From 4158ba3bbf3258f5b3906f10fefa71be8a6f163a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Gro=C3=9Fmann?= Date: Mon, 29 Jan 2024 14:43:41 +0100 Subject: [PATCH] feat: maddy backup --- .../secrets/generated/maddyHetznerSsh.age | Bin 0 -> 1159 bytes .../maddy/secrets/generated/resticpasswd.age | Bin 0 -> 845 bytes modules/services/maddy.nix | 59 +++++++++++++++++- secrets/secrets.nix.age | Bin 5390 -> 5367 bytes 4 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 hosts/maddy/secrets/generated/maddyHetznerSsh.age create mode 100644 hosts/maddy/secrets/generated/resticpasswd.age diff --git a/hosts/maddy/secrets/generated/maddyHetznerSsh.age b/hosts/maddy/secrets/generated/maddyHetznerSsh.age new file mode 100644 index 0000000000000000000000000000000000000000..dfee89de84cbdb354ef8a45e756985e56febbfa7 GIT binary patch literal 1159 zcmZwC`)?Bk003a!gpG>R0fNy5JDg5-l(yGi+d~Df*Sq%GU3Yz4d#lWOeO;e-?Ol7< zs~RF3M4}i#g@6H>z<4<2rSi&PK!BhGA;1Jwf=*))jo~qs7{u@+iGRVDkL41&1RoRC zLMbiqGX;^;%SMfEww3`Q$OvnF{;J*O1qB~gaEWDB#l&h6bD(T4EhiIUI)FPlnXbl6 zHY1|RdeO8cWrT}rQpo@YOz5nnFsn+IT`5II@`jKnTtelblLdvlLLn{d3Ls?BGC^OK zMzn~r!y52_O3~x&NHOuMEnPGRq7uuY{+tpKrMNxlb+TzYSqaI)sj8qE9P009I*zvNIG%rfa5MP(@d>lOnf&6m zUCoaVfBVVovolt*#0C%4}7CxO>86TNN z|5(3j{Do6%TK1;CZxo6>)yr*PuiCI;)7&BRjP8%d{pxdQf=e!RU)}%2z+=uS`f0D# zY;_#i)VjHW9Nw|-4*KAfm!7&j`u@E6)4O+e>FS%-_gvf6x5#2$e*S}HS1$bX#+uvI zt>2c7dHA#CH4{&L{`0{|G^chq71}=h zSJZ{%^+($#4Y$=#ZJ4Z_tAOjkOdn4!Iq^%hb;0g;*8T;wEqq?sHf!um)gHQ4icj~y zbzkqbF-I;c^>5A#?sJUvDU(KKe9`sgqwnEYdbjjwqXX?TM-LA)-hWUTACyK4_MWXe zdE=tY()82dzi%()TN}^1w@(hmYR@+`4qnn<-23k8IsC?X)f=mCEUfJ*ZntJe{y53S b4xD+Ym-oKVf6m=x8{I1DgqCM+HXr*BtOC5e literal 0 HcmV?d00001 diff --git a/hosts/maddy/secrets/generated/resticpasswd.age b/hosts/maddy/secrets/generated/resticpasswd.age new file mode 100644 index 0000000000000000000000000000000000000000..1490c4b4693da0199503ee3445e313510c5d661b GIT binary patch literal 845 zcmY+AT;M)G*flmX_3Z+Tg7gL z)8RnH+pP&z(AsU>Y{Dy9IC{85Rva=Xxce0=L~y;65UciLCHV>l&5pB<7CY ziblPjk#>~`rZienFsTu%9dIx=iWAwe=8kOBVACyW`I^=lx%5L}E0|8h&&{KEyk)IH zv6~-JfvI^LCOF8s@=_!X)250JRwvO}mT?CNSL#L$r|RCArpS(sYA&c!3b@f?E}P-` z($tI!4ZO6@E+vR?Vu<>6O%wDjiy2G1cTk}kL|O@}(d4N?^y^MN9Y&RNY?r!{mAr`) ze+rT)*Mkj>RN9c#9=V%EfufC-y$xHDikLy0r%u|l-Z%|;&e3Otyt-vQdmWjrHy?cS=kM5uZ+x`; zZFn>OV|YTmdh=Nu{CxBI4-fDD^8A;7zxM9;vtJ**_apTFGVZ+a(?8$7^a=aqtH)p5 HpFR2?Uq~3} literal 0 HcmV?d00001 diff --git a/modules/services/maddy.nix b/modules/services/maddy.nix index 7b34468..a4e61c4 100644 --- a/modules/services/maddy.nix +++ b/modules/services/maddy.nix @@ -4,11 +4,68 @@ { config, pkgs, + lib, ... }: let priv_domain = config.secrets.secrets.global.domains.mail_private; domain = config.secrets.secrets.global.domains.mail_public; + maddyBackupDir = "/var/cache/backups/maddy"; in { + systemd.tmpfiles.settings = { + "10-maddy".${maddyBackupDir}.d = { + inherit (config.services.maddy) user group; + mode = "0770"; + }; + }; + + age.secrets.resticpasswd = { + generator.script = "alnum"; + }; + age.secrets.maddyHetznerSsh = { + generator.script = "ssh-ed25519"; + }; + services.restic.backups = { + main = { + user = "root"; + timerConfig = { + OnCalendar = "06:00"; + Persistent = true; + RandomizedDelaySec = "3h"; + }; + initialize = true; + passwordFile = config.age.secrets.resticpasswd.path; + hetznerStorageBox = { + enable = true; + inherit (config.secrets.secrets.global.hetzner) mainUser; + inherit (config.secrets.secrets.global.hetzner.users.maddy) subUid path; + sshAgeSecret = "maddyHetznerSsh"; + }; + paths = ["/var/lib/maddy/messages" maddyBackupDir]; + pruneOpts = [ + "--keep-daily 10" + "--keep-weekly 7" + "--keep-monthly 12" + "--keep-yearly 75" + ]; + }; + }; + systemd.services.maddy-backup = let + cfg = config.systemd.services.maddy; + in { + description = "Maddy db backup"; + serviceConfig = + lib.recursiveUpdate + cfg.serviceConfig + { + ExecStart = "${pkgs.sqlite}/bin/sqlite3 /var/lib/maddy/imapsql.db \".backup '${maddyBackupDir}/imapsql.sqlite3'\""; + Restart = "no"; + Type = "oneshot"; + }; + inherit (cfg) environment; + requiredBy = ["restic-backups-main.service"]; + before = ["restic-backups-main.service"]; + }; + age.secrets.patrickPasswd = { generator.script = "alnum"; owner = "maddy"; @@ -240,7 +297,7 @@ in { mx: mx1.pgrossmann.org " > "$out/.well-known/mta-sts.txt" '' - } + } ; ''; }; environment.persistence."/persist".directories = [ diff --git a/secrets/secrets.nix.age b/secrets/secrets.nix.age index 59185ae79e4e78c82df0753d895129d0af64af18..f0b3e733630c945b535b585b1268b57bf902e6cb 100644 GIT binary patch literal 5367 zcmVF?Lx>FlAb6N>Nu# zcq>{^QFLlaIY?`6F=b6gG)7l(GH5q2VpcRXYGVp|ZB0mKZfP%4P;6soOgS@jGdFrQ zQ&TizQf_*4NlsO8MQBu1FG4j;Lw5=-J|J*ub}eu+H8vnvR8ebHK_EeCX>MbBMR9R9 za8)yRZbWQLY-Vg|Gel-bF*$iSZelBPYjsmpGBi|KX=n;#X=hP6Z&X5LbU{^8aW8UI zNMmSDYHnIhXi;xLHE%>!W;i)TMmJMQaBm7NJ|J*ub}eu+H8vnxMrUbBcOXG)P-1yC zPE~VOdSp^HYeYjJ|J*ub}eu+H8vnMc5P5}Q6NEc zH+Euqb~9*hGdD9$Nn>SFWJFm?F)=|;D_Tizaz=G(Z*gK+Ib}&NIBW`XD^O%*IC?}{ zMQB!0GdWmIOhjx;Gc!PeyEIQFjV0J|J*ub}eu+H8vnxMrUbB zcOXG}bu)8OQb<{5SW_})Peo;KN@-PPOJgu(HEm&SYHwyMHDhf?a7IoySYir6Ic8L6 zad~)8Z)-F)YfDgYLPl3;Vs%(XX>>I-Get#pRd8;0Sae}*X*3EgJ|I{?L{=k9EoX9N zVRL05Au3=daehW>AUG~Va8)88ett}IF(x7)CJI_%Q+Gx)S9&o~I0`K-Eg&{{dMia~ zK~FSkK}R`RRYYQSF-kI1N_kZ>OlwR-a&Id|Wmi{mXJT(?V+zD335>ziHU+dP1;>Wp z|7q8XON;9lk5}SC#tb2aKlk;CCcArnpF+Y{{v(E8SA6gqD3ac;az}?}%T&S;S?mh~ za4S1kzp{a=9t6_2b>JZ zLqbJ8n&rFwNaT!c!Kcjg9jRa)G0uf{k{t7=B27E#UbQU{gLqu2Naj5dVQH0u9I?q3 z>U8Q-DJhlnv)0m;7wEz-W^u zoZyP@Z7K5hDJrSJ?%>*~?~Gkb-~9&i!sy zpp>m#m97&dvG9a|M4DvFW7X`~2SOMW5FBO=6EtSMEN%V#yZ1q&CncMeA!{+kS?-Wf z5dgVY&y7j}BTp={n3j8N2$*U*cfpepFKPtpr9_~12AREH^-=W{T&o`9yX<9X^w^5T z_$5GMxILm_eXl>^Q!-Z`irCX%i~ZEXMi!ML%trf8Ers7MjC|Vdw{EcX$Fqv*u0u)u z`LLLn489h4>T3FiA~Q114%pJF6n9aI1c001rp5b?*cFTnpFQ@A(38@ue=EpQoUHy7 z;sPocNUd7VinzP(|AaAQvUU`=RCt!5%F?dL@0k5t$i!G?Kj(I z7j;;$PyKal;WEd;#h-Gj*^P|EHxzX?nJ1QgS&!{&Ud38kt^43!WLdvL61RzN2xM*R zGB_TdiP+pq{+OrE)PV)OY7&PE^h=PfiYKbOnm~S|pSuG9AH*DTo&Y;ThaX8SnmQ$X z{{h03jR15`S3{bGUs2s_guWrdXct5Qt3GLc0oN7WSf*=5gaMLZ#&XQktFsMZMX*7q zSv!5~2bmv9*S>7OK{!ohHYRt0AOeat68A;~Sf2|5S(Qaw7;uDDgj^a@nQW~tf=6x@ zeN|f`&#DYcYE(dy5{L@AGr1Ib$U?d@tCWM6F5?}wh_p{*8KOsbPbr1Iu)x-!nzk1k ze5i~p17+AJV!{UH)Y1Xx&U7=b$Eg*iD{EjNsmal5!uf>o%30Lpx@ws)jv+JeZ_bRs z8rvJMn4;PskUnj~!=k<}TTGEGo9`PZ?5&2~X+uIty&z@zS3vjm;ug^VgDR<#8Fj`d z^(1V<)+mW<=nSCOMUgIhJ|^k+u261e4&yb1wQ)g`$qu^^%99w_{n{WAc?jq7+e$B` z1}pRl89XE&d3}|EX zuF0;g@l5fV?^V1eZ>=O5%qKD32YWOxNQ|8BkVRz7h%npyqX9RZFv($0C5=8nUZ2l3 zO66qldfW(ar&*bEeqV68bKw1_M&7H&&@8j3L~+nZbPF^7|NOe&i}IJT(>W3Z1GGPQtt)$u}e$ zqBsj>3yq)dc3ep%RAROVqg#;Dum}f9uy8uG)WXsd#Bqu&wHl6MPu(`Iax_kjai-=s z1_9TU@zl{!UI?5s?_zxM)_&yr&>jDXkvH#~vK$T?#Q>X;ZinQ>D3D(JQZxI1%PYLY zS!yt)HH);~i@+}!trQ9MxA;gA#$aUrd2m(^ae3xi1}w!Kv6-R7 z2@Hbo{AD~dss;6Z_j$4&*xU-|BxpR)uouE53ZmX^<@>8EV>d+FpgcFG-`Y;TT!u?o z82l_19Jdi_>hu4g${JF@;9TxtC_bPW&Zx3sYzVNjj9^~3=(PdKQuz)kFNc-#rb=ME z%aP;{n*sK-Qm)OzWZaU#@W$K%kQp-Q6xPd>d`5Jk?Wq%DmdrVt-J)YHv+!=rWzEmC zd$}mkFtm#V1;qva%xKtde*VJ~q#aq;W5f+=Fk{N6ORQR5tiIm<5$-|bHcMM zwV0W_E0q-*a6r9P(Stw_6UzH{n*cc^QOH7nj|UJV_!&a=YZzN}COtD2Rp4st_lLvR zwBtlWqysb8vkjxDl$A8^z-8Ve5FIR^dbgAURY%`nip?|u{76*sc>y@W_}Y~8B}-RJ3U89 z95XK4gL|I~7-TejbBTus@jN2u=pXHFl}K+<^kbdi{1y#kM<6IojRD_4Npq`Z4S;g_ z3voe^wxJ#F(jLXF<%kQ#1(_Zaa8rs&#NnU!&$@@P?eq!eH%eXAlPjr$H(;9&;WqSJ z*tXP^^U(B=qd_9!^dP#fb&Uf$)q6m0=h;Y@n;V!Cq>mfFHbsj3IYO4VFUK6P8RS?} zQOt1fGGrXas9O*<2T(xLfT|0+7mLK=g6#)s2ZGYU`4;u=W^s3n8UWM?CS^?v#hI0y~NVYK@! zzi2&GRt@Q}m}hu0iTz z-c#^T_-NaVpa+M33GfO$$eHtn^}8{8=7PjT77?8nbmLqxx@6bAJ5J?mxKTw|3nb~T z%~~bLQlA9dFTqeMOi49TH~Zja`cFrAMeD<&qSfVai5qyQk%MAPGEN8p)=L@Z;x&J) zFL%8E|0XP0bc$$g_R!o(%L-e%&#+yag+@JaXNx5N%B7YCst}bi3OvKv@4pDBeLXC} zU;NT4ocg|}jnhe-_E~g%JkdMoqd|d2cb?6zZP(fXOZw}3Q5-|8Z=2wzh*p!v0^fAh zs)7CXh1@=2hpvW)dPPV-@ah+UiY`~C`@G}Dmbk+`ycS{t)gKKak<{LF3NRDoh=HzA z%;WxyM1z>+zY$f}QehapG2kj)N_+^%GvZRs ziDu{dtR-{F{65A%fCp&dX@KZw%>NCHFB?VR5~>!VUo9%MS=k_M{D;WQBw(4998Rv; zK0+Vg6G->>W%(`L(xt=+71LetmjeNBM$Ijj2+@2*0x+e<#E=Qy#M^FH*O|@!_%n!V zNNd%sbGS=GI3Li&dRWe6XTkfVsFs({y`uK1lcNpx~huHH~_u$b^lpzhr-O2sc!Gv)(KC_4(UFsIYptgCeG)DaHS z>s9CJN6yp^t3%;}hpl{}^XL({dLHNB#Cr6FsAT0l4ltAG>#ENR0|#)G({vXcMC+a_ zl{;(4fFi}nDWsWj_kTbQm#J%ULqwK5VbvFP>nr5RfS6h|t7QGvJG;W-*%MK*d7=^Z^ z!3d2T#u_m0+^jtrw#W0ym1swRuL42-_je5o`uReQL&8d$BpQSL;NmxQY4RMqK{aKx z9P)A7r)+J@jLJt{7zL_7- zjaj>{+OTR$eqR%>ZAvne1S)K9BP%P$H{IohzR13{2(<2 zYrS!s-Ft=sK#(nW`n}u)Csf+BQLT(m>vaUXffl!m`lP@R3JD}uW_I0cun2=5VjTdM z4T!va2``AO1~&uL2yHT?k+8UBsG^K<95$~ZohuM2^eRyBY5YdFHrj1U(wsXi&_+!j zn8>-kkw0UjDo?dE)`*ZL$J4Wp-df2tCB+EiV9$PNLf%RIn);|GfKrPCB=SaE@1Q11 zjShJ3;pNx5-?xHzhT5=2MomNLthSb~%Fq;ZLAV2{cU)NzU7|T8L8pRYdF0y$Xvq(v z@^cXm1=!j(5>QusRQFBU43B<P0>PnM z1B?~YH>>DOta1H9WEk9FkQ3WO$NRI9&%&b&`1AlChlN$P=Ow6JU+&Sq&K_pI|Ab-9Mfml> zjJ*NMr-$INa}K^0=Y6;FIhh%H66%CK z`lw-m@+CC}kry~G|I4g+*3rA-@u+WN(0-fF&K9J_8%hlpZlQo8(Q=SbWlJq*q8;!~ zle~)~z$N~S4DMAQq@?AT<+#6Hlf(5d%%N;?t?vA<;$pD_P8k?>8!*xPB=|tc94WBG zmL~eUBnA=wU8{8d1@w*388xEjh3JTts5cjkiOjf){58Lqz{!z^BHXu3IYVnZDZr6SD|uL=HTIu#5U zkt}94YR%;)Mc(C@AL!Y`sYBN@QgpH|-xu!pIhlv&f{Nb^JpwKSEzV_inL@hhi}e&@ zNIa(4E1!^7#l3r#~D__il2JNGYABpLxMpTKA z8rhUT^zN89fw~40l>^M+V8!7jYi*9-I(f=00ooL~04I)$OI;`>Vb5;EMW^>mIbta9 z+5Am(8&dek7dnhRV(E>?Xh%AWT#oM=hGf>2GhwJ_bB{5B7UyTxq+(u?4RH)AKG1+& zO0F60b+RP(2yi+eMic0>EG|LF>5t0Jmz!oINbXQ7AI%0Ss;i60iMslTMJHE82@Co3 z_M{+)WlLRo(oE6!x=7YTL^ep_;lV(z8ReHt>p!ELG|!6#E1p&dVgW+un>o1i?Z0Jl z$Vm`pym>h1;b)9;OWdj5nltStZmg{dcIi8Q{`|@WKv}sFa98z26JBuS%4H#E7@1S6 V3*?DL605OOOrNh!49j&9q^#XN=OzFE literal 5390 zcmV+p74hm}XJsvAZewzJaCB*JZZ2F)#{3b5?9)HezFUXl*c7MQBSureW@tw^ zZ%$e^H*rfrXEjhZFh(;kO;&U(QAuZ7YBexoPB=(0YHbQiad|ONdUj}VcT86>Yid$e zadU8ZHaAEsLSaK|M?ynRT5DNYN@7tkaajs2J|J*ub}eu+H8vnxMrUbBcOXGBcX~2H zGB!dmOgUFYdTUxrcw%&UXfH)2gTRZC_yaac!3RWw&_YEyYxG%{>dQdl!)H#9X=K~H8#FHs6tM^r^baCBC1 zS4MhvYC}s;ICpthd3tnGcx!ZLMo~61Gd4*xPcTbsT5}35J|J*ub}eu+H8vnxMrUbB zcOXG+QfOH)QZj8~Q*A{vdUZr=W_3h*Vlq=lH8*WWPdP$mbY?I{FIqxvWpoNNLv&A5 zPDe9gL~J)pF>_>ea&kdJGgeqkOGh_DLuE%~L`!aDWNB_RXKM;AJ|HA>b#EkSUoB^H zWnpt=AY~wRT5vBQId)raejsymWC}$&WO-q1XGU>Rc6C@oWlk$~L~~bVD>76#H8n(6 zWOYqrPfB4|GHx(7P-atNT6H!-SWH4~Pia|MWkhN(S91zzF=1$9T0v4*Mr3VjT0=y0 zHAZAmXERJTY%fSSdRAgjOG7YHNH9uyZ8b71PbT3d&cM2^nEg*MrYB+O3ZfA5k zS6OCpOG8OxVp&*PI5}!*Idm&zGdV?9SYu0bHezQmV+x-~DfefUs3)cM!%?17#d6Xx zrc96hge&yd-HPb>#|o=ul==6BiNvWQRlvgWLuc$a4HS%8JC}^?rql2xR{3d~jEBz( zv6iSxhDqv_Jo`%jfYa(Nz{Hcu zJ;2!8lo*pnJpJZ@E@Ic+MkIjLgQAj`bI<64DF-jOrnk25N3b6feKIUxcCh^@rAZIJ zY}XyRFz&f@_bDenSBO?zOV*5I>j#whNzHi<2Rt_(G2MO|J$)JyPVd1Y8)iTsd-{^VtxR=f)}t_#pBST4T`uI6w2Ln zXb`7mP&dRSo1J6XX_IWLW$Bj)UPQaDF5=97tr<+5UcSTz{iR`YUQ)t zd6F`+4t9nvgl45+#vlW6Dq~c4_Qvbc*C+tFo=2>Ad?G5Hp_%G-NoBU1`2sSW?%#Oz zOkb|b*zej}z4NTLB=~r_`*JkQh8)FCgmrEw?_@s$i>fWP`T*yqJ4}=6njni`sbjxXm3|~qF-tnD2L^(iGqF)g?7eLj1?UvuZdVA^YwDtSty@;f*O-UfVhsTkb*Dr{Zd<(^2#xj3BLl!3U-3ysq5ax9a_ZXvKf z!1=-Jd__3SOW~>Z2>1mv<1ZAeH}VIF)+DS#zB|`)EJQX{;@IWmdy zA^A?d;#A04PthMda+S&cs%@9tAuS8px@!Be6;O0yppNHeSs|PL5&E5-TV`s={4}ZD zc$gYYh%&|oKe84*4S9xAJ2i7pvnA7e!G?FB>ED!<<4tnRM6!ICmGKv?xCn*lxVBB3 z01>P{v>G#bIo5KG#1~nLks(9R!_p-E2eKDREH!m48+!sW%??t@v1)oP zTS<|rGI9bDP_``-z)a8oUPn&D*Ir5fAZ#ZX=J{wB0@ZQo^%DZFalyl$&iygZBkr(= zdT!=2;0sWqOl)dfm4?~Y&gwMgslFwXZJah+kp1H%j4Ag@x+X_3I#dBTWdY@6rxQz* zYF-3ULPvM#;qRqwOvU(#Kc|0GMLCB}^xGW~>x)@N|9R`l8vGyPk|J-l`8us(b_S$Tnhuo}j{??0Eyioj zTev_hj~?ObBW**!0?fcdeL)4qRK7#ryF7U|wJ^tuzDslPPP3G0O3b>x8Ae?Nr*fPn z9|~(AZU{8a)W5u=dFfk5|8c(7cWT=@{bSSn+-o$yF6TK?pM!6BVY58l9rB0BqO-Pw zPLyoib8yFLO$ejY@t6Z-(yo*ch)2?F7V3=QY@kKNbyx>>&6}Am^EVdnw;i->P1+*P zM>RAWbU$oVC88DSk%F6i5gzJ5E|u^qDOKgRaXG`p)eHE|F2VS0j9n9JrjD7XdGtJb zC@~R&dA-M?nt8qgr*S|$$`eSupAI5B>^*mCTiJ|9_Drz^Q{~^M0m2|?GE&)ju{uHi z1(NPL9zD^u*IWF`L!JTNR=8<0mK$okWrCaqbh|bO{u8~DMXyaxu&oE0a%S6e;?A)X zZ&^G_Sa{8|jqe8{8krj;*3>WNR;ZGdJbEX-`ej>?rs#q2=@jCsZE$9DafG*5#R7h= z*{jrJ7UbIc3S;cnd+R$=@BK1j;s`WdaBCO3Ro{SlqE!UlOU46^RK;ZwR)9@8R6d6ZZX@GIlVLDN!@Cv_@rCv}YGvnaNVF@~R~FcU|tKT}PC)vq#-hl6JyJea4W zBsp*|SAP*^B!R_0wm9o7hi2RqO6%4g&gB-(=OHCOlL+HJlx%{|-2By3C!*!8JL$P8<0z7PwrWvJ za5}Mv@qUHw>i}2ktA`6s=zSG^D`e87pm_5$$?V(IZ1>i`x9R52FBtuBhGEnV#5RfG zW1Si3D&|$K8Z;k!3L&|^E7YJr29~jL4%ynr5lWP>mvRg)b1(J1u!$;wzMMg=94Ayu zvgssn=U;scF7TYd-r?UKK(G(IDreYbCUHGi8emf;`4tViTd#d~Ju=v67E}r$#uC?j z9}=5o&7>ndiP8{wy1=fBi6H6VRJ*C$tX+X8El$0OB(aF53VYamT z2C4vOPa&P-9v&bf)A%$%+UWQ}Mh8aXy^ zWPK<$O*tXL;C??&f1=jRC&-^x4a=pDm8=EBquTsmGtyyiXxteMTwGsswD(T;=sT)K zMq}5ZjcBzWq@d(tr{{Tzs&#Fxej-4pqn`^hz;hgNl~m+XVAb;O#@m#dh%ii&cjk6c zz1*?l-xi|pA#bsQl|9Qr^v5SkQH())k^b`kQV3br&DQ0v;>C8-RIp)BAYLJsh;pT; zbUR!5!p5McF){i5@gu@iS(9rTrrY;AvZKZPt>B}rf_OA}d3A`&(A@rZL`2wz!CZrF zB0fa1Y0R?jic1y(e(;)B23QtHZb7g#AWnO;&;^U4Eg%AsZ)iY@Z1|5t7NODH5^WYY zfw8V~v$E^g>iz9U*JCoc=1Bu(BFP-(a-DWNO25$rG z0VZ`=Vb8PbmX*?M7Ck2+D4cZvG>t7_)nRTTpHeY1&hsW6PLD)RiHE6F*PB^^N$Zjt z*+LDFQZDnzukbo+VP~+Vs{mbOykg+~o-5}BarujOenaxjT$<9HxoYD(t&VeNcs$IL zb>G9?FngS$5+y1s^|_zN~Nxa14hKSg!|m&omnT`as-o%}%HxD$p;W zNY@WpZcbB`MI^;Ba0wujl$7QBp7e((7pI0Qe>dnY6Gh1tvzOp$iIXFew&rpuk@fqq zC}B1u+-G$OxNqN7{SHB~e#A%XQPWJaw~tWMt>uPxQ%QW)8np=H#NE7T@8Qq9(hMbn z{pAGN_{0}x1Sxs4_1w8zc}?MY(|#?an2cE|EQx_F&Xh3JY6lG}u@Tyw8*fq~yKD>m*LUCevlzp%UV`v^yt>MsnqaY)Mza-=5kA0HL zSDJe&de zOsl@OMn+CQic12=IDMh76NpPKz#+i#btEEKi=k%%qMD|CW%;IFq~^^qBcJwdG9qUE zlN6W11_+e?`nona`BEL}nDQjkd3TjEjgf%fMK9aNUu#5QmQ6^t-MNhAp4Qo+u9Mk4 zrT#yFRjvD69WVR6)1HKez+Vj>S8810&*PIg_DKZhG-fAY8l4j+lBbh>s2sWkmb z2Ep{kC6y4xj4DyB;IUP_sq9yZ2TqW#YhR{z7=eSC*k1Wk;Uf>)GpF8wE3d#z55yPZzlGbwgjI>t!L;0?NNng4x12DpcDsz{P z3Ux^ItF8wUIs8ziS@f4=;GZktoDQ0`1fl!*u4QCezmc;(T}Ljm+d`#hQH5O_#_9g8 z8gEjH8hfBH3r}SRyurW1kJ(q7f6%9u8k;E%-?=1B4>a`*M^I9;gjO7CohGlJtOlPCYS16;N{W-Ut>WwFgU5r`Q9hmtb9U`Swy_= zE-cwoslPIOzg@~=K_SOFUV7yP!kJ_iRzbY?RZ=T3vMcvz)}SuGa&5Jq)5p?|s}0!2 ziBNscw<9h^N`Pj|Pjx8Y;GRq@t}<*gFh^0|9G-=JE7m{8Yp3+kTFIOA;7#a}X1Q|} zIvE3(HlYS7O#gKewy+$w*wtN9mm|@r!RU$R#T-Skwee={gGs%j)tVV78<8+VUVS?YKmjJC~EB!CVFi( zf_@>mH)#{2Egm-BeZf+gU2gk>sE?1WLAtCk@?$V-L3F;|DDf_67>A@o+yrN^%;n3K zNzF5k4kZIvL_as@YkYg(__#yg+PB4Vb}R2Zz}HcUZ4eXrJua|onojc>ZK7Og?0A4M zN)nNBu>&D=kS6in9^i>w>^Snvt*zb)yJK(0$*Trb@|r=FLH&fB@FZ6rs2FCmY)zBE zO|54dmiloU>`%l)cWY#^^F!G(rg(57#ESSzskW+$dxX*1pDJA||Mua?KupE)6dy4% z@32uY;R6CzS4yb~XEFSXU>pmF?@*sJ>VBTNJ!-ZcWf2!mHts*~L^YuG3QUIH%`kR8 z6UJYafvZ*KHS7J%pBwF{=4j21dNpu2uG^)))==A85CHk0He^I1G<%?{$O93I5eO(h z%F>58zupTWrBjrMz|p)Iw=DI$U(1vYqhYA%r|@0l8{&_ky)&vxF^B8&O37yC{KS`_ z9>((*AXIGSJ_k+o3Vub8DOcKAP`ZP`4ws_DF-O4#7^We6y;OTj(YX!&na*Kk5~3;{ z`1#A0ZqjW?xj4Hs_r0yR@lkq*BtyBf4Rw@};9rHRMrjbMe?LUA{57|7_Pe5pRAan5 z>o0e<1+J55r!^^&Odp7Q+tr?W^KBEEz2$3<)4{=b=Ijb;c0K!KtUJe_2L}$&l zr!xyA8zRa!DKFpBpnkd65JZdF{->G%_v7p)cNByNbJ6KqdT(!$tngErjq6FO{@tQs zC8elCfXmAZIN!6L4pi{SU`!>Y8TIA$^*Lx&BgF?xEQ0j$Rr8sprPCz)NJrZy$)t{K zZ(RhKC3sjD6ALZX5#lEsdV&*8UNFPFQ