From 71e9f4590b388e6406e39244b37cd5d157f1b8ae Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Fri, 21 Jul 2023 17:54:58 -0400 Subject: [PATCH] added sshpass_cron, updates, secrets --- .vscode/settings.json | 3 + ansible/roles/podman/defaults/main.yml | 1 + .../roles/podman/files/sshpass_cron/crontab | 4 ++ .../podman/tasks/container-bookstack.yml | 2 +- .../roles/podman/tasks/container-fulfillr.yml | 2 +- .../podman/tasks/container-sshpass-cron.yml | 64 ++++++++++++++++++ ansible/roles/podman/tasks/main.yml | 1 + ansible/vars/vault.yml | Bin 10226 -> 10356 bytes 8 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 .vscode/settings.json create mode 100644 ansible/roles/podman/files/sshpass_cron/crontab create mode 100644 ansible/roles/podman/tasks/container-sshpass-cron.yml diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..6f00acd --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "ansible.python.interpreterPath": "/home/bastian/src/deploy_home/.venv/bin/python" +} \ No newline at end of file diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 6508b3e..25478f4 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -11,6 +11,7 @@ photos_path: "{{ podman_volumes }}/photos" pihole_path: "{{ podman_volumes }}/pihole" factorio_path: "{{ podman_volumes }}/factorio" fulfillr_path: "{{ podman_volumes }}/fulfillr" +sshpass_cron_path: "{{ podman_volumes }}/sshpass_cron" drone_server_proto: "http" drone_runner_capacity: "8" diff --git a/ansible/roles/podman/files/sshpass_cron/crontab b/ansible/roles/podman/files/sshpass_cron/crontab new file mode 100644 index 0000000..e6794d7 --- /dev/null +++ b/ansible/roles/podman/files/sshpass_cron/crontab @@ -0,0 +1,4 @@ +0 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Garage.localdomain 'reboot' +15 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@LivingRoom.localdomain 'reboot' +30 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@FrontYard.localdomain 'reboot' +45 5 * * * sshpass -f /mnt/unifi-pass ssh -o 'StrictHostKeyChecking=no' ubnt@Office.localdomain 'reboot' \ No newline at end of file diff --git a/ansible/roles/podman/tasks/container-bookstack.yml b/ansible/roles/podman/tasks/container-bookstack.yml index c2edac9..668c6d7 100644 --- a/ansible/roles/podman/tasks/container-bookstack.yml +++ b/ansible/roles/podman/tasks/container-bookstack.yml @@ -59,7 +59,7 @@ become_user: "{{ podman_user }}" containers.podman.podman_container: name: bookstack - image: docker.io/solidnerd/bookstack:22.11.1 + image: docker.io/solidnerd/bookstack:23.6 recreate: true restart: false restart_policy: on-failure:3 diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/container-fulfillr.yml index f2fb901..cb0ca72 100644 --- a/ansible/roles/podman/tasks/container-fulfillr.yml +++ b/ansible/roles/podman/tasks/container-fulfillr.yml @@ -37,7 +37,7 @@ become_user: "{{ podman_user }}" containers.podman.podman_container: name: fulfillr - image: "{{ aws_ecr_endpoint }}/fulfillr:20230710.1937" + image: "{{ aws_ecr_endpoint }}/fulfillr:20230711.1654" image_strict: true command: --config /config/production.json recreate: true diff --git a/ansible/roles/podman/tasks/container-sshpass-cron.yml b/ansible/roles/podman/tasks/container-sshpass-cron.yml new file mode 100644 index 0000000..536f973 --- /dev/null +++ b/ansible/roles/podman/tasks/container-sshpass-cron.yml @@ -0,0 +1,64 @@ +--- +- name: create sshpass_cron host directory volumes + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0755 + notify: restorecon podman + loop: + - "{{ sshpass_cron_path }}" + tags: sshpass_cron + +- name: copy sshpass_cron crontab + become: true + ansible.builtin.template: + src: "files/sshpass_cron/{{ item }}" + dest: "{{ sshpass_cron_path }}/{{ item }}" + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0644 + loop: + - crontab + notify: + - restorecon podman + tags: sshpass_cron + +- name: create sshpass_cron password file + become: true + ansible.builtin.copy: + dest: "{{ sshpass_cron_path }}/unifi-pass" + content: "{{ unifi_ssh_password }}" + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0400 + notify: + - restorecon podman + tags: sshpass_cron + +- name: flush handlers + ansible.builtin.meta: flush_handlers + tags: sshpass_cron + +- name: create sshpass_cron container + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: + name: sshpass_cron + image: docker.io/bdebyl/sshpass-cron:1.0.9 + image_strict: true + recreate: true + restart: true + restart_policy: on-failure:3 + log_driver: journald + volumes: + - "{{ sshpass_cron_path }}:/mnt" + tags: sshpass_cron + +- name: create systemd startup job for sshpass_cron + include_tasks: systemd-generate.yml + vars: + container_name: sshpass_cron + tags: sshpass_cron diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 382cb8d..be04b0e 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -14,3 +14,4 @@ - import_tasks: container-fulfillr.yml - import_tasks: container-nginx.yml - import_tasks: container-factorio.yml +- import_tasks: container-sshpass-cron.yml diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index df20cf25ed04a9177b707221017e58b7747de749..469d60263577be3d3251afc60a381f2aff09e4d2 100644 GIT binary patch literal 10356 zcmV-)D2vwsM@dveQdv+`03CA34#$wgQfz@?P?3QJjxc-!io~6mU+O$KvlR)|fu-bL z7S2N)%eH8*_dx99d#_#NgV5>U@@M3#+!c-Wu3BAJFDmjAa+-u0=9g!O=2}#B@Iv2GfvuSF^N52*!Hl?KSjI&;Wp$Dgdx#3sD==AE z3(E-Im|ZcrkDFW{MYUMTw`tZ2b02^nC|A&A*DM-_ zjanu)Kw->hi#2nwHF6LHD7O}(W)cB#W}J&enx3<=*@ze`I4U+g@!9((w1m!6SNfMy zmLtKw6P{-1X6~n`5PiM1+|J1_HG2dHnlPcNUu!4)yL$Hux4*uMP`triZK?&HYh@J z96Fo>OXj@*9{K|X8fvi<%RN~0^Za4rl8*jf6U$YrgX9JFI`{%OH}++c$4e)tdU5q- zv-4#WJm}6Ap&lSiac>15L0$BFQu)CF^b1yHN%U1(X;}x8xUqeNxWl&#J1+!2{ZoY| z$0YP`iOdUGxef)~P~qeOPLkvq5#DJ<^>Vy=*i80b zPf>{$rMsJ{qb={r4u?a_t3yg8(=B)2HmH9OgIQ?1)p!i`FqSSb%v|f8fz1%Z;?kg@ z&YT|uUK>RyP&=qUp1))d#x}ak%&35C*8Qs-Ad9GxrTsVIma*0U%C$_oTNWdVl}%h9N&iqIRk$O<*g3Kgr!lG2uF} zYjfG}5y<3OCwjU+R}|Y3&>D!7wqoawcfLcq1AHVyYtJW4?JP~tD5I>3qL z;dTTkkP^H97zdn;C(Pr_Ue5!Dd#IGV^&uzrn83RkM;#mwY>|v{QerSW70hxwXKQ3_mfjDx^37YuW6(8egBAU}`+zY2fzuRRO@#8@-t3AYp7Vqgi)P zZNi^m8+dt%OKg7vv6q|X4AAeg;rb$pP@@ZaCoU=}3^PlMr9r;l39ag^Tf87ivNB{X zwV}O3%%JK{o?1kzJpWnu1AMJ~uf!v6t`y9Xz+YM4Qe|Ak79ujJ&`d$1q`j!zIbhU{ z7e*tA9xp45_EaszNgQxC+)%7Dnnb;mtsE6v5Kn02S&20VP@pkvkLcJP`L2W(8WIa3+I;F^dE30AxwI)mFPbd)7s(n2 z>U)8YVG2O7Xl8b#78&_SM*F_eW(euT}?qAN+nN zEGqk7PxQolyhTF0%{kThM9DRM!OA-Kl=XEvEbj3pN6iKAAc}23Gq1@pv7Nb;_$ zf{0#+Wcj^(StvGvmuhC=w`(rLPDqXUb||w>7op$->pvgQHAPWQrA|KMLF;N)PTm*$ zCra(R$8!LWz~6B`g%AaQUa&vF^i;h|=xX{;uyUPH)7!kd3l~2p8zN{*=jii>gU{!# zK6!H(jx_bl#A~@d^aH8L5N&`1rHq$BJ<9k5S?I&mL{L5~VYk|R zr2C}P`P&rq(#_NlrXH_2ww;#MhM{v2k{ z8`KCDn-r&@7Fm9of_pNs z+E*tiPVCQThX(CSwKRat40{8WT#du1kxeN_GOlkl>pZ^S_3;P^5NwLo@2(#FQ(Idd$Wi;lu6wVA){6dTN)M)imk+yL8!GYhu!y?1{nMg(>QYpobF8mzylUHh9VeW-mbVv9w~`$|gjhzypV@yT)g1zcqdUpV zi~+*^+u~tfqJMT1Sm6cQRkCCPwmC=Zop(c~Te13p&#bfh2(dBRKlox#Tu`eXdzw8_ zE-Ld2^(GqBby5bm?n0N*1dQ<0oS%%C?gwWI8=t?%wywltpDWtZ(%$N$v)){#(+<(m zpQTkppv%Ht#eUg3_?eRpC5Va0C^5>&G(`y4QJX4!Hh<$*;xLJb70oedOefvAdpw6+ z!>>Bd*`kIbH6`kD8&GomO-MYEG3oB&cekfw@0$hzhn8mKR19)Axc8Z3UEg)pE;~Ov z1USlj>Wa5~r76(elV?+(;eF_+6P)?ZQNXO^5l9#YxSBTzz0E4wTe0achHcEEoDW2a znvm>-@LP*{U$+`>byrV5Ah<-%_aZ{B1QaZk0;lN`cNnsEXtpYpCZwt(97BZ`n0U6} zrbN>JcZR7{C>oYwQFrE+v@j3`?y!;L?*0FQP8rz9Jfg6HDK>O8>%YguQ>yGGjlJk| zqo)ICojJ8uYcV|aY!GXRnxKD%Bj1PR@G>Ux`I$LhW*w>M%cDQ*gVeJA_EGPrp&Nh- z|H1N(_=W^k|Do4Zux3Tk0K*R_h_oZ`^RM_P`Pt2J5Z5-)MpyYE z1h0?UvTK(9ggNU48=S`{)`_e93sm44h=AU5A@B-EMGGmY)xFjIFvz@yi`lz7ZysGP z)!kdnbia6?4S$;w<|)yMplB%cja?JMWINLLQ2BV{mz+I<)7oQf2T$CD4r3=y%Q+`7 z_uomFU?pDxO?CV-dtrCzafGZ%%z0q3# zh#`F>nsIL_iu7Oc$96ZOE0D>itzL3HwJbGdgL{+G5b8=R?AZ|YCh?I=%nIlz0ZSvF ztD>3fzB-}$acPZpT|=FuR9#*gIQ9glGOz1iv2_6_8vCCK(q|~QsXCW~Ts(OgC9N~G z&0ypN!70{=MFJb|gLr>@3mg6_o*H@L3u9@2fK|4r7k&4cno%u5ugM5nE>DC0P2n}+ zafV+)Q_7mR54&j#mx3K4eT0#6xBuNrKnOLi5*=$IR-M>(mh0OaO1YT?@`ScfIiZ-L zZlO(a+wa_D?36!yW5X+2Mw14U7O+5Pe5*#^#$oI1U>oZwP$fn) zYG|-cOkJHy{N&5ST>3MV|F5+N9CISC+l+{NI-KQ+ssHrJ7n8rSJJ0ozk|l!cu%)4t zJ$&XA;}TER=*0PR7WVrj!CCB(g(-n)PxG6uQkUBabZ{{*;1 z(%#SNj~op~fM>Y-d_zwlw?aV6RG+u4jb3w);Jodq6COqXCEuL7r3*i^dp4k2_4*RS!~EN=$*9l0?QF7UJZ2@8 zoD>xi%`xl{@S1t@Gdtwa|A%w7Th7zHrfT8@ktc9VhoqB-J1HK-1`K$sB9d9A<;kT} zl5*`hfr?AA!Lk;kDu&A$R~zHF4dJS|e3R^RQ~XX}*)h^dUJOIK+JXk|nQw%$A>#Lcs{X)NO^u^nfj>6RB3Mgv<5B|xb5%v% zG|*lGL?slMY;b73QO9eEP2$ayXGO%M0ZT-Z*J}}lcfy}aIo<^{Ds@=4Wjp`1yk?Kj zLnk=eBuAa+=SM08XTVw4WYbb90!$1`U~@Xw2JrwQznRn&C?P7+Si*b|Hr2})j#Dm@q|qn*Ndc1XXu5@1v{$DF#KBBYPbCjlj!Q^Ge^J+IJ3 zAOcv#5e1tp(p}pSwyCQn{$abLB=8hKYXWMdN_@UYp7h52XgyAG?qSX|-s&%_&mtF4 zG;A;@z(oe~tU`PCO=cnqtv20eC9$-<%)mu4c<0;;Vj9Fo@lX73pBX1$Z~hai5b+7n zsYKJbQ{hDqn_Nd5-UZE^gNwa;jDPH*0z5^bnY|8}W3@~FRo6zVkS!p&`*vJ`;c5ps zic%Cv7|HdPk4~Ntj#v{K3Am#E#Sf2Ru6!KPbOLeF^Ov2+RfN6WAr)@)x~^t!;?h(cB*c+uIkSe=k>IMx$8GNcs!o7MUP-9>cgRpX=TQkdUzH)E@Di?< zs>Ik{M3~_3;7lm?Fi7)8)Okm43wSmCf#!Kv0by3(+bkp^6bvdKeA4?>ubNX=5Zz_+773n~G zAzLM)(ZN&+5)*FT>-evIlz`uMha)m)nfv4JON>6@kPoR&27IT9H}96CsvDV{0if7T zampSMwT}W@P{6K=onv=d_-hq3ic*bS|EM{G##gk%2W`lG7o2a#p zwcK+Z#i;)}lBuQ%qZGLC2IiPsadDUV2_|<9Jre$#Ip;a3Un^NZ1d;gK3774fA5mcA z>Vh|rgByacb{@k1;Vii6nnPtKemO8zRIOBIRqOJfknqivVs-9!103kHoub5*ju_7a zYfzb;K=j^rq-)a;k2ah+4 z^*ye3jW`^ zU*3T^HhP{S;bSl&Qu^r8wPgjn>v~P9MANi+q<#F%o15{l{=c5rpqD=}+k5|!Br2pe z7G7oJ3g$2^2DG>gk7xD>YaN*$D5m(TFs(Getxs-zZ_Lv*HFD>A*Rmp*H~|YjDkB*N zql#EzsL2z!#YsCF?a}-GH)IOoKk7=5KJqBq#>KqV&3dRmzDRJJDv%Yphc6>=6Wt6h(sTnKdXIN>M&_e;lyBpgGbgAso@50%-a|UahnG4F^If8x zQqrHU;gWZ(S)RXIc=3_b7>y&x(-PE;laeg8x@ZvXrd)*;T3BEcPa8y$af8rU8*HfR zxf_)UnwaG+{Av&DLrF#E65E4nUYUUB76ACZ_u;2oh4(%C z=xaGdMPi-Uj2AN+MNmkb{<#t2ZScayaj*jY3-emn_a^xV)b+j%8>7+y_~~7X(M0PY zbyR)dmAbM=7@dceuViez98@`L{W#3kSFL2E_8I+d92JF$MHN8uo9fdtCkb$vyHiu6 zB9kCpSjc2Ir`fHOOBc&F{ual(5-;LL2pc3<44b=CyJd@Au2iF;BO6I6_0AZ6JMGcv zrO{2B#@_4{5n?*_bIKA^v zGYf(W22q#Pz4W}&p$}(U4!SDYCMrkLJ--c9XkO%a(R$0u| z*xkh4KRZ0*s^+F`qgc`Js(1GWT@02vNfk{@TJjQ0HOngkej!I>2K$XH*5Yk0HP1s3 zORH{lWyc!0zFOn@?ae_CF)+((CP_R4!cz!(-7?Gw_>tTzOC6Bk30~Tm&3ib)y_51Q zhLljIH2@rt@INA>y?QJ!Gql5%XnIu;nKsIv@G|~w7(fdG;Se2KObg~-dL#O>sGL|-|0F%O%S1?GujlljrVs6QJ(il0b#Y4z-0>d~2Gp|NPwGqxF!k;j8;Us>%p z&RsvXx=?zy!3&DAc0l&unpiv&Fmosf1blajd|s+&FSPulIoL75_V%jSDT4kLaHfJY zGxc!RL)cx8XyL^fg4krEarLa|N%N3|KjKI2qNIs5Ao?G3vp1qXV2LAg%7n)N9BfUZ zxDC^K-?P9i+_XylcYxc>#*gpQd}cuAhL+5CH}>e0#0XUz{t-hiviLb=Pm<@q&3g%o zD?=A#UJH5e`uLh#phap<->4JPur*>>0g$nHA0fvt!CGQ361- zNu^(9@zb1xH(a=hERUlB{ztET*u+!2L#%pb6surE>gyanFqIA9BM)B@Tf8HD)>=ZE z!7xeka-uH9AmW!NFpLet*fa{ThKwm1dQL{PUFLnJk-zu<46v)}sN9dwL_$5&N=Zi; zoeGE)AH>3`h9YtE{mYq`!Z^V_Dwhkp>5EAev=OqwS`jv!^aNcs-|Fh&JyT5W9k|sY zZb*%Wz>tzATwggO?9IwG`43_+8>dajwxN0jh4Rp>*~-qF(sKD(f* z9Yuu&=_aUs65(~}MwcZm8kjzY+D+iNZN*w0oy7qX=#fNO;-=}cWSw&{p6ZxbhATP> zi%zg(L3f!F349+SbGT#b=CSIQfMj6UrWZ3xM~qtU5B5Z4tgbnDLxrz|VRMKAJQAE+ zKm%Ncuf1NLoXeDN`U;tMoYMUWOU-0fqg*Y(o2pFfmLF=*^oiSfgV6>vyABe@N=aVh z3OSASt`v@ytlUDey;HA6o6f^Bw_p;Nh_^1vwR&MNA z^<9KPnj&0j55fqWMlxdAaZ1Ti7LZdW!k@YzArI4CqS2OGurcZPdE)hn$V@}RCqNQ^ zhiAuML~<8;5egb^L{X?yXzl4XwdW43;rXE7I}mxeTmLE8l(6v`w_ai~$g3Xo#mEsu=+9l!(5KiNnywjb-UFN%NN$;tVJ7rvv>U7sh#p_7`eFY)5kK<6{`V}V zJgC%|61N2^EyoE$ce=ouVI--|f5R}`4R;L`#RD0eRd7RDUSOORUX!QE)*)3R41U>Z zU6x%xeFqkUCq(tVTVl!(%ndk)W$fVJVRyU{u9R4!e?&q_p2=z))6 zl;kCS5RWAL$rys|mpwUS+_>l>;I>_&783$5!ZVfC>B+Yworl%k#e6GlR5LU7#qhtG zZO=~8hrB-};kSGQ)8z+V;H@x9yz4UrG~O|V!+q=TS2dh>rezueZ3aqKwoxfBRWmT&KTL2?#|82m8 zL>2ZpzdcmvAy!k3V|@*S^Q>LVYF=A2hm+1i(ZvZbUy9k@OYg+WlGA)<&<^Zd-Ep7E zbz)z&E$t-r!y^#%^`K%Z3kjYpS^|-9=rRAYoSzW%_WnD58OzV?Wuj**S$2LUKhg+* zLw$^%Z-D&)n^dxf{=j@gRzDqRkxro?u4AIaRKCjN*Sp$?d=oxv(j>Abi>1a2urG?0 zEBbYp)iBx6h6X=r4c}EmWcZ?qBOv6U4Z^h9rKr&`4_s*^pCqwd$YKPBZQ4sOOd`l^oQq?a{^XKS#ZedhZr&3oZwCjoL%5G4Mll#kj|b3OG2Q zw==~p|hTY`>r`UtGl2kz@_BJIeHLck(g6FbhuCkzW|i*8UB{-S~4QLpg$2r}1L?Ne?DI$5vM-Ac(O;QqR{olra7L za)zX`Oz2Bo8mm&+HJy*WFzx2XC5d)KHo{9jQwDfGer;~TAKzYcoU}R3Tm6s9mR9~h zE-$M%R4O#K@N6qWy!2BUJtV9gNb+(HhKgC=a00T&LKw4N1RZFdAq^pi=9&i)JX%}% z06wQ++SKQQLp*53EmJ>JS|Kl5<9PZ1X4X1;}hzN7uDr1Ai5@%1hOX{ zAT3RTQ%p#=9AE4f0f-}H?Ri{5FEwwFCuP(-Ve=TFnh)2^GX6 zALy8Q^JFXTEtx^3EO1Y-t7SWw>*71@c&eXRl@M;tuFdZeN&a5pN*uC&tu0w>=ZW+s z=5=Z7jWy9TtSo2fWXI2}K||EfQ_t$<1E1xGe~6Z~@#}Z8#(~&1>scrQIxWJKAgQ0h z!NWo+Bz|6|=SJ?ht@}C!`d=7+Z4A-%)-A@K-f~|mZu9OsK5qAtD!$lF^u`G}hB8Q> z+@H&SghIdPl_+pezpv%tTXCw}+ycti{F1fhkP|0=9 z@uF40-i!fR|5zTEsvg3!F6o?bz%hS2KoeC7&IV)(pj0$XHPTF4oa6n?*1IHrA5!+M zP^rf)IN6|?!R|EFchs~+811M9`pf&WF7){PvYEl0Fx-qxf%FCiIi+T}JB)aVwA+Bo zMcckhSJVH`)!-|Xxzh4RNyqcuTKGfeiLh;@x(+uffk%umDeW}*PlpaV2^lnmX1+eq zS8b7~Q-ZamE+-4en87BM>K|BTAVXcQFM1{b2e5vNZ$A_;YT+G{dFHEh`;}>ECiqO` zF?u7OhxsZ!Kn4iZsw;hJb4*l#q0jCvI@U65c|RC?_&h3JP&Z48$as3nN1NQEb51%G zVa1zCIEJ#m_$SbefBjg&iQ$4!{c^~LrzcXT=Al_7CK61b9+M||G$)mPz%sIAGFHsY z8Ogsm8?6v#mHy1>r%R&lb!shwQZ~4zd<;#y4x5sMdvnzwR-Q-VawS1bs6w=Foj$8Q zI2`rxsX0-1mZnJ?D=ag1h|$Tk&~$~!g6;n$P*Baops=+u@bw|=o3$yog^6L;Sip5A zW&-gG7szh#y#NyE5rGm!<~P7ZWB4x73EfpFy`pFE>9EK1(OMdKOqxVuZg#Ayt ztOFFq@44+SIZ`iMNHj)N0$6asi<1TCybt|NuiPX_I#~}lz$?e$AT3xmTd0{ebJmDl z2~6Kf@(EdY>H)CAWa311QtJSM+t-^C>wnW3@%l9)nL3=C6iSQVG)RC#P$XRr#dDg0 z%#yxnV7fpJ)qb$p# zo#8jVifxt7<5`)Hy|G`G(j!(A%inwcu}1Z#WlAOw_EleL{lawvueUrT)QWJSTz|Fj zTM-od3^x#M8z`c=b%~rV>!4RA-pqRGFM24&$RugRb0Td`Ho;DUCXaDA=Yjg=H@VwtMW~{w*JBPn3k^OAv_?RuZmYRY{YQIfrx8)^YR%??WWFUjCiN~1eycQ z`ldA>J2{JW%$#tHB4f*uu|#}-BW7v3<3e{R?#&IviTH@pgS|}JF2a+hh-zqGc>RM3 z4R=RH4+n6Skw>_u>-~i05@*x3uI6=AughjWt&U#6QpjMy)2pMuNQs>Pi4k~KC5goN zE=Idm>OWF!#|LXs9ql#7l>zQ@71zRL_HMZH<(*R(a|4K{{ERV=>_;}FTl*ILq%y_V zB|C9S8OIWnfQLbts0i?J%gw}j#I%7r{_BV&>_&=%mhduf4#o5L{pF3|$FU$Lf;B9k z$K=u`vSaz3ynXykmX5XR0w+8>p@e7=Xnm9!O0;FGg2G9RQ0cjpWUq~RNDC?QiY)d< zCR9~6LYu250~!X`2Z;N=yvj|6A6x{~fwu!6_MABwcdf*lE0?uyDJ#@}2*}i|DSCq8 z0n!i3k+23Jt3@O-ul`A~wHLtZOHNNaD7b{A)TXInMNwmDS*khgH)b{|e7A*&`ny4d z3m00qMI`5*jXKKx+EL&>EQkDCa!y{-HAgK3|09dvqt4i{ox)_pIt-O=F{ZMqV+ebW zW88~Y?>I>*Z3dG!qy~>v4T^Joyg{cmU23im#LcrPRWKTa?i&w^3C(!)cZvs4%X(8od92c2{LY>&Cl3q;VYo4R>Uu!Q#3*peBdv&QK((jJ`Cbdwl zd#P=mbUOMXR!Q7+R2Jn^#g#r;y<5gl?bFDx%RbkRH@fYL4>4iLUj&o%jPe?Ck!5;?{ZyS0whYfv4Dd!EorXM^SYDLOn)FD^Tm(( z!{pfT8gNF&mVkE2O5Dzw{nFJ^W(Z!z%{>c#hXN<2EG|Bs{4r5CF)S>X%T|}*>ekHg zim_xwEZ~}9!LwWuj8ADQnyM5FaM%3Ty}H~lSY-PlR5`>D{o~yUfBDyDi8)DJ?{C2o z%sA`0M)LHObVcRS(7Ntse2OPLOM)JryUzc8R)TW@UaMLB0SUO)^zr}?Z-!!&G; zW{5^K!oRpKt4x?;V3Os{^oQnb&-ucp(frK*Zt!Nk$Fre}KnrwYWb>ttut}9Ev1jX{ zIB=emlYDPGKj@v%w;z^{0Jmz^ySQ3%J>({=wHfEiH#kIt`uVo|A3*{{c4W2;qO9q{ z@Uv|VJsb%8>h6NEM~+)BgSVBV2^6{H9D6ohr{ZOR!7jhJa#`FA3ME$(V8B-l$Wiz2 z#Gfe>rL`$A&B zGsQB!OGp5Y<$yhtBj@s z+5Pv9jHL~AV)mP$gkBhXE)Yiw(%VuTP@Q0s&>hsemkSD9bayUG+)ZPBI$V4b5v9Izw{NK;mBWzW-_xdZYVn!ExIEvN-G z27c~vxUX3wR4RK_ZF=hG>FZ?f)uBS8Dh*+yFXfzdf8jSlm& zRV-Y&g0ewGEyh?e5o>OAn~9 zznv=vjeAgcNsVw>&?cuZ>m}QB4N~lfp~M~Y>+#xGoLLyzJ~-!q$a0+tL5trhn>snp zjDJ%RD13K~A7lQop*d0)ulT?`FFo80-;FFyMHjHfGO1FrNGMQX4=YZgzCVyGgqU$( zVm(r>C$G!(e-~yMu!}c%Plj}j%jV5?`0@%&ATr;)sB?`bR>&1(qV65!Am%kRMnV{k z7QA*()^5#Iehs2^om=l3%G$<3rHs%@ zn}q#60U}H{yuWJK^M+GtL8-4&aVN3{EV4-Ra!Hq}y)s_K^(R*h{0zu7nRj#Jus3O^ zxayi81Du$jzwdFjzm&t0@0p11r-`}gHS&<4J^j$=!zXs}*Z+G(yIDqoK=LP5Z=3au z#y1#3Y%z_RMRScYT-pruVI%=^4up@-_setFr*IV4Ri$^53#RHJz6mL%pohGOpaYLu zx{invIRb%2r`(ho1|kmPReD=QOb48H+a|ktl9o<`>)T=BNC=iA{(Q1^7cFj;EN=~V z?F7LS6u9v3%N#C3g@eGK=I?rO^(03JZOgGTct*@;d(VYWmjiR=!;z69Z2e97Ci6)V zVG`60J(B{=sVMNMudb-kA@X@3xaLVat`zme=@LR+pL*BLK8wTa-NlrT(^pVW?SYcx z(s{ii0ief#@#j;-n@ zk)u&f86X#J;*SC-5&>27nT3S-$9_?xIB|2A3Ju=`348Hooj}y5?>Tu~3h%uNPlu1c z+xvMIU|4^cRkNSWIvb@7ooZ#YMgQListVHwqj3>4;|Yq*KOg%EeTiXV@F$}`-$rNZ5+L;EIYd@OpO z&3uxlE`;2%nboQd;ELcQO-&)==O^$^g@r13#ScEGG;%u%yi8Jm2eW4V9Q)ndnx2uw zQJS#el7DM)jB6FNuxLq{r>ph)3(uBPfs`X6etiYm=-ZefIoWI?C}o2Qdd-l@u`uaD zq2QY8+6OqcWU!JxT_SX zpj;)kHbb_?7au8XE6mq;j(^g?UZ+89X)`_uBr~n$0twqjRWq3ude_W-up?|=6%w-_ zQF}Oj>#B=t1cX&pRd*5Mo>SEs5y`(Z!BnD1zS7cb9$vWQABYQqx~-z$V&k->MFO&v z)fk7z0e49cTN;&X2vC3dR+Fcj#1)pYDY*2_sVD`bk6(Xil5Es0-i(2KJ4(2$)g5ZQ4s@EB)g z>^LMntw|c8%Y-#ex=Z?UHd3#)-1p-zXLv$u=@*-gh}Kdvmt_zEuW-fG-8 z#coX0zqZ^;=hwCl=C0_H+u(W7={W^q`ekkPcO>qK`2+?e_>vNQ&o@_WfMm|kWKF)V z4Vlq(n>OT5UPjG6fV|}Y!|)k)c&rBPUQtT(+RbM@T|oNVF&g*$IZ+1B=+aVVIpbQy zDNdH2%)I4IGS#j1#t`c#B3fAGLSaFLhF${7%&rG8z;#KVoH`^u(c%X?(_!TP80sO6 zgkl4~1Vlvfv6!ma*Jer#+qhMFBQ6 zT5)KLjX{N`fPL(_T#y070AGJ)&~>43qNrd%)x#(%#T};2)*ukE4sp+Rw=+ajEJS6+ zz(dmT@iwQFxq2ZZL6t8a$=+YaRi!EpqCK8ddEMJ8(+AM9y|i{DZ)N=4ZE0cP=?)Xd z;3;#}Q&HcHjA8$tO1bvH_vowedOhBeT6<8i#_IfbD%dPj&n1hwnyWbZ`YP7EJvi`} zHm~Q;TjeN@(PXUUBWCl* zHhFI9VQ?E^r+kL3!sf`MJxO!wIRc$V0Zi>*J4_bm4Y~7M6~Y`A@{pN)UNa4c59Daz ze2EDn7?SzXHMA2fb<_R1 zkg;ZmgVB!tDVvT+gxOa&?TwzeaxsTXYm43V75S)Xbe{Hnk-{{7h2hJx9=!Hl znu{V;DpAu@es&xrWD0XQ+dDkk2p+AgG|!6h%=K9?wWi&FVYq zMgsH8Akgm^=c`DbZVel#T{@++XN-lnPD&{B;X=t-XbkqbV{n}FZvw1q?GM(80RvZ9 z>{PPqOnXWE6R_aZN$cM;U0lQY(|L~A8q?dnFxh$gtId;1Qd&Wksw=>XmuR(UR&@$S z?$HIz(>NN7+fG^ViR|&$S!^sB0hd)m@WUnCM;7{bWrZlD*85QwiMg1!vvUQ^vqw`8 zF}~gLE+2AVFxQT1tJ7G2H9yRmsfoUa0>R>t}mamFxIS;>AtGO_jczL=~8H^+~AsZ1BwALD`F+At0p z1(o|eO$_p?Fv%_F-ebUCaYMPV|5vmp^+gx?(OJXo6A5|%#X>LvP+A0w%Ei5J(^6xq zr6D}%Id|t+wg1JiWq^0H@;RxMzk&=6vb^Ddz$&>(@_hTY6(C6g>A&Hh5GFW`p{;ft zslM0mB)c_Lh3W89EvZnzs&B3PIpxPJf4|3c^)S;znFZIbDfBczZLg0k?Mb zM3s~d>dozpmrI_qNrw_z6(rv;uwo_AR78djkMRUyuW)<%z51D^ry=7D-lj=tNxlUM z2lcMJn@!=99ziz&I5@mM7`Vc+Mtz40|KYyZ2%;9B%+Z$egW=)0J2Dj_>%J-Nrso>x z=E1Ltx!f6ye0c6J)(FN=9AJMZ0w5IFr|W0y#@erJMnvzx#F! zMSI6CwAI~Ftibq-C8w>WTk>$NOJ3_Lsk1L@5(a%8szcVax% z`nra1M7zn`;Z1= zbV<-yd1XPtIwBMsqBBIh2OHLpLc7+q@bnir`Q@i0Esy@COc_P~Bw0ZG@&H*Cit+9M z`tFH!-g|8L%@M=|`Z08Aa)p%!=?T&c2*%#&xvWigd=%^cpv6}klK~#>i|j%LpEhdg zR62)_(sQQbNi1JJc|R|(3U6Pt&lV@Cy(B137k(hub?r%*u6u+iFut_#xB^W+g8e<^ z9)_t9T*#R_w=%Ww-sg->O&LRZJ&3RFnfbLk)8mIvKGN)u^YvEZd2Xdi6dd={#VA2h zgHN~z==Z#asXbX+g+{NTVJ%FYkj0d~p*&yhR=BEcBqiNv&(?OIy+X>l>+49R%Zk>j zyy){(&5Lvf0w4|0j3B)My;y0b9)0->Bf^e8RH4fZa9n-MWovn;FDI9UK)22eZH$NA zh|9oGw<9iwKx#|JE&u`Hpu@1=t$!m8JNfZX`<8-ylYV22M5Bo2nY}ujXcHMM8Q~5s z=*ve+6tkJ2VCg71Aov+?g&}n`&R7n>kWrq|p^)9J1+J8iu9VnB*!*+V#{;T(=V2{C zFJ_Y%2`MfZs0$+qh$pK%+C<#vn30jNIQ$)_wOwkKkr7288iv{+g?|FH4p|TRnJk}> zU>O2#wB*SurAm&3`30FS&H)_qe?_`PPq6yjyW+`LBnBbSYNrCc^Bd|#7b;2Rl1&SFYPvz>!)62Jw4z;&&UirOv@Nk* zo)G_yve7()`^YDWRY}%~zW75!xc!d@LsLEOc`{Mhc2`rs7Z6g=2cYQyUg?iy=oggW zq0^NdQ0%^$if#i^FgdRa0=V<1MzPv=n@WWChCEuVcuPu;&{Ixo`0?>lsM-ik)d_+j zkjf=;JUoH}h!5L!zRlOwMGS5#FUrE!u}BWi7H${a&YSn(&4LRNKkxo)GwtUNJhR|3 zDSIIs*B5;+-huS{`PWCkjV3D`=wt|}N*l*PKKWH#j?g7Tur@gt#TzGtMne(kR<-U4 zaK;j>5W0k8uc|B2#oCq0{WmThg)~V-E%`2amgQBI#1t0Sg^Z6GZsJGWr9FWB%_$J~ z&mL}WpgK0eB5_PTMa}{CHnl^G<#hbHxCbl#is(+%B!)imnVB59%V<*|lvDr^1Tr&A z&sQr-PE)QPA4~M8 zP-bBDGFmm@>pENp=@a#Yq5Uovblxe;YXI}q(*?=VskFZ#=Ga^npUTVN!Nl0|1>6`= zjibct@GOG!()y_)m@Tv4dT|h-46|osX%vVh!e{5qniJEjR`+PSODls1Ge1gWOrh%uq zk$o)>U9EDY=#m;umy(CELC>2q-eOH4Xn`pyRf2x@T;0CN2Z@5~{2QWr4Z8&hFtmlz zqlqcX0PnE*BOyac)uRGV^};XVb-Fq}_1fWW7vxd}<$nR}HFiI_Jr7OQ)N_u6r&@Ng zd53edrD62u!MORV;>t>;g0u!SG9^FWXY$!G-i)PV;dML<5-RvST!*SmXtJu!*}l$6 zn?oC-q++p`SgJ_NT1I!bO=d1#Tps@U5qc@64P@eLxs+N{kSy#U9Fpp=iCT!rm^kan zUo$3;C8}8C7{|}cpo)OC$ghNX18n$M>JL^Iu!to&*m{b8U;OSzX)n}irrS$^MWxiXU4uhO|SG_Y1u}praz0I%}Y1BHZ_BisBh+ zYbNMarQk}J{mk$RFjjF-m|)Ia;E19|sTFNpmFo62OX94Mb|?W0L@uH|38^Rkk%F`g zHs;9H6ekL>vrUo*Cd@0#h=eT3X4EESegDFR!!1&sFVliItS1RYDp?6Dp&4P%9w9*^ z(qvbOG+HcYx^nj!webvx;TOiV5|cLRDCj?!CpKok%o1pAkd2|6h;@q$A*g4Gsod7K zey#q^y!R_d_F25($)4$p)*pC-2LeOr_hZk~I_;?X>cBRvP=vod6zGS`ny3uGtfOn- zqM~3sK=+MYpXKYi?q_a^UGVdXcwy~Zwd_)``83MGb)c84TI%SC*vIVy#L=4b&R?y0 zK0(Ucw1$Ha47IfA*T?d_u4dnl1ULI*nIpS7SX`0Yx+f!9|LD9O!xD;I(AScVPYDm( zZq@vPCIg>ppgbBB9{s;cR($hM8r!MxGV<{=;$ShY3K=M;4)QTj*m8#PKh$>O{hAqR zEC8Gr$LV69CilM@VdOm{Msq@HAwKCjqlpVeCFhdSZB?mb7V(3Ue3q~SYUMRXgATgsc_YfX zl)pi|Q~W_pHPBaQjRo^bNa5BnTb>q;dU~~9@vRTXaS9pfs_%+@z1e)}ymW22*L^Dj z)bm<%1|v@-SqoV7C51$>4tE?_XvP(b_h*xm)Md+B`84G=>@i%FdtBJE=MF49CMu?v zgMxq6uHk?WMg|+^xqmb7`R!%oYb#8MuqxdM>BiQbWxBp}p<;G>xf>-}!$M315Ia*# zA^e_qtO>v##CA%u+1>a;Tvt#iMh;rQwPev_rh`BtwW*&ay!7@a6$M1_<>hoa39;Xl`jxj!Nfcgpx{Db_PPHvCj=Tw zzTgyZ3$B_hO$06R^oy?|#&jN?d3@7l9qqzGZ&5-8?A=xJ=7%7m?bbCApHq+Nd`saA z3BfHiob#Uv10YNOO!cjDEVOtKWA%+^{M}Zp^ov6FnD3S%HdEkx{KskdJ(nzzYi#f17IkR*&;{PH(0CBWyw<0`f zQXajj9PqZHy5KHuB~MkA(UpU=o`?H#DWUoIVGJ~Pd5uG4=p?k}cQ zA?|J7u}p=hjGsc4dM5uoAhcAW&nIyS@#e;r%5geJZ{+U^FpP*Rn9T+b&>^0RD{Nc0 zD3wI?ApEkeUF63a>3y{uLJY`|OH*J&$QCR-J}AF6F@OcxanihQ}Ao-T#c?dv2tg|CQlCRYL~eh4Eh0TG+FKRMTR zPx>B&p*wjV9PLM6_4{#NHjVMt5pdGgM2+h?;e0%%+67_Y9gC2da8LoHh?PVJ^Po|S zD_0?kDPB=M*=DaCws8EeDzD#IF%u{J!G1nBoMuQ&8nmq}r?C>ACwF3fpz)Eq@~wW>W>J(-uR%?n z0Wbmtc51R>fG+5ixvPMoNpj~+*(KQBDTiEv5i|s@r#KAcOMP}^s{xVj&65a*dfjY8 zP0o?QRR6Ebf&xV@dL)?|2Yn{BUgfZ>-=3x2z0Uhy=FY&GXJlIcq>1+>ati!@_%3kk zi*SSs>UckDtt&8_z#rD07zpZ*KxZ#tQ2@yxG{N?XG*(J3=uAP4|CWFvEDIuL4NQ6} zDsp_Eb^I6^ee;EOlqO>X$dcxBpILt{4>~<7#!0)AdbWl+NV+*ioE)zblTu{>+K_C z;zNxi=Y`aK$sZ>>yd5d~R+npBg3Dy+8}98+2m;Ay67!4! zdpy%z#Kt4(tFlZe4+g-r%@DiYQ596Nx^$zh7EhB>qb?siWsZofpQ>gARV~nsyy=C9 z_~^hAWL)ZaIIaI)920uRhDfZm4waSgAS)~|w=lki%7LR!C&DmI)R#(^&JX8o7<4PM z1G62xB5b0{UeNS)hY+BGLCqR>@LAL*MeLOfT}eIoUF*G0IG(E@c^wIeareLAzfYGB z8SDjyrMCF($z*Wi6ltS5J^CMWPC+2SOdmiU$<_qls4 zNgfQX6V{t{j(KpoCvB2&@xyN1VOeh0-o5wz<{MJgcw(jo2LI?1Y#+~1d>4{y>jbh3 z66O7nVrPBM^gR07CyZ}k<{KzFX~Csoxhmg(S*^<1%Kq7GL`^fG;7sC-mAjs<$(lVR zP2MRKaU71g9L#FgS;q*piI>O&uFgDiNro8lLln!iR+$5@T;xN$35I@;{QS!)^OPyh4=v<gpxg=v z>jrY8{vM-5FC%=GJAnb-w`@p(2eyk+h_HEXViz~ghW6tK*|R@=!dsr$o1~_cj*SLt zc{WzKDBkiQoiE(i*S(xUMX-05%6oV=*eA%KD5>~}Lo;1}&^V1j`q5^1bvQ9ocE*?_ z2O6nlKVm)ZJstpubf+Pi5h6wz~-nshXtOS~>N@ysMgJaTv$iR~pcTw#e+Rd-PKAg98j8Aq#NvM`#dWFK zu}iIC7u%j_`aRt)nH1jY4_P-bS9l0~C`^FB7=O7YkQ^jO^L>7>%87?FaE{_Sl*4XS z{xgeg9ipG0dJZ_)?fNn7rIbddv6P>4mCVh2b@wQ*%Ut!ac@O^&Um`P?92`+LgpW(By5Iz>EmoqIKj8tUf7w~*T}X_lL|%Cqv*547}F zu>aX#{RdN-<(CZ|LEVx+ix$UL1=~uC^ z?6Wt1hZiss*I*#8M|I}3Ogp9XDwU-R98hCgC;d)`>4_t>^dnS4kE*bX@38%kYxG6I z8w{Q~KO$R4c6ZvB)4df;f@>xXZC>_|0tvY2Wu!|rfA-sN1 z(oC7THPRPUlc8bZJ==V%q$Is@Me?AK{_t%!C#r>4i#L>uY;6-@+V(y{elH*kB@rq5 z1?WcD%&0Dpmx3kq9UfRQ6l~Jps9KMM=ORE7U>*@83qDxEFo1h1D? zq8&cwwhJD8Ra^wQaZHi0km&&>hoyPGzOsK&1?SpTNLB9}{8ZamctwauQ>h0_HRq@) zBXyf1mGNj+b$cM>2P1+koc&_~Xz-7Snp0$|cB3VgXwqSrvz^t|3hrEIA5Pcy&$Q!a z&OcXmnZg+Qnyg6*t0F`V}tbk&m8hv?cwk)A9#kb1jvdU8^{fd zU>YH^aqf-OjJ#B@4#fI%#rKIdwzO^+F3PDe?AquX~#$mQq5yjh*W`x!rfr%d&psHmjLf5S z&7zB){vcqVCXK^e#F@^|#cg{&HX+{RNYk*{G}CQ)Tf3e{ryJn9RY4S482)T*nHDm92i~8Ur`OG^e*Ca<~g&*z3!i zb0S}ElpQ#zCd&_fFdO$3&)`5Bnv2=xKsRa*Z^d743xB9PlBI#Bi=?jx+u?w)-V>}M& sa&Ib%K0aw!w&%{_>T?t@KQ=jP;5IwtGp}5+b+C)Hqbl+uOzJC4>?z;A-T(jq