From e88b17a5dc0f7e42baccdaa693802123997cf405 Mon Sep 17 00:00:00 2001 From: Pierre-Olivier Mercier Date: Thu, 9 Feb 2023 09:26:31 +0100 Subject: [PATCH] Add local knot binding --- content/deploy/knot.en.md | 108 ++++++++++++++++++++++++++++++ content/deploy/knot.fr.md | 107 +++++++++++++++++++++++++++++ static/img/choose-dynamic-dns.png | Bin 0 -> 32396 bytes 3 files changed, 215 insertions(+) create mode 100644 content/deploy/knot.en.md create mode 100644 content/deploy/knot.fr.md create mode 100644 static/img/choose-dynamic-dns.png diff --git a/content/deploy/knot.en.md b/content/deploy/knot.en.md new file mode 100644 index 0000000..73ca541 --- /dev/null +++ b/content/deploy/knot.en.md @@ -0,0 +1,108 @@ +--- +data: 2023-02-09T09:12:25+01:00 +title: Connect to a local knot +weight: 21 +--- + +[Knot](https://knot-dns.cz) is an authoritative DNS server developed by the [cz.nic](https://nic.cz) association. + +It is possible to use it with happyDomain through [Dynamic DNS (RFC 2136)](https://www.rfc-editor.org/rfc/rfc2136). + + +## Configure Knot to enable Dynamic DNS + +First, you have to edit the main knot configuration file (usually `/etc/knot/knot.conf`) to add a secret that will be shared between happyDomain and knot to authenticate the changes. Then you have to indicate which domains will be managed by happyDomain. + +### Adding a shared secret {#shared-secret} + +Under the main [`key`](https://knot.readthedocs.io/en/latest/reference.html#key-section) section of your configuration, add the following key: + +```yaml +key: + [...] + - id: happydomain + algorithm: hmac-sha512 + secret: "" +``` + +Obviously replace `` with a string as obtained with `openssl rand -base64 48`. + + +### Creating an authorization rule for happyDomain + +In addition to the key, you must specify in the configuration how the key can be used. + +To do this, under the main [`acl`](https://knot.readthedocs.io/en/latest/reference.html#acl-section) section, we add: + +```yaml +acl: + [...] + - id: acl_happydomain + key: happydomain + action: transfer + action: update +``` + +This associates the `key` defined just before with the actions `transfer` and `update`, respectively to allow retrieving the zone and to update records. + + +### Associate the authorization to each zone + +Now that you have created a rule allowing the `happydomain` key to make changes, you need to indicate to which zones this rule applies. + +For each [zone](https://knot.readthedocs.io/en/latest/reference.html#zone-section), you must add an [`acl`](https://knot.readthedocs.io/en/latest/reference.html#acl) element referencing the `acl_happydomain` rule: + +For example, for an existing `happydomain.org` zone, we will add the `acl` line as follows: + +```yaml +zone: + [...] + - domain: happydomain.org + acl: + - acl_happydomain + [...] +``` + +The `acl` element is a list, so you may already have other acl elements in this list. In this case you just need to add the `acl_happydomain` element to the already existing list. + +You have to add this `acl` element for each zone, unless you use the following trick. + + +### Associate the authorization to all zones + +If you manage many zones, it may be more convenient to set the default authorization for all zones. In this case, instead of the previous section, we will modify the `default` template: + +```yaml +template: + - id: default + acl: + - acl_happydomain + [...] +``` + +The `default` template is applied to all zones by default. By doing so, all zones will inherit the `acl_happydomain` rule. + + +### Apply the configuration + +Now that the configuration file has been modified, tell `knotd` to reload its configuration: + +```sh +knotc reload +``` + + +## Link happyDomain and knot + + +Once `knot` well configured, you can link it to happyDomain using [the *Dynamic DNS* connector]({{< ref "/pages/source-new-choice.md" >}}) : + +![The Dynamic DNS connector on the host selection page](/img/choose-dynamic-dns.png) + +Then fill in the form with the address where your `knot` server is accessible, then fill in the different *Key* fields with [the information from the `knot`'s `key` section](#shared-secret): + +- **Key Name** : corresponds to `id` in knot's configuration ; +- **Key Algorithm** : corresponds to `algorithm` ; +- **Secret Key** : corresponds to `secret`. + +Once the provider is added, it does not allow you to list existing domains, but you can still manually add all your domains. diff --git a/content/deploy/knot.fr.md b/content/deploy/knot.fr.md new file mode 100644 index 0000000..b49a2bf --- /dev/null +++ b/content/deploy/knot.fr.md @@ -0,0 +1,107 @@ +--- +data: 2023-02-09T08:03:25+01:00 +title: Connexion à un knot local +weight: 21 +--- + +[Knot](https://knot-dns.cz) est un serveur DNS faisant autorité développé par l'association [cz.nic](https://nic.cz). + +Il est possible de l'utiliser avec happyDomain en passant par le [Dynamic DNS (RFC 2136)](https://www.rfc-editor.org/rfc/rfc2136). + + +## Configurer Knot pour permettre le Dynamic DNS + +Tout d'abord, il faut éditer le fichier de configuration principal de knot (généralement `/etc/knot/knot.conf`) afin d'ajouter un secret qui sera partagé entre happyDomain et knot pour authentifier les modifications. Puis il faudra indiquer quels domaines vont être gérés par happyDomain. + +### Ajout d'un secret partagé {#shared-secret} + +Sous la section principale [`key`](https://knot.readthedocs.io/en/latest/reference.html#key-section) de votre configuration, ajoutez la clef suivante : + +```yaml +key: + [...] + - id: happydomain + algorithm: hmac-sha512 + secret: "" +``` + +Remplacez évidemment `` par une chaîne de caractères telle qu'obtenue avec `openssl rand -base64 48`. + + +### Création d'une autorisation pour happyDomain + +En plus de la clef, vous devez préciser dans la configuration comment la clef peut être utilisée. + +Pour cela, sous la section principale [`acl`](https://knot.readthedocs.io/en/latest/reference.html#acl-section), on ajoute : + +```yaml +acl: + [...] + - id: acl_happydomain + key: happydomain + action: transfer + action: update +``` + +Cela associe la `key` définie juste avant aux actions `transfer` et `update`, respectivement pour permettre de récupérer la zone et pour mettre à jour des enregistrements. + + +### Associer l'autorisation à chaque zone + +Maintenant que vous avez créé une règle autorisant la clef `happydomain` à apporter des modifications, il faut indiquer à quelles zones cette règle s'applique. + +Pour chaque [zone](https://knot.readthedocs.io/en/latest/reference.html#zone-section), il faut ajouter un élément [`acl`](https://knot.readthedocs.io/en/latest/reference.html#acl) référençant la règle `acl_happydomain` : + +Par exemple, pour une zone `happydomain.org` déjà existante, on ajoutera la ligne `acl` comme suit : + +```yaml +zone: + [...] + - domain: happydomain.org + acl: + - acl_happydomain + [...] +``` + +L'élément `acl` est une liste, vous pouvez donc avoir déjà d'autres éléments `acl` dans cette liste. Il convient alors d'ajouter simplement l'élément `acl_happydomain` à la liste déjà existante. + +Il faut ajouter cet élément `acl` pour chaque zone, sauf à utiliser l'astuce suivante. + + +### Associer l'autorisation à toutes les zones + +Si vous gérez de nombreuses zones, il peut être plus pratique de définir l'autorisation par défaut pour toutes les zones. Dans ce cas, à la place de la section précédente, on modifiera le modèle `default` : + +```yaml +template: + - id: default + acl: + - acl_happydomain + [...] +``` + +Le modèle `default` est appliqué par défaut à toutes les zones. En faisant ainsi, toutes les zones hériteront de la règle `acl_happydomain`. + + +### Appliquer la configuration + +Maintenant que le fichier de configuration a été modifié, indiquez à `knotd` qu'il doit recharger sa configuration : + +```sh +knotc reload +``` + + +## Liaison entre happyDomain et knot + +Une fois `knot` bien configuré, vous pouvez le relier à happyDomain en utilisant [le connecteur *Dynamic DNS*]({{< ref "/pages/source-new-choice.md" >}}) : + +![Le connecteur Dynamic DNS sur la page de choix de l'hébergeur](/img/choose-dynamic-dns.png) + +Remplissez ensuite le formulaire avec l'adresse à laquelle votre serveur `knot` est accessible, puis ensuite les différents champs *Key* avec [les informations de la section `key` de `knot`](#shared-secret) : + +- **Key Name** : correspond au champ `id` ; +- **Key Algorithm** : correspond au champ `algorithm` ; +- **Secret Key** : correspond au champ `secret`. + +Une fois le fournisseur ajouté, il ne permet pas de lister les domaines existants, mais vous pouvez tout de même ajouter manuellement tous vos domaines. diff --git a/static/img/choose-dynamic-dns.png b/static/img/choose-dynamic-dns.png new file mode 100644 index 0000000000000000000000000000000000000000..766fddab60f59fe6b862b17b0e73de18d3e5a35c GIT binary patch literal 32396 zcmb?@Ra9Kfx^03aH0}hap>c-YHH#MH)zsQV#;scAY#6LH$r;%`niS8B=_bG z#T#j{&noVE$3BSPRaIe687yt>pFe;3QuI~iGkXmZ9#;Y!$Cob;56-L6P7A!SWv6*fuai7Edb;&GFPN=Lxf=5t z)Uer%l7|QBeQd5oJFUbk_f9xC!QToDhMPpD7VG8x^~O2!=IhQG_j(U>rG*QgTenr~-U(5v(r= zxNraW3q>yG7r1E*ieTZOvrrzq+^`$PsKLSLr6|f;%SxhKrz@Nig(0vMd@2cHJTki5)ot;d;sFf~ zyrs7=Uuk1EjrCCeBbyJJEFsoa?LBKQ@V-jkzJezcRQV6@xBi0pmKyWPT&3`Xv3uR4 zU1;&3;YNVT_aJ6Tamcs7VbA;S;=0o~$h>s^(h}_0RPQ z;=h}bW~YIIASMD2$<3H;gRnSHY5G!8+z_COXsmDsFF|4P*ymy8fpdlK%;_3e)jwm` zgyBs2L)cv%$|_;pNJ{RHe;odR8d^Q-C2oz5zlPz~)sAv*o$o!GAmOixX=k9>p&dtu zw!3^>Kypz2Y+8;@z0C)PD+a3u?3;}qZTuUne4UU^8WNrVzFE8W_HqK+(zL-kaSb(1 zFH4Z2v&zSxvEI1qx_Xm3(=>;o4DctSe}Z$)sUMB*-gO9>aIN|kyth!8u279-?IBegX82B2N>6${R16J-S;*!<>~5+?ahSq zr~B~!jUE4EtZAacl1y!Py5Zz@m11oh6H zNbkiEzgM)MS1BP^XQ2%1bbpp4Ri)ZEA**85<&9$W1FF{!kqV`0koe|N4{YnEJcBa& zQ0!bGtJxCAGbSr&%L_!+usoR)XIv+`_NVS`#%!g5R4=m^y5U8ZiAJXnIi(o;Vv9J{ znBS!)j%6is{~NyVIR*cg3x6R7ea8-a%hiN8(&4b+dxdYZk-^*^pPmwdWbmvkc1nPc zLj~+bHNl7W%@pro7z`m{NcMStVl(P5q%pcI(#PMtn>5{6kI6voj5Paoh+UOOI6AcWbk6dU@_zNcByJ~sts}H1M0Uic6iOPD#aY%Spm#kdbj7_sx%+ zppHe~pXl)$1|<|-VT}w)qR^win@z6jX;G6I$-EfR)x`||PJ$@y{VD!=YvRAiW~PJN zD!`|CsK9qLewYl6F%UC2pGs+AzksMjy^%yzj5)23c)G1w5WYBZrq+53odgp*-e3R( zODk>l9WOKgQcu|{O~PlQwtFDJ@fAsu0XsfE<}3Zd?ZcSM7}T+{cUq~X!IXNd9jP^S zly4jBy`b)Y{=Xl%9`IQN(2w%7^!oFE znkDYrmsdjl|34fY9~CD~&8RT22fetsm}(wBzy>l?dtlDcM5Z{<^#?UeYD`4bljhh_ z)Y%+Ura!1aG@fmijx6MUhf=B8nP)^|aof;fk)VFj|68l;7m>!9#Q(g&3$H4t@k@{@ zl4lHe^9;4o45#i4boOu~Hny4`^eI%?9@G;Pwa#Xo@H~o3GsUt^p=b<9=tc}Z(;w>& zH8#x?YavZdiWYewV&8XELanO!upt66rPPSove5dE5BBe%e8rp|)|GviJZ=!a!-rf; zh#N8X+1;T#(`stK)s#7fAX?22N+~38AsOy(Rof&y%m)So?-3?eAyV zH)(06kcZK&vx(mt$I__5f`W+ou0V8puB0uF;15Nj>>AIJAcHR|Sh(VpmdU8_9{tRa z-*MR3f$OvGya6wYF~C~72nh)=N@ZBX*cSwGu|jKiA~IVw)L1U&07E4eX44h$Kp5iG zkf-#&H$fK6SNM$Wg-obDOP5?U6MtoQKBc#gMEh*&NJ0tbj5oyLV`V~?k{wGRkpTck zf|%*xei#Ovi?(m>Pv^0XM2KL0?)l@v08h@uAKjcnP5FseJPeE-Z6@`ZSD3Q`lVaP@ zm@X~>xF?4Hxv`fE)k>eFlUOW5hFxwh>~4ARC3uus^PaoOb}3}ZwiS_`{aEfl>?0ED zKT6y;zN3ln;m*baAN%YLCu}|WotYXd9>@iRiSd5W#l`DOv^QE2y;bW?SEMPD4RiX5 z0F=x#xMTBPD6F8vs25Fj!fhwLgcWVh+hJ@WOakhFRGg@l;x#SuikOUE2-O;4hV0sye5 z)&QwVRLK<%0}XpW#H1waQNk;EXQ_bRGt&+K{`c%i<>;WTGHJ=Uv?LaTVb>rDaii6h zA4-x^5LhZ?(*}?z6h{&gH_Nk?nMOns7}47&f2f8{YB`YQM7?Pvc*?dN-7I>scNjy; zwjK`oQYhhK7kUI$KssJ*Cm^lrn#T-tyEzQs0Ego8NZhS789_S3-BusoOixdzvD z0i$s5RqXyv_?IR5$~|cq(FQ|c?RTqMIp06muY9tB6pIAz9%TQp+{7aT z3HmnIgZnYl{ddquPBC5@J~%&N4RnI!7`APLlH|(8QoSoMD&9;VIoIIEyoCdjf-Ku= z=$tHq5#&2jNQXdLCntr%l}2rl zWcW<5Q~&fL%eoq;VQ$VRQ#0|3f&4GPp^7)(PFLlE%xI{XE9h3CB*8-R5mbFN+xaD^ zf_P3*x70Te=X9(3+5S@60?NIS1}aPTsFq(jj#QMgnT0{aD!u~#c)fkWKLJX^{fyHC zXIky{sOCxnj9H7Lofk-vqchA2rGDLA?uWw=T{7?-$GvtL$F1hFmm4&o zBtefe7jp>Op4XatGb zx@7I{?eckGe~zBM3yOfI65ibNBr)p}VXU~BRVAjd=m+zn;BVayf2C7y!Tj4~9dc8t zN`1iJwg-)OI0t-qntv$KYeYV6zr67--+%0W9-Jlj9V{`Jq+*ciuxDMb^IVaTdvxT` z`*8bVBxO3<|3z7y$Nd&bqU#);tfQTlrL*XixB8ydZ){*WSoZ7;zEi1E=7*D3?qw;< z9xhVn-3ubz{rG*i`JjMs|H9h%FYNS7J_6fQ0%qk8KV(uw3T0V)@X&}U_+%~s=AS?N zq9{NH4TczvbPC2=P0kC%l`1VwK3XkH?bar*G`(AL84r@UNNG zK!TWg&v|k)L@n?qizp3;WYPGc;`G{1pBgv3Jo1Q&38sgS9tZfk+nE4*xcsiKxSp7dU1cH5nVx2Y zCC*j_29a4QBQ&i~)t`p%qYN7hvVj%!-5ox3W!`kgWdm>TBPXNCSN#LupRde9$7N?> zJrB_`)4D*yyVD19N-8S&=GEnKx=AjZ)u^?XG#hWIZTB@k&ThN+fQFj$utK91S<*P(DDmhlgE`~Vb%|c)?c!coWMtoX0cwSEYn=xf_D@hv z#IT6>q6ylUYTJom<&1CV3;MD(W>B)CqN0&sTAzEZwZj6c(w6wNV6CTrCrWh7QK!}y;T)cRR^Fb~S5KAQC70;K3Mw#uc3@-)SlmIW><^up^a%Oi z&KU=sN#%N7ocK>H41A#VA?CINLvAXu$naC_CXWt8Whip+(%{>|o1g8wu)=0cCwc=0 zM$bw*${Q_JMtx1~Cb5us%I9s_wtSB8<#lpSt62P(Wha#okcr;fJ>6OR)_2VP$g6F^ ztRkly1ZAXD>xHfg+77?{8X|T#FgUoCEBGLSO|NVn;kn|9!&2^d%AGRd;)TE6{EKoR zLuY!b;xh?Kw<2xO{wB#$5E2QC)fbFTTZ36`Tf+s)5Jpv|*tbvQVrj&=o_cGf{9a8($N>F9w=LX9oLC^1(?r@{W3*taQmXQq>#G+){Y!uG9^-ysk_alMLE$FOr}ZNgh0Wk@4os#I z@LggMQs~ytHl^EVS0#iHQ))5bIRS`az*e917Y4t$Pa1GFEP?s1S#MyvOQJ!4HAt-> z#VsYLpQ@XdibD{+bVHmy|10i2x0B)ZSDa}d36id*v;a)6vf0mvSYJ`eU1R!JQVIBv z!c`xE>0!ju{bX)e?}qb7S!})^e5EDks8MZ4=kdHslSc0a0Z&Jcd7aMJ!B1%U&F0V6 z_207ZpPU7rj=$*u!?iqJyGe~!Kje~f*yx6CZ=W=;1muI??OpudVz-*F8rZMhLOb8n z>D?xSt$A_3LwD~D>f=kDKj9<#eRdsB#pX330OWibb3yIA9gOiD$4toeJI5PTbe9y$ zs^yKLs+EWxdVksu+1b*Dc|24)v@~6QYK>W>2t0|)@2hn^Y18ReO%>xR)F(e6h)*N8 zInuy-l}UbGm16X+XVvQ2<(KJs_j=9bwxu$NWYOTlO!$n~9JUdgiFqE3}DY39#DM>_tnC`tRhTYSK zHx=exl7)qZY2u$+cdrB@x+r*zkBL7*V8boD$B$pm3f0e zl9@a`g@lY}@s_%2lf_U?1WM@v21-6h)r#5(kP*bSvJT@Mkx_l&;SR=o zdp+q9^8Li&@|xwO&Glq8l9fgg++3v_B+z-=v41K<@ooxLE()9JdA07q=N1@1-4RUh9Jj;3c%hsiKD=A z1ecSg#!o`Q+D*1N$_`Zxb~Fr;l;Mk^-Pw=Xz=s`iH#O3asACoVD{?>8mZ+nfz{OM@kxidh2Tcb5biFD6eV_txG6J3@_qzKxYG zoRVFB`1Uc`#h90 zk<%Z0ba05#-aE^WMDUvfIF9m)|Ki{O1#pL{xwR$MRPo zbX_JbNu3E!P#+*B9AA&bO#`-IKmTBz5Cp{G0-lQ15mN#+=>ZAHARNMUAW}q>M3Eq2 z^hj_f0v!tM2Ne@1STr1EtC(zHs1>zhxc9=jVXp{^KVwMdtbx;<&Gu+U4vZqe`Ge8HLgbV+GG~6F6Hj`rG z@ObOcA#g0dJY63OY|(16wL_}0>&goHDPJ{)xG<63K2<8K9!K{mI~%H|j2bDj4G^a` zzO9cHj;q=kdPB~Jd4W@DJl{* zSlmQx9b$MLpwVm1<$Z|2i*-y-T-jjzY3mwh5>qe=0aqD616yV99@*LKOxpF49i3VQ z9X@MXCS%f4He5WJ-@?ii8X!DeRHq5+$JWs{_*WmcQ3S4s0yp38{)KKoh3m__ z$c%`43UNAv{x+FMq>NX6Y_}n9w(b*ev|Nu_YHvL;iWR&}NT+LKY^07ls|`IJeNKm> z(GvPq>jZ)&V`L0T_+@4|_v-F9Nf$pZRF#N-5txVRafaVItx{U2et8>WI%Ri}5P6g* zTYNL<1yMEFr+lJ!d#-;UE7r`e)g_CrsHo6uI{6~&n%KPF5X7WZ zs-cZd?_#|+azbfPEwHp494VhBDJohJmHFFs(_*F-%x}Lpua6<-m%DbjRQbd2h0Ci8 zP#clFx9*l_dd;xET${bLVy&Jw)wT}BE3ff_`u2}riVe9ijCw8A+Az*`(lt{Lw06Cu z0mviBRg2EwIji2B3RCFilIN{Gxe-G121eEHXURzb{Tx4JHk)}-q9`-BB3Yrdc-~G$ z`qo%KWU}bc4U1UMS1cCFS{r2NbX0c=QlFY%0^Krezsr0GVd=bePBE+J9Nsu`I@8f# znq8<}Yh@9Bx~DZA)wsG?FJ6ujRMG9YJ=C~r*?ISo01ru)0-DKbuck{AMPxe|5FGh3 z_#7DOLuBVYFwj;!x1jye#=4{XR(_LzvZ<2M=cui`nggi!xH=i{5R{*Eg@K-ueZgQT zKU3;MoC?LP&SlALyELiLsWr|1Gm^!22^mQqAzm}sI}>zU1EEaH*8#m{xL#VM$Gf~7 zvNOzAI>N03b{lfe_lP&cIFDMs^d1m)!5T2>9#6BQZ(uNfGAX|sSmuru`9&kk>ED#C z4-mwdQB>yb7M*-=%|ay0>7rUOCKLKZzqD)q-Ej3X#$3*$zlvzSgf_+sqIij_BulAl zb-XCg92*I89K%rIKCQa}KJR_^rFq^Peu9 zvc?z(yRgG5yz0i(^)c}X0gMwCe$O^s&q;2pGarUvmp|g|@`|JURbo?dm;R?0pm)av zz2#*c$fQ$8vgGz`)T@10H4_-SU_&*JGZ8>>^l(w*{a$lY^}=W4k%dWM%>B@@%W(YU z8J|^PA`_jA&v1}B2FRSD2VAhpIBLrof`QUgCsJDpAtqKNO!`exgfE(kcJZvw35LSb z#P;a@CG?Wj;BsB*H(i(0AWl{7}(K8q^bC^L(QwT zw=xt72-$a|ghkMaFl2snChS*>xDW*Y^(!D7kovR2#Vj7V*=+DK)B-${erd#q| zk$hVUJKWhqvheT>DL^=x5Wd)Fx2ql_!mH!Uw3{c?=HX9zB=;O$kN3pR?dR{JNT0M^ z8TqlpP;pLOXV6+b-_&-T4rbPxjH+$5nyt+6#j&5_X*McQJ<7tDxgPp zU1msi5K^R1kTq@_tP8tM0{5HYP^DUL-b)-o?pa?l&2Z!nC2ihtJV!H;mX=2x zmQ^@CSWuRv8DB2lF3RnqXD_%oVMTZ^-%@EPPbN*rlwy>jw}?crP-Q`*3R;#D!kqaW zE0`212I_&WMCGDk^*qFXq;drrarUR~#J`80(_4gc`VZ~-90e-=SbdLnU=gfDBJA*+ z$=X6|1-8mB;HqjRI=r{pn}9PgvMC6TlKNG#QllwXY!!f`xi_5F?bDmVh7EsH7yo#=vEvqL);xpnBlkwca|wS=?1>xYSzbV$+6%!0IQp3 zBZy)eEK*EVSUOH@tTXvQ_{kF6WtIT0AxEb^%$m{x_1lZFAN9Lv;+^Fyz6BU8RRk2j zBkNbQs_6OaxzoGx{9S>jC)?U2d?+dnNxe>IuD5zu21lPYMa_%$Q$Qq_Ew(e3GE57Y zNrFP)4l3laB}uV6#zSKjzpMK({U{ffbtyW&uy6ajh4-WaXghZ6tP&Jp*m54}9H(Dr62F zz|vkj?uWkPyGT@vNxOAOVi$XHToJu$K~M*{c-$~I(l-H(q?!ap`k-0(evE0qRccQ( z#|aoR;GiVEx%;!K_2e5#b-U$^G-6;S_Zvn;m0n>{FDiyueAUMD7* z_qX1nyUB}t$C}UL+F=KF*s|RAC#_FbOg^1WR|jmz@gAts(i3;BSYH==idTqet5eSu zZ0mHGjEs#IL7>_m5BLYc?g4y@-COTFL4{pJqxn&CxOj+@QNnGa#^yU7$S;LD-a~;V z?MXSE)*gY!*0-jpsLtq8tR1n&Q5zi*nMEctsUI_kj!b-IMKg&>`j_q=datP#uD9R1 zqk?^7vv~}-L=GSjd7hY5)XClUFO81kaR|n635}v~7usS_LC8PBLcK#@?vYXsM98Rq zsYZ3sIKcszc$qa^Mj$@y89QwLd_i}n$2+oO^G_9SjeXX(TZ*)5mLQHUR#^Fb6{J|- z$Lw*v-Q^_94C7=kq%-8_1zF;;6Vt0MWfl6oY_W=}VT|Q;-$%{?(rGd9I37Y+vW<<( z8=FfvJYenEVZI;3mB=GfH>P-L*{mJ-D1RFPZFyQMbUvgAt1KEz39)#u=JF@9dHBHL zAItPxcp)4gSPTZn0o0_9l`iA4#>U1(HKbbVJv?^WdWm~k0E%>ks17xgMrlqpCGU4$ z!X_yLi>WEnksG5_fNV44E~V23h9<<-WLSY;yogxnNh9>okT>qzg1q+9v&4(1=i~(0q+H4?BPQqnCNljEPsEI%IuxG z8-n51PiA>nT2HoB*U@fzt7}SLe;g3Bt|y5{b^0% z4!z#@4(({(Zs;5r)vBw|%uV3&i+(+Y;L^ZXqce{J$^jt+WqjP|$9&h%q(=%kIJDhRxoLF0no3;~+nI zCf}O3&)#t#Pix*qq@}1r8wm;^joYL+7WklIrBRgr$z$6Ohv0OUKLx&^0LU&oN3P1R zmalag?Iy(G2W6Su)F{DszkCWeEl_MMX2_evhp!>QzVi zXyY>i2iKRh7g@!S5*>MA8>k10)uTn3JPyAPH72f~o~SV^+q_Vo8dnu#@Icwwb93J6 zgPn|BEeg;*e{d+f1a2%EwKgrce%1rx1420T;q=&+!&565fs&KLF>pYcnt$`yHh=eo z7tZ3V9q@bA;l;oO-JwWhU{($5+18U28m4)=^Pb6#PxQU^)t? z1ahn&@aO;_q#k#j_M${)vKY~Le+zrd;98R8w)|l`O^%u=ybFsJb!?h7t-|_YVr8&< zlsAz!xg^);Dcf3Og@st{Wr8;Q{8o1;lUy7i^B5j%v_YBk^ye_r-y6)7mF{yh{EU&O zlm46c)Pd`7?(O>vQdpz#!^1do5r#*3WVx@x05wN(GeW@Agc~bh<6ZggHKAt_@d-Yib%+5v&#T;}QC5sZB+Ao&muSvNP z9#-7cW3Ioy0?a3E;aiHKEsxWL^neH2;{LgME9Cqo7^_fsqSl8RlXw0%nb~m|LEX_Q zt6EA)AhBMI^y0FQ*<^D!qyN59q=rG4mtt|@DuT=iHGJJ8JBR~W_LMbH0V zJ!#bGmq-ALS#)`DGs(&gXJeTV2}elihG%~qMSpAh=861Udy1hM)-hxJ`E&vH8P)S} z4TO`ca8JV8eUSkWG)1a2szvIzR4q50AWt|SlK0r_#6S%fC+}qydH^jbfj012?oqr3 zF8$l-L#713nm(Qt9^YpVp|`pUEK=SKMw12;S3?gkPW>iw0)?K)*f%Dv)R2H@g1JBlY74dVlE{mmgyFeMQGJK6xKMtzwM6R{kU@>S)xIaTRhttS;w0 zQx7&@q%74ZWn?Z?yOvfsdn1SRv+6YbDIwaM$g~qJ)Z7ogYYZCjLKfZ$U99cw%M;IMiNWl1?v-=srXDhQ-ON*h+nD}SBg9XAskVGiE*K)oijUBahL|~QnG-|nqI3* z846|ItArpf9%3f1zN!0coV^7|x0y;1=#fdM^wG=XDpLaZJ3rd0(5(CvV|8W5*xsm? zCRU}8C&Yz+J`_bZWXnOxJULun0qc4~2o=jEyWHAwIhdAE;&)%>MlGkm)EqTH3gUSm z5$lrGIJJ$=MxS?j|C`o*B5@LfdxI|q_~-QSDBOIbKMiNQ2cCSqk!|-{ z%CcMFP#%YJLL3_foY)*uaA9IWyw{Kan4PGQpskYcNregT;d{gzZjux?!zy?gBx{&; z7y$Kq{G_fC+kG-JbxOFowAFGnZk2WPK=9H3k4DmWH<)8KTXdNvgFNY)qHU4&VvcxG z>(`W6p9gT^-vY`dhIzQjY;kZNLP4>s>%z}f{Pn6sQPJ-s=m|en)Oqj|+-Lj@*M^ZD z(6@aqZ}etj0uGt>dSP)sNo7uMTNRhQIrn_sTs zcmG9Em*W>)zVGgBTiZ^xFXR=lF}xH{?6OnU;o=Q$PgVNovj*5b!mha`bOjiQORA6o z))RM!VK%6$$4rQy6fXX*{$0{tx|5}-N<<^~1Zo*IeInQnv6C%s#VCC1`?#Zc`P86d z_ex2E*Mg&UeI7V}?z?z!BIg?`qM6I4Z)5lgu>V+t_dKe~?cUDafxZe-!=K+gpSk%- zv*+|RO2mr>J8ERKSgK1D$~_sR92^~AsyU7@??6gv8YQzkke2cCZMVYa z@FG2ue01^zS=0up?1oqZ=~7Iwk-jw%I>c<~y>tbon7&4fX4oIla+0Z)?9mh^XD<}f61^sG#2hbA3Nr6? zeR7_h^+O?4FWc3&?ABF%lwGO)(QbYXp{{qf|FF)r7)1h7=lSlE93`PA(L|QeTtl-k zLcvy`z2WtB^H;XbxrM0NHC;H8qgR(npWTQf!&Kgh;W2A+90M+X0i?vfwYP?*v{CZ? z_HoG~;pu@bhd3@-Zb*x*^=qreHaaq(+}oA4QU^bkK>18E)a17qkz);BB*M>-| z=-nec;P(Y*A_GR_6wCCp!O9g6o|Krv@hcwKpR?pz8C8g;>=Hm!C`IWn( zLojJqk@`i}0P}s6k|dSyNOJvsb5X~AFE-wz_K=(B=PniN%lBLs2<6AdtG;?pC>bKg zgAxp>x_BXMzqe-2pS*4V9R1X9Q6A7*sFBizM6K(rv!nWqjk30MsDH)`JN-Mm1h=fK zTk^3uwvdW_q&9X7t5b}*@J3{n+wEz-Y?KXv;(T*kKaqbC+k`mpzI8%+HoG95#CA2I znlA7p$&?T`uGA+UO;yz8ln=vKEnns-RAh+!5$AkW?

3``(#ZtfYXfi0Nm{D@`i zOSTH{6em0vb80L>+a@;Lki+XVLMk`XMQMBDok#c|mO*a#mm_q6?^S&nn4HpPJO_V{PVDfb_;4xU2M{wu zq^$1oU>`B7Sdb2i?m;oUoZjV?vqS?T`N2px$M*Dh8gJBBC{_78TJ-J zOvQim5?GBnHJ^_;cz?J4qik?!Uc7#&{R=JPHP0|4G1|RJWCx8bUxNo?`Y2Io!3yd! zjgG*E=c2?P@D&jXT*&6ORoD~06k*4?va3?x(b;$`j|*2iHHY6j2K+%l^KP)KlEQe! z7eYYcf&jRiaJU}{(N=D1?ff;bK7P(zQ*#l*xknH+ri56)UF7&o24em0CF%WAwR5xo zXe!Qpy&;^CSJb6M{*zGtTWPPspBr~o-0+Y0JvxVijN5njtQhMHx(NVH+_1UG&~H{R zG6kZz`eKDz^;8370UAKet*<9xiGB&cPoxrCb|?VlM!z^zql5bbl~ls|C@;E$cYJ{b zTE@4W)zeOgSaK@~Ka8!Ffe3!rm8MBCppV%o0CDNe03lBFtwI;BAQMo5lrvA$kW&)F zdJw}a)u;{b&;b@TSd5A4@%YgxZ2r1&0JtjRmRm3J*Pn$j@+-W(2_~L6QyX|+3uZ=Y z`^0T}q2>H8Y{NVxeeAiU0{wB?d&K@jZ(*DFX!7Pe&H6quH0rx*G>G@eyKYObfYF4U z@ViQJ9h1?>b*hf;CYU^6Z6yzHM#4?cIVm^FT$eHKlx>}NaQoDGGdBi_F)+0|_=JB}11CvQo z#=e6oA_2BYR(WMbRZAZ!!q+X{C*VLGcShFzIU^PI>pHX+OatEF`}U?S2j`muIV9Q{ zL2wowYkN6*WaKld*mw#eewl)k?g#b@>6866GA!-~2Yd1>o5LzgWvHq#Oetojc|HMK z0DxM^)XZ7t?HAxkwr+?lU&x}z>rBZL0;_Pd)v^iy6651XO!vJvYla7h5b_;YX{_@8 zLkzjOFqgRy-oYqNC^7Ai34@D?>!vfEdf&oxBUzl}ti|-CUU?B)M|-MY>_^+JU4EZ& z!g6L?PFEH6AA+e;bk<3e`x!yzy2-EY(<1*(1x$4rG9YXlrW6^7(#jF^Vb=l^#kgbR z8m?zRTc0*x4$k425v-$@P8Oz8%YQ>(jxqgrPV-^K0?lAoX zs4s-DB~sWkVO;%#b-3OY?!3IEe?>eP4Z{3}M~~zG1@(5JUuQFS1>4jPJq~GNj+I2J z@^E;PjaGU9F~yV7HYK#-YasZmX2omT$Hgr68^kPM^hUkbZe3vbFc6Vl;UdT1@R-$q zf8XDH5#FAx=S(96pgkO`HY$+9#jWzfOY<)86n}$=eg3tmAG=VW_#Dwu$@|b|9x~$tw4J{ z*<`v(5J}|qaV1Eph_)Q%{^uqCuRGGh!CCm}X0rQS5GL9Ijm|P>H)&r<_Y9Uvq@<&i zL6kX8OwWmoNjZk@=U+9u7gWt#LArJBGBn#qjQs|?y2;d7k?v&3J(5&&BC=(e(fNic zJg(CKfqE4IJRAi|j{cBN_;M-NoiC}2$@1lsXtDFGzBOCo@9% zJUsFJq<=OZ%@?)@(K}I`UjBM=zd7&&BUL_V$ni;x)n-gR@(#?>Tpi%*TlN1f+8pJZ0fb zx?$kn_&qOZ;d{ywSnm?Wts_PAdoP^7(r?(fvE;UUiX4(i$sUL3ljqZ0ODgq^Gb)CG zTw&jwVZ!%YylxJX7{gHsQ66h{aql>h)msrN>ktF&G6wZMrED&nU8ZW}{tkieX0C=I z>DQwFsP^9d1gTi1#wQ3U8R7Z0<&ov}q*vU-Wwu$nz%E_>uJDH4Ga1y6@_dB#>Zoue$9J#c{7v|jLJR9o$fl)Lq#zpKWRcXpt zuWRwtaBS%;;qzrSXIxexb_;zRD=a zfNF~`s^My5m6-YPUq#nB-bjOe*kYoG&~!rHE#dpbfPRI0m#M)`ql?7}j9i7{;yewp z_2v&L4<_wjFu;U`2**^#%LJ74N13iIz(1lF%Smx);s@!?l$4G(6~e+Sz40R|^Tm{i zXg9c!V~7&B{zdh9fG9~$wdpP5ACIv8gyRbOx?N(h+)ck6;K?1SR?QM+Cw_u7Xo?c#~z!iz+aqRluV z`sKMzTN3%gR_)!iok%0JSo+r}`~YvKjE!+8(vd|l-?mF=6!|-Ur5w`61Y-mOHtmlw z)O3A>O<*f6p2A0Y*9l9rxremlLv->_t6K_WXw~WB@ev}P4z&n;9*>Wi7Brc(bF%(4 zfwhOHlL1jUA3_}3FJX062cx1h9_;w$x%Mz*P^A9s`bOcHZRO6MQ802FGJMg&ZF7OU z$%mrkPTB5p)Oy__{|;(Hki$NDH~i#BIVJ8WGZ0>=K* zJlrt<)m*(KezEKG5tKlkE{v4k$VIRPg&m&a6R;Y(H(0sU;b}y~`lS|J6TuxE)(#t) zaYBfo2S;JZ-smyvthKVbdqOIWMaI4>m_#vl7yk>FMig7}c`fc<3vfWpN@!>^h<3S8mi zLK>J`pd(_se`?(QnVNCjC_p|b(R)(7yAI(w{|flNrvsN!c^386rq^H`?K3@;of|Pb z60g^r1t1m!mD}B9kXy)oKEa@u&_6qe%70|gFe7)hJF#pesFZOX;`^H}V(jIWX~ns9 zB1h3>h%UYK06n!)dAMf&Q8((^4k2;+kktk+>yrSZ=$$ANZohyg1XF-(( zaUwm+A{ozZ8iN{L^8a1XetND)*ksklnR0Pt>gC*wCsIa&&0`GGu8c^(x#(sPErT(^ zO~C~i3h84fhJAzNx2V50r7x;K-IAu0ddkz8KL~PQHwu|+ zm+dyMsn5k#w^g6q^MHm3Du1bKgZdPkp0Q=?da~C;FzTJkF>sl#{ z2|qs)Kh}HY0*9IO8E*F?u;Z{a0z&`hIZfkOJPUwCr&F(W4C#CLt^)e z?0y=agpAX)M$}I(0~XD{;hUQNAp>>MPH3h*sZu!pmR4k?No$oB9msabONhzwT*WS_ zVa_5j&hj1v0FKj4CN1k-h`BSR>$#~jSyANGEz$iR5FX$k(l0?#*FV$`)>9=jtwR@b z*oRCXYV=z(hUzCfxlT#z6DM!%ZwRTd>I~=FNTktA-Vi=C8TX~Q=9SHQ1W4m;H>7vp zW(6;Kb@UZx7QOUe6%?1wO8yc~{d#OryPK=1CO7T3P7Xj=s;Pa1 zk`rzh8$aQ>H5}a)>k0<4YCcMYmvd=CYp#@a|5}PeJ&*klO&xBbB%lD4L&} z4~X??vF+z2H{-v6UzOu;#IuJtLAbKWEj5)WR}&^5rG|axL4HZ-V>yH1+^Hiqk)u?DkL4 zY$t{jyU~&Dq*F$}BL1UBx206>2h9UukE*KI1O92yeiaL!D528cx&OgTDUUjL){zi%#75uVd zLvRZOcXtWAlY5`4@1EzL^VM7RR_&^(siK&@*4o{>`@gz>%fp>&tz9m1$y=Y#yEyrZ z6l-|)T#kyiH~@hN=e8*Y^wIhm$mdujl-S^W#c5+{utV>ubyAZ+9K)Efx(e zPIELWz%Xfh0&a&sH|E;d{G6}{NR4Q%&vUH6)$wN$tX5hX)vH^rtw`S(M)Ized5EOy zY$&!<$@vqorZOm_l8G6b&S5*yU6jrGyH7c{i$W#&x{+^%ybE5G0Y?wBfP^v+jM6$9 zYw2Bmpf(u0nvy~_%;v6yRaw@z#|(eB=I)8qk7A!Yh$guE^{&ZwMz{w_3djEzQY8TV zKFo~HlMIZQhukv3f*Wz^X>+=yp~qg2U7Zx>Xu6;y`X;m@&gs{4jZ#d@h$Z(>ne*FI z-q3NsoN9aHLTLVH)C2tG8Tq{S$9LO!i)oV#w_K=SB-m6X1X+^ z4=Ve|YSAxxY)z&Pm}$$(_R_EYTpFLt)jL#KE>1;@Tq?d-w{in*l42LF&KCHS;k5Y%re-$|%C%HtdU!h}ZX}Qu$8}U7XK9z0WR}v#;v@sBBlP>TA>WK>hV%I!7d* z2(B{?`YrgCh`iwR8WC>9oRfS&{}rW)xOP$-2t)3G+< zXqIhVDEjGnK4|DJaf>P;k$cjxS#fY%!B{$(!_X$KhnWJNXwQ*SE{kK$Zj9ha-3&Ql zeG6E1#yFswDZys{vMn=VM?iKVl4llxk_(jQuGFEh;B*aIC$NORfVkkupJ9&h*Z790 zva9)f?-HN3+F?NVhlOkUzfR+5lc5zTN0 zt5Up?J%5|$q|erzuI}?VF?#K+2Hi%f@6=0h);aKrAc7N8Orkl+MLQ4uNB-Mg^;wST zN_jOBG~N_-fCr9B-d=j=-SIA9tXajacA`8y2cU%typdwp3*dCsAGJS3JfYH~!r^^C zFZwlKtkI|exKBYBhka0t`2Dv0xE=fg3J%I?1`3wwF`%if|Y~4Nv#ZpTu5w!3T-QCNJ10CxKnNh#HwON{jsQ{$24wC5ibkN61 z2^@6G>EVk;ydT72auxd}v^7+H5QimUH2NsL3B_MCDay`7wUsC^EQu?!DD}kT?K}Xf zTwgHbhgG8v=VTmWY&h4xL@;&^h0G801jKmvugU#j5m z$V@=PZjM@^jQPcer5~^7O?O#U)W9aW^rRNlj~%gC6+grdR~sL5P#< zY?b@!AtNQ6A?YDHWRxlj7xrVmw%39hc~yT4lBE#(4Ou?UP&T7zwp%5_^Kv`W%%`+r zCkuepgjK50{Fk_u$z%35LoEnTl^oHIiZ}BQzuxGP!O-_Anzej?haF?cRev?XaU>lx z#9eC#P!w6bTd0`sUgw)}<58iNWA~Hie zKUQYfQzsV2faDG$hU~C-t^sCj<%javA;}~S8n<2IabI$rs3AB2lJfCQD*Fx{JxS_~ za>oayZ;_~UWW=)Of;=^@TP~SC{M(Bej0An?m~EDzr7$E^K?DwKw0CR)f9QERm&cwc z5{W!RVxf$uCWsGn`?n7xtA-*+(GZXBSS`+B*~@WTRlFIq#UErT?Ke9=D>>I1vPDkZ zghe8HUqcV{jtKnawfV3S~Vt+_626205BsIz?&@1LVxTM8mX6+J*ew;GJ}OK(_Mu)Tw4?s zv^ys=itNhWb_?S6GK7Fc*M=FClBYO;u`@XP?E$(lqY34XaYcS(ER!Tpn#!^WmShX9 zy&>Yk+jEGAx*%x!vwhx@MCLcNjw4yG&QX|}6TU?;XgcrLr!R7VPM^+x%iWi(-@C2f zOuen{MT+9icjDM+wXQFmNgx^!JC?qxe4fo6h|%&v5*B-gPtf3IW5LUIMFLF* zgX+AIG-N3RN^S=PNU=mv39$SM?lAfj69MB;w30Sg`;&v`7v!<;8X-C_}~ zOF5DFU686^# z{gQBPoV224+m2O{&e?)OI%Vn-@aDwYWJru7p_tnfm&U9Ug3HN6=JM|3!Mc04!$WN} z$`8iwZ${d5{*f0Lm}u;d886D0WY!C^Jr->bedq}|F(U~Vad4}l<~SCx7SSw>^@%U< zBhrCVQyJ@yaa9!x1bS{g%y9I5TZnXnDH`~|jRVyG@tulvSfi0o7qK6ZdJ2>tZx-Z$ zz8N?ZuBAd1>FKG-mw(4riZcB5^FI3yN#_!7&{SXVkPwwH8DNJG-WqEfJ&ycbi4{NC zh06GFjLB4*+Z}wU<2fb=l;CG2%ez>L>Yr*;R3uj5b`7!HoBV;ke`HI!6@(pvo89N` z`?5Ptys>B(lmHbLV(apmxqa&HGnQ%l#iHOlQva3(lT9lQ-Id z<%p4zj9VTEwHoC!7vJv>XNUH67mah9f`6c5UzU{XqCc^ zklrsC0A^^z;A!8%_Gd6^L`5drCIO8vb|tb_bivlmJIagkU?Wiz3Nr3;nA5gCoA_#` z4EM)Ex78PKDF1kQG97S4Zl3BG9DU>`*r)h1zIpfUr(V-Z=!{_t*Y6G6C=g>QQ~ylP)n@EBE{+D$vICn zA{1MUmu-a?RI`wk&Ll^i)&m^Hd3ZESc-xW{xWWKoZ#)X#23`;la2s&7O2>bs5AO~N ze$$bTv!*WI{t>rU5}BXk-fqv^EqCMFWZ8e9n7SXrAyenq^s$$JJ+_acKAKvsvA!lz zquD4GKHz3M0q36ZX6%&*3cV}C%8NF&L^I;`58w>igwv;nn6;^Zv@glR%bP<`5pgbJ zZ*`n2%SgO}nHMD;FHj2fr2^Ulpvi|;CoRTflj`tsrm2u@HS4369nSnsRb;Di53>qJ zD1YH#n8qgpni1!OnG>!!5~AQBK=n)9NU=6JKV0cH8w<*QRSx!@0SLY4c{qG#|4JH7 zSZTA5kBxvgtK5H@S!0iB$aiqqNyKTM>cSSzabA9GmJZjci~EbY7RZk(cV6cR(%`n% z(!uBT<)ECvVLbpjEcvIu_FZeKx0cua8ZQw#LPp|;Ls<+z$1iVwPh*AJt}0%<%Uzd7 zxEMCLUAY=&+#=}CYXbiVVc}Q1I7IjEP7ft&7kuTxx8$@Dwz6u!NH^N`Bu9oGyng*X zMz(4EIFbUt?>R}>oNtr)dN(+Jx2FtobQ1VozmZjyaw#o3rkOu2{&un!4U#acp0Z8- zM7l&e1|}IOg!7|9?Oq8K8k4Gpy5JcTO$kJ_6-WygJ0li0v0z~VL~L$Z8rq#wqr0zQ4FJ4 z>?inlrpl$hlEMW=h&Gpvja{2#bb<5{nfIF#aN6h)Q#S(^tA)8#1vPtN!4u=8gZ)FyR{R?fnScwjvZzH3|@Pcg@9?UbAMVyuleZ|Sy4bc zHusTpevU_#1S`pg_6+mW;yDxZqagaF;L&~P8zX=*aG@|Jz24Vv-cf&#qJqQN6yE*o zmOMyEMraau(>EpK3r~T_h4Y=1*~5lUzO-0V^}ZS1nKIJNPL`)!!MDl)*v)mc9(<2SoGT)d-ADZ2ler)oD5>BAvQAh%9@lLT6#F|tbEj!Yh)&&U;CY7PFO>|#iMAO;KwyJz!BYAY{( zgNoZAT`~~uScv3u`J);U^DBmcI#G-Wb#9&shCGP+lOjm5Ar>*)nKrC(?%Vjfobx3#qvjX_^xGdy38#zzMko{VO6$v5Ej1xDziAX-#mu1_j4QK`bea+P3 z=}S1#KQsRRAo3uvxjf_wuNI)9hBuWCMqnxxxg;286W=O67S4Py@j^!L_uwuV_!v6FvAbGei?)>Gr~|jA zIGEjhm&^$w>qvoYY`lS~xx?3tM)2GT_o-PSzfFjGDa+zf;!-2)tA$hM>R>8M2%+aG zQ))q2+z&N+(S|)EP9*Ga5l6&7|1{jQMZ+XclSWqj50CkukJg{n84~~F72b{=QJf5x z6Pm--6olV>rkWSj#B7iX#GQ`z3D`zW6)l)g$qbcFpc?~y83&^Vo7A`m8)D?yZ1*VR z@G+u(H>WPvIhmyOV3q!Wq_Ni0%apg`nkkdT!+$4CA`0^y^>psB7JBO&-< z0GdY1V!@i0r#%e=NVpKBvDk%nm=uP>pnT{}LFTB``V%EPq~8%$Uvb|RlpkoEeDfCb z|Hm=B1^p5h5`vTJD&&)W z?V@UU%4qcL@9ZJU_Eg*-^>KxT#F9jlM@mxW+92ftD$L*sNIw@5f1$D;4&_K6lT{MR z?m3Dg{>Y8Uj_6Dk3qj?mqt!KOCDeT$-UWpsdOwq9-Wu`D?AsmWdbJK{`QG zSNSJ?K07t!tEP@8by#BLR9hTdl&NdKlIfw-^>gtwwzYekMkz!Q0Y4JuHS`w zIf9eifP|&mp&-Lns#+O1PoLIo)dWxM6`oLJcrk|l8-+U1<5O~AACQmpnBD2jgj5>fB39-dH3>!uU)CY~itIx>xa9f(SoAoZzf6eitni-{DjO9wk7OK_MOz6iJ!h8U7n6$SUeo9N%}QW{97cX4WC#e@4^ zf{Io6n*zl^^c=FnAwC9?-#~$NinE&gh3&^& zl4+Ez*Z72@^S)z@z`_iU!~TA6+Hdy#&*aGvFae6-%OhntCcS^K@cSeN4YUI^7g;ph z{zK>Bd)%qlPhT+rj2sL^Z7yfyHi_n}rn#DPBTFy_N)9ZIHtRdJbH`{D0`8A7!2}*Q zLcXG)mnQ=1l9K!9^pap9D}^%yZE#y5DLr~ZeBf8U(Ccfb)tRHl<0GHj8&@uuXPEc= zx3S3l+g32tNfm2px?0$f)+=HLlfDg$8RHOTglQH4>`i+CZuRE+ z7otWwb#RhcS7-5Xg`?Q87e{jNdRV@Lc>N->@69~uchyKs?jS8Piurb=+Uo@gR5U@0 zPE`LxpV+K@ysRGqqVD-PND^ zQVBp~$E-)?fBm?)oqE~|#7VGWNY2z)#x}d$N^up)0$TKuxj7Hbv@q<^`ZX&Ledk=y z4lP@*e*;f3SnD%`<#oTbuI8*qxO&XMVL9v(qw|P3|B)+sgk)EB^=H-mL+l zqKXphXFgG0 zmc)6{!lU8k2pIQdczB4C0i+Y+XgiPbiri8dG2~=JSSB@*V?$$y+z#WK$ z|R2ExV>7{wk zZFei;cUsSEu{nu=vY%d14mw^m8xlbyoG|_siz=+ZJ}|!EI`J~hoU!uriXmwmV_m`_ zT(Ot@AT%I5kMTZMJ#SA})D363-YR%nn4mDf@YfKe<_jR;O}O01Vj-CXkwj_d%X`(7 zO;SXe#shy*>y!qP;;B_=Fyg+UNBPCvfKo6k8Bd;*fXun;Mk`6O zb?_})lyd%)3hic!-%xH`2V7?$6gg3fE7G@G6;kAEXpCJc z`(|5yl7OgfTfu|$zJZ$KwKig6ug3y+b1jYzs6-l7rhKY7KM0CG)B!Fo>S5)|3!!i4T1)5NsR&apFS8AMv-8q|aSTTQWTKUL6{Ae59T?C-j1g zh3(MiB%BL&=NpE{%hP@4zvb)i5&u!|rYOW}DEro~x`=y+3JyYR`^mWL;es1K_DZWI z`l|zX0f%(`zg`xdW{H~caZ3)WL72TqCjjOg6?pVVf-Lc>PwA^Ehl4(X1U(^^z#>Nr zzz7EX_X$6C^1vnbw?-w%zUx_`4C@(aAY&*c;SU>Ow7oA2Ywkkg8YcSpnKIHrFc|rz z5{lKNp_^}*#=88oBaCG(B%gwjysVB3)&^HDyFU(;<(qvx|eHSH_gxbsSX;5V4 zq}Gwnub31~^Lw#FbrX11MVBa*mfK_OH`nVi>y$EZQo96h*4t-v$y~c4SiniJv91KJ zoNm0FJM>#69u^ka#oEu~mhALjDV{bRx}}$Rs*B@{Z&_&kPIj(HENM~L19wp+^93|_ zCv^DEGtMu{6UI~T3NZ4Pr|tr4Vf3U)OosSIe0BJ>X|`z!t&g6EaEW~_dW>2LyhX>f zejm0K>@PnI>Cj+Rn6juV`FVaVg0fvqiMo)NE2*teFC%H#tZFq@A-PS~NTW=WR(Ty6#;i@8BBM=W>63J@7!5iD`yJLmbS6VpF}7>y)^WY?>qk#w8?{GAgi?X>WV_Hx6=TT!&h_x11}vwFW%4U_IAc!5E@knU4b|7@#*a$<(3iHBARqWE zV2iS6$4Nhb47DNtN5xi^PS4qN~*OB|Nb9`@gP!-0YKC zIz$GU^p5o=e<^D1aB!+5PF zt#T;I+8W-+X&QVrQJ61L_R^q+7pFcqy{A6oSxaLhF1=%>LJz?KvS}^vU~lNU@6nk{ z`KixPj-E(+?F9kRQ$-Yr?4vswHV;Mh&4n0|JRgDGI+NF3#MXzET2N84B$r zA;HCq3tvY)hKn!rt-Ndx=1-Q3bpk<-W4iuEsFDmc_kDyV)N0Aaa0#JAH)GiWWAkB? z;M_Dub9T9S;*w|-yf7K7MDyg-aHRIOS_M7>6dzZS$g}iFU!rv?FST7wQQ^ay^21)v zq`eK>GwkmNqY0i8gFE8fOa-qma1={rnR_^trOg~ONg9bE%UGpKC8bGA>QIV%)tH#r z=}W#m;umGMNhFZdcD_}$jer$2&?s~?Y1q9VYNZ*LceJIGU(KeiCI#EF>la**^|~fh z+wI4o8_v0QpT28*h<_*6*fjTCaKlEvx64740=M5y+p*x2x8HRr1 zox4OOw+c+6YR<_-D}=WwtJQiruR^1etoc(_LBU9~lvirhF2Y213oU!zS$$GTE2rU- z*`cJIk&ecHB0!s@Vo#HlOIWi;tI3LJt(?cN*k7)U>stk}S{3`5g%RMcjzwN^PkfEs zdRm3vdco)ZqR8^*WuLj?iT{%cE5oaOVqE%i=kLpF*YWaUd@)^fBZK+^sG7pN>($Yj zxDMlp(AiQ`ADgvW*|j4{OtfTb6xY3k9`FBNaFRa@?pUiC?~3u>Zr>1JQ5|4iOmmYl ztnQ?N?qr?{m8~wCe9MDx2r!s39qc(qlhMBB-L*O=q5g&bgK9llBQ&QY)K$;)KD&%7$K9$#kgf>gGpqTpwSnZ8Q~ugUkPD)#`uXd2RYxXxEP z%%-O*&R6M8HUW(+RT_8b;nGt1?6YA3K&t#J)Jz%P269{7ZS@D3ZSrPB$3zAx_gw9O=-~Qd zbJ_)}gPuC5zP)U39W0-XJi;I8}7C-P-U9!_>}Ul-E5J6+NmdxjHmZD*K-Tv*W%fJ(wyb^uAYQ7?A?k z8096_<`u*$1)2S}8~R>ftFTgjbL|IACg8w5p!$9RTlgzO4wvg&01RIKf#h!`_mluN zwXXnfb(k1d^q6ax4Ug2}<|Y&3O5HZ1grW}r+i8|^Qj{7rUrQR48+!o~)}z(wq>7S( zR<RzT%1UPY-H^>0gko4IAc9!6d2zalt`G5q2}x$>i%*Oksl}?=wv~lyi9$ z^YxPUk)=F3MgMd_DWj@x%=tJa2iIjOm$z58ImB=*QwNr+7l}L;p>zLA&T~3MV)s1mt&zV415-&N`0}~4y)5# zE)f0xG|wO)Mvn$IVCX8in!XEzHymn8YA6Hn&^jhdm;Qrluu+=#8<@Q{-rr>X%TH?~ zgI*vq!%0RoMiHW6*Jbx9?U%`v0t#0kTVlJ;VVrmMtuKXp8ASQ4hsNEuOmXiVZFU-A-4(O-6nQ~(fiFdR@op! z74u%=@hr>T&!?4;oeby4@jHROJ%p}-AeOTlwYzXuEQsx6d)MJqb>8?uIN$5(5AeJ6 z_aE+l`iQtq6pt7s-u5yOQ7K)Vt5=c!_sRjQkok)CPdyi^_6Gp>e2`V z@05-;t-VeGsfZU#joCrNqBqPIo{b#bcYQi3=8 zkhCo3GmA>t3kipiu8if3BX-e9z~<)Cr(dyk%ccMXCp+P4Bo+>r_mo9xODT9vhVQ-s zl}J3=<9nWm(9IS}pvgk?!ne1>&+SC~Xe>FNX~IYLA{H6p24a zjIXH=oFR`ist$}>?0CnLtdRDFU0tK}0V)rkoo;8_UEjZfoWG&M+k>fCU3eLaKYj0wr@TT~);#ny^*G}~+1J;*6VW*$vrf-!U>@Wz+|4yfLo%-|=3isVy=|5X zAsRLhJg72(#x0HEShL)aqe{ zhf6^;<`0gQL!VP1Zveusm*5bh%s`R+APwcJ8;=OkY4OL|QZDZzEy*uoDt`B2s(w2`bJ>(qOfsXp<3`sd>)@b6{+lybmbI)4`*(ggXHV$vT`DRh zha5CiltX+2tE=neT>B%{`DIZ;vs>ou$I6%77Y|ZDelJe!+<`5Yj~i}u1s#8shB%Am zOI@+b9auu?`e=6`nP$4g!(D^NQt!ywIv$RFiUN&Y>L;UAQayvmuK8qN0)&h=tnc{g z>a-H$Fx}1kMndAcOePDB?=32yT)4lKoO75FE4kHvH?T4Y*ch=O^Tgm_EjcCcH03_h8sk%~lg zC3$eOi!$?V@5mf;)7+t81yrQ=56u+z3;lsO{091g@krXDS6pg=wk^dZ}iTf{Vaxv zSM^<v3@;|hlPF6kHd8@sr}IW@L{XM_;^*f;S1>*|yJ0>x|tZnH5n%7RH- zJwK3()FTK~CeJf#oi)OKnX4lm$Vf3>&g6eVi8sdDj8qBY+N>UaSBo@P3q0=6?( z<3ge33c0{6&mdSJ($?;PVp~L_MF+Nsl-&v=fuQ2n->LuYf-@C++~5u z#@G4o1XGRy(x_3IGBB4*_BAV(E%JA2mC(1TarYNFbTfzLxs)}5Swst@kZM0$SA+XO zw5iR}05vG>U_$-Dx;+kB1m!rXfz{17Ht7iwrpZqVn%ZXDx$Bu>WxOlQHF{Y793iOb z+A8SPyTsA07V1GX0+}-$kI_%|b-?$QTFlt+vw=e1UcU7^Zif+7(&r=lX*rvX|NR>B z1wdhh!n@&^IO#Ke@!Wlle!_Z0p-Q3=@r2XOC!y7VVtM4~nfr;CLem>FkFj~&6dntX zr~O1FS3lxla1e?`k+@_bAMGNU^jSN53zS^clvkWTJ0>BMWHHG8O*0n+4L=nt*!Ap9 zI^dNQf%s0+?g?QdIW?s5>-*-45Cm6Akdegln{N#y6mLW_dHU+r*4Zk)b4It8LRCdA zX`N3W*>2tbSePq$+8IA4gu1!-{R202`9p>I5AFXR$`b`7%YotNR1Tx6=&!1z>Ip@5 zh&zMtvA&X!u7TrASf^(^hq^pVgg;oJZPw9i4%~oGI>A0*)j*2mk zyT<&&r4-ctk)u|PmuE@IXFBIX!(|Oz90xGonhx1;9fHqbp0(1!KK0j!h)-_9Hf%DI zJ<6sWJ->QqM2VJ1{lU$pU~II#!E=yMy0#^q6WzoLV`b)bN*Jj3sSp-F1k_5 zHfD;Gk&bH71>-xPk8akySk||rtGxy#bWXoQp|zXaEus0En%@ZSa&O#y?WT8*(d{}; zP72Z;7ZD?Ju}EuIn@&OxjSu;6-~Vs%?>+$~M@Z&8pjtDk0bt*g=f%h6OX=Xn;y9Je zXg$v1W<6{&pUY1&7Y2AFiT+`fwWvI0FUUKPH4XQhCqLCfOb2h|@^nOam5Ub^-vOH9 zy9Nt{vsl|G3agF#Ws+eng{F@I!%ExVm;;GNA7!sq2_;r17A0Uw(B(Q=U=UkZq7 zf;;UVYbC|74%BH*hV4SFW_RvF?LIz};zL^YRY;e~mzGjLCIjhQhdvsdE3zQe)P?ps znfsZ{Z4h~t^0EE>49qe@?A7z$T}vg{Bq?|3lkJ;(hXh#SN`{_iM3DMZIyO0JvboCq znTQdYaBZAoaI29xyr7?KC!>La1?rFPQ*rTBOSjGMC0rHWcpi-|qvd_IP8f+vkDkE= z#~ZMty$OH+sPdCSrahU+Nn!gl6%b0nGupX?4r8=Qpb3N41=7@t#OO0}qpy`q>>mG1 z`xqfbb%!mPP@@E?e#q`u?0_7+sQuP?Aw#{4T9dk}wK@e-Lq$t@M{2}h703TjAJIUN zSA`<>$cas&|M){;0Enqm#q%Nk{i;IT!R#j}XC;#P z?|Xe(|74IPejcB?vEmzw&YWzue(-w>@(KLozkBY2JGNdB^SgibnC4^r$3L6(hfDx{ zjy?82j=z}k&qR+V?0U!l?W6H$qUj+MJr9NFO8Q?>R#n7f=lV{w)p@`yKaKDi(i3g%cQ07ozCoP3d~ymoW&VvMNKUj;__P220ga26 Aga7~l literal 0 HcmV?d00001