From fced2a00384dc8cbb77a121f2b4b4f51bd4df8cc Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Mon, 3 Feb 2025 12:34:41 -0500 Subject: [PATCH] noticket - add base site, update secrets --- ansible/roles/podman/defaults/main.yml | 1 + .../tasks/containers/base/conf-nginx-http.yml | 2 ++ .../containers/base/conf-nginx-https.yml | 2 ++ ansible/roles/podman/tasks/firewall.yml | 3 +++ ansible/roles/podman/tasks/main.yml | 4 +-- .../templates/nginx/sites/bdebyl.net.conf.j2 | 13 +++++++++ .../nginx/sites/bdebyl.net.https.conf.j2 | 25 ++++++++++++++++++ ansible/roles/ssl/tasks/certbot.yml | 3 ++- ansible/vars/vault.yml | Bin 13337 -> 13337 bytes 9 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 ansible/roles/podman/templates/nginx/sites/bdebyl.net.conf.j2 create mode 100644 ansible/roles/podman/templates/nginx/sites/bdebyl.net.https.conf.j2 diff --git a/ansible/roles/podman/defaults/main.yml b/ansible/roles/podman/defaults/main.yml index 523b06a..b7b8ef4 100644 --- a/ansible/roles/podman/defaults/main.yml +++ b/ansible/roles/podman/defaults/main.yml @@ -22,6 +22,7 @@ drone_runner_proto: "http" drone_runner_capacity: "8" # nginx and modsec configuration +base_server_name: bdebyl.net assistant_server_name: assistant.bdebyl.net bookstack_server_name: wiki.skudakrennsport.com ci_server_name: ci.bdebyl.net diff --git a/ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml index 1e3a05d..8ea51aa 100644 --- a/ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml +++ b/ansible/roles/podman/tasks/containers/base/conf-nginx-http.yml @@ -61,6 +61,7 @@ group: "{{ podman_user }}" mode: 0644 loop: + - "{{ base_server_name }}.conf" - "{{ assistant_server_name }}.conf" - "{{ bookstack_server_name }}.conf" - "{{ ci_server_name }}.http.conf" @@ -85,6 +86,7 @@ group: "{{ podman_user }}" state: link loop: + - "{{ base_server_name }}.conf" - "{{ assistant_server_name }}.conf" - "{{ bookstack_server_name }}.conf" - "{{ ci_server_name }}.http.conf" diff --git a/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml index b950390..acdc86c 100644 --- a/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml +++ b/ansible/roles/podman/tasks/containers/base/conf-nginx-https.yml @@ -34,6 +34,7 @@ group: "{{ podman_user }}" mode: 0644 loop: + - "{{ base_server_name }}.https.conf" - "{{ assistant_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" - "{{ ci_server_name }}.https.conf" @@ -56,6 +57,7 @@ group: "{{ podman_user }}" state: link loop: + - "{{ base_server_name }}.https.conf" - "{{ assistant_server_name }}.https.conf" - "{{ bookstack_server_name }}.https.conf" - "{{ ci_server_name }}.https.conf" diff --git a/ansible/roles/podman/tasks/firewall.yml b/ansible/roles/podman/tasks/firewall.yml index 11231f6..425b38c 100644 --- a/ansible/roles/podman/tasks/firewall.yml +++ b/ansible/roles/podman/tasks/firewall.yml @@ -21,9 +21,12 @@ # ??? - 6875/tcp # Satisfactory + - 7777/tcp - 7777/udp - 15000/udp + - 15000/tcp - 15777/udp + - 15777/tcp # Factorio - 27015/tcp - 34197/udp diff --git a/ansible/roles/podman/tasks/main.yml b/ansible/roles/podman/tasks/main.yml index b9bfa42..98098f6 100644 --- a/ansible/roles/podman/tasks/main.yml +++ b/ansible/roles/podman/tasks/main.yml @@ -47,9 +47,9 @@ - import_tasks: containers/home/photos.yml vars: db_image: docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0 - ml_image: ghcr.io/immich-app/immich-machine-learning:v1.124.2 + ml_image: ghcr.io/immich-app/immich-machine-learning:v1.125.7 redis_image: docker.io/redis:6.2-alpine@sha256:eaba718fecd1196d88533de7ba49bf903ad33664a92debb24660a922ecd9cac8 - image: ghcr.io/immich-app/immich-server:v1.124.2 + image: ghcr.io/immich-app/immich-server:v1.125.7 tags: photos - import_tasks: containers/home/cloud.yml diff --git a/ansible/roles/podman/templates/nginx/sites/bdebyl.net.conf.j2 b/ansible/roles/podman/templates/nginx/sites/bdebyl.net.conf.j2 new file mode 100644 index 0000000..1cf36f6 --- /dev/null +++ b/ansible/roles/podman/templates/nginx/sites/bdebyl.net.conf.j2 @@ -0,0 +1,13 @@ +server { + listen 80; + server_name {{ base_server_name }}; + + location '/.well-known/acme-challenge' { + default_type "text/plain"; + root /srv/http/letsencrypt; + } + + location / { + return 301 https://$host$request_uri; + } +} diff --git a/ansible/roles/podman/templates/nginx/sites/bdebyl.net.https.conf.j2 b/ansible/roles/podman/templates/nginx/sites/bdebyl.net.https.conf.j2 new file mode 100644 index 0000000..afc2c3b --- /dev/null +++ b/ansible/roles/podman/templates/nginx/sites/bdebyl.net.https.conf.j2 @@ -0,0 +1,25 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ base_server_name }}; + + ssl_certificate /etc/letsencrypt/live/{{ base_server_name }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ base_server_name }}/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/{{ base_server_name }}/fullchain.pem; + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_session_timeout 1d; + ssl_stapling on; + ssl_stapling_verify on; + + resolver 9.9.9.9 valid=60s ipv6=off; + + location / { + return 301 https://debyl.io; + } +} diff --git a/ansible/roles/ssl/tasks/certbot.yml b/ansible/roles/ssl/tasks/certbot.yml index 608d1ef..4d44d2a 100644 --- a/ansible/roles/ssl/tasks/certbot.yml +++ b/ansible/roles/ssl/tasks/certbot.yml @@ -1,5 +1,5 @@ --- -- name: create ssl certificate for ci server +- name: create ssl certificate for server become: true ansible.builtin.command: | certbot certonly --webroot --webroot-path=/srv/http/letsencrypt \ @@ -8,6 +8,7 @@ args: creates: "/etc/letsencrypt/live/{{ item }}" loop: + - "{{ base_server_name }}" - "{{ bookstack_server_name }}" - "{{ ci_server_name }}" - "{{ cloud_server_name }}" diff --git a/ansible/vars/vault.yml b/ansible/vars/vault.yml index 08406fe191ba7d8c3fb4670316159598fe00f387..961f15587c4c9a945712f063815d5dcf6d898cda 100644 GIT binary patch literal 13337 zcmV+!H0H|yM@dveQdv+`0N)}1jv3p?$=kazDG!aEQ!m?+v2t06eiKQpSNs*NJl|(J z?CC%C_hw)nk^_;%F0eJ5U1hPSciWzChU^+s|Ngzn@v}O^rB@EX^49ovlO8H=QxBJf zEUWZBCM|^Uq%P9)!F)yp3^VuaJA^sryCY{W9-|~ga3F+Bh!#y8DDkx=Yp3>+Z!Sqi z8rA>&ck+nMuw$|l8i9p18MlU7w6v>hmT@G3y(Q<^YoGGl{d>H;%R7iR_O+69O(59d zW&iEdPpU{PUv`Y32R1b+NKO6WTpW%Mv01S0v{ElPj|59mrA>uD%b)%yluHj^*xp4yawGOXws9a@+UYA5nmi z^+U`N^D$wJiX|CPa=C6@F2u}dYd~<6YKY%Kkw6PbLe!Rdlcb>sUn@fpRA^rhYsD4YIRm-_g`=@u?LUS zS!SgQ48zXFRas#U8V54ThR}#jV{HQ2C7xKGMSO5Z-$=b%6=03!0$+}s?j7#ci(9zF ztMSUqwiX`+rPf!@cX-c&QyZbW<9MOdnMZ@iSiqTr4zcPl6w0PFz*LmDI01#m(ZH2C z{m&U{MO$0_1yU^fa49!kP%!F}wvJ}hV>{oIdX8G;=qXa(psMkUB$Ih?S!}AUL-cg` zC;&hc0H_806M&wwS$7h*a~0h#j5uBOV~1XhF=<)HRP@f!%2~$4DBbW+=lrhsGv_1$rNMcx6-}*VFQXCKhK`sSi}Pl0r&k8@!>TL+6O`D05PMQvK$1!C+J5U z;jOPICl4WE*y_Bpd4y|-^@550g)sB21NQhS{H@)N;wEirAUu^fGj6_2HD*x=7|>>q z|5)BRzFxgigY~JG`K$G6HN-&|dZw2D(hbztOI)hEMTA*!`l1!#WWVRk32nmgSK zK7tqK#?fP5WqFkSEpwy0i0hRPKfm0vX?FaCl`)5DZeECUbGj|x#@2=jL9mS}x1lI3 zO*lm|9ZuUH%et|2MepSRIJ<`K$vZ|{Ph`1BTvm}caT#R3nDnIzhbk}~uu=gQI4*9- z&601c1>)-OdoCx>;VKx%6``TX7d7c*MpZ(vJ<5;gw3UI zx?k79?v_&MVsMTIPCib$h35psJ0mhV%YD5HI$mBJrI} zX+%n{{|;~F*OY8riK`CK!O@xG-ncjdi)=X(nh4u#0ZQ7UEA^R1X{l!V0QN2%9b}dN zS($cj6x4yq6utA3T~U&fMhqV7%o!P6GitG&6dHj}{ogKHL=PJ?NvJko2nr8*Z{)?0 zayaJ_;hpyELgr@F>iXD7nBzB!0uRxX2A(9>(>R0*k+d1OlUE&t zl!(3TdM7FVd1eZ@nErXxp+vhr{b6{R7DsD^8v;AlRLZ#pDXQp1#@$baV zJ8TcN^juapD2Eq|2$~x_jhq_r+_3%wj;5F$F-qcR3uAIW<@z1*n;JIWU*LKL0hx#d zbnePo>3OFeCAm4rCb;z$#kR#XCcdEK_v<<)2QAv({MTinr?s7bn1SZBp7I@$gd!io zHh=*STl`hO1%BDtqhrDT$v*pnWR{r86xt+XC*&#BkBRAC>)(>kShl^OOW)nPto z5spn#sf!>DU#Scp;FK2erU49|`xHP$bW>nqv^Zu%ON&Se-43*Mx)6>Y6P7kiGs=+MGX`!Jf+2INyHClsK9Kk}$V zBT5QbBm7k+Xe@&7hObOIfXovg@|NPa52(UH0n=a}-%+s9h(*23=3R}u?VqIK^oYGO zDoeIJXJj6!O2;Ry$Wy!&0Jo!9pupOM;O@zuqU}(l55KQT@YF~>5zpzf8G~Uj#w4I#$lJn{Ab0$hLOm z2DGpf3)6xc=!KivpufH4di_Rm!xV4aEE0{v(?_q!=2?P z5j?>aPBN-n?fbK8|-LQskpaMfl&qciAi9sti zs_Pul@b~KP2S6CdBqV(fI--FIY*+r?BCD%MNntQ2eauQtA`wQY5UNe>z&7lxBuvH(z*d1k-w^Xzvq0R;ElB=_mR&{b*zPQFgy#IA*9|X} z>&Aj5XXx;57@blOTKZ;?hBZd-SaQ^Xz!_Y%@eVudQH)t27%o9h(O*#RDzjbE{pd1g z33eBRvR!glE|GA9C`+c$Zkf!VNtsPo@fVkx-GR;eQSD_z(JabKXdI};SzUA zGe*@|L<}kJp_G_q!<^gg6LJelMR=*5#)5m_bexF5Mh7{><=n?xKN+7RCR=BmR{-I&y>{FkG_Ui)g@*LQCPhTX&rN=N;uB=l zPveUGIQMeE6-$L($^xd<(!3b&M`W?wl?H5iN*VY4RqShefVBj(A3q4On7J!UA_T@y^Ju4rzXi{c`Dwr8&@>+gA z*cuDOuPQlfdu>hdR*9|ioU*9W^YjJ@H{YsfZq5C&R{>bPm6dDnlFSp;v{K~Xu zopVxE#%KG`vyspx>85o$Qcm;HIj4DCb2}ho>HJ}s@?!^P+ughYb(S-bL-mr|wQ0Tt z-c_^u^g@ztj-g!HH*W6KGF$)Aiqjc8iDq>yywvY?t}K2|<+RzMq{3+$U zuAD?eA(mL$$6R$8x@46kR0Fm0(u9BpXK!uB1^5X!k8R`dW@XB97+Tu+#a2ld49Li3 z1~RxJ)NJWcVb#;pq_vQ3siWze z8COHJo-q!&JEBkC6NFC^mgLBoF=;qLKU08JHGFBdGSD1wnuY(g`gW#xX?x;OO$1*Q zh|lcfMt>YdLYCPJ6Qlo%E68JP{duj+--_4~@Q5e(ebYdFQMt=ucNhbA(BkJgg^i;s zh}sBn%aBMYXQ-4O&_)q9J9T^FgpzP`@<;Ib%uSk+Crw=Pb!@PwfUS#5E1B*(h*)Q~ zo_HzZL|aebtp~=o7NRE3ba(B>uwhBUScw!b!;QTsS>+b(+Iuqj-ZJ7&@ z+imd@aYxq%C>sBoC`DvpTW#jzsO~eopV!cVayI~YK(AP0w}ls^7(#%)P(gIAmuDvR zLHZvxRIRlcH%8^OJxF^6#z1v%wa&dCEcvFk6gZChY_!6baK_dkQQ=3MCNB!17@{|z zWca9vW($-qEAweW>c^gDtqQ$3+mNMF2fTE?KSUnxYV5WeDspR-4$@?o?}?BMnL8~6 zXeH@D64EsKS$d<$nqgP_s2+`>a5k7JwVnJC1>f6FLMKt=k(W!(*8<9dLC$ityJ4- zf!_x=6ixpwcpPq+6%u2zCX}t;ktEUpkiJFsLBPE+q_YpJE;5z}MnjX`sx3Aby)@PK zmJ0)zpTttlNgCR(f-xzU1#ydh;5GwzKhBWvF>9UD3A11Eq zJzfB74b6tlvAV|=`o)~ri(_OP*@M^co=N^qe{JmhgO1`a_SuJ8VGWz=DkHKl$tE;K zS3=RNw&JO?mhG@HiLfrq@k5Uy6VDm!0Z{_fy#cwZ_mlw>6L6=#u9$i_$*gb-gYVV& znCMyCa&hO8dN<`r=3qlaSl?aP!8f!(2x-$}m20iNgO~UNt2)XWiyn@~q)Tn~g7p%9Qws zLVYda2f1>;ie~j)b(E0YTNv8Pko^f#lIr|Y8U+d+r!5)sf~esN*FBf|-XSyNfhw3T z4@3!_pAo+0xH%&n7kOH0R-9oL3D{+A1H!y^KF#UZDB3ekb8LD+XxvrR_I>bFjqElH zD#IBUI24n?e%%7gcU&d`Y8-(8?(^xqe5jufu_5ItZXOZ7X;nC`iU#hvr zs$LGvL-epw_?N&zI7tS!TJ@nY#VsCw!$?Nt=%ZFF?-NtuSknyp4Pt%pnM)7_tFF@n zlZokp2>90c8_XsFnJ?DM210Ybn!^pKcdTlzd@4vEpPj^8Icy_?RP`fGTO=JBjK_6x zDN(5(GeQvug<*0>!r}|Cz|L<+-Rs+kDS}RpNS-Owj7oF{H~$IfE(MG-fIOaFf5$t{ z%X(vKU>EPNCMo-no~S9sjIWO0_8@BRObuZ}}1RI||sdp~;k$z3@gMVs=i zB$pLhiHBc4eeKTDNvQsQV-=E-U!$=Qw1$iRsV|lCaNBUi(QMYRd$mQ#r?3 zq(*opxBsbgt!F%Gv3fV7zyhdQ7JIGg++v$*JeZAxCKY#KEPh6Yz;xC_BMai58%gZg zalz%4I&wR}Q+-N!_U&2*9!3*nK{STtY{~+))7=E{(SWQsd$s{=6HHUgs}xQ4v*TJ& zB!U5nUGx0`Di6h=0UPt}Y$JoL!^iVC;M?r0 zdzx4llsLVIRV)%6O>(^RIjIThdskg?8DVVb(94cZtMoH_F=eO{5b+_do`cNa$Z6@^ z@mNoy)(OWi`&z?^jz`f$ySa2aOSo@_@sVTO2woQ2t2sM3<2ZwLfCL;Be`Z@qIl7a` zhCp)10e?olh=JH6O<~>i;`M4w{x!XgsAVw!E4W%#`4%?3Do4yLrP1{_?ODhkjrM55 z3CJi!WlxBq(UUQR0dio+=rYL{ueB&enmBOlfU)l_Hl+TDZe**_8-nJ~C`u&M?@3WS zEu%uia{9Pl6^hTpMTRj8G^diu#Z<|bjE~&@ix_wP@{2KAbFpn#A6JV@eI?Glckw&~ z6Y#BUqLvSeJi>k1LLy?lko5^7>F}BWeV4Lg>k?*pY;kMFPx;G_x*ZMFfs;g6vq0 zuTA%M8=a4jNXvIVZNOM}bl9Frz#f`ACS^N93J<2Il)6P^mJpd*lbY!xcON?v!2^}f zICPXbXA)AYWcrg1fF3UCwCC5L4Wb&-$O5>13WrLdKCy8@t~xC1!xDQy0^MhAn?AYL zFtalxOs3LVpE1GnCAe8L?rk)*zzZ*2)q!fDRt)NCkmm-5%O2wh`6KS@J;}&>0{c=d@YH3G7aI*cTH!%eP6H? zQ7u8=*6f1l@jM;DQ{8ENZ7xBL3F`Cd@Bs5+H;Zz;?%ftYkn_4SX@6QvL;peW!>zkk zA;VkDsv{`nr0T+P&&ir2@n+_+fCLE~H~WKTjph-vfk%^wBl2{CpMet#V*b+zA;uRF z0}ao_rS3=|x_?3b3SwO91qHzznlPR`${-}qEwOjce+NCu(K>>eUJYP=6!ui zK#ozwH)Nu-tJoSLMlBbsd+#H>AwcSknJAW*&{MFY?hS)U0LCpoOLI*k_0oYAqn3r= zbfmh9EFg=sl-$kerP^tf)f(p_nJyIna*BF(6|dq8uGiAMSxWx^aGsoKh6PXnX*^#> z<~D32()iI9&ABp6@XKo7pc+lO(NI!#DEAL)rU0MqKiSMcu+FSv(yD)RO<4O5vZLDf zr=odK9r%G@ms)@x>YGGfigp{W3wTs%Y%DHP*Z7PDsDL6;3W^soc8U0nUwbIL4;W_Z ziiPzAg5YvJ+N@^lNJI{rwQ@i=AL5$F+Nv8Te~0Z@qL!wYti8r#I#K`gDd$&X^*J%O z6K#T?$i+N|e18%Y$$LT%ic{Y}M_X7Aor(dUm?A&OY*L9C)+t@qU0Dd^3e=V7ijiaQ zZ%S(Cux8PQ9_~Hr8Y)r7^Aa}S0^RAw(pipR#yLZQ9hpEI^3M6YEbW7x8$N8u1GSvY z&WHnphFDoO{5S?g&WUl}Dv;42lgxSM9$+KG|ijS9F^r-TWUsD-sdTTFvpuml9}zA_%=Ad zp@rOTTLbvY+bzX3I?@QxoJ_`QU2y!CalU;6Xs?OJV32G#4LX~cvgf;bF&&o$;Jg~Y z=B(z=N#)Guc&N!A^3ffyVj^wQUlEhCVO9Sn`l@67RM$I?vl@P+NQqA$tZU98iI))L zWYDoCRev*vD!4k;)C;LEakF?VcO zG zhvU}l>EGC+#3NH}rWj>MVnW$N?PrJRmy)DE*&uG->vp9i4kR1~FQ0x}HvW~Hg{i6W ztu7YEF<3`fmIp5<&=`08ax8-Wv$`uG^p4I0cRFsAG1JsBfMgBlMwX)%ri1AZ!c^Vt z=y3RD7DN2=bD{D{s7nZ44k?sKF(7y^6Z9Qb)33xxpt5>p0GReOn-@s!g+siCXo0A5 zfJifVv@orQCR(zjQ5~M&djboh@11mi0uvB22$Wqv#I(`n!{Cr&wa;3d?{OdVvXChh zD)(B%^7es!;~`4nMppEM*F!L~@oDhAw^;{gf67}s*FCPxsx|bk7AM-pxQg`75ZBfS zG<6W0!JAEU$xT!%uAkfjF1@*wOr#m&gGeW#C}i!yRO>-m0nMX+x`YTiD}5(d`H3FR z4vtRGzsRCP5cFlO4-=4Yy8k`dO)|^4djHrfN+q<9d^_ygTPzR>?%@2O;_v=FdMcIF zwwQt0Y|dfwVWtP$D8(tnEbqp7HBUamV|JC%X5mb|H^ezj_z=YO?gwVQuYj0DyD@}9 z%03YqVIGH0Q07VH-KyZq8ZPS$E$J+Ae&tFax-Btt(8LPcuHw#aLS-3zFZ|XEz1SAB z+A+I3(>ksrCHhu|wo7OU>tFa+grVEZE@*h!zJ52Ea)P$hG}R_Jtv(6&1Kef1FY^9# zUSEUuU4WpAOq* z+N!p})oO?MC1UqllP__=JwHO)0)HZ;|33_|Kra~3@$ zPzOFd84Y+RH5h#Y)N(WMc7)~mP67RyzAYLe5_{bNL< zwrQ4`sDL^uf1c7{iqkH-FQ9W84Jdl!Ww)i&r(2yoiT@0FVJuQKVz?f9v4g@!8(TO9 z_Y>qL;F9m=K}I*$ty4YeyZ?uYPgQIBGqZ);sY{ANcbM6-=QprDtPUyeFywB&?G|uh z0|e0)*RR`3dk6h!sIa1f{+v8wrI!7GpRuhn=45Ra(J__;)3|(l7=Fe8mrtj?oTn&; zaE4}1Lh}GaadtX?S>@V&z1qDZXdoz%8q}f?r>#nF@C9{&2daP19B&7E9@-ymJxDwi zX!T-8D^dD5bJU~Tpfy4%{aeB&-lDh=9w#S?ED=a7PFQ+~;S`$kjVe<1-&EKM zx!DCsQBjit2G>hbXm6Tb-s}o$YT89B63>a}qAF{ugkaZXm1sM z0It`INx$MKk?c547BS7UIMZI3Zkz*+u-WKZ$d#Tiw50rSJa2doRDtuhEWbxG?R92f zmEIAQ+Pr#)hJCdFDuaaI&3%+)XF5H(;^IMo0F9r&qgIB+XsQ}(n|jbvX01q2h(jq6 zQXfSh;wUB(kI@z6Ym_auvhl+YN4};bFfbmBH6ss#g-rls3SSWui;X(*#WBcAi);$B zmK&Up8E8?pL28HLHTm(l*xi@{l-0k;vf-wGhi`2B`#NUsj}VkxxZc_1E}n`j31 z`~vZt28zt4gOHB~9u5W=wF+VP3US5U9$5?sg6N7Uzyf|}oF$^CnaWq^UG+6w^A3^? zCHfTX{&+|#7dpR1sUP#&06EN$yT$todUzR<;BE*jn@efgepbDi8rsjXE4+Y3L@d}A2U{~Ajl4S)-OD_4U=derhNJ8qkxJ0j>N7053q8HGDqJg zG_iwJ@H9Gz*N)%swU1@xnS3X-#g0J>W;eE(e0Q3j7era!SIml>Ezh%X6Ct1FmX5fg zoPo>_y5V$3vK%bMrOq1c9v;q zrqYwkAe|N~LeA=EsD|d4k6DBI2+@&Z;`KDCC40pEzK9;%m_kB{s^Bmmt$+cAjm~Uz zWzFIh@ETKZEk|Lr&Jf;?%?DW?!@6P~Sff}!j82I}wb{fxdOx_$xJ{|apKqk?|E^*V zA4iBX=3bE>_y+9gr;4GCCjf6>Io0EdiVU_K`?}Alfjmolk}A25!X;v1j-k4fM}$>- z$Af6F%m2j`#cUNyRul`ZtE9ad8Sjmr4g^!kKXFU(mfYkOUej3t3!>~n3J?ib@cIP^ zwNx-P5>>WJVTzq!@98&QEJDmatQH*HtEtBBt*q9URIJ)762Xp1zwczl6sWGq$ZK^{ z;$mlv(1<$EegTm`3D|bkJ06)$uvHVPV^uWdYY7b%=|1@+eK!@a9WLHVjqE(5|whrHMXAIX%jw zECRnOJ3Ds+xY#<}@hAO@t(=WE)x+5Q21JQ>v&N{AAEfc@ZGan&A?6>YeP`r@9~@Xu z1Cweqcdo=jK)=v*7POKU$#u63RO?KlH@?&K$P)AY=p!M_E@zdNdhWufg3})vWN1J7~gA7 zo?XMDP|^L-Q&Iv3Qb0NbCP&(%A(nW@tltFLrIEaO*jWZzYXfxVKR!YMuZqmFVWxxm z{Mwi=$la+_0s&1|DB2t6D0%zWc;p@b+MvyW;H8^Tcjb0ntrjCQ zbJ8G&Ya6U+EdS+z%tOjsojO~=CxXmxG3Hk2`Y6R2Jbs_D(g1p|f3+HxX*dlmifs;~ zZRlzTK0^SuwAb0mbP%y%u1jxqf((cIt&i_%SNXt60Q|n~a8LHvf+A2xikv8ya6o_Y zgN5Onm013`Sr<=$)OZy9{zVJTE;u! zN(#5$y6U#Z-?MRb#Rs8Gw{pT`J3Ln;-6Riw(` zUZep>?Ir>pLD8L!U-KSA@s@&fbdb%Hvfyn(BWE~q#6#RQ=X_NK`BY>+zl1{aLkoO+h+fVP_8Xzntj|wNZeZk~HF}EgYwB&(G+yyj2W}WB`hZ z?rDB=`zNar2*w6_{Y)G&_5hj;lmmV*6PcCnqXj2dxar2Hbr5Fxn(mEl<>N)^(sygv zj(NTJ@CO=VpQ#ml8!i9rGG@8+)g(NY$J2$KRtpY#TtyV@@(lOIg|b(W{nR&_G>tdD zYD8cg5FTGVb}0AO%_l2tr%P0eT7`*Pf=j6{`=MlRMs+J<*)idmItyC2e%gEW1?lk=<2{6vIEmqv`NEh>3F5|LXD`Euj=q&H*5z0b zED}S)OZ7z(^is7e_FRx=unK#GTTyKu z5k#Cg56N?t?T4hubXr4n;FSgMl=|b=0zyNctr1}Xz%MY@V*EQEo?!Pan3-uS_;pCH zfj7PzIk=|l&*{><=!qkG9|Y5JspzDoO^cxy+_rS_Nmu`xIVD$xaU#IZzTkGm1C>wS zH#Vdz>-vr8h8Uo`PK%?Od}X#(cfG1VU~6QK47wdyx}7Q~?u^!I#Rp)>`ZNgRH5wYo z&lH_(?&@v2fc5M1<9;a#{PMjKw@q3>>eamS5|LzZw!NL%zGw+knM~F)zl@!r+UQ3t z+L8d~gc)Eg_s@C!{h`}zQI}XDo0+EhVHext-5HXF;s1bKh_2JvzTt3%j*KlI5{t9Q{0jb@5#%F$V>?fZm z#gHH%K;ZejPZE55_S#ja^n~iJ*(vsJV)Cnn@G5M$nOU`xG^us*nQ?!`MlAwXS=b%| z&$uCuS{IiFbd_Tptp1hzbSah98+XjLG`ZfCUuNk<44(M!VL16wNnpjQzmFB2Uvoz^ zIjjCdjV(!w9^OF13Jtr77vw~SG4(o^fh;oIgdx_{*h@_Sfgg+c{uNo z{9-vO@9?YxLPDAAT{L77+KJ}{fG#lp9h{2PHU^gDyM%uf%Q_3DO?s++(?6l5u2~?R zJXfZJCusWW)%f8mI6ef?#IBU4Fw4lF23 zA$*!69kNs-oI>x6!UyFmic-|W&UOtv8ge%|Xk4kY<=5XeW1Tg)^HAI$mim|sAQE=d zlExm0YX&upD!)~k;5WmEoW`E75a_f2bQ9t`e?QzU(%Sy<$>Qktpb6AMbbxTP8D?_t zd2rHH!2*~47`>G&f6#&e{Y6B_U+nphWWFNI0^i25wywrI;35guj+{v-g&~DJ$xez2 zwm7iXBZ^eljcwbzZy{_etro${&p($q2jt)Q)xP~1Z7<~oHwSW@Z=K^{`xv-o==POd zpg?2H7HK98j6VP-;i#f~TEP{dQn22=owx^;m{r8MG~Do%;|uaMX_I~v8dq+yRf!?O zWfsHFQNl^4T7`@Qn+(YU3|SwsqKb?JwXPD zU^tF!=kP5R<+l_tlOtzUU_AE^MTuL_M+2)#C!V9@DRC`-^mAFCpy}l37Wi+3^nc_G z@Q_a{ff>jLH>x^(%8{OLav_EcWxUa8)`EpZD{YK2r zuTUnS^4pbd5j_83R#<22?mZK9t;Qyj#@D?r9)GsCD#|$NPkK9&BC78VeNOOT^lM5MPm0^FiHaQ>KSnO z?m>8rVa5augaL*ztc;}>t-sGBhRQs6M3tC4AdD`=8C#M+FEh@IxPMdv*n-RWEiUZGy)vL;Dw^6Bw=xt35Jdg0X}BKYy!CYJ~PxM=}J?305n{b2;me4 zl$hfO#5tnx?XAM3y^;q}t7OY4~6p9Ue;xLIbQ~rVx_{~2cD?4VEWGC0{
P!f$oHah zhon3@Sh$t||1CaGptvjUWTygsAERzY2y=2&=3UoW7*Vy6K zpZ|4*wn0zpZ{55ebw^U>%wv7W7v`miibI|kEP8&Gj*WW$T;Z@zV=q&+_5?$=U3xzFB zACnHZ`!47vVzc{G!(e0SpQPlg5p%6{siK;(6^QJ^dxs5lN*9@F7Meg9#+UJ~$r7b? z&P%oB9L}_bM%3D2nL_gFM_M$nzynYeH1P!8_URV6 z^ra4l^hD;jjXCCx2X@}*r&~GRui3~|r9X#3JE(Y?RTnqUcnPU<8Fhn2k1_Os2d!^? zJ&%oYdDz9SN8=9H2iQV6f1NvEz|fUN8I_E=t*s(puqzU#K8Z7P$LN7prwF5`R!OB zQ_eJdS)#l`I(aN|8MBZZign8Ea9}m0>|Ds<479St?ynx^@v=|45XA>akV~PrD{D{) zAo35Nt6hNsgVFn|Jx!YD$9vR7Gkm<05c|Qc9pt$+dpP%yz{hXDU#XC**SA?A0XoBP z$R!IP&47x67Nx8VW|Vq2TGw>B4l<<=nbMTJvVf*?^z#e&2T(EN;xTs)<}9`FVuG>x5ng0+V6evy99E7RHiNbmo$RnMCPh~&*2*3dGKIU(gf`+9;!TeP~rU>e) zne#{f|4%wL;o=71v9E5xPGLSylC1kiV^U1>N>*`?DI>yxav+b?HSbVAYBcE9R|hu@ z9B9lhheMocPnTdaaOK)BJ&L6^_BuiFDkML>tbl4EBXdteY3C;Hf$`fd#In<>qe7n< zPI(b)xiIP0MQv3_C=PPJ;uMay6kp2P(=)Qk&QV0ZbAWG*e7 zohTS$Q6oXg2mq0sv*Pl_sZg&Uy^xPZMJ>E3qx3_K=Ar={6&t~^FhHiXbyO^7!pyEg zSZ9!Bf-Lx$af`AD+mv2U`%uUNcb)~dR?7e5Eg0rU|?ea<73o(^FivY!z_|k$jA`5zXR+T literal 13337 zcmV+!H0H|yM@dveQdv+`01Gmw2vmj%I-ma`sK%|ub1#}>uJ`D=w_s~#B|_=Bq7^7J zIr3)d6z@#zZ4qM7zoa_M$hbZTJ8##&jPSD)>B3nWqgANvGb1Cp_aa2A348ncGwOHt z3K>4VS@!wu$$9BPs}v6B;dUZC;|LhKS1(OG?F6?yK%4nEamrPBreH%$J^*OSG$32W z4(4-4K-5`LeK(zZJ;LvkQJy?Hcu*9q3}Gl+ z=Z4HL;X9{HrbsTHFVDR0E40;o%|%!ITE|3+FcT!;@eE`cIRxptoys@du(N*Tc~{;M z`_WwBEI1^H`8s5F){RZ7cV62-^;VPLcOGPw%A`~HLnT=Wn_^Co>PIa$Vc#k}7q$b4 z+9yTK6yKv!2VHlt)1D{i-}N7Z)IqRfg$C?u9-aIUzj7AQ4C!6FcE-GX#w&%_mZ__Q zWs2-!orN~yfob{m^ym2jyo8%>lwT!Nt)@nhPn2Y$FFjGI)4&pR z3umY4)QA(kS}Cb+eiA|@o@tL$ikF6=_<(b3&^#Z()ulw27h8Ekfwg&Q$ms7}d4n6T z63v+C{?-9xDtgc$ImS>h>Ne|VGD;$r3KW4TtOH&uB+jA&Mk~=5nOSCX3MobE5$e`{ z+HVV9py^j+<$BsmnGjeZd=k()1GYr08iat1tdbjv?+V;)X|0P-S%BFmpVG2r* zs&#_qh+#ZSraO-@X;RO2-Du%%PHSJV8a*w+G@#%LlRI{qY(TocakNOYpDEs4zCN-F#$JeV=0}~!~G~p2$F!~KJr(}U^Gf^T9Kg7quldX4Kj}R zhpRab=Hk8hg642eXUJm@T)7FW6{Ns3@fFWbt#nAUi4FS3jMH-4HBO7d(#29U7PJ>( z8w@&RPEn57(Tm#+u)!HD$r*1|JlOs01qb&K=>yaSaXtn%c?(AIqPjdHLQJubl}?PU zjV|`QI^V8J=qw|m(tEwh{$Tq*9qeCUffl?{zrKZ?%P5`gZ=KPkOveecG3^Y~TLQFMB<2X%UpN@B1o6r^ zUlu!U-@E@puh^`7SW1qFeF+y>N3q==DDmP8jf8ygX0O$uj>Fv2@sjmka5zJ&L<@#4 zo$3D!TdS`B5w(*&!%wQ<{Kz0lw1ooiNB~f@wxE|aOU`+>N0V<+oa#5dzy$TeF&{^V zE#Ja=qq3eaMXYEwhXm)tt`FkmKT*cjM;}0`c~~yZFoX}i-SSRTG|c<+S9|K?T~#=v z8`JCHtcZcn`nCSOl`>O?l+KF8kbPUlC%Mx+zBJN6$8_wD#1XmiHa~fsY>f^VaDzwe zlAw5V3mCx#&8Ik#9!qvWf6#{LmI4-3{xe2ruCDo|w0F?KyYHo(c)b~p>Auc+^^3gAm)12l9^pzr`zXJt2W1{n-l;W!lhl7qgA0WW*BA;)TM z*iX(j9{9OqnhI>xT_~}Evws|I`mQTbwJTBBmpO0DA=DG;sQNp*N(;abCOst*>=pvY zM5C?!cKhz(bf0(UIS@U(`RdS&mz8HK6yC@sdBoVdb96J6ILo=h_$+SFBQ$X+{kPM} z-%VxH!?qebX0iX&1khE1n4N2Te48_mKU1(hOVcyMmMN`#F1YGq76-k8@>A1X3exME zOOg1>f&&%Qweqz5Fj>UN-EO3?aj2BV2R&NYQYwq89va*6xBm-xtb;_c;Yr0@5Easjf5^uzWfBVA!l-aqppag!A)!xt?2r?wglOL5fB zO?`Gbfm4;a`>xC`C@L!uifbNDcQgim3!HSR^m`31h(;Rj3vMx`I;a^p+vn#zkX1@X z;KRSd0FJUlLBeK?0pfzZrk8kK@sTuH9S0|l$qYZ<&*@+3L44l#!c2ZwJLJkwcJhw- zo|d+&eG7w4u#+41B2f_GXaJ`GL(XGcp{AFQ!A3;`PYMKLb|(3+SOqha{TUfYGIO9- z42t;qAv=O6Vey!E7XGnWmhh(pGvb&x!xexbN=#czwlyAl#n-@=uZ1YT%{LZ}tbnzq zILevhfaT%c4nd2rC?_L4k%&hd?u#{9?PZX8!yvy%3OYNRcQZ9x^OYFffMq*uP#-(_ zVNQCrDNs+Rs@ZlLDse%y^~G9>B>$sDd7@KT%C0HA(8Jiu(0```Vd_mzNZv#G!s>oWNX;Gt;f7Y2O=|}IzSwLCr zdSn_RxWF=kS0hhEz!O+PkH}x?o?xrXOUdpX>y*b;!QJXCgi;hJ!9KBwb-}YecckjE zfAcJyHyCVE8T1BWeSw;Gc ziL02~tq9?+R{8d%GJs3A95C~Vq=DqyFNgju?R*E9`lMRbTWI~C)A!OKgc5L$N0}S#gEA?G>_w$3+C<3txqh3snYuKWC--7yj`^HfcsIgZd}R z?ueSbmtN0`c^Se@Ci}#Vf~dsRvGCPe%MslwP;(Wy$8PRnrWGiV>0rN$uALAn&!C?X zwQNtKX?>X!eXA5Sb9X4&fI7|{OfrQ4;6Q^HVgy%wl(*(Kt7Z?*R7-do6SQ^Np~hBs zHC6u4V8^@4j07)oafzzdA_*`m_FJv<2!19;jWtC<_LQ3vZ`C9dPu@XU9=}19v9ayu z?4Olv?)O7HR$E}Rd;M3L-oMNXnl>g!KFFF-N>#unZ{iXH6(t@6cwj!!I$O!Bo>22g z9RsMxFH%<{Mnl!j?Y#LO$gA7dc8;oDV>OZC2e%2Z3!nSzaYj5b#zfuPMaa*xhxWHZ zYxl<)wL9j3KUV*IC)eVIItdnc-r}&;it?J;_PdfLU$PgVyD*ZDR(Og+28K@Fha_jJ z0LKII0TyMZ zB!l<3*jL`g^&nRF1L?p+6h0Y`>0fdH*cL#Ee?x&`PxLYmB$C3%W!~&R(Gq8?sa&i5 zb2S9?RT%H2EWd}nDyuORi;*|(nO{7$h(a}^=-)~K-SPP6S+sZE-HbZH`|;fm0#SJ9 zQb3MB4f(fJf)G~=cjQAtuF9)UkJ;c6y2d}{*}9yy7CZOQ7a$*Uou)c~28iG@o5P(D zHxZbS_7zh>j#8rLTRNwxl`izDC^JGuy$c1nzj_1&%E{p*B+T`6ZfprQ9jbLocV(w> zfM3Zh^RL>m=P_=)c2Q7~6P}W^kMgDkgr?uK9QpH`&-d!3;OnkwR5rn1IPC;e_WeiC zNB-XMBfmgT^kjR>7%!XmOCrNKHA~~wJHp4`BN*>jssH3Cba{v$qQ2;bIh4U z-XG_ae&=jb^JYS#({St}W+2}vgiA_@h6{Z2q`>Tt)JSW|bsu5v$Ct>47rrjb0B zXsXk9&XVOdU|Nm?-n9!vHqTmXx+M^;18V4CfD?3{JGneesFfxlcWVuJp-&P8D%Wlw z8We3}LP~`lB~TL#7A=8P1yp2D4kLovaoqdU@8|~nR_wL^e3OceayAVPE{V0XDjnTIA-xVgq0VKt!i%8x!o%$~CRk`+0$X z_)-;i`NPk%7vk7hus)5f{k4~4V=fJrbuHhT&CSMK#;o2vV18orj zvDfWS^J0Hjs9*`Ja#iz_2%E+cVo~|6T=Ptx!{C1(cAQte2#)mlIA`eX39va&#roS+ zoWp$~I|JLN704!I7@fVAx`B~K?Sk*8MHpa49nTSI?D_>sWX4p-%oYzz=kBk*JTo#g zgOz8pOzzGTZY@EwX6D>5=V~u|wuzg*nO}r+bFG-19^+}R?|Ho*PsIR<xqHe@G z$ye`c()+@U=ey_WMet)3V_u{tIUm%l)tX`I5(sT}jug8{U~l4f{U5meUKJ939iRIa zaKTrcwnlws=9dNdp#xH221{Vktfn~Onh^Xjaj9!UJG6Sfz8zMnrpXGy= zN6`@sFbtUWSE?=n3zIaf@k~2!ZfdRhqzSG`xthr{G;_E`;{z#O_SjT!qWiE&)(!9? z6H;s=5dDgk*{JWrUu!}ZrA7ltz8g1uyA&eX)-YgyEFjLIPpZ|L+DT)Et~iQk{Jgri zsI8?062`Kn98ZZc8P)ZRJLZyU#HY3)y7Vp(v3=dN@qnZv+~VhuImW}2s?yb@HC4!g zIcm8&HxRe)cV5cMSh^V^L8N4ucZ9s|Dv(UeR^FyDE)&0?kok&v@FtW3Wa=nBglBP? zH8M5CAawmfuE2+1ZDP;_AA-z^^r@$C50Qy?Cwk^GV_)wk~A4Jl{0wCX*)CPxr`=t9E1)ZW}E+ZI=Iz!YEiK zz;4J1cI*KlCuee+TTaM+u|V9=R)$X&HtZa3j`4RE9QsVQ3e+BSrHy>Ym=Om`ogE`6 z$H{`g9Q=i2tS5#*->vNueevcA*0Qm6`ha~cb>4H7R41|a1Kyk+%Ou-L*p@k=IL4LXdOUbi8WRMm9t1Efd%FOTD0-0sVW&wXK|^CasdKzt;i_-Q6{&0 z!SXu7`q_wyJR#)LdX8?c*s zM)Y`&p$No^2|?_vUKRu~UqHr-05-Cq1ZH96ohJ-&XG|EMdO5=!d?0jmF`b%}2ClDn zn*Mhbe;5KyV@Hmmevl~K6Ams{e!gO%1}s~cL3x~gXVH%D_+jmV660gybIJePjnIb~ z4(;G-Y&jQMGB)IC?9d5=eeIan>*fXwM6WXS*TvW%I3gV zi!|X6TdWlr?cFgZXKw|(*>8l4(_l;Sj8Qvm=R6|)(R+?BgC2%hZQspo^i>KA-KD${ImKX@h1gS#1&c)ln(vmhUV0+bkr zP_@GMQEA%kQ_mixEbWDM$h^e4=2_-G&(dH3UMd(wkNyMj zIwAnEN5DTemJvMVAz+550~3t3@5i*t5YUhzD&kewQ<8`!Bhtu4kuB)|zsm0&QXqL$ z&k38x(Ftrcjq%Aa$7s_$3;OU^prmi&PTVKsBMhzk@%WaLnc$3sralX!?*6*`S3zxe>K7zayCM@ z^ka#-PL*Yyux9in*HD{VDwX5T#-fbYwWr_4^w6n6`n^*g@B!(F^bFEl+Rka{(PQUp z6ABLPJq~%R=0Y#o=Tx zckQ9=2nQw*4Sm(ZA(CxwjTwOO!aN6Z>pr*SQ>)x)9{9wv^(9PH9Ewj8t65^gCM{%p z7&npeqNN4Th`g7{6v|Si24JzJhw#aLAgr*-8{zn!?`o`Gn&zR%Jl<{s5NHt@RlC=Rk<{Dmw_Dn{#T{uW(;B#k*feA-TK&=Z6oE&| zG-{NdN#}haWk9S#?KmbOm)l6I*DGY3R7L{QJ93*Gx`yAl+P!YaFgHxZ`yli=BX>Dq z%Bqpx+}eV4-6W1QnvY#ol8W=5j%FBed5l}Dr+FD|vf&rXecfX>KC)g9F}W?2RQ48e zY1-g~j&Kzs3=l$G!)$JBsnlFGhaO!z86?@xnk~Sb74|)$v5N^43l7W-bfOj%?I&vppmQ{_C zc>KOk0*ZcxL>01!1)B*XWEuosTx!3m*SQInMb!5^xk4|0RRi)A#y-73mPUu|AiqD!gzPxN;DU*QYEL7*@U)R3~ zvJVX0JXolp7Y@!ktjTngXP1^@H#=UN_z_@q+0de&>~mQrBE9L(z|3Oj`Zf2|{G6jO zs5_=}8ui_;Kw_G{Sd-^~s zCV!KqDrVOm(AsOVR6rMogHd~I=lXVW4Z1+EmUuvJS&BKH1J(EgWOS9B!ZlmrS#mh@ zm`bwcA;*TKlMCm*y%n_ASwl=X#(5hBKWkI)Q@`P_3!zy>WoDAZ3PLn@u==Vofloh`85jn;rQie%vdzHmejSArb*Q4k@lII=9I-_ivMO_hDd_ zb|NG93ux^;1El@%>JWs)N#(WFL{TkicB=$1vqH}q>#^b;)j903RMzM8J~o`=p3i)) zCvsvD?rJSx41x=wUIX@x4YrHA9@U;M{%Xw5<2|*e$>}{356M1OhgtmE7d~(Zqmtr8 z*+G=PNKfAL&!RBz2&b6g46nLm83;O^PR`N*o5hxtTYD%%2s%}?A&d1B^JtfCY5FE8 zWtQl;_ERrSW@vC{`}u39IPpHs_0GQ^7`VRl_1~PFKNj>VO zem4udB^Cuw(Y^}m*JGGvg2ga1^)(BzdM%8gurYH5(Ax7#phdYT7)50~Mz`+X@9IEm zWTie~+SK(pDOPSNI{9A83JP? zyqE_3VSbfFHh}C03SIIq+=h8iHu{!G)*IRbr;!DaX+QaLlEa*f^((p;1 zKV6(gF`INoRaG7V7W+@uF=H#JBy@WQ6$tMW`L(vti>b~}202CqwZBKOxf%{xRL--0 z`(i;b4M{vtz0nJbEI+VR>NHu%PmwrJUGgh=su-mDd&;~Nl5AFkpvfa7k)(<@41_U? zQkzde`c;Q<)fNL6D~N%&x=`<~jra~{kwg)(tM@E8L*7GyHT^yhUpcNYRdcSr$8K$( zsOn=@SG%3v_3}&tDM3O!{rsX~eP56W=+;lbecj4Gn7*zv-ZQi5x&TGdIdD(dcceXq zR;u8qf{yb^eaz0L^98ur15*iL&KkT1I5Ic=9rPE2T z)n_BcRSb2d0gOHkSDGW=G;o6ArhjNXC~1GvMZEpaZuI1b(xo^udR>mdL^^Zvfl8Jr z(}tvyF4HX&s7Z6fF{A-ee605A*DNmMg=2KcntSU5rno!e^GVms^?_5Mnnss)aW09u zaZ_AIyO)7t;m+(b73hhVCeQ^;d_kDdwh7!9rPkA#gYV1vaBTMiJH!gVqhR-=56`IX zx$?1yVF*9$i~>C*<>ueOFHtXvN-T0u(r&D{ zWiVA6IAVkw9?%c+zk)+X)~hpUVT8i9iHv@^&UFFG&(1X$ErVaz@>#Hj`TSMnFx3m! zh#JCJ(wbza$`Y$-Hlg14hMTJ3DOq=@@BeK#d)_|C^T3rZ%_ja*T*Exo&1KPR%aDuC z_>uIM1&1KGC6M?+#Agd!t_KN0G%#(Y<+8ax1++A~(2Tcj&h2ZE<_Cs=xx;2h0_Gki zgpi^HKE?{%Rm5JhY5B6s1N=_pug<{9vLe86^OCdy6F&dYMDXhm9RHQN(@F&$k6S35 zt=>&-ae(Mq`HIslmxxBqix~>@5Y@5M^$kANG~goQ*P*9$3-lHU0MvH@OIGZf>k}yX zhc*oA6x3*>x9sz;MXlcu>4LQewn#VDUSg~VgQ+e`n&Ma+d_}-4PAYO*Z+vzDnk<+NI-?mRUZT} z?L%@yANOBp*6O-*f`?eF#pAQCh2Y6bONbX(V6-&}U)9$01ll5AfQGR;qiRRZSe?$E z6zu*X)>NxC0F!0aleHJ;7aq5>8x76YB>cl1nQ7pTSqHV>@VgU5u#gUoB(vrJRFZ)G zXwWPp*>GMrNsf*S+%p01g3p97xE8EW%|wj@Rx}c-s67|Sex{-20)botGPMBCWIjwvJI5(5j<*R$>!vU{y6dSu6G~7&XYy=IUTk^mn81 z8sP&w&0ek&I64wrk#1jtZ<`(`=-4}>bwKAWk0>}eKpV&G6di!-rcU}O7gIMHbd@Lh2otJZSIfD9`57mNmx^tQrY8Fg5ei19s6c9f8mRlbL()dK`UL+=aOaon30<+3NX5|vrnmsxkGGyd z$FAWPUo_(MQOZXF5HpeJYZzXv(PR`Dhngsdt-`$#?bOlIakUO2i}(omzIv}~gBIN# zeGaV2>K;&jkAAGFvv>FE@uvl$B-l|2CFpTvhJ9ZybUtt%RSLqFI3eoFTD06m;mWQ> zp|xp>FX$)m8VuQ zOLq!Pp&$aDq~K57&m#}o!4Ef3?^QY@`S;CC@|)gZaW)L;?uyKiD{oY)79Sz1wojaZ z1%vSHPu@;{XVncIEvwOkB~<@VfM@$C{IwaI9KY-wcE4&$aQAH*YePMJW~u^V{2 zE3U}{cw}@ofcUku17-W#G-C^52J*t9GRg+$EE-U2PZGjTy#UEd(l&_HQo-HVp; zKr@VyzB&mSnT!(XfB{8M1^?_{l_b`{C@Eef{!FK=31ma zXe+4d|J?AXJ%RXL@6d*C=t@Y7*wGTb8qj&*)u9=~B&qFXeohd6igOFUVDA+S_E@=S zR!jNU^5I&h{UBbvF9XVOUP!e->^YF&hyfe|C9c8OIcX2~cNb*fJE3mmA2oqfmI{>? z)15vt8Yl`ga0-ehJ3tN)x-8F$N<}(W#*<5fC|;&h*gHR=#*y3oNaNX!z&N-mv0L!Qj zz1Vm-GGg^LjQB$Gb&Ybybvqyt4KK{w&;!a1%0uU>NqMT}^na}|Z^X*~))c(_52@tiTGd@tgztKnpxPLx*z zOehTY`zzdE13uk=%oTMu2SqvRG`A{Y-N&<1bT?im1tcAx+~U(@LJ@mNx#r6Dxh=+W z&Bn^X&6eEcx9q9e!%m@W2I$nbb%*qTFI^RV{s0sjOg#*gP{qUY*;GtO=1pJfS!fR9GirWzwPN?)PCSfZA>9`EldPxpk4llo8YpS-JgS0i z0;VZ!zp5?dI~`RC^J2|1n8UWL!{G#Jp83NnIGK25msim3%;#UXp`KohrulJp+$lUd zv+ZRwvOV~`09gPtH=Uy0{~P-q`fdW-`pf5p_T%GTzYRI{8%QhUXc7nC#BPEdVrRj< z_asteKp7f7e`P63t5B>rLoKnsB`XGXCV8$E_hjf;Neee z_p^KO}KEdLF|hQcUA5Q4D=qsUd7Ibl~=0Losx7%belz+sO}a>X4hm z?nBWrG85F`9j-}Lit0&%L5y`>%9~)X$!uLzjSu~U+X|sU6p{)3U|IUbZauzgE|7y( zu}#cc{jGDl)!o^q{|nU=7(xWzu)umC+-R^-C?hqa?;Jmj0mm9C$Lk<=zcsWh9tm+p_<=yJ!Q7Jh}-v$+s%; zaJUud1|2(vSHE2pXOa8A{t=?pobKjq33pUJ+*r^Eaf6|L>#Sk7Ze&LAenxjo+;>j> z!~N*N*`1>{IdD<(N0MEau`t{3i#d%T?1B$PHQraCXDt@p@iGRyoB9R2l0n0ynp&|R z#IZ{u{knQ%tNb#^X(fM%iicuqu-W zy2Y+S&ucp=$oKlukWRKL;~w)62Au3J(8%dUfh{QNP^XZ}^1mxx|Gx1e^=BlR&a(;8 z>DN3BS~S`1YaFOJs*&cKxo?kK895QsdgkUu^dRmc@#S5sXWHMl#n|gv>~B~gc-SQ) zRogNz*eUsU?GqoZSS%Nv$!|-n=ptRdB!#l*27j0{Th&IRnbs7eS8 z)&WIGJ{-|zs%K>_WCkExyLSE;>b{)>JHRQ#Aq&L9Ok;`mp2-EvxQs+#GavuwkD^4b z8#My5N*K<@3|WQ4hE8X$k5~z!9~DY%TTL!+LH3D^-kz_h*yr>QBkV~<4i#A1vR%H( zZ#M&pj9z<8vYNY2!F50AZ&TJ-;@{P_+{qT*Xx@42H99*q8WAq!Fcfla5$LlBpJX_8 zD1c>}?BqmYyEF>s2(>)cA& zxHhJixxv|cel)?6wrj~-V-J4D0=^s(s3-_-z-pzN8|ZJxlHI~^_(Wr{+c}oLTTX3Q zU^1c~WDWIvg5@dt+;Trf7rGxvCv~h5v+S|P4-EMiW-RH>qV9xXn0O%Scs-9u8m^}U4%WkN2 zbX1T7oGL|j&L%&P%6;qFLk9k<=c*~g|0y*Sc1xJ zPpWEpRgd)N3egm%x6aE$p16k8!ZWb0U_Lga8yXd%K$PFa322jkXQo&BPb=LT4uLZW zw{3}4?&J%X#8SxE8yZ*UWLusuXYgp~xj%x;iA33A85P~pq3E{-{ko_muwb+Ha^wVp%U0-LHEN2OtO5CpR&2tz5sCfFcrI8#SVafN~t43 zO2+MUjL&mX5|J3LcN~`%b|dG&OB?L2E5T>kUlF^W zUPD&8!}zrar!xw`;^+*vDYO^%Q#N;ps>F;O{r%oOPR$Bq#se|y204-+zshIkYrtqk zZ`KH+uU}B>G}MR#O)gGbetwIntSy+EphcuIPc$5sjwoXdhV3WY{<)tXb?H4inFiY- z60x1Iy((997Qcm-{hyKRNeZb22Zb=1$$ zCo?dh+w8|KT;nbQA-aVJD`*zo)GdYM3#Mi$}AOgYW>8j+PZMF1HE}}Lzbjut5cm1#D2m%mIt*pP%LywCr#t`Y;(`SnsCv7+! zx|k}Gt-m<9OIUPJAt;%Y`k|a@)c8s^p#<_oA6}gu?H!?AND;A;Ad#8^{p*#6TGbVQ6OugNKS)F=h;jOAlJee~mpZBO;)O_d zG+FXE+9KV6dmcC0&G?578loC=7=1kYRUIELe?Ry`lVW&0alG%=FrF+(jn7*ny@!T4 ztH)zf`zY)ARWhs|6!g#b( zPV*bp8XfpBZ|aa%rvQxjNgJ#7Ftt1@LfmT$uLyu24pTJwZ6`loVtkHkwVLF^M^GfI zH72x@gzGCXfW|Oh{{A42pV-ZtFEbGe_%n^&O8w3r$kRm6pEo6U^ zE~i8a;$2hh5p-m?oDrijMj7y&Oi;ulpp{*F-3X6FgA}1{Db!CI9*6ASK8=1u;tBh= zNB+nE%1V=DV_WeA;Yj3Th&H{s4=nakR>h#Reql~t%AZXtMUW0fVTC@2DWN?ZhM|UI z*@(K@_~v~{4jH2dt{w{0|R0!FEYK@1B5s7wHdBeUOEF+y>kO|JlpE9tB-W{#dvCL j1akTLHwty}>onuyoz6$ZD94#@S15({Ak&K~_!57|IC8`K