From d16d30e9aab81338ce3f3580ed8c761c27dbcfb3 Mon Sep 17 00:00:00 2001 From: blat Date: Sat, 10 Dec 2022 18:52:41 +0100 Subject: [PATCH] update certs and build system --- .gitignore | 10 + README.md | 38 +++ README_build.md | 43 ++++ TODO.md | 23 ++ ansible.cfg | 13 + group_vars/builder.yml | 0 host_vars/belvedere-test.yml | 72 ++++++ host_vars/belvedere-vs.yml | 54 +++++ host_vars/belvedere.yml | 72 ++++++ host_vars/lime-000000000000.yml | 19 ++ hosts | 37 +++ inventory.yml | 23 ++ main.yml | 24 ++ mesh_devices_template.yml | 13 + playbooks/ada.yml | 8 + playbooks/belvedere.yml | 14 ++ playbooks/build_all_targets.yml | 32 +++ playbooks/build_single_target_dev_test.yml | 30 +++ playbooks/generate-new-device.yml | 17 ++ playbooks/generate-new-test-device.yml | 13 + playbooks/infra.test.yml | 20 ++ playbooks/infra.yml | 14 ++ roles/stable/build/defaults/main.yml | 14 ++ roles/stable/build/files/mac56-to-ip_host.sh | 15 ++ .../files/packages/vs-fix-openwrt21/Makefile | 8 + .../etc/uci-defaults/90_add_bat0_to_brlan | 4 + .../files/packages/vs-fix-openwrt22/Makefile | 8 + .../uci-defaults/90_add_confdir_to_dnsmasq | 4 + .../files/packages/vs-ninux-generic/Makefile | 27 +++ .../root/etc/config/lime-community | 64 +++++ .../root/etc/config/lime-node | 9 + .../root/etc/dropbear/authorized_keys | 3 + .../etc/lime-assets/community/cron_reboot | 3 + .../lime-assets/community/prometheus_enable | 5 + .../lime-assets/community/wireguard_server | 12 + .../files/packages/vs-ninux-tiny/Makefile | 22 ++ .../root/etc/config/lime-community | 60 +++++ .../build/files/packages/vs-ninux-wg/Makefile | 9 + .../vs-ninux-wg/root/etc/init.d/wireguard | 34 +++ .../root/etc/uci-defaults/90_wg-enable | 7 + .../root/etc/uci-defaults/90_wg-firewall | 36 +++ .../vs-ninux-wg/root/etc/wireguard/wg0.conf | 9 + .../build/files/packages/vs-test/Makefile | 8 + .../vs-test/root/etc/uci-defaults/90_vs-test | 7 + roles/stable/build/handlers/main.yml | 5 + .../build/tasks/conf_files_lime_mac.yml | 15 ++ roles/stable/build/tasks/configure.yml | 18 ++ roles/stable/build/tasks/configure_clean.yml | 21 ++ roles/stable/build/tasks/configure_custom.yml | 11 + roles/stable/build/tasks/configure_init.yml | 16 ++ roles/stable/build/tasks/init_vars.yml | 35 +++ roles/stable/build/tasks/init_wg_vars.yml | 38 +++ .../build/tasks/install_feeds_libremesh.yml | 7 + .../build/tasks/install_feeds_packages.yml | 7 + roles/stable/build/tasks/install_openwrt.yml | 23 ++ .../tasks/install_openwrt_requirements.yml | 35 +++ roles/stable/build/tasks/main.yml | 49 ++++ roles/stable/build/tasks/preflight.yml | 21 ++ roles/stable/build/tasks/vpn_wg_server.yml | 16 ++ roles/stable/build/tasks/webserver.yml | 10 + .../stable/build/templates/default_config.j2 | 15 ++ .../build/templates/default_target_config.j2 | 12 + roles/stable/build/templates/lime_mac.j2 | 22 ++ roles/stable/build/templates/vpn_wg_peer.j2 | 9 + roles/stable/dnsmasq/handlers/main.yml | 6 + roles/stable/dnsmasq/tasks/main.yml | 21 ++ .../dnsmasq/templates/etc_dnsmasq.conf.j2 | 57 +++++ roles/stable/dnsmasq/vars/main.yml | 19 ++ .../monitoring/alertmanager/tasks/main.yml | 41 ++++ .../blackbox_exporter/tasks/main.yml | 4 + .../blackbox_exporter/vars/main.yml | 47 ++++ .../monitoring/prometheus/tasks/main.yml | 17 ++ .../monitoring/prometheus/vars/main.yml | 223 ++++++++++++++++++ roles/stable/nginx/defaults/main.yml | 6 + roles/stable/nginx/tasks/certbot.yml | 23 ++ roles/stable/nginx/tasks/certificates.yml | 38 +++ roles/stable/nginx/tasks/main.yml | 78 ++++++ roles/stable/nginx/templates/default.j2 | 25 ++ .../nginx/templates/fpm_service.conf.j2 | 31 +++ .../nginx/templates/reverse_proxy.conf.j2 | 44 ++++ .../nginx/templates/static_service.conf.j2 | 33 +++ .../openssl_certificates/defaults/main.yml | 4 + .../images/android-12_firefox_ca-enable.jpg | Bin 0 -> 99710 bytes .../images/android-12_firefox_ca-enabled.jpg | Bin 0 -> 53094 bytes .../images/android-12_settings_ca-install.jpg | Bin 0 -> 39974 bytes .../android-12_settings_ca-installed.jpg | Bin 0 -> 32026 bytes .../files/ca/images/green_lock.png | Bin 0 -> 10703 bytes .../files/ca/images/linux_chromium.jpg | Bin 0 -> 39395 bytes .../files/ca/images/linux_firefox.jpg | Bin 0 -> 59261 bytes .../files/ca/images/openssl_logo.svg | 41 ++++ .../files/ca/vendor/imagebox.min.css | 6 + .../files/ca/vendor/imagebox.min.js | 6 + .../openssl_certificates/tasks/authority.yml | 44 ++++ .../tasks/authority_webserver.yml | 42 ++++ .../openssl_certificates/tasks/main.yml | 16 ++ .../openssl_certificates/tasks/server.yml | 42 ++++ .../tasks/server_webserver.yml | 20 ++ .../templates/authority.conf.j2 | 14 ++ .../templates/authority.html.j2 | 140 +++++++++++ .../templates/server.conf.j2 | 14 ++ .../templates/server.ext.j2 | 26 ++ .../stable/openssl_certificates/vars/main.yml | 36 +++ roles/wireguard/tasks/main.yml | 58 +++++ roles/wireguard/tasks/server.yml | 8 + roles/wireguard/templates/client_wg0.j2 | 11 + vars/belvederi.yml | 12 + vars/build/_h5ai.yml | 12 + vars/build/dev_test.yml | 44 ++++ vars/build/main.yml | 45 ++++ vars/build/openwrt.yml | 7 + vars/build/targets/21.02.3_ramips_mt76x8.yml | 26 ++ vars/build/targets/ar71xx_generic.yml | 43 ++++ vars/build/targets/ath79_tiny.yml | 20 ++ .../targets/old_stable_ath79_generic.yml | 24 ++ .../targets/test_stable_ath79_generic.yml | 28 +++ .../targets/test_stable_ramips_mt7620.yml | 27 +++ vars/build/test.yml | 45 ++++ vars/libremesh.yml | 4 + vars/monitoring.yml | 22 ++ vars/smtp.yml | 5 + vars/telegram.yml | 3 + vars/test.yml | 1 + vars/wireguard.yml | 10 + 123 files changed, 2961 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 README_build.md create mode 100644 TODO.md create mode 100644 ansible.cfg create mode 100644 group_vars/builder.yml create mode 100644 host_vars/belvedere-test.yml create mode 100644 host_vars/belvedere-vs.yml create mode 100644 host_vars/belvedere.yml create mode 100644 host_vars/lime-000000000000.yml create mode 100644 hosts create mode 100644 inventory.yml create mode 100644 main.yml create mode 100644 mesh_devices_template.yml create mode 100644 playbooks/ada.yml create mode 100644 playbooks/belvedere.yml create mode 100644 playbooks/build_all_targets.yml create mode 100644 playbooks/build_single_target_dev_test.yml create mode 100644 playbooks/generate-new-device.yml create mode 100644 playbooks/generate-new-test-device.yml create mode 100644 playbooks/infra.test.yml create mode 100644 playbooks/infra.yml create mode 100644 roles/stable/build/defaults/main.yml create mode 100755 roles/stable/build/files/mac56-to-ip_host.sh create mode 100644 roles/stable/build/files/packages/vs-fix-openwrt21/Makefile create mode 100755 roles/stable/build/files/packages/vs-fix-openwrt21/root/etc/uci-defaults/90_add_bat0_to_brlan create mode 100644 roles/stable/build/files/packages/vs-fix-openwrt22/Makefile create mode 100644 roles/stable/build/files/packages/vs-fix-openwrt22/root/etc/uci-defaults/90_add_confdir_to_dnsmasq create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/Makefile create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-community create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-node create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/root/etc/dropbear/authorized_keys create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/cron_reboot create mode 100644 roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/prometheus_enable create mode 100755 roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/wireguard_server create mode 100644 roles/stable/build/files/packages/vs-ninux-tiny/Makefile create mode 100644 roles/stable/build/files/packages/vs-ninux-tiny/root/etc/config/lime-community create mode 100644 roles/stable/build/files/packages/vs-ninux-wg/Makefile create mode 100755 roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard create mode 100644 roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-enable create mode 100644 roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-firewall create mode 100644 roles/stable/build/files/packages/vs-ninux-wg/root/etc/wireguard/wg0.conf create mode 100644 roles/stable/build/files/packages/vs-test/Makefile create mode 100755 roles/stable/build/files/packages/vs-test/root/etc/uci-defaults/90_vs-test create mode 100644 roles/stable/build/handlers/main.yml create mode 100644 roles/stable/build/tasks/conf_files_lime_mac.yml create mode 100644 roles/stable/build/tasks/configure.yml create mode 100644 roles/stable/build/tasks/configure_clean.yml create mode 100644 roles/stable/build/tasks/configure_custom.yml create mode 100644 roles/stable/build/tasks/configure_init.yml create mode 100644 roles/stable/build/tasks/init_vars.yml create mode 100644 roles/stable/build/tasks/init_wg_vars.yml create mode 100644 roles/stable/build/tasks/install_feeds_libremesh.yml create mode 100644 roles/stable/build/tasks/install_feeds_packages.yml create mode 100644 roles/stable/build/tasks/install_openwrt.yml create mode 100644 roles/stable/build/tasks/install_openwrt_requirements.yml create mode 100644 roles/stable/build/tasks/main.yml create mode 100644 roles/stable/build/tasks/preflight.yml create mode 100644 roles/stable/build/tasks/vpn_wg_server.yml create mode 100644 roles/stable/build/tasks/webserver.yml create mode 100644 roles/stable/build/templates/default_config.j2 create mode 100644 roles/stable/build/templates/default_target_config.j2 create mode 100644 roles/stable/build/templates/lime_mac.j2 create mode 100644 roles/stable/build/templates/vpn_wg_peer.j2 create mode 100644 roles/stable/dnsmasq/handlers/main.yml create mode 100644 roles/stable/dnsmasq/tasks/main.yml create mode 100644 roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2 create mode 100644 roles/stable/dnsmasq/vars/main.yml create mode 100644 roles/stable/monitoring/alertmanager/tasks/main.yml create mode 100644 roles/stable/monitoring/blackbox_exporter/tasks/main.yml create mode 100644 roles/stable/monitoring/blackbox_exporter/vars/main.yml create mode 100644 roles/stable/monitoring/prometheus/tasks/main.yml create mode 100644 roles/stable/monitoring/prometheus/vars/main.yml create mode 100644 roles/stable/nginx/defaults/main.yml create mode 100644 roles/stable/nginx/tasks/certbot.yml create mode 100644 roles/stable/nginx/tasks/certificates.yml create mode 100644 roles/stable/nginx/tasks/main.yml create mode 100644 roles/stable/nginx/templates/default.j2 create mode 100644 roles/stable/nginx/templates/fpm_service.conf.j2 create mode 100644 roles/stable/nginx/templates/reverse_proxy.conf.j2 create mode 100644 roles/stable/nginx/templates/static_service.conf.j2 create mode 100644 roles/stable/openssl_certificates/defaults/main.yml create mode 100644 roles/stable/openssl_certificates/files/ca/images/android-12_firefox_ca-enable.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/android-12_firefox_ca-enabled.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-install.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-installed.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/green_lock.png create mode 100644 roles/stable/openssl_certificates/files/ca/images/linux_chromium.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/linux_firefox.jpg create mode 100644 roles/stable/openssl_certificates/files/ca/images/openssl_logo.svg create mode 100644 roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.css create mode 100644 roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.js create mode 100644 roles/stable/openssl_certificates/tasks/authority.yml create mode 100644 roles/stable/openssl_certificates/tasks/authority_webserver.yml create mode 100644 roles/stable/openssl_certificates/tasks/main.yml create mode 100644 roles/stable/openssl_certificates/tasks/server.yml create mode 100644 roles/stable/openssl_certificates/tasks/server_webserver.yml create mode 100644 roles/stable/openssl_certificates/templates/authority.conf.j2 create mode 100644 roles/stable/openssl_certificates/templates/authority.html.j2 create mode 100644 roles/stable/openssl_certificates/templates/server.conf.j2 create mode 100644 roles/stable/openssl_certificates/templates/server.ext.j2 create mode 100644 roles/stable/openssl_certificates/vars/main.yml create mode 100644 roles/wireguard/tasks/main.yml create mode 100644 roles/wireguard/tasks/server.yml create mode 100644 roles/wireguard/templates/client_wg0.j2 create mode 100644 vars/belvederi.yml create mode 100644 vars/build/_h5ai.yml create mode 100644 vars/build/dev_test.yml create mode 100644 vars/build/main.yml create mode 100644 vars/build/openwrt.yml create mode 100644 vars/build/targets/21.02.3_ramips_mt76x8.yml create mode 100644 vars/build/targets/ar71xx_generic.yml create mode 100644 vars/build/targets/ath79_tiny.yml create mode 100644 vars/build/targets/old_stable_ath79_generic.yml create mode 100644 vars/build/targets/test_stable_ath79_generic.yml create mode 100644 vars/build/targets/test_stable_ramips_mt7620.yml create mode 100644 vars/build/test.yml create mode 100644 vars/libremesh.yml create mode 100644 vars/monitoring.yml create mode 100644 vars/smtp.yml create mode 100644 vars/telegram.yml create mode 100644 vars/test.yml create mode 100644 vars/wireguard.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d473be9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,10 @@ +/lime-mac/* +doc*.md + + +# public +/lime-mac/* +/host_vars/lime-* +!/host_vars/lime-000000000000.yml +group_vars/wg_server.yml +/mesh_devices.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..a99b6d0 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ + +un ruolo ansible per aggiornare i belvederi e la macchina con gli strumenti + +alcuni ruoli per installare i componenti necessari al monitoring dei belvederi +- prometheus +- blackbox_exporter +- alertmanager + +requirements + pip3 install ansible + pip3 install jinja2-ansible-filters + +Aggiungi il percorso di dove ti ha installato ansible ed aggeggi vari nel tuo .bash_profile che hai in home: + +``` +#ansible ed ansible-galaxy +export PATH=$PATH:~/.local/bin +``` +dai `source ~/.bash_profile` + +Installa i componenti ansible-galaxy + + ansible-galaxy collection install community.general + ansible-galaxy install cloudalchemy.prometheus + ansible-galaxy install cloudalchemy.blackbox-exporter + ansible-galaxy install cloudalchemy.alertmanager + ansible-galaxy install nginxinc.nginx + ansible-galaxy install nginxinc.nginx_config + +run + ansible-playbook -i hosts -i inventory.yml main.yml + +setup dei belvederi + ansible-playbook -i hosts -i inventory.yml infra.yml + + +# +https://openwrt.org/docs/guide-developer/toolchain/use-buildsystem diff --git a/README_build.md b/README_build.md new file mode 100644 index 0000000..628ba61 --- /dev/null +++ b/README_build.md @@ -0,0 +1,43 @@ + +esempio di test per buildare per tutti i targets + +ansible-playbook \ + -i hosts \ + -i mesh_devices.yml \ + -i inventory.yml \ + --skip-tags preflight \ + --skip-tags openwrt_install \ + --skip-tags libremesh_install \ + --skip-tags libremesh_packages \ + --skip-tags configure_profiles \ + --skip-tags webserver \ + playbooks/build_all_targets.yml + +#### configura e builda + ansible-playbook \ + -i hosts \ + -i mesh_devices.yml \ + -i inventory.yml \ + --skip-tags preflight \ + --skip-tags openwrt_install \ + --skip-tags libremesh_install \ + --skip-tags webserver \ + playbooks/build_single_target_dev_test.yml + + +# nuovo target +ansible-playbook \ + -i hosts \ + -i mesh_devices.yml \ + -i inventory.yml \ + playbooks/build_single_target_dev_test.yml + + +ansible-playbook \ + -i hosts \ + -i mesh_devices.yml \ + -i inventory.yml \ + --skip-tags openwrt_install \ + --skip-tags libremesh_install \ + --skip-tags webserver \ + playbooks/build_all_targets.yml diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..e248359 --- /dev/null +++ b/TODO.md @@ -0,0 +1,23 @@ + +# roles/stable/build +[ ] create a build_all playbook +- [ ] create target specific vars for build_all +[ ] group firmware in human readable way +[ ] replace mac56_to_ipCD.sh with an ansible script if possible +[ ] move packages from roles/stable/build/files to a repo +- [ ] finish refactor of vs-ninux-wg (should it keep this name after refactor?) +[ ] setup a repo with an updated .gitignore for publishing purposes +[ ] update README with build system information +[ ] add tags or prefix in tasks of roles/stable/build/tasks/main.yml +[ ] reduce size of lime-mac files (include only ones of the same target?) + +[ ] issue: building for a new target ramips_mt76x8 doesn't select the device tl-wr6400-v4 at first time. props: changing target and then make defconfig, then cat EOF the target device and redo a make defconfig + +[ ] add workaround to initialize device br-lan on openwrt 21.02.3 +config device + option name 'br-lan' + option type 'bridge' + list ports 'eth0' + list ports 'bat0' + +[ ] try to add support for lbe-m5 on openwrt 21.02.3 diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..b828b1b --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,13 @@ + +[passwordstore_lookup] +lock=readwrite +locktimeout=45000s + +[defaults] +inventory = ./inventory.yml +interpreter_python = /usr/bin/python3 +remote_user = root + + +[ssh_connection] +scp_if_ssh=True diff --git a/group_vars/builder.yml b/group_vars/builder.yml new file mode 100644 index 0000000..e69de29 diff --git a/host_vars/belvedere-test.yml b/host_vars/belvedere-test.yml new file mode 100644 index 0000000..1cb355e --- /dev/null +++ b/host_vars/belvedere-test.yml @@ -0,0 +1,72 @@ +belvedere_targets: + - targets: ['10.170.169.234:9090'] + labels: + host: 'ninux-59a9ea' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.213.244:9090'] + labels: + host: 'scutigera' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.170.196:9090'] + labels: + host: 'cetonia' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.157.135:9090'] + labels: + host: 'stercoraro' + group: 'mesh_routers' + alert: 'yes' + + - targets: ['10.170.247.96:9090'] + labels: + host: 'neomantix' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.135.90:9090'] + labels: + host: 'cervo-volante' + group: 'home_routers' + alert: 'yes' + + - targets: ['10.169.165.230:9090'] + labels: + host: 'falena' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.154.103:9090'] + labels: + host: 'tarlo' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.207.117.192:9090'] + labels: + host: 'ninux-cabum' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.150.95:9090'] + labels: + host: 'grillo' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.135.117:9090'] + labels: + host: 'ninux-598775' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.248.242:9090'] + labels: + host: 'amphithrix' + group: 'mesh_stations' + alert: 'yes' diff --git a/host_vars/belvedere-vs.yml b/host_vars/belvedere-vs.yml new file mode 100644 index 0000000..2f7fd13 --- /dev/null +++ b/host_vars/belvedere-vs.yml @@ -0,0 +1,54 @@ +belvedere_targets: + - targets: ['10.170.161.237:9090'] + labels: + host: 'ninux-dba1ed' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.233.12:9090'] + labels: + host: 'zanzara' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.173.138:9090'] + labels: + host: 'scolopendra' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.147.243:9090'] + labels: + host: 'ape' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.254.23.220:9090'] + labels: + host: 'scarabeo' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.154.252:9090'] + labels: + host: 'formica' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.130.99:9090'] + labels: + host: 'mantide' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.163.2:9090'] + labels: + host: 'cavolaia' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.173.201:9090'] + labels: + host: 'ninux-25adc9' + group: 'home_routers' + alert: 'no' diff --git a/host_vars/belvedere.yml b/host_vars/belvedere.yml new file mode 100644 index 0000000..1cb355e --- /dev/null +++ b/host_vars/belvedere.yml @@ -0,0 +1,72 @@ +belvedere_targets: + - targets: ['10.170.169.234:9090'] + labels: + host: 'ninux-59a9ea' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.213.244:9090'] + labels: + host: 'scutigera' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.170.196:9090'] + labels: + host: 'cetonia' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.157.135:9090'] + labels: + host: 'stercoraro' + group: 'mesh_routers' + alert: 'yes' + + - targets: ['10.170.247.96:9090'] + labels: + host: 'neomantix' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.135.90:9090'] + labels: + host: 'cervo-volante' + group: 'home_routers' + alert: 'yes' + + - targets: ['10.169.165.230:9090'] + labels: + host: 'falena' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.154.103:9090'] + labels: + host: 'tarlo' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.207.117.192:9090'] + labels: + host: 'ninux-cabum' + group: 'mesh_stations' + alert: 'no' + + - targets: ['10.170.150.95:9090'] + labels: + host: 'grillo' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.135.117:9090'] + labels: + host: 'ninux-598775' + group: 'mesh_stations' + alert: 'yes' + + - targets: ['10.170.248.242:9090'] + labels: + host: 'amphithrix' + group: 'mesh_stations' + alert: 'yes' diff --git a/host_vars/lime-000000000000.yml b/host_vars/lime-000000000000.yml new file mode 100644 index 0000000..673b626 --- /dev/null +++ b/host_vars/lime-000000000000.yml @@ -0,0 +1,19 @@ +# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 utils +ip_host: 0.0 +# END ANSIBLE MANAGED BLOCK lime-000000000000 utils +# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 common +hostname: ninux-000000 +lime_mac: lime-000000000000 +main_ipv4_address: 10.170.0.0/16 +# END ANSIBLE MANAGED BLOCK lime-000000000000 common +# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 config +config_lime_system: option hostname 'ninux-000000' +config_lime_wifi: option channel_5ghz '48' +# END ANSIBLE MANAGED BLOCK lime-000000000000 config +# BEGIN ANSIBLE MANAGED BLOCK lime-000000000000 vpn wireguard wg0 +vpn_wg0_privatekey: UIHZ9uTOxW07jHTQHAzUvmWAS6tkPtQWqZU9Gp6LcHY= +vpn_wg0_publickey: HgdBD20UBNzWkDJfP4H20Nr+IyzOyWBdqXCV69XktQA= +vpn_wg0_presharedkey: 3rod8G0DsZzkxMmR95Sf76URdH4aiZEUdlol8lOL+ww= +vpn_wg0_listenport: 51800 +vpn_wg0_address: 192.168.0.0/16 +# END ANSIBLE MANAGED BLOCK lime-000000000000 vpn wireguard wg0 diff --git a/hosts b/hosts new file mode 100644 index 0000000..39fcb30 --- /dev/null +++ b/hosts @@ -0,0 +1,37 @@ +croara: + hosts: + belvedere: + ansible_host: 10.0.0.10 + ansible_user: pi + ansible_become_user: root + ansible_become: yes + ada: + ansible_host: 10.170.42.91 + ansible_user: antennine + ansible_become_pass: "{{ lookup('passwordstore', 'chiavi_antennine/ada/user_root', errors='strict') | default(omit) }}" + ansible_become_user: root + ansible_become_method: su + ansible_become_flags: + belvedere-test: + ansible_host: 10.170.64.34 + ansible_user: pi + ansible_become_user: root + ansible_become: yes + +valsamoggia: + hosts: + belvedere-vs: + ansible_host: 10.0.0.11 + ansible_user: pi + ansible_become_user: root + ansible_become: yes + +vps: + hosts: + jitsi: + ansible_host: 10.0.0.1 + ansible_user: + ansible_become_user: root + ansible_become_pass: "{{ lookup('passwordstore', 'chiavi_antennine/jitsi/user_root', errors='strict') | default(omit) }}" + ansible_become_method: su + ansible_become_flags: diff --git a/inventory.yml b/inventory.yml new file mode 100644 index 0000000..e6228fb --- /dev/null +++ b/inventory.yml @@ -0,0 +1,23 @@ +belvederi: + hosts: + belvedere: + belvedere-vs: + +strumenti: + hosts: ada + +ca: + hosts: ada + +builder: + hosts: ada + +wg_server: + hosts: jitsi + +# test: +# hosts: test.jolly +# vars: +# ansible_user: debian + +all: diff --git a/main.yml b/main.yml new file mode 100644 index 0000000..985e692 --- /dev/null +++ b/main.yml @@ -0,0 +1,24 @@ +--- +- hosts: all + gather_facts: yes + become: yes + + tasks: + - name: Perform a dist-upgrade. + ansible.builtin.apt: + upgrade: dist + update_cache: yes + + - name: Check if a reboot is required. + ansible.builtin.stat: + path: /var/run/reboot-required + get_md5: no + register: reboot_required_file + + - name: Reboot the server (if required). + ansible.builtin.reboot: + when: reboot_required_file.stat.exists == true + + - name: Remove dependencies that are no longer required. + ansible.builtin.apt: + autoremove: yes diff --git a/mesh_devices_template.yml b/mesh_devices_template.yml new file mode 100644 index 0000000..9ffed0d --- /dev/null +++ b/mesh_devices_template.yml @@ -0,0 +1,13 @@ +mesh_devices: + hosts: + # litebeam + lime-000000000000: + hostname: cocciniglia + + # tplink_tl-wr940n-v6 + lime-000000000000: + hostname: cervovolante + + # tplink_cpe510 + lime-000000000000: + hostname: oncocera-semirubella diff --git a/playbooks/ada.yml b/playbooks/ada.yml new file mode 100644 index 0000000..3d99d66 --- /dev/null +++ b/playbooks/ada.yml @@ -0,0 +1,8 @@ +--- +## Ada +- name: Ada + hosts: ada + become: yes + roles: + - '../roles/stable/openssl_certificates' + tags: certificates diff --git a/playbooks/belvedere.yml b/playbooks/belvedere.yml new file mode 100644 index 0000000..bab7d25 --- /dev/null +++ b/playbooks/belvedere.yml @@ -0,0 +1,14 @@ +--- +## Monitoring +- name: Monitoring + hosts: belvedere + roles: + - '../roles/stable/monitoring/prometheus' + - '../roles/stable/monitoring/blackbox_exporter' + - '../roles/stable/monitoring/alertmanager' + - '../roles/stable/dnsmasq' + vars_files: + - ../vars/monitoring.yml + - ../vars/smtp.yml + - ../vars/telegram.yml + tags: monitoring diff --git a/playbooks/build_all_targets.yml b/playbooks/build_all_targets.yml new file mode 100644 index 0000000..f505b0a --- /dev/null +++ b/playbooks/build_all_targets.yml @@ -0,0 +1,32 @@ +--- +# Build all targets + +- name: Build {{ openwrt_version }} ath79_generic + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/dev_test.yml + - ../vars/build/targets/ath79_generic.yml + tags: generate device + +- name: Build {{ openwrt_version }} ar71xx_generic + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/dev_test.yml + - ../vars/build/targets/ar71xx_generic.yml + tags: generate device + +- name: Build ath79_tiny + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/dev_test.yml + - ../vars/build/targets/ath79_tiny.yml + tags: generate device diff --git a/playbooks/build_single_target_dev_test.yml b/playbooks/build_single_target_dev_test.yml new file mode 100644 index 0000000..eb044e9 --- /dev/null +++ b/playbooks/build_single_target_dev_test.yml @@ -0,0 +1,30 @@ +--- +# Build single target dev_test. +# +- name: Build single target dev_test. + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/openwrt.yml + - ../vars/build/dev_test.yml + - ../vars/build/_h5ai.yml + - ../vars/build/targets/test_stable_ramips_mt7620.yml + # - ../vars/build/targets/test_stable_ath79_generic.yml + # - ../vars/build/targets/22.03.1_ath79_generic.yml + tags: generate_device + +- name: Build single target dev_test. + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/openwrt.yml + - ../vars/build/dev_test.yml + - ../vars/build/_h5ai.yml + # - ../vars/build/targets/test_stable_ramips_mt7620.yml + - ../vars/build/targets/test_stable_ath79_generic.yml + # - ../vars/build/targets/22.03.1_ath79_generic.yml + tags: generate_device diff --git a/playbooks/generate-new-device.yml b/playbooks/generate-new-device.yml new file mode 100644 index 0000000..2f57688 --- /dev/null +++ b/playbooks/generate-new-device.yml @@ -0,0 +1,17 @@ +--- +# Generate a new device. +# +- name: Generate a new device. + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/main.yml + - ../vars/build/_h5ai.yml + - ../vars/build/ath79_generic.yml + tags: generate device + +- handlers: + - name: Add wireguard keys to server + import_tasks: ../roles/stable/build/tasks/server.yml diff --git a/playbooks/generate-new-test-device.yml b/playbooks/generate-new-test-device.yml new file mode 100644 index 0000000..a0f63d7 --- /dev/null +++ b/playbooks/generate-new-test-device.yml @@ -0,0 +1,13 @@ +--- +# Generate a new device. +# +- name: Generate a new device. + gather_facts: false + hosts: builder + roles: + - ../roles/stable/build + vars_files: + - ../vars/build/test.yml + - ../vars/build/_h5ai.yml + # - ../vars/build/devices.yml + tags: generate device diff --git a/playbooks/infra.test.yml b/playbooks/infra.test.yml new file mode 100644 index 0000000..0ba8e8f --- /dev/null +++ b/playbooks/infra.test.yml @@ -0,0 +1,20 @@ +--- +## Monitoring +- name: Monitoring + gather_facts: false + hosts: belvedere-test + roles: + - '../roles/stable/monitoring/prometheus' + - '../roles/stable/monitoring/blackbox_exporter' + - '../roles/stable/monitoring/alertmanager' + - '../roles/stable/dnsmasq' + - '../roles/wireguard' + - '../roles/stable/nginx' + vars_files: + - ../vars/monitoring.yml + - ../vars/smtp.yml + - ../vars/telegram.yml + - ../vars/test.yml + - ../vars/wireguard.yml + - ../vars/belvederi.yml + tags: monitoring diff --git a/playbooks/infra.yml b/playbooks/infra.yml new file mode 100644 index 0000000..78f6b13 --- /dev/null +++ b/playbooks/infra.yml @@ -0,0 +1,14 @@ +--- +## Monitoring +- name: Monitoring + hosts: belvederi + roles: + - '../roles/stable/monitoring/prometheus' + - '../roles/stable/monitoring/blackbox_exporter' + - '../roles/stable/monitoring/alertmanager' + - '../roles/stable/dnsmasq' + vars_files: + - ../vars/monitoring.yml + - ../vars/smtp.yml + - ../vars/telegram.yml + tags: monitoring diff --git a/roles/stable/build/defaults/main.yml b/roles/stable/build/defaults/main.yml new file mode 100644 index 0000000..2a5bddb --- /dev/null +++ b/roles/stable/build/defaults/main.yml @@ -0,0 +1,14 @@ +--- +skip_preflight: true +skip_openwrt_install: false +skip_libremesh_install: false +skip_configure_profiles: false +skip_configure_clean: false +skip_configure_custom: false +skip_configure_init: false +skip_webserver_update: false + +with_wireguard: false + +default_channel_5ghz: 48 +default_vpn_wg0_listenport: 51800 diff --git a/roles/stable/build/files/mac56-to-ip_host.sh b/roles/stable/build/files/mac56-to-ip_host.sh new file mode 100755 index 0000000..d4548e0 --- /dev/null +++ b/roles/stable/build/files/mac56-to-ip_host.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +[ $1 = "" ] && exit +mac=$1 +mac_5=$(echo ${mac: -4:2}) +mac_6=$(echo ${mac: -2}) +ip_c=$(echo $((0x$mac_5))) +ip_d=$(echo $((0x$mac_6))) + +if [[ $2 = "--start-from" ]] +then + [[ $ip_c -lt $3 ]] && ((ip_c+=$3)) +fi + +echo ${ip_c}.${ip_d} diff --git a/roles/stable/build/files/packages/vs-fix-openwrt21/Makefile b/roles/stable/build/files/packages/vs-fix-openwrt21/Makefile new file mode 100644 index 0000000..6e266a6 --- /dev/null +++ b/roles/stable/build/files/packages/vs-fix-openwrt21/Makefile @@ -0,0 +1,8 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=fix openwrt21 add bat0 to brlan +PROFILE_DEPENDS:= +lime-system + +include ../../profile.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-fix-openwrt21/root/etc/uci-defaults/90_add_bat0_to_brlan b/roles/stable/build/files/packages/vs-fix-openwrt21/root/etc/uci-defaults/90_add_bat0_to_brlan new file mode 100755 index 0000000..d3de246 --- /dev/null +++ b/roles/stable/build/files/packages/vs-fix-openwrt21/root/etc/uci-defaults/90_add_bat0_to_brlan @@ -0,0 +1,4 @@ +#!/bin/sh + +uci add_list "network.@device[0].ports=bat0" +exit 0 diff --git a/roles/stable/build/files/packages/vs-fix-openwrt22/Makefile b/roles/stable/build/files/packages/vs-fix-openwrt22/Makefile new file mode 100644 index 0000000..6e266a6 --- /dev/null +++ b/roles/stable/build/files/packages/vs-fix-openwrt22/Makefile @@ -0,0 +1,8 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=fix openwrt21 add bat0 to brlan +PROFILE_DEPENDS:= +lime-system + +include ../../profile.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-fix-openwrt22/root/etc/uci-defaults/90_add_confdir_to_dnsmasq b/roles/stable/build/files/packages/vs-fix-openwrt22/root/etc/uci-defaults/90_add_confdir_to_dnsmasq new file mode 100644 index 0000000..723eec9 --- /dev/null +++ b/roles/stable/build/files/packages/vs-fix-openwrt22/root/etc/uci-defaults/90_add_confdir_to_dnsmasq @@ -0,0 +1,4 @@ +#!/bin/sh + +uci set "uci set dhcp.@dnsmasq[0].confdir=/etc/dnsmasq.d/" +exit 0 diff --git a/roles/stable/build/files/packages/vs-ninux-generic/Makefile b/roles/stable/build/files/packages/vs-ninux-generic/Makefile new file mode 100644 index 0000000..8822b18 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/Makefile @@ -0,0 +1,27 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=Generic valsamoggia configuration +PROFILE_DEPENDS:= +prometheus-node-exporter-lua \ + +prometheus-node-exporter-lua-wifi \ + +prometheus-node-exporter-lua-wifi_stations \ + +prometheus-node-exporter-lua-openwrt \ + +lime-proto-babeld \ + +lime-proto-batadv \ + +lime-proto-anygw \ + +lime-proto-wan \ + +lime-hwd-openwrt-wan \ + +shared-state \ + +hotplug-initd-services \ + +shared-state-babeld_hosts \ + +shared-state-bat_hosts \ + +shared-state-dnsmasq_hosts \ + +shared-state-dnsmasq_leases \ + +shared-state-nodes_and_links \ + +check-date-http \ + +lime-app \ + +lime-hwd-ground-routing \ + +lime-debug + +include ../../profile.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-community b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-community new file mode 100644 index 0000000..139e605 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-community @@ -0,0 +1,64 @@ +config lime system + option hostname 'ninux-%M4%M5%M6' + option domain 'valsamoggia.ninux.org' + option keep_on_upgrade 'libremesh base-files-essential /etc/sysupgrade.conf' + option root_password_policy 'SET_SECRET' + option root_password_secret '$1$5OlrdoPc$q0p0th7CmSUuCBqsS2.6W.' + +config lime network + option primary_interface 'eth0' + option main_ipv4_address '10.170.128.0/16/17' + option anygw_dhcp_start '5120' + option anygw_dhcp_limit '27648' + option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64' + list protocols ieee80211s + list protocols lan + list protocols anygw + list protocols batadv:%N1 + list protocols babeld:17 + list resolvers 4.2.2.2 # b.resolvers.Level3.net + list resolvers 141.1.1.1 # cns1.cw.net + list resolvers 2001:470:20::2 # ordns.he.net + option anygw_mac "aa:aa:aa:%N1:%N2:aa" + option use_odhcpd false + +config lime 'wifi' + option ap_ssid 'ninux' + option apname_ssid 'ninux/%H' + option ieee80211s_mesh_fwding '0' + option ieee80211s_mesh_id 'LiMe' + +config lime-wifi-band '2ghz' + list modes 'ap' + list modes 'apname' + list modes 'ieee80211s' + option channel '11' + option distance '1000' + +config lime-wifi-band '5ghz' + list modes 'ap' + list modes 'apname' + list modes 'ieee80211s' + option distance '10000' + option htmode 'HT40' + option channel '48' + +config generic_uci_config prometheus + list uci_set "prometheus-node-exporter-lua.main.listen_interface=*" + list uci_set "prometheus-node-exporter-lua.main.listen_ipv6=0" + list uci_set "prometheus-node-exporter-lua.main.listen_port=9090" + +config run_asset prometheus_enable + option asset 'community/prometheus_enable' + option when 'ATFIRSTBOOT' + +config run_asset cron_reboot + option asset 'community/cron_reboot' + option when 'ATFIRSTBOOT' + +config generic_uci_config dropbear + list uci_set "dropbear.@dropbear[0].RootPasswordAuth=off" + +config run_asset wireguard_server + option asset 'community/wireguard_server' + option when 'ATFIRSTBOOT' diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-node b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-node new file mode 100644 index 0000000..7d01ca0 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/config/lime-node @@ -0,0 +1,9 @@ + +config lime 'system' +# option hostname 'ninux-%M4%M5%M6' + +config lime 'network' + +config lime 'wifi' +# option channel_5ghz '48' +# option distance_5ghz '8000' diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/dropbear/authorized_keys b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/dropbear/authorized_keys new file mode 100644 index 0000000..7bbd8cf --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/dropbear/authorized_keys @@ -0,0 +1,3 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQKltRbIX4D1akDOIQM+BrFQmWtRDQyojM9ZAwH87ju kiki@digitigrafo.it +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDwAsTNUxOjxe2FCeSZuoLU0ZmRvd6hOTN8885NoJTK00XdI5WZOUP9J42rGtRiWQ+rG29ZID33ALZCotS0PtLDg3LMOpJyOSluLhP1FeOsx0MzLhzFCBjfAUSUXqdTqLiFXbbNWdqYQO4XaAFbFEiMUyvsxdnVg59Uf5iLXh85dR7WUBE4AonNcfyxh7uSKOu2etUY/RpqnqFMzn068kHnDNlw6cSfJrAgLe7HAqhFiBls1/lofH/fDJqVmEjFhgaGAE59ELyg6fxhfqr5MiJD3CR6CetYxbZ6G9KKTuY9Vk8Vi3/lwFgv+0xcaMuxF4YYZ138w6fSRlhbwjPK1nnUZPFTMFbWOj95BlKXZWubIWz1bOVnJN+44CPyof2W5+2PhOq2U+TEkVwkJBCRX6LewwltPLtITWE3XZEjf7dGMtZOPF6Ue3ZCYKZls1112+pCPtIZfCS38FTQ6rJruFfh0BQFHHxlQerWwCaTd475N+KVpAU0Z6W0RmB3L5vKjRrnGTRbnUVS9hxYWQ6yDRUA76sircjKvZtKRYQJbhOEsFElLrh+4nOipL9ttLFNEux7SnKJdnXK9mgfHjd5skfs9uxjdgRhNkAsDFpKYdZ80NMLipsKSmeR/b80uL8Ng8935wvOxfFNchpLq3PgRvjiEgR4VesHdsmyeZbylsms9Q== agave@dracaena.it +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkVKuMvdWtExnsB2U2vF9DK4EUEwqiu92u34LU6MjavcvL6vSDu1D+jcFA4r+gVN667CMDcK/Biw/zByUW9pYh9Ynx7x+DGx2MyYbJ+9AQCJzb4X/QPxH/evVap9bOh6DjiWrZZ73kZ6yvVKm3N6+KZpUx2y4hC/NEtNJQ60/9upN6DuLPhi2h31A97ylCp+J4imrVKMTNWOPVleQXTmi93xiJqR+REOz3RM8F01WF42B+PQnkFrtubnvJ+CiHEdhVXiMhOt6x8rDrvrhAaqjn1fMUQU7ZA9pSMyya/qV+EmpYQYJkBncuIYxMi39+zcPjd6OXcGA3i/eQvlM4yC309rhUVcr+dxc8DOYcCXhUVo8hTa5vBELysnhCuSOWAgU7JVjJ+cUAZqEfckD9C6GXfcLKfXoRq6Hbb68Lixxoc38UFcSMPBJgSnoZKy0D1zdJWsNC+zwtedPreUDYQxFU9Ma9CB86iGGv7xYs4TnrljXklQ9t6uPEHO2LgSfidQy3ubHzCNVPtRHfIDnHi7HiaxmTHJ+EV9JLquuAxIhAivNk37jbMuhDDyaldSMR2yMr4aLm5oiR3K8CADhXY+Vu+6zW2G+mDPAtBey3+ftmK/IU2KE2UqA3Th3gNzIf0p37W/Ija1Twf3yBcYzRvln2hTx//TOzRY3DdfLiWQ56Bw== cricco@debian diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/cron_reboot b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/cron_reboot new file mode 100644 index 0000000..3474b4d --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/cron_reboot @@ -0,0 +1,3 @@ +!#/bin/sh +echo "30 3 * * * reboot" >> /etc/crontabs/root + diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/prometheus_enable b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/prometheus_enable new file mode 100644 index 0000000..636702e --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/prometheus_enable @@ -0,0 +1,5 @@ +!#/bin/sh + +[ -x /etc/init.d/prometheus-node-exporter-lua ] && + /etc/init.d/prometheus-node-exporter-lua enable +exit 0 diff --git a/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/wireguard_server b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/wireguard_server new file mode 100755 index 0000000..77ee209 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-generic/root/etc/lime-assets/community/wireguard_server @@ -0,0 +1,12 @@ +#!/bin/sh + +[ -f /etc/config/wireguard ] && + touch /etc/config/wireguard + uci set "wireguard.peer_1=wg0" + uci set "wireguard.peer_1.public_key=" + uci set "wireguard.peer_1.endpoint_host=" + uci set "wireguard.peer_1.endpoint_port=51800" + uci set "wireguard.peer_1.allowed_ips=192.168.0.0/16" + uci set "wireguard.peer_1.persistent_keepalive=25" + uci commit wireguard +exit 0 diff --git a/roles/stable/build/files/packages/vs-ninux-tiny/Makefile b/roles/stable/build/files/packages/vs-ninux-tiny/Makefile new file mode 100644 index 0000000..afc480f --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-tiny/Makefile @@ -0,0 +1,22 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=Tiny valsamoggia configuration +PROFILE_DEPENDS:= +lime-proto-babeld \ + +lime-proto-batadv \ + +lime-proto-anygw \ + +lime-proto-wan \ + +lime-hwd-openwrt-wan \ + +shared-state \ + +hotplug-initd-services \ + +shared-state-babeld_hosts \ + +shared-state-bat_hosts \ + +shared-state-dnsmasq_hosts \ + +shared-state-dnsmasq_leases \ + +shared-state-nodes_and_links \ + +check-date-http \ + +lime-app \ + +lime-hwd-ground-routing \ + +lime-debug + +include ../../profile.mk +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-ninux-tiny/root/etc/config/lime-community b/roles/stable/build/files/packages/vs-ninux-tiny/root/etc/config/lime-community new file mode 100644 index 0000000..31a34e3 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-tiny/root/etc/config/lime-community @@ -0,0 +1,60 @@ +config lime system + option hostname 'ninux-%M4%M5%M6' + option domain 'valsamoggia.ninux.org' + option keep_on_upgrade 'libremesh base-files-essential /etc/sysupgrade.conf' + option root_password_policy 'SET_SECRET' + option root_password_secret '$1$5OlrdoPc$q0p0th7CmSUuCBqsS2.6W.' + +config lime network + option primary_interface 'eth0' + option main_ipv4_address '10.170.128.0/16/17' + option anygw_dhcp_start '5120' + option anygw_dhcp_limit '27648' + option main_ipv6_address 'fd%N1:%N2%N3:%N4%N5::/64' + list protocols ieee80211s + list protocols lan + list protocols anygw + list protocols batadv:%N1 + list protocols babeld:17 + list resolvers 4.2.2.2 # b.resolvers.Level3.net + list resolvers 141.1.1.1 # cns1.cw.net + list resolvers 2001:470:20::2 # ordns.he.net + option anygw_mac "aa:aa:aa:%N1:%N2:aa" + option use_odhcpd false + +config lime 'wifi' + option ap_ssid 'ninux' + option apname_ssid 'ninux/%H' + option ieee80211s_mesh_fwding '0' + option ieee80211s_mesh_id 'LiMe' + +config lime-wifi-band '2ghz' + list modes 'ap' + list modes 'apname' + list modes 'ieee80211s' + option channel '11' + option distance '1000' + +config lime-wifi-band '5ghz' + list modes 'ap' + list modes 'apname' + list modes 'ieee80211s' + option distance '10000' + option htmode 'HT40' + option channel '48' + +config generic_uci_config prometheus + list uci_set "prometheus-node-exporter-lua.main.listen_interface=*" + list uci_set "prometheus-node-exporter-lua.main.listen_ipv6=0" + list uci_set "prometheus-node-exporter-lua.main.listen_port=9090" + +config run_asset prometheus_enable + option asset 'community/prometheus_enable' + option when 'ATFIRSTBOOT' + +config run_asset cron_reboot + option asset 'community/cron_reboot' + option when 'ATFIRSTBOOT' + +config generic_uci_config dropbear + list uci_set "dropbear.@dropbear[0].RootPasswordAuth=off" diff --git a/roles/stable/build/files/packages/vs-ninux-wg/Makefile b/roles/stable/build/files/packages/vs-ninux-wg/Makefile new file mode 100644 index 0000000..b248242 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-wg/Makefile @@ -0,0 +1,9 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=Valsamoggia wireguard +PROFILE_DEPENDS:=+wireguard-tools \ + +luci-app-wireguard \ + +luci-proto-wireguard +include ../../profile.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard new file mode 100755 index 0000000..6c0ae2f --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/init.d/wireguard @@ -0,0 +1,34 @@ +#!/bin/sh /etc/rc.common +# This is free software, licensed under the GNU General Public License v3. + +START=99 +USE_PROCD=1 + +start_service() { + config_load wireguard + config_load network + config_load firewall + + uci set firewall.wg_allow.dest_port="$(uci get wireguard.wg0.listen_port)" + + sed -i -r "s|^(PrivateKey =).*|\1 "$(uci get wireguard.wg0.private_key)"|g" /etc/wireguard/wg0.conf + sed -i -r "s|^(ListenPort =).*|\1 "$(uci get wireguard.wg0.listen_port)"|g" /etc/wireguard/wg0.conf + + # server + sed -i -r "s|^(PublicKey =).*|\1 "$(uci get wireguard.@wg0[0].public_key)"|g" /etc/wireguard/wg0.conf + sed -i -r "s|^(Endpoint =).*|\1 "$(uci get wireguard.@wg0[0].endpoint_host):$(uci get wireguard.@wg0[0].endpoint_port)"|g" /etc/wireguard/wg0.conf + sed -i -r "s|^(AllowedIPs =).*|\1 "$(uci get wireguard.@wg0[0].allowed_ips)"|g" /etc/wireguard/wg0.conf + sed -i -r "s|^(PersistentKeepalive =).*|\1 "$(uci get wireguard.@wg0[0].persistent_keepalive)"|g" /etc/wireguard/wg0.conf + + export ip=$(uci get network.lan.ipaddr) + export ip=${ip#*.*} + export ipCD=${ip#*.*} + + ip l d wg0 + ip l a wg0 type wireguard + ip a a 192.168.${ipCD}/16 dev wg0 + wg syncconf wg0 /etc/wireguard/wg0.conf + ip l set up wg0 + + /etc/init.d/network reload +} diff --git a/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-enable b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-enable new file mode 100644 index 0000000..036f25e --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-enable @@ -0,0 +1,7 @@ +!#/bin/sh + +touch /etc/config/wireguard + +[ -x /etc/init.d/wireguard ] && + /etc/init.d/wireguard enable +exit 0 diff --git a/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-firewall b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-firewall new file mode 100644 index 0000000..6c457e4 --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/uci-defaults/90_wg-firewall @@ -0,0 +1,36 @@ +#!/bin/sh + +uci set firewall.wg_allow="rule" +uci set firewall.wg_allow.src="*" +uci set firewall.wg_allow.target="ACCEPT" +uci set firewall.wg_allow.proto="udp" +uci set firewall.wg_allow.dest_port="51800" +uci set firewall.wg_allow.name="Allow-Wireguard-Inbound" + +# Add the firewall zone +uci add firewall zone +uci set firewall.@zone[-1].name='wg' +uci set firewall.@zone[-1].input='ACCEPT' +uci set firewall.@zone[-1].forward='ACCEPT' +uci set firewall.@zone[-1].output='ACCEPT' +uci set firewall.@zone[-1].masq='1' + +# Add the WG interface to it +uci set firewall.@zone[-1].network='wg0' + +# Forward WAN and LAN traffic to/from it +uci add firewall forwarding +uci set firewall.@forwarding[-1].src='wg' +uci set firewall.@forwarding[-1].dest='wan' +uci add firewall forwarding +uci set firewall.@forwarding[-1].src='wg' +uci set firewall.@forwarding[-1].dest='lan' +uci add firewall forwarding +uci set firewall.@forwarding[-1].src='lan' +uci set firewall.@forwarding[-1].dest='wg' +uci add firewall forwarding +uci set firewall.@forwarding[-1].src='wan' +uci set firewall.@forwarding[-1].dest='wg' + +uci commit firewall +/etc/init.d/firewall restart diff --git a/roles/stable/build/files/packages/vs-ninux-wg/root/etc/wireguard/wg0.conf b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/wireguard/wg0.conf new file mode 100644 index 0000000..56f317b --- /dev/null +++ b/roles/stable/build/files/packages/vs-ninux-wg/root/etc/wireguard/wg0.conf @@ -0,0 +1,9 @@ +[Interface] +PrivateKey = default +ListenPort = default + +[Peer] +PublicKey = default +Endpoint = default +AllowedIPs = default +PersistentKeepalive = default diff --git a/roles/stable/build/files/packages/vs-test/Makefile b/roles/stable/build/files/packages/vs-test/Makefile new file mode 100644 index 0000000..16e2bec --- /dev/null +++ b/roles/stable/build/files/packages/vs-test/Makefile @@ -0,0 +1,8 @@ +include $(TOPDIR)/rules.mk + +PROFILE_DESCRIPTION:=vs-test +PROFILE_DEPENDS:= +lime-system + +include ../../profile.mk + +# call BuildPackage - OpenWrt buildroot signature diff --git a/roles/stable/build/files/packages/vs-test/root/etc/uci-defaults/90_vs-test b/roles/stable/build/files/packages/vs-test/root/etc/uci-defaults/90_vs-test new file mode 100755 index 0000000..6df99cc --- /dev/null +++ b/roles/stable/build/files/packages/vs-test/root/etc/uci-defaults/90_vs-test @@ -0,0 +1,7 @@ +#!/bin/sh + +uci set "lime-node.system.domain=test" +uci set "lime-node.network.main_ipv4_address=10.%N1.128.1/16/17" +uci set "lime-node.wifi.ieee80211s_mesh_id=Test" +uci set "lime-node.wifi.ap_ssid=aa_test" +exit 0 diff --git a/roles/stable/build/handlers/main.yml b/roles/stable/build/handlers/main.yml new file mode 100644 index 0000000..2babce1 --- /dev/null +++ b/roles/stable/build/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: update and install feeds + shell: ./scripts/feeds update -a; ./scripts/feeds install -a + args: + chdir: "{{ openwrt_build_dir }}" diff --git a/roles/stable/build/tasks/conf_files_lime_mac.yml b/roles/stable/build/tasks/conf_files_lime_mac.yml new file mode 100644 index 0000000..f569c87 --- /dev/null +++ b/roles/stable/build/tasks/conf_files_lime_mac.yml @@ -0,0 +1,15 @@ +--- +- name: configure - profiles - Ensure selected profile device exist + file: + path: "{{ libremesh_profile_directory }}/{{ libremesh_profile_device }}/root/etc/config" + state: directory + +- name: configure - profiles - Add lime-mac files to profile device + ansible.posix.synchronize: + src: ../lime-mac/ + dest: "{{ libremesh_profile_directory }}/{{ libremesh_profile_device }}/root/etc/config" + +- name: configure - profiles - Install updated profiles + shell: ./scripts/feeds update profiles; ./scripts/feeds install -p profiles + args: + chdir: "{{ openwrt_build_dir }}" diff --git a/roles/stable/build/tasks/configure.yml b/roles/stable/build/tasks/configure.yml new file mode 100644 index 0000000..4960e78 --- /dev/null +++ b/roles/stable/build/tasks/configure.yml @@ -0,0 +1,18 @@ +--- +- name: configure - clean + include_tasks: configure_clean.yml + when: not skip_configure_clean + tags: + - configure_clean + +- name: configure - init + include_tasks: configure_init.yml + when: not skip_configure_init + tags: + - configure_init + +- name: configure - custom + include_tasks: configure_custom.yml + when: not skip_configure_custom + tags: + - configure_custom diff --git a/roles/stable/build/tasks/configure_clean.yml b/roles/stable/build/tasks/configure_clean.yml new file mode 100644 index 0000000..bcccea6 --- /dev/null +++ b/roles/stable/build/tasks/configure_clean.yml @@ -0,0 +1,21 @@ +--- +- name: configure - clean - stagin_dir/toolchain* + shell: + cmd: + # make config-clean; + rm -rf build_dir/toolchain*; + rm -rf staging_dir/toolchain*; + args: + chdir: "{{ openwrt_build_dir }}" + +- name: configure - clean - Clean info files + shell: + cmd: "rm -rf {{ openwrt_build_dir }}/tmp/info/.files-packageinfo.mk; + rm -rf {{ openwrt_build_dir }}/tmp/info/.files-targetinfo.mk;" + args: + chdir: "{{ openwrt_build_dir }}" + +- name: configure - clean - Remove .config + file: + path: "{{ openwrt_build_dir }}/.config" + state: absent diff --git a/roles/stable/build/tasks/configure_custom.yml b/roles/stable/build/tasks/configure_custom.yml new file mode 100644 index 0000000..1c02f43 --- /dev/null +++ b/roles/stable/build/tasks/configure_custom.yml @@ -0,0 +1,11 @@ +--- +- name: configure - Apply custom configs + blockinfile: + path: "{{ openwrt_build_dir }}/.config" + block: "{{ lookup('ansible.builtin.template', 'default_config.j2') }}" + +- name: configure - Expand to full config via make defconfig + shell: "cd {{ openwrt_build_dir }}; make defconfig" + +- name: configure - Diffconfig to configs/custom_config_{{openwrt_target}}_{{ openwrt_subtarget}} + shell: "cd {{ openwrt_build_dir }}; ./scripts/diffconfig.sh > configs/custom_config_{{openwrt_target}}_{{ openwrt_subtarget}}" diff --git a/roles/stable/build/tasks/configure_init.yml b/roles/stable/build/tasks/configure_init.yml new file mode 100644 index 0000000..e7bbdca --- /dev/null +++ b/roles/stable/build/tasks/configure_init.yml @@ -0,0 +1,16 @@ +--- +- name: configure - Initialize .config + shell: "cd {{ openwrt_build_dir }}; rm .config; make defconfig" + +- name: configure - Append target .config + blockinfile: + path: "{{ openwrt_build_dir }}/.config" + block: "{{ lookup('ansible.builtin.template', 'default_target_config.j2') }}" + +- name: configure - Expand to full config + shell: "cd {{ openwrt_build_dir }}; make defconfig" + +- name: configure - Copy .config to configs/default_config_{{openwrt_target}}_{{ openwrt_subtarget}} + shell: "cd {{ openwrt_build_dir }}; \ + mkdir configs; \ + cp .config configs/default_config_{{openwrt_target}}_{{ openwrt_subtarget}}" diff --git a/roles/stable/build/tasks/init_vars.yml b/roles/stable/build/tasks/init_vars.yml new file mode 100644 index 0000000..bde7913 --- /dev/null +++ b/roles/stable/build/tasks/init_vars.yml @@ -0,0 +1,35 @@ +--- +- name: preflight - {{item}} - Define ip_host + shell: + cmd: echo "$(../roles/stable/build/files/mac56-to-ip_host.sh {{ item }} --start-from 128)" + register: ip_host + delegate_to: localhost + +- name: preflight - {{item}} - Save ip_host + blockinfile: + path: ../host_vars/{{ item }}.yml + block: "ip_host: {{ ip_host.stdout }}" + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} utils" + create: yes + delegate_to: localhost + +- name: preflight - {{item}} - Init host_vars common + blockinfile: + path: ../host_vars/{{ item }}.yml + block: | + hostname: {{ hostvars[item].hostname }} + lime_mac: {{ item }} + main_ipv4_address: {{ ip_network }}.{{ ip_host.stdout }}{{ ip_netmask }} + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} common" + create: yes + delegate_to: localhost + +- name: preflight - {{item}} - Init host_vars config + blockinfile: + path: ../host_vars/{{ item }}.yml + block: | + config_lime_system: option hostname '{{ hostvars[item].hostname }}' + config_lime_wifi: option channel_5ghz '{% if hostvars[item].channel_5ghz is defined %}{{ hostvars[item].channel_5ghz }}{% else %}{{ default_channel_5ghz }}{% endif %}' + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} config" + create: yes + delegate_to: localhost diff --git a/roles/stable/build/tasks/init_wg_vars.yml b/roles/stable/build/tasks/init_wg_vars.yml new file mode 100644 index 0000000..c048ce4 --- /dev/null +++ b/roles/stable/build/tasks/init_wg_vars.yml @@ -0,0 +1,38 @@ +--- +- name: preflight - {{item}} - generate privatekey + shell: + cmd: echo $(wg genkey) + register: wg_privatekey + delegate_to: localhost + when: hostvars[item].vpn_wg0_privatekey is not defined + +- name: preflight - {{item}} - generate publickey + shell: + cmd: echo $(echo {{ wg_privatekey.stdout }} | wg pubkey) + register: wg_publickey + delegate_to: localhost + when: hostvars[item].vpn_wg0_publickey is not defined + +- name: preflight - {{item}} - generate presharedkey + shell: + cmd: wg genpsk + register: wg_presharedkey + delegate_to: localhost + when: hostvars[item].vpn_wg0_presharedkey is not defined + +- name: preflight - {{item}} - Init host_vars wireguard + blockinfile: + path: ../host_vars/{{ item }}.yml + block: | + vpn_wg0_privatekey: {% if hostvars[item].vpn_wg0_privatekey is defined %}{{ hostvars[item].vpn_wg0_privatekey}}{%else%}{{wg_privatekey.stdout}}{%endif%} + + vpn_wg0_publickey: {% if hostvars[item].vpn_wg0_publickey is defined %}{{ hostvars[item].vpn_wg0_publickey}}{%else%}{{wg_publickey.stdout}}{%endif%} + + vpn_wg0_presharedkey: {% if hostvars[item].vpn_wg0_presharedkey is defined %}{{hostvars[item].vpn_wg0_presharedkey}}{%else%}{{wg_presharedkey.stdout}}{%endif%} + + vpn_wg0_listenport: {{ default_vpn_wg0_listenport }} + vpn_wg0_address: {{ vpn_wg0_network }}.{{ hostvars[item].ip_host }}{{ vpn_wg0_netmask }} + + marker: "# {mark} ANSIBLE MANAGED BLOCK {{ item }} vpn wireguard wg0" + delegate_to: localhost + when: hostvars[item].vpn_wg0_privatekey is not defined diff --git a/roles/stable/build/tasks/install_feeds_libremesh.yml b/roles/stable/build/tasks/install_feeds_libremesh.yml new file mode 100644 index 0000000..c8d6358 --- /dev/null +++ b/roles/stable/build/tasks/install_feeds_libremesh.yml @@ -0,0 +1,7 @@ +--- +- name: install feeds - libremesh - Add Libremesh feeds + blockinfile: + path: "{{ openwrt_build_dir }}/feeds.conf" + block: "{{ libremesh_feeds }}" + register: feeds + notify: "update and install feeds" diff --git a/roles/stable/build/tasks/install_feeds_packages.yml b/roles/stable/build/tasks/install_feeds_packages.yml new file mode 100644 index 0000000..d963539 --- /dev/null +++ b/roles/stable/build/tasks/install_feeds_packages.yml @@ -0,0 +1,7 @@ +--- +- name: install feeds - packages - Add local packages + ansible.posix.synchronize: + src: packages/ + dest: "{{ libremesh_profile_directory }}/" + delete: yes + notify: "update and install feeds" diff --git a/roles/stable/build/tasks/install_openwrt.yml b/roles/stable/build/tasks/install_openwrt.yml new file mode 100644 index 0000000..8b0557e --- /dev/null +++ b/roles/stable/build/tasks/install_openwrt.yml @@ -0,0 +1,23 @@ +--- +- name: install - openwrt - Requirements + include_tasks: install_openwrt_requirements.yml + +- name: install - openwrt - Check if openwrt_build_dir is present + stat: + path: "{{ openwrt_build_dir }}" + register: openwrt_build_dir_initialized + +- name: install - openwrt - Clone openwrt + git: + repo: https://git.openwrt.org/openwrt/openwrt.git + dest: "{{ openwrt_build_dir }}" + single_branch: yes + version: "{{ openwrt_version_tag }}" + when: not openwrt_build_dir_initialized.stat.exists + +- name: install - openwrt - cp feeds.conf.default feeds.conf + shell: + cmd: cp feeds.conf.default feeds.conf + args: + chdir: "{{ openwrt_build_dir }}" + notify: "update and install feeds" diff --git a/roles/stable/build/tasks/install_openwrt_requirements.yml b/roles/stable/build/tasks/install_openwrt_requirements.yml new file mode 100644 index 0000000..06219ce --- /dev/null +++ b/roles/stable/build/tasks/install_openwrt_requirements.yml @@ -0,0 +1,35 @@ +--- +- name: install - openwrt - Install openwrt build system requirements + become: yes + ansible.builtin.apt: + update_cache: yes + state: present + pkg: + - build-essential + - ccache + - ecj + - fastjar + - file + - g++ + - gawk + - gettext + - git + - java-propose-classpath + - libelf-dev + - libncurses5-dev + - libncursesw5-dev + - libssl-dev + - python + - python2.7-dev + - python3 + - unzip + - wget + - python3-distutils-extra + - python3-setuptools + - python3-dev + - rsync + - subversion + - swig + - time + - xsltproc + - zlib1g-dev diff --git a/roles/stable/build/tasks/main.yml b/roles/stable/build/tasks/main.yml new file mode 100644 index 0000000..4d2c02e --- /dev/null +++ b/roles/stable/build/tasks/main.yml @@ -0,0 +1,49 @@ +--- +- name: preflight + include_tasks: preflight.yml + when: not skip_preflight + tags: + - preflight + +- name: install - openwrt + include_tasks: install_openwrt.yml + when: not skip_openwrt_install + tags: + - openwrt_install + +- name: install - libremesh + include_tasks: install_feeds_libremesh.yml + when: not skip_libremesh_install + tags: + - libremesh_install + +- name: install - packages + include_tasks: install_feeds_packages.yml + tags: + - feeds_packages + +- name: Flush handlers + meta: flush_handlers + +- name: conf-files - lime mac + include_tasks: conf_files_lime_mac.yml + tags: + - conf_files_lime_mac + +- name: configure + include_tasks: configure.yml + tags: + - configure + +- name: build - Build + shell: make -j $(nproc) download world EXTRA_IMAGE_NAME="{{openwrt_extra_image_name}}" + args: + chdir: "{{ openwrt_build_dir }}" + tags: + - openwrt_build + +- name: webserver + include_tasks: webserver.yml + when: not skip_webserver_update + tags: + - webserver diff --git a/roles/stable/build/tasks/preflight.yml b/roles/stable/build/tasks/preflight.yml new file mode 100644 index 0000000..81d912e --- /dev/null +++ b/roles/stable/build/tasks/preflight.yml @@ -0,0 +1,21 @@ +--- +- name: preflight - Init host_vars common + include_tasks: init_vars.yml + loop: "{{ groups['mesh_devices'] }}" + when: hostvars[item].ip_host is not defined + +- name: preflight - Init host_vars vpn wireguard + include_tasks: init_wg_vars.yml + loop: "{{ groups['mesh_devices'] }}" + when: with_wireguard and hostvars[item].vpn_wg0_privatekey is not defined + +- name: preflight - Generate lime-mac files + template: + src: lime_mac.j2 + dest: "../lime-mac/{{ hostvars[item].lime_mac }}" + loop: "{{ groups['mesh_devices'] }}" + delegate_to: localhost + +- name: preflight - Add wireguard keys to server + include_tasks: vpn_wg_server.yml + when: with_wireguard diff --git a/roles/stable/build/tasks/vpn_wg_server.yml b/roles/stable/build/tasks/vpn_wg_server.yml new file mode 100644 index 0000000..ec2ac6d --- /dev/null +++ b/roles/stable/build/tasks/vpn_wg_server.yml @@ -0,0 +1,16 @@ +--- +- name: wg-server - Add peers to wg server + become: yes + blockinfile: + path: "/etc/wireguard/wg1.conf" + block: "{{ lookup('ansible.builtin.template', 'vpn_wg_peer.j2') }}" + delegate_to: "{{ hostvars[groups['wg_server'][0]].inventory_hostname }}" + loop: "{{ groups['mesh_devices'] }}" + +- name: wg-server - Make sure Wireguard Service is running + become: yes + service: + name: wg-quick@wg1 + state: restarted + enabled: yes + delegate_to: "{{ hostvars[groups['wg_server'][0]].inventory_hostname }}" diff --git a/roles/stable/build/tasks/webserver.yml b/roles/stable/build/tasks/webserver.yml new file mode 100644 index 0000000..89ee853 --- /dev/null +++ b/roles/stable/build/tasks/webserver.yml @@ -0,0 +1,10 @@ +--- +- name: webserver - Rsync build directories + become: yes + shell: + cmd: rsync -d {{ openwrt_dir }}/* {{ webui_path }} --delete + +- name: webserver - Create symbolic links for all targets + become: yes + shell: + cmd: for path in $(ls {{ openwrt_dir }}); do ln -s -f {{ openwrt_dir }}/${path}/bin/targets/* {{ webui_path }}/${path}/; done; diff --git a/roles/stable/build/templates/default_config.j2 b/roles/stable/build/templates/default_config.j2 new file mode 100644 index 0000000..10100be --- /dev/null +++ b/roles/stable/build/templates/default_config.j2 @@ -0,0 +1,15 @@ +# CONFIG_PACKAGE_dnsmasq is not set +# CONFIG_PACKAGE_ppp is not set +# CONFIG_PACKAGE_odhcpd-ipv6only is not set + +{{ target_configs }} + +{{ unstable_defaults }} + +{% if with_wireguard %} +CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-wg=y +{% else %} +# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-wg is not set +{% endif %} + +# CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-fastd is not set diff --git a/roles/stable/build/templates/default_target_config.j2 b/roles/stable/build/templates/default_target_config.j2 new file mode 100644 index 0000000..f5e6d69 --- /dev/null +++ b/roles/stable/build/templates/default_target_config.j2 @@ -0,0 +1,12 @@ +CONFIG_USES_SQUASHFS=y +CONFIG_TARGET_ROOTFS_SQUASHFS=y +# CONFIG_TARGET_ROOTFS_EXT4FS is not set +# CONFIG_TARGET_IMAGES_GZIP is not set + +CONFIG_TARGET_{{ openwrt_target }}=y +CONFIG_TARGET_MULTI_PROFILE=y +CONFIG_TARGET_{{ openwrt_target }}_{{ openwrt_subtarget }}=y + +{% for device in openwrt_devices %} +CONFIG_TARGET_DEVICE_{{ openwrt_target }}_{{ openwrt_subtarget }}_DEVICE_{{ device }}=y +{% endfor %} diff --git a/roles/stable/build/templates/lime_mac.j2 b/roles/stable/build/templates/lime_mac.j2 new file mode 100644 index 0000000..68fce2f --- /dev/null +++ b/roles/stable/build/templates/lime_mac.j2 @@ -0,0 +1,22 @@ +config lime system +{% if hostvars[item].config_lime_system is defined %} + {{ hostvars[item].config_lime_system }} +{% endif %} + +config lime network +{% if hostvars[item].config_lime_network is defined %} + {{ hostvars[item].config_lime_network }} +{% endif %} + +config lime wifi +{% if hostvars[item].config_lime_wifi is defined %} + {{ hostvars[item].config_lime_wifi }} +{% endif %} + +{% if with_wireguard %} +config generic_uci_config wireguard + list uci_set "wireguard.wg0=interface" + list uci_set "wireguard.wg0.address={{ hostvars[item].vpn_wg0_address }}" + list uci_set "wireguard.wg0.private_key={{ hostvars[item].vpn_wg0_privatekey }}" + list uci_set "wireguard.wg0.listen_port={{ hostvars[item].vpn_wg0_listenport }}" +{% endif %} diff --git a/roles/stable/build/templates/vpn_wg_peer.j2 b/roles/stable/build/templates/vpn_wg_peer.j2 new file mode 100644 index 0000000..267fd34 --- /dev/null +++ b/roles/stable/build/templates/vpn_wg_peer.j2 @@ -0,0 +1,9 @@ +{% for device in groups['mesh_devices'] %} + +[Peer] +# {{ hostvars[device].hostname }} +PublicKey = {{ hostvars[device].vpn_wg0_publickey }} +Endpoint = 0.0.0.0:51800 +AllowedIPs = {{ vpn_wg0_network }}.{{ hostvars[device].ip_host }}/32 + +{% endfor %} diff --git a/roles/stable/dnsmasq/handlers/main.yml b/roles/stable/dnsmasq/handlers/main.yml new file mode 100644 index 0000000..6697c78 --- /dev/null +++ b/roles/stable/dnsmasq/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart dnsmasq + service: + name: dnsmasq + state: restarted + tags: dnsmasq diff --git a/roles/stable/dnsmasq/tasks/main.yml b/roles/stable/dnsmasq/tasks/main.yml new file mode 100644 index 0000000..b568d2f --- /dev/null +++ b/roles/stable/dnsmasq/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Install Dnsmasq + package: + name: dnsmasq + state: present + tags: dnsmasq + +- name: Set configuration file + template: + src: etc_dnsmasq.conf.j2 + dest: /etc/dnsmasq.conf + validate: 'dnsmasq --test --conf-file=%s' + notify: restart dnsmasq + tags: dnsmasq + +- name: Make sure Dnsmasq is running + service: + name: dnsmasq + state: started + enabled: yes + tags: dnsmasq diff --git a/roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2 b/roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2 new file mode 100644 index 0000000..433e1be --- /dev/null +++ b/roles/stable/dnsmasq/templates/etc_dnsmasq.conf.j2 @@ -0,0 +1,57 @@ +# Dnsmasq configuration +# {{ ansible_managed }} + +{% if dnsmasq_listen_address is defined %} +listen-address={{ dnsmasq_listen_address }} +{% endif %} +{% if dnsmasq_interface is defined %} +interface={{ dnsmasq_interface }} +{% endif %} +{% if dnsmasq_port is defined %} +port={{ dnsmasq_port }} + +{% endif %} +{% if dnsmasq_domain_needed %} +domain-needed +{% endif %} +{% if dnsmasq_bogus_priv %} +bogus-priv +{% endif %} + +{% if dnsmasq_resolv_file is defined %} +resolv-file={{ dnsmasq_resolv_file }} + +{% endif %} +{% if dnsmasq_addn_hosts is defined %} +addn-hosts={{ dnsmasq_addn_hosts }} + +{% endif %} +{% if dnsmasq_expand_hosts %} +expand-hosts +{% endif %} +{% if dnsmasq_domain is defined %} +domain={{ dnsmasq_domain }} +{% endif %} +{% if dnsmasq_no_resolv is defined %} +no-resolv +{% endif %} + +{% if dnsmasq_upstream_servers is defined %} +{% if dnsmasq_upstream_servers is iterable %} +{% for host in dnsmasq_upstream_servers %} +server={{ host }} +{% endfor %} +{% else %} +server={{ dnsmasq_upstream_servers }} +{% endif %} +{% endif %} + +{% if dnsmasq_force_address is defined %} +{% if dnsmasq_force_address is iterable %} +{% for address in dnsmasq_force_address %} +address={{ address }} +{% endfor %} +{% endif %} +{% endif %} + +conf-dir=/etc/dnsmasq.d diff --git a/roles/stable/dnsmasq/vars/main.yml b/roles/stable/dnsmasq/vars/main.yml new file mode 100644 index 0000000..b4ebb63 --- /dev/null +++ b/roles/stable/dnsmasq/vars/main.yml @@ -0,0 +1,19 @@ +# roles/dnsmasq/defaults/main.yml +--- +dnsmasq_listen_address: "{{ ansible_host }}" +dnsmasq_interface: wg0 +# dnsmasq_port: + +dnsmasq_domain_needed: false +dnsmasq_bogus_priv: true +dnsmasq_expand_hosts: false +dnsmasq_no_resolv: true + +dnsmasq_upstream_servers: + - '10.170.0.1' + +dnsmasq_force_address: + - '/ada/10.0.0.5' + - '/*.ada/10.0.0.5' + - '/belvedere/10.0.0.10' + - '/belvedere-vs/10.0.0.11' diff --git a/roles/stable/monitoring/alertmanager/tasks/main.yml b/roles/stable/monitoring/alertmanager/tasks/main.yml new file mode 100644 index 0000000..7f1603a --- /dev/null +++ b/roles/stable/monitoring/alertmanager/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Install alertmanager + ansible.builtin.import_role: + name: cloudalchemy.alertmanager + vars: + alertmanager_version: latest + alertmanager_receivers: + - name: email + email_configs: + - send_resolved: true + to: "{{ maintainer_emails }}" + - name: email_telegram_valli + email_configs: + - send_resolved: true + to: "{{ maintainer_emails }}" + telegram_configs: + - send_resolved: true + bot_token: "{{ telegram_bot_token }}" + api_url: "https://api.telegram.org" + chat_id: "{{ telegram_chat_id }}" + parse_mode: "HTML" + alertmanager_route: + group_by: ['alertname', 'cluster', 'service'] + group_wait: 30s + group_interval: 5m + repeat_interval: 1d + receiver: email_telegram_valli + routes: + - match: + alertname: Watchdog + receiver: email + continue: false + repeat_interval: 1w + alertmanager_smtp: + from: "{{ smtp_from }}" + smarthost: "{{ smtp_smarthost }}" + auth_username: "{{ smtp_auth_username }}" + auth_password: "{{ smtp_auth_password }}" + auth_secret: '' + auth_identity: '' + require_tls: "True" diff --git a/roles/stable/monitoring/blackbox_exporter/tasks/main.yml b/roles/stable/monitoring/blackbox_exporter/tasks/main.yml new file mode 100644 index 0000000..9e8b49c --- /dev/null +++ b/roles/stable/monitoring/blackbox_exporter/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- name: Install Blackbox Exporter + include_role: + name: cloudalchemy.blackbox-exporter diff --git a/roles/stable/monitoring/blackbox_exporter/vars/main.yml b/roles/stable/monitoring/blackbox_exporter/vars/main.yml new file mode 100644 index 0000000..f18c2c2 --- /dev/null +++ b/roles/stable/monitoring/blackbox_exporter/vars/main.yml @@ -0,0 +1,47 @@ +--- +blackbox_exporter_version: 0.22.0 # 0.22.0 / 2022-08-02 +blackbox_exporter_web_listen_address: "0.0.0.0:9115" +blackbox_exporter_cli_flags: {} +blackbox_exporter_configuration_modules: + http_2xx_head: + http: + method: HEAD + follow_redirects: true + fail_if_ssl: false + fail_if_not_ssl: false + tls_config: + insecure_skip_verify: true + ip_protocol_fallback: false + preferred_ip_protocol: ip4 + valid_http_versions: + - HTTP/1.1 + - HTTP/2.0 + valid_status_codes: + - 200 + - 204 + prober: http + timeout: 15s + http_2xx_get: + http: + method: GET + follow_redirects: true + fail_if_ssl: false + fail_if_not_ssl: false + tls_config: + insecure_skip_verify: true + ip_protocol_fallback: false + preferred_ip_protocol: ip4 + valid_http_versions: + - HTTP/1.1 + - HTTP/2.0 + valid_status_codes: + - 200 + - 204 + - 302 # Found + prober: http + timeout: 15s + icmp: + prober: icmp + timeout: 5s + icmp: + preferred_ip_protocol: "ip4" diff --git a/roles/stable/monitoring/prometheus/tasks/main.yml b/roles/stable/monitoring/prometheus/tasks/main.yml new file mode 100644 index 0000000..b25b2dc --- /dev/null +++ b/roles/stable/monitoring/prometheus/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Install Prometheus + ansible.builtin.import_role: + name: cloudalchemy.prometheus + +- name: Ensure Prometheus Service is running + service: + name: prometheus + state: restarted + enabled: yes + +- name: Ensure a job that reboot every 6 hours exists. + ansible.builtin.cron: + name: "reboot every 6 hours" + minute: "0" + hour: "*/6" + job: "/sbin/reboot" diff --git a/roles/stable/monitoring/prometheus/vars/main.yml b/roles/stable/monitoring/prometheus/vars/main.yml new file mode 100644 index 0000000..ef2b1d4 --- /dev/null +++ b/roles/stable/monitoring/prometheus/vars/main.yml @@ -0,0 +1,223 @@ +--- +prometheus_version: 2.37.0 # LTS +prometheus_binary_local_dir: '' # default /usr/local/bin +prometheus_skip_install: false + +prometheus_config_dir: /etc/prometheus +prometheus_db_dir: /var/lib/prometheus +prometheus_read_only_dirs: [] + +prometheus_web_listen_address: "0.0.0.0:9090" +prometheus_web_external_url: '' +# See https://github.com/prometheus/exporter-toolkit/blob/master/docs/web-configuration.md + +prometheus_storage_retention: "30d" +# Available since Prometheus 2.7.0 +# [EXPERIMENTAL] Maximum number of bytes that can be stored for blocks. Units +# supported: KB, MB, GB, TB, PB. +prometheus_storage_retention_size: "0" + +# Alternative config file name, searched in ansible templates path. +prometheus_config_file: 'prometheus.yml.j2' + +prometheus_targets: "{{ all_targets }}" + +prometheus_alertmanager_config: + - static_configs: + - targets: + - localhost:9093 + +prometheus_scrape_configs: + - job_name: "prometheus" + metrics_path: "{{ prometheus_metrics_path }}" + static_configs: + - targets: + - "{{ ansible_fqdn | default(ansible_host) | default('localhost') }}:9090" + - job_name: "node" + file_sd_configs: + - files: + - "{{ prometheus_config_dir }}/file_sd/node.yml" + + - job_name: 'blackbox-external-targets' + metrics_path: /probe + params: + module: [http_2xx_head] + static_configs: + - targets: + - https://www.google.com + - https://www.ripe.net + relabel_configs: "{{ blackbox_relabel_configs }}" + + - job_name: 'blackbox-server_head' + metrics_path: /probe + params: + module: [http_2xx_head] + static_configs: + - targets: + - https://ada + relabel_configs: "{{ blackbox_relabel_configs }}" + + - job_name: 'blackbox-server_get' + metrics_path: /probe + params: + module: [http_2xx_get] + static_configs: + - targets: + - https://torrent.ada/ + relabel_configs: "{{ blackbox_relabel_configs }}" + + - job_name: 'blackbox-ping-external' + metrics_path: /probe + params: + module: [icmp] + static_configs: + - targets: + - 1.1.1.1 + - 8.8.8.8 + - 4.2.2.2 + relabel_configs: "{{ blackbox_relabel_configs }}" + + - job_name: 'blackbox-ping-internal' + file_sd_configs: + - files: + - "{{ prometheus_config_dir }}/file_sd/blackbox_ping_internal.yml" + metrics_path: /probe + params: + module: [icmp] + relabel_configs: "{{ blackbox_relabel_configs }}" + +prometheus_alert_rules: + - alert: Watchdog + expr: vector(1) + for: 10m + labels: + severity: warning + annotations: + description: "This is an alert meant to ensure that the entire alerting pipeline is functional.\nThis alert is always firing, therefore it should always be firing in Alertmanager\nand always fire against a receiver. There are integrations with various notification\nmechanisms that send a notification when this alert is not firing. For example the\n\"DeadMansSnitch\" integration in PagerDuty." + summary: 'Ensure entire alerting pipeline is functional' + - alert: NodeDown + expr: "up{job=\"node\", alert=\"yes\"} == 0" + for: 5m + labels: + severity: critical + annotations: + description: '{% raw %}{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.{% endraw %}' + summary: '{% raw %}Instance {{ $labels.instance }} down{% endraw %}' + - alert: ToolDown + expr: "probe_success{job=\"blackbox-ping-internal\"} == 0" + for: 5m + labels: + severity: critical + annotations: + description: '{% raw %}{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.{% endraw %}' + summary: '{% raw %}Instance {{ $labels.instance }} down{% endraw %}' + - alert: RebootRequired + expr: 'node_reboot_required > 0' + labels: + severity: warning + annotations: + description: '{% raw %}{{ $labels.instance }} requires a reboot.{% endraw %}' + summary: '{% raw %}Instance {{ $labels.instance }} - reboot required{% endraw %}' + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up.{% endraw %}' + summary: 'Filesystem is predicted to run out of space within the next 24 hours.' + expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: warning + - alert: NodeFilesystemSpaceFillingUp + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left and is filling up fast.{% endraw %}' + summary: 'Filesystem is predicted to run out of space within the next 4 hours.' + expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}' + summary: 'Filesystem has less than 5% space left.' + expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfSpace + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available space left.{% endraw %}' + summary: 'Filesystem has less than 3% space left.' + expr: "(\n node_filesystem_avail_bytes{job=\"node\",fstype!=\"\"} / node_filesystem_size_bytes{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: critical + - alert: NodeFilesystemFilesFillingUp + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up.{% endraw %}' + summary: 'Filesystem is predicted to run out of inodes within the next 24 hours.' + expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 40\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 24*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: warning + - alert: NodeFilesystemFilesFillingUp + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left and is filling up fast.{% endraw %}' + summary: 'Filesystem is predicted to run out of inodes within the next 4 hours.' + expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 20\nand\n predict_linear(node_filesystem_files_free{job=\"node\",fstype!=\"\"}[6h], 4*60*60) < 0\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: critical + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}' + summary: 'Filesystem has less than 5% inodes left.' + expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 5\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: warning + - alert: NodeFilesystemAlmostOutOfFiles + annotations: + description: '{% raw %}Filesystem on {{ $labels.device }} at {{ $labels.instance }} has only {{ printf "%.2f" $value }}% available inodes left.{% endraw %}' + summary: 'Filesystem has less than 3% inodes left.' + expr: "(\n node_filesystem_files_free{job=\"node\",fstype!=\"\"} / node_filesystem_files{job=\"node\",fstype!=\"\"} * 100 < 3\nand\n node_filesystem_readonly{job=\"node\",fstype!=\"\"} == 0\n)\n" + for: 1h + labels: + severity: critical + - alert: NodeNetworkReceiveErrs + annotations: + description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} receive errors in the last two minutes.{% endraw %}' + summary: 'Network interface is reporting many receive errors.' + expr: "increase(node_network_receive_errs_total[2m]) > 10\n" + for: 1h + labels: + severity: warning + - alert: NodeNetworkTransmitErrs + annotations: + description: '{% raw %}{{ $labels.instance }} interface {{ $labels.device }} has encountered {{ printf "%.0f" $value }} transmit errors in the last two minutes.{% endraw %}' + summary: 'Network interface is reporting many transmit errors.' + expr: "increase(node_network_transmit_errs_total[2m]) > 10\n" + for: 1h + labels: + severity: warning + - alert: NodeHighNumberConntrackEntriesUsed + annotations: + description: '{% raw %}{{ $value | humanizePercentage }} of conntrack entries are used{% endraw %}' + summary: 'Number of conntrack are getting close to the limit' + expr: "(node_nf_conntrack_entries / node_nf_conntrack_entries_limit) > 0.75\n" + labels: + severity: warning + - alert: NodeClockSkewDetected + annotations: + message: '{% raw %}Clock on {{ $labels.instance }} is out of sync by more than 300s. Ensure NTP is configured correctly on this host.{% endraw %}' + summary: 'Clock skew detected.' + expr: "(\n node_timex_offset_seconds > 0.05\nand\n deriv(node_timex_offset_seconds[5m]) >= 0\n)\nor\n(\n node_timex_offset_seconds < -0.05\nand\n deriv(node_timex_offset_seconds[5m]) <= 0\n)\n" + for: 10m + labels: + severity: warning + - alert: NodeClockNotSynchronising + annotations: + message: '{% raw %}Clock on {{ $labels.instance }} is not synchronising. Ensure NTP is configured on this host.{% endraw %}' + summary: 'Clock not synchronising.' + expr: "min_over_time(node_timex_sync_status[5m]) == 0\n" + for: 10m + labels: + severity: warning diff --git a/roles/stable/nginx/defaults/main.yml b/roles/stable/nginx/defaults/main.yml new file mode 100644 index 0000000..f31adce --- /dev/null +++ b/roles/stable/nginx/defaults/main.yml @@ -0,0 +1,6 @@ +--- +reverse_services: [] +fpm_services: [] +with_certbot: false +with_ssl: false +with_distributed_certificates: false diff --git a/roles/stable/nginx/tasks/certbot.yml b/roles/stable/nginx/tasks/certbot.yml new file mode 100644 index 0000000..e66f959 --- /dev/null +++ b/roles/stable/nginx/tasks/certbot.yml @@ -0,0 +1,23 @@ +--- +- name: Install snapd + become: yes + apt: + pkg: ['snapd'] + +- name: Install snap core + become: yes + snap: + name: core + +- name: Install cerbot via snap + become: yes + snap: + name: certbot + classic: yes + +- name: Generate certificate if needed + become: yes + command: /snap/bin/certbot --nginx --non-interactive --agree-tos --expand + --domains {{ fpm_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }} + {{ reverse_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }} + --email {{certbot_email}} diff --git a/roles/stable/nginx/tasks/certificates.yml b/roles/stable/nginx/tasks/certificates.yml new file mode 100644 index 0000000..87d688b --- /dev/null +++ b/roles/stable/nginx/tasks/certificates.yml @@ -0,0 +1,38 @@ +--- +- name: Create tmp certificates directory + file: + path: ./tmp/{{ hostvars['ada'].inventory_hostname }} + state: directory + delegate_to: localhost + +- name: Create certificates directory + file: + path: /etc/nginx/certs + state: directory + +- name: Copy crt from CA + ansible.builtin.fetch: + src: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/ada.crt + dest: ./tmp/{{ hostvars['ada'].inventory_hostname }}/ + flat: yes + delegate_to: "{{ item }}" + loop: "{{ groups['ca'] }}" + +- name: Copy key from CA + ansible.builtin.fetch: + src: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/ada.key + dest: ./tmp/{{ hostvars['ada'].inventory_hostname }}/ + flat: yes + delegate_to: "{{ item }}" + loop: "{{ groups['ca'] }}" + +- name: Copy to belvedere + ansible.builtin.copy: + src: ./tmp/{{ hostvars['ada'].inventory_hostname }}/ + dest: /etc/nginx/certs/{{ hostvars['ada'].inventory_hostname }}/ + +- name: Delete tmp + file: + path: ./tmp/ + state: absent + delegate_to: localhost diff --git a/roles/stable/nginx/tasks/main.yml b/roles/stable/nginx/tasks/main.yml new file mode 100644 index 0000000..06b5a82 --- /dev/null +++ b/roles/stable/nginx/tasks/main.yml @@ -0,0 +1,78 @@ +--- +- name: Install NGINX + become: yes + apt: + name: nginx + +- name: Default Configuration + become: yes + template: + src: default.j2 + dest: /etc/nginx/sites-available/default + +- name: Link Default NGINX Configuration + become: yes + file: + src: "/etc/nginx/sites-available/default" + dest: "/etc/nginx/sites-enabled/default" + state: link + +- name: Configure Reverse Proxies + become: yes + template: + src: reverse_proxy.conf.j2 + dest: /etc/nginx/sites-available/{{item.server_name}}.conf + loop: "{{ reverse_services }}" + +- name: Link NGINX Reverse Proxies + become: yes + file: + src: "/etc/nginx/sites-available/{{item.server_name}}.conf" + dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf" + state: link + loop: "{{ reverse_services }}" + +- name: Configure FPM Services + become: yes + template: + src: fpm_service.conf.j2 + dest: /etc/nginx/sites-available/{{item.server_name}}.conf + loop: "{{ fpm_services }}" + +- name: Link NGINX FPM Services + become: yes + file: + src: "/etc/nginx/sites-available/{{item.server_name}}.conf" + dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf" + state: link + loop: "{{ fpm_services }}" + +- name: Configure Static Services + become: yes + template: + src: static_service.conf.j2 + dest: /etc/nginx/sites-available/{{item.server_name}}.conf + loop: "{{ static_services }}" + +- name: Link NGINX Static Services + become: yes + file: + src: "/etc/nginx/sites-available/{{item.server_name}}.conf" + dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf" + state: link + loop: "{{ static_services }}" + +- name: Make sure NGINX Service is running + become: yes + service: + name: nginx + state: restarted + enabled: yes + +- name: Run Certbot if needed + include: certbot.yml + when: with_certbot | bool + +- name: Sync distributed certificates + include: certificates.yml + when: with_distributed_certificates | bool diff --git a/roles/stable/nginx/templates/default.j2 b/roles/stable/nginx/templates/default.j2 new file mode 100644 index 0000000..8a71045 --- /dev/null +++ b/roles/stable/nginx/templates/default.j2 @@ -0,0 +1,25 @@ +# cache +proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off; + +{% if with_certbot -%} +# redirect all http traffic to https +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$host$request_uri; +} +{%- endif %} + +server { + listen 80; + listen [::]:80; + server_name _server_name; + root /var/www/html; +} + +# enable proxy websocket +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} diff --git a/roles/stable/nginx/templates/fpm_service.conf.j2 b/roles/stable/nginx/templates/fpm_service.conf.j2 new file mode 100644 index 0000000..718d6e1 --- /dev/null +++ b/roles/stable/nginx/templates/fpm_service.conf.j2 @@ -0,0 +1,31 @@ + +server { + listen 80; + listen [::]:80; + listen 443 ssl http2; + server_name {{item.server_name}}; + root {{item.root | default('/var/www/html/')}}; + index index.html index.html index.htm index.php; + + # keepalive_timeout 200; + {{item.custom_config | default('') | indent(2)}} + + location / { + try_files $uri $uri/ /index.php?$args; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass {{item.proxy_pass | default('unix:/run/php/php7.4-fpm.sock')}}; + {{item.custom_fastcgi_config | default('') | indent(2)}} + } + + # compression + gzip on; + gzip_types text/plain application/xml application/json; + gzip_proxied no-cache no-store private expired auth; + gzip_min_length 1000; + + # cache + proxy_cache STATIC; +} diff --git a/roles/stable/nginx/templates/reverse_proxy.conf.j2 b/roles/stable/nginx/templates/reverse_proxy.conf.j2 new file mode 100644 index 0000000..fd1609c --- /dev/null +++ b/roles/stable/nginx/templates/reverse_proxy.conf.j2 @@ -0,0 +1,44 @@ + +server { + listen 80; + listen [::]:80; + listen 443 ssl http2; + server_name {{item.server_name}}; + + keepalive_timeout 200; + {{item.custom_config | default('') | indent(2)}} + + {% if with_ssl %} + + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_certificate /etc/nginx/certs/ada/ada.crt; + ssl_certificate_key /etc/nginx/certs/ada/ada.key; + {% endif %} + + location / { + proxy_pass {{item.proxy_pass}}; + + # set host + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For 42.42.42.42; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Port $server_port; + + # websocket proxy + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # compression + gzip on; + gzip_types text/plain application/xml application/json; + gzip_proxied no-cache no-store private expired auth; + gzip_min_length 1000; + + # cache + proxy_cache STATIC; + } +} diff --git a/roles/stable/nginx/templates/static_service.conf.j2 b/roles/stable/nginx/templates/static_service.conf.j2 new file mode 100644 index 0000000..ba8260a --- /dev/null +++ b/roles/stable/nginx/templates/static_service.conf.j2 @@ -0,0 +1,33 @@ + +server { + listen 80; + listen [::]:80; + listen 443 ssl http2; + server_name {{item.server_name}}; + + keepalive_timeout 200; + {{item.custom_config | default('') | indent(2)}} + + {% if with_ssl %} + + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_certificate /etc/nginx/certs/ada/ada.crt; + ssl_certificate_key /etc/nginx/certs/ada/ada.key; + {% endif %} + + root {{ item.server_root }}; + + location / { + + # compression + gzip on; + gzip_types text/plain application/xml application/json; + gzip_proxied no-cache no-store private expired auth; + gzip_min_length 1000; + + # cache + proxy_cache STATIC; + } +} diff --git a/roles/stable/openssl_certificates/defaults/main.yml b/roles/stable/openssl_certificates/defaults/main.yml new file mode 100644 index 0000000..1c67b40 --- /dev/null +++ b/roles/stable/openssl_certificates/defaults/main.yml @@ -0,0 +1,4 @@ +skip_certification_authority: false +skip_certification_authority_webserver: true +skip_server_certificate: false +skip_server_certificate_webserver: true diff --git a/roles/stable/openssl_certificates/files/ca/images/android-12_firefox_ca-enable.jpg b/roles/stable/openssl_certificates/files/ca/images/android-12_firefox_ca-enable.jpg new file mode 100644 index 0000000000000000000000000000000000000000..52ca4978525e71fe02b3b44f0017e8967724ff89 GIT binary patch literal 99710 zcmeEu1yo(hw&2Cx-5r8+aVNpu-QC^Y5(uurAvh$sORxlYg1fs0cf#EC@9y9Iy8HE- zHS^#6H#2q4;_TYBYg<+As#DZG&vVaf090vlDRBT8C^3LB007V50T?3AW=5`NrlcNL zu9l<{QgVvVivSS-1UUGQ8#MgbwLWmVIy5Nxj*ZQxc^@~|9vVmXJF zlfF8SshEg*rbP4^h9GfDRMjtX02)}QHKd@NmvAA}2(f#4yno+&>k$r0*$e{b>{5U7 z0@=5-)zx11ZED2Y1Lp!N#A+38{>G&x)ZRtpg?u{B_}UVkGqKdBmx7FGyAi#WiW_I* zGWra{U`k*%l&oz!VZTZP)1M9^3!b3uFW|m7 zc5(UR%YViI%HyoVi179q;NWoSZ=1h#nr+bqeOH+?=PR$woVK$aBe1d(T|9mFAXL5% z5#j_xj#M+qk|FyN03Atb!e?w92nusAN&g^W#>IWSBmMiwq@Baj&F#T^6wc=FvD1@> zN6sdEj~X#vccB$ar^kDfFP=0$pM0C*cUjHSX}IYrEwVRW9ghw#0RV^*FB|lIZ|@;e zK)n(<;&j&E-TmWhyYNba{P%wlSNZ5rUizKw+m;|nbj{Ajb_{2Z`f(lsiK zw~f4(qf)X3Id&GEUB)=vw)dE9y(7l#qAlEJhFDUdqkQ+LQ}h%#7?3>go&m*7zyo4g zuV0LzBf+`EB^iE7?i$@l@Dij9xDv|v`~)#L4x^{FzR z^nn@IbGL(c)ov(KLUwxV)1?Bj`}Q$1BE8-WMppBs0)xBRu{g)+A!yg%rdBs!Np!l>e#^<8>Qbt3Z ze~i?_!fo%pER0s)GFxB1OLqMw^3>|DX!r;PaBc4y0?E1pheHtw~1%wC%X_}MuB-DC>IG{2{~ zi#maGWrJ?8ONB?TfNXug{E(juXrB9z1dALXCH6Rbn3jou?&Yi4^GBBM| z%=B1#M7^4R&nKuaC@?o~;B)#=DKq+0pW6A+r$EMhy4y|QV|_xu;OM+IAoQ@vLT9k3 z@pOE=zI6A0bGPs~JDWt(!6X54?uCN7f9FP5e_Qi?S0n<7>Ru(%&922kDhK12oPm9L zU9a~_N29NzB6j_F214JjvVa;jRtTP?n2|~0rSs;t{P0eb8_uG13Z?TiRj+WOi(JxOT!!B7o?TD3cKF1_JP{%3%w(Vgy~C+VNn`4tC&!g!Uu zTK0PPlDB2L-g&hC@i?t`>%1uLSBn2P0OZ%L0Av`7JpjOwC-8^KFc7JKw48rDK?a@N z2e*%+F7Kd^OZ+>_t48)W@a17>6#j_LXo?9ZLEW=66C98Q5gF&nr41BG^g#r)>8+a| zR{qHBd{l;sQ_Q`Npp3`G}Dj zDv}P-%?#8^yCr>;rs!>E|GDt`g*PUnfs*))k*yeZeR;4RE2NexEafX|Jr?~%boz!k;Nw0fLw{MxLYSZCKP+kC ztsBgOuc@~TQB_{()R*>SFm=ZU*DZ)7w}` zy44C(8&tn%|5E^fSif9z;Sdi?gIGV^0_)xa00@x{LH7?*Yb2ij(*|8<98z<6{c5~+n`bZ2Md44SA~O`WrS=&))-4EVTGcY%?1r*PF_V~)jLt= za@@*;(ZJu4|29)pVuzXKjZJSIkG5fh)uVleP|jl}{`KQw)eHffwxo3GCn=C+e~~CC z@ylQXr)tRG^yY_tP7{CENpZy({UwjAo-xc$Qz_Z*C8e#)_e$ssn#r?DBWOR(C+?M&#skB{Rj0kp6FLdyq9!;E6EF&n zfw22;yv=D#zOc#}wNL|re_*Krot)o$dO}rQLrKMgm_^qfX#Roe+W)-e$BpLw zu8$&Uc*B{SaFhlF-1_o>Mly)#&t|AUa{E2T3U-{5D>Q87bx;xKwxPlr+?V&Z34>@zM$6TNC*3 zbJ&P#SZ-oK4M|w`TpF}kU$<3z(AqM(kb zT5lx2R%pE+9lkr*w9)xbDgrkAV7`KOGuD5*Klab)|6R+Fsa#ZU-%Pc$Q%m)CQUhWW zAYM9rf#)(c>?)74u{J~F&F+4=nh_@t6FI*eB>F3|G z{{Ok3JYe#-et@9-Tate@0T|ZFP{07YfV)ap7&y;#a+mJ#EV;n^2sg_En*36suVzs0 zL6w1mzzt!7vq{4wV8V6o8KCac!S)Z+z^{7K3VmE&{y1Jue^DLlw%xMRXOU-h&pL6n zO}f*iQOh{S$%zwR(RAGaLLQdJ?y}Di?+h<%*R10>LVE3(ck>Vi8%5PdTP6q|7hGUiMJKE4eRI{P<% zd3q$klB(-#Q|q>m70b!utYC*0v==-6W$wHNtnvCsRUY$=Ng?5zhrgQfJ3y?(`Q6zj z;w9VsUi|x|G6x!6krw_ZHX7`dl6`Oc!(>_CNAjm;KgjGzA{2QYMm7>o;-SSz2p6?a z{XEo*@*K~A@*1r#G1v}C^y}TfpaDQV7jGCHmj(%}>8oGo4TSZWIVYwh4WmKIA_eX3+`9ZUV55@H37>@2-2 z`ecHxdA4f!8QlWfYPn?EO)NY$?Rn1rnhl`PKh_=kf$hRE;vR3)&ZUR`;;h`SEs>cG z(KahS<4wc&06m<`hsM@PnQ?oA%*nKhf5HojRP3Qnjd;-yR4-5hAKqt~$S%}^PM`a=cOSOxwzbgjNWZpZwjAnY?hUq9gf z_GU`AwHa5z6p0b5iYLE#6dChpKrG?1XJ3o+VbGv%nN#wa8N}k=WQPJKY*8VoAfA)U~sSjzm zHXfYi$skg}p+~uNjz5>z?3U*KXC3_y_WWxQz`ro|Kc#~u{3rY`fn0Zes(#iAtc!FP z)VGxXL@t=>GvKRzZL6Fnfvw2+&<-c439>4TEu`z z^tj{_oHhs9iM;GwO(q=%KRzAjEuV7OTpY zX!m9RA+Gb&3cswxF?zk&Et`wjIae(~PJF>e^`Q&YMQ7>V#rgg0h@FoDPtDxyet2%? zLouET)r-Ltd)qYYeE|be1}#GM?vJCfRsX037R=X^-AH;^8hw2%=8jscA{WY5?yYW< zN(SGG%A&Px)66+rp2ZbgYlWOe>s#I&;);0%=oXazS!F-y$0$>Wh9eG6ZNr`sqNAa& zt7K!!4-ak`=c`U8RkQ3_UQ*nS6K-a?2SYG?tZQ9LpGI4U>7D^TW*6t)|ER}r^Wbp% zyR2({G`b+<8*i=SODPy?(%%yNSHoaYe=7ko?r%x{^#rhe=F0NAo{$>Twz_n!nD@**AVPA9$x;&~@q#8;HwxVx==@^_K^OMb9p=E{Py zo^c%tg6a1y0=S1adaIO+dzlHJt~sS{i?s$7LfsJsqPfI%{B6w$Jp=!e(f_f6|Aw9H zPESk!i1cTV{1i1&-U)vG6AwYDl87}7oL*g8*r0frt`2nB6xn-KPhFZVzUf``sj_7s zW-N=+Byi|@)j?Ycjo)@-1$xi0w@;4E8}@Yk>b70Kn}vs^^5CPsBnX|wB^GyX0(W^a zerd*b;r2Lq(p(LSq0KveY8_0@jswwIOD=N$i>*8VxHyMW&Q@yFX=EDK-RL=U47=ws zwzcGSPH-|=a<%YW@?3WlNYnIZYAVi88D`e+^JgSTR<)mX{-U)q3E4edU){2oZD14Z>HEuRK+ABP>G01%MS;9xN5m>6iNSlAq#I9x9k4N1u;SlHMDDXHVgser7G zG_OF1AYnn|U{K)C020UKt{8v$qhynEj;qPDyWL37elpfa2_o+O$GF`vfoA{ZdDh#r zcY}zIpPm7H>lX(2{?q>L)=-Ie1aXF$KFpo7W*Uh8(5gAq;LQ(ER1d9o!sTa+kV@6XsE9KjI6uXAYqKETViW(?U`Tn zv#+1cs_v|rTrP`R2)rP0kW%oguotM1EWFkc(rj_Ec_+hHFn@G{6zi}nLeS7h!eNjv z?X~<_qboMBA~<)~3{B+bk)~_VhjC`C))D3I#ZTV*#pmJ^G$O65B{j!DvED({!DBkhNc%OF9qlRcdSk}d4hD{mpJ7m> z2ceN77w@A6i&7Ms=Q`COTj4uSRaax}f{6tTN@mzFw9Q`|fl<59VY{pCbO;VI_+ih{ zMts)6JvV@oyS<)QiM0+n_3MzFrhDgIz>2Rpy{twe)>e-fQ2*Z^ z*wCl??{M$6;pAQFM~-_li~XxXq0Lw>b_enIyD9s==j$;QUaVJ_)5ZL$-{WWXfRn4l zR_TZP`N}K-^8%}KP6OU$y3?&0E)pzHq`t)r>mBR9K^jy$FoH@&^Q5n4KPn{l5+u|vfztC>Jp4j#&#L@VVQS3h6m+QBcy$< zWLlNR2C2QhSTN+enMpE{;WFIH<%dt|irvqEOU{hlk2e`nqbpWREhktde(q8PZ7aFOmm4R7)DPdW|8Q?}z%-k3bj1vr=^vUa^xUQy0aIq{RXyn(YcRJYAjes}j zX}*3a(lP4?#-{saG2!%%QA8>4TGo!~_=3lG%h>b?(Xn?GZe+wO@um7^W7jL}1Iqd+ zhojP!Oud|vOfSb)m20)P4{E0+;>)};p8+26MwR&@tXH%1pE^`~I0P{a(35o>t$hzU z5B!uGo&jQeE0t2QjYjw+pIrP_kz-R~y=3dAX!^+3LzO9Uv4fn``!J9+x+7F5g^W1i z!x%($p3s>f8k*V_%LtN`zEvZC;RK8{fACq*sQ%GZ#yDw0OCIk$p=wL(w|XsLJOf%P z5Nx@1!gXJ3xL34KmX(e;B?dL5Ryc=7JOixkd8}?D@bt@hEU@afTgY!riv#6E1@o=z zE^w8{UNyjyrv;%k^VKOZWLHW;8Q`6f7B+o)X&a;IFC$LSP9#9lkHnbXUbK9J6~oY7B`b za+N~JN?6viA7ydN96`{y38}<2q&g|Gdj`lHqYOL)P&d7K=OuaG&=kqYCa2Mm)}6E; z^Z=oX+`5FsUYBYS0?~U#sjZ5M1kxL0WaQZU6wJ#v6DH+=lRa+F~?^pGAkiwRk8@wz=vPmr&YpBpL%MK zx~}-2QS}m z_+_VPz%uqvcyZ?~ST4a~grx;jplur^+qfyL&lJNWaxyG($5-|xO!aCq!>jfobecP} zLF1v-O|X!PUrRQGhEvd1pN1p5Ix~nfBAceGa&DN^1x!Y$6Yeh2Bc+X{gkbCPai^VI zBt|e69}ANYOzN>tsFm^4oTc_Unb;HKEnfIFq($1Ga7xs;#cB5SG{0VKcv(lr7|jFd z*x_Wfu=>Q3+3dk(a-Z?#@>srrpPidJRIc_d1yaWM!|2F2uf5sS%f6O~6lqxL2I)DB zvsET8=FVgI*;kWXxog#be07LHNM^t~bS@f{04oZgDhVvT6c$46S@?2iOm7J~r4CYd zakW(5??~_Mnu^m6ekH)rt~)Iro?7*l)>OlRx#>rdni7%dy0mN2mvCSsV@tXhna1nV znA7HAaud^Dl~+b~J^o~KZeNDOm+2{9l53r&;2?EAemSeTT6SyBFH{(FBb6eBhUQ&| zku-bZ4sZwG88~s=SGi*11K$KoW|Ik#1mhD9c{|*+cvw|5#Yp$0ldND69X(_%SYiD| zyr7*Afk*tUT@_rQ$O(~as6^jo-aomLD zLH~l>XccSmRj-K0#2`QF@qOyaOW4K8hnO~Tg1DCQl9g#EU+c;dBKfg8$?M|j&JIlQ{pB}7vhezP*)WT3N|diV@DVrv5~A5Tt~)2a1& z*GtOrG-FdNc!Mnj6uQUWyN#<`UVO$HhF89&Qo-AN5UyK^q|<3rwO>+pA7xOTmsNp&-s)s02( z(*wFl7&(T{32P>igkCU-0OO43MtAMmRRDRpqID@jn!HbOBu!;|l!@86`N)0>`l_^JYEcnWs3F{jwQQkUgG%$fcRB4w7rZ6AW%#h9`8SE2fVLJc zjhOfYo|qez{Wj;Xg}gG-Dj(P#PKX*;SMjLlj9h^gV#raC*>>%b3g4fmmd5hM4i8u# zDl-!*f*g!}E;H%{`se!4#JqwyyrXR&JWrX$s>x#!b!os>#?g{)IrucU%< z`lZcrY}1DA8PMUz#kM!@eINDu<|D9mC6qefjF3_b&wb%a|A^mG8Z(7P>syDU+V}L@ zj&dBix@HEhzGb!L5YX7(9CS8Pw9 z7pEB7Sd%>K24lZOAS(mw_vQODz|B9g4L+WqJ*zWNRDa%&h?>oXBH|--lF{P*=VyTH zid|HbGV+=_ba&m}S|nC_5Ai-)(WTi3A@4VJiE+0C(eUhalsw3S`peLi2cB9GLphx(yaUR{RIzfnmC$5-^oa~?QRYZ~J1=;Bx}5V!tc_L&JxwYM z`umVru0c)YbQSaH=|AFnrEOBg>*Lxd$MMwaIEgYhi|9OiS6C>73}s53Yxou{r+M{J z(6pCSA|wDxP}*-9*A%R%jDp4>2qh8P*I6liSp+(jZi{rOIWa%h)C+gp*auz@A~fwf zQBONLJaEqARHfj1c-#Ien+JaPrvg4c6DyQ?PU#N5qrZ#nv#+^ zE%tO`PwkR#*saUdI*|Aqnk?xZ%<7>ddF#*@3yDR>CE;&mXSXG6&3Ezc1Q-2qDo>V0 zh`;Ugo}kU=bEIi$q$vn691|KUu`wa{ebf}szV&YqsF{*+qlO(YqOA%Xeu6UuBklnk zR6^IrhQs{aN^6>F2;~C!j9-+97w!G2$D4ofO=y2`$wQ56|5KA&RR;=G)r<~bsq4Or z>0Eb{qb#mnOo&lMU$vNfx?(c4_31FQcg)Loir`nU%yW9SeFBZU6^pS>^X5aF?ovYm2E;T)~qdU5GIDV%`g~$JNyN0M2x;9nbm9_ zPpI&IDw45z(c(rn@5WzP{koJ#wqe^?WlWcBgv~iomrV#lViz~b4xhTe`{<&lRokx_ z_dPQ&v}@O!!FRk?fe=ue=9G_j{yStgsxVS(|3R_!q zaxmBtPwVA?LcOP9JBtZrA@>8inGQ6q#NUj?WiR|{)nSf&NjJ7tbV!{jt8uWR?jlQS zw{$CbhUGRa)ED{4uNPAJTxrM@uP8J=On+2_htBVwa(indm=OQas90#)ouTS%PERv} zNvys7?sUDZB<)Inr}f6LK!(MVYtkD%#~gpWfH&=1IJm!F0R4wgTSS%cOFZNzipLV0 z{S^z;C){^vHt~fp6+xUMZ+@ujC*WF;ueP1i=&EBS-%Kd` zW3-H+G#T78303PkIE^r3YHkBxx^y- zv3ET>>1d2!r`xNEO5be>*MX?Ja+fr>>6Ot_!K|Xri$j#E=p)i*MOX=1Jltwzus|Qn z{80>gRDL53!(P+&2PdsAC!4#Dt*+ja4UGkV{^Y_c#naO!+Fu4ct`Go$tUNfDTX~O= zeXK71Ae#20lL-+CtCtB7tmi?hBBw!V28;I*);E=HGa*WUi zI88GMbP5ofjpjVZ*2t_yi$4BH1aWqSOfEn9rpMGj8})>8V}d+Q{1EjBMKPZPxv#m> z;)Ey2m>a7xG+A2?cCUU%eJT^9Vlvd)tybSFFNF{bA{^-b~Hx8HFJb& zFI9I}LvYOXkp~jt%5Q^OW$%YL>p(s03QEKKs;u_O$PCj_R;V5aG@XnPr%+o?{%D4Gj(C~FZj8B)fJ0@@wLcR!8><$T-lgV=;jlzSfkRiVBFK()QMuG(H1@P z7Brl~5emaw>(6CanJDbbth)2=Imq+SKxH1R%+l^`DDZcNri#Y>v4gXEx0%XmB#p=o zIO}W02P;>pym`-nHd|v|ZfZo%K4Do6U(SM`L{z^?*8Vl>mbfOv&f4I<9`2E$HO)~a zp2~`;n|~xIlF49x1~l@yrbUmuBDX)-gc_U~@nHzvwKi70V4s(9v^(!1J2AaPAZxYx zl7?rKhMr~U+)cw@=Kxj{vvgWcKo&kWjxD?Z0XuE+eo0N%=MtJ!PPHJksY>2=;n8ac zEBx5TL!hg^iv@DLjQ;Z&q@(_7#GSs~#tEknHmT7Rm??m>qfI^wlM+6Ps~`0V%?%V3 z2_IN1=}HCHst}r*4eWg%nX!3(EFUN!H^KsU6OQS=s7IO(o+%jWS&CXt!%wyFd)Aj+ z)p4?k>4aw3;`K5>5I03u6XN+IYCG(;IZZOMPfjXq2W)=F0=-!|c{tG@3lYmG&r$fm zGO2>24T`hbV8XD>yy`mx8WTbQuE!-ZudO`;T2*Vi)&{O|nqi@D^I2jf()=I=H5TOD zP+Q+%u^rQW3Q2!sPS6r=V0C-0o%}`TgW&{JYN$0=4OB1~&phbg3$a{~rGu`wn-s4) zz{#j~GomI5f}v##gnhu*f5Z|W$NUMIr8f}1N~sbQY1Ofn#xolltFF0WMiddB-g1zR zlxf1WPuP5X$nos@K4J5Lr%58;U(Ou!?DKHc8+I|C-B88rTNfqkdPG+OdoZmV)jL_E zirt={2eL8~Jp@Y)94z+wSa`v$JKfj&Gqq%0;3BnC9231~#L}{sgPsgmNbu%6_u82t zyt1&lE^b|V3Nj?L21cG}R{(C3<+L4(|0#c6c!*uEUI=jvGoX>eEzBL}gHrli6He`y ztugA00?bYZ#K-o>yAutb{Ipoh9hvL!?>|{3C)7tHb6^W902^dCNp;oFu$mjK#*G(6 z=52}!M$2otuQ#~6mz*64r_Uu|QN^plk-C$?z|z8*hL>YvBS$$3F#=Ty7JpMZlZ*G*E&WL1MYrD-@h7*BQ2Q>D zbAtF)46c_wauwG{{ZAgN2~P8ipj1;q;^ zkP8_E?;v@1Xnv;e>h2F!dsT5+X36NW3?&yHr$Ucp7l|N035Pi;?rP8H>Src+;obBZ ztumYdxp}Snqv}2bTEz?yChfkRni43NMCWzi08P0mn=CB#VpNXA0CCw@CfzL2E#icu zU+8RLr03u68apREjt~gIO~}X~Ai(sE`Tk{7E-2(1HcRl(t(4`!4YRZu5H10YrGt)O>VoG-$r2J$ajwfgd^~sL z+I2)z+%BQT2<1yeWaJ$(-}dN*C1Uv0t6G(Ma_33#hHDe-N1_9pUeh}XzQq0vjN6g5 z1Z^~UEPo8Ide0M-LD=ElTZMtG;pEe%eQ}W+7GZh!M9;}TbO_x?PCGc?TwL_stGQ!w zN!U~x$uLIDUgdm(c*7nsbP@bCYG=YodS>`~(>HYBlFIEEuQYhZuNGgN*T`J+X}j~G zzs+~uo~9o{9jYJAGHe(>3Z-Say-$vQq1%J6wdB3M^pZhbf(_S4b}gh9U9jXtW{uc~ z0c-XhD#*vvV|RhqSjZpY;amWDgyvZIkXkR)^l`mQYx_+F7@2B~Qp z6<5C9d^jt4bdOH1>;qEaArACAZkoW80Y{R8`_;7&31wc9;g<{ZzExg-`OcD!##kaY z%JTe!$f~EJWo|xPg*Xa1l`}i~>K2z?{j8naqMrNgzdPXY7~`z_AQx*y>TMZUnFvME%9ow1s_5}BQwlVDC(YNcZ=`7n%}}Ee1dw9~z?*KQ``=B8=Vp-z zjE##O$nU%=l_E{>pfOO~5lnJ8nP}7?0qr$^<6iXf$EJl|tIi?VwkA+lG22+zt~(L& zZX?Gsw8gfj$ZIp=i)}ygU_m2AL}8}w1pOX;V_Z9p`~8*$8$7 zDGpu)>8p!xC1spi`8i#^C(3IY0#P)}O2|EgT=xp1MXy#%Og6@_tj2wbtfv=KVZ6bp zA{h~x;C1)*!(~xW0yNjH$G=@z=ouM1r^c!v+;|4`J4TroW>wW880@OsYR|Eg7+HoJ zjK#*^C`Q9@qv|l5kYzE7o4pe-rG#d|gC_An05dr+ZNS+X?mttZ0;IpcJom=F{nYL3 zskwJ20r@3axu1z3+ zsu3PmDye_1a_YVc`W(eu)3IuQzks--eU*)Q3&fm+6X@d2;vT-Bm^9RkQ2EYcBEM(iN>82nKK8-LR9yjh< zowi{>gYju`r`_vFocRJh`>GRqx#+uLkCW?q%!w3U zt(-3oy!CxYD9V9caF|nv@Y09IX5RZStSk@QyAmAHoO5!!tNpC{VW{sL)6Ca4nyeHI zVFc%PxpHY}wNH=3TjMXL`(0p6Zc>cqKK$~wAlTlF`h1a2*ojsq_W^wTgRPOHS$eU$L9@&#BCtpc0vRXogd4KeQHWT<>5j^gj_e zB9QLgjvNd-Y|T?7rv#F5zrp*Ce&OWu?{>L7M)CRuBCev=%qM*`DE{C`?z;XP6I zX@j=CjC;yMxd{*?+TPkSg3p-VZZ1wTa`fWCcC-8xY`-q1oL>v&I(_pgc4&E`+ux@` z7!{xvs2hnfXsfHnfEHfSJMCN(co!xPw?^p7IwKYDKKTG2G*9h_XT@*VA~kPRwWNOo z%`R{v(Dv>A4Ii~%l;pT?i!nP))lIxM(XI-E zH(;%`m5`~u^=)-`{>uR}wr7*YO&wE9*@=D6fDir)HlR;Vl|Gr>Rb{rFieEfMDg8?y6IrV#M)i4IJ z2A0$QJj*h0hEptt>5$#prrctr8k?~+-^H%}Z&>d96c3*PoyjX-R=aK9r`uF`TU9pd z{n!Sd)Dz+=l#72+Bxbbs$W}$u(j*Q%oq>sZ(_Oon%iA5gRi8F~%P`bsO%IBSS*iAj zQ1~irc$vni%SLfgVvS=lQAaMDh3(p$$eN~u))b1PvG2Fix z7;bNw`rb`7m?rg(9C>mUoy{|6Cd`{6HLQjVO9d;$|pC|gc0#dsft_5 z-^^(p8tHdfRb*F`>7*&kS2S!1i8G0jPVL6dB?y!d8hR1HHS8jKgFGt8?eg#zE{d2w z|0Q6GKCTd|)EUDP8t*lB`RAx5-pBi4Xgbx;sKtwRfoD%-X?hPwp~&T-E{KhrAV8`7OEO&U1RWS)1h$)~BXOVZ6IHPLTXJ^t@4A-l zSc<7Qv^J*tiK9c|xhO-liUne{=$KIsH{8lpSnZwh%*u*Rl>AEMNuJX$&o8spLdXRo z9m$1Qq{MZdt7T%2w6CZ!!wN_}N9V z$WfUP(#$Tq&k)Az4`RmFu7jT^DPYPLnv+%+NJXH(%+d;Eg9WW`;6;7FxRnXp^e)JF zT?rT(T&ug%podId(~jz%?gL_5mvsN_u4h14yo$bWby}=My4q2G4E%Rzaer*xX3^b8 zj`yW3Y!t?*??rJRIX~^kq{qjp2W;i~dj{;#2&(Dd39Z{`d$$}R6+;+=W&^u0a=Yvi zND@Ns)}H~XnRjYFThD+Hi1+c~3^kL8Hme6T{yRa&%DrVn&?y|#9{I#fbrMQ#y=Ub#ETs_Lpr!h;bn%1Y^o9XQEDm8!Kk60~ZfBL;um z9o45(K8YscOz_z>N}*Lz{+06MRMP|TJvA7lM-x`m6%q#cWiz%SgWW>!yL%Zj?%X-? z(89dP-fKAm%|>n5y<#7P5Ec5sa`Wq|GOLbp%WPk>qy^XWV&jD`N5k`F71zqJ^MAb% zF-y51i==Ls$c`tByD-Mqmq6g-K{HE9{61!Qg#c43)t08to!F(UIy!kYuqHK1Z?qmC z9)gj-kFUKY%`VN!AjDSLJsWlSgO>yq(qs7Us7B)5i`;690SP>^t+y#uAOM`?+K2{@ zmZFxo|0)&Uh6df!+Pc7vC_E_Y*fyXs*EdVZZ0+*loclYRQFf1or3q6CR0pt4{waH2 zAnzVg?~$RiCx!v@bh+$9zEr^kKOZoY*OO=Xn7IBbwQ>8Hc=*^?K4{;kd*6GBxQ4fC zMO|Oj&Cef3jG)`X>bil(fNn!@va`4Qb8;D%gxndmAo^rPS?6tHL3TKMK;@-SBF=_> zGD1@ZZ)G^}Og)oIoQac~z22Db88A_oZ!$Mo|M*c$i^^+e7POdpEjjHQu0@$r|FW@>g351rDHpbHJ z58%wsx(J=Ga8|gN0$W9sH|MhPycML7S%YZpCA^69EaFX3lsKBM!;!+DuB2*2;L zY3MQXZmI`IOp>-stvT$3lT5Ra=Cbe`t6MNXOwov?_t6uUO$Rg_ND;8sZgVlzwO!;9Vg(7xMX|7;U7s)|P)Tu}|Ve#83XN`@sF6!C^?n=)r zWpd|f93CW-f|8&V`Z5~mzyqWgelsBkwM=Zs!9tC5^RlJ_(u;$f;u(EK(U znOhx9?*_hoA-5>Fe4oI{kYl~%n`lv>lmCW3zd!s#WVMI?%BpMoJ~)5$i5*#85^(}y zY=X&Y_yT7h_=0FNhppI&SK`nky2(f650@#+mVIu0g~o|Z8@LHu1XvWZmW{J%Yj_-~S0Ytk^;9VrJ!Z6V60)#c3Uu}0kA9&H za#*e6c0hyFsS0hJXf!jO*$+>NadLuc+) z_I@a`GQ-z?u)XCD$FU4-G|fVBGjR=rJCT~CwwDQJOiYPu!XE5z!3lE)`R9kfd=WaC zpuP~G-jNL)2#6NSw#l0I?h|&)CAfyowJ!>yNFl?9PvXlao>P4RbCyYv-A1m9FL;Yd zQ;oAl7nbem8-1d{d@7eAMJ&9gV2r4Pl0f)AxBYYibkM+Av`J8M6l@%zUtbtGokC+#vIqyo zt&4~$=LE)A{WOb!|Hmu>vwNU2+wUVnW?s@bzd)&c>tg)t)sw_bd{&KbF^sv0erS%C1B!E|ck}BHA{Mw|o|6st z2@ck!_IyAmFs-p=B=h~dWV#7Q8gwid6>LFz1**KYUdOzA_BQaT4paNZcl{GstMiLf zZE}O8F%n%04K^)Sduj*|X6N68AP}Go%P?nf$bpZ66DMK4Yiy6L41W2>`j}>ewrxE< z0w1CnNz~l4xSe*evp&pp;JVUu4$bus#F;XB$7I{$eQbj9NnUb($wZ5ctXh15%JCiO ztwCBdO^dsg9|smf(MYnzVh4A=n{poPgoF?w&@VabtjtE(H-Deeu3+t>TItBG(@MKi zE%lJ&j&rnp=yCY1Zi%Lf-_H4|?CWFkSyD6delbn@!h7t%$8MdIv$qq4SDt;ijtcff zA)UCwsF^FCa8)sfp%eduytn*oE9$yMsZa_OC|sE$);+upq@Q&f9 zp~ShakgL|S_s@sle<+R1<)o&W5*2u6)}>xHm|*oNUoC3(He)#L&+jp|xHM}jQ=8iX z=+cp;Hw?T(*~6rACT2k?Wnr|>>=y67Rde10gW{_`X9>bE@8K`xqq8eV?(XZH-D z2pjc{lTA|ytQG-0li&#E($YPQi{@g?chp!;a_XTS6jpWUIcy;vCW?_jc~$k9_`pRa{(z&-=|SA^@EZ zO?FIAd@GlQhEAjVX;$7}WdnXK((|Ah89Xk2-AvEP&q{#IaxD;zn@7Hf5j-YH$q$F3 z=*@8qk&C`^ieS>Wes{BMk1a9F>acHMz25qHO=~ZIAVoF(kEer~Z{b57k5alF5IQ!0 z?Av_bKVt_CvKmFF8$AE!miQ{MU-!1dT8>68AefssVE$+R=`(4e-$Bf&^~O%= zz`h-K!k4{|`B@h<+%Qke^e@tETFR%4G|C3dKQ_tC@nj#3`~5H@|81k`vtAwRxs6yPj5c^0=egWUn1fmRc7*LUlPV?#_jzCWA65nqCV@=vQtuzu z9?CE`eVF)4%PPLV#zJGgJM-w&>ASO>om+&a=apENrh`>)8aY~ukZ1tEEE*zBC>w$u zaNP7jLyTl)m?18{8ewv$otZkdFgfM^ejxaK5k4E+&DPF-Oc>#|1M!bB0vKq8?%qe%nnpbQGEMrnXI&hX_sF%+uRz zc`nGOb@7zokxQi>8lI25zR?iZ|l~*gwm)0ozsr~&%?4%()XaM1^d5rfA0YsRw>{*?~!0fZ@1y$rJ8B- z(<|DhGNdyEElhjAzh%E)4}a)x@zQMImBn0-=APB!lhO1ao6B*q+%a0jn#HE~q3ZHPH<&`s zd=_#p=;uI>EbIIL_(k7z-KGZjY^!2W`G@6(aCMM>D}0sLURTnMNLW+6fio`}_&&23 z?L5%8i7eLgcHP`n8uSJlolZ$QXfYvFau-G?6|Rn)QuK!tyCX8T)9IhIaa}>HJ^I_i3_Fl> zO~R!;H*|>49Kso3I-|!Lf2BP&%B0#vDAMy_{;I=hgevKpxL;2!F568#ghfzcTsCi2USnn4O|LST%m1bVgG~H-D4!|xKrmSBMV+#cGXOv`NJO_Rm%`}paw@@f86Wp+gJH5= zYvgDLrD`@vV>@Ztvac|hRc+?8kOIg{4RiQmp;X1_jD!HvM3>nlu^k{eQQtjuDu7kW zS<)k|I>}8MxPM@HkOTPzo{!lG3yM0mN1IhQt}KTEftB9Y4SR2X`WZwv$`Oj=iE~Um z;0vX3AJzW|$cA$@fRiBQdSL50F^3o&Z;&OB1Hm8pG8w# z2|TVDOaTsmYO982q(tPa@*V|xRjx}d&eudJi&kp{hHNLPgD?TLr8xqGpK5&L={#0hKIOW>cyx*+te%U zOn;E!PT5dX=#35#Y`BngvP(|2c=s+o23rnkx$L-tL@<2(;@HherYlrjbmq+(c+0h_ zJk;cx>rru3a&E-5;fS4oX*Gq)_%syuceZ6e-bwCvRenDu`oRP9@*J&+46}c*x#I*6 z3xngAAJ@77e*DP$%Qyr2(k>Zkx0Egepi?qN*Tp6F8@ICNYwlLAq|_(`kkj2T1+M(q zKMnVt3%O#h(#UPXDgd42Bm`9KcxU`(Kxw$B&d*9U)P?{zK5AF5q&({E99f385)TdPIj8KvUa#jaZ_v}64*hkWur9KzV9C7M`@>0 zWZ_L4+ztaFtNCnr1b(#BR>?<8Q^S(bLzlA^H9)m(n#}knf_==qS?QOL&TO_-x`-;x zx|D@Lj)f7yxZ^JshTcKpMbGvUJty^Ril}p4`9BHt0wqzZtpXs`r**gJNM+4);?@&} zlrM=I_*mL zkpoiF6z+LjWn>5Lq4wtmj;;s34}$DaISewlRhEtxE>QNqhNH`>Z0b@N+?(wkt>zjtl{V!(LAw+72jnKB{4=JUU-hO)RWacoI)|%U0n>?C znBo`AFeNZPr{|ORHNv6oe*QZTC{CO7swxRI0JgR7>I9|YZky@~dQdT_9TcKc5-e+4 zIL1i`bMz2ZqsjE3q?TLmkUsy1<)oSW?t{cKMU}KGZvumgP8+wuQ>m+@tnX3Kr07k! zY@hS;i%!}s!zP?BET1ART*$+i4I4R}Oz~xR9ImK<@;hbio?jS7N^i%c$_%Uhv(yVV z`4GyBEJ6*;IL{w%e99kGa$Eb~=2fm}uHU1S8ojf~5*dT+fi6MM0zA}zAR9MXRv`-e zb1o-SkVSnYs|^`ARVHL(x2voo8064FFMx@5gR0&9aytRbh6?yBuHNKIvL&T5@^DRA z%FH@{es=84(fxcY?HV+xvj?Qz0$9~^K=OPM8Xo8RYx5X52amlsG~z)o8<%L-&@t|p z8zc;;%A_a$*!hQ*5}I}{bBf3(d=_jDi5*X9WTkuf-y`eaT)|Bj4GV>InaBuur_BI$ zFS3I`dFgRTNnPJ6_^|j_FC&NjLV>!c)^q7wtR#{5R@SG2vr*u+7tRQ`MbQEcPU0=HxpYy(sbZ zxH_xntZqxx&?;dC&&8&IRyHHCGb7t<<)FHr1n61(xTB|8FX9JYqtq)`{nttDA83D; zNku7;d6#DVoVk(|LaZrUm~??FRcvF{HgF+qeoM1uGufiYp89-DIPqD3^^7q#3pT4s zF;$@6f6SNCnY?@I&t}5{$|COlNZS_I2yeSI7aP6I-HEvu?0r{QJ5T@TFpsAP=vE3- z>!!`N?hxPsQU}B&x~T2POF>${`SakDzp7I}?##Fl_9Pc4y=-H*UnN!2pFOE_=LFV< z3^O+f_F=U=a^g!I2WlAD-J9suNoo2S*NG`JUKOGyX`>UMxYUOQSDuOL zK}rDk4Pr86H1K&RTM1y~uyyVr)pxwp4HW1z%B11;Vq@)+Th%`}Wru@r%mqBj0|(61 z&7-M$W}m%xJ=V9INqWT4hqpm=e2VFfAyt_IOzwG=i;&9gXw(eeFQ^--3MEjSr9n9~ zL-Q@j%3fFMoFWJ+QNuZIQTb}R_7o+)osJJb|3By$U}Et$>l?Sul|3Z1B){VBMP)%f zpy?VgM~v@Z`DTLteJvqFcAB;P<7pXqOfc{5HK#SHqhh2ZC2Q=D1ffsFknD)x@f~+n zagCVD11#)H1gtvr($|PRNQ8MlBB8NNe0VI6z92;*BZS)T-1Ie_U(BjOpVq|V+W5)T@V)sB&}@`O4VSqQfr)O z1W$jp!>&Vnai z4^J3UA5eTx4H8%$ZE5I=3U|li8h~sZMtb}qntiU3C_8by=f9?hA(O*@$vLBQNrv3u zGBr(RM6Bf+G&?bfWr_++$(1Le_QANnA8Q|Ea}mM)BDp%gO#HYDaA{cAja}Z>p`V9u znNm42pr0IZ&Q)CvRyEcVY#J_cvLu}lTGmUz^Vm9jQPDcIPLYqPvot&Z6oFBwSpS%D zYsmhh&CY5h|2bcG!UEQHMQIdOw$qi~Aoh-X78{W_C|OCt#>ZgK_;w0WmZ=T+p?Jui zJuOaLH?;FT5GZZFFX3`t`8+Kdh@h42fod(J#Stn0tnejgL)$ zgN@NI`A?TNtp6d=1ci#pnBM6mzqE1>D|*H(uj}Di-|%DVl>D`}^%{$Su*h454_==> zr=<4ig_kt;B7d`rx+SIQ|8HrNXL64pCR<6)9WDFu=5Aj*m@D}H*+-Z;F%;sZ$?IYd z%cNPY)wGggTUq?W;-&st)+&rMeK-Bnh!^#qu;U5KrS}upv9ILO_`#fj3BAQ+u*Kq+ zFOZLC)gJS;-+q%VcY$SQUyN_OgQ z9f&1WP2n9fmz0_)>bQ#z^8p)USb7S7U7q9Is@7fpSHT1C0NRmR;@iDr6rew+ekw61 ziK~!x4z;*VfEPnJPrS5vO=+AMu^o?BD_%h(YnA?tERy-QqYmK|S>qHLo}x9B-paiK zmt^Y6)o`ir7T<|9ygtWC+yEBZ!6Aop-8E1v*-FU{d?(6k&$#27yjtWut?fkkxejWtWw<5=IufhrJDBs8o)JQlj zA8~gCHr4{;C$3XyD!cRr7vsBtRWa8$`WNLO#iA@q?dJB7#lDLgIGVNnqrroSU<_Zm zw8Fb4yZvn`5#4&K`A=yF@nmqxiB9vxDI0K+diK-ZMc$L^|(>sYj+eun(~==2XOc3)0{@ z&2z`&fw%igTtXqm&a4+^7P8F+)Q$e}d}K3Tm=9&fl8yd@CmyoF|F9}6d%L_X6|Fuw z6Pw-^*K4U^)J*F_Pr9cx7^OxMu>N5YSSQb+{9rho=<=Lw!+#!Yy^e^A-o`40S=o*S+8n$35Ad--zbL0Wa3~pK6WKYr1Z6x}z!Ijk>~WE1lm}P@;V4ZcAZHN4mTZ zj5=Mwhx)U(@{!2W?5Ck!PJb#HZaB-bV|(4v^%ABUkw?b0!>;!RQGX9Z;hL;c{VaG8 zs$88V&I`7yw_+BZ!6hIN^$7ZrAN&S0X0OU@GB;rEGwN}-mG2x-&gAz63AunjsC{h z5i-xquyg-?W_L4C19BuGGx_3)4s&&QbC!Z_8R$Dgy`SDkvZTXoB#mSHfNP_n&`bH1 z>$?Kc%;Xk+H<_7H$Hj=JIRPB&nJo2qzyuJ>KIPHtSO?=PHb~v-cju*hEFujqS}$1B zv#%<2pA9N~)!d_nZv=N$rTABHg1Klx&Cz(ssx}qsPI3}_OfILB$mmBy1nJe>Rwqx$ z*8)-XLD_AKeF%0WBVl`be{Yp;*d3>z*%`V`zT=k3S-xU*=v$6M!p@+mY`u-Tx+c?1 zh3~}KCZ_^C*l@<7yl%yzAZYBD`+IC6ZTJgyps-JEP`SHl=nus)BT^SLFcr0Mb$-hq z#Sl~E;BM==?U?7WX=&zzB&133&v&4bG)Y_--M){J?H~IxGE|R z(0GSY!9)T2B?VRc74_7dgwi89s)nPs7X{7b{>~nyGqfi%Rv9<_T8^2 zzEAc#7>j;3!`;=!!egEgBf>8FQ^rBG3^o)B)ABP>JEXgKW5x!s8JW>119&I=ROCO) z=ZUsZ#;zV@J*mz!pF1qIQqgnr#?xUfR+$Y-c7H~f5CsH0BIMYfDGu!Ts(jSpS@e4H0XR-r7Xe{gt4tMx47Cnz-&y7XfCSA1G}eXhC8OPaJM z7p=pk zh4u#;WKyI9R02L2gZR4=D?T7_=&MWUv*@5`DEHLqiFSEo-L+|=2ppgn@in2h985Np zRk9}$e2Qq(%DE#sA);QP7wM38^7ETL{S9B+Fzp>^iH>*u|IgQQ_hT8sX)lbnYoYdfAKj- zG!TCGDKHQtl&ay}AxQNZVkk57Z6dJ9=8_zq+j38nEImIOH8JGfe6EC`CeQ!}(1rD$ zh6-?x-uK8ZPR#h4DGvZ}$^R1k!#W#hbQ$z++RcEgFy&?uq;i(Q+q|KRGwCd7bwmbP z@@dd&hZ-=!NgU|xi{;G4a=ldu?*u{1##isA3s`2NNdDL;}@U{qai0)&-crZ-uc+gjvgvA)wv>HJ`71;xq709UPD)Ce2ZdnJC9=G)?6 zvDy*8R&d1Eq&i-&YvfcEsMQHwZ|0C!0GKWK2r0BX=s2xG&QYGt!kFM0Fn~Z=|h-qIxe!rD+eIU_Rh?F zIy+|)XBwI}wJk#}=GqGOl)8{Q{fZZfe%Jj0Ur^e~1oi;)r&WTkYKg}og6UD0l*kp2 zkRQ4<10=e=4xP)kuU8vpFOfxSN2U5{xs^K0s>kQEdAQ!Vl09B3^u6+IQZ%dx&hK%R zT2Q?+fgKWyDF-Tp8gjJmVm363z(j!qF}>-*f-OpI`=3F)eP;YMj@v#}LU;qI-x<|5 zz`8~3d6hTq}j@M#d}Y&HZzSM{;8^HFnKLG4O0D9jPH=~ z<=e3#GR+aU?vTbIWkWM+$(X{-c8l@^8q=v+0mKc zuS4y>{WqcCl+i$ra|TfTsdfW)=&O-`Si(r^(`t{C^tS{92{Euo%HFe*4vxtTV zVsfm~dOhnR*&a-I+5J^eH}Ka!<^KE&o9-5t$HZ6DtQs(7$;;%O8a%mPBQ*!rbG(Nw z;W^kObeciBpllfTg@K|3t$tNW<1EG{@poBCqm`yZbVzCMZ>}%jxK>;#&u=BKS%C(;WYV?$V?K58Dbv+%Thp@o9~8?Qf#C zq(xX)24!2yx=S#Gk490kxg;$dju6{{A> zYZ+%eKIKdcWN^Uw=3pkXbqm1RFH%eLB}+hQB` z3L@2HGX;c5#kNkuxnifrW!@78Qmu)zl&O!+6hS(OSfFpb|NnK**GlQ)rXJxIDG zKuR&eBeGMYEPcizdk)7S9Q zcNT5{i5j^>&2#Onve0eauTBY~k6<(O{diol`DO*cp$k;dP(Xr3S39gG7Sa*?v#!gHIqh!fpv-Yn!V zR&9l5rDP}O*m*k%n?a?+?_8Ue+LeEGns8L|r?tdo8aKCAPMh^UTe!?cnd`iC`c zZ#!vK7N~7dt!r-8Cyi|8efDcQnL1^0v!&~&k#Ru9%Q@DjQHukKwn5Zp@RyqaPA%hd zG=KhuKz;mRzHZf<`RZ=U$t|AtFUkrfI#gFWX%@;#xZ|*H!{zJ3zaNwCl&ycdaPE$& zg69_38Sz@RO3QYCm&Dn5Y;WJnbOm>N+h72*Ip0n?eZ@OZlkwS>Z1#JRVX$BZoCo3^ z&&G|+c9Bob6onZluO5m_ZLGhLytXFk>`J&L98FsC86F{9tLwC<>$53ZjWucrd-m&U z3UsI>Nk<*)d03N@p;qN6_COFzn44Bh1TnztN>Oz+47JNiTDX6BC;^RQ>glwa2hJqGf!fjBuiVUd= zb}sKq2#-(4?=wmz)!g2LnY>y>x4PP$s)=?W57}Su?Sl>URXJ>~-EAG{$5dJ3y}wKh z0zE8Exe1L-cU%l@#y)CajKLQci(21Nx}8XM z#$iE2-PL`<)%K~)p3@zQCIu6uOsWHA%c_aMH-4q;1yu*D+|IUR$EVTXs_Z|qH_Z$b zSFu2vpv|seAJ|>^iCq9nh%aowNGWC(%HHT6j9}*wHe-%zj=XLtxB(%Ab;KH!4CO!xHXm&FF`gg?(>D#Oq70%INvk_aJ_eN#b z_0c1PBDrUJloG!Ws{w-dXX2i^luJr&c?3FCZ(c4VCoIbM%Npv`3AlI%fQP z+EO-+;|Br+g=5@lynU}{*jFX;u!;aO&7x&1=n}BnDY+17UzYj;VVB-X+ub8}v>wxd zrjqsorMPSKHO6aAq6Fi;Usts$43Yy7am{RYSpK(G;$h{k+vX?6KCG{8N#?d22Wn#NxQdnb#G(1rk?& z{*2b*u0StVyXSv;uHjEzJyT5cz3seSE^390ICqd_G{mhvTYqp&igC4PCA&jMSPVd( zytHmx32OOZe#JITL# z2S6j(Mpk70VFg>MMXh85fbuCAeee;(N*jC|oYY61uk~tFs5`(7b@SuLf@d`JpCWYy z`hI!Dp#-Q&NN3+sG=t@#YZ=dTSn+fb`*-#Nu4gC|wYnmA3&n8tJRptBrfL$%5l zUP)!zZw;5DoAdjVqq=2Z1lnRNhH0SyJSA}e&e3f#?jm7M5ILQQ&6?< z8}inq(OE^Kpf<=x-7 zff!Rl#$Rhl8hqo#<}9%3&|B5hhe+Nzf}{ut$4y1w+tgB1>wPM+Jd65G0p<}Tpp{CH zyV0fH^xQlcW$OTiRG5D^QjKb8ZnPDncs-L!R|fpa&DE4Xr&l+-=*`#H1>#!JYIIkW^&j^s z^)k92W3NtVaFVKL;nL3w(&)Z5S{Z&jfeVj4DQVW!hIOI=eX#cgJasL?I98AUVQDyI zMa(?wjn$0IgZvi}u9f#J=ZYfM+%%bEfcsPpFtS{B%3e(B;i#K=17#N1L)3q#)o1$n zxSmzBWe-djfa#f`B>f>Eo*Qd}vj)Xph>mLImtv29w``^gmmNFrdiA)| z>R8noLf7{)Z(VO5;TQP`!f^xxalF`5#a!xu`vu{-Z=RwVqDu z3zCc*Ib7HJO}64oZw&Z8E~kCEK;dx3f`i6!^y?Q?gWFwXvg^hrF0Kt;iAp*WdX;fVtlXyAcoHZreA^Pg(cA?3k;GMoMa#)yk^3 z2iuhrLXZLSJ>UF2?li2$3joNA(Yx7%1sB)m3wL!fV$Tej}F4-6ut+dg0BQ(i^V(`yU-+*sVu#tB@3I!Ez_@3%wNzWG&Wy3OOu(4 zt1l8+Xc_Q1-tYP9_*<_*3DJIk^hiPL3KYGgVMH+X2u{i)ibAD2$M>UlK*b#80i6ZK zVLZNdlHe<~$|ED+Lg#9g`uG_5U`lED3tMiZ$hW<}eY5iD9Y&U-rjp-TxF3*b2#f{t z8|j8C=g#m&OMG)sYw_Y0L$ZI>&|{D?CCM$Dc&hoz}|n_ zW;!n&R~d?BewrS%rzx?*qkwik4OKhqC&m$C!dfsXqWn@heEi*do0T&Vo#UKK zr4v!`)<^I8Be>%UE7L_8MPUSsS@{(nfmusr2Qs}^@kw=Zl~~Bnpd_1K3w2g43jVaf z-!zN&)B;Ja zn(13+YfV|~;e6DxL^`U^`I;y>`R4ynvd#1SSPN~_D){i%_l7;F=K*f@4{IfK%qT@J z8)wnc71mwD#d@`ydSTT1E!usd2tfZe_(A={hdSm_+c67oX|T-$qp?l?KGn;af?q1O z1jL>bF5ZXL%(vOya~c>;2j!nmORJX`_e>e*L*>a#)lC;WsSGMokILG(0gg5r9K|Yb zk=qDNR#>nN@DlGcHlC+^=0Pxeh`o7uF4!PWA`8^apvJRs9vC(|hptI$XJt9z%JeV7 zP=#ww-#qUdyIckSg3BN585}CQ(jUH+XP}Fc|Niuc7!bJMdML)Q~B_Ml#9EiQ=^r z;_p?p*7n1cvDT$hS7B-AM8D2+**l4uzt0}{p)=32RTS)d8(_?J=K2Hpj|>Z>bhIBF zx+5yD=?En~nvkS;h_(bHdmcj;mbA{-=JFPfG!7?y&RHWrUtZn5f z+jCH+d6VZtN7} z)ya25mUgMwen5ErHa-0i)0Tx@iBA`EH&#I+pMNcEiQj!eww5sRvN*MNGBzEm)KycG z{2^w8R$sIH!`c{*Lr9=R5o5qqThhw9W`X$=FY(Ff<@9yIG9!!$NbQZN#G}z8gg?F! z{fD)z-Vz;c>ClR6nz%cnEkXb!IY34j_izQgG5A_mP4VWt*8;|4z zA7W%_lgf3l+f4UVxtQjLvR#CIN7b8o(xMEm4XKVJ33zwEIM*}3ZUuPH-vy`55`F%d zwsFi3*p7>6O0LZvE%f3l~j@^Xfln{kTVd3-_D=@nmJADYVCz9C?+16c2D zp}>`R^KNOpsk7+u)vd$)*t@`&eT(}M!sCY_2CB)Dt7&X)7JfvZm$LgFT#v{j{$c4m z?c*hLsOL}D)=FNuZgn@5yxU8SePPa*)_L;jGBO6-S`4t(HukxhD_AzkWDJVFgGh_6C`k>7`+K z=yK!FA5|&FOO=24(?w6O-lRY79lyz_YrWs7#JULi!17r6WTKr~5;im+mAa_403hO5 zdvloqmHM6TM4Z{;b!I1#SvfnB-}eveG<-E_-vmT6s)JIsYW>cuG&~W>!eBzLOe@(# zVxTbr!UrQ#9-E=d7t?wh!`vkyCGu%F)w;Hd{`?K_ukT=r8A9)G!Ct$wAz|j!WSv5@ z;~7dtRkIxJtXK2SLG0vKDyih--1uDvXmEVjBv zezugxA{7+EaX|}^5oZ6Z0zsPm%S;~J6bp`MGtmp1aUeyA>CCBqfjT@_X(JDpM8#c9XXrTTiE5GwubK6ffk5B+$Ow0N#t z_+=pW|KO{E@>hDnGHXFU9VGaGt)z^mSBFAqe<+KmJ&)7Ky(*2RK)hON>5lUWlv{%Z z>e5uueOUdvg5lOlFd0emtT3^E4-9jbT|bK{w-5KU{Iys-)aS{2A-qTy*3rV-(B{=a zfEytK=Lk7wl(`s7*R;!10cvH}u_*a9Ws#Dgi+ihc;w^u=dQ4X71%QelJe>@=^qnOo zF`>P{WaPdLR1~)Q?ckORL+Q%kom+z7>MFqjqNYerz%f<4h|G3?rq6eUVRzO2KQ{-I zKlJyK=^rCs0h=QVKI=k%fForJn2%X03|(ccmI)ZU(tB>@iR<ykYHZ#)Oqfg*YbZFV6{r$<*stlne%(f9DhEJ!;9?RvR#tHg)CEf!edYLZpHEFK-TjY95qrpiV5(g zLGyPpzk#OipK#yRqm6~YQmpd&g(DXU7T=Q_4XEBMry#b5Kbnon6?RgcL5+75Vpina z`x)bm=sldtlDu$jU)LfX+!z!ynR@wuG>;l7WE_WGpB{jI!U`cAzT{x&n&vmwmRUSj zDo zZ#~+FwlYC~5T;SQ8*iTenUgvt+?KYjzS!OzYc0eyF8nD1N#m^snuX+*p;zRqO4dVm z=~8hJrSoc_kW`i47#>kn6PK%#tut((@AoxKdDOOu_vyhQ*Gc(L{i_0b!9BsPuCD!r zR-S16o{RX@Qv-}3)CBSRn(}H=q-v+OcH}yL+`jwxtj>yq zC(VFqpPG$ii3BYRhks1@c{Y{8XJ82D5xpYUTwP}*Roq%HeysjWO6Kal?)|HPzo~R# zG3rF$37fxD5^ zK$D|?-A*6Z+~#xBa==6%#HrRRo)-mgo>_U%X@rYzD3yBhQjkU6p9yK(^f@}ZGbG82 zPC}ZjebYyu}z$>%;4-3lYjWqYa)}N9*N{0&aSg$N8G-xGZvrIwpBqo1a&4p)nN&1hf;g36#yppgSgEE@;RUbf$P1)YJ zkY){YnM~$%l~NtEsZEhIjGP1w{}C(QS&z?}wj1?-$2L~@SPYeRUJ&~R7K z|GN(TV@5nD0ic=NL11@W{J)?;Dxfpj){)&*R%IH`q6gsdR{*io+!!bUX1l5MT->mCG-4ogRvhuK&T!{iwQ|gAA&P#KG z*8&_GXLCeHs0~+T#BLOKY=;4A36OHQ`4v-xZ7YZ-q{j<=J#Fkn~Fs`nqt)7v{8OLJ?8t~G~_A__Dv^XigJoj}* zyvw4%jpyV30{M9tv|%7U#v;4TvH<{C@5Upme6EbOV<)NifjIv7k`>L{(er)Uxm90_ z46SQL)Lcox#Fl9gj9BFY>8YpxUNt|ZTHTH!H7|W!?)@wx5bD33Hj=ALUSeF2D~7l? ztngFf&6jfUtC70FOKDZDv#vCWLPZ#Eg*Bj|sEjR68P z@F4;7=}wkHm>B8<|89j}#C#qzUT(7QXa5Usx=VUl@+YNBcN@DlOeS=xUkSUqx{F51AksLGZ+?2VOX)P)zs{rFqIa^QMO>zf;+vl+9vQAGhQ12@;rX!W zTc|R<3oj^#F5ZbIiY4o;W(!x$6h@GPPN74wXOHQ$GR{^2VJdlY$XibrlyYdye?C;`%8EjzN56Q(zQP>Do;7NuqZul-jBlH7@Ea__QG-41hGbvfm?7)hx6GU8 z(TC7hNqJ+uWg68>-JEC+-l)^i&aZ~_|jmF>unjMA9 zb+$zRra|E<&MUoktL9!=HM=I5wne(|kje*ve^}u=_f6Mtlgp+|<#bdLS73TaJ;Dj> zzJ0@ZJZ<`V)nxL`t`ST?sEK4NqH}SPL|?fSRTgn;>1x$HwMPcgOiA~2DRWFL*LlzR zZcwRVF$~Z_Kt;-+MnH(tPNe?8PZt9Ocn0v_^1sUAm9+cCp=^aeOWI=Dh}KjBYG?4C zxNOZv>ScN!du6G7tlSv@`sj=4yX=z|dm{4;1T8L{d8wa0Si0VJLhxw(0&5%Y&xbV+ zEDD&pvdvAwp@NVt`A(7Jq9|<|2g2qws1ISMQfwrMWQ!3(yxej~w#`uZHojzt7@S?n z;agkGndW?4e?JsBqIi=s?FUF)kI|Wwkcm6oU4Oa@+Utw*J!5% zt=FA+9zqF|;KC`%ZOD*+SPfZmH}1q}v8kr&B49Ivh(8BNPG(I=np{Zj;5nM$gHe3|V1Z7a24!ig@a$79VY#ek-cuB9ah1n66O zq`Nf)OkYF0?E9xbi?65`u6nzWeHR=(0JRaMLw+tn+A@FFGTw{be# ztWb zn{{X9Bv~sT&e>-t+56ege&64#d=pXXtf-`KsIUCsD);z1pI$$3CPLkNTE7^+*;b5f z8~L<^tB9OyW@L2h9#MbJ-WXBHTsez|PNyg9-6V3-6=qVoIdPuAR` zCk8AT(k${oeSaf!O!zUudb~*XcJMl=Ed*|+A2QJQ*&eOJ`!(R=#U%PA!=Q$d0gIC^ zr%yMugJ3Y3*^3AEkr{KiaWu?dl}uhJ%?}~ldF5?^b#^&-*q86+c(!4=BYBm+{DO1N zwFT~rLWGLW@U-p}QmJAHd0Yy9bw16T{;a)$N;RX3bIJ9|%%2m_=G-pL3F>Vso9m;M z6PmSxy7JG;R(ffVF|TF?dG#AL|BHJr8xd3oi(kIsf?76QFvzENQ#_tAeeu~b-5k2H z^^+h>)D8JZB?ZIK@qtjCfjH7zOjp>B=4pPdRSV(QcOKMW_Ac?o&t^|MwC)=!srZ?5 zT;0N^o*V|$wFgTrIib}28E(1|o0}!EA8Vf~`+=!a`GjNMjT-E_&=V?aMhsAQQWlS; z?Yr|QvZyU*m!t$$wG>kY)UO;ANhPxX4E+7zxmJ>`j2>N!8MfW%=FUNaa%-G2Z>KTU zQB7If-qq}hK{v%=&h)XGd>Cyu(!=nb)#Rnz|DEdXj#S@$DD(5am4>&vtzg?COO;&P z@e~9$5A3)OZ0R6&RisK@v!LWLU29S&vRmT^7JV$2H>LUW6V!&o-rVtWpjizgC*f|y zgFL?@8%?lAZ<%B-VM=>Zs(7lqZK^#6EhmtJH`5^_eG+^ynrU4-@2MWg+F+93f z=^1s>fB!DXc%4GZ|I>=_(w5YOxOl5FRi0*>X=;)#>&nTaXawk#vuZ{I)}?s;WKLW=!Fk{e+E$&! zf-T!|iagS|LsiE3GT9U!o#N=1>fx@!_fg&@d7-HHUzHiw(FO&-I6$$i-I zVp^`)rsqy+Whx~PLTXf2iVUMg?!QTDNNOO_KLb0eUkYi-`YF)OwNjvr7pY`<{e#Kp z*eBhe1>ICOLgb@V&X+#Tv-)}|^-5QSvphJM{O7UX4dr6|qC(DUe0N7~z zUC{?Tic5!zeG*mc@v3KT6?Wyd7I-hNzYXQc$9y>n5Q;uhF2j%UG zoi1&79kF~o4+`Shuw7ba#PQRc4p%U67%|D^JASSpn*U(7g*Om4&AaS5K=aI`o$<6UT+5Pvne0&g^BukzZ_5KL!oYC57a%y?iJ_!CY;ZV{4f zbW%J zHg(1Qp{`D(rhxKTzM!syz92wZD)4q1ZSqSl>#w1td|P9|uoj?R2ee3tXVSiHK`UDu zQ`?adjxUjNlaY{36ne`sVCZ?=uL?z>1SQxb&Dnjk{_SW#DiPrWl=V!-IZ+^xpK(BE z5WJC27D&SSUDbn|j%}=PT4|Oj-kvZADSc}CUHlVOEs&ZO_kz|ev~2EwsTubiU{b&( z{N7xFu4N`B9@CU+IVoTZfx4h(@3I7YZcn%WrQ|xb-rw~swp4dh;1R)lg_?MX(=ULL zh7y|%M^6Fj%%7iY9y_J%TrXKzTw-M-5RYD*o>;CF97>IYJJ@)5_sbh%QaMtN zlcVsl)OHcT#Lb6{S1#}k>TFIjFKMSh#5$4+zat`j60)NC1I6TDwZ@OC>lB)H+iKN1 z{+D*WHI-dj0${X?68O@{6T+8m5ULwrSI8*)9;(! z=?m9{Z3TC=99&eCD|Ljfl9=ZVm_Uk_UpW4+9b(J1M7OAfZGi)be6HL@wQvTCtA{GQ~x4?G?2jkCNefaE9=ZrJobalm8FSx8$|g5p)KuL zbD|r3<}WgBsW`aXmX4|~@mWsggHHQY1k8ZjN|HwFH=Yg1*);=WjljGuCA+1b+>JKO z01Z5IiXpAhD8G)13=4DKw#$M2isY>Eeg`o>Zu`;Hc5=G>3GIm1ntDAijApwFesP-z zq$9`jSD~%F62lCSRnLa$)qmKvQj+~xNwlneS=w^RVqyzJUd zMeZ*`&;ZLap5^J;{~$QIt_T#}NAzMdxBd5Tw>6&)J@=B^DIka}_3eDVy)?Mg4C=hN z=hayYB8+L?^((RV33weB1sQ?J#mHZV=lTJdk2>E-9vOsmwG=cm-_jW;go}hDUHx%tf+P9M4NR)~>k!ppbQVP;l=t$6HAa&5$H*JtRM@Sz^Nv1*YUNHrO z)0x^u75qNQbLF*n>U&RaRfdMzUd^YVSU<6L+~cC{3$qUzmK3d6FvvYk2Ke(Q^7E^J zu8vzafpwtu1>RTl&ZxY~`TbIMLX&=WyxZVh-aaxYeucKfAdA`1vf{2srI$WA?gGEv9|G__Ugyf^45{?61^$_8bH1JD-rc~{P^6$h=q z^CixaJhZ?Of#!YJGX{%3el?3clF%HHF{)m(z4oqpy7jLe8Q{(N5dZa=i!4~h?5Da; z=wui)po@jxxZ0`^B~aReE7X;ClK~Y7JG0U+S>=8p_ z58wo$Pn{eulDmvi*|u@Bk`-u`pl7lyJEmO*Se9{XHrL=#)k+=jQmt*9<^-# z*+qGup@MC6Dqi7qlv!p_bJEI-@187L;L_qW6ov397B(=7-6 zRoPH+d)3?q=n_h#q3@My1VU5AxB05pNEJijd84(1YhM^niEpk$$G!p>}!mWToCCa7+kX@4&lNwqCyG{gr2_j|_T=~vLQ!(_Kd zU3JPZ`ZV_V!vrbP@kdDws=b8LVi@N*Z<~q*m{P{S3p(y!o6UPkr`ZTS*#>aD5)EKcJC7+DlnMKe&w-FX=v_SJs4V&O2;B zW<}}pIHc%+pk5SBN>EvgyghDipltM4yTmm)k=Ols^{XF6ZlOkEz#@y5aAAo16O}?= zy_RW++{B4K`8LYMk~)u$eiI;jggzavX!D%C;D=<%A=FG0i-~RM?RXPvp~COA*`n8sRXOI_Y>O zv&`?=DPp1}J1gOmB&@2+mSSvgA_D=3gqs=yBcGBLXwm1B)Zj@&7TYaX9kh%#!-c>5 zH3ZyF?Un!k{Lt|XW3Gr|@CXH78j_XTePcbRvQh@^AP)==_28J()y`8pBx zo-xI==Mw3Yyix!uC|vE+tISj?}E zp!vJ5bGxFG!g}qpaMQ+g=^)_T*`liIyn+snTI|v8N<^jDa>?+>y`6e%V5o znwE{PJDQuj8GRzIZ*td|IVupJpLP6? zBY-s^gyTM2P);%S{8MjVgKaABj3M%upljalcs`+!KwUelgTt%knnXu1`|IMkbE;)$ z`GhL-q`+W=1IKCWkBow@>s9%}%uWoVW9_wS_Wt?TZ zLFn7%aj;kwoJ+|f2)aVF778XbEsA2HS^}hsl?G=&Zx(Z@e41&x? ztVO)Dz2FTkN}Z(aRfqVyp z$R@YUx*-IN1quQnj6n^1bLWs~{h*Lzc4Dsnnl1_&caPNA&)k6FGp397PU^a%Y#)l=6(!J`_s0AKu6mwu~g>WT(XPTR)a=BIpvCW@cIUnhSY%C>)Vq~VR9kYKzqWX# zDy_WkWJDWE^rip7@rGPu>7?hgVu1jhr--Xh zxxbKj%v>8uctwEZ!zmquInK#fe^BxPttzh*^kP;OtY%4VQEukg(TQ47BR*BF0^w3= z1ev64zErXVro9VmHn#;p&ax`utxM`zQ*vAC=^PMj(s~RFjqiF@`v01LJg+*S|1#Z@ zj55OBL@3tqp{@0YeiN$5)92kg4?m%W=$zH#=l#0x?!TLT=}Tv#?|8&6OJ{}{cJcCk zt<-ZJz=p}&*&M1eMu@_89v+}{U6HS+`~Z<>oDT%IwxyThC*Oi8crj_O4yvFbkXZf| zb+swAw@<`}YdS{SP)`IuJD!ptk;0m_`{1G3jx?$ExW>0>V_aum_h4L9caa%yO`Y>p zxP=B9)BpWy{#^s51y$HfMxMO3HbntE|lEADQh zJ7TF`{aCFEDv;|qDV*<#M`MV57xge=D=-D?K%lLE|voh=XX`_u~izU zw79liKV-YDNoP9GwX8|!wM=zt(vY~nNUf==w%;CKf4KZLU2y4stlpF5rx5^39L79h~ zcYqsGhq$|%B$Ds++a275J_&Hh7N;-(sAc$kRS1HM z^I8G04tOguHNmd|Q@%31T{Jgfz6ZUN}szU#T)9)C+||6SBYMttaEL=8Y&XUR0_7hhWr!rbL$N z%VFdv{ip&r$Rt53AM;MG5l1~g=4HY)0^JK-?C4!Px#<^}kmfk?JoGb!*((L?BN>4N zy$mEzq5&Is{z(7#84*HfMvV{EAmZvKlH{jT91+8d3hMHTz~q0un5}$*Lo!<6vmn+Jv@oHPSWNd|K7ZHtakrEoC4J0(A~R%R z<%K@nvg!7B5ju4VV@m6@uJcls7k^Mp)}=4rN{0SSTq>D5J}C;{9r3; zQ@Z@q%33{z)$R^a-ip(UrY14TCts=h@X%nYMbq%?Ml-aSi^@_v8pXISXQQQ_FX~Qr z#H**?v83bM0cj?AOch(!rdI`goLMIVTSAW*7ZyY5%7+%mqIK-l|;RJ-NE<$u8@E!9d!&C~H z-@!)-`g5H{$L=wC^d^+=*`~{JAjtat!R#%WCEL)VDXl=ap#ND-JpZuO2xTP}E#H@l z{?$OdWfY@?l2vJi^&Lwnpw=wKNR_eGq0{#^=^GGhL!8i1_Sp_~;08b?LoXRghSqv< zRYi+wvu`OWU-^S?meDwoKTC zSWd^Z?5trtrVT$bABF0an>1Bjri+?E?p8Bw2)?m^SubvftIEn1i9wxdULLB6Xv9tX zND4LDF^py*>IRn00$bx2d4?CLQQ(;(KEis5;AmOJ5E4@_cT`)2*@=7LCU9Djx4PyNL$eI2bu?%?;bmmPIlaP6q$NvV94}Y3nt0O^UAh z@w$(=3DsL_#O}>Jb%}0Fx=@gP1z>t~qQ@9@9CTxMiF?9+*Xfj(8|^UmnzZ=w`pd_| z$Ou9WJN@?z1IM}@G>mLz^3po>xnv79qU1H@p+TpEdU(Ie>aRztm*v+R=J~DUca#rk zpt6X5u$yC>#LbFLJ z%|&%4)o2S~S!@)8q#{>gGQXVO%F6Mz%+uAKmRtZ^>9c$W`cbGJm4R3B5d9?eVoEUu z6ynej2RUO-KG4w`Se`4gAvt{FgLdWAvnQRL!Q{&}4CJx-*l@H=-%{4(reFy4PC1j6 z)!(mXZ&+%*rfdJ;w3Kc^PY#n%Ro(;5?JG;%q7_Q3=uwH{nWL2GHwn5D{*gtLxJ|$8 zz$$+p8Ro4i=wtisL0|=kP+T)Hi!WDgO5{2qli`+>Z z5}?EHyv(neKjGrGC90}>Bmf6!u-QZn%M5pv(&N!KT1iJp8&v;IvC^?9j94Np<7H}p z_v&<%*R+ni)+kFN2DQ;!4zP$U(Af%{y&;F*lpdD6%a(SqL`oJK=ZdVhoEB|JJ&9I3 z#%9#hOiUh;WJbuQgo-NddT;e`-& z{Fkt^Gem7o`x+u2-Hm%&iuf0)=pkq9Xe;bELaJX7x9F+DdJ3B7mHJosNRma|;n~3X zGr%ElP1zphOGm$(Y1aiYf0{{0e6G|CS0Hukjpf<>;&L~ow()7oGr)_KKw{4O9C((U z9MgtT^Jlpa@gCUFNJ(eyc56ht$#@gIRI!o_?Evvz80fA{YBY8Pznk|c*6q59$ z+fgB3ejZaw7cLYs3f8X+4kp?`;Xd@6JEGO)GF`_vbDEFpq{_nvJX&sO=g zAD||3Mq!A+QA?sr5)~CR1|u8|Xf{aO(rE3gWc&=*Q!Nm7>@4T37ZVrZ!`7-(!mAw@ z+mYoUu&V2{FCZau9Ajb-Hj`Nj^;`A}iNyGMerM;+fdNZKsJsvT4MB^Bo}G+5VPC4{ zvcRh>BR$^>m|Na9z?>efcK;h3{`GPrO*I?1|6u6qzuuWi{e$5+(1J2bOV};CUSf(- zkAtf+?YMRr62M0GR{HX-QZ|L-z$FnnE)c#2TJp=ay8Ew#t5Rj6^E8IO!Trf9|NSNv zMF56J$qOCde7JLCy&Ny@Js=t#rQsP;l9|x{K@!8ETKdmo_)1l=?@GCVr&4R0k-&Wf zM%{mwN;5bXEu*4{GDg->&tGIAai_&xr;DoF?zqYJMGX@}S?&fni7k12&KiVr%>^6b zwP*j6pJ7B`;>^s$Q*JEgr@&Lt+2F}yuV*_(O3{LZRhn9tE+10Q=;`R#TnZWEk&TGTc-w~Ytw1f(XFiT@CV_v(fK zfOE6Gx>8?hEpvW8k85?OJhnytc6L6kkxg#Oyt0oLLmb$eqqu4rrUpDG>;AE@+iD>} zsASCq>eU>sT0_m4axIF|A*)b5*~c|;UCBBK_SjMtr7BqDIbd5~-q77zAY{S5JVpZW z5i2w5H&i7TjVArI5GF56=C1*tVE>&dFxRanzqfxuH!F~Li)z`PGJqKSzk;Ool%;1b zQB;0tX%^qQ0cM7L>DC#V0ec+j7<{rFcYE+!!Dh344=syKLNY7rI+RM0ih7Gvv2qDn zirR+Zq#&}N&it|qzDc)F&cym%FWNQ7e4S?@V;6Zg_OcgMWHY%{wk$+f!g%#*g}quw zoTg1_wQNl%j#_TP7i}R)zPz~LbyJqE6HBT7)=Aw4lr~wT-aeUw{>$z`AZuY#qaSBxZ2{ddvO*aULudedLRul_$@M&OE2nPUvkX-+hYYbe$j(THyBOHl@;2*S*t+hh@tR^MA;)Q=cO%m?i~Fw#b_tEM_;9(-k49=*eFZ-1V6AQ5#+#nmI{zNzx|EAhLP( zIr@KdfT8$f9Q)36)Ra};wmh6rW)=jrBMEp#bwJ~DtpiWs?!?+cpoe%;bY$P0Qm;GX!-L}bF((r>Hfq+(cMj-3Z1jfvOV0?u&G|=MDV)qqWDfQc)*J;GuQ126Y zu0O(*j=+h0k9e(VReEdGP3zqI|DUl-_n*{TCbUL$`XuuY3Ar)BW)K2TSGoRkf3I%os(3>H z2#`v`pW^6x@~+qxPf!3PKG!jJjSz{2=oKpIC-IOU7b7F)II8z1CMX4*6*YfIVq59R zx_Cnmd)B(EM1S(PDgP2-{&rF2pQvmCFxl7}&{*+?LiuiyV#4dZ2KB@9<|Y1k`%9XM zB>UR-`-{TgYw8gSG|!!YAx(RHW-m#4UX(M@(WYNgrJ?a*Z%t3V|*Dt|iQNy?h|x{BldS17=o1q)jB4_XHh0S*=(5f=780Ol~*(E5LBm!??G zzvA=j`&4JI$l1icZw16T{TDJhtSH4lm;;csS2h{h90}TC!G;qG!U(iG#U#&_18l3H zCPsGmx>0yCenhk5i>`1tR=qLZKNxA#G|iC3Efvu0HiAH&*7jZR!?f^5<1Me%yZb*F zlhj8e`#r7U7rt2>{m!lyVcLZlV0niSioH>R+>c0tDF4!AOh^CA)MPEhu4AmvgT9(3 zppqh7zur8NSjrnNQOvH*Wa7=9wdr&yi++<0xkDA9D^v7zQ&gP61mo)}AxQCZO#Nan zHT$O>Rrb>34HA<--7(-*{r4;QK{6smGX$b(1Irf}xI=zjlV`+P02sCSz;xvXzb$w(OTp&VkpTe~n}4*@(>S?w{V-oG#kJR!C)$^9BnlP%;#X&A=JX=wsT?FP&~0OMJy}io=4N zrC)jx(R1)|uI~=Jl}l%f1-+Ipl~e_M?B3Kcc|}X)h$N z?_k}O4ri0sXyeIWe?K>NYJEwhc~X=tcDr{KcHKEN5Dw??ani}p9>yFs=6k+hRp6%4 z#<#~`5dp0AuWa~^F6aEF8hf{?SKkfp;C~+*L;5}&AAHU~Z0t}3u_`wV%lk$kP_ z;99u4I@`Rb7-Mfj`Xy?H{af3CV9O-^Tjx+K+S*%gN5cmW*5^+(2S+kn&#YYD&Iu5j zI)IfF&am>J9n4=bxPGNjBjwMC9@yUd0RgmVl|L?@oA8y9!q%1VUS*Kh9n50Qei;5C z7C?FOk;v17uR=v?PJUo;M)f=7mcBCSyb^_&`28wGs9I(H+shIDBiezW^F`F%!s&zX zyh>Jn1B0@tI9cHE>%uyvMSf%Z8U-3`hSoorCRjvsG4@z6qq!P3BNodM&WzU20Xvvt zfq+C6&h_w4`K~Ct;6$l_aDMulTX>zer14Ta+^pHS2PFz6_CAC&BBNSAxbH_GQhhQI zn=y$IBAtL!z?+2#llu*4PA}5>j1m4^Mq1sVR^HJzLCyYgOP}5-y{lM|t`P@Gu{1YFKd#hfe+*?O8#k(hgIJ|fJfS~k0k%InZN%cx6A`85KD zjw;*gzCH1nzVJW{=M1Ktxs;BHzCRQisy}vSV#$tm^Q>Y;!jkr-k-(Pl}=?6-2vgH4Fe1jc^n!wP=ssH)$ z*0*HF`$zNyJ}+z(ErBcUe5L#!jJi{Rr7qmyx%C!ovJBJQ+T7WZp@@cP(bB>MN!t27 zbV_WvEMM3*AR-z($aA9T8A{Ump@`{4iVt_Ndp-$wVWDE>}gg}<|t zK#e=QZu@CgtZo2OVHZgYCDu0DF!=akRO`{asX9AX zY{n+|1ET`EKW(gRlL2Q*;PQ|Y!TF+wJ`{RfGsWoyuXGkYuSXoa?JA%jw^}tJ=XR@h`yPVo2fI< zND94^%jv^=B43f%&@)DoR39M}+K_$C5@lo1)<3uuVK7YrPWO3l4Fsh zTX=`}QJUB!%%dL>cD$a4QNMAQbsw3h;gitUo)LftO5xfCw|00mKhxW|9?p8B9x3c z3F(FzB@hy(P{FWZ_4#z})Y&sSuTVqicwgtfaH)JBxj0GSk=E|roY0}CGQ`e(Y38aI zQe3XL z*}3AdfC$b$hqaEB?5b{(I|-w?g^X4yGM+!eP5~{oX4~Wd}ZI4$-EuuHLAv6*CzWcT6M8pPuc`zT6U&c9m{=slMlo%=@A1tTXRD;ow z*Z$%+11d{*-sLq8dURC|Ku|0U`iZ0XZiW?MlKq9J`?X?h&NrEIz$tQqvRL=^*k;`a0J?1k0ht^yf@MKr0odQ=1dc;w7(jdfvE{m50y4 zmV!5Web+f*8>qL|Fg0=I zzdD3V7`7t&=EL}|jm_fnWPF3mr7vfu^MNXHUeMc&wkZs!Ht7*M;dF>`vF~7r4jf;I z3V%4$S(O07y#)TWu?y^*S%2*mVu!3MmIfv6~r$&MNy@Wp># ziUw=E9Ay|LOKdHNl2 z`#2lISuf+GiS$0qr(0tq=+1AYM~JFe@LTp|upgoYRiHYQ0ilcgBbWn<%QyKb!6zdU zzc6~eJk~})=G>T?-Junz8gpglDP$QR8HKO|g8FEuk{*X!SYTiduxCBos}xweOrE2c zNvMadCTESbyE?Y);oxISIc+ zw9Wg}Q}HUnh#rldX^-e#RacJfXgWmJJx0oo7$RK<2uKVAtqy}k-<5*Jb`-i@8F*JJ z3El`Y6vpc|slVLgU7o?O(XBCibCrhXN(~?%7!-Ojk$~!5KV}eBIs-d{jC8!=gP+P9 z-F9soTf1o7b^mTHix3Z(+`6HX0?x(;ee!tBxGyYnSFkIl{7iP<1H`kJt`PHJc}$SW zbJ>F0jjdaD>=tnr&OJrb>^|&#x%r_yNnxs5jE7dDza4g9(O@tns^XcmnT}YelaZ>W z#A~wE`9LgRt||U(lf>jXzZe5Q=R-1cFGx{AD?6KH(>&Q#Ec+6f1PsXiT6Ot~nt;~iSO-&gQajyuk zOQbIFr-3tvwD8W@Ba^s&@tM64_l|Hq?U8E`Tt29v&7|LTAeXpcRgV8SgKjecjQIWD zqNL1T|0DHq$GRAiq&E2Q6F#s?-1ytPw;2HG-7{>s!+YSKNxbIUnNy*lD$l75F`$dd zCaBS^jl?z`lN4BHJ#JFQKS+};#^(Rk7K*OadObl+>gR1MF;!2qdcd9VF4|<~M~asc zxso!MuRmyxs=q89nC#Dx6Dh#RAjr$2VzuS!#k_pD)3#Bovn=i)v0vnjRRt<-_? zLzhfFu&nWx`w$}#sk=iz31s>pc$=}z-}=YcJCp`3B+W&1*X zT1Xq=C6YLv(|kU30Wf(m)RmAg0p3$=_d4E;4Bo#fEmNW{7viULpB*Fcjm6z>n8EiO zKc`acoZQnb&-#8w+xs!Rq6P7_o_l$+3evLgAVP^j)>H51y;WhaYNenCZcD;e1ped0 zJgiZG&-7_x3S-~ID|%t(YSIWt7ufrq!HBqAeU4GV-QU2=$z3< zF4vCvM>(QPp?&(+`{57S#Fp^GD*k{f;_rs-@Ap;$I?MlrocDP>Et5Q@m zNM`QC-a+g8CH7{!RA)T6{V$_?Vhsz2!UYayaq7H{M|@)5sZ0%!U2jcK&lwSKej(KS zRmf_c{fO@KN@DhHMg=aP31_rPQwghCFa0}v7dSc>?F|YlK>h8Q46s==wb@?Y&a%O^ zqub8RkQ6fr_cW#A9TyZ8nk}+;So}D9Ie&+MZWV0t#%M8krOJ#NWjlClZS%1b3pw2Y zZUJfm3XwEU8cNMdQ%3GhCRE)w-V7=nxCz>B{CJlxr1*T|hy=9cbqkVx9RB9(mQtoC zJu=U6hFyD|4|z|Xjrh?(MVSA5gC0^q)TWrbPb6Yxtf0MdXVubL>Nvg_t>96BJWTzm z>|)V(s7-Y9jrc1?z;4m_hB;~?h6KNJyp+hPH z?mkGf2jbpOtFUUuSW8nwyoREC$m0MVX)8d$pG1(+Y4bm z`aXZ4yc#}6>7yz^C1xAssoDvdG7~S~O#~P=1ho;ysy+XX>|R!R3`s^-3jh2Y6#2E_ z{2kF!_D@#z$#KM?OHK2EFXCz<@2_x8K{);m9^W}Bv>+dC(?lR zykbNAb{{X&6Ml0y2K@Lq{@KUhTViL@-q8j#x4Xv1eqrhgq1|tkm$5%KxVEiB_bpN| zKBywAG2cAoGqmQ8PfX0n5NiziE1S_wnlqB~V%9=ag71HKf8LS##>Z{E#Q7Dw@K4pN zbaWVA+NbHGeF|JIx`v}b8rc;+n(;$#g9lNRBPw@4!|m#y1mQk*lk3YLxvmE{SkCi| z4G1R22aEbiB}IQ5eUa(lC76%KGN`fYthyT5Mf_6DH3S&b=q`4tvX86UxGjJ;FW~Sm zi0t0bXL-0qLHwyxJQWfB6O&S9piVOMwEL1ybh->dfiz84ysq|^8L=$HFBi=@`R~6=V|S(Ye`cA+ zK20SY2EkS=x@NLhO}+=c!}!ky{#BDk+|F0_b;6_HD)#0$;v^P9PG&v-e3D3LwXpci zrewpIH$UOrUXfLOPUFeOt;yAGH}GYaN0$q>qNs0W$Y>;xgdCfw4g$XMyv>8aa?UK- z_*;iyxUWWvLpC0S+R4pvCddoknM5hmn8ufuVNIJgc2j*}vhh?fcm`^ph-_4nV|+LY z-6+RU&+nLxcQwqm>foqTEIc9a(PI=|xH6M}!%~e^{nUk-i5Y@SMq@@lwrBR@!TWSJCe~Ss*v1$7<6iDN-u=9 z!Db2BGWjHduUwKW|2Hs07$*F*FQj0+)D3!L$e$-y& zNE99ptGTYKh|vEGG}wCB z>H1I=sO6RR{eyWxhsRqwDEVkJ_2IxIu+N?Q9}KR)OaEKu*FQg3Ejd_^nMj7f%)UXy z?CGgGtsj*>vsI%MN)Hiz(r(kIu;&0w@Qqa9G=IjKo+co?#{N?^&Tib?t5=HruubI3 ztx4z9V@=cxP&6L&(|9%iX-lV@Iqqo^<-Gqj0OL_yDraN*nc%lA=FVaDqH)9aP%CzZ09RkuiUrNZB7 zidEQNnCZ<(6{4TeW=JiT9_9xs+|qUA7G^7(+GmlvH-&d}3Lg-Yhj-*08Lwi522^1; zKF~Enp5F6523Q&upW{_$_=%E_32fCg>#X&nj8O72m3^R&!44bggO%4X-$w|g9%~g7 z{gQow1tN;*$;V{ga9xkWK-s_Ll9XJ(yV;pnUn~1{HTvyX@Gg=lmP7Pv42|0^gn4{$ z=^?dc4ZaLo)i+m)2hM1*RIj^!;s*+8gKjSCyXIF+kFxKX^QXT+mZP3(v#ZtA{TPIf zaR%^;XP=nScSK*D%w`PWeHO3I)WadvM7Z*UR+jSxJ$LT%SfMEw?HAJU?-be}^2WyO zyrjmRvUJI>GuAt{^Y-Y90X~fL!(Bb@$g=cXj0a_jG7jOy*;PP3O=~C|j_0+FQ=$-5 zo+(ANk#vu*MHNk04~;i8Bq7?y(7%%8K3sAqn&f{!1lz2Xp`{{~efwsgzRRVVbK^^= zXSAT@&)pTJig$A};qrg>9JxCgMe3Xh-3{O##VK z8wQuJW_8_9$p{dX<$_1IjTv%$Z=E=k_9l_}YmApfa+k$IK&%vGa<`r|RN~2zRag8}T=#V6_EwUl?3m|2$iQU#=?u zWu(^>ryo6f9-9!V=xa~+)bsZnR%M=ZvQ9~+ zWrjPS!&kRjk-_N;o&$c}WL%nW1$mYDG@6u>7px2#HOoEQQ{GQdOAF6EdGm&NUJP3_ zkVgxVW561kjly!bFl^M z2>LRB>1jhAj89T)|Aa&mw;;iC_1xN*8G!2*fwj)38_qW#`^LFpOEYwAMiDA>y^D4_ zxx)?^ix$^s%&dPRq8%N}&nVF5@J?Ts_tmC47uO@C+kFc6t7AF$DxK%l!WGm-gs4qQ zC|xjYBd7e%z-y49b=-cK^_OSoIC)q;O|yD|*KF%)4D5UDS$;nx^4W)J1fz3n z0gfH-%7K-rTOiTNQcogE67-w(Hl+r1$%RCXzMjP z2&`>YY9T15P!17yUP*lL@m)Y(C`%nJpK+OAdhiHP3{LJ?_YPXW^uJaW?Kf-S?I{C@ zuU;6Z-?G^Jet zlF|fI2issm2XVGLL04laM~>mU?0knIPLskN0#$XKmd)4pebmCE{oA6%ZiieBhc0p0 zv>M??elr(uuDiQ3#Ti8i1Tcth5C^ebNHg{g-0y$6PQ59 zJgQ^}f#2Jo$1o$zhBk?lM|Yt6xPI>zxT`2xzz3&a9Qc9^{NxFj+@5TtrLxy8n|ulW z(b^w?C+Da^gwo9i>Ih*d3^c0+gPF9g36n3(VWCr3<<(bOL1ou1t;v`O?VSCwKA^_F zpPZK`LpCZC56OJTQ%5Oji)U#|;4wcA6U=pqkv&P`PHd*?ddtUb@-rFb7l0SLxnikT zUF@wvR?Q?jFgbg89#GjDg`XlW_`lCHb9l9h{_q9ndB~G_wa$#r0dc$^Unh?%WPc0+LfD~X|PJz`t&OWEH0TZwSGu=(fh+uetz$G#)7$T5g-*!leX#CZ79dn z+22CS2_GOh#Z$gL0!QM|@m!&O4xsH|j-MlH@oB#?BqKfm_oAjP;C?hDWWBn^8hfsn z11m3jBLCPweG<$+u&V@m3_{&>`*0UP9G4K;G5K)aO5lk^8;Yf-kmq4 z0!8jGpD)#xB+CvXQt_69N$McCL%p}l$2NAf5!B+#C8y_&d0hQee7v!et))D!Vs^~i z%zK`=`IHa&g<-J8$^kFTxs86EL|}UIP92ZYLj{GPJ`q4atlmszXyD4|hBwDKr&8ic zAe-@>4rMl3485~$Ruk5Uf%N{vV6iw4NvvTE$zJn`oiDy879P6ON7dm1m={N;s;r}` zHtO?Pj{{Rua7m7~M}fXN)|K<4rL~K;&QcjnLrq~}k~BOAc(7nfAk6teJVnw;Z+uI{ z(f!oizfeBKppXbS8y{JI%F!AfOQ`X=mx|~p+;v5!UM5LB@3e?-ModbOF+Tt+k(CZY zf@(LU5YendYL5IIkvWm$_@8BhJ}<4;gXNvw_K)aHFRi?;6^WHxg-^> z$ceszOnQo8)k~YLAvh$`4_WZ`II0aZIAgb0?4pY|e`B={CK?%~RN5AsR{vI|f$ZkI zvGp#>SETDI$>OAhl=VwHr;DG2L!0-l$u(|KEVMN}{tji-Tpmq4l_i(RszoeiAOn$fcz~SF$USRr2g4^(G&( zMLiw|UDRf~Hrw!c#|8 zuT-isjFV{mGmnU$l|?Ks9pn#yhP0@WD29LgvB@l`3E3CJdtdc#KEJ%7pKwtnb7Z{$qrY6EP?L-y>Qx20+~ zj5w?484K!~^X!XIUR6BeAWMaU5q&R6j5SC{RXfgLw5on6C(mfQiQ0kL8I{ra5+9MM zr17l~=$DH9upzes4YQzafZSYZ zWHx7s@dJQ&60n@k<4!F*Rd(;*?wN}kX2gb8!b&^uQWKQz$@zZYD*jrdg)iIf>V5O7 zepA>$bN1@jZ;SXFlMq;Cq(TzPsms!djl}Djs!OT$tFD}Rf@qi5ccwkKU$il0W%JU$ z4yOapuhx*Oz=R=m*wA}7DoXpdAUChs?wVeXuLyvf;XoCv_WCsNjtbe9_IJk_#LDmdSoTWyc| zfP@Mq=^;CoPHxW;_tFmM>}3?>%7*<7kvV_^M1+7$^oAlfq|tk|;%ydhPP1UUU*&M) zT?(R4L7`PCaz49E-74S$vYMakzm<0-*wExII#Mb}@ z-u{ou^{K}YjeRWNpe(@MX9 zJGW={&yVv@zA070WgoWPuiG8xS)sB;SCXSNujX{$_GJaDeaGo zNG)R2&p_wDH1g$Y61Fmgfekr|C6?nq0MTS++76Z}+YC)FPBmNL0sdeNEf_95-8V|` zloWfE5n##k!t=~24Eg|-}NP=KR;r%f+v zp(@t2vkaMtfXwy8Yp!sTO*-@}6}9>_1aoF{ax}C0PfhRu$|1hImJ@BK}H*O5l z(DY{vbpyWG73$}>%v=>y)*SmGe?LVzHbR5+>BPTePm6PdFOS+04 zGC%h_R2z4C27S2C&&vmN%x8n|tE1`)T-?BF3c!L|@r-TynLx0QLmF)qLmY#kXsUK! z~i5 z3Q*vv+9G!?WyMS`nLt?>6RbH#@y>xp;E;8W;TwdW0=#rp;P`Z=L@*&}v1Te8d4tQl zk>2DwV23vh_w%rq!kYP)woxC#Y8sXUH)rm9^reMxV|=DPR$Hj4GS(aak4^pnOfAVb zV)qBuKZBQX74kc_OT^|8<3t~=sgW24P?BK1J3XztOC}w2EF(10;s?hI)hymhh!Z8Y zWTV>LvN78`#;J)*XJ4^I8`>D|&oEx;*MYXCp-=Ao5EQmx?4~q#<_*)`J@y5mnq#^9n;2h<_oTRY}YZ<5K^<|)83;K?q-vG)P zz>o$k{m~g&RSE(_KflLR*`3xJcGM?;{qRaci5zr{H>u@fgo_tqt_V2LA3H)*O;lvh zkx_3e43|+r?qtfjVT%tiEJh0RagkVeFU+k;5x+qnr?9b%?5dz`!SgPI@SKV9TEc*P z5fKc&S?)z^B0{QLC@x2QkklhqL0(+<8j~UJ1;=(Gv!4!NC!PQsZ1N}OmsB13dwOBxshjYse`fh%ly-{y; zX1QRAd~r$nG!y~~F3Qw9LPl`z8KoAG5W z1bUh+lh0PPRGhY~ZRCR1G=>D?GESCU@T}V>qk3_;ua`UUq#vn9n<46UaoC1LY;hm% zJFXSp)z#{pBE3d5?RqOwW#}>jjXW{{4Tld}GWioG`h7yBL~!p5UruX6>ys<^sk5gx zXqi~3sJhGgq`}!o_DsXjvsPu=>tWFSTV)5F1s7e~i zYM~e}H`jw12-9>*tlp)}HF^uN6R~4kt*Koi~y zO!QCU$vy%BuztFXzRnu05hK8zEb;JsB>j(m=l#oz`3K-aIR#0Cf7@fahTl}}wY`4Z zWn(EHvhs0+Kj08r$qEXrqc=x2AK~P-&#kL6l%YTd`(Qe zzIC*N8--Xm^K^3deW>G|+3j@~G8$LO`M9Sd*4^iaK-?mmywwqwLy|kyha{4|SJCt_ z-NP^Z-47(mXvOC0?lFGpm_E6e5Sm@!t4lXV6>m3oD8w%{qhY2=opiBsVJhtH8bTuuDD0=)fK6 zybfRTD^?sh;$WB3A2v=hsxz2dt%+RR2Q@Ytk<~4C6cnJHL_TGM5vnzv_-ZE#e@=8Z z%tf}soqia*4D7agpei z5|B4B60*crvUoeN!-_;IP*i#3#Knh_tc__t*8zU4;y?TP-Ay=?O2(Y9MzU?}nbqPw zLXh@b7qC1vkDSX8YKV91BWwKL2qlSp!xCXcPc%M%oXG`E0{e!vwE3@u@@wf~rmFVNF}wFRe=I1hT%LK*Y6Cc@AX$!c|(4ODBz z8zWVz<-H7fz3$bu-deC?4v5tD91mm+qLDf~4;U9*^<1T-Y7@Mu&X^(Hs~657x(x-= zpdB37t$menmSjXw;x27nG;J}0FDcPT$b8~WNh@h&lMOFi%N(}Oa={jp>>k&9u=vUq zho$m}Bs;!7wog6=6((*LnJc!`Sa;aHOzRRC+iPc%&B9drygPW8~QD(7z4SSsqM( zdnBStbsg}U);%5(-SaXQj8~t7#tq&BM?X$>3Ba2Jv6ht~2bfHi8T%und!WKTLhZe# z?)j*|(G!TvIhREK0GKvs#yKI@jh?%6b*Qv@Uad; zmh-dVcX{bJd}dVrUdo7O z`|h#ySuDgAx}(Z)FgXzf=#MGb0C#_Z}1tbeA25eAykk6-hUEI_I?+aURpii+d2C+KR4O%C=xs zn6wGMKZ@T6R+)vtK#1%%hVKQu5L_ofuPR&U!e>HshbLbPMQc3*raVzCc{Lnb!`(CU zEnw`LR5p^4No0zBBN(&CLK-6B-8UrzL3E@CfCs&@)gx(`Hhrbwwk-ReIcgu0s=d&I z`@pd~RjDf^@Vc3l^jKB1fZ--#)#qllbwmr*-;Qr|JA6bF>DO7gpFZjvaj@NNd(*H7 zRM)?}{Qq-D<-kTV0N0o)F*eer-{AZJMB!242d=z;Cx)}^tzvHG`nAk z$R{I=tjTx>K0?)R0d@;rm!0Bo-jwtm9STa%W>w6TXD}Ji!?al+$p$txi94+Vx5Z>C z+wd?~LYDA55i+X!%_G8nxX~diFS^oa@hTh%Ic)6bj=g%JNee3=?4x{HJFFb1QNGM z@i0$AH^3jb?LJ7x$vpA~&zi3L&hUR4C}%awE)Dnp=4xFxOy7qtL%GxW%;Z?3S?CUJ z@#S*Y0^ zs*e@w^&lSY*uBHBqxd!m9Q0IidBQUMnPvimtV%VO#~qTSSq}#r`n}eXU-xxC#gw|` zA;7zm862tKnkPBeuBaXNs!)CSjy?O7WD7d2YJl%ZKpMj)$n?${FkNQz7#y2 z0`l~tmrIjVjo+B+y^E_M*ploY6R(UeY4n)S6e^IQX9^Hqj@wARyD3fN@AaYzZQ{)O zS{|lZmnhkbo}`@L2ShGm9Coeq?0vwnTAE9$xW5gqutzzLVLa@-;8Y0vFgbL#+l9q+ z#+$MWVng;BB^d{EEP{ph3bbAc1D6RO5$H+n`Q<-$dh8c-^#gE8Ca;~2-Yd!qQXR3A zfyTh15TrwY9kKn&aw`oQ&N{IbXnYkS3^!Hfi8I@1pI?0MiTG@9L8I)A2y423>i+{U z{kG%$2cYJa7gHEBXXyvP$r|1`ya=#Q$=2)h5!B>)vTKEq=;g@X7Pd@;mGC9g; zO^hdpXDGBI;Cyryy_YUa6%5b8KLA39z8Pmf0KM8jmH=>I!1K5OFaQ96v}{@bA9Pv# z+?bz|*}!%#S=Roowf@T%Y|EC>zLv2m|I+?W7+`hKNMZm$hkV8a5_kpa0DLVXf9v3a z^e^-m4Kbo2yaX(>B@JS64D)f|EB}QEkZe6D2q>5Uxvw z+>Kt1#hBsOFWUo2Rk8dV^2}#YMB{q0(E4Qq1RzI;?SJD4PceL`y6}Mg>i7L4l?66W zU^$6ZUA^}X?(VOOVF?W4zS1{gobKvjF0V2Ui?q%a6%S;sy!{oS-XKNlJAUYM&sV;R z^{>1sgJhrkF95`JQNJN{mu90Bf95y!&%oaNoM+er}^vBi76*py@hKcmishly${im#cMT^#nOtOq!_`nuI%eMF-zUSBce`4x@3K--E zOJl@X#A6Zphrs`)vVRBsasR#gZ#fY4%YgWQlKn0JpFno>TgbqFCjXs&Ju>i%m-r9z ze zrghPV1c^{BD}&(3lVLI?;eQsa0U*hQNd9f5m#&XD5z&%KG&Vfs&s^%44eK?4WDV<= z>Hc2V=l2LdGySttT(Y;Y769BoM_vMX3-cix86^MDC@fpVMvCXFLxa!!DUsYRVt|}s zcH*BR{M`Njb+iR4<`jYGDBXGu_{vVh%w_n0BS;IWDB_bS0y<^rg$l>kMT_xo-O2Wr ze&+?9j|2l64F47vnkeOunz3jZzbsv^VOXt3_irrz2>*9nM#$I%h}e8-;{z??v7rIe zI?)=xt7QsE7AH@E&jpCHMS`;}=mL;_hhX6)Y(Wk}hBEyjJLN;|2ptLXhu^iNHkzs) z3FPaf?ppv+Zio~T63p*z(cj_!e@VuNh)4QZvi+``|C*eHhYS+=`-t$58BI#DsZsuM z(XVvkmo4Idh5s7!|K8GC95@W%X$5tV&2D3(pE;n#3sW- zDp0+fl>WKDRFMD+3=m@fVX6293&_N`Z?S3FewLdT5+z2mQ~c?H{UsF|}$5`o<;Oj31rz4-x*G`M)j!+#+7iak`%r@iUPcm#B#p!tkFnf5O*} zp{9!_0{e>_(zHhTFG~Mg^s@v~Eb9m9evz=<$xm|rO$EbwLf+&eeKtkOz%kg*b^noc z3YtN(OlJ83@J%cKV+_m5>nRIK)Iup%k(NIs@!!mUk-#GSKLkB@Qoryo`M=3FWg@p% zKxU=HrqF|}FAUXqlHR)d!4gV`3{wwe|%teu3lXSm* zn#TXe_x}L!qZdGf{EL%QP@uO{a8LjgaGB-r{!Wnu<%#5U7zK1~Bd4M=vns1PyMT)^ z&>&zSApA%_0F`ok820yFp+dw6Lsd8TQJLS`h?_%mRA;c;IVCn4ow4hpJqTB1JRT`d z!Uk?UXC7ni^Y_5`8z&4FIU0qF7IiS(UO0`tnT_`$mtJ_Po&sZ*K{%iic&kXIk)k0h zceS7xx7@}nhPI}sMFmjiuOTryawXG=Ecn)o9zFNEKTd0WmYh4uwqGUZ-W%x&(sygU zX?XyT!DTbpgML^rMp}MrUquGaMAy>k{pD3iLm^{!jB{!~K}jW{jE0Rv*M)bA@?^J;~1J@<(D zw@}Bi!2#t8BweZ){oXcJ`ZeDn&eUZ{$OAh6nww31Li z8~NS2kg-M9(|!SPTyCG5fr99*Yx-`_6Ui+t6yB4a01-4^Ymh4qvtw#KN1J<3!_E3z z{ql|Zqx!>2-OItZ=K$a`1T!I0sJ}TOkr5+>Z-v;_TNiC@!dVBi$2&8z@xEL$(NFhx zWO(?5XBWIX+Pyjgcc);9uN`yiqrf5IYq=@m{L_#P?Ab~X)dO(o_qZPcEw zjagqK9i2}`r}*O2Fi&U7eQ+%7w9yDvfk}Gb+|=b`5Obd>>d%OMtU}k$6DlAU12{jN zH-}}F;;*+iXt*p|@G9tNj1Mz=R1S)lj>Z~?iDvnra!*gy@X`sl8I?#4Jq~~JOZ!k4 zX^<81VD&ChmW}~~0i%IoBMMJ{Bc^Uz@`OSb(kL=Lmmjus*w+}I=ayq}GZvfoxN^vh z9XSfif3zyx18u9)s^89QuA5a|SKvK-2w7{84H8(*>T$MXz}vcx0LV~vr0ptW{=rMJ z{koLLebz=cx@Q36u~c7F=?JRN1b_{EF+~=fHKqq;mt*iuqA3C!umDrJ%IHDr5~|x5 zm!Qz={;XSStc;U-8cqr@vV|6K&@2!=?rdT0mkpW>$A)0E(2$~w?P8;H=O$2i_20VHPWb59% z>aJBQ9pSI_HM%^JkCICeHj#BHuzB;#14DfECb_9bM6&ie)h2@m33-c_)wbkUF$!8L z&`wJZVpU$kEdsM?Y&Yrc9`qzz^b;OjnXvj@tQUPJ=P@n=5CN@S*;r~j>kZ&gFpz`j z3l#9xFhG~}!voCk;XX5YM+J8JtwfCj{o2wcwu-qe@Mdp#;W9-ll7%yJROe4PwJk)? zGGL^-f$$*dS8gnf>SJ-b20TpErR9d5&2TpN z0j&YFh=>@Dp>|dMRS0nRNu9NqayBdaVs>U_;|MLc&{k zUrJAfm=#04Eqbhk#6APSd!@J&l@+=-nwrzW$d5(PRygTuM@{vF`mNdU3pp5cQ<}y`F4AOwuu4x7s~`(;s%EV1qJQ{ z_@`~swI%w+6St0c)YLhnK;))P=7rba>=WqU?b9t^$H06iF!}}`&GykVF>SEemhC;X z6SY#s`3+2ASI9eImc}W#Dl^?t+#p5p#m;qvOvxaw1gs-pT3ehnVcT`cMinr5qd+4p zy;&Gr;v^-{MkX5V?IT}&;i$$l@5b@0#sQ>x9F9Yr%~@6ighsO73oifdc6iC}=Kh*z z-sSiLr~Id3p5YgejjF7DBNyE(Oc+{3vuYlOU4^-3K&YCwRRz}8rJAnmPz|pYk;d+# zbA&^~S7ES$0UfgA2IGChWTO8k57j9_q*h1dH{ynjix1+clM;wG%uiEDZ;rkqu04P@ z9{cdl0%|V(6`#7NAkBH?YK*jE=Hx%p#zE=y$>nanKIEL1 z=)<^rhEGq&T!4BOtw3tv>k+uvF{&4vS1Vl^5&7X(WlU31%O`zm;{J;07Bx(x$m^W+ zNsf+>8Sg{RvxcCAZFCi4?=vreJ5e;mSlT#g}-5_l7kypqX;S23K zg~i{MBbyK*fJx~BOs;`oyo1jA5o99G_!q{aWeB3E*!IX(r zAx=KIKk6n3VXQl!cL-o{Ci& zXwK?c4c!uWLP{0wLP|M+6@HOqf`ZVbX{4pY zEoRe=V2~9UTlcQIGD&mJJS-4e?NG#0_-*%44FoQQouR7^{+hn(un{DFja>+lj;QKD zxvXN(+h${_?r^o*sZAu{o*P3&`%3v}3MABNp&?mSJcuXJh4iQvXFneWa%cfO;D&Ff z!7wHj+M6bfm~VS?-|3h%7!~EETcKyrPWI-~YZa|QS;q@X(4B_U&Z!DZ+QH3StE|0o z(ksB!gMr&m&24#l(6Y{jMrbE{aUhM0J1D2Zh$gYnRLa2@lOv@PpYxjq9X4SM55fwb z&2Zv{tdz<@nVZTVWXw18D|{NuLADyp%^dHO3TKHMYl>zmZ1tlzQ^f{Ic)r;5Gld@F z_`&$etDs-ZRt$Z&haZrmS3$GsccfN{7|L~Gajoc^Kv4 z@OxuTI49~I8zJ1SMt)MHuk83E5%@yfX?ES3rQJ@D+TYE6R~ko1RvKG*G&!2=c7T4e zIRem`P@2HPL^TJ%*TLs|#WoJjT)W%R{Eh1R5qni*${Au3G|j`a+F=5>eT&o&xdCO|rI2TjRyv7Fj`vv{|$ z+&p;O4wz7?=tjWmOW@krD~C!zt?=I3?kR^p3ebcXw(%uU9nWIv>gpowX6?bktKhY< z8*g-W>~EZPberQiib^(&+Sp99u`%A5x)%&`(`-qg^`+gt=sKtCDp&DqXBgGE@6Wq% z<5|&2px5m1_Pq9-|8Ast+4yn#y=cPAoi@Ax%W+P0-8@IRxT#kbu1^l7j}97bn~?;WX$e<(+b2TieSYn zFB;2-Z~Z%Vh?=u@by)mKcD{v{hb&>IEE9T9N_o=X)>GmOHOdQocSkPN@$Vmjp|BQ~ z)(f^fsNJ_i6SZqw*x)nDvh2Wz9@nS2F(4NvTnMepb+#8?w;xo?+AC^-6&zG-O|J^Q z;OYBbrx<|2Ao@$f+s`W>2Zp0o9JIww2>f8RTSZRjJw+{FlfypU6FsK|RD5CzBuXN5 zlg)g|JW+m%yzN81C5N5Z!C)*7xNS^blYjEa2(MJkvAeP{q%6IQP&2%%njwsADP_L0 zD=~i@&CB~{JZIikahE`XTGOcKHJ#)ym&}^Zb#=7bJxKF(x;d(R$4)inI=U3SenyFy z4Ls1G1UE2)oQH9ru#G-bI0)ZNPNr3JgvMLeql8bDq+i~=f9thx3YzIp9^u*X9GvH& z%Fe51{2l~R{N+Iu11d(bDhO)(@d!n=u*3o-swAANp&aUJa5`U%jBkd0t z3)FWJuM^0APVnizXHW*=G!-V*^(;q03ivA9Ko4iOjuNK;9Ks>;EsTc+!d)R@UajFzvyF(gcO4aS)DO+ZpNo@;I5I!Btek=Y zunA2)^<~3fE8l$cVIygHptBBX%2jxcQP%FJh6U@*Grqnr@A$4cf+%mj(s5p6$eoyS zD2DhTRY^14a2-BhiR{aJFQk?ACy!YwcS1l=a(=f%C&Rgk_$tUMvBw6RCnXjIXa#tdH*5 zMCb0CCO+=2Ua+ft<=gzRajb|(O#l+UCUJB)rrjGfpj2s1;uK<(u=H!ISy{pHM z$i~OAXSaUC(9efx{pvRncYA|Cx8}Rr&Qf*y2XxXjBy-O$>14W3(rpz>o}LZcN0U$! zEos9H(pnpD9cCdV)^>I`XCX>P^C%&G!68Y$(Pu#bCUv}^Kf^&oS-6uXnqFOgW#EN> z8g?_{ON^Vm6_hG7lM~#uf0DvIPvlpX#b48n*TVKW$nl8!jOTdp2C>#iOMFuim4Fo? zr(ojf2Y^`6Cfob^2LNBQ_y+(}GJ>VdeBz$!S#^bQds!_QCjzB&!l2H(!#w1GCV$9g z=!A~gwR>MoN%ZoCw>RbD0EwABOtM3(YQ$qm!?AV5i?2u#wZXP}UcXR5>QE=A8;wkB z3eArKV>*3$Cjyd#sDqJI`SjgUihr8Dt!c=#7Ncz>)U@u-$s6PhlpBVK5BFm)p3~rF zFE_Bt=C-r0&anw!GD+(8LQ_L}3uQKOmoMLXHu}K7<>}da zaE8yjl@PLgh|^z{BE346Sj4Nil-*oXh&dTMwV_>l_}Fcg8c{LF{2CuoFvA3$F2lg5 zFA|2_eCIYghrn-=CALWKrXDbVf+y^U?)}QBz5Dj);0=j=3=y7DuNn^-Y%j(-EsR%3bRu=Pg|F6U6edWT&|BkG#v3c_z_m&veBGC4&zG|;l7Z=1U+}pq43$> z=s4*nu`%8>Aj!4!2VF)iF zKr2#mUh{DuYTTt7ccZBK16|^X`jb-pk3O)2Jsio3eRe8G+%Iy*A z&iq;`iM7@$nIdZv=i?Gzojx_B;F1Km?nRU1Gpt4Yu(%;9r4>EpyL{f`hR#1S`wevSGnOQ*H~@Gdt9-5T`N}ScM7(8!Pu?zi4VH?mFH2_OoJY zx0B#=O=~nOdgjWzh2OpT+5p0gfh{4*U|vY2-fzk7WV^m;v_T|#Fbjs$+r$e>EE=bW%|$ZoNRY#?mXfBEy5xw~Er!<-idkW5PFw^uG^11pImiZ)82HH22CNUO z)r|W*t*+PN8u>OLxg;a3Nb20o>=CwpWr>(S!Sd;IJfpPvR9-vAkbZ{G4i||^;S6as zRLtE={9>Kx45#xb`S8W{h4|=~7Ji8k*~JX1Y|viqM@d@KPOXYsUbB9UMs_2xT^}bS zy+E!AKiaat_+;yNezw_8-*Jtok9c#a)N#vx&xF6i5b5HK)s;1U9Gc>p*`gADj3VA>Rt?l~}G+C>(TTo*82T9wx?(=>mZ zqyYi^Z4qH$nGhe-Uf8qNw(|`zMmi=!V2~US>5CWP(9B18z?%vz2QRs-4VJH5&~6)) z!#+YEUEF~OR0M3{Veo?xCSOA|k6Z`q<;Op4O0C~@rDxiLuBocMHYPs;J&GLwL*|Ix zJkeRo3Pq-{_)5M88l5jQb*dIk9vw81Av~xHI-b_BCNilj(|rgxy64YBfIEeUJqyEN zd{gcd3B5vsb&|8A7Fnt4sk783ppoo7V8qs`V{t~wRn*M-@#DveiuE!9vLujOu&RZb z7p&lDcHtm-DO-cK(b4!!HuXe(X3h~N@Nw`=WfZKiprKFc@a|qd*m)9=0D+VELhSN% zh!cR;9zy9^>mdV`k8rXag1eAYI?SP1IXjizEIH%Xg$8vvjT`|QTmT4z6vxv`cBjs1 zrHMJRn@VMrnM8tQE~#$osw}zxRgP75iM37nt~??tIS3@z?6V)E+$}dfU1E3L-7vbQkJJz!j5fzpf>BoHH()L?RBqw;dX!z zBtz@A`Yy+uT{)jwEH6?B>gQi<-1h@8PPgiiGRPfcgcO?9KCMX0apI>3{l*Hn75wb0 zDN0s*n7GXznb@@>JP61ss<%dOA8EmtcQ`9{S-S}e$bD@bklu5XWoYc6W^LzX0ai8D zREIbg#L;Wrz1kJ#vTinw^?~y{0?NnPctdWLf?ALb=D51d=-@?p6v?Uf?!1#QS~GE< zfrF%$gL=|g($r!f{3tYn79Czd%5b({tcdszfZSVwZQXc~bT5AI5O3sCZ^WJc>n%Qb z{C$Gi{%qXdH7C+`UwCt~>HlM{|B(hTkg98b00C!I18&*Cf)IGv?=IqLYHp{QV=uQs)PEDX}<5BdVu z4v4G~E?V2|RIv6{2}^ur2~A}cQDt03=87;P;C&};HVdE{)~I^DoMNeL3@S1wLCM#U9msr#%PXcaVcSkvq*#~-{oq+>5S=C`) z$EG$!zg64(kx~Rwu_|@S`8$BEIIsm$7wz?KzZQU{wKUcx=Sb3}TYR#YKu|qS<8XMG z5D=dAA#X!o#i`WdO?1H;`7JQ0}TLIa{aws`!#qPVTm~dq8 z&`uz3Z5UECCqCdbqB!={Lx~h*6ZN$-@cF*?iAF+*CM^`f`pT`c!i8+8*OPDlQJPD= z1S=kg-Kb>|Jnjtypsz)0ZO9`S{=Jb;@Ehu#L=>1dh#B`6IxEOcLufzTR{Q-G(iI5M zCu{I+Qp;A7-h>J)+-s$GK3T=?dj@E*#)w{Bw>vp z>Z3ubscf;6S?v4Nh0aC$zQ(TO{zHV{9>3OAMup47eCyuPn*Gfg=i^=K%a?JFw*Ma& zK%BR3X%b$z|GE|6=RE}f+yubsv%No&Ls~Cp5x$6D&28{`@FZ&aKQB3v!x!o=OdL6A zz>E#|zZ3WYkmvcP$s#yoSg_{reS9mt zX^3u=0d+)%{t@{THS|II960GGp5Lnz4$MzG-aT3z zE=H+x53EhrUA!}NOzqFYx(pW}7&h@J$4ErkK*$Q9n_PLq%%}$-?@?4>3-Whx@1}~9 znod4@iYc67?R9pHyTLy1DIei%ut4Bk)Y4>)qoo=Pm`eNRdQLXU=2Ft=MHrhj@nGa7eTR% zq@KC|=tO9h1VNc5RW7rfGhvIsTVe55$Bu&~!rA0FNv&CX=m%gzOM4%#TiNl|m_nF% zn63??9E_qQzhQv=b3Z?arX#0fBE?m>T@qwbNhVl)Rt-jnbkLO9t;ku1F$zN>@{PXp zrUv8#er-dJV|X#`NujezFPOZbMjL7k&af^Kqs2mJPSy89&{`~sfpA-WcIBrTkE)Zv zw)AbvkyEXQT&xL_;&I<&lr8;fA50EK?-i*gQdEzr!myKs9ca0@4F)J3*A3L*e2L7K zQfCT{gR9lW=Yd?k!6Gu@On(8>X&H8N=r4wu@0bH4;OVhI-@wfn*9+y}^qaXc6L?Qk zAyL^P3NlFvPC591O4klXXgztEzwX?1;?BZPeaAPQ(b;Ag7Y+P>+I!ESrXDDIFo6U@ zPw1V{LlqE^A`p7-gbs#Yqzgz93B5O|(tGbsq#24JC>VN|u5?jp3i?}icXnrY_Wx!7 zUw3ETWZt})B=5_6=iYnHJ%>e1y=TPirD4PRY8Y2+7jUMLx z%a^#5jj}z1zKMrD>;>E=+KHUM_Ue8ph-RIlkUKv9h{;9P2^r!w|CQq6nntEj77v(5 zcUYy+{ruXhBqyHQ6j6~3PE@BiJ5@PLf^xkSx`0&kSQ?l)tNQQgHGdsPqHk&|_UWby9&1fPw3%JWJ&(+$lWj z-j*k`0Kgj@UrxIEHQ>H#dVr&IuIK9XEGxpkcD9Vup|T0KO(MU6#-`~PpN%vAa!oJ@ zdO9<@qvRYwR&<0eO;KT7bPJIVsL!%9!Hi~W`Pj3d9$&=iWZzNcMqgLmIy#=eS2Amg z*h>pn0f5?H3s-UlIn1&CI<|~j{&cx&J*SFrtdNiwW|tM79aYP{1FFsW)dwF!q4IfVvv^$_NvbEI{{h}Y9+oyG z-8^J{`@SCzHgh!z({d;^&+{3*v}*|BtcA@I-{NiQ2w2C2eorPMEhVLnoeOz9*xy5Z zz}R-i^P=R=j#KO@MQymg8O(jwr6KY!6TX_6xnUqrp_{01j&d9&^A1c{lFm$c=H|uN zr*D0S&-yZK%)^C+FN;fMgA7@xt>`{L-?_Y=8hHJ_p0C3?^gtmBKbFk1Bwu}H6BK1~nl`23PJ}Zj1EvCv(_vsw3

AQn3^>#;33PnG5EYp?@Bj+Kb#rijBLu6}laY zR2oaA?(ucU8uw@#jxQJ`z7%QU%j^&5eYxKdOEDeZtM(j|h{qAe%#Ui$&Kis@@f{|H zsZ0b+oZq^Ls-X4f(#Ckb+t;DEa<>a9ERF3A;}>!K;lj85UNKnNyMx>9e0uVTA>=)|zdt)8qJCfikkz1pAm$fgMzG-;9h!mBiUt1+$+LH9#(R5sLhOw7^lqr!_yr({4&Y=A4%gDBh-0Q4`(L z0Iz-7FO-E(2v^W=2kD`%eOXUpy+Y3ZUX#7!0dB<7Eg#<-d(=W50rdx@?5}=vu2lQn z7jj?ksg^DuCdTrF^>Ezjt~#5=zafNS=j+>Nf2Vui90d7P3dy|T%sGKOVgygXA~t6D z##7yR1NQnZtZztDiQhvBgfm95j^?=3x&0ZO7?Ex}8uyV7H^wG|d{gNyM5=rxB9qEl&P>02j9qn@@VW*P2{ZL3;_1nbx~`7EW&Q!`UW6Nn-gII8fu-TU=$ z8UnrWzKCfpmB;XOvcoUdGCoEt2A!=l?$k~Xu4yPQ8EqCk_9vMK6P#6??4$dWw@)KW z4}x`x6paiwso(8EGFaj-rpybt#mZI8$yn*GtM95xIk=VDV;Pf{e=kNqzW+k<#Sb$@ z78}BDM3E_t^9*@}@Y^o(?y-~ui}FkR!HGpsI+tYxkDmXhp6?kc>%y!NGci!lTHeld z=AnZU0z_|DD_yT=**1IvsH#ffIK!8{{_0hIq?1^~P)|Kiw2p*-s}ZypU}3PXRcd-b zel1SBNZOTKBn*DJ#jC$Td~Ho4*23Tmub%!2er=ZAlWy$t47T{i0G94397PuSrPL1` zk_9Y$Aoi?u`=bZCfy;TBrd0wJWz}ZIm1KJzMd7^o(Bz`0_W;oD*kXY^62Vt`JPJCO0P3Ek?p^m{rBNcfOMijE2mhlZQH6H%!CpSj< zajGWEnOOlB&qSY_CN?cd^_+UB&2p}moHuRypbYR@X~Eb!p=@AzuTxfgF@~(kl{y31 z6YG9YeH|Ic!18F~M}i`%NU8Dr{*X$Rq2bEo-k-jKk{Xr#`-GOC{$tMqe^EP@m}?07 z^!xeohd9fYj)`v(s*1lU3l_J;O$_br@JqQN8Z~aoT|H${MgTUAUhB%|B| zZKdg*AQ!{pk$2Xhv0(s`LPJ4f4F~6JpHi=k*x^q?j{JIM$lKtcyA64A}uOXDD+khp#i%?WTVtc?pT~<&3yl8GyZgH;?r~yy~gIy^ba#*Iu81W#x z?throVn?i}B;qwPMdCsHEt`+}K7Odg9q1N`r9E2pz0w;zd-%5bV&tqSWHX`24A1uPx&uCSQSB1jQq?$ zSNx6t34=hvA+`AT0*->GS}{=$BxtO4>VoBdFA;tzg)#lgP<5h=C+qLQw%_aKGnk{DTh8*ozi0mp?oU}q}tsPc(q>PS!9!$+D zl2P)L(|ZDNN=I1y7pz(5Ag@Khj$qZSl(q^|RU8{haJEgOLaO&Mukp*Qi1Z>1Xh_|? zDyvH3=tE?{;U2x5r69wn2X?G=2_~^tNfhb>TI&$f zsMEfuI*sp9*Nw0A?`xdMm9I~M)rdt?kEPu)KtpT)Ht6!mO;M=l67Y-T`&F1rcp^>E zKz~Okide*B0ROJg@KE#D4AB3qjRL>cH{xIq|OJVHT~_A!>;GhEu!% zUSiTC$<^9A`bYwr52vVRtI~8Cz@>;HyE%RtGwXH{I4!>6w)Ya<_iuhsE03bQ*=VPfNso;eA@RzauL0AOUuU!wt2`HU>*odod)`s`-{p%t~R?HvD{P{OvnG20?Xr8 zmWY%%@W_p<2X2J8&=GP1RSDD0ZP4Y(TiIn0jA#i%&^jE$vL01% zanZYv@eqCr=kWcp31e2TP1ULD{{S4+#5DXQG7h7v1&#K`vk+ZrcA*vi7hq$(cmOk? zH8J8qHY!9lX0B=U?4WET%)!Fes~%43Qz$DV!1&-Znc^~F+8mQ6&3fQNtE`m9@y;yp z(nt=KQe}{h3}m-4on1E`4)ggcdIQihz=0Z0bXl* zC_Jb z)}yV4ToU;dokYwm-cU*H^sn1h8ryXS>#^_5qtrJ?C#ZM2>8(nUb<-%bxS)&< z5e8pFn9OgEgq1j9x>DGqwssMXlQ`TVOSIa72U->NasQFj3F9aH+ zJW+vLk5=4g(*Vfw7hZN zGKcN5d--rvHlKc-U&+uoN=ti;-E|pdV95#w<6#Cf8e=D3fW^Bp0%Z1C`QHH`8M-=# zDEEv5G!A24_1cdtQ`}_w><>(s{~aBTVT_fY)F?1N(qpTKX;YJ$U~Z|3aGApDsG=f7 zZ6I3yX6Dkfw8{WjHuASNt`Pi(LIH;d@MC|ofR12(=!H~@X{gtHh6xTdEb zMSS{+BSDL{P#`^AW2mHR?SNMb6>-n(E?M6#O{9SNA+~@1rHWmC$AyG9S=-}sUPa7s zR{ONQq*L`iEEGhHEd^W5ZO87JI zfq+PFBp;H>UH3=Q0vcj(OsK*Ccq;_lRslOA)QbP<;3c$QVvYH@#D?kE?i%51cy_}9 z-&PGv*;OH4k%vVHCRf2O&DFCibF$R+Yd#Y7TckrdAS*-xu?L?%ppEE|Rfqoph-;4> zW-97QE{Dpsd|B`{(*5GdsY-|gCf)0Uhz}DL-90Q@IV5P5q`=umJN#~L-$gq?NvOKM z4tEfvSd9|tkaF#-&|qW?^)uNaPE#h*SwpAROv7YH2U>e>`9E6-pxjVE$>g+lBkN>( z9Lv-N2>hGpfU+XHLMd7_bXU8i$%@8ym+f4>z6&$U)FkFQ%ia8 z$V_i$lH2xZOu&TI$VMy@0lK1AyML?l%?Rqn=eZU!Itd}(kl!=HQ4iZ6HjK<>{gD#G zudGt=3HufIv&T@txbAGPowe0w@vYEdw1#htKRB)}LhLomV4hi~?~WtBA>`GNV=4}c zf#rSg={MuJv^9AThR7)bT;*){tv}v1p63Zahm8+1hn+7nH-7)NZjlVMO-a83`jAgq z%g8FF2-%08{j-M=-kGVrkeh~q@+Y`!v|K>II1f(X?Os)LE{%s;#EAtapkxa8< zl<`f8PBBp3sy*3B9zP9r99GXrxo?@k_!PaVH7hDd4@k98bpo{L#Z#O3sC?R-Cv>Am zx?JTPc}8Br$+d+WnMv02MDWtM?}dnG!0&BtfGR{A_M6=M7r>gg z_RpC$rP*N`%=P$=lC%`lj6%j3wD+9@h9SsBPLZ=-y%~t0Fnnt(9{b6h#q_>965(fA zkU{hu%eA@|A!0Q4h{<89BhHK&;0$5-)^`URp{PE5&4sm`Mm6UKcSFsN96X@A=l2MY zR3JY{*Pwth;r(dLpE^4h!L~_!sT2cQD$bYUwWj0^$N+=moboYkEpU%k0w`(8TEj^G zO?aB_&;L7&GjIzVrE)&KxrnvixOeq^dW9vln;|mkF&7*v_b;d6Oh-tm(vju4tI(?S zL`4n6&3PIy;VV`?8go6gUx5qHl>5fa?tI>`eCQjO5mv9m977~xqZo)N|I$hrtQu++ zG=Gvkpz7c7C;u2ngWGPdqdj?Vt3}m5`)F4y27S~?h$4UMF6h`o@|i9(Ki%9Y(WEy@f@pBg(MRV+b`g9RTTo*-BJI!X_*#&Os> zUxEgB50tLinQX3`m7lz562yklnNz05JmsSJr30xwu2R^<*zT%kkY$9 zs-8BRxYIhZ^J*9cP#WB2xP(MsOEd-ojL#hZ1C)+tB1M-5ZWI^@ONTb?Z#jCb>$OGG z1><*0t3R<;bpKKu*eV9i8eQ*jc-y%(x8@AUPivK@cj(SPAKt1^sbA{iwr7shrWi1a zahr}gPPB*3Z>z*E40b4$(=S#}V&XfAEW+Om@UNe!GL=Oionfo2U!#$$z|oP$gE}zA zpI=WPI#+bJ`kYPaJv*(j>V}3Q%x(93!e}u`J7j`B_E}W%1?T`-o$*rTa$G$fcBG@i z5ZDcxA!!mcTp9T~r+hlKw!DWQv^W!nrxrEGY|iBJ7t5w1V<+0eLpH0&8l^)v3hcK* z^itc3`=f8niU(9Lz?qW7^iRMHY&{ zQ#wq2&2iPKLwaP*bO9y9Z~O}c8q>}Gs5|K^#w#fs^9q@C#Q?v+`Pp>>ics2>Wy-Ik z-JbxsYm^jiAU0@P8r&=2?6UT~KR300%2#;MIqBNje@L=rbd|4UcjWH zdn|^y*`!`s9z)?5S`Bb~&;dgvw1@tA;qk`eu2}d;cQOPqJYpArF5{-I;dIJ#r-s;L zK~U8lIHF9D@5Lf>*cZlp)m;7Z^!oHV2>%MB-jmzYlGIpEPnM6hF-(oP=mh_weSpB( z&*9_AmC8+=4H+!r?Kb3lt%#^=OxfPZjb0CLupeKNN!7g2YiYc#CIfAM-inWkp}BgL z0u^w)Q3JJ$WvR13UIh#OFe)Q98P~n}y)Tm0q}M?U+vnr1g3TTNQg+^0N>C9YnxCku z4cLz+f6L;A{ou=@>nCEBXI%$of z>?%~|qoVB&3`ZG~kY7G@EG{|*qB^Bj@d3WoUa%?^uz=$8sDHWqJ8_~U;JGFjCqoDG zdjOnh5;IG?lh1>Du%jb?78);D%%`OKV5*Jv4L(hrW!AB1V zC$8v0O0j=JzI_+mGID#=QT4QfqW@R$_j8eU_8a>GP}JJS(0DZrBS-oTK**Y-^^gy% zDQ*e6w&2i=EU$RYeMl(GB&`!1rHg;Z9Gef*cq`?QxFPa0+Q%tc(!HB+jyRsH4v?BA zJL}M}2L*$i>o4S53k2;x@_mpbsNX{wMnqJMjpKT^{KCyz4NL@u!=a;EVV76~ywJ#F zh3vx10DL(aJp6wIY`W)_&*Hd;Sgmb;d{jSs-TY%1VH`rWjOP3yXQWl?!7~!_zEB&7 z(8?BGK#gE^lWl)sIjA4aEhz-s?V1FxCD8h$k(F{;HtB8@7{F&DpP#$C$&?pQ8%8H! zRWPQ*_oNy=S(esAkZbIc**-QW622^Ba7LCZK zbENN)6Yo!jnj>PDvqv9SBd$fI{YE9sT&>kzdCU5KMYS?_->24Au_j>v05V{t23d3# z>q*|MO+eIUdD{>1xZnE9Q5_c4(XK$vfv=mkJWy^sT~a82q|Y@=H|H`;xs_Imv&JXl z{h3i{p8CwV3vi?2WN)ULs5TW-KhW0T;e@BG%O`WPw`C{-Aq4n~_!S!so%JZ&1SM;D z2Z{qvSmW<=r!VfSz!Tiz;aO?Mtz2s=(bH&4*3aKWHNy=lS+T;vm4-NVSHr571K~jY zoXrdIiW#3dizy`1Jd~b_FJtX6CioF6k5r$y+P!pG7O4abA?BDU68A|{9ngvobsPMO zVg{$Le$PJj)*DK{bA=a-7}`UIWu8NrZTETKMu#y6`mn6ZPfL7zmcjm8q08u8is0wH z&NWcbutmy;x&6cqD(9tq+ti+o>O!IRt(QMb;EEc^g?WjMCooX_RtHVQM_L3=3yw+P z_&2lo;KA_>ZbL0j6-bi|pg&p8A89ohbZw2NoRO$*%_!k7&$elB??Z*`oNyU6^hNoX zIzz?)!g%?0HFF5aK6P>s>B<${Uxu}7xfqULUK5o6(CTwws+}zgWk&2>=SZonL1+KR z-3vmsB-vi+y6jyr^klMZQDky>*!&1ReP+ab@na_I(~3?OnQ;VA+D(YIYKOI>Wl zpiHY!DBEVMbvLbwvvU0gh4K86jgUU6A^f(IZ(Zw3Q&oa{({EaS^m_gL*dX@FB61Pu z%XCzYS#$V2s?6IbnaIz~Hr*3_DM1xXH1K?O@e^I|g@x(PHOi&vm3>RiJL2j}nLaQ<|?qE|l=hWGOGGaXg% zY8&yx-2IQl2g3+;Cu#%5E1p6+_>0uXTmIxWj2I*($puG--x`b-l8Ac)Uc z5YK>d6m06e5-fl>>c*!onV4vBTm zC1~OWhbaG?gP#mVafwKlGe;*H=t4A(nMx3)HCm{}`-t?;nYa^Hz`i4BjTu8?cZ7 z%0lb~jD<7&-zHNg!0gDnb3D{_zD=Kyc2r{B+iK~_cJoEew^Q4C&wX&p0jeR#nThX- z6DmWpUWi`~c{qZpI#RnE+0E4V0Ze8xS6%9%bEmlp3frWS0bB+Xqe|ylyEFW2A46vP z1?fDQ;^Az;%oV7_x6Y{Gs=XP zz5%jt%@Jr?VFP8i^p>$I@r<(%_H-Ea8AE=a`|Fz@Q@=&d7{TarYwkpkT(~G!rh>5a zY#!!tb<&l;$VkW`GXQ`*2+0HZfD|qo*G>#L>U#kjLoD|RxLem$n6cVfQ@WfE@+iLHtaNU9!MYQ=?Tw516I+NY@)vM)VNxs- znW5>R#qy{DFGJ>ir~#jNK0Pz#czJ}gYjtlxgZh@lyo_hj{}h`e7G#JANF`{fjfqA5 zi3LhW+-X24M!?b6Kj990ApHQsK?un8@x=MCpD zAdE>+nN8ADAtWJ@mHY)3xlz@5-T0DQ)~8_)Q5l7_NsmM+m8_WTrpkquYNlGFOZ7}5 zT?Zc2jGM2R%gH)NZ_0#s+#8JWXhx7%dB@0XOPY`57^i!Xp~eOKb%HzWp3K|${0|VD z!7i$fJj9?5tC(*mSgBpkXvXRHhrzKztPqr`TB;xLiYt$wU;348y5ApdoS}uABmC$A z^Y#@amgER|eDOg_?j~6{m45#llL=zrs1eZ6qRi1G7rD*h1B27F)+k^{oG6or7}>iP ze*134AX@_R(vT|Yt*1)gNCL98!c4}7^5+$G!FEH|UZH9+Nh7-F)l^Q&(oWI@*ahq2 z*K6bsvk41y*79~**m6&8!Mc4P?o@1d?bZs5H>Q3r04+Hq@mYE5Db*&YTe%B4bL(J_ZhXfoKNisF!AUy(QX-m*@RduRuX?0z&pq&lN`k|zP^zSK?tIS#> zsD?32lKDGwM;4`T`s|1IZ8m1Kei;_G)}PR7o;>OdhO&qWa4d!Vxv&tZPzz&9?T55wyw7apC%9zs6pzh?0i z*PQ+A4Dl?fLB)|F=-yT^0ChwY(h#4b=T=*wSKJ(R1b@VS>O&rmh6KtDssp$e_`DUeudLAGl)Eh2LK+2q=SE*JPgPpFi{9w5dKTKUVm|9_q8C?_hON zeHP~4g3s@Nsv;3_mO|=E&APB9g*T7LtQ%YH^)#-%WTxi;_~Xz0JAU_YcutSmn;C19 z8harTNpXnToeQKvS!Um>lzTj$z!$u-V3|i_05bV{)BGJle59D6|6_l#d}&q^fcy7a zV4L733x&ix{a;EloMF`siy<%7$sY8|T=+lIbu{2I4e7j%ZBhzi&ga%UR7;6gc`Km( zAHWf8VA!-AFQvcoU1ky4GJ)lc*lV>|abgPhb7nx?i;(&{u)lGgs)zv|uuT;jH8g5cp~5TZ zJ}*#S$V5F2_ES{5v4#IMuaMfyN%7jUsC1ZhB2GCge~O+|qIs>g#uJ-^95b5GY17+m zdccgI{nRr2&b|zy1dV3@fB%7JI+SI6@th7A#5*rMoiOaLg0)#i`pR-$KWVv0dRcD3 zF9EVW2pGBN+WN`oYC+#);vP*5%jqcSYMa)mZ+zf%RK9st8l?WF#&do1V{a%MPF}gu zCzjE339N81c3aBskBlI0j&N?9@K-@}WEk;s$c2|jps*J-JAJm80a20mvdKtdIFjeS z=fGx&rtssH;Q$?&KI?x>LeccvDtM@1C{e(~)(Uat&`fEBDrB5nTRj7mD_n+o{crsa zQuA!m!EbQN=ZA>p`F3dwkhqw{&s%EL2N$zMv|JLl=aO|yKf0<05UlLU5qHvzk-(>) z;bl!JQV1&#MXfQbm2S>6Ad&!~ zE}Zdb>uZ1LOlfI*7o)-O$C#`c${0$NIM9Yl3mORsqD-%3dCj#cRD3$8x7JZD{qTux zRIH4f$6*0l(ILacmLJgG=4)LM52->`)^!R+y)zu^j>iqI5ukG#%~V$~Wjx*fE&Oi9+$ovaVFK*XD*1jI<~g zc60#r`_77&+n5f{M;3{WcZ5=!zI)Au33l_$=+dU-k$j?C`FWDNwrKg@Sp;uWjU zb^nO8M8YTmw3xkJa)sedd7pC~(D99CVz?n&k3 zsz& z5&78#Cg4PX8mK~q%ps6#xfA*+VZkI$0akg`v>_Q5)qX0Li1)}+M82D!6Lg_`)1N(%LNvW( zh_%%187?HF67i=VT9Db92xLDuTF)Jk{t3bg4r=dRBC{ZIxR)fDZVX=e~* z12wUAalxZ#f^cC%;uS1=MHS9F+1Hve1O5}jO9k7jJ(Oiqd}im^jJRkZqfUYO&2184 zQp<=(x;M|WdLG0huxK=QX$mEfoh!gfd?a0P7cBAvKKqNY_rOyuk4fK)U4yuyIuFfj zhTu!k{SoCTk~pDlx)YV;lOq9SeK>+VR9uezL_-x34YVNoVgmo9gCrJGbf^6IM0A!9 zX*&b3D}_efD=9OyR8#{yYvbdnu`28PYos9Tqr%%!+k-?LeJL%$}wE_rV&0L`=QY#{uUH9t!qb!n((JXI3m-)Sj#o@#M91cN{ zhW`l4$YfOUc)RYUv-artCRX)3avLGckz}7SS=(vs=Sx$Pj8US{=I!6lk_Qt;ojBb* z16WHo->Y)2UcBt3TlO_X=l907`5w#eg3{P_GtYQLs|=yYN>zgvGE&J9^8k2M;Ge)r zEvCt=;t2mg%ud7}?q`{=!FWoDvJ^fmJ6xH0?rda&=nLmyPe4RGZJoC0Xs3>Dofd|} zD4u8gR86^-B&4SE{p&{9$4cda(>#ktB9xnp{3mNYx(b6A~}&q z?3`C0$IISk+-1^8HO7dV?8~`_?tDwdF*yLBHOgy}Z%D?dO3Qkg9XNc#@Z({^iXh9G zS_c}kh`VEXwk75#I))5XUC5(OYP|pqVC8U991Oea5=F;LY3r-EaZEW#+1eNH@8Hn| zLJ!|Fe0WqBiRRv2zmOD-1c=j{S*}$aoT*;*$oC~_s-@~paWsA8e{&?KF3(Oyf^Xs~tjJE{4DPJKZIR%G#D#{; zRigfRI8YI7ZbfPqohbAH(cf$4`8?v>FjWEx=(96N#hS3*)N?^mT&mCe6@GR4FC@ib z_Oa2UW28$E|4+uXi5yaI?H9kg!D^I3o&GF2G6U7>tKW|08ipJj>37SA(W(N0PXy{> zO95`0G{lS;j37R#I$mZZpt-Sy){ZaB1=_Cf>J#?e=ORS)aZ*_Zw*V-HhVI_aL5()s zo$8rl-Q{pOO@tntKJ3fyCp)Sh2Jn>TD3ZUk^#oaK1#=89v3f@M&h<<8E}0zv-^Ggm z11P=k_$*3v{a>FjhIijqEu8Ht915N7{v{57u9%lGg^DzbYS@JD_$QZ!1pHmWw_v(? zb*1OsYB0ml<`p(>-5wZWB2PJ_-PO!A2Ylm`LfD^oF{dLF>vJnR4T)yL>*d{fK1#X$ z(x~x>;%(%l1Pf$VIH?9NbsoQg__KwxD(20Sa`q#JlHXB86jhv{E8huiczxL!SXMD4-kzlIaWod;2ipT^nug{5pg zQ-(NX`6~B>P>p9Jk+yB})3A1esUWGG8#R3AcPwlWrh&G|$kNGHQ=fk8)DzYWaQ^YQ zml@SG#fR+RU{cX;-B#sAf7!gHFfO~##wX0eVubMX=D1!*bEBdmIGgqB9OX9ackaWT zSZoH-LfM^^?yN4%F4+F%%E)|*1l0=FZD>6D0Ut4pl8n52sPAPF@idZG=&g`FQqxAQ zK&nSTlzKFFA@KQ|7jpJcDPQ+SMw}A;V_HIM;{LpTzVvRI@wxVNyF3yZzt3JB=Ig(eG`3z~r9G)*C?2B3kB7t=KBBM!g(r>N^n)1)PP6gO zX+VJq>7wOgmUsw*8Ky$kI0{RXWP(ihV@DT{a>F7G!xM}@;6r$yNIPJE@hEgdK8-Mw z_y8|$@jgLX=g&8Zs+X4|8*%q$A*!)}FDWtO|LXRYXMV`rDgn3QYF$|#jYY%HZ{U142Ff`bV8M~ueMWk```+z%FAMKAd_Z1 zsHvBspj2is_!Xj1UapBCChvOYMcOnvJ)XhrH1{&S437j-M>e*7jIECcBu2PGCyG;& z8oeYKgQ=?7>+cs^Oz~Q`d<(wkk&30Y+u!*UeSlO^-a5!PfAR@ojhZ>le0Y+n&Y^@k z2qv!B(;P71Vq~7o`}`E#!=Ip-HS&(h^+pS7!%Qde)>A-{sB&+6NcLH~$RVk~i8o=N zh@D!I$x487s&9(&&de!TPgO74RLJ*(N>!CisuX*xRs@S^azNwDHhK)cM1blx`Ripg zI`u=87zJ7j=$?PSZmlxM^r(`hAOOe}U$G3y3nb>WKL{w4{$_6af1a^0)#fV_>S%Z@ z(0s;MR!=5M>GJ^j0+1YG>MmtN=?(GAhn+JL0iySr^ln`cl)JV0rcB z82vC~jSmN4Z7_%DYE4wCh&k7q`Wp+8I5=WX`A*(#e`J;9>M3}jJ!p&irJ*KQ_bRFJu`X*E5y9+2M*p_13zC1RxX6>5eMyrTkhgYFsAnYJ@H8SMeCVI@J9*;{I5IPk zg>kNBjd0W7C#?Ff)vX<)H#N4)lr@(4O}!))mcn6BXWp~)FiZSZT`Td|n@VD23tl>c zj4oMZH-1V&cfE%sHXrTJzk4ATUrRDu-k}=eNS35#**j0)G|4WUa9&vVps`e2tJl$G zNQkFH`DsOp@FPReP7~7m-P|L%uknH2=+#6=2=Cln*I2vF^oUtL)#l3$U$7c&&cwv> zz1Zt6?&XUbXIi{H+GxOIS?`mQLQOpnV#UR9_89hsFG|-9XLg^3GIR9Y!E{Yh&V1htkZ}g}QtQ{9}msihGrk&E==`&%ftZQ_ioW5fv>A zVubx^MAiG4CoY31dVP~wbJI6WPV+>QnIN73t*qS#79yTu&OHt@*iKq1o>ZEdV1p6f zqSgbNwG(fGe0pVa!}sLdf7^C(;4=j|NTzbmxXKr3$9u(CaT8u%X^zXU5!^lE4_HJT z4@FUUe5SV|B_d+v+_SUHZ(Xsxh-G?jn;PLW(Zhp3=t>0hgNIe3CJF#Xu-VTod`WlW z*-1alNEAQwTXo+6zSi$~u*sKezoAPPPOVwai)HqBwFDg&aG1Gd zW-+EYPH@%Y4W(@2)AchpwMI%4|Du%Ax2^4FETO2_M78+0Zr?Eg6@$u=uAY|q%L@jZ zr;4lIl)t zZ}E&GIFwhOg>AsB4So0mZJ%wv`cm=xiE23AN>X1|dgxiy6_)iYJA-=_rG&SdWK%no z$h^A)bv=5KplLwOQ9z`2;n0oR=TlF~*d%i`CVTII50kzaX7gv^k)e&F?$O2QG7?;! z1G|))J+F~HbUj11tc+@SuL#%p!CU;0Q!4mVRmV<{L0S1DDTS_n^r^w;5XEwt{-U3< z(t9SB;^IH$+AnLj`7s<`K3C&gS0BW^Vr4_6K9(BQ`ds4vwlUe)T1HTl$EN0G%B;Mg zup^J`-&Hz}=YS(pb9F};mXzFSh+}qLUIYmhB43$yagVKLtoKxN!z7}JIYk$s9Pa1e z^C^*{LsTDB)VX}!#O9YH#bHH}pTunf3@J6#Mv^(2p|zA!?@K}CIuaR^bRJ067NRtW zO@a}@L3<_g3@n`~nZ?aQ98uv9Tgg?;Z`8I~mo;gTb%b5%z}DCsc_hjRLq?zL+>}Aa zWUt0Sl0*ia)uO3gX^WgtfOB*0!2LovD5&%#o+~{R&+PEFeIK9(43?OVGEoKC@xdeX z5RIt@efD@lK{^B(TL1gsV|a9UoK?4g8g7Cy4tawhN#sSZ2bIA4Ex3wGD&Ei+cJpjZ zuM{(-@aqoP;?Lcb9ZP7HN_1*m;W|UVWV{yV2PG;>b7&)iP@Kr1!h}{w;G=;?rMY-0 z^s8nM2jj9Tl?|Y&ofN7Oq2k)B4#~X>#LnPsYhDNoGoV#sVAb5}$hEikwoWo+_1DdG z$Q{Xa#W_kQ3EgunZe|zH!D|i3jD$i;4DWrg&awY9L;wGkCIF`?mXDq+$!+WrS*Xl2 z`YLemiS8fUS|YB$2-t=|kG~V%y67}ima7dPwyAc+T8IF6yHFqhx)49_sye}34k0z+ zOcfPnvPFpSH$IR+eD@Xt-(n!q>X&3aTOFx?AAjBtWzV4giqm2+8vOW{Z~uyW@y>%K zl~2P@N1k=M^e0kTub4A_op{rGee~`Q&bBhB|L*T3d3@cVuk`6#lhByMgINE2TD>2b zm?3JE{zS1wEBp=4;d+b;r|%GF?Gg5O1$yB8Z`VYj{qy8PTW;u$W7GQytoY*R)xWAS z#XE-b@n{y@9!x>tZ(G8ajB-vsUUytJG&0OCy;As7LG*WUmv30F%~ zcS{R0FB^AjG8s7~)z>wE1ON&W@{i+9px+J{co-OHXc$B|I9PaOL}X+nL?k2>R7`Xf zR18!kBy?PK3@mIM92{h{cX+tic$nBY*nfaPK)uz0hCzUVLBK{qLc#w3EU$e440xDF z$Z04D3;-ks1QZ6u>i~cV00Dr6dg}tsva*xZbY*bA;(RK4=D-mR`&Avhn zv}eOGDX7vpx^mtn>V+p&xm~Q@xRmmzk~OG@Z^TY=5>W`ceTf3li1@1$FXvm(-&W^^0dLm~_F(Bt!8 zK@Xd!DW~7Yr|%g4R86U(e6=V_E8@{JV>=bw>&Nr1aR~*{Hcr9|1ZiG{dpph!d@lhs zKEK{>#1ePyoVOc&2T1*|h<_~y(4~p>t;g3`-YAHbI z(hrMLOcajc5Hw3^R~>S&Sh-0i#C`sE_`?M@qDQa_3|$i_iFd=BahQ)5wa0Z=@=R@@ zl8s7(evtTWnvcf~$w?_!xlA%B_7Kh-6v$`ND-AJn2QVo~_!KVXq#Qgt` zZOSM0-dwtekgdwyEl*n(#1Qu2&L`ynVi)0Ek`}}WZD6v5EkE=K9ILcWW=@o^OmX#T zlM=2f&XLN33AxqV=WH5OuPz2AtVN6_v()_$?CU?C&3_0qJ}&?kvq|sEKMnum%&J{& zRs(ZG%XVxeNDBUKne^sE5VnG*U*Gbk9QIqhxk4!}lv~G@<1KIp63G2WRoLo}5k3uX zuCSRE3V&Eolz=1`T%#SOXcwP7H<2FQ_TL^C7p2MJ>~Y4rp?dlrEN|1(%rri-6Ww-6 z9HXBmRT#JJ7+PlOBZjh3Kazfq31Lzd+tj$1E}2Xe9y<=Hq~MsNP|1jtXrD@ zmV{wshQoWav`kOIUwND$CzI%r@VtKq7~~D_xQ19%XozxE7 zv{A}p!VSMi40m~^*a=4-6knnNOnD=J$aOND_b6Qj&TPN)t;jVM_6;!4{e`kZ8nD0} zu_GDBK}ZAj$3Xs9`Hx9Lk1MuV?;1hhy$`23+M!4i+Hmh>IC?W1EegO+I@LzAOn^)=6b0bSChB~w z2SDgoQUL(9*jdMFDcBY7bOADnmVa4Z;RMQm9Huf_3K6I+s!VvyBOaLp^OMLUDZVM8 zQ?V`VX6ner@fjmU>eCikb&;BNYqR(0Dm=UJpIj+0+&V;gAQ!JdJER1IvqD^`L_tB^ zU;ezgUw(fmkfHj6@M&C#iO&2tE>V}}+$!PIcFBXH9a&WG7btTV+h@%)HRS|-C{dCC zc^o)q7H3xjC$%ydH48))-2`BRA2jSwL_0mCXwnq3N>UmBz=p!8Bt?_-^P@(2>kHKO znC$`qT-I8|>JK(uMrz#^$V5`r{RSY8N0g-pT`(;&*m|8Vb*`|%N;oyDO?m}UZ}dvO zCYxxq16w)>vc!y_v=A?=`eST)+Xi>+_kXnTiPQWWjCd3Bp_I^P0DweA^dIK8_kUS> z|Fn_F{(6MaD4RQ)Mg9T+u;p}g*jsT;6sb=7a>*u{-1)F&s#vvWEO9HDfpk88aUj@d z@4=c8{!hR^6^bG<*3^m{#WeIc(jwIp2kG6*am`JL_4ueA5(n@p>_B)&i4QHM@`)dW zGbRgNg65_0luw9SImqFf;EY8AJBtdEVo${yQrbr zK$PEu4{xs9Iq2W<$*tm~?yo5SC=(rYaH7FAfc4c(gg$?Q>p!}I`g(flD;PX2jP27r zbooE8^|$p;1|a0`-Hb9nUb;Kl-2edO%62-st)Edpxnt$&h<)bU(3~vA$|w5ugKUA% zP_OU@fNUZd*aKj&`pWxn48lc~`*P8P&O|s~*h^zcbq7j|e>9u6m;E!3#*oGU8@Ht2zeF$XsKEVIg4_SGPmbua4MV2UnGhPEN-hzsS2dFmLFch-ZvU^S z0F!FH>Dq}cY1IyJW$y2ShqU3(|91VYV9N0q%NOfxtLeYk{x1H_z~2n~&A{Ib{LR4M z4E)W&-wgcCz~2n~&A{Ib{LR4M4E)W&{{jXel;b^E&1k;-37wxwiNT{S`ez9)DfV5* zpZY&eh|rd_F*xRb+90FfRbcCOtNvL;^>`QcA7Q@#tO6N`FSiS$`{hqVzSQro6y2VG z`Xjb~Z~pwBzHbTyvLBBM?B$;(oIVP{bj0<4I>6I`^8cy-Z#bj9?W6Od10bLwAt0gP z|9C;YwF(0X1q};;z=Fd-$Kl4r#wBCr;!zbP=X^)WPDM?_#^L-qf!1XDZJ!i`^`*?GcUe@DAwgVK{O>*}Q2Go^Ji9x$$hrr_>-YRIm=g1s2Xe(sk*AZCMu%y?49yPf|_O}aH5%*N!q-$^s7o=pLzD@DB=jjUHA1wn{!FaAC*VjpEbm1 zqpG?m8?R)uWGTNIHmQD-uk)6}*L)p^P%>pTJM9 zj9Ip0J6^(IoUy zImx*5f5fq}Ch)=j4Aj`-Ir+a^{k@J(_NC0lqLrIt$aENZ{bVycwv3O)fs_$}N}&ZV z{mKoiW%|(Cvnt=z{V}5@3i7)hZ~t!$<*!)^hw8JSbT)J%nf*ordj5#DmD-cqL?nf* z7adhUVx60r+L6ICOafN=1!`%fmGuyDm=b-d%al3&-Yptt&O+{8vDFq*YeUZ!iw$d0 zN@^sGf-n5ZqX#uPt=Ds z+{f7n8}PW|@-G_6idv?yAk!RPUh{8Q$iG>xXR5Q*Y5pMmOrz3e@J_)3<6fLQlYt&{ z@}|MnK?9sxyGleWa9M@j zNQDqqFciVj5OY7!qt;YfHV@KK-xmVXQju`tMj2Z%co8#r*jmkWRL84!B~>E!?fWpf znppesEj223y*yRqCigy4=lEAO?oyc>H)E$Vfu#;Yrq zxq@2*5HyE%bJ+7sA~_819PlvP_bk#tyeaC3G0XIOCaNEjvN+bv`|9ry3@u4kQD@`1*5& z_T3L=eWu>TG3iuT#*%~KhdtqlD(Qqsm)|+<_Fv<8v#AM2it$OSJT(~kwmE|-Z*TYH ztthM%t)N}*@GQ0-+4mb^d3Wqn?2hGq15+97HjN^I8NY?tnM*#rKoYnIUu`LtefPtr zaFejD;Fl}A0Lc?m`B9FJ(zYO;u8$;1q|WHxgG|FFY*ym8XA%RE9L`HljNrgoy?KHOIipf-B0URa{N#34)qhyung==|ariMvL z;%*YARabad--sL;PzaI+R&aqvb{|qjl;45ccF$4e)+1rI!W*o#a5X7ed>`LnXb{q6 z`^vs$v>NizD7MiiQqT@S^I&p@D8zfYsvuBKMSNcI+U--DRgz&alZ3~t!V0s zeUR&P0Ia#{Vu{?!_%%J#{QmamGQ77*;?6`Lp{mP}dEkxa;(P~Z`_(Lv)$kWS<0lEk zZraHxnV|W@lYvdLjo?$CEg#tcB_?qD+@Vy3?A160Cmc@6`JR#ZxpIG;WE1`zRZTs_ zk+|LE`;dvs=kzm7J!^!Pw7~$TygAQ{8^af2uM6ATc1v5XlFehGD(qtoM?bwp_n_0{ z3(f9aTb0sapN!MI@Cohj=K$YA?)-)igVx^FuJ}n<&)dQkEdfgFy$#I)3k@${yN`ut zj_TFrks4IGRqp%_z^?%MQ@D+FYc)8#4I=_piz!x8m*10HuK?wP)ig|lUq?87Eq3Vv zDl0F7v}eZbGo_f9_k>%WooQcK&?AZ+nm@Xq_q3Hi9H5y61evf#Rv|_cU}50L;&X}F zcsPKEw)-qTSyS%D+FIIwy5EtofUySFSIRTQ9dzjk`xpli8drf zIQm|I5d=T7yG%? znRxFqWH$PbcL>ARy1wD`P*`3xP?+nv>}=A*VPP!Pi_#N`@CIsQqOuN&xsV97rm-_U8_A7ObZ0W0W_>df z#|R4iVF}Ligf;5|7Ts&3)t~qsk-u=Zq#de&aLXx&StF(y zg)bFHejL1Pjy_WNcRqe9Y$lj-@*tV*c6_fFYtzA^fO}sp&Y-C4eoWNG8z+5KYg2!Y zw**qY?`u)dq7!y(-I6qyBs2MRlo$(p%O#{|Q#LwZ=|MZUu#DDOSCk#jbFc6}pC8}u z@KSbdynCs`&*$>%qy?9e(f=59w{^VxBj=Ue0fHNdDS9ZxEJ-T%&M;JDxVq1HRO=-4 zbWM^Z14OAf<@GBzjGUr^;vFO;WL=-A_^=KGgXEUYcjL{lab;xw7-Ez7IIg^xP<;An zu{s*E5PWUCE7a$PvuRUZR;D1njS%jYp=ZlwFM_$BB)o&}jvdjYK1e3PCh^x}-0Kpg zY(>+RSIzUX)n}!uPyRT*sHcirrvmkC*D~Y;`sLiKalebogySk7t(W$8!Xp*xkr}P< z`*9Jb2;!W}%)M>ku28PiP2Oh^^SuJf6$PknY#*M83yB2eZWCwvMU_|cQc24s6_+bk zOzVUNL1o!rEBBe~u+%c?S1B0z_%pF8ND_j(Z2?kEuK@Mz`eg-t9+L!U`)g0Vb?+9Q zLS3d|swgpz2GccrPki)}5pKs?@*-FL_SCjc*fUce8Vq|I0*?8Wdcr(RB)P(c!jYEL zNbUMh5@;pH%Qs_Bu&DTr->R1_6+qbAoeH~XIB920MWmSQp7Iy4j2yY#je{p{=iG88 zRGG9kP?%IHMQVE%*q0@psGA!o!K4*3qecUe!Fk2t9k zpoZ=%dcRDu-EZpNVfE9wqp42RS-53zNLIFA)BT?Lv_U{Q3=k<3_ox<_Gu@n1rd?{g zU^kSW|Du%5R)2ZAm)GdNXP*X+D`rqXHDv!iTw10PSVm5TjsRPFZpm+Q?4@PhL>oQp zCr5e>_STCGI8K_ad*>d|Q@fc^`Dpjc&bTpqD*&bYly(w-iuVIv(t4~P@rnE#NGK#- zY%zan*0un7JpblbkQH&IxNt#JTbKeMA(_fX$j(rHMHzk_$v8=*{eP^# z>}XI_hK;eUB^D(R1?u}N0L}NJ7r*-I+mN9KD!I|Bf80W~(}U4sckLp>3;*wqD~eiM zonYV{{v#@HT6P6k8^JbVmNV7H#!-WXg)ptZ{Tql<|DyEW7!jfCZuEMIMqJk#yu(08 zdNCKNte$}~y@c$n78u;F*wy_CP~re)61Kj-eNPgOd63E!(%F5txX+#=Vl8XNT`&d$ zAb3tjyjZ;g#*Bk&TuR5lEdK9l$)k64X1Zn9ZBtESrE8$82kZ4}IkNDAS1YCPO{s2U zI~^EJj%SPq@`VRQZ~SDg!c~q{tzhiS+!oQ@hLJnE_qXu00S)Z_|6bE6=ZgMOG>`?P zj)o?I4O0e@8!Z>XUn{gj%y;x6kNl<8=hw|L*%uQF6X;#kSEatioI|<*}Z$3F0xos_+^8zcs&C%(!9FPrJFA zR$e)^_Tf{OxJQ>fW*&5@+)`t;Q@_ter2xkVnP7y1=~uuVq~od}E}BX|#9w$~eV4Y44Ww0~w+ z-%aMOXe*0Mx!qJ7J+h;GVrx4r(#jRG3)Q9)7Yfsq7*c?ykaPgwm5v-6j8K z?k46&3!rsiAHmcLUK9uGwSnGeIeMr==Q%T#f1$TPQm`vk9o9udfG|(dPF2i#pr25! zDnG2yfY*gqA5`2(>e1HsEZe6}>hX^$d6K^D;cG^}%I_+9izf+9%{GlF9#@2Cd-1=o zy~joyEqZUe?#$?t(2-7J&co@X;$%D8DtPLs&Puo?{`l)1D6f*2SBs3 z?~|d{WYyNc$MVZKqK8YbED6bWVJ<4$H6%AcbtNz8ubO(-G-D*%;02eY_f6mUId36e z{#Ij-#}YgmXgqK`;aRJ$uQ5NFt8DImo-3!=-_8DeD6Oe*%4;hz<7iLoLFLCj$K+^o z69bDXchj$%b+bI+&+)Js_}=YiHz=(kopoFiGHrAcN=pR|sO&`C3VP)BR8tEoxY9`I zpW8cf6p|L|S7B;>k;&f$1=*Cbu+Yb~=>X=#%gbY*hgASF396hNYL)|5pGCM~iedlIbwY^iqmcQdUE_R+L`G{~ z3SvAGG7I^#s0{66BfiBQX-T@?VwbSZDHd}Y*jQk4iX4XFvfPnsmf}hc4CZu3UbO;K zK|q;HN_(!sA`d=Fz(b&TN!Nop2T43<qHasZ+4 ztVaVo;?xVBaS!QJyDAymk<;6)F!8gYPus76wwxy|-_uvX zAY`{Rb(D5O*8P*@#V#J&MH|s@w|^GhfMhzSEln@8FnA~wgVpRUw3r|r!65dnh{q_I zl0woEOJq2UygdFDu>D7H6dU7T^Naq7$bSEixaV6|k_ZIcA4y6K7;kAuFpx0Nkbi_u z|ByeDme4WCSfRx*$=Os*u&~+HL=&9r{t+;R{G;LvSv(x?q=f0qRqnMf#BcS&Z92|W zG^Nh;;;G^nULmY3J?l@3ZaJ{?ixUcbE+4?btO?@oUll3Dcdc78^m&OH=RdK+jNm&l z?OCYi-Z@y;k%b27D;AMO;fByQjdF*eXABTk6i9B<5lpFJMJJ3IXg$-f=%3`aED2EZ zMQ_j!yLH99S3D3SJlc}HZLfc?Ia7ypWFv9oE`veCNxhCnziEN2NnlQ9}!v z|CsGF38%nCiiSm03Ng>wsQz2?N`A%#XFxo>oS3Lv+pqMPfS;DPZT=Miihm>J{aZ{K z>Mf}Z4hH2dFAN^(jg+^TG5`YxlN^gp44Z;o&D13k7TrCt9*2yQl|x)r-PNt2;VYGB z-^`_iS<*JA#^<0yT#Mk4gyhC6YA#I^b7zmD{^{92W6rQ5Z!u?kGcbBepsNZZ>*bO` zWKdmgcv>t{X*nlc>rPIeGgrg}w=Anit2tjIig=mn>w$7QFs5|#A##7 znWNM6gnDMwJ#9kEsOsSY=dNx}jrz75yZ8Qk8Sh8U@1rb3{aJ>^xXE6`=cgq*L*Z;C z`nd8Eq=&{oe)gURO!m$k2CTm^Oa28O2|`=7{#STCH|2E(GmcxECC!71T6IiPnXNG= z_-b6Z_fTFFZ@iAUd5mJEqjH^yT`ZQkL47xpySqd34rQ^{gY{W!;WULiXz})Lsnbq& zJnh!$6%gsGKa?|2Poy-INl)HXY7Fs3Lsv6A2Nd2Vib$5g(spO3Scp`ChCc0p-`*Z~ z2Gor?6_xiGiqZxtcerpq^ENDCA$^GAEv>puRx1@7zR;GmR}G#s!&pWusmF4@y!CD2N9 zgrsv56R0yLei9O(7ROr(MVR45$H+{iHc@(&Ib#oD(d&V~B&Gv(0PfHpb`lsIM7}A) zwSlTLMDEq49ZqqEI0OL|-Kix_&i;De1*H6E;RK4ZN~AGyuUBGv!-Ob%!084W;VDk< zdna%rL?a`Z*>y77j;K=d84i9$#YRXCY#fL9ERjZ(U7P2v;;uP_f?PKQj=GekSszkvzmXk`ZK;#( zOz^jjyt9=Ed-gK^F|QQTqYyp3P&$;^iNcIM?`mKq99QQ)u__FdZ?QvKb}3!9Nypc> znMhr83zbj6ljK8bDTSJF^FlhNx0gZCP#ab7+Rl3P$KglM?P3=Pc}|vkFWzkeWdlZS zP&s|%To5UL&PUh;q=xVlPhzAi_7#F@HGwud{$>Gsj!4%@k&gNd+B`fPx=x$J&+|JP zvp_PM&9N||Y5fp+Hww2+#Ryhg zgUbpS0EQRuo+RwR16P~mrnjPw(cWSjD5geHTl?7lx5mGu>y2fM8%lgsE~5rjh_hY+ zS1^({i4R)u(V2_F&tCzar5r9z3J(#dK-@cmJ{i)`-vkjujJpm)-YK-(D9vMi?JCK? zR@WTN`7sMcb*h{$%Xy`NmLnz%+oDTZ_F|8GnJ&3|yxDNy_lo^tLno$;2N^KFTKVSD zt2Fh^6Rru`{;{{WT8NK{&xKx#!0P*i}$A%|C_)vxSD5M8s@bs z_z5O3cDalQ=Sly#iy(n9d783WvNMNA5Rbavkc<1ZsH6H!yKp6hta(l`H6P!>Ufi4t z1Ka?CL%6VOidd_4YvwoCL=gB_+>E?3N_1&**%rl!%C;F0^HctSx2VdULs^oH)-RuO zwX{_QL}~FYf$Jn zgDXd|NNl3H(m-tLAe;&vmLj(xdaHr4Q(dwc-V)L!i(5|waZ={IIojMbE#7d>xz|g} z2F)IdiHKO8{M6;7x<1H;YAAHNB>SU)Vu1j;GCwRqy}la}vYm?2Fiw_J+2Om-tb>X| z!dpNr_p%}Vi^nVAyz#>1<7k$|=y=JN+SXR}5y#chdiVTEqZ}2<^+(TupTWg~c7GrL zWFTOrendUJ(X=P2N~sH2j$A3AT+D>na_Oak=N7l0@hG3|1e~`U_JXtHJ#aT zu+v=fl%@ObzO{R>&q1`pkwJ4utA|JsTno~bp73>VY?=D$aB=RAl6Ly=#NASJ zD^{C>cbp_%0jubPU+3nYXFp!TU@u{OcE-zL5pr%0WMoHo>>F zG+e?DPKC*ni_Z)rHtYoC10tZItV6<|j&Ozujn1r_#4gzk-`hU>{7}Kj&Y2x$4Cg`j zB5<@e5%R)}X>EB_&+Cg}oomZO+tm|4lhRYfPAWMXQ~18;kAoVO$y zfW=ZG%F|53V1WEv1bb0_5*$af83nl=Ec)jVyQt=uCAjm<>f}X2!=x z!{%0Ps#x9yk@q}0j>WRDzgtnu=Yi3{etMroD0sTM?2p5wVv54Ptx&G#xtkROV&3HU zRA>L4~@Lb~Qc5P&RIvZ`ManM7w+X1Eg4JI=^b^ZydRk5;kNCx};Xr zYW}WFpW9Nxz1R$C`LXyjF8PL7_Fozqj%d&-N#8mrnY{I#8glxs=spFbi+e`OYFo7B z*4Zi|6QU_LzLUxI9*=;lC^nrd#KVh*VsqlQC>Jt$L5qZ_WhMO;YAQ+idvy5~5TcEk za;zWIP&4sPdFpGu_Rdb3tYlb|E@hZ$U*UGfp6-*^*JXv+wzZ!6ZCHIaqXwszH>72~ ztx(eorGdh>jQH>*^hu50iJ(XNm*`q*Kb~7DGh-8fQ(dPGndhc2Ckb11b1VGbD4j=D z-DJl<@3$WGz?RJeBpw|Pz2L4*?SrjRnFH6ZG?eF_4V@>!wcpLOhZ za{)TZLH<;1FgTS=87LMT3%$>k(5ErIW+xaoULwFMf%X89*1k09r_ZG+1FwJpmHCgF zbOZ0lGuNMFG<1Vej$0|Kffr+{K`MMz6J;KR^O9ZZLt;gutP*>*}vlEpbK8)|9WzdU9xy(YD&T%mg#b;{>GBC*~Q z-#m$0&AgRISMEvDD{f&_uVk%b^be@&T?H6M`P`_v$VXy;G8Q=>G7;L6%f4iNWmQw?yLs9_kBu1KLL|yU4B3HXXqQ|S2 zT)`(Tg_|kG6xL~uYdg|G?a(&R!twjj8uP+p(ue|obcOQ4d$B~q7?}11m^V(|T z|lBrh1mFs0NIYyB8&VW@;x>Gt^f~r`GS0}{O{^bCm<+1f-ii;Q7I@Xp(#PW zwfJ6bkPUxy;BbF5v>abOaG7rBqZLILyX{64Fx2Ii`YE5x_>^1L@RkIqW5 zf_5E6qZ+f5tMh-TcpST1D*7l!2I{{@vn$8lP|J7ld?I|NF=%b4^{Oed-^)lU;%m0~ zp1nNFx{?t$EB$FSwSKF1p<5*UtVKW-c8=LjH@I^_zVEK3%TcL$>}9>RnI}ZpTZ6n| zHO`>DGD-3}^1%7!Yr{A7S^l7MT~_gS`mmDc9sgE8c=b>Dey6O+ozN|qg?SZP((i!# zl-Alf$xOBVe!P43iccB4Q68$%65gcx{e9_?rfy526VC7ZQeX-uZAIL)Q9tOfgrgTNnX8y#9x%o+E@KuqlgpP}ZbtbOyQG@8c*bUIC6t zkz37;x7C(Wl40*a&F3PRVVcM4$B%Th8V3eLiwf}V^sR6I6F4Jmsdx4#AI{-+Ko~Dt zQR-Uhw8IblH7NYp?@;Q^S&BE6Lg+T<#G!9#xyr~5VyVq+S$Cn+&myO~={j>rO}DLE zb?@nIqgLTf3yM?Kbf^X%E)qHjD%rnRze^j3OpqEL1m3?{1V+HTL!a{3aMVR0AqYo6Ib?wW%J)hlCd3F67&(Mm zXvFcQ9Uo(Z?Z=o~s^Yk7vus|1#cY@=t*h?nuzzplheYHI!ff%5^%T``lQx@{oNBf* zYB}6tvr!u|?svD{>JNpqUalwHXY+X!d#onypjyxw5ZsG=C>gfPeQ8F-o!k*soAO)4 z-lM~iIOl|Lab%&_@bODuW&^X$Nu3LPEhXyD58owQv);}01kIC*(k;;^R38axwdgWX z?Tce|%Ty%YJPUGRX9FGDGg`OQ)WcNwEct`p%^%_#)n2Ws@ac6hQ_xYPGUG&#BI+7tGa=;6%AY85H z-=Wf|QWFuf+=}iDw^dx_iBNE<%X{ z-Swq4=Sy4a9){9TCmbF3;x-+-i6?MX7|sank9BRm9IxlesWG%6ev9^|;H$_z;Lepe zu38C`qsy%QSc|P?cbd0VCdEag^X^1USgjOQ`Bjxez z5RgY13jC2iQ2{koZAnd$uB&lON+{ZdGcDq{|kjsRWt{IX8u(-7!Wot`D3`0Y-M@_fY^Z_h^cTJclJc+#lVXr>U#E@6H`%bMo%@dtZI9nC z)fAgfCANfhb@*v?-j?T?URX+~;wQyKtDbiAQB_k1ZCorVRxEnQuVSoB_BPbpjKH2W znBT@^J=scAI@-RM0A6g?4uNI+N;^?D3Q$|qjwbGu|l^&1!O{=ov;Taq)Q-ek;F?cS1n_L0>$oZdAV?8)>z`UGiBK+*$21 zP&oWqD^&127Q4ExsEy%~E3`G^1N(GUcdor5^v`*8(UaN2uv3#j%693um=GgeoJJnpcuis3SD$nBLj}*y`=?a>Ry$ka> zs8OlqiBrm%nP|B6xBLc8F39)AO@~HRzbiH5&G||0f9#BIEKn-=lIWq$wZ7F*SJaGj_)M4yrqcEc;lx!rkQtGJf z%Sg~jXiKPSMw*>@TqHb-c(E=+9+8OD3%C5|G|)vfn9j7(>O`Q@=(Q1E&Ag*0T`yX> z7**aim;ni;UMswXbqtvptYbAM3R98joQ2)k_V)FIv(O-}P|jwWP%8PQCSL*U`(WIJ zrhWAq590Z@*yc3;b3_gjfg`pxsZ7~XbdTAVoD`=X^`i8?C~W2+Mk(ruA1h6uk?tR@ z_}xi}je5`4T_>dQUge0u-cVTc76N-`>|#1A`OpYKTL~sEt2|siH)1Ioek`k`oC2P0 zaSo+@6XOhzt*!SDEQI^xuD`sKsG9RwBsT{%lpBf27cWx1c$U`0hF3a+4~tXs`l4O3 zP^d0WIE`FI`WT8;3$uTz>zUTA*{r9`W_v&kEfmO?Gq;lF=Ehm#KNaf}dlu(dY(t?aFJiSUGIpkjg{}*FWaW zsc)7K>Whj!7hGbE6NM3jH zAu#`h@e|oPn66@DskFEN*Zbsy)?`cJc-md;MKcF>v*&wlcjRG-7Xs_9m?!EpjB;Gg z(G6)!_NpH|`~>hx)6OXC@L;^tJ@wYA?BtWer}{wW3vx*#kfxOc^_bOIXJ5=7SDM&n zzDh$&ZKIcehn(CqgIPb&p|Q*3e$iiH=)sMs2OEG3<%}KD6LTcqH&;$D=j;AqrHU6M zTmLpug1ZP-UDbLXQbRoD7bF*^grmps)LtPU5`MM9Us;$^FyntjY>*v#jCR5P?rw!vr^N|aKClM86q9nS$Plr4Slb`qymb_e#g@C?^Tlt#amh4;%IXtdR^H*(xiv2gEQ zn7O@xv`5uj*uTH#H>E8!Y5QU$1~^WOODdZMUF2A9sVxzrt=7$X((9+uw>%-@CDo+4 zZm#=O?~3dHa+LL*$my8nKa+ETW5;Gj5x#s-u#{O9C@-@U9I=N9m_@l6>trg^4}^y5 z$o8=!!4GS;q(?QBy(rOlD5B6fWN?78TO^qO78pF5P+W~Pp1dOWc|ckHcx^J8e)Sa~ zUIb@umHRN7@lA*1(Go9(wcm-T+`IVza7$ptLnG#1pCj_~bNg%z9!5xd0tYXcfnLoR z^=r(r*}l4yOYcWcO)m%^BU+}WUJCJvsKM*lMeOx9Uv6D>d1Gsv?6N>{4r3N3(~!se z`EmN^uOC)=)wT{Ck!7C?)su4$v^Bw;H+&e}9O|1h0OljNCEYmdkpAWcXvgIlIoie1q!fd70(U_$XXC7BUF;fwtRIRq^;Hyavp!PE>6pL)6H@{0g z^WoVJIEke&Uyr_%a*!V8b{eV+PplwHSq=S<6`uOg-MT<2l=!RhOchgCKVMp?6JF_QwO_hNnhOe3PsbZ@O62872?}>ZyW6zy8X=7$Mfk}{=iCVvG){~T5W{0$%{<# zpL^^x#?&?A1n%c_ePvgZl3KNKu01{qkiL*)e-gSr(DAwjOAOMu8pPCE^{8Y$s2Dzv zIIt5(Msjb=w%l|C=-snxd`tIiiS!1J%6zP{_uFbH88k{FOek!+x+t${u5^%Ish04x zn-j4yTFv@4U>Nn&sZu}=YN(`*CNsX0&hxJA_|ZXDbvzXb{o{O?p6!G%W77eDl%hM$ z1T~+yQ(uTx_UM;h)|1|z#%m*Y70pRf=oSKUA; zxKxzZGuy5V=5Nb{pLB8>ce$#rnp*eZzb{pSC=TzmBO?FQWr)rYa0}z2R-)x^Iul?N5zv6ROOm@q)gXT(b#28s0lQkc0`=#WMs8?Ea!zCS{qtbxk1>am$QFjWw0L zpF&=KIv-Ze?&9)(d>hRHgM1p%fXrgadFvnpPaVJhD$r`EW8vl7V32<+&D@&QvWf$wySi*c@}|&@pkUqg z5)~$qymw@)aW9&p7a7fn>^t>%lj6*eo|G`5j(&HHQ3|nTOwCAOxpkRb{m{=tec~B) zS{HV9>g$ZKZ|OFJLAAd6#y(GqUEu~M`z}EK{JYu9?%*}a=H}J?Um~Q1E-Vds;|vHl z(!FF=aOdw%4Ow9Npip?ne07Rt7dJlp3{s*DW;)#P=S(QZB&WA)opU3H#S|A=KV94q zkWLng4z-|haAb{_z#4g}k$j+lIo;UfTQgQ4I@ZU0$VicBNC@ujsec8i7%Cg&q+6+H zDvLS5lzr-WrQsyh1{y&;4$~?X1+@yNvVG{$Z+q7Txqio*W5ybBX_hx>Y;06lZ)NrQ>RrD zq8n1|PQi|yy#S4b!&`HyL2JM?tdgHHN${_||_I2xtZz(S@&dTmZ zR!UcNvlHMo9aTQ0Y)RItoD9|53!vK4?M+!?lB|cE?5G^65@=Yb$Htb0}d1$v>jIuLgiqa$DtyYcbe}%`ktVaA7HBM(cY9gmtMPC4zJ0O*{upSqoF7p ziMzHuHk`Y7jn#(l>I%YVayJt5{fu6z@13A^x0k_?hahgZ=>$;OqU$nFtj?R5y%roh}6 zhBys`QcnjW0c9P&0`ykzqPW*|V~kvw+=*lsamdGsh9bi`8&-`IlED0L*F7=F*>-mo zshCi0^;~$ibPsfPj(~zSKLpRTrjK`3wrOdpB@OH5Kz<@1-`HU8Sui#Jmf!DSiHCXZ zs~QywO@G=8F_m~*VxoukAIK=C$ZkRE%IT=u0$JlLHzW)j4mB^j#->-gv$o=kUpU{*^xnJYEQzbM1Ad#T1jGLP$4P68^1R{{R z(f<5E&60Bg9q|WN5wJHZ$#hc_xy9`YPK4*4>?;7Tih`TDs!G-}ZQ9<)TdJ9`d?djo zR3Vy}FUDqMV&X{)*F;&V)70CiR$cgtWYyF*rkO4u>$2jwI)?5?+?M*s`=!(mzg_ce zPeyJt8A4{G5=Sw9;;7IVr??@T<%O(TjybN{l#MY9g@I8U4oN;dXnYLvh=rtgeK{WL z9a}I`ep$;M)Iivu++MS8u{mf1c{exY?PG(7=?MhVmbP_q+5GK4+%Z=^MG?OAaK)IV zQE0XeFeZ5 z)er6WX*iZMOFORjtAmNOR^}G)n$*u~AT~}*R@P6LtC?vdc)A53kS4f_Kj?{jp*~*M z&L%&5FieYRE~Ov~71f6DF8p@&6|~6+2GK}{P#3$* zR@u?Pa9I=e%#cxe_el-ffIx3s5fnykb!};9%`xQ=N{=ak{&7Nw70~z{vgn`dHTUE<+O#* zkzKzpZ7veY!JIznW0ZGUl!vT`_vC!AQ(rL;u_L44k+;4&YUzSPEWRTXl5>YbF_zo$ zY3Y@7E1$xIy=IcMg3Zc`s-d?dwdw{MrImDPtMaI$L3d$VSc@3BHt~yBNwHiy55@{% zOQhqWyj`+_+}NiPb(ECkMWE6+C_-uW8;givo(E58Pi&L+bPDnY6HH*QA?%(RZ%SGD z2F?o6sDeW=IRdV{41_``xiUEz-EjtRBx~;|+tOn%uEF4hl`-v6 zRBJ6{mK2E>M#)a^CFL)*c3GVui?YV7Z)58!D8<`U?JHjT_6x$~wCrQn;&*>Kpt!oU zhJUw!4U>Xc2g>vgN?P!;O{?VuC^9T|dVRRDfVKk^O3P|9W>EBT@n(R#M$fWtd7>+D zNreN8Poc&Eb$WB-?c;uYs4*lPEV?2q6qY=Cg)Hq0TptKOk6O0>f7pBLpvanJZ@AIH z-3E8}!QG{CcXw%=!3TGDcXxMpXK;tX2X_Vr80Oy@kZQ;_i0XaWL0Hl zRsBwNog(XG=0g2sq6LUy2`Gww0~4ur;3Blcgg*deC{BU`qEX;$b0Se>^or;A#TL?%?Y; z8Ck<(uHDX9o~lW$3--%G)?#s28Q>-;l|GbVMc#PV&MCRMo~CWw9%%wJ+7dNxb8x_1 zRYSERopE;S_|fW^mu2cFZv|v%%AN-7bfpobW;W-^n!FZpiL=-J@pLbU!=E)@Jy9Ge_1udz))H(v6K!6FTI!O*;zwUzuagI2MkDX zk7bR>77_6jt8|4T4@fK{jnMIcSKLOc{269-z$Nh-(M>6$7`m*7c)r+a->nA+M-b9t zb~Ko)Sf*d&f)Ux_pDT9Pp|=z~0t?#K{4p+8v%xRX8x1?Fk%|)Prs>G%xv*)?c65(a zs`^W1$OkX!lDF#_VPYqzgI2}+(56dc{EakVYcYCoubw@I;oyejmkolgLrkohhZN-n ze#}(nxyXcaFJl| zhG+w;j}EwGOK~q)j?@do{cN*y;t*lyJU?cxwGGn!`@6-|RVG*4uK}r#X#5pbg6K*3 zUzAlbd@hK z9HaPQkAW?vofMZl!mrslUyt}~rFT`1>5|+_P1DWkH-M)S)dDNh9W8r<<&#+!{Of`+ zjwxc13wg2}qA5^8y_pp`X)bO->o>r{%}{+K?A5hAk@>Uw2waI%jujB=`=ey$L@$tV zY58Lm3tmbXkk_2SsR*};+PlTLgGC8>fdM1!DBBT=Klzj~gc(q6Pk<&Q4aZTh>`hbV?k%YnW_t@G*I=Kssc@#UFbwOB zx-|XQb5K8Hcwm%e!yQji40r3fr8tEZ)tAGg7_3A zFmjqkaFs4X!9pWv2cSU2K|=WM`q;GrExvf#=$tPrre#36=mAgdoN48X-WAg*uM*X9 z}{65mN)(C zLGH9-0a;(Z;izW<@rY$xkY$^Hbk9t7?cy^G-ME*2X545ZykjcVe2qH$E6p4)tU4|l zw6Z?@^p%AX5awWN6sgF6rkC^Q&$=vjF#H^4EOn{xmPl9bXG&eUsw3!g?$WT+r_EA! zoQc-1N=xy56i8O5$IJ7k=%L*i8)#k6uHUvvRTTqvJs4hz+vN55%;N=D46uQ6K& zx^h3O3Lx`b+Y36BuG80$FSC9A)J^^}M`}EQO9#^?_fWbWi$CcB+o2`hVr{gN&XTPS zo;1ff=GlFAnhK@}M?fv5T$|1B%E}8*`e43{jv6r0A!swIJU|hthZRk*`^nm~Y{bgM!DGMOkSgIdHeya?O%L#;dg`H}Qh4z}*5*_c&4$)vjJeDks_hG))f zNnlOI;wY1VZc`W0!$7*LJf%aEK<_>X8{0bU1mnd>@Irb6zAL zYBU_a6{vY+-t1HGf<3z7m9SyPkZ)$oeczU(6DL>3Baguum69n(b(TqYhjdeEAb5zB z0W@31R4AfDvIo^nHX}zXWp`@PPE`0-bf6TSk8YN#Ue+$HYAG(JJi!cP-zhjhtSOp~ zJ9IqHJJa8M$Gr^?-DYI}c%72)#qzr^?XdE}Vau~wdCNCg$UJy;Zd;|ra|$ZZ6j76P z^)LOJj^XR{uh=2zsQn)0{p-GYpT8l!AWdF-!1< zao7;!B;EI$#pjAIYeTKgVR#ZI-MWMJ19j&V$xxH=G*qOn#5T42f8DpMitoudra5Vj zg~oNIXud0>e2Ax0o^>3BX^^C;Sn{BEkNz?N*aLT8iye$69YVhePuMaPKiL=4gz3Nrc;V%N2;}z8BpPt>E@Kj16(UD07Rp`!-6QRiV$Np6em^ zN}kE(fCHJHmMN7*LMGjdJn;kvH8p<&GMayidkC$IFP0Vo1mADOlPco7(f3!$EVq?p zCXT$86>^L+M{K=H%=<_FfUXK*V(M|}`YSafoM+*&`Ja4IU5dVi3VRChQbYPG-#eat z^?F4xZg#~`O^&RAlA;+kSMKGe&bU|v-}eZjo}C*`oys|zhkZ}4-tKaL1622RBvxtq z&G1jvUgc=gK(;!{lR@TG2727#6qRz0c>tYazp*c$F& z#)66COL};p7DEq2WoE{tWFnM!{5w0B#E%`p37=1ulnCBu?xqb}*-psjlt=4%!O#fW zi{w#7P}p_Is*7qfrrBk04sfrzK{fe;fIEDuRuAV+Q|7|Hp-rVK43@@C9Fs=u=^GFw zWkNRs1#hi=X4Y-igBeV55vm%f;Lk=jWnn$0s3>oo?W20&ff%agV5W?WE2cS4{r*r- z#?%>|(su$EnfaBm=;tFeYfJ_cGyAg)BS#ODv79&6i`sLTS~wyF*a6%wJY$<7ZmIo4 z=Q1@ayww@)WK|7HpU!0bLvmX~1~PN^3ELa)q7zAvGgm;fO=t8AlvhTJJv_0!S=uFD z^EWx>*@*=!7^ze6ENeU+tW7OPQ5H^(+K#B;K6xiQA>{z+%Wf$re20M|6x|8A=vJ#i zUpQBk^)-s6RE-(R(}xB3#CTs@k$@lJO1RM@v59rk@%-PFLjl5##CQpEp9u2J*M&qR z4WF@d;%xGtGL+#pdOYUxZV{7X+r6u7947}CKkmyB*|N%sBx$Tfl$-4padQh? z2|*uz1FGP%=2u+EvkEJ<{X$lf=?u7BPiY=eZ1dRICS&j?IoluJ&fDU#8$bk{bh+Ha zgjaV}b0yV4yf~NQ4^TPw;$JTRP~%gSiRFh(FMc&OYkLLl zQQ+AfCiNPb2Ro0{F^x8n!R3p&M}kUQ4Ey+jGX<607q{83W595gE@Zfv(uZ?*-(976z6tt{Nn!MnMaW1H(+(lXS@%g zQex*evAM_YSZz_0RJFH=bFK;-g^rSS-p2c+VXG8@Z*q)h2<8fgc3(u}oC?i62 z!fEK}3OMr}XkMkz)PS8MP(9_RVc8Xl zxdBqd^Q173nSSmmF|{dkq~hwY&-dc+4&@)JXYMg?C{JbOl^b}@6yTc_d{|v6Ln*%_ zAgu&TFZQXX_kgi*YJ1C~ZT8a{2Bp25&rZlDjx6FKgj;o2P=AEhwn%XMRf9^1&^Docl3 zVRY?#1bz}k!Y`so{)R~#F+t7>BqQGwjJ~O{y0|NquEjmd`9>7>i-M+P$swPOB8j<= zN858wK97V8Ght;p?b0c23*Ta^?0#R%B9z4YM98HEa(aZFp{_9-)-h{NQvs1RJD4%} z6PgJ)l^XuK1gv z^_ndNBg*zHmr@**)#M-gR$cJ0Y$s`wxQnBNA)0XBHk)r(`fEM#u3pXN{dJ@Jt;Gcs z>d?9cf%pkxOzb+|i{~23K9}G!V$+E9V+B(C@gMV;;{b7kS~GIF`>F0x2_Z41Q%Z3C z?qY9ALE#8BI^iH#9Zph`*&hr#Mg9bYA;a$mDt2;j#tK6=rVT^L8P>CpBsKK=AS^J@3*$0b>CN;IR9$$mtOT97^J~oXk6jR@zJfDX z_1je@{|4N)m(oYg+vUM0Wn|mH;q-$~`~L>SblYezH&_3ke;t4n*Ylf2twWX&EAUh~ z%Kn!og*JWzV10iB{{8P}Ydh86Gq~ ziY)HFvt4hPVPqt{`2fF_`3ch8{Kdy`3~FgUwrQ9A8IA!R3_pNwXd5iX2hvgs zD_a>q?HANy9mZ$nE(d$fIyoBVeQ?>iR%4h*r>83*G@8qo%zEln!BH9MSCWyWZHh|g zaUpIlN!h_di;-mRV$!Ds!3O;w>3kM}cgmIk;z3-SZaeM*Up!Tdr7C;Hv3W6KVXGcq zIp%@ZJO90+gTW@KTx(}ZWgA#ZX~$w2*F3Wfle{rW9fSa~6KWnXl%jKvy6GR4>8e7U zpS`)t;?<#(9^su-h7UXM`dcTJ^)PSa0$51(U`rQRY%Eb4dQy`G4Ie%MxwZK4<|3mW zQKTQQlnKiarNpZ*3oSawaekC$gOemd{5?9-#^o?US5Z$5q|QG%4zZ8N;8*p`hOZ(ZTc)CzC%~H#?`)K=Q z8Ir>@d=)D=7}hYbD!E#44=b@NaA<`^n8N+zPW_{{)j^~GUN$0kl+C+qos@jeMY;1J zpJ7I3aYGuu(Q>I7dT&+pH07(IxmrK`LR!^5_xM2yd;?UHla)N*pp8wMv1T`10=I)d&;@=q z^_sof2Q-^%e^1D_chybhO1V?Vm)-6c#(no?WK?v}{6&j*PWQ*FAZ+D_nPXow@20ra z(>u*6|Eh*;r3@|zTG$Zoyr8Z7;-Asqgti}L76U~0(~4lm+33Y-zQiU7cYD}iI^!at z#jtz-cncuB%1^0p@n&OMWRAz^t1H8wq}V!o5FDdeWZ)DWB^vBW4JAW~#+U{yOf5y= z*Pizmj0OY<0#L(U>-UmQm1qyyYqksP69`srrpY1tRZz^o=JD-hLzbpaYn>}MdV+a< zWiPlIkuPxUc2`&{wx;B)IVCoXNBQO}ja+icqW;q}vC6bgCxsZ2{^Na{;43o&KFNGE zK@eAIa9?y;I+h)ZRSkc>d^V!uJv(A)Ot~k>7;@i#nen;hg!2TtJSRwUI0} z1SI2s^7+W!yBpGvBhiZrfa{p0?k9SnIO?hZ;jt4oM@ChRbpoMT^@a=35+11-= zIMqGp-eKMgN>}FNcH!r2pLcCQ#KcZl)z%o{hK5TL$jq2wJ{je*OB7aa+`MFyd7~E#t_-3&c&h`;F zQkLdx&i$zhhkV9o21E}^Z}fc-!#eKzPV{ayUn7xmibN!EcoX@L&2UA}@1Dt@S5S_S zMenCs5UZB}BCZi|iI`&DX{=3s(11Mjw^k8IDUp{?r>wBtaC? zJFVvk1cu^}Wq)g(P0*;U zxb^83Hy{zU_zF78(V`lV^M*bZ@~1cJ4oogXs6+1%wHX%9wgF;EGIXjqBzp{-UD0we zVUSs*w*v_r^GyZWB0a2?#(9>mpKPN-I-V*`Zk;Lj<@jbx@hN$OEov6;8NG`IWNFQ- zgexlu7tKWk3LT4r^n40PgGn+5xkuWnwTOrzQd0H;H@FrtIt0n3rhFNQ8#FDF6(4mM z`tm#IVvSM1EHy}x?+#swQYN)Zq?Sur=AEyjbLOoX^FtL{HAA96r3WcqH!{OlE&G(K zhQ^OKa*=#ei5e`Y>|!}e<*hd|v)w%N6`|Le1aHwHhPLT)u{v$92~o%C)y5Oy$eAhr zw1$P?Zgs*{F>UC?vPBJ#Ic!^VF5bavT z2Nx0_Cr`Vu)(t-|gE0v)+zcs194JWh)*$R@!ymJMRM@JF^r*J51J zP>_TaI~ROcUYq_9vCCp=d{Hl^YuMkRqZQaKWagJWkEcNpw)HS%MaOBy&nM9o26 zG;P}pXS18>*#1yP8SwHPy)J1c=zQECc3kqs2I4Hjb>3_CKf zC-L_iZ|tC;TzaXDXp|kH$+JftqowaJGi?Q*%>~ahZ+5PS`lF~lEl9U^Gk;$UFn27Z zWq$f1u4PB9y#5AEC@xvH*CVe?&WM8sRmc+JqVFyEzbMM2;h{Rud#Qq}fsI1vo(Aeo zo3eP_sl%TPtZJtx{7Blvma?)9E6*H_oeM?Fy7eLen z2Ne#hk7eLIOBr4bmfJ2fHhw9~gv^ejrqN7d|71m74DfF=w|v!e$xrX$J&Df;%q2ZE zPNPTP9`^d0G&7;RXbnEnEb!MiAzD~}l24~L44DU0nO2&0hr{3`G2(fw4P5V~>h@yV zE0(LYl*V7PloVSd?dYr^uBf#Z`F6daBn9@tVQOKAicf`U*Ja9Po4-N`Eg#_I;8Wq# z2@{`Y*1%bmXuG;Hd7;F*Y-FTg+`AoTgK)0gzk(_?hhlIoxo{@Hmwf&1;;#jW>r0uK z8u9LZpwRiv?2)Fd;XUS$o;OMDTW{XSs7)b00*lt$Ek3V;Q5AJujUSa>7;kNz+H44q8B| zn2A`TIATX3Tz=s}HRY2^hFe{odwu}FIt-DGcs+1++dVpz>3e%g`dM*)CAOzMBU-0c zo0nu5Q#s?40XXJ(SW-o(6fYVKRnc8-d=8I$n5YEmm_6fKp%w+6si}5nT-QJz51?F4uKQ=UD2#p&{WR1DCwKO|)V zHmbmcnsu*aQC*cH<+Rz25lvDN=l#4!2qUn1JJ{Q>NG?NY3@ug%vj|$y*}RZeac-MM zd*rrS*eb9YQbHO-(vd|5!`dR*++4R&g$@g5xADt^zi(yE^vlAamQ!g^yDVlZ!R_Cg zt6IcljWUCFDZeg;q!rmh|Lg||lOnGw$Nn9C+j%>sY3-YvIKV`R7%t44PBi2zn{DnXmCGAk91t=qh^+M z+=|rC2Y90AFB?vFRt<;eycGivILC17avsHX(@wT_YI`Oxf4^@x zl4UY|pJ7QKzENd2ADAVi?EPcOUf)X&!*=og6v2i*^7mOs$rU&XUkn=D5C$^w+-@52^LVTtUo&C}Pr#RJYAkXJcP*a@L4i~8hjNma zF;$HO51t--VKB4gGy7=o0>^ovdBM)+Xi$Otpoek?hbP8hlSE4l|Ir(}e zi^XQKDQbm6Qf5?o)ZoIHLNJWmO?lFuB%Zk;@@|t$n{CnrLPq)GXyk!rV#^OI8p)F? z)^xOJldjqT6jCj2CHBv-G)}GRSMTqI_7{X;la7n(9b*|0LsGJL3)wjnr^}u#oI+kQ zf7I>Ji~=1`mGy;cGL*>*Q*}!c3H>5!8V03at(+Ok$W99<@gEoJro(fV(~H%2QZ3P1 z{|1bGe(~{XnciD0q3cg&q5f6kcbb-DM5Nc#htPzYrT)zjS{r6YAaiQqCDL|qFS>yI z3agdw*Ka^nO5#sa>M(kthF{Y(0a^Iu_bemn8N^u9bYa93iQ`i;DYQGT8)I%OK=v?j zW8=wa-nqrIBN>951DhjG%dfarMRIqZ2;^bS4@kZ2>58s+lDHW`M zvB|!lUs)mxpV3lY zAo3V)_3zV5(1M~je(if&BARMa3s%<*cVMmH(BZZklXeV)#qh-zer+47!VE#D5SaOS zC$#v{rV~57Au<(l>5_*6=34bzSlZBL)3k}rPnwH+k}Nx@pGLdu`LdLk$SiA8Ob)!I z7qzgw5xN;TMV8R%8n3O75*us37Q^zhB~LyAM7XSf@;2 zShs>O^9fFWe6G5i?fC91{Tnc+6j|C$!W>A75-nmURzM1ab;edz8wZ2pZ=-6=3jphD z#%y91I>46em=jn7P!AUnP|q=AIQ@409pOhrf6d_#{AvB>+O z$HY&7KMYp0&qG&VY_k`7o=syh%X8ZPri4uyrLHxe?9Ebiy<=py^_g@#YFdZwa?fzo z{n~O2;ZR0cjF>b$J4IRqv6MS3nH9QRIhqk^5G8x-`7&I)55SzBFv657hnjhas5o>i z4Z~#lUl| zyF!*(fU$Jt(g zEK-w=?y0P`&d6GUc+>9lMb zsgylaq2)kq&i4$<1hMBWJ+Nh_F zm#w0ui%PiDQNHgZ^d=LQ=zE7;r$Ss_7Q0?l9AafYm-*(uNJ)tuWGy)I?0k~@>DVpD zUo#JEoLE_B_lu48jgD+k=bSH@X%{KcaeOY@;hc`jFO7g6-PVsMUfpd$3#s=dD@GXk zTC-&Alqi$sFf?z12yfqvbsvP12*Ao>*o(u`MG$eC1I*dpLzA9#<5?PqGx3#RgI9QMvQVkDNOAs7i~7F=w#_PQ%yDnmLFMRo=k5_OD*= z3?YigThAXPGXR|@wr$m_rQ7$0;M)FTIYz$ueXxZR07SS@hI}@FpWo~=>X9Ggv(z_d zn2c%Rl-URZ@>}?xygo_^zrs~vNe^a%&ozDu?~2i5Bw8gUDSZ&qJy)XVH_oRTYvjZIPVDyyR6^?BVrOt5dgQ^SDJaUf?o8MobMU9j7)9UAI4hxa3 z$~)usuv3ZT0vQ%g_ugasL~m$ZmP z?(|X}dw*V(0P7%KmYvhbISNA}pf9bY)WMpCjcio9K*et}Ipi#Nh~GWqHrl7Cn9p`B zp|>E!UthEHmS!+l?76^Mu$+dx`~j*hI%w(Cn4ZE!Zn-4{^TbWOxc*4qerCsjjkF}Y z<&(wsAq97M&`H%H1Rcst_>fxfoLD#Wi*c@TFP*~bTpuRbr;ym!OFyqV6}w?Xo~hkO zYR1(fFfcuBo;vuFkq%7SYo--gL$ZtXrmeQ_KrC|wK5>C)r9*hNINW~eL@xJ)x)FTi zwemTK9<00C3>~BXdLz*G{hOzho*XJ})1w9jWINROY=(farIkG8D`i?h9`v9*9IWmx z!W8lDUNLVEWuF+&chBvrE1EMAMFLCWPt)mPyzBr?|AI;MSK>Teh^y1bS)Ph7qqFd_ zLesAphR<)j)^a$Ok!*XkrW|1=YCdEvL`x$@L$qt}UU0aT9<2jDf!395Pe_TcNEG!B z;tcgyy)I68#*Fi+Q*!Tw!U0n2h`tz_4v^0q>yTb~SKj8K#jJDCCZuO0&7K&F!4y&q z2@k|jn;~exlZ+36$^LkbN;PDLRL}`MD%Q|pUxaq4uX2?06u|h)76S+eUSP%KS%qCn zL24wyx-9!neY5lxs^f&=A2vLpM@0mmg3tDpt@lq0hkhJ8)|4xE#Ii9 z#N(?x)Lx!02y>(|p@Ugpa;!l>e~0=#uf2v4d-DF1q&HNe+tVThEXjHK)c#K7+}_z6 z%AVhV!^gt2%p3)&d6{Qe1l^W_BkSp3(QPRz_4@o|b8h~{vWKmoXLIg{`SG&n5lq{( zr4<#7jF`iipc7L_$!rq|Dps1z!SHaL4obrpkO)S}#zkuysajz_z`A@K1iM--(CM9K)kzF1pMJ<5oH6^^1tU=_)nc_c<<*LNsA7sZbGh33Gu(_ zcHeuZE!LnR0388KlpF(1?q7LU|ET3RNL_-!9C&ElrLBtqo9!Y_9r-ZCwUcjj&lhebwi9`W99M zxLL#!m_Fipvjmyg1nAehSeXzuTXxj%gEPQGC$W9HPs83BGj8i8PnSm zYR)@lAV9h21zvY7k~j6o;82NmZrf$VTBUlYWX`ZAwzGxKi&wlOkI-AdHW6}l zW6k;VH-JW?+FhQh0UdosVA$3|j083;FN|WwXqf~?nAU+?B5!ff*nD!?aFGOtJZ8B5 ziaF>Yh~k+|VeS{t>P%yit_z9nxeo7O6^rHDaA7{O`3OmzK|vtO%nTfVm=4y=aDAi& z4ogyRp@9-mIsE9SQfEvAX|_=ZBbJqX-PSN315-AQ#EDD<=i}oAI=`V6N*S6WQ|EJ# ztZ;2aGHx1hmnx~YF9{f}psZ@`rJk2GfV1UJGdSP26CZ1$7LTGf&Q+umUuMf6P3jC& z&sDS+PNO-8ZK4QlU<|?uTMZ9)pcPS-K?Sl8i-{^)wy@>RE}|7_qmgEzN04G&C&|@t=L-!HbnT$Xm)powG{v)I#YTV7a!eGXX`Wjy-vBpt+o{ z>JYvz#DsZ~-AnTBh^U2pr`K`yq#rh;k^I5IDYm*b>~32{Ij5zKS72+mSI-@!#HFdk zrOpInm&CC>a$*6#&!(xa#HAdbf;eB_GC>8WIJE01PS4aBB|Z&nyyN|BcAEohKr=ib zm$A+Mif&S0EImc0DHDGiRE~~@rU$DpB~zeEF>Ep$l0|y+v6uZ+H^4A&AKNE*6CRW>s_|_vyiv&~LLM~KHO-jo6*BKg zd*uXFO?@eT z1BwjZ7bYeYu=g|R_cil9{@?rZ^u9Lz-7b3$<=ry-hL~9~U#PzS+Hlw5?@QFXA-CZB z5_QQem{?MQ3&7N8J^|#5_F2HVklgtd(!#>39X|ZZpZDMy1Oup5^j(})UJi-t6VL9b zVoc7$<+JHgGzc~is`3CoTm(X?v{v?0D!d2PY~_OWEUA^|j3$#v^rz8g(4&44SH(dM zRIZ4zb$k>J!Jd-b)4p7e%h_ZpNQgL>v}Ebpag-<$kh%X<8?UL5huW}U4nzhxG!2W+ z8qmGgES-XHE+X-=v_L?7_YhvsEL2ld(|-N(%NmS+47rXVW+b=nct(^2j27GSG+=W7a z`rQx%bB)Jcxfz@vv%9WJ7))-^%`e9xnpBl@uACA7fchbWZlUbw&zo%qVo}WDSq|5hgZ@}pgb|bih)H7^2Qmc_ouUeUC)?TV z55Y+S9~QVP8Osqd+5yWEr8F$)?zkawOf1;_;NOPp_TpVmWyA9IUi?3V%H8(`S6fHq zoG8%tq@h52^l6jh>MSd|B}+n4tF6?Kzi2W;($!ISK)5%emxCp$UWdgH=@S}0mz`wQO^1Ztwh~5guIyJSg3ItD<&u=0$EeP05j^| zK2_Hf4scJDk*uK#U)g@hqr5H4H$zqSH4St*05e%i{CFn2NROeU&t*7#=eunu;^s!Spzmm5?r5KMtr<>DlyjWG}}<=s1K z(C1|Ym3}hW@7P{aL$Z0Z;%k<_0R)!mtGZ%~jl*(9Qt^IyC2LDJFVa{s#7%oCtF_P# z0vL$!rHePX(_9890V6>aAG<5cMw|SZDQh6v=4AX4$bQ^V>-Q60l8cc;`t#vIg26yg z*{OVqkurs!oxs2lAkGHc!6SA%F0+CXRek;%N-)s^ozxP>2!$c4b)sVKT3m957k<8j%&jNlkaba+8k4n`4{sca<4uVY?`V2=rB960@vZh4cA%q^j40cyvr;6l( zz-cUHVOTGA891?TZA`7q;SEc9W8fMIlcZ|A`Eze89z`s^?f`~&^o1SdC(I*1$0=MqsY5^?07hoJ%6= zXdJp6xcCN%V3c0GrHg3jcliBx&z`?Zl?&llW?=>;I!ix)u&9YEi0fwY9DbzUDw*BQ z%jCQ+<}<{gmd;zi`t*bJE24}xGUE*29w(1wC3q_QC`8zHNh-1c&v!-wt01K$9)2R? zGp^0hx_cjAU_KBdHo~p(=~6-lL#CM>sEUQITnWBiK1RX=F>%}cAuYq_-L6R6$yOBF z13$er>6eBj$u+_(In4JVxVZ-x*BU4?QZ2>ny9kJP=UXB%Xa(?2z(SLzOvGqo^R3$` z6l+J`t^-OsAwLJo6DYf*I-Tb_Pxb<8m+f(Q4r**vT z0uaTpPEWB1k$Uz{u|OClz`?3&^XAol%8X<8wQqH?OJDqzd{r0ev(=ecsLn;9HJGbS z`4(#eyvH0|-h3mF7)~d17u)Fd(@!iyc^}kg6I{EbaPJ|3G;Iz3J?vnE`tQgJ-{HAQ zLzVLVQc;Q15=d);lg z-!b71GgD9AYE`HjmLHQ^C#*PJ9QLOOYa-&FEZzA@{p@?3K6V+@1P6Kh6 z1FVnTnI=Lw8W$Bs)gzKSTC<~umOx^-maP~gNSXA=sl&gRR4i??m*$TcH>_?aSFd-iKo`Uz2kma~IxX@`^Kn zKPM>er&(=TbY&M4!T4pip`Z$-K9r~-By#bTwVb0TZPOk929#dANRRL2onz(I?BLb3 z7|STLMBA^-aPLprkt}MFV%M3YGT7T<>ns4bVLm)rQ+$+FP;yf@C?z1qfdl~4um>+rNuBb#Aa9R))G%rcKWEHA-PCiG0kA4pL=D0b=+F=+ z?iOpo8*M!m{Zub(X*Or$ID>>kD`+Q}BDS5R0a>^rjQdC`&Iq|zk6uOvRpDg2Oha84 zw5mxp(J%dO^b)&QhqjzBK17Jd>*K6t`TW*kr+AzWY>Ky}iC}QfG_z*9kX|afBr;0w-R2}+2W_Z5Q_?BR+o+cIFNkt6_PkO|lF9wH@8i?S1;XQ4fC(lvpVo9^| zIGrOT0U$hd8l50)kZ%%kMUtF>s4o&Bqm-YTE~TNCk2KjS_F-0o#xEto5;!m{h%qn$ zsE4ob@peLm=LH+k5z34-$iQ9%0krOhdc{KSoZ-a5)x6cY2CH)6h6z%j+2axDIeJx- z#ixeGY-kX$ZQZgJOr2*T&H9gSs8f05gymz*zjg76+E2=yDa z*AU@aB@sVH&v%gv9XIm8RA%A*^Mt5r*=!H5egum`YiR=DD*V9PKtfW-kceTKf}imT zr1#ohobN}g9@Gp1A+^UAksk$x%NcPoV=Mjh-ug52`-8nJdojN1@PY+D#13|SC_O8~ zwuJZ|fH3HHrD$Uwz8M)tlRSo%U6wDVF3dqdfD=z_>mQ>{eIYh#G-k`Uo3ooOlEatY z7_GvpXRoYEWCw5zA+5+S#`<0j>5WD?&>nl(QT_B9faDnDN!_}2cJ6$aL4ZV z6Q~G9a~xm{{~Yfespw=#7#5?RarEQn)y;l^2swU$1i$GZ6;eIj@I$fDS@e^UydIEN z2nKsT)6RMoNom1#m+Uw^AoaHYtEN&9x+G2%FuV5`lmWyfB&ib|ajdwo?;13DYD7g@ zLd@N-!`C%Z4>adJ8?KKsgyfxZ71p~|NO2Z0aqb(;e3Go5td31wduygbA6JufLM;#| zcp;?gg+;nh4q}fLTb6gkneL(BP7GNU13p6s$_qdxfuSLt;{`UBCxjO<1(m8Uznlv{ z>ND|*AQzrsz$wD;Q%;Y#yv}aX(scwHRV^o~ffqBG(@hNbVElTSx zLM&RcTBc)${egL#i8O#qK8;6wjyGP;28tSrkOjj!r)>QQy?mBN$V(Z&NVrHS7dp%z z^jRuU>QjYMjQ%NwTWI2Mz}1Gs2T9Uh;X_F-wk;${L5*!Ly|S(oIcF9|04p#RfqJlg zTo}H0tU8Vu>;LQPEWe^~gTB87EVV4%4bq6XAWALWT}w!-lnMyAAmFmp(v3(iA)S%} zB3&vh9io8b64E~b5pP~S&;9ED3+9~b%$Yggxn@3JMH;rc_M^Z>cnG(4*@*8T1iDVO z!NnYVDoB!-3RQc~N=fhDxotY%NxsVHyP}pItD{+|6w5ZibHXWdLO+EjhBX7QewjkK zBK;J4qs&P<#11no~Dl z&kyi0vNy#1?gqz{F|373WMkKhUzHF)aNCuCt&UrO=fn7F_|bh5-EPc!LH1oNi9l(9Qs z>Zw}F0j?cL;jF|kRdSY_nY$)>A#fQ?EN(v{L+4vk1@WHdg$C}M_1vr>9Di@fC@yLHqpLnOQ*TJv zb82Hu62ceI!A4O?C@sUQSs3gysvTVzOtMSS;3g5GW-{7%KQ~HfsXO$;Kft3k3;@8w z-Jn(FL8Jfd!&JlW=vCwO=NoT>reErE=vUw!mZ_#gm^%6#gl9xcm2#=(n5-hlfm@)^ zt`QedIkdL?Tg{cs$Zxi&0fh*`F;W{teEkI4e|qpvrl?J3VVzj4{#ozhYyJGJNv3Ry z2mY*4Bs6b1M=RwWI9Nn@EqRLUfpWL%BS!<5l5d-LwY3Rq4g_jeY*^WCggF6MT*t?*@xi@7^gH1@unq)zn38RtXC9fk0V6rmQYR_a^YB#Rdoiyf~< za#@3Y<<4!{Wam`nSq&SpjKV};Ya912B_Lfnvok1m4{a9Nv+mIr_Fn?s^90t>-W%Q+ zufi4}e@zurj5&&FkL+&!TDcJ7Z50=+hT(6RPh7s=rScE(MseW4rkDm}*Ki0iq{ny` zt#O6jVzR{7R*ThaWb@LmmmH7&exaT>=0mBz!gO%|S<7(%ul@1+192=a{yrywKt&3B zR{UHv;#Aj~_f9#3X}`*(ko69n1tvsHn_@Mh>@|ero;%BT>p;KthZUv&xEOXUL-`7V zZJ0Zu8ORPegOy8fuA~->3n(4nuG58h)cN!RmW?i+65K(=2mrfhxUzoB{ph#zW|EKW zehTk8tYSm()=Gbc#~hmmK6=$wBuMF-+O!+??3WeI<3M@g;`>&4tAR{Sbl#+`PU-hV zD0LVqrfeU~3S-=CPj-WJh~df`ARZtd_W$2d+AQLjoBEO8)D(wNtbn?fcAj&ZqIXNd zlu#*o3ViO!(#k;bZu-E2ZkyU}{&V0LY0S#%*IM5R6$=#5@|s`+`GMy0IgU}P>mt>& zlMQusT$Iwgpbq&(4q^|!9`(|Lq^doO)|8TsaW3X8aG10PZO7?Flr5i%UrB70NDn>x zq(%%(_7F-h{x4XWWUP5#lEx)2l*9m`b(~;i+~3o5NEk9Ij+uaUGg{%L^|J&*I}-dxsYoz3ic&_P zb1AYJ1a37@03oDt&7urL8#foWwi@zXdO&1J8oJL7dnbQ};A_$YH z!*vVgyVi6BH=wo~KaJubw?w}Rt$W{x64;lnMR2#(Uq|${$SMvZ@&Q&qG;J5@m@3-I zH8Zzh#j_UlEWZpeLfE$0+(#ig2_S|8iU(Xjt{9FJL^;)HLfAYr4d+og23x9`11m<*8(*Mg$(5a3cgxB@ zePskcecf_Ln?!TZIph%V_3^FQCQRu|hD(=Nox}?ln9AJd5eyY~GGH_OC zoSq36IsqQ5m`9jM{NR1zwFzZZffb`OL1{K45LmQY8D8IsLP#gQO15MJm!5DH9yc(k zZ-HwxsvQStQ$zOe3r+vYDuljeDKy0Znfa3MKAr>?PS^h zHV~+T_S@FIVddkkwvW5!PXDhY`FNv~B37v*1Nftc9vW$%Gm5ah8~x!P`)=&O`Qb@q zL`(2P=?p(Yb$|WLhCe7OD4zrq4Co5OBcO;mky$}E2DP7=jM&~r`Ie6{q9N2zXP0hM zOVN@NaN+9yabM{{pjg6FD`@DeU;QaTjZ<<0Ym)O-%-&B*Egxybf)zQ3J^Z*33KJ`&fsmF8yHj4?t+B+(AQKo}^So zjEk}g@&HxzzQyelDf$JIlhT66Cpl<)kl8hoGR&{ZGuYCL8$I78l|u7t1WF~owc%ne znN}O#-Bm5~*}j34V0I(1{x7jsdiAaKXFE<5>_rRp;w}yGsOyT>#mHniucH6@w8$+Lc0fD&4`LmL((}JL^M?j9+ zvd`4xmUJ;yJ=6H6>$@qbeZ3jim++ZlEsD(j%TWW`VzT%0)SrTNa_7^P(kyBCpPTt- zfH)HN4{bGD=!N%Y=1uCqx()DqDa$=>LcD>Rz0y~?vH{-@$1SuB`;GSO3Z`Z`p`9oL+LUr+b#709EJf;@laDQt!jSUV+)kv zLlGN?oU)o2n#c{mlUmCnJC=>(!P>ON_!qau5P{nIg1IuV|$1f zDS0(6_w5)M%@Xq1$yP_Dj*9Y;MnjaS$Gspn_CgSND}9fOoT~%NrPUjK0j2|iOehVm z!FiD0H_*+^R-Jof-sO!WZl~d41m32EeXW=>V7yM#>;r0$;lP8InikU74;9SL>=}bz zsu<}H<4*7Fn_6-)4Lj>({MTY$2|!NHDtTPd+)DLtVN^K35N~; zMN<_EQ%K@k%}2k+1TYCkgG)MD8!HjcRpyLj@0FqE2OWC?@X90U@z^Ou$w1{Bh>Kqc z^dF!VA*z=hz`H0Ti(e5;mRvxx*|b$p_vEP*HG_2>U-5s<9f}O)3BD%DGA@RNz2Zw) zX3NTeGp4YU@W3phZUfuQ)|*1~A&rqG)*Z)~%h~dnPKux6_B2M}@@WI^hqaRKrzQ2j zfcjn5;AScW1C})O(eK!->=$Y7(M8^QeEu=OE$^`27xLico*W`ub;Lh_>+nY$b&p31 z6LyF{@_;D!uChVEWsS{De+a(GO$>6zo0_CfSDmr*#)_F6ZkDZb0DOGw8i)+aAHr|V z@=4IJStTE^bW$8s{#G9JaD~XW5A4Y0vaEbezA%?5<8@Pd?mo3^I(2hS2T6fh?p)JYc zJ81=*g9We;A%fpJ?d&4LNohhJfA^s{vwlg*PIx2V!zr^Tm#GU?Gb9=)cogAKQJHSV zDcCYORRl|kx|T~6!$xb(f3EYij*r7G&f$X~Ji8701_jY zbKxU-2CE;RV=+uXr?r*TyPt8O2LescM_wB1YJ|V99ZPpBRVOiqx&fi&Q4&ug!`S46 z=*5Se=7*(?`M&4$oc+;05y0kwbKi3wSkw%W(6X4Rd+B&~vuH(ca!|*Cwt0Atn+=cV zd6Aq*<8q*trUK`jYS#z+TuLYmTip40al#;8xR2pt*$)wAm5AwyS0+wZrKCu!YobHGj7bs|HNy|a^V-W?31HxXm4f12Ydomq z=JKupDcpDucO3fo2@>{$?*CPSr~fU1YC9GhzXbYU+pLoVF)E|fT*c!@<#%FZR}&g& zwoRg>h|8BWSh%Po=hp8K0NLNr&q!g%(R_>~N3~(PpESD+7|vK?qLEVfUoX1;GXr^v z!BVOAoC8AStlJf6;m5+PlpMTzJ^v8N13x@Xkh;QUfO{3!tQ((_im_>MHK;|B!wKG$ zuzOn|R8~luOY^kk1O1qs6R<2wRp|yHP@OKaVuHyoGFUfICUIvlarOLLpD!*w0CJ~) zDUvEP_mv{V+l*Be;9Kh}mvQZLmtx_OlRvY@QD5BXwsWxA$AVzvLy*Q=z&`*gR6`fA zVINQK?DU^O;+%0CH_kZ>voMp({=>tTcDRhy!zRgs)+x2}=`X=OvQKMpb@YoI6$ke9 z^N!t|Fv2~hbF0(SxoTcWbgQK>wQmT?E2BTJ-M=4bt!{;%(?>A<15_%t{mifdxB_YK zFJ%@k9kmt3cFJ-H7qY*INJ{>FlbVBS_}gNiEq|IxreaI>Z)6*n@O1)`J7h=$!dBW9c*GGSIx>&)A-{BCYost zSK5fjWD>&_5V7f=d-N;(mFG+KPDG>`qQmmX5uIU^0u8n_=u<+d-$A2D9^{6(As5eH zYx3K!Yka2Q_V?XvdyJwv*|=oehZ&){6(t3@&{Cp|BI=My^d!lm#+OSSOa=-7 zCg}C}B!S$7G30P7zEz623bzgdjYxuuoEYTSTk=45wCWji9_r#s^^9GvK@ptBvYcneQT3j4EB4Dt~{l*jhg3O$_DIrh0 z>7XWZMz|?<(e?_?d9Y^XTfH#!9Zv#>tu=$nYFg7OoY|IP>Lm&>pjKk8URXv#juOp7 zOo)8xP8H-??5z;WyB8@27be}L=)jN=SQj8HGk>?H0Ie}Vz#+huuYf|QKI?l>bGH7D zZ*jBl!i?Wfh26J2Yw6CFzjS-rz5`J2NR!o1(l*;Ov>xke_?a=&v>?2TO|%@4EB}=l z4zq=c=UuT7&8eST4#gU5xD7^tUGOBvRB!cqR0yfO$p|S@7kOqRE0TjWvHo@Gih=&67sTR#Z0qWSw&QIgCS(^w^fR^UJ|#%<|cF{U?9ez<&|#+!C}mQXyP!F zit2yKVX7{z&1d@lAC(>X$)ep%=!kUspgdEx&m5$DQ=hp{xykA`sI0OfiyP09p#kaA z*mI|3;Yqn*@31108FBfv^j<$DGPu|Gc*40EI}?eB4oN-Emm|K-vSZkBKfq&H6fbFi ztEn35fSY8fcIJAcdsU0s+kC0c2DJhK8Tx~cfA*P7)$>wHwUoRIV_O^uFnEb6OgGaG z5XA4%18tMUi|$w7TeRYJSEVSw5ipzO`xSdHOE>zlx(xpnO-A5PxI`00Px@}3egbMRDN(4_&D?R`hfw13aeqU(ky*vvk5|Gq zG@`%iFB5XDasvS$`D09*Yr6KHhJ;e}TU*=n1S)WG>EoIhbaa+M$8Ec}qj`yi{{T}k z<%qIyOLU^rRfx};f^bsLUmr5^&`54PE?{3{x`b3v~T#Msk0VbdipcvRez3EWxoq z7*w?FKA&b7>;9oHsj@Jt$LkI1u1`m1xQdnI{tp^zL?6b9AhNYK>SqJxYcYklXVac5%LUj_C0nQI{frs=<9X(PI#^>pC}ov z!>7w&Ka!PWujt8tfFbI!i2`Y1gBOn+J#%jTIQZoG4^RZWy7#xB;6mU*QRzkhR?CLT z4s#urbpjb%c}Oa%KA@`-9QD!cDuh%y*GZ9l+j}=5=~ERSC+ny38Jg868y@qYzy6U9 z__@Bq=J|ve>fAe?B3vLK1>5$87WiM^iCKA|RugHM!gW6^V<|j0AJY&MZ5nkx8GMc& h6wj!vO5cBd)^n}dbmIoXRYae%Tk#Jt$^CEPe*pfP`I-O# literal 0 HcmV?d00001 diff --git a/roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-install.jpg b/roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-install.jpg new file mode 100644 index 0000000000000000000000000000000000000000..a8628e720be21d57adc0466b835e92fd875096aa GIT binary patch literal 39974 zcmeFZ1ymegwl~_iy95pH?iL6xjk`MyH0}X{2X}V}?(PsIxVuXT5L^;G1pPYynYlA} zy_vc1t@Yh+-S^&q)7`btwmRomr@HFY-t^1L%N76=C@m)qfPxS+6f*$u@(jR{Z~>XR zfh@@1f!(ahW#kl9UUs1Co}Ib9D=a$zVDI4Oq9!9wuA{3* zj<63v0U!fV0RjM8Q*&1*F%=aBz`vy1B>*H605H$;JJ!E6`{xQY3y`Zh002b}QHz>8 zxwt`i69~`y&dupJpAO-1&8Abb^sXLf;f5W=tgmYe;BKmE;H{lP;+SOBhzhMELq zY`74f-0B~Avwz^ttzGOPHrx;!Y72V@NPK9Wzwj2nd7t0By`4LxZ-3D55u$<|G}R$n zYRH=eAOnyCC<0UfK<^9Rvyn;sXnZ1P6zNi-v-R`~R3;`T$snaQDzNFi=e8MGdxZf;< zP$@%&p*;eSC8sFqbbXTv&2vqK1tpZOd`$4lZQ~nfN_186z?@u@42R~2SH0DIL%X@S zsvapEzquS-Q!_ zL&~uH=m5wrp-7p;&j8Q~Lcqf*x;-5|DNAp+t5vn!B=*RK%y{f07OvsJTX9tAW?>y* z99b$BC;fa?I+l7>T||O(&TwTMO^!@022Cm$nR@Te^YI4jz*R#b8hhi-wZQ=WAT_+H zMrs5+YfvYJRGt))msXls9^3DM0w{Lr+eP6hJ>qe=vlDh;9mWZY5RVS82&xs4KC$eq zym136UZ@h%m5qAsiuchDqRS~BvC?1u!J%DX@RZg}QxXi6ZR7^NNmh_Os$g~nTH^K! zvLwcFjyDCQtkSUIOqbGCVNB0oV_sZPvQiHHu~)MUQ5e|WVUg%dZdr^Zz@bod|KX4T z$HWzXFVE2Detup{xiU`lE5Le!xPq<1htAKu0~*OhjSe=bNd}h0TzT_^R-+A+yLFdH zM-8$zQ%P{4CdnBl|F@w40Ce=E)87}me@jqHzS#j#wOmu8fJ651Z9a%GeCM=)U@YXT`=1ax zx+tI`+FVD6PA=XWk-{Xo-8reRg?X-yHsp=oK7$ZrA;A*PPKNMbE-0uCq*Z-f?Qoxc=u=MXfaD-E|F^Mba z4MF9a5K4LISdGTJlUbIh3ru8q!%^(x^gblCUVP z718ScQ=f5>{E4n6t>CvBBC8S-xI7`w9-0H6BQl2N4(Fnn3(7bV>w7;5qK#5Anmc(L zlp*J3WhE6wX5q|~X2xKhK=-guib2zadBIYLEIEAsPoc}u+Fz4{0&K?@uIiil1%!|Y z5qPCdNd-hOBymmagwRYem|=`$6`dOy&1P8&C#ADfld!pMV*6)GGa}^PW#@7TN2(Uz zN}#D86fQ~s=Q9V2kQ$z1#v)@sev)5+3-O48n|5G;Gq%vqoe0LwHo7oxR7j~`%Qt6e zU@^T|Pq#!>^A%RQ8BxCvnpYh=>Q&L5;6&knj`*K?{@>Lgqx<)f1w;b=y}|!MEt-HP zb_3+5sW2}x11=i?Yn>RNT~rmFL%WfR`)dw3`Y%pwTr58<>>j~bBnsVBC_S7+Nogcg zJiZVo;Dp*E1J2%EmTzBRV8v1$vd@!nTYocQc_2@x2^o2i_2dJ)m}V}2Z2)RU+adYTe;`=c zGrm$e%D+mWp_StjQI$UbwTbm%E9D<-A$g+`0WReaf6HkhZkLP5d8Pl&f{4odZ|whx ztv@7}$pgt(!oflVppfBV{*w9yK$5ZWP|yfi*pzsfIJo%a+&sK|DzDf%L`?!HIAy5g zXCTQ=L`Vu03J&@Ouo|>Cz*}VIu5AVyMoE#>1TuD&$C$^O4;K{{gF1P9VGQ3h zYfZ<>LOpR>0DSA>;tcv7glC5pcds&QK;)#hRTuc>u1vCjsa(L5wgVK&8obC*I^~ovf znlxPE8O1nAXBV%S;u`uWTnlND_q=GBz4Ywb%s_Gr_*HQe@r|!2EF)!;xtVWWAXus> zm$WG)epk-|wgv|#D5OFWf6PLaz@%l}-_8;~%wpkbC#iW$Y8-DA=j}2^wvQ1lBGs4s z0-$t{9x75F)hpe9WA5${9A3`bwMP;vW+hQKJPsuLrmB4!MXB;EsdoI8fMBH(bwnV& z(w2DWXj~bMag1(aH4vnj_$rk+Qa)U{t(}*bv7Zy&l5uV5qQhmrAJ`Ca#jDzJz>vWZ zN%6+$E7Vxy4zp%r1bNe~m`JIj<`7|au{uau^_0uqmJoeU^@_DSUiUOz<|+1mI;G&` zOAQ+%xltsLF_my>n1o6Lh34f!V{Cf40j-i!&v7KfYhSqKOxrlDrI zvjv%BBsi7!EIL*YvXM`#j%0G!FLYp&cHRn)a6ZNd9z~(~)T4SaV$h6SQC}wJ|5Upx z8}e7-VjH`A*j;jkeGCu!WlZLiWnA?O9HRVDIi1MnON`#4 z@TlcijbNN(x3zBsE^m6MTR+vCMwK6*kI*j+St@yHw%cl9y#UO+8>cPeRNo;{KXYCW zhORFZTSbr9MNgErV-cT7DzRw9dj}-`XPkjtaDHzE0Y# zc@+gJ)0G=}0jS~?v)HI*rKTUNxr`{S6m1x?W?NXq#jqnjU5tD^AWBY(zQw0d*iuDI zDprUn$1%}cikS*Y18dPoHdgWonyDt2Q!vRnfJA5ThxImMg=3oKWXKhY88zf)F(dL( z?8nylbRd_ryq-$?(mL3_IfloeUS1F`5+RtPV5T0~3R-1&of!2QJ0%4g zk8CcNDtzXDGwtv{aF+}jnN4^#i){v@0o`dpk--t(#fJCQTcO-t*E**+GYA<7{90IY9I zG{;FLm`rf*YSZu8=zYbO#4Du0<{6g{?CKTL6Lcp`i0EkYdnJx6{7Aq72E58(hJ33&`Axv3Zli{a`VWo$PC$n{4}Y9Ukps&DdcQo z?JSI8Nts$PM|T?J^r29=T%blbUgKC#TAUsoILOLHH@2}QNa%d`aMs1Q(MlrrcF{6E z6ZQ~7@2@-kZ~kEDIZ5u8x6sYuwo%%Z)DzuNKPttS3NB+%OyM1OEVy1)BW0)Ue=MHJ6^0;f1M(P{(H zAhM=_Ieb*+l)aZRy3sToMFqZ?I-&?m9A7SRyl%Y3TuV?M!n!+KEA^wE{$-PI1j-cm zAgZjrN#O^B3U%+6^o?$Z$QoUEFC-hYnDKShuHHPm$urd@JiEjctebFxg944d1lPv) zQ-vQHDwT0+M^US>wh_YF4{;p39L>jEuPN((-Ng$~`De*ao5p;!->A-QxI5JiRX3e6 z&|CNRz}{sj%wUPFO@PqIw$1yDQkTn6%Y83`fU-1!#2ip{H>Do`DeLlr?`K9I7(N7z9l zZVMBr67gnlBO+u;U!HkPqr#LatC5%}SXZ5+gzlY;n|(W%hKmNUEylpj@Oo^137#>7OJkRo5Q*!IZqQL=ep28?AzJo&D5FtJmST_tG z%-STrky4k}RZU#(2UtC9C&`*{uClMF*eq|c^BYR=VW8y1#KtY60n-!c>;1Si+Dsk{ zXt^$`K)}{ZOe&!vWSl8=q8(>poIXmi5zufc+fyAYOp#%X)g-C-AJSwnK1ur2V99%Z z+0Iq33ieHe5e^kVmP7K(-8&%}lWp&^WkdqXV1Q!96UB{Fj#b}t$9x%DN^R39TpDsu z{D73+TI(WwC~L{ea%rqX3)MTjCrH-4htkF1%ODTd=`+?5f}-Z^=Ty^A`9JHo|NqdElcjFIPHO1C(pM~&yN3a5{i3wN+IYO%*2oU~Qw z{Hd+$7Gn0(6DMFC>3ee$73=jaVmt5f{)L`ri)iepN^PF2B_x;%ExQUMsn|?Qv3EN2 z%H4aMY|1v8QY=cj+Agcnmc07Op^rWrIX-d60fVm(UI4}kzA9tSdqN%IG?n%oE)0TMu z%%pdy_373NE#`kS#Y&{T0QeZH!NZ^4FbN1QtJhF;r9UjR_$}%+E7?Bjbr;;yL{wY2 zR0fi@RDfJs~pPSPwdjyp9RE*{^%-x^!bt5(-(6$UvaG^%uav z>u0>zcQR)>wFOob?h6eoFMwz9AL~L*-X_-Xu4@}D-HEIYTliCMsh;KaslYJ3`v`2M+_3*O|vt$5+zLRP#Jy`!84sC6qHsTGdc z;@SP@{JV#lmqoeHKYEX9xmy#msTg@rO01gJGVRw_nbynJzduqVB@sqye=62dJjALZ zBZ;_3T>D~I1URG-T(ltw4(1Mv&}kG6KE7TU+G{4Q8^bO-RFi4?*q6nVoUhanJ&JBu zS}ZT2*cLW!!ik7Kh5>%#Pm>gkC~qsRg?*&?Bh7x;YFpNem(jkN-ndQUIei}OkP|dR z9n;>H)E5dflh#Q*zkgZnyGb@CDHd8T^^o(J2PJMEIa6OahbK@;|D%|dB(*4?c2JRt zCq}v-m8Pc{iP4F1sl6qC{TFeAMH`W6eTKYna)!%X+a@}DZG^dLyyr*%?!k|;o1i<*i70vl9~gB`l79P_DuO_rv-q12U$5)H@7aGqC1rZuMbBu7f`Z*JcqdvQ7q zvu~5qkCh_bO?HZIpA<{<)*Wz2mDK@M(URZOsLp!u*8(YGlXfC3C60=X4nwoORLq+ zp|;BtYZF4ekdJ*PsnhGwpJn54*R8hCET{h%RKo>)o}EG{vMuKOu>IXE5T@q5TlKhD z!sD%En%yX2BaItqLNlqJUg>fgN?M#9FJ1JROW<~|*)6?Q4uL6#$qT-C*dJYo#gOGN zExn^^sbx|lS-Dr6u-M=F0A`M7F01$aCx>X@vZpcqjavREvI6-Qi|EzF4$k7Tbu-MI zy_Pu6?m1T*tg>OuoihN;07(#Ru`uB=69>>iD^dWiXl&LA@@3bm1 z!st+Jgu>_GN0R2pWtLN$Jy6 zZ+OlX@P+a}aPC+d1SeV69_GVkbBx-JCT3q^D`s_tA%{SD>Z_&Z1!W*>HCbvl+muZR zz$lXL?$3km?Y(dGq6UreakBW_fue!4>85fUXghZj zby>!#Y|e+2Szak&L{65#q`J60i|y~sEoq_Wr{o*ngH*i}PVk@>&LJO%H@VaPJ?CLd zSU>0eC0_t*nr1c0&^y>Gz)w+P`Yr^sIVsN8X^|C*$~oaxc5WE>!Y( z*IH9IA#Bqqpz`siQukI($G)jJxs+V0SwG}0yhz!Je$3wUWFv-2nLC z3S4Z9cO}BlSa@un~%QcG?n9uXQ*BzFMHE z_ zQB<4bs^hM%48$#2av<=PRnGkUbnwd_=1B&px^%vCwP=gru4(&mQ#*-5#82eG|BtH< z-?j2nu@=X^?avdWUsHZ(rgL>s3`^*vXX=I@^#sMI|^=&tnXm4(+rg zu8}x7UX(Ku_0E#5;eO2i(NeEmDATl1?pesBZ{t2lqt!lE9f@mdIw^Pzo%pS`oENE# z+=Jn>|B?@IKptqofUI`oC8u?M^+C;KyQ=%4ma0l43VyyRGtJ)k#^wRByljY2$0=yl zm1RuvDYTFeDb1S+W$Aw2wk#$k81kGh#LjOz3g@1$X9JJy1pI(f#dbKo#`FC4IY(+} zhq|mTJ9cj^i?~=LWn6w@45n&LH63TeMn4D2xsbvb_h==*e_H3`Y}fNv*$Y5ldBxDw zU)pcB_TmL_eM~EWMI#k}{oR;$=tvX6$bNTxygIma?E4!=?O>OzkxfwQ=w)gR>1QqC z>xAd!s6S>jPsD^p4`z8Q)+PY3-bs{%fDS%l?T)Rdud^2}DWPiu(%q`>#B9T`9GKbw z<52rmm5bD)d(9-SjK#!t=~rZbuKs;SOC^xdOwee}xwDFO*ZYk}`l8sYQL{7<+uPkF z)=ag6x?nYj1ehbGu4HXGf(&eHBp z43(kb?V|rB&=b(C*w5i%AR*5;5%``gWfM)RkKHoIpDQC`+-|r|-Px%iMLGJ*S?ads zPwlTj^VgqT=47=8zA#=R+bAIsDu~;E-l@t008YGWe=gx%89c2ekIPN%3BViW~!_dt`2V8dl%zy|bd|&R1PK@RH!>HtR@jI@_&L!-3 zle~uwbE#nlPH(JRvAIC2hK*EE4;#|3$R4$5NR0PfOB_d| zNKNVpolnM)iBKL6Aq`vX{AN$XD3Xab9=%Y~I|)GsnKk6fmpOXZ z{ZTUe@%FAMs;_{-3OrM42+JEEOs4{r3MhX28rOqN>nf%xx$NGWkCjU;3xQWA9+&N? zsG(mLRP;T+X$3>dZ7PJUc=O&D+x2RFXRZ=C)L`8g*_wu&hROstgH1g4Gas2X#yFiHGIwlo&n6zdw3wqs_=UlLCv=s8@ObeEu z5e@eh*uB|ae6Y8mt&Xa$v8)^|0Q?UJ^e6}Ut$f$@J@vssOC*V`9$qu!EBK~}zWk80 z?hqc+GA+iCA{MyTKwwDkU9XE4h*hCx&T{j z&wg~>tIqeHm5N=ke3q9*!cF2N@sfhfn4q(%0O-$l&>gD%g>KQSO_>z$FN#L|aNm7Z zI;r7Kq4)Or15N+C7|iMZ_l{9g457Pxmxi(`)zq?B-`X$N?O>jO8sX=Kb@#2=_I0?v zZ+`)IJ>*$xcdJc^+Lqp;NEIoit~MAOb}m>b#D|~8F<1tBy3U*on}ZnTL~P@BFNJ7Q zmoK&I&PB+!_4FGL=#Y0cq%iZNp1zeRS$2_^*RbCUJG zb_DiE$}xb9>GT?)Tiu06*si(Lt=++*RxWj#xT{QiASXx5i zh)?9itrUJHycwB*?Uwd6{Mf3@CWz8WzXHoBb1(QqJju6e6K9 z$^2T;OHQVNaZJV1DL3}HZe^SwLqV48R%0r6tLXfdWmn|{Kpcukto`dM{-VTG%}ZC; z8;#X~)z8t@k5^?XeW1$9@Ii%St5R8?tdlBN?Dxny zk+N*~Sq7G_p@~R~UsiQqQ((XhYPYa&AXP|}Yv6Lkmgd8>R)TdbYfIYx^*mD4hc0wz z#jk$eF4+9kT2M4tUkp6fb@a={7?g_bMHp5TvRU(!V4k^qp{`f?p!r<^ zw!WJHImvh0q%BMM$0|Vea(zWpaqf2(xQf7JA~DU7*e*>N?0!)rsxW~f39GA!v)2_G zIY5MB>0A`kp zz1CK_ypQ8m@pTtMN(vcQNn&n`kd<1mKcg+3h=V$nN6f9JoFy6UtVFJVDxrw#bqqoeD0mnZ^O4q-|Q}-tdOaNN&Rl@%K*; zisl4U9AT@YY#>lZ^a&8b`5Hs&&2aBULXnuX1!ug}(S)GSy9^hc;wFXxO#Ij#kK6m6 zF6oLj0j=4wmRQXum+Hb4dy-1)J$)I*|5po_pEgpMXjAq`iCKJ#Rg(Dn=*UNOCa8w3 zL5>|ocW+}DSSP@O(iVC8z&QWz$S->OqL;~bOhQT&3y(#_k%&yPx+_^H#aI*t*midH zWea_mdZu^kKri8;Nw$LO8MiW5B*{<5`_SBdi|mSP|zU~3rB)XvPX|0+T3{4ue zX@<)e0}CN54u_Z9Aj+<3*wLpN*>Alq)I6e)2LhW>a+>q!n@gVK_$S9|+>y~)Zf90k znwg=*WL5N(`jU1SRgq-Z6tTxAI}xsJdZOS`=5X0dm-BtAb;Z7&JblCsuaZ?`pAfDT z3|<>IegRnB+P>;H`=(?%Aq~`uCq_9{z9^-wk3&@!=c*8z?Q=z6ONtuoeAmG_RZC%( z7Pg~=rwAiEAB8_h^~|V{9*0i`OaPT0AcyWufvS@kWFlG*9bt9fMjA}jJz2g0;vzUF zETfyE^DhIl(O*?bP59Z`e-7RcWtJfwNpaS$T-K4_#25#wTC#~TaeH2u;{8*)o}%d&UtikXLNaVc}FNMZ{4MJ)ocL?lQ)Bbh&@{L2!< zg0!ikA`+uy4rOHH&xJ5*CfNr?!Lii$b~#1`jNF}4%?hea^45A&T1n}rFgXH&4Lh;K z963TP^j|5KUjWTUwK#2-EIb_S*7UGVrJM*Gi;upV2>9m?`bhEf`D`+#Cr89*i$7Wd ziP02H873}qN*oX9HsTcdq6A$TLeZ1D7AmsZYh2loplJjf{vl1Xsk3FzwT)@xhVXg-T~65rE2;OV?wo;~FWG9R()n0RG(r!@0n{j7M@(v{O- z{KAgcp_!>pzoB5nTd*L_5LnE)x|9k@d0Z5bhfgsm?%4>T8TQF;KZ0uxw9l&aG2-tD z)62)k#wH^_@wil(qYo@m$)x{~i=pt2e_#8fA>V{RVl@5RG{S55ng)H*A9)FNC|Ypg z$%zAU5$Z)AXvTe|e6L+yauZ1H^IN>fmU3rTRc8|18Nvd{sw!e&il|D8l?U_u}NSbN-9(C39;CO}8MD8m{WHBkmlXq%fVFj1*IMOFH{B?Y3cmCgL6R}zS(5#=w zY;buk@`tk`F;Bq47BU(jri>^EzBX}LRTpkWaoWV3v}q4t&?LoIR_&boThaaA%=|8?tSGb5b{aV zYGp%FSfal3?H8Y-vsX&BD!3B@uEgOFQqt4e?SZOG{BsvNtp=#VF~~+O#Z1P}d!9wI zLj~N=ufmJ0zj{?2*?V_A@sO5~f6je4L6lcnkqDdCA_|Lq7lbt@fwSLoW%G+A$LjkF zK&~X+8f4!TOzi~SNqLX^d=T~OzTzn*dHk6ta9-)?ZSRWcxJ-bI_Vc*IfdwHlO~ z&+q_k1rEH<64`9@<4N(gM~9X{htCJ$HlwV>wlh`<@A%7jKw2R+XuJ%H1vs6H zWl1b2j}L|v*}P23_9*fUu&TfSHKhWySB0h*>F@ShX5gcosd(@jTyZ%A0{x|sDuR1c zdBU#E-wMvkM=zv4%aJm_Kp??kWOemiZK_Szzh{Em3lHEkzyPRFm2_9-5xSW9SfiiO>mybvIe0Edmguy;YUQkH7cpO2xd<)Y5r)Cn0Uh?q<1-`E?W?usYlaN{J~EoC0jp+(KH`O=2) z^$_L4H|80y^1yY9qbTDtj3cbKle!Ll;K;BK4ISXkE*#K}A0q?ntL(VKNI7lEL^tkn zuOJLX*hG&NlY`{H4T`X(+aK#Os?k7%-sVHd0&QNzr#S|Ndq5 zZzBN&L5oe;Tz*^wn;2oHW!aajbJ0_~-yWG>07FDCfZN$eTQuirdSRM9YB^iEyIjE+ zfU+k~Xzc}diTf}qn5@$pz>EMwwP$k2Zt|v~ptex?vG~I#Bg|A?1T7GD&reM~!`2vT zWC4*N`YK|3B}}z7TQPO*&U?_5oxQXVH8o|yXz%7GF3YhX2lNB+i$+QtKAAjK1xqz= zmx3>UVNBh`AOh9lU@q^PGRTLtR9pPeTM@(3fhU;LIZb|=#s>U^`H8B!%(;pXZ3o3e zytug4cnr$P_O#5I{km8u`zN=;{z@+6O{Bs88*&%BmZTyLP!lIxIPNAz*!Hmz<*^-A zrIwT(oiT{j>Z!c|b#*N#rgftCW{0$$%9t7Rih39rkx*~`N$Asqdq1C>36ccOi!D^)>$#>had z2w)CYhX;z?ef`mGTr_fLxZlwT zlRNs+th}XuYWA<5RC(h@13k!C+L3h}xK_D}l4@6{@>sR_!UZo4QB2!8v0dqH7oEQt zp*>+gMPB^VWp&Wi<{}4#tp{wxck`=x93 zOUs?4T?Uqv@}Ho1^a`sZ$i>s@n)oH0J% zNs3-_pq`#%@mDCdyLBT{ReQ`*GjX|9=Nt`l7q$%#5{GtzTSiR}6Lxyeux0y4y3BmD zas2{G$>e+nDu%Ax;~y6!O5EknSM9|HmK%4)xfjN0R_}_fn*>-n^;5(LQ(Gm&BN)Wh zq}AV_Eq+x^pmE4!KlBo$gs(rqZA&6TZ|I&P-HDGN2&H1BM4QJucxH_yc|hV|28g?Z zTE?A<5cZ~WNQo1Qggu4}I&iIw+^hEdNyI3hP3U)=i{;~TCK9I80J4 z=PanDJTnv+F52M=E$ZQz*b{Li8SJ0KVbDz}B42mNue9uNK`m%%YCyM~OlG!u!|PaJ z3e~i~UQxPZUp@D@4#qCvjB;Asu_b1DSIoN8i_!vqwCRQhBGCbWUynqq1P1sub%xz z>C9$&JF!I|I?9{PVm~Fws;(t*fhr+%a^Zk%W+g1g*rx95$Dfgq`{uX$XJn(LY)!Ry zcNe&~M$bK?_b@V&E5c^gk~83Z6Jh`SdJMttMbn$;k$jjKcXQFX4C;XCdG-x?SzkKiC{t8mt!HNm_ z1vN zvqW8w^R3~BFHQ}Vwepvwi@PKSSL#bbh?!wZVG=jwg(mnH_ynw7G@-5Z3hjiI-e*+* zD1D#cixf&{R?+@ya9IZdD5}$7S3Y5^R8YsGBV!;ow>;tvOMLZF8AdoMEjU0jbqhL- z6`^Uaz}u0$hh8@<@!|CfX33!F5o#{;)1Yk1?PA{8opoDRuMN_S{(#Bmpx{k0M@`Xt@qGT3RMf^|pBMBALH zHv8Vm4B9x`aG(-qQh_~jCpi>zl?;0Bog`_%uUMtNOhxf&x;Z~;Y;OFH>dv1P!R?HT z($%NT(>iyOC7;hvqpedkNF}m!FKhNktc$()a`-YLz64Id-HYY12ymNyuE5T*#>-9k zFoS46mrv@7k2crKV$PVo7{=H&0UbB;h6qzD0z)&ZYKiRykod;x7=cS+s3YEFh)bZu z67^VgWM_Qh)m*KP77%_-Wv_{0*;9>6i2c)T7zyl3Nq=4Qn#OU#&kov@L!^9nqA(uj zOB2cCrK$+XlkCX$n)tzr`l~7R~P2k$5O9 zhI)kE=C;T%zPcu5t;B^qa^@C01TbQpYAUT#8I~P;?DNOe?hGitHf6%0qQ&znTtzU; z+3UPy-Ap2HU}n_2kR0xDEeFhNxN)}RogOm_Qt|j&SsmO7yYYmu_Z!lpB{X|EcrQI! z&cJ$Gzh`BH&ikHlye+Ky3%#G2wR2q9OsVm`pvVj0K~7mJ*Wzfjr-2SytB(7Y=d1VP zqtL6@Z>l|>$$8rZ@~z##muZLc?!_+LWgkddeG5udqIF(3 z(cB15T@4QfacOFyvqYj884M|^&T(e7z3CV>nm~_RxZ|R}?Z-Tm+1t^+{l3E)YdiVJ zajHEW6dOIn{WTari;!Vg*!H=OQ4{lZOi173DL#&Jy0E1$7Ktc+MR+TScx2J*A&8*h zsOB><%M^ND-q1;fRm>(WZ_xNl4p81S=B3B=H`y<#JxlE20C)4U8kU==4b)U zi4p$?Y~fPKa09O|l(*DL(7O-jQUd!RaOZZJ=AFeB;!~&zCaTW|^yv1YDf(BUQyAb6 z4J6qp8Fh?iG+5ec?A5|ZyF(bz#AW=|EhzRAwKQU0uf(Q|Jq2F}zZDDe>nGOqJRPcM zE~S<}ZkjlW?$cigaDt`i_z<~n(y}pjsqreojb!iVhx|i{YXZ7cj%MxH30q9WR3VN_ z7^{o}S%jf5QMc$+9B>LD$bQ@Tt?g+&OWWWBx7~jF#Tq4V8~fpKashfxn)oAPn5yM5 zd-qu^i6NMGyCwDb&`|#eG0d^RA0d&xs{)SMFVw{%4mF?w?C^83>g3i%ulYWbht?l$ z=cl|*@1prg^ec$g2dnHj>dI!dNA*!uJ~*$@&?d%ORKW%g3Yk}W{eW?~D*sEe<*IDM zN9fd79iV0S3ER@3qQ_@?s~3QWDUbiQn4OBDz8(Jh$LmrZ*8m#+)U$gr(>8 z7#FIq$?-pz-gT(au>W}Ge3y=~D}17CmP#PTN&5mAUp4%-Uctm%W$P*6jXf_D>9U5m zW#GU6A12QjuuK#(aX&I@_tXy2?DLl?zNb>ABpxR-iF8>Wd!rEHS~K0cbd=<|H?3Eq zzS9}m&+(;6gYE=5T2@I^8-r-*Ez1=YNJUfCT5Vr}m~u1kTQZ8G$ZJU)XW9!7GELZZ zz#+-@{34r)pJmfLHdTtrFoaTG3FZ16zW}fj2oz{=LTPEy^W+)yn~4U+ZS>)mXm) zhT$&<=i0>w~%^AKWt!Wq{m6njN?}vdUvjb0KWa zM^U=&LCTH;?id5`In2k1*PSX`ClCs#^aALL=Vx83?An;0AnHOuwKZv4u)oqgij{o} z$#wg&)7o1E;~6vCJB4sJGa)>7_q26X&E)4-2kB{+j;UO>`iAm!y-Fd9@J*L4W=vOf zG`#S{1gTjRDqu`_u3Fj5FrA$hIGB^n%ZPP2Jx?lgFR|KtMBs?b=-+ie0IC9+`!nDVejL0OF zc+#A{urE?S`8F2+ghMQ>Qcx`E2aa%{m?NdZBvC8^zon>3_=k7d&QX+6KPK;`7GUHo z-}95sM+DKKNtt|MeVm3Z?0CTOBLy!#9Jj|GXuysjV_`a6MThbbcsCY)8{RlKl#`5d z3s_kyhT=fv)xnQ7Pqp62S0p*(NzdzF%po8B8IiD+*P1|PE7$+MjR;qB(a4#3Dgr*c zpKVg>ZAJ-3g0K&-#O3QoT}(=4>wus{yk6o_7r(x5+<<0}bgn*xrG14(Ymsh%B8wZ2 zE+&<+BTUMfCuwVO=j-%)&YHSpCr380W+mpWceBBFl2WTT2~2+`8_`dO%ys7c19A1ZUG2-bO}-R__cEJ5r11KZP0 zb4C`xLf2RO0vqiw>eh_$EXNa7XY>ShC7-}t1b%ygWs#8ux@FYjF}Ck?!?#uNh&pRm z^ARkZ*jfy%bFGKq`~FvZ-vQNRv$gvsBoKP&9Rh^jJ4#Cc>AeVwXhcw&0)h(CLa3ov zMd?MF(wits??@LA8@(tdCggAev^fQftYbu6?i|Umf5D8D-s|`pWtb`Y zs&?S<1P#qi5aE`|>ot~@hSSkvzIw?Bt5MU^V+o)0F=Wu_+SrYa9qKW5_6o1h98dD$ zL;IP9@W`aIV;maRITgB}*lOOE&*pNB?WJZ`P*MxoBR+;W<^jTZp- z`QE-zOs-w`S=s8jBTM`_`3M19J>_nx35K!T%0s9wyE>buWL~dru^UEG61hy0miKEv z_AqMd+@|yo<&4jJxr97A-)9r?0m*M_@8&zqwYtp3kVjNPy!PmpWA{`#ijYWfGDo;Xv%UqYZ&p*J=T{(&rU>Ab-3V#4V2S$+P-h7rM= zw%0&ScgQ(j;x4y5iuu%%e4TAXQeyb_g@j|;Q(C4m>!Zc8RvNwZT%$fI z$1n5UaPnFb7~A^u+UCC`cD867gFao; z&Qq*bq_LDcGuoPZ@2=eKbeH0fBhYMPhvi<|3m(ErGF5uPcWB3!Cq-K(?$zhhFJ(aG zzj9Vy;3q|i#B`;$bP42GcHQFe! zW0g>n**gKs9Q9ea!}_MmRmBg_$1K{2RG1ZcdUJ;sisGOtq6 zE_mE0Bfh-?spVx$q^Od&c0kYR{`^6am9_Gs(|%K#;9$@enY*I4^{8IGL~CVU`?DLv z=dR}ji--*}fxk9?xLRzD*-m9IeYee>N_#|m&IAR}dB$Jy=geomi zH5hJ^Mc?sLtfrkxatvK4CrQ6!fBItL_w%-vC1&N~cGp)P8(za-%}U~P8JB`mP|n!Y zW#LA8@*F1psVOBaKHza9#cqlfO>9sh*M9TM_n%Kg>k<_^4<-C{@ znE8c>1YfZ-P=G13Wr>btGy)R~G5!P12N^-%m59FFCV96?-7v}JS)sc0|Ce}H>G1V& zgS}Fp#iYVnsH|;`tmxx!pW6MrK5Ha-uFeNW0(C`S%e}YJpTCQ2%azk;w|&g8wkxXx z+i1$W)Ni2}Uvt*3AF@uIN3oU+4?ZW)lHtBq+)i;VAwf4YJHkOsTR&#U7m-V*;4}AZ zgX473h5k7b32?GmcM*To)r_64@2jooPU?w-dr+X+kV%uw@`}i)e`0OAQIE{>rOGj0 z4$TipS{KJ_8IQShA$^yJ8o7OgmXY8`!m9BceDUC~j4SQVJAfa)F~Q`KRW-|^@Ht__ z;%@m-e2ld1GR*7nevQZ0ql!x3ahVa~TDlSob29UEb>A>O_2mHZ7rYq}a`&*Ql6O&F z_fX_xHifi#HF_;*lirWVl#FO$7G)WhlngHV$^%Cw_rTQm^EV>B_o42%@LKK*o zS7H>(v(ZIWuVVUQ^9Jst~uISii5N{B_AgU$ytWhUI8m zsrVwybMv#gMnSoOqz130?aSq`GnIu8`3y{ho15A-Di&W5Th*eLEI}pG%hzOH={PSR z9$^$5IA|}?MVOrw=->#xd7Qe}$M4Sdq@@ z+m^!d@N8h*QPyas{qhMA=*C)Tw)XWnOTycU>gjG;qS>d0z#8wYIl^N-JFC}{eM`LV z3IsLF<$*Y)9Mvo)Y6Fez4ZUk)2QMdd&I#Hb3QyvQ2kUS1!A$L!(C-C0hiNic8CP(1RcM&-`&>$8V%J@I+nYukwF{ z0GNQ7&JWOVe}WE?s0;k?fP(z)=Z72(z|ja=T?iJ00AN5ODI$>+Nedw2VZZ61k%^=b zIH9hCAh-gfk#IB;tb?Eh0XW^?oe<;*FzF8u04V}T3c(V5>LTGV0H=e5|5i`bCCCwQ z81hFGgxd!Ma}=Q`5G)J=C;g%P^YUBIe}3s7nfzbL30?XJJ^4*e7z^z`RUqK=FBJX~ zh=1JB55SS}qyz=TA5r^TWdbZe?z;Sl7yO6X-{|SQKG45tcaQ&jD_?J%pc>(`f2Yyq-{lfwN$prpa-hMKQUsr!2@C$)o2>e3e7XrT!_=UhP1b!j# z3xQt<{6gRt0>2RWg~0zP1b*yJ|GsSk`SZ@qpDVvzBJAM(u0YuC`_l#s_K(W%wgBm$ z|B}n`cMU>D0AWubOh^j&aZ3De838l^ zx6~#fC4i6-fJn$enQTa6u$3*tGk=v404HPww8)O2F7+mZEKv*;G+9f0SDnNchmN=( zX2f8w4u$S*N2k(Qeb%kz-!&fVe76i2W;~PGPb+vg!c;X+E1V>feV#3Sw$xCNB(dNG zScyz+nZx5DLHkcdXjMaT5=5LAz2@U%>S3sf`}?R!9A1Ud;@U$B+knJ<1tANFSt$N{ z^Erit;|mXw3-xB4**wH__p~#uGy+%Jt@7h@+y;Sft1T8VkeCbN%O?BS=2nh6I$|(A zd1JV~uSNeG*$JREsb$L*>|6o01T4DfWQ}bV=DCAx)nQce038Y-0qrLVjzN84(N*W7 zsI?Q)Ay*CJj9I zY-CS$>fPZjvzCDipM4<~x1AiJWOq?$GH#d?aWC<4beeI9YMU|& zaMHn<8dl9Ks5pzKRxDZPo}oEKH#jUkaAYvVQy>b#@nXpP_$ohZzlnPGUWG?#f zDVpOeN4!ntP+oqUn*CtpDJZT4%V6MHLw~iykc%z$ak{6dPFX0ut88Whq)+Lq3@S3U zf)*Bol@PtxRmyc${Ik~%o-T}4dOK6{&e(1AjV|@rB#4h8BfUB!SqX5RK<3jO8fEgm z-+z|f}tUk1A432M= zo(SFG43Lz!>mVd9!MuT|b(S`z0z9W@k3EPrH@I0)q-Wr~jrOG0JrQJQ^H4g%Trp1+ zqqC@wneiXrD~2Z-Qw^}g?M%&>nxjF?)eIh684RyBN4vp`<9D-l{Xw_luU-En&842~ zAI|JS=SE+KNPfs%*>=iIIzq`ffo^KCA(xA}0{hlxE?rhg{RVwQy;Yuf-}`z2Z53YE z3B@4Rd%@qy@%H0vz5}0J0vfJ(7)kJF3&$AVaSWX)o1jF+J+-(M9Ugu;DNv*?Gjv=h z)r&bif$qqJJ-t`#DXC+2ay>+JdTxx;F)R^s0;s1khv+*yE0ZOqHfIdw1EgDIg(cq; zTtyj#Yq+6fW^7H{K-iLRZ~ucFr|j7eNwJTF$TOv~M$5Fs~TZ$Xk}+pb?-G@o-O|JK!*>+C6Uf0-0GKYxc!YR0#R zB(J!A-_khz32j0^qD@NBOTeA^&4mGx2w$b|9%MIb>O?HA4M3W2HSZ2W+I{q&Qo4s6 zKK-wmyARx1kyACX=Y(KPHk^th?7mfA9gI*VVGRa?Vl#&hr}t7H(E>zkJ7!dF;Md#& zBu2#YZ>sutB4P%WXSC4tB00;o2jxvUL;P}*SGuQsp2(%bYMf@^+O4FWfsx;Lg7-4X z{nMWj72vNv)qI62q14_U4evx<6hwfY)30j0IHxbcI?OC?? zkM1_h!V@WP-cXt5gX7G~<#N^+=U-k-Rcgp*8`)0i@qQ{(tj?=YkL{m{(vRCFWh=8f z0r*x3Y>G`O2n*H8;?0MAt2yDmy=nXzdqr{WJOPK0Fjl>RO{Tle31Dr1P67%4K65R@ zNb|R^#Vcy#+MiJ_E43Hou~c-#t9Z)FEu%=u5H(wQwJp`-76%VLRJOj%*FL+bhTH##ncQAXZ6n*jF1Z8e>< z4pL)rL`)Yx#ymZb!9~o6<whj;Spdkly z8i~BO-VUM;baM@MCDK}heN(wd=B52$Lzv}4?M0>lrW75{ckb%Mt~G*0X4-ShhZ%x= zF9WN(*Fi~!Sx~im8=ZuQ!`DzO-C?GQ%s%goC6F5=!#QuVX+0K*beDgFw9ZbS5Z!dr)dyaOW)j8XY1jt3T?<*vxC{|=!VthIX z&%WlJ+wyjamTrwORXMd-63?df*slO!Oi)5mf|k3g3n00o^;DUvQA>0gCTa2$H{Lmv z2)aa=7*q3e^2o|kBTaMatqb2tn#AC$HZK)6AHRnus4hx16}m~6Y`M>g`L9pcgWs6n zr>2e~?dk){33=#lF)iH?<8WCUR>r(+-sN%j1Ta>S2=ZxKy=X)=J%GPZ;q|53ohwl{ zs2xiV46NCs2i0lHm{yKa22f02lOy3F;@99dbVEh ztDveyJuy3+h6$y34xamZdOQ^>P?+b(8*h&q@vmzf zv%~NO+kiNmAZ-DS zKu8_@VdLznoa^1PbY}wn-or&&0*L|!nY?eGfd%VhoMHP+98r1XNIdbR!GzULH9(n* zg<60-wQ zEqb6vlbK%q>4J19uGl_JGp8nP|6dFMyfEleL9N6U9#NoF*g=cB7~r;!H-7D`JCR^^ z0)(mQUhA?+6E4W&WOuWC>LXY2Y;)VZ^$~C3tru9PCuMImX9_~QR}u*!jm_H%w zCTr_RpG*GgrL-^AdzYeFp044l%i#B|3E!*H3YLb1bQx=MjPGKOk{1wqD-SP*wSqTQ7JP zE*27-WX@PU&ps7I2m&!z?ao;t{thztWv|v}PGkCTp6>hlk>YmQ;H_3( z276v{8Z!^z21%<0i<=F$Li{#?CSs4rd)qoB1H;qRlr8RNsQt{u!h|OBXgJ~oSa-qw zajj7R+=_By5Dx3lG->3S3bl?j<<-(TJNnfbR0q{qef(4nMTByOIU3NkHF}N&8jY<6HE-i!JxQI1sYv> zLGy5p0)|neTv*70DH0`R&8r|$A~4b#bVm!f_9pLxfFm=Jb2(^THu#{p*$;cI zF^^+Y$f=upNi73uhF~@{#I=3Ghj%B;h&f&4RB`xNP|=V}x0c1#aTIa-`kT+N$1Qm4 zB4}E7_GSMaL2**0Jn9O;BZ{xX!CUcCZ)-eNM6SA9=vts}uMV$MiAs{HHtk4R;T4IT zUs9MdX46C{o>z6(O6NWbHXadKr8}@f$G*>bxKo;?b2aR&$vtZJtH*D{PGimJbYb~) z_v=!h#kJ{~jae0ku_?vN*XIQ1xdzWM=d+dJVsaD{{eD4tfH z%bgSvk+Kl+O=*pK2%cqo+&(19Yj@>n-gH0eGY04T9>lSC!G9yVA>fq@$(tmGxwt(# zYNgO(4HKUQ@KEIoX;ebS8*Qdg37bIXa+5vf=V6s#1vz}>(;#lHs)hr5-A{&s`8S@i z@O*!u9_+w-_xjnGdB2!_Gwf6`C0{bq#d*ACUA_4nY2W6?bzRydLq00uFt7wuElKy~ zT#o|!`})l(Z=|{=KYdB-KeH9J1gn#8W+AP7{v-|Ks0)T2hR2&a_23eCAdx1c=~v>X;; zza)u~#YIQ7F;*cYea?$h*t=K;O0p(ZkiAM`8SZ)A?8--f?rZexCaR5)MG$3@-_qU* zAo03#H$VB7{SK7F+q;0pnf3BZsDQ-j4sP&Q39!|9N2+j|MT1?>sZ)%veNMM*E>Hx* zjy)a+aLkbQgW34^TKKii8@tUgmhu$q^nOb7Zj8D;{PQw?V6Lwb!7H_=sfgQFPZ=0i zzOZl6OEYQwOau}!#~c)gj0p3a*UA^z%Zoo%j6|J#!l)9Rxh*dy$O08 zUh1+DH%BEX0PFs&!IFM3lbE?shotX-GY zhN-4Id?Q%H>D~zdBpgj$4p%(OqcegN^KHf;k?8z0IHj(vSv(ERh(NRsmw_?) zogQ}Y7}`y^7k;K$f7w|X;NF6F+@F_$bek|*t6VP1RfKt?b86bal{;{9t|ad^3#aYS zq`gbIap%8p(UOc@d25ZkB*w=n*xsTIDC?L-T<(48xuD{4MC6yH>fS8T3WLV=G(Hr4 zI!K$k*GA?3L^I(L8G#4%OHn^s}nf`4^IXqE!{$e<@wu%s4I^;lH%3QNnr}#?qY08JB%V zq!ryu$)nBDfK@M{Co7A!ViS5K(XS`M@`Q|;qJ{_sfU?zQ9#)JjXm34uv+y7No`2%i zV0tKVc#~zc7@c_;PonPyvmt;Y1?J+aIGF)^tM|^B^m9IKI7su3r6dXY!8kS};(coY z>vJN$NdlR-iB<>uCtS~31v0};__Tsao}Qc*=tY1z|EODkM~)k8w@5>8+U(5R4`Q(9 z^Gc>)rdh$C9W+mq6{+PHHKV-9H6KP%GBT80f$!FnAveydLPpqMrZN+_B^2`}C&Ko6 zV`IhyM`BFlNb*o9EE&E>2y5$h{a$s^WG=m_CYsf^*V{~S=p)l^W-$qzgb-#8_q!Tt+Z)xc0ZqADw{mOikPQ{czucHJvfI8f$n5uTqy%Rol4DKc(6rC zE7CsbX&UkGDS6+-_VLOGCe0~noZZ)|x>$s{O$xqF{(S*bwx5=;bb@LeXlm()MYp@g zq=_rTyO#r9PXM)r{Z7@#6jkzU)5&+;m?!F9Ad{xLIW4H%1D?d>>NDzcXmnZ>sn1}E zv(58GcHR?Nx6OO0)rriVCaTXV@zbhmy8dt+536RodA+zRSzI4Pg)h&#%mD*DA)Be}clSa8CT7I2D|bdg$`xEZ zkL)|x4T^{j6E|Z0W{=hBi+j$Sf;Z$MIY|2TPXL#RIeHK2Y!-R_)>GS+nCW;r;Slc+ zM!v`yje7UEYP$#QxvV!?gU^V0#yx>F17jA6-s2roc*WGbJ?k3>{mlZgKfqPTq3J^Qp$?-?+KTR zpAxlppb7HYu!L@DgRn`W*}GcW~T)C$e)wiR^?jsqh=Ju_KA)u3|eEJA%F&gc7DT!oTb#J4|Z%w9VU{uNA-~KTe zbFh@ybq^mHiD7B&I+6M#6ctdm{-FFG@sCDZ!$Gj!)6`x{_@_w#S zRe>9c$?{A_nl_5Jk^snVNmJ*A&x)Qeo?OzQeh`eUa#YX`SNBymInEf8c7$4b%S6q? zv~Ta;zIhYlav-rw$UgccE88+4W6B^vbLr!8)_GBH zYWr>P39x|;ym|s~tsiNHrEcG6h(*4y7mka6sT#4=0b;P6mNMfPHva}ca5_>AKLI{g zWI}coZ*^`fESXXhyKTv79Ee!^mFB;Az59wOcN^ zY783Ta258}4A_uytME*kW|ThXp7W8_xQW_2rucTrf--?2Oi`^Umt|f^V_yBH>MgYy I>XSGB3zxSDjQ{`u literal 0 HcmV?d00001 diff --git a/roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-installed.jpg b/roles/stable/openssl_certificates/files/ca/images/android-12_settings_ca-installed.jpg new file mode 100644 index 0000000000000000000000000000000000000000..2f8f914af4dd0c0ae01f0e5396000ce824a95cff GIT binary patch literal 32026 zcmeFa1yr2Lwm;h4G|+gX!QI{6-KB92?j9gOLU0Xk!QI_8xVsZ91P?(HG(vzp=A4;1 zciy@)^S^7|d*6BMpQ7lmYVTcpSN*D*{(9Fgz8@<;wg6B?Sp``D@F6h+nE`+w_W*1u zcPldwD@*dHb{@9matbQyKh^zBO@XrKv0oUQBjalP|(n^ zplIlr=qM;qJSZkM4lXV(D#jyxJRE#199*1VlmOu#+JNDa;Ng*Q&`{8D{>$k{KL8T~ ze*>C@17ZR|m_Rs8;EzE7F#rg7=o%34uY`aIh6lkxe&G@VAGm*D0>JP<5CYtfH2~@Z z9R!7g0sz3P!+*8@S^7Uh02Ql~Wj?D9dU!9jv_H1{WS*un&M635`{XN~=@sO-oqN@;#}H8eGNP@m5fbzed_gG%+rA zmQq4}lWwKsJmHc9^GXX5ya90D-sPsI@j4gqkZ zHYJnhIP&A8EmQhk6g1J|G24~YVEUG*-YlZtKWz#&EmI3uupyMv(~+YzG9IF}#vkzs z&>zxr6(CLi(^dd=_z10%y@t_tc!9)AMU(Ix1&$Jdte5mvv5CWUe{SvJ9b0waCJ+Ds zkl2|1x%R*10MDWmEh4LVZ5AR&cgzXo%z6*xVhgQZd3*n~DG;9wNE zmK#rTv@H?=mMFICpSA(a5zy96al|6p#hViJezhP0=gpGHDxAFw`12e9g|62sm>B#@C z1H`J0ZGR_&s4#f?i^J+K6F-SKNx11>iU0t|g1vwn_rLKBesvT58#VvqY<$i?m_YL> z=Zv*xIQ#0(sq8K(7oBAN^j~~5$B3`%9}3b@p$&1L0#A2) z!g-DLt^Xze;K$5bPCMxRz*~wXEHAH5!-2lglo;^40OaH=;U|CmlNI4i1EcGGl$8q| z7PPm9^XiI~rScSN$+{|Kz9#PT?>h)^2zq~S^-!>zvI}vFF{9$oz;-sv*kwNwz}otq z4-EW7T7O9Ib#8e!K3dpT*fDKlr)jmGz17NtJ+72ajg%rMH>1Yzk!C5?^!G;pNx`fo z?}5sZ%KM-2ekVb$R(PiF$RFxNU%8m0h-QE1{9jf8VhChDse1eCsDU6M^g=KB-e0T4 z@&bZ?zyk#G%3LT)_)QvtjyxDU{?{73m&)WHVI-%s>k?Fe{>q19J$EA?Jo&9HKL5Y= zNB%+M9$DbtviXfo%tMD|^81=Zh}aDHmGi%GA$!;)=rsdDvV8!h?PQtWjP;*AgQ8=FQJ9 z6m352I7D$SyiAmbL^sRqr79ZURmN3V>K)m(7;ADOc`5f$HWxR!_==zER~?P|eP(9e zQ{)UD=>KY&aJ~9;GX1>EzCEj9CHM(dajlBz*kquzRTTB@lRa|+kp`2}J&RGAE`|Hq zW;>QKY+CK4N6FeDuP&?(oU_S>o!{X`9_R{Y6{llj+O9>n*r%}H2Bg9q`<+uM)pqhn z3j4*%#`1M$B!@!s6rBy#%f7ylP-5iNW|P5IQtoJ~;Oi;zvSQ=G)e5uZ2_Meml+hR{ zoxdp5wItw7R$e(!E{+|ezOTaK3lEu8xt@5bhDlH$;D)skk;+@K(NK;YzRELo;#Q88 z+HO=~EL%1K7fO;YT}hWXyv?3tbVoY;>RB5#g1J_@c&gI8bfPYk0MzJ(c%tH4k_?$|!m|W(a1C&_n`m0+C_eJR;AJ4hASJnq@=^XU;n0NZE-??g0-C*E-=|<3aIyDXiuA94^ zQF275s!$B+%?_Q~5zQx!VeolNF~)gWdkZc);fjssO2~cTYa0SmQOh7clrdXEz1@a4 zc3_sNt!2sry*LUu2K%JPBSsj<#9_c_+%x{Syzm2D!4% zkVJn1U-JQ{BUs}DAfpg1*%H=vpN1IM@h+j^El!x}M;}rX>6*p|RGzxKFZ!vB@a=yN zh7MZGDxCNxB`_r=rCN-Qk1i->q-|k^K?>xrR=c&HbL^D~zoME<8dnT|tF+T?x>%HD zGv3@xl~M#XFb_Jsv`CN0oNr0?bx*;G5?)#Nr7cnk-a2G#U1{N6+_ASTDxm$&!nr1$ zZtLXO(n4t`y?UZgWbdk8pN|s3As`2hY^QRHBA8`X$9TzA!Cz2C-Fzzl){!B!DLG=c z#D(D*%9HB%+!V01AQWYFljWG%h7}@3`E&xvLV>O1x+{Andc$ZEgY|rtdYA{2R+@G= zp0s{8N8d9zhx}Ldyct=auPTygUlL|>JlfIDyj-As`53Ne2+Y}lPPV)*PjIw zJ*&1KTz8lL5GAX2eyLHm<;qWtjtCdn``=zzbhx;aVHhcPP?cL)S9JT}yO3+uo!+MT z;iBA4G5XzP#np1v70ZiU?!jhQ>FD?7xab;pug{*>DbiqLS<;p=4;f$M}Y0q%E+vjE-mK{ zp|5H?j`UUiOFm!DfL^T|oIF*o{=6>H)d}y6aMekSQ=+rim`CMkxRB^eDqUIFn$=Ed zr8;O(e6Ux{CkoxjNJN=tF-$jH2|Gys0RX!0!ybXDTgqyEGKl2$uo${fcoZqiG#>ku z6LxAH;Tm*S(d{@@Dtw*EpO)|qmnlQhNgTe$g_YyJ=g*3ii7lakrCW{RmdR*6UCJA7 zbWuHsx(?2Nd>+=MTTsuX?W78ODyh(r(lR8E-fR_tQ>hc#y))zLT>i!%m&pX-ifGnF zqU+z{0?#yaZ-3XLrfhuG(w*MXJ+3?dMR%`wGo|{S=zv+>iX$%(TG)So!DaVizlDPK zJ$%T@vutJ*Vn&HYcm7~4HUk-mNwZ9;0GZ4ny`fL}+q=sYhan=8Zc2y3xPeIOHB#Ly zH{Dq%7yqqxYZdLrVS_;zeD%j^Ms2FpTGzVplrB6W%KEG3xK`Tdx(sfTijUsVSbLV6 zO&F38UpaYEKm$B|R$@^F#Q_ zEvXmZBE-~)y7`)9MOF_z_hEKw*EX^qQ`O47FLco1plP3yYIHQlwIgvd*IH#vqvKJc zvTCkx28BA#pw))gYTwiOISb5Tz_JkkGQ&~ZS(yI-Tyrls?Y_;y&B}Hte*@i|^gA*X zu4uN;dUI`m^KvDXwmD(E2JBMt~EwuLDS%`4^UQ8^d zeQYP>oK5(wW3ujlir76K=Ove7-W{10`UW;(@dI%2$j8PjHjR+vMt3!_MK8f%c^xmO zS_HRLI(1Rud1VrV>LZQp;l8D7Mv!!90o_EkErZz)K>shdnJkz9AQ%V-0)r8My|aY_ z06}0ZOk5Z|HU$TlDGnvKB&URwMqu7Q?=InhKr!IM2QByBDcV6LQ8z8+v&4_1ZZ6cS z1sX5t^H#av9mEBNt221^GvX-)kGn0%s2&@<`6APDCWMs0mZnlw5b8MSkN=e|j=JP5 zPkcqQdFFuWerpeg)cR6pl56p1&WT6Ct&Oi!HS{^hQk5I5 zl98b`l0BSz~4*)a&3NSqA4*+9g;cCKT<4|yLn@Va>a&o!-hA-$>e0keC2W^=o&JNuC zUIo8IhEKZ5_n0HPP$8@{BkuQ+{!oC_#WZC43ITm4cXYvsLr zI^6b--v2Kpx2)rg#{p0IHhzf?HX2_@N_Ky#bs$% zmkqo-2eG*E{|DwU=r3#dA+!?#4e}5c`mnHpAUFUR6AK<&f`UUM0f&;)4C)q`U*CX0 z#l<5o33Gqq(bqpmu5KC>oVb04%Ptk4T+ldA&28=)z^j#1_}lj?1ToP4B_gf05o+B^ zMQWJ~mSonznSi@{#@7Y9p3V!y)bu33$w8A>M8y=WA`+E?s})oeuZ}AGHIHOvmFY&Waf5x60>#kZn_ztfxuwZ1+*mbhPB?nTlu7d$gn+9 zg#;YaO@(T%NiS)vrw`Ld$i$JI*5DpZ(yF&KLi?iSmz%^Df<)7ts)O}G+rjxJMvS|Y zi*w5^Y-n769-EIhW#SpJnaTX{F1vT``_qt?HA!fKbTMTB#+dXGyit;|+N2Q1Dpqes zJIg8Zh4Uqh{g$Do{)-j0n-KQr!A{m{7Cz=FWBs?rN5aSGR7ibqv+amBcxuUcCHIrZ zl5*s0U@?-fWifqG2NyEc`&D?|=p@if{2^XC`kxn*m1&E#Vlrg8zLWL9LGEALcDcHg z7%vw$Z-4$ul9s0Dl)B)a>;c{CKa;agmm8se6Hi0|8!Ds|OfV`Y4E2tt8Ovxp&N=88 zQoM(Tzw6bBF7R#c2`p@VDS1(gjWGdNqf2Flyjol3SYCaEN^PSccT^eu6g zr|_@E&&M?{7|-#SJ913QcO(Z9(N*>Ya8SN-9X>}rPUgZ@f|R=Ll8{shxHJnfR&FYA zTNe(Y*RzEP2$T8nbw^zb57X3jhmcJ}K5wkS_BA~zR>zuG#s!jkCEq6Z8o6r-ZM5Zh z5K&kqr_vIAk;N_b-XT}u?k_E!5-CRrVW3%^qz}}Ib(@O+uIKR`PDRDdTff*d@X4oLrnqo!GJ`-rJ26z^5!RC zd{PS6r2_Y3gGhz#O|vniNs$fFCmc-j+P3-ok+`l?Vs}xIi#%aG;VYm;Lv5GZcyFw| zUe?zK!>h8_{t)HKk^1+BiDGNo;!j%Q)5m0p(1&P@i%1dZ*!Q-bl-iqNpukWuWpdVdOu8e0MQ^5;l|N-mq1bf7Lx`VMl`DPt+277@sn&HH z%Tm#!J6`*)xT#pEb35yCq4fd6wD#5M(|MW+e9r}Ba9fJNlI+`HuTA#IZv(alGS#K_ z$?_ZIlT<+cM8vmjqM3FG&N_Le=4-lkv|?AsJ-6X^3FdX2DYuFD?{uge>V~G%LlX0F zWRf4I3ts87Xj75BvDisu$LN)Gy^A5|(Q;QmI!X9gEq0bdvjn24u+Su>AwhrkK+V_h zUf%PvhhW0swz%NQ?T^eYuflC@CCV-%)xiqgf5Qmt9r;9p0^;S(0z}O=dH?QBBwN+pk}U2OQuw0_n6f$c zr|%Z01$jA)LTZ^az#($n{JphmX@#%Z*Gu@NbA|KIv63!S2(m(wtBX#B9aPLF#fSz> zUZK;m%*GU^_EV^Cd2rTdB;skePIPdvWpf-4xL=Z38+sxk31elJ&n#eLxkNQxAY(jz zZXV6SethVO{J2Hatc4?Y^~c^anp3i(}Sh7YBYU1ha`Q#ryj;P zgjIW<`7SNEMpGwg&JnKP6mAn>TobD<=c?H?BK2~dD{TJ&u<@K*WAEjs;oR*!F(ZBZUk#a-crQJ8Jg@lmpv<4C@_a#LgOyexbE+jEN z-e*-vz+RKv-rf*x@H==&;c{GWU1)UdiLAnLwY3|qDZpo!(o4mFI#?s{tIU; zSRcBrLJ{K=&f8*T3F8MF4PF?Ofhk)dv?_`gaE?oMns#qhmP#(3ZO2) z#R5@%Lw)<&{OJ+hV&o4%mERn`&6Ld>_QAallvsr%ciHdg_gZ1tf~3mpDj^IEGA>ja z*qScPt--X%L@cE*f||;UR8)4NtDVZ<;H1DxmYmgtX~MaW%aD~~yNhONsm141;l3Ym z(A9(aQ$Kl zF*x>hkvd(-e_WD{Slg^-j3qX(BEnPL`2sS@b*;hvb&8hd8GXiu>LQiy3#~9RSG=I+ zyfyzE%*f{-;!J3|5;#|lI#NR!Gw2Y>c<5mcrKvQ6M68ke?)h0;#Sd@dgGjY>wnI#+-6wB2m}17M%jz;o zT77NpQzUhHU!`ZjRjp~b(zOj9A0-$y70Rt`is8Rt-x#JXHSAyKR#J(om>KLRbZSrL z4YY?5;=pAowbHpi9>jDv`Ubi6>fcDiMmNWBG)UYWEDc!4;GoJPc6x-h!+>2jOrYl) zwCcW=oNb6|a4TXNj!`eBEf!@PSG3;O&rtMw z_$2apk7SoRzo3Al2&G31=CqeIF`G$k=@Z^%gc+Ax-z&)@K}&L+SX-(O^~%_FnJ8HM zr~8X|fuUCdyfiMSmfV;o8ViCrJxbM2E|UC3?ul2k1ogkXFj&J4SnQNH%Wp?3nI$h4 zXQ1=uNMkP-`tpW`!%V&*xm8i}hB)hW^<7nJ5Yt3oE?2mc=$8pY@g&Fxci5$l*OLt7 z)*(IS>L!*%7M5}z1!4wd>7q)`a*c8&mJqmcZ1&sa&QGNc$1yaDq>q7~8>|}6BuC6K zb;-N|A#|pSGJt@{F&*nfKI=Tj_;xLMB_ylQ8RK}B!&Hnq52HFZBoLRcO$5EC)=Ssh zC?x_9xKEEMb+W!OD{ey8+<~U1JF##lNauqByg_s{2I=w}B;wi>u=0WZkcO7>s(ici z2vqh7M|M8mHA$Fod?5o38>99ba}%bC2`C&3FVsabR3dtC8)o+GI5916g+h~gOsSc@ zVrh{(zR>u)Y5rhnzTtenx~cH;Bl>WJ*}T!!Ep(O9iAjD@p_m}EcF*mLO0(_(dn+1- za|qUq66Z-f52yRx&pfiyOqao6R^Txdwev|Cd< z7yJuXd<0p^u3>e&^HAAJgo^L)Iw)0r$kut0h;hr_V_hVlSQghG4nSoc9i>-Vtau4#8?vJ#+S~oJ4#kwQAU~p!a)Y*TWubQvk5|emO7yCJ3kyyK3)VtvccJc=w zS-@scG9KH}X?WV23O|0d5mSMRrMSoWTJ?CbJDMvbPblzLMTQhM?(QFr)cZ3(cw)4l zEJe}|U-KUR00`!pVk>xNDT#PE$$zX}#g85w?5x>pi)!S`z#Z52JTQwi!qPZVS*o&T zoDbp6R-k3asEK%TkT%$z^6qK@&5!YpBh*j*hB%U}JXdmerRP|d?OInv&s>J~4YA}n z(l?2IX`Zm%DKQEm#;lq~%h15K!HJkrA+~VZbS?}>)@(1=JG73ur-a`0$sw_yjylGW z&*Q#JE3AM8Qz*wh6E<@ZwSsp-$B&ZVdL?K>5ufYIgSIt0d&S8UiVUSap7Fh@)+<+s z>vNLX5GKLXXllD=g{AtIg{5UX)o0eD^BCxc@Lx0LuM#UG;;^_EGpWJdKs7uoyjLG9 z%L}kxXknf*!R-x`u2tFx9ZRWDDixNpu!h1HISWxNTG1{x;UU85WpHtRnxZJy3*mj4 zm^MU&CcN0(%1xreFevMzz_u68g|yzm{xaFw&9)-!ZjSt}Lw{g5=ia+Iq^%c*Is^ZD$tu-8LHLrwAe&F+74B=1}}xqfEs+b!YhXi*zA+6-CKi zv*&J+GWSHFlPDLws7_Bln&^IUSfZ0^t5mf?ycRE^1OBrb25?6{PO-xM!u>ppQt>b{LhpI?;<-3@!>%XV zqn#(8HNk%Ny_NdHLWLtub(vF*u(FC6hxvx5Awx^#Jk7?ddi18wmXoqY|DD>i7$4c! zg(e!c^ly?K#(DM$FaB)_aS!*3hbq?exK4TUi^C2LTDC6Do|H5w=2yy$DccaUlFMA3 zbq7U=r1kzqVx#zuwuYXYwX#*I(`v8>g}J;{rBNTc5(g^@J#O_?NH`6g?UH`LJaGzr z%UVFir>KE)w6$bso_9#vt>v{9r zo_N7m(7ZZKFfc##Eu#DTYyS}Io)EnCZ!$C6sJh7XX5-JSt+$71i}&j`6XF{ZrLyno z8*I=xs~6s~)gDNPFpfYg6O|1`7}c|f2A!16e7MJ_@YazsQ=3)6YwFd~v?g9g4Fz8C zpOuww2e5ts*rogIqAyKXJ^5uwl1Ej9bc3-QAzu`pe!6ggpq^??VZ|}4v}BJdB4#`? zu2w2}#}HnO<5gFk%eURwBWKvV@1bk8BJIhrde@7 zW~GLsf(7SRrk45*e@V|w277A;A8(62#wV#<5e~X5`YTzsIm;U}&Eb#D49o2A6%#nU z<~N(2Z%5Y?4~h{gT=pXj6%ze9B-a>-s8F2e8`e{_3!2sm`k2yE)$=8v7WEU@>n{&2 zu?l9uXtCn86wv@-Sb4C#>|wH}g|Clr0)S4q+emWK=`t@k*YhwV4#-1Td}DSUHMZP~ zD~PCFs?6D}m|x0tnJkYgC8^+wb~jYWhdpARZ_r`ZQ&ADRC%o;lOAE>vk?=?LIcab- zq|6)Kq~qU|iaSyA4ZID+3QW~GM_*jYSm@nV?6-c~^;C;jZWTXR4m~YZN3wcS;h4}F z8tId&m05%AG`L`87P8;bZavn#?%OhZj3UKSy|j^20k5oBEM6>86oj5hh4bWw*Y4`| zhkPlUef)6~A}+=ZU5>$%AAn{8=1Bt24YUE1!!HxlW&fwYN*`xlsRNIYPwzjpAEb8V zQ?Kzm70Kr}ucg#h@t;D!M{ujF4xqMew_7)hJ`QGuY52&?IgK9A@E7jfb9gizE#|i) zTGI2=Up~V^Df{WnZnx+WnRZJ+EAj=6iovKr5_1a_l>@wJ@<*dw#aVFyDN6 zOP0s&o{3ncU6+Q&O^=v+$xE@TTaE8B^IclmJ3nsuIF z&P;LTc@N^WO*v=wNVJDfY|*@j7||uyC6WfsTl56hon)9k&uSI_cnoNWkpi`7kxui> zvA1AhU^n7uhc z5rRczGHA^^q2B%FGw6 zSt)gY)0Z13>{few{Uvji@Q27T5+utg(g&lW0DsrT6NVxqRM+Qfb|4vegVb!_;zLSZ z!#3~z3;=7W%i_;#X%(p=;PWYxp|{SI2dOvr70cvWqZpfut6JyU0-Z_EfKIB1%9c$0i>}nQ_aJmSOl1*qhj8=MzwWI6F5l5n|cT! zN+5De@e24cX?-_UA2mRp1hrF|f5b5f?%Ys)9*6S+S=>i8jG{;0JFt9pBc6uyaT+SN zFVYsxz_Z@j{PI(ZOZ*$}E+|~ScfhI2NB1DHfWA+Jf|jMrsA4*ai$oy^t(_VKJ0epZxI<PxUR!6D@#U0ZE4d3wTM`{=ppyIZ9%KRbR&1J7ZDhnMtGwjo-x8ej_cYuxpM#d8vjX+5D9lQV zUu~r)h~$|D7l=$#-oIUwk>@cgZ3>^XI8=FsO-@c!?+k|D!CX$}rCb_(@`*?Vyc3Cy~C&w5yo>I*?*r=;+=v(fSWO7$e-65Dkv??S%(%MIV?ovhxvpb)v5b{`Yt+b^gRDHzxi+O+9m zxK%4G6ui2o5HyOs(6(xC*n|d%9`Zsqq|^cGo*U!(J-~_b*A9jKg|Y2zR<#b z%=v}^Cv7uO2a{?B1x2qV23|#09*E<7XssuWFE@Lgo|w3qatTOE4Cn=sj@F+c+M2XM zHbH%oJd+g*Pf!E-nNou(!Xr8rRL_DzIK`C0w!2$Ei9@Zd6}0SpA=~nE^AI(TjNuyi zWSnwZl&1lTB(q`?B7@{;eZl<&f$}FffB>L4Lc-vkzXimqk7e(H5t=s&)5j^z^C^H3 zb8mm>qmhD%hoH3rJ^@4J2PpJGE6gdY!EG28Ip#{PHFn@Q00I~ z#m&Qs`&EFUn?dy$&9he|FIGuR$!{t&X`?|{_LhcJ_qzRvD@<=z`X`P@SNEaLm=X%) ze25W{)Eok(u%V0rQ1YACZ@oj7DLyYlD3__&PXeYiwGiU#D<%R6o$ctc2r&9ciIM{Y z_R+l$$egt!?oEi9Wpq{^Poa??91+6qXr$U&v!>C84aiy9UN7+hBx^-N(I zUovZ<$j&MW>JrgJ3DZv5{94KNX32~gVis9v$2_)PP*aj8Bs}QAkIE05w|>mhJ{PVp z6pKuiS)xqLjMNP*O(R|^3%g>kU?@hVM+B<_6UDq4o9gnWq z_&BALt03rMY4x90A%c zl&0-$O^ZW%HVY3?B<$UlL3)hfZlU257yUXtZccKtqa~Q!x_j;*?MN1I+pfKHR_nAn zutX1*)JeLWft00V!a2kk450QclaQqcg-8)eP2G=Df|!bQscBpW@m0(NZAC`HQ;;}= z7=Wvil#8GuFrjlFaDzTa)&$4{=9v$m%yG6(kCDnhf}9j3Mj)>uZQ>G!F?j220+&58 zzPe&Xn!G9^V5zYUb@K*eH50PCQJ#VO9S8OhLInx+`js>0hz1zzI)VBcz*%oXqKD`_ zZAtAHkg3?!`gL9*>k-G5(@c^^ixx+({~wWhQ^*p@?riB>*J)>S*D2M5KTlv39=>=p zM<%P*%);&`UWV+JWkWFhKm5Y|urpU%Wh>ZH!s44ycciiB0i8 z62_H{#aHyY!hE~)$R1Kv&-kLQli=wzxw7fYqGBAeETL+6oeL9N*Q3%Xup36Z}li0a_$@2E?tZa%L!tj?yQVN2w zn0<}gccCLi_aDB+Wj1vV>e0r#!)8;IRX==-C>kSp_=;oHkCn5kHfsGGfj!CtI%0Yy z&i;;XN$3Xva$m9SC}o{1`$#dZf)WPT>;=6)p-V=nQv%e;*%H$L#uzb1B|wx!@1-jq z7x9R{F?|GvCul=e?pqS!_Z+snlRJwlRa@O~HWPHN zK%b3JE7)2*@s#0d*4YZ&N=No+U7I^xCKD1H}tc|Z1-d6ZoXn<_^Ca`(PuGQzvf zAlyBV5c4j5XMadbs}8&bz3+*3Uo@pAH0d6d(9Hq`N6neFv|~0V!n{RCzV0%^QQLy~ zG0SgVd42#ecV4{vMmA!WWb^H=OPlY}$jtfCm!R3r+{MMj$ac#gfQWN3m)p4AdJ~PK zgvLJ7-~cYl04Ze}xQ{X(J+U0%9we>9r+wj+C@^@rFRfoKR$3f6Y&L0_EnLZt9)+nx zv^7~!kLj$fjyGr)6-QE4;duBbwZNA(m`2Y4#*8cIu7MiF) z{WJfU5CAEFK?;C}CPBYI2Yz_P`Xh$F(B;V!f#3iIYJda)3ZTXUP=g-CkbZ+&f;wLQ zfdU9p06*x7mjK5rkOznZpupb*6vz|hA2gFg<*BhAxIl6&dGdf?3V{D;3ko2QhkyeB z)bR?`P^5=$fC0a#{awkwMd7de^9wA0-C_BE;`~=*`5O%n`hmYdl=y(^pV^Y9PLu$H z6v+P}_Mh5%m=W@asRTUC#h)p8SP~EOF8@zk|EZE+h(Z78&!6_>&z1k$ME+qJfCJ>g zf3AT%2uKbB{DlB@yf`=>0s#E2t^Z+xfCtywpC_#UVe5Ym;GfRj&n7<+_=&(z1b!m$ z6M>%y{6yd<0zVP>iNH?;ej@M_fu9KcMBu-Oz+bs&{-KH->+gIZzj%}WIzPC!{#rod z?>ubc)QNz(H}a11P=Ivo6gKhBdXyKR=@xN82T>?Z6I9(F2jEu zBRLcafQ9rgN~qVD@x6al|6uN)dOUu){3rB(avxshKd(ErZ2n&TzpWttyZ050_1oBg zFZ=^Hz;C|df4N~FTedI%|Lv&zFaJsadVlDYMi+`r1(T(`I_Ou7B|%(Eu0G3R zRV0ruksGb-ZQFL*dQ!)I;^lkb?iwW=J}?KN{!XGvUbNU#x8_Iq9Jhx!SFh|_%%O3% z2NJ1_YiwcseB;G53 zmhcc4tFq!^Hz)YjU1bi*8xI9OsL!-cj~Nd|$|~w?KkXDfxm^&pcdV3D%&OY-|0;e^ zO6WG!dtCaD1NLmtUmjufFv$;5qW_%de?*8%Xq=h#oj;tcCpS&V7iU)wsQ)EGbnf>E zQRolASdd*&KuXjL_nFMdI5;NRHbGWGzW+}8)6JBElJtE#-=S?&Emg6$_b%%Ejy|u) zo8YwLs}L<5g~NtI!CCX;yZpN74$-hBQ{)Ojc`U7MPKQgG6sRKvNX6`8_?I@E>V^tA19y4h>JGpiNAJSJB$`K+dUGoi*BE+f|WmfRUkD#VHud=#UoVSeVi8}?~ zy26Tmk0YBLnPeRsO$e`epg8XI+%1{mVLDtrmc?ZP=OVg(m zG&mlRHa$giwlpW&Ttcdqg|o!9Dbem~8AgGVNdrkQ>lxc~-5N1%=;_tOs05{Cyp#1Lu& z7}MU{(oaQYi13l%l{jBXqT_i9 zu8|pmsxru!ghn)!k3A#6=7Bp|emEH5?gl*{Y}F>ykT9vdQpv%?a1^LHmUBYGt43j6 z{~D`uFXWZCPZ9Xt$J@Idip-goNCMeOTt&F@IY_ZSVjEG2u{ulYGm@!`nUa##I?f^#ktKEB_R8ii%9f#VQW*9rNfJlPUC!}7Y|Ho zzd`P7(foKT!)Af~rf(A{T0|7)WTD|lwfXBa@op_Q)tM>*38i$MCix*5OdMQYrX7Jb z?#L0aCa|Xu1dnzHU-i9n2YN6>6ZoXK14Xrqw8O34>zq?BN?%q5?O_;IWULyEpX{hT z5sggUQDt52)&aI_d1jwqQ>e)a_r=kes0|_*DSI+3uvYB=VzIP09NdpdVn5Dr4uZs~ zb?IgiL~vOd5$|?Sij?3JNTxg2tURbRnS4%IGFi|bZ2DKT!77TEe2?2Xj*gq({({q z6`QovfV=l+k=Qgfh=)vA>Vk3X9Z$Rs&npWRFr$R*iT0uC zN~yLTl&*}m^7KmG(rl{mptzLH1`69}Bv<$p4;Lz3Qy)r75W-A_NA7zIL?&X2!7LTv zGm4J_5jo_+-w?7Em_5oE%6p^gTgK|nOHc>OVZjsD&OOwBxun+$P(gguH^N{UFuWPf zD(kcq1hxkNlXESM++P9`_Np0M<@p%4hLMm5g7&7>WZyg4j}OZ@*x3;C z^0h)JHv8g9@@WtR+vF`~H|Rx}r);X=nlvbi*SmK5w(PYf1GVSIe*i{$b>N46)RZxl zzRalH+VuY$|CHQwh|sO$@B49J#^%nRv8z0J_qiJ(+g+rQVZ9v?|aCF`+A!?a*rByu|R7~a%SA0{Vl{__?zq`F*xz_?wq-P&|_3V z>18ojmFrEh5ogr{m&ck#$;2MWy{!k(^e#c)wr#sd0hGkoX{UJ^it>paJ7pYX>^C&L z5dbwy0KHk}&>^`VBEyC@b=daWpf&M0Of+&HDnpxA&W%|GmDjqm=92%;IKj!FkvcO-(YV2&Y|BZXnNkHa&_1c zz~j)-{JmXgat^;(!YaOaUrUYwD{}10d>XVFLUZp{%a!LatLN|%$yqsv7FUlSnpRlQ zf6L8_)<$7fv~T*p+oJQs55UxCKNa8mo>>m%MAX)g5t^$OwXeguv>JpcBnoF~m{`;T zp@oIbV%A-ZuFa=QVJmaUwA`}xn$HIASbc@yyV&pn;^994&;U=Y0OT6R*I__u&pmM% z(U4YKQY)&qJN`2+Vzj5!kmIMB0WgUdAALPKkDj(YV=YIVJ&pt86xBNJO5xoNl*sx_ z7~>o+EL<+&WY2Di)IJAEAk(2M71m@wn|_g?R*d$&U@lzxy;~4vRa`-8!pE#r2ynS2 zBBs+p5M6UL9E;Z_;@;m9WtITl?NIM74eyJq1S6V;ZwbUz3Q@t4vQ%cu;Q;gDPkG!{ z->`XO;HRwpMl^BqP?Vk@0CFVf5fdqC$*ylk?m#Sc* z^C)*xGG)XN8jC_jxT0`8%cD6P3t@#B>X!6il4mwn-rR;f=5XaPZ)+acFlL@NB`oGT z_x^VOf_u(A=ljF=`@{FA@6X>4V7V!d=x1{T-4i?S8+wykS1T`|&kAa;$VILlI`kkq z@kC)QB{dc<+V;LSV%kFOT<$DeWdm|Lr=c(NUSrF0v9Rilz?b48Fua!{Oe5H*7?(}} z!#Za&F`-AsHL6uE_u&)~xUk?|4JJK33J5US%2kIdgui4~b0~H;k~U@w6rKWV&EcJ= z50)jUJ`AoUbi7wzM-oQw(&RfQ%gz&()Y=Du)hk#%{sU7fBT;INTl^V!PwN^x_prkj z5#+5AB9|Qb+pvl>Nkj`(8ekF8<6W=-N`||jC!w*v=QF`hrx2cx&HX?S>%vCjPbd_) zs1o3fdOSutxf#(_3^G#-&lW=yx`}hjj>_03MdxG8R{nI$u4|giE9*TKPBZ&|B`{Dw z@rR{gz!f#QS6vvZB0;a1KsX8dAniYb(3m*w5`o1&Afz=K*-}K={nMtTfBcSgWzX`C z@a+v3iC%0sFSp<94c>e$dh#oshh_d3;(SEB7OB2sH!e_1itZzX3L@u#Dwp56LQ>3Q zdW)&c`L|VbRp+1%y;AsX#6CccTvW#y;UuiC7${GKAr@}|&jyr?X<(XgeTe8ReKD@u zYzByP{KEu2S=s2r$^aP-R|Y*Q0GMLZwI{Lgbv1VDKx43H3ly{6xB!Osl(qDjC}6NvN?>x*)xp9M*%+RDmF#g~cU%S}s}d%5Z0qE}M(M+O2n-pw&yWM>bxBs?8^C18p^f#N^E%kdKo6}84qT$I27LWsTtdb z=Mh(Pyuo9}G6x(bD3iG)0$6bq_%DKx1>ZH{g?*n3WCs*?i^dIKZfOsmTB_USP&c8- zgvppkZ&QKww0*!`?mobDeQEFL6H8X!Xa74;|0!3T%x2qB+bLO&W2r&F(S@w^L7jYE zid3rZ=y_%;17{=X*Yjf_dg_f?+Z{NosDS}TOE#cguivqp%bHrIgydcz(%PbvzjZ{% z67&aSJLxIUOh!>uke^?9< zGm#$(F5eI)4iA&8HP(-LsD%KW3qykFb`Q|4QzE|UGs)7DW^zL&lczs)$yiClkok;$ zY5Q9_dwEU^F7)SX0cP3%7=L^>{%me9<-P`cRJ_=B6x2D~6Cf-Rhr{V$4=CePqA-H1d!k9RRTBR0#ULG+cnkY} zLc)%!st-?vnwCkb_<8{5e6M7#?)X%=514y1AKV`ehS8fUjXsHnMXrt}e6zA-H~ro4 zEBA6U$&8vTv$*h0a6Atz=IT!9u*)jF!a=Q4wgnnOAp@r{FvEiMPT#aasC9{KK8 zx#MY%r+p#AZFzuUPqWqd*`aQ(slp0TbxPJ+VaIz;`i*EY^7HjY(jF&p+J~o;ujgMq lgK9?P#Y3wg&a1B7k=}clgbW+QF6R_#5;tZk;egZ1{tLzs{eu7i literal 0 HcmV?d00001 diff --git a/roles/stable/openssl_certificates/files/ca/images/green_lock.png b/roles/stable/openssl_certificates/files/ca/images/green_lock.png new file mode 100644 index 0000000000000000000000000000000000000000..1ef1678c8dcf9d1d589ff2f2f824cb2fbb4f9e7b GIT binary patch literal 10703 zcmbVyRZtvEur(fB76~3?@x|TU-Q6_{!7b=!ad&rj4-$gA1PB%g?(XjV`R>bKbsuj{ z^>o)%O-(<{)SPp=Bh*x6F;Iz7VPIe|3>oR)95rRj{Ldj-D9TE~y#F`y zJIj*(t)Mu|>AS(epyB>!urQg~gfK7^F!EC3THZ^iouA{47E;z91@F6E*+R#F+!Ic zSHaA|AVoYwz=ZOgOe9ba8!e&+vcz%S>2)rAz1j6k0YpU!jgi1#%e(Y$s%%7kJbPYu zo8rF*Nkm1-)XbA3|5PM+FP`ZwZLh`QF8(~0{P!hA%jdm1r(_*{Mx~cg!T2#LGlcd2 zkaJzMw<2UaTfjei`+Atq^MtT0O@+PN9Z-gOn~MzxKp!I1NV1477(p#9v;Eut70s~K z(RO+7i^FYeNJCqDN@N1vpyY;oxn50)&W3=eIk;sW<6tTyp{b~xqf@HLeH~h z>7v&HRvYNsb=M{HDWU|F~Th@WPlJMsF#Y0kUJRr!XsP*Am<=s zqv`O4kVVJ6iD)hG`itMqo$uH8*yY6`Uvf~fcN@(H($Msiu7DDfklV)R+}A@+QemHP z@#g4j_&L5rqlCFl_wZTDl=E!{9Nc;xiqUfAZ<>$R|GDv1DxUWXF~iX3C=`2ywlUx zy>p%3A4J_;cj=?X$AJ|E2kzKKT8?tNOl;)Mk;vr;6xbIOk-9-CEL03K0I98;3Px{f z?S`R&b42mvHfeZ*UJ^Z0P(m@oDrh)-ODD9=Tv@gK7eQ8=%fj=+;+K2p;oEz)`t4q; zAjLrp#h!1IqK8Cl0o5YEu=4z~%L1-|A5`B^*Nq1VFzuO5Qm~UDaM%dZ&FWBYz&K%0 zWIi#94U__mee$r*u@oQQ#!P~XfvYVp@gj^vsaMdFs$f5-3-pfs6;Bf7f+|UK$=`D1 zx?OAdu(KN2W4sXf#6r>G#_8qjpjsv=>!lM> z1)G7TvmPQYdWC93LDc#Fjt%Z7pYwCq^VPgfYQung8Kyfi#U3W?wdd78Lt#yYvbV#m z?~vi#NAkK{?~K`9d3vE81#Q-(OyXYEcqUkG2sZH*1Csi3yh|d4I~7(gME!aXw-O1M z&F#a^H>%DKk#tT7N05S-!3ZizJe;%<_zTiD)f3rX6!OKm4{*TB>)7U8p*T-Th3FPz zIlYZ0`P|$&`JH!P%w3CaHRINqmG&xqYrs!W$rsF0~mq&NgfkzslDTCG*sTmpk(GBQ2PlQSJB~3})*N2@eUr&cW zWq^%%B}G>Z7jLWR9FgHz4$Xy^L`U-8hTpSHyPh=t)XmEf^5#JcQQq6~9F)^|hP!%B zKYHF!f))BP6v#YEPSur8kQhr|9Q(u-dMW}=0AB+Y|ZjB6l=wuDe&QM_h_vH@2o>${mpLfq17w@_fsFw zx@za6x4`?=x~tpsH`%M2(4>Ce_*hHqREGX|E?zuoOfdFGIi*N?dT2Nuq4WhtFCMX1 zlo7;l`%5NJAV(Y9O336uRGJOf@+D33du7BQZaHdVd^MggnFW>4pgPcoq$}g zlm)nbcSk-%)pthZOw7sK3uw=gaJ zyxDO@_ZFLKEyZ{w*CYzmTKBdBYRVGc6n13)IrO1M)@bxl6iaHy1PuO6ZenBBc)OKS zYaxz5WK*jxK?B{~{FTL)1!ytf@kLYH6q%x?%~$2?X^U#@j|Adr$=W-iZ)V>PPZ3{3 zW?xQ9%JlR};{$6YOZq$i3fvIY{$%zR$2xL}y~yi&~YWHx%VdBOxqwyGexvW6#|~* zMJkta1F^HVG7H1fM;z+#hXPJ({>f~B##Ef`_(=X%gvI_sF%R!chvyT z3kJAvjx%JU&e~s)>2M8KigDAmHF!|p|7tJ+8Y_?F=;5g*rZW-XF1;rav1D*S7F+An zFf0R8@ui5A2;g%yp$NhO8z5CUvWI@&c8mPvQeja&dVVdXx%>8ko`qDAv~mm(RbyLY zYC1&M`{eJtLZav6P1yTh(Xn(}H5!}^&-y#k2lA!&#iEXvvGMeQ-^aIV+8uGrhjK^J zU2n}gx^gT^N@9ZvHW(QZEFW2`oWgB8jkQ8HA^_Of5wcD)ptV^!;UHuLd}IY8(luQ@ z`|Udx+vQDIePdp*7yu5I3nEuUE`@S@1h9lJz+40s9Nd;;PlBedS3e1jrT)lC7Ffxu zgU`8$G^H`A5=JBSzu6RhUwGNN-~=r#uy;c4b2ps{gT!YE(KCT4*7|Qg7|Oc09SsAN z(XBgXaGx``p#5J(MfwM0sSFVOP{l90{+`Ji*2fg+c^DVbQos!j$Puwe$`xna`%JRu zWT+udPLoWzei&ruW~d|wI8PQ#CeaxKMlU5LHM|-85B5T-5ba4Nq{|>wVW4Y5%}o!Sx+t?JV8(|C0lSXE zo2a_xAGB6MvDxz|GD+SqWw{&n(Gs~HYFP~$3!nu_ofQriG6}Dd_e(5hdD)J-X#1*p|8hL;~4yJtKMs~k%oZA`myA7dWif)a;Z1z(m z^g*mJ^;c=JhM7@hD#|U)kw`IRzfVw&SQsoBQn5}ot_Hq@wk0?YL&1UqpN(>3oH8gS zC4qR!XtM*23TH~wN_J*hu)_=e1HK8RyqlZ`5Pt+QFD1BRN9!Fq@UHniN;-CR{RrX& zulUs7WzyN_74V=OTSq!LiIQ^HAg*?PxfbUkaxVNeH%_v2E!ht)7xGy}NJ>`{(}7Jd z$&yCaFY;cDx!gd2C+aNW4H8V-0p1xz`6ebdp9Ey+U3h5k1EvZcLbbE&=>1`EtKPNH4sKA9b|FCSi3Y=>ARd4SC8aXDjK)}_l)U8z zC{iy%efdbP8tMZMIb`U6Is8iQf5Q6J`~tUmNP!8KRpLq5|D^lN)3jTh7%v3 zV>|=6P_F-VDf{Vt)RI)-7PUY(!J0_1pQe45-$UOxab0eXO^{pC*mn#ct7LPjW}(U3 zA>`PrBWx=046E(BJuWf62w4P~({q7FxSm!^0cP^R{B=k8)Bf@LyBqoQw565sxN}?d zWvYE^XBf4tNfGaYq=S$+O7A!J@aAcHPX+96>Rc*Cv&3)()BZ8U7vwno^`vSydwM4P z6IglAPAfjgHGDO9M)I46x^v)ikGA{gu&&GBT~4nIb*$ZyIVkaeez9ho&F<-sy}>Ao zxY#^rk-QG=Jt*MVG88Lr`uc6on(h>xKl3#?l#c)D{v(x-FI*j)DES)n@;C5-v5w3) z#A4`TD1#cWiNT88NoZ|hPNY4kTG>)729;LIOO4QQItGQBy;2q`D-5KiOaAuDot<(J zJml-OHYWO76gZiE0;mhPPr=>_l*YM8@2Y;kdVl>$Y9P?#_bQ-i=thvXcj(Rmbt826 z4p^s!RUUC>s`s#=8=`SIa@aqAtLYxb=v;3HeajKi@~s}d%OfP6>yU%=yxDe7cE7Wl z(&RP$b^)c7QDOuS;6jJ(Ey;L)3< z*P{M=c^8ArZ+fw5VIIB#rdR@3J|@25w) zdd<`gvczxlnga;gZU}XR)buWbspXmjN(3?O6ky~vwH;xC=W(kH%88JG&fri=Jcj4) zcV#fy8Fw*nOY8v(DI=E9(;}{Dk2^*QI)e{GbKRkem!)1x@y4mt(P+Fu({&42ru9SD!cM`cTMyHwCc}kA$NH-mMgSkm#Od zA4lr~f;kn@#}Oy9`A1iNfp!(76N}L+6S?9NsO5UNC^c=UMrCPo_lH(uWcFu+=k~2U z;yN<70=wP=H)FFz$4GykWu=^E)dlT1yRsV9#5n9s=E9A0JQY~&fixM{$-J;-&d0J7{qk6W+N zy5B}VFZvo4CeM5CvImqdD@+2~t(!~A7&CmPD@X-!i#&}GSLtLn8RG}>e$xPhj~SY2 z%hg!L)hBuzq62Sa-;?7y_ua4@6OIQ>#8b_v{=Q9IIsOQ}Uwy#pdWie+x_ZB5((1sm zESFP2S{v^PPOZ`;B%;vZg~dn}3r*al8I0(aS7uLQFDIb5EaowXe;d}qr8Q_ z34cGUX+Ui=G%njO1((i*Zo=Yg(>1ML-`|P^%Md{Uiz2+6hL?;!2iwTl!}vc8KaQ^s z*Pn$1Pdv)dGW>h0iK&`sDvkk=X&f(a&-~ZDyNVr9q&yr`oS73n6+wR$OrGq_Msul+EW>B|{`*$wkA{BP)-1i-}9*$G~SNdLOgt%XkzFv+Lod zF_!mh&D+#2eZ2ypUq*k*Ex3FeKD`r=A9*CXf1z~yYqJ+QF`<94EE}DtR8Gjz)I45i z@`_lt@S9Md6AshEe4VrVfnEOt(4|;f!FXYx?jYKu=Ncnko$$H*DA`Ve-u!sZQ{?ey zx2i&~k8D`Y{X|2E>gp>Ip#d`cB}1@SB5?Z)H^G44@#^>G(?U2CCMfgcV_h!dQI!*# zCulYBWR4OkAi@l6y|Tg5(ZF{PTt4wh{u3apA|d2cz5T2j z?b2+qGii%J{Tj8U2jmzN3US-Q%9Js%v?dC}L-0?>pIOkuS(_j&ywi~rcwQ4XPQlhw zXb&HvyOdZ$I;+DkL($2l57|g_K47w$`*Bi!&v+3g-#SLPKj>e#2h2Or8}xhZ=Y!|+ za2@BfpJQL34MS^{va~aEJiC(|rGiaxLnKf3mWA zl;u83^lZ{!YPjq?;E+1bYD@P>6CCI&E-EE(5tHPqmrfo{Pq#s}sEH={WtF#!6(+9HK%J`DRPtB=v(*;qTC1Y46pa%%)X9VdG^vMrp40!RGN?q={z&icm`y3%0p;v?YPjr;N+L{H8 zMREXWMr#Lv6CIN8Sj}Ym+fa<+fw&L64p237+5N@G{#Hq8c8H|K2hK8!`pi}AK7$#N zs>clb30{dN#v_?zUSH|P7m>ACBY$$}sRax`IY$3=&&3*A{<96987+;b=;DLCC ztIU;#g-=Vi*>N&9B^s@TzjjUx42qPVNj6JS;k7I==^A^16qM3pM@yG5%$#l`3|g!? z8mYVEwb*4MmOFUkt3Rt&9k9C%hF76{saZ$swXUw7* zx7$V&uCiS6Dx=m;K}6?;+pQUOOcqLCmkYj#_k|E0{nfp^itA3z1gO_PS~? z06bV!Z_MAvfDW+xq*Gd!*$~i=yae}k>@Nd_DvE_Tw6Zj_VJ z&9`CZ+z8I+ybcu*t0F9OFR~;NsJW%=IO=5k(cm87e6_beiP{y9;8z8=OCtTG47fNw z6WKqC>#n#lx)<0ez7k|?dd?zblTXB!$OnyI%JZ&`Z`av}bu6NFnV9laaG<{%Jk zv~0H3(!H!qhAc$1^xNU?Qsq)?3}T0m9u|T4 zh_qq8KvnRUgTaU$m*pr8&eWm3#MWNMXFo_{Tmp#qU+DGoB4X8)=_Uya5!VLBHyVhm z=6_@&+eu2Cfqq~W8w6<~;5sL67Q-*~J|zPY60tKyKBI`c!4bg*HDRWqS2)Db z(S)0iRIoZ(U45P{HOD)*4I-km7YA;HTdgTg@o}H+_ssjLm`{LO#4)a>~R&t*XdaQhK4!nZ=nqUpvtF9bNosKMX!Ls?=oT)dZN> zHp-*)QvP*Y+nwN~;=Y}u zHAw;ECaTd1zbm=sLu9M5fxW?jH5LP1+HBMy;-0(W4pPEa&}>vqiI^ zY*(D0+Z2`EO)=%QsRX*%yZW7xbDy~fv(F(RWKRL-U2G>c!M-X{B2 zb3m6oq}yg7uNd(vo_#xquD5kC-t1UCh76-9@LoKu?5-Q=_L-HM%upwazb5r38bz!b z7&?cb>8cQC;>n)=atm-YHys>%g^e3_iB6+GsP7|+tjI24t!VDE@8Mzp7V$Yce37s% z!)n=K0qK+7n74OyL$Ur?y(zol4Phg+C@!CVUJ}jcpn%>GBZ<2uc<06kxB;2XLTc~3 zIpG?PB`e^}QP+(He$gP2fN8M2sv)MJmd9n2sYlB83J)>w?78_x8g(laD^hoC-=1-b zr2~44ux%U7$NMFm_{!~(>@&=*TGrqB%~f?`>(xn1_VKVTce|$`jqoY4FsrGai()k8 zqls_m;~PowtURc}9`&e^_AaEFodc$Vq#~_wsW*vY$nsaYSR4&E!+bq03Xvesm;I%h zbIMBwp5pZQY~2}8pmI!YcS8%l2m4OMJ~^Fo$eFuLV7*-8;t&;qUw(u8gnr_rox^SB zqT`C^Dpd|u$=QOM^-BG5>)*M~)PdWJ{!A)vhxPUllDeO{_Fg8#*{kA1zo-WVl?J?$ zAt@{;ReBxo!>q6P>;5mxr2GNMc~b1A_7RoXMhfgH4O)4SYN*hkYDML=&HCbc2C7{~ zSaxrDlqG7jUWDiv_36S;stMHa zeE?15nO6#q4+q{S`E8x4axyKa+w2Se(Z3<1-iRd66E)~+Kb-1rhzpW6-C8`PUX&Ou zxmRf}l#xa@s8W6o`Z!j-~^7boMm}Ib3^UD$1jVrY&9X7?;65 zP{Rzy9vnUQ&^V-6@;@%Vu38g}(Z9-C3*ZY8%_frVn z2oD;QV}xrxlvq_~2QMeOy_Vl)k8gI6bcmidVmAu}jWnLPYghXcTgo2;lfkWr5{|<~ zzh&fZKqp}VklEpGdFmb<-^7WxoCV138!p8aY`v567v3}W{<+C zXOC^^JV{+KQ>Rm}BUd9?-XJZ;LHQ6F&@2}C_1n3~n{wnNDbqiV*DFF`lLpthXEZGL z<gI;<-p~Z@Y!h&6RkMdomY!m2X|;^Lt{4UT z->iku1Q_t4dnpbM_!KwBrUWy0Nw-*DW{C;8s}L3c4<8UVXppz$TiITFw!Xk*T;2<8 z>x$q0t33;>>O;}XM#lRXi7h5aa}5P2QOW&WL3ARfBC^5-an`7J!GV=tmiix9_DjAI zdkT3_@b5N^t6-_Ze?Ew1Gab7pyW8l31enQ?x)qh{iCScKQ52hD36LQ=xSVKN0oExN8P+th zE7NM-{{~(UD?_-HSvRuD6L=HZl!Y7aETGc)p`;@mXuU~Xv|&&S=vjX zWTvzOzj=yaaf#1+2c~3yh8qm(53_+ZjsSGy)J9_!votvMs)6VBb)B9r%y0${gy92@ z%4@!upG1`81HT|ImONj)yu5rx3^H&qQc8t#4mocPp!}k_G4BGxl@>qexNR>1bu}Zt zSLHzd7*sc-Bf)E2z1mBN>3t#Lu59_cb+ibjTb4k!`2yUC-&`Aga%YC+6`@sR)YT4Y zPL1qcI)Ie%U+-3xu$V?Qp&&Q>?g&?#=?+vzZcDOv3_b{K{KFGaPC!EBVH_vuK_D%T z{OxngN~?{4SrkDUP<@%f?tg>6cFKHwUkcjvI`ZC_LLKNp$7(t~nIu$V{2l{(5sP?h z!a@CyLemZ%4MLN+#70Q*pd{3#?KpQZ4pskrOhDRYH z8n$pL(P>q&ORi&np$2oYkXypw`+pdd=3gGnu!jGE&;R1o{|`j}C;kUS|5twh15p1j z8~#tH4GPNkD1`a;nsJGTxE!lcn&B(W>hh#Rc=5yS1(-AM44RG?Eaz12CAJUXu(|Vz z3gusf`_5X&3wAV+y|X2;5S39_WWQkWfe1*f{HjcP48u5S%;b%*xW1&lWs0e5;uzLs zUR(Vx^=7V$+VyaG`t=L%&N2rw7(SdP3%_VlM2!<7=MMF78c3sFM}5Ieiv(F5C}I)2+|U1UrgG_d?ECS|Z7j41J=m1Q2voOj?~>xP zfhU*VbXt4mO7bs-zts!y9N_`PFebIjeI$^PM-RvA;6vYD|Iq)CNA86vyO=}5Ddn1u z<{-pMZ21Io*hE|wU4sUT*?^O}d92}c05(3ljRgX`3yBV#$edO!Et9KIz^pZ$86&4D zk?Y>L;Xi{gK^((MLFnM-Bo4p}N-IzJzHLqFu``~eed;7ZmKdSim5>Pwzoe#x zuO5YK#2$ybQmBJ!|_wI&btnUkbcEoB=5Tp(P=djmbniSj)mKyq%( z6i8&twl#U@rT6wlDQ$YD86z~>B&~c7fzgN%P|k+3sMLd0uaF2VHZU_DnyG;GTDuce zV(%|;IRKc+-#f8*I-eVNPqhZTcp#0B&%tRF12YQO)O92Wd^s#}s>EdC?+~0PFuMkn z+X`ggx`#xW)W`HmUI|3d)$pY-sG#l185X#TwogW!_l{?;2jr+W{^wXx=FJcu}sFcNVSxWZJdZLL!N3xtKx%@g9tn1@@-9=5r>Wu&Oik zmWbozq9N{VGgnYVy0^5h1NYM**|!Dol%_0s;EieEZJ_NS2&WNs*=24XHRz2hXO2UV zccRbCx^H`Kt5H$B00kLkdz&vP7E@5I&b!X4lwwM7PI78YK|a-Uac+6^ly`OfK(b%L;Khou!7RSYJ@GJPYHd|vJl-WpTK znxURzEVe`^;A=EAoQ97r(VT`xE53xR_UD<5W7k{Iircd7*Ly*!E-x)O6$|nGJU@?% znbU5c(=?&?zNQY(1N@_2jzm51M+3Op`4O<(yc|=qiFU^%7cf3kM2?9v+?a3_d)k;c-qVk2y+T z@$A=`k9IJMD(5(1>%vS~=Y+2gYs^AF_%k|-w5|UAe=qO9%4@7g5+}R<^<%=wORGrL IN|-_aAIlq-F8}}l literal 0 HcmV?d00001 diff --git a/roles/stable/openssl_certificates/files/ca/images/linux_chromium.jpg b/roles/stable/openssl_certificates/files/ca/images/linux_chromium.jpg new file mode 100644 index 0000000000000000000000000000000000000000..d663de455b61f10b8060f030be85133df77684a4 GIT binary patch literal 39395 zcmdqI1zeTe@-X~t*lZe!O?P*PAhk*9?(PO@1Vo8VcZZ;KcS=czbeEu%h=7zJsKke! z^S}4p{GT_z@4er<9)5exnweFzW@aU~OSkI)wt}p@EC2$50J*ylxV-`Jq};8|J*};% zeC$2#s2<8ItKGf@qyPvQ34#QMK#(BF$Pg4XY&0}fR5U2oJq&C@C=n4Mlz@PQoSu?| zl$MNufQpTZmVuF(g_)R=or|4`i=K&@>1QDzWMpJC6f`_EG(08}0urYG;c(jv;GiHd zAe174Z~z1x5F!rfwjUq`Kmg)h7eK&Y0stM_8>J|_> z6M5!*a+8MP$c{pYaJl;A+RsSo`0PEg1A`@rPf?$-+?;ELlZkB_@*DlLnY}-hhS3x% zj2o0zrUK7(tsD#B%XP2p4}j(;*V&l7+VFqUCI96*WoJR|ICH!@#(|lMPRF7;Mo&vm z#}Ah1YYwBaNwE+J{6ld#biXB7i~ouR=})9l{ekDdK(B+}AUx6B|3dvW7Ks1=5n9ba z0D%#!eF|dHJImZ%qgomj|Gawc5d-VC({~|H83EfCEm*LgUK5^t)s7{1X{5d@s#a}f zcxYmNu7NUL0adz61G590C|@8*y-y5IjHUjb8b{3GmHpTHeJ%$#ezA0tHVB?8M04}t z`zJpzma$`OIN#2qZi4yaF^sDwopI2lp`xj-~3fa#ab_0|z zi#5;iXP%68iFa6h?DVQBb{Tu^7#%zG_|yJ_t^Ggf!yj9LfK1L;BX@_vj;cI0EYD}Q zSmf+qz97&i_!qVPG4nr%xn58N{&ULjSZqjd@bSOpKm;LHtC{>;7Qj7do{1Bz;yVLu z?0oC^oIWFsX=4F-JZ{W)R&L00HkJF&vLgmcf5#0zwh?4LLw_u$!YMKr$8S>X(PqQk zV8Sn3l4hH(q-(3tmK6BUGGl@8b`{XO??^1{|BU_%_j?WhlKzwMr+C7okD!Es|F#@r zRFdD?^RKxu;IZ^b>;Ia5M}bJnCf$t(GWmVBppA`G8aw@zEKuRkEbf{P3v#%8fp;Jl zXU$}Lyoqi>ykfX2MvjMz?v~EZ-p8K?gQg@e-)W&V0|3KvGe1Y|V2P1AjeHrFEpERP-bpPaYd=1ON?#ZW>Q@@{lV^#`i&uiwJ?hJwW95JS1+f!?ALICH}XH>fba8K%}OXmw5ayIdJYM zqN2ZxoJI}+ZR=W>0|-gI(()jjdIeUtpE!9}0D&&>_cE{UR3oaes1smDj&%Cl_PG>n4 z^=e2z?0MQeZhP~~%Hy_0_*fnj%!nCgF01^%wE zKRfi@f0yrXlMszxR`R#VzfJu&L;sT*^xH7*b|=ioIj>A~IEtNwR@8sdpUg2WJ7|dY zQqHvg?)gtWFE7z-dG0TPKpw|tr+&_~)V89^DyqF|KI0;tzw!9m!Gtj*<|Uu{!Jx+ zNbtTOf&FrNAsDs|37zisy>2y{(z$=&_#=qehx6)B>*OCZ{v-U;T8;h@{YQ-TpY+!u zBI>r$8}`}3`s__~!6U{7le~Peu)=ujY%PURbd})1KNk86M(Z*AZMZ$QsE218Qu%q= zlPB6*1oy$7AI>T?I+nC|$ZfqJC95xZjMhECFaAe60OS&0z4}9* ze*%vDHV^(2%3n}cbkFYgEWFqN2nhfo-UToS5$TSKc(-W*yrwF^ao^P7`{KfXn|PMSMx(BLitWO!%+!7h zq*`uW*`tEECTP0!Rk)1`Ci9*(c51=#HDa2A$=!@1=^0zj0>jzMXBlHn-dJNV@f9h} z()P#FV1L2vhKAIT+OX=kGQpao`_taMtCyFUaL1Aq8Z-F97;W@I(3&QOTS(!0Xs1(Q z?$ZRkSmEol#=3rY6H=0P5u6C-{ls(KbRYnC| zLT_ejK}&(xEaXcvdAMOns(MC5i1w1Tx%oH)A)2v42ne2i(Tan(p>7f-YP^onABCxI z!=Yq~#JXe!AW7U%a|wPoUVe2xlG@By0@Y(=8yE-+&zh!k5A|=5GM`^D^}M<9+?wDV zVb!TJXmXgZ_;XRqm55%Q#XvLx+n|cFqcXz? zSCr6wo~?atQIH^@LKJ_)y)PZqiM}9@$kKJ4#g&NU{n`E&7~=F6ejRNi+i-QTIU6!} z-z9sk%f&TjlM00?7xiU~2^&b-MDTHKSpR1}8b2RrNeMDIcemRu&_|)9xe|41(UDQZ z!20I@XTU2?4%QZ^+)W*tHq8Z@lKM|FMV4*^lH`D14uT@nVNXBi@2@@nGXu z^YIDdZILIR%(!bw=0b<51I=f9?^6s!3>I0!V$g8{a}{DuTIq0geEr<|9jQ->KU>N8 zb64xAq4rkmHt<{2$qQ5oVa1>m+&BykQ?5y0-Yg>{++S}NgWc>g4xNxvQa$s++q#V0 zJlu%MhLvuIVi;l24xDJaU0w-qbKWUI1?&-2~wz4z8$?Y`O=VK~x)6 zf+aX2^5D2Hs6x05$uRneAro~bu-@|vVVOiJ6LmTXf!y;FA~+{PpiE?!^J1uNgH30+ z4lDV5c__20-p9!O32#fiS&32=DA-Q*>p^@6BvL^g9&=i)jBSnEEn|68{B>6~ev|$4 z)Jw|ElF{&0!aw!lKVyA)`76^uiVf}X_t`4*qQc*kap-JBnR4N9td9T|Zi{))KjxAE9D9#RPjkE0-e#Q@}AzhVNb z*;GQvXo((PQGQh=@GgP|0eGn^jqL)?sd^QXIX&ao~g$7WUpV^ zNb_zD_2f#Xv+d4MqJNI%3Bh00<=4oIvZW+4ea;BQ?-TwWnx1s%>n$Y5CxbQjtQ0@j zP+;)rNt{1jtzR%VjVjA*4Oa(^{nFXUGv(;!7X-IJW}Q%sW%CfH&d)NXAQ1CK>{VzH zsgqzGy&5M@93mMr0@fUBgB)UVr`ng3fu4%Ui243;7PF)XBy7oCvwS958mR31u|amq zslT@KPcD=Gn*~+b-*;IN*=^#!H4oO0_V*oA@K{!4-vnqMDO*?BHE)}pkf@rQ=<|p4 z<|`@mAMr&$nsaaa0d+lo#wEh`6OP_0{K{Xs+g}%<%lOxNe51_{x2SVU-A@>_t+xTA z3Qd*wJKO?;OPp3uwdhQ$?hKJ491$Naci_RfJgE{>T?bPG3O13YEc$m(!K6lp&*}x@ zxa6gCaHV;wu`}}t{5+C)Ssov#|3De>gjOiW3pNp(5=f3;PNZb*lKR>AW8dkR!E^qs zLZW9waN2vje;wC9yQ2K}qMG}w=zmj@yony~c2qgtTuGBUuDW|dIg^&@Pmbv|h9@s^ zqOp5z;kNTXg*(%2l#D6144}&00Az_J+$9zKEcH1Kn`Yt1j5gj?T3+veIgdXm9NC{+ z(EfKzU*(^!?l;}VutVzTW-0@g>LLD(o{QNE7e5nCP2ZVY*w0kW5-d2RW z1uSi?gj70Pt!Zm+d}a`=q+$f?L$Oh<2uKUb_=}0P9#-I3_1Vh!RncZ zoA#7!swa6n88ROlbenj^k3f}clqwmCpBUsa*{aE~;&x1^-Ce6}PEemHuB1v{7FD}U zi;6v>U1YWe>76>x(F*%LqNB>hRMPokrd(<$wJ`O8**bJxH6AoxGB*8kU{dH&nn zSAVzH6TN%$2G0Ur)rs9rM!~|lwDDMSTMH;Y zK`?Jv7nnhUe3#ix=<*+uBP}(Hm?IB^XtJn zWSl1JFh*M zh_(Y03YW2qtmvAI=xFrmMh0k`Dsg9Bm_#YBH1JZlsVuEhoL_1o(V3 ziUU!dG!@Dl9Zn})aHSynl2dDm$zK+yD+%6lkt?jE#Y_Fg3L{VG78s!9^n4^dlut;( z`gTpmqu`yWS>Dl!SUG9nLlPiAtp!W|1yf6@Vy`lqNax($-JEyZrzws%FBn$yG9_I@ zOyrOw&<6H`9zT8%rSS3nVP2K`Pp>#>WrU zwdt#)JO3j2%fBF^AcIlB$iL2+e)$(}Ldzu%vUnZxBl?Z5P*?ZK(yz_=7)HvwG`@~jKpFORhGaiPv3#@YL9Kt4Vr5AGIYD(9 z<>AV%#GA)E+x}D@+R)W}&&Zup|JP5;DSfb*zUt!@;q0`^08(o^=X(0W>AG<)2F(RB zzAWpd5-X)|O}9f;*!S|%uVLSqJUyOVB!yc!i&F(dt?q`G(0qX64N7LVI==MeXmFSk zKT|*qGws^LOU!Tu0VWd~SX*SjQvQ!_jvcvsjUa@L>4b@4DVeM+)z#W*0v2QrOek+X zP@(FPEEd>iEZ%JJnxT9bjnPBrl!Kt@)OOC<}VJH zi3+PO*!>pF1~sObAqlm&CVy$?bN^~QA)3E%Y;R;?*ap|1Wn^V6fS4h!vP~LW3Vokt zVr62i4}E$*r;=+q@Y(9_Tm8Ol3E#HHPuT5!_}|mz;!py|Yp(92i!AD#xELD_w0b=v z_%PpLnEt!jnsTmn>^EY4wCUOgTI~J-b3s4{+?@qbM-oER$3aV#~^HyBsjhW zyWeknE+A>Bj$(j}!1bfubc&9evwc;(WHq0dcAxK9{CVR%diCvE~fQjZIZNYta z+$FQY^Fn`-w_I*-V?gb7;jEZRIdA@+C<08`o7T@8EATl!%9F*eU}WK^n<(y$A14=I9S>XcmbWGsCo?`T7eG;b$w!|sQ8tamtIm1Ct?_2SMUTRMKy92C z_u}al)H*c-{?Q^{uV)`7d<)_1$(sLH4e zts?IU-#mVhkOZ}MC3Z8Yy^QOlQWcu!_6RP=6Zs;aw~X96$5A*2-|=$YNODM#-I4AZ zAU}XlRj}c|O(@;j-W_h1c)(~SMIia)i{F4u0pE%&xt!9s`Y`(sqAGC_obJ&w=Wr?3 zmnR!E83HaCVQGo;J&vB+?e9iS7QeYlDmPwb8VN8JYmem>GTxKs{}RQq^kuiyT7e+} zjrm0V6JAsR+kxpz8(MTk!o4X}p-}y_kJgB6!T2Ou+7fi#VXBtV$-DBg}6`zieU-S24 zd5Abd96tL7#pl=Rhi^apzZjAA9Q{}>dR5Mq7bY4EPy~bU$-4ZJGiVR@#=Im}1{38y z)F&;P0wg>@ni6`=8(yrcikE&IDI3b>-i0rR?u!rNZW7IMQdF~{ifp{6uxzd&-T?)b z3v10*I%8^#*hO`XyHGA5JaWnOkE6F`2yf#^!^Rwb-p~3re1tPiSLOp7-8r%Ja?*vj zqFJMPwReVY=EhJx^>XQhGPhYDwcQV7C<0 zTRkCzO6>aLGMzuokUQ;2tx+T|%Ww|ROV!}{qY*8aI=Wvw%WFA5xd^XrK15La-vUo*1XFGh z>WZ$4`MOdD(@!&IZZt_uM=TY;DcL_`j^+Ho{U1ttN=P3I#BRSPk9F<0oQ;mB@lPYhQM0Qz8_AJ@MY#>?Nn7EuZ!vZpqx%WiMvJAwcn}%B_cy z<^-Qvd5muC?T30Ptj=q>*Hz4XzB9gKbs(VNi_I38ro&-(K#v=K%UFd@e8_>!{V9{p zMi%GkLbCKSE#=NZWP>fbiG3ASd6s|$U{CP%IoxUg5$-F-N@u3WN`nrP3)*Sa#5?w+ z%q@}${Fg<|b?h^k^4TEeAfibydscR5Z48GW*p#~mrL zLNpQ?)D=*j4fnI1_FY)cxf?b2@oC9EA;pwvD!7fcfA3GU&Xei)mY$i(vN@@+6L_(U zbOBe)BB$>d5oM0YjxAJ73r_%@RWi6Go`G*fyqJDsP>S^mRYCh!s&r~C2<;p zt^=>+s$eKH7PJEAtlJ56fkSyQ4Zq4-4#_-x) zxlx^Cb@NFre0A||yC_jy2t3&!qrVwr20j2QADrKqq==r>KWDLy!p3;eSmHWv#GvL` ziAQg&mpI^qdL?T0ZmlmBL(%yC41O#k2Fl6VYPr&sOsEG$zI((whI3u{Iw2eHqui>^h{1U%`ohw%%|>C47ku9X|SI@@l9PiuS*p@I>&z?R%8 zO0xkAr$yA$jrh+a$}(Oe89MAKQPE5JFFmX}E$R1(IrZN74Jt11nA9bm$D~*OUxQq{ z1qcQ9cZJ)I*Szd0&908y-}>tbaZ+{jR{bKLj$T-O0^nsCYV7tPgZ$eUAQ+w&| z#{8u%Lj&YEQWx1agQYaM()_}QwYbntQtZYzbA^@keWAaC&WP)!q|(TSsfqow(QiYyfO^X}!yo;*5yQ<pe^`Ehc)2+`|Lg*u%3*QD zu5K&1RFnOK@A^IXsA7XuL2S=C!_WXHJT?{=<@8y{U~Yu5olM z@6kXC8-U?nnk7uA$Ip;ET*_?DVG^NTsTZy3BtC#bgYlu?rsOc>r+=p$BYn;Vt!!ieF=T$51OF^;^u6v-r zv9{$F=EfW95p3OLf3b22J2x;Iiy_wBK8eZ3lf`k$lQ}Dfwr1K`o;&I}YRx_wmvO)q zv5@dAs@y)&6-;B}YuzjVntePdU}J3<%#+H2EV5;rRXWB_Ro+=5xJrfQJkk`InpFQ5 z%`&p&31X|Y^Cq6>Xe^kQ#;A&}*q3PbtMj`j8~WC$sY%$u?%dpxTKEJjUrVoO?E%+u znF8I6Nch3dCb0F~pnv?cohs&F$;pq;PpF>0U7=}-sOcWvK-`cy4m!@CBFojH3`OoO z*iiq$%GCbja|tI={S8~5@)AMgO;hIgY{JlP!V{>$ovi{xM(3F}dbQOV=xSO;G*$Ua%!Cy^N+)0 zEhKPCfZF>AB^>${pk#Zw; zg&V>Q+H{=I+=mUy zO$=L}Wi@>Ja1`#w;^Pet9X@=)7rVYR){t-3?rky;I8 zI6ldXAR7*1(Z2GqNzzzZe?JcAZHH#M2+Rm9*MFq6DRn2)^N2&Xcs`#dL$LbPD{@iE z_G`6Z*<0KxH13JJ*jUCOG^T9jv0(%Mytt7m;RTw$*c^{ScBo zTfRYi!^L}Q!m8)j<}q(#7?yQt1m2Vh9`l$>3s-vV;W*Ik|Mdoj!?7@yxa&}Cut zL>+<472a8wGx|$LVUxnh`sFK(`*y`B68G`V(6W1?ZSvc`a#eDiYVfyey9csEiP5aV zB86tk%DUMAjvXefSQfFdk%PyA8^>u**JKbs^z|>!unjW(jchdq1&x$uA|7VU@&Z9^ zo}yG^n$8`?#REUgHwlEy6h4XRjbj|uVI`m&AN z6)Oy8v)Sq#M%s1^JqBx~0Eun0(zLV}I)lff${$ZOiEQ=l$Q!8LxO_CGS#$CeJJyQ7 zT$aTMttnRQZA=hsYr1F?%iOnDFihtd*5#RM+qRF0-Ptq#w&ud6^(IX#EAf$F{j`l% zF}9j~y7`y^Gl5Idvcb$Ml`9A2ptbM!t_bRaB*N5t*a^|hge21FMr(JPqhMMfEqBUR z%6l+6M5R2tDE3i|Tp{g7cD81u-72MWsstnzH)*wk_NgbLwCh4urxA71G+9M0_@k=`d(*eNfwSG-WjO&~#5C9qGn3m3MGgURj|O zDj2R=6B~{&HzwmLjJ@ZpofDs-SN^W36;%UPGPp^t(VHYkcWn1iX;WVPML=4^sv!NT>EM z8tcs3=S9kVfF}zS8FjIEMEXabhB}(1ZQM?DLo9#7V2+}z5f`c zq6+wQ3vfRu4Nc_CS86{N4PyvtV7IP5{-IhiD?&4Yh5()4UHXb*$)YFGxu)wISMDu2 zoX)b-nH*RuFz*k%Ec;WAxW|{k+9=@LG%Mp^K ztFberppcrQsDGYG?ruGSleSlC9{=DYZfpatRz)ds5M}sP-*|rm!2JQ;>P^I`0ax+E z6qhfW28-FiEJIsqeg!#KPw}`z@ezsH1L;jgf33Bb7|%M4k{OtK%ds#?+nVk_pB&s9 zJgqW}K8M2bU5LYMHyy7x&ojAAHs_%qvjZq2ikM$;>o?ep3At&qEM!WK_j4gVF<(;3 z_uD^nviUH zylKFON$wj_mg`!0lmDG2iG$X7mF-bdE5u-aAq(j|hRfWnk}}e?@7+KZVb-x0()q-N z3K&eMWno%1g7hCot%`8idMxyl`H*2++79dokxmV9-&hBGn`%5oTC$XSUAk&7P~+ z5V-`QI$s%g=G4yMSi2?&7EgT`*1%Ruwh*FLcDs^h9ZR)pk=%7O0^>C*uEoAPQ?Gy% zrqoC4s$87sM&?^J8Dci+v~_WI^mqe!O6F2rNVViQx#va7srJ5JJ+Yul+6E3)FJZk9 zxKq2Jl~ocEE1t%N?_Ba4an6vZUz%n^c=%;B#QDEBo3a^Pc=gIsHM z`Jq`WMYHwH2Q5Ao@6SW2U$`qctYaM?*M!nYPON3RYn7HPoJ20FbEH|9Vi<&+T+>+1 z(6jXhL7Dromb9wuGe3*_rnqTy`wJ^MrL@dbd5@4J1eUkZq8XXixh1GKl=$A(zqja=lU^XJ`YE*PPh`*(5j5K|JwJ{qh zhZtUK?AJ6%zMlS+0}6nGRHWZ%DcN04AWS=PeG%AFt>-npPbw zQ?{*Uh@)3G9mr9jbuxt{RdjYBZ8eJT??0 z<*;8#+-*0vK-@0w9-H7@(tt1aLM3e#Rf@5nCVd(6;6Yh*@3qGb;y#1I^+0y_fEMB< z5+H7&Ur7z3b=Mbp7W8d87)B_cMw%)AS@CIC&=@vi8^tJ*csbe^o-5nWN#mhr#n zMI}r!6IN}A3dq(x*nDXV{UKPgJRml~{MGIM46Ui@LbA%&LbvmM^HDZG6Pt{5X-*n3bw_)X~*R>&zSqkRsHRXF=z zBP&SU8adY|oEEW_g&L~;sk}R5RbxF8*r%W{o>0fU02GHgXG5qPu~}-pU6bFSR7Y4i zF;K0_-ZNG`q6HV>9e?%L}y+QC8YAbVvh|qe#7^1W>|G zQ(hJ&i31oM(o87}lIpJznWAi}Q2KM}A_fykg6>C1aYib}OX)xCGFLX&j{;5dd!eEQ z(`ZV_737BEs7`LbK6%i|M@1C+gndKE}(zFb*XD)g- z)b8PGH-h~dVe(Wh#v%3kOzRjbqE8N*LQA0DHLNy6Ir6c(;#3Re_n~4gM?F*`t{4DY zQ!ofz%aoX|NF9~7%ObAEL^f-E9a9Fol=0<4WWrt!?x&|d#J1}?Rf`Z9KqOY9B9I*f z-Z&UVaJ(~HQ0UhR*1()P>TvfCMoDmUAy8QoGfKFUd-;2(ERb*+T@nVH@NX0Z8X@FdIvdAZ}9F@x*Xo;dr>M z2MCJ~1n|)rF)u1xXO^WMX!}}=QIu}@bP0uK46B10CK)xPQPwR> z$4apX!KvW3V};GYSXGR!gyT+zs0&J*QbpumfN;Mm!I<@)Gc8v})M<;}iAhcllh3k4 zhlq04fv1tRSUMPj5`%YOC!4R-Mpzr9;rGKo_T{(q?+|k^O31r_{qL!pn84+(T(`t6 zzytzl?zXw2>tHH!3~cNr7|Ff!VH8F2VH34`9)QHX4+kBp)|>vEc*~DpjP`#uVXQw9 zO^^J)26=aW&M`5>qh5VYpmU#1TWk$2@?7mQpzAB!Y$XxGJzrm|yl;8Lt&}=Mj^^lv zI2|?dcIjscrE*$5L}qjtJ<0Q#pZU?uF$uc&fml4C5dXy$i|w~YySHuB9heKpJg z0a&n8uPZ_}k^_Fj44L!kuxFqZ(zgog9aO66Ix1mabL31A7$Huy?7AmoAQ-O+LzkLX z5=AKF7I?I7dvw!gvUgd3$Q$%Bp`(veDy6e>mhob~8>*Im-4xc`C(UcUjH|YU!dCNG z3@S%cq?8a?!iJuZVUg*PnP5x=XR0qmYFz(;?mjEc#uc4}A4jkJ!3UoEN?OQdEtWeb z_>7fI#vfL83Jo1(%RPz#yzlwSEgcdx@gUtwI|0*i|8w;_NG40^Yy z1|zR`A&Ngczmt;b@3Hh|@RC%9WDBup=VkifzW)hl?7|(DwCd<%V~SlT5mN}-uJN&V zVDGwm^}PsBZWbKS9RF1N`oVezPC&e4rMWDco7C2(p$n*X4r>A@5V7gw{#i?Kho|Q- zrkEJxqeaQ1kcQ~(`K5Vdid*0Viyj-F@tAU~J;$Y>6>FsS@nyIcr~Bq<3z|W&`ID@6 zl8S=&S9uWT!@SZCvruhWFvtj89w^8<5R$47gPTF-yo)wKR4{W{R9HO~0?If&i%BX` zF;Ae%dW5+6Hr@fcUJq?6p;eaPD3c)xLrSBQ0)YzJ@gDdr*ho26i}ne5*UP(3e(Nkb zB7;TXyy$5+?px+}7;3Jwz{M#SAj%-1Upb~5S7dVri7`|!_vO|z)d{+`Qtb_66G7bQ z(a`3}nC5=$;~^PiSIlz=U{@ItQhunk4+m{_a2$oTYvl=P48%eZ&~ntNz6I5jMfc8Z znWN43xZNm#B(kYRsjAw$W)Kk`$mMb6r7T0WnE^WOLK=o#h8S#gha_jDdFybmT)&wp zbvc=dOT0wH+AwJ z9&dW52B#1d4H%Er(lcI~K&|8zYbfwc7}@h-Aj~Qjoctg<4xVLzDK%8a#4CXqnTdh3 z5U1n%q)qL+8RnC&OdJk-0qd(bArfpV`CHd+C*obl@e$7gp58ZHg9S>~2aG%kV(Hkq zXD5m8jk7{G48T}FK&!Cr4;`4T(XJ-W?zhD=0tZUu+$0(r96Ezi1k};Ynqzd`!8CP} zIBTC!l(?gg5EbhY4S^#r)z&~GwSj#2(}>L6OZ{J0ow0nSKM&CF!O z*a8$K1m}`Z5(C{5NElk3%2Bd}F;wvYl?ymo-K-p!*b)zoDCxzg5R0H?Aj$!E#8s)T zjvgtc@S$`o%9I&48Uz7W<7OW~kXVKJvWSzH)@UVr7Y4>VXv*`63h65+*nQa3jVYCd zVupCg=#?Uvn4i#xhDwb;gF^RM=9HY_Acw(WeB7$%bmx9)+=9 zSYO3uN8L3Skg(6y9W!2bRaZnF*kKk{W9i`b??bXk$@Fig-UO4-kizVBiL|&;pmG|) zYTmjr6`r{_`SN^$P%sICNs4bb?Mm>voHUv^^zL;2iRw|w*v+wGg3e_`*2+QR5q_e1 zDY`Dj+&4HbLa9s(S0uMmknKR*y~ykH%e6;dP(B!!G&V#V``ZgaCr?R_2jju|(hey! z2eyKUO}Uj4*|nYhml%gz*!MD6>A9!j#hRs_tTA-BW`S~g_AIDVsEaY3S867-jo?5W zPzf7-i333Kc&r_`7wPaJ@ZJk9E@#Ox3Th87vsx{-D=DdVX{t@V$xn$~YN*%%8kL@+ zV^;8}4tYC2xM5Ha0sCPXHnIf~RyMUD0*nMLG(HP67c~&I%#-nhB2)e?&|kGK$wOrp zf!l}xL^T3@d=Tc!=6hVe7_IPW=VAlx2O{0rV6eT)<32j8%)n+n7}D3aYPOj3}~P+CJtY0Bt6Lre4rbg!c@%3&oe&?P>NVfRXL~!js(+z z>v1+V0gN#$O5A8{5bRl@7~{p%N}rWXhstRvwbz_*WE_(B$2cfH$jcK+H8aT?{NQ)F zKE;rz?IF4eKc}3!Dfmt~_e|=0{O&XL>wA0RdDjom#7mKq-TG?&##jHe<>_t9;i1HM zS_)Z_7+<1O?*Eje?H^lu*c2Ah4FSR&guC5fJSK94ZoIGhagi_$VC+A(0YF6*Ua%KX z3&LepqP8tyS0-VTYqU@5(1m&qNZ6@H=%j;dc_hgSc+ETsbvG$>srduxs^a>>?W|D1 z7;?tqx`RPeM-d>HZw9+j{x*|#wQ7b#s1`5ML$`McpbVUIL90Ps_KHqnTRQ~25mJB^ z@~TH|=sH<9#DTHZmgnI*A{J%emRIMTtK*s)a+;B zzl-f`zVSc(yYmH4=}+3;T`B$)o*G*p$X!9mJ47nzEGPH~xCJT!UL@tM;to0WvAhoc z^pn68z$`vOY4y7nj|e_E#6_zB8si27-jErPSX?JM#EO1=M3Xi_i1eCGl?g-2EFTN$ z>D;peI+nTOK3woc9D}*Qj+RWwu7ZvZ!()~o8Z3L0%NR0&bgxm6+s8`9y0Jka2!p}+ z7Kj?M<_=%gU~?l*f|aZ&x%}=TsNmQ{OghA|ntUQgYa(?dx~i1NGiYWazTI6-#kLhY zjWXe%K#91#xeL}$y63<~UX`&#a8N9&i!{4qXsQ~w-MIpcOU9Zza1{(P7XPT#hh=BU zp3&MsbPL?On=myw->?>R_F(to^*qQ;9FKJ9!88Y&)ZEE{Kw%f_=S~Y?A9y1i0dvc0 z{LL2-B!ed~RGPSmMG3XYd#W;l4bDsxw49^9wkeqbU`&4{pm7*5-*sAN%5OjoY_~@0 zM=iZ1C?|GRbkxY7Bkmr8lwAii&IG0g) zRK8miZAPR=eMB4z z4c6XPJRTNZIM-GEPQ;DadP8})9Q@^CxN-i&KfF5){OdYa_aT^Li5L2*d}K463~wT;n~w zl0>pFvM4(|La4k+?)Q2$cKk*3h7+1NQK8{)z3y+zwe7_<#UIjy6LxYyO}`fVJ=^$hA=}aoKs4}cz-AeXFHBIg(3`lhH7tz#&wep&1b=BqVTk|fd&VCXV(w8c zZrcmE)@OgnY$T6*dA85e7Xp&k&Kf*6L28(ao+vbgJa9LGJ81T)EPk-|w!9$=^#o#N znNO5tP!t&}xlAgC5Be}2z{uojdjf!By{L8#mscl)a7&Al$s>S-M`NNgqixLcsC31| z_QY@jL?8WR8K~7#IU-vh-B{gx*;Vj07M+v8Sqk*LF@K zqOMM2=1Hh%kWBGB5q#;c{GNX`(IEJXv^sW|!rlH7@wP-;q%C+pL=ha?p@I5te+k)* zZOgce1EwJPfGXA{8@mxAf0W)&=vLc!Dr{VN^&dB9zY*z~@@VWD=zF(?daJl_eg3qf z*vVM66dd69ZVS83&z9J+%n3C*ov0p^<(DO&wNi-jvd>B%kY85i0U*JGeW3 z*u_POEB$cUslZI0VlZpPZZE`G{t%KU-c|U}tFaYypKf1Hfg_A#rwIKixK}G3sj`?a zWJ-^H7b7}ULF(7g_Sd#?G~V<-egC65_#(|le)CO>bo+$#z==Sf{@9pjY-;}gc$v!i z*SPDyUj1?L*(PpUa1e@72bFFkM(?oV_(MASB_q*ksO2^&5yd@Ax-@B7h;F$Bd}~I3 z7oPr)Gwa_l+U@>50%Y2k-{Z>vLge2d*rsL{NpNJ#0{;07nh^G`A*>Cbl290(5{2g% zA)r~itW=v8FQ*p5VO}g-iY`{g=?Gpisb0OkgWNa_#@PB)pIS;}2{yG0wtu5Z>Msw$ zVpB_MgY*dTpV@EzR_wdj3gX1;#jq)i(&JQs1B7kby*}I3M2|@RvvW z^V|MKD$2hm82*1LklD+l@J>JpKhD*gwnrpN>cUPnYm7 z$o@Tv1p&Gs!}xV=_S?&hxzBIVhYW&^e~XNJIC~4!+yXz4uS)4xMf{Zp>NxlLMVb7J z3RZ{zLY%kPqBCT+>_hx}FbZ6_5W`b5vrCZ6f3BW5G`OvzMUwXOaJAb^0^B|4y;5s(fWXA4{QvB5D7j zC?aIc8eVB3a7wj9NO=Aa#bW$J%zrcSN{msZKMDRBQe@>+lITGHr$l1@vyA_J@eGb_ zv&Oi|u-ZTA4G>5&g~{aVkoZpN#~FNr)?xN39r zG`bVM-n_^UIg|=3Dk{n^_!-@G^Mv&p%To$rX-=DE8tkh$w9yfQiO zul{R04@Yj%U9ae~vvW=uZh_*Vo%IuLS*g^jdl&vrnnl|9Bae98azk8D{YtT~FJF-t zecb(loV{1J5tn2cjgxq3D#cl;ozhMdpi-%a!^kt@%G!8GWk&MiTMkuHjE|SP%hLTX z?cPswTCf`U7sZA`_usvl%~cY{U-MhBeGrjg=x(mKKd`5syd=Txi}zt14R6eo1nXsC z)kJXc2j&IBQy)GJCt4{xW%(^GB|Ws8p@s7Ys8uskt)+bGXL{sW*P)rw1FxQb9XWH5 zRoJ|XYES=o(8Zzq(nuL(QJY!vCUl5SVk3u-C1-DZVtb=;q|`}sNs$~Op*^4cLhk61 z@1S&9+vEP(XoXVFsP?TiYGM4Ov9*xAM_KJWr_W0Q zOd{r2xONy_no$E@YJ8Wx^R84tb~T+k?URLo0mW4Uq~M+?=N^l2UY%>w#8aw`nLxqZ z0h55z_1vfF&vA09MrSEKwRHG1cn>D*zn*!H;^6kWbl$>Z!A|~ zj`iF0>sMEu$`(CKZ<}f3ZvkxDHcV3lFVgZsYIwO;xuUnW|662G)9ljeXo7TcepURD z_{-0A-R|G6%BVKut6p!15W~`ye&P@2W;Q?fPbQ1hWy(0H67%mo-D}j+Wmujc`<4rQ z=?Sd(EV*1}mv|B#membp$A6Qc_^EYINb<2RUu)S!6$a->!2U$(bHUx$J~OpvYWa6D z-s;jvCORtnQ{xB)jh4L1gPCrPsWE*5%&xO+Y0{A^JJ_)SBdFP@oA>)f)E&vP&(_ZF zPq8+2C!z|SOCA*0(zd!zd>~Sr8d8Sfyt?*OcNP6QFV&WF#N9$Q~EpXzuNe{L2vWJ|OBXClv zr*qI*w|$9iE<*yp;84eh*c5B#wRRLJLy#XKw@C^C6bfYMwLgRXv67p?CMbUgpk*qtTj*Rd2n{G zen}Tb8Xb-0Gd-oR*zUQ3L?{ntEfjSWp5%1Fg#=)hU~HuX{fL*M(~s$p!_MOxrs&BM zUqTe`LGwNq-O<;~`xPW&I;#yM-1Xot_#yu(O0*tEfr4&zJ#S4lgDv15%Tl0Ly5X0; zpg20!dbgbJjX1X}8;B*PrN&e+-pJA#r^GYM`?`x&Wo+`s*R2@Sa9;7%JIPT4dwQhc13*SB(q)wm44+Wyi z&59eI92a$LxJQ^hHJZ*%6G|0-qY=!H-ejKqjn^=G`1(At9If^oFWoiM!T(%UO|D_# z!2^>n#ch+8$Q@5d#^kJv)0qK02S$ziqs7-Hq?R-)A>*)OVBDj%)IF~rXh zLJ`7PU}7?f!?_%%GWgcaz}q2TZV_L6d0(W4zgWyNY-F3!s5IQ_TeRlxdIDJIgr@S9 z{u=m=zTM*Mv1WeRCdI?1Z*lA7>wQtWHJIa-ZD~CyOP}Mg{P#(7?GB%S3O?*}+yYNB z>qCFYE_^bQQ~5yp^Shr{} zHsI0Y_r#UN0a`@#vk#9WohM80BooMyo4>jR^ekUX)v$$g$P(!U5CO8p0(ZXLTxvQ} zBoR}ElbK|M2YlUFZ>eVe0;goZIi4>_fs+-vCje-{Y%Q))sg8~Fd94(ytYE4JqqV(J zB^;sWUsT=aGZ!^I(qFc?yZ6}KU7X~q-`banNJJBLZfbt&@dTWWQ7z%|G>fUgCm4ulfsRe?srW{GX!NCwC2*NI?0ll`PX=NVFz?^*S+h z%&cUH>YLM-bx@U@dwA8jKoDSTSduMuWoR7#o`&?>>#pRb%&Yi`kJIdRq}~#iXzT=G zQ+#R3oBV=~Bzv*8+v0^96-KvOD5H-dYkN^SY`qw45G=j2?KZV%y|w1{Er7c9}> zLN`uUx%l&<>!Kem}VLM4e%K5#jIntzNj)AQqgRRv>9<+$#d4JxI&eo%9=9q!} zsLnHqLXD~W%5Jt2q3+c}DHANY3Rw^Cb&EsYtM%if)4tLacz4gS(S4r>#F0*?^IDMY z@dX*)re#7Ve5x_tvntI#pg2E?J}=xMf+_2ZbMC5@vIE$#KJ0Q+7`C zxiCcI%wJAgn(8{$B#BtLmeq9HPj!hu;1)#~!nB_b@>hIMLGAjo#CY|j+Ixv`a(VE> zxJRUf`n{Tp$b0-t)Uz%|-tFCo;TmY?9xwNrz@Fq&GLLw(*}-1kBVm;?0d8-BS`Z%c28F- zRL0#5A0)4r9cdT~ePK%m^X4Y+*02I-fHU+$(|`5gQVq_J;u5gur1#E_me|ptr?%pI zH6_i+q4L@|P1a8F>y(u3d)qQ9G3h&}oIY%Ils;!WTDc@D-lKHc2H5A#M6+-9?`;Ye z50Sm&r3G8o&7Fv7ef)Y0^sbStsd41TZhybQDKs(YUA5mk%?xw}cg2~!`@$Gt1mb_ZY6KSg=$+HT5#ogEog^QY}NsPjEdg(mJQ?xbe~ z(pdI<6kFS+8}RK+em3tpd!+aL`M^*pZs6kxTS);MFY@NiVII$VAIYlV;P>`vY0a>$ zY084coGR}x?5mUtiZ|!;{-n?Qzcj92XTMhAQ0o6Ml2RPAPi<#M6cH~Y*Zz%0 zzxeSp+4_5*8A|U3KNr@G*sU(aUG`S^!mQ$rx;=8(Y$BlaBX;Erdic`(#Oz56tDN!d ziZ974w%HD~AHmn;`|yl1P330~%m&l5wy%Cdt)l}^b8{Zgad@d11fNEUD-G6!CoCF8 z+yc_JHmDSYRLQlF(0i5wB9-HW#likK?bDJ+*%5rvb?))fes(PjVj2%{8W#-Z_O;`+ z4!JEgzyvMxSQ4y`T0eYE2E)7`(>xq-eC-(i#{RA=5Dnf{9D8Y#%MtR>Y&5~ph{I<> zncgYXKK0bB!m}AiajhrnJ6$d=sCG!o%C^EJY+wR6{vBB{8qYgQ5t8FMtRJ((iii|Jb~pZD;EG% zSV%5<-xz-k85)>Ex~XG01}lcrmakm27KYPi2Ff1O%94X)^kF2Kf;*%oUTwzDUdfwP zW4OQ;Lg@t|lAXIaXv3aGdvwMwo=-3Rm4bCoXhZ3lA(wcylOmZK0e*PnyO0+@eBcCr zqqNVLQC^oD4!N_Eba~NT4TPU9NQt#M@{ndMavkC~z6)Gfls0=2^cYIg7IS|i>hK#s z(Zo+w=(_F&J@+P9pWGS(UJUG#3 z<@Ej>PG>i@!4K_+giZ~O{h14++Q?o6GM(NzRfF#kN_@aiZwbb=LC?CpCn(+GM{6zr zGN<^f)H_k>_I}FmH+DDIH%q{GKIGaYpWM$+L`Ux4;&a z=<${xjXo+kP9hAwTK2yERGRb9^&N%SGA_b6KiXMZ`7_FlG*rx zO6c!oixtYioS#RMruv~cJ}Q(^@C@A{Nc@o5L}m>}U3f0=h-<)epO}WsDY{F*%-*Ba zb0KsK*Y0e;^-7}_18E|@fOX8;63%^~rT*$bsb=kKnxr@-NsAS>oYpQgYiy$rI}~9E z<=N}zbP6>F!4MV*y1j+tWOH&xfR24{`es>Z4!2RRTI%hqAIL(gE;4eiADzxlNX4*gv12bn(@4_r38J!?lGQlSjiGBXGNI$is(>FHM6Fsd zj~7<)3!;h4tnEOY=L&U|>WJZGe4% zj1@S8r!6%yv<%?5h9*`{mRrqOdlYn9N>vL z=ZQrCr#1-)7@Klz7gh5{x~(B*wKN~|JDme_;`$xNf##l|m4zKv-3;x^WxFC)Uwey| zPJh$Fk$TjcKRRp;JEO+8cJ4#q6?)zRn3qF5?PuNwPXo#`9xqzflE5(8GIa4oQLKD) zf?Qd%w}77|B*-~oxbVjPrUm?kp4on~O(Tt0y}oMGgY4g;wO#V8?DgWNyon_&UI`#g z=bL}-lVNj&??A<}MN<(Rndr@kn@iWC*O;sg1*u1GzDh(g4GZ;UW->QqZ}g%@;uND} z7eD||uf*j>Pw^*t+-I@+A+p)`e})wv+xDUpg>rbMAowqneqL#@@E#ZqUK4<7VGTqf zEE1oj)o^o-9HK~0K`=7;A877WhU5#d@f^oO$wI;jHW$1gH?PMoN%T`k2}j^rgATOx z=wO=9dN_f!;B3yQ6dpA0K65DvThp4Wn2nQR>Od7-RX)VJsm;qOR)i(!Z2#&}VsGNj z#>_kp@)wNlc#0|@+ls8GR-WV17A9bG5dSg&V3?l@cy>OEkH=t23FBhmpl&U*^dFF; zjQFt+K^2swbszLP#h{g5lp`1==zn4B_F+bbri(GHOW1W3Iit6_o)K~GU(vYVsuSc8 z#qt<~v9fVrdm`unHqAeM{`zpnVu~jeAaIcZ6BoDwepwCkbqtSVzW@!Spo!xuK0wCO$y!jJ@q34^?m?$*Thas)*XccDt zEMJpl7`Kd^kgKy`m<9Pp+bIvM8Q}Ks7Q#B8qkqYE;lF)NJe~o!m8iXMs>`=p%l0Y8`P-le@xO;lgt-o1hPrJV&;bgUdf0 z%k4Q{K)nMfiWw95vm2&;Pzs@-?6iE3I(w$lrwj--w-$s@6u6G1j=z@1a;gh}TL3Me zXRr^o?dkl!QO1`Q0ghd|BoG2YAZDW%UH_2H61%#bc(~~x9QRoy25JWX399ZIrUT&L zn;)^`!Qui<_WHRXwLQ5Dyr$$@020F00WR>>EImj>Gc8Gu#L>myk1}ZkedcRh2e5&z z#&b>?geuC$)K$zzNBCZ3d5Lcz&Y(ATACUdpYH||TN3vS_&d0{&3vQq|{?2oVwZa?E ziw6)3gE$1NO3nqfx#vEl0BeNX;$e#MnN>T76Q5%<@1A!XBr(8B)q9&9Pcj?)Nrp^) zc&Y(Nl3_h$1uUS8OuJ9E2ynpb$sypCEtPiu(My)ksn z#G#_;xwGU1BAY%bK87a05fIbC>!VH?B?#lZ*JF?mc`N_6;WDAY7Dm8{!O%|2PY-hg zj?llq2VtxxLiLxQ;AUQW4-WgGN4f)i-X5%0*rua=oVq(~m!z)(hpAW=vqj5Y9w$q` z2EboJBD-tf26k7A)t((ApgigmANfgyCZ*Xujf8KE(fCi;#TTXrjd9%3PEq|9cvwXM zhGLK#mLeQoaxSWzUMwR|io^95@a|$zYnHxz(4g5Kzi&vlV9bt_@xD7W0LtK42iJCe zu#3BhCXSG1S9>}li=a_qm6qHyL0Nnx3T``oUd*F76bf52 zp+15p-KYm5EQ-$pOEOf%(hr8A?RODs8?3%nzUNj*$%Ye(oc>3OHprELUq-LUz#l6C zhftH)tPx`ezY5p^(&V*$$sX~C=S-wvgZ$+r9D;7f9is?Hybn65zvq!UF#qDGP)gI6 z?{@#Uz^UqZZ2I+()4#{UE)CIrRlh!_i4r0}-y=n{;GWyRyl|-O^R-8sgj<8(N}r&; zTDT(rf8>qnRf$4%wPvZkp0jmeNEo@t>9Ovpg(UE%wsFk( zeT7)tkEsHa-ZYq;PTgMDj#&un*3Va+sT+O@dF7z4Z%({K;QSCbl{-9p`C^Rf4KdI4 zN_oE4bqZ$Wb)A{xa8+dCMLiObF_7UY6DGEmyHiAgg}yr})EK%HHDY5auK`@3CcK@YVfPnzmU!wfciV=GKIz*u2no&JJ}VuE88dubrY!{Z}7OErdSwf|+9xlGmgHJW{Evl9%D4)iR8p^gIIOo<VDJ~aMKI3h*!puJ?Za~+1OHNu5u~S%PwpUM4hRiuFEtKBO@_bJqQfo17*vI|sZ}lS`wjxoerXwY z7ir__LhaYQ@9Xw4Gs`VT@az=bxWrwQvL#ZB{&j0w)9GgWoYr#we>M+$fXD#V8uxVE z(_!}(aCrppU32yg7LKgC%(Tv^yao0QJ%3KVYdT&plknIc`mYMy0;2~{$mhJxo7Vpu z_LV!@Ggn`7Y0eUGPA9K0#_-x~w6oqa?Amz=exRv5m1^SyYYXj45VD1hihsy$jZKcl zpFI?~u?W6&o)gX=quuW{x`6=EI>K6{|Gut5<(5K5U z-a%YOyK)LSWvn}G^rJATvSZ`jOAY%BS3??kF@bwyL4hraU@mi7=kd+(;=mcui>b zrRdR$$4#!$a@p>RzvFO^0Yezz>F=kw6W<>{i*jBbSh-jow%a{LPSWllU(p ziF5Xca;8o@$ppl83aZKZxcwUMxH1Y@8`zPQ>c}N%W;ZlGEN<_SFQ{fn9eTNKz-BP0 zBFW1qZ6HHwR#4zgtNeuD^wD-2A)~~ogx*%gn9dEj2L?{xQ8A|GedO-he6~J=@ytI5 zL=8!MAWPXw~`subQv1xA6{kN3ZG;``2IOQXg0{QLA^p~;w z@et_OXVisN%;%l9_AzgM(x~!L8R@{{iXR%SLz#KHh&14A{X7M8Y$4ub>>ma)lo*f( zQwFKqK`g5&MgDJ}7NKhqr0lja^!hTUJgK|O6Q#>OEc{9Lvb#2Kj^>R^@-1L!)~E11 zGxF$ZTuErYHF~~f#|j*AepV<0(%^I$@6o|TwbFXfUm_bJ2GNqSN^eY=demFyQo?+w zm8qsY4jLP^N-IcW{faSI=d^&GqHX5_kJLHZ4whr#ri8}{xVyx^?)TxBmJ?ma+EyKf zKN!*VdxEHod14bdZn1E#GX5!yC?{Xyc#w;Y3`j*$AC;w`$(^iM!q;tiZy$WfddT22 zo@p;2Ij|DpMH8Px$yNn3B<*(30NAaf<`K)&~8Gy1j>AzPvbYrqB$)1{ih|34$1{nWuWgGgeZoqJNf`=q$z&pT2-T_Aldwm z5%8U4cze=yADMgm!wRtb$kYT1zXh(KL6}6WYFRS>1;F<*>+<8MZt-U8Io(XdxBmK# zFS{Lt{>a6p&Cbl_9LWTgMg%HjVQ;&y38XU$noTdi)7#~YD2?fPjNJlF zGTOL>VXqMrg3Ja=ds-7rl+rm(Nx@ zTz-P37eSatQ(&YMUWO%N9@^Yo#aMc|FapN^B#`!FUVS(S7)$maz4@DJ@GmXhzdsnr zF_7((AhMTJKv3P-Y#`%ucL@#Qp3V6Q?0wA z3?L@bB23|BzcSsM%U4k+y0Zl5-S~3U^(OIPK+$lMhf$hfR<|k^7IVYYr~RY*ol8PZ;!*mT)I2n zCvPg^o2_wD-TZUjH2=bM0B0=5_RPJ#;ivjHe8x(Lo`|my3@w9<%DBaDW6b6}rqezP zYmWD~z=oe~`9ckuMmU1YPrF9z=UPIhMkJ1}utQR>o$mt8*@5T;ma^%OnFvi;tr)#1 zvuYFvzB0K`=UO)>9Ug+CEv~IyLl5jH99j10A+?mclSnJ=>q$4MZ>OFA?aQ{*9g(4fQFs<&s>u0~(g7IsnlhJ=F_6@|%&*_ZYk`;Nn)7*;l|SmWKZy@G^zUg2 z%Uis`a;S!&-ua3_ZF&oQzIY#PVPmcwA3`WevZ_E&pI-Wz8f!o;kFmo0Ssf(M5O&90 zYXYWo=$=*R<~to(2#0ZHDsGeBsNtr7F(^K&DA{UUgm1{op9|ObO8Z-4@bi#*zwK6} z_va3I(Ubi&YQ2hGBPa2@v7levv9pl&yCyqA7nx@|fkICVAC3^u0v?z|r(E|xS*sni z@$UCrMd5omHqiF-c$|z%fL+neH6y@SIGO4)B?2_&!jXxEbN+&pghW%MsF`m?NJD(d zruz>dtM^%~e22EB%8ZI{d^tRP%~R*@A*|V%RhI{+4%nyTxaz%HFH=bvaT5fs0(;*? z#lTpAkB9rgbyxz!l$+KTR7(X3^z$8gH%{S&=O}4MQT6T15fD?uXz^pd{7y}A^dOMc z^d)_&gsD5^mHNm1Zs%iwnuo^Wy*&IGix2aSEBL6n)m3`$s~6XA}B=y?M)|6zS_~tcQ*(QGS<5PEWBm>fp&>5fS0gic)s)k&Z!m-^SCG?0+AhKWuV*1q$K@D5P3*I$|ut;Lh1%8@E8( z(zaQJ>cY&`{2jO-L5MoOD9g3)aq}&(L2G|(P4Hx?(5RlzTEl|VYLG0uJ|9oWUj@Y) zn?5(>AEtU#+!)zuMSsZm}!${4!>RwdsZrf^JFUFH+u@N!Y>_8WB}CG0IhiZZnO&7JjM z{5kQ3=XlXH$pjb2&^H3^z36PMsH;KuF#tF(!_smPC5sU_5ioT;r6}p9SQu(&GdkU($ zLXWJq!^6n9-e#$tu3(%A-=EqU$?=>);Jgs%o&ajK+(eOwqS)0kYVzXf8 z>n>)VefsQTxxB~U>pt4P@4?;jzcwY&VBE@Fezfs2EsVcretEI3*-Yf82R6ph;T@q|4!83f#BqnAKn9367;^ z#uem<1>$&sU2ObRWv;HVb#@iOu>s6mK$x8G{(>v!qN0CUO@589@W!g_)7USxUWw<{ zac?4<2h=btZs^432kt$^qvmH>n2=nltgu}g5@FW6dAr+ zptP>nvj6b273MHSg{d}w5aY3GRgL)WexR8es|VRHbMU0tq$f$BQtEPi_K?w%5RJ<4 zdPbD?cX~--cw}_RpEsn>+xoN6{}M}tUUz9Q)yJ9ncE92 zSOD>sR^4mQYok%4e+2qvr0eXT&OaZ%a%?h6``;Uoth_kBXw7Z;51^%q5gmH=jQc8gKC2yyz)Ot^DJ~T#E4=Opsze zNDn-etUCEP&25cqA|&%#TW{)psgZT6tD~zi31~R2u8wfQpMzlM-i!`5C#cfKX6^CgZ>9Z)h+X#x zj9j#8L{EchY>*lqifTM_$Q!ju1%pwsb$Q2+S)%eLigH{LBg@z0rTb~l@wzB|HY0Dp z_z6#Z1pA#oU7K@mSfJqTe}sP->deh35curLT+^;glP)m54Aui1TcPgu+Ow5uY9dD7 z5|y)tvb`1A?l-#5@nffm(pp1mG2)fnG`}j_g_)b_>BtoH8yc;M76x)Smq^Ucmg;Lo^Y5ifbsJYMis ztE4*jN{_?k0xYWzte8!m{qmUG)W$1yKB*Bk_lo*6QObS7_kyTFu_sbT*9FXA8=&R1Qu@mcDw?Yt4H6dNvWD8mhL)Hprd5B$?oKEwkw4ID$o9e=#)xI4#&vaJ^-=^s zu|VoZ57s?Wq{;UTF>_ZN2h7$thjD#7f8*Y_XjEb0khZkY1My%v4q0ve_oQkw9~dYT zsad^(tYM&VkO>YC#`{WbbPg|a{kt6garmEIJE|TxYt^3iJe-c0L(w2X8PI#4;3WqT zMP{GYQ)L3fqE-$0k#2sNj*uKoFj(j<#r`6AWH@fH*1dg|B$)6e>Vky6bi*}?B62p= zDaWTDi-r#f*R~WDmb{NaKQdCWbkYIq&^JM~2+d65f2$T&$h=Iz!tEWv%S4BBr{g`^ zkqM9qDJk@VD*2u{t(-wEsiZa$VG4)ck-Td{9d@U`={w<7B;#sst8;R#BQqR zYHzoS1@4qVlW4s%Mivgy^cX!flM;H$Z}-#+@yKVQ1{iL5s65j7R5+ExpU9cz#uE~z zaEG|>78u^K_YL`v{I+E!tgun9VE;W>tJde#xV5J<{WpP{(ic+9}$NcIh|S`q*8K2^%D5IxHt; z%^XxA{MwmZaMbRpxp4}Uw0k?BP!n9licWEPIMaR|^|5EK-d6-TI2HMykwOZcpf(&z zH+RgTT#{7ihe+4Dcct%iY`jX1+>Xdg`R}5~@@DGUd0HHZ`JUg<{>gxTFuhdSX&yX; z^Nvzn(B1lfOz=NWIUFn3B(@vRp=^vqh%2&UVw4*&?_-ZE_nFqV$!DkY#FaMEby|?P zsBI&n&Y_7Bk#|E{^ed7xtW+^*^mF{-Mi|d|TrnRlP>8)iyzPRP1g(uG!c!^Wp2LRz z^(}nd3U@WE6mo-osLoTI`|8w%_ zVCT3sxC+N|mu6RIWRd+nG~6$Cq=qrVN#J(Vt~l{lb|f@Df-;|@5S#Jbj8E@8&L9s`6#*` z99^@#S{9n`K;sjuHEsY~P-ruAplz6$k|ush7AL`8B7#^-bX4_hLIU}+3Cd0J$)nzF zjg5R?{9w%r3JVv+MFlZIUwR04kc%t&6>fC_ctQk9hQozw6_~jC=*2_*#FyDOzDFyF zFS-4We3M!GZmU-dM*m@C|LXwn8_&?%7rU_9yZ_^v8*+fZN};}a7tL_dWOgzH`6({&6RJuQh6pHDk;%=Nx-3ZkBE~031b#0t5hoK!7~_54gDo@TFa> z&E2f6s2dB`Fy#IS~;RD-|unT_$EG5=u5sHbzc*MkdDZNP?_;071 zJ^&XDfdQc$5rhjM;DQiwK{o>c82|zh5aCt$Ga(`&Aftd#;Y?C^-Tp{_GC>H4@S5DL z0GNpIj5vrm006p3c>AXS03xA+(*h&C8xXi9q>>o_WPvs}!8-il-vm^~3zvqx*Jrckop1uupdP4%Ug1~GzpiJk`7Xt=Auq|EMKm*+PoSewalvt z5}=xzT9-i7F=8A?z~|w#D}QKarc7G9o%%yo=HeMb1_>U?h;?;)(0Opw4AK1@J54^-b5-OwjBjtc!*x%g|@nt++-Jgl% z{~hx;4Kai_U@fQTHx3}Gkm!|mjJ7Wf8#J=fYra~CQwjM;svCb2{tnv2!p-Os3HUqKZyMr1*XK9qPXN@PN%gNEHi08h z=JY)i7d7kmn}ro9BA$yIK*afOx^VbA5dcIRm*rA#Sp&b6VtX5APGmeJDCA3}KAdFt z=`xI59--(G%`LwpcdMc$P2WVUf#kt$EZNkOPe5`P7|S1M?qqc zm3nPs6$w;&D_cle832eF+3qL?3j#taUQp6Ri#=Xo^LHEksO#Tdo!*3#&9(tOf5(G2 zlXN$D^^aC0>yA4h7b-;g^#1Q9e^If?rxCp$1ED556DRKTX_(QNTf(RO&p#q9z#T(-9GJbi4{GPdIwojxqnz}%W}phZH;gq!`B z;-9qvy$rh0Hr!cma~nLe4_Z@v^)mYl!zsiFo%EfS@q>j3Q4|7 z1JmroJxv)t+}4IzJ|iu2*kF#CP1c=Lyd&-+n`YMfL}FYbmEV5uXX$@G^X~vuY}-J% z8B6K?9rG7$VCknNv)myKlJ09M<~|y2c4TKt)htjSuU8T{pjvaRjI*q!b+KCrK$zr%qB@P40gqzsu0?# z%efjx`;wF(6P@!$nTPxjMaG@Gl7F&+*?H;ez#pTBFizqZ^^g1Ur++{_rSAW%ryeVy z#Ysoc08}a}f+U{nu>FJFFNARHXa9hAhMLItXOqLhP#Ff9V%bC&gnjk>fM0Tdy@PiH zepnx}%O588SKeP>@NWE1G0Q1{lLzP-2c(pL@eu*c-T)qem?YpACE)q5#_|UEknuDV zY%9G@d02?h;uMD3DH_%9Bm>oyI zsMBQ5YQQUCGHbJcsjQ~7lMjGHwD2tPmeqR#T09?M*=;5WS^e~jz@NS2%K1+v{VR%w z5%9BxdWbVE_9GHD_xEeq?j+$Q2YSM^1R&Yt@yEyE@yFvU0e{T~he06U9}Weif4oRS zI%_K<1M!y97e#@{x+0okc{TC{G+9Z>OL*Vs_^-1XkN=a_zoG~T8$TQ?Lc1AYro$cp zMm`4bT3UdN>i}k)EF1tJowWkLK@O_09nY87=b=HC>NWeN0NJJI&&>8OVm+6VV+z!x z$9rDmBuDNPGsq@c*-f+?7h;CL#9%;qF-IZ9RK;6d3Sro&v{#Uil2ddUK(S6LWDWSC z5dO@cc3GqP>k+^1NJtyMKmgEVeHzRgR{H5ZNdNngg!dsLBF`UxoMuo^U^<+}35*jX za{hq-$oSn%v8eaqUP)IBAbpCcZ%D2~yXf%bJC62vIbXQG_bXKpv{9ujJlV znfjMj|6AQ1LN$eOg=jTN5+?M74F)QDS{_kRQ6#E1GYia!KwOdtrU)kVeRQTxE|Ls% zu8d#igLAvLk5qaVJ{1J_{87fgzaVhG6|{tWpZosXL{42S2A|GB5gTy3$@qQ+0Fs37 z3t2=O%kK#0xZ3v{JfXExi);sBmxwu3U-0&sCj}8GiMfrjm z=z<4>UeIxh^2+qoS$S&F@vtS4z*T1NIA{5!u39Vb<-B)iD4i9U86nv$r{QE^OGq7g zsXVTRC5fJ~&t<$s5R(C;n~TI>3JZal0qB^w&=k}pzE=|z5hxMg2>_oO zARrJ^Jb=i9-$zUPV=yApQUO03?iRe#waCpMI}y;K+ZG zs%CMQ03zoK*P0&__ zA3lC}-s~@jT|4>BFJbed^IxqfZiV`_o)$Tte*S2_VC%6vf4=@`MpRtyU#${BCzLZ^ zogPtv7QDJ2x$azuQkS4?e31CB%LwP#$8r|?!#BO`H~pkf8Q7*03bvp zTs(Ya90D3TUMe05LT+_4YECX%6h8Py7!581LPoeoQ&zYEW~``01M7&hJZN$KUKfm9 zV(txMk>n0grup6W;W1)}-PBKvu2;Lr6HVyf)en_FGO)Wduxan*`E*i!WRy@*UJ4eb zTmF)VY{dG)!T-V?y0zcMKhTh;jjdXE1AI;KVpW26jk$D^4O);9AssGfzrQAt2d*wc z)^R0#>ppim3`7>M$@)!>A0beQr|~hLlBX0TisND9l^BN{^lhDOuXL+9*KaQFe!!GO z`&wtWskcR{GazWW^O0&Rv{PNA?-p+YQW&`;*;kzv$xtrFipB7iVubZj36!gyNFjV4 z9uF>j2^z#JgDmU9Y1<}4HlirmzXJphCT;-n^r+9coXtLgJlB%fy;t4ivftQ-hTZeB z?JNf(MoBDNdFzKhbK@&?dRV8dyso|V?Y+EnirxzT)zfb(XCx2u@^IV3PU`(e4uS^= zp(#K(FdweWGECO2pAI1&D68HFJ0JUZW2Hi^{OkPf8Pm(I^(iu12rc#5O=nL4; zZIz@9@%|g68@K_?MH-I|ZH$DM7baWW8>@3b_ttxO>UnN})LYAExZ&)!Nh0`9ydK;D zr4BuxA*&Yb1ImoMgmxvqZB24^;}SP z&ftLX7}qBnPb_tPGA)1ay>RD!abUFr+X~o;*s?E_WN%A zFD01I44>wbP_Jq2Z|Q7TRNAY)G%f09yxyh=VoxauQ+rHQ223WaWJKKWJLH?nsl&0_s;G#Ew#TYxa^+n_8Cf=*b3-~kqo-mh?G`x7(_^Q zVCHbfT#NO*7Kv}?K!?_@)b`M?ld?=)s|HtXu2MqtjIfCZWUPh33R<_sL=3K1=i-3xSsUmqT=o-B{q9319x zw8E9BX&|7RCvU}6EA-E<84z1W4xU5P^6d6fOE*oUvek9db8{+67+Dnr)mRrG{5JsG z>S{*$%MU^0acF_9YMJB5JY#mDe$uH1JJEZz;g&*dWNJ+0t}mH1;)}x~arW_+TC}8G zR4fyFW$F9ObG^189!TXQBb3t*pDi7TE`0IfVQ6F*Dvr@)Qlu=rROTLo4kTeLW%}RK z3f^m_@G+H9-M>$bXUyetEd7F} zZ>E=ERPlIp9AOein$)&8NfLutFBpG5aGQAw{|aebYJ*)A=fp|6aR@u8lj<%eJVoXlL`)4|-z3NpL&PCPP4Uvy$Ae?Y@>|@Y zG-y4vl=+8})MH58&(Io!&Cnbq*jRB!ZvfS&WyFp{By%RbW_?@i!GM-DJ}27KUq!u$ zGd_RPK{@u}z_jH5+(*nJ{Swa0Vh^@_|Os3;2iBvqx&|r2?6;b^({`({8sc4-d-^Jw!rE3UWF$; zJWJX{_`oCHgp@XjMkC4C`Om)Z4x=iqU=d?1j>s%%x<~%OLRe;@Vun%Gw!}eeCcZ4R zahQ&<)I2t!PL8mkVnb2UzEOcSxp?L^Juio*0hl?g{S7;L#I~8RfTE&Ij@yKi_#ur!54xv+* z4RdM>CVcwn)lC^HWy-rL{_uxCTp4~fms;FRU%{qeucT?1_-`V%=l^DgzdVEi6`HN| zyVBxEACS{+Ldl%QwU#2037#@OuIG`$O?~&ex{teZb{NX>=E0NL)gNQB=?19FGDm5U zn>+XAt}+iLV`EZD_l{ZI({bp0soM@&y@yCbTX+XGrZY*)(JCsqLp`3Nx-hMRAW^Ss zO!Lt{YHDQpk0s{erFV<>?mrAW`KJHPUjZNZvfOeZ1S-A^V!*Yq@nCrTuFdgfRqJQebjR<&Z+&Mv9DiO1tm4yYYU?6C8ArfL3^h*K*c)b2G8 zr(5d;_LX^~WO!xO0;b}ukcwy{;sWg++Gg&cO`Da+*J?&=^)P_F@&8aXgUrAJQbtgijO7i)pWU)ME!O|l9R2H)} zCekNVXXSJNYo1J@W&|u^>_V|mYs)~J`mWuwo^KH~@i1y8)r;XxR91Os!jO%H!FE00 zAlp6~OHwwao_2CU31NRst--e4UanB=vW(6fCQMTwE!l@&)($-%D0N~CbEmYa6XhM$ zLGb7k52H5RC&5sDRW2%?`WGStY*)!)Ts@#XUbq~k#(^uy$|2$%ka8kh= zfap)-SNr_gh%I%@x?%Z2%YP0?hA-N}{&ZXZAD1Em%nlITHWOW#U^tVX1$*90Fta!* zYOI7x=ar+Py#j7`nPfZ4NMrW$@D+&=)inDM(Gydn+eo??X!)(Qu6UZaKsA;Uc7q1W zpk2?s99F%G9jxe)i{kU^nO3g(|Fp6C&#M_L!mzu3c=g5?UJ3m>?|8YJGYT7N%G5VK z4~U0#BcwL9SMuliQx!usUYcsArnrVGHCxr4d^*kE2`DSPqrht-*62c$S~V4~+N@wE z%%wsaTXo#4ss8}e!z;hmGBiah)H^=ee^~AFulZ*7s!O*@r*huD*|7RQ2*5jP^Dm}@ zVo5A*&lL5x)+XoKOI|0`45F^hl#&axoKn|zfbv50t&oozrz8OpZH~NQSP~f-k%Ec~ zu}T?g+9ShM$#D9FLhu*rI$0LX8z8~*$m7Ry`AOMTo}6ZMNfleJ{2da(;v&ifUd;?i zo!C|84+QRS<1lqR2Ow&~$4P3=mu*(?UzR}GrVN4oaC1b;HPWHHU20trNwd4Jj>&hB zHRphfKgOpL>b<1PR2R}l$0Da6p+-z-nof$on5CJKk$!qt509CHJP~=KjK%4pt8_;N zC1Lu+fhu3y6w-J>kf~5XkRqqu!1TRZejfgE%%0h8Iu2U%D50yk|+rf(!7sxIj^l!1LmSzIFN_Qi{I*@&E_jP;g@mWkHs zMlL^@?>^S_Jmv;~?^&L}o^%&g;>QSpn=M4NhER7f2ki&SaMk!Sv7LL-mj#PbJ)li~ zdg}cXmhycLcnv#(xjqp5DIMA%+s~==VnyhaM&Rie{d^gPYHXz>s`@r0B|M>CJKE8) z!o3x87J3?LTmo{p@8rFL@!N6{>Uj4?7}_wErJ8vU_->N(EWu9XEgzboOyq~Yr3^Zb z7}VuNOq_$csE7;DKV`g?NI95y^!ad|t9uK+rEHFC{S@K}!t#`DBG2)(g5ui1cM}lI zwq9PG`t*o!yJ9 z3s#m$F;e0c-B7MX!J@d%0K8x)S)3S8*+|BbOyZ1mgGhavl$}r}Ey?$mL5wdP`d9%f zdQ2HCVs7RsoR2|J=%b$nd-lEYp^vd8jf2{eUBEkpFIeLBsA~SNqVmelpMUNp=e)m+ zf8UV4NxA`YavuCO?DSwi>hcCaTG#t+3G1!2E~hOX6s-i4lQ)3IWIw~vIQ|irGF}BM zuN8Mx^)OkiMLOLD$?YpmBcP4HD)EGR8@-T=3@6>-z}+Dj%8d%W0lM<8Wkuv$31$$V zZ>MouWA?K=wz?|L36e-wrq2kvOKtN8+a%292EcHhkBIP+&Q&uSB}NYji8gUT!FIxX z|JUL)w_0(%L8$Rj0uj_j2a*uv>BN{$#>$d2Oz49J8jx%)zOWI%XmOjSK?5xb*zU?v z*Hun=2UF6B(wwakcU2n&zw%?2?U!6gjF=~D8n~+506w=bt8gI&Jre|0&e4+?~Y`+~#mbt$X6KTP+NLd`Fh z#ciU|2ax>HpVvJ5BRFv0X4o*F3Tw8mVl%KG)BTQ+ea-zDIG{U{Kz^fZYHj`VqVWQc z`)8ldD7=o^zX9H?UJm|P{@nm2AN8uWg{{;qz7CRC-2hqVV?Wj_H-J*;r-Z>hl`Nvz zp4#h2d+a~eGZ+$CCiORTim?2=bRa7f=C~JHG`}h$YV|KSOj-SK=cE=M^S*}*4{?K# zkT6gIj2}nA;D@_#sqwfZ%@J{EH1G+iESv)q3VNrHk>F>#G|lR1IeDbjom>LqH$Ue8 z5d(*Z%Edw7jD0PG`*JeSzSXFn>y3Nkt93lC;CH+`tDUdGZ*1B%rr1)zU;O?)id8D?;B`h>-)Nnh$Yr-(=tDCoVciswW>OSBE7#4n!l3xQ!DT#vrT z({aZ~3(t2j-8caC~Yi{aFT zJb}%vCQctEkKWIV%Y?o_Pi{;|o`@ILl0}h4f>%d{M zKi53J5!Wf@eq2t)M%npNzjQh&FB5LR2d7dch|h4;zd-EK2__I}pRk1C;-1yL-y63%|%Rt~k z)YTVS)xMe|{bBl{>bD;?tPDm($djHw=uE1;TXbB%GguBnqjID6%vrO=$b3{ucEZ#k zp~8JP(JildQ@Er1Kv){}qNq!d>{boaOIJ4Z)iram_m274?@yX$u^()1X}x}T$Bj`$ zVKpsiTG)!xB(JvXel0u1`#4q?r&jL-SqRd4-E!v5$1~P#>fNwwfD2`W@n(dWxAp}* zB}D@AsfJoM+W0Z?4ap!kz}-)oWKc((wpy{(s>svTm46%Pegr-oA;pW~BXvNKC!6A? zC%d>@;40TK7Y);@w|HX4N14STrcW4LB%vxlO-d^zS5+dMSy=4dpirF1Pu=pwq7-vaJdbx88s)aPR)^@)d&>jNhq}NWbKR&4`y|DeTRULy?r8I-vr_|h z_Lwm6P<5DV6MbHed^ngk*0K+$s-ttNTB9>(yN_sdcD;&CqQ9EqK|-Q!C`ysRq)5>S z+znCL}nXE}GR+<9xM@Vmg58+dY zwQTxoE7;`}OlQrruX9ebQ^gcoTj{17B&CtVKFhd86VN-Yh*$jc7Zugyvlq|kXZ#kw zX)H@#^Y{3SJ|d1i1B$cFFn*L;^Q(eyvY8eO%bo0;`*hnfS4^Ium9DVQVMkwVd1JUR z0%xAE{PTC|ld3~h_%|E48u-A%6e0@rN7z?nSvY0^!?MDjEytg8E-> z6d7NA6Yfc!;#~rQKIZq${NYIvet6PLOJzG5rRahWd;$vhsZ`HHOAzLhM?b#_Rwv3N zIVAkBe4nlO0Mg{vW!J!YpS9GEQRf>$KN|s=vla;-A)88h^GCoH^({^0Iiyl~v=`4I z5(S5=D65<)S-E01GDUz|hDpbb%G?BO2lgMJi->Ecd`F`34itmOX}TWoUuPYv5w^Ct zk$I@=EHm_hPSza!42e0!A?FS87Q2DGod?1(t2GYJ zmg-ER-h_}M?~Uq~OFjGQy;74>$uZ$14t5PT-f;L>5-e&>BGpxrq2}NuWLdx~Nle4w zLoHm>oUUbaMJ-8^O(*qOUeG~pUtu9-S zaZ2+(-T=EIMY8_p7z%>Ss_*SM>3JpUo{(Lcg(yMl`zHi;j&6W?@UY!+N^#6{^k%9X zpaMJDBM;qBk<_MYfME{1e=EdnbAXMCfXU*eUJ&U=X_<=ryPAK=m2A|(<*6p+O@I}_Y`N~VgoIM#AvirHU$la6 zkz(E6n$Wp+1xx@_aWTHmc};&`5o|d`EdJJ#Fwu1Ly$m zq5tV8YUQt|?9pFd3ZF|w$#E{KKJW_4#3|8@+l^#HQwO~yn5v&}gAV7|PE=H04$CNh z|2Ap(L?r4I;`+oUcJsYy$lf}5_Dwu->{>sH>T`|W+{4|`i^_0K zH?A#T9ZNYQYj=5G^qBo`MZS5azl#i1-*`W)Y)_=oa=Ux@M zju(S-?tGHH7+8HD-mn%S>NUa4pv67(W|Gi=Cw9Shrq(ktNGXKD%o6XmbD1Hoo`0xmSs#7jp(bq}nWt*22 zx#xF#9_=KTa%7ztjxL=Mvj}0`@Em-UycnA? z!^@+acLlO`E|t(aq=C=0N^|7z&kOGI!rozOdrYk)h>erwEP(btn91fAqe@A(=q`Uk zSa#{`w^UxmgwmaTU?cn~n(gvElF8&#>xS@s(5u%tm4qfyl;MoCe8(YA9Hqk{L0ZAY zdVTHpl9rkJi=_y!a5OVwBuVEM6eA(HoA8r#iULRP^+r9LsMSH+p(r>eem`nK@6c~5vWJc~9I*Ole5oYsjXMX)AeK0^>(iP?n%}(#K zMYtG!+~G_O4>sTk+M=yhh}&9T%{-K2+@!8b+Vx9nck!*AdCabsa-q6Aa?-8vy8WKs zzDQE~o9X_eV=9R~KL+toY;oIHqt-654wzE+R=#2R@tIDVetzXVoAptAAA7y&{?UYM zHG-VQ4lFd#Wn_mekzw-Dzzt9=;`h>~*(#f1W|xGc{E=}H{TbF_veol~E|=)EIe{9D z#Ea0gudya^wwB6Qjqq7O76*P}1pW>MI{c*%_`4MFc>sg}AmZXtb0Oh#OHSj^@MyRs zBo_2i(V9C467a&;)AgL{Wh6(UadEUa_3Lg{L%jK-HbmZoqN@!E&8n$=)-cfPESKFM+o zPDdnQlWK_soyG_|`$Ttt-XmpiuyxOCV`GbJB&ix_s8*>B+awSvXG>A_8|Z%gWd3q) zlzzN~UEOY!!N{qaCpb&#;i}lm(BQb(qczA$Z$DI$aLM>`U) za5Y)l4o&}Sltt_EJ)840mu`(Ol8p2pg-lDvm)NYeiBQVMzD6B7`lZ^ z&kWr-e<8QAVPF5HA4oaZ7aluvICBbETvLUT?Y@vlu4seA`i+U3ANOy5j7+xrDsbvk zdGM)3Cp_?TYp?E8?H%p29vK3S0332ejTHS%S#8Rcp`58oL=Bg{Y${G;$-CWx8q9{7 zdIBtYqx56m%~cPlfh%#4p(Qcq=5ynQH;V*Fk7vV9y@^+Fn`mtzQ!xc(QvAV=X#WzW znz{jm_bJDM-Qsrpgyl{)DQM4~ViPXg@{of3sli2KYIaS}HGB_iTasOqq+uo?K>n_EAkRjqFrwA{0$@gM+ z!;5_%Uawksz4YMqVu9By1zxZJh=4e-&Y0f=f%0%=M2|x)c}UX7dxp=kB+H}C{Y=-z zf-cA1BDNwc%CC``S>`X<6xGrgsrR07zQ-YSi=fL6a2}ha^4-qhVwpGIsv6^26IOsU zA@Q<4-o{IkPrkXq|<>D}{ z2_Ad?hFHLu%ga?WaeUf|e3wFffypkjH1l5Gw+Ow_^pIgav}AWz4d@XMD4MR9!JT}X zlhAb?Z$U~$&#t4jq?Mg;Jy>%&1il_y0h{1s*Ep76bWB;ymmtAa>ddDos_T&#jL{9c zn`L&L2}zkS*rvaU;sECfOChImm2%PQg~;-Z4?MSA+cB?VJ0089H<(Nk`d}XrY?JCd znZ|#-WuOS2+r{S#vMou`MCC6{;L|i3w{xp*T1Spl#-`M(DieNRo*Kt))skUoqO#7o zK<`L5^XvwAT5Q{pYTV(f#B*A)fK20{pdbffD8N{eJRp`z1SfKf6!;le^T=lu8$vsb z8_~3ff{388r=t<&X}o>XmT|0kFrgGSuV-JvXONwcT=JSa_g$FYuX3aCnmjnmg7MD3 zv0F4%*9aGQ80234WEWJ7cck#lpXFB5KKk{1lGBG4f+uD2{-2w&$9c+3O6^xl*6g z2=g~p$UW0crqv${9oDm0vgwzl??=nWkHf6CFzDsn6yK(fWWIdN4u2-^ARd}c=Q_ii z3*ro>l~!dQIRRS3L9x-S`K!4sZgIiPEo<0#O=%XLOruzd=o}wm%EWsZy7W=gcwFPD zUr;@p;eu7F<`<=ie!=No+lZ>-UD3g@?c3v7Zv9+PJff#q)5U3`%P;V93_iwasdkO6 zjq9PFhdVGZKW{Z`8OzsFv_@y&T2b(`9Fsyg?!z;DP@aE{8If4*z^04nA!u_v$!p>p zLQkAE3r)T{*}0#_+E1@()t=te(odXf!>p9XL73XM{c%?=xg_!-$zU~&7e#t5RLQNH zKkQ|yb*2$4quRA#h@qu)1t|ZbTa;X|PGr1rwi-f3wK}S}&x7L^U)2Y4WU!2z(ed;{ z3twNQ+!+4Kb&cu&^fy4f*fw2cUm*XVNPyqnB8p=|t01)@ zE(PgtMNqZyLH642msoA|wG<;;L zcjSG2PrJe;djHfzomBS1`NX!S(?tnZT?2RmXh>?hjAN?8?E&yq1r zYh!5T7m<@2q!Jw#XpLa}x~osK6>~V&s=C^AaXMFw*~w>-n>C}s zE}Nxv3>-Jim)w!AOZo2J!Go^i&Bfbl62aNG%YFSsBbLr~{f29|ckF~&3SXvZ$h`

m=~KcB>U{$! z+_hXx`F5v!M&U;%eM^87$8JW6w;NnYKZeIK7sfxbL?5O><3pX*N9h($6X6PUKyCcU}_R zJmC)!GTmZLNgVsmeRr%ziceRirnFFE812kW5>r{;8$v}lMy4Ot(+9N}I-Iuc;_H-V zm|HV7O9*BTU$`9VM?Cc;b`>xuy)D}HehEi7`bninyshR|f$Z%C-gfp`yNU&jKD|-; zw{K6g(hYYTw%3E{Mg|iQbk1}$DPtb{b|tDx5qT~6&*PDnOHdY3o@d+6`}w?N^waOt zbii}V1P6w7M$CNRK})Z^6O>QM2v(xEVGeb8Sa5ER&Q>P=Y)0aiq_J+7h7jWH8jYz$ zUy-1Kh3{VaFou*#A1{#|EXHlHyw#1hfO~9D*{FxCRVKoF1%8&p2~`kHxL;S#s@4RP z_e@8Hq1vGa({NipmmU>XsUe#z_^5_UxG}n(>D_z)*ZH7&bD`B(v&ZUF^ITl6T|PZ6 z)==xiyTmi}u*1=V7cMA-_L{sA+;2=rag&=t!{VWD?VI{W7jn!9DVBVMrC=58?n*Dy zomF6U5mg-eLkbw@j7yjY4p;(4$yd6iPnl=;Og?f$pSSFjcA22)Y4W+$e94pP9b+jbb+VooCM{}0-7B2O5GyW zLm2iYuT>OU1?>w@Tk0km6HCggZEyQ>dfE0imQR8YX2Q6XxAiJgpdKqsM7$Z+EJluf zVBRKX6?qm68I6aNByzl2HMppV=1GC1>(@Cr z69&bwfwSdlzsuIbWd%Aj;BN(#*KlGkYrc-IG3=!RRQ-t^aCNt}Br`%W7}T+vWr=%u ztd(52+a2B+*|t`)*FQWg#F=Y5-Jl{xT&pCpZ^s`){znmSJG?0+C?u6z`;h3D?7-cDqG%2gfW3*(QvyX~oaks$U^wa&3s!KyY`zZt8vq%u*nJY&a+`0DuGb7vOxIjIZ6MvfJ_EdW+6|mkKk^s}_ zfwUl-EH6#J>Cq;Iw4hyPqbwh#JP)XKYt-L1!wxoo1K5@M>c5P=#6lhKRhp1C^ePRw z+WMrW>L;~7lcP>emB9-+>p6buqH>)y6>#rfHp<;K}yya%9 z1TwN!e|kUF*{x9nStp|On~KOuDD|;UHz6%{{UV+eY{(#G59uNCAWqPPfSv|hOx=*f zQ@O^>vU`;h(C1+{z|d>XkVHhB5l=I8T#M%-b-d!V2;b_jn2kOMgXg;*-VcwEFIa{m zJOn=`b(hfNO*crhnnheBZT54wODMSL;m*Sdnky)EizwDLkZXa(DDRUtTprBQO87Zf zX$~x8G31>4(Tm*atX(?$%&x?NzhX-kW2W-O`<+M2%4VaYF2kW?`d}^0-=dC&T0jhr@_dY(mTuvSJ0u#Wx4Q0rkE({ z%$T8^T~)$d3yUL@BFq%GSSh8d!S%kbV04?z5#m_pBI%@c*^~{bVo-Air{KvZsdhnC zi-Rd?H%G8tb+It4qG_nzTps_f+pO0+Qmf|qWf2^O7gN48HiF1@x=$SRGkhzo!^?zy znte_}STA>cQrxQpN|-#H>O@e$P<7V`>`SLc72X@bG?w>ToT~ zXEFccr250rt2k4`=#$u#&Z3e>@K8@HJk(}03x^cKov4!=?wrA)0v2_3OI~_m4B&Zs;>yWyL}6$ zo2tPfpvCC*w#h6Fm}XR)?@;ESM{W{3Zc<2XLHm|TPxx%Df_4)xh;?~VT_~T#*StMe zhx0KB#}==Zf?k^9wd33YY7LtmKWZWraq_Es;Nr8CAC77FdiU!54m6IJ{+nd#Ch6#? z4Ktzxy$SX_`L0erK?#jiQ;)8aj@Ppa`9zMI>WqfT=4}+nvsEMeX|Mi6d}j6g9J=l< z@8I)L`i!9k*tJB*?gVCkUUX};iDJ4?(;71pF?0zhi9@k!-AHJ7Ls`-2LMRk!us1}U zSbWGAv{OEsA={Le;}v0hDe_qkhEqDbi0zgU7{ySV-m-~ZU2z+%Yh0yl#BHC7Ng}Uk zeHLburE3@Yl|x%qU{*iSWi%y*g0!UjJ$DJwWGyv5z3!`plnBRSm0MMVI-1j_UyWq4 z^f=rnKg#SqFR0T{iQF>B%*f|VrEeZFoIS+e)_lY#Fxqw{j$1U5#D$w`(z)|Y*jG+l z*;VjKhIM>|S@~D%w4YP-*wxs#p|`7KMQ#scraJ^6|C?ZR@V_PghiX7(yhZKjV@E}l zzI{V+s|XmQ%mk#Cc6DgF88x`-9|RyJeZqAizo-2fL{-l)RnYk%^KJ0# z8!x0~EEkF!V6xQXubO%ZX`T%rr%T98EMD)Sxy7Sr@uc4)TqjiyNvup#Cj`$E8k(nm zln2wRYCYefNvO5*NS%RIvMpqu$yB~QlQxDbaHzeDL9=to2pVyEL`hg;Dd`Tuw;w%% z@D`N#7V4ZC^ibHenR}3}G;v+$Vn<`l^Q9=etmDn^Qrurj&*m&C8|57`pcBmOXegqV zU5;V1wmnOhdG6TxdO}6ueGHY+gN~r4RCVh%nc0G?d^Ls^18vvSh(s&eL*fYcQsNIV zwOcfa>86D`_sPS@b}tWXtWL`Q*i3d7HFbA?vYH&({oy~o{M-HgZ5we2plWrxg_|*A z3G8PJAs5v&7%Kspt!MqVEpk~UPxvAk_t9z(-%;H}Q$ww#F)-x5V0gg`_t7BjQ&>Dm=J3PniqAqoC?1*u^mmI^E>X>JP5Ft6) z*LFQ!!sT(<`C7Qp#ZH2+vZMJyMdwhd@;l|?6i=Gaw%o2h5I*1iPhAjJ-uYhjSwW{`$7(H18AEh;X_bSd=*_jh*PZVJnNrwZ|Qe zg6b%d%pKO*37R&_Y=wbrrntJk!1n#X7pDVuEzAmLk(=~eMWU7p+UDc&q{-`A_~pC) z2i6w%r0y~+4~UjvN~}3YoaBrxOQF9cp1EEk%pk+)W}bDk<;#9Cq&?|z!pxM{hkNWo zH}RmQnkN3#cCw@J^3e6GQ3txPl9(dtw7>dSNX_Fe$`6RdvWXS+xo*=iZNmJ!AUp=M zqmH@f>6%43q!nsh6|7?WHp1Ov>x>y6_+;r=Rshi>PnlNn49QF0e>5k%ppj%mvpJ1u zi~LRHR!Iy7eN@DWAV)%)uw8_G?g`-qlomrV_^t;vldESFRfi3)eT50MX2??`6D@-W zRE+m5jLDT95Qf}hB4(GUQCBG})?%9yiVA2l?*M_Bkx@v{&}K@KNf6rP__WovKphyc zCTv%;wsZ#LVkuYVrl@lE(YpMRRH@yGQBVdOag7dPF?z^teQtZp7ko1%cMxK5`g-xe&wTFZTP09+j244Bkjv|bjGsi z&l#EV9mj{GRra)0wB|8_SSWj+|&0ARk#yXPgiXTFCNDt(Z=Br8a1Qqg?>JzVh z$JC~z4~o|+7**(+Ir%p6dsPg$Ngp(jQ64+v-T*r6y_Gy5EW=rGm=4QTV2#}O9}V`!|}!wF}?P|6Ep7+LoNN;;b6 z=T#u5YWmrII@Suj>5G1S44f$j+?k6$_3vZol+i7enX#63?%`H0FtmO$iRPV~!R)}c zM@D(`lnH9DsEBO~sv2^^;B0~lP}8BZ!JNLO>{(Wj*rHpd~toukn6QX#IUYGZ)(eWm`Ejq zQhJ~XQ$l$R&B&0Vk^=z7QW03-)zv}HG#*PmV3P*jKVL-Wd&)Sk3>{{XufZ9zPFLa) zdp&mY+K=Wc8Mci&@Io5?^ZXSt_RolFl14jZZ;hCtN;-TgM!s{V(#~ z1FWf~TNvJ{gwR3{O+#p*hbm1?LJLhpl_mxR1OyLN5DOu61O=pnN*53i5EKxkBhsXU z*eIe17EmlG;1|x(bA0c4-}m0{f1dk&_y7Ow{p_q+vu5_JS+n<^vSzIgHSgMV4~J>h zN9Q7{*bB^-CFGXVOW@6-hy9(8{D&s+$=tgSr1WNi+!qxn12(6w|1%tNi{q%<*eG0s%l>8}3e8`%j3^hcgAFzUCwT5hSxYj*JUoU$@If`8FMVZD|mm394v zr8}2BQYN0myWicdORy?LuOJ)V@bq3I1-!N~uxJ8tE zYlQ2X+i-Dhw{MYMj|t3CH$Quw-A~Huovc-{&4Y^%77^(pq`p9j3lm+w(MFftP19`{ z)}C}tvb2tu70a4RuhUrg_qxNXmfIh8vUUeVvDtuMe}0lh>)+?!ax0^wVxNXyPh(sl z*Mre!XNqgV)#$&T#-0B0mVip_Da$_w9Y@|Cd8+hWZWI2CzlUVuD`f4{+b;OFEthfcV5-MC!!ss6yI!== z*veh@51gKYKBLyNpQY$(^5m&m#ylt&2|wZPGUl`-Y1cbU$LX17$k->#jg+tN9g#U) zf5&4x+@3?@)Q#E#S#^SSv2W<-u5d|XZe>c&P?qs2eS6xwxG^>Fre@D9x5qAHI7hb? zzNt#*MV(^1d_|tnh(!)b?;-~)C7I8mdLQ-L0h!~s?N{S!I|{Yr&pz&t>8nvX)>ogb zmfO=*Ag7$FnNeZC*Ki7PN<{)YlOK2J&e%raKfL=x^1IOdnx38``J2_Qh4#WD7rzB} zJv(RTUd)WK;;i*WsdbP=ybdVcNOnH%?G|9%RcrjNT(0LxI#%^`-(|;Jx*x?NJ>reO z6_{8)59!Kl!>4LiR-P#LUKA8AuXKGBJWNuvp`SMW%8OOaxBh$+!oE1i{nRq58G|0f z9{<+$A~fI?@s!tDQ_ky2`%RZWO!ZHyrf2QVa2PBYb9Kv1G<^YfcC-uqI{&bM%rj`z zqZ(Ex*LYrmkfD14|GpSi+*rRXG+(){^U&~mw5sE zXA`>idLxR4**%?ufwJp~Y7+fe2V)*)@w_VSLNfT^opCx0e@FP-Dbi&O7i${QG(F4n zS#n#~t};wLbL>o5Np$j^rxRfhH}XZ?@R?0Uz!)my+<2TN zpFw4P$u~E_G2usNJjOcs?OY%8bH@&$HJ<#m&Hj4?tDx?va8RV zo4%Y-y^qk7vb~yj^;}5~)pCWK?GhWkK_Lt$ZO~>@*MXM!*usIgdV?7A<}NubXa1tN zf?UPZp?XunYDPpDSI%i^DM&meF?B@#)^T&9Z7!E3v-f+PycjZe)SBzQ<7gg|Bf-=D zzNLfh=j+(Rj&RQWL>XNz<^ToI2^I?krv%I<_~A=C$9tMS>v30)RWvrG;KXaKHjOkg zgOUrXG5J(CO75A@9n0xmkL7RoaUYSMF}UmLdh5<0+n(6u@TSdkj>K9 zYEFCIz1IY1mG`4BSLv!I3IOho5449QjyP2E-kAHxaoKl3VRAdv!T#;$KfZUu=4Ni9 zZdtLto`{81ycZ&?w(VRxlV*q|Oc}X^Cl_l5F>gD+xMkAdAE00vl`ljfKH;8xJ-@Ig z$V)+E>>*=h(|hihX1()N){aZ)+syBg_lwDrx$oW?A2x8*#J=UeoK{x2mv%v5Yuy#^ z7OHx}TIXV<1;y`eT6g;V!Nb9N-JT`3R=QqeDz?M0=P?$3kaAV7!03uKn-^8WGjow* z%_}Y2CFu$Jo=0+xWyS=p?ni01d$!7dE7Ui-_E<%zDXs*p+9)j{F)SM(1XfsnBB2>TWmYZuzDkb`#wo-~P9wR#11$?>?roNw&mIcfiKxGS!yD81Dq zbV$fB*H=l#Gt1#cmb*1vVCy)S@ZhW5{0!pYgHJ_9*Kb+}kFneEustwkH@qTdR%2lT zJ;bcYE3hDFT*&T98!!2qdD&2wp`Iek`JPkL!d-L`=K}wba4_|)Qy=O;NKeM6wu;{A z!y7g^g~W;%2FfJ?x0B6Hw^0`(k|mG3)qC>9;X)b|{ zp9~M~sqWKN`RI^fOQ-Y{>D&qbN~&UQOK-{<5F+s2L)3QPTpvSBGJ95RS@p2C%R@VJ zEYUvpGEd_2iccB;UmfRUu=>H(kF*_?T1DUAge!-E60ZLLA|POGUu5b2bH4TGivG`K zt#2eJHEgwyfLcSgz5?%ZV*WEIB;&SQ)jb^ycT_Ms-2*nUIWnk3y7-~!=-^&MjmpmJ z8pRzg))AilkJ1WJQv=Y5Ce53RyWgR9A6Dq_5PXfPH8n8Lf(uM~*Iv(JONFagFB1yz zctHoaWwYQnm)P|cF@*5k1=}9hmNk>8&_X`*j~6_@o<3>cHQIn^5Z;GB?D5PtpUUdB zl3+3CRN5o!d+qR1FzX(*B{t?F98W%PB{e7fS`Wl=UkRRiuErt#a!?fXO&If!wVc%J z3N`F{UDc5)aMp4B7cS;XB5Hiv`&@O;%z%3tZ%lzr*3qkVM)gtBx5@0K0>%!;i-LO( zxz|Ut=6otRTqs##deRYJgms{|9Jej65nBl008rR4T z7ym?7ZI9b>^J9CLy+3z#>q@te5v>nFDT}F|0}>U9KDYYsXc?s8Jyx(Af;DpZm*`{# ztH`P1;%M~81wbK|Q!Qu)y~oOkTh+I`|Ii-qD>qy_o=EMU2y`-S5}ERDLl&O6t=C;A zlzsc7UQbYIM>N`N<5A5JhssHGTh+P2j zoLshf?)Kxl7ETTtFQL3I-tKSvW4`Wed8)-Z^FhkKBOTrRO*k0ST6{I^02KYL;^MZF z@RMESo(9ael)>c@+O^ekbE6GIHNwU@(Lcnoo$_PNq@eQD==evzi_J!BvERC`qW=-7 zxNWl=;>1v$*_n^{in|oIZ@j(f!Jh~f!&9RPlQ|bAqya2n(MYq4!#nxUAZ>It-~KC#n>4j%h(wJ0z+Z2Kbq*N@L3d6wWBqs?cfsypy9!sR`F$B-~8kcEhVez%y@)yBQhMTljCPw|(OI&*x}Z^|FCrKVlc_nOV7iIo^^&a-pK1-vPW266C@>i;f(R3da5t~V(rUE1Dqn=Do}g={pG}{;PoIJQ z^LmkCUP-#T$5B<~R^NwmZRvRNYuR;NRD4&`kDhKY%P1l?!rUX)3-1SpS(W6@ zb3TFd!mXZDKIueMW+kk!>U(m_a%yL?O+L?MJ;Xg`n-yrwoyI13byZ~+Q67F3ex^2! z?kUbJOlr3~uqIE+AOt>~oii2(MPx(|Xt#@P?U}y1bzJyhv(CQmkA>FEBXqfG?Z67b za7vr5-{k^dFy(xej4V@xD8%K^X%gX9T^$*N9UN>Ml1UpFJOQ19n6M5b29P@6f%fpy zgS=>riY&KwSN)O;m&SwdfTI!(<#+Ywe)n?&TUp;!J{^1g;NgEBgaby%Bvjbzlq1EG zUyGhuyfx1VHC>RWjcq|7(n3aG+xlx)q z$VCGxz7%$dMdZO!;7xqFs7=1{xSO80LDf1{3O61D1=SA4^B}A)c$At8&&lZ`z$Zam zET{S&R{9VxC0~zhcd8W3qMw57PR<) z5A8c<3NEx@P2hZ~M1#ud7*F`%R1E7A>4j0J&=?TP4z>>#w$^wVw`UML8_y#{N*cWG zZmKa3eLA8oRf;9l@K9(TY6)#FD)T6A^BbjriC&aqBqEz@USl5RsR5DPGFs?zCbX)r zMFL4EIC0l?=QN4%>{4e7C5h3!(N(mm>?BjV{p7xgU>If8|z9Qhl1v0_BLx91_ zs4sd$!SrYz8kgO5<0WdjG6JO!X6r#gLSKhh#CmMV)awVpg%kR^MX_%0c%1KBGxxMD z4;bAf$j}Up(<+cau)Y%LDb~Fxp2l>bL^aN9w(*To)$=c}ABl5!*hoTRsl`FeAL9t{ z0>mYYgcDR6@jUT6(DgE*8U-wQb6fd9Sf9G|*6E?AuBw^;lj1Ar#o0z$L3 zcEuNXzHw?Pe69xDmDiVaXpeD69qBHBoOT#5tY8vjb|75$9_0y+eQ}ojWSS;o54zI; zgzov0ijES_7BQFZ3HH<&dLt$9q-a6AF8A2UO9^jB{VvZOP`N_}QivJddxn0?eWrOg z;LMAS!4Ekv|2Km?6oLDN5kTws{H!=Yhi3F%?XrMj{x6(h@r>TxT?$~m-IkG5tLH(G zZL$H(;Go6c)1Pl{eS{bBu%wvfp)~XE`oYiJKaNg)2_sN*9`YtFcsvGWm0w!Lc_j3! zBqoL9rigW_m+BNXRqb*d-Q-5*+zYrN3Fh};f&lvmt~LE~uPJ-($~g0Za2&fx1&JFq zWtmM+;%@hFQz_vZZZPgqHk<(u=IPlw+9&06%@TQL!=Ct_&$SKFa72opN%1N2P4o8k z@{P%V)bcbs_}#H@lPG|{TBiCtFcX2nr3yNkXLe*E8CEcpBJwX`U}n%8_k78XdBrcz zzBLx3h9Ald$#FJpE#u-XJ@h#SdvVyaG?6vH7GBIIY}L5XED=7FB$>yRBF}_&qP>^8 zGD!<$_2AqCY3gBv(#x}1CdU)+Uyp5^;E4jViAViPuD)}Hy87wBmFK_GAn%0zJ2gfh zp4RCXaZ2zNoD#}UG3!MiJNGH<{>gWNZz!Ec(4~3F=Vu0cH*%6c>=Ao$!f@d6#jM8N zD*pT2|38QB^nrTKAM@Ig(dH%L=(?UIac*C*z_XUC?+@R30##`}z5n^0;3mY+`aunC zG4`e}|K>uwB10m|>WRDBF}CHc!x0t)W!LF2=+_cp>ioDsd7O%#W0+o-heX^sB^K$D z$880k=T@HC{%n!yC7j-xz8il1J!WWh|H&c~eJJv*4Ed;sOF$zlxUr5Ews zbL+%-zQ*26fmVk$UB-vI%*=E}qtYtFt;tMv9BnSPkj6F~R}mg@TuY`bT}c>) z6KBDSI3eX6Wq2{f<2qEAvNjX$MQblY*(22hD3E>g94?Y8l7O@hkG*va%59PRdVktR z0|u3y)Y4sC&WEeu3TA!O%;}MrC%vRXI6m3#Xm!6Vk*t!>Z6on4=`6F*oY3lkXn z0HQrd!0TC(Ag7D?056B&i4{t;1m0Fh^!h5u{YQ~_20ep22B^ByMSq)FY#bubbCe6A+ zpt=h*B89i)rnk&s8zzz~n$)!-*_XI(|NrdrhpG9Tb(ko4ad2 z@bwS;4+q=hHW83F=Qb@LG?qqx7A(@So+4SD!;gZjvO;daDvneOU!0a zSmV}nV!QHn69gURUCaOkSPrQaV$@7`&zn33F=n1~gRn?Qj;B6-#`Ozm&xTRYdlq7ZRb7aF^L1^)8ta&>Y?o;d=m4>cqch?C{JQJ zYqRL-+W1CL^eY8qvI{~C%tnme38R8QsR*HQZr&mc zS&$uhh4Zw5SqE^3H-J=8nyVZ|w{KAJQzqi*bBOm5ET&`CZI4uBL5CWmLmlcuj_&#}lgn#)b$4xVc{jthe%(OL11uc{QCyQa~A;RC7o^ei*B#AJR}# z753`Kv%ZPk_`n!3W37=|J%mhC-q{P&rIy;m;()bmhfP!O&GRWseKpbocz}w|IBrmS zRjnJAw)!z`TChFNfn3rKg}ea@&9NZghCV_9IR!_M>l2?as1bbBY>9`kb9)_UkNk8$ z1q?0L%F6f-aOnzOqBrQukvz?-3E|K6inrzw_xs{!;H-hoMui;G>wXg1Wp`1xRjCSG zHegd*;j!YCsFY#{V4SG}FNuig$<8$Kg1;?6RDV#8l?q2A^7e@$^P-iP;G7zQZPF^7 z;2znoy*(@h6T0>I97c@A7A$91)bjp*9{N>i@wmAVblMPf{bCKxlYE;`T9Nd~T3wjN zStjU(gc=|ZzfXOhr$*JL(AnmJh+y`60@Q5PD+U|7U}~(6XIW&JImyF2Zt^X!-Bu|q zNral8P4@^lp`FdEr5ws7RECT&ImQFV`767q0Nfn#=twF<9%q)p%eIxiLrNcz#Z74( zE;ziPcVe_|lD}<+6TstgF~c`3sDx?CqQ}7zLe6<(Cz*#Zb{VL+npR(yftzSPqx6R( z5ifdNxCJ;FoBLQ<{GEd_(cKr!28LVsUdssFB)KYA#8gR{>ve{vLV5Cl-A`fgx9fN;!0S(W!Z{TRwx+zn>L z!x4+*SrC4ma$%5R2qBd@v$r}IbhiM_;%yM9KiE;gnH0p|W<7N15ho%UjRrj>_z`3? zd|ehrDTltkn-!Ax`D1RJX>yX5r*??Fjk1#vO{)yMCIxnL6ts8R7kx5cZQ!3UVkQ$7agQjRGclv}B)q)F$F#*>tYt6N?q+Jhg1b<= z?-$ltEG^bCk}{kWwo9nU3Vo6qjVoT>Y9sZ9WCCta_ zRkqLG(+E~I7hGgjQOD>vr3^~)_TbAO$~A@Ku6edyDm^xXQ#p*1E?%dLj{6>L)^1B_ zn-aV{$fWdET6LZ7!v|(gKk$N^O-cOj=h!`{1FT|QuJ>-o(xxrMEEBkm`D=E(T)%GYd>FiYJV%N{{nX6&tH`BNYN z`=bt9tN!+X^oIYyTpk9B1USY)ov~w6w@>Ho^wz7oGrst+p9F4%5Ejgt7El*)6xy59 zK;~9r8djKCx(!M96u_5(g^Or15w8!f24cW=xwIG!GAJ9dOA!Fh`!R-Mk81y{-x{~{ z$LW|k4sDShel?xmT=A~V;LC{ zFY7#Cc$${M@X=Il9zE*O`;nof!vzTSAZyt*8GZYTK88}WW!&uZHPKYf_nA;g?R30b zkw#{NMl!|{aDmM+Oj2S9di)k!iegW z($wZ7n{EkS*jI!#MyQeb_ujK5xzO1xU=RGJHY7kmx)ozP&oz(!pYpCuO#Kc>E@nO_ zD~@!^KfdpGyk{Tz8M+i)Q1C86+~6BJMb_&Y+C^IAL>K;)S~y%+FG$XJe}m!WBNfoc zo?bx_UKSwnw&Jo#jmTPl)z!5M-dWMMV*h#xuDarbD5;~@&;pui-X7?T3v|A#zTy!! zHBUi`wn{eP#gfeSc}nbT2S#+SfnLZL%sk1n>PoP(5w9t65v+-{tZngR_D3LiJVf2f zsUa@{;SvMSWCs+JV2x%QaaQsqrR$<`HZ}5Tff%FfU@MBWk+rPPWsUY+TIsISv*COr z*5Y4284n*q8LtEiTNxR*)1U#$P}ea827O*XT2ck(4xVf71 z1c731wFG5;e)I|a@TnRLHZzwt3o6Do4~|Nw$IT_*PjqoYp`mA#pM&a3Jd&C?+4ni4 zTLry9yt`ySrZfDXDS>aEuj5DDJDn*pW9i54kzmjk503|?S>ZB*STUf-pqN%2;Kcty zEJ`g1Qv*fn#m?^^taDp=)H1BA{rTo(PhVIH2r*7vv4S=V&&}!Bo9N_XyaWN70VQd) zMkY5`#;u+THU>Wt$mN~AOclT=i{W9Ba~IWL$&uM~AfO;`UL7h;h$e2{EXhcE2bH}v`ZYm1gx%tSz>F3w!WI~NH z=l{S11*=&P{n7XNI9>Z4kdZXQO73-jo)>OpNDvvA0J|Wq`Sf;Yo{3drD)0|%zBWd4 z7rw{G2@!H7vw^k5A zU#1@Bocvg{L9quwskpgQgvjUOG6I1J z>9b?2Jk}$Zvm`LR|2gVJGtzXF)_ha}DE{O>b^>SoAK3 zOHz=JYe`HjPKYj(0tgCcd3G-K7-*W-V6nL#g@3&pjK<`@k&oUBa8W!RV6ZnY-luBv z>H>Ro?d$MdGyCy03=JWk$amcdA7K2Pj?g%OehP4%PE~}=(k?j~14sQ|P<4eLj}oYX zT60`5lrLKWr?skJhfxImLWi@Mp2=E$BbU+sE~AGk&l?C5P8O6R6V)w|7d{K`_~U< z2?|UG6imfgl0*|slV(NNrdMdY^7IItC%+(0N+O)sx+RS@UPYFUx+Qqr<^{4OX9`Rs z#|>&C98zL0i|LC$G-`p}M@rsL$@O5uC`HbW+cN2!BcMV#vd z+f^uD7}4j`A#$R{epo?w^0OUR7PCF&q~r}(Yj!*Y z&%xQn5GVGUp?Xs}7vQ3jEj0O(#F z79f`$?Ij#Gg@pJ6;C3iD@c_C5N0X2%v6N|a;$KRYEXupebCEhb9xTt1 z(WCT|4)%BCc>u{YM4};;gA>6N-J}a>`$M3^pSt?44a-d+Eg-EO-b4mlyIfQp)dO3XX(0tfy>M?+`JN>vv#gu=ZRNh?KVQ$yida+igLsPJQV!%=kN z0hi=C86LojzB?7;8*#|scAlzwpV+-uJSdmuHnGrwJvguYrQTFC0-us|T#NC2X9TFPgfxC(t#W!X^|GFJpo?lT5taT8a!Sq4p<#jIXrLnK_6wu3yec~vY*?}};;W!^Z=Z;|; zJ|w_25e-Way*$Fn4YZtFdmmpdZgfV3H6%(N_s05s_DEH2E2dX^rh0CmWippiUS?cS z%;QqBy#Qom+zeg^6hUA#4Y)Yep0{pacqPKzSQD9Lqo)QCP-`(ro$`l=9-H z_}IWS-xJ`9P7n-mD9TTZwH?)Zc@JL=n`qR*yztd~n-_w3o*ZP317!|$+$Z%i@8PXr zcQrbh+lCY5d2*6r3p+``Ns^aV-*w*YjT5Z$QUl~@zgB_R9Gf1ynQpYfOV9Gw4?Yk7 z>}AX-cMa(MHys3J;}t{&&G!F!{v`f;BP-Ke!}g3dm@Bu`Eg4F?vpU9L+lFnkd%@UU z(dA~~k^a%=y4aEa;R&NWd(BWfuLbCmWak$snPRlF*7Kn%P9$qI@@jQqmb1C7B2q&PxN#qw}wnOVul7W%VV{B zb`lB?UClXw3dAe4W7wgUXf0m7aGV{(gDP>GjY>Fn1ChN79*8biS99LQa~Hu{PD;K5 zenl*8zl(Y>C)e9;>mJdyh7vJqyKF?eEOl56hd!9j$F>KyU@@id!$sfp`=<|2!YDE+Mfg;%_<-*>1k|4x@>xuLajn>OxhY! zfiC2b!my*5$XjZLr&*UK!I*aV1xU^=*cFyzR<1)hmlqv0+zZu~LpjRu-4K;dCNxM&4XkB2wCmN%&DqJ!(ib5;We8AC0-xY?yJidB=R?jtActV{rj6y z8XwYg2*bkpgxPL!Gb6ixV;)jMv`xmYuQ33PhnY#A)ERZqRB+L$brUK(Sb0F&FC*bRFSPVBSk5aQniawbkuew~(%V#XQQ2mQhac z8|r>1>;&(cO7OMMg*Eifw8T6a2H&qYRgoly;iBscISnH&p~n(hu3OFNiV zH@FzgiW1{ZHg03#x~k?$K1wQyW5GOfada&|JLfAZ-9Pc_c!K&mTr>!QhqXp^wnm4) zr*{mD>+4I1xfYUWSPdIk2O-5M9$!E>)0v9J7nSyp-Ve_A(FJ`@YB-QC7ReK>cYz6M zh-gU^p<1S>@Mv~0?CviQ!Sj+>U(?&ffn>NOZ5+sq2u}pjEUqh$;ZIf*ZSP{S^k$^2 ztqNvbP>Qufs>fc2i=S4aiuKdApdmBX?|glI?iF>XL9PYo&*^f(wJV?Sf0Ae0LNL3I zr{Jj=D)>9_(zSJo)i|84oDw@*mU@vcWs5~8X=oScyVI#%F<$6opCSDf}gCwu2N>+L&VS#niP z_STt4V+_q?RtUqb1+e4a0!3q7e*J-FQOIAy3>!p7;y+Hrz?v-XgURFXz{5XK5-FD0 z8t=ad)CU!fcqdDHKmSOANy)-o`k_9{P@?_L@T&e_J3jxsrIFa1KNWC)0sQTL5|E$$ zmH%G^3juc@{9Y_E&g!4~yMM(#^6Aw>asQqJLF}I;fAkki2LCMiA6ec0k5PXX^|!yc z{ABX8q<_>2QE?~k+g9sOk`Ii~_Q8P%%>{`mdBrstau}L%chv5#&9j?FHogN4k6@i! z-+|4mS+UEl+#htP5ucB}d$5z~{`SqnjaJ5d|35nzN&flq`S0j|T7`cxcQ)=HS@^R( z{FE~I7mSC##fWFL!7rE&0Qy&Tl3!ms+T;NJB|~x~!2C<_mxMo3G4%ZYj{Fq^{M+P4 z7~ogpzr%$8B!3#{-{%kf&i?P2Fk_O8#CL+^A4!xMt&G9GUiB-+P*RZW*z@|#gBT&K z5za(Fe9zI%6l?!{J8=g8Nd!Vf@AFF=+J2sGDGwf}kj4DT;_*fp*LO63GQjosLjQtE z0>u9Xf!NM-4Eitde-bKGJfik$BwLa;EE5s9je8BK{#oe^{C(B!}2ekpztz>M9dFu~4R{6Na*ZgMRz{!Bt516=x#ZlAZ! zDEd(%`LYwop=`%_Qr7@Zg z8IuG8b^rtvK>Um+16;op=I<;p*iSK%B)g_R^yXox+%n*PvvfhPjWF?y zM#*T(4CQZ6D2n+fvjl+AWPcL>9e^^}2jeghBMiYaDZ=b$ss8+D-jP1VG(B5Ba>N5Q z{U`n>z+j(I`TsJ1GK2l!OSK~%41oG9kMVp$lUBDbC3 z&lkAW*T0MvPj>KG{ZHQgz;4E#Ed|b< zJzES%E+8nw$Kei_Klf}U=lg}P*0hhzVNe9>8lK{t^p`6{)OSE{x#l|{gb;osLhk=4 z0S~hvw0^}>d^5wEMQMFcR}sRb#x-3Tb2#$g{hmQFOZoju2B&oZ}7U zNOH3CqC0zFk2B9S*WP>h@k8X$O+unPV?z{1h$EC>r_~87H!8oa{bXL^x3SzfuQ(noXudt9%$w(fF^P!S^Ea>3z}ghfcQ8gQ*(xp6E$&- zFH;XoWa9d^J#r2T32C*OKl1+Nrt>z(C#JQa??7m)HN!2OxjxUoJHsj&_7h-?E(ra7 zYizMU+nj?RGPEs*5;d?TAw7l){zBIm09gGb-LInR2cU{1| zYICoAt2N+8;7pbHc)279x9j@1$}(LL3yz87vX6+E&nKp**`1l){z8L6X^7s!i5vEQ zj3r^rW&6VqW+JOk@QX7YsGIzRYnlSMi$#3vjjL&0!rUXYvu&h`PJ$JN!^QF$%UDs3 zIs>A-$Z8Ci46nM;S(6U$BD~cVw!wbWn)WwzK=#OX4sT5y;%gZcj0C+lW@!yY2MZ%U zLFp$s@`jQk&F{ZAyfr$_9B|y-c!immI|co=YjwDmw|?W=>jz8w9glOOSpou5K8$Vl zZ>nc(68h3Ws!(S~L`-`+!1p!TnN^;a*mZI^qFU@JlFwyhKR!Bp2e#7W){ZdE;y`yz zed@m@@?nctj8an))L2mVVJ^}ebDCz*n|(yt&96Fhopou~`@5jAi?NyBeD~#-zeyYM ziH8=5dKm9pR)W#pJI( z3AU|he>C~B9a(ws#6|~2P5)J*mWmIQIsWoJ?o!Z#*C<{cqs2jS`bvnMmbh%RSc+p` z@&X9HoP#+U1j!n}(vs`};P# z|1He6H^C=fFcYM#59NhEH>c}HImLdM!Ao(i_}oAP3ZSRR`k3a1srD-SAbQJ?B7k6f zArlvTP9&eRayE}oJr(5grJ2{P5@z34IEjo%Dx3sL!=S_~u-N-U;Udj%pt()H@0v?o zUTbqL@^py372^}V&JoKD8@}+aun2?7K_(Cd`9yN=!f|nJcO7doCJaW1eGKCeTaB5` zq$M{9%CJW65Sg;6TO81r1lFuBvASKvwM*P5_{KImn~4o~=H!#GOH5zvuU5&v@76u| z-lf$YaE)2MP~H`E=o3Q!^;^OXlG6gZl(l81HE4fhc-ysr*OCr$9M$_)a9ov_$B9yHbA0J6i+&^Y!bD zIaj36F4T+6hCT|#HGalIF#XJ0=J7Mn&U_v3FcL%2qt0)v!329m^S{uEE&y2GBS1Ij z0cu8>mcqm1t+M$0z>y2WZPhdUs8bb{%yAg^ z^~kOi#RE^do5?iSd?oSoQI8bT;(7Q;OsL6q-tb{y^y=C+4$0lVeublG^{iCHE1lg& zvtJJ~jfU*I^egh~4~T#x!Ry|66xg)nnK@ z^(!Ad&39dXzfxos00cZc-i~jp$(P=E$2;9CXua_0mhvng^MZ1AN8WgBQxd#~aHaIr zDCOMA2X$w1oid6*lgEk=>KcyOE*Ja5*;cxl?86a+HU*<)YMDhO{}-5l{u`K)fT?MQ z_-X!1I9A;bqzyhZe+bPv&9g3U%=+=oRWrA#sMCUXvo{4sfvc=c*eR~krJUmvW$QHKNfPkcJf z(zd*6?+EF?Mo|PLpPq~acwwt|PX}`q?A2bJB7;PGP?~9vosJ0iKDPhFturtUhJ zWxku;P@2s4#R~cEo#!YiWY=y#^HantEjM4uh`rdq#CwcynyF@Xz*bE^D4#Rh-LXyKNWy| zN;3^K%x?0Os`U8AfWn-7#Ns_N%t&KXnl{yz+&-U_ZriI(-xo#jA*gh{yf9J5*$8UD zTFo!LTatLvAL+u6{Ce?}ol=s{&9qDCh}PuP$Y|VNp_2wjS=s`5gr1e*OO-X5ZsRe` zGzf!5`rPwV2eQliBdGa9`Cpsm8)#OSE_S2_*-807(9!FmGs#*^CbC4Hgr4qmGPzqk zBfTuH&D0-Jgs9Vgc!)K46d)jH(`Q5M`{G=jY?~F2G?+!~QyxWi2b>5K)0hqLnGC3S zx|@TLCMotRywb1FB7jT#n?>zWRPf=I412~ z1T#L!T{k>+?W1m;vzyOX;W+*^aej&}6$3)CNl#uWB5~UB9MHdEZ;56_x3GDA((iN+ zzU^Vmf$8l%GTL}!J(k>+@f)jnl1R_gnXnT;oGZWhw>By)&X>_|zxVhWzLTC<)p*+J zSb0-=)#(6`hW;&Zq6u z8)^3kn%4q9^}&Se?MJRG1>^#7`2pX`(J|Su&)pOkD^cFWJMA_G{Pbc)m@$9!>*n=I zFk5TPa1ZpfsNe;RVY$2(nD?FSQ~QW_vrBI5ZA8syL&F!7F_o{nKtTeE#H%5Fyf#Nn zIl|`Qc?ld_-=cXu!!`tsnf5d)av0+?av;nxwvj**9*0mCW^gI^<1sJ^tMKVAN!w$C%g%=@9% z?k5+z26p&Zr=uOv+j&mzfeI zttU!QfZn?qfHPL{0|I56qUmyXBp`3khdR`1^{vXicYQWb>gs-ELgRuSL1ag zKfJ=DVa|e8;YSN1c|Qpd+>E02^Tk6*VC@dQ<`8?2%) zL?wregwc;6vV6>)?0^yWe>L|OP;muag79mg8)&R?hsF{-xC8>-c#zPzyITT;Ai)~< z0158y1a}ggpus&MK!BhL5JK=QpX}`S&CbmJyEA9b-{+mab?d#VCndLTUF-M8;;7cu z>zBbFJy!lrvkNA#`+?$$<2?53MJO=E$zOBnJVtVddG)#J^6B*SqFnoR2$Q%}*}%vU zvdI(bdipI%IV;!*jR#+Es_AAt3l=H%V)2{7*F9Nf(-C8G_WVrMq&_yoFmgyJCBnft z@@+~GOuO7MyPfO@E@WKGpIEpXsYx!N211f&e%aMx( z`w73>sYN9Kah#7QG5lJcr}@L(N+e*KMtyyvb zKNhGk<)cocAU3l||9q5n=OZ}#JDfe_NuxP+Fg@=$)Pk7SXT#@1XzEnQJ@{HhxrHyG zh4_yp)XQ2TG7OZUoM4>??fiBxM$5D{0@+l=nftJ{Xj6b$e4H!>mgAz3;<7&&xQ;{_^nOT2hW;* zAWY(+m@E?P2Kb%FQFWgp=42VLv~3D}HW-JFLps=s2~vk#4Aa9OpH zZse6=fxNYZ+}c8{@358dCBjxe+aN#beM@o0#b_gnl=G@@o|r!IS{)3cft~eU z7l$0ZZa-mMSvp>^w&|Jks z@#hU2rP;?;7S!;4>PFMRh>I(a5bL07jFSDB57gA4kZ-D2w)L2A&2==0Gj%$!@j|6%Gp%@a%Pp-c#5DNYpuZM7+Ou4Hyb(_qr{0KCf68;OVj>IZ zp{im!#$a?K3{(1nyV`PGRQ4*K9=l_1lm}{==%-=|>IUwM7+^A=cVS1Tn|?%JXw^`p znC}3P?ew$IJbcijZo7&i9Xcab6ODajCG^wy^r?JyONNy|6Jjm+O!A{KCO+C&p1O7- z{Bqzv3n55fr(%I$Rjsh{ejQ6SqX-&YPV{iM(e~k;k_7gSWdB==QdhVaLxS;8ke-rT zp>4Yp6s~_kBAL1@Q{RAhCTR{JF|?TEDL9*^qjhwgUOr&1oS#i%XnH5;8uU~WYh^Du=uzqe3$g$k#P`cyYb4W+qAt37Z_D33d57`zySNG!!e;><~^v^_aVJ zsC2@cU3QxR0+;E%i@l07E_CB92cuRSFcbfQYfTzz6DzYU@4|!2+7Or%Qq+xK3`QiA z9BKE1nEAr1=&XdMm*pfc8baR$HljE*qN#ZGN4$WRaw#_~i0)lxb729Lth47yC>9#% z?TqmV4tsDGTyalwE?ytwwShn}DXd8qq?BQ#^clCol{KnZ;dQ-L+!MYeoW&+Jk+8+b z^IgYhqT4;Wvls7XwtuT6|Pf3sdg3PyCB zSt>>fbn+q|RWuk^ndism(wbUAERHgFkGpY+w)ffbI63Rd3x}7ffPrF!!%u!Uj2HQ! zw=OSt%uxYEK>k-5cKq{aj;2;+K@BW(RW7kYT-hz7Y2%ST`}WFkJMt!{=)`wCa8q4t_3GA(E}=u!k-2&3=j z62Mlq(H8l}ls;`Vwm=ZK>+l}!<;9DuFnuL}Si{^`w#W$1k6mDAJeQw`4*T9?nk^bB0NDJ#no|q8dKVS?)y$hX%2*eXhaP4oW0~%w8yQ@nggY3XY;yDR;vY+3NK9|wPc?XB2*S>sNWphvuP6J)^foyUUhkS~w7ZHC z+9(MC$&EA$p}HQQh}SH0f)z7OI!1_4zd)O|EW|HQnw6djOzwy7)a!=e~utM>YT<=##XL zUKVo|?3s*23=%tWL*>!PBCZlC+Kc?%Be+GltvKoDNEg+fojH$}Ry6QW1%#CF_1Bc0 z@SuqF`yW{z-Z@4=AC;xhFz9!z5@A_XBQBI{&E`_I&d+kdoKqlSUCUrE6oOLhAv8b72-X@G`rX; zMF6{IU>W6S{++hs{mJ5n&qnR0dREaZ-330^!Q9hkaqggjiMy>*6-~&hH#n;UrJ>#Y3t$-n{^|%9`5u}Y_4*#r}$AI&_Pc@#w#z$6D?eybd@<}B8 zMjSj((=RCo>hN7;S4`>J+k(Bpw3`l{+90dTW4sGU#1pQ72LR?f)WYgwFKiCoB(hIV z6?1@ll0w1y3UT5)t&Qlw)_HQ{Q3Y2?O)E7FD&q^8$JWHc{kW5pdT7ehrXw81$k$n@ zQ-NQWa`?&;h9ECl>NXc-cQiaMQNL8ck30DBQw+eWq}exr(49QU{1Po$L${GguUDj; za`PkBB4Of*7tL3DRiHm5xJvvYNEjlzmTBW}#ognHYP0j0gAoDQ>$5||9k|(U`vX?z z#24LiJr7e0ODagZsRQAi%s7>=i6XTINmNn6gs~JHKWKnfUv1*GCwv3kxPDZ=PE;Ho zJEn;k2iTg#JKP67p?CJ{u$Ol|2bYx-Nk{vuc@nL=Yg6p^Rb7}Ns1*N)z+}dPe+re1 zYZcyn@t1(W-LEH%d4GVm`0d=Z>$YI6`5!l;PH-cWdH-E85QvLxLKpUVA zzHSjfvF9q>xJ=|B(m!vy@%uTt7mw8$dxA^O49+XP zr-~B?5-t5Zhx6DE;aeF~pm98dGK;;gqK z012k=o7|aNZ^o1R3Xp@GV{Sm?(K>nv8y~Xt;?k1{^H%Z^a!m=l^M-UjAZlM)?pJQX z%ZaH+<_@GDZ?PAy|H4#p!R~ZU?tTCm^UizTUzsX^n2F!w7^wk+-^pPT^QZXkII8u! zo_}$j_m>jrBb8KM<2LuL(SH*p<2F;~(RkbZ{p{FV>p)VjV0@8c@79hdw${%dyVXw! zY}L_^fFRw6mnx|ka2{@Q@1}i$f2Y2?o3tu`l>J?DM3rWP0biaSgf`ylayFfT=PH;4&jnnf+SWi$U4_L% z$`LQ!XkgDcD}I5uq_(<6n?&-Fpe*JxaIMaygN`TvEA3`(cHkLM{MfZ}q*LywY?Utn zk0iYa-@dK#Lypa+I{}9$q5V%B&RP{SGB$#}jfLoH;AdWs;A7@|cZlhtFjHwzuMzo% zkH1v1-oDXxzERypVz0*2L)sc**YhCXUm6N0+Zxh%>GE{Re}MV*>gC&7bt96MF9IIS zadX=@e9$yT!zeUQpP0Yxzy3_=YnB^Oyp$Q!VfU?mHcMt1_qg()CZGxT5}_@SSGJKE@=O--2E$a&n8sPQ>wTmCFQ3J1i$j%Y0}mx&hXVRO3T}m z;3&0?Ga3Ih;c*o)5pnbJ3H90e<_qex`pJO7{f?oDia2yQI<%==aI?)T5$ayAPm4+W z8!+K6AoUS2eQ{U4i?e53a|-vAD11?OVLJa==5pl&f%moTN!k@-&4PQyB7t`K9ygjB z1I*Np-saK@bbbk+DxD7Je+V4ND%T%WmOdS}&?+=(4$t;!yL|ORoy*KI6c?d@=j;BS z={Ga5E5J!*OitASqbEEGJc{rm6*+V_8Y=(a-YbWKH@`96e0b-sXZ?v?+M8y5H!Rs1S+VDDHtSJ$&)Ir3;+yoFsBh@qmLC7b1M>M@Pbj}u{sYY3vIXu1l63u&jxxKRQ;!gi@-r&x!3H>$FBsP zsXquyWzxJLfRL=Le|rsr^TY59-|T!_wVDg-fW1*vB_D2it&Ta`jVj@>(XnzRR%Ry{ z@Q>JgTCA1#^fStZZgbRo)_G|rr2s46#ZZ?AtA*EQ^hu$3>@j3i_~s?~*GTbaTQ0Sq z>nF7lvLa!dh4+-lnnsOiD7f|i8PrCz!*2@k$Z3G=?_O=I-+ccLlC+0N#{U38b4K`#ZD4pgBR`p;{FUFW zqcOKp<>i~7xwqpwVm(*6FcV5*(G$1lvP3Vsb{R-TalG1ev{4^0Q)~t7f%=;GND&b< z-mkP#rb)#H@5@mP?)%A`0S}Ykti_>giR;hdo=7EV?=7N();-Y2oh@?2RV0=6SK+hW1x9bZO}}wigp@rbx9gWtQ4C zNJ!B;k`&_C$Nr?cQkoI6nU$)ZZyz8=&6{T;e=4Ci#|gyEMT!T~aAOO3*zni!$bw6o zU`ns52!cP)z3SSsRYhb*vFRk!f0<_rN{5y1u?cys<-@8i4-Ea1AuE`zt{ymRS`Mmo zsz5Rb260xWEdX=LY=SXfg?X~2N1E$sCgpLW8j2IQ*N`r*Aupqz#bXy|;Ju^8>R~vY z8(NMNTCfQp0&;9pJ~BA+RXw%`#(+RW0sthT2=C-$3ljv$nVXoCRKv6d*OW9IicheI z;uxo1%6EUVr;6Np=CL9E%)+wY3u~F+xIc);I3xGfsh=VX#vmyUdHC7(edk~SCx9dT zbmR6OtrD%w{+J*DJ2@#iru}tq-KM6Rv2>t$Ril%gH zZl!#VFctzYSzArx-FD^h3tjmboq{j4=ew_8Vx5V$aB2^hEZwhFmo?&R#NXc%2#Te7 z;eh8g^WrEl9)Yf`P!y0g|ozkB|#J}StOoNjxIpv`JUfO z%-pr$gZX^VSNO##_lmzPcA!o*jMs3;f9EdD*&bhAgtyuoWp?UbcUvv!w!9P)!wL6q z_>}hop-bkXrMWxU7MH*Qh=Juqvkp9;D&b9f2>vwvO47|x!#ROluhU5ONS(;{d4Qnh zAAtT?XjlWm)4Q!1aTh%79BjjPp-f5|5CQ$j2}`@tV>X^F$(?QkGjt zgBV;vSBz6?X-_m!jnloz3HC{)vk+Pwh5^1Raj41vfaf?@K^Al&i$9rz# z+gKP93x))L0J^_kUq6wa=>P8oDi2JH13d~@M%Db|zxzrbL*Gzv-X@a7wdWQ}2mZqR z5YHg#ef;%51&-Kggab7Lj?4MY<98*bkLhL0iZ6{A@08%n>5&hX^=~j}UUhXFw0tUU zG{q+>4L9G9eG+PKw1VywDBY?M*Qc-%l_{pMduOlQC+anQPm_7RkMRlaN8U6y$itoK zULJ_vOn+4hsrqP4W(MJ=OUgdSsWs^_ko=t0o_=B z)v~No?|aHGq(m#`1>Nt05rjCIY(3)F^#+6WoeOk#`~x+% z#&C4Nhq@sXLr14H1^Pr3EV+!7Z<6AY*&OKZY{xjUa26#aqt=;+lE!;+7I}z>YW5_v zik!>2l-8vihJUdK&xc6q5Oob;sp90fYt5+dOiaFZuB_4fc1hup;dkax?c&6?i-SFH z$fgpor!wI9wo&CnnwGiH)S&KfQTZ=v_ZJl#ILtY`bw|he_yLnf-P+*OPL*qLwI-ZN zYr>PCt23#>^cg6=;Xq=5FdTtmqWA($OAj`K7s#YQKX38g`NL?`=fSm2Qc;6>)g~B3 zzvG$w%ozDeEhUJvV-cGUY;3LZ)ITh3P*-v?zSho#H($o^u*e}J38k*Z7Ssq&;6q&aP z>faS+031DevAS%19mz%a@Mw`kDuQzERpBc<*_C~Q8fc-SC+_T>+ro`{(erZkNt_>O ziVqmEXfcA29^h3R6;}_-V%;{1dn{ZJ%jb(i^JXQJgEK{$Qt`O(%zZ3$nBT%kx*2T+ zDjg*6Lw7+1G4f5$&Z;%lP;V_vBZml$U>bL5%;Ix5Tu;QnOFU55vy`xb-XL#dQ=vNz z2kkf*B*xW|YWXXGzssFc&&kGFXAqZ(4291SVAylJcbCQR=DqiqUq`if8U^R~+>3)B zOuabSEDd-ghdvk7dl_QB$Z@E>bTn7r3e}!}K!IQ_`kB;^oWJ0(HS(awYX3CSl1-zd z0XcGP{zM^&aVe~UuhNymao@2wSa{=y8Q1qk3i-MCFyDk2LOrW0z4Gjfn4ub;`{*x8 z?Y}f;^O)-+?;NvBZf||$Glt+`g}YKQ8pQ5Wi;U-SVaL<8w2Khd*7Ffj@&8V_F$@W1 zi&7pCZE922-P@5Fh<-W|D16tgAEl7?XsPQu@C<(ky6czsDh7Xzp?Wz?X?i?0a+o&< zvDhaiD=N42SImUZ9?_(6qeUkb-cP1>I)S5Vo8u`4uwKtp@{1^SRLM}3FohZmsBo=( z=LuqrsgEJz4>IpFsSpsdWE;Z`O$jbr&J5S&5C_;5i?r=hQMQ0#X-^oo-}(hxv7g#j1T2FR5F zY$S?>a;3FgcFdBFjiyZAu+n#wVK~F2i8=YXE5L6*tE}p(YDvEv1Z}M0thms>Az)=& zk@+4loM#}D>!7jqL7|HK3VBgOzK9#<{@x&Kq(;NzI1xQ>=GrGr#~w*;NpOV&TdS6d zp$4N~IJXVmpwWyR67?h}uZGMejlOHH*Z!`M&$S1W6jtfzioP|E;4OUVZeLe_qX^b3 zc0nq)H9NWIpCT}~@|M;FwPWrL+__et4u3yIGAW4y3Ozu%SajswA}m}Z+fbprkSTnr z26tH3KIHu*0OU>jq0#I`egm=y3}FHWGHv}nxu0sHdN#yf%vGd2S~Se9`xP#JJt#(#zt^ zhiXzPY+Mn+DNk1DnhlrCu?NGES>5uE z%Or7&2b^RDBKxoiki$b;YfBqqHl4}#-tzXiv2o)fa|*-7ZA%>Of;yC6I06!O(o$cf}LuSjb1bV}v0vm17rbvef9>5Tr!oOWQ0JYZpnjS)@&5o^JZmBjYZOHSHh-*pX2Edqhyq(|KfTbt2N|z@$NK3Ou}9sIqoiW9x6+Q*dx^rv~KxAw97I zC!Y-{ntE>P27WWH4U`Y781v!FdnP-IG&WnDm4(kk$#;vqs=GNqHR|VA7|2Q49DOz% zsS-hj*I=d4t03@H)rde*D)&U(unn4*+j%YDzd$WFX|uBzSd-v9G%dl#pRcyH6d$JHrHl(!&F~zRl!c>@*F9_dxnj@P7cxC z_Tr{Y{u+B@Y1&2OZG+lZep#>fC40O&Rpu-5CdDwPI>&zRNZ*&I1&7DHdRSo4g3a|7 z|F!}4y>Nm+9w0X5Q`Ibfy7zjI7J5!F*Ka4!2Y?z2d9wZhFaFo0C~iYWfdgLaNbwFx z4lMpiC+51|7eV;{49e!%%}30iHs!wl_(uKp$9QxNM-R;oe}Zv)e>(sbIMH9lV|RRT zTS!KFGCz11bWJq0kq2YNUb~i%0#m+SySowXq9app$)7ky^E-f@>iJq&Bk#~XW!J_y z(>aV7IuVfPGZYsKt1gx#GqW#Sx}zJSy1tSNF|H8rT^l1`&>u;lVs8H0sv%2>Z)i-8 zk5}vx=MmVJO1sL1T}x@PfLZzzPY1zsbA#|e)saSRlTJK;YxBx2ur%b{!s-zL%MwX?4fpcm30=3)=0snupicP{*tUXgL7Q(rz9SLXXM2BOBW>@pRsX9jSnxYb>}I)3=AKm3=1fTRs?D95Mqzwqe0=p1H*wR4dO6;9WW{5Vg<19; zvPL#*k^GiTq7)VDx@@E4I)R{7Ec9r_XNmj zJ)tS%CSHwFX}qY^+vXb?GTiu)m1Sl0k$y$ppg!N++H+Fi{iWVsXUwGm@ec!Q@D`XF zzh9r3L{vtga@F4EC(rOt6ijrpQwNI&8}Xv*K3uRQZ$U1F$&h`jsPM&2k2R><0E`pQ zyZEr_*1AfCk8bnq{I4XFz1*IX;V1pJ#F$sw5B^oF&JRAX{-01j3}%`7$@T|(fx7?6 zn*Q<>-B{}YXpJd4GEVxb)L$rkz74dNd0~4T3hkJ)L#;$}2haM65BJ+@uai0g2KE}( zKzPO7vgQdaKt?ap$exVB2$dfrB@qTu#?1|oQZ7pG$GO)S$AZ(Z403G5^5wFHDgvrG zPXfmSyuNJyl?a3ZmY*v}8ZRVe-lxQ>g?zaBgwo{<4{{uVFPb|)>gDt_iHU*NXFhQI zwYgST6t56iC^#CAcA+RAa(~ue;$GaV)TmiVno03E2a2w3hG!17x7OQx`B9fCKp<WOrS zL1Ws(-*f!f^3{Y9aMQ|+{<7=(9>{-qVleG+Lo24q>O_bX&>HP|7MaM(X{5yXaAf*- z`V&0<S+p*v29Ev6Ax|PoTFsrb$diAY~0taNA^yh?M&NEsYpa35mUt+ zb`DXpqf`9iMtsFy*$UTa(VIeozd(ay@7*ntY((vXyM*aAB80H*(=TCS{ zh@_I@cb1Mr$q%st-II*dBjpf<~bQ4}@Ap4lu`5XI(h*uz44`sTQ?k z!|evXigZTkuQ^JQwh_Sb@Nu>@O5@XQ?+*j)SB>@-vg%VmMKW(2v)To8Ox@2`CMhdSbFws`4m2 zmMi-r1*yM^F7|S7;_g9vH@7^xkuErO6e&aF5nkEuBP zSYVKZEuRK?`DXgz>wP#j!}b&0qVMQor*QElVk|&M2$(1!7S`A2cCFD0BS+ct0Y}v< zx^s8Y%*NTB4)HMSv{+GvVan@!4p}Efy1Vm$hVK#a1z}Tj&$CsspnR4{Uy0wCAsY8j z@rlLJi%HB$6&*U3YS^V_dLfV$hIox?ZWD; z(fhlRFQp7Xtz}Dp~K9R43C-rP9#6;l2Q6^okOOM98oAELamokR{4`J1D2<) z$+n^-RLT7GA%CKqU?QWMhGhm3lbn)PlZF$_F7yE<@5+dQxjl!~c24o}QO9Kg797tc zU*5|#2%rHbCE&z^)8h54I{GrpZAoWAz6F&?Wb-m*WW*qcH5rGJ-88Q%>VekgL)gkX z->0qZJb`me7asnE8z=lPm?p#m#o&Ek8NVby`t+*1C4krbgNn)_BU}7ZN@@X=nx})Q z$S2Jgj<(-ojpR27?~~l*k~^5eO^}`i#$FtlG(Y!we@zm)uZS*%Cifw{DUyu)yQ;-q3$n-7-z#+vHbmz*A z^0dQo?DE>fw0Lz{vm`}6Nq6vI`ay~kx6g?^$OUB@s1WOf2=K%;Tw@fp` zS(7?M9?s)5?9HX&EDPGchpGn8p}YNu=kXcj0CMaphetJX_fc`h+3)tjg&ZvyKk5V<}Z3U#9#U+QM$O zEgbAdMt=pJQjO(3E)3BR+XhM$R`5FtmNf>aJ~S}mDZ6=As!8z0PMIFY)W@YJhd7eN zXc|vvdPjuePv*Ob2d#O_uZ%2{S#Mict$3h$R*A9_L{#_~K#Ln}@i>Wy1+vd3BV5s^ zGH6;;=24P|3VV{=pov%o%{yb|x1rqjkmb;yHc$;Av*hL8`?^u=3Viq#_!~@)&W$@H zeLRO=N)?1QGoGW4GM}FH5nM)*rRZ2rUG+L(Oav3#lW!ON;QK^y&u8Wo9p(7*?HZ>S zhma4i7Pmu*mR@um$9%L3Q49`KIG9?b1&>TDhkbB~-n?f^O{NZkS0i@2^7H*4fbDMI zkS*2vXzJgHJo&E-DgJBGV4OYDP%vv_ zPm-jV%USL;Zor50Rk25WNW2`$@0=@sJ&ERNLZwsLcYsY|BlBmf>@j#uj4C~ZeH5wD zhQh!mr)_VVANwSB8ktW6$6ZWqZ5#v}>q#?&37KGx^A6yMcB#-d4*I$pjq(~SmE=+%XM~$T&iM2UU9a(fm@OG$n&ntXJ+A{Q^Mxz(2g zU~WFs`NVp+fQ`|9`I4MapDNZP2pHvl%-hjau^dwYSs8ve z_I(UY`u4EF&`Lc-9bw!|0B;Ts4?_aPSW{tqN=X8v?(?BEV%sq);OZ|_Sh~;#&xhK)xl&NQ zwj8A`d(Wj|OUp1w*FYm49MW?FrEyQ3gg(L;FMPeaX))3%9LO|5&u8M9)H*Q|qTE9> zRL_P!Z!_s6r8hN#ic0HE%o(Hwzl)DX4t5HFm7&<~$3-Y&6fmQvrCt_W zi{;%LcB5&iSsUBfoN*^K8B<)x6ihAjp0W6SE^L3$Q3N=7yn5F(;4nHKhO3utKrX}N zNMW)(ETa<@^J@QN2Sgh$LF)Lx^`84Ym49Sd?JA8dh?w_4sm%(c<sj_pwn`06%&)d>xQRtf9G5luoU9s^*MX z^YmqJKOFVAo*(VnDtGC%a_nBtOF`;BvJVV~sKMmZK9 z#h46us4CIPUPo<(FRXFLrmD|W-UEvkCD>-?6zo>kD2tY#f!66K74RJxR43!{GPhhu-SYou0(H!SmrlR_~um|&k#{u-`M z1{K!5N-AFZ3S~~HdBG8d=>{gL112dw^YixHU3jHdm|mxL>%A$U#RHcNaCc~ydl)|q zG8f{}@KP|Su^8t1Nzp_?Qa`eoN`Y?V9I2@D(rx6QPWwc2Ws^SaR>}PXrj^((`$#%}8_X_S5;cHAa zn3)}2|8t3OVlY7c=)a2RRpE8Rs?`>U8R8XukNUr4q1|$|zMZ&vn%>J@Xb9Ua65`5x z+GiJ^k`slXm~x8i!c5x5!*?-spz+ToXnpDEt5fvrNc>4c?ciKVV(HSc3CEBD%5<*V z=YkT|4c636?Df7)J8?ukszk?A_e8_dM+M?XBQM!79c)AlD$ip_RgHnWh(5>au9h^G zYrrzjgJ|Ci)7el=706`$jlqwr+%aFjtUwE)+qf(a65$AVI>**pOF!#SYs5mRgc0w_ zK*n%np70uy;O)_e7QbgvH93_&Z4ZznJR*_BCX4-T;n+pOJ9lp60_)9qyGr z`Z)3xkV3i5DO;eww2((5Up|Cs9U^pg=5sfqH6G|^+_pOKoVhr&3znr`^Za|cbOiZlz}a|6u*Ob``1n3E07laj%&_Z?HC@+ppJ2FQL<%FqGt zNeWsaL(+;MY#O_SI0}IaD5mvPZ0{84+s+pLOsoE`mDh`M8<+M;afc@W7<+HgU0AZF zYKsCwJ*Yu&5=!0y`_5*ROlPfMrz(8XC;&G}yeE<`ESAH{yr$ge{KD2s7o4 z!b4DD(2HmneRLcf>f?8!?Zl>2Bu@!ZA@1*uiVIr`qmHAL@5U%N(%H!WlDz_5BCD|f zl4j4Q%kx95Vn%J%jhih%qrSIS$L7M>(1AMma*@{F;q4AOQ%4e1A!|9TnDoMBI%Fu5 zbaF(01MfF%5nb0k>v!Ls20=kZJc6BX36V^1#G@_Lwzlmk5!8`Ibuq z?>VR8)4-g5-z~xzzT9VAyrT$qP$pQB3JE7Ud3Jrcdetz?z3fH&lxn^vYBrKWzjK<= z?^sumT{Lbu!OM`=__%0}+U9pgRAcxuWNB+@{WUElgt4wO4E+3V_UnWrdWnA3t@**z zcbX8LZCer4>@)6Sme!yEYBI9kFG6YOHn~-ZqLTW2vW}h{=1`1fq#Ex4kI9s0;UP%v7##*HcXP#Zhh>z4KyQI&uDAjWM0LT|V&m<@@G7|S2Al=IdDZr`ofGM?<< zr?gsSC*B!SY9a71nMifQf#pC@2aBCw zG_#dh&1D+T%9h>q4Jf{{fC^UE3i3}O00HAlfYr+8*NEv1zZCtXhSLVAqnsnZl!e{f zl>eOC)bZDT*Foa`?x)5IbC)-}XA3 zEUg@Q+!;kId3l|s6a5VSytG)2{PwSkk+Am*W zRFG?L_)8z!O>y#NxFm4n4=@oTJPqeuK5$zzca^cIA9%>oG9ZwI5=gBiYjw3FUUV1O z-m!mcq4kSltW3y%U4sBjOKtKzAkTV~i?^013>2tD zvcY0Y;*n<<{WrH?ysuB$iHozu-0-W|!N_7}0@kA1qtEh%1#!qNQ*6a4G!A>6MsZ0i2@UO@IcqpqE+Bo#S(-8a#Gb6nRt&P=A#m}8m4 zvHX1waqv_FYa`6ylQ>b=JS$i^XeEq-kH8ry_RTRvnZuimZ+(N-uvVI^yQB#O{{WP? zez1b<5^H&y?XsVwB*$P27a=OMX}yFv6etl4pWKk9Ga(}n?qf6_L)f2MG)jd%r7NS! z9xkZZawLv?S$3!FtEFno7@g6(gN;qipBr&7V>h!F&I7+;7Qtf@^fQfLg;M`a`A({E zy>N{#qOAhWJ>7^qEpn!*{;L0*(luQU!XTiGXOC$2<uz7otHe2s`B4AEy$M&FnE z7KZd-td>C4^Jtj~Owrf9_jk1bl8Nz0RCn%ZU#7e+yyB#eAe$>uJ~kuxqMjRnP?F1& z-9<2P{Pp+aHRYZr$Nl}EJC|y?X2AnnAia^IT`@GacGOU^rIB7K@A8I)9 zzf?M7+cb6Mo;ft^o&-Gl0}SW<0X)L4K1`IjoIiaK&)BYxp-WJyXJ&TL;xA=xB6$Cf zp|&9$9uO-f+sM+2c6-7xa3r(&_tZaT1{~OJ7@VgBu;oVmb3)KVnvmlk%Zt6o@w}_% z9}53-5}5jVC#t$lwR04KT=87@hC#_Vjs(??_XhqV!n#ehS%})#XbP~PHZq3CFW#uf z-EBGSHX8|c%cPwMWu~xcUO36{)kvxl2TQrcy<}e)eS5cie7eFh9r2=VWJ2n@ZpLR^ z6U!jIu`+mQC-Squj^B^1g}+F7O;QpQNUoVlrTOw@!l2fl%U`ZFDBj+J$pHc(v9sqw qukt07we~7+ + + + + OpenSSL + Cryptography and SSL/TLS Toolkit + + diff --git a/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.css b/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.css new file mode 100644 index 0000000..e56d295 --- /dev/null +++ b/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.css @@ -0,0 +1,6 @@ +/* + ImageBox v1.3.0 + (c) Tobias Roeder + tobiasroeder.github.io/imagebox/license +*/ +body.imagebox{overflow:hidden}img[data-imagebox]{cursor:pointer}#imagebox{z-index:99992;position:fixed;top:0;right:0;bottom:0;left:0;background-color:rgba(0,0,0,.87);font-family:"Helvetica Neue","Helvetica",sans-serif}#imagebox *{margin:0;padding:0;box-sizing:border-box}#imagebox .ib-loading{z-index:2;position:fixed;top:50%;left:50%;-webkit-animation:ibLoading 1s linear infinite;animation:ibLoading 1s linear infinite;border:3px solid #f3f3f3;border-top:3px solid #555;border-radius:50%;width:30px;height:30px}#imagebox .ib-content{z-index:99994;background-color:transparent;position:relative;width:100%;height:100%}#imagebox .ib-content .ib-topbar{z-index:99996;position:fixed;top:0;right:0;width:100%;display:flex;justify-content:space-between}#imagebox .ib-content .ib-topbar .ib-indexes{color:#a8a8a8;font-size:1em;align-items:center;padding:10px;width:100%}#imagebox .ib-content .ib-topbar .ib-buttons{display:flex;justify-content:flex-end;flex-flow:row nowrap;width:100%}#imagebox .ib-content .ib-topbar .ib-buttons .ib-button{width:41px;height:41px;background:#858585 no-repeat center center;background-size:21px 21px;cursor:pointer;transition:ease-in-out .2s;text-align:center}#imagebox .ib-content .ib-topbar .ib-buttons .ib-button:hover{background-color:#a8a8a8}#imagebox .ib-content .ib-topbar .ib-buttons .ib-button.ib-close{background-image:url(data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiA/PjwhRE9DVFlQRSBzdmcgIFBVQkxJQyAnLS8vVzNDLy9EVEQgU1ZHIDEuMS8vRU4nICAnaHR0cDovL3d3dy53My5vcmcvR3JhcGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEuZHRkJz48c3ZnIGVuYWJsZS1iYWNrZ3JvdW5kPSJuZXcgMCAwIDMyIDMyIiBoZWlnaHQ9IjMycHgiIGlkPSLQodC70L7QuV8xIiB2ZXJzaW9uPSIxLjEiIHZpZXdCb3g9IjAgMCAzMiAzMiIgd2lkdGg9IjMycHgiIHhtbDpzcGFjZT0icHJlc2VydmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGxpbmsiPjxwYXRoIGQ9Ik0xNy40NTksMTYuMDE0bDguMjM5LTguMTk0YzAuMzk1LTAuMzkxLDAuMzk1LTEuMDI0LDAtMS40MTRjLTAuMzk0LTAuMzkxLTEuMDM0LTAuMzkxLTEuNDI4LDAgIGwtOC4yMzIsOC4xODdMNy43Myw2LjI4NGMtMC4zOTQtMC4zOTUtMS4wMzQtMC4zOTUtMS40MjgsMGMtMC4zOTQsMC4zOTYtMC4zOTQsMS4wMzcsMCwxLjQzMmw4LjMwMiw4LjMwM2wtOC4zMzIsOC4yODYgIGMtMC4zOTQsMC4zOTEtMC4zOTQsMS4wMjQsMCwxLjQxNGMwLjM5NCwwLjM5MSwxLjAzNCwwLjM5MSwxLjQyOCwwbDguMzI1LTguMjc5bDguMjc1LDguMjc2YzAuMzk0LDAuMzk1LDEuMDM0LDAuMzk1LDEuNDI4LDAgIGMwLjM5NC0wLjM5NiwwLjM5NC0xLjAzNywwLTEuNDMyTDE3LjQ1OSwxNi4wMTR6IiBmaWxsPSIjZmZmZmZmIiBpZD0iQ2xvc2UiLz48Zy8+PGcvPjxnLz48Zy8+PGcvPjxnLz48L3N2Zz4=);right:0}#imagebox .ib-content .ib-image-wrapper{opacity:0;z-index:99995;position:fixed;top:0;right:0;bottom:0;left:0;transition:opacity .6s;width:-webkit-fit-content;width:-moz-fit-content;width:fit-content}#imagebox .ib-content .ib-image-wrapper img.ib-image{z-index:99995;position:fixed;top:50%;left:50%;transform:translate(-50%, -50%);max-width:100vw;max-height:100vh;min-width:48px;min-height:48px;-o-object-fit:contain;object-fit:contain;transition:ease-in-out .6s;display:block}#imagebox .ib-content .ib-image-wrapper img.ib-hidden{opacity:0}#imagebox .ib-content .ib-image-wrapper img.ibFadeOut{animation:ibFadeOut .6s forwards}#imagebox .ib-content .ib-image-wrapper img.ibFadeIn{animation:ibFadeIn .6s forwards}#imagebox .ib-content .ib-control div{z-index:99996;position:fixed;top:50%;transform:translateY(-50%);background-color:#858585;background-size:32px 32px;background-position:center;background-repeat:no-repeat;padding:32px 20px;cursor:pointer;transition:ease-in-out .4s}#imagebox .ib-content .ib-control div[disabled]{cursor:default;background-color:#3d3d3d;box-shadow:none;pointer-events:none}#imagebox .ib-content .ib-control .ib-control-left{left:0;border-radius:0 3px 3px 0;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAHlBMVEUAAAD///////////////////////////////////8kfJuVAAAACXRSTlMAFRqzwcvM0tm5QgwQAAAAK0lEQVR4AWMYtoCJlRm/PAcnCwF5dsZhLM/ABpKnSAETxwhTwUI4yQ0zAAD12gHrZ1kh5AAAAABJRU5ErkJggg==);box-shadow:2px 0 16px rgba(0,0,0,.5)}#imagebox .ib-content .ib-control .ib-control-right{right:0;border-radius:3px 0 0 3px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAAHlBMVEUAAAD///////////////////////////////////8kfJuVAAAACXRSTlMAFhq+w8bM1dlMuAVXAAAAKklEQVR4AWMYdoCZlRG/AjZOdvwqmDhGmAoWchUgrBie8ogEQzDJDVMAAPJZAelGeIG8AAAAAElFTkSuQmCC);box-shadow:-2px 0 16px rgba(0,0,0,.5)}#imagebox .ib-content .ib-caption{z-index:99996;position:fixed;bottom:0;display:none;padding:60px;color:#fff;font-size:1.2em;box-sizing:border-box;width:100%;background:linear-gradient(rgba(0, 0, 0, 0), #222)}#imagebox .ib-content .ib-caption.location::before{z-index:99996;position:fixed;content:"";width:1.2em;height:1.2em;margin-left:-28px;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAACXBIWXMAAAsTAAALEwEAmpwYAAAB+UlEQVRYhcWWPUscURSGzwSjIJqoiPEDrVQMpBFtFFKZIoLC2thZi41NersUJr9BEUwVCKRQBMUVhAgWgVSSRkUWFPwOARWNPCm8gWF3zuy5O7PmLe/c8z7PZXeYG4hHgCYRyYjIiIj0iEiLe3QkIj9FZElEvgZBcOzTawHXAx+Ba4rnGvgA1KcF7wdyBnB+ckBfUvgb46m1XAFDpcK7gYsE8H85B7pKEdgqUnwAbADb7qRx+eYLH4sp2wFe5+2vBmaA25i5jI9AVin5AlTFzPUCv5XZdSu8AbiLKDjE8GoBk4rAnWVegGGlYMp0goeOHaXjbf7eJxHzbUrvmlVARLLKekF3lECDMnzmIXCirNdZBC6U4RZlPSqtynrOIlCwyWXUQgYqRKTgt3bZsxTUEv0+/wLaDfMzyh/wBqi1HEKAFaVkE2iMmRtR5AEWTXBXNKSUABwDE0B1aH8nMB8zAzBgFnCly0UKb3n4HpwW2Qew4gV3Ai/caZPmBGj2FnASmRQExkqChyTmEsAXEsGdQA2wWwJ8H3iWWMBJDAJ/POD35N0Z0pB47yEwmyrcCTwFvhvgP4DK1AWcxEvi7383wKuywEMS0zEC78oKdwIBsBoBzwJB2QWcRCtwFoJfAh2PAg9JjIcEJh4VHpL4BHz+L3An8BzQ7pCm/AXwpqsk2iQyUAAAAABJRU5ErkJggg==);background-size:1.2em 1.2em}@-webkit-keyframes ibLoading{0%{-webkit-transform:rotate(0deg);-webkit-transform:translate(-50%, -50%)}100%{-webkit-transform:rotate(360deg);-webkit-transform:translate(-50%, -50%)}}@keyframes ibLoading{0%{transform:translate(-50%, -50%) rotate(0deg)}100%{transform:translate(-50%, -50%) rotate(360deg)}}@media screen and (max-width: 720px){#imagebox .ib-content .ib-description{padding:45px}}@keyframes ibFadeIn{from{opacity:0}to{opacity:1}}@keyframes ibFadeOut{from{opacity:1}to{opacity:0}} diff --git a/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.js b/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.js new file mode 100644 index 0000000..2eb6ded --- /dev/null +++ b/roles/stable/openssl_certificates/files/ca/vendor/imagebox.min.js @@ -0,0 +1,6 @@ +/* + ImageBox v1.3.0 + (c) Tobias Roeder + tobiasroeder.github.io/imagebox/license +*/ +var $jscomp = $jscomp || {}; $jscomp.scope = {}, $jscomp.createTemplateTagFirstArg = function (e) { return e.raw = e }, $jscomp.createTemplateTagFirstArgWithRaw = function (e, t) { return e.raw = t, e }; var imagebox = { init: function () { imagebox.settings.info && console.log("%cImageBox v1.3.0\nhttps://tobiasroeder.github.io/imagebox", "color:#39c"), imagebox.settings.keyControls && (window.onkeyup = function (e) { if (document.body.classList.contains("imagebox")) switch (e.keyCode) { case 27: imagebox.close(); break; case 37: (e = document.querySelector(".ib-control-left")) && e.click(); break; case 39: (e = document.querySelector(".ib-control-right")) && e.click() } }), imagebox.finder() }, galleryNames: [], galleries: [], finder: function () { document.querySelectorAll("img[data-imagebox]").forEach((function (e) { var t = e.dataset.imagebox; e.setAttribute("onclick", "imagebox.open(this)"), "" !== t && (imagebox.galleryNames.includes(t) || imagebox.galleryNames.push(t)) })), imagebox.galleryNames.forEach((function (e) { e = document.querySelectorAll('[data-imagebox="' + e + '"]'), imagebox.galleries.push(e) })), imagebox.galleries.forEach((function (e, t) { e.forEach((function (e, i) { e.setAttribute("data-imagebox-image-index", i), e.setAttribute("data-imagebox-gallery-index", t) })) })) }, settings: { info: !1, swipeToChange: !0, swipeToClose: !0, keyControls: !0, closeEverywhere: !0 }, options: function (e) { var t = void 0 === e.swipeToChange || e.swipeToChange, i = void 0 === e.swipeToClose || e.swipeToClose, o = void 0 === e.keyControls || e.keyControls, a = void 0 === e.closeEverywhere || e.closeEverywhere; imagebox.settings.info = void 0 !== e.info && e.info, imagebox.settings.swipeToChange = t, imagebox.settings.swipeToClose = i, imagebox.settings.keyControls = o, imagebox.settings.closeEverywhere = a }, open: function (e) { var t, i = !0, o = e.dataset.imagebox; "image" !== o && "" !== o || (i = !1), o = null, document.body.classList.add("imagebox"), null == document.querySelector("#imagebox") && ((o = document.createElement("div")).setAttribute("id", "imagebox"), o.setAttribute("class", "ib-remove"), document.body.appendChild(o)), o = null != (t = e.dataset.imageboxSrc) ? t : e.src, t = document.querySelector("#imagebox"); var a = "", n = "", c = "", s = ""; if (i) { n = parseInt(e.dataset.imageboxImageIndex), a = parseInt(e.dataset.imageboxGalleryIndex); var r = "", l = ""; 0 == n && (r = "disabled"), n == (c = imagebox.galleries[a].length) - 1 && (l = "disabled"), a = '

\n\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
", n = '
\n\t\t\t\t\t' + (n + 1) + ' / ' + c + "\n\t\t\t\t
", c = '' } else imagebox.settings.closeEverywhere && (s = ' onclick="imagebox.close(this)"'); t.innerHTML = '
\n\t\t\t
\n\t\t\t\t
' + n + '\n\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t' + a + '\n\t\t\t\t
\n\t\t\t\t\t\n\t\t\t\t\t' + c + '\n\t\t\t\t
\n\t\t\t\t
Lorem Ipsum
\n\t\t\t
', imagebox.caption(e), imagebox.fade.in(t), document.querySelector("#imagebox .ib-image").onload = function () { document.querySelector("#imagebox .ib-loading").style.opacity = "0", document.querySelector("#imagebox .ib-image-wrapper").style.opacity = "1" }, imagebox.swipe(document.querySelector("#imagebox .ib-content"), i) }, close: function () { document.body.classList.remove("imagebox"); var e = document.querySelector("#imagebox"); e.classList.remove("ib-remove"), imagebox.fade.out(e) }, change: function (e, t, i) { var o = document.querySelector("#imagebox .ib-loading"), a = imagebox.galleries[t].length, n = document.querySelector("img[data-imagebox-image-index='" + e + "'][data-imagebox-gallery-index='" + t + "']"), c = document.querySelector("#imagebox .ib-control-left"), s = document.querySelector("#imagebox .ib-control-right"), r = document.querySelector("#imagebox .ib-current-index"); o.style.opacity = "1", "prev" == i && (0 == e && c.setAttribute("disabled", ""), s.removeAttribute("disabled")), "next" == i && (e == a - 1 && s.setAttribute("disabled", ""), c.removeAttribute("disabled")), c.setAttribute("onclick", "imagebox.prev(" + e + ", " + t + ")"), s.setAttribute("onclick", "imagebox.next(" + e + ", " + t + ")"), r.innerText = e + 1; var l, m = document.querySelector("#imagebox .ib-image-next"), b = document.querySelector("#imagebox .ib-image-current"); b.classList.add("ibFadeOut"), m.src = null != (l = n.dataset.imageboxSrc) ? l : n.src, imagebox.caption(n), m.onload = function () { m.classList.add("ibFadeIn"), o.style.opacity = 0, setTimeout((function () { b.className = "ib-image ib-hidden ib-image-next", b.src = "", m.className = "ib-image ib-image-current" }), 600) } }, prev: function (e, t) { 0 != e && (e = 0 >= e ? e = 0 : e - 1, imagebox.change(e, t, "prev")) }, next: function (e, t) { var i = imagebox.galleries[t].length - 1; e != i && (e = e >= i ? e = i : e + 1, imagebox.change(e, t, "next")) }, caption: function (e) { e = e.getAttribute("data-imagebox-caption"); var t = document.querySelector("#imagebox .ib-caption"); (t.textContent = e) ? (-1 < e.indexOf("{loc}") ? (t.classList.add("location"), e = e.replace(/{loc}/, ""), t.textContent = e) : t.classList.remove("location"), t.style.display = "block") : t.style.display = "none" }, swipe: function (e, t) { e && (e.ontouchstart = function (i) { var o = i.layerX, a = i.layerY; e.ontouchend = function (e) { var i = o - e.layerX; e = a - e.layerY; var n = window.innerWidth / 10, c = window.innerHeight / 10; imagebox.settings.swipeToClose && (e >= c || e <= -c) && imagebox.close(), t && imagebox.settings.swipeToChange && (i >= n && document.querySelector("#imagebox .ib-control-right").click(), i <= -n && document.querySelector("#imagebox .ib-control-left").click()) } }) }, fade: { duration: .1, out: function (e, t, i) { t = void 0 !== t && t, e.style.opacity = 1, function o() { var a = parseFloat(e.style.opacity); 0 > (a -= imagebox.fade.duration) ? (i && i(), t && document.querySelector("#imagebox .ib-image-wrapper").removeChild(e), e.style.display = "none") : (e.style.opacity = a, requestAnimationFrame(o)) }() }, in: function (e, t) { e.style.opacity = 0, e.style.display = "block", function i() { var o = parseFloat(e.style.opacity); 1 < (o += imagebox.fade.duration) ? t && t() : (e.style.opacity = o, requestAnimationFrame(i)) }() } } }; window.onload = imagebox.init; diff --git a/roles/stable/openssl_certificates/tasks/authority.yml b/roles/stable/openssl_certificates/tasks/authority.yml new file mode 100644 index 0000000..09d0949 --- /dev/null +++ b/roles/stable/openssl_certificates/tasks/authority.yml @@ -0,0 +1,44 @@ +--- +- name: Install openssl + apt: + update_cache: yes + state: present + pkg: + - openssl + +- name: Make certificates directory + file: + path: "{{ ca_cert_dir }}" + state: directory + +- name: Certification Authority - Check if the private key is already present + stat: + path: "{{ ca_cert_dir }}/{{ ca_cert_name }}.key" + register: ca_cert_key + +- name: Certification Authority - Generate the CA private key + shell: openssl genrsa -des3 -passout pass:"{{ ca_cert_key_pass }}" -out {{ ca_cert_name }}.key 4096 + args: + chdir: "{{ ca_cert_dir }}" + when: not ca_cert_key.stat.exists + +- name: Certification Authority - Check if the CA root certificate is already presentt + stat: + path: "{{ ca_cert_dir }}/{{ ca_cert_name }}.pem" + register: ca_cert_pem + +- name: Certification Authority - Generate the CA root configuration file + template: + src: authority.conf.j2 + dest: "{{ ca_cert_dir }}/{{ ca_cert_name }}.conf" + when: not ca_cert_pem.stat.exists + +- name: Certification Authority - Generate the CA root certificate + shell: openssl req -x509 -new -nodes \ + -key {{ ca_cert_name }}.key \ + -passin pass:"{{ ca_cert_key_pass }}" \ + -sha256 -days {{ ca_cert_days }} -out {{ ca_cert_name }}.pem \ + -config {{ ca_cert_name }}.conf + args: + chdir: "{{ ca_cert_dir }}" + when: not ca_cert_pem.stat.exists diff --git a/roles/stable/openssl_certificates/tasks/authority_webserver.yml b/roles/stable/openssl_certificates/tasks/authority_webserver.yml new file mode 100644 index 0000000..0a2d703 --- /dev/null +++ b/roles/stable/openssl_certificates/tasks/authority_webserver.yml @@ -0,0 +1,42 @@ +--- +- name: Certification Authority - Webserver - Create static_service root + file: + path: /home/antennine/ca/certs + state: directory + +- name: Certification Authority - Webserver - Copy certificates to webserver dir + copy: + src: /etc/certs/{{ ca_cert_name }}.pem + dest: /home/antennine/ca/certs/ + remote_src: true + +- name: Certification Authority - Webserver - Create sha1 fingerprint + shell: openssl x509 -sha1 -in {{ ca_cert_dir }}/{{ ca_cert_name }}.pem -noout -fingerprint + register: ca_cert_sha1 + +# - name: Certification Authority - Webserver - Convert certificate in format DER +# shell: openssl x509 -in {{ ca_cert_name }}.pem -inform pem -out {{ ca_cert_name }}.der -outform der +# register: ca_cert_der + +# - name: Certification Authority - Webserver - Convert certificate in format TXT +# shell: +# register: ca_cert_txt + +# - name: Certification Authority - Webserver - Create certificate revocation list CRL +# shell: +# register: ca_cert_crl + +- name: Certification Authority - Webserver - Generate index.html + template: + src: authority.html.j2 + dest: "/home/antennine/ca/index.html" + +- name: Certification Authority - Webserver - Copy files + copy: + src: ./ca/ + dest: /home/antennine/ca/ + +- name: Certification Authority - Webserver - Webserver + include_role: + name: ../roles/stable/nginx + tasks_from: main diff --git a/roles/stable/openssl_certificates/tasks/main.yml b/roles/stable/openssl_certificates/tasks/main.yml new file mode 100644 index 0000000..bfbedbd --- /dev/null +++ b/roles/stable/openssl_certificates/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- name: Certification Authority + include_tasks: authority.yml + when: not skip_certification_authority + +- name: Server Certificate + include_tasks: server.yml + when: not skip_server_certificate + +- name: Certification Authority - Webserver + include_tasks: authority_webserver.yml + when: not skip_certification_authority_webserver + +- name: Server Certificate - Webserver + include_tasks: server_webserver.yml + when: not skip_server_certificate_webserver diff --git a/roles/stable/openssl_certificates/tasks/server.yml b/roles/stable/openssl_certificates/tasks/server.yml new file mode 100644 index 0000000..9a2f801 --- /dev/null +++ b/roles/stable/openssl_certificates/tasks/server.yml @@ -0,0 +1,42 @@ +--- +- name: Server Certificate - Make certificates directory + file: + path: "{{ server_cert_dir }}" + state: directory + +- name: Server Certificate - Check if private key is already present + stat: + path: "{{ server_cert_dir }}/{{ server_cert_name }}.key" + register: server_cert_key + +- name: Server Certificate - Generate the private key + shell: openssl genrsa -out {{ server_cert_name }}.key 4096 + args: + chdir: "{{ server_cert_dir }}" + when: not server_cert_key.stat.exists + +- name: Server Certificate - Generate the server configuration file + template: + src: server.conf.j2 + dest: "{{ server_cert_dir }}/{{ server_cert_name }}.conf" + +- name: Server Certificate - Create the certificate signin request + shell: openssl req -new -key {{ server_cert_name }}.key -days {{ server_cert_days }} -out {{ server_cert_name }}.csr -config {{ server_cert_name }}.conf + args: + chdir: "{{ server_cert_dir }}" + +- name: Server Certificate - Create the X509 V3 extension config file to define SAN + template: + src: server.ext.j2 + dest: "{{ server_cert_dir }}/{{ server_cert_name }}.ext" + +- name: Server Certificate - Sign the certificate with x509 V3 extensions + shell: openssl x509 -req \ + -in {{ server_cert_name }}.csr \ + -CA {{ ca_cert_dir }}/{{ ca_cert_name }}.pem -CAkey {{ ca_cert_dir }}/{{ ca_cert_name }}.key -CAcreateserial \ + -passin pass:"{{ ca_cert_key_pass }}" \ + -out {{ server_cert_name }}.crt \ + -days {{ server_cert_days }} -sha256 \ + -extfile {{ server_cert_name }}.ext + args: + chdir: "{{ server_cert_dir }}" diff --git a/roles/stable/openssl_certificates/tasks/server_webserver.yml b/roles/stable/openssl_certificates/tasks/server_webserver.yml new file mode 100644 index 0000000..d591adc --- /dev/null +++ b/roles/stable/openssl_certificates/tasks/server_webserver.yml @@ -0,0 +1,20 @@ +--- +- name: Server Certificate - Webserver - Ensure webserver certs dir exists + file: + path: /etc/nginx/certs/{{ server_cert_name }}/ + state: directory + +- name: Server Certificate - Webserver - Copy server key + copy: + src: /etc/certs/{{ server_cert_name }}/{{ server_cert_name }}.key + dest: /etc/nginx/certs/{{ server_cert_name }}/ + remote_src: true + +- name: Server Certificate - Webserver - Copy server certificate + copy: + src: /etc/certs/{{ server_cert_name }}/{{ server_cert_name }}.crt + dest: /etc/nginx/certs/{{ server_cert_name }}/ + remote_src: true + +- name: Server Certificate - Webserver - Restart Nginx + shell: systemctl restart nginx diff --git a/roles/stable/openssl_certificates/templates/authority.conf.j2 b/roles/stable/openssl_certificates/templates/authority.conf.j2 new file mode 100644 index 0000000..6451af0 --- /dev/null +++ b/roles/stable/openssl_certificates/templates/authority.conf.j2 @@ -0,0 +1,14 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C = {{ ca_distinguished_name['C'] }} +ST = {{ ca_distinguished_name['ST'] }} +L = {{ ca_distinguished_name['L'] }} +O = {{ ca_distinguished_name['O'] }} +OU = {{ ca_distinguished_name['OU'] }} +emailAddress = {{ ca_distinguished_name['emailAddress'] }} +CN = {{ ca_distinguished_name['CN'] }} diff --git a/roles/stable/openssl_certificates/templates/authority.html.j2 b/roles/stable/openssl_certificates/templates/authority.html.j2 new file mode 100644 index 0000000..8e0de57 --- /dev/null +++ b/roles/stable/openssl_certificates/templates/authority.html.j2 @@ -0,0 +1,140 @@ + + + + + + Certificati di Antennine + + + + + + + + + Openssl logo + +
+
+ +

Certificati di {{ ca_distinguished_name['O'] }}

+
+ +
+

In questa pagina si trovano i certificati e le informazioni riguardanti la + Certification Authority di {{ ca_distinguished_name['O'] }}.

+ +

Il certificato è disponibile: +

    + +
  • in formato PEM
    • + +
+ + +
+ +

Verifica

+
+

Dopo aver scaricato il certificato, verificare la fingerprint tramite il comando di openssl:

+ $ openssl x509 -sha1 -in {{ ca_cert_name }}.pem -noout -fingerprint +

Che deve resitituire questo risultato:

+ {{ ca_cert_sha1.stdout }} +
+ +

Installazione su sistema Linux

+
+
+
+

Firefox

+

Andare in about:preferences#privacy

+

Ed importare il certificato nella sezione Authorities

+
+ Screenshot installazione su Firefox + +
+ +
+
+

Chromium

+

Andare in chrome://settings/certificates

+

Ed importare il certificato nella sezione Authorities

+
+ Screenshot installazione su Chromium +
+ +
+

Linux system-wide (Debian, Ubuntu)

+

Per installare la CA system-wide su Linux usare i seguenti passi:

+ +

Mettere una copia del certificato in formato PEM in /usr/share/ca-certificates/

+ # cp ~/Downloads/antennineCA.pem /usr/share/ca-certificates/ +

Aggiungere il nome del file del certificato (senza directory) alla fine di /etc/ca-certificates.conf

+ # echo {{ ca_cert_name }}.pem >> /etc/ca-certificates.conf +

Installare il certificato

+ # update-ca-certificates --verbose +
+
+ +

Installazione su sistema Android

+

Nota: su Android è necessario installare la CA su tutto il sistema (system-wide).

+

Firefox inoltre richiede di abilitare l'utilizzo dei certificati installati dall'utente.

+ +
+
+
+

Android system-wide

+

Andare in Settings e ricercare la sezione dei certificati

+

Installare il certificato che verrà inserito nella sezione User e non System

+

Ora sui browsers Chrome, Brave, ecc. sarà possibile navigare col protocollo sicuro https://

+
+
+ Screenshot installazione su Android + Screenshot installazione su Android +
+
+ +
+
+

Firefox

+

Andare in Settings e poi in About Firefox

+

Toccare 7 volte il logo di Firefox per abilitare i Secret Settings

+

Andare in Settings e poi in Secret Settings, e abilitare Use third party CA certificates

+
+
+ Screenshot installazione su Firefox Android + Screenshot installazione su Firefox Android +
+
+ +
+

Firefox Beta, Firefox Nightly, IceCatMobile

+

In altre versioni derivate da Firefox ricercare about:config

+

Andare in about:config e impostare:

+

security.enterprise_roots.enabled = true

+
+
+
+ + diff --git a/roles/stable/openssl_certificates/templates/server.conf.j2 b/roles/stable/openssl_certificates/templates/server.conf.j2 new file mode 100644 index 0000000..8cb021e --- /dev/null +++ b/roles/stable/openssl_certificates/templates/server.conf.j2 @@ -0,0 +1,14 @@ +[req] +default_bits = 4096 +prompt = no +default_md = sha256 +distinguished_name = dn + +[dn] +C = {{ server_distinguished_name['C'] }} +ST = {{ server_distinguished_name['ST'] }} +L = {{ server_distinguished_name['L'] }} +O = {{ server_distinguished_name['O'] }} +OU = {{ server_distinguished_name['OU'] }} +emailAddress = {{ server_distinguished_name['emailAddress'] }} +CN = {{ server_distinguished_name['CN'] }} diff --git a/roles/stable/openssl_certificates/templates/server.ext.j2 b/roles/stable/openssl_certificates/templates/server.ext.j2 new file mode 100644 index 0000000..7ec9b2e --- /dev/null +++ b/roles/stable/openssl_certificates/templates/server.ext.j2 @@ -0,0 +1,26 @@ +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment +subjectAltName = @alt_names + +[alt_names] +DNS.1 = ada + +# wildcard +DNS.2 = test.ada +DNS.3 = *.test.ada +DNS.4 = infra.ada +DNS.5 = *.infra.ada + +# common +DNS.6 = info.ada +DNS.7 = doc.ada +DNS.8 = ca.ada + +# network +DNS.9 = panorama.ada +DNS.10 = mappe.ada +DNS.11 = librespeed.ada +DNS.12 = nodi.ada +DNS.13 = torrent.ada +DNS.14 = firmware.ada diff --git a/roles/stable/openssl_certificates/vars/main.yml b/roles/stable/openssl_certificates/vars/main.yml new file mode 100644 index 0000000..44ebf6a --- /dev/null +++ b/roles/stable/openssl_certificates/vars/main.yml @@ -0,0 +1,36 @@ +skip_certification_authority: false +skip_certification_authority_webserver: false +skip_server_certificate: false +skip_server_certificate_webserver: false + +ca_cert_dir: /etc/certs/ +ca_cert_name: antennineCA +ca_cert_days: 3650 # ten years +ca_cert_key_pass: "{{ lookup('passwordstore', 'chiavi_antennine/openssl/antennineCA.key', errors='strict') | default(omit) }}" +ca_distinguished_name: + C: IT + ST: Emilia-Romagna + L: Prunarolo + O: Antennine + OU: antennine.noblogs.org + emailAddress: eno@burdig.one + CN: Antennine CA + +with_ssl: true +static_services: + - ca: + server_name: ca.ada + server_root: /home/antennine/ca/ + +server_cert_dir: /etc/certs/ada +server_cert_name: ada +server_cert_days: 1095 # 3 years +server_cert_key_pass: "{{ lookup('passwordstore', 'chiavi_antennine/openssl/ada.key', errors='strict') | default(omit) }}" +server_distinguished_name: + C: IT + ST: Emilia-Romagna + L: Prunarolo + O: Antennine + OU: antennine.noblogs.org + emailAddress: eno@burdig.one + CN: Ada diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml new file mode 100644 index 0000000..6df596f --- /dev/null +++ b/roles/wireguard/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: Install Wireguard + become: yes + package: + name: wireguard + state: present + +- name: mkdir -p /etc/wireguard/keys + file: + path: /etc/wireguard/keys + state: directory + +- name: Check keys are created + stat: + path: /etc/wireguard/keys/privatekey + register: wireguard_skip_key_generation + +- name: umask 077 + shell: umask 077 + args: + chdir: /etc/wireguard/keys + when: not wireguard_skip_key_generation.stat.exists + +- name: Creating client privatekey and publickey + shell: wg genkey | tee privatekey | wg pubkey > publickey + args: + chdir: /etc/wireguard/keys + when: not wireguard_skip_key_generation.stat.exists + +- name: cat privatekey => var_privatekey + shell: cat privatekey + register: var_privatekey + args: + chdir: /etc/wireguard/keys + +- name: Creating /etc/wireguard/wg0.conf + template: + src: client_wg0.j2 + dest: /etc/wireguard/wg0.conf + +- name: Starting wg service + systemd: + state: started + name: wg-quick@wg0 + enabled: yes + +- name: cat publickey => var_publickey + shell: cat publickey + register: var_publickey + args: + chdir: /etc/wireguard/keys + +- name: Make sure Wireguard Service is running + become: yes + service: + name: wg-quick@wg0 + state: started + enabled: yes diff --git a/roles/wireguard/tasks/server.yml b/roles/wireguard/tasks/server.yml new file mode 100644 index 0000000..0daf8f6 --- /dev/null +++ b/roles/wireguard/tasks/server.yml @@ -0,0 +1,8 @@ +--- +- name: Make sure Wireguard Service is running + become: yes + service: + name: wg-quick@wg0 + state: started + enabled: yes + # delegate_to: "{{ hostvars['jitsi'].inventory_hostname }}" diff --git a/roles/wireguard/templates/client_wg0.j2 b/roles/wireguard/templates/client_wg0.j2 new file mode 100644 index 0000000..32487af --- /dev/null +++ b/roles/wireguard/templates/client_wg0.j2 @@ -0,0 +1,11 @@ +[Interface] +Address = {{ wireguard_client_ip }} +PrivateKey = {{ var_privatekey.stdout }} +ListenPort = {{ wireguard_client_wg0_port }} +DNS = {{ wireguard_dns }} + +[Peer] +PublicKey = {{ wireguard_server_PublicKey }} +Endpoint = {{ wireguard_server_public_ip }}:{{ wireguard_server_wg0_port }} +AllowedIPs = {{ wireguard_client_AllowedIPs }} +PersistentKeepalive = 25 diff --git a/vars/belvederi.yml b/vars/belvederi.yml new file mode 100644 index 0000000..9062178 --- /dev/null +++ b/vars/belvederi.yml @@ -0,0 +1,12 @@ +--- +with_certbot: false +with_distributed_certificates: true +# certbot_email: +reverse_services: + - info: + server_name: info.ada + proxy_pass: https://info.ada + + - doc: + server_name: doc.ada + proxy_pass: https://doc.ada diff --git a/vars/build/_h5ai.yml b/vars/build/_h5ai.yml new file mode 100644 index 0000000..23a19d0 --- /dev/null +++ b/vars/build/_h5ai.yml @@ -0,0 +1,12 @@ +--- +fpm_services: + - firmware.test.ada: + server_name: firmware.test.ada + root: /opt/openwrt-lime-firmware_test + custom_config: " + index /_h5ai/public/index.php; + + location /_h5ai/private { + return 403; + } + " diff --git a/vars/build/dev_test.yml b/vars/build/dev_test.yml new file mode 100644 index 0000000..0aa3f9f --- /dev/null +++ b/vars/build/dev_test.yml @@ -0,0 +1,44 @@ +--- +openwrt_version: "{{openwrt_release['old_stable']}}" +libremesh_version: "librerouteros" +libremesh_profile: valsamoggia.ninux.org +libremesh_profile_device: vs-ninux-generic + +skip_preflight: false +skip_openwrt_install: false +skip_libremesh_install: false +skip_configure_profiles: false +skip_configure_clean: true +skip_webserver_update: false + +with_wireguard: true + +# webserver index +webui_path: /opt/openwrt-lime-firmware_test + +# openwrt +openwrt_build_user: "antennine" +openwrt_dir: "/home/antennine/openwrt/test" +openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}" +openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}" +openwrt_version_tag: "v{{openwrt_version}}" +openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}" + +# libremesh +libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}" +libremesh_feeds: | + src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }} + src-git profiles https://github.com/libremesh/network-profiles.git + +# libremesh_version: "librerouteros" +# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737" +# libremesh_version: "v2020.1" + +ip_network: "10.170" +ip_netmask: "/16" + +vpn_wg0_network: "192.168" +vpn_wg0_netmask: "/16" + +default_vpn_wg0_listenport: 51800 +default_channel_5ghz: 48 diff --git a/vars/build/main.yml b/vars/build/main.yml new file mode 100644 index 0000000..bd9fda4 --- /dev/null +++ b/vars/build/main.yml @@ -0,0 +1,45 @@ +--- +openwrt_version: "21.02.3" +libremesh_version: "librerouteros" +libremesh_profile: valsamoggia.ninux.org +libremesh_profile_device: vs-ninux-generic + +skip_preflight: false +skip_openwrt_install: false +skip_libremesh_install: false +skip_configure_profiles: false +skip_configure_clean: false +skip_webserver_update: false + +with_wireguard: true +with_luci: false + +# webserver index +webui_path: /opt/openwrt-lime-firmware_test + +# openwrt +openwrt_build_user: "antennine" +openwrt_dir: "/home/antennine/openwrt/test" +openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}" +openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}" +openwrt_version_tag: "v{{openwrt_version}}" +openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}" + +# libremesh +libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}" +libremesh_feeds: | + src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }} + src-git profiles https://github.com/libremesh/network-profiles.git + +# libremesh_version: "librerouteros" +# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737" +# libremesh_version: "v2020.1" + +ip_network: "10.170" +ip_netmask: "/16" + +vpn_wg0_network: "192.168" +vpn_wg0_netmask: "/16" + +default_vpn_wg0_listenport: 51800 +default_channel_5ghz: 48 diff --git a/vars/build/openwrt.yml b/vars/build/openwrt.yml new file mode 100644 index 0000000..e9c1f93 --- /dev/null +++ b/vars/build/openwrt.yml @@ -0,0 +1,7 @@ +openwrt_release: + stable: 22.03.2 # 17. October 2022 + old_stable: 21.02.5 # 17. October 2022 + +openwrt_release_archive: + 19: 19.07.10 # + 18: 18.06 # diff --git a/vars/build/targets/21.02.3_ramips_mt76x8.yml b/vars/build/targets/21.02.3_ramips_mt76x8.yml new file mode 100644 index 0000000..12c1729 --- /dev/null +++ b/vars/build/targets/21.02.3_ramips_mt76x8.yml @@ -0,0 +1,26 @@ +# ath79_generic +openwrt_target: ramips +openwrt_subtarget: mt76x8 +openwrt_devices: + - tl-mr6400-v4 + +# override +openwrt_version: 21.02.3 +libremesh_profile_device: vs-ninux-generic + +# configs +skip_configure_clean: true + +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y + # CONFIG_PACKAGE_kmod-ppp is not set + # CONFIG_PACKAGE_luci-proto-ppp is not set + # CONFIG_PACKAGE_luci is not set + CONFIG_PACKAGE_babeld-auto-gw-mode=y + CONFIG_PACKAGE_ubus-lime-batman-adv=y + CONFIG_PACKAGE_wpad-basic=y + # CONFIG_PACKAGE_wpad-basic-wolfssl is not set + # CONFIG_PACKAGE_wpad-mesh-wolfssl=y + # CONFIG_PACKAGE_ATH_DFS is not set + # CONFIG_ATH_USER_REGD is not set + CONFIG_PACKAGE_kmod-mt7603=y diff --git a/vars/build/targets/ar71xx_generic.yml b/vars/build/targets/ar71xx_generic.yml new file mode 100644 index 0000000..fdb1044 --- /dev/null +++ b/vars/build/targets/ar71xx_generic.yml @@ -0,0 +1,43 @@ +# ar71xx_generic +openwrt_target: ar71xx +openwrt_subtarget: generic +openwrt_devices: + - ubnt-lbe-m5 + - ubnt-loco-m-xw + - ubnt-nano-m-xw + - ubnt-nano-m + +# override +openwrt_version: 19.07.10 +libremesh_profile_device: vs-ninux-generic + +# configs +skip_configure_clean: true + +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y + # CONFIG_PACKAGE_kmod-ppp is not set + # CONFIG_PACKAGE_luci-proto-ppp is not set + CONFIG_PACKAGE_kmod-rtc-pcf8563=y + CONFIG_PACKAGE_kmod-rtc-pcf2123=y + CONFIG_PACKAGE_ATH_DEBUG=y + CONFIG_PACKAGE_ATH_DYNACK=y + CONFIG_PACKAGE_ATH_SPECTRAL=y + CONFIG_PACKAGE_luci=y + CONFIG_PACKAGE_prometheus-node-exporter-lua-location-latlon=y + CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-params=y + CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-stations-extra=y + CONFIG_PACKAGE_prometheus-node-exporter-lua-wifi-survey=y + CONFIG_PACKAGE_prometheus-node-push-influx=y + CONFIG_PACKAGE_shared-state-persist=y + CONFIG_PACKAGE_tmate=y + CONFIG_PACKAGE_ubus-tmate=y + CONFIG_PACKAGE_pirania=y + CONFIG_PACKAGE_pirania-app=y + CONFIG_PACKAGE_watchping=y + CONFIG_PACKAGE_wifi-unstuck-wa=y + CONFIG_PACKAGE_babeld-auto-gw-mode=y + # CONFIG_PACKAGE_wpad-basic is not set + # CONFIG_PACKAGE_wpad-basic-wolfssl is not set + CONFIG_PACKAGE_wpad-mesh-wolfssl=y + " diff --git a/vars/build/targets/ath79_tiny.yml b/vars/build/targets/ath79_tiny.yml new file mode 100644 index 0000000..797096f --- /dev/null +++ b/vars/build/targets/ath79_tiny.yml @@ -0,0 +1,20 @@ +# ath79_tiny +openwrt_target: ath79 +openwrt_subtarget: tiny +openwrt_devices: + - tplink_tl-wr940n-v6 + +# override +# openwrt_version: 18.06.9 +openwrt_version: 19.07.10 +libremesh_profile_device: vs-ninux-tiny + +# configs +skip_configure_clean: true +with_wireguard: false + +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-tiny=y + # CONFIG_PACKAGE_kmod-ppp is not set + # CONFIG_PACKAGE_luci is not set + # CONFIG_PACKAGE_luci-proto-ppp is not set diff --git a/vars/build/targets/old_stable_ath79_generic.yml b/vars/build/targets/old_stable_ath79_generic.yml new file mode 100644 index 0000000..198b1d9 --- /dev/null +++ b/vars/build/targets/old_stable_ath79_generic.yml @@ -0,0 +1,24 @@ +# ath79_generic +openwrt_target: ath79 +openwrt_subtarget: generic +openwrt_devices: + - tplink_cpe510-v3 + +# override +openwrt_version: "{{openwrt_release['old_stable']}}" +libremesh_profile_device: vs-ninux-generic + +# configs +skip_configure_clean: true + +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-fix-openwrt=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y + # CONFIG_PACKAGE_kmod-ppp is not set + # CONFIG_PACKAGE_luci-proto-ppp is not set + # CONFIG_PACKAGE_luci is not set + CONFIG_PACKAGE_babeld-auto-gw-mode=y + CONFIG_PACKAGE_ubus-lime-batman-adv=y + CONFIG_PACKAGE_wpad-basic=y + # CONFIG_PACKAGE_wpad-basic-wolfssl is not set + # CONFIG_PACKAGE_wpad-mesh-wolfssl=y diff --git a/vars/build/targets/test_stable_ath79_generic.yml b/vars/build/targets/test_stable_ath79_generic.yml new file mode 100644 index 0000000..03939f8 --- /dev/null +++ b/vars/build/targets/test_stable_ath79_generic.yml @@ -0,0 +1,28 @@ +# ath79_generic +openwrt_target: ath79 +openwrt_subtarget: generic +openwrt_devices: + - tplink_cpe510-v3 + +# override +openwrt_version: "{{openwrt_release['stable']}}" +libremesh_profile_device: vs-ninux-generic + +# configs +skip_configure_clean: false + +# test commenting +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-fix-openwrt22=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-fix-openwrt21=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-test=y + CONFIG_PACKAGE_luci=y + CONFIG_PACKAGE_babeld-auto-gw-mode=y + CONFIG_PACKAGE_ubus-lime-batman-adv=y + CONFIG_PACKAGE_wpad-basic=y + # CONFIG_PACKAGE_wpad-basic-wolfssl is not set + # CONFIG_PACKAGE_wpad-mesh-wolfssl=y + +unstable_defaults: | + CONFIG_PACKAGE_rssileds=y diff --git a/vars/build/targets/test_stable_ramips_mt7620.yml b/vars/build/targets/test_stable_ramips_mt7620.yml new file mode 100644 index 0000000..b79c3de --- /dev/null +++ b/vars/build/targets/test_stable_ramips_mt7620.yml @@ -0,0 +1,27 @@ +# mt7620 _generic +openwrt_target: ramips +openwrt_subtarget: mt7620 +openwrt_devices: + - asus_rt-ac51u + +# override +openwrt_version: "{{openwrt_release['stable']}}" +libremesh_profile_device: vs-ninux-generic + +# configs +skip_configure_clean: false + +target_configs: | + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-fix-openwrt22=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-fix-openwrt21=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-ninux-generic=y + CONFIG_PACKAGE_profile-valsamoggia.ninux.org-vs-test=y + CONFIG_PACKAGE_luci=y + CONFIG_PACKAGE_babeld-auto-gw-mode=y + CONFIG_PACKAGE_ubus-lime-batman-adv=y + CONFIG_PACKAGE_wpad-basic=y + # CONFIG_PACKAGE_wpad-basic-wolfssl is not set + # CONFIG_PACKAGE_wpad-mesh-wolfssl=y + +unstable_defaults: | + CONFIG_DRIVER_11AC_SUPPORT=y diff --git a/vars/build/test.yml b/vars/build/test.yml new file mode 100644 index 0000000..bd9fda4 --- /dev/null +++ b/vars/build/test.yml @@ -0,0 +1,45 @@ +--- +openwrt_version: "21.02.3" +libremesh_version: "librerouteros" +libremesh_profile: valsamoggia.ninux.org +libremesh_profile_device: vs-ninux-generic + +skip_preflight: false +skip_openwrt_install: false +skip_libremesh_install: false +skip_configure_profiles: false +skip_configure_clean: false +skip_webserver_update: false + +with_wireguard: true +with_luci: false + +# webserver index +webui_path: /opt/openwrt-lime-firmware_test + +# openwrt +openwrt_build_user: "antennine" +openwrt_dir: "/home/antennine/openwrt/test" +openwrt_build_dirname: "openwrt-{{openwrt_version}}-libremesh-{{libremesh_version}}" +openwrt_build_dir: "{{openwrt_dir}}/{{openwrt_build_dirname}}" +openwrt_version_tag: "v{{openwrt_version}}" +openwrt_extra_image_name: "{{openwrt_version}}_libremesh-{{libremesh_version}}" + +# libremesh +libremesh_profile_directory: "{{openwrt_build_dir}}/feeds/profiles/{{libremesh_profile}}" +libremesh_feeds: | + src-git libremesh https://github.com/libremesh/lime-packages.git;{{ libremesh_version }} + src-git profiles https://github.com/libremesh/network-profiles.git + +# libremesh_version: "librerouteros" +# libremesh_version: "^0bddc6b50da6f13b1fd20a28f5c4d557c3819737" +# libremesh_version: "v2020.1" + +ip_network: "10.170" +ip_netmask: "/16" + +vpn_wg0_network: "192.168" +vpn_wg0_netmask: "/16" + +default_vpn_wg0_listenport: 51800 +default_channel_5ghz: 48 diff --git a/vars/libremesh.yml b/vars/libremesh.yml new file mode 100644 index 0000000..c5b3b6e --- /dev/null +++ b/vars/libremesh.yml @@ -0,0 +1,4 @@ + +libremesh_versions: + - librerouteros # ^0bddc6b50da6f13b1fd20a28f5c4d557c3819737 Released: Thu Mar 17 2022 + - 2020.1 # Released: Fri Dec 11 2020 diff --git a/vars/monitoring.yml b/vars/monitoring.yml new file mode 100644 index 0000000..23f3eb4 --- /dev/null +++ b/vars/monitoring.yml @@ -0,0 +1,22 @@ + +maintainer_emails: ', ' + +all_targets: + node: "{{ belvedere_targets }}" + blackbox_ping_internal: "{{ blackbox_ping_internal}}" + +blackbox_ping_internal: + - targets: "[ {%for host in groups['belvederi']%}'{{hostvars[host].ansible_host}}'{% if not loop.last %},{% endif %}{% endfor %} ]" + labels: + host: 'belvederi' + - targets: "[ {%for host in groups['strumenti']%}'{{hostvars[host].ansible_host}}'{% if not loop.last %},{% endif %}{% endfor %} ]" + labels: + host: 'strumenti' + +blackbox_relabel_configs: + - source_labels: [__address__] + target_label: __param_target + - source_labels: [__param_target] + target_label: instance + - target_label: __address__ + replacement: 127.0.0.1:9115 diff --git a/vars/smtp.yml b/vars/smtp.yml new file mode 100644 index 0000000..e435921 --- /dev/null +++ b/vars/smtp.yml @@ -0,0 +1,5 @@ + +smtp_from: '' +smtp_smarthost: 'mail.gandi.net:587' +smtp_auth_username: '' +smtp_auth_password: "{{ lookup('passwordstore', 'chiavi_antennine/emails/', errors='strict') | default(omit) }}" diff --git a/vars/telegram.yml b/vars/telegram.yml new file mode 100644 index 0000000..28ef4cb --- /dev/null +++ b/vars/telegram.yml @@ -0,0 +1,3 @@ + +telegram_bot_token: "{{ lookup('passwordstore', 'chiavi_antennine/telegram/bot_api_token', errors='strict') | default(omit) }}" +telegram_chat_id: diff --git a/vars/test.yml b/vars/test.yml new file mode 100644 index 0000000..d66902c --- /dev/null +++ b/vars/test.yml @@ -0,0 +1 @@ +maintainer_emails: '' diff --git a/vars/wireguard.yml b/vars/wireguard.yml new file mode 100644 index 0000000..faaab77 --- /dev/null +++ b/vars/wireguard.yml @@ -0,0 +1,10 @@ + +wireguard_server_public_ip: +wireguard_server_PublicKey: '' +wireguard_server_wg0_port: 51820 + +wireguard_client_ip: # 10.0.0.9 +wireguard_client_wg0_port: 51820 +wireguard_client_AllowedIPs: 10.0.0.0/24 + +wireguard_dns: # 10.0.0.10