commit 7fe15197e5a36d6c524721b35152923f9d6ec94b
author giolekva <giolekva@gmail.com> Fri Nov 19 13:58:16 2021 +0400
committer giolekva <giolekva@gmail.com> Fri Nov 19 13:58:16 2021 +0400
tree 48a6767f7e1a5c5c9b53ba62d6ee59b23a0d11d5
parent 4703175dcdf67dbdc3adcd6253efc741fed9b4fb

Installer: maddy

apps/maddy/install.yaml

diff --git a/apps/maddy/install.yaml b/apps/maddy/install.yaml
index 389bd31..023085f 100644
--- a/apps/maddy/install.yaml
+++ b/apps/maddy/install.yaml
@@ -16,19 +16,19 @@
   ports:
     - port: 25
       protocol: TCP
-      name: a
+      name: smtp
     - port: 143
       protocol: TCP
-      name: b
+      name: imap
     - port: 993
       protocol: TCP
-      name: c
+      name: imaps
     - port: 587
       protocol: TCP
-      name: d
+      name: submission
     - port: 465
       protocol: TCP
-      name: e
+      name: smtps
 ---
 apiVersion: v1
 kind: Service

apps/maddy/web/Makefile

diff --git a/apps/maddy/web/Makefile b/apps/maddy/web/Makefile
index 7c054fc..2054935 100644
--- a/apps/maddy/web/Makefile
+++ b/apps/maddy/web/Makefile
@@ -5,7 +5,7 @@
 	go build -o maddy-web *.go
 
 image: build
-	docker build --tag=giolekva/maddy-web:latest .
+	docker build --tag=giolekva/maddy-web:latest . --platform=linux/arm64
 
 push: image
 	docker push giolekva/maddy-web:latest

apps/maddy/web/main.go

diff --git a/apps/maddy/web/main.go b/apps/maddy/web/main.go
index d4bced0..1e823a1 100644
--- a/apps/maddy/web/main.go
+++ b/apps/maddy/web/main.go
@@ -10,11 +10,13 @@
 	"io/ioutil"
 	"log"
 	"net/http"
+	"os"
 	"os/exec"
 )
 
 var port = flag.Int("port", 8080, "Port to listen on.")
 var maddyConfig = flag.String("maddy-config", "", "Path to the Maddy configuration file.")
+var exportDKIM = flag.String("export-dkim", "", "Path to the dkim dns configuration to expose.")
 
 //go:embed templates/*
 var tmpls embed.FS
@@ -108,6 +110,19 @@
 	http.Redirect(w, r, "/", http.StatusSeeOther)
 }
 
+func (h *MaddyHandler) handleDKIM(w http.ResponseWriter, r *http.Request) {
+	d, err := os.Open(*exportDKIM)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	defer d.Close()
+	if _, err := io.Copy(w, d); err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+}
+
 func main() {
 	flag.Parse()
 	t, err := ParseTemplates(tmpls)
@@ -123,6 +138,9 @@
 	}
 	http.HandleFunc("/", handler.handleListAccounts)
 	http.HandleFunc("/create", handler.handleCreateAccount)
+	if *exportDKIM != "" {
+		http.HandleFunc("/dkim", handler.handleDKIM)
+	}
 	fmt.Printf("Starting HTTP server on port: %d\n", *port)
 	fmt.Printf("Maddy config: %s\n", *maddyConfig)
 	if cfg, err := ioutil.ReadFile(*maddyConfig); err != nil {

charts/maddy/.helmignore

diff --git a/charts/maddy/.helmignore b/charts/maddy/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/charts/maddy/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/maddy/Chart.yaml

diff --git a/charts/maddy/Chart.yaml b/charts/maddy/Chart.yaml
new file mode 100644
index 0000000..8476282
--- /dev/null
+++ b/charts/maddy/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: maddy
+description: A Helm chart for Maddy email server running on PCloud
+type: application
+version: 0.0.1
+appVersion: "0.0.1"

charts/maddy/templates/config.yaml

diff --git a/charts/maddy/templates/config.yaml b/charts/maddy/templates/config.yaml
new file mode 100644
index 0000000..9c14421
--- /dev/null
+++ b/charts/maddy/templates/config.yaml
@@ -0,0 +1,178 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: config
+  namespace: {{ .Release.Namespace }}
+data:
+  maddy.conf: |
+    # ----
+    ## Maddy Mail Server - default configuration file (2021-03-07)
+    # Suitable for small-scale deployments. Uses its own format for local users DB,
+    # should be managed via maddyctl utility.
+    #
+    # See tutorials at https://maddy.email for guidance on typical
+    # configuration changes.
+    #
+    # See manual pages (also available at https://maddy.email) for reference
+    # documentation.
+
+    # ----------------------------------------------------------------------------
+    # Base variables
+
+    $(hostname) = mail.{{ .Values.ingress.public.domain }}
+    $(primary_domain) = {{ .Values.ingress.public.domain }}
+    $(local_domains) = $(primary_domain)
+    
+    tls file /etc/maddy/certs/tls.crt /etc/maddy/certs/tls.key
+    
+    # ----------------------------------------------------------------------------
+    # Local storage & authentication
+    
+    # pass_table provides local hashed passwords storage for authentication of
+    # users. It can be configured to use any "table" module, in default
+    # configuration a table in SQLite DB is used.
+    # Table can be replaced to use e.g. a file for passwords. Or pass_table module
+    # can be replaced altogether to use some external source of credentials (e.g.
+    # PAM, /etc/shadow file).
+    #
+    # If table module supports it (sql_table does) - credentials can be managed
+    # using 'maddyctl creds' command.
+    
+    auth.pass_table local_authdb {
+        table sql_table {
+            driver sqlite3
+            dsn credentials.db
+            table_name passwords
+        }
+    }
+    
+    # imapsql module stores all indexes and metadata necessary for IMAP using a
+    # relational database. It is used by IMAP endpoint for mailbox access and
+    # also by SMTP & Submission endpoints for delivery of local messages.
+    #
+    # IMAP accounts, mailboxes and all message metadata can be inspected using
+    # imap-* subcommands of maddyctl utility.
+    
+    storage.imapsql local_mailboxes {
+        driver sqlite3
+        dsn imapsql.db
+    }
+    
+    # ----------------------------------------------------------------------------
+    # SMTP endpoints + message routing
+    
+    hostname $(hostname)
+    
+    msgpipeline local_routing {
+        # Insert handling for special-purpose local domains here.
+        # e.g.
+        # destination lists.example.org {
+        #     deliver_to lmtp tcp://127.0.0.1:8024
+        # }
+    
+        destination postmaster $(local_domains) {
+            modify {
+                replace_rcpt regexp "(.+)\+(.+)@(.+)" "$1@$3"
+                replace_rcpt file /etc/maddy/aliases
+            }
+    
+            deliver_to &local_mailboxes
+        }
+    
+        default_destination {
+            reject 550 5.1.1 "User doesn't exist"
+        }
+    }
+    
+    smtp tcp://0.0.0.0:25 {
+        limits {
+            # Up to 20 msgs/sec across max. 10 SMTP connections.
+            all rate 20 1s
+            all concurrency 10
+        }
+    
+        dmarc yes
+        check {
+            require_mx_record
+            dkim
+            spf
+        }
+    
+        source $(local_domains) {
+            reject 501 5.1.8 "Use Submission for outgoing SMTP"
+        }
+        default_source {
+            destination postmaster $(local_domains) {
+                deliver_to &local_routing
+            }
+            default_destination {
+                reject 550 5.1.1 "User doesn't exist"
+            }
+        }
+    }
+    
+    submission tls://0.0.0.0:465 tcp://0.0.0.0:587 {
+        limits {
+            # Up to 50 msgs/sec across any amount of SMTP connections.
+            all rate 50 1s
+        }
+    
+        auth &local_authdb
+    
+        source $(local_domains) {
+            destination postmaster $(local_domains) {
+                deliver_to &local_routing
+            }
+            default_destination {
+                modify {
+                    dkim $(primary_domain) $(local_domains) default
+                }
+                deliver_to &remote_queue
+            }
+        }
+        default_source {
+            reject 501 5.1.8 "Non-local sender domain"
+        }
+    }
+
+    target.remote outbound_delivery {
+        limits {
+            # Up to 20 msgs/sec across max. 10 SMTP connections
+            # for each recipient domain.
+            destination rate 20 1s
+            destination concurrency 10
+        }
+        mx_auth {
+            dane
+            mtasts {
+                cache fs
+                fs_dir mtasts_cache/
+            }
+            local_policy {
+                min_tls_level encrypted
+                min_mx_level none
+            }
+        }
+    }
+    
+    target.queue remote_queue {
+        target &outbound_delivery
+    
+        autogenerated_msg_domain $(primary_domain)
+        bounce {
+            destination postmaster $(local_domains) {
+                deliver_to &local_routing
+            }
+            default_destination {
+                reject 550 5.0.0 "Refusing to send DSNs to non-local addresses"
+            }
+        }
+    }
+    
+    # ----------------------------------------------------------------------------
+    # IMAP endpoints
+    
+    imap tls://0.0.0.0:993 tcp://0.0.0.0:143 {
+        auth &local_authdb
+        storage &local_mailboxes
+    }

charts/maddy/templates/install.yaml

diff --git a/charts/maddy/templates/install.yaml b/charts/maddy/templates/install.yaml
new file mode 100644
index 0000000..1ecc7a9
--- /dev/null
+++ b/charts/maddy/templates/install.yaml
@@ -0,0 +1,267 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: maddy
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: maddy
+  ports:
+    - name: imap
+      port: 143
+      protocol: TCP
+    - name: imaps
+      port: 993
+      protocol: TCP
+    - name: smtp
+      port: 25
+      protocol: TCP
+    - name: smtps
+      port: 465
+      protocol: TCP
+    - name: submission
+      port: 587
+      protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: manage
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: maddy
+  ports:
+  - name: http
+    port: 80
+    targetPort: http
+    protocol: TCP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: manage
+  namespace: {{ .Release.Namespace }}
+spec:
+  ingressClassName: {{ .Values.ingress.private.className }}
+  tls:
+  - hosts:
+    - mail.{{ .Values.ingress.private.domain }}
+    secretName: cert-mail.{{ .Values.ingress.private.domain }}
+  rules:
+  - host: mail.{{ .Values.ingress.private.domain }}
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: manage
+            port:
+              name: http
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mail.{{ .Values.ingress.public.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  dnsNames:
+  - 'mail.{{ .Values.ingress.public.domain }}'
+  issuerRef:
+    name: {{ .Values.ingress.public.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-mail.{{ .Values.ingress.public.domain }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: data
+  namespace: {{ .Release.Namespace }}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.storage.size }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: maddy
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: maddy
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: maddy
+    spec:
+      volumes:
+      - name: config
+        configMap:
+          name: config
+      - name: certs
+        secret:
+          secretName: cert-mail.{{ .Values.ingress.public.domain}}
+      - name: data
+        persistentVolumeClaim:
+          claimName: data
+      containers:
+      - name: maddy
+        image: giolekva/maddy:v0.4.4
+        imagePullPolicy: Always
+        ports:
+        - name: imap
+          containerPort: 143
+          protocol: TCP
+        - name: imaps
+          containerPort: 993
+          protocol: TCP
+        - name: smtp
+          containerPort: 25
+          protocol: TCP
+        - name: smtps
+          containerPort: 465
+          protocol: TCP
+        - name: submission
+          containerPort: 587
+          protocol: TCP
+        command:
+        - maddy
+        - -config
+        - /etc/maddy/config/maddy.conf
+        volumeMounts:
+        - name: config
+          mountPath: /etc/maddy/config
+        - name: certs
+          mountPath: /etc/maddy/certs
+        - name: data
+          mountPath: /var/lib/maddy
+      - name: web
+        image: giolekva/maddy-web:latest
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 80
+          protocol: TCP
+        command:
+        - maddy-web
+        - --port=80
+        - --maddy-config=/etc/maddy/config/maddy.conf
+        - --export-dkim=/var/lib/maddy/dkim_keys/{{ .Values.ingress.public.domain }}_default.dns
+        volumeMounts:
+        - name: config
+          mountPath: /etc/maddy/config
+        - name: certs
+          mountPath: /etc/maddy/certs
+        - name: data
+          mountPath: /var/lib/maddy
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+data:
+  mta-sts.txt: |
+    version: STSv1
+    mode: enforce
+    max_age: 604800
+    mx: mail.{{ .Values.ingress.public.domain }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      app: mta-sts
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: mta-sts
+    spec:
+      volumes:
+      - name: mta-sts
+        configMap:
+          name: mta-sts
+      containers:
+      - name: maddy
+        image: giolekva/static-file-server:latest
+        imagePullPolicy: Always
+        ports:
+        - name: http
+          containerPort: 80
+          protocol: TCP
+        command:
+        - static-file-server
+        - --port=80
+        - --dir=/etc/static-file-server/data
+        volumeMounts:
+        - name: mta-sts
+          mountPath: /etc/static-file-server/data/.well-known
+          readOnly: true
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: ClusterIP
+  selector:
+    app: mta-sts
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: mta-sts.{{ .Values.ingress.public.domain }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/resource-policy": keep
+spec:
+  dnsNames:
+  - 'mta-sts.{{ .Values.ingress.public.domain }}'
+  issuerRef:
+    name: {{ .Values.ingress.public.certificateIssuer }}
+    kind: ClusterIssuer
+  secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: mta-sts
+  namespace: {{ .Release.Namespace }}
+spec:
+  ingressClassName: {{ .Values.ingress.public.className }}
+  tls:
+  - hosts:
+    - mta-sts.{{ .Values.ingress.public.domain }}
+    secretName: cert-mta-sts.{{ .Values.ingress.public.domain }}
+  rules:
+  - host: mta-sts.{{ .Values.ingress.public.domain }}
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: mta-sts
+            port:
+              name: http

charts/maddy/values.yaml

diff --git a/charts/maddy/values.yaml b/charts/maddy/values.yaml
new file mode 100644
index 0000000..815ca99
--- /dev/null
+++ b/charts/maddy/values.yaml
@@ -0,0 +1,10 @@
+ingress:
+  private:
+    className: ingress-private
+    domain: p.example.com
+  public:
+    className: ingress-public
+    domain: example.com
+    certificateIssuer: issuer-public
+storage:
+  size: 1Gi

helmfile/users/helmfile.yaml

diff --git a/helmfile/users/helmfile.yaml b/helmfile/users/helmfile.yaml
index 0ab0ed4..436a7b6 100644
--- a/helmfile/users/helmfile.yaml
+++ b/helmfile/users/helmfile.yaml
@@ -523,6 +523,21 @@
   - profileUrl: https://accounts-ui.{{ .Values.domain }}
   - certificateIssuer: {{ .Values.id }}-private
   - ingressClassName: {{ .Values.id }}-ingress-private
+- name: maddy
+  chart: ../../charts/maddy
+  namespace: {{ .Values.id }}-app-maddy
+  createNamespace: true
+  values:
+  - ingress:
+      private:
+        className: {{ .Values.id }}-ingress-private
+        domain: p.{{ .Values.domain }}
+      public:
+        className: nginx
+        domain: {{ .Values.domain }}
+        certificateIssuer: {{ .Values.id }}-public
+  - storage:
+      size: 10Gi
 
 environments:
   shveli:

helmfile/users/secrets.shveli.yaml

diff --git a/helmfile/users/secrets.shveli.yaml b/helmfile/users/secrets.shveli.yaml
index 77740f8..4d59681 100644
--- a/helmfile/users/secrets.shveli.yaml
+++ b/helmfile/users/secrets.shveli.yaml
@@ -1,32 +1,32 @@
-gandiAPIToken: ENC[AES256_GCM,data:H0ty9QYwOd/hLaTCb7gsAwJoPrzOr8tZ,iv:Q0SgKzxb27FnqSUj9xFkm3if2QuTcf8TTFuOqek0BKw=,tag:sIzh6EyU0S8YzdiXZRsOIw==,type:str]
-piholeOAuth2ClientSecret: ENC[AES256_GCM,data:B+Hf5nMk,iv:CFh7h7pvJle7cDt+kqg6T7K4rvjvZ1J7hob10gw1ZSo=,tag:1UR6WtAJ84GA371ScJ927Q==,type:str]
-piholeOAuth2CookieSecret: ENC[AES256_GCM,data:lIk/S8koxT7P7EMiWMjGYu7HdGxM21Ew/prbCRkWiJ4=,iv:rWzXCDKHnIAv05iz2YpkJBlP4RpJuCXxEWD+fU1g8d8=,tag:IFxnFw06Leh4UsvI2IvB4w==,type:str]
-matrixOAuth2ClientSecret: ENC[AES256_GCM,data:aMOeYkt5/RoQ9H+l0TiizMoDK0YJEVTEXU8ymcVwbeU=,iv:zA1vETe7Q5L9BxiXIcV/rsomMFcgtBWS+0Vr4UOehzY=,tag:AcEiY1O6LLVgocqwFUZIEg==,type:str]
+gandiAPIToken: ENC[AES256_GCM,data:B/PI0O7YT/4vcXMcFykGQ739MkNykLiZ,iv:8pHsH8Yn6SAvboL7/sCOncQIHhmm4YMbHuk3YmkywJw=,tag:7t3LZi/pyN6fR+54TqODzA==,type:str]
+piholeOAuth2ClientSecret: ENC[AES256_GCM,data:jtuOAg9D,iv:0WFBhyuqNn93NE4UYQIqEP5ZOS6QxInQ0HCNdl5Hm3Q=,tag:Hzsc76J2daxIOig7rPsTeA==,type:str]
+piholeOAuth2CookieSecret: ENC[AES256_GCM,data:w0j0OwW1mWT27D0ld1gJjG/pSzCffP//JZxAuh7npDs=,iv:57jgBLf0yBa7a90VClN6COGuBPeGtSvvAvHwsmMhYic=,tag:XEqPFxVfGyHBAcBzRYRCXA==,type:str]
+matrixOAuth2ClientSecret: ENC[AES256_GCM,data:bcQXbrBrh5QpuQwhdCz5BWwm2DiikYE6PvG4vvBPOnM=,iv:BzVnTVHXN7HUljCKPraEpGbypnBkxzdlV4+YjHfK36g=,tag:9ufb9+iTvMFX9IGK2rd0MA==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2021-11-10T17:12:41Z"
-    mac: ENC[AES256_GCM,data:WglXHJLxcHMaNxCZhrgIqyX3J81M+bQbUNr7k44gYZ0zPIGnE9CntG+2Ua6QppncrHNjLuxLmdyGnNCQRdEZEH2vpLO6+vtL2uPV42K1OHs1xdtTeAcsoxyw+CJUe209C2XhWhCyPNxXqCPckB11M1z2V925VyutxuRj1qV/cyg=,iv:BeSFTZDrQvhE3wvMBPD9UEzo7KGUxrdflO2bKfyIqCg=,tag:AEOYZYeemflwSbqIhtKCmQ==,type:str]
+    lastmodified: "2021-11-19T09:57:17Z"
+    mac: ENC[AES256_GCM,data:j46IHUNor4czBPeOPjq/uHlDIL/0HP34tlHgd8N9+u3dSBDXWlznaGEIo3ohWA3wkbCXqnprPJLe1iw8g8AEih679ZYtsgyJEPnLCsuPJcUwd6+CjP4AlWh5CbyjAFGkUaaIkzuEM0tt6mOTUjj4XOBW5uKH91agMoEY2TMCdzM=,iv:LO2JWUkNgUOA8oKJPzBLYJirKUAtCRTCIxAODyrVHk8=,tag:25Qt1z9qTR2QUhfDOf3vmw==,type:str]
     pgp:
-        - created_at: "2021-11-10T17:12:40Z"
+        - created_at: "2021-11-19T09:57:16Z"
           enc: |
             -----BEGIN PGP MESSAGE-----
 
-            hQGMA8PXnOzdTLRzAQv/V9Yx09TNDRNZhn44ov1pU1sx+z2zW7ESP1MD9flqkIJ2
-            +9LsjRAAaLayDRjdw42mSBK+IsnnMMkORe+/xGbsRoeBDSZu6Xk9neMUrpvn45uB
-            ICJ2/ejpPq4hew2O8cssZKHByerNAcWCNXULWDB9CigJm5s6Ohq9hY9RhFBIxzjK
-            wJ6MflskGseTmGoXjJ7tQmO78xQDWW+gAN5BhqvtA8JKDcBGjD+Gj2znxGICO/3v
-            7NFZ//z05LU2zaLDQ0c+SI4JJMuumV2Vuhxl8jXSAdFyya1JBiyUef8E81c5oO3M
-            ybJLjKv8hGkytfb4mB7XEomTwLWWPdpg8YZbVAB7AFfKeaWraj3j7ScsijEdmg1C
-            LESbr9mDC1HvFMtwJ3TClv77lEE1iwcqY8w/YQHxhwePLapR8gzJF73ZPxPf8UxW
-            dEHHtN55cTTw48itQSY5agbGz6qYPM01ListEZ8m3QMEBHDI56iZVfJizHZ9B1TE
-            wH/iEQaR/4GsNRXsw3Ka0l4B1+FAVRuyZMUk0V53ctCB/6T40STXzHrYExPn8OH9
-            XGhQ8t++9iMu5ZSfFSBOqXt8pAIsVmdnNjOQBz67ffPmVVn8yC4RZJrLCjITED+G
-            RvBcMyZf5NxSlnp9Z5US
-            =K51p
+            hQGMA8PXnOzdTLRzAQwAluozyjocyyzlf3n4utcQrQLnD9w9Ki0XyXnCW/+K420X
+            WUQTIFq+Yeh6SOECnzbakNNCrFrsIqbI3c/unKgs7veQ7SbGLOyW4f1xr2jKaX9Q
+            ecU49He87NkjOuhx6EJEVKoZmDVsWtuLTR9CKDOHsSNPOQ1cSIZafXj14Y7oZrd4
+            HR4ZKgOYLHUatfeesWCvjUAjZsrsZebNSHh6SGyi2b8JTSX+NVAvx/Uj6gn8rp4Y
+            zvoE7ShaYxtn14X90OZx8Jy8howHHlYzq5O48a/eFLUPICtGqkYu6lEEiwgZNX5u
+            8W1aIa+TysFVQpv9rTytCI2nsDCH1pvmxQEhxqTWADTylvIMOClQvrlQQWS+z+DD
+            P8NxC+LLyxo0MLLmeNlWNJpvC7zCOomDe0i7tqe4VHORBYCX4NkgkTCiiQplq1N0
+            +vXL5Q25iDs2amj11p9YPX0p8Sc4APAuzt2pVxZhLDyoDiWBaNdYEyw1yVvgJyvQ
+            H15mMpGJU9EM9LTjn93G0l4B89AS7PgNUwzax4fCE4RHWL/7ymgJd41Hsub22v8y
+            4f8GxkORbGzPwvXXi6xQWlEVLhyl5+iqyxIPxKS9U+Knxmfry/F1YXZQpgmD9cSv
+            arDy6uZIOQ/vT0qoylg3
+            =pnPW
             -----END PGP MESSAGE-----
           fp: 60584680BB48B3CE3FECFFBE7D1302EE361D316A
     unencrypted_suffix: _unencrypted