From 2e3dc1aed24f731bf8895368c75c6b86e2f39557 Mon Sep 17 00:00:00 2001
From: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com>
Date: Sat, 6 Apr 2024 18:21:04 +0200
Subject: [PATCH 01/14] add Kubernetes files

---
 Unifi-Controller/kubernetes/README.md         |  14 ++
 Unifi-Controller/kubernetes/deployment.yaml   | 164 ++++++++++++++++++
 Unifi-Controller/kubernetes/ingress.yaml      |  39 +++++
 Unifi-Controller/kubernetes/init-mongo.js     |  10 ++
 .../kubernetes/namespaceAndSecret.yaml        |  19 ++
 5 files changed, 246 insertions(+)
 create mode 100644 Unifi-Controller/kubernetes/README.md
 create mode 100644 Unifi-Controller/kubernetes/deployment.yaml
 create mode 100644 Unifi-Controller/kubernetes/ingress.yaml
 create mode 100644 Unifi-Controller/kubernetes/init-mongo.js
 create mode 100644 Unifi-Controller/kubernetes/namespaceAndSecret.yaml

diff --git a/Unifi-Controller/kubernetes/README.md b/Unifi-Controller/kubernetes/README.md
new file mode 100644
index 0000000..9a64543
--- /dev/null
+++ b/Unifi-Controller/kubernetes/README.md
@@ -0,0 +1,14 @@
+# Deployment
+
+You can't just deploy the whole folder. You have to apply the files in the following order:
+
+1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´
+2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´
+3. Create two persistent volumes and two persistent volume claims in Longhorn
+
+- unifi-db
+- unifi-config
+
+4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´
+5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´
+6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons
diff --git a/Unifi-Controller/kubernetes/deployment.yaml b/Unifi-Controller/kubernetes/deployment.yaml
new file mode 100644
index 0000000..2bcdfc3
--- /dev/null
+++ b/Unifi-Controller/kubernetes/deployment.yaml
@@ -0,0 +1,164 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: unifi-controller
+    app.kubernetes.io/instance: unifi-controller
+  name: unifi-controller
+  namespace: unifi-controller
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: unifi-controller
+  template:
+    metadata:
+      labels:
+        app: unifi-controller
+    spec:
+      nodeSelector:
+        worker: "true"
+      containers:
+        - image: docker.io/mongo:7.0
+          imagePullPolicy: IfNotPresent
+          name: unifi-db
+          args: ["--dbpath", "/data/db"]
+          livenessProbe:
+            exec:
+              command:
+                - mongo
+                - --disableImplicitSessions
+                - --eval
+                - "db.adminCommand('ping')"
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            exec:
+              command:
+                - mongo
+                - --disableImplicitSessions
+                - --eval
+                - "db.adminCommand('ping')"
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          ports:
+            - containerPort: 27017
+              name: mongo
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /data/db
+              name: unifi-db
+            - name: "init-database"
+              mountPath: "/docker-entrypoint-initdb.d/"
+        - image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36
+          imagePullPolicy: IfNotPresent
+          name: unifi-controller
+          envFrom:
+            - secretRef:
+                name: unifi-env
+          env:
+            - name: MONGO_HOST
+              value: "localhost"
+            - name: MONGO_PORT
+              value: "27017"
+          volumeMounts:
+            - mountPath: /config
+              name: unifi-config
+          ports:
+            - containerPort: 8443
+              name: web
+              protocol: TCP
+            - containerPort: 3478
+              name: stun
+              protocol: UDP
+            - containerPort: 1001
+              name: discovery
+              protocol: UDP
+            - containerPort: 8080
+              name: communication
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 2
+              memory: 1Gi
+            requests:
+              cpu: 200m
+              memory: 256Mi
+          livenessProbe:
+            tcpSocket:
+              port: communication
+            initialDelaySeconds: 60
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /
+              port: web
+            initialDelaySeconds: 30
+            periodSeconds: 10
+      volumes:
+        - name: unifi-db
+          persistentVolumeClaim:
+            claimName: unifi-db
+        - name: unifi-config
+          persistentVolumeClaim:
+            claimName: unifi-config
+        - name: "init-database"
+          configMap:
+            name: create-db-configmap
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-tcp
+  namespace: unifi-controller
+  annotations:
+    metallb.universe.tf/allow-shared-ip: unifi-controller
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
+  ports:
+    - name: web
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+    - name: communication
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: unifi-controller
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-udp
+  namespace: unifi-controller
+  annotations:
+    metallb.universe.tf/allow-shared-ip: unifi-controller
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
+  ports:
+    - name: stun
+      protocol: UDP
+      port: 3478
+      targetPort: 3478
+    - name: discovery
+      protocol: UDP
+      port: 10001
+      targetPort: 10001
+  selector:
+    app: unifi-controller
diff --git a/Unifi-Controller/kubernetes/ingress.yaml b/Unifi-Controller/kubernetes/ingress.yaml
new file mode 100644
index 0000000..171cf64
--- /dev/null
+++ b/Unifi-Controller/kubernetes/ingress.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: unifi-controller
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: unifi-controller
+  namespace: unifi-controller
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`unifi.yourdomain.com`) # change to your domain
+      kind: Rule
+      services:
+        - name: unifi-tcp
+          port: 8443
+          scheme: https
+      middlewares:
+        - name: default-headers
+  tls:
+    secretName: ffth-tls # change to your cert name
diff --git a/Unifi-Controller/kubernetes/init-mongo.js b/Unifi-Controller/kubernetes/init-mongo.js
new file mode 100644
index 0000000..a278b10
--- /dev/null
+++ b/Unifi-Controller/kubernetes/init-mongo.js
@@ -0,0 +1,10 @@
+db.getSiblingDB("unifi").createUser({
+  user: "unifi",
+  pwd: "5nHgg3G0cH9d",
+  roles: [{ role: "dbOwner", db: "unifi" }],
+});
+db.getSiblingDB("unifi_stat").createUser({
+  user: "unifi",
+  pwd: "5nHgg3G0cH9d",
+  roles: [{ role: "dbOwner", db: "unifi_stat" }],
+});
diff --git a/Unifi-Controller/kubernetes/namespaceAndSecret.yaml b/Unifi-Controller/kubernetes/namespaceAndSecret.yaml
new file mode 100644
index 0000000..1f8492d
--- /dev/null
+++ b/Unifi-Controller/kubernetes/namespaceAndSecret.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: unifi-controller
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: unifi-env
+  namespace: unifi-controller
+type: Opaque
+stringData:
+  PUID: "1000"
+  PGID: "1000"
+  TZ: "Europe/London"
+  MONGO_USER: "unifi"
+  MONGO_PASS: "5nHgg3G0cH9d"
+  MONGO_DBNAME: unifi

From 35f97d56a590c31a29063c3bc22a581fcb383d09 Mon Sep 17 00:00:00 2001
From: tehNooB <125163838+JamesTurland@users.noreply.github.com>
Date: Sun, 7 Apr 2024 10:08:32 +0100
Subject: [PATCH 02/14] Create docker-compose.yaml

---
 Deconz/docker-compose.yaml | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 Deconz/docker-compose.yaml

diff --git a/Deconz/docker-compose.yaml b/Deconz/docker-compose.yaml
new file mode 100644
index 0000000..add899c
--- /dev/null
+++ b/Deconz/docker-compose.yaml
@@ -0,0 +1,30 @@
+version: "3"
+services:
+  deconz:
+    image: deconzcommunity/deconz:latest
+    container_name: deconz
+    restart: unless-stopped
+    ports:
+      - '8002:8002'
+      - '5443:5443'
+      - '5900:5900'
+    volumes:
+      - /home/ubuntu/docker/deconz:/opt/deCONZ
+      - /home/ubuntu/docker/deconz/otau:/root/otau
+    devices:
+      - /dev/ttyACM0:/dev/ttyACM0
+    environment:
+      - DECONZ_DEVICE=/dev/ttyACM0
+      - DECONZ_WEB_PORT=8002
+      - DECONZ_WS_PORT=5443
+      - DEBUG_INFO=1
+      - DEBUG_APS=0
+      - DEBUG_ZCL=0
+      - DEBUG_ZDP=0
+      - DEBUG_OTAU=0
+      - DECONZ_VNC_MODE=1
+      - DECONZ_VNC_PORT=5900
+      - DECONZ_VNC_PASSWORD=password
+      - TZ=Europe/London
+    security_opt:
+      - no-new-privileges:true

From de6d7928a9c018972df864173b8e97b35e6db1da Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Sun, 7 Apr 2024 21:35:20 +0100
Subject: [PATCH 03/14] update

---
 GPU_passthrough/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/GPU_passthrough/readme.md b/GPU_passthrough/readme.md
index 46c047b..8c29059 100644
--- a/GPU_passthrough/readme.md
+++ b/GPU_passthrough/readme.md
@@ -34,7 +34,7 @@ Then, save and exit
 
 Verify the modules are enabled with `dmesg | grep -i vfio` and checking the driver version line is present
 
-8) GPU Isolation From the Host (amend the below to include the IDs of the device you want to isolate)
+7) GPU Isolation From the Host (amend the below to include the IDs of the device you want to isolate)
 
 `echo "options vfio-pci ids=10de:1381,10de:0fbc disable_vga=1" > /etc/modprobe.d/vfio.conf`
 

From ef0f115cac22b5910a4da95fcf2474a77f1a864f Mon Sep 17 00:00:00 2001
From: Ricardo Wagner <53792450+Ricardowec51@users.noreply.github.com>
Date: Tue, 9 Apr 2024 12:58:08 -0500
Subject: [PATCH 04/14] Update kube-vip

---
 Kubernetes/K3S-Deploy/kube-vip | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Kubernetes/K3S-Deploy/kube-vip b/Kubernetes/K3S-Deploy/kube-vip
index 83dcbc5..bdf7061 100644
--- a/Kubernetes/K3S-Deploy/kube-vip
+++ b/Kubernetes/K3S-Deploy/kube-vip
@@ -4,7 +4,7 @@ metadata:
   creationTimestamp: null
   labels:
     app.kubernetes.io/name: kube-vip-ds
-    app.kubernetes.io/version: v0.6.3
+    app.kubernetes.io/version: v0.7.2
   name: kube-vip-ds
   namespace: kube-system
 spec:
@@ -16,7 +16,7 @@ spec:
       creationTimestamp: null
       labels:
         app.kubernetes.io/name: kube-vip-ds
-        app.kubernetes.io/version: v0.6.3
+        app.kubernetes.io/version: v0.7.2
     spec:
       affinity:
         nodeAffinity:

From 118e9bb567c469715680e486cd5dabf79bb1c136 Mon Sep 17 00:00:00 2001
From: tehNooB <125163838+JamesTurland@users.noreply.github.com>
Date: Tue, 9 Apr 2024 23:42:35 +0100
Subject: [PATCH 05/14] Create Update-Playbook.yaml

---
 .../Multi-OS-Update/Update-Playbook.yaml      | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 Ansible/Playbooks/Multi-OS-Update/Update-Playbook.yaml

diff --git a/Ansible/Playbooks/Multi-OS-Update/Update-Playbook.yaml b/Ansible/Playbooks/Multi-OS-Update/Update-Playbook.yaml
new file mode 100644
index 0000000..62275fc
--- /dev/null
+++ b/Ansible/Playbooks/Multi-OS-Update/Update-Playbook.yaml
@@ -0,0 +1,57 @@
+---
+- name: Update Windows, Arch Linux, and Ubuntu
+  hosts: all
+  tasks:
+    - name: Gather facts
+      ansible.builtin.setup:
+
+    - name: Update Windows
+      when: ansible_facts['os_family'] == 'Windows'
+      ansible.windows.win_updates:
+        category_names:
+          - SecurityUpdates
+          - UpdateRollups
+          - CriticalUpdates
+        state: installed
+      register: win_update_result
+
+    - name: Check if Windows requires a reboot
+      when: win_update_result.changed and win_update_result.reboot_required | default(false)
+      ansible.windows.win_reboot:
+        reboot_timeout: 600
+      register: win_reboot_result
+
+    - name: Update Arch Linux
+      when: ansible_facts['os_family'] == 'Arch'
+      community.general.pacman:
+        update_cache: true
+        upgrade: true
+      register: arch_update_result
+
+    - name: Check if Arch Linux requires a reboot
+      when: ansible_facts['os_family'] == 'Arch' and arch_update_result.changed
+      ansible.builtin.stat:
+        path: /run/reboot-required
+      register: arch_reboot_required
+
+    - name: Reboot Arch Linux if required
+      when: arch_reboot_required.stat.exists | default(false)
+      ansible.builtin.reboot:
+        reboot_timeout: 600
+
+    - name: Update Ubuntu
+      when: ansible_facts['os_family'] == 'Debian'
+      ansible.builtin.apt:
+        upgrade: dist
+        update_cache: true
+
+    - name: Check if a reboot is required on Ubuntu
+      when: ansible_facts['os_family'] == 'Debian'
+      ansible.builtin.stat:
+        path: /var/run/reboot-required
+      register: ubuntu_reboot_required
+
+    - name: Reboot Ubuntu if required
+      when: ubuntu_reboot_required.stat.exists | default(false)
+      ansible.builtin.reboot:
+        reboot_timeout: 600

From 5879820fa1bdf324bafa13778f1a2259bcdb0139 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Thu, 11 Apr 2024 17:01:28 +0100
Subject: [PATCH 06/14] update

---
 Ansible/Playbooks/Multi-OS-Update/inventory.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 Ansible/Playbooks/Multi-OS-Update/inventory.yaml

diff --git a/Ansible/Playbooks/Multi-OS-Update/inventory.yaml b/Ansible/Playbooks/Multi-OS-Update/inventory.yaml
new file mode 100644
index 0000000..a7632b8
--- /dev/null
+++ b/Ansible/Playbooks/Multi-OS-Update/inventory.yaml
@@ -0,0 +1,14 @@
+arch:
+  hosts:
+    arch01:
+      ansible_host: 192.168.200.214
+      ansible_user: 'root'
+      ansible_python_interpreter: /usr/bin/python3
+
+docker:
+  hosts:
+    docker01:
+      ansible_host: 192.168.200.50
+      ansible_user: 'ubuntu'
+      ansible_become: true
+      ansible_become_method: sudo
\ No newline at end of file

From 65b770a78e739add0fb4a1e6587455a3b2feedd7 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Wed, 17 Apr 2024 14:45:23 +0100
Subject: [PATCH 07/14] DIUN

---
 DIUN/docker-compose.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 DIUN/docker-compose.yaml

diff --git a/DIUN/docker-compose.yaml b/DIUN/docker-compose.yaml
new file mode 100644
index 0000000..6c30657
--- /dev/null
+++ b/DIUN/docker-compose.yaml
@@ -0,0 +1,34 @@
+version: "3.5"
+
+services:
+  diun:
+    image: crazymax/diun:latest
+    container_name: diun
+    command: serve
+    volumes:
+      - "/home/ubuntu/diun/data:/data"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    environment:
+      - "TZ=Europe/London"
+      - "LOG_LEVEL=info"
+      - "DIUN_WATCH_WORKERS=20"
+      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
+      - "DIUN_WATCH_JITTER=30s"
+      - "DIUN_WATCH_RUNONSTARTUP=true"
+      - "DIUN_PROVIDERS_DOCKER=true"
+      - "DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true"
+
+      - "DIUN_NOTIF_GOTIFY_ENDPOINT=https://gotify.jimsgarage.co.uk"
+      - "DIUN_NOTIF_GOTIFY_TOKEN=AYgfdfQaRk3Pb1x" # get your token from Gotify UI
+      - "DIUN_NOTIF_GOTIFY_PRIORITY=1"
+      - "DIUN_NOTIF_GOTIFY_TIMEOUT=10s"
+
+      - "DIUN_NOTIF_DISCORD_WEBHOOKURL=https://discord.com/api/webhooks/1230110122752217159/OWcRAUUbT3QFUSs3z35TCD9dUkM26PH0iNY1RNdgqlzoAMC81SZM_iwQ5wuyY8cyFoqL" # change to your webhook
+      # - "DIUN_NOTIF_DISCORD_MENTIONS" # (comma separated)
+      - "DIUN_NOTIF_DISCORD_RENDERFIELDS=true"
+      - "DIUN_NOTIF_DISCORD_TIMEOUT=10s"
+      # - "DIUN_NOTIF_DISCORD_TEMPLATEBODY"
+
+    labels:
+      - "diun.enable=true"
+    restart: always

From a4db4bca621c209061e65424a950b8648189a63c Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Sun, 21 Apr 2024 00:04:35 +0100
Subject: [PATCH 08/14] mosquitto

---
 Mosquitto/conf                | 904 ++++++++++++++++++++++++++++++++++
 Mosquitto/docker-compose.yaml |  19 +
 Mosquitto/mosquitto.conf      |   8 +
 3 files changed, 931 insertions(+)
 create mode 100644 Mosquitto/conf
 create mode 100644 Mosquitto/docker-compose.yaml
 create mode 100644 Mosquitto/mosquitto.conf

diff --git a/Mosquitto/conf b/Mosquitto/conf
new file mode 100644
index 0000000..e691880
--- /dev/null
+++ b/Mosquitto/conf
@@ -0,0 +1,904 @@
+# Config file for mosquitto
+#
+# See mosquitto.conf(5) for more information.
+#
+# Default values are shown, uncomment to change.
+#
+# Use the # character to indicate a comment, but only if it is the
+# very first character on the line.
+
+# =================================================================
+# General configuration
+# =================================================================
+
+# Use per listener security settings.
+#
+# It is recommended this option be set before any other options.
+#
+# If this option is set to true, then all authentication and access control
+# options are controlled on a per listener basis. The following options are
+# affected:
+#
+# acl_file
+# allow_anonymous
+# allow_zero_length_clientid
+# auto_id_prefix
+# password_file
+# plugin
+# plugin_opt_*
+# psk_file
+#
+# Note that if set to true, then a durable client (i.e. with clean session set
+# to false) that has disconnected will use the ACL settings defined for the
+# listener that it was most recently connected to.
+#
+# The default behaviour is for this to be set to false, which maintains the
+# setting behaviour from previous versions of mosquitto.
+#per_listener_settings false
+
+
+# This option controls whether a client is allowed to connect with a zero
+# length client id or not. This option only affects clients using MQTT v3.1.1
+# and later. If set to false, clients connecting with a zero length client id
+# are disconnected. If set to true, clients will be allocated a client id by
+# the broker. This means it is only useful for clients with clean session set
+# to true.
+#allow_zero_length_clientid true
+
+# If allow_zero_length_clientid is true, this option allows you to set a prefix
+# to automatically generated client ids to aid visibility in logs.
+# Defaults to 'auto-'
+#auto_id_prefix auto-
+
+# This option affects the scenario when a client subscribes to a topic that has
+# retained messages. It is possible that the client that published the retained
+# message to the topic had access at the time they published, but that access
+# has been subsequently removed. If check_retain_source is set to true, the
+# default, the source of a retained message will be checked for access rights
+# before it is republished. When set to false, no check will be made and the
+# retained message will always be published. This affects all listeners.
+#check_retain_source true
+
+# QoS 1 and 2 messages will be allowed inflight per client until this limit
+# is exceeded.  Defaults to 0. (No maximum)
+# See also max_inflight_messages
+#max_inflight_bytes 0
+
+# The maximum number of QoS 1 and 2 messages currently inflight per
+# client.
+# This includes messages that are partway through handshakes and
+# those that are being retried. Defaults to 20. Set to 0 for no
+# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
+# and 2 messages.
+#max_inflight_messages 20
+
+# For MQTT v5 clients, it is possible to have the server send a "server
+# keepalive" value that will override the keepalive value set by the client.
+# This is intended to be used as a mechanism to say that the server will
+# disconnect the client earlier than it anticipated, and that the client should
+# use the new keepalive value. The max_keepalive option allows you to specify
+# that clients may only connect with keepalive less than or equal to this
+# value, otherwise they will be sent a server keepalive telling them to use
+# max_keepalive. This only applies to MQTT v5 clients. The default, and maximum
+# value allowable, is 65535.
+#
+# Set to 0 to allow clients to set keepalive = 0, which means no keepalive
+# checks are made and the client will never be disconnected by the broker if no
+# messages are received. You should be very sure this is the behaviour that you
+# want.
+#
+# For MQTT v3.1.1 and v3.1 clients, there is no mechanism to tell the client
+# what keepalive value they should use. If an MQTT v3.1.1 or v3.1 client
+# specifies a keepalive time greater than max_keepalive they will be sent a
+# CONNACK message with the "identifier rejected" reason code, and disconnected.
+#
+#max_keepalive 65535
+
+# For MQTT v5 clients, it is possible to have the server send a "maximum packet
+# size" value that will instruct the client it will not accept MQTT packets
+# with size greater than max_packet_size bytes. This applies to the full MQTT
+# packet, not just the payload. Setting this option to a positive value will
+# set the maximum packet size to that number of bytes. If a client sends a
+# packet which is larger than this value, it will be disconnected. This applies
+# to all clients regardless of the protocol version they are using, but v3.1.1
+# and earlier clients will of course not have received the maximum packet size
+# information. Defaults to no limit. Setting below 20 bytes is forbidden
+# because it is likely to interfere with ordinary client operation, even with
+# very small payloads.
+#max_packet_size 0
+
+# QoS 1 and 2 messages above those currently in-flight will be queued per
+# client until this limit is exceeded.  Defaults to 0. (No maximum)
+# See also max_queued_messages.
+# If both max_queued_messages and max_queued_bytes are specified, packets will
+# be queued until the first limit is reached.
+#max_queued_bytes 0
+
+# Set the maximum QoS supported. Clients publishing at a QoS higher than
+# specified here will be disconnected.
+#max_qos 2
+
+# The maximum number of QoS 1 and 2 messages to hold in a queue per client
+# above those that are currently in-flight.  Defaults to 1000. Set
+# to 0 for no maximum (not recommended).
+# See also queue_qos0_messages.
+# See also max_queued_bytes.
+#max_queued_messages 1000
+#
+# This option sets the maximum number of heap memory bytes that the broker will
+# allocate, and hence sets a hard limit on memory use by the broker.  Memory
+# requests that exceed this value will be denied. The effect will vary
+# depending on what has been denied. If an incoming message is being processed,
+# then the message will be dropped and the publishing client will be
+# disconnected. If an outgoing message is being sent, then the individual
+# message will be dropped and the receiving client will be disconnected.
+# Defaults to no limit.
+#memory_limit 0
+
+# This option sets the maximum publish payload size that the broker will allow.
+# Received messages that exceed this size will not be accepted by the broker.
+# The default value is 0, which means that all valid MQTT messages are
+# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
+#message_size_limit 0
+
+# This option allows the session of persistent clients (those with clean
+# session set to false) that are not currently connected to be removed if they
+# do not reconnect within a certain time frame. This is a non-standard option
+# in MQTT v3.1. MQTT v3.1.1 and v5.0 allow brokers to remove client sessions.
+#
+# Badly designed clients may set clean session to false whilst using a randomly
+# generated client id. This leads to persistent clients that connect once and
+# never reconnect. This option allows these clients to be removed.  This option
+# allows persistent clients (those with clean session set to false) to be
+# removed if they do not reconnect within a certain time frame.
+#
+# The expiration period should be an integer followed by one of h d w m y for
+# hour, day, week, month and year respectively. For example
+#
+# persistent_client_expiration 2m
+# persistent_client_expiration 14d
+# persistent_client_expiration 1y
+#
+# The default if not set is to never expire persistent clients.
+#persistent_client_expiration
+
+# Write process id to a file. Default is a blank string which means
+# a pid file shouldn't be written.
+# This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
+# being run automatically on boot with an init script and
+# start-stop-daemon or similar.
+#pid_file
+
+# Set to true to queue messages with QoS 0 when a persistent client is
+# disconnected. These messages are included in the limit imposed by
+# max_queued_messages and max_queued_bytes
+# Defaults to false.
+# This is a non-standard option for the MQTT v3.1 spec but is allowed in
+# v3.1.1.
+#queue_qos0_messages false
+
+# Set to false to disable retained message support. If a client publishes a
+# message with the retain bit set, it will be disconnected if this is set to
+# false.
+#retain_available true
+
+# Disable Nagle's algorithm on client sockets. This has the effect of reducing
+# latency of individual messages at the potential cost of increasing the number
+# of packets being sent.
+#set_tcp_nodelay false
+
+# Time in seconds between updates of the $SYS tree.
+# Set to 0 to disable the publishing of the $SYS tree.
+#sys_interval 10
+
+# The MQTT specification requires that the QoS of a message delivered to a
+# subscriber is never upgraded to match the QoS of the subscription. Enabling
+# this option changes this behaviour. If upgrade_outgoing_qos is set true,
+# messages sent to a subscriber will always match the QoS of its subscription.
+# This is a non-standard option explicitly disallowed by the spec.
+#upgrade_outgoing_qos false
+
+# When run as root, drop privileges to this user and its primary
+# group.
+# Set to root to stay as root, but this is not recommended.
+# If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
+# then it will drop privileges to the "nobody" user instead.
+# If run as a non-root user, this setting has no effect.
+# Note that on Windows this has no effect and so mosquitto should be started by
+# the user you wish it to run as.
+#user mosquitto
+
+# =================================================================
+# Listeners
+# =================================================================
+
+# Listen on a port/ip address combination. By using this variable
+# multiple times, mosquitto can listen on more than one port. If
+# this variable is used and neither bind_address nor port given,
+# then the default listener will not be started.
+# The port number to listen on must be given. Optionally, an ip
+# address or host name may be supplied as a second argument. In
+# this case, mosquitto will attempt to bind the listener to that
+# address and so restrict access to the associated network and
+# interface. By default, mosquitto will listen on all interfaces.
+# Note that for a websockets listener it is not possible to bind to a host
+# name.
+#
+# On systems that support Unix Domain Sockets, it is also possible
+# to create a # Unix socket rather than opening a TCP socket. In
+# this case, the port number should be set to 0 and a unix socket
+# path must be provided, e.g.
+# listener 0 /tmp/mosquitto.sock
+#
+# listener port-number [ip address/host name/unix socket path]
+#listener
+
+# By default, a listener will attempt to listen on all supported IP protocol
+# versions. If you do not have an IPv4 or IPv6 interface you may wish to
+# disable support for either of those protocol versions. In particular, note
+# that due to the limitations of the websockets library, it will only ever
+# attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
+# if IPv6 is not available.
+#
+# Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
+# force the listener to only use IPv6. If you want support for both IPv4 and
+# IPv6, then do not use the socket_domain option.
+#
+#socket_domain
+
+# Bind the listener to a specific interface. This is similar to
+# the [ip address/host name] part of the listener definition, but is useful
+# when an interface has multiple addresses or the address may change. If used
+# with the [ip address/host name] part of the listener definition, then the
+# bind_interface option will take priority.
+# Not available on Windows.
+#
+# Example: bind_interface eth0
+#bind_interface
+
+# When a listener is using the websockets protocol, it is possible to serve
+# http data as well. Set http_dir to a directory which contains the files you
+# wish to serve. If this option is not specified, then no normal http
+# connections will be possible.
+#http_dir
+
+# The maximum number of client connections to allow. This is
+# a per listener setting.
+# Default is -1, which means unlimited connections.
+# Note that other process limits mean that unlimited connections
+# are not really possible. Typically the default maximum number of
+# connections possible is around 1024.
+#max_connections -1
+
+# The listener can be restricted to operating within a topic hierarchy using
+# the mount_point option. This is achieved be prefixing the mount_point string
+# to all topics for any clients connected to this listener. This prefixing only
+# happens internally to the broker; the client will not see the prefix.
+#mount_point
+
+# Choose the protocol to use when listening.
+# This can be either mqtt or websockets.
+# Certificate based TLS may be used with websockets, except that only the
+# cafile, certfile, keyfile, ciphers, and ciphers_tls13 options are supported.
+#protocol mqtt
+
+# Set use_username_as_clientid to true to replace the clientid that a client
+# connected with with its username. This allows authentication to be tied to
+# the clientid, which means that it is possible to prevent one client
+# disconnecting another by using the same clientid.
+# If a client connects with no username it will be disconnected as not
+# authorised when this option is set to true.
+# Do not use in conjunction with clientid_prefixes.
+# See also use_identity_as_username.
+# This does not apply globally, but on a per-listener basis.
+#use_username_as_clientid
+
+# Change the websockets headers size. This is a global option, it is not
+# possible to set per listener. This option sets the size of the buffer used in
+# the libwebsockets library when reading HTTP headers. If you are passing large
+# header data such as cookies then you may need to increase this value. If left
+# unset, or set to 0, then the default of 1024 bytes will be used.
+#websockets_headers_size
+
+# -----------------------------------------------------------------
+# Certificate based SSL/TLS support
+# -----------------------------------------------------------------
+# The following options can be used to enable certificate based SSL/TLS support
+# for this listener. Note that the recommended port for MQTT over TLS is 8883,
+# but this must be set manually.
+#
+# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
+# support" section. Only one of certificate or PSK encryption support can be
+# enabled for any listener.
+
+# Both of certfile and keyfile must be defined to enable certificate based
+# TLS encryption.
+
+# Path to the PEM encoded server certificate.
+#certfile
+
+# Path to the PEM encoded keyfile.
+#keyfile
+
+# If you wish to control which encryption ciphers are used, use the ciphers
+# option. The list of available ciphers can be optained using the "openssl
+# ciphers" command and should be provided in the same format as the output of
+# that command. This applies to TLS 1.2 and earlier versions only. Use
+# ciphers_tls1.3 for TLS v1.3.
+#ciphers
+
+# Choose which TLS v1.3 ciphersuites are used for this listener.
+# Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+#ciphers_tls1.3
+
+# If you have require_certificate set to true, you can create a certificate
+# revocation list file to revoke access to particular client certificates. If
+# you have done this, use crlfile to point to the PEM encoded revocation file.
+#crlfile
+
+# To allow the use of ephemeral DH key exchange, which provides forward
+# security, the listener must load DH parameters. This can be specified with
+# the dhparamfile option. The dhparamfile can be generated with the command
+# e.g. "openssl dhparam -out dhparam.pem 2048"
+#dhparamfile
+
+# By default an TLS enabled listener will operate in a similar fashion to a
+# https enabled web server, in that the server has a certificate signed by a CA
+# and the client will verify that it is a trusted certificate. The overall aim
+# is encryption of the network traffic. By setting require_certificate to true,
+# the client must provide a valid certificate in order for the network
+# connection to proceed. This allows access to the broker to be controlled
+# outside of the mechanisms provided by MQTT.
+#require_certificate false
+
+# cafile and capath define methods of accessing the PEM encoded
+# Certificate Authority certificates that will be considered trusted when
+# checking incoming client certificates.
+# cafile defines the path to a file containing the CA certificates.
+# capath defines a directory that will be searched for files
+# containing the CA certificates. For capath to work correctly, the
+# certificate files must have ".crt" as the file ending and you must run
+# "openssl rehash <path to capath>" each time you add/remove a certificate.
+#cafile
+#capath
+
+
+# If require_certificate is true, you may set use_identity_as_username to true
+# to use the CN value from the client certificate as a username. If this is
+# true, the password_file option will not be used for this listener.
+#use_identity_as_username false
+
+# -----------------------------------------------------------------
+# Pre-shared-key based SSL/TLS support
+# -----------------------------------------------------------------
+# The following options can be used to enable PSK based SSL/TLS support for
+# this listener. Note that the recommended port for MQTT over TLS is 8883, but
+# this must be set manually.
+#
+# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
+# support" section. Only one of certificate or PSK encryption support can be
+# enabled for any listener.
+
+# The psk_hint option enables pre-shared-key support for this listener and also
+# acts as an identifier for this listener. The hint is sent to clients and may
+# be used locally to aid authentication. The hint is a free form string that
+# doesn't have much meaning in itself, so feel free to be creative.
+# If this option is provided, see psk_file to define the pre-shared keys to be
+# used or create a security plugin to handle them.
+#psk_hint
+
+# When using PSK, the encryption ciphers used will be chosen from the list of
+# available PSK ciphers. If you want to control which ciphers are available,
+# use the "ciphers" option.  The list of available ciphers can be optained
+# using the "openssl ciphers" command and should be provided in the same format
+# as the output of that command.
+#ciphers
+
+# Set use_identity_as_username to have the psk identity sent by the client used
+# as its username. Authentication will be carried out using the PSK rather than
+# the MQTT username/password and so password_file will not be used for this
+# listener.
+#use_identity_as_username false
+
+
+# =================================================================
+# Persistence
+# =================================================================
+
+# If persistence is enabled, save the in-memory database to disk
+# every autosave_interval seconds. If set to 0, the persistence
+# database will only be written when mosquitto exits. See also
+# autosave_on_changes.
+# Note that writing of the persistence database can be forced by
+# sending mosquitto a SIGUSR1 signal.
+#autosave_interval 1800
+
+# If true, mosquitto will count the number of subscription changes, retained
+# messages received and queued messages and if the total exceeds
+# autosave_interval then the in-memory database will be saved to disk.
+# If false, mosquitto will save the in-memory database to disk by treating
+# autosave_interval as a time in seconds.
+#autosave_on_changes false
+
+# Save persistent message data to disk (true/false).
+# This saves information about all messages, including
+# subscriptions, currently in-flight messages and retained
+# messages.
+# retained_persistence is a synonym for this option.
+#persistence false
+
+# The filename to use for the persistent database, not including
+# the path.
+#persistence_file mosquitto.db
+
+# Location for persistent database.
+# Default is an empty string (current directory).
+# Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
+# similar.
+#persistence_location
+
+
+# =================================================================
+# Logging
+# =================================================================
+
+# Places to log to. Use multiple log_dest lines for multiple
+# logging destinations.
+# Possible destinations are: stdout stderr syslog topic file dlt
+#
+# stdout and stderr log to the console on the named output.
+#
+# syslog uses the userspace syslog facility which usually ends up
+# in /var/log/messages or similar.
+#
+# topic logs to the broker topic '$SYS/broker/log/<severity>',
+# where severity is one of D, E, W, N, I, M which are debug, error,
+# warning, notice, information and message. Message type severity is used by
+# the subscribe/unsubscribe log_types and publishes log messages to
+# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
+#
+# The file destination requires an additional parameter which is the file to be
+# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
+# closed and reopened when the broker receives a HUP signal. Only a single file
+# destination may be configured.
+#
+# The dlt destination is for the automotive `Diagnostic Log and Trace` tool.
+# This requires that Mosquitto has been compiled with DLT support.
+#
+# Note that if the broker is running as a Windows service it will default to
+# "log_dest none" and neither stdout nor stderr logging is available.
+# Use "log_dest none" if you wish to disable logging.
+#log_dest stderr
+
+# Types of messages to log. Use multiple log_type lines for logging
+# multiple types of messages.
+# Possible types are: debug, error, warning, notice, information,
+# none, subscribe, unsubscribe, websockets, all.
+# Note that debug type messages are for decoding the incoming/outgoing
+# network packets. They are not logged in "topics".
+#log_type error
+#log_type warning
+#log_type notice
+#log_type information
+
+
+# If set to true, client connection and disconnection messages will be included
+# in the log.
+#connection_messages true
+
+# If using syslog logging (not on Windows), messages will be logged to the
+# "daemon" facility by default. Use the log_facility option to choose which of
+# local0 to local7 to log to instead. The option value should be an integer
+# value, e.g. "log_facility 5" to use local5.
+#log_facility
+
+# If set to true, add a timestamp value to each log message.
+#log_timestamp true
+
+# Set the format of the log timestamp. If left unset, this is the number of
+# seconds since the Unix epoch.
+# This is a free text string which will be passed to the strftime function. To
+# get an ISO 8601 datetime, for example:
+# log_timestamp_format %Y-%m-%dT%H:%M:%S
+#log_timestamp_format
+
+# Change the websockets logging level. This is a global option, it is not
+# possible to set per listener. This is an integer that is interpreted by
+# libwebsockets as a bit mask for its lws_log_levels enum. See the
+# libwebsockets documentation for more details. "log_type websockets" must also
+# be enabled.
+#websockets_log_level 0
+
+
+# =================================================================
+# Security
+# =================================================================
+
+# If set, only clients that have a matching prefix on their
+# clientid will be allowed to connect to the broker. By default,
+# all clients may connect.
+# For example, setting "secure-" here would mean a client "secure-
+# client" could connect but another with clientid "mqtt" couldn't.
+#clientid_prefixes
+
+# Boolean value that determines whether clients that connect
+# without providing a username are allowed to connect. If set to
+# false then a password file should be created (see the
+# password_file option) to control authenticated client access.
+#
+# Defaults to false, unless there are no listeners defined in the configuration
+# file, in which case it is set to true, but connections are only allowed from
+# the local machine.
+#allow_anonymous false
+
+# -----------------------------------------------------------------
+# Default authentication and topic access control
+# -----------------------------------------------------------------
+
+# Control access to the broker using a password file. This file can be
+# generated using the mosquitto_passwd utility. If TLS support is not compiled
+# into mosquitto (it is recommended that TLS support should be included) then
+# plain text passwords are used, in which case the file should be a text file
+# with lines in the format:
+# username:password
+# The password (and colon) may be omitted if desired, although this
+# offers very little in the way of security.
+#
+# See the TLS client require_certificate and use_identity_as_username options
+# for alternative authentication options. If a plugin is used as well as
+# password_file, the plugin check will be made first.
+#password_file
+
+# Access may also be controlled using a pre-shared-key file. This requires
+# TLS-PSK support and a listener configured to use it. The file should be text
+# lines in the format:
+# identity:key
+# The key should be in hexadecimal format without a leading "0x".
+# If an plugin is used as well, the plugin check will be made first.
+#psk_file
+
+# Control access to topics on the broker using an access control list
+# file. If this parameter is defined then only the topics listed will
+# have access.
+# If the first character of a line of the ACL file is a # it is treated as a
+# comment.
+# Topic access is added with lines of the format:
+#
+# topic [read|write|readwrite|deny] <topic>
+#
+# The access type is controlled using "read", "write", "readwrite" or "deny".
+# This parameter is optional (unless <topic> contains a space character) - if
+# not given then the access is read/write.  <topic> can contain the + or #
+# wildcards as in subscriptions.
+#
+# The "deny" option can used to explicity deny access to a topic that would
+# otherwise be granted by a broader read/write/readwrite statement. Any "deny"
+# topics are handled before topics that grant read/write access.
+#
+# The first set of topics are applied to anonymous clients, assuming
+# allow_anonymous is true. User specific topic ACLs are added after a
+# user line as follows:
+#
+# user <username>
+#
+# The username referred to here is the same as in password_file. It is
+# not the clientid.
+#
+#
+# If is also possible to define ACLs based on pattern substitution within the
+# topic. The patterns available for substition are:
+#
+# %c to match the client id of the client
+# %u to match the username of the client
+#
+# The substitution pattern must be the only text for that level of hierarchy.
+#
+# The form is the same as for the topic keyword, but using pattern as the
+# keyword.
+# Pattern ACLs apply to all users even if the "user" keyword has previously
+# been given.
+#
+# If using bridges with usernames and ACLs, connection messages can be allowed
+# with the following pattern:
+# pattern write $SYS/broker/connection/%c/state
+#
+# pattern [read|write|readwrite] <topic>
+#
+# Example:
+#
+# pattern write sensor/%u/data
+#
+# If an plugin is used as well as acl_file, the plugin check will be
+# made first.
+#acl_file
+
+# -----------------------------------------------------------------
+# External authentication and topic access plugin options
+# -----------------------------------------------------------------
+
+# External authentication and access control can be supported with the
+# plugin option. This is a path to a loadable plugin. See also the
+# plugin_opt_* options described below.
+#
+# The plugin option can be specified multiple times to load multiple
+# plugins. The plugins will be processed in the order that they are specified
+# here. If the plugin option is specified alongside either of
+# password_file or acl_file then the plugin checks will be made first.
+#
+# If the per_listener_settings option is false, the plugin will be apply to all
+# listeners. If per_listener_settings is true, then the plugin will apply to
+# the current listener being defined only.
+#
+# This option is also available as `auth_plugin`, but this use is deprecated
+# and will be removed in the future.
+#
+#plugin
+
+# If the plugin option above is used, define options to pass to the
+# plugin here as described by the plugin instructions. All options named
+# using the format plugin_opt_* will be passed to the plugin, for example:
+#
+# This option is also available as `auth_opt_*`, but this use is deprecated
+# and will be removed in the future.
+#
+# plugin_opt_db_host
+# plugin_opt_db_port
+# plugin_opt_db_username
+# plugin_opt_db_password
+
+
+# =================================================================
+# Bridges
+# =================================================================
+
+# A bridge is a way of connecting multiple MQTT brokers together.
+# Create a new bridge using the "connection" option as described below. Set
+# options for the bridges using the remaining parameters. You must specify the
+# address and at least one topic to subscribe to.
+#
+# Each connection must have a unique name.
+#
+# The address line may have multiple host address and ports specified. See
+# below in the round_robin description for more details on bridge behaviour if
+# multiple addresses are used. Note that if you use an IPv6 address, then you
+# are required to specify a port.
+#
+# The direction that the topic will be shared can be chosen by
+# specifying out, in or both, where the default value is out.
+# The QoS level of the bridged communication can be specified with the next
+# topic option. The default QoS level is 0, to change the QoS the topic
+# direction must also be given.
+#
+# The local and remote prefix options allow a topic to be remapped when it is
+# bridged to/from the remote broker. This provides the ability to place a topic
+# tree in an appropriate location.
+#
+# For more details see the mosquitto.conf man page.
+#
+# Multiple topics can be specified per connection, but be careful
+# not to create any loops.
+#
+# If you are using bridges with cleansession set to false (the default), then
+# you may get unexpected behaviour from incoming topics if you change what
+# topics you are subscribing to. This is because the remote broker keeps the
+# subscription for the old topic. If you have this problem, connect your bridge
+# with cleansession set to true, then reconnect with cleansession set to false
+# as normal.
+#connection <name>
+#address <host>[:<port>] [<host>[:<port>]]
+#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
+
+# If you need to have the bridge connect over a particular network interface,
+# use bridge_bind_address to tell the bridge which local IP address the socket
+# should bind to, e.g. `bridge_bind_address 192.168.1.10`
+#bridge_bind_address
+
+# If a bridge has topics that have "out" direction, the default behaviour is to
+# send an unsubscribe request to the remote broker on that topic. This means
+# that changing a topic direction from "in" to "out" will not keep receiving
+# incoming messages. Sending these unsubscribe requests is not always
+# desirable, setting bridge_attempt_unsubscribe to false will disable sending
+# the unsubscribe request.
+#bridge_attempt_unsubscribe true
+
+# Set the version of the MQTT protocol to use with for this bridge. Can be one
+# of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
+#bridge_protocol_version mqttv311
+
+# Set the clean session variable for this bridge.
+# When set to true, when the bridge disconnects for any reason, all
+# messages and subscriptions will be cleaned up on the remote
+# broker. Note that with cleansession set to true, there may be a
+# significant amount of retained messages sent when the bridge
+# reconnects after losing its connection.
+# When set to false, the subscriptions and messages are kept on the
+# remote broker, and delivered when the bridge reconnects.
+#cleansession false
+
+# Set the amount of time a bridge using the lazy start type must be idle before
+# it will be stopped. Defaults to 60 seconds.
+#idle_timeout 60
+
+# Set the keepalive interval for this bridge connection, in
+# seconds.
+#keepalive_interval 60
+
+# Set the clientid to use on the local broker. If not defined, this defaults to
+# 'local.<clientid>'. If you are bridging a broker to itself, it is important
+# that local_clientid and clientid do not match.
+#local_clientid
+
+# If set to true, publish notification messages to the local and remote brokers
+# giving information about the state of the bridge connection. Retained
+# messages are published to the topic $SYS/broker/connection/<clientid>/state
+# unless the notification_topic option is used.
+# If the message is 1 then the connection is active, or 0 if the connection has
+# failed.
+# This uses the last will and testament feature.
+#notifications true
+
+# Choose the topic on which notification messages for this bridge are
+# published. If not set, messages are published on the topic
+# $SYS/broker/connection/<clientid>/state
+#notification_topic
+
+# Set the client id to use on the remote end of this bridge connection. If not
+# defined, this defaults to 'name.hostname' where name is the connection name
+# and hostname is the hostname of this computer.
+# This replaces the old "clientid" option to avoid confusion. "clientid"
+# remains valid for the time being.
+#remote_clientid
+
+# Set the password to use when connecting to a broker that requires
+# authentication. This option is only used if remote_username is also set.
+# This replaces the old "password" option to avoid confusion. "password"
+# remains valid for the time being.
+#remote_password
+
+# Set the username to use when connecting to a broker that requires
+# authentication.
+# This replaces the old "username" option to avoid confusion. "username"
+# remains valid for the time being.
+#remote_username
+
+# Set the amount of time a bridge using the automatic start type will wait
+# until attempting to reconnect.
+# This option can be configured to use a constant delay time in seconds, or to
+# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree
+# of randomness to when the restart occurs.
+#
+# Set a constant timeout of 20 seconds:
+# restart_timeout 20
+#
+# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of
+# 60 seconds:
+# restart_timeout 10 30
+#
+# Defaults to jitter with a base of 5 and cap of 30
+#restart_timeout 5 30
+
+# If the bridge has more than one address given in the address/addresses
+# configuration, the round_robin option defines the behaviour of the bridge on
+# a failure of the bridge connection. If round_robin is false, the default
+# value, then the first address is treated as the main bridge connection. If
+# the connection fails, the other secondary addresses will be attempted in
+# turn. Whilst connected to a secondary bridge, the bridge will periodically
+# attempt to reconnect to the main bridge until successful.
+# If round_robin is true, then all addresses are treated as equals. If a
+# connection fails, the next address will be tried and if successful will
+# remain connected until it fails
+#round_robin false
+
+# Set the start type of the bridge. This controls how the bridge starts and
+# can be one of three types: automatic, lazy and once. Note that RSMB provides
+# a fourth start type "manual" which isn't currently supported by mosquitto.
+#
+# "automatic" is the default start type and means that the bridge connection
+# will be started automatically when the broker starts and also restarted
+# after a short delay (30 seconds) if the connection fails.
+#
+# Bridges using the "lazy" start type will be started automatically when the
+# number of queued messages exceeds the number set with the "threshold"
+# parameter. It will be stopped automatically after the time set by the
+# "idle_timeout" parameter. Use this start type if you wish the connection to
+# only be active when it is needed.
+#
+# A bridge using the "once" start type will be started automatically when the
+# broker starts but will not be restarted if the connection fails.
+#start_type automatic
+
+# Set the number of messages that need to be queued for a bridge with lazy
+# start type to be restarted. Defaults to 10 messages.
+# Must be less than max_queued_messages.
+#threshold 10
+
+# If try_private is set to true, the bridge will attempt to indicate to the
+# remote broker that it is a bridge not an ordinary client. If successful, this
+# means that loop detection will be more effective and that retained messages
+# will be propagated correctly. Not all brokers support this feature so it may
+# be necessary to set try_private to false if your bridge does not connect
+# properly.
+#try_private true
+
+# Some MQTT brokers do not allow retained messages. MQTT v5 gives a mechanism
+# for brokers to tell clients that they do not support retained messages, but
+# this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
+# v3.1.1 or v3.1 broker that does not support retained messages, set the
+# bridge_outgoing_retain option to false. This will remove the retain bit on
+# all outgoing messages to that bridge, regardless of any other setting.
+#bridge_outgoing_retain true
+
+# If you wish to restrict the size of messages sent to a remote bridge, use the
+# bridge_max_packet_size option. This sets the maximum number of bytes for
+# the total message, including headers and payload.
+# Note that MQTT v5 brokers may provide their own maximum-packet-size property.
+# In this case, the smaller of the two limits will be used.
+# Set to 0 for "unlimited".
+#bridge_max_packet_size 0
+
+
+# -----------------------------------------------------------------
+# Certificate based SSL/TLS support
+# -----------------------------------------------------------------
+# Either bridge_cafile or bridge_capath must be defined to enable TLS support
+# for this bridge.
+# bridge_cafile defines the path to a file containing the
+# Certificate Authority certificates that have signed the remote broker
+# certificate.
+# bridge_capath defines a directory that will be searched for files containing
+# the CA certificates. For bridge_capath to work correctly, the certificate
+# files must have ".crt" as the file ending and you must run "openssl rehash
+# <path to capath>" each time you add/remove a certificate.
+#bridge_cafile
+#bridge_capath
+
+
+# If the remote broker has more than one protocol available on its port, e.g.
+# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
+# requested. Note that WebSockets support for bridges is not yet available.
+#bridge_alpn
+
+# When using certificate based encryption, bridge_insecure disables
+# verification of the server hostname in the server certificate. This can be
+# useful when testing initial server configurations, but makes it possible for
+# a malicious third party to impersonate your server through DNS spoofing, for
+# example. Use this option in testing only. If you need to resort to using this
+# option in a production environment, your setup is at fault and there is no
+# point using encryption.
+#bridge_insecure false
+
+# Path to the PEM encoded client certificate, if required by the remote broker.
+#bridge_certfile
+
+# Path to the PEM encoded client private key, if required by the remote broker.
+#bridge_keyfile
+
+# -----------------------------------------------------------------
+# PSK based SSL/TLS support
+# -----------------------------------------------------------------
+# Pre-shared-key encryption provides an alternative to certificate based
+# encryption. A bridge can be configured to use PSK with the bridge_identity
+# and bridge_psk options. These are the client PSK identity, and pre-shared-key
+# in hexadecimal format with no "0x". Only one of certificate and PSK based
+# encryption can be used on one
+# bridge at once.
+#bridge_identity
+#bridge_psk
+
+
+# =================================================================
+# External config files
+# =================================================================
+
+# External configuration files may be included by using the
+# include_dir option. This defines a directory that will be searched
+# for config files. All files that end in '.conf' will be loaded as
+# a configuration file. It is best to have this as the last option
+# in the main file. This option will only be processed from the main
+# configuration file. The directory specified must not contain the
+# main configuration file.
+# Files within include_dir will be loaded sorted in case-sensitive
+# alphabetical order, with capital letters ordered first. If this option is
+# given multiple times, all of the files from the first instance will be
+# processed before the next instance. See the man page for examples.
+#include_dir
\ No newline at end of file
diff --git a/Mosquitto/docker-compose.yaml b/Mosquitto/docker-compose.yaml
new file mode 100644
index 0000000..0830540
--- /dev/null
+++ b/Mosquitto/docker-compose.yaml
@@ -0,0 +1,19 @@
+version: '3'
+services:
+  mosquitto:
+    container_name: mosquitto
+    image: eclipse-mosquitto:latest
+    restart: always
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+    ports:
+       - "1883:1883"
+       - "9001:9001"
+    volumes:
+      - /home/ubuntu/docker/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf
+      - /home/ubuntu/docker/mosquitto/data:/mosquitto/data
+      - /home/ubuntu/docker/mosquitto/log:/mosquitto/log
+    security_opt:
+      - no-new-privileges:true
diff --git a/Mosquitto/mosquitto.conf b/Mosquitto/mosquitto.conf
new file mode 100644
index 0000000..5641be0
--- /dev/null
+++ b/Mosquitto/mosquitto.conf
@@ -0,0 +1,8 @@
+allow_anonymous false
+listener 1883
+listener 9001
+protocol websockets
+persistence true
+password_file /mosquitto/config/pwfile
+persistence_file mosquitto.db
+persistence_location /mosquitto/data/
\ No newline at end of file

From 8623f316a675c426da61b24a9cd211766b29c7ef Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Fri, 26 Apr 2024 16:23:25 +0100
Subject: [PATCH 09/14] ansible-copy

---
 .../File-Copy/File-Copy-Playbook.yaml         |  52 +++++++++
 .../File-Copy/File-Copy-Undo-Playbook.yaml    |  24 ++++
 Ansible/Playbooks/File-Copy/inventory.yaml    |   8 ++
 .../File-Copy/nginx/docker-compose.yaml       |  31 +++++
 .../File-Copy/nginx/website/Jims-Garage-1.png | Bin 0 -> 151388 bytes
 .../File-Copy/nginx/website/index.html        | 108 ++++++++++++++++++
 6 files changed, 223 insertions(+)
 create mode 100644 Ansible/Playbooks/File-Copy/File-Copy-Playbook.yaml
 create mode 100644 Ansible/Playbooks/File-Copy/File-Copy-Undo-Playbook.yaml
 create mode 100644 Ansible/Playbooks/File-Copy/inventory.yaml
 create mode 100644 Ansible/Playbooks/File-Copy/nginx/docker-compose.yaml
 create mode 100644 Ansible/Playbooks/File-Copy/nginx/website/Jims-Garage-1.png
 create mode 100644 Ansible/Playbooks/File-Copy/nginx/website/index.html

diff --git a/Ansible/Playbooks/File-Copy/File-Copy-Playbook.yaml b/Ansible/Playbooks/File-Copy/File-Copy-Playbook.yaml
new file mode 100644
index 0000000..4eaf2ea
--- /dev/null
+++ b/Ansible/Playbooks/File-Copy/File-Copy-Playbook.yaml
@@ -0,0 +1,52 @@
+---
+- name: Deploy Docker Container with Docker Compose
+  hosts: all
+  become: true
+  tasks:
+    - name: Ensure Docker is installed
+      ansible.builtin.package:
+        name: docker
+        state: present
+
+    - name: Ensure Docker service is running
+      ansible.builtin.service:
+        name: docker
+        state: started
+        enabled: true
+
+    - name: Create a directory for Docker Compose files
+      ansible.builtin.file:
+        path: /home/ubuntu/ansible-docker/docker-compose
+        state: directory
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Create a directory for Nginx website files
+      ansible.builtin.file:
+        path: /home/ubuntu/docker/nginx/web
+        state: directory
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Copy docker-compose to remote host
+      ansible.builtin.copy:
+        src: /home/ubuntu/nginx/docker-compose.yaml
+        dest: /home/ubuntu/ansible-docker/docker-compose/docker-compose.yaml
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Copy Nginx website folder to remote host # copies a folder - note no file extension
+      ansible.builtin.copy:
+        src: /home/ubuntu/nginx/website
+        dest: /home/ubuntu/docker/nginx/web
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Start Docker Compose
+      community.docker.docker_compose:
+        project_src: /home/ubuntu/ansible-docker/docker-compose
+        state: present
diff --git a/Ansible/Playbooks/File-Copy/File-Copy-Undo-Playbook.yaml b/Ansible/Playbooks/File-Copy/File-Copy-Undo-Playbook.yaml
new file mode 100644
index 0000000..52118a1
--- /dev/null
+++ b/Ansible/Playbooks/File-Copy/File-Copy-Undo-Playbook.yaml
@@ -0,0 +1,24 @@
+---
+- name: Undo Docker Compose Deployment
+  hosts: all
+  become: true
+  tasks:
+    - name: Stop Docker Container
+      community.docker.docker_compose:
+        project_src: /home/ubuntu/ansible-docker/docker-compose
+        state: absent
+
+    - name: Remove Docker Compose file
+      ansible.builtin.file:
+        path: /home/ubuntu/ansible-docker/docker-compose/docker-compose.yml
+        state: absent
+
+    - name: Remove Docker Compose directory
+      ansible.builtin.file:
+        path: /home/ubuntu/ansible-docker
+        state: absent
+
+    - name: Remove Website directory
+      ansible.builtin.file:
+        path: /home/ubuntu/docker/nginx/web
+        state: absent
diff --git a/Ansible/Playbooks/File-Copy/inventory.yaml b/Ansible/Playbooks/File-Copy/inventory.yaml
new file mode 100644
index 0000000..34d1a72
--- /dev/null
+++ b/Ansible/Playbooks/File-Copy/inventory.yaml
@@ -0,0 +1,8 @@
+---
+docker:
+  hosts:
+    docker01:
+      ansible_host: 192.168.200.50
+      ansible_user: 'ubuntu'
+      ansible_become: true
+      ansible_become_method: sudo
diff --git a/Ansible/Playbooks/File-Copy/nginx/docker-compose.yaml b/Ansible/Playbooks/File-Copy/nginx/docker-compose.yaml
new file mode 100644
index 0000000..b0812b9
--- /dev/null
+++ b/Ansible/Playbooks/File-Copy/nginx/docker-compose.yaml
@@ -0,0 +1,31 @@
+version: "3.9"
+services:
+  web:
+    image: nginx
+    container_name: jimsgarage
+    volumes:
+     - /home/ubuntu/docker/nginx/templates:/etc/nginx/templates
+     - /home/ubuntu/docker/nginx/web/website:/usr/share/nginx/html
+    environment:
+     - NGINX_HOST=nginx.jimsgarage.co.uk
+     - NGINX_PORT=80
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nginx.entrypoints=http"
+      - "traefik.http.routers.nginx.rule=Host(`nginx.jimsgarage.co.uk`)"
+      - "traefik.http.middlewares.nginx-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.nginx.middlewares=nginx-https-redirect"
+      - "traefik.http.routers.nginx-secure.entrypoints=https"
+      - "traefik.http.routers.nginx-secure.rule=Host(`nginx.jimsgarage.co.uk`)"
+      - "traefik.http.routers.nginx-secure.tls=true"
+      - "traefik.http.routers.nginx-secure.service=nginx"
+      - "traefik.http.services.nginx.loadbalancer.server.port=80"
+      - "traefik.docker.network=proxy"
+    networks:
+      proxy:
+    security_opt:
+      - no-new-privileges:true
+
+networks:
+  proxy:
+    external: true
\ No newline at end of file
diff --git a/Ansible/Playbooks/File-Copy/nginx/website/Jims-Garage-1.png b/Ansible/Playbooks/File-Copy/nginx/website/Jims-Garage-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..d5491ac05097ef3a8b4309712ac4a1efb9817a41
GIT binary patch
literal 151388
zcmeFaXIN9)+AfR@mWpBnM5HJSQ9==r-c$q>R8UALp(qd#Ly;0X#0p9kmELTiCP1j6
z7o|!l0)_yA1PGl#AP6Cp<V@GzYcKZu9>2ZLk8@q$Ifp+m6UH1&#(d`U+|PaAgFG|7
zuD@^3u{|6d9Q&?ZzI2m=<LBY7*S~QB-(GMWBLm;IdEL~%$dTKAe2Rl(`w3@Lb8qu&
zSJmv@U1e@NxZA;G{9Nw=qc}J;wEgbgwui&KMeSft&Tg6#w2B%DQD+BD2{XlOXRqDU
zf!%Sw9N-Bv3Ak=*9{{&kb&$~3+N0s8229`z^S&+W=j!6-rRJw8@yEPs!12$wWhF%a
z7~&1rl(_Ko7mDio-SdQbc}V~#dpbC(-Mpmt&r^X{ni6-sz3-{X%KG~H%J?eCxO+Ou
z%BiZV%AS>%m6w+WMo4@4yLsRClXmkG17;BYV~R^KFMChtd*06OZlXV@ylv->@Ya-&
z*dzMSnH}u^HSs-!r^_GHI@rs?Twty+H*YUlIT<<GzeWRpkmkvMUWc34KbHwuFj>Fb
z_kf{iWl!!A1%9=thJ(GDy(jFpx4Y-hm;bmH6PU*zFaGh$#aT;LPW7yUs)CZ-Ii+*w
zlod2&e_kQ*{vT)j@#3GSXvqHid>X)YsOkJ;ep7dM7p;F=K2e051I*Fc4d$RB`(FnF
z%ksy>o7M$b>_6TDR{Q7SzwR3F;$Qb2<_6qsPvEY)f60#I;1K1wa_NGppAEHNZqFCv
z1Lr@t9juHYv4y9)ce+O1a^}7H8_y|(mQ*3M8s-?ia8UI8eU5G0cm8(ZKOUTUpv#fi
zpKyEke;)de>1xf+b4(ui8#Di7_<7^=97nB^WB>O2_c^}p`@7e|@!<7+j<cob#18+*
zzw^(v*!EiRZ;#!6VcWJ__nh@k{q5D<eqQ-+kKOrj`}W$QuE?u@_g3xPdEf1CkNs`u
zuATQkX9^_!%{bWk+ix6$e|zkK-}d~*@yJj?{_h1Du=oc!%K!FQ(E~?Tpd2d!q=y>+
z3u`~I3p<;L2=3U(&p>)F7;PKURq6QKVOom;;_lj3-2G4Q(f>nncYuR4!O`JwWzL@&
zMU=yP$Df(yKb|CdT9kuZrmgvJp8zCU&c7YOTZ#6Ud3`I<{!brkAhZq~*$VjodDv_r
zi(dkn|Fe<BR={rs{PzEsp!8P2Zw35T!2h~&-oo&|>@l{;l3#_*|F6iBtqi}F;kPpU
zuO8JcmgfJ1ncB+mzY3eJ4F9XJ*`g(XsS|AJKfjWY{ulM1El9HkX|^EEf2~c2+%Jaw
z=>_;JKDHXztp;|Blm8W3*-~A9iB`7kEx$r5|GVuiTkz(u^0irK+)`aPug1Tr_FEZ#
zE5rW`jxEOKzoOzlQ^^)%^Q$Lhi?R772HIk5euaUy7@J=iHMcD4f2Q33_E>FMh5rq-
zZCal#mS&5k*~0L@LMU4-&8AfG?>*oaOY<v)vc=N;3ZZOm2KgmI+1d>9D}=JO8RS<8
zWs8>l_mZ?J?QB7sEl9IPOa3Zx{7kj~n`lW@A*uX7y#W7YM7J25O^NB>@bngA^GiIm
z#n}7`4{b3vzf5aeBGi@$we{Z&ew9<V7@IA|27n)1s_VaDu+1^?f2!*GfG3b4<YZ<&
z&a?jYYL<~XZy>b6CU2<UZ0gpVoezw+zbW~x>%<%1%NN6b|8eX$@pHPnE}cK(^7OSG
z6xXl2(I>C@b(9g{rgV(*yH|VKi?VqZOAON{O<rV$(8`>agXR|h2%B%hzsfBC9p5Sf
zY1sTxgk#Hp|IshrInS{*|1ar`t@ZyEo$)WgvlTzTOlyBUaa-%NwLX76L|gfJbKU>%
zC24DYw$|t0qhc$6ZspId{P{1q^&bwl^5<6m+{&L@{qL_BgRT6ql^?e9!~f;^AvO5?
zn?Jn(|EAe(Vd*U_y@jR!1BCupdfcj&Teb3E!SKhyR{q?|pIiBJD}VkK1OM0Ohl8E?
zs&nZf0nY2=gpCCvdAaG!6GKWu4V4|%R$Bg)zdBE*C;6<5&2oXq0zHAyU}$T}@9Iif
z+4PxH^HPT<XQNg&XluZE(=lXLmNwmyD8l+CVwfPK<45YJNFvoMshNlclo`Gu!q$pE
zDyrk8XqdrYfmZtw_<*5k$r5F;zogpN@jC+o;u~Z2eVTM^Elmx(Sxr_@Xj8+0s%t(e
zU};A?8*U3dzD6ago{Dj8d6lI?e>#3J4N6MIrFipbm8xj1mFX_5P$J%8WKR;RFv@ld
zFJSDdk>(U1N>fZkR@T$;agWaLM;D@fBV$}k;7_k9xjilJITmm<@14E#anH+UK^uY*
zh9YdG!-AAoCYA=;nC8RrQqM{k8mkjk(G|^g>@hh^064f+1uafmAAi8Go8k`&)gCUN
zS+j%iw%b1$%d1Paj~Pq})ktG+kXgO%>~;gu5~|-UeA>Q!pvUiP#7v7;F{(+{CN(35
zR66v9G&!?ISZur{o0t)^SN2YnSxtcVczKXkp%bG~JYktzsS3HqD5);ilBxbE-D49t
zIZ?rDtFf<UZBTq6sbXz}7$f^EW8M48r!rWr-FRz{ACZ{q#QA7#3A09dDpo%7iI$)s
zOhqh`*^6<A1-jYy2AmDVj7dWfghVj@*9P-~wE6tm1Nsx`#KVM+8EN|bjo{XPIH6(J
zL`fr&Y$Kw*+W8_;KC_TcdGwaDgu%q*l-zy#?69DIo7d~IvEoi09_i?rTv|?$V?;Ez
z$HM~;c4hlW-&<0wic<us_gH+;8gF;bSwH%&d2-I?Skv)tAqLWeYE776)KVj$lsHT_
z+A2`k*UEPw(00Lp+-cTc1Ri-s{aoW>7;~Vqz}1E)WFaDAWYs@-A&n;WjKxCE4evhO
z*f5@=TrV7Wt^s6w!^Jv0d+>bB6fI_@-8Z5B+Txld5{>ZTV@tIq4f2Vsep^A20y^J5
zmB_F<zL!rboJ+*&2$F^CYDtD2z1R6RGp<HFJ|;BuX=5XjH8?NAmXlHHdw;^G_l;an
zFg!RC<F*IfMtr%c>+&1l`x}SWBBA%-p}$BO<IGxHR>8SbMsrVPHLbLsg2$lyXS&lD
zQ#}@*tewi1_f~Ybu@$#c;A{FSQBr>}j0eea*8Ll7emK7=zP{4GYN7cZ?jo{IE}c>7
zk>4F1l|PG(TF6qyn+1Dmp`W@`A@tW*ni||uvKj0f`btgDB%-f!oK15~8x(R%y}>%Q
z0VUrQA=nW4+=JfTYQGgIT?cYX?G#dQjQ16$7VA^UO;Hi0^l)rT+w7aj%FpTh6`a7d
z=MyzNLASi;a-H%<zjp`NEmPB*6{QsDK^|+avvEUBccOK8X2WqZvLY|~T?#`JeS?X4
zVC`!d5!SscsotKxLBo3^4AwF&LM5||;L#fl_h@dbqiFsW79*kFt-@E2MY|Kl?dXPe
z)^RDip;NhBj97TcA9+<go4b=%Z00nu(Kj;usZ+jLboAk_*@aaCzNy=Y(G;zYXjC=`
z-B37NG>DCogG1n>2;fq<tzc(;SAWcvvRR%P_;t75Kung(Om=(=&*}J>_4SM(17GmA
zTHh*o&_DnjS~>Zop*_vwlWW)hw1ph^IE^bY+v(v=FHT9Me;1m_u$^1ORBPF7@F>?m
z;g7!hT7#gCxu$SQ)m%jm?O+@5wcxpRJG`_hgH=>SfAk8DnT=R)O%R}kFjh*LSy;c$
zi168zpjmFsai`^BS=nfuEG?=@7;1(0#fL9i`3|nOIGyZxHkB!VD+&C=d{b@VJamAg
zNOn^!iRSHjkgZm{@jlvb<XLCM1+CPGh4_;1O+qClW~ljW4Z2=WYMG{-t0nWUTb*jt
z0~-*CKOJcUznZR5#L*d!NdsSyr}`4CBSwHUeWYeZ7daZ$8hf-Oc&@b9`(<daTSa5<
zy}E_iCKJc?Auhv_x*6HX++0uPbBmla0v}51A8_qQ-jkomP&W6famY+BpzNTD*zV@w
z%jq&%Udp%<)A4-zcG$$VS$ezu=MxO}x*!pqn_akmv;g%@royM*2x+;&wKU)bwa=(Z
zd7HbU$wKWeg!w_{Dw*-s$RZYK)lSf@_W;3akgo$7Qs$-GNf4Rz5Xc({q_vyhgEDt|
zC#QQ|pUHcyMz1*C@m1ewM)>AY*OuIC9@C$s-`!O?!dBcE;7*&(cXD!wYwHx2ZljDu
zxuYU@kRMNAdkapG7Uve~EO*VsAgzwQ^qqRDFD#I90<)_G3$}bX?lfOYsTdiFz-7#I
z1BWS;*E>?e#=OiOcpUJf8nPmO#!eb6KjzGc3o@Xta@ns*ou#-het7B;&s?~mn-o%}
z#o(@TD?DO(*>0jegI%euMDn|>u@TluW;_zW1W6IBx&<>d^5A(N_N~waBva%lwvXb$
zRo@JZR;N1R!Ta0honqmWJjgpit?7e&GuaB2wqFET>Z_BvEex~1+F;H*M%p>zS=U`<
zf?S_}?u5F{MyR{l9*GHtd%UrirKH7aN?dn&I$Po%sa%z>B`*cv4AoyB+qSLt?stu_
zzdE`HPETrI8p%8p@|k>UyAePgJS|ng0d?y;U}mK?AJyq%f@nE2=)u}GhKe}iPky6y
zO2<x>wnPvK7|X4^oi;mlUA?N}5a-H_E$+!QN;AIFKY{nCFR4r}TH~#_&HTd=-$mgN
zKaZdv_InL$5S*BTX`BRBpn7OD{AIIo!>d8HlM`k>L8D^(JeV-ocQ!d6sTxgRD2t8D
zZWV}n9a~A72H!Zl9C*kdLWv;WYLt+FNcrU3bd`<Bxf9^Y0eDB2%3^E$ZM11gIpr$?
zcYct6PSzG7wF3bpvYTpBRypokG#b+O7}1SzFh<KVBtuA{N;O*3$4@fKu~q@p>1epB
zVQZ$Kweoo(juvTF`S$v~x1zToO>3hP>SB!9<YNMs9kj18Aw?&mHM3y7lD8b2XX<9y
znymE+MPC=Rd>ie{3<kc|<g}rXVR1x#?)we=AqPY^bCIZDIXFZAIu^qbtzNC3TUk)z
z%^^t$$OujziR^~HbIzQbN3J3b?FrWC3T*G~oAy?oSD?c!&g6g~4`4lnGLg4#;J3#G
z-DFLQL(#IB?F>9dCi<F^G*UXzJ;k+uk?VZj#=8iY?x2=WgK_hBV`JYe@0E3l$iccC
z#d>*#7!7!JyfxU>Eia8s=wP(Dqhg?L&M^Q~n1{dORt*`8ZSeSh!+JqmdoCuO6s!Kh
zVXWW9IhZQfmcP^!Rd+00rT`+Wvk7@A=$z-6Ps)#uez+-i4j%9udQd3`9o(07F!B0S
zg2v?Qah0W4@!N<eShMap6d0x(k*`#sYXhmXbg!D;ao@jt4#12t*{?kpsHEmS3h=uQ
zYlVeQ#gP8({LYVjC{e-r9o1t{1*erU6o{yoJvN02!HW=G$p^`6Hf1f^0-*!`9~uoB
z@^&8%=Q=_79*{G|XbY|wgY2b9Xn$%OT3911Yq?c=SUf@B)erqrpw?$hJXZ~`TJWH(
zWBr&MU}JO|5tW{h5o7(qyHUBuLd)3qM`xSd>}33x6Y;}|YqSu8$l;PRZ2xvfy7~vj
ztg9Ah8cZ7A7xa%UH2IqKA4td<dF7rk5zk$272*%gUh6qHDQD3jhi@^-%^>iHiIBkH
z`;NayFDTA@Zvbkx>6iN;Y*@~CRrNw!!@@#LOxtt9`&mIsmmyn#zWUWDz8(VgHANjt
z5b9$ws@G1LN`^)?`b~cl&tDV97e}=(kNXdZtkM?Pd^>R>eSZ}6N&T^0X?h}$%Ih=j
zYK6u3%%>MKY>!k>`vv^x1PsMGVE$50=?fk9U#C-{M%1SRV)#gmRyo9hI6Hid>09?+
zNNogUdxj;Hz?)~JmM^|cuKDzB$vw8raZ;ApU>o4<o+<5~6iXNioW&nea4Op0FR6vT
zM=pOYdtI|wg1+W?uIWvfBcdbgrgXTzR|qL$Q#j;<L^)J^2#u|qYL$82_P%HrvgAW^
zxL-fpZ|$Yg-Dh?C1xp+7Kasz>(OhKqS^1tnU?agA8oVpNGCu_$RggnEOtv{5(O7$;
zn%TA#m-0HrwI{DXC0fV1Z9P=^ds8u?sG)pjKY1USm!U^mCp%Bjr7a2v`+vfmgZk(6
zO<r;g-O4E8Hg{viK6wYp@yuhs+F-cYC-Ua@SfW>ptEmMfgUnBNQES;MWbOtVUsq`5
zgeE@hS%ff~2U+@i7PUu!sd`4eT^*xX0HfR~lC;q(p=lQXu0*a}*TNm3wJ8_#lwE{F
z{43{HNh-sS=L{6T+|}cJ-L6rn=+mF?(fdUl-};U(!>h+a(_`9s(EjeUz%dfCCd=T!
z-P02>fi&n5b(+TVMVn`ui0PWpN_x|7Rl-`eao+oW1CY;5&g?>dj8bHaT6=o8phVht
zYw%L#`oY@Bq@0Dy3Dz3pBE*^G_wq?*2gBkFt<)Ym@?0mp_(Ho#=zzDEZ6+N?KDst*
z7-|!vovTU@Q^z4szu@IBAy<nDvpf;}`6beKVzO0Kt;EoCu(LH(rdl0RpsRI{Z=GDo
zav`hNKBnCOL@J;($mT}$@s~7?r(mj24*!H%yZDzIiwVoQvGDx(c#pXFTBh#+PH&it
z8z!Wg{x>3F{BC1pKH+4^X~WRZSfbmIPoDn{X^=mFGREp8b;&jTO~ETV6v{N3c+&lQ
zoDh<U>rz>xrkB!DB=gd|a^ov~3@Q3b_8h&R(9={lQB<!dn6oM~X>6&0DX|H*LRtq_
zPJ_n=In_g5%HqMc%l#D!A&V)VamMsh!I0v<Kw8!pZ~$jYhXRvaNT0l}?hC{YrXima
z-Pf3>NayrX6obBSG;AIIO~MIEU2J!aaxHN^zHo0)xjMh}rVu*Wz@|><`{|MN+tDuD
ztbDQyuUm_AB)%EHtDkOEy*>uB5h(iT<1kiV#{(CR<Lkh;dt__TY9E!4Orryv27bu@
zo-TcsM<eeOs@5;G(yh8oHY@t`bF<82{a2*po>Ri{_Z6r?B!9d$ygeCzY;9IO2#<#p
zpP&awcHnq4O|`t^nu2j{uKAxicZB86)gW(B^X!?mj@X#?=@xaWF?BuN6+Y2A_3W?_
zRrs(rw?(H~4Z2;kL=j8QT@c|tw5U<mp_L}b&YJED?>pw7@Rc1@^(LrS;bXwc!NIum
zR(*0FcJ`TSOD#DWxaxL#6WQO%HfVY%w>iZU*2F0&1?OkKNXTAQQ)Ndt-}8nX=z!A|
z6^}LQyA(L<SOs~&D_3;ukk&O>(YUouJ<i#J?c48*&CK98eb)2G8xOMgdw#o+CPxdM
zcB{;ps%!s--(hP7A~D+^=p2jDuKwL8t?OW)olAC<v=+(OnKwb%HzK<7M)Kz(m%Tnj
z*I@hHavYt~?Bil)(+P3rN_|rs*91g?d+BW*D+Fxjxg{pIMLoC>VFPJr)`{Q-z1v!p
z5^TDTWvpDvPx+xsSWj9h<;DP@-!_O|o2%H5Ew?0Q-|}t#+~)CR_l^=_5h|i^`#9Ka
zsqsXZ&%Whv7uo5&VV+t5ULOqFQ}vatIXPFs55B06e|$(d=+>8yre~}c{BmomWtX*I
z2cZ{S$|{C>mYb);@zLB@#)XlSZ**fP;tRy;O!^EIcPQw5I%2jQoN*?m!v_~Q*C$Xi
zsHKE)FE})$3WRih4i4$$&^+@tB4A|Hq#S)0r1=7_VcZNN%VI3{YrO}_`<ePsOKeS2
zeeN1MG`qcTq|?|gX+$E_E!sa#!Qazf{Hf-*<BP?#(n8r~lDcihz`@F)T@<_J23H`d
z<WwgU>1J*5xgS!y4ttF+zj70Tx;c)Cq&+CAyxt=6G~3Tr<(0@unBnX?3n$sCBV-if
zbj76@|E2kUNMHWvRSKn1kVw&H*-r+Z!yKd+-gNb2rg~WdSl&!1u}#yjT~#ygyqlRX
z(_R{`&`Vi#56%9Vsx2zNsV0aTUpmi`_w+^6CTu#NeYklVYLexxhkb!=h@HJfEB6|D
zu1C5TyfWO7&(KN(NT=u=j$52hmwUyaqs2#Zr(eDK<gT5s60M%AF6{5HkXVslL1*;^
zphFWiE2QPQ^XMP3ie99%q=1>mM1=~3xm!W52IgEfYn7C!R25Xwj>UT9-?|X!0MoZ$
z+Ah#qHqt^;8BfgZy8Sf&R?6&cBlR5d<=(3Da8qrzKayJMr5`j=QD>Iqjm|kXLdW&L
ztqPtTeuNir5*_|lSAKHGWmw~0+p{vjbD87U21oIHkMpkyatS@{*h+oYZ6r(H?o+p~
zv8mF3HgkJFs9m;h=|e`Rkk`a=yc;tK^OAg!hGeglPQLB&tDAXpvL!cIOAB4*S`w_E
ziJCDNVlUZJK+>}~NKu;s>_Z0WFu%<?pm@jz+_1KiFHuw){9&tOW29B~yAQcaA!J>9
ztRrv+qpg)&R_=P~AsffgW1YP{Em3h2gozW9MfzKd*A}6asJNQNtZN|TT+kS3MiT#)
z%plnj`23GsFzM0itEfG~37X6DG3*X@HaeTqa^1p17DOAXmQi2s`*7yEcFs!i50s5|
zO?PhTTjeYflaMI7qC$N<*v)pe>kYDLOz}&-tJ;W!_8GRtSFbB9>mt-y>kwIzw~6i5
z6cR6z<>gN+m;oZhb^}#jI`k09^JM?B2K)LZ%vlHpFlS#CD|&Nj0srQ3)-A=zyPi>P
z#yZt)etx5ttI-T~Zl9@#*pB-+=$)u1DOR8WSVJx)#{HR*(D&m^@}npXpfh28-Jwo-
zCeg^U%&A%~EnRsF<ArmgT5h_+$FrXzYPVhU7}+gmvir1qSBBy{b;q{pGuGfUI=5|0
z-7jWW<mR>CS}XhD<eZ9t7^NaZIuhYGRC)&%$zDiXzYB2jNHyapIDC~JDX1pI#{GDR
zpYQv+dr<?vB_#QxaD?u-XJZn6*EES;z2E^9_Z^%MBP!h$W3G_JqN%y4@S6~Ns{t5q
zdK@RZu+9vQ+Y@6Eg-%{5NWg<7>vP$|3u2_6vScRyix+*>apsxO!Uip7kk-0>Jw+==
zyr9i1R4XEy+h6ExvBF$A+Tl>iq#*aO2POnzZRKknm|b!cb}){W@uwGHoV<}+)3v`M
z`TY2dt*ywSyGw*}wZ~|+ZJ{;eCp@GfW!XuC2tuO@yRxU*pms-;27jAcg+#kn#d@)B
zpFMJwXCr??IBnruLZi*RBKjiv9GeWP(wwh-+v`itT^Xd|*ya=OM64m#0%s@oNw2e-
zv}K}#8MBc9z8Q3qL^q84&KqO4Ee0T$Q%Q+hRUmrBd#cKG^SH`fX*|-orfLMPv7FN&
z=iK$JzbhfF8zr2fZLZ=N;B__4lIs3uIKUROsWmx23ovUvtYd21H*qF<=SAHkk$xLb
zz~I5752jv)e9b9wdkW8Wi*eaiNpF6A4YH^*TtC-r5N7XuPBAKCu>=0>>q{<-XuR@{
z!Y2z4xT4zx%Rv>6=oU&0{L{`Q2ygW2a!EqHOhvqVTk1?u%Nc2pT2@{6oa<Pb6Fyfg
zdNLe@k?eaX`}XGNsl|+x0~R?==2hn*<E!64TgNHY;*0dGyQ}*e=UYHTNxU$QlS5(W
zOYjwufIEJ50v$+JDZrBj2HklKGIlg1!gJ5CnZ0%qp{1)RENVLfpUbdimlxTkxmMw#
z2Yun;ULCH_G|UnN$}&WdK_1j%U$b>1-ne#pm8E54Lu8?)UCCf_Xl4#9iK+ckc&+L~
zd_5mjDw2Eol>k$75n$K#4RN&{mIW$rE1aA&10b9WsNGZ9D=jnGCj7o6xi_YW)(;tT
zF`CPhk+PZ^l@qb@*U<sg6q32f;zUWqj12>GyQ;lC(}VtX(Bo@nRVL`Dljw2_s9%q|
z9#42Gkv1TdU=0azlMTKCB&YLGB5yEV-MznPt`vaEU2EbyV9Mn0!WNpC=H{6Opbx93
z#Kcq$!6B8c9JfNka#gC=s$lpN$dx*}SIC6=G$kHN6eHX|P3hE60CRWr%mOu)W1Pn}
zRGxkcl1olN{dUh0x&U=|j_?+~GwM5%--KvF5aP&T{y8rnR8{uefeY~?mTr`>zS1fy
zecFep8LaQNOxj!firHfnY9W-et3#Hd3H`C88NCU?I_2Ky7*g<c6%yF=j{tNIG^aEZ
zIzS#Jj+u-WL9*?}^oZa5XWdNbMaN8_zkr8N?0<8&2}-sU5$OvWN^y<5>*j<oL*<Sl
z69nqyO7K;-kcPEM{bMIV72JHHKm)i&8G58HhVFLw=<!huv>z5xQ28nKP4R@*2bp6j
zEE+gL@5c|BsG1Fg^ZHQO#=_{!2*cvvaFiCsG_5LFagM^G`JWh9+0x4zAp8{p4m#ho
z`2AZ)i%h4C;EIuDA`W><sqgo?k2^{<WL8-n@l8w1GC7Y6Jl)OISu0Jf(z)_#6iRWn
z(#zgqZ60WwtxEa}PS~uE&>uY7wRd$Sudd=GTLfIES+H;9MA$hV298BpqBpXH1AQR)
zlV0TDlo6^$4m#W5+@Y84i#R^0Pd&h_&DAGu%X=4n_nBDCX_0g7C@+1XL7@zmw=H;L
zhMPSLz?b8}re3333MhVnoYjrnb05|O2sQjA(uoI{H9Ml#(^tAP;v0QyD&8Netyr6@
zHn@yDeS6$+9NRGZwV{R(!o;xvjX|NBY5p}L<>|^0S7Vc&AdgjANjCmGfUC%dC6ri1
zmbJ~sk8e5^22UQ-HGlHza&SjDwbb6@oqW>^?a;4YP(^%R2@xyzv(HN}Nrv|g$ojXv
z3@o7b0^D`!Ncafv9NpZ9SXGE>N$}U)ATgq>@SWNFnLu-9da)f84HT~$`3VfNYCWWV
zW>V1oPDHkh$}5jX0Zlo3N8hO$en?P9w~_lZo&C8ib(M}2JeozPu^Hbj@H~YDk_)f|
zEaYLpj;KJIwW%{t8rcM<7a}oE0zz!LO*VL{)Iddx9rCqihr(|g-5JuKOd0C~6MSHn
z%yFrsX?TrA{cX&W=37XvxFmGbCd55YJ#c^{2<T4U{r;CscI(wHd2?Snz~zzrH8b5q
zFeRjd_&EIIJK@J2-EA+C?o==L)A6W+fJUIRjp`i;Z`BrgsT>ufQ2^o_=uw_*D>{i`
zvKTQjJC@zUeQN@PGF?4MkK4YH!gIJ5v#fLBkeRRAS=t*()ulhWNGnSiuA1AWZS~pX
zoduR9Z;Bk-eNqY51jufq==v3$ZG2<<OZAaqNt7h)qZIK=ZjgQ8@8eU7g)RLrdhflf
zNvO791EhZhK%<F4yP}tyeewW0LLj3o@Wz`(Sg1`vz}tK1p({k?#(^@ln~v&tN?Xc$
zpL})l^F|A&;`$3*5Ru4_j&o%8=NG-+-A`h{F)fkYB-pO%uNCKXgP%n@r4xUmG698h
zL#|ZM5P|mgp1O(j!qu}klI;DJw1Hd}2#V9gMKh{oYuH3kTrQ`eKzN(MBZ<^+*31)^
zip6v?KBRXYa&>)F<5aEBiI+bMzSdCGeI2@N(Mn@=3fpe<kMw%tqPvE(D)m&?^I$pG
z^zBF%Oj@FSg<%J1Lo3)U5KuSj?&@6i-#7;=ncnUeNbNl0l-5_!VoYd(uQZEA*mqQ^
z?X@n<Ss%d3z$3n@^BCU@e5`C>69_vmzvC`UA7b4uY7ydw7V^)j*myr(O#~thP*cJM
z05+{kU%@J<9gqOL9GN0AV~W8c9dq(!&b1=VQkF;Z$*eRFob;Ha?8HoZkf-73l5U7{
zu1t2q39=PVRx9uHb=Ay@Ly^LFD%W8MImU~g-dh`?2bpq4#cQ>Tn^62mA%INow*V=K
z{}pAgLw5!QitShXsNhzbAJkCPrtJO{o$CU1%`AOm?9h7(8XmmtHRgWWv7!Yh3x~er
zO{6<oWBXgN-mo1~pmLb#Yz+&owO_qRRcX+BN%@o6SQ_3!zSk4z_+oRYkX-Lq%A<uS
z+(6kQ%mmQx86}?0?Q&$K(T-bYCV+*UAlyW^wP--mYXNiP2<p_lag~L~vAZR>$GqmR
z2D{BQaGSmo>T^@5({vA6Y^J^ew@GL#SS;NmoJo7KJ(!uK_T%~ZN{d(o2=5&pnQgwD
zWE5j1IQ^5w$EKH_4YAZ6YjjDfr0jnuDE0OA2mo&l%$~Il5vUQw5sHXxNOkMb4^4&?
zYNu3zqKl#!$Q;lTEqC8RKQ)aS(#|N<i1eTSG?;07=Vg?j9jOxAOiOu7nbQ8z#9H$O
zOIGfKFz>!51U0G0Z-|~mFY*akID>YW=sskEYHT2a1F(cf#e${+x_QW{i~!WSFZH^*
zB19|U8V<zA|3Gp+@rjV3eS$R#-CnY>92JMEN25xy>$6DuOYt}_q#}V&UkHD^`$O?1
z$Ze4PTxFr`{#8>m@WdN+H+O&vQt21N5P*h9LMDCCq}+2l!p4-}YrF_xet5NQF@8b*
zxy>lVOP|xW(%!HS+0T6&#&W<V<sB{Q6|@`H#y?zVdYTjo*akrx?fK$1Kzc5{X>k@*
z!!P8&zxA6d>)z=d(=a_7iBTpaJ&+&Fax>QgWNEA83RU7jE3pob_eaKT3ZkJTX;F@q
zRvTM={Y}llu|t#7HphU+M8KD9t>sWMA$%?Fu1BBV-QOFHQDsp-2Evci0GdW+ne?F$
zmDffmAlu;6BlmYC+mH0%`s4PCo4!!KGtohd*egS2CaA(->1-BlLC#ALo*75DWq&#+
zN#VE$P4n<c9V;=p0)RMpU;)Ozz*kKGlCwQyFibV+>>(~Dw|`riS0Esh<IEVAw6rCU
z#kPh=N_7oOKOyeM@=RnP4djy>go92~`r*V8YGL3=R!TTmHjQ;P(4};^d8Z2S$X#&(
zNJ+M*Ld{bn$i8ytkihJkkR{&a@XC(xn6JkA5X+xRmw{rpJOw6;jzDAF&_xE)^7N{%
z@t0gajfah1@hFW2R*s4zJlgwm;=T=EHdO(69`AVH<RG4-!!rYD>mb{0eqHYyOMkq;
zetCc%bF)~QuH8{_Qbz;UG-Fee9p&74i|(XdaXKrcpzx-6DYg0aaFdpj{KV7G<1c2(
zK+*>k3)Fgf(EK9`Xd)J0+%H7k;96yH&pED<YuHt(FdGxtSQ!t}Z+@}fK1MosXNCMF
zYaa*LaQ606yUcNXRU@z2a^nqsgf8p+2ddx7@a~1&B~I=10*pF932@0KSalt4%J?S4
zB*XL|A5-Ms72hn&`v^#r88hjw9*g?BbcARDgq2cPpgqqVzS|hgkPiQ3QZeFNBU@uc
z*FW8K)m=Dm4<b1|z|uF>>$=e=XV=Obe~?fPaSeC%`p3y(z5{(`%!=VBvd7JsCu)_5
z=OC!(f}4FhA0Yq<VX4}&$xCv-_U_Jtu1<g#yaai7M*X_lC-G>NO8?7mittrVkQ|~9
zG1_l>ZES~tm}bf6Y<gA*_Fmx71G}7yW+7GFt2vDJ1)%C1R!$6349(`u@$2+cz!g{g
z9-ZF98>3b3(xyx*J<+aGm3heOwC5rM2s!c^X+e(Nh;0s+1%fW18%spIas#D!m2F^`
zn^EzN&3hf5o+IL5=*j~7m)DMstj_3_lsj?O%jXq#R5x5aW#R0EsY)JcRj{-h&vrQj
zT~{dtkADBuR=1pF+sT;gkO>z;eSGmMZnt|?v8D~X{PT`4FoG92ro-S}A8VueUHM+H
zmDK{mv)V$O9_22jL}oK4U^)H3=yJ%cg{I4RWPGAV*_9RdM5XgA4$&QE{?}#Iv#z&w
z*f5pSndxE2%cU+CdBzQV9yi8DO#$W;$g-6pp0j3k(sBV?!b>DRYO6>_cAWQu$V#c}
zjcB}x`wA2Xkeju!)_O4|8i!)T;>JGfan=BG2HJF~cnp(-KV6b!p0{p$DK*H`cP#K7
zwOJ%`U?V9OEm~2|9Gw^gm<dVkfHQ(tE_a@)tbUAdHh2a@e;-S&X7-LGs^r^Wj>9I1
zKq1cS{bq!4<;pkf6QF(cel_HP@v_%oznYBvdIq6+M^v_3)inr7ipluqKY@kh>Y_ZX
zwPG}KxwrfH%0@Lddc+NpjcqX0>Se!8U1fR_z-4x{A`qsV0xA3UgKY1`XRhiaT-v8a
z3IwOZoyn}_7rnQeqMHS6VNJYdMGe>0`D%tOmzT^KE8Kl;N!^E=jzg;vx2xSk=Si&P
zRReTo<yY-jC?q=BDHP6P@NdXfYmJP_Vn7H5cOXn8T**fZoy^EKu6c;^;n3<{-x~Vo
z$CXoSwfux*`91ZI+SdA(X=Pyr2G<qeL~-A=^66`yee<B_<f98=LL}b3d`I>^t(t#=
zh=b&bFfZ$jrfaM`&;4=&oBhzcT{S1OKY?#ho4;c&>RpVCEkcf%Lh|$iXtAo!W5K}(
z`K`Yn{*Xrc<59(qw4Ha4Md=IZRV|kTs>jOQ$_%*$d;q5k^Mg&KB?E4v_zT3R@v5Ot
zYxYP+1*>=buuxoWKvL`s;6^Y!?th7S_C|<rM|$^Ri8RydaElNnnHm=h#j=y+K8f^R
zA*Y1w@woj0Z`XcUA0E+Wd;QRg0If|djWm@^o)!wl(fYW@_nSrZbDs*Hg-6(<bJR|v
zEfNGQHe@ln;n=h)=6JP%N|8(4=hW^h#`ULc)~$S0kpI;+k#7Qv<8c~Ox~3#bR!Tpm
ztV2lSn|UK@(%wrNJ5aE0IXdH{-e;iz1x<9zzoTn<co>aw?edoqiS{6*&Bkh<JFOnV
zUSqZJ7^6O&OaU7%x}&(a?>{FTbjQP`CRktmv6;7nct2OQ%83Hhn+t!{ERF~HrvOE)
z2T~uj2{-xa{T9RsG_(u5BD4@8X-NtmSD4N3{H+*ub)a%s(fOvngZW453U%<X-J^Xy
zt=BNLVD~HHkK?7q(E_wU@=9~Ohea&r^7GfpjH4}HtW`p0{^Dr#N>@S)*;Vt$w{exJ
z`uKzB7m71f*l<(<<)`vnF?VbOTL7D2UiA-x2)9k!*sj|#r)>ghaktSucaAl<wE;%B
z(*Sb~3fY*kyFKbs;rmrQCsrC$185pKwGmp%#CuMc9ZPp;39M>TBIi`lmlVH@t-1b_
z&s<2Ih_uQ3od|S<F1}U>g!||KF4E;qP#fNLVSNG<QZ0b}x@ew`LGMnUNR@AWHC#ie
z!Ui>blyCas5=b>Ml76;N+0wjx!wd2uSrJ`K-*NvWudA7N+s3^K>)?EX%@{f{ZXZX;
zw23vixU+4~?Y`}Pv&H(f!csbEX42e}>Cvde6Ia8jGW$KgdFKA`QGw88)k2AOP0R=H
z6?jC<Pqz-1FIO*>msuch+ZQ_<E#i0U;_#vlXFt%`iD_+2(aBML@k?}EIQX1Y;Bj5y
z4B(!x=0AzWSKy*&vG7Qoj4NoPD*eLnx?4N^SpitxOtGoVi)cr%K4xf*oCxg5AoFuw
zot3KMSIF}p<8?)6pHCwr306cw{o|crNpAME89|pNeQtno2uA3kY!X65&pyA;@jCe5
zV&>q1l`k6+b`_GAS&sP9j-YZNaj(Yi)g0Z2F$yUNDn@lC5>fFdLC;eGma<*-!-wxt
z<ztuxeDHXyTLceZHlM<FsNJ`O>>@`}u9*Dm8$PK%z@rz?JU_5*%dA>#WS$7~2BZAr
zghbYBSIqNXYxY>e+nz|aw3o$;up?}Ln0?VS(zcd4{XFMbj5=0zzeb*a{l)j7it#qa
zPiGezbB5GIdr{^p=T9%-=mM+}zxxn#6y#m39UPvYu7iuL)XsAzDqId8x?mj}m)#Pb
zef<^hzKEh0skMG|z&e?QExNfIoh;g_6{y@G;8c`dklaOQtS`j;B-eZ(2pJrq88WU+
z`UY_(s_@nI*A?@@M-amP-X4JbT^4SJBRI?r^z^!PhoX8$7a3CF);?2GR{36K*OEAH
zVJ{CN4D>T|{Q6=u8p^yZ-<A2d1)IToo%;a~*vbgq_3j61|51LcZ+sT}?tK)~uKB6H
zkVD?~mLVD#6$_!uy?4<gfuobocmRLUvN2ZB(XzMA%_8Pk2eQNfC7M3m@`%SRy4wi;
z=`NW+iFhkUz<@ZHovO-iq@P#}tEp639xN$DeH%taPXK1n5fd)O1e9K4&PN8Z1_V&E
z>x`L3LFM`-LNVBKX8$?)$$+2oFo~&|`DLCd_Ew#Cbg-rB(d@y^G&skDF`()!Z{Ng2
z?bJIz1oWsB6RrfFzN#_lrC8Sj8~O`7Wkqz->N5#MQ=d~p&FA%=5}ArA#TQ;s{DMQC
z^M^Eb6pEFg{3Av)OBFB>S-w+da6!>PZ(hwDUv6$u2M~y4Ct%5;kOFaGl30KQ%B{i%
zn_t{5=Hb#&L<m|Z8rnrj^XY|F0^RhTbcCZJwZPEi6BZ96*^f18E%%N9HLtySIYhTn
zom`e}?FM1v7Q%r3COr_*_=tyZueYgWVw+1;nvbOIXBWic8bu_b@zoij*ay!F?5~+x
zUoFvGre>pBdW+trP$u6&A#48auiMUi@X-(9f^@6NqxU+Z$6d8=<lZ#3SaX`8(5eG(
zj0KU1(7EFa;ebmOYz7f|oukB2+OCF(lT30)5{I<In_qwLIjlYcB}=j`G=}bHC3-++
zKBloD#q5IqzBgeAUCxY_NPy3<*j2}0d24c8BN{UoHPz&ukY2|JJ!jgl$iHu$!ElP`
zZ!i56KK~;tMXA1WhPbDMi{00;YCrRAuNb?8di1M^`H>_;PUwegGe515Y_Z7o0S9AG
zCc`n7ffJoxknnEupV-Ipy%-#PWPgWH9?~Q=;I84P+BHH=wF<U*xk(%p?<7un7wrP@
zWmX6r-9<gP_qKK1hFMn2?a&uAR%<iM7~QPq&%HSc{<|^o?Dp+W>3E=CL#lK7R%c=`
zkFENNVIhZoU)Qyq*CWlB(@}KgLxoH3?KwHF4&zu9tl8i;zxBXjKnxV}7b~LnI=l=u
zh|8&TR*u&%&Pgf^=nV!c=~9oNhUks91vYDnWuS=TJ{>Q#HrIV*B8_0V>?~}Xc^+%s
z#`gkNCnivy9P9xNTBkICl)<VEE#00WVIrNp$^*vPC?k{ZQegEBsa3w++NiUzvr8Y}
zRZv!EBEScZYio_Xew0jkOfeI=1q!sXC{rLRIHokpi-8bA2vYz!)K7w~TbUa_oHpWW
zM-GEc8EWkHo?gKI1;*ZQJJ0}l5*nXL_yFEZ+cFN5cIg^Mw8~pmErhYjXtH1(=s7u4
zpjBgfGS}Qxz9S9%tWc7YLNXm>T;=2`v~x20Iy5Xu{wKL@tGu$tqML2VdCWwwbjIM2
zW@-L<hC$ONVkWvJt&)y@ay!bkH=N5BuV4?>Fw%F&YJWf4(!4kgSXUc08Lx<<OraOE
zki`J>WHX~b<fgvH`aNdtxYpXahQ30}y=K|LBVWbynd5uK$c5C>+cwavsVdx=ytwKG
zwx-sj7ZVv|lig!+LVa02pL1qo!875}*`gZGH=Q(;E<eYXIa^gSf|nL1-$m?AGm<Y#
z3VeSjWww&kaW_%mw5;H%4odYj3hPG>G_zh{bRdClnKmfEAep&gKG?Ia$t7zio-X$h
z-qchBpBs2Sa1&nHw!Kd3?5p@sM0c`z*@bwpqMn_@ydzyEZJ|LnzGk=>uo!#v!CcYY
z$jJJjMMdOd3M|J1@Rie*mlpNxvD!FnhJ96>!_UCE*k$c|{pmV6_Neyy@C!dS7t01b
zGe(JqKbz|A3HoUFyH#U9-0|`dmbhvM2$Ke8IDt>gr8@**m#H{gi{mdPd@qsi%gX;m
z$E84rTuF~(4^RYdB?n$H5_gH87&u7*Oy5t@7)cvNR5RT1`JBB7VEoI!8G8?~{`xCI
zkHz%-;q0EP@P$~OP7wNOd5H;fz;Dao?xU8&^}%4Qr;I>>>I603Zy`ee;Crcy`?R&R
zB_`4dhn>;^Us&N>IZpCk?uvkvLF`19-~^-L0vCdhl`VsuU7u?=aM!i03Yl4G$X{sO
zyZ1>fBt1|V%K4h`qxrl?h*r(=68%l7|6;#g$_Y+<^$H-2g{(z)X=7LFC5};El;vcG
zh`zvIF0`ZgR-3S_ynl4!z6|K<V>LP?yI@UwZ4<YZWBmvfp(Ti*KL4O)uL!%Y_w>b%
zp*11jB7o)QBNIzV{rrKnZq+-JG8n-uBlqZ+Msv~GkJWq4897U_c$7k_nZsy|(K4w5
zBpj5tP6nyZC6WP5_qi7w#jWPptAtd!;WMiE^=EUEg66)I5Ud>|@fVMG|NISr+<SZT
z--6}A!|ic<Br6b&n&6_VZF|i4Q?)&LyXCKzv`MIqeEQHrzSqX*Z{Yzuryu&HK%Att
z<`W-6<i=kG+@Lb$AEl3llh>p+wCa`~--RmFFsdk&Xd+Q;hpw0$px%49V3}XKWYd(>
z3*(%ys)~9xqM%U+SjSX%;mz?OWr|s9C)x(g55NLpf0MxX`c4yFDoaJ_iRvXz-|k;%
z7YB_A`P}ikn$km;&7f!~4*=E`YK84Wtv%#I%j*ubt+mvB<N6WS8sOQ$!$5{nKKO>Q
zCVCu3D!1r*JME#oSjPt*?Mg`HqR<XnEVs-o@;oBvi9%``CWSY}#_V+$G|4}Zs=bR|
z=)1l!=)vS|Ksn~#Nw`p{p>Nu4rv&l`^ie=DmIT`Fh2X_<%Bz>qx5bEgT8aAHWQ4Vk
zG%{y?U?Lh_)Dg^HBe*n!V$?gt`a&4V@D@zx)K5osMt1evJ99BcLIb?YgQjP1Y#{f>
z1&(~#+i!=H#(|%=8AJh|+#9P_uiOKt#9i}oG7V_D^}P#5$Gu#bdjc@Q*Q_(2%q45d
z0`nV=P@vwILQmnMBV=5n06x-3Xt|_DI>*W#xm@@tY)%OvAqqSlA-wDsu}5K(bbU#J
zEkT%O-r(EZ(iBGqt0n+@5(eZZiYM@9vU}@t=fbp|leX1{2_FlZ19eCv-xm*u?(-N=
zl8&2x&rIjsT#y<c0-~9@`7W=&wm6(05)gl`99LjBNQnW!%2?D~9gj#^xU)8E;YIJQ
zIzV#pd~jV;-2F$?zyN3eP9%G+0P;qeWIh+_UEO17bCcg|qDT)bBslYvp_6bMG%xE*
zy6`FXXbG9bUvd462&%b7)oTLVsIMfl#u6J=>c=FVNbzc)eU_w9VQ5y{f=w?WL#z>)
zf+psyM7(ML91QmLBxOt%+SB6xS~5LG6RUz9K#9>cZa6qZ^ku&&c7CQ5hYlR%K0)#T
zV#w^|<I?q|f`FSLZrUpkI<M__h-==#GcD<Y9SNc_*K6bS3Ja(LPRsQJs+##9gW^xx
zEGCziI?NR)D(PLnby`}M(U1OgXxSMqsPVLfesF!t$k2ZJd;7}31ix;GV@u@v{tifr
zF3Q0MFkT+_@iR+Gz-TNNV{#&hd{;lN(~^b#rSIXv_+sbw=L8EUNQs{RfGvA<B(X?G
ze>5OYz`{aN#}Nkdb(|r)WZ3wO3b$ghz($MwMcrga!9K6{sWWSk1zWaaHQffk)7G%2
z?{4~YxGPgk=1(s`L7N00WXV?-a=ZO*tF9hvNQ@}&bl_gzPhRwDQrA)a<9)n~<NHFQ
zSOp0^4Pyx<;GUezx^vw|wCE)8<4`iA`XBri{2M;1hJ~=$JJgZj;tL4)juG_rH#Z>e
zfQ4^nj}YNjE-URXb#>czor4EBj)$jDY?7_c-{N?{-RD}``K39<5Z3s3*#iK^ILnLC
z-#;#g!XXJb!Ahc=x~G@mWMbj;708cIS=M8mf{~aa6PZAhfcI20MmgXPtt7t6N>p%i
zkW`SdI232#s&53cRh2-uz$);J$`8HQRuzX?R|7h-j~8o5rARB|BHNVVPjNEt5fd0|
ztpStqVEJ{gMu9<q$1@rwNy^hxUxIHG8W38<Ks#KEf&DZc>?1+>PgR(s@hWzS7kdPx
z$^a*+%G^qBm$ZU{i}&KS+1PClJCA#fOYP;4+h<qB4yI6gphPaKuoU;Hh<DM`l0wH@
zC?W00$Ox0`uFuX?DB&+<_H<gIheI$xZ=~%*ey1QmYU1O7!#nGjnDU<Mz;*{xNdnqZ
zeLexR#Z9`Q*9$!-Zi#6}NTl`(Sxn_nn`@0j_zEQ_%#ZfHIETE{HE2C|jIK!&7Evbk
zLYNCWeX(Hs4%HH6$JWzi;Z?v^ExGOE$rEk76LGF@7y$hqv)5*UUS2vDzYJ^y<0SJl
zL#(Y0?Q1qFP9j^4f$LZV4DKM)2L)7kf`1U_`Uh&yL0___AFMjg)|WAuEQy4k+fRo^
z$_I*KXmgeCG;P-UR}C)HUYT&#=vl4#Q$`-{wFKpmxb||4??ZE+bUa;5EuDV|<K^KB
zjH#T{`jH3YmBodK<f?oCHroLXd>Q%Qs}|d@iG>J(d+Ihf%YHt)fh|-OJ;csUQFC_B
zc7R${Q5wt+0>9+1zGu~%*3IW%=kdPr;jZ9(;@p^fspHeRE<;QEm$y-=;L#QN`d9ek
z{i^Rl1)evOVx^HWNu)zuA_K?$z1*^6$m|dce6vLQX<-M;kgEX891XDBkipDs9nt}<
zsrTun^Ka>I!b>X4w1Cz~x}ZE&j=r5u>o5e}4i7}%(bNLWcd1@J@T-Yu3$`U@tQTox
z0ne@c??7t|tpWi-Hj5QhIs06Bo+q)Nw{Nv@vU&dVSVHlB!`JTsXHlzK#fO^~cW->P
zYP<unw(2~ka}#g+rA5>+gsZ4XiYVq^37Dpkncz|94~+V5qlBwzdZzuSu4}$l%@XN8
z4v(5Afy%Yhzs9Uh8Lin9&Ikc+fd(xk$TC$Etq8QGX9|{JNwH)KzfG@+^IBR)g1mi`
zkRW9w0{Sk~e}3_1XeH3<gXAMEeOwAWbTZ{9FK4jB+d)KUCs-vQfekoG62Ft~=|D$)
z-TM{*Sybew7DHZfEUN|E9CrN1_U{l3ih`t?aOMI=A&Kj1{_{h<ElmY;&>6}ykx0pu
zmFDwqo%S!IEpnZO>2nIoRuxGn>oH1XcU)K4!2%Qk=<<OP9RLQqm4EuF)#EXp?jgW$
z0Xp=)0AGaIBShHof#ZM|`lf2wPiyK`5^TN(R1n3uB7v=EtzlRiF9Ip)fqY;a1<VCp
zq;F+awP&_Kv!Kf;^G;)Ay204!TkXq7sfyhypzY%bz0maxMy1;911_CK+9o!a8x54O
zJkJ2RO|<WCmj)1ox4r(J`p)5qo=*{gjVJ=xGv*+fH5Rp!4T)1eh>Iow-WfC7Za$i&
zyTiEBw;=gjo?TZ4Jr;o7ano8bJ?vB59=REQ7e&Z;vHnOt9_#4lCd@yP+I`4k81}m!
zXLdmW0YOOM0Xu**;TUIhk*<QC&5&=+4CZkl`qLcZ`;9iaU`qtPDqPrt)U3Ujot~(O
z_Dej6)+e2-k+%8q_5s5<o&UOKPQ{_$&#2ijTgq1koFwYewwgbJRbQbZfDKi~s^l0)
zd_K1-;2m{pt@*S*!OU_06mt#8f2-wBBOONbwU@rXSm`J5C1`0+Si<f(%;X%i2N>Pt
zk6o7D$f&U<P1eeY!LC~F?eRhaQaGPQn11NKMa_uNkc65L$a?FZ>J)yL6B%rtIc|U0
z5};Ugz2^otRe=ZdsDZrxL7@VL@)ogJ6sXz;!m6Nl^)!3oZs9v1=}my+&0`eUjFM1u
zgvSatDT^#BXy6+|7QNt|EkL+n)n(KRo>12Xxp<1Ck%PADZ?%<(LATde31f_nZCnn}
zu^zdDBjrP1(p6Y1b6vNK0n%S<uH0+hc;GMD$hOMFrhD*QjV9nQhF$1(2ewPO<iqse
zVClLVixp!-I`QCfkis!RF@PA!eayY6fBsR_ddg|W#se;do^4slF={68Ke@?^bE`lr
z)2PoGNq}Oi>Bu!Ub&xBOcdU=S5V$s{y0_6yDj!b0@$SrWbpHL*PoHkz(|l6s%=Yak
zuWh@a8$bi=eyex0i^^{>7dsXujwLjv7X~ws8;*tS?9vLSbk!$2LNaDr;*>F7j_J(S
z)Fg`u-?@|r9NT{rz5nNz-=X(8ZWTPS(BAy!`um+n@_>M74UC;ui&j;`@yYHFlrDZD
z_u~uVhqSm70>#d|I;io(&b4Gv{xJPv<r;$Nv$2%F10JyZ<N2484@&n}xtJJg*YMg|
z5i%yn9$_6JxGHO(uSH+JT<ZAf6C7{>HLa?~m#cH)F>~=E$-nM$_5JNiX1<ZV+N@!l
zLHP8m=Y;C^;wSHLHqJIVGG~;)6+hHZ8SU>w3?{pceYkh`#trJU4ubeyE7#g&Qr-Of
zcdMnr$u32^7>$vTsOf(3j>ag^<;&t1Ytm7E-b?s{fkPJ<%+<kA@|bt9vF_)p<&o7P
zf)r`YJEN1i`c;Be^9Vr<n*Z!*^O^(;n!jC)m^!p@@olcOl5DAH(|FrnXyHZV8v!s*
zeW{3+hTa87nljx9)*G%LK5YP7r>%WMsn2yr0z+To*LT5sDoTi64vXUgO1CdQu*QF$
zwY0fuX`iOnW5aJ1-L1<%=ErNfH(2=Hs!u@Hx3bdPkJgGWKhW7It#yArJ(hr`R`R7(
zL27e#cn7V}f=WgE(he(RH8C{a8<bQ9R6IGS$p2(GJvht%Wlj-dfQ#o@f2076<YjB3
z(`4<M0q!)SklDFdNKW{ykVssxtaIE<FeU}ny0JO~w%K)+&_Z5iwcX@c_GWME^=sd!
zJ@Mk<oI3US?Iz(A*NxS2;+YQ)>Si~V3Wee?aBSOo;QXIorg#3v;VJW1-26P+eZ-je
z*|V1hE(0oz=Y#GcFI^+}#W8ltsIq;>j~0s?9=4kP^4UnX?#T3%rz@4?wap}2dQP2I
z%9Wg3b*kgkb*a3{$`#vbb*jyfE)XL7D?k5^G{%R0m-p_s{^|}&8MW?ngkY9C_q4k8
zkFtVqBwlp&d8v3r3nDn>K`{t2>sK95l!9W5&N^mlRn=<GP-(#!vo#f;s}Gi_Ng}>r
ziCv$Ll$+LmMQ{tJy6bRCluVDrdv(?9bm_ZWSVa$CQynQsMoD8J$$QvQ8OFE5jvu!*
zmb~G$`YGF~E!h)O(Bn%k+x6y1QNVJNW0rwkNa*%U<?b_FT!PAwdhR2xW!J$Csh)w&
z@OM+nud-*zsuP@h{h56d+PLEg)A+$c898kY<6Gqo%#>N8`(QMfMq>KlCi{D`L&6@u
zNhnz~`<&yJrcQf5U3Y?}MPnSrXT+ddKM4grhsUPVid?n9q@p%`k(@jnQ8yK8ytcGh
zIN<z07<>14ru+DRxOC}2=|qwoI=HF{MaVg)RL+Mv%~>dn95#p9Tpf_gp#ySm$!VD5
zHfNPW=2UEB!;&0l=D0a+?vL+%fA3%2f8GCi%pV?jectcq@%1Sr*~;0Rygc29oXqe$
zSMV$r7?WKjY+dEzOd;+}v+Ah-#^}4`nc7Nza^?88UI9JY)w4`N4nLLi94V#At?`G9
zK6#AU=t;NsRuxK!giboQv7*zU&rif;qt=esP~Q<7XH!Xsi$htAehoSb=AX*!(_E`N
za(6Ro@1Ns<I>q<TuIN+k=}iXzJ0ZZVJQO}K?e!!1j11lljet}y_jFg*g|r?hR{7C4
zk6QOia2}}~T&W84JA_-ZAr*%7#E;}MdLu6(BPuV|POHzqb%cEH!X3(Cz>if%X_loQ
zujJk>)gOB-zV|on<HPmll9ltGk~;Y?ZFYDJjBx^nsj!<`Ui0iW+5P)&f@vm(NtHi}
zSTu~LNP_oSC3{ULRPG5DkgxFv`v<n|mmi?3#@N~v%jR5(C3EH*z%GVO6h0g0EX914
z{SxOjkFQ)WzVpFRd2jJ9(a=m-Za+#g+$|M0o$P0a?^VXhdVR2Uo0Y)H8F+%%sKK_F
zq6Rn=&6Lc`D8W1}{yfFy*bTnQ_hM81z&*@6IB2%iczc}xR5o|t-B7L{4bF&d>`|9(
zPnA1_5aAz}5V()O51AYO;Y`7+RqHoLZykvr7(AqEV47m%9Q*lhKTF8vllAWJ)jgwg
z1Htyo#7;%=Yggz2jg=qmWR$ZRev}jlXa1=55u{&&3N#o>F0Ht<OCmI!lbLvwg_uzH
z?%GcSO9YEY{hRvz*H<r>>-M`F3u5(X#%Zz4r{{R0du=C{dng9}BlUw*ecz3IhU#$%
zad%h4?yyFW(ki}}oywn#qLrOtkmY*AuG9qRNFho;Z!SJD-t@EE-XOASJY%zwW{D!O
z-s<tB!n1CgsZl5XnvTmib|qKy{rS<6Tkrnkbyz{F<D}rS&gcgQo9sH3`yNZ6f~IX0
z4%gH;I2uXhPPo5+Dx`U(|AhR0T2T8}A@S~9*GZg)prRzIC_OvWY7Y93L)d$r<K}*o
z2E8(t3}W}yhV@B4#`kkPkY9X8Kf5_6MV43=mRoeGZ%k3RDq`iOcMze>-!~IjLJ;vO
z@71yB5NlZ-+)2&#-*a!zxZq%oRgY=PoQhUo$P-4SaBuin%pJynn!Vw_G187TPbHot
z`k){vcA$bS)xifUB;0xDizaHd<Z=TtxWi2IDm%#Z3){Z^F#pXL7c0LJ8tg7;FLwb}
zeCe25=4Ty&l49u8#wL-u*e=_Y`p#EX;_m67@KiaM(`?M4jYA8vA8UNUb*r`7zibX%
z>)6WJFrne=R6@L?&Xm`$%9;$dL=SlP1{s%e=fj5Z!G`GKXYX^-7I??%hS=Q6E+I$*
z{1ayTzDx8bB%eF>$YToMIQAemLDJc6q<%xtyyV&N%1pjWuuXi3p_&c~l{WMJTyI;F
zpc>eFICw;W0=g&q+emY~UDQ75eQa)f=p5Lgua_=|X)YqKLhwjQmC`T5R}z)kLl^qV
zrSjLnME`r!jeSlloM*(rz!sAR)~KGw^&4OZZ~$va)`OV(Rp?56S8=fy4BB6v)-xeX
zok+**QT#tQ$j<p-u>Z&|lP6~x|L?W(Ki}rbE_^p4!5uO^SYEY6i?21ixy#VLcfY|V
z)}&-v4PlKI`;eg|dm?5dj(WO1@^)bwJrW(>o?YpBF`%w{k5EU=Do0s~%fVl<8GF$8
z^H@0_k*zqO7~Hm!OtDo-5$VB;wn%TH(^wllwL&pf!Z&H2Nx!39ZN5)EWAmtc$lct}
zf?#LRTm#=*kZ5-{V|#O)|KL;{^UdpV!2>#5w_;!{NnEc^n4s)Eo!s!obkQfq6Sv}Q
z$NBliRKhKqVayC4oz3)?WGheto&uf8!AM=Wcrhzc|KUmSep_(ea!-h08^(92)WJ)|
zzZOC3GjO=aGc;U`Yn<)%`SeIp{CY?91IJwMR|Q3AcZQxul}il1jcuu;-G|gK8}bCB
zN?HJiuowUJxd75NSDf1Hs9!Rh;b&okE^e3?pnVmcSQB{a%RT<@8!FTK4#9E3p;x~(
zZUO;@f<IlEUPFZ>tg=LLDJ7kzbf2^!WRfP!NUWYmmU8TUZEkCyiGTTaHxfMQT=~Aw
zrYwqh)eoKyT;Ho+jc`+Rb~G=Eg03@ZXc)Me0D`G2tc);d7w9(=g8h)r(NZp`x=t)h
z>?&>)j)SQQLF7vi?=TK<<|{^nua72ey!sEIDP6%8JhE$;mvj~J^nbzU4v4rU96p`^
z@}oBosx(cV*l)SI4_974nbBD5azq7J(yI-b0Uusp^CZ;CyfO!`+w8X3omCJEih(uA
z`*McIC2cJ_9&nK{c*qNQO#E<pIC+(1r|cq9c_HUP$tkg3mDgMc@QgzfrcYSd?ZZvC
zzIR0<S|ic>u>rQCPRZlQ3;O6Uag{a_CMlXC2a6UcTuLUnF~Z%C))pNe+Bsk)u00&R
z78LjYV7UmdC<<+Y=vN}YQRZ*&(@evPv8VI8$FVo2gS{^eJebPPSGjiM)_|7=DwVW~
zcBMx#C<;j@#!w%RRlKmfwA}ghQcXspz6e9uqQ0sLA!r`c7|>KU@UQu3{h9L2*eOW4
z%VJF9tW@SyZuyF1Vf4boZ6B4GniKMuSNMV}+u{IVhjl(@293>B?Oo8zNOL;YcsG4s
z&^Rr{f!=I6^(+CwOu3KI1`6Li%+uL@C%F3zpkD<zeNLBkTDG0eD1bT5Tfy6$npkq#
z$H@=hWPs*lzS%?5GREQPj!FlmR(!viPGc`)G=KGyw3zHak<|M`_|V&9No4e@&VpNv
zb2Rdc@LH0xO+rOj`IeMifoHzo8)`(uizZGFP~8IJ8VjNMAj5!R`+4rkseW^AG~H=(
zXs~JnVn}Ib+x>0>pHVy-;x6&mR4{j@f}L~*@QwbUAotH7xpucu;7ql5Y$=Sf2F$`u
z^g=t50i5luA|w|!CmQ<gEO_viLSWb+dZyx~%ReqbhLu{2AM|~vTVC5vn=rKq{+6kw
z$Y)_qGkqCqqsYOf<*Mj~PkI`oMkP}Q(9MyslG4@uuknr}+pgvT0kI?M=#M?>MAxtA
zC*~j91y+B#=pF@!he%{=OborbbcPt8EgIyEqX^iLwq1~<Xv2Z=q+UF!<g=N`0agE^
z1#0w06TaBPf)Ics)eFBppx&0CfUET6?mNuDFE`M=5#W0G@YO{$v5jpw)zO`2JjdQ8
z=k|Ex+Nv6Jv!+3hi~%o5TPjY1qqA9!))U|r(-n(B_~$3d*{F<`Bi3i}K*vFuTm`Ny
zp75(b6k(EO@5YqxJtVxJJHL5K7W8azV>RFt+CY5{xSLJWPgNO1rZzApQ$94QD0`@c
z#?7pxAyZY6!Q@XmLiW(Q?s^}+rqc@=HrYX+wg!72n3kElmo%`jP@=eOD1IW6P1os9
zz08(kZ~S^r#n+kd4NqP1JLXrX6`gax+9z&qrGFd|yYT3>F|jmIhx7AyP`g)zPUqTs
zZ}i%@_(<OBo;NK#Wj1WAN5ePz!+?cfKpMGeq+x2P>^N#zX#Jaxog;&sX{u|K_I<L-
zDf8;NmAu(lc}8EAy21|9u(7;O(s|=czTCQbCbroX1<7rgmm;3~V?aKd1BI=h=Hu6^
z)BYT$WWL=obCQ<E9cMYI$&tI8gAE4-#bi8f>@wvXZM^m4Qr}XaLKDy`?U+O*|9hw|
zQ5fc9&}~1CZ6{R$tnN^C{q)6K70OOO(8?k2Igql`q+g+Q<m-N0JbHchEAy+|aVfIp
zb-RZ(caf^c-OFcPnB_0RDN+<Py!6~n;ab$?$t3~!bVlAYbrek#^dy`p$4_3~h$>9`
zsnBFIgL}P2Y1y)ySKFLBT`mz(dL`IegIeyobH$s;zD;*LEo<=l1?G7|H=(u`kD1+A
zoj>#a?LLj4d@bvycsa-keC~x}Zs^DR-0dW-6$?Wvy{`g@QYVLL{$19}y!BpC!}PCT
zZ}vels5&_P5#WLrSNiv^sPjq9wf7iLij#O{yM%0<%nz58naQ350L?ouKd{c_;7E)C
z{7}AJF`uQ9Pi#iiUaP^|=x-uIa%k{3vlL8u?b&82jKNuD6_2~|-8s(Qkt#4TUuY>S
z@zH+(9Rg~(FW&O`Li|oYxKUuI2GkKA*%g&!Hq0+Fu@3^Xw}`IZL(eAMHGU^c_2`zp
zMX;Ya*RkH_Rr`}LdNiNh*b$M`R6q`H7uqEFr~8FWJwZL#ww?~0t|;oxnt|(p4O?%&
z)+-3n?x$Zmx_oU1n>E}wh;Lf)NJ)89Fwe?Y>g`x;Ce){1`5R@t1GvfK&PBC9=<AUi
zZi2g;I-Ky0!+Q@WQUPMubj?coXQff*&{3l=+m9;Hd-AUIe7K#jGDbdD-uab$(l;b(
zxrk2|)S2V}H6f|W*L@fqjgn;(zsPaCAcDL0mYu3oPDIn8IYBp}wZ24n2ug=lpY{1D
za2W4Eb4pU1lgpX13%R#O!;~ifiMqTn<U?|SDd;HB2~OF1vI3#!BQJiTjc*ibZQP4t
zEp%44bXMgX3pQCK6D<~4n3Ctr6uT`~1tE>gL_hKHKHUHsCNmA2=WGKD%0|31Bkdy{
zv)Wx`lhCVEj+fOin5&z@yBsM%BbyM89qOSS#tr1S`hv?&_TE|u!{ex@!XF|5EL;$B
z1w39iC0l0ryt_w)@=94p>#$RlB^KbzK9~(L^YE#>BtO}S^<t0IQts`$9VI+vZ*r-X
zIO;VmB=fT)XV`l1t_aB|r>sWE?gUL#+YwLhHj;Dm>Df<HKpmaSa3Dy6^BS>;FT&a(
z5(0-5TqW^ZaE@vmfsQ>?(6ku4jd;w+@{lW^iX8C^P5h!!BjuA-HzfQ%R7~AlP&AgQ
zdV!}9TKen}cf$xe+E}0;R&NfgQ|T>n#IT_H<FCyzW!8mHwHV{P_pHr&TnwIp-7fjB
zWS4s;{wsSF5fI<!x~)!|>=mRv+}9QeA-LAF{i0R0E!_RcZ)ijXJ9PpEuBHMbVnA3v
zJd-LT-*xh?<ln>=58ci8AC0}}$^PqLxycuqUV!%|3|skrKSoFkiM+b@vCTWE#UA=1
zuW`5$?~duf;bK9>BQU!TzhzN|SBuLu!58cw8NpD;=kIc>uknT}C*rp9(<Z51VmhS@
z#~4bBTOs^TK3$h_XY_|@m2FfkhCS`Inp(E(fs{|#c2ekt;4iBn1D#?Wl@(l5vu0y~
zKYu{erU5fEaLZW`%q_R;jk4bCY}4DDz|7=L*rs8RBG%luAHK@+Uk2UA-8))3i_sg!
zSe-f_dJRyb2<646eJ@0|iDjC~UG2Z06?q5W?V5}N?}C{E5Y?*un9ck40~hYnI#YQ1
zCh>#K)Ny=^;-ZMv<1SNh$ITZVs^CW7QO(w3s*gU+dci^D#$!!|f6}A%bJcz=P&-58
z_eYRiqm!Qn)~E6&db^p^dE!EEF=rWv_89wr;v-CbDz^58d~6eUvOVbljo9Au;amyM
zRH-Y7xM;xe(Ofpkcc#gBNFi%hv4{&?ZCa}QAzDDgS1Bv&L09NE=g;%OR3yP9Q~TWA
zsqD>`JDIGOaw)1m-t?+oSO(z{6$rY7r<ld4!w&Ptr9A16VbRgNx=HvnP<<>!Y2rK#
z>+Iq!qDyLDp!JubKM&3K9z@~M5y*8foEAGg-!$9GH?VPr$9bB|9FWT+x0FGqsB;dc
zcC1i`3&gX3T|DMH7Z2-gb^BlQaeg=W$ti73-~M?xq8Kv+q_OaF4o>$P=6<pA3mEcm
z-VB5*=!)<?kih&ZNVTcdLsXJWcKsZ@%Fk|~e+@vaO=g1OpX2H6j$V(qqaXsi+WIpb
z+Q&ccslF^M@I`o8Kk{fvr!R^|AiKJ6qt;b|@9K79B4@TFVIlFRnUlPc=ltm9`=i4Z
zqBgfF=vfz^+@_(3NCYc;2K=u&d+>|xS!-ht=fL?E`u6J0-NxW^HYt~y_J@gKVn2W!
zFn2#l<LOr)xHTu7w*1+sRptu5BVvV;y>TmIw6Q|;iP^*&?Rg4(@$1(D{CjzQ&WDD=
z80I5Eo+!`a!8%~(&Bb4kZDbA0mfP&bUM^gv!+Zw)o}XrEwRyF8$d&kY_Mv4SI%>8%
zhLzajcHal{OuzOmW<(*16HceEUCE=bGk7giIbviy6boZy`1l^rEn3`KPH_?Zc~~d(
za6~cno+k7ogRM(CePQ&(op2H@8fgLb$(fNH2IB}s`EKX}l|5SmCRdTXH)mzHDSTik
z1gDslEZz9X2Q!F?s7>SnbaJhNk4RkReA_2kTEQq!8u^7s<0L{YQe#?q`2GPaxgO%x
zZpg#U@VNOhLqp4{&T5RjYD91c6<@4%VP#G&EFj%(_Z6}Q>El=9&-k$8W%prCr!}wx
zf~K2w`vQjtyMP)7J8*Z*zD;)7$b~dp3cwBFtfm-v=eNr3f~UBoN?sj%1^_;TzYHhX
zOR_2KAs^)e&zI9d3!iX0*Kgl7Y&Gb8xq9Z0QM(ZdAY&8Oc<bDsx0{>zF$;^?`gu!8
z1G(}^OuBP~7k1>T^4&;u$_unF*baUX4^W@-+V^RzzT62;jNjSGauqk9Y;F^BrY{E@
z&_J`=btQ+~CGepbx-u4bL8TEqRkT3QPZP<+5bF{zS?jrUoCE8FCkHUg&6~q5h|0;q
zeB&HSs$9xcbg3G2y*KUhCBnSnJToat8$`4%m#;yxZ#$hdQdm&+FRdtTUyT0WEC2)h
z{CZ4xPvA>WCGRKEeJA?LAAhD)`=kw-o_lXQnY<f(MPD~vTDO!!FREJZq0PmJI>j~<
z1e`(BZ#x$UJu$mPD}Q+q)<IiMZn}duUomL3^j*uOA}wC+c7+djwJ5`WQ#P2%rdiuv
z9Z1^TMmmq<gaL%_wn-XLdG>6{e|WHsc7G#1m#DabdU4X>S4;?=JQy)`kP(4w2B=I<
zOlv%{XMH>uRBB}Tr8pa!-Kxb9U^Xs40`E4B$!{)iiZp_*`VtVdr<nqced(CpWT|>>
zvrJpxyueF~5>(QvCB0Xcs(kulDC}vW$M|3+|7gS;=JHbA1IzS7CoPUm#~tj|92o}W
zqTiaXbr~eN@}Hx%K{6_+N3<{pFei4@9$_|}QR3srHGL-#U)lEbC_kAH*gT>9(t%Pv
zHyq)ma`)CiXj8nhcdrnFf{Zx|(+-_IT}c=XMvxn8U|7>!$vd|y6v<HxV78X&QeaxY
zxgAwd!6xH#J9at17ZTayR9n#}-+U2Sej8P0FZ8D#hX=~(AIrvjY>)n-#kgq*_dTbU
zV4n@PCar~U;=c0e5A>Tyu4zVy^lPtwQ0ZDtimq*P>%SH#=IqAZnAnGTC9-k_LBh#j
z5?b+KemP#v97PBq2~P#p+YO@3!0e5~Pt^&(`teDcibP=-iyIfj^hpu&fp&9X^$-bS
znusGYwHWbmJ$KuNCSqq`0`57c6(9+A+q3rrdn;^cAOCznOVfbhT5Y1W**CnGv7qT#
zmcb!@L2TW>9!WZ5aEUBsC4VNZJ>c+YpJr3vSgb%fKN_=pLju7}zaPEjS$%^9=dBb9
zurg-Vh14$sI@YBceIYaF3Ip^@7^AbSebsUbW0=9hq{Og^t}5E}O>!E9HEP-4a`&L3
z@C|4DHGhm^DsbeP;HXhdWe&o-6lw9a*qk-sY;99~N5{+pGGC@9yw!lw$Bu-1>gtt9
zlq^ks)D0M;tH({{1_l^Oq}Q|Fm$YD^{e@{m?><$^;z+Ipl#Swjk7=V6KONo&YCQnW
z3v<}f<(fOnVb%4l3Lj8Rk4@#(j_R+c`P-?R<vHr!FA(--i5MOsNZ+G%5!>EeIbm0N
znIP{xyk~pIv?;RWcgY8jC^XEX#PXhH=Nz&rGuJtB&v#mrboh$RI>mf{^x6VngZmBW
z4cJUou=o|}Sz)t4+qYve97xTrkq~b#m%>X;B?0R;$b;3r;2lfJ<)j6N8s08P5Pplf
zr}XC$wCkbt4!|y26#ENczuWy#p}DjY&V0r!k6zvOzy&BrT9#mLd^?4y_|9JXbwh4x
z2boP=3b0$BDI}5WVU^r*7-t~{^sB6;ypKJsr1q)SKr%1fQ7Jd*W}=*<Fg`o%j#GFE
zuNgXQKgPeyIS$mV$+KU6LP&x7O0ohlRcz+D0`m8GNemfodCJby@@eScLXqgPAPHYa
zy&LMfyGY&25`?tf==M<mNH1(O-U$T|kA?+4&XG@9bzUwsJqr4nRf(O9LM^Q?%I4+F
z{7gQ4xm%`S`KwnEuJ}<Ku*!6tV$C0cZBp?t-z@r<G>Av6c5*&XLToRGr2CysLvBL(
z-<`wXxBgXr$<J0a14JtDjbb|hdbXyALep=a|Ep=WS>8Jg#<wZ^X=+gheGqv51F|57
z*N|pR6_zV~r7nA#d$_7O%@tb{(jy1Qc!Yg9>frJqY?~Xs*5usyVTZ14V0$p^j`6k=
zgCx5tnNmXn<}PPO9EQySHSAMSsqWvVsgsku%3UloTRw6}iymw}n}{hO*UhN7L|IO?
zdQbU9v?oTm<OhLerL-Hrgv5*3Gs0mxrs?lfiIoyL2<#8}`r5%2Cvm?}K*{uMAHWjY
zSC2yQUCg!*A#O9TR@AiX+j)ygA}Y*zE5uAbsE{?AYKy^NpG<x9hBpl&FaFB?i=5-n
z-PrYjre@nE{O5`D!|5lWxy)6meB#@Ku@9TC`zH9$)`UU|xd2*e9h0CwAIBT$GSgPW
zrKAtoT8}B=hJqz92bVtXiMbCp#Z)4n7Al7nnnkEYSUsGWYDZmV_!dq0^jI-8Isd)Z
z6A^HmZwQ>_d+YnP;6$(#>g|6^va1yts>B7*mwbr$$Bp*oO_pCNgz!|f5zusCLZ)U;
zi1G3kY~{l}dH6`vh%UE>45!z)tv>X+%Ds1x1)w+J|GDgwo{`VR+KOv9kvk%5wX0;S
zOhw#)9inZ6EO1J}=}178M<z&nB*LzklJP^?&7M%E#qOxV`3YE`Ivp^Z6*)O{hcT??
zf%)fc2l_-`^oF&P#^m$>INMr-Q{6-L&y60#D+n;M5oU?p4a!jJBAr+Vaz(C!6SUS1
zVwx7cQ)Z$Ygkm~lh2$z2^%FAZ7l!_Cz2I;Jm&X}$IjJh4@3LyTs=!icC>?ZJ%iNwq
z15#W~#PVnO((P>oyg!6Qk~miY|A~rojPA`6!|xHgHO!47&jD`I#n}e_pb;mSw)Xnn
z5IS8VrfS9MU1umZuiI<KgSdFV*ABZ}+|r1>ElRko67$CS<_=oF)4*!7^U5xd4=)SL
zJhkD{l_}01IlGx1Z96pN1I3rO#3L<%4ST2ilb+kCIdA?tRwIA0qrzQ(8PM&h@V1$2
zE93e1`#b&ThpXO_M8q=*m=B{7K7*mnf1fbB?En^r^|+k$rzW`n+S!FABH&_wG}ne9
zzF~J!S`W*pR^ad6uY<AXM-@%V#8ih}r@@`KCoJ6Z5takw(xB*|k_fY0Nky>yZO&1^
zH5zLb@L%}3^#nXI^y3ccb3o>_3;4GC%guRH=OVq`Z`!5G7aW~1A`i~CpNSiY70bk+
zQahOZ4rz|_@Y+tT%O#>ykq@zVoZ>O{1@D3gjI-?TM)6ugx=vfD0xzOd1Hip6{qsS<
z2w-W@^<WOeddJY=&L>~`l8mX02uUbDMyA3hdLEYbWG~N=5Aa_tF#wqaf0OyjzJHpo
z>)gBdP#1j`E$(bB8CmrCS)>6|u)WWz)DvUdS+6}int@sTK};dPH>?cVoXUoGRa~;x
zhu>!mOWEXEbu5$YWSii*tQM)chGtqox{KF0&!hy_kX}gL#_X>fyQcv|hB^`^yDPh%
z<&o@(1wpkCH=*A>w$B*FT)yx^p+ZQ4XIEz~_l^{4_vw0z{_aJ2%A^CFFM7|hl_5Qj
zC)j^wbHws`GfCzXCb)#3G5vkUA;wg$iRL_Z;`hL!Z9dKLc`F_cjVVuU@W}?#HXNp2
z<)Z%!YJeZ@Kdk7Ha4xB%Dn(Y1SzHL3+sLsjlsb6vMg2WXw1nss?i~5_V_rzislri9
z-|_Ya9UZ^S9R+9kF9j!g*X|oVd;Yp|q;>gpAq55RJ*c&d`6_V#_~jhQkQaOw-Tpu}
zqiI*@=#6tyeS(3wiw)yFZVG*XEP}g4h`TI&huP@N(E(5}wIyKW)$w4PUDji1q>_<6
zX1-|+_uSDFGCsaKXW4xJncED0h|gz_a4KbcYfqoUz0OgWc~fDVB2QyC%oT7j%$5EY
zLSU55NO6l9j&Ac&cP!Ds=DTIl@7RZy<xAc8Yr-H)WAbC6C8-Xpe0{J*<cek7`R-`T
z-$)uXzNCJ--SLcN49*D@O)9g~eVZ8odg_o+gf091BK=d+w(dT!p-vHZYuZ?uTIhDf
z@0S9ZQHcBRFm<Ng+>UeAbL?-$O$9&#SOo4B_cR33nY*po@7*mhl<xEU+F)YvL}xId
z3)|OiQa+wLrFoGqSlNF3W54qD598;iOe1HbTy0#LiV`<^)mimr#RTaWw+$TtUXEPt
zB3$(pXk5s_?v~IvLCf9#MW0z4C+$`B2h4@*(j(;!qK5u6RvaHe91;w10e@dn5;h1N
z!VHc^w3k`skhSi6bUb@zwQ^+K$7fdVT&twk*#dZvygtcCRQ_@eZ_j&tfOCH?X*m-#
zE_8ajr8DPIyrCgZciCQ_Gcr`I2cOFJg7-F6rj@s7b8CG*KjEWK>6X@=AI~kJddCTU
zWq*0iYYBucTTHw3a^g4KZz{5rV1F|78yf-uZK8X&cKwN2+{BN+RVf?TdpPLu5a1)@
zDI0w(V^h1-&Q7XZPu4EErIpWMxuwtU(F#t^Q{;gq-{X{)7KET<nYD->xlFc3-^!`3
z54JrH1cKf5(V|_q+WLq@xScS~+MGW;V(3zDfvKR3r(<dL?uS#`jx%5vYuvfC%H<w0
zI3@c`!`d$?TTZZp5!Wjh(for-NIKu>;n=sn#?5l<?MatV#MO5%M5J%7z4mQb`0Qa#
z3rj<%q8{%R8T=@|bllNWmVDagevN10t#`?9KKnX1@XDXrThk(W>vvf7=nBhZw8d=E
zOa4*zF^8bbfW(>Bd$FtNPQ4-UhqvvP_iRCe@5|2Nb_LukQvWrfEsIiKSqG}}RqM;G
z@CDsZdvbMYXkYE|c9C$f1tA8F2%-c8kiZIc=P8pt#bpnQ7RnP-9@V367D>1MYX({X
zUD|At-*70mtE}{_gbx19IR%3fH<O}mh9cxtXkqkq+SJCfD}bEK9P<MYlMfuf!%V#z
z5FI!jn2;GO8t%SeU)IeTQSILh;IUPC#yYm(^aKgJU${)bR|2oc?p_BJSSxFqQ;R;Q
z&x<I)+&aNyQBaiZ>51RchwEw&#>m5@?(P_e|3`n(1+qzdEytDq&nLiFA5ZXMI<5k;
z^#}?vC+Z6M<-8Dg8q#<@s|FwU@~PvKn{#7vBd)dhz+As-pP1tte1oiSd7`7t^2;h<
zTCjv~Nhv<Zmyq5=LO#NKk0LoHv|4nZ4O(7IUm*_S>gbQLm{uS79CBVk!Fh;Jp`5h}
zwlm6-P2oS#tgLby*Juq!dl830>;H_-{DZ1+s6JSJ$9Bq$Cwr!u?U;hQPS>)3Z~N@{
zg;<j^BkKs~$W11QF?iLZyk(4sbg8-GpXNNNus;u!?3>Uyhz8H3##uox;JPKkR?^!{
ze%4iJVehox-B_^_SF8F0I=wuM`BL=k1*U7TuP>yx!%{{iqG~fFiCpMe%4(em8ZLB2
z;#7X;`z15%8}KT(YUExV)-J-AXxyC3Pur6ELg%T_Y|Ad!SakT$4O%t$ITo|7{P=dk
zhxS7z=0G{GR7w<xDfmYtzHg%jB%~<##>1Kx?ob5<xOO9AF6Vv;<q30bd@GKgrFv{?
zU#h$;htx*kc@Lnr2CS=~J-|g@_LGJq;=aAsV^`<aImg+RUIeJixvQK2&WIv&z`B~*
zygFefSG<~cK0A%}nd{D^1~d9qebuL&fjTD;LQ&Q#F|VK7_qPy7J}SMd7B)Nt`eP9G
z`}^=M)|h}B3h##jK{RTbE6F}n<ttEEscU%ve%=`5NidUn1}rhg6RE<Pm|7qW;O9ud
zLiaTGn*}IbaVCiLF8N+n^LPRg5rwk)^hp_YeL(&psBC?f6~|}RvdQK2G!)oY5$KXj
z)K0}$3h!oJBFC_4T{1EO3hCf6pP?Um8tlO}y$=GrwE#(z<2=$h1Qq%wx<rWa!+u+K
z)ZTzXxHW8!B8NNTCCdN075<68xXfjR(qija*mHD~)55iL#JomKqrCwH$9sImSG9ya
zh7l6ITXbx`OU&JGD44e2n}4X?26Ypv7AR)z8%Ag9Y=KpEz&z_+7G?j5ivwM2NV<GS
zT|R79Tg%V8Ll5o7nE`N3#dCT1;fPBHExzDEvwI)v-9bq&bD@_EKH$qafkjWnMlq0F
z&>7j^Z?jX}B{W26vgK=tR4bXDOe2!*FB1dA+Que_x9Ll47+RrYJ(qqb!&-W_tG_-1
z@{ZMM2$B1^!X_VQG_xf-IH%l+(}12JIpP7h9kQwkUgk|^7O?swQ90UL{&x7V!x)`S
z|DDK6w;5WyMbbB31Lf3FA7<_kzSBYrbDjtK!c8|CiAis3k{IL@8IKkY{(b8|1*8jU
z-@kSHBZGR<IjO~}qi+LS<75=>67E~$vLncx0-asX?Q(g7rP14E{b$Wn1Vt{}w~RIg
zquC*>CMD>`2)YLO@&tek`^`$A-KC<d-%bL1{oUmtb#Wl!2N|d^=*Re%Q4i~9UGf6t
zui|V&#ROhr9h~p&lRW9#p_@Xm;Wv?MbB2u6b*ZKkb0WMG<y?N3&t~x@F<1%&taDz$
zgB0SRU%3gSLfZcVcQpE4j~6#Vt_1XQq``<8(rz(|ZSWq<OS(n?Ktgn4QT8~DV#tiY
zz}=UE&*B)0P7cluxm%x1KAQWV<6{m}97po&MDA;!#TT6@+6dCKCgHU=OR0iU+Do@8
z#+#;c((xXKgD7NF1q*nei<e7B8*Dnug@8}*uVdCH7|5418bE76LdYW$zMv$GajH|C
z<4@jLecpBuMJii<a=fYuKfO=twCnXov|9592c*GjbQ2M`!(P7TEWUMc<ayf*xk_3<
zNV!?@PX<*vz8p2}Gm1*HRHm3^pJkIFJiTlbrDP%zP<sRu=c@_Z4AjWR_<``YjB!h&
z;<NYBOhWEvqeq#B*ml&+kKl5}DqiZMhOjz#mqoA7|IdH&J>tNe|FYvxnd*_(81PI?
z3B#hHvtj<=P=4Bm-}ZDp&z{JT;Yfs~Qr8yqdq~|i0pP23)9;;FhImZQ2igvc1c;1E
zV8Hb;QpD^F+cFTr51TO31~s<k&jJLBOzJ-1!L|SryE}oJf#UpT{WGv?s}6lq(}2MB
z9P|yNDd0h!(m5_=@YKgeJ{P>-YV1|(;pbc+%a>ob-045vSCo=c=l`{_;-zCSM#K{Y
z<k7vz1lIwzcg3^G0-tNM&I#oAWI4>n=s6>2O>E+WzWvgB^yR?y+cxo)%gRR)OSf~2
zD<f%h5y+g8s1Shcs-m`Su0W|ZRt-aE-r7bJ6cxK7*#Jxfq?w#JKr?+Vpkto?OL7V0
zmsHZXfmZ|?n)s0hkQq?#96nl==7On`G4>!J%OHh`F^Tb*mokyV(a|x^-$%La{8(rN
z_^92d0cF3_uNS=mZjmVGa9YSIMe)1$p)zxkDh>Fv!R6kD=yK2Qz>ef7Adf6<kr@dV
z9Y`{Aas;<$B=PD%mY5~_TZmq21B`cmQK?(%a^AwsG~`a!BZ}|yMvn+|2*YdY+v1;E
zz>&cK{{6cG2yv+r`hVs}Z3K!;nSs$$ql(HRBK<1<MHO(nf5OM=jS9LmM5?L@R<a;4
zb%W>%Dl@htsQ5r6IWNx%l$z&i5{bsc&rx74+S-j6QB4c}51$?j&drttXM>i$_Gi=?
zr)f5L`UX>PB0do{?m)lX;*h_@N##s{tu(rfl0hl-UM38JnI|<NzL4oG7htv~>foDi
zl9@-0Qj~Ghk{b9g|C+)NOBeKCwS4C`_F2y_B53Z*b3LelQ(~^gui;4xx*#rf>#M>q
zLFanv2uAwzJr1jydPLs!1iT)5KLChyc>NEJwt18Y1Ysh_)^fR*gDA{*Aw#J;oUu3(
z9M=A{Y3)72;@;;qKH1rqfkRi9FanzwSB{t9?s+C|Xb&Tj5Law<Yf)Td|3#1X^Vsxk
zBs@{h`54~28=t-G*IxkAV9a&1Np`$F|3#uUf42Je`*06}xecslJ)nR6+bItyY*mZz
zt+(?Jg%V3bETO&N?m<`$^tE5LcTB(fy#g-7MYu9Se1ube>97PRr9^;PbnbD?fXM#&
z!OB5DaCQe;<+qae08i_E--ENUAVSMlaK6@RXg=3J?x4o%z-f)Gg{~)CW$&i$ahbo4
z-5@2Uu6P13*3i3sfd2327qCAu+l`GKZ)4l@%fY|oXYnHz7R)W3TDzhC=Pdr^)&k#a
z-%bilcV$Doxf>0@6%H;n6cjWCzr&N)dZRH+zy?9gRsK{sPHGEY>E;J4q=45cFSh2#
z_et3xQV!Ua%d0ls7_dkV`SO&HF?^{vjPwRj7yY959=v7d=MC-=1K`tq&b%bX0;~qa
zC?p;%A?EOe3E_Xf8++sEp%P7qDO%CX^`NFXRG4)N4tl&Yx|yNiWTo2vSg5lK4-LLt
z9^dJK-Lxib(Ot``4v7=9TO)j7sO6$TaFR`3NZ-3-kj4*Pp-7mRPu5FMLD45o3`3C7
zHqSCsna16W>Q;_WnP4Y}c&Wsk7de<6)qwEAtBZn<XKSeX7iMK;S9~-Ab@zKge2-#w
z{mcxkM;a+_i}mZnN#Ka9ToHqLlB};ErOpmg5^_ov`!Q0u4v?1oXeH(H_zQeCs*PJq
zPMK=wn)F>DIr_o!pl4Jh<FSS+%mwpfd~K1RJmI+AdsTj_PR|nabO$lQKH=n8Mu3d~
z0QpS53T&QHlBT#$54V1*K07>>5<(pe$_MCKeou<CI1S5p&#s233{JRwaX%{Q)D>x8
zC7(KaV8+sQPS$CKUDH+x_~KRWCY|JRk@s+)tO;HA5bj(cU7J!5|5n|!r$z_cq80OV
z2S{%qKCuSx7ajy6wNMgFLU8Y&fKK{|0nkr5qOAS+Pr$$5|IE89Z>e*2iLR0vUOT~o
zqP$nftE`n1uX;Y>zbd>1X{_xN8jNN%#bYpvnW_r*|5frT`;1$Us!kx>W8W!|ZC)<0
zqRXq!sNQ7OO@X2Zf?+_D1<Ec>&JHn~19@aX`p8|~0!sd!1Ie8CDq`aeEMF6a2X>{Q
zhsA*PH+a!|BS=nJSkL*^^Ujp@#S0`j&@tI$xQ>({E*Ve@&6`7NOM3LmT-p<5D{sHP
zlkGTMTz0oSXC2;e%744K0$3p{LT<X~>x-OK?76N*OI1*)nY;=*JL~%4Qt0|Z>pa?+
zUr;zyAm&k=tP}e-5%hvm98y`lTEMXAu%Eh}ya=Ss;WJ)e*)xR!?dSlAy1B5Gg!W}M
z;9E%Q37zFGr4%?c?dhc>6YBG>uJ<r}Vt&)3;jE?!7X<a)_?P2V&~L9QtQT&MVMBUp
zr;C2vWx1@wjsL^9>T(p0=34)>M^i2HhD#zghIlMg8WX%VP;H`k^P1y0_Z`rP8_t#M
z(P_cUmDAm*CFQn5YEuC!(0;FJs-~~aLs*M^ub)OHR^R;&4lZ@=`s`_Vpnt9nbd?Oz
zFPJUS&3%mv0Cz~JXjV=Yfn37ov)+2Xmoi(K5yu@8?~E4C89+{bp!?9)7SFI)Rnnxr
zuwJlnXp9mJx}ssDi}<=!F|+U3{|6})0dVkLaMWM+){(XH|6IPz81|Z;8+Hw!$>;p~
z>JB81em6b<<1pfZmn$QdM@oXWctEiFf#o2Zs-zaOjNmJNbhE_vYk{xl;z2NBrtb{p
zS^d-yPzhTXl1fP-4Nm1!!sWVW9eFA$hry;cB#f(6uEa9GFEA?&%v5)!f;b>oGx+I+
zv<s#l_?chX9LjLx>id-+<T^N|CRv#tO9kz{dMB;7aq(sfZ0;mr<-s*<Gq$%P+^t1Q
z-;J+QN*c+(wl~rs6}QT^fS6Y1=l8lU*!B!o2{5Z>66bm-f?#^Yw0XCQ!dT|1?e$Ws
zI_%kCzj;HP{Jz6Igfow=#qU|e@^;A0BR8xkwI<n)bgjd}{&t!6R98^>8+(El{}o&8
z#TqV~R?m4Sy_qYYYY8Bz@}$8uSM~FjU5#!FA-yU|>&POSIakn|UwfOa%2_sHSmclH
zM2%xa*8&&U+kmXXPKu;gO<up3uQhf8k~_M7Ut-DkUhc~HV;!f8p_TDO10jC;&BV(K
zIZ3ZXqWaZ>Nu;mrDV>JgbC@nT=i0W2I5-6&GH7$D*X!axs*Ct!oS&%c{vNMPU`t5F
zT=QmU(}Qw8pZJqTQYjN!%TkfIqIO>c7ugtEfTvBq^o6W)8JRM_wcq)D{qQXxzRAqj
z**I#>t&<G3DBvKkFTXfVbB{Yn?*(lj+`BUb7$fc6+JlmB0w3?4xbVR$;_R@)zCRBc
z|4hKoB6N?pmHv4fNhkcX^4Vu)+A1?L4gpaDQ_@vc=bE<6+SX>beM>{8o&rWRVzqF&
zhq(AiU7*ds8!i0}aFta2?c<k;!*Ww)AHM@{HX3s9@uuCrFf|y|?j1o2Seo^6x?}8D
zT01!Bx{XofKWKCNroxCw_%mf2WkZo&fepBK-$0Vo3t*Kwn!*jg$vukDPoFC!qMZQj
zQj+Zlh^f|sN@?hix9H6R*C#fyKgO$2soctsfa?no$d@;uLQ+u`>Dh4KijZ5B#!J@3
zIWojJ>+!`Yf`x3$Z|7wj5feFc*QoDWci#(Gr#Zc%{U-7_qa|#;%b2~h>SkKXw1G}V
zrH5%YG3mm4d8G1FSlg9vfLVv}s%%<MrA4)l9fVY#_4mmZ)4W$oX6}%f{_WZr1BTOb
zaQDqbP(=<U5TPqa2|4FL%=v+2|8EvR!O6yZ&)zq0=l$e8x4BBphY8*ObR;)MLF87w
zmr1;6sU^&Ug6?wwj4GfNGQE#8UO>*1PS=aWo>AbB{MW3s?7g^oz7hp#@?|ME+J(s<
z>53X+Zl3m|)uX!7CD;;cFL2GVya)_+Y1XN6YBZQZC22j$pZ)5KM9$ao9vA6eKDH<Z
z<~1$6_m~33B|sq}4+Bq0ZZ87@9yk&lti!uL2#Y4J9}>59d%SmVxvf()5~Hp5yY1NK
z@7IGN{Y|Tn1cMtHU&MUwwjZ3FVU<k~JN?_b6s@1T16p0HKtsur`kucK?o(hdj+<uW
z-^G|CSCqi^v*oG9vctwzPT}r}-8mv`kjZ(^B6T|&@j0_wb;R|A?5_829#t;Mz*@Of
z)5fxoLfY4XSFz#dte#Iu>$b%@;mm=E=Vn*;Rbo+Eki~WLvN#dYQ-dx+v)Y<Pt0QJ9
zr1{2k1Ji=70MwBRsc}@gP;UB`F9}G7sDNEU#eB0>f(>>Ga)BEyV&6o=7m`G5ZG^8P
zb)4FldzB9lM>?IU^}`-IQPsfcNrue|H;ROna$gi0vJ&){pbI}A{oCuxF9@)L>(M$M
z-5S$6^q}^Gnd&lk%OI+!y(1@5KpNv+tZaP;KrNoZozvv4xt+0OCQ+}r(qv9iV4Hw&
z?LR`*D<oIw$`RUoi$x}&gu3nPV{ZVhh}5Z9=<`}<JO4*LOi*%5?RWBJNE2v|k$!_S
zqwLpNRuqTmFm`X<>5)FT9%1A}H^P;htu$F|j^H3)fMw3nqyD~uMlUW_ppeT*yPHC1
z3;TXW$i1Sc+JWnQdM@L}R8y|Ia#pqqq+)(g?HkgM&aIow(6knu4VRUh6*DDCi$t1#
z8LUO8i-tZA3r~sHFr1TX?~Bl<fmbP{5<%wElPMA0u895u-*VqYTA<xJs(?Zl=+5vO
zbdU3L09Yk_UQKPZ=_04)>+999&-<ioX&b8|_|W_5NVY>lh_pipr8;Dr7k@x)qtfj!
z^L!AsLx)=0Q?>r0L&67&&JslcliT;SyuQLI(xdq{@$vH7?}KoWt^Q$^uS41tua+%&
z#ODJ;1<xQTsuUxi)5J-o0hzl-i*NWVv49!^?8@qMQ{Hjaw<lGH@Zpx%FFicTF9F6e
z0Q9^$r=;owHcm%{bs%nMl=e;I9}HWo8R6LTbRFtl*@oE3JPQ(#iZMN-KtYEXK%L_b
zDFk6PLqGD;;oID96VlgL$}1yQ8tl3dVxx39ajjJ<7+CUJ0WAL?e>is`r>Fuu^1i@!
zXy%Fs&IUC-Cg2A&&LS|rF+1fFmcWBU&>Om0GRDNYSn*-mK9VaP(EAz+LV&nY>e#>U
zY_pa{YdQOwz(qV?-ycl`ci-W>2pD<Kw*T*0D-5B$5E~_~-6%a-Nv>0lMx`G*bs8oV
zQFowTp=^_Wh??Zi9~9Skin{UU(*LxemRHLvwJaN~WBd=RUt}j;9aiRX4roDYnlyho
zCH%n2m4gP%vTS^TJ^v$<$~njb8xAqw+7jg!9820avsRb{oX(4gwXt0?s)WJaBbzn}
zPCC!x!-_VtF$;U4`&<Y}@SJTjoZMwG49*89RM@fZ>6QLkE#8jE-g6;03o1An2Tjs?
z#c_Jmp;j&br=E2y5b!!@kWp_X{<@R)@L@iG$3rVA@?@`~M_;=01WJo80y&%<B=(2j
z?yMqPC;3fLzagcbj!K|H?Sd208K<#){kPVvGF7^pGG6AcUI-S$3D1ve(QPbE6ru>H
zXQ&wtx<nkKv&mvem0k-@5sXpvANo;2QBQh#YB&Gsn<GxY8m}Tbp{0*(B)Ln(Q-0B2
zm0Fvnke?2(PXh*0tWbi)e9$O5Qp(~=5#B3&p!0Ny`98_FGhi)iTy9(2lE?(PA?%t(
zN^Us2q_P)d$f(LsAP4~&q%JILX4H4<!|N*OdX*l{D{YPM4CX{J##k5AM`kV;7v801
zseL=3bz%JN2ckOZnVsBcRzq)-V;1PmrJ~=*tgO6f4FxIG>F+W<=-=u}TxlSDq^Gfx
zT+n(C(}kdYvC7me9srF<HoZcH3kWLtcfI9nU}vo9yBspb%YVpydZbDZmludF8x{{V
ztS@jAIqe!|UT1ga$7+2kzER2N$y`>*7H(psv94|J!KWEmk~}H%HOk{{#8@ymE?}r?
z#&#Js`JP2f(9cr|DHu-(c%DMxhU=%49KX6!HM3JX{rz(7QM>?Z6z<o7-HFVn6y4c;
zav&cFO#FBf<9&SW18jOY2dE0m*I#U(am*}YR!jal0)srj!3c<Mf1{=Mry3$GxW#4R
z<g7^n6tC%gnnc)>Qe>6_;S{aFB?{QT;0`3aO`^B*Y5RZh>^Hv`nh(q$I&$w8iN}bE
zBm_jb7%TAaK6OeLq9pqQeaBwF`x<^eoNX=AKiMt23@Q>4ZOB&2=xsX`Q_z|CVqpKp
zrv;$@u=)xcJ|>49Tyh|_#*{ZhA)Wqx(j3fV-w6Vs<47PwgG)?E&Yb$tgtwU8^#^ry
zUqb@raNh~Faq`ZSV^yV&MI}%SwJ<<UIQBH4nF!vg6XK5mqm@S)FDBoesPSy)SEb!A
zq^h(7)g{*>Ur25cSC>y|wrRo|b{EK~l35P|HlpVrg+`0}qE7a6P7*b|*ndY)EX|`$
z!BGRvtN){a{!sXxzr31QjGHRKyp@S8N|_-^JU8vlSp;^gbT8@k>S8|C`)lOj8|%Z0
zW-ICN->y*(Kmp?TRj{8ap%RctRea!sW*TxDXQtX##Jp4<yhD6!XeI`=&q!L`!~C21
z6umkB^regn0-io&B%>RL>BAgCHl|$KNnD-Le-9`u0lj;4r<hB1?yUl)fw`Lfhwq*I
z%X+$T7WjAmtM~FR$>XEB?G5+W7jjE$up?)C<j$;qHc}w;Xltm6^soGa4lM<XYhL%I
zBhy?Inj6{eNMG6CBEq#zYgWpwjC!Lvz%}p3X2d1l2Wqn}YvyPEYr6@sj$rXV9s1rw
zovQq|j%(Rm^<6Wy1Rj1Z8z2`i#{PZ0+f;!8T=5qCrHK;f@Qb@S$&ac2iKoCnHE)A8
zpg`k}$IE~$7<?iTX_M6Kuvn|5_mHxE3IPuO0tf0|Jh<K(Qip}O<dG`&9=>$D1oWX@
zDh=vKe$sSD4<eL(ZqL4y@G>jscA#erogJ{y!z%3*m-xRAoKl>=N3)f?uOGDU*yDg`
z$kuRSt}TRUJ5Le?A25@12M2Y-iZ&dR7<uqst$FZ11|BwBJmjKb6_bBTJRYMsSs#r`
zr6X7-fjnPk`isR?iZVc!Jq~NzAGM3o;QttRu!pdF&npPme6I^+G(O+O&n0Fz(3<Wh
zrp08Ib~#2PBX7<PUh?SGVbz{VyUp)p3-$(A0^1>v9e=VtE=97fyZ)fhjK1okwalE%
zJZ_h6*ZUH92LP>rx@u4HA%$Qud)qflH-8wXkP8C`T#z^rmSy}=fAnYjN>~y|JW(9d
z=a#Zy5bzxKXI%HAx$#aioDp74_;VPN-FBB#2igP}B-vk1&Uz^+D*hL1j=#3KYN{~$
zuc<r^@JCG)e*d^%#9ahjibj<>Q}Fuzdp(NLV}U6^%sXC`&m;|P+eYDZR0EljMwLL*
zgm-1>Bu9I>?==Z`YZ(2;8#zty@lkb%aD6%bwEs!XAKPW}Rjv2|WXJkiQJSYeynS5X
z*5<eEh%x20jB)2&>_eFXw{)V#N%+!-WM{a8FQ^u|=8kg?UG%ozbfA16>vSqt^wUT0
z5euC;R;lba(jtXjUTBD782dg>(U@Nw_e-RPyM{o&NTLRrd*AsP1Dg$8lGWO^_OSDc
zOR9=MdO!_g;lvAp$HiyI0;4mtEK*!q(ED}KTX~&5ew9P(`*sP0lsib2W|YkL3Tzki
z-|L$aig73$5vf}44Q!k!(Q^TcMgL#|-p+XzB~yOLd@F%tPSjf$yrHfgSmZCYafk96
zAAJ6N&$JG7k{W$u!1kYeL`2tBoXD(jDG*1vPOe+rU<ByGbQp<Y>F1J4%WB^iN!@8&
zwN0@LT3+rQVZo@PV6HV{qPk~^;xg3BW3(IjQBo0Sz!Z2dj6qRap(@9~f5k7lvS4%+
zdx+X1wnAtnOK#B0Lkcy;70=TLCg1*l_NZ6^aR02bgXo`^_}1@#g#9gG`D3be1QRGw
zp2*oS4$+vFj#f~14k8k}OL&E;*)uA_*g6I_8P}j`FMUhlB<W_@&v!*yE6I>r8L<=U
zu>zCXKpgVY@Zf;O4LvX<(n+dPp(Rw%s@V4_NYFVd=$8wboa=Y{c7mPS)Wcoi2}gWa
z<xusnK(UM$<JDT&<;RCh%D^Qa2#zx+x%HVy41Ccr;2XAAy9B=jrPhwmg9`_|tscHL
zh>`S==nZTsyNcUI=5)cbg74t%(8cH@<y4On>JMOL)2jYIuua$qEJ6itqWd_-W}9n?
z16=iPcC#lU609h3^(_4v-#<0t%eEHav2RJ*0w-)NWl4VJ-AcH)1Xu!0Ym&xTs!wD@
z!6f1U-HtPAeQ$GKd~V2qgCnN};L}{;Eh_i1n3I^~2EEn<ehWGZaCYqSJv$grTdVyi
zI`uSu{^y3OOiar;GvCtkS=}}7zZ9C10T*@w^VzX<eKxnfKb7-YFvP!Y<-u!k3Zqx|
zi~{hxD0$Q;yhd%)rS8n7z75eQNki}gJZBB=ihriYg{%s83v4t=+txkJRWgWId1GV>
zd>bO-I$p-JBWQEG-#sf*6_TsmWGN(-D7rUJy}<;q=hEqJ_jE>K%MpKG;y3==B|Y_*
zN-2FL?mv+6a3mz2LhZs)6CV9*d_pt>!vyHw9bh|?A(UCaQfvz*<O;kkbvnw%Bz{q{
z;Rn(ZGI(Guz|7%c8zFuxo2Ky>{UQEq3sKhhKKBCdRrRoKxd1}9_3lA_RUk=yx(H*{
z(u{+8Im@d5>#2hhU_>!-Aitny1WW;J=~&s=m#EQ0Uw8B=#<*}d44Ean=+!{ZsDj5`
zvOY2V0~fwBeXId_r+B&eU0**290MPCslx_(oR}tC{EV==)tb5cquAy!f!o<IwzswP
z53iz(pAtaq?3>IdKI$PTqojP`lu9!`A9KEr*X-Rhg(WrzniJ*icY0?xv%_Y7zpiT9
z1<?n~aIyXaMO0QU>ip5WTT6Wav#am3F)c@<Rp^+2b>8NT=+Xw4RSf{d-&(Y9`YCjq
zk*m`oNg!V=pkT&HO~R%22VY)I52r4{nU3PYw$I@@`Xc5)7-^5)*X8Pjcf=yx#+P{X
z6C9Fs7^w~ivH8%tZ69v$#0M5d^6BAu?9sf=B&=tg#182FtvNLt7&}x=^dH?)WMvI3
zhl670dpB9RUXS-qW>SZiv$6zW_&*-;kLK1p$NO?^HRZ44U3zy@6cDEL4VkRB8}b`c
zq<HrVq*HZeJfk?y39#uSiy(MD?H*8N-PvFP0H`g6+|@^mmF*yZ-lO16z{$#b{PzE1
z?=6Gs?2@+84S|s0?h-V(2G`&k+%0%;2=0*J4#Az^?(Xgug1fuBpPPAR<{{^OPkmK$
zetuK6e^5Z}z3*OY^}71%tGhp%p>}ef4VpEq25N8~%_qGsuw<@Y1R}NqlXbl?7N)90
ziEf#$Bndhyma0)3JiTsIl_j2=?9U{`H{cvwbQV}?^;3kZ)rL}QZ3(`H#Yb^!&ad-e
zokl;ZR=cWBhq4i|Z<*=++M9$l6-bCR1;m}xE@CYkGPx`BXY;S@`nYfmhu^6C!PmjL
zAEmh0|DrXO-^Xp2ftgfg60pCV2`KoGzqgn_u`vlCOa<c)+oQ~e)1|KC%yDD2p5Gkw
zdZMR`YU=$yt5^1(%+mDe6;j4e*&%41$b!WuilC{KXx+e7H$06CJktzSbj_l&-+ET`
z_kL51SR~7YR~m6jbrpP_CDrw~|8aMgZ03hh(xm<VXIBkD0<hF3#jLQ$yi-C!{e@4U
zE2RtfOX5X?*9iRp5Q9d>_MKXK=OFFygwqM*wWu5ywbduhlXsaSjmqzUx0RCkoNtl(
z*s2e!i8F!kb`r@rXXWAJcAL7cC1Afu(J@;&R8>&Ye>Q7g&`$9ucOx1DP|Es!<ytS#
z_qEs?^4>Jc4<GX_&$rX_$@)x<a!nM?XVC$vL~V<w#AVyv%?Q&$gkR#!<K6pBsW`P&
zw+E>Z?qj|>sT2*9L>AI5pA<FeXN>^dcIpviLIU$hsbr5s)Jdfw&uK4p!?S#%N?CWl
znrpbES#3iRq+ozLRrW<^nzn&j_(^Xny4*Db+~lAr(6xAt^}XR-AfOHG9XOgUO>Zw?
zRM?DTkf~}jcJOHwPt9}RDe_pEc<k4ee=}@ndsGaP-WE}GM$K;CCb}BU+Pl<@X}JR0
zcU&bAC_@yPqU0;}j^(N^Tco-%Hi4#rBESYo(#`UG@aYEW&dCx71e%E=jc6t28U-kE
zy+e%znl$KEw>x3;KDjICR%Oj-Q-?*QP^!#K&)MTdaY>!RG{x#rpf+f-*!<ePMqjKB
zu9naw!hfzVIj|$sq&D9<AvU(Ls0-!zexjtjk+QVq+ULoIuh9irT7A)YoPRP;FXe~;
z18|#p%3v&bK(8brAviy^@52ta!Hf+j-MKdEbB9wKGv04QYG&X$2;6A5!(N|%&mCjM
zP>H1tC=svSc-%g!0a(pyNSOY{J^i00q_>Z$9`40gSM2~%!|@<Pj_<+~^wL%HK39G6
z9;}Tlz7(?aC4rl~x68`k=RU;$5=Y-$T`yJcOKC|CiVLMV1;*D`Kb+7uuw`$#e%|TI
z0GAkuiFKm8Lgjd?W=+Y<+hO`WSE(gm{HsudMv0oZ5^mSvs_{_aWDC%1NeWFUl7Ypd
z@E8y|3n+Ty1BF#Z?3yd!v?Y8Y{P23+wSKtIWm7<6%S|~)PW_AGlYG}lUV$Yz#cQtX
zW$I@D0+W-)aj(oef}velsna3RXu?}hdkshQtZgjPQrvbs+C%UOt;Z0$r_a>KQap9u
z+}X_jd>kVHmfjTv&@Env(WUV0DhJ9Piwu(I*XQFV4c1=*o;6E(;zg!xvgUjfUz<c^
zJIupSxR=cB+?HI`fevOu`(q*xZkBsM6sd7{HBy7b+O;&S+2aiKguA?6i@qFUJ?v4l
zN#Lg1SDalq#b&hD%?qiYdAN-YTw@1hq4jnW?w&h9wctUd1PiAkw-R}t<&rCov)+Br
zR2L%<u}Q>wH`%Yd_jrQICbADO6dgKjSku-x%1+ZZ{eEh`o=Hk^aJdYgR({&zg>3+0
zoN5z;^oLE>063?qA!Rgekx=TgJcnAvcihXKl8L;$X7BGg*w0J`<)`ui`q2Dh_v>9t
ziD~2HZ1ELYk@^ViZG$jxrHubc?OM6<)!r6~;UAowXdK`Kyk*OY{%`^m(A$s^`B-kJ
zc`jWaAgv=+yS6Jv@|)_+X)mAT=oNd8!v)GE?@|XZZJ;0Wkkj&K&1V%h@Q4+K?$>`{
zmzbxuzqb=u0at923({14|J%cUiM!(xP(#A=QV#$lD5;N9Np-iowte9?E*I|(w<OCK
zP@|l;b!uAuB@@sL9Vedb7ugwv1FRNPrqZpZ0PcD=h^|h#=58ZhH5)w@I_w6kKD1C(
z{jlLSmA~TdDAu@zhj74tj(OZ+f{fS3T2ol@_;;YpCjxgFb2Og1-_E6g+MgF1)O;?N
zMPd7cR)9urPBX=nlNs@i()7uOGG)`5;8xJU=vD0nX`Ps9Tduf7NsE>NP<z9YtX(WH
zrB|gTz4_2#_i3lPF?gz=DQm4F0KBo~NwYfHQP-Zoxd9EW>VRd*wV<Epsd4r^*%k|k
zAq{epPS^ILhxb~V!+DmvZtrZ{2)^!@b|4d^Ec}x4DycFZD4JfuqQlL9VCe9I$}YZ5
z-Fz4UDh!Cj6x77>*4}<LG@o1NP^3~&*RL{_?pdj)bH7~42+KccgIY+raG0YRSJRGM
zyYmCNZ<cKU#ecglyNs8MRO7Ub^mS(@COifP%$J7^6F_<{-)y`=@p7zZ;u6qcTy|kp
zd9ZGaXk$CO%b^)OOzX5fFiK5?UQKh4hw^X?DCo$02$&TS@YFh1P``xvW**P^qZYk>
z{FebC;9r0=^=Puze%^z{g2&#Ivd8+?RP*nFp`l~7tDTm$yz`!qFN*I#Ugi>fZBB~&
zv^30AbR}h{&=vVlj|*wyd3AN04<Rx#GIy*3T3W*V{Nr;m$Q42_nIc=1cc3^65$~Iq
zB8!&}?j>gVTRXc9bkRsdAVL4L)!$3q^otMqcXs350zhwM&mrmX{O|Aj_xu0((>3Bd
z(DthUq5sqS|M{7stk3kQy<i-|OOyYfpOXjplDB-iNH0(COKbo8asK$YUs6CASC5CZ
z`KR9C|MYR52*8)*30Hym-{1BB<B7fgyKMhskN$Vr{@9O*eE;idBN2V4aV_<2veV>$
zZY{5Klxdq0NzUiqm<`$V4`e;TFaAk10=U&sKUTcF>f~tnK=c!<W(fad_sUTKe~F$o
zgZcMg-f04vs_eZ89jzCKzw`OuKJoE{{*UD}etzpB1cV=d=e7R(4ImKzud_iM>x1*Z
zv;hCz6Cm*a+Tg!7cm@^!-3R}*!T-JcATxqb*f;)B-b3GT^08!hm*DZq)MW6Spj%oX
zE!{@IWpVUI)<Mh4{r<x++$A!ALB2?)rMvh&del2?*Xa)2L0-WPXW60yvCpuGU)|rq
zSEe|C;`1|S;9rCc6wm*rYsKORV3baZ@Mr^cc%$i1-htB8gE$>0CoCnI&q^vPcOFJY
zPnNHo#Y&!vFisVt4KL2zqtTd^)J&>@^6lv8L^O=4xJSs*DQ#tSA)%xn>uc&ld_A0W
zBW3`vZ2rtG`)yWj`3?se4lz=5ZuyPNDSe=7VELeyced8@-v6;7GqXD|Xo!;1r18n+
z3~1DU*J5&a*nnM-KTFxrBm58jVdT3sdTpS6{Gx~L(WuAP=5HQT?{=Wb%j+>VW~xF|
zvFhQ-T}DqyRq>8mR!vRMz`!s<G{g;<6yxzz*4;YXTcC#$4*+Q#-^$qj{rs)=07SED
z;40il{rB%c;D!(&b{GI0dYz+>23_9Y!_K)~!Ol75NZ!qiFq#3;??GutIiS;HdU}Gn
z({varmC0oRskA_UUU+IUP{jASKmYl7Hd0`2Q#ON<syvrysWhW*sW=y_t>{9x-}2ak
zeRp_gawNo~==SS~D-Y(L;=T^3OwYFYe6_%I;0ee8JztfZrMj7nU_977RLsv45cG5p
zBS1bj-<Qvdiw`zGRL=r!XSx?1EBaZQ)D50Vs8ly4^Cfq69C&IvX<i&d?`On0TI!jC
z0u9Y*)`Q1n7RJrk^t9;lBzZKm>iJM%cE!y|joV+E>@a+MNC>A0JK2=+Xyf%*lS0*e
zo8R61)Z7j8<aQzy($tXGzX&9pcphtKn;+{h<B74E=}2k~40J;=!26yzkD1Qo-~9+m
zX@FM7^XQ?-HZK~W11A}*74*gRISdr_^32}@23lrgoIbNNmwVbqGhR@JGs6w~)5W(V
z#qnB@DS{zD{c)frv>osTs-DI2mn9yGbLy7LGrUWA)gI028;Zw-Z{o;LmiJ`I71D!&
zSrwP_Y};v)oaduvM=gqI<xUl|fgS-|yr`%0xoe4*`AwcZdnL*<Ej**_at4;os^$c4
znQ7!`Dc=YtQWxLbln>d@Q*^+9W$7V`>X2!k?bfhA?BJ1JI=UeD4h@wyUG^XIySH#r
zkHd4l8-V8}8n~R+RMa!2db{Tb5rFNiC4+cust9&pzu9sXL`f%8EVJx#H1W9nF4^y}
zCO<HDFPajU(VaT&IH&kWz1A)i@eUUdES!z$So|F<<RJs5q%^L65n%HL0^2nK59lF@
zXBXvcNcMhuwMu2MzjUYz$QSTjr_GvH#rdc2;<Y@O#~fT&NEYPh-+Xi#5iHc+>m4jC
zBEKxTDmWOb$!|1~4#3WfYuVEP+IrhCHts6XwIoeH*d<FmY=rSPS0^Y-T_DWWc2^8L
z@+SWHp|j+ntXJ}o(O-ZXlMCvh08~g%dPiKXh2-Td_X|me5VD9KUH-*C_jY%8i|Z-B
zvA;{peMgi_5}hPTLMr}R=xrbgBy8?ybU`7>xKT|TVF-;^OsqLi?A*hL{;lUtHTjlt
zM_geD`=6F}^K0_!6L+ps#;v5?OlL72u)`mN_AhVu-mXDb)ki0Dt2zZx{?h(IM&!VL
z9NXf5z1685`V|w)d0nV-qRdzx`lu<k(`KaWq%ViU^+IuC;7&zygn4}T1a06(-@KPu
zKC|U}$X(2<9{jCN1`*EEt3@Xj%v?$w>Z?k-J!F+DHSkpTgb$grb?%dpvI>lp_!Os-
zdYl>-eUZ^i1^#d>#CltRL+fks!KKBp`kjhby9{0v!CZ*AF(y-+Pwh;dz#^VJ37a@{
zxpbPHr-0oizMPXPFRXfDVq6-2qdviUh*ThYbkB7<{|-xcV~H~o>+-sV{dlT{W2`WK
zfgHiouGc_Lyl=p!Yqsibp$DgzW%H+%JxjUn6v|9Q`@2Kao-T|AS@hDf;FD0Y9;FK|
zypT+w#Nln@i6Q??i;Z0&B(x_-Zn+flJFtJfymX2Az)GhLgC9u${k!KMen60ez**r>
zR_gb-gtId<eFx!*%zI&ED8658pJE=?66-cz%OOSH>@2#xVp~USko_j>=kktjX9IF2
zU(tHr*%Xt&ElHtUOgwHlIiuz&{%g$5sk0XxPUQ9+T`(LD^qSD*Y8P0Ndp%5_cZ$<+
z%=pz(4uhc?P&10HOy<XPWyT)LGn;NMr5rY~^{V-XEQG40@WZ+i-W@MWF&y^vagG2U
z+l_wCN$MLdqF4EYt1)68)x1g&coBhu=gx<95Q{E!ULiR0zKtED5_}~4ZkJ_inJCF@
zYmyj`Ck{D;q`#>z3TvPmEHn?fiTpgSb&v~`dQSG4-ezc63Hc<rX!7(_SJ(t$5;1PB
z_qhw`|0q<wY4pW3ZF}w7!r=2hHCV5+x0I1W9qMVpzCwr3gYNd~3i|;yy;g=_Md^s9
zt~p>^P2MUtweSAvI`u>IWB%@9nUl>dd3v*fDK-u(8C=~x(By$%lTkNoZ{04^g`|Z_
zZPNJN=Z**wj?wZg7#g)&D?z4)lP5Is-o*$yEPpmKZAM1}^Y&h{#1T_tDVEct)U#nb
zokI<e==E;u8V?l?#i!vatPzkzOgFvlmud0~jogo5r7}jo4@55(wloq1$wy^;ra{67
z{`c!MAsDo0>%$p1+mkCsqt*jm=b|f<7d+m#>&LsONHe{h`|*IgLm12%KU)#{sP3vM
z@8feO27`^{PwX2tk4IT8Pw}S#J>!@k*n)jv^qfYn3A1>#-Hlms9Y3$U;bnIEl#Jfy
z{T7Lo?p_cR$g<(XPcJ1f6V4>eRu;7ul#rd0eer+ix}6T6<Q4;Cl)S;HH7Rj3$sf^R
zU+KW}$QHm%M|yldZoSsk6y-ZX_|B-_QsTgI2H~q4@1x^;5~l3=f=5eB7cIt*2|84!
zeC4T4cNWND+~^%RmSiDvZInzs2|IphJ-yA`2Olu-)s&RzBa4I81*<%sI0H6wlu<QU
ziW1I<uBy@n+_ont^tx<~c||ByNg<S!vQN$|4Sw_9Rpx)VoLW*a=#FX`s46dpxDtId
zRC|=N=|qCRe}I4*=AQCtc^FcaSzWr+U#};9Vu>^goS-8+o>YGeWUn79;>0Hxg68V2
zrZm02H63kQMn60b5{Z{+r?yT^LBMdlqJeDXS7q3TdK(V<*Nczmtqf@Jy<18mgsA7=
zuMfy+pf~e&u>=RS);L*cc7FPU$Y93>B@<C1T#t@W=!0}ji~>6`J|s9j6UtC0oq=((
ztDl6DtiHWEJF3ZkioaCW5(fGNq3ZScgh=w-z#_HB&{8m!OYNj=nRT<9J45_<FA~Do
zS||QFatCN?VBe7%W~*{qZnro2fws1^y;mbU-`koDR><~#uk2H$`ChlG5eH2jyuq)Q
z*-*Em2NHCeK%I--TG_|w8IUQl;o(;Kh!A)*@+gt7*4Kc!+F=ZNQKi`_t)R6wQtQT3
z@pf`NO>)&_1*@oFj{`afy<LTtz|E*?!gzM|%0hbY3Vygg5c$j#3Cw2-5xaP^KC=7S
zJ+a0ockm_mAMM!$zx)MH@66H@Ij{UJ+C9v)Q_>SYl&!7*(5zk8#YkXvP(7v2GRZu}
zB^xo2h!GBv%$6f#OZ`=-55fE7$_fmA;A8yBWdDip@CfL0#g|jSf4z<ZM{$AHmIKOt
zLy}1N;@ps%fTMzfoNuR{{^dCT@yBU);NYNwh7QB($w1Jt8v}ZPd()4y95%vzVttQJ
z3(Kda7F`b_UsJCwh22Uz_}25SQzkNcXRv}Yc#uiSw^7t$a?p#4!*Mh}8pZ{~N~vbH
z7UH|{n$Sa1oowTSy<&BZhS2EjuxdYVY@tUv{_vL_{+v%1#CO_dzJ;$MSn=ISe7l15
zgbiEe`d)u|WA@O9NuPEMQ9YC>U%P+$Zqbogwp1dg_>Cv?d%k8a!k?A;QkoTHUNuW%
zm>beUF*IGv_+=JK8#7|fy(HS0b@yLuPP)kY%2f*qwaLQw%dQqNx|l{f3m9{@R%DaF
z({9iN!A7~L@Wo#E4nFW3GCnZ+C8pN1AOGIHzz?2efW;_437TqlvY@EQA!S=w{&I?q
zwXTf8kY2u6?ZdXXF`oT05uN5i#dt6oEnVr<!=9|z`jwh@R9joAIaZhKlhB^{VQ@o<
zoMTxPP{8QyX@i?VEdqUy#%o<%81&BL`7`VLdnQu8ihUD&Wg6dViv!^XdyD-RZEJ&v
zxtX{O+2v^ERh2LLL6Vp={6XB<A4+xZ9eHV61~sh&BDB{p_Xyer5YUQMl`tS%cYTOd
z!CJ0~3^bUuRTDkAOkK~UPL2W&Si!ISnPXo!z#&fNFgv8Xxv;8LTcIhao|;jJvhX44
z$I^zZr2FalB9goG^rwNoq_9BpofSHg{OcV5!zAm8AjnqN5zvVAABIbKBLm6=eX%#5
z5CS`H2%$*wa3|%tqmE|<lVPlf#o1)mFXKzIc;lHNa%XLaQA4`s_VhraR+HC>z^g*6
zEvgFi64k_H><sEau!-uFxJ{Ts?8|kW8U&K^)P{|<BO<B>6;qY`oSy{0qe$ESJX6F^
za!Ao{r5=1pp{Y?ozTTXRiWu985YY{<k}D+qS+1|2%smh$FHO@}A0BCEz1sPP>{H<S
z!J^{a{G<U`X+nqw0cpjIURck`@+$_{TUBH<G$&CTr8#|r6Pv>b>NJBBB)?bF4%(cw
zCL6+A!}z#gMU6$*m}NyLfr3A2OjX~hVkwmbp%`Ev35oq@`zW~U7h97Mq#*K-lP%)i
ziHenBEcYavVwgp6v~LQAAk^+Dt+lq}6&{KHDKW$N$5;H<JMSNU`MgQO(B2nrY1YDZ
zOlw+SZ`pk~Sqn1;W)VXKp?3j=km8<(#W)kEOEfjt$2Dt7!kZ&<uzjdEsj0slkK4$z
zrNdSmjsoSuZ8^O3LalW-HQjODYcrO!DN)7s`XVuX=P`v1vK~#<SwQ5V$FKzbUe}#0
zHhd?NP{o2Zp$0mW;#Y?eX7)mcsS$UAKim##^DBBBEoR-Wenobh{t6%TIBH65&6P#U
zaJ47V9kL4n?8E#Y+6R?|2vn?{TH3g;a?!ZoRD&mh54%h!!ns1tHPX4AZ30$0;bS40
zv@NjKZ7+&Wm~6e3EE|lC*Im-G>lUw}WY}@D)j)3+hj4eON2l6W;9Q((cA3O3JJ`f(
z(i?q4nO<abkZUq`P~3mdn%06bl!&3l!mhYhXdyEBEy}<7s5v)+=2!lHB4rO@yeeJe
zsLxo&{g-)_Ga<^L&>r2^Ak$UM59Hp`yfl)1k>JZm@0A$!#V2+8LhC;3z!G>QwG4Ks
zQrGdidb<chb|u#kjtGZf&x|!CLM3xHjFsvHsI4(0_Szj>up-AXl72Hv2~a=P_y{(7
z&yfwBJG3y87ykO4mn%vdDDDVr`9|!;^(o4S@|VM=Evlyk0qrIOCg{2e>G02x{O~qg
zPelfTkuB>DYR!6b)IeN2B=5;2kJtPSZza}4@lm=fjb)1rFtP--=c+B{or4gdaAj^!
zwJ$hsceXyfhJ)4V>aUIP2}WKfaER0I<2V)dBlJyi65bi`V1Daw%W0tjaWxXQ8moN{
zT|1*SXMb6D%7|0%aP@ig9o_w7I|^vS{b5W*3@G4j2OyCGg0`3oD##&Nwm+Fx8^341
zPFBF4a*}a(o>;uP4<0ANsO|Q`?8|s}$XJG3I34EiX#XBB)+Na_%N9hQdzlsz3BWG>
zKmRkkz~ke#yPfI2d3{El3qS`H1Zw!tB~8$*4MD&L5<}rM96Vl&@~D3|GiK`(6$Q+U
z@)wEiA^hbN8jkGNgTL1qMd2=RPWhWUl%t#0ycqyv9U|UkhEk6tYMOcjRhp_ecl&xh
z;cZ$P?sYgR;4~-6du$GuPIWo1k516Qu&**(RccG184i~A_XTrIrtUDR;!#Jh{%k#F
z9^!b`tj4-1cDl|qQ0<v2Qr}M16f&lh`t)@LCMn+`l3T;4%u1#aTb=Eq=5N#=i!Ij`
zX$H;`xM~*c)iIY`Ggvz)0QX$+ADu2mP!b!%x3?(7)74U8@04(!Du!)!CJRBA^A%Q1
zjk)NcCM`h!cfQsRqY>V+2Yq88GFAMsP_0P%)0~G#Lqz)4e#LpH5C$>YL9qr_&+&?m
z>%CZcE(sl)-jX5?5nolyyt)3<kCv$}#4$1PLIiAFmPhKC@L!2R=&yr+4f$Yy9Z6uL
z06w1xaz+T+vmph&kK?|7md&D>J@{%#8hsu2FkgP2*g0FWyc^%z`&G@-X2(v>R8e6W
zb3p%v`EKPK!{K25^1fYYXwS_)InalZK#|Co7dBt>Gvd60J-+`tFaUytv;ZJtfc7+u
zRnkNQ8I1(!{?4U$zh~ejm7J?_(3@A`#r{C9@lmu2L~i<Z_QUh-T2$4z2}MA{@cDCZ
zZz%~;<ZgJm>q3LmXh|x@#V*?6eIEYR<$(~9@n8yGhj)NZFI}7pG^ViO!1yN{o%7uK
z__n-F?1+mpU7`7K5Ub^6;*i*cTI?V&pFuhF;gV{8urOT)8-WW^pk$Fyu|sJV9<p`T
zT0Fa=2R{f$RiWjfn(b2fBDYq=By~wLEc{nXB;0LwVq<N21`e(Af?IKTVO->c<$5oD
z%$LEh;=n1P%=*txN%QqjV6YA#mpT2>1Qhqs-Cmxc+xpVufiL$)@YwF{dWqWBug(}1
zWM+);N}EuWIbP1t2IH=D==iZOTWw<tSy$c-&>7nvpm&~)^dN<xi=^6J$caDU+ol2C
zW>#4H*%(2p1R2793=S5sW4X;{pD0y=ylsx#><irtSc|4|H0~&|)>AwPLnUbQ2CFD&
zQgc9G;0yLc;+cpsJwzZFbGi_L?O@oqRgpg7Lo1nhDAHPTG$Sf~G*Ocv3bJgD=Zh`)
zJ}V9;5Bk7s31HZY)rdb9KHL%jaA(}FxOo4-GGB=Jz{0`PX0jBOAzOh6dwY`GyUO$;
zI$&W2w^!oadhNb8{|Am2-%9iT1R>~hXRRyE%b95lnAO%1!s-*eADW+`Bfx1Wd9@bI
zq;c%1P@|P}02F|~i6sO=rTkAuV5oUjdsX=J&IK424l9SIRLb%5+AOZ&f+bq%-{>Hz
zN!h|UhXagKDd@hGDX(Kv6u4fpqd`)H%7Q-Bbdc!nPHE?iRv01DH6@V;n!dmCud5qc
zC%-{%)A9KFc~=3LZXec8!=2I>r+}+28_^xinSselTS)qY>De#*N9a}&1fY`I%~?dH
z;$Q)BMKvrUXsP5?kpd-J(al(XIAA|S<8fnh&-yJmOtBtfF%e;MlYP_nP~<E*{i${9
zF=y_4r=7c}WAt!)v-RQj91d$kt7uWer(L}K3D4R8l|*a|mg+j@6EPxeHiO4U*zd1>
zD)rYDx@PyPR(>kc4#uN+iq86A%Mr;lPE}jT8;jQXpaZKp;;;Yca?-`-eD&6Nz}B#t
zwThsRTaGgWI1*cJhYMVo9KV%ESFN+x`Y#;ohJpDF(6O3Y0Ui%j!1x%CYc9YVq5ya|
z>LUK*`h2$p&_bIouN~e02!loiJ;C2W@>NI_6hnKq8y$xu9yZXuMp7sY?m#H%zx;Z?
zlw^fwl_i4*{&{cGLco1q55diMNQ%{m!N@}4rtuH}DrZLs%hzkk;gX`kPe{PrEw<YW
zgq1nVJwx<X=L@rK+bk%(?(16WYT|c9Js8@Vqs;=Oz&+R0n-1;xaLY1p^&Lv!HO3{b
z_$J$oQ6#&?MbKNt4&_O}Hw?;H%*6oub)?>h>d}E*n=pNrnkqaRZA!LNQ7FR&6#7T~
z`xHI{1MCVzAqERqh*O7X08?;D0bWw|MD&lx>}3VO!%YfUO6uPMIS`zGKuQCNf{pI~
z${zq<{+)-k*7b8&(z>cF_Oy(s4QSNWl*S~rg9wtgJZx{edOcd2&I5LwVEWzhT()Xv
zn}k@!@6sX|Yft1=$PA3BI;YRAjT1YaYGDkW@<5YJk9vhR(RX~CN)(5M4Ur1NC^q{K
zMntM~DwyAU>uSxk^Z%s<7|T_Q5a_~=cxW2ou_taYYLJ+xO!z(Pd(VG$IaeTPghUNP
zK@Kux!8wH`!x}C=!0z;g^P%ef3YeqBFf^u#(JBqY&Dn)eRUfP6y$osC`w*ib477n^
zU@Mid{D-#qj?hhSCG&>&LBA;c>x_ZLJi}txYq)bUE5j`h<sQH!VeIw!lDkh2sm(PD
z2ed`c%q-ysnxfDTGW$WGZQYMgU)waV-NW;BjD8O@jdYJ?h`dQ;#fXcD8Y5@qt!<q5
z-E(%f8keG8sbzAW*uW))S%xA&O<5<2uZ8Cw^x7FG?J!!ANFthFWTo@f>EMTqWex@Z
zya|L!;Er3G0Pscg)pw-sT*jB>q$0X!Hs5_lfTd55w<&(VFK2Hj`O`n3(}bpL^H!0r
z1BW41;y<)Q0<*P-og$)owc1^`+c9ucoS*Ou2JpiJu7S{R`lPpGgYB4)dj?_6difg+
zW$9rR1Tu7i-lA0#)c4mn&|0&DTh5WxmKYi`0T-492B{+q6ZRGnZ16nOUUfG2Y?msN
zK8t8{5lJL_yP17RSzj&8ZS*&{<N_Z6!c(O*t&se(ws(lG8B-*u;2UDG4=O5%DHYBM
z9)+P=YEJzASU?B*_dId@$X+oI(wk{3V@}p=sWS{)vM*H`!;Q=lJwQi?fNBio)xDC5
z1316}Ti?LboRqjC|2PAuQl8+Sn~glT-oFIlU{Zj)0H8)g<!(9Xdc{wyvOX6%ktNS1
z?~5;x2D=?APR8NUUO)k54Q{Rqf#JGUqR4S5+TEW@U}I>h1UM{7@J&_+h6j59odhl3
z@DqKc2iO|%#^GcfA%oJ=OcG5SGMDSspoKV&E~v1a(yI#E*M@Uwgbok45cT#js}&=K
zO`DUGBJmApBMvK%PF_F5t@E?u&W1~<Yl9O}L8j{FoWQ^@-kcER85j&SEmfl(hAUC~
zv-%9_05<nlFnh^_?H(+n<Mf{_<)<1Bce(V2LxGeo#Tg(KoQtOifDrjl>_9#vILuxH
zzU2C&ymEh$7$G(tXfsYnT0s12`LJP*-Y$?}D|zeNRDo99?O_8dZF4R1)2)NtOwek!
z)PYLfPu#mhbxecXOu@`Id=pskLS*5m!KX&eYklw6FzM;NEnB3p+^8?6ZKQF?q@mNK
z65Au#^xb;xG$%zkl6?mZm?njrr~J+(`UMbh@Vnc6p!aO3RP^0j;11@3dUupZ6PTrX
z@qgS+#cHEZ3TJ@g7VagKdN8#7alY+K^P;8j4RJ><G#+lt<0CxN)Z;lfWm8&^R%?$%
zKPE=d0tB%?<s7t(ps`$pnP9aAKUTBWQ_SN4K13SqKcPhoz^n$)DOA;TdUcih#7~JX
zHe&m&f6IPa+b|*Yg9j@GJitmv<M#B}D+;e1jzu@t04h$%lZ{xDO@+-|8zTf^*sFAR
zw~L1%{rd<}>_nC<!Wk<{s`2SY(hxx|I3y-)mdbQl;s)8~O06c!6)J)<0|{u>bLf@2
ztyO>Fv$0ou!xSzzY2Wu9H+R17H#wwuKCx)jx%bsy?`)yEKT?FGdWZ=y2KHUJg>jor
zH#Orm9KnD1@|pF~p_vHx(^|UU>h>aWTnX*|aif6&%lZCJTWNapx812?4&p3b^{V_%
zC<01xyZkTfsGtg{x|2Ipj!J~pp&Hc5l96W4mOGLwf1+@Ze%LvHp_V^t*@YO+$Wh01
zPZk*qa74TK&$GJUFo!JIzrx<P5O}y%yn?-v?ulg?v{hfXzWEAJX^N{&SHCrm$UzB&
z+IF!2q5bEoD+z;&R8jo&m&%CNA$M^~V%O5X<3ehi$oT=h=F!-~cdu7XzPZ^P0Q||2
zUJ93;RMo=X!X}zruyJ^2iG{Ovl8>>p<eJ#7tW8$t?uNW%DUJoCiJoF(uiR7Nq%JFP
zOm~;RA6%bB!0)%TEcB|7e@&a1amkhp`Fwx<#{EID4Pu?c3!9g2BTbrn!e=8aMs--l
zmvm3PSO<qSJD55fhes59wLsq&rB2m5RDm*t`?3`0>o(8b^yv9#sK-+bKSJvM+wkBd
zCEs~V7BkV+U?wU=Xtd#5#5#v-dV=DnNj=igq+!xup8z<lQbm~}&za9F2}bYo^Q$HS
z3w3ba6?zIcu<IWhEuQ*>L(JlsI6cv6PJgf~6?dEllU%_$RXaXCKs4X;H!Fm<PZm+E
zH4|x1eyPoYb78Iq22UNZ-P1!Qu-IW<!PR;6K8*B--_3;M2&hzw4s~!mgU<Ie-b-$*
zI`fu*vcHsZcoMe@xDXc{o1MO>#^1F4zaR)X0|3e;%=p=H|3D_W00sLD$`@o}AzK}}
zLS!?DYVT6WDJcshWG|OSLUU4Sd))6fSoPxKFVY1-s8~S1b<H?#D$k}%IVu7%^h%e*
z0NwMr(sJZLkEaF{7z~Kh$Q7yb6QI8qI1zL6qcga+TQWa=97|^jUSCM$g>?TV0BqoZ
zU|(<moi@oS2FB$>sS>!xnH;#XCYrbYE9wnI!fa{F62b~Kyz<GGCmw^skXY@|wWg~d
z*M|)sGHus}%j1D%`3i&(b5_4);gh}wqHLwCb%Q~vxX?tp*ECcjA2nu>{rCZW`IQEl
zP^4I@3z=v-6bq;Ad?(`D?$>4rz6b^VgG8j30twxLR3(^S4GGkJ;dS}}qWd5H?=?l+
zxPKb5kQ7)|7{YT^H&WAWc#tw3-Cn%qIuXPzX-a9$NhO0@u{3fKx%4|%Wn>}v>i_CJ
z?on&JQN7h^-zNzs@Id-zePh^%J3pk5&Bw+RIxv~XA=0P#x=(qk)^$~@wqRvnW*sLn
z*~s->>(XStgMUsRhP@MdLGXSi1>mC6ug$ub2^`T@{(th~7Ivy2RN=Etp^#us-p8JV
zShXI!z0U6ln<C^)4P^OY<AfmbxgOlL)<~#<(h(k$E@G!L8XKpj##~t<Wg*+W&9+hX
zBDyE4mQvO74<`BzK)XAAB}P#IJJ}xWwsn~=OdDx);+j|=p&lt~XN~UugeI1kENfgJ
zwk`5Uv<9+mlJWbjf^Vn<%A=dFw7|o-@jHN)fA`mVo2HtX@O>7*D07@xja6Tb*uws8
z65YLnjP^KYDieRi8~BJ;c;nsH`x`J^Cw;FegAy<a{pFjpjM|;eQUffrp~2`0@H9~y
zg2w{Nvn)|hW0b|R!VA85IAD+Hjc}U_@7PjUCt703+&*2-z147&LezHE(S2t~CfLR>
zPYnI;anf6V<6wF$<YevMO3iT(vF)gbKwjlR7yN1@NN1rQLic3w2(R2B^tJ-!)Xa7_
z?-Ma`8XBRCKxbF6roi?7*}NsL5{xI&x%<7CVvLrPlGFwd#KH82^Y#gN1pRR*3PYhv
zJbn2m3=<g;_3wC{mY3^ONWup;Dn84F@kh|BBKlW=Gf-3v<0;LHCjxK}#ECH$s$yC{
zQyo%pn6mHScG5-#VnNqHV%qV1jFA}Tr}zqgIh*|+{<p!rKv)JwUiqBsvF4^Z@+?!u
zUOH2B>R{c~PSN3bSW;8zt3&+r{S}6CxV-fyCVV1C&54=WU$aU>QWs8{Q5Wn+4fJ;T
z1TOnJ3$uuC`Ng+G8)<^KQp1iu%%!U06WQQ;G@=lTTnF=RU}td>MdX|De_e>KiafGv
z@REPrX|FVP&#<*G6J!?Y>#uaOd1P0zsgMJq=IsR0MPhP%_{O>@8CUP8Z1e$TMS49e
z8)`0O&=3k=zh^PzKv-B3OMr(z<)iyGp--DYyW_PEbJi!t;P1~2Z9WS&bEVGiZxC(c
zXuVlRd2wdr`F8|i1|410MAj{`*na#-V1Ql8Ntz2nNrZulLoa6L{6jcS2VkE0D_>xX
z9Jd@?(x<pGrc7XP*q$xO-c5`IogNAHAyZr>@xw!V`fzdX<Gff0PelMustF}*z0AzL
z0}BFptLHRI--I35am7gF7YE}}^6%9Zzv2y5C+(9)pw1801WL5<qhj|wbkx*6Oz!Gv
z!AiBbag<6ZSs8QlP=9590Gb{vtsXca3zOw)2#}OOp1t}q^9vH`UEv$2HcHhe;b2$+
zcjF8qLBqNeVFC`V72l{L#XeV&habOYiG>B}T|(<6gDKf^%>>rd@fWx;dFFG<XEdux
zr*e*(B~~tFkp$LdqPe9fZ)Sj{)b+-YLYPbiD-oX+Ux~CwyI%h>FNlhEEOgjZnG6FY
zd(Oz*4Vd8j$Vsuv1T&+k(|wSYpgq4Pdz=kH)Z4yYO|)dvmiS5&MQsLT#{h=h>UsrU
zV4r)B8bgq*PsG319f)n_?bX=`a+X%u>qLG_`V<09vCG$1{Q6;ce&>g81)@={btl~J
zR}5bDh2Bz>*X~Dr{NA|zyYE#FWJko{a3uTXWP05ZTmd8>l1s@p<_AVP#&g6pP_7@9
z`b(7vIW6GIf=rvI)&IDR=z&<^nGFca0uIY*`9tFw)$w72m;wLL@br<^k}ojK`ODlS
zWNOJFw5J@;#Y9y@x+;_3uV6iGkK}ep3?<C35rJl*&xCx^3>dCm)T>`cRIAAj$hC*J
zh&<PP2hLIZ9w_gxt%liY{g1Oa@ip-UmYNC87V?F4e=jUa&Mmn);8?T_g%uQ+_rgL3
zmrq_T5iqSoDPqwU^w98UL<Kc(7!q)$NE++A-vjqGvBY{1-KMs0uJ(v;qUGgJ5rh(8
zwyBLA=aaX_TJusAe~UX|A<!{p#`crBDg`JIqR!qNH@O(vP!ZbY&Pz!`Dpq5^+i9!r
zxTb}jhGv}dA>uTRO1az0ASW&IPUX{&n>oKa5d|6V6I{X(lo2jX_`YFNArg7u0wM|7
z3Y^lCcWH_~>9v_(aDcKp*FNVZ>C&ZVT+;eg%xGi_xG|g->6J(c%9BMGA7axj*s@ma
zG?2<?l=j2FwF02G>pnn&vGMbk*dJ^SAManuj^grqT97ykB@&2~%C8rKL$5@bWiUb0
z7jO=h)EOGIYh%%1GPjkxK3{QNlH`pi<2*c~I(;ydus4zv1rsMNg7Nm4%ICL-6O<RU
zDUck1oRNQAKF2WUln)jYxNtVr0%1Heorz{ZNwXZW-tM7g_5rKemku|8>u9WFHo)EB
zppn~Vo_c*!;*p2(1{nEltlRU`$KZNT`yvQe4*n!Nkw32G-IZKu{P4nM537lO&$AL`
z1J$TlO7+o+Vt`FYx04)0i(ID)biG?(4KSvR<$C$h6d`WyZ$Aa&t@VtF6bvb-s}mTM
zNTAQ5(@<7=P^4EkD?BB+bW-PO61?9NFJ=m(p{v=C=T9Ns91K~FQ3uHMnvAi4-s!T8
zIdb9>b(5&A3qYL2R&>MS4;v?;LIVmcTu2unU33(9c;Li<&pKCy_RRW_hzs+=AMsTK
z{>V@wG?n;e(CY>M{x2{_sx}45w?Z-_NKznLOowW!N4o(TOG^P%VyeB5nwZSde9*`N
z)mnYT0`wzUALgdjElGpF4kxk}Abq?&zr@}+$kZ=GBP3m=ZQy#-2cG-W`{dGX(P4>l
zY=;erj=AAe%VR<}mXXr(($l22+FW4W%p>k|Vx=E#GTItAB1}fYfS^jy>9S?FETC~L
z?+1>a@Lg3&*zO4|LAr=|pT1PD22Wi%E->~qXWf*{ZQ*fRhCBokMt6IPH%fv@oHr2x
ztkfk8vH3=L$gTz3SAWNRuG>eaBcH^ofS-}m{X_`agVQ}R0<IMCn~UHOwJ62L0Ii+g
zt!+!fYg1z(?>cE7vDMk)kBtx2_$QL(pvN6)_`$eC)=br8;I6)OIvcOiIoq6XCIQy9
zc83-0*bdrrHs%c^pZS*=`j=Kl0{Ar*!5>}4f2J$Q{>d$90YbGYZG!gi61s2vY+TY+
zaL#~qx9%8!U#nrVq>Os1{e?|3_;P1}yT;5IoD*R&rBX>~hD~f*WO+p-(n076kA_p0
zh>H>qR!ifwRwJ7)jwSR*chwByc?%ps)s^NzN7p|vVZ9`)y;1+wIS5+7Fsdb1u6LF#
zGY=1#5dlw8WF{nf(>g$l5+GpywkN?Y_B6*2cePb-U?AAclS81mY9OX-G{eZfi#dMa
z;i^XOfT{tAN}F8xp`<Aw9|oDMH5PetGk_kn)M#Kbujx#6m-z^s7nWt!ikn$Vff&bX
z*BA}an0yI9v=*=JscO<42<UuaFY`@pF=+biE&=sHH&bya9hyR_nt1OO03-BO7YMbZ
zzKpY6$<?ER>_(z44&*_VDeNPnFVLxsBVa%D#iUY^KUn`X@4wPL7|4)(&jA>jbO2vJ
z#cr_8u=UDeJlKAnk+nY=2W0EBSZZec`zfOxHNHEWZ}Y?NH@1<4(&Za{Nlsk5x3v`)
zXaS%pO@hwT4QoN7+sT!@91aFcEl>#dE?T30l2NL>qMCY+W13CNVWD}SqwOHWC$3W~
ztjlSEr`d4Rb6>c(Nt2DpC$-I0glo~J<H=0V+O(#u5QC5s6)cfh+O|gMpG4f^hLd(B
zhp*$ObYW)HBX1PS&Bd!r`2FROK?PGi0t5Y}OYXNN@e^n7Rn6#{KKQdP{d#|&ph-1P
zY$!J2p7bV5!15wpomKh(ii(Y2yl5a6nnWUZID9K>EzDtcC#SzkTcpNJY;D){+jC$z
z9u9Ed-X-sV=&<x%j!*I*y1F>PY(ZXUwtpD&Gul5LFf$;p15&ubm`L3o?!Ty}Y@7SP
z&sm)5TrFHk2>iu{qJkP6&Xy<D-NY*_hT@Rgwi%E_Z)P+)4qgL&hFP^t_Gn|N+#XJP
zKG2#edLi(LnxOr}X06s63fcgIsQQllU$gZ+Wo~!nERQ$R80fTb`1Ic|5UMVwxO0SF
z;+-2g{rEcd{k8L0PS_%>qMU`>#4cNLGl##nd!Jj2Atw}LtWnBJdnBpB3`^PgNMED*
zY!ncRZO@q!J-FRl|3U-_T~c_HlY+@O23FdQhwz+l>u9347O9T|nsP#sKCv!mfJOa?
z6fPMEhcnAyScw44-BB9<LQ`Zm6WJb}{LS&kpoz%X?s9r7g=UJjYhZx-=4TIaSZDBH
z-^^>sR<k~|!!2Mt9?q8<y|myYaP+_6nWhB%K{is8{^ejHMZgdpPy1>kNH>D$<kTw2
z#b#<2o0?)o|7}wBs;_##1XE@C6}5s3{B=6o{}B~a**H?&tBc(8;Apwm;rik4mS&!>
z<)mg?Jwl>gA96MsH<Bc-4A4d6sE({>H4Q)Gju;ggHT5k_``^`3Ma}ET7-Z6?>XCTm
zKZ!y(kAj!0=ZI(hDD_O27R`gDwr;}*f!0^=tsdYA@AtHC3Xo{Bs2c1pKCg>bWl;%9
zM#x2n@gj-zQ2mbKD5-n1&h>TZ%ThYBWlJ(|DD$0y33%E7WRhzn%s@<ZTaJDFzAbMM
zXu3&c6w%`hZ=Tr1kdHCA|EzPmjHl8powXzXTxI>UQ?|K-aTej*Jy<8-IU@p2Ap7Ep
z^0e~XiE<4FU$0x3-c$)<?8{}&Pf#3p1OEdFAU90Lx(s?@)K+l-$`xe}*+jfd348kd
z)5p#OK9;~OO0dOUr?H+kw6^=|V6ErQO7T4cIG9j(;*8kvDI4Hp#on_s7z7e{aQsfs
z)K6;MKOATEhQjwJMD5oEQPb6|Tuj+_Jl>gBue&GWP^`@y{(6^ro-rJ5<{Npif4)g8
zYWO~xusy-wl&CaXPW1Iivs>f#+*E;LWP#!3xU}&(0b={FEaw5X{u_O%N;8TXxPj#{
zl`Of-J!Nf0O@~w$tu>*V7@zl~NtRLj77G*bN{0p7?(v=b?6RVpQyuW*%GxU8x|h3n
zoq=d4NsPLAvl&@rpul;OD=(vzYBHPrK>@oMCJNKkBVaExy&{TCar`-Oz50E4@1vdN
zhN?Xfd2%?s#bzu&47VfN2q~!(KB%(2b00Wc_$kB?jEOZ&u?MIN7O2{9FDXE3BS}Ut
z1u5iQfPrBwKTQ+=ft6+W|H8^J0pRaS&DF7|v~WHMMrkkx?g!S1LR1(*jouOgid<+<
z5&WIj&bRK*a*R`5t|>(8Lth+z$45wJ8*&2zZS@))K=~*P(r91-)Pzd>`uNF&g<HdL
z%Z)Y{B^_mJL~$IX-^@u#KuXcpl{%yEE`Ci9Z))}nXnP1CN^_-aN1=cnSB`4{zz;;!
zwi{f;n?2UxfEdP|?V-Vm?WfNMj5&eo4!&Id2J?HiG;-zm0q$)u4n|wmlp}1OoU-U!
zgFb&|8$&_U8>@;3I%Y7L?uFcRxT_(m4&$8NAq%A;mGY#JmJIQ<$(t<i+07`IOcwr4
z4_f{UEE>%?b|z0CDWs*Ir7ZW&bs`^v1f}GV4!ze+w)5Kkq0tw&go$XZG6Ji@<H_oi
zE-@ruaz#{XH3ewXk8?!)<$b2|e4kCama@KdAS7wQ|GdvoAY1e0jGuwRF9Qbe4rd7J
z2;<EWgyl;43nMKi&Z{cC9Hv*FJACaWQ#X467AQ&|+vVW`;xz*NTCxKQ;tknUc<f9`
z@dDi4fl&yk*4b{p_cw7Cft{~Ds8JcB_3RwRQ?J{b!A`9*lMxiS{m!5O3jX+K!)l>5
zXW|u&`uO(506*BV0>)w8dr#qzb8*U339&wn_uy$!<y9Q|bhs{sC=Mg%I9cq9!ql$|
zRZ)7RSpCL|5_@{V$w~R_yyq)oxKTSi!E_+LJAvweW)^^`@~*8HiN|*5Cu@T$vv_>Z
z&6yr1Ge-@zQC%_XVT8up$D=bMP>Ng30Qrx-lkKMJepTX#CBZtdx`3~SZvgvd3ikyT
zsDq+R_k!rULrza{SPfHW02VPmo~Bq2u;r9%S<OpZIs<aW-yP9Kf5NcEe@5R(a-c#Y
zW@9-B2T6a-8IYZ~e&dfpI+2GNFsD2%*mQYN)QNP;eh(Vn{PCTQ2iD_$g*7ZLYBz>9
z30ykURH+&$>NFX^3*P!J<5;IZ9|2)srRkRMNG#`-=0!C4=R@FN-VBt;ZI5$$D;8WB
z_5Xm4AnFpcAI=Dy)GvJSC0znf)7NcU2FC!}{gcO@3HGC;yY`0D)7DLgtaP}|mb>?H
z-*+JV_%c@wP|$K#Cj-_qF+V}%dXf8vM2~7n<?hc~+LaFC>8Kv|4SZSFIUx4(6|8^f
zJ7<X?Q0~18KSRvz;s|6Lc{ZlT6WjoaunSpGjT^LQ7pKEM`wP74$pM`7i86hOm$oC3
zk@=@9eMbROicqVi4<uyW9jGQIeJ7O9zWt6fvrvn{+XBpLnx4-2^7v;VwFA<@;@wY7
z4uyq#RT>b_xeV;Xt>3$r+%Y`2TSta3X@HhyW7tjEEejNPCn<h2Vpl?HwO~gmU@-x-
z5sfU2CHB3uI_WYQShZNXas}8hd~ItVoFDIRqV<XjCG{rv$%R8<*9e}hRsaC(4^d1^
z;<8$^lx?-*6McQo^kAA<%@Fkyg!yKAw5|ebt^3vlr#UiJB%>85?l?cdVBBQU2H<FD
z;{^CJkUwLvRlx)VxrkwV9>w7&$u{<i0eW?>w*jS5eJ{F413(gZz_WwDaC~0#&sw8o
zLiN83QGgK2>l;A6J=54eVqm3#zn?R{MTyPGg@F9edVq#!f1($@uU!c?T^-c;Sf6jk
zKq**Rw$>iUD5P1ZS^(MltiGO@!v;GBWD$~y=&krJ+nWBUAe*HPxo+z&@j4ct;K)!V
zK|n4*JRa}=lY<!8GEoMxrr{c~ihla@*vypQ8jb?ejOC%SKb@>a$)9JrM^jtJRu*(}
z9?5_dxMP2%=(jg)6JY?I=~Rf0gRbvx_nxEC_9^WxY0x^pY)wKTItT!a=>roV3$>DE
zSp79CNl1soxZ1r$@F@Vz<!$o@KiFvG4t4(zfO_mV*2{SrucHEr#avAC#6P1+e!{<O
zQYHFq6A^;<){i&QYW)WR$E?;r3Ghl}<PRtJ=QnXC6KejY1#nKX04tROA_vJ!Dx@)A
zIGD9Vm!IK->Xhv!U{*s35XJTR$m-SkJ5R-!mBt6aXh4(Nqg^h*QrZD4qS!zM4if|)
zT2|4}d2jFX<VX-$!a(vS;3v4<?+)BGCdAybI{@HUTWyLs!b`xaA9u3m8orlYd~I!t
zt=Rwx7s0(G8;AuGT8yM_K0BiOu3Um)Dyg0R#&e!{*Zv2vVGwu~-g=&z=?IBlP8$y4
zs#F)k-Z7_xYPoG9DmiU)JNGQtwSQIXa<8x90s^Fu$y<NiqaU8{QFGyGf*0Ef3|Z!1
z3X}lw&uDp4yqTkoPChYTT~2jv$J!Z_>|$U}k!w}>Ye0^Nb+m(xRG!>dgWM<!(aNvO
zbPZtTIAn!@kiS?xmhTQedb(Vw1VqkgvKItI_YK0{OIj{7A+Syh4SP$2D^}PD+_(Z)
zhv{YwNhe!^%ezxkL0+#e5<cCagMgV{I=~E6Kp<`~m|KnD?>c_?OT17!)mvWymvK4>
z$6~Zco)I3N0Ka>mJ&@M33eF0Hmre+5^x$;@D+U;STBg36xg(4au$A)6vj?BJ2*5vY
z(SB?^kF*0{Uh(5BwG{(F;il!x*Nqy!<~uVjF2)1SN%0U{kHm|6u#^}uP#x_{PFplh
z@SjfFSRQcF7XX$@vIb_7+>qpPjmM0?<pNlM_esm%_f7w>(CrTGJSQtC0`_YNP#yzx
z2#3(;E_efwfjf7k2j8X}RW0j8pgrq~0EV{iq~K=9721<A?3sBe&oW@!C9f(E)Hk_b
z4ML@DDnxz;jX+h?gt800Vdbq{#{?JY*-oLV>^#SZLW^(ZW_b#bt>`%o^p;u+NT52A
z@_7*F4JITXGZzIYe?=v*2skEPsvB`HpN0`Y|Mc>@Tq!T$t0zR@KjYR|O2}49xwg;P
z=CewxfH+i?{8Jne>8mA2H&$HR@K>jDe?6lh6BNEv<{+Z=*Nx|x9_VO$0_~aV7Smq0
zrTBSG7~q~8dC5WfiOImj!9!WCN5E5SsQ7+|S5Pl5SCiRs(nJKZ$t!0wqkw|JVPQuZ
z%CaGbM1H;8fZ=?P!1taz^&=R)!>vy^Shx$xl~dsi`2VkGGGT!B9Q%UJk_bnO@fE!%
zpS^3%c-~6j4X_oJX=Of`eCZe{+4pt3>eKunmg5x|SSjl(BM!3%y8yoYcsF-4eaeXI
zT1uQ#=HEy$gTs6MPPGyXly!dOw55!R)j{$-uK4ro*7;sJ&|rx6ko1;3=-k<iZ438(
zwxq25x5mxdf9PNWbvpg&-5*KKquhX@ld-a|d6dVTjLwAuodB^rAX@_hCT1-@Nl9Kv
zK9q11_Dn<wzQc(5tujLx;5IzY1m*hbQB?DTm7*F&>%EMed!qpAQZnGg@sIONjtuPL
z=jxICE^^Q_)nwlQ2h=wzE6FKm7H}T=e+KldKyKLlbrvtdPV4E0!Iyb92R&*18iz%(
z)!H@OW9N%(l;1QU77H^bajVA-x=*6j>1G1`=32k&k;`cX!xfO^z#SI~8q&pn%x?`!
zdXSh-F;Dp(|CYD*U(Tlz<g3q(#*xptE$hK|o*L;CLz0X`Y^yfE?al}qAD+zu<%T-)
zK(+$C#*14PfdqKtvE%Q<S4fpcgZ{ehoo|RDDhcybZ6i?z2xwRzi;3mLmd8gTx2Nd5
zF{a2r=_Km-QGg8Jm_hkrd;|4zN8WKwnt6ezVW$9=vZC%%A_v8+7Jij{i67#Dy0172
z2K+w@NQC(RiXJ4YFd<vFwEbThFR%Yd?k8bG>e(C#)9LJ`uQn5-K<U%RA7<<DnW+H(
zGEMI=ww`Dyr&7ll3XeCBIL2?ZjSeCWS^=sYE1P=_qWT6|fF$|Pg{<i7OLe<5rIHl5
zk`}{c5IOj6vV$<ay#_?f{ZHjM&NJB9Hn*0Cd~v#hNV0;h5)P(~N@K+}S(@L54WATT
zL&4La0~O8J<w2-7cBdq~v(<J5IHQ&{59jjO-=X|Uuf5_<p4gIG8G6`Y!Ajj9_DgK4
z?9R7R$1ypmgI$h7Chc=4Q{_Q}c$S3E7f0QQ-Vi!)9#_P`WZ-(_%zVH<Qw&q~2)^)p
z;S>PZ5|6xg^3rT1G9>?mT?#?6AXh7~K|~N;ZL1F-U$V?|VXW;DQu|hF0aXWO`zSNu
zqg-pH1MW|bJl>zQzG47$7ee1(?{+t5T>J#Czd`lyP%dK?e*X_^ZyA-<)~^rWAgG9>
zARyf-DWRm&-QC?SouYI}cbC$g64DJyx3tpT@t^nJo-yFOpWf#=-yD1FvEBDtYyRS@
z`6$woYDVSU0FQkZwS8@1qy2UBf}dhRudP7EZ0|E;=3F4d{}mMW)?)UHl)>zea}-mv
zF4hTW+jcY($n<B4TtiN3#F~bDuH&sKS$?IMEx#Oe@ZJXucmUf1PvB1Etsm}?4}DgF
zeDnLgL|QI6G|$qud~+r7Yj@`%AV1GvA+PGFvYa`z!AOWvPe9;2p4s#>tPVw`qr1ib
z;nTt>6VdwYwDo&X6mKRq!hi<cID)>pAVrk%B`9+Oan`N^WkPH7gTc2xRslJUN-95q
z2#PU3*~#avhv$py^V<P581rOO6drYs5v7zulBra=Blj5}j#{P7_aYwAN#ru|ud_;6
zic6Nho7TdVk#>CmISM@{O?b4*8$<kU1rHcP-cdy>rRvHUYO`1d!|LR=J9@eU-anxY
zps34r#(l)C-W!vZ)V}tEMeTsj56xY52Xq*ddo7l-<IxwMIj<Q+;h)Y&5gb77IO>SZ
zf&`?_{H7CKE9#)d_IM!ISVK=;?tgXa8g_#8Hp8g_d)txfHvRPbJHhs4(@Im^_CAI#
zr0+6<0R|42mONRb2K0tj1(yfFJDm#D|JyZ}KsOciuqo=p#&d|_{NU>@-#;U;ohs!C
z!m7<R;ZO9}`hj|5)G#rsP}6=5Zg}HeTsiZI(fCNq2jW>?UOyd~IhFq8xUP8M-X6xI
zWD#B!heS7e04A`|BL|O!xB!`2@aELZ;!=~^nwomPp$6;0Bj?Z%?>FzV9ePNn4?>>c
z4<uPd!KRxkaB?#)z!IH`?AX_OKx;K4sBZsxtqzJmnKCAUxY~3RBa_a==l`}5Bu{mv
z2{TcU41R=f(AD1n%drSYsZl&T9W7yb+8?AhSI^NIewbyeFG<m3JqK!buPIRNJbKPR
z53nN9*VFyyBIDlxCa?SFXKjR~l%j~XP}p9ExiV`4?!d|Bl=1R!UZPJWO=8qT{l?WO
zTvqGg#OJHypQA%o-?;w_lq%FvEw*B8t|FWG9nLGY)E-5H8hpL$N=Dwn&^YSb69xNv
z;gRF`pZ70>#=m<dt9%d<n5$xx7Xd0s@{_LR!<P`d@D(2anHoM&dgPyYn{mYI(E<&Q
zt<r0XJ1y&j1azZ`#ty$Hfc!x6cY4oJ3xWLwM9AMRwa`<F-$OmBpRo$^GnIEy37m;?
zB`7#|I4GYpJi*SPs6d-F3)_s-9*JjT^+Dm0(A$Wnfnl6rbLtp)0<+ihV9R+Wg87x@
zMmG)1I0|pJjp8~{_N(&z!q71ZHSLv7e5bQY`{LJ+<osOE0!n4q5>z3I+hz{iV1wym
z*8XQn-eP74`uhUhe(RS#tR~yjZ~#(<sjE@)f2;^q|De32m6v<sDU6Q=BU6r&YH#IB
zjJi$>ux}|Xvb-wu<=-xvj~CqauQmS99?YjeG++jXHLiTW*h@P{#V|zTFe?S90?hA6
zIB15e2GX1ZzAmTmL^<B}p~sug;<+jPUaHI0+6$RJ_CDU6**lV7<yZ>Xf@@)DmRMW@
zWN8nj=qk=(w#4r(RhX;uA!Lq}y1~@*q2_Bx^vFOt1A+)wY+wF#;ETP!bYar*R;G34
zhiqZC18?I?&2_o3nh7MWr#P9O?vXCm9YM9k<P)<Ea&pJRK-vM6fLRue#i+#f%Q0`i
zU6{R_pf<CNgViYtFyrPM{}CnK$+XhR$Yxck1s&rZf|z-re@$PkqT%~-OhCp&yu5Lw
zhCIK;vxB?asOq3@HBSEOyRLjbSa{LD=wO8kJm8DNmiOB5fN(#U`&1zg!Fn*6$`1);
zIZk^tUOCcqBW&OEmC5IZqcR&^3>02D^1l9W1+U=v&^EO+G{dsO?2Ht9Rl)o-nUB8U
zk*5_&MO%S$U=;kEzIM*YNnxi;6z2!MrjN6pAXiBamp!5ApDGzFpt16@YMS!jbfu9f
zs{fd?2X#%_@S_6!y2c`-`)V5q_uKr>hciB2NNTDku=Q4=;J>(Oi-)?f&)0j)cAG9%
z;?q3E^noLQz@0HyBY=%l6sSQXr_XI8uN`i#usg#L`A-640G8nI_!aT*s15X58a-HA
zj%<iv=pEutW8A@4uQq6A|EBfp>ToWeMO|C<BvBt)`H}Hy_AhW*<=Qq>%^a!~pLjbs
zZoIa+dn{joYGC*JE?54UFAxk<{|NT!m0)bn53qqTSpVV`@5zjG3gql;nQ3;IHhU}Q
za)8~<w(VGpT=hv;Xz;H;#!Eu#r?Z+bVABgn@>1!5E_(437?)m=J<B%u7FihZ=AGEf
z8tYxZg|vp21ku~^!oV!$64a(M<{0(}%BY+182wEjFh)(Ze9$5l*CK&w*P8-#bqV4k
zWoE$D>2A0jHZ#YkIPEfe^_0h5Bwr;`UbNVDy@{q*N2_4BmRihBYEvmEJMpg;<kHv|
zz(MAe*mf~b6=^R6(~=&rGrjYAj~Wx^WE?6Brl!McOH+~DWgM1F)Wx3OUj#q+8%E*z
zdhBQ>s{ILRSjfy(YYq$_DiWU}$MrpoD8yn210ogO?qm8H@EN|WYrV#UZ)r`zJqfw9
zW3@nWts?yamirVz&ffv+SCAqk`l&F92Au|KOWIAe=J_N(lk0LQT)hLzV#UyCbaV>G
zkMJ=3xyLJ1pL<l?PKzTAPo}!UrYgjQA>US?GrXxh1#w1}pX0t6z0<nPjcftloOm8h
z&7QUGp}EEeteW{H-)Nd@=9P|fU?c)u;;8fD0M%1ihqsVui#V{q3al4!1qgWSh@^B7
zH*~L7<CO0LN<GxBu6|_>zX&_R1`NT5(I?MkB@Me9k4B`U0MY%4)%=EvRSf5>&c1gz
z)3?cWX`dtHpgE;MLGN(wN`oC#y{7ySiLj6SDpxIpf<I@~7aS0Qt?F?caP^O_;1r7+
zqa@-lwv;qyM@W2acsOOrcIM7zF%!#N-U;A@?yv8Gm4<thE3F7@SN|)`AzcOls&vr_
zI=pw+TM<5{e@R37uX>me^1g`ZKOUgq<2e;Ri>wk73}|7p(ZM#?3L?$@HFvo+1ygCY
z?K6~=WI=K`x{)d7zV{Y(An`SmlhmKb-rx^5gH!bU7L`d7VdOp<9MNoW2-FYg5_;da
z^WOex2MUdl5H_VQKP1tkZ}gvli_io&ZA_o$<ZuigMrKW<{B;bx1*3qv!_9(Mp7tlB
zh_NMG2cLk1D)Iy_hKAA5KO@&h$V0!e>mD{<JHl!<_&!CmxkP<!G`j8iej~f-$mY22
z6KG_)!}Sj2JeOR&ITYfG5U%U@SUYK0-qC&&_;M#T!r?@z?!EN~lVkcz1V30Bz}v*I
zBXJ7;LJ9P;1YeO|p2rqe*3HL(o}QX;RU-_;cx&H6aQ8f~q=5zUY6!;de(hBIYp&PD
zEP!x$xMJL%OFu!Oqi+MyJ`sbm;wOWw7hD_`2H1fDc5ZIe36-&Q)PSw1C-NF12m7wn
znHzl5&6_}AL0OuwgL!3DSbVe}cER><LPnW`xmaKDY~p%!WI72!fU^O`Qy9kNar(~f
z<}`euHUewSmneyW5a}?q*Bhy-Od<HVokP6q)z1e~qq?>e`83fW;tu!$-yF7q(akeS
z`W#gd+iT~X16+Al+g9E~(uwrqx8OpP*6Mok)UVD^Y7KW$@_DZ`*mRm<0(PLg@2kZM
zn9b&_wvt><H1`24&?Y=Ezj9ZoE5q?|AC1<C!N_orxYvmMe`6UiV8O@b%ZRx3;0|I9
zK`<fu7i2V4Ed0m9B$B|@v+^ETcFr&xqp=7`h5T%Xxa;DyV&Y_jpTqAd!ym*yhM`RR
zhO}TQk@1FBlN!O>Xrf@O%cYSGYTTR9*e)YG964FOT=d6yi2MYY6YR0%ij0(l)`53o
zwt`0W3_8P!V+nRTBjJ&R@YZu#1*mfdZS<P~`J0SZu{6odg+4$NAMS5ejQ8m?@5uE-
zsD5hCu+jG?<1oJbx?V27Qom3y=}9I9m<}VW^)xWF`kPlnPg$(Sq9?HVEDj>M3EkNb
zb@0J2A1_-=xOdoE<o@CeHXSq&sRVSU^2|BAU=)Dp%F-zGCt|Xa@li7+i$iHQ0P}Pa
z`*RTC?AQgO@JeJV7Km9~e1O%V$E!HsqR!)BGIoR<*vY~%7Vxj#bSAX|%A3{jYtfDu
zbxJs_j_r^U;FkIUF*_n9ufWpuFieN>AF&NDQ6;}fB>YKslt#RbKZ-wo>@t!r)(FvQ
zk#1XCJPT!FTn`Pv2)l!vLLb#E6!X}xgi-uy*p)k5r=BS_6t@~8nxcb%e1R`xH#kqc
zt60hp9z#{f)oU7{S}*oj+&wB7Y|yvQ&AWwv@9i7>k6<rv623)Bxt_@^nh?|)MXtZ3
z!>!36Ila|pXFL-Ra6#-W#T$5U{$L3p^pXIK8GTe_hcPz+E(q2!vT>>_H{ts(tW*@H
zKUrETJI)dzGfb4!9RyBjVJT+6KbiRk011KeYYfqOraFhoRuAqOg^(kMRzyoU*U!M7
zD0kG?8p;X^*?>ob)9>7>C9EG*pR=L{2xBgg%wTiKSf8(%`DuH`wC;CV^HW97u!ykP
z19d)9)if_ZOsS)g5&>}UiA|3u2g9bbCc8YpI}5Y|m3(RGx_{$+guU=DIJ%F~0C65q
zpa-wLCDkqe83f4kq0Xmwy?chZBu|hCwgl7WwaBLs%#Fwm5Pn%0lV1)U@9wg~eZDvz
zE2@xiCB1yVzeFVz9>`bDpHr@#n2;RXWhD%ZQTy}=2@TgL70YF-tI)8lgAXD?(@9oO
zbZ>knk!NBLgEd%9BMGsz(uc^Nn@TXFA!B3r_Bmu?!1JB^eE%|Y4WyYx?sFCk=^C38
z%_)3+v6!Em)p2G?FHGbiqg`xCu>eluFDivTf&cyUO8o%;Y0hy-cX!$()A^fQLthVi
z45f4!Ho0p!_jsT$BCN?zvQs*@v3`M-v#!9Iz3rMQbtOkmMtdWO<xK6b!&QpVoDoJb
z^r2)NK|^vD0MO0QgoFFqQ{q8%2tSGg-x?bsF}YCJ0@`=r{@c4gjfNaDJ%Ymcngg#>
zq<&d@+3Nv7eyd8^YGMWdSfsq-WDBRgmvWhN+veJpZPvX4i`#9Zj|?j`cOOJPfwmNF
zk8^3!9hV9DQbD(K64JK#ia-Os4T=2|(Wxgb&><6AKJmVoG#X(BDv~dlC&qxdJh>`$
zy8Cm-fp*md$vD;b&NSl<NB38zC#Vc+9$3w;F3ds9qIp-N{R560XNOhQoKH)El$LFv
zft7p0Fy!bFx~D(QOWX0`?8<&iat*BPtzch33zPx=wrWL!_0t(f{d&S8wYp!&`EmaJ
zCm=HkBX=l3Z~hyV=LL1j@x?1Q9)eRhP;Y{r1mR%WGyor$C464FrQ3r&vlv9A<z~6g
zS`ThR{yjeMF@n^6ny;7p8Zef%Hy58HL<cvh0Iz=HKJsx}r7UySd43rGpzoqgpS0FI
z_n17nPWWhm9-hy`qQW!*R)=l$$t4S*N!&aqIqw_*7<14QEB#o8-rcE-e6X=#_kfPW
znY3UW2B|OAmg4;Fg%PA4P|y6qff~RtoW`eOoYzwX#>vmJwF|VUy3mAIQkkR-!cw{U
zolhI#&=I`Jy%qcI)+{w<$3vO)-6!3w9i}K)cH#HNCa8fJ89SVpz(4xZKm{C!bcaI4
zG|}GLFzg*DF`&S189jY{b%-&osTL^BGvzX;6yZNpX{&ou=zYL5YGDJir$7(UohrwV
zBOP}+kb4F(90U<Ft^Em}wR2{vOpcw}<3IkfbKJ&MjrS#ibK&^#zkU{uFfyN#izi$e
z-+w_l-Yfu~T#4c>g}}VjAdqJ%esJ2w3N)^?|HAIv`ok4Nowjqw#1_*EF%bZabF`1#
z%-h&DYCHPlne3$HSpn(gnD^oh1QH}aG7@sqB6`dO+CIH&F8G$E<hp#9ip638jBHB8
z9lUK{hGwD-=ZKSgPJXkeR%UKXbxedJ$;$KoiAZ9Ov$o5m@o&a1=<IUHAiecyUk!RO
zcn7(Kuj{8g(c1M|`WPsO>%_@d;!czvo(5=5V?d4%1}cHLG69|TY8mXFH+W_KcaO&f
zsDGnF@y7SL*l*y_K);GsTJR(~r>a8%d3*`ra5JzJetn37uy}K+|M{R{svT-!9gSKQ
zs;<@0|ML_30_8Cdxi&c%oW)*U4%JvJwic>-g7dy}nCQWf&jZBMuu*verLGRGR7eBE
z(%^IO?0hpwbXa|R<4C8j<_8$TUTI?Vou7ubPjS$hnMZc$lBIstE+=<35>NcxYj`2R
z7~gqy&h!);TaIUZ`UM>jrLBGG0GySZHH4Xdju=N1tTR9(xw#(dCa}9D2N~^S9~m!t
z4rvBjZhzz$=jG58<A8zpPq}VRq06D*-46K~62kDz^HA~$<*j{^Bi?~Jy0|AUe&MX<
zrH=Dm0viUM>iyrzAuERna<jZEMW=<wmnF23U1&N&63@t_C*m|^p!`hK`sUiuWR%Lu
zROce(ac2nV4R1uDC8K_faQ$$K@%9Grh3`!<o%>HT%EKfRF}{P8oX7qHo<UuP;-Ga@
zuN+*yZov0DJDsgqRTH4EV+$vE_8l;2?RuQI$9ZiqS#(!Hl)W(so17%HI0zGkfy<fW
zF{*RTb_qptXb{7JfLE?SuUBckI|v{6XQ-E9!@7|*<Z|6O!FBQ|;l>#Nf5>|h?$NO6
z2qMo3^y(mI9*TiyPV*U%FXoBVkPVVP$GaSL5J&@Q(Mx=J5_7MXGXI?)SLL3->VSwN
z=S5$;t*rD}E7ls|HNfV8`cjK%8j?&w(SsWKhjmV8;alE*Y>Q`Sc+#^$2H3KZDH*pb
zFq|{GMxy{pp7&$!b7YqcE<3V57<DETFw3MD-rz;L?6yBEVBY-`@KXKfZ#xIn0_85J
zsc#}mkMLJo%5z|rFEVIXQje#MMe)2^*+f)TX|pik_@>qYNMy6kN^rEjIYts{#Y-6o
zx3}Xa3NGbrUr$qKK(Gz}JxBicoB$z#WRe_6PXpIn#vZ$I%CmL2f>WxO^7`a%6dxbd
z+(lzr{_<{pMW-VA`%#2}k7B2(0jWSaCJP7(RyrDkfKi$3jTR2@-HSfXl6a?;eY&}+
zNP-;DP5iE9S-SmJeGSN5C@L~;R7xiNK0M&6-FX9q$Cxi`@fyy1X%QqqhGM=V-J@jE
zUQJJ6J(jA!n2zOk`+iQ}pM*7R7YU*`pxPE(p2_2v#~%m&M+-2}s=^z(70>wHKbYQ*
zwn2N_L`LplHCnz#cXOQX=?NYcW&?!EUIEZNMd}T<hmu+#HLAY9wV_o_HiE5q@fqdL
zn_vTE`HH@9yYSy6>SLhEG`h1`&Y1yhFmS<6{IN7Q{?OS1Mnc%Y);>wL^~^(otnqo$
z{u73gWk8>cg>>Cbg^MNuPc4U|0Poqo0Tl9YsS%=rhbb-W_v<30Z7b_~Lwt}D^w{@j
z?b#BMmL`^ew0u9AfXKJw=Y++zt)YBG>~AI3)*~Hbgp9s!NJs&=HUWvdi@>w?0q|Mb
zUhPZOYPb$Ym==^Y#<t))3G8ju!vT8?g}q_!dZBrjJcMo#CvJ1^Ut(JN9Ac0bXfbhh
z^u%I5Ilt=KwP9+wAP(!nL+6;e636#HciD4>FQD7CuHQqqBGSoYm<~Ef@8QSjYwoNZ
z#0QUDf7F(-9;6j!fNS|cM%?Clfh${`u${(Pl{<J<T1^SnR#gz}P}l=OD1I3r@Zmj8
z^Ust4WDfk6nO(B|QF)vjQcC&B=lIev!z9C8NOztN-&@e0Rfb2}2Jhi6d?$Z#7gw>j
zkRxXcsC3Ubd6Bui@XO;xlGXZDuN$wWlqp9+BCu5uzEoS8Pt*32T!w<9owx`hfqV!c
z)5rMTf-Q+p73igtOrBc}C7R|GB@#mWCo`h6_R<(b&8S_mFR8Q5P9vC2n+6HRVM;mT
zS_qIVu({fykYN4W(H5eEamuu8n=6Foo6{GKv|_+WuKeCczaN`d;N1^Q-kW%#nw_^?
zhZ3`LIFmqpvJJIwyznv5?Wf2NX)tIuAMN(beZ*<=9iG0@blET9N=c9-xihQJ5bv${
zdj8s3t?<zx2-N%g#g*239Y|2zHi=-hu)nfk!yPXY|CMY{%iN*-8TvxIO?C6`E_ZZb
z+#lBa#dUw#Q4#e1$DL$e1S$iyJ~_@Q2;t&ed7uaskB@^11KyUy7@-T}ueJbm#0Iz|
zMHcK3&~EEbA1?yL=r*PfG`4pNbH;O4xSgSgiwAwP@bXVogec7g$G5L8^?|iKhCM?7
z|4*waP@*jM`%a|>{32gn+{NBy$+j3H);m$(d}cCL-a4uk6_Sycyu_S+47P{4l4`;U
zfZ0i;;xYC1ik(mw0I7})bDGu^waMe5D&H;b8ui|?=@2*jj}O^Mm(ykoprWGXF#Dyw
zwr!ibqk+B?4-DepeGKwYGGslqPnv>$2kqMJ6ReJ9!^m{nx;UiLF}i^#Ny80lfo_kg
z#+0im-$4Xx*^m8?cZUITAf(YjkfiXxKO?gK-I0W&0fwm$d}_E^Lgyio9tV-yf&kt4
z4q{I%3c4jAT*nHOYjaqj5x$=Gg6t$=wOQ8qBGqNQ(FMj1%!-2CP|)A8*~k5(q#bee
zL^IkMnzNZq?cl`YIz#$Z`r*D989`}Y6GPf^25IgNUmT~4vR$4!?WmgFhHeLG-e<y~
zgXaQNdnl2uN`E!TE}%4>Hd{OLx<q-GsM=~^iy&4!tq=pUdM>z92O6;=4#dfJ7i))}
zvQ(WL*KuY5xdxHrOotPM3kS9(O)VZ%0j3I73yc(vryY!X&e)3q4u=XA&>8adF?`EY
zcE7bYYDjCh%H>)TLM7Kn90)4|JKKF0J{Brc$1zI{xYrU3|BBQxm1$sg4%dJpZKDh3
z(WL!gz4E{g&|~?zQ!*=3{HQL1it@l*RfhmiawQ2=2GL(57LEa~09wK6WWHRBRS3Z<
ze-y>WcxsT=ZT-tox1BJ(o}bttDAF{a>ub<qtQ~F#kTD-AC>gP=C@AVx2A#*4Cq=V|
ztAF0>2jNeWxL8K>nBE3&<nbek9e-qE1F=Sem6||1CT%ZZ>0Z1!QfFA1zX7E84``^)
z?YEOH=Uh(hz7N23IHnocp(Aq8ptj6>8aX8`K<EF=CIIz!`Kp6<_l4JH5nOQt&nLjD
z<tO@t%q$Z8Xci8VghWf^l*ic*=%wuI6|O!YVH0;8(fA0?T#Lp8D)0SA=L>wbI>dud
zF7Gn=e6UacVs|((K@jH_7-Tv%?3T3KEg1?II&A`I?pHT&Dofye<2P)s$za!GyJwJR
zqUjSzZ|O9j3v*mG^8hB!fbED-UCXEqpzXj8P5ni#h1o8mkid%s0M1#!u>Xm?HO6!4
zoRgmk!JEVe&n5doUh2j>A{h=6e?|$45#Y(h&~hRFAenU3YibCCTin#CFH--em8y!9
z+-HB8G&d<uq6&o<gRy+*&(oeDr$2^ZKf>Q!DR+PD{RU^lOr2~JI6rl}Lv^`MRQeT8
zL^M7AeLSK-M+b85tnh5o=THruVpQcP5@%%_4g{_bhfKfS2*Cm$K=&VUB&hmDt<KSf
z{@#313Xl}O0+B<myGNEx=YJ66Ixz8p!US%}eM-_5c$P^5DrEYI;#>FI>)YPlL{nw4
zR>z$!rtBmQ61<0MnhGB#v~RD2rGSo0X6$gv4{5u0-HMm&nIUluY%#(1GwF6FOV{>p
zHu9-*>?t%Vihlw(cs#yAdHp#ZR!^~&JVH;AML#WKuH)$WSKcIgh#$2Yk8IBV<h`=`
zM*YbbalpFJ56Lo~Gw<n3wcnUPb7cKb$buNda-ulUaBSlWi<Mi?B?4K$t^RhmXScCU
z`0oYM4iZQ&_YO37<0N5jxYpKcsPxVFd$P#RgRZ6DGwjjw6d;feaA}3o)&KvJXmh}S
z*m->ps|6mb7HsJ*rsp7&1~jC0Ka@yRDWm1oh6hk*Ds@4exX7PHdFg_d^)yN^O7J!I
z`{p+dr8?$s-cE6%?0v~ULb=T~63hIltGH!}sjS?gNH<yfF)00&V2&8(XA%)%jJNRA
zLGYMw;Wc313fd^oRn=g+!EbpZiZH)q>A6bVH9BP15!p#`8yqk=;2c`cYDjk5dA;j2
zn1XORaH@Os8zS{aH04viUA6fHISA>r{dUd90%O!$#fIQ5cTv-Y<Px7reW;oHw67$p
zIeLqi$R~#OxYtxJ$YZS^6-4k^JN0_iY6%qYHqmx~J3z0N)7B<rOHvV^Q9iW2c5vxk
zSFq)acqSYYqPMSiXqP#MAPXr>Oz-xL?AYp|d=~Fu4ZGk~!u}vP!TBKMH!o?GC<HhF
z*l%v$^Mt(-(+;#_xhyZ|feNVVvx&p4=abK;GQhIPIKth%dA9?L5G8@W(ZBZF#_IkD
z`w@J`VE(9)rbqCu*hN~*FSvT_yA|lPx+Snx>*9=IK0!gufIsl61WTo!jIc<3W(cmv
zP@GzdH*1*cnMxVRdV7Yjei?x0cyrDZ(#RT+6@J2Z@{WxaO?tdBy1h^p;oC{#Id_Vr
z`IkR+qZFW%es*jg4+nSRvW6D@1eZmNA>(0u55g2J!Wm9{WxM<}ua)DE!0{vI1h{!;
z7T>oYGtUmh4`XXZ>>^Wa+ikd25&AxeyDWi_jAdlR)xd45=TE%dC{*ZgU#crv7#Pfz
z65D_1u}Y@V8e+-34FP|l&4S0A^FbhE7_Zhf%g9bs%+pSAgMz><jI2oDp#(1U$0zLI
zYYE@OVWuQNF=P|=x4#EZ!r=ZL^gQfDA$Yv>0Zkr<L<uDduOcWrL&I@$@Uvv?Sue;c
zMh=V*Lb37)l6vI9eH?IDS_+@iymBF5NK&OjiC5G7k&x0|?Ad3n@^;K_ctHAJ>(L*O
zz-`uh)WpW?YIO<(dh|_F2;PwcW&?=u9KRsP{<6KY#afyaS>5ZtQxtY<tP^Lpm!qGR
zWL0=-fHMaB!6U%|sR2jcC*Con(H0SrWm|RYQSn@_k<qRya`vI04G@!TIYJc^y;NT@
z_69krlijp3>ff5%Wb<D4gf?Gwd^8k4G`D&FjrGpF3qcsA14{yHUz*cBDFuw>-{(*V
zp2OB?Pq?YmCz<A^7cer|K~${E#kHn&%fCL7+l%ppasAX+hiH^B2f{oc`Aj%Z%Vq@j
z?FRGQw8vlC{2vV$nG?KVwR@XgW?@d~E(6tkFW0R{26XfXi%(S}=dJU@$l%*j0+^$e
z9Ctn67?H?ON|7CHE7iSRf*^9s$|z|8CE24IC9<komE~AZ@0^RwejAa2?8kN@iMZj`
zKyg;NCkEtJM6k(NltR1b>a?2_!99sQ;npCRi*zs<?TNQzDowMtIFOSF<M_g+zlp`W
zZ*MDynz=0k;nv^Y`#ggFj$q=ekq|1q*{twS#H(8htUWjEb_y6XHAxkmYBeW%gUO7@
zCOg$HJ?9*p@SNt)h0lSYKL7Uy?t1#iSzw;<F5o=>k?!dz2Gp)fK0We!&ijH!u&)}P
zftVn2MGsy|xR!5RSoF0m{*TuDiBwM&*t6Pq`Z>Ub4_2lo)F|_rzK@)w5Ep?uK4uEz
z`|@^;{BK7|pb1=(=zRUeyV)8(;+<gW^F`OOd@{hObuuKS1b&=C>S0;x$H@R04Z=!u
z;Xrd0#{2}H&w=hW`n?x#fCygv6gtA-$9t0$R2L6LqGEdi)blAwFnpbVg;p^~S=;lq
z@6Lo^se}13!?qyu#uzP1mhdB_KYdbBb{}eH(c9V((E|kHVTO_W66>pN_1P&xP=1y7
zT~SeWOCjtXGKhuPMVpV4sUlCd3xWSP*vKAwsmI=SJK1zsFSC61&LyP!-_=;o`~;Fj
zvj9z{M0Xy1=XAiq5VUt-nZ{4vQjn&R%87aINy-8pNN+C&%Z@k<st}t<5AylpP>%EU
zF$VCWcj8*-;`OzfkURf<`AUwfsh4sPg*I96mwpK&7rrZoCHi0i1VfDKB;Q@`p;F#@
z|KbXBa&=^oo#tj-`?XIt7p6QSfr6OZGuGm^H}Jlo>u$jFl{|`nMIC@^)m@QdY1S21
zDXV06yg{~P3&09J)o1!Z3_~E1jNLwEd`<+*$5tKAL-Rdl1Uv!>3-AGC7!-$F!N};1
zeTkUi@X~BJvotm+vQPv@bD@%XH2(CeX~5X~GU@yLo)KR7_*S5DAW59b^Bo={7Db^H
zQ`QXzL|5eU_DmSvd^~$^D_^ghr>C=%MUKM!jja$E>tDk_rFPM>;E(z}5%(K~I<(2g
zir5g`YZU2FTP?IvD1b&mLLhR|xLJQ`iRip~mEFGF<24hw+f<+hc?#!!e%Mxfrbh_t
za>5MpJkv$+dm0GRujE8_Vrv7*y}`h}_1kIiH4i`(TfXKw#{_=OR|dBflgD!~`BiPo
zd3AGqz0j(1;d<h|k-7c}I&)fa9qC|uT_&Y6H;^DZ?BIP*vQ`}`j!WBp7mj<tXecIw
zKPo0fLnEd?{|&BFI>5A1`uvxJCIlnHqAykstZ{9<#!;%Yx1!%xTsnbw`JdnKas@<K
z|M`1&ZR8tDb-`wN^SGxtJCi)hw34fCm@12k;iSNfga<6yJW^cW5fg$_PL_g2vn-ZR
z7vkRaawu6~K(;?S+^9v+0sVtNQ`Q5Zzq1}Ug1y?RK%Zq}4a3sXdHsuf8y)=iLGbp6
zmtnwi^bxZUak#cDap+@ELEO+s$s{q`snvsXnMR@}&N{vp-@fVdy<vV`2N_x%>Ig`x
zR}=PJap2Wrg+N#6CQwF5kUvOw_q#nzqb}5pdnE=#SwtB)ik7O`xq?I8w%86z!51S=
z`Tyo&^d@pT?&)`ipl(bkle!12{Macc0mra>8tY6lslM!_0~W~rXB_K#$i;(zJqcr`
z`ufKkXiAKeu{1AQ*C6kL|M!m%IO+^fj9{bfT1Iw47SGq^13JnpEDR-uVnA8G06JFC
z0uC4K3lNDiqc$kgQV5F~zAGwYCeWZYUtW9gq$|=gfD9QK?kdermbG);C&1ONvTYn6
z6bN)3SyZiQ0bT{lSj(%*a)3KQ&l<I0V@-`HH~IHtm^%N@4?{6H49eX50@#v?wF4wy
zsu$9~%hG9SgqT#C5pSeFm~-CmfW7)7eX{E@F=q>6?(yV&oKJ;dN~b>?T0Y{3#lv81
zCu`>A%sXF=Bgb~Me|meNjDAp_vh4(_%-HtBIoNdKS&d(9OM>Sc6q>r(0wkfV=5n=V
z+Hf;9>T!mGVirGIgO#=DOH-Jt^WlTqn{4$F)KZiJ7Cb9>qzm?_AUk3bP5PFTGCqdV
zl%ZSsB>F~u_A$oUbV^dt_NSCa7IO;xbADMN??9^+54*qoO}ztSP_=;1;XOVArsHq>
z&#{w)Sja5+PH4>_UhZ0Jx6&GO*y=q!+!0rxSyo(ew?GV+g;imOnYL`a6aXAzM~snf
z7Q`gZYCzLE`T@_JKa+lW1Ku8O37PFBzU{YjqmynLR;;RpT?rT&O^o-5-ixJ(a}AeF
z+hL#UMU}C?exV9IM<HW$F#D$V`dc|d?Oe;EzuVqYBJ3-ZbPE0L)aNt_zrocgsM=md
zybti<TY9sImVR!Q<k<}Mb7*;x2MRpz9^)cy?h-qNe)Vfi;IH{l`+gz>`)U2&bTi`9
zvUdjfn3jvn9jFL0TBzc=@!VCk#d~0X;jcDCt`qJm2r9MGT*a9Ll{Ua^Ae8v>z~|5d
zWbb=NNe|9Tc!OEAy<OB6T%^()@iT)J3+>Pe8lkV~!0mwO?Y6t!3i{vg1>TbSuLei!
zk;m3oXV}lVA{oU3)GW*6khz9KSBEfu4fAh{FDruk*vDTLH#9xIy)y3Ic=Zyz*ji%)
zx#wqX$JG5vag00*Ue}6VLY?`r-7E*3_;bdeVAEHHMRTzJi&97dxwxh;)QSm@ec9OC
zOVe~H6)3y5AIu<@kHHPxZaTj|Lj=4_M+DGKW{Od*zsc4)0|5o{+*Vz+WKy|Z3y_L^
zFwm1DFU;2f!nEhh)n9GhFH8gX%WI3-K@oKHmV%K<Z3#`PwLR5*TWOw`H+~ZP()6g2
zNiW)AAiGD)Y<kr95#i%32Xk!-{`e-NuCP~~VZq=Q5cJ%Vo=Q^SGwuoeb-P)T6YuJV
z7mS6KRa$C9#+MqQxtx6&0=nE$VELxQe|7i?P)c>)VuRcveyvn)w36fu1HV5%s~%f7
zH?B*VxOn~=FME5m72$v7?sgh;sp%<5JYG_w!SQePbK<3jna+<vnb2JCnlg6zk^TYq
z;MP!Gy_Dz!4$IQyktVg+u`=pF_3AD&A$S_CS-`nF^nsUf^?T!~pUqEEEr+O^1rZY4
z>pgwyH}9!hg$WHm1Mp~B<Y6^h+XL{`KoTm7DOQ67Z=ym{_iMElLtu4|WutdB<-%Nk
zW@E>eP!%&**c@jWj(;>ZP`0Wc0x(<u$)6o%+5fy90Qf7N#mWM;(QSQduw8kOF#!XH
z(WlCsmZ69CI+4`@gp{GuH;(%AwWLDMPB^KLexrT&LyAFE23pjeo#`LDU$VG<dlnI<
zaIR-)HE#96)!G}suwNr%+->3jZ1_Y#VdTpQ=!S&;2J{3=kk{kSX@#<w{&7^jD#!F!
zL5Y~nPMvROLU*O;+K_q4K-;H%m{0Fcc-Zq3KZ<w_amTfH%YtOREUn-;*z~$Nq6AMM
zE%99>%{=?{5xpy|fQz)DQxsYsOm;LBCV<t!;Zy%@9WkUSiJ7O%F5~)-wAIxr0|A|S
zVj5!K;*0x}6V&g=(%Kn(|DRs|-4^235+PKZJJVy~w#z;y<D*4|g=Py)Xmpyf0(44s
zTecR6C~N%)%ai)t)nX{(MqdSkgP9yHo~l<zE78D1dCCTJ>E>L?IqcWW-j0?Yz(91#
z3}dyB+PSwV%T?h%WSo97Jm?NQ6fDLymoeb+plz<$>s-~QGoyW5x*~tJ)<qcit8&Ci
zN%eWt8#NMmP3H_0u<_#_loV5BcKH*=rhDB!9-rw}F);#L(|`=kW|T<FS%*&qY1U+^
zY)O3GWudc>BY7tD<h=5t&)<MLfP`@bJ#Q}e+AySeKY~u3|GyR}vskb|C9V!N+@+pA
zd$awWp)~-8pX!;2#bWGdGnqk9iy5Pc$IIjAa!O8QxI|-aoVMNe5#`g5>_F~7{w3QP
zOQ!ymIBx^3f<gd0fXAWSOd&Z7C{2_&?X@n?%etyqxPeb0kEK1VL-ejMqGjI{)3ZV6
z$YOACe%6zWBIBXTurEF#?XkZA6Dh~0h1=4n=qsKB5tLM|*zmQ1F=Lv-+A}DhIYsN^
zuo<ZqAB_U;C3rF4+WHDy*`R-M#1V<iqwFGdgH4$NEuU5PWqI>eAUx7m!_)7x*Tnm%
zUFL)H!!>nk4M$a3NonDpYjB|wf)Mgu2w$cTd=Q1JFe^uQ>0A*V>3`d*+Z#I&C}3fR
zNQjtaC|*)z;f{$jn2gzl@6^6OV;v*zl2Ux4KV1o?tr|**nBRA;Mp9=h2lRb`RoQ>a
z%0!bV2@J3*El?r2pDmu0i*Be~gY^ppMuu58zpRQmm*|>J#s+?qH@zS{=pm9u?PW3Q
zbj@i&l8tXfw#IKTE!XbU2W;;Ps-0bqoSXc37g5yYk0bhZDIzOVrSi+<NpisppcP>K
zMj~ILt?iS_O?q|}jBbuK^Lv2hK-l>WC?kBhNmZ>mRX~Qkd&1Bh35;Da1|3e65x3uX
zehsjTm+JY>55ciUlz3tQV4Fn`<qop?VHSvi7*F;4G4F;OjLQD~VlKcJ(;Hj_HqYg&
zLyymK#Wac0t1-+T2R^msY$iGoQXx1ZRfnxt)K$~fni;aivU>8WVCL|**{-b?H|D)K
zLBf{%Jdwn0|9t;X)8(_;&Ei_y=h+4hnr5I42&(5nCTq)ZfkH;8K>iqyfYf}ZkRw+r
zbmpO6zk@Dzk=maG^K&?_nS{=ik)_&8f=l~ivmbyEw?^nW;k4EQa*B4mKIBf8gD#Fg
zTmW<_N(=5S{!#>W=Ep7N7X<IkyA6sqnFUOwg3W6@RmC><?v8Z<7O&B+SkilEg)j84
zME+sFAdJj7kCWA7e9kkpr_;|4dS5r4s6Cm`!2Qn9tf19kevnP%deYDD+0=Lm%zf0;
z$=U&-xZ<Z&pq@idixY2;7MrsTq{}D)u2x_8MWdT==}r#WlB;HBA)=1uGe}7@Jqp;V
z``?5y6Q{tY2SCiVs9L^1+N3U^HP$&;DKFo1RB!VG_Z;ANlE<BGAuFyPgDhvn=VXj}
z1`?YdW@3=&^28hxGG!9-zPgtTE?*t?aggclZx0I4E6tTZ5qjF>@=y(R6MoD&{0Et9
zzMfU77w}U0DG?@ai3wS4xE@OZL^Zm7#RRA@;z8GU>!@7<s3aO;^b>cLq%wKnC@C;_
zD^_LjTrv96Ym!XXnhyPpjX|0!&v}GM*w@u`SsxlV{zkp{iMKq(qaRuR9>gWd*Li8N
z*bKXD7F0#A_=iA+u{{U5q_8KjCj&L)wZD8wy8BwWK~U5iX@QfF?R^MHQ0fA=5!<vP
zXq_Ehyp4U{WTlB-6Bhb*&^NlYkhTaw!SL|(M-5Eg>efgGhR*L1ywS7TkPm<5#66K|
zPHkMbHT*@ki4x9}1c4AiL<Qa|<QUk$V50-+k5ScAI~C!G%UzFvpE2`&m0P?lNkpgp
z5IItW<|h`-0aF;p2ne{}r2VWvdY8oyP9>uU`LnSp)yli;3wl!8(xG*q1(eZ(b>^E}
z3zNuer>$CS0*_Z2jRI6dBCBW<E<$Ee|L)MY8Ze3M6QnXTudSiyawvpeGiYyorXONL
zd84QaATTV|u)F4UnI!Nv7E1nD(zsWpTA-?B&>gJeG%z8Lj!<+)sV>P~`d$Z}O%yo6
z?S6}TSB}1}-*Et&?2_vtx>*E3sZna5fh1rco@=X{FOkG0w5q4}j#77xiK(palgMs%
zGwxzCSAtcq$wy1u9_$I+G>?K{BR33J1usxZ(n|__%}*?p6riTor=Qrcst0_d;Sfh#
zFuC;V%=2<ueIhq)u}W}5&-X`!lX0)f%(p_>*K}u98WUa^&L5orZ1O<M{!~`HmJOjI
zfo|b1roi1p1qR`&_H*=86D^*X4WZXBf2M8i^P}wR+^$)@GTrhq(3>?TbPDCx@9W4-
zZ6rB6R`%GBs67l(Xu5PrjhF^XF9t&Ha-tB@usx#Z;>s_xd)NJNg{m!GVgpqQDr6y}
zqBV};l0X656<%={H<jTBRr5s{-hJ(3dDy?W3cDfrM6oni+P>B4F6T4_oy=I9J|#r!
z7y)}5RwicBw>|fpbJ%2OA1tks#s=={Qfz>$`5HW!me+sC=N4kVJXSPxq`UWvE7{hs
zq!TV?uFm6B^J@gW%@_?ee4(;RPi*`cfZq+8u1}qodrv$`qbwYL#`Ph=9cY;RX#HqE
zxSy%Z-#C>9zFiV0hppdT{ci87)4F1|Ink)eAFN68XP)f~Uw%C@Xwq!B0OL4u(ToPq
zCb|B4)f}l%Czs{`m<B!-fqMcL{WklU8I>ni@XoI3`QOJ#gncI({t|%;Vw2bm@}Avn
zbWrCxgIPCm7inz3_>?z}PFJ%*aBnTibtL~FM1cS&#W=hAvG+S6X4N!@SS-ra->gl+
zxsi(QO%0GVER)&x&{#^BANeuL=4*D)4VK0sj~BkB{+W4k^c}2HX9#ptJEwcl9beer
zQaV1U2(y<R#RYf)_g9u6tTaM`-)SDFi<@P6vd(@YE`tQI(6t&OOt{U|4$EoTYiSD<
zZQsOH{bAGbTdPi|qohytM!WfxM7=?L^}F49G@vzfG2NOLZ#YPppnzd~c5-k9ZXH7b
zDCbfu;_-O$I63IlH6I>4z-Hn~7ZeB-8UgpJ=sj(Coh#su$@Cj^vRZ4c$!@8<f*#{|
zk%o^C1<Q8GFLQ!VUrAE}vry;d?nGqm$@F6b-YHX(T|(R1NBD0pY&~()B8Th?4kNT*
zecpxGueBFxnSJF2=f3v+Ki{d^w1oG5a?F<3K`^_$kw1t)tbYN|r)gk*TMKSn@OoNz
zPeykM9@w;TH`?8zD?&v3cX-ub%ZHq;^Tr`~Kf>Sgi@ufr0Yy~1Wo0d9stZhrTKnat
z*Oqna;*b_(w0OcnmO)lH1!^GUgY=;I)oJWVU1KPb#>?%-40Eze_+4H+5|xQ&LLH>i
zqVq<46k0$Bd1fwZZD08z(PyvB*E%aXeQK}lxT~lTgMY?zvVRDCrZ09D;Ow|nMlkE)
zgiV>MGeT6NCltBA(|r4~WAv*naN?GA+0{8>tyV(LE;dDvwsI(NvkEm=at;R%b@$S_
zNFO9>eqDGX-IHB^Fh%Bi62e!GyJ5mb>Xw^-7_w3hp%Pe4zFJj5iGA5897Vy_^jNv#
z4-nls)2wvHgFF_}Fb()S2)Q>mm`Aqvm&fk*Z?ex-f02>b_KFaT=~2UIh}GQmBkCUo
znb(J_WLCArpb~mvrK}jbUeaF0v%UP(8LC;$EOmXc@ap0;e5nH~N`wpw6sXdN*=~TW
zCfw)V(eTf|rsvMgSm!b7=wJY*0M;dS#jXGm07EuN2-t2C#vq+M=o3kT3Kj$Ma{7bg
z?)QeO(|W+JkO3DiviykP_xEl2j{uQvRK?11zb?;<LN!&6(@}Z`tCQ9QZd}O7rx+Tm
z7&_3MttAS3-KoE6Ki8W~Msa)2=xa4cA~qp!i_Ar;C@e66)8hb^aebi2`CguLZZe+?
z3ogl!=yh}YBloFhesG^bREfYj2#Tjajc&UukQ#*s+L;?pa+uy3^I*`wr2bR*#&#pi
z3F>GdVy~I0<EFEOQ)Lq+1TT*&&^2rY(LB#Gj&3U`MNcTGSzqh$LEzy}b`A#{sGs7$
zX!9q`&5veLfmIQFWqu02h~MBA)3>D0bofg06kk&HB)*>+#olRTmo@yeVfH8=9)BYU
z!m*MIv1(G??fgj$xo~g!ljpL3+PvPjUUAAbKjIkuw3OdZsO-IISvmepX$GRcHPVtF
z?$L`zlK93;ttW9>YS}OKjp-kIqfg3o`xca(=x-IlyfVv{Hp#CITv4UT9R4E9MCYb9
zca!gok{Xd8UR2B?2lB|srG1eyRFy%Q{?Csd)q(I3foBK-eml?Q7qqw4Aa8cccozs5
zn?atG_T1~21_7`nPbW=*MYDZ?y=!mIiTtx&iyIhfw`B%X%%!dVbQIM*gjP+}*glCr
z;KFr;;s$!3W5QL(=l?LEpLw<N_#yp$_KU5E9x6x9Dsuu(xTXL=*O=k<0ik}%S&C#1
z5o380$Yx13Pw9N7l(pl2ZB-zac{HR(&ef4XV$+ThmLL3{RxF8EW%?~BXv%e_1Dn<L
zg_^1H(r*dp>qWqyH&7aqYZ`pui}Ar(0DkHCVkdd`04afDQz;g5eQ)AOkNqouRvJ(Q
z1Mot15h2)GGu}RM)6;t0XTTg9b*mJ>&`fuJ`_!8Ri(U-_jP4$v``<WD`v{}g9*?V3
z=>Z8kXSDt1bj9F-?o}-$jB^mNM@UuvWsDeD>ENK7opA<1*_YgLrTr%88t~R13hxb<
zeI&GB_ZyXbUlZYZ@fAb4k^w+0UujpdAJ-0_$PqrL8>Xa>W#DI?Or5Gn1z8-$23CRs
z;8FA@uCQEJD)Dgb@jV8{zbJSaxV$(mu}uE1%-h@43_BJuOGwLi0gyq3+lhr6%JwL*
zUxH~X$#y;e?r(R53YR#2?zA;;I6Dy1@(&N=NRQ|ZI@I@|)pIfJ*)#`7VsO#AVYF0i
z^=^|@p_ZaIKeBC`<p@fxgT>RsbxI-}?|kq%0Fb5rN69s&=j?lV$V)Y6GX>bIt3z~+
zIcgv4rmt^48d`=y`M@90D-Uo^V6GovbE`?8>-8X4+saeZ*JY#PvgbehE%1u-Sb-r`
zT{9hdk3a~0UmC6xL`hLHDt%J~>`-~J>#;`sE2e;*xkI9LZKtTM<}`OXpAo4A1Zv@e
z`hD>075*=NedM3Dl$z7l50C0&8f$kQCDD{hq(~yDNWt1mQ0U6GfC{r+9fluV>Zpl+
z;8T$=1T#$kXSSiqo|4xO1?AVTkKB9CW=0+)!p8uEI=~cdU#?4l2NZ36V-9FT79~yt
zkAVmNdV@kum+bsoH1ovv43^%Zk%ODY%D#Ts{?fuN&9J9ujiorafS&3(L-E>23VxqD
z0D#px?9}nlxziCIEJ#&C`I>_T$4nW1HpSG44bm^m06r;9ZAc)1Vl4Sd9$*n1sI|Y>
zNE*PL(v5$gbAB!6{f}5uoih#~I~nut`V2rS)#d2eWS0spTQ<5(nLn7%mrJ_bKncT^
zOq#|5`6{IVbdAVo+e85&@C^++M~MEKAo~X8+UhAbc}YsQf+CJ)L=aij>e@h#TCei>
zdjSyk6zmNIk9ziic$@Xo#?DL0%_DFGm))=ok=c%XHmOQbEBYK+N9g*c3l(yBc$}N?
z?5o9EAso1xmpGx4S=`>k9_Y>#*{ydv>#N|!1iV-<$RB9VI0_0;@Wq50x8q6TLy?o$
zCu7H%5EcB4`pb0;$fng+o!y=8@L>T|f)%TKw8ICyzcRj}ls=H1pcok$1Vo#PN-rEb
zLpXNoIm7TddqMc);Njwjb6s!?hxGL4xJ1iAhW5+dTP-bTX{LYCks{B5#5yM3cc|Ob
z7nR}yZX~n`1+K?ozlv())K)SR!>GX5k0$dHeEoA#QU^-_$Nzk=`zDd=G*2>Ee{j~h
zDziG~vabofXUlgTF~n=rf~17OGZTBctE<$bp`Olf)qYSArqos+i$FU*T&d_NAg7`0
zazc9qsHJ??Q<cq44npENRo@H(ki>qgU=#eiZ{9ha4pBqK=O*n}?^eTRK(=?!-M7--
z`wDb{wuM+@Y9599QDJ703sWFeEwkuf{?wR#_OpNBGoMLgLbv5U=g9qafQ!ngsU1sz
z*BfA96$Wl@BIu7tYXt->ak;Q0$nMjty}kML^QkFoSy=B5809s|6cD{Xcq3wIuK?rB
zTj07C&V0sXKKfD?+}cuh@HCEOk6sHys4v!)oCVDU=<|HPvkQWs%}U6I^NADO;teeU
z%&!B?OB`|^mL`Y7Jjhfjle0`PN=38BRfC>>lQ0j5Mk<Js@RyyN*I<Chbt_K3Q|W#|
z8L&Fs`_riK-)Yo*y&l5x-UQO-_mD`=C+K8=oxHYQ9xlyGOYboe5SB1Hf4<%aq69+&
zsY}4ci|2u<1g&QlfBB&A8nCwBU^nOM)#02QFBHvmN_$*wrI@DK|EFrp6G&(_NYX(9
z=Fd70*L5%xrI$zUVk*-PxuI2+H1Oy}n<>v_zdx<yd{=v6*1VD7gd+`ih=eQlqe59V
zS8D7f_~AaVSPzjO|B6+I&9_y2lWJguXK(&AoICc*2^MUjL;yGeFaP@!unDWvh3qMj
zM&Q$pNux#<$;N!#cxm;7Ck-)*^3ji?0>Z`8#(gZV$d+1Lrf!stF#u+aq2<qb?VL6Y
zmuM6CAtUfHE5DxeyegwhT8-0IN*nn3r*5i|5T36A&gojb=fg)5l`@jAWJ#%8$D+^p
zfdPUWHbvxZWX5r%c<@tMb%$p?7Q^Wfq0mu=gr4<&Kzec=hD<-TZzTgy08B^pDc7}^
zJE$u-=?$3AbD{hFX@3au3q>dPRJ21n#WcV@u1zVA0Tl8@SRKa`fb4|OOxz_Obz(r9
zD`=m*f4`#{!e8`ZOalut#53cs%EAu>QZ<o<GLi5b8&ZORZY2XUGX0%oMk&q##Ac**
z0X;?!*Qclb5<2TZU1@Ymf4QCD9nF{G<%MmWYHDq5)XMQ(JWKob3$bIz^4RXW#Ez^y
zfS(kEwHzL{2q9_4^YVtUSsslxJ%`x~W)L6Fl_ajVq@9__H()&1h}g1dbX(P3YEOUD
z?S^d%=qC!vphbWy_U^_2*DJBL=C3wV!~;u@@g!e-;G=Ah>JSQ1Fp^uvVZw#sJBFTu
zR1ZaNXu{rqHW7hqR)+bxKydFTrJ`?p)Ccb_=CM0|=5%me*|0z7i46yrjZk8VRj0u`
z$Z|eWwQt1$KGC^3hlT|~tP4gr$8J=`6bllTm!N=U2?<IXR=&5ha@++J9sT!(5@nFt
z23D~R#dD6O$J`DjhT7teeVf(+I(@O_a@$rlun3Gu(b4rpI1s@9>;B@q#(|JWZS$jG
z>W{vBGSYX=PzkWwpkH3&sytjLCX=YF4mE(jt}>5;^4vhwNIye16mZ`Cl?RN40~ICt
zVAEyAv$qA1a2>W{@m(QS3k`VfN`YnfufH8d|BDId*U>{B!qWFQv485LKP1LhI9$3J
zFJtOYOKS<FbOrnz&kOc)_8lk&8+0NF^u*{QT>0i0kOI<nUMyI-Cue~jx+2ddIB{rL
zGU`mhn9~Fub7BMK>VAS*H8>l1_?JjjwLs7g1Aq3&7#Yh<BCBW?ow;cp#N^P(j>n)-
z2GzvV`w?Zz7h#=3jsXE!XI)A36i%$E<ZD8PAw!rwXh$+hxAuw|k)Zg%J};6fy+F01
znxDBJqLTIH0t^I|onF$7|IKG0!y(bk^2xk-pA=8&aLIGt0|6*s_!}HOB@*xi8eLC1
zuTN&=G^VSEoqt#hfwWzqzNlEpiMwEQkwbk%xFstGJ3}W67O;!LcUSAY)ber#Q?};y
zpdNr`NDXo2YO(d&*PDAo{lje6rO?WEic^jT9x(P#;xyy}48*p%z`_d*2Mk6MD9hcX
z$HoenFndKck-x{(Qy|?edX{Mg(6?N)zaVc7RUxh|QGuPBDPQBR`N&%lyw4(ZeXl!%
z09X^r|L)X^AhU%-&l&RZ(IX-~Q1e?6ML`UC2f+I>l!v%x$YFS|O53|3XMGH7%-7%m
zqjl6X`H7Us=feHSsUXbwoOo>=I~#)^wD(h7v>WkK!xTE{%jH0*>;}%)FZa$`-2;BN
zE3v|y&)%LbqgPrg2Y{P_lQLPbfRYOfT<ux1PshFdzT{*ZOouBtWzX5hpmPlCjoXGK
z;K8~y@PLY%UMR-=u86D@3~lL(dRzCU_EmoaGHc8<Q6UZQ_m@w;5|5UY2zjI1W*QGY
z?hHkwp)RQh5Hq){P^m+~Yc#;DP0bB>zDoz_>DmBNhN=8@LIDkWv#AJ1IIq@I>ZC;4
zP%yWO<O6s2p=Rxg8t+amH(Vf^`WPG;f1W|=HqZrbP83MO#Dk(VgS1tXHiHT&shutH
za06Grx(F5eO8!%eLT^)Dp;90wEa41De6Z|l;@$RJ2&Ph#80^dY^u)`*v06oHSa2=&
zL;H*0AGMi`iiF}ET%YCuZZ3#(_vzxVk8{=H1w2<au=-scU`~218}#=l@qJ1bCPV-P
zKH=5HT+FRMkG&G!NM2W&Wm27oCT=F6JT#*f0G$5JrFy~D9CboFF3-y6HCJSG;zE5D
z20$K5!M^_W=b@493W$(4Uoa-b>I_55bYi%6lc<7zdXA?z^V0wPI_`%tns5J`S0&By
z{UgAgY5TmDRN_15oVtEAd+~`Xeg7)IjH)Wu$vOhv<l1>K5#H~tbXnHG|0vCvDSK*4
ztNdKQKc0ilg6@NXe6Oz%RNSHn<h?1|du`mcw@r*vToK1!143VbzU2{t1i0!0Tkc5|
z1ORTokLu@LX#=$yvnDHhZrY-Z+qb?>R;Bf_yn|t^z~1u2{EsUp$adk{Vgz8<fO2G!
zbgh^XHuVGdb~J(+oH2or7d#|ET?Dj3WFR4Vt7&X*X#K&8p&rqY@6XEiSq+Q+esMD9
zbK}0)SB^UpoFrY_Km;kxlMw#A%lVgWcZ6DV6C7Ab_IDbnMT818OrXb1HU>gve7q9X
z=(o~%I&W6~EnnU6B#ewCG&*f}p4%s&m3dAo*si2GRRCa8?x!gpvc>r(J@tOG7%c<r
zk18K2Iy?lbjsADJ2T;`p-NOcL@L~MtXAbw3jV_oF204cwxgaD-N|Kc}u?y{mdyx?{
zunoKd5@mksL!NSBDc(7MM1~{Xv_?&ln1JJib7!yGpYYDJEy9F3rF;8&Sw|J`nr*_L
zY3|uzTh3gdKIR}5wOoi08cIb2Nx|ohMW4%KGe8Gv%ZD;!<Cb7G38Xx*jMG=Hsox?L
z<+<d&_yQNFp=MHl^({dWkaYZCH+b^lp}$lw^Z(|T9$wM^zxLiUD#~qH7j6&~MJ0(K
zQE~>!AW=X-keoA;C5j}84JI-OlCvV9f`kSMk|k#m$vGoY8VOCjv)x-o*YfOj&iCCh
z?zp$t568P2=<c`PIjf$kdg_^HFGc!;$}_GYRpJm!-itdMUl_q;5e7asH}Dyk<l?t)
zj|@C=cd8TEvrSz&8?Mn|0%%0+rD?cEKC?FiN2nyxOWos~EX84ZTT7HkY!T3)P7)R0
z)VCT9s!RC$2Ob*e##a_3n$C;1CzEROmtDOQDccmuyH>&X2(%1b1~))md0hDa-}@T1
zPXlRursBD0K(G`a5)1gvaeAhJcdOc?GXb{Y=xF?=&DcojDay0yvo{Q7KT8>`War7>
zX&}V29Z)v8y5&0eF*6iry8}D@2Elx14WM9wFE4Y83JBnuFig$BvVyy_lz5)DaldPP
zrJD5`<6p48xsI&_gIm|ZplTu3NUr;^l^O&~`V}XFeDImR>Iy`?=$E@>=Qved0Lj*Z
z;z5uWl3x5jb*JLD95rnyDLk5W5G^;)T8xqcvC1aE0hq%CDl8Vw7Gr=&E_`pH7FSWA
z7CVoB!|`=F{Hc=shXPZKL_R?p2!(504oe6i_ourU5cZ3BOOtV1)E78qAr1`4OA_{h
zkchgB5!jik+be343m+Tu?C-jm(FWG~`r+khN2nK@oblaKd3_NC2(IwJ*GQ+cL9AX8
z`9H?&@2DYQDEJhM){H4={o)2P=nVx#aI$JY5vMgVd;(-e_&q=&I0%CaWanB&voee`
z?No7&S|A<(`B~>Ct`o+aGqmX$0dFjmGdK+_H+x=2i%1DqPlpLubOx~`ieZZHF=}A@
z3e&_lN%aD39p`?Q*$_!m`5y*nJV*w{She9Owm(IJ0lINkCti+@T8Pwp+j<B{Uv$hr
za%+L3-h_!BpKSrdZD`9HfVl9qvi7WRymIzF2_X=6uJClXXqyh-ewnCGehJB6^ruin
z`gf@um2R*rvR<kpp#%|*1`<kC3Pc(Ge}EErkXgDNu_F~<@Okf_(xu4WW&-E(J-WAc
zaDn!`1sHTGe8II8n~k3Kp>&Q!%svrcqS6C!g$BvNKhHD~yv!Kl)zvu_dm`Hp!C`TF
zqce-mvg`Lqy2MiJzu>9te|?HzEz+0-84Gmd<pr=NmK!9IMz-QOKdbdW2Ms_bYjS<&
zDZ<Jr1qV*eN2+`47Kvq&PC#B2^R=P-o*-U3e7&m!sraf&X)#VJUH2IIm9PK!$~AWe
zK$~JePJjvv;lO8uF|%<r9WMVN4~jwQWn3$fH^m1aWkVWlj2XC9JkNDy<i;EdmPGV|
zuym)r0njk!Ow`Mc%ZH+61Hh?E*LZlm7DKBn58B}vNbn_jO6>l%1JxSPe*nrL7^M8s
zy7*;VMajCwUyUbC5d&^U2eZ~okq`kpU98c(P0LV5c&}CllK(gkb+8);6py{johO{u
z_`Y)iKz<Mz>>bDL4|H{f0>D2rhxd}tfL3kcB>yRJ$_1JWLAEK4-C(42swiHLJLfC2
zS>Sk0)tMmhkb!XjAh0n%_>h@l{7-;2I`Dv?$O#U@C^1KVXDek0&Er$~+he=nnA*~|
z)aw1aXZpu+Ye9X`;@uGx&=6zp=&UC7pij_=w#O@=eSl}~jAMewLATwsq>hvTEx$8g
zgqvG6lxJ_^V*6rcxQAGfIjD(}LlXwNwOgD3qJpK<B-wymI%4O!kZSDz?WE5S6UQHn
z>*DzN`V0nxv0@QohScR+)9}SMV}T!D?$Nt4Nbb8<hh}OZ;WkcSK|vVK!QA)~*|D^+
z1B<@nLq|op8u~<5YIK@u6Bf`3)kMF#5sii<oz>wy>V6r)ZE4(S;CM6D{vc;aC%w~#
zoCq>~8<6|)0dq##x`UvT_yMv9XFPDFQfCv~JfMKD&k)=yvi;m~uhQi}g6TSRZCN1m
zW+2NopoAp~sO*=!0uJuI6rkay0wjVsAhg;l3L&7mCtRZ<;|_qVXu{eWpW}540}wnK
z->~b0;vl<Jyv^}L7hVFoK+Pi7de`wjfoxg~{>vpKv<JMzaM0zbT@yFCe8#t&BFdH!
z0_YO{gMcvl;hKFj#jBPWIkcY4hAT^B7&Ei5XiyYC!?xs|j1Q?ke0M?1mGM3Qc$5IW
z8@YGUDVCV|bRBNX^Pm#5w3jzU7>My@A0%Cigx6?IRs<tHC)1e@G~=OtU5Y(GpFlfR
zy1r}Uc`MaB2~U^XJfWk%g~D_4k%{vvz6zJZuaDkQ7c%mWH+0OK8d<OTc;3tTUL{c2
zbT2TwA)3I`w=E1P&``1YMJ$jc^1}3w9{}u2h)fbcm>B(<Bwoi@eD{r#{S|gaQKa`&
zsuC2yfYnw3J<J-(^Xn6!j4QChlSgA>r6J@1$~0go#iXGX4CB~1Sb{FENDr8|6FW+3
zd^;NaWowuz;LD_x(BVCf7`AgjGXzWsesR5eB8>{YGFjs2Pz7|)ZqTb0JBJ2zgZ64;
zec&~HpLj#hG5eF^@!4ic9@CqZmj|;3xM(hO?Fy~ExMP?oLH8UNaBHWO*O@iGEduRk
zEauLD9`rP?rlc#Jk7X!s5Su%>@V6BEtT%v-MJ{m-4YOv{{b=8b>76svdp(DxBeH(-
zC0p`TK**PVym36qyb}o?5X0>a!(SZM#AUy4M~$X|j0I>MS3b$P@QxI-#^AJNHYASH
z^%j`d0HnWbwA~4|<4~g@b_1Fxl{6f&Z+JkZ#Y$&wDGI_!mm?DzbgL!OM9Q>}R(UC#
zxg4B2<%P^xNcfyBj)3A^W(0G&V(Xz?-~yGTsdl+$H68PNuePTZAZlZ=g>~EX4iZAl
zbKmH?uP?XWC+S+S=4j>hbh&Xl-^V*1LL5ApiVb4+S&$3~(`=bi(SV(yh>bj60Z_F~
z-#;WSw(CDSFj=cKAii?hH_;!n=y0UrtgrQ!GkX{SBSh(~yvO^@+Mqx1fthpbIOpcF
zpRPn&E;e#&f-^hNK<95-*5YzR=?ky1Ooa?Nt_84JYu`7)fj+LiY$H>$f}!o$9Z8I?
zTxMzE+&RTTW=QKIy~5e&T6w}V^EM~-&b2Cuv0d9^3BF97)(Z#oJiW_3BB9ji6DM#U
z-uW2lfjOnk8akZW$O-j9zkYq!=tG+akhb<8EUdE{sEI!i`<Hj3f|;`OWN|~z6apcT
z^dn!a6mQLH$inss%aqS``+Id(IRzo<Ic>O*Q_>-<FEvyB?pB&5y_>pA2~NqfIZA4O
zR9T+I8(_vfNH<)}@*YPlYRC}8w_&W%kbH;AXsNt0m1$4&%uq{OwY%kpSyLfV*uFSo
zWPB+G?-I>od?p|Lds3K!i(3hyAN6safAm6)!h_A2Fe0=ssYf?WYHApL_Bl6PFwtuO
z(Qkd?#4Q=F2JRDS@yTX+pp)defA9F1sJK07(8iHE&M+UZ7RXNEAot|G{dEe~djgc;
z7*1DO?hnvIHF}88cCt%+Hf#l`m@G=#$uKYWFyNGgotA(}^_lH$SAQF0)GOA8`T^|b
zFmqm@CRC?TLSWiCwNJI1dVI`B=4_!Q0~x_gZpFv&a*Kx_YN*iez@r2#y28@)uef2<
zNQaI9o(;r3MxZ<CB1Erb>(->{t(C|k;k}bM>?{vbZe(k9J*s_xPRw^R?@naPh;<Jy
zwNX$KHEghr!;;=qQ=bE@%5E*XZ}Ig}NZM3L0P?UJQK0T4{a|;u8cHA3v(qG|3OZ?v
zArS4ZM~ROYh#=Q(y$&DIK0X&b8EcdSg|d(1fz^=|YD)s@LVVXBI2}JJ`y~_bVm3j-
zYsVRP;^+ydKe?dgTZRjVTq1DJX`j_|h;GprJCH(CE_UU!gj6iNhY{r~MvIU3s2IH~
zB9`=*ULUvXYhXO%>p__oiLjlj$IW$4Q!i?EjKus>GM=+`BKv|cMVi~1@Hggw=MoXF
zna{tQg)hi%<?=-M?`>ln*9Z90+(!V-lM!LzAcj=dzA$ClXk;U;Tjs09tH==DaWA#|
zwfuq376m7-8s8DyF~(U<z^fOW-zjp$TbJQ-u^-X49_g9wbImq5rC8T&$T}!HJN_<F
z7`j>|6b6QR_1JGz?}390hr(mdpgpmy_aS2rGu{r76`TW1s$09s*NUv39Vxd_cx-fB
zcxOaZK-U_d!C0++#YZ0$eDbtH!lga}rF9c9BKMeFi0jA@L{nQc8zs=JdCQ=g#B`jO
zBMJ<=SuorDi!W48$5@0x7B=5EkM)A4er+0eWZP?v8|hNheQ)BcLtdBOiUUh=+LYnM
z#Q5P{!_@U#Jh!K!T2v6a%K=8<{X`9C%Q&r+DNdd{D{gi%SwU`a^aBl`^7IM|y-vuM
zg%Z$XbeAD(jAJe>!uWwO_!Qt_NKrq7dS9JZceIU|0mrf<hj_^+8E2o(kH*&QtaGl&
zM|pR@(bI{MO;(tR>Niq)rZf&~FVjr)>P!VBKXCL@qtD)F&zRtS26LXH!<+bqI1_zq
zE0E8y5L3T2?0&=PrWOXzH&X>8Mtz8O_=|`L6%0}#kkXTTnD@U%R`r&fo=su7b_HO?
zM;h!DGf@@UWh?2jrxprJ0^;j+|FG*jpz;6qiYuvt9Hh-@r$DC8YEX4;!+LLvM>;(0
z*7}qQty;WTHY3D(6rYz%0JDaqwlncKDckH4D9h_y#8vb^*0=M;P{(`OhHl)GX)j#K
z8gh}XBFwBaB5u?TivE;-uuWQpa|=}7MNhk8)TAFR*TQEJPl&Gb4uS!C&^N)yEo-s{
zbnWQ4w})`9a+`kPo0V)>OwV2x-uT?%)WuStsbCHB*W~S&#BrSVI|X0wulBfnH(>SK
znUss<wbe(-JP%{^Z%0O~<Uu#5;;ZLv#wp+DloD%~^96=!5#E+5-5z5PAt9{yJ@hCP
z2*lkTaiXr4=8lv+@R>*|^wut745<+Iwp4%NgXe7I(SkU~$~DIe@{4CWjZq33^hp^X
zUOC~>PQOS7xaoW)%tiwX8M>yG9We+krK*%dNJ*u-Qan=gW;e!QZ!e6N%Y12N=_}09
zea3Ki8c*h4zP%k9tz>Rzv5O6p$JYSkQTeStu)8gztSxN8pnYAk+wnu)n~{gQ7qU<!
z9T%a3oMxm^j>W7A=GeNmN;WT75tPI^TikA*+j?ISEaG%y86XfL#t#mgr36$h#}{6f
z<}6H1XuF%?CWA1O^okd~;HxupE**fl6h2reX*D3e*0ww~#WPgI^nQ=>#pOK-%cnUm
z8*`5V0v_Xy&YK){QzPbMeT;MX6lS2Q&OnrH8VtGD-c6CCtulcn&lJ1Y!aygmmn5;0
z5tYHS3&I!jc;HK~r`CC5IFz2tbOl7LbXq@UO<oz^yE9&KMQWfIv{16Jd?R1=e5MC!
zwW3dZ!Yh72)|1~F0QKGHcI6UYN0pl)A%ugVF;cAtko6B6*W>2MoV;QzF1|9eb!BLa
z{5DWL0%)C~XiTY<w8VP0p^yc;2%0xmk#S-4-Ssa+pv&|2<lBqqfoU$D3{|5)b~?DS
zBB;&ZeL?o*m&FTvAZ`Gt=nWg7e(R_qV=1RESLC)V3ktZzDY~jTH#>m>*rp(i2GU9q
z54vu}v7qc{#Ut}t`##o1?_Ftdl1;q1bUNhak)UTQlX=E-QvSYFrn@tMAR?@qq{1i5
zLQAi3<~e9s%*+cFuB8I;hG~X+Am+bYNUA$&T#|=nsoLrYWFK_fx-^sKLE5$ONzlaX
zHt0G9_W<1;PA<~L&L<?HnMl6J<Fla_MM=nhGfrz=b3|=OF27R*R#~c#u8CQJezjp?
zvR=zW+QP{OB18yR6F%waN-TK456`gHsvR8OfE-dr?h&#?E_S{=9Ju3V%RIBAMBy7?
z%62O0dXZrPb>QKN=dC`XuR<0@Jwe|X3MmQs$ia6AW((LWUSb(R?bZYV9$V~^Q3wY|
z;$_m*{L&jRI|1CoATDO7-!B&C!F?Hwo>p<Wde>U4G330-(ZOg~#g*6(2XJ{NkL|#z
zUahCnucQe>(T#gAtYG>2RAZkwIdf~_17vHg?Gm2#b}yJ?u5XUuM51tMopDfK6)@Kb
zcWkb;ulOS2=ZYt10ZzAP0MhKAnrrBE9y{|ewUs#E5C!S^Rn<eSzANr>WQCSZD%x?^
zg80dCFN6)|ydq`Mnj?LmM8JlBWBQpt0T@M3QR!3WcH)_dqHqWQ_wr!FX}*&OoEI7<
zl-ba6a|OqHvES|15IGf%WJ)eQyd4CS5HiAsE-|5M|Ii%WEDu1zL6g{h3Yh}T59G9N
zw$^Z)D^N~23{$821}o}TX$C}S;PMQhaGXCenZMhj!S&oLbs+y){m!M?Q2wvY)3cWx
zExS$wLeJ8HaFlHU=txd|(iEafrE&!<UZJnB4P9W~OGKSP$IM%!16)S(Y)AQVVEn|_
z6k`$0p25cpnmoYyZp1Q2gD2dnX4Utmg7J&0Va@lLqHi$Owa$Sv>=qXWfmCIl^U`9|
ziyKrtAN0pul(My9MZ_gz3GNmkIoMSyX@2HVQ4kyPS;39qn&MX7^M*xOfM$|YJQ*8c
zNJ~pgCex|0jA^y%i*2e~nCH51mk3owsl=$3*$pkQMeB(wwMcIdTGC0=XSt23aNKRC
z5S+S$bCDG*{W|smWg1e8+Uwp0CE@sZUXF~QwQ7zKZ1xXLMla-<k_B(yB?Fu)eguWn
zh$987hw%7L#>r6y*d_TgWjuuy@a<d|q7AYokVQ30|52HIPid*e=;im>TAw+<2fMku
zvUyb?JKfO-k*e3(sl&Ecll>!T(4W9&uO@n(2Wkap-gGgyFT`3hcY?_aWiBGuRsDx<
zV{c>2lo`f{MENjlhA6Ie9_J*8V}eD_%y{?gFZpP*1iH%&Fcmh*(d5BtCQHHot{DN#
z1^o?)*jzl@!RPEQfF|)8Cz>2hSz2`3nS;WEF~p)H>FG1(+~(DNkdQ(bcD>juO6e)V
zgsh7c<Hc7tA0`+@4+RQyo@f9edqy0f=f-D7ou?%xRQ90xgWWLUq|s4pPWxN#!uEak
zNEJsg_NUU>{pw<1=K9Wb!{Zkk>Mt~9hdtL|%TO?DLXIbeJWYMbhUVU;QD0$4U=1_J
zE~ODMAD8Z;b@f3E;9pNmXTDFcf{)ID-d&s!LkOTUy(#pvqo(dkAZ%K3tG6?!&H!0@
z$pGOusF4N(vMhLlJxE3(;C<mbb_UYxKxT=ea;vGH>r)Wj(1A^e?idp{k-ae@Q=;`H
zGP*eh_!`CCf^3k(9aE;<Wo31m*%`aK*K{WUKaS3CisyKRqX_gKUlMYh`Zc#ppg|st
z;vUflL^2o!d*A3$05Jh<ro35ay>~eP9!mjuy!i0!8D9;V?p*QyiZar!+;*TGe~&D}
zz|~0M=*V0;xRGlZ=reDo-o<0I=r}XEn7uz#IMi${73cY-7EnWjOnc~EGJF&HT&6P<
z;U6kJDd2UTB9zyokP#24hXu05%R*mpgYv?%#P+HWfGaZrmvyUTUd-$RHgJv?U!W9q
z;e697ODCY#R%}!NPSit5oZi&iiVvf}yw$a)Fg&l#x0|-I)CCmVv0Q<A^ImlFlOJxW
zu<AtW#Jq2J?OW4o;g+qM1}Q<!x&9?0h4gM7TA??~9740aOpu|_ii5M?vS;N%B-Ts1
zjW|Ti5Fn)c?q=x%(q3!yjhiX>btU7k5$1G=OE<ZmZh<K!pM$SrsSl$A);8wouJ}l_
z^IgpX`sT~4BXsvm#ub^`E;^7(gq;J`>?ZWq+2bP=W=Kgw>4AHA#~?T4w3(RS&}A?P
zenn0oa7Xn}NyBWmA%35RgKw$dZTgAih`<tSD%C<WHZMclAqZ+w!zKWQVMyIm=>_yJ
zg^#%q#&|8-6TxOC5wUTK{4MD4kMb=cZ9rPencl>E@8lJ0vzh|cZur@F5h1^<m<!Xx
z4lCy9QI@k{;<NkNgYo8N`lFQ@L+H`Lh1}H(eo>Wb8YH9fFB8jyy?l~g6Z#n?SvZoD
zt%2?l04i}jf+t%<S#%b;>|iodW>Ksj>C%{Y7MXSn+gtRf*NdpGoF}=^A<Kh((!gqb
z%pWKlU5>|gc?;B4x?eeAI8<g-&A<i)+bnxs`e$z~+U;_4%k`C&&=Gu2d#Pf7wMQD9
zhk3W!$ddmAveZYc&UZhETNS8%O*fwG2Hf`aYF}#Awf9W~fNh7tXPdt*e-ggY2MDZ=
zy&CSsJXg9RY#+l#B&w7E!M&j{JI69?R3rtIMBYRDDjkKl^#|RKib!zOx}-TMHGJl_
zAaofufYl-)XKd+|4vFjNo*X%zf+taff(X;c3Y=e_mcY%+iJ0Q<x1fL}3xqjHg`o1L
zdtpUXT{ko@x8zcZy`+75d%7VmYLb=l&Ls}S2HZG6pd;a(<4goak{67qiE`~a<II(j
zGbK-RNW6EY3ani|J|R&D1T&4NMJ$jYtj%!fg^9c-A+@o$Q`R$dbMbGm*He#PoJHe%
z3amq5-Is?)W!*{E5;T{@xVw~h8^FkrCL%)8S>M@9rW$G7t#I<$Yq9J;`mXVmd#g)1
z`wU%hr0m0ORn{dVV!d%fbFF4>srrr2J(8tg(2X+d%$$>D87aNh?=z&z83To#s-vn;
z@ItAr05gZH^JJ8{iwjM!vOLJ2sz^~2^NT+Ar&KhHB3G><__{_}v!I8rJI_i-+9i^Q
zJMOLJl=;|<*S^2cGHT!x+m}`+=`B^zkOp<yx%=lZYeK>{*@-|!3z=F0f2W=V{2d72
zR~+n#sh<h<nypfYa2Oe$ZP7oh-J{#F%X*ut*P5|@kxjU9zR^4u5yG0G$RkLwR*@*t
zm7-!h5;qw;e}=$C7jnVfNK{_*pa^4KiX>wzHjTWzUXKf-&8t7>h6#fE#&mVzTX2$4
zU-O+`DtwB-B`(m~jRhYI|GpSxv`;$FC)S(XuPnw~)=inI4I{5n5{oriiczJhtBGOD
z*ntPDrneL5*BD~fRPDK+?Ka6nk6m|Yxk{xIJkubhP_juGO^iO#L}|(Hq)~hl={x(t
z4oyEg`0PdV;Ds6dE-Y|nw?yqs=vfENhFrM2Dsr1fzOn?p59v())WWdXb=W4*AKRH*
zQnejXzn?7RH#Nm|N%@eCqb?(`d3L)z#GAFNVRzF2sDI*Ib^StW-c3gk)uWIyj+6=6
z-&kz@bhYv%_ck|eq7Ts6p|{E`hl^5oimjV*9&TEn89!3CZq`%1s4aCO;!4|g@G{OI
z16+x5L88!toky(Z0U*KwZl>7c%Jc|D!~u(m0myW<t3|m_NX!Y@dwpoOeU;rJT)q3c
z{>j^wsJgd8V(zO&S9|?u+cwDEPqr9cz^P&isy-6gfHeVxEIsOT+BgMok8_|0>0SdW
z;PN-&<m$AxS&3e5Pgr5pPoP`3nX2}xfT~T4rHl@rD`NkN(fdf-CAhpcml5LZpr=F2
z?tJZ}f0<(oohUdVXgQV|vASPR&;VF)?K`%G!=Oa9(pf^E7aQ{E$V)Kr@Zfo4*YY5k
zlCZEb6W}-wD;NO#)j5)H?fNfbWasglEzrJv?Wwpo;g_!xdDksaY37mDS2xFNTsY10
zB#4sLW&Zew^MI5Xca=Bn=upcpULN^WB_BZq%<p1}c<hif8E884s_GWll~boj>0|=v
zojH?Z#BZaC1!m1@F5Fd&WKPYf_!6V)t$JVm1rtI(NtQO0(ucJHh;c|R3|Ugfs@&In
zkqe~cOtC&PBrjZ>ZtS!;$d=Wtf7O=9_`WgJIyJa2J!|`nWT*9PT`M7iSM$E1RQ1X*
zUA8jQm^;IxBYSyL9U^SE%=J2)4B5<9F2dD9{`~$i<UHnk09x-X7Z^%jblG*%fThT}
zFKloya+x*U)O|{C4{D1c++ClvVA`~C{9`vKVQoQC7Ta&%86v`HKXxQKTo8ck(7{0T
zbZoY?{nwrORCj_({l6b7bEhmAX-@ar$2@Nt&Ss>B;K1MiB001(va_3rFS~UM;X^gf
z=7Y$%5K3D1p(vgdaf^tA$2lEwXg)iIBT!>NQ>~qErw68yWX^pyxDHAeDbKwq<oe)C
zx#1+$6;W@1E&p-7-u7Fu(xmqO6%rwJJ~<*+yh{K*-Pg$e6mt}fP=(}NwPwbssq#h#
zo5C1NU9lK&DUnJAZ}hmI8kyw+;2*4AlIsJAe^PaiJ1rMqmCCg=Zwxz_)9up^4=ahq
zkmwvq(LRYy*;}3GgO!_0T6{8Z3j+A`)06JIWv6YJ%t5~a^YI769)%a+(8_9W8Is|{
zM84K@a&svUa2(TbooJbu;X+nv30`fsFa&cN8}p>!#&T*&*nAI!3e(C&=iWOaf@nRq
z!-y{xSi^3dUIWrZ;)NEweR@@*OoE4>B27TENXN^J4D^HCg2|D!K+&Vu(#np~t@1qM
zT+9=t4-E!~X67#;?5W^8Ahel3jb0;!m(iz^!o$rla$eD=+QHj!ldlp^PAh%F0^Fhw
z8MUn@r0%udHe=Pk>N)6!8~-?<6}xLL9~UHjQVyEBbN04nT*o$)-&JG@;PBk#OJzd_
znh!au7&%+nUW1~3cIGPyNW~(v*lN;6i3cY;&u}6e5@5=MHu1*y-N7*HOe9S99(1j2
zzG9Yc#`m`qsvf%42M`0TJ!zg81Vvu_pk8&hS$E=9-T?OG4VXk#Q5E`pE^eSCSLzto
z)sqoY+_$Ou$$d&m^A0>Y-srqEqa24q(Lp&N3R<OS;06k4Ioc`VVA4dp^3z=?UYDUe
zZ=mZ+5UY`%4`>dBbRQf&nngG6GE|YAdHeC6bj}CZm{!9jJolq^Zf}6t%>rC)H3)F2
z_7L;P<JGJKf|x<xxN!kYVp}$({8}IF0oLhr#<&MPW*s#A4*>0@(dQqLYD%5NBYu3o
z_vvg9$jaB%s30kKgNTsAcR;kGi7Q{0FBkMYKxT<f9cPC0TymYeE~-9WpPC`NUt1oS
zt=!5^sIke*xN=ANg6c_aLy~!qwzd=Cq*Z@^$}>(-bpl)W!%DauKG5wT(aGex9r<YS
z#nTGyJrh68N!7#m&hP7qL5393!V_&sqa!-sac=r~u$NrZ8`~=g^T*+$a+B?Sk8r!0
z{)I2f!S66+@MN3C7c(PM?RleKWUoy&f%;G(f%xG**BL;I^f_=C+Hqg{oE1zZ27QHG
zM`~a^B!$rPczyGUxB^n}y$5gN*NHT70+911)Eqht09}xi;};s>vx{v<t!x0zl8X@{
zC8q6fCSH_C-0;E;Yzo|J<G4M-LwldsCQ^3biyR~5D&Cv%H6V*m!D^Tkez5IS5D+i^
zoeN+S9hPJey<6TAj3_WQjXUxcsns}W{~9)s6OSD(8VLqUtn;OxkI^w-GT`D@h{vx>
zDvKA}M@J)KuNv@gqBzGAuV(%rV4~2`G*BgTXExTR^pL|i>J_D@4N&A+I!cS=-d}mF
zn&i~k8PfJi4OG{7&2fAV-A})B4%KEaYvDFYg=!$%a9lp_Nf(959?L-QDpe};gc;I<
zE;$GfwxbF00)~TM0o@4)xtekYp8f(qtP?<cIw1_Q_ABEx0gxv?VQfL`4)?~HzJ4aH
z1<g0z))PpV<^x<B7#L`IdVc{Z<J=jDZ?{i{s@z}73!j({Uon>fwX|)oHPLrwOYR;z
zqMcXUPBD!(X$txQMDFO4g#}J>!E7<s(9-p(!Um!2+zojyY1l!8FP4Ilm&$#`WEyGL
z=9`K6tHTU9An)ZSe?GJ%<qF`yquf!T6`_)RM|CB1`@=P^@U0cnn$iNloBsLEqv60+
zI(n>Cwx8$36qhgE9zY=3US;wC|C_UcaaijeE#9C}ZfeuE?K6n$QPC`L$AxD+knMUs
zn7P=l73bsd0OoV7z&rx~?ac;x-pwODieER?(9j570t+)c^R)ydN@(ONJxJTo!=hKc
z0HNoqTbQ^Z#W0g8Ad@z|%Jyid;Gda{(YtRoGSI;48=V$OR3Chi?uy6Fv%|%o-Px~F
zx;VK-Eh~U|zdLI=xQDx17HByk39@83qH#431063ASr&^)#Q`FqT{94|>9L#&s@R=N
zWYQmeh84L|lBoyieS2FzBfK;V0XghY9bprx3rcKEoeM-{p!_z-saKK-24FC3`V;aR
z+PPJQI%N^(@ygu9kA%-sQan_GK62nC?Wt9n@qA?Vo=kwzTKK63(B+xCtqS4k3KBV<
z=gX#L0+5sQ8SBfh^qVwr*onA;F<Qlz#~JTE>4IC5H>5e5I@*DvRWFhsJX$_~Ne8mj
z>qKwUk8KmVFe-H42>O;G8t8~P1%28Y1d_=hyMMMB-;S<*NvGv8I1N(;ychnBjjEub
z%e@m;k=MT_*zA{1Z{fBHu3q$qFGGQf;zVH=SJxrK^H~)ck2_7|*NW`lbj3u#mpQ89
zq~_VL4~b3#Nlv^6fN<bnzIJ9ZfM!IKz2jw`Y&a0Cx-<Wkc*=1}5|pqzb6_kpo`5-k
zCtTjTe*(zwxh6%x@0BC<>)esrjbv_Qg^*RB^R21Z)f~cUqG8*W?%M@m?LZX)EA+o(
zA`xSPK%U2=WOYxK7TXRPxU(SIF8jbfKvBKnc~hOVCKJQZ!8XGcN7b`Jt^=MCH_$!=
zS{<xY^y@#hjGDClSl_|wOZepi(Fq)psG1q3t!>v1slG!4x{Vmw=c>%RUC_*Cm57DT
z<lDj(m;JiaO^d~21Me8p^h{CtFPO5%dlQKohEPd<ib-mBUZ*}y?yRiyxCOwo)LUE>
zN~W`|w4h{dvgf*#ssSiNp<i?R&8dNl{uIWo%K4Ex+{n#f&@EWGIo?QGrBHG+jQZms
z5Nb)2@2B?K2;Eg(241=eNY?%q+Qrd%!J&D^3NpUizf_0N6hKgWeTqdV#L$y1Fr^ZV
z#+~w{)6Y%>%7Cv=zru%v3pN66&5iD&SKP>x79HD@2uln!BZ1@>gKSqSKNx*M4$jZu
zQ=+3)z2wMZ%|N_h-95FI^+a7SLrLi}Zzwah%(l&ebf9h!nfa59q*c&8xniY!VX5CT
z<v^)1lG_ca${@KMhACAW3_4k$KWz$+I{R___K@B=lG2c~zN%-m-3SJ!)5E`sq^wmH
zvX6nm1%hWcF#rd6$WfYk6&KG7N2vV)vdjJMtxqjDui%qdP{6d?D0vfrv~2O(V3CAV
z{r4QPIu6hlk#}rcc&S37EQhi94e(^kLBPN^zh)kL&EcNl)9#hINlxKiEA)tf%^W$x
zK;XXJcVAQNMOC|ps@BMmP2PH?1p%en(3`iqL=zvHozHGlfI$v{I$C=L!$WNLFTDuX
zh|fIWR758GL=t{3sn(<79{7d<*qAs33>YhC)mGj{K63$qeXgs2|C-UtO`kQuIs>h_
zOEtb|XxLijW1Cs2NQUk6kQW{L7a{)VkvuC)lgsE6p$F93l|x=2FGJeMRV<#`-q0%o
zhuZ=J$=RxY5{c-!b`;(6V*kCy88AWdWuvQ)&WxKI#P`RlI)K48r&GZ2OGV@p4~XZy
z<Y;5Z3%kA;Jm4^imlt!QFp>ZV73^qRO9yUlZjd^usnS9CY!}|cEzf|&WY?VC-LLQ9
z9V`~1DmSEv6q`ypu(=NTJj{^S8H;`~!sRo}WW>X!9T#m7Qf<`wY4^%O=VhdLd;HK)
z%{xE}tv;$Grjcp*GVHLm-6XnKdc_r~pErBkpejJ?VD~zxuoU#|X<yRkk~4G)rR2`^
z&(V)@9Dk$NQ~FE>gQL>SP?V)whaKDZ!70ouCJ(vM)AlnC{xy+@@NWL*j?GUM8j28s
zZp(8UEitK?oNR?E7AOe&^ol{ZdYPBHC<{S%K7kGlehD*e9jBXJ_DcYAT={dRHJ6Up
z0iXC@1bv2H6NBQMfo7~CN7Gj^s_NxkG2hT3&^l@9EOU|wi*hEs_Sz|yTDDBR#oi=K
z1yUs0b@&!6dc#j{%M00s8HTfTKojs=g_0pPia5h?uobJ>Y4&xPd4_L>vyFi*JjC-L
z^n!hrp!G5ip~Axz_l@^EVq2>iL$KEs1UuVvB$qH1aB-hVUB^_pM16k>-;P?b`~1+E
z0g`3D+x~rg+0U+<B+AO_(kQB&W$ZLjV;nFcA;UGpI!%m*iT7GOl#$O=qY|+>G_NCH
zPNT8iTQ%=JPgq@;Gh1`eS+eGk>a@nTcC_mKwffTMrq2{#$;1vm+g3~wE=>oqlsl=!
z621=;w4fDr-D=fL-OGGB?!B#_<P2{Vm`{3?cfa(_Nl2UbK|+5>gVDZwIg7G=!UOyS
zkrj@n=@4#@@t`3Q7|&|NxHAFHx$A|nFHmR`Tww8K1f$*wu}@(zIos35v3Ag|{ROG)
z>@(PqEgu&hw0t*~a9VL+2pT#D7VhOIY?mQ%A}4kUE`NW?>V`NZUo3yN?Io#0QXuqb
zadW+Lt%GOyGFu}Rq||-Z2NNPAO|2;E?p~OnH_Vc&4?Vb9_*_*imj<n-p%j~c-1O+c
zf9h+sKHe!xVY1n)9xus{_Pe+pKi(jnf;%WRnXO@~i_pfkYS!R*4j3nS!C?YhI5MW2
zi~gEe`46wPol(q66{R@Zs5mqr3%^%y>@_)}vHpVLZ3%2@*|uJRzoVYTu&m1cyn$eA
zYorW?ApX3MPw#V#2dmXk_Ob1%^_`9C1re{}7Hhq8kQm&#U_%~!N)abVi8%8|y)c(8
zsK{;8uGnXuX17OZaQL2?n&NeN&B+o_K;KUfdnPX-?(5E+is?`0omXmjm1Q3yv}S9$
zG_Ig@1CqbpLI_zNZKXMl``uP%*jNyYF5g3>A^&AQU3^@~GLG%(qvS)a=?*@1(71KD
zHL&y&1H#YIn+Gx0xiwoaMq(r3E41>-UN%c#(&3=zoMRLDX144Z$d(7g+wD?(xW}rK
z^pwGxF2&w5cM;>Wq^*>W_nrIclwFNN<7J$kLJrJwvJLBbn61`|d#gehvMTJ{$-KWd
zOVZQoqB|eKISSXs#zZJ6k9N$)HSaKQ4;y-(Yb5G2BKKSy9s8(l?zt7ro)E@=Fuw^7
zq8KeJ_V=eb@3D9%N2l=hX1+&R0>5osaF>rgm*LUwITatQf+wa(OQvmer*M+Z=jl}9
zhQ0Bzb+<cM7+0vjA#xHjN+Ul{F*tHvrFhS0Jy>SyQwc{nZ0L*REHP#HPG3pu{7k6h
zM#qYO9wx-I8ioP!EP=~@TYKM3Hi(YyJII|T_OIm#Uh<2<z<?|nw*_hT8}O4u_eu!X
zGq5l6?`ui3LrM{dB`rw4v-|F?y7ft%ybzHs;t)8dhhEd|tk9;tF)<2os$LCGg9Gss
zh_PN_QT|5E(rma9|3wb(&sNLTN0O#=H7-jQ(`%gxR+^cMO>Zl%tY>U4z^sR_ojTV9
zb#H@NXk_7^8HowUKV-?~^M<QE?I_MLAKvgGPp8527xAX;6tyvrvQr$sx?1kQK6bFW
zE->v)pz_|=Ku}KmfHVA3kdn_`^ZnJeA}CdKmw2p~9kZga<H7xTM_@xfs`dwur$L8d
z3Io#AG_NJe;-tL#hK+nRBEu=%_BOlQz^%)M+waUB->;_^4BHR;VC7eg>H8p@_d7hB
zrl*3litBq~q3n<Wp>&AxnkL1K@0(csvYt5Pis#9%4Bt2L<qwg*kcqy!m}*7??@i~V
z^{Vw!cx%!M8zzKb40>=DvI=Vx_xc>14Q41F>tZjocV17rv%g#VrA^KIbTk&k{@`GA
zt<{3AW<IPwalC>x#cSeD)QA4!dr=&|{iC9!mMMaGlzRhGQE5@8ZRqB``6qD5!rb-;
z;f%x54%x$Ku}jli!<MEUh^HNW)#fZsJ`~_2YOVe9?tAk>u}!VfE0~bBy`$9qtaIxb
z9GebHQ$7Mw{qdueg2ZdyYeB$;ZEcfr3=70kUaMGFAe|brAu1;6FD8MoqKz?#Its9t
z-E)b0qdP3xN~Z79>%2cK=9QL}|JKv&^9W6)zL3zW0B)X$BWswDPfppkJk~uuq1MIc
z<{53!-K=;<u}H*RMliu4OBlLurI7;oN6(%1=kl{fL#tW7^da@%4pQ7#Tplb@Y=1VE
zoc$e!LdV+J%&DiT2|$uRE)b4s`^_nC`kaKw$efyLBg(bb++t$cFLI1pT3AS53(w9?
zS#9H`gA6pX+8qeWUzr)~q6jRhFdsgP78Ct4xB3>n=;o^yf$fnN`ViO$yK5zeZlASc
zlox7G;WVu`g*Oz2k%bw!jTT3enQvyUL80`b+hr{l!vm>@MgFs`7X{wXsc${*=LqJn
zc4w8A9>RtkE?X9^w@&vpna9#qBE$mZPeWp&amIaG;R2Hn3pBN|*(4cL{p~AV=*RYB
zLa_}aY{1I2A2Qi~kFD91;#myEi51+L#Ic;J@3*(|iGpR+iNKs!BiK635%Y<w2-9%#
z&{%Szi{akOANV#;Jh<z9G(}Xn-r=CgKimL4AXN+AEt7!c$7bI-<ot)0eE^2}%ILqi
z)jm>l9CLrV{xr3Ht7vxU{kyM+R%kUHdYjx3?W^AF`x=h*cr+@SOV-njXz`NJwW`w3
znekO#wM<Ck_9hp4=^X7<i{UeniCy$3=OfG3JXb{V@fE3~L$5h$zdT2BkP_5_tLkv`
zGoVLQvy^Z01!Ww)#Ao;Un(jZ9!Eq^&sQMny)~K6RixDLq#%|3CC&vcD9tDA~*-)|G
z?dT)Ej{V&7^Yxx%mDGki?_FaDSl13@MCScUSBf9K@hBnIveH3(DV>&{E^>Qg#g=op
z)Rm6mJ-!|mx;`0xlXc;<T{c?H{rn~N6YGcDdA5d2MAM9U)mh2KoT6W9*}D8ZX%l*{
z#l9DTJ+aC1iV;{Gq*;f>hBo%3@R1EWj2l8csHR`L+agqMo-Q%GQ>(s_ejk3~L4zo8
zr$j{mEG(TXen`}pn{21KC+N^&rtj3@eA5=;**B(WxXuXdJiRFd*(oU0YUFGRsfU@b
zcopcPXP%<GYc%301J!KAhvbx&>9TuI5%?$IPW0eVhRLiII%_R6<vp<J@2J;0>{s{N
zPimQK+lABRrz@sC6g2#DKSE$N+EgVs8b3xiNapmNsQ$t{Z*S&KQBRZF;d=HN!Pq-1
z=@h)gHhnok-jpImPd;Lbxvsn$6j(^xOR!@qca8G(I1NeOLujZJd)n<W-Wpf(_TU=Z
zX*`E*{g&+%r0rl&Cht<Pnvy{kBUL;6>V9vYV#Db?597jAg;AP~*ag)xnTyVn*LnJf
zOewfO<s7<yD)cw)67jz{yQ{Y#Q1W#LpQL)Ns%)pz&0?xBH926TuZW0b{G&Doq=Xhc
zci?Kvqh;{FhkM-Si@1>X6tsh%2%w1e!z^S1Pv)%5X?=6M2ijG>%touRc4zY5dC*tw
z&$g5<>-DTdS64fWW6aB&m68g%eD+FC=^4?z#t<|-Slo1+jAbzOst_ZZq4Gc5Bxt^0
z-P^e{zQI53xchm!gDCJoK+$~|es6TC(PVScRf4eJNQ{8v-sB1IVUmr2I{)dMLd`}R
zitbguhn7j46l*?RQX?+?wnm!l%T4-hkDQ`30>VT+XboMLt%PTp>I$aAPH+yas&9s7
z*tTt_Q+71I1&{6#kz(T`qE6^Fhc+N2%}*75uuT~hTkXYq9=dyHxpLb$B=qgZP*1f=
zSL!Q$N^=d^Qf{KXX1hV51y}1)*}$C2YBIi0+00b$o0IfyPUVx0@dEo__Dt`>M(2xo
z4b8LH54K2y@(e%a)@2q%N84~9hSV!&=x|uAO6ec~AFv1WS2_;fUo4)hRa3)@HQ*yW
zniR9QGAtPqmBU?{01>k%)v(vLrGi-I^pNOU+}?DI9>qSQOlHo~<kbj`p3`X5llk*P
zXL+*IswNOLjx}hK1#Rr|GY_sy-MrZj1j{-b`8krqIFf`eX&Hzlzx(KcsO{PazZA&b
zrC&x{7p3QP&dyHZG~kn$_c-pKCY_4Wd$%Y51nxEmA6&$q&m9`ddL8y77}P`(;X?G`
zY70Nt0Pao)y1{u!%nD~000;Y;@{{?e%IRCJp>$u}_Q;*U8LT}DHM8)xEM!O&DuMM*
z`iJvSwfKuw9B{<R6T^A)bjEGR2l9Gx+Fak6hYgcJ2P5-s6|{>Pmz&n%zz39%y?y?c
z<7<CTd=P(yqxblIE*WxOd`iTZ)&cWa*SzrU6iy20LI1SEL{q^XzZ0oE7rH#hWXbL}
z%L=bLN)~K%j-Er0$?r;b>uhwZ7V61abX{*y13K7+D(LUS4zX>|I0-K`M}QVr-TJ4j
zvrS022%lXU>(Sf0DJQU+TRu0nyOfp42IY8X_1YcBAjH_}^rrCSX-UVyl42WPT%%P#
z2QO3R!wEW^7bn&D_+`xL>K%-#MxWcB7{Z`-hzpcFU+HiyR^c>L^4(VWy_G;y?AOBy
zr((NUWA(WRq5BL=)0Sd-N!zdRD~@IuG#j7!pLghZLZq)Y1|8qcBAwz+jraPXyWN~;
z6$9MkMDRra89Cqmg7D-cTgL^eIt9kk{j}E=S<WkrYdDGbq5b>Q&R)}`Jsp<8#gfxt
z9CCXocE8rjYeACb>h1nEC+(ajpntD*ROh^5S^%DME(N-;LGq<(>hIV|`zAmD4WIgg
ze?D~TGtPn#?W)q<?4DQ|o!Q)+nh%Yw+Ousz@C>!n2hmRky4Dhc6YUcMZ4Pf;%|$fD
z1I4)bsyD9vjYTo}b*~(ZD9YD3i8=fCv)5!CDKCZXtZs5EG-rEtkLTqp4GzIqvc5w1
zA5`z(-$+ur$v3PRgIH-=-)X{WARWtR-SQk!J{vA&B*A9>vY}MpGj(s-%<FKZg;9@r
zYx*AissEJSk)8W;@vt#>-(ixAkD2+1d31XDT6}O}XF>qJ;c|cJ-ug)FkYJE`Syjq*
zMK_~g4M;L(XyzXn4jK)_`YOc_!|wKNSMd{Q=?hj<TkANsx>g6fWkeIwq;4cd+*@^$
zNiYW3;5=V;L|7Q>7_pC97JLZiIIT~R^KRCk8_-U;9cwY4D#$u>hQqJE>k@t7*eRGz
z^7QWL)`m-7#awj%2Ylbk1s1jSS{wz|xgI^`JOc_o+_j^c)&a}4T6cd;jqR-o_&fD6
zn_x$G1A*0@%}T;UxQcn=h*qUFYnbP()kbxD@s;Me0~aeFp>B>8F+xipXOr%+tk#3w
zR;`f6f~GLO)LW-?bsxSFZo*$K2Z&;)S%w}sb<Z!5G|w3=5DQ9?u|TBxL7Qc;_tvE#
zqDrfxK@zV#nRAUGuJfd_4efaLN;K*pva76ifFxncb38RP&ya`EsLblMnqGEzm~<2+
zOS0ET7-OCe_h`pkwue=D;iF$kif&2PYgKU(QtnLL+wl0*D+$TZ<~G&;krW0qU51p#
z4SC@Gh$Grke(a|pS~<i4mLfI+hF|u(8ChJS>^`-|atN*P;HIZ<oX#`UBpkYs!lYLd
z8s5cw?Gc>rx=wd)P8`g2)ON&m>1K`|KdD%$d9lvhi4@P6#vskvG7&`0vjOk$XK{AZ
z!yEK7ytr+R)VUSbSNn2T944~ftmB+J&*SG0lT$nGx^*}CtH*Hk6@%04F>eIsckfL3
z`S}r(gzVI^af4j#;9Szh@dqhaM{My#hW!f;-*t<htsj6{t;WJS<{LvR&v=Z?VaO?)
zm5iR8N&^nM*|IYaOZ&dzutRmJQJ;fuMAkl~#4Inokrea*K+0c|7iX_2%a)fF)<DGQ
z7wRu!d&s+xpLMRuC!8`!W{rEmcEezdl8F0*ist+B`LV&$jVvdHfwjf#tZ7g&;AfGD
z*&Yl@f2bQKd{>}#-XC8v8RzAeCF|_lcOyhL{hjq}VsW9H-e;^!Ce<axW}SM_PMtl1
z8?J=c9&J!4kCi```*4@tzRJBA;aDRPrjV^CI(>;oA<ZlEQP&j(WpA@I1lgV0=pOGq
zPVu}hr`gs3kj&T{RtIb7H7zuYj~vzL>wA3udhtZqY6L<@`^>g%b#Cn4yy&i+S%1uG
zw}m^%(7Ik8eknx6l`<sRjUoj9u3k<$Mr7M~b*o%K$(!WRrQGDOHugj#yMuYL)Rm?A
zO&^gg^S0-Ro0`R{DJiQ*Hn*!A<K0u>B<gc-y`-1>UoY8-P@>fon<dA7cS6QYr?DXH
z8G~G!KXYen+=aW4eBn@h3&z^V_;&_O!)xc-Vqx!<bT(g-VS`2|Va{rq8~bXRC;RH|
zbp-r&F#`Sd!=ct7QB9a`&7<jO7+6K@`FpDm*6SJ0HmIdu9m#>0Z781Th}|?_YA1Ii
zvobs-AMlJ)=CsqO_x8Sx2?Acc&y*L;e`HLbTj@%lTkVsn(``<bS9U-g>m*!SGoW2B
z>WR~Ec<L-~w#@40%V!qlYxsOaU$Y*f?-krPbBD6Byo&j-Kk62{WXk9Bb$U?Sb9j0G
zby<Hq&(Y{LWI8)aIB<b_+@ZQw!1!o#VB78SR7CkXzEq~-;oJ&0spb4S<0!U=HsJ_L
ze5nl|l`4JaRH|0%{-wUodK{<#X}`DSRr?A@*WhQpLyj*QzAS;vE%($<gLUtdzuA9z
zl%F-;f3+!-oLASO=+KW`Z|xb{&-^bJ+gSv%bF{~+*BQ-rTgC&2mq!oM*^#HJrkOHO
z#Ae(--?#(nJ^44%fMbhBYt!^G$F7E9+UiVZV^nD71Xu*Oz=D)?GIILUbNXP8Ub#9{
z%S3J+yu<elp>;P$s_f}~_Mal2I9C_%t-9Q#C~-lb^#&E7Q>JT`rxLC-rEif~7em?l
zoA=*x;<9K(uZ(z>i_V#_(=*Izb+Dm@?X9Kaw8h%Iz~E2#GCnjI7ne`+v9BYJ8QkOy
zcGP7AML7<y7>pU(%IrsXVIZei6u(2W*8F;}VK^*uey1^DJrDss8tk&1o=cn?7h2uv
z-rti(*iJTKR0etIS7Ty8_ShD^e)ukV6>-QNrp^S;pY_3oYsRlYCFh<Tg#;+p*y*O(
z&T45cF+nw1DFet|Lk4{IYU!~C+Aih;-j$97)Li3}h07<;IW0GqYkByQuB--rk!Wmw
zp)19SIGDNYRNc`hIu?D~Vz-O$+Ml+}F`{%_t1NUpI>6f=6(Zdp(bEiM^%H+qo#E+1
zEC?Rb;ahR{aYiv7#$nCau8Zawlb}#@<UXH#Dk1rkr~5327ztx4L#t&V+_J|q7<NCW
z>tb#NI~Eqi_147@zwdkL@5?2|^7)GLKT0b9x^R{N#ZZDCW85DWX#q>Bg&<Aj=YlB)
z^{U}W7sH>+?AtG=VT0c^h{H7f;r9P7eYgx6z|ZOVnPU9wmy>Zp8L^&+7~}h=h{Jp#
z#&8TPr61ofjSZlb;|}8AKUui%3%Ryd#{ZoQU`%9DOZ=lg2?Gzf&{7=w^SiPEw^EF;
zRP^Hp|8*hG0PaeN^W4dAyAt`@6IM_u7DgNTxe~18fpOS$=IOp8r+?q+yUXCN9_d^;
z`TbM;{=TNdR(qB0`wjm4(R?@!?n?3IgKOUls#vt3#!9c`yY=(?4S^b~t$d&RF$9kM
zV88$89y99E{#Nk(zh?)d9xdw8{&3pgF8=pBWT6!=H+f4}-S1xeyK5G&s;Q$CCEi=%
zzhETbrg3N-@*@cOii0+TF@8nyPw)KexBeb+fBZ$7G>93}O27O4-y+DdH<1P2{^tGu
zn7_Q!kGK5o;uDDWeG9LC4@$@0^50?V`ztp<oWAj8==T`>$6N9v0Wpe1<n14S;k)6!
zf91=dqk84Eq2BL?{r>acZUFbPGR<X(c6!!7zh_zy#OZ5oen&4qg6Ll^tU+|Q`TFUf
z-!m<^XWDyqzs20&@AT)Lh=+oO5t{Os#q`H}enJc21xDUKUl=d(a3ML}YXAJ6Bf&jC
zop}4t7X~j_7`z_V|NNd&o8iw3;`@U~ZHAwl<hxD&@(OA*{5c@}@ZPA%@WT{;zCcBW
zzr?=pasOxhMn#6d+T<^<pkUI^1@jl<{QF0KD46u0K`tt1_+#Av8TC*w=`Wz@r*Xdj
z2nCb=YLmabf`UnZMn^xe0SYGlFvXuQP%!CFasOD_i-JignDn>t9aT;G2MYsLTKxz3
z8C6<6=5PP7sM4fSeTHvVB8zOJ{mupWuYiy;s^{=Mt@sOs{$V#%&*6tD{(OOI!2KCQ
z{{WDv2HX!*{P_X}nf?&nj(I9nH~K$=0bf)%`fpQ`UsqQe3Nrm?E1_W0pV83|NPvP#
zKTPrG3lvO3!KA+pU8pkapAq4Yh=nS%{xHQKFHqg+zujNIt}awJ`agpnaa1?@SjP3I
zMTP1{{{v`<>PG(=5&pnKsBZKRQ~db?1(SXaWPj_%Q84L`=;((VN5P~Yrug#(3MT#S
z{`z%w{T~mLj!F!KO3zUT+-EGsMPm{mnWywqii4DrN}Xlfdlr9YBHPV6FZ@5>C@vT`
zqPbW2>&^cc2+0_X>acs*|MNi_Fbfni(eclxldg+HN*Buh`D9OoFXYO7{(n9?bP)}0
z;`#hPpU09yN3X#eWBv1X`pw4L7#P06DgS&x4D|s1gK1F@;P1BMNqSep?_7Xm21M<K
z{~D8vqukMd4K-2j=-6)hyQqkAM}Oyzju{Q*f>18#7v>`h5&Z@ce_tOcNcvw_8~so@
z!Jlhq$Z(EI%6@S;zwa+BT$Bq!xu9RR5GoJ&J8XN*M5sLA7^M9>TcPp*R37k4Dvb)l
zs380+jzwj{e??-)UqJ=ozY8p=AdG6x{1RA>#aUD){3px&8?B*&Fe(V6f-tH<e;j7~
zR{B8If_^i|@3umfqkr`vzk{^@<AShl1k4%&Ig58g>Y6&LEO87j{apzMm6ZLy-+zTv
zsHE)o{r=l3LRCh8Gsy4W66JzWF6bAZf=bFzN!hPX;=dh){b)|q7_Et2Bq;e0-udU}
zOjHx?5J3*Tj_w&6L7}@PKAtJ_U0Hd;T^n%t0gHw0u{zt&Kl;0!>!&}lvNGLMJ=um{
zqXZ5758m(C+ui}U`Q>@)%Bz3+o$rK!KS+Xpru)Z#fck{Ldt$#mqW?#qLygf^B3qDf
TYeX0X{CDHJqExPg@%{e=eSobH

literal 0
HcmV?d00001

diff --git a/Ansible/Playbooks/File-Copy/nginx/website/index.html b/Ansible/Playbooks/File-Copy/nginx/website/index.html
new file mode 100644
index 0000000..9deb299
--- /dev/null
+++ b/Ansible/Playbooks/File-Copy/nginx/website/index.html
@@ -0,0 +1,108 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <title>Jim's Garage Ansible Demo</title>
+  <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
+  <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js"></script>
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.16.0/umd/popper.min.js"></script>
+  <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/js/bootstrap.min.js"></script>
+  <style>
+    .hero {
+      background: url(Jims-Garage-1.png) no-repeat center center;
+      background-size: cover;
+      height: 400px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      color: white;
+      text-shadow: 2px 2px 5px rgba(0, 0, 0, 0.7);
+    }
+    
+    .features {
+      margin-top: 50px;
+      text-align: center;
+    }
+    
+    .feature {
+      padding: 20px;
+      transition: transform 0.3s ease;
+    }
+    
+    .feature:hover {
+      transform: scale(1.05);
+    }
+    
+    .footer {
+      background-color: #333;
+      color: white;
+      text-align: center;
+      padding: 20px;
+      position: fixed;
+      width: 100%;
+      bottom: 0;
+    }
+  </style>
+</head>
+<body>
+  <!-- Navigation Bar -->
+  <nav class="navbar navbar-expand-lg navbar-dark bg-dark">
+    <a class="navbar-brand" href="#">My Webpage</a>
+    <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarNav" aria-controls="navbarNav" aria-expanded="false" aria-label="Toggle navigation">
+      <span class="navbar-toggler-icon"></span>
+    </button>
+    <div class="collapse navbar-collapse" id="navbarNav">
+      <ul class="navbar-nav ml-auto">
+        <li class="nav-item">
+          <a class="nav-link" href="#home">Home</a>
+        </li>
+        <li class="nav-item">
+          <a class="nav-link" href="#features">Features</a>
+        </li>
+        <li class="nav-item">
+          <a class="nav-link" href="#contact">Contact</a>
+        </li>
+      </ul>
+    </div>
+  </nav>
+
+  <!-- Hero Section -->
+  <div class="hero" id="home">
+    <h1>Welcome to Jim's Garage Ansible Demo</h1>
+  </div>
+
+  <!-- Features Section -->
+  <div class="container features" id="features">
+    <h2>Our Features</h2>
+    <div class="row">
+      <div class="col-md-4">
+        <div class="feature">
+          <i class="fas fa-cogs fa-3x"></i>
+          <h4>Feature 1</h4>
+          <p>Dynamic and interactive elements.</p>
+        </div>
+      </div>
+      <div class="col-md-4">
+        <div class="feature">
+          <i class="fas fa-bolt fa-3x"></i>
+          <h4>Feature 2</h4>
+          <p>Responsive design and transitions.</p>
+        </div>
+      </div>
+      <div class="col-md-4">
+        <div class="feature">
+          <i class="fas fa-heart fa-3x"></i>
+          <h4>Feature 3</h4>
+          <p>Engaging user experiences.</p>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <!-- Footer Section -->
+  <div class="footer">
+    <p>© 2024 My Webpage. All rights reserved.</p>
+  </div>
+</body>
+</html>
\ No newline at end of file

From 83ca4761100817921d7b39326c4966f14c46fc05 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Mon, 29 Apr 2024 17:24:01 +0100
Subject: [PATCH 10/14] ansible secrets and variables

---
 .../Secrets-Variables/File-Copy-Playbook.yaml | 67 +++++++++++++++++++
 Ansible/Playbooks/Secrets-Variables/password  |  1 +
 .../Secrets-Variables/secrets_file.enc        |  1 +
 3 files changed, 69 insertions(+)
 create mode 100644 Ansible/Playbooks/Secrets-Variables/File-Copy-Playbook.yaml
 create mode 100644 Ansible/Playbooks/Secrets-Variables/password
 create mode 100644 Ansible/Playbooks/Secrets-Variables/secrets_file.enc

diff --git a/Ansible/Playbooks/Secrets-Variables/File-Copy-Playbook.yaml b/Ansible/Playbooks/Secrets-Variables/File-Copy-Playbook.yaml
new file mode 100644
index 0000000..257ed87
--- /dev/null
+++ b/Ansible/Playbooks/Secrets-Variables/File-Copy-Playbook.yaml
@@ -0,0 +1,67 @@
+---
+- name: Deploy Docker Container with Docker Compose
+  hosts: all
+  become: true
+  tasks:
+    - name: Include variables file
+      ansible.builtin.include_vars: myvars.yaml
+
+    - name: Ensure Docker is installed
+      ansible.builtin.package:
+        name: docker
+        state: present
+
+    - name: Ensure Docker service is running
+      ansible.builtin.service:
+        name: docker
+        state: started
+        enabled: true
+
+    - name: Create a directory for Docker Compose files
+      ansible.builtin.file:
+        path: /home/ubuntu/ansible-docker/docker-compose
+        state: directory
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Create a directory for Nginx website files
+      ansible.builtin.file:
+        path: /home/ubuntu/docker/nginx/web
+        state: directory
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Copy docker-compose to remote host
+      ansible.builtin.copy:
+        src: /home/ubuntu/nginx/docker-compose.yaml
+        dest: /home/ubuntu/ansible-docker/docker-compose/docker-compose.yaml
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Copy Nginx website folder to remote host # copies a folder - note no file extension
+      ansible.builtin.copy:
+        src: /home/ubuntu/nginx/website
+        dest: /home/ubuntu/docker/nginx/web
+        mode: '0755'  # Optional file permissions
+        owner: ubuntu  # Optional ownership
+        group: ubuntu  # Optional group ownership
+
+    - name: Replace old name with new name (requires Ansible >= 2.4)
+      ansible.builtin.replace:
+        path: /home/ubuntu/docker/nginx/web/website/index.html
+        regexp: "Jim's Garage"
+        replace: "{{ website_name }}"
+
+    - name: Access and print secret
+      ansible.builtin.replace:
+        path: /home/ubuntu/docker/nginx/web/website/index.html
+        regexp: "Our Features"
+        replace: "{{ api_key }}"
+
+    - name: Start Docker Compose
+      community.docker.docker_compose:
+        project_src: /home/ubuntu/ansible-docker/docker-compose
+        state: present
diff --git a/Ansible/Playbooks/Secrets-Variables/password b/Ansible/Playbooks/Secrets-Variables/password
new file mode 100644
index 0000000..7aa311a
--- /dev/null
+++ b/Ansible/Playbooks/Secrets-Variables/password
@@ -0,0 +1 @@
+password
\ No newline at end of file
diff --git a/Ansible/Playbooks/Secrets-Variables/secrets_file.enc b/Ansible/Playbooks/Secrets-Variables/secrets_file.enc
new file mode 100644
index 0000000..33ec709
--- /dev/null
+++ b/Ansible/Playbooks/Secrets-Variables/secrets_file.enc
@@ -0,0 +1 @@
+api_key: SuperSecretPassword
\ No newline at end of file

From a7b12f0b324ca783400d9741c878fc034aa31170 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Thu, 2 May 2024 13:37:53 +0100
Subject: [PATCH 11/14] docker

---
 .../Playbooks/Docker-Portainer/inventory.yaml |  8 ++++
 .../Playbooks/Docker-Portainer/playbook.yaml  |  7 ++++
 .../roles/docker_install/handlers/main.yaml   |  5 +++
 .../roles/docker_install/tasks/main.yaml      | 41 +++++++++++++++++++
 .../templates/docker_daemon.json.j2           |  3 ++
 .../roles/docker_install/vars/main.yaml       |  5 +++
 .../roles/portainer_deploy/handlers/main.yaml |  6 +++
 .../roles/portainer_deploy/tasks/main.yaml    | 34 +++++++++++++++
 .../templates/docker_compose.yaml.j2          | 13 ++++++
 .../roles/portainer_deploy/vars/main.yaml     |  2 +
 10 files changed, 124 insertions(+)
 create mode 100644 Ansible/Playbooks/Docker-Portainer/inventory.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/playbook.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/docker_install/handlers/main.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/docker_install/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/docker_install/templates/docker_daemon.json.j2
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/docker_install/vars/main.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/handlers/main.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/templates/docker_compose.yaml.j2
 create mode 100644 Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/vars/main.yaml

diff --git a/Ansible/Playbooks/Docker-Portainer/inventory.yaml b/Ansible/Playbooks/Docker-Portainer/inventory.yaml
new file mode 100644
index 0000000..80c494d
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/inventory.yaml
@@ -0,0 +1,8 @@
+---
+docker:
+  hosts:
+    docker01:
+      ansible_host: 192.168.200.222
+      ansible_user: 'ubuntu'
+      ansible_become: true
+      ansible_become_method: sudo
diff --git a/Ansible/Playbooks/Docker-Portainer/playbook.yaml b/Ansible/Playbooks/Docker-Portainer/playbook.yaml
new file mode 100644
index 0000000..6609da0
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/playbook.yaml
@@ -0,0 +1,7 @@
+---
+- name: Install Docker on Ubuntu
+  hosts: all
+  become: true
+  roles:
+    - docker_install
+    - portainer_deploy
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/docker_install/handlers/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/handlers/main.yaml
new file mode 100644
index 0000000..303ef11
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+- name: Restart Docker
+  ansible.builtin.systemd:
+    name: docker
+    state: restarted
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/docker_install/tasks/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/tasks/main.yaml
new file mode 100644
index 0000000..a8cc071
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/tasks/main.yaml
@@ -0,0 +1,41 @@
+---
+- name: Ensure apt is using HTTPS
+  ansible.builtin.apt:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - apt-transport-https
+    - ca-certificates
+    - curl
+    - software-properties-common
+
+- name: Add Docker GPG key
+  ansible.builtin.apt_key:
+    url: "https://download.docker.com/linux/ubuntu/gpg"
+    state: present
+
+- name: Add Docker repository
+  ansible.builtin.apt_repository:
+    repo: "{{ docker_apt_repository }}"
+    state: present
+
+- name: Install Docker CE
+  ansible.builtin.apt:
+    name: docker-ce
+    state: present
+    update_cache: true
+
+- name: Configure Docker daemon options
+  ansible.builtin.template:
+    src: "templates/docker_daemon.json.j2"
+    dest: "/etc/docker/daemon.json"
+    owner: 'root'
+    group: 'root'
+    mode: '0755'  # Optional file permissions
+  notify: Restart Docker
+
+- name: Ensure Docker service is enabled and running
+  ansible.builtin.systemd:
+    name: docker
+    enabled: true
+    state: started
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/docker_install/templates/docker_daemon.json.j2 b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/templates/docker_daemon.json.j2
new file mode 100644
index 0000000..7858f8e
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/templates/docker_daemon.json.j2
@@ -0,0 +1,3 @@
+{
+    "storage-driver": "{{ docker_daemon_options['storage-driver'] }}"
+}
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/docker_install/vars/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/vars/main.yaml
new file mode 100644
index 0000000..5105d78
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/docker_install/vars/main.yaml
@@ -0,0 +1,5 @@
+---
+docker_apt_release_channel: "stable"
+docker_apt_repository: "deb [arch=amd64] https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable"
+docker_daemon_options:
+  storage-driver: "overlay2"
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/handlers/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/handlers/main.yaml
new file mode 100644
index 0000000..c2c1aae
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/handlers/main.yaml
@@ -0,0 +1,6 @@
+---
+- name: Start Portainer
+  community.docker.docker_compose:
+    project_src: /home/ubuntu/docker-compose/portainer
+    state: present
+    restarted: true
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/tasks/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/tasks/main.yaml
new file mode 100644
index 0000000..483ebae
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/tasks/main.yaml
@@ -0,0 +1,34 @@
+---
+- name: Ensure docker-compose is installed
+  ansible.builtin.package:
+    name: docker-compose
+    state: present
+
+- name: Ensure Docker service is running
+  ansible.builtin.service:
+    name: docker
+    state: started
+    enabled: true
+
+- name: Setup Portainer directory
+  ansible.builtin.file:
+    path: /home/ubuntu/docker-compose/portainer
+    state: directory
+    mode: '0755'  # Optional file permissions
+    owner: ubuntu  # Optional ownership
+    group: ubuntu  # Optional group ownership
+
+- name: Deploy Portainer using Docker Compose
+  ansible.builtin.template:
+    src: "templates/docker_compose.yaml.j2"
+    dest: "/home/ubuntu/docker-compose/portainer/docker-compose.yaml"
+    mode: '0755'  # Optional file permissions
+    owner: ubuntu  # Optional ownership
+    group: ubuntu  # Optional group ownership
+  notify:
+    - Start Portainer
+
+- name: Run Portainer docker-compose up
+  community.docker.docker_compose:
+    project_src: /home/ubuntu/docker-compose/portainer
+    state: present
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/templates/docker_compose.yaml.j2 b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/templates/docker_compose.yaml.j2
new file mode 100644
index 0000000..00a105f
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/templates/docker_compose.yaml.j2
@@ -0,0 +1,13 @@
+version: '3.3'
+services:
+  portainer:
+    image: portainer/portainer-ce:{{ portainer_version }}
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+      - portainer_data:/data
+    ports:
+      - "9000:9000"
+    restart: always
+
+volumes:
+  portainer_data:
diff --git a/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/vars/main.yaml b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/vars/main.yaml
new file mode 100644
index 0000000..204bbe2
--- /dev/null
+++ b/Ansible/Playbooks/Docker-Portainer/roles/portainer_deploy/vars/main.yaml
@@ -0,0 +1,2 @@
+---
+portainer_version: "latest"

From 916df74458db63b0adf0fd4b78ebc227b69f9cac Mon Sep 17 00:00:00 2001
From: tehNooB <125163838+JamesTurland@users.noreply.github.com>
Date: Thu, 2 May 2024 16:35:56 +0100
Subject: [PATCH 12/14] Update docker-compose.yaml

---
 Headscale/docker-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Headscale/docker-compose.yaml b/Headscale/docker-compose.yaml
index 690ec75..339a36a 100644
--- a/Headscale/docker-compose.yaml
+++ b/Headscale/docker-compose.yaml
@@ -8,7 +8,7 @@ services:
     ports:
         - 8080:8080
         - 9090:9090
-    image: headscale/headscale:latest
+    image: headscale/headscale:0.22.3
     command: headscale serve
     restart: unless-stopped
 

From d86eb067029a41036dde7f1a833f1fc5967df5a7 Mon Sep 17 00:00:00 2001
From: cyberops7 <18562612+cyberops7@users.noreply.github.com>
Date: Thu, 2 May 2024 21:27:05 -0600
Subject: [PATCH 13/14] traefik v3 requires updating the CRDs API group version

---
 .../Portainer/default-headers.yaml            |  2 +-
 .../Portainer/ingress.yaml                    |  2 +-
 .../WireGuard-Easy/default-headers.yaml       |  2 +-
 .../WireGuard-Easy/ingress.yaml               |  2 +-
 .../WireGuard-Easy/ingressRouteUDP.yaml       |  2 +-
 .../CrowdSec/Bouncer/bouncer-middleware.yaml  |  2 +-
 Kubernetes/GitOps/Gotify/default-headers.yaml |  2 +-
 Kubernetes/GitOps/Gotify/ingress.yaml         |  2 +-
 .../default-headers.yaml                      |  2 +-
 .../Traefik-External-Service/ingress.yaml     |  2 +-
 .../Helm/Traefik/Dashboard/ingress.yaml       |  2 +-
 .../Helm/Traefik/Dashboard/middleware.yaml    |  2 +-
 .../Helm/Traefik/default-headers.yaml         |  2 +-
 .../Manifest/PiHole/default-headers.yaml      |  2 +-
 .../Manifest/PiHole/ingress.yaml              |  2 +-
 Kubernetes/Traefik-PiHole/readme.md           | 22 +++++++++++++++++++
 Unifi-Controller/kubernetes/ingress.yaml      |  4 ++--
 17 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml b/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml
index fd09585..f897e33 100644
--- a/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml
+++ b/Kubernetes/Create-manifest-helm/Portainer/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml b/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml
index f1517af..04ab1ef 100644
--- a/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml
+++ b/Kubernetes/Create-manifest-helm/Portainer/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: portainer
diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml
index 4b9de97..4e14585 100644
--- a/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml
+++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml
index 4130ba9..cbaf16f 100644
--- a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml
+++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: wg-easy
diff --git a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml
index b2f7d90..f66d4ee 100644
--- a/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml
+++ b/Kubernetes/Create-manifest-helm/WireGuard-Easy/ingressRouteUDP.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRouteUDP
 metadata:
   name: wg-easy
diff --git a/Kubernetes/CrowdSec/Bouncer/bouncer-middleware.yaml b/Kubernetes/CrowdSec/Bouncer/bouncer-middleware.yaml
index c829563..618d969 100644
--- a/Kubernetes/CrowdSec/Bouncer/bouncer-middleware.yaml
+++ b/Kubernetes/CrowdSec/Bouncer/bouncer-middleware.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: bouncer
diff --git a/Kubernetes/GitOps/Gotify/default-headers.yaml b/Kubernetes/GitOps/Gotify/default-headers.yaml
index ef8e3f6..7dc41c5 100644
--- a/Kubernetes/GitOps/Gotify/default-headers.yaml
+++ b/Kubernetes/GitOps/Gotify/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/GitOps/Gotify/ingress.yaml b/Kubernetes/GitOps/Gotify/ingress.yaml
index dc88102..3f1ae6d 100644
--- a/Kubernetes/GitOps/Gotify/ingress.yaml
+++ b/Kubernetes/GitOps/Gotify/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: gotify
diff --git a/Kubernetes/Traefik-External-Service/default-headers.yaml b/Kubernetes/Traefik-External-Service/default-headers.yaml
index 32a85bd..c2dee58 100644
--- a/Kubernetes/Traefik-External-Service/default-headers.yaml
+++ b/Kubernetes/Traefik-External-Service/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/Traefik-External-Service/ingress.yaml b/Kubernetes/Traefik-External-Service/ingress.yaml
index 2594e29..e57b614 100644
--- a/Kubernetes/Traefik-External-Service/ingress.yaml
+++ b/Kubernetes/Traefik-External-Service/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: proxmox
diff --git a/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/ingress.yaml b/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/ingress.yaml
index ae80892..3debb78 100644
--- a/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/ingress.yaml
+++ b/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik-dashboard
diff --git a/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/middleware.yaml b/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/middleware.yaml
index 029499e..2446277 100644
--- a/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/middleware.yaml
+++ b/Kubernetes/Traefik-PiHole/Helm/Traefik/Dashboard/middleware.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: traefik-dashboard-basicauth
diff --git a/Kubernetes/Traefik-PiHole/Helm/Traefik/default-headers.yaml b/Kubernetes/Traefik-PiHole/Helm/Traefik/default-headers.yaml
index 435e574..b0884d2 100644
--- a/Kubernetes/Traefik-PiHole/Helm/Traefik/default-headers.yaml
+++ b/Kubernetes/Traefik-PiHole/Helm/Traefik/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/Traefik-PiHole/Manifest/PiHole/default-headers.yaml b/Kubernetes/Traefik-PiHole/Manifest/PiHole/default-headers.yaml
index 44c1837..fb30a01 100644
--- a/Kubernetes/Traefik-PiHole/Manifest/PiHole/default-headers.yaml
+++ b/Kubernetes/Traefik-PiHole/Manifest/PiHole/default-headers.yaml
@@ -1,4 +1,4 @@
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
diff --git a/Kubernetes/Traefik-PiHole/Manifest/PiHole/ingress.yaml b/Kubernetes/Traefik-PiHole/Manifest/PiHole/ingress.yaml
index dc7bc4c..ae03634 100644
--- a/Kubernetes/Traefik-PiHole/Manifest/PiHole/ingress.yaml
+++ b/Kubernetes/Traefik-PiHole/Manifest/PiHole/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: pihole
diff --git a/Kubernetes/Traefik-PiHole/readme.md b/Kubernetes/Traefik-PiHole/readme.md
index e87b035..79094a2 100644
--- a/Kubernetes/Traefik-PiHole/readme.md
+++ b/Kubernetes/Traefik-PiHole/readme.md
@@ -2,3 +2,25 @@
 Make sure that you watch the video instructions carefully as you need to amend the files correctly.
 YOU CANNOT JUST RUN THIS SCRIPT!
 Incorrect use can result in you being locked out of Lets Encrypt for a period of time.
+
+# NOTE FOR TRAEFIK v3 #
+Many guides out there (including, until recently, this repo) reference an older version of the Kubernetes CRDs API group.
+This older version is [deprecated](https://doc.traefik.io/traefik/master/migration/v2-to-v3/#kubernetes-crds-api-group-traefikcontainous) 
+as of Traefik v3 (released [29 April 2024](https://github.com/traefik/traefik/releases/tag/v3.0.0)) and must be updated to the new version
+in your IngressRoute, Middleware, ServersTransport, etc. yaml manifests for Traefik.  Any resources with the deprecated version will not 
+be recognized by Traefik v3.
+
+Old, deprecated version:
+```yaml
+apiVersion: traefik.containo.us/v1alpha1
+```
+
+New, supported version:
+```yaml
+apiVersion: traefik.io/v1alpha1
+```
+This new version is also supported in later releases of Traefik v2, so you can update your Traefik-related manifests 
+to the new version and apply the updated manifests before upgrading your Traefik deployment.
+
+It may be worth reviewing other v2 to v3 migration notes provided by Traefik: 
+[Traefik v2 to v3 Migration](https://doc.traefik.io/traefik/master/migration/v2-to-v3/)
diff --git a/Unifi-Controller/kubernetes/ingress.yaml b/Unifi-Controller/kubernetes/ingress.yaml
index 171cf64..bfe8728 100644
--- a/Unifi-Controller/kubernetes/ingress.yaml
+++ b/Unifi-Controller/kubernetes/ingress.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
@@ -16,7 +16,7 @@ spec:
     customRequestHeaders:
       X-Forwarded-Proto: https
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
   name: unifi-controller

From 13bf31486fa9c1df6e7ff04ccebd402502abdf32 Mon Sep 17 00:00:00 2001
From: James Turland <james@turland.uk>
Date: Wed, 8 May 2024 12:30:25 +0100
Subject: [PATCH 14/14] rke2

---
 .../RKE2/collections/requirements.yaml        |   6 +
 .../RKE2/inventory/group_vars/all.yaml        |  18 +++
 Ansible/Playbooks/RKE2/inventory/hosts.ini    |  11 ++
 .../RKE2/roles/add-agent/tasks/main.yaml      |  17 +++
 .../add-agent/templates/rke2-agent-config.j2  |   5 +
 .../RKE2/roles/add-server/tasks/main.yaml     |  53 +++++++
 .../templates/rke2-server-config.j2           |  10 ++
 .../roles/apply-manifests/tasks/main.yaml     |  60 ++++++++
 .../templates/metallb-ippool.j2               |   8 ++
 .../RKE2/roles/kube-vip/tasks/main.yaml       |  17 +++
 .../kube-vip/templates/kube-vip-config.j2     |  88 ++++++++++++
 .../RKE2/roles/prepare-nodes/main.yaml        |  15 ++
 .../RKE2/roles/rke2-download/tasks/main.yaml  |  20 +++
 .../RKE2/roles/rke2-download/vars/main.yaml   |   0
 .../RKE2/roles/rke2-prepare/tasks/main.yaml   | 134 ++++++++++++++++++
 .../templates/rke2-agent.service.j2           |  13 ++
 .../templates/rke2-server-config.j2           |  10 ++
 .../templates/rke2-server.service.j2          |  13 ++
 .../RKE2/roles/rke2-prepare/vars/main.yaml    |   0
 Ansible/Playbooks/RKE2/site.yaml              |  61 ++++++++
 20 files changed, 559 insertions(+)
 create mode 100644 Ansible/Playbooks/RKE2/collections/requirements.yaml
 create mode 100644 Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml
 create mode 100644 Ansible/Playbooks/RKE2/inventory/hosts.ini
 create mode 100644 Ansible/Playbooks/RKE2/roles/add-agent/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/add-agent/templates/rke2-agent-config.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/add-server/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/add-server/templates/rke2-server-config.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/apply-manifests/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/apply-manifests/templates/metallb-ippool.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/kube-vip/templates/kube-vip-config.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/prepare-nodes/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-download/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-prepare/tasks/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-agent.service.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server-config.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server.service.j2
 create mode 100644 Ansible/Playbooks/RKE2/roles/rke2-prepare/vars/main.yaml
 create mode 100644 Ansible/Playbooks/RKE2/site.yaml

diff --git a/Ansible/Playbooks/RKE2/collections/requirements.yaml b/Ansible/Playbooks/RKE2/collections/requirements.yaml
new file mode 100644
index 0000000..3ffb535
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/collections/requirements.yaml
@@ -0,0 +1,6 @@
+---
+collections:
+  - name: ansible.utils
+  - name: community.general
+  - name: ansible.posix
+  - name: kubernetes.core
\ No newline at end of file
diff --git a/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml
new file mode 100644
index 0000000..458b16e
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/inventory/group_vars/all.yaml
@@ -0,0 +1,18 @@
+os: "linux"
+arch: "amd64"
+
+kube_vip_version: "v0.8.0"
+vip_interface: eth0
+vip: 192.168.3.50
+
+metallb_version: v0.13.12
+lb_range: 192.168.3.80-192.168.3.90
+lb_pool_name: first-pool
+
+rke2_version: "v1.29.4+rke2r1"
+rke2_install_dir: "/usr/local/bin"
+rke2_binary_url: "https://github.com/rancher/rke2/releases/download/{{ rke2_version }}/rke2.linux-amd64"
+
+ansible_user: ubuntu
+ansible_become: true
+ansible_become_method: sudo
diff --git a/Ansible/Playbooks/RKE2/inventory/hosts.ini b/Ansible/Playbooks/RKE2/inventory/hosts.ini
new file mode 100644
index 0000000..2ebbc5d
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/inventory/hosts.ini
@@ -0,0 +1,11 @@
+# Make sure Ansible host has access to these devices
+# Good idea to snapshot all machines and deploy uing cloud-init
+
+[servers]
+server1 ansible_host=192.168.3.21
+server2 ansible_host=192.168.3.22
+server3 ansible_host=192.168.3.23
+
+[agents]
+agent1 ansible_host=192.168.3.24
+agent2 ansible_host=192.168.3.25
diff --git a/Ansible/Playbooks/RKE2/roles/add-agent/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/add-agent/tasks/main.yaml
new file mode 100644
index 0000000..edd2aed
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/add-agent/tasks/main.yaml
@@ -0,0 +1,17 @@
+# Copy agent config to all agents - we need to change agent2 & 3 later with the token
+- name: Deploy RKE2 Agent Configuration
+  ansible.builtin.template:
+    src: templates/rke2-agent-config.j2
+    dest: /etc/rancher/rke2/config.yaml
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname in groups['agents']
+
+# Check agents have restarted to pick up config
+- name: Ensure RKE2 agents are enabled and running
+  ansible.builtin.systemd:
+    name: rke2-agent
+    enabled: true
+    state: restarted
+    daemon_reload: true
diff --git a/Ansible/Playbooks/RKE2/roles/add-agent/templates/rke2-agent-config.j2 b/Ansible/Playbooks/RKE2/roles/add-agent/templates/rke2-agent-config.j2
new file mode 100644
index 0000000..3dafb3d
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/add-agent/templates/rke2-agent-config.j2
@@ -0,0 +1,5 @@
+write-kubeconfig-mode: "0644"
+token: {{ hostvars['server1']['token'] }}
+server: https://{{ hostvars['server1']['ansible_host'] }}:9345
+node-label:
+  - "agent=true"
diff --git a/Ansible/Playbooks/RKE2/roles/add-server/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/add-server/tasks/main.yaml
new file mode 100644
index 0000000..3acb216
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/add-server/tasks/main.yaml
@@ -0,0 +1,53 @@
+# Copy server config with token to all servers except server 1 (this has token)
+- name: Deploy RKE2 server Configuration
+  ansible.builtin.template:
+    src: templates/rke2-server-config.j2
+    dest: /etc/rancher/rke2/config.yaml
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname != groups['servers'][0]
+
+# Keep checking the cluster API until it's functioning (deployed)
+- name: Wait for cluster API to be ready (can take 5-10 mins depending on internet/hardware)
+  ansible.builtin.command:
+    cmd: "kubectl get nodes"
+  register: kubectl_output
+  until: "'connection refused' not in kubectl_output.stderr"
+  retries: 120
+  delay: 10
+  changed_when: true
+  become_user: "{{ ansible_user }}"
+  when: inventory_hostname == groups['servers'][0]
+
+# Use kubectl to deploy yaml. Perhaps this can be added to the manifest folder initially
+- name: Apply kube vip configuration file
+  ansible.builtin.command:
+    cmd: kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml apply -f https://kube-vip.io/manifests/rbac.yaml
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
+
+# Apply the kube-vip configration. Perhaps this can be added to the manifest folder initially
+- name: Apply kube vip configuration file
+  ansible.builtin.command:
+    cmd: kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml apply -f https://raw.githubusercontent.com/kube-vip/kube-vip-cloud-provider/main/manifest/kube-vip-cloud-controller.yaml
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
+
+# Check that additional servers are restarted
+- name: Ensure additional RKE2 servers are enabled and running
+  ansible.builtin.systemd:
+    name: rke2-server
+    enabled: true
+    state: restarted
+    daemon_reload: true
+  when: inventory_hostname != groups['servers'][0]
+
+# enable additional servers
+- name: Ensure RKE2 server is enabled and running
+  ansible.builtin.systemd:
+    name: rke2-server
+    enabled: true
+    state: restarted
+    daemon_reload: true
+  when: inventory_hostname != groups['servers'][0]
diff --git a/Ansible/Playbooks/RKE2/roles/add-server/templates/rke2-server-config.j2 b/Ansible/Playbooks/RKE2/roles/add-server/templates/rke2-server-config.j2
new file mode 100644
index 0000000..d7a51e8
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/add-server/templates/rke2-server-config.j2
@@ -0,0 +1,10 @@
+write-kubeconfig-mode: "0644"
+token: {{ hostvars['server1']['token'] }}
+server: https://{{ hostvars['server1']['ansible_host'] }}:9345
+tls-san:
+  - {{ vip }}
+  - {{ hostvars['server1']['ansible_host'] }}
+  - {{ hostvars['server2']['ansible_host'] }}
+  - {{ hostvars['server3']['ansible_host'] }}
+node-label:
+  - server=true
\ No newline at end of file
diff --git a/Ansible/Playbooks/RKE2/roles/apply-manifests/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/apply-manifests/tasks/main.yaml
new file mode 100644
index 0000000..bf5ea47
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/apply-manifests/tasks/main.yaml
@@ -0,0 +1,60 @@
+# Wait for Server 1 to be ready before continuing with metallb deployment
+- name: Wait for k8s nodes with node label 'server=true' to be ready, otherwise we cannot start metallb deployment
+  ansible.builtin.command:
+    cmd: "kubectl wait --for=condition=Ready nodes --selector server=true --timeout=600s"
+  register: nodes_ready
+  retries: 120
+  delay: 10
+  changed_when: true
+  become_user: "{{ ansible_user }}"
+  when: inventory_hostname == groups['servers'][0]
+
+# Create namespace so that we can deploy metallb
+- name: Apply metallb namespace
+  ansible.builtin.command:
+    cmd: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/namespace.yaml
+  become_user: "{{ ansible_user }}"
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
+
+# Apply metallb manifest
+- name: Apply metallb manifest
+  ansible.builtin.command:
+    cmd: kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/{{ metallb_version }}/config/manifests/metallb-native.yaml
+  become_user: "{{ ansible_user }}"
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
+
+# Wait for metallb deployment pods to be alive before deploying metallb manifests
+- name: Wait for metallb pods to be ready, otherwise we cannot start metallb deployment
+  ansible.builtin.command:
+    cmd: "kubectl wait --namespace metallb-system --for=condition=ready pod --selector=component=controller --timeout=1800s"
+  changed_when: true
+  become_user: "{{ ansible_user }}"
+  when: inventory_hostname == groups['servers'][0]
+
+# Apply L2 Advertisement for metallb
+- name: Apply metallb L2 Advertisement
+  ansible.builtin.command:
+    cmd: kubectl apply -f https://raw.githubusercontent.com/JamesTurland/JimsGarage/main/Kubernetes/RKE2/l2Advertisement.yaml
+  become_user: "{{ ansible_user }}"
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
+
+# Deploy metal IP Pool to Server 1
+- name: Copy metallb IPPool to server 1
+  ansible.builtin.template:
+    src: templates/metallb-ippool.j2
+    dest: /home/{{ ansible_user }}/ippool.yaml
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+    mode: '0755'
+  when: inventory_hostname == groups['servers'][0]
+
+# don't think this will work as nodes are no execute, might need agents first
+- name: Apply metallb ipppool
+  ansible.builtin.command:
+    cmd: kubectl apply -f /home/{{ ansible_user }}/ippool.yaml
+  become_user: "{{ ansible_user }}"
+  changed_when: true
+  when: inventory_hostname == groups['servers'][0]
diff --git a/Ansible/Playbooks/RKE2/roles/apply-manifests/templates/metallb-ippool.j2 b/Ansible/Playbooks/RKE2/roles/apply-manifests/templates/metallb-ippool.j2
new file mode 100644
index 0000000..6673b63
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/apply-manifests/templates/metallb-ippool.j2
@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: {{ lb_pool_name }}
+  namespace: metallb-system
+spec:
+  addresses:
+  - {{ lb_range }}
\ No newline at end of file
diff --git a/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml
new file mode 100644
index 0000000..aaa500b
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/kube-vip/tasks/main.yaml
@@ -0,0 +1,17 @@
+# Create directory to deploy kube-vip manifest
+- name: Create directory for Kube VIP Manifest
+  ansible.builtin.file:
+    path: "/var/lib/rancher/rke2/server/manifests"
+    state: directory
+    mode: '0644'
+  when: inventory_hostname in groups['servers']
+
+# Copy kube-vip to server 1 manifest folder for auto deployment at bootstrap
+- name: Deploy Kube VIP Configuration
+  ansible.builtin.template:
+    src: templates/kube-vip-config.j2
+    dest: /var/lib/rancher/rke2/server/manifests/kube-vip.yaml
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname == groups['servers'][0]
diff --git a/Ansible/Playbooks/RKE2/roles/kube-vip/templates/kube-vip-config.j2 b/Ansible/Playbooks/RKE2/roles/kube-vip/templates/kube-vip-config.j2
new file mode 100644
index 0000000..c0731fc
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/kube-vip/templates/kube-vip-config.j2
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  creationTimestamp: null
+  labels:
+    app.kubernetes.io/name: kube-vip-ds
+    app.kubernetes.io/version: {{ kube_vip_version }}
+  name: kube-vip-ds
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: kube-vip-ds
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app.kubernetes.io/name: kube-vip-ds
+        app.kubernetes.io/version: {{ kube_vip_version }}
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
+            - matchExpressions:
+              - key: node-role.kubernetes.io/control-plane
+                operator: Exists
+      containers:
+      - args:
+        - manager
+        env:
+        - name: vip_arp
+          value: "true"
+        - name: port
+          value: "6443"
+        - name: vip_interface
+          value: {{ vip_interface }}
+        - name: vip_cidr
+          value: "32"
+        - name: cp_enable
+          value: "true"
+        - name: cp_namespace
+          value: kube-system
+        - name: vip_ddns
+          value: "false"
+        - name: svc_enable
+          value: "false"
+        - name: svc_leasename
+          value: plndr-svcs-lock
+        - name: vip_leaderelection
+          value: "true"
+        - name: vip_leasename
+          value: plndr-cp-lock
+        - name: vip_leaseduration
+          value: "5"
+        - name: vip_renewdeadline
+          value: "3"
+        - name: vip_retryperiod
+          value: "1"
+        - name: address
+          value: {{ vip }}
+        - name: prometheus_server
+          value: :2112
+        image: ghcr.io/kube-vip/kube-vip:{{ kube_vip_version }}
+        imagePullPolicy: Always
+        name: kube-vip
+        resources: {}
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+            - NET_RAW
+      hostNetwork: true
+      serviceAccountName: kube-vip
+      tolerations:
+      - effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
+  updateStrategy: {}
+status:
+  currentNumberScheduled: 0
+  desiredNumberScheduled: 0
+  numberMisscheduled: 0
+  numberReady: 0
diff --git a/Ansible/Playbooks/RKE2/roles/prepare-nodes/main.yaml b/Ansible/Playbooks/RKE2/roles/prepare-nodes/main.yaml
new file mode 100644
index 0000000..400f4b0
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/prepare-nodes/main.yaml
@@ -0,0 +1,15 @@
+- name: Enable IPv4 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv4.ip_forward
+    value: "1"
+    state: present
+    reload: true
+  tags: sysctl
+
+- name: Enable IPv6 forwarding
+  ansible.posix.sysctl:
+    name: net.ipv6.conf.all.forwarding
+    value: "1"
+    state: present
+    reload: true
+  tags: sysctl
\ No newline at end of file
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-download/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/rke2-download/tasks/main.yaml
new file mode 100644
index 0000000..c273e6e
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/rke2-download/tasks/main.yaml
@@ -0,0 +1,20 @@
+# Create a directory to download RKE2 binary to
+- name: Create directory for RKE2 binary
+  ansible.builtin.file:
+    path: "{{ rke2_install_dir }}"
+    state: directory
+    mode: '0755'
+
+# Download the RKE2 binary
+- name: Download RKE2 binary
+  ansible.builtin.get_url:
+    url: "{{ rke2_binary_url }}"
+    dest: "{{ rke2_install_dir }}/rke2"
+    mode: '0755'
+
+# Set permissions on the RKE2 binary
+- name: Set executable permissions on the RKE2 binary
+  ansible.builtin.file:
+    path: "{{ rke2_install_dir }}/rke2"
+    mode: '0755'
+    state: file
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml b/Ansible/Playbooks/RKE2/roles/rke2-download/vars/main.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-prepare/tasks/main.yaml b/Ansible/Playbooks/RKE2/roles/rke2-prepare/tasks/main.yaml
new file mode 100644
index 0000000..f1fbccc
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/rke2-prepare/tasks/main.yaml
@@ -0,0 +1,134 @@
+- name: Create directory for RKE2 config
+  ansible.builtin.file:
+    path: "/etc/rancher/rke2"
+    state: directory
+    mode: '0644'
+
+- name: Create directory for RKE2 token
+  ansible.builtin.file:
+    path: "/var/lib/rancher/rke2/server"
+    state: directory
+    mode: '0644'
+
+# Copy server config to server 1 for bootstrap - we need to change server2 & 3 later with the token
+- name: Deploy RKE2 server Configuration
+  ansible.builtin.template:
+    src: templates/rke2-server-config.j2
+    dest: /etc/rancher/rke2/config.yaml
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname in groups['servers']
+
+- name: Create systemd service file for RKE2 server
+  ansible.builtin.template:
+    src: templates/rke2-server.service.j2
+    dest: /etc/systemd/system/rke2-server.service
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname in groups['servers']
+
+- name: Create systemd service file for RKE2 agent
+  ansible.builtin.template:
+    src: templates/rke2-agent.service.j2
+    dest: /etc/systemd/system/rke2-agent.service
+    owner: root
+    group: root
+    mode: '0644'
+  when: inventory_hostname in groups['agents']
+
+# we enable the first server to generate tokens etc, copy this afterwards to other servers
+- name: Ensure RKE2 server is enabled and running
+  ansible.builtin.systemd:
+    name: rke2-server
+    enabled: true
+    state: restarted
+    daemon_reload: true
+  when: inventory_hostname in groups['servers'][0]
+
+# wait for node token to be availale so that we can copy it, we need this to join other nodes
+- name: Wait for node-token
+  ansible.builtin.wait_for:
+    path: /var/lib/rancher/rke2/server/node-token
+  when: inventory_hostname == groups['servers'][0]
+
+# wait for kubectl to be downloaded, part of the rke2 installation
+- name: Wait for kubectl
+  ansible.builtin.wait_for:
+    path: /var/lib/rancher/rke2/bin/kubectl
+  when: inventory_hostname == groups['servers'][0]
+
+# copy kubectl to usr bin so that all users can run kubectl commands
+- name: Copy kubectl to user bin
+  ansible.builtin.copy:
+    src: /var/lib/rancher/rke2/bin/kubectl
+    dest: /usr/local/bin/kubectl
+    mode: '0755'
+    remote_src: true
+  become: true
+  when: inventory_hostname == groups['servers'][0]
+
+# wait for the kubectl copy to complete
+- name: Wait for kubectl
+  ansible.builtin.wait_for:
+    path: /usr/local/bin/kubectl
+  when: inventory_hostname == groups['servers'][0]
+
+# modify token access
+- name: Register node-token file access mode
+  ansible.builtin.stat:
+    path: /var/lib/rancher/rke2/server
+  register: p
+
+- name: Change file access for node-token
+  ansible.builtin.file:
+    path: /var/lib/rancher/rke2/server
+    mode: "g+rx,o+rx"
+  when: inventory_hostname == groups['servers'][0]
+
+# Save token as variable
+- name: Fetch the token from the first server node
+  ansible.builtin.slurp:
+    src: /var/lib/rancher/rke2/server/token
+  register: rke2_token
+  when: inventory_hostname == groups['servers'][0]
+  run_once: true
+
+# convert token to fact
+- name: Save Master node-token for later
+  ansible.builtin.set_fact:
+    token: "{{ rke2_token.content | b64decode | regex_replace('\n', '') }}"
+
+# revert token file access
+- name: Restore node-token file access
+  ansible.builtin.file:
+    path: /var/lib/rancher/rke2/server
+    mode: "{{ p.stat.mode }}"
+  when: inventory_hostname == groups['servers'][0]
+
+# check .kube folder exists so that we can use kubectl (config resides here)
+- name: Ensure .kube directory exists in user's home
+  ansible.builtin.file:
+    path: "/home/{{ ansible_user }}/.kube"
+    state: directory
+    mode: '0755'
+  become: true
+
+# copy kubectl config file to .kube folder
+- name: Copy config file to user home directory
+  ansible.builtin.copy:
+    src: /etc/rancher/rke2/rke2.yaml
+    dest: "/home/{{ ansible_user }}/.kube/config"
+    remote_src: true
+    owner: "{{ ansible_user }}"
+    mode: "u=rw,g=,o="
+  when: inventory_hostname == groups['servers'][0]
+
+# change IP from local to server 1 IP
+- name: Replace IP address with server1
+  ansible.builtin.replace:
+    path: /home/{{ ansible_user }}/.kube/config
+    regexp: '127.0.0.1'
+    replace: "{{ hostvars['server1']['ansible_host'] }}"
+  when: inventory_hostname == groups['servers'][0]
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-agent.service.j2 b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-agent.service.j2
new file mode 100644
index 0000000..b032208
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-agent.service.j2
@@ -0,0 +1,13 @@
+# rke2-agent.service.j2
+[Unit]
+Description=RKE2 Agent
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/rke2 agent
+KillMode=process
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server-config.j2 b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server-config.j2
new file mode 100644
index 0000000..a3131f1
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server-config.j2
@@ -0,0 +1,10 @@
+write-kubeconfig-mode: "0644"
+tls-san:
+  - {{ vip }}
+  - {{ hostvars['server1']['ansible_host'] }}
+  - {{ hostvars['server2']['ansible_host'] }}
+  - {{ hostvars['server3']['ansible_host'] }}
+node-label:
+  - server=true
+disable:
+  - rke2-ingress-nginx
\ No newline at end of file
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server.service.j2 b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server.service.j2
new file mode 100644
index 0000000..a091ebd
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/roles/rke2-prepare/templates/rke2-server.service.j2
@@ -0,0 +1,13 @@
+# rke2-server.service.j2
+[Unit]
+Description=RKE2 server
+After=network.target
+
+[Service]
+ExecStart=/usr/local/bin/rke2 server
+KillMode=process
+Restart=on-failure
+RestartSec=5s
+
+[Install]
+WantedBy=multi-user.target
diff --git a/Ansible/Playbooks/RKE2/roles/rke2-prepare/vars/main.yaml b/Ansible/Playbooks/RKE2/roles/rke2-prepare/vars/main.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/Ansible/Playbooks/RKE2/site.yaml b/Ansible/Playbooks/RKE2/site.yaml
new file mode 100644
index 0000000..d885cbb
--- /dev/null
+++ b/Ansible/Playbooks/RKE2/site.yaml
@@ -0,0 +1,61 @@
+# Hello, thanks for using my playbook, hopefully you can help to improve it.
+# Things that need adding: (there are many more)
+# 1) Support different OS & architectures
+# 2) Support multiple CNIs
+# 3) Improve the wait logic
+# 4) Use kubernetes Ansible plugins more sensibly
+# 5) Optimise flow logic
+# 6) Clean up
+
+###############################################################
+# MAKE SURE YOU CHANGE group_vars/all.yaml VARIABLES!!!!!!!!!!!
+###############################################################
+
+# bootstraps first server and copies configs for others/agents
+- name: Prepare all nodes
+  hosts: servers,agents
+  gather_facts: true # enables us to gather lots of useful variables: https://docs.ansible.com/ansible/latest/collections/ansible/builtin/setup_module.html
+  roles:
+    - prepare-nodes
+
+# creates directories for download and then downloads RKE2 and changes permissions
+- name: Download RKE2
+  hosts: servers,agents
+  gather_facts: true
+  roles:
+    - rke2-download
+
+# Creates RKE2 bootstrap manifests folder and copies kube-vip template over (configured with variables)
+- name: Deploy Kube VIP
+  hosts: servers
+  gather_facts: true
+  roles:
+    - kube-vip
+
+# bootstraps the first server, copies configs to nodes, saves token to use later
+- name: Prepare RKE2 on Servers and Agents
+  hosts: servers,agents
+  gather_facts: true
+  roles:
+    - rke2-prepare
+
+# Adds additional servers using the token from the previous task
+- name: Add additional RKE2 Servers
+  hosts: servers
+  gather_facts: true
+  roles:
+    - add-server
+
+# Adds agents to the cluster
+- name: Add additional RKE2 Agents
+  hosts: agents
+  gather_facts: true
+  roles:
+    - add-agent
+
+# Finish kube-vip, add metallb
+- name: Apply manifests after cluster is created
+  hosts: servers
+  gather_facts: true
+  roles:
+    - apply-manifests