From 7e7780656afccd34819b442fe98c076e7a5031c2 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Wed, 9 Oct 2024 21:23:31 -0400 Subject: [PATCH] noticket - updates fore firewall, fulfillr, etc. --- .../containers/base/conf-nginx-https.yml | 2 + ansible/roles/podman/tasks/firewall.yml | 5 ++ ansible/roles/podman/tasks/main.yml | 10 +-- .../templates/fulfillr/production.json.j2 | 2 +- .../nginx/sites/assistant.bdebyl.net.conf.j2 | 23 ++----- .../sites/assistant.bdebyl.net.https.conf.j2 | 60 ++++++++++++++++++ .../fulfillr.debyltech.com.https.conf.j2 | 6 +- ansible/vars/vault.yml | Bin 13077 -> 13142 bytes 8 files changed, 82 insertions(+), 26 deletions(-) create mode 100644 ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.https.conf.j2 diff --git a/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml index 15241a9..b950390 100644 --- a/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml +++ b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml @@ -34,6 +34,7 @@ group: "{{ podman_user }}" mode: 0644 loop: + - "{{ assistant_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" - "{{ ci_server_name }}.https.conf" - "{{ cloud_server_name }}.https.conf" @@ -55,6 +56,7 @@ group: "{{ podman_user }}" state: link loop: + - "{{ assistant_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" - "{{ ci_server_name }}.https.conf" - "{{ cloud_server_name }}.https.conf" diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index e1a1126..11231f6 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -30,6 +30,11 @@ # Zomboid - 16261/udp - 16262/udp + # crafty + - 8443/tcp + # minecraft + - 25565/tcp + - 25565/udp notify: restart firewalld tags: firewall diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 8248757..22193cf 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -22,7 +22,7 @@ - import_tasks: containers/home/hass.yml vars: - image: ghcr.io/home-assistant/home-assistant:2024.6.4 + image: ghcr.io/home-assistant/home-assistant:2024.8.2 tags: hass - import_tasks: containers/home/partkeepr.yml @@ -47,24 +47,24 @@ - import_tasks: containers/home/photos.yml vars: db_image: docker.io/library/mariadb:10.8 - image: docker.io/photoprism/photoprism:231021-ce + image: docker.io/photoprism/photoprism:240711-ce tags: photos - import_tasks: containers/home/cloud.yml vars: db_image: docker.io/library/mariadb:10.6 - image: docker.io/library/nextcloud:28.0.1-apache + image: docker.io/library/nextcloud:28.0.4-apache tags: cloud - import_tasks: containers/skudak/cloud.yml vars: db_image: docker.io/library/mariadb:10.6 - image: docker.io/library/nextcloud:28.0.1-apache + image: docker.io/library/nextcloud:28.0.4-apache tags: skudak, skudak-cloud - import_tasks: containers/debyltech/fulfillr.yml vars: - image: "{{ aws_ecr_endpoint }}/fulfillr:20240101.1715" + image: "{{ aws_ecr_endpoint }}/fulfillr:20241010.0018" tags: debyltech, fulfillr - import_tasks: containers/home/nosql.yml diff --git a/ansible/roles/podman/templates/fulfillr/production.json.j2 b/ansible/roles/podman/templates/fulfillr/production.json.j2 index 86b63d6..ec5270a 100644 --- a/ansible/roles/podman/templates/fulfillr/production.json.j2 +++ b/ansible/roles/podman/templates/fulfillr/production.json.j2 @@ -1,6 +1,6 @@ { "snipcart_api_key": "{{ snipcart_api_key }}", - "shippo_api_key": "{{ shippo_api_key }}", + "easypost_api_key": "{{ easypost_api_key }}", "label_file_type": "PNG", "aws": { "access_key": "{{ fulfillr_access_key }}", diff --git a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 index 567037c..ef3e268 100644 --- a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 @@ -1,24 +1,13 @@ -upstream hass { - server 127.0.0.1:8123; -} server { - resolver 192.168.1.10 ipv6=off; - modsecurity on; - modsecurity_rules_file /etc/nginx/modsec_includes.conf; - listen 80; server_name {{ assistant_server_name }}; + location '/.well-known/acme-challenge' { + default_type "text/plain"; + root /srv/http/letsencrypt; + } + location / { - allow 192.168.0.0/16; - allow 127.0.0.1; - deny all; - - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - - proxy_buffering off; - proxy_pass http://hass; + return 301 https://$host$request_uri; } } diff --git a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.https.conf.j2 new file mode 100644 index 0000000..59d6bcc --- /dev/null +++ b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.https.conf.j2 @@ -0,0 +1,60 @@ +upstream assistant { + server 127.0.0.1:8123; +} + +geo $local_access { + default 0; + 192.168.1.1 1; +} + +server { + modsecurity on; + modsecurity_rules_file /etc/nginx/modsec_includes.conf; + + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name assistant.bdebyl.net; + + ssl_certificate /etc/letsencrypt/live/{{ assistant_server_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ assistant_server_name }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ assistant_server_name }}/fullchain.pem; + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_session_timeout 1d; + ssl_stapling on; + ssl_stapling_verify on; + + resolver 9.9.9.9 valid=60s ipv6=off; + + location / { + if ($local_access = 1) { + access_log off; + } + add_header Allow "GET, POST, HEAD" always; + add_header Referrer-Policy "same-origin" always; + add_header Strict-Transport-Security "max-age=630720000; includeSubDomains" always; + add_header X-Content-Type-Options "nosniff" always; + + # Sent from upstream: + # add_header X-Frame-Options "SAMEORIGIN"; + # add_header X-XSS-Protection "1; mode=block"; + + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_buffering off; + proxy_http_version 1.1; + proxy_pass http://assistant; + proxy_redirect off; + + chunked_transfer_encoding off; + } +} \ No newline at end of file diff --git a/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.https.conf.j2 index 065beff..20bb807 100644 --- a/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.https.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.https.conf.j2 @@ -3,7 +3,7 @@ geo $whitelisted { 192.168.0.0/16 1; } -upstream fulfillr { +upstream fulfillr-api { server 127.0.0.1:9054; } @@ -34,7 +34,7 @@ server { return 302 $scheme://bdebyl.net$request_uri; } - location / { + location /api { add_header Referrer-Policy "same-origin" always; # add_header Strict-Transport-Security "max-age=630720000; includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; @@ -49,7 +49,7 @@ server { proxy_buffering off; proxy_http_version 1.1; - proxy_pass http://fulfillr; + proxy_pass http://fulfillr-api; proxy_redirect off; chunked_transfer_encoding off; diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 7d7355c25bfd238a345f46cec50eb92fa3d75660..b152d30036c1dbded4b526ec809408cd48a8ce92 100644 GIT binary patch literal 13142 zcmV-cGpWn~M@dveQdv+`0LE#75N8$V4MRBBWln9Ea)lilRUmzgNgX_GZMZ*D#!>*g5?T zeyHh&ty#KC1L{)yeYro8>*9=a>51*jR;tYlM$Xy&H*I0z1k#YJ&h@YcHPbfLtU zcVGa~falY5BxNjCQRMAXhd!wbH3SafQqsML_1ADY!TCmrAyWS<&0pqdX<5Av!Gc$*VUsLymV?cz2+ZqdC z#?PQYz&RL_pJap)8T*Te{#SWYHedqO1e)#Nh?u%iPr0; ztS1#IkE~h~{V9Log*fQr!(UMItleWVdg>jMQ!^5WVBrX3+6aQAt;|Pox|WKrS5V3{ zKYo%sv}Fc*RNEtOpI($D4rN;ac)-Iw^m2NbAW}re@A6WK<>fnSHsGnPOwC#F5A3sw zKsUewQMQB60Kw*1EMDD1mhtKiK>BUC8b(UXGPA$L2I@TsQ!UOpu`p&h=2q#i2jvsUtQr5_05YbU<@6y%8nnYe4RV zI~}SUABM4{MwyjX3l}8cNg1^H-s#4$<9&R7D~TkI#2;t-AwF7F1o$yg8X{hmZzc*k z#H$nYuYb$~yjI1!zRUGN@f=kgTN~mqRzf5wABc%s<#6mI?Y&5@Ic}yCEXQHKh!Wl& zTLV~>%(Yb+&OlCb6i8dPO@k1W>fSB%Tur4rT z%n^b#8#MLe!S}U5hwz`KKT4g7M2c;JaxR2M0*H-IlvajQsa2`Xht;M&^Kd%}{(`*1 zxn@gJ+H(F{Ey%3+iwiPD9eWbsU%2-pi~_q=)e3e*1e64`08`VyY2SC;g(V;vJ2*^q z4P=%}Z3%m6Z~Jl`)>0U8cGCfnA^GaYQ4?|ZE0%rfF^w&3a=E)R&520EEk@`xc~|g&cPpOeoj`Sz zGs2sF_uL*2vPf?Yp-)Zq#_@#e7LPe6sZecl&#cL2%O#yPa{}_oH9>@wI3vB0=OjrR zZ0An))|!Nl6$hRGu$2l!SUD0S-BJ_lCSI zw$3(w(3pch8=3-Qe^XXG56+x$*w8E~zkOyY5MvR$LWJPu6K-B3x8SCOMhOPa=m*9@ zAwBTX7O)xRG~LAHe58KyRy;)~cmst9I10{zV4k!5kyLg*Y5Zab z3s>JZ*|F+H5UvxA(rit25l9%)rs=1vP8)_nIW!nOU=an)ZF3vUW>v}@LfD=D)Obnx zY5*+^Z18~Q_m52`V8{UvFoC}iq#K=bu8u!+= zYXu{CbOfesBavbGG*~a((?^UMrM{mR+=F?6FF|cA(+Ld$zoE;213oLM0W6~ajQ;ho zQQyIHVP^54d(Un>ZT)Uf3v9}us3tA1)aFLK^TQ-Y>m6hwMLWRRt6PDVB`4*bFRf4>TV{f&QWM z;V=Tih*j~YM9C!$L}94$0_t3t16R{=HJrWjL+XYdT+%vGe@CtrTI+znXG^d+^8V5F zJY{aeJ(Vglc}chd7F@cNKNklR?KuND{&S;V2w!-ZJU~J43dl`&^ZSr+&L@~FzrZuE zmf_Sb?S4E(UrR$W9@I1tN_zW~ZYaBeXApnlYwJO}ee2Y4=;WQrDaRTr`CTnl(#B)9 z1hBZn|91UCP;9ocGSIGu7b0{r-~jt&BDi@R>YJ<8NsIA;1`_Eu zQ~D{Xr3eOEG_27DEwxE2!c6}6ci$r{;{D)J4YJi-aWY~+4V2gv)4-t&jW3%RDJ}2q zF;V>`MgInzRY7$+>w*-DH70~BMxN(>LR)E<5dtSfB${d_TCdgcS3ds-k%_(uC8U&> zSF=@5r-`P0PtFk0hMw7wyU56<2=kD{_y(gsUpplU$Im-9%9khOXoUf%;w!&AzQtAv z>a1BNn)2QDtD1F3YZJit%Y^WMMs3=GIt5Fw0-#xaSzGEw4|v2@7bJQI+T3K+8zu1%pt2Df-T(0C{2Frw zBNmFBizJyFBz&_1d19q_sTM5-uJ;N!(E>uDkkQ_Ae2LrUY}S@t>f3J#ow#&LIZl9pt^O{5^qpWGP_jyZ z4b!FL?2&T$X?|SPVGmqobjQ3h>J`@F z?yigb-lL_RnMnATLdT3B-U+iekJck3?oHMP*l zF`fh2%^wCi=>6f9ARUC*>N*YRrg^NC%XJZ@ZxQ1LH{6)YDKa_QDM3wY0?oIEUz=g5 z%k%yN<|T>Z0?2c8tydkxXAj3wNmwMMkzIWA1m^`j2C2)CMbVg+}QW)>+#Rt{GfBFZhw1nM1)c~ zYtrC?kENL1iae{Sh3NFV)~_9>r~)z2Z?TKMv)16r~thgPkzgQ zFcO)TzD0wph~*L1rf#IokF*ONr-NU5cn!nHs*~B#iY>S5kqnlZ79k_i#~iF5xb#H! z^(=|tuPSJqDSUUFDHAQgw52G{1iZ>Qszt-PzITci2+p{=V8PK?|q)$cF zEVWiFUVyrbI^xIgJJ9qLJ`><_V;ELxRNssLy{1#$~cE)bO%&ca(Lt206ucAohWy@d>*C-{COLX=}IXT3_uG9WK&YD z7~=6xEaEnd<@C5AbvBUm^}!ccuh-E#@0f>6&uQjVk1?~Y{5 z9He49F~PcnSp)QI!bai}VrjmodT%D-3LvLnq=t&$x+`jFYUdIMy;(D0c%U}@_$~!< zC_E5L)`RZ+>;>_05z;8=h65LkbsrH;kLBlKEw%%Od0va`A?W#53a z?V`;GAa6n))_1M5^UtedY;2SJi&8A{QSKo9p5H#RJ-cNaSSYDUq83D{6S*RoVh@e* zO^kYEsqx1zVkIO2@m7^vYVJrt4Ula8vt$#OOxtUH!#G-}r-ndsF zu*RS26lQNg`xTT7lEH!p(i#Cp>v$5xn06yoOECp?HeBhgtb6`XAHH>j?Yqgay<6jS zqTNj+&))~F!=csw9x9A_#X1vR=RdAiOUL{ulh7APf_P7k`~mdCD{33S{Qh+4g<(qQ z)dqiwAk=gZ(M%}LfAZAo9$bjzl%id4$-bGb@sU8)#Mf*=$v5U|As&KM=KLlLUM&2q zZLq}@^z5F2tReDTCJmn~O{qi&F{Kz>@16707FEoUPvO~uw3E1a4J>o1QrE}X9078E z7%1ArUx0L*Id=fnVI{yH?C|jE?;6-APZU%o-uYsQj3@!eswRV$v>a?# z`M~}Ps$fgY{;T%&4L~Rz8rSay1kTCVQbwC*4!zcgYGQuGMy24{2s=D}w@vqpOWEQ> zM90Acvbg+>gi+2d7QXF0|AK+3(GKafx1Nz4yC>1ar`qpsy43i|2UBu?ZV-4d8^h?X z;(A+Hy8A7YV=&1^54FdI^>wH8*_CsX)GKvF2-bTYL&}QqEsGe7+wphtt6vZRWvj*n zzB)mN=gga5d@X^>dlZ@Um68Q~P@;#IHdm3?tp@zS<}_f;8?DFJj%>(XMnRu-ABPp` zgRmO(;vqvMWZfiB$c|8cS3lu_sIL_`eC5roKz?;>kS|WfSIruMd;V}lhn&}zZ_>lplhsk0q$L%y zUxBn!L;fL?zFwUbbcXqap(rwfSfSKLe#C}JE2n*{W~=8u}uucN5J2b*7*Eb-IP37O;pwX9%B?%g`DL@>YB5 zmbgvKYa36`7;Vo?JD2H5d<&=E{Tg-CLlEM46+)*R=~dOKR~_~o)TsY02T&u&3(`(I z9%f3337wFL!!hKgs!_x&XwBk8gYojefCZ(Ks>4)efJ_sXWgcVX2GuzB*nr)!M;wEra_MNf4*0!<4;XHX2hXf7YTe!a zXE(_UXv*!cMfu5;UMBICUh*pOiFkhPQl9{hB2X}f!Oprs7-0pG7~SW|RR%zdLxZF^ zhndeu6aeH;OLQQE*!9(q7wq>>XQEl^a@ZX7`y2lX!4>P7@ae9ZT@Y5K8MrCjtx4k| zpx?B>$0D$%vMltK*;@+k(uv`|V|R)uTn~cI^80>0!&r~I<PP({I%g@nEwu3hYVe!hfx$rdnDl_8t)-m9xdI@w`i6|wIBjs2@`M1U zCX57w^Avghb1*5rznvN@zMA6&aBDA8HX!%kNk(hke$^IMUU_)+t8kXqEeLCB`S zZzJgY3v0(|`*UWiMmOVo)_#an&gONuX3(;5H>beODo-zGM?(Th^EQ1R$X});xkF08 zv+|U9H@%0gaxHV}K9}iv!0%bjj>AF?htY0RILT+T!(SKp;Z;(!Lu&X@j)0;7+pT%! z+}(iG;F{80dmr%><{&btX728#m4aIL}^;sVjasE_(mOP$d|cgpVbd zykg<{*+~wYvfhXlI)0t6T~yoa!#{l@qGj(14yU8Wr42ps~8p&(#mDtTnPb@9IYnswfKJf)MaF} z*szXe(NE$a3(h{%^~%m%~^kLmI48; zCtv;gAl2*vCy$bP|_<-l;^7IJ~z}B z!lAj;98qRcf*8rU)v_c3*isr`7c1Qv(op z&irk}@OS~U9$b04QL{d~M}vSj6ceUl-ts+q4$JKabp=kMnoU(s;cz5FYZrJI2-zi6 z{`Y$s_roO3SLo$ce=u{T)z-GSB*Xm*Gs%~PHHed`T}T8&blsI*7Y!+ukUiDLO?vIB z9R(HZcQ-Lu216u02$6#)D?WNpsuyejl7Jru6XqMoOWj1 z6&FjOD_n{&qGL1|Ca{KKF#~goeCGyj3rZDJ%&r@h(1Cwd1XxcNt3;Xa-RIrsB(CEK z3cKO-H}EH^?=B4MSSBI1y+X$*#95KFMDoTC2VqrF`wr_D&R9Z))#9wVJf@R-(QS?z~xnD?d1);%*qDEN)1JlEnq=!@p$J3Msdxl3D z%K`;H1a&dZ-0#Z=jG}})w7m!aQ?+d=N?*t!P)&Be>c7RuWUyX_X(G{Lp=8{Tzzb8*kq z0(txnV2Is_2tGmwU7FdGtLI5haPBvn+#|PmTrH&H-#4Vz7x5YME>Imu3_ZI&+S55) zDZ?TMkwD7!HS=F^vDj0zDzz0pbeQV(!ilfm-(CrdaXSRXo>z!bYV>RUe;nR}d%p5{ z@2z|WRr+|IYwAPSibI|uBwj=dFC4US1nwo^LLBZk?K^bHTuH!A5|J7<&VEKo3YQ2V z1ckMU{C>Y4L_2jA>|<9r z?3bG`>=Sx>Pn=VD5qd%aEtmNNs`Fsmitq?(n!8WE+~S#3UsLeWj_vLzU|173k1*Kj z_3#F#ygF3Q7~3w>f+v#H@{}E58xP41?}#8Pw`f%4~SukVRfLM*ns(SbAi!j$50b9QFhS`&gx7*+OK|H{&+9Ksd5ig1CvZ^ z^-zvz`H|yk5r3LzOhFAOMAYNQU33IGt2Mf z!&A9vyps74V=BOxX}GWK&!+#o_2?CLva)Yd$S&S^0q*(YJ6*NqD2&= zVJ$A}Va;0dJTMml0aO01V0(5fjFZO2T+;P5Z&mYygFO4+Hs*WN2dDk`}fm^dFAfH}6hXdrMA#lSfphuuMH{XTCD21;vq{SB} z1^dy+9Ae!fizZVV3Z8kV`m{MfS(v|U07h?twi?j_#wJ`P97-?%w(}|hpZqhw6+N<* zq|8ifcff?5s>1gNnG@ zV-SYCi`J}c`;L!2$0aAx5+h}bc6*%z_2Rs4h>OgCL9m{+GOZCubZiI+H(qpIpc1*1 zNabNRMd)G7ZOyk>jMg!B7o64|ZxzIq@{`t)BdjI>K7j6@uJOJ$EIz9fT@mR#Ja}N~ zlXGc|eA9)Zi}gw0bC6tjF5M6Bv=k4&ekcMV=%`h$L_@b^mu0ntFDrV&y`tOJ?6Ho| z#uk6AT2A;?g1l)))G6xSF|>*-ip6d|1Qyd=tl_pw+#_qa#Sr@rlj`nCG@`H_u%Otr zRH6N53NmM)>f?lR9vhn(NX|Ulr94c7$D4uy?R44uMKLm`ISS}H=0V% zs^6Z1;Fcy$?yA~N+y@)j@aQ!C9Fl6u?Kic2E_}i(jkyLjhMK8O&E_yp?a{3z60g0o zx0bl)@aH%dLKAB(EwP;xL&P)8!iR6lrtMlLR0~DWkheGvy={iYaVq|TrO#2gli~?8 zXEG`C^PWO*C#4*3n+F0$fsXNhG9~x@1dw7ZP!*s zzEZi@sj%n(awbNCJ6DE!u9_nD53@9tknc{}H3}wW#Bw2GA;Uwrd;m}X42)??~ z8;y%c`ze~_btQLQpO=;DLXn#6}T76;9V8(*b@;4EWR3z>7% zyt<%3C;-Jab+cqq$GlldA!E^qk^QxB<^E=ZjMvztud<-6?!Y=cNR3>jy3ki*u&q=O z5PLYp0yOoi;6jitI(PUu*tJ6gT)?<3|9r5{v=uMWYK(#qyXvq&2wgQC1v&zB`UEk{EGjmvY--Ggn+k~l5<>N9yuad)o)bRbh@e5&IwT0>w>h`sehvTyeon-2%wa6DiXw}IvG&xT5?6z51^N! zc+DqKk`R+G>8@ByGSXAYg|;BYIxuI~Xm&5A1m;@c;KCQlnKstcS7fbzO)2DZT7kIe z85l_dJh8dap>yr|-88%IcAhimgN@3dwz08YrD>~Fk(_kX3dYQV;lTwxhG!nb4<68C(JW*>someR_wvu+{j zvc=olfWKS(8?r_g%KBlx$y*l(trDTD&_*t(!ZkSkoDP(ZYaI?U*9_!rBtJi>6YP_>ovvK54Dw*4|-DKN>nCmI|P zeZRlkN?`Q~IUY&x6g8mOu;o{bUzF1tD&5+{Z&Jut+^85v5R=?yX>-K{*c`6x#7X^(k`^>o z)MMsfKCOK79M*0^9;T#J%7MCJ)k*vfE2&t&(ZzRpUdj$RCsr#^7v^(r`bQ&D{{kwz zU<%*wLdZrZOCfsoT=do{$=2zZX=tSZOb|KDMY4!miJ^rcF(1&g&=o?)*uh{5MXAay zZN_~$%pPT2PT~V{Ro%Q&m)#&Vq)W%a{c4c?#95|?Jh_SsJq3cr%Q^aR7ZCJN2bc`% z?Zi!AiPLJcO=mbK6o<3pnVcga?EQ{3*wXOaex2!4-Z3TF8F&PkxXpmGZ7UH);tn18 zZwkyZX7mIfX|_UjXVFaqv{JI-;HC1wOL9Cm3W9($9j`tA&i1lGR}UGu1jVg)4@a6? z^uc!+^r%8)(%qjt<_qOthttpG=H6Eauwqkv*-XcmJ~Qt@4UI)ko!DPyu~&-IF_1Ke0seK7jV!~|M4{~qpswW~X? zMGB}GFAp`yW<}{klEG%AG2<-Uw7z7v==;#OT3tqYjnodmq}#wIX;aJ|2m{g7ekWBh zg8F)D{bTl9-WSPp5U)_2c5z<3Wvs9rof@LZky|D^k@1GFo;~&sCOqjwgmVbAv($ z;d8EGSV_O9$U95~G%IQol&2vbync%wxO_zAHv*t8hS88l=HKF?<3XsV@;OwMT;^eL+^FnFg?_nBitU7dDU%)u5P~`nDEil5g&)&C>D(jpzi6e;|&JHGD?S zFK1UPca6hgTuvi#+D;=5D3dm6WxZZE-f4^>bW)_T4aJlzvVXG`wy>57(aI^X9b-G} zl`fUXx9eNl-7|EC5V!cZw{!C}#SUr2<<=OQJ|4#=RuxwZ)`)BBL6tJDSCZ_9h*fvL zkv7pKWo@chdWSy7epJ5s*S=&JU6FZI+YiQHQk`>Z`DaPGCl;B(7~HUL^(0%@osu$$ z0bJF(1rPYRBMtT?B>?XK43(`ATz|Ig)oJIVMSpu3Q%aAKdm{MiUEcxmXmmr)SC(tyhk@YUaz)NqcVTW76llzQg zUcGds6j=7lGyml>D*cnDH`%}R`;`}X-SM7`r?(5?bq!3}zVJB~ptbxx2R(MTI4K9pS zDV-cr!T-reyi^szN(><5S(Tl~MCVo76F%HAVpmTaEKgs~has5Z9KoH;!X&BneOm=n zx#=a1Zh%%CC&tvj7cjjyH2WeM4a&?fq5!=eybDyT0P8c5D5UTV@xYHnC zkPOs|-!1qmF4(vVt10D%`aYap$~_{!TRyI~nAM(TWC$-23&kzMxiS9b!q8!`UP9qm zf_)PKDsT*lphE;>YB&hQ)>hrb{_%)uhIMLcs0qY;U7&-T&Lz?(;Z^fzxic83bo=t5 z&Zr8TrVF4j^IhV8DtLJWJgyL$jx+#tKc6bIg`~aC%Myz(7w78-F?{?H=A;)OZ~KX& z?)7Q;0BtCo9+?eNnBP`3qF9!*wbOz@JDnU7pvM8K6d8vXp1#&|);X*Y+KM)J4hyL? znLH>)(vr*R`2QU(V@OoMc7alkb3r2qtSs#dA#Pn9T~Tr3PXo>S*h}RC1ES=amEef~Ji*IK}a-tL;4 zWP*8Mg>fEePSWwb=Ou;`sq~FhE4B#w+U|G=K3AderJDE)&Mq^9R|hEdq_%T$^{GVq zC3&*UICq{TqSN@;jy@?rWR}!UA>S1R^AH0W@RC|FU2Y%4ZASY^x~oa6+wWetyb(vh zj5I}y00=O*U@rsdbb@4N72F+=bww6zb(C_%1_tqbuFgGX{o5LcPM(Tl8nrKavrz9! zof$!;4>qSI$1FEl{B$6{+b)$s+Bro55?IQqB;VYNJE-R`Uaj9`eM!I=woeot&Vgke zFC>DEAjzaqVTB|3O74$2hdiLD1@Ip0yzRu13g-0^*D#?CJV{rRbG5uK)XD6W=2S6a zD$sw~mvN2+Ny^+=O$A>PBVM#*f?HSI;z6n@ZifPWPb;+M-ZU;S;Y+R-=SQ{5iX86F z(;qg&2e7g%2`xEcD>6l-UO?D;4+Y8@GP*t`wvY#;_|lR}n^8A)y<8+6=I^)6?so9! z^As5Y=nP07GhUL4;&8A3rBEjm^0u5vh(){{?IJ{atvLe8)T@lMk2?0w(#(C?Afk85 zXNMdC5_=+&WOH*RDmh0BQpBz#zuT4X(exXlY_mGn-Hv zTojDZp_9ZHs2g2y`&Qu+cUy)F)@Z>R#=U|;2y9>cF#5A+p&#T9fiG0avgNUSN1*nt zL@Z@5+_Vx*vk_368|IMzoPe6L3m9>JjN2I0TFihY*&`*Vg~c~*<9G%yS$tA`v6JJ0 z1OrSF_t`!(A?0`i_RRPYRiP_YdY@Kd-F9+zOlCq*pLgAKBoGg%jUNc7P^`?@;VQ|V z+^M`H23q#lpPM#2E3DOCzi|&iAF5m1300KQ!LEb3E++q!H~ZuA*Ol=5X57bj6?p!| zlVxKi%pzZ-XY;Wu?`*{i$qVMopVEe?kc5T)4|4=!i=SvMcdfdzSRy1$!W)X6T4oOx zIW)fb?bAl_v;fhpu1s$Iky^_<#>G2EG;D)R$_~TEz7kKuzUUang>LoL9gpMe<^y{D zTZihSCM*rORudkGYN_%LTKi`Qv)-$d*Zi>TsfpiL=x&PPYTitBr|!4;4cDIBHf1{^ zSRE)@uCE wp~D*zH&_5Vgk0$-MjphLuY?pBK1)%552%yoi&5AInIR_|ID;E2+gq+AS)^Ge@?P+Qk)HX3hniyr?{$nC#i>PuqU$3{`c2>*&wAnA~y)GMQul`ceR!!}LSliLNeLJ_we7=PJp zYv?8``80R0wU9T_cWK`dIzA4E%xnRPviTz@IXmKO2e2Vt9t=e$a}I@&tm~y$mN;QI-xaMe`0Map+yLh`C`OqQHN z@K9c>njoI<(UWSWGf#%61$=dC@{{VVJ1mGuIxojwe*3Lnt_ff%=TBcxjIAQEfsWfo zJEnt(s9D#8_>J!AMdtiqy0z`YG>+YD&}s9Sr^8euwuc+iiL&nZ?Md`FF+*r07+G7r z8D+U}xwzH|;8iktqOSmrM?4;6MgEZ5iUCJ@I}1wrmKT9BBonq1-u%{A_dfv%A;X2g z=zpjR+$Ge@*l}60U2lQ3jzEMjt)<7VLT?O`bsNFRstQ-^A~YzyYjDSSrPvSQLQT|N)~6Vx1RC~aye9fMFb#Y10S1IvGsY*I-C9c+*V8w7wD>Ts z*+#rLpo_g;ff+yK(`YCG_k?KHilRl)$K^R1klk*~T-@P9+aObSYH8FZWC1^}oI3q% z0@z>xiKY_d6wiXArWrM*YaKJjX`RBjX z=9d2#q>2Cs_gZvm!0g9i@!Dy9dcI2bI<>Tvamaq8Yqft|6^@uaTzxB(O@**IPSuCb zB=$BfXDu^U&Y}RS0rkRtM~b@4wwm)khe+FxZ|NaOd2UGkos+8wQ%A;Ha=KK_-ox4{ zlgH^SNTA*t z{P)MsCp_f6%lMNfn|l|8LuRZ#)j1qt4YQ^_Y*kd%J#J=gt~8TkuA@Tu2-r`oY;T$- zm5Y}{^O_aaXdV1XTil%13_HX8J=&K*zycM6)ZD7`cZ5+6PFz_`E#FKa}OjS>G*kHWOayzLPYZkCpgp@uz(T z@_#p6hL}24^2>IjbLyswlB_VAnIe#O47^hZJsGMX{61h3xHUG{+>C+!5g(&Oe;|Uk zNxY|&I1@)t-83P;g^gQ70I2|+Jwv1n0cufcQeTxNA7}W@5)nZxO90DXagS4S$i!Z< z_XF=P0dq*FWYE39b-(C{14WA);m1P(G<5}f{ESS7MgwX=0 z6FjNQsj`tWfZ5LcbKQz|%rEF8)^B~XIBpaAIU*%(m9qPAuVMCLG|5@mCJKden@H0J zxKtS8oC){9<0u0icf4e>ape}wll@Uz0hm#n38#NzW8PiCm<+?~@Q5Nf^(b=G@;R@& z_V^7;{}7!kl0AJ}B_Ur!w$%JIwmp)Ir0=)87M=9h7Y&;dRrem<5p#RLk_uR>71_Swmo zB;Wl*B{(&SlR)}{3CEZm)oVf{$5uP^qXR>SpV$~#x5cWJmYRI!M>>2m<)`S)DC1Y% z=qvsi!Q@b~OcXJrYNt&LV!Vw)$gDjRPrC6Vrt-+9_XvYGnm*91 zKUY90q+4YU$xGMU^Cjw51G*yrGR6YSE$+%;mY8qV-my2KKUr{8j_$up0Hv!cq1v4e zW*}w_1=I$eX>ijW9_Zv@<+<|5QZGmOQUA!DtK(o}UbGYoFVApsniM0q6=i~-v$LRr z5h|(ul%GEzIA>t@nA%B~U=+J|KtZ=}%cZkZ4eLiNeRwcks}}a%x4q-+XheL-0EXG( zo5?j2Gg0~V3z1Wq-^!V#Fd~=+Pb^fXz_1y=Y*w?2a%REc$z@H(UudRzT$fVB(?(Wx z&`-~8uwCUT9RYRG6@X1^S5J|PqJa~brdmu~?dWeguzqia#G$7H2{y#3BBnk|XJ1vo zfiE`$U_JwtB={uaN)E2w9h1}kf8Lj-H+CS?S1z1MVgO0x@KIT86d(r*{s63>(_TUb z2+zdegm_)W4Zf6V#;y-wOq#H0@O0JfjnR6IDYH#h+r43FpEbY;dh;Df8qVBFaW37Q zdk(Dtgr&1nL%|i#1;|qQoJ8?C(8&I(bbyT2cAkf6#{Qg*PCU<_$0SJ*Y3eWA%wtB& z;X>54Uo$Z9&-n%=%CXusOyfQ@n{e7UJy7QxBM#aMcg$mG)893s>K|W0^S*MV6@U>IiG9rFE<9-e^%eHg+T!u&=pl%awW2Y!6>KRuae^IY_;U&R z+yj-b4A*GQaNLv|$5)c{aXI89_EF&rIErQfg1ywUyNlTaKd4}_4)wHze29rEaw0F> z6CYp$NagNN|5>;xh=A}G)iZp#y>3K|-QyxLb|`0Wr%u2aXU)%23Z5T|0RAXCcM|VN zT({x#1R->-cvh@Aui}pINzwRNX%+ZTh_or;udN$z&i!qG)tv5o*giN*gG)yY9p5 zknTR;YQHPgrcCj_hgn*{(dETtd3;of{h(4THPVuaS3Tx^);*R$fPa-#Dg*ttTNzung)aMKqw~ zq%x-yw65a}L2$l2sYqmk*rWT3HtWKcRA!yIX(6P-&w`2(#8iRc(rgP6MwgP$Bnv~m zODu|3HI(rZtPD`DRu7rLJ3D>>EtSRAL{Pj^*Gh$He%q+s7qH9uGH z$QpBCG=^7J;1rC-LHg~P}DN{$~6Qa4*d8u`j72H9>Kczed~<3v9%4RBBg zZ`rg&XV1YpeaF=65PO}_n~Z_Arl2`*e5zJ%p6wCM>PnlJM;LOq`3?d~(FqUsp;zpP z&w`HP0(o#HLp zHlH+!o&o#j3G4JC_H}HRba*EaQqKSVN2Gg*532%c@>NwtxE-3hUswo85pJH4mS9N} zP5FL@38#dY(ggNl0o8xc{>s?KN+$gJj@-?rws!Wj381zvSzc1g}5Q z(SqgXHwlk_7R+J(t&n6*T^ePPs zczp3odx1scg;=ue4Yg{UgFFn!BP_PL%G<_{#3}JLetS}2#(Z=(ahi~U2U!!^EiZjU zqq#B8c};}G)oXc>QK zG~VsdBY-=xtPiZsVCb3VZ`6g7xxIMw{2249oooEx@Q$~lr1_sS@Nu?5l-4& z(S}G1Eu}(?TD1W3sG{i-s(D4Jn`WVVbEgzheF*pJDB)5Ba6u$vkE?5Ym)1;7K=ww4WT8QE%c845U$bGDR>V zxi?M>A_`KL+jfJ}M9hrg$5O!CTZ4_DNS>MV%ki4f(2`k&p=>@;B}g>?-ZHsC{hz6k zrxMw^dm5ZTaYX?tOA~m8L$<+EmSBoaGv+#x3kF^In;__Zh;PjcUE&H!oTid7Wre#U zT~V9-e30f*Mnjenlyz@VL&YSr58|ldrbNh~3aHaZ4F|YA-fjn(gOY?(R|GoXZ{YBe zY&Iou5s9{p5v~Oj()HP!YQuK;LXkoypJPLaD=Y=;A3B%v_d_4g9NbbiI~*wfglrR# zqHlr>BRVO3VU`o8Mw_hq$x#f84PHC>VQXNTMd)G^Gyp%d>^0746*&^D)z~7T>5DkP z%_FQqF#&pASeaLQ_1`@QczHA!-V$`^1q{f+X)_cw5seK6x>$t9>%l-;X7L}ExJp7{ zyEFJ=NZ7Ng&F;=k;TDRcnws7%gEHGsBFt!n=vC6+xJ@54=Q5i}3p1aJ_YJWc$E3m9 znxDHzL|$(wZcSyZTS!X{m1ANN&vr7KB(?e0!1vvUuJ|wiYUgz5xMab&%Sc+yj?hSP zkrIJdgoC42EADEgrQL-G>^0cb?8EuaE4CW znU*ZaWXc|)ENR-!=?)XKu7O_~;4_pl7)Liu0dxRQzYM)^7(&2l2i&A3cwr7DsMALO zgMOOi4TR#0Rn#mwb^|Cboow#pumc&#D(L@tN%*P?CyS}r^}#h$tf(rINh~#`07HGR zv3S<9G@vx4`>=u!v<~Pm8a$&|pJRS%Yxq&kvY4?Q9yuL8vfUf7;xDd|mpHrgNqZ-* z4ry7hFbc9T8G5|Wba{)2l^IuBo|l5vM?Tp30EinBKl>rztTw$Lacdr#(N^<0U-Pe^ zpw+LC_@eHp=_HMN!x{b?uDi^Wd&Al>lo~L``?I9J!d|M)X*AsR8L4@` zYMi0F`BI_((loNwjg8gogqt4Vz3L<|-kYcH-U^owKD(xfkUNT_n5+E*v~>7&({;e{ zCK};lkxqvv7>nx7QA3nVd<)>s-mzHVED=R%IMpTh&pP2EJ#62XshRznFs(5@Zpa&t zl>FLhGiBld)^+c*{G)O_zdPw|QITP2$5pT`;|qsBIr7#XeXD;~s3@Z~#Zb4@Jxxb> zKgFZ}+{h2NQ(Z)`(9WHgy2hUXYWrd27C+zlu&Fp(uj78=q>PlS)E~lsP(Vqz2vWtm zpmq3_dNGFg+A^Zos`pxI<1v3=-k`Vg5@F#%^>SyS=$APYnn|#|D-E;T28kZc;O|Qn z>Lhy6B#NB~(*}##=Aa^ZPB%ii6RYPFcc68|ugF@cRacw?hJy7(%9|Puk4Qndt#MiO zH^|e=a-4Aq=Oo(^QgeCfdD{$IoCm|re$Y9WThEmN&pG~ovR*c&mQHzVTD`I z-J^W)$aJc149RB9D#kKvZ zS)RQyjWQC3#;>9j(nH173lgBVlCQPLO&sAM$6@4V&-n^Z5|abKwm0)F8wZ}*BOH}D zCNqDN8^3Ot_&E;!Dr$N}Ur^x^A34lR6Ic-9<;LKh#5c>j<*CC@1!g`ZQqKa0v*BHhYs78WrhO>qWZ)tQO5e}L~(%Z0FRA+fdv$RWXv9AlY#^y!OzI91@uY&z9fo{S zHf_Q|H_nMjCc=yci@9FjnpPhW$-n9vqtpP;U=g^k7a~_NUpj>VR2jj&iOAM^ zxuzzvu}>{npqiwM#LzqLpP@&grCFGM$$^k|>?H^?R4By41rcG0LJ9B(`};>+ClQ`% zLb-NN53H(Ccsqr^d_nb55Ogv+!N>3(@JJWU#A*577k+mGaYcYJ=v?DU!?dDuwR=&gv{D)xUu)F>lG;pjE;+LgAl_52IM&*^FBvqa8o_i0 z6FK4qcp#c?GXAI0&R~%G3oGB-k1Bk9_1_TQVx(jYP$(;FGevp0oT*W7v6tRL#5Dom zy-Z&YgQDh58Pnxb1cPt#w5-4WAoyk$zql!>V^wGsmdseUpc|z}W+nyV`voKZY+2LJ znpswEyzDa+-n=S!2x>h0dTYuu%_m(FDlz6i%0&QDsz2Lpp-woZu+zH?Rns)>lfB@0 z8oPwi_QTQ0jHj`urXaoyEgI+I35jynk+jYn)kb^j{D~;rZHUs>#5_%41X1&?3Vmtl z>>pPy9)1~C(<0WY8lVZj8MAK9G{JqWcmT2HTd#J;v(rV9v(a7Bd`M>_M1^l!jvmH< z!9as69SB>HB~X4Jl{yRpJisgl7P~{ihgImA)etC|dd0NzZM{SAs{9af(Xb8>wMktj z-qUm1KcMl#o4Dwztmnn(R20S;{mG6h;HPbQ&tBttkh6PrYhMJSeO#fpG2Bv;QTj;U z9}Y(o_#>$&i>Osl2kO~Xgy}QSH}qkVncr9#x!gfX_Y-Hp5i$kHa*e^*>JN#ca(<1$ z{9V0^us(PH5vc;&y5bKchGrlbE-L7L}GHcnpsbj3!kFbgJ1u#RlZtb|mho0~-7-EK@&O0noG zC3O33VhKFYZzrM08I41!WM1m^)dk_qOXopML!K2#)rDAMV1%Xy#K?AwigKC%qc zqNYqF#`X3Qi%#E*Yuw_bvz>KNyK~}6SPJ~_oJYgv7Bq-4@kgH`-aLg{#wpIzQr6rI zhyoh}qD6N4x0NBIM5D0UIr=9kOmS2MSwUTXD57=~&`u&mfmJ{0bGR|hM@{T8utuenLzNS7dvCgd z-ERe0p&U-J1a~*ZS$Buzrx$(b0J{J#82nmYg7Ez)KKC5HE^@S|`M4)ME!D?JOvuP4!r7EG*` zwZKyU2iZ6IbE0hB;B{)mQJx73+Mq)}nNqMNMn#Wg^>V?x0wD+XSslK7r_eY4Bu)c4 zXr|zc0!;%S_eiCgaBct5^!uHlobiK!@C7(_T;AvQnQUCn&|6r%Ut8Mn>w4|SFpUwB zu^(8!1Lx{!p$6MZrA4D;>6%VWE!yvre4xH5c zxdAPwi($L%0;?Yzz#p?zORL>C#n`+LAFKtN9+A+Q!|z&3k6a%Om*-+QO!$&fnpI5B z!>>pQzu{PWCq7j$adohF%{PpCn{tzUAP$0l=hP4sh~ea9Z5Lo-WN32ga3`Wgf@3U5afiM|l@<}3_^!&XXwtWjDRZo_g`nps1YvZNfov*ehNY|N{`C3=lW;#4zILhj;ecJi2j?LK!(Il}@?}VY+o_rx{kclh$kQbGG)&)l1@P0Sr2z*c!ydHU{O2kL*H>sknosaU3oc3YEA zhQ;|0351!)2~hZt;g|7>Ck-{((#Ovi*#)4o*Er4-OQllBACaKV_?haL03u#c)|NWv zZCva@kCb>QB&~8JhL(X^H6H&>4NBjwb=TE5S9mFOekk>tHb5#gfqxaVgj2EqVP@#4 zw-$KcMS-_Y+53WEg|2w;6h3ohUSHrry$D`XX;AQMsA=dEHMnq{Qm2GDCE@n*1)nsL zx}dW7;`mfv{^9yyVF)^&x5Cc|V++uf@E?k$t!$gLsTooTLX~%N_7#~8$D_2dC@!N( z$rIAb2NjA-c=#f5kQ=SC)YPM`Y*_;9@tC119} zRH|IAUUa3ba8-FR(89dqSQxJwJgmTT1xasyJ$B_Q6 z)7e&7PdREXa_&4}5S>7n8w>Ix;B^UFTY14e)NG28KtNIv*W)=fhwv(j-9l$F=%zWB zeU?aaibq9mGk3yr8Q1=4fuc+a>okH*DNRj|IfVGv!`BoRT|vJ`^2gZg#J zZ*c91o{`77>tidneW8Me2!*r%1fY?ZS8+|J##m3g)x^`*`Ng*8?A{CcoDlsxiv{Nd zcnxUo#bys`!*0Py`nUo_ST)Cb8)5EMryl;rX|ryf2FivV5#HKjnQ+qH#Y5KI9XnqSz7d%@YT6aT2AFs6FDG=I2+^~K)Afzw{n|z?V#Hu#M!muZh7OBGz&)1n|L$YD$tAc zqzFav)`xn7;WN(5s1U+y!C=OnbN@Pg>C#U-ea=R+%MkVpSc3rFzYRHEp}7>ayC>HS z7^rZ$RSebrFvr?uUJe4GP%PehAL4KOI#f3!&V+T_HH9YO9lRcx2ml(sPPx*h%BV6h zPLIw>;C8Uu3WCBubo;q#d+mFR+1*kRRge&0NANiUJv0e`no8x)g6NB-!NX~}DDp;SbE6ed z@ESdHUGJC=E3wll%xCT5p1ZvW=5z3}TO0FtZ=UMQIPcRQV7)Q{iB&q&42A!`j!?nN zbldL<t|uaw6~L2H}_POoJ>)HT3-+U-9J(`NuFz0uRcCW+P0a*HC~=*7fodh;%gf z)Xw$uB&@yL0`%);revn|gk-jdx{~~>_AC!&M9~^-i&tE`3ruH5;yAId$&AIHqJRO1 zzu?|-_Xk0>^jOHsd|^g#FLn$y=moiZfj3zQuCZuhuk|0$+19`s7?A?lKFsV5v3E|& z@J+*ogOzBKZ+em$RU3e`Ob@K)egJxj^MRgrW=!A7131;4WZ4ak+}T?CPSQWK$f`8`q_<|F0WHXSW5)JnuUqCTMLhs2Knl~Ga0Q2{!S+ASrF+E0TtO_I)hq3%DY^s z^0L1S=fp*0By0t-+MePgKio%waUfO1`RhxgF5+Y@r`RPm%s93wf1Ict;WB6;QFG@q++{yV8y7d8&_fjw#(cc%8U0PcbHg-$e1H@6}<;5|iu* zW`hz^Y9742L`Q7#BMyJP8$^as&sk!5oun01p^7q%Z8FKU#UNv?gzq!3g zD0&OT=QZkRp=8fCt?#Bw6^o{c*}e}UA?=5Xp`SLhSeH_ACb*C=kRvy|%Zr@`t7o79 zj|36+Y{1W!{R#iNAE}^9^%xd)kKL&YNUo*OjlVp|5t-Hsn<5iP!<{GP#s6ye++=R= zMkKM4?PDTVP-7@+8}-v}uaKf1Q*iLxL0ScBcs>~pO?8ZaI(y)BPsWbZ&g2HNt9}2N zmX~U)gjr`-1 zxhvPrgZYa{Yj-8@T6Ui8cRHc<3V>|R&uK0GizmJ>-0k>fC#0efU)IPA^25=2IrReT z@WOM}`fUMkMHoB@f%sr0cLN1Y0fQAvLYLWb^7hcm{O4!9qj+VnXD?()Gd+Uy;e1JF z54(pB|0D}bt20vMtm!yyi(FUvTtF=)O?f{31uemWeWwcLov{jkYL=Cg_&+O2qTTgpo z=)E2aRV4_ss_CtOAZSVR?V0S)HXbM|c5k8Ltsh4;LX#C~HfoH?MCvIZBmUbFmyMB+ z6w_k+D;wD^aGrke%@6#AhngH=PpGqMovxZTa2*Rb!q^wi@3}f1e3gbwZJ?U1ELtbs z;99CNf+Mj+UBTd!Z`rj7i&qU@d20$F_-G%{drW!0vE^d5(076UtS#WCAotHuFnk7c zVWL}keyF33dX9K|eC@Xze5_vHy=T=U^hoVJn>bI+Ay0HJ#H1=;cTlE>a(s*nfadz`?+khzGhk4o&o-UeL1v03S|Fkc36h8G8(`EPUR_*mZ`kxfxFot zHR7^hMYzIzGiRX1HmBs13)lsfpwZqIcT?$lK-o43MNV8Lnb84`6xN^sN5${pBb1MD zuSq)F%ySCIYVU*qJu0Ds`qOJC6MzuS7jkSKtqSaf=@<@X zVS1R5y?p-CEe{ipEdVD6f+-Y9VMyb3*33-ss;;P%9=0iFu9@ay7s#zp<1oUzZq4 zZG>%n=2pVoGQ!nWm|PeO*tlr~kr^dyGs1+Yx69VxLm^eyIJCVD7ExL%PJ^^`jbCrv z0HPjb)2=Bc7n@dQeeT#ruf55EVuFx(-+0k#a1Ey*ENA{+b63Bv*#&I6CoO1Bq~Kx_ zKLJlHw)bJ#v4*=!sGm&4geWNTWjBm9RRm8^$Ad4%pEcpCx9xU*Ed%s8ucj$BLB29b zTj=Wl=}?un5~{NM%>#8V1;S z56O-xK{`FJx5QqoxTmzv_m2&v39C$j8bzQ=K9+uP)cc|Rw1EF+IB;I~_kx_Z)@n0n zrj?6L?@)@i&!kFb2nQ^z7$9=$5DI5~Hkws!qNs-J(Mhd6l#Z)mWnjy}s~f|8wZRF9 zwC{6-ivpwIjT)Rser20ja5wsNF63ZY)7TlLT`TYr0Ju~BSp6fFuGI6pjiQ)bi~BjY+-x@JZduPT*u1|1 zms~!%G=$>*feNjDEBA)47D-=SOf6^DyqCe=_uP*UX@5`;;&g@^T9Nq$ruOTI#ePQwK!o2J4aD$soN_jP9T!mLZ^)WFb9n5Pa_d z3Kvj%3V{n=F8r+bR3xEl_P;(yD}d#|_8Kx@Ih9$YzfFtCYUIZc_2k3_@`>rMG7e_p z=Ly0XdeZX-C$0m77dV7mQ=U0vmqOPen3_+umHZv|8=@YkliyFNB!AagdA7WZgi^8R8Uu(q-Iv*>drW z^KvFE#Vhp4;xKhg1|;bQ@g;c|%<|L<>|@t&{{&eSr=m-~Uxs86x<(v+7&COhL%RaxcYKCC3Z%3~V zC^+ZkW95U?{s>|+56yyWEB6?GG8ka7CYKR;EcuL_z&ah*o@JV_-p)#!^6oH;w; zYduotl@_82csaPfZ9D5?RAOlOMtRy}oEGL_da<2NW!O7-DHbx(&>dm*~ll$WN+G_bTkpLbeHH?Iz zR+R_1<*xMW&2>X?&u}ZALQU`G;uZ1%NP6PEh;;KS3|$W}X=HLW+~>>G`o)F zU>EIQJmHNXbw3*_L{6}tx#K~*%`2=`xBAdgln}sZeim#FNkbWc8+K$a^Uv<%y{ecd z`-Z?f^LY1!%$fd+3pVqbaZpZCWk=X&>1F0{@xZqbxVQ|hk}ucoEj^Q-$h)`b^E2x* z<5vhpnP%HFPjwyCOc0Bv%+lEZlDj9cZF~1UVmsj#!N@?dc06j+b&?=3md#