://gitea.mathebau.de/fachschaft/sieve-rs.git#71324550504c0f84fe3e814d05cbe22f90a3b228" dependencies = [ "ahash 0.8.11", "bincode", @@ -23,5 +23,5 @@ index f055474f..2b64c9ac 100644 + + +[patch.crates-io] -+sieve-rs = { git = 'https://github.com/stalwartlabs/sieve.git' } ++sieve-rs = { git = 'https://gitea.mathebau.de/fachschaft/sieve-rs.git' }