merging with main

This commit is contained in:
revol-xut 2023-04-13 18:56:15 +02:00
commit de62b47e52
No known key found for this signature in database
GPG key ID: 4F56FF7759627D07
14 changed files with 133 additions and 377 deletions

View file

@ -14,23 +14,6 @@
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixpkgs-fmt;
nixosConfigurations = { nixosConfigurations = {
birne = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/birne/configuration.nix
./modules/base.nix
./modules/autoupdate.nix
./modules/desktop.nix
./modules/printing.nix
./modules/wifi.nix
./modules/options.nix
{
fsr.enable_office_bloat = true;
}
];
};
sanddorn = nixpkgs.lib.nixosSystem { sanddorn = nixpkgs.lib.nixosSystem {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
@ -42,8 +25,6 @@
./hosts/sanddorn/configuration.nix ./hosts/sanddorn/configuration.nix
./modules/infoscreen.nix ./modules/infoscreen.nix
./modules/base.nix ./modules/base.nix
./modules/autoupdate.nix
./modules/wifi.nix
./modules/desktop.nix ./modules/desktop.nix
./modules/options.nix ./modules/options.nix
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
@ -66,6 +47,7 @@
./modules/nginx.nix ./modules/nginx.nix
./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/ftp.nix
./modules/stream.nix ./modules/stream.nix
./modules/nextcloud.nix ./modules/nextcloud.nix
./modules/matrix.nix ./modules/matrix.nix

View file

@ -1,41 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking = {
hostName = "birne";
interfaces.wlp4s0.useDHCP = true;
interfaces.enp1s0.useDHCP = true;
wireless = {
enable = true;
interfaces = [ "wlp4s0" ];
};
};
nixpkgs.config.allowUnfree = true;
users.users.printer = {
isNormalUser = true;
password = "printer";
extraGroups = [ ];
};
environment.systemPackages = with pkgs; [
firefox
];
system.stateVersion = "21.05";
}

View file

@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "wl" ];
boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/9799b183-a191-484e-b9a4-05e29412af25";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/CF58-EB12";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/94622e8e-8b58-4b3b-9494-d144ccaeb486"; }];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,24 +0,0 @@
{ config, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wg-quick.interfaces = {
wg-dvb = {
# pubkey: 8iQQSCI14dObcrMw0/rZJxfvpOAhy3CU+haJq2nyIzc=
address = [ "10.13.37.1/32" ];
privateKeyFile = config.sops.secrets.wg-seckey.path;
listenPort = 51820;
peers = [
{
# Tassilo
publicKey = "vgo3le9xrFsIbbDZsAhQZpIlX+TuWjfEyUcwkoqUl2Y=";
allowedIPs = [ "10.13.37.2/32" ];
persistentKeepalive = 25;
}
];
};
};
}

View file

@ -1,10 +0,0 @@
{ pkgs, config, ... }:
{
system.autoUpgrade = {
enable = true;
dates = "12:00";
# might need to move this into the configuration of `birne`?
allowReboot = true;
};
}

21
modules/ftp.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
let
domain = "ftp.${config.fsr.domain}";
in
{
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
root = "/srv/ftp";
extraConfig = ''
autoindex on;
'';
locations."~/(klausuren|uebungen|skripte|abschlussarbeiten)".extraConfig = ''
allow 141.30.0.0/16;
allow 141.76.0.0/16;
allow 172.16.0.0/16;
deny all;
'';
};
}

View file

@ -1,64 +0,0 @@
{ pkgs, config, lib, ... }: {
sops.secrets.postgres_keycloak = {
owner = config.systemd.services.keycloak.serviceConfig.User;
group = "keycloak";
};
users.users.keycloak = {
name = "keycloak";
isSystemUser = true;
group = "keycloak";
};
users.groups.keycloak = {
name = "keycloak";
members = [ "keycloak" ];
};
services = {
keycloak = {
enable = true;
settings = {
hostname = "keycloak.quitte.tassilo-tanneberger.de";
http-host = "127.0.0.1";
http-port = 8000;
https-port = 8001;
proxy = "edge";
};
database = {
username = "keycloak";
type = "postgresql";
passwordFile = config.sops.secrets.postgres_keycloak.path;
name = "keycloak";
host = "localhost";
createLocally = true;
};
};
postgresql = {
enable = true;
};
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.services.keycloak.settings.hostname}" = {
enableACME = true;
forceSSL = true;
http2 = true;
locations = {
"/" =
let
cfg = config.services.keycloak.settings;
in
{
proxyPass = "http://${cfg.http-host}:${toString cfg.http-port}";
};
};
};
};
};
};
}

View file

@ -1,4 +1,4 @@
{ config, ... }: { config, pkgs, ... }:
let let
domain = "auth.${config.fsr.domain}"; domain = "auth.${config.fsr.domain}";
@ -89,6 +89,29 @@ in
daemon.enable = true; daemon.enable = true;
}; };
security.pam.services.sshd.text = ''
# Account management.
account sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
account required pam_unix.so
# Authentication management.
auth sufficient pam_unix.so likeauth try_first_pass
auth sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so use_first_pass
auth required pam_deny.so
# Password management.
password sufficient pam_unix.so nullok sha512
password sufficient ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
# Session management.
session required pam_env.so conffile=/etc/pam/environment readenv=0
session required pam_unix.so
session required pam_loginuid.so
session optional pam_mkhomedir.so
session optional ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
session optional ${pkgs.systemd}/lib/security/pam_systemd.so
'';
services.nginx = { services.nginx = {
enable = true; enable = true;

View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
hostname = "mail.${config.fsr.domain}"; hostname = "mail.${config.fsr.domain}";
domain = config.fsr.domain; domain = config.fsr.domain;
@ -6,7 +6,9 @@ let
# brauchen wir das überhaupt? # brauchen wir das überhaupt?
#ldap-aliases = pkgs.writeText "ldap-aliases.cf" '' #ldap-aliases = pkgs.writeText "ldap-aliases.cf" ''
#server_host = ldap://localhost #server_host = ldap://localhost
#search_base = ou=mail, dc=ifsr, dc=de #search_base = dc=ifsr, dc=de
#query_filter = (&(objectClass=posixAccount)(uid=%n))
#result_attribute=mail
#''; #'';
dovecot-ldap-args = pkgs.writeText "ldap-args" '' dovecot-ldap-args = pkgs.writeText "ldap-args" ''
uris = ldap://localhost uris = ldap://localhost
@ -17,8 +19,8 @@ let
ldap_version = 3 ldap_version = 3
scope = subtree scope = subtree
base = dc=ifsr, dc=de base = dc=ifsr, dc=de
user_filter = (&(objectClass=posixAccount)(uid=%n)) user_filter = (&(objectClass=posixAccount)(mail=%u))
pass_filter = (&(objectClass=posixAccount)(uid=%n)) pass_filter = (&(objectClass=posixAccount)(mail=%u))
''; '';
in in
{ {
@ -26,33 +28,85 @@ in
sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user; sops.secrets."dovecot_ldap_search".owner = config.services.dovecot2.user;
networking.firewall.allowedTCPPorts = [ 25 465 993 ]; networking.firewall.allowedTCPPorts = [ 25 465 993 ];
users.users.postfix.extraGroups = [ "opendkim" ];
services = { services = {
postfix = { postfix = {
enable = true; enable = true;
enableSubmissions = true;
hostname = "${hostname}"; hostname = "${hostname}";
domain = "${domain}"; domain = "${domain}";
relayHost = "";
origin = "${domain}"; origin = "${domain}";
destination = [ "${hostname}" "${domain}" "localhost" ]; destination = [ "${hostname}" "${domain}" "localhost" ];
networks = [ "127.0.0.1" "141.30.30.169" ];
sslCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslKey = "/var/lib/acme/${hostname}/key.pem"; sslKey = "/var/lib/acme/${hostname}/key.pem";
extraAliases = ''
# Taken from kaki, maybe we can throw out some at some point
# General redirections for pseudo accounts
bin: root
daemon: root
named: root
nobody: root
uucp: root
www: root
ftp-bugs: root
postfix: root
# Well-known aliases
manager: root
dumper: root
operator: root
abuse: postmaster
# trap decode to catch security attacks
decode: root
'';
config = { config = {
home_mailbox = "Maildir/";
smtp_use_tls = true;
smtp_tls_security_level = "encrypt";
smtpd_use_tls = true;
smtpd_tls_security_level = lib.mkForce "encrypt";
smtpd_tls_auth_only = true;
smtpd_tls_protocols = [
"!SSLv2"
"!SSLv3"
"!TLSv1"
"!TLSv1.1"
];
smtpd_recipient_restrictions = [ smtpd_recipient_restrictions = [
"reject_unauth_destination"
"permit_sasl_authenticated" "permit_sasl_authenticated"
"permit_mynetworks" "permit_mynetworks"
"reject_unauth_destination"
"reject_non_fqdn_hostname"
"reject_non_fqdn_sender"
"reject_non_fqdn_recipient"
"reject_unknown_sender_domain"
"reject_unknown_recipient_domain"
"reject_unauth_destination"
"reject_unauth_pipelining"
"reject_invalid_hostname"
];
smtpd_relay_restrictions = [
"permit_sasl_authenticated"
"permit_mynetworks"
"reject_unauth_destination"
]; ];
#alias_maps = [ "ldap:${ldap-aliases}" ]; #alias_maps = [ "ldap:${ldap-aliases}" ];
smtpd_milters = [ "local:/run/opendkim/opendkim.sock" ];
non_smtpd_milters = [ "local:/var/run/opendkim/opendkim.sock" ];
smtpd_sasl_auth_enable = true; smtpd_sasl_auth_enable = true;
smtpd_sasl_path = "/var/lib/postfix/auth"; smtpd_sasl_path = "/var/lib/postfix/auth";
virtual_mailbox_base = "/var/mail"; smtpd_sasl_type = "dovecot";
# virtual_mailbox_base = "/var/mail";
}; };
}; };
dovecot2 = { dovecot2 = {
enable = true; enable = true;
enableImap = true; enableImap = true;
enableQuota = false; enableQuota = false;
mailLocation = "maildir:~/Maildir";
sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem"; sslServerCert = "/var/lib/acme/${hostname}/fullchain.pem";
sslServerKey = "/var/lib/acme/${hostname}/key.pem"; sslServerKey = "/var/lib/acme/${hostname}/key.pem";
mailboxes = { mailboxes = {
@ -74,7 +128,6 @@ in
}; };
}; };
extraConfig = '' extraConfig = ''
mail_location = maildir:/var/mail/%u
passdb { passdb {
driver = ldap driver = ldap
args = ${dovecot-ldap-args} args = ${dovecot-ldap-args}
@ -92,6 +145,14 @@ in
} }
''; '';
}; };
opendkim = {
enable = true;
domains = "csl:${config.fsr.domain}";
selector = config.networking.hostName;
configFile = pkgs.writeText "opendkim-config" ''
UMask 0117
'';
};
rspamd = { rspamd = {
enable = true; enable = true;
postfix.enable = true; postfix.enable = true;
@ -101,12 +162,6 @@ in
read_servers = "127.0.0.1"; read_servers = "127.0.0.1";
write_servers = "127.0.0.1"; write_servers = "127.0.0.1";
''; '';
"dkim_signing.conf".text = ''
path = "/var/lib/rspamd/dkim/$domain.$selector.key";
selector = "quitte";
sign_authenticated = true;
use_domain = "header";
'';
}; };
}; };
redis = { redis = {
@ -140,27 +195,3 @@ in
}; };
}; };
} }

View file

@ -1,6 +1,23 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.nginx.enable = true; services.nginx = {
enable = true;
appendHttpConfig = ''
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize
127.0.0.1 $remote_addr;
::1 $remote_addr;
default 0.0.0.0;
}
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log anon_ip;
'';
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {

View file

@ -1,36 +0,0 @@
{ pkgs, config, ... }:
{
# Enable CUPS to print documents.
services = {
printing.enable = true;
printing.drivers = with pkgs; [
gutenprint
gutenprintBin
hplip
hplipWithPlugin
];
avahi.enable = true;
};
environment.systemPackages = with pkgs; [
gnome.gnome-control-center
];
# set up Heiko
hardware.printers.ensurePrinters = [
{
description = "Drucker im FSR Buero";
deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._ipp._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0";
location = "FSR Buero";
model = "Kyocera ECOSYS M6630cidn KPDL";
name = "Heiko";
}
{
description = "Drucker im FSR Buero";
deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._pdl-datastream._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0";
location = "FSR Buero";
model = "Kyocera ECOSYS M6630cidn KPDL";
name = "Heiko";
}
];
}

View file

@ -1,24 +0,0 @@
#
# Useful config
# https://tu-dresden.de/zih/dienste/service-katalog/arbeitsumgebung/zugang_datennetz/wlan-eduroam
# https://www.stura.htw-dresden.de/stura/ref/hopo/dk/nachrichten/eduroam-meets-nixos
#
{ pkgs, config, ... }:
let
password = "$(${pkgs.coreutils}/bin/cat /run/secrets/fsr_wifi_psk)";
in
{
networking = {
wireless = {
enable = true;
networks = {
"FSR" = {
priority = 10;
pskRaw = "9dbdf08e1205b1167a812a35cfac4b49a86e155eec707bd47f4d06d829e7d168";
};
};
};
};
}

View file

@ -1,43 +0,0 @@
fsr_wifi: ENC[AES256_GCM,data:CD0ge6d5+gc=,iv:yuWfwwGm2HOKvMQQ9lF4TFOqvCU2z06sqS+pzhCFhfY=,tag:1+8MwcPUGgtcdXvTNAuR5g==,type:str]
fsr_wifi_psk: ENC[AES256_GCM,data:uwq/nkKm9eDdMxUJMQ==,iv:q9mzhfkPBM1oTQN69tSEiQmf3hYZ4pGJEqjVEjU//FI=,tag:g0p+S2jlkAT0jY5hBRKuXw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySHgvQThoSmpXOUc1a3lN
dXR6ZElYYlppOXNISXM0bURxQjdIU3pDL2wwCmNoT0pYTEdubWh3eFc3VzVwdnR3
TU5CbFlBTWxYaHRjamUzamIzQ1VnbFEKLS0tIDVUSEVtKzh1aVp1ekxVd2xRWHVo
dEExQkJySmo5eGtEdXVvd1FFVVhpdFUKNx1FXti0qWKDRYM6wsIUceXbjzra5ezc
0fNI2r7qnVQ1QghtKnibwMUR1q4/DphKEm4eX4e6q+jfHleHCSk6+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-03-05T13:53:02Z"
mac: ENC[AES256_GCM,data:ZpEk+wpGQz2ul+Me6i45wXkzvuxzwkibLcljBs2KjTAgjH6F4q1JyXuY271JD95A5HgEvv4Atm3sbHaG+hghXy/36WSFw5jJRBwOjDrOSSAq12+UFeYjgSA2EwbvgbBdIO6VgaRLnXtobtLFG5qaVzUAvSevo6n8vBhEjSHEEJk=,iv:iZ9bJ+it3s6lB8piPeKjVy4QYzwYGUb4EUwvnCR753Q=,tag:Nveq//4C1tiwGOkeXV7a0A==,type:str]
pgp:
- created_at: "2022-03-05T13:42:43Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJARAAvxLI7hxutYG0KDovCjpGKIZA1JyNjp1/QYLKz3QDUFsZ
Ykwmixkt2wjTQjn9aE66ujLiEzMDfV2VZ6ao7Ehg04fysU1WurqEB5D+hiS6SCc2
3DgvlPeicY+87oZin1iaqL505MzQCEVbmcar++VCdQIGUZSQvbn1Nxn3RxKjHCjm
RW0juiSH1FUIZdBPL9NgUEixv7KpdEBxO5JR30GxDgYMG1Xji9Y2KsBy9XP5Lhn2
ziuzs6vTfFTuVUdylJNkT6yVgK4V7oEkIMiVPGFYXSUWT3TNZ0qRwuk6UJYLfvnY
Mt0jyKyi+hRIWPQEjBmpK/siBsQGSCXsRe84g+LUtdfPbvqwdZb59qy5B65z/ku/
6EQIaPRkgCa5AED3gJQCbBYhvymdgl8ZZcXkVV1Ap2VgKS5o0s+CNjdiNkXdGTL/
NdE7kehGJCtsHUVGs2I8TfLg/uVgJTKEodTq8eLu8WhVkNKzk9aFBCfHKYtkXBIi
ZIXUHNbPtXDL4aHgOTuTYjWM8bhW0pdnkGX7daqPsfNqgR9hzOo3TzoR3DRDK91w
cvUZ9hApYJ0OVxuPa38JGiYn3826iSSRK8qPjAndE4HhYgT/lZvu8/vZAW6EF/yH
8exruofMHNBNNdotkYDnyaFO6C+00SMcTUkG49vRqQKwrBygAoPLEKQhDBgczcnU
aAEJAhBWRVtwhCZtQV1MCl5u0IbSlxQiIH93FrdTfbJQdKM+LFlwkXOngO4blGOi
1tQbkiyLzIio+yoyfvbXZOIeMkLA3GynsKtxjnYYipXkuv3LP5BvZiH+bzG9jPW4
jXrR59MZPJLY
=hWOx
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
unencrypted_suffix: _unencrypted
version: 3.7.1

View file

@ -1,43 +0,0 @@
fsr_wifi: ENC[AES256_GCM,data:nzfwY2UygQSdboRvfDxVSrUE+WLBJLYBLw==,iv:yR3lCbyUSg97+MnuwUkXEsHtSGuYOPYRgvW/YZYDhv0=,tag:eN/lqD1BetqnFDAFJE6D2g==,type:str]
fsr_wifi_psk: ENC[AES256_GCM,data:A1Z809FJ0fUd93QcX5NNnfVxyzUZMuPGC6Hu4M9LpRoMOTrMcRPMDaR0N+cgmV7rnjYvzm4gTSTEcnqsnLGyNA==,iv:WMs3/I3SEDJwcpyqclCfxKcx61m/6BcwbGaGS4I4a5s=,tag:oYG8M3NQ2lkcUGr2K5YUEg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1jyxk2z69pm8hpz5zlf5lh05vrws2sprum3ucx2xjpq8efctcfdaq0jhs3w
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRQXByc2lJWnQ0Rm1Wb1V5
aVFaY0cwcnVlUFRKNGNYYjJjMnB5NVlkendRCkxJZ0JILzVvbDZRNzlYaWtEREJr
VmYzaUNiU0VmTkZzckhJeS84OU5TUkUKLS0tIG5qTnVtbHV3TWh0cW4xYlJiV0Ji
MFQrNkJxUUVFSStPenM4Tmx6dlVsSm8KQMPsuc/E89aDek3csMarrKm5qcfQKf3u
2ApD8dEN+L1L9bbJGAY6uNM6sXu5eTAGD7+Rc0duZIdDCg0LGFV8jw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-03-05T13:52:43Z"
mac: ENC[AES256_GCM,data:/uszrMeVsVlpjFyI29/Sasr8jY3/elnnbbUDmZ1+3YHzoujQRZe47VOpfOgs/XZym+jj7MZInu5Y361YalFb0ArS7GmexZA88rFvOqHPIIUuk2h1iCHLpZRafg96x737snna7L7zHNJFJLBhqcpdt0U4U6SZjXlJ9UgR96c6Agk=,iv:4kCCIhUEfc0GCzoh+3cNxB3cnn71/0jmKI1r62dYFmk=,tag:REOoImReJds8LBKZpeu78w==,type:str]
pgp:
- created_at: "2022-03-05T13:41:12Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA/YLzOYaRIJJAQ/+Jis1dE0ZmxKIaqJKc1itSqd09ieVJDMmei410O2VycU3
98YHvdrkRcG+3tLkvzebATANyHcJeefjt4uvQnMjlswX5DHm3JxNYnfOhCQNpexl
80Lp/0qmnCy1rd2C8/Mr9ub2frupEGeBgU4TwA1LW5X1f89NP9R7b6tBcVMyF/OW
+WWu2g+0yLC9rle0a5QeIkrKsmyB5+dEYOakCMunKCYXE+MS4ULkZqFxhJ8ckTo7
rKiR8UwzDL+iMl4zLgeNF5Uw7WH8tdHiD3thHQvzjL9++Tg4jZWdgtjdICs1ye2y
sUGzk0RhjXT/Q3rBwQbiivZq7s3ngBpom0co74+X6DORMN0P8WUdox7j4KUS3/oA
KwtyUF92dK9uJwckyN7LXho7zVTnZXV7jjupBacjr0TeHgYzP1eDhbsC6mFlWv2x
mHeK7hQF6VBNi1tAVlcMktbuxZRtc8P0ljFeSXRDoLJKdduIb3TKbGSsAHs1lX+n
CEK2kfS+V6g4CXaSsAsDqIZ75k6bJYRd8M81a1XvSAMB1fzQYDU1zrPGquggOBku
S0R0y0po7OwnqQ0HBgVHC8uU8hbG/EIvA1Wpw9FQnjGugi0pOoIiynqJWzttFwvq
XBV27Z7wumWzwij9uFt+TEy7Olulu/Vi/56tiyUNnbklwQqe1mj1m4nnu6z6v4TU
aAEJAhDM3iZRqVMChcCd6A/btYAwNnZrJNzxj+BIV5/+sAk3wjqc6UM7+qdBuzsH
uYq+HBTcdQgpoyqtFryrjQvCsksB6O4eS62FIAKfD65HaxNYQLUYNJ4Xs3NIqroH
MogSWSOw4clo
=8/Ez
-----END PGP MESSAGE-----
fp: 91EBE87016391323642A6803B966009D57E69CC6
unencrypted_suffix: _unencrypted
version: 3.7.1