From 0e9fc3edc37fab13436695969b56ffd262b13d91 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Sun, 2 Oct 2022 19:10:55 -0400 Subject: [PATCH] moved photoprism app to photos. from cloud. --- ansible/roles/podman/defaults/main.yml | 12 ++-- .../podman/tasks/configuration-nginx-http.yml | 4 +- .../tasks/configuration-nginx-https.yml | 4 +- ...ntainer-cloud.yml => container-photos.yml} | 66 +++++++++--------- .../roles/podman/tasks/container-pihole.yml | 3 +- ansible/roles/podman/tasks/firewall.yml | 17 +++++ ansible/roles/podman/tasks/main.yml | 2 +- ....net.conf.j2 => photos.bdebyl.net.conf.j2} | 7 +- ...onf.j2 => photos.bdebyl.net.https.conf.j2} | 17 ++--- ansible/roles/ssl/tasks/certbot.yml | 2 +- ansible/vars/vault.yml | Bin 8477 -> 9449 bytes 11 files changed, 71 insertions(+), 63 deletions(-) rename ansible/roles/podman/tasks/{container-cloud.yml => container-photos.yml} (62%) rename ansible/roles/podman/templates/nginx/sites/{cloud.bdebyl.net.conf.j2 => photos.bdebyl.net.conf.j2} (74%) rename ansible/roles/podman/templates/nginx/sites/{cloud.bdebyl.net.https.conf.j2 => photos.bdebyl.net.https.conf.j2} (81%) diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 7a4b779..3ab90a0 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -1,26 +1,28 @@ --- bookstack_path: "{{ podman_volumes }}/bookstack" +cloud_path: "{{ podman_volumes }}/cloud" drone_path: "{{ podman_volumes }}/drone" graylog_path: "{{ podman_volumes }}/graylog" hass_path: "{{ podman_volumes }}/hass" nginx_path: "{{ podman_volumes }}/nginx" partkeepr_path: "{{ podman_volumes }}/partkeepr" -cloud_path: "{{ podman_volumes }}/cloud" +photos_path: "{{ podman_volumes }}/photos" pihole_path: "{{ podman_volumes }}/pihole" drone_server_proto: "https" drone_runner_capacity: "4" # nginx and modsec configuration -ci_server_name: ci.bdebyl.net -pi_server_name: pi.bdebyl.net assistant_server_name: assistant.bdebyl.net bookstack_server_name: wiki.skudakrennsport.com +ci_server_name: ci.bdebyl.net cloud_server_name: cloud.bdebyl.net home_server_name: home.bdebyl.net -parts_server_name: parts.bdebyl.net -video_server_name: video.bdebyl.net logs_server_name: logs.bdebyl.net +parts_server_name: parts.bdebyl.net +photos_server_name: photos.bdebyl.net +pi_server_name: pi.bdebyl.net +video_server_name: video.bdebyl.net nginx_conf_path: "{{ nginx_path }}/etc/conf" modsec_log_path: /var/log/nginx/modsec_audit.log diff --git a/ansible/roles/podman/tasks/configuration-nginx-http.yml b/ansible/roles/podman/tasks/configuration-nginx-http.yml index 212ceac..11bad1e 100644 --- a/ansible/roles/podman/tasks/configuration-nginx-http.yml +++ b/ansible/roles/podman/tasks/configuration-nginx-http.yml @@ -68,7 +68,7 @@ - "{{ bookstack_server_name }}.conf" - "{{ video_server_name }}.conf" - "{{ parts_server_name }}.conf" - - "{{ cloud_server_name }}.conf" + - "{{ photos_server_name }}.conf" - "{{ logs_server_name }}.conf" notify: - restorecon podman @@ -87,7 +87,7 @@ - "{{ ci_server_name }}.http.conf" - "{{ pi_server_name }}.conf" - "{{ parts_server_name }}.conf" - - "{{ cloud_server_name }}.conf" + - "{{ photos_server_name }}.conf" - "{{ home_server_name }}.conf" - "{{ assistant_server_name }}.conf" - "{{ bookstack_server_name }}.conf" diff --git a/ansible/roles/podman/tasks/configuration-nginx-https.yml b/ansible/roles/podman/tasks/configuration-nginx-https.yml index 9f703a1..161fffc 100644 --- a/ansible/roles/podman/tasks/configuration-nginx-https.yml +++ b/ansible/roles/podman/tasks/configuration-nginx-https.yml @@ -36,7 +36,7 @@ loop: - "{{ ci_server_name }}.https.conf" - "{{ parts_server_name }}.https.conf" - - "{{ cloud_server_name }}.https.conf" + - "{{ photos_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" notify: - restorecon podman @@ -54,7 +54,7 @@ loop: - "{{ ci_server_name }}.https.conf" - "{{ parts_server_name }}.https.conf" - - "{{ cloud_server_name }}.https.conf" + - "{{ photos_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" notify: - restorecon podman diff --git a/ansible/roles/podman/tasks/container-cloud.yml b/ansible/roles/podman/tasks/container-photos.yml similarity index 62% rename from ansible/roles/podman/tasks/container-cloud.yml rename to ansible/roles/podman/tasks/container-photos.yml index 84a4237..a9f6c8a 100644 --- a/ansible/roles/podman/tasks/container-cloud.yml +++ b/ansible/roles/podman/tasks/container-photos.yml @@ -1,5 +1,5 @@ --- -- name: create required cloud volumes +- name: create required photos volumes become: true ansible.builtin.file: path: "{{ item }}" @@ -9,29 +9,29 @@ mode: 0755 notify: restorecon podman loop: - - "{{ cloud_path }}/mysql" - - "{{ cloud_path }}/storage" - tags: cloud + - "{{ photos_path }}/mysql" + - "{{ photos_path }}/storage" + tags: photos - name: flush handlers ansible.builtin.meta: flush_handlers - tags: cloud + tags: photos -- name: mount cloud cifs +- name: mount photos cifs become: true ansible.posix.mount: - src: "{{ cloud_cifs_src }}" - path: "{{ cloud_path }}/storage" + src: "{{ photos_cifs_src }}" + path: "{{ photos_path }}/storage" fstype: cifs - opts: "username=cloud,password={{ cloud_cifs_pass }},uid={{ podman_subuid.stdout }},gid={{ podman_subuid.stdout }}" + opts: "username=photos,password={{ photos_cifs_pass }},uid={{ podman_subuid.stdout }},gid={{ podman_subuid.stdout }}" state: mounted - tags: cloud + tags: photos -- name: create cloud-db container +- name: create photos-db container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: - name: cloud-db + name: photos-db image: docker.io/mariadb:10.8 recreate: false restart: false @@ -41,25 +41,25 @@ - shared env: MARIADB_AUTO_UPGRADE: "1" - MYSQL_RANDOM_ROOT_PASSWORD: "yes" - MYSQL_DATABASE: cloud - MYSQL_USER: cloud - MYSQL_PASSWORD: "{{ cloud_db_pass }}" + MYSQL_ROOT_PASSWORD: "{{ photos_db_root_pass }}" + MYSQL_DATABASE: photos + MYSQL_USER: photos + MYSQL_PASSWORD: "{{ photos_db_pass }}" volumes: - - "{{ cloud_path }}/mysql:/var/lib/mysql" - tags: cloud + - "{{ photos_path }}/mysql:/var/lib/mysql" + tags: photos -- name: create systemd startup job for cloud-db +- name: create systemd startup job for photos-db include_tasks: systemd-generate.yml vars: - container_name: cloud-db - tags: cloud + container_name: photos-db + tags: photos -- name: create cloud container +- name: create photos container become: true become_user: "{{ podman_user }}" containers.podman.podman_container: - name: cloud + name: photos image: docker.io/photoprism/photoprism:220901-bookworm recreate: false restart: false @@ -68,7 +68,7 @@ network: - shared env: - PHOTOPRISM_ADMIN_PASSWORD: "{{ cloud_user_pass }}" + PHOTOPRISM_ADMIN_PASSWORD: "{{ photos_user_pass }}" PHOTOPRISM_AUTH_MODE: "password" PHOTOPRISM_SITE_URL: "http://localhost:2342/" PHOTOPRISM_ORIGINALS_LIMIT: 5000 @@ -88,21 +88,21 @@ PHOTOPRISM_DETECT_NSFW: "false" PHOTOPRISM_UPLOAD_NSFW: "true" PHOTOPRISM_DATABASE_DRIVER: "mysql" - PHOTOPRISM_DATABASE_SERVER: "cloud-db:3306" - PHOTOPRISM_DATABASE_NAME: "cloud" - PHOTOPRISM_DATABASE_USER: "cloud" - PHOTOPRISM_DATABASE_PASSWORD: "{{ cloud_db_pass }}" + PHOTOPRISM_DATABASE_SERVER: "photos-db:3306" + PHOTOPRISM_DATABASE_NAME: "photos" + PHOTOPRISM_DATABASE_USER: "photos" + PHOTOPRISM_DATABASE_PASSWORD: "{{ photos_db_pass }}" PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION: "" PHOTOPRISM_SITE_AUTHOR: "Bastian D." volumes: - - "{{ cloud_path }}/storage:/photoprism/" + - "{{ photos_path }}/storage:/photoprism/" ports: - "8088:2342" - tags: cloud + tags: photos -- name: create systemd startup job for cloud +- name: create systemd startup job for photos include_tasks: systemd-generate.yml vars: - container_name: cloud - tags: cloud + container_name: photos + tags: photos diff --git a/ansible/roles/podman/tasks/container-pihole.yml b/ansible/roles/podman/tasks/container-pihole.yml index 0d24c00..6086ab5 100644 --- a/ansible/roles/podman/tasks/container-pihole.yml +++ b/ansible/roles/podman/tasks/container-pihole.yml @@ -4,8 +4,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory - owner: "{{ podman_user }}" - group: "{{ podman_user }}" + owner: "{{ podman_subuid.stdout }}" mode: 0755 notify: restorecon podman loop: diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index b1cb4c8..894cfeb 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -20,3 +20,20 @@ - 80/tcp notify: restart firewalld tags: firewall + +- name: unset non-required podman firewall rules + become: true + ansible.posix.firewalld: + port: "{{ item }}" + permanent: true + immediate: true + zone: "public" + state: disabled + loop: + - 9093/tcp + - 9092/tcp + - 9091/tcp + - 9091/udp + - 9092/udp + notify: restart firewalld + tags: firewall diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 6032ceb..03a945f 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -9,5 +9,5 @@ - import_tasks: container-graylog.yml - import_tasks: container-pihole.yml - import_tasks: container-bookstack.yml -- import_tasks: container-cloud.yml +- import_tasks: container-photos.yml - import_tasks: container-nginx.yml diff --git a/ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.conf.j2 similarity index 74% rename from ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.conf.j2 rename to ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.conf.j2 index 73e6b18..8b05e6b 100644 --- a/ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.conf.j2 @@ -1,14 +1,9 @@ -geo $whitelisted { - default 0; - 192.168.1.0/24 1; -} - server { modsecurity on; modsecurity_rules_file /etc/nginx/modsec_includes.conf; listen 80; - server_name {{ cloud_server_name }}; + server_name {{ photos_server_name }}; location '/.well-known/acme-challenge' { default_type "text/plain"; diff --git a/ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.https.conf.j2 similarity index 81% rename from ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.https.conf.j2 rename to ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.https.conf.j2 index bc6e1ed..720523f 100644 --- a/ansible/roles/podman/templates/nginx/sites/cloud.bdebyl.net.https.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/photos.bdebyl.net.https.conf.j2 @@ -1,9 +1,4 @@ -geo $whitelisted { - default 0; - 192.168.1.0/24 1; -} - -upstream cloud { +upstream photos { server 127.0.0.1:8088; } @@ -14,12 +9,12 @@ server { resolver 127.0.0.1 127.0.0.53 9.9.9.9 valid=60s; listen 443 ssl http2; - server_name {{ cloud_server_name }}; + server_name {{ photos_server_name }}; client_max_body_size 500M; - ssl_certificate /etc/letsencrypt/live/{{ cloud_server_name }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ cloud_server_name }}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/{{ cloud_server_name }}/fullchain.pem; + ssl_certificate /etc/letsencrypt/live/{{ photos_server_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ photos_server_name }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ photos_server_name }}/fullchain.pem; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; @@ -42,6 +37,6 @@ server { proxy_buffering off; proxy_http_version 1.1; - proxy_pass http://cloud; + proxy_pass http://photos; } } \ No newline at end of file diff --git a/ansible/roles/ssl/tasks/certbot.yml b/ansible/roles/ssl/tasks/certbot.yml index 1ea298f..fb7c54e 100644 --- a/ansible/roles/ssl/tasks/certbot.yml +++ b/ansible/roles/ssl/tasks/certbot.yml @@ -10,7 +10,7 @@ loop: - "{{ bookstack_server_name }}" - "{{ ci_server_name }}" - - "{{ cloud_server_name }}" + - "{{ photos_server_name }}" - "{{ parts_server_name }}" tags: ssl diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index fd36954e4383b8f1b23c380ae96428c7e1c14bb9..1ff343b6e077709531862f88409f3a94515ba83e 100644 GIT binary patch literal 9449 zcmV~88OtZM6dXb+Y zdFT?az5&x0w)0E0|J@1}V&kb=&^s&^$82=b+?5&yk1`@BIk4+S=`k9zRAXkvY`G=0 zSa&q1c^o4$hD}v_5!>|Rd`a`eVG_XND`+7T%qZ3QPNO+Z*BnDcg)zpY!9zwwdg_SX zpWW={!TKhTrj%Gg3a(M~ST5Z>nYgG=!GBZk(}NuIm*(q7tGrIhj~bM5T3(vv=$?^{ zqI%}|sIsgKrff!@r>v0M|IFh~%@*2)icP39L$mXDMuQp3*J({VMzi@jJ5{!=E)xD< zXzr3^@{$S0%XDwe84mNmYH!v@4Yt)|-w(?>y5=R~!v|!^0 zZm?Ax5YqA*Bstv8XfZJ9Tlqp!)vgu-BlEA2Z}Z0}djE_LMCNa2laEpYjad9f@Lpj( zr}gAz^9#C>M^q#&oaC=s39&G8ipWj|Nou3pH%(S~3 zjPbsJb4My-qrmW9f=VsBh&Q_3wv@}VkXlHQYIzu4<7F~IA4hC)!ONtg;v>n~A_*R9 z%G?FP0PM{t%SgOm|t(8}0cL5>yj&=~GS8%Acj9gWlvKlFXznWoT z>s7xIET~3H>&}cyyX^Q~2cv_;4=zWR)9FhR18U6&MD#YN-PQ@b24;IzqNd^&JE#Hj z!l=2>lo-S{;5W}Ic+4!BS%%_p4iw94Z89vuMU1{*o)Ek&0580F*YeE%#BGi5yGa>< zaij)GfHSlut5Yw{GtwPsYkfTKub# zXF}*8Y@z`4$xae(s zeD_|_t7vQlzIf1L=ZSHa8N3n084Ghm{#=UNL}W#rGv#&MYv3y{>V~lr@Zc02|zB<~=V6e-HC0G^#OBr9)ax_12<4%)Sr1jsak(@$ufS zUuzM4p2q6rc4}W1|F6RNy|HkI!z4}{If@=t zv4YcV*+(t26dHWJFO?@-U>P@ZHU36Bsc>du4j(D#d;bP-X?t*=TN;F}J+dZo$0eV{ zgP(5l324*%5ST0XD8-&E@L(U(I&l!M^_Dfhpe1;t`kg+pl}kEiNztlfp=Xw#m?)qVXv87bMWl9E_A14|$H2AQci_ z&Iq^BPV@IdQtp9`?-2zqZOVRvynTsOTL#17nC;*9WXtenKlhKe+Om&?0poD3JjvNS zP=1#zChdqRlpxxiC^U*d4^S~MyA)Qaa+GJKf;?8Vb;nQ0Dt|A+~z8kLF2i6t(S!W+fHkSlGiPM z$(*NN11kUhOSaUGY)1wJfM_)9O-Xk}8NO6=n9PI^P))lvVD*4rGw^sgecv^X=b!9! zesA2MhG2h9Vq6iejB?Lrj?rzfVLT`?-r#qY{|1B6-T!=bEe>_Zm96Z?I&vJ2iLHK3 zM04;hmk+480cRDEu9q#cN%E%U;56wvLU*tzfSFo3AoN0jhyhTv<>$OoTIb0JvsVI-bCQ z%e!rH5-TyzaDE-wrk=iwcuM%1N`;3hWORo=M;oDl(xAU;KOfi?g*{yHrMiWVEV@dL zT7WIDfe8PlqDbstxK;XOU)uu{ae}yZ=8bKRxg0NI!-vS|jq$B>uosB52aANr8ccHCiruDqhFV~|B#`JVyoAJsvlU?|&#o5uUu zlk3?@g%fQp`iv=74*p>;J10)CUOP-~ z*eC=Kn{>+VsU`8~zBu0*ObY9!Z$M!NZ!2NU7MIkuziNQkoH(O=ajMxDg+~zO&Yu-< z3pX$2t@TC>7+S0E>nlBTg#2PQX%v8zga6V~Q%U;5_YgEgqy2EoaV%#=X}QLJa=*>o z%{!*ZLmhz1e-*`mNxo*Wh&4HvV}$^#Ds8CXFZ*KRx!?rbdB?U8TZWE|r#a7n57nFk|6rX}JFbg7A2>@DOaSrs(7v7~;_ zje)6NL!L-OX@i7jT(kseGqY+Fyj)RxS&f(oy}VGaT0FLSjak(ObQG96Gj}fe?`ja@ zyzzs)h1O2wU^wUs*IgU$`7#p59rGszu4N;{sM*kW7u;9cZ;Y^Q4tjmaRe#c2*lDa3 zSs!&+qlE7SvoV~}SY9{USEhr;wqqmTpYUc!!Ka~_PF@jD;zQU>B6X1RX3BfT4p14- zsMF{CH#)hS*!rh##nZ-PzHEWN$u>Dq8i7y`?%;0Lrw<|&*ld9_&VzG`d*7S0lSt}K zB9FgqC2U#UT8P6?3$Gu?yH$zh$=5gX(A7QBYFTZnsgM$p$iC5?q%Z|xRssBHJ|{}{ z`FMa;AF=Ayz^50Qz_S4h2P7@EOvG~e@n5V+e8pwWsZ=`FXda@p^kzR#-NS$~_1)Y& z4NrlOh3Tr(9k^9O%yy=a{vtOgG7zV=jhj{#D#t}58)$*XLrog#d?33m4#~+-HRiaT zz&nL7wAgPRe_U+eB1W_9!jnjbw1hEAFoBdC@tX4~i&!*!RdGC!Cgy6%r6M#dulubN zj4DUg;Mnm&pan;#Rly(I7UzitH(*=mdtrWX+?MWrN9d|_WyeJ+9fsag1|#!;%i!x+ z*9T7f6INrYE!e6+^1;X|u?Q&_nKdyZYTIy+H&aZGJnq@BRuMV;#^r41ggU>D@#$p}8y(9qS-J-tC%qGIkxuoCqtg zh%z`|k;NP(J!#BkrT450O#rMpP~~ozk{hT3$y8s>l0n+LXX)4DB60^|&gy<0^P+Gg zIWjM#rw_8Df(!z$M>HE^LkZ|3Vgq2Fqgpn+dI}}t;;s0LPUNNS0HHcWkz^^h&jYTZ z3{l9m3zgLbpNtM%q)?cLD$s&&2{iF%_7|H1wsW=%7AR6#?)Eq#kn%8o!J~{@*j?F; zij%xk5ay*y2chyt!B@jO@H|Z}{He1ZZg)w1?;(_i3y&(O#cD;Ayzw&e1r_Jpa~u;n zhSY|Stm({gbQV{ygIBV}kOo4Z2Zi>UCP~6qMqJrcodb+O;z0H10^ozTg55R$1iC$5 zmnl}g?g@0HYFoc!T3_+H-yT_CNU0jG?@>GA>Y=n;#)BFEw09$ zv6$QMbVaJ5raOOxPv}?|s&$};viiNWYjuh;BLmiMCsDVpoH>jp>Rj4BYkK8Z1P#U` zmZ{TuJ_!VSm5wAJYC9x&oY%CU#kd&l-kZ3Or{m}0)C;kybYVlpPdVg32mI>@Q)nM( zq)tx%_2m6snvCmBwZgIr`jKVq7MG=Vew9q6@s0l-<0fGAK1^Gx@L|m2O%m}zR#+%a z%YFHX#R)+7WN#evX$~?fmc~b~lvI_VOy=h8G&M>XLgIS;w?_x^Dps;XQP(M4BdTD- zT_!6#HTX4h$tw3{wWTF=dDE9SjE*cue^Otn45XXyJJiAD0uRzq9V178Gdk=Cd2d`> z@9c&AGP7{?MR(m4*M~AKULGsmAb+@(yjimTk4@*B)!HDWAy*`cdiNhD*JMi;SEo&<3d6~W1m8NF_A<`Cz~eZgSIJw|4YW;&feP=hYTv+7c& z5KzJD#&Jagz@4|d)n#zZgzPBbS{#aGpk-)tGg=WWsj%gE$4i2A{H^>~xJ`VlkWz;j zmzW|)|HDq5jAmFmk4Dke9AuKJo#(`mvDrnB`~MEEXg*#yV+W*~pCqpUDN?u2ILAJ(2#(F$Aix2;06( zfB)~8m|}bz`$i88S3v{+OmB3m!H&g1tcI`OMubIO1PLx#qlXB{_^|#9fhn%!bqGGm z)(wM9K5}P47H3fulwda6C>^`HOy@5_tfUGzixu}F(K=0}uj0(x#f_w~-3qTJ7HX%6 z$^T87WY{5%b)-*zoTFanW7MS)&Pd9UR3);%a(YPJ1KlwxsAl6wobQHxw!;oIB}OEO zZyyNk4M)0+!w^#rCTu6qVRc`h_IKOshRrIV_=#s7y8^a*N?or*+ZZSQ>E>;qqiZD& z=Zk^7wpEEQ7(20I0K;|*-w%u5cP@QX>i3;ak(RV@J%xP&LJgT7EItNZ+8_E&Dmncx_Ak5o?SwQ5EEirzoKNQr9 zWVVyH4D$gG_xB>djHv1RS2t&M0eACDj^A@4u!yuwA{o!;Gl+oPQYUBmE_qZx!!2wB z(9YKei=-<#KGpWj`tZQ5^jM)JEbZ9+i=;Zc%%+~f1im#OiMXh^O&*Pk_A5g3`d*NG zczGrN`T@Wk0z&rwa@ILet5F(ej}HHpz2}c~$ze(Hn$eA{fP(yvi9>t7;~VXz%ASTC zPE_9-Q^P*%aB;BSj~8L|_B{sGb%^SFkpK--3`*5|>eeAX#Re-J$SswGd6JB|C)K&{ zB)7--S|-Wl<64= z9bRTGcB=!{8~O9(1GcfAhRxnAh4FL4t@AbN%75Iz0W#~QWuJ+d38~Pa)z#hAyxZGq8%piap{|ENeb!kT^ z|7*htTY6nFOmn=Hk&#baUHDc^W69xG2mBISy&r-h6{Atp+IF6ya5j^G`5YqxWqg6= zLzj;ROabfMlnEf2*;4w%`;J}-_;9b^H+W221iFet2?z?I^i2|IBvXEnd711VbeW9Z zyBe$X@b<3T`gdOa7FbQgb@F7)=Y#Ax6g-)PuHrMV*QAZP?E`pv4g8>99cb}b-;QYa z-{O)Mk*DTPhY)2<@0aE}e9Q!=wb^Y<&+T?0MHC?bjX0WKEk%UnB? zi65mD?I|BzwP~1ZD`9^ny#nZg3K`VxK1DbAa*&q0Jk+17)DfV z?2gTII?(fvU^JOIj_c4B5>e;%#kvrMO|AB;bC#~H7+9>rdPvmD8xr9ijPv!?WeJgU zaHtjAG?()$r~!8Na-8hGbA_~zzMz%mGk3$p6P2@smboE+4{2_I>1|@+J@)GtTi+gF zwwuvr9M%@Ic8Yn9`0q91bVAyyhxKNX68sSvFOpW2SwdLckzFMtO-!=KSblJ|4R=15 z*vIGE?wLVj4u5?ds|U@f9+E5%9rX2uQB7Vz@g?B=En6Qb27{!VN`qo6r?FMV_hGtF z^)Q}yX=_Hv2kdbpU9fV!;Y-_~7TZR97zYPC7i!|05H`8@<~LF&fiSr>i+hr)1r`_1 z5mk>gtKaQPH~lEyDPi~!75el-4D>mz4^s~>We;Yb)WU)HoRvLxRHT_{#neS_9gR1S zS&Z=HUWTw^ea+13(k<|l5e0nX>8!{w1dro^%RGbG7S4NiZv21#t?YHtTe4K~R2WSF z{><)l`;<2&gaVA@Qq}Y6Ft5=IyQ8*h+2;$PvO+D>n3rl~jL;RjY0+2XG(_;tu{^YT z!1w#KG;rVyaW!MjDe@ew5Iko2?LQJbjA6;>5qO+Z>&?d2qi=ZHgqrJ;4Q+LTqO8Dw z^j-w0#$}pdT?Z{N9G(i-dv9aMn|Fp6v&0R9k)*3HjkW-k6l8obhMgw#%Lbj&HqHmy z-uH;Via5jb)NrF{A@%yxnI<>Uu(M!cIDNWVNgWa3y|=FC-ZKsS)gXFGoKkPB`X)zS z8le4?Q?<2?tw}h?BTTiYCuf$`JeG65#EXo+-BA95E>R2YBSyx3n@_U*v_YqRXJGB? ztP!zO=1v}2MwmOt!2V_3Q&mHf+W|tM&I#C;`=uM>|5S_I4zOnhcIU#Z#z-F!SJ>zJRi|VeQu1F9-LnibtHJyv(TN!vf?&ccDViUU$y7I{%f6wA2tsg&7FK@2f8WtAUD<5 zZO{s}(eD>dBcZy^!A%sqiy^FjUWt`2e1&8MH|+|pnYo!+Q0-*(PE=o4HA817CM$2* z^BmwqUu{%4>Q-qyzGgi$aw9sD*5=)#Z{2_1<{d29{Y5CpV>D*I$nsEfl^I>-6W2t| zTjM_e0r^|g_L9t?ol_)Y<$&ZF-nmO8dHdGb9r78+%@9>rhQYzi#i#L!6miN@!Rm-@ z6w!p%T^FRCK4!6^>P39rA4WXFV16_=x;ZzlZqX1V0=lW+!NR}4;Mu+Bl=i@d8k4+7 zpg67(d>moAlffepP2oA)mef@bLGYJF#;rERaKRe>nP;WjRc{d#ZGo?5MZ#kcDxDr+ zokUtnZWtHy70LJX+6_9#34S)o&1s%LQP=zF+$@tFgYknAGnz{M;g zJ<`P!;s3*u213>zo?&M9Sz8-e1szX}l*crdj$OuBVDaQ?X5h5sXfrZS&Z7-^v(Ch4 zN5u^v?U(iw+jB=h;Y3@QAg|SpRf?30hyI6TO7Mc%^bcqFk$*@weM0=|M|M}%3@nk1 zBRt5gN9qkZ3o+n?8q#|1OMTU3(5YA>p5hOlMp-;oO&uEz7(P_`Iq0Qqf|Jd%qDKdm zi6Ck`5kP-XkF%{2yfS|smM`g4f=NRD2908du67UE{%4?w#e8t^!d?W}{= zR@MquGy>pe%6Ll7Fy4{LnbSorQivuhiyV|J?GKiAL)Wh31E<@nGy2l2`2Hv*pP>S0 zHx+Ljse)*r!uR!q-U!yWtxkudpU;5#LhS{g&k-J+N4QW~b(zzs=ixiYYaY5N88oW0 zjNl62s9Z6$lV>DO2)M~{`|+;#FDaVM(S;k0%o32jzDar7ljZLrmYZnwYMqug{*&!* zvksEkW6lHIszT^ISA)g_yROJ$e#Lo<_scRM9tv3r;{REK^6q^Ap0HoCq;$|4GykYY zh;Iw!3<>)Ww;==VsIyG~rf&SMfno^^+GDpHnbR~*Li?rLFvm<~(NR)*@2b@ErAc;2 zq1QZBi^O(T^e91HEdj~C)JJP1)nUDzqsiar^Gt|lFs>*m>0S+ ziKG_-tQYTDrKUP{DdIKDdUvF zmP2xw0jHL1YoI7ImeFCU+0o|W7}kNHrqcb0F~zP=!Ue32b{!PTFis1(B|fH&>dilqY4uq-n)U!oiar+2`C>VHOO^rE%ZvtmC3S22acj1aT?$_)0Kr^f zqx9A6ee6!~RudHhR#Iesuy=?Z1#2-+@z1b?1{q9GjpqlxY*xYi<^kJxn%kyHJqvk7 zHSQ>{K{jgdl~R%{tl=?tz(}l(88_ho{8IJn&YG#`wDh6QGm0vBS(BUDEL!MGQb!0$ z-G-&icao4L?g#7UofG^W&GVNViCdN#L$Wb}p@|LgCH@;X05K_u?K2rCL$-p)lUvXj znTQTx`t4Is@Jk*|*-7a^Njsu~({H&*>Exj>Hv^s5^tYpq!ua;-aPsZNgCdhy)B$*Frmc(#9i1MeU5^h_WO76-1aK^Q`AA;wf&-$#x; z%y>gc`wKLopv2`_XPyK$rQMKD{>2m=|9*flr}c9t2Ti_@hBs6*UrsB63vr*$^FetF zuum6)HgJL~e5fgvSz+FK>!zSo5{aJ?6UiW)7L{_k>0N8`ZtQpz)};I}9Lwy!hHxNx zc3EDWHCXV8AA~16(wqwEQAK`ml*|5M46jssgt;;%M3SsgINJaRA2|4l)x)$Gy{PzRvdTax{#2JFJs@LsumHeIwiwlrdt!BZ;T|be!6M0 zNIzL~Q>;)5HZGJv*W>V2+e$|1X`DtIU4rXNGD?%QK?7+_0geOyk>J9|S~>Puk>%2| zvTgJ@%}bi+hPc2C+2K!^9z$NMa+H>PhCK@!Gy;L zFW9Yy9{FEPRj&v+x>Kjj%1DLnNyBcRDj=_M4~ z=eCt~)cJ|!>*;~Vewcv|s|Wr`Mk^xTu3o4chy{Ujgwn2bg97>BNfc7X$1-Lzw-yX2HFWql8k|x>JU~l_vn~|0Bk6%29N`DX*aJB+X}D5g>vC6m*wW$zMBt zd4OlUGD(Id4irNi$rVc|ZQyxKwf$bBOaZYA#+s@ zRq|>s@rNdpqY$a40JmD0;dRh+q3MeN2CFFFT3~m-vTlGRp^ZUav19JV6o}wSC1RO^p&Sxw_5d@?L~SP z!tJ#IVIFgMpO?96hK;oi3_}%;bL2OEi!pZ$fTE!kL{sfVqjj>ifeRC?(QyzhXCj%@ zdv+et0@30D+g|W2v}bpgy?=@IPr*+a9y2u7(K>;HU4DY7T!&Q)RtX} z6T6m6LIf+Cx!qC|{hoxH@sRo8#X~K1GToYaEOOe(64XEgX8gY%-!Hhaom8aD^v4S= zS7RA#7n})PGz)wZ*;C3Zt>i-Csm{ApQxfZ5RR49B7Y#XuGWG~}LVRV*^Y-C;j1Cf8 zexu$uY#>1=v3L!8E*rVEe05g&(zT?dsVVPfAxoIHQVVP6>7)~G@qOr4r(FCB`KnIn zJ1py^le_KITEgCyqiF-YO@r$o9%_LtYf*=!GUJ6Fq$Z|ii`szZZSJV|U~Zd)>+Sz@ z)PTw-l3+H!d7u=)K`0)rkdxiy<~g!G10UuZZagdIYUhi-cZLjtzP!!sA(UG0gmqEl z!iI)-XNx>f4JA#+0Vvq%-8S$_dsG2^%iU|DhTz4VHpBpMUxfb4^2&*2a$96p+^*Q; zT_PhFxwKC|IM`f`T-Dvl5YN#2Mq_m33!c9!o<-8_FJx&61{^;-9T?zIPXl+um@}Ra zQ-`RfYQ_IJb|4)&!i%s;Z?VypB5aTS*^b7)Zl zOZ>EK3*}D@^8EBca#zL@g|wnIvWqmPBeliULDAb*S=RESPsb``*6&f(!=IV>#90Yi zP$J+DRk@=I)fuT(werV#4NtEd1AL0>Oy~!WSUpHYpPdergJN?bDTxHL3|dV*b6hHg vL0>LHfJv^kc}Rn2I_TtfXXZ literal 8477 zcmV+&A>!TuM@dveQdv+`0B!W~nATP6sa>Zgzyo7|=>tgt$Dg8^Ni?!(EqQb? zxAc5f!-0Ey-5~XBDYL!z!O(axTS&KA`M1zJY~RwsWl>rWutleCADB0J+V?SH;TBAV zM^H9(=Tv93gH|KPCxOt~a7D&M$N2~0MA3-Cy{UrJsJ+qZ1BrrG%fQQH*R0}sv747| z*t7&Cu(lv;?*u9;WQ+1^sA0j)&h@<&yxm6Dj&YPodIJpQP$P9ZQ-=hVVlmA1)JE*) zW2-gk7?OCr4;;BDmqQ@Ue+LK}rHaM2c+F?62K6`MtIdDWRT?BWETtLg>ST2Nnx8*c4+T8TbNrv<1yqz`+3S&(mD! zY$-+PCjA|A+nIf+n_iDCcjX~zrPe-nX_mC82Y=YSrwO<2<&1`nAj7w=YeZy;kI8s(P*lIiei5KpxZNssSO>(YjHs?Y|kWxW=A@f?WtZ(82s-P4oj1)d%7#ib4m7 zItxkH0m*|Dz@DYe`Al7y?|QJpHrF{w>mNmEmdAaNVfY^=rw#-c;^6p0S%GX zHS+tM>70pT)E;x^&vi=xi(oY5MuSLuktTwgI%t3ZU1A~)KJ)xAC^~gUlS~xGcjnz! zv+Z+7NvdJtTU)ZxemYLr!-S85 z@=dNK4t5{W-Z)FXInK*@R*YNkf-J}%1pkwo2&4f(_lqdNsK`-GpQPQKx}xLzE5iXJ zzSz)cT~?L0I=;SSHBCIHkvQ$`Ki7a{SC7(Z%bsg*hG(ch%|n@NT|Mcyj29ADi{RS> zw|P$w<{2Da{TgSq^SRz2j2WFVWKugSUOM(WFIzY{$<(7D*w5`7E>w)hSDgsYT;c6Z z?8Qd0AX?l#g*r7$K~8SKHo*}7o1rS}`BD#3K`SBXsy#)k+dnU7y z+16tcw=yTsYCt_A)^sKJ7(JwZDi`vYBif(na~q}LR)BRhzitdE?+N_NJuwhh?~Vp| zEWA#o=VPdUzAj)cv63?7M<+RxA@_yRw?>&!ncJ?{5=ZapZ}RKu)2^>92h6R2pl-Mi zJ|-<&Pa(^w%^`OUZlxaveq?gmOl~=j{BV=}(5Z7GXY*$17iXY&gPY(ek4XSgEZ9~l z`2$+}nt>uuTnvbyl;=o+HZ33^1W+RHQt6u)TpmFb33!0yw zo46TXY)~WXA%wD}&dIhmY{!`;zsiKO25Yv10c}Tt%jf1qh|-@|(rHiO8zHs$seMnp z-v<{pNnJ0O$LsB>ZD05}8=A2ccO-=ebnL`31HxJ4UG}D2L?QQycv!a79gz!t;=vz`X^X`{aVic57IbXf2Xck*- zeEDc#x?ilgs#BmIZvFw)F(OGWHqi5v#6jUc&Z29IB5N=0Up5-2*X0T{tDs3p{ick? zc3|HzCH2Y_Z3y`yw3V}kazCm|(zyO6?I`cc1Mb2zMcFWZvFc>Gp$;?qD%r@vVR%EC9Fv6C=lE@~<%gm3fu; z16(K%wx-|AF7WF#Y=v!we9F+esLquN)N}fIFQZMhzmK)#=W`<+?c!Xdvlt$>PY!UE zkyW?Gm#h3qiZ_oNv!3IR6LG-`m+)3`oGIKwRTcf2DIR}lxn~cg>j%X!MXaZ<0m`e% zO|}bk`o!=q%)1!KJy}E5TWN`i5L^QklD7GAda?v?*|1$Y`*TJe?H0dhpX+Gt=DgE~ zM(*QPm6P~7{H7NwqrbayPwX~oYtg#}qfR05+MU(mU7u4}{H&Pc!Sf_JZrVyTTgh*0 zZtYCALeR%Rl0dBOw9FgXHSpm%Tu(7uN36 z8C}zmS4SI0x>pM*(0S_Nlhd928lxGiADLbr=rIm}&;d^aze)1u;C`i66|OUQWvyJ|K#TRK#Y{$PrRJyVDG-liJ z1Iv}G%gP5O%j{Hdtf(nBFb%}!+``~yM@E(~v&sVduAvNejp}3ubc__)Gab$6p>=&+ zk`h2>ID#_ZhE{gcX5TTNNOM(|6Dbu^DANe6o@(K{NRYBX4a-69czu4)&$qD zH^K*@+ZqEZvN1JWTPq!djbBFWdBc{|7$Pc5BjZ>}ejFoz62WSR6f`<5$Tzl91y1Kg zGYyI+UduHv~s`6-|>4Rm)lSRlj>l*}A|0XN#>{w9W1i34)LGDZ>q* zMeu#Rg23+4^eYMViL6!?rS=~P_^rc3Jr98=k0J@T7d(EJ-90mxM!&Y$JT){L@r(KR z@_FXarF%|+0KY*@Aln^`Eh(E5rTcb#LU4t#(t^F8%?a#P2eZ~fsr%$9>=i2o17w=+ zUS;ld4tJtWP{as-06Xh%bWbUP7rQY|KyJyN4j5!DS#QH|$GE#8|$#UVx)vdNe7I8NiK*El*-GxV)ir&lYU7;5kdKxX`ey{HAnc);}C*je1+Bt{XF@E%KPp+5!%+TPN zAKlGD0k!r<_s2}%7A)w--&&5&zK$+(;yh!51S6(seT`^3bH@(VTI{CgvFVgVyd5z; z+LPbQ(?&A)3j46v zVcX6M>kxXA#RUG?>nNhGLsZOt$vrQ3_?NYs7+!q1?uiFE)b9)eU&L*0;U+mIi_Bc>}rCd-my^*_Ltq0wp6uu?HQ%gh0|!M%FGo+us^5|$Qq4BjsX zwwyo_)VefsbJk8;Zaaw|m^^e^F{+36whH;wk#2?R8kkZm_QWpp*p*>m;T{g(en>Qj z)UE{z3-Ty&9;@Y>#nwkV{CaKL&&1^|Sl~8aPf5uRm_`I(m3vRh6?*Qmq7e+tBqvxt z;~>rf@4YgVb>Oajo|6KXEzfZe(=1X2@9enUN7xSrfQo)KGqQQTC%GudLL3m765DHl z1V9irXd(RV&lG3%zFg_A0T$gIPDk8d!wVVU5Yn998v_0p)cm*!p^seuuS(?T?YD!39SmY=IR(%o(~0_&`YZ=14(oXHlN zMw9ochYo*};K4U;$Luck;jpK8rh5qZr1j$5%{Umrgz(E+*lQ0K{1XPp%VVrmS`6vn zep!~Z5iiu98WtfErBFKBamp>?nTk0M97JG)VcvlEG7?&G1;W`8R20Sy1Ieu~H@5s0 zg!S4_O?Dd7qwBRsoSM2h*Ql@DjJSSI9O3SlHkp1gEMLyK5$xtAz`X}2Q3zH&(@C^! zgPnwvzgif$^9!6Nu@UCIu}%x#E*bm@=4u&j6hmm)-ZB}%r#f7YkA<7a_?3kOYg7W* zK8qRmwWP*zfbQ{Fn7g#z>$%g9B>68mEJz8Fxz7XEXwsQNaiAQ4=1Oa^KCzgJlbOa2 z&zUs?>sVZJ5vs`bHkO=kuz=cAy>&RoO&x-y5;-7%zZmr@+&scMQ)vAD0W+)d;!LzF z!DK4cSMO*Hy{RFb>i^RePb`?_8(I}n$RTOSS$b1s*x_P{`CU<&T7C~N9i5hrK1+#- z#z}^JHR?ZPR4LXen>^qYn24q;kaq!Hb$rsnY=UO@M^4$G3e|{9H;aJxNWt$@w+*dL z4w9vW&1caPmv#%F&jEDc5kTTRn+g`R?3*J~7p7(8r%~(w0~DzZozWKHJeIx{!E_2q zv4V}iqy@MAcuBw(Of&oZw--Jkm3SKh;$=9<#c{vDA~h*TMO?~HLj@LOCP(l3247A4 zx0qneWM4=LHy=R0d7eHa(WJ*1io!&cBd4;veFaN=VaveDe)5303+`kMo7Av=_`IZW z=ilCz_%hnJA!5BMKy=puPQ?`*)XWi}U;HzRy$;A$>k8^Zc%BGDByOq3$=}zP)F~zl zp&r#`GAl7Zx)gn`m%MC|M2*~+7rUz2TM}?9lb+lG5r*J70m!$@pe54$M+fTsU2M{2 zkoOf?d~&z6E-NI2)ZQPIQaC6ifL;>-OicxAUupNxb-P?Ln@1Op*CqU2^*wo}wym!d zR)UMy`n3LKzqQ_fS(ffV=q}qhL!M+0XL(b_S!%~E9#8se{d*LcH&FjCq@wBn_1#IA z6kBPauQz)iDzak?W{kjt_o|QR8P{Ue_FVqwT`GSBYl?5bC9dKUG3f6Fb8G%wp10bG z<;%f%e>il+oleGW;IbqX6YFg!)U4+zTxhcd`aU#5e&+QI(gf+5<}eFn1GcgMQ}*uW zv1Xw{iWSRGTxm;((RXmRmEVl&vRGNpF|X?y!=SIuktiXEhr7RJnEd>Z1L5H;&)zx< zpP^Q@M2D_A|GhpvaUe6vH;Omv>_tJ;9b%?>6}K(eaDW>bTrdZX%7AYfvuL$S<3UWy zy3E!?vuE9uJu(s7pED%K(_W0}tlN&n*Eh)B9p1XtkukSON_2PKmqLLN@<;fP%I z4Vx_TvVgM|wEb#5{3W+GTnSJKr*D8}V#R8Tp_%LSXo8U3y#Cg#tZ}>`>@yX&lGt{3 zsX$R#5-Jb~m}u(>>ASiz1H%dXO>kGg&hJe0&xQ4QF27MxWT0bR@MHRev^K!qJVbk8 z;E?|4N0LXekO<;gRbD2sh=-;*+wx*S2RB5RtNl#Hn2|*4y)KkiDN6oa`yz|-`*%kY z&}81?e7ClJBCBs1F~QAAd(^RLZ30Fs9*7ZUQ7}g6DajPLaA{v}%aeKty@fA;q=1vH zBNz3}b)N(EyO05!aANA$r-flHo@gSnm}jJJ2(=-9_X88cc3Z}X?@Z>+;L$f0Q3z8v zHPq&(7N_m25-$uN+mm5^0%!Z%%g53=VyYeMp>t(at$p{aY?TZ;wek~!RABTYTmF^ztEO}<@HkC2TgH6rRVhhrlymDfrGCC z%JHo6N%hQw1QuGph?-{D&5#IWHx?PQo>sQOff-swVt&PVGzQW1-x5HYyA(5Xs%%0`?&;xSkmCh2A}aCAoz2Tkcg%^Mcdnw z{C-3-)z6bUQ8|PhYAXpDD{YUB!0OzHmUmNQ@$7vr$tKJDfAi z+sNF}_=9Q;VwqW6Ut07bqQg~fj?RQH>{4)m#}M{=@}Ij}f&E;~HtI|@rE^Pl>|qX> z*}%0+qm<6#r`;qm#y&1FZyorocHsO|l2HS#h83v9q?DU#t%15W30SS{68TCUw|Yc@ z8g6jw0bYCPVZdHp(;iA!Ty;92h9p3H?(xH{{;ol;k9VXLAHuE9QK`{i!>6!FU(MI7r z95V<&NYeSCvFYK;WLgzKgT7&HJ+{Fiv29~5AE5+p7S6w*LAp+$FugL)$mo1yc0!sJ z3a;oO1^I}5YmKv!57U>atO;CZhhdtyoa}^3JFsU^bBIT;lfHX$ZdFAK zqb2KP6dAgbyP8<<(fNA7UbPU*LFbFRH>J+=G$HYucjOBF~zH9KmB_zZG(}B4+{a+iRao zQIYJcyW`qJbedV|&9gPZwh+`uryCjjtN?az3Qknt_A~uQ;+oW(4jmb{vy4fGV1{Gu z7fE@mrp({E{?BQiL)slin~~;=gl4OVTsXKTgETpOn+eMo;+XdaoMk4SGLG|at|UKn z4YR)M)Ni}&gDRlYd;WV4IGT}o>0T5!KOzadPEIjr&x0ekEU+h(rcHosru3d-#;_;N z{xla>A7U<}sa9)R7s&PIh_2LIwJv@q*0wQC$jjlep$+nKse$DT)FD61Le!Y+wf0;? z8V6n`%%yp>S4XvgqOeTIhH(PpUnJdQ30{4Ge_;_g7i zRS=u@*~7po=H552i`MMTvTlyD&7zo#*;E>O>1w-5b}z0u7xA3cN++l^a#2nZC@=Pw zk$gEj+hzcx(V%=-Ft<;qy=8+%a>lVCZ5atRlpM478H_JJzR&B=wRWH(!r|)lmDbK6 zI|ef-pL+4r+}@wuChW#G=r=BFKH`_64qiQA4IZfE;DqWPS}&*Aofy5ni|oB2OkqiI zC8H2iI|sdCzB$=lyVYk6;|{mmuR>a*6@ak4GF6i^q|~@ioGBu+f`?;w2_MuR{2!h9 zu4x59K}!`8pRkr?9V}!Iyf{up^E_$;J;A21=a~qx{Gu6*h)`a7);#y!>2D&+IBP!X z2e9pIhWRh_BLpyp>{g(-eR4n@S1NzOF^wf|v=tee>?*uX;4Ml-Fx;<+!|)+05sXuF zR0Hy|>K(ivq*Kzt_-i16P77)VoCiK%)Yt$Ci|6W!y%dN1DL7(0*#`CB0F>zQ3{9;d zCJ#L5MFohm$!k5pWsAhDKxRQfQQcH<1NVlGsJ{CpL)R3=c78z83vHxFQ@j_A`6br- z+>3dcJ{gEAQ?ne)*!!RMuddMPxU5>a-nzrpZinoal)|S@QcHUSSIp{zC+Cimlt5Sg zuwZTt+Ifbv)r4w*v;v1#E}e^8^m_X}*)LI&C6zi5i%Up-AEYwQ%5RU`6xcRL?ag{9 z-C#4&az~gJ?H*n2Ek2@QS?|!QCMqc8KsXc5m;E4e{ZUM)6J2gjF|%kV{*LIkl-{r8O4;9m&zCUq1dh z*{P}%k3S1f76FOw_*Oq&FvKGCQo>i}qAYeCc*VaW89T0Yr5ye%33l8r*y?J=U1(^w zuvg7TExRooZvWQ2mKgdvPH=1~k;kP;{HiX%J0Uv!E%=J7h93_lnHTGzH7=GiPK{nQ zgc9A!@yw_epR()bOJ6EjF(>m=5CUG9Q{Hn_sohQ=Dsl?PNd+9pB4i79@wE9R6>_RC zL2PJ-xXg0ap4LJox=KfL&=(#|IB zP;Yu)fB3q!Vh;Az4BP)I*&HG{&*!-(9WE2?=CkE&*Cj*ln9`#0n**dpwILQ!50N~ z60#woj|~IbdAh#(wMr*}cWN_PZpigkrCk5B3}cO<(hp{1$%HdSBL9`Q3UR=k!quuB zV9BNLi^V6hpV_K