From 5d12d516ae03ef69447387e34e918af8fe0b8fcd Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Thu, 6 Oct 2022 20:50:05 -0400 Subject: [PATCH] fixed subnets, drone proto & host, cleaned up vault --- ansible/inventories/home/hosts.yml | 2 +- ansible/roles/podman/defaults/main.yml | 8 ++++---- .../roles/podman/tasks/container-drone.yml | 6 +++++- .../nginx/sites/assistant.bdebyl.net.conf.j2 | 4 ++-- .../nginx/sites/ci.bdebyl.net.https.conf.j2 | 2 +- .../nginx/sites/home.bdebyl.net.conf.j2 | 4 ++-- .../nginx/sites/logs.bdebyl.net.conf.j2 | 6 +++--- .../nginx/sites/parts.bdebyl.net.conf.j2 | 4 ++-- .../sites/parts.bdebyl.net.https.conf.j2 | 4 ++-- .../nginx/sites/pi.bdebyl.net.conf.j2 | 6 +++--- .../nginx/sites/video.bdebyl.net.conf.j2 | 4 ++-- ansible/vars/vault.yml | Bin 9643 -> 9189 bytes 12 files changed, 27 insertions(+), 23 deletions(-) diff --git a/ansible/inventories/home/hosts.yml b/ansible/inventories/home/hosts.yml index 51a3845..2f68427 100644 --- a/ansible/inventories/home/hosts.yml +++ b/ansible/inventories/home/hosts.yml @@ -1,5 +1,5 @@ --- all: hosts: - home.bdebyl.net: + galactica.lan: ansible_user: fedora diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 3ab90a0..478d6ad 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -9,8 +9,8 @@ partkeepr_path: "{{ podman_volumes }}/partkeepr" photos_path: "{{ podman_volumes }}/photos" pihole_path: "{{ podman_volumes }}/pihole" -drone_server_proto: "https" -drone_runner_capacity: "4" +drone_server_proto: "http" +drone_runner_capacity: "8" # nginx and modsec configuration assistant_server_name: assistant.bdebyl.net @@ -36,10 +36,10 @@ crs_path: "{{ install_path }}/coreruleset" crs_rules_path: "{{ crs_path }}/rules" modsec_whitelist_local_re: >- - ^SecRule.*REMOTE_ADDR.*192\.168\.1\.1/24.*$ + ^SecRule.*REMOTE_ADDR.*192\.168\.0\.0/16.*$ modsec_whitelist_local: >- - SecRule REMOTE_ADDR "@ipMatch 192.168.1.1/24" + SecRule REMOTE_ADDR "@ipMatch 192.168.0.0/16" "id:1,phase:1,nolog,allow,ctl:ruleEngine=Off" modsec_git_urls: diff --git a/ansible/roles/podman/tasks/container-drone.yml b/ansible/roles/podman/tasks/container-drone.yml index 5aa306d..04300f4 100644 --- a/ansible/roles/podman/tasks/container-drone.yml +++ b/ansible/roles/podman/tasks/container-drone.yml @@ -26,6 +26,8 @@ restart: true restart_policy: on-failure log_driver: journald + network: + - shared env: DRONE_LOGS_DEBUG: "false" DRONE_RPC_DEBUG: "false" @@ -57,9 +59,11 @@ restart: true restart_policy: on-failure log_driver: journald + network: + - shared env: DRONE_RPC_SECRET: "{{ drone_rpc_secret }}" - DRONE_RPC_HOST: "{{ ci_server_name }}" + DRONE_RPC_HOST: "drone" DRONE_RPC_PROTO: "{{ drone_server_proto }}" DRONE_RUNNER_CAPACITY: "{{ drone_runner_capacity }}" volumes: diff --git a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 index 61269ef..83cfb1c 100644 --- a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 @@ -2,7 +2,7 @@ upstream hass { server 127.0.0.1:8123; } server { - resolver 192.168.1.12 ipv6=off; + resolver 192.168.2.10 ipv6=off; modsecurity on; modsecurity_rules_file /etc/nginx/modsec_includes.conf; @@ -10,7 +10,7 @@ server { server_name {{ assistant_server_name }}; location / { - allow 192.168.1.0/24; + allow 192.168.0.0/16; allow 127.0.0.1; deny all; diff --git a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 index 6dd30d5..968f070 100644 --- a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 @@ -4,7 +4,7 @@ upstream drone { geo $local_access { default 0; - 192.168.1.1 1; + 192.168.2.1 1; } server { diff --git a/ansible/roles/podman/templates/nginx/sites/home.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/home.bdebyl.net.conf.j2 index 3c431a2..faefeaf 100644 --- a/ansible/roles/podman/templates/nginx/sites/home.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/home.bdebyl.net.conf.j2 @@ -1,6 +1,6 @@ geo $whitelisted { default 0; - 192.168.1.0/24 1; + 192.168.0.0/16 1; } server { @@ -16,4 +16,4 @@ server { if ($whitelisted = 0) { return 302 $scheme://bdebyl.net$request_uri; } -} \ No newline at end of file +} diff --git a/ansible/roles/podman/templates/nginx/sites/logs.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/logs.bdebyl.net.conf.j2 index 508a3fa..a65077e 100644 --- a/ansible/roles/podman/templates/nginx/sites/logs.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/logs.bdebyl.net.conf.j2 @@ -4,7 +4,7 @@ upstream graylog { geo $local_access { default 0; - 192.168.1.0/24 1; + 192.168.0.0/16 1; } server { @@ -18,7 +18,7 @@ server { if ($local_access = 1) { access_log off; } - allow 192.168.1.0/24; + allow 192.168.0.0/16; allow 127.0.0.1; deny all; @@ -29,4 +29,4 @@ server { proxy_buffering off; proxy_pass http://graylog; } -} \ No newline at end of file +} diff --git a/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.conf.j2 index c610646..8a93c5e 100644 --- a/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.conf.j2 @@ -1,6 +1,6 @@ geo $whitelisted { default 0; - 192.168.1.0/24 1; + 192.168.0.0/16 1; } server { @@ -18,4 +18,4 @@ server { location / { return 302 https://$host$request_uri; } -} \ No newline at end of file +} diff --git a/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.https.conf.j2 index 93684d2..9acc75d 100644 --- a/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.https.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/parts.bdebyl.net.https.conf.j2 @@ -1,6 +1,6 @@ geo $whitelisted { default 0; - 192.168.1.0/24 1; + 192.168.0.0/16 1; } upstream partkeepr { @@ -54,4 +54,4 @@ server { chunked_transfer_encoding off; } -} \ No newline at end of file +} diff --git a/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2 index 045f4a9..156e11a 100644 --- a/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2 @@ -4,7 +4,7 @@ upstream pihole { geo $local_access { default 0; - 192.168.1.0/24 1; + 192.168.0.0/16 1; } server { @@ -18,7 +18,7 @@ server { if ($local_access = 1) { access_log off; } - allow 192.168.1.0/24; + allow 192.168.0.0/16; allow 127.0.0.1; deny all; @@ -29,4 +29,4 @@ server { proxy_buffering off; proxy_pass http://pihole; } -} \ No newline at end of file +} diff --git a/ansible/roles/podman/templates/nginx/sites/video.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/video.bdebyl.net.conf.j2 index 36c1db0..e8d4e76 100644 --- a/ansible/roles/podman/templates/nginx/sites/video.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/video.bdebyl.net.conf.j2 @@ -10,7 +10,7 @@ server { server_name {{ video_server_name }}; location / { - allow 192.168.1.0/24; + allow 192.168.0.0/16; allow 127.0.0.1; deny all; @@ -21,4 +21,4 @@ server { proxy_buffering off; proxy_pass http://shinobi; } -} \ No newline at end of file +} diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 874e52d68048f2047377ea71899e01c64fbc7186..cd95136f790eca1024ca4890c6d7322340c04f69 100644 GIT binary patch literal 9189 zcmVY(kCH$>AWQW zuvD2|Af9sD@Sb|VG8;x^G*)F60Tsnlh!pCE(}D5htT=_L7@(jO!C=nhN2` zZ&ia(@YYd9x^Oj_B4!J`0k^f%Zn2YcA@N)+bGCkSo!Oo{3tm*2_<%lW?_GCRL|SJKT|_qW@5L*+#zHZ31^=!+4AxNU*SlDvj^F6(Dc zzCAa+sch&u+xgk;bsjpJFk<%QqDdl+-#TIb*Fdc>9esGSGL=p|&Ex#MQi;;8k!AbN zkOLV1bzccrTVCfN!eGIOs{_%uKy0eU(^Gec$8_q3p1LgncLG@V#7rB)7Xh8HuTveJ zi~S#?oCR}oZ`ipdlzfyk?G{QY>PBp{RV44}9(Z10{ce$gRk47FHyWR~ac&1}1`}S}srIW9=dr0-tUyI*1Swfa+jOLx zvoKqpSg!aly)nFwt;V!0{Da^EFcxzj^D&D3U0bE1os306;=P+7$)01=*m3K=c|Nf# zg?dRopZ!BdVQMi8<2?LGAf-IKMD;NtVva5sVd)|3*r4dG!ChYC_ zvXOy=fz$vA39`cs+r1I`2uc#5*{zqLL0e`Pz-6?Ii$zlz{9NYm3A)X>w z>w~IP zn*aPMks-SW`osI0u&zh|>La-dhtDwfvM~ZO#+Lj;>OIrH<5Tzh<$=o6^JW3Q_O)YZnSeWCAIV0 zR)opm@3sAaOPbGN&_{oj_zg#bd-sr-XCW|WGBYx-dKTz=@8OERyi7R&IPh`u_ym#A zjlk?{s1j%2v=#2-M<=XvEiGhYNEIX2*Rn&Bq&q=Tc3PvE9!k8qq)(s1N5YVr;_tr^qFjR>n@C(|Wv=v1D z!U(2sWY?{cU>}f*fr+h?@-U}PCnGyuTx8C*>#d}{2udm7E58ZvzDL~uW&$e5MOpOt zjK}_w8@O=oqqlaOnXN$xpCc89BBi4MRFIav-^`@&T_q7&(1~%|564)rGQu5bsDSp@ zLLJE$QM+99`&Q5<$M!@+TO+amN-Qt7LhO*NK8Ryy2!saP^48{0qR{ZsEw=o*MJ3?a zX~dBxU-wZMSc88wN^|}E*L@OfEQ@5ggxnK6TB8}POB+u7@}Y3PZYVd{65*csTdgx2 zq4<9$0netj>T|h*qm$W;UwH8_o5C~7h>0Iq90*nE<(SqL#Z%R?*2OJG(t=Y5q|O3y ztxA61+4i7Rq8MMUl?>Rzwxc-3)9qo9m-P>T7RWiv0`XFbg0cF(MqiltG_pmA>2EKJ zv`C5b^Ib!%uLFptMASfK;JdyDW8srHofIjUM^$L9#w3zf(7Dx59Y3~FaG(c)TbXtn z`p;rfL@M~IB2X6R@%OX3sRXiI{r|Z3Z{S+m6kA#Lp6)?~@j_e0eTzfY82s~-oj%8l zeKmirp`}-=7z^*Tc33PYsm!Z4NKQ*F7gN}8fC06B_hwrjQQlIV-0&Sp+`BnB6F6g8E}{*g z6j&W(nEFwzH4f5Ereg7GcF%|9fC8BH!WOmuLJcL45BfF-X;)7V#V?!~P+Nn&-*c}s zIBxN4I8*f3#TDvwevHlYrOTR3?0a&M>tPb}7EC{&l983+fcX++{R0&67~hsKRamtA zgaxIi$w{hcL*6okp-DJe_qEK(2WM*N@*CmZZxW<+ekbRSp=+8q%@BLRuZ95>4y z|M%cL5!=yTjE5tN5<~13C9fEvQl`1?>mOg9{1Xi(rxYrVHx&W;MdXqvWsl>9Nly+G zDOoWzE0OCz`)N4o$#!|EFgrR4Qr%YrEqX@Rym#cp-LSuw+@A}AlQV#<9`PQNIek3cGdpp%a}W; zO{KG14=cjdB%#Gs@BVjz@#DZ+3vGH#a@QS2d+)vv`Glbav6+YI>sVg7hs2Z3GCO&yuUZ zUJC2M6*@ATJ8uv5m`+#ud4y>lROuxbJ>5|UXy-T~DLH*rggH|^uW&W{k-|H?oI5ns z=o}mvquZ?zjb$i=P<^d&r;N4ua8Po^z4zLJ?C`O||NM=xyp1gr2``w%GYO>g0BUor zaV@JhH}LBL^w`(Z?3PWKU4u$$XN~9n%5;`mM=A0egu=k+z%F!bnKJpgB=JTK`&l8C zTnrIRM8w<467`Wyl@2G@C~UPcE;do*UUxY-Vd?O!ivYv{dfJF#_7FMXdMpv?e$qRO zbW62Z=%$UCd&I}1=SXW@-A7>DmQCZy!ZxvwCQL(~`ZX6f&5BmFJDk8DC(l;FE}amK zofbK#R-TRT7ctCnMQmYA|`Y6UJi`bGzRC?-sZ-6447` ztx^Ynj7tO=45YkUHC_pjAp29Ti<>ZGy}WWD%p}cnJ$}1xuc+ii|Cm*6B_01Auo(&7 z4gP>+>72&7|J@c9zjv_Zv-ZGdX93FsV04d#)26b%U7cc(3BVWZsJY91)#2N8&IFN$ zv{h$R$Y-_;_nlsr*Bkz3FWGZ7y`|wYpRpWo!s3Zn+#U?rv?ot|Or4MP44%cd-bE3-3()OKvKiAYgZfoS=FMByX|cDM@hPk9R#5 z_weuwa3A&B?`v6{@7DKnX2>PU`uKzgt-Xw@TtzJC_z^@O55Nk=eYu1X`lyBbNf+-i%yKQe5giuqj^BNfhS3O{>MC-wt+sq_nv zMkU$|AME{2fg9NUV^9Abf8E!-UwTd!IZ1$Y1FXb3EyhxMhlk~Q@b zEHPI24*eNQLs?So@G5+wM(r;0iwY6UuOtBN*H+}yQW@b~A!nF+FoJ4FJo6o?J(!^q zvP&CO>j_0ER3!aYrjtDk0j}Hi7rLR0juR)QdVjKtc6e*df+f1}%>J!qbuKD~~Te zw*2?uO5qewiTb8VOi~~4EA)XJWua0JJ51zM^XY9nsgrMG8%NhxSyN=AuT}l>Ytm_; zYs9r~HI8_{&QiqAH_q>rympC%wT7ONNAM*N{PG8r!}z0iR$koQ9Ra>^Ue3GMj;oZs zVME_PO1f81)Z@-xW0u#<+>RK2L6UG$z4-c`JgC}^L8q8%7-<^6@x=$REVcSx66^U< zDW%A2e;9Tle%o${anBH9ETN?~Pyr_0V9l!OwlV6^}3gtqDlo@LgSQG88Go z7d1mwej+fkjC34hM(Gz~kF6$$AiOm)kM)(aKEQ>WWXLsr7pwnPg2(SEk@9-iD0f82 zmPKg15juxQlbv4*4IuZ$pLNOD4BgYUfV3`n^*SUJjTd zh|>(TVM*v!F3yE0#iljL&KhMcS4}(q5JlFcH$>SeNCP&Bt5;tSImnTt;L!% z_(PP5_ySfdOo?f2bWhf42uIVOQ`6ItZay*`pXueB3-=FPDwSUCwdD2mfQIPx75b6; z1#?}4CUyK^czeYNKqGsJ|3d&S3BC*~i*N3Ky@@5njJFhX;sZaS2$Kk$aOvm!Pv~X-+U;myhISZ2f_vHu6ljGc4GgSJ?ppuHKrO z!90iSeNK7$uY3Ot!!J4PtPh!`)?3|{dSHvq0ofWN;nZ+$MHc56f{T?8EP_bY+#ae% z`$9xT0Bg|^TD0^N*#-R4_2y%dsyoedq~B1ct5i7>uIC2*1kINpN)qt$Ool4tS{74P z{o1r!%6ZnRK$5(-+5~vpDFKI&A60cZYQcqu>|2bY71?Q5I|MF=Lj^)UbRU9?Elet< zqoSQ^0)|3FRXNYFn_=jJ5#DV9=U+a$Z&?yzxA>o9L;XDljq6$qWo_S;_jZbr>{m%`>xK#9 z<*|4|cP?smgG83i*Vf=o>FZxrOir?*N6c;v%-&yl0P6`NoesknO`3F5sD!$k)4ItsaZXj>c{l8}`A2Npe$77qphg$n7awe@ z^?!OoshZHeFA!%f9UN=a3kNuM2cpgQ2!scAeNCL}v>Y&qCrp8=49NiiR2;3tj*7CU z>pJCY=f`H=h@K)D-koDC4L#mO)}nkgGDqF=U9%TJk?0zg?{HF^_%8AH&7@ioIh2Hl zA8rJb1C+Klca~HAc~m;ZJ@kRzUG*bABF8ZzGKJYB`yYhM%tYy+qdNm`Ttj%ak;x^y z!_RSS2nT-)hzNmnqIW0_8C{YhWuk|2l*2Q=B98}x^E7Co`H)gN7i8D+Id|eapr?U} zKMY~ZiFYT^I;{USF<0y=q5?E1CDU_hBj)`$;Z%HJL92RNKIGx2vjkOWnH=OWFGkmA zHZ{YdjiBDLQM;By6@*GrM!tMcP%tL*5cgcCc_WJSFIk{DD*V*@{6ZcPgC70MCojxK zclVbfUqir%Y0gYE=6BQ|A~p=ijkHMa{n(EN8jMHr0@GpEZ*Qfa`m+{az(y|Z_xxAh z>OOAI_b974Q{)?!eO!xkhUc9Gt#aPMj@y=t}zZMU0|dbYF+*KTM~E^ziqA%8P(+azqev z8P7r8>KBfh9atlhv`R4QVUyD=S^7FhdZD`?K>vB<8!`F?)VSiU132A@yguei!3hdx z#9!VHZB4WGmFVNk%C8nAI{DQ$U!fP#319s*5eb-wCar1s}5*> z6RDpS_HBfiKT8g<-pb_u)|?1UwODjSb^1o zrDmkBOb+v3N=-;=$bI*eTN7)(kL5d2M@b0^pm16xP^Fzm0SERBb4D|Y)eG&X+*$MC zQE-~1?DIW;jI=xUqdn^%>-9oqO@cahO-UHSUIt@TmI)b~vepLrz>V6$T3{G{!{Bi? z)e{b%Xq=maBI}E3G4oy-Zy==9#&fvPMj7CvOLR0i8J}q7!S;(JU2hBfxKz8kq{`$& zJj2#x535W7>WyWG6o^IP80A@077UaSgn0Bvx&H4z#SU*TqY*uNy5TFlfVJwYGwT?u z8y`SJdvy0iO=M6Bz%P=tknvIkndX`0U|((wnzM+70`+&l_5{aj7~uE{*g@s|s?IeS zSBFP)@=rlz#n!^17L2M?p2$jglavu2_rz0B94^s$4b72v%%My{GnWMy!tQqw6IDv2 zitxGz3V)~Ek|in+)-{PcdE!xRl@*gXiN{mcD8I8CdLwV@QwhP>;ca6!*QEnd#&+F| zkfFkE>wc$d&kdMtKoDc1VF?vW5N}VHv}x~fx|wzE(g3W+5a*-bRj~$5778MNK8r_; zL!Ht$I$-FDsiS?jAS#6=#-Lbl{vYIqq?unsBLo2NUr0d1`-6MvNO_Pj!D;r+Cv7c* z$r@G)P(2Zn#uyfyhe5t^Q^;8(%=jZKez8eB`U9hy^_X&wz(h3Ms55)p*cvIyg`7!L zKQCt67`}OZ%e&hd*QBAp*n-Lvq=*m*HiyPOAL|nl{U-lsY}S+Scgnmmk9OZ4PQxun zEq8^vo+~Q9J_FkGW)THn*NV#P(bXS4>8QOq#=Usr68n}@{92Gb(GFQV1{NAnj$nBK zC#&W`m#TGSxN|~b_b5$x8q&_bqRV#BHH3%tX3OS#7}%!aF(Q+dlP!Eg>01%XPt^4tnaC@Y#GAObPAPl zMzPmcr@EtK{!3T}E_P|CQ7k6;1Bp4IuWY+t%_7j->R-Z2ThVkZDm5Pvtgfkp*(iP1 zOj5ht)Pqy|<`*y$&ru9NN>ebK@bfq7D}>O#xDLr;Z#s8_vOL~v%Jniw;uFAvEZ{c4 z!PbVI4gOOsL5ic?Y=2VE1?GR?&l3On zxBoz(%CZrh3qh`wQG#7xv$p82eGxTj1{Dq6Z^1&lXGN|MK|s^;SP33sLFd0Gz;ar| z3JKCiGjZa+2&08FS_NBNk$Z%^8fTsIU|p1|xiNr7g=Gg(MVyc41U^HwBC8W~#d^h| zxW)pAf{OGv=I($%-1ym@DPcWNKV_Ruf<%47y@^>8*foS{($KVMR`yA_7|E0Db6uNj z=q!KTK6}51kgm^+N(=@hzwcoE(uje$D-!IY;F&MAu(8q`amR;UVh1FUYXb3 zp$8?SKrwX-xarZ>vC>^o&^ybWXPOjZ&$N8l>q&MeY8HNXNO$SA#)$;sJFLM+iT#o+ z>Ep9UiPX6Is}HR*R=sL;JOo!@^L#8YI1TFmb`fP8tmZZIjY@)F8WqqzJ9G&A{t%4D zzlJ1LGw(Pm>894Wfz5|lg;m5Y@=?iLN09rt^7?ee8iGIx1(dI3OrfW4L0cRi#NSQt z>vSdN^;|_E^f%b6D%1#0K_Y2Swlj@5D9x(g zeU%pl@sNA(RK__(fsIyX1loC{+OZVhk31wJwlcWyfnX2wzBzbg1?!vsdN*S#jqJF? z-==9+FQ!FV0tnO+fO@&pC})xD3*fblKm$927ED%PW;35HJPFMr9}fQ0eGX>jpHPzM z+lwc%nS3KH=Vi0_c9JG$WoZv|PkxORF8k&BG%z$@4!M+49zDJ7XwM-=7@bR2sF$k4 zGnq|Ixb`+&ENwCR^!O5KfbV+Cc!uK3bBF0fMwARZCQ|pXgX-9$8xCCfilhVhAQ>zE zLyOPshr4MG|NAaF(J^>9Y=i8un?pM+5J`UOp7ic6E>b1pG(6XOd@p;}pf#g8g(FK5)8H1@FK zWn#6K??%la#BB7~dWYLRO(B8r&Sivm;GwIVqOYConc#SZ@6xgN-yW@X_1(kZnwA;2 z3QYwAq~z|U*)j|2BrnVt@Y-p^c@*d*IY-y4>4PQZqjk=`O%o8SoP=*u7LXouKP`&*8w!)>om9m^kvEo?ROUdT$~W(saaXFB17^?1*ca|uwbJ&!xJnkz{$q|b zCrywEhA#jpAF>-o+~{{M(ceNuWtM*E9K}=GuHGRfsbNPoItLeXBq%PO8#A7S&;$Hr zU+4JdT#}}|h83;Sks&1H#LG>_OW+C@ZiLGqvcZZBzRQHrBU9 zq;b9U0_3FX-%IaW zE!DeOOHvFcBKzu3&x8s&3je&O@Q$8sMEz^F>GDnC_$XjlK|N8l3(KZJwBFV*VtMLT$q)6#+sd= zB1?FiWp}&f^M5x3&q)RRp1>&Y@}jCrcO@QGzlyysJ-Aec>cAVqP~`E2;xZq3NJ_K* zE==WehEu`!ont!lhSaE0C#s1%lM@<<1=}p^@$v-1mNkYy&r^r+)#!jHhO>TDn)M^* zlX^*iEr?aItiX%)M%aCguXaG5ifK6IXux|2pQSOro*=SiQj?c-Jh%F0jRH$%C34W9 zhSqf?BD7wJkEl{kt@Zt9s@JW=l@DACcx=~A+JM(n@{>U2sjt%x3nm*}OQ%!)kgoE` zb~E&}12o(%$HK%`*}fa)O4$tQsKtmY&g`{;xTCVk8@uSTR?^^hpV@tsTj{iETgEb} zUXe42AAxcOAyNDJGiv5HaJ@s1s%teAR7b4(;@Xa+2%{q3zbGJT%fEZ{Q%E4Uvn3R% z8jjW2iXyiXu9|IAB$TF5XVQ=1Zz|uZg44r#JVRJ1m;5?o$PV5|G%@GXHAnrPl8kdi zjtVl3v*k9{L4ht0)%}NXQQ5oK9S?ln>_#6pEZM<=u$s&|G!oR)?b~I(SO3};-JI$b znwei&Ve~~oFfy`Wxx{2%90obVpfFqx-Z%}QUBoeSU65SzkpZ*E5!S2Jv=N?_@Uch* z6;W4lI&_y!1d(C6Bm&@!WtNQ7**{a3raNvYa+SYPf4MGg1?)@6F-z=EHWv<4DB zdNGEqBUozr`>155KXO#N9N3WlD;5`{NvW*)l9WwiUl3kXF9OHT4bkH3wo*Du48=yU zsCv1dbIYB51&!k2dCRQD{+=8-V-MBcimR^0B#v>Ec3`vH3rKJ{61oupjb1{= zxxQ;A`%ZM4n{qxC`)RDYt3-35=@d|{OJ>vFqFbpjmI>>`>e{8=nnRRR(dOT)NCb3&h4NSXzqWy4 z#@y4=&PP_c2c{L%StAZzL>_1)+%*fRQ+OHAzVRVCaB7tyse@WcqFQh7l|@aqJM^%{ zqSt+m*IPSt_r8DgXYL4zPGgu3@KmzWWyjN1W$y9-@k*M8E4z46gY__Mzz9MAcWEJo zW`9G$((=1s624r-D(nq_+erC@nwmzELKKP&lEE5={{@!JJJP-22G+f~0uP;LcfN2U zX23j1VlUM{a#lUz{~tN*F8=KR7%^Zu?(1Psm$f)+yoB5@rfBlPhe|Z5@BkcYm)!V_ zlR%Cu6z#nD`Ew}*A_;;H;=zNg>4UtV5^r%(NFqd4k1cU*16K?BM<4^zsJEsip5FJR zKoEGNKQ%~@M(yC;#LSpR+F<8Qg#SLx$%3h*&mJ<)Ef&>fw$(6jT_vfdOZP}M53Tss zsUDq7wW)W@{rtTfW{A=LtIpUENfUbfj~V~MG<4h&N|XY8K<0%Ynb716Mo21mQDLo) zbsnrt%?-vff*aeJFP6B0ID~nL(*3(jy2DiWAD{Dn0sRYopD?yyi&` z?}->`t)f$yQ)xhtTcCq+f;I+LQzsuPqaPh@&I-fpZ?0`Lx{)upIs|0`C+WEEir v=9l6NeWVU$=M3UEh-d^7`X>R%+13dO2S>MXOubFP-e{GEcH~_}X7(jo5=7H0 literal 9643 zcmV;cB~;n~M@dveQdv+`0Jb=nHds=xUGbKVrDn6ZfO2ew0ZIcoy$DdyY0$eJv2!d1 zY^Wp^ltsMKG^>1sNx!z)7SXFC-_V77gob#5O%XX3dQo_4Qg=%yv^1p8PF1@B7RF_z zi4tWX>cGn8R6ceuo%D6tnDt_iBX)l4cfUpO=>rK#_bo8Un&P_Ex}m-s+qYM6)aZA> z?6!)xDcWx%1}%LCi^23F{5IwA@m1C`V>#E0Q{<(oF3ML0q;M=Qv6T#gqpaE} zsNC5|HIo*~Mr=gfj%&pQxb^2`L}E=&iKnEs<5$+N<=6#)H|G9|NEF#!GAL&yqc4;1h<% z`zn4x#Q-)|pLK$E7chNrCSE!G4!qx!-QQ^WUlx_f`pw(y>D93|lWb9e#OLkhY0|Nk z$~0VCo~Ru;wF9awpPFCXylHJgZyex_dvrY*sw(wDo$JDHo)*MQRmHnYb1nN2D5R5W z$4tE0cfhZr6Nz|X*kx2-9T_a7&TSzZP)ux{NCZ7w`^dP*l z*@xq90w{fKo+9M|98^!#;f?@P_UA|pSsiL-MU3jJSv#fNu2}-Agd+HIx{hmV9C?r9 z`T$-^wIoJJ7v#K|Y7B-{6s-7(2qr~?SqF)k)2PM6BITC>h`s4z#onrAYmA;!BvfIw zHOng`(zM6JXo+*|SFT%5SmscsqIKS;$lyjS;PawX_2M&wHpO`d`wJ{rzRet6K7YB7 zRKh#7RJp<(fW0O1VuH#LWTle>7KFM9fsgDD7N{coq^Q|Ci*V4o!AF122^FK*f{v`wI^U z^VIF_?{KgiPwLIzPU&gZ2nI;X+p0P6`MSg2dsbs>mAN+G<zSQ=@tOvLx}2)2Wx{rOy!hxSgeKuU9{qfMX0 z5ak-U(h{X4u>Wx}5m(!IOI5FKN@cLlaIVc*C$SB=JTHG4y3S6RyZGFZe5A_5^gzGc zUKW%q2jj5U-1xZWjA^ugkcaG@~9iTLwT9Jm5|fk*7M6?*W>=Yo3p0X_aHoUPmHD{rf@To+g2ux z!U>d{FI~0OAU~QulG8=!!%b~qu?45fRIGW>C^3Ljq)Q9w!vpMaZk@!}-@LRq|v7nf6bbEGiX9J(@ zTQ|9ajNq1LkSDVbJQ%-=*Zty}9YiCS4lLW)s|NraNq41()K{J1l^(*X24T^W%ItOC zqOWF0i+nR6=*~1*;C!#Nv|ZxXO@HQ$k`+AS56-*D9`@tPU4Uhh=9@PtNZQ37W_GkX;e?pzR9%WzXmqcRo` z)el##1kG^gk!!{NcMLeeD$uGnb0{&xTUUT>VFC}314``j$k^;kVi)1H`9Ny^YLqVE z3^1G$QQy*;`-rZD;*Dad7!$e!fdQy8LD^Bzq9ihW=H1$ONO6YVu$H4(DySeKmENAH z>~!N4MstZbLWUGxmOqqLK9|I!Sor+qKF2C>tCz~D3+m?}B@pZVXd>oHeFI{c6%EDW zK-awGQ%;kUS1F*rDxLv! zB`0!BtWlB;7czxX7Ze3!-^W|a@YPou{tA5lVbwSqa=B98kTU=%M7x3vK7Y7W5FjsQ z$L4aYnZ$PN1~uePrz~YOvl3#?=hF5RyQ!H`d_vr}MRK@|W2sC{1yh8SP4<(jOCE>@ z@_N=eOGLq6T~>w17hriH4!k!K2xUdEw4lVJz$ZA^V>z99OqXus*B$y0`CQ-<+6M$A zF|Fjx&8!dPOW@Du1HhQsN{IzF5cn{ag-A~6-C z2orzAjLnZ^kU)C}SD+kk8^DrHZ92?q9aGjm3@5!o^aBIv^bO$+hJmaE*)}nRn{c6H zYGL2_n(CEY@@Su5N%58J;KUb|AUmbpqIX1A4*hJI2aFfx?8?Qz&;w#!v6+V{Ez4O4 za9V#?kIsJ;n=W$W5ljGWz6@m!m}BJW+>*FD)ZI&S66fQ0!1Zn*0BWb(6OX)11>J_0 z>QDBSk7`S`fuL2DFoK}64)!L&?cZIlK-_v|(_oxy@|sN+Gb2ms${5`+!_G!3a_hAJ ze%uM~oT``0Zr=;07cSv{wra4&WB?=;0w1&H#f+_)Hc~jcnQnEu~ZS91UtTr=m>zvl zvYPt+^@HYWMY8y6XXwj9eBH>!T+i6S-J{Sxhkeueo`U#e%MpMx* zhw2@$nyGa02WbwFZ>%a9m<~XW4S2J`$}HpEnlP9uuc+P^jJk6WLDZ}xwjbv+`j6k(hlt6!~T2iSA{Lnk7LxpwUcgxQHv`DI4=&?-||j%7m@O3htRiULiC z0}6ToG$~H%HkSZ-d|^{aDv*=>t_SHLu3Tmr=;0yhx^?WNC%xy!j_8yh$0}9y z%!dwZPkEF*p^_ig9cGnSFJy{L_)fL2@tFy-!%u7wih-4)Ey7~nm}HE})Vjfkg?pcW zKNTf>$u{A#KHwG)ojS^|Qwn!nrp|*6l$&!f8u0`gun$56!_(dj*&6HAk}qS3$aw^L z*;Ep{$gnJ*n>{DR)cO)BalYH|Ysa}g{lmC8Zl!e+kdG#<1HIZ=q+n`@NUX(N{3^DZ zFRFZhNXay|@vSpyHdzrD!=!{cF(%VMUPTE=SA3LD68465*@FvZ^}cLk*!moPJSn(y z6y?&y!iy6saXlvz%RM%0boMQX-aaic3`5(Ki)FO7kw4nQ7gyc(>Iy9oRaYC=S+rG; zvS_=c2eeyj#jQu~S68(@0i0t8RvR*Y#ceip*&W*qP6=d+rka=)jK?SYxJJnwpUdf( zZ_@u(Ey#5fZo$epy7phxmUVN$+3vs9K+NNU`Kv4g@bpn-d*=MS6Jd7UFcy2`O=Bv0 zxLj=9lg~@E-)6+rTgIgw8n&HjUrKOW5ATnQZ!}o!4isPKMz`OBXlb~r$hmtAoFQm* zo8I6Ok9NrowX@Ys*hkHYXF!;|`qCGh3}H3!kT*~R7kk~t*f_7D_wKrWjH0^+%Xqmk z0$e($PT+@|jT?1Hxli^v$I+&xgg#%HDa3bjV64n2FcIW?#qgTL{qQF<^p-!A9VX_o zb46IHyc`hUbE#JvkaN^!c!CWzz5Fj~WWVLgW{@xw)+8=Fubk0~SoLs&9!>X1wM0fI64vN@)(;749>-d)4uMcufq#ZtXk-EHP3IQj> zreYzUVmIT`>T`h~>;3Y=c&-S0Ds!qGXxhb;I=0xH&5&<_hXAYoSg*W&QUCTFFL$7v zpWKZ1blt#OBsoQO)^|8^L*ND#RvPgh1dkPTU2N^q*f-Kvhn`n%#OF=zV%p7!26zfW zN~9N5o=n^<75QiJ$)@-=jyW3Vhr!npjVklb!UP%G`u$XBF{Xrp0mdC1z_Q&cknK$D z#}&l6=5VD}W+?u4htPR2!_NBxI^ z)8!R~Zr^#u@W%{7d3LEVScL;Cl5s!@cuRgvx$R%M%!dpsM@tOc`ORPlisV*>hz_Cb z3;nAYR#DJ$`|-d5C6B^S*O>>7YY<5?SqP0{)kobC^VL#Y$L-$0J7R47n;karJxYHG zS-U(^6;H;@=EPW*aO?53GcClM7!=~79J}^widS*i%|P~xa%-uG*E6KMn#O9tL`W~S z?h$Mm9grBz-r_VWyE$}mdQuZ32K9KLzyh{9!nq<%=nc<-sLRLCoghUU@%)*f2WaKf zbcQSLvpY-ud#~5!Y37zb3v9|m2RvY>T~8}zUHiKrAjrr+W{|A+Ajp`Sm!vDudkK_w z9*xL9l$oCij!1mTU5&$EE<6e^HWHkr2t!P#QA&$#m~>Hh)qro#zul}py-_pe@GL7* z<9R+@p*W806BQ%r)8_2_H2IH^IrDR6L)5!2IAa^lvVgGvq>dtVb=7ss_roew5fFkL zYYT1!zIgyvwA>>Q(loZLQ>;{u`)~H~r&ss?TdaEkwLj&yP-nWfn4UyGf{^CqWh9G9r~q zly#}PaWnSt1VteZ?Z$NCJ3E@Bm0kP(i6YZVSbHG2yoqzOG6{3VcojX|P3Md=j}>@# z6F(99zkRd?)e8l8!{TXDg>1#&;G36l5b<}2-u9cb3#X|Rh&<`wFMwk)cKz1q(abn1 zj7{a}yp6M|=nffzm`G=x{}$8$BRgup%^}JCfncx4r4vj%^paI5~kT|WLtJG44to&8POBaC9+IIey%DblP0jy zEQ2-{Xn&X8F{%Am+7yMo?hbn{bEo19B3B9KFG_%cz<{)m!4Se1wlm}v=giIOJp-&H zt$(c`-=gr@`Ii9!n=KVrjLL<_zhtU)hTa2ya{bhqza%^Eknj|)ff>^|_fp!s5+@HP zi(SBHKwSJ?m~2_;4&@$J=KCpgnWA9jieU3ckf=kTMJ6=A`pGV0VStoU z(QxjqGfHaHSROu^a@Ck#cT<&$w8*-Ed`98N?%#GF4A8Fx0^!oyL9>Yw|7^tt)FE3Q zs9O!?BW};+eE%}g4>%D~MV8)u;|hjZixUzB^8%tc4<`WSF(VTWx|-sB7FQ$Mho1WI zB;(@2V~d|(T@kjW2g}!B^?8*vrw@57-(=-&O(5HOy5Gs`1swf%!6Ffu50^77V0Wy5 z!A}Z1CXvp5dyDrAREQ<8M;l_&Wp(rTqfB8>{z@Vs`pScS)x=eR+L;LpYetOaAL6Qs zojcfiHGtg_2J{T`IxDV<7z1eOj8_}(a8K@0t5MprTAi3T^7DToP(StOh!pP8@tLx+ zOGKAARUgWfOsLi|Krz@D#j#Uw6NPCcbVRAO%JqiIgyd}qyu`^W10#=m%6wukohbZx z;0%wxn*3h-f)kAB{!e~91AoF{Y+)zY4%6vSwQ2WCXNqJ|)}$WOd0K*ZnN2@E2nP!r z1w^AJG}}Uks;%-#2Kl;r0bn`5bpVB=U%(TDK;Kb4XAsrqErMVy@YU zy!i(xJ)QonyZ>H{%RhQ3@e!~I!N8!p=#ZO4ZCg&F1vP!tFK9f*nf5VwD1GF<^(7-L zM_0{6VPl{HdDNmIIInR(_M1G+7@89uJA6jfO6)#Gi5w{R@A|sS+?%!rS{JQ-`hv62 z>f!?>Iq6?noloNiTpoj$x|etT!=Nj*jm{U=Pl3=gsG(7D>>eZ9mMxdl)};+VI~dd+ z<(RHZA#y!oVK(P~(!J=lgdW=Ros6#|M2MC}YJ*#eo6f9;B(h_#i5ni)3Hn58d9Gwy ziP1jb-)Xh8FZycM4+%sK(e7C*YS5dh7B!S5gJOl|>_!$rRB4kIG;{f54J?=h5bCN+ zTjC`MJc<Tqr96(ACB;L63xggr_MO;d8z8!r$N`0QZU3 z%ZZ>vMe4?7W~Q8X)09#8L@poKs6l87-()HZ<7Ba|)}<1+2JyD!=NyfrxQk4jhB+cV zbvuuWjg%td1>PtT{5RtRaF+XXbvHNW+HH-8jFh|re@SM(S^3qfvXRJXSe*$|H#1W( z^?6LwmB7vgLv<-E=-wRwNq{*M2M(e*3eCnHbae44?VK(U)-sqd^x{TUy-z-;RP+V& zlT}F+fVglrR9nail4{#mckcEN z(Oq*O?7r`aHqOJ_ObBh|uB4+U{W@G@t0i6h6c|$tc+88>_QcW|B#q2z*vYwPlN5=2 zZmqVWZL{xpQwGL#-hwqqn5(lj-qbL3kqea9L=nBD&%Z5kw|DqXQ{AaefQaD3eHsH{ z7_p(TAOI=3D?H~4fAK-~K{7))s>wE3XK0`BV{uNDfK=#wJw*|%!)qKLq7v(fN^%j> z_cDRgvWr@GNJM=LfEf1?rp zxRV*g*3cuGUMK}s_C&ib=kia{P-baZWDM})qAONwK$pf=Gqlr8ZZ2KhLRYf0h#GQ& znL(tLiUF<(tzj;z)m#TnZth;&rt=eE<~~}sifb4>M(L`cfV)X#sezu#&gX1?S*XBr zKwriR%uzE1qaw#`_%zxDY5e9o9&87sB=Dh3hHfcUe$P6RfAO}i8`5`{CdNN_9YMHg z9S_; zs7zB_uiL|`xxJQqy#Rzqazq}t&y=O?N`WBu!O1*?YWfp^hDVuAGTh@s6*PU0P(Xhg z*8al9()$C$;dP?|?Cqk;^naey-lI1$%VJ@wG`DqMHs!uYO*t%GTz_7+=!(o$NJ|(p z<9x8<#(0F+Z`j)Q@{w)rpD4pOE1CwAI{;1biDuaO!Q93g zdbS=g$gE~p6NMH^YjT4MS3p2Pb4%1~h;@*C!@&c;oe$4+ZP3rSExiAah1FH z$3F93SIVZy&I8wsEe*<_zOsmEb?entMzCSn3tmCYh`<)BA@_i2a~G_w_+O_07iGku z6w*MNnUb7Eqt5^MGy?>bAdl}FfURt zyTzenj-yH@P4M5hCgQjsGWv&+p#8vkx>P>Xfh#B1<}N{CeX?WDv3dZ+&A`P%|CFFo zHBxI$eIM!|hJ5t^JfDWNccy-kv-(*BozT0*H$`Bh>51vQ`JUuVUBVa?`(}Wm*1Lmo z>J0O0)I3{gR0D^c;nsl9w$!IfVra;ZIC6z;*K-Vn`urLIY@QlTQ6kB_OrHr4B5g-2 z6~dJr?wA|}0%PO*h#_^6NW`YKI8eT@^(G>#4G7EHzr6~|52+$;(e!rtA%C+NZ#0Gr z@_$`XfO@l{<*R!4n0J#81nfB0cjz8Pb4)ld#2ga0Y}W4T0LgNyX1}K@&~gZRw};?L z?$eOxL#uJ0uWj#Ju?w6WtdJQM{rZ5RPnA*=YlubYPs_lUDedV_enQ@4Khrh?g6V{g z*7XjH^3C3Qo&=00p6fP{#1H}}h9yMZ%dk7I7!wo#Yup9U`j4LT;rL_Q=cj=RPaLXCUZez)k92(vZm zZWFh+zi`NDI~|X`SYPNUMVXtCR_61hc;)8?1-Px_n*gA1qB*%1VV+5p$I=%Ii5*RT zl+KJ&Vdfuf(L={e{xpS^tWRd8Tqq48VLf&_YIyI62dnluV$1v04ay#ST9B-`bq%@5 z%4f)2JHP?M)fW&~l8fVnqb>U+>ZTHgQbo^wU!G}wbiT>)o&^kd{lO<^B|(1OHq;HrbjD12Z=hj!#xwJ&KTl1 z6Pw6t0G~wf2Q+c4>2h(Rm`yUF$sqJ7($%}|#QE;H* z&5I12s_6a1rBch)07g*C{cg6VV+%Js+q7OpA8DK?9-vJ%$ zkH-gx7FsZVS(*4}eVe`Pb=^YTRxq2NmP!?~U4k|JLZ&lPd$;GCz z=e!)CWc3dH!<*RY_g48t2?cN>I8{QxW83DH!!E)#Xjtl<7s-JuD*%^eZzxYd8)C$a z{{4%8)5fDLG#uqgDvs-eh6IGjG!LALU!)nrPre$r17%bHL_$SA!08C;fhHl84Yc7G z#BCkS)OgXPoUa*?BJ%P4{vTg3PAO#+_eOI^L@wF%`~UJ3XX6i$)UZWiN35d(J7>Wt z;33^zUSi$;4-t53vt-WQf*dI<)^)V9utx5-Bl1D4Gc8NB z?Ty=(($M)AmnY!N`)wD5KUEd(cw*dXghYDa$3HR(LkW_e#$HHcSU52?wIh!rAzZ{v zTCWNNk+oP7RS?cpTv-k%uayi+pDNqP0b89`pr9hSc6&#e%pf7Krp4D)`1kTrd4@r- zt$^*6gC-n7~aND2kr`5EYn=oYbpPYS3$on^Yy6u#pX~6$@j2CHtgy!{M3)L%OlWnJfX~N}W77@gW zF>1AND*X~@ViHe#oa942|Mpc1`LRX}zD;LZD+Fxh#zGODeIxX0O$TsojGV3U zB6nGNVtV5i@uf(1brI&JIFxzpHK~h*SiqCGTQ0?p{im+*#0%SQcPu&WpRE3K#%?H* z(pO-Czw@eYm4vNrVvq1#`%7Q>D7C9RFkf%MMh0Lh0ti^|e{XUYc-rzuK{K8@u0}+K1iF+qJT_ z&C^|4nF>EnVju*-(AIxB2O8;}JyOQ4U!WtX+K9MC0Is&x0lNqRaDk8Q$kfE5KJh&T zdZ>qN0b9CJnDj|vo0S3GTKqKA>@oEEI-67^Xnyg>nDQF?UU|F^siDD?Ut225Hv#|)1 zyBa6yDKNSHw%Vsu2L5T1!N?cOGr%*PlK@F>#C5m}6(I2t32Q^r=&Dd$aK9+(riloc z(oDgW9o?}d0d;O+G8Pt5`!%rceS>Y|5v8PuPX(1Mr;x%u@4rN@M{oRT!GeDu#^IF} zmN~)t;PPd;TAt4@#n-^WBIwHm`;dH{3k z9z12?JRpZkuYDZ%n^iWNo-s~E11i^uHd}{UiKN}exiLj@(S4Fgy+Y9GH?8vaX=K)5+i;Tu^`CUPPgW?nVetRc;bVhTprVoNTtP zTj6@0xYgN0r&F9U5hquF&}al8RNxzR+n$!V69`Z)L2!qXwu7wb844VQjPQS$?W>s> z?SIpZUiarxKV_&lX?RHa#SU3{cv%gU1=&|m3lePVC1?G@z`4Fio9zYP%cZM)=#cR% z1A4rcT^eHMd`)cmm55Py!TN74<)7BjU2{#zU zyh4Dl67v}=4Nfd|zhrQd9nthFX)`U5Ktx)rI7vjKW~30cR{C$=E0XiUaeUye#haU0 zPbrq`7vk9Q>R1m^8vm0Y#faHBEQ-fDjV2J<>CNQ8bDJ9&TRmwn%jwaL*wB|86nDY~ h!&aq8M?t&3;}$d56CiByE1HJGMcAWl{u$QyMVU4{vFrc<