diff options
Diffstat (limited to '')
37 files changed, 18 insertions, 1720 deletions
diff --git a/system/services/mastodon/patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch b/modules/by-name/ma/mastodon/patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch index 35dc809..35dc809 100644 --- a/system/services/mastodon/patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch +++ b/modules/by-name/ma/mastodon/patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch diff --git a/system/default.nix b/system/default.nix deleted file mode 100644 index 9fdd937..0000000 --- a/system/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{...}: { - imports = [ - ./packages - ./secrets - ./services - ]; -} diff --git a/system/packages/default.nix b/system/packages/default.nix deleted file mode 100644 index 12e4c93..0000000 --- a/system/packages/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [ - jre_minimal - git - zsh - neovim - btrfs-progs - ]; - programs.zsh.enable = true; -} diff --git a/system/secrets/backup/backuppass.age b/system/secrets/backup/backuppass.age deleted file mode 100644 index 1931226..0000000 --- a/system/secrets/backup/backuppass.age +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TEVTcmRkbkVHUVhzMU9J -YmVadUJWTTloZDZ0S2l2bnViSEpESXQ0d2dVCmRQbUx0Smh6b0ZCL2ZOL1NrMk9a -Q21OZi9Wd2d1Y1AxWVJZdHpjTmp2dzQKLT4gWDI1NTE5IE1ZblNNSEJ6Z1ZOZFJh -Nm5zOUNiV3ppRkgwNlVGaUV4S1dsbUVQeEhlV0UKUDVCV0UyY1JPczcvTVdFa2hw -WkVQeGJrcXRBSnRaeE1EZEZRSHBPS1ExTQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -ejZDNEJhK0dXb084MG41ZmpHVDRTaEpzOFN3RXNkNHdJR0UvYXppUjVqQQoyRlZP -MExORHN6cGhUZlFHRTc5OGV2cW5NczhSUFdGcmxmeS9GYTFDSk9VCi0+IHFdIWdL -aThRLWdyZWFzZSA2JmIgfVo3dXt7ayBGPEVOXEggd08KWFdtVkxKN256QXhBTjBT -RTBEeTBSbjNtSGRYNllOYlJRVjN0Vk9XV2FQQ2hlSWVHT3RUelVKZ2ZGZ2k5OWlN -Ywp6RktpamU4TVVPdENTNzh2VFFtdGNIZFdDRUxFbEIwSFJ5RmdmbWxibVR3bE55 -M1B0eFJmSldCU1NMWW01ejUyCgotLS0gbS9vZmtpYjA5OThTcnIwZ01lYkFTK0xy -Q05zdExqdTJZeVlOM0xqVTUrRQoZdRtAQ8c/dfZeZ2k5YhdEyNYn0fZQP3vKnj7b -s1AB5m+oTMDIn05x05lDsvqcFCvxZZNPzmkj5KzWXVxvg4/5Wr06BVdZaTHsrPqu -SmXsQmF8uqB6xctT3+ne3PGopF8J ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/backup/backupssh.age b/system/secrets/backup/backupssh.age deleted file mode 100644 index ba04931..0000000 --- a/system/secrets/backup/backupssh.age +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVMW91eE40QVhCcXlCSktD -NkE5ZUVnWm56L0hxaU4wYzJ6dHFFd05Xa0dzCjJTeGNsL2RCdm0raHBQaVhQbVFJ -MWc4d1RNamhTSWJLaDJPdjZram11ZEkKLT4gWDI1NTE5IGFRdStWbVJSTFhNeWVG -dUVjbk9qdWJxNm0wenBWcmFieWtMQjFLQWU1aTAKSG94WlhGVEN6MHZiRFNKcTI4 -cFdqM0Q5eGxTRGFwVWhiR0pRS2NVZUs2dwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -dFFyUVFTOGttcUpOcE82YXM1Yk11VGJUUllsWXRQNitTeU9WMHhYSGJVawpwZXIz -SGNvTkNGM2lyMXMzeFNBZ0NacS94enRvUWpGU1Y5Vy9kRkhTOTBFCi0+IEpkLWdy -ZWFzZSA2aXgnICd5IE5jRGFQLyBLTFVxWWY8KApycVRUdFN5MVNtc2x3cEJMeWFi -R0QveWJmN3BWS2J3REpOekpLc1czNGE3OTZLMjlpS1VubUpOM1R0MWlkazNUClZP -K01KUzVZQjltcW9yUXpmTlZMTnVqQU5uYwotLS0gb2pIdnY1YmdXV3RnbXJnejVI -aGRaTnczUUxiK1gwSkpsMUJxNzRmVjFRUQosYNaZP/ahgrMf/vP+Bbsy6kis9Fwa -UwBVwDE7nqRcyoIrtodUtq3I2cDog6YGzmvqY1yJHsuumqo3K6sZJK+/oINn9vLf -O85CZAcnV58CRFnc4LHQoFCz/wa7/osajjz5dQYcfd201qP3qESIjqRkwALqDmL5 -9abcDdgpCvjYYKi2ULKgdMyeqHsd7cTIVLJm1U7iZC6EnmcGiIy+c/pmDuK0OMl0 -+3CVNiy4qHGkYvwKzkq1fewzwvKTQchZaXgNDa57cSOOgh4lX8gU8eRfKg6REKod -0jIaH2zN/UhOPkqpyf9Twi5vLk475RiLf+8cTNi/BL/ZtHf0xYfbcdJT4wPOUZNd -P11eVDDUYnFvbszPSmRA8bueEQv9SZrYnS/DG4yDjpLFP9LCPIjdTr5OPvIfTpUy -cu22C6VIii54kj7uztYd/0rqSrJ5mClPIDhTUJUeAdTI17NHbAM5BJUpDmXdaBAM -LPWwu5KaiYjq7FmB39Qhp2I4hgmrEl/dorlU30VaV+uuV741ftWIykQJ9tmZUF9J -nA2ygMaWq/xrXDQ6bMnR+gP8i9BiLXPk/ug= ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/default.nix b/system/secrets/default.nix deleted file mode 100644 index b74e883..0000000 --- a/system/secrets/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{...}: { - age = { - secrets = { - invidiousHmac = { - file = ./invidious/hmac.age; - mode = "700"; - owner = "root"; - group = "root"; - }; - mastodonMail = { - file = ./mastodon/mail.age; - mode = "700"; - owner = "mastodon"; - group = "mastodon"; - }; - matrix-synapse_registration_shared_secret = { - file = ./matrix-synapse/passwd.age; - mode = "700"; - owner = "matrix-synapse"; - group = "matrix-synapse"; - }; - minifluxAdmin = { - file = ./miniflux/admin.age; - mode = "700"; - owner = "root"; - group = "root"; - }; - resticpass = { - file = ./backup/backuppass.age; - mode = "0700"; - owner = "root"; - group = "root"; - }; - resticssh = { - file = ./backup/backupssh.age; - mode = "0700"; - owner = "root"; - group = "root"; - }; - taskserverCaKey = { - file = ./taskserver/ca.age; - mode = "700"; - owner = "root"; - group = "root"; - }; - taskserverSystemdTmpfiles = { - file = ./taskserver/systemd_tmpfiles.age; - mode = "700"; - owner = "root"; - group = "root"; - }; - }; - }; -} diff --git a/system/secrets/invidious/hmac.age b/system/secrets/invidious/hmac.age deleted file mode 100644 index f760fa9..0000000 --- a/system/secrets/invidious/hmac.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZGJGNzVGUWhsVTJFUGds -dFZmVnRnY1NrVTZBWEt2eFp1YU4yM0xoOUgwClZZNDNFQlp2aEx1eHVqbE5ZU29t -dVpMcStrMXd5WEFOaDJUVlVuUnJ4YkkKLT4gWDI1NTE5IEZSTVFhdk83RGRNWWdZ -bmQyd0FNTWhrUUxSRjVOQjAvWSsyU1Z4OWFvVUUKdkIraVRtRW5mUnZFbVRkcDBw -ME5NTDVkRUo1b0d1Z2xERWZnS0tMLzFhYwotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -d09jY1doam1nc3B3MEVqN0grM3JWZzFwMW5WU2ZYdGh0TUZnM0VVdzJBSQppL3Qv -T0VDOTc1U3gyaTB6YVV4dDhEVU1OMzdlMnV2dC9zMVl1VkdkRmlBCi0+IGc/SEJa -aDZoLWdyZWFzZSBKPW1xOFRaIE9DUCBdfl1HXVUKL0I4MTJZT1ljOXE3cUtTR0Fv -S3E2UHcvYWxhUlU5QkdXVWZyUjU0SlcveG9GcjZZV242QXVwaDBQTjN0VldBCi0t -LSB6S0E2SWtmaXBnRkI5aFNIOU9VWkdhOHQrQ0x0MzJ3TC9aNkpJSTY5eDkwClOc -N6wSpWFX87Vbr+J8Sxn9O6uRbYAyNDmiJk5mDqYaqy/+PRPTx0gbmqRz911sW5Zx -aBKfDzSPjNx0CSKKL7ioTYlRrW0YyQ== ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/mastodon/mail.age b/system/secrets/mastodon/mail.age deleted file mode 100644 index c64a2e7..0000000 --- a/system/secrets/mastodon/mail.age +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqT05Uc2hrcFAwd1c5S1o0 -L3hhQURmdUVBbmxSYVFGczdGWThTck9VdkhRCktOZ1JSamN0Ly9pVXJDMDZ4Y0VZ -bmRyMTlaOU9HOEZ5SitzOVovUkhCNFUKLT4gWDI1NTE5IHlqUTFtODd6QXpNMFBY -WTY2cTJ2TFI5S0ZGc1doeEVEUi9veGRDKzN5UWsKUC9WZUtXVUs5cnkxL3Y5RlJs -RTRkNE5zQ0NtbG0vdStuZXZVUzFoeTBwNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -Um1qczl3YTM0S3dIb3AzQmpSNVNNUXFzMFNLNEEwQllOSUkrMHNzVy9uMApTdjhz -U250NGNpdk5SbWhPNjhjWWM0aWovRCt0MjR3M29JSTZjLy9IbTAwCi0+IEwtZ3Jl -YXNlIEp6KCk4by1jIF0Kd2xoKytCU3d3MGFxZmRmS2gxSDJiVFp1L3hOS2hJVEtz -NlFHWHhnRW5SNTZRMFFFRUJrVXo2blZvNlZTSXNqeQpVbWFLUmVHN1ptWGdLMkJT -RVJuUWxTVE4vcDhsCi0tLSA5ckxpdFhrQWErb2NkcXlWaHR6WmVndVppbjRIQ3cw -VjAxdTlnTEdmTkVrCou6/oezocFtYn7QDWLFzknFPlD5d1xBFutng6dvazWasZXD -qecouKvAmFFA4mQHUjbmD2QxWdorU7SyYpEPeTJ4rbOuayySkYPxUoo8gqvd7JkS -0VCavUuSb8nmfk24E3M= ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/matrix-synapse/passwd.age b/system/secrets/matrix-synapse/passwd.age deleted file mode 100644 index 232aeb6..0000000 --- a/system/secrets/matrix-synapse/passwd.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3a3dCQWVLSXRDbWFNcUZk -clgrTWJsVE5lckhFMlFVV2VHMWc4TzJncXdrCjRITFF3SHJKMG1XS3Z6aXNFQk51 -OFE1Yks1UFhBKzI1dXBoZ09pOGhRK0kKLT4gWDI1NTE5IEFESW5uZmpTdXMyMkY0 -R04yRi9zcENrZXZHM3FsNGdrajhHNEw3WGp1eGcKU1IvNWVQaWpvU0E0TE1jTGlK -R1FhWGwwMjBIK3ppUkFSUEc3NDZhS3dUOAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -aVhNazlUb1o1Qm9XR0Nhd2RWWU0rTEcyUTZsWWVURXUyMjdmYUZXS2ZWSQpnby9k -RFQxSDdJQUZHOE4xakV6OWhKa040QVdMUXhZRW9ONTd5elQrSHRnCi0+IEJAXn0x -RytjLWdyZWFzZQpNc1F0MkVYWVd5QW5Mc3hueElLQ2FtSVJ6aytMV25RZDZaMHhT -QQotLS0gUi9iUHE4cTNHa2luempIQ1JQWHloZVh3aVFZSlpkcVByc3dFeHIvdndJ -Ywp4gcNh224W56TKdznbWsSJv6J4Z2zQmJ2lNwbD73OPILsR4GDjwOYjw4N8MVaK -TaelbSw9GRS7vQ9ZIGvAek05seHU0iTRansZXONhhErHtozjuMqJB7vJTHBo/ZSp -61MK ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/miniflux/admin.age b/system/secrets/miniflux/admin.age deleted file mode 100644 index 6b34ab0..0000000 --- a/system/secrets/miniflux/admin.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZHJ3V0E3bjVLYUd5N2gx -eE15dlBldWt1ZGpBcGc3ZWcwMTNKSTcxR0Y0Cm03dEgxYzdhYjYvWFNNUVdtR3E1 -dW1lMlE3R3dlcUZ1Qm1GMElPQU8xYmMKLT4gWDI1NTE5IFJrc28wZzhWQ3RoeFFK -WFlTSmVzRGMzamxrQ0NSUG9KVWxSajJsQ1BablEKS0tFb096djZOdUJIVTdaSndH -b1ZMT3ZCZGVkaWMvU0hPSFhsMkY3RzBkNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -SWdGV1pSYzY3bWxadWJZeXVmTXBHeGpMTTYyak1IbE9jTjZQS3dwRXozUQo1UFlT -am9WNzh1TytMNTFsNjM4amh0N2JDdkxjYk9GL285UWUrZHV5L3p3Ci0+IEkqMS1n -cmVhc2UgZV4KRFlYWlRyNDFtZlJWcS9vZ1hiUkJxdE9saHpTTWQ3TitMc1N0UXBE -eWZ5SQotLS0gRzE4bmpSTWpjUnlHUlNHTTNWSjNNL0d3VFFpVFdOaVlMUERmRHNt -d2k3WQqd+49pa75kfJffbdCOmNvPLUN7N+d+lI4lXlPTyLWTNnM8qaVz+BAhMH40 -ri9BTHHtg4ql7bXZWXZt/CiBLUOuv+yKckm4u51vjOwyHwUjaMYF4bfXS+rChsQV -BL+XWihQZ5wNsUh1PRHMy3mrF1XSYROa4ApK/i5Sgm271cvBMI4C4G+oux0/wvkL ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/taskserver/ca.age b/system/secrets/taskserver/ca.age deleted file mode 100644 index e5d596d..0000000 --- a/system/secrets/taskserver/ca.age +++ /dev/null @@ -1,448 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUFlnZVNVQXlqNmpTdTM0 -UmFsQklFRkRCWmdGL3BJbDN3U1dIdkxqa2trCjgzY3lMM3ArTGJuNUJwQzg1eVJR -VDNXbkRldFpWeEFGZm9XeUF2cGhPQ2sKLT4gWDI1NTE5IEYrQm9yNW9xS3VTbjRH -d1Njc1c5NUhvZnRENGdRVVRhdlhvVTF1b0xEMzQKOGJtTUtDUHk4c3VGSVNRcmZw -MWZrdTd0bXFPdHQ4YndkNlAzdDd0a0tLWQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -cmgxMFJEOHk2MVVQV0VHTHdWYXB4cmYxcjdmaU15ZFRTL1RZMFZMTmhCWQp2YTFk -SWJhT3p1WXh0V3FGYVVGMjQ1blJ2RjRGcllGK0Zyc1JmWWdGWUtNCi0+IGxndilP -eEVeLWdyZWFzZSB4RyBpSSB5YTB5CmNUTHBtV3lqRmx4ZFppTzFHRTBHRk9yUnZs -bEJsbFQ4MHR6cFNuZUJUazgKLS0tIE5ibzhONnEwYnRnSmduRnZuUmJQM2FKS2RE -bjI4MGxrdTh0dm12YWNpeW8KuRqzoQ32IvJ7LZDP+LpknCtLVK0K+W5R4mJQnQh1 -kMS1+wed3lWrn3nlBbctxsBFmlpHpj8hEBfXwb+lH4mxxUXtgvqVrwp4IdxREJco -ehP7ZrpKKV4gLFkWfRhLZo+J6kIlzfU1hnVtU0s+6lQ78noPajjPkB2v5eIosYta -VIJ0mXEhJVIHnLYDx2BD/BBH8St+vvUsGM3Md+NWhPyN9LNTY7cUB2Ae5m8yfI3F -bEC21pWsLsOek7Xw88FctxOnljhROnRB1sCnEbttzelaDPu56LrEbOVjXl/k+OTm -TO1dWZze8oVwYulq7+o8CyvfjL0Q+8Knuf9pjk263Mg0DLs3la3vKCPB/iIw8l/K -NL29DTRi1FK49EL+RpLmPB+74TUa8WwaOsregUf3sEDNBxdOrwKukh0K1tZdZio7 -/t/zFdZn1zgmwNVUvty2aKX53H5/qVcspPlOpA5INrcu2JqCGQz3c8R6GXZcZH0O -AZxopR12DkbWhsCTgROxjD29PcGsxa4BZxDotatkAYOfpZcmOELWvkqYV/wgcy3i -gVOy2gUHxTy9nDItr2DzKbLUNCbDtzA9aUVbhIGkIuu1oW1S3M5h9CqC4C0NrMPv -crGwDrtwkyBtuI796HIxpjxjIhHuhUdaCeHjGb/q9n632muJXo7wk2pOCx8f8wz1 -uuHCM3Ut/pEsR/gFOKZkNGlpoaWlIyY0utKvLcCLCsNBwhaOinH/BsgaaLx92r50 -TaO1C+gzyyDoIJwxAtq0uF2BIAaiHme8rcG7zoLE+4baPSKFSaEqPWvdmF0InKkb -V/30Pqmb+27tiPBOniS2NagkW7CuJqhkuinGmElOioiJhzNhIfqVBzwGQjf+cpK2 -vkp+vyO6ltwPkoPTNM51WCJUQtGn7RovwyjEtVoRzo05xl/1wi89ecTM+H9QXL8L -I9qFxJKLN7oFGI5TdszM2EbGAMxbUdSL4SL33/C1vFkjRGZLJdpbi0YjvBhDc7PY -lQ/h2KLlkRkUvWMMcRzRE7SSl40Xp4pxAWV1h9le3pVLMPnRZLB7uv00EddHRzZy -XXlEHT8Ge84mChAdbP+XZ6goGX+HVQWTFkaoFq/y/tBfEb2FFs4weK4VFdxWctmh -6xekhbMH+6uRdutpktzEhz45CT/En/DZI5xkkfvsxviXYYeZ4pJ5EeRUGbL6XSGw -7ewuDRYWvdgA7TtCOnpCDKeAgyNgg7odR3NNnpe8EdJKnW/f17g1bwShoASTWMg5 -w13DK0ITu9Aj65YGBm8WbKbhWoeGFNaVIP2Mcso+djwIGzsDrWIkTBsEJXb+lSCD -m5WCOYYeTKV5n7m2NBNRj039Sfh9l5EH+5+avAXemixGEwTdXEii/pwvsyMXA0mZ -rs+qF8hKDBP9GAyHGBjVOxNl0tLH2z9+OaNOomBrj2rrvrxLKTPaXarN8e6DFsdX -23fm6eg+VVAJ64XN7tHlZ/PMUyVStGUJhmDqGH24XWggrrfzZmNcVANc7TxCkKHv -Ms/wjpVwh+mH6N+/wVFvHYXz+SXVUus8Be4g6NFR9nmlAjHkXjK7vC5TskDxiYb1 -WR3G3WjYS6tbNKPvox623jQFaDWbGQN9b2RCdC2RYuMkSsjkXeCCefPSFz9TORBd -20NMumwZcHHDJpvq2c7s0c4R/+YIo98EihLSZXpXsCJEWXjN3m5m1cvtEedCMGtq -NkmMWq88gtRvlhv4I3xknWzlVHZCUnvajyX5/iSrsFDnskXaEKcl2c3k/LiZxMqN -qjMRzRbkRonGCV5io7Sd8BYVzcVXOznSn8Te1IpCreMwda6XS+3TRnWQsL9a0Kxb -r4OKpgGT09kzxTm25qCb4H6fLwLOSVmxAVd0PDITNQ2hIsUHLdj7McC+/mY1LsiH -IKOdRU4QmQ9Sxh91mNODQLaT+U1nhPaHpW4GtQLATEya3JZdXFyQ641meoWUZ3j6 -ow409Fibp/9YOyI6HlDkDsnnSZTvwzcCQmsWE6kDZZwxRpAYaTtCz21nT2CwcLFT -/h5y0gF5t0TZbMeuzCnsGcDlkUnCDeVZkLy2/wkmrht6uvGqdf29/tVoCtZXu5KS -4s0bGgJlwWKekaATAODw+u5VtgVzNR2LeZ7xEAEE8Vd3lYMmY1gv7o+rr4138T81 -4nl5CAKVcFRbfCN+ykP4EODz4086G/1QRPOeL4dlNRbqTN9LSYIpHh3i2W5YuLJR -XjbOiTw7B0rQh5d4lZbxcqc7pQd7XT5x6bsuzXIP99dFmJwZvNB3vVL1r/2LOQjy -HljxUR1sW2U1lKnP3gELqERI/lD3iHSfRkW6f3qQnvslSpdGh7J3tChE6aJ2PrkS -yG2rUMRCLfkQGu6191hhDLEnqF30REyewHO0LPLfx7nc4QNxgBA6UEP+KKqV/Y6K -A2BKfKETdcZC0OdGMyk3WL1RQYR2gyuW44ayys6FYKKPsjiBT3fIXGVZg9G37vTl -r/9aoiGGWBz/2uFot7VJBEKwWwrootMC5vpfyk8YMCVK4tdjQFYbpEotcbP20D4l -glGvDHWNmDrBtZJzgZ4rkm7a93koMJ9FA1cBi2U9KbxVuDu3jIzawRqIDE9YHOaa -TplW1ryVTUMj+GNsIRLH2NGD6OIp/tH6k3RTFXWLCUeC4HIqBzxfDyNVOEA+3IgG -e+oRBDtOoGhrtpYGAV3Xj2BNwIaaDKmLkFnMaIVOaFs6la7tqa4TwFEjkiQVOP9d -Hvbv8v7vKST+FTD47jwu8PcOtv6I3ueF042UsoobJr46TF7+0dHpb3yxg7sr6JbH -etLvay0WsCxFYeVBrb/XXo9nvDhUxMOxDATCuO9ov6zv6TzLYNV/Iu/2SQJf4Yip -txbWNYaXmOCS32s9WUZB6O3LzvOaeJZUbsmWP2WuMN5L029gC+V3qtUGLYYJIt6q -oX9ByoKA+oXgfjDMoGok9KxFO+C/JWYB22byuPU7/oZQIZ2LRd9IBp8OOyTIUOez -BMpKBXGsIjmEypZ7JGboSG4nlTV4aw77R3DkdlHT4+QMfBpaKx6Glx4oL0pzNrzh -LUXzTNmVEvX6BPZS6e2DvosQMyPjRUgvbg+tFKocuRtWu5eXv+0wnBWGrIkqYcPC -beIx2xjx6x2ys1Vffa/trjm6khovwT//GhbwJqeoHDF8qxTqEsLXjF4aKqbjjobw -28Dj8GAPxRjIJdGiPwj2TGjSB4F5F2qOZaxt4vciWTFrrp0QPWs/5T0TKulaq8xm -Y8QytBX+kaGwZ55Scgvq9Yhk6KXM/Sy+paTNocqTYAequm8rWURWZPqaiqdIYJ8k -0/zabJ8QCBncnkiFCOeec0p8RJ58m12Z/VykGGZ1cb60pA2vQjRj2ru5XXd8ugHd -KHvnwceiSfDlc/MKhxD9e70aDbTNZiMEHRCSG5MuS2TuWmf9iFPPyVIxsmUEW5Kv -STdMo1OYfW5uOi3hzShKdUHFlT096ZgE2RUmFPV/cu+7A68q98gLCWWcQi9c2OIV -8eE1z1eLbuCto4d48zBAbUHEpDhOuqUwYhRrVbrjUCnIiMJ5DIcfFPP/Qb6gOueC -AFmTn2tOevz0nMb0PDqF57BXS6UPSVZNXo7Yav7+MBGEiDRGtFBspTcnYS7SEzzS -JlKhI+YlKHdJmCN8rF0TiVaiCyRGCEY12X6qEmVi9Me158lFbOcjakY960OkE6vT -hudCVktRZ76fAlHkahvPxFW/V543yNjvSAgwOwS2xdSSShmICt5wKrrxEYZ2gSsH -AR5kYmSLAHIQPC6PgxWAxax//ewSvDlFUKd+z6OnxsbXvTCc8G+q3kyFpQsQpgtJ -9xw9yUM/LZ5bwbVHt/ShmgpHuRjg5NymDxXfTsZseYOYY84zCSfxeD/exzf9ONJh -OPS5nDjcW5lOGMMCs+wXalOqu/Oa3va+oxx9X5SsqNBDrNHvb9WbI+lOKnWPAHSj -ax8HVR2AopO+lFcQtKf8Rg1+Mf6cSNXHx3+yMK6zzIsUF16RUqgcOTY49q1kNdL6 -hqt86U/SsuHqJRGD2npNaQWMYdWYp3Do0T0knAul97jL9H26YwPdCvIG83ZFtMK/ -H5DZ1vR81VEnLSr82vHkPEKp/Vch6eECxmyTZqm3h2DDwNojC22OMbni0OULqB/F -QWjHLHsxHf91zx/oyKoaFziVXoMNJZ2O25HQfUM/UpwdH5T+IwTkeedsy02motHw -T49V9lOWZRXD598DCg37LI0H+wne/8bCfmJq+a70Dx3eoaSUtTeU/S6oLcoEfhoN -WhnQscIuIvyhTlVvi6T/SwTeRBzmtwbIssr8hJFH/Sz1pyRPnfmTDCx9Dhv3/qOI -Ic96JoSSp6scICiy6bBo1d1r7zYkydsCOXdudBHvAPnv0k0klpDZE94ZTHsRdSr9 -Ov2qBc+7RgOX+/Y5qI06R/oebCQdeidZYYlBYJQ+POfCgWnBK/HJ1pXmNsz6xOcl -hF0xGdwSebLbA4TcEY+QlSvdAWJFbEtedpqkwfCRZr9uCkwsvCDZSpelR0GW24dj -Kei0PDwEHdKEVtDvxL5M1ttXbAaS2XGvnIzEkcrgGGRkHqq2/RveNMimNLqnNknk -wNWwSzqUzrKcfztV/MdPNca0lLbYvEHOtnsTnFYsyjO2OYB4Q+OuelU5dhGptqwI -zwZeRfmuFnG4mK7YPAgVPUJYfRfwf4IvdUwnlh+ZwVaTlHvqSlKn4/2kuo5RO2I8 -FnC3do9taB25RhoP3W4pfxdboGjJi0dQr8FxJ6hYnwq+H2pLKKd9NU2+EMpd73LO -27f+RtgGHFQMOZ6m7PvZMFDyOGA8U1U5+IVPcPa4G9ALWVpwhMnypMTR0BhcGQTF -ZvVD+f6jmapjIPbnWVdkLas8DDi9cKzhDIaNzOuhn1mDPlVjEzapSnR74ljrbT4t -0XqkdNA/iOGSc5H0g+Xfroem4Ww5Hon15A94wDSJGVTsGtt9UJDlau9dUYwreisZ -Jp33kx7syQQ+rzenEprJESwvARosnxXtdHM6E14HJJv9Dbe9O6alRKDDUHzcsxc9 -O14eYD/SSg86pfl7uqJQaD8q57yRiIVSnsogMghyMDEjnpbcq8gLgtN+KWmruTBu -dW0zu+ld2q96Q/zhMegu2Ppj4FAppZphZm3paXyjxGn6XCy3t1V/PWC8b0QGirdr -vsI1Z9FdbRThJqTja4bN0iBusSAqFbk4bsCNQxNTA7rTfabpPWql3Q+QriE9CqcM -1qUMMYKCji+3IgMOV2SGDd9uP0zjEAcu63NfKOxkfsxEb+Ltg/xXaxR59AKnskvT -aCjIuy8GZ3v87l+qjbpJUiidziTwvQMLeMvvi4tZOY/T9iadqKvg3uRa1M+4mnGI -GDF4oTy4peRi3abphG8GZO0yRyZ1sCRLj8yhFAqPqoADYEHdeXIH7gKsUCZEVJcr -0Tn03pHfiPlPcNKDAH1dGFbw3UjMrZPvPXQjHCb2bkeVZjpTgfZpiKksMYgjtmDD -hhm8m/ZAVMmFs7aciDb6OFcu3ygyDZj10WPzSXNCUlTHbcpcf4FCYSeHjZfq16zl -5hBwHhlUJjaWxycXubdApCJIbqveFBvHOE8ccNnAyovlMMfH8AZalDCQiC1DcaMI -deaOSrwD5PZmqotwwi3DxzrLzKY9kdzw80n1V0Ke0fXOKNskNpRi22az0tM35JfC -Ny9tLVGNGiz1fyydcgyVAFIRxEranYUCeJ/dJcr8amC1c7LwddoQeEY0A7j1cge0 -kgUyaaMcLWJW9AfKNFQpcdHwOTutnCKUwk8XwUtGSTlt3aXikDlDDvV3JKQaCrQa -BRFPWS5usPzn2BH9k/UHkKdMqnM23edhq6CfsEnCu8f4x6iNowUZpU1Za4A4z+6R -wjjKfGQAnN+CY9lSAiVWKRnGft6usNcgZzBVfns5vPEzAyIJlCWXWrXxjKj/VdXr -exL/xln0ZAAmLX5DMxUgZ4rVYQ53LreoW+yOr+AD7pHE9x3LYceuSXH69w9dOjgz -GnTW8uOnkVQte+xNihzOUmopQC8iQhH9sKALx0KgZM8A+ojXRqV48brH2KhLj1t4 -IPEg/V3kw2RAM8jWnfLmnhoHReF5eG7qTB59WYG15+Ktrh3Mhr6eEtx/gTAlZfxf -MgZ3YTjCRGofc5+Owe/reiUXFmSeJR41rw5+K9hy8PbJdkMO28lLlWAM5NT/pcMy -/eNw/WP7BVB+SBTyAKwQrb+pKVjpXNScLvDadCpEKzympUNSiCsfk3CRo3gR5/PQ -rvS1je2BDfwOTWr1XPEjkLtZ8wDaLGMyXud1Xc1jcXrpE8tuT9yjjADI0pgoQZ/l -+M93vKO8qp6VEg4ahCtjJLSan6JAi6ImYh3evepVsc2Uo7S1KPlcM7CYmPHzNayW -EPirTjn7PoapjwuYW1sntHsWunm1W7poTFp6f4a5V2YetQBTYefWUYQ96w7tidOe -gcuaXKkNkopLJf0QzatpoBJBEjjVC5AkHtV+I8XawqsBQZrCxstUYVPfCnIdAuPR -YG+oZj9ObRuvcqw3YyYFw7X+Ark9cUaEIFQpEhrhrkclIJ98Jl5wQQ3VgWfi85IK -eMCpTfoc9+5Dy24GN5uYA58k0Zkvgnhk6z0gIEYeSKImfDpfM0f/wP3de90BkFpd -yeIO0ynsge8FnB2H7NsDTLrZ06pintsC3uM630jPNsg6w/ZrC0RJajaRGDBvsILh -K1PnQ6tke3jWaMr/jll7bqAALz0qtT2ArlGugM/4ReJnMKb3AoJgqaDKM62wbNuv -bfmaWfT1/fjYb14KMu3+0zgvmvv48q8KInXH/LyhIUwHWxWkJrC/XtvX5U44Uddf -dWm0wPamTt6KI6DtIzI+Ve3t5cIzVVHpm9nl5zKaPRpP4dGFSV9LmjsJYDp9sEgW -bzX0o7ffb/DSErodAr8EnR1UH8orYmdohWiib2icr/25XV3BLmxJyrdiSR3I5uLe -j7duGgpFzZ2eRf6ts6pqVlqiozhjvBSybUjleyNjV7qF10rC6kySCpzNE5pRDF9W -oqDJ+zGLhHtrp25Awgp6PmgFadTyVBLlFB7HXtH2q5dCqcpz1/NXMrK9nUJHUxiu -rLWKH4+lUspxq+IrRxaSPhktDVl7gKGhppyiUAHvLAvry6/u1jE6adEOKHkKSY1S -DI6bYsqKmod1+1lUiQOXLG7J/F5HHWU2D5h8Wc2sl7Itm5i0e8/TcjyYRBziEucy -lJtCdTQXWm5ylLjw9tIW7I+yo4m9g/Fw//o98X1GSJB8BmQz+++p9E9ROeHinImn -Wn6Iz9uSmHKP4M+QLk27pBJ0ZGYkzG3WS+COk+bfNKjTASVgyvZiYDZkdSTGWTAB -ToHB4p0JnHrdiVXQPgYHouIWM/pl2o40fFUUXRSkMzUSgsrQZzc/ObddzuG3EV1A -m+ZBqHdXI6ThlUlMcBRebWYcZuf6fSg+8K53C8Z6vdmDTmd31oznkHXwVKaxQC7k -d01yQJ4xt/EMO+Xz4g8OjKh0Xv9egHYH0HtywlAg0wEUEszWZekHh3e8o+jlHfRF -r5Ai5+SUusJsR73uI6qSkTwcuedhAu8ba9y3jOnJcW9KZT2RZh59Afh8GPzk4tRh -ENL1XhLIWjLEWvxtvjuRE/QIq+q6/b14ldc+xfJ0ibqDREhvtWJD5Ko7mZVecd9c -tvcQbTWikKqQOvGNU6kPIe1mchWkUf1Zl0T2cFMYLFQjxqy9m6W7NcqO9aKHq7a7 -iiNvEdmoOUxlXi23W+vcQjQTfjQeLFCHqoEo7YZk+GTGdP9vpk4Sucy46gq1JEfP -uOOztv2/STXUPY4dbJgchWCOHMlvAS1AJbBucl5VqvUGmEr2nfcefcWw51KaPne0 -YHoOrCK0YbOxmyVokt9D5tcaf6RcZBQ0JZZdM8+30FpkUhAdBfK4AgiOXpFdeCEf -QWgfdI0N3M2tuH9N05SeRI+L9/3usf7LWlY/GtlenP7gL/Ru5ax+VX7zR0KlSdNJ -xyWCbFL6pOQsOWQKpX07tC5yBUCPEmIXD7Ul3903ynNgGEIiyslkhwT2ewgr8p92 -mZkvZhXqN2i5VmHZKIDGZnujxyjU/nt7+mackB0beSVWSeLsp/JLTimEJCYemZTb -KqvDzFC7bnxj9O6YqoHtmEzyY2Dzm4FdsoLjHQzR4x+h3++6wSok8bp8iQ1w29mf -5D15wScQO+R4iND6ABPmnsnx81Nh3L/+4fzqvTq9D9rQCjzw+9/1ghE2l483NH21 -FNgBxBRFjAKzmmJgfODQkQlqsLdmIzxok6IqWLbWJMzkq3b+mgodU03nfKU7fM8s -V5Loqva/fc5YK9LdH5d8Dm2hDO2BQmY8mzAdR5QZDreuZjtwVlY/iImWztEjV/Vs -WWIs0F+insOkkJqhHVYZSY7MGOpZI6tyli0E94zOEJ7XdP6IA8X2D6F+dmJyiqRy -gdrvVcl+qViVKzRclqf1GQj+NyNeCe+REQCYTpdMo6Dj+ZDM7wi5EwOyaNSnPOUz -hzIATTjKewLMrtPc+NnoY2Gc89QzTgTZPgMKM5yjJqSB0zzZWh0wtzNrV4a8Jj4R -CuVS28NVDyaRa8X1ah7HTXST7qwcorbVaT62FuU0s9wLVE+AhzncpbhV1xLJs5ML -/mMGX3gs9j52W0Vn4RbI2eb3iyR/6sfP/nb4NekWpKyAk7Lul1Ak6UC1KvFfgdhf -AfPp2WvxsA6N10ke+3nDxbkFtuE2v6Pu1c+4sIypqbjTgsVcC6Qo2H6Y8OKjW8/v -nu9BQRPh85Y2Bl6gPi2khGbHtDDCbFKWL8n7M/y9OlT7w9ROZpi2TMNWuUiLo+8T -bULfHQTohmEFJr/G40p8QGh+01K1iC6ZlOXvhmOBe9MT3erHHMfhHTuyuUkdMtx6 -L3MoxD4w85Ve2/7CumWkhagLpMhd3OC5ilNnRBHvDLJn6FJDW0oRI127goWzGYgO -AtnTtWhYINkXUcRy+WulnWvpzp01FonA/A1T8lQ+oStAlLPoMTplm4fTRKAEconN -Y9Q7fh8bXA056w5m4piQ1qJQeZPwGkXbBQQ5LKZnwYeRUcj3rR2Hp9CeG/vXCjL7 -Rst95fs4KcWV9c4F25lS2IDtcx6XNSSWtvLBXMpezt0u7JpLtjPTYQzBLIQ8tb3W -FavnPq8ptIpT31djh1qNXv6cY+T6H9PCoR2ODbyTRYDdZphDl+2g17qCVitR7lok -xy27Jp/tUV54knMS5cAWb+mjgCFbd1rXXtjEtWxXuuqglvPqUNVaDFS/s8DpBlpT -uaIfXJeCdnw/DjdHuE5A4b/eaPJsCgUJSiY8NJJfNvemfXtN4S+jz7j1hH5/MQkk -GIPPUZLGZSAYvLw5u6+IAxb0b5j6r8k7LXRJyTHdYhqPUwwZ2JFLyyqUyWgiZshW -ZwkAIZ7XwwDKpjZnwNDXfxXy6U8wNp/APho1zAPAsTCYbkjZ9WemikYXapBPhWWh -ZEv9J1jjOOigoIvFwV3HaXgjiqF+73s2oB+qqqH2pB4uqcPyIgOAnBAbk6v5g39D -5S/IswmTrdZYpurrOSHFxKQBkoJvHaQqo1dflYEAtoKiCAfBh5n7+g4qEWjsJFF+ -GuWtTnkfHsj3lHMo9yDUW4LAqDvdhCK0FuDK8UNaziA8++2Bz1sGliu8U2erUIk4 -/4WSYoNaHFmcgq9U0KhaIsFV2O60ACJ4OYIWE9cqqJiZjfZgWAuInqNFNGtOYuaY -TCl4CRsdS9vi/HtiuSgqD3hRDPMNrD8E+Gf3q/tUIOBysP1fTxSpZt4eBVVXZpZA -Kwzzo47Mw4+y19z8wyIyzAoo3/rObQpIpWSxEMtzhgoCyWfOKxId/j7rxM2aRVA1 -DbnIIrSJshszEgV0n7LlTkjmEIWj90ep236/EFyk3FS9cHd9szk8z+JA1ZTYCWww -YWNt3uwE95oklQnRp804RRawaeOSqfGncBNnh4HH4j/XIWXLS3s+YcqOtFgG2U2h -cwVJsYZUFKC2XSexh4PQA6cboBmGj/md+Bbc/R1KmchVCTObtV9t/KFWZCX6hXZ+ -QPrZ977AOtv7RrA4oj95nVAXBAypmvmwb8mtsDTXRrkkygBBeOy3/DBVv5s4DyCe -G3wxGklstOFW6CIzOdCSgHr+Qaumqvrod+bCMCMartin2LN6ZBmuk5e4Ycj3EsGZ -yGwSgYvFPWG4+78KRrfvLEeFNAkSimOKRNzQGe68V+CgML49oiLAXV2EFNcuzdQ/ -4WOwO7Hzp1NdN6XIpmsEb08QVIsnLwMhWO27l2gyLGKLBfxHQqXUA8qxMOS23y5V -v3qvUqN9M3F66WpCrqrc7mDPf/nITtf0M/AUBZJYsKNDiEmcYrjDfqDephhOBT6T -c10iPsu8buIGCDeflKE6VJy60RuU6R8CkR9rCMdNXkFvN8OvFbvOXQnIunvF/Nwo -W+EIIAvMqykZGDdnEPwxmWBamhlhTS0H0mOfhbfm39/9SCILXXiftHqbHFGjRG63 -jwp/6OA80ZRa7Mv4+LBL3tyDNtmJx3Gdheej/DL2cAtf7GyQp07EhPUBLxSQ8iA7 -LdiTpjc8O4bTXPT72jZQfB9BmAHIMlnl9H1SwzQNtH4y6DL4Rr+2CwBtl3do8/I6 -WccGDst+SWQPEn5SCswROk/fKNAoyd0j2CEotGwUNf1fD0scGfYH03YuFl7ooGg8 -9UNR+xqVDnmP/syVhSovz/9teFTuydjLsA6J2/T6/qAE2kSiLhylpbeHZN50tkkC -bq1SQ8YAC1/tZbGajajMmVkOTnsN1ECKSnoKFZ6H6v+FkNzgnhzk7j+TFgBSGH9j -A06UyHNoOgeVvOlFQTyI2YDgQ4OUT3rL3cvGHcyfnt7QBfZWz4r2P3kP0eFc9ya0 -a4/lHKt3U7igMWA/sJ/MrDfVTKSSoZRsI6aUVFg8yB5FU22iMPPL+3J01polN4OP -HFLGXlTWPOBNNluQv2K20+kdyVwykduNB7JhotstjEfBuBaPmyv/bhy6AJiHL2Y6 -Jbcz3mxDZCITzWsoLEWhJCtM6+8lQWDP1Vitj5cQO3sko+v+v+IH2SaAuG8PYfhV -zdOBC8x1rtExLH52ws4nzcOZ/nNt08XI6fsTnJ9MLcBLrr60ppEqsCYBfeOgZiD4 -KqeeRGKW864hZJUYEJpN2CABx5TG5g0vyjMQ9n07a3ma0kKA22oveYGJWI4Qc2dn -Xtnl0qD/jEnOqU2vJSGanAERd+wQmoJs5eBNzBxINROGwmgCxkTlx3jsBAp23Mmf -Do2bSF2yMkbJSjNdb5Ol2Qo5d+EXuadFZUHGfCVREs3uD6PqLx9E50UHGi1/lzU2 -TiuHxNnQ7OFFewLzYi9OD7uvaMbKfjbz3ppkOSQCRVRGYS/0jtVTjBzBFVPHBNpy -nT3ZH8El/gISpUhY2RCTAX/JeZ0QSJsn/NVjE1VRcH7uY361v7wsIX04eL7yJeOl -q/u/SQ+3kH7ZZaZqI8BxaXPobb8h79a0MLOVvlDorfFhho6NiqATOuu1/MpOok7t -g3PAm6DJZGIBJDHracBpZRSbjgpKAsiVBjw1noMglWk2oJbUitv8QVcKhbflpPLD -AFCJKtksSBwmEcsZN5Hk80NR2Z/0bHIVodyPlHOjLOQpDxbMOtGO8g4ZWQbQHyyI -vqNdprNHwedV5I8w1IyNfbC3vTI2OteEfAlEeZDnSTaiLApDjHeddeIftqNQzmJR -iyOWhOm/G8gTQ9VIehfTmnZwiH4GisywVVsksltpH9GKL2ded8tY6ket/3bLP2vB -1aXH76AZ9qGnef1TIqFQ57+dgajJOzgMBhEBmnuDBOJIvV5HiTHzLSrMGKtFOWN/ -62LiD88DumNPnM0wFJ2Yx1L2gKlYvHIN4/80GPgGLvZT+m5T5LvIrbBhgg5ucXHD -W6Knmv9X6tFgEhwY9VKdMU4dNFg1eG3LaovXrj5IOGnPM9rqe3qDsTIFG/iEOKzd -HqfVrASJ9IRfrQeLt87vNgwReKyXvsQ0tvmIdnGpdoWe9XtLoBXA5LGjZcEpOez9 -/yHxWc5TlMzFM2ymmEOU46SgKtIcUTgjpdSf0Y27xvSQ+8o5myHIB+olWU+kvA6j -zvAm1hzSfbizycZ1zaT2C7YqUbQZ6QG/uePk3i3n3myhGIW17I8ss2JBPa0rWm4j -7Ds1Bm4yai+ry6YAaQEDejeM4GpYujgSEzXc33nFrdlTlaDt6vau7LhA7gPlxhCV -6L/LmKflxL1fCsUdbC7iqxSD1JgXEl6mDNy2dfcYNlg1MsY76Rdq19NSPaKSvhJ0 -woIOVRG3uTOgZTxmygRi8rsWZmQsF0nXmqjI1dLpNkTt87ZgXxJbK3cCMyfJCYy+ -kCKYChi9w6SfSPC8625TtawJ6p2fl4QvWoW041Zt99Esg7BTevKQySjZ4u3S9uC/ -pgjr8mTg7fwg4zJJ/MPc8nKIVrMILj/U/IRPWGwzq4Gq5QhKVvBVG/5r/ZFRvx8W -nYJJVRLaMqNL2oqeE0sjIRA6xV/+BORcCdgoVOlsqsL78XH0hbdpzrjNGpFt7WEs -HdmcEy2hMZ5HSA/Ev0vKfM3RKmMmXwjMZN/Ve4bUbTME+mNRUvJEJd2PRm1SzHLQ -lLN9qDViEZ7qosQjJ2e+k172u4g2u+eY6aqPa2f3HwDCbnoaJ0UC4nFrHPB+9Jk3 -4gtvgKCx/oP2cOvcFyacYwsOcs/GVXzcc86syPaZpNGr20w7N/+c1k24OSxUrXDP -SC8yQ0+mR2pOzjO3xJn3sTnY6U3ib8nC8q0uy3DXGuWI+ujcEObCuYd2Y5oG2oSy -YRpNKKz52yNrR7PxWNFKYbx+yPVSUmyKkoTj0z2Ce/NkRLrqSTYWBuN1jZlqV1SG -aaCE0YKjBvHe3rte/V6pCnHO7TwlaxqQWzX98a7WhhBFNETZyiez4SZSKcLtAGoC -5Hee+skb+tWHvnnesz1x2Xbc9kY6oYywHls0Nh4N5z3vYo7RNR97p0D81JtVheul -j0Vza4dqE41KLHWxOwLKo0qd0OOFm9EC9F42MakZP9xbV2G/1clOHbG4P2AakLho -ytQlEvpFSKVd6XsShu3jdok0OmeWgvtx6LJ4QKMhdfOv48qaOba8CdB5wQdTWn1e -orq56D5n5+fMGKfTAOOb2fPcIhnGY9oYNKc2FV3rqrUXVlHPw3f5Qs5UlNehF7IY -Tj+y8tYt1i3UJSPOMvxmfv/PRFhYGnCUdP0VuduX+L1C5JnQDa17pcPghmxHE6EM -s1BLf/W0YKenbjPNPEhswUtn9fGgZKKtQLPx8JM8AnGwI1woztGKlHNdKt2HbenV -3TXJscRijsMeWfbekIlobxL3SSNaLRWt9X3He+rNKh0/Up2wvLqEP5NUvUPh2j90 -2BwUjt/S698+Sx1VysFeU/dzMVpqyHZST1unVXbfd6Tc2DdyhvqsZxTCSjjtlhfK -JRkWFvoVmu1m7A72iNGip8HiXJAuNCZlTfLFmK1941CDfhaP4XyhBNbqQTWVX5Fv -9f4tNIqrClwHC3XA1lA2gnaVrnrB+MkMkNhf8j6Pjdoc1pOoEbsg4lGI/lWAcfU+ -psvFponGZT1lYDSupanRM2Mh760L8fdI8EjIHlR6be+7KvZG03GiDufCK9huxsA2 -ZeZ2JIV+wZAlYOg+3zihyqRRpQsZcODXIzN5wyOFZvUxNUo6GC24skAFAwEBnAWV -p5/fiCVB6s8ijA6uO4/anmSC2viBhMNhhUVRSHpJBQcZDzEoX7f5jJso9nS16pFV -lxhRpv4LVOA9/4dSF02w6bNC+ExSFAMyBo9TUsB2o9USTw+mUc0RjruFAPwdj5ZE -7YfbrwgKonyi1Ar60UbubDcZRxGr1wbIn0dz48rz7CI+LfVvQwz7OBx8YNnd9fHA -eWqLrRwfCDkXdOqdXCuTlDvXud8k8IxaiQMyOyXnJHrO/Z6DQjqJywIxs8+tU5w8 -K8PgeSooIshWbGMIVuSYcPabnKuUfOw/Y+zfHyIGo+RBKs0P7eZcikPo/+WbBy0I -KX/Wei/svMneKTK1vM3QpLbGjlylR/f5lXAP5YloHSK9+Gw0mVBHM2AqYpc9VM0T -GO2fNL7LKQGB/A+S8Tx9k0ULyDheMTY9DJFyxCGBrhQjRFe++R8+Aj3LOYrSm4YK -/dYqoq34uEF3UqWT/nlmYiR5XuYJ4ChN7xlS3T7nJqYUa+gdkU+Z9wYQ0NQjQX60 -3YIDAT2E6SqjLKATWtoEN+yUu2qK3TXFILJsbnYtOIq3baVU14jLWpu24wLrV4xr -SfI4tpFH03rmW675nJMj1OS19w1B2kfMrs4Ic0cRXHWURo1GQYmJcBOIMOTiRBRF -FjPaOlNQmJQGen6oTLLZ1oZEnf54OuEUlx8Sqzg5UR91ugAse5eiCQWsgn5BEsix -qJ3OhDGeVLW6Eiv/BssdI+BPJIFkl004xwBn6G+iXmwWrQ2GPBskDeDSjZU+q/y5 -fCc05cadkN77Fl093WVlXALHIvFqMkES6yNH1B78jg5lOXn4CvNdgngl5sm+7GtO -IxTcP3OJBJkEXFkQB8sSzW3sRiD3XPdLGYpgEExQhfAJkk2c+5v4sP8rWeBrrhxl -LXQUc7L5fcvBvxzx4nyyrCFMX08Mrv5KvQyxyPGvr6RVAhy0qbYHuDTwXT8JYHM6 -/9p1Tx0HdffzFaQewcIvDjZ6Uo0hdAe73N3THsa/ACkPyA3M8PEFbB2KCfz/F/wx -0si0FdUMCICOWmuQcMe/0qSNeacGYofrtY2DZukfDQJggK3e47kLtAxiqgU/rqLL -R8dOR7jjx0OGuLAgxKrwhJe5MTcTYdHV1v5xv2aJw/IjpktwoC/N1h+Eqqtky1Pk -hkElTvXcIxAnM9t2ruaqzuyZHirJ2hkVGIzeTTMJmKUAg0cKeUyJcI/CVUmJIciA -mWWDBduk4CB5l0LxHgOJhPaejzmUs4D31/u8gRk3jJX12YDuM1S2E9eyPs1w5wc8 -lEb0LMlnxg00aLSaQsRMNp5DXfdPZsd3dxrsw6vG5pzXWXut+7avX/XBEMb2TpkN -zwe0yA94Hr4KQamOekS7xvMgU73AFRA+4kTbMRi665xOEsix9olQtTJ4AryNyT2L -L0sA3HFvkwLfdPsm9JixjW81G138wi3AiE0xqzlIzUSlqqGs/Y9AprPva9DEelQ2 -AtIjTKVVVwrffRodJDPjx6lvKo2KTHfWBfvmvtK2l2wL7cxKF/VE95PjJMoL2Rpv -Bi/85pjb7+5h0gq8zGxt735oPCJuWPlQfMVguAc+51lll8AXtYSC/CMsKoI91f+Y -PM6zNo2YN+nA37ECkb8+rfmGCaxbt3068gQ+eGenKgucwgXDPi6Ggh6O3TO4k5dO -3I+xbyyGg1t1OaKQkqiXXsKvNu9C/2S0TYQOTCYYUtrahor05TjCVK/VYXp80MGf -zit/4S8SOcq04ms6BwwK5LmVxXetshpLB0l0lCK+l7on9lWhLW9dE+jP0hiYlACJ -1OZ8S7/vTfncvG8OjJImiqOAt3wVlfwrPNDSSS9F6Vumb0OOd8dJw8awfsY5T4kI -rUlwXtm6/0g8VvKVZNmBvXqMNlV9LiAOs033CDCRHzbalXhE74c/51EMxUjymtqB -omHyjqkPZePWDIGKHCNm6NlheUcC1SK7Zv8jxq60pEmr5FotWnY6h3sti6Tn3hk/ -SOsB0hltN/VZ75ZX7/WUXlq12r2TUz2+ViWBRyMwfOS5fwA2gLCA26KGtiwiCqDT -NNItCvpLzV9292sVdC3qBzZcG23Kti1Ij3t0sflNHWE1Fy62fbcnU3w3oQssK3gz -uj+PxPpuRkMSbHckunHchX3JgrBIBnGHrEYxaV7WUC3oEz7srHXw6yIIf560M6oD -zlm8056Z6ViA4nDCOyRwb//H4I3lD3A4HH7tbNimBU4qUDnhN+sdWSMmvMipMgvh -j3sV/2nU/JfCPUuUTTqq3Afe4kiTQeSyg5MHq3yJoCrx78cH1Nw0o8MCJx6dDROs -ZEMqFCjlSKS4TTyTw0QGIMYxnDXbswdQSgnzIDLJjTg90Tm9/yygfewGJzo19djt -udFr7Gexh1MCjyNtba5wMH3hDB1tCBbUZBrel9VZcW3nhqOZbcPn2SwD7r5DjkIz -nqJxkHYYbG+kPH7LOA7i43F9yCs8o+Rd742B2Ytnf2A8B3ucqMXAEDNF07gK1KDs -b9SEIRAquym/b4RLfDrWOCYdX2as38+PeDPokeqhWaSg5k1RWNaoVh7Iztxrt0/i -XjduEpwaw3HeLv656MFKf70DKtd/IBmAs/d+425RNxQlnTshogayT8phmDJ1fhb/ -ASGKWEKTgEQGxy9/FjROS3HD1ZmIn2Z0BRxdu092WYAHI6QwNQVn+Cmg6UgwdPHC -7eRcL2ll8G5vSCVwGAa2ju5isRvVkyCfZnkGvkSiU3vhT1LBgdFV39Zk7+EkP5+D -fQOn0mnKRQbPlQ/frPbePZUrPStgg0UVbpbvpHkjvBYTGEtQtba41cYWAPPyA6Oi -mn9QeiPf6+L5K0VPrxh3cDUrH1vnXM+wTo4URAA92HAXBcWuhShX+mpFrvouIa+5 -souPiObV50kipG7g5RX6Sro1yfsC7pLsJKKtSuyJFMdZJb/mWWdm+15+V7wiwThf -9dKhYodFeKiGggXhGwP1Uoarq9lFoxDRz/5tjLSV9Xmlv0KEeEJ6k0uCg73OC2r7 -jeEts3GDfLKkryh9Vxq7DQQUEBZI4Cruk9nwJJPApDS/FO3fWfJa2SDbdYgJL03Z -LZMC+JN7Z0DYUknIjo+R+ToScfmqyQROy5eabl3vV/XanOT3BaAVAPe6HpwjBb3e -uPGIFEOKdd9Dmc6sWcl440sb05sym0mZW5ObEVleNbpnLkBq/tITdNJQW75Fx+uS -H1PTyEBaM96/CAUVkISGaOFzOjTjyj7Rk72ZQ1H5lmEm7A8kzcpQ/+oHy1jY7WJx -gQaFqp3zmYAXbVKTGZkuSv40gjzviYUZtl4iWIuCQutrbYDKEjkdPKKVyiMl1y60 -n8+fG8dWPJNxh5xGffckJ95GyE4tEph3BKRzKY/EYY5NDKgGiFcrJuPtJTzS7NBe -ImFALHyq2iYPI4ZfVCS1PbSmoApcviJg4RpjDXCu03H2CcwgFmniIk/yHcbVhN2Y -/luiW1OHggcy8IcedNWK1IIF/z4bS6+0cavYCMT57uAm53GZMp+j4AwQReFnrE+/ -ryink3E1eiiNcAMlKOvR9isFM2Lrw7duV6rpUQkG1ej8uFga5IeCXSbBB9iQowkX -2deGYzY89OrK7IlrFr2qsnidzy3Ggw3Affnyyikyv8MFF6/6ZUeeefOhFZ0onkIi -i8IsudFzW/ZkCSLJDu5YyfE4eai1R0Qh1liF/QXPw1LRiSwXAhALzzR9bPIEklSf -my5or43qdSHlA1GLGNpVlZiNJOmsCP14PxsFuw7YQnFXR9HafOghdMtBPKMHqUIv -J5l1XHMM8l2eFq8pB32G0tKrb8ZvHH/fMMBNFO32WmQmZZRh3ts7sw/jTc8or9C2 -K8q9aT8Jh3rVg7bi0SMkxLbKrm0McLP7cvJmCC0MCxGWv/Ft9zz+8Wf6f3B8cn0P -86NAeRagDgFMcey1+7n9XdlkJrktC14Tt14wgUazDy/Oj24B1GgyiIAKv+AIU3Lo -fAqnDeadL7bE+BwQy9KN1PIBiLQrNaY7HW9rDRzYHORoQMlFQNBcX1k4jipcRAFa -gvu8yAx6IZ/vCMlGxfLVGHTGT2pP3meT1Q2H4q09jvUfDHXJNxtDrUULJvjo7sjv -MCz7xmp9h5v7lmiW4c0QQKgcU5d1nFf4ESPrIAgfjGgTwLUyPrR3w0kdW12o4Ca8 -ypId/vQRhiVEIAorASY/ZXuwKKwVH31i4Szav6hYei4OiAUo94Fk//C9nhe/ScdF -/f4Rho5PbFEYIpGOyn4JUdB7B0nU+JFQooTWQtrdHzwUNt0Lo6rAi11BrMMqf1u3 -SQ+3w94YbPRBrfW9YqV21Ntz5qJWilJgmZOQq1ZsN5cWAb8yB0+h51V+2yhfeE/R -+sOcg3hd/KaR9OltOYcC40bd3M2D+zPDBxHurjuN18wsL0BiaM4P7c/srUowExnw -zg10T15BpVHZODElYuRryxufb4nDZoW0JBeU0MxMniApVEL69qvPQ2ES7GG4fLhp -imljWU/7SaLEF823x5Gt+kVZhg5zBso8aUFszKL9K2ixksmMjCjWjqGdqJTrjSf9 -QnGDEZ4QoIdD/5rf5KV4Pl9hUKacm4lv+7shjJgvUeNRPPPn2nRTelE1mVZIv0wI -K6tteEnm/j5rvwbEcsKqfE4jYBqAAB8Nbw2bxKC6YM8OlTkM+HaUvWsNl4CBeb42 -iZutsEGUSGr2QIBVzDG74xQmNIp1PFxIeW7qLXU8euC9OxGVay37gTtPcJh+xl0j -Y21c3JZqgwrlcF34s/rXAO9uhN4sKkqyKJE+dYhZvY7jdYaDRHwqNQJkjR94XGeL -+N84L1IYAu9vD5Yu0Pct5LFatzerJQYaGownAxFifZHTARNjovq6U5FeeJIqU4Vq -4bidHT3lkA+f9s+7apHqI5qNDYJ5p5J6VXApZHZ0j0gCOWITxOwnSvWs522LDD3q -cVPmmf1t47x8JK7r3Gi3jRy6Zo/k3ZsJtl4yOc/vZSjHn1mMa6BLp90pvCy7pSKu -k3LFGDl/CXTlJYZ0OeD+3zzk+Gyo+cO9Wfm2WG/W7X5P3YFQIr+wPaZdx105Lv2B -E9IIy3yBmWw4y8PTLO7bTqvV21EBWQ9D1sWodJ4MZQH92mwxMy/tD47Yd+9U/xN3 -rx5dQqAX2ucTLlXHM8QmywAOOwDs33QuVm9o4EAFPK9Q1DqcY3O+O5m6h07o4o5d -+UORd070gwEgY5qa4tmX9UUm9DgmEfr2jElNAK6BRPW2kMJLCBVJfR2VmOsVAmnB -oFEcfbatVVgEqPTl13aEC12okwcWLniDOEE0adRlLMOcGU/HTln1DezBmUrz3ddU -FngvdcURIVxWkAKNJ2Doi7b7TofZ9meAgxMjMBjI5zsf3V/WkGmyWosQXRBIZHlX -IYYrZcjm6RBWKHdbV/dA55YDW5KVctdYH9YuUoX1w2vBRbEdt6GoDA8QXU1i4IIy -8la8PH3rZgdyQsLEUHK7mDQB1HUvuGUkkKaStNt8CT2JwG8YW5w2+dNhXRnFSW6J -4dYi8N661X/i6N/TXZTIB/DqqRLGGR+0jpYlqIpaUOaqMujJAP9NMW8IKaCG9aNV -ZJMfx31v5Y5OvXc/AN+wvTm8ORbmFU9cyrBmc3iswmG9ZvHINfWJ62ydbQaVnVAU -83BtSHxUO6DRyxJtJseFJRSD9lHYPMIkmHtcY7+EIHxb+OeQlAAHk9O6YiZHlZSe -nbp7PUkhIhzGmkxsFG7Qe1WmetVOYCmpB/qyYNxZJVL3b4X7ztIlej0XQaPv445X -UmcMHzBaR2HXWSMwbaXNcTD53lxy8HXluiJbehT/R2GOvdrwqBUX2eYqO6nLRyJg -l/CIb4q/QlmLEVam/cyeYUv2MuVP7wiMoYpTt9vn34MdJWSC8a6PYzZI5nXyZJIv -wwD4oFPL7/Xrs+U1aGoSYUkC0A315TqS5FeqtTJRi2JEqZx7xp/OI+fEYOP/2sw6 -wut4De98pPUVUEOfpPiFBGZn8D2yCZqaO9gmNPW3y3iRG9YetB/+u4Th+it5SCAe -bXR2WjclqsMpO1g8ZlWAP130R+1gUN9Mn6znA0vJC8z07CaKLVk+I9NqOkiDfOJe -z+Pb8tltWqRt2IFxa+JBGBXsQitCQXnWHtd7NP0ad1oCkYC6QXtWBJweehXZBink -MOglp2pUovagCCwkYMYVnqXoRcE5DVotmMaA720vR7NuuvYKQ3KLGEkFkdiM06Ju -t00jTyv9t81mSADThCdrKqaYw8WqlcJFlwaq8QFA9N7uY6Ma6S/ehryVzjbHjsnE -K6EDR/eeAV4q57j7WgKVZ2jUgTVTcf+2fPUZWyvX5ojy6LNvTsVZ3z22o+0mv3zr -u9yMSsQXh7LTAeZMP1ti+pf3/s0mvv7zIpqlBw73cGG3OpK88QGYEp0T1oDmq42o -/guDyXzOvIjH/TIIK3jpz5UGoG0dwCgY3wE1TW3z7Tg24CVtT22h9mXLN59GjqQe -YFA+Jsx+A0c6LlnsWV9FgqzBHbYPHmJBYcSFHZcQPFBK9buWZwsOl5arscMSclnp -M8ha3GJr16Oo/BUpN+06ADHl/pueUR0622OIZyYIaEcBPHmDj/fabwR0gHHXTPT3 -/thqBMcSBk2GPQLyRBXl+chAuWlCigx1MlIhGnFk4R2rvmWIsSFxqv2UPRixNbSb -OkEznPlZDnfy/cglb+VOqLNw6xxTuoEthN5TvbR7i9inPEz8F+0lGhXH9ko1KPpT -kjRXAXE0bmWxnwR47CHkjpOgqRQtE5qiTdtpkOIswNaU5HnhJ1b2+ap4+xOJBNwc -l5k6VZ++ZJLHUpP6QMIR0e2TS30jKJSvwcASffLcjponRjAvVIP9DxK3yp2MAout -4GiFVKc+ooECIxI8jkKKI4CMTHaz6nseAC4a5/6r0ZHu15WXfWFh3+OiOyX20AWU -vK2aV1AR4c2o5iDE2LIpY70ocSfmUg82N1dbeJwyYLgPrAfvzJ4MOEm3OfkGxIzi -LqUdjIwgrsn29U9uaj8KcNQ7rT9U2GPOrnUIKqYJy6anzHU6TOOas3bfdQx6th1j -cGs53zSGVoe8b0tQTdudRc0LL1HpbJ7Ok0cxjJQ3cVlnYHcQdHc0AZItYQ8xvU07 -jYMtcDmnZ8sEwAhU8Wip9UZ7mMjMIuBMoPV1WtqFDp6qMPR6WEDYU9Z+OICWx3Nt -UOH73jmwrndHdCkTgo6V8OWLUxj7Ddj2XxIXnOMbryg+BDrsurIn2e8/ZzUmjQrr -jdQsmSUTmpJ5abZbF8y/+evFlcZj+aD+9ANgrObo6UcGXgUC8vTk8nCi9MtR8wV4 -AVaD36ZkAHcBJTlZEklsVN7Tgav4OCiKeMTGUq1cDBnvGJ6gM86AV3thP0vQKPIb -6kO9VC+Fhiy2SgCyzH8Xc63w/9LuukQNj8Sxkwmn+7CFT+oPSxQshxqmePo09lZi -Spo3unHMgPgOsxbg4Mq2yyGHbK2Ugpk8MRdqkUdiMNDJdOQNvJXZcO/dp3Qjywlw -bipOzwDTphbRKu1lDGqZIY9CouESf43tKhquxRbgWTxvqlQwGcA4SbCHetEAPt28 -qXPQq3jQK/AZUT9dXkN+ttwv+FX9UPsxr2x2LBuEXFzlX84JyqBUXxfqePaVaRa/ -ekW9fY9Jc3pXV/MiFqb49kzkJc4XaaEGN/rwFQ0EEenmSzv7+8QFBIOMDGwmM/TR -w4dbu0IK2wIkOV/Ak1liYNkZZ8C1zx/QpAkggnwytMYe6/FJ8/bsvvvPVyXVY+gB -oTNs5CIam7iP7dTwzCLqHrE6EdnR3TmkiVlVACsM4O5RxatMjEf3Yyb0hILgw+zr -umU0X8xr18ouMzB5f+keAG9CHdhWbvvwwsob87mM0su2hrXnZ6ICdoJTft5k3R8r -wbehCvqFJKyyVNKWdggrD7p/Li8UJiNBbZx9izXC00QD5w/onfzARHjeJlX4KjUK -cIfZbnPj2pdzCWwjx+yn3q5k0O1SjjSc+sK2BqnxQoGJ5C5Og3oI8pfUaDVosECY -F6graFVEylFt2gRRUmq2UFCngPm1OJjf13a2WZwbAwT9L4fvkdgII5JjQ9UG2g7P -2go/RroGSXJCVcqkYEFez2WDEPwVwZCctXTMl0WjO2/Ik5bFJKyBjXgEqOMssNR1 -7B4RzzFxV329drXn02tc5S2mPe5Udm2ceXjbJWFNQtHB3SYid5Ie6jEei7OUc7pC -6YgHsUfpxTY+T9BxXrhYGn3RpUO8cEbsPtZPvZzrIxfeAHUAxE9F9eeXibTOyRCL -YSe23yCkMBxWGMHJqWIXsuPKQNFSGL9clPzB0SDzHjY4ESYiBPaHe+coKcoXVGIG -frTKzIvygVN6DATbiXH9FK03SKV8wxyL5IPQ59yIEf+KP6He29LV+5qQ8oNrbyhA -Mu4dPtmkvT2aPanqUW7RV8s3QaV/MaqWLGsM7ilW6lBp/0ubUt+KczwSk9yj7rbw -w0ZCr5GJek7fDEcBCzEpaB8z6y3iEaJo2fL6hhOiE3g/KTy9JBYMelhiI1RF+F4H -LhgyXx/g6DPYPbHvwtyU2n/0c8mASUxCQrKeLJNQoyPK1luZHZgSbU++tRfkujh/ -Fd47dlQyNNAsmDn8hNBF+HEkrLUeTekEK4VvNRzjc625GY+RJHPa9kPYPktztzLL -MCs0kizpFjLg0QekvrcBG0cFOotJ4Ols4HM+FUnnXQ3HBd/OGiDeuxsa0dD6pLq7 -n0y6IP9d0FbpRISFGTbMLXv+ImKd4j69GtPp//y1tdnVrnD2K8tPGUqPYUBU8dAk -zUE0sDYvaublyZwvsG11pvZCiRsGFkyrYqHB955Laby199m4eLwkdGe+JAw+CQQG -jVV4mY5rsGtmAbescHU0/pENNBPQOc8odMDlLLC70KtVpF0EqRemLGIPxHRffvWO -XsvEUIgqxipYH++3nQqmKQoR0FviQr37vaf+23cWL4piiO35mj0wGyAtj81PUrep -ay/FDrqpcznfDJ8JBsjElp5OByW4Ndc3ci4ITzBxrqnkSDes1VO471Na2NVfGbsA -a1PbMdwireCBIjRE4NawZpb206Av2uRx6Jewj+CkR9zeaGHgxywnLo8SJgvnyQiA -BTJ1btl9YZeEjMQfMOqHhklGlbDlUAW6SBqf7tSGZU+ZwIzZZxN0gAIvI3T+lQY4 -Tu1xiSqhDJEMjyd5jO1u4V2sOmclybeT8fXlpvduLtPsbua6v1PYVYPO/PPFcOk7 -a6VXgYDpRqeZimUcxwNFwPO5EAJkH2qj6jadZo/yX2Vhik/ea+foZUsSGVhFefOs -QQ1Y1qaNmyT5ciO2LpHrmX6zhZ1+W1isEi2lNaCOYoMzEXn8Tb43AIDczIQ8HZOJ -TPcy/smRs8B4DzppbA+9uc9hNd8HHhQsXDVxcuYYfyBjdlokCCXBqqsr9muP8AO/ -oh9eeH5uB0qLxlxylCxpbH8wL/6cdKwBDJMKCe8tncudC3y5VA2QNLn8m9FOBBt8 -OQrz3+VKf3Ofb4Cndrsz9yd8MfaOvXgjslcx4XeYHc2Id0I93LFUKQRvoxFTGl8j -kIsgnwLuzVSyDtBYHQdCx70++nMkGjmAGgpyqyWpTJ7pQrKV25g3x2jQRWCDubCs -BMAYyAYjHfK/pxG/kRQz19sS2xsBXsLg03C1FNKj/4UdGTTDH9gxWismtGFNrhN3 -1rI8P8HRF8+6FUczPus/R6WYFtaMXYWTsfSlH7YYxJieEc3nHh/8l009HtIzcb0k -0RevokrYK8EMHHrOYW01StgLzRGUOec07fBQJZ4MNwcexnfikrqaFaamL3Hlm0TO -nRX5Uti2hkUgXPLRYBKKkN28LFKUbxw2jbGkeoUsIq7UUmmUrstjq/Rtw+n+wuD5 -vuJ2KsrU0DtFwzstKOXXDEuMD3bAv02Vy2fhoqrKFzyFxbGRYRZMxt103VtKxNWS -e4euWHba13qaQZUpPbFD6l3zXftv1gVijEkw6QFvCrx+5O6jAPWmFZCsinNxTZ6F -NZ3JOUpF5ip9Y4v286tV/YMTd6H2mLptF+5DRquPsEicW9P0eGv5qbElB5JeavGh -KDKyN6OPO8xlnMtG6oUkql/1u5xRb3CW3VkCVK2yUazwHEvHFahNkeNSj3WSzE4M -WtTUe4Y3SlQdCN6t/djagYXuHLgN/wugF4LujxPeiWx6Pf2GwhFDFSX7ZexahtOy -Pq/JkIkXH18C98V+Vh6JRuYzEk4CxQ8YHxIh9WBMBpia/I3XtaB9+PJVriEfc2Fr -DyDMM2RIHYVbn+7FaltfY6YdJ5G1gPDfXl30m8ZfNlTLmREYSSNYlaP3rajHRTuG -8w+JSAXK1KpaR4YGSLrscx5ESRlxWA8MO9jEKqbBzq72gKlUZHtXOOamGVWeb9/y -Akfj3dwEFiLCollJ0NshjGDPwPf/btTfYl6Hes3KXCd3q+JU7gut22pv2qL+WxB4 -eB4Pm0YRWGDLzeaIXJoXEJCkYapSXSEwPIp/MeLTudcX/LR0yHSzo6fCGvD/+lYH -OX/dWDfg8yEURm87eJQJOgeZywAmPKLV1LdIz758EYiLGDdNb+5FFYUROjxLdW3l -WdVMrB7Dg5ZmmfdEVwwcG0LvQvdCc5+7doqcSbn0/+O50ztXCdFqG5xrHTH1Ac17 -Aj2/LKV5Mwe/2nAhari1/R9bi4oyF6tSk+xRWrXYr0IxB9Ubxu1Bxztp8lfUsgtn -1EToWiwg6pY11mhYq9SnEJ0NJ+y+CLcu5c1MmWBBIeN+oz7t5kHZeklHxesMgMWo -k4BelFt85w1/2bIPxsngUeex2XoG9nPD4bXxh/Ks4p2gOG5d9sYUTAQpcDO33Ww8 -/JwsL+F319V1N82hlzQNH4vup+dGK4t+7+5BVMWv6Q3tVa5fs3UHgIXC1LD3qcqm -/vCLH5q7nx94PuSZ0o/dhQSX8YubCaK4C0MXKhDfqj2mCdWhEOdxYhDv1Tyo5NPQ -pdB8+VGJibdC4YmLM+8HVY/hcRzBtukIR+/ZSpxGLPM3rWuBgSvqmGcmF8AegxOB -7dSHI0u1URJ9kAbzwyeXTikEMpwBHsLWEcWnezEsMLnb0vpYO2+9SXpot08hzWXr -XoVlXXliAaTqh5tY6KukQ8C8KqjQxLyQVWGc6+V2wLzce21dRmkiYwhaolglc92M -SGOmabljv3mm7EGwFZIMqywuZNxOvtQQlFvwNMXPOVEKLAhWQcmTzbYaXnRRUAeD -/VNqhs38G1ql4Yd4TfGgOSSQeW/43kPBg8HN/UEZA8zHiUjqwANmdQLtNEM6EYBz -++FeCn4GwAQtslx0dS7I2NwyG2J1zlLBYYoarElLbSiOaZrHhYzQywtxBtjJbefd -o7qhpERcT8lcBZh/GDu5owHVd+6ahoGEFx2vf8gPoALvhF0o7IR8Tm+Vzq5neF3k -60EAA+6iKRH0IVJiXA50mBrTsgB43KfI62gsPOBD9JKWqkAwyYtxPNd160bOuFjU -dHeJRtugKuZ12lKy5F830lFykde/2KiMr07QJfu8AvKFriEZRqjQBQ/RKawvKYwp -gfCBK0nz8P7pFATix5hSadO5aK63clK4tdKFT9prLYC7ipl1wzakIwIA8DXJrAfX -4YSUN80t6Mpxxk/WkRTHP7J4MsDg3e62Tdt2TA37gZV7o1ZFGGmL+y30uYYm2YXB -yiLDaBf5avR3iGKQseSzf6pdhkQG6DpPJeNqrM9O9wTic/c0+rsJ5/R0RTPkEBTl -MjRlNhz2XCvXU/VyeLW/kN2a6aLnzeRiDxfEwYMMObQWEbzeD8wTDJFCSPUiOAga -qiYFZJSGH3EwB4ZMIZXuWvZn4OZ7DIy2evPWCqbKtvSjtmjsOt/h2R+G9jH2Baer -WmCRDdlfsEAxvQs11hRCl2mQgLC3gSLuBhxs4gsCgVj8w5hehZbfnv4UGmnXSAl4 -n+8RQCp+r2SMAk3wr40JQo/r8hOHfKGBYEoJnHii91tEZ1w7ivrQe8EvAdspycfp -hUAobLIh29p/lyPDuBSG66NEv+8R4hwoWvcdowYqd3bHhXuZqTL6JpZGGe8t3uSm -R10rqoV0zmexzc84MvB43tf8cKN9z9mMuD3wTko6CYLYPavVYcVBp75E4y/GSMoF -LALn3K/cQazDD87Ryz3aWD8RwgerjcXrNzOrm82aBmCm2kjRh1jtWLXv/SzKhFvq -qbxc04TAWT7kTLWviQ7D5fIvJ0LNt2VZlzgBBLj5qU6jgoIlIPbHS9ME364UnGFv -uPutPHmbPdBmzLFCemRC4tBHgAcARLaBuY2HOVzJ5V5i3R6bpqd5czn8FbA9NXAD -6o1vD5/fdNqEyFtFw+YFKW4szu1Qserl1vdCoUxoabjIJmhX/VFYnrtBUzDWUWX5 -I2gEZBvEY4VlBDlfjz/wSsMQ0aT3p2gQ0IWf1KE4gYNFawOwwArOqX6rUo8aL9nv -UrZsRXuVqoptqEAb7IG52RKFMdlC8tn4SCOPuk1kpvusC2Use/zEJNYvaTWP+If/ -jSRbz1UTd8D8TW6GxDsRkBSZBgjRPxAZe88nC/CG6h7/FstiExQUnJ5U4GPJSbJY -Cc8sSCfc33ihfWu8U1XQ2zO9aMdNMoZJam5LLNvvMDYNznM80L7xRwC03VpIlPCL -kneBWLhb/1nfjcjK/RfVR76c4swNn6Q7DY3Xk6ONZg6E+N621z7mZ5Txw1Z0ZNON -WAmB89OD1d4OUEsI2EN96Bh17USG+kFbqTqKLkULjn2j0d5QWDkdAKuKZOdBg1Zj -Tz3EWtYWD/pmobqJModnuXRGWFdFqMctn0s8x2hZB40t96Tg+jC1m6NsIf/nQOnX -55HZ5sXXPjX77vJ8GZoNkA+wptB1tqhdIDvmx8TWtsWIzJq3IXQmw2bntOCdeBZt -I48N068AOFITBajkS1tW1nOzyfubdu7ZAJZdkdqhDygMJ6rASXEUqXfNYgB+4Exb -wwJu5g1e0nubFf6QxSvITOAJSkS6sYa3iWRv8TOIc7ujR4WhCCuNoBhMd+AaED1U -rTI6o3bjs7lQNHO/jieYrU1klm0sWeXEUAEn+9Z8hE5ZdWWldJPGYubJbQ1mSyxQ -krTSV3rHSgAO50UeNOL0upuiQV7R80fLjx/NS4zkNRXHQf+F5VbKJJpr9N3EZdpX -CtrBN+yUGvoI17+8gT326OUEV4J6xRJYBxEDt28Qev1wDfsHxSak4tM51yBWpPZz -/Q4gYXV6A+w9Bzdj2gmENptsvZgTK1hcyjqfxTDu+vI1OSbvVU8/iUiozKsDnoiv -dPpaWUIbX1CyAC83FoyPUUodxRavhBItvi3OegKntiM2i6kbjrHO6cc8iSddhJ+D -NcdCCAZKKxEfpruC5v4buaKAeN/XSjmrDCEREWCmY1EveM076Xa4mv8/w5yRteq8 -mTCOyC4+eKEySTvEJW5xY9JG9ZrMUrtqNfzPMFMzY5Il9m8pYBnQcAFeyx176Pzp -aj0f15/atYi84vfNrIc5kQCFXh/el7QejOOXDCVeVnaPD/9usng4CZfE9N+9ZIJh -IXGk5by7moNfZ78bP4twOKejJvy/m1UGW+cl3Jq67XY7xADu1uM+JG8U1rPQisMY -1YAI/aWqrjCStn3F9pOuW4DfYW+1BEKq6tTCDFaWiLl7QGUXAfpXy/CM/UuY012g -qF4tMgMirRh2dosb1stmOIvmai/bIRxUuyhze1RcRnwUB46qSLal4XxsxPeAKDtc -Nl4d2Y5EAFH6vA9y2kOegtJquKT/Xb5ZfGQpNxJg3fUiv43o+4NlJEp0z11C57jU -Y69LXjxkpQbPl9fzMIJS1gXAvtrw8V3pRcM0l1Smu9lBxUYymIx/zDZFr95a9N4D -ZfhRK2eRbxMn2TfLRsELHZuRtjW0Ssw41OKdQGaLDBntvqKgmLFlhGolvb4UeDa3 -yHC7jXirlAR5rCXGGfRxd4+hF+lw64tpEBhfSFD3fQkoGP0b9mGQJYFNcsxo89Yi -XCeBNQM0m0yFewx6KquslkIrU1VbQ4iUkAniTE1KBcFQKeB01OofwO4rRG4qS+tD -QntBIxN0XYoyD+P0XlfXdBa5cB3AKIdHA568SxTjjMzlf8Zm66WhpE41gRf34g0Z -i8cKe7vo86Dp3HkYStFuo0L3c5UGwPjkn9lqzzW/hraJMSgFU7tHz2GjQKbKY/3i -5nltn4R3u1KwE7L1DDhyvIRCk3JnwHNE8wVxY5KU6uFLpl2RkTaXdvdJdF6Jul52 -oCA7iMktvBx+T+eRflSqCahL ------END AGE ENCRYPTED FILE----- diff --git a/system/secrets/taskserver/systemd_tmpfiles.age b/system/secrets/taskserver/systemd_tmpfiles.age deleted file mode 100644 index 9ddb060..0000000 --- a/system/secrets/taskserver/systemd_tmpfiles.age +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2dFg3YmpPeGVxTUoyREF3 -eWhObFJlTVh6K0pyZ3hBUWtNcXgvQ2NIZDJRCkI5K1JCM0VaazJjRmJ3Y0huZHY0 -eGhxOExlM2dqSGxPVlZKak9aQ2NrOG8KLT4gWDI1NTE5IGg5OW1FZ3pKeDBraDcx -MnN0UHBmdldVeDlmK1BoYVc2TUFNNytObmlSanMKUVcxcTRVMHFaenY3UEtkVkRN -VGZ1eVh2UDBqZXJtWkplcnpQQVV5dmFSRQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -RnRMVXB2aVpkL2VTZ21wb3h4SHFhbFJqV2pKcWVQRGJ3RDJBYWZ2RkkxZwpVcnNr -WVlXQ21Nc2NaUm5QbFhxWmticDE5ZmRmS0VRS0VScm9tUGs1N2lNCi0+IEdwPStW -TVd3LWdyZWFzZSBIciBIdnBbTjI1ClUyeTNTVWhFR2VuSjN5UVpBNDZzclVySUkx -L1NCUTZjMXU3YVlOVk05bFp6YjVFCi0tLSAyeGR3V29DNGszQ0IxU0wyOUxGYmM1 -U0xnTGI5a1pVWFR3THNNRHJOMXNrCh1RrcjPUulX7f1xrZUGoMobWnN6WovrgmeY -FoTo7+JkSedoCKkaDOyP25r4SJe7yUaLrVDUv+gf0KEi2+Bvfh4BIM2N/UsyMmOU -WiFh6UkhQLsePAtfIOd7yl7cDr3adVniulgRSryS1+WDY194BvEtEE/GIbhxAfUz -0Ef90Gp2uOHi3e3dVfy3/0d51Tci3KgWXcMCOe10i+sgnI59OVh6JAT4eykpfESJ -YgBnY45Us80JK1P2lTk8gkHTdvURe2PF4jm/a21XUvXdM7hBN4naSPK7v54at2MQ -xF5C1g== ------END AGE ENCRYPTED FILE----- diff --git a/system/services/default.nix b/system/services/default.nix deleted file mode 100644 index db7ca4f..0000000 --- a/system/services/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{...}: { - imports = [ - ./invidious - ./invidious-router - ./mail - ./mastodon - ./matrix - ./minecraft - ./miniflux - ./murmur - ./nix - ./restic - ./taskserver - ]; -} diff --git a/system/services/invidious-router/default.nix b/system/services/invidious-router/default.nix deleted file mode 100644 index 8829d3b..0000000 --- a/system/services/invidious-router/default.nix +++ /dev/null @@ -1,51 +0,0 @@ -{pkgsUnstable, ...}: { - services.invidious-router = { - enable = true; - package = pkgsUnstable.invidious-router; - settings = { - app = { - listen = "127.0.0.1:8050"; - enable_youtube_fallback = false; - reload_instance_list_interval = "60s"; - not_available_message = '' - No available invidious instance found! - [link]View this video on YouTube[/link], a proprietary - platform that collects and uses your data without respecting - your privacy. - ''; - }; - api = { - enabled = true; - url = "https://api.invidious.io/instances.json"; - filter_regions = false; - allowed_regions = [ - "AT" - "DE" - "CH" - ]; - }; - healthcheck = { - path = "/watch?v=uSvJaYxRoB4"; - allowed_status_codes = [ - 200 - ]; - timeout = "1s"; - interval = "10s"; - filter_by_response_time = { - enabled = true; - qty_of_top_results = 4; - }; - minimum_ratio = 0.2; - remove_no_ratio = false; - text_not_present = "YouTube is currently trying to block Invidious instances"; - }; - }; - nginx = { - enable = true; - domain = "invidious-router.sils.li"; - extraDomains = [ - "video.fosswelt.org" - ]; - }; - }; -} diff --git a/system/services/invidious/default.nix b/system/services/invidious/default.nix deleted file mode 100644 index 6c587b3..0000000 --- a/system/services/invidious/default.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: let - cfg = config.services.invidious; -in { - services.invidious = { - enable = true; - database = { - createLocally = true; - }; - domain = "invidious.vhack.eu"; - nginx.enable = true; - extraSettingsFile = "$CREDENTIALS_DIRECTORY/hmac"; - - settings = { - check_tables = true; - db = { - dbname = "invidious"; - user = "invidious"; - }; - }; - }; - systemd.services.invidious.serviceConfig = { - LoadCredential = "hmac:${config.age.secrets.invidiousHmac.path}"; - - ExecStart = let - # taken from the invidious module - settingsFormat = pkgs.formats.json {}; - settingsFile = settingsFormat.generate "invidious-settings" cfg.settings; - - jqFilter = - "." - + lib.optionalString (cfg.database.host != null) "[0].db.password = \"'\"'\"$(cat ${lib.escapeShellArg cfg.database.passwordFile})\"'\"'\"" - + " | .[0]" - + lib.optionalString (cfg.extraSettingsFile != null) " * .[1]"; - - # don't escape extraSettingsFile, to allow variable substitution - jqFiles = - settingsFile - + lib.optionalString (cfg.extraSettingsFile != null) " \"${cfg.extraSettingsFile}\""; - in - lib.mkForce (pkgs.writeScript "start-invidious" '' - #! ${pkgs.dash}/bin/dash - - export INVIDIOUS_CONFIG="$(${pkgs.jq}/bin/jq -s "${jqFilter}" ${jqFiles})" - exec ${cfg.package}/bin/invidious - ''); - }; -} diff --git a/system/services/mail/default.nix b/system/services/mail/default.nix deleted file mode 100644 index c69e6bd..0000000 --- a/system/services/mail/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{lib, ...}: let - all_admins = [ - "sils@vhack.eu" - "soispha@vhack.eu" - "nightingale@vhack.eu" - ]; - users = import ./users.nix {}; -in { - imports = [ - ./impermanence.nix - ]; - - mailserver = - lib.recursiveUpdate { - enable = true; - fqdn = "server1.vhack.eu"; - - useFsLayout = true; - - extraVirtualAliases = { - "abuse@vhack.eu" = all_admins; - "postmaster@vhack.eu" = all_admins; - "admin@vhack.eu" = all_admins; - }; - - mailDirectory = "/var/lib/mail/vmail"; - dkimKeyDirectory = "/var/lib/mail/dkim"; - sieveDirectory = "/var/lib/mail/sieve"; - backup.snapshotRoot = "/var/lib/mail/backup"; - - enableImap = false; - enableImapSsl = true; - enablePop3 = false; - enablePop3Ssl = true; - # SMTP - enableSubmission = false; - enableSubmissionSsl = true; - openFirewall = true; - - keyFile = "/var/lib/acme/server1.vhack.eu/key.pem"; - certificateScheme = "acme"; - certificateFile = "/var/lib/acme/server1.vhack.eu/fullchain.pem"; - } - users; -} diff --git a/system/services/mail/impermanence.nix b/system/services/mail/impermanence.nix deleted file mode 100644 index 22a5318..0000000 --- a/system/services/mail/impermanence.nix +++ /dev/null @@ -1,46 +0,0 @@ -{...}: { - vhack.persist.directories = [ - { - directory = "/var/lib/mail/backup"; - user = "virtualMail"; - group = "virtualMail"; - mode = "0700"; - } - { - directory = "/var/lib/mail/sieve"; - user = "virtualMail"; - group = "virtualMail"; - mode = "0700"; - } - { - directory = "/var/lib/mail/vmail"; - user = "virtualMail"; - group = "virtualMail"; - mode = "0700"; - } - { - directory = "/var/lib/mail/dkim"; - user = "opendkim"; - group = "opendkim"; - mode = "0700"; - } - { - directory = "/var/lib/postfix/data"; - user = "postfix"; - group = "postfix"; - mode = "0700"; - } - { - directory = "/var/lib/postfix/queue"; - user = "postfix"; - group = "postfix"; - mode = "0700"; - } - { - directory = "/var/lib/rspamd"; - user = "rspamd"; - group = "rspamd"; - mode = "0700"; - } - ]; -} diff --git a/system/services/mail/users.nix b/system/services/mail/users.nix deleted file mode 100644 index 0bae1a7..0000000 --- a/system/services/mail/users.nix +++ /dev/null @@ -1,52 +0,0 @@ -{...}: { - domains = [ - "vhack.eu" - - "s-schoeffel.de" - "b-peetz.de" - - "sils.li" - "nightingale.sils.li" - "sils.sils.li" - ]; - - loginAccounts = { - "sils@vhack.eu" = { - hashedPassword = "$2b$05$RW/Svgk7iGxvP5W7ZwUZ1e.a3fj4fteevb2MtfFYYD0d1DQ17y9Fm"; - }; - "soispha@vhack.eu" = { - hashedPassword = "$2b$05$XX36sJuHNbTFvi8DFldscOeQBHahluSkiUqD9QGzQaET7NJusSuQW"; - }; - - "benedikt.peetz@b-peetz.de" = { - hashedPassword = "$2b$05$MfET8utot2OolPZNASqoDe4VXNoG2chnEWhdfQ2E92mit0TvI2gBy"; - aliases = ["@b-peetz.de"]; - }; - "silas.schoeffel@s-schoeffel.de" = { - hashedPassword = "$2b$05$Qb8rl7ncpCcTbsSdsduJBuOITp8RTD6sfOTjuxJsVtD9vjAYY9n8e"; - aliases = ["@s-schoeffel.de"]; - }; - - "nightingale@vhack.eu" = { - hashedPassword = "$2b$05$nDKVVq1EktKXWqGFhnOLP.plLovXFyvWSuptK9GIkxA5DScKFx6YS"; - aliases = [ - "@nightingale.sils.li" - ]; - }; - "sils@sils.li" = { - hashedPassword = "$2b$05$Ebzh2ZhuWkz1p4tqJ172IejNZg10FtCxPDY4k6umYrpirXg7ezIRq"; - aliases = [ - "@sils.sils.li" - "@sils.li" - ]; - }; - - # Mail-Account used by hosted software - "mastodon@vhack.eu" = { - hashedPassword = "$2b$05$pSby3x2p3cHg0FyAE8IiJ.nYUqtAIR10JA8HNpHwMAiLXqc.ltSK."; - }; - "peertube@vhack.eu" = { - hashedPassword = "$y$j9T$hyWQ8Awd2Xrc6qsK.2hwE1$LxACfaeW.yHGbkQL95dWtID9.zXL/aMwT6lp.yU/0g0"; - }; - }; -} diff --git a/system/services/mastodon/default.nix b/system/services/mastodon/default.nix deleted file mode 100644 index 15b8609..0000000 --- a/system/services/mastodon/default.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ - config, - pkgs, - ... -}: let - emailAddress = "mastodon@vhack.eu"; - applyPatches = pkg: - pkg.overrideAttrs (attrs: { - patches = (attrs.patches or []) ++ [./patches/0001-feat-treewide-Increase-character-limit-to-5000-in-me.patch]; - }); -in { - vhack.persist.directories = [ - { - directory = "/var/lib/mastodon"; - user = "mastodon"; - group = "mastodon"; - mode = "0700"; - } - ]; - - services.mastodon = { - enable = true; - - package = applyPatches pkgs.mastodon; - - # Unstable Mastodon package, used if - # security updates aren't backported. - #package = applyPatches pkgs-unstable.mastodon; - - localDomain = "vhack.eu"; - smtp = { - authenticate = true; - createLocally = false; - fromAddress = emailAddress; - user = emailAddress; - host = "server1.vhack.eu"; - passwordFile = config.age.secrets.mastodonMail.path; - }; - streamingProcesses = 5; # Number of Cores - 1 - extraConfig = { - WEB_DOMAIN = "mastodon.vhack.eu"; - EMAIL_DOMAIN_ALLOWLIST = "vhack.eu|sils.li"; - }; - }; - - services.nginx = { - enable = true; - recommendedProxySettings = true; # required for redirections to work - virtualHosts = { - ${config.services.mastodon.extraConfig.WEB_DOMAIN} = { - root = "${config.services.mastodon.package}/public/"; - # mastodon only supports https, but you can override this if you offload tls elsewhere. - forceSSL = true; - enableACME = true; - - locations = { - "/system/".alias = "/var/lib/mastodon/public-system/"; - "/".tryFiles = "$uri @proxy"; - "@proxy" = { - proxyPass = "http://unix:/run/mastodon-web/web.socket"; - proxyWebsockets = true; - }; - "/api/v1/streaming/" = { - proxyPass = "http://unix:/run/mastodon-streaming/streaming.socket"; - proxyWebsockets = true; - }; - }; - }; - - "vhack.eu" = { - locations."/.well-known/webfinger".return = "301 https://${config.services.mastodon.extraConfig.WEB_DOMAIN}$request_uri"; - }; - }; - }; - - users.groups.${config.services.mastodon.group}.members = [ - config.services.nginx.user - ]; -} diff --git a/system/services/matrix/default.nix b/system/services/matrix/default.nix deleted file mode 100644 index 043d9c0..0000000 --- a/system/services/matrix/default.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ - config, - pkgs, - ... -}: let - fqdn = "matrix.vhack.eu"; - clientConfig."m.homeserver".base_url = "https://${fqdn}"; - serverConfig."m.server" = "${fqdn}:443"; - mkWellKnown = data: '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON data}'; - ''; -in { - networking.firewall.allowedTCPPorts = [80 443]; - - vhack.persist.directories = [ - { - directory = "/var/lib/matrix"; - user = "matrix-synapse"; - group = "matrix-synapse"; - mode = "0700"; - } - { - directory = "/var/lib/mautrix-whatsapp"; - user = "mautrix-whatsapp"; - group = "matrix-synapse"; - mode = "0750"; - } - ]; - systemd.tmpfiles.rules = [ - "d /etc/matrix 0755 matrix-synapse matrix-synapse" - ]; - - services = { - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - --Matrix: - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - - --Whatsapp-bridge: - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - - nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { - "/.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; - "/.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - }; - }; - "matrix.vhack.eu" = { - enableACME = true; - forceSSL = true; - locations = { - "/".return = "404"; - "/_matrix".proxyPass = "http://[::1]:8008"; - "/_synapse/client".proxyPass = "http://[::1]:8008"; - }; - }; - }; - }; - - mautrix-whatsapp = { - # FIXME(@bpeetz): This was disabled because `mautrix-whatsapp` dependends on libolm. - # Re-enable it, when this has changed. <2024-09-06> - enable = false; - settings = { - appservice = { - database = { - type = "postgres"; - uri = "postgres:///mautrix-whatsapp?host=/run/postgresql"; - }; - whatsapp = { - # TODO: See https://github.com/tulir/whatsmeow/blob/efc632c008604016ddde63bfcfca8de4e5304da9/binary/proto/def.proto#L43-L64 for a list. - # This also determines the WhatsApp icon - browser_name = "unknown"; - }; - }; - homeserver.address = "https://matrix.vhack.eu"; - bridge.permissions = { - "@soispha:vhack.eu" = "admin"; - "@sils:vhack.eu" = "admin"; - "@nightingale:vhack.eu" = "admin"; - }; - }; - }; - - matrix-synapse = { - enable = true; - dataDir = "/var/lib/matrix"; - configFile = "/etc/matrix/matrix.conf"; - settings = { - media_store_path = "/var/lib/matrix/media_store"; - registration_shared_secret_path = "${config.age.secrets.matrix-synapse_registration_shared_secret.path}"; - server_name = "vhack.eu"; - listeners = [ - { - port = 8008; - bind_addresses = ["::1"]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = true; - } - ]; - } - ]; - }; - }; - }; -} diff --git a/system/services/minecraft/default.nix b/system/services/minecraft/default.nix deleted file mode 100644 index 9bc98b9..0000000 --- a/system/services/minecraft/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{lib, ...}: { - vhack.persist.directories = [ - { - directory = "/var/lib/minecraft"; - user = "minecraft"; - group = "minecraft"; - mode = "0700"; - } - ]; - - nixpkgs.config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "minecraft-server" - ]; - services.minecraft-server = { - enable = true; - declarative = true; - eula = true; - dataDir = "/var/lib/minecraft"; - openFirewall = true; - jvmOpts = "-Xmx8192M -Xms8192M"; - whitelist = { - ShadyCraft = "7995eea5-b648-41c4-9b0f-7fc082565952"; - Nightingale768 = "1125d077-6709-44b2-9be0-587aec772e7a"; - Sirius_Black123 = "f5f66fc5-f287-434e-a03f-2480f998e76f"; - DerDaHalt = "09c72cb7-cab9-444f-af55-616fcf93822c"; - }; - serverProperties = { - player-idle-timeout = 30; - white-list = true; - difficulty = 3; - gamemode = "survival"; - enforce-whitelist = true; - simulation-distance = 10; - }; - }; -} diff --git a/system/services/miniflux/default.nix b/system/services/miniflux/default.nix deleted file mode 100644 index 9a0f2bc..0000000 --- a/system/services/miniflux/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{config, ...}: { - services.miniflux = { - enable = true; - config = { - LISTEN_ADDR = "127.0.0.1:5892"; - }; - adminCredentialsFile = config.age.secrets.minifluxAdmin.path; - }; - - services.nginx = { - enable = true; - virtualHosts."miniflux.vhack.eu" = { - locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}"; - - enableACME = true; - forceSSL = true; - serverAliases = [ - "rss.vhack.eu" - ]; - }; - }; -} diff --git a/system/services/murmur/default.nix b/system/services/murmur/default.nix deleted file mode 100644 index dec79ba..0000000 --- a/system/services/murmur/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{...}: let - murmurStore = "/var/lib/murmur"; -in { - vhack.persist.directories = [ - { - directory = "/var/lib/murmur"; - user = "murmur"; - group = "murmur"; - mode = "0700"; - } - ]; - - services.murmur = { - enable = true; - openFirewall = true; - welcometext = '' - <b>You never get a second chance to make a first impression</b><br> - - The entire team of [name of the company] is thrilled to welcome you on board. We hope you’ll do some amazing work here! - ''; - sslKey = "${murmurStore}/key.pem"; - sslCert = "${murmurStore}/fullchain.pem"; - - registerUrl = "vhack.eu"; - registerName = "vhack"; - registerHostname = "mumble.vhack.eu"; - hostName = "mumble.vhack.eu"; - clientCertRequired = true; - bandwidth = 7200000; - }; - - security.acme.certs.murmur = { - domain = "mumble.vhack.eu"; - postRun = - /* - bash - */ - '' - set -x - rm "${murmurStore}/key.pem" - rm "${murmurStore}/fullchain.pem" - - cp key.pem "${murmurStore}"; - cp fullchain.pem "${murmurStore}"; - - chown murmur:murmur "${murmurStore}/key.pem" - chown murmur:murmur "${murmurStore}/fullchain.pem" - ''; - }; -} diff --git a/system/services/nix/default.nix b/system/services/nix/default.nix deleted file mode 100644 index 13be0f0..0000000 --- a/system/services/nix/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: { - nix = { - # gc = { - # automatic = true; - # dates = "daily"; - # options = "--delete-older-than 3"; - # }; - settings = { - auto-optimise-store = true; - experimental-features = ["nix-command" "flakes"]; - trusted-users = [ - "root" - "nixremote" - "@wheel" - ]; - }; - }; -} diff --git a/system/services/restic/default.nix b/system/services/restic/default.nix deleted file mode 100644 index cfeaca3..0000000 --- a/system/services/restic/default.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ - config, - pkgs, - ... -}: { - services.restic.backups = let - snapshots = "/srv/snapshots"; - boxUser = "u384702-sub2"; - postgresUser = "postgres"; - in { - storagebox = { - initialize = true; - backupPrepareCommand = '' - ${pkgs.sudo}/bin/sudo -u ${postgresUser} ${pkgs.postgresql}/bin/pg_dumpall --clean --if-exists --quote-all-identifiers > /srv/db_backup.sql - - [ -d /srv/snapshots ] || ${pkgs.btrfs-progs}/bin/btrfs subvolume create /srv/snapshots; - [ -d /srv/snapshots/srv ] && ${pkgs.btrfs-progs}/bin/btrfs subvolume delete /srv/snapshots/srv; - ${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r /srv /srv/snapshots/srv; - - # dump() { - # # compression: - # # pg_dump -F t -v "$1" | xz -z -9 -e -T0 > "db_$1.tar.xz" - # pg_dump -v "$1" > "db_$1.tar.xz" - # } - # # List all databases, and dump each of them in its own file - # # psql --list --csv | while read -r line; do echo "$line" | grep ','; done | while IFS=, read -r name _; do echo "$name"; done | sed '1d' | while read -r db_name; do dump "$db_name"; done - ''; - paths = [ - snapshots - ]; - exclude = [ - ".snapshots" - "/var/lib/postgresql" # included in the db dump - ]; - extraBackupArgs = [ - "--verbose" # spam log - ]; - passwordFile = config.age.secrets.resticpass.path; - extraOptions = [ - "rclone.program='ssh -p 23 ${boxUser}@${boxUser}.your-storagebox.de -i ${config.age.secrets.resticssh.path}'" - ]; - repository = "rclone: "; # There is only one repository served - timerConfig = { - Requires = "network-online.target"; - OnCalendar = "daily"; - Persistent = true; - }; - }; - }; -} diff --git a/system/services/taskserver/certs/README.md b/system/services/taskserver/certs/README.md deleted file mode 100644 index 8ff0e44..0000000 --- a/system/services/taskserver/certs/README.md +++ /dev/null @@ -1,42 +0,0 @@ -> This is taken from: https://github.com/GothenburgBitFactory/taskserver/blob/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki/README - -PKI is a complex subject. These scripts and this description are not intended -to be a complete and accurate example of PKI. - -Ideally you would purchase a server cert signed by a known CA, such as one of -the following: - -- Symantec -- Comodo -- GoDaddy -- GlobalSign -- (Let's Encrypt) - -That cert would need the 'encryption_key' and 'signing_key' attributes. -Using that server cert, you would then issue a server CRL and client keys. - -If you are developing, testing, or running your own private server, you may -choose instead to generate the above yourself. In this case you would generate -a CA key and cert, then use that to generate a server key, cert, and CRL. Then -you would use the server key and cert to create a client key and cert. But as -there is no trusted CA in this example, just yourself, the resultant client key -and cert will not be trusted by anyone, for good reasons. - -Note, you can inspect any cert with the command: - -``` -$ gnutls-certtool -i --infile $CERT -``` - -There is a 'generate' script here that will perform the above steps. Take a -look at it to see the individual steps it takes to generate the proper set of -keys and certs. - -Note that you need to modify the 'vars' file to provide your own identity and -chosen parameters. - -Validate a certificate with: - -``` -$ gnutls-certtool --verify --infile client.cert.pem --load-ca-certificate ca.cert.pem -``` diff --git a/system/services/taskserver/certs/ca.cert.pem b/system/services/taskserver/certs/ca.cert.pem deleted file mode 100644 index 76c0435..0000000 --- a/system/services/taskserver/certs/ca.cert.pem +++ /dev/null @@ -1,83 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIJPDCCBSSgAwIBAgIULsm+i5JWHG1LDMw4/OaUA1yiNGcwDQYJKoZIhvcNAQEM -BQAwPjELMAkGA1UEBhMCRVUxDjAMBgNVBAoTBVZoYWNrMR8wHQYDVQQDExZ0YXNr -c2VydmVyLnZoYWNrLmV1IENBMB4XDTI0MTAwNTE5MTA0NloXDTI1MTAwNTE5MTA0 -NlowPjELMAkGA1UEBhMCRVUxDjAMBgNVBAoTBVZoYWNrMR8wHQYDVQQDExZ0YXNr -c2VydmVyLnZoYWNrLmV1IENBMIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKC -BAEAvqK+cCSMRS4QXagPcIHHkdc2mr7DLqqvDSisybD6CFJYH+7YgDP/reqLRCpL -3J1VmBYlthK6EzsGf7v/rdkgoMEL9pLTgguNS8FWIHybn9X/diYX/hp6CGV4hfn1 -eJFjV78o9dWAFwWrZzGDOW/lbXnqaB+EFbbV/R+lNxwwSXWpxyRjygYVJhiKX5Pt -u1eN10MPOuX6afdaduag383rHXe6wcOOF+Af+F2mZmvdySBAkjHaL+VvS3ounj8q -PSC/HoYzDWa4fHnhcgfLJq2ngmLnSQFtDDTq3xd/MBVk17qExD6efIrcGoLSG/L9 -CQJaV/DdfdZwCNNnGz2nm+Whx3MIvlI2cWBM2jxFsfPEiNqPWyaBOBN6JVnE4Xfd -odfzAvgRPDipansnFvwbYbfmq/sUQbN21tYYpi28EPQMGNkJ5XYf21wLCSo2QCLe -n8KttXKp2dBi9ykFKRpVUVxalIunco1lBxccXILz0aRILdcoTMCyOAiAZ11QJ+Ij -vV+gLyBzq2+IMBflsWx0BWZ+yXQJbmMkxJ+wkc26oNG6ZcklckZYkbKKLqmVo2wc -UW+NODIuwcaKQrqXqzxM/pFuW0eeBKymMg77u7NN3mkUI5sx9F3djQ6RuFFI5KYM -AGlQB1dlFyj9qtMrqNLi7GSnTCSbeoJq6Tl1NEKELbjIYvAUIYA5O0rAZHMWqNog -30IaAL8GZaTf4l78ueJeIdGve1Zl+FXka+Clj0d/B4pVqkIu7/pk4Vldc/Bzm5mm -JIReQZz6NRn8m0szAmeK9ucxx6jzshXnRQrVBUntYYWZzCWQgHjNPF3vXdFrfZgl -ar/0whmRap7uM7TiMSHRgJjPd7iG27RKXd3dRr51KYaeHSjhnK/26oelBIQDVA6V -nK69GpD2AFkWpgkUfqD89rLBOxWxdKZgC6ucTtmprwg5pRkfRCgV32fzJkBAoMkN -erg8uQGjT/EnTSxEK72XK2MRDpUpKZvB2GoG69dOYs1L9mtIbxgdexeBlw2UNF1l -JDlPQUEmlY/QptWCro7H0HcdP/iXCadTZcxIf+ln0cfMwlVYgTn+4NWWvRNskWx2 -c8RqynsrjM/7PIuWltVizlcAp7WIQtbBHcTs9lNBRSQrtxEaSuLoZ2cLiw9qBN7j -2goLCEKvRI/KqsVj9/NirMpVg4g3t/ZQSEh56w6seKPynzEF1KKdA+2tCzwuSmDs -UT0hHpzepoTXJoix/eRWl4yVsUD1zz1HdL+WJL0vWNZax92Q1afq5icjtEty4/Ng -Ek35dWGQI21usyVHKH+jsFFioj+3pm5jPUb7tCZ/sptYlXOL6MtSWmpOzMqjiDQK -pZizY/mseUHQOyz9MBdZ3Vv8GQIDAQABozIwMDAPBgNVHRMBAf8EBTADAQH/MB0G -A1UdDgQWBBQiVaWbtkt9aYDBbPhXAGtpi6HxAzANBgkqhkiG9w0BAQwFAAOCBAEA -hCfUJVB75LF+z0A02vdfg0aQGHokLVejqFkCZ8kZvDNC7kkRepO0EkYO7YMYxHX6 -R+IU4mtiSq7ubtgLuGcQmz/Q9UbxUxX/bIZ5tP5lNOZZqoZ4xqfj/ROMtT5xo5c0 -2ZUXWOBTtqLEzOIaPxjvjW8WU0sVPrjeC1il4dTSNRQZdTFj6nJXmebBG3FWakEi -l8Nzx85DFqtyMdfyCaJPzwDSsYJx6a15wLX3nLzHNln4E5skzYgV9qxdqDBDsi99 -h4SYaktETciTxnkVLKNyILfA5DjN6uacU3a79KCrwhQmMze6P3cXl06gFGIl2HBM -CQ5zrz5bIfG7Msi98Qj0FAOfRDF4Qx1UrwMp727Vlj2oL2MmZXfVS7dLYT6bi2z0 -xf74Z4mTitETXWhLayfJuuoNBSC8dmlsLOUVgtppoy8eqze6S0JDIjLl04aHg9ja -yE9WQI8nq9pMEAF7O63Od7lfIsvEmAcbjU1GCHmzCf8qedvmEXhgpuCNFGtNgxKh -V1Wc0WMKh1ql3ETsK37+c2gJu2hTHX7LTS/mkMtEkEQcruDAppwDfkX+gSrPDRvG -riGmk4AttTmK7PvesVI9riXfw0iAo/ydsUckqanntiX9uZvQWsClHVamR8wjL3JK -PMErm6/SrAelH0vLCQkYm2NSFApX6GBDSmvbKSZvmqutnApDUKcu+36GFZHqC+Wz -gIQzhvOL4AO2jyPRRByscNyWc5Zu5yN78x7UKfwxLOMnRK1ZxZ18N0OdAmmDXN6e -TBYoCoenjaqIYbtFUMSqOJEW+nAZbTINO4Sf/ouPg+kBg/uDKvGUbKP29GnhQL2o -PFwvBBYlXqn9AuPiXwCUUinBYR260rzuzfKyP6HmXOaxMOJxU3jM38+3vDpC5Kb0 -MMY6+lYo42/rGeRMvkm+aM1zZcPHAIgZ6M/LaUrrLTX5zLqsNfx5gUddEfqRrZTK -Z4ivJwqTrI/e1iZ/grLUjHWPV/PflBOQc7NmPdvEv3uRampRPfBwtC1KMae/Y6se -hx9TbJQGdoK90dCe9LzdUHEdGyZT5cKDSCd9ffmWwORbN8+xqRFZ8/tRyxgSA58Z -MSTmqkNM+udO/Zn2oOmAwpXhrwc75ezGXvwNH3YMdyVDqZrlfLgv7KMyhuhOnP1z -T8+ZgLOfy8hxeZwObL821lAIhKxQux0LQFYoYrOUmP9kDw+gRg1AnIi3n8Tgeisk -DmIYgmB/9vgEDqBO9vhcg/qdevhjkfeiOfKRdpxpg9mCh57hHfM1CHq5ulFttbwc -JjT/BiQzCmzJPXAlRuxVPHCaF1qyp6Pf4seLRy0qyWyOWVxVx2BKKGV7cX/IUbXV -53Nn1zkqWwd9Ws9D7zQwog== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- diff --git a/system/services/taskserver/certs/ca.key.pem.gpg b/system/services/taskserver/certs/ca.key.pem.gpg deleted file mode 100644 index 8abd59a..0000000 --- a/system/services/taskserver/certs/ca.key.pem.gpg +++ /dev/null Binary files differdiff --git a/system/services/taskserver/certs/check_expire b/system/services/taskserver/certs/check_expire deleted file mode 100755 index 39f3291..0000000 --- a/system/services/taskserver/certs/check_expire +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env nix -#! nix shell nixpkgs#openssl nixpkgs#dash --command dash - -cd "$(dirname "$0")" || { - echo "No dir name?!" - exit 1 -} - -for cert in *.cert.pem; do - echo "$cert" - openssl x509 -noout -in "$cert" -dates - echo -done diff --git a/system/services/taskserver/certs/generate b/system/services/taskserver/certs/generate deleted file mode 100755 index c3b58ae..0000000 --- a/system/services/taskserver/certs/generate +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/env nix-shell -#! nix-shell -i dash --packages openssl gnutls dash -#! nix-shell --impure - -# For a public or production server, purchase a cert from a known CA, and skip -# the next step. - -# For development, testing and personal server management, create a CA key and -# cert, and use that to generate a server key and cert. Creates: -# ca.key.pem -# ca.cert.pem -# server.key.pem -# server.cert.pem - -GENERATION_LOCATION="/run/user/$(id -u)/taskserver/certs" -BASEDIR="$(dirname "$0")" -cd "$BASEDIR" || { - echo "(BUG?) No basedir ('$BASEDIR')" 1>&2 - exit 1 -} - -ca=false -crl=false -clients=false - -for arg in "$@"; do - case "$arg" in - "--ca") - ca=true - ;; - "--crl") - crl=true - ;; - "--clients") - clients=true - ;; - esac -done - -# `ca.cert.pem` is not on this list, as it would otherwise get deleted in the `rm` on the -# second-to last line -set -- ./vars ./generate.ca ./generate.crl ./generate.client ./ca.key.pem.gpg ./isrgrootx1.pem - -mkdir --parents "$GENERATION_LOCATION" -cp "$@" ./ca.cert.pem "$GENERATION_LOCATION" -cd "$GENERATION_LOCATION" || echo "(BUG?) No possible location fould!" 1>&2 - -gpg --decrypt ca.key.pem.gpg >ca.key.pem - -[ "$ca" = true ] && ./generate.ca -cat ./isrgrootx1.pem >>./ca.cert.pem - -# Generate a certificate revocation list (CRL). The initial CRL is empty, but -# can grow over time. Creates: -# server.crl.pem - -[ "$crl" = true ] && ./generate.crl - -# The above is sufficient to operate a server. You now need to run a client cert creation -# process per client; Add the required client names and uncomment -# ./generate.client <client_name> -# -# -# Creates: -# <client_name>.key.pem -# <client_name>.cert.pem -# -[ "$clients" = true ] && ./generate.client soispha -[ "$clients" = true ] && ./generate.client android-mobile -[ "$clients" = true ] && ./generate.client android-tab - -rm "$@" "./ca.key.pem" -echo "(INFO) Look for the keys at: $GENERATION_LOCATION" - -# vim: ft=sh diff --git a/system/services/taskserver/certs/generate.ca b/system/services/taskserver/certs/generate.ca deleted file mode 100755 index eb0dd5c..0000000 --- a/system/services/taskserver/certs/generate.ca +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/sh - -# Take the correct binary to create the certificates -CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) -if [ -z "$CERTTOOL" ]; then - echo "ERROR: No certtool found" >&2 - exit 1 -fi - -. ./vars - -if ! [ -f ca.key.pem ]; then - # Create a CA key. - $CERTTOOL \ - --generate-privkey \ - --sec-param $SEC_PARAM \ - --outfile ca.key.pem -fi - -chmod 600 ca.key.pem - -if ! [ -f ca.template ]; then - # Sign a CA cert. - cat <<EOF >ca.template -organization = $ORGANIZATION -cn = $CN CA -country = $COUNTRY -expiration_days = $EXPIRATION_DAYS -ca -EOF -#state = $STATE -#locality = $LOCALITY -fi - -if ! [ -f ca.cert.pem ]; then - $CERTTOOL \ - --generate-self-signed \ - --load-privkey ca.key.pem \ - --template ca.template \ - --outfile ca.cert.pem -fi - -chmod 600 ca.cert.pem diff --git a/system/services/taskserver/certs/generate.crl b/system/services/taskserver/certs/generate.crl deleted file mode 100755 index e9f6715..0000000 --- a/system/services/taskserver/certs/generate.crl +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# Take the correct binary to create the certificates -CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) -if [ -z "$CERTTOOL" ] -then - echo "ERROR: No certtool found" >&2 - exit 1 -fi - -. ./vars - -if ! [ -f crl.template ] -then - # CRL - Certificate Revocation List - cat <<EOF >crl.template -expiration_days = $EXPIRATION_DAYS -EOF -fi - -if ! [ -f server.crl.pem ] -then - $CERTTOOL \ - --generate-crl \ - --load-ca-privkey ca.key.pem \ - --load-ca-certificate ca.cert.pem \ - --template crl.template \ - --outfile server.crl.pem -fi - -chmod 600 server.crl.pem - -# To create a CRL that contains some revoked certificates, place the -# certificates in a file and use --load-certificate as follows: -# $CERTTOOL \ -# --generate-crl \ -# --load-ca-privkey ca.key.pem \ -# --load-ca-certificate ca.cert.pem \ -# --load-certificate revoked-certs.pem - -# To verify a CRL: -# $CERTTOOL --verify-crl --load-ca-certificate ca.cert.pem --infile server.crl.pem diff --git a/system/services/taskserver/certs/isrgrootx1.pem b/system/services/taskserver/certs/isrgrootx1.pem deleted file mode 100644 index b85c803..0000000 --- a/system/services/taskserver/certs/isrgrootx1.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4 -WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu -ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY -MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc -h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+ -0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U -A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW -T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH -B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC -B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv -KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn -OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn -jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw -qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI -rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV -HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq -hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL -ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ -3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK -NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5 -ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur -TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC -jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc -oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq -4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA -mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d -emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc= ------END CERTIFICATE----- diff --git a/system/services/taskserver/certs/vars b/system/services/taskserver/certs/vars deleted file mode 100644 index 50d753a..0000000 --- a/system/services/taskserver/certs/vars +++ /dev/null @@ -1,7 +0,0 @@ -SEC_PARAM=ultra -EXPIRATION_DAYS=365 -ORGANIZATION="Vhack" -CN=taskserver.vhack.eu -COUNTRY=EU -#STATE="Germany" -#LOCALITY="Göteborg" diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix deleted file mode 100644 index 04b6a8b..0000000 --- a/system/services/taskserver/default.nix +++ /dev/null @@ -1,56 +0,0 @@ -{config, ...}: let - taskStore = "/var/lib/taskserver"; -in { - environment.etc = { - "tmpfiles.d/taskserver.conf".source = config.age.secrets.taskserverSystemdTmpfiles.path; - }; - - vhack.persist.directories = [ - "/var/lib/taskserver" - ]; - - services.taskserver = { - enable = true; - pki.manual = { - ca.cert = ./certs/ca.cert.pem; - server = { - cert = "${taskStore}/fullchain.pem"; - key = "${taskStore}/key.pem"; - }; - }; - - debug = false; - ipLog = false; - trust = "strict"; - - organisations = import ./organisations.nix; - openFirewall = true; - fqdn = "taskserver.vhack.eu"; - - # This should tell taskd to bind to both ipv6 and ipv4 domains: - # This will ONLY work when the kernel option `sys.net.ipv6.bindv6only` is false - listenHost = "::"; - }; - boot.kernelParams = [ - "sys.net.ipv6.bindv6only=0" - ]; - - security.acme.certs.taskserver = { - domain = "taskserver.vhack.eu"; - postRun = - /* - bash - */ - '' - set -x - rm "${taskStore}/key.pem" - rm "${taskStore}/fullchain.pem" - - cp key.pem "${taskStore}"; - cp fullchain.pem "${taskStore}"; - - chown taskd:taskd "${taskStore}/key.pem" - chown taskd:taskd "${taskStore}/fullchain.pem" - ''; - }; -} diff --git a/system/services/taskserver/organisations.nix b/system/services/taskserver/organisations.nix deleted file mode 100644 index c3ad966..0000000 --- a/system/services/taskserver/organisations.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - vhack = { - users = [ - "soispha" - ]; - }; - soispha = { - users = [ - "soispha" - "android-mobile" - "android-tab" - ]; - }; -} diff --git a/system/services/taskserver/certs/generate.client b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client index 4f0e503..5930298 100755 --- a/system/services/taskserver/certs/generate.client +++ b/tests/by-name/em/email-dns/nodes/acme/certs/generate.client @@ -1,54 +1,44 @@ -#!/bin/sh +#! /usr/bin/env sh # Take the correct binary to create the certificates CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null) -if [ -z "$CERTTOOL" ] -then - echo "ERROR: No certtool found" >&2 - exit 1 +if [ -z "$CERTTOOL" ]; then + echo "ERROR: No certtool found" >&2 + exit 1 fi -. ./vars - NAME=client -if [ $# -gt 0 ] -then - NAME=$1 +if [ $# -gt 0 ]; then + NAME="$1" fi -if ! [ -f "$NAME".key.pem ] -then - # Create a client key. - $CERTTOOL \ +# Create a client key. +$CERTTOOL \ --generate-privkey \ - --sec-param $SEC_PARAM \ + --sec-param "$SEC_PARAM" \ + --key-type "$KEY_TYPE" \ --outfile "$NAME".key.pem -fi chmod 600 "$NAME".key.pem -if ! [ -f "$NAME".template ] -then - # Sign a client cert with the key. - cat <<EOF >"$NAME".template -organization = $ORGANIZATION -cn = $CN +# Sign a client cert with the key. +cat <<EOF >"$NAME".template +dns_name = "$NAME" +dns_name = "$SAN" expiration_days = $EXPIRATION_DAYS -tls_www_client +organization = $ORGANIZATION encryption_key signing_key EOF -fi -if ! [ -f "$NAME".cert.pem ] -then - $CERTTOOL \ +$CERTTOOL \ --generate-certificate \ --load-privkey "$NAME".key.pem \ --load-ca-certificate ca.cert.pem \ --load-ca-privkey ca.key.pem \ --template "$NAME".template \ --outfile "$NAME".cert.pem -fi chmod 600 "$NAME".cert.pem + +# vim: ft=sh |