From 317b91bfc30d47246caab9da1d7c4d6666119125 Mon Sep 17 00:00:00 2001 From: stylersnico Date: Tue, 24 Aug 2021 16:19:24 +0000 Subject: [PATCH] docs: add all untracked content --- cropped-favicon-abyssproject-192x192.webp | Bin 0 -> 14936 bytes debian/backups/debian-backup-restic.md | 12 + debian/webservers/acme_dot_sh-nginx.md | 45 ++ debian/webservers/debian10-to-debian11.md | 67 +++ debian/webservers/webserver-Debian-11.md | 469 ++++++++++++++++++ docker/watchtower-docker-update.md | 12 + en/debian/webservers/acme_dot_sh-nginx.md | 44 ++ en/debian/webservers/debian10-to-debian11.md | 67 +++ en/debian/webservers/webserver-Debian-11.md | 470 +++++++++++++++++++ en/home.html | 14 + home.md | 21 + infra/blog-infrastructure.md | 12 + ipv6/ipv6-swisscom.md | 12 + logo-abyssproject-retina-1.webp | Bin 0 -> 3998 bytes logo-wiki.png | Bin 0 -> 15061 bytes mails/dkim-spf-dmarc.webp | Bin 0 -> 88510 bytes mails/spf-dkim-dmarc.md | 114 +++++ opnsense/interfaces.md | 12 + windows/dfs-sysvol-sync-repair.md | 12 + 19 files changed, 1383 insertions(+) create mode 100644 cropped-favicon-abyssproject-192x192.webp create mode 100644 debian/backups/debian-backup-restic.md create mode 100644 debian/webservers/acme_dot_sh-nginx.md create mode 100644 debian/webservers/debian10-to-debian11.md create mode 100644 debian/webservers/webserver-Debian-11.md create mode 100644 docker/watchtower-docker-update.md create mode 100644 en/debian/webservers/acme_dot_sh-nginx.md create mode 100644 en/debian/webservers/debian10-to-debian11.md create mode 100644 en/debian/webservers/webserver-Debian-11.md create mode 100644 en/home.html create mode 100644 home.md create mode 100644 infra/blog-infrastructure.md create mode 100644 ipv6/ipv6-swisscom.md create mode 100644 logo-abyssproject-retina-1.webp create mode 100644 logo-wiki.png create mode 100644 mails/dkim-spf-dmarc.webp create mode 100644 mails/spf-dkim-dmarc.md create mode 100644 opnsense/interfaces.md create mode 100644 windows/dfs-sysvol-sync-repair.md diff --git a/cropped-favicon-abyssproject-192x192.webp b/cropped-favicon-abyssproject-192x192.webp new file mode 100644 index 0000000000000000000000000000000000000000..ee5d12030f84e871edc91b0694be94343c163395 GIT binary patch literal 14936 zcmV-eI;X`_Nk&FcIsgDyMM6+kP&iCPIsgDKzrZgL0Z5YU)@=#^CB7Ft-2cG*%De0$ z`ac0S*W+IE2>F*QWi208`;9gE;s- zCc2ktahC4B_i6|&7}TZ#K)IwrQh)4iFiDdL(JMF2$^ckS%=Es0ZvzhOv;ihgBxP%@ zYs1Os#;e@I7U?<>UI3U(@pxZ7B##>W$lVu7Qbz^=t?ih5EjW-oFnI4LzEfAwy5Av- z#Y??iqQpG24hOLEMPrZ(@(O^qB3)Kea`VW5-ho*JDKiUxVUX1%WA%_!TyibVEFz+0 z#{C1aCK`!CqL4@gmW%iQ7oE7`F>Si4yGJ`sx@+62)(qTX z*ZWi7{~6r9MNWO^=7gO3NrQX_fgDMaB*iDPIG%_w`b&od(Eka5b>f9tMs>j%PH}_X zpw#UQrepIQC6%R}lgT1Or1X2|K)i!%6NV9}3_Ff^2X;AM^z!EhTmDt z4!~!(T;4*j^suu)w^HxcJ`4cB%&nuIv=i}eNU3Lr_rzp3W0OEaUROgWgvcPb3(ZKJS7LDjG=wmQ{`8mKh|VbKQ)z(m zchITYiN!3Q$9CC5`ZBE!_SM_zd|9V5(Z|En`H zv#Mrh_ZkrsFpfKOmhT_9{}DNk;>QjAft^Ow4{VoB2m-&c?c%9`zOu~=Fd-a)-w5G3$J+dK$JDA)M(Ccror0*u0M%o`pCV|tUG_=-o5P_u)~tY7Bjolj~32L zTR4`;#p5&261JF`!Dd^}Sz=}e>%bGsT1R3eNs<(W=YXA1r@t`#51BIjCkPvQ29IqvRc?uFYg!+HUeP0YEP{jjXCh{;%h zyX$e>NRlE&YJcm$n+(U`q_%Band@Ou1VKJR;3z_yuO$L0P*^kth;U>{vTfSdo^x$p z+qP}nXu$2rZOe`O>1W%vZJP(1Yppo}bnE|9Bsn$A%XrMpV4ax3k|&c{7E771Cyy}& zW@bEwT{oGGygPR?S0oAf^GkM-<}g-*Zx06ww3?Cs%Q2-g1b9!!4vXYyaBJ^E_?5_ zXQsQVf_<)?bspf0ofsdqamoCTPBys1AD4`*vm(10C)-3F;c~K*5pg5d;O>^O+})kT zVcWKWMCE?}jlZTGNs=Q;Qj4mQ=3#g5j(@uDhcWKTploe>+ctVW0HjR1r1zfHT)|xX z>}EUbS@qtVovLCEIfs?@JeBMrm!1$@o!TkyFYwa+TDb;*~g6@m5)%AwT&GM?_e)np03QS!Y&_t z5%u_~?rCGTK3r>ewWmIC{&}nOp^s=l_0FXLql4S<;STs6k?Y{^OXWCXPa4``n6=Vj zqRYJ?x7&9;Ia*o!h5~3C?@WqcA+jI5fbU?1GTQ@j7g$LhPGzNJM~oyH#szQs+StV7 z?*YHis*|J;c<@tTE0nu`ztHs1{VPTDj)uq}K|^wvwao=<#U=W2y5_fEu+AeC7QhEP zQ}*iVzkfH8o$mm(qi2Fr>jEGEsc5wfN-~n(J4y4toAL?nF3G~&#V~yN?;%2m>SEFv zTB0QyVkIQA6n-(A8W3j=+2!ELfn<_ot}*c`FTX&uJ>-x3z$!%NfuMl>QRcFNB4>6u z+Ca-(@+4tQ-si)<>?!pEL`-4`i3qS5$__;l(!;Ds;aK24!IP}@?`L$Y6X}*%v5?e> z1Q?J}=!6p*V=G22q)-TiCs}Xy_0>sRnlM~m3Ybl9L+Kl(Rl6+_e?xui8UqT=Y?I@%<6fh#y}*#q~;yDHndS0~*O@ z6f_n!y%(E2x7TtB2Yggil)yU#J{CnRkYI8HjvF+|)3)-`;I)uPoTC)+Pt`fmhOO9i zOA?ohO+cw+A{jmLf+w8sBuy{~xAT)hP^WtsgwwVG=u10 z>J94`rdp=8w-xq#b*AAYa3 zd9zxI4=7*|Gf@SG@;>nU(`>u4{N|7!3lup_We~x_Mn)NUIh+4YxXJOcQq~-iz*L$j z!BpVU=n*B^P8%4+i4O$CK>?(L57@UXu$v|EAy*?0EgFMChY%>!h(#9LtBr+l3;YSaA?ped%Ivdhi{Mpr7iq{ zJ@8%wZ^O-q54rzLQ1$kxe3D$RVPh};WCB8EHiI0#-jRf!oZghXc8x<^hq6F?kET}@ zZ~z9AP{L@71?5PUi@{aztr({OLS_|!y>!HfAVGb75dONCXaEm%)jqg?^Kq@F?5qxH z_y1mYR2VfW6xRNaZ*I+!tJ&WAp<}=$YSbuocsVANTGGl**{TaBs}u)R^?5hhXvjEV zfNp*8Y;nuvn zdQLB}dnom;ucl09X}4@Z->SCku6%xW+>?WmDy16TWgF_g`+><47s~*pu(K^GKpPpK zNgU1ais3S|_#B8Iy8mWXG_YTQw|DpvziMEn@+{dh-19LcqD2lhf@M)^%ev`&G1+ZR zEv=MN_3&v(CpE&Egu-O7VEh5WjRz^BWP?LQz87rGpN!Q&P*Wn9?5 zppGi+iLhEA>W>>BgNbM&$P@!tJ3ZNnMrwR3{y6I@3eT~?sYcKSY7{Z?$4nr$6Wvxw z-FO0t>0eBQ@7H+1r5S|o_*Hd=5u3|4%+4;WTwxU`3;>`Y3AGX_L!*(EuJAew$dwiD zb2}8HW6p`J3=GhqXlNpFxX5{4ZN{O3=MHlmI0Qwo2ruBSs&}2TPWPoTC_(F7V`oH) zfHIqdqCi1F7R}1J zReaEP;axTcod3x8{9534GN%o#g^FVz?5H*_7%eDuzrtd{i6QJj__!b3`RmU*qpjX= zSUnKPUDw=)?I?REHk==#1;1-n%}9FPBL5tz#)bN@tL9GdU#0VYw$mbU0Y8jYb2S^N z(Uu-4UXOD9-FPA}K{k{@2^jEy5S$;nJNxxsvxvBK%#meqT!KZ2VQ$;wRe-%+kWIL5 zx62g&*_kEiMy!;01+J7LEoS7gNZn&c zV5LGg@K0s|*gTzm&VMu^a1VK2QLpwkYgyXT)Np5gCki%DPW?MxbZo_-B2% z3QwTw=cOZPe98zEsMjlZ8rW#-KJ8FQ*-i}Z8JHCxFlH@5B(062#!Ry*DsZ*m$wL(v* ztdQ}nv#MEe`dCm{patW@hT$zla#2${WY!sa0}sx@O|YOG8m3QzRL5y1oUXLT60?~0 zLr@qjOC(j-(af_^`N!)$4J-!LSN$#=H5<`>Zh&brS1~A!?(@{s zXrqU0)5XkPa#PrG(YBd9)vE zvs3dS;0@FTA_vo?Z8tzIiB_4^BvcVpM;b$^aHvC| zNzWb0HhCTbKAvcCjulIIS(@x3X+|N-9<263> z_B$EC3q#FWPPwU3Bg+vMw_aEcK@2$X4oczKbHF6iB>kQGKD)-rRT;Sz05es9&tp`j z6P%5>~s2UC41lB0k5>fro05;4UWguWlIi{Gyd(=#VXjHc~4O65us_xULS?@3;SP`>TMeB4n5`Y85r0v_f0lj$Y;? zYwS={DEBH6AR1=0GZZspB2l1}Qi;vH%lQDOqAja6>OFAih>KCa3}QhCRb%3+8%LtM zExX3pnuD~4;Pi(=s*4D|A8<3If%WP8CvMv{X7!2ja-#G9zTyl4iFEX4b<4|c1#B9X z&5nBG>&7{#vc`Pt{@_ieHLE*6E7*7=Oeo`=Mlt0AEL5CGEr<|HShWw%6bzYo?Rb;3M3)58%#VImQHFZ92750;Qdj%Rj0&2btu{G8lX~=#~ zw29+HRlzJ!&ScM^GsMa3#tC%Dg1CfnnRx!tvq8AuM^S@3fVjoYYXeWcd^BSow((X; z{3vka1y21M%G!nuWTh)Oz3WjWgV3=;Vhc>*5F{WDZCx#UTaLE18p&P6R<B5q{$2FjW`*sj;kzrdSXdhL`&pgW9#Cv7r)i;`(+$W4ttE>tOl+! zgErkSzuYQ(=~%SgPQ`7PBgREN6&$C^84-Q#cC}jGRijz6T!ihwNmDOjP=JP&Qc{`7 z5$*8fn8Z1cK-*dQB^{B?!>$h3#$m`(1a!2Z{~yRClNe`3)xEt+-?#EM zLCI{)IdNqKO9%uUCCriG2%_$CKObMf8Dnf1>^`7ZY4u@TrB81_xBoA+KE1p!H= z6go%>Wez)z?cj*0hK=27)TK;DicEY4Oe0FDH0g#OHXpM1ixR{E3Lv2-SWkA~excQ3 zEqjHZ57fodfR<3wNRygUHt;;@-J_Pxaf)OnWf7rxo4K1*0HFcaMt;9~ke4kRK zkdfZpda3DDK_bLZH0tsCd1M2)8$h`2yg4a{k@CIZ(CuG78g0mFgSxSev&%Q`#$qRbAHzOUYewgvu z010FPxC44G0uB5StRtc=rX!{+ZXl))1sU)8?*+~0^yw%WS6$+S@V@cJ+|O zYAxxc#K!sq?i5itTxsZ?`)JL6wnzd%gn5SF0!?OFZ@+zCevj?x9S{kdjAfw88n6tt zac$u8A3O7?3i zKw$m^kcpgnIm6NWQl^?Wc)TE#Be)55s(E|dop5%Fy|alH+)5rXIz$3a1?V7 zzXS(3X)orGFYd;@Z4TS@NSRjyP$u)Bg_%H-E&Z2DnqCRVWL$PTG6W z>70vsBT4$u9JL&{dsp-(xWQGld8rKRtc3zGCny$5skmD&SY~-kZ9PW=xhC)GiPcx$ zlN?AHhi#&WIq$3*Nih-BFFOUW0Yb5yz`PK`FMEzUc{eUDDH2{3<>);CBv5G5Bobi~ z#u1J)q#blRSRty3Q6x`k^&_4h8Ww`u=14g5!gj%!h{Rby#8$0ckW6#4uywa*&1R$V zl-1@JfY2}!aP96ia^wGf4HP=PaZ=Z1RpO8@%WKz&7q-mPY!{ocSK$wbqCkK{;4o$6 z{RjDAVy|)Y2Ia4}#!oMPnK{)wLgf=>VlR1iV%^&jSDN;)%Cf?m%K_xPEJ!%Q8xprk z%mx0v0@g}h{XP~EUT|!@cxkamWC8}zi$YmNEQ|heQ{#i%w$7WQvs623WxgNTUUZX= z^EnO0sX(cVvxpoWSxCbi8mBgksAV7>a$cf<+7;HG5pvY$R!9g7^BYD6UUDn0hhyq# zmpp_a{K)Lh&0GvNTe>)ubx=Z-*0TYi0tiDgeZCdls(KCLJTktecL?(xSBi_2Z)%pr zCY&OR05{gbnn?^w-46pmRZmXz2b#ogz}|u+s0*e@5T$^IocMd3v|v3cRR4FxV05WN zHTpq{p^-;D5p>?M6cXeB3IMW5YHUHwsCo>d8kzUIZ}Rc?7s6kp>lwM;7T1t(kFtP;&UZICPd263bvr#)jzlC=o6Rr(>e(~_8XFc(p*}gR zCips#Izkcs(gA8R*-p#31UHYbk7|>PWMcWb# z00=(mCReJU0{Qq_@zj-nYP#Wi+-qNIM`ije{|Eor!Z}QwZ*OEiALld?b>_j6Q0SOk z%WQAYRi1UwMX^cNSwxcL)LN5R^&+mCYWg=BokJ*~l;g>F9Gu8k3|)#8K>^W_;5S=w zHOCDYZn0$EZMwxpOr29gB>+H$Sv_0T-IeFQ%ghl}wsysJ^k4u7?KvSD%%}pECW97o z8H-YtnsW2qF>PVYq6(OUjNy-R7-6xN&#qZbn|MBZ*?BhPJr507&IXZ{jX-wH`9V)3Jh9MVn#a4<^jx? zt~G#^w-gcJsv=z6jVBDwg5qi|SNG>NqV z3O3?U%e})J&OR-G1(KV2Uw7Pr)>z*gYKz|Eu-rpPtb-XaU;z-)nhx0Q*e`;59T`IP zRy6A2ca}=XF_}45mJsl_J&FL@$iC80el$xF6u?2KkJ98u#86-cx~O`p;z}k9Z@pSO z#>%yjCRJ0lz$vU$8fjX$6KX^9p1QzS{rrqFiLFKyN+@8p9q*_0wNvU@Es4&$$qxqn z*$WdxQY7<8m3ir#jak%I1*(7-!OfG=>_Lnbrw@vzm&BEU@EFkPe#{~)ar8JY^oW^; zhT|WH3%JU97{}}Llu9n(jlW7+jmpR!^;{l;65XIw=fgjCIq#ztY9@giEkI4tWJb!2 zMFk@SVzst|hWkkY8)EZ}vxGTP1RIsE$pvr=dF>SnT*B_BAPPBVC<&YuT7h;LPk^HK znqnMktylXx)Lg3F)KSXKS?*N5w1OxA6Si@VoY0jUTagtG^;!UH3N}=sKGfXjB z`MlV=$9i1L&oW}^Gd9N`_qU89R?07>X_c_>T%Cqth{<-X78z59kT}nlhLj{~CNK}a z>RvP41ZkT?AkF;Lq3H4hN{055bS3%`7!8}MlCf{$w+3HEqU$d6Up;6 zYneO2Pstoaw5WJr!Zd-3F{??0`xjVyQ76MTy8DkD1B3knE1TtFh5Kv8F@jK!cqpw# zs9BixD!y)JN*p|z47bB|M3ctFi1Gj~2dRrlVH~>gTF%=WMUNX=c6mwxS7P|>K&K*r zNMN4Iu-WmdPciJ*X+sSGYTSF_DW*P88ogq|L^zPQ->tmjeFBn*f7$6@t;Xu@tRx&5(Kh<=XtXGcf5fc(Y zmxG?AKik1oc>?&W+z}iriw73P#N@tU;T! zlKgLx5niJlqP96~vH$-&+opyl+0Af7_cr)CZZz%klct%LH>HSLdr6@$*txJZ%>spL z%CSQSRcviCYmQ|ign}@{+8+|8gQ+gpoR6O3j%9a@+OXFc_QsNS{2Oi*$w+izKV_Zc z-DkadzFH!qYsQP=q6P<02vrg^c~S3oq0&OHRn<3K2*NfxU}bQ`*kFkmG!tR8SUrrHuG&rYF~=f)of02LLSWVyRyi(( zRzxjLti@?@Y}K7wn}m!5nc=dQb^W5Ant((Kv%MRbt1on_H7XdDDpx9j0ogWi7_cA! z35*yQ$|V71CZJaab){^#>TL!P!3aHGn`{sJ8ly^#Y*6!{+G2CsiNToweYKl8(xR1^ z0+IxDSQb}Vb8|3+sSDtyq|qzX5($#Z!o&nw{56wpx{(npl6j_#xlA(xN=ATrwqloI z&WF0A?hUn;4{52AIJ6^iggK8Jw3@O5@34HEEHEx?CAJb;*wn#!#I#hbugKxlsS~^c zC6kgdP4CB(wrr_tZghi%w!$h87R{7l4q!Pb4}sY@*whz+W;Z8VhrC*` z(ooDftOy--kK5uk?QZy$`kqATaZt$~%eSJ;b*x-W8JZLY zPKja6jK&2_I{+^R5EMs;uWJLD+rg`*Ek$COX-(pgjN)0u`NuW8*%%mtqPO=kFZVtT z8r_g@OEbDJcL2*bE4D5VWCiGOKDDN zLJcwgvcgf5PdgxQHjp6fIVD5fcWT}g_?5#=q+ zN3u5S(c8{C2~W8~8A<7J1m>Yo!czIR-0m<2$VY&Qpw+;n%F#ImZC+E0jgi(pkC`6) z6YO2q5 zxH{BKhPC`5Odf)3!NN>(eVQ|6oScJp77Vv2ws7@e8f)nDsv% zwk_R%mpc|XCSpSf7@i5DXiYYNYM`1~*{1YQX!Q=dtrm$UWlAHPg~M4&T(l`6hJhM@ zK@f4qNJH-;?u*oG_Jdqr>+4%Qr~k_K=O?MW3n>i~P$Wa5ar1E}-qwH(o$ePxnTM25g;D*Zycnbc%ttOJabE?3RW z03xs?fe(R7K!*;ff|t`ln53Vh*PFiRnmcxpxNHN!v{tc-C0|YBxY89sPUULJu1R+; z3u&O$V;ok~?cQi53cYaNmCXQSWXQVLFAzB9kR4iP6FfF1R5l}Q{a=%JixsD~OT$q| z9UNEPWv(3xV%h-SKd=PIz=SNQ1{eNx>Ugl})iJV#kGZg00D`5hyvGr5mdcBAz9HIi zBh=Porbq>6Br_+a7kt=ZYpl(ls&3yk#S}mz*g9kSx2X|Xift9jG?v3v8o;L6A1P^F zWYe(aO7XYvvywgg z$;7JVgW?ovA11S^XhnJ`0lMA#;CFBvTTZxW9O3|zm~WYkZR;XsyBK3GA(C=M89@dAKm{h}KHP=}V1c;#($dD8zrQaGdf$k<-!nO7 zMsFPC0^m@EwVanBBEJ)41-d&Bhgz)BVqVH9?d*}z%QI!vuB~th*Xox<;K`C{3IWXn zJ2pWhvrZUouHXLtvt4cuov56AN#LVNFhBxYqeRT}f=26LtA$d-fNj(rd=7kr|9=Fc zd2+viVJ|dOZ}LcrE0D- zl7J)ytGq{1lNs&H1j$y)FsSt9>t(npkR7T9BW}y+B;+{;u^UUB-l^J>)FeF@v#(Xp zvVl~u`w<>Can$;O5v%{>RG{o2 ztS0*_zuZTXR$ZiHP!l+3_Soh;sA@PvsI(ngjESJYjI4k;kqAiPB@HesJJP=bIpWWmf`{kG9%ZB!r!M8BwVRbxS}80h&v zG1krNWY+^<|Blx%yF#OuTEcW-V9C=NP**8;DP9M@ClsObgtT|O|Kl>#)mSF=H0MUc zS+0{q14JZ#*gDm0cRSmj@JynI)V|l<;;0Gl>p9P-oHHynk*=cd+l!TidA(`|Mel)l zg?(BYtI|c9di6tu-7UCYOY;kf5!V`p)+VeD^c;8`AbaQZDU|kTcT1IOiX2`d<-ITL zb*N=Gb6#joRvtf*)}PwpzN$5J4q8i6G&KyccjKiWeI>%t@;QdI$B4=^MS3;{XS zixmJBKog~Q+^oxa^Oph}pqb&k;#h+&^MTH<(ZSOR8c14#+A6vin6gB7SApQdJ-DAx z!jv>gMnRJVnPibMtYN;tj8AAjo#&Hz-7HmOBN#xDe&7_w=uqCXVs?^i-wJ+iK7a^H6qUKb(dNJ2By6->3zH=8e3_xD=f*;{!U)YEoX%))hia^roI zY1#3Y-EBIX4hx0c@W*_yoybfsxUAB+pW>ZyzB}amvbZccPr8_b|YS*N>bP?z6dD3xF(IKrwl(1qj`zs{nS;I?T)@{{0-)j3lKiWj zl{(#s2$da;{K^|?8)#s7hpuKp01+4xkU?iswq?;au%+q_^_(hggeq!cn`l%@bAhGcN^s4vW=KUSnSsFoD^|9OO7wB~vIP@&B0Z`MPG!hGnnli#GsI;m zP9>pWY8?tEQJ{g~V0IKoBax%p=L!B1uA>{uE{>I&n_>$Pq*ao* zRThW|P}%gy`FyO;fdt0aL@A6LO+70k^#yG9CvQ%`W_nrON<7?*4uY z*dy`gKwz`RKN)OA<$*GTezuOmTJgYip;ovpk($tyDJ0Bl8i`&x->-o2M6ki27u&OyJ-zI7ae82xW5rHsKjC+?4vTMepZ!uUVTiW2Guhz~fM=f|FdjMz&$H0__rc z3%X#27>x<7SKed7{UQjta6Mviu!oHbW_IeAPdRclA+cYIWH*Eme!eS$4Q2UM8?9O+7q?9;D4|DBfZnFf^3rmv2$K zZZ{7ec>ZxJ-~5BBs=D_`AcRXWS@F9lXI&K2^&Z~bcsg$kAN zX85*WV6zTWvD@mh9CAz}H3XbO4M~@>UEK^!+7UW%ihO07%`ESu?2~hLH}dM#Adtyx_U#Y_r8#edDPYH%xXnj zF{*F?VG;J1b6x3j*c`1ar44($-Rv;rjIm-6i!`d#eylmWjmlxQp(a#MAugCEIZ*JM z{+3Y39teJyXkok)#1CQq2sA(L@wx%hGgE{3b1it?z({SLaZ@ifam-n#+Ep2xF`K}W zX3Uw{H=`}Z0(vr;R&XseT7(g61qhBjM-O_^b>G2fIKS0Uf>F@`k!lFy<}@9uMKe;c z->~MYB7=P04>jQU58JJO5Z2~B9J=N(<9cSZ0eMlV z3O6kwhK?eI&4p%W{U(4IM%Rf5k@AgckG6APfNn?xnU{>E-GRL+Lbt3`>2;kcB`sr>d znzCBrl5`YF93=*zMXBb(T-CZxjb^IonGIlJPe`mN7MO)w__~*>%6m&wR9pMpoJ|xi(vn_sQ`j#p3rGQXCx55W+fxr9T@<04#Oc3I z8k4rsws+I9?mHs2b|zdE&I)GKfN>Z4Nx&$B&Q0#VHEE`g0bZ2vW0;3{1$+1Jcz??R z98fpvsjk%_rhjK7VJh; zF|eH{T5-?3;xL8Njuw*&%5qMMhzg9A~mQ4smU|5EsG1t zx9-lQpl%>+9srsK10ikVbQU#~yY{8qcoX+=6iWN-TSI&|c&+7x zHm4{#6p*8%6PaYCo-sQO9<*m6>_$>y!k}mbCT=#nIW*fJ(Cz$Nv*H+;Qq0-h9p<)g zqpt@>;2rKyLg^=cu~fxY5u2%;NC2%P^<29%FT}R;*oLRx=YVI>OqIC7qbM_<_Nwn`!|FCxLF+2alJ6*-}iyQARHUuwcpLP4a? zN>gwCe|PL*Xhnh$P4RH@lbHZR`^7uujo$J1$&M$}3_rC&(g;*imXUjC>Dm@l>oyi2 z%QNDbqtKI;+tW%Rbwom{U2J$sj4p0jua;y)8Q zB!GM&<(lVTwm$s1%ZXZha)5`5D(q0wR)@Kiqg%-hB{@v^5kCh=!J_p2ZrVC#(Vr>ai%`W@8cPW;TBS literal 0 HcmV?d00001 diff --git a/debian/backups/debian-backup-restic.md b/debian/backups/debian-backup-restic.md new file mode 100644 index 0000000..af3da8d --- /dev/null +++ b/debian/backups/debian-backup-restic.md @@ -0,0 +1,12 @@ +--- +title: Sauvegarde de son serveur Debian avec Restic +description: +published: false +date: 2021-08-24T16:08:01.306Z +tags: debian, backup, restic, sauvegarde +editor: markdown +dateCreated: 2021-08-24T16:07:59.510Z +--- + +# Header +Your content here \ No newline at end of file diff --git a/debian/webservers/acme_dot_sh-nginx.md b/debian/webservers/acme_dot_sh-nginx.md new file mode 100644 index 0000000..f0edc31 --- /dev/null +++ b/debian/webservers/acme_dot_sh-nginx.md @@ -0,0 +1,45 @@ +--- +title: Certificats Let's Encrypt avec Acme.SH pour Nginx +description: Obtenez des certificats ECDSA chez Let's Encrypt avec Acme.sh +published: true +date: 2021-08-12T16:52:37.947Z +tags: nginx, let's encrypt, acme.sh, ssl, debian +editor: markdown +dateCreated: 2021-08-11T17:36:42.808Z +--- + +# Introduction + +Le but de cet article est d'utiliser l'utilitaire acme.sh afin de générer des certificats ECDSA fournis par l'autorité Let's Encrypt et mis en place dans NGINX. + +# Installation + +  +Installez acme.sh : + +```bash +curl https://get.acme.sh | sh -s email=test@tap.ovh +cd /root/.acme.sh/ +chmod +x acme.sh +sh acme.sh --set-default-ca --server letsencrypt +``` + +# Émission d'un certificat +Exécutez la commande suivante en indiquant votre vhost pour demander un certificat : + +```bash +sh acme.sh --issue -d website.tap.ovh --nginx /etc/nginx/sites-enabled/wordpress.vhost --keylength ec-384 +``` + +Si l’opération réussie, vous devrez juste configurer le certificat ECDSA dans votre vhost nginx : +```bash +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert key is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key +[Wed 11 Aug 2021 08:21:06 PM CEST] The intermediate CA cert is in: /root/.acme.sh/website.tap.ovh_ecc/ca.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] And the full chain certs is there: /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer +``` + +# Renouvellement automatique + +Tous les certificats sont automatiquement renouvelés tous les 60 jours. + diff --git a/debian/webservers/debian10-to-debian11.md b/debian/webservers/debian10-to-debian11.md new file mode 100644 index 0000000..85275ba --- /dev/null +++ b/debian/webservers/debian10-to-debian11.md @@ -0,0 +1,67 @@ +--- +title: Mise à jour de Debian 10 vers Debian 11 +description: Upgrade de Buster à Bullseye +published: true +date: 2021-08-23T15:53:38.194Z +tags: +editor: markdown +dateCreated: 2021-08-11T17:56:25.121Z +--- + +# Introduction + +Le but de cet article est de mettre à jour un serveur Debian 10 existant vers Debian 11  + + +# Mise à jour du système existant + +Dans un premier temps, mettez le système existant à jour : + +```bash +apt update && apt dist-upgrade -y +``` + + +# Modification des sources + +Lancez la commande suivante pour modifier les sources existantes et passer sur les repository de Debian 11 : + +```bash +sed -i 's/buster/bullseye/g' /etc/apt/sources.list +``` + + +# Mise à jour vers Debian 11 + +Lancez les commandes suivantes pour passer sur Debian 11 : + +```bash +apt update && apt full-upgrade -y +reboot +``` + +## Erreur sur Debian Security + +> Erreur rencontrée sur sur un CX11 avec l'image Debian 10 chez l'hébergeur Hetzner +{.is-info} + + +Si vous recevez l'erreur suivante : + +```bash +E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +``` + +Remplacez ceci : +```bash +deb http://security.debian.org/ bullseye/updates main contrib non-free +# deb-src http://security.debian.org/ bullseye/updates main contrib non-free +``` + +Par cela : + +```bash +deb http://security.debian.org/debian-security bullseye-security/updates main contrib non-free +# deb-src http://security.debian.org/debian-security bullseye-security/updates main contrib non-free +``` \ No newline at end of file diff --git a/debian/webservers/webserver-Debian-11.md b/debian/webservers/webserver-Debian-11.md new file mode 100644 index 0000000..9f68c50 --- /dev/null +++ b/debian/webservers/webserver-Debian-11.md @@ -0,0 +1,469 @@ +--- +title: Monter son serveur Web avec Debian 11 +description: Découvrez comment monter votre serveur Web compatible HTT2 et TLS 1.3 avec Debian 11, NGINX, MariaDB et PHP-FPM. +published: true +date: 2021-08-12T17:51:20.562Z +tags: debian 10, wordpress, web, nginx +editor: markdown +dateCreated: 2021-08-11T13:32:29.070Z +--- + +# Introduction + +L'idée, c'est de partir sur un système simple et stable (Debian donc), pour y installer les briques d'un serveur web performant et sécurisé (HTTP2, TLS 1.2 et 1.3 avec les best practices). + +Et, vu qu'un serveur web ne sert à rien sans application, on va mettre un WordPress (qui reste utilisé par plus d'un tiers du web, donc on va mettre un truc qui intéressera le plus grand monde pour l'exemple). + +Voici les briques logicielles que nous allons utiliser : + +- Serveur Web : NGINX +- Serveur de base de données : MariaDB +- Moteur PHP : FastCGI Process Manager (FPM) avec gouverneur statique (on en parlera de l'optimisation de FPM, mais pas maintenant) + +  Ce n'est pas tout, pour accélérer tout cela on va également utiliser deux systèmes de cache : + +- Redis pour MariaDB avec intégration PHP +- OPcache en interne dans PHP-FPM + +  + +# Résultat souhaité + +On se base sur deux sites ici, SSL Labs et Security Headers. + +- [SSL Labs](https://www.ssllabs.com/ssltest/) : A+ +- [Security Headers](https://securityheaders.com/) : A + +  + +# Installation + +Dans cette première partie, on va voir l'installation des packages nécessaires. + + +## Installation des repository pour PHP 8.0 + +> Il est nécessaire de passer via le repository tiers de Sury.org pour avoir PHP 8.0 sur Debian 11 +{.is-warning} + +```bash +apt-get -y install apt-transport-https lsb-release ca-certificates curl +wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list +apt-get update +``` + +## Installation des packages + +On installe Nginx, MariaDB, PHP 8.0 et Redis avec cette simple commande : + +```bash +apt install curl git unzip imagemagick haveged mariadb-client mariadb-server nginx-extras php-common php-pear php-redis redis php-zip php8.0-cli php8.0-common php8.0-curl php8.0-dev php8.0-fpm php8.0-gd php8.0-imap php8.0-intl php8.0-mbstring php8.0-mysql php8.0-opcache php8.0-pspell php8.0-readline php8.0-snmp php8.0-tidy php8.0-xml php8.0-zip +``` + +# Configuration + +On va configurer un par un les logiciels du serveur maintenant. + +## NGINX + +On va commencer par mettre une configuration qui va bien et qui utilise le module headers-more. + +```bash +cd /etc/nginx/ +rm nginx.conf && wget https://raw.githubusercontent.com/stylersnico/nginx-secure-config/master/nginx.conf-debian-extras && mv nginx.conf-debian-extras nginx.conf +``` + +  Vous pouvez ouvrir la configuration et adapter les workers selon le nombre de cœurs sur votre serveur. + Vous pouvez également faire le tour de toutes les best practices qui sont déjà intégrées. + On reviendra sur Nginx après, redémarrez le service en attendant : + +```bash +systemctl restart nginx +``` + +  + +## MariaDB / MySQL + +Rien de spécial ici, lancez la commande suivante pour sécuriser l'installation : + +```bash +mysql_secure_installation +``` + +  Ouvrez maintenant le fichier de configuration et ajoutez cela dans la partie [mysqld] : + +```bash +nano /etc/mysql/mariadb.conf.d/50-server.cnf +``` + +```bash +# +# * Fine Tuning +# +max_connections = 50 +connect_timeout = 5 +wait_timeout = 600 +max_allowed_packet = 16M +thread_cache_size = 128 +sort_buffer_size = 4M +bulk_insert_buffer_size = 16M +tmp_table_size = 32M +max_heap_table_size = 32M +# +# * Query Cache Configuration +# +# Cache only tiny result sets, so we can fit more in the query cache. +query_cache_limit = 512K +query_cache_size = 32M +``` + +  On reviendra également sur MariaDB après pour faire la base de données, en attendant, redémarrez le service : + +```bash +systemctl restart mysql +``` + +  + +## PHP + +Créez le répertoire des sockets avec la commande suivante : + +```bash +mkdir -p /var/lib/php8.0-fpm/ +``` + +  Ouvrez la configuration de PHP-FPM et ajoutez-y les paramètres de cache ainsi que la TimeZone : + +```bash +nano /etc/php/8.0/fpm/php.ini +``` + +```bash +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 +date.timezone = Europe/Paris +session.cookie_httponly = True +max_execution_time = 300 +max_input_vars = 1740 +post_max_size=100M +upload_max_filesize=100M +``` + +  Ouvrez la configuration de PHP-CLI et ajoutez-y les paramètres de cache ainsi que la TimeZone : + +```bash +nano /etc/php/8.0/cli/php.ini +``` + +```bash +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 +date.timezone = Europe/Paris +session.cookie_httponly = True +max_execution_time = 300 +max_input_vars = 1740 +post_max_size=100M +upload_max_filesize=100M +``` + +Redémarrez PHP avec la commande suivante : + +```bash +systemctl restart php8.0-fpm +``` + +  + +## Redis + +Ouvrez le fichier de configuration de Redis : + +```bash +nano /etc/redis/redis.conf +``` + +Modifiez les variables suivantes (pour configurer la taille du cache et l'expiration du cache le plus ancien) +```bash +maxmemory 256mb +maxmemory-policy allkeys-lru +``` + +  Redémarrez ensuite redis : + +```bash +systemctl restart redis +``` + +  + +# Installation d'un blog WordPress + +Dans cette partie, on va voir comment mettre à profit la base de serveur web que l'on vient d'installer afin d'y installer un des systèmes de gestion de contenu les plus utilisés. + +Supprimez déjà les fichiers de configuration par défaut : + +```bash +rm /etc/nginx/sites-enabled/default +rm /etc/php/8.0/fpm/pool.d/www.conf +``` + +## Téléchargement de WordPress + +Téléchargez et installez la dernière version de WordPress sur votre serveur : + +```bash +cd /var/www/ +wget https://wordpress.org/latest.zip && unzip latest.zip && rm latest.zip +``` + +  Maintenant, créez l’utilisateur pour wordpress : + +```bash +adduser wordpress +``` + +Ajoutez-lui les droits sur le site : + +```bash +chown -R wordpress:www-data /var/www/wordpress +``` + +  Ajoutez ensuite cet utilisateur dans le groupe www-data : + +```bash +adduser wordpress www-data +``` + +## Création du fichier de configuration NGINX + +Créez le vhost avec la commande suivante : + +```bash +nano /etc/nginx/sites-enabled/wordpress.vhost +``` + +Copiez-y ceci : + +```nginx +server { +listen 80; + +server_name website.tap.ovh; + +root /var/www/wordpress/; + +index index.php; + +} +``` +  + +## Création du fichier de configuration PHP + +Créez le pool fpm avec la commande suivante : + +```bash +nano /etc/php/8.0/fpm/pool.d/wordpress.conf +``` + +Copiez-y ceci : +```bash +[wordpress] + +listen = /var/lib/php8.0-fpm/wordpress.sock +listen.owner = wordpress +listen.group = www-data +listen.mode = 0660 + +user = wordpress +group = www-data + +pm = static +pm.max_children = 15 + + + +chdir = / + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +``` + +  Redémarrez les services avec la commande suivante : + +```bash +systemctl restart nginx && systemctl restart php8.0-fpm +``` + +## Création de la base de données + +Connectez-vous en root avec la commande suivante : + +```bash +mysql -u root -p +``` + +  Créez la base de données pour WordPress : + +```sql +CREATE DATABASE wordpress; +``` + +  Créez l’utilisateur : +```sql +CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'password'; +``` +  Donnez les droits à l’utilisateur sur la base de données : +```sql +GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost'; +``` +  Appliquez les droits et sortez : +```sql +FLUSH PRIVILEGES; +exit +``` +  + +## Mise en place du certificat Let’s Encrypt + +Installez acme.sh : + +```bash +curl https://get.acme.sh | sh -s email=test@tap.ovh +cd /root/.acme.sh/ +chmod +x acme.sh +sh acme.sh --set-default-ca --server letsencrypt +``` + +  Exécutez la commande suivante en indiquant votre vhost pour demander un certificat : + +```bash +sh acme.sh --issue -d website.tap.ovh --nginx /etc/nginx/sites-enabled/wordpress.vhost --keylength ec-384 +``` + +  Si l’opération réussie, vous devrez juste configurer le certificat ECDSA dans votre vhost nginx : +```bash +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert key is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key +[Wed 11 Aug 2021 08:21:06 PM CEST] The intermediate CA cert is in: /root/.acme.sh/website.tap.ovh_ecc/ca.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] And the full chain certs is there: /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer +``` + +  Éditez votre vhost nginx pour rajouter les informations nécessaires (fullchain et clé privée) : +```nginx +server { +listen 80; +listen 443 ssl http2; + +ssl_certificate /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer; +ssl_certificate_key /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key; + + +if ($scheme != "https") { +rewrite ^ https://$http_host$request_uri? permanent; +} + + +server_name website.tap.ovh; + +root /var/www/wordpress/; + +location /.well-known/acme-challenge { +alias /var/www/wordpress/.well-known/acme-challenge/; +} + +index index.php; + + +location = /xmlrpc.php { +deny all; +} + +location = /favicon.ico { +log_not_found off; +access_log off; +} + +location = /robots.txt { +allow all; +log_not_found off; +access_log off; +} + + +location ~ \.php$ { +try_files /e1d4ea2d073f20faebaf9539ddde872c.htm @php; +} + +location @php { +try_files $uri =404; +include /etc/nginx/fastcgi_params; +fastcgi_pass unix:/var/lib/php8.0-fpm/wordpress.sock; +fastcgi_index index.php; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_intercept_errors on; +} + +location ~ ^/(status|ping)$ { +access_log off; +deny all; +} + +location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js|woff|woff2|webp)$ { +expires max; +add_header Pragma public; +add_header Cache-Control "public, must-revalidate, proxy-revalidate"; +} + + +location / { +try_files $uri $uri/ /index.php?$args; +} + +} +``` +Redémarrez ensuite NGINX et accédez à l’URL du blog pour l’installer : + +https://website.tap.ovh/ + +  + +## Configuration du cache Redis + +Suivez l'installateur Wordpress, la première chose à faire ensuite, c'est de configurer ces deux lignes dans votre fichier de configuration WordPress : + +```bash +nano /var/www/wordpress/wp-config.php +``` + +```php +define('WP_CACHE', true); +define('WP_CACHE_KEY_SALT', 'website.tap.ovh'); +``` +  Ensuite, installez et activez l'extension [Redis Object Cache.](https://fr.wordpress.org/plugins/redis-cache/) Une fois que c'est fait, vérifiez que Redis marche bien avec la commande suivante : + +```bash +redis-cli monitor +``` + +  Vous devriez voir le cache répondre en naviguant sur votre site : + + + + +# Note de fin + +Si vous souhaitez aller plus loin, vous pouvez regarder la mise en place des images au format WebP : [https://www.abyssproject.net/2020/05/mettre-en-place-les-images-au-format-webp-sur-son-site-avec-nginx/](https://www.abyssproject.net/2020/05/mettre-en-place-les-images-au-format-webp-sur-son-site-avec-nginx/) \ No newline at end of file diff --git a/docker/watchtower-docker-update.md b/docker/watchtower-docker-update.md new file mode 100644 index 0000000..3e3f3a2 --- /dev/null +++ b/docker/watchtower-docker-update.md @@ -0,0 +1,12 @@ +--- +title: Automatisation des updates Docker avec Watchtower +description: Pas trouvée +published: false +date: 2021-08-24T16:06:08.865Z +tags: docker, watchtower +editor: markdown +dateCreated: 2021-08-24T16:06:06.326Z +--- + +# ToDo +https://www.haade.fr/blog/home-automation-smarthome-jeedom-homeassistant/tutos-haade-lab/automatiser-la-mise-a-jour-des-images-docker-grace-a-watchtower/ \ No newline at end of file diff --git a/en/debian/webservers/acme_dot_sh-nginx.md b/en/debian/webservers/acme_dot_sh-nginx.md new file mode 100644 index 0000000..b02cfcf --- /dev/null +++ b/en/debian/webservers/acme_dot_sh-nginx.md @@ -0,0 +1,44 @@ +--- +title: Let's Encrypt certificates with Acme.sh and NGINX +description: Get ECDSA certs with acme.sh for your nginx webserver +published: true +date: 2021-08-12T17:28:36.529Z +tags: nginx, let's encrypt, acme.sh, debian +editor: markdown +dateCreated: 2021-08-12T17:28:34.626Z +--- + +# Before starting + +The goal here is to use the project acme.sh to get ECDSA certificates provided by Let's Encrypt certification authority and used in your nginx web server. + +# Installation + +  +Install acme.sh: + +```bash +curl https://get.acme.sh | sh -s email=test@tap.ovh +cd /root/.acme.sh/ +chmod +x acme.sh +sh acme.sh --set-default-ca --server letsencrypt +``` + +# Certificate creation +Please launch this command with your domain to get a certificate: + +```bash +sh acme.sh --issue -d website.tap.ovh --nginx /etc/nginx/sites-enabled/wordpress.vhost --keylength ec-384 +``` + +If the operation is successful, you will just need to install the certificate with the information provided by the script (only full chain certs and cert key needed): +```bash +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert key is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key +[Wed 11 Aug 2021 08:21:06 PM CEST] The intermediate CA cert is in: /root/.acme.sh/website.tap.ovh_ecc/ca.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] And the full chain certs is there: /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer +``` + +# Automatic renewal + +All certificates are renewed every 60 days by default. Nothing to do here. \ No newline at end of file diff --git a/en/debian/webservers/debian10-to-debian11.md b/en/debian/webservers/debian10-to-debian11.md new file mode 100644 index 0000000..e938f45 --- /dev/null +++ b/en/debian/webservers/debian10-to-debian11.md @@ -0,0 +1,67 @@ +--- +title: Upgrade from Debian 10 to Debian 11 +description: Upgrade from Buster to Bullseye +published: true +date: 2021-08-23T15:54:02.654Z +tags: debian +editor: markdown +dateCreated: 2021-08-12T17:37:50.044Z +--- + +# Before starting + +The goal here is to upgrade an existing Debian 10 installation to Debian 11 + + +# Updating actual system + +First, update your system : + +```bash +apt update && apt dist-upgrade -y +``` + + +# Sources update + +Launch the following command to edit your existing sources and move to Debian 11's repository: + +```bash +sed -i 's/buster/bullseye/g' /etc/apt/sources.list +``` + + +# Upgrade to Debian 11 + +Finally, launch the following command to upgrade to Debian 11: + +```bash +apt update && apt full-upgrade -y +reboot +``` + +## Error with Debian Security + +> Error get on a CX11 server with the Debian 10 image at Hetzner +{.is-info} + + +If you get the following error: + +```bash +E: The repository 'http://security.debian.org bullseye/updates Release' does not have a Release file. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +``` + +Replace this: +```bash +deb http://security.debian.org/ bullseye/updates main contrib non-free +# deb-src http://security.debian.org/ bullseye/updates main contrib non-free +``` + +With this: + +```bash +deb http://security.debian.org/debian-security bullseye-security/updates main contrib non-free +# deb-src http://security.debian.org/debian-security bullseye-security/updates main contrib non-free +``` \ No newline at end of file diff --git a/en/debian/webservers/webserver-Debian-11.md b/en/debian/webservers/webserver-Debian-11.md new file mode 100644 index 0000000..b06898d --- /dev/null +++ b/en/debian/webservers/webserver-Debian-11.md @@ -0,0 +1,470 @@ +--- +title: Build your webserver with Debian 11 +description: Get your HTT2 and TLS 1.3 compatible webserver with Debian 11, NGINX, MariaDB and PHP-FPM. +published: true +date: 2021-08-12T17:50:20.421Z +tags: web, debian, fpm, mariadb +editor: markdown +dateCreated: 2021-08-12T17:50:18.409Z +--- + +> Translation in progress +{.is-warning} + + +# Before starting + +The idea is to start with a stable system (Debian 11) to install all the components of a fast and secure webserver (HTTP2, TLS 1.2 et 1.3 with best practices). + +On top of that, on the understanding that a webserver alone is useless without a website on it, we are going to install a Wordpress (because it's the most used CMS in the world at the time of the write). + +Here is what we are going to use: + +- Webserver : NGINX +- Database Server : MariaDB +- PHP Engine : FastCGI Process Manager (FPM) with static governor + +  Least but not last, here is the two cache system we are going to use : + +- Redis for MariaDB with PHP integration +- built-in OPcache in PHP-FPM + +  + +# Wanted results + +We use two well known website for estimating security of the NGINX side, SSL Labs and Security Headers: + +- [SSL Labs](https://www.ssllabs.com/ssltest/) : A+ +- [Security Headers](https://securityheaders.com/) : A + +  + +# Installation + +In this first part, we are going to install the packages needed. + + +## Repository install for PHP 8.0 + +> It is mandatory to go throught sury.org's repository to get PHP 8.0 on Debian 11 +{.is-warning} + +```bash +apt-get -y install apt-transport-https lsb-release ca-certificates curl +wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list +apt-get update +``` + +## Packages installation + +Install Nginx, MariaDB, PHP 8.0 and Redis: + +```bash +apt install curl git unzip imagemagick haveged mariadb-client mariadb-server nginx-extras php-common php-pear php-redis redis php-zip php8.0-cli php8.0-common php8.0-curl php8.0-dev php8.0-fpm php8.0-gd php8.0-imap php8.0-intl php8.0-mbstring php8.0-mysql php8.0-opcache php8.0-pspell php8.0-readline php8.0-snmp php8.0-tidy php8.0-xml php8.0-zip +``` + +# Setup + +We are going to configure all softwares one by one now. + +## NGINX + +Grab my Nginx secure config which is using the headers-more module: + +```bash +cd /etc/nginx/ +rm nginx.conf && wget https://raw.githubusercontent.com/stylersnico/nginx-secure-config/master/nginx.conf-debian-extras && mv nginx.conf-debian-extras nginx.conf +``` + +You can open the config file and adapt workers depending on your cpu cores on your server. +You can also go throught all security options that are integrated. We will go back to nginx after, please now restart the service: + +```bash +systemctl restart nginx +``` + +  + +## MariaDB + +Nothing special, launch the integrated utility to secure the Sql Server: + +```bash +mysql_secure_installation +``` + +Now, open the config file and add this to the [mysqld] part: + +```bash +nano /etc/mysql/mariadb.conf.d/50-server.cnf +``` + +```bash +# +# * Fine Tuning +# +max_connections = 50 +connect_timeout = 5 +wait_timeout = 600 +max_allowed_packet = 16M +thread_cache_size = 128 +sort_buffer_size = 4M +bulk_insert_buffer_size = 16M +tmp_table_size = 32M +max_heap_table_size = 32M +# +# * Query Cache Configuration +# +# Cache only tiny result sets, so we can fit more in the query cache. +query_cache_limit = 512K +query_cache_size = 32M +``` + +We will also connect after to create database, now please restart the service: + +```bash +systemctl restart mysql +``` + +  + +## PHP + +Create the FPM socket directory with this command: + +```bash +mkdir -p /var/lib/php8.0-fpm/ +``` + +Open the PHP-FPM config and add this (and the Timezone): +```bash +nano /etc/php/8.0/fpm/php.ini +``` + +```bash +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 +date.timezone = Europe/Paris +session.cookie_httponly = True +max_execution_time = 300 +max_input_vars = 1740 +post_max_size=100M +upload_max_filesize=100M +``` + +Same thing for PHP-CLI config: + +```bash +nano /etc/php/8.0/cli/php.ini +``` + +```bash +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 +date.timezone = Europe/Paris +session.cookie_httponly = True +max_execution_time = 300 +max_input_vars = 1740 +post_max_size=100M +upload_max_filesize=100M +``` + +Restart PHP-FPM: + +```bash +systemctl restart php8.0-fpm +``` + +  + +## Redis + +Open the Redis config file: + +```bash +nano /etc/redis/redis.conf +``` + +Edit the following to configure cache size and expiration: + +```bash +maxmemory 256mb +maxmemory-policy allkeys-lru +``` + +Restart Redis: + +```bash +systemctl restart redis +``` + +  + +# Installation d'un blog WordPress + +Dans cette partie, on va voir comment mettre à profit la base de serveur web que l'on vient d'installer afin d'y installer un des systèmes de gestion de contenu les plus utilisés. Supprimez déjà les fichiers de configuration par défaut : + +```bash +rm /etc/nginx/sites-enabled/default +rm /etc/php/8.0/fpm/pool.d/www.conf +``` + +## Téléchargement de WordPress + +Téléchargez et installez la dernière version de WordPress sur votre serveur : + +```bash +cd /var/www/ +wget https://wordpress.org/latest.zip && unzip latest.zip && rm latest.zip +``` + +  Maintenant, créez l’utilisateur pour wordpress : + +```bash +adduser wordpress +``` + +Ajoutez-lui les droits sur le site : + +```bash +chown -R wordpress:www-data /var/www/wordpress +``` + +  Ajoutez ensuite cet utilisateur dans le groupe www-data : + +```bash +adduser wordpress www-data +``` + +## Création du fichier de configuration NGINX + +Créez le vhost avec la commande suivante : + +```bash +nano /etc/nginx/sites-enabled/wordpress.vhost +``` + +Copiez-y ceci : + +```nginx +server { +listen 80; + +server_name website.tap.ovh; + +root /var/www/wordpress/; + +index index.php; + +} +``` +  + +## Création du fichier de configuration PHP + +Créez le pool fpm avec la commande suivante : + +```bash +nano /etc/php/8.0/fpm/pool.d/wordpress.conf +``` + +Copiez-y ceci : +```bash +[wordpress] + +listen = /var/lib/php8.0-fpm/wordpress.sock +listen.owner = wordpress +listen.group = www-data +listen.mode = 0660 + +user = wordpress +group = www-data + +pm = static +pm.max_children = 15 + + + +chdir = / + +env[HOSTNAME] = $HOSTNAME +env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +``` + +  Redémarrez les services avec la commande suivante : + +```bash +systemctl restart nginx && systemctl restart php8.0-fpm +``` + +## Création de la base de données + +Connectez-vous en root avec la commande suivante : + +```bash +mysql -u root -p +``` + +  Créez la base de données pour WordPress : + +```sql +CREATE DATABASE wordpress; +``` + +  Créez l’utilisateur : +```sql +CREATE USER 'wordpress'@'localhost' IDENTIFIED BY 'password'; +``` +  Donnez les droits à l’utilisateur sur la base de données : +```sql +GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpress'@'localhost'; +``` +  Appliquez les droits et sortez : +```sql +FLUSH PRIVILEGES; +exit +``` +  + +## Mise en place du certificat Let’s Encrypt + +Installez acme.sh : + +```bash +curl https://get.acme.sh | sh -s email=test@tap.ovh +cd /root/.acme.sh/ +chmod +x acme.sh +sh acme.sh --set-default-ca --server letsencrypt +``` + +  Exécutez la commande suivante en indiquant votre vhost pour demander un certificat : + +```bash +sh acme.sh --issue -d website.tap.ovh --nginx /etc/nginx/sites-enabled/wordpress.vhost --keylength ec-384 +``` + +  Si l’opération réussie, vous devrez juste configurer le certificat ECDSA dans votre vhost nginx : +```bash +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] Your cert key is in: /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key +[Wed 11 Aug 2021 08:21:06 PM CEST] The intermediate CA cert is in: /root/.acme.sh/website.tap.ovh_ecc/ca.cer +[Wed 11 Aug 2021 08:21:06 PM CEST] And the full chain certs is there: /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer +``` + +  Éditez votre vhost nginx pour rajouter les informations nécessaires (fullchain et clé privée) : +```nginx +server { +listen 80; +listen 443 ssl http2; + +ssl_certificate /root/.acme.sh/website.tap.ovh_ecc/fullchain.cer; +ssl_certificate_key /root/.acme.sh/website.tap.ovh_ecc/website.tap.ovh.key; + + +if ($scheme != "https") { +rewrite ^ https://$http_host$request_uri? permanent; +} + + +server_name website.tap.ovh; + +root /var/www/wordpress/; + +location /.well-known/acme-challenge { +alias /var/www/wordpress/.well-known/acme-challenge/; +} + +index index.php; + + +location = /xmlrpc.php { +deny all; +} + +location = /favicon.ico { +log_not_found off; +access_log off; +} + +location = /robots.txt { +allow all; +log_not_found off; +access_log off; +} + + +location ~ \.php$ { +try_files /e1d4ea2d073f20faebaf9539ddde872c.htm @php; +} + +location @php { +try_files $uri =404; +include /etc/nginx/fastcgi_params; +fastcgi_pass unix:/var/lib/php8.0-fpm/wordpress.sock; +fastcgi_index index.php; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_intercept_errors on; +} + +location ~ ^/(status|ping)$ { +access_log off; +deny all; +} + +location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|css|js|woff|woff2|webp)$ { +expires max; +add_header Pragma public; +add_header Cache-Control "public, must-revalidate, proxy-revalidate"; +} + + +location / { +try_files $uri $uri/ /index.php?$args; +} + +} +``` +Redémarrez ensuite NGINX et accédez à l’URL du blog pour l’installer : + +https://website.tap.ovh/ + +  + +## Configuration du cache Redis + +Suivez l'installateur Wordpress, la première chose à faire ensuite, c'est de configurer ces deux lignes dans votre fichier de configuration WordPress : + +```bash +nano /var/www/wordpress/wp-config.php +``` + +```php +define('WP_CACHE', true); +define('WP_CACHE_KEY_SALT', 'website.tap.ovh'); +``` +  Ensuite, installez et activez l'extension [Redis Object Cache.](https://fr.wordpress.org/plugins/redis-cache/) Une fois que c'est fait, vérifiez que Redis marche bien avec la commande suivante : + +```bash +redis-cli monitor +``` + +  Vous devriez voir le cache répondre en naviguant sur votre site : + + + + +# Note de fin + +Si vous souhaitez aller plus loin, vous pouvez regarder la mise en place des images au format WebP : [https://www.abyssproject.net/2020/05/mettre-en-place-les-images-au-format-webp-sur-son-site-avec-nginx/](https://www.abyssproject.net/2020/05/mettre-en-place-les-images-au-format-webp-sur-son-site-avec-nginx/) \ No newline at end of file diff --git a/en/home.html b/en/home.html new file mode 100644 index 0000000..e0aa991 --- /dev/null +++ b/en/home.html @@ -0,0 +1,14 @@ + + +

Welcome to the Wiki of The Abyss Project.

+

This wiki is the work of a System Administrator that share is knowledge about system administration, open-source technologies and networks.

+

If any of this help, you can buy me a drink 🙂

+

If you are a French reader, you can go to the French version of the wiki with the link on the top. You can also check my blog : https://www.abyssproject.net/

diff --git a/home.md b/home.md new file mode 100644 index 0000000..5bd9286 --- /dev/null +++ b/home.md @@ -0,0 +1,21 @@ +--- +title: Accueil +description: Bienvenue sur mon wiki +published: true +date: 2021-08-13T15:18:38.941Z +tags: +editor: markdown +dateCreated: 2021-08-11T11:56:50.951Z +--- + +Bonjour et bienvenue sur le Wiki de The Abyss Project. + +Le wiki d’un administrateur systèmes et réseaux qui vous partagent ses procédures et ses divagations dans son métier, le monde du libre, le réseau et la virtualisation entre autres. + +Le partage est important dans notre métier, c’est pourquoi vous pouvez partager et réutiliser tout ce que vous trouverez dans ce blog selon la licence disponible en bas de chaque page. + +Si jamais mes articles vous ont aidés, [vous pouvez me payer un café](https://www.paypal.me/NSimond) 🙂 + +Profitez également de votre voyage ici pour découvrir d’autres ressources intéressantes : [Le blog de Seboss666](https://blog.seboss666.info/), [le blog de Noobunbox](https://www.noobunbox.net/), [le blog de Julien](https://computerz.solutions/), [le blog de Djerfy](https://xorhak.io/), [le blog de Maxence](https://www.flemzord.fr/), [le blog libre](https://www.blog-libre.org/), [le blog de Carl](https://carlchenet.com/) et [le journal du hacker.](https://www.journalduhacker.net/) + +Le blog est également toujours disponible : [https://www.abyssproject.net/](https://www.abyssproject.net/) \ No newline at end of file diff --git a/infra/blog-infrastructure.md b/infra/blog-infrastructure.md new file mode 100644 index 0000000..9e482e9 --- /dev/null +++ b/infra/blog-infrastructure.md @@ -0,0 +1,12 @@ +--- +title: Mon infrastructure personnelle +description: L'infrastructure chez moi et en dehors de chez moi +published: false +date: 2021-08-24T16:01:37.963Z +tags: +editor: markdown +dateCreated: 2021-08-24T16:01:35.860Z +--- + +# ToDo +ToDo \ No newline at end of file diff --git a/ipv6/ipv6-swisscom.md b/ipv6/ipv6-swisscom.md new file mode 100644 index 0000000..1b4d5b3 --- /dev/null +++ b/ipv6/ipv6-swisscom.md @@ -0,0 +1,12 @@ +--- +title: Configuration de l’IPv6 chez Swisscom +description: Configuration de l’IPv6 chez Swisscom sur une connexion Smart Business Connect +published: false +date: 2021-08-24T16:04:24.713Z +tags: +editor: markdown +dateCreated: 2021-08-24T16:04:22.322Z +--- + +# ToDo +https://www.abyssproject.net/2019/12/configuration-de-lipv6-chez-swisscom/ \ No newline at end of file diff --git a/logo-abyssproject-retina-1.webp b/logo-abyssproject-retina-1.webp new file mode 100644 index 0000000000000000000000000000000000000000..5f416f390817e3840190cd0c482d24bd770939bc GIT binary patch literal 3998 zcmV;P4`J|9Nk&GN4*&pHMM6+kP&iD94*&o!D*+u4|0fnq<}V#W@BGjI1SE8vhc#^5 z7CFtHoor-jAcWxV?hZBF-7C0zT~ge&hP#y_ZE<&ZcZz$Elqj*?y?;FKzVpuP44?jp z=>G(e8C_(?>|+&<`K)0m$yfM9SdI)Y`H8S9No!4)U%GPT%9Znn*3J0*{Qy$vY`^C6 zl`B`SoICL6&x5Nt$gbP0GDTUaP1*2)RMvao(S?o59R>a@w~V9X4amRzF_)fz-VY)F zcx;3{WqOWQ{sUlhP6;X<$8aUo7}pu_q$(ttdl&R4{h&z|I|==<{cUL_5S7WF@bY~L zYUXCxpc&!#4cyz2B;R`hrITb@#6#&&8)^Xn%l!&TA4<>{0*o=@YY0b@WP>EA-7N8m z8)_HXPxw>jZDL&Z@$x?{*zrgL(fK84fxz2VT_d+(HAz-{1D`in|MJt^9WV7YNQ2MI zD}VlJ!QL4AS_a{hFvC>l9eBY9_R0kAXNWJWs_1L*6E2C+yAY=QT$IF>r@xlV{u083 zad}Coy+0?>o|?huB0nIawogQ8EfBY(K+8LC0*-%v;+(=(J#w9L*G@)YMZU5qvSp z9~8_m;+9~T{mlbkN7R+!&O81wQLtA>z)pr|x#Y6k2R{^~^j5g5ShS3;J34o&OL%iBd!X1+Fknl;9ZD_^2RaG`+m_|a8M5wie^~h zkeCA=Q-bua63jAUzhH#j%>v)*U^I~7rpq5D2^Q+24^tVw^3@kStr6*-D7bFKV!KftZSY>?vse;yS2y3M z;Lk!7&@_gBin6>fz-N=fOlg9LS=5yf;8Lia{R+O@;fuayxE5@-x`~3mq*B|$a4iE- zy0hTBohoR902i|=qZ0xgNN->7dsuval60PBm}st`;i=$3K&e}fMs>GEkTt+I*oMLvWuDi0~n_ncwcNbu;wqB;a$+dLA$`O3P; z(e|JWaHyC~1Yd>WDW%MW-<<~0CKjt1N0e{WV+o`T&_zVWr@oXxLI-=80G{|#aSX#L zr-ITkF)=Z(UcQWudE?fBO~F<{UtQOS=(^%8zIKfZwv<a$tAdLL`}gyD~klboz6H~%dp2` zj&6d})^y*vLl#ytnRz}W6J~kI(Ayke3XWJ!5y4#}>Ix28SHMZ|S!Bvig4jH!SS46z zHLV1vj2I+XXIgIGY4&J_ zZYG!uVIBX`UQ7&85D_OB%F-o&<5W=CE$C!b+A;9?WZEu*e{vc&0K(@^Kl%r^>g!t$ zVKD)4u9_}w7kFy8RecWrD1&)u3&Tc(f~G(`iu?-LR6)lu2#=5tcz-J@=a>cITC(UO zZv>6V#JOS^J~kqx`)!C{Wb`*+TXUzc%*!EeECIOJ)^+&Gvl&89d5h8xfiERf_Y}O! zE^-9RM-;60#h)?o-HH4Uc(uG|=n`jbmspC~L%A&95Buy^8J^AaTG(RhP1m zpJvG+8=N&qh_ApLVNBZ(zLHGePw*nML2m|;!G;mly`W@&c9Lv!OUb%0^4A-XZSp;~ zYd%(BCK~|$Ji>gA{S2!N@%&MU{Ei&$PUw2pS0m|wZkKi4>q!3FvUBIoomb%7&Ye4V z&PA&*Rx}WTeDQ*|A25mlZ2Qo_BrM+oV!y(C5=WlP5Z^7kPq zK|sC2N&>PhPlW(e$D9Gmv6ujs8;?Em=5qP%Rf(pakW49#e!U%cGR~ zDQ{7BD?{(4Tzw~CFM6c=w+Qvdn#q_>|0bcCz_x&Yn>hDf3!{IVPR>H+JWvz*hxeep!}4I9AE59g{1f5#0vTf!lcLi2Do2Y8GsvYjA?KLO3$^nsG5Jd zq5n)5r`;g&Lj!=-q3R0lg!02>EU46WD8A9cszw}=J#q1c*B4?66VdcnI#Yb$beJN? zfHx3(Z!Z0+WAo-6K3jOjBSPx;nrRjvQa)cUa9k>U$J{t`=E^Hyz+ahV@<+eY?Pl?> z^lmqU?ue!f;zT&Ek^c1Uev1`gr>4a9JH!u%6(q^rU;Qlrwq`JkNpqisIA&SZ_9Ax+_3(d&4?g15twn!C5s#rK8ykm%j8TA)FaX3WF!O8LnlvjA}99iC+hj?%*?$vy_c<1R)@U_kPEsF0N$2l=zD4GQ927~4Sv=|1{RB9_{knfut8Zlmg0wAF|51 zdVp6lLvF!P{|b1;rjZF(F_g2qj4Q!Yizo^1bPe3wn4}l7f5?>A*-HN^4qnd;4F$ce zt>lDh$l6O31Gt4oH#TqtXjPkxj6v-ZwDM#$uwQJY6meLoh&qk2KZaz}_ zkxpk48)1$C3{ImiK=~;m`h^`ghk=%}Iz1`fDY#jNbfvN{&Cy-p@~g#c$J@lk=A<}( z0z0KC`pz7^tzxI0MQxK_HN2{Wln-SXsw*IlO*Y3j0#ZEFB)_necD9~Os~uwr`Ss9U zw#FQ@S(K`EzDiV5UYv*`*>h7kwwyV0=FAiuqY^0quv^z2cGDb(*kM(Fvvp*6C+5v! zhT`DU?Tm&qbk{SDA-fq|No1*vW9BYmhQKH6q06Yb z;ECz&j%qV3lXIM8Xm3<4@T;1d`QX2kDZgYGV^AZnU=i6K&1YyNMRf%)a~czVU(lA6 zb^%W+U=G(~mRi}6d@ms^_ZATLm^}!UqQ4kUx{Pq{1mEXSQZHFBoJ`t@;XyV7!mmKM zo!$bd6~j!q9IqI5g{X7>2A)umR5nTkKNV;e+Q@J|Tv^yj2$M^^70?>yeNT#-dKnHx zs0!T#VP{e~C=EQi0GT%P1BNSk73IDJ@mKVAko6S++z64PuLZbQLrvMM5Kbk9+15dr zT#HOxA&%i?QzdnuL%i1UmOz~uCdkng0X#Dz^rfGe3gKdhzK}0pLzvQ>OkFF10V{Iq z$~e;t@tzQRTX1Y=X%*yXxR(L3lk>@CAN302pB$t&#}7{-j&DdNfA1dwl4cZ<3X6ON zpX*)p)GX@TMIeY4jMadJPB4t=lRPY2xad9yUhmZ_$^ zv1_z zMQ<5YA{hXVYC4EQzkRIY#psNr+n0M&9nx(ca@619Rq)`4a5CDC=m&>uSH;RD z{?#dn6bjVI ze)jB%EwhHa8%Szfem|gPNe8Lz6{)PI)`3EKJt}n!NX4nf`P*N< zr2WA0_=y1qLF0+47!+nou$XLecbskQ9P0#_x@A2(+|arG1`5QwMjZx;wtwfVGe1nf z4;3z_r0d)7!-CU^d5Ar(9kEFdM?>agH!@PX?jtj(S?soluZzpUl*bCjQO)xtJFe|< z3$N2EshQ`0MD};HrW$ifr3f)ZM5H7W5<@js(IXQo6AKH)J{{zH>5USUWKPjGX0>O` zM#72Pfq(bkSW68ok^Dx72i>Y`^=yc8umqdxwDKmu0;-`KefFcFljYHGN^ znCwK=)^6f-LvLOM24y-9#}E$7E7M{_?%AIT30Yl{Zz@~_0`nKWY$dB{UrX0A#HH3J{Q* zj`vXs?Pp8P3KUorIcn?HU^DySP|BHEMkr zy)MX*Tmk{iV5Spjjz`UO!xnu~N;M)NrTboJTzxt*KPXr6Po{(Ff7_sy@Y-nQ!cSXn zK8I%~NGbtx9TjQGHy=3N^<04~&f;eby2)6hi?d)`w2Ml71+#^<6w4)5b~+;|1gI_m zh8`YdM@nrKu%J`5&bLk?qfrel^EqG8e&x2jkDj^NT7gHXkP?*f2u;0A8KLr_ql_~ofS-NGj0yd8T#t$2i@Q#`SM_SNdBJ+EE4_7!u6ge*zwfh7X zCV6^@?`6yK=I{n{Ehz(CxNpc4xk3>E464})_+F3F(dm8cb^j{K>JJ1KRxbNYEUT@p zH6cYc#S>M<<;SqDyZ@Cyh|!nA&QS9@nPpr1#=4(5@U&^mNZO^M^LAa)Dp;53)c^@# z6;pp~N|6O31tY+=3Ekg~84YT_EixT@J^ zt)|)R*YG5r)X7s2fHK@6`o?_e^Yw`1KnqZak_^$fM;FRJ2k)X=yMsl8T0+VnUOdj7 za%Q;Y7Fns~$_BfmLpD}i5 zRYiYh7eD@BMX#QQ5U2(>8-aQ`U{;(X1^Bs0Qd?_%o@na)@zIeW$}}2O zpTrskl7l7uV&>9Es^U=Es4ZKlDFhmm3$+h}7Jlk=$BTrd z7mdC3K8lGGw=p_wQCTYr%2Vjr2`NKz#32qK9V0*MYM;Mw2B{+_-jxRH3J^$*!^oWblUqy&qPX$%xh?aov(8s5p}euPu)i-PXTn6Tyt+g+X;g=UbOpbD8sdpYgB z%RrNUPahB9($(mB++Ox4d7C8aj(~?r=IePML?72{Yevhl#pMv!$A>CRujXXUP8p8> zDq(|*=>GNb203_OU5@W=Rq;!n1^S%2mA@Lkt3|FV5ECHT3#r;a>d5)*Mmh6o)Ex{N z&U-ppQ?GI+X$=iu_hci7lg#7$*L~eBwUS%99Z+1lD6PojIxg~+%2~N@8KD;s4x?9@ zs?8S|0|;a^SgF{|*>X1V^4fFALX!)DhLVAs+mA9C|Fn1f`&C-uf&e2-0>N$1QJsBJ z9Wsw!8s14}^7Taa#jKZGbrVzY;q+JaqEzUCA|BgF)Wl9>m&SC&KE^)M9PP5D8|@r^ zh%OkyfJS`9I~=h-uxtj9i2Fh|pM`%y2afThdjh}snaQ2FmrdjbEz*5qe?$t5^gpqz z8l`{%1R)|&RKkn#sJhsQKlR=-p@^`OcHs!$IgnUP)67WURR4*~S40#}oCq=LQVo+? zqOr*J817kr=zO_(_~G^Q>Jk?{+{hJ+@{~%twLE$2m>uQ|3OJ_wP==FN4!0-vnBC{5 zrHhFGwD}htoxgvyr43(%R7WbB|L>8z?kOok_X>jzJv6b;L@LOAi@>ZKaMhksIXP^={2sGpJy3=zzL*Sm*iz0f6+o?@Nr=LNO*tcqY5o!m{PQ2J8m`B;jJ4Czp6AE!0|11bmMhmvYpXhwk{RxVkDWX}SMG^NsJVlBVHH4SHb> zqJABT5UuOc=vFd_bcT{kP9r*^-fzx=8G9c-7Z0>qn{(mvzSv*+vr_!ZVachCmQplj zMcES22Qmo3+@rQYJ3muyeO>eReu<@tvYT3w8y+Ilun!>8O~UUJ0!RTX)%ydtEr^F5 zUu8`PpTLCBP}=s3g74j|wt1SXZzZcq3uj{fe-lfR&<{0(U#nk9`EC29u z&Do$ZrF#B1`Y+sQ>X+JIW1UPc;Y3(Wv1AXpmD}MCD&4b_QTXi-EvG+s{2BaInyI{S zl-UtTIf|!A2BDVmpN1SWBySfNN81#*o(u(+zZn+4%t_Of(7(_N?fnW1WK+=6HwX#f z0FY7chubx;v;DiWoXK*{<_8Ub{6v(N&WD*4i-|MK=1!j+VkuQ2Ex42|#1p-0lb~#J zlw~R{tj_{YdguP8c-oDVI# zJ?{GR@244bT78;{j8ct~lkqNxGoi3O;v>)$W>;YsJYI*_x2ig_&f~9-8bgh4G(o6f zVd2PD(Uieb350PR%%_9lCE7)X598u!D?|v|#4LaFxvTl4k<;HQ_zgWuSC&jUJ>vvQ z7dllrKEfIYbvPqIzJ2!9yYpVT%DOYU=jvVs|0swK>7>{}n9}pZlYgzQTCk&U;{uI9 z0Jua)D((XH+Wnbku;B=rdAIy-ei#1yc#c{s{a^8P>h69g3eGldNTdh>GYj6 z69{BRnkH#AN5u`xNT(Yo6%H~tDDN}@TUJw(B)Tcg4(f`jIO~p{``nmqP{c=^=DHfO zP~}2@7zRdDFcJu(<~V4xte+=M*UO6*^PeR=Ofy2yd-rD(hvlEB6F+(yaec`qklZHq zbQx+RPJp~m_ z9->MFQQ%mG6nBgjvDPmSF4x7G=U)3duhYD+6M0K`o~Rj93tpEn9AXZJ+&4bm7xFCLEp#h4=zU@pbsO?8!c*eHM$Pb}`sqE!`15IA4C6Y$ zOtM3cY=?`lK;yW!X_yt*8*yoC5qm~*;<*>a+d=$aPsqBjB<(hZ0`qMmS;Q@$C^5N; z{`$kMR2GKJF)Sb5DUe_85p}-3`bvB04sUdLYRszf!IL%ha#+#oByvFa0sz~wu?V=Q z1*EHSkE6ofh;|=cYQF}T5W8< z;37#+qYGklY@#7tFe}d1J*t>+6V8c|<;_mVPn5sedV%c{3Cf(q?t=Ie1U(KXjk6vS zAAU)+BS_x}$83jEf}o5D^af+oc< zFyn=Y@%)1641Qrps7EB_6K(_8-dg zu~LARAOM@H=PWrVyKznELV5(n_33#06Z#-*?l64ut+p!ax6?}^^`oC9g}LIR#qJ40 z1N!q?HQQJD_%ks17}FGoYI3Hy(Dl{btWmHApFx}LL*94m$2W)FRINU)%qSRCWqhd+ z9DlD<#YH~a<}a&YzWcB?#peI*AAn*Z>#iIDzIxp0vM~V00k*MiIFi4(kfyxq zs(jpc1g#EFo`BMfbFVGTCUP z<@>P*LFIO+>QTvB>!c@Ug}$zNkh=G7U+8Se9$-I#6l{w=pjZoKjZ*-6Hx3tR~sfkewRUjG9#TS3EiJ&K{t zCNUyN&C_f5FAXuj=S|OPUbI)awDrbHx%_Q~u;iD2l9v}DA^8A~9rv%ddx6q#XxZ;b z6%IxOumKh1{XPA#6P-6#9+L7IcQ8Y5!RTZ6E?Mou_h{q3VpO6%1&v}mnIr%Llrdoy zI$g}jtqgeQ5=n=i)Q2hLDpZ!^CqO^Nar42~+MQrJtHe|Xkl1siIdIRN^_O^~ZFlL9 zJ$Cd4yQw#Xka=J-Dp)QRUZP6_S&P{na>{@}-xF^xVjh!!6nIJ`XuEIi1NB`zuJds% z2Liy_B*D|@!*^lwDD@4{k0YDF>o6ok54xcxIHOSh^{HXLd-y9{m{?Sd`D@#mb-tAZ#{9mp15=?6T^f0RogbA{*giYkz5-2$^5@&!x6wygZO!Uw9mg|K>MyzslwRT&I(6S4Cl-c;unf z;*B^sQ~i&0t{)vz&L4Vi!^OQca5*{Ei#~j}99bQq12U=;U@#vbwEUA=I$I(GkBh{> zhVH%nnhu)DZ#^jA;7mJtvKwECOdn?1l-Z&l#}*uQ+h-rbA(^LvKUemM+TikB3%gfU zu{t^jP&4i4u65J3p^^16+L$9%&+8TFkku%2sPc(_DMPQ4?a=32;=NIIZvToD&P*xH zz`d`DqJhmeegY)|sDmxwakX^~x!$V4t#4$*PQK08c^ovOgCWK16JZU2i7vDJq}{2B zJDqSKKap#8z*Abe$YX!p+E5j{aqqjY+p?)qN%sdjVzt_;gC|x8S=>p;A%Id*Gw_=( zFwCnIp#T);A=>lewL6h{no+(};`#E3rGmR6nh?9Nw1EF$>Xd^ERV@QtDVZt?-V@Ga ze-0G1ZUcYWk$l%PkG~L#*X|xTpo0C5fF(rv-OO~MO%C1UY%178;E#Q=tMH!kJxgmT zLRV$_7<6F5NttGKJ|mX*o|2b*0dg+AvxJK3iQLOWOU7?6nE}5iFKl!hO1dYY+RmR~ zMYbS1BR`^rNs1J>yIFevIIWAy{xChrf%cC2@pONZ@8^h1j#(vvk0n8ap(mxV2qnr0 zBn{1N3vlRvcB8z9@T@vWA4UD(twe${B7Ry##YU{!O+3U#=#qSdNJ>`QS!3HvQYv_LcOqKbp}fK zl4j#;Up2?0$nQzlAtR81V*qI&HYmEhKElBHFSORxR|u)nyy@5lLpo&ZTAZoPB?+JS zhetUt+U2|~z`f42UhiuQs&CsR8}ian`SUDi3h?mn$;cLn0p+ypp1^82jb2=gx*r^3 zy6{WEO*be4e5wOUo+dM~t6A$V;b$YG`R%;OslOGpqJFQ&KqmT1WI|*O5pmNS4&eoO zny!ij1z*&%xX)`ye(^nQMSH?&nF410LKg3V6Y!eUHKcwfFd>wWT^`}tUxWlfmb z){GC~?oej)hrz%|n9g(a)6uS3L@PB6C$@5lCmEyB|xM_k44$W8H=7i$ie5bzXj)ghXh?78LIeg9cP@y z+da5*=Z8zz*f<5bKXnk_#le;QzcAP4r0uO&>`3Cwur}>}K|ybx>zWk-aARjA$`X`r zzZ8*)n00#GcbV#pW@5Z_D#M(Flwgt*8PEHgCe-svf%c}^ty)$Ned#}b$jc;xT>cLI z^y8n7+*s!TV-+#>Xr7$#nW=~qHoi(22*Bjpb}y!Z<;f_?IzS+kub))yG0RkN+qr{y zZD1fy4eGPQqmyzb;OVA|sM?JQw;DxYp^ME}Q)J}ePJ)sTFWz@2=uZ;b*yqx$1_Gt{ z1*nYrN+y65JNuB}Ep&CEeXEQQQwzrFx&gwuSkvW$zoIh0{GM+2+Sy75C+dp2c>@-V@6C_ z$J0F8BIe2RU<-p{sjyi4tjvgl_Z%D@ocSS3Si@o7Vd9+(%c&$4FLOJ=to^aA*Ylso zKYh-w332HE%>AR?x9*W!uWy(wVmefC%M+ahuz20o5+R;&`KPwxmaa6!i{^2)4!)2B zc=f*EBY5_5wNP<%peTu=K#8>3Ue*d%hg`tPfe=J%sZQ=HDY|KO|J} zW2YipHeWVel*P}CIhE9RQb-bV7eu1G$OBbi)wrfKx%p^CNd`1Wj8U!f2tK=LI&Hf< zbM0R!Bm~}UcA=clF*&u~I|ht`V)eBd1#fS<%#KwX*Q(_TR=V7oa5K!+fAU}M=-zuC zZTdFYoAl1)^1QJJ2(L)SKrb-JQ)L|Za>{nGlBY9`ZmU%8Y$Q7JaTXxNydQUVL@Ae8 z-j-yV{0qlG5=Eq>?)>5bD*>oL%v2u}HARg!N_xF({831Rn91jSRF=@`{e;tEur(p7 zbA=xu9K571>il{=5-jsFQKsFJPFn&UA>*zBm+PZ3!6`iy-#{-^;55nE(IkJ-r^C0{7NdaN>h<{xR6RTZVt0!W?8-0PeTT9c^wkXko#1C*^{?+G zW|eESsmD#Em}f!z3}#*e9v~wEC@|B?nN_mMNInht$$x}^JFiN#vN@#A87hcsxSlnz zy-{5cnKn?8wHIB*l281JX)O3(T+2l0->{4rHeGwKV~73z7?=%o zhwhRh4aZ-1f?oP>`P7gz(L8~QU#8ZMv8;@7+oNkya}O;23GB(7AsmoHpQ!_R6E8Uw zL5GqlF-l4<8=9NYb&)G1eU)3=v&VUcjB%O@l#0?1?i_+^4B2Y)go3!du zuTerwMx06$Ar9sOMSH}bf_Dbpv%ccPYi2cyWH+~D&A4L;?J1d6`YH`@E9OrF zl6zObaR}p{4t!u2Zr%SVyL_>9v~3r@D~y>DAEZ>s&{bPoN>Q`bHd@e_UTw@$r1%3$ z$_52U6^zRhb93h0NuA*LGmb+<%nX!3flOTsg+~H96jy<0nyPlE`zB33Z&MV5#3@ni zah^|sc@&m59g1RD;*XgZt zYr=lOG7vkbHnDJ&3aYtL-sCDKdEt#*wC4xbhWpLXoY{5Z{DwV6Z9nycJDEr3cP*(1 zPACjakPIys#@!2A#&E^!b3f6B>&;M&IWI|WLkYU5M;kF=W_O1arbA04gS07?c0JR> z6wl&#x}-5o(OIi^lw6DD)-js%D=U87UnQahsOOF#ktmsEeMX)7EejlPfP}#F_NUnL zRWf>ps2&F^=L|$=%xIk1IEB)T;AsX0$34af(Qh&fj}Kkf6K@U0k)3E47zkU@EU8$L z`hfC!fF0^Savcp0(6MtNSN`8Zb>62KI+^sf=~-vsLY=6r>^IR|k8d^`Ytdzd16Ncl zB{ffO)INX{hb3rSC~P#0{cy6inS~y$s->sU==WX6jBq9|fAqS2BEXa+MtCdW(u`)( z9utHJKpg+4MU4t%L*M93mO17bZ>ifn=F%K!VUkTiH{&G73?0ku__hBu=xx7gLDOZK zNLZ+0R90Nd2Rp-9Ykl2Jk}lTdWdhWlv!`wo%i@|_BJHoA^H&qNtFuw$nhn-43TU{? znSF%XMHt0NZ#t$y1v*Yh!1Jza(W;_C{$dhq`12=`4dvJt2h%hB{95_Lehyg>u=*yy z!37RO51F4|!;ZYG-A}SWl=WOMM3m6%E*Zt-=UR2U5GHw=bj*l;t!#?IoYD^qddjZv zmC8C6!4jDav7ahQ!G@9Wv9fOCSzgGIFRBWRK}^Ov_Q1^MXii?hM!pZ%w0@=|B(=hpP=XVB$jkUDF3GB< z9Et!&Ah=|Z0{9HZ2BtSHDvr_)nrI6(1-{|32^if+)2MnR&xTD@(v5R737~6+1 zOo)6mZ$GHcJ4Mc9)T`eO)_wJs%UsGU6l7KdFWaU;Kf3{+R-b z0g?8`)ACdtnce>%ty>sWC7X1qtO`qJg~>6KLJWgtQI=FF1hlOhMN`1GcF%53_2Q4F z#5c7OIcbAj5rqwU3?rRCO&5-x`f7A~czV2di}#f$uBoUu1m=imV<*k6|7U5ia8HoD zN`0uUTpkUZ)?doZg&_fSbd<8JQj}a}ENDr8iyvZoI!<7QUYATi#pyHcbPMqkvV7MU zj^8c#0-ZTBx?XK&xk{VFy#8o*ekcxA)4}>;C?5@sV^QRCClGo%X{Kclfdxt-)2gE9 z-VUwI3{d2YD^c_QLV&R=%;y<5!k`}m@M+ZAE+KB7dppF+886gS5dhfqWQI%(nCDt4 zuZB6E^$61boix7sa_Mq)JS`tjg#G>NpW9&0OTH)R99|l)>L!Ly-3!Q%IP#5kYc1-e zxW0r>lnd|n;DNEl)*89Gn%be%194YJyckn~pUx7jTWwtFitHC+$>^oY&{Zm*SE7RS z(G9* z`&MC%vW}-wYS8B@fENi`tzhspoz}>`a;rZ@odFz@$4lLYGvQq`b2T{pC0x-tXMf4Q zJeU?ieew1we%X>o3w>(UQBnQ_y*%+BI64db4lzesl&d%+(g5hP48J~RHOQGmEy|&M z_{&AU^XE~NTs~3Z*Q7|miC)whOQoKCQ*Zo!0AH6=cZYg*=|6obN@p74$Mr_ACktAH zCGTBG;W8=+FJL~eLY*c^BDt^8@Ni3o!qe%uT*1ElA<#73&iM}kC}kh}O&<=3@*O`c z$b%UfIGxpgPF)+(klvJ*qY~0Hps7kM_M=r8J>=-YVIX(O_d-`j^+30y0TuRMwX~cM z*vn`;wO5<&s|1S(RUC93nD!A~6#Pdd@EZRCA8KR5wh=1@416w@v5F!Or2gKkqEGaP z5oR*jgZBe?cPc3;p~dyC=x!WijmVWy%gnbuxJUoB?x{=Kh`YoZ5fBv`w5&diZBuLd zY)qU}L;qJP;I>Pz?2P2VbFY%OlOJa=6eNz}oMXX3|))NQkz2*(JpL9T3 zs$rw<4zWGQ+{RZT$_3uDHCwyyOo$^fH<9NzAqB>zQ&ex;Hs! zAv{`O!X|kCywG)*SW(#_RcFF@kZyxY0`jrUaF4oUIo&DQ3nI2g_lYfbt#Y8jpPw`B zi zr#9(eaLu!Q7}sT_2F-kP;pW2(psJ2$f~X-#RHD|4lNgJ&W#qV156|feM5(t zPuu{)u`xw-m~R#7->xIUd@TG1K96%dmi6@Q1nODT}NfT-;E?i08-!= z>W|lRsQBW4h>0NLVexok0V=wFDN-1qg(L=f#h0%Vz3;h1!)&{`k7*cX5If>X;dNNZ9qe60M(8@1e$c+ za^Twslx`1_^_4Jrl?1ck1Gy@2Ke)!8Lm_tjX?k=wFx|gy2QQKGUW2!Crra6}3FpF(yTOJcdJCMJWuochRc&O1p)&KAFR$g?@He5#3=cP8 znxTl_`1DEQ^AI(p#3?2M3l~Mz+o1;o+Zr2cr|V@=_pVMX#!8?A-c`9kWe0k57+D3m z=O6zM1_x{7z55c($ilMscKpqU!sP2Y2Gi|x_9|bSoZIB$$Nrm{YwT!jC*y+)`*r7# zmFZZZBBrL@DdKeR8IaJ5AvLI%qB1YEpbk-ss6JGp^aOKocDnb5r*(J@BLL>F9d+I5 zc)gJsg@qCq3JfP;>$7m3=AK1##ww3LTyYirw(H~6{^MzGfj3Qm&u7hRR_tqTRZ5xP zi_Sef38}yf0_Ro90=UTX7CSQB>tk0vTO7|$)YxiD&2^DjFZj_8meivl5yMxq(n{`X z!K5E9k_a(w2OY3Wo}#!)_XbfW66X)KFYjB$YtE>?b7>U z4qYLNluFZI2P8&O?z|w5KS#~hS@y=bLGMosBYcs#34ph)jshN?W*jgROsInpF<}x} zzIcuV3+@^!gU?&pJ3FYC!3xyGk;$4kx*-)hq~CZg+DMc{v|+sB6vMz{s|}yYFk8~` zX^poTJ2h#2X4+HqI#^t-Div0JZCJR)!>zeGZd4&oh|I1rErST2G9PnGqqDfuZAxRg z<@jWx)eM!5Evvb1WM%$UQx11u=r3)`u2)$$=Ozx$$9fJ4diq97$WtqrhOG9^5P@#B z_>eTQ>T!>*>Qe(6^LxpSz!MnU9%dC~tGT)@T-VFrf~1C?c&qn(C^O;;=s< zDiU99x{t$eZQ4r$OrdI{@a@ADsn{P^;-ZmCCY<62yjw5iZL27eO7s z46Wq1bdTF!zdI)|cA9kkHhu4<*Frq(9TQyFWV@~jH8#c?i4?c3y#+740t@ldt>-}h z2&9;D3-6kySl%ApCQ{bF0c+p4dad8iGJiCGYXD`I20E#E$(wY!bT3Z~wFWKFrL3lS zZV!VWXz-sno76iyJf^Wpqskco3O(TVpFE;`2r4)FquTH`QIzI3Ta*fadg33Lt}N=!dh$Pgc<$__qWGYC7KUMMPy>pY8#pq$BnrAj#ebWd zU_=w{TW#Ir_&f``z(@0f`KN09@7G!qg-md;7wp%6qAytP?p|x$ysTbhP5+XsQvZ>`Y0fmu;Shib^~8c5&`Z(sV<5{*GTLN~m$ZFs1?E&h zLQj_VQ|M`~(F*lAFHEAJgIf+730ArsMgaBreh54FZwFC-B3-bQSR=rxTs)4_pI;DW z5FN+^6^X|{S6>_4#z_UQDP1pK*{f;1+`$S9D3+2sIk&f z9a-F`G_BpmJB_sBevDw_^4H!!ek|}k&JR~w53Cgn?~;N;O)~UGXtfTCBTG3Ywi@_M z5*63Bo`+-W=gik0KdN`s01rTbH0q92_$Ty&&3n{oGZorcZ17O-rKc9it^<%U9>-&w zKO6D`398vKmXr;}mIt1nmFjk>Dh1TuSh`cs~c90 z#~9i!)?iWP-tRl9mOt4O8NDT$wWIVdC&Y1V;=t<1+H6qW$lzVMWA2=ll_I? zW3a6$rX%KMN5P~B%XH5 z{?VW2mY7PvaV|x?USrIx1sGF5`^bkrl!d6CM0p>E!*3iLX@fq{?$#Db^j4SdU1RN= zQaTHKj#xlgcL!Acoy1?S+!i}%)jq$dsNb2Gh9hlyNSdYb-~H~p0p7SMz=ZxV*>`y*<(bS(Ea=(Gc1x-ESHHrH{1)_R=63_T?)4G zInEvJYNH09F=Sa?HWB|Qk}tsRz5gr~$uvHF&4)YsQ?0S_1iN9bZRh=F0v?(y?Sybr zZvws^F0lN&q4~azh+(hV+JYb{0f7NFS_)RGjPhfm;;)lLlpm9BYR`3F;o*{{-~iC0 zt??0g9KsB63}afn3iJ~lQp${K*`@T)A2HoJ34e|CvnVI^1}E^vi{{gjr#>oS6>I>g z2dk71B25f!LXFvr9d3nPf!YRjm?~ugWJiE4E#Uz@{TtN%R;AP7vr{+0tntS}^^*wS z(HVY%F*B~EfT7m);zmU26`vfcfy|I99Ve7=kdofUAVZZ^dBE{j0#n*bR3_K_-Gc+m z%iQ7C)}1u}m5VIkY{c1aUK3Ubb0-rr6-$fiOcbR5j}}t^PQN|zp*z|I#*b5!6owR$ z^v*3?u&6D17od0gbPHejI=PXszmI;VQ6YZP&!>_M6b_hB-}PO~mA|}5v%h>{%B|ou zGv_e|lafiF#s%n&qm)brpLbfcJD*EHW}lo+pHx25zs?Ng`z7LNr5)7?E;vc^k#qm# zmi(HzmFIsP16LOkV@UBt464r*Zz#fU`z;Izx2T>RyBQ(uq{qPf)OVPcZ*v5+AphOK z&*za-WCyd8?ye9IGqe5+8XF!EG*J&GMTw!JVa$VJZU$(CCt9567}^NjsMI{n(Mdy2 zd_47HJD+DW+)4S7wP3#WvQ5qru+v}QZpW$Q zH$~IonPYD}IrwOAPWtA*Ov*V-)?kUmCXT>;U}hC9=9m&~z4$DZuJp?R&G)VqRX?{* z&pXrj>PE$$W$1qHyIXEFDz?CYG7Iig#_Yd;3tCuwocH3%0Q;xht66Pmm6>iGiG?Sv zkgM?A(jx>_m9sFPXZR|31H0So3H8%i?DfFr77V|jF1=#J0e{jiY={YT)Gx?jnd<#! zkEA5Pgt@Ke=Ji+&_(m|ko0c6fx>a}VVF7+l-MSAiTsDn7=4pZ_x4R{K?Av2fsE@^* zQZ^z$0m}g+3-tsCqq6u6bbqZpJ z^vs2}-JLvb?4}PSf!Lhc^y_br0(8JgF_Z>_$Td|wT*qskoAYUB>G5B|N0|+Ej=-ib zhWKqiVdBQE&5s!1^mpj?q`xDpX0xg##^b74+#~ z`bP+UL>#_V=7G>qm4w$mjtAYTc)n(RcvawEj5@iGVN&BcLh!vy7@lDqz)0X2;7XZE zA_KR4lPU4b5ROd~CD%>`cs*^=W<*J6Tcg~Q3Sd6?+ku-j>slC{(1G)EV= zgurbNVrgQU-lh{0{_E(FkR1?wh^azKhlFy~#i3plX33pl*}8p{#*>;h90lhetyEIA zfWJ-;ON&}t4wdiulVg@Y?P2^LYE7`q&2FE)%6sduUpjL)X090i+WMqyGUX`~&-#xA zCT`f|pocGh!tm!~`i?eZQkVX8I=Ha6k#Z0$h=|4Kn@QjC)RB%-D`}13WyU#ds}H29 zuS|1aUrOZ7#_X>?sV=lh-3huB+?Vd#z&ll~?Am=PBtZb4YE|b`_~k~e&2 zvr3MsuG_t6jIO{J?shN`O1lC90Ypj)h5&#-D473b@P9JYhYb3VA^*uRAM*ci6W59C zCZD7Oi&PYfnBX#{7yO;m$qD!09~ySm2cdWIzt@?fqu_kJ-N5$3Z$|#yJqHjczm}Qv by!phJc0Zc@sPOza@Cc9;l@qBH()0TtP@vKX literal 0 HcmV?d00001 diff --git a/mails/dkim-spf-dmarc.webp b/mails/dkim-spf-dmarc.webp new file mode 100644 index 0000000000000000000000000000000000000000..99940b3ec229689fe86f5a7e2d345812ab97067e GIT binary patch literal 88510 zcmX7vb8sa6*TpAxHg>YHZQHi(jcx75wryi$Yh&BCZNBsT-u`21s;jH3r~5ni-1|AF zm8HbRo3%gy8e+nV>WZAQ<-qR@wL!0dGozX2_#*ibfzyuHYk(*?Sc~ocLZF+ybgY7; zI#lK_!dZ_4y7joNLbNM3-Zb8HeQTQqb#stXy3q;IV38mdQPtw-dAJ4`vVhmMYZqd5*kx(cIwRC5$)+Qk(kjH7f2UT? zyMUHGACGd7)v zSEDneavEwZidkZT*{`l(g>;Fxlyo08yW^VFWTz$v9qldGbnD^?*U{j?#5o2nee2#S z>bc%o?M(8F5qynVNa=Xm;&Xh4b?F02s;(r;%A)Y9&zSnma2X~4@oe`5ak3 z0Te(t>FK-Y`|wp-$HE;7OEYYvuaEDFvLpM%+-B+G>gsA~^6F~!65fUhu>1{k(_^#V z)Dcbh3Gw;kq4rb5#((Rx6D>74X>X-idepH^S4x$BkUo_fUE;8OKuN7wIa8IIjV5zV zW3pm}o+4S5`mnV?noFLmB1w;aSiZ`M$_=m0c-8TuwUK@M-Pc6YO*vegj-1W?FQ05* zsAhjQ_2X6LZ=^6J^&e5eOo)9|F3M<$#ZM?h(J;|W82uh?l;(@FP{LuQjvX*Y#zBJ6 zseKbutdJ&X#e9|4c7e#yg{=q;a3tWuWlQD@(j6*@{Wo-jT?pbQB2ioD<~W7w$e_f@ zFk-z}2 z>f;3YUMz~Wid4_$2}Vqes`f`#O>DACvPKTmvX5>tIM55sDdV4U)*<;v(vgHR@}ONQKWeW6augpyDgq9n?{? zf>B$g>JH`I=FCF)(-rL0um(8rkgE0(Ur7HH9?kQTi5tCGMlD8*z!K@P!iV= z`7}F(sH`+T#!11LdRP7d0C5Rc>rW>1N&nKzkV)`j<->^Rqz@$VAjXk|!!65f1WH!h z#_A`Ze z#Kq7s#TjLlSjz~NMw`pc*Gkj-Coq;92k0b~SVsw^{(hqhax67#BqYEol>rz>K_Xct zK~yaA9<8dImg*Pfx4m_q8}TN-p1(C*CVl2}Bej{1w5@Cgs;yA1-A|$I7DWRh0I`;m z7An0%Hkb(XCVTSms9;~(L4u&9#pIwB?a+do&`2ivs};>iCi1W*iEuDTkjNv@swzBG zaUe|uW9!f(@kk@4lT8$0ZpN1TA{jc5I<2aDxb|~IkTx*QO{KPt^L8aPCw)fd|81-~ zZ;z3-k$aN$O|~JI8!|P*n1&aQ7kIdZ4yNn!;?1_}@@smJ-)1hZbKfv|ncv@DJmDQ3 zIw4tfR1tuZ{peU)q*81&Qy^wufj$Ps!_8xsSySg>XozvCnhK|*B<5Nw} z+E&AWmbQ8?vy?xg%uX}Cd&bx&UUZ2+)NJ?Qci5e;rgDyZ3-n-4?mZ}U>@|FXNN(jb z+tSrN_e{s{7kfPoPN{3qUN$W|W4__? zz8i<4W-RK6dMV*QlmBC=DK0wTbKg~to!>XHlVjdN1L*Zar^-90H!t^mJKRlmKpr#U zyd}%9_}|;@_JGiRP~?>hc(dI&*JOMq_`mV`OcW#8>!HPLq70jiNFL53EXg}OgjuC8 zMbz2xZtjx(yJM6MO)n0DN6dtfVj#hOn-VPZ49Wg`w*CIy!)y2_I4R-S0P|{Ni+erw zdH*Lr?}RbbFURy@H7X&*NKq90t_Jm9?_WgnsjdE~Hv-EE7RG zcO8cE6BXT_=JL5;`dRD9>nJ~bd^X@Oia!+6oII_)G{`>b?~d5laNIP*qxqJ9c9eQ5 z`>nP4;Q*JZhpG%ugNoXI?@d>2eC@DXtkv%ZC8@>f8N*VrjQp~+kSLetzuRYRwkI?kaBJ) zKRX}3np+7%J7#VDDN?Uy(*E-s9(wm`&W){W9`2*-&d1u(D-m6DU#!J`jpgCvoS1CA zJbZeAcwGcqDg3871qbZWYmf)EaExMryuD=D{s}rl)=U*tD|PgO&u&Fi^Vnz@>l>54 zAc{9K8OvukcM#Gg`+!pBsa{HuRSMSwaa^3Lgf^<|RdY)9(%M)rkI%))aaPPviPsBV zX+vMQ2FI(v=KXAQXRvmUnmovk-`wFUC^GM8uO~xC%gjw4A&TS2(q!{N?L$gq1@X}3 zeo=JcFp`HlIjx7Lwc|Z6QxBX7@T2*dTpWFYH* zZ5w=MPibeG2Z^xY2O-HIv{<>JL`2lid2N|EboR>pT;ZEL%OkV@V`5`;%^p)hM1-*@ z-MR8Kc@m%VsIBqsiRjz;)Kux#H2R_%YSz}D>JaJ#Bkyss0!FSG*JXu=^fl;KM5774 zUO^a|QNa`&CvN-M2yO(gP! z_`Rs`d335zedeM~@62y~xR%OE(SBeXG{@+Ct7ODkwlh$Ywb|Ch+TxrubT}u8Pv~%?SjgH4p*JqQbjpKr*Tqo|ISqHm+V9v*w|LbXP7dW5OVXuKM)@x|3sJw#D zymjv>-*|ZNzokqhR{DB>)|+=a(^g`OFO~s(O>>lwx9VtF>1UWE1gaX^Ql$hyE$*% zPO8PI)w8t%Jb$8(d;5ngS_Sna;i3w|$COKX+)@2Q5zZ2ESem-5K0&j`&uLUXNo8N< z*~i(Squmss>QG`v7C)cj;hf5`RbFzcGbvlu{!2r%c_bHN@X?-nbYHf3Q9{S4_0^_v^*mBkKz(}*0eo2>3xnY;FMvpSFhBGFL z3QQ)>QC;(qk``Q*KvHn~`4lboErDz9+EI8DF!n)2VX1q}V@5Bxd!f_$y;#fnKHgi< zm;B&tzBx4J|NbD^vgr&W){d_3a6$K|I-SUZa#^M&EPq1)>0 ze)!#`r+sJw!S@=%@Ygz126cB#?q4O2`)$Q%J(Pb*g_q1FBaHP`Wvltr;{GrTX^a6{4IrOsCj#cz6QB)}~CNf4{da@w3_rI2drf>2#ticwCIc#HDa z@OIdKo~=A>@WVMG8(_adnofV;f02XY8aqMVLM64Gc7>6$#93t0)wnLY35w$cN-PDx z;~snv*4Y?YyD+q{?I>zWMQgd&;GF%(whBc`1u>BpH>>#~osDy}3$C!_=(ql10seHI z{z+4_@|bovvTCt(GWDfbFkHSZvF7mOgK*_$wzkcyzZ?YS`}|aot=bTCPSyTW5K==f zM?g&HKV3+Mg0+`9lj}8R!i~NBgWMgY=o!De$Inxw@To)_iW)Pi&2nfZ>N>yG{fkx4 zmVJEg5o4*aJ_gSl*`NeWOCmAhBb|Vf%9es?)Qn)>=Fr}gog-#j(S1|=wlB{C#y!*O zTDaVulk1#rzo6Mvf#Z#ZpG49?5iL-$u4azs=F(Nzm0Fk!LOMlp_W6sS-rLoN$H*=g zpeXaW{95S-Djaf7bhGt+R$0sM9HN@&c6!k|@~m{g?Ee`WTUkqRN{iaXWjPYR9Q5Sf zCIV$XJV&lFkjh_#DSchW(erkO-)NE1H7jVAhzOtF*Gw3+kkm-i5#Srd3DMiiv;OLx zEiDd_p;yOk+(dV1IQYipxGc7ZY?+bq0b;OZ@PikxHKoP1MgJuh}&s zCepLV_5~Fy?tk7~RbiI-QYew=f9F#-!9hw#@7nXUSZNJI5;C3qji&c(V#W8H!e0AN+%RHi?_-go&#sOa z6iLg#EsF36ONh1=*d1{u2Tu3YBrXDM=om)fq3$LZc;fEX+`2!o{sVjS_Pq!iI}Mx6 zV7fA#=F(#gUB^N6e@Y8n9y@+LY^muFM2NAPz+D=q0#L&|ufTEy1M@eE?ia;%r?p_% zSQ!NRaF-aEaG1j(#1Za7Up!J}vE|aYX~hw?AnlK|8{e9b_x>9weX6zHl`GR)pQ9>7 zBI(R>oyK-!s*{3Q10k5?1u~RP6uGOCR zvdNTzIWF*Huf$^p>jc5ym(Z(wh?vC5V2BdXMBje`rUWIojOguJ3A#ILokoa4@#!HH7i1mxQS!YR$8x``Ez>{-P0oDQrb>>f8$E!*WsK-MmWF_4cLH@ zRrZGKchXN5o=|-liJi5IsJzB3x7I2f@0LXXuS-WK)cYIWC*m?EMNmpdXFci<*86JN zs_fev?)XG;b#*lzYv)AzhBCTLKf-Z!k-zucEHse>vP6f^y|$vI$@gf`0$waJQSzqU z8GQ=L_|4E_hD@SyG1xh?0Igu6o+`5nQB2wm(@gx(@ zA%Q}?+eRManK1KoftWXSX8~^ceW(}KioDH*IX)m{FqfHoaBcFIO9Nx;8R_ZiTo8gH z!YSBp2%C^8uG@3#wL*jI3<^rZIN-@asVhx~6e;}W4$Y@b_}Lo3VTz(24feBa)AJoz z>Rdg8n&;;DAQvgLk-dt}Ds#Fx_chPUaF?`?3d*6pl{U?@EDMtyg&P``17a3}3-PaD zr>T|8Q@nC!bKDo}t*OvEA6=0vUb$au*V?)cw{%k|2CNQgor5WzJBI?jNZl}FYEQ_7$V4y&Tm;&FyE1L*G&l> z;sav)Tk(yLSFv3vTa9Qul|-xu0iD~&tIg$D31L$#niyy35+aUMB1W&^!k!-LA(+^o z6bV6{UM4@;$6bTt2V7|NWTbu+_S3DRYgl{FzvY7{T7gR?cRaZ|b7+Q$`s7Pj03Wr& zZunDoNEBzjmIx=}2K7%|zU8pdkAt;8H!->>+ztb#`}og0-L|KesGIi_IamArV=7v9 zg&ng&K}iI@^W>Wz?bw()aSs2$FUQEbSI5i3Fm1}CY{Lpk^>2cq42af8Eb0~y!|TGfYc}T?{e-`7=@~|A z_(5fDG9yN;j%v5WzfLXa$ti9&gp4~lU+x^e^>@`4_G&4Ur#{{Z_^*>seWsk?=!YG1)PA5(;_=w~?oM+G*;|J$k5)*qMy#QfpC+(VoY?OI zD!1#dvDhE9_0EoRA%>)*hVfq1M7kX>o}QTn5$YL=5p& z83BdAAhFNNRk$^pR+^3SZFyUlGjBmupy!$A%{w4_Tr{=dr6hG_t#qaR*#AXKxH{Vn zA8UJuq1EcnrHMZvTaWh_P$?P{^pt86SgEQ_$W>KoOBBY2XYqd{ft3QvOiM{wNrO14 zSE&}YLT+3xf>MHz`c;(kiMx|8RKtpI2zkhM^O>uIaHr+}u4DyiimNUhDI?W1XD1Yz zD2Wsl{397qmdZeq$(Mhsr0HoAuw)U4AHwhP}UQ_jpb)qM2qoC`@g=$zOEvu~U)k|RL*?O~yt`Bmx8Ltxav z_T>Fc9mok`Rd+egMsTna(y15K^ygLTsauB+^Mb@T{2&u_^XuOL#dgg%gy~M26JSE` zwHBupYvVajfL+Y;B$e0XTKV15K+ZKRoC6~3&T$+j_(zG`xZCOXKkxg_$)F6?(1m&w z6)FSHgD%gS=NK`z=h^NN`k&58t9SXz`1Oa7?@YH9JIIS03+sD!1QyL-(`9t-hyD)& zqQ1SVHO3lW65oYDba(>X^Y-&I_G=oP2gj$E@`nWuG4EL-F)z+2Ju6o7Z-Pc{Q?@v+ zx4D>I3w8(IyNwd2)MnZCwhk-As)8+p7Mgfaq4ZBT*W51l&~trUIiX1{i0HXYXmT!# zuF*}*D&DMA80x?1$TVQ|S|8sGZ$CbvsI%VWI^!}9R;H_{Q^E+%Y->*k*CFcnEr;hy zGC<-G9IggriRDb94RnZs_y@7!VAaVc~&TPP&UH*jBO| zktw~?RBJHle%$aDih`~40{1RE^^P*JbyOn06}p_X`cnM8x=!7oO1GxcoqL_qsZZk< z#$u!eot`o`h0fCM&=?3TY15PL+h+*vKfPagy)u)eC=O+=x7l3i3f(R<&!|3_JhvF` z`Mtg$Kg&CVO3(a~3I_WeVn)~oCIs;&#n2XW;9@c(W$Sr!g;X%#IsCjYUWG&p+8H5G-0{C?jWz$}Ka+?^@dkhS#SmlPDuxm|0y($|`d0zp`~AenM^se;h9YD?=zjMcw6p5Jm2 zL&oJ=J`7?+@y{HIZKTj88#bqZOHQFxIAp`x_i#9#p$wZ&0`w{AO8)phf9>)`pGY2g z5>ide{0{ybDECC#?jxj}T2!g2?woU{4lPQBm|YJJ_QFm@3Q30hu*PxYe?-*ut5fvB z0PV~3MTRX_U#_-5X4pJwbgev`!k93ICy7Vdk#Se9=a3dvucGDEwx(0N`j`r~(|3lH z6+uG)BcmdLUAU?T9?49z9SBFdX@b&N!6K0hC>a>+&0yqzJz$1#)kba{wmt}*Oo)f0DA=UKBiw8 zOYJa|HN!Kc>{4>^g=X~HVzK0}M0X_5D6=4bGqYA-E90dqd7krs&0T0z03S?;!>J%k z{9?K)lo})F|r_i+};|EOb{HVt2xdP(I`7Zx~hxk~CI)3!izYC=S9dBfy`mw=(ZEY+ma;t^XB zJMgTzp{>QpjXoO(#|@~9>M*b9LfNg zhPXp=2aCB9vwJNrIrFCogpltBnPYRH23&t$Go04@08+L4&0xMbBewi-z^Le?=MTz~ zD?45A9&ldQbSSIzWy@6ds`(MqdQ;30rf+RQ1sRdC>6jEpxDFm|OA1N0yNN_Bu7NYf zz!~=-@tLTlV|hoKysN~vBk&Kq3g8iY2s0N`5wl5;RA&RdAd$%&oToq276;09;9@@0 zIy0v0!t4@(2?9W9v1$JlT5SzU0+k6w9y8_%+BIm=Rr&QOL><5!y-H~OSP*K?T_gjE z{MtG^#HcVA0DXQB-~SU2*VAStp|;==oaPsOw!%W@5e1)n{`Wz4o4&u#D2S6qE_Tnv z?=EF~n{wuZ`&BGA9{;$;9H~q7x9JWq&pUFiAze>c*gn7<(5d(m^0zU{0;0Fej4BV4 z@pt#@pP(w$I1KvDqMLhn75)E?Uqg^U7@GWt^DeF0QDxX}?Rh`%G3jO}=p#kCdv>+? zGq?15Lg>L#L}Zx;(TvGE(mNl3xM!@yj-91{bnDwGRUE8ZB`NMv**;soR&TfO$H z4%@y^>75>Nz~AluIF?7%FwVb>X{E+$N^>I*G|Swa zJZ8HCDa*b+=6yq~9BAouymkbe2uVE{^t?P@HsF3?uob~0;~>DP`oZKF^;p7?!R#Ds z=aJt4HO#*?i-(*_w@1}m<_%s91NCo}lVZogS@@gh_LqwM5dPR{5Q~}UL8Po3$tceYwmO&KC$QN+>To_3OkMyB%r_W;GJV&m zdKCvl&s&X;419xN2B9)Ao^JllgI_Avkj)3ML@-V_HwRoz9@2SqYr@NduWcF6r>^x_ za|(+99_?!d96_n4SL-6$$egUcZERZ`?${e>!FbC=VLi7Ot=fUW&)5z40i`wouO^aMo_ z>?nD&n+OVd*57`1bX^_GjWBf$RBBn67muk*nR5i#r%b1uq_4lX`kQ+n-mKF)ND(?!n)Evp6%NfxrQdg?=hLV1!&)LJKz`$1X&!6>GB1m@SBR-? znIHU-Oz`;bAURxF%6iSN=!P>vv9F9I)dV!8pvI8}@V;qGUEx<*JmX zbBI};nt(uQI`04}e5GjjY1%c60PrR4&g3o5@%j5&)vCTaD`MCfG=v#Iz(U2O<(MCg zp-pKmc1OVE+gMqpo1JuWhfbYxyw$EsiC@AhSLHlnpF>1hOyVmm-B`sKID}Y-bxHL&R zhDcH%7dqA@MHkw-cOr@+m&&@#T99@-v`oV`#@bLGuqU>=6nWQI}RjP2O z^)s$1CW~|FKCdqhBED^2gD>`V{*_T9(Nyuzsic^^!kkXO!MBn77*|Zl{%Nf^;|Lql zv(ATWy(&zDO9x%oJsb3~5 zIh-CM31&X0NnOzr!>wWRtMWq9MH8w1W;|fIakZ^WEDU5*ID>yfO4wtk%@LA`zQ*+6 zv?jjyCbQDe3m4C3aJw^lc&s_0s<_RCKOd6uCzfkRQk>=3>qJcA^`F&~Wo#e>n!T?=rfe||qP`{>ZTq9)g z1R?hoM=@FuwhyRlkc88MMJQee4n_v^hj|m6&Kl%mK`ybiQNevK8wPc|L?6ms``>7d zaHFIorVk;uh6nckm<^5l@qwN`c7E6$U4`-p4j_DRko!@$`e9O0~>{H2M>0g0auWt4|R|N@sXE;ytSND|;Kv z6-vo$zK@o%Vd^Q6w+zhZ&w}+fQ=mB_;|Pt2q###0d zQ7WJQurp5^V(`M53+qT>*j}Jmd{;lH%RC_#6907%~) z_tlIldZKrP>~TxR&@BE~I&+@e&|mZ76&-w}%^v|-_nYV10B|80HP}I6AcK-2>Yga% z+(IADH99nn0?EK6wX{1&H>28gX5WwmrrcN$&`^zQ^y0iS`D--))q%?#IEA5mj* zgrz=(&jhr$g{bce*#h^mvy9poN5qW9#~D&#gi~ zKCjV5jyElyGMKSPZh|Zd!N?41&*{r+JT>SYA(#Lg%<_>oEiMRVVG0fxVb;tBjO1W5 zbV?72Dz+|K0RO(jwpjsU$B++=WBJFFEs#9+GLs-EmuJVkOe2o#kn~3MoNq>1iD2Hx zmK-+Q20$;i0joxJ1MK-5YJ=}@GD z>oPO-ACpZeSU?n(a1VNpfKYV$)1BRngfYe#vGL@pRZ#6qJ%Ru#*ggm1&++I#j=@L~ z>OIBN2R1##?)EzJu?>!LIo4Ea>(*;ouL&Dc{ZY*-|JCq-e`d;5Wb{rJYUl}aAP!*# zg{ove(NKd|Giho!AhChFhhkWDNZaGz2a-t*aHI7J>iSr&JEcakq6xc189{r!%7|~{ zN6SYgR_T%a)-2A*rEn77S>kp{vQFHJBiM_?1ra_AjjB7xj*#4JYxDQAqr0SVxO!3s zW!!$tcHvC%BJE``_@2$^p>_Fz`h{)zLz!mrht24-0*g)vcbAI^h3kgzg znDKON?Lz`?1da#K=hQd2T*+Y?q}{H;K|rGo#-mEn)^m^JV8NZ$r199t)iQXzs}vDm z=7!5)5rTn0qi;JJ=GJ3hA@3hcJV97^^IRrW6oi5wlb84W^&PGlodlI&?31FBn z;)nb7fILUXR;Vatn){Qzyf=#P=O>ZSeiP-Fuj4Ak`GEE~&odB{5sVgPUuWu^?S z)Mas`U&y^K!COED$E0hTP(7@p9rd?Pq!GDTWqhV{$M$zYu2=91h$F$rPyTj4akdx3 z=|6QKWrTyp9cJ^Uo?*m)=1h-&^7&?O>`J&>RRdE_($)`O^PI6o9VZ4k!X>+JwrX*c zECGyQ!mt1$Jor+Ygo8}G5p)GgRi{uV>wVt8%Soq|Y3Xrp1_pTLAfp1Cbqf~FW5Z7; zGijH>bB;Mwv!Ss^6|BlM@>Nd{KDJz)da%kav;Iv@rRLaJaf}DJU=l^Mjl^!zKBUXwH-l6kz(=xf-@Y1CTexx_pSJ!?$8HYlj7H(?|78Z5 z6ONhrf8HtZ@Aj#)Vd_#1(sV6i-HLgYLD+iLnGec{91xcqFc zA*W4bKN?EbqeDdbiJiktdQMo4o|h$nKk?|<1f35)2Nk?qLL-5j9Ub?>VjdLw81GN4{|Qp-(M`VwmovGU^gLe(4PhQU90aRtI8RH< zP;L1Ee9)f2uB-iV(mU~D4k_Pyf^SnO#$z?b9me4i2d|(NI_^%FnrNst-eqaa78yi> z;lBuIX%)2+Nps$g)kC(u)1v)nGEt1b;rk2eZ^o}NHF+{0WH%U=+r8VL2ifk*6)!n( zfyP;Q%u-pzrExuP#R}u!fr`2xZ=7AI-)c zHN{=Vbnn%26lj@kzpCQB(`8*RgS>p`EZh8sV0#XYwq}!=F*M3L_9(uT)}Kfs9(@z$ z7>j1$oBeBYs%1(E>X5sC z;NWs@FJQrwvmonBV!M6dJNEz0nXi8AA$%b^Y?&A@RCo93e{z>NgTi62>$GYzex=q_q5f6n{GllVPdH*C%{C42GnK)!Uw7grL_cRC@q?UH z%~#vV*EJ@bWr!ePnA^SgaV~C#+PU#?I@{`31=Oqh_?Izs)*JET9^8GZXtxB$YGqk7P_W2C5|dYcexFc3KzQlU5Us;%wAx_FD9;I+o!@aXkl{{49rv;9)cZt zCxMElYp77Y6OTn_$FzEBwafA&(w}Qfvq?Y+AD9h~RmugcwZ+ea&2%NAW{|nm&N9$` zVWA(l-82|a7T&MuYAc)a^XUwn`~J&Ax>57k2!(1H>o9u(oERerEtPe`aH8&sJ)O4Kcuf;SN!oU%`(;qd}QIVzZ|* z7v!3Hng;s@@kl2`itj@Ks<(b7&BC15i&B5(0DzXWllDxT*ya3{cC|uB&(S#KXNLdD z9p>uJ29>wYSgbyl)ii+!4!R}|tmOEML(Y<$5^z;&w8yz5o&j2k>CAH>oEgn-U1U&d zjaK9dtY02Lp-^)khVY8T6=9cvvf`ihQ3Xa48s`$%{&lq#6!L4jWnQ<;mAO3a%d^u3 z5dKis-nJf7h0}4#(-3ip*MLBrHeR6rHRxai`hf4k-1X=~_!`O)-bP{#9N zRXW+{;7XBd<6Pd6kO%kH0dRLka?yHkr}d>q%(kBM04=PiM=d2 zFm-COz%zo}u${|Z2ayn`ZSG?nOc9#Smx5^p$~^olAJABEDmw~!_yb4MLQvA-f|~^t zNHyPP1z?l1CgBb8d=9$=<*qH&tPufkI*BiG#9B0GZA#3|JivT53dqr2L_S1-;a?_{ zT+f2YUUL|*0HgO&G#<-o09Lupp|3;eEFI8gpaqEPd2i{rT4lfAeSatGT1A#%YQ<@I zrosOl5rW5nrJl>V`xKt~LFU*=^wFmzVdQYHA8}MTnQ9CoxPYG~Wzi|xv1S_gTMyQ; za*y3m_Xfk>fP>ap*`g25vlrY1awk3x7$@e**ZQCW9P(S-)fr?>hM=*RJnKUxy5=Af zD$pGxedGi9*Uez;&|wArNucjbp|;NFJ(IWdC~^~|=Bt{LK|WLYUYw7dr>DyYfHwXh z)axDsje|Y-OE{yrks1@iJ8%xteZ=i7ZegIo?iwulJJPCw{tlE`d}LY^L|Z6(6&5Jzg+Wr;|`U5a6__P%WZ zbjHUbbW2a=6KvMpY_j%C8%T5X14N(PLp_952y)wf3io*fbwd;ZX$0YZoQdr)CZ^~j z1y1av+-H+LiDCopepvy(^(j9+5Z({WaGy}~Qo{(i-?Ys)JZ?u`U>~B6$h{xHcHo=6 zvW&R^U%#MoREgig4O#RCc#6R_Svpdb=Bm-&N`Z`>p%yYsB88(8_ag-su*J>G^^5i@V#QA6>J-YL|O{^f4KQgSkqd8=(X_;C@+CV~MHX8(W!!?^j_#iZkh=kdY9H4s{Ufe$MXA^~)H*^7r175p- zBV#l)jUldm3|4FiOOOBYWj9rui!I_tLJeIdOK|c^4E@pCFqHS4zpMT+x$aSA%rYyT zA#CI|-F4(mRmdSW2)@ak zPUj*m;{fzoe=Is-R}bHC=re5liWiE#(sSc2H^(Oe+9rMZvX!qr%MDUk+MsczkWBqg zOSb84je**2Gc$nmnds2d#eP&+z z0z4TwOpodj1xa7ftpY4=SyqC8&wy%>#^(nR@|(aDu*hCJ29kM9%J};l-~$p~@T%&h zD*ot8BE;#`038$AmL?nO$0r0IS(weBXY7Q-*7w%Ci1kj_7cfHza+uBM)Zs$*WUw*M zJ77!s662z@Ufp;?%c1M+vU9f=FKdhdhNru@l(aVn1a5m#CUTa1QMy%Gs^~C?du`ou zLZFp(&s*{>!Qo7c{=H#ikx{%e7o3U>sc7D|h#@MFtPpVzdk8L5FZH8>^*V{xxI65YEJgVmR{oRnYaax)|D0hHt{4m;LA*FH z6Ce(T_wWIraa}f=sDto%bg7>0TnyVQ@5tSEr!4a`$--_ke)le6KFEtxmvoF%sjm*7 zs~9E!2xhUNZRZ}2x_d^kPF%{GgLd(V0jr_9M_-$sP&=W(jF&uhN`dgt4X)@@@7AAT z_MS10j>!{bLOsrK?{=?!6g1$*@)&?1Zc>(`Ha|a=fr-mjQKSnmMYz=(Q9u-V3tijzx>sp-6-t9lW01%VjA8UM7*`d z5|@ZpCFbHgu$c<$m+W-FEHJNqMU2-HI{^Rk;63?MBLY@SDG7wjO5@SoU*D)bf|F$$&Ho$E0s`I`VqQv$$?H8l=~6 zN?i}>5dF;(`>cE>zN?Qv@^_Ez3@AF<3>E1gRTmt7+Kd{S z@cB>j8#-hOsI-I8&q29P|Hwfk?BFLH@1r!Z9mYFD*xGMhP9M{=3}m#$Jl;b92Y-M$ zZOPOhocGic^f0&V@*sxaL2qo``?6OpHM+_*0-~_6dVT20)Dib4zaRjGD>J4K;X>Zi zix-KKKg3X}_cg*ORCk@)kRz{>qQdol)GwsRjjM&XxSIf?b9-2cRc|kK#Kem8OwIQ7 zmNQ~DcwqdCMebH&;#<3mReUWF;g!@g#-k5jbUnKrUoBC_W!E?~$P((H!NJm`oZI5h zd=^2CS9gTb={3Y!`y^@YXGBTz?15p7F zgXjQ{H|v+$s-4~@=ksynVRJNYepvrt2MO?H@|2+0AY07-3=#t}e(e83ya06nuXhW$oQv$QzoW*b0m)TqxvE7U+BL}!pJl_GvRswbyqU&q~ z0Dq#`MOs?n_erV|Lm)r1TuGuVvlsEls@r73+*ENdaXp+3Z)R|ZYp||`z^88o^I&L5>w5W1$zNF?r zFB5vVeqPr+(Ox|-5dNpW`@zA>9w!ZGdz*#J zV~rFqVNC#R)Z`8<6iN?K9mS1_5m!A8F0c}c_~UdciJ+llo>ZX2%owX zRWTD@DY+c2w!Y)}+*+qzpwY}5;F7vd{s^9nyvc7WE?LKa6iJc_UhP}^u5?-5Im?^de4r*4CEZn`EchRO^c-HPz(RLBcqpk{;G9?_h=^ zo-~k97^zbsn4$1>XDlQ*hJD@Lo;Md+9JURel$Z){EZIagbU4rP2wYXpRD@Cf7qpW2 zwqVbZ-2EaJT+`Nsg{VcM4iE+z%X<2FOQJ~S%6YmNyJ+Fa?#WT5vsRZIYPKc=Nnht_ zvy0^XSFs*87||=crAk=U`KLBPaI`dr+Q=*khI%#hOXQm=O%|B%F*lGzO7zVMqB`NT z8}R!8Y4M7CoQzI(@JiTSW?AWj?Xgx zN+}KW&290gow#~-28#PH|yRmJjv2ELC zs>4VOx9%9%*oty_kPave6~pUec*;gMOx|!-J#^abJ?(WPo{^psv?ujd5^u$ zgVa(Nakv|0AX1vd)413X*gD}8Dcx8yjOFzHq$f-Q3XW@csHXUYhl67>Id!MBC?V z3La|F)$%FRYf@foWnf4+2a+Mh@r5qgC=+n!BbNj-5Sa zG{FMz16#K*XPndn?>{Ya<2=J`{rJ9l#7*Fbct^_peUsre>>aVQFgTfCp$rRNltE?; zf_(kG{&jtrHO@@19!R;$bkCmDf7P!#ai|YOcmBc3qVH9{j;o3Fl=^=wy>uDkuoZLnNikK1AKi}M$wmn#D*lkq{wBIfS%4M= zIuxEHw9~Ws)spZpf;yNq>q~97DdG&bf&x%Im|F=De?QdrC+=l`r#6m@8JM!%iN9mwgQAldh~K^z!dNLxL4bh^NCu6S<8f)qf-DHH zy816G>!fvMw(!j4XWeW??v8~qMQ&RriU0Z1f(lm3*o6L+MF;^$7=J@Cz`JK>9&>N< z^(j!lN@#q^?SKDjUU^%)wPGy_)31`ib28hYCnqr~F7hL$#jDl2Iam*w*(L6(eDbc6 zX|6NMvLUAGkHt~49r4QfLh8pCTWhgYhV8nX+Q8_K;6mx+nN$H*`5CUl zN;jrhryl53Covb*1tf?ZQc^jOGWYG`O__)dW>%<@!m4$GuaXZ#-nlN}J;$mW&&Cs2 zMj=jMq`-AoOyqS4u|yEKb_#dSTP8e zncaP_n?pnkR$U1g45jjm^U}SKL|?(>iYSViSh>cU7US)ecysU_x%dX^{yMM zKfJ-0j7`}LJBPafzXk@k#{lz-dSoe>_LGvv>YG9qH`3MQqu~4No%G9Vi{a8`7r1u!>=tdcuGQ zw7WbY%jmyg)%(RSP4Gv1o&SZmt~V*-5Ze1R;E`9?HH{N%I2k$Q2FE_QykWaIdEO~X z!vyZCfla5=sd`rXD+NSrib%{;PEGx-7bKCibqBz~7Kw_3#kc$7gH4xV?J)D7K`)Rt zP54dGJYSy(uWDL>bdoaSk3xbNlzIX5H3L)??=?rxN-bp1yO~2fO$W2QkNH`)s{0++ zq-Y?nszP$?=%xFUXMt_KOlzn{pAu2f?vm`|0-|8OL48K8Kb~F3eX}cS8NSp^`02w4 z|13XrXr(=2n7ap8{1hyD1_fa>k4w0B)5k%~rw^x&l} zF0pDQz1$DVP;2Pi@DzC#bGDckg2`>k0b;&w$NUW2?{nVkiq~d&EF4kShuXWKPDSpp z(FBF?(bs=eAcQSmh~+GWA+MoSzyVU}I&>Hshwz{_KR>V8Qw2i>HB-lAyZX}RkY#uh zM`cxz;l{Gri0Zy~l1%x&%L4>OhFD=whg2n5f?XyuS(9T_R8&l6;BOiGMB=ShQj2y( zCdu15eaDl;IVdN8j@RSS6%`c?#`nQ!J92cE#hr{?ZCaK9VOVe=+|zgukBGz4vwF2e z@HLiN@JCn&Df6iRW+cMxKP&+l)agGMd)bys@%sRerF!%`d2F6S3 z{TiGvI#|q8FFTPxZ^>s_5D^VGOFdR5voeif>e>5iMP)&IV(}z`3?;g_bKbt`I$siY zr$5;%Pvi*kjGUR$WWYb~BI%yf8egsxqW));RQIolmK#7M=@7Et6pv0bZ!pfVmI7%9 z9pi7BeE|#T)_(m%0Q$B%&jtB(Hl*{l*-zmgkq!)KuCsNVCZ7V;)NiNEb+#+8*{J6j z&}pFi#y|llhtPnl7xLb)zFw%YS!&W+Aaox%+XFGOF*K14L;V(zA~cjz%T<`BTS}8_ znS_dNA;)?5MUZ~rE%)S6XB<;lBLw_s3;$i_n4raSEouRXwmu%Ho-pa3Gqq>4$xwSg zFLlBM$h~GRbQ_kp7{RXOeZ;*oGSu~pP+$U19QK8guyKpu#)v)&p+L@(nAjQyM z94dU6jY>*76+%#=^Vt|cT%@xOw}$Hp{sA_>jP;zM$m0J3V!B1f;;@!Y<#KW8Ih+r| zRtSKuR1c~3P{s-;lYsY#fTNc&zhI>qSkgbYxVY#Bx1190fBD?n?+}K)VEYlRVcCg7 zs=4qqQ!sbuZmW!Lkp zi9ZR0Oe8hUotX>S7PG*4h%x!2L zj{Uv9x9n;ezZOV>Z>iJup$g6X?mi4JsSX@^gg#LK#Ub$Q*~Z@u$-(>yce>^a>bnHa z)<3=Do6h*rwp7Q%@s7_O4sR|2EulIgXNeg*D)L~EBxA{Zn`4T+w#QZc3@ZgyTWM>+ ziH!Jw_XNiwHPoF)>iFo^)RL~OI&0SHuYsC3*TD`c^WzG9d>L%1|Itd(P zjfx~)>`$(^7^FZ+i6QzP4GLMi>k!9p*QZ`Of1Bt$#!}WZ5gCP{HdW1?>!=6#a|-Y6 zSo3zR7gk{aPZWvm5h5Hs$6_!fZfY~MXG|&r&bx76N&W2l-hjIuUKP1vPtl(Q1Z%{u zX9m&~Etvc7p$)Ebvz}xxNfU0EO1N^;m*fzC1nkCiS?M8L{TR{qYKzA54&aZor>liyyW-Ex1GheJ(Ga zED+66oGL`&Y5RyumR$w1Qpw>i}5T#533KcGp^ktJ^qEw@+T`$i9e_%!LR%%`C zLO1>Ku=n-m@2@9Q}jj@CBBinh)XnH$%Eew0@}OYK*ar zI1uscCZo`)gGN@kq%(vxO4|KBocBYy`g`=#UE00XQ6)b?2DC`2O@$b8wa2ZfWdepx zDdau#By*Nl5*Kx{1&GmQRymmoRUHrv|Y(N%+%n6sU3UkfK(;z(DCE z9WSfWdQG=`BbACEcOLM@$8!Pkzbnb&8jWcJS6e1hvu@If`$wR{^z=1o;jt(BeeR|7 z?(ptO%vM=2hbwL^PMY~r=@Wr1y)^2;HU`TK{yM-O89%Ns#1cr6LlRi3nx}38_CwqH zgR{4~Cbti{QrQWL4r~iKB!`;2&vpyGFz0S)9==d-!=3%x-wTAITgiL2azx7HUk}(X zRjCYrr{Of%wv>zw+SC7wtJqd3PRvP&2@b{3kQrag3w5dg?Q*+qzJHAJ#qJ2wj5X!P zn_Ew|!x(2wA2BoT_4OCaZkOKO2XkW;@RmFPWv%H{M)rnwSEO0W(mfqAYeayIz`l*- za!uyF;+;#Md%&PLSvR+Ps5=wh9_EerX@9|1-|KRx#_;6?J3mr~`_vE>Ms({va&%9&s5k~0MSayM( zq!MQpkd2eI#iBx0foxu`MgkI-uGhC`h&3@2*rwF=yk~#5sk?|!q-t3b$I#UC>TKUD z@d7j$Hc8@l?t8Yr;r$Hm$BI%Gjra^r_y0H;p@92kOy;Be8?MOak(v$zHI6jqA52u$ z-(ctE;fR ze(f;IcekOIMi^7jkY4Q>H-qhB{Hi*}rtDf*4_st0v|X5d2fc&)v;x_ryn zt1_zh)%CCYGtKYtF7)ASQfY`VdSFif!6p)lcrJleL$p13rW8K8pA2N6E*kX!N(q=? z9i%JtWIxE}HtYWJV#y}KwxS|yci!d2veIZ-)BXI@YR0gBu^P$Xl5f{I&SSaH%&aO6#OR{c!KX;dp8_!> zOD)RnIn!w!K;!Pl&!C< zg0)ExU;1z?a8IO52`Zn>JD4_9S0hE#-srS4^F42bAZ57R_L?u$Ya%gM7y6}f-B8kH z<;6jY9$9wjJ;dUHjg4wELS^rw{}E%n>}CF3$s}oSTr6nU)lH5 z(4Q66e^JY%IYyjElD2Qvgp~}{2r!o3N}zKen=2xI(i;0A!I1{pRThC@FRJbE;k>CL zq{_`-W>`}kWuF8|UNe?law@5vGGKd>tlz7MT&3ON$ z}Nh9L;dr&B& z@9dT(HpS;~-x1?xkckSps(G1>w9bwd!oxkBi`=8wRoOeH=#6;X@|K*dMG|29?No{q!Vq!a5aUi-&`X)k-WnKjOQ?9&OEWS| zwaB(Bm1PLJ00AHB?2(O6m9KUDB)58mb)V4b$^ACHAWM`+06qai!WDdNEX2!nHzB|p z;~}T2?nh>JsA#miX?@(?fZxs&O9AETNVw7bU))p->as)QLbY-cxkhgC1T8(+?NLUn z1mPm<97(w1)wP=k7?P|UE%dvrl<(QZt*{u}WjqSb(Y9?Ow_RcDXNh=Z{t1WK-|^vI(sAjbG4Ldc3RNrUC2I4@ zNm;~SMb~!611yR!+pV@dc<)G4lz0&v$UA%x-5ahdSaV^xj{{7f++H&Y!GZ2~)m8y- zMm+QRK8+-s(4xwFU;EZJss2STUAY!Ekj1Cbwg0s4KznTINS*56C3$)KWf28(?W<0} z)eW1O&gkG1?=;@cIb>l+%p<{{>NH|lu`Xr%y`@AeTH^qUQ5H!qpJ z{?+kDpQB=}ixF&Q88X=1hx@&29X5~I zrRPtZD(3aYr|B);o*Ptz7oCh8od$C28Ofs~2vik+=YaKIHe9V`z6b4}wcWnvf%UZU{-!f=IiZh$PDfWGi>KfIy*~Iux;40PRgoNu5 zZts^og@1Tv-;You`p@w()-<8h+IN&qo-pJ?AP8J08aJ*;cgm^c_PeEER*!Wyl0LBr zBwtm(zi{yS7Fk==Me&>s!%Tyx)|9=M88>nbHIc%e(MIJZ&2Ex?C13MCwMWJIr-ei0 zXtEa1SUPCDoh;{|H#jrrsFIViq$V~>Z4Q~8kg|*R{B~Ye86KpoQPf7MP=)2>PxE%O z(?ti`8mS)h`}?%u_4T4G>O4Ba#AZL()Qgv;=Ey9TFY@8s5Zg?Oo<{l5U)VRd3}MeE zS|~N>>(G|5?NP|#iXvu$dvs}UDN<$%c@wU}IFA`2=%=Ii;Wf8B@u%lVXzy=qhWMSq z0V`+P9WWSuuyL?k4fLu>T0nzl1P6>kHZh8{>=17>({b1MGO%8qF(+*|GbH)o$1hGoJy zGS#fw=M|Dng7P+cblwzqSkro%sG6i#HWR{(Rs(Y!54u%!~x> z>Sc>(MQX9 zJS$W6Z`w-?)UwzbYT(%sKHTsL=$CdkhR6@^uUkBF&pTQVrnXe48GZTa$hWV3Rhw1_0~}j4uqO?(}EQXbVM536O>V!7wEK=I%Whm8M!;YN51$n zH12ZOSR4PjNTm0$cF8biTfc1N&8PDcHl|N7mdZxEZkl?^2G5DPD(8LTqD1@hSbMte zbKU&K?OsY3)u@-{V+$i6WcjZ5;cZbuY%l)|o%iy|s|qsWAkTj9@ZBwwi*ykPlNiP) zV285C#+7bh*Qw2Kn?KKr&0;q5DmKB=L%*pMcE3vXYYUz(EZX$WhEKl4TD7E*zoXAS*uTJLP zYuTgQsUtbqFwNW-&_Tc33h2u#`TNmTiU1*#+Xl zuWRpgOri3Kpx+U49^r4O^3gJrBPX^$vJBO)_EkK-UJ{fo#mVzNZW~-bM_x5%k8%SHL=1L9MO);F+O$3uYkDb64|M1$G$% z%4<*1dX7}KHC~B%-Fz0SGwZ~{DjW7-y>Hz75~iH9*52CE|E~#;M$#1RdE-&T-0um5 zs~XA|9eS?)TnQRomq?TOwTi)IJ(buQrde(5v4juVMQ33+Qx@GZ+TDRa-3zVsEPvKM zy;_}8gF5wHWjh6}Ki)D9aN1X8TUD6`4#y0R-_nN8sU!I>+kcz*ed%a*dezYNNN*5X zXJfuJdUlLdFwwwsY>4YCeYCD=vwF%K5IZVU@HZ>rFs~FLsK80tQ90@^AAj}AO|m*# zyDMP}SP9EeWO$V};L@qhbG|Z5`fj1QhLgZXTlKukj(2@e_Fm~KVz!Uq-NK_WF}6>s zX}@dD(NfifPA5U7bzS-U+lH=FsO5)4U^CYnLQI8*e+!4MbzOc8w_j~u%CLavi1DNh zI?ShyO6GwB{a8W{WzXn&qp8<^rV;~v+j#I6mGUZj#izXWzjR!tL1TeW)AF~S(-geB z_awZ@i5tgRmgQJsItD(&SAm~&WY&x zjq+3wt8qFUGIcu|sFR>Fbg-a9H@9ZAcRbsM1E4wi_v?Dd{VTsIUa#bo@4u!y>{@Zn zRIIUi!QP}&T-d+bR zAX-*tr7?tm8T!(-1D@csNGFnwPhx{mtHRkE@5e%VjRpNvqT*M@)@AX`fggjK6)?Sm zcI#?bbiE@?sy4lR8CV`T4m?-4eW$tim}P1(O*oeyUPG)#kHR&EMI@}#Ad%c|Gks?YWj6s^jyGCmmnwafiBIl3pvNx7*b(v}R{ z-}SH{w0=BmD881b@3-w|_TDrvgKL8_hxZ0EP473RkbZ15U@95P(>uE-OG_aabZfE+ zJv#Hy$fZK#JWk}4+ii$VW_~S8d#|?6oOobk$@Bkb^vJHWVbPq0{kYVCaJ!l$eh$AH zxQNXoPyCvVpRud3Jc2w1w*D%e|F*F6#6gS%U{LfK9IDGN>IYN9xcIL#Mbw~{Cb}d8 zlC;FP{aqh72SNPDD%DB2Jp$*{3FIv!^s~8L=Ai*F*_uVI1vm~y39)Mi2h7#Dffj1e z`PiEJx%sOBGBW}{BPDsqY}mJc|I7XGwp7>C;RH%L4L|y|-^&g42*)JDT5yTN9hp z$DHpvZ?o8OYT6^X)7=#3h8Yd#wX4b;W?OX*^iG#sgk)}#Xefm!Sq?^vczga_vL>{j zDmHMA_r?85qjD^+;YG*&*@okIElE*HApf5V_QZxOw(>n|u z>|xx|GeXP1d3^YQ9Iq0`9Fj~c0pL?XEp+!{PBqr4H#Q6*)U|rmWHvfplskIi!RO6$ zZ&BVI-)*(9f7??3&}?*g!G+=E7aeRQ7$%VcThesb5Aw!sMT?kFcGtI4<9RuaMTc71 za4k23q3^uP_rn*gh9UP8fbt)+N(+P)#}5LVBZcs;LesVLXnBQ(3MlcVx0Y@ z0--8EQORF3nn;-WeC zeS7>x1{8SPFUVIVtZ;mrCURj+<6n3wpcqGg$5ak|kq#&qH1IyeXxgDU zNtqtxyz^0k7Hei7aK|o~@LvEoKS!leKq?)~n^ew1tgYngKRO4QXL;!qozbr1PqVz; z!OO8jHG83_1TQYaV1dGFXrfvi_V1j<9Rkt)H7hHNu|fC-V=ACDg;a5!q@8uGDR^7k zqT^)j!}z-he@>YCrx9(6RBQ!Pe;vc9am?F^RrAb&kOsseeX+=yJN{L+sZa1(td^6~ zH+uPxQJ2OCs8C4*+i2w;90RVNQQeUK$)^OmQO1Pj@%K|vLW-V$=s77f*x%N2?J#~e zd)mjOAZiuKkA2B*$j1m9KCMT4NrG(YUJy4*#dPz>Dd_RzVyH``t7hc3Byr^k>`lcH!NmKs> zORCQO45{YFJ-PgphX|Zh!j}yBWhppMxIZt5?r~rS_CyH+ER~LubQNB|-@7;KyO-LA z_8tdgSfp3uqMSX(`23Yq_QS7emnXSFSxYrB+$ZLG$uhYX_w!rl-gc~WuYSUR9kJ`u z?hc~5e@=1pz;#zSl==R-Pimu95UN`5o9Mc(Rq#lqsu6l6TNAOK&~eB3Gf&`b+7C~s zYOzoO-13UeTizDv^fZdF`>*>DAp&;p+3iSGvmALOF0RYpE4)~?W*B=iac@7r8n(H0 zYsNq>;LEp4E%0>DKn-$Tj69Br*kn^iakNWK%zAacAL{{Pm&ALobJT%Jp8wF2 zf4ABqF}aT)X8E+4=dFiVPX|mVtzXK-dh7vqOJHvfX6{q-(HP?PF!~h|l!DvkyFJIO zHxcpj;|rFjm$CE3p@i%|TH{77F;}eCg9q|d%UlNQFSTvw15*jbFO5VOtWz#g5^_O1 zcT-AZQ@i^Q1{=dvcUcy#E+B_-nk0KV13b{CS!Wg1Jt1z(Tzrf6I?4}U&!Pbezs5o& z;JUBjj-3hTjb6~xK=3fNHvaf7F&0laZocK(8lF?=5U z-k=zKp1T7FIbW6gYJ)h3SMzOIem>P+{w(}xU)p&LbcXm!w&sa{IS>6OpLdaEOFd_3 zX?z+>km;x}d_x(h*@wq7!fuQ%T%}-H$v0$%_mNG5F1CKZPFU@P3v63&k!Mur!?Ur) zbWHg!-ut?pb>z?dyIl9|uN9WvlG1$3>Hy(Eu1v>3DSopF@GHy8xJE_m4dSX@5Y!`t z>ZhF``rE{%k9R11 zy7#;%4$-uY+0FCz1(|Z13tf-0?4wpst#Ln?ZGCrpb~`Xm*_-))jlR8E-z;_UUMiRP zu-yI>ug^!Dg+{Tz_1bVYy>e&9MQzK*_Db4%lNJRd;{Ub%?oXoJzq~tE@P>C^yCFp$ z%vA5mSdR}q5Jp8dHLIDsmVO3c%v%c?R@Y5!Mg|#|E6l45TXE#pYD!7Jr^oq5Z_D)y zF!d}0Z5oRQc+U+{43@v^GWk{TYmB875 zT4IXUC#3hfT?QpNUX7^pwpw3k=rs=)bUic5aaAOI|cUC{VO#y`O!w`2f@$dv>dj?#t?S>m|Dr zAI`ky4|dDhz5ABx@2AhN793YwUI@`sYbWnZ?s+T<_mf;47q2`^3i<2?XfJQJtJc}w zw$E2;_yTVR0{aJmm$bB#<81bM_3$ON;|&;o@=0;TbG&m$`Ba|Oj^b^RrvJLSFvDKS z@j$MxV&2^HW<=4M#CFTxIU%Ru_(VT0k%|51IzWrN!_$P?GW}xSCeahH%($ySTpc0v z3Ej=eT&$h+D__vKToHBNrrl`*t{w5D>9x0PcL&lvH<`SR$`QdM=e;v(l9DQNm_CnX zEpl($ikLRxUjS(0gXPPMvn-L0s1vRUFg1B zukZ8s)qp0pl;c;wj%FQ7t$da@WDC3+AC+gliu@($iTXMDAEbjd4?x?C@t@NP+;1g6 zhWZxP0VHi64~pFop08eRe@^Jw>COp$3M^)rav!|I6oXoB*gEAH61$8eZQKp1XS}`& z(Ch8Itu5nm~#glJS&@EgU8BzX3DL z0qK{(qY!Ds}0;{1=LIDH#$t=WK7TP6{VhnuZVN zgdqR*!>YOZ2#5|!2%Ls4P+8xWPI5iD-tus16vm+d^m^qC`PLBUu$axJ%*|6E1C9i> zMoM3ewVR}nQ(G#k(m)Tll$xyXt`g)9OE|}qwwM(ixe#?U(Qe4*SZ;2xw|j8Vi7kY` z`$O!Yi=#3?MV_cqPRb@z3gY3$njBURsq+ijZS|TXjc4d4`VbK@Cf{>nS5N#aniNV$ z>~9j_JN0Tc{L8N{r{@;K#c0$jFKbNJ2{-%cS`Vpt-j^swv>PDQ16*IZ?zkup?-d(g zy%t2r`>0QEX_JqJiNvz5kvr^Ec~78m2-lGxw|w1UiT?;5ipdI`M6<|I0fn=U%B zWIlM>3pOY2qbQnfYkA8}L-HM)4bwXRv7S~r3C6f!2?IoMkQ_&7X(N=1OQoStZzpK@ zqDzy9c`VUBZYDb5uP-pSI}@G3UPsA~d06nyL#Q?6E(hvax4(v-FqT>qGlfa*b>9nk zhreL?UESyLT>UY%rh&LP@%(tU<&}9Sv7;w*4o5XMso&EGWk;*vXP!8dpLfbUJwPU+ z9t)&G0llt|HvWbK|MeR{7Ln;97O6D#KhnarA$$|t@1u1y-x2iLMK7KdJYwMjwd-Cv zimbm@+w&vp*z`j(CZ!@XLWvI=n}8)r8q%`MPeJ$W>qJID$%4j9fBzmBgZ;NCP68q! zwMOcZ?#^8PCDKQoV#(!5js!IZLB4)GEjt~rI6;t8;fmpSe-q>X#!+jl&dUm-H(~Ds z2J5tlio`@8MoA(}3^%By^72MU7b||i%33%{IYqxJTLC8Nb{mrRRf~K})!U@+^qrV>djhW_(Y6g$+ zBcsM@sYFjw&@FaVhRJKOBBS;-cgbSWf0cqUJ}(-Z1pfM&BW1I$@^24QA(L?zT%7kg z)Yy?6>;G5Bt3no77N1%WXh@Q_32PY4BV(&5PBSxDOo5D%87q=yqz)2TRQ{xjI8B@W z+-V@Cs&P<8B$B0h4>+?GjTmCf8pJ8FzU@-f>dV_?W+MhPn*7X`ib58Q&XJ;>?1$-* zwx?~%ju`o(V@QX^kPAx{gfbxZU_(jk9K7V+`MWz(Q~91 zC284rr)x&d{(A>ERQvzZ`Ug{fjHCSTJu*VMljDi}8c6%+bi`t^cP>aO2V1Eid5V!S zfnYN!Gvh=n6e>{+IFxb*MT&^0-DX>>;jE~)9f5gRY(j#w`}%jYTUaaE-NG98dc=Ck z+dyOiRKbC>8Do5A-AB>tcfnN<5nwv?_hx+9aA+{?aNVOGK#|opgqaB;%C9>a z%k^<3yk2m6H*G16_~hv z!RNJ+7gAWCc>T4gqhYOwIQ^5n%V`)#qMKf;S6lAU)Lu<27Xv`&!B*3}gp`PBkir2| zTf|A02UE-`vu!yu}p0t=(a>mB(L+wU$H{H~6gi16G97I$%bK#skwp zXg%T#7vR#QRL5FxT4HYfQ_zeq@oaq)Ags_EiZWefDJz-*(S)HzfV+3IbS*hd+w(Qu z$!8855o_8Z0TN)8|3KRm^y-B@kh6v3A#{|xZq=ZrVsj|ot4bsc5Oig8Ed(Ze>A$`- zRxKsM{;=boq;GNq_@}xrI67z*Uy;)sdSNNz()1Jw4?nrAuT5MLj&G^ydtUS{RAj}{Cdl}CkSuz6&sSlvD6M=Oqu9gz=hdO3M ztSycgL2*^8WJJJf>mCAp?UiL;|AV`dWo$Z5VF;EiHVT7dAQ(B4A=c8u2TDGQ^_tab z24*QyuQaL&>95RNuR;PGfebi%9i!;#t(LgG^C>t#_iQhUAU3Yd1%dS%@rm|z^>^=u zI@|=%h8!YwiW^lw1bC)bwckyht5W|8n&b`OnObUlK^{+it#|8pmweA;`RbHmVf%`=;3OGEZG zV1ocuGexM1Tv1W*QErQC$Rq0#D85>GoATkJ@;3|C{V`S=6L}FcE9Q65p6?>X04E>h zUTMBHO!K~u|NRJmI2nT>$|#ThiV#r@3woS+BwR{J4q35?iTWlKplKo-fL~4|z0@43yZD5lmzC0m>JykO|L!w!|K7m+Q(O;s}|F;7PoTkGr*YzcrNWG;=k4!fL*p$8y#FiCn3Z}&vZZktLR~sDX;`juO+mj9P5oiaGwTAtZVpCjPg;-rM#15O11Dp>fQ5(s>- zw{s96N>puNR*gETba9pqe*oSJzKHl z6Sh;_rP}f?Ihahb?|l>GLPbJBYfWq9h|6% zbPOO0H?pM3qD!>CIKnaQr=wbOkE?6~d#kT*C?tRUIWzC3^Q$ z-*pgVXbH#oZq7ZlnKTKSG7!j*hH<4Tk) zbsqOqCbMc!C+{D%=}m8)IzOr7MRTIf!)bCPiTu*vtU#S#wHfhX_NlMR%+Tgr-%!&} z0A#(C*E^6<_EQ%9jv+Ed7)cwnR~jDRPr-rtE0(s|k`laORgxmY;(y1BPy<|1NvRJ% zlVO#j@ss!_65@kbHHmDYLF^%N>KZ}MAq5KSPRfYp|?7%bi4)?1S^(s9Sc)w<0>7i!&NI*6h^lccH4o{Zg? z#szBpOf`snt#Sa^A*>a`p{(^MjVkH6f7N%+p>bYq6BB4JfhUOvt-`sAoH-$) z{oXPRM)By9-GW(9{N9pKHHv^uQ?536b%9){+ZVzfOGQS3SLH- zQec5PK26tF^P87ll2?`#x&u@|1mC&-Jcg`W|B|JkUsJLtL>MY)PUTIBHM5CvKmOBR z3YI8=8sAs<=NQOyY@{RTkiUhx)zhGE+8`#pmdm?jD_|haagyBl!cc2-zs(7F zuY|;wag*f|MXx`eIYp9(>-t2O~mjJt8Jl zy0FwwrLaB#re28cu5MlHs*5<8T3aqUkmk~CNgP7dne8kJ2tuP&{XvlQ-?}OKCy3im zcb%r}cge4Nbg=W5y#6}X=mcaz2BprT!Knnuw2TG>QjzO4lw{M{~-IhQ&i0OmMh| zpcL%iBjLGy{OIKf+`{Q^0(hUr`4S;g!`iw1K!N&kgjU6qcz3U4)OuC@rrFE47fBvD z*_yyo+r!ny(Wa>TJa_4$=2R{gw>|Sck*?Hkh?D1^rG<&OWaNo_WKpJ}0vVpaXzQE>qyH5YE7J zoBpk{I#M<19o*Nc>#>i!9hFx)OjRV z_5n9ctn-Q0*>SIRSjM!;0Ai>l=24SMGcnH4uFddY2mhGT!GNVt2L2Dh_ue@cVU>(C6z})^?gH?sQXC7#dIW1MU6&_8b zVJ$-N9y7phv(@9B;q%Z-(f1qG9}~VOOy4DlKInZ6L<&tP#N+sURR=Q8QI( z{M#*et?FN`z0|!{z)7NjkJ5A!i08M9A1JcBd9a9;)5(!h8IH^v;68_T?lbb#s)ogM zFK&`P;JpifHksdIHPk{O09}d%+8b{%h?5_SNOf!RXI;?a?`Du;!>r2qFfR)Pvj$<+ zwp+{*?xLCUxUJA?Rnb}CLRTO~Xm=*W#(cHQ?Y$e1uAXEvV?5-Y)}al`_v^@u^~@Mv zUIRevL>vn~$njZ!;j{QAy66)HpTg{NZt!}lrZv`C#2E4f0Q<#10eCigQP%fjtdL`A z^wj?JmVU70Cx|?!Ee*Lkaaoksa(6Vh-L9QIH2j{&p?NYj6`5b%A3Wmv;fTo$Xfr=& zqv9U~Q8#MwgCv@@It7jR7_ z4Q2er&*eB4P6a3K1Q#HHL&%uRn(J**IcUoKba*=_jRwGoM7SBgX`x~jm=J|IG#A&0 zCLqwP48oVrm=b2mqF@Me(tE};B`x3dt_Clv<7$hry1@mAet)TEF3eZ+w~3q;WwIaS zM`M8{sJ;;_`HcIe6H7@K+Qak<|N9;~W2H2Si&f%UO8ynG$?|NLo~suU*o&|6}PaqvF`QZrylr4Nh=(cXxMp4-lL{ z@P^)xH2kLWX>x^@j| zwJ|&ix(}cWwA57`HbQu8aj%*o6u2n!4<+)j`DO4G5CP{EuymaY8b*4 zGzn|~prM3X$;bX7==TfiFjNf)sY4Em8gCvZ()%~Z58_QEo~iYOw`l<%{P(P~4TYl2 zAKbk!5F>H`9CT>6ToS?wRccB+dxxaKmefAN>taAk6I; zXrD&$`8@D?_0Op&RjQvB6cX%D8fUF6tH1h8AFer$y7sdVKZNcnaCv1?_DhCS`_284 z4`vEhl>E+7f?A4>B}`OIq2f^j0j}ZPuOOKK3kNJD+P3i#P9kXSynw&S8JTC#CPsC;}@&h9qF&vSzs?SKy7A1Ved z_`urOTbiKo;Y3;gAf@oLCi7>7)lsNmpx|_2v3M=3JP2By+V|0o_=Iof_k*Qx8bQLv zd{hdvfaT(Hn74c4_8WoYX?h#AIo+y6kkTBbK;W{Ck~{|6x}2BUg#uy4e|LGWU<>l; zuTc?sL%V^FW5_MO+?``KxR&C7cs-3WA2Sx5Ak4LrXhn8z2rw!=975mZWHyqD$^+RB zVHVWFS~N$A?r+3XwT4bf!IL`2U5o@At!0dGD_K|LL}MYR8#y`ujUI;0O>^YaSMz02 zEdpm`ZJ+zfg*?7tZYvEIO0=F3h8&S3*e-YtdiV@_xS@F7$=;D)zUn51KHC4RwS4QN zM(3IfdVs9)soFwvd$&8afsV@(uYpqlISHq)@=@EgbLFustjyiUMT#5#ageY0#g6tI z?@E0D;vd0A#aAVp3t`vICkDw>be{jswF-_~*MJO6*SfRetJPSDo<{;JawOzx;0?Ec zeTQ&Cj}J)9M6-)T>1tj;0b`=WcHT;&yS;fT^4wB)NXkN2E#%SRMA4TaP))Arrlv+8 z7vn`Et82o@_K^%()9}2M#^X>hlHFT~M*X~8cOOF`M&ib%Qz?sYjb5N#C~J1iX;0^N zRd%K|<}%cxmuoSIL?YMv&Q##W9#b%;8n?K|jUf=27^@Y_Izjqfm(0*ii*8EVcb9Je zWtI#z#{g47asFv^RX&iM=$tihaz$S$uKJ7ZHRe)Kn3tbr+^Y~=ZTGlr5C$cY%LVOae2s-5iPUTMb z&6%{m>3`*52!;dG;``B>O5dUDCqXaxR|KfJFu2;7oRVfXF5>Gqgiv6iK#gfD@Ak)LJtfkWILDFYIH`uU@b8Se*| zc{Jy|4xnp5I#M5}&6Yt33)QTRw{iGV9RS-0>PX-h(%kw)*H3=0f|7ue=be;>)0Uzs zu-5@+$5Vs1!s$l|JoJU^)(3f@vV^teAxG`Th+7e*LnY06I1Gd~Z2}B}b9@ZIqOWE$lCWJt8C|AmF(kiPvCDQ_(pVS2CYrLDYMIVeaw0 zx)Hu~4+4|Pf!7OG_Gp+gxnZ`N|2|^nZIi-$IS$s_QF}T{A|-CbK~!z61XKR|$f8A^ z@?i;ej?&LXy2v(n`3&Pff`a~=bDk6oSx0Z!_YdJqKtjh*W|zpd!bUsF(nFki3fWcO zCEm!ccIa21Evqe{z{QgpXp4Gx?1+6jhYewm`bg9qbmuX~Lj-X%EWS0j{3r?qTt3+E@@v(VxJb4rZR!~u2LEogDY5Ue_(!votA7jP_`P-7!X1uKb z8Rho8)+@M@7sh{qPYYl7_x0}xNz&)kzjW7Z!Qks(d$A{Oox4IMj@d+V^9z*Wk_TE? z@`Mu#I~O(H6)jO`$B_4>237<;AT%vt6D7|Ei1Bf^wDj&3g>TWo{F4h805(cbfE@oFp2CM~08v7$^o(e}JAA z2d(>dGG@poZ^1bbD->Q69|O@k1y-2cSEcR+@-G*waIZSt)9DKSPL`O~E)7nB~v zdcx$-F`Z}Mi*y-F(hIIOR;S?2Wsr_#^ie2&78A>7%qp{-z%3rG`0jUFQRLAFeGT7f zw5yIzNy0j*DBBC~WVs7Wb3>(-y7f$^*h-Z;WaRQiBIUzL(dFW-)r_8?Y#QzujBdyO zq`03z#R@zzVKl<;_j#d6k^84Dni`jYLayE!UOPtuznB#F=Tj(r_!fH*tOZFL$V$R% zNtni5P~PnDUv%oNk0mgvsvf3vvu=5HQ z&~RhGKG^#ZMEZNRzUe82oM|Fto$DGOi0BH$7>b+UUyax0!Y45duTINA79X~K8nX`)zPnr%lZC ztK(DHiPE6Wf_?z&I8jlR^vD}+AUhpRIdTXsJ}2*_Gb)RH z63;)K9)V)IQNK)dRP2jG=}CE~ZRMV+pwX7rQ>xOx!I)%7Fm(>wc_*WV=-g*ap#HYT zEmaqN*h3-GOS1_={glDj+(=_vrSc$V5&>7uqm3!>ATWdSRk2Q@L)2_}4gI!-mQ zZpoz&Qkl)}xJJd0!DoX>n=M3(9V}mGuvOlIe^ew7SuH!bNM8?TAhR{_gQgse0Dw{t z-~tj)bq^YCExtS-4Mom0pl(_q(z2{m9?1vQ#M^5OZ=1ZQDB-=-kQ987+gmSc)jza2 zZ?tpEjm<3bXt<~pw>sNN1{^=fBm@Cn7>pl^8SyDb7dek>N*~a{&P|@maS}Y)K5{kj znw|g}|49!gxR~`bRus;`2n ze$yMy@x5#lYN0F#B-+E}o*-ZhxEJ!KI+2D3bXYqo_1r;X7W>#4^Pywxlm+%e@ZW1M zY+ys7odbbOff{e-JfWICWl=>v$cU^>(j4|Yj^j+oOEw1qAlZRzsX*o8h4;1BFG`T`;98viM`W7PVJ>i*950PtN z)-jp}@=K>WVN7$A1`Ui9zqJATjXDa*$?H>;-|VJYgoWShA{6-R^MKb&fug%6r%J~0 zlg(G;tI#4&YkZh1aSwo$d|%@Cs*#+Ze{c|iaBFtI5X9`V$eF|3(UVYLnwq{**gO&c zhMYhM8u97#_4$5u`lpzQ*d%t@La@VvD-+3U7z9Z%f(`;Z_col&DRe`SC`~CKfe`#) zQ@p*{gcD!FAp8Oe<(WKt&-y{RNx*OK%_U0+jw#8pIypkFg84L>QR&g&2g!n4zm>ti z?3esa%U`;H+tJFD)z!?LSEPXRhaTcw!IC5v8JsY1(VtI3epY+rwbggW5SxqCitWnF zg!R`Ddt;1y&9W6Mqh|XM1YJ)j_wl{ZpkIH4g@?=nH~J=o23Q=n4^GM;WYnt5J@SJ4 z!@{4?Y=m?s@|HMfpg_{iLt*gU&N5oI#KzjMa(LMKc21hcK)fRftYN@;mCb{0ofW>2 z%2;fUg~GS9L1i)s4E@Kr0Fv4qpGYVZ+6&uS3pQ_1V4vS>6hi93O}!u}&PsgFmmv_T zo>N+h+dd){WX#*2ja{}uX+?dLUyPKjEbNDEouwREqe9YC6bZEfaqr%J%f<6`H#`m< zRriKD#-hKwJ@MaDvF?zWE}dkKi$Wx~N2gae{?Qk*?iEPVa2k>lnglAw@K5da za~prfJg!a$&SgAalr}tJTOlhUoFK?42hN4T-0k9vwE$Jv>fi&Cy0^?d8mlCrLDmALz$^QCPRkCTAstdJ!U@*VVA3jb;;hqBK59th^G5_pRLAYfB5azL32V+@ z3{jWXQ%efsj#HJizi3zbOlmBF8d@wsxtgQJ)jfk{w-p$yK@5G`S}+6CMRnBr%mvp z*Z1J!z`0t6!nTcho3O@)OCAFeR`SEw7#L^otp4!(5DwI$$0F2h()JvakzT021s}_m zA<=y*C9Kq}7T6tm$UHb=UEzeeOWZl89UOD5(yy3-y2E0T`^{1NDe;=I zWy1O}re~chiW>7)voP1$3M*Yc11(>TF`A@e(1C{TeMF96*)yrkYZ4vVl!bFbpFwEG1Zf8b4 zR7_Lr2r|ZR@j5iMWb4|W3iCjUdN`Hu>^@$%FPkS0*AkLAmCvJTJ<0EBq+)`ysZ&>a zAb02!xIvgp^9xFHg&qYyi-_0;(cNx>N~%%jf)-3EHEW0Yg#u3V6%$|m+{hOouK1{f zU_Q(kLuZqSmx1dZFw&{PS+Ph6q%8&@>cwj z!rDyNwb*JFG6o1s|Ha80w%ht~5xE2TQ@6bgE*77`N^oa*-(6alIYxQ)_L$>*+2x`v z`$9eN4r_E(co;8W8OVkHkQb2%>eIo&^>z#gl3i4tJsv{^Bqy(+&emf)()Nn;;11OP z`n#v+6Ue%R%U8ApU^!SIEjoVb0Vy7>2fxa?Ax$y|M4@Xq?NE^~8=qy(jr0>@Fw^h+ za>povJXfv)HE%t@{^rg?K8Yw;!9F>}e(354+kHzrZG~B(AZ?K_y}Ifu6HWWqyO7lq zVpCgwXGS2v#!EznF`#v#pD4;EezBO9J2oT8tkL4`7@(XIDy3JZf%@+LsNi?2hI!wo z)q2{ii!crGb}G(uT@30-47O#{f)!92$C}5LINbyp(LwLqZD`@@^Y5n|bC0)=2dP;U zEU?|vvu~#yY^VudJ?K|~itdy^YBJ=C{6l!vm?xc13?-A8FMijAz?W-5Dh)6YVN>QY zWm#R_R*Phk<;?UwOHUO*D#M5r&!_h*A%OQ`^v%4nVWb3%c6zLbaVl@|514r|&}L;g zY5&{h<-8aDc5h8KKgYadV>9Vre*qsxuoD(C;FpUI7Lg_Wvp)Q;Z{c0W#M8=(G_3Ru zA(P%pfa&=3ue{`c=j&|zYhT&Q-a3+E@LMi`@Yr60$h@*VfoC$=06unShbIIxmqB7% zi*1b~Ujibt`B|ZKjsRfl1T@>9>C*at*yAF_Ls=wjf^)rtX$q$Xq!IwB#ZnS$^z9!5 zg9YkdTfAB`{Y(23M<#$a&(h|(ZpQ}$?$gtE&_0&mLS+H_FaE@r%v-mrZFj^M!2poo zLU!{G5g*O>uSMqf)FpDQo0|;A$Vau~$|Oz?9i}hbmMcDauTIt!i3@qFHh$oj=%}!J z73RjYFFOy^=s><@^A(0JCXsjoaNq};lrFqA8;?f`Z6S8FyvylLoNaFIIv7A+O@=~K zXuExB)86eW1ANUZezL&BE8)v(nZgyd1|J0zE-k>TY|+vHte!ca5Eg_Cn)p{*0A`rH zYIrqf?KT7Z{10JWx}J``gYpxtF>KwxE_b(K7StC~t)>Di7RTg>U|%D%h55Z$!<3l0 z?sI&OjW=%u?9uA}MPKTYV?DXIj85&b0jopK=g$?Y&^s4}Ry+Q4Zy{C^XVb`J5^HNz zgfL3nI`)caPWdL|0#h)T(SSpaTGZ!)MfKyKJe`qXFth`Y{?tH9my=?Z2I8{3smWub zjqiVPC_S-@B^im~ESRjYNiZzO8SLM(R-O~xIbLsk-w$%mnSS5?rt3!l0Hiix?-mA> z;6F`)G`+ce{I}%4?G;Gr;NV#%*w)E!fd1y9m zMc{;g0kFJ(5>XcqzZ*PtK8gZLb_lM9AhcAY!uetFY&XJKeoGodh+o$IsA+v})1Dg{ zxEi*Gj2A^2Qwb47QKyGbf+=5Z$;8*??V836u(K+b+Gtjzi%0%V?f|$wm7|_pF|DK@B16Uq?w@=ZojnfNpCv>k*G27p1bO{`zW;{DpJH zCM9;w8f+o{Tr9q_r5JKzG0kK`{3|EF&s!L_Oj;(&7E3}`WZdtz3d@V(9nba!_Za#y zD3%)Pf}X!-REzH|l~4kGQ1iKHs(-{(# zx<_n{l1Nc)Gp>8&0H;jnqegeq=?x&+BR-326;94$4OCBi8I_s^M4`A@piZ^2Qf%KC z+O}O(izMcC?=7rykN#$}=j@mglmk>IPwE_>>mg>FAH&|LQb;WP$3q)be*r8aXFO5{ z!o#{5Hl9!GP?V2C?T7moy>vC+lyS9c*6&P2p>om!l}TUjf>8aeWB&?yESK+Tdv03T zpao*HHsNsfAg34UEXkizs|D@e#UE)SGk?HbUR)CC-}kQ$;&TDp!k|ihw9<@rJQUiW z=SCYQ{*oQgC!MCO^p<9`t}B1#WS~Kh(<9Ujh#7SPn@{uGq{5_CgdGr(3X@6l5}YZN zzx5un9am^C!9a1k#X*}YoTm~P0KnOmZHuIOy7Unl778g7ttLH2V@VzaSF!ta%4h`NqHVvF0QAXmy~R&S-&l2-hR z%tF83sH6u`|FT+;7EVH7&*kSR%!UJLajb+Ct*1Y?~OnA+hTx_+yeBRR2J zwH%X34`(ZB3zAmhN2ZmfioI0;mNy6>T31Sa&;XJ3jl+CD@`2c==m0jgoEkw;+$fU+ke^5 z$~+J?fgwO&olwoj0zf6}{(yt04PxYy<7JV9Ga3Fyk0b?i26*@1Ws4JkQc-(`4z5 zZvQJi@Cky{u)9-5N@4GB2nM`n(?GR}dSSGor!bdrD`-XP)m^>jn!WD|%*nxZ*^ZK1 zI%F1Cp>S_u`b=|W^u8eu!&g0%Jw`Hd;(!b08$ZTH6q$C0R67pg66LJ%WXl+5`D$5(X?8mqRkhhnkhHo*ySi zj?>b`p3J=Rwb%|iDwcT=Jj$bb?Xkw}*zy8ur+^*8XX}qNEs6xXWPd6Lys65+J5FJB z^(<-9=nsmuUO1?fG^IUWT%p4X963irth5WR+RBDEw@E+pWVX8_`j#R-eKH-7XSwRE zgJVHIj?9aSbc@L}9=AC1l%RVTO*z1>D)<2@lSYSA(MWE>Jcr)I{dlytBimx z)dYGrmb~lFJ#6B~T3wkb3Pki)wem|Xr4%|$G4~(IPhnp-2qLrmkYsS}`tjTE^waM?$!cA-%y4%VH9b{0K|(lI zLRG=)RqOG5!_6bJQa9>DLEPgghpC$z?ps~NURxhIR$F?zz00@NYD7s2a!={W<7rM( zkH*jZOs^LozftXkckgK|-MS>dyIMVR8$ZSl8g&=QU`-CRqOeecQL8RLnhhQ&uD0LA zR~bpvsH4b2F{iO#C+a4>u7W8`KbL1IZ!$j|Bd$K&<&=mvEoBJ!Z^>J@l4ET-^#9$jsA9R< zijaOp+TnkXv+>j#wae&ND|!Mhr^3iA?J&n)n&n|-JZK58RBQ^z&4xN8F;k%_q?O-Z z8nAnmJd1st+SfT_eBS+giSOB7iC-ly|M;nWAAz)?{mQL$zogiY5gXY$C#V#q*9}Wk z`Hw9oIlk((5<}yh-hLiXB_SKg%lcctabQhdb~OM!I!edO*?Z*Ill7sel7XH}zxLtn zBbaB?Ca$smWuLzY0*I(W*Xg;M&Rk&I|6)Y|4FD~(*&}y=K1+yTdFA^BvCSc&Bq6eY zt6tLaw@hV_NRg`;UC!cr5b#IVfB8V)7?&<`pjndrZZ3Cgl3rVU$N z^48XuM)_@@OqP+(NBr3>QL=y#KlWEI<1bRd>@l3}?(!&v>HqaA&)JPSM@Jx3ZUpkV zZZ7<-3`NF%7ZHDy?E`oEaC>ne-bm92*u$}R46jbe*y_&2@CH}Di~()oxU~oE`zzuC zt{f>1#!zD6p?G#mkipFi8A>`)9%0D1i1nOh0u&n2H?zX{$PoYQasC4|!dEIQZrpT; zZjR)h=c6U^tNn>jA)Gm8+=>HH@82Pct{28?CjjDaca!qgV3!d`XNmCJAs)NcH-^it zsGs#d+}4AgJmQo?*VppRZyI-`^k~ESo3rja_%|OPFX))Z2CO?nq&HN_zIBMWHrg4d ztURzBa8+@Vw5Bal>L7r-kIhdDO2>KKiiGr&`-YYelU!bCY2;6cU)f#tO9qPHG@03_ zqw2*89R6MBJl#Yq;LMG^n_1>NRe{fT9qe6 zR<-K1<6SNEDXCw&i-07JV|RQ9tSE0+T_n|dd3p2S8^<4- zBv;Wm70YBRm>s@Q)kwL^1a87jjKzu(dZ&HneL$})L}LT?zc(l1O>2&ppi16a8dSsX z(;{zLa@=*rK6uQ^lZ>`*@n{LzZb8-qIYPy zG$nvkK#DRoI#=pWTfiA1oM)&8K|Car0ZXENze@LeR6M34>i+!_(CC_50K&?vmJtiX zpUGE$k&3U6BbGjWmGY)Xh^Y}Oj?En&+t111zDj5)by9c!KUqWHE!(PDofo~MW1O8W zoa6>);NM(y@rl$BgL7L?I;f(83RrRtrzk0oXszt}S=Uy#}J-oP_{-{>vn*gl0rdP`4X+M_4#Ix?BNjA?GPI^&kDB*yU?&Y&EqXk=1# z`i1#LIJ*H+nn30rAht65KRT65w_$DnP1qQMfT*KVI7Hb)N!tgCN}z!U2~0wpVpZ6N zZE|N++Fn+c3Sju=b-s}PoUbRKhC}?Pdx;55oo%Bi4jDTr^Ni{=W~Dz`$>Rt$mWJ&D zd4^W_E=Pa;8l7S{63PZ}ls&*ca3N8kJ)?_rL)yp^yVt7;V|?0)Fgv{OJIFXMY#cyB zq$d6uP+2r*C=OPpbHbG&m$}~27JCYjzGt=y1LXq*1(qu+lsts+*RsFA=a-crcqA9r zEX;F?s#hUL?&{zkAYRvxB&{b-+HtuXxU2k@1E?X$S+#ev@=k=*UD|QIFv^79LI{k! zwJEAt2KZJ^2{(o@(yQIimGh0S8BHA*w#EoxRQ+McxK^FS&j39L)ttjPfhy?7KX*i) z*Cdyxe;kX>XJ4K-RR_Oku2Ik6CbM!W zV?1bU|M?*IN6#lusw-@9cA$Z6>t;>3+=9_U#BsNzUwyJ7p#bONHM%z3jm2NN#)|c^ zub(zT!vZ2N;||pFeGyWR*dYk9H#sf$-C)Hoes1u0EOORLvZ%9&uY3-pU6`a3QxdZ7 z_|G;1H7(yQ-5TschuwsKNvj~j{UiVWR-nx#{QChaS>UN8$<1HQlg4z&y{JXp#rej> zYngv6Urg@F08<_QLJgx^%#t#1k9c;pgZb`&IFv}e){{=4g$b}hoTOXs)&R?4OpYty z?zz#{?aVU)Ejj5+Uz>q*;kRA`9+!iA>^gsas5=tUe8^8Vi#0p=rnT59p0Hy|(uxeO z3qa#L=}S3lvj!(TZ|EPQ25S)5w}-W;Y+`)&H)}bj-C^Ikn*o6G=R~ZCtm!Bkd;c-> zQUkd8`Y8Uijiw$=SP69GXfw{g-}f!La~(h~-pxAzkf?;Eu$g zax%N#th;T-&pjOW>CUnBHoR}Wps$2>e)cB&JX+Cdn+Ft}#!sV5T6Rd)&*#DMJ0S*| z0TfFcor@+uBKusV?uzy8L*-3IKTt}^KtkzPZw-5riv~!1Z}JM8TLQh#=-3Elin+a{iw03)t7x$#p$k1hHcIHuG>=Oy(Ko>?%=Ed&D17fwqA#AU8oj2e&a-v`wiB*EiYAWS#;ehm z@G2A)G-%O~XE`+Sk77`S!2udlrRXTrjdwAQn?>=K)P`v&k$c#;LuQb;44*oZV2SUo zttQ#&bafAYs+mPOPw;{^Y~ND`<*T4PrJ6XH9?gT#0eHpZPj1?mDcq5BE0lF;9Kw7N z1<}u2Jp89My;9P8L<&j9W+QT_X7)Z;3~|3Mit;;FQ0xkoHk9W)L5;z5mGiwR9wM2| zp0G8g;DK6ED9RBUTm179RCDIXdZ%;zwK5{hc-!*4T*hH`~hK8;^@&`=$MeZa=?iP z4+_-o;u^Dr`%VY~lB1YbV(8B8xqu28(HSIcrGAG$^?88WQhZVhF@!>~PBUssO7~VZ zAMy@ywz2ZZRo_1!%oTUr?S(Jfu%#T6?4`bu_N0?r#O+L#9|oSnVk)p&Cg0}C~S;B%w zZ$THE9Ct;A?_cfB&CmWL@_Kgcn!j9tZ7%#?La=~OCX%lQKI%uN_nV1!^w~M=&z#*BvOzI=b`}5)@Etxz&8~ zSCJOf9b8&}d?Zw|?iKEB78Q%iO$@D%Vm^Nb!Z(`9 z0o*x;B4+oyvjJ%k%=+|7wI{sgMUbw@QI=azi51I}{dWivfuiSu8!OEmDI9PJEcBD7 z=l7$U|hAB_&jl1*T$Qe7bPb#e)jeopI+T zEca{24B|k+-#tzLi(AO~eYCWDv>$M@F8z!83-8|oJg6+7 zv?}AaIvevoK%5AzR7}AwUcYx$P&}$3S*P9(Ja9(hHjYH00Owc5YCArUkn-K;6ggAmSLo7=k%q>4&wQ@< z548J#No8Miy!}wL8jJHDTH>S-KRJz7%AQLjZpWw|2gs-~CZL)X{9z%oO0lMJl?8QQ zj2g5PXQn^OE=#1=vW)4Xi-r$~y1`bU_u?I{?z)tfnw`->64HNG_dS@XI2O$0XZ2p= zZ?;U5lk^U_PFfLwWffMsGp#+YvTQ2l@gD=)vlniR`6xLLJM~(M#@_m-OKGcROZW!J zA_jlr)H3_7%Js3s;6a3grz(d-dZ0eTQ^mDK=Hqs5>N;1{^r5$(>(`gna6xX zJxV|}TI2p=|~7Bp0)*NeZ{_t?z@!{8!S5VhiTM%?HvELKFcICT1J+IwW=~gPV(2w)pWC{)49Sj5g$@ zUdl%r!vMs5J&`RDNqGPHRnmILIUU-8Gb6eAVkEFb75<+ z9X#~QDy9u>&!$wBzaUH7D1w(PmrSO=K$72LTKefH;0*{R=x;-93pBr1MqI6^_J6p5 zGRuQ1T?7m3yrEwrOHy&(cJ@A7hfP~gf5SMCp^NXf^;LW7A1S2w zY%5^Zg5n(soLxbaHs1PoLFj}3>2rrcRVmTOcDVhY6a z1jz-H>ieFJI1E1vAZQ>P$U1W~MM&r&bs$j=M}`n|Ks=Brpg1rph)h?MS2Sk`4?ueT zCyH^AYy+=(WB|Dkinh8y1~8BeT3x{$*}vavoR3*TfZ{50Gfn8Q4+UvDax=l?a3J8q z2D}hCF#r9BNH@eTPoT>lG$9qJ<|)txQi!18|1Kkh=$2Loe2pRjDTE152Sfe$vP|#< zY~!lN-f$A;Ckx43tWOeA3Y2KIBUhp+#xYRtyh6b;DoW6xZ@_n&(8YY3CF>L+F@gBs zZKD70=hTsbHa`u+^C%DxgjEq>D@tt6ZH%_KI4Z*t6J@xk9P!TTgo&vJsiK6~L6561 zQ+Q9*KZmaQf0;Ah)UIk5pt#DT2*6+GIw8lUC08iaiK;!Mkg13AN5(XzI+!gQ%B5Bo zvgGWCwNX5^)r%;!n(|;60B08Pjy}9tlENZ_*l6fl_hQ+Z*cP;a-mff4+WuDYZ8}>a zAG%)iD-nI3NCHy2mwrdAsjZA?2zrO>P$9&tYY8G5n)YQ!bpGEiEfWD}MazUDR$g)q z8VCg2L3ECW!HZ5ys0h?ff?3Y^7OPJlt(--_24Q2rj3Sf5lO2_GF6Abwh;7X2jBwYL?aM=bUUV;P z`Mw@ao@>enWsR;h122^5|7XF)3hF8%cU#G8Ma)&ugQ}XK$qemTZ`O9w9EqLz4t8cF zg^lR%4kQ}L?oKDs6d}nL8oytcHyIa-_%T*1Fxf)#V1M`|d_GJQ#Mn-KIr3D>jh96m z9LNb!<*r`0ondwypblc9{CvZLNAXk zpP7xmMDj-eV8~M04>`00&@Wo*TUkzCMaf{+ z0L+f!6cCVk9{SeQ;2_|*)1t~U_FOdW-HrcwmbtMHn3XLup_yRvUVxHYK3{I0WMo=s zv49=0=$B26pRqGU`A z_d~x3{h+fRpF8n&Hx?lr#ruSpy}O*$7=%%|3wWlLoI8I<$dP@KKHUczZZHal>DEh8 zr!OT0+G92nfEzkVs1LC;tGFg@ft++@rl9%^J%tvt7Nm6zLBO=}b})r%%9`BQ36QiZ zi(v1d!7}niroHEHy}N`VsR(#gc5e>$pI1uF*@6#ITZ-1f6`k8kqcno3Bk zRM#RU$j!1pr9HKA-Le4+3zNK9^QpJlOKkq^qwZ7&0*E)pSTLKrFY3!gLYLhG zfjO=F3yS#=UxGZ6aWkM>#j^$T9p10KNXx8t26WX4j>SZi|8RU&6~w3;b%}R1u~9q8 zi%*`LhaX#R%DneGUZ5ycb~$Tfo?KaVqZc!JIZmn#DyozO`pC>KLZr*)Ro2~cMNY$> zsFv{KY_tdFzrog|H|bD{Rj|3m)d|*`%G5j)-OuO=*0gV&9MNm@bwSgGXcxiLJr~Q2 zm8=2gwTl^9mUYx7B(ixiUWh-r95lG0Qq!8#MQOe%qUq%8V!%EMLa*aQiU!s~gjKUD z2^MFBeg`qba|^zbPyKzWe2SN6efnvys&-96_`cD?7OE zNE6yg&FF76=*ZUsHw#QZJd=9(e(XjOl{oMG?%;1-uJ(L#{KB=GF@pKp{RJ|=6KL`! z0S5@)6ZfsJ@=CUtzwPiW*PDOskN=etK72)%6I1H$d4}GH3tC%e!?RpMTr$d@*fiw2 z@JQ_+ch_*v0Ur)sH=n~Dz%Thn<*YS^3-woVe$tlK*Kd!)_D)R-v+N5~`ik9aZi}(D zT^FY0=sKg{rpl%S@#_#VmMmr*anCuda5yMgiLGK{+FZSMolij5bo)5yubtP`ori8n zd5IWDQPXeq=Hi1$bXfd%mko&=`LMZFGLhc|$`7iRjPNjBO+f2ESsg?Xb?ck4QK>0} zjfHXU9rwdHu&vr`H|`fyJJxoP%zUfaj5DG!lrLh7)Rwb(c22;5bL-}2gcnfj-Y?5u zRhCI2J~ZjprcZ+FZ{PV{d{Q^oDPlo9+M|zmhOeUFZcfk2gF>uxLK7SAhr1mBH;N06Xw2R)cn*a3npY ziox%=W>mQB#$KQyAeELfH&rZCVXF4y4Feu@$-I1|VqZ}7g~ila#JxL;Ji5V{3{=-B zXo5T_@T9QBL8cxl@CNtoTV)z+E~H5gtM#OS*Agx8DF(($m2n#EnxX&M+@;iie71Px z0A_g75#Ju5o{0kFm_%(qKvBT42I2+c*S}hLg&AFzEuNllfTT8Ec+yu89DWK^{X!+7+vFYTmU^G}L)(m+oXyPW~t)33o&Gk_<1kRY`20$J^)5*Un~K6&8EOX+ol} z_#Cmp*H1rqc+O?FiM&i{!rzcp$C>z%f}_1?^&;yN_ef_`Rs)oKecD=sqNv$yq(67j z2&cTRVSoU@DB>^&9}t_{P_DSI0m5Q*R|9b{Klb9l)QvW#xPJQ5+eaK)v{15MTdK2L z3&r_W5lv6MP~nF{xjC#)t-$~n-FObDbEZQnVx$nCbBCt7U@7hR=EJEN7L z)gnWd8nT80*=x@vkBb}zzTQ4Kq(#O9vE^yB52ExP!0Lz#@0fLgNlk?6xGwcD&C2)gqG<15BPe;+f=FesG zN!7Z^tK8>Xu9Syvy^k=56;)D&R?up`^p_q_CLh4sI2*-|2u@XYXDlqE)71zUrPNFH z=4B;e|1&oXGTNEmIR0>H<@Rv@r^LXcq*82KC}(_qOJs;}6;^rqN+r2KhoKQLT=c^t z5`a5ij*5NLb_(H}E(^Uy!(}aA`&qIvAtfNA`O}g!x>_noK9!a15)98SS%M!|UhC|q znCt2tDX(WtpanHryeQt=JWk9L55BNFuu_7UWc_>YiaWCd9c7p_VjsSfbyTI-JxSiI zDXOJOyDSHRznqO?y{u|QLubG8!xDR*VioXqeyzk98;;Vha7oO{kw*JfrS2-@3cB|j z4DSI*W%Ql4C&5vK7=&t)MxhzDA*)?+FpFLLd;T|vGTdQ3VODK_08XA>OaJUcY7@4z zSp8Qg_5O9b-Y0h+v6!y$yp}flSIy$qBmNfBwa%P2^EzKVF;B&OHwVYNxKs!grUo)& zGMR=-shVKB+je4NTR1JlhqT|;0%8z)Pi{XsJD~vzA(cmL-J;dcTAS&0j=wbJv5n$p zRQ39QaL$;viq_A=%9D4B_jm5v&NIa?k&OSO3P0@ET>~sE1r+FCJK#k@rC8pcDs5JM z(q>!tPK@w?O)GB$dshE9)vxP5B^%R9iUMSF;#8!)u_^!X!8mF_ZHY1W0{OI@*e4TI zWk4o5I@byt-OT$VkBRVX-AtXNt?+DBM2#CEL%#yX`(V z!|-asEy=25pb65ue)odl;{ea7#2u*Du2h{SLq%ikJbF}N87xc$3%`9Sa$`d??T8sV zVt&z^tCI$6Z0~7J8fg8c^>tLtTLBcTU$94_Wat3VL5-;O3ipA+?@C z{3OdO(gLKDQ=zPP^fA`3Jfq-zNUfepE5gH1Bl73Yru^6Tz~FcCUoQFy7=S6u$TuSs z4SC1vX26HvlHYm6SvJ8YG2oQlmKxWgc@=Xln(n9|IIt33`flBYM}^$8Mjo}6+MVzz z6hJCfBAmIk6f$|xESNhXRnxNH-4UF=+8!|H8FbKmJ{?iIqzB)Txk4d=^$~<4))nDe zZwsN|-Q8&W8uP960TyxT##&&Ro@rfFgOaNo7%eYn7%V}EAtfpwH~6x24ZhX{2Alyi zNc(u+u%z`;EE|M7IrQI-Ag+dtX1ZQHi(nwqSsrkc#jwwr9b$xXIx zyQwDow?E&to~M6X>+Dr$@BO}UU9XEK%P>NsG-s0Gf6}?O_ zY{5eAIegJG81?-um2&HMKp%#|?z5byjRg9sn~Kak>cGwyenD~}^XYA_GNSBA+!8No zPv|NbRjObH#`j@cWrHZxl>VRbU~p}#ZKlu%Gh@ZO32xfBcN|>v6BLF2Nj#;pI=+h8 z2dHiPeM?D_BDR8@<~T!%5lI~Yyq3{B+LIM1HYiVTE(C+YaFAW=uvMJ??h!1HMRU#t6Mzfl3 z0v4v2k>E^R31b7R8kk0??t;}L%(|@1O-@)6X;U;PT}IJe96BVMU8#m{zoel*V2dt^^QNToYA2c5Ohnl8s91*&#&9vi>Zggyq^`U zy(38$>yWGnY#4ef0l3>}k%jrHHIO;EAfO4<4R$o&(Wi&^3+o) zV}6Oe7~zoL&8VG|&-U=FiL`JOJU|6Qd`l|+rbV*FN^%+2i?W^PfO>w=jtJNmSis)v z)e^QHhyxmQg05FPkLp4Q=*J{x~SNCgXPAkWseeV^g=Aj{5!HIT&);WW%xjg zKRu|#^?G|FuM@CO%_yp_U7rCZl4xyCz5&7?3@jQYbosHqZ3q>co<7$EmAePdZippS&-RRVC)kDvjhxCxJj9F2yJ9bQHtc2U%e>JrA!YKPJ%M}Vt&#& zQojq-xag_M+heEBl17@}LTaw&nws$Wm|+jt&mRYLO8U|T-n^z!6&fex*i%!$+=8DS zIFw{hhP$GPfUPi2ux(sAxOePx{S|PygeMChDnjxnikb``JsbJWQjQV48mwSzd1S>! z;SH$^QZaEsrjkCXN}bZPVWc*oPonUw zaC{5G6*{2Zvpy91*n+VWLzlukMgt~#Ccibmg5^EbpUDv0|wCbF3>0*PxuRbtfOL(mVu^(HMxxM#573@siy**k67I&L;c2eA~0@vvUQeIH{m{`ERIA`48k zJ+WTL~oYVyrwAS2vJl>dvy5$|J%LDi2VI%zj&)Mt1(b*&9w zGNlcbAXN5aGWh&s&IQ;Wt!0Pu=>tP>JZ8nQQj5suQAz~6P%87^r-7<1hi3C_XX_aM zlK6mTR{qws9?gZpYsdg?dmLU=AyBfW7<2VJ2o$<)?EiyvQCat}llR&^+ty$Gk@l=Q zoW#w7yj&srBTakVQ^jGgW3=rmXVQotwBxZiCN#*?_1A_hXzQ&nG+Apa*MG-l5O2ACc28Q{= z9tHw%S4WWOQWJ-PFNEod45fQbdcp!AX*e5D|D_hv#8i5&ae*JVK!i2{@ZHGcSDI&K zOpg-ck6~TQ>3)He+5i}xq~Id0qpBap88|Kpaq(Afjx|*{ztSh&UWKyFbt9BR05-HM za1PZRjjR{qA#6dRqo_&P{Mm^sL1)3E`Y8<{SG0Tk9&j@UG)|?$^JTaaq7G#jI5A_4 z%M#K5-jgMN@Kp`{Ia?d*eyZA`>58jl@8f=mTtX}|)RA!ZiaEH-MA{hJ40dUu#`6qoD|8yC;(zPF(W37uCpB(&} zBX2I^X}g3*uyx~%e10x(*v=!=3OyWLhLw&-5I`7$H7@}x$8WEW!B|(#+e}h0^^Q2{ z)uV2ANJjJw<^Cm^WtU9d#8R*pj&LI*!=gmKgm@IPa8d`eaa2E`ZqxE^j>pj>ME2?A z=7rHPD7+d*N!i5ZWQ>8H8*8a4{_id$n@K;@+n<$kD-d=VTH-!39*7W?P z@ejUFM;pkJiWD(UoV9ic<{!d+S5ndDLqlpC{ehXc%Q~o>b%b=n!ROdej7{m@J6>^| zk2i2($*B`zyBF>Qbd8Po_={99s5Ht((x>r6m3&aWtMBen<4qCYa7DXMq%xseeG5Nm zgd5=ck(A3PZn#BBBJ`gA9c+(5e_KmTHMe0&hK3FJgOP}&4GqpDdt^+|6y#qDMwgDx z>+U?2+*^!=WZd#ScTy1}Te96OM+w%bW5%SC4ea$>2sBPNEx{I?J$q4i&0dA3iSM_h zViAVEKHU|l=z$6)7B8xA6(1DA3Hh=c%1RryXMgCh(oyLYU!PMdW19)DCEBSD01#=4 z{`tW#cf^6tzhAKf{mY8N!IvV}77e~%L4QbLjvkd4Fj=OoM?jy#yp79L5-UTa7CmR< z(fIg0gmy%CqfDwNz55bD&NA3=0D>-tjm^N?mYG}^8lwY!I|e0CW=IhYakhHKy?=b{ zM6&3FV~y*j%CG#woHuzC{2q?1x*dD{yfF8Og z8@2`<9Imc8i?bC!J5{(mE0_{AvrS4I6~x;{a+ydxHR6-fq-=_;o`cU*kKar$?`bcP zQ8HjrVLscnC;WP`&w$ohqB!pp$Nw)=^?5D`*z;T2-{=NEeJ!n(6kd(0^l^qdRv-FU|>}}p(m{!Ocs+XEHrRESSFZX7d}Nb(1!^$8K;Q}D!t*k zlF)r)-I`Enn_CDx?N@%bik}wi(vk{-+aq@-grSKQH(&=SEJi;po4jUH=k)l=V$aCz zbpQnQr8m1$ce()s!y`GQcEogtW5RzmUdIC70~RJ^r!Dld1T!g3bbn1yu5a%YWN~T* z$OBI6Gz|`mI9CTCsOzM*kH@yh)G*THq$ie6LgrYU@c=&Kku!+(Jsl9BlktgzWoA-% zIcFv6BE+>yH(*Q3} zjPJX4%s0Rd0}}Po8D7LiO_?=Tk))ZXPD=rkU*iIs*}wCcX;_y6j%}f5OjWl-bP7Wu zx`0m10F&5Zoe5ab1)#$|aXUZtlUp1FQR0c1=BGEz!bv!?K#TT{IeELiywCwR4KXw_ zNiRFb`CAd0yiNeTiC`N$w!aCs?yjqE_AGxA0WO;<4$9n|NwopVd#+AZegQqGQjiCb zH=>Vv@#p>dlTNWGf8YWp84BRp*qNM+!*>SCh&$+Hy`_5^j+dQhCR0~O^*sjIT%W+9?4c!*4Lr%*+m&nl zN6dfRut-Ml5GR*U-BWD*NB8MpN-@z#1w=fz!+e7)UOO^>p z=}El!zCRSR&cy68N{s|zxH>UsYw;>T5HDvM!!gCnGkPji^-CSQ;2p3!*uh&b2tFs< zg8ZLME6pwiieKukU?gWf3z}se`*49FM>p(~K;*QLNRKkT4s1O!%&A60O+GPM9d@2! z%%o2fU;M{``&DwRQCf{q9s~jJ3LOY}8swZsb+RP_{tAq#GFd7cEa7)Pq(tyRb|%ly zu50tg>#FZZILV0$m^i8_<9~ujmJ<}jBaUa1>%lrzU*7te8K1&6Qy^{z1IK}(gF8mV z9d-0gcvL`7VR~O}lO0{T;&EWJrc0gw8yDMCkiEY(O73=GdXAMQ*b`J%Aw*5FCI)pT z8z`gYu*qz3J)%A`<=0*fIlst{l0cw01)t^O+XA~ydr)AGcPmgg-;|6-BJNYSU>HTc zY(?131e7J5)7UVP0@gibspaGg3uJ&8yBuPtR-0yW_S-DPgQJ|O&pMA*9mO_YTBBY$ zYd;Q1^C%``*!=d(I8isV$w(;|Sk>8#pr)Mg=r2P>JINt1j!-Zwkj^U)h}vw1 z>CL*@)2A{SGnRT971TZ*chFOHzlLSzI)*`sqJ13^NBzcVC_lN^}s`Uzz^iJsxyhYFMysy{)13l!@~R zEy{xSj)IM?)uS|S=$iC_Cw|nK+Wa;G1_aWgKf-6!aefCer^dJS+B@eu$#B|f;mt# z9T{gzA}WNvno`@!^eTN6p>0e39~zc}Ti`IxoJ6=Wssya30V{aa^ET4~q9w>C9SFS|JS z;XcykxMXj~>p>5pRQe3?zXKAGnBS7AdtXUV6{C%U2+f3qSvj4Hzj-MX8g$eg*GY}pTzU z;)nIb-&uMRjhLL*st+>I2Uh=Nu3OS|oZ=7|D`Ak?=2y}dUx;e%F-^yQ~1z@w1oeREQg zG@SqZm5wE7(J=?3y*B8#f|PYS053LF>! z^(o>*r5!+LMQaZ^`^dnm5&Q=@_Q4I@k1x~g<5hwDWS-wZ!ya0*lPP_>rm9aAp2zQ- zeffTzTNCu-S8)=<41U1v;y6_<=dP^1moOm;dLMK;V(@QM)^`;|>ZUG$SR$94!o5>+ z{l}h4PvQHi#VGTU?speXgDT5iV(_bLwa7Y9yvcm2G<^R;2!_U8 z2rMJNa+VXu&6`*2+fn8-A0K7pU`sGST8=YcEJv@o;H2|WX{029h$1ac$U>=(N^6oV zZi6!L_49oTUDkGFBlx2J?CZ!l$wl+(n9Wu7(w4zD-#<*+-16bQYtk`^B@r?~)Rj2IBD?%5tk$IeAwMu^pAfOO3~inmh^5#S z@+50^_`ce76?u5enAFucU6#0Pr@1U}_#PIe=Pkl^d@nm9!SM>t9V28CbMKZMpZ6tR ziWAQau%vP`9{a8$b~n3I=?m1o0?HJ)#m2O&-H(@=p*E-4T{HPipzKZgjkzb_B|>z6WMF{jg#0H> zc@F2g*7md|^&2f&uE6&QnS$x`e~Q|28C#3STh<1AR}ohym>~C3j;6LB#w_!t+#}Ty zfUu}y7kKMle-C_Myhr#~NYS?xnRbRae5$N)`mgHnBdsrYHa?WA`I1=Q*OJDZ0;{@is;FFH-?5diyGnak4~p`MdQFo$^3`6oAH4G zkILBJaj28)qZp~{-@?4K5gvgu`sn(^XqMjN9+0zNBYz3z{%MRqDI?G}*z>?SgupGW zhM#k=@Y`N~Kw#Wy{cF%m3gjgcF|YgndOYh;7r2}+Z5zC z@l602Dm7uV(3LDS@^@ZFk7AO-+?pE-6Y~_k5_Sdz)11|);V4qKjQh*}*DK)Ti!Ip> zuyxWk2g<{%g;$l1hBNi$xG#78(^)~4 zM&b+Tz*{I#JlXNoWvAkbUmxQVjH^}nAuDSHM^h*W7v;iN#gm-W7JquA) zFF3;nM6W@Zi1XzGEH`NKK2k-fVLJ-Gx6`uSL_@`uy48F@HsDXrQxtr2X%8}eKNzX@ z)wQD9*^f>YiW@!(x+( z8g<^ks2pXAMS|)Th_0gPmIzb;b~)v6qIV`ee@eQ~b3in+GSQv7CZDDwj7!Nwt|6lc zjQWNG#jtzt;zVzg8Y;<*a4}U|j&#=%c+IrHysrfL!3_FKa=uf(JFt#dbyy1==I5O* zv*)i0&Hw8jw8+w2Ncd|F0qavLgt)#zyFb?J-=Cqe-1L$g(Bainc=kMmbBwz|;Anid zZ!aCTL6^S<=+qag`w#d>7<68h@bwv#u)}gQ!XXYsxDB7SNc=0B88m_2`-?p&!Xe|H z2;O{A$RA5)>RhS*=44k# z=BPlK6Cb1l?AU5z_4*g{;f+khzS6|iT{HVj*NdfSOpKXK*9PbmdZRgZ>g&nx`uayU z2Z*lNG2PxVKxJPIRQl!}gJ37b>^-6FJ^~dn%3-$P@Us(k!f&K0N9^C^3wvHdM4AIJ zkw%Qn!ER-w90q>C2P8?U_u>s_s?E#0EV2;V%0QzpS{Iqp`uy!Hw#Xe4Pekw=soQ|# za$73yw|`>3(fIyD6QXigYbu*Av5#9iEq0&qAN)NKS=St-w(JU( zJ`-p4B2`Y{fHn`I6#Rhwt%W`YvssB7S1!OVR#;V5iU=5dp9h|THCIt_nWj&;h-iSk zL^$%*7yYdXL+SN&HCIWv`G)J^SH)W@xy16ET7ORz>}_!E0-+OWb-%WAsj=pr)3){R z8`Uq_CwXm@B3n8M=>&NLdg~9(XdV8Il}@vZHNnD7Sz6x|1F4osbNVsy;HU@f8}}?~ zbox67qGjw5S{3HaHnGrY3h;RZDm-h{NVBXPl=%2e{Ub{4POhMbx$}xzi-NUg1AY;# z%R+MYe_PNHxfB#iLNh#oSBz{({3lW)n6$5-!p0naJV)-42huBeMBebu({UIfrGf$0 zK|-X26``GTuV-;mX=K{?;iDYFQoB1JT$AID(pqY*N{&N8h!p2(&yT35B)@wjgyE^GK}M z6~Hd49H_-)o`@J)jQA;>sD%}k^*#Mi?sj74jTObu36J;nM060fDp^EiMmx>Ks0DLSFcOpE@N8w_>F`CAP@w-;0 z?)Z*NTzSK3FMXw6WC!e?s3^I%F?oMq8S=HIo9n3k&1Hl_!lt|a&1jApXyJdI z1*7)bt+)?2j)%mdYHq0cJSc0?_`$;kYG@iWrWeqj@%PQPEDr<(zuzi{;XD2EJ#q1Q zRHoiF8hqNsVWZB2@%LynH{S>wb2XhiwzxLQ|JYU>o2k_WC6vDjoAgutuC9$Td^ONv zF~iA(ay>-v;qspuwX2AuVOtekX1P5Oe5R2HRlWVK{#U=;?Z;(#vOdv+%3Abb=&mH> zq<%ZA*+VSqw{)C1dv+**ctc+Lks!t_QC6#9ReEXrQbG~IX14&FTR}}W^-*6dkTu%VofeMl%EJ}T zrZ?p5yog`khj%B2I@?g*dRC zF31TR>S~+79!;+6(5DUu{KIYE95fbm99!z}J3g*&pDjqI#vW@-WZ}=$>uc_GO$9#6 zl?H*dmWCy>qf~Bt!AB6lXSdSb{c{)EeJE?-#;-YEt<22F3k-L*?mpgYeWa*~#5m_p zZ2cM_JK-t%+L}~c-zcHclrw1D1=-_;pjjkbTa;Sm2_d$cW10#uk~Wr~u2b7+GlUT8 zcv@XY*>JoH*Dw;d_{i65X= znla6?C;a7f0z(LGMY@b<-|Rh-l%A#l)ncRIM%L8iw+ALLX29ot4>7K6JZ9N36gCax zX*5NACzhYL`AQenetyGtcZL`<48DUZWrJ^o_6ZtdVc-xDeE40quPnhoM}_gxG1O>Z8F)lervn{=M=(Je6LIO zWik1;_W>$c7Js`0A6P)mR>U@{zdxKsC3HI;k9FnG1&9FNIpmWyrd4TT=m3vfew@aV zfOq7Ud{EUK`1p^X6fz9~yxZU*&LI)$Nr8I00l$A`@?J$MdYyqn%Qz=F>@8B2TuGs>}j}^;5xzIsdI>tF_(F-gF$W zpr3$nhzHv%u8cm3VxB*?@(euS)X8#}c??|iYh(MEs{{nDdKPiCA0bN_?e}ur2hf`$ ztFOe;4gP~Kj5mL;yCbuLeY*RXRtyC!kR3y@+JNTUADAx}M16F=Z_bFjV=X`e=Oj#~ zR9OO;$rslEaI;@KD+x{%5#NUtwb-N3K<3;Tq@V!N3Jt2Ecp%KgnGLkWq{v(w)hxr% zTy*jjhCI;?9`Iga23gWpKsbdW2)hD85S+ujz2M#Z8_N69mWJ6uE_2q*OWEnnouL5k z-+242v&HUTP4uV}h8q8(5I8IfsAm-leX92RnM}wbX~aYmAY@yFumWebp!Wym37FNp zZUNq2!CZl4f_UWPz*Lq7PcuHylTJ&oGZN5JmNu+T(1D<#O;msQ2)iszQfM|*Cy!ls zqxVK#D&7+JeVyoPGhM9V#sbj|JEp|htZ35%-#b4K(I1q(SR|7WUcjiSqBzN0#b+BO2Ry2{Z_)T6Tmu$ZUs3nyQ>xTIIa;EqLg=Ej?OHlWe1$ zXU<}f_V?Zw3pla^-8IcxwfBWCsGMTG>N2nx%DVf8;3Bh#z2xNwR`PHN3}+gqJPZXc zVH{4nXx1~6MB6hNVi&SsC@`ssV=@cgb ze-R5UBi=!_NXg$BOuY;$J{>`y9LJKcpdAABp}X@>`TARUnS6Tm0Us(;%eM<;T=hRVU`~L&Qm7KT z)6xWy3oZh`@-OMULz+@)Hf`#!HrFAMGuq2ja5=&lc}V(Z@l`uu>x?IccSz=TVF%iA z+!ep*Fx=js4mtD|(g~2RG4Ks_#gLUph$t1(fgo%BzWoP55~DFBc};s)mOI;ayRw_x z&7FEtTq}?8hmR3i-_X|_`l^Kuihp6|*|n?DZJHogT3R2S>1tz4h-gE&!82Hex>%PZ zn=f=dl3S+S-b%%o1*nU!uv?cP^XRU6#GxbQ!~ph0Y6)ZQkd60HO~8rTAlZRxoy0}j za{N>S24wqD0ctx$MVZ^97C~_XI;It%LK5&Lo~>*G&)-8WU>|j)8`c#GLT?a; zNnzT*bZq1&>oA7Y&BvZ?DfO!5g4OHwD25(b3apn>aA63@FKw+VEmQJJl` zJD^HCs9l7g?m5BgaF+YD8{VdZ%T}9T{GBs2FdN@^qC=Hu$i)GnLZa~c^NU85j=-yo zKpj`j6hcA(_r%L_sd})Qh!7VG37kDkms`^vuIZ6BCg%PHuBs|0_hBUv<+Ha-waSSN z3g!u@UY~(Y6!;%RHLN6nm3Q*NbMaR6iil)MK{72nzyOe>ba;MB58HX=4>D}He3M%LTK5nz&Ich5K>t?^+!(ZS#0>3WD1!8sx z6#rYQp}i6zUcrb`F1^R`zhh*Jp`hxW`-zPk-sQoJ&6#h@59bbON8|Ep#0OSMD=Am@ z9)|%0NhSwIFn8MF%L(c-FzW_|J1QGwPR}%88p$c-zZ@!Pt!7tCr@`rj7*Qp9lM^ux zRE}LGIBg34fz$@BLpVqrqaaAYVj{8`%FDl7*wpUSgrZ-k@4N;ggigm3;j=w{ShD@j z7~s}gOh}`moN@Z5Num)wiP+9t9fyk_s4nsCO6c+hw!UrClXGq4@{{1z`UwdWE%_Qg z0M3!K@w&r1n>ea>)R@}`V`KvLiYAhh>hy9LHaiC%NLgtL&VP9mf)O}{?Yq%URDG2l z%%`Z)pQ3>goEIohoarG%)lOUpd8KazLnBB|Oz1Am5sWL#xm&7kNNuah1CLv7$tIpT z4pT^C{}hL`Pl-#ga@{?llw+iPjkVfOh?gmRPV!GoJ$k?)UwjYLUpSb})MtoR1~9@? zIm=W??}Ie%H>K<5)V_e%<8mvCt@cz3&G(&syLhpOyv?V-)X%H19gjUdA*i5eR^Em= zl@Sfb#9wbPkwZiB%lUWb-gj$WMU!Ec@;j9Tvk1@!Ump?XO4mwkrxo z7!Fu`mwizRJ@*0GqdAGhu#Pw4t?T{P%1HeMlorXTcE4c80q1W5$ z1<|~1^ZWtc`!mp6<)86Pv1ubHbvqc#c9^mFBnl;f2^`{t?D}Ke78%g*a!0bqE6}9Y z!=l!UspMHu@QbLg=I$p($OsD$#nuWVCh@vw{`nYmv#0+;bGu{%eJ^bPu;8iqUOg|UkqEg9#ALajy;)S|Jj=@s zCWgM8U&GGYMC_+@$M$<^2Rr==L?vUY%M&-HtUd|0BrAU_SxvjvH>yv56hQf0M#=mh z!sIf`JywtsQY7}B{}3Mm$6f<{eSC&pkz*7X=ZPc8J)6!Iy_rw0M1NKA6#uOq!#H|K zz+EjhqO*eepcL+!dM2fvNSW}j*{9@`jJ4er(8}F7(0Fq;Y%_1XGKnD06}4sVzME`j zR0}I!aw;9w^D7z4?S@V+DRWF%_i1eTvlfUo2ql+{t6c#(gx7`oORK75YLFfrmsRA)RZ}{umd^=~?P`jgRxGo$F7Dcl!by zAY+K-MyoZ-(er|Io=PkMtvT<}m%6MW(_Y5>h)Kx)Me!f>3DUX>Tns7f%2O}YZ_WwY zS7VRIw44jm0>(^kY!^e1be@F9+cUC*a-mw=Hwtq*HScF91h7WEBS6el2X}Ao0(rre z0e+7i9Z^m()pAvHN+5wLzrYvIpztY|o#Bz0({BzhY_Xw-_fgGb!`i3srDUG6oSPT1 z(8c@ToUat)LC%BAbVggM`lre{K9Mk0XunEtXAc4AgqbxufQO!)Q5|ef)>lt_VqnPN zY^>8jVl27I{6cA+K;A^kB2LN4^jzdQ7k_hozgN~fQB(P+^DCmR;mIaJW0Hnr#m4*^yTLDJQc^GfPYsTmCnQvh zS*RsU?ccQyiB8(f$QH~Gp~b`jBQa7B_@dWkeV6}7@y{5Yz9*ak+BiScU z-*;;^(E~{CZAj>#KY>VsT{n1tS12RXEEFj0O*0ZS-j7c+7;xSs1ALK4c2fD(oE-Ns zXD)k(;}xJNKl}Hi)O_?(*V;Kh5h^VV2o}>Bom~KxD8gLwTsb!>*#YmPD?Cw*0@Ak9 zZ4WCTLQx3>yW>7YFiM(~s|7f`cOOT*-%5fy_(}I^E?nAEw6**xeXf2F%)X)IkVP|dCm@h=L z!W%Z2=Kxcx09lqXUJk6b(K%w)KSS-mfgR`|@yy-p)*|=EW!u@eNk+Xnnp6a%IS)$u zC26YMF#t)o-Jp^F9eK5(wT+Heum6pE|5~brs0LVUU$}RT0yY-gjRU~kjC?JAT0Xq} zd&nXPX+%5;Uj(CR&B3-ZLy@!koU~(YTe3NnGC=2 zAe}rf<0igAwBY9-4v0qLi4X6~SwM;X2MlQJuZ{m%h3w>!LJ|QHI{^gC&0xaSEKyVMG42D#D#JU$doh(L5 zVSn_m5Q@;^hHUBYi0;EYB7<|A@Z-(|u1Sus85KkYlYhq1k$Ru0^iK5xWZelbsr0Vd z+)>f6K^h3(dABkdHpd#*eU_;aV7x2q?J{+}e}iccc7f$q>*`?%M3HC$|0&;KQ$wrVvmf^> zK}B8rgsTGB&h+9SdgsP^-TJHOJ+VrjK>ffm0~1Y3#`bwrBDVd_@aenFgez7_HNf_H zJ}wCl{-X_!i>i0`?Xms~=|8!fQ5|Yjyo|fNeg$Yk-I3GYAOskaFM@X~bD%g`N_eCp zTBcKZT@5JRZ3)vqc_$)wBrhoMI`F$-C#n} zXORBK#1J`v;+T(>K2Bj9S8`-LTQ{S5{*gFq<(!k_OH37kBhNr{DB39=$RboLU=U!DNrYW=+S@v?dg{ z#IICQbRImL9$WvAU&$+CUVOp4-PhXym=G0p;!2vM>4_VHH&&>m$O<1MO2MH~g#600 zg{O{M*rYg>tm^cLOiJVz1c05k%4GqpHaRJDn)d*Fi6hS4X6vYxuV&La(-#Fu zJK0A*ZFHQn%&!8IN+iD}760%zmGdsa$Q<-OE2A+^Ei+HP{dnPP|4E&A^YTbSO@VF_ z=8zH>@*r-zm9lnZV1603K;SN$D_l17$-nSsauD>5WU?4}^q|8y!Afi>Cb9fX1(fHP zm6$$yn%gz0DU0zAu4Y6hyT>1_E1^a=~)PM)?r9{;~0g>8MaS8RL{r%2di1YO;EaKRP_X`rN=wQ+fJc}TNW6)FL z_=(%5y$U^n5wYJ>UW5F}q91d=%1V#74qzld%c?nPBw!jz5m|`M} zcAwj|FY7-5q#3(aex>`Kn*iiIq<^f6DfA^*h1E;R5+s;J-->|}($ActORrN5&d(1! z8G!hN4#9ia^{ST6;Q~r++qSRl9$R(ku>t+@`XhWwhcP)GeiEAddsU(k@|FYyVp#oj z$Wr-t-0J-q54JQxf$|9FZb*rQPBa4Kz58RsJY>KAR9kxb!`FclJqI1tu-Ho{1(F<# z3Vts_0=zX!VBw9~Rr_xJWFj7?u15e4o`1tB=*>1XC&wy&gTe2^dv4%kur2ovlo=AWPqzyZ0sLTtA^Z}j}Mw;!ZG+UVi*x{fPjQ+PQQTU2~H>3gms>XjoCTB$<-ak9{3&8~mz9J!a~ z-rIna8}|Amtqp?pY{P%wIIGgGbpSm6YeGWnm=W#G^Qm>M)Z6t~#vfE?yV4ZVO6*Ro zZn#WLrV!#zicYX594p@7xX8slr7a1fzS$ z<@Z*t?gF-47uXixdl!FR%}#(1_%n4Dmf9#TNIdi@{_Y*5MQgw@9}Snm}0x^6r>$qR}T1G{ImD|3gJ&{ ztx0t|lGmGfV66jM^dWIa^?O#u_~A)}7xfU&Kn+J1vkg?0TC)bRKzQef9v1 zTm9aHxg`dM&~<=J|M}=6Q#1NaZGNNV1<3D-eLpHt`@T?{bp1>5)E?KF4T|xZrlNI1 z3h)G1*O)1lItLy9^u?z>zd*UepACxfdlJmGrNepd{)Cuf6By-|h?ZlduLT81oopFe z_FIeazz@aE-8XR=>Zn^~oPf{2WkhPF>@`!vnx6w~ZB~Cx|Z0z&$!XMm)MwVc6$*wVG40!2j7<(<&Fw|K=NX<^a@%ix&Rr zn-;+iq2cU6#TjA;AIPsz2xeFyw_OfMTv6-eodo%a{xr%odEU->c$sq9Z8jBxG>KcM zC*jajC{zc`0mr2p=r=DURSG8EGUTsWp86xm4zfS+i+(5r6xZ&m{onrT*bvSUElBQv z2NcP1f4~%Dea^=L(G8w1GGS1w63I2fqIo7{bD`{sqOZ_f1J#+AWvz96W22Iq^7DtM zu4NC;tr5%hU`s7qb5U5dvlEP6dQ&%knJ=UMPt7SsC~|PL4k^dL%3;V4 z#~m+!h$H+fp0TSW0BN`Iko;Ut<3*l??6DR)XkaC^6fF2BtYdD%_9Z$PAo~wA?7bG` zu7Aq1ubx=gF)KQrdmN#Ba%J|uRzt`>6&lelh35C)NLi)o3+ib=2BRHo~hPkV$yVo({odd@oz zv(6(0S_g71b-o-PvU8z%Ul$1oco!|XOa|Z~VYz-!dj5U@>tW?Z&vqly_q5Q z7}g@gr8)kw4|*6lm)7pX%Ouw;v#Y<;v=P3*Q$<;;8%NHX=2i%ZKneP4MqY5CD~MM` zr|{^_KcK<)N-61wCWHWk_d`qo9C7yeC_93#Uk|*5b@LLh%4k@A-Y>{!-5z!~Ed1n) zF~JxuP$a(~WMKf{*Z-t|+bZP(I}NPYb*}+BU=m8{Cj$f{C{u$0D^E`mETd04n->ET zB3Zv$c%l$UkLiIip5nBx5XlbIlcR)dYWRT<^gkyQT!Hj04p%Nik3c- zqVo*8MHKAK*u`;6?v-BeVN4|Yo5Z_CQ+$)C@6 zn7~c$Ev|ekjNwoUCvwhQRyxG_dD(~p7PhYZJEmc|DdG!7I{{STfavHSFw$9<+qVia z4zW(nH*2}_bbC>UOWl87n7)+V?-f4npq<8R?$PIMzP;WIrvyjMHCjGyL_JXq#ngKY zitdR(Bkq;2mB;8XnVVWRlxVvBO&S=$?gy%v?|r5b*8b>u*;>g68=ljq?~l{8dQW_# zND}WB+RaH-km~QRJmr743EtqPAgLCHRoJ@Dl7f<(p2n-mZa@U|Hx9YUaGkkME_xt3 zZe?6q@zu_F{F5{697Zls7w$de>9S)Em?Rd&3V&x4%fp|!T>z3w4nprM-qVzY49|HW z-fp_f13a6wu9A3d4t9DVK!Nb1pGQoi5`hv%@>PoPOJI(={(}cT<(hCo+jt^ZYp6AD zn)n9XWFLc(ZTVdumYnPpY&x1$UeCytBSF!|(29 z(RANupIuc~5t(SPl&!CRujET1PwU6*QH+xRb(O`|BrnR8iJj1elUa%{DUjut8yr=N z%)K0%gC8?=j(tyeS*&m`J3V8g2;pRzZ^Y3@Ajov?QDi!tyjl5|@LQc7Yben9V=$|K zZ3x}W0Z1(08NPswuC&ywA>2$VbW&J`P2xOeAgeEY>ZJaj{#y8xk3e!#kG^xb_eEdC z5L$R_Rt;!uG*uS935I#U94xAs5a~A%v2>GS1-St>VfzA@zGeGpJsg5?J$ZK&QGdn$4#BvaliXGJKBu5+Iz&fTs z?f^hBkswiCRmh;_6udv%7Yzpgs!$^iAfZXE@7W>E*}dMh>5#`Rp^M=$1UfK zJ#Knzz1%^7=Nn%NO={lc?q^1-in@B7@hT96yonuyx0zA`iW{1YKJcXdTnqGUuzoQD zNjehmC1R-&QlXf!O$PUyF;)5eoDo8Zp*v-cp99yip@v635Qce8PbJ5%IGkX>O_f?eN<^2*P7#yxQDNQ#I!iK zk+6dfHQo{!)am`v+CWb+*U=qjqz)`fnH{BCL{6vk3Nee5>F7yJ?dI5UYT)?&8_eNX zX}@#Rct%h0iH6uJ>#OH8w0{{yZ6!aqQB{I-A>a4BmlitfP-!K_k=cW96w+LhMXo4b?jlGa_-95}<7jW+ZZ0_z1 z%5q|`Jh80@`+L!!eRkt=V(q6bA>h?wU7u71y}o{|o6M@MAz?UpuKA(c(U0oD9zYX1 zD4t-FcOI0%6}`key!TddcOJUIvGaVLA_xLhG8CJ{b%5cTUdpT0&PO2J*3KWlIEKsG zQ^h7ao~<_z6PrS3$${p%rUYSRSbR&!AWVVMUN*_;FD=N$URi6owrmm3}-O9KN#Z=Z23epT3n};TXo^V(&CTH`^su>j17C zYeJQ0(Z*Q!9joEO;{~1Ks18OM&S=nmHpcY{4pVvgO~^jI*+x)?g{X<0td!9QIb=Ps zC)EQoY#=f&u@*c?EghxSO01Nks8_1)VPqb+3u4Jqh-B0EO*DWaED;o$&rk_~3p=z(R^fiIAruA+^<2i+`HPbIx+#M{i z5_8x+_Lrz0{8&J7Nj9X$vl&)Q6`Ry$&9(|18IgJp2JV*Vr($kxf{e(0Mu?!GCvqS4dC6}`~}ITNvJ@@ujU(o{<5rpY`X zqiMz?l)zI8k_ezS817W2)Kd`mzIxSu4iV28g3p$qFuuNuU|YykYs>#`%`yFTiLh+* zuQxm%Dc=uIKRy2&fVtWiN+_2-2j=Kc?I__C>ASe@-^^|93u!fDJ@7=h_P$_s3~ZV; z>&Uol?Sun*JkXNqEid;}T{u#j<;nU;Jx7c%h13H?7=?#6S{IH!7%!j53UrDkA+%&b zZZ;5TL+E3x7qCjZP<9a8EO8e*DviNP#mg)c6mpHEiKh;-%K0QD z#32iS*^)`_QeWh!U(T3ZbWr+wlR|M|JgFUY-)`<2$G1 zhhyQI%+nzZ9@T0euk#qC4&cqR&d8D*#-&4p2^2z(fz*T-Tv?W0KT!41oVPOP`39%*&7Qwn4N2X6q_!aWju?1S8O#@ zJT@C==}GRE-k&cFmEi+2D(U7g%CZ@PX=<_RR8BJB78cS#+TJwvhqleZNQRPlM2)}@ zcaA_w-iN#@tZ2?WZea>NU(YiL7l11H8@}`7ynO5YjwaBV|0d zr2mi#U?H!fuWTI~-n0KL`|0_q{;>ksnjj^+1Bkm4_j7N8-}Tqqi3plHK8ZwlfPb;( zukSs#x51$_GL(y>9QO+L;=x4U&#{ymY$(}d!YG4`#m&Q_ zq10=PkR!R{xQ6Z)fRb7&_>$6J0FZQcQq&?!nfTzMd!SzZ99>WqHYKE=j%)6SyGN#U z>YVY@l?s(@1=q|EuNoKWUIm47HDHw@i>ez;YE~=!{x%QU_ftJ)2NPt^?3{jzJFDy) z>ULJ1`w?6Jtv&_!GQqdGm0lCwQw{2%lvarQznA zEih`^gtP_}ZUJ7n4!e}<%wQmEu$!=|YbVR>ef7&4La${zVHe6p!2j(l5Yjrn-|Y7f zECmF|%RZSl_XrmlO~(;vXo!5CSGn^o+5*A?F;kCDN{EHPvBf!%0PNx-Gp73*ahtAS z!SMi3T=1W&H+qN>y~~(%IFc{N5&!(pI&UkF8|Qff=KEPWqb5&xvy`v%>Yr%vzz0(= zyJu2aHjmQ45dGAL?hSV(GvA^+mi+*@fmQ*yqOQ%%L(?#|B+-e=HX!qKd8ecA5?vqM zF(blzboZNv6W<;vJhF5SrTmW2bE9>y*W^>m=AEo%|QWU%s z96>5AwizWtYkW@{oR-VIyWkod^ z4!4%jw|3RdV;?G^iY&#P`HaBIe}0!cy=D=??jn;a2`XeZ?KGMJ9QXi&nfcZpBhb&X zl{aFZk?93-7=>F}(3IrzQbfFO9;)VwGE5WT8{*hO>N%}GgJAPrPB=idCl9S>`8;M* zx1dLMoGjK824%s;lz5VD_K1&l$g!X|sIpbQN2!(X4&Y2NB|`VKY5278kbE+?ulJ7$ zpG=^GdOwEKy&7_}Bh23H{`Wtth~3B@cYRV2h1!5&;&}D7{22x+g1PqCJst~Q&22OE zVz_#mwUWTaGM-s6uW&~46#lkvamZTGpZ#%sRlL(i^Sj>(5CMgFx(AU!OCpDkS8yqT^S1qDYb#MD7i4AtU97-S8Oro#e}aZ{>`QKNOh-eEpqf)}qR6veQ_1pB@OU zN%(Xo@P#rDmj1NZ`BYjlb#-yx#bJLFC2Q?WRU)Snvh8+NDbVW*zr+%SHo5ipGB|>8 z6dAEqjv^DDlk0x;@^yZLHJ2@Pgw*IqU;6ziJ&)f}Ar_h%@ZTv^4Xc;}+x;Q31*eeu zO(>w06j339us=O=$b?1X{~HVJ719&2v|LQqybMxSzY&Tgza0Y?@_tHKQm`7}LEOf5 zvb-UxB)_(;_|{nkFCGrddAm18I-KUrdpmHwQ?3y&*hWR8iXL@;^eK#}z6?&ANACYq z3nSje{#VDE31_!S84UhnsapR@=X}2lk7l)o)HKyso>@AG;%AdtV^QP-sx=a)c+f3E zsO^ z#r!fCzwm6I@O%%&oaBi-b!7;eCA1W8$s9Km-0{27!X5QKn>U9TBXF|+ZwVC*$;=>d z^6S9hq9Gt^Cb&msLBAd&y*W-lTd#BnN++B<9b7qpZ=9-aZnAoapqFYt7scJp`r}@6 zuPxkO`>!c;SHHVCE~pQ3cTNo>8er<=515DOeyMC7@sPTa zJSN+!Nf@ZUV6@MHe|w3fwx{gmM5924Zj%gY4x=$8S5Y4VqQS+1^tpXNqdf84x7*el z`;Jtzk^;MdCD%8C$}VDR9&K)HK~8sDDh37RPd7(D)0D+jN6w7DtzbH?=>!(^I`ULd z%Z;Dpkn2rRdUOx8ZSnmxU(1`tQq5LPJyPM1OLkxPQD6qui3Jr>RLBam#KGu~8 zG%2UnbGJ#4ir%fq&W;VV+d!RO_Q`YC!QV1MI&Fmr4#B#P_U@qK?Wfa-CrjWg;UfE# zeuYB@reB)PT z99>nZkmX2&m2TRX;gUYDJFoI^_UxD6u1Wd>PAY zyxs-~Ip#&>XY-bjFkGq9|9kdOEdNG1Q;=ZtjRBd@I)~sXqXV;%HPxkctsObwRP2eU zed3%&SOpeuY(B}i7X%cR^(Vvu*+{c(66c+OFBjTm|aOt-+D}emt6N}Hn9Xd7C zH+u^1vADFac?S?b5m(ym3k-@4IfTBy=xDyr9Z7sSDhCOjnzcDz5bqe2UR)Eq6aZF? zSt=IG;W%j{JKLTtw{6!e3>@3pg+b$BZ+v5os>Dm4vjE}%JXp8kg7 zB@Nh6S@)QPF^fKnZbx8&$a5n8)!}X0BDu%Fv{bCtn377l)2g~s3c6Iw0BJ!iAmoFY1 z(8cv(AOn?j4A-KHp^2k|ER+$FVf3<<+=z(f>&8`N86-V99oz7|f_$4af zA3Shd_N-8>^XNrwNU$*>UiIX#bdDjAJ6!JWRCa0yNxifS2elnB1+bTP`wzf&>y(Ix~7%+ zWQIP;W7BQens@%VWnvqx2S?ch?0RB|M!wgy{G4T;8i%YT5hz?NUSH1FB#^nTG^+UhPxi`WhBsILgUqG*KE)dA7P4xsRcdB9qn+qys4!fC0QbMUxv^1uYl#HYq|?!)G& zvGFBEEsjHK%V-F*OZOoOrnvjU&D)-YC-#=qV+QP`;B;l!2mB{KvCa1=`ck2Idg&WE zx7noqv^Y^Fkd#SvqKHyQ(z&R9SDx~80LWl4eIk;C^{&3QeyRSBB50kb4~|iRZ~f|C z%xW^oV$PXVoly^=cNLvCr1Wv;)V~7^(H#pC{thto+iPZ{gK%A$7tyY^1JpIf%g@Gh z<6|;N;J?)nsptGOx@x;csYQ4Cdm=bBy24;yJ+R#4*5R_>=(F%5-lGTQr=Y-bZ_uGW z^idsW6H_sn&Q!kHRfYrX@6Ug5RWq@ZjNAT^_ie7^jI-;O?7EfD#4qNf2#VlG@!M^#R^VEohwxYA5;ySQgvrgQLF7doa-55vQt@4sc*x%tpA- zK(@UeXhYDAok9M9X&xZ7AOH;VmT*(!_|RX=(Dl(#_Ci7Hk-(Sz1jv$MD!>F40GPPy z^Kgc&;AD_+x2{~eG>GK4e5qwKnqRZ|{sc%!m+rqnhz!y0BlLFfSiKU^c9b+vXY!3J zh?4u#*nu2|yy(a8foaAKtI1M^P#3vzf*-*OjN|8z&yJXP<~Y_9R0toe8s&dYmbJ#@ z8Or~W{JB9mnFq40FXX=)fWd_> z=Ac`tjrx;N3%u3H4+zxNlEyTAU92v?ec4q9Jy+(1>|&29ggds+^m(-H1*k`8Onk}QiyVcm<6bNK7@ zI~Sd)dNG9XZWW^8@oi@02T=Cw58x_epz5D26YNZTkw62yZb!Xc(!9S>M> zc4D&zOe-<^N<)nWt+yRR4Q)5eP8u?>^GBH5Ub= z4a}jfUnX}GoH)%&KMved%4Xa7;r}&RRZ1G5MW>s#=9jPa*BknmlShy%!SgBTC>jf& zNG$oQi}TFhBC{Ty@UM_EMptF@)pWw3iVu^qMXnANi zZpO`Ih!zTbf9-ypy7lWNhlgH^E##Oo$)C4XgDdbnjl?*6T?Du{Amv>w0J4Ukv0=-$ z1>nC76VA3o|145*;vF4QA8B4m`356AD2Od~bhnh*(|l_bjBcia_rkUR1|2PYy8@oS z+WlJ(Ts^QytKPuA9?~MGM4IHlxcB?%=Frg^H~{n-d-l92o?AvH$ol-WQ_ERQ-sYtr z9h@^E0;tpIR=J5K@(#xyl48bIe~PL8A|4+8q^>rctQt_gqxk;%bi=L3aeX}IRKD9j zJVSx$SDoDWIh8X>rfxu{j$((2D+l@7PVoqyD7&$_t3GYi43LZ4SeEhoe_8zroOHK= zC(5)ag$CUGfc;~5fg&`Tz(y4P=gocGD2D+J5eSw>gA*h%rH=^(N!bzO{nHF!)B$_} zvaFXIL6LRe^_AF^Fl+Yz+y3VZN^3Y~x!rhn(F2|9FFbr>(ZT!wJhaR%glS zRVd3xfWWTGWuhjk{Ke?dX1K8}?h~vtKrCkJ9zBRZ2rQEe z)Xi5)DGwkp{;pV<%jh(6#yn$OIS#*tS(7MV^t;Kb^yfhU5tyb#jX~N*T23brVXdm= zSxy7}3k38ub9BiRENr?UO<`k#d!7E{z{D&xPu~>$=Xn}<&(7olO404RyQz6&@{$jO zwitnAPqlb9id=|(`E{*NAQvFQ#n={u7)uX?bh_`_lrEw>UVmfdgF{)jk;s3&PCwz~ z#6u2=fuZ+-%OA%%q% z6bo_ODayVLl$Dm`N9o6E6T~BrJAlzz;58kFVKL7|hBY(FXOwlMITh3Ak@+4rk8FDQ z`wU{r6M`gfe>Iq+b(AJ^>U#g2`9$uB;p7qp+E20zZ}{gC0WyDwdXvSC(4Kw3bZ}~A zrT8S+`z2ws&o@}qO04R<(QH$2>w_P8M%ByZy8r+cdqHiFoeK&6?Dpp1{Di8|Au91t z&p_4U57)qKGT6Z-O_~-TZ-_dAH84txxh3uhjskB(o6FnK%cf_6TlAI zxBYrD@h=^w;2o`sB;{D`bFWR81MXEx5b&y;L~GCeZ1nV z-G>NT4&Ky&AF7%8u&gk&eU2Nu`h5DmG#9eKZ?%Oi?N4*t3MNR%&H8v1sG2C{@bl#+ z%S3z|QG+UFJWLTxJ&R~3SRdtJ)Y6I5IEO1oH}n>nB`9vEo&bz_>7c_Ow4 zX7oxcO=BBR(CD#HLBdapX%@(`r8Q&4I~R7DHaY*^#H;S2U%vNWZtt zrGdHG=~)X1`@S?#w85l}(;2VgHt8?$&9=4B*#3$EcJ?$z@W4)9S$F5md{I3|Y*W?! zFb={f`W_iiY%ZQIKp$iTbPWF#oHmOJ#m1jMhMd`0YFh;WCZ%&z!#BpYIlwl=&*s2r zOvRc@D#$59imLsK!squ5)40ZYM)EdEQJ#~Z2f4S*VqvuWM!$gf$;Tn@!yM)8El9rL z+}?q=51`*I$K0k@F2S#TZa)fn<~BQ8DEs?6A0veJUmgqQq|F>LGwjNJg(;EX7WIO) z!e{tptx(`&OLe6xQH}WyaceEzoA| zfB*`-B*kG^`Z3hd>g-Wk39(K6ZW%i>;*6wOIsi1h=a_nkqRRZkql}N&2C9I2D~1a` z)g2FFzJHiw^IE5GNHM?(m*~F7q^M!q#<_w|HG!E8F~xI8awJI3lO1tKJ76$VE< za>y+$C6)9{dpJ-(m*OA_r{@OnIA1u6^}%uuOEX{-5L`)s*0d%diyOzIGC?buu}>T_ z1CTS7l&sh>H85ntYExRkqntq__>9!p1c>6GJ{c1RZ02-Y0RoV?Kb7T@iF4V@3P9*v zgalD-0k3HJmmM!i+K3UGpd1InD4iXfAl>x4N_@Ty@G{gp><}Xev2mavMi%Ut!Axid zAF`gL2CXhVbd;m(xB(MqD#7G0hIYt71@en5Z z?uHdD5=c(^yzGmaW3}paD&1E0ijWp% z`$E%s#<8oQn-zxaLUx70wtMZ+Y+ZTRP4gmfNd-s+4=<&Pys*uw!P3N2V|oac2u|*K z_`}K_cJM27-YsUXXF1UiK&U`zxH8T_sX|*-=^tZcG$&h6A*dNt?K$GzhaH^g?9dnY zhq6xgCpJQ&HMZ%PE2uX-LiGOws0th3DKWOYzU`OC&X+d*_U3~t@hJYNM>>Vl(GeaU z?b$g|)!3Q+0iycm;$r26RS)jWPDH6f8L8G2-3L3JJ!BH~@NGv7MxXHJIWIjKcr_PM z8}u`ZeiZ+=as8MWs!6j|@M)iq-pLz_T}IZQvE#h@IQK%C%-aG{%otYn-|GW)GqGHU*7}+ zg!LvWP5TFWLq0Xh--A|}k=^d`)XB(tMsy>Y6@Z0IyNXSUIKPrgphs&tLnsXyje@#i z_Uy-Bx1y&j;=XL?MwV~?=)223xOX>tFkUpg-iwrRF@REgdb2amA~{l%UAwJG9<~dHg>o$LS8N!i8ovF87O3;8;cTG$D!55f^tvDm{Tx-bX@ z&_Odu4%kD*Og|_+~#q#G{F+UN^b#0-#OiUtfUW3x4b8l#QY-;fN9eO z9&{j^uvI@Jr8I6VY#a};(as6H0t?FxguXL`(KyW4tuQX98OjYJ<}>QHE_Zk*X9fq( zzgMAN>u7$!q@uBcD@MhsI|9z@X4dD^ij7L~Xft|^VApPr`Q6`2d-amzm6srar5ub= z2U>pn4hdZOzlfo~t*edZFOB=4k!r)ftx<=q6Kz!)=T@C2f$obkm}^(qC}r_n~B zK|JEE2O`87>;?1ssDTnCQc*>Q*h-_h(ye!CVW*(``vA)O9dQL)rY`48FmQ6YiBAG! z*tnir1rM*$(c_9oO9c-!NL)$xez@!}EoYt!E?OKZX=rmRTY&=eoGIWQ$ya}#k!ShE z;P_m$YUwg1EQCY+gI7snGcE)n10l#L-ySe^SnxNg$N`I_A9iUzXB5;I6EFqEi)9qp zjh_p)xw~LBd#!*=%`dV5MN#jf-Qlu6#`VIA<~e?hWwuJMI^|rdL4c29Da~1~2vAl! zRjjNOTXkomYJuvZu7rQddV*2M@T#n^sbP>sn**+aLv@z3@Vo(PT{Fmdq8HA)Q5HY< z%-k1rzvY^dLVSDqwH^w?O>bP-+yodf5t=j8$gX#puWSzAV_hh@7;LWrb2Ma~+jTXv zbIQ+%FWqlZ=e~~jC43bw^c>Ltzh}Fe;BR6;!lA4;R2(ILNnh6B$$U9Th%zkCog@Ib z4X{3iw-8G-n09kRbf~gO_0#;DHT2!flH7T0m0S@;Irl)@d%W}av&5i}Y;518N%_Ki z*OK^eqo}49|9W(( zZ+d$(Y5LGL zr$+{;D+x*S3iLSpG4Jg;A1ZM$dbiDtGN>oJbKnlf zWEqGsJD%XFLK3ZSFWUs~KM!ehp1-`XR50I$bf-zuXb#GVWFX-FCO=Q zR_j#@-#Hh8O|OffFc#=HR<$S zjH51lHxMSDj{)z=H7)HMB*+L=`FQ$)k`||^|Bm|9lLc0ClJ{uq>Ew5njvyWAWn5-* z!l+;Z@s)^=1LJknR?H;5(mJh;U00tW>1Sz%)Cimuyyb*>A$aCC|glS^8yYw zs3+?N+&Licc1LWj9TEp!mD#O1ATID{?dlHhE2F(+K5p}i-sG1k3Pe&4ED)bX)dKqP z%UKLj>8%;5anfdxS>*sIvGy6aTigwwqsIDYZ`<=IzcH=4y82?vnC1ixn*1L^BKS70 zIdx*O7+3|{KmRU}?-NY_Zt9hh%eFS?=gx%#JM-tggHJYa$%hz!GjWrc>>J@#(IFYO zAtg&V^RQ0HVxOAW?J{Ekqif}u>td5h7gS_K60BS_5+cmCXkB}_F1)C{-B%-@uVpMy z??(!N2{PoQq=_aR4fQF3aw?P#!zRcpQ8pQRM;Lwjg!tXTg`IU0G^k_tGZ0&1NmksMf@yffN@I>#s!}}Bbb+}PIAyc5=%3m)$f0-1_sJ5 zMiqR?uBHal?S@MvGe*8uvD^v?9M=|+cf7LlS_*6}wy!I+CsiAA_w#g41rmX{gYBz)`hzb@* z8o8e@nI*;+%C!c~81*5{^GERzX^WD8EA?^d$c)S9zZ}UYr44Mz83d5K-Hru!B!A(W za?KbgB_2cnTZJ%}SWvEiLk9Xh2}*CRkb{4r*PM`I8pP8l z4J`q->#4bBT3e&ZNSev(1BO*NW$#uLCxT{+jT{-mWlCQ$Yx5?b&+<``espY^6bypGngn{m3bN zGxi-vXbX(s-oTKC-S1ir*~M!%Iea|dI~v|QjiFEhl!DUteqi33BW*pN$?)&pa1nwI z`t570gnK8Dr?(CC{KR=W{Ww{i|9@5 z>VkueK$y7KBHw}3o|dQ=N-SLQNGDnk>dlK24w(#c`#AYJS3UK$(M7GEWu7}l18g`5 zJHjz1j|}8LNtZo-a;Qn)%)xnd00p#>Eco0ZyDwHMC8&1p%wpepp(rmYMZv;RSaPR) z<01F8sLCIlRIVHhHSEtI5X&}dT+K++9$o4NQ%4HUFQInVPYNpN`y$HbbeU_{Q05rM zRJF92Fu+;i^u?%i;Sms45okzclQ}*6NdYC27+Q8VliKGacKc`Gb7DuUTfw}gOPb^B zcdQ>I_*dIRT=;8-)M=FhL>6ty-B)#G63OM4;)|fjIkQQ9r;!CzNWktk-MJyTrthP} zi+BCBc!&J-`IkX$$w`CdhRV@mI7KQw*)+L68rUF;RNByk(^@U<kNUhX6sviRipESzG>er!?Z~s_*!W)hLqYmryph)7nFnIo3v2NFEVD+w;*)Ge= z)N+w9BMEOtMJz2s>Mj>N^FQO!vryBOXxl$5!Y>{cEcUd(( zl-e5{pMMu0Hgq!g{w$3TnmEtZYlDe1Qs2xWXGv~Sx-f3((1S}|iOEP+rut#_A4dUB zSiYflh0iGKA$^7KQ@x*<41fbtp`d^85MtOYWcAI(+=QTZi(9sy_L2$)M5bj>U$cQC zx}-~$MZ$8uBi&+*LH%_zM}jVMBe=+u1YY$`W^;C#V;Xc1nsGW7y`#kbQyboh$^0jI zpu8^Jt*$i5L93oHpOw*^()$e#m9J!X9)aKEqxy#7%(2Gc7(!*5&PAL_gu2rtH(zpn z!>#|IW5NZD!(v?-tzG1nn&SqrbT?5N54AIbZNj`F7uYv?bg%y&!$_OPoH%>6+2QAR zjx@bNgd(`)eHxvIJ*F&@<0%%vxrSTUt_n@eUaJvUX2&o-2}e-ILv#3d!=Jh*`($EV zO|nZ=2MK8^j!OQ;B@F?(jgU9YnS7xc(f+qqLceqEEN~|kLNogKpRc4wu-)vm=<=4R zdCO`}>lBN3sZ~uNU9@X2%mnh4umhuAlx!${$^6IaCaJ-p1yCf9Qm+}1K9B@QBrlxY z+GqGxb$<+Cu(SXqFF6ML>KA4NdFL(WDFXXjtKRNFR`OAyosq%*X?;S#>wy1spPCTz zc_`uJZMhAz62^ata`-FX=G7vcpc%PmDlfvE3;1ALv9Dw?x2!BO`opRWx#DyLZdHqsIF6HX*6_Ht+C_IpNL)!_JI>=h(*zCRvAakk&J))Ne&_$9gKBl8* z3t17jXPFypV~~nKv||-BcBIPy89qM`A8$f62ZHgprD=P@N&AmVeHMeCzS;M)T|Za% zAK`1>`+#z3O#}M$-<;)i*mnuR0|kN!?4R+qgKd@^BfWBOLEGHn`^_%5DVPw#H&)q8 zC5BxNF*5TF6~ez?RoGV3p@Oca^tiLR{X{=gsrN5;-ZSUPk#43S6eQ*%;zl7B=q+7K z0ONs=^b-1Tan@G0793Rr{#@wAqx02HYXUk13z2SMWvyNjt12C4@57$~S#C@}?_%AO_6#f z|3`R_26k^K`G?6Lk~2$nGK!12mNMe}v`>_oxJGXrjs1T(zP5vH+S-vsGNiLA?9!}Rc8|&+7)OfR)VcCGz+3T$%1t-Hd9I!Gl)@H$<07CrEBZ#E)oe2$N z-F zE4A5hSc!03y;JSEqe7D{|6*NveS(;a%!rjTnnM-A9+ z5(JXL-~+J>p3a&s2=_q-B;Yc3QN1bRJG55KU{@7#Hn&>HgEX&Pe#@P^yA}$|3b#oP z%RMzmE3T5ieyvTaaeybz*PF;7?>72?T%`y7j8E*ym^gDHR(j#4B3KB^g5y$bHUxB9 zgj4iuZkUj#7s@P=t?6@NN}MB)U{I!5bI)nO;3Y$7FrmLxU{e3gO-&aX7e@_YQG~es zbqdct!VJsu-&bgwD2q?l)cv^Eed@L-S8tfZDh6gadpv? z@xn(*_M-v?(N?(s?m%Q*`o8o?!C|a!eSW(AWmc)wWFRXLfsd$~i-nf*4JKpbuM1~V z2?Dm&H`RctU1Gr$iG$e)nbL3CzPBuRCr3ai zgVDI&fLT^^%g@1mJ>YNcK{Pkn26n!|lfIvn{yAm!fNk;Ac_#rb4DN}5gI!vuwowA{ zvu#~llKm?{27ki*e0KPWbRs01+#Jn8ci(JgVysg}iX*ie7{U*ZxE9gkx*&XVz7UHg zZ%;0z%85Ty0j`Lpe|N*0*Qqv-?_3p1;>*Y}2O*>PeD}#B&4|H7Upuv#_y293{v4r5 zf4c1=>+VhDV0mL@1*G>A;OfG;cbbxj#`?|2u&w1xt+!C)`1HVxo#Hu4xwM9hE53|F z+t){s=f`LEdi7X9==uAJGz*y3v9xPMGrDhNG}wub@d4}BW=JUxpStmU6Wn5iWZ(?ZO}u3(+CBUx%Jq^% z&2T~mAv}+xJB9h-4S+fWm|?~y;7FGEen-xT8HuBgs=vL2cIW%|U?15#oKPoXgTDIx z!D-Xnv*dkRCRRlK3g;0>=Qy;U|v8 z?%X&Ac*G!cF2j?VdRLB6DKNl&YAriHKOxXWQosU@BK(e^k0EGgn23#y2)Z>B!|E0$I3ySZi=7c)8nZbb@?V7z}w#f>c4^T9#QuG zo+X2vb}bo4<{Bx;k&u&OxNJoGW8*XAVK~|a%s$l3OyC!YPw*ZxLmMh!J^T!)Y zt7#_$7Fy$8$i^-XQTCUPu+v}i%!b~6ZP+}N&f)yfy)JJosirhahSfZa$uV!li4k8q z^_3-vnBa6YtTe_&Un8H5Na5V*`8Kz;9hU)tzjWXWRY%M2%@)xE*CU^%3tK^zr0On2 zMG>(g2i9w$hvoepxt+{RS-$Dvdv^65`j)Wqyg}+q@eLQ7L61qq5CP06#$Ns;mZ;T( zM5VjejYUFz=Pgj(R#lBw19Wz1pJ_dD;^{c>rShU4s^-#Ll*HfR&9lwOiGLgcq~nzm z1(`GP;RIlf<*ksd;uO2=)H)y&;67a<$!x{0Vr#MFO;Bhz8qFu0=Wg|jsJ*W6?$2^9 z$A}eRP9vKAu0KvgBnodG@6hx~BQD8|Gm<`38dmn|c@l}NPKw$0X!Q<(RM86ClB8MD zpQ=ZsaTdW5Nc<#M90c}M4iZQ3|!aVoQR>#aYO(rqYU}8PI0ssgz z2s1@Rpc!)+KV8Q@^1C=Eex1I;o@s2oGHmD?8#}*5{wv9~mv`o&7+-eZm}XH31_kA8 zACFd@;|lkc{LQvVkfB_eT?m(?_>8)NSgKytS{zcn7YU}Js4Fx7U2cq@t${HwW61au zIWC8!FMbhBpOPFz^3)ASPZRwtX zHrP1jHY7<*(d&_a3j;8u{TPR|t5xt*`dv6?Q-)3m+TyoGyA!gGT?KsN2Y?9hUmwd5 z3EDeJWfa3m!5ES<{<|N@$AY$3v#_QB-GZIkRX@8`a?DZ z&e>j>#RcrXPbM_w8}+@sYJY(E0IrwZMbK%eg|)xFm(&bka6Ujc(^jRsFVDiYQ%4r| zFD*h;?6zcp#r%H)Hx0=0ViBvkK|5=760sx3v38@};MLiR54mC5QN@XsBMSh>*WJl7 zygEE$c=azck|fU|bs9p-rxprRbDt)Xgx=<+_uhb5a_i_5{k+LoVEKti+$b4ys+ZWk z#novFlv_`eXE~uW&?#+6Ua*|JC_}x)j5wBuWkES8)SluL04+~y%!(OuRJ60Rt2!ls ze=pi$2;Djv*#~B zZ*$WpKL^J{Lf+k-jth6RsP|}feA3S-JIHsQOUTLQpB+#Rgf}d;}oD}0u0FwPDou%3Jj@Do|9o5 z<{G6VZkxPwd+YAYv{6R*0RZD;Xc7j}Hfd!c@U@c}DWNNAt?>NmyrxZn*=s~slNdAc zO^M>5@5zF7&U##OqT?rgI9!Kh$;G63b4MqJWeva~%A7iT=U_qP>+bqGZ`fC2Xp!o? z%d=?o%8)k2(P6;QiaUbRYs%C+fN12-z=HS(#W8$F2kjXu?!cgLY{~-gUV&#P@^@qC z=@*Lgu>KjNWyr0XHLzWZYR9&#X+l1SMI-B1k++Q&1uY|@K&1R0p#F-g%D0Fw7`N4VkZNwMH}L%rQ!o+C2Ior<}xHmPq3*InuR+~V$kMn znTwLyKO07Vx%!2Nrn#VY>62W$f~X5e`&TYAQ!~(Z)LSUVb*JMP(scnNS*U!(4@8aQZT6w`N*NY zx1o=&U`ULQ1Eo;~E^lC?aX*N8IxRwTp@&Ir9f0z&61?+GdZIf zF*+%-lH{>--16!SDj`9a&e!8N z9b9gp2@O>=Yz=w&y{p-r(5xn>=_^qQMk6FAAAoXj(lQtAs5cKu8i4SQp=Rk6*C6|B zj&q>gwwxyNe;p`$i%qv6wsGk!xi6_{4zDS*3rB|-{+qm?s}M4R7gD41#+GU&%kTi! zj7@Hx4C&j|rnqKFy`~p1zdRAfu0g+qIYWIW=Y>h7z(D>OPBN?;DoBpklG zbo}z9Zz2&^lZ!e9K%%p*>q_c{Hmp{@l%;nznt|=yR9Zy{dD9n77JwYFNs(zKNpwqM zS%c2VRmtn^kj~eB8hPwTQ^~f=TVgdPa<~-Yq{ceH)@4$VmRA-UWKEw$vXDO6_>dS@@!bZDq_Z7QFxWfYP2NXT+PABox5 zOH1drmLz6ULfR@PV^VFUM6#_$WcUZ+^^4w;&O~KN1qa9tZb^!0dNt80+C1%Uk;M8_W(X8_p~kPXiGvemExxqVVF`qg(KLuRKy(io&< z4mvN_xNoRk07$ zJR}L1wIfwL;xg4xk;t4gBcPA06KOgsqiLkcH^&49oR36H;XTOf0eE`5+9YX_?YR$? zIE+5e5dgY&OJPVDKU48ab>|&0flOJ66PlIXLDLR-=;~es41XyDcvH+jzx~gQ4`jE&MZtq>3WxU6=jIK#BL<2IEJ%GlO zkfT+tXO=Y03lob|b>}J0_GKKoe56~Y2xwZn@(I_Y=)_WuL++yIHDv;$zVOCXqS2m# z_h$XA}lJ@jGX`W$U)|h6~2Bhvu zgn(Gnl%6wo&gJ+DK`ZJTtZE8CoXgT+!MU~iOwRa%4{9KJ7ulIuhBjpb31T^+S$yx| zCli0iOSi)F8yGC0MkCkBV0Dx7LY`9q%*X+NG`2W z01%*%6Pkr9B$saphLcWD?zPxG_<|k+qfVbaLv9$?GHRJRt2Hy?KlP3p<(1r9aGVv_ZmZf!CuJ#GNVJYV@RwIvVYz>ekD z`aM5wkU08tK0%pK5aRwW4Ksbq(q{4n6M>Tbw6^86ZA8OmEcK;z?y`fdWF^{Gk!z_f z3$VI*-yO}wDFDuC$*XR$q88}REl;>#ZA1n0;Xc_J==5z+-cUuUA`<|bxK*>xKq&R! z-w$ZD#?>dT5MmBU(C3GlNE?*bH>>s20nVF_Hs7aeL_^Ee@k))%0p%5A9mKV?Odape zfY$1zbhwtw81N!ipRXwZrU$HX6mhf|?^k!}?BL83y-oDZcK0@-57^g{5JC)X!`cH7 zWFj$gcQtXndGBpybDHEKlOIJbW>=wJ29cXBPGTp`5c zYs~V4M@l0HeC;>ydw&m@AR(k#Aa9$Jm?xhi2LM{%Q84@nv0mx)Sxo`xH!Qes-iDxm z?)iC>N42X>zF@^lbk{O++p&^?GV!9LwYx3Vn1VUS;j-PlKRvlb;DyxIze&mHN87aa z!CCkK;PCb1CwSOs8!pcR-D~E`TQ6G7AAC;$f_sMD>2hn&1>QN%%Y6FbXFn?hE@KcUC(h%Sdmqv= z7k%8@g;3}=Rce_Tw!-u05})V0gVLNOwcaj-r#OdTeHE)%6KUZ*|Kz;tLqh729w=AL zGpU%&X?iiHojRWui(OkOaqF-p!2D{QOMB6$)&TY}7T#i!ORHt>7L@UyIz^8m&L%m2 z;kqHM5`(g7OdVjzrMg+O*c_t0a%yZ7u?+7ul>&qC0Og4OP9u6pEHtd=!a7qc1n2Zh WtC*4zY8}Pb2;RV1Hkuz&rWF9UOzAWL literal 0 HcmV?d00001 diff --git a/mails/spf-dkim-dmarc.md b/mails/spf-dkim-dmarc.md new file mode 100644 index 0000000..0a3e7b2 --- /dev/null +++ b/mails/spf-dkim-dmarc.md @@ -0,0 +1,114 @@ +--- +title: Configurer les enregistrements DKIM, SPF et DMARC +description: Configurer les enregistrements DKIM, SPF et DMARC obligatoires pour l’email +published: true +date: 2021-08-13T19:51:19.840Z +tags: dkim, spf, dmarc +editor: markdown +dateCreated: 2021-08-13T15:37:16.763Z +--- + +> Article en cours de relecture +{.is-warning} + + +# Introduction + +Nous allons voir comment configurer la sainte trinité qui vous permettra d’être copain avec tous les antispam au monde. + +Les enregistrements DKIM, SPF et DMARC sont obligatoires de nos jours pour arriver dans la boite de réception et non dans les spams. + + +# L’enregistrement SPF + +L’enregistrement **SPF**, pour **Sender Policy Framework**, est un enregistrement tout bête qui permet d’indiquer au niveau des enregistrements DNS quels serveurs mails sont autorisés à envoyer des mails en votre nom. Rien d’autre. + +Le principe est très simple, l’enregistrement devrait l’être aussi. + + + +Ce que je vous conseille, et que normalement vous avez déjà, c’est d’avoir des enregistrements MX pour chacun de vos serveurs d’envoi d’email. + +Si vous avez ça, alors, l’enregistrement SPF sera le plus simple du monde. + + + +Vous faites simplement l’enregistrement suivant de type SPF (pour n’importe quel domaine) : + +```dns +v=spf1 mx -all +``` + + +La première partie, c’est la version de SPF, **mx** sert à indiquer que l’on doit se référer aux MX existants sur le domaine pour avoir le serveur d’envoi et le **-all** permets de rejeter tous les emails qui ne sont pas envoyés de vos serveurs. + +Alors ça c’est la version tout le monde il est beau, tout le monde il est content, en production, j’éviterais quand même. + + + +Personnellement, j’indique **MX**, au cas où on oublierait de modifier les DNS, mais je rajoute tous les enregistrements **A:** avec les enregistrements de mes serveurs. Aussi, il est possible que les enregistrements MX globaux soit mal traités par l’antispam de destination (problèmes software ou autre). + +Dernière chose, je remplace le **-all** par **~all**, ce qui permet de ne pas rejeter tout ce qui ne correspond pas en cas d’erreur légère sur le traitement du SPF (toujours si vous avez un antispam mal foutu de l’autre côté). + + + +En gros, l’enregistrement réel pour mon domaine c’est ça : +```dns +v=spf1 mx a:mx1.nicolas-simond.ch a:mx2.nicolas-simond.ch a:mx3.nicolas-simond.ch ~all +``` + +# L’enregistrement DKIM + +Je résume vite fait, **DKIM** ajoute une signature chiffrée dans chaque entête d’email sortant (et juste une partie de l’entête, pas la totalité). + +Cette signature, lorsque l’on réceptionne l’email permettra de savoir après déchiffrement si l’email a été altéré en cours de route. + + + +La mise en place de DKIM se fait dans votre serveur email avant se faire dans le DNS. +- Pour Exchange : https://www.abyssproject.net/2020/04/mettre-en-place-dkim-avec-exchange-2019/ +- Pour Office 365 : https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide +- Pour tout ce qui est basé sur Postfix (le reste en gros) : https://wiki.debian-fr.xyz/Opendkim + + + + +# L’enregistrement DMARC + +Le dernier concurrent pour la fin. Toujours de façon simple, **DMARC** permets d’indiquer dans vos DNS ce qui doit se passer au cas où un serveur mail de destination aurait un souci avec vos enregistrements SPF ou DKIM, histoire que vous soyez prévenu. + +Le côté maboulien du truc, c’est que vous pouvez indiquer depuis vos DNS de traiter tous VOS emails si jamais le destinataire n’arrive pas à valider votre SPF ou votre DKIM par exemple. + + + +Si vous ne voulez pas que vos emails arrivent en quarantaine, mais que vous voulez avoir des rapports en cas de soucis, alors créez une règle comme ceci : + +```dns +Enregistrement : _dmarc +Type : TXT +Contenu : "v=DMARC1;p=none;sp=none;pct=100;rua=mailto:dmarc@domaine.com" +``` + + +Comme pour le SPF, on commence par la version du protocole. + +- **P** et **SP** sont respectivement les actions à appliquer pour les emails non conformes aux enregistrements SPF/DKIM venant de votre domaine ou d’un sous-domaine (none, quarantine ou block). +- **PCT** c’est le pourcentage d’email qui tombent sous le coup de DMARC, on indique 100 pour filtrer tous les emails. +- **RUA** c’est l’adresse email qui recevra les rapports en cas de souci de conformité sur SPF et/ou DKIM. + + +# Test + +Attendez bien 30 minutes avant de vous lancer dans cette section. + +Selon votre hébergeur, cela pourrait même prendre jusqu’à 48h avec les propagations DNS. + +Rendez-vous sur https://www.mail-tester.com/, le site vous fournira une adresse mail, envoyez-y simplement un email de test depuis n’importe quelle adresse de votre Exchange et cliquez sur « Check your score ». + +Étendez la troisième rubrique et regardez tout ce qui est en rouge sur ma capture, vous devriez être pareil pour le DKIM, le SPF et le DMARC : + +![dkim-spf-dmarc.webp](/mails/dkim-spf-dmarc.webp) + +Si tout le reste est bien fait, vous devriez avoir 10/10. Si vous souhaitez regarder comment faire un Exchange de A à Z, voici les articles à voir : + +- https://www.abyssproject.net/2018/06/installation-de-exchange-2016-de-a-a-z-pour-un-nouveau-domaine/ diff --git a/opnsense/interfaces.md b/opnsense/interfaces.md new file mode 100644 index 0000000..8b4a3c9 --- /dev/null +++ b/opnsense/interfaces.md @@ -0,0 +1,12 @@ +--- +title: Configuration des interfaces sous OPNSense +description: Assignation des interfaces sur le hardware OPNSense +published: false +date: 2021-08-24T16:00:27.193Z +tags: opnsense, interfaces +editor: markdown +dateCreated: 2021-08-24T16:00:23.700Z +--- + +# ToDo +ToDo \ No newline at end of file diff --git a/windows/dfs-sysvol-sync-repair.md b/windows/dfs-sysvol-sync-repair.md new file mode 100644 index 0000000..951d161 --- /dev/null +++ b/windows/dfs-sysvol-sync-repair.md @@ -0,0 +1,12 @@ +--- +title: Réparer la synchronisation DFS du dossier SYSVOL +description: Réparer la synchronisation DFS du dossier SYSVOL après un crash de la synchronisation AD +published: false +date: 2021-08-24T16:03:06.716Z +tags: +editor: markdown +dateCreated: 2021-08-24T16:03:04.514Z +--- + +# ToDo +https://www.abyssproject.net/2018/11/reparer-la-synchronisation-dfs-du-dossier-sysvol/ \ No newline at end of file