From ac1d80840e739b2c89199b0c773754c903326bdb Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Wed, 3 May 2023 12:03:17 -0400 Subject: [PATCH] added factorio, removed satisfactory, firewall, fulfillr, ipv4 fixes --- ansible/roles/podman/defaults/main.yml | 4 +- .../podman/tasks/configuration-nginx-http.yml | 6 +- .../podman/tasks/container-debyltech.yml | 51 ----------------- .../roles/podman/tasks/container-factorio.yml | 48 ++++++++++++++++ .../roles/podman/tasks/container-fulfillr.yml | 54 ++++++++++++++++++ .../podman/tasks/container-satisfactory.yml | 46 --------------- ansible/roles/podman/tasks/firewall.yml | 17 ++++-- ansible/roles/podman/tasks/main.yml | 4 +- .../podman/templates/debyltech/config.json.j2 | 21 ------- .../templates/fulfillr/production.json.j2 | 5 ++ .../nginx/sites/assistant.bdebyl.net.conf.j2 | 2 +- .../nginx/sites/ci.bdebyl.net.https.conf.j2 | 2 +- .../sites/fulfillr.debyltech.com.conf.j2 | 24 ++++++++ ansible/vars/vault.yml | Bin 9967 -> 10226 bytes 14 files changed, 153 insertions(+), 131 deletions(-) delete mode 100644 ansible/roles/podman/tasks/container-debyltech.yml create mode 100644 ansible/roles/podman/tasks/container-factorio.yml create mode 100644 ansible/roles/podman/tasks/container-fulfillr.yml delete mode 100644 ansible/roles/podman/tasks/container-satisfactory.yml delete mode 100644 ansible/roles/podman/templates/debyltech/config.json.j2 create mode 100644 ansible/roles/podman/templates/fulfillr/production.json.j2 create mode 100644 ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 910c3dd..6508b3e 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -9,7 +9,8 @@ nginx_path: "{{ podman_volumes }}/nginx" partkeepr_path: "{{ podman_volumes }}/partkeepr" photos_path: "{{ podman_volumes }}/photos" pihole_path: "{{ podman_volumes }}/pihole" -satisfactory_path: "{{ podman_volumes }}/satisfactory" +factorio_path: "{{ podman_volumes }}/factorio" +fulfillr_path: "{{ podman_volumes }}/fulfillr" drone_server_proto: "http" drone_runner_capacity: "8" @@ -20,6 +21,7 @@ assistant_server_name: assistant.bdebyl.net bookstack_server_name: wiki.skudakrennsport.com ci_server_name: ci.bdebyl.net cloud_server_name: cloud.bdebyl.net +fulfillr_server_name: fulfillr.debyltech.com home_server_name: home.bdebyl.net logs_server_name: logs.bdebyl.net parts_server_name: parts.bdebyl.net diff --git a/ansible/roles/podman/tasks/configuration-nginx-http.yml b/ansible/roles/podman/tasks/configuration-nginx-http.yml index b9e07c0..fef3635 100644 --- a/ansible/roles/podman/tasks/configuration-nginx-http.yml +++ b/ansible/roles/podman/tasks/configuration-nginx-http.yml @@ -61,17 +61,18 @@ group: "{{ podman_user }}" mode: 0644 loop: + - "{{ api_debyltech_server_name }}.conf" - "{{ assistant_server_name }}.conf" - "{{ bookstack_server_name }}.conf" - "{{ ci_server_name }}.http.conf" - "{{ cloud_server_name }}.conf" + - "{{ fulfillr_server_name }}.conf" - "{{ home_server_name }}.conf" - "{{ logs_server_name }}.conf" - "{{ parts_server_name }}.conf" - "{{ photos_server_name }}.conf" - "{{ pi_server_name }}.conf" - "{{ video_server_name }}.conf" - - "{{ api_debyltech_server_name }}.conf" notify: - restorecon podman - restart nginx @@ -86,17 +87,18 @@ group: "{{ podman_user }}" state: link loop: + - "{{ api_debyltech_server_name }}.conf" - "{{ assistant_server_name }}.conf" - "{{ bookstack_server_name }}.conf" - "{{ ci_server_name }}.http.conf" - "{{ cloud_server_name }}.conf" + - "{{ fulfillr_server_name }}.conf" - "{{ home_server_name }}.conf" - "{{ logs_server_name }}.conf" - "{{ parts_server_name }}.conf" - "{{ photos_server_name }}.conf" - "{{ pi_server_name }}.conf" - "{{ video_server_name }}.conf" - - "{{ api_debyltech_server_name }}.conf" notify: - restorecon podman - restart nginx diff --git a/ansible/roles/podman/tasks/container-debyltech.yml b/ansible/roles/podman/tasks/container-debyltech.yml deleted file mode 100644 index 1db8958..0000000 --- a/ansible/roles/podman/tasks/container-debyltech.yml +++ /dev/null @@ -1,51 +0,0 @@ ---- -- name: create required debyltech volumes - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ podman_subuid.stdout }}" - group: "{{ podman_subuid.stdout }}" - mode: 0755 - notify: restorecon podman - loop: - - "{{ debyltech_path }}/api" - - "{{ debyltech_path }}/api/config" - tags: debyltech - -- name: template api.debyltech.com files - become: true - ansible.builtin.template: - src: "debyltech/{{ item }}.j2" - dest: "{{ debyltech_path }}/api/config/{{ item }}" - owner: "{{ podman_user }}" - group: "{{ podman_user }}" - mode: 0644 - loop: - - "config.json" - tags: debyltech - -- name: create api.debyltech.com container - become: true - become_user: "{{ podman_user }}" - containers.podman.podman_container: - name: apidebyltech - image: docker.io/debyltech/go-snipcart-webhook:0.1.34 - command: --config /conf/config.json --release - recreate: true - restart: true - restart_policy: on-failure:3 - log_driver: journald - network: - - shared - volumes: - - "{{ debyltech_path }}/api/config:/conf" - ports: - - "8040:8080" - tags: debyltech - -- name: create systemd startup job for api.debyltech.com - include_tasks: systemd-generate.yml - vars: - container_name: apidebyltech - tags: debyltech diff --git a/ansible/roles/podman/tasks/container-factorio.yml b/ansible/roles/podman/tasks/container-factorio.yml new file mode 100644 index 0000000..f70b640 --- /dev/null +++ b/ansible/roles/podman/tasks/container-factorio.yml @@ -0,0 +1,48 @@ +--- +- name: create factorio host directory volumes + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0755 + notify: restorecon podman + loop: + - "{{ factorio_path }}" + tags: factorio + +- name: unshare chown the elastic volume + become: true + become_user: "{{ podman_user }}" + changed_when: false + ansible.builtin.command: | + podman unshare chown -R 845:845 {{ factorio_path }} + tags: factorio + +- name: flush handlers + ansible.builtin.meta: flush_handlers + tags: factorio + +- name: create factorio server container + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: + name: factorio + image: docker.io/factoriotools/factorio:1.1.80 + recreate: true + restart: true + restart_policy: on-failure:3 + log_driver: journald + volumes: + - "{{ factorio_path }}:/factorio" + ports: + - 34197:34197/udp + - 27015:27015/tcp + tags: factorio + +- name: create systemd startup job for factorio + include_tasks: systemd-generate.yml + vars: + container_name: factorio + tags: factorio diff --git a/ansible/roles/podman/tasks/container-fulfillr.yml b/ansible/roles/podman/tasks/container-fulfillr.yml new file mode 100644 index 0000000..914b876 --- /dev/null +++ b/ansible/roles/podman/tasks/container-fulfillr.yml @@ -0,0 +1,54 @@ +--- +- name: create fulfillr host directory volumes + become: true + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0755 + notify: restorecon podman + loop: + - "{{ fulfillr_path }}" + tags: fulfillr + +- name: template fulfillr config + become: true + ansible.builtin.template: + src: "templates/fulfillr/{{ item }}.j2" + dest: "{{ fulfillr_path }}/{{ item }}" + owner: "{{ podman_user }}" + group: "{{ podman_user }}" + mode: 0644 + loop: + - production.json + notify: + - restorecon podman + tags: fulfillr + +- name: flush handlers + ansible.builtin.meta: flush_handlers + tags: fulfillr + +- name: create fulfillr server container + become: true + become_user: "{{ podman_user }}" + containers.podman.podman_container: + name: fulfillr + image: "{{ aws_ecr_endpoint }}/fulfillr:20230503.1557" + command: --config /config/production.json + recreate: true + restart: true + restart_policy: on-failure:3 + log_driver: journald + volumes: + - "{{ fulfillr_path }}:/config" + ports: + - 9054:8080/tcp + tags: fulfillr + +- name: create systemd startup job for fulfillr + include_tasks: systemd-generate.yml + vars: + container_name: fulfillr + tags: fulfillr diff --git a/ansible/roles/podman/tasks/container-satisfactory.yml b/ansible/roles/podman/tasks/container-satisfactory.yml deleted file mode 100644 index 1c75096..0000000 --- a/ansible/roles/podman/tasks/container-satisfactory.yml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- name: create satisfactory host directory volumes - become: true - ansible.builtin.file: - path: "{{ item }}" - state: directory - owner: "{{ podman_user }}" - group: "{{ podman_user }}" - mode: 0755 - notify: restorecon podman - loop: - - "{{ satisfactory_path }}/config" - tags: satisfactory - -- name: flush handlers - ansible.builtin.meta: flush_handlers - tags: satisfactory - -- name: create satisfactory server container - become: true - become_user: "{{ podman_user }}" - containers.podman.podman_container: - name: satisfactory - image: docker.io/wolveix/satisfactory-server:latest - recreate: true - restart: true - restart_policy: on-failure:3 - log_driver: journald - memory: 16g - memory_reservation: 12g - volumes: - - "{{ satisfactory_path }}/config:/config" - env: - MAXPLAYERS: 4 - STEAMBETA: "false" - ports: - - "7777:7777/udp" - - "15000:15000/udp" - - "15777:15777/udp" - tags: satisfactory - -- name: create systemd startup job for satisfactory - include_tasks: systemd-generate.yml - vars: - container_name: satisfactory - tags: satisfactory diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index af72177..51ece8b 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -5,23 +5,29 @@ port: "{{ item }}" permanent: true immediate: true - zone: "public" state: enabled loop: - "{{ syslog_udp_default }}/udp" - "{{ syslog_udp_error }}/udp" - "{{ syslog_udp_unifi }}/udp" - - 1153/tcp - - 1153/udp + # nginx + - 80/tcp - 443/tcp + # pihole (unused?) - 53/tcp - 53/udp + # pihole (iptables preroute) + - 1153/tcp + - 1153/udp + # ??? - 6875/tcp - - 80/tcp - # satisfactory + # Satisfactory - 7777/udp - 15000/udp - 15777/udp + # Factorio + - 27015/tcp + - 34197/udp notify: restart firewalld tags: firewall @@ -31,7 +37,6 @@ port: "{{ item }}" permanent: true immediate: true - zone: "public" state: disabled loop: - 2456/udp diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index 220cf6b..382cb8d 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -11,6 +11,6 @@ - import_tasks: container-bookstack.yml - import_tasks: container-photos.yml - import_tasks: container-cloud.yml -- import_tasks: container-debyltech.yml +- import_tasks: container-fulfillr.yml - import_tasks: container-nginx.yml -- import_tasks: container-satisfactory.yml +- import_tasks: container-factorio.yml diff --git a/ansible/roles/podman/templates/debyltech/config.json.j2 b/ansible/roles/podman/templates/debyltech/config.json.j2 deleted file mode 100644 index c9a6b9a..0000000 --- a/ansible/roles/podman/templates/debyltech/config.json.j2 +++ /dev/null @@ -1,21 +0,0 @@ -{ - "snipcart_api_key": "{{ snipcart_api_key }}", - "shippo_api_key": "{{ shippo_api_key }}", - "weight_unit": "g", - "dimension_unit": "cm", - "manufacture_country": "US", - "sender_address": { - "name": "de Byl Technologies LLC", - "address1": "176 Lull Rd", - "city": "Weare", - "state": "NH", - "country": "US", - "zip": "03281", - "email": "sales@debyltech.com" - }, - "default_parcel": { - "length": "10", - "width": "19", - "height": "16.5" - } -} diff --git a/ansible/roles/podman/templates/fulfillr/production.json.j2 b/ansible/roles/podman/templates/fulfillr/production.json.j2 new file mode 100644 index 0000000..180f131 --- /dev/null +++ b/ansible/roles/podman/templates/fulfillr/production.json.j2 @@ -0,0 +1,5 @@ +{ + "snipcart_api_key": "{{ snipcart_api_key }}", + "shippo_api_key": "{{ shippo_api_key }}", + "label_file_type": "PNG" +} \ No newline at end of file diff --git a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 index 83cfb1c..567037c 100644 --- a/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/assistant.bdebyl.net.conf.j2 @@ -2,7 +2,7 @@ upstream hass { server 127.0.0.1:8123; } server { - resolver 192.168.2.10 ipv6=off; + resolver 192.168.1.10 ipv6=off; modsecurity on; modsecurity_rules_file /etc/nginx/modsec_includes.conf; diff --git a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 index 968f070..6dd30d5 100644 --- a/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 +++ b/ansible/roles/podman/templates/nginx/sites/ci.bdebyl.net.https.conf.j2 @@ -4,7 +4,7 @@ upstream drone { geo $local_access { default 0; - 192.168.2.1 1; + 192.168.1.1 1; } server { diff --git a/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 new file mode 100644 index 0000000..1fe3173 --- /dev/null +++ b/ansible/roles/podman/templates/nginx/sites/fulfillr.debyltech.com.conf.j2 @@ -0,0 +1,24 @@ +upstream fulfillr { + server 127.0.0.1:9054; +} +server { + resolver 192.168.1.10 ipv6=off; + modsecurity on; + modsecurity_rules_file /etc/nginx/modsec_includes.conf; + + listen 80; + server_name {{ fulfillr_server_name }}; + + location / { + allow 192.168.0.0/16; + allow 127.0.0.1; + deny all; + + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_buffering off; + proxy_pass http://fulfillr; + } +} diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 28cf17eb49153bd67405aa875d0fe430e54ed5d5..df20cf25ed04a9177b707221017e58b7747de749 100644 GIT binary patch literal 10226 zcmVCXaDA=Yjg=H@VwtMW~{w*JBPn3k^OAv_?RuZmYRY{YQIfrx8)^YR%??WWFUjCiN~1eycQ z`ldA>J2{JW%$#tHB4f*uu|#}-BW7v3<3e{R?#&IviTH@pgS|}JF2a+hh-zqGc>RM3 z4R=RH4+n6Skw>_u>-~i05@*x3uI6=AughjWt&U#6QpjMy)2pMuNQs>Pi4k~KC5goN zE=Idm>OWF!#|LXs9ql#7l>zQ@71zRL_HMZH<(*R(a|4K{{ERV=>_;}FTl*ILq%y_V zB|C9S8OIWnfQLbts0i?J%gw}j#I%7r{_BV&>_&=%mhduf4#o5L{pF3|$FU$Lf;B9k z$K=u`vSaz3ynXykmX5XR0w+8>p@e7=Xnm9!O0;FGg2G9RQ0cjpWUq~RNDC?QiY)d< zCR9~6LYu250~!X`2Z;N=yvj|6A6x{~fwu!6_MABwcdf*lE0?uyDJ#@}2*}i|DSCq8 z0n!i3k+23Jt3@O-ul`A~wHLtZOHNNaD7b{A)TXInMNwmDS*khgH)b{|e7A*&`ny4d z3m00qMI`5*jXKKx+EL&>EQkDCa!y{-HAgK3|09dvqt4i{ox)_pIt-O=F{ZMqV+ebW zW88~Y?>I>*Z3dG!qy~>v4T^Joyg{cmU23im#LcrPRWKTa?i&w^3C(!)cZvs4%X(8od92c2{LY>&Cl3q;VYo4R>Uu!Q#3*peBdv&QK((jJ`Cbdwl zd#P=mbUOMXR!Q7+R2Jn^#g#r;y<5gl?bFDx%RbkRH@fYL4>4iLUj&o%jPe?Ck!5;?{ZyS0whYfv4Dd!EorXM^SYDLOn)FD^Tm(( z!{pfT8gNF&mVkE2O5Dzw{nFJ^W(Z!z%{>c#hXN<2EG|Bs{4r5CF)S>X%T|}*>ekHg zim_xwEZ~}9!LwWuj8ADQnyM5FaM%3Ty}H~lSY-PlR5`>D{o~yUfBDyDi8)DJ?{C2o z%sA`0M)LHObVcRS(7Ntse2OPLOM)JryUzc8R)TW@UaMLB0SUO)^zr}?Z-!!&G; zW{5^K!oRpKt4x?;V3Os{^oQnb&-ucp(frK*Zt!Nk$Fre}KnrwYWb>ttut}9Ev1jX{ zIB=emlYDPGKj@v%w;z^{0Jmz^ySQ3%J>({=wHfEiH#kIt`uVo|A3*{{c4W2;qO9q{ z@Uv|VJsb%8>h6NEM~+)BgSVBV2^6{H9D6ohr{ZOR!7jhJa#`FA3ME$(V8B-l$Wiz2 z#Gfe>rL`$A&B zGsQB!OGp5Y<$yhtBj@s z+5Pv9jHL~AV)mP$gkBhXE)Yiw(%VuTP@Q0s&>hsemkSD9bayUG+)ZPBI$V4b5v9Izw{NK;mBWzW-_xdZYVn!ExIEvN-G z27c~vxUX3wR4RK_ZF=hG>FZ?f)uBS8Dh*+yFXfzdf8jSlm& zRV-Y&g0ewGEyh?e5o>OAn~9 zznv=vjeAgcNsVw>&?cuZ>m}QB4N~lfp~M~Y>+#xGoLLyzJ~-!q$a0+tL5trhn>snp zjDJ%RD13K~A7lQop*d0)ulT?`FFo80-;FFyMHjHfGO1FrNGMQX4=YZgzCVyGgqU$( zVm(r>C$G!(e-~yMu!}c%Plj}j%jV5?`0@%&ATr;)sB?`bR>&1(qV65!Am%kRMnV{k z7QA*()^5#Iehs2^om=l3%G$<3rHs%@ zn}q#60U}H{yuWJK^M+GtL8-4&aVN3{EV4-Ra!Hq}y)s_K^(R*h{0zu7nRj#Jus3O^ zxayi81Du$jzwdFjzm&t0@0p11r-`}gHS&<4J^j$=!zXs}*Z+G(yIDqoK=LP5Z=3au z#y1#3Y%z_RMRScYT-pruVI%=^4up@-_setFr*IV4Ri$^53#RHJz6mL%pohGOpaYLu zx{invIRb%2r`(ho1|kmPReD=QOb48H+a|ktl9o<`>)T=BNC=iA{(Q1^7cFj;EN=~V z?F7LS6u9v3%N#C3g@eGK=I?rO^(03JZOgGTct*@;d(VYWmjiR=!;z69Z2e97Ci6)V zVG`60J(B{=sVMNMudb-kA@X@3xaLVat`zme=@LR+pL*BLK8wTa-NlrT(^pVW?SYcx z(s{ii0ief#@#j;-n@ zk)u&f86X#J;*SC-5&>27nT3S-$9_?xIB|2A3Ju=`348Hooj}y5?>Tu~3h%uNPlu1c z+xvMIU|4^cRkNSWIvb@7ooZ#YMgQListVHwqj3>4;|Yq*KOg%EeTiXV@F$}`-$rNZ5+L;EIYd@OpO z&3uxlE`;2%nboQd;ELcQO-&)==O^$^g@r13#ScEGG;%u%yi8Jm2eW4V9Q)ndnx2uw zQJS#el7DM)jB6FNuxLq{r>ph)3(uBPfs`X6etiYm=-ZefIoWI?C}o2Qdd-l@u`uaD zq2QY8+6OqcWU!JxT_SX zpj;)kHbb_?7au8XE6mq;j(^g?UZ+89X)`_uBr~n$0twqjRWq3ude_W-up?|=6%w-_ zQF}Oj>#B=t1cX&pRd*5Mo>SEs5y`(Z!BnD1zS7cb9$vWQABYQqx~-z$V&k->MFO&v z)fk7z0e49cTN;&X2vC3dR+Fcj#1)pYDY*2_sVD`bk6(Xil5Es0-i(2KJ4(2$)g5ZQ4s@EB)g z>^LMntw|c8%Y-#ex=Z?UHd3#)-1p-zXLv$u=@*-gh}Kdvmt_zEuW-fG-8 z#coX0zqZ^;=hwCl=C0_H+u(W7={W^q`ekkPcO>qK`2+?e_>vNQ&o@_WfMm|kWKF)V z4Vlq(n>OT5UPjG6fV|}Y!|)k)c&rBPUQtT(+RbM@T|oNVF&g*$IZ+1B=+aVVIpbQy zDNdH2%)I4IGS#j1#t`c#B3fAGLSaFLhF${7%&rG8z;#KVoH`^u(c%X?(_!TP80sO6 zgkl4~1Vlvfv6!ma*Jer#+qhMFBQ6 zT5)KLjX{N`fPL(_T#y070AGJ)&~>43qNrd%)x#(%#T};2)*ukE4sp+Rw=+ajEJS6+ zz(dmT@iwQFxq2ZZL6t8a$=+YaRi!EpqCK8ddEMJ8(+AM9y|i{DZ)N=4ZE0cP=?)Xd z;3;#}Q&HcHjA8$tO1bvH_vowedOhBeT6<8i#_IfbD%dPj&n1hwnyWbZ`YP7EJvi`} zHm~Q;TjeN@(PXUUBWCl* zHhFI9VQ?E^r+kL3!sf`MJxO!wIRc$V0Zi>*J4_bm4Y~7M6~Y`A@{pN)UNa4c59Daz ze2EDn7?SzXHMA2fb<_R1 zkg;ZmgVB!tDVvT+gxOa&?TwzeaxsTXYm43V75S)Xbe{Hnk-{{7h2hJx9=!Hl znu{V;DpAu@es&xrWD0XQ+dDkk2p+AgG|!6h%=K9?wWi&FVYq zMgsH8Akgm^=c`DbZVel#T{@++XN-lnPD&{B;X=t-XbkqbV{n}FZvw1q?GM(80RvZ9 z>{PPqOnXWE6R_aZN$cM;U0lQY(|L~A8q?dnFxh$gtId;1Qd&Wksw=>XmuR(UR&@$S z?$HIz(>NN7+fG^ViR|&$S!^sB0hd)m@WUnCM;7{bWrZlD*85QwiMg1!vvUQ^vqw`8 zF}~gLE+2AVFxQT1tJ7G2H9yRmsfoUa0>R>t}mamFxIS;>AtGO_jczL=~8H^+~AsZ1BwALD`F+At0p z1(o|eO$_p?Fv%_F-ebUCaYMPV|5vmp^+gx?(OJXo6A5|%#X>LvP+A0w%Ei5J(^6xq zr6D}%Id|t+wg1JiWq^0H@;RxMzk&=6vb^Ddz$&>(@_hTY6(C6g>A&Hh5GFW`p{;ft zslM0mB)c_Lh3W89EvZnzs&B3PIpxPJf4|3c^)S;znFZIbDfBczZLg0k?Mb zM3s~d>dozpmrI_qNrw_z6(rv;uwo_AR78djkMRUyuW)<%z51D^ry=7D-lj=tNxlUM z2lcMJn@!=99ziz&I5@mM7`Vc+Mtz40|KYyZ2%;9B%+Z$egW=)0J2Dj_>%J-Nrso>x z=E1Ltx!f6ye0c6J)(FN=9AJMZ0w5IFr|W0y#@erJMnvzx#F! zMSI6CwAI~Ftibq-C8w>WTk>$NOJ3_Lsk1L@5(a%8szcVax% z`nra1M7zn`;Z1= zbV<-yd1XPtIwBMsqBBIh2OHLpLc7+q@bnir`Q@i0Esy@COc_P~Bw0ZG@&H*Cit+9M z`tFH!-g|8L%@M=|`Z08Aa)p%!=?T&c2*%#&xvWigd=%^cpv6}klK~#>i|j%LpEhdg zR62)_(sQQbNi1JJc|R|(3U6Pt&lV@Cy(B137k(hub?r%*u6u+iFut_#xB^W+g8e<^ z9)_t9T*#R_w=%Ww-sg->O&LRZJ&3RFnfbLk)8mIvKGN)u^YvEZd2Xdi6dd={#VA2h zgHN~z==Z#asXbX+g+{NTVJ%FYkj0d~p*&yhR=BEcBqiNv&(?OIy+X>l>+49R%Zk>j zyy){(&5Lvf0w4|0j3B)My;y0b9)0->Bf^e8RH4fZa9n-MWovn;FDI9UK)22eZH$NA zh|9oGw<9iwKx#|JE&u`Hpu@1=t$!m8JNfZX`<8-ylYV22M5Bo2nY}ujXcHMM8Q~5s z=*ve+6tkJ2VCg71Aov+?g&}n`&R7n>kWrq|p^)9J1+J8iu9VnB*!*+V#{;T(=V2{C zFJ_Y%2`MfZs0$+qh$pK%+C<#vn30jNIQ$)_wOwkKkr7288iv{+g?|FH4p|TRnJk}> zU>O2#wB*SurAm&3`30FS&H)_qe?_`PPq6yjyW+`LBnBbSYNrCc^Bd|#7b;2Rl1&SFYPvz>!)62Jw4z;&&UirOv@Nk* zo)G_yve7()`^YDWRY}%~zW75!xc!d@LsLEOc`{Mhc2`rs7Z6g=2cYQyUg?iy=oggW zq0^NdQ0%^$if#i^FgdRa0=V<1MzPv=n@WWChCEuVcuPu;&{Ixo`0?>lsM-ik)d_+j zkjf=;JUoH}h!5L!zRlOwMGS5#FUrE!u}BWi7H${a&YSn(&4LRNKkxo)GwtUNJhR|3 zDSIIs*B5;+-huS{`PWCkjV3D`=wt|}N*l*PKKWH#j?g7Tur@gt#TzGtMne(kR<-U4 zaK;j>5W0k8uc|B2#oCq0{WmThg)~V-E%`2amgQBI#1t0Sg^Z6GZsJGWr9FWB%_$J~ z&mL}WpgK0eB5_PTMa}{CHnl^G<#hbHxCbl#is(+%B!)imnVB59%V<*|lvDr^1Tr&A z&sQr-PE)QPA4~M8 zP-bBDGFmm@>pENp=@a#Yq5Uovblxe;YXI}q(*?=VskFZ#=Ga^npUTVN!Nl0|1>6`= zjibct@GOG!()y_)m@Tv4dT|h-46|osX%vVh!e{5qniJEjR`+PSODls1Ge1gWOrh%uq zk$o)>U9EDY=#m;umy(CELC>2q-eOH4Xn`pyRf2x@T;0CN2Z@5~{2QWr4Z8&hFtmlz zqlqcX0PnE*BOyac)uRGV^};XVb-Fq}_1fWW7vxd}<$nR}HFiI_Jr7OQ)N_u6r&@Ng zd53edrD62u!MORV;>t>;g0u!SG9^FWXY$!G-i)PV;dML<5-RvST!*SmXtJu!*}l$6 zn?oC-q++p`SgJ_NT1I!bO=d1#Tps@U5qc@64P@eLxs+N{kSy#U9Fpp=iCT!rm^kan zUo$3;C8}8C7{|}cpo)OC$ghNX18n$M>JL^Iu!to&*m{b8U;OSzX)n}irrS$^MWxiXU4uhO|SG_Y1u}praz0I%}Y1BHZ_BisBh+ zYbNMarQk}J{mk$RFjjF-m|)Ia;E19|sTFNpmFo62OX94Mb|?W0L@uH|38^Rkk%F`g zHs;9H6ekL>vrUo*Cd@0#h=eT3X4EESegDFR!!1&sFVliItS1RYDp?6Dp&4P%9w9*^ z(qvbOG+HcYx^nj!webvx;TOiV5|cLRDCj?!CpKok%o1pAkd2|6h;@q$A*g4Gsod7K zey#q^y!R_d_F25($)4$p)*pC-2LeOr_hZk~I_;?X>cBRvP=vod6zGS`ny3uGtfOn- zqM~3sK=+MYpXKYi?q_a^UGVdXcwy~Zwd_)``83MGb)c84TI%SC*vIVy#L=4b&R?y0 zK0(Ucw1$Ha47IfA*T?d_u4dnl1ULI*nIpS7SX`0Yx+f!9|LD9O!xD;I(AScVPYDm( zZq@vPCIg>ppgbBB9{s;cR($hM8r!MxGV<{=;$ShY3K=M;4)QTj*m8#PKh$>O{hAqR zEC8Gr$LV69CilM@VdOm{Msq@HAwKCjqlpVeCFhdSZB?mb7V(3Ue3q~SYUMRXgATgsc_YfX zl)pi|Q~W_pHPBaQjRo^bNa5BnTb>q;dU~~9@vRTXaS9pfs_%+@z1e)}ymW22*L^Dj z)bm<%1|v@-SqoV7C51$>4tE?_XvP(b_h*xm)Md+B`84G=>@i%FdtBJE=MF49CMu?v zgMxq6uHk?WMg|+^xqmb7`R!%oYb#8MuqxdM>BiQbWxBp}p<;G>xf>-}!$M315Ia*# zA^e_qtO>v##CA%u+1>a;Tvt#iMh;rQwPev_rh`BtwW*&ay!7@a6$M1_<>hoa39;Xl`jxj!Nfcgpx{Db_PPHvCj=Tw zzTgyZ3$B_hO$06R^oy?|#&jN?d3@7l9qqzGZ&5-8?A=xJ=7%7m?bbCApHq+Nd`saA z3BfHiob#Uv10YNOO!cjDEVOtKWA%+^{M}Zp^ov6FnD3S%HdEkx{KskdJ(nzzYi#f17IkR*&;{PH(0CBWyw<0`f zQXajj9PqZHy5KHuB~MkA(UpU=o`?H#DWUoIVGJ~Pd5uG4=p?k}cQ zA?|J7u}p=hjGsc4dM5uoAhcAW&nIyS@#e;r%5geJZ{+U^FpP*Rn9T+b&>^0RD{Nc0 zD3wI?ApEkeUF63a>3y{uLJY`|OH*J&$QCR-J}AF6F@OcxanihQ}Ao-T#c?dv2tg|CQlCRYL~eh4Eh0TG+FKRMTR zPx>B&p*wjV9PLM6_4{#NHjVMt5pdGgM2+h?;e0%%+67_Y9gC2da8LoHh?PVJ^Po|S zD_0?kDPB=M*=DaCws8EeDzD#IF%u{J!G1nBoMuQ&8nmq}r?C>ACwF3fpz)Eq@~wW>W>J(-uR%?n z0Wbmtc51R>fG+5ixvPMoNpj~+*(KQBDTiEv5i|s@r#KAcOMP}^s{xVj&65a*dfjY8 zP0o?QRR6Ebf&xV@dL)?|2Yn{BUgfZ>-=3x2z0Uhy=FY&GXJlIcq>1+>ati!@_%3kk zi*SSs>UckDtt&8_z#rD07zpZ*KxZ#tQ2@yxG{N?XG*(J3=uAP4|CWFvEDIuL4NQ6} zDsp_Eb^I6^ee;EOlqO>X$dcxBpILt{4>~<7#!0)AdbWl+NV+*ioE)zblTu{>+K_C z;zNxi=Y`aK$sZ>>yd5d~R+npBg3Dy+8}98+2m;Ay67!4! zdpy%z#Kt4(tFlZe4+g-r%@DiYQ596Nx^$zh7EhB>qb?siWsZofpQ>gARV~nsyy=C9 z_~^hAWL)ZaIIaI)920uRhDfZm4waSgAS)~|w=lki%7LR!C&DmI)R#(^&JX8o7<4PM z1G62xB5b0{UeNS)hY+BGLCqR>@LAL*MeLOfT}eIoUF*G0IG(E@c^wIeareLAzfYGB z8SDjyrMCF($z*Wi6ltS5J^CMWPC+2SOdmiU$<_qls4 zNgfQX6V{t{j(KpoCvB2&@xyN1VOeh0-o5wz<{MJgcw(jo2LI?1Y#+~1d>4{y>jbh3 z66O7nVrPBM^gR07CyZ}k<{KzFX~Csoxhmg(S*^<1%Kq7GL`^fG;7sC-mAjs<$(lVR zP2MRKaU71g9L#FgS;q*piI>O&uFgDiNro8lLln!iR+$5@T;xN$35I@;{QS!)^OPyh4=v<gpxg=v z>jrY8{vM-5FC%=GJAnb-w`@p(2eyk+h_HEXViz~ghW6tK*|R@=!dsr$o1~_cj*SLt zc{WzKDBkiQoiE(i*S(xUMX-05%6oV=*eA%KD5>~}Lo;1}&^V1j`q5^1bvQ9ocE*?_ z2O6nlKVm)ZJstpubf+Pi5h6wz~-nshXtOS~>N@ysMgJaTv$iR~pcTw#e+Rd-PKAg98j8Aq#NvM`#dWFK zu}iIC7u%j_`aRt)nH1jY4_P-bS9l0~C`^FB7=O7YkQ^jO^L>7>%87?FaE{_Sl*4XS z{xgeg9ipG0dJZ_)?fNn7rIbddv6P>4mCVh2b@wQ*%Ut!ac@O^&Um`P?92`+LgpW(By5Iz>EmoqIKj8tUf7w~*T}X_lL|%Cqv*547}F zu>aX#{RdN-<(CZ|LEVx+ix$UL1=~uC^ z?6Wt1hZiss*I*#8M|I}3Ogp9XDwU-R98hCgC;d)`>4_t>^dnS4kE*bX@38%kYxG6I z8w{Q~KO$R4c6ZvB)4df;f@>xXZC>_|0tvY2Wu!|rfA-sN1 z(oC7THPRPUlc8bZJ==V%q$Is@Me?AK{_t%!C#r>4i#L>uY;6-@+V(y{elH*kB@rq5 z1?WcD%&0Dpmx3kq9UfRQ6l~Jps9KMM=ORE7U>*@83qDxEFo1h1D? zq8&cwwhJD8Ra^wQaZHi0km&&>hoyPGzOsK&1?SpTNLB9}{8ZamctwauQ>h0_HRq@) zBXyf1mGNj+b$cM>2P1+koc&_~Xz-7Snp0$|cB3VgXwqSrvz^t|3hrEIA5Pcy&$Q!a z&OcXmnZg+Qnyg6*t0F`V}tbk&m8hv?cwk)A9#kb1jvdU8^{fd zU>YH^aqf-OjJ#B@4#fI%#rKIdwzO^+F3PDe?AquX~#$mQq5yjh*W`x!rfr%d&psHmjLf5S z&7zB){vcqVCXK^e#F@^|#cg{&HX+{RNYk*{G}CQ)Tf3e{ryJn9RY4S482)T*nHDm92i~8Ur`OG^e*Ca<~g&*z3!i zb0S}ElpQ#zCd&_fFdO$3&)`5Bnv2=xKsRa*Z^d743xB9PlBI#Bi=?jx+u?w)-V>}M& sa&Ib%K0aw!w&%{_>T?t@KQ=jP;5IwtGp}5+b+C)Hqbl+uOzJC4>?z;A-T(jq literal 9967 zcmVL%rodDS~DGLq9tVvIZLiI;G6 zDA4U|R2MxX(I}fJ1gTv*=XI$SS$>W1ZncV40$;|u_E zdJbzm1FT3;F1HUkYR1gGM*Xl}eSHp4vs8~$BIdZ5l_P+m+bs<`e1Caa5c7;=QPSnS zfV+%QA?!4P)|Q&-o~^E**?{iMS zc5$qew43oMhV!WyYpR~ty~n=jL4?Y64m(qrS0ZR2G%g1;Qr+8fXQW)?va^KWLooUr zhb6&r8oUq+cm8DXZryG2W$&CDFQv|&WAAB-gP=mk7m*mX$}Xe{6O2_%dL*$ynA?|A zikmc;P9H=Kh$?oK=8K$56CE!4?Ls{jXDOUGCP*F8<^NR*teE&2^FP&$F+U?D#$e*#>VFl!g8)+^ z1vPJrYY!dp;B3*J1G`@nMor}B@aXL=V{AL>IM8tEG=k1{H93LWNe|e{PEmlcQ_9#p ztO2@!1)*}%ZfvlwJ9#4*cpOn`INvF6FfM%9${5~n`Ua}dM?H)QJl`r`;Q9Pv%G1{c ziR$4w@nii=d)gjCP5>i~u($%X4!s&#Z*8_fVuCW(+#7a+v8BR^yv24egml&hz~`%*+G5uByaGO?_*m%y?a(e}-QIJn@mLDzEs)UXP{gNrW3ZK^|a95|dg z@M!+2>N>GQ!Ufj?HjnA!GuBN=w7duDMgrzzI}uFX>m(?ex5<;UzC?vxjyqE4{8785=3ov!?Yp{;_h18!T?x4Ym19$mW8Z!c`lETri(!7?O|xYfV~lFVP3;jbR`Gu0`{Tcd`toZSMnU`pzA>hVby=6(Jcf2I8S}NI0||+0 zn5UYsdn9N1RE9J?2zQVfyNXs0-1o(VkEOh(l6li4oH`XGfZ|ad2yL;)y8c%az!LiR zv;Bv0vehZnsNRb)^MgY9hiDze*$(P5&&*{1z@8jlm4U8AX?@h7-@TRCXG1{<<$+3W6g}o{Ua+P=@s8LwK`Pq+)O*A+0IByt`|BCcY^vx{nYOi*Y%#le zJ}^?diq+0~Gg;|JCiC>NS#@XdEoJq|>B#6$GIwM;SYy5iNH}7=bsoqIK)kCma5Gj& z>uk#|6MQhzhHDrAa?{3KpZNIZCZ#Q2D#4{au*$N5*q-+v(|Yjvh$g$#%kmgctD_BgvR5QJ$^KjVt%gx@pT$pf6IVdb+Z>5R8=AD~O@ zfX&Aqh?WL`z((jB{t6(p)eGj@^j)}F-7bY7)KnVmRZ{gV57*cWcjUf4&@4ITWe@H7 zdz?Np+^m*(_6+6|$QTv(Wr5C60feYhc!WY729%<7-0Vtfq$Fm6(n;jpxU!viKbC%$ z9!LaG@}6HAh(<%hA@fTiYl5ALPk1XAKGrIyR+b=1mV0o00wtE2>Lm5boG70QCxiDE z_IcFbQ?iu-DSdDEK%{JuII&A8?%DbEnO43FWo0vz@I1%8!7%4w&eMBmC}eba>YotczOU;m$2##rwd2^Vh;wL-3!=KPH%h9vAo0Gm_n^cIO%de&S;e%&n; zD?o$C|2>lwt%0EfL{%BTqf!iotssdJ^6HoIDKkzY63aS{)D$;PyiZHFjP7#GOIuuHvHa#!JI3KH9gn#!d1fp>yGQQHB2!6(9ySU z*}>Xr8#q9+pubqYEq^e!+LZk`<)SeYsqCKX9F5ibwgN|X1F~x? z->VHMWjo!0Dkk9*XWZ_;Ta*V4!6X64t$*g3EU2f9}Q$HUlPyh zXJIJFf?}iGCl$}HWhP}*`?JeU;E~Rn5ju8C*5XEFDa-B`}fO8=01OfDw7TmTWixt z+}?uYL&DQR!$rETdWv9q4~mgON<~X5l`V3tBrxa4&h%2Oy)N%x0900+5^Q^H}=F1wL^9qq*!w#3n zxL{Erir>a!zb#5X(~rsLPbZyftEcE8WAUMaBwj(yL0M32Oi@`_g+f}F_+zXwPlPV$ zJ&#n+CRHlt?Vt!I@csC$ut1JjHXIUMbl%FEZ@#Y5$+}75-xd=vX0OeQA_<*7(U~f6 z*;zpsRbcLd-NWml|CUS%{JduH39lA;Z@u1y}}wxd&)hoz|l zNp*Z77Y-?G#200=vf#m&LH3CS{Z73?87Gl5R9w zNUd8OgsiGU{{4c{{j?Hgfb=MNQEC4!RZnW zzxx2_pV{bc2{Ps59~0n~aC%suQ_*`hrInw{h>LIEaVBlcoztj#RW`|Y5Rl{Mf{K%I=O);nx_Dw>4Ggnp1% z+q63+*GG6uctbxYx;VgZvaa7^PyVfMVIY(WSi*j_>t4>*&zE<>mZVN|dyANcO|WVb zx=?ddA+K&(eAi|~qha-QwembUfWCNq@VpNaRAX7)e-aW^xtlG49d;NpdFF?yO+~qn z=JN>_P!ijA0Z$cl@zVYwfU)7S213BI@bX`8{P)t+a{7Abwd82Nm6AD^o%{E0p~L}) z83NV_g@JX<$ z_Vt3ih`~R;pCszu9foxe^p|_g6ZU zNo7g*js#)tZKq8u$2%lYHDaQPX-HeB1d3|ZOXx~inkv$Vc%;|#AH5ioSRp2QhwhFR zUoTerh+1I0!Sbj^WUw@sOgq5RaL8GBM4**Xt9eMLAlm#z!Cd#Jdl$>ANS8oCxX;pe z=RGQ$nj7EtnZ?~dc9zn>I?1hYUEKVXc}I*5ro$~*2yh`iuUo4?t|o$IF)3psYiMgH zGIJFq$;4j;X(JKtz_=N24r^!I0t_Evr#sBn>qpQt0Oq&>Wzi4rNebYnZwCZqSc!JD6x|CfQ=51< zmssQeuc1P}hoofi<-qdj;rk>^_T{zNvE@b!@%P4xLbH<$BGkNjw(h{j5;qZ}Kyqqn za179{o#zGllS1%ZMB~aBZNgnrn*Rz6$hZw{;e|R|wAgM7l)0zb%n^c$EhiT$r8)5w-jOnQ;K zx)?)>r;W&>AUOXK#FXy3GRFD}hq!C`rnROoHelU=yb9&IAT2C~SxLI_(e3|yaUmO!AP5YG{Ktm>Nj!HwF2C2HnqI$&%RJI4YGpe4Dm_t2oO*|fUDMx-VFy-O;BzMf@*|F0u)}XR&mbo0_ z_}LYg7AKL?B2eXzRomPy_FA(Ay*hllg1?g_WH158Be2h&5u0nnS6;;TaqbWW|1dlp zwOZden^o~!MNC8|(yv<~JA47}aiX&sVad#dES-*}?=0Ve&&W{T_eXDtDXumPuUeN} z{sQ0R=4JulVk^VN+g;lz8q@?TQa*1*XGf;RD4-; zvLe{A%R)FVqF}RoLXv(F1;Q^*idM7C#+rsO-^MgRN7M(86)l`-m#M73FYVrAYxpKb z)DI0KTvFzcY!Y6v_L=U2kwE|Jtk0CGX>ytu%gP);4uH&H&%z zE{?gpp?zQ*$=@}31Y_MT0zUh*eDGRO(94$EVcDD1zCaS)4Xv0eGFe15O%(pC*im4u zDbHPl&ZRRvR9A5E1;EaeRL-*5&{05-b`Ze(>i<$k>qfHrST05Wx31u3DdPn!zp38@ zx#l@6Ffo)*mHF)q!d)^LMDeCP`U-ZO(_dHcPGDX_B`Ek`~Y`3=~4Kh06Ytz`a( zzi2>hDf0p5$SM4_alSn1j&DeKBiRRS-n=1a2ZfXciUbIbbx{O6G#PK&5)RwD){A^f z-O1MB0=I^?x)_Cumk%tXrd*^p2;6`fYX;3Ct#Yy6MRkY3${KecXzfUM27me6TLJXs zQiN2p(#C9|QQJjC!RC4uM!r1b!CPHw-~AnHFTK!NwiIBNA#h*hWRklTUv+D2t}xMk zMWGAK**9o0{ROg&02$l7i?$gxG0Cmfv`!&UM|3X-B|Mc=tiW4b=AcOb_mkuWgU1}6 z@}3LhR}Tk~w~hpwpT?^huj%)Y5cxd&1urt~9|hTS_3|7S5(50e8ANz|HS(28^iE

3M9~4@?~4?X^S>L$TXE`;k&bjP*aRP_D%w`&lnyqqbqq94ztnsG z5OwF!_wGqN!qLNN(oy#2)Yy`_Y8uDu*E*U_v-(OlIpPpSZM{a~(7|PUg3~Ugs0`_o z53M zQI(v`jA~)SPuECO9VQZH+haC|B;x7-2Ym)r;Y4~(8&7X>qpMeh>2#Clh1)z52-WQH zn?yR8ll5xhW4S5BER*!=7{I@~fDz3IRg$;C`hRfRrVz~8yciRNZgC3e3g>{Uk2CC8 zD9=#m*^YD>gPq3>gh9KntZ49Xhi^M?(b3qXe>1IH!4uz;7UVKmL(-vs8#zTX+8rKL zFXF?h#L(b_q_At+hW~5EkD2GS9RI8f{?W1NaUCt&JC9!ChT`hdh?p(_IAfsrO9qz6 zsiqmImM_pF_4+Q4>jfY$yhFq?$+tqE@;Q|#XSd7-b$Zr9@ zP6V2ebk`+gZwCZP?QxA|k93KLB}}NdlBH;36nkgq$$BXFq~s4J6u~CaYxXl<$i;ww zb3r%Tk=)7aYJ|Z`yPXgesrno=qJ-FxT>`xtniu_7JLzGgvb!;&i#*FOJ5Xybi5xrf=C`eiDKwau*s$Dj;Xp#$vPmJs2_Y8qC?q|;u+wbtfkQw zc(Pub1DiJqk&-*hI21|eZLANrv0VlTJ5)XdQ`uJuvEH40owlizAVzg=TkiX z6vT8}LK_v!s|*9F@Yxm~w(hIAw zP-R}E+S)%b?X(B#oTIEhso?5@oBM?Ao#i)|r~VbT#8xIh8d zV{^WDc`kQjoN+fz{fo3W37$DTaahtaA>OkyzIK6|BB8Yh4!PACw{h|+eYneS()fi% z>qkx2SY0~_EA=TrC9KpHU z`l}svmgrkZdXJ;xH9d0X&6Y-f*o_AVd^y}W)b#oyu`6N1( zFC>IxOX>9!ti1Z)Cp?2%z!J;~5Xyc3 z#C<^3-IxuJa@hCL^#Ak`T;h`~Lc<^34i^ya$m-kSDaFop7f)sUl;Hlw;->S)>mfbWgqLBG{c05A;(ecW z)X-{V-T-s)e3g~&?$XZ2kb5#smI#Zz9oe}Wb=U9Q+L}z`v{MbOmrjekOfkhlEl%S0 z70Fp$|5DKxgeF*sa=CsQU3+$Nxb~-Lx?iXWpP;<8qv` z*s1>PM21)k1$59S0*DoM;=yZMS28%egbxI9##;wVA_gh|-Ox3^BCpd$)5^?DhSv03 zA&f;eaQ`~EXjHHU+%?gswq_LVv%%M*kKiFVeniN)QAedxa;0#3b6baBn{utfZDj1* z7D1M`Bj9yNn)hWZv}XWU75Qo_S$TngHfPlC^Q9 zwx^23<XnJkf3v#*jpf#YzGu$H|B9qRW!yQHbQkyOl%D9)4wf^t< zNJ>`Izp0uYbW+G73)Zt`j&)!+>D!{8NIR_nF%&doN9wosO0$5as|ez)lf<}m@$4j` z=DwvpN0^P_4->i7b%>w~1EBS~D}A*viwFas1i{H~_Q0LyMt?Dh06~`B$ zNxP`9D_E&XrZG;mvrH1uX@2?q4S`@w1~EA>%naz78Wxqbm*Cgj6GhKp`lNsxGn!%U zrl=SJ?bL?40$c^!TaI+NJ_ypifE&H0GepBfXY8a&f}()*{&*FATIsgW+> zE5D5^etDP(UH0b|z*#Sq`$E?qNG_opQ;QDTKO&2Pxf6CNW5C%^PoQ*|F$zU%crZ?~ z)T}zE(St2tNtvh*+?i}CTcpAR`*AovTa9$GM!*?>O4Sy{&Rp6&V>IT&(eH*BM)d?{ z9W10_(U&Fs#AkpVnKp7D=@A9&-D#Ww=M1(LbaKpZIgZvjQhKM1oJ0E2Gersps>ZgESVtg?a|+N{0++xk+m1XMM2U&|BrR- zLde#(Isr5EdSpCZlHV=~(AYWNnJ~Ot07|5$v$n_Lm+ZY$+#de0IASZ=`0ZaD z;$t8t(!n~Tf681L)4L2a=%R`6Gfi!?na2M|k{tg7k&c3yIS)lhX>0pPB(6jDJKUkx z0hwW79~O8hRwx5`JEBj^{q}K8NILh!6vJz|!I|!3ZeWnq5Epg#Fi4<)vZYg}6-50n zvIcK@gOqpkF}1QsXVjx(pC}xZPMZ}P=P+S@n@mOBO7`%gpX^2!6Wv=MZP&9i+pOdK=e&?- zK|tWHDc_RsGj6cEAw1vCfQgTrZt~_g-_xl+jtfjFtWAvTsg11R#y;rW&Gw&Ie5u$pz}F$^Ib?4HjpLRtspzKp>|uaWr*Mv1~>s0Y)kS`jU3# z!BQgL5S{3PWmpDRy(R!)Ab5t|BNeCD(V889nzf_Y9(ck~1YhI-;?-DTd(G5*Y~1rh zAL4N3862)4A|$A8eq1J=4GI5%%Ndc2Ofg(~k{IqTpJJ!zsD}ZIxtgH{S4t&y5}T|y zl0eZ`l1KB#q{<$eRem4VGt_2XXkHI*oR|LKVo$$wD3gzzH`;^hD{w2c;E%M%1JRyC zk!kt|PrC`)bmW-ges&eV3gX9X@r7JDP&en!*P5uDwO^240|>YKUb?uf(;+$6=8Pjgg3UxoLu(?*Wdn=>jnopfRu1gGM! z?%J@!8I8oNRs z!xx7?s5|YOs5F9E+$3I0_?jU>9Z7(u0upAb88(o!7KwbCFw-(lcbuw6sJ#c0SgKIM z7L6-h0)>1=av60(5@m{ih2@}dV8zTPc@||DSg+Jd3%NqmMp;t?`LiHcD6sLQ1hCYQ_ybs_Q~lNT2TNOjaFc+d%}ef-o-JfwMR`el_D-x#h-ShzfxTCQ}%__>1Zl zuLWh2)dDF*tk%V|e0D?vqOY)F>j!)G>)y{iz z`;uTTmJO_zy)JvS<#T-N`-5W<^n(UWx+an-L}&-K*Fjm#e1@|AQPOGhYm|yL&FpL& z^CIJ;rB(GXBTrld*oz$kJ)-5so<;cdBu7eB?A^O9PTbHE4!OhSGN5U~P^m07k<{mJ z*xA}46u=M^;U%eJnipm7hO7G}jex*r+bM+lAk(=Rxv7Aly)%PpalzRKIyuKs5ohh( zG@f)(#c$JRyz`Q$h*So%Ew3#XKJ5zu#@MAib?tJckPFZ!f5_7*9>Mx3F(|5nx)Gy6 z0zKQ{zO=m@$`?e9FKm>6hd={dmn%A`Vh++=35UysgxlBHD2>Ws1kp^&mogUIH0gqz z|87l;`hW_(5@{%XCR{Q?;N5!A5z(|1e!{+&O*X@;+9RNcZN)i-(Bdq8$NfnoXQHOYj2y<}81QcX|1)B{AE@<|Wr>(ElZevsvT&q)r t>~*lfu*T#-(fy`hA(KEPl$bhmc_1MbS4&70?HV%C`T-{i!0bVL9E