From 0a728445ab3651d7519417a074f0cd75f22467d1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 23 May 2024 16:59:18 +0100 Subject: [PATCH 001/438] [yevaud] Add current config to source control --- flake.nix | 18 ++- hosts/yevaud/configuration.nix | 150 ++++++++++++++++++++++++ hosts/yevaud/hardware-configuration.nix | 54 +++++++++ 3 files changed, 217 insertions(+), 5 deletions(-) create mode 100644 hosts/yevaud/configuration.nix create mode 100644 hosts/yevaud/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 7c6769c..5c0c2d6 100644 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,19 @@ }; outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations.tohru = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/tohru/configuration.nix - ]; + nixosConfigurations = { + tohru = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/tohru/configuration.nix + ]; + }; + yevaud = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/yevaud/configuration.nix + ]; + }; }; }; } diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix new file mode 100644 index 0000000..bae4bde --- /dev/null +++ b/hosts/yevaud/configuration.nix @@ -0,0 +1,150 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "yevaud"; + networking.hostId = "09673d65"; + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + time.timeZone = "Etc/UTC"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.bluebird = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on bluebird@tohru" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + services.fail2ban.enable = true; + + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + appendHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + + virtualHosts = let + base = { + forceSSL = true; + enableACME = true; + }; + proxy = port: { + locations."/".proxyPass = "http://[::1]:${toString(port)}/"; + }; + in { + "git.katherina.rocks" = base // proxy 3000; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "accounts@katherina.rocks"; + }; + + services.forgejo = { + enable = true; + stateDir = "/data/forgejo"; + settings = { + DEFAULT.APP_NAME = "git.katherina.rocks"; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = "git.katherina.rocks"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.katherina.rocks/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix new file mode 100644 index 0000000..c11d3fc --- /dev/null +++ b/hosts/yevaud/hardware-configuration.nix @@ -0,0 +1,54 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/107D-5AB3"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + fileSystems."/data/forgejo" = + { device = "rpool/forgejo"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} From e53e5ae1c2a7319c4f9feceeb8b6993dfde394f2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 01:11:53 +0100 Subject: [PATCH 002/438] [tohru] update hardware-configuration.nix --- hosts/tohru/hardware-configuration.nix | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix index 95d3991..d42b1de 100644 --- a/hosts/tohru/hardware-configuration.nix +++ b/hosts/tohru/hardware-configuration.nix @@ -8,7 +8,7 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; @@ -39,7 +39,24 @@ options = [ "fmask=0022" "dmask=0022" ]; }; - swapDevices = [ ]; + fileSystems."/data" = + { device = "rpool/data"; + fsType = "zfs"; + }; + + fileSystems."/data/steam" = + { device = "rpool/data/steam"; + fsType = "zfs"; + }; + + fileSystems."/config" = + { device = "rpool/config"; + fsType = "zfs"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; } + ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's From 0e4b37925a218a89da8d867b7cd5ba48c81d54e2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 01:12:05 +0100 Subject: [PATCH 003/438] [tohru] Install Steam --- hosts/tohru/configuration.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 5abb6b0..22b1561 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -62,6 +62,12 @@ # enableSSHSupport = true; # }; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + # List services that you want to enable: # Enable the OpenSSH daemon. From a2cf41eeffa293710b657e8748e677658e7d945a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 15:32:59 +0100 Subject: [PATCH 004/438] [tohru] Install npins and colmena, and separate CLI/graphical pkgs --- hosts/tohru/configuration.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 22b1561..2a09eb4 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -38,19 +38,20 @@ isNormalUser = true; extraGroups = [ "wheel" "networkmanager" ]; packages = with pkgs; [ - tor-browser-bundle-bin + bitwarden firefox - tree + tor-browser-bundle-bin ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - bitwarden + colmena git + npins plocate + tree wget ]; From 4c4a5f79c3ca0f43eb66e258fd75b56be14b3816 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 19:50:39 +0100 Subject: [PATCH 005/438] Excise flakes in favour of npins and colmena --- flake.lock | 27 -------------------------- flake.nix | 22 ---------------------- hive.nix | 25 ++++++++++++++++++++++++ npins/default.nix | 47 ++++++++++++++++++++++++++++++++++++++++++++++ npins/sources.json | 23 +++++++++++++++++++++++ pinning.nix | 23 +++++++++++++++++++++++ 6 files changed, 118 insertions(+), 49 deletions(-) delete mode 100644 flake.lock delete mode 100644 flake.nix create mode 100644 hive.nix create mode 100644 npins/default.nix create mode 100644 npins/sources.json create mode 100644 pinning.nix diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 3fb63ec..0000000 --- a/flake.lock +++ /dev/null @@ -1,27 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1716361217, - "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 5c0c2d6..0000000 --- a/flake.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; - }; - - outputs = { self, nixpkgs, ... }@inputs: { - nixosConfigurations = { - tohru = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/tohru/configuration.nix - ]; - }; - yevaud = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/yevaud/configuration.nix - ]; - }; - }; - }; -} diff --git a/hive.nix b/hive.nix new file mode 100644 index 0000000..4e4ffb9 --- /dev/null +++ b/hive.nix @@ -0,0 +1,25 @@ +let sources = import ./npins; +in { + meta = { + nixpkgs = sources.nixpkgs; + }; + + defaults = { pkgs, ... }: { + imports = [ ./pinning.nix ]; + deployment.replaceUnknownProfiles = false; + }; + + tohru = { name, nodes, ... }: { + deployment = { + allowLocalDeployment = true; + targetHost = null; + }; + + imports = [ ./hosts/tohru/configuration.nix ]; + }; + + yevaud = { + deployment.targetHost = "yevaud.birdsong.network"; + imports = [ ./hosts/yevaud/configuration.nix ]; + }; +} diff --git a/npins/default.nix b/npins/default.nix new file mode 100644 index 0000000..4a7c372 --- /dev/null +++ b/npins/default.nix @@ -0,0 +1,47 @@ +# Generated by npins. Do not modify; will be overwritten regularly +let + data = builtins.fromJSON (builtins.readFile ./sources.json); + version = data.version; + + mkSource = spec: + assert spec ? type; let + path = + if spec.type == "Git" then mkGitSource spec + else if spec.type == "GitRelease" then mkGitSource spec + else if spec.type == "PyPi" then mkPyPiSource spec + else if spec.type == "Channel" then mkChannelSource spec + else builtins.throw "Unknown source type ${spec.type}"; + in + spec // { outPath = path; }; + + mkGitSource = { repository, revision, url ? null, hash, ... }: + assert repository ? type; + # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository + # In the latter case, there we will always be an url to the tarball + if url != null then + (builtins.fetchTarball { + inherit url; + sha256 = hash; # FIXME: check nix version & use SRI hashes + }) + else assert repository.type == "Git"; builtins.fetchGit { + url = repository.url; + rev = revision; + # hash = hash; + }; + + mkPyPiSource = { url, hash, ... }: + builtins.fetchurl { + inherit url; + sha256 = hash; + }; + + mkChannelSource = { url, hash, ... }: + builtins.fetchTarball { + inherit url; + sha256 = hash; + }; +in +if version == 3 then + builtins.mapAttrs (_: mkSource) data.pins +else + throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json new file mode 100644 index 0000000..e3ca425 --- /dev/null +++ b/npins/sources.json @@ -0,0 +1,23 @@ +{ + "pins": { + "home-manager": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "home-manager" + }, + "branch": "release-23.11", + "revision": "2c78a57c544dd19b07442350727ced097e1aa6e6", + "url": "https://github.com/nix-community/home-manager/archive/2c78a57c544dd19b07442350727ced097e1aa6e6.tar.gz", + "hash": "1zb4qsyn7l1zdiv1kjx07jvgnakpsifc62fxcim50w3ni27cwxk3" + }, + "nixpkgs": { + "type": "Channel", + "name": "nixos-23.11", + "url": "https://releases.nixos.org/nixos/23.11/nixos-23.11.7313.9d29cd266ceb/nixexprs.tar.xz", + "hash": "0phfgypnshhlh6ri54yp2f9qabq0hlq06jn46zv692jy6axss4kx" + } + }, + "version": 3 +} \ No newline at end of file diff --git a/pinning.nix b/pinning.nix new file mode 100644 index 0000000..dd508f5 --- /dev/null +++ b/pinning.nix @@ -0,0 +1,23 @@ +{ config, pkgs, ... }: +let sources = import ./npins; +in { + # https://jade.fyi/blog/pinning-nixos-with-npins/ + + # We need the flakes experimental feature to do the NIX_PATH thing cleanly + # below. Given that this is literally the default config for flake-based + # NixOS installations in the upcoming NixOS 24.05, future Nix/Lix releases + # will not get away with breaking it. + nix.settings.experimental-features = "nix-command flakes"; + + # FIXME(24.05 or nixos-unstable): change following two rules to + # + # nixpkgs.flake.source = sources.nixpkgs; + # + # which does the exact same thing, using the same machinery as flake configs + # do as of 24.05. + nix.registry.nixpkgs.to = { + type = "path"; + path = sources.nixpkgs; + }; + nix.nixPath = ["nixpkgs=flake:nixpkgs"]; +} From 30d059d995c7ddf79e2eba5cf5a611d16d0a0ae8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 22:53:40 +0100 Subject: [PATCH 006/438] Enable home-manager module --- hive.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hive.nix b/hive.nix index 4e4ffb9..41f2d90 100644 --- a/hive.nix +++ b/hive.nix @@ -5,7 +5,10 @@ in { }; defaults = { pkgs, ... }: { - imports = [ ./pinning.nix ]; + imports = [ + ./pinning.nix + (import "${sources.home-manager}/nixos") + ]; deployment.replaceUnknownProfiles = false; }; From 1012a3a1de1e4cc19f44506d4c522762bfc9e3af Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 28 May 2024 22:53:50 +0100 Subject: [PATCH 007/438] [tohru] Move most user config to home-manager & install VS Code --- hosts/tohru/configuration.nix | 16 ++------------- hosts/tohru/home.nix | 38 +++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 14 deletions(-) create mode 100644 hosts/tohru/home.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 2a09eb4..87707ea 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -2,8 +2,9 @@ { imports = - [ # Include the results of the hardware scan. + [ ./hardware-configuration.nix + ./home.nix ]; boot.loader.systemd-boot.enable = true; @@ -33,25 +34,12 @@ # Enable touchpad support (enabled default in most desktopManager). services.xserver.libinput.enable = true; - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.bluebird = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" ]; - packages = with pkgs; [ - bitwarden - firefox - tor-browser-bundle-bin - ]; - }; - # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ colmena git npins - plocate - tree wget ]; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix new file mode 100644 index 0000000..2f2b128 --- /dev/null +++ b/hosts/tohru/home.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +{ + users.users.bluebird = { + isNormalUser = true; + description = "Bluebird"; + extraGroups = [ "wheel" "networkmanager" ]; + packages = with pkgs; [ + # TODO: move these to home-manager + bitwarden + firefox + tor-browser-bundle-bin + ]; + }; + + home-manager.users.bluebird = { pkgs, ... }: { + home.packages = [ + pkgs.fortune + pkgs.htop + pkgs.tree + ]; + + programs.git = { + enable = true; + userName = "Katherina Walshe-Grey"; + userEmail = "git@katherina.rocks"; + }; + + programs.vscode = { + enable = true; + package = pkgs.vscodium; + extensions = with pkgs.vscode-extensions; [ + ]; + }; + + home.stateVersion = "23.11"; + }; +} From 21ebcf6f75bd3420c39596a1041ccad1af53a48f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 29 May 2024 13:35:27 +0100 Subject: [PATCH 008/438] [tohru] Basic configuration for VS Code --- hosts/tohru/home.nix | 29 ++++++++++++++++++++++------- npins/sources.json | 12 ++++++++++++ 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 2f2b128..33a4f8e 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -14,10 +14,13 @@ }; home-manager.users.bluebird = { pkgs, ... }: { - home.packages = [ - pkgs.fortune - pkgs.htop - pkgs.tree + home.packages = with pkgs; [ + fortune + htop + tree + + nil + nixpkgs-fmt ]; programs.git = { @@ -26,11 +29,23 @@ userEmail = "git@katherina.rocks"; }; - programs.vscode = { + programs.vscode = let + system = builtins.currentSystem; + sources = import ../../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in { enable = true; package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - ]; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + userSettings = { + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "workbench.colorTheme" = "SynthWave '84"; + }; }; home.stateVersion = "23.11"; diff --git a/npins/sources.json b/npins/sources.json index e3ca425..554530a 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -12,6 +12,18 @@ "url": "https://github.com/nix-community/home-manager/archive/2c78a57c544dd19b07442350727ced097e1aa6e6.tar.gz", "hash": "1zb4qsyn7l1zdiv1kjx07jvgnakpsifc62fxcim50w3ni27cwxk3" }, + "nix-vscode-extensions": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "nix-vscode-extensions" + }, + "branch": "master", + "revision": "1f5f225e7ceee57404f6e409200cc9eea25090be", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/1f5f225e7ceee57404f6e409200cc9eea25090be.tar.gz", + "hash": "1s24w7fwfgd1v3s9zlj9cmwhbfc90av8c44kg9dchvj0yh6fg5sx" + }, "nixpkgs": { "type": "Channel", "name": "nixos-23.11", From 87862f5291f2ff5a90d8643c0ae920eca17f668b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 29 May 2024 13:36:53 +0100 Subject: [PATCH 009/438] [tohru] Enable Git autofetch in IDE --- hosts/tohru/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 33a4f8e..843aca2 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -42,6 +42,7 @@ robbowen.synthwave-vscode ]); userSettings = { + "git.autofetch" = true; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; "workbench.colorTheme" = "SynthWave '84"; From 48e3a85c82cee194f46d0764428e166a46186f33 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 29 May 2024 15:22:04 +0100 Subject: [PATCH 010/438] [tohru] set up nix formatting in IDE --- hosts/tohru/home.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 843aca2..42e6d8a 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -45,6 +45,10 @@ "git.autofetch" = true; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; + }; "workbench.colorTheme" = "SynthWave '84"; }; }; From f499d48194eaecb83a08eada3e0466c67ffca1ab Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 29 May 2024 15:25:21 +0100 Subject: [PATCH 011/438] apply nixpkgs-fmt and remove unnecessary comments --- hosts/tohru/configuration.nix | 5 +--- hosts/tohru/home.nix | 42 ++++++++++++++++++---------------- hosts/yevaud/configuration.nix | 23 ++++--------------- 3 files changed, 28 insertions(+), 42 deletions(-) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 87707ea..84f046c 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -72,14 +72,11 @@ hardware.enableAllFirmware = true; services.fwupd.enable = true; services.fstrim.enable = true; - + boot.initrd.luks.devices = { "rpool".device = "/dev/nvme0n1p2"; }; - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . system.stateVersion = "23.11"; } diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 42e6d8a..f04de5c 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -21,7 +21,7 @@ nil nixpkgs-fmt - ]; + ]; programs.git = { enable = true; @@ -29,29 +29,31 @@ userEmail = "git@katherina.rocks"; }; - programs.vscode = let - system = builtins.currentSystem; - sources = import ../../npins; - extensions = (import sources.nix-vscode-extensions).extensions.${system}; - in { - enable = true; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ]) ++ (with extensions.open-vsx; [ - robbowen.synthwave-vscode - ]); - userSettings = { - "git.autofetch" = true; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { + programs.vscode = + let + system = builtins.currentSystem; + sources = import ../../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in + { + enable = true; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + userSettings = { + "git.autofetch" = true; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { diagnostics.ignored = [ "unused_binding" "unused_with" ]; formatting.command = [ "nixpkgs-fmt" ]; + }; + "workbench.colorTheme" = "SynthWave '84"; }; - "workbench.colorTheme" = "SynthWave '84"; }; - }; home.stateVersion = "23.11"; }; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index bae4bde..34e6a1e 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -1,12 +1,8 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - { config, lib, pkgs, ... }: { imports = - [ # Include the results of the hardware scan. + [ ./hardware-configuration.nix ]; @@ -99,16 +95,12 @@ proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; - virtualHosts = let - base = { + virtualHosts = { + "git.katherina.rocks" = { forceSSL = true; enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; }; - proxy = port: { - locations."/".proxyPass = "http://[::1]:${toString(port)}/"; - }; - in { - "git.katherina.rocks" = base // proxy 3000; }; }; security.acme = { @@ -139,12 +131,7 @@ }; }; - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - system.stateVersion = "23.11"; # Did you read the comment? + system.stateVersion = "23.11"; } From 05d2a5d1d627af9e59f14477e243cd374fd82c12 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 30 May 2024 02:13:56 +0100 Subject: [PATCH 012/438] [tohru] vscode: pin extensions & support python --- hosts/tohru/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index f04de5c..a9949c9 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -37,13 +37,18 @@ in { enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; package = pkgs.vscodium; extensions = (with pkgs.vscode-extensions; [ jnoortheen.nix-ide + ms-python.python ]) ++ (with extensions.open-vsx; [ robbowen.synthwave-vscode ]); + mutableExtensionsDir = false; userSettings = { + "extensions.autoUpdate" = false; "git.autofetch" = true; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; From 92617f6e38f20db4aa661c286d608e7492e70646 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 15:31:39 +0100 Subject: [PATCH 013/438] [tohru] Install Chromium --- hosts/tohru/home.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index a9949c9..0a2efd0 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -4,7 +4,7 @@ users.users.bluebird = { isNormalUser = true; description = "Bluebird"; - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ "wheel" "networkmanager" "dialout" ]; packages = with pkgs; [ # TODO: move these to home-manager bitwarden @@ -23,6 +23,8 @@ nixpkgs-fmt ]; + programs.chromium.enable = true; + programs.git = { enable = true; userName = "Katherina Walshe-Grey"; From aad0dc6e82520ccd27d3f188366690a8d114b654 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 15:32:09 +0100 Subject: [PATCH 014/438] nixos 24.05, home-manager 24.05, update npins --- npins/sources.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 554530a..f0bb28a 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -7,10 +7,10 @@ "owner": "nix-community", "repo": "home-manager" }, - "branch": "release-23.11", - "revision": "2c78a57c544dd19b07442350727ced097e1aa6e6", - "url": "https://github.com/nix-community/home-manager/archive/2c78a57c544dd19b07442350727ced097e1aa6e6.tar.gz", - "hash": "1zb4qsyn7l1zdiv1kjx07jvgnakpsifc62fxcim50w3ni27cwxk3" + "branch": "release-24.05", + "revision": "a631666f5ec18271e86a5cde998cba68c33d9ac6", + "url": "https://github.com/nix-community/home-manager/archive/a631666f5ec18271e86a5cde998cba68c33d9ac6.tar.gz", + "hash": "13b22rkylwg4jwqmhyypkyjzm4algk5y43kfwwnb96wxmrqrplxc" }, "nix-vscode-extensions": { "type": "Git", @@ -20,15 +20,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "1f5f225e7ceee57404f6e409200cc9eea25090be", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/1f5f225e7ceee57404f6e409200cc9eea25090be.tar.gz", - "hash": "1s24w7fwfgd1v3s9zlj9cmwhbfc90av8c44kg9dchvj0yh6fg5sx" + "revision": "1ae16af500525f1ca1b3295f5ee4e2b1b26f3004", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/1ae16af500525f1ca1b3295f5ee4e2b1b26f3004.tar.gz", + "hash": "0rf225qaim5kgw7qkm7iq2jzjqlanipx8sjc4k6w84lqi2rc2aga" }, "nixpkgs": { "type": "Channel", - "name": "nixos-23.11", - "url": "https://releases.nixos.org/nixos/23.11/nixos-23.11.7313.9d29cd266ceb/nixexprs.tar.xz", - "hash": "0phfgypnshhlh6ri54yp2f9qabq0hlq06jn46zv692jy6axss4kx" + "name": "nixos-24.05", + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.675.805a384895c6/nixexprs.tar.xz", + "hash": "1lgx2ln363mhdv1hnmnpiryhg3fpkpgzq50k1gnscp24sm5rskv2" } }, "version": 3 From cc1ea240667ef49263f5528e998bfab29730f5b8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 15:33:07 +0100 Subject: [PATCH 015/438] [tohru] remove redundant libinput enable --- hosts/tohru/configuration.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 84f046c..7d14040 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -31,9 +31,6 @@ sound.enable = true; hardware.pulseaudio.enable = true; - # Enable touchpad support (enabled default in most desktopManager). - services.xserver.libinput.enable = true; - # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ From 6bf199cf12caacb7977e43cdb5fda483efcd0b6e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 16:57:38 +0100 Subject: [PATCH 016/438] add/remove comments --- hosts/tohru/configuration.nix | 21 ------------------- hosts/tohru/home.nix | 6 +++++- hosts/yevaud/configuration.nix | 38 ---------------------------------- 3 files changed, 5 insertions(+), 60 deletions(-) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 7d14040..4878136 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -31,8 +31,6 @@ sound.enable = true; hardware.pulseaudio.enable = true; - # List packages installed in system profile. To search, run: - # $ nix search wget environment.systemPackages = with pkgs; [ colmena git @@ -40,31 +38,12 @@ wget ]; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; - # List services that you want to enable: - - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - nixpkgs.config.allowUnfree = true; hardware.enableAllFirmware = true; services.fwupd.enable = true; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 0a2efd0..a53c0bb 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -4,7 +4,11 @@ users.users.bluebird = { isNormalUser = true; description = "Bluebird"; - extraGroups = [ "wheel" "networkmanager" "dialout" ]; + extraGroups = [ + "wheel" # sudo + "networkmanager" # UI wifi configuration + "dialout" # access to serial ports + ]; packages = with pkgs; [ # TODO: move these to home-manager bitwarden diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 34e6a1e..4e3176d 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -6,31 +6,14 @@ ./hardware-configuration.nix ]; - # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "yevaud"; networking.hostId = "09673d65"; - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "Etc/UTC"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - # i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.bluebird = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. @@ -39,24 +22,6 @@ ]; }; - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { @@ -65,11 +30,8 @@ }; }; - # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; services.fail2ban.enable = true; From 24fe4adaf5ebddfa48bbb7de058245f8bf375c56 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 18:20:37 +0100 Subject: [PATCH 017/438] [tohru] Enable dark mode --- hosts/tohru/home.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index a53c0bb..08be3e0 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -27,6 +27,11 @@ nixpkgs-fmt ]; + dconf = { + enable = true; + settings."org/gnome/desktop/interface".color-scheme = "prefer-dark"; + }; + programs.chromium.enable = true; programs.git = { From 7a0921806eae41edd37bc422bb6a21c540c5a8d1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 18:20:51 +0100 Subject: [PATCH 018/438] [tohru] Add background image --- hosts/tohru/background-image.jpg | Bin 0 -> 1336816 bytes hosts/tohru/home.nix | 121 ++++++++++++++++++------------- 2 files changed, 72 insertions(+), 49 deletions(-) create mode 100755 hosts/tohru/background-image.jpg diff --git a/hosts/tohru/background-image.jpg b/hosts/tohru/background-image.jpg new file mode 100755 index 0000000000000000000000000000000000000000..bc9a614f9c85610d42694d22b119d8fb93ea94b1 GIT binary patch literal 1336816 zcmex=+hh>T)jU_1k2r$g8eK}GJROOhn^T$$br~oKc~bL2gBchYR2Uc-WEhGW zf*9NxoEQ`sJQ-XWoEgj*3>hpL%oxlVbQz2o^cV~o7;xyf1M7EY$Y&^EsAMQ&$Ye-o z$Y3a8P+-ttNM_JvP+%}(FkmobFk?_)aA(M8$Y)4r$YDqY+my$U%%BHy6DU4FGy}uu zKyWxSik(4-L1aKALM(p)1B1m^1_tH{2(hH;3=G@b85ksPBE(eYGcfSCFfeR8T##6l z2r>hlc$m`C7#Kb+XJFusWMB}!z`(#2U7TiY1eRyyabjR#z4!nBXLSY!_Q?zke<%F^ z|9kQO|9_V-FfiX?U^tNX|2Bg&0}~?%fJi0~U||N4tSl_dENrZ7Y+%gJ$-&0X$zkCHg=E-((wNS41yf&Iy?uM8I>5A1R0qH z8UG()kY`|EWCghnlrO-ZVqj!qW?^Mx=iubx{(ppFs{jKNBQrA-3o|P#3kw4SV=W^S zGXskttB|6hBb#twBD+$dh*9Ijg&fLG8xM*GUHqV8oK)1r$t5N(At|M*rmmr>WnyY( zZeeNV?BeR??&0Yb91<+v*#~f zzWVs-^OvvRzW@073*;|G24;x27-2p`^Oqn46C)ES4%k8dVq_`@d0dc%Rnd@5$T5&T zu~1masF6d&Y2w0-2RW6EgFc8R6KQ!#m{`Vr(cu+NC|SQA-3gL@3&uUiZ}%!~|7 zg3N*p_6&b!bvsVyJ@D)Df(vN}bLY=kpH|<<)A+1)S8?;b&G8S@HnRMdx{<5irh{&Y^c z$fa<_)uomeZ_u~luJ>(9;! zJaSvzyblk=vNiG3`mEl? zKfNZOSbdbk=}GCTOASV6Z{L3H;GVSlv!wK=!(Gjp8WBbH^P^_PYsNnf?rOa2aq_Qb z>CQ04sV5F9Ok%U!@}iQ(;Q6J+6St?UH)Q56{apP(ux~1Bd{9b|72l8LIuVu(llxe8 z7*E`sx3||K&u876kBwo|8W$-}SM=KO%CNtxI(x9{Y#K zKd;;l*w<2^5To2Y@x-I$ZI+xb_$|-cX>6BaoWr#>H`(0jK$CH!uj0`=3JoPEj<41K zmaX=-x#E1N=t9;x)nzAUJYJ_2krNmrp?-T#smYtJG^dvrrt9mZdOns|X4V&Gys@08 zI5s5UxK_@-twPJcUnmah=f4@JX;u3pcw)yBiKVAnPrWT}+_f>|c4o`h6}fNI!v%NM z?0luYXXl5w)y2DO`<|X-c0D0FyZV8>VC13ei~Z&%Bhd2W&7teZeG;rs>S??Bn_%pqaOU|w8^6}1h?-H53+rk|`%_%?Yn7uGQ z?$5Wvce1|9nZ{ds7V>?0{p;$n6QXJ{+dtaAcDnYfbxra5?;Xz;n2CuOZrQl#`29>% zmayrDlT?CFJQp-7Cw=ymXWUMpUw04RlSMjyQvpCm2)|GreCv5M|oJxNQ zg;JBvQA;igH88n*ojP`BxwY9+72i&An_nSJ|B4Mv3uA6&gVHz>X5Kf`JDoUZTu%r(9r+K-%8{B~J(>!$|WdHa%g z%{~=&u3qZmhrDGaZ^LvQ^KNpLFno;I<>j_<(!S+a%Ws|Cem5{}nRJpM1)a3K; z*72^r$-Q!h+H>aZRaZWkt$&a&>he$Q;O6?r(KJ zzA{B-$$#|9-YmPs<6v^y`53uHt!9=^r-Ps0b$01Inc^dJdCOk0u%f%{^;zHZ<^G-A zXZXQ%^{a5R`MDb`4C8L`zB*Ohe6%2{zVZFrnYWC0+1@BPJTY2rO}fNlCRv43+*ZlV zeOj&0CavBv<)G+o|E0H--UM&?CHHmesu$k{kEFHf{;3M~da=?q;`3TB26@Bu^;K(g zD{|-aJlCo?xUN6uQq9>jiW>KJypQR9Bjjw{JmFO3QE#`xGF$lrw;oP1Sa_0oPWs-e zu>OMU2Ca$n*wyyPAN>CL_Fb*_hYC-=%f4!(|47aySFhs9vmM!&JY(hh#Fk#|+xFV6 z>!Ev+Ro8)Qd+d#lJb<_r?}+2r;c%H%Ve*ae8QF63^Ejg{mCjW?318^6M{c^! z8ejEVz8I$i0u9AiF0EbmRV6|ALfGV&K}R0gr01`Ak@@lFn%o@>wR^SK&ou4~uJzfN zzqM?qwR=_8^qvVjkJZIr+xmRFZ2_NqVu)&sa)RbJlXuo8PMbxg#aBL@;?$;^n=<@fFW0mfI|)u-@jAwCwz8vI zxTW0G3ooS(yR|-jJ@47Z!V9mL*99;5ceb?us^^pHQ0?=)rWcKF?z`r)OQ_5nA$n$y$NUlP$furB|e+%n>;7p)mTF!$k4wo}R*^ z`DRm8!(zP-XA3qe^#mt=_%dPA#AP8Ri7z8UCS}eQS@7tj$jE~(%v!EJaf;2=uahhle}+7lxndM$ zJfUp<>9qp)1B~?|8mb=KO?7%0tU9%SZ{{npO-Ii?ZmL`}GleNgLU4Z6>*fn*4?7!2 zY!74EVww8#Xwmj;xo^W-E%4CaGF2|cZ z1Is+vPj~IlU2#(4r$5V=6}+?94kz3GUA6dJ;#UcqYp+9+WhF1%yvuoIx<%lP%kkNZ z^&V)8$@*1zrWAzCy0Cq3-z(FJ?3T|a`X??qDg54V@xs-=YJcuf@His(W7Xotdf~6! zKP`7z%@@Nssp5DQ%fza8*KWNn+Y)&;A?sI2;bs!kwqBI38-B`%oAf zmHvc*PrK^9H^-afGM{W;^?xf`Ek4oBifi|a)K!|w9=}7~7;Uv8Sz3L3&)t9Sx1({f z%8H-G4VeoBKM8*MzKrWza+u)L2`x{gHZObMGgZrJR3FOrmssF)=8AcA2*p^sHN$6lKIohHTP`y@3Byt zxuVi*UP>On#j{!E(l?&#FY2Az(%O`F@OV|*y}NP-E_3v``=1BjTbaqVDV?XP{B=;Y z+urLLvK7lxvnOh%KKOh*YTC8uXLI`s*fdhg6E_G?zBTFEp~8~1N{eG=$@|wb_Z?fi zI#sgy`=fOZlZrT=Zx{7D85*I-ao%~}-fX`cGyOat+t$94Ty&$vP~`5MAV1f=o3&4v z3(mQ^q48rI`-Y=|SJ^|@Cm8kw`yICIEmAnrRCu0g=k6P8_g#Hzp|bLT$u`wjB}=6f6&u>Pc6&bEYjyRvXN;TKcJ>LbuDQuVE{U-_ z+22cTwB3DJpijAZ&Qo_0p7rHAkIV!%ux_0EcHY$3sPG+PYkLeHx@SetWP7xrv9G}T zYOqeO`keVyW-P_`8m#>J-Jj`CDW1omaDDS1p+U(Yc&i3e|GS8u&|rY@#nfexFIYmuBxqgrqD@~vf3 z0)}4A@)~bn#uV9BW#6^B%Vh2nw4lMNIW}%WTM#qvV#{^q-jkFCVt78DvkLcK%xT}a z$@tcWY0ECU`!3taxkYZrvu#`69!byl&pL7`*;4w)+TRN7r>3^9$rj0q$bZ0O81+p{ z)F@l;oB~^MRN47YZ=JuMRqIWP?Pyvqs?^wX#c=y~U$4b|{<5#wzRB$MmkHdy&R5N- zz+!oh&BU`}e9d01&(|7kWZr5shiR)MyUC;r$&oXJDt?7#%1o+w{XW>^PV(13ueQwB zD}3$4v1Gz?F8lMQQDGJ;`yU2d22PxpwPpD__n*%iw9YsNMNbZSYH?mBbf!(GJ?Bb2fmX%UnSzX zd8g9blW8Xw2<`cHyeipmfn3FkdoNfOgwI$EfRPGVFZ|A<( zX2I?GSz%X{9Jb4w@wqSG>v4W!vtxI5?Y(Ol^sqGH<``nyzY|vNiEl0aKLjV&xy5>$bf=t=QDyDf^o1-JLuo zm$&Cd3oaa5b>Ydohmj%A72DS)#~%qX+JBe1G1hG{>)I7c#-HUX*XTOkT@rM@&o%Q* zUsmq2qV0iOay)nnugq%V{C3K@_{X)r#oWnxhHvJM%9U$uU!U2N7ML>ei6y(ubw8OWbKg}STP9&NZT36ii`G&L)ExI2UXa=TpJCm) z9}`Y)KjXt1#K`jP`VG8}EdL@6a*n$`Ss`=PGjz|U6O4BZ3d6-- zdgx5#nb`9yG=Hn>)A@P=(h^CPOB1v_4A#W?RTbZxd7b7$Tin0Qh~@axi_ zEom}(#uJaL^m|QX4s5VY{xOT$GDpqNc6Z3dore`}9NoQ%Pje%?XQb$-!wY438QfYu zHQ1FK{e3siJ+XA-_x7xkvd4vDpLh>26?$~-b7r`~x>M!Cu7>E!plMT=q*^|7S6bex zFfleQfooZ~tnqpIs5RYl7C!iDu~NY2+taBP>N2a)Z91akhy!? zo2me7-n*a09=RU({+7IR#`hB)@aFje|`L9HOn)s7~C36@m8H&Agjc)nw zSW&x^S-JV=1=9`3B9&!&_-1}xwkWT6U*deP_}Qm#eR?8%;HdSviP8m(ein}!c|(qI zudnwCjTBc=RFLzvvj3X%#<}o-`sCmxi#+yh@aSb=FOVr+U?uvH^}7PI1Wrq}K9{hW#T>~o{Y3A~u0OBU3i!8aPPgdg64RYv z_||`G$8G`V4cf;pI&{=moH}=IVdF#pnBq&bW}K4{>|( zyu7MUgGr|{LA&Zd!(>mP=F`I0w?@qJSQlBP#lxylw`@_xp%Vwyc^3Rx!jsk@I6?E! z*V~iNTHVUmZ5Cx&dE&&fZP#K?9r^sZ@ZLoGYqe+k=FK$WUubiQGr={7cllF^mvgQt zX)X`fYG9E!{1@`#@x;Ixh79voU+{`WdJu++#v7Pu4x7_wD!=`x=J*9F})P1Jj?K5 zaDR%vjm*UZ$&+_q7ujE?*nj5YjE@a-cN}F^d1E}U-pjGcfc>!-n~~wy`!%{uKPEr*_Vx0rm-__k&h3-?klqyR^x@nTop-0%s#i+1XWA{>6`TKX z{?XsvipyiO3(oRb7^K}{KAu!P>ubh^Ue%RP!j9}(e`4jDiqntwH*a0>pJBsRkM(O$ z+)vVH%@;`jkoh50$WZPYd{;1EkT(^Th%b>g&#JnJ zg!ZR)a~|!r_xf@B!?SzleTNTUK4{`$r21g{-jdIoXU1;6P`bbC!{$=?Dc2NzP@By5B&f^%^oGKi_dWYFs#ROxBwm;n^!!QM!P{}!kM{RT>8{-}&1zbI z##*C?-Wn%fzjilr>z+I7*ZrO?^Mzx(cRRgnUnajV^HwCUfhD;i?40cHGN$& z$9B&W!2^=3_9yPUcVYHSRf!W}Dj!4gOsYRBRQu$yzx%#8z*BDa@*kb1+$tN2R<}M# ze;>;0e9(8@{mr#YH#yu|`NuZf{?I<*>+jBlORZbWyTrqs>FdS#ira_wiEh^T)pb^> zr*h-GsRncBwgzz?oIRhvtC9ti)}FLIZhF^I!Qk!PIgHIeuh03T{?Yx9+N~*< zqjy;y+qdU$_5}lhIYQExMK64+Fr|TX*EmVBskayE=7W(x2yZ%GSIV_!oK0 zs&Up%=~e4QieI^!melm#N;qe!_-o#bUsr@$Z#Ve=JR6aEr))LPccz6ie!3iSw=MS3 zUpc!{%A1k@PU*Vzh~DIhi!2{6TsQCM%;voOBjNgwV&AHLd3>F1mAbF_!fA&>4r*WC z@jmu`16S-zy?KdcK^E#u3k4^gY%Z;^+rEj9HMjc5U)yu~=%uI|v3mlW6`ym?`q~>A`Zi91A!#SO&Gkt? zE?rgLG4bLFg+E7rT|K(^+|f+##pgsy)on+y4@y~Q>h41RN?TW>R%NOeEWG&D2WuN7-^tX=%3!nRn zm5XvT^fFsh5JO~`txs~?eC*6?SB1;h8Xr>o!Ys9VfD z=j*!ckj>RemyU@SJdv90cD>t8X=?kuW11FUEw9`vOIkJ&%sUQEPQWg91s!~$7w$SOW6}w*u`BuL; z<-I|gwU6WF`=G-X39l}t%k~ELxy)jC<>$aY@5{D#i}Gh%o-3TUCED@O;$8a9&xDRo zuzi`Dbjn4G>5IiOw}*`fRH}n~4kvJ}Su(F}$(!CchwddXJ8Q~nUfej5lcnG1YDvPH z*W#(k*A?Wp za>gus<9EsI?b6TJe_hPCHWK*3z{jV>X;5D=*Y>5-RQFRyJ|7L;A`<;fm(ytXgvotB zmQI{Fo$vT^%N2_cGX=#YeB#yFEU&S6MNX+gi1g7Hr>1Yx@wqKM$?)Ww=R0cGtnXny zE?V^cgypR{ACIQ(KGo;E{({u9Es9ykjW^o``5Dg2pK+&m=E-HN)*aq?-0rW&oqKWj z7H|Ce+UwTz6ZX1WXXh`~VLbe4=dW)oT-L1I=vTL8#q$Y&*$dq@&D8a^g}6Rwo>p|% zS>x|>CG4%josAn4s<qR`bvPE_t4-8cHp1gg5B}-S%q>a6sdoFPDOmlEN=e{<4 zXU0T><13a=+qcnGyi0lwI#%B9dGdYDUcJlb zW+d-3Yp}YWzTk%auO;o03`|*mUD@87;}2K)d^&Mr(*y&qU$xpBF6XGU38Xo=OB_xA zVec#U=Hgwuh%cg7qYkW_9l+RlA#6grZt2+~U%d+_FNjJ!H{G7heWYBaeVc3O<(vck zdPfVdckP$Sa({Q;ZtEJ^^Kwf~MNXG}7OE?Ge~kay+UPyGpQgPI$vxA3@;Upgt&BQL z9;Dm8_Pu!QebKc8bwM|t&k1^~RX8b2Wui}|`s821k98+4^UGSKD%~X;Ss4{^C`Y@g zR@1TcOcwi2ldj*4?6XpfI=b4-9G=_leCcdy_E`6XtgEw5$AYO3=KtFpI>~8q(b@YG zGN(H6yUW%Zsv+3 zy&KvS{3?$I8BJ8Pxzl)Ss+vZf-`|yLxn3t`c^>SU)<5yuO6#_u|P-%RzC%+n>_&vvb@Y_@nEc;;!t zk(shb!+s}Ec=7M%S-0zvC-~14KkfWuQo}U?*ml`fpFKT~zgMV%Em23RIE=32sSDs*=SGQGu z-n%7vlCs5tyZdLe^zcoMGEyP3)y}TzcuzAU-|Z} zZ(o?gB>pJh8AU!0ldQij(A2)nY|E+~v8{7)k$BO(zZtGgd!eb8V5-YD%F122C3?fr-cUcrlgk?%4!dbpJnk~n`t#(g$Rx&QY39q#K{3G_c_QvPan<;7 z&v^X%<_qg9fm+9oo@PF@*50-GCeOG}^7wMCV|qc161NOIk7>93ZTKf_-uB11^s%nfZQ&TDpViYB zd|Op7|0lC>MMc+h-|2d*6=Q^tSG{Vn+~PjpZT+StuTGa$gdceu9riJ7cX4^K_5PWf zs@-x`A0x!7)J}Lz^f>S!JXyVU-TG8>!Ij+m_gA&$^PS84cW&{Vf1)wd!W^CSmdtrl z9FTEAaOT6~Ci_41`bn%wcza$ZJU8>fqgReHPl~b~O)`|aPv78Vn$+zcwNO&mkLmDX z<2G)Sh%b+}Tt3|2ufIWNa;){sCB2JuKHdqs^^&)!W`m#glaL)|nH+BFhWQVlRi0XL zs&P)zdgmn)o}Eeul`rk)=H*PbNDb`UA!_qW#>lh7;hfc@DGBTH_mo&>+j50V@7Xi) zde@arA3oL?^wjLI)n0t*OEF(^;hgVE>m3)LN;-7R;(gSo1+6#F-u&TpFS=Rh4ntv7 z*+0n*pSc#5Ke%>uTdVe=bFa5Ax1Sri<&x^%tsaked|9$MX{XPPl9s?H$GV&EaP1ar zN!)(KJv(XZqsujuH-;qdJQ|T57J6H1^2@NfZHu<btz z_u=I}!O;_@E%S+rN&K^7!o#YMQDSCtamk&09uFRE$z5~RPt-6}plHP3Uk!OQ4IV}0fYYbD+~HQYW{H&vt6tJs%y%SJy9u0|;ZnX2Gvx00vE zB+P4CyT*NyepE=qg7Y&R-)U@!SSh<`@ze?Bue34}eB>uvyvRD`F7@Zk&gV-t4zRfG zk&+r{>rSw#zv6`%jlux?)Wmf{ye zdv>Ze2pP`P(yldoba&J0IagO#S5H5+i1+5pc(X6=?>ih0Lgy75B1an6F&(TP*VN$h8O0=M=l7pE^;He(ImnhkpyxbynKs zaLp_J6>h6G*IND_lW(o~V|muh?e8w_-G0VhZAbTh#zU&79FN&*m)fP|as_34da&%WFEVAtruXIgM@H*4v$u+6K z?c%)ZtC4w4fBqV|iA{S|S)M4p;7O?19AC3bHx51s%bn$(^yuM*Ie*_3c1^o>=j|;& z#*-`F7Th?l(l>Q!Cf5_Dy&J#0b}5x@X=4Zwu;Oc*t);E^aAM!pJcEwgp7v2)58XX} zC9OLm`PnVvci*G=`O?SL+-*vfmJ0GNba+)YYodT#Ya7ScB~91Gcvsy}Uimso%vb7T z-`vWVA=fjX9#;sNxFb|ge%_H_ljYe`AH816J&k#MZAsHBwVIe{<`=FhI`2Q{O!;z7 zGwjnNn>nBR7#1#??H;@M^uwJ?f7_n@e7lE#Mjv}z_QFebBK_hv&4=PFE~_b)SB4v{ zlE2dRY3A0-Xq8h&?9KtIug>n2jr8W<)8G6nx3OYUhgWgV9K1Qx!c80%u-c{eY@KB zwRT2XEtPQ!mvr(Q|EW7j{4?3PMbk|`dCATnr$1;Pnbw*4vG`ljw!PBZJ*$@;*~xq7 zVdWZM>xcD!gs(qxp7`)TL#NgCR{iJG|JmmKIoeyhFOM}OUc5r@RhajA&Y#KaUU<9? z`OmP)j^{`3lI?r1_09XVlEIhr`A4SBSErs{ct`&Y`@>C(LqEtLyHVk&d2G2Zwp9M6*wd7Jfg0uOC7JH0pSdqT zxm|t#DUH6?qc5^Er9_`i@jVlDCWrBec9y9mg?C-p ze=%Rs(}Uxl;rw%(TYD}%u(7Z_c;K~b^Nd+f11IY-vhOqv4!nG@r(>?yyhY2?4gRcK z^57H43g^|vi9gg;lBRb09XDPTrFA0thON77)m79|5$k{9gcbgKm-SONtZc}_F?md~r!OHpI`jnHb z-{u{?AXCP0^{;l|43CBLcO0|{@zPuz5tbS8>-T}_ztTIm_-~G}2ztQ792frEvBqfj z;adx?zE#lW*?I1w&kyrQzvt>bVwrn-nS-R=*SGWZF6!8%J~ZEQYspEmC%-<&thIP$ zaV6%KywaUWw-cMqo?1$z*fjsuyq@Ok=DYp=o?~36_$1j^d@;RJvHQ@c7g2Mjm5bf3 z%Si~gRngdN+b^@W5%CGyB|N>pGGY|m3!)EUd{W$g)gq>ZV%``b*J)MQ5#Vubv_Qd>b^IV@-;ZF`Qc%k^zSQ0S?%6H#lVPz&i%XR!mv=c%-l{9NDt7puTHJg#EhgiV z_lzEAm9OhEwoAsWn&2yM{d%6n&Wq18@)Cb~K33YKa#@Vy^l|yR?0b7WA81#vh&e6i zpXBcK`E30`@oRjSR1(%N)7~~s-CO28|FZUZe#sGC8<^#;x;?vQ-Ev<-S+=!QYFS&& zp_FcRnJ|-W!MAoAE?^eD@0aB+>QxjaxiZZuFYxlMw$BWfN$&Mo+g_aVxgTOeQI>L6`v`8{aAdeolO0HT|%*y+FkFZ&6H73IeWA|8e->Jmn9*ztz?*^_S79^W>6|Kek)K zCbl+b(W6suA5OLr&DyViTsQQ~u?sfA3td-6?f5y*!CXIX>gk=k%WPizCR(Kye_6e9 zy0zEid)xTtKA0QjZ+$q(cJnsRw)lsZORRLyZc0kwv0`G6n%k?al5jt2rjla#_NB$Y z=FLB-SlA!+Hs$gXheF9etBw9Mctr~CIkD~edXvY2%R<&%JQQEE2mNwcf3`{IK3irO5e8UM0;1Me|A z&R6wPOI984EdKQSdSIpLx|Mm#bvsWK-`lwU%`7E{lMEjmUWZD?bh;f&y`^%pCx!Xm z=5@;cGm9JevvwEl<`!XLejl>bSmS`r1=RWwR_6-q_RUxNJtmv~wa1EpZMHX6@&CCmnrh)h!n%ws-!bi?gLIZ;0^JZF$!& zF>&qAo98brp2ik&Lgn$+%%d4><=Y&-t$4Tg(Cuk~6Z}Qit%+A_w_a&b_A_GYmo?ls zo@ckQp1bqGR(sKvwLeva4A0ALom!Y}vq|jWNy*inJr_=M%xADTZ$C9_>6}FdDSQSIg9 z+{2ePrZs7#CO(n#XTLPZGqXqRX?F^9|DGF9E*)pk+`LZnpuw}y34a+@hi%IXuax|@ zN~KM@aO0el{egY+y=EL1VhymApX;rXWSXACXWg|bZ-S+efnD3eDU1BMR?X@2c=$;9H;Vte<{2eqFlz)`PhV81GGVo*b-s;qkmHw`V_{F-?1N*ZIngc2AYlCBB;` zPt)1)H}j45%b4gQ7VEbA{|vwIplnTvX;<36*-|TRG1^*(U7Id$ zJ$t^_k&B=H2p`|MuG^0>yz%!}x4C*d@J{;eudA+AsLQfuL_0T6IB+fZ zMU3a$V{9IOUWGEu>3`~yC6ds?=yyV1Uz9l~K!k74g#vexnG4dlG77F?HCS-gcT3}B zpCS<S}nNNIQqdaFiN-lhQ&e1d~UFK=8 z%o>SnJCmZ-?VnspOWdw-C0Fg5rL3>Zrv^{mt`(~#w=Pt^n;`d>g2LTvt)f3n`KNjuGJ$C&%`tnt}9772D+BU5^3pZ=_AcPa4C*2A(}#a$xioG5IQ zU#oahGRVO8)vlP;>3p0E-&IX`-nS=MI7&!dwy477?g_V#yWf|snDo3bQQ}w1C6gtS z7?fpKsBBuOEWtm2t>Vm0P7?|&AFYyJ%3jh}@v`w=>+a^sljl8aGp@t%^erbX9YB-=VJ5Z<|-r8$k&uTPRwd3j>wx9ePvT1B>5hx~#YsxEEP zQ=Md6U9w_n?(oKDRZ1XN@PyE)} z(ZC*ccu!-^wlG(Tf6DiEWj|#!vpn|d@b!}Oy3!{sEnaBFo{M;KEbMvI+x_PfOm$s~X#9+hswRL5b?2_#HQO=oxb3=VR~`Rvot4ae7V8Z^KFQ?C-Dnh1Jn_%!OJBFCY{@t->tTB6 z$9-S%u;*F~?_bB72zQQA>-p@yk*6YOlZPzl+oS2L)$Xv|?33&-jJA3^$L#tN zXUPdo;g-j2wRIPU$VESm-skT1D(9)9`zt1y^l4`qodp&ous&K+)FvS4=Kjj^*^HRY zQ+pmTUd@bPjg+ucb)I0w+#e@Br;%??=v3s@p-!pvr{I1}t>ZT>T7fnfcyxNS_`UYoQq^kQ| zr6)y^{*Lp$Tuq#>!@sA9({fo}#MDO|Og)9Kzbw5oQ8A@(?)>r{OAKG^F7EqNx%j-rmpwQ*f}6j-b#%$w9pCn|{?-!ixkszz?52EHytVRafAMvbD+yf% zdxRZS7hG7J_sl|e$7}D_#83SPE;uOE?0LQ}lTqPU)uV=O4aycLWPgQpF@~`S_D#7G z;1}_64wqf1ymF~czZZ*1-mO!XB8$s)tg9}qI@K~Yv9I0aYww&K?)h0PE;}u)cU4JE zQ+NFI?!ft=sxB5m7Rlrt^O`Tu%7|T_A<4YY>VnbVH5*n~Cw}HTVED4BQdIWqgB{cJ z45vz(GUay{9{72TbE&br(W*^a4-!~j*`8&Xagu?1T0kwYN~W}N?b2@(jM%Jx^Luf< zPguHvy{g9N!*qw;&3fE&SNIob%{a;a?(v4#{>INNs7zVe&mN@$>KBSCoX# ziL7%gdwaYpli_QkO!2KvI;}HuClvZ-@(6fmyxd^axc%4Vbj8?f7Pm7La@A*b{9OC{ zT7Y0bvrU(S){=d}RtDNT_~xz@?2}5-Vz6Ls4}R$rEa4jFI_Xk=;)|yIy;6@%=IR^^b#9{*`E)ylhds`oQyL z)t9{<7%B1;Y?v6?R>|;HL_&0NF*Aeos(E`#mW#P2pI|6eo_KFo!%tPV;>lM^<)g|N z#cZE?>4`A-Rm~5wT{%Df&hgW7kMC4nxn}70@y!9juSr)X?GcvUurfR-#KI1vCcq;WKR?fM<>THY>$>1A5B6{WdDJMj=fJV!D_-q5A0MT2V3o}? zRwIdd%SARGd9y?-rSJ8vxi-4o0`dhXp7MJYyO#=RBJ!?cAn! z--$rU+Y|3CtqfF%nCfh27rW=$`NR9$g}0%Of9OhtG9inf++m z)`zVZ^YXvGT(Whhut4l>8BN>GT_1MrGpdQ5_58Q>!T$`R59g`WZd|j#n6LW!X1mEB zHl26*ci^MJ{vGj;=cTBaKllIe{qX(vTO7aL+xOV!ngsElkaaL!vS^Z_Wh~d{N88r2 z2v^KM7FDu&Q_bm5Uw?((b$)RFNPfqK?%g8W#GRjphBH@)hCi}Dv^P3x&ixlrAs4(Q z?+di~dy&Hh=2Z!Fg@f3LqzPW+0V>GUq~V_(b8 zKaHLKX6;A*LsI@nUhYv}%JJ^`RmI!#w{9@*zmR@yj^?rafVttkfj=kha;}gLt~JVD z-Ce1u7-c<8alhKS+lTL&W*5q?dbe{@I-?+?%JY};xpjB%Z|s}+kxBCF-1vtnv%(gf zIk&5~i`~S>kK&)*N0ANa9P%t>w5$@R;7<}1FN&RTDEsiKs%B-F-f*5*5RKb&v3 z34PdW^QvlIqs&Hcskv*69F~3zo4ERQ*u_`-L@p$`%ADUW8GmTkTCdl~F1?#19ns{q zh_qWWeN0)d1J1^Za$+7j|lUd)tci0@gyGw58>p0#I*S}T#SpVTa z!z1}`-#bO6&Z;VgnX|B-XWM)4Ug(4+yZtR?wVvj+A5Nc=Tl9CaTL6>S#AC%_6Q-V& zP~IA}WtJM7CBx&!qp{tmKYeJQb0zNh;d5p=vkY78^|(vVIu=a)yd!;^tH=6dvOnaS zW-6pQ8A&TM%_>)PjW~WKL?w5hpTmpnsaM}!JQ)65UGzql+0n&ib%+0C_k5Idnd$oS zdxPi_)sy`ARx+`Q4w@T=?2hq%S6+t$mtG^{%yWHsyHc9sp9Dt}nBUkJJLEf+BS zv!rp)x79Ds-m0G0S#z`I5GVWBBrR-~u;o_TH|^L%g6<##7too?3!o)ER(_$2QR|EG1Oi!HO< zPCL*4sQB6Ewmg?R^YuUf8KOSO-x79>cr*1$FKEKHbp688UOVfiOGnO5*vp^wiNE_= z$E}i+h4S1JcU;@(byiMH)6;v#$Ne{FeT&sUR&G^!N;z>m-*eNi{B2tUiyT}}zJGgd zpWBbjQoiXQv$V^nPR)~8)n9Y{s+{-^@62f)$ImwI^cU?ZDYKi*ZI@p6Quf&_r$5Ky z&#j&CTzAg=xU1fNbC>p5tvDbzwaB0~viq^Eag=JIzo)TuwDG$HHvaFc&)X#OE@54| zM|$Va)fd0+H}ek9+w(y1$MrcsR^6Rp_tH@%Vdd&3i^9AMHtUbL-Sa%N?PQCNBh&gC z{fuLK4!F-fd3?KR{1E{i#Z!mp&z|`HY|sbS&zb-9g7z2w3yZnBHTlfpb616J`!s`$ zo5dWIcJ1fySkjTJAX8#`%u)FL?fr@!&rPrXsNk5)`tiKvn%NhAt*AaLtGfN%?o{nY zmuq`t8FKh+U+T(87`Q(UPFT-8(bHP$)8bjzlhW>m+3rbZsm-3ccYDv`wwNXZ!`N%< zdX*+_DEad1y6&o5DuKI>9WSd0j&j{1*tX`e-rB|6b{ci;IKI^C*eml?jiY7rKd$_m zkrEK`pwIo%rYke9YpYql4SBj?im6qvUZyz@@15^!GoGry*YnGsd1>pD?XDdUHb~xm z9bNYQ!ri(L9*(d3y-seJ%d3~==D{G`XBDzuLd$G|$13jv<=8jBcRUugU3x{e?^D6y z=Afe8t~X}Mx-OWIB0uHx`>?!+U5^-Tl-neaCci4O37navuv%*N;e84oPsGAg>Nn4u z`+`-q+E8^y)aecTF8QDKpW3pKaU`9ixVapdsVXh+3{t~jIYc*|6C7?8cuS{ zy1aAUG?O>Wy-UP4oiP`ll9cr%oNK|82W@X7q>dQ9jw(KyZx9x^&pi0vn#`&Nll?r_ z^{Kla?vL{2v%YaS$JmpQE^|3wAv{d_gnC0}ypyb5 zns4%&MhjQvp0Jj0x9aw0eXDA_^v1x*DqL$>tX)FP^Kz%kwbs6V>`I<$3hNiF$UC;> zQk3z;kD?79zU@|t1e8pK$ed*00*>9dBo;PW9Pw%EMj#)(*=D zyDqPvb?Bwp4)r--C07OQGMXZy`XuA_<_8n+JPDa;%;T%c{xb5ysR>Wr{5O~y?0j*% z^T5lXn^)O(dh=|Y1gAb0Y-kg(8t2l3Aa<%8q%mSZ#aSWE{y#kA#JXjIC z*KyTqy*G@S5|6uTykgHi-qH7S@q)=2+eI2QRX@(#_f`20i|<^=*P)BU4BjPgXI}XJ ztV+MtF|P>@uY<*M#ooA=7W6z%4}2Y>UVbj}lkufx^D6nA8RvZcx@z;jJ2MRr9@E^u za*ODRGhHut%UZnj=aHG?d7&`$&nJ;hjXjTN6`hqxitaOP^!lzVl%kb)ck-Qp9?6ap zTMM}@S4%BV^X)Oyv^mCAUVK9)c*l}8zQPkv{4AS4Ze)pedx*TG?6Q%k6Z3)@59;dhAShg zwpDyt_uipRB0=z|n33hGKzVDgWAi5FiWIIoVOQATDVx1$L-R@L$A`mwdz39F6mh)L zPP)Lr!2332>K4mX^RkTF+9@7~70Q^_Iw(%`>~51?wRB>NI>1JM9=t0X}WJWd68$AmasGVzUZbKpPyz=JKe?@y0L4b zW4Oii6{|ja$q4;<{AH!$G*OlomB%95Di$|p8J+S_ng3zQq?DFFCnvZXE}f`+&(Auv za{aR&A%g?ep|K*zPph!o8@|49ReJ4;GaLV2{&mT}UU=IB|GgnQci%ZOdE#vmU7sm= zN2b*XJ^7n8_v~S_=ss4n$kT==|7b0_Y!4DnR{p6vz0Ta z88^N@tFqacxzpjB+OjhR7p6UWAXK#c_3O~MhXQ{NE58mrS>d7m^5wl%F|nsUZcvtd zk-6-`tZ{k=yfce=j5Tq#-8_; zaeB3!QKA1N*O;m7a?4hG8n8^b>u;i7v@KEPNzt4T|AGgpeC+jAU6GMSi8hl@t~j#h zQ{u+=6OTq+IC<<%&1TJ@fG@|gHhUF+;(0XZ(vgXRbDn(C5?IJBd*lIE+Xc7TJ5`LQ z2OZ(h%9(tmUy*i(&2=CytII6NL z()`_*b6ITlI&+G<7+qHy9eZ-O;XlJ%gWW=I4~mLsHQag6vd_ZiO6R5;k(|Kdh*y?Q z?+;trqy#TwF7scW<%4`%m^|2TF3Y~#Pv!p~yLzpdMStZdDT&!_nJ zmi%Yfw7+rxwm;6_4y0u4yRhbEp8>z(-db8Gs^+VEWzsq+Hs!V9w z@t{xpfK7?mrytY1t9J{XtC~FP`}v+-bCk~A_WQkC`IgY0?8r^qcJ|De>D{(&m2E_l z=E^9J$3d3@xm}ys^R%>cwK7wUoH;FQCRv4htM+97-s0dW^K4DjE!TYMqb!!my+^Lj zHFLhOj@aXOf|u6{W)^6_=kBWx*^)1EvG*It z66r9-%geMvHg#E?TDw8V-9bCmq-El!hQ~IK)*WB!zz{KAhs`QzW8K*qVpTeCg-tp) zl(MaP`HOk+&*p_T*Zx$wY^qu6A@OX@txO?JExQ*cKLZP!J8yRm&rvPxrccUkX7 zp~9D4*S20x;Q!n|ds(g4m8z7&Kda9#bzBr?l>6m%_l%7jv?fopSUs)Eu-9vu;p?c4 z5u)u`Ol*~_4I=yX84J&=t<>(#Nai*8)U%}VtUqhp!>Ro;U)L_(+$;XGt0XKzGgU?^ zGa_org3U@oD{p^YdD%TuT#w^dVR-U3R>z1RvagPW9nRNno)znKD`K(O%uJry*K|JK zn`82%?C-6=S^pU(bQvtRDRy#sabGu(Pu1g1yhP&dOG~$Iaz4FYZfk+I@Rnb}lT^-0 zB&||7#iaYtPG1^;mUNYv%Dn2R0)|*{s%6jY0}F#}ww29QP_o5Z)ta zdsIpA)Cy+XBF#qur=MY1sxp*YL{g z*}OMwi$nGDRN9n|`B~R(W!h}7mD-(XZ&%opwDhv;_F0iL(v>AmXXrg~D&L^ccjaQ? z!5ep)kDGqZ5B|j@XmwIwXF|A!T`j1CF#Z_S84C(xeczfyE_*2mKVhO0Il zSKeQ>;zggmn?MhV5^~>7i@#*$&)1bp?7iw*@`F>ptm~@Wc*4FBJ{puI3${Bz5v|6qU zkG^cPA=W+YdDpUY>MA!+$GI_0T4!N5b$Ye7o1`Cy>Gl0KEY?8qIbsVlJ?n?DMH#d(QLb;1dgF{xcZfUh86E8LlpxbKc3A zO*lEZZ>ls?_tXBUO%vLFcGnjB3T#gK%GA>I&9(N=1i#u>u9Ne)`L0Nq$sS3mz8uLd zV=nU3WyysH2NnkWXNdW>;+9)!YH**SuU5fbj}yxli>W#%{JzRGF)l$ufX(C4tR3<9 zn47fH`t!>A{xi%qoHEZsZrP@do?Pn1l3K-m#};QF*Z$ly`O3uuCr&;HNqLg8Vr9lf zYvFavuDys&wK#Cr;1yet1D6DXPlaN zIs36_(fy-UTW5=Gx~iufc)MP-Rk*!pn)AFlK_-(KKW$*>t6cR=>DHY$TjqEE)7u;{ zp`vjH+e@YArWZ2fC2Jh_EL)nIT`E`i`k3W<&Az9L59(E#R-F$hN#YjrRn1%KUVQ!S zp85yBpO#&*5zI4B5OZM5iZJzWGoRUMvNJb&)u#PSdsfN%1?>)V?z6tKa^;EWj0w;8 zs@=Nrvggs`Y`MeBZ&#E)&VO^)VSDk8&%yg|zD?HDz0FYhGA?pa)~%+y{945gtYv0# zYCC7>gd0}QeBF4fFPG;{o>_C^O10m-F=8?;d0I=~w=C}xx_yQ5&+A~%Eg!yod-P1x zCrFM%ec{;>v0J{qf3!2MD?CXswDlD?&YkDIDs!1w+JtwK2On*=J9egA?Dn(=NqfVO z&*$3XzBKypCSJqk+iQe%Y$nE-9-A+^XKl_&g~Y#4mdr9J&N#JYi(=oi<8pJWu1)P- zy7r2arD)v;md6uA^|l?@^X|a=uCD8`P3*VMHu&3w?2IVenI8QkzqEAbmxRdw3_JX@ zj`SZ2H}p{6+jz;<=0Snwy60Y3r#-rVuIa_|1<$sc{AONJXu{Yn$0(bvm$aCdum13? z*r%)3bZRmwNi**^{bGJ-ZJe#YV~A1e!XBZB@afJEJ%e%6 zXQPKZ-UkMG9$6KVdZzF{!xp>QyxTVITDqHQ-F^e*y_Ir{75JaKE#OJu`o;Ztd;7xa z?&2BdJSlnqrhfjnIxnGUjbY!`sm5!UElN9c)-Y#IN^#dx;mSPcl?hgCYYiDwgq1${ zn>e!E{~4M#|4F%^ zyZAz##!IuRf72eQbXGO?-D_8uzqC)+YDZrgui7K`sQrm+byg`>x*5(%T6ycp(WASK zzeL?XV*kO%|CZh(?Y&-?;yJRnXBq15nZG0a`SRy4W1jceKbUQ&d~M<6xF6b&eYKB% z(^+!(=^dS5IX^bb{|vUPA8}WPdU?t$Fb`GU9`)uA|HsLX?l(LQe#kEsAI)(hHDX<) zTiwicWnWD~ej8t_asF-pC;ErC_VGvl?5}PWtyG-lU39|m--Soh4^@5ru~Y2&BTbQy z^V&@>)!6@MXqxix;;kIPm-{TT?FC;xVboo>G-K@^zS|q)8khaM^q*m4{*f~A`y%_8 z?q-zd6{BLG{cS+IMdc{7l_4z3lyh zb?%NgUiN0lvDPl)u9(HWJNSB=a&yeJ?GL{1ZMSl>qXQ#{Gi#i$fv}(3f;3T`^kM4(Gu6=q($==+t>xrp6uL=LAN6g!83*-H> z_c8k>iE9h;_RUyt@zMS8-J~nK&Mz11t$(^8?&?-cFP)i(glwEXJM}3=I7L<^ZPYJ$ zlb)eH`A${%%2#qC`?nOiNc70eSs!)u${w}rf#M!@IbYVDxN_maYR?;=mu&m=8oy9}Is@*LRZqb{193z@Yus$#*ej$_Ap`#42s zo3}4<*9my=CCP5KCY`^o*X?-Xj`qDV`{C~*YhlWS9Y#xTX^QwJ%$fcHr)HW z%H!N2qdnpEGHC)_a~JTg%NHY3jM> z{oV$Cxv!@CmOh(1sUiGInC+J}Ya-pRE!uu%md<*Hw9SFLbhngD>*NXgIbkD@$CI#k zQ`b#Z63Ux= z$i?;9k(Rbs)nRe1g*H4zp23%2$ENlk>Cb<%S*WG(O}5$^?VEFC?@iQQn37S!ZeiNE zIwRn|cFk^?`Fn5eb^GqTWv~672`Rt6ugj1AFz5Bo1)V3Dc4_)A7TG6!@@qZ+-Kc3Q zY_h${+iwMSdCZh${IcGA@5Pkcok^`FWTMjzr=g44HT9DnB~eS2?6Y|neOqV-9+OH=YJpPQC@ z8=N-iJk{i1_vLTg)u%mY*3M*n`Sxs*^z&_#D;~71-g|83<@+!6!rwhs?g`V5^v-)4 z(NnheE&q{?ucGR2>Zu)G?{+l#zMWc8jQor%B`hZuXFW0qO}5uy3ADYFD;`ww<$Xxp zr_%H9IZhnY65l&j`S*d(cS;w!D(-w?_Ko3Gl<~DyZ+RywrQZpiY(HbU-OOWJ77fXt z`Q}`e{3@Z?yFt?9{QhgJ_b8-u&XEzGwc*X2Z_N9uLO2!DbtH1tnkI#*Y|-)zsEp6M zx{&q2Es=?h7aAkKJz>`oXDIBCnz}4C$nbrGhE%4M+ed+#^OLH(n!N95J@& zty4P;`Rulq#a?1!>f2lB+je@+x~k8!sti@rqB@o5UCwHX`Soqh?`|QTE=Ue7&HIT%P^%r6BR?o&3&v< zzm2R~dCHTY+HLimn9`H$Wc%%@yFyQawp<0*#t??zVb9i07d!VMS#H1Axe&L+$tRZF z;BWHRb^2mmkY(L@e#(I|*{owHE=I`t`~1FE`|$V0jmO+LMHRw@e^$uU?0t2_=-uCE z4=46zTRnTk9dYNh;;qH18-p^pbLzhr{H}RW?rWIOnJd-BI;j`ttgl)V^6tj#Ip0lJ zGF48f>}Y3OuxnfI;@mj`R#&D>^nH6|RmkVYIib>f^*laX^h~{F_cp#|K~molCWB*Z zZ+l%}=DEn;d;MwN*X%^&SvxMP@yO93ykC#=h zS-sk5)mzEqvb9#11*2Vrj+rrDbeH@3UY;%Y82(d}!d3fv3z#l{X?ML&#^3!&;21iq7nL zZWE9#;%;5DEo#`H-+`oB_ShE&=EF5%E^`tA(v!IUk6w> zRc5W2adPSsRnODHFGFW;;!HlDwb_til3~b`oUUsp8uukUSGf{owaznt!BUmSvU{`4 znOSBfdwWkj;pZ7pyFY5(?>C3SU;tGIF$7pc9fJX|bXw<$1yCUh&_ilD>O) zEbtYT6RLX~Hr3jIea_Y6sWFo(SM?j*aFBmK%Xjjr@WM|M8?UceF+-F^LFS9vQaw&} zW#zSQ=gcN>sK|ZQl-y$E+~>h8H&y!7ah1n&iukWh?a7_o^Pgd|PsHNn3CHcGX1k;p zE<9*qvinNyNlmi`Z;!{aY?^lQIxUu87lcdhpX71keZYi;os28rHM-kc6$b1K;0U+X zTv{Zp7TqlMu)}U@8uz7U!N&|KjgdlUW_!)^)d^qUqx7*SCHSe*H>>XIjY@ykp7ob` zT0D8y^W61noV|YvFKyM;3v<gLX#gw@53w>Ga+c9x9S zSHCwW@Z5umr?Sm9=I3h^SS4TDdDrRc(w~P4Z0n`oY?XH66#RHz;rqJ$(9Jt~cCUA+ z__FFoV5ZEzg$&{PPm^s5v}T^*S@6L(D@)0R#rjFwrqqx)kx8{#mwctwOm9Ecm{YGD zX|*HmX}|K?%ynL3`7xoo9&Q)JLM7SfFSS@LTADod%EH42Gk2(eTxWl*h;@5P|8j@w z>%}XTG?L!fe*AHL{*TkiE-7KJj$6KsK6K((na%#A0*CW;KD24iVN*y~H$5NcQ+L^5 z=M14rmGX7%$EKf_nz&tc22bPrm_3``@0@s{{LquI*Di&7k8kPvptIUs%Rr*^W(EylaK5H&@nei}ctzd@Wy}&Dr*R!bP#5ii0bq3i`JN9OklH{@OvX zBg!;U>bY#?ip~4w(%4V;v71^>6!h8XR&&U}t?KtBMk(k1E!sPOA6W1B)D&X zN5R=HZ2a+oK~cATi_U&4Ray1xu?WL?&9bIwOA8D3uB4M1s#nd6d*+{7>QZuNjYaV1 z;6%5e<8=a$DQoB3%;;H?vn-f$`_b6DzVa8KDT z{8v*@^2RcU=W{NcS4?`hH&Z+zX5-0o8hp(YV?Q~)JNQB~nZ;P8VZ|4jOGlnIGaMh+9{ODfNr85XUUI_vJ4YPV;{3g0_$3Qe<|Dw6PV^0jH%Y1@-#6x}Y~aAk9}LPAo_ zYJDdwuD(dsOmU8)jSsd}T~&~o==5&0%F!4N-HDgxT-cMCqEnYVXI{&%E7~m+j+)3M zjU`KkU~-nm;qX!&Sxxt_ zqVw{qo9t!2^tbI7D_z}oxnzEO)s{=EbG39-r2QA3c(nD4|IO2n-*=im{cyJbaP^nn zx93iF-QIs}f83ituIp|txtD+VwS;7!&&j+6ljkk(N?rSGV)<&dJtfu|?;pjkwo+H9 zwF>>~HOaWL)$jPTzQ+FyEQkND`{Sr0pYNhy5BL92Q(ON)yJO4x zj(hUE_wSwBti47x(f-Zz?T@nG-z|^)xb)og&2Aqnw@sI1&ye`5-MjzC(vQ~8jbGl2 zSFDqsAzAixaqz^Sh2c^ri#HihQ(JRw&1YZbZyF!pANb34I_yJ_m1~Q6(6SVvJVPcc z8NP~N*O$coFn0T(H<54csvqBYy&fE&Imy)GS8>Fq8n?aKi42)}N>A1lS!!5)vV632 zZTXQnnU5iUv)-QBcA8&siM!0T&gf*l(kt&wtnW9>Q){>v^JCY0pZyN;Z(hrV{%tpT zSo`2xZ|@97!_StJ-&a4{6CB+ot9@qw&P_Wj#O2d=hCKNfD%QUIkMGAGo_|8y0`uB= zzVn1kd>ggw?Ly9D&v)F+yeIIH$BozH(98abGy1e=eSFvXh@ba{clm-lH(hh3=JrIZ z@Avw=_~HKUD38h~&gzpK4UU@YcAeY*vH$4oFOy`w4_@bFPEnt)c>8$WRPnTlff;M; zRBPP#%<_m1Q)N6L*f(d^%}aJ#KiYk_)^EKtbLlaW$4d)4%U8Xd#(i3urR6`vX~T*4 zcEz{<5?%92W!K{M=P#G5ZLXfQr{DEMe1FN>xPuAT7MSzhxVOfD@z3jR-2orwZk<1u zzg;)yT?jMp8y}ah+Wv+Ey!>+Xuj|L%Gx%wW+x z`8VsaU2Nd&ezTr0{H*_O*lGMIT;ZDhh+pvVnoMVI+o`YF6suB%FI-pr`1`T?!P@L2 z+^hb`U(%Zv*;qZh{P;ALZtS_>kJC2K*tX>9KUU|v{+;v2Mts@K zCm&hF!#$f$EH}BQWP3LAVk}>_hn@O0ZvRKSzi!)>{K-|Gg}>^R$w`x5cK1x(G$Ez` z41$)*_cne#J>%W8f9I@1x)mO5kk>rEG(CEC$&S@-CCV zd1n`H-zR0J7{)l>JGq2ie$wZdzQXFuX^v9Z>fu`H{VjEM-!SMXAh_mWy6{Iq6p1ZFZf22Srxl zbF%j-*X9Rq-@bKwr&IECE~D%VCiAsy^(>u)KQ;ci)_GT6eSXk)X?=HzhPjhcns2Rl zo-B7n)~z_=;(5g>pO43BdtIHM7ut9E#PU;hg~6ViZars>o?qx&ro8>Je{1Ms?cMXM zQkqY*#-!gVS=l*v%g&%*u`6z$bCA{U{wRBVX2CPlbL=c#uimH19NqC~XKulwQywaP z54bLIJ=>T)Uoumhr>MYtgPqB z%!@MI(YI*N`bY1YOIO}Ftvg3D^r1@Mjr+HAyFAu2o-UJIziN+pb-wM~y@w5wJ~qkv2W3CI-y7xo zMo!V_be3|&{qHH|&(~I)AG-a!dq3CB7)9Mps=@Cg_o}=rPk5!DE?p&ealsu=8%E~- z8H`<*pSn+b-4kyA(Bs>|ZDLxECr&=wCHuhj^Q0qvTQ0koEUfjp8#;69B3Z**JNAp+ zxW%0|E2*4s&STTtuL7qAo#KBO)845p9Obd;=;Yg`OC(Q+%_=OnnSS(CLZ4d)lOHET z**c?}`D}Z0ZG>5sQt!@RTYgXD?zW5uF2gJTOb@(LRjl74cI>)nkWIwlX;pIXQ#l0G zRQac{cKiyv*J@MbC3xj&VN>?(4;_>L2}WCYO20qEdA{n!7qidn$~gW7U+KF#>*jo4 z?+CTNRY&irv2n;vE! zl&wpT+U_~?&^qaj>!y9!;JhuS@zzHDyRjS@|MG*hPW4PX&bc~zOVRdO<#IEQCdFvw zE5B=ed2iQSKb2XYqSs}v8?U@!Bwo)MJX7lYJTo8SH3dp76gcD*A%ih$mqWAXXFQ&F_%RcPjI&59oAJrE<<(0PV6!A$SwpO91GauDYoZeHmMpo&U`mwOWtvxE9Rc z6|m<+aY(6lc&|?blYP{bts)DrN^P6YcTSEoMB|min){MJ5?*b4906Z4Iyj(L2XWGQh}%j?NRt>?17 z>5d8|CnvDIFpLs=$GhQvla+8#$?_u0AltLs`;INpQdCV&V1FL=+_iU?T=+^+zcQ|) z?d)4Qzp1(xUYx+l$0&JX<=O&?jWtpWCi^uPDl>e_Dw!H@Z+KER)3&Qickz*r6CQlL zZ}*j_UwulH89Tddma_J`7gsC3F3StI7WI!a$aKv*oza!7v&!b+F}}jku9fQQTFbAk z@zw~{x~WpWs_#L{+k+F7xR-j)lyv!OL9wX_zE(+Rk9wOo@B)n zcqU$L=|!am<eQQ3~&(w}5@|XIO=6DNQPg9oRJHFQ@ z_m-C#e{krdiIE;g0`6WlMNiF6s#`wqvTR%A;lR1GbJ^;|12Lbk1lt_tar$$3ug0Av zUS}Jux>mn%SNN8cV!h-5vuu`mrnH51uSLJH-U>}6ZmB1FZj~n7lY`F9W!{w1cqQe! z^PZUKGYeH*OpIiAJP3O_GxG7RJ-IU1uAI|)tJ}TJS0yzpuK3J9?8^Hu5!5|L$A$$mVDx? zT=mSI%kcbKEh8+s^y`knhb^%qzfu^6{+nZGfv#Lx~+4Me0v|-gI z--grQ8=2J>O-o5n-ce9^ZDD%xBtG|=fT<^*?O1CN^G=jyy2gnpwdmiu;=6?Pm2Sq-WD)eNPJzjEU0+ua~YY-LY{n2Z9ZPV5Ngrs8M9%NOR{RW zkae?1N=HxUE}#!pmHsUAY5a9H zGtRHaKmOd>H$mYk=N=l}Zj^YXwQ@(`{P{8knaoWF5sziH*0g#aTKVgm?&{e`Gm8%0 zSvAS?T-CFg&ws8s&}1AcdANyDIrF7|_2dmA@bvBcAW zfmt?-Yq?lUt6d)B37M48DgBvGi@jxxG=J~;eYInuBun3)iSEwJ3@;?9&zMnotn%A( zXO{DgLV2q{WS-SdZ40OlYn!_yDah$b*`t*?QO0k!JUZR!$Wk5pVoPb-!6ZLR(~bE{ z9^E;=p`rH{ z^jSUHy!7(EV6(@Q+}Jdp8qJLh;&1;|`X|nG+f?Nwv4A6j2cPYmwewTnmkzF`bpm~x%;P^*n`$SYxK-fB$+Wlo zo6dzrmvuv8D;vAhi}l%6u224PRHZw4^Si*466@>#PGPz9!!PDq8@;+ANhWX}5{ z@2XbK+IV*FnvOEj^Y#^7^KSbV?Cv;mHhb@ye7VD7?rS5qUtCggIJs|0fGM-tb)U4{ zE(h6HZ=!0vj-P&|^+zh)LY-MQt3t0;;5g`qm1X56rl&2rgf_-EDL>Z?EA zGTO{3{CQ<%j)RuHlxtp>*{`a0)ypgYGe~Wi<`p3l$GAGsfkAO^R>Z;-8Fk5LGgT{c z=FXmYZ_V08ZcDqboSGe;`S`L(d;Z-zS8kV}FbRbKtT z;M)RASC^j->`Y5~TqK$}kH>^$I9mG$`niRwZtm&3YMa+|OGrU~r_%?`C7Yh4PkiYs zB(S#4cIPrlj?;{Du5vDNEpB2ie=PFhVf($KVMbF~e*d~8edYF%if2tZ-A+NvpV|aT z?sfAGGWVTyh^llG?XMg&f3;245;ong{X%Q)s#gKAX?HdpFREDEZ(cQb4S!a|J+|(=`!nQt zgY@2JxXK=Bc=UNLKC%ijHPwxAo1q9WBlv^T{eSxb?-F>xuL()wS{EbIdtjec?Lxq zeosD`oKY4|kbC@|t0~m_Q&rf~qnk8T*74a(EmnyL3Q2w)bhS4y;7L>UuMjpTwo5yn zv)lJZ6mWm=4WGMbPyhRpH4Vv6WX@N|g?qtTy< zHEXXeOtsAUqQ2CF?OuDM&#BLQH@lSd2mHyCvqNp$VbWj=R2 zC4IrM45n(AdHxeNyq%{V?6=YA^wU*;{j4u8dGX1RVZDuzZ|N@m_T)}xtD3XNMc%CO z-?CXd;}#$1#KyqBKcSmzcBSab7|A@BTs>>Idt!c*yRwAr>Pgp1Q=h5i6(3DGH)HFm z5~;df4=OkLc;4-LZE{|Mkx6pCVu6LldgbQuTSsPkO0ND^r!l2pGv>j(DO1*^-HCi1 z^e6VC+?3fSy?F`EYkY17?VDj572oks`eXN$k6KHoUOT(-JQu^7+M|{0zunoyKg~ZW zYw6jaIc<`*#%@cz46WV^XV@t<-HP6w?!Cfr#JUB2+ulGD3w!>%rE3^!coXMJtoylK;~ElRkd;a2%<&+)^% z?%wM={mpypG_zMB*B8Fn&Rv)?-JtRFgNNB#6Eb67E>+!F{b)kq1NF&yj||u$xg_rhf3HEm1RXE-Q@+{V|vA<>o%^WtZ0- zI==r5%hcmhpYLjY+@5=qSy^J;VGnK=&)XPvHb99?^+IXj)@ z9sB3Cf2EInFW+D`zmVxv4~OdPsq8z}c_|!iynB0T?8T?kxR)hZ#7CWZTE*X9#7EkCttNpjYN;82NM{fV$M*lreQ@L}rICprelJQ^)* zKSw)l?Rk1;;>WGeTi-_esbz$=StyjQxB95pG|k9bcLR6xZHe`}Z9+ekKiJ=8@~z$b z^1g%iGj~YDyp>#U_fh@L!G~KrzucbdX5FD8d5`_<`K+5EMpH`cjM{El-`qCO@|E_= z57#E?-Z=AMQsH*dSNqieb}za3HqM{6(KTzru3gb?CGGxGrgF6S}0> z*CgrI*}^=>9w95KOPeO2wkxdL`@&aqqG40vz2=+?ylX1nPCl#6qMA}Ni*2Ls4tujN z>Wizcr!GG)dw0VmH7>)?JYUwEUCOhsezNJ~yk)!g>OHDXWsUFYV@`MI zTk$$pQi|0xt}d>h>G4Erb*@SMYeu^ttGhM1pQXq=7M--m+t^fA?A#0SK7-}<)prd*E3&6mS1}mnpS%7Jp0mk!zl~a6j&{r!MtVRxkpxv zG1E3OYj2uy&hd5Em$$+0Jl-o*O3oJl+TM2QgB>H^;tgwGo{e}osobL5`*e3C%fx-` zHDRkX_ZC_N6-^jqJ zcmi+9^fLRM>FfTlJV3bF{ zMx-C3jZ9ek4KKatma-iS3N<_!^Q4yt_J988Yv{WQ>Qu|3Kb{}}~eL>CQ1v?E^_QnK!mRy{1 zdh*2A0Vjo23{lUnYm&uUYzar6lrPaoarO!23xqch4tw zolc)+>1o5Icjo4$>}$%ATchuq^ggJ0#jdtt@#S}mW6ny3omb9{zfdZvbYxMSRdv|n znB#U~j|{i;?N~e`OXGR!w#k{=mu(Frw@=)z;lWk4wN!jpO=Mc@rp5P{Cdc1c;8sw{ zzWnR5xre-tTb6a4`SA96kKE3cUw+t~=irsUdq6_Aa_O|QdoD4)s?|DTa7JRLNV2{D z-pmW9j%{6fVO#TQJqDYk)%ShYHwu?Nc(nP+l`wN19C5;jVG1wE%JAcit_ljpLvxd*M{zA%F|3=-jnY589mjL zeV_K}JzSelEA?wkWk{Ge_4Pe@hiM&4WXjGKoOi4GGWFulg;A38SrXFsmP*xVOXc#$ z{F`-1_0-xDD@UF^eP7$nofodRSw>7TV?tBxxcf40B0B(n2_ zN?~xdz<2e}()m$&ZXPF(XQiY(w)}F`Lh#0A(FUQNmNu7V=1lVc`D}?zpT~-s!Pl2^ z6y8~H`P1`kz>XwGF01;luf84(u#o(==JiS^q0ov2m%ep|m0K#zTCVa(^sINWwwYgj z)MC?PjG{G5)XW|gHaX9m>JyX8I`enoEVVfdo=?6V4NKGEWB2>=SUS&TtE}$n+@F;a zE4U{axaUU&9iEhBS0+1lltq=58IkQ;))T-0kYL7hrGf2gHMs2eE#Cc$q z5z~@3o3!QAoIIaPth(gE=A6D(irMdo>(292;;*wU?yuggu{D7`t}5v4?!wTrgSNd+ zAE)u0I%Dfsb=mUng(r7Xv?>_>P3i797<<$5b)aFXTkiA5%QCb2&j$+>tywP1%jR-) zioA{ht6I3K`{Mx4#mAyqeg$>18F5IrGhFt1^uqUPsn+d{0VlX+roMdZwOPb&r_7_p zm7M-FCU~xj%1F8C_tY`X(azRSYxRzvNzhrQKf3Bo{KXe_poL zIH&K}pCfOMJW21X3cK6;O5(KU$uH}2Rxjt9A-gfWdRWi(BVBm#t0+bL;Y59I1Zbj_|Co$rb9imj-pkc9l=c z_#O4>g~##>xFQ z%6S%r+im*2R#>-h%Q!o6+sfEG!V|Q5&ny*f*3WZ|o9Suucp0P8%9!JO#0#vF)?5;m zw%nU~Wl~5&^7^F(amLf`rKA-$_BpKkePnh*=QHP%5&^80)4TMp#s14YsJz|l-Ym{L zpZ5zMWj*uEGD3@!oy)IoYpab`dd35vri$nCy}1=#?^GxG8-8Fslu%-GO>pAOJttLu z{%7c19m`j!tah&`&WFKpiskt@&2w#!OD1akXDI*Aur`pXW0}chnB) z;QK;`_Bu`;gQ}k3re`{5IFc%CSIQYF-{PD1)7$oZ}s5u~QS@h6VYa zi%L_kJZU#INc>4ofQKbRSG-ZADi6njH_MklcMyv8nCKIBx9@69$|YB2ceQ6)$MZi{ zUvYSw=~SM_4y^NzO~ZcMtn_|Brr4?9lEW^Ovca^_>ndD)k1ICNH?IPm=11jGLf zVTKMZ=UFD-UuqktD0ld?@V&*ytz9+3nAK%7!Z;3^!Q}9qxPlc#mB4WNvnuGeb~`yb9T*+e=?;a+Y{VnIHZeY%31if8XcIl zv21qlo~Av|Z8dJ4ER-xg<6~g7=bfm9k;SbgdXB37j-e^uRib*2xAvK(s+d{W7KWbP z<9BYwksUoE+OO|z;hlPB0@H>3=hhogut>xu!=|!r7CPEXE}L*yr)kUXYI^)kx<2amWs}sNcY=)<{xewV zbxt?zUsNINxx+R3bm_gd_jdPlzZ44-!_)_=LZXx^Tp6<}<%wpI`m{*JlUZG1-0dUGnYkd(O0pIv9e;{*G2dR$j;{LJx; z^ZY&g-YSD5PC3{3XJ#d4%@?UDUBzr8WOKMq{G{{or;$?EyOv&iYj^OGX6lw5&K-9T zTAzO$xBbC>mMlA!k1=6&lAR{6^FDdZSKqkwN)6}Z-~1w{^H={cI($UX-R_1IM_bJG zpeNIgtz5d;ru=Z6^4?hwYi#A#Tykq?fBN$MtXHWQY|Oqb(82u8*KNko_WQl{IRc@nCHz~c5U|@>Y^5B zemsAuyX@NZCDA_J?P)KLtqd-+ys|F$-mVO-@0{y$cc@ED{8aqo>gvk1^ZouabiEIW zOisNk(R<**r3%0N#`_{$L;v00aUzCO#nW*9q22!(emK~tR{Pv?nJ%s?z@k}vervkL zr^TBl<>pn?tzGfM?bAPB<--jNZ1NL#%wHPy;oroiFRZ3+y=;BPQC?;3vFvp}x<4p8 zO_e_q}K#^a|)hV5eY93~QO1qL`4g^A>lIs6c58pvpNLHxW*^?2 zb0ar0N%HZB^(H@d);>C`rLynB@>!}Ae`+n66CS(r$A5&+JnB&HG25%3FSpHMsjq*7@;&hW;(L zk59D8*SV?8#UB{Ax%9*C19o;hs!#6~h)(sNG23kNwZ#|y@&1wf&@m~}MkKwTL42l> z|D#O5-mhjYSNyfM{#{=awB6}muCGzW&j~49Z}ymeZ2S|Q6j|fcu0AD=;rF%U9sijB zo!zH8F`sRgPTGrg?F?a}=ijVedSmzb5AP$R`;BalIM3gEHua5avTK;E&v`Lv&eEm( z_M~R0FqmCFUzff3!@a2=?s51nUjB;v*@Jw&$6DEEZJa*{e{0@yRoeISA|5t3KL=5# z?+^ALJIi`0dKtUA%8@@@GlFI%PxXpfzT;)o{TAJ?4xh4Ky^u(CzP|3I_%^G)PT6bI zZnkG|9r?Px_selC5n1Pjx=J6ak{27Hxkqb~eex2C@0 zti)5dpdFGgXQ|8$lkGoOyGmn;vR3%|m>?^$bJrQdJR>J;rFWYXe1_NZs2(>mDd zX9!*wy^`hCW*(+I^~p7{B^z2&`waK2SKHdWv7q-1hiXuyzoo2i?3N&<(+14U{ZR{5 zw;rG6lft-r*6yq`6WV!Xnm;oi%}&XcRVuOLOy*nu)a9Y$>({Zdr?&Wbe~i&@&uhvS zJY%%yV{`1=Uv_5?s~B~4W~9u0bYiVu!yKUl$&#j5GrwQFbBk$DRc@ztwiF*@$SM9T91*9s!82F2QNB&K-s&FbW{m?0{~5l% zwh!+z<}Q~ma9A_-;+)KTde2YYm;G|nNK_i34&D7H_g=e-v^_O5USyGpBrA-z$kd%PN*0WL~(gK1y3hZ-v{Ns;~)`S=x(_ z?@4*}`z^!CyI1N=4`qq@y}EF6`#kp*>-|5rP3KATp5}XrsjzRxdc!MUr3(vQ3))x9 z^kqlt^3R_rEuP0+ zBc@E<^u~)KdHZc1GGSqNe)*V8-{>nlZN5&NpYY1nOB*^CFSlIt)-XCux~Gn+9Yw)CwD?^w%I$Sa;uX&^#3!&t$R`&@yxWP zN10V-zSpy@>Dh@}<~;c)dNa%5pthLiCp~>vt3HZ3o#m@|mu-FW)9fbx4Xb)5#J#z3S$*QRlO`>Ff3E$V`a|rg z$dew1>J zK5^~l8Rta$j6?niKl&YL9C@#IX@||XbPSI^_aqUYv5X5?dY}YbbHE|6AiCZ#R+4JD2`l zs@R`t$&hRs=O!d$o!qCTXe@GPL4n2h*UooR+O*GERb6p4PTg=>n<3Oc_^5x*lOvpx zkLPEtI(l04_DS2733HCs9Jp(7)H*}(&R)I8|CSzP2=P^n*bvQZGtoEv7E60m)n&CE z4m}Dok1w@E-|6#Y77CX8x$3;qW4R2=x85pGBWKL%U+S!KLSSV_agT81nOBS68Q%HX z>OF66mg$KTuY7e{Qh56I_D7{Xl3}$tdGPxRzhl>~Y-ZZYbLxi0`yi)B7U!Oyut}J; zURc2IxqYjpilySNvQ>UhBZVjJt_!pLvdG-p;IO)-D3@iKr3Le)xq?X&?+!3G`%F5L zx3KTZtIV@c6||do{F>G1?PC7P&*G@kna4A&eh2Ss%;lUE_ItL)%UScTNj!P5UE#~B z49A3r{q{@aFDp!n^wv;mo;)$MmNnVmvth$+nK{jucFXgcJTqkJ-odxvZ}!|vZx->y zE@LiaZ;VZE|8~owJRxMc%HNE@3r|6UOO!$j#sT}Gj*!`lXXQ$S-RtA*4vfO zPen~zl*-KBruD2{xSzvPC)KjlgZpxxFHxB=CR(>7u?w~^5-dC9%A?g`2WvkZx zaByd~^)*-M;#9FeD*rrS_NFs85>Gtu%DJv1owecl`q!aPXXNN`JbCbF>KD_lD-+j= z{8_qz-A~iz#SJkPw)4+JXO)F2XFQjX+bSJ1!DbV?>?{41t9->-*1QUIczylS>a(BC z2CYKaP8v*lTXQ<3LttA1VF zVPe7F9BI08OWcbT*C}%}EJd_@)=z)jH`PdUf=+7L?_ZbCt~S?s@P(=IXy!s5L5r~5 z1wvJ!vn!l?d)ORb2dQv`Co>-}ytVdVPM^WzdB>(ZdmMV4yC}hFRnPaF&=V$?io8<( zYDH(49al(~uvlBoYhx(we&t%!owv*V%#0pgO26H&Gp}OxH7T7*DW?UPZ*A8tc@f%} zs^2(o?yJA^raqtak%>XMKkB0P!c(*QgRRaxPgrPp{JgAt*5%EYm10&O8hV_L`Flt zHCy6_s4tK7YE`X^ttY?z$(sH0wla_5E8|$6Up0lt&b8~l4LM_2sp4lhb9uJRS1oPp zx#EX)InKQ-Jk8U5-s?;B*Rv~JVsaTu)}%?{*5Rc)h7!{N&$-*2~U5*)Ay)rn3ao#_*ZkYy)sL6%&}rHp0{tR#`l?7SH?g zF=zHazeCH8Z#WpY~N}dAUxs5zb$N`(jrfi*DCMH zDDcxPWm#j-(8Q*Bx;1uQ=J)R_Y#uCmxa(Jdn!}QLdslYdnr7tq;Mv4aMul^@*5rNI zanABp=IX-srzb?zi@I5VsBhIeQJ%Z@o3mC_NV1!<9^1F=u&~96gO5M15q{+D@l4y~W>I0t zd(-aFdc$|l^IqSZRjzv3J-B#%^z1}~=?Z{CzUqCp$kXq|vs=cuc1-`cMqe|xx%vFo z;C&xkCb1dHE_l3D)mkb_y=0$SgyORYg7b>9dXIPN#Ous>lB|Ah&%ejUo!H+js5zk&A4aa@^_HUx(g4!go>pjw8ElRXBI?8WEk3r;6`P z4n5zc$MjQIyYRx*Vr`jAW$78e9yZK;Ru?_NbItGbVm!v0vf7h&eB}A$lALzOerkAZ z$by2ma~_MHd%D`V_(lJupwhx;+9|&RQgg&PyOyVTZM<=}I&HnvF^@BOY}#jD)jNo! z@10?G;koQ8< ze>d-HsD6=j)g` zmf0@TTq;u~nQgj$2Hm@(=cV?jYTEngi+8p_R-Jr)tF`~eQ0ZOs z^N(#&+M;OoYu1|{os_3%(oS+3PVC#OZS_noc%xh8*R`)_7s{k(eP6SCcGB@8`QqbI zMJ~ErW!Iit+SX0Y(vS?9e`#(m7P!;Rs8VuGlxff= ztLW^xX1~9icLZ)c-1k-Gp7hK|#y3RgdOXg25^kTqLgLAh#r^S7S2kW#+m>&3?Xk=k zw(f|6a^q58Jx9Hpx!dF(bRFHfY0Aa`ez~T-Lf4O$efPTXI?AP(?Qzuy*N|No|7fq+ zS#242XM5Tcu6E;yqbELhetCI8T+5MZMa;33_?d1FkL7!-SiiTb`kv+eW5j&pyJ%$b2{bIH_lO%gh z(wc6GJsw-WP86iOKozEsK-=@S#t1Qju|=Tb9Zji|RA&o|mR^99p4s zC(q(#Ebl5Efw!fqJC3^Nrsw9Bue{^&B>g@ZqB2w1o z^1;WZN!LSWUa!gXx0z&kY4d-E&G$TIcB;I4`7%l>wjqFdRP3>Fh%dgV&!0L*|~HBJDmW{>F*P#tSV^ z9F5$xed=OGx8m#9cJT(gY;Ov)ZalC2^ljv9*3BF4AIqGyFs-DH>Erv(eR7*)Dx#xi z-MriOY3=vDz2#NwkL?XUw(Z0`wJlxc2iU>_B(C?bec4?QH}hO}u-CrIx^THUS8i_h zOWk-|`mXJ}@|(|8Rahk-udTK}cvtS7x5>_FrL*LBF-<)FFy8*G64nY_MA&AW;bsvnYP__{;??A*+1CcS1u^ukz}jyk>F1x3dS- zS^C%3)_#mXav?*G!{|Ii4TIXR@N-r7_CC}X^0;t2N;>SM^f|+?>#by7g4L}4HInNxC!Vb5-F!B0f5i%Q z(Wl$*C+*?+xS7Z7^3><1YgBFu8NGRw!4dE$z3Y{U^vNczY3KMDjuvl-obgPn$FHg| zS}OjQ!i35QMc?S8mcG*-`gJ#MZh5{o|K%59YZm9#yFPFrY_{|GYN#0v(CwuK(u6lT6--Y71$c0&(UEJgLzP?~% zSfak2)!pLB{9`*;9h5bgdhzu=x$8pjPKMlRiYPg6x<%RO7>D$Z*KyIy?|EiRP7=2a zydbyrg&p@t=9tVT>sIN0X48WftEWqg>zQ2CxW~vMw|H;PkMdxy{Rxv9`j&h=>Ygc* zb#r1l+c5`Qt?08-_nwJYhim*ewP8hH+r+Mn-K#Uc?{oHEepmRI8-LW(bz5~q)eX*D zw*@!xWd|SLr@s4AidEefZk~rSUrbl7ttdNwWZSW4mr6Z3p7ecPGB+4w$EPWeaW^Pm6u?DX9|xqtuGjMJ4B684WH!!^!ID?gsM@9Onz zE1OC0DwK~^J==NucBRNvTlc`Oa^s9cJDnEiU2KdDzu0ulRYHB8z0~z9j8Br;FKt?$ z+&sba>#`*mCpD$puDRJ@ccH_$uX%5(`gD<&$tT{%@-3F$Wsvu{>)@^}6D6j~JpYru z%xIVKq^IfylaBTtXP3Fgwl`yO+1dNmD@C_vZJLmLe?nE-;w!pGHcVJK&r+pib?2O| z?vffQH3ly-KO9P_pHTnx)!S?HUes4v)or=$Z7I6*glwmL)Kz8atcc4Ca+>@71QYij{^y~hDK0mIWOs70`$yfn^gL~Q$&8e=jYWd9*;%Bv=hi;e zjCpRF8!=;6c-W~VBh7REUgsx?=zmsx@GIol--u83S{bF&eAg7uYnyOO>`cv*i3j8# zM@=j26lQ++X!9htj`_1~O5TQ>yx!U|iShNlrBiu1pKdv#Za61>`SY`3*=)>Zx2|oT zsrR3uEadsx$XqkqC7;;pV))lOtxStoy?EMx`LvVT*DtN~Ugq?$nP<-DS+7+tO zil@#rELTTVIgg_h+ll&C98dC|&NX=xQYTu#IDJ*;fnp8&a8^Z_;NgU1G76 zn=*YR>k@01{l)XLe(MzG&B}SaHSyKul-uOCPo?c{LCvv(oW}9fI?2kpK zBvb!BYV5sX@5Npgb$L;F@}>lX3YPGVf7Bv+XPI1Lo9J+md2MCd%!IQA8z(kIl&z2b zk-Eq?U+Z&gPO|dSRJD@8?ws%POt%hP%jz-wQNG^sqWg4)o}ORf+z*;gOGTTwTO3Hd zx0l~z4cU0o0lv$_R8*Mq>QakC+rn>Jc&$|v?UUSO3)2;G#EZ;OQ z#;$X^($d%VmTA0iX#fP1?zM)%F zLstiS?zYYr%bGgji$%=jd-IwzbbJ*Kp1<4`s?Z~!6Y`ZQ!t=@Vm;SvQJk=HjIiA%l z5?2YBC3I!Vt_HtXO`ZpAg5w@~O_keQZ?)ED=83b0CQa2n%%6+@GrV4Ndgtktck0^K z_(e~ir)~Al^`P`eKaFy&JEs=NNS)g`|Ea>9!Z5wmTb#V}w9PUb)z#;OUA)n0n#(rR z&qHnIeukd^3}0XFwQ~pcW*wi%vt(G`_n&~Di*6bBs?d~eCf5VEr46|@vU`{Hw)PA75+0_oSU-L zBmb%ER_Q7U{*>3BS=2wQ_;*m7_qYG!Sg(i!3!2!k&AK*0OO%7JcGcU3b0=H6ZJg#% z7r!(;Ua?(qb3^s@*uv!&NuutyylGih9;pcrimVS``)>z zs`)(l*zdKmcByw>MN+uU$Fo6(tAy50Rr$JB*xh8duB*}8yXV!HTF=*CX!){h;WI1G z#>=)@fm%;CTi1!4xt;Q0)7--oeT#Rz`D!X;wL#}p;T)b>{bz%YC)ieB+R3cmp0wfi zxx%hC$rg`Or@x#J3_5dQo#ZCZN2@JNVX$@|Eq%i0j_sp^frJUqp5=OuXFpXhGjoPo3xLja?fiEf(H=y&;o(VeA8js?R^K zTJN}JV)vIdb7S0rQ16Z@&3##mRnk?~B;Ir265zB+X5O0SEugzumT~Rt)rDKnPb*>% zjHqg{oUY+7_hr`{Y)Cd0w{Niv==sQm(CADCESo`-{ZOi0MJCK?jz-9EPKo@_z*87k_}Jrf)+q;O+ib6# zd-=|%{y1#to*v4;X5IAs*2d=<7hD2AMKasDJD(R_`zUn6`6nGG80OEmDP0qECdptL zd;ZJlIfozV8z%2&;Q8|U%StolnioHV_ExX_E-EltdqaUi*;`v<_jzlDmNZP`vEA|O z0_*JR)TBkvV)QCcz6`vhwZ*cV<^3&3TYIj|q!

@Z6p1Hi0IWe2(5=aKCrH_^kui zO2Jd#Lsh<=zqF`7+qw6-a*v?%u9Zn^j%(TTZB>c3s0=TfIC=Y8<`*ufHKcbO`gm5! z)u8A|;eGa{UZ0$Kj)k36{$Y63ZDMcF0m1V!7ZiW?KD3LnEU3&WVBc%cnCQ}RddGhT zMwwvICpT_KxBY%lzR1$=fyAW!CC|4qd(?dJ&gGbT)pNq1{RS%atxhqIrE5JcmrgnK zX(w0R_tWPJG-ns^tM|=#?+{Uuu3V94d%VguN!qsdf+p`*B3TzXaZ!?=P zsrCzbaP5$^uNLW7Q%P3imV31L=aFRni8mfE<#LnBJ;~n0U&R^Iytq+u;^4#kH6%X zWwlfPT=#AZaihid?5x%tnQ7`Gmp(6hDOOTAcNN2eYSCFnjvb8GEthpn^+r&a$M=6}96$ zwwcdj8xL(b&Ddbg#W3xf?525)IfXB@-1Gw89#@{k?v=WF(Y6Ce=6_pxUfN?u(0zmB zr;L3WRov2A*Cn6es`#2U?Udz|8FGem{v7yXxwKE-l3C@|>O+&*jQhTpX~a+H;$O}8 z<5m)Xs9?BSk`&ENa1!={*BYTPO=DQ}!StK?Rir|-c|hLv_( z!*;Ao*_7mTGlx}y!RpGidkGzE>b85UukQA>`j}ji7w8xLRLiQr>cW-_XAh?C=tyAf zDV$ZN^voyBF7sgP<~cv-9*u7I6JB@Z2QTIy~|69iE9h=2z`xoy<_Pfw^35bGdonQHeD(JjxW6cOH+rb=hR^ zjxv@$tFmRcZk>_XX7_z-_RZ)WK5t)Gb)9=NeZ}u=6?KVc>!Kr-AjaU$s3?HeksN%3^)eP}}Rv(`O`Y)9;n#^Q<7-dD(~ZWBna+98;D1!;Pag zr7xbel)L)Hy!D@Mh4SO&&2Rtc@^>p;*vj!F{J!F?*uDK(KhsqFHMTSeRi%_J^%j<1 zdw1>0&MQxh%s5PMx3AaO>$dI6Z?XKg@a+XluPy$Vnz!%F%+PQa!9e$CQBkIQ&+Ryy z-B&5Ge#Vx1sXvaF7kyf5dR+6x+bFYpiXX3c2>&(?_$cI_S8yiu!?E3uJD%xj>h{-M zoc{3Hn$MZ`A9Z%?-QX@bVDKl)UbyZ|JVR-<|F&1sUm z-_>_YJ9)P*2|JNB>rrfWO1V^fr@m_MZuXZ^$NWo9>n!D`{R&_B zvQBBk-l^|QPfSzosrmW)%Fp{jlQv!WTpRcMk$GF{ZNBXV$?AV&)VI2dtzTEMahmnb zb$gy$u+_|~4queLPkzHk*E!SUq?00QFRDw39?F`wPj|zNTelC~OYyNQiD~qDQA*dDRHKel+2Z;f`gk-PNIz`WXj zi*N1R?ceo}chAmQkE1tvS1RY#Z0?zmwKzrX?zvZI-|0_0wlwe4iT!mR*O}*gm3(Wt zX*Su$NX4b-GoN9El>E{E3~#q&*Kz#?_J24j{b%=H?X@4;+xFN#^iJQoMdxPxRPXdzPfh*Xs+P@~bob>y zr7o7>32WL-=dQe6vFzH}h>Cscj#onje62sbyCuDwc`Lh2D!fBw(lgt#=tz;2O`p3? z?zmhd`|!5e?(2K}b#F0nxY-EDWv{3>_u4Vtd-v{6HqN_JLcAgU$C%@`iha82m0ZM@ z^5E+t!ws`8e94~O&-vrfkz0-;21ge2++=vP?H^}F*>MN+ZBlugWsm5Uvp8Q~Tk&n# zwz94Zjx0Y*9xODyQFmrymQ;9WTF;$R7tfiqOy3^0Tif{PS|v0{PQiOeeiv!JZa88y@(tId{TCd zs&rdzj``1KTUb7tFKx{{$@tprr>hoQE8Opoif}fR7G_=T@g~^s=xxrLPUVRWCkhJl{B1^!Kru zK^`qZoXV01Ppthb^t5$H_%W-$+Fb4iXD$kHus23kX&Nm%boj%XxFaD=L20MGxP*JI z%KAQ@ba%1l?Y+^Q6P)bonpVd~Z<#1My|HiqT-S-G-iw?U{Bd{r>Kk|bp9%$XGRq|G z$$x0K`0vce6;Jt(%#5kJe&IiZn2Gy*|B13EJ9<+1?p!~&ZC1kNKgrT;9IVHLZIWkQ zPN@u>)tagI{NgUwE1MQ1Fl|nFwmX;WS$L05PsC&PuFvv3cjAubO3bTScfq*pi#_{Y z+bfAm1rhoxUrfa=d|zmnp&1~a$w;oIYQe}`bILxu z1x(_vKQ|?>$?K!d?js)r&TyzC?|&Q@y5?r3RZGXU#m`h$o_Mr({;>_x9&?V&K4>%X z_S(w0T?^O6962DjMDWtKXW#vW1wA$Iyx7Nk$KYb>mZ|?zXMCu&T=&_3uJYcH8=hI8 z=eGzOUeU{a%8-&?@IJ10*&U_Wnu{O&7}rE!`DRd7!nfaR$C>zjc89i1*cf~I!nd=@ znMI1uPaiheYKPq~UgmhrIz;;3q4V>&)g@nttXFJUY!a04d}8>iliOLEzpT1^RI-SF zxqlR=fvI(*l+o(`m|4$Ft<5c)GR1k{$JTxkGBUVh*z;)T+O$iWi|=d_cx4x-y@>H- zanH5fBMAqE8rVNFM+)Wi8%{8uw|H-fRd34){~6|~Rn^x-KCCiUWG~OTvVG+m7twfxLKCVnuvy^@jt zkIEO(%Qj-SS{L6sFJ<Qn-Obxp2wlDCwgswHGb+ zSUJ66^4pie5%G8K?~bzRmR@JJxp3Bso)0^n+^V~>^iJ-%yXTv!x(i>^v2P)FdDd_S zUYE@_j<`HO&@IE`9$&=vrFQo|nRgecE4O`JnKb>0(TV>I8g_Fob#FE)4DOwIK6BU9 zdoycv=lL!!l=;4Hl2~N2u+5Jk<0gwWXOsQ5%zJQN=0zHyzh##we`}7oGUXx@1TDxfZ>L zy{8s`T^V#a=#FysVueb@W~NG8UJL)H4@4gNn+8_|Im`VCeq3oL6s_>NE8AK6<}`_B z#n1^U-&Y*Y`6(@Np55d|Q}O1NvM;P32R~Cdm!a=1yk@RZ1^e>nE}Pn)*;zcPx>`E9 zFmbnp4Ohk#Nz39*fLA1@8hG&u5BMQ-_40gsE51k(4LPQ02D(|hjj#cc+aCLbye z#?1Lw8Yekp+qeGra#?{I3JE>USGZQ(ktq>jzZ2?b7^IlnD%x&a?Bo7mqYd+w3o05j znQgwUQl3!lxkci;e3t9aDK&SV&#z*(yL(z*p?vv~*&P$z?Y{83PKr48d6I|#Iv+1Up-?!Ki6|Ek`$TLVU*=DKkviwu7#Pk(i%w) zNtWze{l7I8Mf12?%S@VkGf%qp_S5H$_m*_!Pfyy$XK6ZDno_gYqtJCz^2UG8MEt!?{TxDA76N8t5KbPkjAFJ1DU3TZDZlka9pCgUO z>#wakW^?XM_-cX|es075P57zv`WW+*X%UeM^??<&_p%TFbd~pOW&P zCilI;*$+Pc+Ec%pAc#w?G`s<%!Gx>{PEG>th`IH}&N z&D`EVJ%8tWk2BHz=3f>rP4)=6P*HYJapTv;1tGWh+s#-Z6?E~>;jhmYXWl5{WB9ga zUaQ(HojZP99ajph=Uts%U2$pO*#`_2%pX@io8_>~`NFlDRh%|_R$Rh9MZ0fAJWJMm zu078n!}w3n!n&yplZ+zW9HTO3FdSL=XysnsmAdR}-pE^TZa!+*F+s-Q!0WE8?PnrN zWLsS)cxybqv@z#yjZWbl_s>F>|4Jn%D>qfjbU8}|lrvBEYh&8Uy1RVAjO`m58)Fjs zy{2i*&hvb{RVQreC&m+RwC=9q?Gc=OV-{bB+Kt=Qr5uubtEA>>Ff%=~5vW+X@5tSq z63<0-w=P-Q^j6t|-9&oD7S+}{>)NZn+N7;NoM;l5WKs2aY25Y;dUMuKX=ytAjBVSR zFPTXb*m~wP9$z1|RC@ZF!1;?_YU`gZ*m2;|_L8|~N(IUGF`;X%-8y5J-ni4pD7tpp zO+iJWXn`esR~IemNsKE@35)Wve{H+5C#<(`u8hr!pN=aZT|PKnaNds9VcRCHo-%#; z_Nuyb$2J{_S-;Wq(BX4dT}qqI6oSJ(3Wpfa(!EyDOk|*BSW_zrbdAIbY z->qYzK|Ooqo^NIM&Rw(MKf~A80dA+fjFMk_e@j2vqaS!}M)BhL)6Ti}HZ3cRyk6Gy z?ao1!dINh++10Ca%^dDH`DHOKI#_5XW#&|UF?rgW**-7o1T)Js7dKtzWZGudx4Q4^ zjbplJ`dKarPrNRA{D=J8DAmi(ve%epTG#D~+o0y=c-}Oi+hWdj-7cY}b1r%2J<#Jb za;<7VP-f*~6dC>SQsN(*>oc=fvV4$U!_&9peO%)Q_TZ-IX`5RfFgAbvx_bJd;=rzo z=KWW4ZqDrJ@2gzXsVHgPc))b~nyp88Ex>Ca%-(ReYoG8kDjNz=| z%+MXmOLeAeZf5BzSz&WjU2%7a+!Rxnu2;sBo2m*gOF3 z**(IqudOtCv?k`a%UplU*R!N*R?5_g`sUS_MW2zGcyGz1jKvKnF7@;^gxuLGcABYJ z;$Z!BOUq^6Hd#+rrz@?HzH0NK^1-u(lYb@19?@pYN$mlPom z=AYM6k8RCMKJi3u-q*t}@DgBl7P*!}{PT*E=m`x7z!3w^vp&G)_JEI;1qdL(Svp-c=9Yo|by} z?rXj2_I89UWWXav$oJ&?6HO@NQd6n%vUS(U==B3WO|5jb)hO z*39^~)y+3`X7}pn<#AadZxRDvF1#4?qw|8;J@1l(Z$smcdTi+UF5n+#dOjvz%<^-+ z%vH_zdro|NzoPicLEpuTV@s4bKau%0E4iYvNi@lxIp)Z&PS;OY_kG{1a7AJ@gLOf1 zCGnQ+;JNPmx50~0%Ud|SXU`psOnmoz)+G=@$m)}=-YdX&*fbsmV5Uv`uIt`C)-6%#~MDiynTM1_PQ34z~d@6 zr{`w{w?CHU5KVEHI(m8G`+MtrlTIw{eVEQSs5z9KnmCalDUNN?(SiU!J=! zr=V6l>(ZGME!)*?wThRv$+%yZTyimH&9g_BPgt^lS*g6$I=VdZT=s%k8SV7bzmgVA zJD_aH`Qy=2g{NhPPqtZ`eY0Qc_>{pe^k~-k%z1l?13dG$f3GgGny2~ch02?>pE_qE z`fPdKKE6xtNm{o@;?9BcLs!$c+eU8tbEoU<(M3}xh8*MbeEXl_`tsX50~~FwcWmKkzL6_=KnQw$>L~8)ucXbQ*gu7B^n$FW_Hbw&w(&tw!|B zG{%&jkN2?_n|%*rh?KYCnH;sNq|NiN*kgtX8J>&sW?A*BNi?rIu4$9LwA3oSOWTa|Ew{Uh{hQvErVO^H|eQ%C`&GiueltmV!u)l0PtLj$xA5MMtsRphSQ_h+7?fpKPriP`>1k+(Lg~>e*JU&G0(&kb z@UdlgeVo>8yYx)o$(@`J_qwV%`_3tf-yQR|xWTIWy7R-|Yed~8SROpv@Z|DEiSyt4 z6Rg9gOA)4W4>7Bw$ z`@HvDTh{ty=E2vk2iGs(XZu>LYTo4HT>e^55{)z4On(JmC{Ldh=^*mRc+Tta5R*M`zZNwJ*L+VkBkV^_rd;g=eOivf~ zJP3F0Jy&WjR{d_~$Ndkd_ea}VerO5IQto)RIk)lrN|9Ofnjf4^Fxe-6W!aV;cRw9_ zZr_*vJb2|2@ur8WDXA7G@*LN@{-}Pua7F9JE9;nyK1`ao{B`ijgm2R)-pczpzwPa; z`){>tvyMM^3%C<*{-~efhy0Oi%RWh{ZrH86gEdCe=DK&O?bF`Pwp(_v78MooCPh`u ze=Gf_)I-R@Us6J8j)~};ezU84Bv-x=Z}87baXwKhlQi@1j5W(VHnsm=wpS^C<4N=B z`5Id6zjj)O)vbOgnLp)@d)|Uo&r6bK=Ukg(V)Ns!>7>azGbLZXkL7Qx36#e+7JcizgdYLaL=b@S!* zOWTv2wcfY>XJCv8T{8L5(*B$})3u9!Ons{tX8CdJIS#c=QL=_NZd@_hvF`Ed1IF_> z*8I*~|7G_4udR!Nzk9BIvuDrINy{%Ss^^jZb86H4rQWXU%a&ZsE{oc_aQiIN12H^b z&lc}G-u~u^UhX3vj`zVanbU8@K0hsZK=${wWnJ5TP5f=$WAE$|{7Nd~^Xm7!?7E!W zEiBn(vnPL4Z~1EN5Ovp+<;(G`@4xS}yQ{N0Z7x3^^=xZB$JvaC2HD~ZJ-@D9oUYmO zsOERkS>c~SXI4CT(0tVDcEA?*Px^XSYo&Jccgb_vZ^@k@#&Q+&|XCFu*Usw&^Qd@!DQpXG~7=B?`8hkyNu z`8&_KSyLzc$^dxbA4MAW3;or?K?!XIuB^uYNH(me=i?t7mu3VvF@Y zm;My4&YtC5QGImV#jL8D&Sut2Y`1Jf=DBKyT!=eAIr*55{*tNFlY3{pvi`cZ+NAQr zBPS1wqd7lTKe*aEMR(l~zGt3_;dgZ>&zW)jx9P+sI{v3pWBsJeUeB3z@YJ&j;jX?# zS8gBu*5??v{MN=brcB#U9g1D*Z(&woMkrDyMuZZbM7AGP=4d_nHp`I}=5!lhR6Ogx$#v&!SX;tPAL*EabNe~N|e*!Yy=bV6Z_@9mR3GxYnTc0^8I zB=K?Dsfn|e+VK`1(nLS7R#sg`6V-VT~iD4atnzn$oc8rd~deijDL}j z%WPMt-7~d3CAV*?;pTfbM|$c^S51^V@7%xVV$xJ^lM2hXA?r#m=gn|=QE{|P_~wc< zB|F1^rk$&9xAtx`yO14fJ@I5p@n)~pQ&pP(?7C8)aqv{igYwnl)7s14ytCaLI_;Xr zgoYx+Yg@dI>`7@MK*uAs+fSQ0)4F7oILz0$`h`93VMC&nq@h?`Y_+7`on z-BTXX%>7=?XYz`cGq1Cky0&XW@{Y$7FV8ynTe>Y_$>-~`ns?^5xmNGUjhpvq&B3C` zhP$DQx4xQx_;zmOZ>^QgFP%4NiYFF-*85cX_@$qu%7cc(OT!|gY;q1RKk&%s=`N|Z zD036boi{!SREIm}9Sv507E`h=*uSWMueim7Yj0Z*=SbE}D2#buylB>U?_hVH{*F$W z!t;B>g_M4F-K{EF`6RS(w}tYhRo*(?ia|RbuhV*TC`xJC!kkGCHzZZcWVL7S-CC+r z#*|HYD(gSV@FdUsx^?Agl>j474wh@GXAf<6a`Jc(fG_yH<%NxA~(|_)oRIhbmdz&U7*9tCstJRxycRJlo+3v5A_vGr6 z35${(e_hsF800=}hQe2o+u@NCi_^95i+TqhPpX)(+o;b!dDevuTMgy)U-(~Jb*RxH zdCub%tHVA&Zu)UPC*WSI>dL(fkBhVy$Q#(mT;KS|=yrL&l<9#}6OUJY^cDKV@h;gd z`Q)F~_v|Dx1zpo+E~q_LWZ7mNZqs**f8pzU{OqSA1k&Y?_GRzB$kK7JpyHp_!y1M9 z%^hV)M>ZUI8#j5eC(pNs=h&*lSzU{-FWY-L><~}$Bu}+%Imy;;BEQ38yN!BpO8lzL z&i8$i+VC=Rt>7ZJd2`k^7v}BN4!RULCvEdur?=;$L zpAe0@lZ=IZV;Cl2P9k=vqGdLAp3ybn6Id|j5xiR7aemIrSKFPts+pF!in6<@=b zyZ5qor-THhq{~fFX|ht|`Ri!w>lTslb>WQW3C00?7BJ8Md~I&qEajcWPq(JV8!$|$ zkJ?#m<`{eY!f)oub2oPm5=u(oc;9NVnOvJ$!*OO z=SMYpo{$Nab8;&W5%RnuJTF5kx>M(AE{OZr_`DFH_^pAq)4oo$K~}IvO!|dH>RsJGTVRtUSI`MCMb| z#$)I6ZE}?jZm|~!9y`A|bAs^gt{3le1eCQCCcloHocTv+0rM-?Oj$q6ql+4gmQMWn z_1Wxm(tQ3F3|IPDJl4edY?_y)ySwep1jh3w60uzZJ%4s6Ut2V>_;ueCu1TKqI+wOP zUI|GGtK;~iA$%h#G2$HyL&f*iW}ijxm_P1oTF@%7F4DO9tfgN(1LOO!sS_M;N|}B4 z-%z=?Kk&!Z70a9_^>KWWeXYgx#>eseb<;d1fyq*zgSDmId}kS&eQ;M=8-3#OQ)T5} zSG7GE&pqtZI^!p1R6Oz4CY=qbKg&}DZ-fN-etPJxwm5xy8M}q#lK9y=9_K2)Efu-Q zJ26J(T<_C;>~1XAe2>k0)$_{D_-u}ZMY@jGmW_uFY;f}TxxBGC++EeC==QXG?CO^` z>s?ao+;fy!X_s!^)kL=`ll(93{QX09V&wIAjVJ%S_K0~h$x=60@$>@e{!2Tfza~Vq zC{%@KuZWU3yzS8K*^;7XvZIq(%wz8wMlCILoKv@A(uvj}`xWbik50REOfG<#fkWZj zdXFo)QxL_nmnGkRUBjkw=FRbGk|#wk z{8;t8__Xjk!yX0$#`Ei|o~Kx>)oW~l#YcpJzRuEqY)@4nW` z&^*qU{nutrKFMst8~13n2#fls2)URQm&;aI`FnM+Qv?u+R&sMU;Cjec_S!5ldazC}$QC%7jc51#lw(7@(D z!~CeqiW|Hu*tZ%hD4w%lu^_s$X@9N%<-IzF@5=5iXPU0?e9q&gmWk6Gr%HF)u-aS@ zyHNLq;fY`?LvV`r1m+U?5}9DWudFI637$#Ib01TKYiNx$^BHlR6*+*ZzH|xWSOqbraKyKmSq~OJ*a(Y zai2!dz7SsJx%-Xge0}S8KyNBDm<}z+pYAQH(I%h zeSH-Ib7yoeJT7Swko9y~&l1DXW9%|vd#oypjP}f%A)9r_s@V0@j`PZLSLZB?Nk~4t zWJ_{UAD@NoYqxtx6j&3PuZvdc+L`9ATW)#6G|5_^UGlNr)cITVCoKLuXVb)vkFT^M zw%qLt&MS;kJ7!e2!oG85!j=#Vmn2(Xe`9&IRtu9u{~0v=maTPNKKI6_PUfC#J!bmi z(v`OSSv#|tb8c>b-RN%Nrj{e-!@xC{KPL3HwPl}!Pv6~DXT&f zza0bTSCwvHD5{#rv3lC+lgIPpzGzCGGgsX1BO};wQoL84qB1h!hXzSkE!PTU7F7FvuD5NDsemOy?r-0BxW+aejWI7mVNI&gZtf{YejPx z|6~)Ml)W@0=vA(ya@grdeXS-tE`4+7nP1X&%+-BujqgXX*+TuCKNRBD)n%r}@utTA zJMX#Z$6S-YSx+CkC^T|E{;=+`@1?~b?l9fD_i&!dtM%ta*938%jCSt(xc%twqZjLPMsh(CgXyF2D3?ojPFuhHwA=c5cKDU+v%=f{_+~%JIw^6G)zdF?Exf>i$fpVpdeY?^Gd`Js8+*WI#`X_vnI$hk3R%XIFeWo1(P`;Pnz zxK`4%{xLUEbGFY%lj%}f&D$&{%hZWJ|2A#b)~=nJ1u-e_S)K&< z2)~Nox~+Z7kEJ!`*-N+n*?9A=bMvzq{~21dnLT%Yi0@eQSD zpTu0X`z2wM538i4SgK~m_Recvnq?=oZClDmwr<-M9EQs7yBV%6Z?4JzaM<;u?cQab zE4@B%X8e4-_1T`k|E%@9bgx|x+~y$2?|9|%ALB>*+_$s0eZQX3`}^ogSIOX60X1iy z9KHN((fP$+D#PU-?R?F1ugdx3;)TDz|k~gsP>cacujv zuBeJ9*pGRma$m!h33JyRO;xCpyK?!$%dpM*(M*-h>I#Cf{fA`RkNgX|Gb6P$afh6h zoOaLl8S541`Ll$rZ{9lp&3j>2z2eV(_rByMJektBKWwwuubvL&pHn{hKMu+$VwrO! zo>}JVeu*{9KE#$y=G|E(bIrzFiSzJrbyM98*ZR^suP?a>HcBu&T79>-!`ZCj(c-PU zJ}ZP3PqO~9+sDz}GEO55hDc#wf_ z#`-0HvX`%0nD(KmQYN7``}zHjUApi3S8g$H@K`^0eP7n&jSn76_eL+?^ucXQUdf8k zxzXQ~Kd*QGPPpR); zUfVPOn6J=%qXgxTJNmx9-lx8`?V6?Fk5pxecedH5_Eb!}d`4bjTc!4oi^XS-<~e^T z^1k{p<=Sh-j8jryLs(8eU7zpu$-m92rz*YMX70nlA1v2bN1f_bta$R==J{Ut;O+Y5 zi!NTu*tA1YN%FvR(F+czF1*X1@_22rmCj_B117Zf=ZuddFDnXV1;&jH@?a&G~cZ4Rhnc z<6h6UnpQ|STdgxZ`DNME)6L~q4ySW|W;<8AQmJ^y1cyb>^mRS^C-_IL-`W@9ALOx4-?D9NcxMywTJ<(*R!fu;sy3osW@$$`A zlAkg&9L$co_9-m(;{-O=!fV?Prtoo_ z^6XZ(U9w_ZQ%+`FXY|m%>6&nKmDlRV^EU6+E&KM6)rx{_3vC=d5tqUqs`CZyvT)D z>KdEc=9m5U;6C_VwCdg~%@FH#ZdS=_Q)5nC%VTj~`DazFa)8j{=*M$!{JQcYQ7+>} z$n~6=D#k8mD{TZUM4dFf)Z~076kgt18Z~uCwpnk1rwoJjb#d*pBJEYV35F*YT6Yx| zUb*Ngl9G2;XHsQCo^^YG*4Cw$jh^|)8BVa?Meo!JmIZ~47rHX0 zJXw+=^L@#@;%B0hRT^Ig>V0ZG_@GpTH{+yelQ!#@pF3ZNzEhK)Da~9UvHYE)SFR=V z+Rz=jOHRDw{JNrQ@wQ1D?tJaFJZ^HsWztGDpPKti-Sni(PccY57WuIx`1HJaSLbV+ z?OS?;LBKg(Hp^w2ne&{y_g_{`@QResct3GgMM=gdHjY=dnM+r$&N|v}A-ILHr^IBn zme`TpEy)vHL+-GjpZrDS%f!tS7|#YQ&J<5hDq8j6^U=sACAW8b{*^|ZO`6=aL;cI@ zZ?Ct>@Bi-cXz`586Sk&oaut>{zS4E&;<8W29yc9dnz&}S-`nT2_9xZ~I7&WvkkGaI zMbQ=a;LKXX{24uh=d}Lzt^444;*NE5%%?lbq5*f=Ell&SylhCrN?1%{$9^)v7bK4&wlQDzBcqry05h@yJpaTh6?_yg7(6v8}Ed4G9(>fFx%>* zdv)?83tQH-n->-?*8V&9^mp4|AuBWFRi5`vExUFtoIUA7*4<^ZpP9M&+5h_LHeq4W z)V0$N?@#7wJe&FQm-7h&;pW%jZ`LT^5peT7#-X$|=Zp0Qo{bA%9&_b*v)s$@&e_cu znH8P(znky3b?wq0UXinl^%!J*b6)&X@s}{}<9r!?Au~H)B9vvB*4lM#^IlHOT*7PX zH07N2uWL)UO&4h}R93&WCHKwR6a}vt=eK6KF1)?+u5gM>ajeLr;?P-L7nY|k%(K_} zA~$s<-+caQ&U%u;mzMR3Z+WIXq1H9>_Ge}VN#%9gDZ6EaR*Iy_>P`z(iAnhUK5X%p z+r6hMUjMo}Iq%fbOHLx6j5Kd^t@E_qP@A>0#PaX5HA%M*?KhD9Y4YOD(}VNO?yx5Z zJ8aybymMt>^gCz8_`uhJrxP{rbVTpgi>(**i`G5jDYN5kbMUd&h{dMf(u4G^INRk#d=3Iur2uDTJ7A( zOG=Y^CK#R#EbpDIVV7VP>~f?*hVi&f=<0|^E303`?z(bh+A|&gwVn_9JH+c)uGU>z zUXpkC!YAl+ZKxOS8m}zGtbp?&GPicg^xtWABY; zt7E;hrt|5l-dnzyc|!KHCG%`$-bt-Hu(#mqoj>+J*7P!Eb{0QpRd|^Y!q-`csKTVMkCMZ$rsW#Fa4-B>B32a$Ln}2-|W-4^8We#=kwUlPAc@; zb)R)!%){C&DXWzszH?{&n8&E7l-yLRt&nv=fJ^mzPhHy2h_$@3Pgj9*V;J$0st zzc}b#ThMBeQvFAg`z~BQZ7fu)HM^qgf!C+wYSDMTtxNu0lsv7{u4!?ukM^WZr7I1; zz4CbJx8J6JS90^b=B4g>D_W&X?(|nZj}J?+wCP_PIzPnd^zI3^n&wGYBUa4%UUi!B zu+)lDd&5mB55in#t=>K1d4J;96?Hcjo)Aj7cs`eB@2+R2DOWb0V7I%<^J|5c67bfqkrC)j!Nz0-wG zlZ$L3O$&`2pDpf9{miXq`SPgmr}rAc?AJQZRVJQK4i%o19egBz-l3oVbD8?87-Rme zTz=DYLU*54*QM5|QvE#zmd_TOy;rbqbCCUgedfx)wilkJZ_1eSq3~7p6~ps7>`#<- z-7J}*r>w2?KbylfhD&#kRyP54!=kuN5`L3~;}B^7zN3 zMWPSdwM=y?zx)cE_-)Y~#w%BNmou0>_$PWZHe(^9Vzynah5D(FUtY%+Oi9^d8EUCk z_+5-=m7B${P|mkA{TLq1YuokuwS(x?a0b2|YqU=nEo~MkJXaX3GUKk<#7@=qDjF+N zIveh|TfWkEbKGL+s`4w;x;3eF#+<$i(dHY4H66oLVc# zUH({Y;h}~bHOaR&RZkZ?HQCKuW`*RM*E4QR z$BDz!c#lkdl6+}ZrSinfqHBwVw?v1Oe|a6MvQ0%GT;@vAMr+Zxk0rSbJYPpgneIyo zy78n)+wRm&_fzh+#nDnZal!2j&t+dm_DRe7^)GiW&AaGg^kOGN`Ks_0VN7P9EV8bA zC|jSn?A66PSsYPJOeY&puwPo2{jDne_S0OWdLuSV=N|cEvpSb^2z`pWBZgu8xn#CBo-a)TQ`e?RC+Ag6Rc70b#;MVT7Im(+pAMRh4J^iE8%tr>ho-=D@Unu1j73|^E zVpV3`n?2*2Nwqnz)IFZ%F=2XPrkQftg^RcJol&y(x6!}0?nRZ(BHz`*C9+|=x?`0N zl?8lX&}yl0-Fs=quh2u>(b`k)__4WqtvuE9SmdVn!~Pb%{5}3G(&l*+-K1Z~$G)29 z-dHDg$8^t1`I~EN3yixS*D=*-Udp*x<5;(FsY0$w$@g`WzqQ6H)Y#^7d0*wPR`9s; zan_^Np(p1Cc&VTJ^m!a?St|ua%IJTy(x4XJWd-bhXMn}KZ9P2&&xHj%h*}Mx?_7R zrP8w(R=oNo>a80(brA!T=L@apN9?)pzTCE<;)L1iX374E=WF9H?kQgL z;(CX2y%E#nGo5Wk#+P=Vm#;DTu&-DD+q`}W0mC~ha={Ez^ZU5pT#bv&}61fLZSbs_iGQD2TVQjN?YW9(A(sN7v8_sygoI)%+FYg<`zgX5fT%?X=S`R?rrcFDD8*^jI_p?7`56X6Ii-Pumw$#=i}3=V9V z;g_{-WoFg2OMj>TP3l?9_0&%G$0N;@2=#)U7U!zC-o49R-j;erXC3pg8#;S?Q%^;g zNq(6AC}q}?^AFbxtnB*6+aF*`s5z}hb{Z2+PE&5+VxE?Mn7Ei z(jWUDE%^bNw`OP>B}N#$cGueQ=;yTd{OZj7TDfOWH(uLND$7-&@;kKUtxWd`<%R2- zuAiDwIq~Gnd&|UDT4){MPYzD$>PidiePsEx`^~N;OLj<{6xBUYd&hqSBJkqd zFY{G%>2R}n8C7(b_4oX+3h^UW>RlyQui0p?Sh8B-v|9aA@A?mu9X}rVeD|fe_VQP+ zcK4_}Ot<+WxAn97A$j@i`+TJzCU_mYxwGPTvgw!YO*N$pDlXmAeyx3Xy7r0Z6Rv8_ z@|hR5&El@x^~eurKfm~=xFsdUI=bRmw)9ac)2&Z*b$3lZZXx=`_G^3FKCPG9iz{~B zRJ@`Tf9Jl!?;9_7?YVrko~JaP&nNdm&$$JUwO^h$o$K*ws(9^r?gsC~N)-zQzIk6) zv#ppeC{p%>&nPQjJX0w0uE$%>6E-~w*UeSVim7-SI38RxIn`w5>OzG{YP~aR4olcg zJzR0yaoUmY+r?AW-!+~sHGCDgYwjO|2ajfIN5v_2J=_;yapGl^fBu$bmT2x*jqi%efOk);^*|OIT==4cTRpYJvs0Fu6t9HeYWb({^?r4 zX;ZRBHr!pS#fXVL&Ti{fU)`-c4$FBwzPI@+Yh$0}0b6&|fHL-thwf$`y?7?WE^7Ic zDckMU3aa_0Uc3MDj-B{6$D_%ynMX8vmS69>8RB#5nDhb3=Je024IDQGZrorc?6-F_ zXOoe~w?|91-#DIK`gqos6W)P(y28mqBE0u|Q@sPv@*Z9TA8M|%~eUo!DR#ZBk`9fpVt=w0iWO~xq zRb4mF*ZZOuFY&@QD`Wkch|nbdz3C@%xq6kiY}?^E;bB{*>#7)KrW=pf7E6_P^r&p! zFUz^MTQ*I5iQvx#$rH~<#jM$`m!f-auIU!{Vlno`d{+Y>rTds$d|m7D&Rer7X2RY6 zto6ltjWZU@&7T`Mxv!PuVLzLj&59Sb*;;?LbgHBXPJOg>y~H|iIX0^>*L&Zm^pvvC z%KWalTB1D6&7*Vr@~ks^H}BLh*sf!by znZ7*lHS5B>fai^qYO^YX^E@O?W0ivo1m;XU$#7LL>H3UK+AbUU!gnlNyL__vyUCKT z!%c2msw7YRd9}OO)*=1woWN>c^<+bDwX%I>4Ti5Brn*P6c{~XT{`YcbxO{a_$qKtG zQ3;Z5RtaUV9eS(dtwMX1XK3Cr@~`u))%}oPd2vCEK|r(J)X({?2Xj zC9d;BA;+HY{yaQY<1mqBkI zw7&eaa?RrH>U)_zS}$uA9@A1~X?`0f$!FYW>=W{&)%I0Y+v0>Ezk09D`BFXa<-Phi zt`yvSaJ7S3^pw5iKP}HDpUrs==Pq|`(a!h|IN6! zBxTm>XXy)Vg7+L#=I-~3=9oGox$U^^D#@5W&vO;eKQ8&~SE)2pSuE!3GFz_8Ckz}O z^#9u%xP#62=D|nnyd>uAbyQKAwC~DnqgtQp-L*>|+fNPLu|0Vzhr4WcQ3fZgq}G&e zIg$Og)>mEUOch(kaxM9pix$U|l+so2rKcKtN*t7R&Gk=i)f1k0Vb)@mAO)RQBH#XI zoeS%knQ&*FP{ZB}XOVYQE+!+e+CTJ%<7&IfI`TQNtBn`a$e zEzA4De+SFYXbW5SDA9uwYKw(rYL?$>O=9zxYq+E^{i%zz`1+`>a$Z5#nEI%S0uR0l z*;QLFcd96gJm6X}(=2FzXU*m*>ax7WR;z4+Av^>nW_0owmr;c9vv%D|cI_gti zvep5i#Wq~mw2rH~7x!G578*Xy=JBPSxrII_&Te#0UuU`Q)z46+TOkIC(=1-bEZdzg zWH|9(K*qC;Q~1=r7+Jr|tK}{DXR^_}@Wc&!%@bctUsSE#<2za2ru~C^jsH~8_VPON0`|^b^{ZuM*92Dj|A2po)SH8*8rsq>; z-!GQDj;BqN*nKXjxFnt0`Q^kC-xbcn6T3v)?p4qC%MiL~RI#ihdV?}gL_*^MksBZ0 zZ%tvCzbCpOqf=1)%*5mD@0zd8+c=?T$wGzZlYcctJ3MX`J(l^vutb8l$?$z}<)-(q zjM%HX+yfqbwfMRDwZqpWgTn%0p} z&ul~JpDYi>zL2!Egpk6PMOCO*F^L1)XNhzSy3k7}HH=I~(7m+wp1 zpQ)tZYw$btm?OI2td7IR2cP(#djvf0D>Cl)iYQ9uIxw$Fmtm$!;qHw&JdeR%DP#NS>70@kv2p1FL%!L*$Z7zUPze zHDrFLE#~fd%PjFG8PSP7pH|zHRG)&_A7o-@Hi{X$UG%VSUf z%xqN9|5#u=`TpLV%qp$!+{Mhiy-n*hrkz=saqf7w*jI+aS(_6Vy=RT7%02mfZ^^Vc zne-#`A`~WmV!V8B+m`uETTds7FwfsRf30oHx}+C!5)%Gq3d+ax8lLU4*wT^6x@{7_ zL)b2Ee;#h@(9IJYElz4>hI%`D|BJy5G&s=p?w#jr~*dbFLJng7*UhsV9TU#HsZkzPukrY?V1C3PUhXw@SNT9^}MFFM;U7GrKtDKT+N;3RdZ)T6=RSJ_m(YPhqtCZiSiWC z-54aZTykadcD>dPxx=D10eW63e|aO@ZWr8Io*{QPvzV!qMa(VYUl?=W*EDPO-@O9Q zFVEV{yXfQA!mleY-QAvh{IR>ioA9=C&J+809~89-n-`t(gvq{b?d|A4N2Z;4XBf7y zN%zR)1ETYd#TDJOljRv|_7r7Z-MiUCa&q&1*;O8kVkWKP_2^ti!s}~Wo*9=+ zP6>!=C_7=5P#m_XccRzxr{|vsxiY%uG|n^1%1GwB9lhXhrrOarZvER)>MUKobpau5sO1lXrFwSxqPLb6e;Vx6Sm}E1+3T0rT2i&DcwO^C1dM}R z4)Wc3Zu`o;!GOX1u1wGx7kw@R&E?6{O4<*~9shf45`ThLiXJ1IseQj!4x__iyEk8y zS1ea@S#^MU$2{Jwxf73TL{zQ(^hsReZ78$W(O| zPIk8rOF7f=Fj7F9|MRS?AKv%Ycs}Iyh|So{dd!^h-loSVW2|$JGfh+9>N$65k=J@= z(Jfg!7Rg>ao}c?s{GYJ)dF#k+yoLLx9W#zzzry8%fUbkYJ4@4NVP{POI~DJ=6fGBB zzpUcguZvuF6l$Ay{=RzOSy(#CEz9rLT;DryzUh6tp!Z>CsPa1P{!4WhnV;^SU6AE) zSjq14r}9;Ds(%-ye#kjlxUNF#<(tmGPrjYro$+1dr0M;en;*S8zVbz#{gw^8WKPN) zPZp{csJ`yLtvgEUa(H?!|1p2=%nj?Nu82AIaQYRQu8rwy{^-uBT^M$uEoRQ!$Lpg$ z-WREGKYZb?+5BbMg7@6F|E)1%(w4gX;BtIS_iI@) zxw3>}4lank^Yi{)hQ^=a_K)g?erU&?zxgF4D7y8)0nw&g<==dpZp7WP`q(qo{@kXo z^1Mg>GrSaguVnFLTZQSiPGJd+S<`35bxmAzt*mg_yM1$C8^`_#FMZT&xct(W=M$`+ z81eB&f4JZNWpzvb53fBL+urXMSn>FS+HQUB+l~*fM(FHGWc-t77)UX*1W{yw@JSJ>Z6= z;>NQ+XIKx{9QbvO{moL-1wWK*EXzdh-Mq7ZX5(#jrd`%E{%p73%{1@a@n=7enys=_ z6bel!;5_bgCFn$;5u?rLqn4_nKa0Pr%{%-=wV)`=Y97B{tMtSY8R}1%+udBp;Zlomb`FuPpKS}eh$0@Pf-i&IMCs;1IStQPxc-iDzf@k9OD}h4B zCwFW(mbtj>@1^Y06baj^(2gcYgQ<=(eN(2rxV=F{YRiRvhqW0S47 z>)n^jW?N>@c((0UmuKL)tT!9q_N!moSfa@h#NA-{I;#4#-hl_dua%Ws2FENb+sYxZ zxp5B91E~-H8M-IjJ$3G$*Mzm7CRwg8zH(XP;+`3A<3c|s9ZbFSJS~3r?VYQe-TV7} zS1)e+ky~EN`()btR=4Nty}r)pI|Y=y6>>H&sP9F-AnP#_W&-P=#N^f&Mnk9U! zQhsSjxbwMV>U;Zyop<(KK6=5^`Yo>lv*=raMXbWno;w5#-^Vc*=a#bV6`yUuB_qK3 zd~Nl||j)Twfxm#3u)GhS@*K2~aY%COJ)$8~R(bqYuFmaF%CU+3+? zlOk*R{B^AC!k_Nb)fiSp&+GZ(`k%pIQpnLQ4R&p_E|ogfO}RR^r7`shtEH&my)!o@ zBp%P&tZ^dew#1)x?AKP@o0Och&duuTONkb(aO)jxtNdElUHJQB!9|mERp0LV`0h2F zJTaziue8je9Y5VI-^Xs-oUf$ldJ%8g+1F;XE-+u(=lALE&$xd(SFLYY zE+~9?{<$q%MbzACm$MXyIJL?epN|Tv>UE#dE2evJLi0<1het+d7At&Pa*#Pw=G}R} zE2|c!SjO-@kiWL**~D&H>CHYIaeHL=vco<0Oj0=5zrnQ2BR!#Iot1D{$2yGPWOCUjHIe7G#h2EITRSChH$DIISJMGT_p{jtSFSzcoHV&_hse3g2lsib3Z&{D|gQr&; zWgA~*i^s>?`CFg3!LQs^I{R4P(I*Pc7y7=Ir|$j2CZ5-^wr%93i-u+ zYpu!yw^bY}J;I^ulC!hhdxe>8WIkjn&UkmM`h!+iOHOx@O^^9z9>%WLZ*9ju&v(AG z%#-<3xa7Z5nUxw04bpq9UzjpUs_0HQdqU#TiZizlh6Nvd{qyR|ZKC=oY&V9ghe|K$ z{oJ=dE>qjM;;ta4cS7@pZ}L$SBN`&U*q#mV+4p$okK-&{6D3=!`7K`h-ekAdX^Yp{ z_Kx!jSBNy{r~5r6wyy*~EeJUB@vNPWr$T^r$YNJr9nVRp!ppB*a{1JLYwwEQQybZ3 zdakaH4w+dXlP+`N#^c>;7jB#``1n|buQ*zl>(GLnn8%ZNQ(lCbZ^}BIoY8a1V@K>_ zn{Vr5KAeAZ^6`6tjKx7+M{jIulaGqop0;8B?v2m-M4tM~l%BP^*-*Hhh0i!vZtZWo zKM9xLrFq!cn{>_f2=aIxI{$(DvFvEZmF8{B1m}ON3fs8kP0^KgQ@>~(tvapeVDX|p zs_Jg;y%*0fd=7c`A^b?K$<#fUma5DPIad33Rqxwx%NMU~586`E=T@$HG$g~*`0VV9$l7Y1k-D{}H93#*MfT*a=?YV4%qgDlwMoCnde6^B zC*H{X^~%#YZvw;ejjJ`+otECwmcPe<(e&8Cn)}*%2DZPhzF0paaY~=R&Ba>ZgmryW zOP6t+G+Oy2y>H8=_{DDPnwf2qc0R1}y!FHKRi@u!gV>!vYi%vpCU2bcUaZ6*e*KI9 z^U&uePxtnjX)71G%UqMn@|<+Yua>_mY~Rnw(Pn*|?|DjRS8uUqto`|)&ldd- zvPfl^WV>=w%(Tu9_P!~PPOO&hFL#Yms#Cdab9e1DiGvb$TaL|isor>AHcNjCTjKtS zZ+&-59@Ck-H1=qB`OA=ZDk`#jB|iI2tDmy!0YjD4dYy*!a)qM8fGUv%w%gZI5Hb?TOY_oVQ(&4Bwuj0{+ zZSTb28ZmD9B~^8dJI$y%;fi{3s-OsGIHU3TsI9q@?21NKg+AN29iFIGb!}?z!uu^j z?n$m{=Vpn#JJNK;UP96|A)@1sh~;B-=Cv6SFCTe)KeMO#vS{69=hU39DrGP4t(ucp zdZk~*=eKucN`R0V%e8I&4^OYRFW$-BH+5;^BD*`wIBh0I&(huPsoD7U$76|A86oL+ znr=I8We|zk#>QuT?dZH-mBO~EMg0C*`?>4qK*c=PVT! zfAbxF9o!nQU)`r{W$s0rO*V@sS^c`4u4pU9nl+VV}NU9zx& z1^a@p%hH~&__2(usB&f41OC~WYyLBAJtVSHMWE7DWY-eG#oAtm$26@ae}{@>b+@RT zIJvtoqwkej{NB%8&(l8I1T3x$61*+y=UY~}=(fxeCM_O0-FW9!JFbRGpDI@=S+RfH zqivIOdZ(T(ntw~YaQm-64=&FR>YXrC-E!qK#qhl60l)t4Qp~vho@=do#}q}j2WdO& z-wG{J@@{?|c{xjHu~|C%te9h>+P<=_=X>qWGDdjlRET!l_ijyka{9st>u{T2orRxI z7}>oP=`HvqKW7f(mC%E8wrcr#7aje!w6@+jt%&iBZ(fbQ_iNvTEva*37z(PwRc%i7 z_ujc)_~EqAuI>46*(YoFv1L8^Vp%X{sZLP(;)?cg!5iHXPgS?|dA^O<^g2;Qr|3)E z*4b-cv-mxfkq*1 zX)$p)qLM=aQm{Yuc@`tU6+~LcHQaVbbI~Y^Y2!zBRBH*SUubMx#-S(qs7@L z3%8hAJQn2(cX#FSow=@5q_;EtSgo(it@-LUjgf8-_Bj{0n!okgICuH&S?$W}Lci$U zd8PAdzMg}{*HylCw{J!{pADZBl6d~!Sx4<@GWL>-bRMmay|ZIi&yp?CpI>N1zdgNm zI*XiEmsjYgy}N&1P!BjdqbPI6vCaCP)yghT8_rd(+Ac24v4Q`!&u8Yg8+QuNvW7TM z_-XlU;__{io$D^Wmb+&A`+}T1%afF<%ThLGkB`e-_E34q>nQW?@Vq4DhyJp@;hECs z_54{9xJqU|HJf}qtEJV!smOXx=&@_YQ{8O#dETn}w&eZ|J&Pw-GCx0&xiVoDLulvY zhRn&5+m6fdo?F7_#+E6vORsp&_XR81^ZYV75}S>%uFUIv z?GqEu&9vQ=8K%bLJ>|>!Mi5o+MDM;_G~bYh&uiz|AYV0U6tE&xdhhjIK?>Y&pDa6 zl`q58zwY^TswnQYz5e62tB?NPTguH)c=Fkz9Zf-NUP@Rz*1EZVM@{X229{+X)}Fl` zTM->FNhIyueXq~&#p(|l*c2|lz2%<7)p_Z%-6``A?cHN8oceWf*}2Tr(&TN+Pks*& z=jriteA%@uF>orM;rqCQkL_=)e*B-IJ<3sU+TFTeF2yk}_c!++oh!3@wxx>tdv@oz zxiaUO;~!2uZ^K$qVp;LX)w0iVV%JK_;Oe57Z;OM`CD_BESsFF;jvCW@qu{M zjn6gqJia>989e(0lV68TiuFyJed)N#FSeP&RwmV*GIPRecImF&X&1#j@tAAgy}0u_ z=XAFmPnF4Imt4i4UR^qEn$e7hu3>WzPko!Lp|VkSf?MI8m8-+Tw)fc_&3U|H^|oDQ z)AP>kn)_KZu~jC~ljjNO%2ug+%ZIu+Cvwqvo_(p4H}eNl>rGQYxV?@d=oauS|+ zPJ4T^e{{z^-I)h}-(4*od->^R9jDxXZadT?k44XGwF;b*Q?P4WOPS4z8IPA1Zx^$4 z6H0l!a^3B~nX+De)un5^yG2uzr9K?Kw7cNOZe5?Ogy}AY-!G&Yas9QMdj3^GLp$@{ za;s_m3Qk@!j7N*DmbP){`h2|pdA*ltvhk@S!G&R#-Z!@KH1-$X+PqF+S{m>5{^!x# zzjcUqDttVfa!08(<>nmuy)F|E&75eH>dm*HNNe$l75pQly5Qj4gS$d?+2;1V)SdZ5!**kUZQsYK z3KQQ(9W%J;cW=wVd_gC^+82Uzd1uB+Z#>Vm_E?jiZRJ^?kF6|uHX(6oR~6)%*E+i% z*e?3)>aF7vGE%}(8qZUne_XS3-M6MWzr$*NwQ(vu?mBzw*!2r<)|k5PO52`kF2>9f zZv4o@FRk<7p^XRMRb8oyTlHG$4m&eTiRte38Q;aNa;nbmslIsNj(gU*AfHQ8%PQxd zGQU;ec&p-U&dX`9l)28HeCc<^WNBXjPyNx8%Wr8PpWBdF@obUGUK4!<=dJ7td=944 z&)h6d92c3end8hIz5>3Y|-jtSm*As zb&}^blkREnU&iwFwOtB3Ez>u{H2lH}Yq^GBUv{;4iEapgUmPJdZ+YJ2U2IR=P37j6 z8mcHK+xDiuN?f=%ZMMxk-o(>oS}embZ9%Tbr>I*}pk)y}Wjqc&}tn8A%4 z1$U{YgM}Bur~N71zvsG*_pS$`Tetpa2w;5wI&Nc5(7j`or`{Fq4hV1l6Y-I4^@{AZ zOWg%rIycmw-&=V;a;~?>jJK;i^YgwNHmNwaDtyY8_Mab8-KlrG@Lr`}Rv^#5y3@U` zg?)j(QJZ&em=?b|`rYxk>`jJS{7OF>MX-q7ocl&9%+~3$-a3=sAoI(m_FSjAEDp@j zcMf_Lr?%zd10_?rG~=_yR@;xsCi+j-3EcFUA@`{DwzFF@7Cw@1JgHV2?6A(wy$ga~PGgBxIla>-M>2vh`-QCg;a_>XMOwdT+&v!7 zymDRE;{&&Bir?(mFiDj6vr*Uj%vv6iC{r83N7ns98QM$l*?sRUSh{PX|75p}Ct69j z7+-oXtT2*QdTGjQ^mS(aF4ofb4_9to&Aj5KqQ1n>i&?x0MboYsMy{ABGVNUWt+l&P zZS3S}nD`cxxidHKoUiY) zw56@R8@Jps$vOUBs<>$Bb&-EBLRIaXiWJf*~Rx%TXj3ohkMv&i#l`KrD& z<+YvitoS?Ux;!NAXfdwioZ=!;WU$lz`K8V8RkNpS8Zo>o+*u`c^v2aKCubb4*cVj1 zdue9owdqndiae>!a(-1|W&O+UsvelK{BB}T`RnK-R))qU=hbbsa?&LuJ97)oCKl+6 zm4(WNnD4C;KOEn?^y`g3){jJw?mfsUa(DXcxYF|FDj$D-`#jD5uF}fmtXIl28}7wD zJoQ!P!h)G~m%Zgf59bOu>#o*bT^@Dn%9q30n)|i}?MR4Nu`c=H`hL9}*L}Tp+(%xq z1Z{l&alL0qTf`|(K4(79_c5RSbgs?L*!<96fKw;*R)N3Y-t1+U*S~%5Kkd?kd2M@6 zM_ktbGA;Y8lAq|N;LmIIxhgJcK0bSyWu^zK@s(@Vv(09{oN#+hNA5Ctw>9}9KZ4$_ z{dYB+YoC2**7Np1fy=Wd&dB2oTFkgP%70D7O)rz*Ckxj1uB(#UDzla|qd>}UsY=mo z?`?_`H#n|U?^2gOUHT&1|HwR%joHigZjsP2-f8{&TKGiWC2nRak5`&pzOY-Z>s?Cc zsgv?AukEbwsOKwLFZFWWg~t4n<(g_%vtB)&CEa4MdxAg1udvW3)1|U!EU#Hzdnrq- z<&(VqkI9Gc>3s;f7q&Gej%TXp-@6>ii*LvmdOyIZG z*4*@D%Cz>-kNgMAW=%P|w1=lW^vU%}KUN>~U3}shi_UVJ#(3Aehx6BEHa)t-c4v=Z zT=?T!vETl)9JQwTEw+6<_pU9^!|EF!t7oKcx4s#zw!nPT3dOcs&-d4M>6ZKVexGrr ziO=I~vH7)4PEVa>xNh-1IcefpZsg;&@x*bj6MHWw8Ko%5du@x|p2GazPivB9+28Dp z7c=KgGdSDR@pR(GuOb_@mETWDXYY}^IE_`S^6|!1ry3&`#{9k-YpfS7#kt~e>9RS^ z&(w==gr)3i-qQNC@c7oKt)ZW078q3={Ice6)Pds0&Bw&)(a*811%Y5u2Gj>@ZM zbv-(ornjWQJ?r?zubMhrb#}^>eqXomvzPfb`P_}cy^B>sRW7Stx7ht+YDn+S=M7qW z$}Vo?nIrRMZEe^YkJ#`PZ@UhQ^UCa5XHeLGY+JNowy{&Trcb;H`@~NhMCTVLDjB++ zW6yeFvU+1B|CGHy4%%vE&()KZFuvX7_=^8p_YKK2x{GyET`DDBhm=;AZ{GenxkmW7 z>D9Xt$8+=E3ConOi;v?}-F)QJoRlJVzb%j6oydA|U{*=S3`^Bj`=^}!WLy|zV14pu z;p?vAT5Ze;B`Zm9r`dNli9NP7 z*;e+b_EKZ>#B&;b=Y0Miy7Mn|?Xn1?Wl^?^Z4JX~c`ofN_uAAa?Qd*b6|8^alh>xc zISF4^Z*0>2#(1G@&EL2f4Z(H(Ufw~!WZtbfDv|dtg7qM)n^eC z_uM#ml9_#5^>zD_*mp}c%0v(Ra)AABcA z-Eoq1{LEKQw*C!dtAQ$K936@6M+Zf)$b9#Ie0<6aM@tg9{vv#Qk!FFS0`d}$Z2 zRqfhi+4DAJT&;`que!Q)|O~wZZaEVVF?hW{H=CzNe}t`ujPRC&~-mCIw%fw^6ilG)Y&d=5>^^AI(?{6>BL zxfN%Nn;UK}+j^r=$f=;>!PhmvUj{I@t<2NwIB}<*>)g)Cb#?iNws<@4?fP`ea@CvD zef(7=El(b<+P$yH_^ibu9UjM%%3b-=JM5<_D$JYmqmzFd!O`vFGg+7rlQ5m*P1h=_hmj|;^VJ!SRkh%abI`iB#UKl6`oXGS&(OO+}V9v zVNdDG435SAvn!GtUk4vsP<)K@&&%WGXgO)PHD z+amLc|7mz()Pu-2w~9w|xQoww^}MrWxx~&rNBC`kZzuDU342%0d@$KZ@6?&He_QT8 zPn3M^_m=PQj)aO|p98mDsEf*+{?zuRn1j1*HJ6L&f|J3PNrhimom;iaGcW7R*-wA| zGfaOTnySEiYNygVzT-NNLg(4O3f#b&7IS2WR&=Y~)TP$%ljlu!deKnl`l{aQVouS? zh|@EUII3I78s6KS7Z%BPZ_ej=hqmguMSQTATJ!CA;q$d2ku6(|(mN*z%Io+#tav!{ z%);6Gw7nkbE}6UcKZDj{6^@3c0{`H!q^oVm6;Iwd+<4wr>xl5Fh!Y*=B}%Jid}9(d zu-j_8$^O2??YBQJSmb5i5}nPu!T9>E^|uZRxqlKWsJfQBF4V0`@Ml<$Fr)lwgX8}h z)-7DT>X+~;(Q|BedtctK5zRQ6cqb$->8+m1`?Gup8Rw=XEGQ0|wk-La&A#7_??ct5 zJ_HJs0UM<^xEWYYyw|eErK@4sz)pC>f|ib4?MWmGnq~2 z$-Jth6|u_ldlu*WOnHOIW4Cu6Srp!9IPvsSL8x$+qCYk*!JV>2Ru^;yoHvHve0;|${n8YH&hH!CbAmMF zoIk&ucvj(rwC4iv6BB(BWM37z=Y8cn^Zn1uQ|5D*_HWA!;d!`1#%;oaKkIK_nlHg* zR;*^=aLnq`R3RBnp4!4o&GQ zQ~qp?x-9{0p0>4`XSb{8Rq^riD;7^>;N5Xx*?Jp;+wUE?rL5;q_56C&{`5`x87;pw znfIz_v>6=>-XT}`(qCC@VR_NoruOZ7nG}QG-8Z+7VmPSUc`WmFqhx^5k&i+76%X%N z&9e;r6(BA6?~UQ%X|g+xDoRK@Fz?m-##P1h^{7(MdWJa{OgF4M^S7!eDEDUv%j7Sw zGCv;HGW*{0_N8BEq-aW*^x@)JEG`@8Oi5AfUvbo1c1`C@Ih}PD>_4xz9=!W}+uy@Y zS;v1_xF#0J%;DE`*Z$9NZGryMj*|j)T=G|-1p+$f6qAi)oyBLBxm()$*Qo9OJ0lnrb3@26$%mu zWNTNe>vDDSNY(f}dBe2SJ85UUwnF*aut}`iJJ@Ws0`nD}l$q~Lj=cA5+D>1E;O5PC zdoJ&pDzA91`q7#-JU8PG?^v$7UY%vq-W6H~TD8-wQVe6tk9vM9?rr>Jb#=v}Q@IJg z_9uLIYB?Tfn^Zkz@r|`29B0ZlBw1Boy`915fAVM9(ykk|FQ(7hp2@u^@%qOvE42)T ztjhvCeZCwQO|rH)^e({h`|{(GpUyEVByi0XtXfs;xT^2K10(H1iMz*bTYWZYoVUDV zanw_$uzy#9zuJ9+1ZU6!u7Tq~toRHrarc(lglc!I}{uO|N)6eA{XZ^%5E!xkCx zc;`_b&oY_b#w~)E=V^He2yx9T4^Hab$yN9&tGdGJopKq2gvqrQ6TgX5<;`FE^(B-Q8DP{2FT7pW7M-zpK{`oFl-WmF73C<;=N@Y#ArM zpLIDJ;Gm1gmvHBKjL4P#F!vWUifyz1*MeJWTkTkrm^t821O=>&$QPkr&9 zfqkDwmdeXr_U&5*R~*@y(yV4#yE*jvB|D1>_HZ+)>usjml2_Oqjm-F8#{1L=|6N{F z`9bPYVd8_i#!=hnHYW$RY*v)L+Q=dkzB=YV!$FsSygznvy#3FRA%C;(+A9`|?9*&Y z5eMH{ocxuxH%3iq%08vksKE52+vZEx1TVc+X{Uebn}J27TFcw~4=eKOG&AfJx2P3< zi)60-l0V@;Lu>8k?8o&#RLzgA_S|E+=2lz=S6#*OeeIdSFXzm;Y90SW?fIM5kL>5R zeds^#tM%MxPwC)XZ^R)KFhyNy43QIc)8ugxtlCvW*oP9Qsm1u=iV{Bva0ESJU>=c&w#w(astHs}Nz?-W|dxjtWle5vh^0&0H~GXI114@2O6F z(hA?troQqxDfuaS#p_v@r>j;lJSbUn`XJB2Nuk;=+#kDkJli;VU&0xg!Z|!4*UnB0 z+`ixB>9#JlpDA~YkG+~E;TE!5KhE}Lq=KKXSkAx1X(x|H1xYDOo6CLexY<#$)$(yms<>;`KcHgM09#%yl*<8yjU#pOy~{__6O;wr%WV?H%cDq7y${4vu9% zCU)+~Bj+vi*Nfh$@!Voo)%N6c!r%AF;n{{Y73Fp9mdkuKrmrtBjQ+T4#=nmzU&q{? z@*uX8@f^R`i^R!iI!uo_ym3u8U3qAWPwK0~Pv(5`e6*uq`i5&|)@zmQEzJA-e9JcP zT5)fQxvloRYj2Zh7tBd1jS0yq4(pl{`FZW9*oy2U`Z^CDRsM5ucU|xKL2j++>0<@Q zxlf3mu8G~Uy+3mMjwGf|t|!&krXOC}y7bi=9iRN~o?ll*9qHlq^StpbR_c-b=GIWn zK5h46QSBYY2TeN{d6?xDPtcC#njjhR;M+5~&MDLeJd%hoE5vJrAbZ7GXtR;nyE`RftGk+xU<^S-{B$FswG zJ$IBp^E5e+({j)DEItw>J-z;JPx>VGs4w!ZQftEJi9{E8&A79I$BL`Sd%82v%B|M2 z+xm-`-z52OSl91APgCGwfy3ALG0SFZ&D`8LKkCJsi6<<-%4)NGwe7rj^uuRSg`UaR zMU`aw=gdiO_Svq(c2#!Qm97&Uf#+qoHqX;KoXW-Kcz$c>&Hy&|)6Lh`wZ@*|vnpLx zo>(|(>E8A%w~rT2?eFtsjQJ{I_w~%{ve$Ainrn{ySuT3bSI*I}`SRX`tZV0<&dU4y zG5Y9g=I(U)%5?2XYr+-E)^tA7@{1_A6YjXWX_ImE1daoy9Y;K(iWpNX`PuH|9Qmx%(-#5CvIjb+b+TH)7$UaAd2Bz=FtDepCpKY|B zt8%qjx#z!SI*nb~$(oL4r2_Xm#VZqc%$eM`wMfiq;f3P)QP0=B=iu73?dkidvd_FX zK6^6H;}v(yl3BBJb%x<q!}zEi2-yx}-BNEcQlUwwit-bzkBQ8?>J)qGiQ>8H(4Fa- zA*&uYpVOMnB+lsP_@6;atZmM&42MZ4WEZoP9yitDu@I6Aw_YXA)!MCi>Jx{puZ~=V z&j#y`mtn~p%glXuH_97;j)F{$f7!KOxMpdf#jh``4URmU?a>I_QGNZ)d{!I5)Y2u}JN3OQ*EqW@@B8|q=(yE^PM-Gl>$9#+ z$twz3X(gER&F$mf)y9A4Rs3hDzOJFQrA~9AQnsg*T9~a_U-s$T{Piv!^D?cgpKZ}C zUEQeNeqN@@x1{K%jK9RwoiEI-wlx+D?U^OIWVZhqpJcVorEkR_&hLuU{d%4`%0%Mn zG{Z^R(>GmzCbp^bMzT$HXvfx>cE=`F&h?jHtKDU)tn#j>U*O;I{|t;a$;Ia1B&K`M z+{v?cD*KJ_S+C?SL)6-~$Nqe5}&B?6O*}i?- zv|HS5jQy%vS3Pz4w06j-rmwp4V}1Cgn(POW_YNP~rSmbT$mT)I%Hw-ovmbd^zbjvH z%fRt%e9kNNgZq>&+Z|tBQFQB#IbUkO#d_@@?Z0Jf^gc%a-F(n$$*kBrM1LmkNGpcw<=nLc z$MI;b-7{W`*%x0)oIYys)4!@JOMA=ebe5D^hquf!iWKwtn{`I-lcJMb*5hoJm}N25 z4QHF4yn8t-;M0nOCoLYWT(V@JY-Jp~snXdA-ZG3=uAFk)va)}YvxLgY^OsideazFA z^Q-Xd(n*o2EN(N|`?6HJvx{#ON8WkgB6UNy!{UxXt(L)YYlpWNq$V8jdOvwt#ZjGt z=X#5`vn^cfo3x}|X~I(J3GAY2x9*(aXaBJLb|fbQYqUz~+FET7qfd@12|Zj>`fi0R zRhlDJZ2xQHDv6pKKU*^*US2$D$--cG%wB4HZq}v*#>;y%US2CSJiP4Q&7+}aT33Z#bM4(U zZZZhYTeQno?bIPvz779A)PH@&UG1rRoy)vRFnlc+6ZaFDf29jgau)5Lmavs&1H(Vr zR~d;K?d8F5gQDCRg;w(<%*zUh3enrsV0<)Nv}k$kgc*y&1$U_17HD4E;4UmMdH#{$ zf4@?gciXy}Sg}2kc|7Z;N*~u$nQo1vbvYm3di~~%G&0Is6?e4FGd?43tK`1z3LW!p zKF->@$a2mXUF*a~_Lm-d0#B_QBg3U;cWzQS5O{B8R-B%gg@$-BSImp^x0d9_yyDC~ zdhvj)<(ij&99Hf=J^86DxJ@?w5WXUxyS z@BfsqO*Kt6u(!MTHs(^ih9y^B-pf@szg@qe}>E!-hIxK5B$24 z9>ipO^pkJO@ycgz-ly!A&3*Pv_vd+2uD8+}TQWRXTBld{-B_WzW8(a03Xhj*%{Jc7 zVR6(yTkhL|FK>Od4K41>lKAuZRH@QBwYkd7Jkk*lK?%wX;y_$t0_A z{g3=dCuUVm*myawaeGJNiFcLDp5(jDDfm!Sz1i${?DX?#Whau4+edYl26Q;uOgx$z z6T?uh{7&JE-IN>8k|)J4&pPFCn?K6qV)mu`70=77deiUkWUzdbwSDehyZ3fiE*70y z(tbQo+jwi}z9-9yn-;G%@i;JXkNonib?0t-I$0HDiaDJ;@kZ0+bZfL2&!&Wp`D+c% z)Eco@rAwT!v}?GO$34aJob{EPo9lD6xl+?#-udit=L4^$_}t}^D^d>4-M#a*i^ua_ zJ62CSZ{O;wtRXWi&akzvsyJ}hq#Mc>tG%A(vVo!%xSsqt5Pg=g*ziPJF(!#z4de7{qx*hGX zi~5(m)~}=CZR&ZEHv1_n+2^&Ct%~BF_GZn*x$h2sGSKqae|1CLey>^9$@>|Y`}4lq zl=(k8 zpZ&ux%MUL*^#|n?1%WY!1fVe^qaFb^C`!$CzVfkCaBOI4FHc&i&$a!HCz% zr+1t&)~~wyVe5|VliytSf2P&PVOoD|AIo&Fy^~6Mrl>zn6>VL5%H((RcAI(GKYy(g z4ZZPiXWR0i>zkdHx@-TtYWPfe-QQ+=ul1te=kr}xc=z6C+P%LDy2-z;KHTtbTF;ev z-qzM%GxF9Z7rr>9-TQHW!ykLqDTi(!4lr3`Ame25{blrotg5L?4@N(IWnsHI`|z6S zYfX>d$_tp2wzo?6aMDiUsCoPgYqYwotvggU#{T}UY1n7)^>&Zd=9jnBzg4}wU~;iX z@5h0&C715sJX)-M`@rhY4?bSod0zU(^jUMVS7l5;CN5u-E_(g#?7I^lilqE!IFwma zDt5v2Ef=%&$1^p_v(8?&QU0(y?0U)to9u_Tg=K#J)_KeI{q3C4-S^w#EIzV!-MN|7 z^_lhYyzHir`w#nf|C3=4+Sioc%jc};r(IRL@Xph@W=}U>@%}LTVSGc4$G58fhBxbV z)1FE4C~n}*J^Wku-}!ifwYQ@ExtxXN_pI8navxj#i+kD^>o@PooLDx;<4@h8_LD__}YaXtu9Bz+gzrO#W9)Iw~9;ZonGg+c`KAgxFK7VPx{vToG z2eNNBOgppU#EFOXhxW}l)?U6$W8XB>$@z+_)=gjX^3xd?bMNhcr>(bIW-j{Yc#Ouy zr+fS7z`9y`^dA%|ZO3q~e6a8Ylt~ohx zk?V}dGEXk9s+jEb;q2u5uf#oN3iTrAHmvj7*=MNV+peqn&7bq5{vTofZ`B`VJ9};H zrmYEQoTU1nf$Qh*$NT>XEk7j3aVgK#pZ~|BbLUi?j(8pPullBcOZy*};i3xNw2OPB zt@fN?obslHUPw;=}ySjJ{_j-XC)3>+GXZY(J zUmvw8WcjnBFL_|G68b!p>=N2{MM zeo@VJXTzoB{;6?xQ}$mks{xjUDKWt}x`N_3^;@KBnt@R$}{b$frzqBvl$Kns?kH>Rw zb-(y0bJ1x*zR;9Z>*)KYZ!a8kTGsR7qh!sZ^}=UO6HXj$e0y)>+~YGsd-GlwzPr2Q zpTaek4wj`G&u6{(VsmX)S?X!SNqoh}O&8|b7f#LFH}|#G;b-ShU+&9JJ9b0(N6GQ1 zr7I@wj8)R%KY444mfP|w9=SQ!rr*4u`Gt9J_$1i{lZ@Y42XAZMI9>CWkySd|%2=<( zWdaXEZ{Ikn`!Ib)l0b^1V)lr+q26(wF=Z^xSb@b@Y@|^8z>h$)UFY|ll z1b1xq40$b9_T;F9y~&Jk>lJr(y^{XjtM%*VgPmK8WiFmrBH(_ltNfMK%9sT#Eplwe zcS0r{-Pu;veAGkf;Gqr6qg~pZqHXw^wi!KpXO_Im2d%a(UvX4)Z?n8%1B;$(ZRm&YgCBmVA1b`H zCrd4rEqME^&-+>LM!VNPJ)E_w%Yi|+s=j@zq~3$-nT}k`CDwUejkaD9>?!?g+uGEn zFFxJ9>$9R`>5R!=*Uzd`s&TobU%KdE%_qy&qbY#S0X78NPMWpLObxf8HvIjsstn=BBUm&XTiG(>TJ{)+rXr_C-PQ zmDuXjGOhI`)sM@x-l=>wH|ZDuvEFA+Oy;k}4D4qlp2#2C?W_LC|630ezd+>TNo=v= zE7xmO?^Fn4*>CjKa^;tPG4HI0$)}eUHd&q(2}W(`-sVygqEFzrFkDKhZsbnhdA8=6yZ-T264@BQ}0+&d|Crrmb(jSJZvj*1A%x zVa|;2rE7m@s9o#GPK$V!V7PnXnk%=>HredsmC}}syB^~9bAwgLt$*{gmqc`Xhn*;# zjp2C~Tjo+HM zW#p>Dy%%Nt@_oA@J@&Xo@T{ZzF1|GhKl*`T{v*@P4|=`b&AXY-UT~M*o_i&CdC#6TM;a`SD_qKH>)LQS zJy-AUn**OXOcy3rFZJXQJZ5v?@A0g&5rQ45&Gue3f>Y+qZS|}8736ogYqzy_^zQ1_ zi84hknkN)K@s`{3)~V}$J@g|xazf>fBS!NdeOs@(W#_EBJ?$!T>`P;(Rd-9@D1B?^ zypzFFZtrW&$hn14^3I}7p@rJb6EAc<-&)VN{MP<0I+v4IKF)XcevmJI_))H=%8W(@ z2mY07SDy~=ySi@5Q-&v8r%s%EbMlgn_lnHVlcn-Xf1hx_x9<31IrYmm$;m3*8j(rA zKkN^+yLxi#-X#;(z6sJ6Ja^}_H;X3kjVoUsJ~?~r@1DF>g??%q%dBgSkFfisZ`@zJ z-NLD={AIY_+N8a)A5Iw@R=94x@RiuEBl_v97*zj>+3mUF|A_lNw^wfdVqL}@sx>Lx4AF3;N(l2j!3f| zll}Ki+kM65jIZn4?u)N8`7o<)m1oZb=9jVcM`UeHYZXnsS#|nm&se{-Lbh+kH(_nh zxeK1{?S5E(B-cLb^8SZ%`zJc49I0L{e&b@~tIBEXQ!d=GOnrZ)>$$0|spPz{oP^?+ zadSTwJ52Z8ovGNIWbiYBk3Z^j_DYt8kL&jGYHSxgspwbsu|J~eON z)b-^8(o^(Rk~VD3H@flu*j4q$Sb?cuEbh3UR7hobd|i~=?S{JL`_Q-VgVLVG9!m4m(yE3bDp#3-P`dxRM2#>rF6T1 zPin{K_p$2_zZY@)u(kK?fx`_3?p}{fXHJOOlChw8o>s2t(;&5N6PV}pgq^KkW;ktm z;A0M{>w$Kja?$#UF;m|tY|JTr|Kob@+B@E>UJ9PO@W>@Va^tm~wQeHPiz^>(QGoA2%y+tG*um@aN(thPXJ7x1qLzhT*bn zZisHG+_Q0WZsoVF+dSnAPaI!g_0@X9`uwNcxU9a2K95tsH1Aqvph)c-Ay!xOmBQ|- z%0IoEkNLAr)9hMl$x_9&wnW0?W5POq%g1|FCwUb`HZpF=UT|QV$FxXuvBxH>^B7gb zw^z;M5Lti5$nmjgnsvgdA|r+cLObW=ax<0H+$meRU~6r|v8HwI3`v#8WnW!gyG=ZU zp-Mg~<}O#D_N~>2_H0ngJHv&_DU4^H}}RNT(`Ji+3qZ}GAjY$pyV{Q9WOG(hOz|mTP1q4hv{DM9U;xIkwy|?xeElG?AW3k5wLv&aAWZIeNcI>+aJliMQ7? zZ%y$xJp88kdh^d~D-LBl>j!V;dwZ_PpvWrBWt;VK!5+rllkZ%+v&LJzc;fqe3qJ)t zs$JYyIQ4PY)`gSY&L5o1r18gZx_HmpZM7#~xz@Tb+M^|MWCydv@v5KmALjNPKH91G z_Lcn8Zf$}GI&BFbb3s+#vPsU@j{aEovp{Z{r~6%-Yc<89k3X+`ShKF;`NCD3j59Y~ zI^}qtA;kF3Tb2~AywAzsI_V#^Sx$vr>lenm7cKtwo2S-$%3Nd&=XIt z&SYBWzWv7)RYu9PK`DYtUzKg7riOZ)I4-+#x5JCf5Fx{tS1vQ&IH4e4muc2u8Gl@4 z^@OUjXA>Swd%T^kL85@ob14WH$fxY5t{Wm6I} zLvet&b;7p7Su5V9sx&2Ux9)S(n$p^!ZlO^4>&oOia(?f&20cp+ICs3?FGpR1Azy)=cWM@$YWc!8?YrQ{gx#I5 zvNY7nSv+Pu-)n4f>)F&b7uKIqRqqM?UAbtY*{;XR%b!PVSofb{V*J9FQPU<)ap30p zzM^_ov3TxHkA#bl)t^3F*82R@EK9?l#EMlLHA_xygD7uSr%t9!f;%JMpDO!Z_}zZ2wl;3DslR>#=opVqu?idS8#P`>(m;G#B- z!ijUjN{>B{-4}l4!p-vn`Y5wzi>b}c+j%G#_ zvH!TLD_Jn{@qY#}o#&J8te>JH?I|hC@AYwQ)SV^&Je>IM743L_X}%;z}X_1?_)Hg2D1X{;tXar1f8tG;(dZcY-<{OML(?C{*Cba}3pSDW>b; zM~uF$*34?;yX1I|ec{Rn(}WFrT<#VWRCRT!geeyH2Z!aJ@i`XK!L)Z*TBD(w*lwE> zQ<(f5-ncs53yVIjdtEDf{bRr0$J{d$Wr}vl)~+(olz8&h)@};(MUI%~>XUEJnkZo< zHsSLH{-}=R?aBT>l@hmZFIWE+Abw@id97!v4v{+~SNu8NdyeB=#p8v`D=(SM%c*3k z7kJ$z7G^kcONz|9<0h;fhfekw9>3P3wVr+6m!D#u0^Z7hj&I+ppm$%-F4S&shESQn z=L^Xq4U;dg-)o~%Jwro_;iu!XR-c_lf{oWjco=^6-JdP%X87Ymnx(qrSM{}~;l=W^ zCEsOUP%`sO{Pd~#UL&`R&nwYn%RHkBme2lY>>>i$q$N~@|7MEzJ@sgO@PReLWsAWU z!=3jPCCiVAq%UPS^*UW+!jg#(@{T#KT=QUiNyT&b<1;^PJZCqh>w}VLPJ$fAtNX21 z0)7(O8gKj``*IYt{IqsiDsH_YzURruv&zo?zzq!Pr z>hQ3EJ$drU_gzcYu#{!y9eps>BfuiT_-s~Yl<(e$JR25HS-~Z0xLyAF-pq>X!$$YL znogOsx^YeYzTV}-_ePT&x)Da8e}u(@M+ZqWa0+qF0^LwZFGZEa};hv%uotmfa~n zP5XT=FAh7d-1E81+d*E2b;^W4-_CkW@SJ1Ks%*XU(S+hjZ0tFgA2a6_pZ~m2H{wdS!2>;x@4v2`SiL3h@w}`(8b>$q@6)=Y z==5;s7nPD_)^`Lsf3`mia(g5H{N<&lmGccfPrP7U8p>1m&N%ptwa|eT&iXZ9R?ZaA zJTJo-cz_|dYky4FMmf&hQ&tH{Go=MqF&NG>ytcHp;HZ>iPl0C5hEpMPieLH(9G7>9 z_;p!z;fI9^B98s>=a#kd`TaY-V#RdDvbL8uf)_I;CwQKG=^v8j6&8DBL!4E>OlBRn z+CnGg8J~*Zp0&|bW++)+%bLsXE)hJbcwS4$MjdAz6=n5VNmCh~d^sSoT=`9s@uy#p zmUyXbTwQQlkK^_GV27O(R?qn*9C&nlW?KGi8|EPWJ2^ciM_K$hst#Pp8zslHc3a9g-ce^jSI^qCIfb5d*G_9aiAP@UAw8N9W5?R{-Ezs4-P?EJT5f4}ZL;u=1kd2)1=+gi50Sr@Z}+g;^P@krMi~q3G6SePK{$1>tQ+yzxVx9F7vv8@hg{Hk{ zPAeaJ>aDK0)22C2@uT=RW%?kV(`iK~2Hwd`5SPov7m zrs_w0Kb`D4SL7hEs$Bh??p`*l($(IYEN!nZFAbYr(tPUc`+%E<<(e%P3ak&lzYlik zidgn0_n=IGkj4FXO@)o#Tu*Oy94=v+dNwyDx^dI&yRS-kpT2Wv^?VZQ(e-4`oMiT{ zX-2!HPfX`x4R?C`5!cKasXR`AbS(q!GIeNy7( zWevT^$hwbgd)=LP?YLGa}jTV@U*kmQpSrr=V#BU5+v-Ex4bF>Qtv%Z_FMIh` z1?LUx9ph>r{BGnq;rP0*_}cCjdMO%qiT#iMW{cIjnxB=PfS$n7U-JbA;wJTQ1t~0)Edh*B9Y0=`*En(K4hwDsq&#XRVwCp_R72Wk~Z{B+) z{8^4+-TjBWPba@HcAFU~6hA}isZG?oJ}zOoh!1`htN$}Fu2SU9QIch zaUM{b@lLYL=<{1&9*0|pdp^#}*s-k5SL&V4+Al{_vJH0~IQW>gzPsz@G>gLzEFV;b z#Vyc#Qr=}yu=@H|lXD&GOCD@JA$-=TXs0auXo9D4vF3dC@-UAt3PyzkhU z_a|x7lg%YTH?Y7}N!~SE7vJNe^7X5lxbIm%bFCW$wnO*rObS*u4{^oOT*I)QMM_ta` z@T1!=L&%9I+2;E?lj$3GSM0fyQ)kcYXSJGZ(bIDG`1MgM8(P`txoI;Qg!*L9S^2u_ z_T}|Yu5LNAxM$Vpw;_6Kw=tbM@axL$;8pyyLmY&QzCI~GYo#f9XA|Rbma4A)Gkuyx zA`>cJ`m))ZyeW`Yn!ClcOQ%!$v|I3gcGLMQnzQw8bj#kErS zS<25%%b0p1H&4jb`kb}!>(KQMx1JeKd>#06UEisT6I*{4`K+=dFx{WC%gjcQJ;v3U93#UpysZWb2H$NO$2PIP9A zJ1i;ksOP}3<9m&tdz{*4Yq{vz#wecB&?N7a^a<9pL^~!J{&cev^iiJk_4!tgojRT> z%o99cdY*_`a_y7+?Cj)US7%2$vJ_N2W?Qj1Wzw7nkJdyzjA#w03YdF(`C`*Ikty{C zc4k*!C`8|Wu{K61wO|$dwUsy21e;x(w>Q~lZ~h_vVD)Eq3zxZV%EY#^u9;qV~!J?vK4FPgq}~yC$2=ti{JY-hhbYg1`>&uYIP1r^#6 zmz39JO7RHYxmap4>CU3{ANsN)`E*`w*)MeW)+@Q3a_cGmGi9EeoIcO?NB`rQa_z_b zoVRv+czg~ske>Hb^z`klaHChbTvl%bEZNp()+y{XIx9RO(64yjmdhFaWl_dwYN~&8 zXA4U27pgJ4CUSd1oVKU*Gr2>1{Eyu7@B1fnuRi_9amO7E^Cn502(rz7yO;mSB<~cS zywe+=vwU5>Pjlmk{3G5TTh5FBsN(K0dpP5m@%jB(w?wNvo~@l0G$&@|i}Nid{}}|M z@3VzY-Y)O8oAuF2VXG6BkM=eF=>N^}!#U3Al|1Ly{|uXA`CQlRFZuc)yy3_Fhv`TD zGqjrbFRwU$__CJbe};G|p_cS@uJ%RIa=tlc+I)MTmiWqkWJrs5oV8W<6GQofi3d#2 zM7^FiJ?N*$4ei@I*LI6VMrR3BoV1%N)NFC(=hEc3OHcc_7$@Hey`4SjQf`6B_ryp+ z->uDu9+($dU%7C{SnrWt&NbdGWfzt&+~VQnWsvjv>ypU1ALqz?a(^D0vv{7{owE~f zv%d~|u(2$tOs1>cI?;9SgdcP7JhTX~3fZv8!$1Gfw0qZFodh|LdtKUcd5Iyzt9>&~ zZO$t1>yth0Gzfp(+Lxg9gEjt-Y$8(YO?QE&OG+1eYRHD)^6Q6Auq|{IMcK> zue}8NS~J!>3D;?UeKh0N%ZpwMPg=6CTz)kF$+kOxAD@@aI-})q(1Q8PT9Fc)Q(xcQ z)Lq)NXeQJ5)gBX1EVIcyzF@_}q>WFb*YEX}w)(Tq@r%i0X&JxmhG`dk#hkXiv%b1I zt!L%EIae*_sDCUB6AI|6**vGOZA+K>E%CQcTV#s+qb6A<^>(;hC^uxA++*umQDD|r zxx#+y+hfVu^BjI(&AibbDiw5RPc$gKoOM?HG*wl8*4f-3jpDuE_4BfNzis576lXnm z!Mx&-rOC6FyqURC^`l0VPxAh~>E~DK7`=~lUm&?gd%uLUNS$Z${E?#NhMEfx2hW#Z99*aCvwfyt;&owYiayp-{+>n=-Wnbzpwp5XsWWZ(}HgEFclgffmpQ~Tq zs`935PGw-&Y5!ewH_D_u`1tGE(zWe3AKB$pBwqfyHrL+GEQn!algI1mTjniGuRi^4 zvh4};!30e+t$-qnC*HSv4(Br)^OUW-eMnArVuJq^w&Q1Ky{)nTaM|m_--*>Tgu-kk zdyC@*{**7Tu)A~X7!=*B&VrujEOJxWdo;@PmM?X@ z==XSf;^b56lCmpBB^_^HC^@-cllghc^9z^qaX$HKn_=Fu%Jb)x#=b9q7X_pg*{(86 zus9x-IdQ^=>i-PAUZ2cfc%6Fay-?yDTb8B7gN;4%Ra1HTrJ39`d!?ry2%Jzn*~LA- zq(MV>!u+{%!Tq~~*Hj;iN$6XCt%Sy#)D=)!*Xeccwlws;yYJj@RY{Po|vL*PmH; zx6Lp9w<22b_);;Cm&;pQ-(+6x2jADq z+8=ybn!o#8(a+yIeqCL<@YtjG8;|L?>xPILq^y*g713>-(MJ(bUDzOh?~F znldT#R9X6lN4un_8pc$1toqY?W8LM0_k=!7+nC~-=9)Dsyd|&W>DDVOM`~_Id=<^IHo0Qbx#erwXTwjEUxy{k51w>4JWIGoFz|kK_O%Tr z+qNB;e9pB*Yr0cmT3F|Q2G00)>2v+nto9``*Hf2OoVy&o!76U=vh*_&*4Mi}>-s-3 z+x_r&TX(=lmGnuj>96dirg_(YsV#K}88#)z&sWt8#i+nGM>WBSr)qm$ztUhLLeB;)uAorYzmNvCx?t3%qZp&|B_&B{w z?b4RHuCp$&X$v?v_^+*5xh`($leN=SJ74*GRn*9&zW32QdG>DaNBwS7egUuR;?wzV z+LxCmoLZ~>q|cT&%CPvDzo?4YOm&;JTjXSOnvwm|Qp zYxAb&wE0;4$+|MjlUYmiLiCK=jMZ0zXZ!f73vc>x(crdr^oekZW4!Jkl^yV{<<|jR`-V=3OD)J)k-OrXQjQX%6sB+zktJ%q2OI6OF^3y&!Q}W5rkjeAdw7(qww(^76%#Yj;mp&;MJC)WXbkQKLNc;1u z&+cMTE!TXONGws@WO*+8-sz8eYbql@TlVs&{G90SxBX7!&4z<7XWhJfft7dOTrF*F zk#OnB{m-Mst~K;9HpZ}+lINW`eXU_`B1M7+dH6Ex1=z*>YUh6R&TPXrIf?_n)DnDtLR+)|ssT zCYZdwsjJ%9GI3*g(4HpaKlfhuosuuPv0^x4EZ( z&UcHi>t!c7 za_KGi$APtr%THXAX?-x!DelF*XG`yQub=y8*?bOZ3z@?3J@SwC{(6$&Q54NkdbV)V zmUmAye?8lk-!e<&*Y%#YNqtIQb8pIOTdr1msBQf6efzGE@_VvUo1JPd6x<2VT%6bM z6)Ea=&E7PySR{CkjDT;co$^Pvj$3Os-@5(e$-Bb)Ym3acn|+R% zDKdd`)uH7pO{Fu|KJ%5`DfZM^`1++yTYul4T`eZ$ebVOlwJqAr(*lmm`leP)I{Hrc z`~=6q_h-vz+;*O_Z=di6kJ)+Wj6G%Vy!c_%{>Fc)Yk7jp?4|KX%9n20_UUB6&gV@T zVIBwX&YtB{WGPeo?4RD$&303zqQx7nzW&X&Kiu*k01ha0oRUI*=Fay;p~_5RB^sSP`(*NDxYyGjkt%y?_{TH~ZJKI=JSp0D{K02T8tE{xY)U$5QJ+1xs8q(#XHWp_& zE`Kc^$S8Z-@b0Us(9^S51_i90+p{y~%NmJy$@2u(PMPR#clAz1`oVAeR4)pBs&zTG zF)?D^*2%j}qTVFjex;>9O`=iHzJ+h=wVN-^qV9Igs;Jq{ed_V7R`n0ho2O-Lx$Uxh zZrgn`*Qa$;ojpHx*)6#CY3_nKQb$iVU6}i2rovq&-k0;fsz}w$Py1~V6n<&D)HPiv z)!o}_`ew*&x$(BX!~D!#j}^P!L+S)=ELYsAD7>bk+f-z``bv%R`lBmuwodXr@%r=n zrIlND)qH2oQ&R5V8@}cI+qqKVJ1$F1RS|0W`YX75C$H?f-O09751(HqKZR$?S5el! zRq0NRkrK&TR~IhI+ICOjB2V7#bnXMkOyphkye`H#PN>=-BN%z>ep`B1{tu5D z(~{h0?mR)tUG1WYCO3;cKbGzMu>Dy5hn|Y1QP$;2$`gOdWnWgclm8euEACcmn&y;J zWz*x4ujPb(9DO)(QN_9Ir?2WBQ{KtUy76_$AO59Ta*TVX9gAK*N$9?|aXPcQli+Dz4L&K_pp*WHSI+8TAwjYaBt>1w8>OL-*h^SzoqRxh4*MLnoZ zr88RoNcQY23-zLP*en_9OfSbD)cba*`MB4y{aaZhZx&S*-dgMJl*&AN;!{_xC-bwe zedt^9%Wk>c!e{am+bmawPt(~XQ^f0@cV_*|{-_jJlk=rkZF4`eA3B>~Y9Xxk&^XTa zkw4$PO!H0dRy}MFTl0S?AK9%c;H$^Lyu9kt$GjQS1G;-sV}xg&^4Z(3w<}OulymZ> zoqx-O1XjxxU%BqR)+K4~W0}Mqk9Pik<2&KU`Tbd!Chu%^x0$_o@@ePBdt2Vf*uOi^ zo*&iaZIW5Z(DScUb&t;^AtQ$Ov1)lwXUyH{(`5WIXa=)e!A^-kTGB%8mNApVm3t@M zX81hsihAPKrG3KjmuKqF*C;{YT7h#{8_Ad~L(R_S2IU`{QP; z>##oZtZ?&%*CpNUvu>ZBP_raqby#@Eo7Sl}XFA*p-x_l%^0C9=IU&FHPX9Kyk+-My z@trGcC4DoBzHQE%vdr|b(q}#e9>!<7UVGqX#1bz;OOoAdNyG1r*g>?M_t60oOn>WSNG`S4gPUc zXG=+_ac_BSVfXdsYpIfOl^u$;4DTa?Go}Y>^2^t8tef#B`Sgu$|K8ZngSVnZS7xTH zxvy}1oqJT?^ksjRh`j8&{3)$V=l}!5V^N(IM{gXtI!QZBt8T{esJ2rtJoUI`7?1j| z()lhlEqF)&E?(WKO^v%Ah(2Dhgspc@7TZs&c{>)p_m8}AlEdCB+M{51GE0NitWEP0 zyAyp9>PpSiI%5vjT29wGC9S^BDrCaT>}O0fm^UhI*>~!a;m^Y37Jss`t8 zaQH5}=+^W|%6 zzJGYw`)-wDmmT9tyRYx@FJtxQYKF2rmq`c<+qlGUx!|Yhr5JSzGUIttal=OrEE8h5wTPzunZi(i5y| zwaysJwS2tal__Zw^I1I4H)Q9GjapX0_a3mm4wduSsMe;jXv((JlS1pyn{piqH?8P1 z+&-)I0)wCZdDAszCL1GGhN{k9o*eo_U45QbWye9wN2@)SZ?CFSNiW*dJLmJ46~~oX zuAJ*_{`CCMtoBm})h{iOdz9X!xv;5c{-Jr!`k~7nY_NPhYsnGGB2Q+!DP7J&hJFv^ zd`;L`CZ0Fh%H(mS@iXIF|5t{MflInpHx+xNC@agl$~w5`2+!)7%H{X)t#75%6Xt)F zD`xpj;#^|uX*jX@QcH@gzu#2xS^jGkCttX-joU4P&%iO~!IuTQ9!xwS8sjJGXZdxB z(T3n@kN0|pg{fs$y|t~rq;2@5PI8<#SpJ(z* zpKiWsFL)lS_gxkCh%KC8c-!Q>g@&@l*A?lrOwXS^e{D`|&z%yP&jo?)b@oxK-tG~} zW2<`nIxr@-MYXwBYv&cgO`@wyjXB*OT6D^@-sqbe`TXb4^Lu$qE^WMLRdUqP*i&hu z&?Hxjy?&ktn_?E9sLSiUHQ`K?5yx|zs|iP?8RX+Mq(f@n_&s|ry54#2(UvDWRsCNF zsPxImYb2XmA7lEnyu8OJ&-2%ocew`d_&nM5i<#@* zHIEBz9!+fNmpfNrJuAnLn@#0YR=k1y1U`N*&pWA+3oB0jSupQwP{xVga~Bw7xGu~x zPY9Xw`>OX;M&p;iE*oW>+Sy(t@cu&i8t>PkWr_hG@0(tXa}(s5!z$WeZ!lR?h{5y8 zg(BaqBCDsH-e~-1C@G5C$^An~=Tx7=7t>o6=T3QiDcjY0GBroQUh3iF9o6l5ZVwMw zEH6A7@uW`i_EEEWAEo_`4Ii_VeqBF3|JFU;sAm?7SzX>XSTLkqzc$Z$Tl^bOwe;K{ zheTh;tG*V?&wj+c+R5+f%w1n!Wv`liq44Td$pfeO+Sf|&P>`GZGGdaa@&v<6Gt3&w zKDk$2xlod=5O2_Dd~Lq)rsuM}hJNBghPSG@s&jOrR1@|jn{allaAG@fd@s+Qykl%t z&*mv8ax323>mlo^)cWb_rgDLbw+_=5N2$iK)t=K_GADs+o+~Fq>GZjMw!&A z3mgJX9Cv?m6$pMj`F)w5hvlPrtIWjG9+b)YGJKbD@mRH{h`Ffxvf!a7THhZ`bXFAX zH@5D4J@1NW+VAD++h02<95#QH!Mc5#%#+8HZ%uSmXyW*zq1dS0!}o>Znf9sgvYG)2 zvRwuRwlAA?IA#879>@*Yy~$r8K*=NY^q(auwHId<^1Yv?yy8juvQ;zgm`t3s?`o2C zDDEeZ*MuR;1>3C%2$PQ(S^$^sy=zn%$@S^ z7@xb>Ya7cC3)hS0tMkoxqY=e;^5rknzrVU`tqyrEt7BkhtUX&L-?C5GpKUJdwIz-- zkEMk@Ph2n=Hg^B;wQnY4bVY+r zao^OXx!E$#ET8P7wrqPRU+7aGHP7O4T9NVziDT}jJqp+q1UkFYjIQ;7N(;xtrIyQo_FN_Pc6RcGOQ-u*LOyUyiSpIdjkO!m@2W%em~91V7rASFUL{wa7YDC-R(Dc6HA2Cgbxgm;DYs z$({0OYidmEgO3MSE(+v4AHTk8hi==w!?uM!^Av@Q_E{X`Un_oPsaRLJka6>=uJt=P ze_k&*>aUX(c&3HlYfS{J79T6$HG!jtx0%W9+p6{EPRNP}Ns|owD%7{ynE83gJ)0EH znA9Ub)jw;h$U48`SzX4hdRBc~vrO4cA8(I8w`N*PsK%Umdsm*~Gn;pK!O|NNPv#Z- zM|?Og`Fy>|D-^ru zX}((1V6#~mA&nEzdqWuadi|+>bAK@p6}C&h)fE8y75nz#o|1->d&)g zG3-92T)Dg z{z}aQ{48| zq0>)ScAu1Bo>YC+X+o=B^qg-i*FKA!GI5gGgd(jgyJgD_=y1g|hTHy!HQ_bYsoL2j`m%i1d+FEsU&lwsce?09mJ(1M(bU7xt- zZE<&=Rgn5+rvmF2Q7dn$xfhrDe-sW;oXEyksXQ@EQGrvxEbE;WC#a<}U0|p68k?bxy4?Pvd!=hVMt=Bh%EK zKI~mTy~*ni^Oft}bJf4C{!zW&^wp1Vk1hyKR4JYle(~C`<^yHRD&JX$@%Pxt-~I7Q zIj?lvwvKrbdJ(_FeYL(<%`Mp|7M9MryzYYi78$X!Z&L4jl&=b^^4!m?`OjeWYxbd8 zbK>-VgfITlGa-H2oxcm+(@s9xSFz`B-<$Ps+}0;P&YqTW{A|9&lSlhnf2eF&f8fO) zt8MdqX2txLufLa2e75RF)v2uG=hC-4)T%jg{K_H@uUw0>sT26#Y?QDyjAh%IzrirB za*eriAxld7rCql!{MjzBHgu7~xfa2BdxQheUfFo^>&kg*!99PqG`Ut!h~F+c+r=^K z)RET1tG=4NSlSyel)}GMErn%;_FJ#Ehl^7us4>2N9eMN4tzSY1`)6MKu2!oVsHm(x zq3YR80W}+*{+N&z_GM*HWWKKUcs6fIu*xKt^7U8xkL?ZqRh}UFg-vJGbm9 zF%<2QV>J1z^fYOFssFR${nuUqQKEK?j*?04q#{jRX-{@Kd64^F*R zym_5%_UV$>?VI*9db6nQ-G1z&`3;pGwTLDI?PKd$kBF~jJ=+kp{?p{ItAaA+io05C z`5ivw9^Un5xuTz=>D|mv)B7uPdcx;ag#A8QC^cse1H-!Cu2W^pejdnUnDcGTl6AGL zoON%m6xg)s7#@#$w)Lg?d@a}TUtiXBp9^(s3sb2M<6E3BvsRg}Zp)%I*|y2a$M>mc ze&+tH*vU}8N7?dd+8_SnWq;hJ`ri2accUxsovQHQk79>IN+)q^g!DYIuL);;P~HD# zeaAHWYze!};2qy>wVw1VaUK?UQ{BUpJfCkd!xN$GYEPZld#ZZEEi1L7o-T`j^yJ#R zhO;V>;Sv(>BadcOX9w4bh4r&H?Oz|2%(TC7^SrGx<-9$tkM~-%CU3WU%(hhM#(mQn zQxBeaQEwIS^s?s3_ko=%EGuJrzAk%rq`J{IYfsBee8jh&1z13?3)^xJSDV;yHH4`$zSIAwRM$m7EA9u@hfE0 ztre#_t}B$i59lse*roaXtk2wY;nFczE|)TjG?na3VCUKSI&@FyGSvgQPB$2*o=#e@ zUC}7jZ|~mMUgtuy%NnOwdF)W!wQ{K#=VxtW`9tQ@{J@f7rRn8(r_Rqk4UgAp zx9tnNv~I(FO`(+J%d=j8@%4WDD{4z~A$Omzrl?bvdAISqP^GdSA*L^;u}{K$*X*=> zrS)!M{&T@C6RLlOMjQ|la8L<)_T6t+(QdWPx21NQ>+EHGHYfI$@FoN9s&6Zl6PBEC zvzOcQ_TUM&oZ>lQ<+*b;C3kHRcKSWz&)%J@+FT|)GV(mnY`S#Sq0gELKba-ZCTmTZ zyP@!9$h0=&u)Xc~e)ft=~}k#_&U*z zvog7i&Q!_SzI0>|N@15}(-NO%&^qJEJd3v;uLF09-gOU?k3TnK!Gd$1Y>Sf4aK7R- zlu0hgWA_TXVkvvtt042faN^r| z=Zx}gR(_qVYgcG(yU23z+u9c=)r+qj3~e>LZ9C6;wx)vnmbu=dKO0PLs{RvWULN)7 zt?{w#)0Ut6>_3fN**3fA^rO(83$42*XPa|n-&x$b{B&BWx1?LG-_99g*8UPNowVMm z?vgsQ>H386M`*eUryY# zlSBG-a07GB-Fe!nX>BiEmKHC*<(qSG@zY&lsn^@Z853g?euX3k;1pe?&y_8C zv1gZrKdWDMNa5#-viz-vQw>B4kEU$v|CYIY#~qJj4&T?i80hRivhlg{+K}mo%{JY% zTJdxCf_0G(g>QU%{nT@P$!BfrMAkju`(~FjpL`u~dv|2!xuYGKR?PQy{bvyRVf0Aa zwM)5w_5}90Z2pLg>y#%+uvjuro)~j!p~m9ph7wj=q<2ZOKE9Q?v9)+6$JtDNq1vtt zozQcsPu{K3OrGcKsq^7rvgAweXFs<;dM$IvtmnGUqKkrg*U}5KSFZ_Pb^9*slm^e> zE7xYfjC6ugbE7?z z)7NGe-S&`{w|XqPc1dM;7S{%K+27Z%&9ncJ`r-4VxZB=mm8>IAoc8Imw43_4&f@P( z8`p<-eHVU+*?4z?@zZ0KOmlK=&s%NdTP79Wx8iBZTN`QLi_1KeO^dXHjykeS99U5j zeS59Y&oAeNGCv(uGP~|6E^|FNJu$tkJgQaMGN@iEPt0n=kB*`l+peAEo)UPac;cn4 zCbuP0*=*;`tC!j@)_2LT-1$?JxlGvlZ?aprc$;qg^?Ys0xl<8SZaN+JS90L$VZ5~E zP0r?>A`DesleEo3K2LctZ?S0BJvGTGGGT7-)TTfXbM&sE$^|YYn+n1)BKGM9Sa#C&f-$gACQ)J4P73=nf>=j&hyuj7Ha9u~} zgk(aQ7AuOwc<^>rb+LzYfB0)smx`!`zoD1?Oo3~ zOYPS&XLe2A7G-H6>%KOq>sMxK&NPNH)0*Y#TWXFwugZR+8R4AHZ1Xo;>2ctmy-qfV z`yQJHMb9iM-{)w%N^Q1^NRfG1`IUQtL7j#(A2~leC4E_Kv3TQ^Mn#qoBdg6xeuV*? zA#JxFcWqr|dDSj_Va~~d_#)p~q37Q0d>^`aew|<+gG|Cjl_uk6#RChj>MflzQF5mH z*;&QglDQQQtlD^PV|wOETg}rue;P3upDRAf)}2(gL*-5Uu8L*aDI0Z)s-##v6%U>A zU|%7s<2~j4H0gQ%TeTN_%RBsbG2hb2opM{3re>TpxCkLPFT^TUj_{&<^Ne(J4J>S>$dtZvO*#010bnWsN(*#zW$~zu&wb$Bb z=atfkEoarPE}eLrK|gn9uLabKxU+w1N6;fi6>!^II(!&N5s zX%`=|=l-&m-NpRYk`?Q@n5{RwjPw8a_;JjpJKJ0Th;%=7yPdkz`ASvD^73Sths{f# z>YlnU^3SNYsdA6y!_9lIYg}6Spme?FuARI0Ph7gctXy5k^Q=zm(z03Zs^@k5*PBXa zGA6%TwC<$x@zqhw)XJwFGUgG9c@VJblAKK6pG$7D1G~1L@mSUrVDPj5(&lor<$foo zO1ZJ*TYOpC|IBv<=fP*Qxr>i6DTzLm>c-^rcfl2zv6Ah96M`@e!&avWoKN}gkl z6EoVKdi>HfYjJjN!N+^qT{5->_S*T*xW(`;GufSsA&$Q|%6qBaeZ%Q2mw8+I%A%Lc z?p$!oBqfNe>|uLU(V;WPwHqgPUEF*zPbL4JzD&Zu($%>OnwD_vsu$C^@v2RzxU-RW z%Oo>)$uF{5fA>vNm7HW`eBs*L_V(0_o{efAFFe*-`}5p6D{!Qy@f@qln$k-LcV`t9 zyfF8A8f&56(|2`Y@!)oP21rpy*N<8?s?$Gr^pU-t`N~kZ5?mpC}#%;i0uJW&Rk*Bc9 z#1l7v*!$X7>GXVzx@ISPS)pL9P^+w;_LBZXAKiGeimXGf-IMIl)T@#+_Br-eVnapM zRmW-f?n*YE{F&`!t91N?t_t^_^(y+N8?%?KNtO`J{w=#C_O-*Zcsx~{1+fp%J)17_gYO`NOj|&6*3w_;QWW9IR($#;dM9w zg3-y(I(l7t*Ip@AUaGW8(eg>sOx+{72d7WIwIJ6?!!b;y>!P*5#oHC}kLnxWIZnEM zblP;S!h;j4ujfDPm&#mSuzi;6o1C4}Q)9xP99#S$_}jJ*(Hnd9C%9E8^8W~~vHy7Z z+lC+M#lLUnpK!jw-1Wz7UdZE8u9fqzYAyBn6KJ1fvc7W{-|FnY)AcTuJ)F36z0Hr6 zAAaUX#riunb6#ouas8Qj+x`bj{#RKB_advPEjs{soqotByOruvoJ9g8s~PMP^^mS6%$@zN>FzP3|m%@c#_g<0Mzq zA9Vl6^5eiv{Vm1$+Wd3P|1*4jz2ryX?|?rXSDu)MRedQCzTolr{=HQZIzHyzR+=F} z;pyvMN7aNq|Lt^R;`aB9Au1pDPAU8;xKO`G=-$?F{~zl=d_MB{#HBxx*=p}rKj;6r zQu#yM)RpnvyK9|{+SxfCJZtq@Qto#0n9qTa!LQ8C-q%(xTC#D+gSRiV&zsI~oBU(i z&G%n!@;JyP#~s?&B;_SxcX(r*?heJ(T)z)~+r>ZAMo85C_bKhH(8|bOudG}0_D4UI zeK->BdyRjVwYki-?}zP$E2cj@xBhSAqZK|EyzZ;aEsWjuV$#_)HfA4FjVHLq+VO0> zk{4#{ce!ZcxmRBvh8Ddj)cAdCwz~6&@@~aQmqgXXISYsqnV>J z{xby5tGwH3B)9y|b*t-YKAYt{|1(H!Tt72q_r&ri;?Gvd+Lc*w?Y^1W@Y}eZnDoN&8eI}uBTe%PPDwqHh;;=SNo%`ZMx)ATmQE< ztJd6)rRM7D>?Efz=dW$^I&n@sXMJj7$A=xOJD1DOH@AEl_IAw%NABxOqxNO!vLTdHY}Gx`t@|Fj1LlT|Ze0vV>WMrG00vS#oG{b9CADQ-?*} zs#SwOE%$1j=V2wsnz5|suF<{StlL&D_f0R_Jln+gR_=iHW6=hDR&rAAis1{774EXC>n-!%rWt?bTt8^Stw^@P=!UuJO|^mu~6L zIDYx|Yd^793nnaIS{iKlk`+8`rP7Wtzuv;8^ynm!5v=$FDBdGR`P*aO(3ii>w#bD)Aw8J**+01p>QQBLNH9nf_cJxM}>YgXLuWx*e z{4SQy)AHo&<1S@k#*NW7ACIPs`K~GZWq-WBcbbRJR(-*!*Jh6ydi`z~i~eV*+BH}B z5&yxzo|pWke#qSPKbH69nS$o|Y2eXR$-+pesWs1f~f zbl3TZ?~h4Wn40>m-FnB-GvDX=%b4vwb&NHsKU{47GYDp^u1>w0zsBf5e~|WBzurvM zHBR|M>4FdY`|?w-yfqRRXRbf}<5Ev-_pWG(d)y!A zZGLdpF@H<+Nu^4Wynw=qU)Ejw#?N2lx7pmR?4R3`)4Ot#pV@7_fA@#*gY@IE>c7K% zcQyO&JAUGWz-<2=q9+C(v zW4RO8yv2JHeX|vUMBR#C#+|!(@{z8QcWls!!$sokRmrnHzZb5E4*u}M=x*f3-uX{c zJVpykGUK@r9n+%g0S$+>&0txz*$JJdY>W96CcL+)pHCpT}BiCw{ShlkTkF zfeM@YESAncGOf(|vVTjF!TN|<(>vZTiS0T*vH7gq8av?y&Bw|)OS?sHFus1Jy?pDO zSJ(DueKsnqIk-3b^qY6;kxXjbW)|x%AMUlf;jz8A^+Bo0tqqzgC*RfB>b^O0IIVcz zs){wa$u1xJ+n$b^Y_T>%A!}I{#0K5a@LRgtl~BO&8N&YWRgvFV?^fkxrc1s zf8o9AmTM*_bM*rrW!&|Xz7r;T_vD71R;_y$xSeei{bIK8yKxyO2G?H5n;U-&o<@ol>Ny(?t8lT*L>?Najp}2k<7jr zKjc2o@zU^h&<&6B$671D`zB@VQ`x_5r*QPiy^;Ge?pzZpPn+_^_4Zza*!+1nCMwDG zSaluQd12|+9m1>R=kDrybM)=nC-v4kdC`~qzFb_Uy|VTE=_^KaE(Ki3RXg@0&U;0Y zTkxJ_*6g@<=U#Edg>KJXds3m$y=}{tt=lqF6sG+Qwq-3bh>5?QnVa?PQR?f0o6G5@ z{=;8#>7_sU8Q+~2C`+yY_{xy&v)7p3;`+y=LEq+zzbT z9=alDb;Mhn)4QD*!-TflAI(6mKj|YnHZBgD8u=`}@wrR}jqP<0HpY93nb9e6h(wlHD zJ+#e8V&%c(uOq|_SJ*}7`3J`OEt+^@?Iz_<9}aLG+qE&$eb&Z5cQvJC-X7h&?D3qQ z$McV^lC~=<;QZ^F^|ntNU@L+uI9|XRXaiPc7OacsAYYtVp~3->NrjN)J{q zljamx(La$rr7JXOrNIf&?TgN4%~>8)5s;-@=F(?>EVDAd>}e9Cdx6z;wR2~V_8GWa zu8;UA)@!yj?af4edAoW~$#ShJEc5>Q#?SW4 z*yqg0W_kQ^Xz!NYX8QhKFZ`Y*=RWS_Gf%e7`lGd*Cna6>uWLvXr+BAG$!fEnkhymX z&t)3)Elck(`JVV(Y3|~$>uTS!6sPojj_rBJ!zb}1S>~F`H?hqpw|Jhb3cK=j;hd{C zW~BtFpIdq0Kf~**i-lztZI`W|>z>Vh=xFFchQe^&tMN) z?}J}fmggSdF1dQwzImOKne!x9=&Ze^mUhQ~ZDz^E`MNXKcN|uXfB0zQ`-m+*-15t^ ziyp8A-Og6~bkp1V9Yav>Iw4<4_v*j@nk81gos!4oll%Qe=2{U4f%QK^vMsxNp3gIm z5){c=^is!W$HSj{U0q8vUQ2Q<;Yn7$JZp7+8Q1jt(`4kAW=8v)ybws}2`pNB;lQrT z8`Y9oif`{Vh+a}N$$!O{*U{g@UY+t3Td@8>*+S1yTVlC@4D-}0JT-bK_xU$?-vlC8*o?9|S+(p+*PclC7Dsz)df{s}qTfNkFku+Dvif_x# z=PW3Gc`nPl@WMis{@n}@7$+5m!}O*d1WvhLBU@JZS8uGY+sJi~Rn&+zN& zrk&GGJMAv0oKrb2w^jCFyvn+_NBaIV^oF)2KNHQfJR04`Z(bNw`6Ba;ce$JD*Ik>8 zrk`KGJ?iM*o@Gx}3S&#(O?l1j6RgnZvCcoD`?Sv8g1VS%8w|3Jxqf-GQ*fSZT7U0kWIE)#w(j_Jxg+aSrb?sW_Y-p~5}o-h9Nx6mU0yOQg&E?#(lXt!MB!`Ge4 z3KM&hE&pV1yfimm!K1?BeT;nTyK8B8&A%7ME^ognXCTq@`}(}!a!b|A%4T^l@er*l z?0R8xQ)1oalW%;Bs*)$S8cnizA1gMuP|kplbIqHQ}T!I6Sv8{Wty zGd$a>tIFEP8su_wanLQdgQ`EzKM#9YWPGk-%?lYOcgL`WGZH?}uUaZJWldafUlD)S zEOW_Q{y(3sI`lZNcz$ruJIQmJ{Y8oDDsqK^ljm$uo8WQeV_&9ZAD4a>L(HZ*@BV68 zdfxK25Nw|I5_MJhYIg|Tr>#Z7|XRaadG&EY?`D0}nkK%2EqA|Z<3h0FuCGS!=_n_Se;{VcUkMX{{;tYQt%wCxSv}tv+3w*XMkS;k?atyS4QOcBzNcZ8LSZTzYp_=iQ$#YO}&cznCn! zzL4*<7+;mtvRex?%@~hI)l?OvYAL-vc+@+8iD6in@<)*?o|<>=#aT`1a#*}w)OS+R z?x#C+YFDRZtP^jZzt+|yVfEIAqd{RxXJ>4@+?O>p0rvGa@Q-R13yy?sh2?G|;~SPJ$|UHkJ_a8OEZoX&&e z?dz6wpSj&&c}&al%Ss_LyGWK#73)4^muEbQXube-FKAw_V8o^As}?c1%Hi>HO8%$&*k zV`7-uUA5`2u$HtXe{&*y)uef`8c&83GRqIF9=nWiBzduoT(2q`ygILiGg^0S8&DM~%NYm>9pGw43sP zkzqnTS4Mzl!3~~0zpDax`JNd1%=0+sZqmW#QGSd)&|h^)n6l)#a>29aEYDTsEEWhn zeA*y5`$yHRlCqu`NBzQO3SBoC)xAH(y7Bm>Ejl@mcHTN`q3~g1^YuFyJm*Zi?$Ih_ zBQ8_jHO;zELEy-YQhUR+b9Ga<^SA3SpPVB2PV&HmkFnv+`*{5;xL>_8oO@vEQGUmp zoBKaJZ+mvlR4`{+-^1(Q9c!y+z5f#5dQK^|I=6SXj(=h7y!HogtzA_WTFY4_YD(6w zSi4Ql>`L*X#eTjr%iH#FE{`zYvr$avCd;+I+h)A{&c|SD6*k2zlBL!1ZQs-+Z5yG& z%h#6AsXK8#THj>uk>}TCLQh9b&^yfWT;9xbwZN^Er&iBr?c`l>?E9b9<_bNsr(Wiq z`Q4nt_ccp`S%~5I!?4^f+e+`PKXCA9MBDX51%1m0S7Z(PTEZ^WGp%RdDO#w&wY;I? z<*aGkL2Gv&bM==ooOERQ-6zG7w!DkBDD>G+c=GMhT-jZ%Iz}9;1&&ULwc?Me(tfKt zL->tW-r1myY}XE0vokMWYZ+ivv+>KyFuf&mw)|0ILJL||E|yumb8q3E5@0P85EcO&N4frTy>Qh(bNnfb;Ej+V7m0)fhRW|N51df>&tR2&Y;jNe zr8Vb{a0=Wj+wl5a=8fE^5_O_Vhu+i$o;6W!Jz#HEah56DG0DwdLM&~IY_rbpnXfID z?5B5lliK!e6K6b}QZ*?nLpMOSDfWoW6R9RupWK`Wzd}A}9Vr&Bt6jOxbYX_8RLz=0 zi*KwtICbYaLvNmUuZ|vbd~VWp^qdG!mvGMN7Yb(rC;3$u`h^|W@L=x==`j1#W7YRn z>F6^#3I4T$cbaysIDgLat7y{Ah&eMFPrUZnwvO*j3UeR-wPjsG-3K3(i8}ZSFc$Ff zFSUM_%GfElV_`+n3pT@-L3$6k4bItWDD*0`8Z4M2*K*~U*$sh)o&ThCzfIBK@z~Tr z`qbw7`|)$NR}1DI>2+YqeNlC#W7RtY{+&k^9F|V;ob#XI>#OP@<1Gf~Y&GK@E+@X0 zNtkZ4&FU9d(Xyu;d?Do~6I&%dtGs?2%ocj4a2|#?=g(ApTPU%kYw5%zjSP}6{Unl7%a2(-T5P~nsUm#V zQ&98Mj7Hg&ulmZFJmQPQk6)0QW*K|3REAG;c3VMs#@DEcUaf-d$E)-gPT%aZ(a!Q% zVc6TJX)KSK@2zYWh@U?B%ktyOEw?2fRtGFOm$l_$l^BobEsJA@LDM~zj$NL3<=0h- zWrn-1yMTNtFr(OLrB{dizh%+vHP>d&!BHg_38S`)6-lZ@bOdy0YMG zpXJ&78r5Apw*2VL&f31X=2EMRdh`6KZyQWQ-<%gVnX;2__K~QHdk-|(%b9lW?oO6_ zySF-R_j~D^=a*-FzIA4HWX!kMF}|NRd%dZxSf5`pfBvJD>oac7R!l#cd}7se-l^*B z3(iK&PCQ-wb=A4u=XvK#7AKZ^n6-wSJo&S8NxX42Tf)tUnI}^J zi9IMj@j5V3Q~0o8Xo_x6*-9ld(gUBxUc!%%8Z^RZ!FVzjGi>` z@fz{E#R>>QW(%EimiMadW!haFyaXLItM@>N!ad>kq%a#wRNrZOtq2L|W*Ynr8G zf3Q8fdkv3qpVXe_V@!{({aw6sj#%))<8j$H-#t>46kflyGW_W8@a#tYlb_1DuN3>c z^u;)B-=p4=*E3nu=s{nR_C*`pqRpBTCj;1gEAv}o)49Ku-3lnmzPLxXR(4azq4zmF zlLIbqeDh$wsqj+ur-^U>nNDA+?A80}%ga9gs!Nf{v-vMfoZPi?rIv|M4)3R)C*`k$ zh1b5Ryxya@^Ha=iFURM0SD&h?OoO6gK8rkBE%z?sgn-BHa|isgzV((1OwQ5_IzDmMp%4F-sx4h~ zu;P8wMZMztUHg|;CdC`ZHh)+6wxaLM*PoNa-DA0P0xZw^EJ^rO`DM*(%d`lalPY%@ zWVP-DE$QAHy*%sO5hI5;t4>K=iM~2v`3(ORB5&S3wqU3$Ik-VC{6E8b52yC?Cmb2d zzb^CLo>|k_xA@wWN#gfSPPTCb?KI6?ToomD*JPIlCAc_E4j?KlPk{|Hs0H~ z{%sTs&k{@R^CG>Pi=`g+Jt{B%t0k`eY^qR|aB!@GTPha^^Q9HOCUtd>I267u6#1Tif?Z+IqVi~d9$QZQSsp&_Mq%JoA<=dJ}ppdFLm|uS7n7;EfbFw2VLB2c~|P& zQ|V`cm*#xfywE7wWZJn^epbnST1PTAY3IGEP~Yo%ag&B`LZg%qlgBal$02)~dIBvh zUPkjuayk52#om}Qxy*{s(Ce9S_s(fLho8t9*nN%Jyxn8T84G3RvaB;^Z3$%p;`^$v zT)cHWf8x`3-xpd-9j%zI^7Gm z-uy;u$qJTZp(j*#hs>Vi{A~57<;&NqY&Ld?Kdn-)?BFOU&T~BBZFA^zL%lNL`OcT7 z#>~4@y-m&sQ=RqSK zhvvR1YBSfA>)&AY*^t0z9X2Oio5k_)lRn?nTW+`g*=_enZD_A{PghVcX()Mp)>bFv z?xOP!KYW+|-SsXub+JMNmx1UD<5xMapK8Cgcv5wZzx_?T^W`LgWg;5)w_jQ#8>K1b zZuVq*R=~x1r9RF*QKo8F-WBLRte?W?>S%iP>eEvy<*cFAS1t67BBm%eUhDlVKTBQm zY|fH%?r~ukXBSjl4!HErrn%tU%1gWWd251p?%A2CH-kk&^hng*sqR8YB>N?mCTS}6 za`UV0|w&URa?h*_awJue#MOHwA^S{~5d z`nvJ_*7O^%%C3Ks-)!+S>qxNRj(3vlW>}m~u9Z~1<5{X8B;fSr(TdoYWyN<>4j8!c zi`K@7e6}z-!+ZPoJguFw z( zH$C~^?a}GH+7Ay>Lmo9NWpL$6%D%V)aT|Mqtbv)R(a%bF(v(}#1q#hp;KJ$bnNF=Re zHRpEql^0&g$$VJf{dC8kk73<1n>-9QX+7w#v%W6;pMk6G-??v(J|Di-Y1X*ETxPGs zy8XV_#J>H@STIB4`U2TkPs}q_a(RRpIDc-ay71)Ulnoc=-tA+%6uQ|{_p8Q-7X=Y~ z{6GI~&AW9=^WhnB=}pyAuitH%tM=G0Wzx~e+dJP!nBV8y%Asp_ebL>@lsRisK6;v5 zJoO@U*_JC^vPMspGL6>lIDTnSdZD7fzU;0r@y@ONQZ<%afBUUn?yurk_)H~bZPM+3 z7pi1}IZRhD2{|x)oK?8&>Bg3i0ZW&Bv7R$g?uq2VMcR|3jRY(oo1T9eFZxHn)5%*a3Z$CaR0avsMjKW=MSn8DPrv#WbEi@X>NETY!@I`MM}vrO`=Be_`z zw=?R$4o$x*IHB46LfYoMV_A!@T%8@{JtbK!v}4t>f1&=f<(f8!{XJLYa6V?1-IX_H z>b9Rl#gjEdcIlpf*1XHIllQvFlQ~ll&bImTKJszyL=GZ`kVv3wt1tYK|E zJ$2_)3;r)62d&%g#H7nG-deTgB9E3{(VjUMBsdKWPdv8o^$*UgapR21Z`oBXPAu_Wtf08_xM|GBq!@Gdy}lVD zZM`ACXC>@hx=6h%oqK}SoM&sJ&F4-!%5UCmkC#R@UFQ<4m$`C3c-dS_ z-Q&@1$DT5zJX(AEVf^=Z9Em-AhM|A@b#i-TCf>N#-fmL8w>-4(^y#1GJhNun@~tYo zcHIBLex7X$XFm2>)!=EXy=_aIuhq?o(%L;CzuX$-nwKt}m3!{~d{McD%FfIQGRe!I zN4keqWz9+Sow#sT#K-)}YK2Fu^WU6)Al)nOIXmY1mZv%q8+J@7T0HCX`J0~)FF$H$ z*5R8K%ghwg)5N~E>i%2ak6Qkm6$wAA4+kt^y`0lG*WrukMX`JB(@%@cO~3H@{H@@} zCB{1QxIWl4pH`jruEf@VX@yPMrB&05KbQZ_&U$q9o%%FS<2`fF-COc~ncggy^!LJj zzQJA`pDME+XBFG_s5N|A5X?Gz^3<4Xf2x#EEDP8_W2MrCbB7Ag*J+z7?~<(Ecz*3< zwK|{6i!OHtx4fNrv}9sM?R@rACuDd+JNB4bdvNwIkEse+cWy;Olx4=3V|j}gJZ4&V zBV*F3J8l-QJk~AZ=dXEE8Sz-+Xx7U*d7iaW3yxWwSoQS6tHll1gQsu)@MS0K<^K4n zjsF=qJ~!2DJy#f;6UBX$?`X%D_d$_AvR*mwSbnN9r>l9NMXIb$(X={|Ne?9c?7e9b z6S}&drIP>Y9#xOyqPH@mw4+b&R6JKzcxj8`1)lG$OH}u6^v%eZvB@b4tK;8x^O@)g z*@~45KAh4$F+op!nc=nF6*e{pl4Tg@gznDgxjl_v;lUTt^pH$d;VD}`+}vi_>OSrG zvRhZ%J)0N=mET_%y>NJm^O+>05V@(g%le93E)?*eKB^b6b!LC^Qaw+@l=@$<{zy5$ zzt`C_G3w>gsV7_x^`v)g%+KA()n{aBvUcG`zp#rlon82ww>F+Tdl_ z{NkC*jz!;IY*`k>AhB{`BZGp>uO|~FK%&HQuNIPot89r8-H|5ERzb_M;kEY+ro|cfC zevaQU^u3L5-n1W$R(!|zuZ=0=)ywVfNLKYyn1k)-(Agn%Zsm-3!j08dS9FA_pL{&4PdDkM?)lkj zMwOa)kNH zv!!PCCBO4>)t&ckPb|;oPAQUQJX`s_=b!8!xqWxV);{cJ&#wrP`+EDn*%d8Y?XHjZ z?dn%#mv&e_-~KrM^p?V_nb*V8ziwGvQu(~2K2`qa>!aJ&1s^VOd%jDza^Kef3@rP9 zq(0)DS8L^*C%xd)>$_X>*AJ;vyH%OFukG8WK2&)xgaaL}keBUaldyI0zcD}?K!Cw z?ZR-Habn!^4~LISm9|YWxjmih3FDm7bt|6VSn+%9ozjBUlkd7eI^Ok<<=>Tfp5+klD+YjY3A1hnGV&7DrzCV*L_ElYP zt+@TI;75L8sqVJ54^HPE|FLJ``S`5szpHek)(9K)vfS%C^XK^m`v=SR%j~gL`pxvLL6cbef+o#zUpiV zS3JLdY1Ni{(P4IP))emujb8jd`hK@O-=5Hl<%i=eHhnHW;N3X?d7S+3xL4cDtEz79 zeKEz(=-}pg*-x_1-`xIf-jDi~l537F=#_jv?b+^nj`JVI9v!*)$6?0~qg8!+Mg{d! zhn9&={d@C{i0W?3+<0fEmtAg!^RlKyDd#C@eqZ-I;Bvsu0^|8vO}bi&Y79?i-J7d2 z@#48R$r-z>zkE7>{qwrM)7~M!SD!Bo%P~3HTexjY&YLT9mX;j9>*f`%ylwNX-63JE zYgYzNzWtwJebB+212QXC2OJ405#^nA^hSySPcC!UMj2;zi6zXx7r*v*5-sjJx|UaL z1s8+ytYns#jq|H2Cos-xigY+&U2S%3%TZ=S>$D7BEeWl=s)X-!7S~v(k-_0ciyLV-u`3z*6#Qm>62l^zP2!4 z%=EARp?T8t1Fz~`vgy%KpJwxAUHlq9|Kif-rYPk{`{jSI@pHx6Zn>P7`g(Fq$wqhS zxickRxR%Qcnz~-!I&*!{gHt_6)@4tecX5ej&p(Ov&is|`!AFlCbjnrYPCAgl^ZBG{ z)(!9Gt;S#9hUJv-20dkR%sA)qIP2Q8sUMyn4PRin)sR)iNA zXU+c%^P1O|M7baS&(OSUOHsFEe(s^3cbW&+sGZdbzPN6yTdJPWKe2<>SMt|&hkTef z{ZXy{Z@cfF8aqz#ScS~eKg7>=S|#1#$D|7}nykq?9)y=K|DhkzCNRC~=++aV2U3-1 zJ(;}WQtmum`$NC^`OfaTFA?_dZFWVS#J|g%vlT;Yn@L+Lv-uelIdY#)80hh*{I$elCSgSyvBLk+YEcA%6hE6 z5T`bM`Dd%+cp7f=W{fAfDL?-TDeug!s|Hwa?Cig9uzc8z`?!UHUt#`e2cf`Ka zVlz3C4BJG$Z0x=|p(6Xxw`oCJzMCy`m02%(@gR?GuIiC_(vw_X><)NvUH6fEXVtp- zxlayeOQ^5AHQnX!!mTq(*gm|ywMgyFd+rm9&UyHmnVQZ%tL2?LxyF7@PX3-1m7?yR z^AEG7_VIFkyA&zUFvWstHhcdckBgHtEA$fUdfc_6>zF>;ep_sPbmi^E?wseoMVWOh z=ANrJo%i3=Xda@Z+}Y(zd&ZO&Mv3uJDdJ&TJb7-?*6M!cBD_c^`>UI zHRCJoqW3Yg{VuJ2etGHLXKtMG=QizI>L%u{`AENco_U-2wvCsb?$|zYyY``?kZaoy z*~?bUK5+f*LwjLI?c4HG#cH1VZ_9ckFZ?HP`I)wJL4tl>^V;?@dt9}XtN4BRarj5G zc}?$_m~Fh<&Ssxo@bt{gnX57bv&%lkz6@`bkZD*xF=pwXetTvU-tO7&MoiXyq+ehE6*VHS=;T(vYlqPrfzoC zNoS2UytFHxPx(NcdmhJ$6~1Pr8hSzh89Md}R&<$U@8``rSuP~=U|wN_Rq6Cz6JAfX zd6%W5zi-@lLTT4o<5k6s=GwUv*EsNph*$rNoW03l{UGu^*0ZZ~wYcvFY}yr2T4_zpk2YE*36eekgF3xlAdJCmfid@ zc74Yl)AhSuB-hT}EWO?)bg%u9aE=#G`3|uC33|36)}-p>^-0fi7o{fm2>7P{nD4sz zih`~I*O3B`*VlHWUnzP0^JH`Mq-#mWJ3lu^Rh4&^e!G0{c=#mi8OH@r3#Wfxxo@%8 zQSJGBMk<|rvV|9}8R`5gndwp1^GUn(-LuX;TgoKgxwGF=K zyLZ+ko_{aWP>}6*uOe@;A={0=`?gLN-L=s8*5-udC#y4ciWbb_v3RA$7S$HH_UWhP z$#1Hq`h$9(&N(fTy79V*q}}Z_m*p&vd8|WbW$)cBv7B|v16}V;&YkC9aS7fGNVd(^ zi}+?3_V#V;wB?HqE18_K&^^Gsv}o59H>J~B59WOpGxJ%fHf8d<7e#(n)nRTMAO2_1 z7Ur|~v+LT`t*;&R{(O1x_|n?A$cR_d_LT_nKCO)TzRW$iVFE{=k)QR|vqm2mJyCe@ zvDtgo%k5^91U@G4$9;`DXUS~Xy7@+P{plOT4edDO&23*#xmr5Ab6sT0j8s2% z(Y4AOw@qTYp;c9NU44}#%Nc<$HvhI3UO5-VU0BY1O2}Q|`Q*TZsd=Ba-+b?8e9kps zQl;07Q^oW6p9eV>OEH-xZhRemJX!3tf6BLavCqTU-(69z)a|LhtTHuKb(6bCjtv+;VNN*2QJ{dQUeoJeJ$KIEqVXm+GxGT+DMC z11sHZ|3&}V@lM+#`dAl(O!B4GF%C|f8j7rfe0EDtIz8!xKl|RmnOuvHyq;I}Xx&{c zyRrgzwux)Imp!ZbvnTY(IXBf?EY4d>-f0^>%GV3?>9bsWHtGVant{7$b2<0wX^Gdi z`aQYr-Ft4gG>YJK_N6)X4HLB`P(n9HL-d3@PoB-1 z;67)9=XtL=$5!$2U+Sm}O{jYJIx=>O)5oGBvx%YGlAoS`871s+>gL^pFGJ_)7$-Dj zJd=2B+^W)dm)EK?>63R#;RUW7)hiPlPaMmVENjG-iKT8A0+PAugdlb$uEfU;! z@=VXoH{zGJo78$m+>Ck7NK#L4Xr=efsU*Oz|id0Wvf0W~S)V4Q#*&DX*Z$HVH!qUgo^?BBnuL~F6c=74LhBX~GZPI7G$k8iPdo=TW)uS)k zSBf`YX}q^WW2c3~V!^#FiEpac)oVyPC%?dBAjbx?OPDgW{Lry7$ZLmt`(r+PK(@UE)|)N&UmZ zODk@livF-#&~xGm`(B2*-Haa$=h?n=ROOVp5Mz536bJXf)7&4Qi)=6L~Z#s4Z-s7&6GB^PH< z&wp+8NdtA}mq8qrb&uyCTb#+jy5BJ1=POQ@$D&b>{)!iE7VO*iN?CSR-QEj(#$^~CWevdl0 zw!mR~z=E%83pQPTGC@dO;RA2R?UzC`c1j*tu{o()QuyYpUwtm$-)_GkrL#p|%W=;% zTjN-kD4!MX?=~N|Uz_2$xTpVaC(8^0H6 zWcKPkGhNn~nszAt!^*afi#u64zdYJyZL4J}17t8UN01&7ZJ5YxN8L zls?5j^M+>PidytTQMS1ByawZHE_!&+0b!qCNw zZQT5MvdW51@bI?0I8eIk+jb+JwLFU@EKaVE-hbiBp$A6{yPj;l&*G3+y(0NY`}P%U zryb{Ba`F6%V7a#kK05YHwf1*DmU&wI=6{B=3-he56rW>zu&T%^WLu(&V*v+C^;PaE z#(B32{2jyP!b@#FSgt77JoUSDX|-f#u~cW!(=xqj1E z3$=_`cZTM8`ML|!)~0{t3%kF=sN{>K=|zw8E`_?E?W}~I9`LTa!SGGw@&p4{1$CCs zT{o7ll9!q?xhkchf^BgUU*&U?H=8vNys%hu^56-XM@?=$6Iwm`y{=;%7Lrl;5mu%#p=@Kg)jYLSAH(Fcp`T&b~j(<6-R*k%PzYE_dd1*rf5| zr`*>n*6h>M+*8AoPsrL$;j|XGaiD1TWEKN<`y<+mKYZ)iF22ZQi^tXZT&w@QxM;%b z^vmPz8r_zj2zHecxvj6`cz#r;r{;cJJ;Qx&k4%^E5)0RDp&!n-Jl@clHi;!?eUSF@ zEgdS^JcSSI|CT1%+Hm~Y`b1w=t0HGxvc${#A6HD7?CzqNVs`Jm=G?tMO)WMl>-hV} zeKp->!CH7w;=pRpjN4}WZJupNTkR6s#1?Tv@VWA=dD3P{Ml*iR+MJsq!(?Q)wMg1x z#)Q+ix9a6`1wPYoUj9U&VdHs=mtk+$IxtEW@F#~WZ)7swQpB+`x%Gq%ljB>j7hYm1 z22l-Mg1Q(GH& z8f1Q5o*9we^LU-sDW`UZo+kyG{~1zT?DqsWX~v35%nUc&w9cPdCY0SR-7>N7+1B-n ztQ`Jv+Ey7;Bl`8rSBQG9W_ID0yQ;FCd0wX7j}w;K!N&qpY|_^kdMN$u<5(3fFj1=M zV)}BKiQZ2&`qkI3^_7Wk3)Eb@&%iTh-l4`%6ID`5>*j6Q-Nr5aD{#MM+AII6WY6RJ zu1C}Sg|!N*=6h|*~Pdj7ZTw_pHREHxjobge)H|bM2k6B6;4= z_n{Y7DR9o=n`*k7_rB4`K92=b8?_kN7?hd2W-77P1vlRpIl-yjWHoQAiAQ-G^ZqEY z#tS7}HxJ9q4-7sapq!F--cNI)(&{fZ=IYnhI-fW+f$_bgW^D8Ag}x^_V}4%_6Wshd zNK>I^$%Z$X0mhSLN@O#aU5wc#)g@Y0Q1y7PZ?1@HMEmijW*W~8*)t9X`AIG5ly4B< z?j_S%D9@!P{d~3Hu{E69Z#Y*Z8?kCFNWZqcz2L;liL+)eGLwC}N%28KxzYp%ztC+T zzpqL?eEjKto9_#gLZwp}G+z2W;phr&NMo1%n-ykcp{!7%-j%dq!c=za%DY{mzn`bf zN#4t}uldkImK7>jCY}^(I8&W2%H?$+vC;CSU%2JrNxgB}^>#|EAYr3-K zTfd%$85S~yZhu#|CZ71uAhlw`u@27u3U-Doox6-2W124r`tYsV@ubfZt!c7ovXOD2;%)z;x_8F?UV@XuU5wuPi2f;dTlq=5q%Fj^NI&2d# zwPRb;k~8}ao&>oUh-}{C(vT5i=PCjK1edC!*Jk~pU^O>^SxiaSLWqT2qu z{HIDV-deqy_55@N7QO|SXP-Ux-nh)KVztN9DJD9V8{XbAp0$@9o#GX86;W3uE^cJ{s5$796C{vvxbZ_ri22hU3COU|#{XOL-E(pj;fJv;Th?8ms^ zT9NLl@*1*^>!Usk$9)j%UgK-*aXqTa*sOS-_SrqjOKQ8`{GIXPxVrkEU*Xq-!Jv`MRpWod%&^YI68IMD_cdB`#!6v)85* z$%=JT+9hu{&yP~#Ti8D4?*-&;M!A*Z#KS>#8rS zy*tz8@qOL%p1kw-*cMMxGu)j1^o^^}sZ|R~S)MHp7PvRl@(ruSyF|09{x?fk`j=h* zCp9yn3L2)WHPx^rhb7Fi{WHXfDG=H1a_(o-95`h31niKqVCeHRu8EtmNAY_H^8z8BvGaCH z*?e%)^ETVQ>^&dmzPWTv@B`Na22I<(o_%#s`@X5W_7@9ZZql4|N5|}~@~0)qOT#Xw zlr-q{cpeuuJ^w34B7yyMz;;{dd9{yLdspvXo~}|~&b+qLyia$}>Y4Ecx4J()ejWFG zUG!1Cr-I8K8LWL7XZ=yYonvAu_p_CU8LU2Ko{Eb2^eSkp_u?Ht63f5cXNf+y#+z~L z=2+1wYb6akPO6lyvwzTgbJvH+_Nu(T;;FI@>vr7>4?lVEc~4Nc&zF}gwKQI=Q7z08 zQAlw2+AXM9P{jErTiIulyRvRyv*_A9ZiUa`bFO$Q_)cD-{v>c#Vv=K|rN}zJN68jP z-BJ`IES`&+rLJY)GV#Ht$$@)bb;W$1cx|!HLk`~a@>AW5t=8`3eWl?Y9APB6&Eu_- zW&HZ8^E(fOxjtL(ts`uf!Y(1J)%)sLWRLsutZQo9cI}+4Sa9^3gKckW{E<)AmF~+E zvi&Nj@Q56gH4f2Bz7@Is>ywZznZ7R)?%!??Q$6(UYj~zPX5ykNn!Pi%;=GIx*wYhX=W+C;UR1l}C?W6Rnwb3!hQ z0Dsj)Nw3Xp2fv$iN~BGU*FWwPZvD8{be`i1XGzPreRHneJ$n3XLtRU#tlO>V+vz=L zKeax7?e$IR>}rWB+u!bXS0}R;9xd_v&yd|AwDXRI?CQzCRi+6|iq_q2x;we-dRet| zO5cn%Pu}Ia->sUuyr=RR`vIkeGm|av+&sSgaqug{J-*MTp04Uz(<5NywNrgU?J9n! zxwEc>B*hrb&$%KlxTY_1nTmO!pWeMd7pJ1CN3);qluMfPcxy;tnZ~Z$t7kl7R{8#Q z#S)__C1Jm5$k9m-#pmvFI~8#9D%@Xzw_`*u^Axi2d+Dff6b z-~PvePHQJcHY#6Q?%=u1mm{n!B<^e8H8D?v9VcXXK8EI=+MHf+GJm%1YPV~g!r!}l zWQsla^36E9b)m)`VU@?q^RI2K;aw`5d?awopQDmL`;#LlyFPVF;q%O6kbS-DNA|*# z%QEFN=QA$JJ=~Y6IXOu0npOGkY4?~}n2RPh@v3Y(v9UGu7Qeb|){@}%9n94=OP+*w zEa!U`YI&S(Yt%f`h`XEoEs8evu^IaPc3n9+%kF~1ldmfh(kI@$!hFu)%K8=2#}4Wx zhpIPZE>E86bmaH_vuE@;-v*f;Nf4cqt5W)XRg$J?&x)Vt_j+d+w3w7DB>cLn#_#N; zK6Rq+&Y)9!x;AGQsZ4(}y=|m`miQW}Wj4t=V+o`2 zEpN9ewe8(7Ewe+l`q%aFML#~BUHs{tI_r|JrcWpMs5s~AvsQmI)thZHZC97%oC*BN zu@N;c56%Zo%d{|=`S#kcCBn<@n>yH9z7F&0Dww#fsH*Ez#~$C(?6NhJCrkCUTn~PD zUe2}1zUBZ!-N!HM!=`EJ7hhZ2zdYFO+*P|svyER~2W{YSNoV0YwBe)d)-yeC4y;d} zb#cp1VQmjJxjWZmvfQF&KNQZopr?CelFYiY4_RBb37$HxeW6UW)KgGgcapEk+lZ6w zlaC5{xs__TWjuTT$4q_hlQ=f3Ytla|b;bPk_-D-D+qd=ZrkviU(!{>3CEK_z2!t@d zj=6m3P}Mx&oJ~eMpKX2_K5fHEgSbDT6}f6{XP>+}KWB36xAhCVyZyCPB+my%+?w7# zOX6{Bd+<41?WT&zqc1A9ZV+xRGbpKfvF+Tybe)+8SDVe+9r^N-x76Hs73Zrq)-SZ2 zs1)48H*e9VcW<9XFWvg(;5x4f*>1(Vidu5c-j>a(jy23Hm1IzF;9P56y*hes-*wi) z-Ug{B?>E*6oxQK?2Rpu0a}=X+g|5uU<+TKBx;tzB#NBMR%bspT$BzT5aZYC~3Ue)*^Q zbMzv*wyMkaMcs%By}GP_(x3Vd_1_wQ7-~D3HS4}zaMF8*xXOxmg)u=jIaieU+rUfl*U+ey{{G02Kiyzt^ zRsR*clWi5dyXLytp9i(tXLD^rmCk?5brWw2ym?UObLd&I%Fu!tUHM_vJaQVldQVo* zJyrYK?RrdQc**6*>V4T~O7*#_pIjewZ+0^ zma@mPR>kh@nW!%N+1Gnon(7Q0p5m}YL6h`V52&O}?3$Ste!}_0vlWg8nMTPHc2l)n zYA(H~IBv2n?aEiz&4zcMP4<$M^*mM~aa4Efwl`buXv$PyYwewutoV@8;lNjuDQikD zFV-~Lx^9lSyoP|0)wR~S6Wz2PR41)Dm@zNn?$SEsL!@^fF>en@HU z)}F4VH!Z%1Y8{rAJ?i(SfHjj_UFd!3W6>mA6SIiE+EvMA=enj?hW1Ro9JBw|CgTfo zU+>iDe)!RN>)#^-^MakW*@7k0(-}EmU%8(9FrsaKl5*KG&6BYb!Ja;Mr(S36{%iQ- zntF#?W@N6CTcR@SgR7@+Py4jZ{nO`@Yu0L7Mus7?ClLbb?vu0%n`-Ij-mAPM% z-~7BiXOHxQjIYO=bKWdx=_~xY-sH#Zm9Z7=N5su1O?tZIfaQ6a>l=PdySpWxJ>q5A z&W?`oBCgNYr=>mT9-sI*@1({1=u1Clo(-C^+|^O8@;?K|52y25lRO>-Ctb?ByUmqR zxzFC}-P22oF|7f9hL`4MEoKBah;#_OUN zmd%tr81ggx)*AOrLq?wprdb;=N(EZ(s4}X_|oGp z+m{V~oJXx}?Gx0me4gby>)4#IWdRo#6gKU()hb+ir1SF^<`tr=wtdvf3zf8yD!=)d zp_Biqr+7-hhKrAi3~orQ-uA1;Q22!U{jO;m;e|JEglya;`po7*>8g!_H?ksfe=e5% zzH-s_-jL~UPaL%q>p#s^#HShO(Ri#<yHF%q7)=dyg{<;C;AckXDs5MZIp%WtPY zGdU@GxyaEyK}T4R-Scxzwc98YY}|Hx;<3!NE6*KVa>s1q?fp@LL1~BY9XP!;MmX^A z9-bo}$~}{RT({NRxpCX_$IZUek4!i&Z)p=S^-N#;Z=cn;_Gu$>GO(3%1QTrEFB?8*obLDa zj9X_~)UjXudZ899-`78r`oVc|?l1WpQ%~6{;=0Yvu&-i&i-AQXC_RZYAI?qf2B|Fj324?b3-rWtt;hqOSXC# z@w70?-OJ^!P0?d!we|OQ*6N&h_@IB}zM|{0W%o5Co-O(KZ|2e;vyQGenIo=j6F%$Z z_lYO9^=F>?y7sU7QQ=JAtxwLl_ho1N{%E->DEwLHiC2?e-E!&8*U{mclYVW|{eUZS zJSmNL{*~Uyo{(9m**ojx^g7FR^1+)vvh^D;ao6B82-`ThWE;npFR44s1*+!rmxciJbTH4O$2K8A~`cNUxZ#uy51Yn!t=Y0p2&5BnA^{~heodQ#RW;rjfV z#J@9Y_#gde;J*{|GRnp9PG!omiwoFIUztUxvoIg^WnJ^pEAjR&bKBpcYeF-!#nioY zBj?Zf&mgc*{?$C5Ys)Tu<=~oer_ViZYh(U$t8LHvoA2#=@OSNhhV-i+S-XEMcf0&q zC1EDh`lz2$wQSYVCv}#0XDcU9jE|j~T({Nld~w?rOP<-$GL1V*)^b<7_;vOlTI0CP zCdX60HKyBN)st!Oyx@r@GyOC|ihm`|Q)cy4ei>GG;?>RY}GACP&VCAR+Mm`K+L26BgZ> zIq^|%*5lCKy(1(Pp;oze`Sx^n=8p?aCOv4{+7deRw)ndn2e&s~Y?-r8 z+9rHqg>+PtN5j-#e8w?{UtDVcnf&%;*p}1YuY)^6*4s_J?v*R)CpgJgPd1NXw!kO$ zsK$3vPiM@lo7%e2wZ7s@cb=C#W=Z-nKjyNH^uyir zg|a@kcCp;;4}KXh{U_ze+|_@=uB*<xJC^ z3|nlR%NDb13-!z@ne{vK$={g`X)2fV)Ge?i>xPybwS3>*+T)X68qSru5Q1$Co=y(gD}5fMIVP^>Kz5gX_9}k=UBao5@C~7 zQ`q#F=Sj-rS?klQD{J*{nR-7f>~qZ9I%RfpPhR=1@{T?BON>r^l4-_@C zxGy^U_`X!Hp7mOzU$L($Rj!vmxG!?=N4Kx1X(ZR#28my@KFx2xwPyOXO)od?%#kyW z-PZkWwRggv9y!Ap;og}qowx$6EVy-k+}{9b@)+%Udjup9~_sz_K(3w z{+9eR;@kKF`T3d^t_MG?m&(57dT9SG?sX41)b?6?ehizu@b(0>)Z1Dr<$#cPB|Q_x)yU{hue#-Y8zABrwPofnzepqMb)cU_upRJmUOJ_ zyXng02e^9y&hHRwQg=-m&5^i`~8E!94GilggM+ z9(5LBFP!CMwAZgHJXdV3jZsb;$J5sSv!AY%&y&3H?qTKQjj5mgt)=(o%JxNS8=qgl zcz$5nMCCAs6pue5 zu@X;CyzyN7V2kp-bkT>3>t>4T#Me}deFr+q3hS|S#MW|D*y)5O;%`A1y?oYeq8Z$G`i0yjI zHk~muVD5Q*Y1e(u80W0sWZ{}g59XAtGxok9cFsID=&Seo5Vl?Me6Ow*uI$p-;PlmG zb{WfLD~V)r;eB(fJe%X10+^$^8{W4T7 zBkIW=2ZuCE1)gI6UD2y0le2Sn$!+=Fuwd!Qj*_3#R^B?I7X86(w~f{M8!bP|64>gt zzI^somUZso=6U}X?a);|AXjqj*Prmt4S&w8s*=lIQSd$J=W7LN2gap zaw~eB^olpxBAJCQVU;-t6n7}?mQ`G|Z+pc$W%Yc9S?Bj(o+g>nlfIncn(K~z!Ft~# zC!gT9Nu0d={MnH0J1;L)vzS{v@9wLk*Cy>c+q3P0hf9au+d}^G(nYVHUHe=#;dkYu z?%0`cN@va4_DJ`BVx;50_bg$xOMgYTPrLQ>5#y$C%T>I!)p=1l)1B&q__J#JmS!qh z?A>;vjxo3=_^G(*%xjsu9=#Ha%$(%3x5%I{T=~etnw6*07udd@v2o{?4Ts$2MEaxd zZn~12(p+>(dLFCV7CpWfyT4h_P}NBaTD~%By^Rw4&-nKxEJ@3o{+aeqQ=cETMcVhu zT9%^6Re!I&a82utJtgRFGG8aR&#KI{PGGZ>cp=XYhTm7VN#$HPQPz9<*4p|cv7nDN zE%O`~uD-M6O>kyjU`?Bh;K?<-^&ZB;ig!eM3S;eWm`Ynl>IEA%f7-BG_{BuuJWuOQ z`=`22Tb%Q$QnA`{mhmKBvFSz&^`)9$aIWna$n;$vw?(+Q`MaOhHOH3aXZj3Z_Dwa{ z(t0{G>U!w*Px)&bEMG^8&yx`ok4s%VsmEP(W&W0RXAgXN9j?4VJU}#3Tiw<-BwX{{ zvboPZemc%6p7n6+Z|>8%zE>Y>ahJW1oAoQ@;yq!R<&8}ouVbe7&D5Q7D%>cKdAZlE zIek@K$Hh(jbNAkO(&wPG`QNQi9#1bb+h#pmUue8q=6QM5vCOAN;(YwS?Y7=zEh*YI z*;F@0*dR?^H=_@TS-pkFQS_~7h6>sZ{2*Y?%ION1fEZ|nR)pF%A4k~2WX4CPZpeV z^8B^6r@RimIJ{!b&r-8}ZP|C((h`od?pXcdSj_@vrowsIY86Y`V!K+_RrRmUc2x1{ zp8rtRziP>wo?BPWUb*EnMWG;Db?v2RzU_V0*N$ykdwRXH&9#!kh1TcU_l88O2xR_? znNy_gbhgL0<$S!CqKifdQ{{QTsae(~pANg-`6adNaAM#lFOTAhN4*7D%k=N9m}S=U z7y;G)_S=dH|?)Es8%RPC^7t^fLF0+iE z2VP|Dkq!`3m{W3at(D;Em1UaFLOYIcFbxi9UDn&R^LW-g`{_E?eVWr^wdU3*d-o2@lpNQnJTD;-SntQHX);FI$ zbJe;@f3Nax+pB!ISS3N!md`%wVU68ODJ_8tX3KS_4oT&$gMYo~)dcX7l}xw(%kZtG9MxhVRq={0?i~ zd+37b0S-rt`G-nw>og`1bW+!wp*?#^dh-ab9?c-El}6GJ!I zOI_PO(eq))LZx}f<_NXC%euSel}PX3>RG3oVrFg6J1~Dn0<-UgOhpcZAL<(ypXXTe zebv2uyF-hsd!BGP`yJUXuG*-Ywb5phpQe;^lktWB4811Xf>kb9bRF)w5+tx-^8K|o zXS#N%tN&-X9$>TJ`vNJYi3eGp|M?u6GG(Q;udnrEQ?GCaVXq@ww7m}0EU6PYHaFC; zFU#mLyGm%}vZS)-_D?P@)U=*#d-Ch5PySchUk02kNM_mjLfh&;Lu4C++kXb1kR>-4 zUD#NTD0Hm1dlKNlpPt6ZBbEqv`* z>bBn6Ld{Bn2ajb!f9JDXKb?EdKkN0|En*Qy7a#BS&s?-+Qcm3R#`hta5_6tTZ|C7k z_SoEYq5tsi0QtaJ+y1s^K0mvPzpUNKkJH}*v>w+ zgrbo2u9wLl{uDm!O1V096Qf7O30dB7gKFcR?U$Ftf9>oE?ccPhf4Xwli@vV1X`gnk zn)I?rY5VD4LHib!oS7)4ld{*&QlRjl$nVwB9iExW7QbqyRx! z=I%_KGf#Wrr8P7E{i!KiSc z%#xU^YHMV50w&#^@pRgP$^J5%`m#QoG#0$R+>m+V<9bHN$CF>WwG_<=b~@;pc>hn9 zF#B9?r3I!J?q>#^&);YIq~}3caHMax+Jz+{YbASD-Z?zmd3(*Y#~bCowyvtkvgAJA z+*9CNHu(ng??XpEhpb!kUGZ_(eun}ZoP{iFZX)*C;q_;J<+-RmS28dRbTl0>f#%pgN_KX7oHcn1&$8cm{G)_(${yVvdY-R}vfrFO z5tP$r@%T^nlm1)(863B7__)Pt?wrO+5vO(>SKO3cl^-OsuF`ty-3fk%$3-QcD_<5> zi->-!dCrktc9rp#-sM|MrfqRp<#E8iS3^?5zE?}+^=9r%Qv*c|PM)*0T_F`F;qc1w zSmvpXT9fa~6g%>;PYaj$wm>`g+&#|M4!f8%pEjJcTv?YHBI>~ZdD$wP#6Am~VlQ@i z^A8tfUAxThoR-R0DDHnAp8Mt7B=!l9IU1U(uY_$o&9bofP>WX0arW&tVb|JO=WUca zEIwmj)Q2wP9nTtLy6$^023a&Peh8koY`cx&hj;%OqOJ&~vr<~xo<2@uin13a7yE` z2bvqzl(pC&hv(`FUVf^sP?X)f?Md0CCa))jQK=GdCD~;{=BFg>DU+L;tB_-))MquT z>fj_xi{n2o@13|@OFQ~D(*pbWtlimpXE;KiUt7|3h50h`#^X`DGex&6MsDXic~)fQ zo%OuUQ!N;-e7MaL!)p0&YnDc&<2&o5r5?(fCsdwoEG{?c5%GG-k$TW(^2wEpw;gy; zr@YrYJNubX9|!Y7<+ahVn>_7VJ z&n>z6Z1R>bZ@WsDBvtlkNoyGy-&^aR^2YAN$tOV@t}PXR=;mg4C&=cLoQkr-kIps`?LleCDGIreB@WS()$J<-$ zqM72${w-R4d$F7c!+fu;ELxsEA8%ZBz00wk@2a}ZrpN73EJR8;MuOM^PV}p_BlQ~@*^9~jr-PPCBa+_sMWVhVTqyBkC zPLn5ZTGeJ>A^c_KqEwq{3XQWCYR7C?c$%0~!l`BcHfhs1LT>+Dt@z~o(iRQY zXmwM~O`VHBeXD&u-|^CvV-judDy_>7t=_WomGza0$BfE)WU9U{x_jh;3)dw6m_J)> zG|o?z*=EJnrh4$)o%Eh7CubbzEADwVUE470NXI-smN&&OwBjcm-^QXc`A_UBi;mDc zj}=Tkh2C4%8D5&@bM9={iSP+GB%a@!VYXc2?OC6TM^CMumt}UWZ2R*NUS64H&J$cM z%s3Q(@t^CxxcwBn$h^pjeG-hfZ#7A&Mw*N9%wQ?>T4u!M;lWVgYGnH_(QUG_$ioR9 zHz&?B4i$=V@iY{>BgDBfDbi-ms*e|%11t0D%l1?yE!}cw62tjv$`iZNj5>{+48QMq z+ZE={&T3UIsuQTZ^5^bkQJo1|jBR(yp072kG|||lDD7c+t~gMl?a-kuaw2JV(K3P) zXRX>BsUo5LbyaUqD!0J0L*>U09@DDm>f;s+OlVO)EnC%x!xjm*;X6>bR?JJG6M`D_5Hb#|*bKd|maQ zK||&3`Ad_uThdb{f4Wzdg&7yR&V6yVt;o=8sdvGX2L-Mnza4KKdE6hBe{0I)NfvK| z(ogkjXSQAPm-uQL9h7e0pjdXJ0_m-A%Jf8$?s-JZY3dEu!ub?2>it(JLM zxvu@_w(o3glT_}Ae6qLt9iy^y!^!#6(n@qKl~29<@-eUAuA6VVU(fO?^{f|LEfyLZ zTiEaz{CUk++WM(+W8a*=S?byIn46w%jLx(-?&Em<^TI@?BXXH9y#7p*>AUh&=S;y4 z<>h-_-z2QO<0zu6%=_c}N-5(fZ*|{UENxe*`#d>F{%-S$!==k++_lvUPB8qm^YKgnCF>GN5WbCJPU`n`A0cE7G$>T$Q()o6qEm4xdT_KQE> z^3lHK%X=}0-HUf__VajNAaniP_7(Tj&jdYr-u3-_`}W*N_it{yr*Qk(<#o3--72|n zn=JdX^Lj&B@bWvKJePK9{#h|$C2w>18x@#SuJF?KNnu)n{S2i{n@#_iuFOc$ z{xs)7>7utr%ULxxAN$Iksk1dugrlI(&9_ues#4YENQL(Iov*UmJ6Hl@SEigyfADzW z>RTqKW_;RPx$ItBg@&qH*)PeI9?tlQ-yK&QS=;Ds(wBL1Ev!@7UrAU|+TA(o&AHnX zulIfB_$rldy29aJ+KH3eO?>WNALn;oGY@<%WGu6;`pf#tt8Xv4+!dFwU48tYwxo*D zu~iJRd{z^xE=^mm^JpUbfzC(XyWd(Rxu23?$iDD4rMsGA#svPtxabdwO+SuB7d+T9 z;p61KsW0=3nI;_9zVboS**$sNWWR}f7oUiGp0l?3)-H}Esi#_5lGhel@%}bh@?gVp zN!is4H}06QOmfGu%#%i;-PKb!@7(tB__akz3<;?x<+fB_oO;Zy_}+}edZy}wO0RhQI&zhi{frFw;DZDG~M=SalxY%k$3ip#~bzSP+N9uuFNj!@@JaO zP5!4WL}#m?Zns%svDQ4}sp69ub_Strqko1{Gdff~AIrY*diG_;$tRPglaJkxkIH%| zpS{!G@5-?>!!=%3rE0zB?5h?Q_g#%rUYT{O+*dQ_=sD@0?<@9PJ1L~0EOB79c&0(m z+k0vzaX9gvO z-&K@tSnqq6NAPFa#)pAr{~4?v)(J+&asTfAD0z$h#POwNmrpnzb5wtyv@z?F(Q5nB zp6K>IqfC4KuhuZ%$c;#^?G{5vUOPQs% ztyBME>)Hz^Wu9DV(#*YoYKQOZ8~s`96x{bPU18}lm-)IfVOn*%!JWCUJh@yWb=77r z&gWf{`FrPW-M*<6=e69F!_=84zm5#M)?HxkUbdo|&9vC#cZyt6%qf-N?-5*ES8=FC zZ{O*5CPINv{Oihx(;}80t12kIx60jgw{c}HbMdUXJssu?S<=5O3n|g#o)J~NclXDm zUW*>uUrLHSQm?f{OmpGXzR+#oR*PLXc28?EQ|~d$_A2u@wd7XniKTrNGkjVEEKO}& z4@XCw+%lAwqAH%vAAw82f zzF01)%UbO+af6?M*3x@(rVFim=X9;5+Gf*}$9BtFVq83AW^I{#=U9od>c&p9p6%kg z8veU>uw2u<*6{4D9wtJRes*y{fp% zU`yrMeG7i|9FaY|@@?23+m+sRpI-?Z9(%lH-UF$%)l2Ul%ztLUV93C==JIUr)XjZC zYxPep+9@Mt^Yi$`n{(wRu2%hfWK!kYjeh)FGb4XAruId=dHP`A-2-1<$Fweazch1` z>$5p0eusQN>ziy6#n-BGDJH-6=da1$Qx1l1yqEdw@3y&1eV278@8~>#W)e@^`D=SF zKMH@d`9tv|y>`0=w~}sVv36@aEMW4_3H#c%T*XTL+p>l7)A#)8%KEzZ`mHtB-1Dce zbH6qxy6>3iL#~foCVqN=R0bYi@&{2nBC+3eM<4s%FuNySH3WRzcl++ z&4km^xw)_Jr0sWpa(!#+CHu`f`hF?_+y>`G&-{t_q5C2I*go;TbM-u0uQso{vZEv6 z-8(b>f6M7<=+zZ&f_R2O+Gzypb6>``3>QYBHRc>jfSB#R6wj^%NIMlTB+1gu~KBpUY zd|&;oOk2SE*qg?#qig-$dPKVdZayS=3{ zz!poU=88C-=n9UQ+~=~sQGI8BoHNM0_Ce#^gNk=rrdv8UX5EFBeyXD&c=CWn+9fs$1yaFY160b;|J1O&Zy`@V3GCSqJbKJT7 z3?&`h_)QPyZL7R{NwDXO(ysmDSpqRHKOQdJaZ-Z8I9yp;$>Tr~3tGOmTnQCjhDx+yR>yIxhCOtK9wC`W4b%rTVrM_2iL$uSO zDY`v#7vGw)gMGj4Dn@(h!p8T$=5Dq(Y)a1Ra(O%5HhY??%)r={xubKo@(*{lm8u_{ z{Qe&8W8dofe6`_iHBXzaC2Q2q3YP5dWM>vpeZ;fqWKZ$gl)LwivRL1Xt7Q$e>I**m zxybnP=LJ(2TLo5m=XE*Ukj>&=8=w3$$U^sR%&)AsB0m2z;^VUB|4|7zt*LdV`Q%x) z-WMfBuPz=q8s#&gf@yKQpxdh;pH|z|)2AO1G}*~NIaKeDS3~NI6uG8Zo-@tWzF4(i zTXye6G>6?g-=KN{r^p#*Uh}f&OWpD1pKW_QxJNj$eAdq18%OQfoxP_!Jw7w>TI`Q$ zS95PUYNo004eCEO>DX?Uo97*4QlEFUYiuez9<|`tpOv z*1rkV)_RwGT;#6BoqI0Vr>8S^D9HO||NOUQVUW%8Z!8%*?2_k;_lhjL91wi)xT)!% zDxYmPws!Nsj}_az>_>LQX8wGQzLNOaq9i$a{2Sw?_&KFa%Xd%q?wD95>wmfHROuC8skGX&+b8TR zUH#1>pe&$jzv>cf8NTU)N>ZJfK;e{JQ0$*z;iwr3ag@kVTq4ZB+Qvg%-O z#0T?G&t+c>SGsz}3Rdj)zG9=jMncFTy!@2ogR31j{>yc^W=*g>uG_WnF~`@}8m`Zl z_#Bqk?wfih>c^$SLHC!$EQsVhG&yp|3Rbf#rMBw6`!1yitIk>2u%-a?^Er4jm7Fg zPx`fefqxg;NknDVDdiSBZnyL4pTy)RJlm2s@!$_MW` z{&-)yeQGLW%FnXL_jVOXoJ`CvE-_l`eCx3DqsPmhZckh9DN(F5=7w*Hc1mUNcnKKiO+>Ow31dzR&!^a>lh z78mDS6k3qp_4@fmm7b~Gb4tFind^5xd8**!59_`=Ju_H0*)n^|Esx__XZ9qBObd*a zeK+T)dVbZ3J(pQpR<4YwmMuKucHFv5_pV>X_cgk4S0&`tqFyimaQaNmeiMza$z7lC zcimIp_#t<9<~4Iq)7vr(?H1pcno1~Y^({MY|EON5SNGOAPG)nr=Szz_OTPET_IcW7 zn@YXZcTyg4I>hjjL8+zW$L%+iiYj9-uDW$seg5oA^vJu7dj z?5$?3#g>j{;&q$vB)n^=cj7#&t2g9rLjkV5J>$E)i zZcN<3!?1Pw>g-;d-Pi1O9S-T$Z8S2V)9+3*trZFzpuKqeX8LtgBh=bZoRmkc6E6VPwVrS0k;p9%G6u(Fdk&vIm@Ie zW(bgk0)(1e>sY>uWUC8M4@?N0uq`Jw)(`1jefJdP-^-JLh}#Wp*!5C7)o>Do9J zsiee(TAW-H&->$Q?w1b}7`(nHUs|^Jdg7Ik^V*5~_h_1{*-cAZoHdW@lK5YaEjfF+ z4Uamn`qBFJu2x3Li7SRNIve}^qYhlj@%_4d+O>zx^#ZGS>sS9!pedfAGEsP{#AO$B%_OqpGt2Oz38PTs#?S=^zWJVmc{_H{|wX9pU1A7zht(y zqRqvE2k*lEWVe4<`*q#)I{o|$mOUTeWEY2jtUcdRD){uAa<2%hLxJ|9TQVoj&XpgX z$A067ugd(>X=U#YTZ@1L7(sLanpHk0?Q<;AHC;~Iw5_q zPNFyYm{jGlXuCaEt>Xn>pO*a3(AhI1|7Th|v&~h5Zx`6S)9x)^chNh0$?I904Yo91 zWc+=`Kr6=gv1)R>XP5M`?3uFN+wV!PeXSj-yT9hb1TIkh$ob-$Rm^UEz3(UIOt237 zJ8^p8&gw*IfyGU%&K{S{@}87kKbx!Mt?>6wZ=Y6szs|qIPiM^kn{fANhThC#(~Daa zTI0$E-$zZ~C(#|Xjk8>nHTl5TqZX<~>e_P25C1cW_&$smcdUIb7P*95tM66C`pA!U z{YxXGZr^j4f0x4KA|Lg*|8T9g+y3a)H+kACG}c*#$MZgs`Zi5>dCx?C4*sP+Z!Z)~ zH!>>S{Uz2i_0rlY-x9k{O)6Y{Q>6WAk=fMa*S6$sx&1n`W_QKO;CWXaUhe8K*4W;i zsoxXk`@&*<#l{ESJJ!a=d)CW5}0m0 zk=p!(_4f?r-&g0J&57B3_1%{4r@U$}I-mD#z2ft$Y<1?h9g7(nj9iOm)g1bD^})Ow z@BBm_t$z{jXdbntJ>N-NeX;4KLw7PZt2}$}rCk1TZ9T@&CSANUXeLh>!Ph`Gd<|EC; z0cR)e-fwkfw&&JJpA9Ei{J&4Xw9fJ2Vbhh>PAQ>sQ`5?f6f#54%uBp|Cv0i&O^@$R zH*CUEZ%p=^5q;;#D}VoK%QsKE_u5cpM?%GUk-2L)Bkpd$Dy6^o-22mewO$KFZ%inD z8Trw%oG0O|uz@Yd%HRaWZBNSAT=Lkly?Et^_MTf0dyL=49j-0CW^}g7=ID(BeFoVl z|D8B#9CK@TLhV!0s@un`-nG2Ym9JtjYPsh3-L!vCe*j0EnP>8OizinCS7?Q-mt0e; zd@QVL>hxQxCs}w8l-XRpdPP^gXN%FBFK4~OL{G_Sf4IAEDgP~Hd8;p`hqG?gY!fy* z&wi@n4r`UNr^?0|XLdgC3AbPW!rWYPYWk_>L$kWYeQ!HYY&$FaS!f=|>!@pHzCxcI z&c6;kk+R7yXh9OcP07l&>l7#aIkq`Fcwvs6BbOq-(B#*BTc7{4?YozjKOvzie1Uc3 zrss1Sk7f6Kl%2Zw?d=5&$)8sDUOXR~QQ5XSQG=(vX2yx*S%)WGNcnSTo}0bY7v1o~ z--X=%c}Tp-?%TB~yZSIs_n|rArJAc{^7Nici_KKIt>^W8Yxd2_Dz3(TS$o17<*SM~ z|1(H!&S?$ix^Z&VA^ip6NBpg`qn7NsIG)edSa- zHucSTa>eKn15fwxv*(@!=aV&8H>~BO7hIT5ftW7 zyvZVFUd79^K@)bSDeg4gSemxTDVe3GDpX_5zv3NrrHi)q%uZgDo1)=!!oXq4tlJq{ zT@LTxhvlA2)_!^1RG~AvAi1YxX*KH>iQYC8-MSuePyA1^V3wDFBYq# zxo%B9@>W>n7RR!fhf`L*zuYy?x=38{cZm2#*;S1{zpvbTJip}3p5FKcEWfWM_J3c+ z#~Jqc-qv-=#XG*Aw^+q5^;zTGn=fD13eIxfYgo4Xy?n)U=55)lKHNR*D#vGk^ZC*u zvB`}ZuFeyCo`gM{T-ti;IMX7p7uV)ae7R44p9Z&P&=Q`W>!FKJq;S1jzRqGD^P!g0 zQj_kmKHBXo^vdH~TTQ}~>oV7tFLd3!@zPVRec_I~SG3p+PKtD_Lhm={NDVRFYZO^ zRA2Vr@p$Lz6h7lUNn6&=Z0h0ptF3qSLcM_L(yTK^3;u3?n$5`?8*Cs?ljd%e=Pbm$yt_eUEKN{d60i@Z5+08Tb$8bxJuI zPCTdWp<=|#?6@~HWLtN}d4;amCU1pO4^926UF~?`(9M}af|n<`#`oP+&RN9Mw}5Lw zi{6>tu@bvjOCDbcYn%PhqPg;v1$%$gZr;rWrzH=*%1-v(s$|3ZDl7WJi@+@&Ia^L= zmz+CrwnxZSD073y;WIsq^A?0HDLbH6R=!gA&8#xTMGrz^%C0>#sghbf)5WDZNLGtq zJ%4KSNzpCJ+1oD!`!4cXvgn_Q+Dxm>bEkXt8TRYjx2DHto}9F%y+7+!>+A)Jef3Mj zc5f;VdSu}4H^n^J+G%%Pl7ip@f60c`8I8p-;WPfp_yAgZkZB) zY1tcDlgdB)gnQ?#ab{Z+S&?v5GW?bH%IOX>_Rs3_^Nrp3;rxsRn;+X|Jd@uXW@N%E zDA06ZPSURI?1*F^rDWMvXZQ8zr%DJef8-jseQWDu%lH2mcr9}mbVi?%?tD3G>^<+xEF7zmK)$RG2Fhk#wgUbMKv{`l43*Li$z~*&~ldXI5v}Obcpw zQo3wO(YcwA;}kx8>4;=;f8F)CG@n0CF_}lTttk7>*7^JgwWet{xfjOxckZz_U1Mar zr&8i|wCifQ+^F)MPo(z9dEUDD{D;H3`rw91UK5PmpT>2r%FsG-JX6Qb^2@Uw`9imP zwQ?t?Jlz=OxcK}^=J`82XMSkuk=wWR^ZK{5AAa|>()DmL*u=bp|FGzn*c-~<7k=3J z;Mtz@-zI!0{Ahl-`l>_Zm3HU(e%Tp$MdoQW#h+)`9PZ(tzFuvy%&hRR-ZMURuM;lU zcC1@m(eHF;p``4wtkBwzIvRz2(RO>T6f_*zX2q9PF;Pmbv~cqEf|p+wtj!Vhx?ks4 zu_U0JXWP~DPkj$Ya`5n9-s&sk-SwP5puZk`>@Guk4&?KAKVX{E0%>#dUyB2 zJU2InuNLclKe!*d%YA6NU3Rp|QT`Lr`>$;;xyyG=yU=!ppcUW5{Z_6@w2_1@ZFUy~iSYDLvb9+nfwu*C?tiPEo zwVp09RqRT~RTeGxoxiSJ`;|X~`S|8}7AyZ9R6NLGu(){^>-uTCJ&v1c8erJ9(0 zamh_(lT-WRtiCVlyZP_CwR>UsvrVlYZ69wmEZ7)0E9=(X-9H1=-)%mA`P#x#DM_B_ zhT!JrPmTAM>@I%7nBNe(vA^nKx7VaQ46hc;d=AW#3K4b_p88yI+FDz#jiGPf={)5% zn&j0yKWZcEgdKlh8FFzPv(5a^kg_LYvG6$=;ReqatbRHz>jYJ-LyHa>`+8(X3Z7rC zJaJb5pMBSYX?KoKxqI@R*2@f=y_Zv#J47v!$}xUhv5aS(f$^=`lf-q;?9hGU{7mg~ zpVpB?DWmlgETt=zHW`Z@(VcKZrMi5zz+uCm$*GAwiS1P~6CO(&HFq4To{=oC?{#+P zq|0pg?pParKbq^GUw7gxkCsRNT>s+8>z7vU`E>8bGV!^K8#4M1SI;!coU|^*dQ-LF zr5OUpdSWZjORiqO<*xqJiX$bdd0)exu9L1m!Qgy+FXx2ENxOxd8O52GhSqG*In2Dz zHtX@0^?9-(eUC-w%7lyG%jlROx^tD+BWZO8v2%rIogB`ep5XChR%M^Z-6`AsmNg0< z%v&_!QHNlqP5IJZ*$VDC^R^nfr35v8-11~rf$I&?)FjUHr!?4FTV>C2eeN?1Q|{q; zXY*}EBI}&o35}O0hlwY;OP>qxUmIf8)TvUzzmt#S6|28g6W`U7c2i>|)XE<2c(f+k zTWgX;V^6^G6wfCg=kAdE@}lX;(yp>sSst5S9dtOq*Gl7Nvf>7huO=?j)_98FJuP?h z(eiedH-U53Ck8I*5a*USe{GFJsGsL?o6wk+tty?dAsV(;SGqg{j-=12)hudtYJETF z(KLn7naX*49xcoWa$cFQ))dAw>CYv}Kr7B93cu1wy(*Q@oU&ZXpeS(A6nlK(vQ zmPjf4a<3x&X`B-``>+?ye4XiCSY@N$O7CNF-qs+1nfPh} zci^Dmq(tgvyVEhlC;r}WROC-=4Gs(9+H*4iW|X53a0JXUpe&ZX84C!el^ z9~_u1mu6hlw${*i;M$3r&=(4J<8_G`}xnd-^Xvwl)e4ud4Y6)R7&F% zF-i6>E5s^8Z8l3t+DMriq%NJFH9_U|jZ2(!CahZU`K0WsjguMpgYQl9Y`gr_lG&!% z$>-#z;?gH~%uk&uZrHmrIAH2CBOUME%PwVg-(9J)QFU|g{kg6xmwd!exv9)a2|Xs1 z@7%W6Lu2>m7w2y%M@IMNAGMR;F@;lYvwJK5$Ar&u3)dO5r5>|9_+3gC|D5MdtIM3_C$v^uF8q?t+j6k(qJ^3pVW73Rh{eZ}59nOmmI`WN2XytU8e_+smok}qEdsdOcu`g6B0%ky&QTSO&)VCg z627a~b>k;T=4*TXzu8`u53U#dp;h!uGne&HQ+PB=bjd!ZG7=xA%%(Ic0B>|La~=Fp?NmG0K(tiyGe$11m4Fv}jT`hKjI z$yV##Cjn;HJsZwed@yjw*Py%4h6Ecd9@l(ZAdva7b9@Dx8?H|2C# z@8SbBX4aRN-eJ4D)3#&f#?C`O9$nQ{Kea-8?%}S5i|+I;ee_Me>*b#8rH*=YE^kh} z>LK~{*^c)-Yp-lOvuVNtGrsDeYC$(W)4u12FD*E;?mvU!i>;g6P8J$iw~L<5R9sk6 zabIN}hv_9pom?@C6U@y)RYm=~+!cGGckO!K=fAho|ER3eIk!oVvL^|$71&m;51i}S z<#T#VDccVH4yzR52;Wlehud-)>TFl$6o&Z)+RQ%iojdz+x95Ugw>QN_%v*eE@2pBG zO}mK0VlwhsA5LeNY`K;^%_uD1T8sbM-r2r8%*zb?&hI>uU?}2t-Kya9os3(TP1X7y z+?MuRkofWI+S{HN7A9CeUR!Jx@=4|PuExuz7b4GX=ZdtNw`k5Sr_FjRi)N-gn73uk z#oc*#x6L>f8Z*hNgl*O(N0|p3EREtxwHN}f$hQZ!S(*xw#^44bFgW%%??o8`ghvzi{I$ylB| z#<(!++$^nUAx9e&3@l__17;rNY2A1yboT@H_X~4af1k3xR(faRPKCb0OOr3W?g`y$ z^i|-^lghb9m2V@1&YRtl>nfaeWmoT~Xqj@gP5E5PW)W{~S5>YPyg1SJ(h0NGMgC{s z2HJGJJGxVX`E}ry2ivDh{eE)Azoc7Rny4vjHrZXE4pI`qxDn%ryO76k6xD}rk8|TUG6nV5& zso=tyxie(M0_W|yT5Krz=KjT9&9`TD72Q5Rqxx#FK_sXCvHGdJ5$6oHEqy+>OkjPJ z_2f_^p`uF`PkO2^FPylZ+3JDdjmvs2jYrn^Pj8;pmdkzP&X%2hpH40={k`Mh*JUvs zbJEWpyLczmo+nmiyMNwc>m6&Q-&&XCO*nZ%rrAsH*q8U&GmoaHEY?BM~M9P;krm&Q#6#5Am7W_Rge{Rhw{aEg@ zgJH_&ty_IFpL!O{&bfb7&EkE)+hn1){T4E_E`Mm7R?1u9Z{wa5^EDrNx zcdU**Jz=|Y#ccOkAroq|*gWL9&iIK>;x~DnS#w?BeSz?L(U@x%OSz}5eP(DFV3%ZJ zH|6HC;6@uCkGiNC6GUq|8{ZjU-y5M`^|oB%yyW}vGpTQm{cSS$w|?u#VXwiqP4H0W zAyKYBAN&I&Go@@6)*LY4^<8|&aNnop1<7$cSM{trQTSA+GR;rQUzn|t+&tB>aStUUN^YuAp)f!4FadPNRS*%^FWX}-vE!{ywrRW0&SvwgNkJDnA2mv!?E-99&# zC1{SN&Ey|f4)|vmOzdP{X(MxGOQ!GZq9^7Xo!&k(ym$PmLWp^`&FSB559WEi53+Vk z4M|#cd|j>9zQs1z4xDC5y-?n_jy-7gsooQ&(X+W(B07T%B${t+GkGsJlc$X1;lBJC z-`BbO?r9F$RG~6)YX9=6w8=}h&0W=fxFnV}-*3r+FV-)fnI>o3^2cxe$h!Hs?6#ug zTeI9Xrl%Bc&zt(R%ub;?`@WUuhAxX|yZCv2yz#HP9BU}3@c7>D6_0*-{NmBGnwu+a zebjM>`@Fpw6U!}Q3U94=aqHdumFsUQ%`E)-GCWCJAyaUBeQVjVtZKO>Au1gy?PbCJ zpJz2aJFCtluW#QP#TskAew~)bVh!`Un1Dx1)}(70Ol!AY`J+@{Ps~`3Y2MW4NB&$3 zt}gU=V4e8H;9d6KuKUF%XN=zl_8Q%Kuw`@O#8=w$Dl$Ai6;`Hb9li0H`>$PQdO*j4 zBS-sXeS_w)?c5t38QIl1Ev7d6(vlBbgid^ZE?XUDGfyn&yroQEyX@+|3eV%o&$OSG zX5O81; zY&Nuc!1c7`)}03hg%@WRX04g1r83_-X}x2$;yg>$=kuq`dbW7Z=>k2$KE|Uyw|bu* z{q-~d(=pqMHI+Hmb9;6jy>sH)X$wQarX{88(jT!O%5RIaxqM6eET?clftk;qTvO}p z!kP)1XJ$UpjTc&SFv_#w%w6}a!dzp^L!!b#?$b~H*1BKe?q3^s>7kseI`^D8p}N+7 z0&PvDjN2204C79g%HCW1G-|Fx$C2iu=PSOfvQzu8ylsj9MqZOnceT*3tAh5P(|oAu zc#rG&oTJP3u72qDpzy@Yu6fp`p*OcLd~ogQ_lB=?mF~a2pUEb8>e$`F5T$gTD35bj zEzVh8%UN;s_(GAecPlp+ybeq3F?y?gdEwIN^5SPq2G$|Fmp1k>*c2Y+jJY;v%?)R% zcNSm&ygH)6aQo8gJ-7FjJnnMY?es+K<+W~>RVvxh7Mi_F9UiG} zWPD6(tEJ4gYZT#gH$cmXM2wi=)F>8I!(Yfu+{aG*es6LKZ zr=Q&Quz{g(xhQ|)G0&6oey_{pvo5uswz4p6-ci0T;vC~oX|BqZe^l2;zOFKIRC(Ph zVPQJGvZTA{gX8y*30eu~moJnrH9G9K>OaG4d#=zuJ$Z_oyUu1WSUz!1`4Vx}O(%9R zPYyp*I@{ot=H`r;IYk<|E)1T{c2g&8&v{q&!9pfDZC{2_luys4XC_|1r6%5sIk6_b zabDAs_7H}5MI2tw@5g$aRC4YK<=!uJR4`e1UWI*>@Q$bxuiw?U%KV^Z2?lRKn9$wq)1SBi~t5r#JR|zP2jMYG==u zLf=WYuP4_FpV}z2S)lObnxCd8Q_?2*Pux8(JL1%fXT@DsC-=B2xdhHJRKK>8Uy#Ku zy>`ie299-UvA%QvdGbHMzSiYdbKAM1!eg1AIj_3A+wEJrZOH+-=6efs6HXk@e$uyW z=hEGEQI20MmwKNpubjAF?#h+U-q7N_+Q{1)5)HOlYi51vlx8YVs4I2wdGhDD<)g)x z=XvjZcAl(z?Ty#19$mhl7RiBYZ%lrwtWvj?(OE&^1H*f-jctjazq}7Foy2S738hEHu3QtCuG!Z(bwii`3Q-fK@FbOv2CKrT51E`IDQnWz_j=88 z;4tE>Dau-NqM+Qcb<1I$U`rX9kc~Gy5_MMh$MkL8o4;uHN+zZ7E1})BOqq^94H(}# zm1&9GJny`C`_%USIq9ZpvMO5~rR?Vat$L|jV_fh!&A|HETIYw;BkDe!vkFzYW!kG& zwA|0NG_>dQG1i!F?}!}*Y*mG^s`Fd&@?~_im{U^bHQ(E^=!5MRA>mqs^2Zsnno?GN z*DbkYRnF?!tYNZhytY+$i-lu&qm|UFXr~QZ9Hea0zbwD`;-evR9$V(EXEke$`D8Ur z_GN4GxG#;_cHzQ_^ogA39kLhp`!y+UGG&=~T{KDBLaG0B;xuJjjc+-ZPW;*y5wIcM zq40I6srbIBK4v<_7c^Ff8&!JvFST~rwY~DsfriI@**_=E(=xia`L|Gk<@C+h-@dci zuCw#?tjR%_Tdb;2u5_Jy`g?1c)!c8Bgmbzi`xCTdzq$&OM{L<3(k8IV-#L7R`+_e;C+seB1VMI<>zfO;VXzbgCQ`v7V zJk8g~TI^+W=Ax~s-hYPVOeOy14b*BZ}G^M#A>v}}4 zezBSL-22CsI1ec{4h!k{waG7M@gLzdJ=XQ+T+4?up0DFR>dh||>i%o?GH;Q(z2d-XD-l_!$?viJW8e#rfv zD~i*!`na^4+2n{gtG_Gu7(dAHDZlpW+@5r$9lO`xW_SHKZ>mX@?31$Z97clw8M<#2 zM?HM;%=F($Z(%>d&FOnz+v#6izRfKBTjGVno$aDW@BXp+FunI)_=V-YdhUNVeO)hb zX@BPF)vfam9|>Z$-mu2aNK2pLPgS?~k4D+2%NF?PDzHC$ytdXX)?L8O4a$xmWyAO3YT_Y_HKsN(l} zT6(!OFxL~ zt;ZuRZjJU!_1+~9D|X*`cId)t^R$#d9zQNVs&x*Y?Rhc3!zD@b%EZ?(HJp{TmOHMj zn-y;JE_v4a)NEzTiMMr*>-g7g-I|&bQG4&sb>@|tug(WgbdBU~x>?_nKI_WmT){il zQXV?nz64*|QgS+ezCw|$R-T31nHO7hEvJgKep$EO6hSL^2nH|5vTG#H(@{V?JXWF9s_S-s#bzL6kmaOU2O*}O9XiS%k`;MMD zJs|-LnPp$*sZ7<4IZ|-9xBQsa@tI-2=FgMg&bsNve3{ZkbJHgnTC5kGd+%Y@93HOk z`)_|c^i03IT)%>I!UDy;*#~u#?{l)q?~R+snNjo2(t4UnujRVuHDrCr5j$&6yYR@onh4{0~dSSiYaF3U{BmN^#f3rPiM3tbYf8`Khw4P)TM& z#j4c`HNE%lgj_p#sPD(u%NpCBMWwYixPX z6l>nuq@lcjZOwm%q&KVEbNUWk_kOVQv2UJwOxx`%A*W_#2R+uFce;LE4f{vtn3qxQ zjk!6gM)LPu8kmX$!QgbNrjz)J)hhkM~FwUO&2!18zNUBx@YzB?6?0K z3v{0;hep6-2nO@zpeYJd@ z_N6T^doInWSsL@J>-qC5U-bE6k3KvrCF&a7R{B0{eu&FXfx{a2cgXEsJ#XuizE@fo z&4V;%*zVcP`*_){Lsx4U^_I&_m#S_wD_HpZ+P&H7x?h?eSqkv|w9WRCmfmq&*J|R8 zu7}}1FD^V%-dN9lTX);48}>(A-=B@#yzlZI^Jxc~wCiIoDPMh%kiA4SNl6$v=Lu^S9k96mbLGcB_73j zEL)|zaZytS_~zh~Fiskft|Gk4|A*|<+eI&s#mxzW2tR&FmV z_{aKT`w@PTb7AKXl>cUsH@Wy$er-uWjpC2zwX5qF{qRiO#*(t zDvV|8epo9Vx-D?UpMXSp_V0!hNvS5 zYUkDLdpx_ZuIby78e*vC#XO-fLQeX6@`fwQeHDk*-maa$Hlq1R_}lEiQ)OSfsn+hy zuex?&AK%&KcUAv0bfn(v`F%a}nB$VCNegzC=*`u79JYtqf1_&EySH8KffsU3PTE~8 zF#78e^^Wz}{G}1y)hvuoZ_fwEs4cG(kE?i>YQ*zl@5YFov9pfyUrOx`^jy2Bon2nr zd~ML4EmywWJh5}Cpu^*Nd$V32)+w;PH(SBUs!7YT#&KEfq0~Lwg^YUF`)aqI&1d@2 z@3?D?pb)lh((RGu8K3 zt<092x$vIt+O4M_$Qa2rt>5fvll1IVsFqbzrEJE|MPcffA5Hf4*Hk<;Z^!D5HLD(Y z9WmeTU8ivA2$#X@%X@>bt$94{!scZj zCXafat?Ntk__p%7_3osNrDvJ${%5%4!m#muwCnNrN@WTQADg;;E4na6T}5td;Iw5j z%k|Y}Y~^ zT1?@FG+D!2+xm{_W|i!+DSIt3=~m7+rS<2HR8mzPdmcOpQ|k&-6>NLQR~-Iqx|UDx z0UQ2vi&rjk&MSGH>s}OPckQ_Iy`6vEz4o*{IP|)~Ds1-s)9mLKOS}(VzRx^+SNP%n zs4YH=y0~U1Ydn_u6;gEj{dwhy2Su~F>i*R;2C42TI^r}*qI|)LvmUpYd;hNby7Z>@ zG!;9BbD8;TZC1GKt~hXV&135|EsS67pTBf_@WuSC-psa}8yweaOIK&NYWSU*_m{Ug zs`O=ln?i$?)Ya`*rzRWjJic<_U2*A%`H>&?<<5F^M&o${Z?Sn<+uc+9@4eGr;v1G4 z{PgTjk0(+pm)5+Wa3-9k&++SW$&8eXr`|BI#~)iFTgzuDy0UtqXU^@WKRdp@j69$B zTG9I7j#YjS6FT`k5-eZ74PB=k{MqpQiq(b7o>}DG{B>Ea^Gw3qb5&g{c5^Dv+qaEn zg1Dtk(#qq~(K}DFUkJPUcEznC1BXYO(jo;TKVDugx~R72-lL@_52P_mE=t?JQ{h3n zXoQbf-tEiHUAadO^hUbb1$xB%61;OzhUd25!}(FCceycqSU%@NmiO%MI)^RKdv$Wm z5m8>Ib$zDwtI)`$p4@FGZF@6cnCGl<*;F{OF{DLfxg<;a$CY1x1o*^E?z0dL3zNF= zBm)b{b;n)zOe~z_SCzJNmCM_uLB|Uh zohjg%Keg1#^z@F~8$KUo+p$*emG454XS;I6gEB(;ysNvOJhe);o_nq@$}HkB^TgBP z?wLvpZtuTrdh|zfaQ03oRt4sJyI$D2+&HYWByH2wi`RYcN(G!_u#dXDVGiH=h_bgk z3JPC`zj?>h+-K{#vRi-QZr+orPcC1JJv`@HiMi^OH*fE)Ijk>R`E}L4#d^m)C6=$} zs68LmCiZ&TpUmIa(=EspD|`vFjW0Fr^(6wmGc1>-NlIK`Cz&yJ*s@hf@TWtJ`huUTt*3 z%<}xD`34i`@*duL`p%x+8!ud4aVz_bvs9_g{9~I{9j42tZFf_dIH!2ln;PMVFY{#O zBK)kMzjg`qy>a71f9uVK!mX$Iv@hETKKR0=_kQtDk3%a({SV2>bjhwcQTQ_UY45C~ z9Ic!(JWs+_MksH%@n)LF8Nn4dDjqHDc8)jPZTK>(;N|5r9K1(kE}IlfZ=BevQt0kn zmF;YH+1HS-prAsuj=R+5B-6U%3%5N>wQqbKd~m7Xg{?cgpQ$9S;$0Ki#cyvRcPI39 zbXc2?#D~J>s4^)Pvke8aXIrW*G1Kt-&)__Nty-fb_p-&pDqTjJYj=j9?sea%om=vC zYTd*0RS_l8#WU67=4!F0^e`rBK2FO#zr=0j??3X1(QEU%c7z^~yUHA;%@;n4ZB6l~ z%&?xHhF>46ga~D7aNZWHT-RH2O|e7rdCvut3F3W~&u_KpEw^RsWqznyz-im+VX`z- ziA6^0%Cwt8ZV7wYWkQml`t)gNW_59MC+8igW%cASTB-UdcJIb8NsgZlXSL=qnSEOz zc4V62Vj1B+&DU}g9Y2qMlxi|(*vLNd+N{faA`gF@*SyzRc<;&YZ_m|ME{S9~_pV~q z+mcm#tFEM#CAYB5j}p?@^u*jjOT8k*XuJC5&#O)rn^fK_oRvAbEaHTbYm{p5!*uIt z?OStpB>4SveA(sVe#d#@_8!5&Q*R}0kFuB+xdt#wSK7Yh-I?*d@x%(1-6_GJ>*r;0 zmPRh_{%(|fMbPVoi2g>qpNHk=e_rldzWvG64cg|vql;_)?U_}uOQ`qei`tAGch$1o z%X+8$XV{ndJEY;0#mie8@4aQIS2=KHnpIoO&$Sa+IVZe)k>SfFVr@L9Fmif9O7iEm zfu$m^cNrcHohNS~7WnhB<+3dX>)sr>I8}Mx)w9{VygK64VxH};)NKeV`?h9nu)p_; zF2QqJkF{lrmlhwdaa`yvyra)>d%oHZd(j`E?-GkRm?b4&-`l(YNEFKixBCjpw?D44 z4!^i~l6tVbYE@n7qNyA|C&|dFROZ3; zwLcag()i9J$J0}AAY6R)i|&kA5#iQDJhjI6%_u81XE|$qB+%}?ry;th=$^N_dw6Ykg6waA@ zpnP?l{D->5t16oAd+qA@bDYQhZs@x9!~bNrTv6;#EDPAlbtmC^>Vvy#*S(#0mhUrA zQJ#2ha+#|3tT_1(Yp1oQ%Fdm-BecD#dTYt9u(`RV-O+V1y{9KOMo#0>hG&eB@5;P`+}t+WU5sTzbc& znEbo<*4<#O+z`C-kG8~G@4|gYPkWqW40+J+wLh)-%%__hcQ0RRbuP4*B~xg_ahuTH zvW6*BjK9iUR150%n0D%7UvyrPcF<*qoq~TCxt=`EY`ZciNVLPLLifJtQr2}#CNONS z*{NWrEv~$3?i;sh8*d+cc5&mjI`*0fvS z%6eR%EadKalC*Hsv?m)Pll8vMWL}}ZV)>n@D1)wOKaav^Z1Sfjd2i-^tLKon{KA#S zM>om^8?1g^tD1E)V&AH|jEjOB9Be|Tc3lfG^vz+EkQ5EO72?1oe2k6pT;@mJQ>S;? z7^MB&>}Aff#_Pk)vpa5YW@DB#xw7?)>r%#T9}23j{Jgz0(tta`U?J1G2N#Uz{8>`+ zC$m}eH1BSYw2X5CwHK^|*S-xhNDIAv+&>`ekDJ9)>9^5B{HK<8UE`eC^M~gFgWZxy>j?C9pdoNsT)tso- zxuB9KUz+WX#p6rUG`h4|AG%wbrg^87l_{4wh)i;F@#EujXIiDuwc=iyx^7>Q@x4v! z6(&VS3%$GNd3wfbHxJ|5^p2FyG3vm99Y%2cx#N?qO|j=pEj%OEN2##+%k89 z*S9BgBW z4JIr|W?ss0Nysp7c}e@E%A=93X46u8K3SY!>NJsYlAGm9wr~EXJ1h=ut5`0}sNJzv zS}vmTveL3`84nAU&58_XWjQM=^Xrs6sgLqb`z-v=_Ph<-`6}6_TjF6UK_O3M%H9Xx zKCyt+jgOz*G)!b-%8QDx?}Lv>pHtRYAT!B7%H!;`X(_I^PB7XO1|8O}tjwGFI^^;h zEicjEH|-uR>o{>d(9KvCE__-0Y%v;%pxy%e=W+`Ff(N zVs5H^54RNheUtHAtWtC1b&wlN_ZB8!SD_py$8+p^+y2Gkyjb|F|-tp`2}UlU3-%#EXZ_iY!gOI`uKKd|Q4@Iw8c5{iD>}b!z)glm4l`hXVYpq+|@vOUO-?WE9!pa71p&Rb9_y z?tgEWq^OiUS~UH1*$Ii`OMPTot;1J*S@omzL|)6UP_<-}jy;D|?q7fQ-gigQ(HVTk zU6J7`%PyZ^YG&}BG0Ctoyp}J`;l(p`CIDeu@+jFfNj-L_V&}ofqE4R!yerE#T5moO_f_@Gb)IAQE_!eNvp|1sc18Zdrh{%9 z*D!r*{G=$8w!PKtyu5V(;Pe%z4R=UQEr4VDfu>@c8F-RzKAmXP*f?`O04E zi@$^`lk4olXQ`Es_WWlEm}3^e5N=Z)>hpZo)frDkx7S{L;VLL8V6?l9A!PERm3C2| zUk2)=ChBij_~2SBbM8dN?Fq&|f)`EFEL#6*;=M(GPguq@WnR=_kUdvCk5^^OmA+he zi`1}*{?fay2(5W{`|)H+o6o_UEm*@R__HnCy}eTDMAFW@E8moSH?3(3HlA)7cWBY& zQtr9paa*q|So}75_2juMugBw4(vqKNEnRc)d6dy%<2<`7mv&oTnWK89*8OACMH|nD ztNBH48GKs5MzsIB=;tqMzh!^lp7Jza=KA(O>eqyi-QR4xrug(T@8xF_C-#Rh%n9%R zYFqgLxe9BQ`ve1 z%GcH(H=6p)r-$cK=DeD?X-0qier`$D(5Y`>jB%T6yl$!KlJ3@X0esJP|INDLpYi8G z+1bjwSN9&VQ;ME(PSj6&-c~#3XHQnlyz=r@a>7FoTZ8PZTd5TclNFwCExuLz@ML&W zT^|3>{|q+Q&dq!J@YJNr$6Y7B%z12);aQNP5n_1I_VtX9PL4W8uGS15ukNm1J#lJ7 zU*Lt}#+c__ISc3A%f0!uz%c0Ea(mr(71!2GGmBIH{JqoifbHrFe{^m4-ka2Sbh`Gm z+i}T{b2Y!betTN&?b`$Az24YKowhwTf$Qv!XAY~@ z>E=7vR9nJ>=Jf5}!L+?3+j?4zx1_Sotj?2SA3hg-4=mE3P_ta+vuB}U@XW*$3T3aO z!e*7ua(s5Wpo8`n=73N_Fo|%9pGtSa#uQ1P^0ZwxDmRRc1=W zmamo&+Q#^N-bW8n0i;H_H1CbU}s-zzsAkg zUt_&*PI34nLt)_^c`qZj&%P>Iwc>rO?6dhsZl}#9?e#^QS7e3!S{n+;i2TGu|yz zP&O;Fn$>hmD6m_O-O;~uah;^c!J{s*ht}_k(EHS{^ObpW=sKnC3d@Wq{xkV1Z#aQR z!{+m~#S`+_JUZ3a`%TSU(z8(eU9r@G9j)Juk~XLAWc^{YV(s7DnTs@)cpj_U_ZEHU z-{ia{+2+#TLj@TZEf%T`IpPOTD2Ns(G=5qtJ&^YQqs zO&{L{nQynbT0PC6>B!&rUelWV-Q4qTor~6;ST^vq&O`tH{`=H_T#I=xO<=qE%L+Ds#TB6ivEu(W$+$ zdDcm78?GZY*(nCKPG>+Q09e=7yHHCndivyfb5U z%CU4< zOSjMFJ~3JJ#0j~txk4VvpJS#SU|Pk#bB}|rZ~^mEg^-QsO9F1)aesfbG{&VY0PnO(OJa}GoPfCx@CH=#> zyhr9m6s?I6aLrhH=EGuV<+fuCXH#z5Og^y8PGTNkw$q`CD?h`t_dK2xyyIuI%j47o zx)O(zyQ1B9h98WZTl;e38pEdtm2E{X>%K3u+*ag}_n`RRoJgr7+kekY)iYSa=lR}u z*R1H87%gLcnZBz$+m;?voNn`Z*0ytr+YD+S_I=GLEc2O`YgoEkusFXU@Y@sqs93pc zzx}pr8{VB{cwS;f*r!O{u={=wj|W&^{_@xDm-}zstGgG-)EsKLxhiv0b=mg&iaesH zOJsuo+t2}S$(VZW)HK8I@3DK8B0_n z%4}bq5%x}9K1KUV>7Q2|DZfM1yu;XKg15ZBnZ}!5E%En$aF_7L%WkWicd2at7;~#y zckY@WI(Jr>-pj1hi&(3)wWxf9b=@1CO@g-eAJun zpeWg0Cf26|#i#5)dTqgu%gMhjSs0EKhAm>Y{`GjN&5Ei2ati&fTfPcxxwhij`Yq<( zk=X zS{4=`UOzo#=_Z3UlFD<=IQ;B?d~Zqh?AvQSauX&tAG5x?b4#X@)9y-UOW9Yu7H;3B zSDQU8FuS;^Bwcisp6AL{{xX@GKVwSPmR?cT^XZYdcpY^#hE8k(r=w%cYGar?be3AVBRB37~Jo! z-L0GLzvbu5P4^GakD9)7tI3?mGe5c?PFuU+rQ5sX0jy0=r}oF~3Flo=@#_0w!TCQt zO?EE!Nj@w1)Zy3ljrTnNt}WPf?{ur{@0|}WuF2RX-=!;kc)L^zzsM=k`+0@o?01fB zlRWjO@63l6cKScG9vaMAlRQW0>|f3BN9t|sRJHS0tQM$zzCLREZqa$El4 zd*r11fyqZSZid@m+E?{){=xcN!VgY*-xqihd@?OUevA7g+tnd2Jw6x;p2^sLHkW^a z{X^x=JIlp3^YAT@O5L~SIvlT@N`Ap-f4e#e|-CdsaYNpSVsxaHLEwg$bz5JN2 z_kj7wwX{n;Q%Y(N?%ATrMKPEld7ZxPZcU9`OIbUqgOqH-eogF&+y_h{hrid=t zYMC77amo8y(wR@6*sD78t~M(a&$}8L*?CybKhawzFJhyF@^aBxO`2DxuCaYKd&cQ% zsf0w4YHyyeD;IB{c%UqX@%XhlI?aYZjbCJ4+Ia5D`l3Z=6&U2UJiGT~wM_NZmdmN- zI;)RHc=L#-X)Pv1ej+vglT}xngB1wLeT#zr3hYN}1SmsXw?bWa4>V4eLJ>{_H&NHBVPc?4MBK zL5X!uwni3@@0>m>5HaKKEZ1{cJ-6Ikq%u=~+h{iSd|4f4C3{H5C}r~P4bQed-ejR> z@xe-nHKvVwYJ1Z1JU^>TUT0S9SgdAi=KIWEzvt`MmDgR$?902ZUEcCi%vtr2kag&i z%j(5DERHX;T;+G{h=f{&{tE=@fV6 z9kQ7#nkQ}Tal7y+jn`y$r|r?`trrtRPusEC1$JHUJEdfBg7a;d;`Zjedym(PdPW@c zj^(M&wG5b2!fyM~?>D2HzEsK=nbNfzd8!=*o7lH<1X~N)fhGSN9J$$U9rb(R*q|v{5|!;xYiHPAHR_o&RMeWQi`DI zKAWR?&-PEuPW%{=dfsCGO_5cXSG^UhlG4fY`@xv__n}X%k*v$)f;oIfTDI0ltHKs1 zg}uC*ro7hw;r(r~M+$O-PB8FSyjdUr_uhX$R<31=A3OPJpGD-~O&d-O%e`#<)pD?gJ`ds#_Z}c5V7OapG3l)pI_YHCH}7>;86El`u=YLf_Q;?t*FQ zCri_!uG^TETKsvD%B>(jxA4~d*3#XPQIA;!?}Udg$}aXS+MmHL``PpH+o(sUPA=Wp zVJ~3iA!}=3a`wL zT70!mE~?`8p;^*dZGYe8-e}{v^C0Zs@{huYZ@rt9a3$BHV24fln)|KxQg-rxytm$b zID2XA;TfF|uC2Y^UZZZdD%Vscf~WUzb3?{zub%W(ir2sE7eAYSOZ(xz{>RKJyVRCG zJ$aJjdC&E;R@)o)Dg3d%x_`^0Tb|19ClV*|)^*qT{+;n=>suyY=fks_PK0_g$gi#0 z_~@-$X)B-+98cO??V{m zm-z-={U`C``N671S!M^{>3XNvIGa@5G-+#pJIig-HS<$N2QApvR5*X@`^eu?a(LP6 zTLrs%N&ySzS+pY`8)Dc9pI zx$EA3)pdQO-TR>9ylwX9{egdX{t10>LcRGw_}Y~3+MgwEzx(h|B2 z{i|u3w0Nam$1yhMm$7w|t$h|&SBL9n=RQ5zCi{B9g`1C6^6aj9-npv0Vne6l);6o+ zD1+NX?=Y*;vfY{5bG8aQhuwKR(Pu}a*v*^Anb&5lv7WBbm&N^~ z>9$Qyh4Q6cp_eSOa%#B$Gq6ftei!`6Dz|{uc9d4Mv+C*RPhZaZVi2_P(c?w4Bv-{R-J+Q-o!qlEW$BU4J_W`1 ze_k=4KFRN__E+`2_HI3Q?A#@6=AYXumwaT}(%U9!K@#O}w4E;d%nP0&vd!N?>u8I> zk(TI#JEzO8j=FU1gXYY4*BEM9YV3a`v&>o}lx4NV z;6ueZ7BUK@lE!QkM+lL#Sgu(lYbGIe}LoD;&l1vqH8~%e`MQx{7E^Jsk~xc^1)fAckC3kO)R#*x3e(4 z9cMdp!a=sn+m~sdU$IuLB!1)R`vq- zo(Eiyyv}A8CGFX+$oO1&tA>fny7GDAALCkAIOyibhHRJKd}-J3`8=7o(q<@hJrJK| z@XGV+%Q*MchiesVs&3ykI^}Ad(-B%jL_T^Q4 z<<`BpgC)H!@Y2eg6|-I+p8lU9chBZ>$15w|MpfN9&zI8iB!#*8)`~;F+UI}keB1Kv zK<~qF)hwkZF>86giti8pGxRn^zn;}{E!bXq$-{c7=XRQPM+|=4a(*P=_D^;5%q7+* z?tkB}wYL1>TITpJ?_M3ZYLkeAqUue0rTy$D6*gT_cWT$NIecKP(wx-dyojv}AJ>`u zo&C@9huA&ux$cLGJ@Yx0&v%-q6ratjvAX&-*Z9HRTX%2W)jeXKAdswZeY@+&_9Km| zZJz@_2exZ#%Jh4^u(7OsC@)%3_w35cX|GM58#PKCG`)WAj*rSM_fv6N*T4GK-IaP5 z@GzZrQt{r)CE9aTff&MFHFi(`Q7`p$snpf4zYZ&LvdmzaI8W|itAbNRk{Osuc8|T0Ixbc?7udCt;Ob(dL}jJ$}~l7wWe>H}5Up7JfAS&JXAK?In&`=Y^BMw^pp1m(PDM zX8G-Pi4&RZ1FX94?E3g@`osNPOMV^j)V;WEVxMbB(#g&4+Wbu=+|?#m@}BbRqzE-U zV2PCN#*MiYLoV?s-=B4YT{xbypXnZ*P za<*N!$%jt+@$m=Jv16f4!gYk7Duazbn5cOCPaI=9!%4Z@CpncjF5S9+(#0TOwXjZ)zmJtm*ZW-gqxj)i#_6ad zmo~)wOqnw=;@Us?4@S{e%Vug7pGx`tWo^NURxKLU6nV# zB3C^;rYB_{Z|1>=@oo1r<+6N*-EN-VcyM+3F8Ra0dBV$2)-g|Rt-WEnG$HuHTE2A~ z6LX)cN_^b5wP)Lfmhgwwp_(e* zsr~{tb;Li3#N@p&j4;nCI3j1edhK;}?>l}D=k66~Pv7IP?s$ge>u|A|vyIgKispR0 z{&_{&#-3@%WnaB^^8T~>%POP%*b^s@?=4YZXr>vbkZ{gQ@YbefMUxC}AG7%WI%>Ow zpx|ZO)k?1wEfQa4JxaQ8Q2p%r;!BHmZSFZem3^`wn?*zVIrhDFnqo0?3bHPz+=#Zg z#N6}vGSk{~4zUM!^*OHk$k=vLlDWUCt9t!}Nq1Rok4^IE`V{Ij^(6DPO|#NJ^U1$# z{<`wL-lrw~aZ?@d?m2YI`jb}AveVn9=PDSQahg`0dt|sXg87)$HQUv1b^HuCR!=zL zV5DbwuUoP>;-ap~wcC=6EMcj4XXk0H-Y#0Ddsgm2)jYPU;CmKNgHrQn?^t9d^t4!F zwbP9kg}p&5W{Y$sg{wSU>6vnBiJAM_xE|q*jp@acw>)1T81=2VQ}@)g zpN$gh%I-etUiHN`+w0V0_5yXwxAN9A4BvapSzHmc=S{@zdC4k`|U~m1{ok`5n@6$c!&0rDQEj zSNMyGC!9-dK1YUc`>-)z-)_g+xsG8@DcUF2oScxK_StZL){-~8lHz6mB5$;BI4C;5 zl)EyoaZ`D5*Nq)qjJ(a~nMG$Cx~XVAN#7e(HDkw&ewLHQm0cdpi~6=~=yXstJ|BB^ zvFe)3%um-V&v~}$WTMgX_nyC)qnN_9Cn%@=+~oP-SID&Mr=-))$b1#`dKAb!HQDl4L*0-*V`{RzYVQx+H>1+-wp-4HyM-{8sAcv(nz`mJH$ZepHA|Ncm)4S9&W`$fS@hXYSqAnr_cs&6A5b z8-uqmt5|JzdDHf@zogEz`81p=4ojNB9-wkkeGb=Il~VWMqH9UvPi>OcI_fWcwpmw| z{VDsO&*6!w%nG#`8zL@k-x0f9ouzKevmGo2*|sX&-&elWdwM{Atu>>y&yCjyR>UP= zx4A5px4M7jin!oO+5{3ii)FKDw7u+7wvqI&vhqiMd#x4vW4feFV|Qu-gi*O%e-pVC7l)P(z1S}d-ZAO zUeZ^7_iX!{w^KeGULSvLvhT%b-lfO**n^|WwyAucGpG2t=yD_OsK?4%PAVDpd+koo zx{$KnQex%X+(XB=%lG=MKE}tt)b-{X*^Y(X{JYj3=-OW*U+mi|@cebK(z;8Am%3-G z7bX`;ynRu-D!RJRQs=qcj1^b58LYf;<-?P*B}NfboaaxGa(8mHHuQ_DWSheo*!FC~ z#K48JhJiDjCch4!DL7fVc~(=zC4-o41(r)wIPa_xo;<0lbV-7MnB!NIhlS$S9p8>R zt6mJTl#%xebJq5iN%dbFGKJ%yp2gRd>(?#vICJ}h``VD{f&Gc+Bm|E-r>fji=IQfh zx0`Z(f`W>H#fo+Li6JK#3g>AxzuKTRXS^oRR^nI(|s7by6M38_c2T6DNHY{H=e)N$T#9t%g;Gi)r;*y zi%!e}?>-MRPu6&(94J(Kv4RMfIcO^-n9yZ^-NRHE!ko&rlWT>!^Eq zzg+sIO_P46)LxQbu+rt>zsHxPGR0~xELmB%rR~AGftDA zH|^#d}hTbC1o_V>lW9+F{OQ^DTD+1N)w-$P`9>^yNKL=`Q)@ zY++_uz|-gtYkif&d!w`GB=0qOQ|u@1_W9V3!-A7T(zfyLzEZa}SG_5sJOAWcA7=^H zIp5xTJ=fPffB%;DYHbb6b>>H-oK<>0tayAOe9_$~mw;WLvgcmQX`iTkruoLiuWJ*P zr)|-zWbe>PDGGe_^0=RN_eb{jiEnR(O630F(Z2q5u9=y8Y_qLZ={ohe3wM<=7*wO@ zAKRr+S*mI4KYf2DKkM!7?e~Kx*&dSFpinPxUVd8kqq&X?bNwDZaF&vkP7-{7X}|YB z=Shiaf|ony%bb=QrUBY@yT^fhKM=7tTz%Wj%6>qkaw}EZL&=1 znk={Du4=chywG{#A-LGXocZFaE8?eALpkbi$*$TrxtwF-1b#z@ld4srySXh(*=D62 zaHw;B8S^|S-0f)3sSj;^tTv^`P0LQ|y^Gk>^>V|X1@m~rHg4V7bmr8W-BXIRuK1Ul zzq{vTWWblDlgV+DzdCyJ-o=V#U2D6SDOp~bsyr>uxN9$q@zL_FPjlDoc|7OxJc)}v z8EX}SJmVcBx0!7f_WP~Dnm2Jy@>AQ^jKi7BHwixd*i*XZt?0Gt{hK?^pFMW%1-t1| z5lu#I33m1cmP?F|l$C8*Y2d}F+}JgVLHTF2ZRhcKkF&BFi$=`sCI>} zc*yNjMm<%ZjK3~-QV9rBJIFh0`OYOXVjLBow*>~>KKCzK)l>^rhi|Y z`=zyO94{2OSso4DGV#ik%D(%~QDM8E^sG8z;KnYpP1D_JVI!01!E;r!)~asGy%R8b zzSphnGVZ+#+4~MHs;-Q9oOl0F!&9RmQO;uz&ljFG^A1pE?0CL^Y4+CHjXOVH-mq$V zR36hAl^o4;_pTP!vS!Qt+x|Q%+GzC?0gK~RhbF!ARFQ6%Np&r$YPv0wZ_8b|sbJ+I@wp^A@o>!zo3Jg@0uF24S$a@m zj?s!$+Y6;rCNABsFzwXaMK5$t3Ex^J=45#;%Q|Pl>(`d)9opKVBDmq!rsAFr^1XpGj_hfwHK-1K)|a?vV*sDo#2;77RHr_y zxO%wUbWNFIYQmZ1PoIy69@V?9xzpgltm(h4EE;B+X)LU&y5!b+B7%YY`m80s?-Y{U z&hhbEy!Sio!L&M;`?d&c0k?q!`}(z3s^K~8C%-SqyfKj@+*2wp(uWS##E<$Y78U0~GEY0&2L zSeaa^bxA~mU1HHO*A?tDijpP2trom@S0F&Mpfqwk|l` zlivJw3G=P+TLK!Ezwdh~K2i&p{JA68nX|lm#nK@5rCuAv3c7w4vCA!+;^18r>CLfk z&bQTCtrANb())J@E~@)5c@7_+Roc>^M=C-Jr@o6ib(*+_2uOgoxlXdQIKDKza|7d) zl9!D^#~h?Lf8QNoRPaYe=5okJo(KlbiPP-0zAg1hS!sFVy`yfHMXu)5z)xT7wp^IR zymxxOtmge)hEszI=k1@XcI{-@go%A$gcHIPD@8sUw+4X9L+ndMR*IK-lk@)p}ZP+b|K8<6xOVa0QX}V9Fb9Cao!l0)!W?cQ?@G>xO z!c&<(+f|cP7nvpQZv9n#C0E(Py3y|5RPAGKd=<<+<*x(n92Ms9dzBe!i=-uqb|tS> z+QQfuZIf{2jF|n5ZTzt%ePrpt+1hjsH0)d_C?kT>sx9t)M zWnn4z+w;9bIvXEWDy?;u^0^mMp*!p1ri-dG^x4hg5i+Xx%V^#c? z$Z-8y{IG5D%2)pxHtY7j`a?4zP;*wi{A8_ z>hFv%XMHue@-uAd9+?&AXYUkS{&&9W^xL_?tk>m&%g-;ZJl?rwb;i3TJGK_hzt_|E z@9OP}Ce4H^^_w3~PLB2vVSC3~RHxm3en;l>qLz6c@2{=PcrbbI#Zxh!Pj@TkWigye z`D|YPgzsxw#$DOIzc-(x?+tVEw7wc59CN<7tGdt4t$0Td|E0MMie5Wd()VWth)!wc zet$eFz(K zCFQM6^;PXoNu|ty5{s9Y)_YG$V`;K@wmNq1L{GtP*@LV5dY-JvX1_|WY`S@TXYvCkOWEvce`nU@{bTuYf7$WE`I}z}Nkg)Vl+J}!F4%pEZao|;GyYttTQ>XMNvzx~27rqugs`D<&!!102;acy=#eywQ zHazb-wyjXZ?8(EaKaXbI*miO5joSy$I$J#4t&=4#cv5`g#PjPP$JIYtQFpZZnZy0c zkNwAXZ`V2(dqv*siA^j^zH&^Z;|!U`8})NSGLoa-C*I1R)vV-rdF8Y1TUMqVi1UP7yjeC%q`kuTTr?V_tY=XcJ9@B9aOO`Ux81gWS!KGsj`A!cdGLz74m%wb6 zV!6X*gRmz&eQuR&ZolukzNYQGH+$xb1L4AniN!i?-qY_?KY6zG%j=9s3A-6B9(R4t zN?LO7`O64Ci9?rqpGt4Kd2Ns5%6Hy#gJRb>D##?Qe<^l7=*VlGb3YV#w(oV$%zG&P z-C^3x@HhMu#jZY?9P@7N`MP<*UR)PD^UfdMcuHlG11I~=M|1NZzTnpE3`yLFR)&vuYF@w)8gs`|xb-()}lU zo|K#FgdLc>y65qv>Z_W&1^-SLy|D6|#u1)t1zL~aC+}5`_<6qFuk6d$)r&43xVL<9 zalhBRTefFZ3K-?CRJ-+6rW#DXD(SyS5vKR*4mLpFPP220Dw zPxF4Rc(Sd>xH9vk#FEwC3#V+#GKyM!?yEer*T!kvd-^I(J4+w(dg(rK-XVB}Z|dt! z(PI6{M<@3CZH>8c;MI$3f2+7&EbpB3sxo4p)Z)Nc<&$f-WY4&==AuklPUvaxw9peW zUGLwOcnjtnt6=kd!J6v(@U`<9&*phkFZ1{tU-@|_%sH5Ew#SKWnFo0cj1RJ{NtE)* z`@Od?EamdGdu|?&^%x|-nf$I6tv#>0@7j5ZwU14{*;Q?0+qX;Pv0QZSv8U&QJ(V_` zpLX{{eblxKr^RZH{H%TwYI*hZROQAfOKq8nhtJKvDiQV5t<5EW4;$mUpjYZ#HxwJ* z&tF^m>(-W?>Ft@a{>d?|zf{W89Cx#C_>YUbO! zn*Fd}pWl(VInA-Qt5`ae=2ZQ@;vLWv;*-5wwXL|peWz*OwaU747jmEQpPC%exo~!I z>Smv=N*)!S+WUJn*9NSaoMO~Jqt9PL=8CH1V|z2hOH1cPw8#~xOtKD*y_9?M@rAUR zTckE>9iLHi^o3QZ_loZ;wf6j~4mlKAGfASrR?BkgnZ)lUulv2YFD~K;vhciRd5ky1 z;Z$RIKKq5xXj6Vg4sOF^jG`AZe#J~WWp`Qp^u&ptCzTSe_@3u^u}v_V`_0q|jT6IX zh3(jp9ik_)L@8 zs+rXA#!}W|nF-Ht50&C+EZj^9u7w$I1udtbS$oBUqg@xUkd@pVzr zCE3+-vFCLUnCgU;%jb9Ka!XIMv{{}NaZmhlQkPJ?al8122Pq?20TDd*mNEGm2E{PM@=ivlO){+r_D`s!`d19sc;V6R6v zcJscO*4>@NW~&uzAEcDNZAbUB+Y^qhiauPJam>0ibjrK}>(Irzv(0`4q|94V#F{m= zXO>Fer5C4CnhM)3Q%#dh8qT@iNq@l`oa?x7`V+sxu8mS=3tUgfOnuuEHqr8Da(U9P zzw;~_TBEryizfT;?VY^Nt1k+StuIH}@$e1x`zx^DC6^Xotzq zyJs)%x+lEARQs+w_n!;v%6^6FZ?}r!zdO}AeC-A92S?B2im)9h0n{nsZ z5t%QhC2=l2kLvgKX*K!1y3J@AwmLs=y2RAWYTYtco$7MH>*T(Zn3n?wyf|S?crOqt3w%M3j3~xn|el0RqEBrP0kLJ-uS)v+T8R4 zxo3g9^?tD5xMJltb%pNjt@q+I{CWGPF3e|Lu&cVGsf~T9^`eBCqDPml&efQ7Ml<~B z=CC{=NgbZ@4f;NleXr=B?MZTXa^I?SR&HxnlJBX=qD4zLFVc;ibZhJ0tqZ)<6a){l zE&N@2bnAufea>yiJXX9hdEF8GY|4av`+Fn)9{Ew&)3@Ye+04scYZmp*tjV-*-*Vz% z>vk~)&9kMm{Ckw5CH7r-z0dVw_NlL&ODbIEmg$S^letoAJ$td~OYNrx&9<&3myVp{ zFTT8ZmY2|G+g+EQsc#j|Klb?N)f*n4_SU{Wv&a5%_3F9NZ^CtduQ-09_+{+*_L{)t zHFqVH9%ww<8x=9bH>-L^PN>yyX+^VTZniHxzA-CGs!cOcQB^K*uzWN}1UvrxvX0E70EV!NGc-{o1OzW|B)PQv*ELWla$|Z!9|9si4e# z=Bp~(Lp2=_KF>*>6RIfeE?E)Mc24`E^x?pmyT%(Biw_=6kE_UJJ$;ymp}}xYxX6di zeaBBg_nh9y9ZtJab0_RT~#ROpW7uj zPknAZTeQREt3|pvucYm|^_45K{PTq#nLgOKw(Y9I;uty=Of=8ihs%;Pobf2Y+6X4moEU-04) zZ;bxCS$7hqeLq?u^PhpEPOrvvcG=P;o;u1bUW^Aszg~*jqNlg+iOS?pT)tV=^`cSr z$*;WR7%G1j&U&>xD)7R`jWbiZ{(ULQ_<8!Eoo>_jwE2~SohKPLSxJ5IwwRf8$WW_F z>c!Ugt#T~UZhJ241m-zdGsG01H*HUSxVPvC>%6;N%m+oDUD;;wB4DlKt*S{9h0@|G zf_JX|GF=hLnCpL$Mqoi}Z}5$nW`lQQAu59jK;UtHV!#zC9)bi(JDU-PC~ z)w~t1I346|t02jCM~0_N^x3WTosrH;<~95u*ZOzF8OH`ae3Ki~65LlW^=O^ibk-=_ zpD(f&^gdNTyU_O8%ICeSp39^y@)Uh?_vto&uhm?}KFR&+^IS8cA|Lw6OkxiXx!N}? zIH$*7VK&#D(1y1vDeNySS0-MLQ-}?=l-2z9%V)!9t@LuopI1yuUC(q$+^3fVc z31#i;vRY@i&A4rs$N#My*i@wn^E}U4KHB!>ELYgiJ^SWN?7H0S$&#P? z!q9Vb#6{n%;%mQ*I!-2wkpNHVl&xtoN)Ng=^6qeZx^dPVmld30 z-&VO4ZQ@9npm*(s)tt~1Yp(DcD>wS|sm4EM30ZYGli`8X>Th~h9Z9}7O>GLDud-e2 zYVczVDSjKoJ>xv*ud9p(A%1gTK78bIBJk^~P4Oy`GSydj*C-_KfA^>%SNztefCH;~ z7q4~E@7njK|J0`Z8mHGY7WW9a2W0L4wq%*^(tion0ooZU753kfKB`TBbYhSHnzKBC zCyJFUAFp3p?cchO`$yg3;*44Ir=&b{rG zJN~fz*!eJC;^l>Hb603iPq;6c=UQ)^cEvFG@aK~m^$`!UFZJv>UG==lbguFdL+N@k zj2j9dBQw@u9rOPBimj@KL6ZO+9UOzE%4h>~xoHE-{IX;_-50mXFK6(x*N* zQl@aV|BM&!>VGI2vr)K z-SO^iFxTc#zUe0(WdCSBuztB)sjh1G5w`;CaLGsQSLzO3Jan{~$Ksv#6&usFd&KHr zaz1l;#k`nr-q(|VT$^;QzWeSraxFV`>{OdzPXR~N?D#(zZWX`M=R1!=lG&K8)qHRTKW6%*5HrgZ$%g1kLI@a zbu-j+(7JllSyXIm)x6xa#l=thCH~la-2Ud`I{U5~_EPQ0X{vAU+iR}2w( zacTXcT&JIm+d3tLo9E0aTfZWI>BXAr53j1%i{8*W$s;*&i7ba~_UHU>-5>vc@BEW) zJ9D>wcG@%T!a2PQX5DH_w~14~x%leA;L_OLa`x3cXDg0ARsXm$*Lj}toRCec&T4z` z2M67bev%S?)wO#0PWjS^d6yWf*2ZmZn0VAZn^8HhZtLpA96qsC8l8sU#3CgV&u87f zoGYPMI4884J8?&ocDmoz*As95$zC*TqxG~kx;*Vmvv1vIl@8U~HkW^TbKlqP%Wtpl z3+r@yHsQj0zF8@`hwR+9#%{j+#ChVxv$>hm1SLLiC|iB;<;H0z0)tj=s@<34i; z*SnW?A{%p4p?m-eSq+E#FTnDS0UEH7)Dcc(cba zF>%!$)g8M(9p1riyK~*?V{y`#bn=rgoBa5`uqDaCYS!nsYS$h{_=@cI`W$;Yd%IO{ zk9pCq$wDlqnZ^-I&Xqm(x{|ZZ?6T91!qx+CWBU(_?!T~X_KEH3vog$%Ei5XkSh>ZU zxA@qtxm(-Xm(NVIh-rCHeC7J(dCWiJAKY)M=a)V{Uof>PH@e`r>XM4&i6@ZasTG}mOau-kAL)je7|GTEu(+A>t?(&KYNEKjQ!aC+saWt=0A%6;bJG} zl>4RI?PhLf&W!s#eGad`y!HE7-(9CtQ+ciT+xm=YRX#yU-kohnIp;rQUoYzQpW&E1 zM;+e{yTuRws&T*dt{2|)Rpz^M2oPVU3=)ZT&&9&s(t^J)j%R;Y+c*`>wePzD4J!#Lb zX=j)8U4Cn@;jl(rmaunHP@&P9Kb8;W#WRhv_DO}deOUK0_i)0rZ|j2YRs3hzTEF?L zMjYqV4(tC6UEA`%tkw70|L^j~&$&SG7UW{_b!~j(w4CjqkMk|NE-2Vy`Sx{e%6|rS{r8I}d+gjQ zULe>IFL``xVpf&v{X-JY8D+-|JXkqiXk86S`TI0^_xW!ny4iJ$9^{?cUb@C!q$2C} z(QQvlDo#z6*Sp7Ib5+`2;y**)i%qdcKZ`XE3r0reAJGjyJiW+cdy<=9VEBaE)tcTL z7W+K3$$SvsA$Vus>{XeU@3@{?&7v;qeQ-Z-jWh4h%sn>$88oH2msX2TKmMOV?9S~i z)Bg#1<{po~`^hyo^PlFXYdLO9m%b=cdlxBdxaCr)Z118i7Sj6dcIvbEXPr^At?JsF z`r+^~Z;4sln(GWILxazjm0N9Fu9D=P)@OFyZJqlOd%=Gy5qG7z{RLDEHKn`wrnoKM zQDjsbd|;kgvs0#Nu9>z(?6>xb2NbHiKIKc*Xn)u`F|#J{V;ajgqrBfHDw~r(t-E}r zPXFrHgl$pxJLMjft9*=E-}y)O!?$NwOXp_zJQDuH+fcW4OPagpq3HQHcY98&*rUn& z_UZS~Ss_|W`q!536aDdfePl$h-rKVRtKR^5J>H?L|HAd;UIt z9b#H9U2$_+MEcgQV>}GWjRkd!wgfo^*j_#;HM?Tp{WI5er+cM7i+F5nuXR~Y_QR5X zg|^4%694#Anm&u?G>LV4b*|RumC#R@9^>sg)z|$Wy)fOYbtPMh$JZc+Q$+6G)+x7K zkIkvDrOE)=b}AmNB>PWne?yma}ZO<#Ct(Gi-UIA7vK&+3EP4 ztKIxU=Qiz|x$5TJmj`wBX7eTepFJh*ntmG%f353-E6b&^xp5HR-(IUSiP!D!6!t?xT4I;h+Bjw_Y@boP(EpTs)w{FrCa#YADK&>V|9i)p z_ktB__wGHi^*-#gy6tC!jlqg4URzU}Y42*24@XU(xcb(_8y;4Ivt~!#EoRD!ihAF% zPBrkVZ`nVM3-Mvwf7_m2HP0g7>p@<^H5=)=+y%ZLPTXnxQ-5fw=Yp^_-8+-wrY1bG z`lh_%+0L`Rv+ntCIr2L)-eTRgcen0+40|WI&GEFJ_PpyQFV>~se3GlYa^a?(Iq$N5 zM91y8@`j}-S4iP!w0+d>-QgRPi`o zyvU5Xq_I)HGw=QVQ&*hqthU|D&O4i%_x8v}`?GyB*U6vV)AaRGo;9ELvJW*WUM}w{ znHFkGxyp*J;nOWUwOI18Y3D~FkE9R(87494D)+gTIJu}CkzVj+O}}VnVf+otV`V%m z?6xdf({^5Sw?j`r-&NVU$EPZ~;sE$*O=n67;HMPXraY_hObu_1?4QB)ctAB{Hm4J zEkP0Us;+I^oZDjfTqczJbiv07$tsuo9;&7!+_j$;pI&zPr7l zX6w!rID9u<6V`4l#2NdYUw>`%MjghU?_XD}efxxA#liQ%2X>rSTG5@A6=`;;fbr|< zNgOkp<*drTt~sIZaguTK`*4L_?#T_D%uCbWwV&$j5}jPe?q?WqX5;GZbDOL~?$ys0 zd{B6AW&9cCn1$!qO(v)63c7t$^t~@Bb>_N5gr5W+(Ri)?rx_s@Jhez%l zAxqK4QG&%m3Xu$21=UxA79I0H!7o#{)poTo$2|weO7^uzzDvuRKUWC`ZP&W)RiVmwT-8GGJF@&<L#!Vs~%ecFE6QMQYW=&C`;sLKmxb zisar^E86eX_3DZzcg=l6*;g4?CApa#mz@()D^Gvzdg#<~^XhD)Nt^UIU(Q-EVUJPn zEkA#W_p!Qfm>znm@v%$($=0g1Ir3Ba-8RRli`FwuS1x||{D!Ff^`&K1q6eDUgul0| zgbOY@+$o%p$A5O#n=R>~{bhHOSFFsG6^Xo)vH7%(Lf%P+l*zGb{W`NxZMb{jZA@Bo z`7{ps4eJhjI`d>J_-Z|n3W z5o-e9X&z^IwCg>$!wKG?b*f9kob(2*Uy)N{w4PLlY}?k;UdC`V z&b!1r-eLpWg%USF7)-S)MnZ6_V zI73+O`!3zZZW*dJU%ss@@|-d`ZOX1CW*;_rUYC(Ny5s88X<;FC`=(AVf8;W=%ec=y z=34Hxz2AyFrZ7}LTYBo*hGiwbWgCyhdD<(7ysL58xH9Mff7O%cA8jVb2&5i}zqWa6 zY|Uw5k-B+b&C@$;N|)$c8;lx(}#er;Qekekq|IIA@; zj_53(x97sHIZHmPKaKox^7)6Qrzd!PI~x^d_^qw!)!Iq1?V|eMCY>$x23(%kcXrScW8dC^RpSk{P_D>Z9R{IYn;*(+&}v$S?<+_@Ya zx+7-Q>7%J`PxR0Jy!3PZADv8#$>+YC#z*KZjhHhrP;bS5h9h6+KbyOR`JCmF&xNm@ zI<$IcUCeUayyNN${e)EMl;?Ykd##!LGOvAqX2)IVJ)v;LxmlK>?I*6P2wRm*-f!BT zy;|XMz39U1YLRC9wcg!s6IRWa(`T=Fhg6A+p2u1j9Vb<(b8|PY6Cvworej zytH=tqxVb|)kmvBeu*v4m=|(j9oLujGwpQ$Fn*Ljv^uiXm$^9e)a@q>d7rMNtL+jE zz4C0y*DD9M@BCD5*}zaC6Z+d#S3>dI_WElJF1<0;zH8#2aq&*H2%m((dAqBdmuF1h ze0XwZgM&@LlQm^a3n$$^D!oZm^;DCe)w9)}EN*JsOI6GRvLj7iFL?fz<3I|-8LO`K z#VmbNYK0rV%lEpZuB_Q5s-x0(_vjiful^HZ&nB9*ep7kHR#dsBI(1W{kFKJ+ZEe=m zwa?}<3#1%o{NAxB>o=d2?6&?|)}>4OuHTt@j5n*IcEXKk){i3l{B5YSJGG0U~q{z9`)UW#C1E&i-1 ze{Msm#X{YTkiF`y-OyVOx&E8WVoed+2YKy z7H5&3PwCH}Z8mu?nOQcC`&kToLE*O5_kL{R^>cW1#pzUCBzsj^%8lF8p1%FhP!*!J z{#jP(j?W8J=S#P_i=MevG3^}tB-^0R3_bbBvuZ6+>-ddWYW!r+cOd!H%n-GT8pj8 zx;cH8vBHCSmG7gZe4gdp+Q~BcO1N<0BU^X3nGw;}E)0@ywDVm)s%~3pVQ8Iy;8dUC z*X6rRe2q75RWb^H&v$)q8kK~@M7GKxAExY2?a$1mir_w65+&QUN&-}h5+F?Awukfh( zn^%v|PP@NNf@{CtWSezS=OyE2n%wr5ek`r~B)a0cNLRD*o@L#|O1yj7v^4bsL#MrF z))5g7*MF0j+T+gk;NA0=p?W5NJXkt+$obV~s>OcMeq|LpZ6WiK%K}dwdMEtNp0~H{ zAw&D=+!JO`KFfHH{bS zJ*1+(U3Bl?DesntQ2U;TMikjFglnfx;ELS}jd-u}E?hlPI+=j-OE z`ovE0y0>ThSRHaNRu;Hhta`3K>CA%MzW1}t^!S;#X}NAs4J=4LpxziZ%Th^&vo9i< zHIsEu*KP0gjFKLX=$scbo=SH14p@~Hp{#_^tsVHeuqasl4&n_SxZJXfvCQeDKRKWg!Di(Rm{La}U1A+V#M- z(Fx1f&I{=&4nB1HiNv0{H*AVSujaY*$^<;Uk!X|^U9w|hp}gMW=f~F?3P&%=|Fr+~ zmID5&jcEsr{VkbKN$}KaZ7TjOGwBXvzt>#8FFdad4mE_ScDNkQ^SDzKQS#ou#ip|N z!o)djwpte3lx4g>{rrBnvkx5QxOmH9<#N)vuhGmpY$om;-A>p<7Q7b!IFX!f4L-tIWfZ_yH`m}$u;kGZ-mVBDUs&?D%7 zLg=mS?yE;9sxDNR=ocd7VB6{;F@NSc5x%TlJ0zV9r=2)nRrX0br=6wm>#9s;w$5)) zrt?pz|MlfUrA{T=qDZs#ckR9`+_dLpzkk)DDEYn9pM@y*ZRPpR{Iv3G@~wH?Q&m%6 zUKV9N_vwtS|I!ejlqvf7(J zw6`T(DEVAo_j`HbjPpy&0}k(;uRHs>z@f{Tww@-urdzUg&e_!zSzn&_GBqr1!bJT^@pcV=l?cSQOo#hYgzD;n@^)cpD*O=U#O&Zk@JM*$+fq=H6Hov zS^SWFbw`ZpW>4Y51CLdLXXki1ypG+lWKs1F9i?UKPUH#vRP^d&tqOnBy>52C?EN3P z{-?{+_vi00efoV@i`j?$Gu)Y1uI0b^pW$fX!H?Hn%r;MnR5P^Ze{{ko?81dP#{zmx zY|9_3b&Jid`d)Z+tHj@re{8eQl%BpZ>HeGTy3d5a$CRwE{jqnk`-+G=$4*b`y}v-_ z`uRG|OHqd&?wNi!Z#nmy%qwB;r$b}5Mz)s<#9m@QZo{=yE$sRCoww(0%}ScYmT%DS zwd~WM8OampW%s@-I(K3kr+~Q5fu02BTk|+GPK3Q|Vs&WsdRJoc<$X}})*VmYowHb} zr1xg})0DgOXOu4UI=%gS&t0pvmR!Aum)Feu8oT7ynI=EumtHUOowz&s)y(b~H-|1M z*KkhH%er|ZbjIWLOT*^bRTLE&Y3w}n=(|z=`*$V0e&^%2=SWANc>4J7w6nE^AG7ZJ zemvi@qO3f*>qSDk z!E^_HnUt@qq+YGr$jMXf@k(3lO{>OTiCcDIyd4J`|GW;nrmXRT&sM9y{mbw9rVkq( z@BInhQ~r_t(0>N*l5OJsvPVD0EZt?H8xgWvD(lTJoyEFq`?Cbx-A!hRx0-Cf_Q$hc z#!x49igD4^CvuiQ-ma}U_vGb1!A$~@ipOWweXj0$T$)>b^gn~}*Uqo@0(Wi7);Km@ z_2=5Ub);kDfPm93{T1N%CbCN4F6u;Qox^C&Z` zz-dnBnq_~io)+aHZ&5ty-u$TRo3|zzD##t-dOqdm>)=Cf8q4#SJInao^|N}k#9L#r z^NbDt4A*8wST~9A)M}kwHZPXTU#`|Z%5vuVO|d<%vnvD3G}U|3FNChp?N;>HXPIZY zR=b)*S>jU>fBd!O-n?t4IJn9jDhYHucjNd$_KBC)tlbyfc-(L9tG9b6=1iLL<;2Rz zn{t=rKDN~e-q?TjvT@M;tc~2)rn++`G>bgmad&PRo!w>TxS_Z?V%GkqwfW5^Wd}qpRYH#o)Lb)ePxrN! z;cx$9seF2+#O)u~?zrAkme!MCjN*KFa;-WiPYmCZE3227&+u?QU+?vzH{|@hwGFG; zvt_Prx%fUHe)-z4ZHC8ph$NZ)XW)(bs5bve%p;?Sd3&z~edb;ObZaJ=|OU;ve zxa5QmteTTh?6sSx*6>B<#kS9O$p>Xunw6+{FLQjxFmcX=%HvUQ_gGx(6^Op^OP{6d z`5yh{Gb2t)6)d-pdbKuAfu%lOy5YI(YU{g`H>z+lO-~65-*8lYTFSiuQQ3nl9ba$0 z-V;1QWr3SabN`H4E8eA@D!8kAOm{hc$UuZ{TMZnSL^x_tkAhmeP~2 zz1j*V@;FZ4Xxkg?mR;7WS)a@xzEOMSL(jKf%d|Trq77oIq-xjA`|e=3ye!O!FWh9> ztkkt@&Rwv!sXy#JWlP7B&ugzF8MoQ|zB+SD#j{SaYmbG@t!-CH@0^>WwR)<=D=o*| zk_$7Fr!(iXlrFl(b!h3^d;Lbo*G8<__@ANXbHCU8)7vL(`Bl8&?m11xOYc-K&n%U+ zd75Cr`FyWC>k_eoq+3c$`J&bBwmjZAXTlfntF!ftq%Uu^)$LjEvsnL>CDUx)$0iP* zr;SUQras&;#bRsEHpZ7x+L9J``9dZ-PB>=VqvxNsIcK}?@{^U>3R44We*1fMJ9kN+ z_PO&;i0vTzhLs&#FX}GacgJ8xXBizX zkYPQ)HYL+)%R1i0?pqhXIQ(PP9bKIhQIfK;@`Z9&GleBHvb@V>_arHcMN03FntX20 zyc^!hy=Tgr`0TmbZbbWP&7R4?JSpPqk}G+OFWF4YYkgE{u6OzCDqq%jnJ-^f=SuVk z_L$4hkJ_S}J9WyU26vUKhAYpP=9C?6DloX)YQ<67;;PC%t-|uX&%V%HZu!iOMv1rQ zeC+$GZ1ZMmXa^6&ISsM0w6YsB5@sH&3ck&Fv7Ev1!uN%Ot2n)T?NbgIsxZ&@nskk0 z?S!?vbAMK)E#|m%WO_&=h%ly6E1eZFWAVBqzE(v)l4Q%wi$G zxXLH5tBN+i&dvEQ?Njr`ZpvS=Yme?sGkPC*uQ}p$;B+~q=<2PTy2LVN9>4pxIy@{W z#!0QEMfp9?*X2jHIfs}RxivI)HAl~Tc1=)qi%aiMn+uuji+8F_lz2P8NQ}`{b;(7Y zXzx`g4lk=bYV9+xHb}j)?Sgn?h>nf9>AVHk#f`Q!JeT=$mgSUxiTLzi(vAdB}`vkS}nPjKWuJ9NR-hr=H8W;ns!Jqq>F5PQoOzS-rVi#c3YSB zO6@q-YBT38%kQcyYA2m0Z(bVdATjqYOY=k`hCyQk$m zU%ri){3Gwtr&kV1(jql;YO{BI3Q)UxUVWbC{^ad~+r*!}ZM?Q=Du>4>L(34YWfz}? zN12|Oa_HhD@ky@f=VeaZ=1`c&VEW4N#RZNhWi7IYRjymE_)+-o^tp|UFDHIoC$+;< z_1%2?j#ICKuFC9P{I|`f^`PC{SG7_n9IL)>7To1mbaz!|iCQc7SMFPjcl7Mi5uC(% zthTklYqo#zxv84&ZW_C<=zlezSh2mO!T8SA#VdYp?#{Tuv}Y&Ng3pV$_e4ka=T%>d zxUIWr(;W-FP0X71*pSuanJO5~Hww<=p%Qi%!*SJRZ|{ZGBY6 zDbbc@7Cwu$*&1RRr&-vQ)w{NfZsD^_v9!%7x8(|1F!jvoS~EpKM&lFD);TV5JGJKG zbGfZ`+Nr6>4lw-+ouSm&Cb~m@sq!k$5`|o~s}78AUfY zxO3;~4xPt+PA}%}3Rb+KtiOBV%4tc-Ck{$1o7*ICVID)68GC0AVH?Z&j`JX{;N%V@I)V?Bqxvx%7 z^^CP1dj8223w3Zbb$T2S(e~)>?vV6|Z8yBV3~$XUQ$2FQe8YnG#}_O$Uv*%DJ#*yi z713Mjvd&oA@&;eAanDaXD|CiG`Mh(;+>>4>ZgqW-y=lQvz9QD&UTLe${Dujug(n_dwrru4*k^f$@^xA`nhqA z_vCr5N^2&5_V4-=_>s-lb@7$wGmi1`&z$GxTb+I&zVlXin~jnFmerqT&11Ob&$csq z|C{^WaiUWqIFk1C+GX6}y?XYK-G_C{m;LC|mYh5FTEJ5OYx^yar+(2&lu6m<{v}Rq z%as0I`($cjKk99MxI5SBRs6jz4O-2o!`J@Ub9!Ax82fKapzK{=^`0N&d*0btW|wV<{JBg-I&44pIYqZVB`;~^S1sOp! z&J$d7I_SfUm7Y7cmH(=2Gf9b&DGa`M^Y5-x4jY<3J(gHiRl;_cOJ-8llWS934?F#^ z-pyl2;%95q@l-{_dOHV$)~mIU{4=rK+yH@F(y3!VljMyp8>G`@Ye`MOyy?zpg*4 zFX*j%^v`zw`7_V6uMdtdy6ah-_~Ac8$R(TTiu2koWvk`ZcKzr+vSG$n?=80*RCD-` z?d@sjyQVyM-nxiOy9^#T%oCCSxZ3Q4$f=24RZg5N!pF2uxvVMd`n_T;f6$X@1rNUb zSsisqz|qw0oEYzc7uo5)&A0!2j&hYe9rSK~o>iZ3Ugoyv`OI4bFR$HvYx|bd1xsr7 zu1;OVab(`13*Xny=5U(3HSQ9FCDWESYk!`6>2&4Zwa&!}jmiHR?7l9~YCPr}eECsm z?DGE%*RO4Pt8`p+Rk(##UgWl(oZox;rfysw;b~IcG;hwM6%lUbe-7{XxAoG?+d=oA zM!i`qJgI0CueEnW&xxJtU)IhR*?74wbHgdN;*g}niYX7e)>nL(8Al%F z-uWEgZ?z<1F#p!%!-2OdHoWrww<%3mL3zEp=y&-eKOSt~Iqg;Y zp<^wR{IBiP_`AUL;p2QEn{O{fb5k^r7Z}Hwy!!ViG_&|pnN4m^;N!G;GM`_%Zf%{y za$<$03{TkJyAwT5ocyk~vZEzATi3Su3&4!g{yd`wxo`o_^@h zb7+>{oR#GTt7^W>8?CSUYFQ`yqbQy~`qe$n{gv-_7`jyQzsv6U_`YZQ!C9*+(*0Ul z&Z|$CWPZ2eZQRTU`FvUX^k*G<9H4$upnuBsiGe%M&b!M|ba`jc>j!U__kYpXtE@Yp zwQ<76!xHlPrcbS=zj^<_SMO1_$>m!iJ`I=TTx&~fA4cpkfA~!7xz;Hwu21}enI5K^ z?P<>?UR18D+!>rU<+`<9?T7sbZP`A@PrJIMNl_>__VB&E(TC-k|7b5-taL;3dVeQ64QSYvA{d$Eyy7 zTW9Rhl|1H|=WyO~)pxO*@l!32=J+Suu9=-DynL(1<({{n)^Wbm7MplesxV{u!?$WF zp80Csnwu}JiCTT&I9H|VPOF2-OP9^#xbvT(YW3Q^i}l}~ykpfIv#D>n&5LEeOT7*{ zmfmqsei<7#JvY^Mwd>QT9>16E?3PZsC$i5Vd*LP7#XrsEsxLQZ7f)NN7m}WB&$n== ze(CZ#2G7&i|2&$oblL8uCq72qwn?q}vyExDYxdwy_z;lN0LOcU_d)*Sc!?jBB5cOa5nw5PYerX70Lp;*KAw z58fL-y7XD-gu%&K&rI`MF1{%C__i=r@>HI@!Mg27?0EO?pXM8WXxHy8T6fecqgIMO z{dy(-W}QOXlm>>m6$zOuV{9j7J)f0bKF{ugy2qL?6LL={-cGAn`&T{kirDcp6K(dM zGTL#pG~7yTIg4x3oI3~H$~K%7?Ji%gdLZMX*M^7FB^J+!+2-nfb=STP)3P(aot6@d z`MzHB>esnxxsH0vCUP3*PAGdFw|RNyuQ~Hl436*4Q25>TDPBCIYJ2M*zxTz$wsS70 zezJRbmUCT`|3b567yS*>wwz2n%zQM(dDV^koqtSMx`kLCi}+%i_b%4WlJ|*q6i?HR z*InM({(Kb;vsdPYaUPWRc;%Zbs9HSZ>L0CdmwW9pZmAthE`8zZ`|v$eR-MMau46Bo z-IjBk7sg($NXou3NqXm=yQ>=&UUyyj@SmZrepBGA%eGeER~40QFnY32X6uK(X8!h^ zWnl^Co=RWTWjN*%3ag1tuCEIIa*D zb4F?H!o^~}nIdObWb!2Q)MZ@TRO7!STRuZ-Z;RG#H_7Ttw=1UmZApIS_fe?&%i3=1 zr~5lPWIR;jRtE*|a@QBx)y;48IBVW3*2pc{y!$g|ygAPDXmZGhb?bRA$7O!9kDsOX z+_c)W@6sdT%oP#6XAkFzilrRA+dGL-MXq$tBgei)8{e%_&g9w7W1c=S)&ldU`y@2O=IU?mo6$v02JAjp!gt9Y-FteQS3koiu=Drvn!8@l&q>S3yE{wGA|Y!@cw?jb`mDY;GjnGy zPU0_o?Rq>ldGQ?W1L=*27s@1WE&TOwV(Lnh$<~ePiD4!G83bZ7)lbjtcJq^v%J2H} zV_C1MuU?TO!=|p;FPvIu9*d1Up5gJC!}4X)F|}VLbe=RAdubhYiO{>D z#wqi~a#_5O6z_v?s|wEqeoMC$@ix>rEcs~NiDg@~_Z*gv+;wrca#r%kRhMHmULWI+ zDiPNRu9mZsTCrQ^ZA^1WmwQiBf#HF(Nwe#`*11_c3A^)2r~9*=``+~PS_%i^?)v76 zB^X^~klDv!H#N^RQl9a+?8#M1541m69yd+no|1Z?drs;1RjP((g>_m#?pl4OG4$$` z^cAZub9ZkqdlG8B(|y|QO@3AvW=r2Vy}Q%D^vR4V*{Pb3+iDoqywfX3`F*4j=X2Rr(Xl?FpY$X?*ai7%Nq1~}()N6%+*Y^9 znJ0OVKfJUxGorcf+{c#oGY8&SKIqzUS?$cSs&tEWL8rczpDFUFu-E*ucCLMpl59_L zpO((V>?H4}_u9)Ds>5WT+zZ~ca&7q}@3uTgiDw(Wva#2%ILB+4bL!dG0D-mhDn)s& z^BmaqptwP6@eWtZJkRH|GG_Ll+)?^IWRYIB;`^PQ3Xf$sU+YfoF0Slzb7z{k{aDfQ z{w&3mRF#eADjuzvy~sgWh3B#C?kncpb8km4kD6)8vcg8@N-@JJkMnUA3*?TfDPL%O zA9!kJ(do-Jq0<$^Ss0H?u1HT8d|3AQ`reFf3c1}si=ND5Es1jZmo%eOQh9CB1vb_F z6@DD&pT~-~r$wr9_&d*EHeut9bU#Bn`{%bYQxI|>-0TCT#mEPKeelt zv+oS^(V~+v@0V?{y2};+<-!5p<`rMpUG}`9G*8Fi<*#t|MRzuBXDD5_+Or^;$*A_{ znv^$vuRJ4O>26aJ)3Yv|x7DUd^u)Q!2VJMP3%xlg!;^CL$V5*C85zE*-4j>$PF$U? zX!uTD!Zb_lpPKD!tBZXXI_K?qwsv*LInHHsJM&)bkS&~e-6lBn)TAR^}F&;VkEk(@ySFR&A?PTX9~Iqp-=>=ey!Th9`3EqVp>YHzc~}ef7M{^-XD3q{FRE zjc3EAc>QNkpFJ)4R{PGLmDcRPuNFIA>ixE;rMbB$$n#ENy8DO!42SPq?b%Q~rz!i^ zAIkkA*VBNsa`OQqdQ;{N@QWiho$0KUFYYEi0oe?d8EZYngAR z*E7Xh8A2R)Fi7-Aow&F*NTN*Pm80dl#qOIm*=Kj1^?22^#oOSv(fYGLx!Qwv^(y|h zNqN3Ewq>g7><0FzW4m&%3)#IhFZA-c#2u{m-L*ZK{fu-7|GAyD#i6skcm6xILC?*A z|9R||mKjo}dD+vi+L#s>u5zyy*%@kYa5UwzwdPrscQGGatmb@s_BfzM|3lZk=tHwN z{;}1X!;`z_A|Jc#D$P8jnL>4;i!MsWy`A-;qDhdmFXV9F&({HQS*tDVUs~8Um^Rui zYLJNBl&$qWB%_h*IP;ZDK|2eV&0M}J>m|!sPJ0bWm3d$L?Y4Y23@L8BwdvhgV`Z^S zPs`_Oo8N8K*O|CqV$GY|RtXD5S1vAGC8Ew7xxH$)mt@LhNXrvDkXEpm9+Xem0=Zq1npr3up4Hb31fG*9Mo`H9D6*&fG^39Y-SbN%z~ zEe;dx|CS2YOscKE)S|9(Nr2(ykE@ZA)o#Z+rBxm;HQ1;<(T{_{=IgSzA#u?*4;X`U zUC*wVIMb-`(vpxcb(LTS?K#^mU;0IgtT#>B$^CTIBzBAUKQ9O?v@X#<9(P5%Vc$%f zM@^hUtf|^_W)&S15#D|y$n6!MbF!&I;`Yg&f_7f;JSHJ!sxa^sHxrOi&^7SAttrBCw`s`$Rz)y?1X%ZjVs zPfC7WX0}T$JRPE55Zruy`PNL|?1p-;<*K_^3(m8fa>++OY5Og&g$JL6+{)W(bc)$r z^4X$ES0g6bW-Xcc(`Chp@5?T2lsPM#x^Jb(3xmfm!`_xMtlv7n=elfiRdS9=ORaC# z&8)0op6ah_Qu&U3SbgXHm)c05I`5NT&c>Q^{Cu?IuG!B%3G=GEo35Dazu)ow>zeh+ zZi`hScg=ElS}^PA)wgjGH@DYj#~4hIZSPuJoWIk{)YO>svad|o+GQ$TwZEEU&TU@! z;i%iYXM5QLE+2a)vBvwYiNxKqkF#F1^lR-EKC#Dt@f~Nq7w)Glle-RI-LhkAubsE_ z2_ct>Wt(=KI9iq8S&}+UJSKS_n|Ax&%V}-yT88JnE{5!DpJ)}c=I85U`x)QW7_UCN zHp6(w_WYk^fuGi2+PT_o|JEHTkzH>sQf*(q5>98mqn}$YP+~Ku>$81lJbS9g{qPT` zSxdvxoc4OYj8eO$HD%VF&#Pze?)6zxFePB|v-=TtN_#e4UZnVparax(iI3$)E7}kK z+VwJOUcb?F29t)u9lxr>P3u?Ry=$kpZgZ2L|K5DB`N0dXxZds;ZJ&BI<&eh1m8;kI zDs!@)JgD7J6>g@GUXxtZd^97nd&fJbJry16W6IZct8@hIynX9cQ;NsK$!Yv&9M>&A zT&J|PV@=R%!#Kvfak<$AuNkK}D_2J7th~B&-G7EdR=HC)?AhGLo{@S!Ip(U+#=V-J zoA+~D$^~K(A0na(sX6%bi?)8Czo_8m_1w)c0l{y zsvp(I*QKOf5m4fPUlkVLVd{~;Zq~CqqR%H}i#-Z@&@=yOY{<*yvOcP2rEwZRW-h(c zzUlJXeKia*JdZZ4`FgiD&+g*#SN(!_I8_SVm!@+&e~Y)f&)9#D$M)riJ7~i%seEU$%zReq z#Uz6>omYCUYd*X$`TG0z!-ublozU7G0Z+NvGDr5 zt#9UueB^#@mBXX@bDnBaaj>N8tb=!@HsAa^yF-F;p4QxRv#w{=Q=IDo3$}$f&QH9vaz%tra31gc!jPrgn#vQJCm3GZ`d&y!ocDml@t?oKDic(! zqiuJUu85L4SYo7C!h6QYx>J^6)uor_VH0yb$^~D?+V0^A*=HrURrlJQ&Bx+d5XdTNX2v*uE~x7V~bC{&?K0%U4oHtYY)zgG;Ps-UPBw z@mkEHdCXPGVe>MT4zp{&Pan;>ms!rh+abc(^JwL4Gmo>oJRA1bZOy#X=j$bWXtKaV zhsW|>Yju~uKhrX~_2BBaQimcXHy`u(vP_VtexJ?1t)4g9g$;A#R5KSP_tcf@-&`K; zZ6krymyt$CC;%#N-`^V<*wl2 z$UEVwP`Yxl(8~K;QkGX`c$q0_eS7gN$ZN&PTUybDGJ#79?LvC*d|U3K!Z1Bfrs=e= zd&8Mm%eg87>ZdB@MD#rr7F@KQS!wE>=UI9dzwdpOiHoS=v(3CcrAN-Kh?O}?`1sDl z|32h#8P6;B>wV(H{6OZz;iX15ZYQ}~I-Ks?A0^B&pWFlAE`f;xiod+gb8=j=L9EO>Tn+4ztxs$S&-(Q1N=5uT_=4LNcnT} z92>8IljN<)I}hDNf`w!#C;Ol8F2jBHY>V>m9d*+ch2^Hi0D>!lV&M}F&PwFZKC9gZPh$Up3Ddy0)-0XTClk zrK&38r!OdD!yJ8GD0`-mX3>Ho##M3bAA>9MAF<6`>*S~VUU}li7t-@DZF(nX`r!NP z$=5dD`;^VS*r3NCpt$Q`NX_vx$%cAsVsHL3eso~_w!mybtv%sktJMq-vq}Ej`cPhA z3&*-eQ(opaY?4`B*thjf9pk?3AKBl0eKPzgAE7&tUhh05VdD|knLuX z(%N;+3+=Yv4vtE<^{?WJy<{`3;+CbHWSfMc#45%}PT46{rE7CjMebWp(l-=*#zcH-}Rs2u=hy^@eiGE ze!erF6W(|4r{2*SDM{P+r{$*B=zsj~b|ox9Vb%kun-=os63g>T7j4*F@-cAY{kn^G z!oEfiPaivT@B@dfrRj4suY{H@HBIhp`&$1l*<-!y(^IF3yPusiGJG9xwc186;iR%k zSa!s`d5K(A_(^=;dklT)XB{k`*Ln98Ml5nSggnA@0EXS_%$lq}*r#`!+tKZ9JI zviAdhu6>W9~XxzaxIc0aE_ zVJO)7e%7bUOXGj6J|bK(JN(S#6E}a(n7~%6aoMDMu2b@gS3xG1=LlUY@-3UCH(4a$ zVF24>)6YBBM9;Rbd3aB1@wC9G>Z7{GF5D6~#S^2i%_@3etZ~kYt9I+6V@LF#Y5V(b zzV#+0;N~&j%1tYa-)jW+B)R7=lZfD-^yTLATPCM+nkNTNt|L3!Do=)!%stnRTsxlmGi%PZ^}C<- zJigXF;l<20{=4%710)XcwwkWE_9K3p@ti9{QI^4Q=V)rN#ZK()4X@Y#xOK=_MEcSVjtN2XMb5eA@e}<6bp$zS!bf+ z91nf$%39j_YgWc`(Rq$Hv|KL#JZFF2bY<=`i*vy}Rkc}nqT)m*-zaVjJy&?;;Ee-T zo)bOU*=?@G-xNB=HC4i2jo72!|M7lcJwx~Vq6ZB{46n}?O3jm_ld8nQ$1j7X&p7$Jew z{^Z+H#iXz zFVpSPIn0G|Mb?)eU0(mB<-E>~)A%@OU36FfTZI$4Pa`FDnx>5`A~x@iknUG_`ly zUa=(?<80y_q^GQS9j>p?^i*(}AHSrjpS<9`+MQc|uIXO!Pw{2gS8ngwpQWNs2_##X ztWVLnxjZS|E_U)N0RfGp&Z$+aq>igFF+Q4hSB|4*X5Y8a_m}1~-?GUn)0oib%Q@?- z;$+t;_jM-T-RPG1Y1YN^?2= z3oEv+a(+AO>Z7BZ8~g+3T@BUGPuOiJv3+I!-oPK_&O0tGnH1f<_SEr}t2dlk^yHXG zjyl6E-4$8a7MI#8|IWHIWtZWmKC>&gRM#Huo&U>c!JNYP9-mJ08u>DRWsV_mzpea3U$<91VY`DS?e>59~7Ru&gL`}Lop$g1|vtXE&^C4BUYjq_X| za6MC;cK4Cep_HOKQ$?q*$dWp`xjREVp?I1~*p^qP<{gjK$$8=OE!X(?uDYEyCbyFW z+!j~MJ=@;0!H`jv=f-o{){1@oHnVb9-CfdRDKkIn!4!-`y|zL>El$i4r|r8_sD1FDaOY8qCxMjm$+FR z*FBc?F^}ulJYVCa$F`r{o|$U6WgX+WrBdkjGiKhMFx_K~Mu#q+lrt)x`0{MovzwB9 z|18hhX7&DU*wGN(cHq3)#+B{8E)_HOY}3u?-q#s}Wo=)1 z=Wg4y=iI{i_7#`k>&!a4ebtkBRwb*JS-18VrzluHU%4(WY~J#j8av+k?CL%G=lAWW zof5fnTkDSf)5wz)beyCJolt^KovO}0G~ zo4+#a;_-izmrrq%5tCi*C;d^YY5h5NrpZS(ypmIjc=JWbeTu=GDydU@KOEcmaJK8- zJy)kT%TIspxnMq7Cj&J>RHCNpR+e;CD#2mSl$yN zJLQ$jt>{fhCOACrtGaR_%WJ{U^(SP)&A*+Lm?ZJ9K5D9->}8%i&smt*uxIH^xH6}A$?l|DJ(n&@A9snVZr8oK(Z9`Ie`ktayD8KB853?wJX*S`Gr0Jqo~NzW zw8fiuE@Vz-FOBHWntbxxs%h_q^%!2h44V`hsv>xNt+QEAUbmpq&Qt5m`gkL^-Ke1I8rKu*P?!gId9JhN{IEp7~PJ&?G!if^h;@yB!Q z%U?U3<#-mt(k}B=RAX*|<*}-;>N_fhc{hx#FU$Qi{5<_Z@`u+BmrQ-mID}a+@73IK zta43f>1>yHlRHdyTb+YGmM-D)DdsUeD8hZ^#r%*qy9I5sp9B5Z-P)-YU&bEwWXZ>+ zvkx45lqw;wc|Pjo>|-B1C-SVmer;~YbN9MmmuB>-NE~+zbbXW&B5}7vZcX;tukteI zh5j=vKEZk3VomjY$$O``|E}l{^etl#GPAV~_*li=?vX0NWqdZ>`|)g#&A)7$~(vM6ZPF-@;Q22XAc2!TE_Re`>+0zv^ zp0wV5U1rznW49NpuQ!?W>eBYR?96*(BF{Zf-mv3i%4un5;Rh4%ZF>4q=l4%#g{o^J zv*tX>kMnpvYu)$g{|wcN2jtJK4cTb4VoizW`souke|zueTPVBp0pshKU*~>v2F`h` zHeb^4!@aqhmcmj!*LPf*Usy3aPjlnz9)V^5JWsA!p0rp}U1`>l59~2XE$`GrmwA5J z{!sc);J&{1hodIlxTnW+@%;gt>&5G8bg$GXKK9m*&8VEz7WUg|J-ggi{sa44_vwGQ zww}Fj>GtVwvV|pil2_ROTlKx4?T_;h_s6FXE{}Uv_P&_&uw!9s;?L_3E5B8CFYGIM zx%>FWzvAsRyEgaynEY|w^8-~Z=5>5m%kD)lkc+DeTc7_U_9MH?$LWWv^+jKsPw+PR z_HbQs-`>~#KUV&>t}*`6n$3H*sZv_PxMP>Ws$cbobj1(NvfkHPXg)PxOi1>==JA~H z1JAZD4C5<|`f8hHadXA3r)%@h`|RH}?fJor(vdY6UaC|wOpL6WezgCG$1^#$YjgfH zWVzKj9hOwuIr(?u5AB2I`#-e)xa^c|-sV%g!u`{{J+Vf~}~N4VpKeyATU zJND};-wShwbNrvzPgwNWYTlErZ&JfWCHJ~s+GqV@V#T!g2kvQK_;$2URf9v|Vy}jhO zJ>R`Z$w)8dUF%K1?zD|hRzH6^d1`p!+(&hjE5wh@a_`yl(S(O(#uKg=3p-qXs$0B% zdu?C&-x+^OQ&(q*on}4Z`Dd%1#3#@7aUbQo*V))EvsZBT!CZ)bHqV?}bZSdfmSHmH*n!tvO#txy|1?-SB*nmbdenE&VN3_j>}r=;~cv zQt~|G{k1*UAH^RyFMad%jmvAIZk7D3**DYD^c#Cy;^i9g6~f&8Tb?UC7fnA>mEKmT z6>G_}?N(F&bep{VsCT^_8d>R5WmkTFepuK0_&j5U$1AI^&7vXFhq-Ql*xq^jkxsbT z%7+JMeD37>;J>tN*1Gk@4=raOx@UCBfBM{orwZKH#$T*aPtDB9-(#NFDf76@wX&jf zm+y`B$!zOtVt>bFL@jTR%UpChPG(+sKKt65;78t)s#n#fxhPksoBq1}aq&ab>3unJ z$B&#?VD-o{d|lXZ+M6A8-OsRhLD+;F-PUchGj?ywm5)ESZB5Qhwx=>xv${PtOmb6D&C${1>bUSX zt5-Rt=@P^8iT^6sYHK(b_)9)p<;eZq@@!_LTX^GnkxQEUOZI096fwrRdtKYS_0&_} z^qcz16<^j?`^^Z9KBUg-bam=#ndh=Q*4~zw8O-urwly{K_?GwQvo3AF!Xj@hc(g1i z%p$!k%Qf$q(Zj;yRj00PwXU{y)2U=vmzy$ceRl_w#uUb$aPg1q$D;DvZS3vVu83K2 zNOpyP@LADSs^ZC3B{DOg$Zril!Vz`yjmhl|sy3o>Q$PK^H(mBgze?|CkGh)grZ417 zuRr_fx8H1`qH63pMqA5uRnL6{PpO2OKE1qq<(aZ`UA=a}=eEkS6)PV%dVBD3-=fX& zj;F%yX0C(h{ZhH`$kRemhq7z4@1`{ckgzw43sz^ zA+dIU^F5oLKXM;e>*gs%nd}OiWs_d?eAY_a8K1ezevQ-Vd{XzFD_ua*+*R_|Ncb^BMm$WXcBSnY{kb zAiJd~hU02fDT8N!aEw>G%53Y$K|!tktLqg1m|XqxR>j7_cGr5{`+FFDk+b^6psq&h1a!SVarphnt ze0)NB3oaK<9 z@AYBZ`suqaOKH|7$%Iu^L?6Cr(Wl+U+RxZpDqa;ofv-Y+Z(7XFlicr1d7D4YdOSy` z^zw>JcMe^x;Y=>BP-%L*Lxw+UY5BvzW%JD~pR><;x%P}WPnqZE{|vl_SK2k}#lmep z)>!g}hV7cOr_f>fseZ=ZsLip?els{Pm{k5gaBb_e$q%`|q%=KzF!}d^!dYkYd4J5i z*syt5*Sov3S@I69t6VNLIh5Cb`<<<;O{cW*?)+)hwKns@tx323~kRt8{w% zpWtPl&u>S|>&&0YZ@Myd+3nMUlfE5Ko_s1s$9(WQU#5`Fc8ZS5J>& z>9bvb?Zba~Ka$|TwRYcG?IMS->zHKaeLmZ{azr;QTNj^MX148-#WR0{#yN6Xm9q@y zDBNpzek9*y$NkaZ^B3%kYJ2G_DUv5%&20;le{a>=oON~hz$Essr7HLiL)pXqP+vJ^Y3HoeOKee%qLzIv(l z&<}n4a~XH-zOd(h`>vSuMqN+axYXU~*OX^-AKvH65Id8<<>tM6X0HV; zgQJ(tx^UF5@Xm+5CPy z)dbt$ntI97JyPMZebndw46=XNel+Gi{9|7;-RzZR#~hiE&k_HxF5eI=6b$;xz5`86DyQwEi7F9a`UspaTimz zm;Jt%B)ZU3Nyzs_rP{_1`(CcQ9q=J-!LpluK0ql;@7z^s0dsU- z{>@%?anU?Ym(A+$KAu$C%{^ED@UCFVhYjNP73N;&Cm#_Di2YgoB3mU=zNpoDVw&>V zhm2wm`MxQn_kH!${WAOHpDF!G6OX-mk<;F2x*$m6-&qBlwg*A?e}sGOYB?@@OrrLt z@WMq8CcE*TZ}{Rp!~3jA-h$HiA$)x$aV9?)9qQY5Mdx$hyS0AG^duMcdDTHD7v!=D zc-r0XweAjTo4GRbzDw>_Zr89lF$b-6iyv+`n)&82k5!v!Rz6SMA?}qqWo&CAYFFK} z?P(D_>OIlR%pf7UW5&T!Ia}LR&Z$KUP9}dAFz&kFckI-2wP!l!YgMc&FQ*$HIFRyq z@-fXAUzxREXJvgmFM8nCfwHgb?EW)2U0JJlQzW%E`|A4|i@eh@xAnM-9M%;_fB5r) zr|4KwmDKs!flgL)q&O3TCKY7`Dzhq!7KdL--(8Prj@7pQ=t;TCF>AdZgXXRi9d1?yQ{?xS?o9)%W()woJ9{F>TLfT@yLx z8Se~cUU;@_v)^^YpYAWR=U;mhbfVMwi8%vTn8WNF>+?(hb$l@6t8d%%VQUSx_GJ6yh1eNcya!eO;tJ0;hyow>Vp&09gmtv>4* z3(skmp7mT1C^d)4@~mF-wx!bDQ+_U)<}>f=eBE0QyLKLYE;9Y{md;P#Ux&D!Ka(8X zcyHmxInVZ2NWF6DkP*JM^RLU#iQgYz+WyBydHa+dl6Pa?-jGmcf9apTl)JOq znfAVjqFEbO!JqfOJ9@J@;LAy^qrGl$K5OMR0?mcjCVTK z(%@$pUI ztT~>UFmaRRuTb5NYAM}Jk=4(biX4uchQ0P{5YukFH9xWR8B5sPuso%3m0b0C4WU_T zTMV9TzV$R|0+ZI&mZB~4T9e!hs;)%MVbU~O^7$CA+U$L|oH{inB}H0gPj6h(H#I4%^z- zes4qL3vC%+hAQ2h#>lR`H)E@tZYLdk9xCZ`n zGu9aC&-7&6@pYLOTj8GHJy%cMSpV)q^3(SLF$b^baUQP{_$8A1xG-`4yGN@mCdkiT zU$x_f_gnVmOT#DK(H2&I%ewno$N3=EQzs;27*uXOVxZ*vePCPoid1d^7mn^UVq8`5+UOT?FpBbt8Q}h(_VDxS)xLck$cwD zD&vcbwHL3u{4^!;bJ>${_lL8uS8fwavRLQsGh+wxep zHLCCNI`M+z)~l7yg&(`bAGdF6p5_U4-k%q|^_4$Fd@w#LS2-~<=J`CWSuy9g?l~83 z6SVh8f@pw|#e$}^*$En)kJpCnDyf;n!`C#^_U6IR*L}sWL-o|G`QAL~Yg(nUMMrS$ z*O%KESYIBmdcTML;jzymi-h~*y`I@9E~(w-vePBc;$__72lo7Tj&f*9JePG1a5Y}` zVQW`qlEq_%1`DO#x%@t-+Kbq|GG@JUud)l#lqmt>?G&%NXK3Y|D}!(o}?P`$4f3wpaIP7D@_eP{PMu6g~7h@{3_m>y0`YyiH>C}yHYgV6rJjuLd&7+y?jhfVV?Ta|53Wvs##}bx2RFgK*x*oxJtqmy%Q@O zWV#}s#USMKEfKY;>rAfd)?+KSa)p>x+%87 zc;m(6E6mkDtyH+uZTZ|{T|xHh1M084;@=h=|DG-ru#JC(&nvMnlelKhetT-;+{2Ua ze_oe#KKjAx{Z(_fHoQm~X`&fm*zE?;|UcskrNeeI?b$@Ovj=Vox9 zIB`c_<@@rqL>rq$Ih;Z+KdXZ(9h%Nr$o|c?;=WTaZn4@hK99Zf#PL91ZJABoKB-4M zWTwW1)!xx7-e^_6R&s92xjPB-vc$OF+<5;oBw3j+;z{^Zf05srPkg>UY!8kSigw;H zsW{|mL(0_PlPj|w-F&WG{yMoQ?}5~dT+`H9_ER@GypQpb?D_kq_-M{cb5*N(wc3&{ zub1lb9Xs^L{8aRYmtjXbHB8Um_IpvZg!yRZ%U>NiE9FG+DMa?>y%2OO!{wrjY z%Tc%bL)(=&m1K%%xo^o`I^jXmD!vnk3WD5OS7u6IZHzJh&#-Q%zEDNYDv>_Ld2h6@ zmd0vKNOApj-FDTBy1GzyizioC%7hx+o@eu`=EI4Lk3TN6;$-~Xkk~il(Qeu7!@bNl zo1Qb8X_@?#&*!`UGqC?L{HX0+va92;rM%8Y9+~T>{xe9} ziBv3qIOmbzGVelZ!OpHHtY1yPYdftKpYmAJHkb5>y0hbF`0dEz35VBKw;$Pm)2~)fa_f5bL+5&@8}!Zn z9p2Y#_5AR!!;!BA%x`%fpZ2ncKkH_Que94)DLIi1vx=Xcdz|kiQv2%5dfv

eDR) zR;`|7{cOj2{-~ox4|`TMpE9*`# zwhJ3=-hcVN=2733tKIh{{%Dm{KfR)psw&U0VzPAjuj{;g3j`!?>y3bBVm4>$R?`q&zvfWP+g)n+@O8I8V+y%WNL+^<`c9n0a2$+PU?-#*Qm`T>F09&`+wDTKacqW^SYQlkIoc zhtGf5I=w?R;#O*#x`oOduFvzk<@s~|n69r+d$Ikbl~(^OgMK`0cx<{PZKhCcN2#w6TdaDL1`)2YSFD%W`R2*1!? zva=_BS@ETnf9E=HD?Yw8Q!Mh#ogY;>#!Za2ep#%WKW*3Sej0ev^xE1be(lgElbfu2*{r^0*2^#bd=*8f*k(uc7Yl#V5RH$R zb#Xn9nAsx}?n_&GwkR&1vtxVHU5?v3pCs5#Io9TJcgKkbbMI|kQgeBlVRIk5$m?v@ zy?p5h5-(I;bx*d=N|_>`8G4H&apG~Nxk|?**d!&NGi`~xs_e|+w1nrm?5b@aB-~jy zi`g(8?n>Gi(@-`=nc;zUK$HDEW(9mRAOSuafK zP&jv|s;f%T;}q-D>Z>VfnpeP7~*4IpIdbfmnq}98g@v7(chxNM zl&NTP&5U!#&3#{O0_X2(XWo~&LP;ps{iMxbt-v{=ETwNlMHkLi4d9w^<9tq4(5hpc zhEA&|u`f0Abjd!S!^6dye9%TXbS3ZF##zo&`)uYskUKOZd4B)=36^KQchsKgU#rq{ z%IHqgnv-wB=ScLGmz`WQ*XzeoK~2Rwer(mV=7(NcwC&+-OLpeH-VgTkdajE3&yexz zqCvyD9~bv67roxT=-K&s=Zqy1GtG;G57fzuJO6h3&tP~~PMZH^tm)TB#yL07z2kTv zI9Sd7hLe(6p7%A) z3+edoZuj(j)x8h<+tsd|*txT{Y&ApK_w{a5V){9qLZ7GDAKWK7>m|!|!MBV%POLk3 z?PwCC$OC?_S=Q^e7fzKb@4IYs*;3BcHPXaAxS20T4dH$zK)!AZaLfB ztj~8776etA=DmBTU8p$WF|*~D_4Xf+cl^6+xMllf4L1IzF;5ot^@ORJWSaG?7pa){ zINUBqcbnpgsOPCu|E1mGU|JK)+Fh7rDI>L5Gd%V{vTb2Z(cJUR$C6fES@G_ewa=$c ziQXNr1D}c|c(nx|6uI3Nu)`?#c<`*IM}b1@M(I43?Dv-1`qgJ$@!$HNAhanAOMD{aK$?AKO>A6sixzwOjz{)rN+`OocDnY^Ur;j3LYOzwNHKmKP;Mc&p< zy(QkQcl&qUo7!6}Ci9@|gz3h$sz>);IkUdOk1d<8(E3E7flS&?EtO>T)j}FirF$mw z@TBy8d6E)wuDV2&*|Yq!yuJ4E3zrw=K3EIdg*{CUuYF22xDD0SSFTjr z)$^x^KmOFT5F^D~yW11}-bn2!(KKEs=X^reIAnQ>%2eig{Gw$K+S`-d`wFtwe015N zlJIP0PSNh|$#NfWs~0faaGl+@YsbYuj;SkdZggvUDYI$&!n4`04D)LG#Mvju{M+JF zbIdL^!1L>~m61#>Q~J04)46ka?H{{Ke>^A8KF#su%Ka1tPKAi8V)4RNfL)BSO+?u;pZqK6~udeoL zoZS4@;AU>jsgi|q+uZnj?9^WTXW(DMQth(+ouN$J+)C4@!MpVx9%Gs{ap_!T}=?fm9eRuRYiJPu2i z!dqLv>^4~9dA(0_+cee6gU9z~+=|waj61gB%8Q;HUmhPfhU4qypZ}RPHzE0;eXrH6 z``Xjxr#}u``}X9^qntNx8D7X;qtYXPSafOHjDK=-wX~xH_^)kIXy`M$obT+hC|l!z zg~G?%pVw+vgidBCkzKWQPQ4{#b=cauYnE~so=uy3^Pk#KMdF#P&;tz65%=hSbhZ6Q7BOSzXHapbWI>uk=J`tp{u1M z4xU!`|F_rN@Ys};v|AZ#w?Feq2|ZDg(ye=CV)V3Wc1Z%K?4>sC3J5*%Y|-0U)e=h* z9hWs29QdSlMk>QqVR_ut4coZFr@TF<6;X0=!^WucbX70IG=)v^yH+|!q!zH|>&=oh z5?{)@tY&%E#j>J3HhhI!E_nXTQoqa?cH&pv)=U2xQtj%VXQ^D`Qatt7ILdX#d2X>j zyI6JG_RF7FonNwA&1PTr%AJ?ZCLax+cC=}Nc3rmesr5}>&(&9Ch+XFh%J}>~M!tKW z%;8E)gT~M44OUWLU%nAp$Xai8df%nR32q1Y*T!o7S@ZKxS}51byK?N6532w2eT`gv zuce`4EvL!u>WFI*R?jC`hp)`KC%tudP_M-E^`d89&lCDBaa+cv!8mTJjJsLSkC@BK zQ!TcO6nV@Q*vR|3YnJZEr@||lXU%+jjb&=@&IjeMELXhsG1qV@nwnpDwEWm5JEg7a zoRQsJ>a$d)?qFY*nWrZbBk?GB%Yz4(TyxB)&D_N96XdFN?#-&X{J}3nE_QWq%+3kQ z2{RmNL zGq%SZ^LqD6YxnV|dN%?X4$s<}5vQH6FfXcG>aw%ywzf}C4?5W`n=gF++tO_w<~i?J zeasGcuWCMC?4A8>O0cGq&G++xXZ3=fOt?AAvsAP-w`ukI(|tR?t`uC_T_c>joB6%( z*6n2zymg)kRGhVOE%?sRev0{Y)hy4LlY7~tZaBS2?c_*(J@3oW?9yG4>vCrW?cpg~ z-S<$g$<`f*1+*@y&p2=P&Xj+fJL8SVbIMk_m^0ouw)3$~Rp^Y8 zpAT4t9z2Y;uzmUM+nGyGjCuY(?%J{@QGKOn$?5sZ=PmA7U!7~4xUKP8#NR3h@QFK%wB7;x!{S5%Usk|=4~~Pu!o8?OEyi}oy-)l4T_0qQ$TIm%Tep#;H{x8k?6qLr_z0~)jevTH3ZJF1s)N zZroIyc5}AnyUZ!m_q4s*)$^3FeH!`$;#ld>DG{fpgPz@}9t<$BA< zpS!~9w!<{06c9`*jb0b4*i+);`pAV9T{Xo{y|QE_dfXoYQCIp=@EgK3yg%CSRtg za%u3iysM(~mh#U!EpvKO71!!bQ=TuK+c#DJ)+yF)TX){LA!+$GR=&L^JAau%>mB2_ z63;EyTU=XqMfWYwubQ~T#D>~e#~X4>SvOhr?PGi7XZeKd+T2RV7galQau%8j-+Hsh zIoWpkt!1+%<;!=j{=kA>9F1O`Dgv`b@Z>?jt>`9b5!7p1JE_hgY>yNjw6Xv9Bu@(+;Ipb}v zyxlRtqr9oh`tsxX1(tcuYfXgz*!;dW(QqZpG50)17T3vrTSd>!Qd6BFu=_a?<< z=w|BlM9k^)Ut0OK;8WwnE2m!ty+}K>oyY6={e@p%2i=}AxoDE)#?L!f+-9uV@tuL+ zrgV8_Hcws3+7mVk>q2I^tLtm)L}lfLED1ZB9NbVPw(NeU(U0DSeN&S=idIz5%Uto< zfaiX_4TFWqi#^}|-u8>!{X4KcY0N(=pcY=i0it=-$E-MjwemgP}x(d-ypg=rmuvmqtY{|s7Pcl17ao^vw}dyuOAw6TF*_jS{u$}I7qiJNvZq_0i&G`KzYvBZ;0 z?&T6ED%o=quEfqhc2c_O>xG(4jI%b%Em*vg{mQJT?@TR{@9e93!XG!ad)1G9pHwt6 z3+$~j?{xaQe3|jp+QcEs=kv+8q4|5_m*0AtI6-EP@T^ZKZ8Fywi5M65B&~9NBt6sq z@w3Ne?kpjz?;HwUH1k#YJnJpnx3d_k{QACT_J4+sY?H{g1d$JgakXaabsp#6;*|Wl z>e$clr@ZruYF}M!KJv}#^?8|i$vBC3n`RuBeQj4SmSt|qugCC!@!rm3`(8a>VasY{ zebQ^Q;Pr`)=WSf(wH-aSR%gSr$UfuCri@o2?Ocyl3uNnfML)YcN6Jm_$R>M+t4ptR zT+6vEwPyBt^;!A1P8M4fdhJbfg|&Rtn) zNxQ?&(gDaq-JGJbC|*=&xeL>Ed7DeX8)ur`rNNGgzmLJy!oVt ziyz~YS-XwRZyfZtZV6J0VZ5}~b?KcujGqJ?WUfcq*sblj8M<$4(ru?to6hn*sMXlo zHg#Q5z>Dqd)>9@~F$Ot5+&<0dY|icdbIYyjThC19RPWFF`s>=+{q4D`c3uYp7$=?4 zS~RiySiV1KkJq=p&VH2ZcQwsXY1bCtImO3Z>-_r; zrIWx+<*K1kUnJg>+Z9KrTNPRm`~fU9;Qyy1Z# zH{H48D^Zr3*U&dL+o8+8E1vuDr5bk;f1V4intd}?+4JrbdQm5D{3Fy&I=scFS2DypG17}Ihjf9+eJ21F8Q}!Y(^!T<@B|^0RxM_L0=Tv;IleSnb|;#bj;; zOJzumO0&AkBW{gt2Zha@kj+!uVYAY|Y+}`VaRlxM$HHy<_j(oFxr*?0 zA8YknO}|EO{d8*kebINlQm#vX2I|$tvDWPW?farmsqfjNPuIPY7ONNO%leily{^`{ zYjpQ9^X-!Rk`>~Q=eG+xTu}*JIrTQrgT8&wcGQbHeiVP0`u-d5nN5|68-@E?YO|m7 zH{CP;_-*#16OS*io8grros`^Uko{I#H|hQHI+k{ykJlP!&uutfQupclY^~FRY&Xwy zZaHtW^YWkKHMb7euicOx;9PL?(VqF=HvBM6e;m(kws{%vWrxYn6| zO?#^=m2Nk`3^=~zM0jS5V7zZl&fgj9bX4buTu_g^vQbN<^mUwa`NQ99_1v~y(T%ed zdCart`iq@miQe+AraP~w zE#>{M?d>>rJZaWbscQzeq8qt-j}*B&i|{nOdvf)%ph~mnx8e&tpToSS7jEl_UK+o} z$u6K?s_ovD^;-2_`&l=hUmDb%sJU89m+|$Nwb7O$JYglu8Mi7|Z`SePm zR(VETZpxp|9h9GT?wyuJ?h;p-(v_y%d(9m$-w(W+cgaxVoW$3)l{*7ZmfdUBja1mQ zwfgqSQ02f$=L+L(YO+2ySKJTGHTInUS5C>z@xiQHKX!i15B<3J_Dd;gld!}MXZXxZ z*U9nPF0?P1R5k0-oSidYJbYQ?_U4JohpTsljCM_a;dCW`(XOVH;Q7m=-aXuUN5Y6r zZpKo7-h*Y!H5k8|&I&V`$TE){s;S4=R+T6$X@$6(=ccl6XA5&lUmHxJQSAK%4T!9&O9Z+u-@gPd-LKhx7OUU zC*RiCCOdAu{AI`5Mg4lmpINMX6>(FSkMn`DZeY-{XOeGQ3}Ra+b{tqY>$u<5FSk#W zitjAwl{mn@wsPP8%oR6ZO_&|Y_4GK0)#tb^+l%aGr>vLI|5hr&wmZ2esJG{FQ_1;| zzjOcDX7A_!6Dl_Uk+I4wn{(#I^1I*JzJ4of|H$;|yOvqco4#6njkUaDe0aaE#QO8H zwr7uSzqu~tjg4^Z@k8~!b(TL=*XUd;&n;cHk;x%68;wh9w^?R$QGP4tQ% z(vSE$wGW7$4(cpo?vc5+{($vsf04}Za)MXaC7YK${_c2=d;QkR{|wDFksqEvzIOXO z@11U0*9+p?b=c3oeH|%h{-ge*{DG)l743(A%{?M+FsD;lf+c<7QomJg3*U%bSH3v! z{v&;+ThaL&c3fsM=Bb=rx3yXQ@Urbq-WgxnZ&dcrb6i({VE@*0D;ApQcge|rZanmN zo$0^Q`!_2#ANZ%&{WebK`Xl!KyPJEOUq-KSwS04~GBNAoozJK5^Z%H3M0DrI%+Tnj z#amO(ZC<_UZp5xK$*8Zdx9`}nt#an#35-{+DPA#I>&x`Yj6*_xO6#LdD=k`N`i=bg zPpizUF}u__r+ItVW|{8oZ^E}#|2+1=QuO8aS!wgD)1OA3lnC{IaLl#v*3`AFYfme) z-K&0cU|o8Uq1(o1)pPn*KAiD5Y~J%9(l zV|?DeVtgMJ7+sNf&O!OolqoWvT@P0VTF)(+uX(y6;>T;RpLx>_CVpD8eAcTiXWhL% zyVR*PXii?T`a-C$-?e9+w}bkUE^5f{lFc@|cJFuWu1V1s5}Oo1waKpT+}F1LzP0d& zPq$tvugWMtY00cL^L2!f(DY4?b~B%x+f(;>;kx`I@`9yzrNchesFsCUgz)k6M(>mV zv35bl_PptjqXTmbkLigN_+M*Trx`G-_nh|ed7S%v9k+Hop6Wd>G~&xw(K83OueSX3 z$I*nZz2QjLFD-ut*~n z?Yq);onky;@!IFZ(`9>?-Psd0_tZJYL&j!&nn!m`wYao)m2Lh%q3G~!k!$h}8S~Hd zmoSO0xE20>+Sk=q-tNOtT8gW`?~A$x_yd~r_SjubCQhx`S`5Yr21>EQHAu*n-e2{_1N>+#AYS$&aO26`}J`7I(4V(f8r~bZr!&( zLq+1JYEQjYQ?za9cGEQ+h9}OmO`dERB9yjm^9SZbHG!F8bry9#Oh&);FdjHK!F0vQ3(Ls$eC* z@$sz@?;f&gu1N{|r&_vZ?zB&nSp4`4Tx(g^=(oL-PrWx?GEK(rg5#g;`Pc2FUsyFs z&$f0HnOzsVxG6hS*)G@A#wzUZW7Sncj=w_h%12zwnX!6f>YHU-YqB3$-?a)Zh-t7s z9${7x$3HQ0M!EW0Q`3!sS7mkkmKLvCK5c>9**j9xf14jM^GO$%z97f3F0ZhbeP_B>ayQ%H`>L>cS{F*Y zolUo#lD9X>Jt&%~vN7eZh`R3ITTm?$PV>ozq1EM(O=k=XTCG+!tDZ8NI7cRV z*5VbnPFt!>a(H<(djFQP-X}e8EnaEsX|F6wo|b0qZ@EaPX0g=OE4c@Lx~r|8lC0;Q z+_h7uUy^5q^y_;ICgZ^QYz*1zS!15la$KKPFI>}pI_UU@qvBQDW(%9& z^t7~nwI}?^;@ui2Wdv_6yCw2ASv{)ho9CaKArt#-SBt%sobjt~>iRYJW8|mU71?IX zh3go2KAUuLa;;99w?xpv+n*NQ^Zj|wA#Tdg#VqrxKAsKQv7_&rx%x8eS(nuOgO1EP zqOCrSYl3y~(rN1bXSz(E?_8Hw>*&+l#OD9w>h9{5e;QWZ416EuDrqgAGDlHq)!tK_ zHkT~fW)@oSv^d7`Xyu-DMx5`DX-%A7l-)hqdO|ewe$na12D&eATx~jY_H%mQ*Vqf& zBA5Ow2s!;zto>uMu`7Xo9j*6OBNk1%*?V?*J2Nu zs~E79nJ)XZ?eLD~TPyCYmoB`%P_!T^bs0w-Soyy$TE#p2oq z^=ziJlJ(L_PsF~z(%d$Yb>epB0}^NL)bwu1@O%z?wC&E4u5gjC#bs~RmDgE_@;(e} z`Lkr=ud7QPpXQ|<4vmb@P?=D8`QEfQTNj?o;(vO|&G5YBD#fPFvbQ%!RZZRZ^Tw_@ z-w&)%ynJQu%h&g|_8rSF)LnZkur>JdJgqNfE^dwoB$nSgpxpA{&&^|n-bJw<2?d6i zX7P6Abgerhz2J4gx$xxFU42@IABb^T-aZ>XH=MPZ=kZdGvJ2;?xkeg`D|y&l-k7& z6;Eol^Ihu=yZY|0Ro|d{?y$$y6s}V@&z8)JRF*vF_-tpc##kN>*N- zI%Qwww^h@E^HfAneP7vrio@-(?21drx`PrGwCa+ZG$(oX^n8)ck~a{sH+6r;Q*`su zgjr&q+)U2@O#bqnt91_MIxVhZZqja^e0*q+W3yKA#yr|m1tr<#(v z{~7!;K7TWNv~!jDyGwbB8w`ElXxug0^Idg`;@+$|-*t9s-TfUB6w`5I;cWGdtBPYx zvLffJ^w~$9E-TUPe6njgOWS$T#z(wS+7*$KKb2?sdPkWZoMCuA>#1pN(l+bWvunF4Hr+WJ1 zakiFsuIs`C^kWMDtkRsNaWY`R#ln>f+#Ii83G=ztt!Qsne`r>?mdR43kA+tl`~Fg$TIv_0!tTJT`f9l1lR>a*V1 z@6K!glWqFEct_rfX>Phl`P3JBv#rT>UCpLmxXgEDOOSV1P0o#fTP*G@5&l=XP`R|Z z;brN{DBGEDk7ez+k{4zCxhTV+cdq4mrU}uxKPw)sUbv^=%i{~JPbS68OD6C~#c#6w+4%U<(!~*%UEO$h&%1I_k}ra5_csN{B!kQkneXcI7QYOdyfLQh zs6ih;+XS0EJFYuN|SJGPG3xPX13+T`CF zOdiWc-l=nJVwu}4mORNiv}3E8bKB&ekG_)*E|w{N+qGV4;?&e*R##=VYPfk^>yGR$ zVDmo`x^Xqf&OVnojaP$eQ&gW}AyxvzTQ4&)(X}@h;9Txqh8?viH@L z2^>o-|71&Qi|6ukKIU0!cu;h5dE(QPt&)GVGXo}0`>SP{E9Iu>p7;25*l@UCuK7~K)dUY?cniD#XTiwsY zZIT&2UfPu%={7g-VzkrF(%&~9Tw``#ktxnA`gZ?>$elq}A(P_cER>jcBuk2zCRdz# zadY=>sj_(rlN5JO*_e{^Y=iDck!KG}K2Q6nwmc$p`{g^Hh2N$Zof2Vxll5)x;@85j z(!`RVwlb?$uuV7W^t3cK`j+`DoX;n>e+uJ4(aEZdMNfUT^<4Ko>ciBvt-DUzJlS^V z$$HU~cO#E%w)FI4caJhq556C&j+d{ft4!H7$+}yA zy3QUm?RiV)_=Yas$s$mn(L3$*o_U4gThFs(-xJ%|9e5?DX3Jb-d4*|z*iF4YyIk30 zUG+@*X=>w#vUv}_tp4TSX%oBb$F|EytKO_Fl@WX-9ldZ$K=q@YsiDgurniBM%A@8o|l(Gj;CjUxWC+a!X*3@QRt=G9vWfAVq z{ZmRrU(Dn9aIW=HuI}1*PeLar+&X@3)0Y1X?Yk;BXC`+`Z#?imDxjh)S6V#GXos@A zUd39`Xh|(s-~5NiR;CszWs0v>l=)<_uJ}lu{71f?4f_@^KGChO_2c2{-B&xKZE3|U;WJwcIO-Th<5#F;QV#@kM^V4{1VYyHu(fa z96!_Wb**(E_dZ3pLtl08?MhZjOq+T9m7M6coM-noiaTED_gc42*wJumLc-yd>%BMb z*us2jM~9GAbBO6#scR8E+Z1a(poOcw6fed(=|viD|_~&KtSrOq??zOI}~2V9ti)m$v5R+DveE zt3S4?gS%Lz8g!Or&#fyfrY$mTxbyhg_m$Ihc(%(VNX@cn+9%DfG%-1{xS{H^!y31Z zCssvdaIfQo1BG(6ML$Il&1J>IC(y*CM%X}!|n4b z<;xRfwoTlnSA6irmWM*yr8^|fo2+o+(JSoXx%}NBoY7Og=i({v6pt>WbBvF-+D3D3 zo7oK{sbPwC2^+1c%eZHKF*u1&F= zd9d&3VP4NuK06=IRsUTcQK_$TDnaD&(sG`p&D+EZWO4$GyVfs$88(Y=*3ty&E6M5` zmQ4C_;%J*;+&#YOTK4kijnlhUy!j$-c)~B@xeZs1rcL94z`mO{Qf-3I%%Z!lUf7bo zHY`x$1jA#~m&eTQf;g{DotS=jpRCp7e;-mqdfu-4?RHW5a&C*^;XaG+%U(p8uA7~= zQHke4N@LV&<-d25^POMEP36!y^2>)WUc&8tk!deegX0NV*RVaaSbMfyYCZ5^^4HbE zajqPvzsMHGn0N2-e|F;9H{Z#BT;!&%S$e8()#o-j-c9{IdwedPxE8kgNjh)L(lhN6 zg*$!+FWvF^d1b1K`Tn(Gl^d3%?~gyXLo2i>{luebN zKI^`{?5W4U0Ly2qp7GVae0_gIeaGU9{~5A+6=Gv64P&Eh{QRB#9pfYaWM5pmeb3&A zMXb&3hs$NIAKcGl`u#)y5nbjZA7t0&uROv%-}lgdS3CXNW{a0cz81ToTb;2kUZ%)6 zZl0K5$eXgKdRlWmO81_hSW{RK9yZsd;>^s@FRx?1eD}Ec$mRLZ>#-mGj=nABd{TON z%bjg^3S(R@8Ew49_`K(uXmV24zR10MgQKrd`poj<;xQvc~So$DTYbXKp?zsuQ{*~7ncS3Usr^*H@Bp|JYlM{v?*2bxP^p$RF~^?>nWf6Kd$aOW*9zk z{tCD4(uW$BC$6!4bLPa+hdN%#eOGrq(^Q&J*>3SNa(h+lzUg^sMobJ}US)G_wG@1l zU|@9gYGBuH>-RU$Kb|-JgZrU4)yse4RAy<<5PA7Q;hg-u#ak=t`|1?3?hBW$ES0{v zQ+4`#zQ&@gY5U7dSHCKXy%#%`XGg?in_wHmC8tufmb{VMxAnneLp{&M-}%H&go(NZ zhiBba4)(gF7!tAe)AAkx?bVk}7IO99UFW8?ylu-;tv5v;zh}OU=< z!@R{)_st>wm|5F-ck5e9zV&9xvsu41!iD+SQE@#3)s3y*sjXSJ6%I13xHZAB|Jatd z4mN#XXIUw2QRy>v{F@aTdXAC#+6==}lfNwWc`!lS<>)Dk949w-_CFa~%S|R8pZat9 zteQfZkC*1&64$uWSvIM1$)}355gwZgeJ2(zDO*~&dPz{mU;axo5_0}t4BN9uM()bf z2FA16Qv!b5@oWDK(A|9Q9{<)jv7>z=Y4b%_96$T|sPCa;8QX0d_V;?H<}2o~zK>!$ zAmC?dt95nilEM$KuP+U{vUQQzu^WQZ&Tq}QeOt^&|I_m5=tJTR|3p)jId-^9uJSr_ za`%Lz*>~1PM7!MH!d1fXUAaGM9>emrfjyHIeQo`p`$xM-#+19d;ue;9ey8P!rUEJT7?>b7}6-|y5;NZTsGA45JoORjDcV2dS{&daHHAP3A zK1VLQY^n8d^3JpV%bJevS$B2%iWmQqHr^=gN!l%$^I>_xpVfA+PE3f<-&%5c#l?q@ z4Fu;zZG2j%{b9<)#b@)*7+6ZY(w^|!WZG$k=gr4uu5Zbf%09!b#Qb_ORnAZn&onLje~B#nP5>WBge5q%q8&2v7PGgg@caI z>)P>nse#8N*@ttNKH+N#?GE#dwtS$U{B_m6l0uEGm2A-)mUq~!sM*nZeyf-3aktpb z70>4!)b~3QGRe(I#Lj8n)VQ;kq>~Ik%RO7#*b=y9lYz>55!D5AwxpbVdg5M`j9GE; z9)G4ceD?fN%a?DTwI(&l!0PI4_I~vb_Wdr)c0qSf*IOcI~PS>Nm{ zn>>$I35JUxq5_xp$9cc%3M}uwr_6;+`1_%q8aa#!xs&5O3ZnKO?!bZ%?mYNp$Nz6-V8zaceEIcfbf6J_RwN^{j_ zy?Hp{v23R6{%JEa{wOgMF?i9c(z)zQM7Q|H@`2Zkn1J#%E&mzC=GRU+LOCeE|fh!&Sy z^s=gU?UeLsnVcsV+;z#1RA-lzc32kmv+HQjl1clkCPoW2tehW|6>;sF{u2}3C(DD6 z`HES8pKs7Vr9|ZT6lXaHcH71ki+4;g);<;@x93v$#+9~5=Wcze<-o(|c~)nFCkvl( zkH)iwtYYzZPq@`qg?zrNW0tER-7UaiH|5%)vfU|RMw>SHq}!Zwx-ohtgYL<|kjHJ8->N;5*x>nuKW5gB zMjlmFo5qu-qH}kxp6*aQ&)DIs+U_eIT_&OV6E``$3|n|*$wUS&2L%RJhcrbNH35rv zRu@IO4Kt?M?kT9%=rZe>mE^JAwqJtTkiNOcg#__l^(gI;#P!S+0AX0ud>%%sL4@v^IZOO_w}ha?n;{+37mXBYkT^d zyN7PLSRN0^jtE;RzSuTKEmOn&p6$BxVO!_jS8_bQaJ8nvEtWj~$8oVsDw-mc0=~QJ zScSVU|1mMr$)w$;h_}kbaQdC^ioMGNW8Nz7a*;QDw#@BZtbhEqov&r{?w-3gS>=o9 z^4#LxQ|s6hs;)2O+Biu!wA*Bg$xMc_g~_3(1!uKgt5jty?62A?&}XB`+NT|O(<5{H z88uf0;mGS%5haNm5_eT!JLGg}Qp^L!OH&tlvYoiR;B~OZvaLodos7fMWmo*Da^X2C zaE{IJ)~0x`Nf%?^Nh@34?fPPAa_HksiQaw9dsDM+3B@QT%zXZ?F-EjtW7XmV$DXc@ z^LX^#P&y!?-YPTXQ%AX$@j0tm7q4zvecH?}B<5Gr3LRk$yOebGm0#9dl{}SRd@w7Z zEF~+cPj_P*!vhVO$^Yut`la<8x^Oo4O3muNDIH~VHzw?}uz2YpuJwDOqxz(0oANHIuHS9dSAOd_@T|YL&i`mUZ)F_^HGzuUotTn75{l@J3`JpdN(Ofu-|)a zXX>ns4QD*{?|fSs<|*>D*PzhMw%zG)bPFu2r`F z<<}*Bn)mF)WxlVQ@}rua%R`~Bd9Cdqb3LzBwH7O%yL$85o-2};EOK-zm%H+L>7B(h zj-)?3roC?S2j9mo*R7?q<}C^9>wH*m^mJCn_S}cjqI+@^7Psc!c=EI z^is1sFRWUhe{SpBKe8EzPq)ZacfFqO%*EsL_di2R>FTh363o)7#|#Rx7m0a1onv|P zA}Zz; zE~pXwAuYSgU2Mj(h{(dNJHupOPyg}v(X*-x<$Z@}EKKhfn78vX611-3I68O#E?u;*6&S>s?pmmAG|&ni4Pi z$MC^k5!?RGM-Pn@Cw!dm^{`H^?)E*lkN5lE?UVVjPU6eWBe!++_S{)=eEGwu`Yrr# z64%_hbzXPv+M~NT`C?L-=UhLtYyKbM?~hhoQN3m&HtCUvbk)iUos2RM!kpv8&v$%^m36x3yYYDSq*sf3Qa)v0OueA=@!RyurEw<$&$t}b zusHB+$MP8=Q^mE4uDokMyy887#py%y#cPyp=gsPVHsfdSzE7sXAGUYdB!9T|QO9&z z+BP>vX-7AUCO@4m)#+wDRiu* zsh(@k=H6s4@s--1c|NKqm0xhy*{B}f6!r21Pv2tc)yk1Snrm0wHr?M*(lJl$abeVl z*!0IrKh}lLci5DzsTjDG>9OhUAMB6$CX^i6_;K%*lm!p=S*~Aw@MDOvXVGV=-*G7k ze>^{kEzDf!{K&t(OwF7}USm(`x8qu$^|y`>A=lJBf6Om5 zZT&T8=k$hSD-N^ue$;yQ`G}nSrWv=R6%Fq!c-$CKFJGT_zT>{gmYG|ny{qHRMD8qE zaZ=gze%%CDlwrEXMxdb;Xdt=H>T96}=*NTkQ*`{5QY*{J8qz*ZpI+R5G^r=kYW$9Ly<>i~Pv{VBf|E{vEg4 zyHqcy&i1~N`g3td`p(0Dvv1ZXzwg}THnCK{MgJ?K4A1?Yo_+RnYnQnO&DFTY66EXg zbN#V;&eHoFuY{uGqpT!u^tta%u21t7P@K$CRlfd0e2+Xwjo{BFSpWSvWc*V}to%dFIX?zrDNllSZ2-)DG!jijgcGQQ|qs!l` zY*oJAH`TMG-Q`~AoW2?B9fNo6(lfp6DxvETR~>pH;m%&Gpsi~z6kVKnY0WJLyO*zD zhb&C=T6*Z%nG*$J+qV1_y=imit?Z4f5&Cbwytwt~ISaqnvpv3#&sGPxZ@#!#Q{LyQ zEsxNYyS?wl{y2Yl-kdYb-ZX6oGo$1CIQ2*OMJpB`pFYXorf-69Yp3Ti<7obey?)<{ zOY3*J**y4sZ;OtN#)sq6x+ULs9sGRu#=FH{Q&r2pT4Zctma0tB+i_mxcR%m8J8pGb zUuZu}c)2&}ua^0T!-^{E{#jX5CN5gb+_de(?L+1E3co|AUW)YOZ2Y?JKt)mf4ABF} zC0D3?xY8hL_CcfMZsV0^OU*SY_S)+lR$Y3@@g~aj`QFmCOM92u&N%tJYo*={-Of{` zw%O*=!iz0=oe#cTqv^;eQEIVHKJtT4Z{0~9Nv?u@SKsZDog=i?h^3jofwyRj!q9w=&L(vaz~)U28!DZ}yM* zhs&kbPMLOO*Ux5#u=Zvf=~X|f4}QqJH1~(f^N(wlO?qX5T|JWmj!tEen;Pfq|J$~w zc-@Z~HK%H|i)y7FER#v@yE=Qt3x1v4HtB|gtDfz6EG=Hc|HwA|;H)Ke${*JL-gNBt zx5Y9G*RQk_uDkJ1;^WaNb#g!EW-Tsi`5h4V@9W3beX}3?^S`psyO<`Sdum=wcEn)T;XAuqy|Q;1{L$s_({J>f9~@M7T`F@yf!;4 zj_;${M8$N+Vy-V!t-H=mJ}f@{+$G~J&fB+go=%?oX?sz#d*!0V@wZ}q_1HYlW@gA4 zY`Q-6t?67NqaY*a#&_?e` z*A#bsIM-jwGhI$@m%e$hu-w#sqqtkjj>TEe{0{IP+q|Pq{HkdX(}JH#$Dn7{9Hp zzS;W6Ux$Cj?f0y*+RSoN8+YpKUS^)xWBA%7vDjnZa&EJ!b`veVx1RG4zPDgU8|QUK zH+Sc_xoWc?)(hV@=;yidc%EzVtp5y$U+AiYZ=2I`@@N0j%r`$n&n}K%Y*3^8k^5*J z#}(1HU)d{|i-l!+!dJc6FY<@~@ekJhoh3&+xgMNq=UIMj&!zgd(`7ZMW24n&c>ZS1 zo!_$cK3~>Li`t7%-XAXvdgpT0^4Gk>D}H!KZ`n{ipZ!(ftFRuUjb25Eb{v<=J@d(N z{mbB+cl6~otc%Y^T-Gz4tERa6M{-C-Q$uR&jK}x8?r!?g$hI`+y42RSdmkwCEObo$ zx?)pWpr1Pbn!B05bSF-`WU@njk+IC91()~KXNu0=dcQS=WA!Dah*@u*eAwSm6BqT^ zeOGkm<}*Hbn7^#D|Ikn|*>&o(%Q;Cq11xXfsnrUJ^vk-I@jPd1FZYqeM;C44OOv(N z3wSMV{?WCzIQ4O@l2PY+)lbRq-yG)KH?=x^R)(H=Tt?chmv%2R>VgCRGvroGvd;Z( zm6I#^;-kL*TJ`KK&il!;uGr|WdUYm!dceGUbvKinvgcjhQr}tSvR0=mV5h5Oq;T`E z@CE#0_k67mu6(I&y07q=#?NUBuKx*MIAhjnm#e95F%Nf~5S>-1TbxrYC-7tGg(R-M`G(PNbfc{CiXm0lKIwVyPI_@pPpTLu*mTHww|kV?L+5@ znr*s$?Bn*_y_)PQaciZ_;&eXj+sHWii2W}0byY#$5A)fxKA8M+J=F81qTm0}=Jk6l zm&Yxvc+BX3FKQ`!v;F4fzvH^sn&|OGG8cxjok{iMPCEL%W!>7`PO*#k+~!8`n5K9x z%@hwbDZZhSyz<1eUD9j4gWGPOzQbu_tX{P;af#g~m7c#}C3C96U7`%iJq~aA;NB+W zth>)yZij8QpY>gR*ABO7x3~Rgs9JPokNwJ*hO=)+bZhYyMwHK5d-o=HZB9sEi=J_K zLED-;R`=!?tJ`bZ%*)uZd%`ihBMGyYerJ=fQEeRBG?9k)(Z^7>ugzxBwlLVaRAlW_4-31! ztD?1T$;|z`^bF6z&&`)M=WTa0axIHGIziG?`Dfv$i7{V~^{tgQpLx4$_Km*anR`oX zR?39(DDgHV&$@8s!6)^MehZtcoZ|Ts%f(AhJ$2fo7&POA-TvOxSGS~}m~N0v{+zVs zLD{)W_EH;|HvHWAeN}hjslJ*B=?XKC`39ns%hpVKAY@w{Tl3A+dhQzIml3nxbr+mT z_3$`eVD)v?4%K9)Co&IYCRiR#sOWnZn!B>G>qWY!?v+XI+p;HLOXn|nalEWbYHC{A zy`?I1KY9NX&0TUk=~9u!v(-oQcljA_x4D#M#IVfZPIcJI3@%sg<)6dre1kJ?%*nI6 znz%G}x5M+j1})r;KcvpCbroMYziN@i%wKZ~XFc0GGcBda&p6g@%Sj$~i<6=!Uh6Bn zc@~J<{w`g;Y~9IuUC%rxte$)JPI1(`y@I2kPrNYCFeEQ`s_|5X z-yUr}0cyg_>w&W=_ZHr8!iM99qGOvAF(_Y3Nw>9bCrHF`K z{Zsmu?+xTiIQg7?`O>&2k&C|Mt!vY}`S#x8S(X!$RDOE?T*W%KLd$by%{R>ne{Ekb zO;O@p5-K6{aOd|``30~1EhHa{=DF+6xbghHXyAjeQ_bh9rIMJB-X?Ad-5ql8>~&k;&|bFp)BCGtWnP`KB8h+HiiZii+ur;NbvgUa z&*`TN^M&$NllT2NEmUFC7@YUnBCq0Y=sKQ4r<<}Lj|Q|&Q=A#XJn_oa=x2X#o;)b> zpTRO*MPJ@)b+NWlZccT;gm`DYFYjZfy($j5E$#R9{KD1YS!Gk%Sqf*ZRdHthe0ys~ z%H57c)fAQmAvVJIwwhE5*gf$2b9Kt8-Hvw(cr!BB1@Oq3f6`pH*yr_^%o{v>iRVPw~D8D+TP#VrK?xuuYY`Ps>R%po3~#Ct6lK-yLut=gqz_B^{qww1 zILX~fd-ezW)=)KJ593*1^|@ax;<(uKVBVBR&2ITGs*JTdBP(QC%dC{#xj32y+@nrh zT9neldw5>+rR`gG+pP1JnfGt2?sUlY4X?A6K_h2Yt48xL$zp&;H0Xw zbe;6ErkpcGBP~RJzdqVy zsC%XAn(Db_tIl*({l2PNyq>?ksA}@Pc&%ec_S>J^l=oH4GW5Ogj(P6MdtY|ueOgvf zyJNN2@zwtPB3(u&-uWj6R{FT{M_r3mypy8FW_)Rytx{&2Xl2}w*FLvQCfzvx+fY4Y zx$b1`+WW`0KmPEWh4tgCtzuJig(fS=T6OV?rYGO zTPtI9_jFXH1cXlQxz=j;fmvb+ck|qte>7(0t_hIp)eGhSbEC_m%sUWq{W5Z=J=xH;y}dq_eBWoAMWn3)OFZTYN4n;wz^m z^Ve01SNjZqT$yMkeEixZqp2p>mK|NTR6*kY$=7FdB3@0_dR*stV4cgkm*2C)U9T*< zp*Z#Dve`Cw+yqUFm+_^(u(Vy7>>gAuSF6<{^q}o?0plyJJLPGFcfsrt4Y!6RmeoJMcpL=2lyy8$v=w z7NFauYkBhp`j#(yWOeOgna!^&!S22P8Pei!Yu?oiJP3)+YVzV|Sl&_TTwRVT~QP?)ukUmb=WUlDF!FAJ@dF4KBx& zrF)tx&uVUOPju#c^DFG)cb}+@&*dzCST3$Obj>q>W2rLZl@ilu*Z(uH?s0y&Lh8lY zXUAr$Gf!fzWh_ikn()*ASY_0rTk*G&tFxz{+E&27*OHI#c;k8V42QR zF1m5~u@19i4U;PE=a$U+eyH+G^vZQ6%D>wsZ|yz#I;ciw^F>p6;nPbhru%)mCKo%q z!F_ANm7KTBHRkyDzI$%4Cg_-#ZoxUx?HiJ>_gvri@8Y$1o-KPh*VWkkaTiN@zVO+; zvdc?mL`Y9NGp}U!)c(|G>sr>W5e~m{b#r6ujzW&74J?1NU2aaVVUvt|5F#dg{OM6{ znVygD!!OqCZew6#X9>0B;yUVkeL~iiokWP^)j;RGY?Nvn5RW#*MmW1YphmGQHe+rwX1gkoai6onQ{J@iR> ztKqwQY#GWuZxk4}Z!Ou!dCBDWN7W-|cJxbkOFiDVJa)~xg3GsGX=-aN)?{C%wLAV! z!qEyhLH{$0_mAylWA89EaZ) zxcg;ae)chK?UGa5J}$eOBXNT-d%mFbTE11hrpd2uljNBz)<06dbt5YGa`No+6CYa$ z@BBAqp5=v-ExF&WH~u;N>FB&r*UI$=@`cxbi~lxl=L(^J39Qj8Wv;Kx)LfD!e&N-` zn?KhZPYF9#7xh`Sw0INO@tLphr(b>`{q|G8!l@0fo1?APcc%Z?T$#T7X6DA*N0T{1 z+Z20`l&`R<&C~l6TPd~dbcDmFsqGA1$3IlZ+$3{^&YsJ;gt+ zU#ME%V)9aVUG6NAyC&&#_iTK&hyUn4`Pm-VqHZX<-91*fHE?pL=d$vDJlldZqEFsy zWjI%T*)&$!Co@H}Sfz;d+`UDc|B1W~Z?Kzge|D1L+t}7?(-XGytGu4%# zf?L9knzN^mT?|>ZdG2NR6IE+h{jvJEcSBd1$2wIm;p?-$#=p5eb8XNsiwNx%3Mv5P?%UB>Ws96H)C)Y@zBuxg_p-RZ;Xk(5?)$+i+ds!o2MZfMC|hHje_&IT+uPkmjn{UG zMt2@MKF2RoHa+@>&8_b-X&*jnizBVv=$w^wC%jQ)*T^sua|8b zjW!vjZ4c|6I^E`p)cKv8LyOMv+iDlRW9I3VIPbMs%f*w=s4Dd6W=)mk(@gIV^@JEr zY2;s@6E_RrI;pN-n-zlUn&RtG=}GEJ*5^cw0Lf-p|CAnekx~-*VA%U8O=W{Uof8F%8U#% zyMLW&D#LM>PgPe{v|m{Y&UyQ?tHh&b^PWlWg+cCI?<|TcWiHP&uy|7S>tbEYZ6`&k zP08x>?oCOuI43hFxbNxXuC7c+71o!(F01xrCh<6)`0_Vv>DlX3xb!V$StE8%JTA?? zHzDiR>;ox1M?8Bs?RLL+Hj^Xf=~`1i-R}Bwo9)@z%)Dos8M_(^Ay64uL z`?j91a6Y_xMNI9shtVn@JYHz8*{PYG|HQ?Q>Eo~K>st=1tUG_|$9&5?zd3P@<+a9n zo*tIAd$l(2)L_wKwA(7@cTxG>gUfFd%=ws}e7?6gs=(W&E;ne+t8+*9YH2P@l)Du1 zl_7jdg|uheUG94f3ltQ}&n8vaJM~GhURlM=e60Gq-^%B*JCC1kI(%t&=Aje6bk;Ln zdX~26RTxjrj_EqlGG!~x@9dJ-W|!>^+b9;66{Nx`oH|><(-!acMIcVv{kCyYSLYKYW@Zk4(9=qf}q0(ZZ+6V8t^!B;0&&u9Ehs(X+ z`D~$_>P@ew7S;#PW$iwgx3lcd)fF2SzvGwpn;P_C$KPAYFT=$zJUrsMv{)^pv%ey# z;ux!|$cx755|2gmo?G)&sP7b=^ZTH+;hgVl%iU$7_jZ?st69sw*f~jh>O|u=^}nwE zN__a%q2l_t+7HJ&?85IaTXgF6jmEA&``R9VH{WCS5FWs2AQC#-j}eSQ4>!fD!V zJ#*GotgrgJpvFFN$x)RvHpg|CrplL0zO+X@x;ypxY~c_5RoC{!q#W<`-4^0B`*Mxt4n*fyg`1)3J&?X1!rdlHE(#aO#9P{P}>U8B&PS$>{Dky zJ8{(L9H*Sylx0_CPpta&y#J5yIbe^q$kNd+8E@%(3wAIUB|_4|77`DhZD|M zt*upUoyT+CWBE$e)ko_z{#~4>xObP>KH<4aJaww9(I^K~i~Em6OE86D$8r zm3%Dk71}e8VS!G^CDVfpQWZTKkCyhCF*5|sxS?nXw{M^FXI8&8AyVpE5Yujv!mvjNSZlSW&FAS_ z+ApzsBTrM-qGB(r{)nr6g-30i=Jeh7QgZUUw^hT*ja}xdHUZuNR}C2@n+g2K>cGtb0kE@Wnv6m4DgGI4RyUH`3RlW$Jq zIR5k5#;@M8C*1R2$C^C5WRnvoWZdoZ=|6+O3%-W4Qp}B$?5&=twmnpt~#jLr$MQmBvwcPD1?XfZwR`L^7>T6c?G@`l@e;afGnN^M-SdCg2AeTBlVs$=@H z$=*GzGW}J{m&Cf7rKmG#s+jsOpR8?j>Hy!4qt=tIp6*q-_)IkBgVu>%9*;dP8Sl`~ zyBc=ypV4ooNoVgZ{iK&V!Jvq}CRp*n=CuC|DLrS4i;Nt97KW|4n(lAl`Dtz1EBTZN z_8GTl7Vz(l^IVhj<*|v``#I^aL)Iqi#YWnM3v4~C>~>#|VYPI!hSYU?=lipkFV70U z^l;J{rA?o_zOKHuEqvWEmxHnU_GaO_W} z#GUMxwy(~xF>?0V7&A{gaA~*d(M6x$N*?2|ZB;tr7bC~{*fdJq)jIjk&ENN~78oRm znY}3P+PYGf$s+V$xX**Hs|}Cx?rQNkzhi~V?RYN!Wmz6GPfray`E~UR!Q?Xmn+*>a zUkQ$~@MHe=f@7uG&Y+_kkDA6Bc+L4{6SA~uc9>#z#f{A~j&C(pNT2>xf-CFPnl&y7 z4YsdbJsvYUKEM8X^^4?Oum21wVQ!YsH?DZR`O}OE#jkwh1;3pu4%{V@v~Z<+;?{+M zZ|^yu>Pg?q$*rg&yTkH;Y}OlZjo>}{epe*|w=Rh*eC^s9sL&+-&*qcytdh?51Fw5R zPEIO%+jEJdGx_+1%TgN!T!VKCZ)4SJyWKk{nc>RB#a2^UxT=md6sl{#_7LQM|9MLL zyS^`%uJb)z+TUQ+e{Ahxm7dwL?mL&|s(SpB`REkpyj%O2WU~NY?W@RzlRUmjGMs$0 z)a()CRE6eibEQ@nZhn#Bpt^UBVblbVJ60DKY)UcwzI<0JtI}(a7S|((*VhD9_tuyR zFgeD@|J&=Cwa83J%%)Uw#nefjcFqT6uB@t=lH6zeS96KVac}(@MGmjKJoiO(IGD>l z>bNFk&L7t{*Lb(xMTz5yKI@V+l-*)ZPO46tdNH!&)91_bYrS(A!ra&`9*e4o-M92f z?|If#xz1TeIN>b=U(-b8U3`YUi{DG_{g%o-vv|%&zpYzbC(ixkp6DwseWS_nnPIXf ztGmQnUAb3}n0GGIu{|4_(ifKE@$vY*)neDOHYB8O*js#Uj*0p5sDkQQ->fbjJF@4v zZCl;eiy6BMADv`Ov3S8Cdf98uqI0JzZmO@gzRjDe zUbyvRv{>*u&O4sA+UHE(3pwvkvf%x?Zn@(}9-W1;{adRqQhEexA5=ck9zTS zJ-^#_p77_Tw(MTd*WErnbKy4Wxpm)V__jW|w&cP2IV-&il8tqCPVTtse)qjEr|lo# zT$TB|j!6h#TUhk_+c{2)Cw)_D7jZaFj4wQ9X=`;|W$r|Q-kT?DLO$d-n%MK*d6k*l zJz35n?%5tKU9WeQvPqp&%L`bm&5!yEMaCW|xvCVNdfI$x<=VDMm+lJk&Yp62&Wgu- zla?>u*{5a{?4?{|&GJkvGh|xv(d^oJuKlVJlcUY5QZkuVMZbAFC*(us$!EDXtuj|u zwTE&EJ-KqE-)&~1uvk*@(b&zG)VcQ*8D6+{r7S)}IrC@uHmxUC)uLP?jC~wyEx%YP zw&l)fIusUjVu8^&re)hMg+0kjJ*J(L*|IIP;KuuV>!UI=1#dq6ddzd>GxwN+vsvfr zY*p4&+-!S0F>yUeG8yAZ7?3U+e4XUvDzBb!d?BXI_+g%&k=1aSz zSQZ$uX`P*N?c>IKKjZ#fD>LmiP53l*Va22ETsxjH2EUB*5&LL0m04Z6EBSu(oHup+ zKB0}}tb5|Jz2{kouDzui?6FmL2~Vq#oqK)M*6b{<6voB_tD@?*Cu>bgWms{}HtUSk z(^-5AYyW17TryGGlxgSWF01u-ZD*sAU-6}l%Rc&UUG%e1;iQa|cfH8j&+mgAUcU9y zb`}>Ync#4fugCb6Yh2U)(+BTy{%81lT~WSk3HMGJ#)%E~Qjs>*^*OC(E1$2^_MR-U zbmg6cf=@Pmo;6i9!ju2?(L%!-kDb4nEpG4aGwyQ@=s$Yv%B7jAdsWyT$bC_ct5`8_ zvflEBu~Ts?cuRpzMlmDlI(!N`CsR zTUTygrxG?@aGx#HrR`nsgbXGcJ}L5i9ph8AYO$nPP;CEN-@jWYgwA+p%dx6U+{pc6 z)bTgR*JhfnEqwTUo0{Q-W}EBE#d1s2MQ*uwemS&WN@k|;wDkdd|1NJmy65?!U&;P9 z%H>-t-gp1AsF)pn<@uiLe=Js=tJX8n{+TQq&+Qtg^RIoS#22#~?vJ02KfKocw|)6) zmvzt2+_A8^?ks=&@*`fc;>?`waS zQ~MOp_@9@X`YcR-%Z=t3GpTuP`}_)y=NV}4y0q24z0Ro3ZA;UgJs;;!XSOtbp0wHP z^3)e+rpBF^d^~=8-{Ozmhoah>b>A%5_LskNkyRZ8N*1df~23lKphs*XK*~ zyXLdoNmX>#B!AHQ6LqI@={!9L?mOYl-KW%DEiKhb4sCs${QA92-I?^rk5g`a&eBw! z(_Xy6rZIX}{Neu$d==q`b9Tk;<-NM!U$2P6`NuW)1M9o@@%~-7Pu#Yz|M3Z3{dKuz zzQW$07k@u+E_=>L{{!#4<2bjA-AetkYw4CvO*L)mAJaZx^U^)+Jjl=*7>&y zuKyLoBo^teW_Xa@^vuinP18GS0w3Lfo4sGcc8}H(71nc?_FT_>7|k#CBiX6z_7Ovi zaEB1{57knpv+Jee{JCFj-lbm_wtmg&Pk(f!va)n5Mb>#gd{N{5+dg|4$GhIE3y*8v z5sc0KesnMQ(LBAiAEq-proN9^-<$i#GxcG{yZ1VBk6bLuWF~31eYoDC^L6KwZQHh0 z=rP_nE^*xStNks#o>04A=-pU*F^vhbifKMk3l+RY4@2^i^FZnX+&OMc; zgOBFkIib=aU+=a4@8U=Gt>qspR(UL$DB2cT`S{*md5^#AYD~+QtXsV9&^s;*yr zDzW0>OY2ilRz!u{Xn(W%@pWOvZimUfAJ=V&dTZw?7Jh)GHv4Mne+KU8*J0v971cqV zSI>nqo~^X+_|K3Y-+u9Kd{!L8&RUxjPY*56+j^o#>&MyEHKre*%#-?Pd-lk;jvM!m zJYHMo-tl0yg)NiciML<<`5m_VFMVB=cU&f4`{26z@E^ev{~0_twLei-SX;ex-r9%u z9lHwmY}(%Ev(8z-NZaT`Me*TnYcp2}h}*t?`5`7;Dy(O#Tlr<@=iT#J;?|y@XyUMb z$13r89CKCg3MepN+Iu_DpE+w?xc?4kHCwx_6YC$eaisPMoT?ICzwKa}L{6?hDvcv534<=R?oM#Wtnnw z*Q#GR5(*2R{AcJby|s0Yky_d3*OBhN>b*P9FID$D>a;lBxNy0?A{%RPt>Im-Rg+`$ zzu7cKo{40>5L&Xi-r(4@A8#jV+o$EeEwN-?WK+p6f4OUI@xzN6>Zf#Py%#?`>D=Kn z66cxww5;!P-S^*WWPb1Map#z?nm74Ox7s|Z$a9ev`9Cxm(_S<@mch*$4 zAZyhs8L=q;Zk?we&aGAG3)sA@vi#DKi&`iI<8G)U38~x!xO=PEmjF%He0@) z?cMfs+4fTPZI>gbPZMwL=;M@;vv8jERcOL3=WpFRuHMhTtF&_6)}qZnug%KQZ0rl~ z+Nv$JwqGxvw_;YhlC0W;1<$Q{J+mLKmxw#NiC52|^Q3C_rFVO>*PrNTkqb&m*t9;aJ;Unq*ZC6XOWJg8Pq}Y@H}9*=QT5W~`~O613inJpxh1zMe#>Eb z&(3Fig}ruu_}-nn@8ZMPUncHBo1oA9=s!KD1qG&Ljh&xg7_-n4YZg|2E-A z_lN68Ul%XSTJzER-zW8)Cd;*%{?W$sD&jNCh2QzQyYJXK;aJka^HoRo#D-}Pn-Z!Br&ksp14nC~!9Q8}TGiU3OPx*^)YO+}5wQbk2 z$z6DVb<`_C?Qg8Br31EHR^64}cEPE5YU0Iq)5&Qow{11t;+kGi7xunjk?QgbjUN&Fc z63*2X?Ow^H+}+)ll?*(O*J|Cob=T$kuRyWQC(qrz!IKrseE8NIE!~t-L*}hhXK&5Q z-p8b$DSC9zZ?octLa$q_m(nGxAFdbBpSi-Z;KSKDogyEyWQ`xS_x-UiQ`j*rvq9M= zyx8{H-1Mc#pZiP_IZ%4m<>HUxpnl%8r7_8898X;fdn5Di-Y40mHNJL=x8>GmG(5JL z=$0L2S#q-TrVz*7!Ul_V(NQ0!-ksZj%Vfrp-Bp`PkA__|-TgZJliu4Uw-(PmELyX6 ztxvA_Dl7I6{~20y-#wXEJyoV)!8P6YZGVJ~cW&9qsrdV*=(&nb*CWh*Yk5Cc2JtlT z`)!?={&&fw`lWHxWP6iOrsYdzuDv-?o z)kd5yGyBixSqXdOmAtA!v5~j+zCH(^0)P`KGHbvhUodwFKf=aAG&TBC%r;l z!Qkg)(`uiOy?^)4R=t&q;yYGI_o2S!aLDUf`~`Q*O23 zolOgLkF(8BWy+qVdD-;@uh0YLmtivvWBuxabuVU$x*x`Tkm51v>m^~WgkhG zZ8=%`{Mu4a(Oe$(%7wEN0vu&7KiAp%l&<2+VkE>PwSDxbdSE`Z<8fu z|7I<{`}7D$NKBr@>l;_TyQ(^E(sTIF@cLTp^{GOWB^4MiO<7`{;aFR{+{FF2(+R=5 z)7KX7+SmN>ZYcN5?bZc#uM3K2ZCnxm^W2G$UtuNRHZFP^{b^O-F{8d^weKdEFL#Sf zO0vph?mD^GE@?C0)(h(vS7yx%oL-agsXs(t+XNmV9hSR0o;tbR`Fzy% zS;N!lp3>D-o44+k;5^9QUv+%y6XQ8Tl`s9LJ=z(3L_F`4L69wLk=4_EbTq7<$mGH-ec_^EqZ@%oX=_s&E0)_eNM>RHizA- zH0#1{sj$mxO*^tBG}WA8&5^e<30Jkd!$P$ser7wol~ipjoKtnB=tKlV2%mN6GVP3{ zHzhM$<}heR7uYL*3}3gv{bX=|aj29+!=Jl*wUgDtjNjDHerB;uW$^@tgU{z(`T0ULYHyjhX3U6F3;dn6d%Dnoh z$eTMk*s7%(L-=P*p4hcwEyphPo-N7KWUE4gAFRA*_3M)M;z7FT za{m5VY*TyxnmL^^RJ%O!Y)MsOY?IBew4Jt+f369>m#z2}9=&7}k0RsddyArFL$N-KEm?~b z)$OJhsl+@{DlR?ra;^Bvzkn5;<;qtHRzP zb6rEHze+k&vuO3)_7pma; z6=Qbofl|-pS?zjl7rHl=ox7=Aa;V7GHRq-i(=-dYrUjSZUJ%nMiun3v^@rOmNk?}* z{&nTW#XTiHv(z|tm?|V4e!7DHRPmfE;^D$Btrs_Tacq=ZzrvfzB>KQ(%XMb|83Lzy zMx1!O&f-tj{f^SgKaV>d)!!G#ygmAQw-CGN>?<#pOS_bweGqZu`O=j0#^?BIv$8vT zdK_#*Yu-HwJ+kCYxI)5%@<+?JZPDR8`Q5}_XyfW@$w^afwY^`ct~Bj!aW&r|Qt8d9 zZo$0Q>pQ1Zst3F1#8p|ZmMkiN{p-r|;;4e$Nq6rm3EkeowsEU&NJ~Py#fo+7(`q*4 z@Oz!yxnt(thP*vt6FXl89M+CmSzB-O=D<9y6`fDjlS@}S-LIMRIc%-T2hXy{A69!E zFUef7mg`s91l5E~ec45~9k-WAbG*E8rEEjT?TMGRyjAOE)Y;AXaC0r?U8yM1d&KLU=erZcaoX8aUM6W~Nrs>|1c+7Hw;qjkr zqvw$uT1?Uc_^-c?D_!-+_oIAAzLc%fx$u||A%)>v@;NF_$M>$wSIaIEZ@Bv^rsru# zkGc7~Kkj*J%1&_{O^?eqFjTUvG@Y&9P!pHuy4#QI`82tyyR$z`e5boz)^+=1%kL|L zEuZ!+m0QMh{mdD^R~dU7`BW!Ve~#%t##xogLHHd|?CREF$Y`{?XbyNLz1_GOtL z@4xEWmz*iQ>iNo^>s!=1c~0+qbGhi3YRu&=+LGaKKHpx*yzQ1~^o%`^v==@!$}ViU zm(s{rWzM!p>PnjJ$5UL-S(@+dEq-+V&3}gENBx{<>z7AY2Cw?}_K}3*>Zke=S$6tA zYFB$c{9AV|;#>bTzw^!4UmxZ3dtN4Our$uf)<5vywV<_of5{YO?f z{xdv|ztR3H^vv#EqAn``rn>R>My0;l-M3IBXR&HZ(AF&7#VeB(?|jcF&1l-q`FZ;W zlZ~$hPk3~;`)z&ntzOFHf`EI`q~T+jbw{kfl< zk`_;{`=+iqSXJ;Tq4f!4@Tv2BTQ!}0W-%m7$M3J2qbzi)@?}@2(iDZFB|Y`M{&I%X zZMDtTq_gO`-#upW+OO|bM080?|FMY$HxK-I5plYzFyNb2!kfN!hil5aTMid1@=p-q z`?}Kj*yGa^<@1ZS9&@&twsvo{w0~gquDq?XPvYEXxZT^z8FA0<=2 zV|S5>qDkJO5BQokmh!4ex2ml8_4swTUs$?ol$Bg;VXBNz$Uctexo)}26HF$YbF|&7 zz3%E4?F`u^2F%ST*Hu;5>+JA2aPrZvDeo#bE%|D+^m4PZ-#R}w^Q47lUCKvJ@4j+v z(q;*{dv46?JzPB^8K)lGN9mpH(dk*fP4M{CfWtOT*5US#{5g-8Nj*Em(P?p~nQgbr z_VA!G=DvGZ<35Q@ViqaeUy(BBno;Y8t=+rq%6?pZa9Ue#NDy1>q?SkK+gHVS+BS1nnXnBnK793NX+@lwleZZ;M%WZo9D5G`xtGR!`yZA zlK$fB@1t%9O@G?!A@S|3&$V_}^Wxc86wRh{+bA%&RldEpm;azyu-#;tOP~C+9@IGQ zx_j9BP~Kx%hqG1wjbGpLJwJRX*zS5K)0D5KX9LZJm(5C>dTw@k$!gKX;#0na$g(Ei z$*MZns?wQT+;E)L_};F5p4i*ESEgT%>sZA7Ri%pSscCMo&(+fEWm{Oo&nTHDo-Hcc zyzHsQ`s95R-=%bHX?P%%HRo1x_xde)w|1Tk4108Wx*yM_$y>giue$uoWD7~Rqs#idbQrnoV00~X2%-R)lE(J31hdGsjkR56=RF8{u9JPHPW^}WKY{4S4|hIs+tsG3|Mc_L{|vih`wzuSIMs0J zykBGg4E{i9`5m#a6bUR|`E>D?m-#`CIf#c|aSg(mtvI2K;i zleAmEQ%mA zsJN4w5kAdlBp-Brmlu~6KQhb2YH#Z)=@sAJ#C&qCx%$X9N?O;FlTRhM&Gf~6rag{J zDxN;rcJ*s8>l67`68l7Vyo?T5akjSlR@A0l85e!eg38|=4pPMGs|whS??qBNQLba3`3rn8OQi{>^r%Nb8Gw7 z$>*-fm+r7X(A-lubI##obIQ+i8_iV82wO+9t*rIxAfti|tcEO3_;U1}RS zIcm=OL+6?AnjV>_a79<*tTAhA^`}bHFDh|z-qG4=bKYwTFfc~U=i4J`H+g04{v%?q zMA!ajxVTWlf_eQ9T(_Wp{nr~>+rD(KNWi${+4rjM;kW_&%H3 zJGI%2Z<17J)a;Noj9b6*=CN(>g%{-fXZZTM@0yL#k&RpBt1s=965h4(w8f1_?{Wkt zeLNH)+>~uqYw6RX#h|@4SMAv)X6ESU_eEP*zql?oxl`qLkLA&_)y5Oo`enU3b7-yl z)HwyN&U*8BoKnv#ZBy}>vmxvpdsXY685fQ#&Ce-W)%Q#C_Rf}TMZ8BgaQ}IwoU?Hu z$C5c=XSQi8J@sRhZ4H}rH?cqS2%%Qd5-Ti zqeMd<$Y*6n#OxArGO%D*zc+99iHB}gAUf>V*F|<28Z^q+$O_nY}3qBl}d|kxj z!Mqu=np|&Q%y=}h&S$#ZpGzAu6I+wCJZqAdzYbY;5&s)iLmk;j}$}n5##wMWocy0N^m1Z?%^)qYZCU;fM67v;pU98O@F>l7I zN$0rd-rn(o*X#JXBxP_e7O2H$V=<^iKpnb>*yQ5A+wX?b&|hyL-r0l^HSO zF_V^G+H?M&6no^=Zne!K*WN67bMHSxP3TA-wd~}kJD(%!KTO?6zK+#*iSpg!&(j-EGA*AO$i^k}pP_1<-t*}}TzqfV zE4yu+uyWR!-BT9@G0ok3`$Fi;x`!$(N#V?JLh*IiKCy8TO{Y zH`TkSDB9xjyy~mFmunp@@0&WcvZS%>h-1!U(WPH3HCOL-+k42hbiRH;>EZDE_8&aY z*7>GCnBHll{e1n*Jycny6GR@8LvGoU)_Jrx$>Ab$jKk1{>t7%#< z<*JtzWv|vNTl22`!kmRsX78%?kIhv~*}l^`N6ux6aoY<{(@*~ydUL{fBd00%Zj!zF z&Hvb09=pZG38GU^o^yD(A^WL**Db*fSKg&_obF^~bgSq3veE0;;#FIuCcDd>-tsn~ zz`ASRvAfSEbDGC(d97`^tVO$dy3NO1JNWzOZ+U+B{muJ_FLj@s^gL`z61Pj?9=QUK zH@2@2t`DDReED?Is~J029F>Zf`)Bf_`XPJEe}>CjGsH3-8ND0s{tiD8)qi}xe2x3n zc>f>ui|*b#sd;?P#!1cdqq;61su$j$9h%5COcPkv+@7OOe$)bkL#jF=sM4cA3gCS`^D zN#!1x6xv%Db|l*Q^(GrtpP0+pj?=`_!ZRH#%YTN*M_t-}`ANsaO_uLHm)-W1Kf{o~ zF7bNSh3%bpHypP0WC@=iwBGQSnm9XGJ(t>s?SUFMiqFS{doDYsmU^fmY}1$70cSrI zF+T5lQSw5$m(#ZJx_s2*{Nfu+y`8RT2pZL9o-J5aQ1NWBk>0h~yH=sxv$wh__9kX; zUT0_$_oQ);`6=tr@?AmPOBQQcg>sr2tqQh$+_j$fg32VTd0UD$yY%jkoacPH&UAg! z!O+5M8@60`{9HNnyn}Y!$&D92&I&VImU~m^@H*GrOoJoOCm7$_utrtlmeup6B~l&? z`R8kbs-=(I+7im3$FSC0$wK1MrnQ{s{7n~U{kHq~_R@kEUAs)zda<0yKeR@f`GDzM zmYeGH+SVP_vJ$*(!rIwZd3?DE!;J&W7B}tuBL6tZjYIxa%R0pu3yOT%*=;^M=-dfl z^Hlh@kn6BnlaX!ay$EIbsd^kIWM95m+h@6K>M<38oiB{TbJrf@NDRDv{P@z??M`lm zvvdD%Nc0BEs6}xJKEv9YP}$G_4o32~k=pI`ckO{`}sT|7m<*f6(jo!Qr=5ryAfvt3hmDD=&na%{8U z9#tv$de$gPK~V7i^6l3a?P#6zY`u#6 zB)chV^LSEk_f%bCS(CCwZ^69BTOCyx+tn>zN9D^0*#9jJi>Oe!@J+a{EoIuP1COt* ziivRFGRbmnq|$>YA^h?zg8wQP={%X^SC{R0;`rsSYu-8?l`}Hyx$at++f-m2qNiJ) zu6=83kh{#wyE1Xhm$vb+KQfHDws9G6PrpE_jht2Z!uXd9n+0FK{JO3<`0~x|n*A1E z|71N3p8BHZTXJKs$Cita>Wn^|eY^DX*}R!8bDm#bTfF&>Gs~-5Q^N51hV{w3UA~d?r$3ieS!r%Dvp7bqo3%lG!7|gYdl++` zDO)y6JtQw8D?>eLb^8k~k9YakUhKI%q2brx zY}LHn<=c&-?`Tc6wA-5RzH@fSolS=h3Y6NuypwrXDyUm~`)AcTQ!Q+ycHL8GGP#kg z)4;I0Z)qM(l5;l=QNIzd~+-8 z^V3@ocg@@(u572Hp>1#ezS^7;sx&Fgy3t-^LHUjiy-&PnRZXfoK7p^$ z$30VE#$*=0DZkTqlxdu7jaz=L(e+gXYl_ot%Qsq^J5^O?oN5eyKfzG*!WX$M3uSkf zAAGlO%G#tQ@4A-iDaG#I^=mwdW>(ovIJfQwsE}lnfgx9?EuFM$1khJ0!%hkZsL*ox+LgI z$7YRN-6t)c&6ia8bM|`MvOPtdCp_)qX0GH~<6OM%ksHI(LhYW4$oZTW--`^~!kD|8=7Uw&9?w&5Xkazy%qNQ)c%lB!y=`*j%7s$&xyQX?UN}Iw0 zIX0`SDSI-Wi@nb|x?OORhToB>6LS-$C3ysJ$WK@is3vUWuIBK{HABVR?Y4lz$=|nE zPBWW6@kGj0H_j(~Uw(E?sTNqf<&xf&jyZFfw2n^ewJ8>#=O*)kH{!~g^-G(rY8Htd zmwUGK!j{*+y@UTQE=rryH*czLm%#Tm?!{?*xfeSvpY&bTT{?xyXnEmL^NwPs^Yx=t!=p5r}ZW*@X&723Ypwh)1}hZ zvtF1a{UN;k%)F^%W z!{~GsS7C$ItZh1aOL-I+s!TJ*lPtTgS%pqIqqk&R!r#yLw!KmH=sS^=;BZ1E%x!A^ z+9;p5wF(oBKmGc?+G^p|{4GDj-FN)9*LxX0e@ z`&=jZ@Lgq@9B2KIyS7kKAp5%O?cID|Z@&1|bkic@i3*d2+HQldKg;d<^^bpE>-WpL zEzMe3;-60N!~Vk0%X4O(xm!A zD|y%WNmMrcx^#PLsIqM4D|YMtsI41~md!HC+p;?(>?fn_*`lcH?TSWwk8VjbywChT ze1Uhi@WRujZzFg0?pmWNWq9I2(uTFZzH+%W`;5CUe6pTxz0q1(G4#3G#y`&Gnaf^G z_DBhc5Ip&8_kHoqwrh9ai5aCZFZh%FTwbPPa`=vqA=|!B+R$faog93$;_3_2;^(U# z?ptr`QTqCK*_KI<4E)@64$rxs|KYmZW!*oJ6TJ^k8V zwNrn${Ab`ilo!kx!0LE!&q}-Kg+a?DLw6hPao4@Kxcq5m!IV~M)+q&9OUnIIxXwM1 zN%(#BuYdfO&6mEd;8rejwAG$)ML+H8)y0=$&T9U9Zm~$;xm03V$*;Pd%Wf-k-t1In zH+lB4|7K^`xjQ>-UpH)T58Jw1FsnRg{gt+t(YLBM{rjrM+xK{T)Vj2i;KGepZ&XZN zez4-(#0%+@!_q(c37@|E`FV5K^S4heJ~PN2oBiy-?k5u^HY&}^UGy|mHF@#okM`$W z7EIvtT7}1MID79}tW=tMKJ59Gi(+SDe#=_@=+YD}P)XkFE4ST( zM`41@mtWU)c}|5ad$-&)N%~}RLg269tE^UQUcEK_y@h8|gWtWKE9K*NHcS+m-^X2lhA)obsPPEE7<@@z@G$ekrl!g_B$o-Ljfw`G52$MLF!U5bsm zbNIHr3!Zs3Iy;9mWx|s_2UFX9JGDJ$-g#`pkUh!QvAJfQ`=vF}_ctajm^1OpyeZd~ z`ITAie|zNavIG-TS2R`BTTIaCRT5HysFY1}z{fT_c z{eJ6@xVuOEC3G$q?g&p@owUohGk;_{<_pEh$TfX9CsjX|h=HsGD*R5jp?uTX<+LRx*6aHbmG}`EV!Ldj; znN1(E+P43;&78i`Zuf(^MY_vX9G5zj-kzbukZgExbIbT{f?M_c)Hk2wFM#1jIZvSdj7Q>-$(cM(%N~37u1?KQ-01l z+GiYReBkPo$^|zMYuF`se%Rjg)+X*#eAcx~ncq*IUZ4Cv&ir@GkNHQxZ!4@Q_S^B> zsdA=U=+j--Z^(aG`bT_qW_s9%uUGO*LIhg+vJcnk)#zW-+v6=e_t?ZIEmJCU#8*6< zv*Oy}%U(WbkIvKoE%nE^{m6asg%|&6S48S>**!bW{c~TJ=V>;EncoB!g9?{ zoBGlZ&qMZHdt>7$)2XhVuffcGYj?)w_2*_yy_mJ=>6I_M@sGdlfA}}}xAl=(oY88z zYmQ&qnzMzU<40S@AJ>O>gCu-rl>0QEt>D?erS(6c;A);|1O9dOC+ z`19L$jvl;m*ivrl{1vb2xHo;^z2COS_rZmEt*2>-l(v7JiA{e#nYxt?#H=kfT;k{*pr1Iu5RTfH6cM%~KF6?>Ha@4Q%@ zl$d$p-Iz53?6eZj3Pqo3P$omw>YVDPP- z^-?vWAHIJpz51|6y8Wc*#tYY1SImFtH@kF+?~0172d+gM-y5zj@GbZjKG|c@@tA81 z8y#=FHg5d$`rNU^EVr7IS(;h>GfMaK|GO2(aBb$!?1bo(`&+`_ykC3wE@N`oe!{WqQy46#srX(F=>O=jyip=@uxD zkeH&|To z{f~|YwOtNkS$jqyp&)x@(Mic-lVYO-6HZ**CZ5z$Vr!tlRhXs#>e{&RZ=_wOY2`j@1(876+9ViXOBo zb1&6YUHC*!qw>q@Map49Oy%LW3=ZjTb=zn+4yHr=BXoJ zlPp)(7(dGle!uy5^Qx}L`}Zba^t38hxKd*;@?Gtg^JclJZr=~g>RAzXEmiRG+Vaa8 zzwEZ=<*)rTnQ>ao_h&nG)8qGVPQSc}QPPjW{)krkB2i0AYvt)XFX(K!{B-ZDnc*vx zn?qcCrhktJm6UCK9bJC?R@!3uiM7jSq#plupyF&uw&vRFX6NVGg+(1SySZI^bUU56Atl(u!f-hF1`(%H(}6XP;h{)k=oCn$Y$j|7_$e_-7D$I_K0Z|i?+ zDyrSPcSC)KyTYRlC2s{6`)}Qq8oBH7T8&ee^k!{6@*&0QUTf8^wyDM{g^W8Lk7d8m zZ>|?Jwb$k>-ktR6^ETeY>`%{ILqxg^O#xu67rnl~{3S;>63Q*SXGS zrG~X=9li6b?0Ce7?|pBU%=So@y;J{MclNq$=7>qPR`p8Jo{O~)-qCLOV7GUj?ZHWw z|4x_fmA9|jtA5zdvOQXNVa3^tYR8o4^zmQY-WzICX?%EBQJLjizhBzcY4beI`QLS& zlDap4g~NqA+m6`C2gY?4e|YShl(!^xM??Pu)9%$Z+85P2mtV?jGL(OH``X4?`H6?8 z<`vGrnV)Gsn`hO>d7+JKvy<}P{@H2YwxHYL>Xyz~m!93(Q!CPUWt-ctTV;LOP8P2t zie{NF`0MUCJ!Gr7fQNj-L55FTgKkxyWi&q~`hTpm!(RX*!JNKgG+YMErg)4qc(wt@S z#ULX|0m`{?q(_)b~cZTq$Ayw4}+^sq&8Y zs!O^588!DQNM{+kv~LhZ&mm24#l}A5=^&Y~uIY zqi52a_2l*eWzT+z)CX6>Z`lOj5qx;lOt}B<#EG*uXFgbVVAq~A=G@JnN=&o98I-w& z?SE*!qjB@TO|15<6L*+)?B^AG$+PWxtN-`ttyMM~kJo2xGygra-F=O9w|2*jTbVx< z>~-&p%&G1SneIHP{o%Y7@3+1e4XGE6u4h&4n%?!tkeSEu+E&xR>g6Y9KTTNjSng}c zZjoT|Y3q;-hb1kT{@~`E(cfT$te100U&izyt zcjtqhcZH+YEBEMn^)1`5dg0`Ur*FUZ{XQc}Mczp6>dI`nxsS9tljaHat-Vmbs?O)4 zS7OA5y??bbxH30Y9?Ri-m>rre^HsUlfXzN3G-)6Z#evAjp@aAxjAQ_PEn1u z`)7SUO)q)J24R(jjjy!Teg|y2oLuyoVNG3X-jtma=LAZaJA!Bu;j@nAthSYhT;(#$22E2-Zo|1z3k<#Z4-5tyqzknP&G?W zJv?ZVg2nsLXES4YGHyJcb?T^0Oj(cUB88geTg{?lCrnzryz27aM#Y^473y=sN}t}? z-g&jn@qM_MUaSxI+2B*@?Kb^Uhp(3IuE?EZ(_Wt#oKrp7cI@@;Dhu%j4ksj&`*G|dlkz2FY#$WN6 z0sDW3xRo)BoF@yXJldse?lC9_^+`n7hy4{7P%ZBe&B;%2aTp&e|ZSaD$0_WX?=VeHD5e_rLD-a2KOLE+iZiJq#C z@4XIdom=KJr!i1z%E`nzUspbH3f7s^eAeyA3gypB#nv!SJi%=HDs-lM{C|efaGu)^ z-&TsSDMs{^oV9hBehj9ryu|9P<%Nm;UOl(x?v|)o za@p^|v{ru=1LZF(QnrNWPmvLfN;|vudXb)gLYC&DpGIz%_$^iiDNlA*$_{r|*=wY+ z&FrC`e}QZ4EY|4-e6B{;0n3}`@MVXb*=Z^(#n32`E_>qFmEcyJO$m(0w61hbcu>Wc zwf9Kl4k12w$7_wBZmis4=BeJdm9sQ8X{V%wsL6rm343=Qb^7#i!d}}|Q`e-Yh0iiD ziulj)_1D!*uO-d4>`|Ldx&mjp{YqMK#!-d&-kdVE6TM4gw#V>ojSG)SF=Jf5Tl3sI z{;KtgA*?4)vdzfpNKg56I^DuXCM@>rX}x%fxT{sKTn!D9ucRbxT(9PAxNUwx4F8O( z&qrf|H_pB>?N-GdHkHOc#?{UH~RM7TrtUNg{N%VbY+n{hh>UvUl*N7 zU-`B%=HEn1Em6NW^VrvxNY&(*I7MsTk>HVfHfiH+NvT;iLLR4udh#sJmfd3Q-6Ph> z!7@+cS6F)c9<$$~Pab@1%3iT)Lv-N=J$IjLde<~P?@T*)%0^hwv`E+XZo%B*JHc;t zzs+4aZ%){?&V+Tp=cMkn&ElPUGuiP{n1rJS_nh#hHCC5{?ut1zOmcV3X9blXScI|UbXS5_rUWf0zPU3lTT=wsOooBK&U!n@xKW#0E@Nx13sKA?JeX5_9pSBs4k zeqXW6Ow*D`2$1d(zQ0u^XE#UPM~fxWQ}?|%r+GWt^1&sJx$=cMAH!O73a7Jdcz)ny?>l2PGmEBMkCi?V7Xj)zIg;~B)|16(n zPV!;Aan1DUn{~IHQ_7E8xP0C4qcnT6f7z$!+2t$3)Qc>io66*zDXI$H9p33^lM;3^ z;!C2)glQM0qZ=X}nQyJBU2)>L)`EG57S4OC9ORpjJ7kF7r`-Pq=t-ecB7Lv)20=)K#v}t2lpTzmQ2<_21yb z;(@nIKOa!h_-d-{CAH`-ai;h{dy1HcJ z7?)MtJ}7=q_Db&5dlBa+#FUs$|7~0$Tf_W7+Mi>_C1aVMw;RgORXWn~Wwma9x9otd$dAauD=kssge=u$8n&^{{>;+x~?%mzvEc0@jZBh2+ zcXcd(ly*OgXS>CAT=z+T)s+vqXSWpa8eL>^n^Uv;eXPu{Y8}NH0@97MR#?j#9Sg0x z^GM|f>xZ&x;f#5FTS60iekT9XK2xXg@6AnzvVd|GBnijj};vAIGw@ ze`jAfdGbNu&*jwYSZfU zw+BC*U3Tfw$NvoNZ#yS(GVF4^u-@kSgbMSA|297Qt7X08afaymuvgh0H|1Jostb1~ zMgCYEb(wv(?6Zego?Lfc_9x-WmlGkIw#+r3^F`$P579Ld2Gg=vs>JPJ?mBX{#_HRO z+=m5T8^dH@hg`lW8*qI0i}QXT-XD$jP0xtFxLe+6!@6bs0=h>kdw1AsKdbzzeU>lz zTjaN0a#t@^_&;V_oY8haV8+P<4D-FViYD*tv(tC0zG8JG&B**ob91xHbh-3%o04C~ z)i3yQ+3#w@JkC>gb?++H{?$Kn!RMLwg7D0Prb6xuxhBlX>$~l7{n|k$?bQA-+ttfI zobT01n*9Bo-{YRim-alm9B}#6w5|sRcFWcrT}`Q@)Q=7rm5-B94&Vf*Uqo^L;YcB;sIJ&}3Yp#042g8g%IZocwZ zvRU@Xid)*2E-#y(-FYFfrDaQ^oBh=Aot;LfrM@lMu%D;Z;z@n4@2Qm!Cb;^zTB!Bd zdV5B9oO^ssyZ3qt_wMk_g(oFn#tj)FrIbPgw8DW7_%puFTI#9_t*=i!Mnmo)oar{j8GmNtPa| zuGoe4WoORz?Ol0swOgF|a~Ym1s&l2e9N%7BbxUGPxWU4Sb5EYu_xZ9yWn1UrpBKM6 zXnju3%$Oi%8*#O|fA{ah=eKGso)x(9P{rp1@wdu^%;rzHy=k|*<$Cq*-_eKeDdpOS zHaLaUEbYH1`o*N{^z`!|znC^Zu5Yj6?|qQAZ}Z=OXWW$v9KWubB79|)=$zP@kE&)& z4w&Y8f2z!S+12g`!#PC`9i07s1Mm5$rE4Ry_OV@$_Pn~~+e8jUwKuGRm)2c7_BC(O z`BS%deZ02wj+NXJEw}6L>watx+xVew;<8MmV^ZEd8xyayU)w36ykqy3lq)(nYqr%- zNnakdeC_M&aT+`NVqH50RtQe0;@Y^_N6CNlB0hf6<|elZQ_oFzzLfq^_r+!A1fJCX z;wY)G)%s1QE0b&9_HHZveO3MN^?#>lu3OSw$yKDSestH0t6L>Q4kaH@R|%6g^wOOv z)$P0PN0YnIim=&bmw#NpG=F2*QvJjCh4ee!dakeM+Po&QQu#{wSvz?bt33rPGNZz! z{j6lZtlzLd{lxyw>s2xw3YQM#`Z@St1{|wxEnNgBk zSDyaqv-8vW#K_)<`?)H_&O7Y9^!5F=n3%)Q@4L^RlD^>Ee}>l~^F>pxe2wLk<@)&N zXum{~Rq~E?j%(NHe7V2P?And}n(DJ26#6Icl6#X|yzTPxZCC$<%H9cdn;o-BKQVUR zPL-(p?W}i?9^e;dVB*{JWxeo+{T;HUuF=yHBzoSOz6|@Py*XC;O-1z!)?7IEy_Rd{<`L57?oBn%S_w@Ro&6s8S z=|K-mn5=g557|dEO!|dYW=*`edx6DcA z#nZ`wWtR6vDwe%c*yXzJ%&MB()#1jAyvr+B?A$dyE9J=*=BUW^DjMbj9%=Ty$?hw& z@>h6gF8>s}xuGiH<+6|{k2i1EzkPJ2JbL{sho9lwMXU6=?*Hif{M+x*9d-*F{hX`s zTlaHqoqb^Xubz}O4FV1?w6Cw(qn^1m^SzYQ0v3izmZDQ8H(eZ`2RAR*ykae-S^RS?b7G(6@z&C zs=lpzB`h-aV%vn<{>*ziZ?9Na_ujkDXTIhQK7&KMc9kED~yY^+o2`eb)>-KFucjHIh zt#e^PyZ7yVy+~T-%)#HrI=YP~SM~C|@O#lH`A&P~-pgXzTU{Ik^wkzjyBK9wvG|;Y zP3h_m^@V4D8tpjg!}!+MZ0YO;%=fnDB?_Jj={>M6vyJ0M%>h2Eu8XUg$}gPwty6Dg z?vTYEmQ;A)jdoDQguIxPZ>u&lp5U@r(zA5o%!0|!Rhs+0#<@*j-1ECReBI{B8wLuYBK~PjoZ7s2nF- zAAY^mQ*HO;XZo!!FBnZ<#PNQR+rIKxUhV?L0f2-sEzQ^sQ;7>|4t&t(xNBcIMMcSF?$8Gr6O7 z_T4GT-~CE+f5z0Cb03~ym-w>c@%6WBw`z(NZfs*vzt(=eWcr-j#}#!Ik3Fh5Tk0$@ z*-l+>YUtFvUEfn$b+@pdUz?PbFnMRpr%I*mTeo#xk@idpa(J=zT+E%b3MmmE*jN0z zo}ylS;K+lyW|xiDS0wG;#QA7bx`Jn8lWq02tv7D1iDy}F6XtrF$?b$+{nE_p#qBpE zx}KGX=$*cPX>ap4;g5C;AJpGUKJ@*Ya8C5^^P6J~-}PS!pZLbDq5TCL`?X#3TYi21 zksNjDk6X&$r)`U6CT@6~!5`i}t2eZG)m-cOtKy|iPD{^NDlpA6N+9(2vwf~VE-v>> zH`(Ah$KyXky?oSf;bZ?9K8F1+1^FIpkGkzOf@jCKj{oBbO4`ok~(-k^b zb1-*uqg-|MtY7gD%MZ@h=ZuJsKAbEQpv16HeErXVTR&}mWi?ek`Q3*rE1y<)tG?e7 z_apd2yr)&g_I=wY+}2>?j;P@M8NMX@*R$3S?+@>Doz}OyaE{jY!0T&u?9?{@s9nBo zxs>`0r8C}r6<^kCe{An6g+cZ^O5p?^c(VrkU@9XMB?v^7R7GG8rUHHE8vbWQ{iAfVy zKDYe3ma%B!;&hoWt0wNdsvyLXHm3!v#GZNpP zTq%lWvoVl6wCcPC>(m*)n}biM#lGF(S#fmZ{H$4*+|;u_ExxzH<3EF8M)B>Z%cJs) z-u;}?{PXJ41)9o>E-&NmWZw%y|%Zzi`?GLeRaj>_U1WUXE)D`o^$oav(pKm`>vL` zos8MfGn0imEZ{-ue+HYY(&;<}9ILlIklSkLRHzaVQFC16>8&E6X%@dGPo7ofe!c(P zszXnmbYjxi`m(O(i}?O%ZeFv*dDANCf>V6=SUDqn1(q=A?~Q1)os({AbWlQ8Gns3h zqsSWWSngjXTml>IpU>LOy0Pq_VfJZ8_f<_fx>@r_bkEu`DjQN=UM?wCMq6>GRSGv3F{-U;(pZqg`tp6y(w*lnWkuwsB<^gKxjG}~)SolFUawLwtmRQ=5mo=N z@@VHRueDK4DlAP~vm_o{GF;j%ymPMXW(Di^OA`)Rs)W8wI)AFVWYs6F6$+pIXG~f? zrNfUuZr@kI_UrEY4PO3Mg3{ce2bPx9Qqe>{D~;D$U2oY zZ?Q}6PXlZmH&2c-idvmA@7TiX(wB3BcNptc7jdq7&yn-s(N@*%rRUtTcDB4bxFqRu zv0ioZiDT|-L*|{?Ru^}5M`GCPuGNJML5{2YRy?1h)0g+_0;{s@YWBcQ^5&=C&IymL zXV5w5`0{LW{Hj?2cUn7-XeZNC{_aC_@ zczJ7vly!&O=Q%PZrjP6NKAc05MK^2UCadB?WqKE3eBrS07vv3?2Vy~P_|*(GhMOXP8r*!XNsW~R=i-8K(aJ`g^e zu_Wfras-eC!u)a?rU33PKHTuWIcMyyYYnS*_Q%YlTLiUY{w7~ zT3u(laH%^}+{u-3HD@>!6dz5Qd$MF_;EwO|Srczb9I*UZ`DOXb@Lfxf@ae5>T4fRO z`OdS=%dd#Y9RI{-85q9it60JM$;Us;o4H8bQdQ{hzL_fKzBSi#oafKw_u9!Lc#2Qu z_uajQk>A3jj=VSa&TCRIT7GYNzweG6+ap|`-Rx=H=lsWR>ZUToLK7u#k4FN3cHX_V zJnU0rz>c_v%VOuQF-0sqHK*s&-*xwk^=}FEKRTYZsVu77WYU_n2&FWJKR4b7MV-|- z;k`2O*u`1xZyy;6Dev@WmVK4Ny7;{1_qUFmue>&SK6?}LysuU()$ysZ@#jAOwT_|( zLo=o@&wDoQ;mzb*9!rznHL1HNoJE!{Iahf3){?$^9DUyJRKBiwtK+-drdQK4f49Ti1;^Cn zmVBz3@1^9Ce)`D%qvxzIuh(0<|H?)Nu1WV;KTTbGLiyIzqfeYWgM!YAx$pI37C0@l zc;l%ht|%rkj-A;-1Tk@j`f`vr$>KgHiZb+A2fo~HPjNf-9!W|fVk}E*VTUeUp|uOuiLkU%O}?D+o@x0 z+1pD3iubyzO^Zc6&%5gC36mQ-Z|g1`fAS?tw?r`4 zbISebOV*)Q1@UO+TN!Wl7OkW#Ba_W$mig^DOJ5w(}IW>KdFcVAWVH zGWWJo$$Rn4s(I`6Cg(3Zq0+nIlf{E;b3Qrea~c^l&Y8P~J3BKyGjV%}`m}@{XT2u9 zyl{Nmi|H1}{k|@`anL-ysBiWoUg6;4?B%DH0@4e2}b1H+Q9o4k(X z+_~E|`J(5u&0k)~-7;j!ZDp4E73zJTKlA%^wO1bBPw=su{G8?P%5`bky1w&=_bDqq zIL_zwEjhNeZ#&Dkc~N!|-%X$0%2~$IlC_Yjf!#K{*#BDM=5C!L!yDJ881e~S`Bk%D zx-_jywSnzw%;Smkp9ix!>~?r^&ArW3^I-${TumjzV!0 zdz^1U(mq*!b?L_E-DSpKcHf@3&b3gv&DApZZd>-skL|}~Xr>eWGgK){w96T3s!(tLKDw+6l@Fda5mD*{#A};Go^NZ9~7$ z?#X`hYI1T6zM8)NUVQJ=dfqv^1-{mOJ(Km1?c!9`E6b)#V=r?rj$UzB!Y?Rjm*tGW z(1P~M442cG6g;1#&nmxd@*+>_4wHwe?apmwm1a$Q8{YfvAnp{eyYc$C#gRV{&}^exS>+=-gio5yjETT4;a+qt`Y50tEUt0d(4$@TI&>#)|Pi+?VEc7VCRD)rEeAG)zq zSY_FxHh=S!WPAGd*3vDF*No=vJsZ1iYncSQP03MJZLyaxs@EUv=lHSR$z{`)ol`{% z*e(?wt*)JZ_-uXnR`E}-{bKqY)nnpgA&J*iV!@>hrKUi*==hTKgx|q^5rqJ{V_^FZ3fM=H}1fX$ONu zugu?-z4S->2j_?JZ`B{n*b}?@)%oPLMY?@GObf5}x2%X@2N$y8n;6E6=aI9p#$KJ3Civ zv81F;_>$-!?Jk!~Zuj$N{@Up|)oW4n9I3z3x@QYY4Z?R`^_#DC<-_}~e`?qE*ni}; zDJ))mG`lc+hskO=^RH)m-%9aKHXmVNY}#UFu>qI-nyyt4YFBjhD|H}znEze;hG{fCSH3_o0N zlRNUdAXng_>=May+Rx8R)kOX1{uuTt*EsZ}a`dfs%L%6&`?6nZJ=n0$TG}hqwf$KB zP5DD*yF%CZ{*(ISHZM2mZvCZ4*@w>jXINV}t)9P5GxJx>JcUc8($_xy%$>BY_*})> z^K5@)wtwvJa&OzB-)+A?<2!@uN%fbrj(t4dV`ub-{i>dgYH68zm!%h{M7r{|J&~yq z@mcqE`}LOGEPkkeW>-Xi@wqJVsL+79Ahx^?NuDr8p zc$=%-W_es`zikPxc;Jugg|n-lwq*)PF6r)(%YIScV8?W24|5`WbMnV4m;9CAal|}q zUnqJpnBSS#*(FS_=8|pr;rpU{Y#+^7`r&!6o$PI~W92%|&qRA4|7W;4|H1Ji^ZC!N z_@V95?Y-B*?~CugJ)t{mgdfEkANla3GcZy?eviW*gXKS(zs>)!{P5dvzxE$q`PB74 zL+n$%B73eMchdB>$>qgdvlUx(t^I7+J(Z8{Z;snueb>H5a>9wA42h4|SDY=4lljlk z)R?uaY~J=bl@Cw)B@=AUq$^+V`m%d{SNz8JZ<*8e+U=(D&OOsC7xM9KLcP={d!f4X zv&{df75=byoqy)iBD<=Ir&he~zqGGk>5)y%!o2D^p?UM#cT})Hu0MRfdzZ()X?NFh z^QlZM(Dr-%@OP}+^;u$TW$)w^Z!yb0XD9R0yk4l3{YUi!T?v)2ms?J4d~98DVr^~m z!~Em=EiX!~CH3M&^PGen)?fTk6Uk*5c*NF~<5Z#kt2)su50fTEZK?S@@p#q2y%$Zb zUCUE+m{Y>Gx7BByNIf?7@mb~UmA6uF$A(z-H`;{fM7v&1JYCP2z*{?w-|Wz1&3i&J zNf)2`Tv8U+Nw<5nYVRD^?p{PkhRMYLkt_OS`v6_&==c5BTu)?S#Vzj(k%I6I;44)<^nmkTut{mA+fDIhUL> z`t8z}$+NNHNQucdsgQ5$pNo7b=c6haJl<-bIgF{Q&ZryX0^F8RF9Jg`pAB#;NpUt|} z+LA4MiGOD8&-FG}Yt&c%sCu~e{o0!aH=dNPsqOZ99&6*0zWB~+u~`%TeADZ#&i@%iEhA?1JV^hzTy(*c+1+XDd$*j9 zT(WoPRo%m~4`Ys4eOP@(lD7TH&ezE-&PxAu$M;~~*ZB{B%epLk z>+Khr%ux4{J?hZ;ISSX6#k2e;+$vgTWz=>4%9h_hidFYa60l@+E!p-fZgx>*?z14(;2Eo>6Yx%{0Y?Ev$jA1G~$+q5o<+(@K+LrBnXnp&&*~V>K45z+0khH->pS`l& zpZD@6ulbdJm1}p~cl^3#KDkz+{#(PUUE6!s<$j$}dUNd*w>efTUfI4f+2QKRSGe3Y z=bPb;jZ;4ESsNrJe_VI{@ICV%`DvKhC{&LA)d299A#tm=ZhkdQ*_mrEI`!2WXN&3>9+m7pg zGDRvyhDJYivI^egx$?BxybJek8p*#;T0S)*YL05_wE0Omd_FHs^Cqw$R zHJMTVw@Vd1?-ST@uDa*C@5)Ro1{QawRSTY6b<$ku^_;yr(Ilenp3UaIeRH#o&fV4d zI#Y3{N}`eHx=9Z_%U9)Z>v07=2AI=g7oG#k-rk`o3M0b@VzZ)po8tX@f~@pL^)0 zomUryZgb<`-K15`&mJ4KeQvRpy-d&Fth-;r#f${HoA@Q(2OYMYr}kN%g|9GZdeOA5 zV`keI+`TK5JR#BjuIQv&HHC`X87A3gFWj}EQr<9jgWT2GmFeX?Gy0!BUuU;<-m-}s zJ1*_rWy1Qc=U=Gti?X6y!mExyJMviZXk4vM+~FrN&fA=7wN|t}cANV4-OYJ-dg^ya znq6EKSS@q(-PG)SZM8YiGychY`Re;ldztc|!Q+|zL(|3e2?ZXG;%AObsOhCA3{wuC_u9H%{pN*)$MschN4DUcLWp z*V8>IdAcRXCy6mUURzqV`|ql^PlQsg3qE>Vq?wj$AW-(<#;P5Q&Kdm0f0n(<`nNber{~P#Iaj$ezP}bcc3*?XNIR=a+0r=O`|`DmF()}b^D{h}^y=#J zq*E4wzpgD=AS%so@#LEF-IKi6?DF>%@q1l+R%mXc%N_m1e{$Q218Zk0{!YA|+i0_i$Io@dCe3d=l4rA6@N}I1~PnVa*MrV9RGSpInaLvr~A% z7t2*ik8VYt(otZ%FM7FR{^4&c`DZ3L-YIVVlRYC>?WM}!8#deRuC9^nzOgr5;9!Eq zS(S?qJHmc7hUEsonRZOc@owPWjX8VV-}TQ3>)hgHyyVov;IrXozo*P=xOy^qvT9dK z`O+?vloJ6NJ9>`yESh>;{@<=OFBl$wUAwzG;-qz=YW2sE`Mx=u7ufs`?ps(iMPY)+ z>lc|%%bOk+c5T~Ly}(}0@!Qf}Tg5)s+&F)2hOW<7qa&V<^Ot(&YuCP+;2v|ijNvBB z*OyMIk(*DRW%fIIV~+PkHO{X~y~`%sn;G7}wP>48#M`*Tvu0StOjfj9^lOUqhAAq1 z>{0#``$9K%O}x4!c*EzuELNY5ZZ!#|CXSamdZ^W`+~|1US&JE1jVqvzy5iZdCHupcJC!bw?s~M<^1z< zwp|7ndsUyjroh|<`zn)ze5I#7tvH^QK4s&a*4I%I+gGye{=7l1ZS`aY8HU;etAma$ zD5zAoST%poowDa^nKbX5IK%gqS#-Y1pNW@WMqRpf+v9f3B#)O7zh-)RGK%_@xb>F!$7zE(x4_>U&V9@%D|+HtF3| znloR!+-AW&Y}e%Ni&W1IoUNBRDVi;Pdf)Thn7#~0qa(lDV+>zMZVQx{($KtJeQT6l z(5el7?m^ZUqD)G@MwU&JV7VT;eA|g*m#@oePuP&W|9KL_lkn7s)e&3QPU|fE{3O*q zCdBKkbkLpGHipZy#6P)BYn(ZwVFBN=z3vD8aqqb7IXQe=!rSkTqVk93IZiLV;aaXG z5Yn_$R(ns2)6#)L$M6X#{F^={FM&^T7?v%NF=sfNW1_s3CT zQi(JEy|r2&9P{=?-qiLRFOL``SpL;6ce99Cy@6~p?@5qInmJ-Wi?&)rt6vOv( zp?a55$cg2$o~Gxsqt2yGP-a^2__e3EbA;oGyq%9&wVpJXeX-km@Xp=6Pha2JJo&t6 zeauz6OUERBoKFnVUBvwV#wR5?{Wo zzBTuvOYyUmdG&LPs@9$n+V>>SJ!-}3xj&+8BUQHdD<|8pH8M}~)V{WA%}h&nn~;@- zPZjyJLngjH8YwI(>gHDbHt=lCMa8katslMZrdyf59Pu`A#p*>y9VCjY370155@49ix^y%iwEOX=z&6<33j;Nui z)*ttj)bI|)p3gxiRRgVZdaQ z)G3DP+Kn$m^hzZX?(IJA!RMjeUsVQ%IzKXS!vn*n_qrYo${YS zRqqBwl;X;sso|vH>%inFR$%3ifM3oIcwKE^$Tsu*^QI0Yz`N%eT`x)_- zTedshxiYC@y1x^5+%fULALB*bAK6RUo|$y?k@Thz2IYH|E6?}tsaDaoxTZH_#qBK{ zU;3HMm=~&k<+pg)^_=$;->%)t!uWyx{IwnN9aU?mE~#_&lN6Uc9DXjK;{NfSOtEoK zquXLOK3W_9WA-trMOt^Wj!x)%?|aBOGG_6WZ~bhqr%e~K*ix_~&$YDpwXjc<(#_*G zCF^IG>=(@bWsnv6ws-d<$ph;ZKP{If{{So^CEZ ze1>NW!VIM~d^T@9kh{8X@vQQkz@-*$XWndio7f;2D{$fnPtp$kj(t*M<)5?4wmnQr z@^g4qxo+0IN2Z6&6(;t~D-N!hCRq7!XX2-3*(FW>&SA4%?s?AFt?|01Z*n$Z&4nB{ z`--lUTdrSAz0Gs?Xo9;8$Kx#5-O75gG|F?{ z%7^|ETU)v&d3l~V7}q@O{g(ZbKkw!JG$^wAezqd7b>)_~TZ{NCmG_oO+5WkdGLx^Y zv8$-@)q{`u$v3w2hFLGz%*JEIBX#@o`U^YkGjB0I;E($BS3F{8ubA!=nZ|3odiA3X z*3U{|-P|MpJkq4<-bGKjxl1eN{W@yMGh^La%;yAI-OK zR=ZYsLVatgRo+suV?z7vVxGu-J*#0nf2wk>|GcGF67n9iEiTvc^S4|TCe^ehjb*;X z69Fx^nP%If`=eSHW@*egwe#>K%hzE#r6SJTJPU8gT#K15I7PMdeAa56w{2V%>Rocn zCSH`i*1gK%damld`)6~Zo3clX zcRic>MA^v2r~6`ccz$il+g%F>zCc#aB_873U=n zr_Y;ebLwDc2*-i0)}@BB|KdKs&<=T1c+Tv?a;2uXQkv>EjV=b0KS|owYwdm>YxdKn za8=9CDW$)zR+epDFinRkBK=R+wdLBqeZ@!bNnS4f9h_~tK<6f#n@rb-e1RXqNA1}6 z?A&%`L1ymMZdWV)B!AH_Q!h0SIf`c>glsQM=!om75Qi z#Aa!CNY0!iz~;;o?)@;VJ7_mo8do_V=c;)sA3p!6i(I(ZVYB&NhGeA;du(f0-*|Pp za{h#E2G%^+Z7yxR>9+CB%935C`)59@{l~sHIX+hP(b+w+ecqV! z;PRL5*>hcG_H^+`v(^-TxRt%LCNeWU+1##b#ears)9>34<+I1W-X}5V)deHpRF!NY z{f}uIk9aTKE2-9#FZIe>Z*G3B=xVm;nCXef`2kyH^46Kh{U?xm;r}?W4Qkb6!f|A$?o_tmj=tJ~yv;)HiHB zcIE30p+^rx*rjjVGML``@%+)d7Cprc8@EMVx@fRT^VqYm>*wYFanFBPd9S#9lY@sv z*0a+29pbkZS?evh5ns3EVQbNq{;aBNTR&Pwno9mV@^F^h)5gUvSKqB)dgfD8@tm%Y zf5nd!#aNv=C$jp%isyD;U&u-9xRQ7Mbe~bj@%QDXMT-{nuDrU-*4*Q&+_{W*x$m58 zayat6zQ;4vL|lHi$5_Qq>uQ*f+C^!()Ni7nuXR7Pb*nCT_2z^@#H_F9o9#F+#ht2+ z4w)HoYu$^h=Ox#OJeABa&y<{}bWwfhwRw*nw;0|QS8?0x@KtTWkHn>0pLe&vE8n@3 zbGxit<+}U-gtBFoeRuAjbgG*7XyvE(;#JGeY0GLhMrRvNG@968xi0^xmHMRe$4{8K+^b%j zoLIBvTd_&QyXTT?&Q=}Nk3A!lDq6&7%WtX`?l86Ac9zLJHjnA5oV+pV9dFY%Z~N^t zH_l1aefiq*?FLKde!hKdfBpJPJMG18tUb0t=Wx+s4qNT@d|%mbtbWMw-R!)~;<73s ztI)Il4%>SpReRDU*>5fTaBpI1h6^h{|IcgdRxh{xawyb!f%J>8 zpA~b=x6dL@qFim&@r(;GCOUo`$85E?U4LWpbM5ue?SUty8{S43-|F-WV4ghZ*R_k` z!tR!Z%iV3#RG&5;tCu=I+gGqnWey+X*^=@w<0dcnEplrkKi}{=kt(Uh$D4JnVT-%X zi`9CP8;lQ{MpbNk$MSrh?dzgy>B_|1kBRL*-`Cvkc6ZD7yE27ivXNeLS{RRotZVu` zoj^@qiC@>2KGNE}YM+N_`ZEwiKewa)minWKAAI-Blk`5?lk@lG-3!G*aWyU< zgMYYvj{C5*JMy5A?Do&SJ71qTTeI+^@}s%lu=0UB6%_eO-4C>jJa63nRAA)QPuV zzs!DW<^2QlY~Blgc)(d=;Vx zmX_6qEMD3#|6~2*xz$JO)arTf9(yJ+W%Is@#K}j~Uwn2JiSywJVZC*ty86oR!lzeHYWbidA7``@b<;iy?-hmP|td-8+&+H%+x5+{%&hs?yKb98fxt*>#Mf# z(ce@Pi#6}xM;sNu>t@6Cuukhw@W!1N?M@3RHSEYKe|gKi-eMBTF?^ zh4a*WMA;Xv3qMw;bZza`#BIAKs?6NXc5e4x&3%$vn?v_kul{R#%Y2UIEnD8KiroR1 zYXl!-f&L6&Zy;PS|?~hxW&@r<~{~0RxzIOY# zttqgNU-V2|O~A*n=c zl`-!Yw?7MeSGVoonO}4E3)rXR^S+wyQz$oY!%q1(JoR3G=Kg1B+EjOC(vSZPk3)|i zxX*cB{pOmGLoa$ieVkC-9~_@qWA=B`9_(t}v9M(R^Pj=%^5&gs7BUaY*KnIzZ*QIxHg(PO75S&;>$ST?UbuDl zL9WX4*HK~9e;b*n?cAOD$vf|T_}X=c{v3F=OyjDxtn0MpN`G%^hn@TTgysADvqe^= zhkv&0{=k}bD=W@B-9o0&+2fX|l+|zT=40+lvu;`3oE)=m_M_+!X*K!IwcWaT_g*Ba zNxVIqHregvXXOPQYDRoUS{aY|C)lnwI`?o+E=!%-mYk*RmNs1rqn*waJf6d~QD)5? zsTPZOkC$2&aQ@spi)HF*O?A8dQB@YYTOO@mDBHL)@%M4%y?U)0vu+t_oH+R>JMC^@ z_^)efv)t7SUmwkmJkv1Y*c{0@6N?Ngk9%#+Sz{sJ8ou@Lv3tvxMzwr0u-Ce9?C9!> zTfrN)8NLjgc0c23r^Kpnish4)Ki*o$Iibn(K~+$!&zrD>&=btcTXi&^tH@M`Z05L= z-|+FJZ&>b*cUlha={7R6ayBX*+_~@jQvM?4ApXG6Gv^DqCLdMUFq0*CV$+;C$(JT4 z>pA?@G_X7`v4CO6^I6>uMVh}0IF!45cm8br^Fnl@uwL=Cg&F7gMKhSHiXA%4`82$q z+;-{=U}Px_RSP}HVRdcGwv3y%vgRILwa#gMR&In_Hvg38mlh{1GoBc>texdS$*M_) zL6!d*Y%WDfp0g6s%l$P$+vwR{gPVV{)6!z(s>5rFCms?9CLJu+AHg=jhEm{z|IOS)oOE{>OFB$NmZTAE}C&c3$GMpl8p9 z_it^Lto!FL_G*51+ny^MMCwSC1`b-&6o2iIyxbS|D5&*)zm zd*%6=HFdQ!9;7Ync_*S=5re9cv*!STt*dpm!u=TNN{ZVp@XetDW< z^Ff=st*dk8%(W+3RqMvxetW6%BGbGjp({)!CeB#Y^0VS-(PodDJ;#pg+&2)d)1K61 z7XIMxo69XXyO+IBUbg+(;%v9RfI|UAYpSo!IxBV4jpx85@il%yUh=O)p_<{+1ZO@)9oV zE1P~SxOH!f&~CeD4-$S|n{(Z0rD*c9Z7@n1@mie~UbVv7_zQ%3G8=RAu7F}N) zyr(l?S5YBX+HviF2HwriOPW{ilH2L_K2%aBcxhSuMH|obqVwrFPY=n@Z1>t*y8LWm zz3jQUH5Yd>EBa@xT^gCuEB$xkBx7|I&0m+p<9@5&pUT~P`k4RHj3w!B*2?;Iozr~W zx_I~88T%#G*E-5gPhNWLkx9}eyO`}&{eg4ee_3cZ*Y3K^oJ%hz-aDScx3c(|)x71G zwsu>tx}+BC?BC9Dev(CC*RFMPcQ!Gfco`ZJS-CISZOQYlX`enOI!hGn`SxY4Ua@P0 z&b^0oZ)JRJd$ep{-{Ut&*WSt3vHBHSt$pKJ|GVdGZF?qZ&t1*E(XOd=#oLnTEuKfx z-wHi>+~jJfsM7vyHV6OmsGy^3e@NPX4qedp;f|zA{oTHXkULwpn51L}&1Rb9DRYTg zNOoVMr77zX&4PVVmSM`1w7fHvw|6K^nZvhi$+9-DY3F_>EO_4YedU7N`F9wsq3N~t$Gk(P&Fe{Hc4yE8fdh=E zX0_$|`)u9uTjjb%Q3cCqKb7q%T3ZiCKW&pe<{;af9{oyA$LjjG)NS)6TX<&9D0v+% zz1?|A`~*IkSzU)dU8`0wW22AQ*V+{5S==j}r&SBo%rIPmf0iv3%3^kUaudS+I5>_FvvzZYd&m<|VI>Ymvym?Lo_YE`NARl5afa>Njf~lpw=Z>5omTjiomqWOsAYz#c+%m!NAs8OJ*}x4{?zfxtY=^H zWwOf4&u3OHkO&a&^e>)uKT|h1@#l%-AJaBJ?$dtjx}-r$41mRcYfU=le+lS&3m>l zT~oEsX=`QP3QtWtzhK4Uk32y~WVS05xu#dN$9CN^R^6PqEB)49kE_0NUsWaFRBk`M zwk$$-7I)4&Eyv?oKYzq*$+kVRz%a<;o~?o`-M*?q;BI8c`4-#UhyLwlW`c(n z1q)<){bvxg+xqE0!@<3Rd$K<&UDeCEmr--~eB=B0q{9nuXWp_2h&~olnaqA^UuoT^ zoKK%+c9}f5r4rpCk?(eZot1s9S!C>^yUGmqty*jMPWe^vIYNx5YL?2*#*-PJ55AAR z&^qzM)Q1|rcO24^Qg$j78LWQkU!lB@O;h>7ys7bLxhF}t*=$^?n^IILd*OKfwJqHn zkDRi4-tvWYQ)TX(gA@29O4W93m_BWi$K)uZ^?BCei#U^G-b+sjv+uaZ-SMY8g6)~Q z+GNj7sqfwtIsLK}Ss2&MFfs6;?4g}nbwO3>OYOdUXWN{$b85a)z9P&?yy|3QAFs2? z(p6Ws<;`%Z%L`xXlz0A~-@LC;)ypR~#1vVFWTogtY*66Sl=ZxE;kS2gvdUbmq!saT z=O%1DddD+VGSD$R%Rxz8x|XwJ3p!KZuX%q{XKPhAEqsuw(E<|h33=dUhm%g zXULe(_=;muD%bPgD^@E-WpuyVN*#{z|61hPIPdT4g%_VkpW%oRa+g?dclnR^!@G5g zc5};G5*W{V%v!c_@%iTwcT@d+ zxc24u?t+sgJC6s33w;p#EEM~o`r3s_Db;Mfr&WrcurY+q-Q&IE;mI%S>TZ2=VV&m3 zAh}lB)+Lwc_|~jh>NidDqul&lCOx**_Pc-TMx3QBn``m6sx?0U87w6NqqtW^9p`)C zZ=$ix`=Z>%wf*9Mgs%sOTzaQ6>B7F`sr(Y>x7IR$NPoPq_an2ncl7NR@4bsP{O_%w z|406#+~L?Q_1r%;3p+f{+Fj~(>Z5qu9`6s^L;Zy+q8>ioq`xyx`Fr+|Mvcw^&SG#>Px$>p>fhDzu_jbHa`Y@^Uw1(Ys z){pt$9ClvHpMC5euUt-n?4{^;$E>cMKYaa%>LYvJUj3uLa;}Ac?A>Ig_Hb6|{-bk? zkH(eFFrBYBljGL$_I2Ke?bPLjK87s&?br3R`&0Xb%JodehYqctQE<_jrBj0FP9OgxRGPW*!y99yKYoA_x8DqXRkkdA-ub{PkQDKm7?!EJ0In;5P?PIndgboI-SXP@3eWa&|CsyR z^2g&t`vu;aN~Y~<)6Smst=w?q&o)nXrM=G|{AYN(a>dIk7CWvVlNWMd&fcoHC-}2~ z#dF)&ebdw~ek&~z$#NC@V*F@-Q=ILU8iQ-A)uz@K|6V=goY_j#$sg+v%@>@1g!j?< zb~)3Q+bnF+_4YhFewD5d{n7g1topZ^KdMrGR6gQ=GuMHqZDNso9LM>u>t~wq-+2CQ z*N5Xrj$K~4xN&CvuXB(Y%e)%_boiuOv@~ZNh*{cP^R&Q$$|8W1?r62Pj$O|8S z__o|vYD(Vk*pLV7^K7#(?Nj`B@t^9x?CiCwdO9hU;osRU60%S2GpG^!=zegb*zVNj z{~0n*b?;oKth-jr=7Myf)}t z`jt4vkM&3HrXQIVd#`!9!PW|q`_}7EdA>ed_@7~md`pSGz?#AzVS(AJt@+JQ)v)FL z)xNer?S0RFzI`TtOeftt$Rg}4K3!?UVYX-cO8+i@{L%ezZ}D$0>E(vpYi^(0TXp^7 z<+CdT+il^PyY8I5bg4#*@T)b-HM!|i=G2KE`0=0NLHcoB@i-~I)QPG!ZWq(p zKd$%uApf@e(Ti)k+7TCKm7ZXFqWLoJaNXp4l)j zDE;(3*}oI&vw78n{Y8J+U3+lHy;-K~u6@**AL~CDe>=Hz%Bwi7i|g`I>c94HnLO*S z$dAmAei2((uA0QUoegcc%d;Rw?$KW6pdY6n{Me(Yw(*faf27Z;9g52Ah3kuXdzMC7 zPyOm~wQtRzgFgg6B!8R!VeQF}B2ltO%<@`1E-hqWymEc>5B1~!RDP5`;;4yT^Kw#_ z(6RO+hJwSl_I{52yY9>N4}b5suKg!}XxrwefqQxqWUh-oJTFya{+s=#X|L#Y-D58r znP;7r%sh6=E%4B9^@>^dx$E=vTkA#M>)FUZvMyY7Pn+e)bIJ97yMBaz_#S(SWz(y$ z?@XybQ*`!fKd5(Yj$hn}ybn&K*}g*FATU>6&%?jp2h{|CrjS<3WAba^87PZ8)3tBmBYg&Mg`5 zK+8qKt}k=!w=d9PSC(A2>~r*w=(V?xF6Z_7c0G|X!tms;s~t7WsSnltC4NL7*=}C& zL^8zOVtqQ}WF7mxBAIWdY}c-l-hS0S-PiBgD|?Raohj^k-ILg>-mU+q`m)aK!t*V9 ziq%WBK6>mpEOUKs#q>wdcFj5*n=x?`S8l|UxcyO|-9P#tUHYS2^y=R^h0z{AZ_Z&p zTas+>CEIn~ii^RURDX1SnEcx;-Kwjyt9hQ5v%)$TCKF=SW5BDnjf86_Qwa&_Y#@oyS4?KDP zGt5%WXrI*fP5atK-5#$p`6K+>Gy9g&;Uz!jF&uOVx>UM8{PLc{2fSq}yK~btqNpIW2)@$}>T zLmh9oKEJ9m-*?W_Ah$b9>b-uIKkz?(pYcz@hTn3_#4h~}5x-So_x0@Ydp`ALo7Ef_X5MbGzVJ$&OvK$IQHLIBPdP4OX?pVYey+Fc7Uxd`L#9a<&Dd?VkNBBx2A1k%b2fy(eq{Kw3BNS z(>%Tl*(LwH?)9tm_w6mhZK=xrS>1jYp6=P4#xi%g#Bq};fkIU>i_SQSezKakBv5@) zqJiJyl=hWh*G=7`@%T)UOT~YNw26BxlS}iGK1CPU8ag)#O+4heEIRt$43)+SD^7Vz zzK)ISwt2fu{f22IpWUZzZoEO)OgtCwWDIRSdd~2BYfeSBW3Jonw`T2(yBc2yEfoGG^`GWeY{m-_#4%TKlOvdfK<^*G|aY zV?OahY?DZA|K z=IK0l8Q;b{>woyN^~{A1yL|J>eGY5pEH1Wlubv_JGCp(fq;%EdTgzu3Hq@!l?s~HE z-Hvs$t{>Vic;6<-DbkO_)bv}^$F^Q!iPc_nn=V;M&lS{@XEkm<8!-8>QS?kH5f#DM z_1`?(VkSgCJ9sp6f7|1X#?kuVGPD|@)eFxVv zsr7AQx(=}sAJ_w5hjP9AmHS?BLS&`H`^XHlndiJ8ru}x9*vQ{Ewf9l2ns#;gj;S4? z51O?1?PEA4F@MhkCR2ioWUDV)s)n zMTR`+o0@g6WIMmgq?BhfZO=|ynDXs1lVm?nb+F6!g$J_2g`=F_$V|SHw4*n6p1;}G zg->VCvwW3(d22ntz%i4wY|G3@hEw_40aE_1ULvxjSV_)=rt_#{bB|tWCW^ z^hIH0RPPL*%^JVD?*2C2^}ch)%D9HB*00^>8gLwV8M0&+tF*+o%iJXzZti>i%~n5g zxFoKy>I17$bXtqh$q9=mu?Fs#bnO)zQ}84U5w(K?{*Pv=sw?+|`i8#Uy4Q5=^EsNz zKYG*7YxKFX_Q&zB4V^9=eR5}CNJ_%BjcS<@2lj8+dFkCPjdje6=CxcaW7#})LNfcT z{e>+1D${37s66;O=-|WmZ?%gHCb!xj{jzq!n!>XZpJ&)y68};0+Q;GJi6e&3x5n(e zkg{FxUY>(Z^%cWgcHR#fUv^zJHoSaeuG`_#Iqp@Bd#XdiZuvB{-n>v1dOCaOmg7c; zCm-XQ_h_r@8}SR054Uj?*aZd_1sV8mK0ag5=7}#fC*IoZRxBv-Wi9vXxvg_}3L|^h zZZf;O8ea+enPI@(uQWhPKu{gy6k}!S5~lVpHIj-^769~AE!-dSnte}cjp<-D!Wj&(de!MizQd#G3yI@ z!tA3@E-ZFbODbCb^;gJxDUYS!K2PikixDr<3*7N|Z$@;S z+Sx^ZhZ>wD4zP$FH#u+Ec2}bx}Dq_2!R9Q@1jPCGEU-{CI={QiBl6Q8 zKGvwTn7KYbue2!3Tw!3?soh|ewsyaAah>I=&#TtV_Wo7;GNf~B*QCnm$n!i_;kGN^ znyYe8{<8MNuH>`dqTUGel=Ug$; zo@#mW`PQuT?012?LMQe;Y`nMf+)SN^9VZU{(e}!YE4u5yH)yxCaJHd>)Ye6+i#mDk z8`{mEY8z@)F2wQHw_ek`=15A}*JUcb>lXsigtiFlrxO!_SJYOwS zx+*P+@l+qHZ>CD0kPY-%eAm<*7G@QN&`CerYCQ^ zelqMq0z(o1_G_{nO^+SN6xiE7TD!+ImS z@A8MYNpP{ARGu92RL@a%Rpzz@dH=qKE=glof9a>cW*04`B@~im%J~Y3yQDw>IN$&Ag z&A)vMryaAty0$-Vj)-85*MhfUtD@Fz(s`V8iHB?Xnu?}VhfXdvsyR@2wz9lupHi%m zjp6w%hL7iEd)!@kZc&fl?jv^Ey9&a+iy}VwRbQW7v9?Yj*0r$O#^V$RGw<2bI+@;Q z7ZP_*cyeOr$#BNOk;c*4GFV%+lt z#(wVe*Y=n{_^|cDdcC)A6(f#J`q_Tx`ld{)j!73LtDo(9ywZA}ncDiTbI&$xoxLvmR$gmD{@3WKy@dzW*QQFwCr_Wax7#S5}!1ZQAE*B0v6T@Cu!E-_@?T!69|M{gtni%*+op!!nQ~cZS_6xDMiA%gLdtcT($6Hyq{3HJ{JFOknbNxPr^hC=q=I9!bse5-d} z`9DKzYTaeyW6LdmFDU%Fdg33g9iM7WCLLpVE}MPrs_vBc(V;vRFRujc5j+)fV)e_O zl0_%#Zq9RNKm2IPM8Q+P%9o#i;PZBp#)$(@xW3lEna!%ARcEoJR_pwtLq-)gfiL{G zZG2Kx!Le&<#HQoxT*J5hh%b2Mr97Rz!76;?vgUlbXNH=OyQXnVrzW*B6L(*ly5N zEpa}gQn9MWOz=>Vm0U>I@)dts#DfZGSO?#OhR7!`EerF;}WD6z+Vg-uiK!NyYtkM?|jNF34>^-8Bes6yx;inP>FjT^H#VNM-5B}nd}Ei{O}mWi@&>Z6J+3^pe9p0@t|;o@ zNA?4=+Hcx;K9t^aqpniS=&;+<^H%hG?d|ZH?)`bi!%s`<*!CU1@=q{h*DjOb zBRg^??`1r>&N=e$^cw8~-!E1s9LAqTVuZ36hO|t0QQh-VTh>uov1OIJ#KB+J&bBRy z5a{t=n)hS&x5WLIMDA5oz5M=MQ+OU<_RRT*=GlJu)V%VA&u@vg48Cmh)5Vus>y4{@ zukKmA-M+dnd(ow>^7E_qd97d;eg3WLkmLNVw@-7kzSMdwx^!8^yqnP_;tqfIT=sf) zs@#2JMf{OYmAa70xdm)~*}E=oJ((UTFuly-xo!4=Eq`l7-6A=Zci7C^dhER6gbt&@IceCr-DnT`SkEUHc`{=U!hK%dE zYKCToe^w{4-MM}9$8phT|KvY<%y}CSy7}aJ(QBDjr~P*G%v`xyd(yMJhqowfuyyxZ zSdy%9d%E=W=AT#ARtmbQdRkYdt+;o0^>f+wsugQ_Qkm^u*&g`7csAij8^gA<9mgJ7 zBxsjaKFMivka!(g)e~1Wg@1D2*Ck@hZCw{0x#N~Bz0P=o71x?r5i!5V%dEowzMHXh zX6he{HPXAwgl1gbVBFXkrM~jnm8ea^da+CIUPP#7Q*iq^t1C(V zbGOgq_X$;9c;aN=P44H7w^p0*HZ>k+U$C-jLtNLrE!P56RSKdTyL8S-U3k1t{RgLw z|1#6NOBPvA@zGS?uwL`SwTWxvD;DmNn-$!Cd%ki0-dc|2F87K#>9nzV{G5AkbDpM6>0zj4E&Mhs^!BlogtEqKJCi0`?VQ_p{$b4OWwHCV z+B_}^Zts2_pZ)K=oz1R~(|UC0AK}i_6TP$faYgW-*ALe7-^{vR)NL(Uw(Vhy?a?an zrhWRa?ulKoJ6`slbE{%m^R=DXLC>mWXJo#(Y&Yxg`aOx6t1IT+vK0=_6nZ5ZJ^7Yd zoN=7z3cqrzxVyJI>OVv8JJZU@JJbADxvR{2VI%wC ztoM-*+_N`bT%9mgd28|yZoiA`^U7md&$vJ1kK6m8yW42pY>{B&4GKGr26`*7ym>%^|o}ccI)l&D))QvD_!(VhPl>1u~|o-FrSh^2-zToY{b$UkbcCqH+TE;xaSsqJO58@+w4O< zs~OLRT<5>N_R;nh{(G_ueqXO#mf7Zgd&vPq&0C9Q!sQ?9az%5RM>aXs9(2#zHQ_s} zVTq>IyGobf8we?S<^C`2R z?F>A>FV%Qn`QyCo(58%8>)$W24m16^!SZay{eF{p+1KBt-+o=0xKq9?#KLmjuE0sE zJ93L(SI?D`&TKs*Flj+@W61i%XzS%YJnv%~vX9kq{kvkPv}J4a!{bMnZ};9IoV#q{ zZn=cG#?4o*?|flC;m2xE@m`@$_E*|B7TWULZIRKx@%;Uk-zRlr+$?Omp5(77HWZgv ztFS3u?>H zKAl~x(97WSXW!Lp@zMVIW-opheqFIuI&F7r|0L(q z=t*Yz9DUqlN1LZ$@~xv)a#v@rh`j40soW!ETYYuHlZ1P>qEl~ZGE`m5y}HOyXZd!9 zYfmqoQY_Yq`Eo#VmAF*to5dOZTp@Cqi_MiMU(;2Z=B%JtV0pZ5>*={#{zBQ=i2&W2>

=>GyW6Z=EMF+2wNT$F#jmRPUH8Og;ah>)KRPO*y;l&XNq1 z?Zyfp-q^`id@5*v0YWcT>5ID_`!DyYzI=uH7D&_)?ALa5YE$XnnY!CpzwQ zzU9Q^vcw%91)l9OcfC-j_3xUU=AQhw>X&WQv+d*x3a(qIFW*`b z>_6%syl=n7@!@;h8kg!|wiKDu?`mJK*t2ibkNOYq{xclCwQcDW4n@`S@2_2ACgsk( z!DDN#EBIOekBInV*|yfg{152|m%lkC@>$=ekBPq~{A@gbNwt25oYki82wt_hsS4Fg z0}nr*6WZS=XZxR_W%qHZ`Q7W5X8ImEqHOqTrp3{c{|sz@RLgSKuGMYmi*;zXkQLkW z>QZs;{8TTkUTwLp52d-!cib0TGT(cX*eup9+9H~L%=$IqGyh%NXVCOL;6Fo)-Mz=( zm137Jwr#C$dS#VUO(3-@bNzNVGFTW~&YzTc(~efN1@ zUY1nc9;Jyk~npAE=tP^wI3@-s&T2o{^svyIdbu zu3fpTZ_D1xSL-BRxt%-XZDW@{b58n#b@fLl-N^o@vumF9bfvp&-((){wOv*5Cw=jc z^h53LTV}*$32l4W|A2jK;_Gr}j}Kq^SH`GL`Cjw>oX^bnv4UIIRepW>SvmY+%5jd?-=dV1=ExA}VUvkdH?-Ab%0*)QGTw!Kyc7@^hm5*_^?>f(LNRtuJe93!c)mfQX zeunaOUoL)(56`O-o%il7Bmag~ed3~VH&v&eJuN#^lFN#}YHNLQYHCi}PDN2hJr#?S z>$s1~OMIynJ5{aC-DvX0V725qt81d#Me?DOpKSdo?7Nm%Udmtoh^7Bw$v<8Sm)9+e z)Mwfz<~!3uY3YZ(&znl5A8otkbzXKh>$VO(_ES~=ras;kdcM;p@X-mqhy3#IIdwRn zq+H)rk$>>J*MX(`zAA_%-`bHHUp;^6!=nAEzOJ%rD?jQVjWgO2tdb-#B{7-3RphO) z|ISIl#R@0?z4c68u!k$eMWpj*{l+gIzPJVNF3RrRFF8wq%{rv% zCd1#`rEjzjq{%A;_*I;*Vp_)+&Tg?zT|G;!i-Q(OUVN- zgQIl{Cb_TE*tjHeDI-@y^Yx`sU9MUVPp)bw-Hn!zU3Ke0)z>A{mVKPKIJHfH5X{zv<%T_f=NJmllZmyqwN|d}+?jtm$GO z6Xfm$WGt9vU7h~f-H+XCGly1X%#-Ve%YIDqSbXE~tZQ4YFD|>sE+X{clKEQ+jq}^R zcIFl~@8~+eWykh;{6>~+Srs?*9PFohU7WEcFVc@C@!;#*rdgK9IAnf>nf4r+yR}aJ z#vQZbsQb>E%3jyP?o>WndsJJm^1-jL+$DP*ZKSqy7r4DiThP|Mao;CXBJc*#dilCyHBW6$XhU zUTe9tQ=xp>mISw?m{i}e9lg<(^1ZQ4wo7(B_;xgGdcwJ^^$TWcoX!+infx}gyzHU5 zT=UlKlS)E`x38^;+qFyJ@XMpJ9Gf@x>$9xi8#>d@Y1RJcv$op@_eZVOv^cQB@;Pg= z-ZPu#d0X95*p=^XP45sYJijz(*4>>J=YN{k@>w30_%6Ua$u%`A?8(9#+I5eN7W~;d zzdR?hD%35^eQMm?cSYi1D_Un>wtS_1dY|Z*0L03;l#oRfpwc=^7m-JZ10=HN@=x&**AKvQrJ@?yt zXi2x4*WagW9ap**YV|8R*H`rU7G9gRbriFXC9TmM{zgL_qA_@zKLwm%--t3 zuC#UMiIpd9z30hXDs8_O`DkY%7yoSauKQDNNH3b78N8$A?#r0t?SBI8=1k7~?tkVu z!{Y_ZPv@5Gn&Qo=UU_GU+*U8Y=ensU*^{?SeRetLz;A~V?oSiLxA3OCDwy=~K@XG1 zuWLGTF=6-9_D|h;tjH?t?Cjgokw2#`uWC6NDtejiP0`L`o}HWb%@2xH-lf&>X+c=G zo62^^B`jamuWeBKxa333)-}^~Y>r9Plsy0QuXN=K(=*o&`C8;LFuD88+FG|81^19IeR&w&hzmI**i#-lI zeSYV9+B`;x)jhpl^|ZvzxlY9)$j`lzOIb#Nqi^LH^j>nRBn3PI!@f zC#LS5bKilh$F{bGY8p@QciOvJ+wHok^;{=kyT_gyD=a39u3R0R)$TRzxd-=ir9Ug~ zAIZE?824Io*~@aVgU$YX@*bPod^7ugaqE@~h74a<)d}0FOuGC}eZ``f4d>$b|CYfN2zLeFNBircwY8&lK;W-L>jEpJ>E zTI+TBNVk>U^i{_u=F4TheJ=9IWnSCVy;ID-Nlexe@7)@7++ow^UD>}qz8P=xy1H`d zu4&4mvsv@s8?3p@rY~%_+~R6lAlC%t15ajIaqbOVT9}z%JL5g);liW-%Oj&RUw*63 z*f9To*13gRXC$1aC&`JK5|_u4u2Lwt<3uXe|u%+xxXyL@+>eccwG*H30Hja@RYd97a3 zV$rfw>W8Ex_gXFBfBu+d<%4UjPrKuyOy`{KxM}v}s<&elSvF5sV$tS+k^V+tUz7;xsB;c7}PTRC})g!DL z5@lx}Z~o&vD{uMAWpgWLFPP@@!Rw32I*k>_Sa$i%GT9Jz@kUQF?~S0WI?2mh(|?CP zEY|qF!&d8R>y>hi%M&-UM;+^aq&B~LmFMEy5nk*1o6hYxA2%gW`{ zg|>0pW-I(Cy2k4hd(c>?<;jG**>2CiDsK9GUR`#-)cN+1whui*T=R@QE^bXO5=wQ> zIad@e-5VrkeyyC%f6JeS4_ca~ucIUWGhCA9?c-RPTRPkOLy+3t%WO@HPkm9izVwRT zn)P7<_-&V-L|3K-PHgUqReE$`;SL9*Rb>n4Qt-Nf% zJI4*z-urRtd3BgMii95cEUeB1-dijXTo|?IPiz7eBAFPz-C}UvHYBlB1Y1}?5 z-lsVDZ1Q%VJL%PPpG{rU(mk`t_Qgk$`B|4E7t|O?>i)bgnfr)4I+gR=greGP*P7hr z+`+jeMP&~fvRC!iwO>gnoGbaPUifQC#*(eOr?XZu-=Fn?zf=6$Yr~8fhMPM6S>NTm zrlkjU)%u;YJy^+b{al>QuD)+>No7-2J!JW#j*D6!oS)w~-=xHP{mrItkNrO~?Aa#W zw1cJb^1Q9zbe9xnNtF~cNKBCoj2EptCpGDIR&K7y9tNww*{}24X5IPT61DheiyEiw z>NAJ!@A1oe&*FJG-@7rlxL98D0oTJl(X!_zR-|uj`I+)fw(9z_+Bv5g^d3BxWZSSO zW>)1U!%D{UD`d5A2KuQVd}d*8@}^+ht~ucbX`!#GLR&K=xs2b)-F>b1Np0)QmgJrf zTHcjPQ#~d*72m(KF;jizr@lFlwT+&>TPru4!SUQXwyfpfu5Q^d^GppN^^o6^CR@;!9T&xuo}Ocsu;-WwIW;h0OZeQ!FqWUgaxhYDZIb?=OcTB2M= z;XU70%yvILGc_g2U2XG}Nv6wYg&Q_$9o&Ax=8O7P*C(1akJ&8_zK`1ODfgInReHv& zZ1ISxYr>1Inkre$|>(Cp0z6Px$n==&a@q~R7>0>l=oL1 zy^cFOIn{|pAVrzOYezHc|JW&8T?#tg|XE8ptrs%%eq ze|_OQ?P*Jv3Rf8h*-k$^U+9bG(|Gd?w}(^yGg!TBTf8V{`|Ru@zBdA)tDk$PP35de zQ}~-*eYoo0#?-PkpA7>lSuQQ_xOC7;>$>f%^G9y=O|A-)zWlWLfZ8s7zM5FqIfv`z zxl68G`_7uo=1@FOBHX2rSE4A&{o*~jk8<cUOVDd=~W)z zLrXP^-c+;hTeaf3rQ}-a?3*c%jF0avzE*VWRbcJ5Lk~P9530& ztv7SqOSZkJjCya!T6g)w-D5V=kJlu><5YQN9p3q3zp&mP#TC5n{&PID)$jW}jR^a< z`Qdy1Ki(Vc^nO$qY;GVV+n$)Ut6zN2a+z;r zleXi&XpQ#A{AR&*Z=M-D&Y#KWv5x(L`CH9L`t83qRRkYfsnJ~#qvlg9oB!}WbNM+x^HpuCugfZng0x4TkF?U^nY7?X{&5~+s)p+I3{{5dS1nP zng0we)d4^1AD#A1vSu&aw1a2&3`4&g?_+$=sFE zI@`|AU9)&jXnos1vk(6|AC+4jn=Rz_%I4$^{^_O{fBa{N+V#=AQSsWA9otWuZb%TG zyIl0aw_oaArkv{*?b|ao^08{TY_?8qeQKDo*Y_*W(l1y2XK1UFulVeiJ=b=@-kzQf zF*4yTHKBi}{!w3jQf=vj-P7A1T2=(Fd-E&!KSO%I+}#@KE&KL;Yzev(G}EwtWwK^=aDkJh#GM*U#UV{m+n+TOPGzcG!nchu%19GaX};t$4KL$MTQ--zNW^ zQ)6=Y@T`_w$EI?%_Rg|>E7TwJ?a`jc598mK{&tSP+b<5q!(JI%12WpuPn`s-7!@nHqZXS_XD!5f0*Ul_XI9=*q$kOS;28qZE=Lv z`$O_Q_I#!*P1f@{>6PrB_}OToh3J_d&PU_7x!g1ByMFYR#O0()BcBeDWLwtid)puT z_uBD%xD*>-QK##r#;hxp()c61PF~h8;O1)HAonTvUT)hbapA7syJc-pdNye)&&ygj z|8e$R?L*;JQ)Ydim6$*2(!)*s53(-c0^p$gFcouOQnx z;EJ7G>`UF1Ka?Z8D{78){IJb_t@$kX;+8kup)2oItbXvm+r~Km@7fQqe*CPs`y}sW zK^Wz+^rGEqGdVO+y4%~aq?`*3yYg_*O&g7{IKWy=_M8055CUU77z-Rkj>tHdC`Y| z-Dwvx4w-G6{zK;3K9;@L|1;!BzPS{AQh7(l6LtnYhx2Qz?jQQkAY4=Vv35;V-R82S zj1RJx8w}&_@poljU24lKYSf?;&i9Q+gKAr zp(FltS1Y?sc0YA}KZBh~MSWC8>c`S2VvpZzTOM4aFa1aK@*c>+`(au4&SGcgoxDdpkCUzPzydt@6^I2dHR_B~stg(=K)a-ZD)aeY;r zTx2h6)a)w{3Jc3@;vbne**Gq&(Eg{oz3sKX;GYh6!|T<*4Qq5aUbd0d@5?*$@y=}j ziRA(u-`3Xm$aB_IW-jtw;FzqVsVGs~o}ut%`48{JZp@-Hlh<>_pCdI-K{& zQnJX8UH;O(u9l4ghn9;cFYC^|IY0egMUaQ5_iUpDbEd8Ny`MAMm(%QM{2ZCGb@v~9 z+bw@2zrFDMieq+{y2Nr1&$$-!Pw?s&c?sRUbNqGZ99Ma)Sd=}hUo7PC)q<6qtW;f% zn`R%pyx6*Sxm7v<@&Vg5{b`wd#;N0%k2CRqZhenljRECKN25Kae4g^eHEv4xkh8!d%f-| zwNL+ktyc-l-8M7to7&qAMvP2r3;Fm~U%90h=&rpyQ(WxmR4bX{zOO6I`o-2JT!>wu z!+xsptZ((Ih?{r1IUe76W5EzQ>GI1B(|2#toO0^j`)i$P73rHzd^fB6eR#U-_M42; zo8}}0#a2YUOAAh3ZdQD?HSyjbudd5sR@r_DlkK%1H=ixJrQfIbv~$ti?E-e5;tSW6 z&vMefn>MFc*V`(;Nh+f5>MAecjF;Z^>aBaM)ACJy!z>;Kf4|uv>hLN~|Eth`i{apt>q_UfETfJEE?e@Zs&@Vn`_}8_hjfjP z6c}$#P&&o;_~-S+Z@yg7isd?oS&R6xAL_T>L!0NzMZdYO zZ(Fyv#3QWwrj%(9U(~Mj8E4&tGcPU|U2LW8xn;6ga(7MbNm*^Xt4Uj~pD_z;_vASB zXw}PLS<9#!XCkHM@|h^w&R}u-F;hUig#`4 zo_QlG!}+OwwW#Tpd$QN2_}44_T)Z-?jXT@(WV;8Wr-Ze8RQxTWcOeNKHkr#Zug^+) zE$F5^m7R+{>e(L6s#|8;WipCIPZzZ>Fuk00EB1@ojVm|5Jr+HaUFCYNvsC2bqyU4G ztkbX0Tr&*Yc>}bMCtMte$j6d)f96caphU#MKx06owQZL@>uX|f+x^Z7o;yKprtnh$?OFf@N zG<6klMBRL3Iicvr=jeFuduQb*u^r=cOpKUk@!{CUhn-2gra7Fn|EOD4)@V1slI7bZ z0qGSMFC*>?M_tX${qlN`LEwbrmzLi;cDOt9#wXjjOC?NBeiC)1)rUUazWXvbGkoQa z1?T*iMqcG@Jvup>_vqAp&i6K%9MH+@xp*dA#^~4OQ0}S)SJ$jvv*@#~k#gc?TkVM- zRgW~WAAEbXtZMDuvQR(DfPfN9y zmSddBN8=_t?B97+>ee~lRc?-nmsZ8y{yWKS+l~qEXt8_ zd-3ieZ@J@3y-OeZvt)fR>2uL@53pF(th$z;WmoIkceYE}Zs9NZ@}k>H z)7BqahtCsgiD)=oS@x1<<31*J-Ybzwp8b? zwXBaL?lEz*+OA&JcUd{*g!C)TaEHt1xDRliD{}W*Xi+q0+g9E)2E0xlw@>B$cx>9c z<1X(?f!7Du2W-Fe_Fdw?Ggr#C?wPL{WF>cO$9a*8u-}eX;%>2pb(fzyP`0Xhqxi7SrL=c1@BHvs=Vu)c~ib3@ulA{M$^6f98dMo|D$*^63=olWPkW^?Y|>SNRt@ zb45$R**V1rzO40L5ZcAq967zvKmskBpt67%3Li`a(Bm*Ql_;M=luK% ztiLahy1m%Lr-!Na+01Eg8go@@e3l6Ry&Tv0LH(iK){oMW-Y;_w-Evm*e%$2vGSZ%Z zpLBeU<8@)5t$a$oSI!%K;hy#D{KM^s*Qy_^;tAX3l+#)%5huAzIP%mYcV8(#pQ{(Q zbk~ae_xo&b6i{ODT4#K1%bK^5pO3w{ykP5LnV$Z@D6tJ9sfltG&t+FnD)#xR8TeE_ zJ>%UHizi)M(^FMXewrX4(sSinz~&-l`!aS8%wQ4wedr7GtY=@m zlO{G4-d#a}U+tg&Mx%r;2#JA(|=T>z(#GXH3*S6~3 zU9ljWOYCb?&L#`&zrxHTf82Do>9udF(aaJ@-3yfy{`{2N8gi;2Ty$30mCH$<%XF6H z|Jg6qB{6fpj`f8G!-F-UD+CQH)+W43d%Q5~kSfart6!lPH>|twwKT^i%Oh{uvg(eS zP5$x!8DfJ|BD$V_n-d!6=V@}f^NMA%?VhvUP)gt%U2{<;ANk0 zLDjR}GkFZ>S;>U_Q}{UTYsL2BSH4Bzw@yvEBz`z;Ymc;TkFLqo(?<8_uHpQXtsM2S zcHeB~G{5F~+4@l*E!u9L@;z5z`97|AUB$fAOx~*pPpW#@_nWRstUWi=&oF8(e|JrK zt?g?6Tt)5ePbJS*cK>*~b-m#61mz=bzDtD9)n={l+Na=|o_1|oIqQKq+ts}v%2uoF zv)i{4!*kA)Un=4;vQx?u8s%ZI=FZym7gkm0*>`o&^H!;ai9E5AGo zT;j4)@9U>FPE+^LnL*b)lk!4@V}f><*=$!=vp-aPbouMlB{Kx>7_56$FLvwY1nsjW z3kwh2jgwAXmsJ)%`MlLml|27*>!Xi9k{9*e^(@nDjsT;rR;>0~cPX25Z{F8<|90?Q z9_^XF$RV}(K!Wx4`9Io^*qMIZdatzlWth@_9p|Mbx7Zt&vQ%y;ec$!gWPZDuuF%g5 zdhT1TN~WIcSXJ`PX7k~A-goPyOuNoZd37dx*N6KDUzbdYjp5ml$7aR#Zp(RY*Gz%l z#A8;4QQKw}bX)YxguQksowwr1h7Y}Sdn!B{EMIqB+_uT(F>_CG6t7U9eN<~%+b#dP zt>v2xpY7ygu`{;&NU8vQ(2zMc*K9eji@dga@It-oZZ6*qb>h>f_|dcE!> zU-4y86YnP369-JEXRmT|yQtLoDl32cigSDq?{zP#+@kBb^uw|9Ut>VjT z9XGyH|9i)Usi@em>)}j}+f7zI!H=e;*DOkwJ!@3zGV$f5^?x?Uq_1_=o#i53AoE3J zU+!fy$=msHnxPle40lXE_iDD`@wBv)$=0b8{qGw(}&Sy!r4f$JU-)Ot3Y*ceo_hsb9m77o71b&$9blv|~*-SYO1=$_z!rp%? zxgapJqBSOWA1L2%U;#9?vX9(+h+F9Q>M55 z>l(2iv1>9WahB|Ly=7`|^zK>9)it?aXPkGwWU@C+_>=8Hxt*)i-YFcNme_dPHv8Oz zc)_TJ6WXjjB$SuNZ@Hegu6@eQQ-9xSOD@S}n|X8gSNPtzQB!juu!xU#l{Cp?$sj)h^`V_?Pc3vZ~oNS7gb| zdw*m;eErYRwI}MH?>gm{Ry}s+d0W?iynNvJA)~ulac)U^%6%{Nc@NO*zBI{B}FBm)9rWac2q2vg!=pBCzBw z`Z$zUwNg^m%@4`t^!? zs@a?SN{zp+=RWxTW9j9K3leM&Fs7Owcx~Rj>W1mbqRVauFXyd(9r};|$EL3~!G#Y` zZ@j$0}J+3wJg@vbA)ZF+tFDBosVAOx_WLcTQv-j86_3j@`kFMPvAAh*w zkhO)`5s!b$^R$oKasTLh?$)Ml-7!ld<<6y!yj8c{X4`2iy=A9z9ZrkH zdDm*s3w`S4IrG}Gt2bZ$li9+4NVDY9BX>48+s|>CkJfhxWj=adJAam&)5pteE7u>L z|3l;Z0sr>vLN5z{^q-EEYr9HQ6U9+m4RatFec~U|} z_`KFj|Hk{v={o;MA{Pyc_PJhff_@9B(BUb94!;Y?U4(am8@w2v@O%K2JR&1e7 zk4()0)6gq#Q>KcgMLacJ5%K5XiQ{`q_w1Y8*Wxa6?fHxIMAqE3EA>1cI@R} z5?)WUkIz%-vURdJQnu-=`n|VX zu3xR%Ht*UeohS;!9N0Q%%O7E7=UVENP zj@|jk^=P%ZOw%SVU@1Sb=5#mjrp=Ez+OB`)@}5~IEot7m?Q?U?_Kr9CCNHG2SBq(gOCBrseN%k;?rw|H4}b0% zeiYr;;57e!-u<_;u7J+{<*bwbk#_s=FVWw7k6wQ_?S_p0vcg#ZrakscI&!zp)p~qt zZ|0%d<#A>6zCM%RVzW!Ur#^EZ3;H~Wm~Qj8m8RpiV*O(uv{I9B~?yq*Q7(dkJJPY6i$@t+xn=U zXRGw%N4?)ZpWM;A%HfapD}9!z^({6s?sIf|-pEz%o^!qDUG?Pa&gcF!WZf6P^&*Zh zpU>@pciHY_SBvCV+0U}A_uGBE*!g)W*XnugqWAt?u~To3{xMy5+VmBbAEO+fy6Y8B zs=hAzaIc>Gl?9VLwo804s(OBH)+MD@yWmST!b|qeU9$e>1(of&J?UT9FRYWPP?PrM zlGJ_g^u{55>hH;M+6yDkmtBaseYpJ&)8s$OJJ)-BWbgUU@KE~0i4R-n9^jeCta5u- zxN&)^*L0hl{EFSjlHKNRsTDqAmo2!-oxSzzdYzBy$LI1t{CfDMm5}PQwI=B$d%gN9 z*Oec!vzm76;DgH_K6~7+-D&fEO+90c`G>FjJNtY7gs!ytbi&hc+DXgvqH6+=Y6UDa zfB3xNPyEODqeT^mkEs=`)=Y`?JhXmqmD=9FlNYYOeKTeWH%nc_-NqeruE^`C~u~l9?i`%|q{j7`$lh`VhuUxwjZWQ#)=dFpw9?iw( ze^l%gZt8T)+uIpmmt2>8BBlSW@^EQZg-TxcmRKS)!=cDPDsym-v?2@wVRQYt; z(B8ECKLhU{=_OIO4qY#wc&ll#-Vvr9ucK@Q=I9G=|KPiJTQ`f?!*ge6TH3B&y?wgx zoHf3RihbGVOzk`F^VwLIs`f~I*jM2grg6V)XKwko3EMVqHLKEHJjsuF-lAjNKf{*xhCkfP9%Uc+Zh2t)_S`e~AI7mhI^Pv9 zSQB6Ht#`Gjh>_ZjBQ= zm#Vus&+NyT>7bcneD3ehyOFMW&K*VYSV$UDn0JA&K>F7bMb*c`<)-V zzGPbED zIki=%mQSkbsm96t=k~Mr7f8IkHBaeDVZ( zSmY3%sVX(6qg?j=JS{^V*CG$Q9Sc)V9G|%*d9UZLi$XKG{xirw4zOuCy}kTdX4*W9 z$G6r`zPIY6#`DQ=ajgGY3!YZh8#!T8%)7TY%XsdB$J>>*1a9PW z>U2C2YANylTHju)UqQ0_t8E1RT9|&?d^}(p=JGj0cj0NF_BjtG|G2iabHCb3C!~VN&tD zt6~?n1}?h0XJN!tb@g>xe|t|oPV>vwQcKO7oAq|`zW)p}-84-XJPzDkcdYythb7yV z+;=~pi%!f``dP0p^PizNvMbKxO}1L!u2P-ei1jKgs~DTK?ruF&?V0#F%*OcbvCHQy zR|mw({5k&8slV9c>XqBucBo6#X$PHpXDOa-?zi=f?h6^_uFZT)0#cX`i7^X&hY?p}WX9ka!OmHU=EO}%(2>Q%8)V#GhurHPM} zC663d-j_XR%TB(!xT#s{U9MVZT`xrG%J$8EB<(r>NrLgKx~*F?3q?A2*!eH5yt>C% znqSYkKkMeDuiP_K&d;eT4x86*vvT!|vJWSAs8%N}>-*4Dnk&NY$*x*HOKkM`*6|6rT5k!EjElfVidS@wc#ti#ZOfF*Rs`2H%*=B zEgDz3$g;p}*7EFXp2kfc1zK@z95c)%Rmv9lianmb;%G#3M$fE;GRxIv9xsjBTGR8a zDN6kY$7{EX@=+!A7T?bbvEDxZ^R?HLiBA}cj043b6{~_a=6RTMC-4L_dNWj-vYuvB z&-itv=Xbc|vQw$CQ#@>; zGsD)|#Tg7L|EBIO<}4`6HhXkMps4z@r}mss#bUNsj5|Kw+Vno>>clq2XS=v}9MZ1Y z-rp}2k~xvhwo`--T$?VK=l*a?AIJJ>{~5CH-`s!1$|nEu`__xh3Q3o4 zJ^q^>-1BYy8ofjX0Y2k96>B=m>uGcTExbJ)Ap-|@cm;c^n zgA1)j>%02#>HTlYbN20AYb*DyBISs%?B1R0w9W@@FApx5y~+KIb=cEw%b%>D znXRDkL8NSLa=7!+_05I(&TG7XOO}dEe9Ev;Qf}+|()F&HTK5ik-e70ip}(cF!Ar&Z zd|)hJ_v$Uv;!}6G862otcQ>&B~PFnLph|0&nvU2Rhz$y$A~KB3p_^uvN}i~cq5wFd6B0{0uY zt<7?7_MN>=yy%tL+rqR}XT%%do(J7p_gzxUsnS-oO^Wo~Xw_cLqu2Mq0!BHO0fC!KPUSijPA_R7~n#~F8T^$Yp4 zLp1-e)Y_|mH^;=TJSl5<;ljL@PxoBUZ+iKCQ|G#i1&bMG?U*d>qRX;CpK0g$AMT~! zuN{4RZ;{j$?}<`j-)`K~+2W%2uI0kb>3VCnr?0&o8zY@E$E4wtNXYl?A8#>!TN$HZ z`IFsr{?eCWw~D1_JXTyHY56+b^^)>@Ygx;?{~4~Y;!9g}GDq*xezj;vrFHKgOPme6 zZsV@ruF`+{qUw%m;m1$U3H|LJw6mLqZ^p{&k(U=v&;7Sh%HsFzjn|e=-czo=wQSyz zSWmv=33fhLi>oVTUgwKWd*FZO_}0iw0Zl^#?Ve|gwp}s#Ubgjjl_Yz4jo>gloo>6NBghkUIb-8sp7NbF1SSyo-A*f0xe@pi5X ziIs}glVgY!*4IsHoZ-{UhY- z!W8v2uIJYVPCM;4>!IF)w9gC=o~@a-W0Jgr--;a%CZAj>QzG~DAnS#aw?Wan=5Q=L zXzTeta@(}vmwl02h4mgEGCVJ`t99ST6*o<)@)qbWRe!4faoJX(vYjgqHtHyI*|uq} z>Ist25IW?Nn~-DrJ*``)xyW_5ObPxZh2XAp4Pc67tH$C5HvRae|u zD}Cd3s}k2Is|h<;8=`Y>*Dfg*ewgS(Au(EkI?ktC_ zZ!h?`;?-i2>4C<6(HVy&me;JakX&`xw_kdZpK(Ce_VClcZ_DfqJXU=v^VhkRPbOC` zPncKM)%GSNN%#JZg#OceI*bjEalQ=73~VgUU1t%TV0qrFUByCWw(`GIdoSljdE`Z`D{RZtoV9c36$QOb6G9!5c>Q+Gsha$T z_tUq;d#kdnj?K=Cy1Sflm#FNk=nF3wJ(?MIBIdTB@*U&yXG`|%t(bn!XwKVnuND@r zU{uVI);eqx>gyb{No>8$bnCj9##tS{%c@LNPn}K=?t694+kB=+LS0bR_4D--C5el& zi;pelR=l@>e{EIKtMfenitY+=C(F+*wwGHI9`NCh)T$Ntnx!X{zP>g!(_Hv{QH)P2 zYw?U9(kpU4GDRQrxZiuEHv852mN=z;|0_Wk+n5W^zK)mqV{(;k@_I+>ZTvHg{C(2) zP5O|xX|tE!+thyoZr0a%)gBwa$S%6l+rQ-T)u8B_RUZyNwcG0Sz#+Nb$e{R@_S_Hc zooCN3a#nZPBYbOD$2L!aw7}-K*Y>_L-s8_L*zEUw{*S(Mippmu%Dj8hH}!11?G?i< z6AS0vn{$2HkHx;*x^BLUb#Su$zFy(ugKKl2NO^5=;<%%wt(yGIFf!_Su9(e9v8&5w z9#sD^du#gs4xOCM3fA-U_^hvMiubOYW_H<>d)l4#O8T?A2$Bvs99APq3QxXxg)5XQbPA#)y7>{XQW2$5%PG=;&!N z1>)D1Ufn2gdTCnOugU9g_FmknA--Xat<&Sf7a~uue7$Q{qm=9lKcnnw2vp6CY*&{@tl_>0^&iQFys?q}RTlmkXyAoqDtOac-5oK*gl&?jjbgBW{e3 z*Jf0xd(L|v%=7Kwh2&?Zrz@)c<_BLn+QYC>StWdJMe*TupY1)Tr?8ZLUFVm*d0jxr z)xOhiZek}IH})jD=H6x%Z0Tp2_qB83g78z5d%``Fvv{me^YmX|TXv~?WA~(;TnC;= z%=l38AmG|2_v12hY+7FmO?ppF{jy>nr}w0)vcK8cMzSs~&DDL!MU@Zv_!!BQs|4$w zbWJU?J-J$J<3``Z66gJ+l$l+_oqImEH(!pt_vye)^%Zf=vp&X4y*&HSH{q~~Yse>y z$7^e?3t4v`d-OO%_tK91j(H3hZ5)^Sq`MevO={n;!M?Ys6pLF}x_j61cKrf+)Ol+m(LgKbmUJ|Fq-C zCY~v8duDz9EW>8bcQ?!G_$pf)HFf@u9p2?q{mW*xqn|#+uTMQ*-a|9tn>v zEPf>4zTH!H?q!Lx=EDV757)T-&@KLOIwCjdsQ0nnPpA3wwr>2e|B>tTuBCE%5oo(&W7`YQYiY5`6L8>7&}L7m)>$(v(6pZSxayim@n2sQ@JIbz^O)m> z)0f8;U)_xtpRMlwxV^Pb?T^y7Sm(nESqZ1 zZ*=$ism}4}!Bf}Wx)+~^FIQdoDR1WQ$cp9Od%f$0f7oevClwYo*%jXJ`WD}OpKpJf z{Vh+u=O4aJ)777(@cFpFjd0tKG5oFdY4?S*YuZu=__$}XUTJdwvmdAlL?%W^tACTYlzRf1E`oZ6*WA}99 zY>w!yTg@r-SZAD{JUtMc-F=&_eUmC zYXtrC^`7=y81Z~r_Q&||!V(RW?%DBzu`##3Wz>}uHEzhRHa)2|X|d_)n~T#IzTRaW zU6b*{_V3E_C6&USj9t~0!js&ie$My$5nT9T|FNL+smtHWWqTxYALf~N_2qpw`^@N! z(w$qntHX9&UYC0J*{Z*1=9H}4{J6U!*}d!X(Xt1UdNHg&i;tE%URvut*EV_QoP{?Y z*l;d;Jzrp*Ufvgdqig@pem}6v>%m{GeS3eq{JZj>f&Huc{72>u`))6Dc%1tt@Cobl zY03*9?^W-rvwJz8+h)H&reXhlxkA^YRqUZb;OOSj^evp#h5-*kQ~-l?Nk8qaql+NpfYL^f5!lNK-I=Ki)iH;;4s>_hwXvMaxe z*za|<{JEELU6<%{i+juZ_ZM5`W%)f{_s9K5>7qa3A2wXu@?+mg9nbx5Ic7(2ee#$6 zVg88yAb-1gy~rN@N2}*%apzb^KG>msUw&%2oc+i4W13$i7kmhB{TA)kVqnA&Q&qa& z@I(6B>D3Qyjq+J*fqoKM z57Ljw=6Szo|54>#d#O;^dAsHLtn-)tv1A&%T#Cx@RJP|@-P84Z%__dNs#=qM9<7d! zcKIfMbNRPj7yd*p?`1wZZP}%FDi2TmjN5A`FZZJ8wBEw>r0*N$WEV*uSU;uyq2nKq z4^#hCZEyMVe9CIJ-xe}|wfBEuKdMnDS+VWzKBW`4qWtVHCCsT=QYRBO<3@1Po)nQ) zr_-wMx7aDxC|t`+*>XM2s-|(nqSOO3Vi3{Mmf1Ng1z} zUG1IEP%*34Jfz?6qfGjV^q(mHaAO2j+ScJ`aV02AJKsypC9=xZEJVQb=&2G)dyc4URu5W;P1Ivw{8h8&;KOAT40^D z*H3!&*Q%me$+H^nGkzUDzMrXv|8YI{`NGAn+|zxJmi08p>;1U?t-6iTcFwoip%Rau ztS|mi`7yG_zGB}jy?dE19r4HuFVgz9 zJmWuuh)uw+4^96r=%o21PM1mB^xpJ##-Ea3Yo~PA7RuP`Xcad{+X-Jcl^1%sefqC| z6M5{S-})?*HvP1tdzT-UV=Ge0-@X*Ygc-ts4S)sJ1VUa!;* zPW^Cdn82Er&A;$w#V76m3|l>AjLhT$Z+wou*8b@ATB)1&G$;ML@%Om;gv<+*ubKr# z#jN~Le^C6IoZ6lZ*8)s}oj=WFm;95(-?>lVqkUVWRYKTt$uhFSbzHOlBnR?8(G|Imv_lvBl-%^V^s}FI# zwp01B{&4xO)Q$^VuGYGR@cfA19dm7Re)%fR%U{(K3zZXi%GWzdv|L+r?d|cP{kPXD zg$dkASn)9X`TASwkNz#qeAIGL<-?cqY2AD;|D3z)F8XEK<`1Xxd7}0$Ulr5akh-aY zX`kJXd;jErG(XlpVGPZv(r>tB_*?a=d(=7a5_-MU&#BJ-$@82Hz-bpB1Gvmq3$!61BFYa`{6VA2bRP&B$w?e1% z&kSHu=kWx!l^>qYHMmJ7{jBw^OIQ8X)ACC* zVo%)v(B!@7&Z(L!J{rnfc{e31D<85?x$;M2qQ8dlkz!%yvt_evAIeEiyB;t_sP56^ zYkSVgs{MA~vAtE*Iz1p{Z5b!;l?|#J)eRpA*>{AfpV?}X_pB+RBX{4;r+Ei|c6@oZ z;cdxH`QV*16D%i8ns;bd^+X-3@o|RYr6BASFHW=zGThe%!5k1?zbCNvP*v6g=Ebdsh3Yd^S06yyenXZ_((d+wMvW@BX~HsKPz+>QnKm8rS5)OS`nS z`!{A39A0r`A?Ne*n5wJ0=L=<;@k(sn5wKXo^?fLh%i9I--WBeeH?wwm#^t>ELdObL z)n-dw_|Y87?0+TK?M&|t3Dav8o2=8XJ=`^~_F~M0bKRG_`eV2Eoie%l=GcpqFBWgj zms;oSJLlcvW$UIEOuMk+*2$CaG<~KQMs6_NGSTRR!%LsNd$M1D(J^bQ;rS+d;Z^yr zy2hm{$=L-4dyAtFZj`I6-T3a>-K*1!Q-mznwI5!YzarXm={>~<$?6|h$yv>ke4BVp zY1^lp(i>iB?dyE>I=j}5Q~yd!k-4aB_CkMOug#MTOkZdJXW;(PIZfk+wjEo2N6OWB zxjXJ_+(lL`@R(S0I(GRn$uHffqqE;?R5o_}{1_9vbW7Bd&qoTD3R`B)IJuTlr7&z( z?bUOua-A6V2zk8ry>7DBNOP9K!W8Cd%&)_5ad(!kWZiloUgyD_i;r$|2>bU(_Il?^ zryk9fyrm;`<+H!Qt*o^riJtZ4v(7i&`gY8DiedAGd0($(nN92Kwz(ufdxDm(k?588 zynBy0tanjbC8}q>@m%EXn4iXem&NjS_ZEFOn|!ibbBBCMisAdX#*fU0uiukw6wY9J z+;KCzd*9Ys+U4%*1)`Vz93}3?9KZPG#nxQkefOkKIUl=q>1vH>x|p=jl&Q=;Ussw~ zGxP3ddsQX1VWUqp2Y2#@wX#k>y{jU&G#%4W>$lhAw0*hjc)PCZCh=)O>pm0&lrHw} zeZDg~y#HBp>#u8Tzs;;)a^ToI!MQsmY{KF$cHNrev&-bt;Pdi3??UBPv^%VjHLzN~%e_c$}+`1QQ^3HwSUUmxSYwmJMr)!CNz zlc)Ke?=9W4&-<8Nwm@xGPn*;2Dc5uOw05^%+q@{dTXo;whhMGRB(J)r#Mkg$wsB3m z{*Q03XJq9k{(JJRag!nrPuBXUw6NiB=4R=;+5wX|9Um-w@He|+#?st=+pB+c*Zs&U z&R-jGQdskG)!)orwMUj2$v8~L-8XZ!r;?1I;pMk`_HR0zcPhNeH?&sj=4SC3 z49pAH?ksuvZtd*g4bwN?m#e;(`gHBxP3(JG8eSjf>dX-A@;H38Mwj`vapbMGoFezY zn62lg*E3Ig-O9dj-L=SPtr7>GM$3GTye|LpRPub*y}K`WCtN&pJN7*D!<_+DA&p0t zR~bmW$&USFE3@s*V_A!XFS7aGow#MlshnCr-_#{`q2yxy&&zCAST7)5w26d`jPUdB<+B3_fwx>+MrxZN9~8-9$>=e&5x0U6tmt zUhA=r0dMHUtDHGsO^qbYD|2o>DP4A!(bD3)?SBR-A?`c5TTf{ytJ`hOP>6Avex+|hjH>ZAvAcCeHvt@eC6_cj|_w#yo47X}UGuScB? zdH61$cu*Kr(A~htAJyA^hRX~`KiHzd9v(f+ zWggE^TXgyDK?&_X!{}ML3l4lSJ*~XX(39uVmj@PU=k2DhlwIQJ$&wIqAxcUA)MAsD zWs4@cZ?m^*>E0;gwV*6!8A2LzHB|2l=81@*BV_vGr{1|s%wrSC1Hlkr-cd6 zc|7a#$(Jv)=fATXv_QNb}|0?fiui*S0?k*WS-=``Yb> z(PZWQQDv&9j^4Olu3B%kIgju1al5Z!oSv4Uzpi%7R`?t$npm9S{p|7Nz>_w9JDyCi zz7ljsSfMy1?|og6yTq&P2)AcKQ#(tw8)bCf99UV2^v zOPrZ+I+~veXMa6!>$7`G`zDnY>m2ztDZA9~#AUwOQ*ZLEUCWu8xxJwBSoXZDUsL*v zyL*`5Us{

(!b~hbA?hsFa^uG*9hg&WGu3Aq;{I#!*gYwywcbIUnhZ2r6##bPP>y zJ6rHi`6I(5W9ih{GTW-=W$~6DnV{41bMB9I^2h2lqfIK~-Y02FCf?c}xbxYgkJEhB za_Uo0KVsLMqg@`iXkDfq^JSB}ao4_Wx^@?G!lb_&hk^ZM6c z?JIk9KdfATGkw+>ukZ;!j+@-N@Nwtg#XGOO{Ix~wmQCQ#orMx7MB~p~+1lftD*RTR z{pq^NhyOG1+{y^E{Jewl)?Vqu^}KI#-dvTs>nvb-wCK~TQn!V`C$9K`LJ4!t~NxR>gJ8at6xJaPM&l50z8}NIf$;g$G`LT?)8H^?M!Loy&DErrLa*w`k|<>aB$vVN$DA>5Rz<{zXFfvK^S%gYE63gXF@NHx1*I!n7EVa~yyeT974JBbB%9@)gmyf4;Ldwc zb-_7GTsA#LRUmz@tI?LOg_AR7i?lML!hg0IR6e+J>9|V6$sIfsIF{G)yj?lvgTF|% z>g1xyQ|10#i@mz1>&+$}eIKrSlazOE>tlQn;+xO%u=h|x-=T%44n4J8S+Y~5bC!st z+}7DEGq2l)Oca=;$lUcR>RiC3ErN}$$8BF*y}IeONsHm$RP&vDFCIU?w2=L2v&5@; zUuPCCuk>x(mN)Zg+4>aG6RDC%gLiG{b5%|_zhil!({o9ipjFHwtPV0=E3R$IIT^RN zw=_7@kh?)}TUpXw!_akKjykzG+dPm7_Ij#mG3V5+_USpDJ?rhJv>y&DQY?`+n^)F# zd;jKW@3e}?Ec2G{4et^6*U{#Au+80Ty70QW;mH~qhfGp@ge=bnRj0T1J)Zm~yY_9F zjOK&&7ORYII!iuzQuS!_lPfPmy##U{uROlCMR%+C7DkUdR?PF)hD>?O;x2jA<}Ncbh`V)l(S%sVEQKGpZyiBIV@)U?uifjMQXS|Oq;pveueRojalJ`ojulF?B_ImeSG8kdHb_&+Y4vP z3$Od*Sz9c6Cj1*$^1PePmC2X;=6f|CzNI!ZTlZSG@!q{hg5K&29#mTNWBsaIKkOfh ztRvuESfdwaIq7RSB) zcuV@Bh?)bUrFC z^2h1d@{aVgTf_>ZqmD{FW^@mZ4Q}2kc;)%CoqL-iRYN%nDrAo)+I+9dTQ9dZ?Rk}* zgY4hcl}bDJcdk{Go^QeOi|hE6w<%lHB%_7W_gC#u&1RnLzN*6e*mm)4g>kV=T#u`n zqgOua-o3h6>Qu#pgs-BH|8ZSk_cot*?xl?_6X!_1d!u(VFEL_q>Sq}ihUe-w;i6Si zX5|kJVSILR3=>w@iXF67}-w3NHC#=h-8!xsO; z{;k0ki})ofj@>$acI&K+y4xDg-}#wswXVPA{MdZ-9?M7jj(2+umqees71#60+EQL2 zRAqwom-R>edqCQ|>g<24j`%peOYGs}>}Op!Z4T|;rkD^}^*&)eR@`}sf5bGPYw{zblZ|A#HAd#>d@*mkL=b4qkd z?{$^`4CS(`^#i8+?D%jcD&>>l#%8zG{~2^X-s)%nu|4AQAJ1hr(*tMZth?qB+9~~^ z_-yS_9vy=#I}^6qB`vKCDW7a=ll)=zk$>#hF8j~ByDYS4qavUCGHtEX5!*V?%`8pd zmQ(vum?iwmKBc=Z=Y&w#NPO7HnR9ed5fMpQ-$3?ng~`6X#qpW2?{Y6+h33H)#2~{mY)+p_{zFN5JWb zmkjgkfHmO-cTSboI$5S=Y?NjwytZ<&$=!4P2mdMhbG*K`Pv?W#?sAchr|PbB9APRx zDEjN@Zz?V~xEZTZ$oBy=qzpmf5mo4$GKHv6F`6GY(*7z-( zBbQ8cdEMUIuF@Po_dfH|Yk!gDdc`0R~(_3vl9?AhaMo4)z3h&jRL z`7$(@ck#-XzruDGE;Tkvkbh+Hgg@)#^*=79yLSe%Ogy?SsG^y`Gl;Y;0#T(dKDmT{hiL9k2~)4fL6=H)7piVC@-%8V zTzKAY-q-mnDw>0?3AycP6X9_@#60g$sFa(g;`FMuN46W?({2s=x8Jzx*-WwZo4(BS znrC2Mem0=mtUA1Oe)88_$M**B-Lp^VcydniwCr|nss25D1;!zEA?Iejj=!`;;ZofF z70GhRu0K0}B`+=C&%aN|zHd#^)g_g#dk^q#Z4Whh-!y;Iyya!>N9qN0rq{H8H@j5a z_&VOLqWZAdF0d029md5f&G>kqmgJL;g(nr=tDa3+SMD??p)2o%Y}2+d z(~}afL!-W*o3O*-bmNJCa$9wuo_Y7cQRwY4iRO@t5AL1nsl6_nCAca~PEyvV(6zzO zkJaVrkqQm>D(- z_1UNIfA1u3SYY80A-C6V>Wo>@uI%rPW7VOni*9qIFwfh$EIMkMis9p1%e%eYRc1;zPn;#< ztIQU;-8I8&pQWftfL7y{ud*6#1{>c5-tN&&^s`ryk0uB{@sH&4E_>L}ZVg6b<9S0}7ZySOJM($l&*$h{z3-R5fQIYU1; zt^L85mTc7)yA+dN%{5E%(~aI$UE99q{%2^7+-mstahLAGy;g14W*f^z-`bX=s#y2U zNSo@}uG;+L+U}tjTLG@GZV}xu^C+?W(^^PclDQdFAq4 zS=BX9-9nzNkFxmpUG#j^y%YSpM>B5SGd5@68g3+d_Qn#QWcjGgIR_n6EKH|nmsD*$ z8{PC+<+Dqf>YJQfF=lt(om^db_k*M4nvA?t>GrMBZ7<9%RvCA1TsC<}Qs|ENVQb!d z6rcb3Y}2E%#3iwT+$Zv3Ep|D$gTLwg}DdJdfv)}1iLxhnlnFYs$;69 z$)m1tmCr7vF0Yf-Dt@iLR(f?oK#W{=S}Mz=yZe8A^?N37=y~GXs;C)0&!25CRy_an zbwFjz#5vdI9$maq%j#GbpU$xY#z&GfGWi$xi0aYm+7(4-$8`El!KKd>MIN?4Cys z&voy@tlfSUwyTYP-F1?mzBFg%v(Uv0&tyx*_U+I5mA5u)(xJyZJ!~B7o9lD?Zx#pq zh+Tj7@qY&X1ANm9?h4kuv@PzN`ir$Rf7+=&ZRTTfq8Dp27sULCkKWvuk=8loXZIZ8 z2^?z|1|6RmHeY+^Pv=ZwZ;9LoD`kB>CcHiOqTTB&|1JG*_1EioE1p$ntZja|+3tm^ z+_N3>Z@xtw5z$3{$K8i-ox3sZmuV%# z&xp_QHm5TTKl6N3=*r!6GS%wNZOgFUO=cgxPCQ)My4?D%d~)XXq;HP4dk@W7VPl$; z`D-$(fiI_}h5p~{C-3?HBz>%JudmE6OO@eW=Ue4}`2H;|TVK}Y9pa~E&X$>H7|v;t zQ&F*J`Aoau`#R4iv9ej3FP4v+x{`O>yidm*Z~f%mwL_Nq=(ljQrfBac6H0F_Uz(R$ zwg0yN%;y3D1;$595ACu`7oHlje6{=1vyUXdNB><^{M5atp+X_--_ljLvwl_Vyqp#u z>hsWFY0qodk8Jbn^RDfhl>C&7H@hP1k*(4*?+P_FHCf&gr}FgPu;%WxZ~c$BS1WtWTewo4s&j<6qd|Y#0=22Swlvy`Do_R(ck4kOh zwLg&&GR;zLtBH2Edc(ndqbEf-Z4F~~c&|-6d}i}b#*Lqus)9>6^mUe{%yMpWC}Z37 zEcMu|BD3hD_iujpO_eg~dq0oeFFWefuWz{~p80GkHWOHroimr7UoF3R2YdhQy?HTP zs#17&)iki5;g8zk^~_ZB)>D6;S5jBc-s}!wb(%Bb-qiXdX2!3?-Y8F<+Fi3W%T_w< z;<|{#xkc*@EfVj|U0Kn0-=nPSnYp^Wnz-rKua;NBl}&2Qb4}ak=`Netsr=s5?y>9T z{CAIc%+q~leEizt3tvmFzVSW0n#sPUe{JZly&qHeUgEYk{Zw9j-s0JknfgV?J$VXd z%syWvTES&~S^44?*9oz=Z{|#vuNJxSG;DK-`u8Qp^P}4I-?^^BxHGP)2ycIjCBtMW6n7!)GWASl{Q~&VnND=@tnyqG{8aSqS=ALiig${# ztwS&8<#)`oey@3TUtZOfYpHABdKmre?cW=@EtfUT-`efXhh=R3lJEUJ7WCRz)q9=% zE&AFkU#zC@v1#(#B zsB7Ql!sbN^=hsLby1F%^Wp=83pT@qni!p0*UY*W6vBpB;eBIZxS=Ss>v`wD#S>#+h z`)@Df_D@q1TEDETs&&)e$-DMUZbL;@uU?hll$~X&uJkdl6!)@RxBJcaR{kgto9!`!WA?iZ7U!!TOny4?TZPrV zYgY49D!k(|-h??7$?#N%*Dt6z?a}UgY`Im9%|C!dX9zrydNblKS{I_^5lp&WTTR+HBdcZJVcPF(>%&v5Z?gKdxK3 z;{M)`I~C_VX}l1eS5v&=xcM}_^A5%HzMik$XVS6n!cG~fQ&&tg9tUgWY|B0~<=wgb z6-VbT|D(SBdXZ@L=L3)DX=i(W%-FhJsIu`%s*LcZJvG^v_B@^PpzLgRrq!F(Vk&dH z^&PY&ja{d^X(wO#I$tWrY|d$!gOSshWj9{=np!!_^R`Zv;E$`-XT74g@m!jCTp_fd z|K+BvUtLGP6`k@p9TN9kPiao((Yf~ztmi#zGAZl(wlz!mCu}c_Tl$T$lxx``g9_%Q z$rW-EZ*>(nY;S4q_j;w1Q1Nb>rRPCqnNTP8vq@PuO?vJ5UKAeWh;H(b_>*0x9U-{w z$l|BZ)n>BJS;`nHUG}kS)~S0Bmn9kYJ^5$)GN9|J&CSqj2U=BX7x@^x$c3m{s?^J={2J zcgE7kI-7WRzRBpivctFQR)~;Z#FPHGt6{$nfBSS;X#(GqV_CQEN4J+IH_nmjs?9oe ziFuliD!||pU&Qy+dr%K@;ctqeUcwl92qCipFZch@wVgH8Pig;)js7_D10ak z-}2Y>(a)B($1Klgp3GgAea-!Qy`6>a=LoB|sVg#lJJVPTXDwYYC)nM4NkyA?<-tm6 zmQTjlcKKQ#`Ot3QtH^c#-g>?EfP}f+cGXf_#XHtLR7iPJb*0*^N7mxT?T^ckNcRg? zOnP@Ya`%yoPbM9IFPDAVGj;(*2{Xn+-;eUp{^ed0I*Ka@ zevQwDe{V&0B)=+*=lo;&!>2T#W!;|ZOH=3Byp=z--?{$5^hvjWSU|sb(7Fk(-GN!ORu*4QNC!VlJ|#LcGr%z_J z>+H>rKf3)}K;|dU+8Vo1ox1$BHRkL8-Kx|4q5knxZn4kRd%pH>-7Irsp2`|G8OG0k z{9)@;Kfg)4?dJ1qnP#o*u!52j{c>XUILz&M*5%e{Z+nM-fBzN%w?AHomI( zbxr@k`djlK&407-vDpXqBUk6H35(bH`SVt|#dFio5j>|kJLhcp(Rwn-zVp@NqOL89 zZ#92kwA=V2@#AFI-P{lDJHKiDwhNtkoki;GkFU88*9*VcoUxC^u_gC(^U2rVD;z(} zf4r|_pTUpn)wgfQo|yflF($ci{mei4AKM?>ALj22jJR2m{q|Pv*89^dpFW*A-NL@j za8~hD18M>CVL!*B@|_2gN6Nm_##H9Id^)E^MWfx%b5-iJj_;@AU$D_k%vvP5R)zW97|>v%c)ibeg}VC3w28sY#%Fs`wG@ zT(4uX+8$d3Y;TG7xgHal^-*8u5AXHdnwY#TyqVKp?yF1*s(QA~Mmu|5jpdcZomcbb zg&Hwj@Tz;hx6ID$a-GVp8}c$gxDH8wH+*mQ*PGw#`TXCp^7ph&QZ=+^$O&BBr|GE^ z<@&u-R+*V!c|A+Gr}^Rf7CDKw*zBWbALCCPHp+7-y7NW!Xoc~&GutOU^5?G!`{7u- z^vv37jO7+_qRbscYvVpdQSlsN#$KZ3uL}L+Zh@oYnt{o_7_X0=e*i= z|IYV*pnS1B@v(I{4@oGj^;ghMCjVm%v-Z}VV z;bZx(dj6V(Jod)q$$kf<7fM<@pLMpczOjBw&f!CKCYQprf6h*cOT2a9x70WLj_}i! ziw>^tb~e#k;4A6#G2ZOoC2@Hk8bx&`|un%sGJ-e%Uf z4~C`7mP*{Ll+gOK?)Zyqtsk=w*BRe^csApMaeMNwYwTU&v6r@3&wi^M%65-UO=sSn z>$5B3?%ISdhC`NO~G1_w+{*)z4~q-3Axw>9?S zf5h#%6SrTeab4D|d(39`hP|&kKa_Xo=*F?^E^B=JwD{7p;3EOk-^ZTn`I6Rtc)#Qy zyQ_cvD|73Y9~V9IDPecLz&Y(zn|9?l$(grq)ey@S4o=(@VBvGUyMo(k!>%6<*S446 z3tqFhP+j)*OaHDoi4Xr7y6Z%H`K+(rmti=nX{q6`K3VISQ%Q8*S^k-t!aw%b$fpW^ z)SbN9>4Am8_O;Fr;&1gGKOi+pXV&bk9r?4&>YDa+AK1Q6=fl2v|0F(g*}k3d$Wle+ zLD`BL?+@2~K5|QbIeomp-kS5}D{ZNtcV5OGS(h@kf6+gUiq8-CzZGQN6VJW)?yAT7 zTMFFwR<^BQ@W)}(zWE2He_SG-EB^z~g%eMU3_o&l0by62qG7dlNh)KVuWqmjl&Q7M~k-ENlv?^DJOfBK~lHt#Z>86y^DTswef$Xw|3>(2dh_C^Ru1E7pPgH z@BB9MKLb~;jeGtBOQnylFSqWPy8Wo|9Kp9|tESCd7jt;ktFU>Bo8y(w*hP!JFg}{} zC+WkitT?Iem`e$kER35MuV_FnlXw{3DZ|E)Z4jst!b&u3lu zk(d8Z?1x=#@Db0A@6;IF{SeEXx!CD$+7PtDGId@25$~n16-{4jCmS+Iwpk_Z?q1KK zH}k`_$1ax}rY?4J(>_1BR+{iwV%^~*x9Xb| zuBKf#)n0M`^z>pi_qDlN)7qN$@40yNPv*xhv#uY0TNl0D?4#<=h&dm7nw#Ti8OHx; zKXgxL`mt@{EzTnMeD^ed(wnVbpnPfHum229jWwYkc>51{_u3!2ymaGE?r$?a4=V4| z{&fFPo%u)hBlr8P!rQj2Ilkm@RfjVB`#*Q)AKTj}x7_N+Oy4&X*N85tTk`LC*+u|K7^HG*nK0-^bQfo-5u8&I{g_bt%a0;?%7Me{4VY9eeHH@+!b~?*#^rC55wI z?+ILC^GhUZ>%O~_jxeUakE{JCevos4XTFKR#;^&Rk6*|BF`IDs!@qm?QdENkoMvsU zj%ZI`rPP!i{nqSMv092_tHj#BcAk%e%S59L3Vy!Yn>}k!s#WdWYjg9rpGt_&cx4>* zZF|toSN$yK>duzR)wOiZco*f|-*F}DyV%QVy^pl!d@)t2s(stv@??jNM~tZ4V$<&W zrN>1tHgWcOp37c)z2B>IepSQ4>Tun^y|pO~@vGaN4`hAO+_KZ8*SqNc&(jhoL>nJn+jmVU zc4DjYgj!b@B@6H1xqEjxYWWu`7B#oZw&uR7TD#~+PHqm<4DSB5MV}8A&)4|-_^|M; zT}LkFl*a0Dhvc4HAeLZt-6cWD!gcfPz|TwF3zTfLJl@JZGCgz2NSgd2nv-#u1m$7zxrK2O+GR=kV6kpo$HYqYH_nBT*-cgIyhDT$LY4GWrF^Z> z#rELyOZqrVGu9rwD|zV3_o%`T|Mp6`H_AN8sjuojc&ldC(leJN-4yfw`es!8mDA-C z*E-}Kc1Ql!l#+1StsBq(asDW>Yk5bo*AB_HYX$+2SFQ{CD)j2vKz2 z#Vxc>KD1$tEc^MLO`hLVn2+XjW(38oI{Mq!&fQ7OM*n+n_%^rgS0+rHarlw{Quo@m zS=%1wDmrerc)VBGvy^wSWbO?!t49AB-XWPvPV zyR{#uFI)PdAVs%L_GtKZ{k3{)9fHa?o;>;M%H7VjK6?wrDkKiwU@2KAd}Q0M-aWn+ zL1DXhE}UktT0z0w=ey{sKM7YJfA}_Uq5|tZo40FU?pDmYJMr1CzTLX54Nt4)nQ8a8*K2iehRC_Il&p7anc4HOdhW4>zpwmfaGz38 zT^y3MbBBZbEfKKW(cjdjbddncy7 zKhnFHf2;0hqbAF>x!T9BRefD|WNu~r?)hsI<0{uO-;O;ZCn+x7p7rec1yfrg|F^b$ zZmIHSBHvc~E;dhIy>ok$_w+M0CCc(qhpyYmFNtfLr}53sYJJ_7zv_?7W>+#q&-kb{ zcT@9?U)N^tytLK2JllIh;W^u^9F>_TGVEl1mA-i{*(Yt-=5Ajhwe(Sc+pMxBhratx zEt|wW#ny85Jk3k`s+~_Z%xpZqwpeVR)zun>dvVJaxv29j+uAczPw&{4daha0;X5}> z@Ks5EH~HGm>buTSmrBhp=WUS;&JW{0T3)65WuNv2tNU%HMhiWR4)x9n6Ys1EUy~Vi zaQmL^p3aQTN}sY_QfBY%FySrGFgsom$*wG`we@?)(v51T-pou+JM`|AX7tgbXyHP& ziPFYJW;{s?cI3(*E$b~7uALY0qa^vtwY)bMcZrPw^SI?-mVz~#R*Ek5#e z`h@d4$}CoQ?L6~Et8(>cm4%b)5_H6U#QI2<+@67VFIl--G7q@k8sj}Fq(3XVu1k0H3tEN{+D{N=E zHc^mqLeBH+TU{<`O3M7r_$+2-xIrZ(C*+I0*F|M>#Win4=9E90@IWEY<9x8wgC-** zYvI82iiW(+%cB;SD5eK0@>GRp&NFc{{KRfkwshvn{E7dzs&y}l{m~!O?6fg?S2@F+ zvPIuiwdbyX^ZvuP{|v|OsrmY4aJlCEjD7sHFh1->m5)`86UX9XY=$?&H9zDZ)O@g) zPrF`2ON4=U&$GQux9%E0%Ttltu`X-!ZtEApPEj|`99Ocv^EoPPR&dU}jgPx#T@7^z zur+Lq5<3y`M!nA}%sjosW6Nuw?V59v)wZowikO}ez`t_Yja$bodBe8NZP^lQ!4k5y z=<$wx7YQS#!q9u^<%eauyqEPUHr(C0VsWx^x+&|Oy=eV#KV{eSd^F z6~a9i-ddsLR(Ds^wpVlYtPO@-7Ax-sY?!03khZ8-(rBl|a^ocC^9o_QS^1*LLjPU` z79IQ{@jm9=`Wn&G>H9@jKa%wf**t-@VAsDL%Yr6u7wOKqx^?Gg)l(GD;})+JiX+RlA_a!&fzDB(Gi{Jjory2{1dxZkQd z*&#Rg@EPQWx>wAa7Zhb93?&nJj>Wn^G-@Ii!Z$Wai|Fs&&ue7gVi+$%4M#JZC(3!ZRCt6tG=EM zy<)1l{&7XgY`2~B8&*o5%l3BoVf=W%WX|p>Tet2!K2z-eY`dwOJSDEI)$O;rw$=Ld z$yrNGe!-$! z5fe}S`!e;()~a{S4o z`-Y9?gWKF1Eb*xfxyPBdnylwpy2r7LdCTXc`7gf(zPYjTXINfp@Ulsokw5ZI-Orim zw1hEAjZs{?@pxjm?wV~!F6I16o4EEnU&z-Lrkh+%w@(T?nY(DhF#)61$+G-wbB`D)t4l@E%|Re_;{^DaM|orJ;Jkcylf6D_hmk

PvnC3WjkjlS-k#MJJdzOCCI ztYb6 z58I5a!t>?Zg*fh+Hs}RQ9*t=BY0#f`k>@SbDswAQi-_lI|7i1s?N1KnTRfrgY{d2t zU&KyvG%Na5ie8A0sN@QDXZaPpWRs5J>#)g2Q^K9+?cN~lb^ZyDfCbY|f3XU)>k(Tj zqFC8C9yfh)`6kEpiIL@H)1IFA^t;fpzsEe3&^vp(KGtdw_Brmj>+ z{OG>Vzpv?TIrHIN_qzqpmWWG-t6aFbB=X|TR}W{bInI5ILq6(~XUOqqDhHZhU)!$u`s;+c|u z$m4&0sfG5U7@zW<^g@=anE^}%%O&1N1s(C!X>Y!@>a2ifljYgi35$iL-m=}9dh%_^ zJx%V9pXQyOb#vO~Cn|l#T?=(LhFb;|I&D}gtoP0QQ%_w))uM}cj`F3(E|yTQr;pHh&+vFRL?cUPKC8NIbsQn$r7o zX5Wib4&RSvy_m|D>;#;mP zI=_6G-62Mmyc6HnZK{=weiu>0Z9NU;O z^;K>5!uftZ?=={i-#y#(&Sbrs(&I^cK4qC2REd}yNKZ;CvXZ+h6Ye!Bf0DwJGSj5! zN|w|Q48KAxk8m8>VBNmdWzj98BAeHbp0(^U+sNL%=FY-$riUSgJ@c~Lek^^oS335B zxLcD%-0So1`pRW;O?#&wpOtvMMzuU|p*e@&p>Uh)r)EugK`Ar-Yt_Q1O-PsUIF6+ST6uRsPNCSO=lxOs0t^k7s?}E99}rAvH;4 z;`P1d^Z9CgYSh=r7W+@vS)w0z@6f6xIlU`S&&c^TZ}H;0djvCif3NJ?z3cJ9V-73+ z_}mITI;U#M&%W^d3FZvfm)E#_h+F#jeDkg4N9S`KTe#(GaN*PCjGZ>gA6C@qX8dPh z-c$Hn_{H^m0@p=;d^+~ey4UMwU3kTnPYva4J01s5oxL?iS@~GB7<`3WMd(ZH<&JsLZ^?X(Do$y=x`Tr;{%(53O<^G!;Wq9n{#!APE(}E}0 zpU=NpeJskq#U?bt^!609+)AMhljp3=`n}%iqj>8c&)?p$73m%yW9$?9{n~ug%rtLL z``I367|%S*b>)_e?=GyGlT$6XZl&y&YvF>7nM!3?k+y3eQ@c(G`-DSG(JnIZo&M2LghntS8e_nq_zU!at&JXt8Pd;qA&sx6aezwx~ z^UCv<{JMT%|A#>So1Y)edcFL}wp|uo7c!r|JMH>MUA_K4L)^Z@?HldG=4)5a+3`wm ztt@|s%O(>A_i2(UD`l>F|89@o@h((imHVgMe{xy8$^pA3nQxmGa4%$ySm-~+$!D!9 zRVG~uYYPjzeSvSe=`SYFwfwWL>3rXRbNeHeTOr#5@5RTsi)>QZnGw&PVEJs{u8-S~ z$}|1D7|*w5KYPXdqg7wOwP%-{O`j2-XMu3n5BUfDT{d>5vvt)YcVtX^^fqx? z4F8n$^`^fpfAeSE=ec}%*71Y=-Bl?}yy9nee%SL`?4;i5PnQ35!q27)gzWt-w~Z^j zU)#?4$JyW3Khhsw5wDuxV%j$ClFtdB4U@O87ky}M6nTGlgxW%p$)~5rH0=q0*M2Df z=IjUOkNjugHE%Wb=ZQL5TAy$yJW{}HNx;C{ruZJ%!UZn47T4Q(wo+?N55&VZV8Q$Fu&RId>{5CS1yr_Iq7WmG^bM+TP3Sw^Z+5?P=<< z?n%%lZKt|da&7w#bM`LmZa0y9eEo39qOYzY6*ISsDx|BFFTZ`?clq7fe|~oKPIbI2 z_f^QLOD;_B$ov`2XT4KpCdzmps^=D*;J&v^d3LmHew*I1tEC-ZcW2g}73eN@TAufK z-q&yTZ&ZJmS8RS@->H15boKLHm-HlbHdxmzEWT1D^`qZ+#^ba5X0tjx(_=Hfx9dLx z-|IrvJri%-kqlVQQ`KJ;bd^uYzGjPT{ek}sQZ=0XU3)a^dCzXW<9L3WqgM6G<5ka1 za?NV3zCAiQvB~Ye!ngJ3^na-9zkOc*K|8+v@ILch(_+Qm{+Sv0#D4elHs7m^&{Jviq(h01@AknD0X)KD!fx?I_t_x_o*`KM`Vj~#a;LAo_4`EZQGeNr%Kz3 z6?^O}AI@j|V|-!%LxB%-oNCLBPG+46SGHSjn*P|VvHa2N>|Ak|Efte~y%h@B8)|&6 zcJ=lj?F%dNPCH&MQQ6RXZZ4NfkOsp-=55-WxkYY%+WAiZ=H;jEjeqj4t=lr6{dN59 zdHny*bUivcF`xUHLFG@!uj|j>Z=L>9{+Mjgt!Ii-`;Km(E<59sZ(ZxZtFzoYYl44U zXU(eJduZ>Boo=(tpB}sRSZ>bs=f|72-2VFGdUVNB)6RGMM zdid1y`*m{LKkPsJpMmQ*+qBcgJhOrtj3g@C*JU5E)2@)J=dalA^JC?Mn~SI23Olwr zgZ+;4oH^kOZdCXmE0gD2{G&au<_F86yE(~0-c0;wWA-1(7yA+Jeo?RP+8fcgW+pj> zo&L#jbK~L@lW!gfDp+0oK-5%IDFZ*E5oAl}7TQBFAZ9ZQv z6H~lncdq20?CUkjm0}IsFPt|hE>t$!X2mm)wNPx@x6^BGS9Be^Uwq`XLeS3N%M~79 z+gCmB?R;02pZ=A*F8Uwd%~7M6Tws1Suc^%Sq37E;=ij~+>-{d4gnf8A_tTbramSPw z7RU82s`2PPvQc_%=#&$|I-mGwB-DRh{d|7!!u&mf%C-k8<^_F}+i7#TxqOr5l$?U7 z2(iM=yK6q_pD{j`z5Yj`j@6RMCks^XOl%ZVIQMye)U$WG{-16(MuzM@hSG)*ZI`yGk zvWC`-V;5?(i=y@U|Cn7~bj`+ZszkwKN89@}n=^L+fDp(Ezz&#Coh+V zHQbB7-Ih7cY(j#RPRZ@lvs1QD4wBbqa9VJ>`uU}0wVHZcHAF5NZc{kVlZQ0WItLS3eV~Kdbty5lov;OcSugKTl&&^R< zv34=n;Y(X{O)l&=yI{m{e5q&ZavSXp3z?N??at?Lj0swCKB`xgaoe{;LgjqbNlW`V zqB-~~R)#6|7+v;AVb5bYUKnX!yfSlRRHR5=9wYPe=OKA1y3z|0IAzk7?3>}{e|>Gh zychFly32i?b>%{v=rop+8NEMGq`q}plFME9#W;QPg|3#$Rd3$ijCoQWq~vrneZu40 zdxOGsZ8>9Ae_L(wkWf5mxniDcMqP+>bHe4C>mAcvRL%aJ;tg;5=Xtv%Y<9q$wy$fI z#nPU1sFkR=3D23;xilo`PEXlc@9N^5G%cA_i<4`l-v;*dh&I|Y3(*!cD9u+=Iag$vXq+U z9b<^rsofYbEA7jNU$3&Gl%}bA*zjq4UDM-Cd|?$E>P&VUGmSX6HcqQ z=T)wGW1rTM)Op_Tu2#iiO~v^ZO9dO}n8#gdV4P6zWhL~$Ym%sRc>n8QhoePHcYRx- zB=ev+Y(b}Abgti#PeO`Z#Wm_%;GPr#Wq?dc_nBpk3J&tFyxzqp^+>z5(6gO3@ z^|j>Ud2W-oeBoM4$E)$(teg2+R!heQeFK6G}!M@i)m3iSx z!Tuisb5E!T9}}Nd#q(r)R-bTx@T`ekjMMDBmb_uUkmzwNBZ*1Mb;5&I`6#!Xbhecl zovE1(r;}ElTCh@b^`!m@lS7sjPTDu+;*_bUF1hSJUHV6B?-7TE-&Z&JF6qB6%5sV= z+nHU~XXgU>3cjsTCASQkwxsm0yBv~N7f@s!meHv#S)P3*Y4fv|gpX0dO`d8iPc2v5 zvbQhusAPHAfhX5;uWl=DoR?jcaqg1wzsgm{E~}>uZ0)VgX_*u8|^?rk1K`B=#|y{<1s8kW%sM^w z&X!)DJGIZp)-Ez~zEJE-p`Euv>XP=9)+sg1m?OZMH}!E(_r)tECnQ!~e)-|dy(FbJ zVON`JT$OiQdVyQ`nku&EuVO;mPw=Ke+A(d`z2I zrf;&gs$$Pp#^kWa%`fBTf4Ki`;k7Ld)9f^xpK`X%__Frpl}vft?h_A9?)Y!AzqoA6 z@8~;C97kf0T`;O-?z2z*rSUN|bLHJh3)@;_KP4^UX9tLbTJzt^pII7u0 z?ADs4cQ52uRsFC#Gg{&zkkJkL9wA z40G2!?iqOvvurjfuU{(QoU0e~=%Nf?(W9w~+qQ=pHms^*wOwh#X_u6-uAEV3lAHL3 z`eTcyUK7_^BU2rc#%uP`bKc!edk=>M*<>_|ay8UeUAl2`W6JbrM!9lxr20G_&k@a> zVQ4?q%}gl8U3=cKIVqKbO`F=7wU0-+dA{<_<(aUMU$M;g{8B5|oq``8^n808>hj&N zNzX3$xL3!k{i$VP?pk*W9T%0kzFwJ{a&%Q*!D5zqTf_aYnksASzEKpl3aZc0XlXsw zd@i%IVAJuPDm=!QZL2N>RrOr?`k6EH7JGp$dz8t42Jy^8H&)ijKMHof?=JU(ch}rI z0$0!fnC$MU@;h#JOa5co&A};IbJj21p8L30SI>9$YL+)ycdvJvoOpC^yT-yDHrK^- z3o{F~Zokq|nlXp(=4$hQ5?g!4JoO|e_6Jmj8KwJ56_=ZA&8>Ie*80x()5+EcnlfM4 zX?;H?Hf!sr$lG2kIVOm!d|kQqJ$ICQrqavJyM=a2njST4ES9}@^n~R(<48;Gxf2&! zx+h;rx>|DcTa?S|220bTt0nIZI5rd?e75JeZ`(6b&S$$VzuIc&`)|D7t<5PJZh1~i z=8elr-x90uldd{O&*X^t7@~LWQduI8vurotR;R)h=jCtSndJE3O2D#}sg{}YRbMPc zrn+wQ(zWfXS~rdFrAu?+1O25b_uVBWCYpJ$2iR)6hwm!At5P_r_=42o{nvOl?3m5* z^7ggqhF87B)6%x9_)7kElyp3J{Myc+X|=Z<803t@ww{fR?dYj1?a22z+F)J%<6J_*}4>+I&|=l!nEm2p3FO3(QEtg9QhYl}ToN%_Q@u6<+q zqSUi?+JB1!e3kusn@>2cW6Qo*C;LZ!_Tefi@70P%9*jEfrswO<*l}MrjdlJfq&?$E zo7yS%xEZGJb}jL*`WH2U-C;q{a(1T%;>Lcj z(j5U2IS0-M-dkf+_A>vu$?AXSwD!*W`FYj5L*I{<9K7-AdCBRCZjoNB>dHTQLv~!w zeST_2<8iNB-9C=ua~jXf{=VXNN%y9!;>L6SRkxnmynC*?=Eboy*0(%74;*TYSid6f zrvHW}%fp)MJ(^v^W}n&RP`T!B{-LVSM;0DUJ6}8q6kmDS&vWs_wwHHg@60bgYxd~w zyX5-~oG*A|<{u81%FLWHJycdxVO#VH?_~DnYFj-`N`kUyoSg5y)9e$+!gKCtw2#%P zy_l5wYxkCEPk561=DvQRohG*YzY-9tl} zRmaa39TX`t%ClK<%sO<6Q~kqw;h)G4OTL|DGFfJG?8p1AKi_}M|FHSUeBRRAz4}30CMJekN30k9 zE`InwL(i_Z-lARXJ<*0TI>q(9S$`sb)PA`C$gS&hHWRa?&(GIQVf)|TN z*Mwd3d27^vTwYO;>fZLXdhfNCMo#t##qlL|=j!Ek_Hcf9xpvJO)t$R`)?WOXRsCiC zJQMjF%UwR|_lf1RWs6<+*qoSH$)NJQkGHO^?&$rE#Tilce^lxPN-~noxI5N9V}5?T z&fWCptaK60hkD;FA1r1sezv}Q|JLv$oF+Sa9z_IB>1`2kkNSDvVQc%N_`ZaFA1zZh zO?&C`N$!-t+P(|_8JcGN$UZc&(%JPx=BAyKpJXm*7u@v8c;dZH_Q~^qs9pb~x1Mp^ zX7Rpu0mVKA?Y-TD~maRF(XRcQ_^}xSd`xt*Pe`J4n_kH)fwA*XlcJFzuE^jD#ASe9U z&8=J&cl@_4U9zrfhRlBk;pSy8Pu|ntd9v>8wO#xTe*(X0)R`PLowCNsQTBv{zNEmL&#*qYfse;GGlw@>3uJDr_1A!^6-X9aB=RQCM{ zT>sjC!4K)97mVH9p7KsQd~2Uy^N}jO)k(X`cCxf5{!|HWj=TQbwnpUQ+meTmUstMR z#u~JjJI?y_IZw1jb7x*(M=W{o<5>0NH(gS< zS#s>hd7lsS8nvTdPmGUyQh)qV`f~e+;s3b)sQk$NXzjaaU;A5+37%UzBd&`+$iMyh z;n^k5E+5agq|LBAK5GKo@z-&$KU|LaQToyUfOu8^p|wud{#$FmFrO~9TN2(pGe!8| zwQrL)$F_17Pq^{N*a+$Hni-P2!u+-;mCU^LEW#m^U4@S?+dAln=Ev>c zJEwlRFXCP*uPe0WNxjwe4@N(h2Vb1;@uPbg!-tbCGpin(ex7jjSZS=d@9~WnR^E(R z{y_g0`@s))_a9#0sWENEyX0*d9CYgdzbCcFHSFR=8KWt`nY~e z`k`LE*Ir#Im#_I=oEABy=FkpV@z{%dgdbX0`)WO^)L*RVwRz6Ub!+tWwsP*cvf1NY z%<@b7CF*!0E0!Jm9=-X>pY?i1uY#AcR=jVr)60(M(mPjrxHe;F{H8NU9{gwUIxGjQuFtDzelYiVQ|b4Q;Voa8CNxjx ze9~7P&g)h2>%#6yld7jI6-lg7nRWSKQa(e)=C~_LoqUQn6>nX={zLiE^uyirCHA-H z)p)HIDQXcscW0m7*7M$l*{fa)daA7WuCF0+JUFiYx8DyXYw6!sgeO>E-%_LgcV&sb+>2-LeNStxlQP<& z(Dh}iWs=g)OX4P~!pGLx@%?E2R$9?}ZC%{WC0sLQL{GjB`Z53DKZzfG$=8*4I$AwQ z^>`V#@Z+LSmmf{*RGY}OYEQjgd{61ixa<$xAF{Sy+id&wdDoe2_S4_|jTz?0SA8om zecnE6xop4PQq}Vd-4E4q{b+w!TW9^Bf%R38N%Vo#v=dDGmi-8P)PC_xXQ{ow-DA_c z1ym;Y7_4WVf4ENn()y@+?kpd+M@*9^_GNc|JbrX<*7*oIj_aitGYj=ZPuA}4T)+8H z+LVmdXRe8R9baB|`9H&UkL&qsZS;!{m@au-vijr!yREP5d21r`AD`#C^=iWkw(QiO zyP7A) #6RG(1K6F}eqUjlbwTGn=DxzP{)-wJUt$2J)D*J9l+OyB+w_IL(y-0Y{ z{O6*%p~pieZ(pca%e`MT*K|GiAI}}$(Z@Vv|2az@%f7V7+Wd(5kBaTTo-Nj&&T(hH zxsL5?i66TU&C~t(M^59)m-$BbG`D#Bt||3uF8jtDi1aDV!uc zKX2;6_S1y|D=oEuG0j<*m{~8pcKsUPy+4~J208`&Yb)-ycbe2U*9%-a?wPt{Tl7-a>+6g!T)!=)-tfo%qwwLtb&aL@ z-*yIY3eHGLTX(Pip!GiatSYHj;uCJozVRntj#w`!7-wRpZK2_G-mdB{% z@yd^WbALPUKe9ILKZEba&6Bjtr!3twL)qfr)R+5NYNEH@%4h%a;@y@RZyKMx;{5e( zUH!MDAN~(@)sOsIH~$f*^3=7@wYdu%o_uyc9?w)UFJC(HWgY)+!y})YmhxH8`WfRK zmaDw1X6;S6mEsLLe~h1>T;L$9!qWG{=K8FP@MGWZf0!MY8FlwW+v`FXH;eb-Ngw5p zN1rcdi7l&;noe+;{Sboz3^*b_@ce|?V2d3I@+i)()I6%&4m ztUBqBc?*}n7B<=TDP^JMG0US>y?@NY<5)I+Wb0O9t6^%}6a9$)$XmH;S-Z<_mp-dZ zSUE3f@9HHV*!$N>dB?IkR%bFCka=r*RdhlA$_o|qkIfVRF!hb`tFn)4uQaetC}rBP z^{@QlVy9nE=PkRedg%Sl-OVxY-!eaxb=*3;`gWS$bUxw9hvs};*MDF?V@>+9A4$IT z;U8s;A{`m0CPf<0vkEhuGG|Vdws*{*m;V`>rq+1uogXd7wQX<4S|#b3&N9if9{gu` zF#SIRckVxhx(i}f@0Rla@qU|nPI{qr8*jvahNkA@OMfhWthcye)*{z*?w>iUZl>i` zh`yHp;LFcmk$-5G^N)Sn%Ngc2cpkHS9iKSy*1Sl|?>jHY{G=I<&+q7q^_$;v*-bU_u}*ljxBl?=X~h+Jx4yexQJ$BylS_qV{)*MNdY68= zC$j6B>0T-El%6+SJJt4hdTN@Tv+!M-e8}XkbnMls%9ppeg{tuW&R(-|`$zrer%lqg zCn-%l=9u$nS3cj5h4PLWOD?nc3qE)(dN{jk-sVSd3*Wx+ER;@V%k~P*>kU~~cF$h(Oe&YYk_XUjUSuSs9ZU;5blw(`Pd^ImRmx^vz20e{=J@>?mF zUVWUp(xYx({eY6pXa&XBT~D{((79KvyQHFLJJXg{zobW3W>y~#jEK(&zPaZ{Nsj)d z)vpX^ylM1qdS=Ato)eZjZ(;dz?Inc_Eq@>0+iJp{o$ICfcvc#-v?P}TD<$x+QeMLt=gS?PHvnRwKF$4aDU~^Si6{y+dr<{W1Cx>newu@ z==8jKGgfRpFzwsnq$aIGFhSpw91|q32DD58t{JaZ7VLd*Q+JabKDK zZuak;@Zg=yRqKs52UG$I=Uu(XzF?NsTkq(wOD7xN@z{l~EBeG)dh+qKM}op?cKLy! zZ;oCm-xqrInuwm$|rO=8~qC$E^clrsrGh z+-6;R*{tzsx5c`r8NPF#mrJm&*3`MV?w*a{amVnKOtFGnN2Ioh9dlDXw9RtO?Y7T} zx+awe&U<~~4LV!1IA3@FJ@I>2W_GVIdNAbb0agHtX!EKbPI84pZ-4zN6V& zbppF zL2b9AXZvM{1()ZXaEy8T;JPB;^xS2y%f)`%mp|X;W}R}SI;^8-?k&p|5BtiqU2pH$ zephz2U3J8)hmVDLU)<2B&AzZF^1*)we#gZ}*JnB$RW^&3J#P9WPI=cf+1z)E6Q{gq zU%xb){mh$8@iTexw_ll0Ix=aUS%IVM>V_X*m&L{_PCLhzuVr8%AN3`=Uhrm?+3n|Z zlz__~h&h@IkjkV?=`!#dDW70 zwUK)N!egFXoh`Yp{T!JUYvT}sb$uhYvR6%m3a@E8~mL^m+kNL_E_WgxQTIH z>)B}ylEC^W75@wPG0_gRF;<~EkDKp<#k_Y-FIg1PPGNIQYUMg zX!sd%tO|&ioLn%a^o8d8(jCI{EFP`WoN{ZU%pu+TCH+y(`LajSG=&RnUs7VmW zFYvGcyWH3EFyq2a+P9xF=t?|q?%JQJKaEkQ_@AlE>UQfQ%lEg|MroEj+!QwLk;mrp z>65FNLe^WZu`RkJGc(Mn{YKc=Eyj1)de1Sfa}ed(;P7qTqzN}y_cf(U7l_Hv5#CW% zzG}Nro^0W)ohuGLIrnjO`aItB&0llU=V@mwk~<>w)~IIf@#L=d;wHzh@BL?mzP@ks zXyGImNzRi@TRjf_YTg)oq(MtqXQ`!xsm%1)fH{-wk1aAcba~>f__F!97n_}g&zi%Z zmG*A`mi)u9xK?GJ-hO+H#HX6F*(dAdEArkS+o!+%qDf0xu+r88$3xH7u6}Tr>Ga_! z8!@TUbyq#ESRAul^IThbF+X3X_?O@MhC-SS(rj$(qAT+=HcnXZ_}Y@q+xuMA^Ekh) zHgsrKoIXK&>bxaN6QZ1srT`TDI!-jih_0<6MnzAwEw&H46Hab0b0lSy6%*4O4uO`aeZw`0u=wVu?@ zCtud}yZ5Gc7brJ+{ffxAaCw2x1O2Rf8(nU0&$HFmIv5(#_jlE+Gf6S;S60iKT=KZY z+h-W6pYLO6)2SfwCTr@w)ixdud8`Rpx2`OeP%e4$dBD9J|L6nNqN~&HC%wWWGd=J9n>bo$YB~E&a(leQBYb;l~%78rljcUto@i zI^Lrn7uI*?{oRHIMVTe%TkolVZ025@7AU)0j?u!j?);Q%dLr8`-g+P1eyjJk?%d6% zKFP55q^0&?R|<{1Nsb)`e!cNeDZ0o z&AdZf*L?Z$*r{))#k!)!(u;VFJ^B6?N$^}dJFQc6bKcD>1(_zVljYAWZoIU? zlg06@vNEk}O0y1WEV|?I^3vv|9f~R%tFKEl{r%+ea&lzV)L*L-3;4ZE`GR_{9F3Ux zI`aDU7B$9mew@qw3*JsmQ<;}-_slJ#XZZxJ3q_mNL$2gUY|yimU>2SBU0@UYO#8|$ zpRBL^+IsiQnv2H;4qB+pII=MSuH7_6CpI~s~WvGqv!{_^Ux=pib zIJ{zg%!he>7Z`;a*!>SJ+`OBgb+^ig?JbYCu$mQaDXM9r?Y#Z0~-p`Ww=hw`NA)o_gZuxy(3G=M(l`<|`&#Xh(2;i%CzmWOOM5xzNw1-rD682Qi`S9Y=gIf|kv9uvmpxi? zU7&I5E!!PyZmvCWdUf-}ORJunyqIIR_aR4=8NZ}L|HGH}cJlfkT$Gg9Ccr53Bz&!Z z`nQ(UJmXs%-)~`%+@|k0W4Z98kgYaN&mZ2{(E4st`W-f}^yZkC+jk3l$eG>R(?4zR zve(X$k$YZnCzSokmfRyNSZ;K*AzVT`SZ(60<;f>+MT$I~IBjiIj7IFC$Mah2t-fTx zZx5T?|23IsuVKuy%^#+Hx?Xy;NyzgF-_==}{Wmvj-TD;M;pf!9H~hiwwtEQ=&$%aF zT4~n0@}=Xx+nfsJCbz4*Z@ACWy>ficghR8!4GYqp^Vc1rKamsEiD5Tv!0sVUJ^K2 z-SU`r)v=TtT$3-)kvjLRkL`_vRb{=tE#orlQxo6zwlNo3Uoo4k-CBG_AZ*?4wI}SA zp6?WS=dT#{s32S}>Nz`0*ZCbuufj7d6?pnTzYNb)&e(MN#Hw87PSLJ(+air;9wHv< z+kVc^co>p&e{>l25b zu$^R{z#2b6;m%Vd{=nCvvF~Qivd(Zb?4J=>t!yrA_Q+z-+6z6CERR2q3|jOlPmTMy z($@9YB4#IT2;M$->(sKNhZnENJ))QGVckDfWZjxGhs`dFop`~U&TZ~yePd4X*-Wud z%Oz(U&GbQ%a4CH4BYXUZTaR6O14j{|15_2`yp&q+FlvLfYc?mC@R(mKO0>#C?&CYF>}8ZO+S`WY}8sUNSM( z_3x@&ZFTF)m)Cawb>hD#7J7^|bKyyin-b+>PZwrP-Bt2^&FkGGMs`M#cdc2MCS;uNY-t%IY#U#CzEpE@ccd4|( zCNTCz)YOgIdE(FbFFe0}`E_Ky%zuV-{f>I(E%h9K(so^Wl+X9$x@LAh z=jq!*Mxq}t$X$JU?bn=*%sefvsS2CEt#|myeyle8k@_KB$FTP4#sUrLSCy}Lw( zX~|oK^sXmUB{k#J_Fdh~`Ya-3O5&s&qDhy0d*sh5IUcxuZA0pwu4l2&lDEid9bLCj z%4gO4o(IouCdS%K@0jxDe87+JN3$|PB=CqW*aY@a`c)u5Q>L0fstnc_$ zwe<3xB^Ouj+UcgwdHutQ^_?cGf1h6KncTSD>f}B(=64US@BE|kAu*zF(6efV@y?@jBp(4Xh`J>47TUxPM0#32%{5v#k<`f^TnfRz)I5iJ8L8hSG@dHbNLQ$nC^6*h;3&+o_wSI9b1nYx`PPcQbJ+b}OarLEjol_sl z<{0h#Eb*%D+~$oY-!3~!pG@sIVXx`8lWpIXzrA}(AH|ERO?>=)cdgrhhC}nhrzR-f z+iu7w8~x#ZyhMaw=kJrzma%3*W8?b@#fJ)PqGSpLnz5AlzWb+7ng zee{>_7Vov&RgNuq7uP=VXr0A>hJ&8}86M34r}1}!O|gCFAH}508E;$px~G {2it z@+05Whx%e`r-)rQ?=(I7LU_mH(~?hkLgjDef2;bz{`fsZOhtM8rG57ldKadb-ZK}q zUmF%Z`%yu~?&Zs$SzXb*(yr70?9g-HO;=4UYTTDvaV&e3QN8$Dw$6stuFSO$C+&Ff z*!120ZT@eTuBkh@Uwqx0ILY9{yB5z>3Tj!SFi-kI_@t~jxt&eIw)@{NN07){QN_O|6zbHG5_qGFx#isL5eQ z$?>Yme*8R=?9vW*jxR91H}#z8!izCkw>tK2*?swn(VE63K?T{b*WYOVcI>*HP{pC+ zzrB8iU-o9%(d2IJHSb9HF~jq^XVmU^Hn0cA@*nOOy!&GNG3%GTXIS2{_M6-ZcDTK@ z|K5DAis=qNrY}4AxW4^XkMXT7(dR60+&FjnMK=4R&2iB`jQ+{ZXKlJY~m2Zm|Uf&~CwxT#wTlSzt$@>Gxm)4&B=#|Ya&z`yY#k=WI;T@@A z=3GTW#^)Z!wXtz|pZRmX^VRjGu`6}??2iclXUPA<{n66%p68QGvqD?l3LCON_xtR* z+J02lJUUugL|kyjld|8to2&kb{tC}DnQq7OQM}EDN%(9uo6Eew2FKv|Ird^Dxz%oe z=b!!Lk-X>PpO9Y+;w3} z^-^aqDerE2vWWHOcFWu6w9a>`>aK}7aHr#)jIzO#27gl*Z;>MYdv+luq7UvazA){` z_U}S2J`jy-qCJ^0zNc;)quF-xvrTV0U* zXS%ijnUE5bUF+7`Hs^K~NXQr-4eJisvWxG-sY^mmz0L2XRwzYpOjDm0ar3IzvUl9& z3r!^+b~G|sce=$+U+`@6k}EEb4{y8*{mEl^)b;P$jBiUDe;zJ>b#;-~q21cA{C@Rb zuAM*W(j2ju-u#F11@7IR8)YvZ-Es4PN6&s^p{mjqlLI#PJwI!tq*H(2LgiPu?}zS( z?>lPp*E;HMo2~q^-|&9XVFr0ew@yC8qKmvA*bn|^kj(nzo3laX`CG1DrH>mqk7eKa zCslXOPU=I>qu-$$qPuUT+~@f;XKLYv>){XXGrWvr|NL;{RG-a@ejX`3v2NNm$>r0( zv$xoruUzMK+4^PT?+LDnIv+%*Kgmf}C|Nh%4cd(MGY4B7C z@5xgsyftItW1dMXm?v;7(%9E5#&EEwXwurl+;c<&+3uma` zIyKXiok7hwYHjBW!|O>~*73_8eDG{_?5l}U2fPI5Kk~b=?6uUS8_moUn~E0v4mVu$ zn%7=q$H^ysU$>N`6nSpEerwWQF+<-gpPR3(WaU+J{`TBdL^E&x-h!&HUsrZ7tUdWM z`c1x+uad{3TijwNOw+FC@$uVQth(5|;qijEVLGQ(Y9REYMShHWiwM!O!~DgYn2X4C~wQQyKG%J zq4u@g1&yTT^D5T->|5%0+S%_G1Dm@|akzk-!#Os?fJnnn$7LQ*{CRatY|G@AU4;|% zG+Zph0{gO#&f1wH{PwK7h~j?+uAP~Twm(+w(0CEMk>{{_PwCN&0}CgYajx1X_C|bZ z#sZGrwbobG=6QDpE|lIpZ_0s#oA$LW-*Jr7`AXTUhn45-rC3iyYzw%lxa#Yk+`gTX ztI9k$Z)JO3v*FS$tTucku!r%-1qEBJibvYnjUR&O!UGxoYnv*;~s;Q``pq^`2aGrzgswFQQJXiV7Gzpr{Z0Z*y^G>vO z`s7(Fb)4ta&)cHQvuumev(^u_#v#vo7+kZ?iiyn6T5OWi{5o`(<&vJ87an}Rwc^~2 z6Sl@tmmLfoWUg|r_&Cw)nVyxTxtD~@gW|~GgV(#R?{s4Pbyaf87p9JFg`vx4PF8Xg z-7Z%*)#(+>H1W>ktc6E&d?il)H2#~_dL)N2RpNNoJ>!he&;5>{vfsM>pyij}_kZ|r zkxoih(Y>_dh2^t73b#!zw1u7HUs~6ZJ&SGjqg=gQ>5#3FiZi`7BwpKR`Qzn>s>cua zcd2w8yLjzXP?VB*@a`amNE8UY2);o2A@U2y+ zbGnvBl&s#F)!SF~=z^L5^d6q{&ueb44pcw0y20vWtj)Ef)3et5eVtpH_WY?0vQ> z{kE84x-;ha+T7UaCq@(deyr-vJ7RW^y^~r#g?&a3gZ@j znEh?SRg=5B(z|DDS}8eW*5}D7&kH_R*cw=c#NS-KM7s%8LhfQl&+&bgnw+k=l z$jE6Q|D*V^-t!}mw~F}5Y0nc1ukD&GFX3^%<4Mr-In0;u&02BW#_OlgOYIw9xkDTE zcI7CC-AAL8MQ?3+xb?S|10(Z^TtC@9a+mjS`?=8)3*mySc zY)Ylv@oByhUv=e={?a|AyTxyrPx8}mE1v&oT%P&aGoN*~^}7eZ!ucP*Ws8V7FM3)e zxcBj;Z7CZsyS$dsxqW~2)@)9hik3^(vBt5{dv)KnI4;d|s=8J-zwq(P^)v68c-P+1 zt6X97*N8if?be@33xu3YR-1(vp0#$ZT-%bCKbbdd*=3ubLA$Qpn}6<_$+JyqlWuId zb!mOnsSnc|zt(fapDZ=+p7%?VEmXGixT)#0g=;du@m;v*_OQx4$ThVh{1NZ5-Gyp% z|IWD?R96<0a&6UERUUwk8Pp6K}yi?jB=9XDJOiueCs+ME1Z>e#|1 zwrn7hTOC_bW9ehxgN_yiX>a(=SH!Qhalwzn z>s|^}ii`cL$*|xJc)e?O+#Q?#vw_p zjsEQ!YVuK%R*J1f_{ z`j5}$W=UPHIdcRfc0KQWus7effSIAd`nsUmy}(Til4rT?F>H!FcU30k>udkpTl!u_ zu-5k4hKICy`dxDT{x)LztXWfvQVy3rTd?N}&*C!@c3(SJ#jlI_x&Lq0^Qm!VwQ~HN zr-hC!UUPEN^2^tDp8o5&&RJ{%;~bvgQtsykj!8z^c49hQEB+i!JNM5oNK!Ry;)lw& z^N%g^TpBYiY2VD%^=Vsqd^*aLwX)6L>`ZQM?0dXbu$kF)kK_f=AuFn`aUM_YXttvuy(eVf5q$=?A!m{S(($$kRZc1RXaQ>Yx${j*B|8e?2~gAU0k!7e@5=(KmQqetJW^oIXz)X z0fX)D>*f#tGV$vBbyXY)3za;uuItoG_1H}{4P5UQbIVK5a9wutrqUPPzLsn5(+jif zznxG`4XTt|Y+AE%tIn#U+xd*L=4{^5@av1@+vu$eA9#nZ+{v~xzb;ICPSaku?0T0y z8_zwOsoc{Xmyoi1Nu;N{QXpn8hs@&)qvR?X#8Fg0|OZld^7E zZsRRYoVer9DXVbb)tNdA_PnVoa9^7kV|wVsg;UEVe->X_o6)z*cu$Z0md@!$=|yuy z&l;AlSbKV7i;#O&-QMMK(du(^7EG$rUz+gqwA$DC1qFru=XO53_~zm4z5Vt-UM}%8 z{?Cwg{Ij;X@`do3w~ze3*?Fw+Xtn#1YSAluY>ie;E0tl4v(_@vN|-7k^I(3}r;U7P ze(`91_nUlJYu#y)K9Pw%*BAeYKU`I}HSI#I*J_2|%l4cig zxzb0srM`&XTan+rWp41{s58^9U$DED6!O+?%hPS`)>+T@RCJ%7rnF|Sm3d*zn|~_T zOMYjXTwZ0_I(@48*4o_PI&~-J$^F>5@>N)z_0+dVWZcdk`1AVAe}=sEH#z>D|EIKV z@*%4&<=>|7(b0NvQu6!p8pCyJh-@ANuS#CogmN{L~u158DsE@A)U6 z&;NS+we`iP*yqD`JJ@4`P-Bq z_RH!IF;=enW5skou(jqyncJx6r!o&Om&@gEOi8l1-g`p( zepG%GK4^CB`p1=@^i&Q^+&ur>uKf~qhyLm0=6$Wv*YQl3S#tZm%%&%gcFY(4BmSfJ zx6+TZHuVqX+5R(RMb7+lx-v&*?y5?KU)L|rXQ-@NnZ40xP#vb~evT>G= z=<&MjmzvK+GgT&Ub~6cAJwJPE{mtY@$J^c>TVA<9QX!Hd&B>3gZtBJC`yzh=KlC4( z_`*z(qksDMn9o1MukQMOG`s#s*!O?hAL6F6?M=@-`y^mngu<)v_4beB*=hnlK8Y9K zr{ulrcIM}(%uhasBFA|eN=0wCpOsTuzIpZ9v&*gBgC~AWKf*8a<9w{t)~j1CTg|DQ zxKN?^b-e$-Gj_U{ZHgaC)X0C7cc|WRaicV=y5gNwf1-a#ez<+)+C1@n7Zk7P z>PzU}pT!pN=G>FrD{m&&9TBXL|M|{7TyWv9#dJiwrI9Tki_5 z#cy^$=r0hnW-kKRv#2-EnnhywE;1gO8@iW^6t!_0GMwz_-RP-8cEAMa=7# z+BtptAs_U+ldcMVKO%MY;P%^1*KWRi-Idq=$ez)>OYy_swjJN44@NGUT6uStZ}E}) zTfVowpJee*{$Ty`_qQHioqFis*8WHGt@c7S<&S2^i&hjLWOm=}a(dU3w*26uHT!?9 z?O&~zW%&E-Y+qURBk`=UF`Hsv21+Km9Bg0bS~35~`c~oWs3leX&3kMMMOHA!DC>V@ zj&)o3+xbt*kKjj=HRg}|*|={!usJKB@c7#9`3yDDm;V|4F#CRFpY(;aE!pLto_rSm zvC1&Uv}<9dZ^pSu?bUMn>b?JDDo#DD;eG7!pJ7w!>d?@(%biC0+=>`hMZ(t!CNRD$cy~YPGc=K5KroJD>0T zL(aF)c5JQq*0v)kvR>+Atk#DW4|Q$+Gn_en^F`&-rOSItY}0sCuZ1){crWDQFLQl) zMf~Hosd8$Fc5SQQuf3ljh?79DBKCIlD zX=7?Xom*II(VshMdw!MN6Zadj98GKMUSpuD0FA_rr3BOD2+~{w&$k zt{E?Srsgi~`Tg0VdCH<{KXXrCITy6c@_vt1d#8_KL`C(1{W+UbmC7_vFin0i|M1`Z z@J*8=Kh)k4V>l8NogU|0e6%c{EBX4@rN7lyKFW@63sF2`q44o+@jj&=t{*2q{Ir*h}EV^R0Nbu~=wA6M>Es&V~c zrI)&EdQ{`d_}$V4nGauI{-zf=?|u3%%}KdwKl?_~WtWz)8|_SRkN)h*WMx9*pHzt7Td zpU}?BEa9IgONPm7+P;3dY1+ojpw+t#LKiJfDgV!~x&Bx^cTK?Myglq}Gdgv96zeP8 z9$AHhZtnf{{LS%4yiWNnQE9bVw(HJb6nQ@Jee`~w{|qVbg=>_4th0%gJ+ne}%FH0+ zPn+g^$e#Ll*H)3OA9Z`oqqqI6nI`)w`)xr*PMFk^%KO2Q8m7hf_9xu$i09O|TEK&<1JKueNTPk?6doxDebIA47S;ytshFg+8n!O zm)trgCds#*$K1Ep?*Fai^L^8Cxz!I@cX@n}omqUgcFKy&nO@d253b9Wo-g@zul#|k zW6M|nQQw!goO(9}Boa=Y((|UcM?ThEz zH+!5PHZttAj+|N`w#iPjM&Sd0V~uF~$LfdEmS)!H#oD}D!vsh;b>k;KaTM@n*q zpPz5Nr*wVG%LV&pU3+)#<*5m4IF43dU4LwExa;L3L2;7LW-@R@FI*Mn-(B*bK`gR2 z%)XuLCD)%zi#{0M+fyBJeQR#|qb0|kTBixBCAIWBdl^i%cyWl+teW-1$MYR0uFZCv zxt(V<>$>nq^+)<8D!2~?i(h%xcxr+oOP}rQbsw(34vtBQQp=l3_ZJ^aW1W8R}{&!e{AoA9&i;0LY=*)KpF`|Gy-UHITi zom|w*!t-Sp_Y}r_Z27*fCrxUqmw4Bej&q-EJ|EoW-o8)$herJC@=mdZIc0m+-8d-P z{&DkzcM~7wa-A|RTdTXf?&W`m{qFsC41Yp@lqZ{ny)^JtzdPj|zv;zHIjs+Oe#OmR zRIzr?>=#p*cQ2Ou+0}V)$4Ti((~^qto-ZeD^rn6LwRdA^r<2(2t65Lit+G+u_G?{h z*<`l|0=qYb?Opsx|L|Y=W5wN-YmJ3nm`<=3Uif$RTHB@QT(iG_u0As@JZcg8&L^zZ za-UvBcC<%MP2h4vnbhg>nqQayDf_YgVSLMc#?sp2!*R;f9+=HLBe+Y=)ieKt;kuHW z;ek%u1>_e0Sbe1a!HQ{B=?Cp^Jo~14bz$*+9$pF!l6UF@3as)zPRb|!y!t(*4m@P7slJNc~t44b#a-`3@Ay|-91+T^oc zTHNv1@sswk@4oUU|D(L`MV3t#l~)s+KfaFNF2Cvff%|-!_gS{si&kt7$xcq)ep=zH z={Mu$Uu6~vyqoZGs^!v@kRO!~hm*smUQIowlE=Ze zOV-}=s!6@{Y0Ea$lOaDn7AjmYm(x+sA{Vea$r%Yw?TDFV%A8`#qhjtMX3v zf{(|WTbGF4Q{G)(-MNI#$x1Lr{D^Ow^>VXm7bnU&=vaqcS)P{dJNw#ptGosG(>fL} zJYZp~9e-$A*eDl6CxZ+j3iDPxAh~MP_kwySD8R z?C{#vGx6T;`TVcGTh&fl^X=&s9x>T0%Qa2D@y<&AjFsW13vD01>|Y+$70>rdZ1+;< zT}D+>x36!FSo>J2CHIpx&&t=cuI%_NdT*}GwYR;eIGGlPPEvY4&%bQi_OwG!CMoxfb)(9ZF1_NFUJ|IY88^q;|d@|oV>{Ks~_EmFT; zGJ8tmHW%xLwL32^@$p{0nsZCbu4$tAvt_y-)l@G$y5j9sU9Y)I_;stU`<-~bbnTwQ ztkF|fZI?>jbZoPgz?uioO)l?vbI#u9@|!PnT^C&yUDTHl=S9ZrP{iCu77fl zY)PNocWl>rw%1|$0*w+s^95u6m7b`WcNx^`~qt|1;Rnjk=V##`6It)mg>eX z7iT?SX;YiMm^WQHE6R9!*Sm;E_V$uzQ?jFW{=B;Jz@x2B{Hoo*!gU|bS!LKW>+8xF zArnt!+Y4-+tvyYQHSn<|L)V21^%>nK-kzP_wPnRR1$)g?;g;(&i?Rf_K2qe{>-avx z*lo?ckO^>u>5k*V*w;`P!~z(`0t;oU~r)kd16Yvkyp^dZ@nL z^80P0d)Nu(wWUQ_+l&?_`Blvc$&{O0#j|m0_&GM$sLVO+UhhT*fA6k6gA}uJYk~ih=dar<098{kFZ6Q@y9Lh8`C0VAH+GBB&ZN+NTQ*kL2Ho;L zF`cVd>f6^fyy4!LO0^Y!xhzz5sxQ_!xHeZk_M_bF6*HCgL<$&w*1cQRS1G!5&5a-B zM_%c_SrF~LqT$4O9$(*%jZd%Vu6b!VQ-EjT)B3%^nR2GTqt|YImRSGD)9y9biyF^m z8gi~@5+&sK?By+#de(R0+*zf`faH^rd?#kSEQDN>bd)y+6Uy@!E!5eINg}mWg-5I%8upXK8CQZa<^8Y}=g&tLu^$ZD9+y@Zr0; zI_ZkLm`g+ROOM%EzL{EYG%7_i6SvRe-LxX1f~9oLkEezw#3i4ti9EN_bAy_rrR7_P zuI;yi7EkNl#QA7uYDQ4ffpSTPuss*tK1wdOFQ2tKzvkk`%-jve-y2qYI|S~`x^{9w z=?tdOeP2VaW{_WfKZ_@Qom!#WVtaYC3+VlXGvzkh(Q-sw;$_#Y9EyEUItyO84bAZkw#Rq&25XxNCKWSGZmK->yBJEAF@#e`F8b%*k_! zwNcW*LGtAKr3u^k4mKqS9@C!n!|=h>5BW{HCKr~=MLgX5dfT>EONOMKT6-g3B`!SG z(sXzFly_`drySXf7P0lnFIDB8`aYRq# z(Za&dYRwPxg>kh&#_+jk&0iz8AheuXPL~} zE{NH#p0TCR;Av9|-_#2)jduphz0xsxmlu6*h5z}+u;&#ET8zE;vL&B|#_nY4T3Wq& zL(tOmqWZ}xcekis+q!@AZcXdP_c7bnub*Sack#97+E-5_*1f%RU3cy4=wQhc&-Z#= z$&~n~dd=s$u8`;bS!cT|Bkhywu=AG{NkGvOu>T;$%V6e@ymgmf_dV8Wa zD3o(cf_~JM%O<-s(v8n8*l2n1Pj>*`tVZBJ)18y>giEisdm=`xUQQ0fgd+~oYFSMO>9lf_Q?qpzbpvsTsBY-HZ* zoxXfg4^IPo-q(exc^eH?ZCl04RNsYc-&`@ntHa^;Wzo9xe(AY4nO}!pwm1;j{5EVs zo9)q#x53%Q71l~SHt!Ig(xv#cRnqdk?;Mka)!W>vxh~!k^==NyFW9hU#>uxnnRm|Y zo0-_NY2Kf-oxNGlVxKHLEyt!E9k`?S@dWXo8xO4E?u=zupHO_3RbcPuwd%FNT2re2XELIP<^Dz7wg zKWIE^blY$Du0)xDX{4QK+f??d&?89|J zdiGT<^MhlrwLiQlz$K8rs6lJpytXY5qCPBdXG{@vVdG%o`V!0UA+~a+NcyFXTey`| z*uF|0I9l>;Q)lws?Q@cr9*ua}Sao5FwY%50Q=E79O?A8HyQV1H>n_j7M=C0hHupXE zDN{07$?|T&;hhC+ZrV`1E5U2uct7ww zDf=Tzm$ymh#=v)?3Z`LhJe=cYlgIHvjQS#+Lw+;wqhqojn<{N&JgA`M)9WeuLo(~~(D zYdyR8=+vgiJy)e$bC;RKJo&oTd&ND!)afc!p=B*|<~tsL?e~n2Enrh;%p9TP4a=9B zKJ1H_DaCq1;+XZdHDwb`nk8*gJ_gOUXw=zuWS(Ky^c7Q0iVI)d%TC>y_{u8eu~XxN zBzZo5g}$x3McZc@i?-)_?Q+OHbN7{H#NSyKw#A18eRsy)N$IP2`#R?C`Ia?nuN+h0 zeHpjeuGysT?EY;G$D_{e`Ea^5H991SJxJSQw^D6W#wYH(<|kBx&R)-W@VM)2#-ak} zZTzp})|Ni_xh^T=*>>h0roFG{U9po@Ha{&GKjq1zX+4KRV*J$91?_IknZGtOGD|$O z#nUb+vox3WOZy?$sWNP<0?lqRw>{tLx`yklY}-WJGZX)PNO`nXXWgOId2tT!@9pf> zkC>_$a(_-iVYJ!xi94)kt6!REv-GD*rBc!no<4^)Kd(G_Ys2?dIgV#4`|DpYZ$p+6^<~;+hrL?#4BLWx!t&gG5*KPS{2!)Hdtm8{M0iZ3-i|y~&g+SC5dN!PMB-Qoh_h+iF`>V$a8;sV}T9PJ837 zVUah}^wQE@6VGYJJMIe8*t%xTZa=H9OLDDJWjl^#yC#P|P*vuct!WeFcR8MX9Xd~pE4n~gR@-C7$w-Om2@)sY-?++oo<}8S zou%m7()=y*(@kd=OS3+oQ1P!c@WSI+mS>|bEVe#scswy8Ja@v4!*XA*-iun(6)rzF zF>6|;STq->P12Tq?Z$oWhLvKRcib3Xzm617U96_BZE3rD(be4PZ&%%m_uq@Q~8!Yygi$JyHJ|(7Qury*IG|m&Hce+)%-fp zwV3(6^u~z??6xj)w_Q_H|LC{$UFM_LcZD9|YO^#ls5lzb^l|AEGj=E6vidDPhA;0~ zO|G5DuXx(?#@Yg>lGIO1lFu2cLyH!!4P468=0E#fO!C5&(~=m2HI7*@Z59g_n!;=; zu`($A=9D;*B3F|&L1lV>H-;YGvS3Aw%>1>{T`sEWxoc({^{kC>bND^QeL^^kX@qxc zXPD}P1Rkz3?#=a%*Uz@CmObNRw(yDE*O%e*6fge?fA~83t&}qF7b9j(bz6SXM-yYb z_q04_Z;q8~eYDbKMf92C4GkP|%XVy(h`1VVrE%ry#4q;`{AcJ4tZ}{k{*U@c{h;dX zUR%SZLS@GuU-^B#`or``dYd2YEqiEE>!VTn>7C8y!)n=2-}AlRw*8xDspw<2&VR8bEfg0lzX-(>j%raswstLcB{93^jrCeb4jNu+mQwD55CgA`-lDG z{NNAY-+V64&0Mr>(WC>{%5~=ao$-a`U+Ks6L+g9Y!lpOf4`Ezfs%235-1JgZP4-9k z#>IO+Ja7H_pTXGw%Db@0wNC;Yo9CqMsrsQ=VqLr5YLoGQhRl4nd)d3ZUe#xA-)6Au zxK5Vg{`D5?r`VbPVY>KESLLb>-}S`(RdPk_reF6Tb^pkJB%bf&BbV*xr#X8m#ZT#} z4xbjWt$kh8$)#Cli4iqRXU|WL+ZG)ZqI|0I$1bl$`-2~@HSn7L`K6IhxwAI=;~&M> zwwt7EnpNIYX7xy&eOfDm3hr8 zZ^z9y_BqK~m($m_Z<0`Ngz?eBsh0AK;y0Eb^R0hm{-$m|_a0G^>r(Uj>(Zxk|9Q<| zZ@_GMw07rj$(q8AAKTmKAD-2_k~eE9|11M<#{QS_{q`IGGaQ!}s5@UTmAfZ<`Mc=s z4yk)D1wYNmvy}V#efgWMAG?n6ci3lb-}5|R_vfBuhQxCf^1U@?#Z!vTUg`WYvrf}b zrsps3kK%PNjc>=*XL&5Dm|r5--Pg7|zcVUs_Od_LTetoW2|8IKmKo}C+E{Mu(>U>M zm-X~7hemgti8l8Yv^cS@?^|}fNTlhZSH5{>Z#z?R8vDI|NX@7`w%9iNtIgzZ$No;L z5&rF6vGSjg`=Z;YEAGh(uj!lP7Lh#p^?9#9`F~f}r=IVq-*~=f`47jB++I_2>u&D5 z_RnylOv;?%m+^b&iC(vVDEG1bk4n|ihDnYLz3RG62ly=4YyaKxpCOH({ojrGjHN2q zZ4B0~^EBQ!zearO?Guu+?km=ZYo9f=%uQ9*wOX${ZHZ{eL)FFh^Veqk_g(truwYO8 z{kR@&i?iP}PDT569FT72yL#tO>W}=#_HFY8-tUw6vED0VUCuj?ZCXoRPAvI&{?d-> z*TpH)Zw2Si+z}?bIetUJ#wiN?F)8h?B|U|dMes0&<>ady zry1{z`LonIER4(NxwM;w`rfRUvz4}muuO6*ex<#$a!%*wMVod`O6dHyz3Y+j?8*s6 z{WqTPSby<9!w=Q=w}I)k)PKylH1RE*nfvU;f;kU)>uPICFDiUgy??a6`Pw0m)XmrT-Dk-$Y~Vbm z{qBCte6j1_KK-4(<@3^48=@=vu0@00h1 z2CI7GU8^gZo(uUcXgYr9dYoF!hg~*(a)?>EwH5!)eR^rn|K+~)kMPLi=Qm>vx3-sm?~e%+ zf1AF_J^O*LNya8E!)8=TOEnbbGF%L*Bz=j!@e?1eyVd@o6)o<)5B-pmp!d%A=4aTHDzMF zp_a(1?Mt&?6}&Wx{P|$h9gTwuA6yeWm5%jo+;K3D<`6bah)&VRMzjv(l)jss{ z+0V%d+l`lW1XA>8sVxHkAJLd-S_R&@8Zx&8vVnM&dj%4c=-NUsneyMbqwm$-k8%ao%*w z#H+l57bDMk+?7|_vgY}j**9yo=WX1n#S!VI?RM+q6Q3o`7Ox|-N)Ik8wW>Xn$ zcr5GJrd$>I1J`wv>n0pgnfaITZ+4ihuS$PO?iIc*lM^1T%Z<*tQ}A_pPFFBj<+?Ck zhs8pcc01S3H4h4VVrG>#_n=B&-kZ%k|R z{+!;`8L(aQ{iQjnL7ZwGUWSSh|4hTR4D})oNy|rF+rEv*;heU;w-ck~`G?WdI8>hW zR3}Y0T$0%mRp2JOZPR#G40*|ekU-I>Jmr4)o%ULnU<{f)xv#qD$@noM~zDH)? z)|&Me`5F6)HOxKSA7^#3x-&pwn_ECcahS5~?FH}syDl?xR0m(XNg{9ZQRlMFLbSj!X4vT&%bO+o~%CW z#hX-?!poO7SI_yHc{}Opk_4W{OIzL~wB@wrgnF0>&iGZnI&2AZZJfBy&E;_g+ zM55=*iXMrRN^6}sgPUj7Pcm>WU7ORRs9rRuP{`uZyonP}uJoy}*U#JcMJau4+QplG zPA<(8?76D)0*dd=e)@QMRM9%Ni;+8KYi3wV=exZQOUU67{<`W!v*h{ukE;cXCkI_^ zdOBmybBRZ54~6J4+V_Suh_UcZHJV`f)+1b(lhcN0R?+F^rmRgn^IARzxp{r^%hFxZ z{cTc@jMR4Nsgma^*4$9%GVa=%tD(JPYtUtfjj53{CS`tTU}Rd{!;^0Ez^lpC(0bAe zS&3O3!51r*ah~QXm@Ui7BIvb%$>C+l)7Cyuo3hoD1aAKN&(Iq_Mf2sYRXV;RD!q-z ztU^7NUm5?aT&pRN@FbLbYXS%R+Q8Z28h&hC&sLt`cQBs+Z*R;@j|W%XR6Qk^ixr;~ zO?B9LHehG>G_|dg;fa>3f{#uJm)&_(nNyc1dUnl9o0Mz0r$lXC^Y7f&w@KQxJ|Q&8 z>G`Eu7iB)RUYx8n&o67s1U8nd*L$YfBrX2*`M`0JonI|d{k|LBy7-8-&+220`f>So zvwDFVO{Kr{Yd$J!ZeLsFdL%B*K_*mEDMeMZh(9pa%6Ycbny9~P7Sv3}`)hV1xe)i29Fwzt1^pTn2RWt~1b-ZCd)pU<4)v$>MR ziigU>(qg7P6=`rcje2y$(mHs(&$Trhn3ftD&ifknOo5Z3k6mKP?47=`5|eL>Sa46C zleY3aA9Kx4$+gidK19py5RH7qkf*$!`E{(w&DM#Xg;MN_A}L8LPc!ZF+Q#ps9rf(C z^i21&UslzpmnKg+E-CpwdRcKu-*CKbn{RXuFuQ>B?fQJ4Vwa*S&V#-z5>l$;oG6&-KIG^P_%8jk#4!#;(c7 z1UH3m{B?cnAGN=WuYKcqQ{!lN@))B|#qu*ZKS#`&T`v5xR{2oqWr>sXXE_CUS{qEOw7tOL{-VoEoTUI6BqjXv4_8FF%8BE(+-fXoCmuy(+ z=W9~FPj2EZWzjn>oAm?zrXLF1c&Bzj%+4v>LaVtBeb|3QR_T|T$G^zq42G}$cYJKQ zmHK{Gs_u?I`=)w@+jJguQ!nMo*>=c!<`kBggsy3aJ(}*A-tAV4=#fdDm(A?^k@eov zrKY!8PuTKDHQf*W7<%-V+X^9p!|(o?u1QJN$SmHpWm>dDxj>5UNz?o@JXdZpDUTL!|L}BMS7Ey4M6ZX=QcJ!V zfAeXRH2M9qaAVSOpE)7>0{Viu^B4+3zOI@s#k%yI&v!K=zM|##rrvyW;a2qNX~&r5 zuIy}EaOsNovRN#d0)KYAj1&)_zUi396yD|U`o5|yEUnGqNppCdf41vv<(VbBPlPis zwM#wauiDM_PrKrAY`hq_Zp%yac1Z=Pho!z^52A$?xtmWM z_uIPHyr(AU=>s8g_NjL-ZP=Q*HG4;--csq?)0lQFoA_mCac{rf$J7>1V>ijE6MEjt z*1lfwBmSd#(1(&XCYB8;sS*FS^6gz-yJXT2OXgX}yUr#|?K$~LZb|v;Nb^(GT(f3v zc3=OhUii!1DwS%BDPjy0v?lKL{KVDgTKR2ed2W`oT7gw{*xh*>Ha$4;lX++o?yH*XmJ~M~R#$j5J7q0L(c9hXjW2`NRDDU9 zk`rNg+*p7^=Cjwd+u}xoeaB`gBe!YQ%+U4I~le12UT}%O|(BF<9+Cp zk=<6$?RsyYvs>ET&CFT;Y3BCga|~-em$J-UFMBi7T==`Y(v~gLdOz+9?D^oE(8R>WEGjMWRZ{hmfxJ4SX}m6P4e@nkMUMNl8;_= zI?eY%fFViBHxNv=vbSZt~Hr#GSx2Qro40Xkws!ca*Pi`x=pefIs6JQ z?W||1@w{j{+c_;o&B5UIYA^2_lgbRw9xi#dm#fS!+TfsHP~NegO`F`G=h;1(H#IKu zv;$Y^%dg9#&VKtbli{a(@Vu?Er*#yA>k2B4W?cOAqsO>AdEG;CL7nKI>RYXSx^(Sc zSM5|TIP1vM=DC57)t;79W-&8yt(Q8CHG$$39E6$KRlb=9X;1gU+-lf!^@x7Jx@#DIbNJy#JO`q z0^ig#KPIldRP=2{bRHYWx}9GPbDmVHEUr2?oDP709*ml*fVB77kS03-&)b)(-Pvbw+nIHKNTh({I5p&%ZtmhWd<=>iW z8Y^>PQr^Uf!nfgj%9mHP-S*dAe9KzkPUCgSbsaYspX=K-zoe%8W9#yR`Le=`VoxS7 z&SDq;bo=;s&VNq(sz1&@)Zcqw>`!Lpx*CIP{T;f8v|VkV+}^YGTw!0+zFR*E7dS4f z$lPQ6aq{79`&72=w3d6hnD51&PuYE!P2M-{XR}ky3bW^4u+!W7#=(kk>wuog{a*jl zR%>eAIiG)2e(4pza`yxEQl|D@_PqMaALbwDXLIJz{JnZ=OOdVPdZ{0ZD^9NecgZa5 zp8U18N!O#gI^Hwqa+nunzqP-${bBmC{kOIsnJym3|KW1Xi);K(qd6T|%q?v`$4mZ+ z{M&Dz5r6YP!x6!X*+=K`?by1xvRUgA_}=lgqoe*Z&V|HypFjQPCv+ZO*=H%X%Ha=Ps?FP={vYWo^LwzvHe{up)Z{?Tin zU1l}yNS`NmBJGd%+4XK$Wj$>FJzi$?J?HeSe|wW3%oo_U=$oM5j(ajkq`N-Fk=yya>S4kD?6j8dIF<-Z$gdd zhx>0X))%Hfmd^F}yS(*=Ucl{`NUxR8=6tbu9pSZHyK2$2<>%sA|C!g+{BV8zIhd>Iw8_9iS^m_% zmLCUl|9F*nH$U{q&p9Hv`J_z3gc~x~^&h`)zjgk|-gNKnANUsM=j+Wo_-E|_qls_5 z<}CNqwJg?aJTdcO{N}9e{TsLUlc_<{KX$LG$P&4-M>BcV-)XYb*)k3rDBE;B z`N#Rn>e=M7U2&@)PRwtfv83eK;dxElTbBEN`g_mCYt|J1Df;$FzwdKKpM7jE{(60? zZX^4t3B?NQSNvy4;lIUvD5||({LuPG2hQiVm~FOa;ZKfv{?_%k^}mbqGB#l~j){*> zTjv_xvx&Z~-O5w^CvJalp_u)K_ealjzW8=e<%-Ut-_=EvBfPgOZ!5gEE46RVqK7JR zVq8L>><;|sPF+xO`;cb(Ltde4(m$Tu{njDE`*(zr{+0_vM-@mM=XoVDz(l57(Ew_TScAvQw$Czg&8s`KZYKEJeK_y;b+Ue(m8i zlRJ9s*MjBQ+^G-z`Tw|m_IJ`d1;L#A4 z#w_vm&*}#oe`sAea#AH@IkO1b%H?B|r&v0n* zkL3?{s`nq3no^&B|MND{pzsm4H{71!3APbqmtjOeMQt zEEiv1x9_I-2kmVY>!%!fu==;VrNh$|6F-;t?2%sNt@3@I`iC>yu4mL=k5r63`}%0n zw11NOq)N7b`Y}6L>;>m-!hQU8(IqxtBpv}Fl9<{4}{$^BS; zpKHbSqxvm%Mn7yWRIIDG9&#!2pzX2y&RxI6AE_Vu{2-ozU$~;|&Y7OZTX*YsRlbZ% zUG(F8#E+@`e-y&RjzvV|PSSL93j3Pj%paz=Bv(CK@>I>qIlAqAdn9ESRV+Sa#dG1^ z&-~oSC%LRY#_~7Sgn#I|8z28+P1C8rF-D>>28B`L^_%t|SbiSF< zByYQ+!t~Z3`yZAM<_rC(O#FDf`Lg#F&Re&`Gw;5h81LSC{QBXenQ6stQ+B?K{ow!B zaGl@3@ZK-S4DS&%m*~V~^JNux$Nzc|MV>?4Q@WeyH#L&ydO+9MpgGm)_>&#FaJ?6+hgW@06}j z=RZ2{lHIvbp-Jz`^_zna=hmmp7yV%zGdbwOR)KFHy_`C3Pg=Yz``&+s^!Z)$G=G%m z>P;1$G09c=Sz&Zl>i!nf-#pIMqLN#+tIw6{3O`bB(F;3eTN8KF zkilh>5W{!L#cm(|Gj#9MygT)h9*fv1`)l(Iug^Mo{g2?Ic=oIy-RnL7E}XirRXOvo z_T}aC&I|KZ>d#!VG?zc*gZ&ZN{DTutF1lr-&+_{BiQ8LU3zugGz83g#>d;NWhjTnt zk{9!Qj#Id&`B8P-x?3~CW-2LIh+fW?v)*xii^p{LnQNaMe{WPc>(%mkYlB~;O6{6= z__y=xdhR{N54v;Xon~qK#yYL8j9|ZS`pA6xt}B5D7x+J7H9T+h%;)d@s)uzdKaS-Ag}lg@{1`B;1Gq1f?HDTj90ZLNN2{#O6d`9?X5t=DVpb-o)|o@ug~lAO{OI)ap2+n{<~`}z^XAVjy>iU6#z@uk#`pTR z`tAF>>x_OJvo$`ltE6mOuKcf^!i@coqy95U*vZBG_$6VJ{@}NI$o3j*=L-hw75X2V zYztOfx$K_1$;SN1en^z~>Jd(%F{AHpG*5|eM%_NOG{IdV<;&~%x%)pv>sBADll#av{loL4vrg>XwpG{2W&Paa zTWez<%x~YPd&wp$t=6Mu`()MTBE$FbGvq%6o$uLo{)qjp<|EAESL7XAML*t?o+YWXL2XE(%TcEa#w#ve^h_0 ze}v^na`uPrLzBF-i?geL-;}J>K3ntqKLd-{57VU;vmf~_eQaAN@njlz%yH!}9g{DA zT7N;mOP)LT%Y4Co8}^BIJxr}x^J=E#vwi37R!gsv?Y9alT5No6D z%Gh)_dR3z8!Sz8uls`Ux82k6^^_F+JV$xsc3wH9`7Iq!@vGmdDwcLkSW-htuw%I5- zYx!N%2lF}q@z;c2{HJYxgg0Qb>eUYu`uu~h?W?@h>^7l1YJR|JDf z#P`a3Kg4&L{AcLc$G&~@zT@-r=bowedcNL<|KaYvY8mTN|1*Rep4t2By7345xW0d{ zetT}7vP`fieQ8-nuFeBwvd4JENdJ+2@1k z-TiIrmwr~4i~YqQTi-J4dC6L>-?2^J+S=&_5)=3xqw09KRjhk*`RneY8@W5)wO?xw z_U2tHc`K``;=|kS*xNfZQ{%t(R22R*J)O0ESM0HA*RF>v+{x#cUw>(r@!E(it$)JT z-kHs4(|u->Cm$d6Y~3Gr^R^oA>~&eb&m*=h*l2(EtV`@RQCrFFYii7^_cKNQalCNX zYvZSnMNiCKeqZIH zYtz!*@>Ngo*~Uq*o{F*QSx|6XZR?|tJcdz=_pnLMt;;i<9D89_MwwoARqMI=>u;UZ zQP{m8jLYhCRMdZljyEP1|IYL7OHGyV_j;y&_22D^>E*g->`Uf-*|qfV*S}w)W^TPF zTHw_;#cWNch+pZkYyRKL7D_l?joP-wHqO`T{F~R?A`ToppLH_-P4`;cr%9_7{Qk&X zd>DONqyJmZ$Nvm#?3IIjmTj>r)iz-d+&rOwI*;w@_N)4K=hylcrp=zR{k`#}U2~(I zuIP%3U0+&r^glzGv`m=m`gSgxZI>5@Ppr6Ob@iC1QRbE&;gx&BeXg}@-I=;9Yx}g$ zWxak^9(hVSgoJeLau2dbS?@&u~+^ zePSEK>gj^ohxKNwC~M1w)M`l|1zk#V$vyF3-w&1Ywbhwx)%H#Ldg9m_o@*1Urd&LC z=e|x<#&6@M`=yJsPVC&6{P5?cO0JD64?=Hz$)1~i#Ax5FS4?J4oicar;bjrpwyI{i z<7Z9NEwLvG?CO8acy>9;ty%k3t#9y$CGAJV(8*Z$;x%bq_~bjSI^ z$&uH-)qm*zv2vYmxM62u3?4;O~`kClWn%$u<)6?|D(ND7j+ZN z1XE)kG~WsD{p0oFROY$w+7gWS`}4NG5`JwQzeST%!TCV&%b52^r8%BlsQJBOgUkny z7g?F+Qq!H93e(%}H-Ae@m1QlmT6!f|yf64|?2~CL1*UN~H+V8!pZ(+1HE-+d9w`sD zi@pt-*4B3{_SBJ`>~B5 zDegFvdSaRX^4#`KJ1(DGo=>>= zoNZgnnp9=3Q@QDf#g7@B6*+GGcE;0~sww<>K5+nl{bzuBPm7FMY{k zwdYOV)Pla{?6#}*qNVo=eK}mbm(#M(@A&Iz_2RjkS6(*Ry?Vvs(v*1-edY@fi+(W` zy?Z$G`+EJGH?-|8t+8BFtAEUDY3sv@Zx7Vjl}PYtFWmT}^I>n~zr$-+IhxhE7hbul znv}n={}K0ghBF-=DLxKl9Ism?vFNPFT(`F5V1 zOSjg`7Iw8Kn^zxU2Qpm7C9Gq>dI#opI_Bej9at+gTmC9C<_bg>NH1ox0$;^`XMAiQ%Ft-WPVK zta&|sN>BM(#*W0l_xK#voHa_ECNzmrG{m%uL++!hh?YV<>KX?|=i79H)>|!4i>$7>cAuEe zlwPAXp*VK$yp`$eGMmJ^>So~wjkk>AMQtZTnv+4Un_s#6c@cdfK`DM>u5{6bcZt?iO^f`uy=`_>G137LuK zvvk**xkdE3dUb_cnjSVUzP_9<#Ju^S0;5;Tp$}D;EG(7#KhJ8N(RJoZ{jA~>E94xG zOjcDsd5~q!6`|7&4sV0rS$CXUysvUelgqu3PxgOHx&0QF^_0H$jh?V4=k?1V=ZTwh zUWv5&@Pz)3Zf%}$^}O>68}11Yo|Kr_?de)xv)JNo*fuSlm#SAbeqMNjeg3sgTXmyM zPv=S6)<>QC&(JcvBv)wirH!R~Bk!4oCUL$GRLSRzi5JX%$*CH>+EG#1_31oN`##ahcPKMJ91` zO4gp0yQ2}fx##oos2%P*jV7Gc_ZGI=yzp^fcHL=Tj@|weUzTp}U=nek_+|CCutRB< zCw_(6@Q-bAj^W^s-CbPvteugmEX4jn+Q;}u-&+zr4VC<}4 zB^gWFBqd&H$NPFjc5S~Kb$HwStgnyOA1-^bTPY`fUG;^t3OSvLIXdo*$Gv9V*1K_H z&23M~3vz!g)=FpGoZff%PiDNg)ThO6r`S@T&&#@{wBVR==o^nNophBe4^O-fI6S3H z%tg^PJzhK{FXG&fBR^K;4VV2Tgc7DEdg6a9f^I1o)=$Wx= z{pp*!^O5p1^*QD#T#vU#&zv!7b>plZ8}gpztz0Rwd84;+$??aLlNZcO`20?V&mimV z5n-PL%XzG;uI^<&e7$PPk6BEs_IfNiDq(i!Hn*}(!%y*L4 zW@p;5G^%+lV%#B{z4M|8$D3T6er0x$UK=~QuF^WKtOX1zLj zo-x9g*1f!?8I=0z$I;B&w8&R`vf#A`cTW;O*(+;zgubLKEyrW!c zi-OO|wintV?^;&~D@g53lii^{E6nYqNz$I&9WvEd zD^H(PRPFVYQT-8671ZJNQ9)_xjVhe5m0{_FVty(K2m{xm>+2z!kG^{xy z*pqTK@@>nhay|d7EjPoI7EN@wII%$L!r?1x_H>*+e)-a-r-sjSZYp00cde9raaVd7 zf7J6Q!AMkR;fRC9F~`-PcW^mAS}{kv^!&ADw`P87-L?Ca zzr?Swxy?!iiR{-+y%guoZ(Kc1aC-9g>$7wd0^j+YE=m8s`dBq%=%2}R!X~&?e3Nr{ z@7M0{Jn8Yvpt)_6Ts3r;B%HD0NeF(QyY|oex%}MCU6-N@R&LG^an2QH|Lj)ISENxC z#kiT!xXGQbjI4tyB4M@k&Iq zWbA@3vacJil>FTCbFP$ftBsKM{nEX*-FN6o35 zYmxl)0bk|X=<-R*r~8){O}guuT5%{LbV~oRt+}R#1#?a@+Ey-2b4kf}E;`5egl+Mp zPkK%tUuavzNL*IR+rL)p&anf{3g?Wy-mGh0nh^0$zTr=ncv`B0oLKw(GetX(RbOF! z)NOBHS9ougHUEO^S0~-wGkyELwSOXhZ;cMPD$E+%v{EK`onG$Up4$!Fx3BHoTO8Q; z$vHRYNzdo5t;J$$|wppjNRvf!EF(CJjug8^~#E2icxp#crm6zrmafsddgsW!1#)EIG z?qx4FW_?h;Bsg4Mg-?rf&moRCS(fVVlAk$Ja~=fCJyLVKtH@F=@_47rH09iBE7%h( z)mHC4!`|~mzDjjwhsJ#abxG6E&s$bDKb1Y2F}FvRF>*m!>cn&GLE2gmI>VnxN?KU_ zy1KY%)f&Z~rsy53)_tl!?O^$em2=ML<13+IbYV5 z2hCO0>F^NEoRcSJ`TFOKyoP!0lA^7vtXz%x_Uqe(9b5Y8w7UG!gJ0KZ-@N4TAl>qq zVU)|0)xt*4A`Q118Ca}&zB5tL+K6HGc5cOU(tTHFD$TetQ+kqx(yoNctF@Pp+h?ye zuA9lWI$M}?UI6E}^&*>Rxi?ob+n%u1ep%lal{0I8WvybmN zqcoYBy|mOS=lXQLO$W_qHPk+;JX>*f-p0(8Zme5gI7mL+skWE@;6IgShf97NSDZR@ zi)rZ%O`CLC?bB=9x5TyAYVGY$`BD1u(DwuV*^4T=Zc4jW?!VNnp%d_->g&4jXgiUQ z>AhdM>)SWBZZ@8_UFE^1dD+R2%MZp&^tV;TAB|N$RQ_$B{H*KeX8kHX;(uRhPqo8U zg`K^nu~IKq3C=iWW*$D@PkYAwTbgV6qc7xdi5H%IzTIB+1wMdi+=e%*f=_d@q57JhPtU=w#aGj-{!WXEN#w?2mcwYKJC9%?XmM? zd;9)}3SmdD?pbyA)920eSgUrppE_?Z%$-$WCvj!cv8Qicc26mtx^L?j{x^3&hR1FH zcx;lwmE`;1W<2Vg@%Y(!=8x-Ve0g43^7kEw&JMffcdq?sXfxFpiuzf$PihZ$sbHjX zT25l)!+l#Xb{#&pRcz*Yr#&k@{(ktOxz6*EukM>Y4vVxeb*Y3T8QfU+JMe<(T4Aqv zE^p>jTr=;5TWIV%wvYR7^ZqP;saICVn)Q$5I;vDxR|tIzed4iz@%-MpwjaxnS=Aqr z7d&3RP}@Q*^XcPvR=;QcnQwf^Yi^{rd~oZ!SFR$Z^h-;AmH)# z*Y)!JHTC(PE21m19W}qPho({%2@<`k&#T%@%&aKbAZG zF0qq2_$2OT;w)=d#_uvuKF0T1{hPV!;7! z56R2MRyKY1HQ2lPWW(Jehp*q)ACCW_VSm8Z|C{^Y1*ZNj;#JOS(^uZD{N=qXy+q}M z$gk@+3(Bn4$t_;2zS!o>F}YiF@4fgr>Efj4MN{;O?2@l-`Leo5FU;WZd!CfA*%d|F znX#7)7HpRZ4m!%xk}!e)-qE_HlFRz%6lllX@y~g7@gmbqi~Qg)6W*#{mmVB9TFG^P z_pRz;Z}xWafb^MqZf(wXnIqx$d^qp^Er_T((Op_6N4-OnRWBEH#ZmN-jyhhk$=m)+P8jL#EZ@Lvl~C{ zux0qVX20lR{HGNJ>C@; zmoz_BpLJ#94o}?^-4oa)*Te>S+zy(g%IH_gd~M0bos-Ub&h22nv|A*vPh9sb=ekAr zPQ8-OPG~B;w(3>cth70o^yWQgX}+$kzD}F(-_LiZyxaL+?QUkUzBYI267z_OvzI%* z4q2R}Uly!7@!U^?|n#v9kG4;LJesWZ7Net6gXo~L@OSZLns&XrBS7Ds>!sM-vizBmrYvot1 z&vMVCT0~qfmPF=$`*U!|lZnx0RYeD$3qJX}Qb$+y7*m4awJi%8cvjdQxo$l5+*MEA z4#jPUrgg8g3iUb6N6c!2DwkH+xoyT)!ipk-(<)cw@IqQRT$Vo-(`JtiPE$ z{d#R^nZU0++5f8kwM#}m?dq48Cf&WWZ*i9KRK|*YzwAX?Ct9Van#TI4H0KrhN$$`BbF%U&7(^a*3%*UXy{FP8fqR-I*9%(8Lv)_wmO);e3M zPrI%D`c>UlVFCj1h4=5qNUV zvbhWTPm4SBl-TXLntoMc(i(@@JrnOW1O=J~{Y;B-T5P>*zE@50Y38YspNubjIht^I z-P)NdU*x8|f4g)?q^c+TsV%coSABGQ{c6Rg90uMyPpU#DzB=gPa7XG%-X6CNM|Wj1 z$X%^I{B54XN13Ety_?@AnN2bbxEOe3@rI4p0vXTDV86De{*a4;%2CB%Tx-)mEI;~v zqqgn^nLqdLT|M_>(e3yTtuMCk+%zfZI7dLb+VW{Smn@d-n!C2WLoUGPn2O+qS=alI zu=?FMV5m4-T+df0_hbDLL)~|)`i1OO9baf)*%IF}E2L23shWes@8hO(rp}CyYq~q< z@4WR*jDWkN#Wwz>h2QJB|3oJi`ObZQ`o&ehN0*P^lbmoTE9_Bp zLe=s>Kcg_Kg&m7+XWnzHeKx0E{m-lm8&x}a?!Iojv?o1Tlf}oXh(GIuL zm@d>QGP|U8#8{?r-c&Co#&dO3Z5&UhZ{OUOBJoh|i-|F&-caO|xpGgnTpYEH>>u^cH zaQ<4Bn|-t53bd9UW;^-1t7MYdJAV0pyVj&U=()PQDDH^3v*j)8!e3X_0~pUo?X)YC zvzJcT6`U^-Rm;i2*Z?T{^VRYv${K30fk4=`0}?g(nkS!)D!Xx@-M0{AS3L z__I^<#Bnvn&<{>v%o|TF^}KQR*qbA>?sh6USUgrJT{S6cXOYae2fBGN zP7c}!?XJ#An7HJeyG+WgYepB26=)n6pSC-?@ulx%jeF_LFSIVVB|U8OII(KGTudNy z^E=Uq&g=2%7E)G z?4anU=6l-fxS8h^_qm!~4%vD6eb}=@-#nJ|HlE3G%bXL@!>jf2s(hKF-Td@2eUqDx zDoq}y*KWVsmHTzp$+DR_sczYi&NKhJY^QSZozU^{GZ)@5SUwm1;(vI5$1L~mHG&WJ z-+I&hRDEwu?8J{h{>(kNFQi(%?Q2GPM?b^2^XzN$GppY2icfn~8sd0jz0w8KyWZZ{ z%;JqrER{`f%(ZzHP`m2Z502aH>($l?yEodHJeald#mCpzdh@OaoHE#PTr}$V@oC(~ zkz0Ju@8LbP^FIT>*N2zS{dOKZZoz*iba$@R`L{_N96EgE;XdlceI=>cb7Q}4O<(>} zcXbTgEo;7IoAy{fe$6j(Ud1fz-E3*;IUy_Mo+`b{JvINpT`lkG3I=llN125G45fvW z!)Bfj;``mVZ<=+)+z@ev#|&RrnEdto^nv51mq3-&Y$Z#XDLe(n?=nieWH|4N_A9Wx z4cTh+q+I!mzIvC?v~7pN9-GeBy|bMwsybOxzT(ST%dgeGYHAh%4(Fb|kJxUfy!lGt zEXmNmDt)i+8!O#ToZGp3x0)OGRGW0UuZ}b3OmOpjAO22#p6|tNf?gkwXD#~ZDqOSQ zT+}~#=AHEUa}LiDsx%FH=5a;loX0-_E$^F)JZ2tlxYxWj>AdxcC)#t;nP(mIxzrMG zsJD29%i-Kj4;y~&TqEmdK67T;bi0}Fw4Hn>sC|z;Q+zh{Re8Tm>Vxg4liQ9ae6wrk z-?q$b!Nts_P3r^u=4#KnZt9(R<7m!(!`IQfwwPP{Y|kk-ckqvTzAne_xu&@CKJBi> z8^7G(l-OQ)>Qul9x9Y3ft4sTIck}x^H{J28WL~gIyT$KCD`IcIyR+Lvy6)pTu1Pt+ zd~EW1j17C<_OE;Q6EDx3I?3l3z!d5;`Xdb;^#wAifhDJ+u{D_(}4))rf#*X9zHvNUq8Q*h=%g%}cRi&%0Z|77vX=`aRefDBqwF=Dx z-`D(9(Ycva_(y5YCGDAlmUp$q)bp2Gu?8!aH@7*1zCamH96&8DEjm$I0iC3;_Yzr&V)>!d~N+reoo%yY9;>z~s(_0ffUpHTya^k(Qwwt5v<~YRL=(uf3@WUB33{oCP}rd*rrWpdv#=X$Kh67E?RI79%Euyx&EnOC>MPcza?zt z@;er@uDKSt-(_C7PR1u+?EIqBOUoBN+cv$0wKVvOnC0u(zFCi|6Hd)ZNRfJ|yDVtc zkskeguh%8jdp|TCX$YU7eJtSY(Q{?{1MzGr5%H*?(r0k#Vd=dC7TGZTX^qXXR!0aNJ|Q zw8qB!@onqguupegj|6)$vddboju$QA_7y*VZP)g;H^~|6A2F)2Yj}QNCw2WB;}6RR zJ9xi$)Fdk1iP~8qr)mA7MFRxKo zd|bIdBfmxENBhIObEH}uf4bb%;t#rGmG_lSL!qOx8JJo5mAA5$yI!P*01VE^>6IOJ09=(xc^{%mwxH8*rxYf+q{~r3bG&S_sMU* zxAVjIM~quOtUY}1Zpxl}UNWoGR{Bk~T0K8`>al{IzZ@U_XK1S9`f>8Hw%U)zNAX)T zC#(IqeeRazUTx-Yd;T*t75)f5QWX-_|K>l#BkR4^Ash3Jq=T(ZiVfIVs^q4A>_70I z;kNc;_CtT2bd`@)#e6pl`{63o#P#^nzLh`pf7iX*XYz6Cyy=S<^f4=S)?K-4x$?(-*!NcIzjgf2z_S0t{-=kggyZ7<_*#9td@zu3^R=?GI`hB&l znpabi#k%BwobMm>ch_$&KcfAgq4B<`Nrb*`aB=ieeNLmE2kYFce$75Iy`Jx%W(Cu) zT;oIAr-_@fE}nO@@^@?)_<{Xse%tYf?Z@t_G4cd5@@#sn z9aq2f->F;jhkmd86Z|3h=%>@^qW5RyJf1QouK2*)sId8)`8(E>{`T**6S}tUYp!_3 zze|^v$Jk__D~#Lv!Tp##M~!Li${*Sx+auoQKV{&INK=k}`t{Y-vMO;uyRQ?cuk!!! z{_(ly{Dl>(?w{Tp;Zp48#`o|}xH9`6;orZNj|Bdhb|_3t;!c#?@t3jBkF9U`wZ1J^ z`e+^N?#P51+pSk@-hQ)KGoP;}{>SV^6_t~ZTsT{tvx+gnf+2jR@2=9QSte7hQrnN_i~V^2XyFH+I+a<`+TBgQ>A1RX@9f{&tzzx5>+F`OhHy!cJvdtA1+Qw#M0W zZ$7BizI^yNH)rvc%?2y|z2z1@cx&$Yf&FmzdcGgR#|u1HMBna|;_f^!xsLM~zv*M< ze_W!E{xh(>y7nJ%U-Wa-l>cab9II;+`S7ll z_FAoyQ$L$|-yd98essU&m)E@^w||^J5MFS|@A}Rzqfqyi%1bk9teeAUA2Rz@JMXl6 ziCpO}{++Q)??|c5USQg{JzM6*#oWn7>82kl=4=-1=zcnNBIk{#IeQ#GBp)_g{V0|@ zBz)?_pUPn;|F~9~t^IiEz>h_brTlGyN2t z4@j+@Z9Fgfc0)$8!$sEKH9a3!urhu7vQ9s@d)C&Jx!a8To_D>h-xB_o z^i;_R%Z;^_YjoHo)QtMYkc zD(d`2ZmaYPMmSF@`?{Xz$Ki+ivK3zc-XD&$*`E1c&nRJ*`Uz!qURO<>Nu6GCdS%DgjDSt+XJ5aNwD1SxN9Tt>_tv-0mk@BwICG5q(f-1p4`%)T zvtMP&id%lyEg#3;onMz(Xa3>n`or(HS8!cTz0V;yqo6vx^T%}m{nJBo(}S->`0g)O zY3Wu znjUV__FC!qTkqJOkJ-*lkA7rsPl%CGS*+S{!gS?>^L#IVJ=^`Qd-{ai6OWynGN12H z{RitKO}W~kJ2RFvObU9E&?8^lxMFSEwGfkS7gilF)J}LC zU$uWljq`_RQ;ROf+~kOnIeA`b)1Smg@yvgsH^quoq<)&}gl5h2xYWkDooSC7`_396YAIbOpkzcF(C2GmFx0;7HZDi^B93_=~BJYu$+J}!$ zGk9)S*nPcF(fnXm_R`XR&R2}d8k}ynuU~%nQMvp~->CxIwp#l`_A(`N4cU)quQZi- zboj8w%XtU>W}51^?^FF@yJBhE;u5_zdche#H+OyFXL>o$>__nJ(J0M+#K)n zBkj8HkG;$PE{^@Eesc+z`EkSdZ{zx}ibj~{SG?$vvE`qGHV05mH=?D97&ex@6BlVYE z4S%!kp!9@j`-kx@|71VZ{L}lw}?MF_nbR1 zW_s|K`~Nt;F0b%^*ngn9`>)gQQ~R&jU$@MW`F6Cn_|g8}O*ejon%qd5^h%&eg?kcj z<@-bPZ`l45`6K(`-pcfX%kJMyst?S+r)>J>pXl_1)2zHQcTH~(tEjj;_1UiC98Ns+dkaRxPC2g_VJF&obZYL{~1Ed zt?qUIw$J=0F*)kP`*u0)^ZHux@|x@951HA2m=b?tmvdvugEidqTAuC6ygKXR=9H=Z zx_f_I`=x&Dbgt013$Mi9mnct?ab zx3+!VFPkC9yER*T1@kF!4e@K+dgg55jeK5a&%P(|!RhMWdcW--9SBLXG&s7{_HM^_dD2&)dFgKa^bfNPB16p4~pDiuazc`V`-0C4OXm z=lxs%)U!3?Bz7`9=itwJS)==~ztbxC@3KplOzDflva(!XOzjW4@`sggW3l=4m5V+3 zQ%!ZEN{_8v+$;6%#YDkd-r-YT*V%ovKm4{%bE~~U?TQC_@0RW5emK3;R9`gubjimz zF%RC!W=DMLx)pQ&T8+j&$(i#UVnv!n=3Tw?!}$?gXJT=_+RB9Kh6`>jb@K?G(;RcW zH~%YlZOP3$F?l!af^T%4+sf$?2B6H_ucY_PF?X zPRIQ0#&cF-ax>L$DHX@tAo?_U5q*=*Pgt*;@TaXUlaNwrY|<*)3W|u&-?N^W8T(v$qyZ~&g`jJW752g zTTS?ohq&Op#rJmX_0r6Hs%!J^c=^+)L*ZAZa&OK)y78rc?YG<9TPEy0$nfNEHgoXr z%!vsebx9V9FQaC~H?33cvJF(t*NxWkFN}!Oy~+}&6tZ#0&%o-c&#@sl*HkOpM|@~# zJGnlk`23mU7p}Q=7n&a4H!Ibe|Ksze*{`DJEnIu(g7HI<#Eti6rzb8uzT~75@4DvZ z*U?93yS{iQW!Ea!T=c79SMaANLUmiuzB0U5@%u>d+t>{U4<|2N)w}l9thGNcO$rOq zZ{S~AGTqh2bdk=sf|}#+w^?1gSng;m_}EVS!_N55iMKU=mi=ewP5ZIgarfn~Q>P~L z%s9;V_2!nBkN72GUL8_$;l2@;-|;?YYp~hMRxl4UlMAvSp={qPnef!>$dNJ3I4-s||lg=Jfnj-T#t~7s1hVe0noh7L; z^Vhns%ZgL*=U(16IV^MSt=x|*W!aZrY)1 zaWcJFLdQ*H-qq*d|H)k4lD(|;@twKJi7%syUnR||61;nN`J|{CA%C?EDf``K&f;FX zN!>+#ZI<7qN;Pvo*5azO>!%y+4shh1r(KozWJ|BLzEJ$3HEM3pcFAf-Z@m7dcg>F9 z4lFIUQ9C8{=DkwXbGT(0Rrh)dKe|hH`%Tl`FW$dBD6Qr^i9Kug+Lv)MKic#3ReEmUKeD^|_%V-lWxU}r zm-J@)?woU0;vvhtJy$PJHk{Lo*MRL&g&A(lEMZUec(dRL{T<+`Y8%I}5&J(*@h|Sz&*xpQ ziAasR@kHv}QI(`uxAI%}IP|9KJUf?E7pQS8yY<>0+w~RUff?%lMvSL?_8P`M@6>s? zKVR>m*G74jmgLMe(mS`FHyfow#Oh7t`e>x8#fHslz6_JMVALcpZISCU$d+;?s^#~ z1r)KbP05({Sl^`6`LaQ2GV*|Izot(XDf!^KyF+n;BOrC#M z`L4b4*+;9O_-NslcU2Q>xh}iUIGKF;^2b%@cg$f9S2?U1#PMjA2b)LK#EF)+#>b08 z(x)aTpZD5WXeQEgt@O;t1u8s~EFU%a_D;*6@u0+%`<_IRb8?^NCZ7nI!ik|v535}~ zxq{D^b=JqbpVrjvd>ydo-IMu_zNyk1dkW8KGI>Q8J$UkEwbRq&$GbTq&nNa}tH{BtlCi!*n(uoD-x?W*c;d>l2Gxmiue^}`@OD2KO`f7J|T5n6;{Uswwk3T zCU2B(l{45&)qdU6xAdZM-<1egm5r15STj_zly5m&J~makcjjP51XFB5*4m3UJq6lT z&wX_zr^|aC-`TL+=&^)}l$+;FbKy1V&kD2*9=TfNd<YTojunQTD#;8lGV0s6%@HN?WDxZSt~v)d;fI~-_BKgC-P|>bN$+~FEin= z=zJ9;m6pvVuVbZ;%gkXtnRsjC`l|&;(qH;oOO`71h4e;Rqy?*X*%MP7XtL*xNbT3U^<79+}ONyR<}i zd*4-&j8oDYMf@^hXLLDZ1Q=epMz$Tham?!&|6bo2YHL^aX6HWdpOFx(Z?fX)la<`J zwq5pj{ps)`W4>Q_&#LVYe_no?Vz#ExYTKNZJ2W3NZ>{{^^W|B~KH-9|$GyJx2Hg#> zDJo^Yv{PR=^MWTcyHA_MSuV3Qp{vHv>ZOi;i}js(I!E^k-&C(t8IK);!jk->zW7U4 zR$)Br`**R_;VCVKuQ=aE zs%3Ib-u~Kghw{_s>@t_0xW+pNJ^Ig3x_?H>&(5c=0keZsf`6a0z8ZPU$yjEu#qqUf z7SHEY20G6@KIg*Xr2M5F@7~LvOgYE#Xl^n|qgw5i zmrSayMXd!44jkXAu+iWBq7W+*v2jklRgpP+0(W0a-&U2lK-Gkq_WrLUySGtzR|lgY=@Qg(3Bfkj@o z8CA?p*=I{@a=H5z|F}|Ad7<}EK)LzT0N!)UCBH1&F5S)fuK8HVyuVtr{f^9SdA!$C z+l(XhN#ECynU`$OF`W3i+Hy%#WMdNZ{Hj&w8+VucM^(qTot$L(bw!lNjD&5ruNEiI z%UHg`SD~Z*oc7%P+D7mF_!I1^x+9qw!EuPi8gre02^TuyYikY>R~p(SOn<5gpi7hN~H zv*&ih)JBWfC)cktUG2Hwch7vsCL)^0Xq#DZ(g7Cpjpm4Pu=|2$oC@6!X#-)rv3{0{jxp`zZWeAne` z&m!j;#Z{hHw`EQDiOWvUyy`6~Dfur%WrB#_RtNpy)XlrKbFACtqlzVG&U9^T?V2{9vzeW^Rh(hvlkKK)&s}%481S~qn%8UjWIIb854!%xQhxsOETQfe zo7F{&_6k4T|CYa|WMz%zqo;>XetOT`pB!U)Z2pQ{Mt@iPOwY6X5Yv>Ua`{$}-UU{z zf>Tzr+9ggqN1QyK{KeY!@78z!6#ku_mHy`VqmoRMYKg17x7MF~{c_&cCviF-u5~~B zef64+WyQspFIY0=6XxxY`oPan<9^M?v~E+=d6pWl^?$W5ui2;nqyCtbai+L1%hW5I zp7&gz8P5Fvo_eT`Q;*+i-<@q4HNSH=*X$8|J?qfNDN5eu+jq4z>VMeqpljj6Y;mbV zCF7lpkJ+}Xf8^b^F(>z{1!L}f?ds~FR?Fat!L#Q0vt74QGr1cTshii><>cl1_wq~M zOZ)C8+JpzN>I$Ch?Z5YJ-S^}3*mmZc`TDUMo_spJVZ+0Q_4b#fil`eWz13hN_5ckaCkGAUOP%$Z+iWX*qSf586a_qXOfJ~~h6vdP>!#eC)c zQ}dO#aj#zc`yg zoqyavp8M_E7EqX+cI4;Tb9RC8hJUjEF8-tZvHjSuq?b}puRdFq<9*N2rm*jBYr@Mo ziK}1N|Cn{&`ar`2A%GP<PX5P-4+jA3kq~;yB)qb@y zTln~_t*5s~*{v!2drabF#Cer($F!$kc{+`A$!5co(qgCc;=XQNR?!r#|7Gc}XErkC zHKDpue@l12-{#qBEHlB1KkJ^>ab;s6mp&VB#q-WxS3bPGQ}$h7FhuJH^Q}$ml?=Sj z?w?TD77FXdOD-( z(Cuh;iJ#M!?!0n$LZiCG*LC&jD=#gtxN-X0vnKDW0t)Q*##i{24Y*EERkpOXSe7+^ zw|mkb#tWtIBPYFzUKl!M`>Fj}|4diiIJ)uk9myw2?dtM+RUgB)$VPvEDYLHZ5o2M!|oMyh&#COkQ?fmDg+tO9KeEAQbek2>Y zHgS7-outUGGL!cV&i@%Wx2@)zy)3^_{a$KttE|=a{eP@~ST6Ws6n14@#NI0tS(Dry zXB}JW=elsM>Dh(+ht{*kzSxx{>vd)6fewL?kFjri=UnfbSLdNF(>K+&Z=PN(?~WYC zp2uA;zQpq%J0QugeQC$iz|EHzw}B4}r2mMvgbH1!}I?;9Oh#IG@)`6BHhofGip=FIn&0K@{_@77KdEwD{v2a6Q zyG@-b&%%kEOiNXpCZsTLR9kiTT$s^{gZtu+P5336m#%S!pJ}sxp4prwb2rbqvVHpD zL>{B!qp2|`zDugvH80KeQ(2z0^~p(ni@0j2kC}Ra)@j=5WmA;<(ll1>y0%l{I04LXjMLAn3<>kv+>cY*=VC&xhUdNgvqd#Rrg+xzomZl6Mx+SO^NoA%W8vV^_aAy!q{Sp@2`zHu{L5O5VIO%a<`_`yZXi-EOiuSMuwsz_jAE5-+mj zUtMr9_qh3dsjKMxj#8Do$tgAacIIj4KLAbb9urePdh6>#fp)b!$?x?oOkV_KM%Bct z?p@%j#l|nOX0FQ?i>INRkCl4IIvxHV-kkV8=FhJ0Q{IZW&iL6_)=+%5TEDMGp7q*X z<6NEx>5V7X#Xqb+tm_@}QE~5;lBE&BQ}q9Y#$D2~nqhfzx}8vsPXAG%`i$31;jPhH z>z33UejWGl;e57;mmA*vmO3nO?84$nSa z`{K^cmv1elU(;kvMW6Q2Q_ZPuk*D>_ab*i_2&rjCeL>p_A(x`w_3d>)v)UU)z>r%DuX#^2LE)UGJ4Y=;Y1**5_`y>bo3A$7+S1zYJ^c z^vCnh*t)YjbA4XC#x~dJuIEM5Uf8bM`o6JLy3FX-^Ztjc>cTcAtkFwIY(Dtb&uHhH zz@xz{@^1U^EBsUcxOT46D~o8o$9+53g`E%J#$rW_j$gyi+u#=EnEE1ldIB{H{#i>opqO- z{EV;vXILM#ZMNA%&nJA@Y}ed`l5N87_N)?qYV$GZo5gCUV^i3h!q!E9o^w?@=hMBf zMQjIGH9kM@cs_r(YGLS;#tBcFqXa)y{E|}ZRf$~?YFd|GiFIj&YUaX-Z-AiQtQ_7c<rel<;^Q>Q zynbHhM!WE})_MN_8KM?=MC?nRpmj#WJ*w|&0f+6YlmLe3d(}6b4r^Fpp|*yTtBG-i z!l8MKmfYFPA2lhOeRhWBvxPd+%e^8+EbL8P{O(Eo<+bSLxN-2{`JblT=}WzL&$C>i zJ~?ahys6HLWuYu`TVtQv^wiJGnDns7!B$Ir!h;BKzCZ`#NX`U;dP=7vZp^;o+RM3$E z-;f>c8OpL5JDc4?Ivg!UBd@bG|Es#z^2(rMm9d7&x-+*fbju|6S|~kkKEG9gg{SoU zQg)`6H||;+<5C_r^K_lMx<*$|cb=HfYQF3w=be1nX1`Pq3sfE#y~tMibzxe~+TXr4 z8r_F4+jo{!7jNxL35~P<9H$l9_1^x7aeQHo+lQm;JO9|4&9pohGWEoH(~sBt{wP*H zloyH3oUWh|cIxx3T??}#p7rdKx#_O(;o?mBMdX9DII%ZA7KR zUG><*djl$&4K0;t-4gRS_Z0 zbp4C< z)tyaOc0J$mI!^k*{Vpr@PEqwsTSd=>Hio~Bo4T~ded?QQw}TiD*lYi)&Gzs-Ui|c< zWX*zE8DH*-A8q<}cPsb(yC>XgHffvj<{z7WYiC(&*m-*mxvA3^{g~~(zx}CpbJLl%8p+dk{UE8U6nq}Ezzq-q)7on_TGRcycX;o_o0 zY7(se3Zc2ehpo!nA5Y9VZGU}E=;ReQPiN@qrgP0*ZRcCNc!qn9bIOAY=6*KYbx!8x zP2Kae!Q$~BtvTO#QyF)-^DOV%`zqHxeCvko=0@(%3QvfhykBwad)UrgvtuWxdLDat zt9#D77LU@`J6w*q7MZ83Fo&)+HmQGY`KI<&;NsIc>kBUaTvsjVw_U(av{3T6<+{wx zRV9^H0zZ8>{JitHvF~ftw`a$WU0gPWiQ$0U*X2q}luOp`Ec~OilV2ix!kzu!N>?$r zoffFu$`{u8I$^`-mDaj z1tHT7zgqa1E6!J4IninY!*SE@)%p2%o6N3VJ>4-qW4_8aS#7Cr@`k6{Pq5E={?zB& zhYK0U4URodX8iQ4)Z|4;W}d+rv!2hhF0~z!E=ozgWBlXF>~9Nsr^*)kPgSWZxyZYB z>(V~uPNV8=8k0i0!iv7!e6Jv+=`)Ef+vs&>0Eo6M=z`Bd`wB`t$RM~ITWXrxZerLlS zHi_SNPrMAylqxoPbW7u;&W$K3_fXS}yHkU`D(5G3ynWw)Y{8z3>()A(9TNY${@7lB z=MP ze_K_yT{`fe!Qih3SEzZe#Hx(DCf{U5)=TH=Mp?!Fjuu*alBKZk*v2#a&CbU;EI(M} zY3(SfygqAQP;B3Azw03^^#;9r!%gq~vHo#-eMNL|hwA0Z=!OHftB>d8OYFSm##$of zw_sizH}9Rg(7^8=b4`QH(yz~x`*C@B#U_*OX-_@w-P?Nc#_MT8r`Adr@LSquKaFSk zvGL0^yO1O4ec2aG=F8tb$vI8Ce|Ew9OS9KhNUT|9bXDG=dxfe_@oyM+RS`@LMHEg)W!S`FJ(pb1CJ-WWXC6;m=~;8rEpzQDCz93`me7u z*P5Ic$Xxs;h_SSf!IrmD@ke{&#;LM??q?id24>6`Prg(ts8YVe=RZT#j*!h)9;}`0 zd-O$heRJt~fr`*swlHTA1TY{Yl#+Y)EIOJxseH~8^}{k!ZMEI37v zkI%Qbj``!%wgtzy=eo+|O1u5J`nKqj_1W)Y=FF1MGgtR|Y%%pKe3AC!p>Cc|%7msj ztI8OETt8PY)U9$ZFUivKK>qW%p9bY+eNSi1ullsVrz&+$-X)`zJa_oL&h7T&`L^lE zo%71ue1BLo1Yg@VSIW%8S@VR_hIv=q&a86d{8_tt<%cbtx)WP?HuXH(qq)|9!?*a| zCN}0P&M(j2c3oFeYZHIY=eRr5&B~`;ytib>y~PEx#&Ob>*+m^H@|AWkzpM}cAo_OO z;)fF7drT78l&@_+Y;AmO&6=BE+mH4-KU&{kT7d91MQxWvb;yp|K{!R;)UmxRg_KAGF-}Zj7 zZ_fG3OqQ7fdzP#a{qxbSXTzoPYtLUAO@3zA{CB>z$Ay|W{XO9o)4#oy?2%-1IA3+= z$H5Qm5B!g)O?n@E;jPNl`9&6iC!Xzd`^f&bdeyCphjmgldLK65i(8a8>#n$U;rqCa zzwK&Lum4lO9ebnV_~Gwj=G%@mGaH^i{qk*8=#dNacgnhRYR_w5SP_3%p8X4VcRt@a zA*TH%I!Bx9M4$b-e#pP^p2q&^N3D)c`EW1BGE=Rie7*nPkLnFy`FYQ0ugEOwKCxJ_ zyzkHFnD4DNjvt=+3fy@0T~qcz{*)b$*H(TGEDF~O+-39G|L+w0wEJ>*&0D`(PPGG}j(XmIXZCZ}r}OuQ=RP_cCq36z>3){*@)wos7uYFO7`y)HOw3MaF_d8D z-5%Dz^}=t#nD%b_R7>&bZQZ}!qJP9GNWU%0)3RH(*UD5~;zeJ5%DV7Nd#Zn{{aE$p zmf2R()yw6wytnip+p|01Eq?H6dw-qO>+-Pw42iM7lcr2?__nU{O7YtF zN25>p*{pU}fApW>Sbg^``%Y>14`$PKtZtp^EEL^6&7I{d(_Z#}(#?hq<2`#$bJ&VN(* zk?5X%vOiYs%AL27bz?r6TAPk+iE9$sEi zAJ|~Eg?ERt`Gvypul&vb8N|NszPkGLQEb-sk;iU1N8>Mt)^Q zwExG*`!;yqmC$dPDyxBa&W!YHnFJ{ z)#qN^6OD=zzkfVV^ z3iGsQdW7CGJ7JrB%+9pJ@A%RC{Et68o4t7Ue+Ih;lBy}E8|TMu_4oaey*?w3IiCAR z-mhq}h(aEB#gJ=LHkeIU-FsU~^XTfm=NCQuvHS7te9pLRIe|-|i+4H6Y1p@`U)ooG zg}+;OPeSS6DC;?!e@;FsHRrL-wf_unwy&?r{!zT%|KajZLA=}a*`)J% z$D95LT%1$fb3O6H^KY#`Tt7zp&eG?)>ux(iC3%Ii+J0L*r9W9e${)S&=U(zB?uWvM zdwcfzp0SJcne$j#^h^7J{cL~qK8T(@`n~bptZUjc4(6JLKeaf)5Wc#tJ}P&m+C-zZ z=_}vc>HaW%$S`rQ83=~jK+tIjTd6}D+(#`I>Dx??-E zPk!E2zWa@O;MU^$$MHw`Z+>^5b=&2~#@ck2PZK8i{h54w#fm@L3x5cEUwC@8q+Tr2 zd+~n56@>@Bt_y#h{)Y8Ies3Me<$Qh9*)vK{L?)$83aUAFe!thTkLUjg+dryr`=gwg z{;*%>%xbRna|LHKoc^-vaPZowx<7uIORlvCul{lQ;eUqqH_xxw7(U`?nYd87y1?Hi zTyWXHOS|NcytS)mkGrQk^|Mg7f{lD(jQ!i(4*@l@m%ezI?2UWmxqNG2rPL%h_ux43 zMfcrIUsoj0yg2Wrz{v~i{EXwnn;!0x=rWp|&huPjeppmSSRF^BscqDoSDMmHo-%UP z*LP;^-y(kCeD{2g@I&Hug5I`ar*7v6-|j1CJX#UozE7&++G(fxZu_s+-A^s*x^Uut zrLpgaL&DxlGwp{t|i4(8mH9Hr5m^?>ei>6&tJ=-6XkIOsP<&{dxa3oBa zU99zaV#Gh~AMe*yaFt(Nx8*;B-MgD764)G>_KF{_v-lW$uUYACMt@RFVe2v8*sVW8 zAKrhn^!gvy^xX2og4^A@nhLU?7|sxTa8*}+#ud32pU$`5-%@^5U-HKWclpCB(zk`G zH*TF$^=vPD_>TGUGfjQ-|8j*q%)Pov>)FC3KeP`-oBH$JJub7P;o>27=ZJrbZPB|| zly+CLT-f|>@;uj?uQ6t7Evk~Io-TP4wdKRv*V%@z%j8rh-4$SLeGtz4+rNVSn4IEu z-K~4g1AfOO-9BB(_;dQat2bk_s=jTkWu0|aLv5f0VI=nc=wh zmuEYbcIxJuvP-X)b1eO>a_e;*o1Mz#J^97o?rT5mn8#d|w5RCzH}4-0i_6}dO_bK! z=CbsI|K8fGsSmtsjSk9PJ+e|y_LTgT>zp5%k5uj1rywVH;j2dCloM<>t#ZGtU%tHO z=*6Zf^LkF-IClJe9m|L3$Kr1u_nsc|(XU(fUcXA?vY($$&a+rsZ7=d_bH&0vfe&>T zaqltMDmV3VP05BIt4k|vr(Wzh z_+{Ph2mcuw>aH(v&Q$R!J3U!Zz9MbU9lwxQ;Wa1j-#9(x<6q{ZVN&`XZ}axVXDamF zD>&+&IB)A~?~m&rmTg}Vb?--h{M3}sp{c#QG~NgQN%|p}{8)M>+w823Cs}M}95a`C zP$T`@;)PVs`Qmcpqe?QTL>|vFkg)oZbxyN-$>k-Nul(xCuIIM#T;g)gyx`=F0~1a# zSgu^S?L%+x1gX3QhnZW#UdG$~sFIe>E&Z}Od%BC0nEKs=zpfYmXW$I$eR$T_#QOI# zo{P8>7Zw+do`>+&6c@kCck~qk?O;Y33+7yuHk{Q}E;NLuR}FY`YMt z9R2R6`{S7B$3c6*vPNU+O@pv)@hX%o8O;fj1OH} z8@lbhonUu&#;>~9kMvp}r~Eq>79H@I>-2$V>!Sadeq7$fHS)_<#;ezc6g`k}n&U2%_a!PS5HeXh^$I^<+^bf#Ic*gusY z?T-Xf{~!}3C$+hU^y<^FlRj$1I{hx>t9M~`jQz1WsLEurSv zca#4N{6EegmRhz&Y0tHU>GoPK)^n~;)n0ouv&^pYV|~w_?8QG8*>Z_YRoMJ9IeE_Y z1RKlZH7_r`s@k{ZQjE8RMe>EJ@WnM=A9Tv+X}EMBTCn!gO3!bFUFUyn{4gz__hw{P zoz%|H`%7$IOx)yLm9%ZKs@OYQoq}m{JeS1-1iL52hTF{BdikZC?1yQ)7oApJHeKdY z)YJ6dU6Wr&?&|IR*8i~m`qpf*(p5>Xt`+@;POuY|fLtdZy`u zOFQq@=zdI_xu{0s`Wln@d_Rqrw0gTOX8C+=$IUvk%zgYH*3YfmG0RjrQ)b?l&yRku zZ?7}laY64XyZ4nCj{{#6zOR!kJOGbZ^$ zxBo z@YnU)2lbuP>cl?WioA8(a7X)uH``+T>9UJ4Fe8rDyi#3J$h)Y!6PJ%qd%*Reo*S zWV`OgxA&~LlptUoy#CAT`FtTkGHH z$yO^)hMlka{ML2(wtaJAJ!hIT9^YFwYw9M)6_wj%oO=)L^zIN2xSq1x@R6~?v0Cj- z^NwBE@MBT8>xRr{)2qA~)Gw`!*>mwW=i?mLIs8@Aj|TtUa&*a!^n?VN#w%B%<{0@( zWiD3?boY7@C3U3vpWu-S>A0;4YvwY%5BxFzh^~BVYws0n6&t4NzU;*xj&&(+EG{}a zS@NLiv6`5xx%&CKYu_p#pL%%Jwa!~Q^&&m}?b|*&=dV0pwD|i>Nz+47+*7*V-7%0( zP2;KCdjDYhikH8P?sXR_P31hlwy^x$M&IPpa^{Ak{tVw&wd@S-jN0b<(Dn0Ik532Q zoqPB?;KzBN4fBe*99R}SSNQg9O+~otu6EDKF}qk<3MWdOw_I~VcDZ+V_w@Ai6EX9q zu9^`k^DkL=Z|{!34<%Htp8Rrqt+czZ+rzNX`wiAzD|7Sn^p?+Eo;q`fWANJbo$c@5 zKNdd3q3HQ&m%_xJ?Z#WHXPUmOY1zst5o4&d(>M4Klcbb)`s*v<<&W4~jNqF8@!IaQPWOFwv7c%z za=&Lf=a%iZGszS0?FyOgmMfQBo3Fa3b-C}(b@@lv{Rou$vtxbON4?Hu)0u7FHHJ?N z*6V-tsYuQiIOujPYFpcqB}L_7*-s}02+s4bI(VhVPRf7M3xWHGu3q)bRAf!9DgJp? zdal;t;P7ozPwncTI=v@6)R^<$bLISG)t)xZW>)oe7AqfZ@2|{G-hD-CZ_%&5R{NX! zHM_f$51lxDV%b?9c5|s3?;G2+!&=rSEfM<^eI~8*+mkPGS8nfE^OfmP#fDdos#Wu= zwoRKZ-qKyLaAQyU+Voe3_bYu16D2=Cl;7L)oq5M{UY=VD8(`zrk3*L{GeqHg+Q|ej7jMA@1-B-Q{%nqxo-MdP( z@ZQ#*b?K**$ zVO;6j`>*B+Us2h*@65IQgX#;`=jQXjj5^j+x}P;(_X+d+19cx>$AtHk_?m}op6t1= z`BbKO@99&sX6$CYc_iXiR3*RZ?Dt)+Cw#t`#yz^{;i$uBmGFJ}%Uh-Y8QQ<5UAigx z`249_*Q|R{re|DPDvtYvc3RJA{gS|RyDsJ`TgqpP7uxy3Tc)XNef;ux-q(K94Pj}n zkJjluF^Rmqobj0dN5)v5=2I7z&e1OX-ljcct2KxI--ky_FKqUHc$4!at92-o$Fs+0 zCce{hSlesn)^sA~&|c{UU)HSca7_5??zKC;PG_o8>Zz$ek1y40bzM@jHedPH@pWz< zVTUH|T^%o^J7HG?+wJCgU#CBeb-EEfpYN6bF3n9rQMWHCP4_o?d1*n#b!p=(UB^7O z9KRjYt-C#=&i!fQ*A+FsOQN&HcuS?zpPsb%b@|&%udHr7WbJo@F)$Mo)4_Qb0?+s?eaTI*UBeng(fZteDDt>*Gg zT76)*Ka0$zeTzMoZaitPpZ8Vxh{)6WshRFMj3-$x)wTtAvpjz3>Gst6#wo+ia$(c7 z-3z>AijQVRzr0s0abnhtLARJDwN`ys5JMT)#vk%eQRxbQa15bU3b_O^NFcR z@xWP!Tg8pd;?CzqA_Py}%Luz(uqR($VqJX1k19p}@^ry_hZ*{=zC5{j&hxa&XA5^; zz97S~v2Rb1cR<$jt~FAvEw6bG%e-g!*tKW7YIkly!uwRX-gunPySg#G!t?i^>N?X?FRR*T3g$72Zci?kpT76Dti{SG zvpVUKrK_Ma)r7P?hn5x2GK z-22nTC(bi1oGWlKEB9s#d(GmHU)FL*iW+L4uou3*HpRK(-4cnaZ_D={J2NfL;p@ww zsIIitaZ9{BCd;5Tz;;(blKdabS~y=Cs2UTkvpO;^|~lY(PHsxPn1 zy0LNd<7HLBZ*%5F8gyT{wxlX&;unR0iF*VC9N1aPmRCyrbo{GzJ9>g&wUk41-le^o zH>H;*Z85tYty8h$sl!a}IC0=)_x5YPjoCW&$VA0Z8>yR@*3S)C_(oImbaI00)sA0RQd=r*UvB$8Uy;YsROHio z75QUx-y}Ur%le>m=5yf}(bL(h_67GgG#@v;=`VFwIEAO`y85F{8=__^F-&myworT0 z)(fBBOTL`;pCKcYNvMh^eEyH+Za4ok=p0}veIGabQLNY9?Z^U?Rk)YFO* zaa!vp&Uv`<_}%DAg}HY^o%0Ku!X6~d+Fz=5Rx#Xvt%-Zyn~ho@FLl32Kjq3cH$!C0 zb)O@AOBW1+;jyxzyzBe;D;pQ2~db#YpQ<};@xzinv$FV_zN`?;rjIfHv?-fQCZO#_-d%t(i^E*Io%ArMe z^1C^ob8Oo2IPJy{bJf_T8CNzS?rhR?UqwlQnKA+q#BNdFr1Se5RenTr{kxEJ2Qy zjZb4~sb)as+lX5|7vJ8gG|dm+VYp3j^OrT%FR$ns`R8Rl>dRC~do}5}itho7moZ&U*@=PZMJ^!?B6(wt|em=`+lS;d-VA^im@2}ah%@kV#7JRi*s zx?+BJZ_ z5AqAwoSt-dwN>A+Y`c7aYig(11DgW^hnpuyi5sjr@H3gwUwLb=*{OGHx<7rlfBxsQ^9}ZhN(nw@ zrga9!M@z(d3mj`EEMZtuXA{Q4p)lhxe|Tcg7nN&YcWqs}>!7l{LCOwWO|uJ+x;@f` z^6ob*f1*`&b+)&$&NENH;^t|q3eNIL-ttM7-rMRo-Q4VHXN#5m*9uw3l{?&vFQk3A zwsLia8{3A>O+HT1*2N80vp(;Q_PU(&?X2vr*3{D?F}*jBY47@x`H}6t*XDlrZtq#i zPj`9kIKkz(hF9y}xzIhXT|&#=HZlHTw&maJl5*KB&{wAXUE)srtO;7_*VZnZEtkA& z^ByhHayI`*rZ_2fe(0!KC>1gg)!g)wN|F5pLU6 zS`QXfg?w`DGkR(}J!p4qxL1$qfvJfSuC`3y*K2)bns=OJvzRp7QDT-<;(nz zY1gj#OV$&1bsT?M!|;bK~>?e}?M|Do!7blm3yIShu~(bdS{hn`iQc8$UfMW!mSN zra$kZb+TM-)%*$j#r7~is%N}^H!9mITF3HC(5eq^*{4i9g~F5bj&|B@{TBb0b@j_S z<16pJ+;#e;KfmbE4vDBAr;pyUz29Eiz1rTy{Qd20=G*GCe)H^GvntRpdQQdEQ)lwG zyiZzfW_gT%ZRGYViPIEwE;DcWbmK*~mB(}WJ<-WcmH!!}Iw}iXR1I5fIp1Ypw(!-s zyF5obWm|cjLDg zm~}#m--e~^kmlf@zcg_B)VC)Mv{oiC8!rEOLMdZuLd5oaQPaADHpU0+m|n;!ZFu|2 z{Iv=9UkORfay-e-=q|c`)oGcyBu+l3p0tg5Zy(RQn^exwe&@{IR+V)gr`rUXRWC4T zH66aR-A=T|`btgl`n{V@q-@hOFFX)+Wb>wd`>#)T-g0@#Zk9*!I_U+rY}v2;Z~kX^ zXuGWSVTGys6rxkT~Omlcyj9hOchU$@)) zvfjH#=^;F)ii!hXM&+D)#5i~7>sY(l3EM6<&3ycx@!p*G=~A}04bvGOPp}HN&iV4vF=DQy;e@?bU7Hyh z^6s(KX3d{-;>eU3xi3wRbeBp6@7|{6*KzDv^CXqyELB&+eMKC8PD(CV#U3a?W?qs{`C1#jqd|P9=7>MEwx!Vb85t8 zkNm{z;S49Y@btA@(LJG~VsVUdna17e{I@?ZUp1{~We(4iu!|SY^k==5jOi&|v1F1_ z%~Bo)*{sO2uW{U|g4Vujq7GcfCrt}(tZ;Gjkf{5yQu2Y^)iC!hAsTBZ_*=gBx$=&6 z!vU7&gGZC%vzBR`a5C)s&(IsLd-0;!qOIyzOIy2)a}K}_1_qj=f#Doyv;e5O6VwY5bjFK#a(0+lM zgpbTWnu7~=xlVqb-T$@SHoN_@Ug>?g9~1YOFNrYTK4Ve3Ljj}Btl!!Xmp5#QXZm4v z+4s`+8Mh2B<-NQ6O6y9<)qdNMso_P@vD%&&w{(12t7gsXGzr+>B{}1^N&Ue&vu=KHZ~qqicVWPc z>FlQAhpS3%otgbk>6G9>`=~ctURP{+VRtxR;C5fOrN?wxZbK_GC!XTTN3A^H-cpj> z;9j+|bk*&bE1OP9-`im7FA#GtZnk%jv&9>2Zli~sCV4OY|1PdM$(5H-;J>w8PWJL4 zg|Eu%wC8m=a%eKaoak-y_I#}nh|yQ0Pn5Uw;!zI z`aElIZi8jilrwj7BDZ&FoSL;^fyO~o8Lz^f{!w~qzfDx1Bwk({mCLEUTk_VP6RQI4 z@~Y}e*}9k2?ke)B{rPC7%-a<)GY*wM>3Z`=bJ=m(m23Cx;BbD=)pAep2C}5Z$vv#*$Ma(`u<6*;c z$ym9$To+dKU3a>ss;8XxM|bw=^-zN>owif45uD>^eDweH>V-skbniKqO$OHIQ(rk*_cK0LMamQtv_*4n32 zUthns$m8CWHK8d76u5dG6waHPyZF?^fISR7$^B91j)$ZcPRu=SY9z$Qu%b)OLJ%Q~~JFVdbLr_g=ma zQkmW6{@m-9a7wgiPkIAimZeIVrSe1{H-*Bp>bes{1Z7rFoKU$!Z$Vn{(MSnqriF9A ztyKBGpw?%la*6J|{|tYt8unea5Y4I-z0nx*?5Cr`m5m(|!aY~=je1sCu2?#oeZ5!v z*}HSLW%!&6RGSn~WPERty5+$W%kpw}o)>A{VCeTt=2EA!(!}$oLC*{rpPQ!oc``hI z9e8F{NSBqwjvFWETG~x@OFbWTWksQ$)IU$R-RvtfA&+(t(kn6*pZ)?^}^GV^adfBt4-_CoQ z`>~?joYuPbON;M?Ob{@0&3GN<^UG{?@v_)u*Sdn(cbr`Fk?~l-oW5t<{9f#M)itTI z(IY3>l5O+z7NMIbkKbL}`B-rMxxMaD%S(lF?`V5u@TuDuXDgma>@%=fvwH?hCF8HE z>%PT;>8jOz#Su|^B2^gA*MzOSaVS$IIo2y6C-`X4tgu@*lwWpjFIc5&DS0$BHA%v# ze{H6;OzzCHy!Di7XS9%P==l{qVr z>)7dOlFv<53T7l#ipp-B_H%bv`mCOvt`_RgB$jZR%+v|j7g2sD(>U=?^=016p3^

zvk|zkNd99hD|5?f3Cz*-s2hi{1#m4N>M>+*g}*blTFjncG*_FNxn&$?Esj z;^n2eUo5j8CWc1NUvw*NE$gxcQukg=QK(tCdWHLjE03Z()D`|Sh?{;`epvrj^^skr z-*4IkSF0>B(E88t=G*#Z`{e!vZ~3S;Yx=eDRn8i!j%zbds?@ZlPVwSBseE^j{Wj@j zh8ePt=NAUu&A6bl@TRkT^3lp?y^r2HUO6W5`1jR?`H#-J-AYi?d&O^QQXRedz+ADZ zGheLCXNqi(WV^tADr?`(go#e?JbQNX26i3`_G_ygbzh%xnD8m<%87za zdUx++l}B!C5pHhEPCk6gcj?^iznof&Pd;9o>dbqw=V-R(-M%faBetH-tU3MrPg4P- zsh`&or}=w}7w(F7X@1gEbG$indX?IIjo;B$t5!Z?_EuS2n~>Wxn<02+t=09Z6_Z1* z>Art*d2Q*=6s{i@^>tfMTdr7EHN!{xh}T`d_TzS@Z5QSWyN9N~__RJh>uK(rGl}cc zt^2P}%A6)*u`KPR%J;SU8+I%EDljk}I9ssm?B-V=c1T?8on-t@VoB;LJ$L8G z@4}X`|I+Whej6qJJ2XO(u`o2(MPg4Jznr)eF4`VW-^Yy2nQ?EL`ICanj1`3l`6I_A0qG@pQ~ti#z5rbN(~T|NJ`g)5$`O zPbXC-9$Yu;v10;9jm#CpAC<||vl!gJ_h-#mym;nOng0ymvMVDeTZr;(^YGCAW4kfd zWL8Fxfyz`F{;I{M)2B%+dhmGp)~rR|^R0}6*zRtzm)-1FZM(Q!wK#0saj}ZK6Z__B zsqJjC*ilrsMLpT#fOoEJ-j4g<_paXXLA<%-boKhT(u?=!-(@MB^;D-+<8fa6)5iyPb<%(HoO;!}G6 zsZ}}?epWZIe6v`)ply}Mr~Lvy!dxb9a|+Kq?_c-ze0;>oJdXbTpV!A+Tl4SM8BU4( zyR3ped$m$yFHE#l)=_l>vm+5DQNjNwm8*H-)beq)H1ZWleOsy$UN zT=>HA&N(F$O8zsbO|5Y*cvTj&jeX@hyL;b)1v<`{=RJ77Hgdll2hZ0E?mT@` zdahLV6YZI5Hoq_aT{ipEB;l`X%z_++wpG4j<+x;=`II*i$D}#m!Tz|eaZG1kVx?li4DET#ukFm2tT>aM@%HJvJhMqv;f$$e$~_*N68dhg z=B?LKyYRd5ucp=7)v^{oDv3r{Ch44QFuZJfsY26P7LImTN9f*ePJx?4>=Q4u_We*vvRy zA9d-{A7{Jin$yfx{R3z1@^zgTr_QdIJ%70!_lGs#W`&;X&n&ta-}os;?8#%(Gk0s$ zejH!>V_L}7I%ONFWd3;yZqXl)R=vHq_`|JZZ?{TkZ#}Ma+c&qOOuqd;gTNkJ?H9l1 z_&g9*E;uzW`{!Rb(W$eq{66Vk{QNvqhCJs!-aiq(TGt%))~oH(Po+&aNSJkaZdN0u4ns<>(1{}{b=5)dMV+f@6=hYoeDcXyL~9W zP`+;d!LWboKPo>|{XTq8Z~x@r`KJtynmzJnGMv?MsiQxqRg^dZtKO0!w2m-{^T#-du{4=|D6+yH~JaXWsTWXivY-Z-&C8mKC~D6BmCjWJ@tK8rGq!_uAlmFa@_%c$)iR8 zOn>w~iq@?=?z;EG@0gdrR&qtCg*vCNtvUYT^S2E@EwxZHmgswK{^FYAx2*i1_7BIk8T(3h&7Emr zAh@S*!7{t8&+l(O{&wPr{f~Jk{z(0}+9#qk^F(i6ID?06@r`TOkN4kje(2w~Q2CJ6 zpKHfF+SI$8Y=1u6_N`RW@5-gJ7gkw1ufE*a^8D(8>tFh%Bi2q@V6^DmlH^$%|1)sf zPVY3W%rUteckAV3>rjr9OnclPK7Yfy@{czA(Ru1W`U^{w^Q~;AH5D-*fuXEFRO26Pr_9{wjX`V{Lro8 z*71(Tm5;jupB)r9$$h`;RK3i9hJ$wd)U&MOkG$S5)5{*dsZi;t>cQ44zeLq`-EaIS zam7ychsDeLayHEQyq`7OvfG$bk1v#bALsh<_CLtXQ%CHkGy1Yecijnzclq0OHt~<;-{y)va;@L8x@ln*&tL6r7ydImm^EEa+EMp@S6*_8B+n$- z#rM~X?tV~zFDGB#r~k+5 zNAO4OgZ~*mO#V^tx$TP1R}S%PEw5DJ(xn3A{I~>{Wc<^mp z4xB{PJwi^O(Pj^iATsu5bPkANDEeR*p)hng#o% zy=!FEd)IGU+-kNZz3}l~<>Pg1AA|2?i}?#3)}OIp<$+&eV!a=&gMO@k9ART}YtEgs zops4g#<9mc_vgsB{j>YwZ#MODuYqh};%$}(Jd>NxR+t}p%YAfl?5>aH%@aRJOete$ zpY>}FU$9iE^eih?uldfe=6B0)=0D8e6UA}qo^|;==~CCC!)0&6587`v|08_)SUp?s z@$N5*&!Uvy9g>-N^4Y#6AH4qrUVX6hir;$Gt#|zRr$zkv&)_xraGhzsbVYOMhxtc) zLu@z&L%PadU%$53%4?~lscfr_jjFWqqk5Kq*Y2r&h?_M_zT?Yd>q84gJKk8V5ByR8 z+u=w5(J1d9i@qOf%~6`1F+H7a=liaD=6y2R_2PP8-tv7-Xk<)fmpJEF7#siX{NeX4 z^H}6W_w4QSaFU;pFzx$#dD8=K>-YLuZ9X&AKJANje*1mNKbjwfWtvSiPP{|x;J)7)i_Y-ZjvKkLu;kLpKzg|5f9hkj5ga@P^gyVE?$ z_-)+x59Z$%U;Y!i{B*kNpJ`TeJSTZS@NB#i-rIR{$%wMqRD(akZyzZc6+lPy6*p<>a(T6;y1(;M#}d2Z>ve|a&Fh|D zn0_F)?jzG$Ep?Xb4F4IpYkWV>I~??}wuOJO2#b53XY6y!_1kPrf9w5_vKRT!kaqXg zweQhCQ&rM7?a!!h4E~|))l%ViH)-4bHo?AS`|70+m9EnC3)&Oz61?Q*$NO*oKEB@- zCEn|Qc)j4-qhA;4T`gMjM*04wz2e9BZ{9M`VwZ2xweN4H>o|t!mY4>#kc_YkD)M;OBuq zujJ)_R3DAws;CK0Us}0=NAgIr#k0Lq61!%EoW? zKfCiI?OZR8Z4NfCQ;$WzjIW=PRuK~`mthj4u;{DJw$G3Fn{8YdR&u!;*YE(H=wI_uZcRjOlOnfj`JS6Orev0D!XYMf!#u0K_S8AN~R;hlN`=n!;N{rACj+B$Xs&6`Dz1mepL7P=h6AUcZ z1s{~Ue`Nm;&$kb*?J@n<9dN)?S=}-2?AnZ3s^2=N^d=@S-dQZM-p+LK8Kx)&n{6g1J;`JJn#k*WepehV zs+xXqe_Ncz4y$9GHJ#OlPnfS@65DMJNeIZ`Bu6&{NZ0&ksT%`cuVkU54$aIW&PW$AEl4p=dfe1=nkr0 z&h$xNNq6n#a?vHLyyi(Rvod_PVv@a{eTKhe)_j3~s;{FiTYDE)uJnouDsH{w{)uV7 zr~QMje=HZb^tXja-QDAuGKWRz@ua)wvOj%vy|%b&+eMj^Mz%B@gJMd<+?J)ttnrd z_v@-E^Fy6S{jMkdEJ z-7OB5{Or1uQ&p_$+4K+FA5K4--xly=_c5#P#V(u^*35W0>vP6F@fz)aH+<_4%~O%i zefmgj`g0Zee_M;=c(;H2-W%l4`yy)2#E1r$_ChY!#P}M+kH;HpqI1nUi&Zai9yVt3 zu(>|JYfA1Sljhx3^Ugo&m;d8-wdBW_-MR)p1@)AspMEZDb=_>*e4%S1`!;W%mVW>D zkpzE}?;nqMu8F#9YNN-Yrg&}FS@&-}AI>-Lv40*Fd06+hhP1_l?`M-GK7Z9u37UOS zPVvX&Woz5^XXzfFdeiW8ndu`t%?qaI*?&y)=Xq6VC}@9DLq>3N|I_%OAIY)ZkJh)Y z**c#iJM4AQf!V8L9~ZtpuqwQsyCnNq^7;A@cAVp zXRvwm{%cpiIZA|2DE!oQ_&-By@uPl$?4JF6m*O{hsvUUoeDcer6BW3pz5r z?BctG1L<~CAN>mNG7bOu<@&|xpPo!E$$i;;wES26VSUk>plhl9p4*PB*GtbSS-1MA z{id(?TXd4eR^;i;vN@p~^Jurm=Ud+{yj;$n6fd6jx#IKTZQ%H)n>(IiF=7-OwoqHCU_gzxt$;WG33xjT~ zxRg0{53BI`?T3GDTi_$1WbpRT740k&dFk4o4bw~u*lYN*p11AMUKf)Y{JP-QW)2mu zg01DAA54$F@3wmM6&U*P3E__<~zrxt$dIxe>5s7K04dbY1<2y z6=zS^YD-*PF>`jm-g8^|ZyNGxm)|kx1v#FNI<@;Ui}}XrO%G1o^)1^~@WX%cjjemH zJ)f!k_ws^&`c+T1YOmk&I(sE&OMt=&{i9V|f}dWQYI26ZqpEP5W_sS6GdEQF4(;UL zSX^IZ^4F5n;_#f3b@z|_IyRei&aSgp9-jWQamAl(^+WS-e$u{kP{PPw=lIt0OMPu$ z?zP$OU9o{%vO~=AWa5>py>{1bJ$e-D^&~~zRra-g#I>f^!8*x`eyqNW?w?e+C9c@V zAbYlC>B5WYr;As#dztUbzI#hx;*66D-;P$MZGBk3U2pj#>sVKb$cHuCULE-rzWDX6 zZR?k0W-g7owM$Z1=SbPJJ(s>d-LPxN#;`k=y*M53&AOub=IB+M{OrsJ8VR35PD|W; zI`P-_PJWT|D`L;*3gaf#%Y0ZX^*rS2B43+#pVOq< z7o0UOI~C|@R;4qmCwKY5?0gL_@ z>bvm7i|l2!#=#%?mS$%@nbInf6I1wg?c$xYFUr`pE{wTbamXz7NLIPghS%42=~i8O z6#X;x@^wQOhEmzpF`3^!{5baP%2Y?z^(PMhzB)HqDLPYpQ|ujnqfDbcpAW80HqVya zdgfj7t1wRPHQ|Q!3<^mbZ9E^|&UN;jxUe_$&rFOyODppRTiB1 zw%&99rJkZ)j$*}cW7h3n=xJ?myGc94JE$_);`M)qjS@cL6Bo0|q;Fiae}g-xlIVla z4OQ3vZGKq2nAu}b!=CFp6aAA4w>H=>H@(fN)}yvYZ6WK^$xF|KZIZq7KJb8P+SM;_ zW5XiupWYGJdur0Vv>(dZ^T8ux+b>#?Y3-_=$(ltls0_r=XO~6?X8s1 z!?u(LK3A2KF9NLk=GPlXWOGg{Y)!B*oxI{lMZ}%m$M&W0Ufg(TT}(^gH8Vrew8zh0 zX+3ZM6DT^nKIQdB?OP}AYgyD>}dNs2|yu~YbPyHj_`WFGNJtm@rcc21Q0?)UdH^Mv4?UsqO7&7Nwi zs~tA+mTubJAP-MLpXL>-9&vY-qR7zjbGl zEWaGJN-;@VHe<4vkY&-`)hjo-Z~L&NTWOlA;jFV8Hhp%Sq{{X3%CBo@wC(>WeR5Th zZY%K3@H`pq78Toi+_rYr-nX~+EX{p#?s8MsHgk>ISp4Iiv2n>?fU9!mX=(ly~z*P zcV0dsFgqe8_Eoc1#aWjJnVf2U%buC<*rr%{+$Jn2OE-?F+Od+0iiPJ0Sjg?o zW0T!ZF={@1&<80-oozv-}sfM$Dc5#&=0v+@I9i)Co9TUM}Ln8v;@`_=7;Gs&5frbTI2lqTt}Qv6l_>!qAQz=K*|Z>}dY zrN=T=VivNmvshPlZb{GVtx0@O?W0cZ++I|?YrCGnB=>l)g}Up$sr1b~8+C;zQuhO= z!X@{db+;qyrmnbEwOe+~W^qi{}XAoa)fmwZ`9bCFAy8UCcJ= z^|8X&QDstAEys*}SwG!4xb?#q-boi9E3bbZ_UKYiPqR|wA%#-^%5{~3NdkJgo> zwUY)Qu90C)YweH z(=*m7zdz<$m2*p{Nb^unb=S##A69#v*{GlIw`J!VF`MZ}<}q*GwPjMYk52QPUtia; z+{n5W_PD~h`2f@2+W{Zmo-*t|Wv?HnJ?Eo*bK6q6!+DJClecYa`C|O^+VeRtqYiE> zocw+DqRaX&9o{?M_SL@Hw)R1#&f-jA^?VzyQyX?oW9K)P$KrY4*F%}NE-_#KcsBp#^=B#kd*o~WW||!rP2RR~mlOXvtFWzePK0dx z^D!oL+M)%I&z!%sZOd7&u-dLWg|h@#-Ff+TUZiM~+}yLV+dd~bopUaES{=p}#}+%$ zlBHC6Z{)TsJ(0Zn_a1cl#$3!ODZF?0Sj*~n2fr>qUKL^HS5)_NO|0EFO>5cL=c)z6 zcn_@*n%Ts++t;EUdtYd1QKn%E^puh&Rq zzRM4N+OcWsW96@_126c#I3IpN=ij+SCYEnwRi`egIIO?i)Z1;lphoS2kI}bkJnmN% zzVthxxhPxLP|4|b)zvLqdG^{{O=92+;hPh>w7Dq6_S}?9ZZ+3lxu3GG3e`+bQD@qE zkIA_I^R*Rs6g%d=_Smu6%;^N5|IcR&GDCORZB@Nbx*ZE1`^ov!yZGfcY zC%s9twU%YNN@`uE{=& zCU)GI60oFhYt`lO>^RTo%T2>i-*H;pBYeU%EHk`%p~Un4YfIl`vz|G(-2d9+nN16i z)%xbW_+I_=7~}W#=G*s7;w)O)%@pWJ0ejokdx+B``VPDjWCr{Jv-aX>Utyo~Yy8UD8k54I^jhMJT zzjgiIr8;HfB&Wq2&lbgLUUPf4<1?QJ!&+{qmxp8hypP^$DL585=dnfF*@ElW)!yD* zJmsz2vaNrTSN?pLEX0#%$+XimuZv0i!@}t*YdkLQHb|XWmD23Lt)sGG7X#;$Z=#{; zTir6(UHGuKnrmhG<62>#KoP+`Z`=i4cB;*~bxdZ(%QxyRc`kL%N$by7W-dRFzI%6{ zsm!!A(PJ+2j6Rw$M85pbkkIA$eaXXpTeH1>h}-RWBwHP|bN6Td^Aak$c0n=^c1_NT zm$G4B8p9DD@;hYVhNR|a=bwhG-)Hb+-Lt~~3>@x_%Vx^IGkMupFZIsG{I~UsIJx*O znQ~H1N`5?jY;{|&-l{RaJn?EN_tc1sm4ba=E_w84-8=E|$QApHyM-dIs(mwB+oaqW zr)_;}$6gb1ef!zfHF;g8HNxMDC)q2;Emv>+BXOxC=v<`3tFz&2zU2Y2j$-;bX zzG+v`igVU3e<$0C-geo(&)~=LwQ(|R^DLGo?!LlxE50FqV-7=Sjpf=qDT#CEp37cf zuQXGZQQm7~l8Q#kr|WVpVL_8~cC6}Oc}D%s8L+~0V= zC->%-?%c2gzt5a<%{(?)c#8}}g~UoRUnlm@xq6ZuIVnLsYxL6t-zus7XK1SVBXnm& z=6sQ_)d?KjyIyY4dLsY9|Mcus-3R`+I8V!o=Bb@L|2W9~5pVg~Ba{E^+xcYHl#1{1 zmp7|UD_Y(&Ypbg6p&Kh|j4btq|DFBMuZz^CwNvgZ2An4k47KVE*A9y=r2ZlT(I?d^AV{4A)oT(|AW&DUZ788R-JYUBlc z>vQms_xieDxbCd|rt?RC*j>bqiT-JG= zWs=3wn%y6*y|*?W7vFGKQ<(F#{)K1zmSyq?m`r$JAR`=aSd%pC@jv0;or$ig#na1P z&zYyah<(yz8(++A14C+-%zeQ}Y;p;Vvt$swveZgCGb zo>mA7Z**#esgFa1 zCLe#2B_&gCy}tF6@3MPwcexk5|CW>-WcQwJ)4L#+&w09C+IKu65B2>$8+@@;^ULvM z*_*L1Lc8W2zcw>dV{7=fuq1ZX^F{ty=gwTy`4ZoLF>Avue&dvl9y1lzMc>+fbnlk{ zpKB9+r8RzfH6MJo@t@>9$Na+lZw-;bzTZ`jy1Zz6_R)(ACVCudT0HB~+R%e@ zr>tCgS^jl)$M6a1_gFG*LVI&yzKj*p(EwWwNo0! z2SQ>B;{qS4n(baBaq`Q$IktWkb4nMUIA{0nY0imY4#^zh7n&3Ay)WuI^7+J9(e!}J z?;_{D46w?%<#*?5cCA$?V-u5s!QI!3Zb?iF(0+Q4N#w(l{|r_+1~qFO6dub|rA;tQ zQ0%;2?qlxrd~0;iS-C{zX|gLel&D+|O!)iDFfI7n?(;2nCRc0pKbjw&r`Pp0vETn{ z(!?3xxeoki@V~aByCRVLc%hnXNUCc_W_Z7JWq_tak;u32YqBnduC&;ctQS`AP|veJ zv!CtX)%}~#%op5az4WlmKDphVsl5@R={+eE&(@g#XJA$TyX_C}N7l7(|4IFboP2~W z|Hlk(!Jkfi3@7Y+Ya$=s@0S;@(SC4yKl=~)N21?a)63az&&X9*R99d3aDLYDZ68ao zu5Ow4b)CeYOQ)4nHkYrTv2>zF*t5wOzPtzzbX&IZv21kkoI6=Q`_d}e*H*6Y)lJ=X zMQzS9%ky3@P3LB0nX6??VD8Ii4$6EU?sg(4**5#dhYwG}3|HF~PuSB{>8x*gyXC;^ zkcC?XC#zoJJ@q!``+ zP}_dfVxO5)Ch9c2`_B-@zJ96WibF#DW)JsYo%1A=yLy^Yo{{zE@M*T^{xcXHWM=4_o7u5M!t31T zb&uR7Emkc%9k4%tbLOq;lg0+jUDq#dDXd--edu&JK^ik{DXp zC~^C;>?@fofrZV}4%?@%Z`EJwm|MFl;GoY)m?^#L>CLRfcQ*g4>6m z{uDdG#=*`ktG#gZrX8HeC6q;vhLzjem`Zami#X0DKRHuw?%B+P(pr=Jrex#Idv zcV|bmtF7=}>Gj4Xd0$mX&^_yS5*BB}b(MvjAFIzQyU>?(I%Znv#0kxw${wFt`;^K{ zOeP%qbo{fq{J&j$bC_0!%B<=M?kF}~xqOdHzGIVB(4OSK5e$r%=Ig8zu9oSkx|)5u zLCcIM)h$|a|Gt5dl9_>B*z&BZp0J8o$jg5EVtJ;V{!7Ny|J=A{UX_Cp1FDUiSI3vvTLn>99w?k@{&X;i}VRq&u7gv zmA)^Q{q2_8XVz!WJ8N?@c>3+r;VT?f3UAj=Qa#}O>DkV+>VaD~Y>LiEzP?Oduji*)mc_&cD0^= zpBvF+@nz{&F1?zA@(hK2_oG%^-gM<&P_hGz-p36-`}iQYh^!|i7%^o-h4YCcq3VM z^`gt_KRr%9mcO@g6g}%!>8{6_M{{0Y^ZU^HtA%*o%vCD z>y%hY}NboWf*>aob^K2#>$0tmfpTaTWxd~9Tu^^!&G=)HhY2CM2S6H z0{gv=hUU)QclGFt%43Tknp-dFviW>o^jx-_uxDS*rZwz#U*811$Z}3}P0fmv@(i38 zUH?NsbgSj&Regz8J|8D%moD{5Qhs_q>f+`6CIi)-XUodvgf8dtY`n9ML8fl&^Qwve zPFz*p#;zg#^!&A5i)PuiGtba*>v^}uH_1abf_Zym+{B0S!b_$#i56aN$Ugj~UT{f; z+mzy1wyBR^CgrPfo_OB1!|%+S^{yd(?dxK^b4wg2FwWbtCVR%A69-*We^ej&Zhj#r zon?K@we7PmpNLsj@mzFMxy^RpgEv+s^c=|1$lJ#^fj%DaR`{yJMneU z)t*_(ZI044%lB7Z*uGnZ!Q&2Z8av|#H_zn<^<+K=UpN)uE34Xia%zFUX|90Ggo-u3 zMlYI*3i!QlZmYd0{MxBXE;g!W&1Qjoore2?q3O*mbFQ{1OWyrgxy;WwZQ7fTcfr~l zKKrBwEs;ME(znJ_<;#lG)g@n7X1wfHn55Qi-D_CD#x82oGV$6%1?I@v?uozK41Zk` zXL!(+&k#`XdP3!z12%_tGR(`$&RiT~-Dvk{^~!?>|M))-c6eo>`*lIth0W6Ju?Ih% zwYPXO|J)*0vq|<=*{9eXvskw1Z4$ST?i5rYkJe~&CL^P3(MlBOj~ZUC_Gi-sMAe`IbT*TQF+qbQ~&i9yTZJv zIpxM1?lGv}T7AaquU75p8<%Cvg~R6dq%zw*(Kr{r^2?goq)Xb}nGE)tZ?fy&dIoVm z-kO~C*g(|v_1mapQF6Ie>8I?sOh0_=($~X}v?cbJJr@#ve{IhJm7LvfZdPggR{gm8 zu%h%o1COsrN70^@f%o=>?{0f^?oo6&@021w_r0aTRS~D=PSU)yQkhv@)?!uhk>ySE zoout-96jguZb3q5bo1{$$#Zww)HsNYdy7XeE55sd0t_Nw?*3C`JA72zwB@C z9GT*Ki=sm&aNOM3e5Grz>h_uEELj9+)s!`U`oqL;`QCqquf$`&dehSzQrR2*qB)M0 zJ$Zg@tLhe4$v94hFDs62Ol#c3Up*D0)%+>Gqus+PQ*h4BuX8tr3XXsp=4(YQ6E#>IGJ* zJCb%Nw%Y^?yS0d?+B^}e{^)vm%JU_cmTcQ5_Q~!~Ljn6;%T=2s1zr4>Fx=F#zMga| z$)8c>t1WBL?#n_3MuyE(A5AJ(J-)I%ZKL&6qki503_bJQx0dW<{;_f05AGn(Sr5-B zv@%9KXsGTwxa0DpdpB;asFIsu`TEPMPq$XGsVTO-UD)`rH>k{Lu7z*p{Dd0izl*oj zi{EtTzO%^V4MUj4qrJ0TKZ^EzTk0omaqxBgoG8(28<#Bfm3y$H*MM>JiSMFc^bhj) z%-T19sq4~;_TbES#{DL9YWA+YtNi?9Wk{;pquTiNYEBoy6pHNi$Y{T^Xu#o^M^e#uw|>t7~-)LfDj>1J15_ zxw^ai=hU)K;-yKM*8|j&ckmS1eP3H#^+agtYq4FYHVZ5^4O+FfC^Pl*z7=;rw)ds& z+h_sHTuLr34*n74hCx&M6DymR+&X36h(+e58)x4#$uaov4U^evqwQ+T&D7-^qd z8M=FZ;PeMm#5&SuKD1uaa9*kI4Ii&@;N{021(U?mBp9=UzJ2;6apJSV+y>Jr)3x*M zZzWH!mV3UnIQGuB$L+4V#t;9#+w}0+%C_JcWI{R=R%Q1La~S zC00*7>b&CBuG~3w0dtJ`c0SwM{H`o`sf6UO>rwl$o(;v;$StjIasJwt_W!5&KBWI=88DHDvI7w5I`4gYT+LZ^Ro|{H{MtrU1KRWI6 zE!pQPjX&hFzLfvVi3nG=(pt`!A$t0;OMcFcmgO~Fcw*%#)#Wo{goQMo zZP?>=fjg~%=lO)%R~L4do;#*|Z6>&!7pU5eB!CQQ* zTK3?RV}=Jsw<5j*o= zO|nerYfZB`Z&|9OjyDBAV^Vq9({*w4j>(0m{w!anX&EW=>F{S`KTQeVr%toxS;pRI zIr!%4yvc2>eigR0S`kZK*?HXjqYlqHyu7V2ZR&)RI_KM zv?JAclGUue+2u{*1@S9?T{D{a@NE@ah#me8(kNvW5TU#=_m)r01w%F60vClUre2x?R5PsCEykYBK=L7r2 zOlR*^dKDRQBTl6~<&@{qYW=Q#iW#@&_s%-)^V{}FzPzxzhC*HFllm>^Tk_YhHF+=k zGEVGw;pKPEn^veyeaEN$;XlKhS6$1kqUEl-JT5tJ@nh$TKW;w?Kjs}iA~sKT=k=1A zdDHyw?)=XXzI&nQ*L{;ke>+6Hx>bGi zV0rpBwbZ^s$rE;4@BHEVJE2DQqtU5%?+@G;UTd;*-|1(byhj$+TswaE$@MA!F2@U+ ztmlk5x=?Sa;*RiBOU_Qpe*T|9_>bq`MJ0C~vg7zCeY?hfSo^?HkYZ?=B4K74=E^KSi;`tEzuoPzzS>lX7QtQI&v=l7$9e|P`W{bT>5_o3QH z(`hRin_T`L@ML>nDXaZRI{$Y1qm>`#*opqwxM1n0JL^tIZk%@h$F;Ee57!I-ao-hv zUaX?+wciG}GXZ;+v&bjM?pSj$DfQIE&0bvRi`QM+ryubnKV;*kAGr@syw8glJh4Nv zsQS9)$Ir*h<>WrjDf%({;e;(aXUUvYyTf*_;$>X>hx!Bcd^Y-zvUQ`quC-qIcA3fB zz$R_q?yGe|HB3J)KiszS1GEif3rP(yf(3OPiE}AW%1K&N>nc2_)-7O_4;hD zi#E<;&5t^A^z<&yx^yhKQF&fNcU(x+z`Kb^yMK89*1BKg_aP)+xJLcaL$Sp&PfWb(-tk}CTYn(; zx7W*G+y5v>O?ht;_OX#?_UGMlTPoBat$*|W!~2J!OXl%iP3e19(d?Pm@?@vXB+WXW znv9S0JO7lMf8(*w+AK5aZ{Z7VsVgsU&y?Ascxp|+$K%K1Z*hBkWZ9M9S;JmwIz>58 zf#+fS`cu5s>Tf3gj{0Ns(XXve`p0a~o0U8>8}m6NBwrZE^)IS%{oo@fxnuWL6N!0W z4umF6GVri4{d~R4KJB-Em$`VI_J^k*KD=AXvMgeqqVMWClbhphyJz3b%CGDBW&L=1 z<5vBSU3~K&^|#E^65DQ-d+4NXW9=db+gI^SHCY!-_o}Y33159Qd*y+eoqiDE+APS9#L0;GADQ#{U`C#5Eo*s?&~Vt4MxyY~jPjkJ@*Cy5cEw zT0Qx7T&m2zrB(MX&6|F)X~ndjU$4GIWX+1%cq?nQ(rHQQ=906Oed|A}d;Bn8c3Ro~ z)=kbN<(Ln~*FUXinEz<{TlHm;_wN5OzZf5QS<#wXD6)Nr+|(EHo9jEDecU&-IPs(L z;e&bG(<0WntJ}KUuD-gwWuBa`N7j;@O82+CzuhYAAFZ3K-&3Qz?9Q#MZOa9{1+^!i zkI(v)4b^KaWGr81xApL*tn+nzSFT~9yO$bK}xZJ)&6cE4R8Wb70tdtFPM zZv7~x{XfI&@Z!b)PSuOtKU6inQ@>8d=ewa>+|5NbLRDYBu3tGV^Q_n;HPgr9Wwl#B z&Ud}^Pd=;Z`JsIZ+je%v&k}2MsIc3yUUK7)_j-|BvI*UOVP&u9HUf3Tjpv|^uJ^pD+#t#0hCZCu)G_etu-q3b;h z%gTf2Z>f^EuDd#a)BQh6+t?#MO#SkoA7lzElAgXT)mZX^Uv1yAAF3atk49Z9sstO~kavVUd&1@bJWPoUi)jf3%L_W8cn)v-xFe?DkEpyR`VNpi4pVkMRB( z4<7q1e>d@_yYKnx%Qe~$=L=>jhh2Vuk8@F8tkf?4&Uw7kkL=@&j@9~^m)cm)S9xOn z{67qJ+L-}MTaSENyp1`ZeQi~LdrqB-JKOgwCr%u^J?o?P<*61HJMKMS%%Q1!&iFu7 ze9xZxYP`^Yx$e#1Y!kXHcHi3c zl|O|xo;H$6xvu(=Kl-dz^+na)ZP#4G!zD8c{9TtjGlxy{&;-6Y?kr1X}_Y*XFN~Tv#`xhez?6e>0^4weV6N7BfEA9G?)j! z^nU!l%}##zq*$Tf0iU>JKZ-w?w(jC z?ePMcPn!3+YBC?$Du?*$A1U(Lwo|^c&+7VuAM8h~)aI{T-uSh}=ty*uM^)*%*T?NQ z$5_=(74Ol}>3(@#LH3kY+Qx$^Q#1bkn>Y93*;ToM=FNY^AD6T}JL9N$^K-7UKMyi(|YH-LUt&h20xu!<# zW9X*8yKbMH;3}39VD~jSGb-eJ)x<4Va$FSjyvvSO&X}L;R5i=Z%<%0V)9iH>M$z2g z+~#?F;FMXpF8lC5_N_k(Q|*?nns1P9xJk~n%4S!1+oK&ymxB&)PYbBN-v8rq`1MlW zyvMGWZiP3OpK3`rT_!CrQR6iAX7}U$-S>>_imSd#_jlF$j(N{^=&B#F7u_10n7*OwQEJ%fns(+{4@=gw{c(*x z@h<;bq|H*vOydJ=dwuOQZ`ZT^F#Thk|8T{%M`Gzi`FON)OZM;dtXX_kw%ld= zlx9a?yLIiK>F*H3hdUpe9*cWn6#HtrxmD}?(|Z~ge1EnppYz4G>AOm*ZqAs!(tSq6 z_LyttM_#O3qsw#4hxz=(eF@fI*WFlgJh=46ogdk2?o^2TRG-y)=Q7FCyk>2zd;foi z4B6sGvP;{hC|9KPvJ{=zf5iCO9{a=lv_JCpp4@o#!iu`4ZF~G5KVI-+;lkdiM~*F8 zmZH1Ya|WwjoA^?!USf~!hsXZ=E}dJp$=4=%?wz)0tACU~dU^dz|AzRt6Td&xl=ywU z?T7XOIfajDt8N`zqf#+1X42VL+1K9eW3JeJ+%B*4f%cE&dB^09On94)U$`E|)_zUw z7VkOp&302isNQe=r}8pv+OCVA(wan_cfXrpece&Mb&uuJ(}np5}_u+iW{|tw;AA2n6dvv08mf;@<8L4mQrT&C{2yZcYdOhJvx@UU-l)R?BSu^BZ z->sfolI(Xp_rZFe`#<8}T5X%WeA(@`zpoX3Z}rmeyl$8sZYBG6MW*|yHHUV{Gt^z% zcsKJ>Mcq;M_wiXC|GutV{NmTGyLa!dQDDa*c(@*QWy zgL4gpTkRUIi^dn#tZ13MJN2&iBiFvxMcHyHocsl{5cbU&!)cFXC_1=&~Yxc{(i|EM};7u(uZ z$1`mIt`wzz(=`^qdcPGLU>cV>ye zIM)R+_4yUYs%M-FOi|$aYTqT*yY={?jOSuMDjtP6zdu{C{qVz;{x+9x*xeL8X(`v% zyG$$pPKx~&_nQkh|29cr+Q{^v>iXOogNgd!r<?zqyL9_ak2*_NbI8RRc@>vye2O?;X>4+s z_IuXrLS_lmou`fGUn%KWv&6`Nr{zO7d(g$TNkXwkZR{3IyLZ3HeQ)wjXvGuReaCig zzbxkZ_jUTLOS3m>npOVWy2L9t`pw5lJD*5BGF>a=+mqDJe~wY~t<|#0dCG^9KdqBK z5*2c?`PYe+Ob$&T2kuV%*>U_ccu!S@c*@Kopn@GHD`->!PLM% z6%Vc#uc?%3VS1*#&DDNw+N-Dq>5>^71sWvhHBp z^|$P*w0~I()0+1AUZ37(yVrAPacnwsYR$pL`GIl$59j8|x*uL`_V#D&8jjat7owfd zmuwAOds?KuSX=&eY}@1&cb2f-s-JC>P!(>!>h|Hpbtj9tKD?dau(nt6>gAf{lfM`G z{Sw}(wsiU5SvTM12y8rY>R)NU(bh9JXECgPAFD9?y9L9w?c4Y7kOxbH zon3I>)-1=93!heP*zRqatm9Dru(#m)w^yIHPy2cB`PX&tkL^nNa8z~IN@@PU7@KdC z-1@aPp0N0J-Pd&CS<|GRAeN$q=VNkhUoZQRw&$1Ga?!U-PdcqJvJSVpu*G**fTgW# z#D@D^o1gD^w0_#NfXP9&pAH`}`}MW!-g049>5mtFU#)eNd&E0~{m!gMb}~OEMZ5o& z?mgs_ZrfTqJ?fD7Z9&GWWYgn8^Oi64s*)7)xp2pmX_Cbq?VgWKXY1C*GCp`R>s4u! zSg}pfMwU{!t!G~q>1>#LM9w2m-riAv2Onvj+?LKNzdK8?D`j(>(|Y07l=+* zDL-1X_%}hhyPxi>tI`lqHzl>9lG8Fg#L+ez$_B3&(dXHMjF|7SRDyYo%f*LiafoIIY~b-C>z zPioia`(2Z)V;6H-tlGI=(Mi|RT<~XMSkk2=?fy&aTqSX#VN%n)c4vdMBLUq|7C%n#%U{+xt?;57R~o*W%M+h zQ`mJw%UO0g^S&&juJt<>*v%BVoDs9!R&Az0dJu=iV^ikHq!^u=5}R6cqKe~okGj8@K2_%uUC~xG@q-wmiw-6I_J|(jpw7* z1?#z0$iC}e@giJrt+d3(gR-m<8?HW!@SpbcU;)To2wxrqb&3U}uv}JnBx(7#o|GJXD>S(@j<QE3m<8UiSTeVqUrnI}~(ov%Ozy z*BbZYyDcO4F_qL~?p}AAM0m`u+du5?ymvEo%7bJ^-;%PR)h=#q^?yrxGhf7Ra7%ky z@pbk6QUlh&E$RN#Z9=E*e0+Pam`S-zGJ`<2e8djdeD&33N27OMnPC_zI=$jQLq^e! zrMc{Esqxxv>en{QT`#>bpLOTkOI!0LM9;lHv^q+2QvJ6q-YaXmKRBiOp1+wDUD5T# zJZq|Q#AVA@n!;Jz<1~cko>Ww`nS6Px$7G#3(++%J=JIiaa$e!<&~?iW3pGo;b+~-x zV(-*rf{p(f)RtbZ`CUCJu!vJO+vwb9<(}$mYnwH!PnRxwx_YjN#598&2fv8s89g-H zo^|@tpPNf>ORjC*I?sTmso7Fnq?9dU%HEXNR~svRpX@mCKKlE%)i(OV{14Z;J@%`( z(R+irC+OLR2a}ERQzktMOM5aoa@Jz2!!2>ubz9e0EwXtlb4_k((JF6C+rmbl7u^?5 z%zJo4u30u~VQOLXF@BRxl^O4D=Fi-uCGd*#_-n^r$Jpr;_SR-`F3~e^k1EXD@nxC5 z!t<{pF^7}(Oc2yMwdcVX(XeN1tV^PHYxbPn8qudEd7<@olUr8g7S&|S*~})>K65M) zl3TdrtZ(V^QzG7ZOM1SnS}(w`rK^ZvA=vB0c9V;1%{E;+`nj<2!1=0m`Ys)Z(hj^^ zaMd)riTmxTzNs@;$M}jp_w@R8*)UIIa@_Un*$xt`ny>BTbw9?seaTIRa@$w6!C_6V zX*(yg%T&*L@W*k5&7~beA9!tbye6eoecLKB$)wA`yQnxK_?7wWJu8%rtmh~=-rKfi zKga#-jrAG61wuFd&%HgGoAFQnioW}|^u`*y?MBUQduP*uv~>lVMX^9R1~ z+QaxK_>t;{-eWx4r*}NxS}Mo$L2Pnb6F+}N;ge7W?%P{mzhf=EC;r2Ad8UzU`q84< zcOB$<>Rf+uy?W@{XRoGlRoGrj=>b={$Mc@7kUP)b)XBPwEQ|GfaLV1Hzd^f5+G2r1 z)a}*-vaE3)pW2_ED-6E5ChKWzbwb*7%ZoBb8)X9SXfZ1bANQ*0VC5;ns;ro&E zopEBPB3>POXJ=n-_&QSKRCM;7LYK8N+B>7?XN6xm6{4(r@or>I@rUmniMiU3_}d=$ z*Yo^#*8HnI^W*n7(?7UBy1Qo9{Koa-K6?${3Ez7BzWBE3*;k6{v6qvdS(=^Rr{!+)QQ{*_ltW9{g)#7>UlWTm(Csa&7G++83%e{Sb*JiF?^YW#lz?}t(-=43t zJnO&k$8D#NQ6^#6>tZhnsBD}5H1UVjFLkdU3m^7N-CEZ9=(T9L6JuJ;lk4;AF4%7> zoBrtJ^kep%S949pdZuRZiFUkk-)qh+pRchy#O85ONawkC$2RM68<|Xa*wiy|-qy1> ze_W3Gux+D#!#D(bw?^@ZCC_vB`Z@Wr zYwM$mcV)XLdL%_DEN88J8Smq1Q)n5kY%}-JzLFnbmz@;v`OmN=uI#qPp%rf`*FH|E zT>Z%6btQw!w0|;!?}N1)#pfLKw=d!9)xBl7)AD?jmO zbNaAvtJD$ILzax~#i7sci%)xNb93@Lt)4c!FDFb{Ht%B&=X;oJ9Vy;_tikKp?jEC66C83<`nL8i_v$%zRYu;h(UaX(?(4>-$90N0y4wyH zIlMia^3AmC%3B+C>ys;-v(|4vW9?>jediCKyZf4^UC5vKSjA9jPw~Uje>3w}AJx6u zIHAdFx~y-t+|1RzYLY5p((Bkytg>L+)8oBoP1TIjcXQq!na!EBVb-JXS^F3Qs;{5F zXR;%??4e96`{cOmAES?mZ#QGR^oHNY?oHo}^#a$Qb^To47OMR0VB(L@u@NSZW&M17 zf>Ok+!ZxpRlJ;`e3!ib^`F-GPvGA&*qpVltqTLGBYJZ3OKM0$3+P&|)&(*{b_rISE zes+Dnv|#VW`vDuSZjBc_v-{Z;X%)9~;@5Uhw)p9nb?u(Yl&$wJo0dbHT)=Ta*(I8Ct%)H}BiqQts2Hd$K|+wVF+Yf;#2cvuCgF zH+aKSP^oV z+Nt!uy>++yt-|xI33py@K5nH_#Oi)Rg>U}zU)OU>lk+WZ$a!b+xqrD16!TQ@!DM8`yC5)1zPg;|M*y6ITz+OWu@iDI^G(o%kNb41zugWa5!*S zdim?PtIKXiM=LaG2Pg+HJqWSN?J;oLHmy2Plz~}v@6rgvi9s2M`EIPU^xb@Asgt2@ z#I@)GpS{h$8wd@uWQm*-sD&k z)tT69xZ}A^f7CQjmyQ@Y>#k*+-&!wIUN5miztm)V{4~d=%5~+%87DS;*A^=>styhh z?lVzb`dpSZ&1|Lg^O^>M3dz@zpI>FFtWmPnlv+o007_}=uhg6!4?o-4%?^TkpXHYRzhZ%uh+we9j#7stmczk)rM zuC&>%DWh-Ff51k6ZBka$oirKu306Xx+oPIgp5&c;&bDc*+oZQXg=%;A)=gb&@ha$| zXx>-$go96%m6>H<3y18T#c?kr>@maoxa^=W3C(H9$y*AvBWc>u}(>XnJce{yyT^WB^{L`kR z={bJv7NP+wlP%AD`u4-x_JUyS>o@xqV_)o<6>I&#y?N1|{|udnw%$`dU{t=|+fM3g zf@HND_dCsrHxYr(yuFVmi1@EkX z@q1m*SRBN}^Va5y&P1h$eVmdKE32AX@)w3a?&9V*{P)@NsJ79Xu6H}`EC`*xNxVaF zM)G=5o2tB2A@jST2iTWa9bGbWOLDSZh3=E0nuT+c`@Y6`i*5gTv2dP|^|i$>vvqba zF5Z1<+I{!EmE~s^b5*c>U-mZXO0=c3+LWoDLb3tnQY|{ zxrnRyLh!;(-jgoaC@y)}_|`Mx8t0VUwaYwic1`0dC=7e#>z=eF?A38gbz7|$7uO4g zPk7Gi7QkohA8Yi>EPnIH#_#@BGc9Hx5=!23eXghH#K{)7vKLg|-yP0QyOX<3Gz)m+k}o!xz6U-XLGDjy23gawft5kON*DcJv5w_80@>kIXy2eQ=}?fxcqUncB%dTm+xcF?fl61?o)Dp z#_;o)0UXr}uG9+SLc!6H;snBjcntWnYi(p7vzUJnb1a4Aw+A&vVeTj2bfx1(I7j`y0Tko22w40AjGj(%<`TG28Tbr+RFYfpl)~lq`FOtB! z=h%goc+vaPY~G}FVb zFUL(^x-RAQ57(SCHCpPIdPh)=pnl=KU1yd4n8{myF@0bs^fC03ncNeZxW)B561GKSR`7MePafKcB6UES_>MYwzK7n}AF<2M^2Ve?A9JJNWXbroz0r zS!z49mR5zu@^!rN+)=iyr>OGVip5i=zP>hR4ZC&63W>i5gIVh5Wo|rCbA~H>GvjBe z9=pqvGBkC0MW;VK>R706TNPTm)7s;_zgO~|JegVHPM-al)oiOi@ubiD&+yp$8MAL% z?DAPnzeMlOR%idXYP!(m30rLs|4f*cXB}2^`BTB&mBM1qTGLM^pa0LWZqhB?1ruMp zJqX?G-`ns&Dy{c->k5gcqI#^D@t?6*0aJ+-KNu^V!@J3KKVY{0ohpk@Doqr@{$a!ydNrX=I#S-7~daW!|08 zvgApe3zw=}+ExX7s5fZDp4`^dF7f!<97!*kD=ZJUUA}tEE-S@!A@39Jjnma{i}uz^ za)efXJDPXK&Z(*=%=OiS$@4F*vzDu^n6tkl*XFd-K99sd&hk+|^B*s7Q@r@cUuE0r zt!b9G7K?t}`ioz)<2m=w>m7e;K2&AR%6@fX{wsbJzUpfq%Pb~s>7S>ckosg|h@SDB zgap2+J8Sc~7aPeHH}OA?DBozLE#zSNm~DGF+nY4Mbs={5lUUR59P&()snzzXe{`d| z%=T6HGVyGlZPrrP%#~gpbG=ji=GNL1HnWx+G5MczJRW~;Tb?5C{KR`R&BAm;Jfu+mh?yxx0TrLJe%JXczEHmCTw#LHP*H=b8H#V4PrRoK@ovf{?6 z4Ud*j6YH5~H}j~ggs05%>6814eHsgPo)X|+_$Sk5;+Cgw#n;vxXL`&m`DMB7#?*87 z*D`IKm!Ne+nWc|^tI4f`GwzO8zOOEFI`Z~BL+PKFJxgcs%rX>Q9 zTAKT6f3AJGFkWXu`{Z-=Qft0>6@@Q+@2D%1)Z;#t`Q@*xzRo;t8W-mD?f7+V^{o|> zuh_lL@8{y)^r5(qmEl^O{!PK|BM(Gh?0g&epCR@5$=~)YJ-KhP{VrYHS;Xdk@8s$a z5o>lZytA!%8D1>Db8_mEJv=&z+vmXDI5o}Gqw6E!dd|$3j;BwuwD^DH|sN4EEb$QdC z=yiAgGo)uqWd@wxa_Vq{ZT9_t{1sgJEE$5g?;2Km{W)&h8u{r>qK;15SNGb#3w16u zN;Mv{+Zy+X(fqyqoXczXZ2dWPr}C%em8b5TOS?;oo_`xVb4x+swjbZrzL^I7XD~SK{5m9W-O`;p%VHP&zQ%j!&C>Rsz{S;TEps?K!(N{a z@A~9f=hti_lx^!1mk@4w@cFE{>ynxmGZ^<=m|tAyn(P)E<(W66_)ie-`AXcf6w!F$(*XI%euOrraqhU_r$qc{-we5f;u8rDpZ9O z#y-6%c;2TgBzwA=dQ6kWfhBKp#nyx+>$Deruq_OVzOm6R+fe!brFFNWDm%Acmause zy1UyV=yJ84fyJtxyj06ChWYxeYjTo;9Bk{C7E3K#TWFYLcX8IeYxhqEDHm^-vEnJ#|*CsM%_;_>)s@Bna7&1ZN-Uy zaqkTsPaLrOx+b~!`K!liuOelhtzXJHvopy-rvKbdTW_Cvw>-_A@At?}y&p5haKD03 z^)=nElkYqiNVoauTfID1s?R%k!q)KZlh2k}+`TTkf5|J4)ko&coAYhOI+L`d0#3OZ zFGHsZ=ItmvW~nsyveiyy)#MfJp^1!vhUaQC=jTs8Bb2AMAz}Z`Pw5POMOjyuewLGL ze3C5EF-^|QjP=MFb2-K**GezVl+Tv=bMx8SW1)`|INu(1x3CBgFzzc36`N%Fcal$8 z_u{o@4jC<PZ_2eLrxtad zdTk{oT6(j=DqMDT#!11lP>W;5eRr-e%kmbv{k`0_@Yc?`{(g~+w-(Eu-zqMuS$yI_ z+6DohNgQ@xlTO_XDd32Yy1I8`PhLz9^No^KALXZLKVW>Jt$E&gm&k<|%7Q(N$M?o< z*}-vK`}kHzW*5;7jE_Zmj~wvcW_#nf&2^o*XOrK}4vU(-=x4H|tnI2>_pBBhB>86@ z+`J?0#N)>B2eWhB3m^2c?-jZ6Gh}8>tjEj!XDnX!eDw2-c)EBp3xnnR$ctxg-s-)- z*Hh$3Pr}zH*H*?@@@8i)5z3qJM23g!%J!YgO6oF68`pG+-kJ1d;`yzyjo&7Sue3>9 z=J9f=XT-I>m*3tfTRv7=)|5D5=`Ojp6}KlH?fb;Ba#PLOSH`a+OjmB->?y9iTd-l{ z=jM}VqqgoU%b9$KG4kPrjSMo$vo@y+8@Fi{Uf?oR zU9qQ*^1eEB*>|J3E$8~CL(e1KR6qHd{o&2>%lmFC?((0Z>3qfVpbvlIBtK4X{4)Er zN&b$Fk7d3++nfCG_#aW{Z~mpx=Y=b3Zrqb-+Sq0I>91kDDqD z_I3S9S?34akHmAYpI!Oz_X)2#{6=EIzq)omte5)Z`@w9f?7Nxu)!YXjtn`!+?E3s+ zr=8inMdhwU&N8jI6uKiNK(b#EzME%Bx%eCf_lCm1J$@2)%Z zpJD6ygYVg2b=t05b?pETqrP8ujaz7#NmR8&s>QDzI?ScUx(DlKH%rfiaNV(W@(|trmO0LXOd2avhQ=Pm~c4k@X^(=($6Y7lCpNr zv;GiR>aCmhh}YTqcMeMq%Msc3jYWk-cTh5BU%J z4_sTwbZwA1*&CZ&ow9;}LZ2qw>#)bjHS)agS`wm)-gib^Y*v29d84PcPmzyX$ORz_^~t zG`3V*JEAjp;iul0JFnK1C*9}UlW|t{p>Aoe?7?$Ib#YtQKjv?j7cqJLvAlNS-JAC| zYaQFP@UH&i;wxeE-*SEsJ|xe+Pw}O^upQ&8v{%X+l?rXX2NqcV)xKn>RCj5g^^enw zGk3YS+Zf8<&dGH&@>%HhphRxjUY$*=TOVCN^K8nRbDzH@f9!2PJfB%_@}pk2yIVOf zm)v-IE0e&jFc z`FCe3$K=8@Jr<_V?YHnBo`3UQe(QHD|HIrn!~=`Ybc)}5Ah-4T!_0HS_Yc{hgR&(bb-MS^^;f=h6mtgM2GjL&NjXRTdnPHdLP}t#eHzsxvj|$qqoj+=(!wy z>VP=I#QS@zu4G-CvshC1OuELg=htufAN|kJ%6`Q8K$CZNZHklm^aH0smHoaS^&h_< zt>-A+DlB^~we82}DT(ou?~B#x|9JKJQR?~b$6IG{PuZ#F=G?o6^Zcjv3-_nT-#+g3 zQNBI=;C+!8$;S>GVm3ah^{t+fW2flp#rJyS7fU~NmX|xOT%5n;zTmrm5;b8TyeqyR z{MBQ2{UPJ5>lIITKiXHe|08?P*1Mj2bd^o6t-CFm64PKQdbmRVQBu6Yt_$l^CY@aJ zWTCZhZRZF7L-#rM8C1BjTsjlB>xzTWn!;zvzph^jUiv2CNp6@{P}x;^i`V-<_Tc|D!C=Ri_=TGizUaUVdR)(&EX1?ozii4pn$qe3qA~k^ejYkLO3O!~cX# zcNtmF-|=_#3;)(QnIHWhUR^DT_4oO_=4#uWrn2h`e-uA>HuZt`=fZ`{r%Kwty1ulO zYo_lehI+2h<(xCzT9Q{zXZdBYLHyUUSu5O(ZdZlw*Z03_@@=xm?pqv>*_Wo*xa^F! zXS*vJz|r&eXl2ZN(RX!RFU@Xk?+o+I(VJY5|8CajrEa0KyG(nO7FD%Qn^;)5LM!eS z|5L@&)z^(5>y|s@Z;iUQXp6#BhD$Xje;3pUe)QE-xX7)%CB@BS&Ch=_S^rdal<7{n z<7nTxe%hH0p^r@^*7~jZy*l{Nv*@+#kF;LL35OXhx!qv%c-EKIt81AbAMbdRzsIxw z?`+*Yi76iE%pdJ~YyTj0Sx?lXH!FGnxP%LSlt0}5@aq?=tv$Oh-tXPJ>pIWe7`sXC zB9|w2e^fqnpYM<4s@ZF;9zOnUGn41}d;X}e`YrKW-gU35kgO4Wlo3?TQ5UEo)4HDR zN2lGwk5=FA`)|9oWP{M;mvNInWIs^dH+}j0`O%JCjnAv3z8FYsjndN4C`mmo{bldcjPfzvCsNtJu1ts1MjtMh$7e*Ur9Z_?o- z*A5(Wb5Nf3@#DnhfflEW7asDIi_kTh@xXk&wpp~qd9?-m+fH4yyS^}^aUK6h!Fk%7 zKJIVYvT@np{f8&iEO>gQY+d@{Ur(0FZ_HB8UY!`BANBLt-YK(;rj!_#cI$eFU(j1; zW?7yDX#4^@sP5&5gT!#9r!8bUojq>tg>IZV7X|llXLcPuJhIe;3u1vp4Qf ze=k)r>AOPo%c4d0D^nH1ADXuGu6@0o!~ajsxuc!`j3Q?J(&P3QoOQ1L)bwTB|1&5p zl#4K{YxvJ_P})w+yZYhVW-kxMNuX6pa8s!InovvvLzGq(Cye0j0obG=H zmOVeRSNur+7T@>oKZ9S!*@t%pZZ~&*D_;D{D)({B(G|NC{>fhX(JvkS+b!xvpUKpl zVpAVzueA=?ef6u0bcpP}uM?M5uw?(5ZT0tg&697E>u$U7KdLx4=hket_B zyO&2xqsotF%ntr{@}u3%r*EviHKT4-tvG(PzAZ}sNUUZ2A=cz+lG`l;uWeHOvHj8Mx11#$ zi&J#Wwp~1@#cTd(+2#+s4^N-;%8F+)`>~s5pXX&?T^(oKRAvzHG^gF?NA|~h?_Srb zKQ$!|uzXt;r|{wX(YA#AaBJ(vuS+lNv;MI^dWY~DBUkQuj1rHwum2Of{*}+Pk8Mhh z4Ib~q+t#gGtDo$b))#d9V4d#1U6JqSCI_&2ieAe6$ME6FM(MeJZ~Q*?iENi#b9?uG z=_6{FuU);f;m{7zqp$zT{y4e#$gOq#rE2C)$u*BfU%L4(+7b8H-}l3Yo%I6U3N^D! zgIi?M*J)h%r~Nvf`=73CvFjBx9aCd{%$!jF-ldCby%f zmY!c*8zvVx?V+UU!ngM~P4C&qBO6|Sq)Y0`KACm;td_+g<#dzP z$0n!y@;C?CZEQZePi^Nm!N{n+M?9M%dR8*+$$wPewcez^W4cxQG=)gNz~H66kMcX} z>^@9u+HmW>MDAmU*~}$!Ur$zaefZJr(;T*cm(hvWbDr&y+LCK_ZhELm?B>#s$}#u+ zLY`Xux~^OO@O0bW&ugZuThw1$^D^(_+-c#emOmR;7kjQq?46UI)#qRAsj*lt*DpMN z_s$ESH)|YTTzyUbk8XaKl+QXxixdst{AvKw|%{T#k zIJZPRyZrWQ-jM_g<-M6H-;HNqc)Z5OxBBsY9=FnrZ|66wM%3J1J@upP+N;x+ZTl{` zL!iMS@!qc4N4I_`@0#^;kv^ZD!=mk9Yn2^8noTLy^$O|pTzp65Lv5?J>PEq`^qFtc zcYIEoe1^~H=G$PKORFT39u|HU49U;^s?UAzlydjErl7L)4a+04__h_9bb00-+uF9` z-mRFninR~7RPXGNH}^EN@cr+2ER(*%yry{^L4CpW=-vWb6@YK)7RUR zXSK)ZF3sj$dg8v$3Qoz#`%U&qTv@C8Hh+>m{a6e!tT0YVeWihRfUT9i8%S-)_M})oek%}&rD}mYred;@T&g1+$XwD0H!(zGv2@D+$XJV}c`IiG}xU zylpIM$?9+VV%NO;+fP=w*&LpAd~e$^?@2drswcmWTPvB7vpgl}vW>U-q-lpv?m1u( zdOT{=bDt|I5h6XdIOO6X zzW_bAZ1y8|vfHcOE8Jv0PpArCc<BY1z6{Rkio9jOe=1Y?@;0C7Jc~!W7k#n3Q);}m+I@RqWfrIZ z&kWXpu3wfarv)5jYO|MhX(;PwmmE;(a+BU$JnP(qU$W%Ma!O?`MegbUbXr1#-}(O9+?(D4&8I5< zIT^4oSY34KSeeC(Jl?+#H|$_At8;SAeDUpcu5omX_vhvdC97ujP4U~5x{Wo&F68Qa z?bHLie4Z9aJYOrmOSJpWswvFtEJa?t(^Z*chAS0p5GGr-X4C>wRMxlLDikg7OOf+ zZ0R?Y&f1(y6wjGgqohuep4T&-%C2?uC}nH;fcnHwMlFGYK6_e zcwfvoxY*Ke(e^KYBh_1Hq-?|u1ycV$%JiPdyq>dT;bW~seQAG%u;5aG7`R! zlKydx_szPnJ9}L-4r@-bedJK_Y|~fCgbK;vNz3;-xo$7s^S4h|)xW7a|$)% zch3pFbSGs+;8|slP2AZI?JRYnb=Np1O#buoTA1#Z2EO{grAfE$PnNqgi&x?JQMRW~ z5`DFzr`4-Vd|54c#NkF&)uTDOVXo(ARM^OUDKYDmit-R=S#kUOCanzd^b1`cYc8bD zE6aBbe#3p}f`RM(14kLT*2jFjHkIM_i~7GM3mqhu`F6cA;>_DBoqNz?HDB4&!hr1x zZ)G*S18+2*;QqexMb_^8lXvd-uk|)ewf0b-cW8!i#fcMgUoLHkSZTWNsrvQ*4C_Pk za+us=_Eo%$S}$-=vH$1U@JV;)h%y&2O{!{FJy-Yah=7O8RrZZ{IJJCB#HDK19G&v< zWuWQqRS(wNT7}IyRC2D!TU9yH>*SR^26~Zm=I;A??QF8jBvHY6){hp7-HQwJ_&o1O zP*wMI=hLP3tUsso_3Aybe9(9G*z5lce9Gy?64T7w{@y$<`YwDI`^=pO7|a#8&hGng zck%J3F;-2-d+)AFy5o~7UVM1Xm%Y_q&d*|aXK#L&RbiSvY4%BF-V5K?`(CwSmvZsZ zS|WViCd~GFV{Q+RDl_wsDPgBF`ka+6$L})BoWvOKm7NtX&Q&hJ{*foN`Qg`%K`hM) zwo)@im*|?G*poid-AL7O(vKwT%&#d^PMB*K#y$P;I%ezTyks6m<;K3LkACGY5xe{@ z;?SJuc2lptuv#;1lip1}cFVK=hHH{$e&uifC!D=~9g+%d|(~ zbC~=YX6-IqALYqh_xoL+ud*xC*Q*>bGR}lb2z9g6nj0oF;86QsORHLle8o3E?qLxl$$D&by|&GIsdi4WN+uU zw;@~Ia`!bQD(P;rpE7U$+=Pk^H=R?yOEP>>UZ!32>XmiHnR5nvIqiEZrXM@s9T4sN zpMm3T+p}5Wx2295pSR7Lv~%{v$&c2HtSLX6nX5nJ%#DCOS9A3adGz1@dL(K2)Q(cS zEAP1~Y%+G`|55p;utVtXiQ9|a-o`aPn9rlO;Qp;&TfA;J7%r6I67iXv{h}wI=ZAdk z$GeZrHfz896{8@st-tBTNqy}Hl>aJG06R4#uKV50X z9hJ#<^3)qIt#u1vsz144#`!bhA6J!gWOU{%xG~>6_~nl)4>VbxFIaW2qUUM!hh=*% zdCv28V3`~!pREbj&w8=RUh@nz93Y1O243(Gz%_SkaUdZ(TOufFWhmCKv7 zTMi}^RfPy?xl6YCamYMc^zLC2cW30M9Y1Tc_FT`F`g_UZSZ4a{cZ#!O5`VgTKngs-?M1#hUDY-WO-BXpK@2{ z314b_Oiuc09p{gC^~_nn+Gi*4_&Y28WzPrW!1z<4yhm6gBP$iIiD!0|hD>YoTUac# z^Nz>qu+$?HZCX9fx!+@38++$x!&I3nsWUs04qv`-ZA0$nQ|lEuI@7dXPp~k3cz?^* zt$(79&OO?@{@qVY<^85_eGP>S)aUnbj`O+$d)K}AlBjdc8&+Rs1+Vt()n$t-iB!iwtXw+2w3te2M zHcM=p7~jH3YF-{+TYOGOO>td%YK2>JP~owvzgb6{YS%f`-EA%WG+nlGfzXvZ7uPEH z=$Kv3Q>?WLk6d_ENa^JE${@=(+H*eq-BUgL^yGTk@O|1VH+;G(rqa@Ihrw#ru_)!L z%*_}7$yB8AR+aC~Jf`$KsjoP$KlShY{D;f0yk8jdTT?6ay!wZA%n#@P@sRPHwEIJ} zsrgZV!5G!e&fINf(t9=(PK?W0x%12yMZ1VO)B9@TX5HIZw6UOL2m8iv>)3-8JYwo4 zUjDf5Tqr*4OqjsZ>DCVKBftMDlGwITdP>^vL{X8#(8-gptbe#S>Ci3Bd9gZ@3>v#< zGs|t2xqMp1LpgWjyVFcJpKn;DuXJ45<&0IecMrQ9eqYYCTfcSkt&Cr9 zm;R|aDtl_nBDZtyOZhy7PgR;NU-HT-_RTEcXLH_NwDaEdiQQ7ZH}&?hY1{2mCgkQ! z62E+TZT0!1{;hF3A9dTdKAx-gN?K#tF71pL#-FOMH>you6(PQL&(&#@7=2vagf6^=2?B=wpv5#ZT>=WA#oz!7G_rM|l;q$fH9tl2o z?;JUGhB3spUh2{ztL$8->{hPpdK^!lJpXxh$sW#mMT;BiwoYAsN?NabLIji5oY1?k zJ~8GoAG=>6ci+pG>zlsHTO--U1%W5ei!6F}a_y4eWo7*PPE~Q8+d8dQ?B-QRttXTC zEuXEuc|X#(o^Sff%p*E2Cw02NhdP|&zt%G8PIidT2AvHm*H$?Rf0`!is=K!L*v=ZA zEgd#5XS`J@ZjSoT!2gH)QGSPb+Z`p>a*etDP z$*d6k$X(_09j-@n?#z5~Y1yLAH*b}=IBg!Ji>}PferopOiN@{1NzYc?bn$6y&OLcF z(=|~r=;>*>uaj@QXj!{c>9h^&)UQl8-e|fW?D^UBU{2Xv-{?Yt&r${=^R|XQ=Ze_Q zCAHwDrKwdnS*p1)a>@294DVWQ8w9&Y0mnUwH&f7Obko7J_A<72NEG;zcv=f}rwZU6Rs$HW%LD}~3` z78PZ0pS5q@wQa^?xBeDi+O^l{(nAIL?3(QhM6=AyS|+(%Xb5?-QGMgvAnAe=A=}lr zX&sxJ^T{G!r?2qD+HQNkliGg|I4Z5R3!1*?Otr3P*|hkauqjd5Gj6!%c^-F_&0f)e zXrk!?&0`0T@AXez^iyD(Mv#s z9!oO6yY_UCxIpjSBEz%ZQaUY**GoJX4a_)YILA*o;78WU4A&*~d(J0c+YtP4*|L=S zt%e7mByX+y6ZX;PX77i^3zS8Zc;z$|3q*_yoBP+Qy~z|0lv6ctER}ZqtlRwY`h`n+ zbBje-e5HBhXUl5eQ}_^5zOZE@gW2cC!25snHqYYMvT&0qJ(^y2ZdPdSM>&~^M^zXO zit$%X)HUZ}?0dGCIr@ipVYGv&o+Bvsm2{10sCVM#f#iLbi1CH zTs@n4Naxk$KZQjRweCBzXU)R;yRsM`^23!t;gBst4_SjGNr^; z_)wtgIiDWO<56Gyxn6GECS26m^L4%PhuT-htvSip_DZ{*>EJT6N@$MRDmw9SSCnjv zfjieKmzzgpnhX}tI(IRxS6O<4gYD}iPP>b9G#)Q4(&d-)Ix>-s^T4Z&c~5R1^G@z6 zIx(RsrAF@Nn%MG4k1*fkKk9;Pvpr5KC5x*S?HAnRu2S~tP=UBi(!PR^%MbmqDSu>H z>Ko|YXV!mg@A6~f>sQ|W$&fBz@w_=yr^Z&|@5BCe+T|VJ{oVQYcI~o>)4%zj;jmf! zo``tMH@-QU_WX&L4|ZMCGwhrCI;bM;)??kLC8jEN!rMc2WfBU{W$HNImC1R0<@1a! zr~lgVzG`Wexq4Uqh&J~VGl??O>#wSG%BHayq=0KRh$EY-NrBzvxxB<%Ta3 zKjy94Y&-jKoR078^eJMtM%ihvBbpxF7ua#fJ?mpVOT}8#%izA1cbF&4SnPHKU)Iq%P0Z8&ytwduj>w{tY1dWnCx6m*mB~41A@Me1R_fP1&Dj%o zgst(F?3rr$Xmi%_$zgmtb9@AzRD~3sIKwF__Q4`;Nt)s&xn_;!h0CWY&uV?FKIh6! zEx$^(iBnon+GZOsvlhMHC%x20u&4RngbhKC@=^UozpkjRIKFvq`>h3O3PqW3ZYEiC zwMCk7P1~ZyBq<@>>}w=f`RfX=;mi5QW?Y_lAb)LIW-jNyi`&tWTb8elpc_S!@==2i}nEy{9~En!S#!5cBDt$LlGxp!{{@zv9}r zce6a+@txapF*hSlI9FX=sddh_0;|x_$;xFFi_a)eDD+<0+?nIUV0rS(GLz*jlLI)7 zEKizOaGrtMSg(SuP>W*XAr{p5?5- zJ<%ufz{8G(aYwc&FJnx~GEL%?xiZPatY+=Ch04z?@>oqbPMPq2_UZFk3o8~h&)d0r zE~Cunkawq9wd|u-Y@W2m#7OVNjT7P5cAS@dX^=H5=U2@E(TN#n_*X)5AhT3mH? zM^H?k?duAY%1>c-E zKX0$OKJiY}?G-vI=Ve{Xg04#J4V8tdjNT^Yw|LPuf|Vt3DpTw$5Xr-&2WW#{W!?OR_7JJequC{if8@e0Lhy zY_ryUdv{!c@kW!jpGyE=c+aOSWriK6I~g8d>e$O8Ww@;UjD+&?fa)vR8Is<)2W?-c zzS%y1t|LR~inxn^4zVY&i-xODo$_e=0p>LJ=5yRAvL zeJ9mVGoCZ=ih5Fzo5{BIr*d9j_`a~@lHap9f3H_cANC$;5odT%dOT_;dyC41cb|?~ z9CQEqW%-##*O(`h4s`t4uWj?y7K8x!_G#8sy^)=h`ZF6sS`W`4?4Vq;%rCMg{ zya_5vUg;L+Uq|1vZ+|-HZJ$m;f=ub!XnxL(ic>u$Wx{hG&gX6EICJ4aN^+OqBG=%< zpJnc~KDe1D!ptf0`e<35%#UKR`&N-$pA57YTrBCYTl|waX}E&Q~4ZmA(r3Hcx&@EmhWOXtl6CzBXvmo0*a3bJCgC zL>o*k-o20^tj~&FtK-L7m2e&Rd(1u6*WDLoUW$$~@|2T2q4H=&gwWbOJ=L>zm8vTz z95`;d$Z+H7j#YP})OJiwYNSrgCq&_r%7@KA$C?C{Ngv@ULXvio4ab_;zgV zP8MRkWqC9)?xo_}yAN%cUtXT|LS)ILmi}FTZhnCk>kNu5D*PqPnNnWSjzvt4eyFID~r>erX`^s*~c3Wh! zfVyIp4T7PD!76(O(uYVTS zd#os=K%4K^6C+VBt9t&rEpNkPIu1qhpE>X(jP=@bowdJr`WYToo4AzAxcf?f*er!N zW}iX||J6;MkjFlwtmk9@^WZyY)Yz-$9$u!kpv!Ga3p>M~BiC&n7hm!^v5|R&Q`Zq8 zOSYvEA=@}u<|HlbmD%X8Gk5vt)ncz~4t@Igvg_ax-GXf`?ura0_H#3Cu@+BHTDgS0x;?X=?9Oqpi!P z9M`__Ref((WM;PH?Stoa`?jh?%XYt&kkvY4e5{3U-oCGsr(W1QZRuftGoDTb3jc`SZ6 zFI)c5e+K?Mo5;u3yXWRTiVVBQv~9EI?S|sxrho2-^?F2JF3&o?R72(F$MWNE?J~+L zbWHh|N-JXx} zRdE$^@}f6uzB4ZEveC5dE#4KnZtsJ?ao*;aZr z`aeSHkEgf4UAAxYhu=OOoJWe7C;piA;lAj=C8d-Y4{=8AuwjtV^KlkDe~KfROO z*&8l(F}HGJG|v>v$ya`;uBoYic>VCLd+u94?vM#P*ZAA{Puz#-+{=GFYq=Vm_9ey`We84h}zu1!;zeoLa! z@tE!sEr&na@dy7iY?wFmqk4F*R<7A&_cY&ADg7#?Z;vL|c>iZ;%KUNsP_NFcxP>em z-8h9jZWmd8UA^*eb68BD@|;(ut85QH=>H??{2*Z8#`fd8SfBqgV(okRh%Zrjf6TgbFeVe@K&!zTn=6|%h_x(*(+AO_0U&PLF+BdFw z8~;H4s6XGn-~So-Ln=Fz34KBmJAwN8&_&vv-=*cicD8>9snnuV;L|>d%?xupgTre4H)o zAG-O#F{P;u|4P>`uDd3`MZdM6^P_O^BvT8{Vr2v7&+E-(v^DnMIcfUJ^5Ueb`73Un ze`Ea6zDG>x$A5-{^+HNgcQWJ>Z5BT}@UrLHwfP@@`+j)e{9yM-kyQP)0;;#2e)9Jj zIs6KLcKp!$ADZ&VGzb&78O2}tbO6vVz*SFPJ{by)8_#;VD?ed?(58o;u@2WW! zl;G5#^Ut(5PyTqoYg7C=|2SP*v^(YR=`{-k?(S-g)2$IxnldZOqxxO%{VqAFk2gO&sWbf% z{%BGOuhZ?43(D&ciHFUOJ!7b$5oiS`r2OIe@)?M=hw4E@{;yh z`#b+Lh})=s%NM`x@WEA5Mvqhd$LiNbIbwRDi#68j6L654p|ldut!3f4Cp?qjt^hAEysgHE&&@*gx%l**?ah594=_J8Uxn-ABSrg)y< zn!G*cZ#MI>I`->!(ytc%I(ph6x}-?mP4wxexO*?JtGzlpBjKrs-Ph|s>c6f2@UHP; zbg%rQvn%Ia(>Om}yEIPw$tvfmcjb;-ZN2!)p7&2?;^W(rIg>)o%^p9G`5a|l_BQ8< z!TPhl-v79m>_ltIX2*P}TNCdy>BYbIXI{;;UH$(2&DY=he-!@q{t>4AS3I~?zsGSN z)18gq*1dSRI^=M5NT0ig=ZmC&7vd~0?J<9_a?kInLIw{xpL~wXeYm^$x5LY-+I3q+ zl07@#M0{_GY^}O~^gqMRpLXi5`T3jH^SAIOXS@P8C~y?txsQ?qTx zLY?!cTdw^uL209ts*jVABoRNose*?ZR&?#=VLw` zeqkQ?bA^ia zX0A~A=KlUzd{6oMsrwXa_^#9_K9YYMYgf7N@Uyo&JkC4L+j^(M|KP9Cse6Q@f6Q~+ zmLqmL{logCUamRQqg#^scFP_7xbOafd5RapkI2ayZk$?lV*jD+(|(J2=T9xH%x%5F zCK6s){DAdJiTu_d(IKA$h4lsV_B~p3X`g_7_m)nz%kQVeIPEa7d@}K6yyc7s*;m#) z&GqZpacJ&z=bjBe8W$ZdHr;aP*qxXL_-Lj5 z_AS>qB@aKXeZBZXjrfPf$G5W1s%M_wW#{;xp=r;LYxT@^ zC-Rp?pSrMbZ^;U;k2|d<)UN*cpW(nl{eOy)N=J8wJ*?Rxf225m#r_ZRe@iOr57~+S z$j`0VtdjLv^2*o1PuHJ^zX^Zv!cMX7vK8;L1xs%J-RtDWe(&Jf+J3eN_r&^?)=UVU z)T{ce?(x6#Pi^!+upbWlaJ#a|bV`~>*<(r38`-;T+qN#E=u8CoHhgx;ORF;}w^WJW{zI+$LD2GCgqP1wG%n zYY&R+6@I$znE1Fh?W$<%HsRhK?52(4t+SqoRlojz=lAC0rfXBVRd4p(*xBoTPxR@3 zhE&hx$=)}G?%%J^znl8UT2kT9krikCSKNOgCwFPqvuu$_!%q(4)9k&@Z@pBfY$HBT z;lqE1_GR;~-TCv5&FSkp;{*THuG+XheyRS^$16-+Me&82U_R zt0yb!AB6Xq&UFkAZ$H&ues=QvxL%RP<;pILbN!l+${BCkeJS~B^5t6+DKZbMu5(wf zd%?L%_tAZi$PYG~EY^p7oZj|kjmhqO?t|IS(hOEGJzrX>f8;*{YkWnV%g)PRp6yJS zIYB>E=K98#@bXTrK=;ZIAK&`k>C6jlUiUyGtZnV$m+DczQQ8()T2w=mINdgtL4>yu_px!bdJwQYuM+-t}AK^IHU zF0H?ESom|KoY;?}Rtc{gb($6?N&jZQqt}+lBOADokE9>+%(o zo9lw!n(7PZr{*P}kNWz!t*iIO%Pli+{pf!jw)D|@{=HkztU7O;knkz%*yOcwFUxMF z_AOYRd9XBZ#@WI;h7Y3KJ9D1z+;p|=cjE3u+oNT5Lf5{;db#x<;qs2syLh}Xu1ueA zXNh}A%G#7Fzy9SF)kn(vMc18}nsn#L$H^hrVkOn4`*y3dOJARJO>F+hc)!U3R(}0U zd$is<-|a2i<$l;+^i`bL^y5->Ggfcie^p=ob)4{W3lFdF7ST6SH(pWM>RrZSkT~zr z8ehGQ$tuM*`a)uoc3X|^W=Zw_nQk>lQMLVPiT2BA_0UaM-|RbD(PgklNIPU*Z`8)q zHEtgzTh}h);7$?y71mOGbmeW;k2@>{8@lK3j+}0lx^MrZ#+=XEEU7+nhfOd1Xg;_( zV>7o0)4z|5hvqRXTcj7u7ag(FbKNY-Q;+kmu90=SRcq}x3xedV3Meb3%>z57Y{WpK8j ze|FWU+v`N;WzYX;-|@60;(kj{UFoi^y&=&?e<~}piyw*2V&hY6U^so}bIjhQN53?# znPuj1c6Whkm1oPWS*v+|?wP+da%V znfIT;;H$`c{(CX*h2^C=JMx)Gj=aiq1dR;nu zwnff^4U<#_{l#Lo@5|!?EDhdllCy^;@GRNz{ZcKmKj1;0y*H_N z-{oxH_LcjD(IKU?y?fhDpZqi3WSqS@t8C-8Lr^|E(%adEzi z;Xd{N#&u!O{MCvjWmY~neHAca&1nIPopx#Sjr06$maVqRYhQlvjz_6lb>{Rbk&cI@ zPIrZ;+j(+4`QRF{?c?09-Sz1e)2`+zojnv87_L^y*nDHQi-)nDX;U23a;wqnyYHr_|aAK82`2w8+^D5z}7@LVjOVXDn zXWx_Wj^11yS+H(@>Bq0@o%dYgNu9GU5m= zNBfF1{8_^uw^euU>@&vOKd<-L^WpEZC9UfccpM%~ytK2|{jj)H?qM7KPwC6Fmx;=5 zHJr9w@FO2v*R?yxyf(bsI-U3A)tr4N%bZP|pV&>k{NvJ0D2B+DA< zD*CMNUuu zw)wNfYtJ6EcpJ86-Ly=fpqX@;fIPP2D;39<6aV-g_crsdO|;*Hw4# ziDwt;e#x$x)ceGyzSO_!(|qyBc%AhsuR_EX9p%2ho>$~(bVBLL9O2h7=lj1*nRjzZ z7lY573GA<OUf89$M$y5_U+YR417vx4W!lgsmbon4*6tYXbW0^aQYuq4z{ z-*KLc?tK4io5lWld{5lhws6+lJ%?`p{iNxpHt))N`?TDs^Im@!naq4Tp>3LakETtD z=`ZnzD`)xIicD;+M;?=eyY~7gC2<&3eR6#+g)Jk)%!-ui81;3QnAF6kO{3p94q!LI&7=; z`Q`8V&$9eCtutWDxb|q5hU%t`3g4DwJ8x!YpEq@7_VV+_^VM!le!*(@=cN_z?%0a% zz-?PxpZwg!7^Sg&qh6-Wn`=c!I6`fHUCd7}_<2*<+~z@;dgp(JjQ=Xxr8tW)fP>z@3F|1&gR zn@|}R&$K0BuUqoT)g@Qg75}Z0j`(>v@W<;9o6p@`5_dO_vGMorG*yhwBIHqoawd{%CLLcr5?oa9+KarKGnY-|;h_Udsty zVZWJM`kV8-beG@qUst@BX0D33VPssjno0Y5jpuKky7Rx*9zL19^nT_~=KPy!q9?QO zZ%FG;k@IKz6MZFT$@zDScJ*xPUn!!oB}Du3tHR5-b}dYrVfng$ZA4S)b_eHl<~f&b zoPV3tUH!-3yY#~PFYg7SkL*;lEZg|)aKf{lo`0er-{;u4^+)fAd%uoOt;=Ldo&II< z#LW>QE!)y7m;aa?))n~F^V7GeS9^3H#|C+RELCvWe{|NTTIEOX?WVT#Q?3XY_q?$Y z{CREXN5k#?Il?^i9$b!+4cObiu*6?7=AOf}2@IZ+=hx=n%9?H$(7W`NLH6-F$sdc~ z7OY7eovdrU!CXd>bn<{Kqot-*4{rkk{m%pxDwy7^5l+Ekk6v>^s zU1r~|UdSZxjo3D?WMW|W%2%4P zqT*>KWqiuHOII(vbnZsC<}2-48x7+ywJP1=3n(Oovz=(ZNu8;@%ImwMYgd!&9+ZRgrNNwGVt_}rtu zaIa4IXtd$v(ZXAIcL}{(-t#$P$8Kr2%sGWq>k|AeS6weW{&d=N)0O4vGI^fNpVsWY z^Kipe!Kj&6s%Ad&CF^=2qEPU-$I$Zd0;2TKWB`z5MOW zs?;Ns&a8g=WTU#=)=WvY+iCpA^m_s->b-Vs-89#;xMT5omFvtOb|2&mdi`ksk<257 zn}vCd=I?#kb>K(kl2`UJ{}g>!-8*&v#;uy$OKS=W<63K(e!M=SnVkK5uhfAzH!S$v z{j?S)&lXe_J=OAI-^B9A(ciAVf0(i6%Cl?Af1GWkzVs^l^eu?vwM z3wu~&SPwmB+FH0xPi$GxMv02pNzpMXHtEZ&w#=GxW{p?dai6ZU$)EGjZ_~QFBXI8e zTZ?CWRhH$vl{!zRqsze7HSCsZ%_skwu8r)|j%S<8ZOu5)P_xQzi^g5iv!?>vl!`cy zUt4=v(p7uTe}>6kNip-Mzw~2t`ozm+##eG-1w&kheMwh9Gy5E7{|=Rzfw%XDHhL=U zJReuFa_x*$T#ax2K5;cUo~xEB?J+#|pTSy`t()CY#Zc>u%+(#r$>;cNSBfg8{jB1e z%G9`JyTpQdX%;HUisvf6EHgPVGel*A#)K74#a*qpGgPFyx!&}>lE{-jGhu>zOep8X zz!Sj}Ux!NtpJu$hGq=pvS>wt`-QIMm3j}i zd@w%idUI9P#4Q_dH#w(&SS4=Nv{51X_0NmtN}tTea_q^^}U&K_jULA zT|Jw4|CO6VnA!USYZtvKIBS-iy)L0~uAjM#jMVan`5n9VH84B43PS^*W_(@W`%myg{Be7x`2v|`fqQQ=K4(0=o_%7x z(JR5&3i_Z4d32?UtxPzEeaf1 z3FZ?U`?RL5%$L13Ux$ZNXC_P4bzjSjf~+MqJ0C`DRVi6UL_VRPTqo~>4y8RZ+dh^;X5oV)n?r5*nnq+e~HwQY;unWbT( zTnps)`|i1JYTEMCD7hzXv)=P`4He76&vW>eEi%~X7d`p7VYiXVZf5}_SH*~F0Y?uD zRsO8Hocnm%gZES0tR`f7TkYfs*FN{|t7pW?8NcpL6w%51)}Ug4{J?ShwLzCpb|q|F zB%<9o>rI}GYV~7&=2zysY@8m|3g>(`Xy-a+RHp+QKF3{U7Tij)ZO{kuD#A~W}9|;N>6*PZaTL(<=W&uZY znk`xAnqafzt=^64Pk3Y)qsj^yMW$<={UrR2O{FrceSDVL_C)JbV z`aj(MR(Z|T`uy8`kyHIlk5Bc~bADa#|D*N;_dz@MO;63?I&-_ zXz^KQe|{rP98VEf9_*kryu`WE-p#m>sw9Y61Ki+$(1$*z}$c{f{cY@D@lS=8~oLpL;8 zdYZEH-M7y*x3JAND-T*0zh&zrmD?MheDL+tP5a$?JyT|_-KkU05@P3ka5IeB7Uem~ zY+9)Lhc(|!OU|tJ)szu^ReW;w%Ed)BThw3P+w$OIO24jANXn znGs^}=XA2vedirT;U_K5M)n_8+4=X{<-X;6OE11W7IMgK!DE%Ks+Wb+j@{Y#vN2Mt zXZd0F|5rf$=Eab*%3Y~sY@F!^!Pa_%$utExBIq6zY5=vMMjpZ z5-;6&RyvpO?t|P7JrmDX_V@l_GG(2(xLNK=ZT8LOO^P$F{x}{SackdP-ZQxzJwnx2 zCrVhz>t##jK5MSYU9XfHa9=yQImo$y`5o^CzNxS73;vULug`d}{Op{z<6fV{njZVj zeDh9RTAJa}O4DrPRdaq$TXuBmla>#Ux5jVV^Pufjt@hlu7w=R(Mf0wGov!|8)^y=j zb0+Q=eWZBq{h{?Qr*kSNo{+SE9CM`n=nTf|TjMuOs+69l@MyD@(q;F;CGNS}x#zNj ztW8oBG)zxrgipS?{mkv%;h{_K9yiJ@doH_jnYrNn8xyUzF`UnesIhydrS(UztVPb^YV86IedBjnQq)5g`}glx9h z;{%7wPimfA?HO_EXl)k2et zH-AKjH>$fvTK>Ae;zxQ^kAmc}!fSiD{pUTp<@;EH`E^|H!+3E=-6oe*#_L^=SNpv< zwWjiFf7<2zq$w%pOxtwU|7nPHunC{_VxOKz_^FvY9xwcL_4WFW4UxyfBe}C_azEe1F=9(SPXT6y| zaZ~lIbA_4Gmk)o^-kk2$5PS03S+z(0UN1`inix%Lexa>@=vL(&`Fx4jv9U`R^cfTx z_ubptZY*-Q>%)uNG2)hNYn_)Zdn12n&2h=zqUaaAk$nayIF(f%t;|KrkreEbdMZDHa`b<1p^ZB>qOHaN2Vr9i+@9g$mU));D z_ea%R&hf$i4x<;_7cSYMDCYQS^80w#8q1IOW@lMd97;lLwvVE27 z?mw(Qa(g{r?2>SEi5|f%ljG)EWK;{R=wEZu?1V@CLiV*8nQzMTPW;|_^oR7ZZ@Zpu z+I))7;b_^dYDcB~V^t-~lk=(gH+c^zx9LwzSmI-f79_g0}|kn7TOV;g0t~o<#=5_g2Q7Je<%Km@4R5_*s5^ zRYMGe$BAc)<`oz>hsM1PnS8Cydy?xz!++mJb@blOUmLJ}2YcJ4 zRd{*1Xq=hC1U~n*_7%!qDYsrs*l~N#msQ*S;&nGKH&rZP{JA;wUF5fE!AIGGTQAP8 z`6#O8?-*gV+U?>dixWq);`7q=_9Smje&u2oZgcH|&8rEUZR#ICYy7)#;mMUtxTHj_ zJ=QZ8?=mW5P5$0m8~nIJ_uZGDZ{H>It!WWe+L!(@Y>vsmBNXaqc&=Wm+{Zg6q40A5QqCJ~Yg7t1PX8NdxxBW!TBgDBv1rk`ORhg>Ha?fIo0=u<$z6Mu zsV|{FsCQf644$gyJL#rNlb2Sevz8an(OAvNBd}7mF2>EiG2l-8yTb zPPD}XrmQ#d_3F%WbG4=vIV{*vKcnQlXxhys6LM}(o_N%G@+*PPv_R&C4mVWFR=rJE z)^J$RWHsMwQ{vC zv#R=eet&R<*JQO|83R+rvssrI5B0Sz+`A)ocJV=*o~y1|t{tjVmnKE-_;oqS$?Yk_ zpF1Cqy65>^uJqb@JnPnF6YG_e|N5V>e7tj2)(O!!q1(4++;~{~LF%+X3D~IiYGUR=W(rZVZMBA={%0NNk?|@_O!8W zEY%G;@wB|a>QV2-EkTauCMlaWkIN+Qbxk{=rsS4jEq`vITc+qNhr%m?&si8+k6EX6 zEc2PPbN}-5lHJL63@=21k3Yb%iYdv3oyJqntAFXS5?H8 z*|%H|7tga?>ud4glcoLNs?%HA0_G*0b3Ffft+iy3MbFOXHeKbG&($&yYOl$WNoMa# zxgL?b;JJEFsHgtj9gnZS_K9wKTx4;=Cb;jp%DdA_>6V_HxA-y-0>&sw!e)nqZ~UM~;6a@}{y-8JrM7R=11J-VWX8w9tnjo3Q#`uEvW`mC<`=^9IV zdhB1NVy<;ktGV%Kxa69b0!uG%h!MVX-LrV*mfdp;n~&LB9li2CI9YpxrHxFIw-`dhe63^xpAY z`~FCV?JsyX^8E6hVW@A4J7t2zbmRer|utF3jH z5{fcB@23@!8!;)?kMl*g+Qmi98v`6V*e*`0y3(H|@@db+vvFO=l)MfZpRd|v^1L9< ziSrF>+RcKc#YWs_1!5-lL55Lgx2ko#j+Pgn7p>A3oYUa$XBd|IcCqe;&5ZLb-Ugn@ z=kijmjyCH3bj0HI(YURfxu+FQ3_7ym*b}!Sldnt+`Z-Z+(mC@kr5cPZVVDd|z32%RAxg<2hlf zOP^0$+RZ#~YL(^VuoFLbtV>^Dmf5{&_4i)S%oTO;R$osA7|;w;fuZRrr!=ft?=%_`MG<_ zKYo8Ce%M)Nx|zW%Lm$uF_Gf`nc5FXd^FMAs7&Ud>>W8PpKKm&uG(7lxB`p0If7`C~ z_O0dk;ex0=YDs<5dd z!9CMXXdXTG-M0Er)fKZksa?NIR?1$?bF7={9el}jy^!v{lQax7YV-h#i{ z(;|*r6;0jZcibgq=aj1Xey?_k?UoQPzkZQv^=A#y<26Aa^gFiRXO6vBksK4cyGtmU z!@xhP>-15fig(w}AFUJm=((#YVOe&WO@Ewr{L$^dw#^87?7oFtg5gAuMSftcP`ioV zwheQlFV45FG1&U!>O3#S+EB1`KU1G+; z^QK?d_uD8hs&V|Vexm7`jVeEc76}<&@A~=pQU06niz@g7e%rU+I9q6wI_=6Q-}LD_ zA8Kja@@ZYkU6Coj<$ZVQdijO%ye{uvt#RE`fB3KV=D&+Y|0-VO4vC?YqeWd@uj`qNB6V+lm8R*V?mxy$?e(R-W>-L z&Nw}vR~R3x6ZFk@`HCwsi<6J<6ZpaQ@6)gAN2Sa=Rc1Xu_sk^8LvsBdJI+6B7iyw4P;TYPv^_ldXdGgY*1ra7K`8F%=@=WnZbUf(07 zzeoF__e3VW%XB|~H|KLG zzO`riky}3X9DlqEAJ&G)RY&Aq*;BOmvE=!v>zw_^R+SfBsO*&rUU5gXU-jekKSFG` zK0S)Gk^Cs^Klzg7zL;7M(}({VME)~8m{Tui!?<$q9KpjiU5t@yW^9^&Y2TV3nIDeF zew^O6$NSMt7f6li1w|-6Phc~>|FT!Vwl=VE?pu0uBYoFNcvu)BRx;8v5 z*A)Hjz37k8zYEuro2sp&SF_n{K4ReN`jPvA{=u835?{LiGqg`LT6_H7L`8=6Ph&Sd znyUTzvaiG{|D8V>m;Jj~zlFc$ebS`M$Ew!22{!O7>EXL`?Z@Apbvl)kVzM{fzJF4K zab5;P4u666m;9siKlu6Ie0}6!?vYuBTPLqep3uO4X-)_(^pRl|=R zXt&LNU-avTbd=7sNzHcm|4#g8Tf_L_KSPU-NyVT1oXK0fRQtjho0Ik({h)qiKj)nv znUkG9if(C2;&WL%>yO>;ADSP_4_>ZpKYYDl)0}r)cf$H6f1LmLdt=jW=QXbcmeiLz zZ#bIWd+4yZe3{3)gQrY(&EM(&=(O|lNt+gn%Fd9v-t+H9ykN zRCawy-SPSIc7`#yi~mG_eEiK@<9Oxm zpZF!&fiGt@)|})y81npOv|Gg-k)4+M!e@H3=3RRJ@_5rfm8?3gANtEHK1YXd-?cMP z+G_sZ_tE#bKbW^Gp4*(Z>ayR$r4zoYT%S>6{bTtD|3~o$c+K5D$RBxY_%3JB=_u1f zZN;y9uEcTvIIiEW-`8Kf^0-mn?N45O+K-AOAMIT;C3y3T+EiArwQTFt%IAyxQCyy# zWL;7co@v+_%9-XysylPGq+5ty{lR=JTW;M4zoXH02L4g+YkZf! zw3;?SPs~(bjk)l;>2d3Wcg00s?)CFOpt~;PmeQRUmc^>#$&#y{Jx8JMvLpBB7wy}zqx<5t_LDtGoPFEZRzR4t!bcTxUB%PyguD*EaLzrCgw;7#g=grpH8SKeiE&Kc}?)IHn$vs>i!)boX1OIO}KrEF+3 zU(bShYvP?%LJ{V9Q@`!7SZV-#Y1h zWk_X$3hQ&02eW=pekj}D{!j76$;b0s5XSNrEzv(KNtP0r1`bNy2N z2Y>w^8vaN5Z{xhWeiyU8Df2eHps$2eQ-y_a{*m$<|@{ivS|1)%z6zArM#QQ8{ z^LYI_=w`oYhL!!zQrm=+8TAcw{%pOznlFB}P6-PSOU|64)59L* zTX1c)m)@~EyJW;0|9Fd7otY%{fh?}kxzIpcMOp}nEAGRNj=csW1 zC*+&h0TW;S~{Wf#)ih-^}J;R*@I^ z&SXMj=j_VF>ubv&d^j~%*JIw({hU9#4_no@JpI^uYDw^_sWm*|(|$}pA|s>ZnuamEs|M2S-&x{pMJ2d9)xjrKz%gVoPo$8ise?6n;*3)~!7q(4F z4i2`q^$WDm)HOQxRZq7hGkMCki;eGN_s;KH@UeH+t3sV=pZA%wOWcjze#^a~)Yj?J ze+KW13(_(hi&j}a+bewhpHPI2KHK8OFJHAb9G^Dhz#r{x`>X^mOu3aNH-BwxMeLbh zev4jxYLE^2x_Vc9@7HY2yNB5L>XKha-m-6Be05DraSZFO;P1u3+nY*Xt4DXwJ`!=Y z&C%}b*a@C=YJ5~s%sYgSBHK3r_=0T*3Y$*$#nO> zWWRNt#KCDNVy~rOdgq*E$$;FtNs=0eB-@lDr zu<65phK{#tJFAP+bylrq^FPI3e`x2krJ~7oq1p2SA0DZ;Eq-HO_~6tI=f34zi|$M5 zDPB&ScEkPY2{#GBuj>)1Hq@9kSF)*rRLZ7=K;r@i*OkXg$8 z@4G)n1Wzv7Xfx~1=ec3Wl$ZYOdt7&>@pWA0qaBZbPMzQL`PcR3cGE3Wh4YH+0&K0W zPpxrQx*xP-o4g($!@A$f9%V)kHGZ!PNIAAUmpkOdcOX7_YN!$vHc5%a$v8cPFmBlJHAv zcWqj)+yleiTa#XYI{BZ0W9uD(9;1~%Tg9I4Rt{fax3oC-QD&*OXR+w5T=i|)%Rju9 zmSqY{P|5Vl+r~R&MnZGS|lG^PZzolf?CyV`>^Pi!&Mwj)RsYl|irJJ{ui$0SVtkLH&ko7uu zW5wN`yeQZ^VPohJSZ2nTb^osL;LS^t;f@BSFhav;oFZHH_mX%AIjGD-#OR(<*zxF zJ!WjKWv+KQp4Zr}d{rm6Lw|X!u%x|Ja@YNRAIm1My7^|urEjO_?+^K^&wEs|^2d!Iz7H4wsb29XVht_7B-ia%l@^JD> z%Qe2;X6v?Ua}NW79dw1nITsJ{YXC zE?tw&ksoAlvM}So@55V5zsJQsDT-RtbxGr-#0%|irGJMWrElJo)FAZn`Mq74>rxVK zo9R9?FA#|lbDU5dvd6#RyPb6QYgWDs^Y0~Zkj>KP{n6}ReOUIE#FA7+PaENwFVmyu zx9y27XT5ruTl*eUx-#23!_7w1RyZ)6N20stgiTv1yynefnNo>0+fJRH z=yUd+ZRhcOzpnVz<9ACnNP|&;DJVDm{0X1z70RuKvRRP4T1N%*qe> zer=bW_uUF}_xW;i&1=;Y;#t!)94x-BOztdj zd>eF3ps??2W`y1`-JOn;&zn^0&OH)(y1Hy;Uv*e|Pfhy6dd5i8Yx`Fmiv+nV;H`;q>k`wR!tKbm(go)q|>L2uiAYGa&t z-2YNw7ayC&(to$EQO?G@0+z;<)i#0xsR!MzbSg(?ac5byiV;6r*g27Voq2ue9p_eSV1l2t4wwPorW(hp^Yv!@ZuR^C?JM>*A;mq7} z&-0)EGuT{m=Gl-cD#HIQBy`6kz9TKi7cO7BQ|4NEm}bz_6hi zX1Q`K<9&AT1p2UeVMGq@rB@!I z+$>xY#F27p{psT(ojC_RSti+Ly=*Wzanx3s%YZ-1vR728>%DwU%CC!?)U4;3=KSi~ z^6dfh)mfbb!qhj!l^`ib^n>Jp3o3i!Vm)F%N<`$eRl(5_T>)MiQ zJuk{Wo(-LM_WCm}|7(58=3d9ARUH22`$PTFjawdD%r3o?sXu;n;fwoTALdKeo&C=s zYQtzVy-t32Zn%G65GTWXF5|!2Z%n5>@rZoPQgTd7fAg)A`g2*gsj5Fa@ZfK4R(Wdh z+OTz{HWOl)8O>d<)?X8{f_ZIZr@ug{NeT^yY{smhhrL?{@%U&IiM!)@7x;0 z#}QAiC~oSz^tJD4h8v^lL#h4kHq{@zLqF%geO6tX5cJ4qf?M^qZkN)_>$!H>N`Cim z)h$_>TX&Uv_2lN`kE3;yMV3sM!yg!L{72yLQk`{sR&(!Ou*UFYPD=R2ILVK7bJs`n zE4`F2kkHD?NmjMk>#e`kdCoDz6u8y+hkm%HBHH808H z?%Ti#!76+i8v`fW2(5ZzELWTD?eC(+Ei>n1#L|h4!QorFn}t6W8Q$wwdi17b+Up&9 zmroomk*dj4kiNZOU9rc^^cjgePMlmfk265;l5yXRwFyl{x-AiFqk`(WPR@Frm?W+; zYopEQ9h!4AO#L38X8An1>(X`OeXZInCT^E`a9#OPtGv;w?+^Z!-neUH7by8`XK!(y z^!MbCD`sudn_X^U>s98{cOc>4*4E16t$x=fMc1$0Ge5I%L*qQ{x%)g>S~h((Jva62 zonR;Ts(1fl+Ldj!&YUv}j8-T)o4(TbcGtw<0|%O-C-!h{p1bHuVnpe$q@~^O1P(9v zYPz^7LO~|@`Rq3zh37n;>^Qr6${)woN0&$Jey`>5_Q&|{$Oz!%!zyF@4KlhKk$HCinGjliWd~O>4&GtiVd($8J6?GT)S@f5_eUZ3a zW$}c)8|Oz|GrVy6R*~!G;NTC(+v_+gtnNQFZ+(09tE6J^s+bk;szdA~E{okV?Qqz^ zJMDP!>(GQ*{~6-1>+SJeDXj8+vbfH33rP$4sd+CqbeFs+zSb(-xm>+C>tLbe)DD)~ ztD;6blzA%DRyr!mS8hC)^+d4KLG@qYq-;&)Z7r1n$C=y>8Sk%HeeIg@5(|&-jo0Qc zjd0aJ=b&>~*>-iDQisn(1(rTnug*)aKE3Gqp{qR6&Q;nRk9> zWd5*Ral%R=bGfTaf;P&0*JevoFXFRGT5@Ndh2+=eCRv&r8`f03cI^t1F?ik+{7A4t z$mG|YK$+Aj4Tfj!EY4fV@L!vC!?IoJ_?DF>3p81T53D#cyXcr5uih7%#-O7`AzF@i zjxFm?P?!CEg)3m4=j&TbW0F@aF}bK1TDV>E@tmucH&!ZEhivlH3=+AbDnH3B%WYPQ zkXYd^BZkx4Uxuu^;yKUo zpKokVQ{_S1S8I+;y3@8|Tk|vHWm`HMiykX4%Ua#A%Hvn)&I{rXzO4E*XM*8T#m`FY z+mjktU%n1`cVSbCofN85 zl6LW?3oZNj4NuAzF?@Zt^KE!UFZbqcc3aCWm)xAYHp@xkRO>D4N!c^6tXpEg|7V2Q z>u9Mx{wty?mwwoBf@$aM+o!oJn+|fz6mI>M)?w?%b?)R;{pXpRH?&$jSouD7`$7HA z&9~$KGaS->WOUD`IVXSK@{j9;yjv!A|8!)uX_et>%HF-2v+ic12ER0$`VtyFJpVPhifUEpNVCX1hi_TR(;MOv(gy zQBTo#-A)#FKmBL0+Fjtim{sP{s_5+#ZqMB~-|Nz>E1#Eawafc)p_HHhN82Or4`$s> z8&B*#T42@sW%`CC=M~E257=#e6~9$(LUUMm=-!zZC3i5S$SpQ~s%D*CohTFZPJPmi zm$5<@rJNrM)}1@dYj9e4icGOTi^OBkltj6*0;4mr};~t#3jT=6GABY-7w?pZx6U`n-a-e=IHD zU%56%*f3c5_*CW{U*G#~P~n*DcK+M_xp~e>rVo}c_05&4JeQ)o<$sf2IU5P3-$}I{Rhv&WK}|%6^5`hP^VIaY{K= z;`f5TS+=&ZGtR5ICuFYe%nyzi;|*WI&qqbhEt+%!^Y(dKv3){YVI&iT&j_BD1D`$wMZ zsgK`UUH6}HHdXFY@eaA?vmVdAf8w;#BtBmg=L-kyvb>)bFdS#7*_x+)S^nL3p5|lh zQIT)&Hdegtv^*{I_hP7OutUCYS$&+D>l(aoGjsT=IQV#()s-zFrov&Da(S0b=KS#E1pD5ipnc1PyiZq7 zbChGBw0iopz5WlEAD&zMsJ>I!ZBq-kXz#3lZ-0F9c=_{sb@m7SL$}mBVj|q+jOx;l z>vo;Lt+87+aKUrolXU`rSg-ymU7@z{vA0{-DbBD6rNCwdyJh=&E}7WMJ8q1XcD}s0 zNkuuMx9V@!88Ly#DAlPGxVji#-dh`W`)$&zLJ9QN=CEhYb`;S8h{C)0g8b;I$NZmosnPl$e^<;-pVZ z51unytT>qBJde$BwXd=pSGt6RsYpjp4|9<!pe+27tgx#tfJ9(kMQ+dJ9D#6x$R2pX_PMfYI^DQIi;Vf z>d!2Ke_oThcF0pg_n@U@K)qC!T349x;S1dreH>-ntjsk_nY-urrDaBb2PaglT-Y)pcKYXKdSR!<7&d526<*!^-jJ(&Y3b%&EhZ`(Hiq?o@0`2$c-D&&UxhOZ zat^$npS3nQDU?%r!`tY8l6{d+1#%y6{I({h-))ZA(YNXz5yH=Va%Fq7B5oZx|1E@J zQel&JkgVLrw^!_n8!xTPl#^-F{O+!xAU|Dcsn_$MB@?AG8Y7PEkcdg?+wxjg@yKkI z7Lj*{w(UEpY{7ZrxZ2X+nw`emWvT+cb{2Xn&7C(tUpj~T;0ykjQDsp!IzKgEcKMq7 z&H5JmTJjcuOxV|X^H%MPj7eVW6sF{LtSDj$j~lz~tH9jWQ(xDHTzZ^T`0MJy<+oP7 z6>L6g*H&g^a+_hvo({gM>X7ZTRLUEk7QTt%i{eW;jQm9N{tJ%2XS-p_HDmN%uhF1Ao-xX%4JpI2{T#>X7Vx9&!U-}0;$ zA7b%Yx|rSO$_IC)f_kp2*Gkkc>r1J3OrFCSDD7gq@o2`H3s+98o%(?>@cP=U%;kwZ zR==-mB$Zg?RfYAgiOD<0mKEc>FzDFYo}-(4N}p}pvU{iK#-HJ~Ib2`ZWmhMAPu}^j zl<#%{B_zc@6wk1nipFC@MYl4i=6DYHm&uS zk6j&(tVvk$I%3!Q_60?k7~EwwUuH|Y-uWEet2$X{?%q`#zDHXQUhFvT6P{|9N#0Eb1O`HTJM*4&RSIS&KJL*G_ZWYLt4gPWzyJru2`T zKeom?Et77@udUA8TA#c1w9Fj2daDoly;T7pt9+Lp*3P|qnD1`(rNhe0rcB|V7WPVF z-Lr{L&wW3CX=PTN^0otA_j1>?_g8(j?r)fOTAFo7(v1WE8KfTDxc|0$_0i{2)W*_- z3hRnzeSPVxnwIe~?&HNjygy#r^;^BP+WX8gN85a9t@8u@4$bP6WtO5BKNMwuJ{`O5 zdJXH^j=Y-~Qkaz#mOdhsU)2H|`2-aB77{3zt&*C$dt=H2*N5qo&! zs!R8L+{_=VPmVd>TKceB{M>^kHtozM0h~PbQaXJuZhY2) zvkrXbRQXl1T1;HQyiO}+i`tTqMP*{C*GPq9w-1itJ!m-U*})tBbn@}BYU zyJ_c>kbZ5w)qj>>nzOEK^6th!<;UwSmp^{`vpT>j;nN$*;QmipX1f>!+JonT* zzO2<=cb@ioM~RCTdFGj?+gx#ruWItF(8^+)Q~ftf?%2i7oPAFezOFJ~(Ae{JiMgu# zy|d26MN2vFMw&!*Yn=Pd$>SQhYu8V&^*%xOV;lTxZL_tiKTc!#{%E1L*e&OE=?TX( z&jx4q{XKkrmfOrud$Zy|aURRp^EBsds+zv``Op1xeM6)g<#=&7AupN<@toF#pjqcPe81 z72q8udRq3T?QxTCwc_Sk5_3fJ_U)hRx;xLoHp3{T@4%Y#hUYK;nZ`YGQ|S5jXwK(ci}P7)P4-u$n_N=z zJ8^!`{m;{m`(15a$+Te8oJqEJTlW`89z5|jQmRF96TigTq=GB23hya!TWtyIlWvZ; z{F8V=?NW`W&P%-)cb*7;UB7ToOxo5NX7?w|^WR#r|JeD>=R_Z|JowyyY?o$U<>j*U z>AN@lY-Cqj8MAA0&y(bdVS2N(-ksz8vSxSp)qa&Z%ooC)T{06dc{DRduY5G?oI8&Z ztJ~(v<>$I(xN3|}Dp#gDetEoC&}E68?W9Re^XBw~{xx>XoU!fV7QT5~GRqwAY|QCN zZ@jmC?Si&j@|OL|bGT$CsU4NyxOB(Kz{~5jIG?hZ9S})db|qiQ=|qgoys6W!|I57j z^!qVam)INgI<_q5yZw{*!Z(qxJ5qa^D&*R?hBqWkI6LwFtjeDgj=7)iN#MG2cCBk> z=`@$M~ZzU7F`{M>O%oifKnLN6j_e!fg^6`u57@y2EYC zHidnfvvMExah{jq+9w(Dp>Wo-;*IzHI9E?yyp3y#;z`@{S+gW0Y8L$Bxw0=R_u%Wd zezB{T@Xhz?%k>pCXkePjLSt8H(bBiRicX@NCw{M8EhK6lR8%-8-DL9} z&f681U+k`y9lGPz7UomHue7ysa&rEYX8)}&osH-3oh^=9w)g428?#pzu||AMTe|y< z$NYs4x}I`OdLeLRl5|hl$K^}Us0Q9UvFrQ0cMe64HVt)K-KxJG6Wt{|AZNTKWX@3evg^XO zv{pX$OPwm|(z6V51y{&6ybtm&VcOIt@&0Y(r+6)f0|o5YLx|)txkT z;zqTFQgat2POw-K{Y^5bAVN-i-oJ}{zt7)Oo@8seT5S8KO2@04`wC}WbX4Zlo@={o z;r7J|DG8xVu1;0Ct+JDSn{~L!_E*X$rcW};;{1A%K|^{%0f)&YkLM-pSKhsqRTX#l z)A|0Kzgd6x-kbI+r70zWeZAMG&aXfBELwH*xr}+#bl;Dx4{{f|argOE*k-+(*t}p# zRqffMi`VJ0iSi)lBk*%wiNcB2CFOAsvJB1Y~1j8ZAN5fUC_@p zo|Y?$++CDrX*nmXDN^mM$0tt7FUP%hUo>!#eBrR_^LeSJH+R`>t{7eNoM=;B zv|!Hj&&#Bnxn@cvG#{(Jn!WnF%Dy)|zd|ib*(Pk7xv%%Q$dzbz)nX@KH-n{Zjxwby zp6>}1liZgav3}JC_2MVbCBDjSQGGMrwc)`Rwk?61RIhr}UU_T$F4EKT`K^WBl@sP0 zOPXd~yDI54;>$KAYgUV79DA_ii9mMLjj1e*hf77D zU-8_$c*?~N#Q>*o{~4q<%N|hK#rUZwY4d`K^X<(ytTs5Vy^-1OtA-{2OS#NFDP_m);J`nYt~p*IC<6^=%HXDKxt=HW{JJ*1 z(~fu9ZtXSVtMje4pE~gMb<{r55Bqk0_;>iNw)L3O7cwRWTiKa84F`oc};c=H4Q zo;sc%dwy&`cu#Zt-c1w!eN9!aJM-=9`k;?%_pU$kpMm@4&DXbBRAwCJOz8=i|8P6@ zf{kOgS@WYAPeME1ZrM@x;GgNG<6;}Xd77-YO|pF4QTLqp9DCNsxe`IM3orfU(+n!N zsrt_lef1w>#lhTnIe*q#J^as5_WHZS`tl#ekIwV|3BJI)C48eKQ*+PfxYCctkLDk) zUeCL9fBzQI%rz-D6*9iFJ(m=n{*agB)XK;6TY_>o=ZH2&=ReVovCX)WCs?n%NOS3X z<*WHy&ITVUx6j_sufw=u6}!aO^>!cin-^ZQDXPh?EO4JF`DyWao_$j(|cx`&$|g7aeh{SXGj2p6ECA;`1o`u7B)5ru}?)O>aSa zz^2(5O^I#lwwtf*&AWc^p3FzSewl3sM>>*KS+hc`Pv{JCu6jH!Z0{Mj~@F7*7Yx^mM(tNft&zHig+NnCmRwZBC? z;BKt-Td~{6)#qHF@WHomUY`|vs@=BI>Vu8v6YtzGBa?Kf>dX0c9ZpK?q^ zle>5My>FK+)n$*HzKlBakN4lzZCBQ9W!k*x%_Oy+IknmA`Mb8rEMJhMZ=SJwzS0YM zhB__V#}(~|#V;RT9v8#E^>&o!md1IGqF_{80RezftYd*7PP#n|aO;4A!pn zn%({M&SmC?KEoYXE`0D8tGha%zoa(o{K0!-JJNP#FKy4^@Q5p%9JhSIYr|JjHQO&a zY`-MJYGfH4uT|s!A-&N?{3Bat4R@i;^w-8lhRWGRS^6AxH{w)&6tDWvkedA~r0Z#$ zbMt4OZ|i#MH)u_*K7{LJe%KK$#k_Rz9t+j*O$FD?6^-m}NJ zIsZ|`a`A5*E?yx|JJuT>vWRiLb>-8NrP;>M{^~t{6vWtp=TWG{&&xO{BYy( zti_Mcx7zcU{GRd0yL7qktfN-bri$d|RX^JMhOaVgPW;4nC7;jd1v2CLzj>ywetB(C z?#x>+jN?LA{xSdI_~@)(wdNmL(G!l}7kB^a`t|;}J%gS6pMWjfub6aC@r+~GcvAi& zlhyC*6D#V!`Ttn`A^FJkIE8Ij7VO(lfa*u-5;iYQB#qgUh!P?8{fhQXT1aWP2BRAHFxnm z1D8oW4Arw*dF!%KSPA!s`$J z&X2f<*KQqL#(DM86Xuxgf2Z%um~8T$H@j>{-p1ymb^B@@KKQjh;OEMcGv0o+<-_fx zJ0I+bX-kaD|8V`-toUBt>5=mfefxHCbJ0@wmFwNL9_gf3AIthCD^)c4!kn ze^~W)}1 zr1oA3H{!T0sHtqaIUl^DnEhk_A4Q!lu*Y@?rwX-ff+w0{y@2*7X za{uBd{Y>=-)A!lE2oGBvel4ng(=l;jhcz6(9-DsEKal@Jzr1~|oY{}Y2NL;`S2(5a z1vK03P&a*EFI@kicUJ1!HMiEyo*`IOGl%E;l#1qmoU$MF{VxA!*lJRqshs$G6Fb|^ zpPOV{>Zf*@zFMBve<`2sKf}TJ{|w3Uou_oSzIeCA^FG6g{|rX@Ph&;TzYYGaT(PXw zPUgqf(`Z~YI$<5wAAWfJkNfpUb?+UY{)8@$d?m1rrQ<}hLRC-N&iA*q|8d=3 zR8#*WUBAi3bn)q=Jia{p>K$@>O4oDCHyn4fS!FfXBr5;jRk`T@46M9=cmMJJ?OEeE z@9ldzZIAl$e1_sJ`ZkaD*{nVU)e>$2z1&a_J_ za;^I57Peu_d)<`p>1x&z%ikSO@tMvTo-*UCWs38y6TvZ+b+wh7wkwNX6e->r(_dZBoh)*Dz2VxUS5mhhbNuPA z%)VlI#}%1>Nn2{v(`L2p=9{4Kne|MgyDV?ctblS^^Rl{S^#|qlXGQDF)+oof-c!7C zq}*(c-H}h`3Vm0sldNFtv8^j-_T>+<71A8vfJy(OF}kUHrtAk#XtE#(;|MgJ%19uB`pC zRyZ)yNi;I$T;*BE2fb;Zo`+v~cv1IeN5hs$t-p6H`(c^((RJ>Z$+3AAPgHNrd9s%=BY(%-gcjMxB@Z5Nt^D4;hy6jWe)!(2rLU*-=AEvc<8k;M-`8&u@%L0_ zmb{sIZuYl~kJlSYb<2M7ORidb=D~51NuSt?&sM2z|82GPc%x~q?|Vfvz9omZwm*+! zeZZZ|9K8Lb%rDl-CLat9JZv}jgw1ca&$!*0q>i|XEcy_=Hj?QFH` zy>s@%^24^_2g8k|`#Eb@oq8fLiRA?QwH^Llv+SlOKW^Q0T}L^(QsuB#PlE8Jy}J+F znSLy9{3jTD`;}|zB%4aboeIVA7JpnmiazfwJ-jkrdAd<*pY7{OQzbu3y2j4^`FH*n zlS_}T{?S`8@h#8BXIpJNbdN!4_4snWbLzd>T=?PJw@ZmDGtE01lI8L;mi|Y- zuAT2%`*lBG_L04(O&6c+IAOawGV1M?ouv|=l^hl?x4AxDZ=<>YG!=Ue)sJ$s*QiZj zab95?AIp6+M$y;(AKHCBN>|bR}yuY8GbiTb*{<;(1juhk4;-btbz?__A#tW)}!wjg(p z`M!v$Y;X6n8a*|w<-7W3Yv=x}b6C&jsw^uzxcJI~D_{OIh~7E;+~?97?+N~&)|o&4 z-e_W7JzF>bP(m9+(=L>SwHn$3Ozh4 z4j!$DKl<`PZdi78>Rl=C+j~n~KPv|1o_P3H_e|oV))S}GnXm1ZwbWC(RCZEMqQP;^ zU46fed*D-kZMFBS>bSVWj!A;Dgyk z`XUS$Wi;2$<>7S>?z-f$sl4>t+V%1kn#(SoTbO0I)h>7M(Qti}Xt$b^)^h0|wq1>U zuM_);!@Bs^-tq_Yw&*B}ZMNFvsCdx+P;p%4gSXbco2I#aHrx63eXRfCZwB#q4+=f4 zIWxb|RrOTUsvw_NcB($TkLGV*;u!dtXSemWXZ`0Kg|F~)Y1Gbq)_YTReueH7ir#)+qWJR5h%0%|t@_%|cYINpt!wgg`;oPKdcLgj z7kw#wCv$0M8i(btkPTVKp4xBG%{yf^ce2yHd5gBYtzG`gjGN~}<6gtvTZ@;y3o5fK z`KXYcTX5@+-osPt-g_OLcIp(vi46=7_iA7Gr}`rzhI8xe(4T8n4$9w?G(D0fpE~Kr z-Q%1p4<@mDebMlqrFJ@5?jPp^$MSqO$KN;BaCY5|^_07K-D2H_pW6k*wz9O^8->X} z>xz1~UO9Hb{2AdvNreV^`M1u@@R8}8>N@FG&LpmlUq!E-To!4QsMb@zC#!AY(%aE8 zY|{SD(VA*bVV2f2)LKudFJGE+|G`-q=%HWT*^lOLa0p!|%}{f|)K$H2*=}dqX|tC9-6p>_#dS$6clqu;HS>J}vkf$V z&qF9y&*L6~6J$|OXU|CG&;lv3W@Al2xn(yC!CRo{mrIc+AgZh64_fYBf zs!LXqyXU-=_UxRz;+1RBKaFkKm3|Djs%E|2+H1O&d3S-k<R0N*-Ie8@zm9gC zbE)^XrEVIx%h97dcnUv<>poh2Lbv3zvRpw~*wecgJ#QuLbg~dVRq^b~t6f#6^PYdt z{~oq0`MuB=%fH4kd!p}eH5OXjyYJ?@Q%7@6xl6C;9{RvOgFP^2>eR08eBEEqnYQYD z-TGncYGbAYUq!ES+?6=l-t%60%g(k_7Uph;?b58TO04IbS)wQ8#27bqE$h44k7JFp zyDbV1BFjIo&T_9mv-(_Z zwtej7x9=au3ua8-v}Kj~5nm%)=b+7(=X>q#FIN6=_D)#h{;82IL4xPCti!%Ma!$>z z^*S7=pS;3Nd7AyMzXp}7*XNsUUifZOO4@b{q0$p;_Qpx1wJr^1ay<9I>S{e_wo&G- z$q{!g1Pz`SKH46*%V@GrR*>$|3E~qwnI5poT;*Qbubup z4a9vC)@YBx>m?a zcz(KK@3^LHcEKzDt&!~$+_#&~UVO*qS54|1A(0|&H{LU5E1zH6b6ogErss`~0t{14 zvkXr5F1Q*oJKge}*3;c$ue5FZTHeKP2@2*Z3{&o3)i*WhMtjV(=UZc2w>9?t)tcbS z-)H#U-TwKXeMHeaq$5B6cQE8XWDW8b-W%FzI{H%!F39$U6^0 zZT;gf)Tl4rw{dNp+w71jPIoqbIa0vsWIL1SxtB2yN}=NraB+k&sKU~_&#s`(Mu<-Pn6qCp7VIt>whveikE7P zHr|g>$$M4&y=vBbArsdlnyqhGGm5JtPkqy>s6Mn${==PUU0s1)J#2~L&!=ThKXtcp z-ko5V>NZJ><$tFb+?iam@|jHHogODn#huGJ9Adi+G(T!evd<}Bxw!xLflGPM_H?X& zvYL<8^le{V;QX~2wG#|}vO25iOCFGY$v;(enpomy=6iFty_+POcH%hOvQ7q`8}EN! zzF3!3_;rC!2a7_ApkHTM)4sj0a_5^B9%W^elwCFLV2WXKoZlmjiYv>Q{${>du-;^M zyLPkdx`Qemt~<2n6uVClt%%wvcduN2DNjg~$mcIhCY;LKJ)1{!nF>o!Xs1~U0C&K zt*(FmkLr)>oj$Ic)5N``{FeEgFY8VjZ9b;v#v<>3Y`^^$e(@ixAN*(NW}SW3pjGAl zoMh9l%Ma%F&QkB%(lIUjz@>zI$@d|%GVYm7nfj=zuqAoo*CmE(hFu%;68CKX?Yr^R z#Ccj~60#aE{Iy+#T$m<@Jkd!}F28cES>BN2%PMgRpSB>*S6Q)LO&bLY*7jVv7*na- zxA)a5AJI<^4}vE>(Saa z4t*6z^L=J^T-?Yad~NoVBg%%X?0sLe-@Fqp4-Bw67TUGp(aJ@_yNvX6o#y*z9sJ0m zrk!lPp5?l??&8hj_fNchA30C6#ctATsV9#o23>3Jdp-v1eR9t1 z%ewiY+Xb0sJh`TOTPsazcH{e(G4I`zGrjLxZfjYn6}|Ai2PbdO^S-M|?_`(GSLUf$ z^*b(@#Ba7(FN z^8D7;pj{UpuT0mL^_$4Lv&VRy_>He?Pgmx;)Wyh5zP9r`{|l=(8x1FZQ%-2`_qx_~ z?y>(It;F^st*dJUdxG>#e2OCG%?ayk<(WQVOK=b4rNx`K|Bg`jCY$YbP2)kg^aghZ zu6E&yld4HyCqxwO_`TOKSh`=gVDa**L&kfZk%pUeur$_ zZS-7r$I*aKY@hsu~zUxBe4sS6Qj;;5^1_r@f?9x&G45A6qYk zwrsb2%rx=qi-rFg!k)~E=@AWH9K>(EpR3qw#f%)T=lz{6n){OMrn3C{KJ)j{*UZVW)q%S)dg*&RPSSEgT; zTy*!`yP0xRgWvW%Y&PIx^ZdHXqt)!xtlmRf=F@*X+gTfAT^T#|UxGh_)ZP7)EX{Q` zF&+zNUt4^ui6eQ!yL0@foBgf}Piw1NZn%BB*@aUgf-$`}Cce9|U!g>KZ;AP2v7p{_ z6^}NhHs^)Q{JJP{bB<|h$(hrg8>cce@Sj_8*H?bZiK^{O<9B!b>}e=FZ~I#4@7+`d zp7M1kboup`tjYOf|1ssB^hc2bn-+KD+p}3=De2Y?-e`qZm!kzc(mU4 zaytLV>xbNr+>=ZH)V(G7sqT+2>lvqePrLL`ahB2yc7^`+66;s|$PYq0JX^rUj`D=aktR2VWmg9Nt z>jSUNEMCr?dHKzew*g{Ke&y9yZ}Z!}D}KtFG$UZKsM^!p(xN>)mi3d>3*U$Td3|*P z$GQWqJ#0LCGfi&u-&u3Q=>GAEVL2wV*QN({`)xj$boitlS{#GuLLL7C zmBbw@&PkLXO?|mhb=RJyyOtM+-Fu&sv+%?nwmWk3qn7V1ys@^Z`}nLU<;x=vS8RHl z-T3tFi6F~mCKK*DoYtDtcHryrwb5Jp6O5g1pA!5u?@R0!->oKFuEg%y7EsmovV=F} z=B@nh%$%oug%KNGiS=fjxwbH-&q0*gPfy7%O5(?>jHkL8Q6E|F9^0uiaf#0*#>sc& zwx0K1nkD$Nrz>_;^mC(-FO*}r){%dm2U4W-|zA9%Cp(|%lE#y zpSE?okW9l3SS zNcKp*zwmr7`#X-GW zXFC~*TgotLon1Qh&6@bCb^cCTuN<16Mtmx~Hg8(+`m;@jmlj6Ka&e&b-Ca^5 zrex*fZGC!4EWfT?Jm#YG?{tQ;Q-}1jX$4NEhD;d3MdVIpbBu($88G2Vo%R?^IEQ>iZ=?Ik7+Ns zqSE8$-1GaI>z({9Cjt_Bdb-S%r!35wS#;#{tP9)9xXSb&zl{90ac7Z=q{?%PwcesE zvI~Uv7W>{q&mafhlM8{Mjs|J=OQd zZQP#S$@EU9RN`&u+KUa(SK6-jciob|wd4-RThFz;FPEI%D|A(%K=~Md*6S~~HEuCP z@>M5oEa6zxmdevGp;Gk9OE$?RhU@LUj@^=-a&?RPEC-~MGy ztl2T|={JQEntxtTUvSG)gkc*8^Tdd=#ut`MT^HT%zr!$(`@k{wwK*?mS-Kb*+Iw{! z4s7!bx~TM|fMeYxSu3|KpEil_P+F=j_1U(|@V1EZNygUre*Y#HHdm1wCfl}1w=6wr z+Zx?QxywCkGY?Wo<8ci9wPTP~Gl|Lfr8 zrE$MCeOB?!oAP2o@tk>vK}u{JTU(|0N@ zonfojKj%;BLrvAP-P;4azOFO#HuK~%m#&)ii~p#dOq++S()M%V>|LMg1uH^s+_Qe8 zAl#GuI#%Rfn^4$|r@3$M76r>%cWuoVxY@h>(`xSYr-rOnS0)}{IG63dVM^OU$tU_2 zvf6HEa%GrrE!f_${jRcT(JiC3r_;NRE?zX{Y^?5mdrkY+GCQd>y@j(U#-z=7X8z!x z>D3>3q0BsY-LsA!om(*X+`W^{0_Mr;Yx7@DTlxBIv6SdJ>1>9=*Rgt2i?>YTzqD$$ z@rtba^wlyhZXVC(%!)Xve{X)e(W#}IjBK^;WN-;oUwd)zP4f9=Z>L@q$+dWLEpO>! zw~sqre{R0D>u}n7Nr_)qD|G^ROq@S0FO#|EKKo8a@sYF2%O$_8>Hf^S&x)*F-i9Va&i1)h-G`uOVMljg~sK|5av#kB^{5qzbs9ey==duPWC zKFc-Ck2{|9taHdaP%e7@^*!}U=7p0#EcI$xzhbeEP4r`ql(uN=r1EcSJC?UDPdekN zla;wnb=QtEbxYf(bDcgfdYAQtP}{QbZ!DAY{+>4t`tB65DEGtf@bcV@t{I;` zzYaBxRkB==p4j|lb#HjFX0WHc%D*diA{(3irbl};om!sBetFiX`)zhQdq2F}D0(DF zprPqN`TE+wt7|mv7Czj0cF7ZoE8A?{ZNksQ$?uN#Fx0L&Wq4w}Tl=0?zvY|C?QZ`F z{U~a>R?obzuE4N4Ztvo(!uY6W<)*`u>$~ch|G1c$8@_z6cZH?=eZ21v?IRb(JmZo= z9`B8rJGVctwN#}_+u-EE1IrHa?xZ8Z~vmj2jrNZ@F`?Sq0ujetE zJl&~PaDQ#M=D}Lecl;`CtBUrYa(kDta}Q(xw5m|`oh-7)Kd#Jpv7}R_xcOYxlFd`k zXNAu!DEjL3=>gB@h|Q}w`KNuItiAi|s>}Cfm(N=)>Q?K}mZ}??wl`t2VAF ze48ih=$eInoJ*5@wUf@DmirU>x>U9D*^0=-KKt`kSGPKDXXx9Kb37?SV7&U2X{#Z9lwPxo9-nR+U#^aQ8mr1RdII;HGS=KAKhU)BokoV=4c zkNv6S_k|uT?_N58Ke&vyxp{Jzj>Q|5=AwD-YeQ3%b?oJ@t=X)1$@tR3f}TBc{$7_f zW@ZIX@!VWy7`fd`az^rY)0K7svi}+SFYR0}QE}M)!`a<2cg{$(J~TeL+I!>Cz?efn zT0Y#&xOCTJ1(Uw?u30}HAOE#?_mM}L1|Bbe%zE`t<4^L=k9uEA1#d017Ok4~;k``7 zv|P6$1zUcW`D?R%ch9Sh%Cnxbwb##5CF6pC@s)3)-L|ikQW?~@Klj#^OlReHyA#dRMzpe z`?jwn@|6YO9JAtM)t}XK$E@(ytn#Elxqaa?yjNJ5Rvj~y)LI~5Vc#3rz&?3SLDj5l zn|izFG&)y_OH9{!G(qo?abI@OnS5!7i~Kl|P$ zrGEA~|3nvN9GEnFbJWpZlM|&J%O)>)EbFl9+N?^R$enU6VRy>>3x&0h_gOqz((jgW z#iioFqb+{NjKWi*YLd(t#TzW-w$`5MVY_nj_)>w}Z%(PGOnjmFR`!wkyX!LLZ#|_P zRl58Z1%(wiSpT}3ynOGWM>=oMn{+kAitL=pbx`o-wT+iOW_dSV+QuQfLUYT+{$-hh>s-$< zaJ&9K&Z7VH34_I>E$>ygcL__@@0?J0Z^PE?8CUCzZg1yvs|uSkdFN?MmBL@A#AZI5 z6x{psW$4-jSKkA9=arSV>ZMxWFbHluVCq(VnL}D2xy(XVd*y0n)-~%~t2!k())`eE zSk;g|O<~@blj}oH9CACUE}LZ?-5U1P-EPaHxvkpqPG7eKOgSxoY-YK}HpcL0XH8W@ zbJXoxq`JyJD{JjMzm~;wsgR^z>XcmdSjvV?Jjn|mT;8c^ zsB*<@rS%7fqiN??oPI95KvaG1vH7M;7KrLzU#6wLDdDH~L7DWuN-66aC4BYoDU`}w zo7&U2dd|liT+8#98^oB@W?eDZQuuHO!v`&ig=~J`Rm4JyIA3W=N_J=*DYAIJJgUZ1 z*-)|4_N>J%$%0VB{=KupHm+A|T>i6l&o)VmhkiW=ePPLWi8Jt-CyT5_2luTDrPG+8B-J*&$DgSsj+=#K6}H&`(5W= zylRowidgdS^xHRvU)Dx*%l^ExbaU9k4*udimIEnibLYOOwcaVUbB`Bml=QedFFw!jh)Y_z-8=BQjVnkmbRlj*v$>#B8 zk*|A0(~iu@`}Z~O-3KuxGiF;&)q=QJT6g?!l)os94Bvink+I-~Cy&;~+H9JnY;is@ z@_youIU90#<~goSmKM0__U`2~C#B?bM(#^PW=c$!+WCSlJLDzrv|BsQdj&5MGMn)) z@qM`H%Biyr!){JVUumoLw0HMPj*kiH@=<$sg-lGD%C5Y8X~edTNk@Mt&&q8{xbeC| zsfQu??X7jr`FXuNMZP@lick<-nZT(1O6%;_C6}Eic&L06ZCR4b6{b-;F)Hcd#>qXQ zGjg|kelEU|5c;~7tGsT9#ItQC`+2r>Zf(q~e6)CO#4VBND#>eRn|HEjJifK{&6nMs z!OM)_#vsLXdgt}tMZ)3HmYlu+n|Mn|V7OuXnx4vV5Dg zqjk~5B94RWBvZfSyy@B^_u`?-2hru7CMMYd^RoKBp3M5s!1(oUT4HMPhUm$k6T;WM z+$CcbJZ)QXn@v-;uZQ+`*L0p;v%@ASl@z?qEk0EG{$|~w`<~IcY6=p3u0`MK`AhTL zqe@S0>s5I&XSML$tzSNC85|6}wDNw&weSmDiVv)jNO%%%rmV6sIO1Khj-J$_EfYUZ zTe`T$^kd5AOsRiU#611asY?9Z+nfBKAt}qA^I7Nx&VOgZj$|xv;H_o+SpO~U^41ei zuhv-po;@#u^@VTE=Z{RckH?93evvH_&$#ebddlaX>z)3pQ?=H5zqi`3lb7q$_ta0; z@3}MnaepkEcWcUZpXn}nxqBT~-;?^$TKX_w==ic%J7*n8^xpN!a=q+_{{HtiMv>EG z5A+Dmo4UUCW0q~u)d#cvq)$A!cC~1y`Mb@_YD_JXELXl3e${=R^+)j0TLxE41O>x= zk1UkA&NA!o_7>Cs3>zyI=SF9w%kX8N{wGlr_pz_#*tu&zudzQ)p40dB(*0MbSH`J6 zTPCqtX3v7cI5%UC51%cKdsMB&p1QAoRj0o9>VmUVR&}jBtX#foALr$ykA91i_RZIq zE`L|K%8upom)U=1-=^=kj(M8GzF^&9*NcA)KYaI@e57jWuQ!1cey-PA%J%fkz4o~+ zhu8RQtroFyfB3ssiZgf1+!STQXAEw<@gKe)+|PFZ#y22GRRp*JcEV>g%;lKOAu6 z(-!?BvgHTk#6Bi|xO==!;O5Mx&QQDedyD_sUaB#Cus5b+<_x=j8-|^IJ|gTkkM_O~ z{ILJ<+q4Vzoom*f+0?Vqwy0LS?Z?I6+CQR?$+7N^Ihl*<5j6d3|=1Ly4 zbiIG#-85$Yptwu3H-1X*vl0Jr{z#l&^O1eRAFbCU9yWXa;Pa)u{9%7**U8j)eppm7 zFW1Rr(lrLzHly0t&+Uc(*nZsKtevyF@A zbG(1+dimA5lWlxbHG@~Gs@!~A$NNKgZH4)f3qR%`nlEr9s-}qFjNv~+1@ndLt18wX zmFn$sUi~B4anrt(-`sO~^BKvL>*t+a{b{>~_I~B3+OEZ0&b2>YGGD&*KLgjswK!Mvak6QT^MIAHg4k zANHPaud%K+z8BZfFDb+P+UN4~eBM8XUDc*3b^#X3q7UzHTz{C?_;9>XwCj(V539S6 zelBG2Y2vVb{i^;JbHqiH-4bEf4}^zB#bm5hIcgF7I>vPM!%wa2gEqXr=^aw>zIUHU z#oyx><=?C{i z=Wq2Nx0l#wb+_X55!FTc7G`JWS=vbbmZ@>MxX#AT^sjxS*!2Q8{wdMzUnSOSt&5Iy zzqP#hLUU7CO8k~N@;A2g-IHw0J5u;(N54w)mGHJ7lOOMEeVD6|dC&NVYkJkEbzPt=oNEjZQ87<@ciSdw-U@tGrU?1f7UaGrbaxLNc+QTadg7P*u~PGOuPOwG~Nm+ zs#t4kJw-JkXXRJZGqN`ACr?K^*D!|WYX_eB~uX`f!%^zHh_`!X&eCF$??zp?)v@WcGk z{1)9m=8v+svpRK!B@H0B|adUi|J;Q&7JnQxC zR$J%3j`8H|a#ftVtN8x4{f>2#|L)6gzJ6q{((U*wfBZ8OSDAR}F`r_KzrMD{t-AGC z;?fGY7jGAb3ESPdw#8Qbk$>Cu!=H|+2q=V1-JP`H!}de`EE%^%AAB_AQ|@TVJ*<6g zPxhhsE!(>F+g!J|)Oe>?yfIognaTfk#J2le#CsNANxAg(t5I~^Dd8fsvd`D{tg)Fh zeZQ>RTkUyoAD-v_5on{jvZDULt(xreQfWqOeGAjWHI{$p*CamRRgS-6`cmMqmRP^~ z&#(zUUOtF#+f}t=U=s8MdB3{BxgdjPL3<<~j}@<&3eW8W*4Lj#_MO z*M4@t$e!#KKhh5TsPnyee1CParS{~w%t!ii%a3ILQ26ks?{v1@u~&w#W8L3MuX{b| z#qvk4M;CFtdvY_M&%R|2*YiamrfqzX&whB-{g*4VD_1J*ao~|L|Ie^)=ZcUiY3hOQ z&KK%fe@s90k7vWqzJIQFwQC;kzV7&NZn(#_Kgs2*ZomAvCTqub4*RIj{JcLjpIlgS zW&OL3sdrdnKF3Y|u-WO-mzSQ?BV4DcJ~1v`9~&0avQvHKZ2RNyc^%i^sYs6#TD4_2 z$ArS3EB8fgoIkAg-qanmt&LgQ#UO;wbCta4pX?9ThrWIHUz-td_pVv7O0s&n-PF&E zE9PB3erxf~$oqQ&-`mCRo_yfs(Oj>xC<(tTjm>K-ZXc0T{wRBG>f%G6qAPc{D!;K@ zxA@`oP8-i9*%LE9&0IXqjYBNJ-DE%aKj~L>%-7w!^1|O1zR|g`>Uq}}?%3qR_f+?H zAC+ovzjgV|XGUqG$AxDLlRomz%9s(FJL$)Kua6~{I!&|hED~@yFM6}aCS(2~p#v}X zY_z=lC$#mWeb}yD7pDJ~ySRjhvC`q(#prtOt#6G(Ka}p9%hRE^*gB@%^x>}kd#>ES z6)X9xzV*uqQ`vWq)OmMKsm)G%9B@Hl>VhfLP8_Svo^@r~r}MG%D)086b5L6nt#)Mw z`~1^)s%E`C9647cDC^nV2|F(>lbSmB#VwCR%(r&ys{3523C+oq3*i&*ne|z>-0k1_ zjKmFBQYJa=)Sjnxb$@S-@1mDS1!wwXU*B6b<;8MoS;5Q6xBrM{K9aRQ{5>ox^kQEE zr*+lD7`?@6TUY#8n)B6qyXq3gM!T=QAAUd1TUrpg=6%O3n|8js539fJ+WNes#%uek z1t&f=72ck8YOS4zS+1nXx%Q*KTFg?0ji5)K^rtf3iwQWo0k}2Z1BAc$aY>c^_QEtKO^!}*8dDSD=S==1e z*|!!*-N;OxRN406$&-JkFYf70%KY+~b)Q!co5hP-?TJ@QMBDD{`+Fy)Ij&W5S-!8f z%()3twndkDx2QBc|G4h@BfB{hPO|YiKgoVmm@$+%(X>*%oZ3HM(v z_q%fAXtBiKD~tCg{cyPXs^DaP@zlwdVP~^#Tik?qJ&{y?Q#EU*d$F``d**kmm~V$p z2XECh$#I-&Ww3fz4L9qdgDeXl+8Slg-90IV=QqFHRI#b`#x@gFA9_|T$U5pU&q=>y z+pKF-@}i{ujc%1#-oCYG)5%naZ`(b$awpHb`uf+pjjQ7`^)m}Zx2@x=y3Sj<^yYn! zkKO{#N{^K{u3cHZOY!K<$Qfm`Je=MOD!Is)Z{}KQH=p(LPmkT6`Ez|^GPm+FeTaUg z70G#|i0{koX+klT8wL1^XT9v+@k?_0uaMlli>-$>pY6;I_u4aaW~gUC)vxgMN0I7% zckVmPIMq=6I%eDQ+CtG4+xk-ZEsxu_7e_5m5?k@al)HPzI==bKHYU|y6Mh-GfAd@Y zC!gMmKa=&Yy7p{oYU=XaB2A7eckh(1$;kV6m{Z{Pw4(Z!lC=-Dxu*wC$~d6e6eIfb z>l)u^pY2)0!k4Oeaq zKj|{_Nw4AghY@i~S0}z>n`zG=cXfGrQR$3X_x*MYdMvm04--AV^hM>Y^I@C*zS_nz z_w^>8r^$QlSKj>*AN)JEXMxi@mWE&9&X3QE*^9lH_+#sH9*C!LRFn(vFA`OlE)v3X0- zItiH#>+T2bx}<)|{-NfFH}ShB^jiu4VcVHo?X&4B`?q7$eiY5$<9OrRh1xSq7lu80 zWWTv{@rkd&5wmugy#Lm5N11QO`*7t+`FbADk|YvRy3X(OR14m^t9)I@oJ&d3*};uZ zw#+|FKbZlkoC zOFLO5%1^9M{M%Z(<>Ef=zfF;|OlNN3PoDKDe2XyC4$I?F@BTBSoptkNezb3H-M7UF zQ`k;^Uw&biyyUOKhuq6@O%u~jI`&zAUHdwdljYrU(c=|zKT{f2TK;TWVe@U>y8Aqw zXDdI4*>!dA(m!;x@pjME-A=ETR~I*i+{zQ5ArW99 zT4tg#=Ze|ur+P)UuS)9AO`f<$F-1b+sI371uByvsPm;IVDeXK~RedSwU6jk~4NQ@4 znaPt^O+9Y=QrXQi!76Z*<82)#=g&YM+_x%+AM&7YR(vRK+XX|Xxi>`fUPR1A;#u|Ex*d@}H? zt)%M7yR)(jma|Q5XbUh3>C2(&!555+MrS*diqswcDc5@(TBy-8>6pJHaXDtvWL0r`T79mO*`ISzrL1bS5?fz ze@ZpB7q`AObJkJ3!9Vfixytp1AI>db{m1g!)V1&C99e&=sp8q*hm*K_FIwEOl6v${ z=?B}b>ad-gw=o_#=kV)N?!tgoFHWEM`k$diUTSj0<>but#|eB(zOVP&ens(0uItg= zD^I-1emI}2;&#*ry@gLUsIu&^v|atuzvVxJurAM)P!f9 zFE^h1nKN(RmXls5mPj>epUAr*!Ot%H>hu!Ds!vuSW<|G-#oppjJJREDJl|`!N8hb4 z(^^j|HXK}j?}%E@#<)2_6>$eAeXg2kp3XM+ta7&O^0u{6H{J#wmz3LjBg#=II>kJ$ zFlOCUjRuCZC%>+JojpmQ=E3tzyEOOmq|Mf|+QI7hXmjet_e;{13Rd0a%X)oBlJBT| zub0=cCZ{ER{~6Y1rOfTCdS@H%H94>5sPc+c)4hvLSeN%SUU{}__KCOalKA zY<0oRNIBE%W+U@dA6|m)00xkeqYp&Kd`O2ji3WtyQ4KfE;Vq zJWcLnKU4g5z1H7(CXqJ&A2)~o=q*&Jw&y=^l+z~PlG#+OmgniBoHzfJrF{)`_AoD5 znO&=OQ^}e=oO!b6!&u|o{<%e~r@WqZdh_1jb?Zyl`m5EvJbCcD+SVfvj$CxR!BZVJ zF-p$e_*vT5eT$VAy1b}hThjJCFJ`vU zIX1kNd^>CR=DvzAD{OS1oRupRXi2%&^6m8>Ws6nW&QYaaFV-AyzW;f(R=k9APx%T3 z6`>t3@2%11$+67}@wL3LK+oKKsY>B{3qQ6@iMKLcuCo;yZ# zX1?y6=H}NwuCd-(u~IRjlUd^Xs(_5=Q`1hY`#O8}!j8_sdH<%0ZoPBj_*>q~6Z^e- z&mO$PweH@rRnpU+#-4L`(3<1b>l}0cSj;9%%j1&Ek5(!@ul!XUq4YviwbABL$JUHT zx`HQ0$2#_%w0N}hbgt{qsWTe*48v5fy)dJ=?qK=8YJ2#>Z9rF`N-)Or2!~3JcKf;e{Bu(a2{JHb%qn$r%juaX82micUnSN7aNBF@Y!>(;T zEB&X=_jcG--eJOhpYPSo+vRy@<*uH$PzgUHr?DZHIb!Ffbq_UFd>l?Z;h7V@?~n3F ztsj$Jx(YRf54KD$Us`Ctb$(lpPN{aj;EgE3XUD|K1Mko3*lq0f@p$&M|(u4}_|PaN22TTmQ#UG%~{wI&sYWY&#wz8}q{@;mRwnWYr0o?rFS z?>UR&sdGv{_}>aDX?$wuX{>s*>czIGseivctDWdxI7#A@_`J65>mN;eWiZx^6kHVN8 zol!im4zHeb|Br}y&=20i)fLu<=CjvteRN&NWNU5J^-$jxM-L`$>3Q;fy+luJN8&7# zfD=|_kJeUvKmJ`_a-U&E^P}Fg+fSQbXgeB_e7cqGs(kE%I@2(-V#V;uj8*(mCCaCL zx@LLK7Px!IXX4sJ$0X-Zmo6B)4q0<4KzZs`#>6r_C)-Re4>kQk0vceXPiCY7y_s zxyM&5w4Smq>rTwgJsum(BsA`RT@kxw!;{L-_r|mf^e)M>-M3|_YVyV9{!_W7c!U@Zm@pP39onHF=c<*$=U!E% zwQ1X-qUuK*OrC~GZ4}tu{l!#C{Y2&Kdvkdl9pnAuzAP-)W}L?=F0LuO>h_MZlaj|Y z^Hc?mYo``)vYVQ06X(t2I=A+?lh%SR2dw%e=l9jhIX_(=N#3eF zU$tUp(Tl*HB@U-fpLmn4^vtpCr~kw7bx(38&)JxNY4h_5eGKPK-Et#E)>ycSs)JYQFKRo0-{`>c}TEL{y4n>zdPb^2!)@ z^pvcL=Z{*Gy|HTJdE3?NFRWEOQ7OO7s(g*?#G8KRW_v7`-f?Kl?qoJDlU=>?;+LQ6 zlC{>}DOq#ZPL%U$i-pC(b&C&A`_GUbb8P1MsDr!b-sj=2;%|SrefC=)yS%1d(Ge$O z*IrwBqdZZr`X&TJOHmPt;vx;*s-{3>$-vbLjS5 z$P{z>u=$C;?OGG>jNA97CLhn!JSp_lIHIVR2r|FaJ@J)?TXh@nJ~5OOQLrf+0^b>Hz}oJcCv12c3H2E&ndrZLB}bN zD%b5_!g2SS0LOoZuh*F$^>cSWR_SA~uyzoAJ!{!aW$l_d;pQt}bZp#g^i|?zl*7T* zy8cYpOr~$zk#Vz1Zb>L>2j8N-{KxAga?hH?d_FH9^=R4Fh|ZoSiLjHaW!~PLniTp* zt0IK$#IiN%h4G)XvMcu1W<~8>BHKNyFz4^Z>wmHrUc7PaK;PYLwv!GDCC}I9z2p)7 zbiX&{THD8o*D`|zc7HECS~AP@#KZ~(nXl{Y4sMitQ1NB$UbBCy) zBD5mNIkY3y_V;D(O(L5aCIoMFu3qk5%-O#**|9pKkeDv(fNGgx?jn{ZHGRGEWM;WvpeTxeqgv*NXliKPqk9f^J>;4t%%KNQqg)j zr~l)6ula{REHVgv8}a>~)Fh9{aONEr%T;D+UfuYl>RH31VwDX4b?nzR&Dgt}wWjN< zZnVRlNR~=le$f-z`vhlhR&vRnc-bUW*p0{hy}V+d-IkMilY%GR{e3n2wf1f4X`PE| z(s!(Cd(mcLYq9v|jTP3L9zEF?wrxx5z5ND~qRpumWd|)}wHIEJWqM?{Z|ixB8^w2S zZExlh&(E3Mm9|pqc+Q#Qz00>oZJv9^vQ#3m>&(a2H)X%76OS1lO%+{vUVY)`^KZ>p z)lPQZ)uC4BJV$PB_G9O@?Ym2Rr@SrR(I0dD>U{Zk>>c-Njcyg~OFWo(er?VENBk|* zZ>b)+bTh`w+c4+x+Nz33l|HNQ9+y9acd2f^np~*KT<|3PN_vUDR{%nSOq6 zablCu&egL@U$#HxJysQRJ4kEGlL^)uJGBODoKwI$W;oov?m`STnXdVG$F zO6hydlD_}PRm&7+<#Nma3{o}MxmFd`pEq^No_cc4v$HRAe048zoEAP;X*#pEEZ*9m zeOC1BwI{;uz0U5KF`?kb(S*{q0=H++TXI!0Z`+fv%kG@>7JeI&Hsh1=TgN#|#DiA` ze@?ho?DzBcRoycO9q$yMP4~1vJJmL`#K7;(UY^DoS8p3P6&Xi{t*h_&d?Rdb*Y@wf zxdJ8EC#w~3{WD#gGp8V1>12nre?Vb$SajKk%Kr>sFC4Gs4r~%vx%~Lpo5?=x_Lt_1 z8Mxi~B{f-GDYW!C+pOcZng;Al6Xx(dUdkEMcH^Xkmxn^hikW6lvz$V2H0*f3)_kY+ zuCQqvXQ%Lg+8F;baR2hGshgWmt~hyU;&GF!zXWdbSswqq?36)EL$P1F!ea@hg|li_ zGGAI56LZZq-{P$vzw@;f_g>ir7?~{K`*SI4x^^mOdF`rtug~&wKR!j|9h;x1QS((R z+htA9m7QCx)@C2=b3QJ5fs0>%-qlC{8Km|E=A=d@Ug5M*w%%czo%TCwPqujF{EXu^ z*Sl&wuh-qLI5kOj)t%z#VBZ;6zQ>-)7s_5;#8X$CT+X!PuhRqGGnU7lUuE4}UOFvt zl81%FpKPIrCyGxfZEFciXN~;KJ8{$EE2YePqb{$#<^G^dV%4_~OV+<`d$!A-H&Zyq zBDZ0s{WR^gD@lnQcV|hdO*j~GT&}9P@9IU}-M6DBOl+KBkmaj)Qdjqz0Ncfe+N^nN zSLrS?+A`N#>e;mAK}{a#u6Eq2Y72Y*bxm7``I!UrW9m$Gb}c%os6N5Z-(-T&iWJ+A zzG@REZxnExZ&ElT654q_}uI?pwS! zcw?8xg()%#%uxl3pEm4xwDiO^Lx(k|+9#j-_%`@f+{2-&9M{VwRV=W!fo3BB<)*73%jAdf9KH>MZ#6s+TT*&M}j@Wy6?1MBjxKIwAW z{Yl$Tdi$pnkNc*UYiSz2zV}n>&2qV^%`38}r#WrhEq0F0Uh3k^xsM+SIlj~Cxwhix zk&1+RFM(UK%kIRT`d4!Kt-5H1r%nI%^DhhvvZg4w><)Q+=jv^XMX##nEvX9T*vtAU zPfBRfgWfyEA*P)VFPS`Na{4r{_hr<+m_#WjzkAKIj$FHS?vc`3X(3z9BdV(`vwNK~ zQ|waaSDSi$3X54ZpyKA8BY}X z{Fi67xpZuEuKpPMbmF#_h>dNpUq@*y=?jgE`IfdvYS)RU?6OlrXFI()vO2xo>sj5M z4*8<@7`nw)5wJ0V5z)Bfj? zRi=kL+&qpI`L8W8o4!IsV8O&&-9~y{;#H0rWd+6uL}wN*R5cOu)at!vgs@tYsGcqZIyTKn=>$nTSa zO?xd@UyCaHqxqynV(njL4~>Pf><@!xE>Tz)dSQ>wJD*K%2GynOw)=e86L7FoS=PQK zc*|;!1>urU1TQbmcCFaZKhxc>ZYs~4rLt#cuQf89!ezi-bvDIt+N~Q0ANQ}#ezj}q zrfG&Nj@SIU#{2b&>d)C3HvddD)Kk1Jd2WCAJ0Zj<)@U`4O!DOSfu4oAf6UX%sxHUB zRbvutyL^8y%h5%f&(~<;`V`I3oq3i)74~33x8et_;U5t$G`7aTM+bysT)Qg|nB=}EYJLpaO?rYW2Pl%_pEMBet(wpyGf8++RAl%dvZ5hzKt-yr+>xCu+NSC z!nJp66LXCO=gcXb_0%-i_Ug&bO=gXu62&r~S3LS+zwl|!7hBD&UEas-*Lus$k-xN0 zNx0|g#b4G9zciQr)eLQ1r97pqz_8J4ZJ%aiqs76cEHaO`GH+B8aLX*PWLg~D_vP*D z*N!%e)ml}8r?P)or~b(O;Cudx_x_WlPn&$^_?g0eV%>vHkJp;ZByE~&svKpS6;$5& z;rr3^H$NYl$Gm4+b%mUF&C^)%?WWIJJX!XI{AbW)-?9FpZ}nlT_zs;XTdwE^xh6JA zWj}3 zTmSgy9`$0e-s*=p)i!CFdxXz={KtBAb{x|+yYuDTYM0yGCDwHxzb~wJ+3WLyOAjXt zz6(2GxApVQrJ~lSp102pShcG7y;#h({h9OmE7bkC#oA5E&R;w=hwJu-@Z;;b|HOQV zJrn-c{#)%1>!p^5uD7l~{+Itq*FBDpb*&u2sobsX4A;FM{Fco=Tqm&aLw?iK&Nq4s zlBdTQu-oug{rpvOHS>4h%e?*xb3HHQ-HM5q_;)(2&Zfy<@P~V#c-dt$C+*^EJ6`MG z{Qju@@ZRv>^#?!49xly0xNU-mLimb5>_5JKIPUOa@el9VE75*e*34P0dhpnr^0od# zb=T&xet4o?nYiL;4R`KT(c+`UP9=|S`Bu&;Rga$c=0%O}Cg*Q)b}_`7$x_jPRCeqCwucZbTvcGHjl8IH_NKU^WU{uqWz8g z_lEzSX7ZmwDs!Liwtmm6DhwWi2kYy$evyn5ycV7tIrnCrUCHVd+iJJ3syjQMe~)v$ z+4@y415bRKRJbK+=U(@3+CP$OmCwyeTIYUhVFlaX=tGM>|5j7kJ7Z6i;f{IFw)~7~ zsN1^MOR)D*ZD^!j+Pvk>8S^=w{|L7^E7veNT5yZRbQ!MC{{6eAAB{~raqExil$UkE zJSUQQJf2@)TH9#4MqDF#M~{HJrD*%gKQvshq*mAj z?+#0U{=9vkP)+hj-m^!ach;%ibzfni*L44>y6DSz?mwO%qeCvnKm51-(Z&h|r!~_J zd*AnI->OrnQER#!+xGtOG#^=!)QPpPnUBh|l=fB!G{=0HyZGk4gOZ=;x|z>9&FEH= zRkVA)b@z!vfvF4D_1kqn2wPg3Z+mub|J=ekTLSrazmKVX)>yvuuII8>(|o0s6WU^u z_AY+-pP^?@{DbVl zoc0$RUeADKv#v@6onGZ=s{Altpu#WOD8J;Iitxm)yw1n7-|7XXu3GlvxV&kVdT)*3 z+6wiM*)G>|ZdCejZRRhI$=mbyxl~Y;^DV$Cvq^ z;ltDl{lHn?tWUqq3+a#grvF3D{Yb9-qpMrrAKKqhCU90pEMEDPrN!H?>rMYIug{S0 zy8od$?j^tEv|Fjxn|5kn+cWte=j)IA>e*{@TJDL5&I^{=|3Nvb;8}FkJgKEx{oWbr zDp%gs`akY(pU?M)^P_WsKl96vhgkL-^t#8)TDi8O?@ja+&l`ok3wvWfe%#*wh;3mx zx1sRKz1~$)PfJfXtqJriei^%E;hP7K&UKvnwYm7Ad*6E-+sECpuInPr{FWEkeSI0f zm2YABN51&CcXee$-!_y<9+r>#yuYQ6W#@HMm1}yro?Dt6(rXIDZDxJ>&(K%DCH-Kn z8i$=+hG6u}eP=hHwe>vywQ`&Hy~$>Fg8%N>+5L!lyX3XmvR8Lx7p6RZx_1Aq%W*#}f2Y))pI#nSHZ?!{ zk#@$JZ3i^&onf@Dm-;xj+UN4R1iRc_o$OWq%-Pf88Gel^tu|oK8R4=y2f6qrEm}aZjaBC!by0*OjaM$e;b+>3#aw-nI2U z{O!4p&3(3oAH#XIeS81T`N#Hy`9Xbio_?vxw#*~eUu~UUI!0V6ayakxz9#muf5ZLF z(_2(x!vi;O5(bk&W}W+VQM5iszc-$9pVFV$^N0U4a69HN&3t}3b8$@V!c9e2Cw}bbgL8I=se2dg4W^*AE&$zxmIwN&d*}*^T*&U&?2eKXmcF z{^vhK)YGl~P4c2PmZf&{c9}l%&bl#E>Fy`_!uX}X*xxLFyr1JF+xA7T552nTQSs!Q zw{Gr__YaoMW%=;qzLUeOH3yS+cBeg^Q+`ML*=L#W8p}QJon6=NC;vKg{&Xw;Bl7+A z{IdHu)VQy@xj}+8wXpyCtzG*$>+Z^LwQngE-8=u-_i%4h-&dh~Nbu`{HP!Mrq#xuTxjyUEZ9l7=6EkfJe_cPdPU)1^-BVKY zrliJM&$syz{*P<<XOIw$9uKqFo&3}gEiBb}J^SL~1(oNsm$^4l9+wM>7$JDv^ z_I_0Mna0hXu<@4ep-%@2@9o#x0tqE>~aqyZOWRhw~5Z7kpJz(e|GqIBZjwQ$k~kMAm~k z%L;an%YQO?;>4~j-Il$x&ZW1{?78Sq@1=E@#Tkq8G7oYm;UtNj3V!l^V@CGKOA=Ykk)Fq zdgZbFJeRr@Z>8sFY!7^0FMj!taq1&}$y?bMUfSP$@wwrZ@-2xcA7k2P{%2tA-~5sF z>bkif#UE~69jzYu_8eDrL-yj2>3>A3zXg5_+2uN~gLnGGl1Z_f4)^@(oBI5a#Vg+B zVyQus(>G>Kx6}K;`f>Yj6Qf%`OviQRAL7q?z9%{PqfAHL;kwDU&fMNJqwv$e(EaMi z_-|f*oHkSBm;I67N~(dImY<`DY3_=( zH^TZ>*XCC*bh{v9)YHIURZ+3Sb6NSr`@1r4SFC*#a`!y@tj7(Agca~6Z-?6Fd3~kI)7oQ0_l&|Oh z^yhKYJ2gt>R%f*C+g<)F_279$X+-apau&*KPe>z!^9&~YDQPq`4Ny|N# zaGv<4FZE;EW3L@%O|c74SZ}AThh?3lYwVAb+d zoVTv7e=s*qfl3;;0cF!thu>Gdav5sp5Rn}C*IN(JGx$Z zow+*i(!EF0?Uft6(+qr#?uqT~vel|=xZ{xgLR-rteTvb~v%6(@u0)02J$d!A(Ikh% zJQwCI?kTa-7kaTNDnerMRo%3}3$uU0V{JeS3Dx z)_?-L;Bbv)2d!NfJA3m^t>|_J#8grwp-WppUhr=c$ zqLcdDb=4-eSK*hoJou>k_vkf=nIU{%_Rh(1*Y>@!d{ySIzOKkyKTb+lT{m7G&oMWa zy+*$33+KC%)2o$bE*R~UKce0Bap}_8H>Yn;P;oo)edUv0@2yd{ovls& z^!#TKdcD1>_xR20Ph0D9_@hq5N_o%rEWPZQ2^Scu&i1P1}lutaD4*7S}6mYqB}Q=XWb5%3*uU%-Q+t{G;A2mzLQ) z$+CMtcg5_t&Ow)!OZG2jKAY*wBK5RmcP7K0o}?0H$(5zvt5++XO;%(mDvaEAYuQZJ zOZT(%F7A9KzOQ=L>mI+fty(9AdXDsd<~x(k9k5X_X5)00$^T3*XT{%$nzHQCu_QIS z_O9dmHcd0S6yx}xfyv};QruB%*|bN;#5M^%60^7Zwrua!U7P(A3vT4^mEW8C+FUMp zB6so2$nMp5Z=T+#XY06jvGn3u!7p;}OXMq+_io$FH)GAT-%fv)q$^7v^_unSu4agX zwCvu@rAu$m`TAw8a!JaYi?M5xCKwk_zEQU9aK;M0r@!~wuKHqBnL8(4c`3hO;InOp zJzc9eDW!QU>%E;Rv8w0}8}DW1t&vwGRtxdR%~*5tzG{Qz^PYgIM{e9)(m4HlZ*$i| zl~n1>oW8}P84D-W?3q*F>#m_P;l}X=tGrHhzXznSFpS{Al$@4Lic<3>6Hj8!zpQZ;un|x~7`DaO3xzyXQxJc`I`;T~JU%hQTnZWaH%7 zvo~3BhessedQe~?w{>ySh7;Va?DMplB%kiGuSh8{jG7g)`2bIm%(KlVJtn4FE(y!o zw>nEtllfhn@@6bjq-tJFdzAy7(x7AEmov^O3KgxIQcG=9PFl7!7g?}Xy z8+M%2e9UDb(*8_kPMwKx;XH@X*KD)GC|RyI4i=R-@A7;yM2r=538j z*Sala(|m7>@1|Cj4We=00h|iYW~I$inr5+-b%WPDR=?b$3i+jmZ@bo?I&PY|tYwyB zT3Jx|ti|Q3ubNJu__8|au+p5L$7Np`=Pjw(Bs{B7IK`}d^YZ(Ci|1ckCLX=XUsPt> zrPeckR-b2e`CFuaJ+LJ0rt--hpQ^9;Ik1Q;E!H`{KFh7(KvRa0(hjcXD|}kQ5)&qf z2>R_P?p=A}tdV&BBYXdA%Wln5PgW0`n(Nr*#ufeUn%#=kI?_oKgkNdbM_rT;PRw z+bo?TFZJF(;UB6GnoP>vb~B;KA^TV7&% zJ#*IDyN8*T3*)u^*nYgW{9$iuPJZ*6+@9j=vwjI5j{5a#S53Lu`__q$%(hy7FAwR) z%0AsP`y@m2E3L1qT?J1qlei`}waljR_qpO5*H)cdwJ$-^K5EIilDTIi-YxrVe{G(2 zvBSR4@+q4>STWUYJ$*aI;~h^!(zY$@)x`Opls%i1@-F-2yScqHwxuUpKS*v4Q{S_t zk2Rw5>)&j-OT|WF&Qs4ZuDn@bR3-JQXNyJ3n$zODTK9b05x8Z=F>U_94)2^d?s8Kr zuPM*H-x@qGG~%Y?d0VZNcU@hUwoc+6_Y4oLvkz?8vPN?A`KmWHu0>~}G{jdP6g?9g zwK^}&^6R>6^CJdY>1H7f-iM>56tuQ+?OGih%ZK?)3qL*HyrK0-meppSSt}wpw+ov~ zrPj*H>s^yBYv?_!-uHE5#@Z*j0p^qYvOF$bK6g_?L8*szRe096OPwnF1eZN*u==`I zr{Z1O*`K9DD+g7O9dj(pyOIfm5L5O_kCY# zEo(5X>DVR7Sm9;1S`LlMMkf`XUtXL3a@Ufg*Fra!99Aqmxz@9!yZ6MInJi^5GBx^d zO^tixGiRH7R_D7iJ&!+GXV1>ouDz2`*mZ7CSFlEJk>y%NCiQS9>zN62L?;$czPEV$ z%$y1HxE>dtHG9KhBqr8M~JEHUO2TlL!NZfAFs^!M4Ds;<=@+s=A;Wt+i`AcHUSb$dnPgMCf2Cq1v3 z-6+c%;d{Hd=lSxzi4k`_SyCg4TqErie{0WF>zr@#LQA$+xupBkJLS9r&R6VSiwnZo zm4b@uUWz8&j@`6NdY)4A%HV6O&lm3des+7e#=O0+*w&r;;*x z7U^aE>M|2OZ)8RB?8=_*ujbCf{xY;B+|5s~X`y`CGnPHs)p;Cy>)LH5(RJ#pD~_p7E#ch8vj z?2)Cg#=)Z5AzUYSwl329TVQFLb7Gx`;hO`iwy#^u?RLgOwm4+6yUCN{s2!zgxA`i* ztjWCaMj`iw#k!`q(%Bp46j-qDO+0h<*<=$%&KFk;EuOtgy>t6aXdmPAW!YBo1`ChW ztb7u-^_1T8GdIusgykObk!(79d~LpHN%3C3`w!GRP5$crdhWAlcZweK@f{!hmsXh{ zsrYhV;)m(lACm(1)NFkiC$cBj`iOzQPW1G%TsOX)t@dkOdHd#;Z`;|;j^xK4-d-4S zPFMDd?T?%DZC^*p{_R_=yXuh=zfY;?p+7NOHp^|tmc$kbd>eV%#X@<)NA~9UL)X&|T|4HqK`$!kdEVnI z)w9n3F5%oNcV|vd9`nL=laFpbot*wn^ZB$#4NYp$r7P`T=x>e4&wn4UbD?9XPxbMSl0C#^Rpb1wG13k%-sX7+8h zcW!ERj_y;36ApKHQyfD17**t}u3udHWcS`^3qJ4UuCQ%Oj&3`*`hc8tf6&#?l#ZWX z&3v}C+BZthYGh73bc@4ip#$57f6_k!P3D@Psql+tnS5)vbah&~YRYkC(eq|iH>|>y zFCXzaz`^yr&)w_h=1wKIqej;*@Yp#@KA9Mvw4F_mr84uCkdz}!j%y2O9eg6d ze`)oZ-T#tyDy^8dMRA(Plb^{awF=WnZZ^j_%AHh$5-rMHTYd-0?)GM46^G7i4wQ9f}_`r7m@&&+>1{_Gb`I#>KG z*VZ=Ebit#UyHgIV;8s6-Z~XyoP3g^lwT%uK$r~8_^iZ~a9maWPyY$r%?d8gsCWV22jic4mn+9?GecEo9`hv)zTyIP}zB?qiSgeNhq|HFsXi#WP07 z)tQ-g>+`-07dPTGduXKH_TfLnt=wfEbIoNRFL<`s_^{%V&;YZ>D~u7Icit}*UbMM6 zr^)ECbc4jY{fDoWORZnzyB%rkFN!J9{1UF4lqn&?NK4vJ;GzmMjXjdP@F)OZFH%w--lq|pH zF0B_^Z?#z@W98Jq;9RbqOh>F{&AX+0q|tk`&D)hCm4$z^DkIHR+L(6g)N{?0SYYvN zam#$2Ntvps@BH()7|-Xn5u)L zlikjhva>9+S1c|_o>=vt!RpwREmt&xndSfOdbQPCamS3;a@jiRb0$=tjVUvjlUER@ z@!{2J#?X%9E06YUJ|-tM=~UP>jbGbs!uMwVD%n2K!1egr!heb%mgIA%`B~~Ql@%8H(@65_O?aRHcY@GVN zsPgezzvC{V7cXYy<(`X~S0D9q%jpZxb&A}*o|^n_*!XGBb=O7C-=?0Q5zgLKm{#QO zz1-^bj`Rt8uC}IqIvM;kRGQ_Jk;vqEORn}?`Z>t5M$Xc8EIQS)!=`-MnK%C#3jIyP zZU=4uETxuE_&V(I)4E7T$+wORZb-B#^!=Nv;W&@|rAvm{$D^J?pAVeVj1P?DsScTB z#2d70Lu!y=)CmR)r5V2?Cb+p8Jl$pKebzG4BjV@#n7?m3dM2tQFjaSb@zhbAlCa=_ z>HL)yb*J8#pFZ)z(6MJ~zt;5{bJj!ReFl71*SR0@bNFT)t7ugDCi>>r{rfIT(zv@z$RaLznP+*F#)R{omX!0%=;H}q_6s)>DHxL+BuEo&6BTOTetTi$2;Xr zevu0Um$0jM~HyyaH{?R|CPu6nJPWxurs!;y7 zKQAfG{@D0Bro6XQ`>dy&vF3x~vk5Cd^*TMDd1rN2)Yc>06&hmRs%Th}|M z@2g++A!VIftts1Qva5><^j^KHpnywur&nFKg@32PM`sKHk5+ zHvLq_^97rICzaU-&k8bpPGg4o%`X)cBYj&hs&7D zSG<4Ey))oRLl(z<-Ge5#!Z_@nZS7gCtiHeM)`kg2?@k;|xUsHk){V<24+M8LZp)4G zDC{Z!&meVe!{n?_1rE

B@RM^nA4C&5dN0&z=jV3g-0rMs(I%K3*HRJ#l+}aroQQ zq9<2woO z$@7n`IoWad=ZpGd3)6y@&&u92XKLQQt&(M2e)e2jWp&bS+>}=Dk7{x|&XQ8H-0Q^= zfunv|Yc6^0Wc_5D^{6A?ng5Z=#+yIlUj4k0s$}0D_4DA@r;#eVr#-i*`Bb@n!9L{$ zS8QzUW~oXqm9E>H{Zzi|R@}x1e;ubD?wGqTOqRFA&D`Mm*3)w4KiUhf<>oKnoGi1! z^m)|04VRvr;nbSCq!G^9I+x*pb*K@rT(y@Pa z{*=*?u(HmjwaZ?aG|2D0y|;98toy=9)7~x8vF&G$6uG9G7iW2@gj`ua>73C<3sv{$ z*LJ)u4lob0n)X1>FYDdbnzKbOE(vZ)ULN)Q9k-`qzsl#c0^zbzvm$wfr%$}dsbaAD zg2%sjqx21{%C^0fK6OK}^RcPXpUxfIEmvhc?@m22W7mw6Cv~rc&PaATS|r^QR=W4l zs!7M^-YLAb&QWW(@Vo^XLZN~3p zJ`WY1hAfqm%e@z~B&N9b@Y(LV(iq5iYXMI((*p07h|fDxo=vzbyW8LH*=Eh7!eYq> zCS3k=EtKVmfxG3Ziymj^&Ec9QDx_VrLs>Rs!%mM`>Fj!*2Ooc3`Q>%*q}Cu0^-s%f zJ4?*_bzWx6!(6(s^o|?zLB( zl;sdT?a2_X#jfyu(bJ-v8Gd@tL$vlVWbN7Rv*5jg@V!|-J0&-`Z(o~s_YCv%ITOQW zJF}gg&ONWxxY)aI*_Jn|n z=uH0e%`YRR=Js?LoxQwXbX#e(?UKfWk}o56_5R&=Xwy#17rvz`g}yIR?kKq}Eo^(m zvC2Hy>u1D5m4d=By>$w?w^dFuORQQgvqX&dO4*|0Mp1WGT|Bq2XO+QWHj%i17!WnKHJGjq+OrrmffAv0&GBcdbdUaa7J9F1^9bXQOeS2%OCSNFQHpw$xsVCB`_~+H+SNsYG ziwdf)+8cJuq+6`G^zepRc+Z2d+_?cUD>i&D&R322>@(@%1)-RpkCOxQ`rH&#U)US_ z8cMP~s{Fnr`kAckoAr9{4IY#{TkCXQd2WxNLA_MlrGrOydrdws6LxL-!rdpgpR_#Z zE)yUav|*drTkVp&^A2CzUJ@%5mT#QtxFeRxU~W_v{&o}Th`(|tC?y3Crk#V zyTk{{605?bj3wEpnK2bMN6)I8|1EyPwvQJk2J3b$6~8j=wEvw#=@jPEN$U1XI;+pMSSI^Nt=U+-sit#|9L zCk->dDs9PK`;dpJ=i_*Nf$5O zjI%iRvd#E>)<(0HLM~_b&w9G>YDCl8%XV9SmiBHGO?_n{xoYci@szl$rq`aZKbC2# z+uCR2;Ak;tf~B(Q#I>)tUCistbV#y%wlO@W)l)6`xM<+=JAMoAW&V04s=NR5TI<{l z)_c;Q-p8=bUaz$5P9FPC)3y1lHukhE)rcsVo$g<{+UdZWK0kNS=9O_rjw~u=Z}89R z{mNd#74tkl>fD~$buUHtT9}4hownqB@Gqq>%O{r~Pibt(+M!Zns$?F-Tj$z-)NAIi z!>y+o&sk&@Z9IP_YsX~Um8bRdpU0i$@zGKi_t`k{#s!WyS)w`3^RB%4c(i2Mykj*j z4RZ?WwE~`mI6PjektX}HT}zd}&+1p&Wc4do5@&od$Zs_wDN2K5i1pvp(93{4u+{&L-fN>EV98AP0rV&GD8qAKra0=9j4Tb;F*O^Yvcb zXD<0$eeC-5f3njo?@3k!6}jVq88Nvm-dptW-};~>Qx>j%m8fy{sP!E7L;5$* zKjLrQ@=|BP^`5fry`OJ?eN}aR-yfd8GgCgatrY!!`&Qr%Yr{9$%nzp@;dMIxsQg=e z*OnJYw@hl3ZayHl^=n>l{$kx-r<24p1HyBwfA~d(to3&3kJmnMZ29};YrCs_cWmD# znD=`D&((P?53Uq`SfcJ#=I3GG8ol?c?aQp&0(;HXugz~ec=FLC8>Y&oiE5LS#V#5P zCA0i`w4{wAK|LjTV)Id}2?nVcPWp8V~9 z;y-jBQTy({XR2b@DN%LNFI?LtY`PY%tEl$9t{Zjj6T_>+mv(6+Wd%&VcC2_QSLaF@ zm%|UgzvWzLHgnyQvR#+fDeqKZ)Q{Wu_4E6q`Au>9KT=nDY!_RX$UAkSTWFiV>FYS_ zABpRKSiN{%CqDB`;&z6;;cKHmY(Ltoe$1-4!v2x%hQi(^Pj>CNXX2ug`>OJvR8;H{ z?tQn#uHtfutbA1GycaDq^eshS+DT`}bN`Xtw6;L=5R4V>I0w&!hqTbpI7`E#Dmhd;~D+9_ZCWBoXEw%7jc z0qeLnC^yH1AF{vs+xtWKvDNy55u#?BV%k#dqh8dh{BV1GsOn8`YJseCim1tX)*shW z_I3E&x3V~ByK2K$Rp}eY3ZfUk=fWCEe#Os^^TxY>78M;o%)eE}Ivp}~FO{x6##?jvL4J?+qm$9TSAIQdO|aYgx_;~P zWBokYa_pNwlubH(!c|i9MsZyDhslTK*mfTIm6F=d=9V9qU1k0}@43;GQ1hav{~21| zeYKo%TlRMU=~({5^*4_njoP~Ox31th-@mSJu+Or;HT$5Q*2f!H>%?Acii~m)F>y3|^8G={`kU`N>$&$ySNvyq zSo?1N`j;27%qB!xss(T}Fg`c^;rrX=NB!Y{5zbrq<|3mBk;rO=y417u#_9;f(vHhdn5h)^X=pJPj^Z$sx zKX%V}>uir7sY}%6iZra;F?lA#R|%VN=HHh84oc;}Rb3SGCIXPr#rB~uwLyM=BoCGISrEw6+{DWBBc zqqyJ)8_VTCqKnsvnY|LJ*>Qfa+CtsF#Y?<-u63pUzUX10b@gsmRJLvRjioyd$}nj+ z@84vlvx)oU1icEjef36*)|}n2b+&Eux9q>G>mLe#xc*1MUMTlo#$$^uyYoEa-_81Z zR{i)s=8w*6cEv5`pRM??$VmHXthm>yL2P%Y=p9b!T5+`SnL;saDnekXQHFwwQcSTm8}G$Fh6cvrF$xH165IP5bDh zD>g~nd>{E5J)9W3f#ZQ(mOcNgeYPLd4?mXMuX@P)S@MbJJlgeE+vYz!ZL9UzD>cM= zZo`A?M^9b4r13uR!p#r&J4^lfbquqMR_%GYGjjH%?B$ni{MXx_zIV1@+1=oG^ZYE= zs~C7bj+fcCd`*^{bgh~E-9voFvF8up7khC}bJnBdzN%ArXYZR6uCmJOn^AV~IXjI% z{vS)xOd{%`}_%f&YR2QCn8M zt@>Qc=9)gK-_zkHTDN0O+JAd$o`Lz z^&`3I%<-8A_IMaAGkdhB`iT7p|Nfp?HJfTDJIs3+kg}(6^5qZfukrUwz1z4fTHoLuI?t zAG^)`ApAJIacjksNr(Q4hD#qmvqN%y){p#0{~0=V`EB3!K43?yn1c9on@9UDeBAr$ z$M%R_d;Qs?cg;K@*zuEDU37E)2kr;&)-H~^^V-TPGWL|w0e$D#3+F!EXib;(eR*z) zN!5H^`P$6Ut+G#2AK5UQpZ~v_BvKr52Hyo?JtETP9NRj@R+{87{ zbA9HI*55pT6hHd@@U{DAZ@EE4IpMml_#3u=yjNQ9O-_k9_S0!eU+wE%q6MK!8Ou3K z^v&ODK723nN-(49-o%nMleCm2`Yt@*S{C@D|KPP((~PY+8{~JLSGN5a6ZJ>_^kGkJjIEetd5WNyqco4>OQ?y zwNYJkVd=U@@>_itdACbw)z3|N`Aw=}|ITY$b3I(Ml79;Nd#%jsRhU^Op&Dj3Ijc+7 z|8Cg1?5cZrUj9luKF3g5_f@w1;al&UuShC6ylwt{&5~`Sjr*FcPxo^!y>oQSbF1Qd zw&~8@_?2rP&GkEUiQn}3rz!n2nnO$c1vAQxw4yeYai2_%yqskf7{4LgF~(3*1lG^%V=|m7-SoLzC# zb#{I(Gc!E#I^d;wR0|8|gU`w=DUWtlOh5GNNnGrKPbpjs%a%#!B;4?|ojoJ8dBN9} zOM4&GZ;f_symD1G?PkeZ=hGYK?0Wb5*7{pF?|O>G1vj75j_~x5d)&6~@XS#Et!Wjr zw7GAy&E@L(Cfl3qyzu3AkFauv=gYGBkNlJ0x@Fr`-Q{^RZ_ipb%jv?yuSd3;{hoV3 z;jzV<43pp14%eL$zxy%R{#<_l@4|OaHdY?ERXywEzAaZ4_C9U%J;f$2d)9|lb!pc; z+4jKs$M{z|Zk;AP?M~M6zCUg@&Z{OGy%o^AQ#EV-;vapl4^I!CeY&XTVDF)gUwPeZ z!y}GviO~D0wxvJW&Nr{b%50{LRKUJjK`Cj{{tMQvx|tg#(Q}3)rsnY8gqNFdtl?fB z8^gQf&+1~|jwAEacs3p5xOMo_T5F-p=84-c>F1uw0kG+*lNtW34t+(LgZ@Gr}L_MbtvV&CH$knbE9cd~M|oSJe&1ajh!f zY*%~x%nrD!Dt4=MKJUS-uS%1`ES{^~+@8I{J#QJue3f#O>4G=zy9Irja^78JR$r%i z`y21LGd9NId^xn|d;YR|>~S}b*Z%kJ2uV7bMKTc_?Qu)6M}a&h)fci#(odY!w%H1_S= zYWnATn1RI}#>dJs-`8e;YvR_O;Kz3HP}k$Hd%Z)aSBc(h{u#D0=9piYTiRm2iB<25 zrn9QpFjR&4o|~%otRf}S-H+GmpJi$i$ANQM5~7b!wuQ+Z`MR#-s7jIVD>Lr0&J(3t zjz?p*8RaMlA9ygUmuJDW$rF4%Wln4=TF%z8PW#5h)Xv3cmS{8I-WxXSZ+M&Kalb6- zosUA(dyg@$>3l!m#;o#H))bGN-NglyHNUPZa`9BzVDn`~?O|o2kx@jAW`@(m+yZt_n)f%vR85vnFl^CVNF(__3O3A&WH;d zITI|`pMQU2dDyN?`}BG@i*z}5dcN>ajIYS3YLVWvEYI_V-PXgA)yFqCPrcf=-*0MU zvn2!9&4%486*ukOpgn)Hp7Ljrnyt$->%s+}cRjVu&_1$t^{WdN^^QBQy$j`XlzSla z)pqsqH@c?$BCqow`Q~i)HBM9TzZ-XT_s8u=mPcG!^G7^UG2(~0qWxOWhqE<092(yC zFrHtqs!J)|_u*dMwQHtU)wgCJRCY6)l(lbmdA_Cw-=)<@eHzl&Uz%LY?loVt?ASAx zoiWVKSFXEf7fp0qtG+zyneIvZ^3Q9zt&dMK7U{jbRC(1c>5Ew#Pkvf)%(`o9?h2W;hLN}pVa>UvT7?R>%o(ca3hOZ$}{@ z8s;4Ncxi`K&fWfZk45qWFRt7bwtk7#W`A|ZOS5&aF8#CnZIS}tvz6A8MO%C&wa>4O z==j)XdERR^cY;9WuPaSSD-S+fX+7ziN@AO`jQqd728Gw!<`^6lxvbPw;O1+@DR@w( zWQopVl`ku#o=YCj>RmVG$>fs@I8{=UDweIQzFJu1U3_cF=fgekm|r@?a(&V`^=$Qt z!-dN8KV_;dGli}Oh~5nn50!3Qv1Fc+T_ju96)&sLpiNofrF`DaeChYEwRB16^1G+D0R97&1EO<8kRd=y&y^XluB4rvkR!nbM7 zSvN`T(Vt(T5#C91i=Td3CKe*WeSWRB$Hbm@qQWARpYtCud9*HShlP=5yg_r{*Va`x zHWY=kJlZxdfSq^Z>rnmlo`rXNzTDB8wM%NUyJ%sl?%dnQOAb2P>o2u_`zB;r6`$d~ zB_Bh3#2?;sSC%i&O+Kjgcg~yntuoIx?(HbLuwV8-x7HGwU$c&W%$qgq+`JF&97c@4 zw;ivV{nq2o&b04QMP8y2tL5gTO+5E><-wP;a_Y1v8MSJ6CRrn$aKHW(_u_VWNl8cK2kwbcyK0I~<|Sovepyqkd8txVC4j$h)(hQ*AsrI+R;#juqkk_C zet6b&(PigJh1(lyvmQlxyl|G8^KH#r@u1p8>J}2rOxu)-?B2_S$AnF@Pr=7YlWetTUUz+F%wXTDwuQrb#y_Rjz&S^+%(*VBvq|!n z`H7SN8Khpn`*U{wzH^25cIM_D@`zaRM_XEI`Gx0y+)iECqTTa_Y0vuO$H#l)Au;L{M@_S>;bheIsd3Pz5XUHXZ~aDk{2INa7t|{k~d#| z>gK=DH~WQ5zh1S|@|gB8>fTW?RfZCUvOn3!{|L#we&kcWyMHG0=5_u{v;J6r^jo_& z`}=jNIYQQRU4Q;(NVf^(J#Q`Y#kT8Og}AM|;{Ioj=B#e9&HSO}>qt&C10!KWCh~WPD=Xiq-R6 z-&IX-{30*@BR_EGrt5ENR&QmDGS82?+b0Me@2h+^`_cLyt23N@bC+ax?wJ2|{q@(e0iMd!inGFO?;o1gxo3N#?4c)m z1CUoUEeL9mGb9s&0$_{Ch;Gw zo~dcKe+D;L*iBt5_fzlRdD)%XJ>p91To)df{A@n?)mE)AlcyJ!v&~3na?fGxe;vN? z@~kIy@8pad8_&jEF6oq+QrLKd>)xd;JJuB4-Y$GwRx76In&H|#a+}@1wX>MrVeAV1 zaO&{RXUvU_u^zXA*=72&);?N3<%VsxUYf<~8DjHfx3(8f3MxJrcQql?D#Yxq_{}T& zzm?Z&cLuB3Y?RHCxijg=ytymnHO_B{VAT|1thHG6+^g4fLc)9pt-|6uk#$GT=X_fl zx#ajSXN~8JE{KI`oKCx7sVk7+Zn>)5%;EFqyzHPy-&B59eT>|EZ{d_lP&wwDCbfgU)@t1 z^taeu3|xAqW0|W1o2Am`eHXe9c@_9+IToyH^;w*sod>poI9?}meA|2S+iS)>*GO1<%tJg#_m77d)jR0 zNyn@kWMvE_U!N83YY&rJ+8=$EF_R@b%%2 zi!)1Q*&eW!$+BCncm5!HcVlMqKG)Q#2HaKG;yY}#7ad=a9abh)wQz6a%rbo;gR?Fs zrfXHscieW>m%ejs#+{W=4-1xSI)N) zbh$2{_CU|L|5`V%yLTn)v9%=|4i)VZ#a&N28X`f2Z)F_7{uA@yVVK zmWqU5U%C0o?N~3Kn_kiUK)>`A$|BeUw3%l#JS8UQaA>ubKMmokKF_Hrpc+x$(rPis!Uviqz6mMnK0!MKGV(hvEsIsa|t+mBB-98O-F zdgqVyN4;4-pI%&MVSXC4+;Xw+^*yBzS0|?~a(?2msVOW}S!wfB^^JSAF6?}ND|ODs zgHJV-^JTUDE~($%aP;=d^&;Jm*^llOJDDf!+4P2gpYhrJALZY+Tu5|Gd|bxulaomz>{FMR*7qsud|>g zfc@IiZRJsZD>-KSU48rHyh9&<)$@{P+uc|Dtx?&M#PN)`r@-HCs!rHPjZ;FNE9I^S zc$_wBGX7(-NK;@A;{@ZgYFkXhGO`v-^g6XCy=xw8W8I@k^@kSUDcpOZ=ljasbN?B> z+M8)HOgR30rF1*9&DRy*bQ0QSt)!;59-q2P;;^AbLd7!4WkJcauJo~+YTn?u>3FC) zaObTbDpC{wY-7FnOR6b$;kkQ z@s!1>rCb}%hVCe_{JFtaBYTeeEJq2^pz0U@9;@dq2#q>%EKqru;e%CkzM0M}7femE zn_BuL#z@anMmTicwP0!X0yajGi<1o2C*3;JaeH&*B{7B742Ji%=s)AOXMQ)&e{IS= zRwLupbA)eAZCv8?X-1V?d;hg%m%X>NSAU#yRWhcjF3=sd#d^=OzR9zMaRi7jBtm zvG~)4lrY~l6)b%1U6(hs7c%a*>fLH~chK&6v`@BS5{o1OC+s8$! z_h!3Ev~(XXyw!S#cSU51|J}wp0jnqfIsQCk?YpRZLaRY%Z5>^bvF9eQhiX!4oN=FZ z@MG817qy?Am=0U6T;z9uD)Y5NM<>`%_3H7zt2SSDXW`CF7d1PMa~f)oCw}}it7_h{ z8C^yd&zAIjJIWF6JiE+b57+stxl4Ao9FzFR{yHjXf^hSXP`9F=0U9q<7aQrAOwPKO z@SyqHI-Vx)Iaiw{k1@RVnZ~@ON!x_?&blN|bM3mVQ&&c{sA&Arj%f=#@HTW^63>!8 z->5K`8_$>ZhM9%MpW5)1TjIOT>>~TQCEusLV-}046P;WxWN0CCMdFmXJNNn@`M(1t zJjIy4Sgg1F$lmJPvq|E@hg!R>Z?~5Ti7IbgS04A_N%=&B8%F*%#i6ohMuj#pP9M#V zS*+!?^E>ifbnn^iccAQ{ z!gSx^;ZLeyl2K)7!2UtZvd*!dkb_c>H{_-PE;P45Bz?DyMh^7th-h z_H4o=lVt6Kk45KZ@<~@p9?d$at;H}Wd9Rnxw$pY2k`~7_xVKMv=@Z@LapKpNu2cKV zx>;h6{w(l&cxeV>o=Dnsg|Ey@t!$r&NgQR3cid6GbNlkDzK9D8&l!h(ui0r~vFh`K zrUL=an~n1XC8NyLCEmu|+r4DTrH$u*KHFv8^swVUgY9drPew=DEtprXZfsdlczsvY z!O7b#*Ja0Dc>B(!ce5q))+*7rU3YkAJ}5bw@H#3a>_pk~`=*OGOuhK{pZbU0H;;UF zoyYGJKKn=4-v<*XwsBZkzK{F*h}+^>|Cu`aDLI8w&SKc;jOv_OKRU4zYI>Zym{}q`D2&1 zYnLMLJoGqz_Ws(Ms~@$>|J|4r(dJgochmIUd-Z+xN^p8~N->LyI&!`l?Q*Wwz>08 z<=tyvah5ryOdI8GPY2y;3kvz%r#1J;+YRq*ZC_Nf6~4Z=s|ZF1aFY;*A@ZABV-vc~Vtpx^?+6v%d!qN}f%N zXi3~!p)Pan>=bvo$D)e0-rsf~`k?K0qH-p~Rc)8F2MpQCKHHw_XvjMq-J+5>qt-Bd z?Lo^&i@W&Wt@W2O>RE%SbI?O~~Z80b-g5@}`yt^(OlsD2^=h?3r+Njmve%6w9DBhbKpF z&wtv+RnG5_b^CnX^WfCjmLX}S8cvm>E64SeQl-wTlR(CkN7$K zP5YQ{ABk27Ut00^()kegn7M}~Mf>^Y=C95a-w?ZK)1LIUmwnk0n`h;!)L2#*o5@!f z@0R#-G*$QEJ#V@8ttI~%1ip0F8Xq3@_t0KFH@hZM$K|G(+ixf?93P zy}p^t9%WR-drWrOVm0R!v*_P@@9uqVU;kRjSNp8?+$WEA#fxX<%1(-KZP?ILcyG`3 zBT=(mm5sd^jv3BU^xei6vsmwa-38BbmFJUZb+HJEDPLc|HqE_Cb+X?5-i#Yo6He@# zBOi5n`jja@yOpj+dh&ifYUFL^qF(0oP1Gi6L6Ag=s7k6#zOq7(fR^-?T*>oO&rkm> zQ(|huug>`6;Gb6~HbmZOk+6K-w^c_fr6FPcDUOp&vpJSUUpCt$SNWge>$N=$g1viP zgEwvv`}pU;yt%8RP8~09%Xz@pv@tzbx9gL$8pm<#if1cgwjR#mi_6@q1;BQb}@lRy#6url@vEKHH%>;n2}eW#;+UwwRo5=i_tt+cHPc^Trp}k22doJ_>tz zp{`W;r{C?S$Jbv+?20}4!0`0}wQagPPfa}jeYMz{jID}0J6hG(Cfz@>-ypep-q#DK zg?n0`$p71$^lG;<>(c;tn?Tu<(>k6%-)(l_L96zyP3c#qf{twSU$APQ>NP#y$4bHt z6~`ZkY`MKf`}diz>wcBISyy>^<=Tm>RHk0H5vclnZILdE&aPx7l)k*lSe?RNpM$w$~{HW(&eZyR9RzB#NSGQ$*)wUO9@1FF(jtHN= z^qlC9gRlKqd|!Clt<`(GuwS-vRrstWM>gn0Gg~a18G3!4f#va~?oX80g?>*dSsT(9 zHj_tuQJTf`*I~KOZxjmtY7YI=BjbLI-*S0NqU6DIRulbaJM{Q!*9LjqF6r8N;z{|s z#fPKzc$pv9J69Yd!>MEtP_(aYtI6(_3jL=t4I3}pW}BVsIBHfM-nMR!?&@2!{RRA_ z&sc<2t$)0~>DsQk3BQhYE8TH%^PhH8J1%M0*3-+9cPgjZ1;*;Ne{>JsxYca(9b>nX zO)XcBJv(LSuD>!fciA&_c?;Rv)td8MCg(5B&)zk4-@=m1Ee5dY4~U9-sT;u2&`gyfdyi=`=#lIuk)mvNR#-RY^}h5ad_jr&ZZ~anaJYS)bQM{y1=ZO(3dOkMU zZN2ugPIyQCJ#UFnc8k^blP_;Mk~Wpu;FYab&@=t%Q=YvwY4?a+((=L0W66{y%E^q! zEmz-~w^rrUX(krGpYN~j%uSB)PE9nu)x+0t`CIvot+u9S_1kjS9=pIUBm6qx?vGW{ zp%$e<>^9%lDSba$y-brkg)uVx*4-;R9XMI!IG4VW>^`z|n-e3*6*A!DZ@zQghTP`Xm@^*q}Qi@$sWCaL~OqDS?(W~-`Ip)7ZQ|N z@Lcry=Tm3JuByzvb8UaS&3hA;^DG4!C5skmT$@}quQ#<)W#x9uFDvy`_eHc_?BV(P z+V{iTu9HGr7HqEPd>OS}$}wAf&b-B~?_+kUmBwzV+~2W2&im1GOLiUp!br30pQPt8 zKKb&t>%||}C5)2gagiM-zC7EY`{jFN^LmMMuBAuSg=hIL%Y9j1eT?Bn1=}uZ=`{;( z6(5&>81ro+$GPXhZ?ek{I`L>c;F~(-;$HQV%ueQo$9;-J^5-16$ui;ati9RtGg`!s zu~(hD#(kufJ?6P6r`WyrF9A!o)vk1NclK#K+{E}NE7ZZwbNvxv`}oYGH#<1v7?<*S zE>W7awKbf*NHWBg<4)NELt4cO$-FRuXcjNYjXPGv+>p%9k7mEFJEB9ir`_dwF zInIwNw_2*Ep5DDlz&U*7*{sROLffO1x4FdY=Q+H~KDWBL*YobIoyP*hZSFtvTfa8y zM`W(BkKR#(igVe=Z9G4`{Az3eJJw`blatXa_o!dv>B-%bt7K-ZF)=K>T>ShmpFZzPDf?d~8+$%{=qlM3$MrFH zrLU1A%SD+~Hr{|M|D<2v(%Y)H)x_88)R7r;3fQ;$KZwu`di5`O=}%#o){iFMU`RRxM8Km;2-AK?` zzN+hUu7ALfjfYpjU$h21rmEJg263!fUf zr2)10U5soZf-p0zSpW~s%5O9MX`2XMfu^k z*+;9`mi&{w&N=PMhl{6-yRLm~Z!*;vdU2ii!A_RMDbqUrqu%a`f4J8;Fnq`MZ4uA3 z53g8nH|hJ)dptsCm!Elj+LGbB%=Mkl63h9ki;o_AaM!+4mw(ot;s^7EGN+fz-wvCU z8qvI`Hv4QTuij(7J?3WZEM|rAu0O6n%A5PB`{kGW0=L(g^At$S2%oLY@A@NmAx3(N zq*KunKHh4JsLo^08!c|Ws+#}i?xWbe4r;hj$N^^*B5;)r~Gm2zs85#H|-2*3S|56@9V|5z=;Cc$=x5- z54~r75gyq2C3SAkd^79o^Z$7Kom*pEU8%SE;a%B>mD8Vc%{cgM+V#iV7FR#ID7L`n zu;_t98($e^zqrp;as9BJ)`sXQmlE$x?7cYUeVmwD(9-v6t`!!WAFS_?-}L;*)ypY+ zcU)Sh+F0Cn!~b-|eU2Kz`otC68ZMbQ&gY%jr2S=j(A72ahc`JddtrFT=fH~2%UwV9 zkI6IIl(HZFy(xfRym@@vh!^M#^b_v)k` zoap&7mjB3pzU7@WB7fw&=NsK&h_ip3c(0$cCi6$`>I$Xjhj!KN(tZChd7Gv*-;q+8 z>#h%O%L}}UVvhNd^g{PZ;XAJX497CPWuBUA>~#`V^^Ms3q4?N8{SR$Z=81ijo1xs7 zKVix0lX8o8^+tZR&gZ=MpW%>h!kbH{%2vc>w_maef9x;#>O*F{fQiK0)NRuR?;J7Q zJ#Xq8aXY)qdz4etlSQXUPT)Cl`bzlxVCkr$BJ-B>d{=BrAFpSuG5*N=zT^9`#lBPC zOi1A4t+V+Pd__9`W6G_b^SjUONjqlu&2#-N`5zkjNA5Fc&fjFVvwZ2{y!>|wpJq;8 ze|FZN(7s!~(MPv!u&|5r;WNDQY~S+6tnkY3wyy7vS^vB%m9(@*`Q7=8`ajgKABbM| zclOh3rW!r@E4_R?`?}cJpT{n#XIXM_eb08W-N|8Z@2@SD-|)RR==Fndvme@8oswL) zHaVoa%)(Z?{?Yty{Vi|ZqAmAGR`p9B&T(@8wEjhmx%fj-KhNFrQ<6VbZCC%ZDl(3{>{>}TCc8@p1COhVcq(Jb^0IVyWY8O zZCfjuWOT~k(O>qMq^*=++(om(fK!IKw~qJxasJph_uTQ+R@tk3YWZ|a#phCi$y z?eDEq%buHT5UI#(((;)30)N!6*}*?JKg^HZG(BG6*r)Ro)V?TR+GG64ci+wr_m7*! zvHmDsbK<*H*R(0C3#FcP{Ymevaa`Z|Y7_`Y2aXeBqT6tM* z$>z&BrgPQew;Yz}S*USu>XZ3$dqN+r^*&ZM&uv%8jOMd>{0dbe_hf&}FHC*#GkM3p z^y!%)&eu/uK#Zrp#<(nIXq@ng5{?s=8kKc$=bN99`no11PQ@q8S8blUL~8@As$ zu;H1r_XCk@`8Elr+ONf?S@+3n9}r#ts9xH4NyR*0>%(TNIeN>CR(Pm6wBMrhK4w>$afwHFqD;C^VfbV-DJ*^G!8 z9392yw<_Ky;}?mz<-I~Pq)XtSN7~MhY~34gZs(NE<~}k{LF&vwses*f&u)F~?<$`jr}*LOnQ7-# z;&lYv7p&L$px-nmZ+=@0)0u}YsRzRr#M*mL6cBB%Rn zOYL&s7{}a?z01sHd5eF+x~Ol*LoSuNn)#iSS|*;Jwfd25b)ebGC8j42|7TdEyiWVZ z(vmeXnxBn#{RnHb({Q-vBd~z zU)|&Q;oEc1?N07CDZj26-Bev9u`p+Isom5y#-c$ww=@?YRs2xhkk$#3D7HATyp*782I=el=xb?mGB%)Nqsq0<$v^|e3z&%jbKF@5$C zs~qpAUXIe%#V&?d9`E!kvdf>kF$+3KD z=Z}WZGVA6&H_=d|x5+kaw|{%Q*qbG7-rh?NPyD>{%c}47?0Rc;kFJ}!^u&hdPt9l3 zPJcKYeR*BjJ8rkmE1z2*wwvynqWWQThQ;aPD<-wkp3_e3-Sd3fDgKvXs#jD5-%paM z-=f`radOaxO$NRxp0E6@q+XQB)}Pz{+w@fv!#~Basi&XDa{r2bdur!YzbEIbcGj-w zb-TKDiPPFYx}k5DY@S`PeX9F!%SDxs8~x-RVa zP8b@6{HcST8AUWw83!vZb}9Ie9EA9$PYPUaR+TqUXMVC&nE8dV5LFwsqd7*|nzHQ%x5h ztXS>0bJItItz8c`?fluXc1FpQ*{(BFn_1aUWyuRGM_KH@IW6pD@{h}DA7i(kn|0x! z#>p51QNzrbQ=Xd}t}gDY%zHSc_Na>B?X{^tjD0+xSFb*%==iWb>%#R*9#U`n94bz- zE&EZyX@8H!gmf}CQS^w7i zb6TsuiyNDt7W!s-uY&ub%Vq~tf03QxHzbquuD(8GxRkkX$-2~+b)wg7+;~qtO;X=l zwu`Sb_u*}c2N9h)MbCEm8Xx|ZH#2A2HJKH$XCvjb_Pfr0vmt%?*)Ff#&6-Zn%^!QN zdzT!%TiJfOX=5s*P~JAD1moHoL(; zVe)m87tc$Qoa#(&EWbOa@n>+#)UJ(>SuSUIOo|M0@GP7d8v8G4=?}IUm-ODOd{uoV zb-Q(CdryI@m$UlzNeUi1#q$=eyL~76ZN6c-+|4!R_cwp{?XRjS_ONrynNwzROVxVw zRXgTa*Q(NcbW1snR`ML|TF&x0zO*9kXMV2I{!Rl~=7f23!k@bzTE0_GF}ks+zU=i* zcBh@|_tr_gW_x{jf!-MV7-QSmy(xie;_ zYD*kvEXuyPrB*j-%dO??`RtP(AutQ+_hPF9mjdoz|NMXMW;@MTP|PI&~r63r>EKd*3`P7o4>+3 zBThZt^dt6a(6etQlezVOK3hEN&s$|%ZL7+#7kQE_a$DY{-R)H@pTFnOqIu6V?(S}m z*mU1N?}*s>z2SSVr$$)j&COaYJ=1db$`$(4$_*Y|(O-94FJO+`)sxJ09E_&OT?V>GI8+jGkY4x#Zg7d){8`SFUzfA9%U{jKtd*(R=Gk#RX3pth&ii z7?!)od&T1J3gs{d%j8?rHNB!_x7=!SmV2IOtF`>w5`RtC6Y3LVjvm`ySorB=aTCAm zGRJk^f_6CvdXi^lnepZFP0Ec-NNzj7VVU^lD(`Px zekyNxf%{8PGRvcxCMQmBv|uU9o>!aZtscIkxXp&E_IPKme8&AAKEI5u2hU2Kw%zsb zZC`P~*@}(APrto=9hrPY?6P5(c^rFI=leOk#S=mv1bZFT>ez3$Ax^DBkIl_6@_SWx zM})@7H(FcIzEYYN_WpIK+{Z)Hl5elIHrjbvdB^VDHEIFeJ;gEi)+=t_`S~7x8 zU-&lQkJ{xuf=g?3wtQ4w-|=x}_uT0PHghcxK3X{ERl%eS-)u7%eiWUv?Rrqku7@0N zvZW7KUA`TCa+$ZZ$AxY8XJ4ATJYIK?c6q-3jNZ1#v(9`}=}%nkyeh)-(>n2zE_UZg zKiyfEW=F}kw|t#;`DZj6d*}XPIv_8JJ zD|wOSl6Phgo~gZ@cXh6bv%DE^+&rJ-2cE6)mOS}$zmuIrxd=7(eKn< z)EhZ-C$s#yz5HQizol7BpWo9;7nGk|7Cr04r8#}_@e^ItOl^0rSNw62`%cEX9rF5T zzrK#UxH{_A>8wlJC1iT8_x#D;KFL=tWP6c8`>#uz^uF7$A28l~{K#)xOS@oWtNFp# zw(nsT{Wo>h{e5m%_7-@`zmfJpW3gArY$5Km`_1>3ua%0*vYI<1sBe4!j=n#$ zl-8WL7GHShM(n+qMR#2SC-fxm5PfXF#l9`4WN*~z@Za%sZN6VzU*~XP0=(?s~;>Gn}zPzF}=Yzsjt(_UA?uH=~UUN2iKocAnJKQH#3 z2-BLviPu(}_&BfHAvf>q0%ninxf`wfoo}xVGwVxHNxmUfeqqzny=!kyezs5fLe6(~NA630+0}MK>f=p*OX<^ZPhCBov7ooiGtZ4t zQucG8(B05YJP3iKCgR=b7N+CnuX*jMZ54F4eWn?)|Yo@$A)so!nwyb znfm5g6zE1vvlr_RcTZoRwBf2z9W(WvgAHYLXidA5czBDd!L z3Ciz0tykn=68q!qTT!0C27lH5taZ_yH@;Y`cbUEYL-D7sl6LmMYVWBRrs{b z`9d}E3`&`|T;q)AUERLC#%Z5*`js0TGdIrpr132$@0!)l_ZMS&4^&P5aaDV+o5qKI zX}(4K6h4-?&OR~c@4LINZEGULjE#5NHLm!U)2_UJ($DCBQKgn=)3+@Yx@$Z~z*c+4 ze}cmQrX5#EzP5bggp2#jD+|^f;`|^{`fbfj^__f&0#8VsHF|zz zno-oxNq&sXbE?8z?{_YmrhnI7ed773O9qxt<~zG?)vma*^Q7W&uQS)quIWgh+U9Tf zW6eyPd>+g0j90}IL-f9;@8MUN^5yZ%s1*^tPOl>D6Kxy*ZIth~WyqdwmJn=iu8^3VR3bXaDR zb;v#GOJN$`r}oJ2o_Hnf&GhRZ`IT-lZdtIRO1ye8(>tM#i|%aa*aNSvh;e+9e)7OM z<5}0Ps_&fT_W5GS+s90s-X*1nsR$lr6AIfo(B>?~|B zzPIesGO3#V+3Zgx&hcidmSlUrsxp1Hxpe6bchf1qYj*x;sNA{Z_N=2H!{4Sph-dwA z-0Q=c?TcJzHl3YvN4)Uh8h_!6d&h%6+}WkyzV?>)$%AZ8chqIGxgXlUIavK@ZkY7z zT(0NwSEIQKTBl0PzqCwnu#Q?@w%M9C;4N3(CmlXCb+KIRCDRX@^s55;qDL4 z-|UaLx@X!owH-Sr{yNAtZ+~m;{tx{BI8UzeXUh7|Af`9zU;$UeZG}7H_b*)EdFxi) z$^DyCJLOZi?7H&6=XhR-w@L5I{-{^WJ&pU8ndbEO*m3`7IH+f*^v7+QcCY%O{|q-j zrkG4OzgTvDZ*B5}{2yxTo9yIX8gB3VryO~krKhqnG<h7Cs_oRLlrzR)yDJxxd zdw*&E*1$5yH_vq=U(Wi^@JHl7!=rPnme%loP_ou2Zkd$w`s=#1*Z;Vff2U_DZ0&FR zvb)01?U_v1$FEsU_*-cjRe+jqMAq=?e`BCPcO4;r!cNgjS zF_(yjs?R%h`9$kEwu16>OH;lrw@e}`B7RwW{@q)rd7MG&_|50GMj=Ak@&14JE)kga zk*_%`*xLWyvFxXbrYC|P_SNlOwf4-j?6S_!O_h?bvQ>3`72BHJZ(Nh#+J2}ug?Z%* zu_ZfSxJFHm{5#L4Z2hid5~_uBn%H=20xp~g@K7zWWJ%odKHQ|X{>Zg6w@aOl`k!#m znrW@^{u7rsokh z(|Eh-{a5llCf#Q*9^Np?(&Ew1v)K>CI#=Abzjet{Wy{1bx3@krWGP^eDR$lSY18DwNedn? zt$crY|E>KGr}tlfGi&aJjk_LKc^`im*P3hFwl?E>mF}P7!&gKSvZsYC6{|9NeQAZO zlG7x!gDvV3M?-fy%in!{*)${n_=LJ8Tf=wy&e!QN`>K9zndV}rIem=UJBlxh^7Iwe z1^8L4RO@wQC~Q8s>e3GXnSK6Mmz2Gph^x6ts>pm>C2oBF{!g>aVM|=Sj#OnReXYYp0gJ`^ki?T?e0uxz+uBVL7kO^ip2f z>*rlgeFxzU^ePfbrn)jb!X-Zu5G4C81=CFyACr)@#{C#_M$TkCm9Y2L_`f4@v zlqx=zJ$SxywN#eDWXlJQlYIiK=9*1oa=VfLZ`xmNRIKp$?H95B=MOs-!?yIxwrNa{y7>Z-lrt<`>Gw;*VUs*Kig|kr1 z69wn4+nY9(bPJU#tkq^ezM5Q$m%>8TKCdz#O zlT|ULUi_iouZWAf>_>X+UaWi=S2oLIvci7`t4XFImL|<9kzogJH8pv@_HEsB=FMM? znsp&pRT8f_9TC##*r1+kvO`|~wZ|lxhZSEJDyUTQEA}g`-m_v!Q|6ODOJ~f>+PukR zZt>S87cTA0GuU08_eXQP(7Hp5*Sbw+Fk89e^rYu~S~-opJZEOugk&=cwWpns-5AV! z_PmG)vrT_iElbE1g~&zP+duuuW~&xyE82NdeVO)(h$T}!T_5ljM}CS{I+vosXS>?W zRC>;zZ7)_O8h+9?dhT)O=&9?T#W`!9_J&m_Jbz{yXgr0_IN}1c;TdJoQ`vDMy*GOT zAInXB`D^N?lXLg(c=>gW_FdzujatSxE^an{y2#CQ! ziUqXNpz`^F2mCQjlw?i1EJN$95fdaol}_qe~03M<}uI^W`KR$^L?%ep()0}9`$s>S{LE5v&EKT2LTVv-?h6-b9o~9k`K_IwmdIvnhi^9* zl>PB|uf`S0O7&T*%d55D@qYJDbWZv7s;Ew3dyecL{`jb;rX1aQz73E6Gpvt&x0t0^ zSzE8-(av0F&y3TplIQEsO?{U&b>h=_0UIU#{#$Do9sV6YBWruPmEkn$6E`_>c&=Z( z9>sN5Qk~tfwlSvEF^2vf8Voiac^A?uxTCXxq32IxMjY|`9(I0>-KExkn;Pt z^=8KQp9M#EtQY^#-cjbVp_9*W&a=Jphi@%QisadoJm=fGlK#q&J^l{ccB?P*u={F$ zt6epIYhtF=&e>VV93@_dFWD1XyZrL!HEBJSTXnow&3VdsuJYs(U;oNmZzILcKQ0yx zJZolsctY{f^jx-W=8LCB$nM+nb;7C#A76&(rZL&=v|L$t!Q)Q!()1L)q{yXQ%h_d0 zO=p%CobfhJzqDk>u9L5C?|&SUHofWQl8Xi9@*+Ff`i6(`QB?lXHJHAllz@>%oTy&g9Eo!!py zRb6f5W2?uKcj8~oqcPKW&aGA8Dz8ci zW4Zj(=iqtC$6wc0Kb`qWy6e~#-6bhDa~h+LDy6(}(G#9CtIsoJ?vjbKR^7{bVxH_{ zo@n=5Ep7}73tB5rwd{41$|MY#Tx7}tf`Lycc%=3>=uG6}A%u}!MLb`;~?)Q=o zyV_Rj%v51l==bwY&WKWqiR;Yce|NYzu0?iHmKmSNQYl>dFcQ zzI#)>Snl@p2-s%5-4Y~ZmwcHe+&XHm;P>unZuYxGp34YFOQp`#@UVG2=UQDqhfz++ z$>U7h7Pja;TCnQ*#6Y!@%Z<8w_e84RNGV{=%ZMr|RtWRk!{nQMyMvn{y6}~2X`D=- z?gG$_#$S83SY;mN|Ig4;|6OOkUg7P%MgNp9rED)cWRp_*WxcCMX!6e_mSo8_{=zqJ zduJV3aU!Pp$Cb;oWgblNH<@7)^Ig4bwdkkClQ>^T{W{z2wkGM|W2Ox?I|DzwJXam= z_u}#1zQu>XYpc{H)I68`n;p5x)9W^S(csf)Sp%6p*C&?J8nt83mX z&cO0$o<`1u-eZ<$1FkIiT&~oUzF=ibsm#-N^P<<^JeMc)<{Tf#%ZTq$Emm0xZ`EzW zgCB3V3P@s5`M{@r`s?fCy*JM+UoZN?F*EtpiZ|~v<9|$wo)pR_Zrd9a{plvRn&nBm zeOJ%_XUN!@6mBzla@d;mNueyiKG<7rm6rK;IoRn@SV!L7(|q<(XLs-V*{LoeTkCI{ zRpu$cIKlCK#I7Yz7?v{>F)q}edCHgb@1lt*?^WjAT$%fo^d4f_l(~^cb{v0Q)SM0CeEKCdek~YKjW;mYUQ~< zf<0mXS|7fAFXMIc;JYk;?uy)X44liDq8PF23sJHM~#fxl9uM@8q^5ve| zC;ws9p+&{~7RT(@mP*ylnRtA9OWDzgO_vTzPrkHvMsg>|4L7TBnc3-CO&*=Ofgu}| z<>qbWng8PHG{b}My-iL_B&_d|+qvfV-o&IJbDpY8(X4B%UI#VZQ#)a4`+Cl`()AVw z_YcTw{#v)>lG`!!*MF2RZPas_ypkokZ)@NkF7wHz2c@GKsxE&yZ9Xk8IVXKi-_~;9 zi&1GOB<=mCUazP>SRU@TaSMBPi9+e>B2S59JxjGGR)l-)$X&I<;f-PJwf2Wc6gZWh zzr42YNAUr-tD#SVEY@}1yCxmHMd7jN*|M8AIX*3%W#6jPCgo8scyjHIlGEN1-#773 zDHnAt-Jx@(_r}@8AN|L5W%87#uX@lJb&&66R*6*GIt96?6RV70#~kmlan5BnXbX5U zXI}QS{U2?=ob{<2i*k-BA&W~!~%`ZxWExj4rma|Pk9r(2_^rItxgyj#;bn%nC(bZd&F*Q`|8-dNoOrT@8mH) zD-?0eF-NA4@sIz{KUvulacVXxWveot_pCd~yGC%CSC8DX)q4VrpJyDeui9E{c>C$5 zTGxPSMUqn#;_R(FZ(Q?LTy%}SM!UdYbmxMIi5e-1jZFns*Hn8JTPB`(A8X$(Uejc> zx7}i8zQeM2U#!=2-`4DmU2=liV(rd{pBGxZ>_4=kBJB!?TfnuwR~Vwr{0v{l1l{?v zaxI_mk!dd`iEz%-o)PW*ZJKV6T(jtnidhziHs14mp*>Sje#@VB#b}ksTT3q0y_}ly zD*EyQr=_zD__Dpu@fEZ)TRh)u?zi1veX6BOan!c3)O|r#0tKw;<||$-yk>SVnRUkG z`(5kTMAp5LSakmE>8h}&ee=qA`WGCJ+maQ=e)7~h-qbT$59-eT(f+%{B(_TB^4FVn z=L-y$*E7ueI@dgG%l;1ke4|YpPH1I6{u}JF`AX-!t7n&9cp`WpIqE+Hznx9R{)bn8 zy_8e)RM~ci?elrLtv}ne_59wcznd75b4a|c=htb*M(wi--`9m7s28=de5~y{-|vcG zH{%rbiLo(7DvOmrtQRU-?t61yZkDKqwI`>;^PbD!dJ2C9hilJyw$!XA*vE0=h09Y9 zy!L%O&u+?0xvh8GkNM5(PuP0$>N(5jm!|r;WrYvG*cS>IkfN(`0UAr!p$ z%kjrPVQf=9USHd#Uu-QD=+Umsa_M4{jwsKs+PT;N)Hq4M(yFPxAR_bR%Zsd-;HakD zoRn8~d>6iI^c3GzWdA$s^M3gn(L#~!aq=B{PZb)k@2$GEyx7^Lhik(L+tq#Bn0hm| zToi86()Nw{aV($fkI#?TwJ|dmRIlcqGkx3i3H&S8+k7;f`!zC8b<=OVZ+C)awcqc} zKNw}UUGDbk5cNCZvulF?&a5$iwAXgo<=i9Y8vC_1USHc2C24%{T5hs8T$Vc@IuY{aeL|C{cw{sP^7H`;j z?z-sPi?h;i2Nz7q7k(Arbbo8^)T>*n{JWMY`H6Vn{Y{e6+#&O2)vvZ*)?byyJza-ij-SUHpR+Xr)Q}4dqG%rp+ z_Vw|9W`Fdrn$+{(b$pn-p7SgTrAmpu3xk|>GpOWuj`vta?;Ccw7VnsHGTJ)|NU6t?$7HJKHP7v314vk z&;~`;3H)hmr0rYp8GO*)|83f2^En&#J&W5ZdZ!}(aZgp>Y2EC@pWLoJemX(F>eI%G zRi*J-hAV@DZydY&&*pU<I)ekczy<2`eIB$_U@iFVi_ajwLw|8%;IPziQOs08U z^R7<)*nd3E_DA#b*q3$^7atz-C_C}GKQ2qZG5nv!#W%u-?-^WOSTf_SlG;J956`7N z-zTN4=Qn14EH?K+KWmoQJiUCzW1mjB^s8uoW}fFR`m&yX&6oGx`Z+B5P00yHQ!sDEAR7-YnnHH>i^?1 z{mAs(tquRrz}kJi zgjf35FY!hb!_S9>eJy1-ACO;KbN07Q1@n=35j%~;i+*I**DZdkWgK69SYlOu$jZo^ zI3?d;kKg|p9_&B*pP}iVu=~e-eU}|AQuSpj8NGUvMc>u)*5|BmuNU4bvSn(*{RuWF zuN2wKFReNHVE@gy?+5R*Z@u!-zf(CjO>v)fn7y^;7rCu7KRkZ0=05}9`^(|iziyPt zm71ZPcG%c_tNj|Cm?ewOYc1-!I)A}FyM2GBZ;jAN`RK8sdZ%ciNZ`8bzpl6b$^5YV zV8@@jS;r5Z70vm6L@bfx&|lXQdubci5A!|$&Z)6qQ;}$QbFInieNW@nC7yp>J&*Z= z+2qIZ47cOKTQ@;rupOD@EG4aZl+q>r~$L`}! z)t=T|_)mD&^9suypSNyYlqsjb?oZIi^6vNPAEvkDnjIFJx@(uxUhRkLkDe8Oc>JKJ zZjF1XwC*|&mQQE2Cw%-mZFXjD_J{8e|9n{cZ_E8XCH4mKQ5XDg{%3gjx4k{;_9OK! zr-Ny?-*v~ZO1|UuS-IPwEbsW-3SFD>kFy_r`KRA>FLd)RiN{o3E5Z@=yN<&AvYb02qo zuIHd)y3>5*L@T=t1g_P?kjq}`GDGez*hyJtJ(dH1cc__Sx9 z#kxqnW4#~szUE$-u|7r7j;k>Gd`znKiyY@fYhGS{u|4qR^`ulm*^SRlk5*LGOPnp^a{72A^#DWi-r_o$t9gH{SLq%o z*La?H`NFlU=a1?-AF7%&dyTovos~*k+mznN>WE!;-aYBlOP!^CpQW2VRd=nHZ+vQ1 zl{I}*?`6T>y9L?e9zWJDsF-Hf_m!n+Cj-y5^BsGftMw+W%~yXnVFgQ7_)e!islrj2 zM_&GMDVfh*q5NCjFF`N;Adl5Gx#gw0%NuXKd)PTGNnCwx^!E9OtFBFDxgIV#$-unk z>gvbc@7trMw=URpS+8N5D#OCB>vVEUixs%Do`4;O}!&+3y`|_Nbg)@r|nKcVORg5`#kUeI3}ts_%0DCFSDaVd%Y0B=yiVf7mRnQLGm1YA4tQSZ8J%n&_#wT$$@s1lwGx5bmpV=x5OQH?wNNevgWvRr+{48&U)cLRg(iR1^fM|)Z!FvI=Nf> z*R?5$+A*^&-c^^rZ^?@~`)pc7GDAwqI`){oTQ4uKDAi0>ke~4Dx*+>e`3|XR^Z!m? ze7G|>f4+qJMp4zd zeeHTF4K4@19r-(Iooq(IFY{;0|REw2p) z)^Nn#pPR8J^vvp%U6&skZCN_mmh-LOo}HKT6vLCZd}o@!)|q#v*;z|I|2u1B}v*|B#cnIm_^rIpgGzoYRNp^pnGGRefJuYaZWu z{>FEPCCS-=(xoD^x3%-GdAT{>T}S;Hv+21PQlYD(??|^WK2Bl~ef3Z2(p$xb`;o`? z{Cz6>`t(=D;)i>y-{wo2ZI|(=)?BkxF1$$by;@)S@qk-v7fdbK8MLIXl)c$xwey1f z)YF;|xb}Z!JE-@?Q}6ADgLQef+Tw?#W*=WJswb{}+%%x7@7_!Iqv-(~JeO=w4?N~p zowoC*sjX8)*sEBVw{d4GL@)nX^}{<+=h6wImyNSN#`pba5L)n|{P4%*M5WoU+ZD9t zIXv6GyzIF2*5vc`8Twt{<&>_aepuFB;HCKYPgm8~_4*!fb66(Dq_j%vxT|gXGTXaT zb<($2Vwq~O=ia``(%7OK9(VP!U(@}kdTb&o^L(qmOj^!8IKido;d4@n0{OG(ITsVE5C(iT+89Q`tf|1e)7GWF$oXr*H-?$ zwo>;)`aJ&w*K@gYUsZlB(e+%bqrJ5#V&0N3Yk1w`rg=UIo2E0)glxFH(c zcq24oyBdS-U#(EBy0DlBWwtL^PTWX&EO#eJkL%6dIZ_52r|DIH?CP&je|l1Olie21 zZ4rV^JHsX4@!DCt+8D6g8s1ve*v)2J81`mDW1nV;jBh@d&n@4JbLI%`kh}VA{hRkI zPp_)byL@)1P_6^F{L-4}gy8cor4s5aUB9Bg#a~zR=T;GnW874`*ly;!sMF4u4_O<( zxN8*N*rBd{;c7q6tDyToW_|j_;qAUWTKMvhey^jO_Uvf7yDp+Vc2Db|Pk61}JS=brPcJsZ1co~N?RpWDBy!eZAP(r8+p zEVngFduf8(yKJ*qm58>_rxT?a`;J`O+H+E!`{2857L$~DMHXwNGgEFv-FeOs)Og+J z_BPj^cfCc9YoiU`&HmWLn)1^8K%?;AcR$wdPS{=5H#K$JCDn~v_w1Z4_`%{_c9FEB zjH2X0Q)mCQ&JFBUmpj&U@A+<;sccu4cJKDu&5}M5=W9wAo%^Q27rCwZ^^YrZN>{c< zSK1dcR5U&*Uu_lobn4v&mAVHko<eGH|4Gx?A9=64!L|Pv18j> zkBKKvRX*U_vL@kanRnsp8Hw8RXYRI!cL$`MOnYuRw_N4JsW?loFpf9-oD;-e(%R6;sypSqOvE~F7}-B zc}2vvKW^K6j@MN@N!xh7bIH!uIZf6o3Pu3QxRsGDrz@x z_Y2xyni=_>q43(`$$_(y$~JK9ueQzZu~Tmo{S#Fh{LS@#fw$|TFJXdQwad}Vd^Yv|dD_iuV?OPF( zK=P|%FVkzPe;!|#5Ivr`>-FL}Cmh~sdzNZE`+4QTe+H{*At`5Hn#$Ws=&Q^>wbM54 ztj<>VeUofo{4p1;dDUcEaK?S%n~Z6$S3@6mUTwQ~x7W3ErC!E_7jY_=Yjjs1e)QJr znq_K>=p;@N(TN;~HRT>F?J@p#=7+TTp=q1{F1F+M_|Nd6{YP8Q{mfSt8+WKoiz$%xm9SDd4A>j7q@mE z=$Npy>PhMP$RE)q+ruXQbZ1vqx!!X7&OPNldJcy3<8H1`{2^L3{ehb*Phi^vZP}Tx zE>4|#eo38lw8WY{*Cz;_VVabEv1HSQ1wjWs-`ey3(Dp#bY$!meCe z;$-GLW!6Lhp&948QJiAtGjomnP{1$tmSGpCnG=G*DmQr+MNbR6jq4`os^l~ z@Aow=UB}anZAF~V#ir2WeRO@l}uGVE$!xJpSIIlGbv;9?PELBoG1UhzOmwPSeu4C zAH(q<*C+nCP`m0=<~g;#71xjNl<7@U14hB6;aE7Q}0)Ndi+nQp5sUP z(G6Lbqi65cG(X9CtiVdDJm=BT-xsatckJiY-^W{1{n7l;l&cB5H*MX%efOpveGa!< zR!FnU$4zZt@yaT{sm8u`O;ktymUrz_B@&D$SzVu9!R_}^b$Qp5+5Xp;?=hMnxqQNA z0qd0OuInh@4o&u0a#BxL=u^hp z`xO1|GRp6WcAleS|=O}fpeydaCZf~@TIqN?j|K7Qoz zaOZo!GwVvq1Ye2kwWca0d|R<>R?YJ>w&mQK&lUG&_jgBn9Cp&{TJU62 z)vV*!_Guo?mwstRw#J={*iDz4`NajorZ#?l} zPM`Lv>yKEZrcL?wUiyiec;?Hl=k7=4-*nFuOuSL`{_eHyA%f>Vc6^N&T>5NkRpP8S zo??b_hmWRqhPg$m&)Hz3)%7{jKEoulb?+0t7yP_^nv?1-+Q~H)=IZD+zSz0^O_Rip z#g|j|RM-6E|Md1rFx#5R?%O=u%N|%`T+co#!d|NG8(eHcp;*v{w-i;?L z7Y1!I?bFhE*|+Akw)M`0y~cjKKe|mw4&7a|?aYJnZ|giuHG?%xj;miO^hybHILy+= z>au8J-BsJ(-}wT!4htS}=P6>YGmWb)I^;cH>E^e8rk&;Gg(40Dma^Gmkx%>H+*z|{ zz1R7v>|3t9eV6~JI$2^y4}a8x{F&jIvkRD;w5QCE+r#JNIp62f?H_Xk&j`<5@@1_u zFVEbN{5xkE`_BiTTywiO>fJ3h!&3(Q>$8qstI6e^{ZnJ%c72)e>#F`U9Qi(d(@#T( zQ%e$O+n-uJ<>{1*SJgW%%C;;oP?ubLmMP+0-lT$`x7=JSk4-POu{yYoFRgXkr)sIM z`s|qjhLJt#+Zd$>1Ax}WM)ZT8mlR@c2oRRcGdo@2mcgmGB4B^8&`Nc z^xTg>bt6#VMDQ!$QYR~!UUMaXfx9n%+0Rrxb4uDqukw9FoZ!}v^N+?xewokyviO|n zwpB;k^|Dw0(EP3T$L+_}75&0L=FZ|~_`Q5qnO2uAquteS{}~SGH_OR?;BQ~L^#j}V z%;iy0&a?kB2xn;tGQ8g~?`xIVd@Y;i2mEhD|4vWNUGXP|vT~b=pnH{a^30s1?~e&+oI8|66tJQcdoo^D?h_AN*&yx!c=3 zU#R6uO=R5+*Ee3mvFDrrGo;72+wqG?l*iW=iJX*8;Bljcz{+jx=(*GI6vp#vwY3Mqh zH80ygpF>;eMe0@6HT@+&j{aw0W!N$A-E*fOsmnQnBzdw+H$N>f{+|6@UcBP*vHb$3 z>ia+Pcj=v+=5(gpI(fa{*6Bu$X$?Aa^zYvFz5ICJ{@EusY%!{CJYMyz^vTVa!H0sE z3md(6xwtm}?!@ntKg%AsG@W11G+mdgX88tL-YU77AKrZrZcV*X@>$}%j+?gmv3vZN zYRuC%zr60`o_1R)T_wbA>k?7Tb+LR5583WDeEpln>!kZ_%^|0vJgFS%@k3RP_3F@F2(S z(#PCof+tljeyExxz45K***m8~f^Fm<*}vJoBEnJSp8Qt#gLh)X=Y2i=BmJno_&z>m z)!sL6Ry~n;qVjRpuV38HD$edXBDh_q>-4pM@)h<+CYY2<)l{E2_9txP>SfFAH%uw* ze0q=h@0yaic@bOgi{D;jys7uhVwvm9Ze-n3??{ebtM)R*`9#3gC-Oq|spgeSuKqDF zy7=VJ+;-FFVzZtfz27>W^^vC`&rZRU^IYw`O2yi~6q;(jG=A0AIJ! zHj^)lKA+FKKTDqP$Ey3kt&d!&o%OII=o1gm^#xIhitL{gT?!Rc^F`wNpN7 zN%W*AUrp0KMww=u`uap_srIBD0al+w#Vi4aT3TkfPU{_lktCB1E*+Zp7Y2nuFid~*3 z6A!$~{G6e&dDW$9Y7I)u9$zlaxw%kxyG&ukKiQCJysP%EuDit0!lt(HP1%KVlP$O1 zcP1=!W3#%x;4{s)J^)r_0`#9G`Z@kXEdF{pAFwX6V z{>WFoE)kY_tUce!wW!L6=X8UI?Afw=(p?gYVS(2rAMLz#<%{@k=DJf#6Cc=T-MCb! zByr>Ejy0?EXDM$8>zlMr^}xB>EV~PncA0PKPKlJX*}G(p)SbSA+w#;lz3~kFENf69 zx|-#ko9wQzl^Lo#CD%bY?~qEXt^Neg#lZARO*q7PL`G{r>T|d?`B$cCu(C&^F)ss zuT-W#%kXlau;bZ+=cg_IXt^@_U7E4P;8e_1nZTq+!37eN+>37@lvFQ3I8Yk_h z&M(iAm}I$(S6Q#(il*v*tChOT9-iWJ&3M;Y)Wd9G6D%YCI88(GXvFiMU|wi%umh(6igQ zWM4<8rA+f#XG!TDImJ<~FM^|_r{z!ly(g@7OP@IFhKlzQ+k_{WwXfCApCi0`PS|vp zE%}+#Rrf{8ckP>WggJ5NanZ(Pl@&LY7p&D#Pi23$Ea|)6l2xl>SAMv^*wU~4-in!# z7kd9Q%v|-p_=)_?oo9n;kLL20P5o4O{?dePPgLYwQ|z{GZpgIXI^+5C<7-VOilyG3 zy*0$zC9L`Q*QUi~8Kv}meQ;H5>ckoEAAA*wRQ7OoUNGq^Ppad~gKM&1 zmK*k;wUFfv&E6Kc`HY2a<%%;;=1iWyR!q$pn9pM%%x!z6TQ6kuT`}63+B};C6q1KCTq); zT(;x5k`i&!!Q(+n`fK0Irp&SjZv8m8KIq5E-*(wj!RJ^0$h%*Yd3v4I*Y(odW?uUG zHnnqF#O>_WJxN=GgIq3uPpRr}-CD027W8E9-q)A^D6VxaW{}HJ;SroS_2E64T~iYS zuPck*_z{03IP;y;{(H7sQnpd0!i{f#r7cL5PDpHSD2#d>lBr~uXuXRkeAbIP{eXRG zA8akxPWhN6s^Y^h+TFMKna>N=D~I3RIo^Eb$~JLdZP7S~qea(l9iOW$JaK;fvF#?F z%jVDcx3y(W@1ieO)tVBTC*^x>Ha9pXUhir{MSZIel}r+-``hD&upB$z42A;i+yby)HY9!cAho# zKH+&hZtB$xMR%4EY1bR~FF!oTT_(DD`Ly7kYq9NjS)RX)y4F$l&o(RWz<1L%OJjs0 zO4e$J-QkoqjM%U~G@&YN*?i47!->b$mL1LOjn0|i|2pj9?1tJRD^R}D}e{#U&>p|ANR#(z|nm=8=$*Db6CYL3&GJ-Yn<VpRtDTLPoM5yv!stVuXDoMacv=`yAb| zd!FZEPD^&vn-yW79(mhqY-gAJzRu)G=q%?Z&tvvhum8yOtL{2xaq!{ZOxxZ}^WyM; z?Yg-e9$Qz3&;QYMF=<|Cuj3cfm*!!Mli89i9?yF4$Dh-?lOc9tJIh7inb+Fd4dhQB zT)nI0ll+7^Jq22GI@=YGxl1T-joKW%N27nvpBrm`$rMJ-Hp_03z28$f>&E5W$ej*+ zRcV{P>^Pu0v+`{$+a%SH+#N43ToX#ql~@+P;qu~!=|$ElS3Ygh7CE_$bCz|E%?!JF zTjL@({C1W)Uc7#)O3a3-DpPs{n~!O)|F9=lNkCemL?v8)p<7h2O6Ngk_Dj2SMZMgo zFfhN2Jns_2`@*PmYrpKrh5N$={Ig{Btt{^?iG@A? zOoL3rcib!dyj>w|+ANpd+ZboPu=$;(dM(oI%gN)W=d+D0dbE#4Y)*K*VcoQfX~A<+ zR<2q7o9S@jdFB4ROx1*}=Qh_)Yt3CeCvARu!U@M2&y^Rvjk0qLi0PU9HZbw=y-UfG zKZ||NPnmc3>_&~{Hbq&L`Y9zw`L`GzvuzG?pXTKF(9PdeN1S?SFYMSu`qWx&xT8CGq?Br zPQSGKefvMINe{Ybw^*~s{0g?wf4JXV_^en+vgnH{-fagqEJ`jSN>+#HA z7CnzlrQMlD_b+*Qnmy#8`c`Ydjf{>rjIWEX%;!2b;{;2Q`%>R^eZNeu1e&gqHa>97 zI@C7k8+XycCC4R9W^LOkHaE}PBL3Kp`2rP}q-REHEIH?&?7n%Im9&YeZ=6PFpn6=x z{Iy9jS(7D=&VHJFHaX_CZn64#wTP>04WpiJ-0*mN)#)kG)9R{s`dx1DOY#y2$-;T>C?P_HK*qG3v^b3M03@U$9fkExyf8x|1PA^7%aN z3nucs5ibi{N?02n%)4sZx+v;azcw@TR*&z6$9GsiX!KQfU8FMana1M;35NY^6JA-p zGg^7*x#bGey$P}>HYJ;$&XQWaYR9C&?KTNt*DCTQsRkvJ|BQ{lBn7lJw@&#|cRGG!AD>--POnOuPO_FK#Nt3Rn&5vz2 zNBBQ>2-s3HC$V$QT<@bn0?FZt$M3z3I;L(st=-#hV|xDXk_X!hw3yf5+FV(eF7bpv z>cR8tDJP3H&oA{&U%6+=8HvZr^Q-oS6#ow2c;{ff%uRpomB(J~Pn8l76<+{4)$8T0 zt}O{YJ-@%NU0oYwv@=hF&(kJkOUdQ#s9Jc(*wA9^UbxGW%lu7P)x7(X>tb2dxRO$^my9Wi@jTh$rx%;q6aJSlC^+Sw) zTzYm1j9*vG+GKj@=-mGdZBxT^H}Mr{{e9r(_WVD?`j9P=3@tJR7B7SE-_dd?a6DUh zy7>CC>6#~gblMy*mv1;)Jn`85tYpdGJJfc`3!Hd8L8kP$={c8wF;BPsXAm@#D&Xm%}L*2 zH)U4qtQOUF$;YNir&S$f89?VRE^<12xa9cPHP@ECm0uGtSjU#VPj;HelP$#(>M32? z=S+2t-rbBk9<}-NgBSAhM%Ql`{Biwoy`woQE1%^=g>}cH9p^j#Gq9M<&Aa5Ad}wxr z;ErPkwb`HNm|4$^N`H~fKjUfNTjQs%CH6Q!c)k8@Kj*7_6^ADaZ2AxF?SAO~);_(Y zb7{qLLob8f=c^uXz0de+mg(ae3K?_#&$JX&T{m7?QFZI*sh>&L-c|`->@5jh=(Z=X zKbvz_@R8$_R$ckc?)=eg>YCf!-P%(oMx-QMU2kW}$@%)yKIaeSNBhNVEU$!}51DvN z!QsiAq`kin$V-;k3*Xi>UUlLCpKrz04|?*P7lWBg&-;gz|6FG7BOjHz_0*Z!7n_+Z zOw|}gpKW>croiG9-CN&>6^}bQH5E5r+Ojk(po;Ih%Zc0Vrb?pB%zGVn9yfV9 zS=O~$A}6cL<5+;2#QPu~!GkM8Pkvdh-B7@neW~Yil%&O^pv8hm4Gh&McLf}n6S_81 zEM-fu^YiAPm)pIPxZE7>NJVMobZlF0`MAFAp4`W6Gj*pePw9#DV3+CJ`f2;I{+pX) zKcsxhlCs_HojvDI^HkAqc@-~1w&p4w4&PcGeM9u(F^T>qm!;=|S7H(!;l zmtJ`A#II|HD=u&8Uw1eu<56P8<|RKWKiVIOhcx%tCKOZv}w9HrbF7Ep9pW(>l$Fjk1#Ra#dss3zS^ZLBp%UShZ zkwI_7c)yny2WC|j|HwIaO+afi^CZ`ruOF2U*$b8OR^$)XU=Do$uole#9TR_D{1-U+m;s$;B0$UfCA9ddYO(QoeF1 zdDWvAJ7n(s6S$bT*Zh|4q%}Uq+wbk@@A#+qv9HyBe)gix(Z^3{z6|>l{`mBJz8Y^i z$?bc%^R*v_{@c5H#Who3t5}`ecMqjbQ7aIC&vk8@@~z8d>1UEx`pr!*KEF@8?sA>f z^_qYh&h^5%rCSo!V$wgqj-B7J<@8K_DO+I=_uj`RCx&0!v-;>f*-LvuKN?*Rxnv`u zkP*PPi@SN^7tz;sk{^#)nYX-qa^;<3c$;z4@eOMft>fp;3-vI0H}TxdIQd+;NZvOt zGb>V-imw#RQK zy<*Ju_L{ll4AFN_KeF{>nRtDI1QTz{>wO%vqD4N6x0{}Lx~ZkD_U%RY;5gZ8 zw|7$0B{cK0D}o*OUH+>1cF8`W#d8jwe;FaQzNyaG_amEb(yed&Z)TUB>D)bO&$qR6 z`H$X;@6dHU+j=EUJ8|pt;A5^u^;`Upcl)>4G0hI#aYg>j9;azNy@%~Mk3Zq9jJUPs zZ@;lwir7Q0IyDqhD?uyt>n-z~gm3;|Swpb&7WAf2k{}~RS@7P>1|Ii0_ zomn+@xu;JU?XJ~6|Ienz>DoT^KY>?m5?99V`Fy^pzEbfd^8(Qef0RFN-G4Zq-N>CG z)6{yx^dPyV?1}Mf3+{;?SNB{U^Z1PI)#Mjzt-l@nX!@Vw*t08t%9qVl+U>NeW4^}g z?R{V0*>7HdP`+pW*5^m;w@19}nfBrIzZO*|ak>2t+Rx^<*IE2$3 znKW7PxYw`Q58aQ{^VN8L@a^w3i5G~Dlb&5V@k|gO=i9!k>mTKE=?lFOx02Z`ar8*F zOGC=aSG=XqB7LQ?w;ozS}*X& za@UXk0=*|w)-LUoo-rpSy#Ax{!*8n}+26AJeJH<9WumFE@OGcZw{eF*nt#jt7!${` z?ZfuQJ+g{37G%Ctcz)*5o;TYy7uxW@4_lt5wz_9a^?b7*-Vc@^mW@6(ZJ*ZVKQ_mH z`}yvxsGsU?b8Y^S{Wszd)C>RNT$xpvy=m{+bB~`cxyzgNpW)DsAIm=+d-d9H@8#v& zjC$9tmybWTbxok&e z@)jC!na$t9o7pcIaeVEf?4FK@Ry~U~bKQNnUb9oU6Zf*`%(M%CmV8O}GMti}lFj+b z+Tr4s`P?tdt=d{Gvv*7`J#envd}*Pb?sXgI^{=PxycA_|qv>7ndef^J*Vixj;T?QU zZM%_II`@{pzF|Kme-uAd$9cizKZC%JMUS*o=9yZ1NUC4j*6J$p>P`N>W9~;@Jjlq= zDdG0Hqs=y*d28_g%j-&aT)Xz^3R~#us%!ryn=bFr(>48TJN5BShl_LSIbVj__*aXy zu8i^DW8G&~6~5BzQp}m7*48qI{@CyJID2i@5)=Q)^S$Q1K2r5;c2>#jn|uc>SiY_f zlNU+lx^^id!CaDQOWq$z_HHTJ*mXW04)>Z_2oI9n7aa((?j*;f-^NvS+AQ5O8gU-d24_^8$V zBl3*Ct78r=DseJj@v1ia$XV4W<7a)xuB5Fy&wBCeUvH;fySH#06?59jd~dfs&z&Fj z0lj&TE=75s_&Ia(-sm6MAD-C@co+X&DHoWQ^tNx$_4G9r<<1|<`jRf?PT73Sukgg{ zh{TVR=*%#)^Q?O=u~j-LWB8$HA#ACN*u6Ms*JpcH#Yf@3~xx0#cIR>*58w4~5zDvFb~g_^Idb5;+|*ZfTo?9;K6)#cUCZv%^314Q;kn(`Lly0Z zXDyrh*!yo(h0nBElX#A~bJb>devm)rFY<@`N56Ud)5|>Dw!iV+J<03sd9SZ4y$sw{ zvri}QxLn8g<3GbeslVSA^B%eEZ2it7#WM8urNu52rCjGdihN%c=GE)#u24nJ=vK1rw)2iEc(|EC(&dXTSxS?+4!+tiE8BfoU^bR7O+ zxoW$|tfP-l8j0Vj3;VJvaSscBjJw7_(^@+4yy^Chncgw!E z+_E!CN%hE{UtwR5F4>V~@{Tz?ko&saKz-rqnCPRag`ICZ z-M`9ev0s$>DD~V^`KhHwRoAOOzST=C+`V(=-Z*z}>&)uqz9RM6mn9Y|Kl{GQH^OuC zoXT}GeYZTlI_2}cww?DSqG}hNT$`tSSMrr>$@T5qjeL^#xZdI8WL}&6W6`xo)$vLf zgl?Q;_1Pv9JM%!cU`I*XhRlNjOZY0+sry<-zI`;OW?e|qu6{9{Z<}YVOH8%9xApKn z{cok8&q^jp&*S&%5DWS-b5+dCUD?Ma?`}0dzTWiHwO#j=KGt`tUNu!ZE8^#*`SQy3 z3-aQ7iWg7LfB4sCvq$pXk~7u6!e`Ys+NErFJuKG{9?D%D6Zb`_C~D@m%UcdBsasdB zz29KA|5ly(mU$6I3%73Wh{wJo5ovA*e}(V;cj!K!js2Q?_g`6^QJi<}jzq{8 zb+)~lSGF3@UYv99$KloYUPUQvnRw_ZOGL!<1xIUMZQizc&AHnfoA2#w__4Kid3UYr zrGTBM+^m_;)_h-f!_Sm6Peh3Gr0H?5xDSt0eWyP;*b%+xuW!Y+G0;!*QbO z+Og#;-lY9B@{fAD)qAnppD%V_UkCKHPmEiXJ2hV~$|+>dceTw=W~(Qt_eVu8Nt`^n z!D@2ondR?gt+O`K4x5qr*HxvA7H@ysR1^FnOL;VUSyaXP(8fJq<$Q^EB5Ah^DE( zFBA0&5Z$=DIXrd3sx1yY6aSe8UTo$)d3%Lvc8K>z8Og*g$qXN7O$<;>OFq9q#AN{w z>+!XoPh|?viwMo_`n2L@&&t>Hqner1?7228$wgZ-d^sQ0I%Qk5@=FI6)uy-hbK|!B zKCCWzJTO#uviiJ&tiQ{=8(z-K&{At%`S<2DQyZyo=WljLeEM>G#XHNJ8pmyIUmuzG z`pvcZyA_10lJ;7E%bNF0x_bBQp8?POM60__6~-*jlZ#pNYu>5om0vP$o%*nTehc@z ziuDOUIv>u?XMV9y^ur_zVYQjh?=-(UZuvL+$Ug2Y_akyP7fU!Nm*lQ+o@#sS)%X3k zx*pUYcF3|yR8H-in=7MO-y*`cLzO$LDr-@$a&P1*-^nLdPdK+`r|a8m8~0o~vclH- z%C@MU33DgO{Rz`Ew_5NfFM5}u^4j=KY-);*2j50~3%_7p^LV?&T5ZqmUre>seJy3h z`Zi8K$!@oGGf$`dsq>LhGDarWCk`A~efHDj*M4VK`drz%(=PJX-Cb8ZN;#8*MT&$Q zBX>C#{pR?)p1jTV?q&Lp+w`NyVwi{=QP##ik;+eAcXY%$ym=&%Qib zcx!ssSMTbdIqBPOZmC(&w?$)%#km)6lJ{(9oXN=i^NM=t?j2!WmlewGuActSkad5y zz4ecdml5yR{+My<;$dSAo7C#iV=6l%UVfeHkooFld4Z9;L-yS1p{=tup0hmcT&2J4 z)vY-X->@ue(m}@t!?plBjyd`*~Xz-#EGDV&f{OO?UT9J5{ju`n82FlTW8>6)fSK zTARM(^1EBtq*LquGniX0b6tJk=d5tVu~m+D8w0c@pWZ&JvsmKMqMdtZ7EPST@Ut&F zO;#nwEi_4C)03?Z^CWgv?l!RDvo!T`GB~(<;;|Fl(_VNi_Z8WAC@l2(KJ7LAhqr5T z@Ut;U#BiP2e@Rbqht?^-cb2P+FFjW^KA9EaJN-_P*+0{%EAGb}_&rHH_pp}XrQKIP zyqz=oQHjO(w*jyJ$+Rd%-;7@8__ROK>$r=mw2Y1Ube;t>W?H=WS3Vc>hOyz#>m^tA zn6s3z3)MW|AUg5yd=vhsR)w#-+Kw;ux_iqkS#@RNWy@uI*GVopaeQf(>Kwf&Lq%5W zV@)Rk@1FGN>PH(Pbv&-j(L)wN@m@{A{Bf4q#+U4A%Ue!9rgKFi}v&EB+3N?h~e zSAEypDC^Eso7GPp+F?DvVb`_hRj%tQ(nFmK(!=k)J#p}y_Jv0qQ@0fK_wcMVv5u8a zI9agx`n>FU;i+yK@9Z;sl^D| zu2=uS-#PinEiPXro1)WlHxni|t+O~Nk|mIJ|CV#)hkpz8=GQZ5%f4ZsyS$0xoi_8s z__jZ(ODpzy)VN#ui%d_Q_OL>K^1P{9y6h@RZr@fXKjNNk-Shsr_Rs5;zb&$uIG6i5 z*DjuOUH$QjwGVzYmrJp+>u#58Hm!f~Y|S_E%d*FxPLQ+y?2=qocB$^+*Z&MHdDpx% z?%wWOwwL+v_p;XJ#ghyepD(T0-n=J3<+AYi!wMzq7CU@oTlDFnUV(WLW&$miJuOe%M>1;&8Tj+VSA|WlSsgch?!en7mtcGoJ;+R#jism1``Q zm>=Ez^JAr5M1rT~dB3gC;`FcBoy>Z*e4|poXieg#4MJzG%Z5Bie;pV4D8AENYR^)a zo(YpDl_y_YeDmfkThYGgM|US&Rhl`^;a<|51+t81BY#*{tM~j9KKmM! zXtC4rC7I#k_vEf8co(IV&QE5QusB;~dSz48xjfxB>@yBqKYcsv<9^1&A8%<_+C)Bz zXYvW~kl3~GvCa4Ot{ZKliIW==KXA&fb`IHh=G+F0n}1$2NA1p@az?}P#2wqJYrWc%2Y0*(-?eLE zWR&dvw?f&*N37mH-BbNohvS9gYJodz+FTND%Jf{ibMyB7V?wDc%(pf~d0e$#JZ1LL zsLz{C%zaOuHTW_4h!F3x*ZCF--`6d)QC@ahx^}MLyUMpQ+cqx0ck`Z!zTmOq1M6m( zoLOe?clB$=v-Ip^=c>d0_HC^#J7iouX>WP?x+IM}fmA=E>}2o53JwJizKSl_G6>#m zbynrh-Hjpr>*Fle+6Euqe#u?*MChH>ZOWGxe6anaE!k9Y@HGGIm$AD4mS^(KH(nSP zQ`mfIj$)zL-ic55X!R<*XNjNMWUf1Toq0Ufy_Vnpnn~x{6GvqJGl=nf9Y5o^qeu9a zyY1`zpzF)_@63$T-T6jqN?75!Grz5Vh2khP zr-GsO;;ct?0I9@F7n7Y-{U(mBO!zal` z-Xd{gk)c$UTebk}cJ7@c2O_y}Wr+GepYV&NiNv`k&Kj}o7{|r|1ESry=lg>C7wqV!H zntjqb#V6Oi;c~aHF8Wuzl3k_r` zoBi9k?%1#L_BRSYnm+~^efDCWogS1rb=L=5?Nxv0{%1(nXaB?V;f&P#K9l#`vV%`7 zyL9!K_s)0sduv(qSN$k{nB7}`Oi*w2qtibQUixD#)TDU+?j3fo+q1ou#TVK{iMQK` zKdjCdu5q7cYwp6ecFB*r%YRF67x(n-|F`Q!jqZo}$MOW%%kw8zZMr`HkIRp>kNG=yz1gR6eO>Is^i$Eytx-qnMRz+L z^LX4DTegbvLWt$gjJ{VUiM)|{Uyd_-{UiEMY>f*q zJgBtIRA1tU|AFkka~B<1ZxF+F+-;4&*pK(o*VQteOF>^`i!S^9c`VF=u@E_aa@0_8`r|sI>5m0HVer-+E zsSlpd)C;>JlW%Lr9#>xKF8Acn#6J?a>v{jM|7YM7edZ)4=&`22?rW{$!?#?wuKRRKdZY$0bv;_G*S@lO z$-N~XZdqD8y}f%5u;df9{HFcb49r#2Ni# zV@8(@+!cTB*|K3`-&+>=S`U9?D#8 z+*dHiv~%(U`yM%=kMFuBd)FxKPCny*G}m`$z*L34kl_wvYo_-m&`S7PxM&dHR!=oRb z-+aeo!q4Qp9cyOZ)ymYKt2cX7bn2(e?6TVBZkIXYO{dR0wEE??u!03QiV7^(&Nh#@ z-e4S<>!Y9BZFb?E&DGZtp?!uSYfqcZ;Xk$Y;dV`loZ_yWDRNG$J{4JC?%*(6?`7Dx zY{r=?=2=bGR!kE6xnc3^u+XBqJgvFg-`$ve=jzdkvPS+&b37+}E$PW+HaQwPvBM_V zry)@K`}xPwx`7jJzP)0YYRjIr*2e3i%&)T5JttOpetG{ZtL3yUzm_R8?kYEpieA&iT)Ij;{NiCXZXS6r zy`W_|ddnwII`DmA-pqqFA7?$E9FV5t`Jm+4e7WU@LCgG?2Bmn-a@%tK#DRG`>>mf3 z99Z`?A=@_J!+D?Mi50y+eHtEIU8b@ouDWN=^OwHD&nIO~*cZFBDkUVpnHm*CgQRm3>y+Uz$48pfo zoj207kO?i@b>j~I(vZN}sWX@Hah?sH<-o^ovDBE&@`cux>l!;*{xi(WT7Ti`tetT$ zw(&juvgY>6P|@bl*{e4l&am%Iy?c7cglLmr5szjWnf{gI^|Dmr+HduF-q%O=qWjb4 znum0L%~dm)&aPg>Q+&4i$lCo1e9fO%Z8|h*Wq9n3SG*}tPp_PlT>Q8;{NOzG58m9> zzr(fWyl41*Df0CMF;;bko)o!7`__GAZ!wWAl4QNwW#`5hQhj~;kLllXE__YPUaM=< z$@Sok#j`EF(eHBEuAY;2y*6>-f%z|^uSp&9Sjhe4c@wXgJ%g#PQ4Fu=9o7TEe_n6+ zaQu+P8>iEiT013dzArqRl__bY&l?e&C9JJwW?)pi`hrQVlC*Vc!c2>2i!OfYwf8+f zZH8(^OxUamMz;J+JJa6fN(vpBujg^_toEwbJIA{m^^PP}%Pm_l?a7}LmTS6|c1_Y) zni*_gwrSZ+$r<~Le}>NWdi(J2?R7>LrZc%KKZz?ZU(2>3>)5%rBWEIH9^cxvS4HS? zejew#aJMd3Nx7}pGCuBJk@~{Gmu&-3!v zwyo)B(KyDYp}Xl$An%gCtTT*Lp2!(`X3g|te;Ib|W@OPSH^ay&+jJt&Im%r9F=wA= z*6EOpy|0cK8-0FzYrYfr!}IGhB_bE0cf7T=tFdR54DlG!@x6c@n$V zY?ky{$$t+w|EpZ7nUj8|OJdShzr2>D^>@_X)lUtaoX6*1|8bSy3AfTm6F8!dU3oJr z)H3k;);yo$Imun;_O$FwI(sxEtlc!ExV-G`)^ z+xJfLtf@%uKethD%ijmPKQX+GJ~-!U^2)QSJ2E+s2Olks<7M<<{n&T4xj5&7=cn(c zD<7U*(&fti_WH-Qsvjo%M$WDDSkn2)_|u2l*F7IaSI(UMMDiS4_U5hrW-{+inl`U{ zxh^mIOwxiPErmC+9-mzv-uJXiEZTYd-jc1GZavYO;3-=jwr5(C&gz8+ET7G~u>S6+ zAIz4b7v`SxPn!_w(4@Ch;o7}<$pQ@(w!F!=WtT9tTfV)wWvzjTKEw09iN=eX^gNZ` zavYgFt9MDfaYkODSNHxE%T;HTeU|U3*E*Y5vbQ&%|D4K>PhB4;#?G6`ljzK@%(P>! z$WL*tKl5ga-pTBjUZHu+-E^++42LV*Qw5tW4?bE^vFg&RR~M%G^b}}^onkut^vlWb zt9zGr=6Xz45&kqe;^58cswFkQAJ--Pd&`8Hy+4#@)|zxJ=l#?; ze{E1#S!UaRhDQ>jns!Sq7kRI)RO@(ft)lZ$^5o+y*G{{AFwBO3cGt-(G7jEGPs69m zE!yh$%=cB)<*ycRpK@LP+{0&eJ@{e0py%_SIyZUP?Y=(Sl(izlKBi12?0W0glL|Y+ z^V}JlT^274d8JZqH@Do_#dw}!|I+x#Clf1z4?NpwvNp>$P$(lbxQHP{-s{#z{mJqy z6aSf>-gxnJMP{H zKW{JiCH&IY)g8;MHywHM*S9p#;`Or27OHl^o2?$pq%GU9H{h(mIgj$dcglW^u3FYT+rQ}j~01$?GIpMk6O7pOW?ThzYh;e znfFJ9nfOL@7Z#l0I3b&DS6-=_TGx`*wy_wf3ysh6}kr>PjLT$qb4@dqyZ z*>Xar_F4~q)n+fdw3a1E&Hw4WRX1)}9ZT*=wn+&)y2or+iPm`oRfpHtHcZ-V{c_26 z(~=*Pt{Ix_co}(5;iK-l*}?{imlv2iM}3Ul+r#tL;-^2u_w_a(*}Ilq)tl!!{fS-M zmStP?LPfmiX?!d_`*};YqTCLfa0|VAo*p`$Z)&xSzjaRvStBCW=PzZPDJ>pTbfz9x2Q1wKX^fJSjAh0aA!)mNQ|FhjROvYVEO}pTw$kG$gN?cdk5{fTdL6h^>l`1y*G0## z2BizyUyDof{N8+ArZ&6dqv)59t5Rlj`BD*8j_+2Wn-DjN>X`?qXyz^em{^Yf0)-C|U9>0ma`?^%(l=N=#U zB6DruY(b9`$@fjeE}0}nHZXiX8k>7@!Kc|TC%WD=?44P3>+#8x;p$hUrs*cmEc>~9 z;-yVzp0^m4yebSd`JDInhTNSXYej42-1n(dos7SqXInJwfy|eauOm0cday}+zBR*? z=~AViyWg_8Up82(mCRDn*R(M=sir!l(*7M%xc5?mnb&l(Ue^ez; za<%TzVtl@F&9c5-V(v>a*ST1{Jyy5p@_XqLmD2MseKsR>x3xH%|9Q?dszX<2&~yA37s&?&sq<#b>MET)TF?V0LwPX{xeBVqEmc z^lu3t_V*@F`tH5eV;#S8#?iV=r!`7Dv$PlgG8b>}(=>kJYaaTe{Nrp_scF51%w8`i zob0(itH$$(ePPnOXTry|UfFH!{cT*s@o|2GN@V>*#R)ERDyvUE+SgqxXc{fQ`4yM^ z(}OC-f#HHOw()nZ7eCz0vv00s##`mbZ^PYoZ+6>!O}FQR9P`A_x+yo8?R?mMe|tsV z%cre=Wy~kmFR4@fBk}jhbgLRm_8$(vuJ@dNc-GtTqxqC=IV+e=@sYdmItZu;hz-_F$4x7K`{%oZleBK7lh+>gR#*=5HA zFUdsTW#B(mI61UN_M`u?`8-=0m;Pw7jAFImEA9!O*>Tvdd|S`2a%b-T{6${u=9+ESv-dPkRiE=YwxpPIy23xxr(Sa&e6_LqQMIEo%EPg* z>;6(LnJ030UzR=I9%a}y;fHnPSN!Gc+=iF-$i5 z3x#19=fec|k8nd^}s?mt?(tocFo zT;8PyHrbz2KA$ZYpU3-Qe^-s&ttk`KUIgnfJdyhJ`#(ebFSFIFep;m-KPSyz(-)JPX(tuDg6VP9mQB_TIO5kIy-^r{BRi;__N4%@{lomjY$s>Ey2^6?%BqI!Gd6`E_`NTcO3n@zI-Oo}JZo|7ooBoE|A_gv zZJ)YS?%jnEryoYG{NwRs@59&LVY$9e>+H+UU#Py$rYtM_}U&cEMCxR8uzmA*x*yP&U8fo42tzQ}K9x%Pl`5bZ2=m+OR|E{PM zJF5?WznL=ZUOdUt&u&imc{!yYi$7LB@IS)#;d%GE>A#gC&Dz6M7X7-eCNCI0^N_du zm7h9sTp@Gc$yxrLZJ)_6@uSN(-R0wrK23?dZNJ^jdOjb^-uPkuG4J!ORyFfEY@$;3 z>=&%mTKY-F;%Lp+kKZ4^KhpSEUN${!!fSWw&0{bH7`gwwWz|OVm`> zXqL%6-$k$0BwgKOxU%lVuV?EYSF7xlvTZ&o?Xxp=va~Z(Rp~nG1OFMePeWb=-%2%}egS_;j+kxM(=-`)$}j65h{{}7&krzreQ43u?_R&AT;f_#gqf{v z_Vf3=f2@Bjez3jiepu_~=LwQ~IoGad{^R`d+3H8U{*Tgjik$mcv+cW(;w?Xa(d*u8 zUj1hfO!h548kcq3O+>7fBf$82*O#Ix7x9~^ee+JgIKPEo>tEFpv^kweK9RWO-oj>#KnZ_dgTZFb6;QuR#-CtZJYanCxw^5^@q-SRu@`S(aBW~M)i)$&|6$uzxGUHRJH&^cF+ zxCK7@IaR9U;cEArR{d}DS7hB6&i|(!k!7&tS^O4(vj-?HY_-y**)TWxb}K73fVrqBQJ^*8m8=B7XF zzVqsydU@L|vq=(>{~6k4wNL(MNPo{C^Fp5Y>wbmz(^s_CLch zUB>*9dZE@0y91PC|1!Rf7yfsne&h9{_nU9M*;r%xQD%{>bCFk=6UT|?AJ)8b-C_Nz z`e&OtW7lD~xe}jl7t0@&m#Yb0`9tfw!;kD05=j@Qi*FCGKlj68$%Y?Ss~^d?oG)Eb zasAxRHiJuRCKVaJj-0<~`yqXv3iE?f=cay?4(+)Y=W)_7^WO){?_bxPb^aFiVcy17 zz6&a%A4wg{^E{#ycjsf&!%eTkzF++GHQn=`ro6)+oxdw;6hCqws;Y1OQhha3d7I#w zmaob`ueJ8=e%xDp#CK7oqQ~0V8;*(3`g!`{{x`87Cm-0So&8rjEOq;K$vzi#_F2E2 zA3U4;$e!!yinEXY#;RS((>=8~eFwYfljIc-S6+`0*+!&cT?VjB4usIEWYd6e$wlDVbR{dMzhyE$--TvWC;fd?hb3boRd8<?zWxbqtOS%IYL*4DB9(;9eR&Lw6vx$Z=r_b^4&Hic{`TOYVwf!|e zvLE|qX{K-9uvO^rGqVD#CzpPlKK{uw@7o!sQ|*btKQ7g1ZP@zZe%qsK=T^#`R%$Qd zF}}2;UMl-TT(yv>_FFQ|%zE}*Z%d@l${&+6n)KJ9v`xTi z-m^V5ZmfaRjm*0@?>zr7XBb=MYG?0T|2CM>-}sqgdA{KORwQru-sM%m#??6!%{WJGwPq#gIc{g4M^EjhPv_WnV4zr8CPW-JTsWvFv9$Z{O5M z_vC&^ugv=O_fVGAsdG&amu$a(vPbUFzP2`dz8~8Uzqw}4A+wMrePWF4`u6uFy0vLt zKL0*5v#(h1&L5?jm8!AZnETK_{`xkl_cP_ED{a?d`aJ9H(rYF0g3%`BQf1!)4{*=R zp7~?$lGhVomHoQ9_G2d}Q>ZP+>U%OD|1-3HvFM%ieZ$OC|2}M#G`-DraktO&!ZPK_ z-+2yhS+5!XZriDYSMt9)m!xb>T0O_iI(+qys@I4A*<6l@_7ygG@b+lYKf@2Q$NI|- zaqKU->!%$ask+#7sdk>{18b8#TkhuPwS~#-E??W5?$N8`Wn!J8!gO{1!f4lrzLusQ zk{vdprWcQ{%e1<>hV@XJ?zH$QGj(9 zx@+3IT%~`vyj?b)vtSpUnl1mWcF)8oZ`d1rOPm(FtaXmLyl9fC*{2B-pR`&EqF;Ph z$~-yIzwG6`?I!p2{x(EDR^byjo&BiV`t=FlHDPBb6mYE<-IJ{n6Favn>f7>#Sz$R7 z7kn0Yk}IpZt=ua1=!DO6R>+?Bx#pZP>)uTD8Hwt)MOyndmR4uytyq0fzFc%m)?MRJ zk#8y=T@>kij?i=;w_$b=Gye%?<1akD89Az%UY>-{~3(#oIBYU5}I4@Jjpwa zx4@jQH%c=$L#8{K`H^_bn>>@xwOq$FZJPL%*H-u+kxtn-WmAF5gB5S%=04`l^XH53 zx^BL92lJM^2iIF`96tW3tMaTkz0FN)!Mv|qMV_x%wB}7go%x6Nw@g{DivEndx7f7R zV%{0Ce#_&cH(s^LdfiP8KbSnhIHG)8Yl_N>2jL-!r!2i*9cNsh`T72<7n7LxD>T?` z{lfp|=A#H3)u#T^tq~*K*kl-Iv#sx+N#}9xrynQAH9y$>yV^Q);mi%OzohPc z4>O+h-KYPS@R9uFghlK(zje+$rTKDF_Ng^{JgZq;RCe64{1tZo*j>NR0oS*CD}K5% zx63MN$I}^84@gM7jtXchPYH?H@+Rhrji2tP)XDD)yB_R`U$ytmu?HSLSr%*mmT5eR zH`s6SAYArQbo=K1Q~A65vM(>?^*36*$?~j!;FAY^*1x{4u|6p>_vY(s>t6}g9GQ45 zTkm0a%A~?sUp2LrPp$Z>dDpT`^O)9(OyjM)LTCO<-fwqoL4>!VVjtt9U17&HUN9Vd z`#wA=K>6o!|7#1jcdKVeni`Y^ING-w9&tK7fBL6|1$X_um^S7x@Ku_;xRPfn(|2Qu z$`&b)uqP>L3(K6&too}}K2eY}Rn&KenUi~em7wm#b14NLves9NZYqdd*cRSe!vm#ka#$7cg>} znQuH>x|XlYdVa~j19cMr8CouX>)tlww$8R&HQF`@kKg5vtv?!D=9~X$dPj|O#eL&@ zTe9kJ`cJ9XTKJ!VWzpIDN6ri0w`pKpX4y0EfySEs9a0-}{X=)BN=y!z^6}rt^>&N5 z^au4HUCC25W3tZjCX1Dil3wrFTKp~i;NyD|$^EaR%EBKk=d*aUF=}q-lDx+whz2oZ6gh@o4VMEcfW;_bNG`Ha6b5(!at< zg>k;9kJe6`vNf?z@4TbeUfO<&-=yoAt?=R8XZvjS^uG_gv#B+9_r_xu>xvJ2zu>#9 zt@o4H=U>-W|6LZQV->bxYoAwtpxo1IuPsi*|J$3A9c5DW^!&V6qV2)=)=58P=}A3! z-Z3TsZ4ZH{Bu4>`{^b@=jCM3?-ez&HetL|GYXQ#l3sWzX%n+mhg1`)(2a5 z3Llsq(YIAA^V_vEmo}U(IVhVMarst8(Y9H#S2k=>y3f+bA@aJOFXl*OlTh{VaBs$t z?vl(cef*-a&vtZceK5Q8_kpIyE9Vu-cQP-xaGSl;HhXs9kr4+7h?3 zYhT)wr>JQ>p*=x)dEVAty**QAr)eKi?pVA+VVUhyD7xX5zGzWBgSy zJ@YeWF3#Gx+Hgwamz9sM>;U{5En{?h9|FOLN!HVY4-kYyPnO zo8#`kOGKA^wA-({Z@PrG=GN(~vo|c<%5nEiP`OR`k$L)?KFW7T2lqV<^n1JKtIW0b zCevtJ^S^4I(^dbyF#RI z`HrLaKf|F#rkZ>EW`r!2cvoO2{bP1+9!J+(2Z@LCc16qgUbtoVWJhq{?C7;6R{np4 zqK`$Xtkqj)Lb^s0I5syDermuoJ&tR1u&nKd)};i}~F3Ny|UB zZs`_3+?!OX81r=Eu79HT5zBLVr5190Ha@lW{;lxHsol{(XUJEJb{GG4sMz(vWZK2k zhrT8i#yy$;!C${~*1bjF=E?mit$Z$Ne>KMCa6{eHn?Iueams%De$;A~tKD3-nOPhE zee&+n<9{3~buC=|_QPw(kKOvuaI|0YRrRGupA&9>uT;6Nyt>By+MdI5d9h8;8RW9R zSRaZ1;N#yC&#yS`@uTu%y;7GvChLmdUVL7@xANLb@jt?+AG+?=Tl`47HtCr`f$sIX zPqrM77QePR^-@%7&wmCkJLy^9AJuoO_MP|qaO8JHv8GdDEPI=Mviz;)M-$s*t=+FI z>vF&Ko=1iC{Cb)2OSh)Kefxp?;HSUSABG)iZ2!kG@7txLkLvs9S#G}c=CSmWu4iu}+iN}_ zSl4{)^nV7HTYsm#z3us7%e8rGA6XJ~GNm|`KO6TM$_A+I5TXwG_?ccI5>RdQ&aw#T8etO9p&tKR2JdYg{IDCB8=ZW9$_ms@%{ge75 za_Oxat*a&-bvM&CWqpVgP3UvKbK?Ek8uyQ@A3WRnA^K>~`sL?JzMr41%;aUMK7VP% zhsqyQf7}0KWxWuiTW?y`6dsi+fDs?yya_t+x@N250`fRaQ(JkJ!f^}PHBl} zJA&s*#u|nkK0Nitk21|`72BgXlqxG+tv>OzliMUYTkh}boj<<+wy!w-t>U`sZ{I1C zUu-%NrTI9hX6xC)jjwjqtDj|nQJvh)BUasxHnGh-CDD2hU;#&=__veN^YC-M&W5hiG5V+ z(<$OCLfwkY46_T37x zl?j(mb8p^yT-mgLRmNj4ook!kG1M%-zBaf!WYeb<-y4gVP=_4cv< z_*#=MH$`9M*4Ev(w=1;S7RJnf>;BRDaJ=w8YyBP@w})lQ0FllWp|9o3aY@+E zV$!dd+ioA=i)g+tq9Jkj$l{Ok$1c6P)g#AvVNqtj-VCM_#!s8)6~|rtkpA#}vmJXy zoNm-(hpzWgvw6kBb&mA!sh4{2pCMhJB_i{h;E(f1y0(i?*E+NC`UKAtqE~|y!57XW9JLhTl z*}5Nzn$)@Y&P=o0J8v0B|FimN*8I@o*)eYXSkm|Qi4^DkHt4p54HUDV6*yON1)6F~LRTy}S zqMje|)-}85Ug^^(Y{9X%+k|Cb#-rCVm&d!PQ}XZOBc^Hy4VzcPrmtMW)eR_jo;)T9!r-v+A5ey!(y)sLyec61jJ>=wJBT`QDDbN%C8wI1?w%?RY)w>-nxIkB{~3JeOA0t~*+D&G}D4ndsxF zt+#G3oc!)-Q9#*pVM$$|lbp>J6aOW+d9JwUohn5sueec#4CT$OyS<9?*E|f8Au>v5hy94hekNb0O*N z`~@q^g=PpoXPUFoI(0U4*X$ReU1yf0KmD`Hpj?yDxc}0+8Eh6$zORTovpA2X!9Q!o z8*R~UZ^aYA@BIW<+N^gBle+tH58t1jph}qsmsJ-nx#n?j$@UYsELQB9>3O7w;fw8S zCy5@fbK-j)3&fl!|GMBDCGupu(?Q1*%qy3ntkZrK{oZ$(E~EsxiI4JwP6 zb4=dCR_kZa9ATyFTXgx4Nu~VCTbt4I>3C~SiRtI~WA_`k&y%XmH~H}-rE~j1Ej~xd z^-HEje5$mRFX7V9ExB8E@XPDht_g=(@1%?FmE2O0RPg<(yjczRkF)hl``_>j-pP0P z?K!15?%d|1raN|T|GBtuLiWjhwl#wLFR9cPA1+%OxrBe0odvtee}?A!QaSIR#&cyo zT{M^NTBKD^;lH}Ap$SWNPL#+xC-_oSY=U`r?Bo$fzkwqU)P?uz2(Zi_al!{V$Ex5w!$sjDkYS5t>=H)D13fqo5N$1 z$tJVC%&cVX6opvtA7j(@y4mf$(JE=9;v{!zf#>tGlU?}E&J>q;G$-qO z`Ehbj|FOx;WyWVMo%Q9mxcC%u-3-zUby~)r<-nlcRaC$!u{wOCO7Z*B+w)k1XBK$K zuKIcI^2F4bDn9daXb$TD2^YL|1#QCWq4?YJ} zHuLbW^;P8J7Y)5{d2j)HXTg@UM?+fkmMuzGNH@9hRH$j;F1and+LKmjE&cWRs1<9u zt|BvcpvwLO(R+P`PJG<7uJEm6($S)&r-V-|yA!);oyA!r4xyte^TJNrZS{I&S;`r@ zcydIX3NmW>P|JpL^30He+eebwjY>b)SQEsBbDpPemeuazkN%kT=E$1W zCu|+x`o@GACGM)|ls+$0knMIm__o}&;yK|)+aH|qd&Bduw20TwcFs22qp@?l{7&5W zb+%!98GN{Qs>a!vFXb<<*gp-+&2O~X{@Uv->($=&oe~FXeuqj=XS}gLZ>sd&g{%`A zznVsQ&wcRZ>g1y2!scu9wreroJ-;+x_QFZ!bF$n=5pP`Mibm0 z26i|2iT(-|yBZer=g?~3m7?d)Us`7^`6A2ohl8`3#|rt-*L!z`MQ8E+nf!G{+>?Dy z+po8IUOyLY}0I9XEmV4H`jYr2X6AICDuZ!7Qod^GFI*%RAUZ*BT~Yt`OY zPZ|z{TCYCF6`)u9YR>iS4HND(Us}_y?79BiI%lqxrXRJ=&Raa^s`?(*y6?8HIP(h( zceQOX%$XIvi1BpVYG0$NIvi&mRbLru@1E5VvsyFgNb=Ve``S$|+WBwaYB=H4nwiJk zqk23Fcg&kI>5jyeZ4WPPo}{F)vN+#THMxFjg-ZFFoeBbX3|T&3Nn3aCRX2x{LqQeK zwc=L+Cnw!+^$Iibdc5GKOlnJn`j1}r2|PIT4Gi(wXsj&s#sesU3`M&uNJSuyR))ZW(nTc=4c!(d%S#W$i{9i z_U%8eP0@(-v{RNFt9rJ+J_HP`JLae$18B>+E~Awf-~IZ*@DOHQCWKBIUN%oYFPF z7p&p1SY717SA1!eU*PtnIUdG&H(Zvpe_UmJ!m$1P*4W()Om4nu{>nT}RdU%bSNk%v z91Z(3!)yfqnKrI>&{wKXdn%FG@FzR3@_=*WB#U+R(K|h^&Mst^T^%9w+5PN&$v+bR zWIhU?S^sOl=Y; z-uhiPd9gI!FhsB?T{QTxIm^P)%ZPDGlpJ~I*xq;#C+^cTZ&U5R%@a4do zw>>-Wp5I#%r@C#ze2bM2c&;g`DD&=_*uOSkeBsH!$ccv;BPIHN95@@mu5yrw#V4lv2P9Dyj8wL_>c=@$CkG#?3kr$7ccuc;-iy`S@JQ>TVc zw@}+Pw=eB(uXpy52+2mt+YMXKS4?}lVcFiSw(*Q7kJaS3jStg#cKiFJ?Rd7;)=KV+ z-@0peBxWv&St--?vA=(x)Kt^@x6&zxtirdyY~oz&bfU;T>Y1HcMV_tqp|nT0Oi#@# zusmuN^i*rD$)odAO05ed4+}TcT3waMIrp`q+AMqdwJqB=@2I$E-19{0T+>OH7NwMV zm2YETzNom=wL)iUJNJ9vux&59nZsD z7hO$UmR&3k`^bB5qq4!2Pj`D=m)-O%xfh`_Z+=wS^rfB_pRO4>%VqESP~X(j*R%4V ztYOg86EhxjhNQ)HKkQthD0a8oT!!llKj#ky#mM(;7SENo{jq-Vext&)6iIevrETfE zHeA*{v+jY`*Rw@_!IP~uFZXbotd_2|61eEb@WMz-HvLFI;Hsy6VxIet249hN_183t7yA;A^uff5u>e0uB~aqb$+T^OxCtO_V}_$|4DcFq&DQ~FA51CGMpY9|hjFuD&i= zpK|fssaGDnvsP;h7O_mYBP3ciul?i7MO)J*XjnY|vWUYa^V7NuRmInqxM}^F;PCpa z_EgrQOYS@xl9dOKvblw5$uE4gh{r);|7DQ{^Hn!h$u;j)4o&Pj`c!qkg{HyD4i|9E;-&nWkeQd1A$yLubnD-dSH=oTVDG@t2_A zmQBaso%8y-y0J zxL(OV@tC&c-t$f^IenM?r(U{mUDco^>*c&;{OcSmrb2;d*|=8bvw12=R6i&zx;>#k?kM4XUAIJ_4m_0 z|DWOE!hf=Ness9!=RHj+Ja@k8m-oZfS=RK3i#lset{kgQI5H+8A#`Xizi@%($MQrGuqc9id9JSRYkazI>PNL#M)N=PZ)7P^2{V0vFt#|pe8)AD*4B^TJ4N5t zf7rCgFn8*KKgp)O>;5==XxqK(sD4XPiPjvc6+sLAA5_g*FFP~I_NHUR&-usZ^KO05 z>G56c!|r44lbS8oWjQXb=(@SabasH}<3gFP-}!zY{96|N@T^?iRy0*2(|EbonT>jT9(#T3d){)tBK$}l^PYbzmAHd}$6nI(eAceC-4C;uZ@rq^A@`?Ad;Zlwic2aQ zX1`U7-yFMMVLijF=W{L2S!LCplQum3IP)@BOt#5n3aQU`*wWf?f)s@}ceA>_c zGqBafeC$75-Fm6UpZjEv1nczmqHp(c{g}G&$EK@l+jdDLSY4kQ&a07AoV01xl*Q-0 zBj&OlcDvj+)%bKu-P2R^kImjCV3ZnDn?3K6`?RTkD|(d6m#>;&pqV`F;^xljpO+dP z;Q#gX&xiWEFdBLsMc1=<#5cRYA zo9$IteBsr>r#E_1W<@DqetXFB)|#EauC{HQS~c^a__c}yf2ln`xx>2pPO*(m2q=_)TfAjDisqw6RqWQF4li6K4O(O+w{w% z6t|rRP4;%H7Ti<+Iq~(x4GOcYAMH8+(Ecs=!~3FMCVPVdc~9mr9B+HJH_6vxOJnK9tkl)}^5g#ZPwO9K9lvF=Gh*tL zlE-TEH&5xDvii8UwP+xB=^riYvqsW8W?5DV-rpN1^l~=W&r{N`17hw(c0@kf8J1uX zP<5^Nu%+wTlg%s7F3R|PU#7DI})6(@ride7Z*^NQO3HFqMspWNlHSgKy3E_(LGua_ULcPnL2HL9GHAYgUf-u_6e zb;QPLk)|1sx%E;)-=6h-XfIt+e8g&3rrUFE&QoW?*H-ez6F@#>dneOGumS(AU%KfXKleQ(~Ej69bOTV@B!ZoIa0WvQ)~<&!XN+gW{kE7o}* zvFCqNn(O(;_hD|ttyq`cH`(2kc5Vzi_I z7`?PWeAl_wkJ$$&zbvon65g<&;D^Gsyy+huZPFLt|55x%Z(q-bZC5*&Jb7$$z3oTe z=i|TTcS^hb2u?OBtE)S*Bl!EVsz+N6B}RW=yZA-LkDb4xdf!y9KMY#TeExyojFPR} z=lwex{$yfwxoGFdvfBsZxA=8My$|>*N1){uqBuZzydsxMMxzzK|Q^G3{3dJ7xqfKGiRK{FZIG z?eTAUf0xws3%;xq`1rjo%vV2PLiFEN9@|z;K2}t9z574I!GzM&x#o}N^**rYyO-?k z?PyZA;y;7dB;P9b!xH-+W>y$`{KziO(p|dwN|@_z$Iovq&tG1b{fz(i_bBi4w~~V| zEx020N>`3$YhR|c%2b)F4>!z@KC|+4Y4zmxqMn&&{++iIzg83f(d@9##RQ{x&!W{? z4F!Bv*KgOU{heoL@yGSrm)o)Rfoa=4A2+=`Jx8hJoc6Q#Kh(>czgoZV%zhk^*OQyF z^upV7maqH0e!V|pXZCl2op6ocwvY1`C|%vcx!isJ3HGdIwboK^AJwEvcm`M9IJe}f z)-2gSR`ze^e(2-;&yb$qX&&~U;icGX9r4SF#fmaL^B!E=e|Ub+{Z0Ib_<2r#SbS_! zRFZkyZL|TZ+y3&Azm?d|Ipm0o$X?X61P+y4y9O%GROhwuNp(oQ%! zCOb~iK=qz-TWa#uz@yF&(VD!}o|PR(c1?<& zH`UISTlkOuNB`sZo5H3=g>7Cs*Wa&t;mq7$D^4D;Z>>=OBNG1Y@<*G0R^5j+7oE;I zCKl2ov+bFL{_c($%wy{As5#{c8}PCMlq z|BqE$@6FbGt*tI&#~(9)nW4Y>q_sUEPrk@+dvbMVobV6-kDEh2Z2qw+*Y5AMvd>9u zX2&co*Qp=8r}$(0+J6_ttU}i=J-X-PDWQ;<#)Ipx=HIyet>y3BeI|btwtqOgZfe^0 z54Sj4bedHgl)DapNdF^j9kB05|EfPJvsAXIxlOvH#AZ0D$YTAvqv7*JcYJzL?##97 z^7FoDuJe1o@-n+^xuDu>ciBW^lE=LrE4K2tf7E##w)5H*YuO`g2cGQ-5BhO(<;!~M zKkg6ZMQ(YU&YN!;@lL_XC$%~}dclu*$B&m4#Ya?3%U4rI1n=JXh-t*)3wo-rbo40wDgXJQg?8tu}6Z#^2v20+=)UN*wH=^_#bn^DN z^BmlB!jj>GcISuwBid)5d=1UJ@_a$+_c+P+`or z-5>2PANuCG)RWofVV#>TZ}GQ!(HhrkgOtfnc;|3^)41#(ysp<=rRwSzsn(}6E#><87cF(n z7*DSE(lc=D5;NITy8QKqILpj!d;T++PxH@uuukWz(9zUwdD82&FKk^~^f^v2>(<=K zP7f0Jz0TAYap#;B-BUE@!Aj93S*!09)^f+O@7=lW;u(MAcf7rO8`eti_~N~Z_lxCM zt!#7OYhU&{C5!I(6x*)dXB_&K*XY}$po?ct9A0N7xAn?uO_xhzRuO;XAKE5eRKB#H z#b`6nMqAdBdVU*i{nqu%uJk@SvC3?n^n0!YKe9i(KO(2RBO)Pp_Y4iyz1cgi)Cv7q ze@J}ArkMRxC3zmsR&2|jF7!~#@8Ox9YYOjg5iy_sTBIs>GkZyxh1|0h6=~9UjlH@q z$NrpFap3Uv;*ZgRUAfhMTefcu(5+QQs#>3?s#@v%RS*VJ}fot`7V zGx_YF*oUX*^T%(vn73!k?5P}gHUBg4y*aixw>)>%9kIFoC(dQB`6zz)^z&UjsW$S{ z)lJXDS7e7?*ebs*Piw)`nN?D+7d_mio3+M1V%E85$71Cp4tsLV*O~w5%X-m0f9IRl z3ucGcDRoCpQY|XjX%QHAvobw%jpN@1_1E+ml=u2C%1o;EOx(8pPE0~mRq0x(XXQpy zMEi|@=r72YW8L$cb=zi@Hz_As`;|?eQJB}{qKN!clyL#$g&)JMW zE!Vs4`0yxmSK^L4lWO+#q+FL?@W*r0eYL5nIUAb_*4#h0)#Sd=YdfjA>(|TXEl{_P zc(!@9ylwYv7hHGM&tGC)(q$K^`R`@-1?=_B`{VYbb@^+ve__+P7T-C& zb&=!wDjVzMrMIFUhwL)kcfsu)2s%O3yCqHvP1)w@m1bz0|ATTwbN!^B6xq`w|-` zt98ktX7lIV_whP4F}wHJ>2BNLdtdos_iL;Jvfv)Y2Vm^TltSRNXO)apQ%r%xjA-y%w_CW1i!8e|J}*>(OGD$8}0sx}~+B zCx7~29JAzlPQ%X}H|^}>;o{=qY>tB5yLR3b3JYr5t*Ncdb>3SvZ#|pD?gsxA>w=Fw z)9#pY;>qLvd0#Kzb(yI-XV%j{&eT7B=ic1epi&nI@duWqU7LEeS; z*55HJ{+qRaTEv9av%VxQd=}zXvQeP7$#!LvSSX8(+}ENO>u|%JD#u4W=p6%UgvLebB62z;VuQ$g3QIbC!iR8 zlazDbTopI%^ucV&{KH)*8Kfh_Zawmt zxi8@D1>vK$rN3=n|7T$T&yd33X7*2W$K|!}_r$JR#8LB<$E~{STwd6PmkXvF?))(C z^yBw$&Msfyy8aKsCX4O6jvn{g!_4U$^=%|c$ zV(vK%cRt5V-InY)&u)Hi#>?&2DqNg$%O-_udY$f!8HG}*n?usB zecdXTqW$U3bGfZa(X+Ex`rNDPD`0iiTk@ixqtSs~dT-V{wy=$ldIKMK3Eej~W2+9^ zH?y`-b>CGL8QvrFzP49QxR>Siomr+wF#6j+rvp66q6Jlwr%tT7rF`G(z0KRE3WjUP zW-f4i$|2jqz&JTnd1^qSylL6-fWT>=k4v05n=QJqXI|U8$qO@g)wr?jYYzBo2t+faS>8SWi(cuGzEV*Tz}*0gXd z+C19%`#*!s`|UdC82`Pi3fFw}pP{qpW`yps>1j4!Z7ggvRV?OSeYQLM*_+x4O$9{- ztYJHUOnlhSe@UdPBOL?$H}g(SRQh{xLR%3@A5Q{3tvo~BH0$qO9?Q&ock(% z&UF`s?!eA>yN(~9&m5WYsoPuj(-s%)j|ac5x9xs>bd8vw#5q;rQ9eWfgC8IC_fM_ZIJ(ezacZ)$VJY zES~druU2~X?hq@R=amOf8(w!k|9W03^M`?>hVM?6s!N3zE`~IPx%Dl6{9fqx`6u3M zw#>9yVH)*3{-fTa-Pg)E=T9kL7rNEs-ICu4(Q)PG)zg3O{5f**KLe-E37gFo((25ztEcY1x-4BM&*S-=P~jD>x#sh~HPzN_QIdAg zHSe%HojbeJG5CF`{IP2V4o}~U@a;HTP_?~t=^mb@8s-CQPNweIZ5Kb|z|@0zSH0Bq zJiY{f?DyO<G=TP%BAn-mgma-l(+T|yt;B$PH|jJ(%s6( z7Ryg{_I$Nv4*$_wTGA$Mao&Hg?}xqHmOj$n@O`q~-TNg~SLCEVH2Zdza{f5a5T3r! zw!Lk;yM)_`QyWDmhnx4j*aRnEn-=iaLY94N`TZo9r>+2@e? zr@32Rl+D|kfB3~dH#evM41#O^&d{1}<(;WFi(lac*LRj{_Z#-9{doK^`%XW{kG2QS zl}5Hl7ZmsL2gdx-e`2)C&0n@SR&09q^31B3UHjHc2#KDlT=Q&_ukm{RonPfU>L0AO z7kvAVKhvK7pJeT#+hN-d&ib+ZKJ#|d*$e9rI{atI+ncAF9WN;0XBWs}`Z>PA_1@-3 zj0F$t&iS8i{JMUDjpFjXTNhO(CpF&MA)_?&)v>u2$CEc~{JUd+zVOtY*A`9DzsDw^ zb;o|&^S9L%YeiFbCNIQ?B81d zHh0P9yJr{QFrQTy__WX7>(+fs+B8Z zj$K>BGE;qTOipi5Zp3rN569a~uIaK(ObnhZ#PtjdHJ%W8#wO1T-PJiw5 zd%p3+kd(`!Pqw)zERdTaIO3~GJ&MQ)nj zoy=gw&bH_I!8*H-_YdgH^NUp^rB|EJHW%ByBXM5#B^!4m)o!$V=wniW%i zxzb#BM&X5jrZS6Leg=NiKlq=a=RX5yefE5&vkP7Y98|e&cIU<^x39J**3a3W$$!KD zs2#&q^^eOBm70q&ez%>(JXPk~dfx5VY*If2A3OPx{o%63rfZMxIXF+i@1%pxlki*n zH>>{^;Wu=hYv>o4cQ0k?EWHDtncw{>GCUraR-kKeWv+ zU0So>>~hnM<&l4ED|sd<3vO?y&CWh-%_HRabgJ*2x~*H6dra6f@kHwcp2xPnL6eO( z*?bQFQN5}mrH5%nRk&gKL)-APHxkbA*}lH{{_V1PSD*B5Gkmh}W!L#!8)t>ggx*HK z#n-mIJOWyiseEZy`(V32ce*!0V9sD@ivv$Ry zTXFMsKD8WXalW)~@oeW0>EE&zXKWPHZ*uCH6)n&6gNt39*{#WVj!>}0TII+i2Omy7 zKk@Cd>r($LmVNm9K>lb)zv#AWQb+F;ddu~eo!~RLFu~#3z6H6`hs&x?-95PIu+p?+ zWqg@wTQ*c5lJ{*$nZ&d}CT!lV2OFNBxfR}6lU!YJI(3nk^4)`pU2peje&9Z0)%16H zpj)rwNs0A&m*1M~PJC9|YUJm@v@K^zkIQjJ@zW1jUq||_Hfv?6@`QL{jHh17=CVgJNG99qy7;h1nEQoKnkdZ&KW*NcyXcYOFbk7I@JnnS*4 z6@OMLExbGRbW-J(wPwd+n*p z_O!=pW^yZSsjt}X73jY(pl`YSWBo4kSt^@iV?3V5?)Y?NPF?6B@83x;rE-to%-_0W zhs9yd7q;0~zUqtrvHnrNpt8<*!?qby4|^&~Jlj!Wvi_#{qqCo*yQ8(M+iG_QwyQk9 zwXG%MIg9th^|$K1K1x(>;l5oqak9KlL-G4r5B8+~_NwvT_)+}EwS#&I<%e{Nc%Iv4 z*6G$Ajq-1O*S7jWuGdrDrLhNYot|fX)%}NK`Gfh*8~=p#`|aMb`FGGkmFo)cgXdHg zMis4=*s-Ly*ZAAMu3MEQ{}}`;>MCN?L{CT;zdpG3KSOgo-|`>FAHDw(xzEyRW8DxqmDAyxnZO6CcW0ZCPv1K3?Ayr}c5_lkLHA0zEfRo8k9-sZ6;pR8LsHC*KIsdkvJHP&w@y;_x z4@yXy+&-%wdG-C&war$Odl+x+iWPq7`yyoCJL9b<9$YGOIXiP!h}GN!+)|T{GId{-=QlYO=3lk-!PiKnWsjCe=K9 zv_ku=_&C>CzYV*makKM>HF}0dyUq-5UERAJ~Liq zy_%}5A@NvrFvHHtrq*VZ_E+`IME z{$DEG`wIJtZ|yC9e7tXu>4SRC{|t#sAA0XsPVqRB@b$Ge;{Sw+@{u)6#P9%;Q{JFyZB{ z@Egx&DhkP-I(u+!kjKd-VN>5ORdMCx>hpDwQ2cp=@kW1?+ce=ReJ?$2Bg&U)TPe${ zSUt8lZ?dLcmfI|B`}FPHnJIGN6F11Rd;OaKp!~2zjr_vJcUSy&=~(9}xAk%T=J!o` zdmLA*emy$x#AAiug0p_L`*$2@x_?rKiD60Ex~Q*0Veac27oT0J6PTmJcs73XHXWNo z#f@i;?p|d`i>*A)?$8IW3wy)3cvVBz`c1LBoH6NSdQLi9NkvFfbJ_apG&wCQr zw4{q=iU6C$mo@K7RxAnm)V1(V@o|aw9=Wsk8QxmAbz`Vn;?~CBTSdAj`HD-%I61wE z`Ri({^jPJ&s7BCnMt`564v*kzue}~{PyNZnRd(aX!^;aEcQHEsxPSdu$OTvH`4b&Q zJ#TWpaek`O*zm^w*lN%G&-}9`Y{Ht4iFPW_`x+O(p!+lMjOs$Kh{pjT8%-m>DXO2o zqjjhIirnL^!HJ(m*|%ru9Z%9s>0sW-Vb`|#`ORmR^^as`?N&B6JoWAM&#RFE^Q@&d zn|0;dOk5f9m|3}PMZ(O6TgR8*GcBCnBlu-Stf1!v_j8tO7kn|Cv`b-Ev~1j|Xzthb z21XByU&mYgsrukj&u@D4r1A$r+c?MRHYO~oYM7pwa`>!T5j^hG_{Nme0bYgg3c4+unD*)6&5g}RORE%m3wQ3@dM;Bf z{O_&xcP-bgciA-O@%QA(=S79AUcM-m3ZD|n;;y*6>zxUATD0S{WgN1vCw%xit20z0 z`NE^!-JW6^SH1ZdM335@k89rJea+WI|Cw@n=7VtO1@YeHC4%kD%uE|~a_0qvx~pH> zRnHrty5wGUPaCt{)mdqqCwbi4zD>YO=J>>yQ6D*uRJIm4oLqC>TH-L<`|!lwkxI<@ zDrIX0&tABG;aX(UeT@_9>z_wWyv2LFDb$|dQ^ZVS$2pNF38ibJtq)c`ac2yb1?BHo|KqpS@S_ z17>Sq&WM^LJPUa0wse&}@0zgiAlssZ8?XOWu8I~ee0st4v((~3opcMEkjr@`TGCxh z%}-8n&)dqAd8aG%GiOer*BYib%8kB!OLET|ehP1%HEEaN-8(87ZdPARU1zrWz1y1Q zdalU$Wyo{ZW&wxeQNAxiJeEvPRGc+i`0K60^J~L)?g&`3>S~Oy(mLmWZKgMFY-ZR# zac*F44!phm1&VTQuwX9LwV)*s+M?sZ| z^R6DMnD)7Trtt~G7ug#>`tF}DSe}=C=1=a*zmpCn_%G9raNlt$W|_&X{j;@K6*eDS zEmnTUjdNYl?VvkHHkX<%%v{l6{Ooc@yYRBE&!_YE&*|DI`-7S5Z}oNC{8c*3pV?Z4 z&RBOm;6Fo@i+OVSZ~;3%HnZBio7l=j-IK+l zeuqmt7tSibmFS~kslGOC_QJ_$U9RUWxBQbi;hU+-PA&WMdmZwanSAD2g%xM{U)USA z&Wlo>kfRpw#vWm%ZZ; zU5%c-iSt$gd(1WGSM#F8glg~CuMM6YF?YgLOWq4tPlu#u&-!%VjoWCxk5uw2Cc&+J zj+QK4M{3<1W(L^{2l&<&7BKy6Z$7am?#QP**YwiBMP=@`&BA?4zO8svHs_JSO}VRUGanw=nIrS5 z@@!V-JdvimejZ5`k|OgOPcJ;@D)UKLLPB}x>TOlpcbU}Ej=kyOdhzH&U|o2xpDk;2 zvtOrpmKuMZmSx+-bMyI6Z&@Y(=ylgLeV!eTPc2`cP+nVd;YRZ$@ugndmO3(&J_wFl zG|OPo1;NA{0>!@n8CufhR{0s9VA>^7@;!el8*6N{$K#2UojRNEJY8F|)O^%h7+P*mlV4D>%J~e74y4w%ImnR>cXmXHhptz z?WHcX87=5Pv^w*{ud6?jLe*ylx^0sZcs|)T%PZ z=+8B^j?%trj}*L~&$_#_e{$EtVy1IzdN2QHxbAUH+eueHbo&+E?fiS#t7ft)^ zTVz-6#R_Q-zrrxr2MSHb?;Y0Ixii~535}fdR^7hU=aV**;g?mH*);qYE*Ei`)@pfY zPV=qJ`J9rbWe+B_^zA>lIq&ID56hQPM`iMh?OtUnp5A7VJ@2~S_nLJU?2}k?Ua?Hc zpYc1~bcN4nCdmft-PgMB8co`H>c?|0sop7lz1z9tL?5lSRh;H={aI>G`t`N7f)zmz zrS2v0Rs1V`a$nF!XPU9ew;l;=nSQUEz5iTKxvO3e6TQci(joqCa9oZ$G&k0Y?T&{a{q1!7q&vnu6{q z$*G6o>lk3hs%iL(Y6{( z?ao`0M%vQOGuOoz$nxoyMa-RBlHr-cc;)#PddgN+fotb@8|Kh*PIp%Fk6@(UcPZ)Lr`A)FnE2$%occ$F26P zJrH=|`}%|rz2}np9Mv2}A4v&TJh?5u;{2t(%@6mqMGI`+VDo43jx}mi`~H}0+4#~b z<^qS`<=*?}7Jf|L`>a)Wm7Z7MyuDevx+gj#eTbaEL$CFKHw7s(I&= zYpt_)`UuJ#Q^~#m(D%3XP8EHog`dyQx*h#-t**(Ei<8yZ&o&;-NM=2AYUR?IDxbDJ znO7C=`fxt$QRVi%6IfXUb}rqxEmPhuLPA1abpK+f<=Ri@PwAVbDSz2UWl4$T{L{0ZTfJQEqPMK?uI%S| z7N(6WU->QEbhoOwt8DRV7M9ALJjK^dCmPv)X+1p8-(qc|be`HN@zuJYH}DkBxw=;T zP|!Wm%p`>rx%p8yFV@)TEe{CT!2R;l?pp3ctJzO|eDZkmtwp7}3-@Zt{Msyk*pAKj zVAqphNxT0tyKcU;z+q$4fueg`-WvNgofA6B_a>pxyS{4L#Ob`ZuWjruN_(fp?R59r z=G;uqS^2y88RmquK0YsevP3ed%&^ZPFz84BkxV6%e8Z!KQrnhXXPkasq3poA9RXpx zEtkffIRUF)80 z+10=mruKZlDO1+u-iw=4YO{6M7d_Fiv^}}|cTMQv^thZ!< zRnNyC*OHHI+CJ-Z6aQVgDXL3*7fUZ@TqC>TAwT=O?~ANWgUb8Lu6>GJoHs$p@WSJ@ zAv?DDF0VK!`!|bMSz6MQ(=9dR@s)W~zIXRD_w-G**_gb3{ZbR*t=;`TLDeFmse+#> z-=BExx`~t7&}UMu_2vE<=TAMpw&tdb#Jqh=9jod zywp9S$oR8g;hLyUc|f^)+WV&q6nJu;oLh6 z?8@tx+MH}jRi4$QDdH9``|Fy|wOf;20z)QwJYJfTy=IY;WapFOD9g{v%Jb&TI(hZV zjBigS@JAJHZTaH{!``e1Yb8KQiTsrprc=6sffzeuT zOH^d|ZmgfMmdjLQ+1+)uVaDR!ZE{8n=B{7)SW5QWlK%3-N^OZp9aGO$d|B83EqHq9 z$M{ZtzrD<7vwCV4xCckw)BU@&{=xjy4^Q9KyL~K)bDkQ<#Ur=37x!&_V$W=!`&a(J zKCNko4@!kZOM#H9!~R3E+76NYGcNqxBz(U) zj#uaV#=9pAK5a8EJb!I(`?skdbQ>vOzl1$)?q=h?l+dW+{UpRane?yKaN z50^UoSQGA4EPM1iurIp$z;TNbQwvVtlk>La`pp%YV{X}98+1CPb<5hS6XwY~D@Auc zg*~`cDb2qT&zzgUO= z3=P-Ww=B7N^Xr`Tw}ag=~NAXQh9{V_&BEqg~PVve{_?%gz_7lz2@J{V^e( z-LErLmHC;(uWPGJV)BZwoGIKeDQ3mPul_&0*DgrgJ+oIP)Pf6w<@ zbB@IN?&SQvV|Cd*sf&^3rn{cs3AxlYWtRKKwlhsBi?UI}GnCTAxq0M{zALuH_UV6G==k_r77@2>j#!FL6v?A|VzSWp7UlAO(FJIvJ zx6GUJXC<_1U%z_K5mRyQvGev`(`_|wY?A$=5C5tBFs=OXpW#^Gy~8<|qW0`pPF`-S zeXmAP%;bf7qt`RTqot?TXayRcEfm}|Mdz})?jG&O+%LAryk>R$YVzZc;3J8X_P4wH zzpwU)iS=ibOJa~+C9mjtaN>{u3>nvFYfaqO@j*Fm^S;&ZG|gK~uUc4Ln*T%8JN=<< z?Cg|TADHd$tya2pKVNn8yJIbF8b3qr=L)Xawa{y;+uC9`{x*Ldx#EhBNmYNYOtX`^ zxW}|=`>nnWpH`W9J=Qp^Plryo&lch-Wx2j_d)vFiVjlYq zLsWiL=a<&a>b<)Dy+D(+Z1$nE1)qKmF8m#rfb9Hr@~HTki>d)VcI(m$NJD z9c7)Hw`9H^SZN~9R-^r!XI5Kl4bO~2tLE*^zFt%R;jsJ1cYV60)(+>T{kWzAN`y8(E7)Mk7s*w z*=Mkr-#Es9ttZTEs#M)~=YFB595>%p#2>Ba`CBreF7W{xMFLRxxZdTUfk%Z}EPyeF8NWe;4%BX^E%)C}dxO4*ZmCUtZ~8N#Ppw9K8+-7* zO?%RR+t*lpDR6yD>+nr7{c6JGMvaengw%cI|b?btAQN3itE>k$*T}qQdNU z+>h`QyX#2{)~;#q6e(L*eRQAP#hS#A;yznH&TqNxHOsqE_Ds>A6Zal%sgwU>{A2Zl zddc2shlwUDJyB~M70Ja6%B(HlRe`(4`VFLLY0@A&DzgZ(mE@{;Xe&9|@an>Y34 zBaPr$-J!@t9&xLF}{xZI*?$&&+E&0rUOg}C^dN=HYd+q8C-QL^X?R8Q8GME46o|*7{|?w{Sfz+&MM#%iivQ9u2ep3+sQVgiZYLpW&dK$lj0lkNVo5 zY5TkHGy~_{)vxTfe(Rh4Fuv)Z%H?NUFXcIJz>IAixL`}z7G>hI=%xc2%XTmM5@ zuSfTMLp`Uyozb&?x#;UU-H&pOscY{1@IEByEOYv_yKqB!b=QX-ZGI6yE%%z)+^YLB z^ZFl)A5td0_K_EDG#~9;d`T}^Q+BcEoaQ-=^QJzrV*ev79Q&cYYwO(VhwqPA|5ep{ zV!WU$r)qM{{iE`?*#m!sKa^g6(KJzQWvYgAro^2heoLmkw-4Bh)zp5Je{ih-akalm zT>LHV(@dq(?auMKRwik8r`{>G%K7Q9`0@A~&qw|e?#ttAeA~QlTbtjQUXwR}UU}ik zHS!&CDu3tO$yfBnH_l3(aA{rr<|gZ(72zr+=ZpWDera9a^{4tluhq?cT3M5%+1R4B zV;3|zzK^j#^8V)KZ^?g`?Ws@vX!kg8S48gNhCB8{_&P z`QPI5ZuY5TSJg=T2!AA@Q{(%vQ_s};hVz!|44aLM3eVbSOMSW)Z?y2t#3xnXHve|}ccH5F zc|*zGtjaZMb4&`(e){*OO#RY6hrc^)EX5D*?-KfB)^+Tj_2abOg51xo_Vd;DyVjUL zs`eK>yynN}15rn;OlGAB{hW5x?b!hf3)|J7n~&`0-KSM|xqge@!jesU-`=^-nzC#9 zq7`;~TdRMX@~8K-EZQ~m>NTC${}~?4yVZVlE%UL-S-)!U%um|XsitDa@O)|Asefnw zGi)<&uT!kCo^|}l_Dt5NYbR?8$?on5(*CsgTj`JRkLw@m-dnn0K0jy6xec9WLOa;6 z?dI>5v;497fvwEZ{D;|R_2=uZTO1@7^Y!5R&1XJV*!Wbcyg4_AO=+oUT5bAorA&JU zoAQt9N2-qZsBfN_Z|b>oO8?yLg7>#ph`-&li@))oebzkLAJG-bm!%j#MV07yKJGg9 z!|+2&wmtuXk7E5FnV#MI7i#P??b2hGdF}T$mURD>_xQ2AbWz3qsNcb&f1jQ?uG<(F zDq|89JMp$nNOr7A%B>&%N2~JNlRrjB#EQ;&+vgg5{krMbsfLu&1kz3-Oi%P3tq zQ=zkH(Zw3eRo)N(n%!J~Qt5)tnmg~4jHB$iO;76X@wA)H+d1XIVwn=9eTBzLmZ$Z_ zMH@3eI)3=XdNJP6oNpT$M48`Rvv2()oT|EbbM&861=^QtLbKPn7kzw{ahqrUZkDQf zQ~uf?48K)+Ve7PuSLYeLo%$xb%JezgyWWTD5_6udU7A@|C)ey3v2By4%HzH1KfFEr zPW{b$Cpvd_tNMaxyXEC>o?LV^=kpErE!|5WqZ36p-p2B6H=W+86UMptwu<)eJ>mLnQ`a6f_LQ1# z`Cz`6*S2jOQ*1&XzA(v+EtRzr|MYQs;N`v69@ii4*&T6B%~C<&(Dtvf=5fs)|8DM@ zV4}s4dfe;KmRa1^S9Vn#R$GM68H{G!NeEtTeLO5%+Iani zC!0UM{k8Q3r;3NT-PZN1e&n5YyUb&FZ~Oe+hUv>M?fB2YyHPbfUs%dzz zO{-$-+1%%0SC%C4GfX_D^(y;wJ`>yrDBzo=Ga?8?2w^`6O+xx%2*yR+$ku)u;C@+n)Q6ea+v+G9_6;_%xzCR4q?A2h8Y&ZSy-D7r&)ok*>+W;; zYd7&RDoDM^$rHL8b?9xm%gOJv=Y&qKd~jCjn|ERD_vwwhR%PwF->$yNAo9-2iEhR7 zd`sOvvD~)#`(SJPBbj9p<pBF|>C zh{yB3c0Q_}{$byGv3WBEE#wXD%hnkb`drgJ?R36FfBjKFzG*U2^pC`yU<;dL%E|+4g0>h!@TX zt5d$TEF$>nc83LjSu1$oE&P_>5r1>jB>M`H$CpiCUs{>V^JwNGCO0KT z_-@p(nZF9O=J%HD^>+LyvrYWWnu`LQ-_}h(_DgkN@8h@15nE($3$q?h-Y>C^Kjsok(Vi6!&zDwd`?Fko+Q_}7=9T}o z9rs0BS@%qr`Es;8_=@-4oQF1!%Z``IPf3#3w_NA+*?C9Tlcu_Ws(!C`rpk7QJS^q^ zRvp?=HdSI*!||T$wJK|hLoIrX3^UD=zP^u;)7UcWvv1}_js&|T?QPeEPVi)1s}VlD zK5Kz)$%?f%?>(={v3n@HdRMc@XRT$IZ5meU1b)6QtGO>~U74oD>sc>Nf9G211}@s# z!^*C-Nlzh^MQ8QoxFtFlpZgbURa{7&Jvm?t_m=1Lio@0^m7Yjvzqio$qGo2j)>Unp zOIIgw1bky=pT!d`(m09VYtzNscl4h9|@BWI$FCxv~)wL&|%RJlX{rPfNXp(s2 zt!^fc{nt`MzMl13yFo~Lt*KEFJ4>nB^h&O9n;@^FYuVpRJoxjD0l0q)ECv)O&(mfUK#S;=Ph^0r^kI_^Oc$R zmPOfcgr-DVBpAmTU+!`}H(*-6;e_2*q0TK@v2#tBpFG~~HBa}z zw6NnjVWn$d3wWE0)*Y35&MT>I+PC6nR&PCj)^{^;g(LpzTk~UIProiPakl`UwzSvf zSt6fRVx+Egaom%)uzS-tuWj-!jx9#MNgqR|B=PU{=kG1;u2p?p`g?Jk?8{a~?n%wI zysm{Jx!i6o3E%#_biFHDlC=GZt^e8Ea?UApq;6dNr?TXX?pJlo2cKiEtzG7xl`>KM zxvXJ?xbUgoy-OJid#-A4y5uW&XxG-Q&yKcoa@{dCuT#+PREUJ=`5a@O#$T+4Nx zeL4}zpMwhfey+Kjf9%w@XD)M#_+8&e9lUXT$`_Zb>mIRADhS@jAJrWDvG(|lJu{av zGocq8M{A`InH8ySIpirK zd(i*vz126(61BS6Hy>V55%er=l5gPK=F<50vsSOJ=stK)cI(8q`W+ePb$DwY=YKpM zxVO+M#w(!rkR>Ne>5BC=iK{AlQw+}?RC$uNy;obgui|t@zxPM;x2naPADzB^`5Ui#k>a^;bvxIky*|AC+Q;tht7(z!mhS`hc#1hlykPjcx<{!m zy<DE2w+qre0{0zGDIYP)%Bm7L_ISZ3*+kJD)X3sqs zuY7I3mXhhMs(HH~`ZH!)U7M#?-Nsxd!F+Gq{)Z7S!wR>oSQDbjeLm{*`L=y_S1-LR zd2ZSJ^iW~k*>s!9FIU@~@yTvIztXg2<&A3+owhR%#8yag*IqJ`NpGC}+>2e_ zay^z^eRX|qj-G(q>L#maJN8SM?wfZ>;-~FWtIp@fP?VG$X^H&C& z#1Hl6*I|m6-#l)AIzx!#&Y~q@p)m^VyuX6-9j))|&53RB*w}m5*xP9Pt(vue7CfGn zx;tlTm)@H`t!J~B&s6!GXZN|}(V|~cM|bmFE=il@R+;j%s_XXUM7hLXm7i{$%Usi+ zraEwcU2|TzqS0jMqKjL~cqaUXtA!tr(OA#<=;JDs^49@ z`O)1hTWg=GkG6I*FjYOiwqWz-*@tdP-L_t{eR}51*((EI`d%`5tn=Y#`t&Jm%e@{K*)3wl3p|9A% zBIfeEXSPQ}9{ifMvbgG+;Ox%uqIbtwUA|v?vdmF^z3eN?^tO~aS#US%Xl7dJgE@H$A;mrB z=PFF|Ui;sdu-+MV;&@g0ji6^nRRR`AnfLZQZSbFyF8eXW^yaN&3L6*Z6(0D{VE^RW z-L0F~mmBvn~Tz{OqGUv1$`*&92UC0<5-xP44G)6act$dv_K zxBX;Ln0)>7vc5=}_Rcl8ilQ_nBLo|7?Yx_GE#fiHJA201qfgtXM8)f$QAwV6wRQC^ z$7-HwD|;{g>YKXg!oidC${(#*XjOc=P~x1`e6P>5_cPsm&A2sIt9;uIw==;9$~M?X zefiHI{!-{P^X(WfM;ooGYrJheC2vhn7jzXkN~~3y9u#uRJ^q9EKQ8u<^B=G+=Wn;u z$-lnGN-+6z{NEG>xdnf<-}bk~%hs{fU9uB3pU3r)b?JjyI-bkp9$3wH;;k$9UX=Ok z>6&Tf+x{gPJiouTa_O<|N9Wt;Db?0Le73iInXmA)&IeN(=gc~`l*7aFa@G6=^QHDD z^S8~j-7~G0>+Tod;D3>O)CD)LpSe%9?p*yA_JgyR&#JZEDs6Il&BW&_%)c(%@z);= z{ijvI^+=xoPyL7E-;T|d<{YSdi*W+?@}GUnGep(M4I00$-8VS zDPrdzz-Vv&Fk(gc;#J0TGEZjJ*gu@#9i_YU_zlzjX4mo`c}|uvz4an$TK^iI>1MY! zShu-JFRkVM*!(T?NA&7Dr_DR}$t~bIXGdjQekH*KRM<=tK zx_#IF^u&3V>vn~{+v+~w%IxOM?;B%ghwbq7W-wrod$ghcp>f~6FSldXy`3SwIozba z;XlJR{f?5=6CciJs?WV0b#m+Stxok*i{cb6?9=|C;q{+Ez)mK_t_wcWGnbgn^8&J5A# zA6I|3GjA$bEBo^1oF?hDB`TfY%B^Fa-S=nhrN2Jr9)l+3( zpU>IKtiUPx!iw+e`fQDg)9DvBE?mpilhb!N{7Oy~Q%KYA3Z@Mz^PXPMU{+sgH&u4+ zsk!GqJp|3kOJ|$Cy1iIo>I$y|4{okaFD+PpI@9xK)#bd>NS%X5r!2p|kIa5#@nrV% ze0?6q6EFR)zt{bDPHE!B`Ku;goBKvT?NrqJ4pYvzPu%u!OG;>IPv5cgFlU(2fe(IJ zy7e*ro?V&m92MOxMUQ92sm>4Dda9z$+M@Gdrd^Qj&qXh$tvQo_tNifc*o(Q6-?#W{ z{8YC6`}(xvhqm5_5{Xw9^2**3YHQ_l7RtVD^0xl4eq!#DxYyh@FPu{Zj&_)S%|EPv z)A?J}-@W_OEo}53`UYM0__6fir?bM=EY(M3T2lWhzP}Rg%6jHaYS7}Ayo%)q=ihw& zZQYOK3!Iae+~76h?sil$5AX1rP$hNl$L+`KJL9?Rq_gI4sz2t>6P+{7(Ei&J&EBVe z?ia3yKl;z`Lv#A^`!~8?-G7jOguhKNhF9_IN@JJML;4JDEX=oG#~amD{awD*|5jP_ z-LhZR9qZn|b1C~*FTqpy;v3WMsHWb2+pDWJUv9incY2;+uKSVA74L3Uh6x;Wv#_q! zzGaj9NIF;Eak}3V&!Rs9l}tPDw^$ifSRW{him`Uny)P& zw<2SquWY;O+3wz~SnTcVvujP`$w}t2EAJhCYVmp5kLJ)F$+BzO)%RE3xlkvTCDp{; zoAyMHt*rUhu9KzJ*+t1aH+y{N5p(?dY_q!j;JvE?lm$U63I- zF_S^JZ+%dF{4GbhlnJ6*9CB?tzt4`HF>{ko!l!#z=hw=2eYJkNY3s$b3Z|z|xj*&i z{JNGa?WVgpKICIk)Fbao&jU~0B}LD_nrCh`Wp!?9zRJQI3=ZmbKdRr%KA+4_Uohj6@m7^{=GE8S z)<4o->&ufNX1jcatZTlk;MBS2<{yZc+7tPp-srN|3}Tu>+zS7c6>HKilUoAi94oecHw&1*IihLj@7p_9N9oR6yyBI2+QvWq z3NgYge{5fz zKNV1Jn<zl ztyW-pzKo(0dwKEefJxW+L>*Y>Y2NqdP@VbYXXu9FlShsGb&u;fzV}NHJten$r^&UD zgd!t<=a9K4t3{p(HbqyyzWjOBrUzn{_N|dKBRO>#zpvWFG`8}E}guCAVy z?0(MdlU2x55w|09TX}9gSa0zvYw`t2&dwrl0gLycdLP&vY^_5s+j;)1l51NP^LOF( zXEPXYFo&}xYfE1DpA>Q|oO#v?sYDG<1G%k5DKniQOb^yCP5gJ|R^YWdq1YoG z_GPoT_wAHiv;OAc=-A+gPd6Fwt}Iybv#(MnY@OzjL#>asD&)ijF+};*>q{r>It>4=TG^nIaj=0_sW^2H(Jj{cfI|xQ}>d+9^D`x{+hkY1U@bTwRwZ&@$JbZf|C7PYyXWt%>pRCW$sn}4=IYdC$C#Qd zm?a)<)8$_Ee8q8-NZym%;Eq{3Rx?8;H0U^#}x5A|Fz*cJa1R(B(Hm_Zu6hv*K6g#8MnpK)h8ZU zYq?xdxa-W7C)=hmKeq_(<6LuFOL}JTD}$PI{#mR4E|u=RxLt0m-=}wq+Rieo4wN2T zm1}oZV{zAtH@V4SzV7E9N`HDEz`5?jF$agYAtk?`M)uEG%)B)7?^Y=to@AM;ywwX6 zi&hIxp5XXwnbc}e`{|O;WwjRji1MF2zSTEr!&!wwu}kbaSrOg(1w5&9&(%+L_-w4n zxL>O6$-ANzf0#r27K+bE6e_X~?n>}g;M6=ktM$2yn~_<8)}HT|rm1b(>KhjjWpR%2 z<*co853^_dGr00@UF5}71^uO!;YV!!5;IN}o;)76=lX)z<&A-7&NsPMJU=R%xoDT! z!*=!_`L!AQgm&Fnn5%6yY3H%5H|D&XxvIj{rq(SjxO8obc;Lo^w!h0)s`=d9G(#oj z{d3bY>o$hgm+$Xw%$*w|7CdXG%#lgnWeZNeE_Sn?+ph3@tJn4iO%i-_!V-2!D4Sd^ zVNm|Gw1`)1e{5^`T9>?IzUihfl^L$62Sgl9GdXbWcfzsDKGQz>e=J**b~U{G{))aO z(v~*qYfWw`-ncsHN1lRNEpNzwNrx!G#lZWTGqd$@1@+MwN6q6-5K=lgAmo$w}p za#(5c)>TWdZDz2J{AsJL^f>hX4n<3LmaCfik>8Da9+aA{O7oSze`_O~;xm?>l(}C(?$;)<^8s%N#rf_3th{@p zgiKP?mC%lo+q`Qh>|dJYn6bQfhtk~iyp^9;%0D+PlCCQZxHzTjWeVeom5Q4amTr5r z-aYp?_k5?U#O#AXTV)n`J*(KNtkQpKY2PK|iOut@u3p`&aZ^+!ET!o1dauj~sWQdQ zTVg)!{m*c0i^4W1j+>Vyj;ik6cBd!wcXX0th-vv2pDU#beJ4t}zpf0sER#@YS|y#d zoPEC6)8=v4iA)}LmPwpzS8rJJoNd#3MVTgxw|>eQ%F`=;`e~}FPFP_dwQRD9pWB11 zkog6NlP89yy}20nv}if+y-n{z9yAz7eLCV{Av(KUSi$zds%A@7X=9~Vri#szf7WJC z`KXd+6sLGRc>b|nrl!I^MP^H#(oCIW2|v6x@FdU_c}fyd)mikb0)jQnVzdu z?Jb$4e=6Yldi6`2N>`UnW9znD)vdZ(E_ubv6`Kq`{rZQZQ%g1TY_ z?k1|qQ9+wF-tt_wZuwH1g&xvHg>j*4Zs|l_xu_r!cKq7j)eqm4{c4-2yY-^=#>O3A z*RenHZ^|o~oBZ~I#%;x8^}?}&U6Tw~R$9x<-Mj3oPTidU4D&zFYRYiX;gpfP-c5B0HUP3u{-Gt$X|(aFP7;+Xa2$D2!&PEVXB@;a1bjo{|vUsr!% zo#^-G34_PiHBnby^vrF&^t@WKzI%OOY}w4Z2-QRLma|AbfBSY)=xN52EQ~Lss!FmY zKW&@9xuS5Bo>6+?!yU@MlQuFa_dJ=m_0sEZo@o<(rEAYgT$g{ivuR~(pTqAZ^V)Vv ztoOMvLv~Z)h3h)s(qk>|#_UbBHgRA(Agh@d<&z(HdHvqtO9%SWdS^Vh30v%F>{71J zP~R)^Bt3}ZvwxSB&!NY^-R#2rIF9>meSSTvPH~#$FRO`tTi;2o?VY!f)R+Bj`=s~m*cCmaE;MerX|J!~#kRcX%QGh~Vhy!q-d}ZXtHWka zt95k=*;+>yu{!+e+f%w$V{SY1(nPVUSbmcq&mW$yd^+iyO2tnJh7VQOn|>_Iw7c@r zh;d8Oz7;>V=knffjs4cM=*i?4#_?J|rWt)NmRnrOFyHI-(v{DXrd~WV`)1uOQMM47 zbkj>2)=v(ZS;+8&skY6#$}bsC@F3s-0qZc=A;3qfz%|0-yihKezbqwsJR3PL;J>`JoSLwsx+* zzhx(5$GPIL_gk6HoD?`;9QncV+s!li8k{|Uvla^E>T(rE`5JJEOgfS-b3OiHKjYo| ziOV}!LM6Yiv{6o85_L*lfU}_ZbKlh4FIZ0eF}UTQcQ;GRcj>}_e|t@Jpt}*afRpXrFLg+&`B{k_wGQ5)YLO#2Aiiz$~-nbUUu^~>xqu_X-${z zOi!@>9MiUYbt+%#AS-tGQJc}~}}yi!TMkT)uGuBUQX-+8t=Fstj`8&Iw&%SrZo43TT6+tFyU3lXEh|4OTOGTU!KcFES3LRN)*PD&d;0!X zg%n53*ui^hj(}Cjw2N9BP8TfxwBp&7Riu^UMu}wu7Rt=JUJ_aNQd| zfz4C&(2HGOr%TM1Iof7lv60Tm)n!QTPqMmh8W}rxM}#^U{ znFbr%VxG%%EiB~BpU!?IPokH5b$ zH+?^JGTUyK&3k1Ax8*&2Uw`)296csB>!N(M)egT>U$3)Y>@Bw5F1ccAJ~v{{_Lyh8 z_P5z-T(MEEl$o|&%`A9A$fL=R%nz+iez?9fuf+P>{U_erE8bZiP0!TWye~qb=Tu~+ z+|{3pAKtahW64*V6w>EfH}T&=tEeCP->R?GWUHLraD)-O*gnTD_gJjXiaO4nbKCbOSW(NMOzN1e(X0}zAWx#ZgH+k(K-g_ zN!jQA7%sE9XS9pS>Ef{;qTA(auK=LfruHl3{&JUPp!`L#d4-!i%H z&c`2VK2qB$d+xIDYJMIvsC*5!A3AN6ia z&QHC5wLGz&*>}J9k1adXCq2;Cx;AC=L;tf8b*5KX*G*}+@l*)*zUBMw%)YHEA(y^H z?(tmSa&1YUL%dCY)k~AVa)-UPMJ!Z!kj%94%j}NDoi4RzJz;Ci>oOjE5iQ!2lo~D= zwEOCd=u?k5eOy#`E{|qan3NUT>!4onM|Efvn|)r&a8FM1(k%>)-kCk_U#XLi>`=ILA29(gkL-$yEsDxKUt!Eq_ij$3!Gn@qjvr7P$9+v7*mW4}$G-+07pyeoXA-L&C) z9Zya1hd1-&m2SP#SaiFZ+u%($At#ZLV$j(cj~^yNPTe?{)?BVmu;Dt2?NGj2RvJ>#C_L9Z#RcH9aRz4Q0-<9d-- z*Kc*tWlWm5VDgjcPnEUL7M9oZoBp--y1q|3bJy-DwcRN%m)`X_(w*t?aO3s0)#gWH zqkX0yiTohO(%VKYp>ns z^sTsiYybKF9~##dKh9^WvH0-(;Cu1c^|@CP%c@tmsOK~k@b9ge|A1Gqv|ju+=i_wO znPrPUd7iCR{m;Pa`!V37`&)Lq{#>;eCKHm*Rc(A7ijz<3$!;`Bj&Q} zc>kWetG~?SU$S9l$n)F&JJ$GG9-8GV_xQKXABQbJQa@H*4*Ixk(y!7DTtZ1)4+Pks z9<9w@oGH)vPyff~e`5TNTOX?aa^IG*_UR+%FKl~0KT7%|*zUP`*N?`9D<&{37pytH z&af~0^cz#{^^NwzIeUs9aH>d!d|usPyv5DmN&DpSz&5SLldlJ#2}!9^@BHKVA^%{# z#MXM|{ucjL_wFs2^{lMDp!KJ^<+|0Lm+JJg7+%})|CpM;{@{Mf(q zqs_KYE3T|f*~KZdj<1sCbBs{StKcH9d%O5P-uPnASa)qc|2~x;R=@o(n(S1%qAM@> z^P*^EQPt$)h71C_w!ftzHBoq-o&(8&9*wceB~ecAGHr(&JLd* zwY6b^k9*!>9(L#BQ6Keh*B?rL%zJOQ&@DGwwzA z(Y5{OXW#F?FZ$jla@FYt6|1tH%VKN{b}}6Ce9-r`{2~9b^}-e05%Yc>4%IX{vn-O~ z$%E^eEB_ssFY_fg?eP)Mhd-5hI6j?}JpMf9>G1=+-iNQ1i&cG^vDH&GWc&8xXHP!4 z{^DlJi$h%=&*m;UzxzK!O26##-hEOrKV~1@9KBAjzO+z*S^IU|3f&s@kCPv|ZRXqi z@PuB;@1R519%v*h^F7)Z{zLG$=AY`1>kr?qXX(xT^48W+Q*lGI&4bVJjx{zruI^8r z&!XO9lbl()@@2TWqT)P`(|I*t{xjHZeVR6@C+oAChFt99{|s%9AIKk!{JK^-+-!SP zck71D{GZo7e)+HJ`m7qGALbv`gRYh4OJ>dI(<_Zw`_{hJxKFg>oLkk`wd-$7AK$0= z@%z!;zM5Z7?~X|1Rw%~s2a^L#!=>;CK zfQcM+A?1ZkNm`C z6?&&$J^rosG3JgbPC{Xe-WmtF1csjesF00cv#QU&IMwT^QnUSG|1G_DmbnT$8;`Et z!eFxCL*X&)%m3tmJP*6NN3ryy^r1LOHDx`qq&DGM26I!G!K>N?CO9W((ID*Q)~J^6n~rg zWBKYIORpbsIheLMa|#dFm%_&@_IR#4`tUyk_idYrCJWc4$y(Z6yWDE-?pzV<^Y->p zsrGJ@)%9fxC@iFvOwHcSsHGd!4g*HR_SzWv=S zmkH75E}hu;{?^%ZTG{e)_xyP#MmY#MaNOgGe_GryM|8C~0-H}xgpN0sa6KGNs2{qtc)eBO)CZzC`Mm}dREI#*FC zxo`&``~IlyaW=bWJNdlGnO1A>+jcxNQ}Wm|+1Bj485grB=TG`w&9Goy-P@ds^utzF zcjnp$ThH=1*t?fc>)8AUl3V7BD!1R2E?OYRTk-Xy_uOTr7t`m}`2T2q_@ANeo6xeQ ziO)Ke?wnzFu)c1*@K4&MJ-$ooGhgm176>p&mtFavLE>xo zvs<6jJvU?dVZF}$Evy0B`&p(uEMDywxcN`SN0xOTTr))Yj--p)P5)RPyZuPGl>NLV z32#NSbj41)ZRzSFvLv-#2AlKIMg@w}ch zZrfUl&R<`XdO_^N+1$lO=Pz=~zP8=EpKsd=b#VtVnI@}i`CV?U#VX}dL2E9%-ClCw zvFNJB*0IK#+Wh|+TCac1cHNcUbT4y3k=eRiU-X;jZ_(XW*;5)}77zWe?a+09Y&Z46`QFR-56#%Jd#lGikKo3h&%dsm z=NDOD%yK(7;urIg`okjAD%sTx-{>)v-2}`yM(tPc6=4* zkIWP8dvrKv?lZUFtK3E3U6?C*?8q_y8QaGiZ zp88XwG&rP2*lzM8UX6(yLi37WhKnDXd^>i_J7=Z}wmFN17wO8Z*|l!rL+L=1>vqXJ zkLBiEKewxGed*)=-pTj3ecrf%KZa-4Fa1ZMQ>x7Ri>r$j6q8l*Y^|<0)QD}3{?8y4 z^GZljahZxt*~yhlMbDI8{vmDa_uPByWgCrL?(K66W~zT!KfO-l=A9Sz!jtRV{+QKE z{hA&#Q7_MHb)LoojrF`g-abq&ew^)nvw@+<(0*wyXVDcUPVGChk9_Z45%sca-6Q8i zBHOA&*XoPjiO!ZXUHdyX;gsOd7umD6eRk{kWqW3)*=J_y^aX46`CeXnEf|}zwsOm{ zc{z;xJNgQ=cjhHrYv+AzEBK(z^UJf_eXHM|tvt7|(1JC!=JA#5i+&uAHQVURZD`4o z{CU0AHJ0K9Q~7nTX76h|+R_~ z<4u*>s(#uR*FTl=J?U|06Q3l%>G{{U#JX3lnO>E1X0qYW317}uO;Nw|d6nC9)=KV` z3Nrs0yq4VTnZRj!>Fk0#x0yDp*ZEmpb6c9U(W_=b;q|3uYBNtfOqw-OYeNC&amlw% z8ZoQB9OGE7gw~ZGODbMv-<3)8?o-<6Vb0nO_L{VWGJu_47THQ z6uBs^c_xpI{kcQO9Fv*s%@=|LHVH{@-x?KhXyyBf*A{;|HA$jNhug_wv1(D}*Rwnf zPm<=W-Y~(_?#p%N_lyqjPRtNHC479rGS_^mjjG&**Vg1}aca*BWI0%K;uwSSuM3K^ zY$k5oo-Mm`Vw~p1rg_Gn!&m;h7ErtTk$rnmWJv!T*0dnYvz6ESMTD}$3Qv@6j&+gT z{~&3v^|#$y&E`v%FeT_TA3nt_=qD6zvahxN=JW79n?LgWlXXkxJ{0TzVZE*PE&I&b zLH`-pwq#BdI^xA)pgW9dB&I~4cUuD(=~ zZ63U#M^Af}*O@oLyL8-{Hr1>?Ul_D#llz8}FRPQzCda<0JZ{SEzC&hj(pN2`6rT8Z ztBU7s^$u$L&oHfDy76TcZz=1Zbl!PY$(J^L^?s>V^q_a~JX_0!il67q?<$ooIvSOn z5g~leR(sOU>$5(Ix%RXv@6USsb@tIpxtjr-Ha%zC^ZbZZ+0x~&j4H*>Tx_1o9d%TD z>RS^n=SQb|t-cHFWc8C=9hBc8{xW_4IhA=k^Vb$lKUDcH{%rrr+yxEQS5mf5+LyAh zx*b;%8ANA)^DcO3x%3opM*+8n^ADf`_3r9@Vwfgg{U)%@cl%)FFCYU@~`K0aZ`Wcr4g}k=2 zHaspoTP5C9r+7E>SJ2;yvzJwh%-Utzobhe--njezU6D_%oBE?Z{b!KLYLB>b%R9P3 z`Ib?`_f_Wi1-|k|u{TWOF3MUr>rknlU*yi5Z);|Gyj?U~eZv;UZbNp7mr>oBTnwj< zKa*j;zczH6E0=7*yH$Vr($#ypLV|2*6Qlo37%5xicdbdrsuYbe`T=WhdXA4ViUXP$DdoPW4KU$ z*U$E?u_?XhZb<9So4I1zsb5dTw)V8?wzB_NCAcSH63d5wi`NSa&Ogz^m-1~j_tFac z18a3IMlHR!=)%8u<&w9*EW78w;z!-F=-i-$$;lm#FJrEhM{QeZJiFyi;iri&gPx|8 zTw1>L^sN%9Z3}gZ?i!|*9XR<_Z7=h|IDu@RtnlN{_zV``+Hs#L>aPD9SLuUFy+2Qi zzTWm?+O@hU{j>A-T|IB>_se&2RBqs#mS9cB*!H-qmoj&q+;w*I2X=+)f~!uo`!<|B z^<3rI_8Q}wJQ+_39;Tja?jfqVeCxQUr+j*zXD$5Wih!$%xeNOVTjOB8lZ)u{Q zdxAadfbTBy?Ts zI(W0@SWM4lsVi%ixXqcT`KjH?cu9ZW<39hY#iddl=iHUAZNGJNs*Km3$6YJ`&QNEK zthAeQX~XPY203qAPEN8sZ}Vlv*R^__y54Pn9~`rfx?!cV?dX~0iT@d{uTb$&4dy*? zT=vz(mcFFtDcx=TeeJI!tfnrXT5x7!6UXzex4gZ3W=|CFy)!vN>fJ=$HD|5NlFuux zc~xv__}-#A#ScAE zvu1lRI7@#xQhaZfRm@rKIcxtjw5-q3J+f`>l#)AUzrw9oMP*)6I`%?hcQQ-)x>v^K zOYZ$``d++h8C#Xq^P1v^lV)u6zA>`{9`{ z+pEM))w>Hju5SL`XB~dtYJ2O0{bA)jG9Q@vrnaxHvHWms?Q+v~D;GPRTdwf-N!XkT zlWrW1`5XFomVIXa%{xCD-`H{e$-1=e!M+~hRMkr>*>4y=xxT0->&MJT#UggH8$PJ+ z+nrp__j{%bw-OUS!-wMdcH=*)doH}&zomx%k@sG$63gDTPqiF>b$!Wit=}g8_VWkd zuNAFPyXJw!Q0~#1G{UrXQKB_03=6kL=|)Y1_9{ z&Pv%7@gdZ|fKB@eul~XPn|sX9)WnzD?(N*8@t#@6Wp~Hd)V6PRO)6GX0hki?)q<*&4S`o+nLyrgU}{ z-uZgh{9D-H=9;RFxBuAuU8=h_{ea$f^H=*s{e=z$#@A^6NJpZml6;Dytl>KD> zyg4p-N!^M08`_U|?^OL!{yXTUS@`H2-ft4j zZ+uGNlkqQ30bkNkgxq`$qtpc5bQVg7O5pvuIUmhD%%Fhe)>XeBrU9mSx&lPFEyU+FS#(xH3 z6MgPmH-9WXbgSok!Lf~}{xc-i&uP4F@jB*fY=*U_bWq4r>BR@;e>48O=4<7V{D&eP za(tH?w9c;oBfS3G(s{v(Z6YUGDkmjyebblucRyZui?5cajqQi;0n;9=e|L3FUwzb% z{|t}i-_HKez#91R>e(xG;@!cQb?y~EanEHucdzhe5czBs4Ij!E~-Chxfj@8hGS^6HPVCMk>3EnZ~(3Hk9b^|!+-!5`_5|MjN*n!6`{ z=e2G9MlX^XPWT6DAN*%k!}+oP(0k6PA8i&FzZ@=`bnDeC_DRg<%;i4c)-Sgcc{Tro z-`V)+?D_q6`m-$mY!qFxFS@13-)Dt|>FNIr2mN&FBr2HlIsToMXR%2xURx0!?Q%8m zVPx~x?J5g`{3>2|z4$gUb6(AZhq~-FCRdIv{c!EtFYEaRdshjoKa7n(wEI6pvz*k$ z(jEKM4(flKw>abMlDN;C)MZ&K-oI&H@2l6kqQ+*=F1B3LZ(8RH%F6zQzL5%Rez@1k zt^bJC8m$TSYFqjRfX{rgl9nWChs-jnj+dgX`9$EV$TyWoQE zI)-_IpI3c|`Ogs5|G56}TibW(*Zv6Ss-E2`QSR8lZ~DkeZ|&+I!Etx=;;cKC+);ja zplr#lX~$hvQ`2gjm;F)x_@ALmCn~$zI9p0Xse0M19e=W=kIbrXsu5&KK4NFFVdu`U z!;YC2MbRJDD}DI>mi^KFZmS+Su8-y2UwhU4Tbs^IcEBhVr+!~ksbbyQHRJ7r+n=j0FTLEYDP5QI@hGQCP{Z5&NBR9< zKNhCyEtlQ8(SG;#Z5=oYbB5$~WRkmC>3> zR_hMtH~xLq`NZ1OLgMAG%TJSJ9(?R-d@^ye5OcGKi@(;JsWTgHFdknUJ}X3nede5B z!O!Hf%@e9Z?1GM3Jz=|5ag<>T$B}%+R+)#>7p^b(JHv*Pr~LkhiP28sRV_BZ|1*4D zeeBDP_FLsP(cLm;+AsItY&w)}9Wl$>Y!YkijWw&S9bO)Gp5?yTJyS;Tn9|7*2X@=6 zH?l^I5~8A8CVK6R=s51+E^4A^Hut$))1J=FFAF|y(sk8&XjZvk#mdE#dAvTkhIXu1 zk*T_J(QEa&O3`lj63>ITZui?=xomCpiQ(YeTZq2`Hn-k%o>w@}S7YDFL(S*C=EZtGbJ=dR!rt68@X4LqArrmw$_;fm ze_atWS@SrlC;d-WcenHQCa?ae&J$Wr>x^IDo2_zCTE|L8K+96i{bZ--fhQOElQ_#+ zwT@4|EgBcGNXI;VPVviNU$xJ3k4y}`(NlBybvQ4NieqKoTI0&1Njn~JEi7bOy?fE) zjb}6VeY>;j#^auArJvtSa8^*6w^>eAAIVB3$f^K}# z*vohNpu^&hCpPPg@9n;;#HL{Ni9Ig6=VET4r9^}+iD$Dv)nt$ zUvRzSt!-}}CFkzwKP-Cg#dbE&ZqG?Z#$B)8&h+47P+;tGsuH)c*C~_~W+^->zfs^#=YaV&DYh-)}?(nd2?Ee@w!atZ`KKx^BfPn40)TZRbY8= z^}{R2w^lu#b>+nLx4f1q$vu~OvL$bv$XMTsH}&RcSwnz&eCGZ1kV@N z*Z4aYbyXBfKfXTe{*DQ(mNsFse>e?OzpU7}B(~4Z)<|2seTIY44i2cm}8Pa7@~@5GyEj5N@!bgaT(=Z0fA*p<&ic_@-}moh zpFCkZ^zr)IvO3NEJ5y4^9$(v0>!j+I*`4xy;aW4J=c(Cl97Pge&uRNvpEJ+@b;}t0{Zln``Q~JCojO*ly60+#1>$xp@x%sree~dS99{-C23?XxNT@ zx0c2<|F~vwja#uic~)y_VL`+c1->b+g2jRBLpEyN5i;z`nbqTUTq|4RuE~NK_w#rS z7hX#VoupZ`|PoO+~6 ze0G+w{Cc$J_RXIOD`Z#Q32SDVH+RR%#I0dA%GD{qfIB z`Hrrli!U#Z-=}#xOC*Y zVwxpkV6ausxz{vFbi49)f3NcC#|*<3H+*~Vxc$I6%Qf$UmW6tkDJ%bHxE}1zoX}?> zY8BnEL;2Hk9Sd7cJ_Bhk2EOoFb44~hNEUJBbMy5Vsjy&MI9oMEC!?%HG)d*a@$G7} zMO>PXd(AU>R2T%Rx?B%fFfUbU=koZgp>|zT=P-+a|K5N-^-~(I zW(C|(?SCDTS5U-mB6Vc3vEr*6tI8FHbvzXMKd#<%T;hb`q^#bz`;v2)^i?bu$==yt zt>C7^{@8!pk@>IA=UnCW`k6cDxaIQ&f3ulBABk$4uWTYD!#C&Z%*eSd?F{X&Z*9(> zqJPSB&2IUQTOkuWO3iPaJ+yK8=|{ds?uM#=(l5MQm{EMrTzOYd$_kq>v#sJY^Ipt2 zDZ0L}ID5mC9YMu6u8FNI3XBZhJa5NZo=QKzYVkhzdxzIQzqaCh&QeKFc3bVdr$IsI zFVFcLc|Blts^eo5UFNAWWgC}i=hr+beGsm^=AeqtktT;HDdCH=%(|7P_1}?tx+ijp z*SFgbW%_oCUiMTgyxQfioLTYO;28Utb^XqQy9CZp+`YG0F65-P$^zzjS2r(+Nyt-p zV(xW$vNMO@nJ@ntm`+U#zo;_*NMTRd_al4R4hLO$Qro>VylB4P*5euCXO4L8;oWiY zY)Mh}%JSvX-W&JV%eR{@k)7HrwQu<(&t0}3JsfWpf;ROXGMcpZ2mi6{dm^*8iErX) zxb<9t>*-eOi3~~W46j_eb9Svq$W-<`!%JIog4}x@^Zzr1CPiljdTQP=Jn!{l%Zf7- z*aDCHX>+>XS+P0XuXRKG=~I0-)^bPO{g?8beO9y64zqJYIU?tzm3B#(>`?vB;Jq!U z$ujWP!qtmC)_R&;OIYjwa`#!! zR2~$4I8X7zm2FjT{$+AK{M@8{WpSXzJXf!vpc^|MoG$m}+_IyiB*9HvJpLl@YNHdD z@l)NjSA1wmW679OBvH0DHu&&0@oBu33b7aa=H6Z#R5iczVFGiX5$l;+yh_M>Z*sFjGU17eAdj>i@nUcZD+ge zi0&wo5bpEK4!dFCKl}4KN-kO!M_R(D1t-Vaq zCX&|vqMzBj_E_sK+gL2pxFOZHx+weA$`2Q&I5)UIk8}She&|~E3XcyBkvAqE&G)?V zd@c9l6JOqP_8bh;Gf$a#Z?~+_HEoX#j;aM(DwqGXpX!^FESkse(I&a```Yi8i6XrM zW$S9r@yBPKyISKcyK2Icgc94A+slszY(Dvw;kxO{J2O>so9*t;)mD0HHqrFj*5X8<(tNk1;6dwgpG!ZQk8C=v8R5Y!^Ka|9Eb;BeHFtW}+mx zb)EB{IYn05z7#uoq{+$nd_dN@`T5#Uxf+(OKe&A1-y43m{#ijQCK@g+N&U}|TzTg9 zl_zDUBDaEBjl5ct-(7cSn-ek3;%An1uRX)N;GS!GyLQ%xyO~Z2be%S#aQi}8U!Pbu zo;-HDt)@pe@g68J{&`h$!Gx#DCnUctTUrqEW{uaSTiT-Ge4fu`UtYZJu95VD?eT$S zH(qWsJ@h`vt%%L)y6e&(MV=|1X-=V=4=j0AH2F<*T5j)(P{HV<)6{zx@6Epb;*!zN zOSiwi?YejAkKKkIR_2Aj_dHvFe5vuIxs~Td+uR!)TK)dGK|C2iIoY3$sGK88zg30`vX+{=672B|m8WvY_9w*H+ccI@ws zn7XaS0Uue{Hs~B-V7GkTb>NCkX=+Ji?vg*YFH22&LIUmvUE?m%kSu&o<3c2K=(s+2k z`sI(yRJ1N~N_L*-_EYoC5Hs_fG~4}*154NCEte)M^5hiNbEWp~h$|D^@>P9p&dX`L z@8sF?YVKCN)VK65yGw5hkFxFV@bqO$w-0V-pZKZYZ|n4h5t|u)95^odDm(RJ?!!B_ zmZqnwOfGp$k~}}Hd``mUxCb+CexFmoFDl}5>6n8;Lb}O=6XB=%Ctha=_Q=(iy#D$0 zv&w|WuS1hro`x_voWHa-?ikDNle&F77D*TN?sPn79jY>6+9Br*58W-yud{~ zO?uLN<8S8Dq$vA^`Zu0OUDc}*_@{iW=wzM)%Xg+->pS;vTmNR~!i?>nk9Kd%b&{AF z#wc;H&f(|gnD>XS_%r@H9dzHfH8bZlQ?=pQy4<=8vp&E2r@d2Xr@|S3^_3^rpWGO_ zcU!Vm;Ei9ic6e3n@t*QM%+x;PKSRen*&m&cZlBF|_TA`jn0kJhpZ3`jiQ~67-P;E`Lk<;CznDZ|bx@@NQc!S@_v&x%T;(CR_Wc zZ~qx?`G5QL!}nwQ!>!X>|EMlKpYrYHnbgL>V+OXX?;iwfWh`*P>CYn%Z~Q zp6~ys`RdavIpul2&u4nRewQunIIZ%1knY`>Kt9Z;Dk;*FC;pZEc0L*QD2R z+k4#{3;(=6xn#}xw61R@Lblr;J25{zx*)R4W1+vSZcCjbaHO@`?#EpgtGuhU-y{VE~o5ktFcx$aA zAEVkbcNd+Bwu^V|S9!Fq@`Xt6)%pALxo^!@S-YXSsWJ9+*;!@51611sO#_=|8!ys^3E(AbiE6H+}ED_Zdy- zsAfD`GEIA%oo}(6%%;>MJ(iDlW!SkMt61K#?ZmZqK!Ca5I5gTnv7Cnkc=&m;SzD&9FR@Soh=jLm(KT$mX+9B@E$?ehmCnbATCwoMr;&OO;^v??L^YM)*3QHS<)Q6!xPHuhM^PJ9ag1`+hJ#mX_}Pa+cZOebd~slX6BJ&u6{-$NulEmFu*v{~1JmS2Tu8N>_z1 zj;Lt+cKC1L`F&akK1$#5-R1aM?m_tKrl~yKd&HJ^>P$19ot?b@!_@xv8i{4+ohN^H zW=ILUx3Dzx5x3dKDcagS@=GgIqLx0i{M;d0b^C}^?+&}rvsK;ZrNY5clINAXuIUH) z7C(^dEUqc#c5zjBt}J@0#&^%=5AWOZmhbd9VwF3mU-|I`x$Kqy8Cs4<%)E6iv+tP1 z9qq&Q`S*qPAHIJx`$*Lpt4^W2&QG+3&!3-owB}oJ$3hvEr@qn7F>(=qSB09|OW9}j ziynRK-xKw|W6}BP#r4W+kI$J){j&eZS^wdfrp~%QnQLy&R~653mi4Wf_{iQk>Z4%h zzSsWK?e<*1e}BWfRVMMQw<@Bz1(v1U;jOl?DmB<+DxG(!zVhkwF0Ivpw!z2jdB4~T z{g`E29)Bt1<^j>gz3o2LVev=1>sfwGKJ@wUq8~+O*%^E{9{1=yJ9tcc_s8DY-`Nt{yI4-S~|Lt{8$>&}?f6w)`6Q9YQ7ps#tW3(m(SdFX4c%hpKkg7TQI3y ze`(Qtemj|%AJNAyR@5K4&LkbbrFC}Yamn?o6hHiDIKRl2+@w}fTCN5|)=8~Iwc z9_!PMR=2Fyp0jo8l5^?D=5JfyUD}wpkNLyt=$PY0i#)b5oN*5*$iDGUx`y+E|M6(g z((~O>Yqr@b?AZ4C&70(1TFMjpr)-oxTl3Lu>cj4S;jDV$J(er@H@TN>TDpVTu6$~g9pii*m%J9GM%y8qTX{L$|E!#`2xN4zDKwr;sAl3hIa6VC^~>;rQ(t?r$l z?)UVTpYD9!AM+pEzvWz9<2KuG@6}mP&I;V;TB)_KUQ}6Zfu2j)SllyN7(0?Ti84P2n*d9JoR?CqF(#{7x(#W7$2{VdjBZ>o88nE z_abkz^eG(HbNI5ZJ@`j%>PO>)hA#~xZ@rXDiB{h>(P%HAD_^dYuaW;D|JY@_ox-ji zednIJ)!N;jZ|3BuaWFa6PwSWZ<&8DF=lY&o_}l#7`Ds@7mh*Sa^IqL?E37SZyJ21x zV|czz`NRCa_)QN#K0jRjV%oENiE>Mm&TrY&d@lRYp3KaLbG?sjw=>@S!+Yf`|KhTH zCFLw{JFOGK+z;Mwi!<8Sd_=0OccuTr8(H5|X2(8Zm2KZz6|%}}&zgBH+b-F4ew05T z&vmy(^m6^iQtJrQT<4TGipm^2&T+1*J{TvH-+pUSVGvxPJu0H%Qw(8DWu_e#Wd;Ado=zTEG z^y-pH$BI;LKYdeoXxDwgil|(+qFtdIC#EMIY|okX(Z6j!_q&q$9P9h`NXqnDpW2@h z?_c%H`JmL-Wg8#d_|NcAspDwT%HA_pv!0##^y9+H43@PQo-O=vWn~WQFGD?cuZ@2@ zmu8x=X@&^Aop$%uF6r6P=9e#hiVb9$y)WW)*(y8r54&GmC7sSK-rDY8xAj@I+2W0c zleHBufBllH?~{MeRm>&1F=WeWTXpyNx10gB%Ph@y&42i8U5)OAt!`JB@88)Onh@J_ z|%6^TC3+}&s&pa5vyFWdEbX`+tXLwJ#ul|onw}2+w%1EP43%0 zv)pr0;Le^;?55A^xUVK|n7Z~^+1c$u?onUjxhtk0{(Mg9O3_NI$GUN$5#C{?K`Yaf z&((xKuwE~*X8NqI>7P^YpHH0S@kcOy@y+9$I|W+eimI+}xl`fqIop4pw`NO6u;J9V zao&%2r->gs=H%#j;_KQ^Z&DVkvz4nY*$+*I|IUYyG3_T)d1^^;gK+jEAd z^^>5U-qA&B}z8(>843SNi!0DU$=cEfAidB zpN;b)FDi0xwQ#<+YjJ0frX~y%9YxnN4 zEHMZ){v-e4&5!($&wFgE7BL=j<2SvYJxgtIWx{m>k7L1&*A`r@QC(5t91z}BrfwN3 zH#P76G4YEhbQfR#UU;SJU`WsUWS4b?nc1bRr*FTWrus-ZFCr}W{-JK~=e5ob+wbf= z-S73a!p3-2#Z{Y^Uk*%EJby~-UgMI;im+#~b{Xbw57!Y)u z&C%ao>?+p-fBQPJwLbV^vhhrhV~%`X_Us?|tB$K5o^nZ7{QIOkt;zGQzI>=!y7J!E z#S5=gWFOvM{PJ_f;y~%e>fbZ(?K%Ce?ZUfKUxPal(SnK!ZC?(qulsl2D!uu8?oXEp z4%SNdzPBp-Hz$4KNoL@BHASZ%L61pVW}oBYbT`zUl4V9w`^zCF^c@=&^2wE%UVJ>W^11`J}?F_AJ4# z*6KRD)V`)T_%*O{)8_ zDs21B>8B>vZQc8LuaY&d?+I&1TlTuG=l{;wdFtcjgX@DP@3Q&1=;;$Nqa$I3QwqxIZ+iD-@AA#2ean7}{JnNIJv+_TW=r77osK{KSFG#E z_+pW@_FNFR_p$B2_15M{{%3f;;C;xtKlZ9CjBYcyRWk1_5$ApWqM zFZ|hHq40g(iQO`~anJQDvn_Qdt!F7bnsP5=+B+Vv8Ry+hug8cc?(%4w^WfR0Qt5cZ zb1Do~TrXNWp14cbKK#$1>UVh#-_;;#<=#mi6*B3sV@>bQ>7F=e&ev5!QO6ZDbrPz( zUi54+n6+`+k(tx$wC2e1OE1UJj1(i+U zRZ+5JyQbc?y?XhcqD|@wQcV)uCh=-#rKkCdc-=VgSVY=2O4*#u*Pf4yCQtp7#p&?-#!Js7GD|IbmUbDi%NhndY$~2t zP!+Vrdw1iNVs9z2;-@t`kE_iJciLEgNGc?1d3Vl(BExShHlMS&e`~M)w+9n*>eMR= z+>XqDv!QhtPx8{reJ#_r{ZqXZm?xQHezEuD)qQzWzpQ^d`Gaxz$K!|J+8^B|yMA_M zYEHkzaf{>1U9BH^kKXub-*9VA*?f^T4~uG6PszA#YkX_pf=h{$gMNgruBdutGjY#K zxtr@J)G*hVFZ}V`Yxmy%QFJ*KE0yu(xYSFo_n3hc&~f)QQmQ-skx?Z zQ}iy|=pX)e>6YT=soQglEPq{3e{drA=^n?ToiWL58%y7EJ@)z7dv;Fq=}%8p_>RxI zaB)_3cEj%-=cO}`-cwzkR?Xga>(*T{?bJ~A=B_ti0wisY+f;?m`Vk)FcFX_qtoJ6X zzePB)Nm#6_nwTD|zHrB9O(*eXm8(AQ5(v#wELoBwlfK@R_2>!fuBxwpUQeGo`%dXW zPmWH9JI5JjtzVNl{bZi^?FGRNJ@y?TLGM$`j2<*_b*1cDx3)G*=gg_HIqH|z8D3~R zSM-X-`#-~dGqX8@k@u9hZcY_mUGv~E)7GuNwnq<37PsX*-kW^)fba2X2fm%l`rF75L)txUR%JNovaC7%_B*?(b1#}Xm!7M-mbbzwdh=ryp7~Yp^J;jNPj+88AbgtZ z^pzTU;ZxV9IX=yE{8?Qbb!{Qse-$69u#=UzP_+^ zJ>x6xebOsD=_S^7# zeVN}bXVZOHsyQkC%5}9j_jP!8yp5R|=DcIxl-t_X(`s%XN=v9M4F7tb zGkceQyXr@`&1r{J0uCz6{LP+!VNH$qqY1m#h_6jfm~+zHar?*Rr&KNW_HDZCcvUw+ zT%XZ@`s&cw=;K!Q?Q8G*ZQB*O{+f)^dPV73Pi-nciU)1q(0nkC`}&jJw{Gm*Go7V> znKrY_<@!x;YhF+I9P6zX70DOz`_fZS*^uPYvb>v~t6p8I&&vM(R%MgSj`LnuFFE~P za!Mtc$9dZE_^ib&8?72X<}!0PUOk(4GqX4<zRtGr?NLv+s89Fa=D+>$mYh2wW#85k$?`64-#hLK-9_`1H-#uK_j+l=nKmKQ$>GV9@9WY-I^Xvg9r@3&yNiED z^1keqAEsWu9dS5YQ6h0d;kD%pH{E&hro-rMxpnQTmjbITjREr zs-HcOb1lEP;!V`X)*12!ANWO!v{UqV6gP%0Ft*u~peZ+XX)g1d6OxOpnv+A#^0ekW z2))a9!9(g%$-{oH+AW2CX1g9V-rgI%sWo)Zl$g)gR$VhLE|bw+bWm^^t6|BDfBzYn zWs9_49SYgNyl~myxi^Zef{pxxrfe(R@r3!ys&J{y2FawD;yGal8Uy|u->a-pxPAMj zruE75Q)eE$GsAA`)D<_5?3{UJQZ?7>Wt+R=r>wWTI=g;J8&Bb<$7@Y4DV}(I&`nh! zfjM-mwW12oOcwd58+$I7ow*k!Bem|EwMF9Gds|a(8u#zMJl+4aR;uR<*3h;?*IqsB zQczvJeZF^-chV*|`BmC0!$fCkHs}C8~Zu_={@h!IZdNS$Mqj$$o z?`Ub>&aS++I`!G4&A0amx$lsAT;u=H*6(hVt!l`|mlH3q^(s$za9;K5mbS}RHgqKJ zIKMP-*X6J7+jJ$uC5{;$6uosfqde{D+ZxxD69?;p*jcW2*jOoS{q$!;u)MzLs;ND5 zt>-zGKRmWOU0TZQ`01Ckj!$-*cd^TF_HCQzd#g?EiENzo;+c(k>YDu`HTIeJr9za? z9C&_dORuxKr<~tEx#+XUPjY!YkUF*hlHTL#Z{9O&EqAiMzUKBH!wJzpFK4Y<$9|@z zboI76)(;;xAN_iw((q;I+nltQa^hwawUuZ5Nc>}6bv0X_ry}n`&Xq3_JoAr48BSBb zws+mjB9$fA{@$9k{tvH6O@ANnS)%ag%<4<)OoiR@TKW}s{m^{K@uW7~ zb5pft^n9aBK}+Ow!rJR_QUhH zyT85u@NA&IZk_3Uzn9;`p0qiCm011pNA=yJqd%Yu@+SGsRe+bdPm6jbE z`ono){&}4b{~5l%7W({;%l&s){L5$OZa-{m%r`a{RQsL9rh^_2u3U?9y~MxyXJ7K$9hU=}4W~o~`QO_7 z?bS!s*S;(M1c({fF}vr_pHR(p;%c6qdPP&Fsc!Y7vbDt~?avYo$KH_E+F47u+q7tJt3woOyBFJy~_y}%!%59d4o*qY6+O;{CX zbiq^NVA$97s=H^0Z2ic(^?A3c_3qc*Y64MyMNy_Q8g^H|EQ)YS7L+bBD)3)hX@7h^ z+x;Kaq1`bb9{1}xZ%PQaHomvLXR@W%rA>xwYaHu8Ts|%qFPL+6$(CJ=`QPU6J|Cq0 zs$2W4_>o^Zb{dxw-P$sQd=y{5$$oO4_n_Xg{>541r)|WwpKi#hS$-uv@k9Ni^iDgz z*B5K-Kj!qRO|{P5x=Xz^<^ylW`sD7ZG2iut|HSU^I_A%wxsQLF%S5x2M$5fE{%7cr z=d9my{Etf6w0kkHEVb|LoyB2ezTR!t+~zi;c?HEs+9>C9%BvdiBTZZ?*Hj-K$MMyzT9Cr6)WE zwW|-^diLD;8h`t`nTvPvxA9o8O}%nDa7yGCwYf`gWrcOy&XY-=q?vX}C2(uV$19Ka z+<$oe$m#n$caAQ<8*99HAE(mZNtfOo4&NC4T64;~->>I=?e6Zp%CS;r&M!T0xd(l| z0kaO4Z&djho3}X4&B@^Wr#025bJv6(E2z~}FZ!vI5aT%a)bZXOYqI}N^f#ko{Idvm%&P+Kb^3Qa2<;FShdj2e4 zns)94cY*+GzWBnUs>Pa*Pn-RjU~7FPS5PDRLVa({)bBza4zioHHs`6Y%jyi&oUrLg z5=VJ*+gSmJg$~MgTkWTvIon_%Q=7?>&7-R@uMSIA%^AuQpj*qR8 z+p_i29&@2+_syKs*e~tN`yu_XbL-j6^hsxXvJU5kuRL4pz35hb+D#RX2BT%tOglCj zN6W2anjgHZ%`GHe=g(fp)dD+He{P#~ddsefi|_n6#x9x=b0~b8_RF~HD7h!PB5^!k zVlgRvQ%*cP6Wtyha`v=>s{GavtMya%{Ab`U?wV~JpP3x|_H<9)(#TB~YlI z2y+qTW!bJi?bfn7w|WBqym`R*(ziXh_sX_P(-WR+&Yj&diM=>X@tT01=+Ae>{u71Y zN?x`7$z|a9cB1FEC7-%`=FGdhdXCfz<@C8fo~=2&V(L$xKV?VlToZpg`^0~L6Ct1MYhJwlguw!t z=6joaPi+=Ydw)XYKf~6|ybT}cZ8b9qR@Zy5`Q6E6-%PbnGesWvZDsp6W4grGC6Ncx zggg((ul0(Wdd@11W2vXQ@>WM}5vQeo28RBVd=G5mxth5ydfJ!AqJ>VoWKy|BdX7AK zoR`)5SYuv$_>r0;1>6-L@I397#xjRizROUI` zp5@=n%w9j-sd((BjM<~Ro_De@*BQM^_xn*^Q>k;}fZWZ4qEGj4{5$7bzvbSfn>u_| zMgFF{fB0MJUFA>f-Lt!Ab;`A;Q{Qf%+Ua-g--j33ijR9Ezws3xT%DP3687qn{yo{( z^H;tK+U#EZ;Kk#q8~OMp&zApUm~>^e0()QW>eDvz^;!}~6x!53iN3NEPn%@$rg-9s z6%+4zJ71_Vu9)rohP|&iR&~nc%HxR)g2%L{efTpg*&+1Ft;Z5_Td!mqJ4q)cT$ky0 zk~(tl!js>o=giV=eM`1&S8<)#^Sn9cYulmQJ7ibadw6u$eSH}@>1?;Y?L%unBdcrk zCO^CVz~`n;*50YBI6kdCo|koW!-O*{*!;6r+!eUB@sh)75$B9^?!m#XY7abCT{}3- zH2llah~BG=uJSQq%WOFXn--_7KJn@%`(E4oP5fS~t=n0Y0~1~E7i3o4vSeCh-8F|x zw5vz{+?46ef?rLfbekmq%-_T6sq?g5l*#FmrT(o+Zh20RmolapJxW+G2Q=l{bDgh> z@2k!djnn2)t3Ktj&(jv)k<&Tzir#ZmuSXA^rt8SfON&h6cy#V7sR>%{8K`r#eP=3}*5sfni_Oqqm zYs!gMuSxC;MU>-m8IEl}l6<$%z|-Wm_R2SHC))m11t+`rC7rsxY46JuVwT<~ZhTb; zn`m4l^y^2A`b?ebXj{g&q5p2JYVB$6o4M$(qtgpVySuN2gLh5hkWY9UTI&_$$$#Z* zSZeBL2Fb6#t_!Yzm2fJg>~)m*u9p5e8`to9nb(}`Kep0ZS>1ZZuCwpwPmL*GSM^Cu zdpGm^th@6rJe+wvYN77tgq~8HVE>&xOH+!=f7Ps6a%6#!w4~+ zW<5pbvE-T`Un(A}7CExa+xzma&?-qy(X*R3ZSLb^wDtAg6{%=ZWKg-*^rFx1&X`|P zlVs(yHnF_^b!nHlWuxxXql+d?ux5OJZ6@ov<%MQq3M&pzsG9XM*sX`h;@ipx7uO#1 z=qQssDs%AMo8m>cUb$$k{9LwL?3U^ADM9WBl~=55)74d0-Nxwun~mQgBS-X>;oFjm zhcfPyw-i-h{j!y7wi9F5Zr&N^mDhSroA|l$=cQ_q#l<$!S`#YmTO<0ebEU+4ZQ0hy zs8HxH_VWps-l@QiaTW$f;h$G3H^?3C+A!^Rn}e<9Nlq@lJH?(N6HeqhS|~5|XI;V4 zV0~qy^V?f%4)cXKI{Xy49UZ%d?OwIiZr05PwsupZkI&zGH-GxJS~KfRK~>s< ztHC?{w0(-V&yU)fpJ64~e`t+kde5J|tp1{#i^{&O+*!D+V^K?+O37KD313z&-j*sI zwXEq*PxE;b*WJ9AeA={wZa!WbxqVCSUah-ZS8aNJecse8>s00^BJs}VzDi5PW~dmf z47*YiI45+)1I5kTEmkINKVeh+KIo#&HrI@`=M{QtGkrH$K3cE4uXsnTX4w7S1u2)f zBhLS}JZ`^Kf08>x=*2X*;@1w_7*f72;3{A)&PS@`kIXfDyX>;b?@r}cTw80|_1o5*-m>hDn5@OhN0${pZTQ&O zpVhwe01y@toScJCiIANup2N7mXV$meYKKc( zyUjN5yS!*3d$PoO(~t3QUVr#~B=K`b?vr!QM+%!m+0HBt{OT<9@75>b;%uW6y%)Mx z+e}>b_ukg|xgYi)iR0|Nc09y5y6s`~3Q@`3vz06#YaQBB#gsYe43ia_nq_Ss1$Zxo3f@jJlsMyjw4~G5zmu33Be^d|7>!r`uctO zkA^+wlf+)m`|5NqAXU9S>&=UTs55U&a{V$Eb3QAK6`lKP#+Bw-k4#QJzPt0u@lzJ- zy1jOX1-0&ynwGP4Vf3+Si!yvK>v2d*yuY^R@R8tCX{r4U*1xW=`q5-)J9|xgPw}to z(|)YG!TJNKHGfe+Y04k zmZO(9yvUvz_q=Mm=H27zvVV8ID&y^Ke;#<_T5sI*qSwWFZCx=_SriWo1}?o~UMTJB#%l3L!&;<@>uUUuioZ-nM3k+Y=@ut)+7m<-a#izO>C` z$D!>remuEqzHo}z^4y1$pBxZV?CE;7WpyV{L>*tH=4IeeK_H-{*UrNA zBFIywY~%D2Z%v=CtCS9$*XOc)c{J}oL&|x@GnrFm|FTA2-omzH{^{&8b_IReS21rw zGIt96NI(4II&;$B$1me%KdhCz$L$&tQ~2`hsydMmvUjxBs^mnkII!-$*N4_KVYeG( zE6-;=E4A!6c7{ib@2OpR?6cssaZiHW)Z1BBS_cKA+YcVkdiK8Ltp1tI zn%+0dCuJq9`D!+;<53uQXF;6t=aO%$1z(6y`q+AY<=Pct(cNuiMlr>lSU_!Xx=Tp6x>NzOGpb%jPZgRyg#ZVQa{HNzr?E+5R*5ug%O7_SDYp zkX@4AcyE>CvRC1HkqU|xPp)NV@f}Otl-bR+Sbh6a@7#wkQ~%zdJm-u0)>0|^7H0jq zMRj>Q)@E$+NN}5-@p$9fkS(eQWuEmu%q~+oDSw8Y<=WF_lO`PFUVqnyG5FxOjO&Vp z(;i%2_f=xC?}C*U&qcQDx<)u}x@XhQd?jh+o!16#Tzt~M53PJiHcy+dUFLJd#PiChLK#F$*WL^AHgneVHRClfn%wsCaKOy7YWI$a zT{v-Ib&-F(*QRgMA(qO^mqu^7+$^tKdFqR4_M0Y+eo2L7_N}q+G+e(L$z5|vRN`CS zb7|RqgJu629vzTaJ!w79?+xOut6ptfcrPNYamTBS2-jV9%bR2QI&&mi-&shCHZDsq zICts>!HN3&44|*Z>#Fkl^QWmp73cMJ}UI!je4KQswhSCg_FO9 zPuM=gQFfDt;5(Me*bN@5&vZ#=eqFM?GcGLl4&%>@MZuE1o3(Oo{Wc5*+xPJA{+g(7Q6W|=!BZJh8mc~IKaef$y|-MY_xzcv>yLltqz0{db$YekwH96N zKPM9R6-B*AgoM*N)t%?~C4)EqyoFckAt`r{xxZUUH|)&-$vw zx_tqA8CEWyedfg#znWuWUXM>C-DKPSz9}liJWjdKv%smS`0F|jrmFB2fA}xyu}(d= znrqTYdHJXvnPSQ6@8#y)liR%iEEl+D0yCz0e_`<+``<-fAT#tN#r1G7QZ)*p|L4J*xC1*!an_ zIhC&iA{RG=Ty5B4Z)&>I=)(G1F5At94>Zme-HPkaE??=nlF8~pUFpRiZQrD2?PAYg z+O{W3MsE~<0) zT!XME!EHZ&)k&<>eVVj$!o}y>ea$9^4oj>nj@9vayZPOmYw;bWoVsshCSS>w4-UV& zjCO*y6=2Oh& zraaohzH#ECnU5z2HG9u<{JcSJ?Xknw!Hasr{5xC3?X)&em9`Go?Ygu*<)p&3ix;g0 zRTr78Ipf1WqdK%ZQ?X~#jc;pS%y?{S!gYDu(X-BXJoT1!#b{3o{Wn!7Xa$S#+3>!j zi+qHy%~YSwp_1~~UTSXV_tcGv@2;8MRX8B~`Z50xo&O9+4=$;(ytGg1R?Nh2&EIA= z&AVa2w(r!&39;uC<}h$Fyjy=d{)dkLQEq;TKXvmD@5((j!(?{qcI&FVC)a0oFaNsg z%ZqxG>3560JcEO#r_?k)_?>Cv|2Voj{XavX%&Tboqi1X9e+YZ#z53*r_x!Kcvp(Is zO}9zzK~?yv`pxgUX6^5Mc5R)2j#vRC z*aPwS$qlxvkL;7KyRx6JPT@xoM~!c;i1>o06z(g(nq!Z*)agh2e)Kx-etEf2)E(z7 z8*IX#Rs5MO>J&8D?|9#;xM%!5HPs)39X>{0-xHo`dUTTa+>OoC7=Cdbnty!PyWNjF z?esGD^SkbA>wMy=eEZ?;D__pmvahSCI`r%Bx@BFK$_||F2U)^r`#Hzau8D zmD1xjXLVm&;eb9u72tt^C0|mobbnW zJ0HFm+hYEG(-y(A7d;t@vR~DU)%bl_-@M0O{_uSEiq~)7))v&=RX#aUDtYcpZLB$UUzBGl8_~D(p8gR^52~OICkywgVyJNxUSuI zeU+Bs(Gz#PWxkwsUi{u zxu2bMjx$d6V{@%mKgfSe{`h|efqjb6C#xS$WL>pS?sa~A)*M&XwU;V?q z^pE3~-5=KkYff2F;4j}Bb=6MkkHm-lN48yFJImT_XM5?MNoI_{u1~MKGS8qPD`(r$ zut(-Rw%KQF+#lOoKMHSsXdEGaMP~*}3cJOxYd>=K-!d=ExO#p?Nqkp)`qlie-0{NE zch-2$c+l8*Jl^Zdhw``PYAe$#HhE2(=aT+?$yb}}C+fNC6r+Byu3xgd%Wc-ft6paQ zTk~yZ{b%UjDye#5;UsC!{|wi2Ee@`Cs`Qm~cealBzFwpz`Gfo6T($d0<;<==-C=&_ znCkuS=c+>ao9(xL>$@+ae&N2;_RDX#ayUowFhuwL`}#Tm7%%&=ecB%$GzaX=6n827 z7SVVzF@|qz`PvG}FYBeUqure5hR^Ll>&yOe%=omSTQb=_Yt zFW%I5N93sqpvS8)s81x*yMd zd%TU~YWUmjf`uH+rgLprE{E$nZa%v|<9v%9-+zYInGb#0-LLy>zSnQ`QuOmyhgY?) z_g<=#|KWeQZ?Q-1C9U2!z7^kF_`R{9GiLR1k+UC!%7Ce)jxm4mrP^(5a%KL zFOAvsi^;6zUT52Nx7Zwi+_pAbI4Yw|Jf(7d=OJ^i$94)ea+lwj&Xo?isDJhBCCy!K zIg@N%tDnR()#$Ihv2WwrNe9_t=ik~<-*Hd+M}79Hi0of>t1h|bIaw(SZ()8J8^Plu z>z=&KB&zpJwSK46^uw?H-^g>nJX^5iXG2WS)%84oe19x_6uETAt`BQg3fOD4u8;ok zz1dFS)jy&3_z!nhnx5Gqbi`fZ@@(U>kccfghG5+>f>WJNv zm7gm!KTAEV;e6CtsvG88ef)ZEmg2D!&rh)YGd&p2$+ksa_3HW9{|qh5K1tiW40BVR z**?qTb#Tn_LapP9cekvoST8#HQP}p!^_|=g`PpA}W(-_*OL>6+=6w|@6MuWc^QS+n-=lhSp4xm>>k{I}mYu~JfAYu59G zt0w2gfB5ckPESaxf4A#Fb6Ab_BkA3@IZAHkm5EOED=%Z)^Yg(~kGs6;7rxlH?NgTW z$me-ooU3~x-F9W2LWQ!={<~|UPf0v(+WYIe>ErGnU*m-wOOwP5Ht6I8eE+&`m9_T? zlhfJpTYfgIKeyz1YcRi6=(@f?HnZK>+e>VjWaSQC2cZXj))MHZUzALBi+3w_yr@iN{^6C|S z-)FS@@`KcV?}YyhhYBO5!h38&*S=!A7Ck*;#-9^+t*&p(ietH~eC14%NJ`=S89e3d z;*Z~B+H&Dd-}0pn%zP1Uwy!cDFSfkpR1jwJ)t}|=>w5lmGjkLAEEb3JtS}djtA9Ax z|L{HbtGVm;xK?p^+EwTLXILY-w%7XDK7+~LR`oOf1u{muf8_f7zO%}^cKdJNPTNzz zq~1pzcT4B;`j)=3V)YTTdGxoY1rq+J1ud{pY58cx)-#zQ0TJIITkmn3x#;bLVFNg5itUEsMNByJH zV-uI>^7qt!{krP7FqVSr5Dz}O)m4^*#5va-f#0Yy{U_>pT@Yv6dC${eEQ3kp)~dk zpZ~^Z%Rk1qzuTj@mTjKQ4F7YX*>gVnt<7F>;BwTRIUi)Iuh)rPzA<(6E*t-Eeb-H+ zU-aDSl5v}_vBv&p-Afy9jn+=X+rB$nOX6jf{$02nC#GC?cx!*vQ~OkVeb;SQZa$4Y zsc-S?`tH`S^pf~@=NHv@+ZabnN4p>D_~2Ucy+c=`>dVjaId zVD_r}@hd#{v95a9)pvSdwK+OGX1wzcj8XA3xw`BB>>~5RulhCMO zqba+3`X#-zrrL{71n-osclmfFPWFn@XT7q;jo(-I{X3a)a+(;M-NI>my$mm$3idKH zHvLxXXY_s2ob?K`o-56B;L4S$x*ql|?E9(4e_lJ^ZKGYjc)sC;O*P?VEZkBm3NP6FWwh1b6$2~k6hDc{b`); z=XM+q?z+Y%s+6j`nfaN^^L{UxQ!m0CCsbdZ$RJswesAJJ9;?qUqttJlj9sku>V(Ci z=W9bI$?G|ssVX(y`?N);XU@bsVWnSJYa23a6`su%li4MCY1IkKcUiNeTa(cAaL9SQa>X6tO;V?pq+ciw z@NBYs@n_ZHr;I^vg#mUBPd%6J5WQt2U|02@p;v*k$MD2T6~^fk9G2W#*m>ef=oi8C zLs_XG|21d4GF!K(A^E!LFT;m(_1+)(Cq3<&#;j-B8R3<;=Pnlgz<-ceA-i7EBvw_K z&-Fx+$IGt27Jp~z+$`A}r`95GOUU-X14dE+(!M*8fD9_ zr%!~els*&`U)sHwIq-_ENv)FgckS9_se?rvzi+HxVH5me)uor|S4+5G1RPs(lG%gt zeZ1zsi}7Or#A@`eC3i>djZmNU!0lYSvii%QC9hVCO1qr-6=U1i z?@fMj=q86k`i^z4B(|LIvgc8g$~~}?fo*%?N%ggr-zKCtrC)xh+f#I?;NafP;oQgF zc-2a8nO;7qpmC=#c3%6c%`3v^Hy(JlgIj#Ux&rsDIT3fy<~3gJIBs)!a+v9|H~k)4 z_w+7Oa{tCQ<-Xf|1>XZ7uAZx?50+}ND1Yj%v?Y0>_ajY);{n-I7ni(?+PR}4^^TmI z*yeZpPDQG8m4~|?E56pAF?Gq5^AqP;z7I{GXJoU3U-{acGA2*Glo>z!o;>cE)f26K z_Su<`D~5M{)+A5d+*eh)7H#B8@J1&2A-d)2esl2J_a^-dx z+?6(M*}bjReBn8}?|XA!ZjSbHn9h6tu1U*jq0F%F(k|f+2|fK;lYE&ywsuTxvz@}f zHm1wlQR>mr*>h63Cb9(c>|LDjAv3ZwqgZP0+_g8e(>D8P{;Z3?w>W(=~4SN_|V}dGrT4&dX4#{TWoHCuScEcd@tv_^^~?(u z>4ySbI}^?!ulvet%kA>{yX5nG%XeS>vU;`Aq0kV=*C$P^ zr=RH2ZkZOI%0Bs+#|q_3cb8}?m)gh##b5WOnTs)bN6GY-(r(HTN(>2zpr=x z@czx|qU-i4yRRnhn!uO3eP*ofxsXSzv*&OA*1y)VaM?@o&%U*i3M%T&KZAn%4(gZ6 z)mA^+Ywf))bDiFlhqV>!E`KX-|7P_={WrIH_r?5rv$B2miWBEe%iYSRd~x4V zllJ5AhvtXuZSP9n%VwK>-#*D9x!ZGl!r9&TWwoE$RzK?R{in7$@|MFbvp#8oC?|tR z`&*_nvmZ*T?a$3VYSsKos-=JDJ9X7g_1Ceg%cja~?0D3l^{dgj%=OaZQzvX}AAV`N zf4-~iP{IDF+r8^Mjh!W@tZMb)V_Yp2)>^zm>*Yn4Ao)iHRAlE!g+N%mWx4{z75 zJ@7l~cFUn2nc7$VN2}IsJdpEc$C=M(KWXuKbv@tvHSI#{O_}TL(O1^ytS!}D@%;M^ zTLxS0OC@IwrBp8Kc30K~obGyBCst#=!R$Xn))m1ctBlI4uCMx0fA~q{&y9?qJ}hjv z_`0OTb@j|`|HQU#Yz&RqVIy$(b-3E4_ii2EzjaGg>qTfh>A7~bZ(^a!LG{4CJE7Mu zyUnl3oxv=6COU%eS=*&B(=OwZn~UZh(q6FVr2H9<_rW(#YVUf+#yKZ#$%m(%5$PA7 zrt0UbJyl;Rx|wy=5;Zku(TQ6xyp}ebuAu)oDj-^5iQIyaD34o9IbZClzWO@5dZwqM z)}u8&bJpli-RC|-yzAoj?T)`M-dlJ%d6KE&xgE;a)*fz!?i*OUqWQx)j~Q!g`iv^Sm7!UDS)N<@_r9rgd+R)XQ~=VXt=ny2|2&svhZ{K7`);_rIJ?xl@z$ z;eED?El!GN-jpnwS8Lz0rTX#AHy0ihF@20Q|IfhrCAu@}Vad_r{^?A6({3NK%H1_B z?aqP660fvEF6U0xmfdjR@lth#!V4dl{cv9r>)dIw)zk2B?vf2ZY?q6r?~&JtVLi?g zzR7oq&WZ5TQK$A^+|v|#eZ_%AZ)bj*=ezn3_lM9cX`VSX$0QVy;NejnT|pY^KF_J_~b zmS0onIekkG4fi93AsU3+#>l546(N`2PP-G^_PF7G#4a=FHt>9oOwy-Us*p0_Yv z_|U&&p7xLMwfyWqUR`r<@~pq8C;TjEZ=>yMPgjdp>tgx9Wh?WG^A5e7x>&tc_Gsny zqw!7igg>V4&JvRf@htGvw(6fzy1GvCW7*vGk)3OwAN+DRYH?_S&5rwu*;DV@^1XIF z@^jO5@9BrC-t2Pk$_)+Ttc%?E{aD4H?4_GN)^2ZqF7)zy>*I<0p1m`S>wV1MzEAGs z(K-7wJ2*S-4MZRAQ~a=O`-j&@HS^a-ow!x~+a$2{qb>H+$$||{}vgr7VHY|dHZFv%(rsJwX=JeU&p%6+nBp5x>IpV`pSbVzLj0M zBpR|M`CSM1q?rfTL_c*8-u?9CgQ{zDuPm>Wd>QepIl=sl<1x3ag$tgo>ybW^`;O~@ z+`O-T50f(@4Hnz-SzVj@+LA}I__*jyoyOR1^HXdVYs1=EzNCd7;aGLF^YPxmNS1m7 z+uvbr%WZdSo={&JVC?kHr|{95?uDU}S02_|O|!0WInC4R_V}djXHO3G3EYKeOXRpe ze34VQmYA=6##O<laG5xAeId+p&Cj z|3`V6phSw>XMsGqMY|-HGR~};d|C8~U(BVP?*$W|HYS?0SxYy1TwlT#CTs827TvGQ z5%TkQ&sFa33tfJH%&VHW&$wjH-KLh4Pyjj^yhgg{J@d=R$-b(mwRX?j`QY;6Pt(`= zS*10`JAU?6Sryu6d~c>mdgi?%cAqO!J4nhwY{=)seT%Nf(X0 z6#lb1^k|nV?{%-=HRo9Ebp76`q@MGz%}fvcoVbCV;i_kV+@_D0mG{O@Rtnl!##bw)N%z)^1DeO|qFCowf0J7EiPGG@I=fE1!fLf15SeC%o{J&w-w@<;SbH z_slxb^it$;8C%w`n1`XEn>be#Y&KgS_H2{4GVkf8!V@M}XDe+S2nJx?DiBz!(88mg+wDNeDI3`rI*R^ONSInL_HOrz*d{bzbpz{==V_ zb=Qd*Kb=0ayy(!z{b^^pqV+lduI=W1U|{h|+y2|i-IZTg>OSmkDZI`0^Y_dX##yltDi0?jLoo%rkG3xo+eh5U4zxAN$%Ye3tsnGuaaxmbw-*xk&cNxywgw z&N$`vP~*Utb#CXqx~=+IW0#aqJoG7{$?W;ws^cw7?y-ETzpqdj=lRfMZO^JtdXJX( zgs=Ib#(5~Ed3(O->?*mb%1e9WBEvGCXm6=2y;70)H<0 za4~n8Q10Eymv-E)Ili1VWA40e`*}`YGvpTS(zP>)&=M+e^DW+%{bWMTCJR~Cl3zX> zwq$MW5$wIWR_vJWT($XvH$-Rma9!Hmn3Qi~=9?OMs>|+&t@X9uH9KPR9&Pbd7BBkG za62Wi#bAEEw7FN&G>e!)C@!E^a=f;G;n%z@p?a$u2tK(-;sZ6M8&#@hM=Vcj6 zDV)eZHE)N#LEe;@DQj$mFMRg6yrnWVCzz*8HSj7mRcaf=lMQ7No1??toKFJiu=6|UHPisGsn)= zdu{e2p@SW_`?RO;|0ojFwBZ!zJ8kuadz5bK{#(>PQTgi&t)(0KpA}EyTorikI>*t^ zb3V?xu({!++95X)uGW>|Po36oesf29Qgz718#^WWEM#9rOi@q_U+U92<@|QhvdzZd zdX`+{Qql2LC_EZA?as;+N#%7OYikmCN>}J9+@0w%!*0sqTUjYFVh(HE(!}Zv`*W0hXJgvkS zIr&H3BX$)v#|Iadsf!h}`<|K_`gYd(!iDTXr*@cL)thjFLwRfHq=QrD1V7^op5<%# zm|fx0-wy4RuqWGEnhY=R4Kwre4!$%i2rLlUD5A*S1ArOH9q_OKV&c*6=+&Z=01D z)or|JLs9|1=)%mT6INxb&3+a2g#O6!ySOF&wcm?N23ohH_3LJ=p7u@4{b5+rCfC5J zZ-b9>O>D5Lx-j>2kB&2I!y6;5ina6e?j+CJ&Z4r;@sC!;+x9S9Eos?FTDNblSREL} z8b2lF%7>^29~z!qow6+_WqDr3$}Zz5qe-_mhj!=M?mV%YlWBe6`L+Hc(QOf5R_S!= ze*3sx;$_z?i)hKfS<@`Mdly{oSX=h_+9bDJ0e1$;lh2m+8Q!ehnwVQXv1^ibfqnbu zg^R5PU2}JvD&2hW?)Hx>ACC4s2x*L#IO?$`I&KyaXsd_Zg z%$P^sjOpK$?mPw+zNt%9H#6?he;WAHQr_SwtLnnQ#4nPvFT;4B%i3z)x;??TD=^>d z$c?kvIoteWf>ay~zpZ84YN`Bn+15>uTc0gmC|cH2@@U4z$p>D(43p9+Z1y$en|GyX z-GEN0YL}>N54jWxlTKUCdb6 zcs4!$c4b$w@7tus3(t5j(~t}fS(o!IovWbgW30@zS2L}PyUyq zrG53-IQz9@M%9@AN+W-Ds8K^gH3}~AZw<~r}@s)Kk^XZmPwJ4Up;Wd#N@VTA#lDMAnQEwXC3$_kx8_CFqRh){S_?lj_%DsQs(WG2 zgg57`LIsyAABz$@^!DZZs23Mcty@+t-ln$Ys>za+okC^@=g584y`$AQL-B;{>$Cf0 zf3yc&D9zuzrRBIHcXQmzLXqI8wTEQd<+e75rKhOp|ypZzgG}u41(dtC}~nY})4s2B~>%TT`|O9o@@$()92T z?}&NNZm2X*d2D(sb9&1WW-~YAlk3Vw`d0XTlt`+$Iw|gP*GeNh4&FIj7j_mZ+&a#@ zH8?fE!=~%(o2YV)?tV>f<_k}fKd$wbjqHhtfAnaxdi$y5Erquhw>`Ze;AR*!x97>a zu#fX5vL3E{+3>XB-q)vcrXT*4edpE5Z1R*4ef4Y2+iE^;nd|(IW|-^0XFub~RTw)Z zb>Vr9V%K>EN+qxM@-L0rICts?#&0XPN*A)cktlx|dAcC*1ZS*xuFSM2JFmYmXN%~1 zC&{+U*X+TBRewIt2^U-tXLM(k(%%PG;i)O><{K*>W8++tvZgdR>$;V-^ov>cs(yY| zb){^(i*y-3T@b!+`%2feC(Ep{=aa8}#P-Sy6Ye}-x#$3Of4IgZOr{JL)S z;aR?$EVOeP+c;FS`lc@3d_u_LQ{B{SFQj-6TTNO}cwmis$cyE^%I=<*Q}uWFUP*6^ z{$|DU>F{Tt!j2*VpoPqr}&DT9SG;`uRtGRhAtO()J5l*XQ@2A#nf9GX}?7 z*;mMfR@NNa$#=%LO#d-I^9{$R=NGp*Se{tZ8~mvK&~KAuxsID$wHrNS#pYf-8@DXn zn8~fWbk*BjDVLfR{~4ICO|$Q;lfSYq=HTMFEpvFUZeDo*#jG#?A}-Bjh>Mx`b+p2l`fLLR2B*gpBd&`H+03_2VLqpQ$yAr$cXE;I3FZxJyytSVEKT;|Yxs5XT+7sn zXQOUR3qGE=d~f`=js2%@o$hza`fxdnDLh@_>xv7B-|DTxUvVm~Ok35kxb%zMSJ9WD zC!ILYS*+%H(A>9J@^9ACSK6y{4xA7TOpQ3RcdmHBaofTWmrj+Z4Cl|D{IYubv^7N$ zA1YXaUfxPD7BZ+fxi(<7>tE5(Ioc^7*hO!=j4BpA?jv|5RG#I<$J!;Q3mhLLJlgGD z&CUDtLfM*_yi+~9CBI$sS-JDdyuw-AQw76PZ%({C|Jc&IJpNn#{GDuHp4GS!k*xCA zZmQYFMOS8t3n&|#72cYb8_;4GviRv^i8ZfJe{FtJ`N_}7J!|>j#mXKh1f$xs6^Ck0x4oYAXR=nip4|JD z-=`>7Z>kWkeo!3CH&^Izp5Z~I4QmwcYdqhZ?<6UlT_&4-#XQ^T(21}meQAMHO=CG# zu6773XTA^EnwBeGvU|T#zUEK0eXTz%mmW=g@ZPi|Y^Ox*)z8m*m!39T(PY=!T7CE3 z{1p*DjD5w*)r=a1`@UXO%?h)8GTriSg}i63Q6*1HVi=lGfUz z&u>1?b1yyZW` zysalHr0%}iay014lS!4|*Uh_EH0Rk${gSTe*$#^s&ss`KuUvED{meGbv%b6sZPJ#V zc;ol1%WvWn&DUP)JOx^vQyS;|+j3-=!iS8Wh}oVZf9gISU#7M5_Z!C5a?;zoZe0}< zliHDh^(9 zP~_d3l+uG4F`nMSXEo=`6l5)mVf(%Iz~ZwfElkCBu3Z!3-CEcjvFq#?{`Ia)Jc@Rg z|1+&KOSsAM_1T8^Q}b=&zjgc+Jl=cw+SJ{Wd(Z7Ux_HYbo+ZV>?kg%+H}`4FiOtTq zQ^B<6_NKRLt6Yw0Y)PyA!M40*-`z76t31x`RwxWpte^7aTG^FN=V#BW)!gJW&-;D+ z!xd6>s}_8)x{~%d#b0GF)8(+8ycr1@QcI+^t*(Biex7G`$b7H+oBNxO7S~B{7yG_F zyw&XIr<7XlrQ6d!`CYuVHE@eZZr`L|91_QyJie^lve%P)x{EUVkJhxAvEJs>qNd#r z54!Ec>Q-s7LVwanE7QH7`ywv+mI`kS$ZFkC-Et=P_*T!qGwUKulx;o-+?=nIyd&Fc ziIiSv>1yAGZ68cp`*WDGKfM38=Hr`tc0UfT|1s^+^ZHw+nsYhq5AS%iKgK?B_DG>X_uqqBej(YOMcH= z{oCx1)yKB&53}b6yIq!joV-D%_RZD#(tr3r_D%3xT)zCIgzh=_o$HtHPd+Q}e{r8^ z#KH26j#P)k%9D7@ zxatzJU;Jlimlv#)uZX&5oA&$JJOMM&SK6ol1b!&{&v5v=fA#W(hVu^8X3w1T@yoM} z=XaJAIR43eR69?f=dtqXwas%aU)44L@O!1-^^YmH_|Wx(Y98Mij=!%CH@Ij1!LC2s z;74~U>mCoYQ%amxk%w#Bo*UtBNv{5{wF$J-jSKL$I^KYagYnxe|= zB@;floBq^GZkQ%6@YBaKXtK{&e$E=#AHl0LbpA7NZT+3SqdDc~@_WHw)@yvc-d&$r z-)S$T`$x=1!Q?$}oLFCV%LK6-j6XZhSFQeS@<;vB9&NtGnG0^7%-1@)$+BB`+Pmxv zdsLVHarjaBING{i{ME_g)M~TaPIo#cs2U78uOe%dF7kn{<~_x5f6c)dMmnzwhz zh(el}mm3UKqRe@$)w?99gb=CMGVb$UibItjccQMmNuUT{C{}JR0$% z_Cwq`-S~sk=kve2_2^`0Y~(wY(;6|KvX}grUieVkw(8}gSsF)I+WB3++LnE3as1ra zeaH0Fr)AIQeOD8?KJK-g=|sg2kD3h;MMl~7o*%v+UeBj;ZInor#IM9GGv)D^WlWLlTm5w z*PO2`U!l8o-Gk${g>id7EPr_ZkT zo>{?n;q-y^nwRS|vgH}KbgvCQYP@6j+&GPJz|0 z@XPW-e-u~N==`0OTl$}&eUhWzvJb}f@Lpb;a^r{l(fGi+0%MZ zR(s;p^8OuXr?PFcYr3R%G0yp0)6tJpznT2BDKAg2$$ffv3-5}1i*~GM{;}4^RWHs_ zWL`wlvh@|ygF3e|++k&4aCnvdY~u~CD_L26T?K{d3xBlSy;q_1IJhm~UQG3E``+UJ z3|uw^IVC$U2X4)HmzFiFs_Hwyr|&wfjf;Hod;h1;-vSZdoXKwmAH{ zdD(~K<)SU?rRC?_hJ?=c4LkEp*E+{3fu-d-`&F6Po4I#|UKv*uyKVbzI(Pl~J8xgd z)j!g{EA}~H+NJ8kO|Cz?`PyfFx%q`#`pf5iH)cbrWg#`MFr{j8h*u8uTlk6DpsbLF4d#?9B(KHju9 zaBqzHmGDIIhWux9oKv1YlIbZE-KXe!?3mH)8wWnR&0eXZQyRV5Ammid9hp%3wtq@e z&igh^`=s;YhdXoc)}1SF9Q#%-c4@c3+KsX2S+45x-9GeB>hi6_aaX3M@$OJimROVF z6t!Z)lbzi5LN<{PpMU829vHj&&bdk+OVJ10t2RqV)}1>tsdC-!N87vpn6AybpZwv; z@5Q0NQm#v~cKw|cJM)}TaooRH$IIRMD^_lqc&Os)(kmAi?3gYi^?85u_32ghJ@2;M zF4vYU-jlxG^rf9b>ZEXS2Ik3ep%2bxop${(({Q(iCpYV_XM5L}b+mD{lRqbV{>W&h6^jdY*%Y4_`{=MQp2|n)Br6 z8h^bu``#McztfkWEzj2saO3)QeO^?Btm(?`15U=<ABBTPU)Ey>|4`+ zDEnSM-}ZD`g3STWn9{S^ZZ(@SxdLmZ+n7I=KY04Am~&!f)qb1miI*oho~=}!*8X@u zU(DV)Wo@r+Z0DVK^^1RRsq|UD^zHk4`wltqSq7dhu-blW&DE#ddIYSV?Oh`?rQd4x zlwkMi_gyP9m19hoEBrZ7wkBWj-mNTwRi?YO-S1!9UHM#U>YX-kr8RaRjB1Lrp4={uIg9>AHTNxPNY~;P=HZ!&()O?r`!yCk4qQWIxO3}x=^KXnsjyOw!VzR zo$ROkI7GTPE>=}JA-ZVdOrP63e_r44B2#&5yyc!Ntp1_4uWq(iiSwUWvCiCx$<1!= zt3?OS?)Y$FpOE)*3mwZF{`pxaeT6E`6}i@|eH|TSGi}q)Yv)eA%9{FG_h+W^l;h@c zR#NwL_nxb~^{n*R@w|ntIs+s&A6eRP%U+F%Qe%vMvuRDZCY{s)ZwKEI;6sWIQ#_eZ@h)o-2EHaEdEp6_+Q{aZ#U zZ|p6;DeauSyK<3*!NmSO98ZFh{dY!)rCDEpk$IA-Rqy!nn9B>e1X@}8oulkzFXZp> zU+ui)<^lVf2gY)TO&%TJdB5&t9OD&JecAd$p(-mSJ6gBv6co?;tMP;N!Oap|meU3C zXXhR^NbJ4$^=I*8dAZm7`M+|Q^s}XSCmMW~6MNWo{dW9D^|wFykNhxs&-CLR$HM)t z0!zB;a=u84p6^;}?)TAbsp`fT`?o%CvhiM45tT3eL+e$Ex?PobPukh#geSakR zkGvN;zx2oU*g|W;r!)QC*w@w_yZ>^U)U*D=p!Twb-k={%KP#xK~`n*1l!g7 zKH9Y}t+;nqg?|GZY$`p9CB@VR-DQdE+8tbzi4?k~LMUYgBv zFfZk2@#GzUGiOcxyU8P^?;+DR4(oke55K;rHSI6=)Qs#`zf>>>EY*XRglNz$9d|sbR^i&pS+a-;U@s?%V6|GCcQ>C+D{N z#d_6@7iP6=6%N|@LZHT}-%l>&+L=EeH>7Rd@}EHo{T9@N8?1zun`D);cQuor$_Z43^H)Eft8@GB>bJToUHg@eaayk0_^Qt2WAyRdhv&Jo%yZ{# zDZFiX{-tk`>dLGsz0&oP9r?4a+?;;*!sPE+yxDO(r^&u7Q4XAZxHfy?2m3dTzy1FB z>@bS_p;XPGk|+1bXvgMuRRKSmkIqw@m}4jZLp}JaUW$VI)98&n#c#CVt(E`A@OQ#L?nv{l zKZ*5)Ydv#z8i+|u+^hX8{+94Ru7m0a^u_Pj=>MHvpKfb*sJi?n>(e83*}u}6=X?z2 z>f8K1V5!8B_>Ye_YOs_TKo=|EBr3 zRrgBw(`*YX^FL3XllSuYBsBe-27m7;>CSV8)ebEXSBDb_8AoSS3RzY{Owj#@?%z7>UDYVEd@@_?7YqMzRWdE zPmc16o*$A?rT*sjZ-WZXExg{3rudtP9ocsC&qm(kzs_>B)m zMRL7+TGlnyMrE13)~%#>6)!JbDizXnEU_%PcxKX*m0w?8+N!h1y6R}%x!$e)D&gLX zez1q^oP26ecUIrOtrwzRYA)H>WYL^bcr;aO-7QhByk~ihOU^I9S?R>^iJisp%UX|; z73-1O!zf3<5* zclx5+GZvq_^rSFWzkQ$Vjm+<-Z7+AGIG?_DZgx7~%&gositHJTPQR|bZ{K5Yd*oxM zV*bp13GUZsc^zG`oA<-Hc9zYR9$d$yRUWS`y=HivWw#(Bd)Ji**&_Y@{x2-5N2SRVyR#Typ;Iey?-K zUd~iLbg_2LeTUnzKZ;)m@0<0p_Ug&Ct}PlCS%Nm3_vgKDe+*L|eDztddS)l@#^fj_@Z)so`RoMQ@;jEp;#)-3Lacp>!HuYHeZ{yO%Z_YL?3G2VvA$j|# z%f-fd8apK4vRx{^wfZdMbe+AdnMRtym)9@9He;gBhDjSAG@s?X<169D6uZ5aRq2MS zf?c}B%cyd(gyQWo-&XV}I^NoH=$2%Env0J}$;*IB*Z8HGr`j_Ed&*Z8M+YI>WblF|+4<||xV zlb5S(yE)@Y*XHzuiM+E7w62&fGI08C`=ZnLi^kg4O>Q@~vwT~no3zZSX7jb}EglOR zJk=Iv7gWei;k1_MUux|X%WnDd=Ow+lY7EJJmFFKvzfAqT&yW4m3?1{0>Jm$(`M$du zMJh2>sBaf#eLAH`Su$C^VQutzr8}bUyOxEYb9(YmmZL;BAwL_JUm3E0Yh6uU& zXRWP~a5^R4Qx$g6pfKEWqqGB851-{KbFGx(d6j=&$3?qZ-nri!IO&Y0ip=K_f6bYN zsVdD`6C*!IxHHdveXjCo-ub+P+*F_>ni_(QfZT*O+X=k!;>cj?Nqy(#fC<`*q5ytVbcV&<_!MvLcMtGzm>f-zon zQ<=NX<1>Z-%s;$(eJl8o_*8beNBioo>OS~zzUSz^?b41pJ>n(v3z`aeYuyX;8RB)G zG#{4wbia2#|Ju^OMoHgPHyBmCF^&$bnpa!pr`dCL{|3d4TXtUVpRSX|ZDeq(_Nd?W zuvxb%qxN_!-Y_^mN&D1A{U@C@>b!p%85qsCpY8c_wtSb|S*yD`%ae`@Xj;DRdQ~km z<=)a-=R^C9KWx2t-G={BIEQ?7q{orfjJI#?`p?k1e~aJ5M>}U9-t~t!bEQk!mOR59 zd`8+v_k*(26|ZYlzP`2c$MlE)CO&rS4*hWCboxq{_LT19Xa8nv$6P(TtlEFN{q%1g z0dFm|YOAiLcj)Alo-VumHQIEhMDfnzINgOc@jteHnDiu5&T32bX%_|Qsj{2nwmy6> zmtkji`Pk~kchzDUId{*BJG-FBSFZjse@oEIZq<7|61V5iOp-s??{)ISycH%pWO;gy z>3^NQ>-nXva*&_XVn@9 z#o}{XTc4ho=$uk=U`?&vsc)P$w_6ye)+P9>t@X4zwo@g22fL}vii=k+tkpTKdf8>; z=3Q!4g&|9H?kj7&oWz>pS*YgI5y~i`(wDX6l9FOXSJRz56V+r+>zP5Bljoi@a5L^Y z#VC|^;+R#~*~@!01egA2sObBft@`%Q_Hw;wyRC~1S*|?XGX3?dnrDf{X5FTRmcJVC{3g_2Z=Jm-g1TxnF9Pv@0HI9jwdgdbVD_ z_vb5RcP_dfw{^~+O%0xJ?`;XW z+xk}6$~yXL{>-I}4F}lP94}gBS84e+=F%%c{(G8FLTAV3-3thu@n`v;jF20D7hX7Q zp(9=KZ2g*v>Ix4gUfOv=U&*lU#go3~YfIXLQgZj@RXi`XbK}Z*!JQ+aV|e@CsFg2b||ELsNEc#*7Yn*=QPVHX)ed3!IQXqHhIkUyJviF z>CUT>ofG;D&zpvBov|!fVv2EfsH;)TM3E0~ow&Zp{JyIBz%yipb;Wtnsz(_&DjTjw zmT9Qln`Uis*}l;6@=5k*CzWQH^JpZ8d1=N>K9^?Tk9>+{S<<`Ha*d~{_=n{U zUuCo0xh^>!js5XwwTI)JtE)3EKAtbJC%JS@joX#Cfl<%ysR=4SUioaV@`LnFlZ^}i zGo+r_=ba<3?)71=e1JFiO1;v`yJx<;WwOUKRjgb6pltMr zKT|%R{~q_Y&Saj-)5iRDQ{Ubb^9Z__?9u1JwkP=E*2O!Vb{@z{7JVlt=w9(S$m4~! z`4a!UCabwpr@W_gS+Tu*eQj5-nt127)-`|GE?KZ8CHU7|cg*BAKf`e>d-n8|_nyAH zad}f{D#Jh1wacdah0i*%mB+#+>}bo<@V-TBC8eseW40WNoXy4Wb!SsobYGaC-PZHB zJyp8AWoos)?tR&4wq^dr)&7n}_mk6nFMKG-6nVNSTGY#W(cgHxpDV?JqFHw=dJ(g% zac7{MdC9Wl6=oCmYEHCWbj)Y-dOt_otkrjKC(eyw&H0{a$z=MCX_H57Mb39iS zmbP@&5ph9th0;H-rbHe5eWp@YYrAXFmfp@3zTbN{Sguf+omPBn#j^EccY7+ouF%_h zVqx#Z`LkjcZC2lXwew6y-$c{UazRmN9x`slijP2oM@P) z+#G3=%eiDt?B(2fZd#jo#3WS0&aPc@?a6v}+v8Pd=f{0WZ+s*5`B3dzb82L5aNGOyNW>-XJL^PV(4G;TxZ0>^tq$%vRcb z{L%bq-}Y4}oh$L^b*Q_-5bHK(uEH(zFN)Z3XlCHdL%4(7-1H%x9+|D)p}VDMmr$qzg2KY}~l z3O|}%vMKE3CN3U-;IOeaQk}i5Ydq0zX7B5@9)qjQqy;>ViYc&Ua z5ZLx?2rqBeyOUovOL3z%A`cD5z&P;4&J z%0(T2{6aPGaOd=CU*1RB?2DE3mKWdot@Y`G!+G6#wXUgmZmkkxdJ=x_m-*X=kF_;s z=?hhqS>L!Uowlu@y!z4Z`CN53?(^F?XQ^IGH1pj)WpYp5R(|#{wF^gsX1@3ob!oOrwtuVUYF%~TOQPf7N7XKtai?)v-9RnDK?toRbADlerws*=5n^B-ez@s z9^YDXJ9E=i-P>K3Gi#OiL>^z zE~shRQysik_mJ?M!plnQqFoLMH=ca9eBq)lk2Y=rqr#t|9l9Q@y-`gf8gAAhAEVnO zv@cD{oiep6Q{Y{_VwmpRTaK4St!`<3o;6G3(1-nVRZI9D@-AK>?eH>e!IrpkeXj_{ z<7dN?1AlgztE3oc)&86LHf+*8HOVmBs$fxzbN7sI&6O##uIW7+6sB~m`X#Yo5mE??+io!o&^~F)Z~CI`SZNYe%~5%0seSI95&DGvUy( zK9O4i>%FFiUXkG|yf-y)c28HBxRye7igxRYYiB(b)_d(xQhD&KwPnud{=;jvxvshT zZ+?)R&NL$-CTaao8v$F*`RPf1PmgMs3;Mr#@NJoQ&g#peC5J);tZKC+ldb*Oe?FVg zbG+k8PyM_sr5WtAc3O$5B!67>#^C0nqnSy(&DSPqh8{Fkj483rY^nafVB!p&{f~cK zjeLA}e$^HSd%aAX4Fb()eYXmy`FuMt$zjdu-vKKkK1P3Da4TH?`K;4>yNl)?Z@f2O zOGesKdUZ$OP4n+-PHzuo-8}Jibk){b*2XT)>*LRDQs0`eH04QkkcZlAcjL9^b}BHw zkJ#+BB;Tg*z(3RNkG$Pnj23;+o?R(Z(|c)aw9KT=s811-oHzR07RFrf{Blt3^^V6D zx6f%W*i-V%7MQ^WS)(cbXr z4PmofQy+X$+L2p#Jli0St#aL}sw2-<`Ysmt59vKP$^)t66&LosUwI=X{Lmo4w|=zD|+jvP-J6ZTGs z_MehGsqW=k-_3DRbgTgQGJ6&XSu_xvGdgYBDb*2UL zm=#qXco}=W*`|DXR>0aupR@C4o|ktF*4VW2Y}9f08pfWJ^L*1PZ>Qd=;(NA5KVfH| z&}XflPkXMJ-YEUKoo`QLHSFYiH=K8(;OvfZ6>$DYjnz~Ot2<^6>`=IlDPO`~ahhx{?2oz=Iu85TkzVr43 zcg*+B-0pSH^ZtZwJ+mfQ;-Ku_Y`s4-A8DPPXZ+)H^yM<=zzYvbS68wg-qhe;bIs(! zq{yp#H^zo-%n))~!*7!krm{`)Zu8IUskWi#xHf$6_~PBEq*a-_hR;3gORdu5x3g-> zSw6pTt=v1|Q_Nyb>B_TZ_jvZ5Q4_Oums~k(m#k)F#H+VScO~kVe_ej}_}=o3wpKwA zUN)P0ZYTujzY|Q>+B3oG8r!~9$tR7f{~5w(O}c*~b4NR8<293(Qo`iTn~;>=SiWNipPihZaW}5<;cZ_z>x87AclbEh+iqwxDOOZTX9$m95UVdPi zWPwg%`o^ipYtkiN`)v4F`gMs<+>1$mmCL`T=CXcWGV`6(^rJ^Vop3tk_@FtG|KsO~ zP1;gUQZ^6fT%UQn;+$sgjXUceU-SpXe>j*7rX8?~<=O zwyW-&w07F-c~|FWe_S7abxQZ^g4z9fSD$aMTGCZEW6H$)w-)}pcPQuPF-Mhfmkie< zk4r<(2X6hCy7ksfsW;4j?|fZm-zm94IYps#z0Qu0iVfSRJP~{!`S!7F$f;AC-^%bj zo3voU)R6N@zM1mXe-<;VU$`dUQIjfSu%S!9&+cnMRe9&vncPm-U78yw-dnf#;#B+k zxi^=en4}r<$~yR3p5DnKKYoU!op;?h^<^hcnOAFd-BEP=t!lZwM`O2KSU90=f`;rX z8NoGaZ;IulKfJwjo$209ewE_Bt1oAnwaqe7GR=P|`Q0?$H`d%kdO@Slj0b&JUiW%^ zOZ}W$8ekuFc8O`xnePH>&(zhI%kH|WJ-g-BIgXcIi!1B586EujJ~DjQlrzSY*epaA zvn!=)D_wniLhtB(_N6IjD^BY@wX}Tje63^kil38m)0COjFRfg9Dq-8Z_NH2`$7~%z zZd1Zre%R-RB&H

ez)ESFNY6~5C_%8RYplQ3_~#-qkUhQ|uB7OioZE^e({ba+zs zylb+voPPV8Uh>R3$2EzMz0kMY$-7m>agu-GwN>BL0&^ptuGw;YW>bzu@`S=`yL`o6 zCwe?6zT9PH%i2KO>;2)nwxLFQN;gFFyL5E@8uU$8l1Tw!BO2qz!@B*XFo5 zvOL?m^K$m2;{x`TyFzDIl*{lRTF@=|;Oc3ev^lajgN!WM z+WC@6#M{T4L$J!w;gP+o53hKyRuvMuNOy}0^PaT1 zI?kC|nk%cNnHXL=?tJiQQ`p9fwOnruvel28|7S?p5^?hUoC8T)Q)-$V*5x1V$y>kn zZNs_iERQB_J)`!;q-2ImVXI>UyXaC0>%x#N&sg1MwcU7^$b|JLWg03)Hrj-)XxZ;2 zI5Au$BbNNzuJ&Gx{^$Mozo2`|7hj+@HRPu1^c~SK6}o;z=+48GF<7?!|em+_N-) z%4M;aGYi-ZFHKCZ{h_pTX-buW-_h1fbAz@2yj;oYvvQ@D)lnJP~=&)ceX{lfYR zN5$6Ijq|5mw|?lo^68E}znzNI6+OSK?Y=!zS65}H?t!@f486e@bb8G0<+KQE=c}zU zywY|n?dih1Vury>Skf(@E#6YGQ2It;IP23X-3^9b(JgvyhdB;1Z?z1aGUvjiMIR+s zPK&say3=%S+dK25x9YY#*8FD>Jgs6UziZN+)TYAlyT|yf!oqfzOSDAzYs7CcyO+_W zcJ8P@U$pJF$@$tThCO0yS12a5DHI>m;x#&(vrs^}Nz{QQtaY2nBzC{4t1n7!U&-Qa zVpN&Sq43>wW$vO#e~#M47SC3BoYhWkjo#qhs~Gkh{iazCe-8!OF!_=M}v zjUSm0U(c7X3Eg}l;NP3ON^`!S4!`uD;X^2Y$ApUO-+HdR)zPmxQS#&39f3Pc#uI;D zpZ)KUJ-_@>d7=3DNk)kq{(daJ+xTejI@X21ckS5uciG#Q7apC@T4f??dgE77!&%ob_-|<-&^kBUZ() zX4$;xTdeB&`r4jmzb)5v-dvBl{O;bPE1xXSvF4li%13_qxbdPSUK4exG+?prB)^#;ocXP&e@uOIin{r=(pKhd?zJ8aIp3N+@{*q)qS zayMSOCi~;OrH|q}KD;e~^E$TkJuJ z92em=?His$YK?T&ABs#@5}dhQxlq>4IA(s&Kb44z>PNM2j1sg? z_D^{{>q~Y)US#YplgDW;tBdaL?cevu#YXpGf2Y_!_7CE{t$VNj_m=XkFn+L zb*vT1flbfDKE`dh?9MH$yg6BIpW)wmf8yrZ{^(6yQ#onx39W8zOBJ5~3|fE9F74y~ z;eF(u?1mkmpZ2+L_uo=;obSf#uAecdn^vXv&*FJ;NHb~fqMC#0%YUdJD7R`|-lnLx z-DsMT!RxaLujAO}AH9~pV(CNI-~+O&U-HZUJ8hPFW*4VS+3~2)@?G;eZK^+9Kis=& z@3z}UjzxP}i!U6$x|rKjR`}4><*VI$v!e3*zf=b=%Q$gK>9J7mIaj0OkJ$DvVHCaA zxvS#DIpO!=3vT{#_|PIHVif;M;MlAAd(sjNT#MvX|1POx`C(LOx4AIe+PH*=Q*GBn z&iyUVCS@1FE|KU~B z&O|FV{JP%!r|NJ2AKypa6=}P!N0qiYEB0TuT)$$yoqTW7gIDYU8Bck*ClrR*I6mAP z9=fwSSMt{D(+nP`&&H^{>f_sjor+P42A z&wOqh%Vj4^SXg3AH$1kmDGdB~QBMD3?X>MnD%cNS*G>JlgyS5arA^Y7`t*9PivEZ8 z$6x#NRWy71CT{h1*15E%x+huoeAcVdbc;JDO@*Jwx5;l_w)oL}kyop2f)2d4Hk`WH zUX%CI-o;1kg;Rc5ezbPmzVoBctz(n(5B|sU+{YJIJUb?K?Oklobo1oG36m;Lu36qOXW@DWuXoR< zRlI-P-fps2>h`gEj@)mru17Un9T9%kQ#{W))V}e)sC~wHp_(W=)eXB-r(O+unkFG# zd~$th{*C7kzaQ%F*Ib=dHFeX=@D;vWxAd4T{&ija^`{b@Xzgj0$(PXxJ`-C+U zA}3B~w<(PIc+_d@ql{Z%ipXi?VF<*~m+8F<5 zVD;xBa)>tyi};?zy~%S*`ec#k%DOrP|y7*gsTW{VLv|lG8#`Z5Kc1pQsOCE*mfg z@-vr~CuW5|{~q}=p;GHw;N%M*ZPOoa@3t|0q*%Y)<>NA@3G9Kf{(qFGm;drHH|KJG z{C#HJ*VoglzBhc8zaQ@}Jo&q;M)x7(sOb$0d-xi{D-Z!>?(*Yxr-@Y7n_-)?f&Kgew34&LoHWvioHzm$KJ&YnMW z<6%?BWjikZafx$osE_(=Xqj(Rvn(r2{b~)%v{^ON1>$xKv?uUhx#r(mC+E28N7=Jy zPv&pgJ;Ax`ShnAPhUmSQYg|PN-?+;r>eyN4!q+ZqebG~AuPw{pVi)lTIp zUTdfJoBK+dNXo9AICpyQDJ!`wYyZwT%@0?M^l#qTm_PBvKY6eB>r2!>Y;9RD!(9+R z&Egzyf&1~O+M`#tmEZE3_IuUs3bt))Tc-q`dUfY{P2$Hi?Y{=muK7<-texEVY^Qbg z>iOb#Jo29;Fg-A<4&5*DVzTGzbJw;#Oi~eSy#MDvgO#t^q07#fRIaRB_iaux`$E%~ z2?iSjZnRrZ-NXGLS2^-}>gL@FMrO*-*Sdd{KXg4#W|ns}$3GvL30k_!N5#T!wf(lN zOMhPV&2rtgeEpD%sns+8JWH|JcyitS)u*_fJ&M&TP~@>*xO2_&PiN zXkpqJl4;IV{W(6Q;*im=(xdB{PuDcmTCSgGXa3^livG9JB|qPuU|D}{m%+J98(#*_ zzVSuA)xS`8(cNv5v-g%?%-p{HT*L{6W3H9%2j(XK4m!la{6OQ@o$u?T&BMhCR16Yt zFFaaivMzY%sfzc0=?ZPuQxY2Qt*)`ZzQ$y}(e<#vPkqMsw(SYbF4&y<*k)OAjDDy7 zgUhGAUNNU_=>5B_ZI@M<(LSxavf<%7uIL0P*>j21W}gnLz8xER?N{!FolkwsihguG z4!ZKh^Sa=~PuF!H@741(`MzU={GPyxUEd1&CwzW&Fm~$KZfWfTy+gd~Po#=AuiiKB znvvwLiJvA|U#`)AJiGG3kL05}dfPeP24_{JRK++&&uqSZ;=an^39MBgCZ$ggo83A2 zZ`-fFNtADtaHkH2-K)&{MW%<(8khNf}qSYuZSCSuapye9<&z((}Xb z6eddwd{f(zTYTuB&WDHgx2E+Z%e-gqda+zJTXM6q@2)Fbyx&{<>`IV-zgUjnv^-#E z+dH?pYd-yWdZm0-YuH2XV+Hr__quH_5BtxcTyuQG*VoZUqm$JOH#^Unv{RJ*MzHm1 zv+Clo*#XVc_jnkuiyYatX|_J|y8~;*Rid~kUB#}I^>+GH_ZJLsS1=dMh7n+sl zZivarYo9fzB29ZkoUJ3X=8LV(4C_5XvtILy9!!B;> zste}=cTU;P^D1e^Cw9qYKe=_%G&dZUVOyEEmS6AY@v7W)a!x(=?ag7c3}5*!y^|GX zdg|Uw@pU~S%yLD`KdiRu{Wtd!)8(v*wX_J%( zqIHM91#WrU7Sm(#GPeFOXL3{YUO(;v->oYX+}9TGa(zdhs(&2jZh&u8baj(-vLcVkz!_P5BS>1{o1-`7`6{ubE%sJ}t@ z*nL);=x@JYJPg};x$c5F|6$V?!ONC2&kNlas8ORB059dusix?i2nVb zksISyuKfX8VEWeX_@jLO+jrR?>+LuACG}^|59`G>K0k^-%3b3Z{t@-V8T({4u+ z1lpNcVF8uWT?cEQ1=O5bN zwLMPkg4f>tr?qk{KOOuh9A~&9yC61`d&w40xufT9S{c5-wzbCdqyABQ;Xk>>kM;{@ zuP-)vGTqb9uPA%Z5A}!qjdkW%`sRNWPl^@$d)xCsVC)yAmzOtRdHSkCMNZ(-;$5?Y zFRXjIX-^o>^s*q)RD~}ra@u$8IO-2N|7XbSZxp+K<716$yzq<629vvmEC<#*apo0v zUHZGQj#j&Gy>kZ=pY~ri3hS7d*rx$kXzCZOH6z zMSm9rKimAF`peU3(_0nl-y;96ahoa~`=|2if{9#hpVvpLB)^Wm*Zte9CT{E2lI#03 zeM3_iBu?zJt^K*O;Iq|ZlZ%hadb4ZJo9q5&hM2| zm~ve0(*C^3llT=9u3ld7WV`xpmGiqw;(w?gKU%Cmf7OrEzWvJczbtGFd;Yh3kNHE( zo;sbsi?(=cnmuthc|Gy^y?wz~Y643uKOBko{}_Cv=#^@DcgPjhlXmTFdzy~>{#f|9 zdS~AJLsHjPO6KIxi%e0zJ=yc&vV9k9T*6-b{v7h*{hQPe&y4dw@_$>itVHHd11V>tEednx=fR^ON+4vo*aB^=}$~Yy0SPFR%RrTjtdBr&W(`ELieI z-Sm|l_kV^azkiqSDYmLy`*J&0=;m#sU2dI?_bpeIJUpGQtno-?=^|VAp#Ka_tLl!` z@l5#7aA?opS$21yeo)(8yXV)$v&C{s{~4NI)wpf+w0{`%N9x17DI&Q}3A_q_Hb(7| z|06W}Tha#yaeGNSo7>0R*)m)oSnqXXe6)M7{DJxpZtoj6aW1=bJ8ouy1n;MI`?XHJ zte2kt&e~-2`=S3I(d2(ziXWXLJht$1efpbf|LU#D1%c`mu3z^b?%VyJfmPtg@?_Ef z44rn8wyX9icE>dBc3=5u&m#UG+UgB*o!=8Lu{o^|Q zWAz_`<$q}CAFK9%bNSKK3vaH!*PER;K}_a@S3`Z&%*#E~I(8MW*kU*1qk41xm(`hi zb#^s58!ssZM87dOwR^{x^Hm@9#cGoOw(XP87P?bm{jj-Wb)*jex8C!rw|BB{t&n}z z`nX^AetqU2hmXGZ78k^9-tu|llfS;XnRUV!OC%0QM=PYhD!y`&_06?bi~D7z^UVLQ zu`{T+bmnE8&?VhHmWh81Zyj%Ao_}r6xq9yGd&WDf?@PTh-__?9xlYwW{bj7~$+Xka ztKP{vb?I!$mwwIlny0ujeF1l4*L0=Do+ia*_j$hDl~Yt*+ND%}OY7B-yn7OpDgr)U z+xq;&{eGo@Ud{~9gVLF|(&n!9x7gzCu3~mmWaWW{A(soj<+61z`;qrdRp^HK95!>g zmTNt7GF!JbaBCY*RbO5lTi&)$Bqp}eGN60nL7D5G*&q6Rb!~2E^31epTk|~R+FZ5D zXZ;Uj>pq=1IFU2>`+@Thqi2;(GRaQNO6p5L=WX!Z^j@Yse`)1^hT?oi*K-k%SFGzh z{gChdy|Y>E%0F6*E$_}XZ0fSvnEURzT+T%ci31VSwv?=Ae?4oz<2H&P z-rmS!czcm>U-wb{Kgv>fXTRO{bbIar*%i;j^)6cY+CNJ8$~K-mHjkr_PJ7v%a>rzj5us&*>9yHlDasHA{NOqoP~)vQcV_0FE~3LN z{j+Opnn_qp^Vyi#i?i=!xvbhDo0V}f&UTrA$9uo7+mfa>1~LK`3l|FNIPSdN9}_ye z+9Y{LsqBg_(@?GYsCjq2o;2T@z#mc6!}!Abs=b!mY*!m|b*0&+uMT z@VkIrn`fD+iYp|W{AW-;?Psg?QQ=8)SC(Fhep{vt&iGWB%pcl$yI08Bg^yd=vT4L?V2vu zz_j|@{VMP3cw^n>`Af5%mqj0t%Jfv}`zn+9eOrU&(xl6pYf>2*Gw($U9=dw9lk?dU z*G8jAN3|J}Nu1^Ns}-s)q_k<;?A>#%=kxp6t_8&}L!NFAINI$$XZGq($&o)1wyX2pe;f<@?D-Fs^ zP5lxjSnogmb*<&bv8yM-ba#BH;yQfg&+FB>O<}#E``cHpt@V3y>gZ1gU3dGKon&|PrDvW=JdzxFmg^PWuKdwmzeTF~ z5mRe&-EsLR;VH5gpPbS&vX)pM($?EocyLMAw?~KECaNk=2xng&b?B0f`;ybEPO{GZ zbSlyDnO=qD>d$evSd-go{xgW@T;(sxKK`h~H1?a-*A=sr47@)dH|;Ec$m{O9FSq{T z(LWupn{+pS68!Qu&}LtTblGy*h_5TZ+$}z0ReNC8<-`siqrPP=UyQFx*Gc|(`qc8$ zpZe5q*$bRj^Y6NPD|5P3d540zRO}@Wju#T)ipyWm=c{pu_W8JOwm{_pZZm_6^P^Ul ze@H%RC%5z8^&j4kR;q9B*3q5id+?~qI^T26N9}lb>~xZbD(0#i*8H?t$1{2Bbi2oE9lvQTRcu+hUC%>y)zQuC zR@Pm!D%vuWv77&C^gq!LzE8jYcC2J}k=(GP&(OKdDR8%yeVd$Q-=(u(+b6K)RA#@t zw);hmr~DKl7t6pt>#pNlFZNAky6MK@8fWO2qSekk@7Ru4)^oQgp7LFprK?#g^w8tw z%ZTvHr!IDve|ln53su16lGhu%JSu$+&}f9{jQ09mrn;KKGIx! z`;5`#?LAj>odV^armO#*b$s_6y{D}mk7wO8+&O!;dv5ll@5RlUwq z?{MP52iKVsYfj7#nBeaGI{e}FXPsOrlkc1A&C(3p_B`(T22ml&85y}xb2%lK~pfGA%R8xD>69)GHE!&BKYsKQHSTQZ#+^4xHv~F+h%ZWadoIYxQ zp3`Qs(b=TKpRvs-daquzva8C4lPdlOJqdjC{$?_!wN9{SY2wq$)Sc+b<9NKPSGh+~ z;hl0%0Pn;Nj*`JYW;OhD+_2zD>EEnEiAe%4D(*J%x|*Eb{?viveUxyaa?(ztp5_Zz zCT@BnnzSS|eoLP8uFpZ*8&$oV`!6kQnwZ7i*-=_qWMpI*B)v0~BglX?xI;_4v?g8F z*Hd~+!{Z)4tsv)TDdM|weqGkxVG(Ab63+hHH~a1KjI#awZ=Ro@Dfe9a2H(#0A(vgk zCY)RyZ?r`0qIi-&yXa^6qxBLeAMF>5e{Fn6qb1F{cpk&awTawwwnkZemtK-Qr-AKK z^|k$nJM*^Gi}nUd+}W~9V1W(eyswj4f|n?!-FlwSvv2DD2fFq_yRIg8GD^>>xp#Bb zwBshx&uq_K%kDIJx_e^dDIT7yYn9%%9(t^j-WZbqR^`H%kRbj$3~4hz%*#HTAHWkM z_Sr+>I?J2$)vVHs@7PH#xuCT5h&vzS3DGxoA``diUA)jE^?5)0%QK3;cOJSG-rFmE z*pZPtuP%Vy>)Ev97cPWZpB3C+!u8eGwP*EOMxPtxr7ro?vj-#aWE{QFRnb+^lW-t70_RXq#Z=6cMwgyY}HMy0KsuP9V z=V+H%t}~DN(a^2DcFXMG&BE7q@}?iVDdhQWt7=4w*xQgyDY2-z`*uJ2+8L?)uKa_g z>FKOG<6BSDc38e`j*0!x(7WB^Q+IRE;|!ZH)8k#~d-HWR^;Laek?>&R^;dEVU74NJ z(o}a92P|7I#%c45G7l%_F1Ad%H}!ay{Z{^?@zO53Hr8pg zY$qnI)~@{~+W*1*TkMaEACLW1{Se=%HqFxi?CSe2W$Sn7#>do1{%2^4tG^eUC{H=&s`@GeU45ek_I{!1UJpViI50iMn zkINq|^VNBGRfxq*y4RAntJm!MH-jGqZI=)1XT2OSN%_cU_X+p@TsK*}(B@vvM%$;y zil5)vSX6JNGR^Zgm(vPahNI5w&L+3azUK4l-9Fp6=p%;@&gah236^kt%GiHtQ{F#~ zieG=&rbQ%$$Lw0f$G%-`?zaI4NcOJ)`T(RJL9V z`TMvr@^f~%o6=;K>FT|&cpX)QoM+rIPAL%;?2WQL)x%$qEg6PlGz5UZ_V*fL+T)Vhdu6^)A zyW^w%o9`c{9}$|Y-=@&5uAWuCc424tkBQBPuXJCW$Na$lcK$K5=(jeJsiLn7^S++{vHP3EhrdtXO#dgaH#?I-HN2eV^Q}FnkL=&H zzi*E<_i?qk-_FQ&?faYc)8MP%TB{qgs$zcacK&$0<&QtZeAnx_Ps5%h9?fyiO6@t- zvu1C{`*`ld3o6bZ47LfI6n`U^;aG6lRm*3){n`IrmKWV4cF20#zl+;C-JIoTTnjqn zxK{GEx1|1-+B}^DEW!ugWrm%Qd2oGdh4i<3Kaw9wC~x>^J7dEx1t!%~pW~K4{Ldg- z;eIq=?fLev9n1LGxgMJy4{CW>yltM^l+MMMC#!b;3Y{IDAhQ1R%CoCo6+0Uruk~l~ zvitO;D%@_x>t&C1JFXo!eCjT{(skOsnXk{rbcr%+@Yx#sdqhvLmlEE%wqwy|-<`^H zu6%Udx*;p$fy4<@twT&t1VgJA_H>%0S#HV1?;jW zS0fFkQG9EyGlTr$pI2_iNGp0* z8n(*FT`fCyI^$0G>!90CYkTzUPp;nfaRH0qzsj{jJLld#bvoy{y5vfwEv~^ke}4J8 zI#cZZE>@c;b)9heR&MY9>ZzC1I2)=iPgCsM^Y~9zz6xW5y;PBl@lj8)D=C7LCup4s zENqka(tUeCI<%?+^#hCeB!mZWf1$uI`pXH9MPBlf-(Y!Uk1%IPZil7WFa3F zD8x{4UiQ^xCrgQCmD<}&tuvJ7Tzjz6_SKXRqAF5XOSw3ex67|hzoVJ+IY{kIy04(6 z+NwP<6aT#ST`XaL{`0C!hm0zgaNapzxMgDBRBoA%FTsMT*T#v1i`C zFUuwF_GOApk%*g8b0lq&aFl@8Uhk6s3}3I6Eo3^;!~XMiRNqXNcdND+Dmc|l?l&u_av`am-U0S?Buzsv~|`pm+lm)iu&-P=au&?6J^2fHldH3D83~nB? zTvr?nxsoR{eCH{JqQr|^SbwA*rbogK5_I_eZ03@(Rh0d=(y%k(`t!z zNrtBnP3&J9qnd1a&|;q9T90t8BaMGnEBT1sS(Cl&W8ah5C9VXrtI_2}^qs3w6Y=*lPin}gu*qt*eqVU4MlBMg8xXw0r z%*&PZE57}8o$-+{bGyWn$Gk6Nz3ynw-MvG3PFUK;r>BLFttyvW){$}4HrV2MW^&Ta zGg~_1vW#mPe&aj*D-iqJW*8G_V(-AUZFpWC&)+{c@}d-;^28^=WtU7dMbv_M={LcmR9()*Gb zCtluKc{e8KCFx$Lb#a!Xz`)j*nosOS9B{<*f`TI9S|$Nn0q|)<*d@Kjng#@?`^AE zJnN+FvFT-Tw!e>W__k7iS$b!~W2MboY~QC(vdj6pR(!KQ!<{=5uUr$ma_^Spw{t?V z>k7{mWiPz+u+8H{=fQJ^uOotPwoa})d^lG&vZa2GRaWrjlSx#sE`zVgc(8lDRxh0?Y!vmd-;IpZNW z^<<=9dQ$fZb;&QL7o$##2((o;Oz!Eq?yuKAQ__3J6=P?cN%}K4lN<}nRUs#fnAywDe_hjQDk=M|uPE#2 zp4$zF`>dF%Ld?!i+PE{jf@=zo!#Q`+y3>KZ;t2^APqsgfd3ArHWV|s8SCeo4$*`YA z{E}y#%gwqyWwT!kL~qpH-gr8FZP@fU@mGP-qDSxi==HG3X?z`Ue9fJ+8aE3HU)X9@ z2I^%RZ;KR)zq4oO-Ct4>C7%mFRn}`*oUb~1Ip3U7d0%lX-}EXMUK4Q_XpExZb^I-7|l0kWtk&onJ1(Vz&(EO$}Fcz3n{3&~L#6KgMV4 zGXu69Q3!r{`Rm$D8(ZrI+yZ%4jnQ#(A8xx#d3<<$UHP?hl_1B-6U|rDLR;b6 zzAvYPI5eC5SFGM<_Pgz;_=K!k8zyb!pRAZ9KF{)~o6gNXuE)>*yw1AqZx?KI{70i# z$w#60B~K<)u6XA3%vkq}ndRj4E031Nvi|&8_W9nn++&FhGU?m2!kW)?YgMw(syTX4 ztw-X^lD?R!?Ci6)=+a?;6;`8kJwiJt|glyl`v++(rRdaYw zV#rBX3)vzqmo3UOtsa!DJd|@Mq<2q!)G418ORV1-2?%UtmbqdaozEKU>$S;EnqB=u z(wc)@r_4qEtk%9c{ld5GN6P~yB@{*W)ko!INz`oRn6cZ~yg2x_;)I9(m-gFuUEE~v zxO{7`u9j{0BzvigJs;-ntPMso#3d_~gCbi`}TCr&AIsZ#* zU!J(+w{d-u)=KRY>L2E9{7`@X(w5z8izK*zdQMlmJYMy@ zP9k#M+y|YDD*k0&f65Z>{9(Cgu9>DvMnRPG?R(qSsw}$r%vCcaebMc6_rll{{e@Di z{)Mu*Yj}Qn)Ns^~wIcXcRY90*<8d!d1?k3<%QrBjEwUCfn0RUDu_^mI)xsr1JIaheIK(b+Sj%lEQ!+w-~JI=ViSS>^RA^ za;lfvovM|}?6Wp9wLIa{eRTKQTImE~&7jhyN%k{(euacfD{Y*)`P{9^*~u(db(2!I zZBABcV0)~#)_UgEP2GkyiaOspmAouI`*Hrd?k&1X zb0)266Ac$_)s4EfW+v-~%uCTzEK~w>j#eJeic~xA^DneHy(C!BA)qL;_n22#iQ=Wm%vra)s}fz$a*G+&ap}7DeNlI)wE#mIyvi*{*+CMH~213 z^pELEIya&Jo`HN+pa~z}O;>HUML!!W*>=8{yD5EAC)Ly7q=5>*Uv@dyeT}@You*g! z{8O6kJ9WE>VOv1G)DB&rC2umLVwDbXZ#<{q>->Iq9);nd!KUs0DV2;zf`#;0VWGCs=Zu@ZTXbQ`>b@h+z zyOw-dfB0S>s0?O{b$aGb=mY;lI=1+X#qk73#QByX*t6sfRC0%{Dq1wJ_e_L!c?HWJq z`hMioIsCKf&3n%LDAqT>^yQP{L%;r+e%gNA`}p;mx@!hSE_3SA z_O*PJTXNxSbwxCnXovd8^|ROV|52$IYqowTS8n&``n9K1-iw@{w%YpSPr0oRYORm_ zll-7`KR&|bLe9a*%|SIf*Z1hIs<}>JVsjF`vv5TpF{4#Wp{`%WLnq#+L zShMhy+@x=LTSYfydEVvgQwzA@-xJUFM^|iT_TzfKEKT*9M(ut^mS<~T{&ux}w*KSZ zMH6LI4BcfC*0Y3PuovAL_Tl&uTXCnE|2);hCK*&UWbgRMe`tQ|e+DV9tZln$3bF(? zFdk~0Q~zuAyq@PR`5P~-bQac24u8NlIsf7NCNmA;%uhU%Qp%t0E4lJzuJI%OBeH?1 zSHr}Advbm*eYS7Wb)EeWS$-rIE?;?I+ZF}E`_1wE&gBdG1>#;=t?#ruseNZ!KkvKj z&8pj!rJkJAIj7eun*3(|jp+xgTI_UlwT`Jx%Q)4NVEgO(OZ{e>*vEI7{kCt~wXLYD zYlreY*1E8|L-$Otm-KgRt6JCnQRsx$4%MY|Y7YP2VftHn-4ErXauOeoH9po=dZe3m z>DM7kef5quj;D?a$=gkD9!1(@J~h@zxd8_*~hi z@uT{Pf8wLcb&P$%{RZ6+)gw+$(h z>P-6`?L_M??&JHozkO2m?WNv77O-X4KRR26vkRp8wX;Uq|XxK3;El zn^O|Y_2}BA8=ZP{gQYjdo^RR8-&!yINAW)chw;r$z1$>0zezk3`?L?u&3?Jz@|~aI z&hZ`cTScGsKC&$oI;z{5K1D|8z?J6l{J9N{wYQ6F~#bK$w zw))%jMKy|7_NU*r&8wAvYrgr&@;5JL{w%z=^FIUck9GGWFMO5NcmD9m^_xd=PNSQn z33D+;&7yQqV#@~F;Y^!%Y zv+XY1Jql?G>?*~xLX^Fx{G1MJUWDAGt74H0*rBoOn%G9@zXda{Fpz}kEqLsgtOzsKdSVl z{ydW5XFMn^Ty$NeAs-%57BWG55z;+O86qF20fSEf16UGjas?T50pAI*S?o#e@s7cIr2x8dY4CDxnG|_;f;{}{3Z1rvofdMdhM^rd1##_)9w#KURAR$ zOm11{zvhR&xBFIKuD4Gnh6}HF&VFrM$-?wynf>X?;uGfZ^nFb}7zC=oL@YkCP7Ez$ z{A4X0d%XXPKKtnDgR5P%uHu?YX`MO+poMcS?%3xB)w=}o#2%gzoV{} zPHDQw)~5Qffd6^qZ|==}-kTTBK4jJ$x#LpaRgYfhJoXhf*Ev7d$%^i=E9n)`EUB5a zZ>#CNjgL6qsch|g<(^bF%~Iv+Tl0gvChRi5d}HQ>p2zogy$lKrb1`}Ju2QtWb&uz= zTYtC3+PTIpoLOOd`NgfH&%c#yv@&|zx0n5x)U&zeiTMx9w?{k;`TLALIHqjja_(yN zCKHJQM~j!yCX+6_SZbHL^7%gH&6B=y?%94iVe+r*y%m#PckO6;Vbpfc?ehJ#)qXqd zH>FH1sC14o@7)r9$>g+eYQNFG6uBeUZ4^&i&;2lU;?w!8rC%=CxSMrWF&S@vck)f~ zrM;(J_lO&MYHhryeXvfqBI@zsU32OTE+tHGHj^(1Zm8SeTE%}bUS@gcmalT@?`!tY z^n9niDPT`tZ^)Fb?wJ+&??mTCGD;plQ@8a=ynx=iC;Mj!G_=$(SzljJ(SG!}=cc)* z*pAD{eSId?xApHDRiTf{W+DGd&wJVZJ^dn8<5rvdgR9mTUT1vgIN0#^b=bR_t6LS+ zqE_v?W4eB-N`%g`y;^=}p0CA;N!4dqtE|(*Y?)0Y#+WY zR=>4IwZN{f?5}p-uVc05p=I-o7Wp(P$_UR|zv|_*OA#kcC*@77JoPzlu6e~>xl)%$ zZ_f56JLGR%wtRv5Tn2fg#z|YJ=GIK-yVkE69@s4TX!b*W`MKO1e{2BV+ zYgbR&(RlSt5Yr~bgDl~DURCjI%R4KwYRB6fUC>IWnyNy~ukc;C27g1-|9;vRBQy z<)$Y!Prq!bFz-BDZ3_?OvWirN{|qHkZ)*}Cocv>1l(VGX%=l7(_QY!?_unk#TRk;- z?%}8d!{ps|6n=5Iz)Pqjy@l{`q5u8}R{EmXI)}Q4&)@)<5 z?BZdtk9xH>Pub0E*Q|GL594LE+B?6jNSv5w@*ccy6AwLK8#?Rh1(`Wg-kD;FpXNC|__x(1rgULnbaRp#b9wT;?RIiCDc9@M|1)&_ zQty>hE=)~dxn#21-J1cGe+(nTrd^btux3Y2?L)5*ThDaoR!i-vxaBCxwsiG$zq9l6 zYV!UwG!@p!{@rWBu|Ko_=ILW%zjUu{&s!d{g-^`(_|EPY`e(68S0^JdR=YRQEY~ysnEyMq;`5O@gFTZUx_6j9T;}mc_tC6}jd2z1YIBxr zZglHOTx1)3M1JG^zIW@FPV(nCzI@{=v6P?nQ3ogg<2?IOJ8aIYD*pZj+vd!3j?+-S z-5kfO-)*09UpPy@az#z#l{eS?eC%`b*q?`+{AXaQ_L@>!3omF^gx{PNn@ zD>F~yvhC6R4`$z&Tfc;}@MGGET|KPR10?_Ymdmr$C-&cxfADTisdawGE}pZ>?^5>d zc0T?n`&s^*{SvEHKK*gI`m|KNr0wIT`lzkC^Sih52!CXbNLnS5zbEJQeg{_Om>qt0DBnj{yxrrepK>O=N}Zx_~2 zZeDfAV|7pdls|{I{Abu$W2%#s8|`Og_F%uU@T}Z>W@#H1pZH?;R{TH1=F4tsSL<`0 zPWZwrd#(7_wYt5J_up85_#)@l{|vYC{{4{S*gkRg&+ubraRMKbJSOvsXXQychcEw8 z`QT*u*)5kZC!2HJT|F%@mhXhxcDvd0A8-F79QU|H>OaGg-uj@%eP1{Kye<9Z*$VyR z^*>bCw?F-CWB%Lj&T9+H&pwjR|FLL4pJAiEa8+gCi*LU}9>_MEu3cIYcIwW5h6T4> z<=hNdL)1@fRlL+Q^ZmB^ZOh**UNlqXgZP{1Ok;DmecSsddz!y}yy|GajXdvvhO~a( z7eQ7%KGR+wf7m1SNmto(;+>^e7qK$GS9~4iWS!c(xTB}9aj&+xebuuI3)yA;_6Pr6 zUY~Ja{D6|bWOSypW$NYJBkAnh+@p?MD~<2@r?)XWH~7)D^(9?(8S`E?{3~_4_2V{^ z+U1Lr`)5{Nn>TA$=tujsy(LM;J=emo+zssA;;y>pk4)2FyUXRONBXbc%H+G2CtnGcB|HoN3x*wW%=`J;o5?lGL(oB9vPtPpT zxDdWsJD(O-lplXGW9>hgO{?a`CNp=f`6v8i`>HeFtm-;)9y{43%d733bl&&J$)#tv z2V7T}WGZn_c*VMI&x?E9jWoCI_undf?#qKN*|hLY8z0Nb{heRqz9RbZk$sB0yWAD} z)fM94xgJZR@4JwO;&_v}4+{_NxBlZlzT{;4ZR4KQIpLAH4|B^dvGv{e>RHu4JwaA`Q~N=)So2qNQ^QPxAaO~!^^^`Ex^Hf?h^X!Xx(wnRo$tx?c zvy`s=EzfgvQs|8dg-7!<=Lv1wk#Ar%@$XYx?LZrK8B4ixg%rVi3r{`U;H4@neK^c) z1qWlJOyAc9vrKG-?EV^t>6YwQsd+x{*;?Jr4O}~yY)yU@+V0yWBidbgUZHPlO2om< zY*!iC6&qHEHH!aD`p@w7Rie}`*}1RUPX%Qt6*0RQzR`^K>(4B(IG-5iyJXF7hhI|D zZr#1eQ@pMA#f>a8;~=%7GXAxeizkL#`_;Y<)7IFYkbG;oRi@0Ql;pLn@!m3bf9%=U z`gVa&Nn@Ak#QfZbsC%P%GISxr=Cr9jSZ(6AKUs|kT-0!tpv-h!bp50Vt=f*if zH_Egv!k#ov&=ON&J{y^;rRH{YKb6W-d#U)%6*qTl0d+w~q*a;Jo;{$T8Kt2}G*%2~tX z)lP=1vTkOx#1jht`Nr%x=W+YOr)=whq>EGB4xZ1t;wI9m!gWGo>iOUw*UVPE5c$u* zslGNZOU**Cr_Wt}Zt?fehpPobUukf^NS$3QdhOff0^8$R6JzggD`8%^)bNOTlAps% zpL9z#1ID8qM<;kHYo<&sXQ-|-on2~DXwn$cP|1F2i~7%hX|lVnrGB=|-SJp9+hc}j zR{Gt4Kc)-4kz2HRx!K25@6AlclcU57RxjkeP`1i=O|{o%hAQSLU7p!t#(6^0%^S`! zD6@pKe)K+Im|Z3EF=~Yot4eYc`_}UBN*dBrWJ=fM20cuhII)dU!t%?yS>ZOXP8T2B zCuKM7`gA#oTpjM!8QV|1z1|-mbw7H)fr*#0!;%MF=RWT1FMVh)aPrYvsVj|EKZ7OO z&)#QS`J=q{=>A)J>UYjPSKgbO+&yzyrZ0;z$KzeQq>Df2{>hBFb?{S^_f+NnS&OxW zn$|pK+%FjDb?sTY$HFIkTPDfgc)fyov9Il>bNj-+XjO`aJO1eY$b3Mm{oD1nb#jlG zn=W`%2Hsl|sor1cdf;Y{)WWj#2<|1R(X!Q{>PaQG&MtqK)bacYxcP8@cbs6CW{R}S zF$E60ool)OGu&(rns)i0(EXc-A92nV-9Fd!`Rlh`KYvGD&Rw7OIWPA>;`fO1?`!KB ze=I+CpRaVr*Zu52COtFjc~{Z0Jh|32Q&Mlqj(zQ`mmllzwC8;$rGM-^L!3*O`!COq zEfrtSd)?c(^M~(8GfsVz+qVlY@$cX`@y9w;pYh-QZP&N+KK#$nZ^zN}>6jbGbtl=| z?kmrhp8jp~@A&;KvbXR55&N-Xmfl9KPNi+a9T&F8-|*~ZoFtL56hta6I=TPkQ&ZdR)$`Lka}x~smlo@D9q4CyH@{q^@9I_7g{{7VeTiw337mINtW+u%nk*PUeTD6+;}crV zE7PCJmkCwT2!Y$JaCf1yuRLfiP zOZ3p4sCPL$eT7a@QzdWQx%5_jcgv>r4BwV#m3@3^Ah~S%9ighLbH(1ByLRW@WFB#~ zo%IqG)3jf=ZEH&0YWL~+`l!`0ek-H@3GLpxTTSs(^VDZsb@r*;R~DJ3B*M4#=#qUo zPajRTuC<>U+4jg&K4(=3Pw8q;iQkd&#h1RscUFa5T4U@ZI{QcVk}V%q_a2(~jHjOQ zeAGvewG%w&K9D*3vMj`yGy-il|hjEQfFVOm9a5$p2`!Z{oeU#spo>? z`TFY19#n;z?UcNAf3AV?1|_reCY`(WxMw_ebBJ!f@@1{9)TLT~!COp6CN^lx9n$;2O_9yhqV4tJ|kx~|#1obuJC?Y3*YQ1sm&&3=uOSf;FhcU+Qv zY4#tri#5@ek8Hnv*s!(Dak_F-alA*}>HV8jpDq6_RMG$F&8>fvm%r>RE-vNRHK+1Y zuKE-ChcWkCb>8akG0pjKQzy;i>b}sgD^_c33p>et(*7|odj2M@Gv=ud$CpO_Fkc@1 za@YJ>um8BSzn&EvcXyV(ZhKwSuJdhmvRg_%+kG}OC_J!^Q{J(qUCY+{;M-zD!N#fQ zy}tDG982m@a9FY4NnQM@wJiv&`Hqw@^ew{H%hY z&(7i*c;uyHZ`m2w)2#pcX>z3R^+_s<({iEYuAK(Igcmb+hpo5 z6csJoZD8}sab4KwBjwuCKR>hHzI|=yTKBlQr&msIs%j4BxU)ZD+Vj{IKbGB#SdyqT zVSn|!?1|TGLX(sxI4jETTqBzt`&(0MlFWwZvz~5UFR-O6NVCB<>&+sSNjK&nkyG4d z&L{S=tNF6&xw!i$6*GCxey+Y!zN_UsGwY`8IUmE1@CqNAcJy6}uxDe(^{p{V&%P+F z%?R$!oi%ISX1>V`v!3O!*`)6+ic|hEmF-&BvDYV=+siE01-(8Jr}d-tk;tVzy31o< zl|S>pbK~Zb_zb%p>(|t$uK%HSC)~jCqxQGiGp9Yg;hDX#P2v_`UDnH9zS#4#j-`EE zcB|Wl`Jws2{O*y1Ag;h6o^ zp2D+HU258Mf}EvRKDcsJfcNGft-QQP26@cvUzT~Ta_Q)~*`j3mu<+Y5S zYzR}Cc)%t|wWm7LKRN84^3DcR!P`OY7dY&t=n&p@+y_n6x@vCS>^nyE{4=$}Sdo9gitMxeO znBFAIwb2jXw|=cSb?@cH6Oxsztd-|`_NUf!XT7;D<)&nH$ zO$A!(7jg$GwD7!pv@Y7k*OhnKKktcOR$sd?)ovf5IUW`-yJqU12;x=UQXSEIcjwBBMMleaNUmgA)26yV;O?&Ahg%MR zYPs_9$ni;9XZNtPD>a%YZHkf+3q0yAW0UaBCUn0-%lwR9D{`G}W!P_O(-n zbIrcFueMA~_|5NC7N)TL$?Ejf&>gW$nxlBwRSHAi3C^}uxFRZS7kWU8H*}hT?BcFRASPG%OOnYuquEU#oJ$PhiHFV*q+zQxhdc?OO_zL~yK zpMQmwEqXC=YRrFzIhVa2?QE~I$UPl%Y`cojndY@6QEPrDCh$i+`RbPRw$J}R!@7yP z;vSy*(UiVza)HI;q_yNx?cZo^DfIyy&?aFzU(&Z6;y6}YMQtuvyH3ikP_ErnA>O@Q0u9gcA zNs?@HSHHhDpS8HHyxS}{Uv$FH{2PfYrO>|0L!)4~l1f-d*8zYE84~l??MDjR?;Nm#38I^{mVD zag#js^}T0irAkqPch5wR_Y(a{bDnPv)#3SR!K^G{+I&@dXW#^OSPKRbkHhHTvH@}biaF@H4RbE-9KkDiG2a~k> z>|WS}9h+V*?X*bKiYKhkDrUy%XenM1p{EjpeZ?WAv6fL+RJ>OSvJT^%~+N$hmPNr0nX67`-^LH0LJ*v32!%g7Z zqn-K^_e5qMxx~}wW_>+&&5So|Z^hJHefCdh#yzjg)-vhKmu7p$PPDXGEFE|~wWPME zaGv(ueS7qGh@-vot=`u@pNoP&rF-gGLKd}rzK5U(A;=3 zNqfcBy5p&w)3RGnee8PjRbFsIzM6@IZM3L&qG_6sk6_;EkC#PGd^K%(6D}c}E&EkG z=~BK;pP$y8?UOgj%=53gs&Ye9rNn#9q_uJdMb;O#A1^z5SbhK2;*ICc<;~UB-|SSG zTvovG;9y^5e2!C@S~yvu%1;`to+sTg&s@5pUO2uHRbU@olB<)OGUj<@^gn7VVm`t9LJV z*e6eGrZ)xtrfZiT{LHwcA$p#5h*a79iH$$!eO=YD?Pb$~l9RTpq)eM~cBZ_R3$T!D zxwdTX3XdJ`)76)=uPrvZzb0MhvHbH{8<%A@z7w-JAGd6w>+Fm&=0IWhlQxByCdS10 ztSD#wdc3OLLq3y{>3JW=+SRtQU32dipUawbLF|@LMghnD=hD+JT=!(3@PZ}q?WxZZ z-zIo6{byMHM9wzr>FnL^Gn;wjnwC91q&jVjXN<(3)?M|U6m3(sQaQm*B%x&KZ<(T%%63=hc5QT3o#7?wetO>4 z#hDTll48ET_UZReu#joI@_n_y?JWuK9!)H`u{(eHaRd2148JbwPTj+};pS1d>E2Q- z_jtAA-I9O0tM_G13X>0F=ax)kw)nc@)&o|>;1%zEXO$&4a2(50on3HDTP;(TbK=Rz zqE#pF?n|obYuen>C$3PoI;z^casIhYY}N7-$M;5EdVJr4;mfM*IWraI~NIWmq@!;kLl8U0;@J)xEM@8Msn6$krt* zqF-kQ^HR_J3RTP74cced*;!{)b41ifHR<0H_HOi=?SF00`c>i6oiDa>?d^}*KDEF> za^cex7NSqC{b$&+ZdPAt&L;l7QU15I4%JW9`StPS!h}Npl#CZ4+m0`K#dvOV!HEa5 z?XymNSafDqRp)&j-{M*C`%0zX^GUCE)liiQH%|Sy>Ahq8#=Ezf0up9jlHl62J&l_` zbhq5?teF1Y|LV_wUfHs#h-=ozDSwyD41TiR^4F#M!(MUI4&Cl*Z(e`nRh!hRsKs}- zyp%l2zJB3aMv*sr-Ji$X^WX9gah|b=;j;9%Ss#TpU6j?AzxGVX-q-qDYHokstXmNW zlMc&AJ*`uSS+XmkG5yx<1CL+F#V`3&@iA?C-84;wpEtN}|L9*A^YT^*&*!?Y2a><8 zRc=}-{$9qS)l^mPdF3L3YgthV9!%S|tet%FX=Ss@uj}UyKl;zmp%Zavy5;e`mUR|C zR+Ko>)G5qPOBD&`n~an_Wd?4A@8p~`_HhyZFRrI>)`aV<(lXH z=UiE{Yk6@+!jh@$Y7OhxW|}9@O%&mGTe9J5NyMg&uRYH8y^S}v@BBK!_}feWKOC3W z{0Uy;bo<|R^}k=TJyLu39{VsWuhwGM-+g~K-c>HXxmxJ*5h>$}O`pEK`We{b=;j~i zTNuyvZ0EkqPp`ato~BT*wg2+ByY9c^^Oi`^wtd+W9|z<^7M z-{as%_ru%=_r{-F@A@(NP#=@tq6Lq4uAiBBB`>5{ySCVGa>(u%n>IYYw)nSgxo+yk zTL0w_e(Zc0o!~Qlh5NOAEdLpr_SaNi{1f^}R{Ov``8{EMrYj51+uvyZa zd3kygTADeNU(WjT@b8K}#l?^IcmCS@VsECvT@k0~AC5;Qau!Lx!^hbj zulQX1J82KU{!#nhZ&q1quS<5Y1@|3zw(s_jFQ(GcB^OPi#Z#ILniF0y9Ifd8BeeM8 zmhV$1il%Lz2?63MY=i-WxUW+gGc5`gEh8I8b z@3dOBdPzmrS5sc46gA_GP2ZpG@qW-{w)UfL-Yg~i>QftD6vr=(7yZXw5q`{yXF}A= zk6x3O^K@xHi?mNo1QjsHkC=)1tdLh>eZ02x>CGdW>YQ_CtXZ@~bEnI@J=tZm!Vmix zGq~>mvc9LLVqT5;_12F&PadoKl>N%T@1Ih1K2vR<+O2zG9Otj?^Z9sXJNGh{=~@we zwUz6G^;W($)N?i73+TB-!0E+6V_?6 zuXg{;Pao$`SC?3K`kT;)JDCq(uYR7FI@SG3`1Xo<*PZ=EGOv|i^EedU8szbI*7x+_ z`x~E}w1}O@zUGh3^*^zXci7~va5m}YddGDtJKf{@vJ0uM+wO~OJU#9Co$J@`8Gbl^ z__aUhow%11ZqHov)_a$NWDMWe&u9KK@Gbo4JEcx}`w{=5pSRd$v*!zYX{lAj#QJ9@ z-CO+luK3Y;Qn~VRXS|hi%1u99e{1>S-|>U>g7%wD_PVBT-}(26Px}JPNBa)_n7ZKb z!?z+YH*atcJy|#PWBIY{A6xr7`RXpjS%_#&%lCS8dcn)2_rkm7V?!6GrPmlzj*Hr$4!Mq~NBco_K6^!T)VxOrjx;jw{24CypTX=JL|yuEbvF#zB@na+OA#Hd6u|UDPZ}feY?fqd=$wIjQLz(F>6Pro%7e{-xPkF ze6YXcm%+ua77Ma(&j?vrBNR~@wf1+!59veyM6NFEcbni|yy}$AiGxqLeuzJaKOS5B z;CN?lX~^!;?MBA_FKz4yl&llRkcfdUGI|0Ak8lh*-!b|U&gWhc>Uqt&l=8ED&?1t zJgZo2Z(#Fv{prnCS{AF1M#}9sp0wMzKF$A!29KT5zW#^HJ8LX-AMOdvx$f$A_i@+P z_nd!3ui6Rzao_dP{aa6V`Wn|=HyAJcy53f!@ptyx68`pIbLYOBrgHVc&d-Vyg?Tt^ z60UEoh=0uAt-ob=tokFpUZulHO{R0FPuQz{ZmpHCcAnGS8%sZ)esKIqes9zywcbaq z|IThzII&T#{QC4iQGfgQsl`{sUAvNsVm9X}+`eIsL@!FA>GDLOf- z7Toi!uW$On{&0I^opg7hQ$5J0HyYG`}@obgQj;OuPT(ubZy1 z9y)u@!RPC#})fkL{+KDr;qZSG%)I#=iLv|C-p>-*#Qw zCHGWj2n-{qaDAxF2*FxSpKnp>g&ZSe=bmBr?5drX&b-aC3oU$!u^&h*Ff z$M2}-UGLWJF?{%& zzkR~osxy{?pJ#oZYk%a|^X5I7-|FQfH*DE??Bo*p(#}VFr629@|0DcxKZ8xU)TEdg z&m7)8ffFard$vn4aBIP4`3L6(qbfq*tlKi1rBB{G?^ztj*{XYc*G9d(6_hPz=Q$~q zXJbO*zpYPqrLBDMpFy&Q|Dw*871MN`+ox_mSCkc@n^)2y^gR9}U&3~Vmh`{c7njCQ z;&8KfjJy2)yv|Kt2v*ZfGX z%spw26t~+t4P~qCBrk8Z^*LQA()^Z>QS$3L%dk1=6|;*LFZmdHZRcZsiP*TPO}B4r zCsw=;E8%w8R<`|Wsk|Z6+!bdVXFc~_-tpzP*{t7T5l@7YPs{q7o~gJW{n2jz$|Ye& zo2NR|&(&XNy)QW`sL(d(yW59jbC)bVIj8cO|ICoDXN$Ir8@#-=e(L?e(T+$lU$#h3aqX>uglt{dMMYN^V#w59;QpJCg#0(x3qIg)vTyx+l!Se%Qj88 z@iy|G(#QDD(zOyVgMFS$a24O$tXtz~b@KTd$8XFrpRNR*KI!`xAF;I^H^PZ zta5^8IwkquuvqUmPf^W#v!3fJk6jP@uAO1YtP4}#=9`yoXSeOc*OrOma(VZX<+eWG zzRzaY#Zq?1?467cHoUyHwELKx+((@QucQh;Tl}1I-N#UH>Luej(&46i*wgL1zIJXs z8_1dZl<{S>o%x41+Ufa~$$24$mX9yZT^N5eGr(q6k=8U>-jpAYAIUAQOq!;_#A-8D zHtVj-;+2NGtKdxYQj?Lv)jZ(LvSV^iRx z^Q^uynV*l?eY5U*YGeFS-r>p~*Cmm!*3X{pVs@RY){5s^+|}ZUcRfo_*BuwOUE1Dh zCw1?K*k6IT+f7R&D;d&R!kZ7KKU&|m>+!8M{ah#K>wIA;j(4qzxEOrspKWfrC-a-_ zx!e4+KI?ba$?d(i(ECZjMYkduKG%G|#d~M2Rhzc=T-N1B47=PnUyGRb@1rU6jiaS` z*UPp`PmyWb+H~yP1JMNY=63mOvzOez|H62m%4db*-uC6!wgqm!aPL<}?(rS#PZjs^ z#$SA!cxCyt=tV4rM+yq>%Y>O&U0r%_;gj3DdT*S%c5Tum$MjO>l;Wc~+f?5a&zd{6 zzoUkKWu)hFqnPMF7wxQ@{=uE3KN7cl^V(XA74`DnFBK zp1a`r#4=_^}T(4N}qG?N|#89 z=4R`i3(w@)xFM+Gpy*nYPsb#ux2jJJ@XqF1K3k;X=ca6z zHN{(3W*xKiW>n+UJ}7%OLPas{(+Pz~i#LB-8sIE?``(&LoyJ+2jab^aOK-SCD)yTi?{g)zl?dhCCKfj^T99g zgID>e@c26)T(Pw~DCb>CZ5+!S_ca;?hG(;5A~Lprdz0H!sm{>#AU9v7y1etLWrW}gke^eh5e7ICelg&|jI@>O8dwy4AdDSy{%NgX{vV0$XG1_vUKVy1d+dI#< zsq9a*j5yb=cfM4*nveCuJpG5~gM(iFa+%g6_fROOTxplAVeaIN2ut?$TYV25{!*)U zE<5Pf+zA?wS;|?`mc+9Ab#8xoQPlErdDf1NJ{R-cScDH8_quR-ZR-*1*ierLJ+)a5 zOP57-r1F+eIPhml5pQN~)3HZE=ea(<&Xl z#~T@LRX2uhd8;JGa{OTM(b%p#EF94*UWUER6;XRCTh)~mp5n>VXtR^U;_Hg}&X@I+ zQ?gxoswPG;+3*-WpXDehsSva=P$Tk1*|$isB|RUzc0N7bSNVOVAcw81ji#mK%b;t^ zE>;OF;%oo&b)}H1P4FR&lgcl<<$weK(qtqyQ}@6&f-)#RS5YnRNQHAT%`X{F)Pg>K$yx0|f$zrM0~ zkao`9>#|1AZjZOu7DguuTD1jD0|sRvFhdo!`^^1XFRT8l(1 zRQ`#437o?iTswD)RMwFL&rQu3XB&QZ_2fz2aXZ+R;h_G1hS$q=Dp;pq?g>)%p1MxQ zd0|LiZI*U4XW(hCn+G4Q*NKr`QhmXZd98L<=$jS>tqEJ+2rV}0+VR*n^Firz(^#Gp zADd4sWoMcABluhToFD}TAz`v?@&bH#$zK4Y;WU#v1X0BzM+O{M36W>>9 z?c7^?9`E(I@4r-V#?_9pM-xs>R&MZ=sk-X9xw$baoL7>CxiRuGL(h%;rP>*~7ekK~ z&;NXF@!jU{E8qFYT;Zv;x~#fz(=MHy;-ks;eF_S+y$a4xv29I{b@L06X{frYS`@T# zx}D{k-!r5OwHzL8c{eq@zv|r1d(00$?0wNCY_yf*nu+?ElP`}Z#JWk&dA>I9RBLCN z^{%gLvVU9=U*&Zy>zM0pj%J}Ee+kk4Qj@GR@%<~;>N=IR9rIhM9K*)-V8I&A#Q{f>dmdandPd0gKZCB-tTQtNyk;CcdGcBNilvJ-I;A=s zoxILMGVXQ|q~QXiJ<}su|9bf6O{mdZ*G2r{Z~gLRWfwoSpjICi&y4Nk?8v z8z1vno77jf-RS+zsRe$Ok2bEKV$(A9ZPa(K$^+{2woa}HN$n4+JX>&xq9?)N2QnkxQgcYnOsa#=Y`z^GGE z(#fr!YsD_-B4EA98$vN|+W%WPZK@2kAp0ogPB=W{Jy#wfSd zV5iCyJqPaNb(YJ%DXEkjH=LcOzFlr>P$l>6O1B3e&)NF=+nm@aATa0q(eyZr<0q#c z=be|~;~R1Q%6pY3F&YvF0@%GK-TLU2Pw1}!p&z|16B=|giS&jXV?%y7N#5ecJbNpB*TkY+{^DA$| z?8ECz*>?T5@7TZ5{kVnO+>gH>{Ac*1`0MgU-W5^B!j_NA93(_fxaypn7qm0*HruM# zv*ISMxxIDi*EPXB3GZVjM_)XCW%=T(vhqR8Rg2eOwSO=-{?@GeKPvW{wjY1(o2O*H zbn2Oh(UK3!k5=yQ-Xs3o_YeC%srn=T8QQJ~Ddwmiog^uE;2npk^FP78-iO55em{KQ zQ|in01e5 zpQG$QT))2||7dT(&6?uBv(B|vTPnVP>lxxywT(gKbp1{1Zz(@!mR$eOuzCI4;9Qn7 zt#3_UK4a`IV^`a-x?$PXm!}@LDS7@rv2aC=;77UTihC}7Rq>b{v}CpXu+a@EYZuP?fPTmQQ~pKt21sXS44ch&q$3GNa6k+!nGS6-|nv|3*7 zkHXFw3vWF+Jn{HG?e14!lNafQF1Yr5Qr4`PYleT9J-T~MR6-}@(dLw$n;0KPE)F}+ zb^he~vh6>1eo#JYR&?XXgh6p=9NN$T!N)z{`KOPoKG zb@e|(OP#@sk2X=$51&5zsb5iK;-A$s=O4G~n_O)+zy3k>=^QnmNiJ3YLfv9ExjVCD zDkN_?Ry}L3?lXt_igmjyET3&CSudLz)%4R`b&*QF)Wqf}v0v*t>w1M=bD0@DF|)qh zIXlcW*<&Z){lkHk9SuJfJ{Zp0_^5j?v-?)>6YoVAaO|8~>zmYDccST{UtgaitFN`9 zuJ`V%ixQQde34vsOL_+9&c3i9KL)nN-Y?P`_C4iT`@J=I*GIjnNwe4KUH?0Quh?yx zo}PRBk{_1?wjJGjQoXVLeAMl&A7!R{Z!;>gG<`O0pXL=)NhM$9!_$o?-?Q-JSRei) z^Mm+f@gvfScJm+J%z0GTYc=uu-c*&Dx4o83IC{Nnj;F;*S;n>XoRP2WG<5&Y&(?Ic zH)$Pijg(-uM4lyYWZqZ?g)e z=$ZGQm>V4Z)VDWUv|l^z&R;*_+a<+uZU<9#}g&mF^!F z>=Ti^#m_!#$5G{Zp|aTn`k$fX`+C2NTRlyG=WmPh z{`A;VWZ9a0udMVb73trKetcbi^Y#z_BlQw`k3VcNkIT69HdVpi_W1s~t#7!OI@I)< z`#6X?1T5aFv1{%Gcat;6?_BK_4)T^wlbp*CQV?J8`fTy3aQ9MCiM>2;>rUq83Hwe- zJ@|9S(XxLGmmY6xw9B!SNnWO{{77!=!q>lUc`khU$Uva7{mOO!2P-D#PSDU{kogrZ za(Cvt#IW`yKkWUISkC=8AYpnv`tVa$JI_>hm9FPDMlVIY)=O$P{6gd&TWq-F1@s~?rQuhb6Kq< zS>X!HmAMHKNrH0GTitd1IFE{nqy)~&JQ5wbxjAxk%!wnbCr51;m>P8Bb)@(Oznv4q zw>n#8dP>}CeR5&igl!^n%Xaz(ADP5C$L+54+N>Y*s`vJEahy1Cer@5e{`n$C%}r+< z4!n(AT2^IpYopl4N3Ne{E}g+sJm>lAs;qm6x5TYi&yqwd&sI+FwNrdm zr?9iu{BV-n!CPLm6nk7|HPNpx@|op?39R8C-p+E(lf2H-Kil@z zmx&(hKR4{&$$V?$&KGXl2|*0Uialg_-aT79Enl@%a;~Sk~q5~ zH+6-~^QR6KPo6E)o4t8YVSq{RBorkZMN!R&YiMXlQ z7x7hDG|q*`+x@(#_8azRth+;uW=xsPEl_xAoyN2^;S&s0X028Wk+0hJr!Q*doh_M% z&#+%xbxm|);E520IaPIA<5xY{=WF#T)csLFLDuR!mAyOWpIWIs^JK)9P1-`%AuE&< z%9ht%byK%_5V|^Z!}5(w6IvpbUHII6eh1ag@bG%vpyisHcwJ<{3KjLbWee817->fw z=RLn%`UGvb(S$vu& zPy5pLAl1ZA|4fx`HXnE$btq5G)Zk;r2Y>mxQ`4-P_xvhK*!Zfs>!W?A{N`;tAFMuh zMQ82v;DeC~EQ0Z+NAo9z^f7)}VcO63a-PCwv+v(B6^^k5gvZ)=M;V`+CVME{{pfzq z{aO6I`MA%riH3=Z0DHIyT(TH)b%est%v? z$Mf&h65hO9q{Wd^!RxKu zU+j+X6k=zMjefUFrumD>55-$-RnPWm{hjxpA%DK)ADwCToHg-Va-Dtox5V0q${NrA zd~M(PAN7yznQJ00Og^%o|LcpqhZC7+F!#RvDta`W+bZjI@}-5nEniHMT2>rkAv^S6uNErww@_-^H6ASioUkSQO@!ChoxOC3h(}ERlGg5Ql(bwebSLW z<36p7$2xXz?Ig_0Uxq2QI^1@>Ah5>bRdI0ik(jqpRn9wpF^1{t{wq2lXH|W%Kt7){ zpq%H?nu8LSIYCDyS)MQkt^4{gB;o7AH>qYinXTvQW-edE#xh0nsM4hB%a6|&J6)8F z$veAP{!Bn}%$1hUjXy8tG00hcGZ9i+`1S4B+vSCiL|V^_A;;TO&we#5Jv#uI4>ood~h_9Rm?*5dG*J(JbO_%|Io&*tD8DPrMG7-%@!6dE8ewcu}<;v`fEGqhHi>zzVe@; zH$Thb#!dD0rsrSjFipJj`=6(;V~Gqy8aTV>|XT=#KevE4Ddy{q*;J&ae_VDt5C)RnxN<*FYqZG1kLL(6`zM^(ha z6-qx_uY7wMdFkv{O9_Rd?4XJxjUC5ovz30Dy$j%ADUNcCc`|!rUL@8mVELpb&Ztiy*t&EU&HMbc5T{q;o#a_Bww!*flKy>8b7Qo}vAMH!UKyq`brckz<~ka&*!M_t>+`kwzJK5$2Y(v`H4ZHj(3Vq=#04Th`pkCw|YdR929hp*hK{(!8ql z!F7AhtHu6qyKX8i+U^)z*I4n&faB%m&+GV(?%B@R`TA&?o%9@|vKN-7=YzDaTdnZ= zWVM@J$gM*1XpG@A+ckIHpGSTZT0SjAMLv1OGdCj+HD_)+9 zGi7r8Tyiw~V6Nf`?s--dBX6Av-(~dGnp4fK*ZtlTsb_j`;iMHiT}e&aCTeBGOD% z?ft4?$DFHAxS2(?+_&#HWwCZRvsj_*UDegMp^rO^El*boM^3o2WWMH?2fwa$zDS$e zn_c}Qx#jfEMn3~Bw~yXB{4#+Ie2gd89GPX_b5v^n^!0mH!oG_en+V)aSI9Hvohwi! zkhOigc*3;F&5g|w#WQD24YK-_yu~~GUo^?qrKRI;W!Z5Aw z3y&vz>{@nJHRkJqXB+rd?zGIAWPE(BY5sl5V}kw&d#{6 zFwfWFv&q`|p^uhr+%T#9fKLMRobqK;JD=t3UA7`-qhwOm#7o;tew*p;Z1)j5d}(Fo zx15PA6<0RqJlpa%VU81H?#>5S%+}@lT1y4YNOpLA;(#gZ)sOB4{-@vnxZ?VxGbHci z%WX5hP4c=qW$xZ+`BTfiXRX|_MRV_w>B4i~rK)ewy7}SnZj)7PRS#qWm;9)?bAszg zt%K;zANhxNuzy!pVB(a0>6NLdmzG@-?w6f$WVhoT1J;sj)3V-g=@ByEbzGjQo1U|v zCw;{i(>jiHkIj8^`PXtT7p{uRGm@70m&z5*J~_xev3ZBt9X{5`26s6RcJ=kPFHdu% zTb^g0b>gK@n^4zo(Ms7@XM*SaO#La#AmX0&^VprfMN8YRS$w+r z&TI^iX|Oo{IDFwoMZc@Z*o*^-W$;~`PSmDTVbjZW*&c5uds5lykp?+H&r+yCFj$|^8p(BnzN4E z<)qkr@^}#Z@bV1d9Xu0nggttB__S8TBr^e9c9gd73b%vj*J?D1Oif*L0&kJnLECSCnKrE7NhRfXM~o+70C_TE0G zGL+MX@vrf%w<)C1htcC9#eF=toyyhTob9HypTt=Y=3#-qG2M)gU1p+@1Xmw#ew zF2%t=-DEVNO2pk(3G@$ z43Ab<&Uo$L<<6a(8n_b=Uj;Id2VuPbf_EBLSh?_Xe;)Jb%Y*A$ z;U=vU&At^kWJS~ko?O+qZQfQTuL4KYvgBvF;t~f|z7_E(+xXbjQDSoQ+2{>ZU0yAo zGwa%vQsGG(U;k&|&AoN`@H_LG-Nxr1$Mhd@l90GkIL|)n?H?1@_02vz4r;JgF7Ny5 zZ}jDm^!^{$LhBTRwws>Wu`fhn7W3qz&eC)DWVmUkRXxJ1sWnX#t%I>nD)n38R zHlCeZReekCJ?sOkEZ#7n;`p_l&qKq{sQfwKG`YZc z`ajOPE5E+C<@t3#+I0EAa_Ll=u6H(>za4)_AF--7?VGdUKZBTS&D;;&kNumzo_>9z zPT^j6_KXSLhMT4D+c3wPZts1w*ZbFChxW|jEHl&C3gOZ)yfNh@*nxX<>WeVb=!%%fUTe~`j&p%x~=k@ zH(ZzAmvG&abyN0ifq7KRtoVZ+p2z-%hwB}`>S+41o@brSc`j|k10i46ZY-U(tRQiP zURtI3G4_qKkDYw@pF!mQ{>e6uk&VY}U!SUR{w-Z&__1%p_g(TwSo*@_CfV0jto_e$ zD>{7E`$v;p)0GX~LK*5zvk%D$UNPktynW+l)V`k)HS^YFuh(0)+<#7w-{hy(`y20n zaGx(#G5_$kdxn>7qGYE$GmR;518PQAN#ch;qgqA}k@ul+mp>+Ij}Z<&|hh=@D+WY3Wa5)XRPe}&gR zj&HkV-uGyy>!&A^7pJc&eWBW!vSmg;XYd$h-}}$- zV5QZYU*ZSPI%RuLp6m9bP4bnIZ(Ydpu05^`v-oQlXA3*-+?Omp@!me(2MfE8_?FqO zIJrvPJ|q91?jPX~+i%raE{Ko5lRbUy?2xSN-<(XP`bD$kgBUsCjV z-9fAL9vjKWz44J3l=zd=&P>*xw|eql?O76TU(Ii?ERVXpr}TsWx86zb9p*hW`Tcs4 zip<+%zEw}RAF8!~6niA{j7fsyPkVpRw}L*43;}ku-x>#hL?8nzCJCj`Pxx)o*#MN636qy`;qm| zlDUktF5H?vVTHv*-^9AJ_qWKm*91Sbv=fed`EbdO{iWM7`4!Tc_C`PAJ+|^A|AY8% z=jKaJdsZ#9>_Br9IOh>c2U)Z9Y%^L(Q#MCRzWElyXbWkv;Hi*UPOI7AKz9tb4w` zLi}6ywja^!eG6CqooBgK(tPzh8O_y;5AIsl`q7Hx(cV7qprXYErk}U>?bED@`53k{ zUnEX*=H1vNo`^Xb7LT@V&F8MWXvN<7w#GGkb&O9}!>W`CSEp#K&{sBR+n&CyCivPv z*&q8Vb85Wvq_WjGB{~Z)zr40#$&bPhyN~P&*|lW4YMjM^Pfv;}zh!_0f_T8iR zPx4}=ti1mW`^)?HmTr?1|B<-va3Slqr9xgOm>O<8+qNg?WR%R*<8387_i^8OHIHlm zB;6?YGSKjfRc;%R__4V8jEkEWTj^n*nayQl7x?iwGSwdI%3 ztvSn$RF+Jr+qyfT=8~+*hJYTyVaSf+PybF&$F3hZn3V$*S>rv-$~IL=fcIk zwr_LRU-h2HWLofR+4N$S-3#}o9N!=Ha={PoN7bD!-?rzRp2uw({!zZ+kN@(!-Pt$n zuTI>Zxh7**m({|{lVW{17JO7OVBNA`weTEk-j9kC6ScGWy!o!i2V7flA=mEcH|E_1 zd>${oA7)>CBtGx1?p!IeQyU*7Ej{&Vv+jxgiG{hft51}&+XWS^@{fv*4!pGV=h_8~ zjt5t%UOrPY)q|sON8r+Z6IbVLjpRtEd%reZDQeMnP2rV}MQIJGk~`$Cnr@x3d)u@( zO;ToG)?UrEI`37G%&*kPraj|YX>Hyyc8`a0(VsX(1J`Q2Gg+s%`{7-!YLQv4tV>>H zPoI5As&~sUo$vjB?b!F9VXN7{jI9z6rcRvvjPc`zSug*1s($VL^G)pAx^3s~8$H@tFK|yq zERDP3+rvf{zNz;%7S3@MEh{YaJ;vpW@9e$0X{xTG*7D1y-Mmi^AG(*Q^8DHP ztgq)g|4HqfcjdI~%1_tdZPPySe#`6G-q(+`=NHCpWtDVTy>+qiJJm_|9>hh)h)#{R znYZZPeDo|?Aq(Bq?QxoW)5X(=(BTylk8CUeAEOc(4IsS`Q*;c!g#U7@e(Tkba`+Zccv z37N}Z-qYGP?N)TYp3{Am9WUd(Yizb(*r)I^{)W|)pDg`aZtJoii@&*A{vaay$UoV+ zdTXohME5NyK4+_4WieI!v~pL-lbZbx>IGlR^VtOdomr^Uo3GqZ`FL$Le|L@T(m(zm zres%Ev~dTh1o@wp{I)JT;=}Q_(w`0%ky8php2&MO{dWJz*SyHPbcwM?V$b^?b3V)U zZrU?rCA|JK7)jX4##N~9-}+^D|JLXeY-OL1mel8OH9K(N_!M^bjq9~Pv>&@K@*>>m z_DP0Wyw6Mc?B3h5R1i=r*kiE+0)J2$G>vz%NKo>tLGIy zTF)QzGI5c5{fztCW$WS|ozhn2E#geR5x(-rx{G|14n>&fJTH8c-Lk()*6HHh0%%HqpDhm6^p+tJDt^L`}#BA zW08%Wisxq-6d$vas+cf;#>7jlJ5-CALj(`+^i*2)a@VApd)lR^?yZ-)dR^yQhE(iK zv^rs>K{2eU$VOy{0;Y1_u_lO&t&yi>CixmMQw#Gie3vH7{Z zjHU~CPW3#J5s9BHDkq@)r|+W+EwqQE0gc%Et%Zl zzBDL1(@_v zg-*KIWpLcja&^?%x!aa6S6jdY7|n&nXN(zRw|8<;&6Rn?K?`_D+@(TfmX_drcPeg8jGeaYr(0)a7M7 zbJe)9GB;g+?s>0mC4VQ^ESYDOzGAi5H{;uNubvt4f0&%`0D zx_p=JDt&5pog8>x-bJ5s zWeqmgm@QM6CGOlI%j&GVYsTjOe|z0C`Zn=Ab*sKqX6Ez7p0UyN(2N`Tj)$&SKD_-p zW6ueF=X8Z9-%Ov%30+g!c%|ib!$IbMaa8%s+40iCbprq06J3Rrk-$ zFPyxe)p6}>?O-z<%DHy*cSXv! z$wkMfo-6FS)N))?MM0)+YtW@fmXDA4&a+(kpesc6xWcSSIZ=H=@$=lY-tbM*2(>sG zxP6A^&)ru~a53(v3lVs{ut++rUnuV!zvODcQ!A<-zYI;B!N6#n6=>sq;mHNTFg-<` zo#&(Cbp$+@9oE{xxm~7oWw7L7vka3ipM)M!b&;p-408|7TfMu>;;mzHpogq`)I8P) zJ#`^Rd_EM0B{=XoT};r4R@zndIatT$&vKDzC-yvA<1X>6X>v}Vb%4YK|GnNktkPwk z%a;c?&YEZ|QtViG!FTnI;7E%HArC!lHMv$=F4)&vD79VWp^$#o6gNwSpa$!{EsTsE zrNbV+O)_OqZ*R`IFxvZY& zmj+A|a#W}j5t$hjdapHd|9MmQH`#(J`f=F~#~dt0xz!w_+H%EQIzK%r^pg0Jm8may z@TKoPPW4%?{ii;^_YGLw^Z3%l=t7g(lhv6TIAvO2pLKq2pf>M~-K#4)(JEZNz1kg@ zo(TAcPwAZzcxm3#E3!BKXoF4e`KTX)J)z2MQxJ2ol_MehF@;?`MnojJeTm7}QYTF47W>)Bmbc3B^c z`L^bFpFm^R(#1y8rW@;rGUd54cOAOY7_(W<{%`5dl82iNk6+rfzHGwj#-{44Gmkyv zx$&e`KKNy%)!aQT8_%(4-PpTLD>`NF54O$v*8*B2`q?=V}|KpL}^~t87ZR>VAf- z<|CpJXZB2<+;{b|Y)@s+?{=9UIoE)l2?wT0yeW(l*D#xtE`Ms%J4tS%nbsfQ`<(N8 zv9#c!c~VT_(X=z4rsc$L_-1Q;b@uBWS0*H-eYIHgQ#HtFb77a=tOo%*fOqF57=3jIH~a3rgs-kMfMzS?z(3!b5-_C_nG%ee5^^Y66Xm`I%f9! z+S${qjCs}TY<%mucqVBt zy#B>H*X!y79WIN92VPXJx8L3#acRBEhF#kgv<0Pq^&MMlJ=0azFo20fqZY5&k2e$$T*w9y;F62LPD)^RFv9e)w372cjToj z%QY?Aa6vB9rmcVB$so&h&kx%1c|3^>yYt@m#9QYoF0D7)ANIGclnmDCFlXE|@9WE3 zylce7Cf;&6-734<{_sA*?uy^ZZ>5W`ZGUia@wTa9JX3BTmiu~Mz4*dnUtMoOPC2F3 znlj&HSFX<4!CYwfHcYv9qR+%{2mY1HEDbNvKCrZSt+uk#H|h5DqN3H`9oNiWaj)Q1 zh3xC)Gm|R5?KtsHYwES>(#Ln{BwTgN6;wWN6Sy!Ui~ZD^y71@^Y6~+NXWeX0DY4D=xR$+g_Odm_ zv-FSi-&*|8g8RYwZu9ROjx6EMp6T6WFSqr^i~kHCg8h5NrhU9s@%mxy+&_gYyk}m! zlUMlq>$<>_(-Wsw*Dm1^Q(l^uB^B)u%|G!@a&v6JdX+8dvR<06s_xDIo%!$Ne+J>D zX7g-*l$HFP&p7k(Jj3IfC&D70VA<`7Jcm&05g> zeL}*&(!P1(V$-|7nK3HIH27OSUmCyt*zumwjQyL}ANU&`Jh4vrPvy>w>qHA# z0^**E_WLwdu4}DN@4xMQsI2Y%q4|6i5+9!@jm+SQ6CEj{uH14gR{rbG=8g`7QS8^|w18 zPKw=A`yrmb+I_QbaXN#N-%gv*2s@pOH07l=Nq?v1FDx)n={oVCZt8=3LVq{cKUjF5 zPw}_y_D;VAO21c{?4HtiW2MdY{Ph0}tgV07lxQT(e#CyrmhF>y?R?u!D<|}SzP5T& zclb^}ziZaKne_?#1s&8sy0@+WQd!^0x{;-B>UsAMpZ{@IukpFCz5A=i66WH~F}oPg zZ)44J{LjGJ{lRaYa{D9wH_I2FdAIy5rzy18r(3JM$-}Q4J@4vaIJ7+=N zhg&aSHvZ^3KTTG0%H`}N-SBUDp%->{9{<-?& zDz*;6t;xF&*iT&T{B72Mh9IwP4C_C97i~lpQSYDYS>+^b= zh2`O!=X?G$90<8mt?B#X)Uw5*E2hP>*eAtvN8jbFQ{-McgZIUx_qW)W7GH{}KWO#G z?0osIXMY#w-ix1d_Wm-%xSJoIf1CK9p^3f5;_|!q?{(IH?NnhtwPn8d%#+8e#A5i5 zTuWR0pMllkKSPsMMc%9I{|wCkj?Zen^YMwp<;=pC;`ft-K3t0R4fP7&+Hbb)?}|F9 zgF06B2iD&__c>(B+zItZ_HJ_j`#Cmt?eae&?T@;2m$%k&%k#e6l%RX|>c$SGc~9mP zc6B}e$9?dTwZ*-|--`cseX-S8=DPQEB-06NIqOGz>>r(fyZb)_tLWdQ`AcRWw-cUSxf~V?XmA;SZmlWYuqze`_pyvHg4h(wEm2x0_YO zE|`34hrjT@`*kuO_AZ&vZ=bxs;=MCShd!jKN%PtC+6S?>WnQKb$@qXPf-kziaxj z*tndT{Ju9;9xeK)en?g=rPtJD$}QJIX|E0QyqM3wjO+UzPt#>HJ1MNrM;~sGFgm1eJyS#4DRY9q| zS+?0uAH!N7S*Py2{8cqA{~`O*tQBhcQyU*ITt98g>h;n;xI?0QrC!%=m{PgXxQKmg zRr=xgx12q$-v6y1J^kd4`y1TN+1FQY_Afl-_tC1J{}y{_ zxX(PZ-`BGr?zMkwjXhy|=dif1D{%V?J!ar4cR-TLNjZ^c4Li)B&UFoP1d|v+Fu9r_X#@#&eHe}r!r3oUXZ?b$J zTFaF`$~M$6?D%~Ao_%kj)Y{oj=ZuW_o#U3SdGY4dy{QK)=6g-L*llp`-jmYTE@8`S ztxg_yK2zhKtTNeT$=j3v8Kj=rINSD3U4FW@QfuA0nYO-V@q%0DYCCV7_B(iQL~<{; zv2X*!*_zYqe>^_2Ut*8nEdN%;%$)Kmos$)Ir}X^QUNlwRtmtv!g~gtCr`ZHQIxqI) zdSEU0p=}GV`rYAM8}C?mYW`-{^$lAXKiWTb-4fVcV&t4^AoKlB*7G;de_LkUXZj-k zqxGXv#q<3$Iu*7~W|t|5wq;ny{%ywJrGGp>I=-uu|KawwweL^t-9u(Q#h;j8#_i?u z()jb+@JxEgg1pp+m*PPLQAMCo7kEfk+da_9`vVU)3;g8Kn>&&jm99-_1o+)^6R^XQH z4`XXqU9*{0Wj$}_s(+X73z~Yb40z=_v+hw<*O&7*KR^DrOh4%Su{Fx>3e)ly&-%d6 zo*`8>Td^d4&y+dsi4(L})+$Ht+A=w?qp~jGL35w>`So5#VeTv2k6OrAMaM^Ed+3*J z=gm1GVe#B_>Eg@}cYXJ6a+>w?_&41ji&s_5x)jfzCEg>+ci__Rw0(;&eEFQ1COX5o z+-~c`tA0Y6^Icn3o|m3JQQ5gAut75=MWM;~82eUBPKDmRnewcjdDws6=n0l9dTy|6t`oVm;kJ&+yFRmJS-p1;OGZp# zNbahc-q)^IA**fm=!01Ld6vtaI@6-JhuC}(b&CuNIOJeeYI5_PHqO3bDMRbJsZ6_#W!BkhM*g`t=gZ43*K_=5XO$agOf%Q|an@VpOziYeM?-lSAADba z=xC)$SJTFY+|wl3yJi+yod5Z3^{pN~*61F_38ydbb$*k1`brVAbi$mgs|#kRn+7_( z4|ZGo$G%svOsX?aN9@q7tt@$m-+g`^a8o6x?DPEkW9x6b9mr)DxqU^-lbd(vJL9fx z6DC-Fk$>#E$G2xr=!^+6?JvD&&Y9GEGyYAM+k?fnXN%>GeuOWn*mic|{!L-db5g6W z=kl;T4XvBG(skDxCFfa}Ok;f19X)=$e{}uLglPe1%NHMtjhK7U;GET$^|BwXcl|T? zcg{}T>U`5z?v6=n(rdc~cAQrh{iVO|N13eCHAm4M3jJOm=Xc9*{@UKDd(U&NaE7Js z_K9(=GETF$^xG|!niBgc``_vL+vhjbS=>JQuwQnMRoXU#rT3pkO5eYj7gBiRg6^Ej^X6_2D~XMF`zSYAY~#Xs z_d=FclB%7XI9A3g^Ugi4zESkRgU5?)SNM8ai3YKTp3M7d6EID>;hfdwJxi69KdoHo znr0L9RDVW};n%ZK+ZzPDu0ZDn>hXH37cObU2KnfOEnb=&nhr) zTo9Jj#Pp=jq~~^=HI4N5bM=aj4pb~|hnx=r1JZS}4v^Xjdpu}Uto zd9=FYyy||gOB#I6T#aiPe|9`tbm*oi*MnsFUY7?e&KYGrR&XjXu>V^c`R&2muge@` zCiY0JH+QlQ`P92$QuS5OB`g!?aPgd)Zlf(w9d5m9_n8RIm#?G4w@W(hJia#}OaACt zS>DXm5>?#`!rU#DcAj-Se|F-r?D`N5(Y|{Ab30f6EQt6je`=NVtdln-eswSy%I>zQd}^RWkgp3lFoeY^0;cT3-}XRc{+d#=Sy=c$l+er?NF z@A|15k7@J0{MNAdb7Nz0O4`$f8WTUcS*WedT3R#TJkLNY;T#*|+oK`-Rc>uku=kJJ zA@k|Vqd)#7lCv|PeE;)$%A}{q3aUy?Fa4Nhv~fe+UhV!JGc*;74qW#svs5pMnD+G4 z<3fdm$Cq~Yiyl%**0MZk({=lIT%D73%B&+-1vc#{KXLNqy)DZZTWVV`o^$J7r2-$H zVN{s-CAWjzb2OiDo!`~vZ}7I~>p_#-nJw&R66bulv95iUrSQhfOYeO5xKO*G$-u8l zs>@l!?Nka+&A+)>+MJ6f$*!C;kI~fX_HO6RljnTWO6vA|>T+rt`vPT&_hGpk8hURe z_arUKm@lvN4W#xryIgC|OCFYc_tM&AsoV&B}vFP!P-`n#NFZ?Ur{&&g2vbI|yg@L+9h5nv!51RRe=g~$}k%?EQ zwli;yk6xN^Y4aqnucC1;MHdFLlvg~tc=X52GoQAs<4*Y;^G0LRnX}t1EF{?pYl!k zG4=U8vs*tU&POS)HlFp}&pqU-zTUcdo@r@+s{CH;CraRBAtC+8CoO){i5!`t&R zOXk|TI0#fe7TvxqbIr}0@*9|DWvW@YZsO4K=XoOMR$vvjZ*In`g^QJ0J|4fewAo#O zS$o3H=gOjs(=*$dL?4u`cxI*S`_6ayZM8F}<(_|A%blxMdA-fzIG5d4wduub{9lpd0j_>l25p3hR*wCMQZvnCA|%63~XM7>z!_E=E8;DvUw z=Z7!r4*Bc!&)%D?HBEb>$QORz=tE5I9F{hd|JANuchSaP@RSl08-r-F+eM|8{F!WQ z)?s@D4|1ezb>Pnmm^|&-EAAn~S-X}(1Y-_XqE*&tQ@Mw$f7LC(++{Z;_j$Q29*qfR1*?{{Pzkk&A%U^PO1b-xL zQMfcsZsK39Q%)=I%Y0iR=8?K@B2O}Z-`rJ4!U9&k75r+lQc2Bma?b_5b6jl}xyGbi{+R(RR{h;WNaoHQ5e}Px6F@f{!yoH&0ZOC?cyEdmgGC( z+kUXIUbc}}z4%Y#Kf|#-{)atOuOzqdJZ=BHzF@cf%{X@N(g(X%tUKZUJw1+BJ#cgL zN1G=K>Xzjy^N;Pk$(ZDuS21Pt`6tca8P=r72>+|i4%sDl*0$@mw8^yuOSLr|pDI>7 z+hip3{L@+?c_WpL2}Ri#?YLi7?5RF{fp6>cYuA>U9Lv78PxRJoc|OmQ!;-;K`enQ` zKgYgEt?{~Y<$OW;2fMhf&*PFNM3k>ve%$A~u+e*a{(k`7=`-}ZE<+gv1gO@l?$oG^VgG!iGYU>l za$}8AE|$Eq#qaxrdmER(l#|@MYX(Cgzv;7oI(ww1t+jnrQpqVlbG^&v58avae0u9< zo-o#P&w3zqjhV5M&97ozUdXF${nmVsbzGLDDCDFt2Zf#8I(74{6VD8%%7hh1X%;!W zKN>spjnkruB3XrhR(|ZC@jK+B)2cmPC1tOo8!um*lN4_8+P7EB?eLG?;hQ78cI7uP z1~y%6&^}cnYpZYCk$C%0LfzI^_cUEMeYhf~Vfd+!HP%-#p?l|(I-OnBy^+%|JX+

>bK#kHm5*+v$<_lgoP zqi(V8m>t~9ZrY&|bjOR0*QaDDF5O?WZ~wKOOWxgFBiq5|&Jg@K_}b)5=jK~WTg`>f zdxc%tm-yjf#qvGNR4PLfw4TgAH^X4B|Funaia+{pAFgA+vbB7Q{?wc!Lbbh#!5*74 zPM!FX{O$V3M-|H-mA=U=@+tezuq#I1=h?3NKh*pWrGGqsRO9Q(hxVx(?J`fia`*b6 z-(@xBpUTIO>ugRw*Ht#2UupV_{XYZC_8<9XjSnRMM5?ar)noAR<`HAwTWc5T|H@Kk z)!v&QDvzdj9P_%Z%fIxWrq8VW<~>VuYPNn{er)z`@4tQz^EgsmtQ)^P+qeG5=QXoI!m~n)s)QV8A1sx zzpn53q3v?L{vm7Mt8X`-y1GgxUfZL8=v#Ztj|ob;JL8`Jx_X?^tCX-$to_0z3wm{^fc&DoCz8~tpz1<RF z;;*yZi`%pc=U#kO#ebBegu7G6l;g~Xc{|@m&04npVfA^wd+|St1NtoADc?v|pXYD- zEKaksfA*RPC%H>cw;v0h!yL2qd56%s=+Z5Fa?fhqY25ibE^EP~FSer5x7^NrweQd@ zUiPv|ylrZ?J4;=1LgCKds``dBvw57A5sw9)e_3z!VSAsA^`jG)JwNJjY(BIwY0CAQ z&j*)QXuZsxU8JI($$sOyolEM zd_3Q^NAjZ>_gwdbddH5{Y~Y-;V!hc9)?~T;zr9VLo~aZ&^GT*}#>=?xnU7ef{FooM zx3Mhxwuk7)^IX}lHh7tQm>B1NHd*azS^tuMvj1+#GyVzB6kWIAe#*`O(WxH{vR}kE z*C~GJ@5t*t-?GP9?#J8H3v}aq<~AwVlMC5^KH}Pi%6Z?aTgnr*rx1 z>6Z?+25PeBJ2%IhHcwe`tz_o)xK*qDzT2F8@AUC~+g9&>;g?6Bba`@n3Or}p@<;n) zviJUvs$1R*dN2OHlD*#R{^hSLd(v)|o$@dUZNIkXSFZBme_TJNivIo6;;x=pdS!uAWByp@g)Z$CA?`owd_*>+#w-4`pF-@2b$ zAz!S@t)@fG~yu}Az#rkk_WW9f$>&}9_tA}F#o&2S2Gt0hntHmQvH{FXncrw?rciX2&&&Yejb6qTO z8IQ-(#=u)!S6XGp@lDsAFegbyWqFJF6Gd1f#;^)em~4tW!$p*t@@1petZ`zD-JyfFDb}8_Bd*ee#alj!qpO6 zyDM)dNIR{s3A=i~Q|FI$F@HzSGS+9U0TXX;&G7v2bgOlDKmSX!C4V~}_PVbB!+SN) z#$1VWW~%0=mH&j_#uP0KHG312aPLUfy5%cxX0Bc1UbI%2;ry1bYvwW^vs!bjVMDL6 z%=>dyT=N}1^zD^vG0Ckfvu0zEeZA;|{^1*HSEdQKy2Narcw))k#pbQ%Tf6>AU*Vfr zU(0=F74y^Ldpr3hv!fnYe94+ssgv0K?y+^d>5Yob2d96?GOka%<*N{BBrU-kX;t5D z+W0uTvQ*npB)GR@`Q%Go^DYH$c*-uia^}POjyj_&YLnDA=P3LPmsmA@R)1fq+O#0< z)h9nQUkMNVD1W$Wf2(4q$?Bxm4WUh6*>=v~UNPNkgVdC5xlfxv&k0`4o^6&an(Jd* zcB$H;Z}W<%>CI=jJ{deVUH$N;$?bycWd@BhD-S14K4Pab`N%&0cn-&mg*>-UzkO~x zJ6GqIUaQ(%rph&JMtdC>UfQ#Ty;@x9;=E+-J5vSE{AbXf*R;VVaPj{3_tSjEg5Fgo zOPmm0pELct6qoDD*p7?Rg(nZL-X5p@A*agvU^?5&J$v$$SFTNT{i-)-$;{I~s*fD; z)m^vYFpp*Ok85YdrOcK~yQl?mGKO4}s;Ijku&LHpM%z&3$u+k*pH*L0yffIiokecT zs)t{!ErX+Ei!(R)S6z&H)4|w!{-f09hkJ|Pl=CioHSOp;^J8y5cAfW(-O{1|#G>Na zlV3eoX8k@QyDs2SX1H>G)#v4suGSKE$ENov&3ZC(O}OBOC(mEUv@L&V>m1N=r=6>- zlK0-0FMq2;cU+D;min{3_}1$C6|3L;%D*9#Utp>2)jXv<)iJ_^*Ee_VZLfk28zlIu z!s2^OY^_5tJh>e9x~ApBzc0tFmMzbG=9p3;WAt^!mMfEVAH9^AYLmXTT15F=*tr)! z&mWytxAY;uxJ|j?6xM^0)^gcfo1-u9@yzCl-l%s~=<)R{Vb_oKN_+0ykhwmQ&4sn` zxb5q+Te7>mUHd+rY~*q`eHY+8<#qG(-gEDd)G^k2`%dC6R6HWR_@_nj%Xs@g4j-nz zn_R3o?c&77cU!;8H`OGkuFeRGe6?Lk^HI0ikAG_GEq;7m?i6+IQ?}8fjDKafd*)@Y z<2@9`<+mGxvx-2#;Q0kyRmc=jA4bwWl@KrM)}# z?&8gN0UK0`v@b0?BeHHy;w!^fC;p{R-phE*)#}v0>IA#<1&;qz^QP`P)4fdmUW3@r z?WODLo;{Lo=g;RjP(P#Z>$+*IcJ0L#_{g?@N>HN%sp57b=K^WFUa;W&6@J}T5_27 z%Fp|jemMQ`d#8GBw9A!!#|!OsMVgt_cAgjdqkh%KruSL2?yY1ck9MWqmVabx3sN?B zh`HFSygc~$+QQoCqw}O=A1d$nI47s`qKK2A}pt~Ql_8`^qxAO9bZ%hCSVOrBrbYP93BO{ z`Kle;lO<2-%syg}zj=C@hxX-bJ3MuqZ=dE#V2hdmJZ}E#7vj^Ul>Kk$pJ99%S2OK( zezEPI7Be@?_fZF5FFbSgvd#N|uI%ie%2OMxcPe~cT{i7ML&o+y(TbJ7uJ()Ec9gkM z@iXka+*G|88#oH?-+gR)m%U=nJE;l&Nhc*H`Y-odt)jTB;>M?No3ICsOIwb0pUdh! zHeG#2dfZ;akQvKalR4X-8swhya~F-hx`;Kp&*Im$rFUB)E?*^9pYrkiDC|bhqQvU6ao*EuOyZ^tbka8_(6Ybxz)udY8|; ztn+QYa6w}4;jKBDSxpahTi?By(aLb$HfepPLc+~wyP~sGcWm{{^;*r&K5yr$vJIDa zyxvhWv!~$X7R{dxuU*0l+v5Rd(n~j9et+a48_Hey^h$8l(LKI7&#O0{WM6CRx@H>7d%lB? z>^oOY_T4LGs_Mq(Ugc@9OIGHRxOS0w;eqpB+j&>tbGa90uJPjPe92U&@JVb&S=qU9 z-a*bhJv|eBV-PG%g0ZDb|*aFn-u$U zd)Z}c*Bmd+SL|6a*R}M{yejdYnRxtWKHr_x){OA z&KVZWO{}GLLf0O9GpDR^)_1jC<-2m;{0ILTgd7W*qfc|HY(H14y}0A{^7l$RN>4}z#%|(gxR$5xBYN(%*Pe)FsTK)_ld7+tH2I-A;a=3F z*?naz*KkWO(cYz5B>r`6tlit4)+b*^Zck2Gll$`4(r5FxMmZH;+io&nc*~}r!J1!B zzKppN^j@-XUe?jwZxvP^IB%-;rp!Gz@7v|=Gi4S}ylks=Cg&7~de7Id>xxcg)bw6B z<@ho@=d1UQImZ=v=HFX%tfuXYIfwK!m9CAl7y6&~$=KhmR;E>cfc*=*^Fe{tk|X10geeyU13Z- z#XbFp8kVc@T~#___Q~?Bbm5$!O|oC4dRtGLyqUWsD4{CQSDQmqve^4V`lSgQ+0|y` zm}tt(yE5g?gTz*o35+I;B1_U4o~`nW5IPXLQsl|R&{UnOkd38UCzh;Zk6Lr;rb6g7 zH}+Cjg%~-@B{5z>ih0pn-7cWsD9a~&I<6({Eai!&&ji;_g zuMXB%t&-_tn0lkg;g!YX*8!I29MAteYjN7TN5IHdbGe1hm3Lj8Q7&cb*}^Y9Y>xIU z?qBM2xTh8+)G)b@fU`yLdq2JPhC@Hu3g;k0L= zkKVHGSBxyT_S*O^JLvP=!)D-jmBPsF-}HJ? zzCQ2Tvej^AXF=>0n~4**6n8Bwms!`c@cGj0yNVo+FYn8~)_QYNWr4OR_kV`#Ym?qC z?AGwv#KJiJ!9o^GOu5nc}~=U$?a_Ft4*R3yw~>zl^f^%k_c~{=5*xSi|T7R z{ld(jp7h5@UAS^E^w6K<*Kcin{#luwS>5K@w*HA{m9&?4tW<8Yp7(WX*;B>|JpW7= znw&ayg01+N;ny|0-$hJ0@NI4I#+EMeRIZ7Aj%$7!(H?2xKAjIcqv8wo#S??JJ zb(YY@UDZ>UYA71A9;AO@h@7}(@_Ui7Q?F^F)oBb0@78`l2+WE>q>WNNiDIlw zO9CoYl2+Wh9UG&v;g$NypBp#tI9|2m%+aGazQvj!H9VcC&$H_2bd|{m*6V#N?{@E8 z|7`QrqG_M!F5H!F>;5u;H|*DWpX}`FY3g~#uOp1M%uB4~KXX{;@XocB?|Qy=uFRAP zy0iY>#M=r?)m%5*eJ@^mu;g07CQGK!)Cbosm))}o()%M*qWp2K_Ux~-nUtF+&Y9(T z!*5yJ+xdSKF1}LsXg@gNOydSw(JPh31y@b$ke})KCOhJ^vwg+H;> zpSNoj&Rev|f8(08OV+W*v3&uO>Ccxxj+$1dI8F1L$MJjz*Mcb7vnO|ca!Q`JZ|k*a zXOnNwT;JGR%?qvy^=tS0Xt{Ix>BI|Hu1jq`ssHXIm*M@jMSb4`mOZs#?&)gNe!b(Q zeMTO?b+2>h<+p-2U03X@+0$^w(sH$?!7Qbo2aVr1$9P;z>sL)x&f~P(nsoWdbkFJY z94dc0U16OvaqT01mQ1NvCU5h?a+-Hqyo_14_rs)14_WU-S#O#D`Kr6}z1`=z?s%{A z%k%TvAg?JCUi>hh@AS%4Ne7=2rO7K6buV{&^D)1Dzra3?8r!MK8?QKasofHDZtnWU z{^0uC*`n(fY};pbVQIvaM%6<-O|{ux^*5&<`loei!nsA3T~DS;Jlio}{NG7?(Jv~K zo*y#55PN8^QpHd02y?&1SH5IadsWLP|1tfs`osE1Njh~BAE&N5xuxz=CDXQA%k^HD zY)orbK4ayVtH0(_&iqAbzwWlzaa>oV>_vX0hh2IX(6GHM$Laa?uCMo7_RH62*0Vdz z>OZ`{gL7@vu{jZOCqFaJbGP*^4mouHVfs?9J(I5dW#4#7>bg$A^Ly(SP5UPke(Ijc ze}<;TuWyNbyjhd_L$aJDS0Yj`$FEZMW8c)*b&P-a{AWn%@64IDZJt%GR$0uOD-SUnFK%qs0$BfCucpWZ$BGO(gN@I!gG;^#lQk7Lcg87*jQd+K@o zvg!WJ1;=?TlK0ym*OdH1d!t61)uz1Hq=(9Rh;VkhFl?3(r(AKB%s z;?FY2;6Xz8$@?FI;%{-)H|^(D`ceMytz&r9mB~geIR;_pv|c)%3N!6f4O;f}#?S6= z3x2Gw{5bp3jURy@{-sNmsMKx>vAk3KJ^Ka!&B+hKrhhnnnEUa0;g>7aT)2~&dxZNR znI5Y}`~vsrk8<=eQ6AGJd>bDtZY`*>u(PT_h+_N`SH zmP>j3xKn1gOmFeFxi=t}^TYIq$B*#$#VPLD{o(Jflga6f)l<%E_eae;{;>Al%36~dX9T=L zmfcBb+x}0W#^;iK8r#+Pxut>Hugczvd{}NXp}1@PhwtB7KZHIJI`rM}&*zQFdZLXg z-%RtC%$7QQQn&k-e)E=IE4JUEC${(R7Cf7AC%z)=*qx)I&%XTLZ}r&jYwzR!u6Yt0 z@60OFee!Ak-NW)W|3vqHF#eYKWBJGLVZPbN#MUog^{S!5Hi=qC_M@5&dG;i$uzJAl21hK5#BL`Y#s;{v(*vVJ0Kjd$pez=bF zvY^2N-xBxpnqSqn{&{dC>F%!PI5VZJCF^R{xcWEu_G)~(sj04fZQ`D%VZ1$Z`_~5M zdWt^{`;!^;&Q0F%b~bH+?h4!&Hr1q=C-nW<|5C7Pi8ePu}FS-`CiMrY%#W+ zNz%*Lnw*?+f5)78yhffM#b>20ku|_H8!d~Q&ui`dH!{P=L*B_ z44bO171t+vaDTJ4Sh0-nL2HiUW96-4smDB~Rc}#Ni@73Kweqf{dROlx**o@Hd!$xe z-oWZCc-$mnUDD;4<|~iwzOvlvI(Fm!td*)K6(;_xy5i6lbjIq-g7BTjuY8q-=Urvo zb!TbDu`^Sdmpc7t&`?h`d1JD!$+ORJ^4rj~)6ZW9J(%FX)MSCW(yA9_VG2D)fA7tG z<;pJWDi@tF&tavQke`9CcBh)_X5I-|5rLb}KMXpW-`p1Xe%36FPK#THe!oN|`Zhaw z#$K(HICqb6MQ#GuP3@ndFM>BUU!EM0&$>{i?5DkfOz72nR#V~-;;^d#KM?XEMh)nJ0|1tf;7H-WY zTQ;AtOk!9+%g*4B(59=8%A4f%9;7yF9Aw+~Z_mZG?-f#KGM<;|`Xt{S&-q|>?b{xS z348{7+#x^4HZh-@b<>>Ro>)u){tu^glz& z{9E&n&fo0cx9CH7U&^#tskcX}*Kr=|`TEUto6;05x7S4P*ZyHCi6 z6|%do>ht|*cKle^$+q|5>8(4q@9eQDQatf&i(o|Y9I4N`$+ugkOg;IC!~K+D*HjU? z;=m((mwbKpT8c0yzV8Z@tFFyFEy%s&%knqDr@k-UsFGmxfnmu($(26!Z-XS$z$doRS>FElXlV`g^^@d&0@p)6O)o32(;bJJ95 zWp<9w{%>uDO0w0Yf-JRj2A+01m(OdrkIFp9tKBGeXC>3jr_EE3`UOnxsWX`u^!eA7 z?FCv>9&{zTF?>E|e{9XJ-sLj?872qJDSI^0{K9e#7U6l;SKZZF_|L76F=}v>UDdL- zsUSmTy;hIV;jZ(0Pu|^XaW;PDl!fYR19lcDE8l8T-Z{CXE-d)g#;-!l)L8oLe|=q9 z_0*f;YV(SnTsLf3h6I^qXXN9GitqP6Y zzRlug-`3`Wnv>jrFIa`0TdBb~cf(B?u0y+KJl(`DvVG@lmU9*gvzh~fl2QY|w`zGX z9IN{Mbw$34g^K6pIb16it8YB=XAl!X!P}VoMWnUS$o7;B0jr{&vy6I12^W?5gYkzNge!0JDX~~m~ zA(Q(aTwN>KGksU;y&YO-{B6Z$U&}6?r0FS?erv0qOKX?W$2naKzP(dZPB>=u&vZ|j zrAp2VK3VtKCy!+pb1CX9`Jg@b;@w1PuL(CLzOQ|8+fd*ghq6M|g=x#CTx-o-(xdIc zu8_`fE#@;r`~GWN@)mWpdp!Ba_jRgClBvQ5m9npv_UMz zX0hDX)yrbo4(Ktyo^{IWqv`UXOV+hQA6e4VndO&e9xmTo5dCpovd`{2U0pYH43Fl% zyqOpC@z3kFz|46)>cxH{pQn`my6XMAl6%_m)3@#RTwB^cE%8R@q{5@dp_>xBm7(HksJD89qy?5G!)t=Li$Ans}-)we^S#`tt#}#@?dU-*9TXIySv0*__3gU+CvGVo^pRe~? zp06>5X;syOYx^cLCinh49$&TOMB3e!{3opJ%rfbF(<=HrlUiDBD-OQNj$@b@&6@ea zx-in}PnwhJ{T+-azOP-7uG?q#`%G_xgnj$9)tZ7Er!;U#u8ltJulwihPln>IqgPU< z8F@S?o^x&Eoo73ySIybJT{$J@JY+|D>!E%AuFGQMH=I+Ezqa}PR|&-p6Hlie zddg^1x^^L3y4f7R^tg$Wo*Y@uJ4a^T)p##?v;PeH-v+*xYPx$jzvp*xxQ%U|WM}a? zBhP=Ki+#0a_>0$k$jSY-baK*Th524@my~2|cR9eYynN$2VdovcRd*Z2Ongxl?w-B+ zv0GW<>Ap49SBhe8b#1b&m&!W#J;)?SI_Ux9kL%1UPMU0b@^q8Mqh0rfcc0a6NswclHvuO?h$Aw!WF}T)TIaoMT_^wKFqa zjKP(8**mM!Rl6;(ihbpk_X?X{_x7-?_OeTFn3xWHyxw?eRmQL6caIzA^l-gcQ}W45 zoqffMYUx8VyC5$aAZ(< z@TBYftP^jSOHVb?=l3*t7{Pqu+q&s~A8s9Rm-)W-t@2?v4#!UiWKycHUQU^4_no;p z(ktBjTbag-TN3w=74Ej_yShJniNns?#p|P%XB;xuYJd85t#oGB%Afn!*07VNN?uOT};L= zqs+u~4u9|dvU=mqBa5GXm00%VpsVDzeX^N_ZOYf>dtbV9Pd2sUULD9$Fco{zUzB)dcX9stG{I&U+NsM3r zZMo6rm~f^p@zOG}*^WuoUO9uD!Bl$)Csap9}{^R=Op>|NWJZ_F&4_thXgb?cQ^b`p_}rH?Ga zN>1?D&#k)N_q0npLnn9{qkU_kJ)4Qg^J{fil?o-!mVY-3i_^V!+rQ6ut;DVB@YE|o zKDRkL0&+gx&HE_#$zl1*HQUtH_g1^qZ!X>YdS>sB=kvBI)txa@xBe=?{`)Gwu&3?$ zB#Ew=-Sc!AojkHi)^pWfp7m|V{xn}1CcY*0Ruk>h{Q3I7PVcFg@|JYpVfAJAJk6}+ z9a9DUKk{7P@FK(HK1*{?o*)17D6{>Wx3}pm;oI)=*79|fozjP|OV^0qV%^NU?uJTL zs77p8$a7>U*A#uA^+h|Qy9w?>j}YTivFH{-5Pt52lgP;OE?R#c#U=PN(k%js2L%BBmxYf?FO zF;;E*hu;T0CD>iVY>He{HkLe?ZE0|+C*}N{lK%{5+U8x}?mD%rwoI#P-j=+vrha#P znDc{vh9mnwG4}uax%i)8Kf9)4jV+(?!K2=1RxZA@JWPAxr!7@>t6tS#Q2EcWFY`mj zty4mL^A-OyG+e*(`r&!rW6MuncqsXwA#L$w&kG8_cez9!|DLIH%C@_7%Z;DE57^0H zNx2^QbYtmZ<`e7gA3I(2iQA=PW5h4Uuj@V9&U=0~+9v2$zh@O|@~xMK`#aV4^*XPr zS*)zQS2N9UqTrEFd;10Ue8}&3_f9IpWTl6C|CB4)AKo7mnrAZ8;Xgy!zPX#GUE*lk zH=omPU&QK;chGvm;0aLV8lPuxF72uG1b`p4*YF4Sx$!eKZ7n`aa?WAsl{u#vMa55ld`tF z`(mg0Vc$&su6+toFSA+~^(F4V+G+Y*{I_k5)%FkZ2YrQow>P-?&N5bzcx4-Nzs>$A`bS(S>Y%h?%sP?U?8pAS+pQjDh!>kKS+GG}wYoTdVX*6h*T3$b z&a$crHb_3aF8lmG^FM|k>bw3}n@yE(U*w*uV6@zC>*pUb&WC>=*R4_C9%gT5#~L+z ze@EG+6Xjxa>O{Yne*I(R-f%I>fuo_$CcHg!|E4eV`Tu19-JG6ts$1{Px7TrvAH9!g zr$2ZsQk1L7U-jE-XRD4c%YvF`>a0OMb1y!rnzBu5>hzAUnV~T~3+@=7M4`8qe(qWPQNO_kgDG3@3o+uQ37J}Em} z9a&wt;QftH_a^1aT`yl;(f{y2LrczrD{szh>~NpCd&AMnJCid0seHV<@}i8}PMsJ2 zg|mJYKb{g*BFDX}@^R3i`%llWtx0?|m-%R&&ve{TDKxW2UY=;f(bFP{1^Rr7W7clih9$E@W$|1&U0AGx0qwsXto zjCWJaEx8Z=$$qlGN6uo)ht@T>mcHT?xszvU_jA4F-;Vv6dy@|byowWweyF-{Y0`za z$rC4E_?z{g;jQdLez_mBAAZ@jZ03@)x?6;ri?uWl^;i9jInA%5r+@2cM%l$lQ)K*3 z<;zs~9}~Fw>X-WT+-K1%4bvx8&-$$2^K1II_Rhy!J3Awi@0{V!t3R}7@+0w{ujhH< zUlhCu-r}0vrpZ<%XB^kPX6?1rD>jDe>rC5O_T|y8$6=-#F^{LHa^Cp!_wUO5J^qjD zZ+X|vtUhDBsxA3IVBFac%O9ur*9bnEtL$~vCgD=%)2Zs6v!C9+@c2%6|DXB~`&Onu z(yYl}nxCG1Q}~Rmg^JXZJ%*3ni@sO=J#uMFN@c3GeAQ=lr#`LjW~;w1BIhqRpU?hJ zGHde7{|r*OfBc2c3*32g#_oO8r61A1Lw_(Im3p`M;m)=jZ~n0jU9aTV*nc#uOzY$L=csZ1Y`k?a zugYw(rFP%Oaf$C9ZK+*FQ_|jPFYA5U9Qd(x>$leY zrLKu0cV;|{Nhm&=^2h2&?)o3eM~cs-8aW)#llUUKmcQS|{^9QH*N;AqvAxuA!iwvj zZ+5^O_tiHd-)^63&U<*T@8zlQOuiUx)eX9R@SjfGvs|A;i;UhyeEhQFy?sVBKW}Vj z$?5ZV{3pd)oO~bCd%x?C>En2b`x*NT3;Fm?m$NflzKn4{zB;1BaCyc(sZEuW?psb| zXOVh)_)(Vik}oD*FRIHM_GjF6Ivp`T=+c&BJIz%%S<9-#kE|^|x=(|5weqb)H<*Ou z6o1?Q`0VoGdW+usts2SyF7*Emvii2hU-aMQTl*%jJX^9c@#HD9`@7FpS=48S-gvdJ zRQav-dftjOUfoo4t#uEC{5YS@T>d(a|HIWoZWEO~3M8Mr$bJ&~cSGJ6S+!f=k5tWi zR=^Qv^Jw*t#ouOpH1AjF^Jls(#xe86KecCjIi60{^7ta^RnU8WLrv&oTk+p)pMx&1 zz2vsV_fxJc``!xsZu^Yi!YdE!E}OpZ+11SgftObQJ7*PsJYMvLREwSR<$DreJzQK) zaNODXcGi2H{Yn2B#Lg#{u8Y2<`P)SGN!l0LiuXse|4xt6yBKbnm87vZrSk3mw~_xD zIJeZNT-)-e(&(+qdWF8LTNnL_`cSr=`$hPfCUr~IcCWenQ~3p6{)+f$BE_=FwPat? zsf{&jY^%b#AKAB>Z<{Q-eY4>Xd4s^X(ir=Vxt>|BFRsMByqvlDN6_`C>8EC<_SCNq zeYT+{IDf@)o9SYfUE+BXd{tNZ`8NMhdSSDx*ds+ES>Z+Y#kFg`tSvsgIp(ZQ;=gk# z9R7FhramwJbaF}YdAEwMPmit5FS=;@aYsM1*4gl!_a)ga9_m{SEae+lhs_e5`)rle z`=_1#ytmh8RCGIB^kGaWja_|=-?Zel_A9HRaO17q)~k8-9G9Pw|@?P>U#tC7-_GPN%`e=`)Nfk5y76O5fqrN1*4e2n_Ix|u&ib~}_sIK&a&2+FYfM|#+aBFn zvB=)+-sW)Gu-`RGm_EG-si+(t`)-YfHY_iC%8WUUM)_GVN!YPu*?i`%@B{5=};DT+_I36nq&k?+|>%o76I zYit*vXh*;}c^=?)E&F)hqh7 ztaH6Lt!*p+Xx!KwUzPalTth#w%q8o3N`lJ(| zbb%?4q4(53__9X*RZ9ur%FV|E*PrnWs(GIw&^I=H$~=N8Wfmy}q_&d9u1_vC=h- zDAvkk3;UAaS6k<$-1xZfntJ1`YuhjVyS@B`Ztn3J(XH~AHa*>v+HvG(S4fRs^~LH% zAvq<#To1>-oXx4&&r=+HI$!6yqf4^|L(-}r#pyS{d)-Lv-Pg8Nj8!K>PlnHbZQ9uf zlik9WW|s3Db8nT9W0WlneS4^Kc8m~z;Oi*!4JR&5x@5>wRQqbqwKp$#_myit>GJZ) z)2O=bY}=gqHtp4cr^XSRq7LR18cncd^?w}QU0eNpwIs)}Ea7=4R>6z0vmB(mp-;v41J1l~#__AH?&X(Cs?luqdj=4MD2-H{|vuMq)nopA=cygZi6^7TSuekGalIhmZ(>lzhSEZ)k z^0*c9M8GwCrb>10iiW}~TpfFTlirk;eHYq1yW4o;-#gcx7v1^KkomHAC)26kw(p|P zcA0IiPG51%XYJDshns&~PhD`R&W?^M@4GbA2JeLi8b`mTDA+or2R)xm8CZM8RD`Wg|;Z8TN#!QzDM8tdesIx0~ACd9ir=mMbBD zX1>0+uJT9xlrQgNp3SaF@wWzhH2R~_wAAs-igjnFXTP+G+IKmipAQf zIxHc+?WM#s(_^+-SNC3Ks$BEq+ay2Bm5X;8HZ3Xno3%*H=hmh@p9NM6R6bg}_|4Oe zXA^J4oQPSc9VGOm?(>ILimS!fKDEoYwZ1lW+odH<*-AH>yoHZ%&5YRhu;;JlA}Ku$ zmO2sM6&z>XINoL4?_*qI@y1(fU4<=gTwm~Z)?Hi+nZ;D5%13ROWX!`je<^pc_lrpP zm?zt^95?hd&sw#{^H^5K6Kjw6VH08|FkZK{&HQMzTt`bK=R;NqbG}JL%z^vXn;E8Wi4S{MvOwvEY}GUYcggd;Pk4&Aq^t zCe%$$W?uFt*r#yXu{S*dN{hs_w|4%z*dxE!Kh@!ANCKB=Xycv2myU%u`ZJ%~wwms= z2tI1l#Ch`3#DEDNA|h*C`;6VQCTB?gtO_=pcc_u~Jd2cb^SwFl5+autOT2gBO;0eq zw#Z24^N%Y_*-d#mdmhhXNIvD~@G{U);=u9;qL0^_JZ1?@(sNgmN&mV+(&E|joHxq$ z&u8^NPqlpO^-WJ_t%|jyDMzp8L5tPKf=v>iL+A7rp7l1{*UYp+MR2}zz?pL9PY*)w zB?LBJnsLNlZcFow6&E+03}afHn!usH)$g=~isjMp1I+C|Gb1wZB;MXWF>w2D%azj1 z%|3aKx7|*xe&MXg^!aDkN{ybLt0x&4`k#lYhtxDWrC5sS$rOjArAjhfeZAF*@76*U z3)Styvocofps71rSA;e3a_m=`6l`9GSB2MYhJf-Rh2&4vhI#dBqoIPJYE`gQFx`( zCzTXy>(Vtho2?|~?u)v-BUQ_-!2bNtKUuv;99D7_eqCNI={e``x$kMAFZ!DbBe$2G z-Ffql%(bWAr)-$GrW0Of}4#W?vPzA_saZUxw&Js z({q(~X<1x~`FFRol&;C%6go5Tq~-gl>8q6&9^*}o5h{varya{z*Q%*fqHb$FYq?pB z*kj4Z_PtRPzpd=u6&ilfseNgTU*(OZ1}c&)GiCoXM4g?aHo53jwCu6EtqW^jKHb7$ z7kf3hcpm3t(_DeDXqP@ykLeACUsi{$w#g8Y<9J?bBBmucrSx^zRH4UZZ-m%`gQgzw z<=Lo`GkHO39&7y8s|&k$INVR4u=hF>-5}#C!ZPWu)5kC=adwF>Cq#aRcI`GXVFI%NjIIcWVjM3GIwHKZr!t^2X2%L zPN>b0Q`x?Y{cY}sK2Fo#6|q)x&TBp>aC{m0JTUgRi{sDVR|CVvt*t(;QrMP~&XU{{ znz1J^F;h=!{YIjc=~)v%a)m$v8h| z>erXP@j^GVcsE^ah>wr@WG(CW*q4dpSb*Hu{Yxt*Nj%_I>;4cDeQ26F<4t ziYz71I$b-pajI5*J-2t;iDy&UX_U#vUi0l%%9TL<|)zSGUeSxEzNns zD}V5P_sa}e=ODqrH}zDOo&4S{WizMD;bXJg`fhvIriDGnk6BHOm|iD;dD-NgZ4aB7 z*yXkstT>Yu7KtCGfcuVePl@2zpQJ?xOuST0kzYp;0NkKpCL3UgItdU8$A-megj zZThivO;(~~D?{npkUn#^_#fPl&h!89e_YmE`#9FbHG( z^PfSuG`9Zmx*I!ps2837wEfb?%T9)Vx$jFpz1uj6^G)4WhaVYl6;2v2D>64!k@vdl zeb@L~*whnBSMzgXRm@qF;}(3L9P2jK>NK~%>A^AunKIESyQFU)>9(=FXBX3VwdmTR zXA!3k=e+Weu-%{;bJgj|^y%u8_Xt!R4Vqp*O=8FE6QT?DNzD{(oL#9Wk@v>>%HqSB zhMx@_WL>rI)a>Po6FxKjP|%xG;mqa9v)<<1&SA3Qe;u(auU%{&<8}$2BHzrP4GJz2 zNyf8sZ>(@#W>u;;TbX^m#hT4(fV98JiGli$9@;q*_w zueU40?zn5UTl-m@SZ}xFcKSj$_TYuiNGqp{uRFVrJ&!$9s}j(o@@7J%N|Ti?`Q6jkD6+! zJG0RJRGh-!p8pIv^(;%$9d>T|=(;A$eX0_BlI`o$rEi%7KRms4vnKEFtmWG{o}8>+ ze&~e5b6f2%^Bt!}YuLPalHeadb%*A#}R{C!gFB|7cQ&*g{zGl>0Xc(ClBc>2es?OpHl7f`EKd4-n z`?le(=-Ixn6WOnnAFVR${m;Of`or;2bn(OYx8{Ef*rF3Id@nkJ;Q+t$^-t?=TsV9! zmaj7GNbt0ytL=a2$@P{jtnvP^R4l<#VZ*aM=7&H1IR5QF!`~H8e>6XuYx!`)Z~u3> z5l@qQ{UyGwUzqyg{2yWMZ<{}){`t?qq5J5<*3;Q$b9M6>gFILsKU)+)+;O|G){U1}+7-XZe=BQ!u%G94g|ic*!d8X?i{yKoP38F` zv%}WPKFJboGu*zyG~fC2*S&#%4lE6MKJnLe|HAZCnd-2+?x)zj9np3>0A$;hbWr?-*U#ogQ$NuZp|++#By~+Fz#;nXKhkeBvnE#u=NGR-Cj6b@$^u?zJgR+C!AH zKyb>uEo-utg=Sn3R{X`4bWCDGh3u-ZgDTILXE~S)H}_n6Dih^grtx^4^@XGd6Z_X% znFVmz?YXoe$S(M(URcy5k5wNSJvMwia5nPB&eyl*bxW{6J-Kk&tc+y|EXnr0TDRZi z^cCM*v&8Gj`$tPXgeAT$G1}yC$vRizYbZkB;%gY*7G)nx0X1G z{AXDG=jF1C!d+AR*?ye;Fw@}I9I^X*xF?*l4nMtL!cMkdINDeA+N_OxoCUqu&q$Q7 zzp%I7)i>?z;%TDC?r0pXdHM11!~Tgn*Uc`7$jn*sGWLqr=Zy36!tI6M7gg?m!~8oc z+n#%m^M3}e=tr?Pt1VNwQ%%l(=XdP-%e1l2dbMG-$ihhuk{(}7e>#3FK4`vew~h0{ zhV5ZN@519a51M}K|08_)+nV-A_nVYHn0KyY|F&ch4PP{yrthY1r z%aX!$%a^y7^@eB0l&qNRWhlMD*40*Gg4aCl)>2#VyZo_By*8IDm3De7Dw&sgvH9f6 zYlr*}f3Qmbvdr)}(;PP~^U{E#x+#};=(=sRX%3uFd|c;;3=jA9ymNRUQ&$~|VD=I4fvX+yt zXxXN(Y)s~s&$lv6oLFsnn$1?5KWu`lwAq`F7sC1$S{ydadR}V1{BYt1+YEQ7{$0gY zUtf!*+V21L_0+5Hd0ifVSo5;CS4`}yl+B)UEq_AWX{n3aGR09dt6C3Os(gJ_92suT zxt-y0PssJ_(cP8q4A)XVTdM2qT>E%qd(hekyvN@0FHO0tH0SM?wUJ9Kbo|Ob|9Nfn z_{`5fR)5`@LK+^S!7P6cU%6_%@^S2ey>aslA|_d$)0U12>y*6kprQKeAzPmG5A(7= zCVdmzt8qzAm|6C9&!*D)>6W*wu6^%+YIM(JnNPx_o!ye5DLT?~zWvEwr*+Y0rhU!* zM!AUZI{V8PnEL(G?Kt<`!e+zjsN#)mHeV%Is&}Tiu{u6praA5Ut^|L%m*($OCiYZ^ zDBUjeu>F1Yq)QI-n}a7MWLKG`e(FE_Wv$Y=w5`fp`h`;G$jD#YB9?P-i}!i|1#51^ zhP&lBjL9p$A|v&9%jp?YH}B}FE?qaDVJ=aWq+Cu4l~W^#VRF zeM)&EUymmI-Q@A~jx>A0vFznn)|`3ddVB8Kn0woopI<(4Cui_0>uVpnGH3X^Wxt#? zAywYq^4Zok%P0J~c|v(_;V#=3olU}h6-v8u%^t=x?0+3-p<;3B#hnd3lbFmcPqJUy zzGX?D#wH{FnrmW{3;Lcb)MhW(sHJ!!=h3EZOOHK0Y!dPG9Mi|Mq4SOZEUdb8;sJx7 zabV>oXM=>gn8Nqb4na2-u5jd5)`$!Fb7)7r@av5(sV<66>6WIqe$0>DetFH(DG#>Y zvyb{{FZH9zd$UO@!`*Yn?_;Mdn75oavuG{Hy3)_8m!AdrxjP?qF8drCwX0oy&NaDt zPwuR0;LLipwxn~`O%a#6ob-9t*L{MzET=qGxp>+=Q|G#BrOk)z6&FexpX8@1JZ6|R zk5@EtXTrwR_L{Ic25-Ah_3$tTn|1V5Pkp;EyC7u#o~kR8Um0_>?uc1w^Wf5XN!N2l z4v%LoEIPY8yHvYz+mtfXC?)Qz+b4cFQ2svhbLPIZ=!~pu+qQVB@T%0>YMpv1c_rx(wr`={nCQ4y+qw$)^>%;}CuIosVZ4F-QmNQ$(uGE zEZ|LkCw-5e-u*m1M@O;%os z$s}W4-FH0gNgpR(+P3AaR=I=W<>jK;z84SX%=gP)bm>i?pQxMJ)$BGlu?=9Nnkb8pryaR7gl;D}-x5m-@I(iPTvN*T$o{Bhm zxj8H^afVp%G2f6}vvAgJll-%08{YTs$@L10VX}B*t7TjvxnW6@=5g;?X1bf_6!E%k zdn=iAvah9n{-MF1kFECC9)%>csZh$u;lqKV`T!b=hM6Gfbafd#S2r zMc-bp(l<5FI^yG;@@Fd|?miKS?)%RWwV(C+>89fC3;(>_zTo7gyULOaXSnfQf83S0 zJ1l6)=hvZ2cBDx=e_5EtGATx8!gBRnvt`~mzCIfEnSJJ`jdsiCsKun){*nsYp>%M^ zt(`enc#9g6nO|k?nVw{tqON>@Ysl}+qOy6$*H&g&mzoOxIc8liwK-Q@)!(6F&2RC~ z1`nR3cU|b&wbJtCwb?nYP0v&{Dw#HIwVqm*KQ1g`m=hts*WMjI`SnwNT^C-E zX|-myRkF)Xg^iapJX-2^ zVqZ_B($teNk9L0Miu=*~-E(r@9gE#d`L-;^Sar=Lg9m*78G6ISXU4pLw(5RXzwDOTw;Psi z?fWGWGAl6ESM0Ul)px2>{m->$u6-Rb&Gf*Rb?S$*KIm+2JwDUWer@Tr@TbYQ4x29d z5|$QGHrpi7^M$cr#K)7zO=qgD)v!+TtIevep55MWT)M7$*|{H^-fTLydSkuSY7YPcm-1L5lX9v1dtcr1$jqfPAKXh}mR)(+UtnRfT49Lp)<{tf@#&Sj6}`M6?geKQn!h7-rFT>WO2** zZG;q$nsmU-w^6*6x~rzg%+K0=Q<(L}mF$H0=A*vpTy2Nce3SG$RF0WV^3BYcem%%6 zvhaNUvCT!Mo1f~v{(kM3SbOoBEIu*qj41b{!UjguACrH_RlND}`O&qVkL0)H_f`M2 zS$6)zJB#(#FozU#sL3>klgZhi`7(dfvmY*L z_MEJ`?0MgxSs(4?YFsyOzLvDD?TxeLu?v2@rHMvQJC+n2H>{}Ie&<*5vDXi@Ux&@( z-cjW4duUJiqxQocf5I2}n4F%f*~BKbXLt0+>s@Q@tBVWurybUM@X_ybo#v1BH@+<5 zey4BG`ckmd*UQ@Q@n#u2HR-I%{-byG-XFZjKHJl5{h1}ktZ&a6f0NmmJ-;*XeDA#o z9rjCmKOdgQw(Upb!^*rrv57O5oO-YQ>qzptEJrE|}(@C9`jtKPob zyV`Zp!8tY$D`Y>%h5rtZ+q?B$|HJJ*m13_Vs=_KFE&X0RooW|0k^Rlp1-_5?Xl+jH)6hsehdF2d^+UfpWvnU z?o>>?i&|eC%X?{F8rE$$i`7Q)=X68>wHvzuEipH)i8;@0p-t0R3pJCJHbB7>+zq+-yAhu zR~J{mj^|vvr;8()>CrZmv;0SHg|^>P*kdFrlasggR*l)m+%HYO=3$*TXB6%UKek6r zZ}J|s+8AS<{ld}~^EGQse;8JOIQ{6zwWt!lZJl-j1}}``D{2HjiZ`0>XS)A`{phuo zs_Pc^zHcZf?5m$!S>973tE7E-)zQ2~kugsmFIZ=#FPHUC^!llr(L1-Z9@{*rx0AFQ}nTP*n;;C!BWx!32p%5M8UEN?FL4L>qr z!?bG`zrB}vzu>GMiv3GCm~6ns#=w?h1F=|^t&oj+0^$&0@X(A^WP zr`%b^tMfj_b}ZaIndhD1#Q9Yp&ieTaMeyl&3t3BD*|ul?QG?8H;d-J|H^j)4uP=VJ zVI|v=O1q24qU6`iXWQfd;r3BGeyOMTmS*LB6&JdrnK;2e>c#$t^Zp6k`MK-q*Q*OY zOBmdHAjW=aPxv>(zmwP4xG#+GU01RHRAz4Io{jqX=Qi1A&7LoCzb2;r;eUq1{~1K~ zg#EH|XSuj|{yl*^^H1$#H#p=rHC^IOwaDy}cjp(gHGi1?aPQiqZ;Tz~P8coN@FZON z!{SHRkJk6Z* zvpM1MaBh1N9yEwQ;C}FlKcGS5{k7K5*}yD z|E>D^pMm$s??>m4+p~A`Mr-CTUafn2^8-WXuIzTLkm>Kbdlqa@zaajffzwXn{-Pg; z>P4ehnZMumv)OKI`y=^|`&_w;t2Li?<)~e?U>E&-g#YpEdfxMeD=K>4bZq3@^Dv}D z)cc?~`|)u5o2QFApPX=tUb*&V!BsE+uu?aJt?#O~?fz*0P`+(T_FAvIlh1G!PCi>v z`~H~mW6ShhYkz%V%g};7e7?p18Dwi@ANdNMdnKv<&?6}1gXh`Odd51blgs{?Wxow* z6FR!r?Ou`P`h3=@hxy)}?sb{gp8nzVxAc$h$1F{{?+eB5F$;=mQQYxp-~J!zzcng~ zA5L2Z)X8G{YPa=Hrc~*^`8*Syd;4y3 zcOCg~Z}ZZZzg()a3;&wNVY^J_&# zn{S-Fv?uxDYk9#}a_oCMT%Xv5Mp~riRmdK#JUjjHeAcY_!u6X>=SrW6UK#sHtDTkc z>)W`Q;>}y$N9@tYmbE#@-oQK7e zy3j|DH4ZIZ8g}eUR@5u?#(&rTGqBm%K4i1MDW)kR&cP%3`dIO=>uot4=N&eY#3=`l~>KSQZCPucnf`!oD|?0M>ReysPpq`URA=pI4KsWU5|JXfg`J@dzL z`hzL=*@6Qve2rLsWo`PWQ=1dJp0Cq>W;jE~HtO;ex%L>_<(t26x6yliaK6B!%YMt% zWZ=EGQ&+C&=Ww{6zQJkt^d{?Y z!~Ckm{`9IFGnn)I)7ty|*>Z9puI>G{gz3H6Go#+i z>U#sW&rIAuEyLvLnZB}q$63b;gTqE?w0woZr6LK_Q(%+4l3S>GM>Ub>x*KT%{Hr-r>A8+ z+GDTt{LrFL$6m^`NJd7AJ*qOy87j(A5|I~i*v07mK2?i z`L8((0L0VnI-d|T6=&F8DCV83?q>$u4Bq@4F^JDBqx zU)swRYCR`ZF{!u3Jm6IB;@VeyoN`lj?*v6zd+j_RleF&Efo~svz7*7}{B>>a+PT}7 zW?eij5otI{dzF!|%sMrJ-Iv$BX(^vD;rME<;tH#4h5Nnt1eHB$%i37@aQdw9XifHo zYzuc?e)q;u`Phk5J5;kKUzryzS*P?N=5uDziSBmS6JOUUanG3kS3c-+%xU48<@s^h zm$%%lJeZ-L^Pgdlw)!!vj6K`3Zz%UnmAunD>z>}>Yu7A#vmP$rayv0qYf>dcu*pl+ zl24K%a}t}chd$iv?|xkOXU2+%EYihZJ zGWiGoyspxFaVX@gE!U-!k1s6}ddG6i(qxT&@n&YGEsrn9ezCTmp7V1;o5iXkhwcf- zx^i-BPi)kY?(m46ETvyekKfN&GkfXO6Bd^19d@+VEQ@)Pw4+}##&k3PLe#c#w+CklYP{_njh=WOt9$0Rqg!>gvemmx-IQ1@>GXs(mVsyUZg1YT?o5+Nspz>w`j47&b56W+6Ag20 zsy&+dBRsh8(~Y}l4fT2(*7~kqq#U>`>+Vg}=kLSklrU||6NsAp`_dA*_Psf-#>zEw zntiV5D0AB+M;(8bHBTq*3%ZjKw8dPEWle_z z?*w;+pgT7Y>)g-ldS1->gzxK?Nd98;fXnYvECO~jeee$|4xOg!?mxx));rmb7p&Rs z6X!OjN-LdU|FP>zx!~S2tQV%7kdd2nS$&~x@7k?z0%JJOGd~Ne3hga-Z+mxzJ392- z`Tg^XBQC`HE{*BP6Wz1;vg~ow3%6sU@7}1q_Rh`!)bfuD7tZl{bF4BaZ(&9xM~Lo$ z{Hp!Qg}U=kq@R>Y30t?2cgvBrZ<5?tnGMu30i9F&@pT zC=S_mdHu{s>g)?-wfaxn>&$tytT!cR3A=>Iykl3sSVw%-?o{MGZtLrvt&`e6w_vgI z(v*s_NIjiDGdFql@y2y3^>%*xms7efJ$aGQg*%tuvwT=1_A`NxJKX)@e+D6rkQ;Z8 z?om9nQS?OS^|$#QMbJwAh9p>$ol$2GNSfg%r*7p|N-@j6@iF5OpqSLAV5U26&QR8zj+ zP&NPazshyxt~(tT94XhUV7PX4&E+#kpB(CImR&8@E7I3@^kLT>GfoA*_O)4=*AqLr z*e~sTt@*8i`$50JHq$jC%yd$~O$)g%yFXtR4U%+Fk(=?_Pw1_B=A$iM2fDX?_UPSHwl+J~ z$yn|VlOJp1?USGXzF)E0b{1CYtNZe75r#M`dY>5O6nGOgPoPNCisT+g{(}P>2bhB zWbVWy%ZTUpt-iuC&)0_V&Of)T&51Q6wo!Z9#A6(Z=hym*tP0Px_gX1wp)B&_X^5=l zmsPS`bc@_YmbadDXI{-zd~51_EvNa1n%FnG1vxTY4sDQl{bfb7;&Yo{LG2+gtbSc! z{(ijqxT&;RRdCJ0EpKgK?%o%~|J>a{;6%WK&;NWi4#r+N#Lcv{$U69ubjXT78M-;P zW}*sRW(>>oz1Y~jDh(ft@N}$VRk)(IEFnv2NdU9a0-502R}My;UluHSd(4%=v46_s zK##>6k4D^Lw3J-2#EJ9$KVPPNrya4&yE2()RX-k=-Q~27}&dGhY`m|ighR1(q`NnwO zS*>`^IW+U8hzy_Ys>4mj6GNXIJb(F5hS!1b#(61{3bU4-{VZf0WnT8;$iC{Z(o+`d zr)`2w+E%PL=?GczI&$*{#wlG}wd}aHi|74k=ndL&$9S@z(zK(}&620KdmX(h>sL^J z-gJGTgkoRexjVPd`%@T}cxGMVeZK=j%PrRYXV{|ivE9`|U2<)9x50@&DOF*$ zM*^b{KXskJpHs4IrtXwH0lVtH2ce!REoOI0Y|{6}YuxU7k}Pwr^up5#Y7tU7$6Tdv zguRSY3y?6+I=rtXdf(;fsL5$J?>h1cgwx|W;u)nMban8u}H(pBYax_`Fr znvzs}*<$VN6Q>d%7x_ESI&tO7nWgGIGJFfJyX2&ut9!zhbo3m@+sNq~MiT8sZSoHZC)>?-m&dZf%UbC7oN=uv%KrD$yh!wTkK<3(@Dt$ewD6US7O7$Tr8P3 z>K&XEc3;us;|bZWS*Z7+ zJe_&Djnp-bXVnw#R91U){5)s5>UE~E-P^q%vNFp&zeh_*o?Kma!DNX^9>;l;cfRW! z+2(O*D}6Psy6o@Dv%Bhd*u4IwD(|-^>i89R?JZvHopnUwH&4>ijVsKOTobvN7C(*8 z>bc>z?wH$y`O{^yx%RPZc@fwXuIGYmsD|grw)~&x}3ukFCsN`o^NkY&^l@ zz@u$$lM9QrMJ2y5gqU|0F5f@(Buipr6lb|*>b#eCPFC|>Sk54Stm%S=-V%egtM{r| zPt{dw80@JWi^eIhZZ2n6V`BO%`kK;f(=)_qJ}Dc43d3 zK#NS#jhCVNYZq?q&YxA>SMl24EhtROxnRL_$+ulo*WY9pDBx!|4L|L`(Qc`%(p6IS zGhy|diIZoAsZJBCH%Kp6U$ByA-EqkW-;b)8O?so6tbT8)*ra*U66`Bh3EYr4Zjk19 z+->FlOM0Ec=OWEh*_YbtY`SCTzTu@`A9n*6$F`o*m77fTZ)Ay!ok|p*$8g|{)|)!5 zc}zBEkMLQFPG)iR3@CE5zB-X};=Ux#H`-<)(LQ(EkCsh7WOK0h4xeV&hZts+NCg?@ zt|QyGlpWSMcln&QyMN@wKa2h|s9By>nc6#fm-@7_Bu|Ek{~4|?s7%P~S;=Emu~KPk zlY0`o#PZuW>fT5$zO|~r>{oD<;EB-bej9hCS0)BUy75^qQ|nx2oSG=f%*?$0+IrI& zjg4()iE|39LvKg3PBnj^XLxP(tP`RpXDq+i+Bt0WWY<3SCM5Uae+Ctia}E+Q;r@Ro zKTBa{`St5+cRl-EgU{=N+n6O+l=_B>CU;tSYaZ;GUp4W|XBl6afXPh;tmQ@(z9|74 zwfc_CO5NWsbYsRmgCq0zSO?uY@X3uKg;&D1RXy&gJ6|71=B!CEYpzXm{Zw#@-D}=;_p9&HIKEZ;&z#(N zX|LF2{|#OCS`rNG6OTr3xwzK*z2WmYJzVXfH*T5aB)z!Lzi4l-%FbpTOPlcEWj~Vc zU3JlFEO1yo&2WqMCgo!W+S%THqCO`%)URLK`P9;Q(_Gc0SZQAm;nN;dJC3XE(lxsp z;Z>CKx)0}XO*FSS@jh0>oGZ{# zg`r|yzK`*uTy|OGXtVM|2Fjds`j%}nX}a)2_iI`kBZnl*m$k8WuJddr-``q%ZL;v^ z4eWh}QB}D|W_x}*!M;p0Mn<&vcBocl&AGd;j+k#ZTmIcBrAjz5;GU>tVDs0dzeE1? ze6@XHP;lkuzq=E!pWN*-C3)^EzU(O<%MZ-I`JdrY?2>8!On*c!iQ%lAc4uCyLeo`>7{Wxj|6MrnY_C@7Qmv|adU}&utL4@{)Oh>$ae9ejJHxN5zi&U< zy(HA)Z1RimZPHAk_T4+5%~xA=&dKGP4J6QDG*{>~{mccyX@?&NR+4H7uxlxvj9gjWOkzkuO z`&B|-U#bfKqqRys()uxX?($41vTwQi+t-P$|CGHpt8~NHb@{&oz25Le@H++_Txq)d z=eaqvFX4O~E=I&d|b6=zI$0gHO z1`?Ckdp-Wouw_Z;owa?H3Rfol=)JnX<_=@)(l=e9DWypd?Os@__1kDZTs?pLM;VQB z>n6?36?4Rs1s;4^`OR(OnzR2Iwy5NkS3PQ-A>cLd&vje574L4}Ty=NZs&%(xj~QQ^ zzF9Lo?UHA6QE=$(|C?4?Y{+WVrv?>%OeHTaK7LFbsQprzqm` zUDneZSY;T$t}b+y#WDb z#>)~5#V60pYN*MdIEg=QtJ1d1=S^-*crfQ<-;}p)jkb+*HYm)~p7Zg3>*H%C+^ycB zca=&_FLB)H;Zo`Gm=`_qyoAX^z3`G`iqm>^qhAo9Dadv(K#w(G%m-{#}sch`g4*&9QGe^V*t~AFm&rm|e%egJX@_ z7U{>zE40s639NX^>#r2DcWU(FFUt?!)4E)f{cv_}wa?5b?T#=Ph36|?Ms3`fxV1X` z^!yLr=ev&|kLO(SVc)XnZ>^G9f8JJE@BFjy=k+VDf-1_UCsos`L(|E{-?-X=%X_wxp);m8P0^%^A`zVeb^EFjB zUs^cvpl*||%?Ex{<`TPoS2&UlZ@FnndYohRI3i+ctF`--T@3a z3SD{bk!$FTL{IiVpB-El7nJpMowzDH*F)AY>N=yNx@rGP58*QRz<(xJcTHz4o_E#r z;K|qj8LqEO4&TMW)qLS|^slc61kL>Ot{%-6Un+Wa$*+G~9`&aDOe(&ov_s?k*5kI> zldkGTHU=H|6?VMClr=2np5=?;Ydd3|URVpy`_J$=YRSZtY9YIJO#tspjj`Dl;^&0%4R;Y-7a_Yy6W_KUpKBYY%>#FX!C7daNM4F&F?aW z7rw8}T%__|`1GHQW6{$z|Gp9YG3)u;1CcYnoRnDCeY8<>&P)f@{cDT<6{)lcd7cl9 z<+74{e%`B91-dwI_U3GQyG?}1{nfFw=Pja1Y zVP+_ieYIo~o72K?e-4Dq>fWHMKBvNTjvmi)9s~2R3GOzxc2)`P-X_l8w`}=#)+e{b z7aq5LH6^7qoTc&L>Th|Q)NV{?k@Ks%TqP{18X(ce{IcuJp7t}WqQ5`Ry0x=+-ktXc zg6d_i=`ETg|ILkmT}HRaMYqc(MV}ZCJ{H}(^bRXS5hL@5H5v}V+qYF;eXZT&5i*aD zooUY7q>LBmCf$1IH1`N!;ryuW+1ldTbM#lpzLxi|H<>Ck!JU1>v#o0vCrVCjJZP_f zX~R=%kx9BYvshz}-DJPEiv?2WIqEe|_q zg-Vy%8XxXCG4of#wJYB%JC1l*zQ~^Y;mSN8dFy|?x7MFuq0wW_;O?hAHRIfiy99MZR>i0<~H`eonBx7xMg|+1QkivlX+jmOF z8DF>idNJes0){1T6+US*2YA}uD$|!ZcsAq3!@ED8_ta)BS=W=f+j#vYeJ6wG)_Yek zx%@87+UjuGC99j5lWljdo9sEERl_rZwb(SR6 z^E182^V~&lHt$K<^iEdm!NIkB*~gN+S8y$fZZjzUaeZ>de9xVkJw7wzio3qW#(5}p zF5HpFF7suba_Hr^@APC=<>^#C+pT$WN#T{IiHBZTIez{&yGFoj;>mUAZXK%E6=*yj zJZtNsA8|LM&nd9k@L7f3ynN}b_?ZBQIAh-{X$6Z@68|JujEwr1#QfX&;T+y_)KNGubJ|CXX zx&CRr(WCoX)e~=<-p|;_dD-O0k))eNY?kk%w_P)5VY%HZT6OJ&o8!$nQkTT5C;N%z zPI+)~!pc602DvGR7dkE2y;A1di;m-B4$Ln@_5P(=K4?4|cieO8w}Q1D#~dt{FWskd zAZ~8fsoTcsNzYAnqKa9q8<*YC<@#{T_z7S8-pFR(PUkec!mz|`f(470drhw?Som1? zPMA^JiY9G??(YV?(T%eVJ2oHFvY2yjNsIE<$Tof*{y3|P@o5S;aD_yJv?qwcH*Q%7Qw>o@PDWbTiz&7j8KBJAh+}cdj@&hA-|1&Jzm}%U1 z=j+15&ek{1M=sMd6TWV`I8pok0q4nA9xdL!=`&mC2F90BVq*Wo93&5(S6-_fDR|~x zi>8rpb@p z@~B6eDu-=#(9J1J{Js}1nx^}o;rfc+Pdha%o~^uNEa3JobK1t8@)|1TXN?x?dI#++ zy;b>a+Ocb%_qmo7-&?wQ>%{YC_AkwTIjd5p<+*Lf-mW{--7npoqUd+mJ?m1e>Q%F; zuPj$r`L5_-)3Pdz61=S`J*PO}=}IqicT=;rcQZn5z8rPuYqrdvZ9lbi!^>0e_#f~_ z^!swF#qiBtRe3`-C1zu9kZzY@Scs6Je;+FcQ*i74(-Y(8Z+`nQ#gLi#^4g3aMMu|{ zW~{w3XLIB6YpbJOr~Pa#-OpW;y7!}wVz@;?ebg?G;;D(6jh_5h)zvGXE`p2gWJSCDPpLczYmD5<8D=00?W*B2}GRlgpC3IcP z_8z4VnrVSbk1PLZ=$SnUi9Go_F4#JG!+X7F5+9kfQT>4;{vDbCJ zq`8kfbf3)l&%l)a^C~afJMP`dCYepq^Q^AUP5Y*ilj_8%vqOGu$cHB$+q@-wtAJxXA?tE#jqh+44v&S{Q6Z1~pW4G856SC>$ucD2gmRKGQ zkK~$@wxrGV%2{-9qYE!oSd;6uW&w>@KS(CC0&o^x7pIxwa z#k->LD!vP06*-GMFY|6m+m^emU`fvF$Z5vL6QA)pFfYxyahzqM>^Y5cT6!c*ePFH#9F*o@}{^_(IeBlyI&u*P47;7UbRGZhh} zdN46|eVfT|w@rd4zi%+eT6}e;dO_PQlaoDV%R4+@EL*p4qKUimQU%}nhqR*IK2B?^ z*%cEkv+HW*7oissa_oNDaZX-ycZj;ZyY}+2YHEU3uF$%hUec8bY$DH@*QR8L+xcx2 z?V0l~_UhhD##a9sN9Kg3e(j3M<}5hHcd##Oakj*nc?S)Q_!w93Pve<0%TdNg;+XBK zvwL!t-oB0cJE5s;XP9)v_c?C%S{JuApn#Un)94}bI{K0qsk@#-2Y2pks{$1F4 z-17O-YWY7R-yf~r-}BEhF0(ACnQyxM&4cpySe~u=&u~!RPU3FG=f@#ZyVVjl@tQPz zKhFGheRy-`Nq52Sm;c=D(yfD9_%BA7{I2JzvAn#+TRKss;K0OHd^bc-|G4z}%`Ub> zl@m8;Z~M_(Fzwp6ZyK}9dM3tYew6y^dvt2szk?miR#|faO7Pv74%Z_)Pu z48m`>luWiy?@9U3@OAaG{4T3G_Y{5{o0Ym}xuDUqknijBf2>}&Zt=(F;60xmBjz^z z;_$nuF{8pGfU@Jf*3>N>g4pYVo(T``S0YimJJ`OC>7xZsRm#jx#OA zmv+{A9lC$$+sc*hB`kUmL=#V#z8A^}E1y>9^MPqLgG~7O{|sCAg#A)IJ8j~UGp81o zZ)(1``@`kn)h7!4iURFAJ{bCzKU4{`;yvT`{M5aRlbidpTQAgPRzKXE7tQ@=OV;gJ z|KwSp=ie+odQa9H*rxp@7@;lpwqA4Li()>$v{d{n65|GqfhqVCE+*^havA7A|_^y1vNdE4F42@JdUzP`9e_0fFZ>|Z8z(jWb1@+@$(*(u9tVR}-+pYP|RGUrK~ zH(SczXm+Tz_T7DD$#(4-$Bb-W_x)Y^r(Uo3qgHH~bjEYDCyX-9O8X{$_}93gBG_xr z3&T}Ml~Pz<-rHyNchOhQygkKLlMTa+Wzu(?&1_op`tjxT{v)~%jc%S(5B%`?@%pws zj%yq<*H<`cY*es*WT8GU`^)kNb_;)-+^eyXmS5MOsJHN)jk@Z2 zdd*=LzDmlpVo_O_))h;E^QF8shX`wQ4QYUZx%YVc#@cP5wjGgYYp1)}8 ze4wlKmSvvckCQy@@;b#kB>!gG#IC70|KRQtt8eSe)9dq94%uEXi+HwAc+L@-774Y-%b)??#Xd5{1ra&kK&KT>5o>go-O%|(}u5r^Y>xX z#}73Qt)Ak4^KRu)O}XAj>u)~&+H3VZ_CrjM!uAf&qJ|Hv;|=QW{yMw7v5uvid+tF! zy^9h0H8TGhynb(f_-w>&B1UN28X^Q~8+i@mVW_K(yn5^Ez%t+ULI3+C7iIqPHj0>P=ey z&UsTe7Tc{|eqdXb?*~C|`7?{}ZNBV#HK*iwpJ%zsavlG5*^61lC6*N@t-8A<;pZgZ zoy*l33VfY2RSNF0Z<^SxuTo#O_35^4ee#+grzuFy^XG{=GSPpjL8YE_@`@*2-xf!@ zSA<$!z*rRO_tg zs}i^O#YZ0howC-3`QghN&vn_09F>|?3O78c3YFZScE5Gj`{wn3vLAXn?CD~P_|C!{ zJx?ds@AJX_Lbc^KH|Db`J!j0^&yjvf*T#0`tdXiHeeZQ{veLiI$&B}%RvyS~({qR1+ACV8O)0WICQ4W}U{9T_pgVn5W8zkqftX^}j zz*jEw!QJR1Rr5O*eQ?`Z@UT?VA@}*auA3j;x70*FtQXCaQ@#A4;*H7dCg#b9TfeNn z&tY=gzvsT_TD_7NHOquFWjAQwx6kh9%!udO$8|Sjm+vL%*^_p1fA4cVTV>IcueWT= zV?E#Veg72xq|ZP8zBEherPXW+EYSS#-Jq2glcUW=7owkvmpH)MY+|0gx$ z?jDu=$u{35*WErOFJvdRbx+}s&2AM9%*AhyW$)+NyC?5lW=KJmyi47=2@w_ZAMxDN zxU9mlaC*{uiD&zr_NRB-ztvvb_hjk;?f5zW88*xJ{S%3JU7vm7YtTe*qknH__oVH2 z`^Qrg{-g52Wxl;R9UrzXn$EiUbJg{w_UV4p7Oe8hd+|M2|FC9ezUmG4JB&}dE^PQX zuQ_w^nsV{zSt>`mte&Lpkf_hz-#%;Wl5YlLeMLL^Cw5)>k^hLF(!lfOI&->Np+@kbJny|MtJ~4X)bBp2Ic)21KegudV}GF*+lUSzXApgm@G@Z|6ogZ6iA>XWvLNa=rDV;7a} z$DE#%xbghnjQH$wv1?hkwkdknCGg9Hh0Uy9`dZ)Smhs=i2ZQg=`h3-EL;j5AWhu9Q zl!t8HyJPd-nN6(^8_x!IA2b*8xW0XjhuaCu@9QofocKy_d-(QgheFj^qbIo*|FgZ8 z()RrH<=lC82B&+tPG0Gb>f>FOov}~qvi_Fd@8Wv$+xWdaYjkCoIC)q1o9=3Ov@=)y z$UlY4OOjs1>3!Xsxc<(4AC-w*D{N#+R+b96-d*gVx@8-`P3F^>=$$~(0d!}Cu-&EZ{R*kJ&vokg=Zr8Hv+Pdi8%UjE4-601i@9TCo;`|K zJpXKOr^UIfrXS0`#Ql5wttF>6d)c);#!^S}x4f*3Q*petbG=aJ#h0h1b2JxQoH&{< zY3Cf3X_DF z?)BMKp_AAp)bpcGUj4pCuTTRT)YbN5Ka_2Efy8GUF zwxhTD(5`!HADyhpU;eUKbJ*rYNy?v7x(sjaqRn+(&)km zl8U=7ojr6q^HXbl-PYFu**90uo2r)`D_6QO!)k3;e8qI9eXV)Us08`LwwGw z@8#3Yul0%^K0mSRUB24P&y^CYF zJg;>>nY}H+ZgOS$!aJN19wN1uEZ56iGcmbRD&DH3{rm3jdZ}M#zHdi+TZE?O@Kj$*`SyL6+al&| zZ{)nbuXp>X-@Y|g^WpBPhmSp0=v%aNZPdlIU2dNWim&Zf4EC1Eo7ZOjkYT5W+qYL* zM+%NxnLWARA9Z=Q@8;_8<};GVLP9-tmR$PsxM08G`zTF`9do{|eK;fUo%_w%r**IB zTGcbWnw7f#mRQL=wFeD%uAOUYe3vrq8Sm3Jrdg?1r|sl9Yul4|VdWFKtE*OAob5iR zV*X+MhqpVvR(pJq^08X+Z0Se-w%cJJPF1u!&zTumtfl!RJk@T_tRp?s8{1bXcO9K~ z{hwfU+t$c$(I*PrlV{zV>!e$J?oy?S&spP*FG7EHO|8GAa-*>EWwe~ihvyTEu1|X+ zQn%Ac0(sRYf*@3yqI!+En{u1jouP*rQW$iA(VsP+J_O+VG zoL>!7L*^}K{=DAsN@9lW+nH_UU+trA^=w!2RH+i{Pp+?gxZ3mSsYU^YvQ^?4EN$vJ zf>*AGKDhB@{==<1xXd*z)b|!&|5mJRd}`0H#;D?~V(+x#UsF$Pn$dJK?%&muKYADM zn(@=YfW7Nwjn~H+Jjw6nzMiw;Q&MRB`gPqczvD6!&&E0m@ko69T>9sgt)<%M&)HjV z$hB`+YyCQA+x5W4z?Wv)x!OJ*232#e2VFV7vg&MH^1tc16ZjnLwgz!7y}DI7Z=*(I z%saWZwXx?dnon=FdBQlW>zl`x7DZ+0C-Qqr7bkjZOU~20vNk>-Lfy#@W>4ZOH2<^4pvh9dIBTEr;+1mW2eW{Dh)||;(W@@`) zZ&SjWBxZ)PB9rurY_*f)KHNY2 zHdQ`A%A>hl$aL2iwJlMKUu+J2)$@6<6o`2Tf1%7I3+&_2{+uwD4vAOp2Kf~ek zywYmb{9+v6>Q8&_Z>hd~{IG3Vu9@^%c9+{yR4*Rs7k_Hx18Af3|3lfSGE z^ORc6exA9nVrea}*qVvCNjt0;$s5`mEO%s|@@7HJ;jZXPF{4W-C)D3u$ur4g_hOcm zzi&#{q};Mn+?eh$`Q*;KDm@Icta*plDko?D+?Bqy_}U}a2|{<8&+jdf^8Hh;S6;K+ z+QGEZTf2EB=dKAkanq)7-c-JCrtXfs zmv&mmTbQm)EL;D3o6moS$uVzO6nUg46*flwGC7(Os|eyroVx z9y8E7<-xH^*}J;w*GqlWwpQt=Jzrev^RYznr4|C?5Gf?BBwRSDA{u5 zqMRmMtw&p=uI!gNIAzXXtqe8E!}5nVKPqTw4nDeDJ^y*|!Zk@5YdU+L@0CkPJ7DU{ z-Qa!lthdb4@cttgi{_N*xhuQR37+=wf(&1+)}}k_ReMd}F`T^ni+ZS*^`&%#!CBxf%V#fw}l|Iakn zGjZEY6^oPS?f>m!35%bu@GF@A^qlhLyPiB;r566=-3txImL}U*oCT-1%lG>DORhMz zG4{sGdy{W??w+c0sE^g*OwHzb`?e+}9qbOZl-Z!A#jA9pTX^0UR>|Kt&ua8b+P)OD zP?$GG%5070WbU4x(9F$~KNr3ZV~}aH`E{i(j$6!f!IU>4sW~MpVx`%c?W1-j-~FCt z=DVsqfWKI);>Y1HtBkg!2#D0rxwhrP>O7tMt*Lho3Z=IBo2<)bT{yRBXP9)o)|s8% z%rF-!GR>0Y9qti@gDuDlhUUctQH>*|b@3BmJYLOCz2 ztE+jm#o|`E!Sd}K7BBCujJ>@g?AC&7drxVo_GQ~WGL6~P^Eb0|M)9%RH&~fg#2kq- zk}d38Qoc6&@10h^A8T%}=*~MW?{hKDIZEQX7uyrf)^o-4woWW)vy2S&Gd_6!+P3`1 z5jPeVH~we1zGn3fft5#E=3JX{b>d_<-=q7U9}mbD4=a?~{*IrSr8!!>FZc82NmXIK zM;^3y1st~J4~#lqY?csX)o?qwP2TK%)QM{$w!3HC(K84Md-`cA%MQtJYkUKAx||*) zgnit2((GK(GvAhtudJ)Cr7boz6x_gkYs*)TWu6<@*_S3~WxbLRvJ_n-cvgMk^kS>i zQ}cKOCptLUy!#^@mY!f__N4LJN>7Dz7iJ!Ow#{y@_C#sf&e*#lVBIQ4$NQj@a-%J- zm2(yt`Ae+Z?epPHRE<)^6knOWvwvjU2Yonx^Zmce%b)P{Fj-&YTXBQd_h_T7@t z$`THiYwrJWpLgl`GoOVPFJqsS`CXe7eOB>~c-h0(kuR6uiM{nx+AZX{Y2eC*dg^K= zzh`?-+0oLI_p)zmdiaG0*L1%hW$?7`XpH5Flkrrtt1H*{3GLWooVHlfy48E`k(V)_ z_68p|7fV@lyWd7I^wJ?k?sq+t`;4@&y#He_(y(HyQJ!qO-`2^64_+uwd1_TEvCwzo zo1DrkWksumbkA|T?z17ebS5LgQW^e#ugo<^Ji*gW~YB z3+;|>?z~*`d#1V01|zK#;p{74pN;6c#j#oV&>guY;ojNHRHoZGNR-)^bWQW;K5IQe z`MB*-nWNQWMaTU*?W@)|&YP;ZDO0>-;|Ye};SM#56`ONE9nH8|;q>&nom*jp#mZ;S z-+X2EZf{$A%jsVtj~icB`iGA^7g{Z3C9^kg`e1sc>#)T0y%C!~?D_UCVFJ@uKIdMw z!muibJ{zWj1@-(kK&55MmyV?EFQ>}+(uqrifQ{|tNYwVH6vJy&@q=`CtcReFKkLxyi?&S(ulO7eZ=;Y=!zv8ob zk+)2y{R>$=^}MKE=fl~n+oNZ9_#N8a_;szyrKNWchO9I2b4|Lr*Fxe_re~hyRd1e0 z3$0QDgiR(+oP2Lv_}hTkO0#c^9Opf53|rD==JfsB)9q#q%>7HnO`clrC<)(F`*HsC zQj@5Au9h8ax1@Kho5ih}nEzv1bi>Zm+Mk1u&D5DLps7$MGGkF+k*;k)xtU$lx?52a zv!7ZXcMgBDq4)Opz$bk-)>`W_?CM-@@$#6K??RE_O9+wU0Oun{0+FPf08be`ZX06y&ffcK_U3YC~miY1~Q{&D( zY3W@xy)ucLuWi$LTEhJNr^kN=si$vB-8xSjrN52}`=_w=*tMP}f6>`aS7-lc$T)CE zGwg%;$1uxlxjivZ(n&rp)ut7gqtT4E6vmQXSJ@2 z>0QT6DwY;-sqlZxvF>d>9pGqrabt3eQoMllihtOCx2aGs(sr~{O@bdq>Zc7 zzW-4Rl4!~~=CA89PeW*K&!2DW$~-yml&8yTnP%Mh*>&Ume}=fZ6E(kEOPKzMHHe-V zw(#o32^*#qzK==W(#KX_$F}ycaZajG0dLCHvr45OUUQu8y;E+vy6pPw4X=KlUs|{! zmgBh5tk~NzE>$- zJ?+=!)tYw-vP5Tk{pCAl>m%S`Q)ZfXIrv6F{Mw=muLZYMgq;-4x*xKWm;Ox1qwn&~uSldG+1vqpob;{j*#<+-Bumfg>epPj_#-^LT5_*2(O= zk<&KMDXKLN*FAAAboZAvF_Aa@7EN56=Pld1i*L~yr#DrTvZk(?^W^I6a!Z>>%YH@N zlro##U{F-KRy#cA>*H%1*FKTmeRXwqqg;S}uy2m0%GuTBEHZMoSw}2W?9FPm^(23@ ztCX8o-AnKj`SL>Z#@R@*MY=C12P+;t{yOyW^zZ2`DYI&Fclv#M>2+AwP2@j={H1v_ z&hdu1{oE+-Q@S#Fa@tb{;jXC0G{q~7$FxF2<^NXosr!YLF`GOsSTL#LZE%sqmo%qH zhhtjG8n=9!*|$G;Sy$MSx0PpNr^xEFeNzKPw;0$dW?b8~u2)&&dV#$D-kQyi?{gn7 zRed&3IHTb3(%RDERF-L*+&;ZO?@$ezAQCTGVRBz!(#qC}yOP(IT&%kBWG!FD=EMIP z684MVuTlNGLa#=++*oz*%VURb$jthyB-ANhzrH@|&&H2yzRNNHUAd)SD5~y7jFp+Y zlgRa#_glWIT&vMfU3Kh8=i20&zu_jY)_NVe^Q_L8PmD{9%9c5-J3NWkS$R{F!*XN3V~fg?9Rxi*PpsNx z@igRf@a`wV6EFYCTD*a$@>zrOga;F}wjP-svd-08xnaq#l2ztLc`UQoCZ|R&wakD0 zoSSr0o;|ET(DUBThC1#v1@nb>c*@mIat zlUyibxY3AbVqEGY*}$Sx?KWRmg?j`~J(HXCVz=?`N!AJ1bgnBU6jh2Q{dQC-js{*VU)>Rd0p4WI)H8Ifbl*;4%qMOPLGA1hX@9dJZ znsde2h()1HG(k;T;qmoZtIIpC&iQhdyGY7t>-MtVn{}~^Rhr{6ANvcfG1|KAK|~L8 z?7jUJuA8UW3&i-tflF4{J?rUS&d6}6p zk0n+n>#$6G8MV!nl*Mv;rJ?g*FwAi;qqb}!{e3aCMfU4QKh0hP2c-h1s z_%hvrfjTx%hFOE@BUSAGS8; znE9$FUnSp%oSKnlA$joe*VP+@*gRfYtge=DcguSDX=B+9Mn%WtdrN+ao~b!rv|v@& zQytMghn$mD(&t^>nq0VD`OLX%2aZ>rUwKuw_x4^RPP3D_+Q~cC^7BURieX?s!<&5T zmCj@xpWn^fEY_{|-l*BRpyoTvm9u(5EA1=pZYl55-QAJ*#k1Rexebldr5S-&L3?xuwvdy^uy zBg1E_yX}fwtIm}zWSKSHw?E@&@th*9^Bqc|6L!r>7Zsavam~z=7LQ+teKYDZ-!kLC zG5+9dyJXGo%(%LNktJO=o89M}M`FL%s}haxO#BLb`=*{YPp(+>cIz^?*s3qfVt4$=;o$qmzZFV2q^Rq_Y zdTd2I)=ds;eK)i1;>jmheWeeI@4EV-#e#FE$X&~93ae#N?rQPy;72-Zy^S8tvlmEScZAsZZ$tK3O&bqukp;tCGah!5% zZj5=S+jmRyZ6ecuhU0q}EsiryyYKHjO_|;H)$J!tW-1m3&gzKfLM*Ct) zAFUMBxKXp+Yq8~{l`*lJEN+}?o8tp!K0BDx6FljW^R;b#$MhX{P4@XX`Ptj^UI%u1 z?s;Y$n}0k(dqIh?VmQOqz-7l(mblC@IQZ+@giK-Gp3{;{8$TslzPmp+Goo^n`@W>A z@1nNbx-K+rO5yp~wUI}YTU5()QPj*MlkQzJ+E*obdH%I!68-k(3U#FsJ|Ca(iSIS@ z-jdNFRC9L~*HhI=AKvQt%m3T8D(~da8PDg0rQTcQJjF<+imUHfWZGouPU#(IeJ5Pp z$-K^ZySh!t14C)gRo}R7KHng^I6qHv=B9eBNsqp0OPft-%6hwO9#;>a^~W&XEjKss znZGn{+jcFl+(!#fDjv1&-FW$GgxD*0(d|oKy8bI@XGnh;@bcPy`^*0s*2l8V7gl=9 z%*<@@KGLh)YQfa4LYMuy4D7k)>NZ#^{0{ASa6pAQNOzyeoClYDcCQvZ*2Tzu)L$Yr zNaVS!uYpLf--{c6H9i|H7Zm&|awckL9-Ge2)drIo*%z+b(74(1?Y*_p0#={Du5X&Q z?)WX&yJESzXWAKRwJ+@Bd)c2{_p9f1qttWLqc6oSo>Wk|zV?sBh0`xKpZU*Fx>#vT z?_#!-b8eSe$tnk2vI$;&ygE}YO0iAh_x1c_ZUcG41244C*9rVcRi5?ik=ZRN=l*kh z_5GWo69Rf3FRheVsjjWOsn=R5=*`Mai`jQ%ZOC0V+ajtb(x;tg#yYmSXRkO}>^XMe z*|KbRjsmN$`Q96O{xg^~l)TE0H2JD^`(|0=m0)kDpQ8O%AD3RbDUo=?vy$EG;zix< zt~=d~Sp6UQDxD6#I?3WgnO)`Dx$5rQn)L5^EarTZ?Pjc5{Kn04hh z->egEA8KD|mMrN0-RWlhIyfy?A|iKL)AY_~YmXV;n)S>7rbKJe{oeS?YkSxDL>2zL zvO#ytq}*wN{ZW>IF)NNIZ`|Zt9H+H=S9kojwws*2$Ir$!mM?$Fr1V zs@xQ(De&=&>7KB5lgIC~0yl2d{XFk)w%?@-S|875xn@3`8oR#0@om@kI_0VML&o+TY=k+E%p)wAv{{}Z2+d4GO< zeEX-$@y)i{doJguHz_zxJev5UKIFpkE2&p!exGo=ZpOMr@?tN18q*vM4=i7=$?d-3 z%dGO)ooZ7e&nw;uxpFN|^TT5y1AD7U{$ei*m<;yMbz8dZm$G_*c-S9T&a5T3`W9W3 zn0K<>wlI9%pXg+h<0rM)m#@`{dZO2^P#2=H{mSZ>8{K`oK7E{F!Xi_^u`chDz2ND! zcbq=TcA5z*uPqJw(d6x>FRdZ}Z`Z=)N8T+vGGhbJJ<7TgIAxt@?y^^vhn@Vi{SN!> zi%aSMvf}NZ@Z#@#TAr>0?{-6Z(y#l>Uh2ut|EX@$ZbfR1tl!YTovue=%j- ziagHTWfQqJrOwz$rZTxd>x2FejpN6<&-48|yKCF*v`6Y!IJWaGXJ=nqdE=zTg^4AP z^-7CBt$zHzYxzg_K2zJY=%%;jwJI~u6;Ct$cKwf#{KK|wCfV<07fCF-mcH?2LR_?UQ@18b9%udA;r0r|dY@c~98v z5*_Dxs$6INt@_e`eT{RjXWQE~5%Z7jTm9qYZ}UHf*S<)1+wYIlX+YA7al&dxjNd7pQjp3m3>kj`zDFQLA!BF$@;1Lvv~b%{U0&5 zTSf$DetRA7@ygC%`+ScH0?tcnUq7+$in?-Ze$V=MC(oa8IDh53U$lN^x365Bn%*3p z^L~H3OD4$&Uh6982$6d8$31b~?JVOvYjRbL%#|e{t*kp~mYMzGo@WT}=d{Gj|Bq|p(wlcGb5aAfHolx3d%kUf=lXf4(i9&% ztg0=HbNn4pu{ZHYt8HJiVpwE|_WC5=>iq}a3YMO4pO7_c*YsV6{P*Q{9QA7cwcpyT zRo>o5`rJp3)tt`Z<9Hos|2vYOF}o_qPU+HHDP7k)oPzH0!EuKlMXWce~~GugeLtuG|TX;@X>^)o?q=;e-sMeuh@0! zT;ax=r$1*@U%&Bd&b2q+X4Uq5JafTmVV8l;qh0kkv%d-a$p0vOyjyI!$fB#Bw*vVe z#(Pxs|KpTi;BmI{VZKPL!;!kT(Pi3iRFBNaVG5jOKYz#aLptX>R(?)=wyu9h4g0z~ zk=cSb?=FmeyM5ljsjug6yx+eip5@=oU%ubAa(sH5cP(b#T#kQR?k4}^T>kO);b4

YbNf9C|pxXx@Uq+UM8ViPyybDExScb5CsA$&wJ!NeX3ig60c8-PtM`*s|v4!Gm$) zh4Q@51&$<5eJuR;Kf^8gBP&<=um7>g(!RV@rB~jz(_;OUe-d$7*XwL|_-g$)655z{ zjDo%K>Zt+sYwHUCGaL-qdi%b>AJ^u?-UT922aM;( zWxuO$iCP?2cU~$+Tl2{DNoNkb$A@*Lv z9e>A{ajhCl`n1kHt?uVPU#k8t&Bk2j`pSQ&=d-1LEbmIOT2rr6b42EW*!if>ix>Qu z`1W?t#;#zdgw3rMtM5sEyx#w%`s%KWrQaJLTQK@*M@^d|F@M9R%&NSl@`u*Ou6d_BH>xzqVWR!t(2o&2cbQ66 z&wI)dCvGLr@G88X|BtEq%vEawBRsd+zHNB@GIsr8|DK{h$$gKG`x!V)Ow*k4AboA+ z{3H9@?kRm_Kloan?}gcC-%5p`&kE|g_bt}gbN^xZvHQb+hQpugQ(wK6J#wS+s`S*O zm7!93&t9potyt{XeyF_j;p^@rJB68oEY5kZV?R>QUK6|WsPPNolR1+<-FPf{*73vV zpdSnVGYFgf%quyzqwT(Ssml>tx{Ab`@vuN|Su-y|c^SD*6n|;vWRh`VGE&myqYn+=b!yXAfEwBrGAAM=fBX9rW zXZ1I~KPW#spW~K(-$MUQ>!%4RJZ3kY`rH4H!^hI6JO4AZEDrvhvL(SHk3asy`gL_` zH7-9~AM$hSx4io*@%Wba+%3~y{$2M^J<~kw*Q_7qHKz;9cS(w*KYg}4BS|Ys zTji#wr*gx`<43r4lOlTWEao^c@r|~1=#Tb=Kl)u~J8j%x{iHwZ^yYUH@9mt={v$f- zM?=|B;VBWPQ<^V?FZ&^M|G+K1`QIYfE{^VBIG-=exrHscil5Y~soj(@u-2Fno)8wvWX#aao1lx1wRJEH?r@yWJST_5S^=|H$ z>cY|9Pgkqg$b_%0vHiPakKaAfeY}stTfaOK5qr>cCC>Qoyg#bTe(-%iKD{bS_3V*^ z)grI%ZT)=Yo~%@UyD4Yl9PL=MmkzcC6)S)3Dl{%?S(<#QPQC8heleT8<-s4tk7Soz zT)RY}?)$XY$D^M8ldQ?!YQ8yZ`#n9k^xqQ~_wSzdA-6tm+Kp~mKeOM;o}D87yU*WS zWoD-PaJ`uH?CAMshaNI^x!P;|XW(C2c$nRHd-1|gE9A5IyZ;IOnEHsDpWC(Ileg^V z+=RL?yS9yg0?m)j=Z#n0fA}n$VA3b~tBXaeuh}D0g|wo(R)whfRuKEN|TT z7rA~>okUGp_oKMk3I@7!@92pvHaOfL7;irNp{nohoZ?;6F1)bg%Km5Qz5BFp5<6>y zmWnKIes;LH_@^!5Wv?R4timnLkLoHPiaHbUW71Q_=(d|8?G66dwr}y5{-GW)b@|S{ zZnrg3nZxsUUyhc1`r~l*&2q6>?H=VI`Pi@%_kh6uQ;3cqI`O<)@+NS!l}oXCS{eq%`7ce@!zFXJnQxczO~Da7iLMt zoRDE!d};44!_#1qbx#;_-^>V3p=%nk?fn6ofC0A|#&%pOJmg}ue^}Yla5BKyI=}D@%Dabaf$bWwAdS{kP9G_I?&Iqq32o1-t}>4`DrG0E#*Ut#kxE^~23-G7Gg?GqEWA9>ns_HN0uz1c_N1b1AWIs5Ro zH~N7d({y(T^~bL*6!tA#9@DLTnp1b3@`(gD%XP0rCmYPQi=HW5p&fGNZQa?mhmyN^ zQV)DxSAN`{Z_OHg*QqV@5-J*l?}S%BtQYWH<6ZyotW#iT(vj5jca;~eEVUK(@aH;R zUtB3NePtt0$4zCqMZ2y%EuMMc!}AYi%d?e*bI$fBM}9i{)LU(C^`}*Rc2VD=btBj2 zTo2fJNv!l>m_oSlBVD80u~*WvYc1R&J``Tsm3bwz%iLxO#5R8`u4_x(u9pt{Xp+=UDpp$>fM=lT>jXrmyQdww%j! zyzgYId~{YwROI&Q-kxg8(^Fr^)b}=L-Co$l%2OGib*1Z6#k#t4b#Vn*)3z_Uqx+v> zhQwR$=EmrQGe6Dwduq=v@93B#EM2=j);M=t+~QXeJ!a%u`aLQ|oB!4ZZ;=~6WzN4{21^HNJDI?W5ezqZo9LuXy?yVSCtiF@YEUt6`mTeafd zp2>5V&lX$ln=5)oXOn`~jdOKdulqYob#5uU$L!I6=(csE#vR8yhL_i-{FwdbLqu+u zLQK!I?IkhQ%bBsEI^0z~d6w64_A2|b!_xDYo17NcmTYlx z7QVJF?)J1f+ur?WSZbOayT(yo-|J1!7K3d|^cA+W&g_f-;V9Z|(rePAw~jMXepyvm z&$_TQb9QAL!O&-YcT-C<4oVlFSRFM{#aZigp7PEngWDDPOI?0VF}S<*%CRmsE^_MU8EPi@U+|VHJ@9KGz4_9rQV0W1%!+t2XTpQ;S!wIVPzf z#nPSIKJra*+8}PAAAEJS*x6;jot-rf$jBE5M#t3lwruopygNxd=$*)}t1OtKMtDVsp>3eo2?gIv0GMkM$@O$ryb}0 zXYkvqyW+R~uj>k2CqC?sJ-kno%`w4o?G%P}o)7x!t&Vxz(%H&-`M6zD{gnRcrd7ur z)}1Z1OtWd=7o98P|Mb1%)VQtX{-s85S&A50E=--c*EVwF;(JpjNQ6w{t6X>7@mfmB z-R;Y>9xj*=Z7IaW_>Q$CPJG9K)Xc^^ZWrHrop{~X@z&(6FZYBO#&e!+H>nixN}G86 zOr`Da>$=Og=oR^S*xF{NT@Kh{|Kh>a7jEyq@@ec|yn6dA1^Z$Jg{!}_T!1&@IEAA_uUE7%f04l3e2mw>K2*z^fhy5 z-G2rr?FE~6-eWADz*@X3XQQwAq~-6v|9PEubwgS6&)_H})tzhem8Pn#b#m5JxK_I$ z!BVFF*Q+b;>-Z(#JBquWm@o5eS?5msxgmWH>`}AK4?O>}tkHVY6Qij%^RA|;DNN#j z9HLY_sd&EEJV`dY;GdUw7U~~VP-k0v=z+T2oNGBQrFXxqE||OceL<$Q@WuyoE(f_q zhUw*J-+HNV&nXVfvw8e^VSLZ?*InFRCnlU=niw#9Tc{5E&u7yu zg6&ux4)U)Mhn&LqpDp_|B%g;b1%j$mtdMv{Q7K!*7B`x7aNL$6DQR3 zm0gXT(UM@B^?33LhO3%xM&_jpGGkU6uQ+c%HE4dGdFaY>7U#Vd7dWtld@=9Z81$a+ z__G6|b4xmQ2CByIxO2Ph-lENV6L(sQOl$Q{>UqOyH}`D%T|(< zp3RK$FsNKrJY%lkJBue$nlIy31#zZS*AiSkIZa6RKw2+_SYK#-yh%_NIjC z#8ncP#3#;>5i5_^mg>EbCYPx^`}<`ulkH1@9xw&o{k)+Iz;*bW53~+L_(Q9(E+2 zJbAq8Om)NAE$J4|@2!jDe5A9kUhrjP@R{AQ%)F(ADr`uC3D)Bg2KORCD-E?tWKv@*?RPM_A3Tf8&W z6Ai@<>g-+N6L(T3>SeCXJ)hrGzNlYYE6eHC$urC--Q)74#jWkxvf zJV%)j@qKc$ljF`R>G`o*cTbFXkn*8+k+DD5R~t8WFL`HaA5HnQ_my`2uH|uwd{#eW z`^j0``6hBRMX;;?Uet2(TgJoL2R_EBeUD%8bmEM#9_WN#1Ey(TENYQ+KPmx222Ud6(>+}H0dJh9a0$@Ifr!q2)@c$!~_EZcN< z7wcAq=g%JP?y#|2arCBKi=M1*1@?7T*B(dSbUN~PabX^ZXws=mcLN?NIV!JMc-kS*pzg4ahRq761&{5n zYXg=gLzv-LiW&_l%oMS~*lcz7N>D^oe8p6mP-U^lvfN z+u3yc9ervwom2bO=S`J4D3uo1y=?2O?(Wv0;~QnQU6an(WyX1zy$tG3Xr8K4eWg(< zqNZPG;>1JW7SFh*btE8Kh~XB;d6vt!Zd)(DdF6wv-?Xk74*v3Ml3 zrW@zlE=62E6LDI@B6so9oRv@Z5a1 zH6dV5XNBF=^EZ8!Q+K0@ zs^t~9cj)YC2KSYVj^1|;iA`46xNOTC$7d_dmgh6&rN0by??_75TKnr#nX0w;`zT41 z)7_PBH8)NPzT%Ji^ZD=c8toNz=i}v)eoS2K^626^_8BiPJel0}`;l*&bi0B~>c+`& zmcN7k$Zq&?^ufz7tv#Fvbk_D28Hc;YY_iPG>g8_%4P&kE+Q+}`T5f*el8h^xnryY> zDpQ)C9NYBeN!O3yhyF+H#s8hEvx(>Zv8^)P-8kpofq!qF|16Bp`w@L)pUjWN4_E97 zeenCsj=LOsf}5MWZWZj`)0b7MyI6h4?nuwFihsD=bLb1L)ZDPLb`yAz? z%4fZnduE|hzJ{+aC2rc|Q*jZY+^1j85fx%E41K!uvk~Wsv*A=OmQA z_VM-dh(6nq@ax%Tp|4k?Oe|xbB+XKrI6>_J-@D3HPld|N60Sy`=5)8ew^DugjD;?f zmwTP)dwwdn&EdGjud5qAZc2^yv<;D(7j)%K$9mJ2HmCHR3hFj;TVgNbN-BysLyA)kIgDGzjb!ccJ{)TvAX+qrhS{ebOz63_Di$dHC$)$T50M;_Px6r z{?>5wMwX}UbyEZ1PxEf>+;RN5Z)Kn5pTZxP^k;1UHlfQweco0bK8Y;}9}kMo6ge_U z>Ff8QIfyb8bLvm6&nxAefejhfmC0Qlely_FF z5R0U0R(8V0^wT+Wu2#%BdA}j+?Jico`Mu6JGVjb2+j)D^VYy|?qjx$@V)OX6B5C`? zop*c6&U(x6&SUpmwmIDGqR#DjlkB-S)Ye75((pg?L@2AtiBoasQH^a+WS?xb4Wfb|$v|Rn|`q9qhS$@Z??!4LZw$_>Vc~f?|{~pgm zt&aBJMM7QG{&iUw%Xz%=ej~={Qhw-^+`P%<-OFFx5z4Pr|PvJ2R5tX z=&M~ngb8Kt#X2V%m ze(e6Xd}Fn4`r&&T9jpfTDy#RhRbPLh|K|R>{|tv5KSaCkt=w*~$>B&<*AM+~NBW-0 zv)+hVW68NfQ(flqtY7~bzR6tG*W1UE`T5jxz6SUCUe~G?PiwvEEqC$R!#>TPo6i<~ z=8!j4tNgaE__7+$je{na?%!RuI?+!r0J7Ged-mzpPlY^MHlT)$$pin*$|{IN6$_uhdL7S2txo!(nOj z>yovMkjLZy4C_Nvb_7}eSs`_$=KPe~yBj0F2Ysm5niqL>O7H!(X|aB*=bpVccV?kx z7LV7)FaH@{U$(wo3TK)4GEBGJ;KXCwSF;lPzS#c0 zdRpV-`g+=(Co-RZUGCZ~GOykA zQE#Nqm!C5xajiVLp6R37iuWsgT;@hwioTvN^i?zWOQ(v;bBP4&t`Gb|uj-tAEmVHi z8#3=VeGwei`S8&yyKHHz(i?`YMYdTlX2|c#W_K!`IQP1`Vu5e&(JPv!={701bfVuq z>5tkeGyD4Y{sR)vR=Z36blskAtChi_5pBCFGEnQjG4Juh+XvR{JhNWyOMcd+-9a}4 z>bB0d@!nr;#_?BcV$XLW%ULQn7*zU-!*bJm`4|qqk6d?#Q^|Qt72lS(woB4;zI=b{ zs1;^aYgKSTRLA4I-=Xe17LP5|Rz}8b(KuZAd}4T1=)5b2mTRuH`=nOfI5UO!x5!t~ zq?4g4ceR?>9Rt0EPPnW-$@??pTi}X^oeJ}=*77{s``Asx;hgo=-xiX&{~5}!6ct8p z*u+0Wub}dL)rGBd+!+N7e(w4lP@>yw%^rLE6Z^uWWp*O_`)sd$dfLsS=35w*;rwZL z$rJgg7h5Haz~kRwO6&%vPP(m)ts}&#>+|8gN;iyKLvLk3TM(Mjp8&JgSm%v9#q}^HSI0S=<4()1~T5eMKL= zT$TetW3|M!;>e{u|hn4S>1T-E@oE+Ev;5}p1%Tp~2p743RjQPCc@+PY(wU_!E_Q}pD zSSc>?%C&r26i?a2Tn^8;ud5fo{8m=LDDmX$QSVhT&iRrD4&3evyefF=O!SOL9Vy!k zFG!u)vrmg7$U@X?`HF+ecGo1B*A~y3w`HcLfXc+%TeG$b-)jt;~+v;4%Bmj+k#jRpFYY#db^Wr}MPuRb89dwQ=rOvxj@8T1kQj!KZP=IxW`<-TrS_To%@Ro{$*$FD8Eq;tt|N6&`$v3&D|lI@p2 zcbpw|rS00u#GtAL>;jw>wT^?oq4YOVU2I{qxDT+LJIOlyS}UokNUgh zk7b^uPJ~$CSvxoV%6ZLJHj#P<9b{%5zf$9$o+YKJH-YEt*^2)Ro%R`TqXRo9`?oaq z2*xLpp z$Hz;vwKcMQVxN`9bA_L~H0?`)%FovFGM^o)A202!XUm*_bCyd0WA6&>9B)+UzuzOlk`NmZTjOT4NG2D{y@!HPV+j`%1D-Y+HOQnCC zdc@A$Az)7T+w`RV%763&lC=-JFHm%`1pN5uu|{t6{6Q-E}MvEtle-oc2o93_d7ceTJ@eg*12oOoG1TEZH!O7JT29^ zh--Jl%91a}cGnd6tBx*TdDZiUt;&p^#oM0;tv$Wrrbr||&)7u}b?QbqL&xlRaVmHf@H)$2- zUe&yI&d)a9H%#39I(oz6{p?%Ax6KmS)H|_2l93^Fcl3%!(tGyITAD2=89VW8qNVi1 zBID~KlcQqR#B5Z*wk0S~sb*2X>YPWdB6$;gb46AvrYHGk9JG1r=lC{E*k4kG@!A}n zr+2sLs)}`Pb}R3Ar*0+lpCSD}L&U~8QpZ2+`QCQb_uQkSY@Vju*W5Pp+Es1AmUwU3 zmJg3_x$a5$tF`9Lo%IW%ebp`>TzU1LLukmA4H28SaV2dnd27b_Z$r=J%^M582hL7h z8h^*|(}hR-4F5AU?Wi~u%YXP*e8Xu*ok=F|cD}I+zxP4nO>$bRyHCpXr|Ex0XFqb? z-}%qhf9dU*_fn~=jw-VE-pxLJbh*`(m&eOhvb}sy?(38{`Xl?{cg5*PYp2cC_$l{N zw0~XH{)~OHKgzBjyvMNlQpv|{+Sw|hq2HqZZ2ZsAR8V8?-?@Ja+qB92U#hd`+a>oc ztXzL>zhL}Jsk&y>t?e1#Rw&;V{bg1jd?WSB3ccfvby=GxKAoq$|5NYL$Me4y8mH|` z`1t%tZIEu%TcuqYS9YG`tyO-!DEx5vuKhCCOGvrmx!=sV>?ij{&KL9E%Cchp zI5FhUL+PdE_c`hmUsq+VJ$vTO3y(W}*{|Zn0$MMctiHT@Nx#F7#s}VQm(wRZpL^y! z<admSE`{9u0g;`YXb%OBj|HO&dv|LA?BDOSvyB~LYR{-M3f52mo%SPL^A zJ2>m=BlWLw!JHSjtV{gypW#rQ&#k&P^}FA?x5m%-HS3G_U-N_a*=w|O`L^xPYWr8( zQyHOZeCN9OM|QvdBlQ9$Z{>31-*j>28{2ZMLC_hRn0bCjYZKdKnLePOHp#sA^czQ#xExtv$tsm#@` zeeysseo{T3edgWzhub^X*vY+)lkU9}r7YgNsW86c-^uzd#~c3mt~$Kr^{wv6&g4Ut zEv@%&NWDM)^ul_%?3kyEJEtT)u9o*W{o(VW?Ob8r42-g_HK%_E*D!zRyyoArwAJOJ z%wkbVWwm`9#m$0ThX#0Eu5$Q=;MrvhpSyLU%d0? z;3F;19cS;#8&<6Q?Ras^37z%H{4CAc4OZc^YaD)XE~;4Vv*YR>(ITZu9_L)rCD#W{ zKK#pXVez-z^k+VgRlcn07yP65QNQg`ZScYJvpPD)Pn&P;YwL|qXL*ts)Nft0%>R&V ztVw+9#2;yo{O@IUoYbopob~6!k2yBhkMjFx&0GFR^UAHgXATzMdD0kP<;ydV??>+1 z*Hx>h%=37X>G-A~`*Zv;v*ky2o&9?_PIN-7umJnIi0l3RQ?!y6T?|=xnr-IUKh7UY z;>7oxM^)Sv*(9$!eZ#X2B`XuI=(#TO+!byeE_&ze!+f#V=k`hKK6?|>Q{=GvKKp-$ zwEdD5+m8fg-r}40pCO}nQ|xhO(LLF2f>$0-HG8`7^?W81eU4Z6cY7bp zW#y`S2VA$_n%;V&`nvkE8vAzl3tQJ_hqS*n7w_KbD0zEwY<$x?oAfmmM%K0J9(^WF zva^2`#=Kf?_GY_C?pnGhi?|#6vW<_#30;Zz><*b8oOyEc_rjIugTwRo zm?kGa(A+Bh#Y3+=WzwC=v(8+;9(5r{w{-K$HQmp&-DTRlWENk^V$WZbc_Cw-*yROR z9wZi>kTNa2w|S5Cl9)eE*YkYu9I||~;7-r+1(GZGR6mmSJ~AmX`_dc3s3VdGUf5<& z*!J;X>m%FTcQ%%*On0l~iu{XCE-TWu4C%VaJ#|UZt^IF4Cq6ze^2)#b5zG8!0Rg*; zb^1r;HXLol!qEbK;^OMfuF<)tl3H3hNlH{@J`Z{E|J-{)eJhw#<(8 z51wbjpm*R%+4|WJoBlI+?%Xvyddf+afcItRd;_=sXna(geCX0#p=Tj&my#qWeEGIM z$n>Sw_OuIYfA5Q)pZ3S;qu$iV@44+;OkQ4amXci}w`>p7e};!LQR40DvwnRrxpb~< zbyeC9{VJly7Q9rADIsylYY;?XSKnMnuQ%F&ekSAc+VYCvFQ^(e|^f* zJ&J~wrJ}o6{^9?jnYgC5>3eYdTklhg3|?tJEtYvU<=IQem=Ch<%ExkT6d&hz&6AxT z`J=gP+qJL^9zQ?6H>D!?xqklRnx}o5``Z4^IjYAb<{5wAx3&Cn+VV&G!bi=UYE0fI zCuSVyy?jpjSD5*Mv+748>-n;_y?f-?sAt5!H!i%Tw_>~M!mI7&-8sMIzv+E=H~H~= z$&>YKUZp)ccI(7RhADp!u~lEHN%(R0;pUH7wE>6vW%n-F7OwZgyOCUIHBEBTk@ecy#WB7`r@nf29BGEAu8sn>~xRk$8*5r#$tmKySqH9vOwdYTtcQx*o=#G!M2X-)MCT^K^ z{$qQGT=tC8>iF5GA3WY3HSKkHr%A-uX%9DlmaqC;J6*|EVt>i?D_=Yx7JbXzvh%p; zT(q&$_40eOTM-E&Fy;xsA!$S#L$BBxma}%4WMCm=zp( zDn-M4BP+j?_LT*5Ccb=lE6{G$hxJ{${>{%Wt>-#w;>9IuV{zQ;acO4UyGNIgGzndb zwx99(hJxwj#T7G4Wesi2jb^NydU(n49bZgu|IyxgQEkVLOM8N|e2iQ!<}q8GuR6BW zTypcZrK+cj?1i>ySFiQb7x>}#cczTaijRd&?n-N4%;TIL_oKA>k)!SAyEjj)dG-8x z>Uq<-%VYQMy?eafAgGQg&&^&5q#8ZxW)UoL8_6^ z+U*mv*^k^~-?eq#C+X-O$0lX>w_TTdZdG+<&r(14pFyC8`;k5So~S?K-fa?UX0Nov zAI7eow>DQRe$~lmn#yPLzFw$U@3`lR$$y47cik+*vt@hdtSyccytwwk6{(BsW)@U2 z_eXup^fKyO^Q62mbBbxNS3Y-KY{tezo7_@PaG!tbGfUU}$S&_YH*c@q^2#ou`s#i8 zii{htP8a6HpVqP~GM;tDmp^b4`=oP8#ebCdmN;%ndMqw%e>m#wy5?1$yr(*qW;|$r zlO4L{u9oZUr@cJOpVlpwo7%kMN7>)C^GdfBT>Sf|&o%Bt-QK0!CY5Br4*KrccieV$ z#_7e1m%Do}KA&g!;nz#4&G#asXHJlR7>mCl!`k13gddr z469a4@00zMafD*t9*Sf5jN(%2+!cJ_IjsJ7bF(|ztfT=!-htQ1S| zWl;IERpf(`!`aO%SKm+9{l59f)#{~Zs@Y|p?OJrMY>SazG7nz>FK20ELdfJtm1C?+hj$Nm?NiN)g`z(J2z|Vc&xf3bH(ZQ znPlmYXERP`d_3X6EE_UwT{1i0-s(&G-V#wum*2d(EL4TLtJ`n#dAD0PB#w*jtYyjN zykmUcCrl?yH@)oh5j*!6)?pW_B(|8U%)3~$DdqX3s<63Rm;PPjxh`|l1V@$!SFJl9 z&yaW`!NNCHzwK-K<){A{TI$|*yX%!1{tL}cb2hDUF8sT9xqHp-nx~Hf7OyQf-lmd! zv1W1CwTb#Ax!$Lz8j9>M39*{mb$VBb1@F0AE;r6?4^1f7P_|ra%R5s|yTsASE^5iN zH(jR~55|PkanYnVWh-U+P8?=mD!8O$iBQE0t!#^<$HdPZP)T{T=FZE{ zw>B9_Pi^PZHhXh6VU1(H_$*JOTy`0$`EMq#)a7nFD;V`$azeUI*F1|mPt+wIZMIT~ zxuCnW>&4=IMMmyRv);&MHJ+Ncb>`w#OWvzYk4$1?SnH|w_XO9HT$x#I6So9r`|R4j z@ruI^>Bsp~mTA3x*4VwcHc>BG<_+5>-K1c_>1SBm)z;s*=P{9g^C^daI+wP!Z74I< zHH*91qPs1`rpfB+YKiT;c1&n@d(gE$QFYp~Wg0T>R{c}HndTXMJo(gTcSP-*k~Oo^ zeNsy7WUut(@jg&sKFPkdG_2fgyPlzdO@aI47{3`4&q;>)$a~$qyky6=$weN1>| zBL(9%9U8vMJX;qTzi4hx^_5S(9``ScxS7lF^le?4TCnPF-PG>Pg1#NW*VabgskyfZTHfvV+MV(Hlgzh8Pw!4=X_h$eQJ@v=kqkbZL0anZlb2_>h!VFDh3ZO70Q%e!glOhuW6z4YMz7 zl1P|pdDJqMS=p2&T%*g4&2y>Vk`KnA#b$3J!+0!|`?f4u@ZxG@#N-KuT?Hy%ZC}Q6 z8XbDNOK!>s#}`#0f~U-LSGMta{K=fw&Li9v>L2XHctvh*eUv%FozKBVN0ob$=5%hK z!XJ1eDd%-$6G5FKx_aW(gYy8e>Jt(NU5?q<;Z|@~`=tan(PsLxCnUzhP z(>1Z-mV?Lvj}u3=R|_YxTLu|k2rW~P^Nq^5@wuzbgX{CGN!MDK^WJGyuq;Te&Fore zRQ7C&m#xQwppB{TIGrRdkA_WnuH~vZvEljrs!W{&ld{%LQdn-Kq0+VPz^A*bo@`ui zY4e}q*Q=e*XRUh$wH1RT9(+4%`XhM$xi)5Y`R8k$K5e@r*YNSzl{-r=ihOE4_xRRI zpM#qmUj}>KJR4Sa&_blk?`UMDjQQh`=jZdPLr*e&ZoIbITkdk>olDuy5nGe(o;Ll> zwt7+1(tK&ldSz+9sxNC+Z$2oi;UTTz^Lid@`n@wtWcae4o>|q>aC6P=wtGj<%Rjk# zR3hrBq;e)>(veWnif3Hg_wp`|{k{+dr?^u)XSm>OV1K&=W z;k(8y=BV_9Y9Vc-$AMk9D{gQme(%jZm2$Ivz3G)8e#K6UCt4NKQ4+>a-GBk z+t-T>F9*-dmE68gW_NN=iqz8@$5n@O=if_zevmV|>e){9NlBZw$3@G`DU8{&ZFc0- z;@v8fXYE+rv{*AHOV?^@m}=+iS?6|74KA4fK6&HopjWwEUgw1#Yai3*} zW^%f)*TVk1txGSt8D72d%l=#bhcy#kPW!d{aOf*kGWE&%dVcO;qh*&CWVb~edwW$llY`Ua zPVr^srFpJPl{S{HiJr7EbMn%le6Kr!hZu?S7EaJK7HO-`$BA0=)U-+Tw#1pEfblRs-BcM@Mx9i@^`rxj?XDQn_D}# zaJuZPh&RdpGv!tOGw?t6pOIx|G~G{d`K%*)RZUv@n}61d|5zPWT{$PGqS60-h;G*5 z8C8A9`m*__io7k^nHMcxcs3)tqN?K830uc+%WuA%zJhzrgOsZ;)-G4h_NjQ>`)_>qtV$fwdNI#qLHX z`R~29NMOMZmG2Tu3qMI}Cdh6tQ{QX5C4Z}3a*W3Nu4~)31aaK5u+=)y@Hj();iFTT zOhWR}ML*r;E7BQ)^>Uc=I61g1j^@p{E^%II;Vi)>t6vw-oPJ{YGAFf9NwJ47Yxd2% zCpaH7?UGCg&*ABrcznUCOD`XsIx5m&ALZN=IAK=tX}JS;9xwIG&G@LTJ@InarKY3Z ziH>LOY{lYD_c;}wP-}SNmb$cS<7WvW*UZ~)hi=^7^fl*6Xvdc)y?#|!SL8}OENgs` z8Iz@I$TLCXm7}d;@D0VXM0xoq*VgWx)SVPKwLjs|?A)cXOM2F@NqlVdo++}xoptJw z1Ff}tKV^MgqIS>3bK7)g4`6!-(lr@tQemz>Tr&#ldxjW03qs$vK^WQ$K@!@1!xaXtmmVhbS9nSEd;tkUK z?0TvsiPOF}aH6s&x5D`=!5b9+GklnsZDf7spojh8S=q1O9C%+N!_#|pZk^0(kqPTB zTno7tbSlbym%;{yYq^_4CY!CZaV}Th>}dcSU%WzCN*TR;kX;$mds= zr?Oql8?RcXpQHC`;vbg{?6VL zQ5q}sF8Wm-$s+{cq5=KM<9tg%JYMw_`LkTq_TICmpvl%ZU}xox$vYS<*7|S;$L!*t$^ZE0)z!IiX)`?1{?={n zcz0yJk?-xQ+*R*O&VD*{_TbT=aM!pK_pYzYE#-(ZtC?i|&-8iJwRW9in+vkf%gW}> zeZ4IDgS@b3PuZ&QbJO|GOiW1Ms&Xg7J$U+tNCoTuQ~tKKue0tSNeys2+Gk+(W!0`0 zpPLh$Skf2Dx+d?uy;F2Xt#-Cr=$o=>{}d9|T=c(@%f2=9<*rM`*O=}0ov^FZmU8;fO5DLy9Qny0*zJt?r}ZagT0(#O`Z<4^cIWUq--NZtEblF0 zytOQP#>croEM9w0xMmb)wb$yedhRB{<4d!gpFVGLc<^C?r1M%hv4qbu4Z zzsp%)*;U17JoRas>YSv!X-6DrdzOKvmyDsKG^Q7F=%NgYpPR$fzo_OJ!pP7}& zMVl~-lQxfU&AH~=lWe*$J5TMMfmZ3p&@iUWd1scqOJ2gWlOg$akV;N_M%0CW=N^|? zeOWf!jJfY_rg@=i636uHn!VK_AN-X(7?Y20^^{$Aukd`LIK9sSdM4}AT$Hd}hD zI_r-wqDL~n3*Ayb_gr-6;w+EjtUsCedN*xcqMp2}>wz5O%P@tx&iP*+ZB*DFdtdY0 z>J2dq8J@q=W?NI@7H*dN?1atd*I|jfG%8GcMPD^H{tE4QSH{B}lzA%mU_q-V`@BcX z`yMbiUpMXKy~ilMJG5oDg~I7CD}=+$ST1T>Pmw=1UuJ_A?{k}PYdV&fvFl%2GayMUGAXJ&{xpZvNi(2vbCYhqqcEq~ls2it2NAwMUvseD`K|7gm4^|mD) z{Zlr){Bhmg=2?*6yZ;Pxi}wr2|5GVSEk4E@Vs1R~ll6C#jC38*ZwnXaP5w+J8$LE+Rfgw-E^<( zJBc9gIo|{#o|~+0GM?phddCV84dw+$i)CL-jbMK5{b}MYl~m`Ba1R zc;KytZ7*heO*MIG^rY#o=EPO&o+(emWztXy>|jwo;;hd zA#lg6b>DfK^FOVa_GC^|v7^qc$VPSE&?WYUIvxv`oH%LwW7TJ`a-p+d7qqH%T@37iZr;nb)KyJ*=PT^G$`}Ou}YEeQ?%x3+kJYWwc&l(+6yaI z_sx2pG)bm@&b8Ec3(U+yo~=GxRhPKu>nic-JA3-Q^d|0CYn4q8toRi2q1ImN@z&K} zq_52LUz?L1)imWsz5Tfz@nTu8CK|d~%Kxp}u{F6b_ug^MM{hk{-YocPdLql*aAT6R zO4Z+N=Ob3#Hj~W${0i4Dtl{Zle1C09=uO=v?Y>6SwC~$IT5U2Zp*46n|5>IgqoJp=cX$~nhcx`EM#~t zTyRNS@tVi=YQuS!aLKiIbn*@t+I;SMQR7?DSk}qUJUPZ}?<#k0F_wvU{*{(2E=vu| zbe&iKu|4LuY0HXDd^=1ZZH|e&fA;rro;3wGW&M21>cwh;ZnZ5{U2%@h{c&8S=wX`! zGen&yZ(%+!dA7i+1vjNWg&8Rs;|{tX6fO*Gx?~=yHq8$&I0%8S1x9X1fJZYu2TEvW248X)93CK z-oCbY<8G&;{L;0V6BcDTTQDdx%WW+ZIjJY#_9m-!@#-dVnXhtRm*z{RD9oFyCArni zD&us|s)p(ZrOTq7R@{uVlKFgVol2s}MxVl-(C|>{P1SWJ?b-a1Wy10@eOq;>{#rBJ zU-|yWHQy&*H0)!qxfB&M$M}sxdb6)~yY0-&QFl~w4?oU0@qBIGi*TFPyysnybJorD zlgT^zXxo?W>%1Ey{?=++uI1}8+HEWExhFaQ>FVcCUwT(tZDLVizArj?VXTM3t$2&o zmrnFZxxem73D@eK`QmR=?~}r9j}F^BkW$cj;q)L`^6Qdmu3UGE=NbRFvTe_L2A&C? zYcGWvZraIuMrQ7UFDF-Q`EmH<t{?9cx^8+)~(k$Lr}@UGQMH$-|SPwqe0zG2sm zH#L?S5^UO&53u|yj_sQ$?6$DD@6ZMtX|C945y?~E*RA&2&iZGkJ7b0E;n2Az*OpC+ zvcKuFQT^W6Rnxz%XL_K<&GY=yu54Y~1sja~7H9@;H*H_Dac7cpOs-7zHNmp9JuBzD zy~Q)(aIwZQU+;%^xoY#?hDmrZe%vh+dgYSp&M9m^i`*S!&o`Mcr*p(MPo6jTwfAnJ z#VfNNK5UUn-L=voqV)0Jl3h7&HsTMeq-w;h#fy_0kGj^cbk7xZmFY8%(2cgbekjvy zHEWaLe!HvZU)!k|3&lD2Jlb3;TdWm5kAH3P^;uW8>s(y!b3H_1jrZ2>s(Gu8*(#nM zU|+sI>d^k{YOPTw_J%UQu6z<@*H=`RWev@>xwEs#-PTX*QIE8NY~I)Cwlk@FKS$k@ z`EWpwW#bpomFbI?c!;{kEf?LGn6$89<#`6idsF64cqqNs*Pl02AoF;M;q%5m?WJ9^ ze;pnahVHRmba#zXWgDBtT0^N$v)1=9AG?coZqCwJHY;=HcF)U~mWUZ1VOo?dzc$8a z`^lb=eLh+{Gu@STDQq!(mTK{qujn0HZKj-e1)pHEd{*?&+{F0%F>hmv-$#7Er+9H; z>(XsI&atb6tu!__iN3P+NTb)Dt_5Z9BevVAZl8LlaObaC&-XZgWIlYsGBWMHS{2um zQh#~w=@oA#Xia{7zUtl_6J1}E@?Z0NOV%o>8F_K%uJe0-{JK@^;XVAVDn;6Td#}FJ zmsoR2cpk%QDb+38g%doOeud3D8zJqUz3i1xj9HwU<+H7CbD!*x%&RR9*<-$x#UaJ# z@rremv@;&`YuPQ@bhBgCwrL;r{R*2yzDhph3e#)&x^gS8n?`8Me9iM-2lifHmT+;U zgx%Ea0I^qpBc}46cw>Dv=&aS;n|W4!S6RH3x6jn>5&mboddUr&AE6za<}I6iBmBzZ z+{H0>&bGufUtGQT(ih959*>hR=V^z#UwGWX`+|MJ+ORF34th)w{S_8-t26J+?&^w% zFAQJLKepw|+0_lt_nStQw902HBwSwej>*ew&V#ElQdZd<7mr-o}@1@oS*+)`Hc{%ECc=z`7j=N*xodgQg8)ph+m&g^FgZF;YseI@>B z&yC)`;>n?2ckdKF6ELz|Hpx{}+%$US`{jwchXoF^Opesg<>9;7rsMIm&+6LIZF4Tk z&)ih;I$ZI?OZPh>!hJ2FHzV>gp78`HKk09>WLmwoXRRjhocU327k=13bEfK{Uze}D zT*{TMnfUIp$iu}(MZ4_!n_dWivW?raH^m}(zSmFx!}qr??<_fSB&v7EblD>99Uqpz zt$+CYI`^7em32#`e$1L7^&#K+)xwVDraQmdAGSERbiH$4v(59aFDlo!?zR`7&+o~X zq{Ag-#r0u*L;RNG2k*a~zcn^{HFH9)&<2_7J1e4()`@*=?_t}TzW&xpv5T8?7XQhf zx7KQ7SjMd>kIz+Y>suCGz`s0ehtBPCpR2O=5tkn`>Z*BKyjsJXp|+OmSaHwwb60#l zKg(^kHu29)SupAE?%<~e$CiYeTw7Qa;KBYlApX=lJ5PJ9^D|X)lTODRn_GGOKSSK+ zJ+3P?E~#@I5ZZC#Pv*X4)~9DvessONXX>3f`)@WwQKsvi^U*i9KUAB>tH{zj=hxrt zEbSFjJrlI&Z<`VArr7Rk%& z4(>1Mj_$Z~dk6C~Ti)|2X=zA8JUo0GHjWnOu0=Hrl0j!zQ8yv{2A zzPU2V(D3i$;AbYjv(2P#%vV|GzBjGnoOi9;;WyoaN#~5;p7qaDa{YVX>*(HVdg4bn zW_r!+eSFel+3XC_+g4}w9k%beyf}21YpUZxlXj0Cn{8uYQg&vuAjFw?R4Eaf45*)N#UKlDLU;-O@j_q^?!8zB5tR=Wu9e`a-PGNwYO{C zjQRPju8U^dZq6!l)lT!c&3=2<&FHP6pC0F34V?FO=Ir&W4t14nIHz&>>-u}LpZK=6 zN_ks}S)R4h4r8CD(C;-paN0Jj+U!_wU$$o-mvAYy&bR!+@}I%$kN4j-HOYmK?srT5 z+imi6-^CTDLicVL(EghIZQ92<_gH>Nu77>jGR&LZeoHhmFIgy zek&hYEFCzd-}d9uAsqBM%?zddj3fiAgp++_2R0nwR>lry^f1>=|QT2gS7gj?_B)naxJ( zm-+#F{`rv~c4ZZAyJmk^^z-?{hc?AHaQ^Ik5`J?(r^$>rHJrlx>{8f8zgg_G3d!r& zzZJDO;0f1CZ$;*y@XJ4Yhdv|ERp z<1#;pADz!%Dlf5b=c*rtOUm*R?MtpzL=_$hDoUPawA8XvKIR7-`R_3db;l(CoScdR5mp~xW6y#KLf|pS#FnD3S&0jme$v5zqE6Gr=7)R z8`nqtZ*|$?)oWU(tUP9vJ$1R{O{r>E%dDdR3<5TSkGv}dPI0?S^O#v2t-5}2=RJEq zwRfv_n6fpCzFWUU#cJw?9d3@F`?AZOE=+gcI3?=XL8nP#b2f_iE6%MEnNqo?vizuQ zSmZwCLoRC=CI$%9`i6ZJnUrn6{d3bMxENkvaQ^G^AI&Zw<#s;`zq0UBO2yl} zsW+SEHC&57bo+L1^tXw7Ke8ZGx6@W7y5VM z`}VwsW%Dy8Hurt~Qh(@fyz9m*3A;Qd8A&9zugiY2zbQ_k??1!wThF$9<~dmu>Q|k% zcem@u+<9}$=D*YuNod@)ca`YlvuR&!c1?MDx}-aN0Y z+5)>i^WQdm_*SZ3)zw*{f@i*STU7a897jj*gW&XwBKz@5ZmS zTKui|ROTH#k`wvZ!S*E6e%;bo`D4Mag|^Mldm!oOXZ!2=OaHgs^?Z{*{BoIf{`_y( z6K5)ZKeyFBT_;u}_u)T7@0ZVydCLzwUAiZFd|I&N(Hb>vQK^V&zvX(Ap8I^Tzq#6d z-$k2Lv89hW=6R$Y$xDe7zqjwe58dPkx%?s5Onv!JigQb3JZ2~|j5*()U&r&xPI>1C z*K0ir5es!Dzd4{%eeq%c54S(;kKC?*+3E9PcTU0a70-5Pr^Q{3H1;YH$uGXLNAlzO zBWC=Ci7S8Psx&3k?6g_8H+%ZW^taB*4{nEFSpP?6*{4YVNlkjb@z?${WcqVv>{8t~ ze_2JHWx7z0(7dnBD=YH;Gd$`)k{#a>K2PpuzD$BjwAK8mPtV`)E{?f&&)xXpe}>zA zo?jO)^n7^CE$r68V2fvaix1Qb?Gb-pvK-rKHh(QeqVrY@(t z;O=T`uMJmi%pW)}S6jGo$&5Ez)hQq2+#lHAVmf?$cZqE9k<&S6PabJV+iP{{`QdN# z#5331I6gnl)12IXE_+(ZQ$Lr*;z#4SKhE!&r)?d5cH74ZN5qc3x_af0W_msEw3((S z+3q?NEN^o4|IfgAzh!OCe}=8%0T!K>th=sTudb>7Fm3L#)2pH)R!@-#s;yj;bGuCU z=$4}WLN&FIe3i1#io4$Z7IFP_LHKsBPr2%TAN$*%PY=H=RvP%zyB}Sf z@@d zk0wh_cKj%jd)r-4d-6x|wk`1jcaEC3mTg(MeN+0JXS?Qe`#)UYe~WGDy1$LN>vflE z^>3HneBx+oh5mu-_e4L&$mi~iH#otxtkTl-RX|sd%bUqs`bX^LUI;TTj?%c2yTM%a zq{O=XN8v~RGxWw8XO!HYQe1Fp)np+#%k@q_mVdbaNd0iVsD1a^l4*Ok?JHpv^*ol% zf0XypdgeG@=Ogo^%76 z{+<0tHvNHR$$Cx&?y`q7Z*HDc{p9+oID;Q+*Jefa-^yDrJ55h1ph7nLW&O?gM@!dt z+pzPu?{QzbMP~`K+8cqL>!emKxo>(VQM}g2zxzJdn|}iFHzQ{#N7ih3=Ws&#+D`6x zdFMy=9b&gigk2upyW8nt`9SK|e}>252mdp)+v)uX*r>`lWXjZwokUwli<7tGo9j zJmkan?)?w#KHR;$5tNyD^)ISo7MX*-RAL* zb+aF+fBVmHbbiOAd%bGr+qP~y!lV4+=GXP}6z4x;ecJnNw&-j({ddgPO64by*;-w{ zQpY(t`tQ8|3~9~lUz+vWtu;}d;>P#rx#`)N$*EdCPbTNiZQJ{Bz0iy3wQ|hNJD<5c z{<<#Y-}!&a*J@mB;%=>(m(^3h#=Y)Mn11uNo&LyzyU}KyZT96l<_hBn z$D6m<#s^;iI%VfH4X1FZEq-q^j=qtRm?WmbL24e(t;)U8}!K_sn=E89I6Ay8L5OcC(YEBhD|&n>$_8YJJ_+ zFISB1bEP+LGfleqeAe+J9423+^5*pNbSkhJRdK!hBme07m68ehxu<#;$b4UCRo`-J zf3K-_b^CUu(uA~`;fx3D&+X;=e&D+l-$dTM+s_CyHi(uM229Dx^ef!ky~%FcJ;}Kj z{T^7Hb$_@sx3rhz<}2qMk30NPOY1&new&~8neC;+fiJ7B$7f#_l1Qwd`14P8Q_QCH z#jF*w=HK?UFPpk?%XU^i=Es-T#An@NTdJ}3vSIEP-kq|(K^K=_7E{e!dvyu(vlH*b zFCBK@y}eSkRk`%!*&@HWbI+7boMS5M{W~-FR-sbz*0L&-?H}CbmVPV$G_@g(d6{k@v6 zTPGgNgnKXe7KiDZDdVk>ceDrhT8?P$diL^4>V86D~Z^=ECT_5Hsx?Gp3nO&v0hByD%Kb(yd zCoZAnctRySvvPgLKfMpPx@)~SCW$akn85u{bXLoX6DHG^Pu+TV+wLVxw|?oea|>r* z=f1SqTH0xE*Kb{nGMddDq=-7U%lg?3?+u;@PxccN2`9n-*3S#--*y{9AnZo^n~UICG_8 ze_qA<>?><@mR!?$-X!>>V~UmV_lWDVkKYQs+%?&sQzP`#k~-79R?|~-%`E2s@LYbW zv~0)D4cc-KcdE!Fn_kYo)!w+L_TlY@-^#lUSN2P+{JNe)Hru^9NNo4p*-Yuo3!iQJ z$rX^-?Y+XJ%Gip3 zUsC(4#KjSVc`iWcflA++we(B88q>IN^$iL^hxhVKe z$ewAH$$}=yI#$fpPK!7*YhN4N3FA8>(*;$Qeeh?aNfrK3EZN7Nqy|3G;<3zn4v7m~ODj zV~>#aWu@a&cM80V`?>sN!CJ9ToX4L>&Dh&zZg@9yJLihb%?1+F>QZr#?S5jJ>t_M#C8kK! zT=;cuu(9fH{nal&+%Y{DC%0q8+9$?tiJ8WI4SmI~dsjQ~bo^kby_MTzw0ZW-vh`;# zR0a4Q_2zh|cqOf=tgN^F^zMykGh7)uy{ta^?e6o`t-I8s$u>WK*Rvaz(sS!Rh=__W zR9(CvLF9vud1XP|czO9~Xm-^d!w!MKsU&uDAu8sLwj*~7umPq+~^Xr;-`J5Rc z7j9ki-YC4y;^FEwTe>cJS0?QUh|rgKmpyeuo3-VMh`Q7lH`bokzNtJ>#pN8o-51l6 zd``Y5jpRsW&Nd#7vp%Z?<#`PJnYy2FSMGDQNIVS2&3(BunmbJLl0 zroX(mCdy;Y?d@~IO&^|hD>k24wqN0ef7SiSL?;#<2DNS#&;85p<@(Ov9KL9$qMudc z(Zt9*61OeRW;mNYJvEO#>ikq$k*CRVxBhm?^dy8W>o2;lal4OeV$XNcv$xORF0Z<@ zVfQ4nLvroUeuWfeW!&p|xuD{%gy4ynzpivWVBW4QIy<|LrSap0s;&*!Gk&Jl6$f43 zIdO4*`P1g}7LQGn?mdjx-TyK&;9Q@#dDJY<4i;vwGdpHo+%+LWFidydwt|T2u$ZE} zAoFBVlVa`K>nCMb9#86>IyJVa_tHEy=}MbxHs)*P3g<74?0YfgT;=iv-OX~Ie>IgR zr{8_F>hF>{lPZr|S^D`s{<7#qxa*H636{25uGZ~m?(j`@(+syaJnNsUP*AzdTPMGV zkNvTKUyxP*xz#fdG56HZxiDQ{jv1u%M^@_e>ha zLYj(SXns6ZxP9je<#{%_>R*heYwbGfy)CD$J4HcV&jOzs&_BH76s66|#Q*^2@KSN$s$^o7rPE=YqGAgT$O~ zitZ8Q0XSw{; zlSv}iaz9MZ%st+BMe0a@@XjuU(3s+g=|(fT1+t7`MfmGxA5taFpoZVr)=@yU9FE3+ASZ? zyK*J=i{-L2t9Ku_v^e!_)BAsCizLk-JXQ!jd6#L!#J1ua*Th!tugo~{*kLP*^b`0hfAlIaX`1<a3zu;cjt@3nenuKDUJw*k6M-e4mbmt1WWvs$wA;0xF4 z{|s-IKiu)Ir`W-)HD(&~oNL8DA_C%me${XNa`VlWirm{=iwx?PZBJ-fCvZkGB1Q1l zCL8-)-L0$KZSJM9S+3nJU9p&@Z^`wUy5|=!ny#r+m}6_~l@xSzW6za?4)W$vna6*G z%rbFlE>u`9yYi!xeE)Ml?zVH8$qsyl7am;blv0w^eEB-iCV^@3#Q7gr^Aywt-dlY0 zvrN|p?aI`HKP}#5x+K&z@Gu6qN*ngg)m&zB%ZR__vIg28p{0i z`$}a8K8{6)pC%`4Vi7Gp@%?R3ubG*%T4DdCrOnEUyQF5gvDdMA+%QmWS)QNe zy4_Oo(fcc5s~xyL%whKXB${j_#Bf5S>*5_k9tO#Ywv&87I&A>}$4Bron=3ixAtbiY1>S{>+P5uv+qU-kIZ>FN2OIT^6|c zu&Qgrwso8=C0|y)eayAgV}a1dkmv@Rtriw1mYN;-Ak8jXnS0I8*80kXn@)k-OGRxC z2VOW??Zf>0{GnO1QuuBfrF`ruTigGpG=E0vm!n#lJ#$14zI8YF89C47N^f20bCYY^ zwEQj}{JK_k`<&X(2fi#dTkuKa8OxfK**8b055 zQs6Gd-o<;ZUzn^(@aZ{MCKGgA(jLYQZB8T-KNKa<6i_$@FCfZ?uY8sJq5v zX~>i0{Z*??0*}w_?X&9ItJ7u_dPTsW{nCmobM34r9o%BF?fz9uq^GD?3VP)pYE!q{ zI@hLLh%NMlth;>FjnvN<Q! zZO=1H43y``MXvWZzgUxoHHrL+mT=q)JQGE4C8%F_v=?<04;UAk_5@$*|ZpQPjk-&=hvR$%uDt(_0# zu9o>Ion85Ejfm0d2@87n&3!$4N5+{=qKOSh{<>z|i($9$a~7Onn>A;G-7}*@OpM3( znl4!K#rRBL*D(YBoojjZZheY&R1tXZW^Z`h>-5~mja`e&Pn^%X^5O35ozbaR1er@5 zs;*6NS9x~H{7uPDpJ*X_9l>8=t?S#l+ydW8%qehu8T@k7EyvlJhfNyI4d1xNZHZK? z{n*&1yx(gpOYy2RXQHiNm)*4a-4Ms|Cv)W^X*NdH-Jylwlare&*PNIC@#wyHSFG4I zp-a;braaG&%Rc=+eO7Mx@334qhmZnunXs-&89N@`x+wQP(K^N@O5I`OJin~NSxq;J z4#*xTs=D5oIZyjzY|DAwX&c_e?&v+wQXHG!{-@sbQropOC5OWWZ+yKM7DptDeziU9 zzAJm-76C??gmBMg7TbC}W%l%Kefm%0)ME zU6G^Q`MK}zYHiOe_c#jK3+}7CDk#o7qO&&}yIB1$>#D6!Y z_{vr8;J&OozISHns4LycZQQys__)S7f@_ zFGIy#nYHSr;;nloPsof2*O8pj{5IzK5$Tu8m(T7_&VG<`?XaJdXxOXj>yjV&gN*jy z^lnm)d2G7WbmdgfqQy`0Z@2wj_w}s!;YA8Q+p`>kue0rY_jk&c$qQ=OFT6Q$Fk9j5 zkL%B;ADjJhPwwxK%ze_0pRS!*74nJAw{BLA&BgQWf0&oPbZAQ4)Eh0gV{Mjswq)Yc zvuZhPCoLaM^;A~5k}zkM&tg9LrN#3)Et0CXDi?UlT*-PRo?*FMS%{Z`_rQa{S!VW{ zw=&PXZVvQ#=;v<2(64#S7<3()uTYcKqeYb-cP9sOZs4o8V%U-rlY958Dd!Yzqm?WE zUGVn_$<#JG^<_P-l-!HgY_Uid8sS`#55p^YxckZkY{`c-P5w|x1sru(k<6YDu2tfekbxa2=IqCMuyqEEA*9kWW? z^ZuySCZQM4`x>r0K9Y4a>XGulwu86omt}0*$DZ#?iX(0PilcU)pf3KMt~Sst&ez7n`0aHEG!=}P6G z!)1nzucIVxJ6)X_!^4xdw(`Y>N$%Pgs;+u8L>$&%YxL=Xn|a}T*S0Ng_MPjOOpSTZ zEMMxr-1PZB&8x2SChL6i?Vr9<^!lsMJeCvs=7dkJiM)EmDsyAQC%5{!B^RUS#c7r8 zd?KfQb?LtS)l+zGKTT-)suJclmFLmp(nC{pPw*7?WyL05o;q`ba!t>i^z~k;TTh>r zpP{0haE|Ni(b9R^RkOcYI0eQlY%7i`J9^2etVh6NUA^BvBZh|_C)icOo-RFY@b`fN z$m7o700P2`mtN?czCWvvKcfubDAz+UGB=yk)(oEod*F z;p_KNd|jIa_p^MJcztcgwkNzZWIi{BI4)i4%d;XHdpk|_4yVfBi($Faf^TlQ%Us!f zY?;B`!YfG=*S$EjgG*$R)yJ+Jhm~3f66CbbUSYi2XsadSyPSD~d(@7#JaJDx7#ANzRQE-+N~(9~G0__2AjsxFcS26?ePV zf2&bEozmDi?{Bup)?~d!ai=EFQI_44Y?~F!#gu1Xt?;@rU`FV_7bQne{wO?&#jADq@JTmF~LZ;Z|{rb8U3? zNxdgV=a|;Ld9*`)<#k!!=(%CPe(7t@=Gv1GTJiAC&pQ#%_ZsGjewHfO+rKtqWAB~| ztCpl~H1&G6taCAU8_Nonrp1 zkBTSex@C(`j8JsR`4}^A*=M;FcLm#>zlss1}8(F^4HZuD<|@wsoNTq7V$5lQ^!g^>UH;bkE#Vtcg`Lbs#~^o zjZV!|jl~kmYlAN9-t)9ndC+{k>h%{}35&mvijF^hGvqQpSUEF_$=xe%bX5Cdk z=dONh%ley3+#)8=yE?fzS&e79kmk3u+0t>xMcs>M?iCL{mpbiXx7cgHHtv3#sWLLj z%xg=^;^emP{?8C^z--CD^+Lx+aM{nqX5PaKWLH<5bQP9M?!5eEr^=Mgs~P8gy-`u_ zlwi(LsbjhJtnz_xD$^@|$^Cu3=<*kDYm5DbYuC4dEOy~tfurrq@84JF zwd8&~@h96?XU~~@)><~rXveL)ejk}1b?(>Hl7d-lwokuobW~7%YsmHs>z_Q?u_G%X*M!av$H~yue?zE7#w?li{Va7n+e)WKK$KnyMM0YN&9NM zsi%JgyJXJs2`_m3>}ZwT^n{7gT79!!)1Ibr!PD@RA(i3+0&;mh; zRnyCQm1Nd4ua!BuD0t)9`yPD}OrGD@RPXSay=nQSUDa##%%qe3s%I@R=?vG^Nnalm z5_eQL@XUXPhyDq+}RX*sX_0dkwpY6wKH-B5*yx@H24Oj1~Ke9iv zpZD}^S-+2F^U8K}{k8dU{?Pl@<3Eyp!$VN^f`UtJQj? zWdD4L&;Cm*Q)il1+%w+rxaUZ4*%be)?|JGj#B=P4*4Tc@rg-^@H+G@sTuc6?t^3hu zZJYG%=2}yUn0%I;DN=tL+VVT>jp#E!&Uj^XIyJRDE#syW`Xy zYf=wS_|GuCc;^yhk-4|*V|BOuJjGD_RkVuNV!g`sXVVYA|DoA`^gjca!?s)NmVevg zVAk1q{`su0{}~wT4@N)Ok+St;c+13t$|V!+IR0q2t#j__eY^4^PpYKu`E9yyBs6t< zLN-Qk`Xc(^pV)tfrk=WUQct&}2VKj{x#yD_C-eA|>FaykKhA#Wea*av&*F?WtJF<<(x%#>J;?&q~iSaR0R2-A0_pb?+CUYIm*epG>Qc`@83U zXJP%mF5{5rn~Yme(``QLKHJdJBXQm4%Eg=FQ@agchhMvQBgS13!Na%_y(WJSC9(Dr@QAxjp8(qFWALkmFc0 zYm>FYv|}6_V;=X}W_f&xSR$zsHv6UFruUT$U!KianaeEWIcsX&vQ8CexhWG4g>tHG zSafOGj*kYrBRE51cOK2X_oL~)f9n&Dh{gj)lPaW-UOru3bbZ==ZJ)Bqp|X*>*$ekw zD{@(!J@L5GT+#V6?DDqAMrn7NbNpD#k-DKvP-nTMtk&A1g$q5mOji1GR>evtQuS<% z)w>z<6-=&Q-?G#?eAaB2yMi9!2Ff}8MuU|OkKQU&Z23H{xcl(`xBb^ zF#qPg$G(yOvVTwQD85o0Kl!8e>w8wsULEhwGzkB=etG`3?Qfqi|94qRcYb@WjYY`| zoo7a=OYg+YX}q*A^uw|B*$aNWlg%qjYgLs#zb*Skg}u%Zoof}HYjqbsd;D=rvhzgS zyt=z}N9wsv*0;-V-q*TZMRVV?o9R~o-8E3s_c|2>r z^7Hz)HM>8*%e#I?g2UBWB+Z~eX(6I1h3=Lr9`jsF?a zS2LDA@=g#bcx)eY?WRxsRW;4KC*`C6IA2oy=r(g%O!UhGd9IO?;W9}({xfvQ^RKV5 z&X`_ye#QsBdtcwos%@%2WSg~6yy%$O=OTlhQdWV747<`rFdlBn`B-ly*DJd?|I=67CMrvaU70 zkM`CbJ~GdGw!^M1To*kzs>Ut2zNtoh|J6GFO%;9C?Ha*}TJi#D6VLi`}>O(KrRI~-<=|vYAe{xuN%H-9B!^O7e zjTSA9+d6yW=lIrr95tCAc(>lUUMIe%_f}Z$ZGPKqx%-hnW@oONcJ-~kfb!>OE{A`1 z{k3ZL_;77|{!YC`6XY05SDDwd{Lx(bZdN`2tuuRXxM@$DmK!$b?~~Hg8r{8@?c9F| ze{2uj-s$bFP*PyzDAOG85?zyYwNCBEy=@CkHpd>%5RL7$WJoBEw3qzHk{Km7SM+-O zADeCGQl2i3N!w~C^TY4{;d#PFR*gCh`N@A)-)_^Imgx3Y-m>%1Y3{(qpYK18Z?}nE z_~UuN6;tcVq{{Rp&fq3pOJEweK2+PHnt!3AKi6q;lsC_g6}3N zZ}Lf>mu>FlIuaA21$6_DDk7CRHm)}iHnlYAZ_Wa(iG8eCL%&2gXu6R;E zcXNY#)jh5?qQ5v@_nwn}WZ$iJME7h=p5#`sPCDqa4QuMk+Xu5Zs)kz^ zXkRK>t91Xc6zkkSlRI61-tBkLy6YOGZX^1ndUlU&md4z?-D&fA~`dXKu%-KWnVRr~kV=Pkq~lt(!LQIKAl1 zN~IOwj}~8^wLI+kf|sgZ&x?Pv%x8I7C-pJ$W8G?ry|FxcGd6AGtoh_t{pHW=^Zyw# zeC?0SQ~puCI@3z`)$Hh*)6Xb;VfY*)x6*E5rO5JwQZ3sqZ(=ADzBKb8Z}`z)OQ$|> z(f>LjMRTT0OV9N(yfFmqpKkCQXDYLsew9Cz&+>9s_+im&y*4YKV~&z6QByO^VOaB1;{J;uM?E3W-#c<`U$_8#|zDxaOTba<6ME3mIPn_iRo zQRhE{=pOs*HCb4GR zb}84p=hJ>&Z~7RTZg$;y){<1V%ND9X!ujSthz$;%Ef{-iQ9o^d z-_^@Z^V-@E>G%8-zw%z~;-1=c*?lYXB_mmyC%G2gm#NRFO+WPO+FbQ!6Y*&xQ>JSb z@8NgQma=b|r}SgyKR*m-9u(QdKg@!EVDvw z!{JMdb3My;o_-y_RrP%T`!{+uo>|`lZo9FcKU!9mf5e~bwOQa(imAp{ z?)1;P+fsdU@9laS+UuEDaxr{j-LFrFLv~i5?qqQ;KUH2LnsIV@)&!U3VXR4C)@j}H zzS8?fUm@Z2anqF#k2Iew)R|xMY4O^s!WP|yZyc+aColJ1yh2;%=^YuFu-3Onf+IEV z1n~XadhAAaSzvsn*(qoKxUYG?j|M$HF;Ax|#A{O8#05{zeLk?ub?(1K)BA-c&Rwjw z_rAx4KUVu>w(PlLIzur+hCRrrpla67^aJ-a_DJoDUTr>Y9jEfrTE&G?XZ71zUq^K= z&ZzV~G`n4=#Oh_x<|`+6UE5;MU(tKKO~?04kk9FFZ9dxRrZ;PBFPF>>I_7OJobjl9 zlKQ7EGlSy`*Xg@%+P!b<&dRqwWv4ZNPOW>swsb%5yLD=9*}7WtTUZiU7VrA5w0Y{! zXzLY6OXU~dc@cgq=AU4@li}Ul9?|EHOFOPpJ{HgOWZSIVaPOVGMd5|6?=08-XYjrD z#h2@M=(OivYOXJ84seK`kBQFyr*Oq>>BHZWzI%5~HfB9>@awv);+4Mlp8G5mmsall zpnrt_&7&ICm5zI5HwtQhkG^m{wf4j5LxMN8Vj?-7PI;HpesHKx@!=0rSXUqInXU{aAB{C^@OVQ>R#TD^h zI=iy&Mj0wbd~!|6)P1;mW$Nec(Z2r~bQY`2Tu-cir2SU!!tIkwJ9U%gB0h_MSRVP( zPX6QC1(%n%-Q!HQemq$sO>XAO*1Xg*b+Nhq_CMN}-@JEQbx&B{q$7AkpN&(q|(0^3#FJGNHWRwnJ6ccs*Rrkiu)vq0JRqw%^Ibw8`$dGM$HK{L;Ph8x?%IT$d+|=W) zoNM~?Tk)0V8PPnUQ~K8y&br%jt8A&xe})vUz9&8XRbTH*z5Mp^&aGG9KCarbzSDhg zvAy6Mg{umYZ`PJg?dQ4i{&n0@t*+zKgUoF1y%O0K^x|fU=ybW?7fw9ZS^i^n-l;=R zQ!3`OdY97!K4nT7 zm6xi2T<^1G`{wxpjc>O-Z9H3OXFQc{qv-;l6*lvat($#CYUkm5x86^j8N&Byliu6e z)zf7dZ|(B_Ar;BcB4B)N)7FxTBB@j~ecZj@9W=vviXY%KXoe@hLCrUh41TPmj9i z%S^l@?rs;sz>rnzr13#tIc5Tb-PJ9D&3T946lPm)?~_TN(|9bq+9QSkskeOK^}WS* z@_WvHpQt?jbit9*b%(Sou9aw2^=VAn@Y2>-R#Qk#y}s`2^%wgzE|zM?|8V;gznr@} zcSdC4G{>0QIi7M4j?cTgIQ?n=z3;<h#!Ev38QyOqB{RJyNJ>yn6Dj|-0H zN3G@B*_-~EJ6Db~RrkJbiYFL@J48fq`ezu8g#99h(`5SE$ zNR9q1sy4G$cFw+-!)oR)T{hf}zQee8+vI;Hn^fW|?IKiqHj4Bnoxhm zcgW~(P2F|(<>jA&7Rl1dmaBJ(Y+9n9wZ@BqpZ(tCu!~ANTGy>rO|dPW_mx-r$b}6% z=Y6`eIx$}6_m#L1O~LIm+Z-NLUDdX}nbdzquUyUI>*`%|=X@`4U42W#@Z%(Y=l4NT zWoj4SJ>Sq|DW>~CcxUz7b&H*@<>u#J_q{5ycjteGP~*~$U-DVcww%6Q{XutW?4-BH znb&$tpImn0l_Sf?4PTTNY}GsN^sD-1IBU(_i|;IK`xma>79JOpsAkFVMQO8%uN&vu zLW9h}*#?)f&YudV0aOuBmh<*m-$GH&5AGFN}7hsc|>FI6s?Y-MeI zMrPXT?2?(c)?V9ry83CUrnJnjSr<1=^JFW&ywGG#=Zl=%XG9XVUs`wLp7v9TFYhD8 z-V}r`VZU(Y;+YrxQQa(&8$SJvOs#1Sax603QNCt%_9BZsSD)=1`%5=z+6pcybz9{> z=V803O*q3k-jsvIyWg98ZDcvM{&a!A$kc-`dQ~SDf0{M#ezE3rQ%}9bp111jor85R z9iO!R*HwX72Cb)j4$Has=-+#`g4dbjux+j8{LEK37w|F{c>cb*FkNYd>W#oTX|ra{ z@>ZYL@MON1z?$CF-8qx&WkNQ_JW1`(I^XAZ?Al5pr@f#3%Q%(2G(A<`AG5xCx{{M6 z?`>q*nd6PemDU~m7o5OX{b;t^M%OR-epi)JcdW>L#`{UYI^?lz$iGn5rHNjTO|%&d z+%lIoyg#cx!=E8!tr=gF-PxbV1CP47X`Z>8x%1nqXaSalWTiz(&IwmG_RO2IO!c4M zl_RHaDo@h1lwB3CeTK!Y-u~Ex+g{z%ZC9{d~%Zyu-NgwyA@Dr<5W|GXSE z=|tH=cBWZ{+a*?VHE5aN64|&kQNU~Gc~igACw*IU=a_T94)9sSc<7($BHGdWEL2D{pmH6}@|m<9%q_-7Rwpc>R8=O#WAOHS^{-fjw7L zlRe%!9A9y}=c@PAI~>PlSDilDc;aoSUg{g^2Cb_Xmqa>cEMm`IX0dAW0?Fgg!`?}H z9C%fmHTB?w=gYU6oT?U8EtJ%AE4;QjKdsMaO8=a%tFL=Sdfu^@I=QQedDbOcpXouZ zC%O1-Ut7JeYC1J@^`yHDT*;qTg_|pe^n6>jwbL+l|AbRX^O)Gvl(!~liK`c;Fs!q_ zcK7R}Jt;crjFyk*eLWL*a>ve!S-N}KvNQJbEKln>>-0*gY`X3%ZLZg+74Hf(&Y5+6 z-|U<;CuiY^@Xt$Dd|Vc;wyi15;#tZok9Eg9`V3$GxNf@sv}udm%O^hz+|~Ey-8reE zIQ0gD#rgG7kN)IVeHZEw?R31tH+75P(ZD%Z-{qy7>v>qdjx0YXGBxewx3%31ni$xh zM^qiY9lbc#S}1q|dwtfmZx&hR$@(D^bXZR(JYWAj=Iz_VhWXk&4ll#jZ$0bucj=a< zt4Tc@a?f7rt5~xjr7P%?<p(vc%d0!oX)(|X8D=Jf4(nw>zsU+Wi>BX*<;D?E22z4 z^Vy$|+O(igq^^WR@?1#L+%GcKQ?DuPv^>9jE1UWAjI+_+xhszJ`Lf;la#X1+Q6jbT zMa9w>LyP*g(a~l(Z{zExN^HM%{PtP~-Cg3jt8ZUh=gfHS?%tI;xmOHW(zYgScB%_` zd*woq*HOWYqXpJibeHQM=I}OGm#H(|l=H2p|I#FFRkzQ3&X`q=o+bWO}Gc3ZWQ z|I}j1<%e?)B`xH0eA#ui!RS~~@p+Ra+VjNcM`hm0j5wDaWO4ga+cpm4dD#vNCpR?z z$q+lxw6r=XXUV#hlgz@qO;yZ(yZijQx_z5<2lHCr{IuQN=?fos32*r6b>Y^Ab8JOf z!5n^$tG$^QsOPgSZ8|G&=~wIPoE)efwX)=Azry#`+#Kpk>!UI+9+!(?J|FBawo&0> zM#n6pvwcM&h4b9BG;>ZpE&LgF$bp|HD}1BxP6auQoF&D_&h8R0yw%pu5wPCtT6Tzj z^XmZbynt<2p2!u4Y~zkOXTY%I_N5sK=b}XyHCr*WM!KB%f3Af>vr66zbASzCL(H2l1Xpze6QtY z)2_wq7$$Z+XPU3Evxhmos6{elz2&bUkJC9z_B2eeklUN}_v;;jL!UMz+<1}AcFR)# zo$rzMC&9-}y`8)T{r9Bq_-68-!8ZB$*?Y6g65Es>G_k*oeDreZWaW43t8@!vuI4&v z#weevc<^X(rdNKdh4c>fODm&eju%9!G8agyt)0nxB{%PfgyVL$NnxtHr>@sAnVZJG z`AVW&kmcQbd-@+OKhUu@@N2HvS)bgK4C&YQR@An*oz_l0X0+vduE8PYIcAp+o_MrN z(JmzIL4QxFJ!94{wMF-oK3w^n8P$?r(~w-xh_>@(yewa<$Xlex0Pz^4QEBhEGrW2EjgxjT;+{_ZuQ#Z zI+x?J>gs3xymNR?RgmBLqURG&9Mf96x?h9i#x_2yt1Gz`qHv{ zvL8QAyAjP)uE%)teO!V19jgb)UE7!6?+(-GZ?Aj2SIBd5R_Pu8!VCKp??idDPH4En z(0p&VHGfCh^|IfbKc^&IKUbyRWojMWq&H*Y9-+Fa*I)c+5G;Aj8F*y(?{d-8R_Tk~ z1;uy1vvTiVJh53(A%%&zbe7xp+#+#4%kS&?FWLBteOg_3hcPy+^-<`Sx!!j^7*60V z@|(5s#ifeez7xtf4EX%LLs7D92RzmL9eq+P{?)Gy-F(Gm^=Et8v(a4{_Z#Q05S@MDnu=Y-$;WH6US8&S zti_)ga#4wQ4^u()l~t#AKS`W5)WSnnmms;qNC@bzv$fL;@wYk($*hTdM;bJ zV&al0T?b2rd0+GHI!L?@P1IWaOnGhec1zW)64TBshT{{DM)-WWQ~OGS;W^u~{+?f# zoO9}x7ryoLb5yx3B4C+wdCJ4WEst7!Z#;Nf^{de1I>U12*S;zO1)5e(?8|>#Xg}jx zTBFoCV-ADW_31w@hxaL#)~X&04SDkXb!>jG>66Xd%+&v;%;i|m`FCkeCV%rjiTh`+ zN2kv-QnGs@^?EV)tKzU5pYm@W_ul(s^Y7%7D`IYSib;Rv^Z0#AqTcJTeIQHNX`w_X z-i5X8%s;~q*?;i5&*ZPSyY%tfL~{>?bRoe%DG%zSez$l}3P1Bis_Q?4u-goe=%C|s zx8%MJY*+ZRyeUiH+$Q1clCX0Tliz61d6#!|#S;gMyxPoTQL83vJ(+i<+s;w)EYr@! zWkH6s8t?N?xZi7VqQK#(;hcnD0b9A7J-ADsE!MHkl>Ag=e?BUG=5^D|h>1lGzrS2d zSZuvttM@6hrTz0+ZQfJaC6{M&J?Sl&-8E~i>4{qh%uQvkGj_camZF>(?=@-TBA0dv&9E<>FnQIKEBD)UVZ4zfjQq^1}r%d(5im>-mauAmUAxa z9Xlgk^yKOZ(bK}OZ*6|NxhH+rPM%H5HP7cqtrnWKF=K+r+#8RVuT9I^?lp0aUFClU zsqMBWLlsv1-V<)S>Yj1Rv;*(Yh9nlLt4y4_CjQSEHh0k{@*?Y8`fkfSC@_wjy8a$( zcxoQ!f%91(_jgA1?9ZMgl0Vy0er?I6-hO#O>pP$478R?$VBtN*C;oBi_R6H~NzzZl zxj&aG&9+Ia_1SZVOH-P`wl?eN)+v)uDG9Lz-B+t*xpsU;^u{SUkz%$DAA~K}p0#q% zFi&`!llyGL+citv1U5}L^`mI7J=eWUIvXWEJyCVPd-unsYN_Cq+cQHZ6gj@Xwt|}zrs8&q zsmoDw`&u4zZ%Llm_3F#9u22qZnS^lVrAB$&a*npqTT7)FYP8-Sl-qhxedVjmbq}k) znPza!_+|ezblMHGkmAdtWlw&t3Eahaj@5I?%TIBB8;_M&C*NB>bD?YOX7k@R`3wtf zcZgoBaCVcbmfkzNQQ~H}%EjbuJu{Up*jC+pJ>f-ncagWbW8YLgKd0`eX}hx8E34bM zj9a6&E_z^sX=Vi0j-r1a+yT5U5Jo5{t@1@^Xl(|cuNWQl=>kYq)YJXeMty8}FK?k|dWZXTQ zbe}Wtxw%oYUZ`1Z|S@&Hd=D^!eZ3m9C zt?V|-G-ImQx+hib*WTx!e{M}wMQWma=8S(LSGH)~616d3B5)|uctX9^+b`LntR8P~ zZ7R8Kt|w&C5qw|ta%S1Q5QpT?OI&-SO+)2wtk^1Bbnl`^<8j%euC_PZc#@fR&J7Rh zGAo~WT;{QT)QV#d&nE8E{;2!rqv-Yr<@R$6w!68NPs=p?TsZmK`qx&EPxVanVmQCH zc)R$COL;q|tC!nc`_MRhYWK&pJRC9WD*wFdTe>FNW$BcL!W-B8_CMyfQ2uSZ@*KbA zx~k`qJN73e`*FUF6=-Z(wWRm;-rN*6*2#JA9)DaBrXdxu$tT{{a#dAWZ|N!zc^2VI zyQKB`bd1^+=IB{2yX2;MXS(~gmN{!`(z{-)QR?M;WPIGz-|w>7`iC#0!nR%N*_bT3S?hfU(CbOM4?Yw<*-OKMj$#<`W z6)%{1CeuE6*5YJt%e(jcu2$!SeVqQz>dED<D5auTNb^NW13-ueb*{7M5f8og>T5HP89^ z#^fiZN(-uJa6VSIxqMDYX}z3VmPtZ;pI^OJq)O6K@4~m96Q=gmx(l81yHngZb-M0` zOpc_guWP%H7I|qm)Mm|}wq&#AIscddwJyUb8R7nAS$Ef12Q=+@wyf)>^gF$x>Z`k} zjV!o~tdnMyIf}S483q|1{I)vm+Jn@_Cm|DVd2Vf1{B?D9w!g0biZ@x&7cN=LExDC@ z#9`8$u>Fl&Zt8zMk?ZwjPXqtCEs5K^61QHE|CC*QKuULOdq?7x;v;!{+K+!qxnI0| zS}6AxwsqGJd^or)W24L42^+f}l=_RkoTs^~>)=*VUf~`E zyQ#M`%ge;Jt(4q#f=m0*QMa0H>8sldJznsvwbW}{dn;Ba@NKE&_ch)6f-gPH5`NFQ zx^aERg8U@^t(E)EdCu+fm{;CZd&t+$lJVas=9u?gHLMTvg`&4aU2o2L#*#2!h566w z#oIo*O?*1VgHgRPRtk&FKhEmB1e3QfM4j0WGT)!V5y~n#@!{w(!KC7Ih4t~&U zTo#$xbEe^a&X@0NHPS3*g=aZUi}$LMpDkzdpP?zW;?dFAFUGPbQQM#f=PrbE2(qlhkWl6nojo*i0vCVsTwze}TZ%_z-^KI*I`x^C+ zjE46sl5Y8Y@a#z2$uCiV(Ci<3#jTU`WO<@J4!5^%aIG@=v24!NRfk?2d>WehN9WJ> z59{9sems2e`{~-mN4uYqFeVB>=im5_CJiB@|kD0*w@~^ z%F9QCe2v%sDF4sE8g}{3mhat1=ShCflX-Gd<_7!c^&wyh!ylfHxR-3aGO3!a@JMf) zL-Czw`&2)+zcK!}`Ox}jcYY}SSSeqp(XH|NZH(OV53`T|lb^VF)}=>Ad%FZO&+DIh zz5S%EXKU4!uNi+cFa2l8;&0!lmMAy%@oaP5?;)ocO|NI#X=UHA`JH*mp}<+WIleoy z{v)%awvunbGP|BN73-cKjNkg7;W$6DlkQuaz$!s2ZA;~^>!RjZEtkGL@uI)X`<1^Q z+U;LuE#fh^eXDJPc*=C5#J*R)Fbm$Y~J zf%p%Rv6A`%ukZ8ce&gT!t&*?s$E;7UpH!TR&MFH&<`g|Y>Q3gYo^S6}ZdI?~zS@3m z(-&T?itY1NCPmC)jA@(tpMll$?=+jphxK3ndPQsR6y_CP@YDag>CO-Lzb*X1``Dw$ zPUhp&p2>#4CwYkO*SS7z!;T&16>~RCm9&k#Tq(80`%~onQ>)JFt$V-mQ63+I=#^U) z*AM+_V%@TDdrjX;1=BRk5>NRvr{;WFGbc+oYU9O|?3*pMeT{>5T1P3dM$5^}ot}Pn z)~mPbm%fVz>~;UT`a|@~HrJxZ_ZGbsS~T%UbcO#>E$*nBmN5l|AvVqnD&{@*pLXxn z)eYe+jbGOnUVLBj<1JUsZijXdIWjI_J#NuKvTOUnH^umws4$VrA#-yAyA}vO3pU{B14QCzn!7F6p(k z(!bUI-Ld-KUaIj&{G-<2cUw*tw0IR={Kg_2Z@GAjPHN~$(elH;N~djJrQ-2O(r{{i z)w{LM{GE%gJX)9RFBv7gxk`Rn)YR$CU)M8wu6=P{_LTQ$x0fdwuJ^=59xq&RQgqgo z(maOuG45}!e%u}NVNU#qzE|aPHJqRJ=oN82+t<|X`$4>S%lWtWxzA0EWxez5Nzb!= zx1MjHjw@SUU+Ma$v+Us{*OGa*A8ps}Z>u}YbGWAa0NZRGzK>g% zUR|6blb)OM+KzYEJi$_t)i-mS1LwXL5g*uGBxmU4N< zk7=4tbJznlG`3Jq%%iWQe(_ZAtaAV1zrHxOnUx^d>(fz^etMc{>d;F%o zvT)IFuw36#$6sM3FHsY+`=VU2#H8ErnZNt5P5)W(>0%D9 zDt?R07#{qZ^?5VT+<>KT!&ZD<`E2X6ox&FL`|Mb2h07*aN|vcYSKH*p6W%IUX_p{yA@7iM8_KIifj==Aqrm8^3TocxTXvs$%azN2q;qC_9O1I64h!%2W5~C0UDmCqe<#*& za;Rx?XZd`#&U4o98=c-~e!nugzUk>FyRg5D{un=4@pbx^58dzk%%s~Y-^W?ke)xQ7 zp3)ZWwNd%56AYd1zTWxq?AbeVT6^|%JrJFGLuTGjn{f8!ckkW#G0j&uVw2b5cfTgb z*@~(Mo>V@))_dx1&dLY%?YrFi^}m%(7Gjh37MvsX?JjqWxBSiHULU5nt$*D6&PaWV zOzt}S&>!Y24`yw9W>&GxA^hpPY^&b~?Q}1cm|c!d?NWN+#OH2$HC{AmicFN{L(Zt@ z*3}<=$8{fn9P*LByY6a^cuqlj-`?!x<59BL_FUT)H@!;9!@)=(Yw!Kmqz`{rS9Bkh z+N~4Na7J=tPi@`Q=W#keR<3>ZPu2ZHNWSi7wF@UW&sl$r5t*`VUelD>*4KUrF3mEZ z@M==bL5d->_!&6^cfhi*=Ys#$Tys_VfQ`yQ*WeUq-4M-|UZ)bczY_3lsP z$HgB18Cuf)XPrBkyl27+^?c`8DK}kK?K`^{RV+R_Ph{`EbDLU3lSEcVJ^!a)JNu~A zo~Ya_CpMjM`*8nIZT99%@Aakb>YMV~NUHW2?GSyw>weSL_u>_eTREQEXJnqA)={0d zxnS1q;AO!zt-jhG&4+}xZ18{X*(1|u7-~A7Y1__q^@ki6X65D=T})UsPvWokuI`87 zU0+UIs*U!Uu$pnwiF&Kg{2kvx1BLgywq5(rz`rFjZQB-~*j%TO$u};~S>;%L;!)e$ z*>bX1>eOHC^8OLWTdk^MedU+1$FJPG`KT-enf5NVT+5y!|+Nz5`t>zJaAAI&osmhdcYujYk%ch-=n{I}m>ory0}lxF>%#hw{I^z)7am0J^g2H-||QEvHy>m zF5YK6!@`c;2~FInw=~avv*lvd;@9ung#TD=d7-8`xE;^`SJU9GlM&sQqAYm1CI79 z^&IM2R%<7<N4Ok5=o(9}YhG;o2qptt)vI;*-x-#x;JdKKyH2x9qYtXYwYN zoiO{)ARxNo)|!3Ho$4Q*+08#bDv>`JQ+oY~{mt!%#QhFEOqrI+S+s`ln%&mVrWzr^ zdHT-J4JSQc@#KtKcko3!om+q0cQl{Bd`)coEc=k;xVf1R{oDU(Hq|Cwb_-DxR`PJu zo=`9Tqc}Wt!-Y3zzFl`0+;)#GyV54|;d;iKM<4bJWp(Ck@7^R7E#K-VeM{3~4rk2A z-t1$6b_-YhsE*yxXPvS`ljX$TVD(wA>f|btAGkNGUsmZ3PhOdAl*_xj?c2At`JHxR zKMEglOKj=qy6dWXWpS~E!m~Z|@|j=nO7DDA%K7H$CzI1hOBiGlnh3(nuSE1$6A}h?+RheFY%ewrB7x!*|f!hm(T{lL*j<_YZ_Tk$i9bHF87=0S>J#IK+2zS+HMHMWQDh^5(9&AO*GS8LA3 z^rYnyYq{!_YI$Pc^(nSV>SfQ{xpCI*pzPh6&Tc2?uE^q-tmwP;-hZ-BZ-hbop1GO# z*e>UM#n_kF2gUSDKe7N(2wX!wr z`TA|8Y`-11|9vEUAg5&g92=QyWmS)K=BxXd)(U?(_wIJkrb*Y>-TPZh^{<3k%wC}v zyskMY?>Ya&et}otm;*n2{W{wucg~cU2VHwVY>&_9zw>vIuCI&U(I^8;Nz?t0YSlg; zHedAIXG`y`)C4Dvjh;DCJvFg9AJ|o&AqJi4r<)7RsBv+l*cinH51%UYuWsAPtIC<(tzt_iU>quDz}Wpw`;;@w zCvKbgD5CZ1>K^?Wb*VPr*R``(FDi*zJhM7wZ|A~Y$pXhhJAOv5E%zV(|KbS4sej)ltp~BwHSAx&9_B5ANNUpcN`gqnI?`8Kj!gxY@N?yn6_K1fGuW9;J z6ZPlfBj-=Ewm#<8t{3`|ng8Xk3ipn4FID2!Usv1p;a%pd%B%WUKJ^RzNIUI!;da25 zDbtU=vksH%El*y3V#6!$EfX6jU%8&S;#i(e?`AcFmR!57NBkGY+&=rvKy$-Wi}gWs zwpiRhlHtBA>c*YCHk(}aU)SeVJUTc#vbw=+H51eI70$V;&)d%}XfM{kzs~%aRQ@di z-wB+*mw#USz~ZaTucD314(zaa9rJBieI^ioRhp?&Rd%E%P_q?$Oz_d$ONy zoH+hCcFLLb;<+{a_9!nlDnS0~$ z!YfNxI7xP{4mk7ePV0#;OE+&9x@9ccoV(0w)5@g1uXv{&+0M`VcDKvMi4)I;T-v|Y zM!WX!+C_e0uD=g&=GvaYsk7Ve`(2YK+ozdLKXcmXK||IepQ)#(?@F8c_%++C2$8r} zRi~cB)#r13ugzTPzw{pOdgvgoHNRdT=K4xY&rvF`hlcHZksow>Yw;);ci&ToDjzU6kxmE6dS`zs~R*}8f&_6G{y z?${7{l(pzZ@yqhlhm{+*{$N{H@h$r28i$h)eqAf?RNJxrW9Zd6Wjh)TH~#g_$egVE zcSoP=xg$@iN|#*}zp^#8)^4_xVZn)WHV6A3uI0@>JSj8Sb@dU?4Lf5`y*$Bw`PSy# zwGVb|H+#cZrJMi9{`!Kc%YIZp^7x!<<4?4ztZh;MX9MYrC@QvlWX6* zj(>~36~FwwP~zNE7RRq`{NwxJ^nQ*zwatN&_liY2FZ3PTy}#{z_DAl6+wIu*HOX(e z<>tG)UQp&*)n@OT64wfE#J`-ElX3G^wtB$dt2Y(R7V{b3TmNE{|Drp0DvDkjTr|6? zQsm|v{xNp#0l5^z=ZVJ{mL@$qS#o2&Zi=|s%Nck0wl4hEY7LpBYZ(zYMsxY-5`5o%~#F%`cB-Umb7V%Cc>Lt#-ha4)tSq zzOc|{k`#9_T+kO z3D4fQ5h8~zeDu=s`RoJ-Fg>n+C9x_XMEk(qO99Jr zoqYyU#s`14W=6dV`@Y|N=GMGH{w-7T1dE=smDR1c+?{il zdTKZEC*E3jo8#s-@juz(zWP#AjW_ifMwv}#oX= zkbwiolWQe840qW7GsG>8-rmW*-X?wiv89VMPCLhm?&`C@n{%h~;96d*{|qe7MGTg2 zV~)rvY3eIauw0$Fe#z;k2E%{)=a%S|ZPd!SD|mjd-p|fE5BirD&kFCj8-AMqob{|* z+xPFRa9I`dB;-{~WMo?Zvp%Du%JW%s)oO%3OjX-lzdfy0!lQZKvqg3qv%)?t_fK%u zHp`TZxGK)WsrWJY_T6a`k!;y=x{fIlX~!y}b_-V;KK*N9u_R-wiOYFIhLe|;dLHwL z^e~+@x%ITR+?21oSeik3L=Xqu*+Ol$H{hWx0RT<>&eZRU%3yf-D&YL~}7 zpLX`W*~e8h7-efS9Jc7)60l4R6PZwyHO1U3I8*jj$&}o4)&CiK&CVvpZLc_}bEY`# z;S`<+zr#|5G-Hpp%W7RQTGe~VG4RT=b&*Et>iJb7Px4*{tZC1)mI_HQo*%W~rZDTR z@;UNZ{W}-N7aXe!?)+I*XCk09X|G14ql&4jfl<5l&IO#aQhGfcXSwfAnk{AXF>v*h zhhbBnL>x>@^vz0hJALkhtLwAflOzfQ?qsESDYf10|Lsud`#JCAor(R&TA#4IVTf}L zpW4{7>g)3QrMZ7!#{3SpnK`3jx!o3(8-i>6`2Jb_XXw>VXr9<}xv?T+6XmZ$^tEJ_q@BeYl_3Nnxr@m?*SexTA zcjElo)vZQa$DA1(?rlAD_f_J%$UK?N&sj>=_PRaT|8CJS&!4@;vo0NHvgx{SEw?q$ zyBc}&fs(;trZC~lXG@E(W;*C?+ zWvRH`jAIXuiCbI}8|5x}a&5iDYp=Z4)!nBb+4~rujT4rM<27K_BNh;QWYk$=By%*RZnBs!|x@fCOwyS+X{cHzWmN~zBu=4 zZ}W&p%Fj|C%=#^VaN7OU%M+tnw>4!ye}A+8aIVp9q(TU>4fuMy)OA|&c-?u zUcruo5)6N{DyD`cl#8sEXIc5u-{atOnF|&Toe>3=O9eFZey)5QYF=~tLddF#?|z0i zd;OZywLdLy=P~x@zGi`^IKR9;n&p^hCCYwjuH3w}%B&JB7fUiGvQ12u`mD#eR$u$p zq+3UWUk5Kr+$LZZSj!cdJCVES4)gW@4C_6%)T6tVK)(q8Mj7^s8`>SR|9p7FkyOQ_RiE~?nBv$k*E&ViQ-L=5CVb?AuJ3n2Y)pFpm zrMy?>jVbS(Hn>@-`8q#YHOccu<)gJ8$0R;j=H0s*<;lJAq|Dbv4?0qlI-|h&*qZdPuHqwfEBF1~PM+ zC)H-V96RWFKB{%X4z1;KU#urxY+m_NUoPsDgM`e4>T9WQt_Qfd9+LSL9&8hMn9pC; zJ^0=RJ)LL!XI`DNs?Tw)!j~)ag1O%o99yeYbZ_chl}YE8ISal%sI<%COGIMLuD09X zJ7ue`6yG?kpuK@%@rIY7g+(_WeVskqexp}jK+}@2gzeL=-98ic)8ia#iJkVvx9=3q zULJUL#zJl5(yhBb?K>?bytQ({w4Umpk<-8H6kli#c)9GIv6k14AiKcV!7;ZDb{g=! zJ67n;)AA#s4m~J(+fY#>bb}c9vc_d&K9n!Gk{w7)PQ*V+eFZUwQ{{p*d<+x+0gbI-&pTOPQbVbi|YUiHl~p*6au zDAn`i^VgBP_VwnkRCH?QjSgO^lBzM!dEwnZPCqJ+JwI?yb%#Tb)ojHyFH6mxS!j4E~|=l&$5WG9w8nPyf@y)20oc( zIV*F1;wwA8AGRM)-FQ_eb47Pjct=h}1e5g3xcJBXHxEBDZ+$W;*0%0$4*#ixbvfY; zFE;&g{83s}n&1BG&PR=eD7B)1{|v3w;fK%v&@k_;vC=K6@08-2nz-d`-@UCCU*478wU48w?83E2k~&K!EVGMU z_28d;)RRBHztvtAapwQgU$HYyy2q!;`pdfdD(gvezuVP*fSJnO`~YaX)`CBJ=LAAEJ6{F+NGm!k`lr?G!rB_7XV+TNR@!RKI8 zo4rYN>Q;+%*E^qgEH`L)HAC{*8pm3ur^{YgUz^^!hjY!#?fv;e#w@a}iE1-f3O@17 z`QiB4SkIp8rk~F7nscV^D~oU9!WN*7%ZzVgJGXFF?$<&%MkEh|*{Qrsle)n=s`b#6~KDc1Pyc;bb_YQebMQ64ItjLHr18`e~;^N>hltL{>| z!fbYvpSgM7<5@BtUMH?*ztmGVlJ1lE+%@TvXRg})oSXK4s}4?%ZZb>lX8E${`jJf= zpV{q6-^v{ll5*MluJKW$MV(T`6WrY1?J&LZVxL9Q@~ppqisx;85;kj%51ZmiyT97; zUf1&|0X}GIMt$mrTFW*ZojMM zGVXd+;pg}9{g|G0Vr6X!GxNc_SE{Zru1G&tHfdw&45P;@Ob-Xmb}zMDsmt%%9Uzeq zwWO=0OqJvNI;Y!54fmv2O4z=7WA&gTPpGf3FMH~4X}2iZ);TSc!Y}{H`Xa8#cDd_m z$$P=&Zh3o)qs^vIj8W8jJZsv!Y~iX~`G#fhnAx`E+%I$d@}EKKz~%`Hp0;M*j%Bf} zdbI4>%Nw_Po7{I4&;PgAV={vgzwO7!k9RC(X3dpXo^^iK;asCzUPmjIZ|Ui(eiE8G zgNNzHGT(B=2SS;jyUuLT6Jeg!_B^obn)uWw@*1XLo=a@~v!4CQeZ;zXi`j>5&n6_V z_qsIq$%!db0(&3vCYJ8a-Cx-f+^V+E`|l>3O8K6B3Xy-TF5NvNws!WW`A3Q`?fv{n zy|?5)1IrJy_eaFHd&_hSb9}1QjW@45|BwA6|FQKw7w+A4IsbQIiFBFqM)UIZev_Uy z=RBP9^J((C{u}uZUsbR_n7d}u?c90azxPBWw7!iyGN~xr-1%ZojqRe_FT;w3wq4Lk zzAqEH-~^-A&2^e~X*XX6dKqlY@N>A`pCuM{Q1WbeB+OPdzP7if9r(KHQtX2{reV__d|_LCvLK}9_@B=Kw`4o# zy=<1BZU5wIx_;%|;~THct4`b5efsU1!}Slc7OnB$ zqL~%`FYXav-TvOsQ4y?{u{8 zEw)xS}x!wQTZ%fU_a|I61wtG8IpB)@^^JXJM$@^JbCg-ph@*Wp;yE-AwJ-P43@;w`q zpPX~ATCzp&7k732?@g=frZ%oRBV|-noAvh2K}XA9*Tgp0KXnTYw|JNB@uKL;?A#e~ zDm!~~Z+0^_`BvQTTfcbLqs#`moA2Z1KI*<=_9<@yle=@At7#mtUbTg3r%&$vU;lQPhjolCdsk!>Q*>^V%4|z#1xHO^ zzi9iNnr$k{P1(99B5l@`e_5-Uw>a^fk=4hqtBQ1_y(bvoxiafS_gTdruf0|RSspjc zPx0F=Tg0MnajsTNeV2-X&jY!;83M1n7fKi|mUFi$J(|8{$#$Ek`?X5Xd~Uh3cJ5x! zRjyCV?ntu~IJ~pXn&Of7?AWa1`BPh^{ntlb-lpQN$;9hjGj(}2_gB3B5}Nr$;<1eAo9uNTetGXMyHv3**nwrc?9XFW;k6H~ zZ7)i8yfTatHA!F1S~1Bv)ueG|`vdLeAK2QT`K4!k?rOU3Yses4uSADLA)z2Ms>3!NoBn(J-%T%R2(diAy~KHr7;yR=k^1bH;$Z>g1I_jxt`3g^hEbZ4KNxQ*ZzJ?h?hA`Z?D{ z*JPhA=v(?zecCEJ-H&JdwU6e0mPtt3xw3TUI<{{%^Sv%QE=paP9dTt*uTQ{}IiIec z%i6Vk>Qt8J`>MJ2n;uB5lva5xb4~x7&-LxDPs$W`&AO#^;@RX23uU*STVA+Haqior zrTZj4ByNele0ay?117upIz{+o6OV~cJ6d{;;fT4_JI1ObxNnbK|Z9vh;UAQ>odO80-m!HKi{WfoDubdRKeSzuTgh&CE!nr#h%f84v zQLsB%?3lL4w#MUolV6K-OB?7p9CwUmy)%D@!k1s+_N7bjWPO^tE%-{=>!6uFC%1d9 zOUd(Om$~k~s3OmEino!BeANDj^V`2G=bn8f8c-?m>w0MZG951gna0cgUemP|!Z-4_ zZ^^hUxG2%U-s*M9kCNXR-?nku$XvHATpg8Z_Vi2xzt`dU$KMwldZ@mrIGS>K!o%vh z{}$ISzvVn(u|l}|y6n$)PMqKq;cMCye?+SF(}qkws|2aM=M!pvsx+R}xa{#FnDf0i zPx|_pD_jR}q;{Bi=0$oNm#nzZ&@#<#hUua(wYSqIw)ycD-kYg%bjqqZDOWO{Hfr5i zsnl?SD`oP0ud~ZIR$8#HP@mPO?Wy`uwBIHn+;d4qqF%Joljj@PE%*3P*Pp}eF_*o{ zRo742_kv!Eg6>93*}~{+c0w~;r}eAtX4!H%`R|p$#^VyJrx`d*W)*Bca8`TMm2l_2 zc#il}PR{uUUmx|BKm7Wj*)`tD=b83u9Xq7NK2<_e=GnF_cje6OO_FasTKL(>a!p#K z{H$H_{HK4P5pH0QKew~HJk>(<<`4J7-*;`BuX{vr^2UmzHHUq^TzM>7=J-(7PP$*> zY$3~%w~6yA-p5Uvd{U4j)rLRn;UE4bcQdYk=dYTf`fL8NUD9`>ES_+w$j`0(s%a^= zO>R@+CM)S!@6$2)uU`ktCjJupqs{FNr7!*Ea zUVQm$?WUIC1~%<36GhhKOHWqY2HrlrzBTAjRQVqjH=l;D(;v#W&olm5V1Kj2L-zH$ zO@C+oQ;s=0GmWFJZR1>vBj-x5vS*%DHamSp>;ltg4?cFuCH4aE5|b2mD)1e+_D6nG zd!L^DwO1AAW77X<-KpPrZCiM8w(su!Y#X1%_UzxXq4VZh8L_pGXWu??%Dbfg{i-K6 zzUyO7=Wy&yaPCQd9ruv^O=i`RzpEpPY&S<&)xXJq_^rXUzTgvM)TP3%i;^M76Q-@p z_{3}W+jsYeL)uRA#oO*Y z;6D&P1fB?@Rw!|5)|iIrUF$dzvk$<3G`?{N{STMcdM*ANB(Q+6fkhBdZ3nRcys7U`#cccn?pP{L*?waO zUCE5{!xmE(7waFfx_kET<(cYfIyckQ*QPEOJrVdOEApnur=sKgmxfn1HCg<+e&gv5 zuZS!!!DxB&{$p3xn`;`C95YyMvVO)R)$q@v{%=!@H+=l_a&zoS)txRUZGEc)di&*q zce;Ixy=>Cncxw@Z%)BWt6-twLuQgFNw0xnxh~sHdf_QUZOGx1z&t)-7pCmkuo}?9W z&VRdCUut-;q}+pRD|ZXbTkiSc`>|b36-#W2gkt(^vtP)!-xqin^iXZ%yX<&%jQ;z<=Y*5pEL8MxhV7TX}`#C z-oM3fcizWLt9i@P8#koY%WndPIF(f-{n zyQ*TP>S<%k3qj?LkN#QgzhaXx@uguZbAqAm>O1?m>kr!f5&kIsu;y0l+&kq~-G@Ib zC~P-9_-dbE=(bG#HM8!O*p@vuO@G*aY`tua_I20$?WUbmlPnEZ%She49Jq${uS^V6Z?qm|d+dM?l2Wiuh;*WB4h+|1iVzttbwe|xd# z$F*Cc+qII%l$ z){f**bH^=T?K1w(&~=$F{MFZYjvz})+QvGAT@{-je_b}y;*L@Qhx&@M=HJRb%FNR5 z_}ZDq8hB7L&$ua@@9>fK$R9t|mfX?FbI^SoU+uK&xt-Bm&a7J258n@q?UR_1B~_EG z_<2Lw`t9})=I-CJ{Ezm1DaU26w$IqOcYyCiqZO6CPh%TvdxSads*7k!b>=Wm0 zePPG=@yjo>1+%73J$8742ism(i}1x-L9g`FHN0p1ZT!2j^tHx5VQ10Jt7pGnYUnkm zX@OAX_Y>>S&F`0&?mt{F72&e!k?~}u{&NzQr>-yF`|;1VdFj784xF%Ca{c6mmJJoh=7*K3th)5neg6;pZ&N;~cRotiTP#u} z^5SiC#C(31I@KQw@)RXK^NwAz?!EfabldvXj*nhzb6bDEt=xMs`rf{ef2Y-0eZOaP z`8GqxVyEZ#yS{(S(q`3~=WZs}9kJv1ncwFhE}OHhPP&zgPk`}f&>xT8+b-;3T$|M< z5-8d|EvNWS*!GFT53fc7N;h{xADk>(1X(yRz=xRj-?m8F#*ppOD7)$}{i$ z&ZXr6e_nrd{m;^ZHD$n*F{$}*?iM(h{Wwu(6z^;8y1Mh7;@O0`!SKr0+g|$!4kNsoxVSW48 zT+wwkg za&A=l0p-{JKg1v8v;R?;l=3lj)g2?p?K;L=uCKfMNB_#T`~QR-LX3GI`Y)|qdT&zR z)BU^m*45nIslHxq$A`&N;+D_vJiNo&=-t9ae@s8l-cu*EF@M{c`#K&obYrG>{!zH) zcS8TIm$yhW$LkXZ*S&wR_SxJ8KVIDqh?X}#@woL|_QD?rA4I6$_hC{bP8(3Q_Eb`j+r1}+yS4)OW zcjnw<`q4jR|G!(?KZd;wESi+huCycnmh$0U-_|d`@!Gs`={)644=0q{{%7!d^T+m~ zy}*y8XP4jHQ<(PHpz_k86!oXCWBHbIT+@5t`9|dSogS+Vzvn&M`P{9-Q>(+vw$J}t z!jJPy|7c(PcW_O+!?#MeTLltj>#IJjf6M(SzxUV459=qK=K6blN^*bB^_ek$#6A?M z-^$s_;d5!jEk;RsuP^*f{~5TCx6}lSK3lnBRZV*$Z_m~9g5l!!m2&f>g+tvZ{gUB- ztGVLljaNc1zkTOO-6|blT)uwh+IKblnYqRJt8X-0?luyCJ@vfOzIi`Reuz6B_OWhp z<;twQW6$2J7Z>&wc0DpZe`C_|BZVfn#MYQ^VCi|boXdH!CmV`tkBdIG`u^tiM`?#Wx!nZ?g-?5){0?90&f2`>&f1l|Is2BfnAvyD zGyIYIc!$33vPtjmDM{Boa+I6;?jQf()m!$<-#WcWzwM&ll7=Zd)(@_?E^n?$&K2TK zKJ;m_#DTk#&*fXo>KRRR*^WnBo$tyEx_HUC& ze!&Vheu2Y!rR=r;T+(~emzvqPOFipX-M5f+N|%uQy+ie#yRYoJe*ASl$Ck1>xr%qX zmqOi3a~hU>UGI6lrs7uJ{N?LrE|k8udwaOv>hDFyai%^sFJhGzhXr2vnCt!^|43}z zt5|=ZZMBp3ybrH}AZ7IH&aBsyekF6PG!zcSv_^I>)M`uYV(gsJ%5*~!IHX(U-tE+y+7uPx0d7v)n*lc+9=rb`QBb0HEl^t z)mrYBrCU#am6f}xH%~Nit3Qu_U_=nd;;S|@b})Q$O~|~bcKwfYuH2HINB2U{q@+un zTsQsjEtl)*Z-sa-$t~KqsnzqCrtyU(Z>6`D)iHgz+qS!6rSYEw1^mUaHRa`TeAkqA zT+CbIaf4AST|uB$tNqY@KGVB5w{`l@?w>B3y>8!!nDTtJc}JGK+G)Le)|;uW%9jrv z-CDf-!+(ahKfaH6`C_xZuTCpJnXkLS&sO_XjrXd!TiNTA>y7JPJ+Nl}`ZD(U;eNqv zInJ4H-|NOM=HJ>@!9Fj0+K;VCm$IGXw_kqZSoYj{^3$N=dpjR5^;f=lOWk)}cDT@; zHZdOEvo_E8(&_1T6MD^0XdUo|vY zD9HUqZtI)XkB(gtlGU=j5p$DY)v0e)=9QqPU3$}Xwwsq0|LtAoTF%lS?y%`lIK$e? z_kC-E{=Il5<<_xnn}%b=<0Qx9!IO&PmX>l%KGgbt-J_}V?DzaQHQ(!*sdQUJ*kSLB zb(ccTW;~X>lRazB?a4Vi9Zf3#F8>zZ5fy6{ZBah4EnIR9zjy`H^8-Tt0zZNx>rQ!? z3$(p_-Su*-Ja2cd$N5#6lQUPmop16r@JG1yBiX$M61oZ#sKn#dgn))w6wF-nKoN=kPPT_j2UB+$B4j9EuDZ?q;1`Hh;D0&ZcKV z7t>WHo>({IV9deQF_)RRcX#)SWiQEyXzTpDsVX?nMwfTjd@TdnDyuK1$`xvt?)&*> z`(5!_zn`BuC9&3V^|fETPrk|Dx|REVR`==KyC1gyxb|^Yl;oESNBfVMTV->sQxZNd z9-4T*>cr-cb`#4VwNH=QuAB2Gap%oh*FQ$RJkPk_C;G%>r zQxh!LzC38G8M%nRBT8fA-bwHMJESdtxcR+~h!eY>^X2x=9KGd=F*Pf)!w*O0?N^(j zx5wk?B6k+$?Kxjo|5Lm0M|9nkt0t*^oXOo1I_##GCAOTie7W#&#q>iPUX^{ylJfd< z(kzDG>$$0~l-jloy@ibJ97n>l7sW?AnjV{5Z1tuf+mfbsm}*emy1_6DANH7iDor~737zrDrNPb8-C-2D|EuO-)e z;#}pIHD}}9yIeBAJzyw2n(sR&ROy_@qD8w@lAk?q3{Bgf`BtU#`UJbEE2;X*Mh_nM zA6i^paCYv2kKLa{Tgh%My8I!8>WIDylw*XlhK8UB+opcz<%U@9w?6 zMxP>B+?#h6SY4f+nL1Col1FE?BICigu3J?%@A}~S$Nbc{&4zbQaU5T7y0~OhRGX)` z_I$5rHlhlbOLr_+nVNcV-MQB#t!+jvA*bE)eP1}TXxccwz0t(+K5CYa!9DB9yZm!6 zteW`xY)bTk?K77BNnX^o@mr_vvfr`0=d6^UtMZ0d;Er=?vdON}lZJchOD0|k{j2xs z+OzX-%>Og&`OIfOw{+XCwC0b}eqGT8O1rvbH>Izh^`vw?_q`Y8Y1bY~sXI?)Z*t9; zdS>=!gY`C=tA7Ojs(dT3cg^vqD(TFZHgD-nj?MB|7oMQ}y?$*Ob4*{ve}>KP&pqM3 z@aww$BYWP>>fg3?N^;E+HHoOX74g)@f9aW0^J$uPK3`44T_?Y>n$YLDY15xQ;qJvE z-6?BzmwETk-F)G?Zr!G+JGzH>-X>16+v**ftXyU4@$S#Y1MD{CtIf+^R`E|TGw5fW zzOFWF>C#g%t4?oWyWM+#ZuDgye+%~=uWn?WJaTW&7HfXiA6>_f-g2t2J{sJ%Z%cRX z?(O#qBY*kKx_?++T)$g4@ZVYCM~^Q~H*G9WSDU`db?uEwlNO%x;E#HgHCCQ+aX#1C7wlPwK8m-R&S%cL^up>+(Mmtj6A#<` zv@Nw+Ev;`nUvN>OD?B5Fr|0AAFdNlJs@~f#Zp~n@OA|dWDRcSJRHZ&2{@J#_uZ68- zOv-0u+|FaZ)bq0V!VB@~UVAJ4ti9-QLtS>Y(z~;{DVfSWB5CIgqjyzyAC(ev&(}+9 ztyK7WH2v^5)#S`-<7q)|9Pb^@eA_ZBlJ$vDuEt}Puw`qLb+4|Gn%l!vyFlku)$du$ zOIh!(z1eqPP2GRW2oS6%fLdnQ|S%ey;LWR?8RdA=cgH)lt$-+J?0V7pHH!Zkm=b6$LT z>m0Q0j(*OD=7z`n_h#I@dq*tj+|sg-%`x|;KWf|2xzJoIc*(>K&$i^|=O}AGoxF9| z*iDj=+Pd`huD(XQ z=Tl|M4!-p|xoPK?3-_iU{v>cTfU(cR=Bl9V5!=uP_LZX5ejiKQHa%jQ8ThNH>e_@0 zrYqJ>Tzgj~lK)gg^Q^X(Rnf(Ax8iD!%#3EABXxD_)%6Ced4zIpKYH7(U;fhE>3+xu zV~ZDYg6HG5)*U}$&-<09ZRgHS1!gVEjlpT%K|5`PZkt4}U&mna)cR8Fx>-p=?x*=G zme(KBeHa^V{_UTUH2=NeE0HKjv z+$#26P%peS$D0)wJ73#0w_woYM1Pt(fy}^MBVu1f-V=+&?KY^StDmrB{WXh&lIFNfqo4 zxXm+vuHy0NxdOYlr~XuV@_l*bjwf^eYO~#YIV))90bAagm<)J=l)<%i1s~H*(ykHG+yQn23-nMd4QaI1nI3qs4tcWLC z2ELJeCnhvDACFpJAg6Z9Osl|KulPU1^;MHjtDOIR;=|${3%a{m)~f7we7y6|t3;6; z2{S$|>yi#l%asfc<$Cp8WhuQ}8&`$~_AkG-NQFhStMp)wcyJ)Q^=bKQt8*C~X4ri8 zbvPg_HBa+Me$KR|L8o??7v5?)pv>y1XZ&@=au0vSf~*5~PH&mRl`>(`y5dVSc^2yU zaOQu$w`%{H8!wM$#8@qwba;E#`CYk>Yn&&(cDiuR)%&E7Xu{zyYi2Ilu2)`op8e9A zEZ%C%gd+_6QKxtMq?at8+#Fta z?zH~QjJa#e6@Fn6@5d8%Q)e1)PL(V&jN07MlJe%~?rWhZgLh{xo8%N^ygu2@`RSb; z)43(@h2B&$Ki?a>Gh&X}<9U?_*Q`GBb3>1tt#44c_Dp5t;MppxdBVh&Ju@}pne)N$ z*49$b6G7FDlj^Mw?wa*<)03JtMw~CQUDl;)#+={(>CM7S?oaNfr?ZM;X57o1KKb&k z?WWpGC&qD#vlPi(x2-G}y)ChLa+8(RMTh58UA9~Pb$j?PQTs1ziht#X&6^**U8@^n z>~nyBS7FS%y+${WmD`!~6nj%G$vt=`%Y@M7D zGhxTcFROMZ>#5c}b(dI`uATBaCq-R{Y2J~G`RU1pkGx~0tj)^Pgo;lvl&*M?T;y!k z*!S~w?D|9X+>R?=Z_FxkpRhPXZPVl}z8S8k-1pZAUCO=1SSiJ-(VS;D^_5kY?-srH z$zRsn{3uz!_)J2Z?!^tyZ|#-$>M!ZG)-$q@d>NN=_em`)N70dMo4R|KHcG6ujxd`) zwd(WNRl91p{b!iN$C??fovZQwxP-(SzwVex1`C7^%Y0jTh52Hi<_3i{&3Rh++Bq#u z9LGhy6C_s5`Bb;nL~D`#?w^;F`9GJu40f2k!!~o;w5BEQ%vq(&byt7hx#Mlnkr_G9 zEnap_Wh}en@bc#cu`6vBC+y4CI4riznk2#8KRYFydTRvL$>_fNI3d?^}SX7=AcWu}(M~-s|2bb9GuS-iZC3;(( z=LM~G=3*$mzAa0_nXmbEm=ee0by=3Zl{wr@3sj^c9{UJx3Et%9VY@5HeHu&aLHo7V zcXW9EHgO3#%|9ED{z3$S`@ z{ByhWEStHYz>`TC#~dY|&FkQ__>=is{(FYh#hA6&w87XnRxUo1!kv%j~`Ub=G-^7A9zM zzV=A6SP-cB=I5r&3))_O{LaCq`(-sR9F^jc-IVmNpgk07g zag==Wx$$4E_R{ITTkcLiSDR)3=C-Js#~mhXxvyc|8Hq=iZeA8=#8>%vZNSyHO06<( zGt}3MUOuy`UADdI=(Pprt&e&>xd%Gk=~wQ!s+;@O``PyXvJ)px%APgc^5bn{MWEXw zt4F)Kh%zIMzT3<_^7Iv?Nao)0Kb7Av9vuP8pT5t6kHdtMse>ZY<{LTOm z^{y{#J=gZG%zSjuX-?9P^&1c6r^FjGui(8>x~gx@$+bK`w%op*`r9SJJb~Bgy8C(E zVu?^0nL5)8H*dRbG}?ITd0#g3Q8S_2ccf?7J^X#cCUnKjZ4sBhZrc`axO!^*&aR1n zJoH1>K5>|L?`m)23eR*)C+F2_W{;QeP0P9-Uba~?{m{n8>`U!JWWHH@YdqT7Go$~m zNPo8CsRo9(T~FTFB$V6~Gnuk0`I-H-t;c&@4$RIJX=RxDZOO~68*N_9`*l;~XU5`r zJ4Mg_n0&}QYS#M$CuMR)FW!DNZTrW{R|RKpTwa_hc_6NNTXk^H9G5reRj)q!sNQn( z+C$03>I}K(MWyU|A4y1QpRSnDvF~%AYt_Exskv)z+irb2C(oeZj8(Y$%0IfTv)ngM zb>6}9_(G`L-nld8nAm*N6+c?Xy{CFVTg9yGNW-ay_NV7BE&tEJzdz5vXFuONrRL*i zj{~;4GR_rOVSF7?RKXpyb&fmNmd@QX?ayZ|U7s=S+h!B-u%&a>pE+T~TB7NcuCrLB zHu3@gZT|eoSd{o|wzeh;ZkJ{@wCI|74sdX8cpxvBTp-nC6{1U4D~ZaQPj-_)qQc z)IFigw#@2pDXn;~%;R*-;lw)ezz@%R_t-1HymhXzP=4Bd;~Wc#FRTAE@cw7WciFhT z-|yqHeuLb{H3tg(ukCF=9KYrGL3!C#5%F1Jr&SOB-tNFtr?#QwxtPD<17*KWb7tz7 zoZ0zY&#G&2`NMp^`v;Y5yOagoLQ2-J&8rjtqyD2eEotkfw!8P3zg6$fWV=)?-1We8 z{*BE?UYcCWs5%q0Ajmmo?!CKOk2RI@<~=_Z_57f4ZNc?zL2pBS7_8@fT~{9R!}Srj zYccC$%LBLj+UITk;oDC}IZ8clnrDoJZw5rw@jc??_C?azqDk>@wFxQWIlFze(F40bAEBfrhxl8KbhA> z?e6EP_!PKh>2YOA$u-N{p1Ln}+mq72@J)@6Ou{~YiM83fxhc83I}gZT+tYnm&gi$( z{4G9gR^ic0Di(=Jw=_2%Eh_q=7nHu_X4b>miN#%)yFLjR?-7pS?eF+=^wX8+Dn;6P z$AjJC=YITgt!UZl<+i3)9nX3jlWsol>Nr*R!KUh(k5%8r`Nmy(rWv}Aj85ta@J#Y` z$=r5U=4z+u+d5mbbKbo-84{!(=;h~`Rv+K9tHzDbTlj!za?D4Ys;{S`BFs)6cyTZ^F6Q9*@wLfD1@qO>{!}EDx$-mfU z@jF@Z#QDT{pZbHgc7oel7wtb{JzKFe>C@Vq*IBA2#_Rt(6VGnCzT=;D+o5NYdU{{k zgzuefD(iX9a{Z-xTaD$C3iHF;{z+YUsL8vDVF6Fdchk$UpPZ*k25ebg>=$WQwBUDe z=(a1>pFH1LU1D-LS|GQj#O1|*hPhsw-o6htDxT~(rRRe0X||%`KEL{7v!6XknSW^Y zOlkI6`E%IH%^e-Oo$8M6ToLuH~d$;)?+PR!MznkrA`Jezwux<7N%@@IeQtybF}U}(ClCHcfLLqYcBYo=oTMeU63RhK^Utw~H0nRep2 z=!sX?AC>9uXv(MW3f-vsuNnjr#8{^maG)eNFoHVcDZQWpZE7zY?DpslfB` z{>SBhQZxJ(vMny3aOeBmi0#*T{K)5U2DiZUO)bq}?s z`0u^6`lx}zr29dds#60wnLn!pYG7Z(&uFb4C{poodGmBhH*}5R^D|ar6D>jE6 zn`~kB#=LmH(&Q*{_T&Ygasfwp8Z5q=T-46h2r1IqJ9$cwgiP}GsA-nbg@JO8Uu7OG z*uF~mUAxX5e!r`c&3T6nBxNRKy_s0q*v>3dvdTPggYM*m57K7cnbi9C$bxR`pra>G zeLiq}t<{A!OaAOPP_7rbDJE=LcKr0^drP<4Y`Y^@nf%W*WqDa<^r9UqJ&a)rlPvx- zlvq5U9GW}xNHurD@9zswD@|B`@_lf!%O$s#a_g9Njt8FKT65st5&=%OO}S4#3wH1G zGn{p4%MM)upHBvMTXi$6XNgT5yQ$ZKDLTdT3Y()Ybj-S==3!eH zxqETO>KW5tG&a3GF7YzxMWNxGX~~U!_EL3=IgQ`)a2!zRo0{)*c~*4)T^{B;m-jBR zaNRk#zHQCTiyZ-e?4~dG@m;!-`QVMp$6Gu0v%J(U)-hP4Uem)MH|P4wSN+)!&a&8C zR+xH>iElyGe}?)08RF*#-<$aMa_fThtni7EClbRB#x0TCdOmx4(VZKXLi7AzM&>?} z?hOwpekMHqT-LGWa<_$^o_ObLRr2P@ld0$AqZQ87b!kxR%y#8Y;k;%xu^7qwO^Z67V4u-nD`TOege6HKZyBg&S zk7-}s!<=~TCA*u%(aMU>sOKx4M^ZEwS;e_rnv@ zIGE?nSXcb0JN_&3YqO3owPc;iW;b>A!wU2J zTILeWqPK3pR0_Lg73@D%{KRa{isZxL;^hi1GoP<5JDXM3a=e%U&lJoLjr>>M{ ztPN>bV3lFWUN!HSP?^)KU#B8(PboVto8A1;Y`e;VW0R(`uN2kqvI&(vvtGtnetLs# z)pf}=ua3p6I=f}w{<&qry%W1<#Cc}sYYQEH@_J(ETBUvacix&{cK0sBN*!I_%ay%N z46oR$ZePCmCRlLQJLSpFcaENV;=4%8b>{TE`nE~eUCJl4#4*0?DU8~7YTfQppXd z!m5*v^Ej5RIM3$(0G+mOtI&w1OE!f1XgA?pTtlDx~n!&DPjEGqJGX=o5D4 zm8+X>8ZiqL-w1tcci}N>;k@Q+t7oiG+PiGNh@rSb`U2Ur+P8mZ&UvifpLNUIVv>!S zdGd}`;bQ;NlDS*eCe6$hee+O<|McW9YxkO+E1KP4!+2@YMU$QHmfh$)c-;TkuHXE8 zt&W@$48@I+UKy9>NS>4BtG>y}S5|7eenG~BTifrlJYK&vTdifIY_r8tjqTaN2VMuC z$yo4y8GPdDGXwzuYs+Pq9WoKW`bdg79bEMv`ip%O2QtggPEYg4?{c5~NO6;-io z?TY!!Jq2`vUmlI%TKrV~Rd(2O{JH)I>u{7ihX%(!n)@SS;XUFSBYpVsj-+4d{+ z$dlZD?s?1B-^gsrH2R@_X;-iE;mN)kmn7N@?*x{ZvVF6Z_%c!Y?YUY%tqNT+=2Jc2 z)^)x2+qS)D)q@RkQzzQUh|65MbW~%DcXm}`?8060A6KWxD4Mlf98H;#*Y*D3fwx^* zYnBvvd|70;BdeFQ#@WW}%o@+*S#A6sQoY@>J1xJiIo(}7Elm1^-B!N{b>|75CtlBz z5qNa-{tJ5v{Uio|t~n(q)~)ybag2w_k?Fb2^`7WG8*3g~h5n8$s!qAJg3mTf##-9x zeDSR{Odb!5?}T5t&s1Z(RK4xb??-GOwt3H&^r`Rn?{f5acw`ukqUeQaLs zyukExuPU=l$XjW#J^3Hb`|as4>oyQNafhMmI_F3J2l@Sf^q2E`RirRZ*X}FQzEHZ- zt+g~;W!Ex~oX2I_E4Kbvy`ZA)MyA!>>vM(l*gV#G9{QM8;d5-MWYqJs_c(T3UvyPU z`q7z{Z)2bCTl4YAyN?!()m<-b9FrfMj^4Tci?_k<-r_jrJ@G%>-svd^?1(e4+xq0% z)aA)<47UE;=skC}Onk>4x6M8uR;Syw&3%yT=FR(VdqnQdTfW7&Y=mD&bvv`4`@O5q zH2kPk&px3mXP0aiDZCQ)N`Km$*Gnx{ep-9J>cjEwqlY;1D(vsATXsohx4&t6@Q>?f z=E?q8T`c{xt|BpR_CtBGtX(^{cO84%d{U`*e{a%)1RW)<;KRBY}$k0(L}ngXq7-Jdhx>wPXGHFamr znhC;lu5=vb%i2F{$7`?6PZH#&sHW+KWjI>I?akaZ_lv>H^Sh_zv4%wMc>U`tZ_pRd zQr>m%)=v(tcIgOsHgSK-hT}P1r~fFM`X9Oe?c1&F9ml!a{yK`-V8-!QJ0tYzzJ)AU4Sgr?*t zzj!ZJcejph$7MNNvwKe_RlRxp^SXB8@4OdMIZe-fCVkVap0KCh>hoXuhwo;uTzrzp zFgI`-%jXaq_XqQNGsBEy+@*H9o^<`PKB_O$^L$vrp{-hhg)RJ>>Qnjqetkb4zISJ3 zRJC?!z_W+!?6#{f)g*pMe{lbZgxvXK^LfA2y2>OTJvvF|pF-N6)BiaCGd!#{cKKnf zwmdOM;NG1l4@w!rw;72Rg$Q^3vIvgws@Zb$yD3=ua*D!#2CF|xKe`vrl@6VCO~LP)bgjdG2DSZ5>u+!N znIH1E=TB|EJkKnaOUYOC)qjS6uK$>o@axaIXzQu|FXNTFk3Cv=M4+qgb^OXNcdX^} zr-c^XH9q^UW#aC>e!bE(M*{u-E->wdjMYtDF&2wRr0~TW@^csC8XJC6#yQ zz8Ndu78RW_vd!Xntdje$G)-}v?UHZn!#F-Id1LlWp)T>#YLN#GReVz`G!s8f4BW*i zY@OWi^`a%GuUyxwTO#ye^83J3$s7^M%d4s?w@>284cRSrj6Lg0|KU7`O%by^Qx9;k zTQ2)1dOhg+!M|*b>D6mbt0X?Li?~x2wqw)Y%gZJ`y5*>pKB;%s!y500=LLV%*34u* zx@vRn1wa0%r78amFDi)_WL=WD(X+UC*3*^Fw`K>=PrhMNeQi%qC;Qp{sk^UxKD;lU zHBWr6bJ5wSO$LrHIeWg>*Zpm~rnlNS zFYP|@b;i*nYv+GmymIY&ks6bIA7wlHyw_VP-r@OmeWpbCq0_bej@K54@kR$f(~UbP zT3op-X2yKU1GcZvh2>@+wX@1qGgeuz@aeR^<=gn!lfQKiu87$B#GKWwAauHD^M~W# zvbKEa?^nB~r@QA;?*xwr;Y-_&1y7k@eEvw{tk&BX&i-)xE%8I>^5LEu*QNV!>4k_* z(D%7=ef|eO`PS=FEwh$QtXDC%JoijueQ|Df;N>NP(NX=H4Dw}LzW58DT(N)RH&d0b zCl*C?o!vImMC0L7ZsRBa83gMOnw37=Z9YrBGdV|QK~C54Yxb%4yY}5rWcA7_4)lU7x=ie>OCs0@?&C;G6SXUkl!+sCJWtjJ{8-1nk8$$DAE zU+uF;AHTkIV3+ZgF9sqH!$p>6M||i0&mefaBKVNG)Rv3dwbL%nb$sXWApGg`x7i=7 zzxDjso4cwav_x~V&(0mWM;%Yb%whZ${=)ruY}Iqm4^=Ox1-_f~&b6O?q3r9UdmkhyyTF93aw@ zYhgOGw9stz>bNX%-f4TU&Dj2jW!BG}kHJ%`9V6xT#g=U~sVQFY+I$|vJYUUI+|jY; z4sT%Emvq6#_2Juk@BQ26AK}njuv6pWyXWhd*6w`x!z6k?-@O-6du|7PlGoi}E%oX0 zZ>B#wJNNFtUb6aV=hL5k*AzDX3ZLlL)bg|YSYYXFdkzxHu`}|c=)ffwc9L}G#lzZtSdfLzon&Y`*wru zu=NUekFln9m%K7Pz3`;3+pNNww=&`cyL~Q8$-0T&x>&p?{FMFHck|PizJ9y-MwaU= zkMAxks(7w%_~ZI_QE9JR`j(3&H^t1I1V46t`1ax0=Ewa)o@**PjE&69Eg$fFS<$9u zvS#A5M?Wq1UXDI|&+y70^9T0a8JAyKvc2HGmUjM>fBm7o?T^G3f4F|+`nO+l?W-64 zT-Dw#anAD5p778QVv8o4uISh$|J6lKY)|u%e=vuBC~c8f1KANBZ1 zl48)bH6_c+>m+}$ufIDrbL-K_^?g+E?lDw(MYj`&N znEa9b;g^5*JFm-e)|{Wkbdo0i=^8_!;fzWbT8*+Upsti&eF5N$%`yH*GAhleb9g7`hdSf zPHcMEzvJ8N_iC&?+cIENPh#W2*KzYde*V^b)z0h>$HhN2w`wx;YgINL6?i@Iy6N@qrL7^d z5w^Ym8MZvPu<*KO$NwYxL;Rt#I)(1TyXH=gnSJM{;!a7ny+NOkO8K{J-LYk@y`OjM zMu$myb}waDFZsaUvgkiU%cR3cl6@_=xF>l0Q@#*BuO>XYzqM-b`>yv}ZtCUftLuL& zVShI{p1FVJw~NnDalR^z)Bmw_;cKyNW@d7d&pyRYu6w<-q)zg~)Fb<3_HEv9F;&3r z_B4k%szvv?Z9Mf>KD_woZ1{n9+dd?I-&K2l<$9OP^;zdRZ)CoI7_F=8^F2Llg&$vL zP+{Sodykh&ysGTm{LmwRNrv*%&8G$Lq|Fy^eY3}N;arJ(66WeS#jY#n zcG4GZPQ2rL9`T={-E`tZ@4scT0rB^5?_o-84>LV0aq#SFzB-o)v9IRwU6Z(X!b>S( zQr*`Ac_CBj^TPfrWnnqjKFQCVQk#9-^gLH)o%-g$LIoc8du%H*;}|}Cn=&c#+^LZD zto>eJ4K7aA%y3Cf?)hO}EdNJY*y9>U`E)FQaDe zzO4UPd$)DSx7DBbgexwb=Mc+RVfyai&c*v?U-+8eyxsirz51+Mde{9NZ{Ie3DW|vX z--V0ON5ihYnJ)IU=9*uRt;ag=Z-M9=< zj9bzssT;rY)d8t5@ytIy#sBbBxV~lfjAh9TX}#x)4zCw=KU!rsb^S|mvs;(7;@AIL z!{`4vF8HBuQ9NVzzmQ8iC+ZpPv=Ke8v}>VgkeQ^f3i~(_iVU&$+|X_ zYfIwx29AT@zOIW5dQ!Ex;`B^`n#etScXlqnGBYKz;qxrL)$iEXRz92l(EF_4?`OU1 za+IW>uq3wcE#LmFGkevdtgO6+6F-GptgDW=YVue6i15K>aaJy`r*4xGD!y!5vh2~x zDWP5IF3}ZH{}~R8zh_C^Um^3Dd2dm@&>9=@N7BY~l_J(V9GvPF`1e1<`L$)c*3De) z{3Oe2OTqz$`#kIn>-QQR5B~5t%jj0z%M;fotKB#tnesZ;V8x?%XO^;D{QPDg`$xM8 zzW*88&(C1IldRr&-s{H2J*h^5sgJnT8aMaPtT27CeHWMG%2T@}`Pn}j7qBM(n0#2^ zM%%7y$*tGZ90Dh0Us)Qa8}neL+|yqE_zTm0t$fcgWoJqVyu9igHQ(h!?w6pYZOfk; z#2jI+Yuj_?_^Qn7^Xew3c9~h;R5-CBeaE#tedeJ zHhxyxcTwq!#n}|kLXlZBw``eew&G!H$+g}^ufEN{IeF(D_g}|sUpvXSRE4chaGP5z zQ>1Wm%Dk;tz3R?pC92+eW)jbP@GUeY-bQc58c5%%7z@*RAlLIp>mZl}zZr zMw0^;jSnq(RF3n8>{+q)9nU1M@?@4-Z%gkBM901~s3;IsyRRz2=V-U}toPy-Y1JEi z8lF^z$7PhJe-$mI{No%}ZUKkv{w#(M-^V?q;8@ldj zYaE(j6>hrVyxr^-##vq-?#D$h`&rHS94lAmpLg&()K=9tcw)L+=M?%~wqkK?T>P9GMos6VDzpXbppG2Qm{GAkC<>cvdI zz5X+Jd|E7d%epG0C^N`ETX)Gs*`)>iOUn#j&I-Au@@vwzpUOdn_xBdh$~s+HbaAG^ z`WxTYJ~%P!!sp$m1()9UPJ4NwNBG{VI}RPK6H4tL$GZ2MaO!MTn^tji%EY#)gP(+4 z6gPLhYTjj;)0Z5+rE>Y_?<;Ous+7JCu5b?Bwqu^Jc4*PQe2yEBZC9P!o~>h8xl*j~ zLb$QY^)9K{gR;^^g?~cVgkJ4gDtzJ5Wz`LH6Q(3ymae}gdgZ0K+FLP8Mo9_Dbs8UW`PWKVr*7c< zzVdO8-AiT5^D4pX&!m4(+&m{F?C1lP=Hpc-t*2#XZ2vwhrn@lRvVY#8UF!w5Zttxz ztGV4ft0O>h!WZQW*VUKDIH(-f3;E#rHay*2tU0CVt=qvq$8*^gr=2ae=e&_C2|l?j zTkNRbqZb|zkFQwEZK3xst>@p{%Y4hX+CBQD8&t0xsQi}myQ;F}B7M92MkkDB9=ug` zNqx$hYi|_#J*Qch@G8mvtu#I4op$-uhusf5cotvVYq+Q}?X#qF)9y(3pk+J#MJqBg z%b&RQ(bb+}`eFLRZCkJFzx@;b@b~*Sf88X_jWwTa zUt3+fY~k`6&krGC^UOP!?CUjC{dR%d;9d4}>(h~6WJ;^6jj!(ZW*`ER<)RZ;O_7<=wpR(%}i&H*Ip4 zc(00-4fo$HbgX%ra^D}R&-@}4erH_&GjN)9tdaG*-CghYRg}v-Tub;xQbyDFL%a6R zP_uK)`B3|M!Ij>5i$!+z?n*s=<^b2p%kRPiw^yut$nmPcJmi9Rxzv`jH%lI~t2b%o zC@~F)#Gaf{BpH^e#N^P1y%k2BN6<=n) zDeY)&{nd24Z2s)`r3+SUuDT?4z2tK3@_2Whk5ko5-)UXkynSEe+UMIf6=QZK?=37m zysm;dD*La^=3Dua@%diwa!Rvf(=M96NVzT2oSiGP@cZJan|7W{3aor^*8lA{>lXd1 z)#1SlE4I5{>*%VeuW)Dib+I^A`M`gM{H?+V4u22Qx~8`HVa1yncVAwz@H2Q&VydUM zVNTSQms{gG{7(N}xL8Z4Yf0nZSIbjtSKrW#4Ld2({72St)hxB8k9tk7-VO+Fzqs?n zzo{1vuByn7GrApnhUFpK+xDgI+OEY*oLO$=zJ6=j_;Hfw+HPG%y$5>NJx(p2#v57x zVf`N8mF}wh+qd0WEz_$0jA>)I&&TVndUD!t)m}PnGZ1-ulrutP@~bkTL%NB&$ypMQ zfB2hRy;kEYz{|Ge+9yQ`o@}ebG4mpXJQXYA7o2zNo<^1Ekrc`>ZJIePzgRMwP`MRphKIX~iHg8Mfulct6V}*Ix zPS(d6AHo-xuPk(%kacXzKbgxWKX|`&KdM;nP|;(4_Gi$+wWnpbPu14x{qizW{)X<- zV{xxe9)AARa89#NnC;f?luAhR;PE730osr5f@06IT%-Xv3=?-qe-b0Tq zS9z~KsnwCUFXKN$%oV;6wJ+yI=D5vVnO$2dETnSYCiJ(h(N?kiI-Hy@fpZoK8VAzA1PEX8=W8Uul_JC{NvMq|cINFP!zsSfs)YE%f z`XHZM@#Ltm>5Px>t-bI$=2XnOvnOsm@7kHT%3JW@$;aEPre$os@=E93b?Ja>ON3h; zLipxwJ$WlDA$7LpdC}F0bt#YQ461}9Z%Vnnc=7g~z^q;>!D`tm-%VJ-4505^W2X3H{V()UjA+K&+-iM3C4ZA5!H>77I}rowATD* z$k@XgyGg6lXTzt(^W3YFr+hkj-15-^zH9BLrqB6%*=6!GC0=dO>OMbz*ju6sZWc0o=uAGjuz`VzvyfEf32<4on+zMXDcRI?>Mwj zC0%r`CC?6twbM6j&-iY7&o5ijyEv2J@;94%fh!DgZ` z`P$|%ww%D&+|&2f&0$rv+}^CW_Z}B~+;C27$;1iEueEjOJN2I6 zS#x0CoUUU#PfS>~@mJX16RGDo*Q`F;SuXc;*)~PV@UG-@{CksQ?`)pLoG!Y%;Kixi z?STjXyqxioG@O72F znL;xgdB5*nJ>mK_v0@qS?U@JjqwZPDl*>~=ahd*8?mT{WwnXa5 z$EanOilS|?$)SRpTLpLCvkQJ1`aG=9?en8QtZ}=WtBq8S z@T3SvPM>{H{hUhPd!MH}9$Pe-O>o@lC>>I2clAv?$D1<&D!WC?HS(;(JG++~FA00H z**H0W<@)L$fg-0D-a1{tB*t7c@zTasYlU}n%2#}|XOCXx#0-}!)4(VWk5H9K zR##gUR-~HFnYbm;g4tfzCS}go6$_IXPpme3A!U2~%OY!Lr$al>pT4%N&A7>3WW$j& z`*nRqT-IIo3ffrcD3Zvo9du+zjNwtG1-Iwk`F7OKG>PxweCNo|QboeiTfCO*o{emb zoG_K;pU7!u6h{|cY%Ww3l>b@5D-X3vI3?!3Z(m8(y4ZLr8%FVt|Sr!Xw( zXCu?*oR>|~Pv*^Dxz8{9Pu8J^n|Ix(l)Yn{RA$npz#$@Fb*c5{`}-!J7BtybU-4VY z=4n&DB6C%=WLS1JTO*k^Q zVCTw5?b?%%dU7cwF@0aI!+P@IV;in2UR^fUbjkBxEY-XIGiYtt@H08TD$jm?R=Bf* zA;VtFb6U!r?3NF%eik^ExlHt!Xi>&4rb$j`3j7~rWXzTjt-5!#*<>@{UElD%JDSWD z`SU+6W3?1nR#e>8`Dc^4P-e;$LyO?E;XBHDJzUgx9$1hW+y6U6^3!+Tt0vyh^e$vI z-Q2vR$iw#47d}PVssKJS9cP9c7C%u|;~pGisHS@=HasYtrb1>cE6hnC2`J*LIp zbCzz*2RI*H*;BBjxgT7w#u5*HKL{CSx-~DZLiCRBP)(2 zcqntZMozkURkHErt<^^+8EPGQP_*DGyVl0Jr8*zj9ClBaebp0Ha(Ua0==CbU!kuoV zOixb<`1-E;lHNqs4ae@td|7aMadBWe-bYnDl6D3xjh0*=vu|riTJU)b z3(?aR`wwjkK9IiEcm4d`Kd-8JcUe@5F&yMS|AsZSqWkcpPyX9)-Rd~Cj^ljP%e*bw z9RgN7Mjt}@woH6kK3#ClbhG7>KSRpbDx|6|JaAIx!eo(-(Dvk`X%$`O)z0$M-_N;T z`e;4h=|aUFpS+B|Fci2iEuJ10aPQ?OhZkXvce<{coJ;Gs|MVmzt-rwXb=UGrmF)%V zXXek{TV7|nyLwsHuaY+t4?a`;B09U4CDo&nrKn13X-dkYq|;g|EwvL`3_s7i>iJ$} z+k`E72Sk4!__CHaDr8INqH^5{3<_aUF>3d1r)NEvH+UU3%V6qd{mgsXzIMhc!JBjC zwG0lLUdW8o{_SH|=)+|3ZJpKIx9iuQy1k22;Lj1Rey?lszWprkeFWUM>cu4`2Ogc* zoxRE}UPv=lx!J$Vr|H!ViFr#w_U`VS?Yat*fqh#qM0M9xK1)3yw>K;E-tAL*n^%63 zpDS3@S+mOH(_HUEQEv=vzI|A|&O-8-wtPVGa(=B(cHy$wH(K{@Jv3#SVPC}>+w=p| ztQJ=uGdS`^x+?7B+T1g$?i-(e%n~!7U!7#|fcf5?Q;)5t$Z1EG&>=(mRE6g2B8Y}uq6r-qOoT5fOD$f3D1Bo7t4R@W?wS_MQii_nTg?&^|6_^x;nB#XZTTQtdxo z)=yw~8+o2zeB%-+yDR(tPP5@ImHGT5{iyyk0iQynulZgNOY0ltg-fPQ;5D#PSDo;6 zz5NINx4|E^4|kni9qqot$-{7y-St1Kuhba+&Z#JR+V$hmxqnCIZ4$Y&Xy@Nnm$NZj zEOzhbt(fmOW7*1uXBN~8D@v}KK8yFxwMW%w4fkxgdH?A=?HBdDHB~Ky?+?8~EGF7AKe-?3)jk?mqjB@%ub@ubg+J6GE?x%YhEvCbtM4fk#`d~SVQ zZNpZ17T!<3th-jdKh^j3>-UcRDf`>1KFz*sek3UB#F00t0jJ#ajDKBMto^MVabx*A znYSiLPi(IZjk-i%dJ>svbe%?%Sb9zT6~ZT0((`ZRy}7iX1! zRHf|UxvzHh$#v^hHKIQ@FTXkaZvMe{KOVYdd74gIsgf%ZwDCbydt)lkC6+vQnesK6 zdkj}ZS!*9~__n@k*N42djGx}^u`F1=!%)sJ^7=f%&l6|=R*I`+KW!6sadL{O^oxq3 z=ou0}8}eR;<>)>wN)3H%n|)#ZKlzvZB`K5C!;~j(xmsDHn#q4MZw6ygNZ+D%MQ@j+ zj9s;7I?U`OzOI|@yk&oTYZ2%Bx4v61ENNw#X!Mxbwqy0T@M+)tcg|n%GV**#S>h^< zwUN7*+yb`r#ve|TT$?}T%=oR3S` z#w1)lX}UVrV1|@>71wPre=PmzdK6)kS^zAcXM-%8HEyex6Jvveo9UGWA6KM6+8cU+AUE(|7(H$ z)A?Jg!=`=|_xN!4*ZGg>2PUnZw)Q`RzByOHe}?&9^L~G;|2ub|Vb*s253i3YJ74Ky z+O|n%v3bn(t=?>lW%>Dqduz@ejlU`UZQlhu#)^j973*DvIq!z9bNIcg;&uFjcz!#T zKlVR1E?Tzp!F_?~JC!RW4nE_3d0*mv{IvfJg8S3^yY6$S*ngPyqqbDn=84|I<(diZ zIbF>U>yPA%SMUe;h99`~_wAfQGnKX=_qwUmlo=(D{q@~o@!B@>*G1Dg6DQ9pe);1H z@2AQ4_85PQ{JVPLkD2M>?KP1lLSGnGJo)>+>U(5^Uq}#j_?0*-S*;+XH)e2ve@U8E%VfPQ+-9vzbZ+k^4I5ol`B$q zaP9ee)-6?Xh3d?L`Y4ulW|6-h{AZY#B{uoq;%S9*gu9xen-=t3-ni<9cPE=){om5L zg(U$({8_bkAFXqqIP2IIQzg-Td92nM>LwApu9Vj-Ty2+qqCvgTCe-}O_X7W_wS{#C zj>n8|t<*b~=aaX1g<|Knucl|Resv$}Roch!<4ZfwI{kFapEKv<#IX18`=`CX-g8a#>FG`L<94iFx!U;rRPVhU>)r)yX1;tS ztlHy{&qmd1X4kU^a+>a3_0*G?|FwbVvFL@VXYOp#JF4Sj;LdR6m4Q9I=ZeoS&CU{kce~5t!I!VEW3H{NKirmZeEZUD*5X-9zFYnc z3tD>9-EQ90Gp`~%SxRGKT{277kK=A7BJu6>$rzn<>_71^xRMO)mz=U^r+&|=ZFvci)B|h zY&FZBdEe5KxqoSNdsbqj%D1!Ww{12Z-dn-)^6bEe@XbHqo`Xw=m>t^n#;v zCHU&zM!E6KnUmbZ_m$c0zOmq^#^YO6tTWQOQ_E5f`DZV*Km0ySH+NAdPwqT_o3!~# z+B}afjz%=LWF%Ys+{yBN^)6MFmZl3!s=J=LTE6}67M{<(u2$>pDz;Ob9~Az$+MIJ{ zjrhcSQzFhBZB*=7HD^wrZPvYc(u?L5H-B03+s@DU^1`G3nRzE}2VeiZJeN`GR*tG) zitWLpSr1OM&VSdpLt@Qa%?F+PYj?brU7c{A<-*&R#KN;l->qJ*<@vTb_n2Ek;RU&? z7b=pyIz46{Ke?YJX=SF_x9`D~c@M+Oj9D$4)#|#VXtGCs@*4(YUm|yzL zr4OZB_f6j(ni8YP!zs&Kw9o!y?tg}kua-;n%vMjBUEPTT-JJfTw&H{ehw$8hr*dGkJ)X)cT}*u zMq3Bkv`lhXFE8-!d|dY?E003a9X)akXAA3ec1+6kY~EJj#`xvgZqF$DO{eZ2SZ{Zg z<$Kj?jpv|Fvy{)x?K_t~sIa@ZQZ(_x$GF)`UaHPul{}~2|D*EZ`}>_UuCI7;tDwo? zoTaSB>=)Ud#e7}Y-;}kP9#`7%)iPAFG3)L%eZ|dNlH_MSUavp%N%_RhlaFupRXI7g zdmWNKVPK%J9d@Q?h-=;*B$)}9Y`CG2{ z>hY60cjCwu{cXoibaC3AO^%L^jg2vxG|#+b?az{9hEJ!Y%-X*=BT#4dsXT@r2JPi8 zeI7f_JRjcWP@TAQMxsc`@u&$dmWl?}VNb8_miV)x?ds#LX|Z$H38}I0@2OoCarM_k zXZdLhHk`Eknq(Pi+*I{(R>OHN*(L9m7&o7=kekvL(>t~CB>TL-ub$4Gd}`^TP+luz zopxmfzIk6SXO^v1u?}xyH<`UjCiGNbBrDI^;|q_vDl$K1|NJ)EJnYrRsS+ndTkE7$ zmH7OZs;VaL;M=Zn@_g3Ki;qv38x^hoo^9`PY3YR8RUZU67~$4ck;cn~BC(b)) zt+`curtiY-+kbY-G=@vf5?*@F=(9_rqQ|j+H$;=&KiF+t>2*lDXn`D`_U=o2;v3&{zKU%`acn{E%RY{w;p^))6;ew>u0K z5~4HfKhz)gkjf5A+$~{o)?#0w5jE2JO0qwd?}SGFlXH8X!)H|Y-t=90JonnV zb0^caHY)Eprp@_J@?Ny(t}vMr(X4R3jCs2CANC)axHCJt_OMLSrgeX~AFXz|t2;SY z{nEbn?!({3oD;X}F+91v{Bq)s?$eXb`d`h`FIsFW;`m|p;Y~lpovicq)t7hgX++7ToSLj0^m&_Tqld$3>@&{;X_1e{EmW$LBq7-{|)QdKd~lNVtCb z+T`bf?q=E#cRsuDNA9D1=O5>9vf&{!zv-8~&|bRr?<}{u+%aq4%-65|ntUM6z}Go! z-t)7ncegz^eHk8grfiqq$t4F0&-oT#&C@#ZS@U@GJmW|59K2G@4656DQogS%kG!~a z_Tg}`SMzHt9_{U1Yh$_YOw#@Yk?&`n>px8QznW~2DSkNdi|Nx-bDy6%zwF>MnJqi{ zXV(c=SbaNxbdv6&Z4z_WR2Rq2@2yYOJ}<4a>+ha>$*aVa_g1z4(Tb?CRodez_og9c z;@PV3mOa`$a#HhBcliDbyT39=mk-Lo-q*5Zf#4HIA1sau_I-&(OK&n>jI z_}r!z*?xcKnPF>HR>|Feu)W#)V$$|`1Y>y`iHDX z{taoVNA4N#{v$6c{KtB8a;Hst?fcH&r03xqrm=Ho$NoLO;P9G=7VCGD|NUCzo9`E5 zou736_oF=@{#akU-u5x|b!~c9%6$GWtgqL_n*ZHqvUh3Tku{rnt3TWC_`#DBlB-lqG&JuwIG`(F1WeLZSKAFQ1%+bQ=+YN^%Uu776^SN=U- zTKMR!md5P7g@X29FNDd+nO)*rcD{Ipiy5C?)w5+E;u{isXE?R|K9N0R=ZEEOi}p>5 zSf_i{^MUo3RZVNnH(qqtKd5qT`Fiss_B_svnWhk2B^!N>ZkG)?#}6D(-y8BcO6!|QfkamD z9?|o&zs{H1du?Oc?Y`?0&-W%Q?@YYZea5igtNW3Am&xn5LFJcnF5NAkC)`lEPOwz- ztFK42O?!g9X;p-jaZldativt1@`2l+>$-`i|t^B=C~kDKw>M=YlB>$>xCKNde)9i28wHu>4{z?h$-+ zUOFOE@Kw9-#KhD?9^ySAyRILNO^P{o-F+Uv>E$5fBjzWSo7PH&JUwf1=SzO)K9e7f zAH@$;J#SoZ_ut>bJDKpKK{?((PsLeA#TsV zt&biRm}WdujxOt4qh~eO;?%4#pFdmo_QpsWpADEPF1vd9$LYML-q~7QVU$#{E#L>%HkCVE!{N5A?yRBNiV_Vkd^CGzo zn>;)o==!Ja`nKSH%4Hk7cW3XcTwgZv(UsnI@rWxsEhL`ITB5f5YPy(INUrjU0tV5W z71V@OFE&Qz`KDl4orD4O%-u^sR`e0P$yqbsWxSr2?zubSuXRWI}V$bat zRhZpB_$y$~uF^^WVgw~5kCyIZ`cVGO=lL-?1;#XGL$^Dua?5s|=d4lhc6VO?W1GL# z6TP?V>O$5V{ay6W_~q%GdjcQk9605tmnZOH_4!lUkq`ggmI*xKx8`SH@5kwn?#+H= zTWYe_=$d-d*-xJtzu(&3e`Ec(q>tO*F8mnp|0DLnYZq~=mffNE-?_2*J$`$%!oG2j z;JS+EAsM>N90%DvIUcXAt^Cix^7`+p(*7IHk7M`uyeYA+J}6unyyW%w#kOVhj&;qj z+8;7``NtAl8{MpcH7mDOzwiIg@StJ;R{w@I%l2LVqnNqMnXRtY?tysXzqd6nAK(9> zzW?ZY*1IROAL+MSZJp9lP;=VsSiRQYUw>!T=e}>+zjb@dg6sRFD-Lm#^6UCun`+bG zDgAh2^Of*L_wKz2&-w8BR&MV>`5IrL?Vs15)_!(#9@FmLl@W< zDfeX~SNoY{zc}=tLH=e0|I>)_`CK;ji|ya#so!bWDso)^@?AY&jog*o)D8PS*!8Ly z^>|80x;gWo+Ozxk{0;7JL_dlZmp+njkqQw?et%Pc;_JU>g8D_S?%&t@@=@5i$??iR zA8z_F@#F3TmnsWhPd_NYv}W>#qgCq<_5aXxKOWyUW9!we`rD&d9PIj9-hX~=-GV>K z{~4Nu>(0p8?3(uaq5IL>XSp)vi*ChCohSNDM(p_Gc=MXV{|wEwc19K1{?o%guy>W5 z7jRqUKV2xN%;wAauj{?0)ixbDcDeJ?-q}&BtL9nC{}GFh+0|uh9QdJc*0fW0<=es| zIlrDvviC}x`JaK+^|HbH=M1r%oQr>iPprxL&(M@rQ~JZEzxdI4R{u11)eT(pj}*o+ zulu9((XH8L;#@nogHM}E)_XI{?AkMbvt?nBmsq~@7iq`;3{4Y$lm}f_nHAo6r!?rs z*(&#g?{Bw1?C+@A@ottynvPLoKVMrV z&)xJ(iP0Nb50mqJeud>d{V&xY*e(CS{5ZTpW#`_HDPr3vJeOV?z;T>i_VuYf)pq?^ z)8|QF$QP>aH)s`&Tj=-m#kM^Q#`LJp5HN^!f4)bF=33=GFDS{8jD#@cD-1&-+}OWxBRM z%y0P>ws!gMsC&}Y2kOFk8?qns^ZsWznDocKa)ta4k3CEikDJUa+dkpX&evD2@A_l) zpP{L%?o6HHmcFu&n_hm}X6|0X_4wny3^ws z>qURRudnBC>TAv~eE4P3sYjY+>-=uARb4;z?8@q6-96KTZ=ZS{TpBZNmbjgHX85m$ z?TL(^)|Oiv{MCN8zyCkO*0ueIa*Ym_<|=sVY_1G!JgGd-|7m>UpVWrTe_VT~MW^{* zd>fW{Z@;qrgJu7Wa?Ow4Dx0=>s==*ki7z~D{xi&v`tU*I_I&-Bx4TxJSMh%QpW#;j z(OJ*?=f{0mxAa?J(JL0k-RZC6Lu(YSnC6RQ-AbFk=JuAAg{jhK&KOVbnf2$~kNA>* zNf2HXc|6?l? zKYTxUHdklcv1QluWlAm9&);L2R=+hjH@uN`*2lh<>(6ei{2g`t`h&&qwq;awA9r`! zYj9NB?e2ETWFh3;CDh@|8tu<)gQ9ubr>1F%@9md*?_(pMi1Aw(XBt`;T)b zn$476cOla0_w`blZKf+e%Y5Ba zNx$94{|txLv)sNlS@(&6(ch~QqR;;`2-vat*FSVz{v-a#OYT?$rizYJ^P^7uUGc|z zje5tNo8Ah2dPbZFO;7y@e&d$vUdM2t!-;Rx*v1xy|(*-q|-dvP$TyEtY7R8{M+;QRFX{zLez6Z&nuP0 z>l@j$@%MeNY?7F%C$L{n+8IvlO{qcP2SDv4L0js0xDUG%Pky0%@94}V=1 z6e_dDav`gFT3u1beX)JQS>HX^pU>(nWPbPe)x&*TU+!c5DBn`2q_TaRSm8va#FPTQ zcXz_GfBXD9Zom0oYsIbjCY9|IAKy`##lZe)o&3Ri=EYm2(pn$9K3TJ3&dhIyujhR| z*?BtD;+DFP!LAp1KfL5ScF6?2u#?nDFwRR2Jh=Lv_6PMNtB-WO4`^^xmF}Kr829$W z_XoZA<}S2-u`_haF{6l{{;JRMx7?3>-{m{&N7lJFGnIYUy{IjYQ;l?+ow>K)Z5dn0 zielqqTXX##yN_f(wB9e|cKrkIsm9jW%YW3%Re!yj_4MBlKL5C@hhN*Xez}>K_a~~< zGCE+E(8XGYx*&NUO#jn)N1Fx7D$4qajlQ~(>@KL$@f`d0ZW~cDVPWJMj z^yNSJj#+g+PpfZKW0?ij>D*;2E^6_aOC6c^_=xeVpqIDycbT!om3^G`etpjJ zE1`LjH5y*FU*E>JtZoPZ3_1?Y0 z%Hy@wJF+fR&udk$n0N9+u+KbQwdma;LN3R1I(z=?+j=ebN7AWKqnm~k<^LubzR1>o zQ1dafj!$@#@idFl&}Ums`-PS@uG0BtcIKjo(ZlI|TWba>o z`8v6`3v!<@UZ@U{{n-*mnC5wk5vrjiyI$QgeVSx_#l@5v zw=LJL2%c)|7p_)O-cYCex{hyeKJV)fHhO15tD5@*W9Kz~td6X8eKP4+n8!I~_7##} z)}!xCV_Zuj*MuuIcLU#lstM1n ziwJOws$G2Auq|Q)O-Z?|yEXZIX=hD%Im51v+XYuTL|M$9wqlFFQ0A}VEp^J5p4R>mwDYr@ z`7$=GfBEssm9pW!6Ma1H99aJPLQr;{SwK4xuZN{yoYc5p2@ROAM_hH?>(qwJ(jg!TD-si=de7n(gSl;5n*LBH9 zw()F#oN{u*{0BDS{vYLZjcm+spp)|tZ+R{Zb_8o zs)I{Q(q4;&6=hYwk^jE9eZ~5c{|uJNvw!<^y5IL&`$&HCt=lKdmw2nsa;vnPdg^A4 z=e$F2j;_4y-?x6fRx{YTa}TW_ancb9~f#NU0sw{rWD zesE6uXu_4~MX zzMXoVRmr`FZ=L!vf$z|UKl#gF-fI54%lww-xu;*gm|kX27GG?c>vm=7P7=Ajd%di7g?Etp#Q~pgZ|6Cl%&X1b z^HHyL*{fYDcDf(>&*qyOD_9;}m*&k}DSTQ=Ake5tn=e}GvoZhMP0=xxIu?)DS6#il z$5}>CSMNYY=VSZB5m6g6*748SYbDiptfF|jP1-7JuCsIPdrb0;{r!b9mKbTXPIV9c zz9v^cR=Z3$KmJL9LGgvFXXV58UOv*q>3rME?6h=oz+7?ntE$z}l03!cXBN!+H|6bu zpS~wbni4ZFy3bi$#8dG4-sU~2%WdY#$L49&m+akmY1xPK9Z$NRn(&s^Y;Wx7%4_*8 zpYA^JGu8s%>%wE^MtQIYI484)wBKP zyUEG#UPy0TJGaD7r`=f7Y7Gf1WNnryl)tunKn zo$Jb+yqMT?vt+H#M{KsLxv-IEzRvu+tMF%O4U$d!^CDbW zrO4o>pt{7$t=igq%|j;pUs2TfaKhbh@wLrW8OHlRxcA2&zV5xWVq5uS{~0;;j_(8i zxO_1GR+_h$EP%a#xFk7WCos`V;rPs%JhoLZ$azgU^a!}zfN!lfV658tp^ z`cb`kSur28Ny2Bz=U-MVo_^Xwx$W%>?dpTq&8rf!&)Nq@dgN}pZLc`}vdE%|<>|&t zD`u{X{;eH+?1QDAMRN2$iRf4rn}E|(rabcSeDLJjw#6U*Gq`;$+_~dovY7dq1FEZ+ zpYnXipY^oHbLk(4ABA-$=Y@axr8q2HysNWljoqTHo+e%sZ|i@1-56|Jwt6JKGmQGSpXWbAT7Jj(Y8%auX0Lts zB{6ZgYFNI#Ae1G;EAo5J+@5)gA4)&P@e5kHvGYkUE&IiP^!c>=Z=??2d=>ci`1_E& zKd;mON$ftlNWetDLu}TZ)Pj|T$K`_~rrU4qKc*e|WXHA-dx}_pugxx6T>fy@*~@7Y z=lHI+zTY~%E2>t4>5WnA4tcMucI-cD*WTLoA~HtLtvXzM*}v2AvN}(!ZOkiH|M52d z&!Bbr!~MhcefQ+A%)52}&~>dB4r*aPJ)ZUXvY(af*~xy`HsY*~RoJS~fO^gcSHk6a zYU-xV%h~Spab5jYdxhd?siW(Ub_@Pz5SHgZoFh^5Df)yF`^uw1yRMY_s-4wa@Ns8$ zyM@`D4_TIxUW+}RNBmgtr*^K|dV5fv(<@)!hxY||jsE%n@UYSOytseDF1f8YU02q) z?Yx{k>HP`UQfbw>4v%k}%58omxnTQmxh>P)ow7)AJj!Rqw6<98@zH(K+w)DgSSlo* zyU?De<^RLykLrqO{;in-)9TDy4>B#Del$+L=4fe=G_ypAsNeU{3t!nkoBX!eA(P5* z)?Kr3MaR}ybJr`yX8p~7UM;%u%0PX}v^VaT)*N5uxn#r6e(JGc zJ1!+9+!0NA8I-dsQlc%qwd+Jdt>(wrO;4xp`m&ZY@1N|Cp4DpWa+X`3+VNmk^m(RN z8=`8L9ebv|V&nIR2^EWuYAvgn>n%Jd_|ij1^>XFCsrQ$@ZPYB37QElJGPho7b7eVu zJ_}Rkl8o8u-id4W7(es)v~TOm+zNH+N7Fx;o;tXi)3M>fJS)Dbd6xq#`0v?#TfSIJ zd*PMC#R?}*ep@SR_B7(p@vrOhE(ZxSamrkqHoN@E35hv>vn}0@Z7g&56!tpS;w~S^9IfD&ME#h#MEZo;#)*@TIza6J4LInQ~HT=UuZ@&4WiXZr_`d z!#DSZ)-PEVaStV}{|s~OtfyMquGYHuF}840R>}_Mg=>X2w#@CVh%wZi6SQY(eYetz z=zAr`7ZZfSpepvSHe6J}UM~l|>l!&|$ce!*V z-Dbt}Wm)ql8=Xj+xbuy1@VXV9y{C8d@rLaVyArWy(iAPbAWhbzi~+J|&nisjopgVy z+08@_n?n&_9<6s>?q0y%cuXtwUAS3mg?`LpSHnBTM>Pt27OtG^*QHdk+97{%;@8@FbxcIGSXN0``cabo zt(i6_{6DRYb(EPVd2$W+%Wdy?4x6qC+Nht*_wVs(ce%v#KJ%`gy%$rtWO{ap;* zH_x2p59|Eiz2b~~rk?eD#o7l&zBA`3>}Hrhn^|sd_SC&IRtZH*uH_ewo89SS;N{gk z=eqsMJ!|>T-L-E1x^~hgi|5MnVPO+zrB5!1oAdqIrhIwrsWOj0uf9BA&z$e)bBk4e zEX~{}zpoWr@pR@~E6bA>GG%LK_db?B_@`d##@?P|yPf4{U)q#6Dff2a?Y*W8r%q&R zTUq#Mx5xIkOg_Kmvwk@r+_uqlNrIjM8~f4<_9op)ucP=?vUq%_eqX=fpM3P)m^Ur+ z%F;iqtNOIX-<@shdG8N0X^)=hoC#56e)>Lcby`Pxt(KF@>9f3ogmc>P(tVAZze%4%zGcN&zLg)NGfcA2J9WW>+# zue6M5rCh{6(I~+dg?X<2>~|mVX(?HYD=;49DliO7?oV_4vg%ughs~EaT6a8dM{H(( z8)%%NATVLMto7x^otsY=&YGNls&31R2{O+XN^30h&0~nEx;nujLFD7>0GHL1TBN2J z@mVe{Tp`S^t)M=k!qmobe|ulnnxIv^%O{5CPMBhI#k@E|TPel&K>BMx&c?|{Jy~oW zEtY0{oIG#t3XSIPxpT@EM0GN{*#tNAOyc-;Wx}F&HjghgxD?!S&g8o>;a{okj@&)# z{iE25kDID!@r49O@pen~ynD3FlWE)4*DqZP6lBU*CTw+KOSfUX^3TMq=iZWS=ZYsR zpS3N)y1e!IwVj_Iz0^%h?Ybcvd{{8*7u)*38*?t5Y$&|7)H7x}r)pW015?Vp+Eo$L zEPk%|zG$9RKy2hb_v5DJ-#uKGmwi*|ssHuL=td6noGba}tf4DA>?CY+_Cm!`1U3E0_(3*Wx?DVw-JKlH4-5#qv!#ZrN`8^dx!Xn(Z+glj^Ou z}p+<)Fwq(dNiUWV4QVz*6y+Lu`}Ok>%0EtU6hRNd<>j+D*M) zpZdORmgdYUg$)&}%DE+zcq|Sa7SfFDT)nt){{`jV{|r_9HqBklztu`(FUT-hoOm6( z<(py5vdEAXFMK1Ky*BUYV9se^>}kBV&giM}Q=5lhUfTvnU5mJ~L;i70+vbNExls}C zHca@U!|wIus+q@7e6WY0t#v zpFVJV?76lorD(NGly7$R(zdCL+^_b2j#;->qwo1Ci%*Az`~9}waL*LBJvY}v(K*lg z*3P%--a9tc8!AM$=X_tQ@UAE%Y6h?F>ixGC@Gw4XkT~mFEZ}BzsAy@W) zB)4_4ZrjYFUfJ7eel=^#lvYH=-@Pq6>CErqo=}s{;Ej9JAJuxQd+4oudg!Z`Z`nNg zk9xC!xvkpV`S#+S z+rrJ77V0WhAsfzHPndXW$Lk5jjdA76{y6SXWxn0R#LV^Dq_*DS%3~((X0tSj^QF)7>^0-Q?p^B5az<$; zr`^=qdjeN`&e*m5@LTTCM41h4OFk6r&7OJvA8+QIWwX;a?wa<7-}JR$#G#vV5$B3H zMK!lIPHkqq%#yq|Wz|VTEyIlu_&+TA>_4@KCt`8x=CCcf+y{Tvp8w|G^K{k?tI4v5 zO2WQ>Tc5V)!`I#eS`%4y+@dyp?Qf6r+rP{^e`R!gnA4gCMXsemM{Q@eZ1{fTq3RFC z$DYZ#;SaC(Z}}U=uWxvJNrPD}8^7A7B|j$qcKV~dNy=^ghc;V30nh1g%a&gG{P)$} z_y+TPa)x()a0l<)FinALMyf*TmvvpYAEm!l{P53Y%j7q|&aM`al0M;_TDNRhm=>GR z;-F*hjdpr#Cx1KgLG?&sM!L_(+%1NAAzOE_&M12j z`ocb&zavhZJNaYww~8xYzVd!P&Ej`JKIYLLZ}-35{~2=PTZ`^w?PuR-<-20pnIjvs zTsMhZNbvq=c)eCv_}fv?Oxz!#jTLq(HEMF2n|mg_HeKv}+2->sRjFX(*0BBsCi=Je z9~{{ppS=4@Udexk$*Rko8)_}rJAOERY=7%M?aum5f9f+8lk6g63V&WdWmW%2wD?=j z$8BfrANRkh&CM>A%GohZTJ=EQ4~a)xO6;ZT5323cxqIGpeeYI(w!3GW&gjJo2;WG5 zDl(04%Hm~@BW9oYb!A;^t)NxZi|s)vPj&=(n8t3gTqJ47a50U2SM++NeRUV=Q~GcI zKDO<3osH>-YflT;*2r&~cyoWnMK=-VA6zT`Gw|7`zkV@uT^-L6Ne_9QKI5NK zpEPTP|1+?<|Hv&9_~CW_h@s%LNq3w3FI?I9C+_dwJvNc1`)^))=G3hF^j5m5(CO^B zlQBEa&Dr|QHpsvAKf~rK2d_V}zUK-~$@za=()@7$o98^6Vw^uXsg)eNaP&hx&-KZ- z{$1U_b&t{J*nelE+OFC(C)}xpZJQH|85zhCzsSe@{2!{W618EgIDzLrRgw&(hze)$21hxOZ#iSIA%nU#Nw z|J#X8TYR1WNv8eEcv8^)ujBCiLv25v{w~VaQ@ZeqgCs zeV^SIWYsZ$Z10wAe);jX;#(O<_m>gVdkhXnL%0K-*CBIT&c0-1Hb4qIkgYxd-lku z${&4yOX*pl&3@atQ&u0Tv`GkG@#_8-_cw;W)grwg%HRC$u>Irwjze#LhZJ@?lOJug#d8Wi&3)x)={p*M5V{}ldRvPb=6{ln7r z&1=>?IuoR=dsu^Kb~V?hT;n6ttI}5NnmhOLu~%*qhO*kP*5?1?^j=-x>vley>GY%qwCi|C4|IX36%slKQmnQpps;}5;R z%^h;Vt0MSFfZFoqCy#WO?LPEReQ9-A=ZEHRF@Kk>N%?p9`lAb`mElE4#h5lveE&Yq z^S9N%qyLnD99{RHA@OAypR=aEW{lQ@;4VkvQtPHxFZU3-IxT^D z!<&Nan=zBxmQUq8eJe_Bdhh#`Lbm>CV^li!&wAql3KM;|WOfAeg^zDTjxAdhw0GjvIjc**u33F@ zc4lA?^UJVxdFIn5K6&tgE!*f-!I6*sQ9HCH!scFUwcg2h?Qu`CXydATT1*}OiBaX7 zH@%B}&hm9#depu?)l5#6=c0Q;Zyx%h?O#5V@AG) zg7nU>c<``V{^Kg~U6a|;k`FvuFzds_-aFq-rMPTXYkm#Ma$BZfe|KL?!1#~*rA_(y-b`=R*s5l&SUhdXyYRg`lNGg|H=fIyIn9!v zSwfWc?Sp%l@@@JU-UqlBr8=E3s!F%j4xaVoy2g%_W9&~OC+Fmz5ZLCxZd&Ahrgzou zeKB8G9eg~=X9Ba}2@xSP?of7y^m%MnVZFVpD_uP1d-WY+$-h_G!kWXX-8?_);?~|! z&VxGaa$j;nLR(vGv;>yRe!R7GdyyK0zQl_xi<1e_mfuB9be81z_ZiP>nzS?T_NnA) zJ_1$p$EJBaa&nq`Zz_-RgT$GIZ?7%&@mR8s-R6?sErF9v(-rt`KB&#oxa2xTG03m_ z>VuwD{wh_o8ndr+0LV;KLcc%Vl5R z`6p-m(uyg{S6k@x=ald3H9okuSbFZ6c8{&-ZuVu9&YBg1K6?%4UOgFJysJs?$0A1^ zUZ$G6=WVn5=N?R|aUgj>Da*Y$Qo zNcfZ*r4PUEXK6G~+Hq>u_rJ#8ZM?Qh8vLiUkE}L(c0Oy0xMpK*n$X!kKL4zz$J*!m ztWln3^D(Y<#mg4~Z+!|wO60jskFD6$dQN)&xy?aO-S(Y(bNfSh%Q9a}HNl7d>QC2A z^Wa^&FM6fu+U3z}=QeD2WoTtynv`8`WYQWIHCX9$9s&xbJ?{^Smid z&evV5T$XH>nRsnuzVe+nk#%u*!b3IYl*Z0H_o~dds3rO7*LBfRUAOKzl{ba2w~u;L zdV7aX&XY6+CX4l!*VfmZoIA;Hul9wdvV4-S8dIZZ_imiHMb5V*PX4lI$2muZ66L+c zzjPO$H!%DgQ5~M0E>l(&*}=mqd2-pi6D>hTU$qx<8KghHw{!Jc*QG_IYy6RX*sSHJV}r7bS* z>{(ym2SsNdov^1_(xz53I`Gqrkj>lg6+Zn{zBbyVPgUjfS%-U}`$9P$?_cYpKg;Iv zyzFJOEZ7LM^b2V^EPcYhh)=pzu;M^PM9Yeg-Bl&e^9F5s> z^(p5Q%M))Sd(QKu%W5X>h@Ed9<+>!>W7$iOj#j%xn@T0poI;;kzR9{$Uexh@;fsu& zleAy_OEO>Y=*xWJl+c;3&}A%gmdjds?i?|Eqs4twR5c^MtL@z1g+*OInXj$PljVE- ztv16X*Xnij%dHk!U*&oJF#g#2ak1x)kNIt1BGtA!f4}neo7~nXbuv5TGF%pXdqV z7n4O=i}>T}e_cKBpW)Es>uc2#mvu@!mteWJ{8+tEOm@|r&0aT+PI%hKT;p%C(N#I8 z_q6BjId_ql4)j#fgOpnOTIH;7InKPj{Uj1d+KAR6m56!NuyDC-}P<8$8{f+CE zm#+9@%=YQXQFYeOucIFt-MF@U)`fivYnu+G&bi^5DVO{){o(w#p%2pL{bx9ME5>T? zl7tOnZ>Qg~-F3bB)%>mLN6z!V+LZB6@A8rjJA1cn33dr-en0E4s#D$D8r$FH8F5k{ z-H&7{dQ0rNxlHh9#||5ww5{!Y4?jw@a%C4k{!kO#acK3maCb)bx3-UVU(w}TwERWJ zuD=Uvil3NtSKjWCdi_uGKf^)8t?$Kt&l6p+^-L;YmfQQ(3JXP zw%digt&ShfZiQ`coS#1JumaDo@cF$b9=8;Q?Q*}K_+z>DYSD}Pm5(X@UGOKj*wFn- zYLNXc(?UCwihZF6ucgRG@+Q{U{E%GxqX{UdY#hwXcuH4J<6octa4ZTx5cNBloS zt8dM&s*2ffRTfycd!7Ce-gNDO>&nw*5h*fKr`pt6rdvnJP0`TtHGgxiIpE{pt;dtKUz%mBeU!G(F;+$TG;r&baw%M98mY8$bMdd?f7KKHf|BG?Wvf%T+$d zd|lqQ>gVL$ZvNa|-uISW-8GkQyIlLj_~wEP^Rlie>-wqNKJjTkWTfj))D5_GNs~shYNZP0T$bGwwM&)z|f6V=u0^np`C-aC+Zn z=SjCVUskxfaN8_>>;md!-ADtC?uV z?yLoJj;`k(&%d;H?mx-8Gn>yTU$)8Cu@-+{S;_u0e6voR*qXd0{WFg~wRmG2&YyNG zHpout@9O^yN%1Z5a_iLgZ@w(-b@l$cyABQPHjfL|x7q1|GKrnh53_HPUrvkc?J>Nq zBJ1&I^>@DK56$1aw>jjwr|fLw1=sVRSH7pMh;-x<{r|RV@H9c^j z*0YZP(td~foc|0rPCt6yxV3w~Kn>52mRZLp7OV-oRdV={t@ZV%>yL+jY>Cs})qhk- zusGMStH8ds(I))zL*q5Nl^U8^=dIR-cTe6kt$p(!+YiTE_i1STSoi*jn#9$*>hzj~ zzOCCI&F`pZ-6wuyPvI*APo3m<&P_-DiGB*5xAt*M@zRRokU2B=Kb@oUIroBs?S zjgNlkHe0^Sv@Y^la(r#$Ldna!?24tELzet}lJO_*@3O7?CHL$~Zx4N|b6cUI;QZI4 zg>fuDQrGi}>Hkzz-U6EILtog$~d%l<2OJ9^75@miqSwbhXbUwRdX%^S|_rdQy zU&pmpXN$OQTPIR-G~v}Ghl@r>c4*%yUw-mbq1L40U6%XX?@QaM|Ka@@61BX=^z>=# z4i!eV?Ng^r{2`b9Rr{ON-%WLj|1R8Po46;?Oo{x|E^X7;9Z@VA+ zAFuCOc=5|#-5b_TpIEE|s%HJw`#bj^W9EMbra!FgZ8}P~%`T)*SjWA+>d*DQ*H1ql z+7b1Y|N0K0X=;o2=C_~u`s8EZp4H8(J^TuLpWj=s^P_v`QWjZ1$H{*`hnmb4bIbkg z$NB4T*4ZawAD%`z9<4J!b@NyI#zV)-dcyBSf4FB-JmQUink|WA?**?(@qsH@zxc;?i_v2Sd_c z9g|$Y)5VW>bj?|nw9wb>bn!|12P^9A+unbx@s9O6q*!#AQ}5!m^(XWtwe5zCY6<$4>T-=A5`YZjYR|$T0BR8pm5yEdOTx<7U3}@%1(4pJNml zCkS5t#~hzMF}NaC^X$7CwQQC7I)b0<`%TvxoxAS3C00#rRuS*9fRc5my?+RP*nc$e zxXK3=ep#Q9_(*qY?>+ErD(cj06GVUw?YDZoE$C>}J zJM2fg`4L}sx2{i@gjhO7PVX(g@YZJ5^^faYzwXs~{yU3bK=?sS@60Jbp7q=M zo88B|@4M{8W1_h?tW@9%m}kUV)h%e5cxRz9$CXugx7q91)c)43@%*5BeCn!-yiZJr zpYjSy{?+cyXRTQ7Gj(5dOTr#)%>$;t4u0HOW4^M+Y2&3ot}JO957X+buha?rox4B% zy+p;Nd$+#(w!PF#cX+W_g5|-bL(eQ`91knq)pcv}r_-(<(~r#O^3nV9*6$T(xP+#% zrs%8vT=x0vZ$&>${dKRR{*m1Je5GVoz4`3(*Vav_yJ-KxcmB;;^_{*C^;ur39aCvD z++kL9B;`MY)ydiaI2hHtYK%(Xv;T3u{P@n!2)*3f>K`SK79|_+v8lba(N;!QJxJ!H zysi2l@!j7RUa`^IC-ia6wCyLBmYub!H$1*_{rvqI{kN6kZs z1%GyZUUBX8>yU2~!>m&sT`T9Bzghlxefuu+V{4_OKDu`tigd1&KCP|!(`jBy_?!1{ znm_LTR{OEN`(0^ueCIEl0_plYGv80LnSA@1(td{JKYSmbW%{x?;*NXYie!b$YrmfF z{3lW-R=&NE=kL`r`BQuM#B8W|W3O(v&E{7`<)Q6X_KWY|T6`oiihzH&K*|NcC&FTqPKWw$g%geo7Za1C3=Ud5}^EdbedyBb83?Ib|Lpy_)w^@Wj>@rc zossO{TND1UzsqXv@uM0g{aXz~C%2xhwf)b)D*dr2bJrBBfa&u$Pb!=D_2lG2G|J(vN1ZV=tvh zr%miXaqrol{0G~%{Yrfk;Ax%a8N!x)A#JbEqRI0_k1euTbq*RM^-IFc`4<`m-!setHl*M>0Q-S%|mM?-EPY<+QbQ8_~K~ax$d!Ng8wd$2VCd2ek?!4>wKtu zW3+$vzK33aZm@*+)P!HGDSfOf_B`UkyC>63r%s*d`GU7XZSTYUUbD$lHaER8k!4_K z+tn8^Wj;gUs!F{m>FJqZgN-nk$bxdKTCZ=#%?L6 z{|tI(ia6Kz)tv7VyBX`H-Fx7{hwOzPrXTT5KQyaF{MH*Om> zD=OEuU*Bckm1^~M@0M?$Y>cD%O$;o8BjRMP+c>WK@jUFqpKbqqr|wP@JI-g6edeqG zZD;3gTPAL~&9r_qR}9aWb@mU>zg1uVqy6Y62|jas`?-~?+f_Tdue3UDIlpNi?;o3w z^4&JYd{ad?bI3MG%GSQ#{C9mFOO4NmzkU7uO>brINs2x(TzSmaV%_h5oL86Z?(QRXuOny7F6Azwld$!-8>D2b_8BT-WxewZ(eh)Jv(Ws*rzJ zf26wp7Ms3g#d*I8Yws=zJhpE6)4;DUw7=-bZoaftR_ts^ubIVTUt57k2AmepR%A!H zH~n#~%`ar_;r^C!NLj0Y_N-TLbaT_TdnhxkQeb`=-n%u*X4=M!ep3uK?(Lskr&hyo zeUI~_pQRFOX1{rL^PI&x_TzQJmu&=Vly}Yyc`L6d`*Zz{I-UDJvJd`e;9h=3jbpp8 z&&D>}#&_Be_&ds_wjbs15m(|~|3%l*@2h&-lk4aHM$I+5_U7Ty;N?LwFC!kzetf*; z>Brdb&8C`X_&E-3d?5AtKSO7n@nw^I!Q=dmU(GU=`p?eGIOkS%-TQI<&HoICm5*$$ zXnXhN=jGE4#$Q)UrN6nqNFmdFW4OGv@RhJF$`ao9Z9H9%PPdbW>y3)=UEd7@%cW>*<>-QMH^eouH;zvD`JMK8{gUXH7q{xNd(P#s>9}rs+ig+Cvss0EyM9e?G%3IG zZRxKAZ`=&;ZB6}=`e?_x+}X}ol6M3(^R1o3{JQHIPt>Yd_A6m2hl^r4Op85#Y+PR< z9_QU_=9J{g=KL$%J3Q{?tjT+4?k!Azbf5hdx9J(DBm-}SbJ~lx{@9$Dy6DdFl`jQj zru#7K?(>?T9P;GH<)uH~2ShxX#F1uk?~>lt)rB`R`3<)2zVbHiYNPeyf^1dx`byrD zISCndHXAnYHoq2bpXQ!FH-4FI_QEUqUsi5u-*a)PQ%qjcB>owHwXH*bWIp`8yL{H= z@GXf~15S25E#(&3ywhx#%X+zsZL*c$R`n$7au(^hKC(V7>$+Y~w=wa%j~?*xU)wwXSe@{d!|uF$#Kq3b**u+8(`NIzhlfAw z)B0{Z?vH#e6QuWsN~WuxpH{)VwMxS4ZC>TqmBreN&wRbl@>)u`%_qibiRe7JtUpq3 z&m>9el&dVPOQ^EVdAaNEwz(2pcC%iV>D#&J)agU_RCe9uJwEBx9mU6@?=H$2YH`o!kBL}vZL_e{?d>Oy|7c&Dk@ZjF>X!%h8@yr` z^WS%JlW2VTKJ1VAqrGzP!Y?d*ZFfhJ1R)#VQO*5&d*=&`hMBHxHIGfe@sA- z^ra6c_B`I3UE^{2+4NH%W4G?G2v9q|G;y)c(Y%K_Y%#N5HyfmzuD*3QQ>tfzr@*JB zl9Deym%Mmc^2|GpQF`vob*w`Xvidh#S`uk(>zdDC?B*O|O%JFsANe{sBCMf4FP#}%AP zQ<^W5jz*n6~#;=Cw*BOt6xgJ!RHLvDt;D zOU|-1$R3_x6?#+GX2-q@Mw6JQOw6A3@8a&RK&?*~=Y@P>hQeauUo%vIH&b^Wrc@vD<63B1p3zO0IxHnTdh;Nn@v8_S<2SeU%Edi+;rO@>Ry zea&x+XRNq$XV-^&i)Wa>h z$${0GI^FN@>`}A2dUXH(OQxl}x7IGaQrRGd9< z-^VV$3xDEdnRvo6h z(GTfk&9NcduB7%=I6X*7mpis|e}_EhpU?*<(>}I0<+{wuIT!crCO_lu2jQ#_-wWTb z$a|A5l^4fw_-yyyYW+q#&CEL8%W=}t^NsGM+_X{oEcpJYxolq2kz%*z{@i>%sHxI$!u}9R9>`>?fkOn{|txfKYWgkjB;SPHlZn!Muld9QxjiD33x7#J2T;~(scV{76(A5;Pq|O?~WG~mAV}I!EA25)P_&*TD&Ts zv&=s?+5gAvk6fo-MdsMZFIJ20Ik1!c`qGe1O|e{xV$&Z*JPlVa30nCxd&7oHZ__T< zZ&|-ZWM^c!^xLJ9?AJy4GJMW#{Bi!{wPz2yEtLcKLvjkEF4Xw{U3&4~&1G5QjrKQ^ z9RFq=Z?ofkRcE<**89W1j_j(u+uBv4v~d3q#gDHKe>PpaZ29xsitJ}vH%|;c*EY*^ z%l%v8-xgm^HrpF0rcZcv++Tk=>oCdZqr8 z^Sm4RPlu>}*s|HUKI`T6Afcj~qbBQ`UVPc|chNq9y9d@6@E%SUTD7g9x^K(FkNpor zE~X#;$M$)~ocEIqkMFHCkz?7o?en~Q9FO=<=omJ;&Tsu1G5Or~E8+<`slHBEmacp; z=}v|Ik;x}lS1dmIU8?HciLG}WxNnPeFRc;T(Rz0OkqgId)=Wy79G6$p8{lyBN`dT&1w&-$5(KZK; z#^1|(eqGD6n!dI-{>@$em?_-Z9%r&A@AWuon(W_IE9ueoEMeyF1#`HTFPG;#xHFZX zQ`vgL)x&F?(>OQUXZGlM&D&DcYc{j)ev~%13PpsNCzkN%t+vT@aA-pU% zpP9YL{Ps`fL(VG3t+Vbq?Kg9;y0&FQY!IuMu;z&qELTjEBfO4_D9t(*-g;s6$6M>7 zEGBx*-y2@zn7aCqxnpRr8WGUY}TgaD~~U(CY6CU*&AI^45OFe%k&0we33TfA2l3nIHA|&H83T$>XxC z-A?^_dy?6LxiNB!wDIOkUs>)x-CWppd;8Q#bDpwwa)-W7Nty3;W7Gbr{~0RQ&*3|^ zIpd=CT$AuL(L2%mvv#LeY^r^HeQ)u#@^5p12|1Q#fn- zcRP;)z6S;Oz8H$$yU;)1Hgk5W!^L+eR=avUFF0lu)N#FV3Aa=4wioI;?(FMDm*%d> zkvPU?b;anwD*jWN%B9?=o|G-feGzFMc;ZRjmb(WV53cZf@4R{WR=KPL?S&^zIGTeZ z1;jh%E+{dbT;y>wvFp;6bxWq&?D)aFet*=7eS2Dy>=p$3dozV=o!odleuhk8 zkIa^SCbwvb=b70XFG#J|X$sdoxLlTDc~R@4M0w|H8{bPdi!v|GJrOH2kLz04Dy7Vs zi)2EjT~6+>b*nfVGSz`a^Zdfqlk46q9*wpqTj z4%>V8&BxdseK9Ey{%R}7PI|_3LM3QHLG7x=J6o16JpH3R(7^L)Vx&_M``V)GMebWq z@8mw|Dq0=1Yuck{)om(y7IJ^C#jW`llheFHZtI?4cUiZDS82LuPJa1Udj6H3a&LD} zLxFbM$7ZJTgkQ6setmu1GfJT7_&R&3ds1_PFPxbblrm+}yQ8L0d4*022{wPOdN#4> z+ygr{quO7Wb{jOO?t1Xprf=)gHHk^wvm^2rGo~nRPhXo7b6m;i3G?-jYkOxXrpns~ zWi9#~tDWx7JAQF} zl5hPUu3K-q^wU)C-nD(a)#8UeFqM>No2R(|5l4$LTVuUSC4ueeB)d zRjdBY;o*8xqn<6rsOV%+$-cLAS7mO?bGiF-3*ydv)4X$Gd+15&;;^@m9Cq;3HLboa z*z;`Nts_00cYDfKOx}5wb)iXMgTdY3S1ueX7vLAUanZp7wDPJY`QwV6%k^5jBTh)1 z|M_g~vEB`D4}M$qLGX{;^6jZQA?A+*?w)Q^bL=z7e6{5GPU$({mNf(vRb5^jSHv$j zb?(^*osTDQ9N_cySa{oB*J+bU*qNu5>e&^*Aj#CTP2&tmmu8OAv_ z2gILB9OXM}6BqFI)?&T`e+~q#In}Ve?n;NTDX&qKkpUqvsT` zXHE3c<2zJ*Z;_9omYdgsJ=37m)EgnJ_YQOD{Ut5xkhd1 zNZ#DZ$#s9O$?ev2>{XkR?%1AR>UM3(O1C`zDl>=hh$%wM>2`BhMLfM$2OsuYX)lYqi<*!r}N{qp)YOcg$XM z_T3X$d?74kTBp_)k2#ZHM)z|}>`aq5YIo=ao34taligR=FP1xM40cCuFMsIk&DN1C zF!$iJ?Q!>u1=#U98-Aeb%q)qx*QPZ%3wW*NJuWl55*D{b)Szqg@l91wTEvc3Mp7+Jraf z%Ke_VRBZOywQ)!GLhPb%tlHb3IOM#~opQW?zV@vh`C=7C z9QiRXz9}-TcYQhQmXW*3OXH~qhn#jhPAYDWoaDLUv||27rd2nNug$t+du^8FEH+g) zhT~Oz(J%EMMQmFVA#W(_n_WF;&#oEUbqivQj%#-Co^QR$c6t zA7=a7?vZH3%$AC>2VvbIDJS3Rhuz)2rd@r-T3hQQi!OfpT%yb(^}N1j;f!Qu24=s{ z+%h7P$Dg~dQw=d%g7W{j?wFE#;$beE8mHvR6&%dNH%&0hL*gOD5i0wOX!K`oNN($KT6o zReLU!-mvq)8f)pV*VfuyP5Z%8dNyi{IZx3fIewecl_j?{eU0NZ{X7Lf*si>EQ1(<( z#bNy&tFCPq>UsBjNpZO1B+11L0=90|SF%DUYux)0?RiC4j(scdj)Zq{hB4y3_G#~# zU%mQnHmkBJT=KK-zcBWB73%}qH9VZ>Y2HhEtDfhdb~D!b%=yod z^&|OXaFA<%$Ag_SPd(Z-m-*YLzpLsbZfu+VIG<(NX0Dnwfy_VWU)yWv9ihs8Cgw@W z(V)E_+NQ2Jayud5Kmo_AY}bw{e&J2Nn`d3zpPzrz_&AfV^<()1C$_viFXa18agu+K z_0`$$+y66s@P6N2*nQg9>DDDrcdm1*4*b;?J~DsvvEFqj(sy1~Nb+Y{e{Ik0qw_cA z^@^T8%{zH9Lu5^x^5obph8u4@T;2He%9q&mf1Iy>YyX&3I{#t+vCLe)J0eZr8RTP_ zeJ}rKNXYMvt5~=1 z%U*fGK5PCDo&ASP#3r6!ntjS}=eiTcKl0YkDmi~!{afFq{|v>eZ#f#CP+UBt@z3fd z7ydKk-lH957>gNu6;ay>h{c4MlY)G{Ac(Ox&QVx@6atf|4vJ+3|ChZJ@7|+)|LGa*2RAa z`s@32>&1UuFSiMqnb~|>#ne}QefsjZESub)9bCIpcixV(fjfU3T=DAKTj{KG6$g&T z?alnpkg<1N+J~#rH}-zy{U6j3{>3h&M{m^H7^;$O=)z2-j6Z%oQ?2b`9*IyYtojEl)eI zty^7o{G1XrzfqqC(hcPx$;23oSxcjf3J^r>leSv z<$B|+T{59GzA)y?s$Io9_k5UljZc03pM)Q_AL_sPf8cifP#zurk#8xJvrfT={LR01 zGB2&^w}0dQ;Jr}ACI60pRv))~4-fW!w#&s+we#fJs;>VG8Cl}_ckzMsZjnpF{iho9m<9Ut-LBf0v&Z&9wmq+YbM)Z=|K+Q4I143o9N&Lk&;O(O z1N$+1maUO?S~X19QaxB&-vqo6uofr@BDo#e?C;8v% zKNK&y8=2G*<;(+FFs7wd>lIM`OMDc!Mwk3)E+-q&$G|wbW+lV znh@D336(uob)~N~S4LzBaPPHxnbO%7vbOa8*7t9i zbE><3PChWt_Uaz>m3EzL?<9(Dd)R;XZOqL!@1QxAm-LxuT|Sbr-L@;cZ?W?0pVw-S zUT$#9+WzfK__RkU388Jyx?%G^Rvr#N=QX=~v+azlLGr~FH*{t?x(XXkmJ(YLVPm!}+9d&Nm*(u6B*NxX? zDH)uTUY>O^e#*2tgL6wx2HO+^z1i_On$#( z>!k9EcW(SO^<~6q?bN-m`M&*DoUbtFi%8rn$A~EtK2={cJ^LeOin{8~@2dlLp4IBv zSX@2D=Ih&#r8})X*}K+!@1C^gZnoXCuicy8o$8yhHj&MJ%Z0MFRXc8RyqxuT>tEj) zqU;37&B_|GuD$bStkapaL@9Jcpr)-i3ZH=mfRre^& zIl*vT?%8Blt=7}KkMcxWGALV|mt50*dUIRvlGoo?s_weuKcn(|)R{fIf1g_N!Seee zttXZf@5LF!PoK)X{o2N@xq(b3s{7whzJ4R*`*x$;oFev^aNElA?47AXLQb+fWQ4NT zCeI7fIc?2xr2n8SqbYaJBr~Q5$xUV3eXgp`O)c8=v@Xb5Zszjt+KrVft#i3&in_7Y zW*9w_`+QcWr-6t4IQ#aME8ob@b691>&)(OzBDzyOe&)=+yGJ)(zqDn`3q5un1Cc!C z*R$BgGHy;bs+?rTk(0~3LNs+LxChtpS_^}CnIuEJn->A=d} zjK^(Xu4VZxrmK5GW_{eumC+i09}heUe&{H1d(Ow>uYGnVJ~iYq?n(G(!kf`C@3D@5 zT-6n$Z5Jo}-ejOTduGuLSuKkrlf1X|{Abwhx@E`uq9X>Ix8G%#cp1yyo-=i+T-LYe z%1hH;ik-QfP|omZ*IPc(j)#v}CKzR@yy@#Q*tgvOp+mBxwqB@sbANHH?AlM$jWmBT z$K0E1t@NfRmm%TW($(w%&LwYWJzVkbyjPdUt?j!`ZREZFGbFstz@pCBXFH3V#QKLm z`+qJ@^W#|Axn6VT$~&7DDmYeEstpkGoH2Yq?oJ z-!6!XwyX$#gZ1VXXP?gTK;g2!bo`tbi$r7Tk=J8)hy0cEW&-i%N z<0Ds}y8Fp>rDuO=b}-|a&bKr9+TNsVt|`YZ9{Td<^@I;;GcGu+ntR+r^xEy{T}M1w z!l&H5dp>B^Q@JFejR6&F=kwl*zS*p_K*xV+O0<`h)0~pG(Yp$y&H4Q__x2`boh^TI z+w@Ftzt6AFF`0XJ%zG8NtLupygYz~O`Ei^rsM_A)?74CF3*!sn%iZQpPoEndcKGP7 zIoFRTdES@Jp5N_vTHvw5yhrP67p{xvs{R#vo>WoGq2NhFM2G@_3Z1CsWbLHo~NCE zcvtm3`&my`t+V*LrdRLy`5m8S3j23=y))6Z;Fx+!CLx(=U6H5oiQA?o(vk9v?hHJ$ zUX}bV_n6B6Olx|(Nr9X2<;k%;VQQksF8LOmb9<%f(k5NA@8XTn-?|2;y!~bd-dc8f z%QKybqgSfJ_D-92u599gHGda8mfkJ-ZI{Zf37?XESMFxpHJAVJwQmM*LSFXW^|klk z-o)`u>5J&{42K|5&*!t^F3z^fREpN%<6vHzb+c(@!=9_z*0pzgvobGCjS+pm)wx_m zv|WFu)LZ4rF9Uk5yl>CHSGRR3+nlt?#rqi6M#q|+y3em%{PO3O_X}4kT>K&}P%|xN z@}G#+)2;ZXC-FRr{UNvI$@jMxhITimv#X2?hJM9N(`i{_fw4 z6HxF}@DTd*98(Jm=Zs zK6ho+&BwAA={wH~ymD>(?k5wnzV2D@=hRK6jk+mZ%jadC5pNPz*cyA$%#`=iqRnE* z`0c)i|8`03dsmxnA8_U7;+xWsudU!d$#|fCt;{vYQ|Fc)jxa1ZBJ}WuD_)nuv@=N2kWULqA z=+LQs@oa}`(itPs+Qki7+~3XoQk*AVSGcmtIC4YZDoUEBH!J?`C+$-y~y9<$44 zpFW+k)bZq3^Hp#4g5SvB*nC**`m7zhr?43=`?KM^*O&RXzWZG|e%R7<_MuL#jj?Cy zJ{&x--umx^oI15ktC)L=7x$P<7uf#p^4Z+Qrc-~{{kZ-ptHSEM?==&SwTcNb9WmP; zpLiV;@y=`Nl)!^0HIptsyYW-`=yb8DX^UQM;=g5IHJO8#;}}z)f<4cRIUh`QiIp_P3Vyrp0Q%d1scM{MO#I=IQUO=;$mfl?yM;-ic*5 z>&#|+uJU!gynIyXy`HZI7V2EnSM<4mv-miz*S>dazR)XsRctUza)S=wX*PO{Ve&q91oY6??KX z^7{-)jm!IW&-c`4?iZ_=9rv+XdaYSR2m{l0i?#FH0@g(Fusw>IuTzkH`=8Mt?GJ8S zpT8D1THV*&mwob!KIgi*CLJn&Z{+kZt+{F*WcbA1;nXU(r6QL$uDQ;gDmd@X#Kw8N z1$Elj-hEx0XKndBjrEuC``CNiOBZKW*-VP{W4zrMmz=*c^H+Pf`_1?|)>^jsvobbM zDtF#)jS00-zPLx*I3nVtQcrHrKT);r^`0dXC*{L_RxHoBV1Co4?Zu-l3KzHhHobR= zvF|{5%bh#xi|;R4ETLj)>aV}9ICN`o$x*Qz{O4+4>g(w$-3dr(Jeqbh^HSD#x5&oZ z^Rz8PCfBUE>t@Ry@t+~%-sxSLe0RRCcm3g>z4Tzsrz{?6<{zu)H2XB&yU%6Vc(hcW z&qUaKcDbQ7!`Z4C8c}-B`)B*=Si6}Y^VRqG$hJ=R(SL@pcGYUB$6M+-A}Z=CRW@&z zw@z=2UEgtZidD;+ODXRjn@*Q~+Q`6mavj&^$+N?)j7|l#io9LvD^~P$s@LzX?W{*n z)pQozd$zoCkzsDHtILkKtFv-*&c~{%Zq&)GiY~sp;rQ>+s`J5DBLB1&72h}YV#&O1 zX%qTaS1|8T-bt3Q4Mq9IS`(I^_+nMOJmT;}?X|%XPm{Kn=l(TdH2vZIJNA`S-Oi8Y zM|Sl#hHjf3KFi~S#qHhy8P>+{_|LFKY|TFDzjJEbS1V63d~xaF!Gr9X>krKD7M~QK zwOw`2W>3qLzc!k_c)G6W+)5|?+{h18uV^1y^QMabjq8U#`3^g!{a4o|^65O_7n=Hd z@~yp-k6OuoYcBa#n0b`RoMoNywcY!FsE8ltRSv#jnwuZCT{<#I!c*4IFZ-2$NBpMy z%{G21)w!$QzR~`+^J5va-ii%hO*YxvA1la9pRqk^+VO+aW^G$2(kf@f@SoxJ)!V*K z(u<<-ONW8i+kp@q{;+;k-s73s~*6={`E_fs~(T|byJ4`o< zFK_MLbAI>9KNg1{>IRGaoS$TWGyGfq2mV9eA+hrAtxH4BOtwndxcWbXm?^)I@7mMi z?OP7HRcKhek6qvJIHDx;-9^JsGNJd|{|Uv$F1>2Xc6XPPTdi@tX2;x|68+G-n=h=j zip(?ot(wx$w`tFh)6aPK$xmpg`gQeL|D!wa;_~^o8O{-o_m2J%?bz}-t1i^yq6u%$ znbmKP7V2!e>uZ0lt2<-9k>ewOxr)Snw^zT&o9I?<$Uf`(hxoQH^0)erT;dlp*>)k) z_0v0B-|Dob5B@Xozt;G0=diTmW0p``u)(n zemH(SH`{09zSxa#-DFrCkW|Y*}Y0a7&cG>oK@DKM7 z-=lh`{XVoUkK^b565H49ANAjaf6zX%bl&?z0@~&U&409|58vN9b?P~>w`_h^Qm;zh z-?Be^&iT$Ur(c(+ii@s1v*GfzTl3^Up8m%<{ezxA>no{abJI516ihoH@qE75&-Mq) z8yEes*?v#-cjb-C8+&JbJ6n7Gx8uKyc6{?6sx3}l?o)SBDUr9XrlSAI_vuwzCixok zY)rU%cgm@{OM&~^#q?ShN^ecRuqXb*eAkah(gQQiVgDUeN)>OF0x_ezUAF7!e;d!(Nzx3%uNo9ls(g0 zsURF@R@&|BeDw6gx#j+?YwIpP-F;$Cvc=h2-IXsrKWuhyx~a=(emMF0{br*95AJvr}nlHukjIp5aH)ScSDv25Z8qj-_m|CleX7qezf+vVze z=Is~B^}VL+Z@7O8{BiQpZ(ilYzqD_xefpx$Q^Ata^L5;I-R&Kv@lBI6HlEf#ZsgWK z%|anO{I~8O^_|5*&~MLbCs%RO zM)|>cq4U~ibMoZRcBJ}Sh<={m@t@(rgn#z)eXaJlJ>5RfjAg|+Y0+QNzx}g&SJ&iR z&llYP_}nq=#J=MT*X4&^d-CCZ%cD=vZ$&aaklXrsO0i7xipOlVN{54b~H-p&5!xEr+xn? zb#ck=tzn0Ag0lKMY^=6_teyWz{?KY8nYW+ybf#NA-zoa`^4ZTaR$IQ=Joo1{f4A5F zsKot8{p~W_UQcEC`n>D)9_!x`br<6}wusF#@BJE)Bpa9~&HQ=&mDl+f*Z&Buf3PLW<<|1{tvhogi(GzcaQQPd9t{J@{qRJ((Y~AN*dP zdg)J~{H%bE=6#my=YNfFoM*YQh;6!Z@~*C<(+|sOTue=!b}Qr5$2o$rMu*kb%skI7 zvZiYPk$kp_$ML&<*U#9_^~S^SGyJgk=-#u}rt4&^StuE9`*-z(Egz@% zekr}lx4J}J_KCXu+>%-0Z-pP{n%#(wKhFCm%l&k*fW>RS7IoK`8@wh>vODp2>OQL< z(+}72?YpL@ry}I|^jKpbzxvYJ@4uC6a^kyuW!D~QKEt(Ka{aMAG=aPbV zW(r$MXW@yL@yY*=$bSfoZ~V`|zIBIby|}CLq6RsWysb~4M;0HskSBQM{psveQ+`HY z_*5%ANj~)&(#UZnKrZjTz$IZRK)r!YkBAP zIhL{ao?U-)`M2?ZhNH7LT3y{asd}lgPfE;_jcU7m6%5$kI|q_-tq zuF+3tn{d&W>9*dn-p03$QM^k;llnP-y4!@68s6x*Qk7A%%fx?@Y5a}-hr^eCUg%O= zD6vlZ$o&oFZR)+(f6EkKezJbgf(tp{QkcEzWl*-h?4j+y_TG3O?@?pB`$Fk!ZEs)oY?pxlc!f6ozbqAs#)zVb&u!jp0a$`O<8QAEl(RP zAMJho;Mw{Wud7rxX9-SCnL8nUhwSTyzf)`k^H<-?x_)a~3TMWf1;4(n54(_?`^S8l z`OOIoMH$HgnJ3<` z=BQ0JTm0yR!iQBezkSuR;#&Jr>)PqVQNCAxoin;PHSzt~bRAt+-;;7am(oRbH~p9< z|Moo3#HVL&sC<1L8-I8|zv|pCg>fF7Y0~?xp8R27|6*2p%QFp0uSusEzMj)Aez?9< z=TG>Gwa0q3J(wT%?^t(dm2uBj(}VYKEvfaFYkcVZV0Xl&wCGmn&nq8vJ^fXzrm7IGfzpGevE$X(~lxf?it40|fRI|}XXwv}L zR}?AUa%DwU-qVH0qF!9m+pPQc$|hfBO9j^(zpiY*uxEnpx)svN^C#ZyKm9(|DML6y zbjRj%UVjdJU!A$=cJ_w9^FH0Jkhf5t7?shZQ&}^sWI~MIT-!@0S=JtYZn`${;jv4~ z`ESC*Yno0uynG$L$NRx-ZC=Oamv2rLNi#Vw`73bw%~!WRb32OPoM*#tSaDB#-JHL7 zdFJ@ki`=+zCsXZFMsA9Zu}ZeU9lz|ee>@-bGX42^*stQW{4Un&ka=P|FE5yIeEE{e z8s{R?OH;DU@^V_f$H|747EY60y=ZEt({r1bpXCHAKdgEtbY{g1{+g0y?jM#PxfaH6 zHh=Y|##6^UpY44Xy_PLIJ=fXaH76mZ)bxBzMb(45tUGrJI%=NDv2Q3oTIRHC`jMoU z=d_)VDO}s*{m?xB?ODxt0&BK2=?4$p-Hn-1?*3~#EsVs&h1{))GAZg4Dr z*&ns}k$$_K{)cCJZ`Z}A6$oEjb!*$aRq;nYn20mWg-h_p3KmSd(6%%5RMhn5(xv^s zW8#!nO8$&q8gO|}`sx?&5@#OSk-x|K(JtarW|Ua) ztlj>s_@cjQ-MJ^4)>);u)Q{TpX9djIz!i_mrA@Ux^m50PB?w}E5T^bzl%8|6_Yq@ zcdpXZ>OQogO~~-~>7(Uh*S`Hz*tOR_lR@<`OYz0&>Y~kSXUp@vp0M}p#80!|onU8Q zTV+uhD;FA(b#uP{k?ymCXZIexCubHcZFrDvw{Nib#*b;esgF8@Eae>5{AWnFX})iI z;K%)k+vY!Jsr5P^!68|05O-+f9>GU%iy!V=E<62O_xXI`$NU$sU)t-H_d59eoY4LS zTcY=~Rc!W-Wz`dW){`6d;$V9~?dzEzkGDSExpltJTsCF-T`EQVHX&81``hOwc2t|e`^??n%h`8Ld>t#-`DicuqueFCLZ8Ur+^4wZXX@7Z4Nt17u6jwyyvkEQ zB`@;FLN!ulnv$IIiDUetk3aeA^{+6Pq<`1TLo55OfA@aww|ktIoi0yLP~5XkeqRs& z{&<5LzYl&Vo=&@VbmC%}2CHP#spco%oLh0_S?8(q*?fx^duLkLy>mHqo!NHou}B(@$y$kwQ;)Q!T!Fwt+OAk(0!L6tn_5Xv)u|OrsO2u$kNT9u6xX|`NuW! zjyDT-&U}}XEN{rte{Ri51D2I9_}3b&GRkv1TXH;kQg*P>$vE$ZiDr@ zEN*T;m-uH*OS!Hv;gylrnvDB<{BG}jw7F1da{7#HsnA2G&M7gr2Wat1{d(=b_jB?& zi6YzVOQv&~T|esZn$E5i_t|T0_`K_ZsjYnIhP~OATfVdU-&gJ`yc%)Q-`S7XP1ZLm zB|w5nlH--O)pw8W)5J3J%yw8Zx|_yncb_$Sn09k23#Z}BSe}9#uf9Et)pBvzU#~nV z!j3smTqXW&}URMn3r6#-r+~}x{CB;-S$m-r5q2g81B2{VNv)tF28c|owMAB zl-VmzeZ0`MX8QibJ=?D-%Z2`(y}~WHsdCk}mYWeT{`fEUTomWOB)f3^v`wNy1}|f- zE#{lOBqq1b=)}px`p$6^SG&zK_Uv2GXtvnK7t5?;-7c5zP7S?Mduz%% z!5c@bPv(BR6Kxq5`pQ^E0Pf?&`+Gwec^iEI+(k(Q$EcQS^_t zZ1p2jHnZe5?b|qHgER&togiO_20w`oP8ec^SfN`u<6F~ zhjYcldcUscyRYFnT{Yt0RIf+b!3#gUKVsc$YB}o*HliQd z(yo2UHF11?ySX-P$06@?Ui1B?KL57pz1NhZB2VpG8)c-nE_}V+D)#nqv4uN4EQ5nj zulSj}GVb#MIn@tkrt%E0)-9-gU3t6h+tThMztWcGUE62$;d9hovBUo2j_;!{{aEdP zB~Q8S%icX3*WKBEH{a{*{z;O0Ds69;be){D>FX~kC*LWLy=PlSZdos2^5KnKOlonM zj*V~Lbl0ufdg2T+Nwb$!IK;*1UTa^!Bv_x5XDz~&pT-_d$!k$pCnOY!F#ZUSd^o>8g zZGX$la=BP}!L4nN+br02amPz!L>*CkgR`-ZR8hb%)j}M^YXiO@22*t z@1C$R&(}Tkar`Z{Llw&}{o`HpVL8X035Ty-+q3GJ9Xmv&W88{>7cs58sn)y5lK2XOcjrz$nO=XJ)ZHzy=ju7>?CbH5^KU*seoN)(n~r^3lDAnV zH(&OW8PIwnrA`>^uud((0q`OE$gbw%Ox)2~^Hj0nXYsA|QSq`YI%WXgr27zmw51(RTF%r%}&ZBTUeOvtDG|<)PI?4xS64&vf>;z+oGy~X$!JU zt_2=Ra6bQGV#qTMiRP2cYl9};dZ%+%^gsfCRZ00DK?B)JlbsHI6>~P;`N6(6VBhv_ z9?`m!`?UVPJtE{5sq(_&Z?@34q&FdEm5-**EWEKSL?KQ8n02WCR#!pG_rWpKbR1a< zudRyJI=1t{$1t@vn^nKJm9IJd{K>zqNtuWAK2(3uw)<3)boBH5taX9Qla^ix-m!Vs zsonP$tYUKC8@F$o;f}?nGHILM>woB3klwZ8i0{l_&8wLw_Jo_S^J?9fdg9yK>eq9B zw^gp;jY>Fi@9>{&mmX=$yEQJepZc%`pZK=UKlVyo=x>uA$Kx_zMRz~)4N~Ok5}&ZA zKkAXG_004;M>!LFWWKF^c~oX|rm}fRY5Nnw{|w?X*VNV*bhf3OJYIEi_tb9V6Gt8| zSXUf8y8d6MCwfqosaMa)`<_FuuJvK|Jug zQQ^U7+nP3>d0M#bfnK>;#cS{V&yywzg;WK%Pd@f|%VSCTUPqHAzTzv7mG=gUOBQQS z+{>wBKUIv$^TFpR2AgYl4t!m;$$!)1C&gRVE3J9C`}FikiRX)E@w_k2K3M&(RC4W~ z-hJK$_qM+N&%h;A|F)%IZ$)t5)MxYg-+IjQRI&WbZ~E#!U(D^;8E+krIs9y|dc1bC zt&WoIa))hmlRtBukWlG*nX44A+xYtROB+krQZG+4_ub(jeQ*1ki+d)OVBPRXt77MKSyo4m&{xI5 z3l-+@pPO{!uJ)pc^D60GlZ2dwmUp!o6!!gn`Qlag&gibDNgGR5bQsdkX=R*XUa_iR z+LLV@Z-cdE9$yK|oqbU3QSpWqiL>UJ@HN}KwMkoXTrnm$>SCw=)X$}B&U)XfS;s!@ zQpxLIm!GN5R=8>rfBJOV@<{GK2d*AZj1J^{ZntdKq$iVJg!3M?dBC^j(CveFFYh(% z^AtHzDe-pJR?eKf#1Nj0Wc5;e|4AMg- zvZ}Og)jOvgc52>KW)D$M?ODrZ&zzH-+qt}R=9RXb{;bR_<`XqSRb@;2Z9WEWG}7!Z zm)mN)#cSnfvx3YUdUmQ3C+)rFslM_s6-i+7>TB|!p<$;FCB#bIk6SB5L3 zR9($bHuh|O8J@&uxV?-`Gota*>diUf$80r)TwBB@7JIBb_V(tZ8RyO(lu25f!DMXn zG>7Bm~qOy zLlZ=g6d2w{3P>Gh^)-`E;QBz7Te44#u-2$Bn ze-0~WC~bb1n_jv3>08Tn`=c)`?JnrodhqdmMEJDnW^Ytx?zCI9E8(*HYzt3gId3;3 zqrN-yKmV(`A{4!gM{dXK=y@(hZ3ko?>xQl``Mcm}`kaqpsi)3pCRU~x&iQi8HT$Jh zXzPyXnR!c+tn_{@)+sW2Yr#?#+AR^Md&tvUb}{p%&TN6Up4TR`w@lrCZNdTuqpVmb z>onB`)-x+4zOJj2ZtJYsqOQ{C8@qY$MCp`G1;^E8v-zCY8NbWV*wx?pFkkD~&&%8= z?#9M7K9(1JnVz<^K*fz&p>OKp$e7caN~f6(RKA{%+j=Q;*NUCZIR|7)&w58m9SXNq z_WW2jxt8tu1ob4&wJL@&NAz@4cqJZJ$$XBB`oQ_Hg7^7E$;Y-@x<f{c4$>&{7FLWAK_N0{C zzEUo64!7L>pMm?OdE&eh>)AbxG3z_(#52XuPTj0KZ%%FYg%*v7We&CuD<5r*-8qH1 zvFny-jH^`PtD4`B>>J!FXFhD5!WY8z$j1A_@{r3e8ylC3AAY0qjFXe^) zh+W*uv-uW-J8Q#wyN~<_wNHmlc=>W_@b|)#qDu_*Zq2L>GOUs@oqKrdtx1#EnP*+Q z@P3`{?eA+R&iU-~pP_|6d=r~9OEdejTbq}^xP8OXFg52f`&#p8XOD|kw%U;s9!_}6 zykWh=hwVqWJEN@C>bls9ukGknKkO-!SazEYW)_nqbh zzTPF?;dkMqPsE(G-SzyhH=GuKuljTE*^0L26>*tIv`?Io=+jeF8N_&pW>8LH=`U)z<-e>AJX?Nn8fZ}FzZ zi*1Ft8{9%95t z?TRmhKJYDHE4V9ZOHOokTZ0&XW1r*8IQx(Ju6Eqll71|G@HfpuZ_(u1Glq7Y49_k8 zX#0O_`EfM+!|{XSRz1Zlcck7HntX4caUT-AH`{_Ao>uN$94`T#01Cn)9TauZ#f^E&-SM>{SmLx&j;}ql3W`PNWO4ixcM5n59;@L7w!Mh zkv(~`)i$Lv8^K$9)oSBRox){G*3YR^uFwzv5&f7m_ohmdhuVWLFMO+(H|)vGd{obK zw3uhKu z<$zPmC64(P&+1#aHKtugZs+Sb*DcnSYdTGNz0&ok$@FQ@-nYO1jG-~p;dPn$Uw10c zsB{tR%N7p2GA(je3`6mpP)DIB$K&G@PguT<4Bvi{XGNZSabV0VVZ$VUyRWltpFK@_ zvqQeTYoD{)o2FN9c8l`Q`E@Py?wLk@o4zTpcQ06An7>Zj=+nnth3{iU9u@jUb(&se zSuHo!>Dvq510Mc6md?vP<6%0twpfDIxMAPi*BJ-Z5}sX*`}JX-xXrI?YKx6dtXX?q zzH#OI_Xm3$&NDo>e|~FY-uo$Tp|g8R*_URYO4qzAchB@!#r@E*m?rfAe&U|V0 zo->X)AAj|272I+AU{2Yx;%ylx3*uKWbMZ%YMRqIZ^l|*Dx|*_+VbVEUK3-uj5z(^8 zGJ%Q9@1!0*V99eQeb$*>J09-aleBF2PKWcHGJWiO)4Xez&QstkV0(ONR#;NL)4r93 z>Qe$!4jeqyczf3K^=o@xZ;e>MkkWO1_l`_9hKI%Hi@T0qQJ%5xV&RsPldL~F-#PcV zC;eo^eI1eYACqmqs%?=?o+i$EP%ctlziMSd<0EcOc8Mq7S4O!?hQ#h`zHQQxG3k`X zltmL94f)ueuYX$W9g&>TSy1uiePr0Xl}fGF+szE;UEQ3(KIz;Y)(2IWqeVsBtyH{w zWHcn6uhnh&a9T6|k<6oM@7xSKl3imyow2@JYk#KCLG^%jpMkZMTetIq%bum2{m0fH zW#I9AZo_94>MM5lMsm4hPuJZIm!~xF756-s{kbAP*kfJN+O>@VRWe^6zYbfp)unsN zb4k;Ma`UC0&X`o#wYGelUU`AINO!>|}z+2}IKC!X5#dzFQx#+@# zIU7r#_k>)Vu%WDmamNSN@NHqYLjC2YE>Fzk)=2PImJoTLqOp2blfS$tD8!iQlBI~zYTjg_s`pjCm3Yg3nM(Ym0hmcXtw2adm5YB>l30omrqn# zSa>1j_ve^(jXG^FjQ%q)JTdorwIzK=skyd<_T}YO&u3X@+VV!%KAC#V&oChVgcuuR z;p@r4M+&9A&iDI-rL8X${_HA3Nx68=LuPsS@d3WZOmDzLDyKNHfwy!>6o*MFCLhad9*Fu#|(5JeF9QyXfNd2Y;D9hs;0SrN+f^TJY<7uZw?df(!-NximhM zw_iIZuc^#XZn18bN!KNvT#4hRvuEcdZ`rMpE5M?B=j!VaqkRu<9xhq)I&#m=0>1m7 zvWpMz@;rYIW&|UBT9kOQTg6^-rH1nszGxuFCcex4I5| zVpm#!+sTUMpvbgW(bMFg&$_U2n~u4N#Mgy6X*z7%rm+1=0C%=p2wFaUD%i6nwl2L*-_ZXxmxVf@w_AZ@5vU2KG8e?Ix9*vq@nMt@6@R~Hxzf(xvPIsR`^%0rxw$XR&9Yijn5kPl z!Q%PXmCts1niTEY`sV!VwR7_CKNI=g-In~c`Epmk^ETh;pxJ>rA1_>8-7V6yIemF? zqLYAgvbFT8A&w)G(Pp8kDayhZsOM7pJ zhsB?&%SXTQJvE*At%rB_O4gGyWhU=rj-82`#~6FncHVx|mPZ*kuJIIY7Fuw%J0SIE zN}g?|+Ko9|Y`qUx-RpleTQI+h>15yXooo69f0X_9nY*kr;uyc&jCJL%^QztXSy~G! zEZ6;Z_-MOtbwbJAL}wubnQIrfZdG1;@t94JogZ8ERqIZ!6scEVYk76mbaNK0eBO27 z%9juRrwm+UI45s>Rlh}Sb^fFNp6S!24+@@baL)-}`R}~EK%GoR&NMr-4}ZcZ8gTD& zJYl!s`k7td);_BBK0dwt(#y{*lag+C$yJ(OxLI+DTRJhns9&1-kF)6WgqMdbN?A^= zTKZP+{8jz-IL#k{ODn8y-9P+KeRI=2*UwBQuQ=3Km_E6`<@}NTt?~kT(TCQraxBwL zzLny{aq?VYyj9&f#hO}?3$eHMtmH{;erLlN`Zc5Eb!<{%dj5v@me228H#+#+>sx*@ zN8oaAKnkPwLbC}Kb-vVtC8Dh4Tjq66@RyVasBYcOip~`)|;}eUB?dA@9lbR zpB$@X>wK&*c1!d$Q+k?#4`!ti+ORo54m09eyw7-8( z@Pip!Z`*G;FIIeCJ}STIpRDJ@OS%gkH`i5&-inD<_CN44T2AuPwaV?g3g>;jJAJ92 z?z&|^c6wd2I^R02{FhBqbb87G+1J94_1_vl%4f;;PR=cfGm)4m@!U3h*N3yy5)Up_&(t&(zG$D~Fa3JI{Mw~bYBK`gUN;hX z8Mk-cAJdOdl&-l;l z7yKfBj6XbEn{Rt2Lt$dzd@T!$lk3^`T{jWEqPn5&C%5v{W3^{%zGffF)A?FZx^L5Z z(T(Ra=kZ>!F;U%l`AwKwf#)s5S&vQQgc^W%8@b^htA;-&>uF?;7LOn6*Y92vGT zCuaVcYppYSiY^t;`jD~v#P3@Hfqm`uA3lG}-1g(S){WR~?VMFJE!XKkDu1&+@k9Bs zpy9_)GS|{ooT21WBSqqDL?9qKAvcv7JRliYI#>pb^U7NibJ1k4{wVue70}d zK68F|-KT+9e(ahdvGI4;q!ums{63cD z`^rT2n=BFvj1$8>Z+%MJ7$qex&TrlEAgAYX*B5(kmy-VsoSudcro4{Jet2k-2e-_m zJ6vCC-HKBmym2ewy1urxY^kQ4SYh^|S+CAX{d?|j9&GwR=V+h3)frEd6Wc8w&(qrb zYz6OYl`c=US^q*_g-&O_w`Zl-r}VY$UA-o;ZJ*c^H|{tewMk`LnYPG-M;p}lcHQ(b znDc1v0_(qP*X7M=RY{PVYMWE)=I))Tv%&4i^0=wx4&giZOU6H1rB<=TL2-)c+Wj0+ zmD5*m-F-b&w5&Mkl~zTi=Qj)a9~#?_MAtLco&5E5&!j2UyW@*lkaGw|w8fAgO~_R_jzv!3=8Js?}-6ne$_(9=&vMNk;VTMee_k zAD7jdw~}ka8STj-$2)yK&Hce_T6Znto!eK-M|z>1hq!(St~ywJ)(2hr%CA-t(L#tZQHYyZ{e&(^?An`+OGINkJrxTEi_cU@%2B0 z)cK4E_j5(I*>5ycZ-i}iKXYC@vea%{|F;)m=l}T3{;+iNw-Zv6L~4D%Z5RFIJ8R?Q zOo?^vhd&<63oktJI^1SAr)XU;d(ZkicYjR(c>Q1<&yT5vYhO*;()6|b#PJoT-oAfV z|KoWzNyJVeBibf)SNK`^ZSviz{YUjvd3L15t}?!~$KHSI-s(#Ae-{h4q)hOS`fBt> zRcp#ui>yalYPaouYs^1BfB5&LQ06`B_S+?k_VOS4&mfbtZjsoA*V8^f;Srr6^{2T# z;-lzf@hw-E98ZwA?)uPuYD-?)$Qoyi~b z7AG(03{Jh$Tz2jCS@(~^-!klPzO7%bV6UJoxAmj=0sXG|;-+`AePkZfG z#3$Gu_gejMZ`5PgecINW`exW|{kHbm%n#p>{fg|0SJ}K?;%KG+k^Gyf+_L_zEk={4 za%oFN_C{$>TX!t@^vWxB?|Sb1?OCsOz4Tb6(Ls+Vf3x38dn}F)4O;v(>SyvdiyyVM z550GWeYnwH&P#7@J^J*NTL)X@4aRuGnc=Nj?>xS~447(VxU6#iTm6+b zvzB!)cmB_y^L@YUj`cJCsZ}(e*gy6CI|h|j$^5W&-@mQ>yZjIL!}_job+UV}Jz#&+ z8rsqz@hd*q_JC{yTo_-tu*ScrGly`qgai=AGT! z3cTyTu71nEB|7sTTlLx*(Xp0uXK!N)vvKyl)UTzlk-My>`SDxNt?y+jCWn0X=H6Sd zXyOab6@O|MA1z;SOeM)?0|&#eF!T1W*|~Wyqc{&sZjD@;BX_$u^H1Kdx_-lm6JdZaVLl@0Wd!Cin0={;S*i_&)>l)@Xa4y2D2II1TK;`5*3x6`g@t}$7f>)&-KWb%>q!KdwHUj}Dd znY}!JUOCTVmA&v=Q`w?Zy4wC>$vUT`<)&VIsl_&1B+E)+?SA%5vFp3OxIGehX!&fv z?(Dj|Tk0meabEPCZ&VZeL;tbAxZ~=G7g8hhFkv`-YkF6{Umkz;R3U&XNGZwkK}JiKRmYRz2=2QEZakUl4pI|Z*6>i7E1x`zdR+5S2gdyuPr^7XA&@4uP<*w2%>(s@C=mcc12m)rjPnf5#X z3H>eeBmQ92wE1cih1nn2FyL+q@%UZJ?ov!spkQc5Rdi z)VTC)S@ES)bG3JVv7ev4zUjWm9>bY>L9di7SQ}+7m%Nv%iTe=p$h-RXl8XKluZ}B= z{uTY>`gh)chID)B%wYFN_gkY<<}2Ez6lf&WZT;lmZ~tJ1{O0?;HMQAGGNyfsh`w*} zyZPOus=(=K_iyQbc9ndTt)r8F;m`RG>3>Apzpeiuq`SvnsI($Uf@^<9k_g`nmg~F! zsQqVXdR=#+j;l4{qwSZdOLJH4PMQ~$yFM)0xgb@D$dAI(^&*lDgEbF@cB z`1-7$iy!6x5nBByzeO&Y>##v*hm!Jjmg_YiZq`QZxYD$-#khLE@vHj`^#>1BsckHj z?eG038O0I1zuJb+(ecjX((2QC)QtF#?EYM ztNme_y+BRqhr>U&RV}^ZY9%qFKi=zwjpFaXKk*-)-a2Wvx#*MI&3Ln*%0Jm>|1*SS zTs~5KC`x&q7q+RU0>UT)i5H%V9ly>k6g@TV zx69F@yLCydb(IzD|G3kCN7Yz=IQ+xh@1sE9(Z^aZE;b)LVROZv&;G$uA+xP!OCMW2 zwaLioar zZ%*GH{G2I~KSkc>`t$z`Z_@uWu$KItzDIn)-HPl-Jlpf8Z&KDha?+JK4`S@7XLGE_z;cp~=!WFHCbi?W}9`nvedv zDU{63z}3E-X`jj81%LE2ALPrsK76vn>BF>%qI zMGpSI>=sMUWA~rB`jh%UF71!sL#BW0+W+tPm2SsurXyV2!&pAYsp`yH>-DEIa?`7` z-dsDk+wMPTFKJ`_VcWlFFJ?S3cHSanj+EW)^Zkw*Nt~x93{OU8R+k3CZx=Hj;H@#Hh z?6UXzm+gHA<06xb(mdKcc{v)#5+gm2&9_wrEygZ{k5vf7vT*#Bo> zP5$A(>XqONt8Hx`@9gGd{=ir9KGvitM`iJQ^J1%;eU{#LypAtC`rGD5->++?zpaip z{z+#E^>zQ2_c3o~df_V9Vg|!y9(PZ3UA$DEAK!SrJn+V=S*IdTDt(>hz*cYdLj2pp zAI|IVxISFVe`MSD>*DhjQYLU5v|BPy`$C)h^iNy1rq9$lZQQf&>cl7aR_Ik9PTrPnLFK6>VR|KK*C#?0x%~i|y(y&ld*Pv(8`NBb%79 zUiRslZ|8bMr!<|h=lUh@_e1`Xe`m1cNAAb@-M;4(&(7;yu&_^K!jp!Ggw55Dw&vKe z@7=qJzdg+UhCu$=i~HlPs{8yI=DdBh@!tX8>P=P;=kLhWm@k)IC$;0llBRmTmy_Z+ zCCpyW_%`QP!lhI5^sXvewO*UbJL4SFksV6=j_vt7YoExESubMaUq-cVSya2pWRv{; zIb~mDvpauGe)ylExt>=)<-^-$opKwiizIV$6X(v0h+sa<%JTJHZT75Xo>787`gTP= zlgqoa{Is3+*1f&CM~|-dd9}Ok*@N{}pZjGi;zK{WEQ{9QXK!E^?D`e;`CHD9wd*p^ ze+++QeKS+4WMR^Vi;IfX6ec&gS$({;E~|(4;;i)#Z(F}Nh@Nr7cTSGdzAOC??Uw3I z`aY|@eVNfIhH2In+#0_o9uPfHasNSD_mt6qF?&oy1CTq4u-c!kA^idk2lW*$54 zfAz!Hguinx+q7MG-97F48?k8@-HW<7Bi%UHB}ZOawrO6h)ptLkJnQ(Z^iS*F#pdN| z2m2}?HA}OeTDu`W_h)3?)}qIUC%k@BYO!UL(ET~BKU3tkURixNRwnMCdRm3q?uWT` zXK#hFX;<-%` zdhd2iTaa?3-KWpDwuk$6*-EKz`YC63I?n!)bg#Gn$CNYEc{Ww(`5b@6`fB}``@c7H*I|tG|MJyLYA-0`PQws*K^-Lx+XLAQP6>@ zFT1|2=dYN5@IQmVy9GNwvTg}@^>IaZ_7aIC_q`RT&nMO{(<$Oz&?ixKZQX3q2N#w1 zZ_!EFRMX!7d+UC~{!KydyRv@SEv!$wK0PsIs&L+ye~PcNPuLWGxO6_Wsp9Qg!&0f~ zDt$7=M@!=bf814$T)Os+>l2xT`TOjT?OM&7eQ3Wx$;u@cE^x14(^FLDS+;pn(2es` zFQ*^07p@WdC$WFlFYeqGZ_1VWcV+i&*tK!b{q(Ye<9*q$@_X&r=6QEM+H;wya!DV1 z^1XfWKjwb;&k+8>ZH-7%Qt^x>%pX@RHm^30IO!{s-u3p;g{>2rpQtn|TruNinUrA2 zWj*Ufsjt@U<8{)yBCEfhEThl3j|-oB5L$~`exa_YwIJwdUzYj=rnPo8`F+LlgT5gYkOzWxX9>2CjM zH`7}CnA?N)_x)ABiv6#AIWP61^O3Aw{oOc)&q;v?>K^=(`kD0DcbfiP<#eXq=Ns+C zmwm8X@r!S-My=V~L#Nt*RQ^7+_Si?GoiD{Pr0ugI~X{&&$50dTq+3gXg?H?b|wCcgD}2n|Lg#C3`%{2$3})tkRMYnIQl=e|2{IQ(2}E45|I@AbSDiyoia zHzD)-8cY5|p5aN0m7Yy5Dvg*_UB)<_HRL~oz?apxrni5I7m7GroSwn@O0P^`QfUKE z)$*27wM|!)&sd&1G1s8F>*bc{)!w^rsBhja7~A@4uWEdKRoj~2j3Xc9`)hu4ce}T_ zTs1klZ3|ERHTOH=o~zc)e-zKZZSzu=w9vnQH-C*kv;uSo)0@X}&Btb`Zl6%V`bpvU z;VWT$^Viw8Z!IpAX8io0VTs#c75|S5xl{yx&bOT{Kjka?57)r!HMYr5-AnUVniaPD zd|!JuQ1{)k$&nYH9SQ2$Qt{Mwm8_k#_SAaIDcg*aZC?eLM1AmEo4zJv@{j1iJ-iCf zZr=F*Wkv4SnKjB~y3aZmw?C=s`MSn7*lD)cu76iA=J6!R9xXiaZ2N-Evmfd8UH_o= zd$+1w5#N%~8%tCA+K)<=&3-(eci+Zkn@%ce=*_*hGoCO0{L4@4NI|Tr517`2%C{;bM== zB{5foKKrJ1M>NjQIL7tK<9(Ez&_~&M-6fmv++2EuXSYw#x{7~OSLQytYaO;l{?@N7 zn?|=dJ3s5IX&1Mgj6QcURz}X@o$ZQ3MddPG^#iwl>#ben{LQ;z&jJhCOupvoWW`BO zgsf`zwQYF&&Q#W{=5%I9X2p(G zS%*UT%+5!AJi5ncQE~Ys<7e)l6MkR)VRAM+wnuudT1BveO_v{US(Mx62h|pG+`ngp zIm}m9w_IKD8R z<8{J4|8~`xYXu8hH_v*LQ|I1$+;Xl5T&qe+-sE1uz+UNblOQ%c9%=W16sq+QTN_MB-ZgRhF z!uK$9)$3i^{Xbl53JWuPShw#!cd1@Z>+Swy_VO9;l0LTer>}Hb$L-N!-1tsgcm0w! zeT{Q6@BXQt4U>8|KiTg03GURL+?OWFlv?*ne_Q;cu;Tr)tZ(9B3vV+hTCi=E%ifzP z_xM27lI>=EMjtkRQQxNBbn&Zy>#oIHqL#M{M$B2Ws-W1fmMPZk%e_Cg9~Y~CoSn&M z_(o%c$;9<*DwsY;yYHA`yIYO16-L~Mp(%%pMRrk02=zhG`NI8A& z&3yguOH$9(OLe`Ey!6%bR;J!0HkG`9J;EUq9;+w!r(8>(QEAPz;$Yan(t7`0*B+N1 z@Kj=-@;*HO%f`Z*)GetweXFXjrQV&lIN5R%dn)%8t}xS!%x9{qUI^`dxODpExEM3p>DzHtt zsNsIyj`mA>U$QSJuDNZJzdx-u+tTIb;z(Ob*`;Uqou3x-t7|9gDdv-}EY_vHyY<<1 zU&YOTPX8G+O&8|ZPdPQoPg||;=&GGJUJ9MK`0ki{eb$BOP9@gs>$9GIi47~uSBz)4 z_NCaEvD5M7OPA1&w0Es5mdp&xpCQ0o8YX6C#~6# zwe8hf$*{DfpK?>Wyq=Vc8<{!DX|Wv$65Tv8_=I44Om(Pdgy!wtA6KSzX1E#)&zbYP zuGFjI=1KJrt0(E%ckd0G$ZjA1ak*?udd$jB&)btD#f3F_CY7#@^($l&sI9&x^7*K; zq@>3i->jZf;l&4--RBrxbG;bgaVOh7c#@j+Vp(^!P5Lo&rvC8_alLSUub`XvmK_$) z)pqt)hc%hs7CqEzW15$>U9jQe?4su~^SwUb&3mi9H=~7TRqyAp4_?QN%3O1^RCSJ= zS-a=smg}agqqn&BI0*J_U0n5WUF=j2#=0P@u&`y9D_!irSFBAc47oXH-(Jh@ZXE8m zucz$YX{4#+R($2!{m%S}(kISkPrsrTyQXYTW7Lv9&KdI*vuC>Tv`ex#M|PZ+R8O>< zn)K`8(wS3sDuf!Fou47tb;(*HcCz%_)kjyGTO1VSJ+t8~=ih6Fzoh2B{VaNC(*Rz=weuBly%lyw? z2sr8U{*O3AAA@j30Q|0JT07gtMtaImzy`sAPFww)V-1%o(W@K#+vxZ_>i(|K`L zxyP4fw{3j$P%7h_td=J0qMt22pC{hA_I5&&k#Fja&s+=s@f1gGYhkgpJh_hV`9|N2 z_-%LG%AQp9A6x4buA;s)c&pATuX*-=OVjkNLexxk+?S@@?OhbJU3&B9vX$2vy{<+l zg?daZaEN)xB1g$31Lk7~U=Cf3_LPlJKE(PQbxG$B6+g^-tX1hQ5MEpL7q z78Yk=n{8HdV3LyK@zo`3wUgG$8UMN#wDb7{!%J(TeO7U>n{o#`yM{kKv|**vT`9xl ziMK`P%U-uQ>nnSx;~alfrir*~XS(Er<{LpOxBD*kpIR|fnsM_~Z?z8s~v zY)$MWLnYbXHrdSFGhKcUXLa35zZLl_>XU^T8xPpN;0tzQ zKlCZ9Q0?HHtEOylqS4p->S}32vwg07hzu%Y7HmiG&mtUJz zB{FrQ@wtu4jMrttT)s!ObZRerB4->WJrV*I&G44Yt9_a2lD6EMkqO$y*u%B*;eO`3l+CVc<08krgL@|*k5sN{85m#BupoqwiI>I`qx%O84hiyjVUNGjkwUKr#SUdNur5Rv<2vi5Gfsd?7r z+qx%D4m_@QrlWtksq&elTyIa>p5>UP7-yF}zc}#E%)G+BuUbbn`>Qu7l&zS@Xn14} zPjVN#Xo_X1*E^a1m`f6OdNlvA>TdDO+82|%`_}TXDT_@CKGkMOaxGf^;ge?Q_S%Py zZ-XRehS#*S&EjNuT0D#OO4i(+q4K>79SMJqOv-#Hz4Aq7nC+ftO&(1`9Ly6k4CWM7 zhwPqGu=+w##_fYi#(uvzmMJl-#?1M8)W|QG`$}QB1W)b(QI?4h1Vgr|F6zF$o5^|N z`K*=2Dj(JLA?+5d>rL){r%L;z}y=M7f*76muT23i0CuFlj9Lx$9OYc~4beo!7gzdR3 z_fvgt-qkZdYi!r4ZqhanzA)+A)jhup1(kQKd;jK52Tve_Na4|-y&E?P&dj^cFlU~2 zhV`6JO*Y;~>m;VBPJc5=@2kAV(ZcCby5A=x?Dc))CXuxFd;EqEcaQLGjM_2xKSKu} z|Iz}h?d_s0O&%SR4<2pVuGt+PW@CM1AM>`8J0lnqFZZu4nDxE!=@nIjC;HQ@9dA#V( zs(;^%9AZ9Mg|B?QPxgxLLVXt1Pk)|-+n1*sZRmO=+f|{QAN4A@+cMQvrSjVH#VGdo1N`7&C{d0M5piv*OSG&S^hJux#ReXw1MhikVv++Nx+$r&L)>;<9lX7pK_kH=X+P+}-X3(fKQ-%H!y%`24=-CRujSg>Z@cY-NmE&&{3)ySwK1_`+=-hk_}q*<)}6S~ zIsG(;IP;~|o=a2m8J_U@SzXI}HZe_g-%NRy2MG@fqs^?Mmo&~^o}|UdKV9#kSm9;S z#VMbx^K{&m`>T#FJJ%7iX=B}C!)*untQzd4u5Y;!B9naODmO>SO6$#0Vi&hvsJiAW zbE5YWeq7v6())qpwgQ_4 zm9~}ZCHqo64F&WHC$X=smHh2gck<&Om#gb+QXlTL*}Wpfy46DeGK{N&WGB)ak7Tq_m1W*ox^&rfIawaynjPi!G)h|4y~Co_Z-_T?#?UBQ!2yG8Re!&yCSKgV5@Te9J5$i$~1S!>P3>Q?-_yMOci_C1vkFMfg}PObKd`Yis&Ni}vKpWa=%wDVJHP(lg2%#*J7XFp6h_VDi(bHh^`Cm#+i zS@Ol^-R~n|xx$jFEE8{E+qu^{j_=Hp6vl(1ZP(3D7V56OnKH>Jbn4#T(4D(dgLr1j ze#m~f+e5~Z%n9cPoWzXC`a6Crp#O^DPrp_)-sja?ZK7FM^;vBiFa|i#1smpn;zI7oQ9Sv$>3ZFs=sWW&? z_kBf24I8SjYQJRYw`;Zub*`4&l6?Q}3CXqs&d0W|#hw+c3G??`d~M5D%Q`3i5A(Ez z-nkt1h?gl}*BvXfscf>c(bH~DOIyue!($R(EY7-Ic2fCl?6^X+xJ#1S@%=$6RW3U!G3eM$EJZ^hn{J?3O^WUl2Gt`k~LqY z=~UI1bDi4`@Dvz-Z_k?bXVH<5Gb0;V`B$3uifp{iD15>*kHL1Op;_jU*JcmSu-#ko z>sP4T=D_*7yPu1=>z@(v@Rx08The{9;K0cZ$qK*bdrjnR6%*Y0Q{l7E6tPK8;hE|Z z>|4DynOxkmX|>Fs1&{l_O08*2RkEKL{``3Sp$2h(y-O-#?+kVZ`DfkRJjt}3htKng z)Y;2hZXBo-DLDKrDce`MB=GkHhvRWqc&+)fUDV4S_mr#_v#Rp=eTwG^L*ZG^%)HGt z%WP7f+ihLDB$8Pnci#an-y18I-OTp5++z4H;)je3-`B1AOiCpOzAtl_=au7n%gFNI zme<`2-adW4ouz!uyyq!Niv=&8S+O+u!`ak(7D*0qd#=u&89I60<6En|r7PR~7WAK* z6=u9r`-LNy0mFt9=c6ucXis7~%)H)jYaB@=X-gB9p(@b7FJ=S2Cd3{5wrF~_+dYmuZWXp#8hR~nKA$j(+!(rk z*@;inf+v3OSXpx7^a(+J)Z+!;=Akx7q)!fBV?Y!XR9smy;S5`t{&0WTFo*M|W$+}!xQ7c~SQmJG{<1Fl!Sm*)n=b~vXUKP`3SaVa zTYPHEiMJ+ZCv zzt5~no_IDRDs$s%Nr@-lR&TiVHuju>{ohh^lNOJ+v)^oZ$j&s6_wIX+QsOe-OmsILSuM@CT>jj=k6LPV z{Yy-yv&JM=P0E_zn;#_jcVe!hVuwuFxs@vqF1oQ<&zyCgv;VBx=uoScvlHhTN1Xh$ zc+srgIWKMO^YfRzbWK%Aw7RN&`qH_AJAo^*>Z<`q#P_mbTjb)#~;sDmPS^r@c^@NA6kcnyz;RRbN;4X5HpqUv=(s$j>?D zuVdM#Z#uB)^KrJ7+8hUVFh9Fv`KI1#&70$v?96+ku5daX`Tjb@r=dslPu8>*=MKxy z$;}C#{`}=xEsdNfCCd-YE@IPoYAi1$`psgs!L9{AJI-mb+ASyy-12zp^X6-FLYvN9 z>H4GaGoJa*JTGyYhT*yr2V?!R3$^&=Jjh@ z`ci^8Os6l;n(Qp$p4`*5IiF^{yf(G|@C%#x+&ty__NbIiS`9Hjo7JzszbfnekDIgl@oKXV z`#WufGn0ANnV-(zGfn=3Qg+`uxv5%t0eR0|Wy~^zwk{P-j(<=#bLk(o%Ui9Z?>dI1 zcPz=M*Lq-+{75A?_w1C#)1UOOE&0#zVa^}RACq%-&6~Z#B*@FC_;uvOKT5SpPwu_k z)pTm<=4(4YSakU9-hJiWkq229`b`!mztF$2sN(G&+f~`cg-;?p%By6gKJ4$SdNb>I zmx|u)eM$b$vR~-8{1Um(`=23wZ`Q9zMw@&kTFkHiXSf=#S8+SU`@XiGJhqy`}p^cWrg!IzH>G!G*2X z+yd{;`+jJf$M(W zQOCq*J`cI1J8$R1w{qv5E-PPtlf)^dS74j<)l9MFsP(q&%Pk?9o1Z?_%QQ=q_u>0DjbfAHh^g5#=2 z*{4)L3hdbP>FwgQpBoC}R(}*a`s{+xF~##!SS!DEKa4Q>(Q`dWBdNIm+r)$o4)+-suOpN85=KL@n$(+H9@VwUnO9>o8r@BcS8R%3T0napFHc~qRF#7 zensChw-rBN#<}dpraQU+xE|R!FTQpEwa|T!{|sjDUu9od>#+I5l%6@M*{8p9ziwQy zTe)!ethdK~-DY(@OnrSTS=}hpq*u$kcDqW-$FqSuKAdvmj+{T`yJ+IO+-DtYjy&I{ zr5&5+vHTNH>f|feC*3uEu{dele9^nThpnG8zq_(ss_D!Tb9K|zh1H8=UY^@{w9__Q z>5z5BGc_N9j`K&GHXk##}#qBln%DtKc!i ziBa`pUqxE$&PlUqFzubK6=8OM&at!C&n)CSK09l5X?Eer=1MX?JvYS?@FM)(2c47oT38^NYjn#F=bs>7*lO-_@7KY~3a<&`~qN zZmP3W#?svrrs$d1K3lu&)7sfNx#zQ1M0swmShOi~v&)aZ2YprHg&+QjdDz?)7#i;h@&0P0J*EX+T*=p6w2Tyj-pKbpk`g}*)??-<9 z4;k%}w{FZVV}4Z_&;3XC!`Js+|5R^A+;)jwy357&`0DWO{}~Q??NdGdQTkiwbyMq^ zj(z9CwlzO{oHXnFe}<-66KvZRB=%*_SIIT^`3?o?_}g7Onw2>{XxV}d zI=dSaM&dl~R@`?Yz=J`4)wtFGB^{Lj#=Kf&8<%5$5BV_W~7U73C4QuRt@^CK2o8w$IP>$5oDz5gT4-nNA;a_Nr1Ey^Y9=PLc3 zSZDBB>-)4_1ze9U(~g$!7ps%6N&K+(Na4$Uiqpd6U)??C^(&k|`(yv(`z`wRn`?p} zN%w2a(dpPBv3~8T)rl_;&)nw13gzcK&Oo5eGdV&vXwO+Ej{`D4V~ zOLq?}mNoDC;%odUz58ni%gaY6<;zv_SFe1mFFa4}T1xV}t8exc_Z{!qbZS!F$7j3D z->84o516y)RoG+M`U>Ni^~dv@<&6H$(^<54-}dTbv$eYO%#-h2-+S}N_qfg0lS32g z@2#p+{wQOot7zkPx@hGE?{nIk&qU*nO+0z^Yx-0Fx19Np_f{Xxf5hwTHPLDNU9Aey z!;!BIZ)aYPzO(Fj^1b~b`xI;Ve%L-fYZhHS*GOV%>LZuHYx{hDy#CG8tE;x}!;Q}Y zbJiVwwl`^Zv2V^R|L3A=!*&r$pIe}q0> z&v<83OytR@&F6wPmdJ0-ic{RWH9JY>-0si!XZ?;5vuab5xsZP9k-^rLewW;D{b$&u z_~Cn7bKI-XZvCQ*KHOUpzBKDUgXq`$La&uwKe)E6pUE^c(1Uq?)WYAK|Bl@ksL#;# zE#0ka7q)d$z4p{23Hm|)3)WxS-}Im1gTHS*~8yvsb^u+JY9$T3>qq>W$l_$-9WK!jN`d-E^okL1T)=WH7 zP-*&f|CZ%P*LVNZy>Q+0L(b&e)-vyM`lfz;e)zsXh0*iF+DpzqxNY8dr@$v!<@cQIjP!n=Upm!w`7~Wo}F?H(~rlGa|^e= z7rN(JTv8EfRPjyp=#T9W{q6{Bg~OrcDNZZTn{K{yV#lFGHT;O^sviN}Jpj4qYdY8Qpc$+ANc@Drm2-d+Xvi zPv0$mbpPh5=SSPa`re1^)LUPw7fciSo&LysCXVZ)K}KTjMYiL`u~WCV)@j|!Om^G1rR~=}!$W&3w|o>?^w_F;@rBiX zrAm)=`#W|1nblpKC-y^kagF(8pWR|%yVgve`@-+;@rggK--rr7Dlb$M{iAeIR@HCA zX_pRZ*DfgumEqdEqN3`^3w6J1by6-*qg5~2WpVQh{U|^DOJtVq{#Mm?b>;ruzrq)H zo=xvOyu+ljr07M^>ND9lJUc`gjx&UZKhW4*cBya2f%S&nkKEhW9u!_OapK>HK3o1S zvoU@so26*9vANEhF<#|EsjAw=uOS;l7OgqIq(w>XQ^U_9_NUht7jRe}EBte|(r@bT zgc`$ZDuVwRGS{T`J5{Ca^0x1-W4?0kb#0OGy!p08{+vsF>({d@P)&+(sr)X_^Tw!2Mxb5iBfnkO;~ zESXn)H4V$>i}aA)v$2)s%UX>mZox|1D*wf5S@utBb^OBnH+x=Tpp4ArjgRC-w^&=+ zslB|V5vp{ja*Zu-wf`Y+W4;-e7>~JWKaH2F@w)Q${;jfDWB=)fOPZ9MFQkL+aESe5 z)SC3+PEOTS$#pverx?84w_HtYQDK?M*Ao?Yd)znc0#0iR(}G-;O?N_&Q$xORQ04G4Gyv+4dIlmgir_ zo#)*ub=Euixv^GW$t1h8_S^n5G;IC0_mau(AO9J)-uh9w#9q9y7k+fxz? zLMH9~96wvi|48&|`Od0sn^U|VJ^r4<`KDrh&WGo3OCMz}^e`3Ueag6D+Vig8I(c$N ztuHq}e;GVSHLdpRgZ*uC5|{Uh#QkT;cp3KjtO@JHnU2~=E9D#hF#a~Z^(x$KzK9KL z>I!$&W6yC9d*tCBuUVNc_joqE`xkoo-^utb>}^}$vvAu>yyCV!b!?&R?fu2^S^v&f?dyJ| zow@u%48NY?p7m9qjAz~0BNDH9d)lStf!1&O&*L1LzFK%P6-1uI~v?B#_Y_q7Y*ina&LKQp2w*Ze+;hHr^k2O3GdX}<@?0JT={g? z_9aI@Rv+e_ojrRB=au}#_`SZrm3~N;%323qv(e18F_%uMc-rXqaQ@OVJH`JDP33h* z<;5NuWXp3XY@2-g+;6i_AKxEXD=y%D%fd58RjOp=XY-wZ{xcl^=>NE^Tm0MkHk;U$ zQKzLq>!POXS^W9A&izQeOr7Fusg+l2oJ&66+3@qpoRqC~`~Ot^XJ~S-JNr*6`}TgO z>{(p~X$A-NF75d8@@&o2N9TX2o?HIt^xS`vySsHY15_kl_*Tt`$<=Y+Gwrx(oX7r( zpSvIIf2(cV`e5tMONa90%@b;~w|{(pyq+&!DPz_e{k(%$zdvqTw!Y%{KhDb^gCB1F zef!Rfw+akzE863i7Rg!skbbn*>C!#fXy4LVH(i1z&CprgkiE}hhG$0Msj24LUu@$K z)(iaMe59>iQSvs_%UM8Z@@>(u%g3h8n)~)qL>A}MV@F&%9#5RN^^u+0<@NuhD)ef( zJ-1JPYrOuwO5i!|lgS_D`%5bCJ@&ei7c5_`@@(5;KT{R&rmnK|8)kO8*8(=QeLW^G zV;Z^nBj2iD8#eB_;&<}I;f?EO*~!!-eQYsjy7lSFnN*1*?Q^fbnkV~Xvf1`Do%d^* z?krAzk+Is1+c_$D3V+3=(iwZq885Rf+H`!*$aZR@GDl<;KR1t zct5}C*52z!I&+z2Ttz(mJiotb=EhAZTyq_SYQ0!%ev6EnR$5& z6{mR$+k~xK8kt$#d^2$Gn%er*-$A~QZR@oEGYG%h)wcA>8Hu!_0D@8fnp+}{;$ zHjzEu{kYHfHR@4&b%SNSOlEEEzo_5-pJD5NhGui`#C6erVxBw`JcW2y@VgvTmiYR8 z-F5%JOYEfY99EgWt9{Zd`(mcLkI!tITHpUO{dqL|qjlib#oV$N8W=3&uHLE9{&8v_ z|F!EO(Sqd$sfMQwPXt*B@P^5oO;OF9v$eovxqNx?7vV!v$Gd6*Q%rm79i&3Htcv2! zROL0h^JmQsi6HmT=c0{kv+6ni2-nxI&zvXU^*zk&ZGr0=w(yCK2PB_M=I~taIs9?{ zvHuKWCSo7%wXeCq^y`<6$Gc-#LzB;+sS4lqqu%{T{)g_v-(DB5a29_TrnYC-yP#iSE6Gh?@1q4ebOkH{5+Av$j?Ib z(v3eBlfAB{U8^a7GO5tGM2cq2?d9*?Yr<{db7#i@JDQm**h0)zZxC5Ju~mt zCmGw#a%S#x9>0z={q0nDde)qdT>;y7?%D2LKH2+9V!%D;yhmd1d!(MNoqkC3l(tK0 zz?tQ$r_Fahu(SHWdUkv3`kMTO5qD26*th=at-Ghiu5x+aj`RF@Wyv>zyN)^0r{d>c zDP13v-*I0k_sg-rGin02ahLCLZL@B@81U^vI_9GCcLE!XX%Qg03!Devs5>9Ox$ zTNUIgVr)9^!Mt>qvh$_~?!PP#tJA7b%iVAJ=?UBJ7uJ$tWqbR=U22_OuFm3qn(?&f z&ywr$OMYxS^+|fJeoVkeZ@KIC*XDh@HrYe?h?(@k9Njaug%NT(AKpHjzhdjXNj9fz z()+#MFIVfgtJ!>K{kn=Wf1XB>qRubBH}AUk(DKIpyQWJ&e2x*D?7i%j!BdW7_l~Wq zaE`ycF#V$GqtuPNe$W2-DSo5eRJ-j<&Mt^^ujM~0VPo|r^=)+Vi^S}ht&i+^JkwVm zFHN@axOuhBnkj2aoZb%1LO8D zfAx#~t@^{XOG^cARm?l4`1I8Ar#qQ#`Kw-is|`H%;N^VIvrAsfv0RSKj3T8PwYi(%hU3=l#8mHx!VK(v~SCsbi#{IGT*t3iGL2_of zrde^Bq~)!wXv>a0ldk-IF`I4IqAwR_zX-kdcFA__g2jq${9Dt`rffGfU}$?YZcuO|7Q@}IZ1^f%J2Dv zt1sd#w+YTD-O^%XuHF0N(Z2jyCoH39_}xq{IB~dnV%+x+*^lP+KC2R#&gWm(Z69$cYHq#ro}IBh>&t%z$%?qwhfbW&vbn8! z|7qg6TTg1-9~Kuc-*WAY`P&mqC8td7sb{STsWs(q-KP-IecRzi-+Or@{iP)vf23Jn zxmV#ICgkMzgTdaU^x33iYxmuH>gITmZQYA`N>^=cTet2k6nMq>Lfd7Xw%pMN_M)-@ z+nZ}*3r=cla9WqBFHQR6{-fsGr@N7r)@mJj+iF0q?x-Ud|I{wd%9MEqlq zNPg9qziQ{hKdMccC;3ro&1ZM{U!tGn_swlInNzZJR-VqszkKh$T{Al4FqKWts3Iry zv*_N7|1NBjsHr(U&+&a|P5y$r71~GR+}27jn7Cn$mA%^hWhWV@o}IJ%uG<6lk6fNo zEAL7fEWVSbDeCv+vHJS0A(!5p#xuQEkGZrdQIBVpRpE`RYwf-r585>8-T5a5b9|*s z*>A1Cnfa~iigoV$$;@rR_g`s7_RrY5F8W9HBi8nB_qw-PH<^2M88(O3sIQ2am6 zvVWg)Ep2W^-gl2pYl@tHxF|mpS)0BvaB5F4bKHEttIk_|c1sJXG&gClul4tcPF@|s zuX*!8N&GI`*Xp5{-fVqwnpMz8f~{2IZfMGuD_?G_wK!eUn%7V&V!p62b1v`v4%Hoc z3j2E-UM)$v?z*I+>lBAm{9$GxhM2-xpVyl4N`2Ve-I<%FJSTL?Wz!p?dAg+*%UmT{ z`%OA0`FvZ?e>X$?g3V-yiLG%GW(@0=UEH5$ZEI%sF?0WpovD8x-A-w!)js&8UTWP; z@yV;bch0=(wXUFc^@b1E`_?R*5q47F%kw{;f3R-8_~eKEE!#IwKFFEf9OE|mLtEwf6RB;c2Sq%XKE=|z1GU?$I|*DZP!it zJIpuTcKR{NLis?Fww!awEVrlM`@a~>OFe%0tlHTbpT(zfr)^qqlbn=leDj5w7uQ>j zjfH{d7r(rxJ@?(4wfD4ZXZBT3KmIsUTuSu<@3Nb(#6EegzpC=usas{<=lIzHnQ|7% z?L|F0o?WM7t*V#idcAdwIA``%ZSj?_Yuyh%eA6~f@4d=_Uh(-)U83f9Z@D5qPxZpT zld^~YbRAx6pT2NanOozBwf&uICjEMTOz`&9M;1?l53IVjkNKme(0_(>rFggdTBoIX z!m?j2yt}y7G2ZdEsZ5;aN4W{TV)H9L>QyTCX*|84cY69imXCV#cfEV=uO;xX;rXni z`?ode)UNi^aZY&>SopCxc1v;YiWpC$%|#*4MJE1OC7Z4IJ=tcXsLiqoQ@dXNXW*E7 z)Be-Z>B~iKep%}o{MO3$)d{l?<_XWX@JR7KQPZBC5;O7h@~B-l#+iv$rLV-VOuaQj0}3bZklL94QSa1M-?jJKlqQ(-J+=IGbzylqL;c-nHgnqE zhMs-9U)OB5$f|0=E&;bQ^R)Z9Ur+qI*kgZ%8iTz4w(R=DW|}fZ{+0Q%kMzv*Y}Q}f zadT}6_mjeO&5gU_l7j5Q{$%a3THf=8Nh(3bO<7;M;IQqBZOw&m%5Uv&s!@E@!F}uY zZ0=(xU6MapKJU+Zv^Brg>hNak8yh~I|8?S=!}oR55678b+L~#1bkzxEg~W*e3{~57 zOSAt9)n4@78}UiyX+(%=Qqoi5z7O-eYsx>odK<;PebQY&IrHaTU+&5uo6m2jbwu}x z;K7xTTcbF28r={*Im7 z?3Ev1o7yWf@p6spkK&a#Zp~i#_Rbr2J$BK<&PBR2+!gKhS;80pvHEdv^?{8);vbpK z(|fb+XMI-U-{Jodbet|_Jh);*Z!$R-HzTV75`qQHE6H6Nzt97 ztBu#hOGa~apPB8=XB_mSKK#O&pjX1DE_q)J&F*5jnZkBk^1#={XC%J<3fU49 %cs55Cx)m^s65WJW>0(mDeHt#kH+e~y&U({$ypCl3Zsm@ zHZB&=b9j7jW8U2-ch227@1J!|&3B64ImX-PMfs-C)n^AmrW}5q_Io=8q7RuLl-WPeLWM1lN_wvcLb(>cn71}b1@w0t? zTz2>M^-Finonmp)^59yLoFem`t!vMv&)97y^7qa)wzXwR`MUlVe_lt&R*LdupFCF1 z^~{vJ(NfLrse545QJGLF%{%Wn-ih$cbJLo9j3s6Af#+SDRT>Yf7fKv;6EI4VyZh=~ z`A!+5JsaC2WLa$|`8TbC1?R20wT$Y|PnnA{c#?a%Cu z*yKI&v%>AJFY8;TZ(rd*iJhS^E_6}s-uLZq^Jh+Nb~E1a<=gt8AC9GI%D%5$mM^!h zTxa##`RXBSxvL9LU5aX(-Q4GzeQSav^XE0S3Myp}dm5hbalDTzTNAOV`I!B&JvWVS zE&F03c#5}qe{k5E<&%tmZ#%v=pmkIAm(^v**UPTr4c2qj-l%$eZ)8_MgZ#M_NB$OR zrIdWNe{QOCO=q9pBZaB58eOi5hrX`L)Z@QY`?I@3p4NR=E<^14o>xIJ?5}# zgY~D|`?WS~;`91^%yP{y>7y?c6BNOoEOy}k`oudjIRv;Fg>INPc#%T>#bl9^fq53+C1%8V$#usN5R z?aX@r%xx#P*~olfu~uTye1qq*t6clUa$kOT6*H<5a@SOx@c6YqYhhF6*Htfk`pWd> z&&^q9-2B=>SUmCKN}ieW#+O`Jmasl~J}b=4HR)r&1FLlg<1-<%%VwK2U9$pyhug(6 ze$$_Ec*PQvH)aRr6mEb1y1I+GD16>kp5TSfjn_AZt-coxw>s;8KWc%zt>KgBkBwSRbgiHdRZJJPo58a86GN?*jmKzbM;{F zv^hr2YVOZH8Fat56$f&Ms+?4LQ^BBN6Y^n|6Pu^{z4cBmJEl(fY2fB*`|_I7!zr5= zoOhlzO|wbp%=|trmx}JXcYdBPG#NJP6uPC!52 z+*=>a(|qJ2lk;d!ITM@nJdW4@Ojhx6P4<3rEY--Ywyi2;)hf8jV-C+FY&*pq&3t*_){d-d(2!EeeLCO%7G4%;TK(R=LCDn56wwf5&cmDxp8*Q#|! z_UwEgx@RX}dDTas%!rjH)w`~G>b$-4u7t<&vGUT48S(7OuS1`P1{E0|H{n^9`#8YC zHp@~umHo6$*M9`6{q3>K>J>kqka4w+4?C7j1a&%C;&y7rDvYs1&$YfFA@-FvwuLnX}V&bsO_*EfRs z)`8p21FXY(U!;qCwW$8jz`c9*PwjKob*86Z?c=|4(#UPTUiJ0m-b=HD-kDvTPunbTKxL8ccR9$vbJy6<@KDymd+8o)#Ic#rD;wN-=fJ^W~`RH zc0H`{wtIfX?CH`WYVpo8Fg;fVX{4|dOxdK)kodj+;{8~(@6s!J}s#Wuezh> zH7@uu|E<}oWlDY*_-@@6I{2+dn_Yc{?CLXX^4D!SX`J&!z<{@8pZN8pD>E0)dYsc` z`Fw54!{UguvI1L5>$gPv_tZWy`N{JnF*Les)ucYpDQ(Q_zpuYuza^3}HL#VYe!}&zSL&PcLa~}WxvvQg?x(NqT(NHXCFye>XS)2IZ*ALh`^lBuBPZN!SrZ;*b!(lO zRGH((@!C(oW2TnT@_Acs96I5lJfUKxqVer%dghuoTrn%6_yndYwElY3wxwUktnAtH z?HNxcAIN)6yrtXDdt21(LYnEld5vC;%{RIh`5xV~AYJx#o(r4t_Uo5c#2i@g^jQ7U zlt)43`Vn!*lvyUuy`fUJw%R;s$p`oU4C{7kqzTw@C|{U$>$0h83WLS50&TNiWo_y1 z-rb(dS8&+-uMO&Y>+x{s7n6^bQ}6g?YD_=7F!$N5-MqoOraWlP`5mmXn}70sQle$VPetJnpP|$)NGybUUi~sn4j6XCx-M@A7-{!XhIlIFdmK^!2QnpIG z_`pVkgXgnO?wb2F%#+Vi;-u;8MD1M}pI0Y74$P`_f2+9g&X2h%AI%nKNqtM)m#=7X z(q^9ap}M1jQ!o4N51%H#SK<}_-rCZ#ZRKU}STkqigT>I6vHT zSmnsiF6+#Q^9;}mi>{l`iInV^-l}MY~6COvuEDp z?V`U}AKj>v_*2_tx%i5r_m3pD&I_~F{?$KqS|8SdU>F5R**Y9C`b%ai1-wRTL4 zrtuz~$Lf_Q`tJPPf5uze=6_6%yu9VCljMT7e=b6YZnCp$)Yeb9Wohuli|I^!LlmuN7X~mrTsdUVEhHs^&7^ z-L=(Km*ZX-DwH0NT6LWvb;idFa(`bpX+8T~?&PU;s+_TB9&5;~z{$r&zRy?K^yQf4 zpRC1R5k}7?WJ1^Sm0nq0teMkv|LBFVl*zmO?i(@`urH6=Uaa?AW#@6P1@AX(W;>xi z>zdXR^Tep~j6Y`&x2-bYenN2S?2n5+JwGk4!LBZGHaY&jq7J7@RjA5@r6v>Q78YF6 zW=W{u9r1bJqu5=^jqk(MCV6)j3qIgub({9gAu7OKCTw+b?_QssGCv!Q9PH+8WnFY~ z+5yY6+1n=Xo$*G6@6n7|eg_UVzCM0w(XWp6O!hM(EFP3Czhn8NjCtbw;J>{IDsw)E z=Iskhl~mj%wR(ZU*Y1vmcefU|{%l|QY=d5&%XNR%B{6IaZ2#n=UYKe->%ZHU*zsU~ z)~P+0^Yqj*7lbl4+;KRrY|0a^AijC?o9#VK4EO(;F4!LS`ROAcrh>rAqd^-t?3(oO z;z36DQ~s9U)>>OE*;d9awC-`!-iogaE4yc8c1Cbqn6TqO*xRmYm((Yuid!5rytjDP zg*9s~t}ODqW2Yy}asj7S2XCb@l+T4VF z5qAuC@69-#u=>ynb=eGE$IWKfPG_~8e7w?b>egjPrPSXYxA?NmarxUbeT%ooZ0)`L zZhi2zMbExGxTrFDg0#BIx1$bcWH;=QyQ+5mPJF(pirK=01#=!xd>J&gS6bU$?(Knf zb;}l4I82?g@W9GDmFfz7SvtGTjIS@>Yb@5LWq>HHD51UDC3do;OA1 zEAPxY$Fz3GryI||u8lQgFZmhrpJC3Gs?z;4x_BycK1YXzY0Jc=ENSp#(`HvG4fa*G zd#Up2+|vhqTibP%ve$OB%YKY?TgtG#=i?3oi?b=wx5Sf93$ovuZaZ;t@98?(%R)Zx z8%m#deOcdDCmp>uj-yLJ%JrPx)^iog&YwfXdM3HE?cM*7zai%Cy5&~6p$BEcr*^Ne z<@e_FpBnS^Joioa^rh}RSqve}jZwTB>I@I6Ld+f}ZjTUNzScrn}%sLnQT;kpLl$2*tTxno}_I$vn&)3+E1@?H93CwXW^uU4Gg7!UeEi;-x=<=WrD-f z4Yt~GpF$>bI8Lg1a^3vV%C&30+)Ufi-@BYybgjfacblgf^O7I&hJMxlJ};>ty00ok ztg3!Sgs8l^Ul#XGvFd5o3@6XCt&8;jqg8ldecYTNcbU02ZqH_k@X$PG9hM`NwPi`p zt9w(o8_m7JzuPwJ-sGjyD~*!>YR#FXJmuWwEpG%;ShPMzeLH2~q~~S@noml7H~Gyo zo3azK+424#{%+kP9a}uFIAW)AskE}vsT&C!`qunZ-4`QuCA);>c)q}~TFvfkWu{eo z{Y7mKMNN5|yKU#~lm8jMUJrk$&nGUQHOszmR`=mJzFoU!Mg_K>^Hkd1?JND}+K!Hb z9V}I0el=&RGlKeV&MmWJvt?zwrNVxi`E}Q}3v;H#pPT;Xi2hcUBYRF=`@nGI(KeF> zD-L=x6wX@8!+KtJRi(btWnH<*XbX{bT~UjJgRi~avctQ{sz7^IzGO_?InSRV+t+73 zFYOnKy?5%#*@^SmpNFn_w@$^fPQ1^RHzVIyZ~5XM$$^tz6|5-U@+5t4X_D`^OWJ(R zljDjXa$gtcQc7ZY=UZ+VJ2B^WAA8OB6@6>e)`U%OIw0uDa>n}KR;T|Afx*^F^QN4R zbrrVDE;U`+k?xz5xU(VW;pXe6C7$`BGiN>i;cnW!G-iRnsfzquFT0MS%3-*fh_XRh9*e&|1g^zjw$ z-{x{X&`6w=Z2C0x%!WL^OLmW@aSP2qbl!3M#}qlv53+mr?%nkB(n2M_S6cS%@>{m| z*jTPQDztN&y#eo%d6nzRAI+>aaa^`L;V1)(eALMwfy@6h5Sgn>s;*511COs zsBvn2t^3SJx^kW+_MUrUKYE4zow#MMb3kKKuIp*JI}F*6tN$|y^|}YleK<#~{4x8z zeNBJ2l)8KfKRBQFhZg${-7Qlq1?nps*EcWw7`8Wc_1>d%UvjOVV4Ib3>Dg-aXB8C^ zPI>MZ>*PPI@7&7mzjcYqG7E*UrEODJN1Sl!IMAQ$9Z~6L#fytPzXwV^qz) zUnBal{-OAhiYY%g9yI1_@A|ShETAkSbkna(yZe^hW8Sm3@0rQW4(Yb+SNCte%TSwG z$?~%%yz%8frcHYS3m4s6yz*es+PH_mtum{owk_FsS~AtedbZrv+wH6Uaz1Rlq7}SY zFE#n*Oa8kid4b0=cW;-oO5647YES0oCyUmdXZgFi)K~6dPL1iRxGi26%)Z6#Og>sM zy>)*Izxa>JML)XqgC6@%=NA_KobbhB-QjO%ubzE=#8Y`%;kMgZ>+PmGAFvm#@m=*J z|2JE#>#bWXKLzHoX+JEqxifi|-F@BQR*s`G%a25Nuh4H@KD&31X_0uqmYW*SyKa8G zdiCzN6`xk8KRdZD&tK?p&Y_FHn$L^=yr)(3b?*7=MXO?Fcr1!|JC~0)ry{4a{KQg! z^|h()s}9?r-w}4dW$Ev-5LIfxOxccD1obyg=erlSP-@5xM;zxu^Z_nDwsaKB# zd0blYDtpI|g<1!f9M62l`jfTt@QI~7i96nQ?K!y9f6Av%Q!7rz-mK0MIuyT9_EpRD zjkh-{&&x7i;mf-IX86R{fj19)pY&(3&Gq>wOBcS=TrFLubaid#&C|u9`H!aYe@$Nh zpCNAZ*I2LjK8j3#R#mS2GJECMBllLh%Y=Qols`q~%gz_}?8-*oJ9jF4%Hr?Zo@uuF zsf9}3bJL9<7W-J0%~d`9mBX*z>Pb!MBk8hhPx|~K(kFji?=AMT;FQkKTk?C)Jk>j# znya~GgYJ}{vn$W0WbU$`TdcB4_OR{CYqRFuT9F;CUEuF~HQRslRh_2>Ck0b&eJlBF z-df8$ORD&$b2%Kdcr5vaX-S5Paq2nEl+FjaZw#{Zw;XuVw(Ima$<<*|QmZy|A`)d)4nQp z&2N=mJx&}pe{M4E&NP=Y%6ERg`Q*yrz<1}5_usNV!hS@~{_6WMr?6P3aCX~nsbBg3 zI29l0Z~xI8__6eei;CDo<+87KQ$ODC)?0dI>-^1aDqCiz*+=~q`Onal{Uh$X+YgWF zWfv0sHGej|VpzYqC5*rA`(3#>F}ur>i*EdCdiL+pxi_*uV;)@heUK*Awo;l!oyY3B zb?Wl9=g*f_vQNm~^&>x(;mQQJ{Tj-%e#(egzLt0FoWA+6=TF&3?d?Z)MaU{z-;jT_ zKKA0ft8ZJ@ERf;5`gB?ocfUBt{mEP!5--nI`L?W%G_#|ms$bAG@Wq7Wi z{^j1g$MvCeclNau_IHM7t9Hh*&C}+)?OsysHN*VWy!MO#)GusFmb_{sy3$1G>nG>J zn18b$>C4?db@mardql_stM!4eW89nVtY1#QtYfw4rx5dLzNv5SiT>zc8vpVU_m-|_ zcdryN*o4Q%@Ya~r9xdL?-+SnBdRE^tvH6cq+Xkhz-TQiaeW>X|@tF#$lbnCd+F$+Q z`oVun6JE)Q>=m1CTgKco>-3&0e_|hW+MRvGYkscVLRjf}f7P?z2=h#B3 z;mfMa3(tM{y0)wv@hIW zVDFQv@;9@8XJ*Q8&OfLf&vN^R7|)vb%3cRns(iChHs$ZzpIhH+FPr!6g_X?wl(0me zuoDjQ)8mirnf-0%hqv3?zn;$3_79X|QCaozZ0-F23@kr?q(A&?{_x(!)iId@Cyj5< ztU2Bz#Gf2DRr1Q&5Bsit+xfZTRLG}Yb5_RASN+d$==jI9*7X}d+O_J0=W(ge;Bz#6 zcb}i9|6zCj7Tz@<+Z2AydTyV~@n!Y;KCy3Q+cvJ8^mgVp#*-)3Ek7LDcg;eiV8x<+ z{*u}u1^3SUidpq};kjS)wtx6$w*7+2Oc9|fu19}Tm;AVYIG)eOd*#dT%LI#}GCN*{ zFgM1vKFAIfYZel`T0HCNe}*jIjEeFHetSz)ZtuFW=&xU$qkyz=aRmb$RlzEef@j&X~B`&0<~bw^zP<6dI!@x4zm?Ue`*W6b?OLhkPU0U!JJ zJ__#<%*}1d_n9O0sy?f>QqQE;>-8Dy+XlYAu1$A7 zP@np~EzD|pw<)Kv|J`Tj7S7;%@;TnU?%Lbz1vQ2rp0{lIrui&RpJ85?QMU9q?u%>I z?crbfV_tTMzV4%zw740|>Tbzc6pi@f{$r}?#d@As%Y5h8h^=wkHR&o@&wuY!nV-XDv_@xRV6JZOW~q-0rMD+vGueMj{88+h z{|t%yFHI}5C^$Lm<(K~qy|+rAKCw#M`Ov#8yYc)x2c@0!C2H(G&Oh`vKj`XHrANGS zJ~5kl+9cP-ACfbw@37OKALw1`k-)Gb@UrE~Bd)>Sv4PWsvUdAs^(SA=`zII|xo1~@ zYp|-n_A%`v?@IT#nBP;)DBWGL_Kot68<9T_oLqN1zB1)VNny&?Sy%J5_F0_OoMc}9Ehg)4ZvPhg@!srjXN8Xm95vR^?sRyz z;L84ly0AWL7`laSF`iy9*>$#$A|3~v1_k=#| zZ!fI49(r++!P%yT!4vq4W3FzfNO^Bk5_G0;+NSirKLS^ium3YVxjw7Xy)w$psPy&G z+Jz70yQ=u+FFKyBd+N{X*Kxuhj32CT{Sz+!MpxCE{P^Ino`P6r%`L?OyjM45A4vK;(@yqJ z=!b7JAN8h1mt9fY_Lr5uk~Bl@$c?0+N*wFizO>m!lyrd!gJm9!}`bhZCmRFZ@Hx0x_n+jQsPx+LWV}7wNdm_=<*|H)g8T6s+VT= zv@T)!ef`q?E$ltQhvu{G30<@2C|Aa%Rfe`V1mh=v{uA+0_v)YW+_G}^1HaPt%~oD| z?iNqUoZKgMJvGIbwp71W_PT0vQu*w)xiU-rtR`eXmhUl+Q14x`Wv9S0;nN%;HOFV& z-1>KcP5kN?+X`Y|85wMA(Rydg@HQ^_k#AhS#E)mOQ9n{Aze~TiH@$VPrQLB^tyBI% z?itKHCwsCIEb_DWR?FOz|8Tr-d(3Tzg|~NgJzrlZ;k!I`i?8vb=TE<^TNzfi<=S$q z)_-D^=Qcj@&5zH_58bmp@uK^wsz*Czg%8PTemJ*&+r5XELMIy?s(aj@^-J!u^WIA) z&zKbTE>3VbS9RU+k;Yf<8&Ti=E>Az#^XI_vD_kY34!&@i>QcBZPHX2h%`Mpvb$rfF z;qkjr`SNA7ocNWkQ@2lC7k{SVL%Y3^ROz&}%d(11x9wi6A~EBzPVa+{x~ zw{dszhA(Sll)k!cm~-jMsydAtj}LeMbY|+$S@36~$6nVGtN5d@_lq2vc2DiYmI($5 z#;#M-M6(ZX+Z^}uY;``1xuF7scN&o+bQ) z>0B|}^lFpnb8o!Q@s{qgJ>0-jHECBFa;xAnWywrJ|L=dD@Z$>MCfkoS6rPGZE9 zPSFjPfnASg?b>)<(sk|mvJ3B&eoM8fx=SWiU5|ZuH|=!QZP$XG%+mc?Kii%^vhT@R zb9Vl%t19YGq<3*0-Sgw9o zrMK67ce9@_`r=mnTYuf_?U#M8F7A7{VCQG0$m<2{+oOKiKUn@&)4nICajKZPOkTd% zS6Tf>$J^Jv^)&8S8pL@2Sa#Qv?8`TsyY1RO>L0(Gf8@Gx4EJNHlb?PT)~wj?U?F;Z zdw=?r(>&Kx9_~w=xAobiAD@I6%^4UR*=?lSYOADgZ#JpwTK36+xpbZ6sm(t+yC&WE z;{5pgWf^al%Ad!X_g3p4;O{e^Zl|ze(l57orNE6>H!yvV`q}Qef8PE0HtA00w%==i zUiV#6ajBmBmC7wQm#mu;6u!R>Z(pnB_uV9T*OvZ$e;gmxbJ}+-`!Shq-P>;-Nu5H9 z7dAebcyCR`{zq)h59AsBD{P`JJC-t<8Rha_JUOTF%dhK4=ZXGZ@KspkTXWzvi>K0& zGc zEdMcChg0^1$Ke^%^R*1*Z_Ekr&Az9+=VR!EUDs7+y?V;WGs!TGq2#3Ly&tE3{SKYy zU446-T8hHM)u-Qn^|Ucxe=2XM`_EX3vh#s4Ca*r9-BvXvF(Z28*{p4OzhBGQ-f3)m<&Ouc_N`}qV_5erg!gjSW1GlK(Q8ZeAI5Zsv&@gn-qo{} zYhqC6)a9=aoeBtPXZdsC^a;~TH`ev9KXUEWqHAT{Z0Zs$@?HKG)XkF1E5g@mXY@z`R3?tS6qT`TFQQ`{8ZgnQtRidpna~_dMDe z-&QX#{qTC{t=plqA|7|e-#xX)+3mnr_RD=!-`p1}<(?}a^gB9oVb8Xk%C&;ef3vR~KKF66GcLX1;>1)$*gY}8;?t_PyBK8!_F_&7Ju9qx%jA0e%lp;D@N-cRdlkMLoO9b2a?UdSS9`|9hz z*|JOCtSI7q9jK(cJC9j%b=H$*RpkwKs{Mi)pDMf~%Q7EJFP?Zl{@hwOv0L?8&y+4s zJh5K4_xZ+&`CEQ^ov`kDyT|^qhH13R_WeKe7#?=Mj@WTK=}pI<{15+*hi%J^c8=Z7 zRhMzRFvh5Td-|5WJ<6KO&)&z)D`jYYnm5;DjlFP1zUQ^KXU`bEnObT0HRQ?VD<&3! zS`KGA1!i4y>`byhJnzx&`z`fSruyx_me@&sG+FlAt5W1vthuiEZw{xd!CriLd5PZ_J^OtmPHg6u-eRW{aZ4vF^ao^YotahUw!NuN>e|8dTV|B?6c?YqS_8`;}_b?MAIC|f3}^8HrIbN}lJ+1X1TdE6{K z>sLD0+kJcFrKhSb%_n0X?f$F%XnI4PR&;%8P2`6o0kMyhvIO)l&kyce{3yS*JWgVB z@q#^7)23_Hy{q__yYo#gZ~Cdz&oX69>QuJxR+(!go@w>4aMu2X{)_L3cYXI&F#K7z zH}$oh@N{3dom(>v8uG0D7}u;&*|)vuKSS=l9S`)^YG(+}J@0c#^~2r`xBoM6Y`Q0K zyG#CgROh-Eoz@34KYWXrVxd^xvdFLwR0KIQVG->J*n-u5)S`_JGhc}{aydH4QIec`)*XCLBBO=q+>+4k+# zLU+Hd3udKm+{QX3*8N${WsidWQFk_fFv22vReQoX|&Jyn_ zMp?y`OOL;MY`1mo1NoN4M}M!+HF5cECHUOqFk_bV&TN;;>76z8AEl2?Z}KdS6cRiX z?O@h_fa|rLR1MFM#gDwpujT9InY>P5G#57#WvS}9zAh@NM(sz@F>ijp+xPArS6(C#?wvKh%Xz)SKE_NqtTHclUU$llwC@T*F4i*dRu(3IxE_*GVlQmBxSCU9 z$Ao;wy=)b0POlfQ3Hn%bW8o{8ywvQJ@UgFW z{i^uVnu^mgKPs1*|53ijbM?~u(@C55S)9wbaDL{z`ehZt@%tw(+&p)2!tOcm9`GMq zZ{D!gH86Ws#k89)b45-WW$D%*6#nr{UHN$Lk~arJd%v}bo_Qs|Ic=|seb%lY>-V3Q z>^J^&Xkp}LkL}4>zYmw+6TP!?aqR}VFjwnF`Ka^#q0>q;o?X6lx$v07iZA?JKjt6E zORDeq6nEtHe+IcTzZ-sqY_F5q_t8<@s&K*vo6Ar2%w0>ee}|QMoLNz2VY1=J`REHz zjGQaV3THg^+L-wuUhej}jn2zYxyNjpBlYsjikisuoLzOhA4;otm*1PokYu-2Pg873 zYUVw&=IHGe*DmNZPkxbQkuUV>ZOKpN!`21v&QVg=+e|DZ*Xz7}++tm{VZT@DyygY* zwVTWwdJ(Tgi+B|2|mEBIxV(^z)5ZHGz+L&5wTQ-hEfkv}n(1rpNQDu8S6$ zh>5$3bPCMdx;VFvi%X8H&%T(T(qW;dor%EoaPPAE(uQ18m z^JMSKU1yhtJ($Woq4?USQqFjfz`~q2j+RB5Cg^+tD=+pxza|*K4F1>#G>GYG}z%td{ zn-^a!-SK6v%Q@vU#fo8a|F-U2{3<73^kbi!^sOBou?-5I6D*%?+p^aylELtEPsxfY zZj;ihE-$eBY-F3|Yn{B>+IwEbx-8l194E-cnNpsG=d<>;+bmg|JmX6K+{nj8wY|mPjfCFsW>=P} zGu^!IM5nb}_dMIzOa<$Xx!Uc0dF0`2X|4@DtA*T*|GX&J(^KH)r@3))n^v^C$SUbG zUmr`XGF18G#QUnqi@FE>3MW$yF-@QH8M zYWbVo`VQ=PRhyl4WZR)5eK(I5n+bWdIM^&az`V3%SJ19oZ;LDsiay&i+4hvxk&B*8 z8k#57mqxS*y*X9&ZPf;b)racmWnJAKw>R5bT36C0>&ZKY$9ugNHa?mysMW%JeXVtx zxb^Oj0T&mQ$<0i1U+OENyz);L>#22b{$`~Xylnh&WlKiqW0iE>Ys(vtd7di_eOU3k zp<<=dY)O$dy^}BOn6$EvP4nEgqs`iLp3hqTtZ+g`Wc2Tw&%3($XKeCna>(hs@+5!C zgU6yG>?iOC^X-m?}5M@?8f=ThF&gmRf(Jh{Yn zYIoV?EeD=@{Q75V(HT;BtUA$0PE?nCIcw9TMNJIn_bNt|s5VWX+3~z5bcR@^$fAT++v94htWjeWL~@qzc=qCH;aG8@lFZ4~BipQf}|^V-MO z^EO>BJ?s51Eo(LK^JR$Ws&E$P$Yixno^Q#w_` zryTp#P<44~__H83{z4xEXK69*<6ad?rni(&BsaPpE9#i&x?xp z4!5`}&S&4S>T`@cOLfON+sv6?loAALmdk`&ue;^+o#zCj%IBz0F|l!z6az%c?WWEy zk7pdwn9$N7_ruJBSW{!$^RTy7YzHlZAKsaksmj82HRf!o zO?SlBjU4Gr8Hc_o6yDpp`sJHhPRpJ?@%t0LHtUv5ld(V}*YjoCv-f|vHe30pZ^p*S z^JnmBU0Jgx)wHDY-GW~#?~=C6+5CX@)b~Y)F1WRr_Hd!Bz`RGsRF_zBM%{xYS;W{ z7bx^ix#GsqEOEfLHrp>XnbYablAM^0niG#lg|@U>pSOH)^-EWHSeT7W$ub)ywIu(? zL35A3c@w_9`<$~xUe>$$S`G*0?99`Z_d4<@9xOTWbK}vdt=m#h+B{$QWy#F~w=EfJ zEobCq3Pb<=)P4Hfb@kiQ7qywXiz{Yqu{>tUa^~!`S3i= zTBkd%RX3)xX57gVG*MVQ_ukf{?%kO#6L<0+$hshYZcb(El&e4H1+s|FL$|!Z6>b3c~ zGE4b#C;c_zzuoCF7ONOblxEf%BQ>5bpBzE0b0H+hBr%%qgo^Jm;Y{JzF^YFXR8 z=Et`Dk-cl9oOv%5oVX(#-PPA+@Kd(8Sn7Jqm-j-q>a$)<(lPh4FIOr&zc=W^`<@#2 zrFZuAKeDcUDxGy^aaYWCR_(dDPxnktKfOcaK+TS?E8gloy?1fX;))0TQA_?QZJug# zbx!HejjnGBPxIf-c`7~q*$LasqKt4WQ{{;r%H^`31I{tGv9n*kx4C3*rbh3xwYp~XD#&MX&Rl+z^`*I68vZml75gge(uujx?&K-cXSvE;T<|#G zrz4NIuMOX`w=;BtnO|*HnAyUWUP&qL>hl=aCcH`27K+a{TykHVA$n^<*027P3O1Wp z%AcEAx{B$x%I(Hu)z?z5zW#Hx!7@*KSt~)m$J}!AM zr)>R&`kUs*qSD{){jC`Lga7DsZq>W3^A35Q&f_YZJpa@_sgF)kuguOe_pFpKE&i7E zcgdgB-*SK4|K0lV+UAzZDc7$Po)@Ukv%Y@e!AHHBkCHyTDomgM$N9oLJCT}zy&sH^ zKm9xH;Z^r_64&-kUEy5HK4Vgm8^3+j;@_cv5 z_;ua%VQuE5!mLXP^}I!oex|Ektnlg++-yC6s|&MXox{t}rF#z5yy39bwz+38;h4%v z<)!9t^Gy;GYTEX^iND%vW9Ck~?@F8B<#(LBJm>3CuX0OE28}17`I}d3DwJA^ zJnDFMp>dtL+}EgLW!{;}>JmpYYNu4zS4;e@x*{B9W^>H;S98?TWVJKdv&$xKQ#{DL zbCq~h$>rqJ9g}QVFN)3(?Npf4Kij_7Ys0F8JCzST-k+5j(>-U4mCwVS4hB|&LEJ0> zKK;ipZPQO#9A$g>Oqe z)~V`0IdUX{sqnp1*GAr%#fN29oLE(4^*dB@jpX#QcZ`pAg7TT!iDd>Px9rp+KPEa zxyyC(yj&camsMX0_ZBGJ+E92U?CPJaNd~w3iPC8*P+cExyql5?<-qa zvTgfvwTa26L5Sld(?-RjRqI|I(2w1k@3U{#(})%Y;rr{dq&F61%G$1Z^E{=3d(O3W za}p<+WwJlAz9!etGg)Bu_r2Q7wr=|Lw&7;q(O zROZt9v(0lpXzV@sCU{Otf#F-9QzzwTZb-inI$ybfhh6f(if_kuPf?VqpA+nHq{%Iy zWmnI7i8ZIc-QmtTzBcpDjN2NE=M?#8ott0NaoA?wqE#AaXNG;4zEkG_kKEm#>n1yI ziFjXBB<-Ygim#syCDAWZ@)Fi7#s|ZCtbN=GKL`G*Yx~9{M;x>gARz@7`F%9ooDl zIwHyEt>uA#TlX)&{WJTr;%=#9>Ao7Xq-w&c>9 zy30x~BJb4MyUqnaZ8lx*KPx@?!}PJ?2^=V0ztBd1QLoY2B*DiFDP522xGHQ* zezWeFclnt@&9S|1_jp%+ulTlJXvxkcH(y;^wv9XE<_Ru)t1a8s6-AURfB9k6F>kJ| z1s@M5U9wO7XF7A=QB!OAWge>oPn5}Jo85deEB4>sSC97{aC^fO9M$?ovbscBLLq(U z*LC`j>Nay+<`JBek}&Je)vqy@K{wR<5ACp*@!#M4nXhTr3g_rKTca#prY@PXQuc#( z)G6f+yB{}4ZY#_AlxM?G_3PT#rSqeTGUbjw~Jq&ofH?HZDZ=>=HTh>(dVvnqhj0w^!eKzq-ytHl4)QIzA9Tzpt)<-IK>u~wX_VQG@Q2Uex3=zp&`oB1->ooAt$Q0+>u zZ^nJkvlnn{E)C)P6mA{vZ{A4dl z-x$%XRW50X|FwmDC^VQ0CeEo<6?cbRMx&&Irr3)DL@ z-_dpN?&*q~tO~TlvQws>7JFP?m435qPSWhSmrLT7wYS$_=$N{CBW0ykoCal| zW4`Vv`OgsMFI(&vsM6=HdA{l#*U{a^9``tBY^bU!VrLP1k=45yNe%L0yz*>Yjk5T+GxJi;ekx0j5$jcb-=X*I*z$zDh(5!( z)+Kk{7v5asu~&T7>4K?~%uNk$#V)+DIM2Yh=+ixG!M-spL+0I#j5LxDnX3Tw)Pz?mTY`7Z|8posiZR( zpR9O!)W2v&$i#!I);4jid>i5u@Y(QH^y}d0^9twuMSb#)nHTwba_2tSma#GQ+77*C zMmHaKtvNnv=d$+nQ!C&5q)GnV9iZYbEwDuHcvsO5W$A`h7f&}8R8?K7Y?k%4=$z)# z81b<2tm(2>g|k{tPCOpvs=71z_}U;(p{UMIOWk{G+|`pR-i9j12u?ogmBNsIY1Wl# z>+CYUdHAlz7d(;5nVcZTKdbvZml0pqBhUNtx9T4?u*?ly#aW+uzjM+vv#ZkVYYRT< zJ-oEYaGinJo)b?cRKNMJuH2@(HYGFbpUTxeku}$M%{`c&cJln=xb441YHVj8pD$^0 z*04Y@Z^CZD1JbLHKI}PG{=Dn^e})_SN4Niz{c$+yn*rPXqS-g6H<)vMH@Kqc&#x-0 z(=RRCHD|%y^AZ0Unx_BgJl?ymq+&U*>?#!wkq=JmjN?U3&U`l1z1myb{-1%>>|=VH zX@7^gafV%_Lzm=Y_GdXo*^ez!?5a1sob~ZV@KaxY-IZ0jv&=relStxRTg#Q}cB;^9 ze#OOI6PwodeeKSRP zR;^Q0(;g*vWlMWct6F?V`N!GC`|2;KJifR3wY;>>m%n!2t8-=NPW8L9jjeLM{PvGw zvnTm2l=#ok*p;^Xajrn-qZ?U)LT}j2yG~V{@wqzNX2+8s9{XE9^Y?|>>3%%7TfHM? zV}WW}@|MDrrtF9BntgZu@a1!yX7F~I>szC;=85jSbcuU;>%O?1Y&+~bK4q3g)g1P_ zB{0wIS8<%0*_M?TCfWMva{LaNWV1M8uWqT%qP(x&JW)B@{Y@V;RsX(PTOVQ=WWw_{6^K z^CeFw%N(6#yZXvMv12du(o>I#o4!m?d~a6#OjM-c+|m4=V(v~CxiY4YbFOnVX_uZW z=a0E||A_hS>!p_yWp;;`tJ`L4y^B>peEM6i`?O;W>uS88ueq(R+teqkv}R$d`f2B| zlKED;x5Gsp_c%+li;4NTrzx$?th!~wW|@1#@>OBXhpp#bc9<-^(p}lZzb@-sr-+$2 zlSoX$V}{^2W;487m2F@Bo4@d6(W8jZbNUKnE2@0YMx0yfacFkV7hTTBTRt4wv|iGW zw{qFu<&jz2C;O#Je=0nGZTH=T^UEq!7UYOUeOmuz{`M{Vs&kXiW#?3v2io{-j@mr4 z{7~8Fm$RDP!oMf~I9rk)v$fws%eTlp`0j(HOXifDyw-T;YJF$&yrS&0&kHZg-9M81 zYSx7-0*5v-R0~FI`zCm_N_|K1go@>RdL>VrzYOrK-sL}YwW;>*O_MiXd9lg0zFfvo zuWZ9}(a+!ih$SE2Sdsl8ZR&%PIg;zwHQOY75_K#7dHv#i-ZlHKu5>c{5R>xH^ylCI z46J)TX6*X$H~-;|b*J5zzdX!2k1^}(%iwQYuE^iY_<842Rz%0TTl4uc!jeNjt}%1+ zeXp{Z`Q!TQ{~2zE`&_Ky{xI9?!k53c<+WXA59>SnvOi7!7XP93c#oaYjhFWV()t;MpSA71^}_h+J=a^OI?op9d-EvnJhNH#`NOC6 z87k}#N=-kqUdmNsdn7~U)7XO!7B9c9Iq{z%cm7S6_+GX1(Vl9VOf1pC*DcnWe{20Q zJN?7sZ@!x+hi%mVyL{D*mdFRKr~fH;{YZb%w&*{DKz&B8mBgD+h1^hy=DW^M{!RVW zCNx*W&9E?9zV*?S*VpF!oY(#${Am0Sjp=VnKe&fT$@lF^G*uDqUOF`n@`*4 z{@%}6@%T~b>z87lTuaV0DfcayGcn$%;{Jm>t20&K%_wksp7H+L7CVcYfGg|k)XuWc zcz5j0mKOPMy=I>uJ4e(nI=x&{oYBKJ`{1b+$L7h(UR`dgdtPJm;aS(_OftPUUp-Dn zb7jeW>5Arq5A)V+RS%Gsi+lev?)H-V74b*5&0d%6aeAHCj&=6O>{++`XAp{+xrOcb z+H?1&zFrr*B$ey4&*dMrA3r?~-@WzXvuzXZ#d>W#bdh;lQsJ$=^+*5l{avQ>B~xMY z!?%AvOgR%|yE$3DW4+Sfc{TF#4Rt0j%KvF@ciXo8%EENj;!o`-|AqdVy}It^eO~!s zUwe-acgm-|v8?P`Y2U_MDLGG?W6kBwwmp35{r$Un!)N|ve4O8QUv%kJwb`LR>Q}hE zd9u;NQ}nFu^zJP@-MwbNc-LNhkoZ^o+vUUYl67o94rzDl*KlX7k^a6QdhzowBJ(sq zguj`%?nhp&f6$NWrPiL3hq?n)&f8jtH;2th^gU;Md*R!Q=RWTFGih0!Sw-3JupPS^ zRVob?nX^~Ep7mS(TkM6$Tl%uMv}g)0+Ae!wt-bue^Zyxm4;gEDQ>bv7PLiLP+- zcpD#CcXa+1^TWR855M-zQ}}qbb%}TCljGbzMiPAgranLYA^+e!vmLv)e6&fK{lh0$ z&nV#Y*@8Om{|rr~Kk5(5=}f9#FCNot#{OBzP*LIY1+H&KIkzNy*f-9)@nLh!E{jup zuFHR9kDGq%{uU;i^6cV#nX^y*mMgY-o~?S{9&V&k?-=vsKJOp(MXxvB&zSaxg>x&X zZ0#%W_fq{luYbkOTfrR{r;}cu;2-sI&ONogmu#&B`lR_!7r(UUIgoTIpS-fAecaL3W=O)o|A??;5?f)5A-fX*Mr*Z2?{NY(o zHXN@k|E^TWptf)3hwwM*59)dT*!*W`3CrGE-KM>B=BDC!_jrTlQ9Y4QgAZs`v|GQ+ z`FGUHq{{!z-;_&kE|c$goIM`z_38et{|v#=>wC=$9o52)d$`CQ-5l@p$Kr!gh4kUD zd3>8wGv4l!`TaS5e*HH8x9SUj#D8o0nAcr!d%35W3iCxz`AhrKC6;#`iBjL#vL)r_ z=EtjBF8&igd4m1T{d2qRf2h2fRaBEc>)W$OCZE2nd=^&RcSQd3tPk~EukY#n`1#=F z!Y!ST+R_Bw=NVX~?fjd4Bwp-4L&|$0i7juf-mE&19KFJmacUdKqrHFHN;bq?d1V`U zc+SO@U9AghC;oP<@w~X~hwx)xC+R1%s(bw`iq>!{>rej0^-yRM4BK_TAAZaKm?w_y`a||Nv#N}Y*UR)R+VN>tVMS~4a>G5Dcje{&h<;eN z{!zSu^Wx*uTPE*toOox}-;59c8Cpx^nQK@-lufP8=~i9h73=V-Vtw~Nj;KGn{YSSI zXR;Y;%r%?C9}|8jUigdmWWLD@b_4YU?#GFM2P0oUriivUh!x4qboH z-c?eZ{76?ZEW4davy6Gm=lB`(w@p8ueZT!b!$lxo_;>He`%zaP%`v(YZ_M_U;n5zSS!-4&2UW}Nm?f}W zmVb5qgL(g~cmCM_G2ZP%##X)jJn`@6PcqwPzx&V7_v_+?M_2xd-P7FN`KD&diStv6 z56ZRex2}KCU#D_ukN$6m%&2o~9;dF|)5pH@mc!rdck4y&W!Wiwoco`l!!*ffy0I9; zH-*_-HS!!x17ss#gJ+65hUv}^L&%iJGq@Hgr z^Q#RF7H3QD%ltFUsOQ`xs<(DUOlzuipy&GYg?XW})7E@{?z=B!n_cdIhNkWxcV5n# zx@>y7g04uc=lioYJ3s9I_TWeJL$~=Jf}KfiNvqnI8OQ3s?f&iaBmI$Q)2pMKi?_6$ ze;mjDFrF=LW7CUCykBsFVF8GmY4T&d~#6;XHF>U-y`OZR+5gC1os z>9h+xnRfi^%KaI+;&D56Y~Ot)x9RjoZ??F(uV?&F{czsxs+~&4HF05gW7k!;Pd+Wr zv9MUbt3Jd2=HrL^kHm`!T%VuZx^}`!iDM7;+FO13SfM51vQ%{Cb9aOFk+-7d*?u^O ze^}T0k?&Z(XorjN0=N4;rRytq{z(39@Z;3kb@#(Jb*0BK6ma~_erA7b{ece^+>f5v z@m|c2E9Oaa?pu)Z_-D9~X}(azt9jYJ#X|Gi3z_!(e0WW>SUvg5q2y#gv#jUWew820 zZ#6d;y7eRJt6X%&NjCMjvHK6$-@N~b$Jo5%i^voQqhN;5an8S`x&Qk8`t;<~=gp2= zo;+V$`=8+jK594f3W>uQ^+Xz1P7n|)- zlfKyYz-EVuo0k=Axf^__PW)0Suid}nht-(#rP{US!`RoBc>Z?F4!C1dl*wsjU0Qlh z+u#4k&4;<6`_8Ya@KSo-bX#lXqmNr2mTgHlKJ;*@y>Wc_-^DpT(~d>lsWe+DJ!$z0 ziLuyN7wSV~c=g85<;|e8f-?ROQe|Wv$!KAZoxyW7X@2j}`9x)pN3yHL{oczxCnmF!Ei zH`JVK;rea;ZO-4hdu&TT+Pyw($GiPMgZtD?jpBPN`quwed2ME1B$;#1Sh#47;hpQ( zQjNcv>|GpX+$`)jXW6BysWqZ&*PiPVd?LwxVb$d*1jnvsxeQvM1=02RDa(2So##zUIOe|hj zJBej?(sEmew-I#)*L~MaSaixRcuwXbfwDKD(KbbI}oeT%Q{m67GkTs&!S zx`bI?h1`FJpv$`U+e~hURcqYN_KchU@NKly$F|v<3YPAY`6~MGp5VuSYnS|RdhOSs z**SZ0xc7(Wq5m#kcy{H>>b=u9$m~)1aCn>ccFAeQ!A0(T@`g{R&b(D|`0%a%*0(A9 zHqSr1)wch`Re6?sx8gIWJN>%JJbzb2*!j-m9s2t?mv`n1r_WbA#=c;^?1%Uxnp>s2 z`}vOCjJVNo;B&nB*T}m|YT2Yky_Q5?%Km02#`8TW!zuE@+(Tx^9-b|Zzg^E=%5GNG zH?cJ9MP;bvzqGBnrJXwOd=Iq06>K}0c%@FX`k!Du`;S}ZJ6grK=M)+CT$|AIa<%cI zTI4BObKQN;!?c?>7k;=Rw#;+w+;$(9*P%LjdjwbAHC=mcUby_R z)0gI}Elw@4*!?A(&i=bp9upqAo~J+NSKa(wl=0R#MMw9M@%v&2paIQE}YKu6PwI{@t^>1AqLieK=in zedJVS#;$c)M}EmIOjf_K_K8;T{OJqVSk`c^`>{A=(&LCt&P?)?d!zze+0KT%ydAt? z%a7|z9JdGT>pm5^A?fk^@X&|zyRG=PCaYcvKefU_W!}{1=J%v`PWPy_)3uFV@Y6B% z9OK!vig5pHUtD)w$}@5Obk{>jt#b7@llg~E_ivt*zD_pT`|5U2)<+x9-#c3rFRZIL zjUzuuK|;n*_U~(Em&z|UqAp$wsrkYKfZqt#fv`yw*O;b(0TA)voV(>$@a8TR4yB^gG@%r#H{4<;p+K_RP@FT`zXa zquFh@be>Udz1Qv!uVedt()eN9?mp0t*^1i$1#* zHdSwWJ=@x4F%!<*j;RWF)wB(^)LMPyZR@U=;cwI!nM-ARRj>WE`dR8-qRSzn(x>f| zt$N)gU#tG>LAwuM*SzP++PFrz!aSByw*TGS*GrYB{gRXys}U_;^}>4%$7Y#}Pb1yj zD%WfEAFh-8DB7}5;#%3!f(J{A?3ry_tN->)-!>~{9>=vQR@(2j7vJU2`c&T|&;M!D z*@v4Vj+HNINalT!y{vn)!6bj@r}3Tt893knldhPR&FiJyo_o>DJus|Jye9sm{$bxl z$-Eo4o0t`IR!Y8)d%EUkroF@;e*N}8fdanae%%R^^UvIP8E^e#_krvG1a?pM-NzRq zKP||r>ubiTS7)Bi^7!@K^?J$s-g>^gt^7P5lYDcZ%}ag+KYCH8P+@mtKL2Z>_Q~mYT2DTa z_uDd0b7O3hJ8z%0&V_odUJGGWi_Ce-?l8OH+e#?CglR33aG9XV@>pw%smbu=C zf4$joM^Pe2=33b*{gOLboNPaC6uD>J`X#VktugXJ4qy0I9bT2ZO{Ik+J6SS zN_NY&yJcf#87BO>A=4G+>Uzf}^r2_Xw2Fx-{b}#4x*pHFqGfb^a&wQt%ecwOC7YC8 zty4V?-i=w_S7We2{%x+FQ;3X6;I%m_-`M8%B|hJ|t-w(^^TG8!e*}N5o2UGt|BsTL z+Ac2L`6YG9rEh(}WBuy*1M`9eH~kXgbUq(bvX0;9x=s3rTMv8Jp15Li?ZD$_C)P@Qz3cq2 zzl-aZ+x2@=dqc#{F710DFs~rn`4N9}?w0PQALS3*dRgxk`(&siCba#%Lf)F?SAwIs zw9YuDKH%?2$O=6Cck;?bPt*FJ-n%#DcCUM=qg?YNci}b3Il()g^si0Gn5T8wr(g7L zQ`7m+$0{;Td|9_K?ZQ@GN!|RV+B@o=g-ae)YdMj-Pw>^YS2p2`VpuzmNwQl$Ta|6L zW@pzo-gVtax~#6fYyT)5`9YJJkryW(FnK^5Y*>*jHZ|81E zeiaqVC`j*fPb}3*$qHx`u-DmG%6x5WjcM(pzkE;AKlttb_Ts>iZFzqyznJcREZ?$E z>qG0oU6(JM=l*-I!qngYLz6#O);8hVw!hN4=NOfyUd)|sRxhFZHu{a6%?G_3&vVxu z(qT0<|D*Jufp4q#dAmcmOguxT#(ZCO@!pT-xXHhz2{=WL}@W(CRCbdb|9M5@f+gfFn5zn$mGi}$st&eV& z`ut}&tsy=+s;qpT?6r<-b@CNeudXKfNo9PT{5rgr{oJW4_Cxut^La(?|8f85{c7{^ z&#t)=Dj%b+eXdFTu|83?y?KkrAM1yIZ}5m`d(8a$D|9_uh8+8bS@}{me%BVI1%Ha# zA5^&}UbgPqKGUX0vGNa}H{?FvxIK4+wf#Nj{i57q-c#-!uU=9k@L}8JWyfW{3yE|Y zTn{(i#%O!aH#O_NWPSR7hW7G^3pN(NzAffBP@!~cHGgrOZTZK;kIwf#|E=HsThA_bVCp6`Q{at>$cX&*4OOV@=#5|tlL)$&2^>{0{&LpgZ9kfS zyVlt66w11_;Obf<$KHOG@ZkK9!X6)Ud#V~PrCffV+!=bi=lk-rH}(a~T|ZJURAXFL z|4{qm;_lq}MyutfUVO3Z_@R37sBZ54Quo##>0%Z*{xoNP)sc_p?MWX)7kXEJh*@V; z@AatEpY6x)Lq%J^&YN=Cg0b1n?wjVeSt5aN^*>YxZE{p^tMQdv$lS9a^FaQISxeXc z5&!u2>7)aYl^?SLK4y0zY;ikCVR|bvWvy z?lZ@u+trz6dtHKcb}o8#&*($$kvje#?Tcb#4+IPN8_nUX&35|i-4^yaM@A`+Wu;By z+kn?neVZTq+L>H2t&EDOzk1^F*7WH6rysWe*6&O;(mC6))UP3EThlYMFW+{n9-H@i zmvUQB)wQn7uv^=wtyOG#T*moNIOg2K<)_!Yo$YkBDOUeXWAxL>H?HhT@6XFgwX*Nf zlWj<--pYu^&QL3nPjxt{e)@xfqKyz=MV3LZkk;3%vUpaRkY4J*1qQ4 zwMXyHUJLbqSod|~vRCu@Y7&;ae4N);vU`%D?4k9ij$fOut#~pgqhk5-II)kef1;K| z}Ey;Y}uuC1RI%kR|fH`mQr{%(Eo%UHg}AJRS_eyw_~wPyOZiW3>L zb@m6w^gjC0?zzA4o2G{{L+(qL&>53`X148JF5)lnqbxP>NV(wpQ&)3dO#i3QyY7$K zK^gV;x-%Y^I%XDrWU4iJ8KkpaY+Z%!HRaclg*X4WeyCgUx>#$AuVDmL+PLG%RW19y|d%6qU_$RDZYy%Om6h9oqp5A!sY^p!mqG4ug9;+5g0hbLsLe7{-pzN8x$JG! zJh>~2`;c(?(p$)X@$U(OzT``6`iRer*@8b-?b7nv)`pjm@tkqYmdgFX+75$lmPs z?BwZ^$Ft7#{d0|d@?33M^o>26RVFdcWAhc?sk(mq)=l$uc$%-R_O5(pI4kYs^61)G z5l<#LPn9@lefiR}a~j>wOq2T`t;lv<8L_bJ;)&KN8;*M|FRHjJ{Z6{_+iIz|UkY<4 zRkB@=pQ5p*dv4YxjZ=#r-@n$fuG{a$>XMI4Pv#ifFyCLB@M?Odu-SEnzL_hx)<(`T zc60b8^=xZ)=klUcclh>PJ?^m4J?_fMbhje!k}skMUrpA(6&n`d=dZL&Uu5gq7O%G& zXIdKj?q+xG+RLV%d%#e(_EYw%dB;uec9?2E+um{P(_^+x`lhTAJzYnhFBG*~SgEpf z(j$Sx_SLsGyiZM#v-lzLB0G3qsA$h$zgND`+$LM^V!pNMyV|1+6>hQ*q0{_N;I1bBFgPhpq2(&i7i= z*wdn&{Peu-tBdE=3!mpJBrjLFVjX5_B=M_j;*DcFj=68IYFr*@cIL^%1FJnF&P-#! zsXpUB!;@fj&8@Q~?G|+eE)5ST>nc5ya_o`7;;f#@_gZ#0&hTcQ>QfvbC_iKA;`3)G zWgQkMZae2L^L?3yin!+S1pcVZ4DB0l_KE%IaC;{uEOB?6s@=@jaTgzy?diPdsw3J_ zX8L(~+xmHzzMto)3!JcMU(b)ya<#1wS9?FW|5}l8Z?@FNEq-^5ciUP!&XQcny7c6M z2jAD7_D%ejD!B51?CX{fN8*Aw=A?XVj=eXn@$FS}xw+XV=RM!={!m}x_POFP-H(%= zT;b{#{_wO-%O&xO)Jf~Pvfdjv>7U%)pEXVO{^YKef)ei!t`?ZE;jLMHWe@flWO>Yf_TT~ER{dm;g&xX{p3hhxn`*nu9lE`0%BNfv{f9w;$>-U7 zAI;}(+TCvReNAUR!D&2Slto;k zpS9{rQ&@=B^0odNF6C$9rGNdt#1wA(^Qh9Q{|v `oDN%MKor?Jub%{0}t%Gpe7 z53xy3nEdi+Sl_`xIHY-i{@SUIAP`rsT&)!ghUU@S_x?dD*ira*mzWTkDHTG^ZKPRQbG54&;4Nd zwyab8xX5mw4r9M~yNFX0drC|z7j~UfZb|Is*@U`C%NrV;j>s7X0ZDE&ZSMJ z3T?{E+2%{$;$V3v<4FRIkXB zXYHRJOX}Wh2v-aD5u8`6=_q+}*}|&#)LS%<#mRm~!lmBT z6ITD2<-=r`#i`6?Jn^V$yGrA%il6Q5UD*$dr!C+pH;CEvSay|Ia#Q{Js);iaK8N0I zSGR9}?rY83wj+(DG4!7Olns`T|75&Q?gx85~?DtytvClKk<9%2P!_&}?@2ido7{pt=3~5+zRT@+J zHuTIUCcB#AKCPoSU3$!CPToDSYt_+s)o5muli7~z9;Dvvv|MG*^PR^%F-%Xz;>OTK+>x7!U>bKz8i0JU6?p&d4IjvS{twB zmM4yz<^?w#nDgF6XAQiJZ-M2h%kgo zpXRriJa69Jtd6G^YqL(>SUh*Oo2BWgEcu&RUVj%W@H`fM88xk8yWpl1GeujgA6UCd zYAkp>PfNJmcuI-QvFyE8pMul16@qTCo> zjF!*&bzSp61BZO)mn;0K>wgw%T8D1((_S@qP3p#Tud8IlzB@_YS;V)#@9RX{MYqo! zOg+Ke{5n=_&2*jFrriCe?ZJJ^Hi!FH{uG?U$IE-eS1tW0chSSn10r9$G-an=X<)Zp zJJcwYAmqP|dJ9Vfgar)$X-Q z)#(SF9Bi&==6IaGy}9Rcqt}}mtBsy6);*N(Jf|vTah9gAo15i5*6{6p5%*e6ZdDofJqqH_xpuT|cb4&! zSOzz{;NVlo&*er%-_I zSuYyxJB7V(&ZWZCl~bPX+8!x)%QQ9S%h#1#{^mXR@3`Hnv*hu-Lkq4v-BR6by7R>Q z(8oJ@c5q(4zLz`UnOVw}dkSq263jIYZGBT}y0bG?h^erTx3E0w)SkvPw?pfhR=>2< z+HqNLmRroBYPqd?=KR^od-qQ9nEhx%lhxzB>85vdcQV%;UhBH-N7Lz$E&3u4gsg?5m4?DEt zIOtTuWmi;E?Dssrw_wMdT^n^L|5E|P9rsuNR%Q$7ug-fou$D+ge!a%$8W6Y#2 zZ2`yg{SR&5YCSV%(i%th3H4Hk_V^p#%(E1|@0Tkh8kH_zoGg0gS;R?}Ql+`MI=4zs zyzaBBKes*C#y(piL89l&(fkZK;fpu9;?=$?s~0>sS!zAgZFXATTx-wIp62)d*+*UU zNEJ-GYjeoYU~hJsuKuBG57usRe=2dyy~-n3Cv7KhrlS9BmbWh>%(7W?CEaAzUU_U* z;683*HebdoPSd&YO1Q&3nag^Llit;4xu!mG-`@5&+w9q;b8Pu~1ss018hy{Md8w%$ z=O|AQsJbed-d$#M`0~n?rP?PNGtL}ns66mG;@syuhM$fr6jbwVUFELxByw_KWBAj9 z`OibuuDnZ47SVG0{%z59x1AHYr>Xq9a@c+6LxIP(#rNi3ocrWr;L#%us}p3NT<)Dd zV`0cYm9V32T}On~IJu8+jh1ryP}ba~H{nXk8Eap2_F^Uni(}eBxBW8(7AZR1DX^Ng zH#ceH=^Y9T#a$bvj|y5F_WTQpJ6dga(fPNQNjFQvbICQoUzhY5oo*`6UE6*8N}JIq z!3h-y*X0LZnO+-s-7J|`dW?RbE zzMgw!tL@Q?DtEkV_IzFRP~wI7<}I7V*%kgXe0|k2Q7q|2!ObVX`Z7PIYC!MumEYI?Wp|l*Tai;z^6T=KRwkPbnG~CkdAy8mYh2=< z=U8#zXL01|q=#%b&D+07XGeUS!T0!t=~~?hg41rl(W;g>w8BD$Ppjhb-O21awvPwt;?@n{XVt9;4C#-6J)9`?rM<^65-*6dA4Z2VsRH#26b$i&VH zo9$}|J)lo zbAPO@6}slrmOMvpY8vO=X(g{c1bNmRc<`}nu9HsA?auQr!xnApKbZWVF?ZdR5ZD!npJvXrS zjoQxOQZAEzZS&UIUz)B?ji0~N!gZT-S+~LabxOaTIr-kye|KoS1wf3EOzu3L?+p^4Sd{1)Oo3CwqyH-f`&_Oc?Ym{V z*P@%#Z2Uh&-HzBU)!y#-N#K!7;Hlq_cKZ515ZkF^pZDR}Zr&5}bvzH-x0~LSzs0(~ zw6K0z=EvKUk4)s>^>6EzS?gQ=gj?OadG_!8iaQ(KetNE5>NVTVD|A7{+5Ly=1!DG0 zJhjL&;DOuSh-SUhSIM1ui=VqoZpvx zR6o3%SIJ-fXm{T2{&(+{{^_qR{u{-!B3Vm)<)^p%rmuW==fb8Z-=p??6TIcTFK*|v z-S0bRwYTiii;~Ps)L5*&dF6V6kLLY(rIq(iyRoq4@RW<544Sm;+$&Snz}U$Zr;mTz z<)WXtME1K%&5k$O;)m;`uh}>jnfeQOyjnhq^Vjv*53e7{ZGJ44>-#ok!a8o={cH1I z%k$V2XPZoTvCG<9M){emyt&+!$8N=a9XqctXHPkER0uV=q*dJ3Hg`C>h#|9RvpVgDrCC2?o2Z`)sa@_A#p zV)}&N^;XZ<=o>9fn!fU}>DqLiHLa4rF1*~LeLLv+Ext?a$;|;CKh(4NraWq76FvB+ z>Pkf#kJ%TKD-k`VyxVT8pQ~)~rL8I*66b>FU7cIfY82l5*7xXiNi~Nu&C_yI z)K7W7$?W=Z>g08sS>_+Nmv309Yn1UsVZz$$eOZ%$q8Gj_KF$%bQiL zg?=viWbY*wD*1EO>N5`>FgJUs2OM>L@@-*;+36L}pB{i;4~x*Rfna zGQ%R-@4MVI{ew!C>GO}xRz1|JWqmbtZiwvK|w}DZeu_Bb61tomlGHd7ORLugyn5N2#ut&zzL?kM*PPZfl+; zN)8ggllF)omuIyJeDL~aQms{5XT;kHiU-$OMVvT!E6RAEsa_FRW81AS`3?3mdUdQn z8h&)0_iB0;Dz7lpoa^(!^zvL~or@ce2e_&|lFs8_mVL1`W5{a0V-{=Y?rk4~jfERpUq8%PlhaPxfn^JecWc}^QU=?i{~O*c+hl)|9h@uTyRZ2TkPmQ8!a zyxQgWNPJz-EX&^E$1z8E`c~gB+Kze?l#OC{=w<3}?Uvu%@qkN&C*08faBSt|bF+^d zuB$y7zUxQ%s#~{z_CLO={pQe~iYHTbYGaD43d5{(Srd02{!lOVRh~n-T9(W6Mgvnp z_VZkGul<*ct$v)n!`C1f>)L))xB9o3Kkqc_$ii=vV?&B|P1&;ZeAn^gg51jPN2S(m z&KACN``ixRhJ(AGT+7&ZS!IIv8lQEAcb@Io`Nv-O%BATaOYUs*yBwh3xHi4U|Iy7K z{~7W&REj)TyKT03_T{Cl(mCauD!N@79x+M;zSG=P@z}Zf`;sHeC1koDFZ>a_@Q!BM zN7vKo>r_^(+b8rR%5dh_)61BzMFpN%F1~a7x2xtC=lc9-5Yk;X{pnr@_Jpf9{@DMR zoLp;D=JrtHIWyay#66r3q|<)BU+3|kVcpiX3nMGS-KM5rShq}AQ<~dea=kPERIPM1 zWutEsGL>JP@3^OU>CGNXneg&VF^5;#C*Rj3KAfSFk{e`G#kQulJaF&F9JSj=x9e&x zV6xZjc>G~qO@;iyH*ehLTYtWOChOcjuh)KW=j^aKnz-n3@`i0c8XtC~-TVG>^Y*jh zN3;^ny~nL>d@&gu{EeJ}5^u6}$r>tOn45fx3P4~F;l zo!|a(e*2m)AHUVJ-x6b9?H+foc3RN-j?FLJqI=f6@g5bu{ob1n zKaRDJ`*89~s-^(5dbvz-oa286PP56Yqdq_UZIYkSmR)|}p2&ZOmZQ>Mn?5RDKJ%YJ z?MQ<7tVai)PRa0kaoprgq38<>Px;_KF+UVPZ2mU+N9=-%;FurNMO&(}DwjlU+V(8< zxTQ@v?*sW8@!v9k=&t6Mi2M^^bocgZ6F;X9H!N&~W2PC75t`D6R~B3ik^JpO!4OtiZ6eV=>B zpOn8XHLQ=;cYNPxDyOn@<~zMv?j9kz^)u%Ce2#anvHG!?{b2o#Z{Hupx727Bs4Ka) zl|FQ`kF%}#o4xA8wY?v{M|YR?^6>55D2o3B!e_BV^Nc?&ewSw7wk4viPuXPrcKM~IcF46ef`Dr9y`to?qdZu z2EQ-%gtymt{q2)>FTe6fSLlTC9L5tX4nGrGEElQEY9lmn#pk=~52nqx>&<+U z#i6z{U`hJYychR*bpD7hn!VRK%xSe{nCyvl*^!s_cH_)y;XCjOt`da*ryhbKHUs__7|3^qaaJF6QkvpX) zO;;xWXJDB;VPpGSoqK!!Gkjg8+H>%>SE@U&qiy!$x&F6LKUAI5bLd*l^S&wG{~1^X zepH&cS-g3s#s5+2?b`hh`ln6m{k*&S&*MK@U*bQwzZEh)_vde_{KLq<+5EYh{Wl-{ zx@L3ypPb-_ORC!c8906<--=425d_1GZb;Zv$8~bGYwQ5&iE_we$ z<68HYEz^bb-WAV(9c#DzKLg9WOY@6voh$rzy8i2Gx%wX}9Xe6>Ub$Ml-2b0pt@rPs zIaB8vu2JL7e(MqakIQ-a6Ld}b{7 z_1pH2{SPKpz3rQ?`=8;~(@&2j)zz0)%s=v<;Rg4yf3m;r7A{D=s^0TKD>G%U!<+~^X_YVPkn#9{$PHmosg7&mu}*urw-gI z4e3n#GWPwQvCk~y;gacxFKu6U;?~aF=iA~%zAV=_Yp$5>ucG;%f$P=EXx(-1&!!cx zVYA|VSyEfQtj6<4;_?^wZ&<0{eB3)Zn}K1qRCwnftBsXmz4@*zD!Noy{#)ALjymOv>SG^Y-!t5sk-J83|5fJi9k%}&w0_$ktJBTR z%C2DM-L~ztz%RzGpX)AvJHF>ix35Yx%i5g{wy*tt|1R5-Ib-&;gLYdj?${-EdYYH` za$Z>S?%MJt73W^P{BnKT#S;l@cFH~I`g82>vVC$DiyeMUEoNK0?99Vu>ET)hr~Ha% z{pH&BHJe^Z%n_|i7fed` z+ES7}rT(DWKB0&#c>(sW(ybY9brlX9_we4E`fYoU-rD6Kb&qVT5S)I9KkLJPhQ^?Z z>VtOTzSho$(QT5s?UL)=wp>rxH@W`SmC5%@bzZGg7LR(Hk=f9yRk-)O-;b!ZW~-Le zb3NN=pS`{%u;TZju=Id=zSGO^r@Qpq`dR+XUi3q4qHm?j?B*o9`%&MR_1o5&s9fG^ zYh>N8mv5%@*gE=3_4RXZ2Fs&oEqC558nh^8L-@|0;r|&}IsY>>RiFH=^26Kt<@G-zn;*t^?a#JvEv!g(+xF?U zvs~${1@^`bZvGGBC&y|0oolC(G0&j;(508u5d z*XOGFY4r!K_t-C}nEY+Rhr2)hw=l0*z1i}F@_Mhof}7Ek>n?d*vaq@PW_fd;_WRiA;{us-qSx2IfB$X6#XKL^ z*{gFc*2O$FUmh&5^5_enqL-JtvWq{N@fWJQQT1)3>WN9WtV<&*=YP;*vgd0{=5`FFsl? zdP|=@=9ajJN6{*N$2-@Twg*(CT(-C;x9Uixe9C`@gNAlenFcSVj;$`wf1cmVG}Br> zFg`ZsN0x4|pOl8Y@}C{w)`J4R8 zU)rZ^xYwuH_p9CfTUG_0@){MZ&WB&N39rpxd`?Q^-7S+K`(4==L5peHZq4s|dPV(O zQjqSOGaXL<8AJ=iwqLV4wzzb~VXOVKE47>WSI_#z{w=NhxBcN?S0C|Bd%-C8X72iw{p-r)hyHD8AGS?b?K!*iR#{QuZPTkY{!<@+IJ$JjgP$q$>$aRV zGWaaUP?Y(fLHI7$?P$S6(LDWCKdZQB>CX1bTW6*_U!lg~x`}*yy|C`qyG7T}>S|8T zu40a*!yGb)cZYu6tiUlJte|A4G;d&I{rt*J!;E^J>g4lN51vs>v;F1l-)M_ zKpkJqt69en?L4-)=5yubZRIi_C&w>*dQ~=Or_*h@I4zqQ+l~D=N?Jd7e6(9FwP%y! zN&8cK%#RxDetr9F@zQ07>RVlFc|R&2Ft-Xn5c&0YO-F9hy_?_H&#lp}+7xqQJBMtP zQB~<{Z{7^w8^wR$_!<5&d>k)zQu*aHpOabU*2!B#KV0v8a&i5Wi(j{@O1!DP%bxY^ zKSRT<^o~8wY0Cu59^c zsr{gKjl8zSe9;5*^MQp7HF%bI_0yhRP)j!EB-6`y>@Joo1J*KwV{owB?0A9lQXdpAYxHkbH{^=g0T z>&4v;-nDOn{6uMmu8))2P5Q&Ry+Rh;d}SxPdDp)FKmp(0zT5uGcoQ<}h2L%I7ciT> z;wD?hljAeyq|dtZqk7fB+=p+yex)D#bfj+UvpDIi!J!{--`d2+Z+ZN=(^5&bnKz|A z`FuZJ-#Jfy+8yWGyu%79vo=5cJ)bx3&e_6c@ozHy@20-cZvEKTUbyVG>Yaf3I>(HU zX8z&3JUi-I&FW6GBZj-x7o06THz!%_;u@7_RXW?OV%N>lOE3D*;20UU&vrv|K(<9r zXsDaH;paya%7Yd?%-{n0dYF!CUbevs!PTEYIEM_Is%xYvCV{YlfM!OV=&f z^=j&t9iMLJv-+0(XV`qc)h2RjMen<>nJyDIp0bc#-SDAy-=xX!J-t{DSlVXau9N+7 z*mdicXpIOlX8EXdTjDpB$!JBD=~V0w%B)km9WgU>3M*gxg=_Lh;yKrCUE`UboOdsB zg8sXsB~|mA7hkIhzDVp=)beK_;;KxT=BYCX_Lni_Lz5H*YkzE`&m7& z>q*I-c_-!7PJSpqa?MUoT+VsM@w*bM4hK&=bx&G+gQ1n)HH-C^_50>C{;{q9@aVeh zhw_#Lp@T(TJ{+Q50*>l^eueQmf5QGwE9K{XX)bm5TfbJNyrHV$rzfB1gwO3cbnWm} ziqI6N_gZF{TssYkqs*a>E8Ekx5LO zuFlqPs`_)w=ewb3sl*|>8oc5&#J=;zr)?H zEh!5w$~y5={^&l@t0uewE*Gbk+9?5F3SmC-=q6T&dV2Gynp`h z(r4Xe0q3<6&##aA{N!@po6_T#I}eGUdj2|Y>cd{HXTK!vu4_ap1suN8ReqGeb$j8B zqmQ^bMU1qjabM}$vD;XyPv4pOt+y?t7E&ZF%{?(edxK_UX-O|`FL)E1pZkyFN?lxGu`D0uE(pPbA%hMuc`1W+YGTqDW zdM$U7*(PI0o5)i#*FzMOCk17ESTFmd==ci@V!j^DBJTkNXFvW%3?xv2m22 znQm~l^~KBkGS_o0BM$DKZ&uO%aP1#~%`U48a~^BGe0etekKm7mD}Ok6emH$ps z?Z>S1CtJ@iUz&C9*Zsr$1?*c*SD4?P|26M%TkyS&HK`9YzGj?Tz0l&Y*#q%af-hqY zCr#@)^DUk)^K|heiJZK=BjwZ1sBGH7{+>TM=uh6|>&Jdw`qAxCu1*HTcz_dt8~`=DtS}8`pTcerLWE8^!_unEO%B)3Xrr}7drjgtgxiK zW9(gzF8?WhX#7ap;!u`=g7~yE`wf|!Tnn}pNS|igG=q2T0hRFb$1j|J6xnyo;|=?) z`;0lDkzKm-gwoC?o&1GT+h*7o>z_IK_fS<=)r7*T^=(^a#T=`%)xs@L*s|t$*8G|` zS@h1ycE`5-s7v##tAE_PU-nGKh;Q%DHShV)vm`xty(;kMK}V;=!9~}ZHs#i@^%Q$j zv+|g&mhP&Zt~FCFR_gva5|rApDSdkuSNF!v%U|gzeR`VUR{4FcboFY_$7Y{3G}R@J zdmU(dc6n;p%b=xCKDymcOFZt}C6X6!bffvmJib2mX`e1jyW49#;IDcv?tdlaKSO|* zSzVY+)%EH{uRN^WV|Qzr@z(nap@R>3YCc7M&m&CdL=_S`Qao-FlwyRl%zd zPN8q_h#hC?`5e2xPv_yDD<Gtuhx4Dsr|VeL z-PdL8Q|x_s^^r@e|6L22jlZr{{g~`>Sx@NRi(Nb8r}}VioF#pTv>5l!JhB< ztfl2kqq08luC(@et7&2Kp6j)h*v?g}Vtn3mPgoZ|chA>#>%)FTKdOyO_qBY~b%1}` zyW}mKeqGs~^kz-Lv|DBSm&H6f?7MwO?0*KO=cbz%zm}KXa{KG9k7_GL*Ug#4_FF}> z>0;VsE$MUb@H1_u~G2nfBLwidMhwTKI_R)@e_*z4f~L?&PZc{m+o-WvuD; z)Ly#A@$x>Utf0y$<=at582Z`O`<`FhoHNb)&dtovxm*@^3TJJ$JvVuAgxfW9u1mtF zc70vB<+pbCkLcj}Ua=>31~VsLU;p#H|4h+SYeIHiUZa~F@zr~cN5%Q2DYDXsrYSkv z-ubk;sO;LU)9EW>{?3oyT6@&<=k*28=H@=kf1AnM*S_MIL!5GslzyScjYF6J$!5%2 zwPcojzuucC=_i7Yu>Q%;czIuXkIEvByvdQ%-pZ94Zpfi;>Rfo$)i&?Ec!Z0 z^}#jvZ`+U9^WJ^Cb0(>-m)bwp1i_~6ZrP7ipmsC zO}aO6LFC^x2OoDEN~rX%yppu>t1t86?wmZ6-R!gUO;$Bn%3P1kT=t{-Xjjs88^4Qp zf6j;u-CZ@SZsmu|0UzE?x?aV%PG3;^8Ta{^Yt=%9R<*seck9nmuy|mazioBy(&*?( z8)H`doFRBL_2j~ryfaEI)x4XG4liFT_Dgqai(|w|qsC9YcUOn3i+6Spxb~%coA-YP z?u-kO_muO}dlEK&U-Py+x;dived%07rKui#r!10Rhiy4}DeAd=S^>Mn(Gn~DmO7c& zbtzT-T~TZ)&m<>H*nGFmxG7lN(Dyog?>2*%m))3a5B8*l9QK{N;J4ap$%4a-@pJc9 zg}bk<5xSb&v;LuPPE2(FSDnQZvggOM)x=#|=X-DC^8DTig~=>zuYFxj{7t-8Km5G( z^-o7xZb?%$R5#Qvt#uG5QuZ2l|v%=C=7^WwkRQRjGzyi+&q`S9ejVouWvkKnJX zi)ySkO|#$fW6DVp$#c@H`m?sQyjs$utM}GMxkE4S%*#0|d!Cn;1^k%r`Z1+2^V&bb z9huwoRBul3&HQ0~*p4^U?4SIH%UP?B-CTA~{MN3F)Q{U{=Hz~WvrgZDZ=H+ueT%7TF^4l=eTH8|2 zOYxm?#^PbGPxPtZe*Mya_ecH)6V|&AwY7D-1p>7jBDUMUERy`~mhx&=c#q;1qgyv- zJXGd69T_gq`^SC7%l;L&W3;V$kFif~Tf3ts@gtkZl3kO%KkIxeSXi_+%Iu%a#hSo` z&6#$})wPb3bu&_qMbGjwjHn8F1p^Es?ig5Vo6^t zpL6Jc28j%-?d{zWKc-zvcd>46Jn<)cX7x#(wR_(32OBZnaW_17Z|l-^y~;sP;uNGJ zTAzE&ewJf!`-ExRuBp$zl}y{V-6D8i^orL}({HU?p3QtGOF;ch@r14CW8-hW7>#qQU(u27j6<~q@4&s60(*Y>rlYrUfICO=^1K=-1BXY&a~QAb=`f@UHfl&CsXe%emCFi zNlxySgWskmxnH+j*M7KL^yrqZO9BD~+OynFyJXIM&(EoF%;M3)nQ4jJBK!B-zH$kA z<&yF-WGnZ|2dXMEaxGUxlf6CnO**BoIA_A~X(sVm#>a)v=lx`E{&iJCt@9z*@$w5- zq~l+Ex4GuDZoW=G{HI^Y?O@uCu%M z_p#o(%yeAc)Jx~W_7!)WpHAwZbbOMZVMNukoy#)|_ntlS`-=RIy`HP2rgvQJnc(5c zwZ}X;X6?5XDbpN8PAp$mUAnr*qsYT1^s(?tL$PZ=;+B_ZJx|+hF6q=PcQx zKU1OX{OgG6QQgMk?zf6BX1lEGGYi?ZJ=%0)T+Gu7$#rGV9vQ6hmYH*H-kQrBGm}*R zZ9SJ|t`qrP&0w#q$;6hq6Q`~|sdB#ecEih1#XIMm=Uq+vX8EMM$l#7!@!P<|IifYk zr>o0qJ>J-RY=_qD+Y44*VvYQ+aqzh0>dOWhUYiR0ruqeV7wl;~YNAvvu`ZVH8FP6} zVAZCB(u*1Emy4rUJ54;nU*~JEtu4jyI0uuT*Oi=Wr`s7j z&l%3ztfD4*Q>iFx%8E5kD;e^iJl`AQk+XBDPOfFf6Rn#P>uZ1TuW&c(%3Z?alY8g- z`ELS;rmH?tnHqbOZSU*{YFn9)eoM6slRPQ&eNEQgBQFno-*ewxQP@|`JootWrDd~B zj-O<=&F=ot!l}*SE%x;M38h6rX;&T?^@CDsZ-v?zghBC%%IQV5H)5P!o zD&;E$G6xG zM}?-H*KX{)GRa|n(y3{0FE6!qwwG8D<|d=3Bj((<29U2cx|-+kau^gNK<|DPdLNj%BHhRf!t&;jQ^R(MA3$pmlCi zVh5#m{B+OSnXNuqz6i8-eLHBJxoaVWpmi>K5?BezR8P=`ZV{W`Ny+%JlEA{!x^CC~4)NGk|IGTI;?HR%R zil!wNvKs?jdv_?!lji<$VT+6H@r}>tFSXJXWDJk#>XCc${MwAjjn`(hpGabuaZYQ_ z=0#8JgAZMKUS_+Bd#angNwV@%hMB?w;lDzB7E7=#Nt52-er@$m)pOS#d|TBeag6!X ziW9dld|fW4yjP7;QlwpIchBS<|3sZ$sg?bVW|6z!n`yx^_poWuLk1PW9~ZW!cr5vN z;#6p*-Bz9pyN>T!R$#@oqieyOSzV5jLEQ6f?WI;Ly52awW5dn`kwPEYz zXRpFVFGn3NSNqYsAi?3_YO`OWtMq;@eA1=Y@^X&q)pffqgbt=04XyjsQ|y0PVV`%? zr)clb`e&!UkA2OyC3ix@Vws-O<#V%+=AOKg(#zD-uED19Ox5A(CGN07=_nrqgCkw5 ztFzO&W}HwpJYl-K@^LN0k<%iFoZQ6o>({2~lv_=E%%j*`qEevg<~&8GFYS@G%gk%6 zxAslB;?#Tar+aYpb~(vR7n1M@af-h^COYrDS09g|3UrYOeXEG85kx`OEr7w?!^$4U(yz zb0wE`6I)o}oL{w>XH|Et_~aH*PyVw34y>%e@y6$<*A*@N_nGG~9ovw6{q58)(T8mXUv%&8 zezK>@^jM|IQt3XsmupL|-M+hSUGwwS+gCy(O*OhE3T+E-@-GZc-g$8$>;1@1$AgIz zCx*PM34F+LvWwSYclw;59F8{mA%6)9cdB4owN}-jR=PDl0IwGgFValch(d=eDp^b|REo+bIu)dxg`CXWmb*`J|iSMhz_i1gM$v$C$OnIKx z%#SujOq16+Jnr(EZM-r_XKS&ErE&$s*Q4oo?>MZeyi@ElYu{9Zq-$%|HugJZ>A&?> z@(H~0{*SiD!8v`4jMsB}8`j=9af~=lNHe0Vef7r78*VLCUw7rDHpC=Vmo(B`iQ z?>QxBrKbBGYnZ3d&b;t_U`$p)l(NT?$v60;T6Mm5re-{?=ulRia%J_y)4PvxNw6|+ zFAf$>ym{x${G;Wcv|V#J&&$l}%q#Vta^@1_G5)=|^@sGfy>mG%?f#)}OMP;5|3v3n zsks-Ho=s+pwT&?r)jRTS<(m@8c%Gy~a|&Zcx3xUs*HR37c=^x9-kHbQP5q*TrTn62 zY|MBq#h!9}QCH$-pXUk6*S4o`Jv4c{+}6283*Ao(D%(5=%bcy@X1Fm(qNOrKW?to@ z$VKtH+8OxTUkCqmx1MgveNevFSx1MhU=LsAqBjLyuAb|^t-O1C=c=f-&ABXT26rY{ z9+jFtYi7d!hW9boRu=u77<=H0`c~^NPGugk?nhiUx+ia+H}(80t8bUi$V?Eo`DebyF>BO|u9^^1ATD#Qw|DXcuOpQYgnhF-ZkYT%C)xP&#M)YI?@n!rzGTk#1y8F=PbH61#0Y`?-W zkG0*_krEI3_8Pv9G%wyYCCKSkl;PPnTsoRF$Vt8d$Eo)p+1 zc}yexu;7k~Jy)iQ8C9-wP!YcVdBuxT=UCped>7>$4#*vmdTV2!xbs**?qk!&hkq>( zB^FQa=?P!(quAXbYDLP^2DKg9zH-x~w4%9Fmsf5Q^EjaJ_3PSfZqtsRo3?ShagEx3 z`5MQ!p7hJN+PZZ&D>TOBMa`XeQYGlh_H*+hRGR9&CLf+BH|twzm&SK73kI&*y>pNL zy+1i$Ft3V#ZPoWf@@+=9Ca%7xAj{Pzveab4W0CEq`y^^?s(r1D%LVlNES~Mv_PKoR znxT|BL)l`l&21b`iyl1g30q>ezmA~q%};7w=*qHnpk*g z(X=P53g!W3%k>Wf@G~tG9N^ z2>0}VTvr{Ewp%q|Ue>pzMVAekdqO=PYuj?UWv24ZCNDot+@k;7!{kj$k*#lb zWqSJEx0gkwmwBF$ssH+VnU(U)b-E1)7Rv#OFGjob(SA0^H+P_E_vK3dvSP5_i6Q)fsr?F zWfpK}_`TuFsC4?Xq^sO=-kJ@QCd}b-R9>COzSKx8)9q?Z^4^%H^A!x5HYu}KG?&R{ zspQ`~vzU3|pO@2(4=O+O)66@)LVI@>;{o~Jl$hA#BCTQ0bHch}mPBrLv!1aaW^uwd zr8QBn%`aHY)Z_S*&8K-wLnb69V+`=i*-)!T38Fta2!6nu?Fnko5^S{oX5OEZBcMh+AH(08^6jA$V>lcNPB&o<6VvYD(|In zx097zq@{0ky?^t5AM2lZ_TR$C0$%RA)T8r3Kq&Z~_CrtA&E+~9G>@tmTXCp42y$-P-zOmv~R#oOH+8v2IEnIbZH*PyQHw zP}-mCPB(vt9N+d`n`S(^9kQuMVBZ_-@YAP1PJhH?v7=rp-lWl~=ak2z-SVveZr&HE z(PX@wZ_08dcSgeDirxF?mQ+^-S^irdWwoq)p7P(BNt>r+S7mi>S#BwOdz}}5khXEy z-&yaUU6MZ{CwSfNW?u92kocK}ue6;H{b$&|^268bztWo)Wt;#07~Ol|`HG|Eas^ly+iQe-Cj*k{kYIR>|^y`Y19H;)_{|u7O`Krez=jlr+cpsW$ z!F+4y_v=qLPhI=fTk^q_f{Q05S;B9AE3ap$(_nmL&r`ALyyvwkPgQ!as4TxzzFMe8 z=YxE|N}5? z`Rkqw-u^taZ1?kxa$n0noj-ERZ?#_QsvlJq`NWNz`%aoj4A@}4z1LxbWmh)-_Y`$J@vu^C@V@~+;WqHc_oZq1lOW75+TRdA5 zdEWOIbrWbtnRv+d!*2~)XF8CAC_B!(V^Xx*kC}Yjz z@jlm{zdimt;^3p|%(XS<^-ujawDji()Mh_?D&w?ba{7Krr>MxtdA<5?j6d9el)7Yl z|BB3CCF|^bV%FQYWuG@a|3fvuSL$8i!?jV|H!h?`NrpWCx_;6h^N;I~&l2{mUR$y1 zUAX!af0G9LsNcf>IRE~3{p0e{ckLPT?Uz>N-;mh&Li^@It}8F&XFOfsTC*-Ny}ic$ zZ@=eN(yPdX4dAE~gx3WiAFyw+vuW(vC)Fo;qxMN)&(-6SadPQg#eF@0c4V4)ZgNq6rEPq)YKd7@vC)R7 z^~d&|{;~5nV`Zo5_f}?^l-AH+*H76?{^P6YK43NJrPbLv-TMOOto*vxev7ikR$aa> zUrRaGYMrXS<(lm3<)%xQ{Vdz|FX}_~z8|e0x;;L`b<3^I^Pj2WIHUUdjCG4Po(nu@ zd}-&x(9qrPYyEN;FT3dNUox@pjrJS)o5BYdMW^nn*lW4I?+<6mcB?mme07QO3-@ob zZ+EGa>dV(()t9|2dotfm(d8Gu>`md7KlJIu#*|eBhH;{gy7vpeF7L}-E0OYXOZesK z_gJsiWb#z8P3AwZ%n-G^p11Bu*tKs-x#2NAegU$JY##gy@8&9Fks@_ENuAKRVv9wodHz`Ngj$E>7KFcH_Zy zlanG|l53gTUU+?7SNZ6p;KjwSHWZxx7&7I-cN?qY2mWdQw(x)RQl#-p*LL>9{~07U zz0FWz_$skJ#oh6e>L1n!cPIO+{iinldYioew>i%*x!`3L>QNiFf9mVsGjHj%MOXHS zKhoaOV|L5$%=ggs32hb~Pgx_pCGHd~{e6*O=hn}w$hs&9PUS;zCE%j46ArrMX+;#q6_ z*6vuff^F|i-A);~sVW6K*e0FPUbk$1z@fF4{ze;rgs*dz6f%19>ssIR56^?Pu%>F= z{3?2{W0Rq;!M-~^k7k`Qdfb26waQ<@ z^kvTN;*(4If}*8&1^>ERwq2$`B4YQ7c~SE>Ut704D@&PutpC=IaHC^!f)BPmZ6y zYxCLF6^pD{PWD*beSfyD_dmnIBs*n?TfOavcdPwOh~Hw#zF%n{#}CtoH*NAi#$ERC zFjt)Gc)WPluQf?gnKGjDm-oB1| z&3+(Ssa55w%7HIy{hM~#_P5r_WJVc@^d@ZVEvu3VkL5kPr9G!;wY)=iv+=QOYkTIb zzw+h7l+55olRO?I{NP=3=;;0}s`kB^FaI-et@(2QUc@V*#gE%~W2dqEX`1z2Jtz}e z@m4uAV6kbsi21>I;eSRoIurD!u02_vv*S#VnH&4os=T?sJ!@2ctX|&FTa)!6#c=uo zqb-$^?`qv2#^tS&s(v(o^YZbDw@*v&=$yGdST3UhPB}B zo+l-%=GyWb2|dfxjhwkp>w|uCO=w>3`?U*`UmZx>Gx>P@X1;cr{|s3lt}T{&K3Uql zu43KqV{)oLN);+ia-#z}|1-3B%du9R?=Ah$AaQc#bDwK+9)aH(=cI&1lvd3$UYWQm z>dkNVZ`Rjx_euZJj^~PVmZ*4^uJZfp@A>`a{%hh~vz1sqyFS>St=alu|E=QS4`nm1 z%{tfeSc+`#uHC0~ z4lv%@875c0@pe?JmPBRfR9nHDKl~rrKE0w_to!Uu>Dl7#^TnUUR(+GuyIZrgMYVA9p3_msp z)V$d{<*#v|=f~zy9{2f{-x;n4{&sm)C-x)u!^^KPN@j?K%}wrMWtboJb8-0J6{a0U zCU@m-9?$7|QlYhRcJI4dKBkbuEtOZTtLD92ToZg{eW_^c)A>Br&C#=tAF=hbPE@<; zch5rf)4%z@iuci2=v5;Q6MwSLOF11oh;n9gSX z&(QwId%5cS_NS?P+tnTk8ORo8Cmr(8`4WDm`ucK&rRp(D$m<$>KnOQtW@%! z@{f?e+kXe@DF?93H!wNN|ERt5?3%Wp5ehj!=dLV?Ei8R2yRMWwQ=xFe#}fwiT5DOi zx3683CmeEpQENnA*WLNko=xkVaY)N^rFQR+_a_>jG z_qCFKmcQ#vGFyJHzrz3U`?}^wBKtX|-MzIlojqRd&){(vJ@o3Af9t!_Xz#ho;i+9L z52~b2TAbW+KAN#%wO09Zv5BwC&Gz%XPoKc6C)-mY?V5JCM)ODT+SRqoeL>fSCsbb- z7V%LuimvGY_bY32+CR14@~Bsw=CY!zVlBKEuGt{GT>A5tsB8ZjQu14>-sCG~mi=dl z-5>R2>-!(-+Yj6NU3|9Xvhu+%qBmUE{&CvmwEw2wO&P)HY4=P%>dxyr_UV-C-}}n< zmfvt(%jX$-G^ngMpJoH{|rru*^pC53W)=09%x;%RcGvY-t9EhK%AS7_C;t4s`k&#!e0$-N za{J`%X#o`y&vxeKe{=q^cj2^>i%S#Ozk9B~{M)}{m*{t+CGHYYw%~L z<+J|Q*SG&?;59ALRh!8d{dZ!d)c!Z;KWvWf`Ok1<-<`>?CDuNkktXow%=>BgE_J&< z&0XKQCw>WQ&}FrYJu+Q4Fa9&DSnWSSu;h8>v;EGc=Wm2RoVOyvdHDfPncM*FmXGXz zgqsh3Hkp6(Ti5cxQ`xpeZq2UyG-H~y?(~B}$Ity|;H%GhFIb^F%e|`X2kCzuRPI$XX*`H~0TDuzdSb{UBEEan#i{*P?gtPU_d*=4twQ>GHRWKk_?FRMt0M`S6p! z*ZV!jziVDy)G0h~+{Z3yy7^#uE1y@f!M6#|_bjOG{NVj?ZvUZrZu_<`&*Y+GBrVq+ zO?RKWa7T^1iNElChf}BjW}8^nZ|lB>O)DSA3?qxY*f>{|qTp-JCUx9R9l2F8!^ZE%oL;ci!`l zypx@EKlCix@Pu*JXWQb(?FaokCLJ_eF1!4eQh`fvlW$dcTb)^rl~jpU-P}r+OsU4! zysa-Et$Mt?F=VN5mqnId?$LR37rXzPw90;u{oIfr2a9Fbt$L~4`sq>N$#1LnasOz4 zXni;AzSR~+o@UiK;pg{nH-Br)*8VtquJWNa6{`jz>;t&2-(qba8Ki=X%Fa z#eWE`?+lmHf6FO1rP*M8`$W;>3h&mLe@nmeX#bC}XOZoHYFk79WY7A$VUOdwKMA|G zUR#%7pV_3Za`MW=d8|4APTiB9?R0UGZ&~d|o!9Eqj(=Uh=XAzz9^vLYpACaTWzR3P z&yLqVRKHRBWUfS{{!^FpTWeY$#4_yN6eCa<^2)VV_IJsj$PfP+I_#KU)^T0PyW~4P z`x!$O*9U(-AKem>jN6voYMTxP&Pi2Q^vk*>xB0hr#qvY{B({9y>s@`%skdBEaB_du zC;i@g=9fzNC1Rs9r>}nEw?JU|%9Cr>bDC_QHTCX;sZC4TCG4X<%lAl4`S@e=n@FRX z(v3f6z3r0>U72igtsr;a=ZE|ve=I(_H~weXR2tTPzPBPx`QDCN=ZB_0_s$OeFl&0t zoQ>V{{$0KFgZ-P=N4KTFRpb9%j4JZgig>j;Q^(`ZGPmqSf2aMaemGltX9;gz=uM@! zOpfxcfx z`Tqp>nuTq@`B`AkKhs~@{~1^wU8*pdA`ht&8uSXy?Bypp?+v9HCyigNz(12yy%G^a&N!9UOC@)hozQ* z$d|SKoxjem%DmK(@^czv*Ry?MqN-m7iXtoQw(goV_l?NHliZsx*yP%G>-^E@TfQpc zum-DtafEi>cCmo_2M-kS)xLH=8mF=E>Xy=r??fa5i@&VeCq3VH|AjqMXDGNGe7=0I zua%JI)eA4bNPADcTyxX$=f*bCOBGR{{xf*)3NNW$EMd3xctwBo{>wIubL|}DEE)J; zS*~0EVC}oDk4{TG+I8cHM7mPfg@D$ZbMnKhVm*eifu~sFgEx{oB{rsEU{+Dkb z_>}eDz&-My1Ha1k=kHr=)J?aom%ZApe5AjV<4xuI3+Hd@dw%#+&z-BczSJ~&`s8=w zPa5CGoA#`jGF|iaq1nHt+D4DM8e&cuh0m$kc|z{q*YiPJCzqProH3Q$_I8uKZGTtVMZM?Ufx*VwJt+m2maF$k zeLQ={T-qK`mzv(P;S)33 z$?)LwkMN!w6*mqX(l)u}U3lE|OZKB?_5tCvSss6~myUTjJ)(cs0d%NWO(VE1M?rz)rgQmSZIyFpk!-0=|**8wxUV1h; zS9HDl6_qPXCb8tM{}b^t=IGI@PxozB2{$sx`Lp~=c;Yf271z^DlI~i?p*HRhXIC%C z-`pN}kZE6+;CFu`UpK#}8To3L61QIOJ#as_fM;U*d$+1*yZa^2Ca(EWbnnr%*O?Wc z%t{WP7kzpwZ0T~nEz@otXwHlMgQ4620WN@18t!c1eq`q9=aDA1U7_a`pM9eLZ{EH1o84$WA}9E9dmm zev#Y9qSy{tTX%g;cvl&!G}%_`{IPiMKV{L**BTpdB>K!L{k~57QGNURJ;u5E?aMZ0 zZaL?><&s{-b5`HvTQ_g~==Swqt$8R$LDstK_J{pPEx4B-KHnw8siPvTyFQ|r^9j%I za2LKvcjsd@#SgXRr8AXOYQKwpeCx@7?|9ZHk8_(J-gW%)*16)=@1)|3t6$CUh-ZKI zM|Nd>?o0Q#RV9y$&NH51zAyUpKZD>t$%BvPTD~uN;V?^a&)av}6&Y!>qUQy#a7`~& zioJ7eUydJ_2fMHPc7IkRr+tX;ilaztLD$_ zczL!;y{ly7iW>C|`?}fRJePNjTA7vcxTI`8|JQuZKd#%R{}Vi~XEvArcFCi$tCM#+{M^pB^;(5}=;aXk=} z+rOCSW8mz+<`LT`9s9?$J?!kJfYVKxQ^n4(&bswNQem@;`Z~>3hwiKSF+RBV#7=DE zOzud-d+v^Yb^_C4uWfo_W^qTzO9#jWFOsb7`OKH zsS~GeDBJq_?d8l~IRBA9W7e*mWq0P@_PcQ7AdA#w=MU#QRXXpx*RGfRxlsMR)Rz-d zw~vISWv*@fd|bbO*P$IdOSR{7XMeu?CXI1pTO9T4xwx0_dBF5TRXJK4 zew03G(a_eZT>1Fp{=@4xRaW)4B=0N<2retKU47nUZuW60)5*798F-o~?r)Ksy7uAU zvSY8(r+D%_Wk1VYaCrS%Z6#^zB_HcrMQ8kHXemGR?N*T`>oe|2bu(87##Xc+-Edaw zmC%gjfHVK{W2(5$UHB9J;n=rR*0u$wS)P2%b2E%8pU-cy`lsvhwwjV@otuk}y>qME zsw*n%HSM3?)(dkEmuEfaW11FqYlD=2PpO5z{&S`q2_7wroX@eRHdUdX^H8GG;eU2ZnC<5}b(wXCS>=|yf3V%RB-Mpq=Ed59vp9O;5*H1X*64!ZuOH{BhUp-|7)Y$8#$eZSiSgC`*_etjlHe zUUk<7ro-U@YXUU*EKOC{x0*$C&#tv{ipUFZ`11N?SWRZqbYZ2tk-KvPIJt_n#klJQ zZ#36Fm@lf4YOlIweY@P1$-7urZrf1f(02aR#Tw@lK{qM!^Zs75J$7GMJ}08a?|3Zyvr_l{tP7ie++|y-e$yuWp~U-KhMzN> z%oV>bxvaW8X?@2&{>)#`W~F~Px0d%x&^DX>24eAtcGM;xu+#mJy{2ICgjL?I+ik)Z zcvgOh`t~BrPX6k2cY_g1qDtcg16_`#-X8zsK+~Z0@)B!WCJs{U&a3 z{o0avp=uIqVgHB2p_jh0?f8-S$au|R$rCO?n>4-$yRTd|$=a6v=zZQl)ivMZbT&j= zA1Zv-xTX1h=-2u-p<8h$SNw1e_r9I+bE4=bhhO2k`Hwm{r@Mcg-hBL)*IRLEvt8TQ zW>%;NT-$QiQD@8QnO=83h)+JMa*KVV)Y0r(twVY?E5ogud5ULU%+<0@V%a=Tq^qJ& zEY-gLdR)d92IgqN@^iQfsH2<-gq>rFhD#>d`v$G@*%&ELPK7 zf(7IAr@EgC-8}2XAKNt*laE^EY^(a-wq)maC!3w21)i%f9$)-&dF{06e;2FxF*Vmsac# ztWKLOG)2kcdouf+(p4LFrhGLvongYUaGJhgjbpz@Q}`uCe{9Y8&>1GD7#K}_r$IH+qUicyCP8IQ-{99d7JWeYM;J8*th7rxmld_ z6_cMQe?FX~H~(+eEj~?_gi_uQ%}3;gY=ny+_48(5h&?Q`Rn@xvy6CE{ z!DM)G#SV)(^_Ow<~5r>@B6Y6>75krCyh;@A%Kay(d>&_vw~hcFX+VtxHVa zBDHpPMe|`pr?ijuO;gr=h>OuCaCZ`CtVu@v`yueA*{*JXF zceI|)x3Mjb`rcYP+j{2G?OPA9a~$}(YU|lVy|AM1a&D`qWWEX{iu5%?t{jUx!-NP_C<8hmSYkYC*upF*!@1F_oNvAsCt_)Ju$7VescZ> zwart_%7WIeTOt)Q?R4HU?uGz;?O9hZnRX=K+4k|>y=t!KikFf%rfFC1NM~nPC|&)H z=YqmC$x8Odm`#nhrMiy$XO|W|S;f?T;rpstM}IwVxBR*JT&?D|T~jVPf14S)*Z4){ z8r%FM->&=Xh`oMh@L;}It8e=jx2CKQ2X3|%UP(w>@jB{>IZw@Vmgg+#U577yss8Kt zcHR1SzFSu{dCNcgw(3^P#h(wHL==v*uVmWVqtiTRe(=?Wo401Zbx@hZQ@$?h*?)$> zd7hGueve;UK?|jsS1z+Fnm%V^`|r{NvLCWUuWYHDxL~TA z{XVUEYjs=R98|Gxd=TpW`?ZJ3GX(~w2a~iG3(q|>@2id8>?2W=H+}c{x+Z${wVlq{ z%a1=*nj^dSwaooY`z#|zzhW^?ZwRK^4s@R8p3s>yvmOT*= z{a*OqqAPn;muHGOz55&-KJmBywQWl_c7^3{xwC6d-mSKs`$c1JDg7*a|MujvrN#4n zo^9=J?{ojHJ&E1%ZOpr+#ukZ6Uu9RP2bcGlbo^9F+MuT=@aOFJ=Hla`TSCuO8m(5A z@LE^kemdYNGw+=uHsi2uCmQ277thMPz56Ms$=#taF@ooLgW;u>lc(K&I=@KUFCj|o zc2j+8ZB~m@W@<_4&8@|g9r(9(sn%}th*oBin{s=LTSre%$*DOZ+b(W&tJvLFd~fxA zm8XYuBxDL5CWg+@NmWV9DN(<)I#G7!)Ln9H)}eckSe{p`>ItpCyD@1w598yF%jR~x zuu`vhr{d9|qM&6h7&rSv-rKi&i+Lq`cD%j3x3YBW*`2evE1m1UYkA1>R@omqJ#E`G zi+nYP^^AK9BYj_#B8nxlgm__T2U}wyXDV;eRrT&1fgn4*T}vTd^;%eO?lw zw?K?}X_Zpz&8>x76d0~g4ljP0QKPIBrs4eccvO+2P77WCcTJiCiept(!of$xH#{j{ksRj`R~V+itX@_)E1_FJ@2mFi`RlYiF3gz{ zGx6GNk%Ujn=X?xmcx5;z<#XRxUH-y{%*S`ksSa9XcIN%#rKaKP*891pTExv^4rsA5 zOn$^ra`PvfZta(M5IT06kudBB*I6gIhtz~%qy_Y_zKlg<_ z>RzDIRj)t!O7Ol5@72#_$u`X2>lb`m=GUd&O!dYa?E`%$iq0<22}#)WWFy;D6`7~I zOH9_C>eQ(g$@i+rJuGq5Nj~9(#G^T>7C+q|XzcA$W%y$9)!Nrx_&qDHt$|y4iTzyZ z&WuixY4TnZBbaxWORR9_5!gSKMVUcnp4Q@xstvDBc?BDB&G{;FB*h`rpKZe2Bb(Oy zZ8@T^=#lm^aN9F>^{sjzii%uam6<2-|9sXI(4u$wa#xeT?u0-0TP-*3{JD8nast!R zY!~aPcNpi$TuGhjDY)0$^k1AF?->rU1;?dNTJolRK%?f90TxYi4b{Egp@Lfem?g z>|=1sH)PW5r?*yLTB+jOnI~a*P3_ zlQP?#JiJ9uyu3H(4Ax^l~V{=}3+&9|2ByfSs^r_c??*H&ch>N+eL!S?vJXrar# zW2KMwWW4B|Jge!r-_D&A=RMQ8`d8ia%KN36?*D zYhDFcRC@>IZxx+5r)J~&m}^D{3)h?qx^~OAr(j{o)g^CqIhJRnO;_xE&_5+KV~^#s z>?Nv~C+z&ae5L5kAN7aCqpH%f^9=tan;QMdAugF%l{cJ$$soB@(sMYPc8G7mHEw^#oOC#HMRHl+*wof z>wVk0E#2)xw{jS`p6NH5zZNMJV85qQ81^Ul<6_T_lf~r)D)qj1v(N5v{dhfS_l%=U zqm`N}RFbc4UC!pRY?9UP%S&$F-gCX&^6;m7Q_tUj{mbq@gW0X`Ma?Ie--k<=KjKXe zJGp!AhUcoq*Jd&=(o+e({&elzl;WLg=a$_+dhkiblNJ&6r)Qauyx;NA?6388D|IK1 z-pze%nN1%bsTUWqY8z@UIs3D8b|gnpw8Ff$mHWH$73;0;IV~tXUv+eL0GpcIZ07y1 zBg=Qaox4I&E#3a^Yd^y)Geb97S=uC)TF+FSFH;qwest2Q{|x(f-R<8UvpOqW{EgSL zqwETo+b4_PpRV%t!0M+LPKKwu7CxFbElltE0~2(~djzK>N|njswr_w#HdpKbxsm{C!mh_eR4bJL2Qd zZQl1hDokHf$g(o!j(<+*3WZ3v{|pK|kGEf&?z-W#N3Y(ZFk73$;dxKQbOM+6ytT0Q zXIpfur#1JHykUQSo|dLUE9cMZ@>QR+&E74~F1{?eYP;2*3_g{Y$27ORiJB5v6p`F( zm&AYiz?$DXCk8B9HP0w(&#%YIybF?lUQ1iN?pT+%1XcbxYf7kW7GW%d;h5CTkC~AQc_uR56D(sTV<|%OF2L6qm9v#)J6t| z0(Q}(ucH?2pOG@1fG zP>z%5WnbP;;_10xZu2+mOPG%XhvAQ_yR|KjJybYhw`K8ayqLA z(z8FVy<7C${X>aR=C6W&xB`mPr}NohXk@!C7rdZ+aU2h*xs7JnAc-+TMA=+-wWZ%*u) zaWT}ndEQP@)tR@o-Tc@rls~SV$F!5UPuS?t9eOu%@7Oy>gi+2BK;Hk(yXB}wwg57TF>7XpFmRol_VaudRMz6{d6OXSLJEv+>cz5(i{A#+BSRTfW+{Xj6zn z+r<72zXEo-UVY7&FQ_u7Fevka^z42ulRL%dMeqJFcJh!^-P!X%j?L;CZ*=gcU&1xU zKVqg`TKn`(fibpQ(%1 zU3+}i!tKGV=Lx&hRQQ;#-i~$7U^6=?xAok`o4!khy#r@3iPUQCahTv~`DNMSEq!sp z*B6><869ii>+Ci$C6}}2X=Z)-sfo9i{M`0ro91HKkaUqXJWC66(o`J|oH)NfDq-8F zHukJbzYQjODocD@b?L~&rpS$Ne_s1g=2jH0*>U&N?eiN}+|O`2x>Npd)uiaDF~_7< zdRsBJzP|7~?4nVU&74X5_5>aHS904ah5z$kEx~>MQ{!KUf4N;}6ujg4=T%BvZ!T;K z+W3}vtKRaGFn%qa=L=URc?#KSMQr)HQ!&1;s_I(!l^5H0rTwUP+j~{-`zgDC%5~Sy zox6AFc81Jjnb24}j-1J-ItyxBBO(t3$$Xw?xytXDZcNHsnXHuOroQVU=PQ3+T`b|1 zdw%1xTbV|Fze6k7)h~;*O>*mRfAeI=w$D!z7;InFddI|C-A>^$zA)?9b(=u3*1TM$ zgwU$TdyAx&9|^2Frchv2Q1x|{-z}ER&(@olU8#xBdvZ+mGUrjZ) z9eJ>5U0`lx!qn*#_+zeSZgp1tnQ|^`>YFvHsmT-jj6)yIbbff9`P%l@Ns6A!&Pr#u zmnm01DgTrC=)nq&_w%dP=3JZ*QFzw7?I1I|>8iO~gm)`Vt9Z=PkR|c{VRE}y?u(m} z9L2|cQ%;wDo^h_?RaVR!m36smuN^sJ{5Gg6igsrUdrxmT9t^v2MG=kJXQCMMK}z_*U;MZ1^n1{w(|4T2u8< zg;^W<)+|?Our<83E3sqJtF)IvldsCV{D}Ux{>NJ0hK+Ixzg=_;KKhw6|Ge(}@IS+C z=i_z)NAedPEYEU(ub`07^T{yY^hKRk-zA4h`?8mN|E_#{Zn0xsw&I@BmJdh2b+4NE`)i|wtNN9ab=O^gtp08MCslKGRK8JNba<8b`LpMXUi25f^SDC8RX?mBE zp_kLmzdg=fwlU>_b(L_}^FM(foNlhY?fUV0)1s?io-m)dmMdV`TYKos`o1??b)!A) z(t20L9Ju*fW=VMBgZsDgAMbBwj?RoTn&iQ8u<5}h{>QT}zZRJG#GTdj!{%G1_iq{> z`lY*a{y)K!dM1(Ly46fVA8H+*?RkFOe&gILVHN__U-7&-%k6yoh+YU+gd00 z@2! z>Y3;#F-zy?r{CXFe;kyXcWYiNOVtwZ@7L}g`*OU<>blZDk&jd7td~94ZBfxD%O&9W zd~5C8!jI|?*t^yRADPGgqm!?B^*U}>{nH}%j)YzQk^XS{(b*PHrXQ&aowl<O&^*i@?|F+L8Z{n4H zWZs-0^uOAhJ!9wJ z?wa^V+~xazWImFvbu!7HcgvkqtN3!}vyBy2Z6A&XO}g{iPUw#J+U#((=56Gx;RjfqJ>M;P$m+gx=l*L;_FXw*-DjRG`c3`K!^hV7P4hX!kLt}#mV3ls^^^Os zJ^!D~l@(pg{~0*;ehiyZ{6s!(>zDgS{xk5s`sIJfI-c)kS+KA5?fyH*mX{S&94)&( zxhF(C*fV^wMfE11SN(rP%`)~Jm5MsH;>PL!48LCKn*ZaPyfW)oPuaAxfQc%rX77Bg zF1Phle3u@!ZkPF%ir(!?VP4B7|YncRq({{Gfp|HsFcKYule zZTi#T%l6MN?df|SyIn}aO6Duut^$#F-9B&s@%^Y>Z{x}#Z+?#bb^P-9&Eak5WG5)7vHQC zs7RbvxWXjTCfD@ZkJ*pxW*lXO?sL#J+JEejK4Q-%G+wyM;tkMB})11{*3({v;2GhMCTV*h#c9h=f7d~toDw5 zT(5q)Nact>v;4L~xo_)}`y%rW9X~4gQnx_G-#qQn)z|Vo^+|Ktk4E{(8SVPm;xS2M zf}1)!^SxcktxL6{=1w?rWzluztmC?mX8UtwX#Z<(KBZn7{GuisrZTgs-pFyO3Vh$*ItH+*W&5WT;lx zi|-%y1a=(O4k@?r)pncoiLqe8R9oIm$3?ks>b1W2H^#HC{Zh{xbL+=_m$t}jFFLr> z-<7RPJJS*uq@7|K+0_#QLZ`Dx zJeFL)c56Pz54+P&d+OhCr@C$}I-c-?@%`$&{}pSz8h0Gb z31{__KjJR3VtHAWWVm?nF*m==)pDnkAMj><6SUnn)p|A0YMpeJ&>wXo6*HVtq)dJ= z&sn&>@W;ZB)`#skUq3uMH$C{`o*$1~+pH^MG?UnECS)5wn11|s{w?{#R&9$P_VdlP zaj@C?`5B*g9YfgW6Pdw#V&)q@_3qwmHEGJqgGI|KWWPeVP9@@{n9S8?#zXmV!u-7 zXf<(!R(xfaT<)yoYi^d?_tmEK~5$vQMGm3?(erFWoAC^Y_E2qavR9 zCTA8;I>%t&rv1?VrvJCrOD5|(rOfs|%1HN)_O!3wYJ802Pu2CS^X2yE>$k*n?c>Sb zFYx88TjaZ(E!QWVGwWu2dXR(v>?_x@q=K1#LbG$#ijoR#T>GX}Mth(5llh;a>GJ&y z&)+c>i~T--<bMw;Pezq>=Ni&+F$eXIN)$ZeuogefM&Ewg<`N9_a zExUheq$qswlx3|v-}mLM{KKzD?kW7cD|Ru;g=gERectj8+OKz?p3n8i_j2@+e~i1f z?w`cUI^k=)*U$Bj<=^Zr|G59?{*MOR_HFh|xosKX^w?(p(wckvJPSit>Pnt(I=9iF z>fG6Ko2uL2uKmb0y?OcVqe<@mdrr+M|Gr92^*=*XLyh!@J1Mbj>9S6m7XKNzeigg_ zXK3>KcQ(qcee1jYo<}@;9=S4GyzVJk-)3h~f6(l!zhK3?&#pg0S8c4!=W?5*srd82 zuk@}b-zp+JT^C)ax0eK?}Pf=>mP0(50CS0UA*eK^qgeVrH|@weLu8Mbidg4 zTh6WdyVWX8pZpX4&(P#hcVm{B$?wR-#tUo@tN81(_x+gspMmAgkJk_Pw=NI;xOUc^ z(`n5m6aF0U|IZMb*x4sFrSejlt&dr))TVDmlYHO!uBf|P$9-AJ$ZY1+JRyI)P#L} z{?>X~#E(VS1E%}V4wKKSyt<8rciz`G{~12G*UH@dcQ*K>*)(PE*{x|jR&y73{hDvZ zHo0(_jdzVk!enoSdS3ZDEl@9USUAML)GJ$3cUD@|_hab9+SduAo`*2=Fd zF3c|O-fVM5&))d3wd=Os#-CpwpTD{O$bGiss>fD7oY}jl@~+Y{2WHbJ_Y^ODu}qkl z_cp}f_0;uO?h91Rcf3+#U7T5;HTk%SPS5(DB98SP|MdQy`{jMtbnny)LElwU{Xa~O z2wodBN={vDRGecxQioW1MbW(iME-DiBS z1g`CPP9@qOrT-EgaK!U>l9m7zP< zbtcP7?8}%d^69I3R#BMYmn9ibTy|}~ySwpt)GzOEDIZ_=+W!;XblXW+@9F84evY>F zQ!CQ8GTqL;R^af^C3kXT+{xc&`pxY<$8VXsc;0R7^kkT}vh-?I?&8_T?VApr(+^L+ zQ*ysKj_cC8CA+rwUcE7A$}xVm&3rT0RR~9xZN7Z%)is|P=NEim_i=i*=oiy4U)ECY zYrA&rot)U8(NV&FZO<#MC9ggm`15LBa+Go2l68B|D|~$3t5f1xb2cbq?Yw8HE}i}= z8;^foeSQ8Wwazsa)2<(zb-z1L`lQC&oaGz`io4#F&cFHl;r5QL9$V)YU8?R}Fu^8z z$pe8Ri{o2MXD#A1`KctY^_I(^{`}HvlMkx|YF-D&xaDf9tT5X>FaG1@Z?PZFA6=`Y zSz}uJcd89nxs5X8F+TgLHNAgZKiVHOxEmcC^Yg>ab0<{Q-)khXe_DUR`gH518r$Ns zJ>Avj1^hLd>*wqV{*ZiZpUMXBzlQ!3Ynp;)*Ls>hP7~^rTa}r=^Gl5G-0KULN^P~h zH{HOFsYd5x`O)eXed{f^ZV{|({rR)C`r70V`3L9mU3o%l8FyU&MbeL?jb-@7U#==p|!H2u%e`1Xy&y&J1+ z4(B*tmNZ>zd$et`{nYZ$YZ92Mt}}m3e(ZnvwDoW4(mw5#y6L(~8yGadEb4i=!Y-|5 z88?5|k?UTXo0EM%h#!tVtKzxRQ>19ur1FI1^=pg2&13wLy84Ih){3=Pe7`O0)^K<5 zSa0y7|6^fItm=^}(*xTx83mWs*k@OJ$Jg7dZyr~5 zepnpWo|(L)qU!RgZ4nQ8-BspoeRuKHvc+d3Kh0O}Isf8wQDXA>XBQt`nBO_AJZpQE z%xby!Gutgh7cQ$<9=dVne}*kODbg`LQ(tNC`e=UiKLc|`mRR=ct25g_EVG|m+23Vn zl@Yb{wQqj1kj4w++xK>Cm!MKu~eUGd3r8CXGJ&Ww>ef!6G){^}~ zd#qJH9eFQ!tMJ5nosazeU;Z+m8!oR~&svz2=*;vs^5*Qbe|% zbIPqK>00w6=XUR!CTlnK+-v#G=|@(3cE6}oi)8=pH0Oip!aaOmmGk)g@6LAo&%pEf z!~7%bF7m1g?p~;6`B!`5NAWkYA6AF$n8$MI(N90iz~e8YrS~aUFo(#=UGE0`x(vnqUFe{tE5-iI&W zs!S?#dRiBhS@NGj@`u&CJ1XBk+PMdJ+22a~GSP5#>HFZFKWkUiox3mn$G-A;efpib zdnF~V3acNx&wWQ?>E-+n`;Rnyj9=BC_~ChA$IOx+ocRITcKOZoIk#pStIg)TSKz?3 zrMD(UbbV2*kKU(d_oqL8JpOptXRfZ!f_*A-J!@m8_tYu;xP3%w&-Q&vTX%Y%zi*^@ z{CWJ^4gXH;=hB~4z5h*w!Nh5ILaML#{`kT^=gmxWA%1tyU5#9nb&E**6*nQ;H%5_!Lxj^ z(fY!t+rO-r_;~+~7neH(e2$wYZ@+xY)t=QUdWCzAQ7oy4sQ7N0=k|E0Q-=%-nFWz_oft zPO6O49?1tuA51@-yX0&q@5ML2!g%sCncrX6tN)m|_T@Es5#{MYlARKHztZ;V9~P=l zJ6Ld5kEj3Ap87}oTfg!PRBU>dU1AY9q2B7thvKf4WtE}9g=KaZeyIMgsnPr4|G_@= zhwhpMJ1%YABF^el`RVEHp0DfY*)Xqqc~9?0f2m!gp@&p?1;>|@N_&(a@g7-}?adOj zmUlro_v=|-?QaI#-`3pw^G4OI*DKqWtPhmDG`sVQO8u7eU3UDp|90KIVY0f-x98~5gYc3kx7d4Av5SKfrmPW(2fPW|KbR^P2hg!g`(qul1agVF!$8ynHz4skCpyqXmg z;4SmSSJ9`=^!fgc`A1i;zWv(Q`pDXEyEV<0tkkz)@A@VDX!*hYd_T&5$+{n$en@?{ zT#m+aNw$5#rpIh-OWOml#rkJ+wtkx;oA$;1Z2WfhH{I$7UqAX4v#)l`v`)PzPjV9q zvY*GZSZC~$pQiTvqL;gETlPEo+l!C=Iy=2>kJUV-jrwAX7rJL$lB=)kakp<^+hgtX zckUK@(HFdSQ>&79PBJ*d@05M{I*c83|HTCG)hfHql z3_WT47V~y251PI0`FyRK<*QFVT=G%A<+h8b*QRaB`9a$I|IYm*y*gu7%(EYbLc$Y& zTsK}|Qnsyd&zzLcamPQ@=l+}b?c*^6H@@nw$H%>{%56g3HiOmk$Z+KQw@zj2Wsz>|OKD=+7d|2wpuYEJ>BHLu$lV|-h zt+8B_y^rD2!|i)+Ogv;>RCWDS(u#9S*VOXK3%0k&Zz*%%o*6H`M|$z!1@@h(yByV$ z!;~3{<8(hNnf~Zpb$^XjV}xqjl$5W>3L~!D^RM6X;>e~~E$$O!o?Jb>p5=b#J-KP` zc%$DRE1US^y2^&oWm~l(rv-ZPPYydjt4{fc(<|;pZ;pA)Ji$NTDSM)?{M*#0eau_= zgq8L_j{8x%GVVv!b)6LJTRxB16(23En&15X&BaCCz6tJ&uJ_0D2Ti&8MC;VzJoWj< zANmIUda1X#XrjW=te1Q_i>DoWyM5{l$F=Y8Mctfh_3Y|mivuTKW!oKhH8^$oTv2W9 z>S^M^JJ(e1>RkLnyS7;LlqQcfLv`A|4Sy%RTYO=w%GUlP+*xsEf6sLP+cH&QZO!us zzqQNvhx9#=*`fS-{o=J>-t+&^ei-y)pCnh7q0vvl+;g9bPnf>EI49|{EssgeWVdzA z54`y${s??Ldb~?L^51c7?<5ufS!Q=U3#wE8Z2e$<>^}obRK~2g|E3qqzvrpTpH|-? z@AZ4x_oK7Qd;W1o$5nVqKVG@nW7g9>d@R+BCv_OktL@AC@$i9lyhyzBBTl_(CIXeg zC)m6mTb!+yk66lae1f81R#B0iYvZkRmM*$VOA@9YE?fD>`f;~;`NloFDuX3{?hflc zy0oovU0g=_i8R(3oYNbxJld%n@3HB!sivN8QbJGNyX-rM!=JgCu5?{q9DnSd^yMdw zrE68owTjBh*79>zG`oFNo3e{-sbVCl~@9gb*-X<$ib$w<{&9$S`yIG%vy*4!L zYi8SB&t2nu`TbUo+!}Am6a{{R@^#sd&dpvF|Ks3gw<&j`k2QXuc=^`m<(>y$xO%Nl zD~Qk9Jm>GK{|wx+hkBbFo7TRJYy9x(s7?F=`?iItP7QM>eP3_!qkUQT?iV%InN<_E zOvvAA#KU_(>hcfSNA&`pYfdi8x*#EUCRe=jK!LT?*A?1F9jCr-QeAxlh%N4oOd1NY^& z+R=U&x8!#e_^$e)CYV_(E?$+={#pBN^gpc+Z+jxzAEeEQGORnMcoaZ;|+V~>;xW-0yoY&%~^@0AYu@asp_ zv!`zloosWm4!>+Jd^h&?rW%J!k0wbfGsHSK8OLnf`eFM+)5m*G>$q1umNEalRwP)| zYMu3bWA6tQxmz<$c5YqK)I8&Ef8edvS@FDEWo`M^FTJ;=SMtuJBR`b(-j4h`b&u%d zTA@#eeLjjz+qFu6=CaeuHS2rkw(U9Z{v-SGT(Pk2xmn_q*tB)myxlTK$l}lHh}evf zRjz$M%0C`E9&`D8%Rlv(i@&?5l=tlURqXfiev7p8E;;27(QA*ceq8AH;Og3J*AGjN zHnt!A$F*y-kpB7d9HaeF$1c@W{Ab{MKJB=3#aCb3HkaViDF33MAmcTE9Mi>??P|Wc z#a!d@isRRI*-KUwyb=?vary9em0urIZ1k~$1HWeRt$v{2@hzBBck!k7J8u1atiIL$ zU={xnd-gkL6D}NI`BGfVWmEJvpXBSJ-hrmc^EO>g+OkLJ-1~g#$J1oB*KWFEV_qY~ zz49=7{Irz!F?rk0E`R+g*ob0}vMQ)sgj3@=&Kb9ZE7N?h$to5_MV{vDV zzjSM9e8z|Tj=X!PA{8s8SIyhG-g?``n%Dl?8yq}2V8v-{L1mvoz+q${mBUCB4yBKwD``+Jp|P<@Vj zcMhuG(yPhK)16xUnQ_(^U1i@7-}_3wMXX=D{Ko#h2N~P*%0-Xt^I4(jkmnLw>9MzBy z?z%Vmk?P$yN!QNmt_@#4oku}1=6Z*X>EpKre^(#0Q`k}2{meT&f6Dr;#-?Sq`veZs>+UP%OwI^?9h*{R-?6~0`Pe>%rbl4RZ|C zR4iC7Zit8dr+qgwfDqq{2V_NMSW%MRoxv|eED|OYzC8-NvM6Eya`mIt#e`k$8>(ec( zcbGWyZu!32OpgDD_eV|N<4s%LHeO*#ZC!itnE%#F`y=`iKl%?{$_$8l@#${#iI#H@ zQk0r6ZT(}qroudKOLxd+Jw21RLBca;*Pl3k`PSxuP26)u@4i2BpW#*R()+iMR05_U4z&aH@1uj$Zom$HhnM z+wTcqd)T?}9vnw%Io7Rv9sc9zhjllO*JkXRHY?@J-KnxGF8!(gaR1TS50^^y8Sg}7xy--s zWU#vL**e>qny=g+{AcK_)3|W+&6;=Dp2>V>d2A_r-1M^JBYD;z$6U8ZF1=tHDV}vN zV*QCbUzFx1|F+uIe)UVe#Lc@+yC-qX5wp9=w)3yo`QQs`lXShE1+2_Z9#>y$HsQA9 zx)-zNNHxE-Q`;-Gpf5*ycIwX=^}klVxuv$b>f5*byaLhQLJ5CYZrdzZeJyYDqg;R2 zE7QY6_{4nA^vyh59wxQ_@OznKvRgMVyKnF`oPq7DsM&7r-^*B}_ILhaE$IBn?>gI9 zujacl_JoBe3@vde3}igp@K^_(p_b#11+P>p)trB^AhfBD24tzPDx^367z z-TP9F{YUMHSp7rW#G`zFo4veluhnz)P0CkWY2D?q5^t~QwC+onX%0Hb-<*TPW1)uX4Je?AHTh{&HJp0YD@du(N_0G)H zjoe?cd|$}l48JFzHaGpa``h48(7s9WQWgA13bPG0jC3;9t}(B_yUzHKz4TXIp}RKb zACn!$`kAJ9zerLFvF)^debc??t3Ruk{@QElId3N_C7-i(HGB2?f%?(EAMU#|#hr4P z#ofxRdp1+-boZu>=PQaI-CM}pb?--f%(iQX*Ii`ZcT%L5KWcCK$L9~-yT#)9|G0c8 zxVX+aSLpAIgvUE=_eVYY6Z?UWSM5K;xew3UtC^0S-Bc~fXE={zRhT_b>3ubfvKk1yW&&Hov=?UdZr|0u@`DuosPUV7m1I;%%JZOgwU|G4}x z^U3@}|VW++3r84@;1+N(z#>)_|}@}2EFyo|5@9dLCcezQ^~sZDyRtrSPNi zyrw5^Sx${V+4@;Y_?&^(zvaarHXjjF5BjmQ=<(A>k8F7Uy2gC)TmM1d?b1E@w*3Nn zO68WZZ}_CQv;4Z?dbcnCkXXH_oz&em`>d{sZrRD$e{%Qp#y6GgRv)$(sFR7fbv|?9 zi`6EZcG{(6w>~$i*!1{_o$|$`?&G^`q}Fh7MxXXH+aU9mX~$oC$Bmbknp^423#t6i z5UlVdVCs?C8!yHESbwNo>tyMYn49MocTVW-ySZkijhF6ewWZv)I~3T0=ls65uX*9U zir$`}TT3oJ{@(t3@wF}a{{)WOR9-5zICa7;DeZ*FC6AgDPu8tXygGB;7L8kv)DGSf zpMPpo{vOF{6WwCdg$-?AZ)LCC^MSqJhJE&b27cunm3M}JZmiLDsu#;Ds+5|$=Sk!I z8M!Q1Hb)h0>|b_cX^+~q%!miSo|{_ROgJgnS0Jvwzp8S>t`?&^(G&aJF3*p8ZaUZP z`)}trW(o5u6iU|YG_@A_d%4P9caV-N(yksYOJ7pW9W- zzBV)VycB0rs0H)FKUuwN#Dgam#VD;Rl(YJMDKO`z$;H{Lly2UUu8eOvko+oJJA7Z; z-6)fUn-6}6o~?T1*{$=+Kt|y1*~EM9s)u*0`#rgMO65)R>3rKezqeeAJ#$0#Y|QQt zSM+l>zLJ{s`S7ByNtb>8KA-t)Rm+p&o=ZFaU6}hTH_mA9%hih|ZM{B5S2!QO7rSrj zqS{q4Pv`kfb&tNjReO)^-bu%$w*OjjUGz$1rdV%QD(9AUc4?;KGnYlVy_lvH{^Xr< zmt|zn%meYSE^mJLY00O$IoB=Mc0`CJ_n52gk{3RsXR6$BO;z&5*JnFzi<39@__)hf zORZSqTqP-fnayccai6x*BU7$7AyxfVdn;be>@a_%)iU2|+LOj#*FN4jj!JdbWDwlYcEU&3lUTUPj;%0}2Xa|ej*2pL6VM*@1{VP_! zQ&g2J;*ed{Ii>Qhg?f{QaO#ZhmCoF)>a&(tDlck~UwCpgi=lOF-@OA@%$;s9o#D6D zP+9reSF$wc`8usVD=sGUNYBekmkX3PV9r+w$=Jy8FZ?9?&IPPZ9Lu@-=d4-SDEsz@2m4w{5bz=bmD(`tpOxB%zOEz1rg4cGH@+a2BjFs0yC? zfzyxAIwZ&A{Mr8u*Oy0H7~A+u{tUPLx~6JwpvfCY<^s7nQrkG0C0|vVMx6`E_^`_T z+FAyuFDF)}ZM-1x=lDG9;K!+#Nr{)L*+h9&9?c_xi`hi3gRh z&D-rYCuLSe=cy+pri@EZxJw39ob_i^k?IZnR9z=(qj=@{>GPKwH&rZ3JI#9FeNe|^ zjua=yV_K#YHxw$w{JQM3dwSl#Jy+LusC1tW-mtxDc7e~a9gUV%XEOUyo)FysUn8zPgB*O5{);){mT62?IQIrG6!kVQ)r~Eu0TsG?wV@PTU zY2MvaBEnI$XQm2Y`{ZDSOtxn^zaK61u`8(O+M2gBeqzOOk-1$uk$xeq3f25k7rM*} zrv-4nVh!Es;XLV;@rAmrwM+|CFXYNnQmjOq&PpkWCQyr4% ztEN5q=c?n+@-$B@XbLEt)g|F9`+Ti;?|l8Wu5XwRa@nOV`#F0@+?GpsN>)56jcKU5 za_7QE>6#sPPnx{l`2Ae5&o<^fiO>E&{oG#ZX)j3VvP-@{-XXi22zvE0+X`7SF2=s+_Oqxvb@;L5xWEa$1}%9FdY-pM?hbH?Mm& zTDEfn^V9%~N2@H8DziBK4jgA+t1MKPd}(po<7VH=8!1vtemAT;*~I=lWVyA!y5;hd znhBNv8Emd*rX_KzTl{BuebvP$d4jv_sx|Ak$n>#VRk!uzF*lzL&TcfBE%)7wzKDk=ze78c-$()($E6-OwsHuJY<$}r1 zch7b*UaSbUxi-&CY!n7qYJZYOy%(!8YyokM&38*{_IJ>VsZJk9jo65 z=-u;?`SNH^a_^OCITH#B{ktw0P19pI9(*G}JT5xmbNlD*oBy8qz9KGNLSJ6}-i$Xl zD~?Mu>r6_h&02fE!=#(laLIuahR4^YWK}h9+7Ky|@_0SdM*jES9-e9E?6#=1W=mQ1 zcbR72oSUd6kif(qwU%Ml({7LZ6`!>3bw1>+k7<#$x;WMQfpLG_*Ly#rADV8Pp8ou` z@Xt-!Pd*;MwC<%sz_WDA1wZ({{Y!ZKH;(O1cy{{3xx&6JdD~8FeS4Snc5hF?YQ6dL z3XfkqMftreYFGLGGUoHlD=S@HR_ZW5(&^qR@*r(d*FAR&!7ny~(U}ilpWpO%*;gm0 z7>445tIa;WxVCM5s))}e{#{2x++q%eyxrJk5^>GYr2l+D)}C|Q)+D+--YHrfvuoPf zvJ#$xCD+aCSKnDJeA~t}UiYH6OU4epa^<(jWiux^YPml1EQ(+}a5hxR5ZPDjel zhRr{+X{E(v=6SX&yaR7WT-docfqz=TDU0u`{xjT~J+Wt%IZye^i0e{UHct}lko>yl z_uMqoJBxhg{JCMebmB?P-LuPgU7ysR&HVQgZ_?dYn|2xJvop)guUcsOdt*`mN%^?} z`*szzq^rwtO*|IGz2a5$r+b+a3Jlp&-`?!nz*RU$Q~m3*vqhKM({v>~j%! zt=2+mVYRfFJLf)iEbM>!&n)@3LC)iCbaEate z=y@!;LS=U^v+nMi2MooYv9tM`SS2%OOWLwV^d|Nh>uh3Rcbv8Oxx}&Gotr!!Fh*M4 z+pf&kr@V!4>Jnk$jdqJyxt;mgRM=A(8T~kCx7Y#O)n>V#JA=&?eqAxjcFaB1$!7g+ ztz~5MtgS5{`4&qp(;prXKvi%RNlDegsw}&iMQu{7^99x zsmpv#G3)R@VNiH)d&!N!$)_sHi+BZBF`=+&R zMw+#fpPPZNp~=qBZDQ=avAkP5LW~3?CWn8~&+hhhu4lhf6_Q_&iD03TYdfA zc|H3!UjCT7MS1R!l-Y*bT;#7$#7l2Y?83NX61R=)gtfKl-)YB@S#4> z?VHb@y*2u~-|CG?cPNX|dWH{Ld*?1!&q5;k)v5jj!;|wYgd@e3t*F z=G}5Lob+eTgRszz6E8orIJlNuWqQ8C1G%r~F0P5pn8v-)|4P@^3?(0Bd*_Lv=BsMo zG>4h2=)H2|?v+3L*QV$4K6;n=vwM5_R)w89WzV~6F6szOsq;K;cju}|j^)9F|4OHB zH|x^VS@U+w)~HR~I{)JC)vlVm#65As#JACM(p!usD>zT6T(QAc^yIuFN7n=_-xwNJA3Qy7k#s0H%uC_H;i!NWg zT)Obqwr=A><;!dDo{Qi=wY}uFo8bEdFo~#dZR8}^fz+y`m%JEcLrnjOs1an zwZ*soGjz@N*;=y2>HKZk?0J_GKBjkXwK?}m#qxQdVQ4X5wCvq|+f$1*yY4c#{yt+B z{N5%pKa+FwM*HeEi#4B@%~d)P5qYF8PxklZsC!~RYRhYjRChFPn>=|(V72I}wPi(C z=Vq?X&V6=h$+WyH8TIU6!)M&Rcf93X_Vq^}&bOCH*j=r+Qj~dX`%-ToOcK)q3aq)Rf3)2by0HA+F~fteW7h5em}NahP zz39{yo!GAB{xmG%-hJ)A7cYx4>oC;43Y;7qJ@wN`wH3-6=tz-Ofcj!hS4J*Bj-z%OCu$F`U%1HDvG~(t*`xO7oPLMPYKY!g zseG)3pwI|DM+0 z%7R;deO<@%>fvFxGlhMIu6xg`Cx53RRjF@5F2t_lj@&MI7)=Dc(E{;Ee? z-bQ(>J(Ks-CTZQeEoP7Fuhf<9$udg%B^z)hGUV-X*_R()62mEZ8{>od zaa+u`8F|(u-&=i4Z0^jPs&^vK_)n;w?C`~&{TgIJLB)t{|qVjJA-+nt_SY@uy2i@@7Yy3eAVxmmG+tJ=#=zKmw#^R{a1-i ziMRc_vdQDFbnSz|JAd`A_;<)&>?^NM=7hDYoR807E?d8#j=k=zJ!_5PgWtK zYWe4uA6$9qRlG0v;S&p!FRW#V-^IF#r*5i6(^>JPTgMn)FmbKf&Sxq4N8|I7oX0lT zSN~lrD%-Dp^Xxq9-!XN^;`#Sy`g5Gi-LgA7wn*b-(?ccZv#&pG|8f24z0JRkf1G~M zexx?&@R6v(&Rof+ydaL(@tdW$a+E5UToQGSV_#b%{hxtV;YasE&quL-kvvHm6I_lm zJZE^cFJH7LXzik{=U1GJ(^Y4A*MBy?&rZd0Rg44w8JWhoki5t_r;e-4dc9BcWa+Bx z@8V5jw=N0s*=;>}IBQv{+qvQk*Y{65^wIr-*@C&}SJWrOYWW5qov`na(*)1sd+Qd| zXkJ#CRbA~@P}cQ>`5))rha%?kc^byY__V)Fe{gP+eDwC7^~|C#lc(=JedF`$D_f*( zwL^Z?C2rq-WlesXv9rV(j|$VzgJI~fmUHm$p>+M(0YX0{4@!0!=`$2x8?C_|jV;^5$ za+i~y`-X#QztMk&l=;F3AFaQ2-MzF>@!!?3C;u6?#%+9b`}{5bZ!1BlvZw#h{4JOr&+#W)J0Q7FkU(SSNUO z^B4Qa;s^D)YH}|=yjT-nTq}Jie^x(!+Qfzb(XEcDTCu$2Sc2BJUvok#>P?sY zy}t03o$!_a3>ne?83f(#seQO3;K&p0vb!?tOSSdv89Kb@cH0!@JiW1jf$QhuL;FAM z{o}dXapBFHzWW}EuU?*)BGd!WAVd$rYx&xJ3nsmf9jNyp)zs$nPU|(^R^nS z=1+MlUOZiT`Z-fkt8KnNK&&+aKOOG2XWRpnsjg;fMB3{~11X+&cW^{0bj7@#YPs z>$jBfv+w;nB`$1l_VmERemnncj-NLFL&ScmdnZ4x{G)C2pJDf9tK7${x1N7A~FJ@X&Uk9x&&rNgc*`LwJ*x%ZFY-)!p#Z@1KQ*@Vk?%&ogH(d^N_z1b%tx{6ny zxp=qr;i?}xCXbfPnfc{Ro#Lg*N4^KGS$-yX!~Erk?mH!|7l&7v zKACo3zQ$DNeZ@R^>6zb+lP8}oi(~z+Wh-dd-b0>iuq)FFEP) zhqa-FTX)T$WB(z*{>HbDf4qwy_qYElyeYEw`H{|pG4rw?%|5G?DAG{vV@aE0pTtDsmY8uxY-gfmrJm0;?|HJL01}77XzE{;; z$|+hqx83yHmaKpyf1>8)`fO@bYJM6v^OyRPn%a+c3oFhjnCg)!s zEwbNyciO~{;)gHZIc)Xw%z~-5j_ck>eDJ)SGb{2A;30zs(Z}y{5D^^RcAl z>!ZcLCHPFU);(|k6aOQB?T`4Qr`OzWn{?~zVW-E-)t6SK)Qj0E{NR5O`@H4h#kmUe zuI{hx-#amG?tccZ{mvh!&DHB%aqn21#p&ot?)-1#L_bzP;_vywdH>a=q}xL+aLWb<+k;G8?WegT&sB2s~Y2vvmezTd~I(YHt~H< zQb5gx%A>U>f4lr=IHwglt<>aip^MW>5eC=ZkIK9X@C3eXTXK zf80KA`mRp;>K@MJ|1QYM=4$;=QA$cnxHt8)`vLo#=11@I$$S2o{P;hE*>%V3B5ONB zk4e;vKaczT@P6B2haU@5S7%nq{F*ys`>UN#cdqLRl?qAv8QP=TQ!%SQdhxr*kLr12 zch0&U*|L)1@5k_*e3O%Hx?e41CeG1mHvQZ;Z@$3#>ACHPcE3ne=DOYaC)?`&!{x_( zy~C@wZn>)S_?W0m55wQ==PMrFliNJCU#ZfJt^DuX{#6oMM=qJH65*Mq-e9>ZJkW7n zgh^D{Qpv+STk_|G_r=%Pd^|Vx!}-Xo`ZbC5A{%cnIx@-Y?m5oaafy#s@2nHfn058< z{-Zn7c5ICXps{xfWQZ29TN^Mw-wR!dry>gOxJmM!<4_Ss>_<;F)5 z+YE!xXz(Mgcc2!F9+7QzWdLR+u!j|=K8Yj+dn3s&bZj%Z5}o4__w9I zuHAfgwI)yTGn>)oqKmUof0YTdVjJ&bi)nLQ_-6*uX+)UBhGV9;+>?un9MM5^i>C<4r%I;wew2wNLq> zf1oU?^oxJ7vQ5u}gn4_eUoN*&eYgF=`yVbPl~-kMv%1M2J|6XK>-$D2|As%RdONQ7 z7FNoc$rR3dY@_;d@{xbyACvs+87q`6QgyFXh2>3J9_X|);?{+8Ny}U6`L4gKDsSAM zww^P?jH4#7*QvBn(TE{Lpg7iV|3~SAaa>ysY>!m-BqlWQ+3sC^^q=y-%fF^xo~>)< z%u-}_)y3vI+dsWsSDs|PUz(=!DdKPTw#p?M>wHXdc2915*b`^CYR9kXpKPZenZM=8 zCAMaV4H3sPA2TQUv0R$dv~r$rZS14F-2NMWOnk`AD|IocQ+?_TjW?@j zy}x_MP;%WHxo}RkC+8<0Eez8#h&vi-{OrB#AGr(r({{_MAHNW1`sU&*j>*Q${hsva z@m4>Z`glHHww3I*t*I*(A1@Tz)ncivywvkiJjajvV^xKhYJ8WgUXeWEF3Z0*c;k=K zhp}8Ib-vhII7}4W>hASjW^1HOXf3X{puEAu_|fTz1(X0Z2u;;{^d7+ z7`;EnsnqejcupDfvkyX3WR+HYKOJ#SK$UPQ)TBU!e`}+Q!S8|>wTn{#B_|LG#)ATF*o4vn{ZoU4` z!2h}||I=q$<@BXX&$IVEj%;q-ms6Xa zeR$UX4%R~xOFVe&*H%5bzd5~CRkdxYhN%1>V zFaPd8alho2=4YmSO1s(iV1G&S+KSw1s~^wqzIJ(QC6Dmad3QUHec=3?{eoYp#_FSZ z!xrn=ciCgpdmm}4eR~~O`FO3h???GJU-Q@966ue<@NVW4&chbZ3%*ON_@?*PGjg)C zIDgl?Glwp(-IHCu?C&OC$9WOg%csw~xq6zN_2s;^)2<)Amiftp*_dy!>G>D)bUw08 zR-3-|WTwK#ef?UG7gu$)<+Iu3GF_cyhzUvgS+>BEli3r|ZNc>QI)%a6vT74Hw+GnpQ; zGg40Av9MlM%Gb4TjUU_2?_B?2)4rYrHzD7yuS-);7s{tl4r|=l%Mn6EswJJPE%qFSI{>J>wtO4=b)-x~4M8xlxI)I9{(N z@b3(p)CbZt^S7*!dUQvo&2bXD>5D|;Zac4A#^;Zvm^ZI%FLyt;Pv=J}@B7Zhdv1TS zWNeVlUh~8H!PXDkc9)i=-0EmK?ss+F`YmVOQ@^gRSw10booj7nWp}MDM>+!!-_|c7 z8)Giqd+~GD466xKXI(k_qyM4wezCY-cmFBxo!jL0T&mcbXEMKi!b?4A{lky1ZJl-c zXcWuNeOo4I^EA0f-QIN3OD66Q#&_h7P0?~H+Lhur<>lJI`fnxI{Ti3)-0s@6 z;^o`8uaD&WZf#qeye!7#lcY}KjpgN8ALjFBhV9a_?cL2ky}#3cjz0^tJ>}`h(Pfnir<9hMZAG@PIJXXCodBRIMyG3&fK7`B(6q+(``Syyoc)r(i zLc8`{S>WBAI%UGdIXx5OtzO^f+fv~&&*HGA5)SRLKTvgb>i*s@zpZ;XAEX$5ejo2!6LRHC@Wb7` z&S9D|!M7Fe*zfJzI?rgy+=(TbOWqaBF@1b{Z~yArX6xpYefz$C{ocIh{gVs2Ti$$i zWwzb1zWtv-^ugsnCUL%9=Q7dsz^$9FjN^-b*hh9*Jjgir_Toy0TJ6Kf9;vryy2`y1 z*H}IyajE7Pv#;;ls;)$-^j350?{UOWb!^_UStNH2Ke`r^}!0TCC-?uq0 zz5J#;B;$MaqqT7_Zi%;ldAa;*%fxq=Z_CI`*Fc-6K2I1)gw@7_4-1TSok3X;9>~ELn-(&fa{o&^y;o;lP-|&h%XjLjS zphMQ#|o)oau^# zrdR5sWbY&x*hl@k{V2A-Va=C#!HTd4Klk6-71bSH`ZSL{Nc(9$e`e<2jcTpc+L~dS z(;oDs?dxU?zPs_HZL~pxRqNi}F1ynvnX%{Bgam3*9FIZnBJ7IH(UFm_L;>` zlW!EqUitg@%&J*cbJ}Li|1kGfjE$81?821Yjogz&LVd$tuCKANaela4UjI%1rcWxb zYR{HN)%8E@=h=H~^^(`y%{K4R*%#H^wl4pm*$2<{=a;GN+PL-MVP}PhC+((Q_Io+! z(oXy4Kd}$(g)$#|e-v>su;@J=y3)q+Lznl~>bX`=1KSO^749ipeeFKu*LbGv;)>?T zS==l7&+_i^J@qRksG={nIAr^zM-M#HRU$aLCvd!RExC7Gd)h9^{rq+6XCM5YS;PIf zBlfLoZsU{x4AauDgr~3DyKVZCB~eq?M9rI6aKKT&;^3FWOMC9c%VoYhyR_o_p^0(1 z5`B-Q<7NBY)pqwY$+J{!KXm-i#frv-H<1&t&HPJ?gt4bD!o1z13>77ykGs>&0Fu(PwGozC$)UG+CCf{HXnhO*Ufx89tg` zynV9$>1U?-=S}CYeX)<>$JK`?9$H<_toph-P1AX*P``8BvsZzH0eBw(v?F&nzOQoYM7h9~oFHmFiVSl&D`yZZr4D%)K%$&sf_4!td zQ@5v|QvT!mcba`h$J#&EYw!3zyc^G$yKc!(xBm=2^P`^cN&QfL-=Y0)xm-PJU-^@EdFeszW?4xb(j0=B~SKEAaVmfHjJBc+@ z?#WFl@$b7_$`)NeCY8BkV;xIl(Z%0aX7RWG30$_~>OP^0O}63wi8D=JKDl$smeqgr z?;zvSL?e%`nW?WN!r33y^S-(jx5jio^Xu@?%=@@_ zs_NzZ%hGS3pK7XIy?)z|&JVvMw*Ncvqxazl*@Bf7%`DZ=_IP{z_{)3Im;cfER{J724``hbG zRCg^gI(_2XvX}Fu`-3m7`=k4~RyJi8^Xy7x`HH?}d%o_`uUzVJYks?pr;TwQPhz-2 z*t!0X#YgUm#G4-}n^(M=?c|fG=VLBq_PzzN$was4tkoY3UHiZFx0X&` znOQaEV|#)@%iH|q*yTrxAO0=(-Eh6+chJRq4fjft+02eBZTe%ojC-o#(OT9+!v7iM zK2MOgySXCwM#oKKf1e+7SKfWZ{e_|VbXC{OlDkQ=es^7$tZ;mNw)phITPp5;`!1bf z>7RJw>-nmuTYujTJ`l{AI&;z;nI`@$rQgk)ZM~lTXE;17?c~<(FrWVnr#*IEean1g zmfOOz(+}T^tliRis`7@U-PGrD;y=2VS4`8m;Mc>?a-z8F+O<9Q={248OTD)_II8lC zm<4rhd};Kf`=~B+^sA_*m}PflyZB$<+PV5XoA0VSoNx2b@SQ!7Y4&VqE&n6?jvCp5 z5BH*HUYWF9dk)u|5_{nv?#HUCx!VlytaxO5o+;xN7-rQ(Lakuq!FMwgi+NG*nM3zHBP~&eXd+nZwB~ zTzR>PW{iyAy0ax~Z*P@mnaK6`*b7&C-yf+D_6vDLT~D2CJ%4IdZT8&lS4?L!5oIFqKUF)MM4eM`-F0$TlHGQX;Zbkcp>z$7$|JL@pzV=z;b*|LBz1dU#Gqh%> zKM0* zTkUv${4-{o743Lssf~ha!1l|_qt0FXCt9)lkl4a^i;Zr(S?p@uBvB`;xol0=n%wAIYUH7E0qE6aWP>m2)G`w`1HdA64YH$0V0iej9YHftBSi=NHA_RGg} z-*0J|nlp#CL?618`D)kq!{7VfK9ZhwPsv<<)umlK`k3mQ|1(I`iM?(=BFA{;o!q6n zr_V48MXOxTf3Uy5D!pITSN!-rnd;~*M{>)x9vGgFy7}Sz(W9|0ng4V*&N}BbTSCNw zZN@FrJ8?C)#_r9Ru%~ld7@?3Fl8=@Rp+Up)`B!1?4wkPpJ z)A4|vzw_JmUDxd16dG*;I%s@PA`I~s^{|hf8sCa>0I&ewv*0sKKyG*4j;?xaC^VD?IrWO z?fGo{7Q8M$v#FK&bn5H*Ps2*}IV#GJ_-wBezJ60xd&+j*o>@)bj3>!P9}3icek4%z zrvC5Sw-Z0jKTsHRyhpc&^V_nI>TO$eTAa?S9YCX!j&7v@0^WEO*THiCBNsM>ZVP{TmFe}K* zB61d+W0fDZA6~w#wmEO*azjbGJwZRVKUm+mCp4|(KZ9WOw)s_c&lcxi*uF#bshsJD z{{e|r0n|0+nhPwP{wyhV&vY{{xKh)H}6wCq`Os2 zyry5{P+h9+>X2K?3;FwOEZ6+F>@VP1v`nDRCG3TESAJui-nJ?AheTId%=EBu^7AeG zwvToHjwbK7=25e5-Lv>ET=1m8Zf~}wonh8|zI9Qz{kQ#gnepu96c=kAr7USwu$ql{zeczU1r4a62 zd8;4YHj7yBQRbcK&O0~RrXQ_Zd-v|P^!<09uXB*JZw-w!%}kp7_G4|&*Hl^8wEM2< znF2G{-Ah+i+4w3WYQc@OyUrvouYS9x?t|I}RZri?_oC0VOE4s_jr(ZgyYhr$(~a@}GxJ}ZdA{A|YP7CUZu*h@wXr8AMMNw#7ZQ8eo4WQ*&eDZv zev}_Jw|a9a+iJ>E9fgE-2NJel+WDVBGVXSCw(6Q^g#s*U{LGWPUj2!FBweYi*6cLH zmF>|Xl?UbPqyw5{<5;FW3NzAI4Qnl0dG5_>5%cg%*2e579@ejQGvU5AU;OxK_s5FW zVN<7W>$uo1wbIyKBs*UK-BT6Xiu>uu-k>f3KwDSNAY&aqGw-6eJKquTl< znPR+)ZbUE^%#q~yeQ57wk013b;_s>CE}8J^MoRiC?dHFWO!xD=IBC|Oy7cy8)m?9= zK4zHo_viA{r`jcBeqKLX)qFqOD0#JLe0m`S2{_garf7wWn`i#l7;^cI@e4 z%9anGCRY6Hl+|N~uR7&)mEJ4tk3vx z?8W=tyj>@zFzx6qxVg6b>@jiO9e?iDX3O+XZ9hBru78%$j(LX{t6MKUd3@!PiQU?Y zfg9$OJPEmGD5=85V1G|-(mNKP>6XdI7?*5O`{ovUcFsl*<)9du&o8tjCMW*AX1sgO zx3!vSGt_ji$Q?J0(Vh0@ME@ka#McgsZam#FHFxGbQF{Z0>kDeMI+J!gT@rkjEcqt8 zwTaixw^t>cikK`YLR? zQ;>tQ>67_9Ip1%)*KPiK>`nOc=y(=wZZ|%LgQ8EbM9ueh{Jm^;y5xDUPCb>j2b*M` zl&=)X+pg2TJ~{O2g2;=h?2^yfXB~Lmx9r*6l6&D=yfIDQ6OPXKv$r)h;^eXLchC1` z9Mw!Rs#uxUy3ts8>#Swne7+$*!ae^P=4F*kmQg(Uea*WAn^r8I_iTEaWq^gvnN#N3ZqwB`vGd1=7F^xXeum_K2uC#@6PmQa6x$5BNd3!TM5ji}W(G5M z2GmP2xJ~@NQTNN=%%F$utUJ^{t++ACQuaT?u^C443jajnUWB`zm|cHr$^5K|MRl>u zyHYo9@4LE;B~Sj`B+c%g$tRcjl&d#0{**i)wLLGA??Pdyf{tB6-PSaHqX0pFwFR4< zu0KC1@qP6~*;58Zg&~O>Ij0HtH3-hy%o%Zz@wsb7nxcXD zT2Glhf8X7?vQbJvxKGQ8k2~FNtKY2$ZXEjl(Q_t=?_ZmCU~-wCk%q_Ba!+;jrS8x4 zoqH}Uc=GP$QN`6a=0=gYJto_4HcG^)O|FeE9o>gxiX1DsFJ&)Ji{ zRwLqiOI-CV?hT#oPkqCTj<-E*{PRM__2j$da$8m!s;pY?H|5Z!JO(q1mmW*MPrQ7u zsdJip;%6SdXY-_=+?_X7NT&I7^J_m2aU;INvlyy9YBq&@_Uic;5Pb4{RHww`3C3@| z))-#-Cvrhdv|ag=$cHya8efObJ~^T0opV*QlSi^j)IE&_=Rcj{A5fy1u*|Z_3_+RC!OMa)?v-@WRFV#AnsluPNRQ=s{#XQ5QYTLS0 z-?-ZxY2&&1c(0RLrCriI#|QmhQbmW2J(k-oTNF8w@m7)Hwb?fUweC&f@;=$WHu--1 zp~a^?9d!yA-Ue074)KogKKj}40oU;hYg^B(UE$>y@x@d#R?0o;lf#WWmr56BEh{Lh z%}Vc3RBZQZJ;AW)+oM^vC&ep{@h>%edT5fr^QGA;vkN%i26!rqTK>^$t!BBb#;+1$ zms5ZA=M|w-;p(Q`zVrTOh?KfcpOdm^{_@v>;@Xo|)St`Jw=<0q{kd=J?6t2yM?@R5 zKl#AQGGo4Qji-u1uekTr*3(~ZW$x$yBVN30(W_l&X3jkJ!1HC`i){w?UZsa$Nfg@t zVRPBq&Zk$_E%~(Q(9u~}t#iz}zZ;&m?s&7vsQ5JBl_%RKDQ~=zuG}@-!~ODGgO*9h zCuKdI!t~7X_nJ9hSMF$!xV3BDOMl5@tWmL6w;riiclWEQNa`Jz+nTziJ6G+(tEjz? zj>`wExijnY{Eqp8?`%8^YNQ{m*}R|c*O)cf_c2AxV7$KLP{&4%jTy?jt(QlKk_?Fzz`}DavR&MX3{j5Kj#O5jJtqZ7` z*!XE})O8oNOBXqlm;9Lb?S`ig(e)d1zxsN9OZL$9MB)7rcHtVr>tj}GKrK@ez zANjwP`xs~1-@^8B$Ir?ogukVt>1)$^Q~T-Hfd=-SA1y&YnPiAf85vX%$eN=k1w0_XMOBFD$Y>g8{-$Q z_Epn8$MZ(K#7n=vyNmulE^^O5x29w2jAeC67OTyoT)wmCPd)Lj`s%VbN$&za$^1FD zL+;p`8=2E5Iqwbb`EoSVb(j2wo2CFM(AxZC2qcT1}c;BR zPeoCf-F|M!B=7FYThcRSStFy%r+#`;`e<$ROJQ%p2nU&BC$+OPKHg+h@bplB9k#aQ zMDu%@d51;U%o5$YYv#Mfl8@K=N*(8V#$8}!^{BUP@xs888|Tj|i%2|{ePyYzt+js& z=gYG(GnXBllUC2Uq9e(#XO*i3ZdfmQ`}aOpca>`!4O#M(SDI)WI+-&cb-LK; ztSR%nC%`LQdB+tgqf-p$9eBg4PrqE0ku?4E`FpBWUDdavZ*8AzJx%4y*?`?w8-s<^ z{0ir1Wk&cry)nw%rn5Qjh-yx<$`{eOt6p;#7XNO&G2;N!%BbV3UKJT^jeSsHpq=db zA@=vwX}^@j<&7@Po$%m{>6X3wcKlY|qxZDWh_zgv{~wp$lJ<~~tPeasNGhqbD{bFn zzW7#zMz`O_*n>r>+JCbbR!Ut>?$b0kkg!bWelS{~iGb>{Ykq6Obp zndf<&;WA=Z35&`)(3YrO@< zbEo8=vTv_?VJiJnfBMPF51g-Ko-NJPpYvy0%vagh3tfw5gwER5%JE#!?4$z2yru=S z+|xfb{aL)yG>cc~E|X%A|ECqEp<)6v%$g3bPFtvytbQux{(b3EZF#PcC%>eQ=LQ#x zDnDC#ZJo@!TmEM+oA&N)mQ>9NH7P#%D$lWMw`4Q(@%2@0ndQ%GmIzswt>V^JNfAGI zo^4`YOMPwOoX_*Nnn_J-G1q!HcS<_5x~RjM7dLyYK6YIy;K>R2aQNDSw$o>3Y;pM| zV0}UR&Sc-V$QzXtSLWS(!N0cj7F(C(hYf89q&IE#J{%{PIn&SK;K}dnz8|iW7i61d zdfM~4=$vH}uR6{Bs&uL3M8KbmQx7sQ$Fgpn(irN&P-gMkf7_*=tYa>>Km7{3*7@-E z+0cLfQ`tC^FYQ$OYMrUlb2?Y(b>Q@qofYqHtn2o=u=dM|Fw^)se;-Gi-3nbcJN@Yc zCN^{VN2VeZk1bc2Q@-YQS}$Ll%E_K0H+H5;50g86TKM*Kx$kSbVQj{5Ok3{Px9p!i zVnqh*t3x!V%x%458lGlwqxIM0wZR6b( z{>;xOZvN3;G{>_@wtNN0#5pH8k9$4e$~}E@&61CO45mr%UI=+lDlm+^&gMDwjz0Iv zFKdN1tDe4VoHlo{>RiKl|Gv&FEP5-g_j%r;b@vSF%!I1aP3Ic~MC|zK{wh0K#%S`+ zn3Fql?erw@~qi>>OfCIz&D}X&B5NCJV!qm_V8Z4 zm}zM8y6KMa(c-F{ru3lbe4Di0x@_lb7#1~8p5*E?x9=3E(9%VVJ317EZ-m|JXJ~$x zFmI;vy;Zjlt?)KZdEOK5{~(?>CQG<-JvZy!ti-f5%y_p4Ri0 z?G<+ZaP_d;8Vdd5Cw*%bmOr-dbjizeOh`_EADF*Motb!&0h z+Dng2&!j7K6=|_;ofLhbv1ev+*tvxQ7J>ayXFJ&rYd1)X%FlRlM=zUg=E@a%Jf9>k z^2cpmzVt*c+gICF^O~1$z2dl2$3N=Q&dp-~8Fo3JSTSvu)Mf6qjyHsSU0J$f`j*RT zsoxRU81rb!MO~Fi&N|(<8(&9$u~Oc-I$dZAOW)$9C1yg-iTS%2o7^qdi1bb@*jt^n zO}YEjR>qU(?p#@7)-`L&rZaEeRD54!{muEai#8RVb&prN*$~Itgqbs z?NV{mQzC9J@mf$+u|{8}?xGyq2iuvK_n32eeC*M5yc0etYyTGUo;{%@r}X9~6(3@I zP`XxGym;E@6~C3Qo34J(o?-lRr#Rno>F{OQ?BPGQuNF6WIW3dNxp7N4Yw~)33-*8_ z|D7xIOiQ|i0uLT{bnfY!VWGO>KZDSZ!%

KB$hzao6J*nIk>ZOmTxY zdu6kv?P@)DH`ek`)t7s6cTQfp;^s5Pj=P@OC43P)o?F&xla3x&YCW~@j-QX zyxNA`hY^Z08teRhCwVNqHJ456?7fBBryFiCi=GY-%k;gaHg9d|^P|soYAv&#=fAr- zV?y2gwQ+4fJfb+&Y`RYEX$qNmSkCxTS2dsCuTIe$Ix*WAUIx3be5|hUd}*4o64RQi z;Qpn_iU}}r=|lvA!(v2&l{|Q7i(|5vaUj6m50YpnKyI!jDyy^aeL>-8@zpj z#jW@WRkLR$)k{XJU!Dz_czyZvS*#aI zg3nH{4t?!8lkf55qv_FBTjtHMc((S5li#s(?onKBbGI!CR^8WZT68-|UC}?T<+{~( zp2Hb$Z_J7)6~b=H^G>}$9Cx<*{KGafOfW-?(;*v-?Hxw7`oI;fJc@)3uGS zE}WgXdUwpTJ&eEIe{6QSyy)Uu(}oodiMHBncKltmr`jaZZI6R(`+tUYTkQD$o!sTy z`#HX1)djDe2W6UL-yT0$-x@aS)yd-JE!#Q^PS2U_>nFPWw9vo()7=*P*_`<-@z3(d zCzlh~Z{OgWWZx4nungvRT&qpu`S)?@&fMMa%g8QY5!%h)X3wYQzvV{8fyE^{ zS2jvi2KT=6*?eZ-oV*wR*c)H{XArGZa22lH_2q~1$_dxc+?U@cd+?*&r)Qsj2ba$) zyK}qK=5zdlc!52P52|B%bl3HCDw}c3703DOP5m(a(DX}(AFb!mu*h^1JtTc9a|DE#W`t0octU2#YP1jW>Ec*nYV+L$lv z_K4i1%(idg-|1`fgnh2)Et3)GTKn_*mf367ZhpSm>z(-I;>)v{EG=8UeLPW}ACP_K zKSS2t@WXX-KY~rRZ~LI~X`A99hU(98i{k=+``6gFAGcz=y+d_ka(70^`Ms4pTQ!bN z>-hO+TiKCy=?i~eU-2jS!k71=p7|xw->*x=F1~YpL5<_SS^9i8;w$)$MW39<_)P6w z+vYlje`mO}*H%8d`ry`0XC?Wl-2SFLkxQL)*Z%Pf4M}vf3O{#hTg>y{M_2w@Dl=QU z`_Qox-Q;6+>OYvjb$)ykEMcScpJC4dE@_!Mn{fXR+z#qPRM?x_#+Wq)joaH&(+ zJWEVQ=sf5=k{{m>oqT*({8Vm`X@Rra_xCZJALO>3ahazyZ4R+1<*f0zH!r$#>5?dG-tfow z+j8|-*Dg6*aD4eR-q_7Q4lnHX-}Y+q?25f9>%=ZUJT`mD{#$EL=&(8FWzYZ7y3qD~ zbKaV;u+QZ}{j)S5ZMZyN)AYro7l(cs-`ZpRJElhCL*Ht##q2$~drrt094;3Pf4uzo z>iWJY+xwj+`2r_CEQ$8$n9zNFXN|IxZ?)q+ z`|!8)>GbFh1JC-Ie%g0RlHb^#%&0kLtFEf)XjyJjvbtY5^0jbm?ZW(oyN5U}nLn<5 zT`%*)+;_s=R~|X<7=AW${d`zc_()p&+m802gr_@i-6>uEYM%AgtzS7;p4_qG*!!rG zry6cYe`}R0W-7mww!gLhV4U<$@#|5$CD#5--tk5B=fdAff1-E)IQcO@;$w3buaa-2 z^6@=i9gb)G*%){DWBCz-OgVv_Nk7ti8qddV{gk%EeoLvR`tGt%SNDa=A1OXsmipyt zP0*BGa9 zt?}{ISq~O@^Bz#H>B*7n*$fp=Eb*xAD96x8x7%KiDsJE2hFcq%YRy&@#(}8Aco5U$~x}z2wJ# zhQso_YyZTrx-BfSk*(+X`|uN0;vF@f%etj)osVofpOYT@FMINqw0++{^7rl0{22dW z+r%Y5?1LMY&YiXPj9kJwr^mM0C)YPNFTL}$&s@A^>Ox(9y$|unL_XR+etGDUqZ0pY z?g`p;`6A9mYx8*?+j5BP-}IlM+K=8w9lG_daMQ(iRZpHTd>dE)=sn+^ zAHt7h`o%kSpKYJ#d+OpD$x745kBq*{Ce*SqTjwq6&G>WP_0s7LxBR2Nt#9Vq<=w81%ry{56!zi)+50`CspMIpQ@qao>WW7i#{{d)`jn4PTDE%CNtK$O$EMHcDSdc4_1z+|cSoa{cU}9kU(iN5)!MWE zk#y+62PTU)e6{bk=g%``D_nnTk^{34Uv}GEuCw=!FK%1w*K6nU#p9_>`frOD|7@uW{t8 z_P6$rB=XfZ?7qSoQndSfLFKysqyHJi{&BqCcInpbig_o~GERiH1y0I7BmH2C)zc|e zXZsfKRi7|-!SCzKy#>2gmRszWt6n-isC@3avyXp!?R)e*L|LwFZsu>7yIJC=a<@*? z?cos)OZ(gR)xu81|M9}SwIW7u>t|2Ca(()b>_fZ!X0GtANKQC$L)nJwp6HZyyISSn zyxLUe@l9f%$&U`+(`&u>H%lG*nBK3y$G=Q(t7cTB!-2BbUFR>aGimGQR!R9iZ)#@Z z<);rs)NgH`Ji9!7vo~+c(_LLk7r&}(pWt!ef!x-w>~H3OJbs`~3*5b|E4$5ns^<>dxI8wv&u{m7oQ%_D&(k2@*quD)E*VP_=q<^dZ;kMSrF|TIj zt(z?Be|NRq*Pq}2Gq4)|U0^3$6ZT{OLt8)nxjApH_&7c1pFH`?x@F%&_Fj6nW#`NW z?N2?|+kZ?y7$vseB7Gu zbZdn$CELZbe(48XE8YD_cc$4fhJ$C*RrE!~ZihRXDWe3%-gvD0c1jr`7udXMNj$Q##;B;)hA!uKQh8?_)rX|w%Fd# z<@d9Q(RpDW7q##Bjk5m?Qv1a3p4;}VPQCT>-&^g`KTa=>6wY6C)3;Rdq1Q68J?Rgo zwjbOton`*{hnc7Tr7J5v4G(>N-Sy>i#RZ|>Q>U%YvE&mA>A@B1O@(u2BhL6Yb1t!qCnXS(+T+oWB~Rxb0nXtKy8 zVzSDtqyHINe?H7LI`BG9u`RkfMB%hbXYb;V>!k&~-tNpRefT=ODemNwJ^j=78D@vq ziTpTe-~7m?hh@5ES(q&>>tDWjW>`*wSMI<)P4=OdexjS*A1?;SU< z+i>?!*rm5Ko~|u#pGjF=IvijzFV@# zZJOy%<=~U1Ps;x@2<-_kd=y>%)+k`b<$m+>@5SN4l0jQ6l{YSv=b8L$X8t4p4m*wP zc|2FQ@cR23M%{6`ux0hjzgqtp4$4}^bJd+a!Q8mV>*iOP{+Chl;_Fo|{FAx+I5d&9qrX_AP#RJ9{>7)RWofGk!X(R7m(L`s9+yub%G*^ZM^7=T%+5 z8PC3trABYt5C6r!ViTopcBKTJE%{p!WrKctUzKGx@T ze&nGRuaw}mQR0ATu)~kp5Bo*#-o5#w>Q9Vq=g|WJb#a9eQrp%ptzdq*_UyX;RZEgA zo(Q@uNncuX`$PV>iOmny7FJEKsy3PaY3h^{d%sH^o2D0PV$jDl=jXiZH-5XRe@+r& zJ}9|#z3mUjkGnlTuIo3ww$y6bF}Z-i+p}J;+Y^|dEn`$WEiCemmeF#b>osXR^(sR* zOw~Ad=E;AC%<8>G*B>t0)+}wZKexZ`{5z)NxYQ4N-+ix@RdhhK#EBr9NrAGJB%hI#T{v4Zb=Ndk5xcNH9VwLIIw^p(@ zY;vVcWX-nPWq)*U{-^XK>Y)v9^71{uQrDigopU5TX_~s|)t7QI=^y5NE4qDRx}PJ@ zqJ1s%y)L~A&OO?b-+U}=CR_7DwYR%M;-^-8TG}!B;=ER!PXc`#uKdgo`4OwPHRo5| z;>D7o$InDsu9y4K{98V|EXaHH4`=_0Dd%do#%X_1vlVym?Or!m&VQ?I$z4s)b2B;5 zuevs6!;D=~D@B7l6oaeMpDsPN_oMiMsG=8AZT*#Zf6m=mSDgONx>C;aqx(1S59^O)t6%$L$>eM(ujzPy)~EAq z|ISVSC;rhZqN4A_;--m)3gLaB>w`b4AC!%LB-Ub+ z_;7VXXy@(L7g>sy33I2c7puOib>ZmcXH#;{>s+xZ5q8p31HZ$@)^0KlR;Mzqy9}(SE@i?aN=IdGp;9d>8hZbRV~r6g~e#-1E|& zQu7;n4#NI+40&^A-4cB^-_)#NSHbMU6&ENPFXcY$@nb7jcaAsv@%ur2_a56q6|rmmDn)bm@K=5LaC7aK6_r~* zP5Jw(S}t_;tJNziHu2cIOZ<6#VUkO=kDXEYiWOhq-|Rjb#n;W=Jy&v)<5UaVY`Ob! zzggtd_BUQxcreLU``YsE<$)QM#)rMEWZHZ8WIyWXiMN|Cx9qi`#i5-qiev4Y!b(0| z$@wH!y_|=)a{bZVQ2nikLQ*3Su!OIw;0^gv?CWN!I6vBS=clspUGh?mVUAyDzbUT&k-hMb?f%<7 zip@HmdFA~(hO;%=AD9mXRHPp!LErlq9XKzlV>8uO*tY*jo#>@4f8(+_t_JZQoXYPQ^Zdx)G|exWVPQc^ z&8K}rqo4km{wR89{?eWewld6)PAwI#sR;6*vF2HLW==>6#X+mA7+B zh0H3|id}5|P`tIY`?mDipbN$-@#f46)~!B#Ps2CqX|A5q44;+-pOqCIPfDK6tTEp_ z`Qh`n_ql216Vn{q45elto~L>7i)~q~(EG#1zPe|kALeU6Rr!2fyZ7yye5C5J7NM`qRRO3Dz5^4YF()G*vZ=qJnpNyp2m0Q&hm+! zN3O3mdA8+E<$s2w))7a)Elpjq+4fJEwpPrsmSfE}Paa?1TJ!i($lmS){Y#FnJXp3d zcF%<~%{;CB3fK4j$@#IfI(2o-%Q8c^iM}}(w^%zSUlCLP72aDR?s{>3sja{FmHQ`! zqa_tOuRMHmo}nsydFUZSFZIREp)z{s8Gl@VnCtJ`??2%@@2R_PYMqNMGtT*+y4QYd zU-6Hr4|bn0oqi>0#*(#a&$N$QuHRLs|AXD*+CNEe(Mu*#XKbQ9^Y$zE)qP*Me$LkO z>@itUDZA9xCb_=Rob)7N;_Fxot5`F&CD6_UETt?UrDniocNA<*5o^Md#

9EH_8?igO$GxK7={K;7GFvH&(PBBG~uVZTuJgOsb}lcHf-A3e`4>w{|ra8f(jp9>XGwW8FoDC)BKkI3?hlmN4M_^y5G6D&nID?_JsvMdi3^0^KQ{;lt}0a7md+* zx%tM@nTM9OzP0zck`p=Y>Gs-ssXbk9?B{0Hr)S40?#?LbW>!@0?Y{mp*!jc#F~NQYj=kD@$cITHy(WZb-mYz?QcG>dU4PCvS~hFobBJ1Yg*qYZhGpd ztWxV*^3UMI{5BiikMW1U-I7+$G&kyh8++U?KK}HqtBJOYzt8RHt9s%2+qC#piTTI4 zMw{|Yl?Nv@3q0YucD=hkv%hoK7VibwQZBq)3PF$bXST1jT)&_uRsW#$*S<^tvP%pF zJ9Vcd%U|2`qoVxb@=iOWsOVb`(k}B(tamN!>NH~ z(a-McYTNTlmrLzMmN1{+JoU!c#93E2T-)Pu{^@MVf@;S2$QSZVd$7~{k5I8-rr)c zzg^>c_U$bOhbMB{QBn6^CtIdXICAmX?HQk9osV6gr?D%Tx7lf<+=4K_#gFTyW1ZDz zFTdUHP{3(ZzCP*0_k%M`c7MD4PTkYysKN@FzuA7Lzhy{8ZN1V}=5@PKY1_9=UEc$r zSyhzU-?NtItGjTa;*qSaspOUo=hhiqY@Qf5^S92Q>}z&{ncMEEZRb`!KD|?^uE&SO4R58I}e*_}??tt_-cg@5JS zc;D&gdaeA{`bIu`HpBDLq~-1|{ptT1nwpNLFY#THZT2lOZJwo2=9HoXCFd{glmEE= zXn%*D?3SGyKeQg{eAdKw$*t=8rTJ2OvLEm7`IQ`%70&i3+Tfnw6=sIN+RYn&sHc}N zJian3?1=}PtjGI!`;Ie@zs?Nlvi-AKtHhviY2e-Y_BC1`j~~h2eN*9M?BV0q%$rir z$9#-?_@G{>;?=WD+MVlsk0iX!`MR#(^#|j_*{j*Egek2RX5tiGpZajNJ&(_XsHp}g z`v2YaC*fF zQ?>R5dnWwd?l&>W^=a{C)Bcal504++FMCot?o8ZW4z5$22iBYQOxY;&)l6BwBb)2R z9?kypRvNt_)6H(@BL3d+HU+5+I6O|>)ny07moL4K6?67wSYTLcSSpF^>-o#v$pe+iWQ-l~^ zWM8#UKP!E(Dz3k@_|XsLXp6@`=Q%g*``Uc$%8^@hN^C1rrx=~$7yMW$`JaJV=gV9D zaNnS4Rn5HRidSk5v-f2uAGP0Ve$bcc)Td+d%sQVorrefEC_b^SKkno5H@EglUeVoS z_~@@~-ldDTM4BG!L@+n@SN&xA&+yp1Sw7Ni(yimhC+%beC(pTFC(L@{t$OjZj}=dQ zR-cu)@&2D|-ML@q-^!-0dmZI^VMB}W?22XV&v@rB#x?)8sXJA5t>Jo^)n)0jPARjz zw^zdUALj41Vn1xpu=ZI05}kcjZH9c7$7Qu|{1dM@7cc+ArD9R7M&xPZ2_KnXUbr4r zQ8lrk`>IUD^_hv9yC%iGzVRtu_TTAUyweY5|7TEQi_MbczI~qa_um4;$ob6nX%aQL z50qE^xP5NR?$2CqW?z|iu3xaUSH+@~_l;}xmZFuLOc?kY-B=3~M6{A()VA1cpPjVW zd#bH}due@p=EMIC-Ph|Ft~{{MXbRZ4Q@%#{;Gd2)`aS;{7-}*fz74#&MUx@pyJp}) znFn3J+mG1u{n1@l(WWmP|D*2idL?CXMY|$)pIJ*k8b@4uvo^{5tfC&)9VXgJSg`1n(eAvJ%5JPz5YkO@+H?_J<+^XUR4~uk73t*=Pj8Bc{a&BxPI|J zgS^5IY4xV{x=TO&xwd`MzM$CUS##!TpQsc6BX+$eH~-sSt#j#{g*sX;u5+;69GUnk zwB%i_$i^viaswXNxPIjGD4n{)+vY%Y&H+BdXgl%iHvB8@Rf-G#O#R?&^dNj|R{VzW z?gf``{oL}O!N~YzsJ!`gQL*0N$}g6?%sU*ub&}+Tx|b&oo{ibeHKk;ZpQJNu=MR;B z#gESqpNifhadXCnfy3jutM&8*yXJr>c7Q}Zf$<}?N^`W`p_S)zip#_ zL(miH1jAvty>zkws%X_zw-?4rc-CeZdzn1y>H+B$3YtlR<7K%SEI;vzA1le zoXW-gYnic6TKUgP*lJ&_;r?*{&_6x3WADP7Yt&Cq&%axEO(k7E{@2C7+9{wYJ?Mv}bH)?0jPo5ybx7apobA@!w$@onM zUs=MhmP@HMTmRhbC~aW*d(YL}bcf6N%Hm=7)h)jNPjaxYAmU2|ZlleORQ*R%L z`m*+^?qa5jbK1*4tbg-eW>>cV`j=-C%bvy5-uik%*n8(yabIuMu=HbPpDfqA?ER7X z$oS#E0*Em|^Z^49bHHl802ADPE~Um;^#lI zZYpzmSR53+ta;9s&q`udAD>}WxsCX-{|p>oPTLEb^*-c&T$Us;L+b+ZA@~khKJ42?-a(?bt_c$)OEiC2k==}Yp#B|}}ny9NKGkG?7?b)C^ z@!GE3;D9Utv?~&~>{eK@^EAVr;+NrZfrpOIayk^UzISp@ z_PnJgalz>#l^s{5G$TK;v^QvT`~01!@BQT7F42dr*$02ysoYn7#b!HyUYhv5JwQvJsp8UIg-PDp`?d8aE%>C}bg4c)JJ<5h zldI`D{~0Pf*ZLYi_*rZV1ScX8iu-+2$|xx7rWRs&Ai}|HoSNG3(D1o^a9Q71tlG zZ#C(jyEbdndWYk)mf2`N{Iczn(&a0fva6#iW)+8TyzH*p>&12H!oiR1Z^PL;{-pk$ zzbwKe?C6Ii%LC8${%81BdfCSC@r)-|=3Okym2{Kkuln#hzxAJ#_u-0JL2c)X#P&XZ zz_I0G&a7J(nY8(?UT-T|svYslrDUk&+EG^qM}l=S$31gbD8UB zb{$>b8L|K7mS>VSN&9yFn7q_~b;RDSYZp!nkI@L6_35tn!}P8#r#bcYw%lZDRWIyc zT9mZn+PB_A=I&~~y@xI>JRKI6^TB#PSB>L!9o}^lm!A7PugO&9`eVXS9y9ToTS(*C+U(yZ(QEc8rpGQ_#9qj>cXQ}Plf6|}zx+)*Wx1$s)#0`I(;vRR z-krVh^qglC4ky)43BB5Xs#n@mJkD%y$AN%_huKW8R}{H#yspr)f_uN{wYp3HxIa8U zy#JPcz~vfaP7j+Y#d6h?inQmoS*$bd&{K+CUU6c*Tg0@<-DamhoZ4#|S!y@&hw{p^ zW(zYW9-O;wN%EiH;g`03GP%H(aca`y=6KV8=L(ORRtIW6*!6Y&GAqsF%YR%+F`w!w z7cYLxV#QIt_W6J6w)H(fq{$gG={d_k(+6R4vb)-zoR}W%XkSvYenFkZx6jQvxnkaOzU0Ntr*2O+{=&~65qs}=u1@AN%Y!OO zJLS9M*sj~C)|gJe9J(M(Mbxfs@A6~uoNsLmbLBe~ug)^-NW8ppopJEyt2V)leKvYc z*V_3{=VO$HJEyemx$>@QR(XZx?h{|l7YIIbP5x%!p>Ln;#LMo@-5fvd{&w|_^)>px z!{cAq-wwQcT;wJ9)VvA_g-lKL6{k5h1Q#y+FJ3vF~)SIlg<)m|?yZ5{J$ zp~lgz$!Fi}VSRKW?cbU0GmNwzZj)QKwnF_|?Z?`C>rMYI;fXbh5uD)u)AYt4o)6zU zO5Y0{H@$jlk*7hJkes;s%Jqv%`)^)eV;nLc9W`95X7MX3|_3>=ce1Z4-v|oyUTz-U~_h{jo zb&{&>6V+dyExWWlnAh)PI@5A?<^3Pp-%d|{)ZMT6$5?eY|6ZA$EK;va?E93D+-jK> zHhFo!p&xg;#rjzfKbEasl^vgb<&W_el$1RFSuypO#kn^3H680?Ay3+deF{IJw9&cMn$ao@#ppC zt508fOGKzZqR%)|{2te~>yoqUnC0&G7M{G~cfRPs%Uj6nhRj2OWALw@}D0BJbw+s!^PuKcy zR*akZOX}1#uF%=p3tPRuid5<^Jp1F+d5>!)r+alv&u@w|66WbJ3f(RBsr&SOi7fHe z3-4!b-0XBPg=5G4_dOru_LeTnoIb1h?<~_wcRv5nHFLus+PAM$i_JQIraz!})1}q5 zA78juel^%MW$t-@_U@(az4L=xK2AT(p;u$ha@}l2&yl%rDib63^Z(<1G3)KerU!yD zE+$Jo)Ze6E?YN!$<0+Ri$AaPKW5dp@1Al#|BHE&t&47{ zR3Dk3DIa)mSFhZ&pCv8xW8&3ZC8ie737=bW|Hwx59x-3Dw`WpvbmpE^TW)aF%Ouof z%{iHMEgvOjn!SHkCdYc2b?fi5h1!x#pQkO$zAs=S_~Ga}r7K%Eyf>abb#qT%ic^7C z<1yn~3qQPXDfRxXensEZeS7cqrwpImSAJQq^J8M^ildKi`+7Tkc)R!Oz9~|csmyk1 z#RqL)$C#-t<7fYUbmy9aDIY7gP1$zm>fZ&W>ji$aKm2=b?Gk6zwM*7aH!Gk0^JnGT z%Uzc?edKTc6Zs+Cf3yFO8LlP__js55IWGD9bxi8J){nD~RViFH@zpV#TE#z8BB^HG zf(h1qSTizy1Z#Xm2?2^N;gny-H+gI!O`bFP*zOZAl zH^0+|t4H=emT#UlZDMt%>Glrhh*xFHw9EEBiT2&DvHb7kORK#fRqt=N=bm@(bU@jT z=t|{lx>ueiPoB!dzi@rx$MDu?AN|_%7vG6g@JMS5JzbJwYd2%P=-Be$l+J-K2z(0 z2aERk#mg->{j~lVe_Pf5!~Yq?&o8}uTZFM?+8aLSV^xB0?*Bn!{|w?$7tE(cU2!>{zH`a> z8C{lgU+;5#+LzoH=%;SDBHDK~OV?kfm|R}bL#0X9Qd?KP_*k*p)9kvBP)dKEM7qVA z?EBj@uTQsPJ$w4S|GnFmGL7@5rXSj;l(z5R@x6u5J&byu&-(K6tVv~P=8ezUdzHRF zeBOQO)2X{llQquqOMJ1ry84mz*S?E2$q$cBGE)1`;N5E9@cCDG<>U3-H(yOO2vD5U z;L^Up^qHOP$63)8eZLP+|K%)e>)7}0MW692?TbrQHRk19?zT$($TsoOTb-Df9Gxm3 zD$6fw)job5=lQ6<&Hm=}O|Pv=PF-v53zTN{u$y|fBH&hq`y-LurFV6HrCv$NPdvc3 z*(NZZMZ7%wTeC>9-%ocAKjf_f$@Ke3kDs@P63O826*hd)w~IX|6ji={K-0iTTu1+ghnMbN#Dn z-vWQceU++?Oy$|0VU)n~pTX<9KYvu_b$R}UAEtNwXQ)qBvpZX~=cmgD*Gj(K55N6L zf3(-zAyO#Ac$ZjR-@dB?eoA{UuK)1-*fy)at)(CKAN84@X%=?vY4Eee8~;KN*7$nX zu&<2C2)OU{E&4>?Q{`uN{_?H48Qr?)JHPyO_Xz2F$60>tmF4RT*QU)}_2c9p-&Gk_ z&l{7j=&n;w3(xq;Q+)r@u0(BP>%7Xa>AY9}elhyba459eXyu71GK~FEuXF4)WBn`j z+iD_L&OWR8_~w?LP1Vh>!xet$KK@;OebTFFU$c|*HJ=q2cs`os-}pUKd+GYll4tko z{ypq^8T3pz>$vT@3N;SJT>ryS+i&I0Nj3i(81%#c(5qjz$Gd7Ap5`hrXmIyz&8zT# z=zm1p*5mNE*TpHD9?o<>6~1%b;v=_wmmcf?&%m)q++ap|>Qw9bQ8jNfi}|8ApZZ$g zv5TR1!H540?d3ALy4!Z1bw65lSm|hX-mAA)1Y@Ud{?Hx2X-E16yM)6kxeuhCt*^0t zWUDxHYelE^hNa3rRJ*amU-&? zf^(O>$YZO&W?`{*FZY8tv)b~$&UJE|_@CkF3>DU8-_)MzuA9GLMTWxscVG0fO!j6Q zs%~AnJ5G7swLZf+;enMORv(BmeYoeEjjJL=ZYQl-QQ9tFVf$8eY*FY z-_d)9(2ApW*0wp;tn4#Sd>-yXfy#9b4<`jMWQ%e2$s3ZTafWEB}eEP2@F| z*SwP@FTGVW@U2Ot6nCkGYj@Ya4yn~n&rGwk_wt+DCa zEuq;5p1%*8I_=nnzFAWeE-&jXzvH!v-BpBp#nhR(SGKQ>h>kV$dxY799 z>bpN?`w0J?qo8%aqCcuLDb{YY~n`Qw|j&{SxO!Rubpw{xjF;SlW?oj-P|EY zr~We-moV>5i~X_thSr3cq($~){j%s)s6YfZ@=sHKdW52I^+`D#Cs=Koy=JFIADfK;JV^j zk7~j{?)Kl>=27yy+3=jj+iN@bOIFN}{pd3P#;@AjYaBN`DgU;t!ucWJ(z<&&7khi| z`tly*I6d*S)1r#Y$K$m2_sJSPd=PXvkIg^o+x@nEBKv0hvBytcGIK+@`O?4-?uUHM zUFW7&I-l~m-FRTV$K^GNTT?gpnN>3UK4oEd^<=PMX-aA0iyiL*H~c71Tz-%HiPp~C zBfqZQzMt`J+p|l@lx>zva9Lk>d^o>tp4oNAS?_MAu#_sxggfjL{UCo>ySTPY?A?oo z+u|G7rJJ4m>MOIp{SUj^x<}csIhF6WS-y?Fek-i`;cI5urKh%>zM!9V_M`kUNj=ry zwk_I1yB=sr+|q9P$ltr%I!^SK|QMKE6ZAZ_vRn@eCX^m5AO8lc~_tQ zXAt>QyXM}>zx|6X70;=p+OG0-K6<)fU&vdvXA%~#-6lV@7M=dv`)s+M5%afo^V1gf zs0Mp0>pOh-dbMxv^H>eN=N5TeH)a=HSRl@@s_~$x*}6{$FBFJdigt=EuU_T-ExRJx zmNC)8<3-}m#@iW5hZ`qleVaG&U0M%=af7zB|JG^TwVSs|@3YNzx)iT!_su_U%cUJs z6OWqge6CO;H#PEEBKK+gci&_f+@m%xi(hqo&xT`Fv-EhPzAQ0u4Xy9sGGken8u?P} zwBeOV^WA)FZ?7$_6BZAenqmWtbh8mW3Ih3sXlMu60zczwwXM? zTDNd#%;wEPGGC91ZBo=W+BV(lxW>lK{g&*OYdvyiidPvkJyxB)HDG(nww9y0LQQAC zpO0Ey`N-qT)Qmr$wYN(b&k0#_+tlym+}hn4-=Ye-JkLxnJ!sneh+jCbW8Ku0i94Qb zmYMZD<=WF-Gw#@&Y42mT`;@ZHK6~P4VLsoeFjbS|M_0ZIKeG4EPRrM!>r162PdiNN zJ$;b*+UED`pH7NbI(R=jIZu4$l5P)y=5ih0X|}bm7ANeI(9=)c#je`!yLC6~x?Z-~ zdYfyrCW*wniCeVs&-Iw-gZYz=uXrE5OT4vIV(ov1Eu{>HlnRp12fI9(XfAw6PJjB5 zUk&ZP+cMr>cv}?C-u1%9QRYM3VI8w|?{36TDPUilSrL5rqVfAp8$G7mSj41UUz%yh zy*VRsR>aiX8LA!6c4mb{urTiqgU`0V=@-B-KL zE}NZ~r#HW({oRVM>*}sOdN?aL=~w(c`(JzSDz7U$78@MACte`?x_^897w^FP>(#cF zaz4K?;nW=CqJ3Kz^=mG65t|n5tg=1axN@y_?W4?}+T!n--rw!1;@UF7FkVxn@VxA* zzQrbGJwdLj8;`Fw5#Qo9Ywgjib63YiFR;6M`sFXN&5wFx6GE(0YCIkk_FVUU_@9Bd zVtU*(&r->-Yp2WaPi{JVYkS_;SnI=P-AjMO9X~teYmw#owZRu9?>)WkYj)msW54(I zZf-8dgDrTMQd%Oo71d^%D%>+aSIN*lI+ zV!ZRD=J=&{m8ewyY4`XyN9!3>9@6rh9aguIN8r?j;~EeC zys^zxFM8L-73s$=cqC6gvFlt>#p*b@59*yJ8BeCZ zxs~xvNQL{DR`e#-eQCwpcKOWsZKcL7VA%D|zvUiFJZI+dz+E|K3k7lnzq=OQ=iXyt zZdn2U2{M0Lyv}KT~=6W(`&dkdaH^ubQv#Zkzj3TR~PB%%~WzLuG zJjbhWWy!9&C+sy2$b{^ec&(o@sVRh>@XhZ*Oer){3Y| z&)EHI6SJ#UZ|+!YWzV&I!`D?_N8+CTt_@Z=w&X$iI`c>GJH9F}Hk-L{WoF9bC$FQ< zmfP-8QFzk8X}5Kb&6M3nqLC`L#W$`^`Oa2(z2y)0%G>_m_U6g1`O|QG&h_$TH*Vcf zIS4|T3^oQ+&#*;dF9TejSFMSWna}AJ58L^ z{;HC-*Fj$|RW;GE_l`{1^Y$+**F7>fH!?_-lz9I(SUqFvmFt70t=xQV#P%)ObABc>%NyEF^;3Qp zBXRoMW9GH`{Wi{-5BPa(kDhsOwp2{Xp^|M*=ogo}5s&TkDvo>h9m*9{J+jK|VfFRS z1ARCi2#-*)rPB#H88+iEl)swPeH=Tvy`*IMq-Z|y0l&2YN* zbfxb8jU|9y3?ji&Uv|Bx!wIz(q)qm4gpr>ri&lWwas57m%1Z8 z^l5+9!raPS>pk1M%$l$5s%PT1K9-qV$=IN5`t-`~^yU5@v#RvwOM5?^(O~y=Z&_#R zQsdRRxqE9ful;h}6{|B-fzQMCm28>A$tSCy@D&DgM9e(*;`yRUPVr}wKTGY;l09@- zYM#f*Z>v5WI;$-H!t!NQRH4C zebLp+?dETA7uqapUwv;|TGzc__iUopeR*8U=cBNuh}kzf$LsZl(3I};J5_qF`I zmF6=g2W&rvCvTqjrrYD^*Odvz=eONre{6F-@Zn!kL34>u&sVMxTN=xL=;DFZIv;zQ zV?~!_iVHqS-XOA~J8!mR)tBYBSLpX7Es9dgd6!jDnUq;<^^ozj;aY!zv&-WnbG9dh znVyy@Su=H>hOXV29;4@Ly;nJX`^B^EL(zFjo@`NFk12A`=U22Jw^YNjGlH`# z9(Jca*i-U#&C4`{Cnt|z|F~+N?Z?{w_Wc*%r?AeJaHy2~$~JfP?H|kCey1+9tFgE* z@lWw}aPq8R?H^N9_Fq=n?#5j7K>Ugm|-hWrF-(&VkP$r%GN4V6kZpluT zIR)Aoj;h6VwS2qo{ai1w+RM?Fah0(3##Fu{X|_cdo@DAN>)l}azFPRuvbX=781uB= zG|zT+KJ?;K97|tb)$>cclOIKzRF^h!H=RB1eBnChvb%bdx$p4D=$e-Pd^WXPps3>6 z(xVYxVd-1`SpC?({&2laxcHirmorUY)aiaqi8>;9Y!X`xQ}Mlh6(3yRT)MC2^_ctm z=k+fAM_v}N2yW*-aMoWb;Z;<)6=#BH5(i(%oQWZ&-WCfxyVluiN&BYxOgwntwd>RW z40Bo|R|I$|J>NO8SfkHp$Iq(Ju-I46m&?zM+}W{OOn*Yw>=Vn2_>OHZkWslfapmnz zPp6cA`ID{iNX3+1c{cM?U3QT$BEs zee$f$)dp#*`{soD8wT^vKeX0J>dLiCdNS*t6+ct=uUh?BR_uPjR;#_!@5#RwmVG6W z_wTI59P?9$o3xY8eY&35urGOP!OgF$f-|P|F*-X*oTxl*VzNB#OuF6H)$1}R-o9(& zXBYElN%`wYBSpRwYv)L9wO$Y<6!m`U_Dw}glD52EyX}Ok{n7KH&OS~@nkr?&?k>sv zRy^_Y&J|PEWHLSNcK=qi|E{ITeB)`yC7(_A>o=NlNY1@#)2)(|n&Ly$YSJX6SJzH*@Xu@81GF zcD~vpwRLgDtLNT3BTLr0eLK26?~Jfu^AD*f&#y>^O!)bQZFc4=u^F5aDYKMAIzOHG z#eVQV!`A(8nIE23&RkOCG3}pN!XaIc_c!|vd|My>qxL@otHF0n$^AC@y+zA)afaQBC>*_<)bU2zkT^(`|xh%*IxaD zQf+g2FaBrn*&vY-*O zrCr`rSw_+MR_=TEyf9~~ynQrk&CFvT1gqs2&q{CnC-Em{)4y{c+dH@HH1*)qF}-W& zdit+>)QOMF5A=&xNU1bG(r-)nXx|?HG}i4Tv!{^E!@b!La)pmXt#4lz-Or!B{aUW% zohHjZ<1g!@ew6-Bt-D|+zQvncUgl(B9{<_=s)bkEZHoQp@d|$B+7RAtn|@S&Qe`@UYUnE!3f59N<)Dp!|(h&|T1?vUf}+V+z>+bWedP1P!L zS&@{u*hb#-N8m@Ld_ms_?*)(ivi+0%y(otN?upu7^Y~pq)_y1oOnw~CzxjawyLFGH z7uW6OtqosXW|f4}X80TKo9&5bIzrur{49SJ1<%x9{J(v<+Yatc0N{q9kS(grc!}W{Nc~*xBkih&Hu;s zqkr4uO3L+-{azzrb&mw9K)3tNR;N-?mIQTQlRa zbmh9JDNk$JwSu}u<6NG`_s0ZZOA^n>c~X?+y*ORPduxX&het{dXW`jmt6~>Vla|U5 z#q&W{k6(v8oA~GL#RmyB_r9)_ZMK?Yar;8w*Rc2QJJi2BupTqAzEb3MjDN|1YD{C(D0bjnI#|KF@1Z0{eZAALUi%toq_Y8 z2K+exZR#Z(=gizyW)mhvPq{C2!cy7x^}#xkjQruvUrrv9N zmGW;He>30;_#y0{`fZC}7XOco_#2Zx8MB^0yw@_Ic-rQ^P4kpyM{}8I9e%U;!Tlea z`~Qd(KaxKt-z@ycuKAGWvgp%lY11qWA`2?+_FRAR_V3<%i&vd|ZkU-ix#yeY`m6On zbo<{j{8{bv5`O1D!{+)00=k?T^b3`46Wbm`!}J`+eiIs%;Atg#2rZIaE7kEoH(z*Z)}W^Y8BDpi6sn zd0T>fB9pspSXsWTDYlFHnkuy7`l_Xsy1f4xI=|QRZcUpe@#VOy;D;A`KgKC+bKE+8 z^F@V8uICw#`B(kwe|RfnpTdvA+DEbeZf(vosm@0H)0^Ys7uogfGp?R%?i=>$c427X z*@}o#t5>yenk?6^|0Dh(_)t}dVAjfVlg|mM zbH1(C7NPkp+^t|x>xL21?Y}*#lbTRtqym?cvEn4#T z@pOS#UNRfX+*j3vD!Y9UeR{N|&9bFBF`@dw_2d5xe^~zxt#R8v>DOKTq(f#0g z&sXznHSXor#nxu!Gb=tO8Im3VvXX*wEe#=4;$S-m|LirJb#OZ`q%Z#Z5$WJ zz5F;k?An{UJg%RImG(40N`JG|yzi^})x|%iF1_6*{xh)MyXRAyxxiZB?<4JNy8jtcv)?nm z{FL?mp6%u3+s{cRO*ge$T>ByGuuHe+zK=PAb`Ay7ld|{CnRik`YuiN`wMn9GC)P&Z z-gfnD`90B1m-lbpbJyw0;`t9t53bw)aM{}5h8eT`Z{?d-tXmd5Z%*CT#h^1KG#~Ah z4*qaOaP9mLf_?6$rdQKt!&)z|S-$Gl_W77vV?-Zd@IUX^vbI}R_av`P2P*Y)-}C0F?FHahAlI~Gu#}0&HAP* zd?=1@)3)A(OA|IvSUbT&Zfo_U{AL^7hx^&o7AB{4+ANvV%G{SdUs~POQhZu)=tslm z=y~$XDumtVM|b^la6N1nvHsfL(+{s7xvTxqzsvRR+5K}j-B7z`Yy0|?jY-|*M;g~< zB~n8BCF1tXIz4etbJr)u-qo^sb*(nbIm6_R1zue1zx>UAhOEC#+3Z*4{eQAcuw2(& zUw0{Ldq2-LDGRe}A6KRcZZl$Exn6EUcRb^YG|RH{pO^n&oOR!2-=1`fPapVdvlm77 zR<4VFQ5jN^tabR_lEhV2!Z#}V<3Fl*NnLvN^^BU6*Yis|>t!;}uE;(wlCpunsb1>- zkGfv9)rA$uTbzorquw7BJD+gt=GELq>bmN4jaDA>_nGy1XL{(%m9MYP<7tvjuCH1vlfZG~y5K{8$rtgDF`TB8u%bw6xH;-p8csco` zvpI)o74}zm#WA={xLT0<#t8U?VG*Y8|Q7k-u7#W!kz6lchcmhZS?tT@OROc z{q3{XA6C0q`kw3M_lx)6Mkr3Z8^LpGrSZX|H0;# z+hV4Tr%YB$fB*OKb^Pk$lOMW|-kQ5^BI{<|BX3q*5$?Wm%uXI}h5dpFNg-+SNP=XR8e@7j|7VEJ3_{|qc^{w~_bd(U=#=RT1vvm3D| zbqXZ~`U6fMt$Fz<{^sLj`{c@^&k8*gvVXor$1wi#^tba9m!A9(_c(CxRF`X?6&lR! ziu^eK>|EcnC7QoY>e~8m`f@*vuKklt<2b3JtRj57>;2-cBbQb@=8V*zDN!|fwbQ4l z`CY~p!bfgpX7(<*9lnln#lrq$-&A{-eCM!g*tz~icHn=8CfmB>^CkD#vMqi1pP_xb zot)=GA;~`n4#oW9yZUsV{eOn$@;|Hvl6CSm(M^}igP%sf5_{TQox+rznI192>yl@y z)sNDW@Akqa{N3@QHOd;f%16RC2o$-`s$B2=A^h$2kIs(q+7W%+7p(p+Gw@u$rB3%h z!$GF{EPo#VVzZeGGj}cBBDlHpO&S<8WB;LGpIgTd=O&4E{JGT4 zp7Q>W7l-}a(tz^?>uRe?)^H_O~tQ_xUmP!+(ZT@urc_H`FeF z-S_poeWU$@&HF$2*9+gzyeD>TYpm0uGcH1pvS-LnnK$R-rTrp*Tz^|t>_7bC)14c4 z4sW0Q%;}VSd|*uM`*xeyg&ryOCJhzGitp{7@}t_|dsar#9y2BJshaYab*CSzzmfka z{_yYpk~O+N7CxN4tcmI4k?9xLENxHfaZdlRepY?v{+@rlAOAIHFUT-A>r3ou(7ovw zG5Ngck8t@T@^UXu9lIQ{yM3EjSj@kziy!X4CI4uD%lpegm-ob1$eHnopU^b`I4%+icjQ^?TY6Q^}Kl}+i2D0V)vKw?Vt@&_FHm~zS$?< zeeAQ%#)3E}$u>?|f79Yab$Zuo3P19({g_^Nsj??7Q}wy!lk3l?AIiUN{qWxEk7Boj zuGDy3TdlMDTic8YmU-FVgdd1E{bxw2@7c$H=}-6r|E^hl3oEW=Tz1-iQBv^Z2`#_( zm-ggb);gA$v{SKq_Qm6gOFzCSzGV~7xaOYQ{troajP1mHMQ?CAXSw=E9d|Rukv$FUnO7SLyjCbA8bt{rN|QUM@QyvwgN- z7yl%c5-s-2rk}UG2%Vg@Cd%}HZJ)BbPEh-rl-*PDUzY-HUS` zO8ZiG{y6=(*G_va7r*eGN(~;bd5OpFd|7`v{&x3+XL}#%w~61=xVUW6r;o}UO1Hd4 zEhR;N&V0n*u+RFk)U)p)7oT^h#m-!;P`!{#bqU$Gdai zZC!C9sq?Vecbm`g3+g%lGvw$qzntZrp|SBSONY^#s#@*O%7??OmV7_0V`z8x#vS&3 z+V}r(S1-+!>RmUxf@#f$hBNn;?Ol0FG-Ix5!G|edZId78_r9_5eN?$Mnq$g=Pwzt5 zw^fC0sTW=MrJgZ5@A^5Rlc;7rk(ExXp7piMFT4B7s&9em&aIY9cj``xJo!FW z_kGWw%7se%=GQ#glwKw0zBToS_#rvv{X73%Z1o_!)2zv{Nu zr>)yHrFs$HUH1J;D>ts}=(_VQwd1tR6`gfO_8;cfI9_|VXQgTOf{2IhGYaEwet7d^ zy2poe^Or?hpI#CFJjw86U3GX{g?-@lt!o31R25Y=OjsUrj5w?7b~-QQ6t1UL zyft~f_0Yycjq|4NnzL=P(ea?gI@V7;BcA+Ij?22I`LX&%)w12+tZ%%tnbv*gaNaq? z*hzKgYMf=eVCsqF zxQ&nV|>6?fe8kF8o-bxMA>U6Mib)Y&%uhyF8g+Z3+&u|E8R z@0U6$ukpG$~qOVY%`j<4dcy#UJ&L+_Sx^ zv#e9^3DemnPK-W`$DhWUtz22rcROH**~arSfpQCE?Du+4xodq^W^3Bs-Ag%DjN+T) zxM$~o>u-K*aHOcSNo(8U-zI-Fch87%T>R6=@fyx`JWH>K@8?(!Q%KYf4u@o_vy z#y({`p^rIdmc^>q1id>R)BiF)!nZIrReol5rHqz8uXgMC=kc0#_w9Ioh<@zwnqFtO zQR?c}8Lf(4Pd$%$9&`M@a_zJW3*(HM_AP9f>gnefZBpa7sK(|;<*ID4d&--yObh7? z6E^$Lu**2=KZ9VMctv<<-|N^9-#ZTLh`CPBek^fb^x_}OzteMaOSgPT%68J$eyaS| z$xmc{u+PWuZ(1MMGgQ5 zOs?9Addm7Gr>8QuSN-~TiJ#%sk{_FnM4Z{+a&TSpt7bm7saCBIH)MP0X<+ z&pWoBU+|wHQ@^jCVUOvDXTLJ{1TOKe=exFbdy|Wi*!cx-d#-o>u>LmjL;EpaqsOjt z{9U(PJ1Wfs`ezutxbGY%v!~9dR2q6UV7J%@?{p+V{`r`OmOv z`JRtY*EN3op;nqbB_^-`YF~AIug-T~_4eQ;TYVm!cG2R^6(`%|4 z3bKWd#*6%k&#q?paA3+Yj?Y{Rzpi^_-(kny_D@&mhmnopK?VM4d)*KIXW%Ze?~t;& zeotn@ws2S0kcrplX+M1&ELkghe(g#gQ;oax>>r%(jI+M>$C>lP-ylEbq_Nks+{A2qe0r$$~i4&8L$@)7_ z{8zc&EB{va;R5|%VH1_+&ETDveR-jTpV*2w=hda%1$8x!eYD#C@#wPXvdN|Y8S2gk zUwrp z5nipHwYS z6Q}q7X9$kAQk!4A?&ac$UDppph8Q1v+ka@+RW76cU1y#xoAum%Z+~x<*y0tHQDqAx zC;T}Wy|l1iy7cvX>8z>}JMpMq3d|4Do_=^y_` zxw)#dt)8i;Dp;(y{Gt9~bKno>M`eBQjFO5^_phy+_T${=hsS$$Ti0!VxOMjpb7zH~ zy!eIdr|&bV5Yo06^j=X>?m1I;YFo&$f<+r!y(Uaot}+Zba&GyNHRtv}*x&H<$I`_y zS#ms+gl(6J6}(}{xpr*lhx%hxw%xV64_{)O7b*VKHhat8o|3ctjvr*N6mmS;xnl>v z(&VP_IpOPLvv!#X8t%QacA}N}Y^}y$v%ZA$J=`c_IpxjG;~nQe%cyBCl|Cx3ar_~_ z!0nfpZ~pC^V(ujVI&z-OMH}nFY~A**Jl-`I?eFDjzm9(s&z&{xSah{_=Az<%o0K@t zUkMBO&%m)yD(+nRo)2sH^xdzV%XmKOKkP zlMnv7OnI?+xzetB2Jc7jS$^c)tZ1oSd7F%wzuptx0}24<%V0gw2URL zI!Hd-)AsntdTo!6uJFRgx7BuR=FvLf>v-zz?9`jRIVVqkdeLVe@qusQ$LO%hC$>yX z%&XbJFPj~7`~k;@-d)`tH#sB&6<)_KZ{CxfzSQ?yqmtAlf^CGB-CWco=Xf@=M)YIb+RDe%g%A1eI_2zkKk8d`f5$zRt-B^2^S-g?sbodR z^H1weSww8FcvtY)SSD9F(!=Y#c4`=l<%c$Y8rThin6ME3OS$X)#h_cuz#Ew=U) zu6*SC!HB1L^0j?au54YK$D8#&_Ct7U@|E1DG15iz=i9D+J~#d0`p!R|kEM72-YvdG z?aB5Dj6aR)-j-V#7hatac+AOE?~>Z3l+cVVKXPZTJt%E^Ec(PCO%BLv{jblea zqXTkPSM!_f<^H6vsd%|Zx+FzkWJaOl!<|c~Uz}>=zQsmsXRWE{t*ZGRak3jHu~yn2 z;|-4KKXNPe+XQoGnT2`GJU!uyvf?a0yqnJUH}3JNoTBB|cH9^K@t@(q%gjne!84nV zlxaTCEvEsk{w>`XB4e}yR+se^KUSSx(f{!7vDx~~IZw?e{8^`ay{uZGFl>L4 zJlowL?hi$_Ma`Rc(d+v=kBJ5zqEkP7dVGAI#YfpivU2fnLMJo5mJECw_dYv2HO&7L!@?dREw%k7)GuS{B*RmIo4+AVqi<>U#1-?u&ZS6bHOAgRt! zYWhWV!;h?ug_GRR9SZK=6Zt&O^uiwXg_+Y0Z~SOd+0j~Vy5v&tk*egig;H+27vFI> zpD8p=wlHS>+uXb4&QP z?G-)~w9U$9{a91RC-Q15^IM~x+Z~Iu&VBaZwf9<{-Fc=rK?S^J`{aK_q&pU`zGo&; z(0!%r!)*EPUw7y2{1z*9HobAlt#|tmpO5;^-@fbb`OcD~U5~>vo-y}K{uyp3HkHHc ztEt(Uhn=l*8M~ENZ}{New&jD(UQ>zwM}@O4{+6BOlq9yX<+yUfG3}FkvLCPSn9u!B z;pMK9Uu(jn(iU5|MY?gN{JOrTz3&~vM-N$v(%^~lzU`}9SGulnRI8a<6}sTcopm!m z_xCIB`SATn_t`RSpGcM6i@7YmFU`Lte^e}L`)w2N$l{`g^>z+U2Z@M13YxkDE zTjARZKO3!A_!ZtapX;Ta>__v--=2N)mrjvTo;UU5rO*OXm5aaFn6^n99zHhbYo_== z&6?tm{~3Dz*pxiEH2o~|_gtyR*LLi0w^RMG^5KcJf0x{L2+Myh(kuJ=a@NUNW`ossBD!j|RC3*H69KUNi|N83lVQ2r&<&xjsV`4eK{l4Izz@@P! zzpl3{&tw1Hvi`2=*4oGVe6e@WRzK?Jin`ubL&Yu}V;GZ#2*G2)-*cp+SW zZI+bU=0%>_lTs2wBgz(;E_+_I*qh(v>8Z^B47oK5v+ntC`eU~-q3(m<*T?fECoz2L z=gn~9F3VZsWxQ!`_qXgH60?@By|%W#EN#26sPy0B3*r8c_BR-0&C9x-sq?CR)z|lN zOQkASYz?~Z-rIF7^^{*%nVrv%{D;~5rL$fxk8${^zg=Sel0CW~oP$54u9A4dE9p>n z-Tg!N1Gbq9vV2#&=P|q7FLHTqx!&{Yn{|&J9$heakQ?=KwOhrF->*)5TG$_{(Q91aLDS&W(QAx=|D`?p>Ei%CDt zejV}YvdgP`xt7=e!L?N;-)HHjdTZR>wKDTRgP>~Px9r%!TQYN)j;~mKOTT}O{@1jN z(_{Nw3may?^lFnd+o_kSb#rd$`STmy9e!{oKC(6Q+~ZvLFKdoVvQ7Ft-{k)chvsj- zR2p_UeQsJvj`8FBYpb@lwR1&CyvbMb`D8Y)ZRcO_L+1NrX4MPCzWQ`#%}wibg^}l4 zl36omKKxu0yjo*d|ApuB2llaVnVY+PWx4`$z>ibMU4Im3O|Q?7E=k}z!DsAu$>e2C z_~X0Q;Tw0{fswwOt!7boc)1+o!gF zOTd)b{>3XlJU=42?$PAT@B5{-cm7=w`@StG^O}{FucgzPH3j~Gm-fv6 zR#$6x`QgLsU-w4YZ+4queSe=;-|R>I+^_76YO{pa=B;gynEjsTb8NuU(3n%f3vVai zvQOt#yXBkpJFeaE=bB={7yMhRnV2W}XMN;vy)RrRp8ZcLpZ|w*aJ6)+Wa^Ft0r_>= z*^lgdZ9^O^VAXGL8q(C)Kpt3vL4 zoqsDkvgx?vwymD^6%q4zlj_b-%$`@cZ^k66o?l`4Ez2+OiGL`zhF5oMo4vPBmNgV5M#L zN!3fH`aGVx`(|_ARJ7!(5WV%IDpx$}YSin1N$H^$X+Z_qb-CsTKDSFRzq@_cvpuJF zq(?^@?`DsEAg&X7*=FA9W4riU-@N;3FLK)G@2pE?5}x2oS7-fjO-_wT}* z;74bKrq5H@HOuB(ykWy%)_V7Q_CEwySL{Ayr*P$s>5{gKCEW|J*%emhwSKbi<>txVE-yYd&~e+CxQAN|YhyGr-+hi|d| z&#;MG=RxgN_N8?*Dy*&_u)4Knp3(NHE&EmU1%EeRzqen%{z1pK_?z43sa=n|D|6?T z>Xhh)$InjMPpw;*d4Kc%u0Ng&BPu4le)O@*-7=9WDD=efm0#Aa$%%QDQ50OTWa*j8 znYT1Wg2n{CNdx%Obd z@_B`~7ERR)EuL2zJ$2$6@i?x(YfZB)9$c_fh;&o5C^Obf|MfX0{)p(0#|vM7`xW2$ zw(jN%HJ;+d@7OPksvkZr-%&48a^C)sy-?J-YO~vgEIBo2%4*8x9-Af~4XYO^*;{ts zxi%y#s*%A}`FZigH=irWI7Iz4`x_#%7rkIFR_+fE-7eECmrLv-dMYi~K`^cBzdR@fg~ z-D~9EcWcS4Wi#T;=CtPSb*osDy!PCT$QS4Huh?hK^^e=)a6BP%}7M;ub zp7Z5p(6Yy;Pt_KJ&d0Ws+i`Ts_tVl7kIy`sdwzB1hr|2dX58KpyN0jo`s5e(^8chN z79YR(!?2`c@zfm6S?9%e)K+<#TpB)}5+&dFk+0@#14^n-+ha zvTSFtHMhlK&4PV@wGQucmaLS~TJf|$>*MVA9skTeSg9_3bLmV>s)tj>n%DDt?`eJ1 zvA=nG={=QLo_Wp**Gx9YCyPxfP4_xsyZBkJYku&>ul2$iyIkK)-;kxzcgK+T`@XH- z{y!$Je65rFC02J`^zLI8qDNvYg5C#xxO3~sM!!!ici0Yjep~nYfoRLNePWsKa^{IA zSxn@bQ~Ww6Bt2TRGw`PIVnKJt=0ldQpFJ~NiyzzIk+cUBO&7PoV49*js3P> z$_YAlNj21!`KiSDz5cGXZo3E`!FkTn%v^_t+m_3Kbp5Kyqwb*S{kUW&Yr(CJf7o)mG`?EB__+4phFfo!Eo(jF$WpXjVtG(&)QyT2t6x;ETWVF& zdGz$u*a`PyGvnF6zIZGLgDmf5F;<_SEW_<}Y4N98`5n>A70{{;CtqKscn^RNE) zSxx>e!`zEK^Y{$vr80l`KDL*5xxK2sE8^DP4gVRON()Xszfu*PU&nU;q4Q=eQz9tKk+!)4W7DRU!v9M*iydm6RJ`cdnR zAB!LTXZYdp)i-eI)+V(bn@hi{*@wcNT^;#6YEAKE(zHF^eYh37ZobifhV(l@?F$vR}7ReigLg~?|Bp0d88?8n`E4Y$a8N+q_W9lty;+eg$> zHO)_n(>%F%_pDs|(Co?|Cl8+WO)_TPU5}v$!$l z=)_s~OM;$WsoBJzANBo3NKk9PR^i4gul@;c{n0J5>)DhA_l`5BguZfLu-@Q$?z(wD zm8vCm-zO+Y3i>PC{^b|F_Hv%)l|TGz-M+m$CUm>;4Qs&1WBXUe#(A&*QFT|&(sB;t zrClp5HE%CG9w!)R@?~w*`QS^p4#(!MIi-B(Zq%O75g-2EUADV=aa87l*~=O7{3L6$ z_io*D;fp-~!N>CjpVxE=Dk-nD<`Oo|c_)P;;Kg>U*-6-*4q++qYx-iRL_) zo;wr6F2ytbsM6dz-}rpO{=LN~{uIY@}$L#!j`E0ZFcBZZW%qsXUhg{J8e`QOis?y=GpgeIIR}FRv`S|BC`G;%cu01~-zMtE4cjVI@+tac&zWrI! z|L{-NWbfdNCD#^yc>PGc{ZHkRxF6*qJ9Tv?zUw)0{As@bv5lo=J3rJd`;~iaZn3fg zn^JM}yel{MN!Jt?3=t z55h;+E>&;a8ZUTz8UIY9nU1%=ih2iLuH*Y-TC(+8O@O{$cw5tL_G??Zf~q9n3Qv#C zeq{PBPhtL>71Gio=}KF3d6zBE*_iFI>XoD3>w8<3K0a?*9(2ohlS4y6+M2udM`wwM zrG0$&_GbTgkF_B_GQAOBj%@2UyH%3QXMb%`PpEC&^TSmo^%+I~66K9_lW)~H?~|(5 zo2oU%;*NC)+be(3=ch{gp44;Lgno+f+}3u-d-=V1?zQ%Z9|iZUwt7D6%tyV|AGHI! z-)t*uqKq-I?F{o?f$y*-2R2y@1!Pee7U*Y zYuarN*Xd6#)>xKG{oOhF4Er?Y`D;V2nVj}DyDRT&y&lHCr;cp4d9Rkc<qR4{bMjt1EXQ@OZjzV1*RiW5@xrmb-!hc8Pce7mcsAK5 z%k_5j^zGLc?%H}yxlgIVdqe-Z&2^g5nfK(b9X+;i-Ky@6t5*ykuFBY>xh^JR*V07| z4Jj*LXlEa*Qd_#_kJZK<+b*o#D*5LAsVS$}BI~8vcN80+&-=PpCAxCkwTCl!*z%^H zeHGQ-rFVMWe1m{+E`jU5D_(3bpUfTq!)4yp!p{~@!)7n9QNOaayYWeEWuf3_qd8Jr zRa(znvh?LXcwf-;XSZjL8Bbc&)|Hvzzm(@nSxctPo&CJT$+c?T{D;kpULN+{RL;U< zU2eK^VZ_=c3%Xrq9=~^Qr`qHdZ(^%*DzeVrSuFrWT*M;mgS`Fi-KIG@hIv0Ls zYwCd$424}^`1$5?dAH`4`?&agI@MfS8s_=HUGs16a|QKmljgleSEei}b>cLZK6H<1 zTZGWFPr3_tJ}Fsu*zwX9TS2dzH<$F!X)j%MjPs5AH1+$!wa1R8{g`}o<-=a0Q|i7$0Z6k5ZX9-8kh|(U#`YD_kKmnzGrk`MGNz z>ZIHf`NX-dLV5f9Fef%f2~)ncCfl!Dbaur1N96}>Yj>5~o4n%Lom_QM)wO#HPNa4) zpARsM`PaIHyXg96-{u$DRVO2w)!r8@C|&bro%W{6weMznw{XvETC(9%ehgbg;d!0< zt}P}zCPf_i)%B<4@2zW_HtfDKqu1)@Gy{uA^A4o&>MT%-WD>mUY96%nqwLh_H*0K{ z?78IosqOaVd%HN_l-!jw6#cR)t$2?4r&afqK7Q?Q{xWT6TCkaYsf5ieueVdh93RSa zR$TYoR_h+R=f=C6H_jdq-I!UvxO=PBxsxfu*YEA=di|)pck9a~J9qBSc>IrJyPTG- z^--x$r=Q=6eP5FE_N!=??2%V0{gEHV<}Z_;zU$K3r11LPm%9$ncet{ZyDa*SGUKON z2R}|*yXx%1gT+hyPF)h`HVw+j2*}`IHqko#n%AJZ{sk_yq> z0zFgiNAD+uU%2kRJhLpw&nv1;$Kj;toSA#Ia*tg2aJF^ok<8@uJmY_-zO4J~{^7^v zFaH_7wB`xFm%Ez(u)i%gIo~QHS>kaq5C7WOkM|bYZ+>=pk9GczbhhC8a`Ud9S1-DA7LVPEN~rnH$&NR1}IiVVTKBiV)mxEZ$KBIi z+LD%jhvC54vg`LGHh);wly4e&#iy{N_%r{ZO~o6Rq!drPCtIOdd0prEj`~&CDssYljEr4_;tD9>Cgq)+ojgt zy>v@^`;;z&1s}uKBqUi^&Mur(6`ZTnyGK>($ooq7GJ9qQ7h#VZ8r5~#@XvJ*?p`2zV>BFcM{KK7m>zEzR9n`4Q?~5u^Ilc z<@H=5dvRu={iK!^lD4+1mHq}vMBa1dIXijR+!a}GE^U<8<8w{(tbKmsy3o1@)@5sz z1@A1koqT%ljpmoXu1c;==MlO6B)N$-e)mpsoe&=WtlF7<5~rr$ad;oTN$F^$bkw&%RH_cj@hu zk8&eDrUkHgxGRL)+}hf!dE^W0r7f#7Zkqf^_L+M`sc~||tP7LwNE9|aUz-u*v+bs0 z$AQPQj_lf3`9xPcUA^bq8j+mR%u}veOVvIp*GxVib-9o2=FSZj@3N-#rhPY>InBte z?yG)Bjbr-K`UUPvTh{IEzq`7p)HqeQJm|DU@KcVu;s`^@^ttcu?l^z?%W|9R=0+!F zHq|WoJge#9!xo9TAGbG07u^)zDe@*ST0TRCd7hT`&b4aODje%ySgQa235#HGluO{AE&e`R%}#MVXuO8cmO?eV1ka;ow`4atrao2TbMsAlDdyF>bow)fFKh40>P=0V zFA+DjXYR3^sqYqT-<&ofIpaa~=Lq4Lvz5Ctr%bw|zhQ0kO_$wMrRfAL0l zmJhbt8lBrBFTQ=SrOVgpWka9DX|cQ?>p6a$d_33x*ge%mk@hzm<~S|*dMx|mKK+W_ zztvPeESp|Bb52_A-u8v-EjE9+oi#nhWlp*2TGQ;!mS)L6st;TBZC;`L(?|JnG2^AZ z-aeNT+HMvVTwD>r@Y?Ugx>mXANx7E{Cw}jgx%zXSAcu47`KqAuoE5o6TO5wvJXiUG z*Ln5*$}+cm5*u!wmiuDloUP|_Pnvu4$BFe$af*MylLI?q32(d>v>K4KCKUAGkF($f=LU&c&Txo!2r zmA4{PLE}K4`ke6G5AU5m^#r?qYI4j8w|}UsB>i*Vt0zyz8JO>{EuSU2r!4T9oUPr| z^T~_+PCExZ?Ac_!x@MKtHQR%|cit8qm-!ufHa@WHxS#H%*d0u(ekA+v*ikm`MPl@o z;3$d6jUR3>Gj^F1h_w1QRmbjXqdCs(UkGL?;iK@{3d@tDE2Z#r|PmL>Z z<#*^?v-9C?&jnlg3!dwql-qhS^Aw9~+1D5KR-Fs`3nCsLzqEY2Ti}KbGS5Y4n|d9Y zZdJ1~C#5B2@@KB|9y3#Q)vB(&oi&r&vgYHZ)xJw-EGbKz;ODqPl6PLD2lH~v)hhWu zdK~{5zFrA9vVv=Q-PUUV4bzIR_dME^dOXS6+f&^#vGMl3t!uX2>y@g_dNy;Zm|Ore z^UAer?LC4HnH*HVyfx|OR?|D(hj00*-wRin@Ac-*mfkK=adwfr{60;mY>%=zoby=S z9u{iRWaR(R;BCO%W0P{Hlxl?C5S{X%YrX8HQ(Q+X*?GIxKC%rsYWBM4Q&v6C%k{;{ zs#j8`s#~s{5UCQ?8gOsXp5;$X_g#>lEoprI^wEM}>pPMzzvtq(G3Djgb-NE&b-lV} z=A82ON%=bWy0qL=JN=D5ZVC8N9XmasLewGP_Vp{*o*(8swwrTj?GZj-=a0)>jeq2y z+t#cziT6qA?O8APr`z)~FQ2K`AieM$$Jz&9Hrwn8$=&!_|Jd2GU!Nc4KI)84@!cvg z&;4O=1^2P2X|t<#=gllwSYY2Fw{_$1z#mff{6Bs@58V>D&C|O2*$!`8xBEWa1>3uy zX`JI+TUlcBKH2R2qLPlcro5K1Dm;>mx8KKk{&v478yvL#VvdqxLV)b_Ys)^!AJz5L zy=9W9Aon%?NL5qz^x$l9Lk7lk7hii%U6Luq>m5Ar@|_>*p0W0R>Tks@GG~-ZzKv_G zUY2>EzfSD@Bk61M*;kVS1?m>ad9Kqwcu#u%(K_ue&2CX6W<~o03;r{-md@Xz`lf1W z>#~^%9NRZJO7WC3cPVVO)e7lnxVA*9_s{fn_Tm)&bDP(`QO!J^ARv8d+g5GWw&0e7 z>^&i2-yT`AcrE#Sw(R&rt*Fh;P8$V}KR?;z@IJ`@_jR3chH_C8hugO~rqmo?8+iTw zwR`v9yeivxd@JXs_bGu_-(6BOICAuZn}f+&E4OLS)orV zC-%Ls+P3#n*z@3pv8p}#>L0f;C~Y&j>lK>B)4smyY3r+fq7jU@MHerRHJrev@@v-N zS!asfi<4J~^#~nbAew2)cBAO#chj?xca4s=+Wx+JWKU&y=F5AtrZqL0ywel;ATyyl zG+86L@%W{gLdNSjpKp!Wy4~_*%-^i&otY6OWkzQOOIaQkH%3OS$?kbC-5wb0H&bL{ z-A4vxd4uCwi`T!ncIMc#s}*^RFD+cl)w6Zu>BuO}z3wsT6>3{c_r@-rpLN1)RfFY< zX;-3|3!dj$$P`D2Uk{p|cE>@br}68W$s4zLhnpV@)8Y4<8WY1d;m@6`%mrsSd5Y&{ z^o8GT{Be12XMS+py^@;M4|)p2OAdZ(EfJDwJem~kbMn)7yRR#k#!5WlpJ#l2ukRO` zQr*{KFDsX;JanJ2IQ!$T>xPwi8$L?c9AB~Sm$!7fdsv=ozxMG@>x`qfx83qR=C{17 zVCp)dFs;aqVYi|s)@EC_-%&|6J$Jll#gjQ-U(ec^Uni2M!tXpwMIb$T*|}8*@|jsu zuD*WjcI(E<&y2d)Z|(4`@mAf_vr?__-sbgtf=dgzE$2L~eztk@#yu&MY}4JY>OQMs zV@dy$UB|GA;mDK1u8;ie6+iDiKb2{GfiL^Ijqxh((*fq6kET4j7&s~KxMP->^@=5d z2lB4Y{b*QsF<*1SW6h&Ex1uW#BySWAKOPk^+b?~#b<@YbuO&DA&dw8G>k=B9e6IHO zyq!BHDc!WSkhz|{=2o=nk?ubB`lu(R)&BQ3Iv>voPce1Zx$Sdy(!<%)lYKVsm~cnt z6XWBr%S`x=Zt}B|QgH7*X=~VXZJG7lu-3BBvh}ZHMW^1L;laMler;iuPv07jJn3!O zOD{dWGuvO~ishEGk5`!~7X`dc_AM)y{rTQ^>!BxoJ4EfL9jWgXoXyhl__N(ZTf?ZT zM7Nv-;iCZ_P8(VN)~-6c&|qK4_qDc*O*Y>Ck@tvUU$D&N>!#OVp3K+XKFzD4cJcK@yAkG-?6 z{rb0fX~bRMtorf-Wo`xes3*w|Zcmw)`e!B2^fA(4U*@q^G4#&4kO$XRd{h0q-A=aR zyu-g^KOTR06y265_Ap6h<;yvZ;dat>7w$1%dLQog;eEH_-VblOlBRoHnIh(D`FrVJ z?ZfLzzIe=1cP+Jbl+~Vh)y6*EP(Q6^Cwr>J+N&Yw?bgZZ?v{_+eyE=LwcyD|`8U5m zGF`f)p)>WO>V(Q7^U{NFvghpl!TwObXY!pF|I|LLs)#{K$2pY<1uiOIFsza_Kr&&k!j5i{KR9&dcH zPv`GEllk0-|F-^is9@4~v*eWHBWa86`sxfD_1CqI#>I-TigE##~+?AP-Cv&X~$i$`fV_)&aaf^-y1$p zJs#8bvD^Pf^`o|hk8awCb$+vTvw7R}`HAlNoUiLIobK=5zbU*gfAPoVt$(u3o3`F~ za;InYHcP(x4t@7`{9Y2)Q6q3vtDgejPnp*aK~!aqZ;4eQqdJ*;UAwL{L6R$NR;lGioF+~c2rL6 znS9Kh{no;uj-u6B{b#s;b4+5J=5esV;?d62$G7#o&1m0g`pa?szk~7|cG@>iudcD5 z^K#cMrpqtF7bmCNtPp)JzJG)L;dmjNdHf%jw)_*hrrRzYv*FV_gQ}G;UkAJp)GA27 ze*R&9ui>`(t>XQ^vb5%GsL9?qJ^xnAoGilT;iHo9Th)Ns2jwLa&$J)m zsDDuU*>G3-j%U+@3RnEeQBI0pFZcLQRVXLuzqP+IM*^L^FZdApBkuM(WEdrs?X(q+%i)qjFM#Qu0K=hMrjd)NKq+xVmVW1Pfk-vv8WKK|Y{{h!$Kqk?nqiRymsn#nr-w&LrhE5@6~CC6@Xy9i}E+cg|Bdo{LjGmWxiZwT>T-(b&)1JBpFs7_205=(QRvuL!qh*U;X3g zkG!fl?RoHpMWG?5=IgIq>w3|&)}>|g;fo!o`DdtS#kb0f?{QvnZ)@A?1@0_@eG-Rz z4}@>@{TTnSZ|;X%*-yGGON+`5=1jakF>cM3Ew&knYkB>GzCR3a&G}=UUz)z$-SqU) znb*^~W7;+@sF2mYt6yVr`}!r}p3kxEtu@IXts}~J_8&f|pl)xXzEuB6eed&!`zG%C zeRx~BvC)%bA5!|Zp495o4@>`=899H_e})gix@oukJBw~+ZezQ}F+FRc#QD87-#?fg z^9_IG+GI8T>?Ky_*Kv#gGq4K&*jW8B{&CpS)qCfZJ$%Q}B@xc(@OWwA{f&Q*E}Q#t zve*7AxqEJ`T{mTuxl?g`^x;>53pHil**%^4>-~q_kIv2f@cE!s*;Mf+F}JRZ%w9=P zK6*Z0e@pA|5wUdNZ5M*>dD_L^F6?@qYoEo>8lAbC^?7@)Xpn)3*n0IJjUTQ3Kep}o zUL}2;>)i>Cigod;Lsxd>c{_7_UQ+vdLDsMM#{UdSH@8OjdKnkj^o8U}o{%Yw>Hi~q z`oP3L$@{Kty)TeuEp*F4Id08?=L^29@2QFZxcpJ*^Je$f#4G1-HsvySc>LKMb$`?M zx3VASKU}tImtW_K%0iC=k^+B@+iktsc1ql2Y3)&~OOv)8e=UAQ*8b2wh98x>^QQ_6 zJ9Ps_pmK9FZ)`H0!fg!gIg87mrqkPvX;hyZQKkh8%yf+kdovsJOKk)m*tCxCR|6t`miw&1;Y?oFPNl&R% z?p;;D-x|Ja<} zZ7RWzw+kb{F_d9ILAFZBpx%6etlH&O@ z9{;>DPy5H_$DVKcZK~YogvBvlJ9=#U@|nr*52O3Oe(7ud z?Qtv1qRBRJL4*7>mC20}A%**Q*$=w!dVB_z@}ZIK9=yrl01tgtFEP&w5?M|1e|g zYV)h6^1{+-A!kyyTRhvD_T0X7&R2amUE5RU_nAt(>uqz>GUG&4SZ)1Hk5o86bX&i+ zV%B5N9c`|uZYfC>k8Q%2|8RD_TzawC=AO-`mSPd+ik}VYSFW)ixi9-8_~F){TP~X( zE-rlf=d3UvZ`w*vTfvsBZFlmE&*|Gq|8e~AZ}H!SYIBRe{i_qvahLU#m(w%N_GLSF zJgDQ?F@aOdFD>i-HsxdL-P23oY~prsIGxZFCg1n9`#(d^bZ^sjn{zt3a{hj4Ebe-C z#^CCzOPky`PP)F_U1DkAi$3RvXIrjEZNBsM(}hX(R?AmynQrx%=gF2C#~;V0H`i!C zlIM3U`4GM2_Jw6%Et%IAzFqcXs*U4JUB_g#+FjRMzeaUN9lw9+%!aS(nwr`XuWV9N ziz6$d!$bPbiB-5 z&bCMS(d_JhTG!`2_r10(y41I;@r3N_>wDst)p-6`{phC2^~Te0b)T*{=5BiC#vk2l z%PSvGIy?D9()u0A6X#sp625Wj#ryuh?Y3$srOi%ncmB}kefsIVH`brP5xFt7}i!wNLGu z7Tmr^y&Lff@D>BC-Len|G@re|Ag(^=UM&s+?sEkHF?Lxzu8Im5AK)T z5+NOM)h23nzBI!|z2g3=%Uk9jNfF<6RmJl6%|F?f*G2|TSKVrtJa4J{xm9X=`RCP{ zR#ZQ(@6mtsVd|0T;R0)BU(z%_zfY^4_20?qR`V9;>aBhF^U)3-Zfi9L%k`DrhwN;x z)Ffv=vi-P4!)dd9aNwWBAB$IJNbUc|HrK+oPytW!VAt5+X=*lo`e^Fwo;O6z8o@7EIACBK?pscwX46% z2VCOsw6U#Sxo_#206T*sBSwq$?R9D^u6^aq7wx+`r{^!{x*k5ErC#^`9k(gun`)`@ zHF`dG4QR7_NJe;v>WBD_PnXml${wk;7mT;Bxc-lG{m02J#=gs6UbwR)ueh#BZtcz&J)KqDp?B{NU*Y75@8cc)T3)O#@|7t*>X#o@XaD2%w~8OF54xMP z*ZfF&CH9{o%j$`Kjrz(PP1D0BsaZYE{%ZZLd(-80rho0L z^WWBUyb^o2c<#5i{pUqXH|MnOPEuSM^5N_1Y_YnNe|Y~hG*9@)QnBr3&OXB$+ntwF zbXHxu>7nXmJ&8|y{om#LA8gqF!Czj!M(nDM_QQIKEw|P!%-wXwd#T6`|KQzQ>jYx| zsC?WvTkhHBSvDo71S4imZ{HIw%(Cm=DSped6*I0Mj(B0}6=t>JXPr{7t6ANmKjJ_7 zANY%@lu6mG%q&>*yY0GkyZW_#oqy-nh<=#iP%IqUlVfAW7@ zuQR?|yM!hEI@^XLAEsG)efjDxt8@A0vgKuUt1BiSF0bSGQMx!|TU1EOy*uO z;a{fR_;=TuuWw^(?3dg+@Sh>A@1k9a?1^W4=0A-8BewXP{l~PWJoX}X%7?ZYMmOfQ zDRAvix{(jc%^S}< zi?c@0-PyagALz7t zvcXpS)S5cO^N;7t%(V`ib7*+VYE0?mY{$%QpUI3Ft2S)PMG%_HmKFo`2leMM~S+pX}1K zf4cC=#Iu#`T{f{xD~f$0O!k)MsaD>75_G>@ZI?dhze{EXF9L74Kis}++C2lwN7I|X zKDbtQtyKAaPI36DRj$=h-toqpFK^AL(ObDV>(|*iMGnXLty^D*o65_)w8~w$Z^uWq znNOcfANl$GgXqWdx0#RUckZ+PD08_Y*=cvn+3(8j>UqX}S0CER$KOgcO+dj-&V!wHUn5XV0#+=gg zRX=7&{a}Aw>wTR0$gky{>a~{>nk^qZzqH@&`GuU+zw=G>`EHz+zjem2bLMp2-SUQ} zPvXVwll?oyrCg%!w>|e>sg@Aoa9s1N#2S%T$96~e`g5%;+F$bNJlhZP&$G`^EVNIo|0H+t%kkw3ofLq&aw-!MW?& z7dK8QstONZkaeGBkNcyWcB1u%*i?6hmzZZXtYo%%wrq`R(67l-|4y2VmfrbU@?*Wr z-^HfCdF5UoGwRIppJ71?b z|L8yF3(t3|J^7i@J$KKq@c9+~As_oY^p||pTmA6%qU-s4AEnr9nx6N*X?wSK%IuiC zhaWTDuSxs(x}y2F^_yc48h-m%9ozXs^ihZIpT-g{gP-2b@lk*HfABB*(d@AOW7_8A zr+;o{%q^%`{_m1h|6zId%xTJA-X*0q9_Bprll`{YZPhQEX<;Sdn>zIh z{jjFW8sn90X>M$qkK$abzrV>eJ>K|7y;3D$_F)@Wwa?Xsffc8Z*KzE-rgBC3;@hV- z%#D5@`j77CsW3bDEaPDx$Fg%FUs#@PE&UkLWwY6R(}o{0)?2uPer$jEytUN(_I}Zq zg=a2#MLL(sO^rTyf6MZw8r?^;_eLL9dB^l?+ z6l$uj$a9}>Hrc&rru5-&VZE7a zSMu0-tTQ@gt3BbP`X3Sf$MN0oQ$IXgUYoOR@&@<5YeoyF+edw@b;>BsRJp9PZPhd- zGx(4)mF5P;xd9%&wZLTtM*_VIaSsh$B+pcJ>#>F*DS!!o~Xg|1%zw1ll zBUwLD{wHlJ*Xov5KC0)gxN`GH@R3b7qwi=+_I@ya?{h(KPx!<4oNDcv%QtPG#^x`( z`ux}P5?R}RO^*7}R4jAx+gO1j=e5>>JQ;ZD{p0YnzVkN$FaRFZ%K9Nd(j&IU0s>d z0b!2Xk0)N6uCp{aSZnKY>4UcX)gPw!u3hvYcTd{Qo(Ttp+4otjpJ(G*XJh*)`)%BV zCaEtw1FD#^FVsk{&bqa~t+92(ZacSiLGd@QADb`mCoB4Qh+~djdGg%lvo0oSU0HqN z>&EAYrt;XNn!PP%Kl-0R@bcjav%mFMc`Q5_cx!b<^<&ZgBOW%ptq=a*KVflU*YzJ$ zKgh>y-jgf!=w(b&>k!M1dk(>Ue%ZZ07O#ITW!|=A&*itO-jU(lN<577raro7 z`%!NCqxqsI*S(UOJX2|kXu#div3-j_z7PAT-V%P`{qnYkW1^9ZpMPHWD@4^#^XSC5 zJ=$t>{N#9(gZ5ov+5S&$s*C@GMb5`f--50JuIAm|v9NJ#!bdaa-ur7S>)Zcv?Au$l z|K@eO>@%}x8lNz|^}?Q^Ci!7esjt1SPs?&B&Gn=A%T6y|SufPj`xj(S~QU0Yj zF}r@vE3-?kr3@J{C-}7TJLL3!B>rdMnEH3i)2+BA&j0Oo$JG;`h0j>L{fk1;p_eD7}vRc=VjB( z`FnFUZrwett@Z=g?0FPFeD7Q@6YF$eTa$N(e9Ww0+=u=tUEUMARB!Xrlta%M z=6(Gc``f-EKmOW2rGDOfzJ*McGkVWCsGI&W{NQr;kNt-kAC_&joU!msQQpgWSC?$u zlBkzGug+XQsCkOm^1?^fVOPGaT*G*L#tzZviyv$`bf@E8gU!6Cy?pn+>OVAEF7svC z9Ru%7iFsZ1YipLJp6p!nN=CvaOr7ng!ke0hkIS$8F|W3pJ*n)2WcKtADf<+!*|=>J zI;z+f_MaijzU6x1M>&_-Av^h-KbNo3XZo?E!t3{2ZYIyqMG|FeihhY^A6+p&H(30n zqviYL@*{yqKg<=6-n1iAHJ!0ZUt!+V)e9@U1C9E-cCAUuSl2#XN2j15YkqfWJ^zns z5v3aIAEiunoFwFa>d-F9eM%YE=kd!)PD|-I!anU)h3VIb81<_U-{;jlQ`+--f63kt z*N@+_Z+M&cc5C%w6=NSMnWEDtAAeo%JpJ%J;j5Q_S3URgIWJIjyHfd2_Q@}2tq+U+ za`@M34=M`ab zc$V=jpRemhet10(zv@3VU8du3S^VH@jX~d6A066^Wjcb)uLe(*m7!;Kf>QuDeWN~i8_$nQ=nIwCi9&4(YW zExp{PWCsLoNvdgOe^dInw#qtR{8e_fmHC->Z=%;PUs@&JYA2N)6}#%C*t9bj-LE-V z{*wBYeel-RrRN%1x4v@E)pB7z@IxkyN9y17MX#q%OP0WmtQnE&67BX!W7+1e{89GLeoK-@ z4F9g|sXx{}mghW~ou8RpEc5-t$r)vz!uG6B=JI+fx%y1QR}Uv>Cw8(E2CC%!(8H=T0lX-WF6 z3MK7~S+}FM3Po*rFs~!a^@IFj?rx`VR&$r%N_x7uQq=L!YvD)vM_1%*i7a_7SuQRS z+dl8>r@v44A9;OW%yV^QcCZewnTzkdnIzX`ks++Oz8J zUVbl$8e6Nd!0>I)7gqF#e>mQ;rf+ic`a}AKzbCDoW4^a|pUH=eOMi^B*WSy{OkW-4 zB^jsOI^(&-@ykE2&#h=aY^U{sb;~@hi+^m3O&s!bgd)OaAH47Sr}1O$W0lJ_9@CjL zQqI_AC@}DQea(6-yyVWb<*Yp7doyhLSL@`f?7sM5Pbr&wgBbJm`JaDWJ!@nrx@f+R znp>oMa?HQEYa=3GT)5?L!7G#KR^4^`^4Hm%Th4FadTLE_)0wKId4XMrPi-!m?tJ3N z!_{iHqGHk(KJ4eu4rhBEd?{(>x3~9RPwslQ$N9tWLuI<(X4qK7sz^s!v^&3!u9Nt9 zuKm&K*L&@Krt4?@$gi)ub->oO+SH&TCRSY~o$JRMowsHEb8M0ya{u=AeRy%<&KCAl z+xQrs?dEU4we@;S$+hVbm(IL>@?m+;@2mH_<_np;wLfB1ktExe8W6$yZ0G9xlH4F~6K%;{**i?uh3IyzI;Wlz&M3|CqS;DBDKGoRd>5o^ZXkvHz|8NB45B(!Q%-k9vwSD=06` z_Pw-R+O&AB?}|v-wCTTtZrrYjO{q1QInj7;m7MljJJo-;f?{v@=Wbn;E)ns;wNz?z zjq-)Z**rQ&!x@yMv-$vRC|I_|)`BBR;>)#T$?)+IA@m2KT52^FfmmRn6n;0e7 zcwpVBXTDtbZdooaXaCW@G}B6=;@n5WXKRCG);ux&tM}{CQIqQI%r$Q&v$=S3@MQ-d z`ls|G`$4Vc(kpLL(wHUgU)ye)xn;lL4Q`M1b)hj#Y`g{g%zqSSue;^WyY$TNtNUvB zuI^QLT#%gRIfl zXW*#gs&W39e}sFzSY(Y|rH*lr-yFH@2 z>&An{P2KCuci!-Q(0|J~euGrhk05ThPv4Ff^!G2TSTFSB`G@dt{U2QKnBP;LsoHWv zy8VRBtY3Bdx0WjI{Vlp8%q4)K^kq!{(f55(%lk~OUDhvootU?0vDT-mU$cI;o1b}7 z{qNMGu2{bChw(@MGf2i)Bwasr_Tj~XYfB6wuItYCdXxL~W7vK}?|eSbe9hOw4Tdr8 zZ%#hiD}J!fZr*=}BV2KsY+O@V6uyeSz14pFe$(V14JrkvE;|{hHZV?nr#)ZbmFJ7H z3x0;*L(lXw=?hoH9hn>KJk?R&Q098*gKqchy7PmlDXltHk#}|Z!Wy?9)sJ`bO<%6< zbD-wp#wTf8y2fshZU&#L>(pT+i zpAs*>Vl!j7>x8Wb9_O>|pU=;oC3fuFbEhi`pL6rLrcU_U+wP=&?R454DYI5f&Dd}D z4)qTv?vuHe^uhGs@}&(tNtGoScND(-Qg^pEWb9@>duy*>v|SS`fcAF znDcYJ=a!G+OaeO%YBF&%gd_~CH9h)WyY}T(`!pHG8^5Rjy+$Ft* z5>+MF_wKy%`X0k|(_FpV#}-F+z2khu!}a$Azw^AW59SMQnf=!IXt?O5x} z@yC6Au{}=l+CRCC7q`T^z1;G;(pYrv{fNsp%wJaMZT0njwD-}=X}_j!a#v1WRKhIp z9INFiadElsdDGvni+*H2pLJ$J$b`ioSJ*KgWnH$m)btAL;tAVN)l0qjXI2px&v@Hx zYTE24x7eOM^~?C-`QY@F3-wz|HB|a6#oxa@R&{-T$K1*88=Jd}cJi*9{P3^+vG${7 ziI?87|16uQeQyuz$5q<9Sz=2%`xsm&&ykP%B&&ZY_UaMOP2gAb*P%{vxo z%BT18Y0vt>xIF8FYkA?CjLWw+1gubxkw3Io=-IhT-|W>s-Led~ysgA!ANA^Vf#|Bh z=d&~C?3@~7YZKh7S}`YV=Ev6uXH7kI+vPITamJZ^+D_jevp4CcXPaE{KE)yJBop@Q zMU+(SS*a_@%XF{*(LQabTVs7K_{g>E_xL}wTsNFQE4^7F?EFsA>s`yc4+rhljGdXV zZ)x1--qch5KG)Yx`4RW(g-eX-O2yD3KgZ*upWoa{+p;}9aN~vdvX|d4*p^pmclGsl zIjgHRybn3v+xRZ>|D?6z>tk9475m%Tbwp)c0KV zzV@qD@m*VNlU_x8b3Z9->6v>+erd!`sj{WXI>8nhGre}QZ?F0gD;&OUXNT%QQ=ORf-8R)rA=@Dr}V?`ebD|7v3FMH z7B1V+sJJ_c}v!_-urQ>I@eO{W?rcOY^Dc`*GtOHTqpdk=ThDt(~r~L zK9)|q()8~9o9#x7jRGfc`9BW-qh6bA-t(qpZ_$?}*ZJxae(c32TD4uX z6E~fT4=+u+x8n7>eQKFSS=-~7uf~SI`7mR0@SJp^{|ubRzpn93KWfD`N9CH^y0mL+ zQeuuv-kN;8$58u@)Z={`FU4+|_q^Ma&HC9tGq+sEIAY<+sm8qrzA3Nu{P^zn!*6q! zytt?LL8o7BQC?!(Gut9#3PJwSB#>x9Z0%U9&9~e|x2j!+d8{rNoI{-xFQ` zk?*$qjxAfRCQcI0>OSIo;>0(#efB?=fB2gF$8%L>5v%LWCEL$CpFAP@?f8-Pk`>Wj zAKtF96Y+TacuNaAL(|dSle7=)Gt8_L_{e_v=GR)YKi=g!tveVb&R0EY$<_7y>3HkK z&#ier+t`jpwDjyRZ7u#ay*0Vm_UYb}eR1|>hu@dJjNZPHBPpRL%r!?Q_?_;|Df{(Z@A!$C}8s3pcdB+46htTH^xgjbGLs zj;gL$m%MLlZ^O-PDfv;)ZG0a#uiTs!rM1IABa`v{m-SIS7oUf8TmEN|THaA=t0Ze3 z(wr3~dz}60fpyytZ;Jgf|3G*3s;Je+gj14tGWT4IZ~MACH~Q>{;~mqrJ_^e0<*;kp zJUQ&6cw^rE!`oSVJLO+|dfdRdK5Dj~`t&eeqkY@c>*eNr%T+!oWG0Zl;@NDz?uXAl zta`CsYMI@=+c5@DOiQQTN~u%7AgRB=dTw2q{Gn=tb$-7O{n{d|Y;{ab?OE8{<}2a8 zTGK36xjQ%R{X6?>Zcz4IGu|lGY&R9L$*dEuJ#YTU_GG21S`JX=ZBK>YZTPxI*E(YBhi~hP<=fXh4VC2HlX9Y3>P2X(E}x&b=s$&w z?VoQhYv!@v>CV_|?0hNxL(YUB-G{GFSTaFi)1heT>H9^if9oHUI`?~ar`fdJqcX{& zQJ*6|e48!U7o9fii-CmmvFe`Cr6np`t>Oh|OaEu!-?wRU{o*^HJmgDPcgsod{BUe_ z{^R`3YgS7)oLjto<$C`QXUw9mH!f>??=L9UFp-%jc^$_(>%;eN$tixg`mN!i64z1L z8GlY0xn*pfar;8q^1?+Yb9H9TR_uBubbS z-bA_eukGjk(G<4BVE;+w?JS}4-TS1sUp;cmtm}}ugRGjYgw(E@jnkI8-g#W7S26Ej z<$s2U>X&MqRo8@Xd{nMe7xqW{jM9z^Yh>T&>dg<`Q^YgrRE6lPe=xJ6{=0>9q&}?;KTx&3{e8;zu5+%EhjZg*sO@?fC3sO-rR&$)cWc)l3V!Q$ zL-^Ffqt2;IUfl{_vP@GiS+?BFH6~U(c-MwR6<&?rHm8-mK5|kYg_(Y-cSXs3d=l$E zK|3^5CH>81leK$Xm){l6JNO{Mnn%~<^`w_UrdP~Q{I1HWD~!2%uJdEDciGgE-_bWV zH(i|Pu_m|J;iKO3J>J^0%hccTxn=(L*jT+%u5o$Yg@lK1q*vc)5lD@e%Bmx%NNb$oTwv2p+ zPOA2nKL@&A?Gbz!zUzwLrcGMzLho2UM2i~D%J8z1o@ekeZ25;>mTK3&ym(|^c6*=u z+Cp(Tt7|o`mU}0hxZUQo(n9pktsmc8kue>JrmA(BK57GuxFOcF3F3_c57rtJzV%)anHHzbmt$_SN#aQaOl%rt0M31 zRnNt;PoBK@#(%-fC@b+cQ{Aw5!~YCr3qDAcE_*7bvZidG{NKe}V{20{-F7gT8a&PR zZ}x>h#?n6~KYaS9N^RNwjEb70ZaKO6Ss(ARAKv)l)|rVhde0QzDlf14BHuQtqN~>G z-F>gk^~Q;=3<-SMlAms@cvtdIvW;7swK+0URhv!ngUEbehCS>pdcy3`e;oB z^TYQYCTI1_mexdgc$Q3`!!zr3j*b3;=$cPA*(~2^&-D&2mE|jTxvcY5$(gCyW~1oV z+=p{j^k<6swC@nzoB!~v-8+MA>o#uxp5?K}?%Mp?k9{-Vdu~r!n3B-T^>Dt?p|Z#C z8>4R3w(gx1-O|M&`7+pZrDxhw)tKB9hq+Ge{TRE$ndd^^9HWq>#ml%}J*m_9c*IP= zbc^-=`^tL@t?u`|+kfTO!pY4$wkyql#OwGq#wnV6w|TYW~$G9>$MT9IjhC*)uGEim~Bp)m)5UT z(>$qCt*^y(`j+=R_ahFiWDHk$yv{fB%09V&&-?{#SEst4vwh9x>mPEV+q+ixkPP$g ze5P$S>L1UA?ur!-Y=0~Eojt)W-tz0pE#1D#vnLsfK0dzja=P!`mkFMCw?!XGDY{b_ z*U8_Y{_)td9Fx0x1=90vCv$19xm+hx5qw}pQWbF`Q9#_U_V_Q(9tiEo~U zw#n3Na;mz>vCVtt#iOZwu zvt^$9#B)x4MOsg8O(*IsC!2j+@}I#l{6wqdox4~6cqb-4{Lk>VH`!**FUPRT)*C8rhJit4da(pQhpoPnx5=Z z*A^>yI=v^jC&w-=Cc885nbyXJ!aiHA)VVr89_*`2I?lBIeEPDJx%>Tg23p86t_u(M z4SpNv`@1sL&qB89vT^QQzs--dqwBe%_n!UmS@)^EQoX?UHL>AGve!nd+$x)PC_E;0 zdUNQPx0ZQ2d1+TtVmBV2AoF$A>c`qMle>LCTYazVA8S2%q0eeQ@^h} zd?=o^M*hRr#q$Gp_@3}Tubndg$dzKHX)7Lod4KcS`{QwO%hyVpd?+|3aa;1&qusXF z2WPoAyb1T&9&g}e)|O@C__5x*O;h2+lSjVInJVR?{fUoHe%=0Q-J4tf1`k?aX`3zi zZq_5zx#riL@ZW1q8G@9`7TmoO`rB4^?U(yXrxaGrbJef<)&$9wndi8hniGx5tWE&0g$WqR2CgiFggbH%ybCD&zoZr&uYrNn$|yimr< zZ27i7)`CSAvjPkvu4*5h?y|u=*h5nMeahc^ThG6&+Vvw#xZt70 zu34)e@eAH~vEX>lY1NbQ6B$>l``+9iyC3zcpl%zlk)mAtgiW< z+^zU&5wGhTJCVjEFAa~|EqTDKsL*P9`cBOK*f_hzYqRV#rp{I~xG6ew)oHz@=C?~N z?=C$T^X{l4>(wdmx7`Ypc`z}`ZC+cDr+EHW3FRE!ja<)H%4#i~p_tiJP^+2R;>UhV zRfXqaZPuE}do)gRrMl;Q4o!&(y|7)pRXJZ}f_v0tudeJbnR@o^5@&VWT1(5BUtJgb zHg8+$R*buW~XShZ(La|dOE4vNo9=zRq-E1i%R2^d ztgg?0{f}$6_e?#L3!kG)ofgjtZt^bZdTN>dyItq-hgEKwTw4r#zC8ZC@~g(u%pQT2 zue&-TZ71GWRGm?>mPsS2clPEh#V40W&a?2|An|@yGLvIkXMav}n8|#e*Yh;4Ji7el zMZ~e#nq$ff&YKEN>N4rcE0bsaqr2iqe}q))nTV|&Pd4){H+?I#B;Zh(4XeZfQTM}E zadRKe<&qWmYEU~OmppGxR`l(q9;b|Zg!{B7W}OxGl-Q?y^+AJ-kj$4yD_;hzTh;wc zkF9vt*79_@g{7VCr(d!9bmpcVOz;y4+vc#e%)ij+WmHPr&ANgej_+f1w@o)XuX}CL zo6jCMPrf}{TGg}cU7(aE7n{H7#7g5RmFYaITV#LFQYA87N^R|koHW=hp_sn{|RW{%EaxUAf00aQqA7}CW3@?xgvo;ki@-K5KhuZfkt zy0}yCgz-^zyO!16$(c6uwbzMEC}PjLxU*i(v`NY7@iXPUc9(7@_6E+M6J)#ZtIj6A zy&Nm5rJ|kY?3ggY(QXOXsq24&^B;C|>Me`Er}ghm`lQOWzF|*Itj%`M3y^I;wQuXw zILoW+ZTw4nd&JAwtUvqB$vg8@TVm0p?@?ElUy;{0dFK~BchRo%Tp2G@Gd3BV-duB2 zR?|lK;fgm8lpY#YJ?YzeA^PCc#aas(D%1SUe2Q)|UkNBVKe6#k_C(kXJjt&b%{=7Cn z6eaqfp|3P~`RxsyER9Q4s>;@-)eC0J=QUYJa(kLIuzY>Cuj5DJ!&q(43rV}8O}pM+ zuRX~;Df9eYSI4_EejVKsrP}mz+r~wk84MPS&dgr!t8lZY zkFTP$J@hhE*X-JQe8!&@Hq1Y+duA!OUDsK_8gq?p>Wb(iT&E|nt6Z%YsyKEvSEcJ( z5QhYh^|i9xM(0QT-8MhsjvaDf&wBW%FGeh>Jbl{xusMI%JvsAf^7*RWnaji{SMyKp z_@nhLO!K(oFWD8lC3o1ei(Y&=ZJ&#qsl@xh%wH)23o<4z4~{DPw(1Z6for*ahEJ74 zA|Bgos^43-b-U3*Rl`?VSJ!q=aPHc$?SOFe7S=B-cWG|o4*2M?FRID-{N4=z<(+SD z9_C4Y_xp^ zk++R?Qvti_nq3iHJUforM?Kwbwsqn}wH1-`EZL_mc#v|S6}*Z z_^nagk^rI3XS_$M(sp*{=jv=ddGE^figWH8MKo2;Ci+^;{oenjBUk8NCfh?DuLq3> zP2;Wy*DCvnef+b2bD@0P)Ju0FT_3$~m-6pSaZ+wmikCg{Hm-DicGX5S+&Y_w-zVJvfiYWqx|OQ{Ym#E&+gYFI8b?>V zMyez^%egOD_xn&l+^ep<9A(`ZC$xhlwP*OXezyz%yUZrBP`x8Bc{fX^szgdy^ZZzKZT6k|tku@K`bT<`)n;Atp5%DksrYE+@unKqbrq|_qpPJoE++q6qJLTR z(y}?ePurKRytDs7wDwP3ro+s~*8WK;72RDSrSe-!`EB5J`HE{xzHiL9_SkJ(ujJ*Y zNn7q}-TU^r`NE@_yM)W!w$9o8ul8d!7|QQIho%MXxy{9`fXdt&#MJm zYZte7@Oy1~|0$PuPM>k4$ITow@2A@jGq_(`c{j^jEmnTTvRBeqjG8CDo^^EZZb8`v zb2Og6KFb{vlHb-sGeq}|8YN3{z_ zFKM|WGKt+}zLC(+WA0h`^EnE*oBU&fI?bP$F)+`|l2l$ib%J>Cb(yfaQ%|i?b3Vb| z6XtEzc1xtOPwQ;&jmV}H(Gz$0>$ZwtxWw`H%iE;;!IyOp#;(u1?Jw(EWM?cF`e#DN zNybgu*{&tif?1pyCRAOGmy13!>F38e)BL`;uUJ+vUA$LVH2uKYu;~#Ri}jDakqNEM zdw5~Ooe7m|B)@VpZF(oO-RIhs$7c$5tu0*Ic`Ge^C$Dxd6|(B5LP;AO3Z@^7J#oo(9MFv0*!x zMrB)Z3*4{`-&-v4TrBe1)bG3anUA}R3ULfBiUZ2hH+2_r*SXFRtq1WV|kN)nm#wV9ni$z5; z=r&KV3Yp;Jo!nowLM345-HC7gJx?5n+hUm!Q)X6j^M*`H^1ba}ZZ@qmFN~Snd)n=% zZF|-24f`3G=Uwf$ZCpJ!bni>vr$_3eZd_hhw7~GWtZ&h;)FVax2K)Gz=0?Qm8Jw{Y zU21vfdBK(YomYjmPndY!kiPPG-d49;KeXNy9{sb1IrPWu}`Z+Vma0vEK7% znj}Ngrmr0glh19JP`|f!!8y-!?pv)QlIPhjt*YCaRV8tXbIzJwGleS4C#0lHu27kO za(a!j@;b(~d%X{TyvwF#`93m#iErAH)^nQ27M={6vnb+n>6^*IO}4AvOnSN9!`VD; zr)bl^l%jXH`)suwOWy5~X|N7m)o%JmZ{@@F{P$d5t2k`tTfDW9Z~nDr;Z|LZ z%7&gfeAU-GDpot~yYzgTthaxO!l#I&T_3(axVJQTwO8Jm-{p?~8Jf2L;r}sFC-_g; zkI3TXS%#vwS7a)dvwgMc)4uVg|91X2xgVDoyDzEuek9N)gFz_f@TSz``)#g2={YfN zUEHlFtC?R;j5Ig5YTeRnbYjWI6IveY-rwE2@WP6q!kxc^7yO9(&*0-`K2OUtdi(o- zTcp%qO*^-7uY^o z-?BVPc;DYv!@tD0?bE&R;J4lEM+zb(a^?RS z;yU*6z4~D0-o5{m`hSMF<@Q{EoEGH5op8Pxa&Zd1rKYARGcNm|y zoc*6+eVFnEI~9&^M^|eL{%7#bYLVx$@m0?87f-+8Rex-Gerug+L)!TxJZI!!W z=)1HJMtvvdyoeXGTKl+8=!*Zt``taB|1Q)Y^6LL5Am4d-*^Zz88P;uC{UE>dMDgEE z{~5l2sqghSk<{i5Q~73PeuP6WOgHT96Q05?bFQziu=eXTS#jyz@j@;mn}ugtxreKk1S~$D zo3KJ6A-9`tN3H+SUHQ%H?XDIJHMQICk$)UlFn_yvkN(U_j}PZ8-v91w!G7U=wm;gB zJ~{n&(kYIEhrTT4oqjFod%xR0E$Jn-^FLI7>)ib@cJi&8CTZ_V5f&fj+I{^6hUt2%=%EYm#CaPq8Me;58|c(8cZw!I&+ zgD)??s?emsQzO?uBH}!2>FRSjp z`ficVSvk>-m-cPeT&$zVb?MIMtbMut6(2*Ss!yCMW$$mix8%e6_Ai}@Lb3@@zMoCa zuDag-)w?ayd9`q3&-KuUyv9yl7o*cpZ@0|4c~W`ar9h)U(F@Lt=uDfZctCk!Rr=wx z;zy-&FYMlUz1*O{kw2*7(0zwl?%{hf{%ZbXziiSS$+CKV&4TCF8>23*PF>iu;LZ7h zjepnJS^p6C?DyaHqj$w^w=RZ0?&pDT4_GX}Rd?$@!6{%&eU6mJ+Wu&yZ1}%GyHMw_t}qb z>vga6f2y2pncTl}&F)$uU9pp;(yO=ZoOwW)=#=hj^u(Q!U)Aq_&;q4YExS*_tdjn}d1T({*{lB2uM?;$FO1=Xc?uVb}F*w~v%n zO;g^LEcCeHZq~Kg59bU1c=U-o+Sj&6Tfx|<&v4$?UayUd+0{xDGfu5_6)BHrN}GLn z9>?TR*Hra)jmNSVf4G0lUMx#$;^ieJ>+9#d)?``wE`Ghx&%jH4eRjB%?($~2?|HZP&XKQrZpRmwb!*yc zm0wd&?@|09{&CfQ(XaAv*7I~MnVt5AZ-3O4zw?*PyLL2xL1UW2yPs{2>!SRw-064X zp8BG8=5L+MIyouvj+*F|F9oHmqfKw9$27Qk+WcjI9&i80R2JnDis|x0#R2F@4y!@xfW)P_c`zB%?c$nJ2!Cm;7=2*!Exh_N1Agk#j$taD8d( z;p)<|nsZ8%D`uYDEBW>9`?uYuOS{kLeK>zIbV^^n)u(vTe^>47uA4qA7hCn3AxHF% zzohA-%~?DuA=3lOBqW2b?tGZ5mM@rHw##*o@9*afh1X|&QEYBCd2%lMkouMToOV`c z*S~TUUzW6sEy^)%w2E$ z8hC_VCJ7rePN>`Z<$a4=?}zP&FPe=d?j~Gt?aq} zo%<#y^Woto-SstxPJcF@R~%RTNWP^^ioN66)}1@`_5N8t2-WYnziry?58s$qm}uS0 zvdvvKQ8Z=4&HTHrDR&o9L;0Kw{~7-4UXpL_7?S@d9F%6qQd=9!OiFu zyLKv8GyPb%*zbbLNr~H=wcj83Iotl+zSxiP$M1JUb-B!wyL5}efK%mT(5;%nAN>r1 z8ww8a&k(-0?VH`hUhi#RZJ!_gB{%iKe+Kc|)qWX^<|eThCELDk`ndJp{M5y9uXIjH zZhCY0N5AQldqzJNe-zZ)zioXf`>k*um7HJKE$-QTJbt9&$%QSGJ{$ATOg^c$V;<|N z@E0YQ*FEHYcf!3}b>Eex6O$O7=kAdCy59AN=Q7XLncrvaTbbdzYXbL<$1mg3>f|a8 zAAJ5+PU-T~2Kzgo!&$Dc{-OHrOFh%gm$zDf^j#0!$@BcO?CTg;y(*b4XAQPq$@+YD z?!2k%esCY&w(a8aoYMuD8*H|on&AI3Ztq9qBfny|9}b`G(Qb5FXxYa<$}+Pand-Ox zXW+ec?@&GOk3-i2e%D;Oq^Xg;_DAbOZcjTo*CiE2KlAk7iRW0<$@dj#pI_g8RL8ov zJ#L%OHnlllFV3rfz`dH=)9$M1^BE6|9Bp|^cWr;my0Svuqd5QJO#L#R-kHyK{%2^B z=il<5f%Wy}`a@@~uQ(r;;k624rAMcHNX20clQ+4B6|3|*+56{g`G?`{ErmH+x>6FqP zMV?xVbzL)LQoZ(FoWr+{dHT&mW@;bpyGvK($Ygx~tPwbs>v;3o%Hypj`O-h;9~I83 z)7@6g|6%i_@{sHDqFdH7=_`FcBK9feas3Rw?7cr~Kk7gH`>gr7=UQjg(;oKad*r8W zt;qV=drR}2$ja@$vhvOPIyUwTY&RWa=_zRVXL_{8=gPg>OqF=ft#7pKYaXP`PmC4) z&(L9`{it8$Rbv*F4ZIZtr^vy#})rhJDUA~*VrS!O~5{gfZ_A#&SM^zD?52o)g}C*W}odYMUigI7S zn)t$0d+VnE4917o{Y+P{z3H>+#w+vU?IAziYO`nT=v=pzZT6K%yENa~-A^vJskE4` za^3dZl&z6@F(0`m-Tafi@@Uj?)$Mz&za4DSNzr8$$F zUS$8V`pCMy^-p~A>Q^0`RD!ex{#uxRk8iZk)W6yPh;44>!XMoStz15NbWP%1JLSoj zciNv%9}S+JU9wYxv2afL(hvU`y7a$TM|_QzypdlgBK7&>4ylN#?`11|q8GfWTlnMt zH|@WZ>oh7t-!J*T%d|nZuG9+F*B} z>%l*%e;58UNX$O;nswQ(*Af8?ng0Igw%QnfG=I!`y<=YHpOBhm&oig@Kabb6*?4HN zm;0qlE0%lD_}G6d_#a2Dctc70)jg^o)vkTyuvVHW>iK8&qx{bK8?GPmXFq9lG+kt0 z%?A^M(QKItu zL^Z3u%Nh)n_K3zx9j{;Ez7O_y z-xv8OA5**h&^*m6I`T4GmtHvB-h!eeX&mHKf^)( zf69N#rU&G=-I}{tT9qeh-^5^r=gca7*{fpwqYSn@nmOr^>stSbe}sQm{<|E*D zbNt)4U+*pd;2l2e-gV2}TelgxIh;Sk^|9+`|M7T+n$ibz-D2&dKKwnq=fXywNk>BZ z_CJi-f9qzPTFlm!H#cu;lPe5gc7DGN=+35vAHH|hM9rGty=A73xxjjrpp@M2>sOnu z|Dm1#X6qw+hL>jZxIb=P+xvCv{^><&3Fgn&Wq;VZM|r*D>F5(Xz8wwSvHiNvzDSj+ z4t8H#efBFKwN*{tCUM5szBBIl+ojXrDlVz<*ld1J=0|6yL7KY39X@uuuWvxtxW29Y zaQmTA?2CUEEw6&&PIRg1@K0}k$1nQl=L>m(J>?HAU9UAi;@%-qV(4?K-Z^%E%l;hx zzBswP(MLY6{n8q(v)Shy{{!EW#ENRJr4_y=ar#EzuGr3*_}8;S{P=#Reab(}?}^X% zo|P<7uuO$->)elW`om1Y=P3~EL*nimmXJDQ1WAg)T*G>B_ zCrnrh%ujlqA0rdJh4e~zagO^TF{+ek2W0r@V8?3<*tlRD=r>h ze*WCW-@$CH4;SZ5ih6nNsTuEVhhx?u*SJ$Nq`2J~(x;yH`t#@S^!f+O_irxm-nw&r zP5j3lH*R`Lb*z1tcI@)oc~igao&VPQxAl*Hf2-vU|8#C-De%ufxjX27A8+BK%&Uji zKa{J#svNes-}dO=MWwy+p&z&ZQT}|t(#V;s_uz)2%GY6aj4z|qCa;oSEj?r1dqF>s zryJv>KR!NQW!}40e#;Nzc%k^_X+<|xxDNji|F}E+hwl3Gk9g|?qB|wtrcC(Qd~07; zz?9pQ!_qHZKH&S%QrK?u$36Fi_v|~~shjlkPO56)-)w*95Bm?FTp;}Np4{eChJ-cA zvwmJaGGBVpkKLCus@_hqdAg|7Gf z_@CiOZ2hrWQ@Xa>E9Os0-)eoRj(OfcwP}Ap&vWywyegVkm)pPa)P@~A+nS%(T&kYO znff6*ep8xqxRG%w?^(yyf4HxIt583N#>f9NtlD+>w{wl{RU75}N44w`eG%`H z?@XL_SpQ1ddi9Uz-!jTAtbcMpevR3>0?FA7*Ox}RweQ-RelBrEl3}UL@Nul;fTq1*MsuQ|*0J8e$Ju(B`HUiI;K&lc-H+uEns?s@RM zaGe}K_aD!X$Cmz`x={PrXBqeHiksiY7)*J0r+;CuR>0DCoA1`K|6uq1QN8rYtuGb% z`fLuBrQd&D6F+vIec$>=9C|iJFSfP$-l%H{*IoFB=kM|_w=;FqcJH2kLQ-4PQu(&& zX9)kvTZb!IWFBqt;|sT#t9JK&@hkrJT>%?EToGX7G2=ZJZ!z@OYKQqR#AU6Tsde8ZXm}xh>8NJ? zJTrG5=}#}?QoTe&%T0F8cb$HHp*PQpzf1b(e7S$~Qf(Zk>5|KHuNhA}uvWu{Emt%& z=fLgbch+y*CtM@3W&XpurR%3f++wv3=#$PkdA8W<{6UMPYF&q$%-Jhf8u~OVm@ho; zb^rUvI|me*azF&k9Zd6)_$vQ4-&lbusBLi;m6!ZcZEY{JI@a)IN`O8 zKk6I5Xx$k(tqslp6@tc_5E-35v#CH?z1amSLMdEo>$w~&hFN~ac^YQ z@w3l%{JM0cD6p@+^N-%Pzl&^K*PdMd$M;J5Mu82|qNi5(RlYu37Ipp2=ZAY!Q)fL6 zO}fNCyMRUbeAFlZ{`*^w{+N~A?dR(S{#}cg(fi7Fxqi$0wU^wF z9V?Sbe;w#IRmNp$c}ek=Zx_4DH-EBQ@}c}detT5g#=`U^zWJ4K9_{`z&TZ2fPa zAM+yJra#h+d-OIrf5LfXyUUk*W<6csbU5Dm+UdnzYs=lSBFi zHZ@(+uDze^yZgtd*_H_L`e&oB< z(d*qRS4ei+=wfg32@vl=psyF|M&wey%(u@U#D*19%P1(2qN&YFiVrTeD zFoQ?;?B+k)y;Wj1{Hc=qu-m`i*KUT%Tz?OphUd?G9{dWs-dJb$BmYqG?BBHtN42&+ z&A8BWHBr@T{*G_9GHG1<(faO^V}jX^azPeob^ik^^41kUar>VKUc`LB-_ilYQceH zmwg0|EohZEYuB~iOX%Wa*5cV8?>D^L6Tjf>vWSYdM~BK&4bOAFY@SoAl`YR6RZ;KF zpS;pr=E5QKJH{zy>?+O2v+k{u)BMjcF*@kE{0rgY{|pRS&ntXvRh}nTgsj$fwB?ui zIR9-d$4-Cl7aAMx+03rH;upG8x$8;Je}>HYVin~_j9%VTyBhW=)bi6Ep5*PKPwUh@ zk}v<QzFXFGfCj=c`PHaYz2^C{=-f+8j#t$DNY(wtd2zxS90df(7gspjvi zGp%@i+-ga9Rgy|{wBYPKHrtQUahxCek7lp^_2m2J825t38t%U~zm5@aTDPV~xm@Ya z3BAPWtVMPY*Dw4h^5eZzx3{_GI!CFApKtpd5VBo8ZE1MmO^IuVLl;UPlq-Ey8-3Ku z#O>}owMfPT$FkYIuIbiTuUy{wwbEy^c3Z)5o3y>!kKB9hWMAjo+)BL?WHm2@Z{F62 zzkX#&{oC^Gmy7D7uyYsh?OZGI>f9Sv%WK`iVeS{g_o@7d|0sNDaonU=y0$g@?@2l^ zTdbeGC(LB`ei5sR{D>~sF8@9KSJI{*Z$9q(aAwJEZp*}=8KDOyZLT-pxLM6c7`7oE4kNeG)~Da$zv_E|1k5%@khC9 z;-sgCe{Ps6~f1UJ)152J4U>r|K353-}~oQO>eJZURvSzOxDZS%TUeH zaCM2P@Ra0*=N_;9H81&N@`L>2`P?yU|4z1f2#jNyePcE-dENhTk zwC2b3gR?f2eUxw4igFP&Fr^@Bg&uYq6&oaFewZHAzJbPQ01=AW2 zvf8em|DnI5hOu6K_R^UD3`-_4_MSI=X)Y&kRwpw#VuON5?stzF58HoSXVtN-46SKr zGb&s#C3m-lf5XK$ANf}83Yg$2awAc_u}yerR%H@?e0SEu_Y;!2JAN2_?jj9ER!k*gjmv#Y+Rk#)1khl(=L9G_@wNp3M@Kkn`C7hR^5mGwcJw{5MT|1Ddd`XBB( zN55pPSCn{0b;OtgOY*nVnO)<3R~ZqwJe)~A}!lRVO;$zyfihvo zecC=xzODOya6g;L-B_MYw?u6>O}$aW@WF-q;kPTM)fP|hxt+c9Xs@d7nl%@G8oEm` zFJK6d6K4-A{I+>sd;83^EaQ?)=Vz5y=O3CY?6LXpz1f13ciuj$GmlyR=9~1(3%TrG za~wBa|9HP(W?`#T-Lj2-%je$J;@Fd2sNUWkcdK)vuJNSV@Z7mS^2575*SkD~R4RWK&)fQWisfBz@8nm7MyLO+ugbl%b-|D8 zhc3U`bTcw$LCsqpf6?mTo!dY3Efu|T@xZ-GiGn*5vY+hbKOU!g@mcM}6VJ=p=V|Zx zQM&ra^y79KTcqx6=9qZQeB*)jnU|NI-1*?p(oo|!>u-|i|WA=}{xrOl# zuRg}^-5hl~Wz#f^&%#aY>-W~&{;d?_n)orQmg&)3wiAwhzW*6&esTSp6kU1G>C|J{ zP1?uTevFutJ>Mjye?t9(b!F4yg#R-%6;%8V2%oCAeo@~&rQ>rpC-9#({qvvUNB$wR zs<0i?cYRwfz;obuu5{{r+5YAK8RGWW)IZo;wWLb@k8t@B&Egud$gkQdjn%vJlDGf7 z{`ujWvW&9nE` z8(iMT$Ku&4Be$pP*V})BFNK@}-xb`y7b5!P{s-^Uh zx>@&+`f@wfJvy$DP%n^uW~Gfy{9fU!hb|or>3tZutV~L;^TT(aos+|IUDJBmj@+xT z__uX`{@Nc&60TRL2=d1SLU7=*p|N5Iyk76lv z5%Vd&>>5>9^{h-~9$(4VTGw-B!jH^e-xjBRHBZRh@a`hfNgf+2zl%QJ)!wqK>FIs9 zozs+e+ohz-ZGC68zQsnwbm!W&s+~(Jjm|6)o^>t0IZF0e+sWM0ZJy%R9S@`)ujTrx z<*C=c(pj?kP++)!@H2kF`xT3l6t2jwS8i>KJQksw8(H!0*W<(L-t7^sxesGF_(b>HTynAfHyNHgv{qa>F^kpl`j(rcE#;dyBTV{4-coSdtq$#P|pOrVw zGivqC+`R6?(q|J@cYE93*|57*D?9Jdv1{KxDsQ_M=X=I**PeCfJwBE;>4^0z#vSr2 zj&*M{U7LLP`-Oem)7<>nY_tBYJ+I4mbw+Tj+UzU8tPkB|{U|$kP4J!g)r%Hrth)1P zy?yuBc>Y&Rr#_wXR8p2pvyjc6_apaX^uh0n;jz~qZp^r%Rrx75?2m8RJmqV9Bnuy| z{3`u7@6N4N>F2uw3aS(Ow!U#{xvH089r07@>aveEn`2J4)C=q}?*G#3XJUWHM(XmG zYg<;|E-cNhl~$CIz4}RQ;YR^^(Ywp$*PC4E^gA|T9$WT;i~Fn(E<1E>y56LZy-Qzh zxVcPAsBqHG7gtVvDAm+F6qdgIkK>QyOMb|QZNK#Wxb>NxTJ5Tp%YRfq`Z{mJ!ITY! z^JcqN_|E;-`?xpZ)$TY;?)0)p*_Zyw|0q7pU2^em*7uKAE3CIC^8W}cHRf^k+I^$= zv_V9T-mc9neoWMwcht#Hi~TP`P)n8 zUN079y`^@C;e377rEAMK{yRRwS!Tkn9ZiI_Is+xYdd#&`5wW=RK37Eat{bBKJuhILUF5WutlcwpJqWgmQy^ep( zF{@MG8@>DV_1YPC{FhdSZY-R<$^BZQ(aTF+xi6wW>~DX&7-0wD!lQ$A0|}|5QDjuBYyKU`M+} ziNe>TvAXM$dnc`A_kA_5ZU1p!e(#SZ{mZ34y)Mk(C@KHW-nu^O^Zhopz}m|fbjI7Znkzpkxq@A^{f?K7>`J1Avhu%YO?t554RKkhx>{3r201E-O( z?Y0FjRa4R}CbK^+ey4SJ=T_50sbA}sJr-SL`=257!HV(qw$z^z-$j^&+pC-HTK|-AOWYkvP2a`Oom>KcXN1TU!3u{o12TB9Yt{6HL-q zX}vxE^Xq!89|yiwE$>*z*39jjU93M_%wJ(rk@h-K;VQXO8Mfx_|7$z% z%hniQix1hg^WT|i+M+Y}ELU!ende%%dg;okQClu=N}u>zN_WqZS7|oN#apVvZC6B_ zPI;8=uEif;7}vfw;^fi@iFXR0m5N&vtirWdRn&dEbvFOG`iZ=N`A@_BmMdR*IO|!I z%(~^J%TH>Zm709+X0q+y*U?Uwj{ceSqfArqsX?divcN0FpXNuMy85O1$<(bJZ@(?> zYpL6seJDIt|KTjnBSFV*eC91bl)vz3klbsF-tq(AFJ?`zmOr_xXOg(Y`&*lD2kp!b zTu^c7%t`44)dMmM*E@dnKC8FuV^-(3m(d2EJv!ZIi{(@{%+hXB+a?!1|6cv(xMO0Q z3OC!V`f}#_byIzw8!NUHT-Kl~2b=x1xr_jl8k zDUzRR{6agYqDWu-1=F?P-i{*7XFf|5?EPf>x+-1f>blCZiG`2P3;A7e*E#0d=Xb$f z^zzZv2mUQlBKH(NEq`u}eWefc1_L#UOyI<>` zkYLi6<)*c5*V@>-Y*e;aEy~JUq`f@wgiNjGKgEk{gPr=`T~eF}#Hl8;J^kDbrf=aDEg zo&QnlldgS4f9Te&y!izV6C<;?e(XKgo}Ku2W3|wos53XWPqI7wE7bb0^`Sboi;tT$ zV{|swEa`chwL)*%+L)(b=32X5(|NMv(k+$g_OHD9YFD#ITq}8NCOJ9w!xqclZ3{yV z=3G11{o(X6`&;>?3;eeVZhYod)^+it{o&Jl-JLwuTJ`lGO|DsV=ea`Fqiw$2Q*S)3 zJHE`5r#!5xbSZsZ#opAQ&?8OyX);lF0pV2(+7oGOfe}X?IjCkcna^W%M9DLJy=Qgl<^ML#=NPko^CzSRjzTr zVtLesFVA*vYj6MQG;#i^4ez#|u8q_G(re2+Z>byqwe5S-Ce+SN*f7EZ?VwH zd=@p|2U|T?C9gG|@rXYqebz0XhcO!&X1(}YuXg*O*!6q*7as5LOud!b{a(ZN^@P3G zb6rmzFU?X3ayzhi<$9+NpVqB@uzcgyl5KtFhqZP-sFDf_W1jz?p*8Ts>)873ncst> z+XF(?{N~+UVJa(REAKn$xPQzNhgBzTzz2n=nJ^67T=XEdlyEZL;-_C!pif1+ZUDRK{Mn3%dl8njL zi?^PS@|%)V8a%IkOY9$=>!mHV?g#JbT-LwJq1EKL*k(6>sHwA@9u({B6~48Nd6yEu!u1Um#gF{^xBjr-u*dU}n%Nyi)$`2vHWp_1 z`EH)RZU2XyrwgWqwuL^N=Erd~^GCj0*T0}^E8Z-5th`XPJZ|$3)rYJ1Z>d-txMb@7 za-%QmS1x5mE!=TQuAcG7tUFEyqQMMZQ>9yf&5qjMux8!lH&Jc#xs^3orb;qxF8Ry; zu)jrp+OPYEC)}~!&Dvk|ocDE%&9?sxQfu?1-rbIiUXnO1Z1SAClGF9#75gsNZdn4VcYmMfl(_M$=(G4+aR$B1u54ZF^;G>l zhv&1s-o76>v&(Kvc1|tc*j|$z)G*JAx!j%m;d|lxx2Ns> zs5)WRJ(E+LOGTG2%d&Fs41M=yr<}%lmF-^r0UvJN+dr-5bjIf1H5N+!;uYLSe$8*X z?e-&E#p%7)`3(=Iepx%&O*}+oqq$BScasJ8J z^&%#CW42$u?u(}(??TXV~Q zTb*{@xl_9RtV}wK@N3secTzRpuY2H>H09^aSNvX=F4+Y9+IuEW_R1UHGwU8E8|uZ( z`qIn)&FO0C%*Xq$uD^Hdep|+r2Y-31?Az+Z{+Rtp`OlDjd5uu^8J<0hi_@=Eh2>>0 zj9z^159@EEiiuk{ul+GOn0L9qxLJ;6%=50dCi-o4j6X_ZGOr1`etzEJ@n&q)aCb#^Q_7cQUv8lb@3|vRBI5O}$!CeyDSCU+x4+*+%0eI zlvFoszk3UU1AX$Mq^kCJuAOCm>5s*0oBs@DLG7wlSM2zH_~z$U|7YNA@5#G!YiHUntEIl)N2Y709L<@y&tZ9kR?fVR%sX2j z?eEyNyfd$UQ%<_sw}KTBi~3tbMGt4o8C>|n85{O6b*J*eCx5f5-+GDUE9NWrfpW%I-?tF?P|Ro@PG zmjUg2v_5Rda&gPb)~{zW6_qug@l1?m-Lu|$i+-L<=662}lcy%%47cw|kIpQ56&_g> zD!zbuZB|rk^4h z>17u0&pMZ<&2rs#_uzcVoU+wc%T}_@mFzQTJoR;r`;{=KBm3U;6$fN^tNv%0DnGx^ zeQVOaA5*`o8L}R`e{JT9*PlGzN)<31)3$8MGiqPI;AO1Hd#}wXEPpk>`r=RCK$bQ z(ldi~?ks%#Q3rQz*=w}rl4jx@roGxuufBejG*Ek3@#JsjuOP3_Kjjh={JGq+Ei-yw zD$Sd?#D8V~CP(3v?d+nj_c48VA}4!kf+vUYlqXYH{S*9fblzN^@}eW$n|froUP`SN zoKvz+(sNsB<|(7-$82wpZ*yF;vwn;IJD!c_7K(1}x%}R7>i21fp0m%&5&P&aF!4hF z!qr`dCW>8tk{63#dKPm`GJ17D@a?}^t!fR)x8F4slAAK8I~?WKOsET<6B<)^=jhHo z-kOp#KCl)=JzH40@?6cDRbnr!uPs|!bLrf*KRhLtYnD4d-F)n3qHjiYU#rR1$#p+D zVoHzt=JPI@F2C2p@#Oc{KC{G_pVy=mhd$krJmZnPXLrXp_cF_V|Me5^tJZM3uv+U1<%d(_;r?=-wy?dYUKfUsO zxZow}@_C7$7MzwT6@7Nk@VZ{<-^g3hO}UT%GlWaLy|%q4&t-1U+3F)z%l5C@t*E!E zE|k5&*#F`e@72$ZVs8m7C@AdO{m@qJ?6T}*J*?Pg)$R<^aP-Iqm7FJgQ^6ll>vq&{b!;i_+hJ<3JMBYnU)}eB z*&%z&(=BA#mqvYf+x==*(_!U_BI(mszBMtOGb2f6a?iCXW)okOlf`hSw^7H%-U^1JGq zx8tW5Sv3kD)*kP!36$^9SIFOVbI0u)hU+UX=Pm7X?^0JNv%7lyhrZ9256|0^F6AU~ ziBC(sbKQT*OqB#bua6NS^NmFtyQ-lP%9`L-u0$M?pSo!6#B z?{sBgj4+?{^P`N6P_35g&fhL;r8hqLb#?t_%~X%$d!0Dmglyh8$^DkS)%{CvnU8i_ zt(47LyL8uTmeAKxzig*WH?J0Jc$FJ(j z#@laS&#Mm05%$qtSUcCv&Cq|U*E+N3YV#)YmCc)~yC-Gt(muPX^9{Y-f(5tE5?1DO z7iAFto}9ZUbyH#Etu0G0FWxs{Nl(FE-s~4vrCX;oPBf}L>YaK_>(P(k!`V4Dzh`{6 zmW$|{dM$ICbd1@(ul_#wE(wG`UDtNSL6Jd^U-Ybct#87bv$ae|RfC0UAHUFgwl-0A z?`F1`i5IG_)lFQpY-*XzI_HP3rQuQ~{(Tz=7y>lS>7ac5o_ta3nK z?(1B+)=a58_bRJrg()lF+spsRzUA%vudJVRuT;9o&HbA_r`c`Vp{wuGVpuFqdFn2z zCU5v~EBa+Tlj7xjX`e-B>`1=6w&w4nxnYTGe4p+M*)Q|^`sy36*RTGO_t|G-+2o{$ z4R5c{`ly?9IB5D2qeyMpWd+hV(spUCFM0ZG%gp@`Pv>vFpH^-y&U55f*t>s!FuZS%!arZOb<6?)g5U;Hvv)c=;Jyq*=;lT~+b-gdiYs&M5^$?am( zH>)lg9CFjX{GTD+U-afHtHYVQ|K-R}nYUas2Fg8dub}eayWxeU0Sy37mhjxAV$n-#I2) zxu~kW@sFc?2lssAGdp;j&-s?xsb6hx{UX1Sv%cQyo!u(F?DPLvZ`Y^ZzWd{QSdTkX zq1d~=%zs)Rb?)h0U3z8D;f-y|fj5eyZ=IPLxoN}IlzHJo)|R%Orni4EzD?dX>)DeB zKP$r2*B1VhxwvG{PMz0%hc8?YtVz6-!@Ht(F|%!N*4kwD)v7x`s@|LW>}Q9Z*yH4q z#F+A4o#4RDlVdO3tyyvW{lYk}`BAfjJ__9x+cGb~&0xvAZ2rSiOW$=qTHf^d+2;9A za_>spgepdzIB5KLA@}mFW)g=Db9X2_sJ`~T`;W#vxvNXJI5>HCD$5%1rX9?w5|^IdUF+3JTvpKT@z8B`q2=vf-L zINt5!tUG$I+Zi^8y`8tEXLip_+5WW!)1-VRZ2ataLM9>X*u1kM)yz_dqF=;XEf1Kr za>Bdh2CI-;wb!`4j@$g%+AQ*kMPcHnFVEKA@H={MpePdQVoS#o;$p2=x$7K*LaAsb#9 z?6#4b`rcZ3PKm6BUyDnSscxKK~k>0bn@2&d5en`CP$0x7EB4+ul z@9|6(-ku+xwohkKE@O+9ea$sF@SVJcaHb&j4r%mRid=T)9`@93$1P4OjZK?XJ2K#`Owxlp;Uft z@!oSU>`M+_ox5%09m_9&vgce$4&L!yhU@;-fFo;n%-a)gU*TuqZ@G5bG4DuYvx<{$ z2OjTD&JufQp;2i!b=M2&sq#^4tJ7rd^7!+wt+iJ4l=;!S(0a#%tG~VXE@1c*)l9+iXBc00buac<>?t8oba=g} zLjJeS=S^qJ-cXo({Mz!a7tAN#`@RW|k`g?>z2`r}*H>TrmTzn_cc_~0bp9g^_grVDKkJyytZAwfxdi90(^}H7&yDf?T7x@(mZV&s z6th15@aGlJl}av$X~krEE2xY5<*GjLHxzEXwp}Sj`^2v+r_IqH|l5-J-3fu}s1<7x~ZLn_Alyp>p`>!S_)swId#^Y@ZTrmatcw z>tS;WALp8UsXxXa?jO+>i(DIIxhtO`PK(&6ur(~ zaQ<<;QBD2dDf1oYew7uvv32z}=f?Y{Yjr|azTdc{Ft{mm{)X^6yN_&}mWkY3RqUAkp1Q+Tvue@K18ud10X z$-DKk?+IPpW4_XJxv#R%#W_N}N!b^+zS6OZ?P-?vtGZ@C`J;X0HI;q4d;305o_}mh z$zSP5Ji+-Bt*^TjyfeIV%;HzktDGO=hvL(BME?zAxAsu;(!j{{sGxhgf{}vi} z=P}c!FS_bSgAL5Z3zuKH`q%$po#ItpmDaBwr#2kBaCddzqRm!{al+T0&-k(Xh+yWX zO*eitOyCc=dbVHe_4V)GxyxR+o-Y0QD|}tX{LRzbx5_?0@;%YK$jmnQqx^yT_Besg z^(M1lN~Oy1^le!jJl$KiYoDB<&985=Zntiqzgl{9YQwo>IoFk|A6I9Z8ZJGUDARLB zeCqeL>m@46BX-TbcKM9L_Jz;a7F*RH_RTC6tktqmYhz*+>;-cUCLghyT*CWe+I7S zvtHF$e&{pZs=MOoQw9t6uI5AkjO^qa?`1A7mud3LigkaKw|rgH*11~_SI=SE`s7oR z^$d#H;e;)f7`tjpK$Nmb#V3!Rfq-?T?<-a2(6r|! z_9?HkkL%2OQY8O4A@gID?$$HM^WTkW0mcik>#GS^Hu{fGa3~S@naA6*GJ;obnRz>CN#>>8d7+Qb${(>azLuw#Gx2G7k!M`>tOut0Eq1EW`?vTn zKVwj#%3C-4h5g3*L;o3?>-iEss(0=Q<-Pm#(PH;J!#Q&PPh;ed#`D&wXS>8|`zA0R zHoJJXs^G}gMQ{42mtM^@o7R5d+I}9>o$5R~OOp5(t}pmI#ZL0oJ;fiV7iG?xH+>WT zwnOV84Uc`C^-I|ENB)Od$KAK>+4SMBDFLPWCQ2 z9eeUq%kjM>m(Qd;x@@u9(M#W3-sj()`BL@|z5ZBl+Hi4+wzZ~4!+!>*9oSJz5+MdOMAIv-Um^A8@+)RGFSW#k~eb6OS>HUJ-b3HaYb+;X|?VTUe`DMQ@_~z_1ThbZ`{J4NgThlq4fC=-}IV~H!3=pgxaJs$j{3@ zp*!oBwrQ8h!~nkTS?6o@gRXylohx_sF3%=L<@5z>7RLoo-6a)z^23ysJ2mgly?$h_ z@!?&hN3)wK6}vHtyBkh=x_?uYWS#{3yQT!jHWBzuBX&cyqXwZ!h+|xY}#G&a`Dy zUS67Oy?o(~yMGG%9WUu6TsV5#UtI9(gKz8NkH&9pe=E2wbHn+9?FL5~j_x)Km-qT? zUEiHwyxKc|xfO@X1o5Pu>TG-Ca{a@8?0r~z>CKt)py*X|7ugkF+MTxC&*oC6V6R=a z>%7cW|E|@`ZgrdVJfiDU&VPo}etz{)PxSsXWX$iJHTSlg+Md?_P?cx+4?Thw=wb-*t*KJ!vy%$ET#=lh5{s zyZoI~pDtMvth@BvLg7sxPHyS>S2{K3`OV`Iys5z}m#EbAuKjnVeoJc8Nxp^aPUb~h z?@Rvk`r?0vG<)fqz>hw{S>aYKmrop@rdLpJ^{yuIx9%T{E6XNv#68M5&UJ3_te5}z z|EOI4Cwt3uZ_obSC$u<@*`L#%E5E_+$B6*Y3^~2X^bY zJ^GK#c0Zoa^J9{)o%BtWoVQ%@HrKC(?^E>NYx{89#9}D{ukY(8{nK<_A6N0}k;j|6 zU1tw6uT7qul=e|<-r;iwU#`j*7q9qXt=?fO9l5Ub!@*mw+>>LEE!F8<6MLW~*Spl^ z_{w$Z4{NVDd-X}LxG9^$=HO-+E3)BaVQJ-x$KR6zo8M@^nLBHj9oyQUw~~V$cWwM| zwxgA z8E*b2^SosqZ;hDyCZ(d^W9N0m7hR{++)3x3r{GFIe(y6J@ljN6|r51b5$E|u?Nn2z0dxKvgd{L2!$QYr(4WC*DDKt z?W$;X^Dn-6IP^fsVXHm6rBDC%{gZv^OQijyox65;PgPFdX(PXK{d_y^8kv1RX0ATD zHvUCY`kZ&kPfP8m2JilHU9`Vr?U&iBdk%9vmwkPCkN$7ZAEs|7>h)-S>|s2vv}#}c z3|CFpn24CN;GjIC3!izJzlHrMUh(qfqKfGcU5Y0Zs+`VaX8d}z@IQlO{e#*6893x_ z`FbCY%DuWu#cTgKU9@puF{9OU6*9&+ZHCPs;C>le(@~ zvOAtndf9fB>05ITHk?=5vp)7m?4z@M<=d}(iSC%`ulQJb*4LGfHvRGTTWW1AnY7By zX2Znq(+{5ip)KFEW%iFJALZtk3r$$qC2*i_>(~5){I{2Xi~n)`(Q97qBk^L3F22>1 z(V2Y5?!I>4a<%K6+;vEljopm-B^;nu#V{|r)J=eOVg5RiY%_<+a8%zain4<&Q`>C--S zq~ILawkgm0-TC{D2KVn@ZNE5Mp8twnzEAI*-t|2z7lH_230L;OtehW;y8qWb@c@*k|zzACtU z@@YYKK`G9>77mTvezFrMR=UL_AlYw z!TalfKHF#aI{)gv(XqfK2@buyr`Hnc(xyN~V z`uoqMt^1+=D6I3byx`w;_m7lK=Ls?Y^}wjsa^2Di*B0GbQ?dV+(W~0X4|(2iqwYPj zO+M0g?Vg2a$Mgdy-p0&Zzb3ZgUiDw4*GKadH&6Z^y+lENX@cV;?}z!U>*fS#FSr-x z$GJMHY<6P4%BQ&7tJ91p^BY7t>t@taQoszzhbQV|EPGDOq|&C z>ABM0?1S^Sq_^rV+qU6?vd34C6NYESWB$6sdRWT=8b-eAknioOP*c_u^OQ1^;;en7QVd-qWjkD)+@BWSaI?Jlb>V(ch&X zRl?(Hx~;d}ely= zmJ>I$wKkl3zRW#2&gFw?qV|n%E1!v^zPoemQl06K!%o+vIKKW~GSTg7q2k+^{|rah zi@ma1<@(4rJ}7(k^qk5ww>wPTz90L?pU)G^x^L^er;`m%K4ZAKj``3%^DWnwna$d_ zz-FP|wbKRrzBuy-W+!i(T4h|e%S`RZ%a4wWGi>zN-_g1DLR{-fN>%l>{|txcia)-8 zjC+UPmX2rB9;uyqRBqGrDVyt2KF5#pX!o{HmdZ6|PnECjz5U?+k#6aVsMm*rRDy3W zOUd|n!fxy4DUa4Y$~X0&_}en8G>UKf$KZ$m84jP#I)ALJK7HG)JKPDq6L;^cHI55h z^vC;0_wrp^n{A&2_|M4giwtL9AbRVM`;YmL^JQ;tZ+*ANY2&T)pEd-Z$UC;F#`weH z_zz;!RiED5o?jsG&S^7~TkR^vAftTeQ>)unixDp2`12Zy*0K z`{1l~&H7EIH<=yt4zvjI@vr#u(s{Z1dzIp9kIQ@VD$NheGCy*i-fDMim$i3Z%ogE; z7xee0zLJ;H&s{(7*ze*kd5%2yzP=NV$f)P}!(6>IW7nSg6pwR9joP&5+4D{PIB$dg z@{eYVs|#1UU94Sr>d)Uzg^^aJs%EoneKxI=J^4F!m+bu>JFCp_S-!{Gvmee*cxUvf zI-Ye%mtyF0KPPM9QG55?bZ)p{qe~U@8 z?uF&ilHkLkJ#p>1nWI{!fXZiQZda>ZJqqK(rZgq8LGHjK`i^(B9$?Iy9D z<9iR>JzF?SZS7;pQr2CU@>3P3FRSXhKk56i8Tu-lmCH_=o-`NL3;U`jp|$1VSEdw(h3W@kd<#DceLk}8{%yvY#ixWLCuhnj#p?ePlJyQz z*l;WMoa483*@0I}>Uk}9?!9_(n&SlX@@LB`Dow&8N=7OT36%U4Y( zDqEXZ5&lrLWx{FG-zr9{-t~CwxEuDLA)RxN;p2Y0Ust9Xd}S#=TV>y&Bf4l(GFLHA*(XV|LWy>3n2?d4}CubMy0 zJRl;-`FBvo@$lsI{OVku-5VQw`q$PRPkgjr(fP#dzN-my8E2p>@a=bRq%t!U)X>86t@(o_5$s`9beX)ZK&_N zFSj=B%9nc41>3jfZo0K(He2OmxgBd${;t~cpMmX%7O(g}!JB$dyz4bQ)*pDxth_hB z?$odSZEyEz*VY!=m~9s~SMwC|WH@1Kb=j})aPA@2!xT<=*~fz2M0uI!+l=JKIVu*;yX#SRL@q=xNkk3!g)!FMnV6 zm9{c(OpI7!9Cffjpl0pF%Ny5duVu2Wj?Y#1xmtHz$2PhAc5L^Z7q6E)>zHl&*--cS zl*QQ;`y=u^x9*wEt$dI^^)$nEhnnN}P0vj^U9r;j-m~2Q42NQa4_En~+o-l!#MR(Rs zs1ZmGGB0HlUbTDPx#FGuVr_PnfJjqL+}x#$tL_T zIi<5Tbn;C(b(7~7%5)SkeqZxCzddT|-m_Pix79=zmWWJL`ZgK6B+n9r+{vbKHQ zSbk_8`-QFb=HCCVgw7P7I`ya0%KJ4YA8Mj*y~q|iUB`cF_Cb~E(7XB%{%tQcxMIIG zttXO0(Znw9(xLo3pWPD@vrPHs%qLjOqC2|Gj&wdh|-#m}q zZ0Xlr!zsCkwY#o;Sbk_f!^;n|?=mrj?nqdY+;!vQ*=4g={HV*-`{x;ON7Lh;{2u9T z+GnOckNlCG`**h3dY!@@r)-w5{Jw5_<8rsMY0E{ezHT(gpSk$r`air63v-@*QteZF z_*Yxr`G@(3vg3ij>*glss$Sam_Oyno|2lTBPo6e~AH5&xZ7H$b8Z@hTAInC$f6MmP zKm56fuYj^Q?95St@t&f*{nEIcgHFfh< zDT9#2ir3esDQWHNiSRtlt9?88*#7j{y!l7$RD9hY-MnesZ+s#AVsXYS+gm@wZrEw*I%^liZ#h=qQ2T01-DNAWm3bF4xA|={yv5yoZP_%jsivz; zj)t%AUU_ET;XkgwZ7Q-uKN`Qf){z@h_c88%k6?`WvHem%J|C14*tG5XlW0>`1JAQn zs>_c{N7pKJzBw>~`C#7Gr}IT?g5{5{F8}anSJJVT$7dY7p093QEE$_o6(MzF>c`(F z<)R27ppoZ=C&Yrjvv?|N1v`e3zvd!1FS{*miNwsV#U zys~>?H}wnq;rWa|xNgUa@3Q{Ska5eZ(`@2r{y2^G)10>Nmz3+1x1A^VvE;nb1v}Y0 zCyO??rUiC0a7Y|2yVc*e&#cD&a?o%8i#5MP536kS;O1Y!uCzDqxa)^y`z>}{HaWJ< z@sH08h31#Hwoi65x;0xeUvkmy?aVtCb2k;%Y~T4TP4fKq%oR62oo}`?{m9;H8Z6(H zlhV2hHgs+;TKwM zs~>2`3uoomo0x5S`#|8Q=vA%Yg{8UYO|LBPm~OIelAsOe!`Q&qW8D@R=biY%HvMs3 zm^q8PyEf_FJq}OCw5f+0f6RKbWv0*CqZ$fN z9)DQbCf2KV<>F->H@&@cB{K@GQkQLh*e$&LWt_6%F8i|r^Pefdob{^4{y}ekxc#lo z6-_TgufLnwAD8WP{NeQ$)9j6pwD0q@PD|xe`CR#Y){BV?E++`O$_ctLtX*-zJ2Iy@ z{J7`72>pr==X>Vy{b){K@orPYodZ_e{uI8BTl^u~Ym$8XxAUuRX!&aVyxNh|ca^>O zk865)y6zS^={m%9sD-KiJO}n_Ql;?W363ckOAs*JaAimRwja z;dxS5aBkLCt>D1?;79X&<_TRcU4P5{h}p%LiI2AKNtn$cZS`fn^AGlqR`%`PM^c$m zJ@Ovg@>Yr;jrDt1-+gP@y3Z$BzJK?5dcE5KmiT>nHf>a;F5zlu{SNs~9`+j_NY z-QxyZp6%RT75(+W_e=6S%SBo(Myy5gTUy)O_V_Q<-IZyO$6@5uS9M)8 ze`&To-&W`4FJ>)ypU1~6YLV4^^wzh{^@5(~K2<$Q+E-@!d)}E3B2V>;lh2v(xBlbU zygSp>SL)^?^@)wMUM&6Ke<)Y$&fS}bE*Qw$5yf4d&iIbhi^T&<@s-SdIq-NVz-;RM(g0> zNqZ%oUHZ@F|Ijtt_}k^=2kXQ3AGVg3P50V!<$ILEu6x|AIYP!SXZ^YQA$ZHK_Y-z| zX{t2d?aTgh{vY?l^mP^b53je{n6CFZb1BQn#z5@cQLY>IYwL3Uh-_&N{J3;#&yJ8; zpHwEyJGg}5U)$b4`=?&s?sqkJ3rJHbv26hx|}Ds`3a$vyuh>s|ZD<^xtsPBUfI#eAB> zl4^6E#o)?w{mQwQk0h_m7BP4Jk-zwd+o8;aKJV!>gg)#%!SXA7-hK718pf(mxBNAu zcW#?fcw_R>>KO5D;oAG|J&k{nEq}D!PQqjJ`e;tGqEO)mzEdx>0E@!J(4^6Y8n z)alOGlRjQ=yk<7n^mhTnlgV+qAHCw4Ds~?`yCQS?g=p3TnU@T>1@FyF{%uqfINA8l zkGV{Z|5m4&mwsPYANY6nKP~T-_BZktO4uk*KL0qT=!jLixW_kA_G`SNpY4D(fb4<9d- zNU7V~oA_g@{kHc{`VZO3_nq+mzHpO8@Q<*2vp+Z=3*QxaMR)D>EIr5KEe&>C+ZTJT z`cWM*G3=$yjq|5p@T$ixNlxFeZ*A+8*~@oEWwJN^(XU+cN-ZPr-J_qA9-Y^6-yA-} zd(qL-f?G|e)n%R-9<4I(OZynNafR91)iG;NHGcPBzO=w<@3{r}E`gaxlg@brcio$& zG}kpH`K#BI+qv_${x&mjOPZMa(e?dw#uu?0=bzixe#!KF%Sq|A>vk`n5We?GPQAjB z>l14DKGq*%|Bz!P-eaSi^J(R2Pc=@03FzAHIuD zFHl=rx-!~wYSHpD5`SJll>Ro~`=iOF=s2&g&B=c=j~U0#oBLQ_m_tn4Um|AhehERJ zif`*G9vZy8cRb{CO~`fSx&50=-ZQ!6tt)w}l1b7#zNBf7q=PoAj>vJyxIf^?aM1^vCa=r(a#F zN!T$>bN|zx?<)58u1dRCByPy!_02kGHDgc6^RtpUmG8DbTrcu+R?Dx_Ws_1qJ=0WD zJjuh!-c`5sL;A5g<4ZNG^ZC15CnQw*NUZ!W>$tA_SUg)zq<-hRHCy&e#~!p@&7RCO zJ&pHVk;D0@XEu%x=6A=5H)L6v_r72A^s`;&Rl6YD=vklT_>5NXYrk~ik=B+Cd*=G| zx7<^m{qT8*-aq*tw-0;do2=fi=U8O8OYE_IYnAz1;RkD_58v{e`S^XioP1NnntPV- zAGX=P_?W(4_UC%WAM+o^_lC{-v(Nq`e~0c@v5hUM=!}s7F?Vg*uzFFqJ zGkHBbgK77wIaY?u7yeCM`PepcPx6Ofr`@+-Ud+i;*_V;@pCQ6Op!Rc|{fEa#_sLvq zu80mz-(u{$RWA5Dr!B`D%XPO*K2C3*Ro{MV-l|PeioDzhjCYtTG)H@e%*i{av8ymw z&ikYN!*`39-1Ps?AaqQc?Ps#`gxc1^DD~F;4~;&&xpuZ_Lu)Oq#2m)Gg) zrC#_N9p>f~KJoH@hP5$kzs)I`ebYQa)520l>U)3JJmLE7v!!3uovqFPy_02ilfTXL z9d=uv+%wv|bL(!gU27BzKTT(DvX*+YP+dH&=(E3zYp!z zsNS`>Yl+D&OJB3wu2;_NswwWc^To~9-}LmW?c(=DuB2Xm|0qRqUl{Y##93eZyZErq4QpUo>f`yBxhO>#k>#+`(Twbx>>!Y$ff5o!Hg((N8^!ZlJs9L%B{1m<9 z*Wtlg*E-7u6}!I5@@7?VAOEiT@bq8y=qW3-w^=g2*z9bbf5A0fa`OkTyi?_|* zD!f|0)qOE{@gwn#`$Dt5pJ+DzQMta@%X4wpQpNua0$a{HJN)q4_#;c=`Nr&{m1le> z72m%T&Yl18=esX2w?;&0-8Oog`2N;j{)5-dqSm)>wQs-dt0eJG=7yy7is$`H3wCMU zF`K&TN7lPQ-n)Bl_{?EfxbBlu=p| z_q4Vo`-0oMuHBpWeR|oY%v)D?9tbjLoRBRXc3H19QEzXuf#+I}qy?W|zx}f0!~BkQ z(Gi@5MRCTb#a`HEWU_W|I{fgg`{CnPkk@h7%u!FchqlT<+Ft^ zx{9~1UU>ZruhDyV^C*V9#xn1ZmCcWO_T{Shy|T_#E^=uS?&|WUs*5;Y6z;S8Xx}OK z$}@T5+qbDTO3H=z=WsoJ`zQ9%dd^qOp_jLcO^s;$WL9q&*Zx>muX4-v$Xt=`0>O>9 z*PA{UHy5)L-5vS0SIu)l+LPr=HA1>C+|#~m+r#SK5*XZ{=w_kl*>OP;r@tJ;{ zYv{$T`wDk@@mC%3oRac8Pv&;G|5B_1h%)3aplw;96w%9`+=c86velR}VnXP+oR+EzQ zA%Q>7Hq`Jws_&eYw^4TQC)F#44SfC*>o&*iyuNkMe}>fCd)U`B+c2NC*tTopsebe6 z-%5Ax-8Z#wuYvoM_v&4zr++K#lK#(dzoPevL*3g_|AiHgo=2K($eymOe);LTHd*eV z4@Vn!UVYE9iBF(hZELvl%5y*RAIdkCqLyBm%TEs zn0EZ!g`6h|2U2Gi{6 z9)BLQzQcx9%8zZW%H&i384gOG>d$()NBd!SJpYSFhB5{`d6KVPCpqUl)vuGTm}YzH z?3-g{iE}r4?v||%o8ERgV6snk#KcDvQ&~1^%B1b`Oxb#AajvhPpqu6Cbo*9^I>U;v zOBc87o}rwU#$L6I|54^rO{HXI;bZrtvSmYJrt3{UCd2Q1Z|Cb3dX3sba~G5zEt{wH zqxr$zWM}v7ds~+`Zr)z-@?~7%qxl`;g=w&|}eWM|s`VE3g`)!(UaUP~)HR~NYx+hoeQeygOe9!uEaQ>ThT3S-QB>r~@1E=kKO zy`6dE&u@Qc&&Tn?+2-bFm%m&t_T!c+``V)IcJfyqPB>X{pv}fCOC%`u^PR1kkGb!L z9*I*3HpxFIWLEZ9yNsXvwN#41>o~qED%0-t&r_N3XMbQ!N58+P<%Es0+R=yVg-Yc) zV;OUERJzOJjPHalt?eo`vA!$$Ro3aooo&l)#JLRI9x=WSzFl$r=suYlw_lwV*)Y## z?b);+hmTr`cbIUP<{CYGnRL;x^?nLi5R7qR`cdnF)+`IxUk^l^9x_j3O}-I zU2#@@cD~5%U?bM!dy`(tgASFr{d%QN>0PJS9@FdOLQhEkx~@`U%l7Qo>wpXI&#rwk z?Q!kwZH#t{cG$)VT|d9LqTN$y_dcW3XT6sTYR-4~5$^Qic;}6iAKpJcI_Kgtj^=3$}hB^S@Yk#e?+|O;`Wxe??j*0G%^dgmeq0n zo%x?3qt+_be80fDlHCQ4sh@9`F@9MytG(Fe%Z2Z|`*~k?=6AM6xBZX$!|X3twytQ|lwNjYhRo-Cd%b-=+;9J*n(;9r zv%qx@gA?zKb+c--4}TM!dbKn{vE<>@`Lmvvp6|TRxscg+@BZ70FLiRHHg~O5U%4b{ zqSLc$k3-tLtE-P}3;xfbE4y)i)~EOKKj!}7iCH`O-YGs#*AuT}pRKSHu9zt9@83B; zJ=IdLg55NZzwwsuozuk+|1)%km7l0f_vCz1r?l03a^X$m!>0Wmv)=8NT6=1SXdjQ$ z(htj9w$=;VTzfBVrOZ6}!t<@wE%BT8&9wQKGSR)z(7sCXc+^XsI^mNKf9LC+ce4mR z7mz-yJ=~Xft+ZU`!~B+8Y4cMy`-yrSKN)M=*Y&1mwRh=*2g0|u=D%IMdBVX`md-5? zoAtEzo_*1|{niQP0K1&8Yi8#NZOn*xvCDV2cl}Cj|68I@F0Zk1UE-%Q?Q@R6q7VF4 zPrt@i-S*=zS(sX2lb*z++{aKq1;oafh;ir>1{{P4sXgVqEq zjXxQ=>I)b5PHcYY-*#=6@z$qD&(C;!Qb_J=de}~`W!Fw#jo=Y}8KSqRxN^1Mg_jo+ zg!`B3&0TiSUt4-5n}5{o$s)%hE5f8_++44BX6X#W+c&O9KfLi}FWc4SyXCcbT8~Ga zX3|wVa#oUCigCxrC$o-U`QvrH?7isX$;XUubP46;C)NaiRQnydzgk4a@q*U8sn74} zew_Mwb*7k+mAvuyKI>~|vY*9zDhWtunjUwRy|#YsuFbstnnHyyXYC7_81j5+SGVQP z89Eom%k1^EH(l7HpPVUmXHWH$+Y{DUur0f=$8uSe!Cb|=iV`Pfvlnh@6&F0g@Sh>0 z>sXO_Pu__&du(lgOFmV}6x;zvW*o@Infh1U(Wk#d`GX~!1hZUcPkZM zSQ~dtxlbm&a@?Z- zG1M`3vhn zdm7(XiRvxrJ9Kw;ng7aFo)t$}oEXn%UAWS^Ir`0xhtscrTw^`+?Sh=c>ROf0w)7pb zR68rSgTs5vobP9oUJ2V?J#1vaeWU-_+UPrfm%PzB!hAML>|28UY&L_PEFmXvin12# zvHUivx1LmZ{Mv4Rri#pWi>1~~?4Qz;wxYuNU|_|*H*1Qgdd#S7mu0Q8T{bg&SroUn z0h0?u@ZHt3Lh~11mH4#qTZhwITalVYOLZFF6%}Y%Jn6d0Id$`EA7LTRiFLsjs>5QI ze$H?%&g^ckS)i+)&BbeUZ1OVQ32b$I6>?iIXI|qsQqq!L@N9L3vD410ky~@U zm;~xq$49+#32-utZem}it#)y3*G1Q-3cVqJGuMeJM7Cd7yZUhcLzz2obHBJE)3Zs+Tg&-UyLy=8f? zu?A5>$|&Pd)n!bN3#}}h`BBA*~9s$*6;1J58tO3=SVXgyLq;> zj`2r&`Qn!^tJi8B|5Wqy75~zd8iT#pYV7k==M`L>H*wz8SB9rEAM2`Vb8G%9vA)xM zZRe`p8Jy+|o0o4XH`o0ZaU#@0@_qES>w-6qNXr|n7W@%stHw5`!N7{^Y$mP^KpxHV?yCCuH(D+_i47MPx5okd41$a-$lIwi=)Ncta7hjy}5ITlcP=HrIvNx z;jXi}!>0DMx*1>Ern^{cm8ezelBR1C7u@{#Kd+v)t$6yUtBx{dD{d6tnC^EuZFjPY zbI+q)vC`gR8>ZFoDQvP1Ty*1jCfn7RjW)lpwKH-(ntWr~ab-O>UyXj1?KvR@8+2Ql zo3AY`bA3^)4cgEg!N9Z<+lp?7Lcb`bgMy zA7yu$@1mz-4i>n{Ogyf%Cga4!7|ryj9u{BM^d>L7dDqyLp}@$QciCR{!&N=gqr9g1 z&kad8J#zD8_KKU8)%F!^PmXUbxhFO+bsOtq1>rx=Ym?4(oV4h>@;2<*)2EXs-I03m zPw&-)OeyP|Hz#oGsU+Uo%N{Z}aL)zy%h&cif0Wl;`GY8pERo6aDeY~(GWvTJRkMW%kKdhUxYeSFe znVk`f)tAR*Pu%=*-^w*UDtl_z)xDR^vX_)Bon34*>F?oBJzv(<-44z*7krR+;-KwH z3-z6^0zF;6+}7B_eOs`$G*kM-V!h=(U)Sw^*xpm}RywxtvtNrV=b;@k;XNk91aTdNu+jX{zwT48TI=$n`=Sw@Eil}oh>tFuIbM5IztZmknBDcL}OfPrhI4JsQ z|FQEoii58FNi^@av1IzskUo=TvfewV=kv60?vww~_Uu1{vsCGkqg@l*R?jp0$op;j z!e?jN!_WO3m2*__P#Tqe>PWi1Dp``6~4S(i0A(B`<`#(v+;pVOuN z*aKsZ_imlJq{i(?&tv(yRm*#7n2R}!8C2OF<09AnsQYI^t!M@ z@k>6R^4%=Mo;=%bVx7G11ux5ghS!1L7yb$nkCWf2Q?u|*?d$ZzzfykXMC8A_y0qwK z{E_X&*>9QeeER4j@ato!PRaV&tkq#hrZL_x2%Kac@+~U;?C#Sl{8`sdoLtnpZ_+_2 zi^uA+2UgB^nPk!SMB&=owcYN591M?VRW#1^+Hp7XbB1e=b*_$fp7QIXSvMk-41x^j z?T^}+pTu0Sm%r-5wr!oiG*wFeX4@qmQ@NGmGymYc?0mo8?H~K@U)#Lq?YGannYQM9 zYn)VF-_yHjr3b?5%Xh{Xo1ZTFg% ze7aPf=AU~HNshJAa&1y|lu(K{$o z`ogzN&ghzM>uvVJ6Ayl07p+~v`7FWm#H*}-Cy&~mc|Bu_kO70;T&-Oj{mi*)@7~GW zXOSG)kUG9XPGS7BC4_qtw>Vc-F*P9o0q7`PkS{0^}kA6;URQR%f-u~Q^xz``5 zp4oPo^O>A`eb%qg8dtX20&)cslDEICpJbo8UckQ7CRV5MV2@YXqb-N-&y|gMRTy%& zUvXZ!xmJfo^7#$xwjYR+z5Di%(y{Y=WyRK+&wwiRqCFXgY zufryWS-)rZe(wIg@qE-h1GkXo` zYx+f#TvYj$Emp+6aG!g8Y4lEqMu{HBx3_0DXTUnt@lQ>9c`FZ3mUtuNmKez)@r z*J!SHIDgLerEp-#?>+-}nX5O1cV3OY%Y4wbN@`}xF^8POn78xRUX1-6Hbp$k?eF8p z*TJWbWk=uBNq=AbHhj%jQG2cZmg`FHYW|$^^<_}xJ%h=1>G5$_mz1~#xtA}^VwcE2 zwToBpgMfYIm2k$TS*jjP{%cFB!d5JGd)#2Fxwo_TU0K=m-E5Nkqo&+bRM9S5S9Cj6 zy2zSOE8=TQ&fFVHn=IF%7=PO@ZaVXGNME{F*bp8EXXZYOjuF{c|Y0&ob*;ih-Y~^`jArJYe z)ptH+U%2+7w%MTe)Sch|OpD%KyB)hF+xo?nb#BaDXFTQPXY>eO?z(zuM$C~Y=bn(I z#b@TK&HT#VXA}Bpu2z^-?8ICArLSX-|Iv9b={!??)06tm@lG|_mrJZ`rB83$xUKj2 zy^QIzejbk5+qv$Rg#3gX|4OIvty<~x`q*;LEfMiu_w)r#Puhv zUt4|9=5*G_yx;d0ZBFrSm5VytJa6lbNg0oNW?ppsXnc&NS=oZ+$-6rb&rM7%=uy-w98;?Z1~Y-LTj^D`7cUZTM_j=f^*xe^VL;vm*3B>dOw5p>x2jY8OmQr z?NZxVl6*!gU8VH4v)|!oW%8=uJ8JegCy11*YJa}{k1O+$tlRrXK@nL-JkA_k4aqXI z{<2^Dx?Uve#_6JoEiO()A%)lWYyM}*Sugb}&iu#mRdKJx)10RBbf0Hn%C-`@^LmkR z(cFIf4{USwmOh$Yk<_zg^SQ3Ya$kQ5%JyDwuakcH%l7E~DIag^6@FRYwm;oh>vhDB z)k{0Bv*roQRDWH+ZJ(;grZt?#1)hmi=d7v(YQf%?)sWme9xXefepL%RA3=O`7wjuj%}e z{eshYqJG|Hkg%}Ty7go8qqRqOHf&j1*ymcy`Y^s_yZJZ4=w6YUQw)mQW%Uicxx$*8 zLM{Hit@)aBYD(H=_pLIj`RS#~kKab=cWf7u+^k^voZ(W$@*|qTC(9>GKA3a;O7cUq zu5%w^mY-QJaoab)b)VRVq_m*grmk!QKP%9%?1lU|)UrTlZ_t*trriT7nQKXjB#&74>v z?U%jw!}>SJAJuXRn9dcQpZT-fjJ5LXzNNNFRac6AazvM$SKab4zk8jjn#Y&rlXUNh zM!k5W_kOGTr^VY!X7GjdW#2NfRX;Gxb?3{o!4!nbVqoYQYEj!yJ!4ZogGp zZL_)PLf_#_J7X5-@~w)TT7A!b=F2cU)!n;)tB9RCv$vdY>fIml{vX-fx18=i(51#@ zwrah~^-Vv*AI@)1zUF)Ndh02sqBECE*Qr0Aw_LtekL#tB!8W&Ze1D#Botty#>8Y;O z{khero%`COer$g%y>-i8q1su34VMfLb+tV)oqH$j*O#u3oo)~KbFQ=2f4qL=KSR!R z-?pU13vYOso~u~?$Zn_FgzG}a3nLls`K#@%k}P@l_wmWKGhMA+hl*R=UdZpXN@WJ{+0+<1R&#neYH9^1~T?wTA_ROf!eUeG3c^+DaE zN3Oe`-uQFIHTT2kZ;AW=(0=sWULf9JTEz{oi91d`zqd2K(_Ww?^XvIHJ5|)b?|EzY z^;wAoKXU5iN{DzI`ub)4o&%{D=knL)RY>$?x4JDlzhR%^e};oW(U0=x+>@Mq zIBY}PvGhJs_Rp^)=X2Sq|Ij|VPp9er(Wv>8)85&fw0J!0$0zR0Je!bRq1z=UOUg%m zxody;`z-G!mBb4lvL{PVOVqTExXwE(Y0+Bog}W z<7$_m+k5+gdRv{$!MtDnJvNa~ zQ>)mY?a}(-74qPY-y1u#t)5XnPyaJy%f@N1m%E+uEnHitaO0E*Px!WeP(OY*&e!{q z?xiI&x%C+Synf5yUv<9qKf}YM`<@T0H{0℞b}hf85p&{r&4_2Y%do_dw2M!-Ic( zYvs8wZn$cawv0c2or{?<_&riYSwyQ7hv&&|Bd}Py+&kxHVJouX}{Ehh% zPnp%col2iJJ}}c-er)#h=|?6TZ~wE!{>*hd)m1l-?CCp|d-?SAnZ<{~cBO21CSH5| z$KLE+Kk7gFJ%4!qR_oToo$}I>{5ECl_#bZlyYlik*`0BWrhFSs76(k6@YM5__Odm} zo0WO)%zSP1@5Vpdt-M*&*CeS=U8}49?fj*bh~OjNDg<_xM?> z1SQXpxxRl(Vz_ii++ow>Gg5zendc$Qx_eQ=*mH|Y7XX{YY=-dw-!k7f0eTbTmNchtfR?4~|?lqenX zE#XyA%ms^|cCxRmQs>m?UtQF*k@@-i=!<`3KiYn8&&z*fvsuJoTBYdD%FT5;-L=<4hm=-@5&%_if9zU*#R^lzXQqukt9{u&yeC<7&G_b&l_L z+kQ7+;lqn!?Xv%VnpA$`ujQKE^V_V-maetinpiG+B!%~YzS5pazaQ!Ct)IDU@^jmW z!VtZE))m_id^=yBTIOjxdt&SrgOHzVwp*?~wP(@o^y)R46JE+G?AYFAFeCARXzugq zcz&-Ve=c!7u#^82KlxFz@2dFvH9~cZ=F7!AD*giw|vHb@NBtlLI-|1^M4^ zUz+hJ=7(+KqxG#;`Mr7T45sG=SseP@cyH(G(>EtOHP2a7lbLVT8J%HUZ*^(Q6obPu z;rnV-|4#WM{@6DuIyXK3H<#8&<>M3QpW9;k{>EvStshmY!X`heSf@D2VNq&av+d8N zU$2U8ysD!zIddN44Ay~Gjw>8^E}pXu77wvz;u$|eu0vw;Q>XL`0S%T?eB@- zc(nh}?HgZy{E5siSLxnuV3ELtZREaWqzE7k#>4VxQ8F-ISXAn3$ZRUc=lcIZf9AJ^NT&~uf_jtp; ze^%G82OmwGwB5)qE+qTzi?GXi&&Z-L#D;FSYjg&#+l9m*3~l>FBa+zr^M*-E*LRsdmH4 z*Jqv9Iz^l0w)aM?^cU)s0g>Q>H_59_wBz8!OFneNSmy>5kPYvxrvc=e)I zESCFt@FV$K*S|IVXnvr*`-F}9qv+W_8zr_+Sy%Ndy!lqe@niG!yUqt*|Kn`3-lSpE zo_3pAukEv~-@jcibe?IW@)^rNug~w16uo+GeSV&jwGwl`Pk36W-~6kWtNV@i8*jYn zX=0QuuKF-YY1`phpQU@*58J8l&$bPB+`c1x#si}wH{bGa+k;QtS`qQxX1~%lZS8~i zM3Nt6oIPR@aqf}F`tV8Y4Og}r)jyoLkG-PVf8M*_2b;{8Em|J!*z5g|^XiB9@%iS5 ze=RMQ?d$Nvb#mLU=pQ=}ed6Ty z;%_U}Y9_Az&u~z=CQ@%!{vZ8ShYOCHvt*oDuk$hekFfpYZyl3-<(u--L!NBmh)Djl z{(3x1=CgAbb)Tv{bU3;0)D5%AOHX|J_UcJrInT$lHK{pyTGNzbCT+40SU4@<*P7}r zb&Nk2e@p%`^I_;D+2ljt%YIm>MVHB6+F|{lf&JAklePK9N&gw%7f+18z~50P^+WlX z*`^y~>mdjQZ#>>}Tn7_&Y;9u{fmmO0dMm+RwnVA3S^N;X_Q`2vDuRn3K zEpy7n!wGkTKOJ>jn>@Aand_Iew#>)s^e-$I7qhzZanqdMNrLe)+5Z_f9B(s?Tqb3D zXTpPrf!8h8MTh-uFkKzZsrPoP#r=HO)Pw7HEuNQ@DD7u%#};=i$Y%H9{|sBNAM=&a z3HY(rKF+M?`nDhJ-;Vs9{l|Ct@f9!cY5W#FH2<u1izzpc4VtBT#~!&hyy`*qRA`Ej(+v46kZ zxa=HG_e_q83h#fn=F85Kw=E|kHcqzb`f>Q6{fB_{omNImw|D8T-Kx>}{9He8|B9nk z;jRA}9xSxy)}Q0N?vMSf`;|J%=NIQme!RAHMJ!`&wf6eE z-1DY>S^uVYRgCA#JDX!YpLzff0-gDb3evQv> z+**y2zq~$S`gorFkDrgSdo%P_uk})JQ*<_WjQ3K1^LItXe}==KVk!zGb-%KloTkZm ztg1LBCH{lYe+Kd6B`W`Jw_bSiZbIXByRVP{he>B-x5|HCwq0O zTA0FnAJNiZ-`9KpsDH>S?lq5pn=_~Ld|inzujA%?3|X>sQ9oDsyZ!|g}wyZ-pgT-bY?BQbCJ>sa=0 zVY?sKW=UITPs@yKjH`NV6I$OY&zs(TNIhiB_J=?6tUpJEiS1LoVB?!znXqPG$bu%; zlF;?O%O>vSDk{yZt^H8`a8~9$!OPFDihqAAaCb)$Z{UxME1e&n6{^f##CSzUR6gp3 zo%Eli%Uk)`B6__&1kdNoNp}AJ&k%L=NB7E#^5X@2TgqmrzcC9_=To|cH*8D!iXS6RHeVt&Z<(yLec%!}6eudOxz&%nifI9&00 zMOjbEBsQ%*^_!2kF75N~u5LM{=jZV@Zi_KjLD<;&?`_#9TzB<91J~OYLMw_EU)oSI|JLfD>sx-uN+12l z8NE2Ct5?te414j<@X94MUOy^J7fYY^=ilYo7uad>D|~ufZ^pjhy9@u=CA)q5$DMtn zCs3^Ss#|DPc=^M-UdL*6b7$SWvg6>16YK3S)#=ojh-F>3Dn4#t(|p4IVXR*N$JY-J z+)kD7IRD#eJ+I#q=?hPfuiBb<%kW13vHMK>HC=J)Ndo>vz7lQewg7Y z*s9ZUT;g`uxBMTm^}I^W=2mYQa-ZuMepx5*@9KTdEq}wZvm+JDd5ZiD*s4Px75$nz z^+8__Ut;fJ*Q5W^r@#8oz+q}(+9~XJdHbYFR;?}bIsYji)L=inFRGq9=fT%+>(f8% zKVIKt)wfPx;acdrh?j2GazD?mEOX8Lh(GTi?+g0zJ|CVobDXMKB4kjjedVispKjvH z<7T}%iIXy!>=#O|+mtQ1Ci3{YEJJNcVTJx<)8s0)sw&5X84GSrnUsDuj&sA0>C5g5 zKbrI}dOgE)wq5f#9+f??qqi?wdV6^Fqlhi1n@&wgmSru9TDwH&VQ!<`*0)ZJSFAff zZ>8FjH#rrVDrI5p1z%SGn%9|ZWqV|Up2sWJfDcpN<}{g0Dqq{hn^g1iq3V{9chb9q zGGh+kGM>57=t!&*3#$d_Wa;!|);G&^-FeCjj<1cmYFDK{zpjm^FETla+aU8!+>=xcUO*0iBPGt=P{F8po|@<%?1> zIP&?zRg2PGspBE$+KOEFi|1{9F;CKL*Rlrn&d<;I{HnrBr9K_=`gG^vk;HwA`7(4R zKR=YRB{p}~B6S@E4)5(TR~Jbs+bxZQYGYE|BG<>fVbA5~vw%yGU^)WwcO8SLfc-H4HQ<$B8ZtuUX-bdv$uPp4#jSv6uch1F$Q`PQN ze-*VqG-K(HX63U>qUTz69{MT6{I7m(YFJ*$CF_EVA;GyXDvuw#%N@7%>eZ6lVS=6) zPdyji{DJ>y`FtMz>){`LPkVAoXz!M(GktmMdgJC`_|nwVDlpCM!oqujkKi5o>1-LaCoUSaiR%boWrKdwI14Z8f>*|kVH<#Z4K%LqHw zzpHArAD&fxcTIy7-~BmS{bdYWW5TT|*Dv3X zusM}tEupEj+j7mFb(J3v2X0-HQj__2T}|~P?@Ql}S44PveuKx@-w||@V zk#Bmo%CEgI=Po-I7Iu!c=Jm%z+IQ`b=zi1H^KG|0BvZO>|F`;{doO)%wMcMZF0XoB zs_E5koSL{{^4z@WjM~UY=Wlg=%VmA@rKC}Pg1{xC$p`;rM?YA9!;#s)Gd~fBQv#*&iuWUT*G<&&9 zt?Xld`Mc2>n{``PJ$u*Dg6xv#Hr3Z#Yf643f7tFgVORVKo=+)@?3_~OO<5hZX4Z7mca@d7RU*%| z^29#dhCe)iq}Mw1!_pnor+Z9Ek>mAU|6|hqVCQtfjK+TkmFsnWlovnD=Y8=p`gTQk zO`@AnoJ4qio{jk08=Vh6dZ{cd3jGzv7qQyni)@XYoamiL+pW&Zhh9$H)SEg%EP(9~ z&#Y;$LoaPj`X%MVeQL&&!miJIjpH{=53njJe|0dL$MO5RX$Na$lS{wN{NpQhg8icz z*Y!}IIK{&g-xP!$xV+phb+ui}--R{2%PPtr?RxS3no_)7sG(8m^I2cyIcmf_zErH= z@;A)eO?ytxiFM(Rec$fe{_)(U-)~=*iMcG~~9)`eY7 z*AGRlZP8WjDSGg=#MbupJm26WzxcL(GnB53-odu}u6)!-k!f*hGY*;GGLlFU{$gS- zd(qFhr*!K16YGCi$AllrTw;T@2@_) z(qY9aOUnu2x9vX^g!kr`p1+lJ{?M(K#c!j+dYUqhyXtwqylt_5%KoGdou@zkGdz60 zv%e(ZRiSMAj}Fr>H>BNK&zo(Uvf$!hr40KIjj#VR@P5hGUN3SdD(1$EYab*I|5?z& zJTb0xbw-?+oceE(sP}UfZH%_7&w8>)@sX|DYmXf}Ce>_+Vc_@Ep8lh9)vM|M8HDe? zTQ_rx?}6morInYqMr|@`Dp|1SeCD1X`5z{oI#%oSpW)c&s5puJPnUD?FRd(Zw(-o? zKjN6U^ws-9A>Y=*`?J#DO0UV{R@ruKx~p9rhwbahf9EIK-#%Grc~|XS^p&d#FFywt z@0@0~T=}W{&3{~bC-&bg);h8JbKc9YgFo6=`wPq}nb~G>Jn!q)5BmeAeY4bE*R`if zM=>!XUQjn7BF@~lc>c9LuU3ck&DlTwHTR4U^TjKgL))Xouf5&n`{U&~gt8A!l&t* z`xn2JHwkOsleJ&eMmc-=e}=51k8g@jsrmNXK{sa3{Vm_y-oA@Fcj}wxv&26U|4KiF zcYgiPAeVKWO=Iyi(@4AYI|c4rGioe0PyZ*R`>SWY^4oLIY_+fVam}@=Iet#7`_?Cw zTGfaBqIWB9ALT8z@61yatT`=K#J@H2NB3{n=v(L68r7zK^k!i2xEsITV!h6X_`cwS z_l(6iAKT_1lm-y&t#zfAl||yz1qw`boE^KXrS+=#sJW*u%HAbL&E?b$+ey z|C9XCZQtdnlIjp^UwsETdEcan#W`#N zceoDxXnZ8H@oKV1sT1?|&{vh~fh?- z^UOZS_TJp|z>n&O?|b)@ue`IZttn~ujAO_9_@ho-F6k|Iy{aelPifP!BLdb%+1Dc? zG-5ZOYK=bUDW6>uAas1!J;P#jFYOu=l|e; zw7=_*`T}dms*7zgW)Ytwt=Lwttk`_4{?_-yWk2n{uQ<6hs{h?Af0tB8*GJLSo6p!J ze^?zIo9CIU6PH>)n`_DUHE*SzuA2M}iMaFfJ=ZqocfqgY3o7!Re-tk7uHNe>U2J*{O5z>>g%@_1b^GJeM9I%{_Nyu+4imXQujo)%`Y%F znk*nIZux}@h=11QD!@u!zYP;{A^g>DQ-}C;i?%wrL zWO{jbW(xCh?rEJ(iBtY&FVYH%S{!kyD@tyy+QgL=$w!*wX60{-^b|W5Hq*KBUB%s) z{|udb${*erTzaoRb?I@H%+s#V5;vazye>HYr zS$5mkpD$l@`((ECGLd&G{~5l%&MJuYQTLx}7XM@WlDm-=0SA}A%$ZhRwkRU!Nx_*l z3z|=eKHs%&;)0AQ)86-Orf&1yudbcAeyzmQH+oYZY?pOhx5+m8$aaJO49P$GygP;1 zKfPV1%&9czNo}_F;dwk)_HWJKW1hb(P1CM|?arJzPr~z+Hd`p0&3opy`$OHoU)Np- zO9k2d3n_}uGJ7r^QMAtRF!O~b?auB;?Y%Yj>yFxYuD$g9^aRfGm4{hvtv(*DQvEW| z;z#+qqp6SP20gp&u(Ri2Zb65S$KOY(=TFu024CN!|M0v>0*9gDk;x5bi zRUMXR)<5wwr{0Q1x1OGvr`>#{;I=n!+hXR*V#{+PJqdq#i{!=k=sx0S{4w4ABgdpW z2kUb-yL`L!+}^z2Il7+b!N;=Yh4zQ4PYONr)<`j%$jVbQc~XSjkJa-7fk18Ftm`g;bXKt zTFKw_huP%Y_WYGgCb39#G=49f_1*vGKkfBhcAWVvx0YzHzF|4-;W69Dy-#O-b+0M%!w)OX!MrVZGd|R`4ioN!)YeMH-_NVR8 z5}BuRTxnm=$LR;Wch6;y__)9QjZ$>Tl-zCSBDCeW`n^7^%|EOpxn%pU-o*tK_H)ZG z%+5OVe6sJxTjCw-Onzr>(GBu9I~F*1$;X)a-TUMj_&dIY=yFfGXjB@X94)r(ZK~qN zD~V}k%BONZxW-@ls=c2(n=^6Mk(3QH{xhsrZk+dMcfy^xc9X^H+Vyj${ZqOarW zz1OVu_?f-g{j*dqY@IB!x!v*Knu*`*w!YkF|6%R2_L6-XAD;BfBtK6%&r%g`TfZ!` zPW#gBs7njGJiVS}G(3@dw=i`1%ClDGzB8`f+Shk^#=G1o%_~pSg0IZ`+WKfe)7{t? zQGNTfl}-N?S8kNpWmEU~+7`W>ymxDtbiU;Yb~CW}vOMyYRNoY~{rLr(oYUn_--vl) zHP0%1rKDc)**QArEie6X&Q^A}eY7R#9LvF4*RqaXDZkc4>z>*6Rzk_=`%&W~|M)+= zz1OSX`LM$=-?+`U`=Gk5*7xSMau)NwFXy_Rin%2$`A^m2uhv6jab9MpD<##pXKq=Y zEi}9C%kE9fR{vOa+I!o^SbhI(5wqOX&-wkkI&Gfvt`B{4?c3`&hxlB2mKj->zcg-Z zpKrKp^yzbgx1VrT2EUFz8gr)ou$}G|8%1gNdb994v;9um&e0dw+4wTOo+mXkdFl+2 zz^^Z3`g?QrN{;nzb;(rJ{^Z-ooAJl^W9!nX2R81Q^LOShp}LpLRTpnqlYLypxT4FS zFZ+78j8*SUce{8^19thfmBATRZ98p#xvkZ3>+Iq^EOE?Xed5P$6PMkOb1u<}%*Oc5)7oMlSAJjT{%-TCNxN*c&wXTXSpUu}&htrStB0-C zwccrqODnTVrDI)p#vYZP_#-^g1=T3I>cgZ8pZcJgL3MJ8wcv+P)4Z{d7W z*(RKEO~v}y%eqT0)ChCma#k1GcE?zLZHn65k4b4gEJm8jmMYKh?NSzIPrjD=k-ce4 zwJ{5mrz-pV4f1n~X6@d#y7=2#yDy%?@?Z0+q*mS1@B6x}?Od*;VxtJB>brYeuUDiW zsFT|npe)p>{QIX(+Lkakq0X}zVNz`iZ6=(|D%iv1#u`2UP-nhbu#xw6M#gizWmd;K zx7^h`|J&@^DK^0#vCt>~Oi#tWlA7o?|FD^n$zZW1)A?6I*Gk-}5Lfo-t#?mO{Om_;-HW2v%`IFkId|WexgKkB{r7U(v?$6`mS7!yEFIAgqT&XK9s#nXFz2?LIo~?6@1Es>&u9E&Tp@BnE`L=2C zF*}wIp~qJ2TDH32LT5u!*Ij>0k?XswyQh3!QIc)F`u@fnd#>{<{bx9BX2G^4XY1Vf zL(;AH7ED^yQ#*0G%`f3t>$%#8!(NKFZCN_alKt0-w&>66@;*CMzrMb2PscIul+|S` zyPqZRQrPt|zTGBX@Y0{a1*Thg&*fU&4T|^?@4c->o+&#z+5cy{aq+D6t6qkQb(G!Z zz42gjOxWi2cVC+4=sYR?*%n)U_0wwplCtYnZM&B&_FNq)smyyi_k`*EwH5mhdM}rF zzqX^&ozef=&Xym|kDMjDo_$=}zV7(5ncvQ{SDfi6y)xT(NBFJjf}eJLRhkqf@TTil z+vbILJT~6Cw?)yBD}I8XZ|Hpgk0KW;C){|`NBPuM{O^^-O_J2%zwC6%A~h&oBPw%ZnvW^CG7a^ z`*y>`-+T6#?YSTLWBY=NLMii|Mpko5&sRP96aH~gzUYB#v#d;V_>80_SN4j1)w^ap z``CYmt#a)Tvz3>fE`BbsBVz4=(8pK)i9VS%{cZcBvw4v@CEOMZ1MGsY{40HG)z|tc zHt(1F)pseOyr16M$Zfs+L;4`c=e2XUwtc&OIQRMdsI6QDcdiMA8L!>r`ce4UJcV78 zqpv^Zl2#1)`a1mb!Ff7+t_t0|XSw8#!)J*(NxSFs{1Mr`>B^Gb`|fP~;KcX!&QTeu zikqUl)*b9)j|tg%JK_7f!g)MDn3Je9-E>wsEbG)9qX4>e72zlinLWSW|ZGp7ylM+=(Tj?SA!9^W?kkDR0>M zi8)_+&a5X}V$Gg?b5yv}v?FFy^6T(*y6Ib{oGkdb&0WG|r;zEhv~4>-a{lq?mwh** zaZ2r1i8YZ*)4u8JDm}h#GQnek@VCOrx38@^qE>O(f^+gQZF7;3NVm%eujNTaNyA4onfl+Qd~!8=akez)e)iv6 z8mCh(2fkBTqqceN{U1#QHit#DKee1=lv}nsGWKYmN}uf+L4V~rSETm*XUMy-|53Ew zow-XVZQH~Ba53++QqApKX8i1Up&c^GWv|bE7PX~ovxD+NehBd?04L~OhDrfiQngQbg=fsHOTHpi+S)j&X!EkGCthUiYm3^J_0nuDN2d9t9ZzQMUH0-< z-~O^)c{2ser*3QRWB9&$SKQ2e)%lb89vznsmyh~V&s0(E|6$+E=blp1Gua|HelL!> znx!4_MdPq{|A*x*iXZwqzp*4fJ7H|x_`TP=SbW;XlMIuaad$#GmlMs zk>JkrmXSgWw$FN)*jOaKjy3yrr^Q zSea|z)LSoCY;+K)^^z4u2 z$G`m&-n%5AZTe5CbA~y0y)GKtDb_gpnpv8>)mD4bV|d={p~+jL=YczO-2+tTo~!&9 zx{-H|)Y~_+)*h<+xNGIwY+b8k5?(eHiI+vMa=V!c&C-Z?*(=p4TVU8Kx-viKNqa?y z_Ql#P4;?d}4Hha1!k3oL*t_Ar$=q|i-sKXv&!+Km-9E>DX5x-d$3I-xuTA~Cv7(gI zK;mUbk5u~2~w{P4&`b|RdxXi?RQ&vS>4ZhHK-EBvR*td&$?CY$rFRZcq@Z^^5 z%AGUKHa8w$n)svY{0YTxLJR&gh?YDLo0=%7d0fKceaxllhGrYr+D|MNK5Vjp$?979 zAEjeycT}Wn9abb|F3(wo;@7iQ-brwb}WLB)VYRh;Q;UPHf zYeH4%&3R&nPpWA(Zr;6rVvG2~;9Y%R`BYub>(8{=uU+P5kaa4fUx;(TW7~kMd#ydq zCX4Nm{`kG{yy!sj zIc4&d(BP7V+c!K~lPM7Ms=QjMXT$NOX z)pq@NYU^he=3;)osV0-&|MXYkYyY^e^3+rHqObqF%AcUz4#Qr=^bO)hVSb#c5lw`SXjB{mg7!V7Y3t$MbbN7aj9m*3VVZr?P#! z;FhAMXo>SS*QI|)TD@HPty?3!_LTPi$MdqU{xf-z{dS52EGx46vr$l9&d`LCnp5G4u$L90g+;Z;0iI<<6Z!Oq) z{k^I6^SwK2ZhIv;_tp4One0uVDpH|4tRm=UN=3Xf{UZ46rvd`hU z>?)3TPut>km%i+|7T!|&Ie&!;ul~Cyk6FI1UF&r1_FKIT6L);>`L^oYvb-kO?ip{_ zz4>;kvCrzd@MC_qh%BFbF%DI;Ug?TGP02_J?kNn@+hcDWZL)5U`PN*&ealT=C?CzY z5!*INB;*d`gGa0U7q_w*81_5HO?|}6bD-}wALrYcC%^1f=M+?5FVTvXxzyX|YBEio z)q-FCB~B_Y5Dm(;ia5!( zt1+i*W@4Y#)Tdi={A#r-x3IG$9?rY?XKj>NSN8$G>MOa7VfN;tsv8ogopnxiRC>bI z$e}***Od#WpUzzpA}}Fj{nNKT^V0hjCVpKrTUXatBd=M{_|}3e`VRyQ?555rO%zbr z?q7BKn(3rh2U89(tD6dJJu7@+{hC(_9%1SS-e@&v_2x^9O@4O!n6};T;9$knn%`I1 z_nppH-Cr zIoBpH*eThP6&Gf^{h-is8O0|K(LLdz_C0ln^J=z9Mm^jog(?U*)%EUwSw@bIQEE`_F$~ zU)%2U@8k!*r7JuItqs`iD`x$?f5dFM_^c(99_~v!)f_uTVev}QjYcbG>HHA7n)j8( zU*G0e_|6~RUVWEDxCP_bE!Nxouzk=y_x>$$gGqc=*EifeFyZhv1G@k=!|<@>W-SjF zXG{;Br{Q+FuljOa;kh^I`?SR8Zkup;sq?qid!AXxG+u6N*qnh) zn!tZubYZ&In}f2o)nU4et(c5YJlc}mS!(l5bhg`sDzSGl91(?+w7G**UDIR@qqg&f z*_c0!Io?^y%y903QEk>k=?yvO_FiGy8StR$s@pY(An#`HFbvmrd-VG@pQ%+37==(y!>@SK+{j9J&z8@CJQD!wtV^X+P%qZ zPl$Hf{0^~Dj_`V3HvP;2*_*4wCT~3Pa$?NUwpC|#Z%^Rk^UcZp?)vfbycuhzHD|o| z@_SOt+^g%8SD9ppmn-dDtvRLX#7~9dD6#Fj7dDv0vItp4*9JD6nDF`5+QYSbYTtc5 zA9+rC;aY7^PYKx-8_Y_?#CQBY-uHE5`ikAWt(#xQ>|Jxp@_gc@tvcz}`~EX*_`c?r zmQlKAX4OsQ1&_9F`Mu?wInVRGMc=-=8TWi!UH1Km!Qt9W)!fEoAFYe4WPFJg5oba??@=x~dI@?&2%f3Q}X-N);{$?Ltue|5-fymr*5!dZFRlS|h z9FGf~Y2b0y2V5aX%g}NS^2%oXFU#?d$s*kfpMH`_IdH-n~O6N zyS~c{e6=+UKE1im;W@K*tb5xZ*GJkrY%VTxGv|31@%ltf?25RT%jAtpnVYXKSKGaw z;ZMS49h0M7v0gl@9=t1zd!ykMQsSv#Eo(yeow?kK$d6jHsXYL(xAhQp~& z`(?hc%Df7@|NX-9+kbK{=1aeMxx&Ho_!#*Uv?EiLw37CEBGs1@Fz6Q7(P7DCAjF=HiOW z&)oa}glzdZ#g5}jKJS}}$EL0Ge0hww&ht;$j!CbNn_oI@nUt2Z(Y7x6Y~A7i3Vyd-?dv8ljl9t*Od^Qm;JH*h*jfN)7zb&=NmcqpWAZk=c@4AE`m!l&8q9) zXg}~iFZ{OxTBMt{Q@Ro_Iv%`tJL)$iEKY`TcC~ z@uTrfUtcb*K6#mOC)-}1Fg20apH6m_EZ1wFbo)o$t<0L6Y6{H9P2cX{Y}UH$_MMZ( zDqURj*2ZZ3@LhRO)3K<5`Eq&Gt3A5Qvi7kzuJb+hR(X!p%`2grH)Sp~x4f&p{h|2S zeXh4U54(?8Z8Oujzm;*te})YH?s*(@)^0ysrt&kv*yyXxm-Rg+@4IfT5zgs*&1@la zJ^P`(@T+}FKbxo7?ae;4e)>^!v;LsoO5a=0mqt{?AHDUo`}MS2Q?eXX7H{J%v{T*t zagMoewsOzPr&BJylGFN_)~j?Y`rcHYf^gHBkA3q4E`JffGOOlkJj_Ya_hG9O2-H{Uz;g@)Oz=! zx{Eb#d}hz~dOXcrw71_VqSNuk`8EG|{)Fv|xb1W0UEaGVWlZ+E=Ul5ykF~FS&3<;a z=amnK=bSzMd7bz-hMhk`Yeja=?=4+zA!opoTc{v&{qpvLKeE@N9J4a{8cj=Gx!?z0l9r>7I)qSc!vGbE_$`AiTc1jn%m|iKh6)>Ok`@&fT3HIet z4@8U|#S#-uB<=st~K=$A#<56*Kl-+}Xe2Y!&<4>9r5rW<_ih_?#yUBxbE2L!?Q9!?CIq@ zx^rUPPy48&ANDtta#y77NLpT9-28R@=BB{qDK)nz7hj2Q3ou*$IJwgB_ZolG*X8D? z_SY0>H+;x%TXJdrv%Tt>FAQJCUh8Fg#e8bMvI;}?^J0yiS1)|qFy->H=q;DN+Pb<- zGcabp%(ULD_fdCt_-CPzm=c!jm*Y3y};bMko`|_50OmTJk@ zU&p8Y$@=j0-t>pR_nLW&x$Q2V#GW(jLo|Q$EsL4!RD16^l_%%dT)&v|V^u{}QO=Vi z7pG<_-~Z2$yjLe9o>kwp-A9s<;a}v*3)zAi|c34UTSGGPkYmv$%$=C zRdGr4{++Jc+qy&7=xv(jjq9@`cHfOzyQb`qn54z` z^~?S-{t?*y@z1mh|%{k{~eJ$Qp9Gm{3I&jb4+$4|vwJNhanXkWB);KiFKvFB`&7^ZjBHqjEIxFWaIj%^mp3I zCFgV>^*@=Itdg|jRcLF*UE`*n=l;pvAL5&4ANsZ6s&2aO#tQYVrJWz8k0?1y?5SP2 z!E&uXe??xt@JZXYSuG+K)~&JK58}3XM#hFb+hY@}wXRCuxAE+TEty4EtLB;h_NrKL zzash6m35se>Cdtr*-1yc=099ARrvj!f1)qqx6D7FFP6<_q3p?%!FVR&bIkqLJ=~9S zrQM>fdyPUP+88ymS98tDDEi9zY=-5zS1z;9-FjlDaZc%Skn9cJ*cq3#o3nY3&ur7;biTH2p?-SUo1IsehsnLZ^Wr~4nmkkHg&!=hjsCujXbal8 zdY}A<2mMFChlhR3-Kc7zShqF#;oNVlAMmru>hk|us?t;bY|B2W8vkqW7S8)t>X)XF z%5Hk?_4#>0?(;rOoMh=Q{v$s4%GVV<1t&tzPk+4J^vyl1kN@VDewgj{p>^x-yp27b z7VoOBTd%C>dK^08jwctJEJuL$^dFs%xNq0|wRyT9?N->xFMY|g`OLkjTy{%!xvlqpgnx_t z@$=ElwR=1tSqDup<1jY=FzfUA8=vBNv;Q;5t=U>HeOz{rp#R<{6ALU%e@U*T_q6 z<&;{g>u>y?5WfD$_u$FV*OwQyXIKQeU)ve$C-L?{>huZWf3gontlI0pd||`VH`j|B zuG?AEI9y$;{NYN^r^x6z&Vn+!Mc4OPWXEQvU(+=|!l7on*SBo)%V{r*j#(U!_d4>? zzg;IUH!i#(k6Gc`mDO=6*G^x_+--ba>F?e@ocSMG|H)%40KC@@Z%Uk#5_V3-Zx7S{e4iNjk zRAyPLSME2Xe^=K^&bzAr=Hmyp*s@z5EN+r9m1~k^cs}3SCEv4uv-+Fqi!;qW|A>5S z9HYVaurctRdvZ+f(yeFr2yQI85x9jpX8ZA4_pq%W0zA?RReH=?ZMvRLi}unlUL-j+ za<5;v&)@m~SPc3uMXZ%eI4q>BcW>|OD__<()HCPZI)C`%x_Pn(q%U4+{Cc#;H8J-i z(>dmH)w2hJjQD(WDzp#T%h&1cei6sIYfq);v1A>ORt9D^`mU+B-dMU#z*2~ zuCKhGbt|rONme}1y3!@ns#i#t{4U;cMSk=21N@wSOg>cXnX`XZ?!nT;6FK3L59f1M zNFNcKJ~=Y#=XS3%VnKVWuD5ruc;)$NFTc~&jG*xBo+$M?ejnIPvp9dchRo238L?s@;)^_dAv3!>zmZR&WzkrOP3>-9Y5;*-e5agx)w zRt*}Wq;vAlif3CRdzMRY$<&$EqNTBY<;Q*Nf7}1i`@7^yzKwXMMxMkP z2Kfu&oR7}msDAjpQ*hSd!)wz%)gG2B$bPx{Zn(>~>+AMdpLDhS>F#{COr9rq5BECj zm%sizQ};39IlN+R__n!vC0h(vw;T?bubuw9Z|{EwmTS8dZ~N{}sAl*7x3%(oSN((e z^F>Owm2JMX??U&*#ZRuk_3x+?{G+t%(%Y^2+^^Pr=V^#>d3~&QwcPD*l^^ac7irZC z&sqKQyT9r5Ylem4o%1&xI{NDTq5Z;jr|t{anDy%ZXJ~yF%3dtE&gk>Q;~gd^xlSi* zB|K?bwm*NLK@Hm_8~r4?ABUBM8z=C++j{>D&ur{Mk&v|)8v!C?aBdhz@W@hZO|G2+hPb^wC>X~@(VU?Ef*Y#ch86HfN zXQ&BXxkoB@$*yX#pEdg&{%D`sr(1teP}=wM)2n~vA8S1A(X>{Nk$)PumQU?i@IRek zo0kEL&o2DTe<=Qk*88`~ANt*Wxextk5ZS6-A;{Em^t9;XzLx7-{#gEJX!`!|@;v#C zwfaY;eq2?WlKAghvqH7t*$V&e{|pc2%oi`&>sDurte)T{CP7Woux+P_=*i}j)XAL7>vUR3zV-o)Lzz@}S0{=lp+ z{M_{i6Y7{N-kERD4fD0j3|Cyr!fGG&r{ZdzSjBPonUCfjOVOxHxH!T6Wu)5i_{(#r zMujTxIIEw1_{P+CyQL5F$IYMlJNkkDt?CEyNBzaSVeSY8!2Db zt4mJ{U+5M0c;~ANXBD2Oop=0b-?#o<=$92aQg^!^G#SQ~rpou5*gARd%zsjG_guh6 z<;?S0U)JBUJ{rfj>m&R82m1wHeh(CtPTf2=Lhviwo@u#B{~4-1RWB;bJY0QXq2D6^ znR1V2t@L|2O>d9*(pS4y%=`4g`qY8eyJvkr&VHa=WBZ|Xf7gY#(L27oztW!c;oauS z>W^HS%H^q@2ai>}j(hsiKH^%PRfXH_!`HqosO?hiXQ<*y|FUk|bFaYi3!gU1Y}yq) zU-E9n`J>Z*t-c-c%GkZn?xW=DUFApP z43U5CT~F882~_Ut*t)+v{e0t&^0UE$FxuF@%+BP+asJ5Pu3RfR^P1?- z4aRY~StiTPRjQ^K^QXHy&J{i0m!mRu#>u|y?jOBtD^C4qI6eOm>nA^n#ew37?K{LS z$!~Ev-?x~3);IYkd$t1J-H??WW%G0xSZmmm}nzA#e=Hp7& zk7>WXYpr~pTxU+75OH1fKLf}0BNltk8dZPq?fiYr`D|_KqxY=>%a&ZY@yaPs@JNx? zw{`NNKQvdpvRYZGqQmfD!L!{OkCw}x*D6?UQhEJ=f4jZN{)hT~)la5gFyK~9syJJl zt=>=*xcKEn&y_d5<$fHytZ?jo)#Bf#fAscknDlVH>=QxP2_Db8zOLRc5%aoEq}DoO z^Nnkla>GgwCzL3ETIW;r>*~2PVrCVV+F2EU?{%(mwGmo6+w3G`4&T&Q_r$N}Z{_E= z-7~=?U+Q7#j=Rxy!XNm$AMNMm_1L_4<4-?}by@ZT2Nz{eei^m)NS#Z1)_$Mb?6bX` z!L2i|cAin}UGb+!GdkdkY4Wm@DF?fgmwTPQT5_`F_2vA+D^hR1t}T9ec4vR&wvT&v zmcH8EpjG?&u<7}}slCxKmtK zE5D=s+r;R@+37`Zr5eQR6JN%8razv&f7?lJpPG%Q3~Z!Mesn+bpF!wOJhybgCHINj zwtvexebeN8Ow;|t`;&!LUspC3h0oh6H1LD?NtMhgS+P>itAED!^Hxzg#d6kH z)~v4yH(h%=N$I8#zt`?%nO0nx$G+Kyc+9`^d~4BCZgmU*A-2$e|)d*8N|eXD%xrR{qR z6U+{ui25X9Q(e8RBKIrn!~W2(>lQ!k@76E9;d^ygrO)GM3}4qiZeHCM^IUnYx6mEF z$4BldUM_k4(5!#eDJjR_H@an*W1e^HQ++K~m9jc}#fkZfC;8mhrdQ1OnD;p1-=)K= z*9YFX&i(jq+H3!bIclAs&1K5g+pSs~wRhsn#0@v1Le^bt zqoR1?mHn@)cW#~h;D0<${onZya|AqYGKS7x_$T{RjqQikG1v8$HhWa^&p&rQs$ ze+KD4c2|~8yCg0=FSNhv`^!sB%TJwG+v`=d;#T^F;2-%9-?q*E+q(LPpUGS{PMIga zF8v6*{O~_R``oklnmPO~*(AJO$N#YXkD65rQ@n_^@pHz`^AF>;r$5|L$}JkX!1+_p zB&+KzbFR8Az7YDim&@y~zvYk3k7AiaH%~h4w6QlyopEYaNIWCo(ucRxcjW6nzI%9m z;^e6P!h7^n7r(sZEu*zW^8wex8rACc&I|7F%1qDmJGy4k@-RQ0cgtSXde5>pzO~NO zTl#rzNc@^S3&RbsE zDj$3q*SW&^@$Trtv|Hh`GcKl;Y1PFqExCN?)SPuQpBG;q*x0I8;?Twgd*w4j*UEkt4Ur!H@V#++yey73M;Mx522fS+R+3U4+o~yr(6IrNn z@~FJCv(QSt8SmSNfKfMp_t$!44!s9q+6&Lgu4~yr0z3L>tJLmJqis@E&j{K9jVyAS!*n+&xJ~BaN45OM<5?mG+db&Nv-%ZvTN_ zveQ=hxShIt_xOjNvH#>U3p zBagd||LE~Q(l2p*(fZDHx;hCz7f-tRFX-NK(M3HWvFFO)s)xHTG~NGZ`iI|d>u-ly z^&a+kto81v=*ov{#hyD~RsFEHZRgV&$2ig-bmg|KU-ROZ&90oN`SVq>H(8cHF5jD6 z5$=5L>1VyK-ffZ3lFB!JUpYDK!m1Lf+*469@yGW!2WIVRzURAQxA!04E8(-V_K96p zzP$Lt8j?OOjsx4(DU$L)Va+>al1 zOxd)r?>zh8*8dEzuigJ6X!cC9KHs1D)?K$vZu&BM4<~;2t!?9z*^xi-VA$esQSxh7 zE{n=sSvKKFGUE(Z`Kd*964|!K$Jm}-GrN~^`uXel&>yoMKg3@BdUfr#=_#>&k>8q| z?=P*Kwti8Cwa5OcY*Ta8)jLJ2!Y3?L4f2(C%e)-^qEi1@clF=WTd%G#t+6~C^n-V? z*R4~>7{hpP?OkNgFYE8~+k9%Oj*$5|m3AGrYMJmQH6}m!KRmm{@%49fLY~>fsTJHm z!d*Ge2^4r2&lU}ubKf}WkNt+-o2U5NJ>hCtvda4Rwe%yCRW4XP$p5xJeDlRMIZB__ zE;{gio&BSEt%>!kGNnoiIhO3(rIFI#eBi|Swce**ncPmR$T?+_T^#Lv^w}lT%0;?Q zw%KM+`Z#a)im1rb$_wQc5B_<5cc0eg8nbr4?Hk)HS?}zNndC9|)%lJ+oDa{IAAFI& zRzW;i!6NR_reEDl-WT7maan!&Nx+34%YEvF@5Om_bL~m|!IQo2Ls{c$=Zfp*Qbl@C zkGaCLf+w@Sx!00=8YUS)1B5AA4=p z2;CKKXE*=B^4>qbtLD0UZqT!DXBXw2e#l?wMbz$XJ2Qs=V+1+_r7wv6wG`jWPa5_e#e$`%XK4 z_}izmc6K4%D)Ub*=eL@$a(Qso*M&WOyCS~GvU`5W>DV=|d11uy?XA-@mqHK9{Jw7d@&4g?rdLgObD!tR z&@Wpxe_yGLz75yc<*uiu&wLiR^3Ch`g-`!8u-arUsL{SuDp}*4tg&OBS#+6T`s7(p z;(iBx6kAwWo4RCU*o3Ke{_2zCUO()YJ-PUx>h#_kb)F*k2AdNMrZ!b)=Pj(dwYG1< z2KODJ0xOvNzCOQF)U@$+V9ePqHE&l(RNRhq-8}oC`B^DBDd{xn{fe>bhxhYT94xgi znS9_^>mKU^pO-c^{Y%@|wc$rI? zm(}z6hj!FvAO3bB>!P#HyEG#Pft4q}t6$o(Ty612v%imb>&8`7A6E8`lz#K=jnWe> zhKTFB%RLJpRv+KpqIBrMpR)o|h~qC_we`Z= zueQ>mm%g69BE;FUVWE~mE&JZoimXqcefNoTYnqE)W(!kDog#m2FaP282en&!!pq}A zE?Y6G-)bwm@Aa@w>D4{Wo+S=S)#S_!OFK?ujb5JzU=vIuh!@5j=O%0JAbHN z=nuE)*&}wL2M$g%*srrczP{?`ndkizzS8yMh z9`^a(y}Ob*7i9!i6_tm#{Bg5W`fz8PmFeFLb9H8L=rapl{QTW>-Mh!`SGT-Xx_oR_ z?#un+*A{xt+;nln8(Zx~HLJwZRjq`ltm{j5y=ofYTrZyUzQp6hTRnlsgLOOp6vlNw z+Wnfp!%pf-jjQbRo9mTTpLfXoIc~X5`shFH3#IRQ)`Uj|M`z!PIa!=tCfzA1ZSC=0 zCft2Z#UhQjxi-~HT_$G!)7c)ntJR=pCOePeA9ZEZV=G^llpig&3oD9~Y7W@Aee3mi z>jl?bn9;*yUh~)C_REO-QvU>hI3N91_+#^-0@Xd+1BFY|=6^cnP*7mad|mW~o!*Dk zz4O}@KHAO`JNra%=HbL3zlLjRJD0qgCw0B#*|prTYU|ZO%DXxn!;`;zzKu0`pDcAH znNwb+;`8BI{~6leNS%9jqfut|;tA`u9KSC8Fm3s=iqmeBUH9F5zTm<3d+b-j_tp4) z;9a*fyFewOXHw3zyX}@=MIYQ3+{gK2_JQ*3N4&c7r*e!=iYtFyw<=Wl;+%JE>YXVc z&D!%!bh8XTDE__u_V?*o>(d|XAEN^C~X!wG+{ z%PrcNw}sb9w(^MB&%URpCBA)NG`(3dJ!E?DrKEqCHXGbkzgsH7|Kn<{(YMk~zf&4h zKegRtnlmx3m#g>4=j@=32Y<}^_UzE*e}dX8Ik)x96!mx=T%&wt`r%(@yB|xp+r{qS z%#^b{dEV>I*L?OD`wTY;b%uDgKh1kmC3S4mhubgj$?f~_^^n3%vvQ4x(>JcWmGxZt z;)IN<yOExYvVM6@9SGT-FV*D^VGIqGx5%pvvo5nmpI4G z^vEO=(| z|IxXO4>D{#7c^VxaaYzKj*4U5ynpt?*o)KdxJ5mXI9|I|yJqiSetWj_bbZ&P zANj%2`!}B6sB&1QuzV>hTnpd5cnEdQhl|XgZs-#tu-4kmURU{v|vGZ!l zZtqNC>G=xj_jb+~I{0ut|Etq%Q`apB?`GW1JUL?8x2#{qH{&F4>lmx~ug#vTeLx`7 z@aC(d&t`1+bVq)7Y{@xIwGgXoo#{mr?%wydJ9;kZUDm#ZYtFAYaP3#(Zd!1kVYJm8~cJHaKopMUC~tZ`&mf zZMn-DlU$;{a$zCwwsp6+cAPoe^Sr)lbN<8GbK}^zUs|ic)A=VQZIkXl>55yAf_1-l z=3KTFKgYE8@PnT<_UgCR|H;pnjB{G^;8{C&j>U_#m)`?#oi1NkG0jP(w|yFWl64q= zM`?Di-_x}@CHcC}31_$K+*t3n>+&DjHJQm#vo4&uz<ZtYf^i zz$o`oP{RiKsFpWp&D`g1Z?*}qmHW*tnG#f&rY!L~(rSClyOP%1YwpTye5R7MeBF=P zkN^B?*>L~PdBHFX*C0m8wY>a(AI;Wv{ZlHhWV2MB7_~BbW$U|BMwLGVGR0ozu)7C- z4tM;|z>%~4mre1j?PnDj5_T75eUX#9{N=})%|>ls)pq`8=%^Qcvq$#fpIh$FcRgX1 zxf*+tKUzAC*V=J=#Dg6k4R7v*TR-9#erddB+O_F|HZu=uxw%&C@37N+{m(4uvbXL6 zhL3YH=n zAi2ZM@@USF>SNcf;-;~8zU?`$e>co##VV`mhj-g|g}3=Ky~;2u?D;q=_q)8gX6L%B zUsWeQ-SXkMdqDJb);^Q1ZEmga9h6sTo~_#6zCY!z|66X=!*~2Af7bJ}=X!7Ae>3a4 z_syz(4Aq_PDnC^>Uz;=~ccIvn^Yiu?ulVD8<yrFsg zwB*Vucej}IiYHI_aQw~Y580k<&x1CL7tbp@b9>{@>&eS2iVxotkG&`T;fUEo2J6K= zTw51aC?DT7Yx>3yc}oizf4|H*QdhB7`aN&OZs!($(TbvPx7aLhB`Zvf_-yRz?`-wz zUG(o_k<0rWPcZIS^K)zHC%_iiw*5RT{DiExBAgXleH{W zF1ruDO1ArQGoZI~y`9>RTX&;w9lBZI&L=+W>WA=t8`m|vU(D0HtGnlMQu?aN_coa9 z_7{FFzo+f&BCfiRK3w-c{AXy=TQVgkK3+7%^1-#Dt-aH(S=P({JNHk2*R|-759=1S zvD++Ze>ZFMg1R$OPfxr3+P1=F&8g_*1m?KiiM2~Jqr780SGfIWNS7>0f7)6!&-llZ zSx4&J+a6^USeC8`o*ib^6}E9<`iJEY^Cs9GeaxG&+> zGd9|+oRocT%kIecPk*N^*FN#&x$dkNZ&I2JKfCa;vvjrZxDsUcm0$SYyA15bBF6pxU&tSE{-n8@{_YeKW6-8J17K-F+t*fuF zJnQ>tVxZSC`S!e;#7CO`-)fvR?*G^&9BVi8!QNoMv&YufoS!&(=jN_^UH8siyZ`1} z;1c%VCoEU=&CRtE-+%SMe}=}dE1u`%W~6WZH#Obt#Qo}i$9s#dTCVF(o*H*(W!A1` z-Pr|6mqR?9i~eop*drGm>uV9PSlxD|iN>spJ9;D~cbBfZwY*p9!yUVla%HvYhv zc{@L{KG9sBAz-t#|J;uQYnFWY-cjRQqIOkHqveVIQj6OwwRng&&PUnlqXr6pXSx@TMeXAsVoez&xYr}(oRYxezDv!-n= z_~<+B!DCs&uo90+_tfTINVQ72cA;OzGw<2E*~?ze;+vtnI3OjJ)nSdjz^e(1jeRu} z7WY+2b^ZF!5HPvq_W85lJ>Fj1uuftBRrNv%yZPp8x!nr_F09u5xqnBp*xQ{)W4BaS zEYLAL&N3_MWwU?xo6not&Re|7RP||O-SsuE*k$JAwk4g*53e{qqptj%__ghO>_6NO zo%FoqWAF0$Grq0(qrUWZ)cJ3#8=H5OtoOd8ulu|+RQZ;(R=Un^lYtfoyBe$S1^44>gcrD$7Dwn3+ zI`Vw0e{QM)TXx5>0~Tk!mqmEzOQZ*Rz71FJi*DR9ch%yBFZ~QSee&k&O)rQ|?8%E^ zD*U>Z^Q)}6Wlhg)!eYKGwBMou#S5p7{FOuFT`k^YWgZ znJ=iX|GuW<%Oj=Wf15>TuKwe)@#2$;^?H{JA7_=lj>%j4QRyxZ z`t-7YrDpoM`luHHVQOX@@7}3+x?VNi>8QugqAb>r-xlW@9^Ft=d(S%DI3;5KUGEE@ z!{nYP-e7y=XYnW7Qe&~pWozqr;oDi)TFy&!9%H+F=gR8`tJjwPyINQ#rn`sdbIkkp zFVUxWx-{KAS2)iqygXTDR_z9H7Up?u+4I7pMHa2|U-qN!yvz1ak9;=96=}Y;aMjq! z@@=(&&Gjr*m68YZy-t2CTV^sl*zlmmW7%ET!gj9e+a?_QQOC-(d$I2>r#aQ(b5Cu0 zRUUNj)SIX0JZ-La{P|n-@?F~8ZRW+ZE^NGf^~RE9X36twLvlqdby+SYdWVEY98{NF z>nrY6FBH4$_69+h{|tNTuBN+uxHDbj;)$|03*EO-Rddhww|;rN^rZ)5{+&uI+-6Y$F#Wc-pwJ`Fq&&v$s#1s=evz^bgpy`NP?s zvOu0w4o2pC<3G&n`_;2Qd!pA0W>e{k}lO-8lFpJbu~B4VmAPG-P=Anl?;a zZaa0tL(V2fp27lF6~mNAKDDkMk8;}XdvM$_y2Bi~WTNT}renPu=2TridZVGTwPMwK zgWDS|SiY{gz4~*Z=BDi|k5{gBG>*C)D7E$DhTz^ip)YD|i}* z=G6Q{n^I?qeH7sHWWTn~;iQnHO5MDzapEZ_66a|cy9sRRKE5=~V&V0uDS`cSH}HF< z-FU|^G3A8P=2@4Xhwl9Blb&ExeLeVLJ=f`KCASl|i_Fs&1qX(wt&9~lk>{5ei0fG3 zr0itAQS^nCe%qRo6%HQZMcl@sm1}->zX<-=dn;p~_^fBn?WqsA9@)uszF$`PoVDAo zsBY`+KTel*w`Q|!nB}yf=!UIpYKHcr7iLc`~u6E?u)V;{F?b+J3jJzva3)p?5r|R_X?x%-F}Xaa-$py@tmUVXLB^aBHUe zHTN%Ax9^#+eF%?I?&{m3rz@JIGg5Af-ajM3WSf1eVCw0`-BTi;*D39*&g{{7!(qQP z<@S$B5h@y+K2(RNKkDZ`zWR2j@bC+UMX>6;6rr^&*!_|1-RKy-;Pc5XV8EFKa#icdLGs4e)#t6_E9nJQkzu~e1`XSdCySdej<8+d2c2Afqrqdi{kTJ zbu7+S^B&o7C+g=$4^H+4w%Hce##S4@&piLS%6I9JoJICCxE^lRRh?AU^MLVemG70L z(%biM?c7`L+nbuoJ?DCi){-?v7Ox6>mv5P`#bkJ0snoZJ z8CxycHm+aSvnlsE!~YzkxTW(~y88WDpX~** z4n=Y#d8&7PDR}KXZ_Q=5(z};WYO4M&{B^CZRax&&!jrFSGCF4^i^r5I?ULucv42kB z$5%_jL%oY+woHC*TmRtQ!fzf^&K#NZoc(p&R1?keO&$@vM-r~j{9|%yiNyUm0t|Ln zzt|r<->Uy;_m7DkHzjxu?$tiB;?l%7mwgXBs#9-#_?}_iqz__~Uc3*F`ZS;Sk9}?2 zle0RO49{7@FV@S{2&=7L-)nX2wm?+Fs=}8s-=;rUvE|F(TRi=Ne#U827A|aDSdk_x zclpgD1G~6I>$dLfGrOf-ZZhsc$%+#8@8q5;3l3wA4A?h3DuchWW^lQ|H$gmTcMuoyKgj9 z7dMA2k;{Jg`TDG>i?oUsPrf#nNAbM+msNc&#gbCfx@9hGaANak+Ijn~YVLJbN9F$v z>tov%&JdaN@pa6#ttBmHewAxQ*Q8x*vuISR5qp(CSUWz1cdHFk-|ms(jLNs~9v z`^q19Jn{QwQ73=(ZLXE?`%FXI>(!U5{4>3swS9I{!m>TLk7t{n+GpTst6in_rfbsE zZi`s&P`2>gC(rxWI%bxfof4)zCuH)=qswodzP@4gt-6L!CqFf@RUTM(JzK7R>y>Ef z&c!T^Q)NG&&B>IS{bbUeHSF?Ql4m_Hcb&_+^gtMEpY^q+Q*S6+zKmHD{;=&s_4l>X z*58<|H_p3S$h>OH4kvT5)!V+e`Z0&w=C0st__jK;iu2qnUs2)3+xG+o z)tqqS%$nUBT~c;~uxy4J>nIfb*f z>8Tuh@yTJ)vE0p7=OYBY+ib$lwyn=sN-mc;TkxOZ7VoKdkCr!w&QkoeU*rv!R`lG} z_uO8UZL?n=wbW+8lePz8vg>xph)n$0wORDj*#mWj!G){5i@)?A{m;PnB{uAz=aXHP zk_Rmf=WTr`FJhyw+Ox?$pYzc6d&l?Ix|TjYzf$7ftF)M! ze0MfZ+OtM9(rszKzI0p9!jhW5rO8^yls}(PUzYjtwyfTPnJPMG51e0b8t=P*_qDIj zI+IVi{V9AO+q$k{`VpN8&o3+OYo7LUp41Zihi1LsD$@7W?dCiibk#(7W&G*iZ}QaF zR+Tr{h|Iq^>8Zo1#|+`|58mJW?0;SN$yI&E8xjl*uj5U_g{2}^#{8;^bd9=Ua`EH& zqx$TzCyuF1o!z(C?(4zjhv$aWJbIUL@SEu`{YUyYuRlCDJwtW><->-O&u4wy-~EsM z!?Av0*F`TqcF21D&AxT;dC1j8l~apse4-~^`RP+*y8rP%_4V&3WHcX)+B#*)!By6R z7e2?n+p7F>lY!w%>kV$&SM1aJTYuRfiT?EK=&TvX1F~NVAppX=gR z{f?-tp9NXrjE;{b*Udis&+12avclAN={0hEkK_GoLVmbEkY`sZ+hyNAaqh;G&$iVG z)`)*#+n)GsZMAFnGXJeLUvs|odiljHU+u4P#HnV_@#n|ietdLa@YQ{uxAQ}HP5$2J z=w|w1-}L26ul{P4?zUrp9$!*_Fy3^ny!*%Vf0XQGT9dYH?Pm;MR+Rl{ep^}5tAEB@ zw{cGW+zy&?n|!@ZiEl}0SDReOvxmxG+`q~GD6N0!&k(s{i(Sgo*bRGotLGnCeeCj< zODY!D1+4bp{6Dl| zZ<}NCTlZ)eKC&06oh$HG_txH~^WO?4zIilf)t>|D&(_Ux_41m#q&VTAmD3sLi8Uxrr6l`gN)KfX__WNUNqL}tN; zHLm5q)SLGi#@^I@x^H=rumr2b=eX(Ohh*)zrM-9WoEN!-Vbb%Z)$)hyxn6$wk-Ii^ zdyuH3r0CN}o2};Tdu6Q=uxxAk*;^t18Kn1E6n^V`n)u!P$)mZeE7pJOxVm2Ge%MEu z7i%0CpC~i!n?L(dRkl;A7{{OQkL8yZ$_v*RFLGtRUpuAUtpXgA-yuwgLmq=dh6^Xf0X;rI~O$hUF=SE)90VgugWeuo2s^4 zf6Cg1g{xQn$p2t;{OClZIAb$@$@Oj#8po#FTztMK_Q~Voc^}&r=dS&clYLR*k+Ek( z!>7vEfi)hxrSuPET)mySL;d6H*ylZV4AHlbip@`Xx01W$>+6{J$L6=p)BL!s*QwP=UaQG2RQ=YOYt!+(FsJa!_2qtn5%V*3 z`_#2BJ$3Kp^$yHcymQAw;-_EcKe>-$d)ek(xP9vF&K)P#P5aOAfc=QIcfDdxn&y13 zdp}G+XdjtwXVC6{Em!&kk7VQfxJySafAb5x@*v>*oAXhByZt>1}6i z&l$J;7@~fehyLxYldGscJURYGMU&;S4&K!gC;q%XtMsA2%S6}Ksy^=y zyQBCsIsKsNm5TWf)mv?(mvr{6eRkTMt9VX$*UL>c9#?F9S+8j8m>oQr!sqZh?$oFK zUDLF^fA+t7%)nGN>+@=-<)%N^mAg$5iEHowlXA&U{^hiuTXT{gIn4}wd2P@3L!BSa zsZWZ&%ONS{vwnf(`k)`zKb#J~QmT{?bn*gYT*-VMQ|-td9X;}1-!^2;-?;U>(x#`Y zSKg{|Zho-6+s1PF%^%(ePv_bcG?weM)P3CR@HU2TXat8ynyESYiceb%cj@yuD* zFCR@6aj7}15}y2MeVe(MSitSO{WBKWbbVeOyq;_Qq;Ix+%#=B$!X~@--1=kt;rch# zXN&FTHJ|R8YVk78b>%Cu3wKWnY_s4iJX%|x|DiL#Mz=uE+g-XRg>UPDn15&NBxkuz zT_6AKxng#V&Z~p_lCmBZ{N)$_peeO)EAJjLm)$2s8RWixU;k$5!?*Dd?N(+#`p+Qn z;!?*ngJhLto2u(QHRgY(>TKC$n$k-6~VRe((&Ob24t#>FiHx7axW{opRgf%i8*f zO)&>tA0KbLthU2n@Q>EEPq9hUglri_r?31|v+>IHH}xMT@XTWfe{xN3_eXp0i-|X@ zS6fY!luHiFX0_OD%(?_q~(>$naOHTQ_iir{wS<*)jh|=Bml+tu`?i*m+y+cufJHZ^_Ds+_Bky;`SNA6X%3R+KGE@Jk7g#rSZOJ zN$zpk!CpVYKeAZ|Oq*`6Ad`B`es00F(?6&0Uic=l_$q7W;_i?BO%E?E$X@Z3_l|Gu!_fZeqEkUf{;{DMYwY#z)tfUs;yhgoctTb`-2CWu?XRvaP0ADey}G_=%@TNuRoCS5vKwavBc5!Kxl*5Y?Z|4E7t8yWw%1$|eq`Qm$}P|MGs>=S-SekGohR46 zznOmYpVkNd_VkO3J}kfaZk@^<{ksLHY}rNG8*B1)qI$&QloEAUd2r{6zP+dRasHv) z?1yi}myQSV+;%u&GwV>k z$ZNBxwMVCZz5GV=pl+P`x7tYWhjx9U1$i>(GQMf^_uezvdr_`(tx~^owhMdI%JPr1 zkI3_X5x-he`M6Roai4&t=<~3BdeylmZks0WUTNz0J6e2&%cgfRU(|LfPrtftqh;2k z4YO`8zV%1{)Z13Om&l_C6De*JnWm@39EqfFnz2?wAQ@;I(X5!Sc zb(h{BjbopBuR42+gGk}-y~$C1dQ;YloY6eb8<}<4VsG(bsr`p-r9SbR2TV9EakkM_ua3;6i7 zz1dE4dxxp7XzuSWee2l z*gbXE^}>ZWZok~vvU7WE&kn`uYb)b+{!V`JeOJ)I)TJD=*V&x;&*1fJ>-$@qo=0|> zH1g;QFtplNZJEydEL82uqe^b;gBnFU=Y3sSQSCId=C!Sr!Oe$F`Fh*h#V_OJVol-}Z#p38HS2@E#2@pI@~!VvuE$;TT>E~VRKyb(i(~$x z*Zv59>}%Tf?!2t!q^oo0Onbuhg}3}Md*hmSylr!Nx1OD4m*Bnhj@ZWeyw3v40<9k& zi7eHc^I_ic^JQV;-{TZ7hnBqj=iRd{*<#)2M{BC~+>;Y@O*tcIQ1&_Y%YErRd>2Ie z4@(6Ztv~Uak857#>j-oCEurhWE_KI>9eUtZDRlcCQ^$vAnfm1uuGK_0mDaAFw98KK z@|N7V{Lb%Y-=$J^O#Sw0`L%r;FYHg${_E_p;p4XUb*@_eOdA^=@9dQ27d?OP$L+(j z`gZDVuYGVk*koOVMDh)h=Nr~tJ`}%|ziW^3l5G=H7Qfm5>73D?1+K`z0ehOt#K%oyUI7#&fN=+}g4YGg27k91lL*d+ztQx-D0? zOx-%^lli@cDcUCvzK^$gIbS^P{lRdluZwhaH%#v1G`&)HE?#a=;_8=Y@=Q5X9Mzak z+>|(*sH1Wv-rjlbawlc~zwKgQm1jOY&wq0H zv7WL@cjf)h;{#sS*?lx``D4o*8|(4r^?|f?#YgT7maeVyU1Z92n9sG!#G+WZyWP~b z&+_?<8dmR+^7QB5cK>H!sk^u}dcFGLc^V2E53Tv|!CpDy*7H9C`@c0@$({dC^l$63 z4X2Dw<{N|^x1BBei+|a@*`7Af8a?0mme$GrSh@a3lw(a8`DG%B@y8bo%)BfZ1asJW0np^V4UiFq{|1tEGdLUQJT5X%p`s00*wPtR; zZ_CE4vwF_;l@+)DajJg|_KuW4{Q361#_yqSm;17h+a&&Gt114ldc*t!*W0rNXIxge z#xLl*|K3GgE6XP$xso@&|7U3W&+s8+t+wOU;LwlrTlf6jardbggZmwg$M?;;esI0akIH+z-Y&Zur#J6XGK}01Rk7NGRk1R( z-FXsk%*rPfGm6eyYgL+>Q`_#akq2 zc)5<_cIM)+3w25_ttOv1_&D0TRmawXZU4L#HTjRX%=%&3}Whi(aT@k!6)Sbuas&wqx4p8xDKvY#&R^zLJfoUU+v-5aa|8*SeSFF75YoY%5VC||FQp&`0nVrsX?yxwHB{KYaAczw=O@@ zV`7xFtxP&xLgD(e_lNU;XnjBE{nkzWBVT`g)=cSbUeflb_BH*e{~i4A?0*KKb&Icj zsqgr9(ac#Q?{?m;&)EfUy`pv)CC>=iJM*h{c0K=lHGxyH#h0A+NL{$NQwe)GvFf^Z7@ugvyz44y&*~`y{UKQ~6JkkAE)V0NvaCHEByF%MZSNoy~jl*9e4fRE59z~Sud>dS)=)k#`1Jsm)$>> zum8ilt)B1oxk-wS8zx@1eSKd2%2$2)*>n94y=I=4P~Dep|HyCgBmQow-DlT$Z7|v< zvVLi1g|(kQ_lrx>=S$YyHsJccYF@0JZ`jhHGm4VtwOm%_%{4OD*=`>V*fY`c%p&tA zzq_t}u>UHLGV?XcgT-)^g!PR&2Ers_)AwoMBk zOl~rsHSh8H*$p0YO{*+f`E#Ghzvfd6*dBbLMzH*$zJTxFPJu3=)B}^^n%BRK`Zcfn zK|g1<rZ}Xok zsl%M|pl0jcSKDvJwzo*yU0SW(Bl>0i%%iFA+7yq;@-IC6OmC^E`EDCwuMe9uq-Nc^ z>9kOE!x6r@+1E?S=QqL^= zxCaCo!qjbDK#ZyS3~y1`F_(q=XrE9 z)B29w+{Y8lA_UwY$M!8>nYlmJXx(a!Bug&sma7VzuYKL}SueIncWROLnZv19=a$^E zwVK(>Rg$vk-2KBs@i%X~>b6u&QIOYmt*9=2`2;*^50 zx!+d5KFNK$z|*#<>iU)Xl;zxaeyYygpK;krp6Au-q!)4i)0Nfs8vA_g?YgBVvZ?W8 z)W>dV%?BqV{{n(}s(&6jQLuY+Dy^{r3T zpTRgqZkgTHvo+2i&$WNMGT(7m!SVOa$JZ8r{1disyPE3MX2Ax3%QYHLa~Eem3*2{n zab}(2#Z)z3CrzHY8{IqQs`nbcE76$a&|Grh%lkOr`o|~V&bVu>_o#SQ!=Ix4T^GN+ zc(-Al!C~8~>x=z0i+dMUem=99)9l>&!}|_7crQRVK&&yUsF zKdfELeB_tu8LdUzUdGuJ@w>?KiQM6{K;H(zbWpS&wqwJ*%ql@MZ5JZ zeg=ni+s-~zy4T7%&xkgpR{Z9@kxxi zPm-n|v0C4&JmcPttku;*>mqboX1$9H@;dQkn%$?}IbU&B@D|S58duR2aIIc`t``2Fo;B9?orU_qe{LA^z@L-wMw%x1$-L@CV-xHWKF-!lE zCGVZU{;AQ-jX$`)+y79AKfH5K;qQ_c!Anw{mqq!P8uvdu^q}7A=j?AcKKASv*q^yx zrs9E*idB23UW$`{C|?NwrG3Z#Gc=d$FS+=iA-gl*!Tyu}nV9Ni(^nT4o_4&kYihpR z^VeVRA3l2dPk2H2ks_rn%WZy5j@n$q`=M@?+rrXEFUtiO|K9k|AazF0*tb4>Lbrm^ zk@xaZ8&_6*_q!0K?LAF;$%KUP`BFwfYN3f1k(<*#KfK?%M|Ww*qHCuO9*Qh@@~?F7 zhg&D2B0aYi{Crg$qu*n?mp^c;uiO1Vh5i`}@}_n#_>(l*bIS3&^HVJzT=%sSmEPMI z8Pen%^L^LzJ@F6M`bT|~Yh4xL(PV4)$FSkNv&4j#E;#6%Evq;0muIe7pmYg+vHugsI0e2@%5K=Rren`#r|hFa_Noj?uk=$Dn*}d zw-D#w8E1!Iho^{%I(Kg$t=g03U?3?@8U+BJ5k45SP zhPpXnsmm6x&73tmPF^_1Bj!_7-oCFV?p5@?57_EmojqZpIJ45G{QR#oZdC4SI5h9> z>#7Q=*=EVXvfd^AQR4Qu&AooLUYKrivhdpO`FuZ;y=!euHy=CDxYIrB=Q(-tdrEJj zkMZ{LW#@bTSotWHk74yH8S{nDHm;uP`D(_)nXbpDC*LuZ=X)7dY|^nLeMMj-w`kX$ z?X#;wO0>I9e0YE4_Wn1)EAHR6J#Fx^>)`c0g{GgkNae6;rrKAw-~GOh3-q5I2rY@5r|Wmj}Jd+x=pd(98c(z`O@ z=cZzlIn##6sT3W~d)*jPR|8|>M-{%!1M&3inPxV%{< zj|VTBXM1T{TYI0~*=5Rpd5n&CxSr`fzVx*^cKzq%i94%5$NFxYTUuYFd`-n;C z*()y9C_c!1>N0bZf%_Rhi*;Qke|znsWqx$M+Ul1*FZJPCai5Rj?Mrs0O}ZSoX=2N? zGZh8=to{o{`PM$Tt($OA<+`@Cx6-lQyC(U2z1tK1;I6XAM<%n@6)Qc%fA|^Ia;~YK zc4?1$;@{rodTJM!WUq|v<5XUBO^>f!OLVbF@jlBRhHEQgerB6-GE3xieaaVjxlid* zjW6Fq79E!KoSwbX_x9d@htsQqp-!Lc6|wZ($dYf4z!*)R(0)t)1KP3Khh69_D(am ziasT4U~a;Gq2KG(AHjtc^>IJC&Dz(#*cjt5%jW*>%z~v|lO*c5SUuYGpCRo%%gZ>k zt6TZm?qsbN*`WRKiDcN5x9mSdt{gsbte^S$eyL-As-!eKdEskhpbt`{Nk> zZ*7YcA7$8R^PbFB@Hx$?&Q*Cr?&}MC(Hik}6`c2OiFNGVl~-L*w4})|bl=qHzN<2R zo$t+kUt;?&dy%~6d2Ri|Ut#j$lgc-4zxG)B#_N*vQgN{rQQsdv+gz_5;a&P%$LRBx zzLv1_hiAU2aoavm_#^M-vl$a|yZM`pFN=2TT*yLaAOV%7KQd!nz`3CCwn zUv&SikVmWY0ohNVR=ivOqvN>J^tZQi=XL8&+rMb-*)1nR^5Ygy{1INsH+_+B$u9Li zef4cx;cuk6?2=X6$`!x7oEWq5L*L@%70ccqmbxEN@;8`e2BRfSed&ow?GW&X!=nb`M<`tNh)mo(qLx3BHT z>JMkv-o16s&?NuJ#K*7WSRemqXt{O2EziB9#$=O`cHSYrU|C1GshfhLj1+^6qo=M( zzP#?ue};#0AAO{A=l_j)QY>73-F|I_(EEe8rfk0_Kj);N|7@EzSNA?VFOdR9YI_O!q@k)_v%Q-V2SuEHs zSUYvW{d3n|&boMct>V>ZJEmDr{Ji3Gu+99Xd9K+Hr7tv}EtMDlYHJ<3ZS&PU-BUB39$DMJ%Q$%5*5!YvS@&8!@UvOC z&Gn0I$aSZ*%q`vatY5W%pKo8gGHY8z*QKY|*pw&jwAHwh`z2p8{y)RA+m%h~|4iS$ z^v-^C^wJ(%y_up-NAn~MTxFQD=KM4Lt@=hlZMIC|ofSu#_xem&UnG56)<58?%B3yU z?rqu?+$`r$WwRgreyerr&CBbRIz{g+nPkmiX|Zm3+()<7i%+Vqsfv25*>4*?Y5Ap{ zbL$^InWz5Y)vI|@SLBNgja<$)&kyv}R*+uvBJ5V&vTsq_=1i)&$xx#3WqC!i!=+N| znK@t9T10JPIyrCVmvx&D&6AT_-}HFz$EXdnZrQe#zbd>uYvKBe>j&-FFWx@Vbnw|E z{i%=L-oMJc9A4(Q+IY)*zWcAtF5ULbN#5P%w5HE4Om63z)9pX9AFjUt=0AgY#Way! zuda1)CZ6T|SY|JJ!*j*$+ot>c{HNV7zifISYuYXQ-u$Ke_qLhtICpiA%=WrPyH={q zTjpnO^|tu9oZPOf^_y$dm!5f^ant(Cud9}+lWzI^=s%K}I(d!OUDl!xFQe|Z_=|`i zyczyor&*F|!NrH$KKdS?ygEyb`^5ds&-|h{cIGZ@?zZyZ^vdjeTwZtfw;l3p&iu7K z8~Rbdldm;ZbJmZ|Z+}ndV~yN>sm5`sWztiF%z6POHks4K4x-16alSB-yFukG7I$JSr`WE?kM+I2BjWkoSNl`DTF{d=UbwUT@B<2OHFpU=9z?;_`wxM$aoY@8@F)AvuEsQ+;*kqNhtuY0*& z;B>(%^G)WGE227=O}zFa{g|1Z(l)VsikFpJuewROK5f4?dtFAA?I!QyMShcnjGsP9 z+mrVGsGQx-`EL}1pS_#gTC$I~`}m2l=%e>J6=ctz(@JI8s%kyCV$PWjTep0htXRPI z!1{As{^R#;zt&8v@raNMnNa)s{+7M`feQBy+60R}T`<$}#JA=Ce5nx;PgGtv9VW&f;#Ton%e#o=-?3-Ov56Q83ewtNfk}uu8 z`cKJ^uaDF-b=EDsy!JmslZCL{);YJ9AITTAsI5PitIT-puo%wPv9jnMr*j@y3kX~?X_g)5G0Xy!Tfd|+I2y2r%&Y<|dxc`L=S8IkulM2WV&=D5 zEUil9dfB~L4!aGo+MHJ#8|Zt~B?P{8=QZ1%d1AMM-T#Gl%E z;ZpfIPNj9qFQs05PTtaW@w!U!wMn})W%kWqqO`&M{6Sg6aOLSf+m26WER$jE+Pfn9 zr5G3Qx7|4gOB$qS9iJU~Sy##E;EE$pe(_vPJFA!J{aCg(Iodm0WxI>KcJ8yyao@ha z^F8`(mF(tA3;Mo&j-7n6_m1Y{x_eq@+gqkZ@7F$;8NE-_WD>_-k9Vb(%W@}r_Ed#h zpU5wj{}OMoLN?lT_nHd-e}dVJEADzQ)P;IJ+o3P;V|Up8vdbnCp|Klx1>c$ydNz0A z@p!Zi4|+=6s@}nXw((_6@nuVk z%=^sW$};iZ&i67u79CCcq#K$f*pt?}?#O3Jfr=tk>vt-j8s)1ut~3?@aBN~mz?~&M z45wC?uFKrxz4FeU4Kap>$sCSrGT$62+A=A|@Vuq2bLSeJihcXH}> zvE#q*ZMm!NwxgouP5b2eYfI#$Kh!OMr0W>qc2dCJ@@Tr*B++$|AC~p&J{Hyzmin@8 zr&qMghUht>GQodl>+0Rr$z8~>=yAcTtFnvse3~#($hGKoam1Ufjx951_Vh3@ zHhWjDam`PAmm(R*^y?bm!bey8y(f0d%sX(^-7#{;Jd0`n8GPH{Y)d!XU37SDVeuBu z9ZzpLRj`EhEq$cx_3Krza?O$gtx2bI9{lWWJDM;4ZgR3wMBa0Kh3*WSVi&2Ak$G9qM9%@=HaWpqG%JuHED@~WV?nd-o)!VLVv*y|2Ewk>rZk?j@?qAdHe7*`P z`_1l^D~@+^uxP%G-sRqsQ}V(5_G&}hTCHmfvkPWMxIOG^+POUR#5KcBT4$>hm)w>} z=8{QZ*!$W@GA}RxR(0E%gaXb->;6tUrCIYgh)rdKa@YCYS50=NR#&UkF5OVH<;T<2~)XW;)l%51y1;EIHv zXxmK7h!xxTKfHR;_;iyN^Qo1quf?%xI7Dt+A@lKU-j77Rya(~yR{q{8?{#%YPxQix ziy2rCnD*XIjh*vlLv7!UXvI6H_H2-NwzD_w*0Zz|*5{pL**3F&{jyfZJX^q4;`_R~ z$F5g&9#nUlM%+o42tJ!Bnqs=h_}`iT49Dh|l&m=$;$|7q$1fqe(Dc}qlHZZ9jE`Si zdB=R#;ZrukSFXAjW}UHKoymAgQ-$x*?DSNdH389{ySJY{S|Zk(G{^f%r^l-$p{L)= z#Y70Q?r&eD(m3swg=n~G*M+l}9`zm8Slx7>=%Q8)DVw(7 zQOw-CwyfcIRoef`DOG%3GdV|hrOrf`&dp_p_f2Ca@3#JAd^ED@(j&*|aU7zCmyWD| zy6}Kq)5;9 zb}|>fsP5V-yC>}8&)E&?eN!G6vM#tW@m=y|lMQFC%bQ$CTJ+}9sY7n69MR=0Ar3bC zcZXWM$hxxOOz`)J+w-PoyIy*ypP$@i^7{;%ma3^}Stf^>|HHFf@7^BLQDN*UjGO&X zp1-@gV6C|ACd;+?EPsq=`)&1p`H06t_qf-~TZe9m^Yd=%DLn8xuGDMKbAQ#v3nwr8 z;rH#A|L!eic2_r+KU`~f-^)OO*Q!qd7==M9>tqNJVJ6gHM6IbG|UohBqc^Ow?d(aG_~(|W>(>RVbk3&N^@;ZUQg|cD>wh%zBKiiuU zQ>nFO_rA70j~}FM7pa&2dX`CvD{EHFo%H@G*BAXz_7%U+_jUTEg@!&a%2#}Sw#WM6 zv3>LSe*9i`KjzD{@U8R97eD{i7~WR*@nO=`IsMij*}wU>lR!4JnzW|{8A^EdmO!T$7H_4bNg#M>-l1iuF1F*xq@-A z<94RKoJT#g3cVlhw443WJML1F;hKgG$E#-X%f!C=#J2O8=aasz$6tTDE+%Z#WE3KI zb*g-4+QtbdIexD_p|+u*^UUm>ueWXXyI9$+FI$i`Z*Ow;s?1GmPPE1D*AAa|>rX_n z`edEi4id+g=0;b%JNArOrq404@qE;^IZ6}vYMkq3E#N6}_vtPI-8g%8CkG{F)`VX%IcU(-5?JA1iTV3Az zCtT&Uw6B_70LOW@J?q^rB!$LyUf`Ma>dT}L4h%(HU)I}s9bYPXra#=Z_rx?Ai4%Xb z=Kh;5dhDk+PyfHYp&!_GO#kMaS>*Pha8lOW+agmJo@BP4>s2-9o!De|+rs5~{wIHi zmA>8CAiQ1q(ysK@l*jq9A45!i)xvugt+#wEx+dkFDa*to*}vMqRp>k^zWsR}f9%H@ zpJj!m-6hYK){AV}{aTuB*At!s<2d!z*$jR!Ct1FZ4a_@k8@aT2;q>^-ZiBi%SGmvn z&M>>YyN|>4oa4GRlWm-WINpXO?T!?fT4(ijWx0jz>T+Gv+a62fn>bcJ+|}!MZF=9# zHRtVnHom<7dDVBRDPWpTE*Act!cmBI` zZo`TD`jY3X)-Si&bV6k3L1ojcGPaA$LKeTf^ZKpIr$xUVo~yHq>Mg7lx^Ys4UB7St z+^{W%Yc!>{y;*PC`dBt6((Oa^Db`e}@~M5{OV6nvvpRgf?9C1a`PpCB8NGVoty%l? z%h~Mg>6^SwdhR@*e{9p*oVdzw4TU{@+SeBIMMz|CH0wbKA1G}qYG zdWc8Jz%b_e;r|R=r|S!MPI&86`abUZ16#dYC&k#hpEB=!9rL4W-fQbA{I9BjP6(d0tSFZns#k^uzz*wri#t2~9TZ9z^`&xxTc< z^W&bdCVT#yXMe8_;c)o6Ui@B>?WvG(-JW{kyT@0?cxx}v@wZ=Fw7o!aVniz#M(--!<(|Ye@lek- zyA822Q@_0KdcJMh$GKk&yXFXF9%yxLGRmB6tv&zq>(KNa3@P)E&7H7*A=_5FBzt?W z$EBxxPd!LCy_hv!Yhkm@$K$VK+ICimSLCGIW_zsVidwAs?sgsLi5I-y$pv0dwzCvZ zJ|A_?^Ha@nS*u#Dv)d#i+kGBz33+5LiP}B+Ov^j#{=}HJ{mVHYO?20tr@dmz@;fZQ z!$SYgI;*Hsew_Vvl(Vzct;K!KhqEr}B|X`3@ayZ?{I);h`Q<|I`g!Nb@NKzmt#R#@ z!Ntj+3*TPb&Cl&NiDBX~Hh#OWetyR%TYTDV7SHrE?99aD4em>eXRU8NCDdpo=dnJn z-79n9t;fo;yv25E7kzZjC?8+2X7AG8%qup>e`_wbx3>`0UG`;yg-p6^c7FKfFt#*h zc3ajI<6Ko`iG$C&@4Ri=xi-r zcv<94N!a&>^m%{M)*h@go2ssI-J11QW$Mgd^Bh-Co1PP&k@$*#X;7G2xW}s;{W)el za~_2CuKhS!=g8!kwQE1GnQ#1g9>-d3>(7&%=UMX~n-%WJ8S^qXPo#fu&#cQEb}2lb zpL5+by=tiuzv$BBn!Tc%&&OQaIV|D+FN|+pW=smlOO(Aqo;mb^Xc?Ud-gxHzRhi{y&_-F z_~5$uWAjXQU;bLTtgHUf0r|OggK_l_FXM}m)dZIpfHm!EYwP{+2>&gM_@ zNBbkzouzAw3NBl8kw40hhIgAj+a<{;c|K})^&@?@AK`BEthE;%6lgf`JG|G?^i38^xZi@(XDk0W zf0R8p^?|L^?@GJS%|f2vOdmg!(S4I#VZ59DsKAHM@`x8ISue#0L-m>hedbVKqS_x<8i~m@E6y~q*TQ>2} z&Qs6!p1NSmRe74RmtTB# z^o)5LJEL>e(rjc3;}!oD?U@~TeM#4ijfx*z|75?)@0i{*%VlX1+vT2rrl03cT()fc zNA}b^POhIT+4q~icrvAOb+KGra>vuwzVwIYZC_2VUi%i!p2UB8>iPwBvK8^sSGIO% z_|1B3#52h{ZF`OQ!&<3ZpH!nIE*4pE$2h#y=L;st4~h+Ia~Gq z;Co^JrT3&gk|dSaX`i*xU+SH?e33_sz@BHj|1-3Sz4&!FZvq?VLDOHVIa(EJYieR` z!heT7U*7$qRIGegN9ycLYhI<@I(+E5v1{Jy7MsVfBWIaz?NNNP?}~U?5nGmg$2`UD zTR-F;F`LYm=ENZS@jpY@%JbRs4zDi<-1&JrY}W6nkKH#;7x?&Us(QXYTXnw4#x`4R znr_`W!{d%|`486fzLHwrp>{RzkrwmE9o4hG^E2OePL!(Lq!8HTY5L;&!r+^c%9Ey6 zSlap<|6O3>>+QR}@BHCw`{KeUEuI`#{2-B(l+1fIx!eJ?MjzWwS~!*Atb zp|-1gt2r)uaK`n8yLpMtviVb5vHacUc=sReYYs14H(f^S=#9Jy>rJm5edNn_PjuUr zML)MOdCIP~xj*Vn>PPd|bz8oQmuaPhN-C5;+xfX>m2u6LM}5O0)i9SaRXFIL8ww)+Xr&9bOG@e;&))v(IqDq?gNTc|Gi| z&Q)FQseQ`Ld(LFv-_r6A*Ka=fF6_4Nj_}$p6*q5!(L9dj zS^q3PitRb6x3EBBfy9AT+6njX+V@&SZ2A)QMR|I{qkSTklg3J!V^4KFk)#d}Gz~Pvpzx9VfkR|F&k$E>hNi%M)EM zZS~gsTjxi$l@H&)$^IR2#$!*a-QL&F@;j~We|z5bPEV;vLw(}QxU(y7A7-0vEb=_@ zxab2rrLI5OpKS`ZanG5%@7bPNKXUZM%9}R6ey}m3>-GI|<9qks26QyMj<%Dyyp{XJ z{I^kSCbr6G6bEGf67Sd=dTj0zpT`z@0*`jx=dCgP=u;--Uzw_rWW;tkW~<>A#l`6> zIXq{|^R7>9epI_C{?sRDna2v-9G`9f&yeBk;57AVc+i6 ze|)3Uw&bjyJWW2zzsuZrLB+lIK9d;E^f+3)<6P$vwme?=-E@tXMs(Uwz$Kqpy1Q$FvK7c1p1A`TXGSl3CY#)OJ^FaD4oEefIXtx6BUpB<(#q?a-!Y z6Ca12S?(6I(dPW|`5ZO=Ywn$1wSd(@_I3ON`9o`qeLw10&Ar9Y@wh)Odw+Chq)*Bm zxy7b8{+M0XoqT#qD|2n-&1v$lc7#33pPuxzaRVNA3mnS8lVOt<1mq}&!U$3@z`#-_kH@|Y9-jR4`lbT5X(#lmo+&+6E=i9*y#zsjt8~UCXVo zZ|bw-+AYu59k1EU>1LH@d}N>A)vdwLx}V))XZe)*Enc!Fed&+1c<%1D?92#b_Z#!0 z))pqLKj5|Imc{cY>$CYA4qa}Y7CF6pl9qf-@Bfqi z*#2I&)Z~+T44-43JP0t!vxo_v?v{5tHlM$3@6W(hLnP{bdTtlLJoX z>ijge7OH(+TT)ctHq|68Zso7Aiy@0I912=-hC7;n^S-Zf#aFI=u3h1?J7vZk9o%sPE72&A1g7h(?3>R{;-R(AHTztRUXfd z_B1@v^_KtErPyXE8S;&77wg5%e?*>M^mv^9(ywT_YWhlnP^I@`#bIUJ%Zj&r^m#aY z<=wD|*t6<$jW=&IoP0K~SNw1PrKu))9=9)T{8o|w)NSMHF7HQaQd@8M&b0WxG~!)^ z%;f0Pi|aT43cl|0*jn?qjeSb^mLt)R(s&BJii|Q(v#h#3WkPnXiQPj@x3%XH~8Iu1Qrj<_F@WXR|mBzJs z>XQBsCtI|Am=Z4b?AFsbSKB+6GUHe;Z<*P1ZCfMf>&Dn8Rf6)L&Mk@MmOLf3%H+cr zJC=#2*-6>@b-r_!M0pz=j9=<4H%VAMwUm1itHjM;!P8w2*sJEheN?RF^UQwJ=RfjG z4KiITxnm{Fz z|I6~P9Sf@^W!6M_&zY|B&s6E9;EIQqZ)2S@c05k?*d=HiH2H{2R<~uzr5mMDMK4o# zm#kY_VpF*J({jDeEss;V1qHqdS%zLL;=E{* z*JPW2`OHx}laziRpVeC@A7xaT%W&}Z(JJ+CM)hU$W+{D(dc0z#r}f;DrD6PTmCt*& zocLq>KvE}{k>d{kvEBD?u6NzG;lmX_fz)HKPW@Q>F#E3mVf)mL4ZAnTRz_2a7vL~ z7W#6x5 z*Oon(Joq}0SJYa=^jDp`DG%4qpVO+@b#nS#GM391FZC4b`uTEVtk;WG76(=)UlKIl znSJxy$BhqH={&XHFyo7tM!foWKNv_aHX(+ubZg5sovJ(QtER1#De^i&p-53Z_-JB=ACN!HR?^>k-5{R<^-5~ z9gCTKS8V0UoXYr){|xE=?Q+_^i>}v5Cl*M*m(-my`NyL@zmL>^@bka9{fNhF^#-NJ z*^3>@9_^d{Tc+0VSKv2`#&h;wk5)DxzT)@MtkvtvKd~C&$NPUMs~>(_^vLs%_9M-= z#wR>C94P&^Ug_ifKZ4eeN|y+EKkO~L^k(JHfDgWPtKDJx9gUEX&@_vVlCkKF$_dw+ZUke&PPpUhpa)qlcXMATM=Px&$XTh5Q!55*0$=ZWmy zro3>PlJ+m@T)Uf77HcT9|Q~DA8AYc5JX@AEa{p51#QsL;8|E8Y*T2m_j@a)_R zXO`Ai{40I(VSlH|G3`z^K1;Ucn?B0-YzeA6TWZ93MSIrY%OAu42tWQ7{xKv-_xoXO zkJIyfxVO)%e6%O}QTiXj?CC$fB|&F4&#{kQyv*W_$B-mar0Wl6{8NgG(TTIZ^yd9ShSY7M$v>Lo&OYq_q4S^N zp!E}vul4LPw|5>$>x%hj`g8ZA{F~j6_BYS`&#>J_bXDZz_4Bh{|2bL|9>@PtZq^w? z4TUeMrf-5C+05EfneKPoX49Rbln=U`oS3(I1%~F8|}w z|Lt01yfxaE`H|?8j0HRVruARl{$b69IVLLdOBFx-coZpS@JjcAKA8W%l)ojhGiC9-!qnfQrrIJzVMIy_@7^R(=NUBciT2M{-@NFqNCc& zX55qNx^n&EyLDTp@^c#{FJzm)>ea7#iv@emJ-;z)#pOF{%B3}Y4SiFd?COx&%>Q}T z=T`x9mYz-CG&jS|X1kI4hAYWx{@Qibp&6#qU-yfx&pPN{6Yj3IQfS?Q=B2@zi*!;n zjH(}P>B%xp>rs6(c~^Snf>-xMuKZEk75X4z-QwEYU4I{jZ><-sus$?Txc<%Uig~Xx zzHK&oF7NfZW2;!FhgaLXm+L2}UgHS<)b+fw==pAwh|}&>$dz% z^KaYAd0ZEr@K0O)-RkbyHS@Awvbgs@jMMI84ru*;)R6t!mW1nDzi#`~dsF$smD9{c zi~Bt;*{Sq-ath{3zKjYp+xF}2>YZ1TIwutL-8dih_{qGFbM~y_v@LYL8^`f&@x(7n zzlubi(aAr$_Enth+{?Z@4%&!?t(jYVxaxh!v*^2C?t*8E)*Nqpwt{`<-APBTu3lRl zKijYGkoM%KN9T4`r(3S>~%J@@1J zAv?zHCI0-UmCf$oGye5EtT^Uwo(`|G!j*NNiric;m$n3y?>reSer|2zKiSKQm)0G* zcKs=bjX?I|Yy0k+Bz>~2^cH1p$eHzI-mR~GUIvRxKU#BItXlYuUD%K--1Q;g@um`0(q6_AvLaSfTgjW%{M19=f{M91j#<31fd= zS=HHPbIW~e>aCtucxRO!7A;Ac&yrQV*ON*B1j-y<%1yW;TC z4eOiq7fdwc*z#TFFXOXy*;U7zYu@h4-5B^TyX(i>N9*}A_A~E^e`MjTeDg=r*K__p zPJjND9*&yp)%VFgS8B_Hox%3A@Arxe-u>fxP1f(rzgs(%9A7@St?T>GaB#Ps$d>x< zIIWNW7VPZyzi>@8!1Cuw_MhR;^n3Kx_UxGz;92=@=1=>3N!efJ|M9-Q^3H^Ny>wQv z<37>L3C_n^o~~YGQTE}NZ1CFC-oanp{kLCwx}kcl(M>0|=eF)q&ue@VCRJQ{@t+|> zv5(IxG`e2$gy1wI5xIq#7b`YJr+p5V?sx7wntC;P<EF5xAIo(G-&SnVl92v>{a>n2)Efq4^nrYjoN<6MEX&PV(8bS`RrP; zJStP;mQT-=YFoO<@6zTS_J`cFV*QW)I{J7*%_0A)_on&0nT8&RY~+iyg?y#`!)&d7 zh5K4fn7un{&ZXr+vo=jUayRDHt>#AoZ~JEc$;|z-`eh?ekM@Nellxq*oaXE9r6(-z z+OYA59skU^9bcGs$-J@^@k`~4Ya&Tf__d1mxG2R_$B+@G)oGp(A{C zpQR2PEw;SHX8h9oX2_)7j&B#Ur<~fb?5VzvgWT1aqf*|_Sbw%xUHP;)vB}|V$gETH z<_sV2Ee)D+SCcHYQ&Xdl?w>qwdwo$fr8uJ5Bb^s^Sex z4}B!xV=i{Bb6MtziOcWyxEan`zNF&SM@8LYg>rRE+tqWs-8^MtcI8?8^jv*ymbZbT z!2G4EZh}#YztetA-{bhG);}^p?Bf+C<1JrBZ~Sn7lru}eb?K!mDJK>`Q=b@PoGC8x zGvHsS+2m#MDm{A9Pu^&01@t^l>s}fca<6COBm0i3Go72HJBw8sLxkUZ{%7FK+pAL- zGrjjy56{L`v(C*gEnRv0*6mddU6CJbwKivlzd5p4VBe0{Ui0KQb3!%>*ZL|xx?6Tf zUhBiZv}yd(uP@u5E&IVdNqTLX`!dfRYbFUtiCqf|d)djxUK461@|!b!e&MeE-mUXB z=VfnWbYGj`_{d)9=9+uz;=S^>!c!iX@g1C#wmsPWQjKd(&cnS-BF~bJe_8WhJY$>S z-DSPYVmpE&421>7mZDz8|89Pg_QVhBJ@2;k3;ky}uh0}?s;`yu?WYe6UXQ7cp@0s zS-4WZR4VcILfzEjlXm=nlCFKZTld@Xqv_}98(HQOJ4@rIpOKaRxbDgi<*<+YwpXvM z(EBD_nkhBCee0Rz+t)>({bvxc;kYNY#aV9Mq?gxMae3|8BzWWdy2s!0KIHd)jm$Hx zXRg?E%6qNdHlk+HCDcjt6d?VtkhU)Fi&=vWD)P zr(8SqJn-7{eu~a z`=sWFZ~u4s((FjY;h8bBkJ`yx{FAuYd-YAf-68*e zopWrex^BNTx+3qAAzxpcnxB-pCCl~rmDyJIop0>7vIsgBTRn0VWG?)=%JYNox`*Ps z?6&b7vVCS|U$rabO<%a*QIFo{C=>It6F$w)9ye)C?=-3BKAoB^`sJ(;+o{SL!7nSG zT-=kme7Ae?l2eb&j?WUAs%)EG_WR(*AJd%zOXZF?nycAn?Of;7+UI3Rs+J@7lb4 zuCwcvK-0f@GAvrmkLO%m>6zjFkY9A$a?#^$?^BJU@2tDqQp9;SpilDo-gcq?AKPl zuH(!Nd%OP8=HE7bMd#*nu20zgk@ww33E%KTy}!5pUMcvX>}6nd+>fMJS8m_UycgAc zLc2NEu*l%KdvC@+`Hy=2ReI_3DksPXxoH=?(q8HPExT8D+n1-=7uSEC&w2A!?W{{2 z=Vf?8we1CeSb5yle>>^!l!AvAri)njp0~O3hkNO3@syX}&h#)m%=UKwkyf(1xI*{O zb7d~;{;C&w>lSXgU-|I5=hdIeHeGA&`%PzSKKB04z;6(+XNs(=wb$XD&u5*Rzgp+= zky+9nMRiGqk>75ycdKnTJ1Mjx?J4))>`UrbYm`^{`Ci=|{dA*3rGamhKYxu;^ipqL z7unMXKNmNLtg={SDbufN$M~Z|#V{&!MdNI?e8*V5_6PCOnG?9z=6#TuQnRZ4b?n@; z@8&LFd^l-e(Rvom^J`OH$=P1{^5W$7jbXvZZi@9)8oJ3W)~&mmHm{=WmaT8eF7d7} zx0giAhI>aUCvKS*=djL7zr%l(;`UfmpSfj=zOTtXFPk;(``Z5uLNh~F9=OrA^w3k6 zuhsKe?%j$yz50i6WO&b~588hYgvs9T$(g19=5E;yU!@NRuh03L-QE7Eztd#)is$XF zyLva?k&${;k}s9H&!qd!tmUnjxZ959nLU^scrqn+U69y6!CiB2S@iA}K9G3Sv3B7d zSMKxqT2}fF&1*}d<~O}Jxs-fG$NA6?ZKE$ttL)}3e3`I0D|55_kuR<{=BHKO+y3ah z$cv|Kor^u6Y5r%3+}?F`e(aCaYgT5TEvs0Zd}_5|-_}?E89vOc2$HUUv-|dmnq_&> z8Rwq|&DbaXs&LB2D~>9RKd$cTRrUz>FFv90!RPw^mr`fHo_SOEA>Bf4%YzS3_syIC z;#N+fhK${v$+73QKG3bQHa2TI^hl^u%PLIfpZv!Zj#IaEJ~1#pGRn5kI=gq4;e*W? zet*Qj28Umhb;|g-EK2Y5+dz}))3(cnew$jzXZ3TU;9u>0|9ySd^+w#5(hGkET-mvC zh4Sor_KIWw9xmA*Ki#G}bglV;?XUhb>~Z|QbKR7z%_*lYcpNC+az&_O^N~rG-Oe9c zE}J_rNln!>{Jmn;J&Awk`)g*z$T6CxT~eJU%sJEj%9X$h>BsIp>S^&jraNBGtYH4U zHrxK@=|{|)_HBH0I)dS_giC|e(rT8dG}EhRdnY89u3RMeM>`~EpK3+XsVB?lsx0}l z<7mk|jUVRAUxphVEi6*Ec9s;~q_xJ(o^OxME4CSvyyk33bo7jPn*Pzef2*(O!VlA1 zVyB)HiWGRPwx#5L(|-o}nt*4|W3MS)UZ}pi^}zBU?;oGa2&$d$cSUIn*W%M{I!yIi zkMwNfKL$TyyqRcw+2!pgxy2L@$RobJZsf1du@Cb+YsEfaD9!>hw|pNvt2%1(Jim+vAy^t z@A=Z=S@$-t|FLt%$rUG`3Lk1)bK9TSJ6G>{zlwa^mZ`g1EpBYJ?=;;na`yRa@s#zc zw!5xyE?Q;nnJdpz6-01qIJ9lQ;H=cE&j}N{)n|o8W zb?vUrhd9|+irk!c&&Owm#qWDxW%B)-;XMbS}zRx~_bmpQ$veJbCl2fx!+`xi|+ zb@cu-TWzNIVUv=Q`CHFhtnSe>IbDA1r1ds4%QY)Y-KQ7*oV&sH)tc+M3Z-Exea60h zhTj68uF&x}DOwcM<#hl2uGE}K{<<%;-Q5K;rPndn-0d(qeZAj*Gq1XIy9(Das~LND z^_@F0c^bpxOWi_MD)xeYGZ&hkJ%8?~M{h*B`m6`<)|cED_0&CjF7!#B@CM73dwee5 zc9~V>Q(*aQL*Q(`>2H1eq8sOJx#SsB7;YMT_a@ z_8)qW9yyj*alMn*O4`fs{v-6^`^|qBoprED^f)hi;pIQJ-^xGNGib51Z7${NiCvdi zQU37n)oX`)Tto`{vRBW#Xu>VFb%TTC^zBjeYQy;XZ%x_WW3#(pb>GzH(nm8dJwJa% zS7Mt*sBE^`I?mnw-keYEYTkcN+FCN3C6!l-uWHuv1-G-M*7R1E3w8;A4_RliwtBza zEoQzsi><3>33;sE&9i?;+ld+XBEBc&NuG@#7 zg&S_%)e63H{mq>GKgv<}mX};~4OxtwpB_>OU3Qmy8;D(^Vw837FZmTNtdwq1I= zXVZa6mM32aTo$@0o_OW$m+pA87_sC2S?6|rR6Tm4p#G|PP}a1S>uxA*_U}oSuwC8# zvA<7k2k-LC$*nvVC2vDH%tDfj*X_9Y)%(V*ccz~gIDQtjS@3;bP<6M&`djxjW4Fy~ z`53xK^rQF@JO2HddFyzO1Str)s%t$cTkpH!!~G^Zogbxp93TF6-LT*B_vzG!F~5VS z@8WtnFTZy6%W#&%-*RVHP4v555?HU6`|d-#{M7828r5BwmKnS%w)nX-$--`H8ZXy* zZ{6%XKl^sINwcb@i&l%Ww=M3;**Zmr&-3f*U-6A=SmtN!&3)2%H2QMRRA+&Liq)G8 zH#c@pC^_q#lkL#`+uUngMQ&iA;W^gS`xO(Lwv@e|R3#Ytd~fDWrv+2NK;JmUgh8)_5{&?wYciRhB9t z-A|laR-Ba0HZ0mC(tGIrgj!ak=q*(u< zWqYQd{cQ1Nt+YpINALZ8n!oH?%f8)<$=*7rRB4y4@WZ;jMf0;~KMOthXy?)>L9^v@ z&qBoHVp6+P%0yQ`wB%j3qGw~{*7m4aZ`Yld=f8Qg<9N(f#gc22HQC=yoE%qL<9d1H zbx)P^OKZ68znyEkaC`k7=1SX_d0RenmgTu8M$~Vv+bOp&U4>V#e3@Up)SIss3sWZU zPzjf{ymNJ3yKb(av7voQ=%kJX+ZTQG7CIKW!O-var#Z#*|Lx6Lnp8WpdxeI3rfAi? z!jPydO)2Vq_t)n8^Z2xv2WeYX9MoB5`POCmLeHX^-@cWHn{$h(|Jc}--k1NTq`H{p zcloMMoa?3^iqdjUFJAk~aB4*3r_Xn;cl;^%xJF;~h}-k*&7v}2MFP9$^k|*Usrb)u zJYMiWLr&KGl(3sZhV1hetL?Psy?5KDGdt^GhlSG2mB-CiuJM?B;?j}mHoK{JYV3aG zFML@b8<|)XQM0hGa=lw&Kx0qn%@_8}x=(jpf4J2~>#a)C-p7U3O<$QMj%R)P&(LI* zyLI34Z!41zf3^Iw-nY~2&Ys2(oaZ0L1#g~sTl&UF{r-K5Tji9aqiZTxEoR`GTK(YP zg3tW-xA9Lup+4)$KI^QglzIV`=)fIc((HDc#vicLn0Gm*<=BxnYmPNf=B_Kf_hn6O z;D<$}JAc%!mMDH^w9kLx!S&Nk|1-$E`1s@BIo)ty!m|t+8;)j zkKEJQ^s#qY(6#qIo!_e)R`qvc%-KCXZBpW)$s>Dz)fK~WsB z9Oo61e}(t{G3h@Xr*tLixX0`hJ2MSFcpfW!8MkEmt|F_l#^9s>M6)|os)IPRKdoG^ zezm0gcBD%GX^Zn`kMFIOURz-w-1l`UWeeC=D`uG-4-#tr{ zlN+k8FRW0G*3=L>Vexv_p|#QT{)rw7v{gIm#Gov3K5DboDw{848wZ{~dS5?GwB5L}%6d3t!HbSJ|!V zc{N$i$SA|*9Pg``4jI`ieeaC>4~wP;ZVT+xHQv}7tf}^PVXyU#({JXLfBf|O)Q9gA zHatA};QIORR?*%vz3S?vwb_sT+qeBQzSMPUW=YJ-_48|jA7<>auQy$K#J*sj|FvB& zyl2jfQ+jE9Iba!=htd_R`+Xag?lF#~XMuin{yvkm9?A?ja zi_UU)@2-wEoA=Cz^<`Y)qy7&0m;5aH6V^CLuG%kXrx+t*HZ53oN#f3zaiwY-RVG{e zD<=7`kNQ%uBXu`>^whamr|r1TtgFUoKeu$AXexWLK#^7W%nWn6qP|L&q`lII&OI_z zJ3oc-{My_oP36?UQ|jU6D|GiZd+Z1jU#ER`PxxBTYMn_Q&+Y$Ky{d6u)0p#Nb>a4v z>zE^VW~$`QHGCQKWo33Td#+D+r`ja9+M}C~n{IxXtEso#;lQ68qEqu(CQUlE*YM!F z+Xr^pOgGn1e4NShJM3%P$^#m~#p$&VbD5;MOL~)kZm^Vnz4=4m%<`45F1#!=d-Gno zH8gJ7>I&z>+s$80T%&WQfRSnM<^!|X+COxA{AXyH9=b{B)nv`zTJ`5`zMDQiw|KVg ztdgI6(_OY*-Y4)QVe6e&rJNIZ${pkKAJt22TUoF3$jRHxH|S%1S7~h3*LV7P-9k5C z$9$aTdnDb$rutH#$LpS*NoQY}Dr-FWvhv@xA9v?zbDawhJ8fQfwIar9{r%TR1J8Ze zF+ErGiUCZ$y8;F zwFj0ahd=%m7Pe+tc*>oBVaeLY{O=8XL=ADsF z5Bl!DkP0_6ojFJGR^>Y5$a#@zsli{@oetPqd2>d(9~>L z;kl13Uv}-y{-nTV)wS{Oq>GkD%N!QI{kH8=72o|{qo6A*b>{EUJjd|*eZXm!7BNY= zXUk_iig|mgZ^yElmN|yUtfT~m!WFmkw0av@*iS8qlilI*oX^ki;pMHxm6kgGqWRu? zKRpY6E|absn(gvvHS<-I#m}SKURiw(sc~NR^P}|!SquBQa)MVCc5VH1Wgf%p`+xp3 zMBUiEMO?rn+Uj?0cJICCQs4cRKgzB!vSj&qZKw4WL60AgMPJFOe7Goml7Y$kI_slc zmE(L$Js+=aTfVjLm#MIU-HnT>k&P0MU;Fz8FfhLC%Qg=9yg-NF=W%mL+j4#Dg0hci zGf&++9yM#@mD^bzG0Hm+J_+lcwrF2E|2)g{YYPjqX7fpIp7(ER+3m0!oSvNL<1&xw zbo!cUGo((_a|ZHj{S~*H_&igg(IL(`{AgG|dBl+I8x28KfZ|_Ort6e1%sOPrH&T3YT!;@`QeOhz(KJlNt ze@h%w?@R0U^G$o+(vWcj7FM{P{4v+7dA zMa@f`b4tF3Rd?$?`EopO%bQ!L3PqRQnrCbCym8j03tRlR#;)2_IBV5ex7h{@ZqMBQ z;IznvKf1*$J(e&_9;CXWEmgr-Tg@D_`)A7(e9t7%kG!@ApJzQR5{_( z@yYQ@i|%$>8_Yj=agFoRnJW$x+czvvPhOZ`l2rJ$E_b(c3SgFpSry5uk)>K{?EX&;X~Hx zN7em8HuWaiEfz21C2GF^+FgCJ|Jr_!`UlhYan8Gc&^Ws|T0r(&lY7*ggAX6_=sdaj zWzy=PX_6}ES1p|M@%WkJ{aM#P9B9m>P#R1XW*(atX^5M$=BhCm$qEt`?!@K^D5r0 z6ZX0Pc{77+ZjH?c-DMLOui1FW+{4IE`_-oit%7Ii=hMo|UCd_XTsvZvBG@DKdXM2p z=cD^1wI=o(nMyFru3}uOHGgN&@ntJsO??vnoj&71m+d)d+Jr~a&bnJ6G}^H=zsPkUJQoqXYL zc+55G`L?_NZf|RTvf;xV&%UF@ag`sJe`~m6r}J|4(*F#J&UxK;1ycTIPnAlswCI~- z@?(FSRmi3@qLQE8tY%(0o|NT2b@SwY=L93+FDrAuoZcZ{x_gs+V64UEWc$NjyOO?! zu8$1!jQG5F_TF<<7N&0|=s!8Iymorf&Ypvn1?P+}Tz8sP!7QD5|K{oIqLaV*FU-EB zy7S!am%8k~)=#&as(dS};!y0ao@9n=KQ2!xTdp^+wXjQEJz>weT$A0)V$Nz?el?L* z-K)JM*0S=^9FrTrjIJIl?6lc5Y2%stq{%1aPxZes`}ej~d-?Id7yYbiB95KEG<(%d zt;y~hy9AG!J%1UrtSclr|7EPkHBT>J_)kEi*JIIKOPLE7|Ax)kr7v;&SGb4C zjehHT#URxdhoY@@cNd$xJvTDR&nmcRe8B(GuJ{ed{i0P4-dfbZ#we7fSlR73V`lxv z{_nme_Y?Zp-LgA0Z_2(+r+)3ST)0TCRrB>Cv6HuB)o(03uk9D@B7ewU%WlIP({^{g zf0BJqB%V2hd|fSEWA-ECT84l7={w2KbIRAX>MoXf`|^dB>vrcWwc34KlA|A)FS@JW z65k$G->^qr{ziYx;u)v@h{ZhG_Qz9h^73qLnJSeePH|nS<&L2>=IJuC)_4TS>^K_# zv3Sj_Hz(}d8Nz#mS-nEnCSO_Jxnia0m$|_Q{>enX`!b(f>8?kMPHUy)iL;gbUHf=% zRLqW;A2E&bna`1p%CF;Qt7ILX=o2xeu+KU?PnzAWdr#o$Xu+^Wo6~3iuzzrE`a{oI z&o0SWzH(SMOP}wJo+{Sm~m1~jJ@|i1M8OMtr zpK7v$ z^1n01EJS$qjO^aqd+l1?w`D%^H|60{7k00m8&^8XJ?qanexhsT za;Lox%ef`o8M96uzr$6~^L(kyo0yI@(+v3^E;TcJ+!z*SX7W(}xBXm@@QQ7L&8IG3 zyQJ61{xpmwCS5kO%zUZ385c)q?&9Z$U3O>rOXXXAHhygW6?{nWfJia_MA3bx1^x;C z44!t+$Z*@ToBz%-`a5U@i7P3It?b{WS$A&!T~VWjGP44jB}{%cPZa17-XT9#{pR%x zA^#%2nyi*zaQ@nKgCfz^T|EziTQs!lRf5*26tT)2JmIqK@p>;F?!OmZ)M6#yDhKw$ptOw==X}( z`E_+;j;nm?+pd_$PqjLJeP7OM%dlEAtMJm4s5xJjpOaa!O5pp_Pv_T0iS2ly@muqC zSIogvp*Lz>nT)EhF3djeRdhSuLS*OE<|!+b)PE&SadUTFopj~#e}=W*-(tQkJ+sDS zO~{QaEO}RRqN=z8Gy4uLdXZ`@`J~XH-Tq)W>+(haLcVT&yj0vVsbiay!3ldUw+-8E zwD^yN{%6=Ed_ZJ=ifPY6&b;p4i;b%*qz~=-qMyH}qUzGqn8cP1%oER6Zttm2IDfPH zIIqgA?T2nlJeg8+DSAQJztFeZ**CZtJ z@!?CcnUm)4a(XBE=k<}A)c*`DTG#Jo^0)j`i13%RSC}K3Q>V1wCyZ&YTc+!d=S5tP zrbY8_dQ)=w*tP!PkJBHu{}DX=ZPEvq{NiO9f>{%pubp!^F7vtT!+!>me@Exb?9o)| zUQuImZPAT_^MB{+-TV9P(f$SNHypY1_N;5^!?)@I9Y?E|MxWtl@#L_-v^gRtRlh0c zpz@6W@Xbi-OSw3NJidBEv{Z_Iggz7r8{pwv)y~FEc%!8$MJ9eKlnc~ zm;X_f=P5b)ea=P?C;9bEdyXId&+x&^|EBzrYoBztw=CT>^XKQp1c%qRwzehDO`JD5 z=T)CIziFn+AJ^?a8XvFK{jRsLXo1|qv*q`B?Q`z;{Ab`v7q?>Xez!p#Qc^NB09zD6uLczlD>UKx9_ zG?BZj9Zh^5PQTKh-1uSsAJOmM7GKP}_~hfA$x4DVo-#DQy|(xF!|i{>HQ&AolkbRQ zZTsb5IZ2(%x2E%P{15f|w~`MfpG5y>Xq8&kaa($EdtL3ZJJ;t`w12DnG5cYwdgO<7 zi!=M$s?*}1Y44H=oE~y%t+vdk(=YrVPW-j>LH`e(?QcFl%DiMR^ds%H-#v%BA`6@T zR<2L^aQ*Gx-?|mc{k>n?cWn#cv~n-`?Xmt)`iJjbTh6=}D!kF8865qww}D&c^1A!) zcCPzn+2`C5FRpnySZm$%9q;NL|4IE={NemDt+fyHknqz8CH~Dx_>#Wr~hY=v1mUWFaD*v-Qtk+ zgeCt-kjQ?!RU7^YM|dI-F>u?GYDwKb+qd%aMptz6!nc;mf9TsYlg<9ps=F0oVe(paQ?4n^mRfEt zbIQs7{Nvz7tn#|iJ1@Ljd-AU2f%jc&pL)y@Jew)$=Iv;5;dNzl&wML`1ASlPGMv4l z3>#<7_&E1|t4Z?SkkHO6TeAx~CER-oFFb17vU!K~_S|1r7!L`FHJV+V;D2el>RDxN zCF|2>?a%sry4I-dhzsqFt(SX!;_Czy6FnN^4^(|&2wCO_4)q{+3N+5E~z`QU$9j2*+GAv7_BG27IVFo zyP)thBD}T!pr7j1KlZTV5=qd=Axld}z-H`r6Yu(c4 zy-mA${PgvE`y>7{JZKjy$ehpoCwQ&q*`s&=1X%og)!=bRgkNHudsY40lFt6wdxMo_ zf>lo(WM`1ezF6`&`PtM+0IzU_5EARhTm6%e8U5-zPol#yFvG1&e?g-FN9|Qp4O(X zrF!RGLDRC0+r+{a34ZU_t9@;sEWXiewcD&2P7fx&4bx3?IY0eq>f(*ERUseFZY|(d zZ|iL`ot3uAZ}Hr}RhRc&VoD@o>`|~Z8Hgd7kOE=_iK0e={6ow zmMr$QA3Ct69RgmZ>NR6=-d}5*~hW z>(<#h|Gu=8$X(fXvR38E+14Juxvy?n^dwe%J1TdS`_`r@WdSd)`J6Co4W2yDb9u%- zv0Ya#yb?aMFZq*b|6SRY*B`{6n6`wsal41D!|ILqYUi^VHyB=87BY26eI^~A2JJz?uxdG*EFobrdSmaRGUpMiI+zS1SJdqtencv`&Nfmibu7Kqt8 z-tm|uz@fBrr&L(FPs;2v3;njJDZj)!W(~#8>|F>PK;amh&!@F-f+I^>v`@UyIr?#pMUVapzf1x zb9kJl3rvuIQ5ABr)l%Cy>henQk}o!gE>-*Ho#H;vla|H4i%qs$iUg8&^dz&t(q^mpQ~FRlV{68h z`!`M%Y!BG3b+4sV^umJ03!COF>v!I8ZOeYmFZ)GavR%rMP}$^u!SIF0mo@eRjt~Fl zJMR84_uX=4M$PIEz9@1EuR_vf~2Z&{>zd>Zy1c$9M9?d!VlK^OmUKc1bE z%Xi3R=S-%zfv2|H+OD=dJWEm1V)Ma0xxdZLJ8Vq#yKJ~ux+-i7ejfeq=fvYxpL~-K zNiFNl(XCT`$?@R?NA#AMsqt06w)ykksnEQ;$J%DirTKcVPF{Jq^PtkkJ)R%RVzVy4 zm0C9~Ux(AKNIjJO(oWU(OD|q7?=CD$KQ6WX@cxa*Zf$Qe6)a~_FLLl#ntU)${qoke zQ5iLX^?Fl_MR*u<`m`_Cdx58f(YY}bvrE0Lf7csK!J#w`GcjPcUBiynks*rd9h9 zdEtusfGZ|HCUIVFY5j4KeNO0kjvw)l(p&#H=P&vZm+|OaG0XcY1=WnP`CU48Mwz=} z%xAS9{FpA|E);vq?4t(DCkL5y)5~1DG7>Fz?3T-|uKmd6Yh_`oZ8>APYQSUpz|b|( z9v?;SCtY7?XrJ($)i?9?^s--nzm!k-w2pqgtF)zPM(E?y`|P{# zE&8B+^TjE>t=zkHJsjH`C$_U+dA9mbi_ElfW%|**j>XzJf zyB-kU;j2@`KP!Xt_~YQ)H%&I3XPdt^&BZd~{)&|~njihW#o}*Xy0s=pwm=4g3CEJnZt7UNMg+%+nn2?athCPMlj}p5h0;$*X))x9t4X z_%zaAbjm&6kGykKqN80`9I^a#eVWp)9eWoFPGk{ zw2(>Kws)fV#!2f_bAIdD$lC5az<0x9mDGU`S3XPTKHC{Qfob0SbGv1&ABpYM_^r2l z*-@?Lrn9o1E02Eo9VNuSNyoo&vV2y%(&G2Z=km6!XN^DM^DUfT@wh^vw|x5_LmpnX z`3Vod7b~ipUaFmaNQ(D%|J$?)_3ZD?KMhan_u9Kn_;%D=o+WL}YkhBS$>|ICzr6O# zk;+LoZx=oYSuNXo;pp48;u~FiYnNoLsyQLiP{m}is$9yv^Gs!eyCsWWZN`r3B>^vf z@vc4Wo1Fgi#9@WTh*?kD*0Mg_yQ#abGW6!PUAoq;SHDU&`ImJCd{Job+Ae>%UgA~D z$t7_MKlR@|@8y-t?LEi#@4Njrb|Js2nfo~Xrq0;qeuR5j@^YIF&YxwP>plM+`#7!d z$m?qxM4g)zkMU-{6uiAhb^ejCZTHRG*iH5>Ht~8sHFKWKkGsY{#j9FRY%jj%^Jtf@ z@k77)C2Qq2ukwC&^0vKR_TD`gbWC^aZ?r!$L)7zJz^CQ2o_+P_eK}7&;qcM-_2*q5 zi+XNTo_?iH{zm5Iy-PmmiAzUsT)E{g+r48((;C@rq;AbVI!j`E#{LcJJ0{xqYz_36 z{Sg>{diMpjt&gXjEA|fXJNlO^H}7IkK~{F};pSKstNmTK?i^g4WvKG}$J~m)**$V< zm(&`cTzGdiqK~;RTRP~YdGFe(_s*%!x2@TCMMLeYNzc2gN!e0Yr?9;~W_~N>MS+Y( z(2Yg*a(|?v%NnmL+e$c#v+WTM{n+1Q%E`Oum&@s6oH^I5<0_Vk=T0k@Uo`7xP;>Nj zZn@X%vhH&!&#rBp@O)+7{J5=iD<5~CRWkd}&|>vW$m5)mahx^NkN06|+uB{`^x36J zFm2uPzHOh)&ekQnt{h!=uOh2$AyZ8L#!IjNGljhJnFn&GpF0rtdhTNe{%Up z9>Lf9)T1jRL&Rsjc%Xl2FT0O_%YN=RNBi4qR{#F-FKqg0R>yDaEq+Y@X#J>e?Fw(U zWob=UV^(ZyNhr0OdTM#kd)(-(A5V_l;T5$lYSV?c|1|zMe*E6+acSX>-?ppf z2#QO}w@#)!`n>D>-m8i}=NK)%d|jvR^Fzz^c{nP49CDBQi-TxURv)BrA6PKLUE_s-BZ8G2PlDEZmZ3ahj z`!9qqI=HMN>Ttn^&5>?aQx2}#>+Cu$vS;Garwc6~&HbWs=F%7Mushq0=Ei_)Z5y|C1*yDyV)aRSslz6ZHNhv8=kIaN zHf`Zoj@6m@Ts3Rn+CrU8{A%~P*e#ZIO6OZGGQ4}?+md}(7jA0UJ#oi8*0e0CqiZJ_ zExB1L)9<(S%)M7tZA&#nXFM)v2@Z(fP_)VP{a3f$QzjQwKGFD-wP5N@5BBEE_f{X8 z=yohJMd$DWQ`0@$o`~=)SaHtYYVCx{J5|h{$OwMlX=-!b%*uD?j@??K?o6xiW{X{G zU_O5OaM?QNBUMwMZ7+#j=h5lMwBD<6+8_7FqE|1tXBbZYwBS#+`@{R~!QPoQuB*Lw z58v}fz4*5HEaOv!njZG)rFKo4v zg+o(%S*~tb`6R8n_EWN?>FS65{2AAcr2o3-pE6qYwS9S1)NR8F>mJYAZnt7Ww6LDj zf`3w5g^kx-J7V^$d~)*B3GSimf`0uz876#3>p@|2#PxrcyQUfDFI&>%d63cHt8V^s z-_`EldOaTV9!j4Rcp_s>QpNfsx4zEP{SqBMz2fImW{Xw-WG>d!)|brcxt^l#KXYST z`=Xb(Tm)yRG!$Q)5&Z6pXVQ^rd}hxVtSt772)wf}JHMPuD~93B>d*4QVImFOQv<3W zgtT4z%J+Ikq?>hDPNvPf3rpB753DO!4q6ZA_88V&dOrEq^2ts+I?vCR zl%7!+I(5yDcJ~YB(kl;d$e(6-aiYm1lb zyp=usPqMIa*2+ixGM-C467y$v95^2JaDATsR_~Mf>UScx1!%sGJ|rHl>Gtg0+TvyR zJwDhz&b@oO>Z-LrSER9UUh&_{QU63f{MfghIdD63;j6<-Gfpq8ZJenvhxMG}qL(oj zBeg}o^fSJ^wO(AmX~(I?YrFocU6N(#Fj+33#CYMlz1Y^=MMqdSO`Evm{8Hc4m3|j( zpFUaAQ@~#Jyy~6B;w^TTm$rHbF0I(6n#wG2YVn+3vrcaRAhvi-jA!Y?@6jtB{haB| zPgtpTb#_~;kPR7CEt7bn=S5Gd4*T2QCUn*LWY42TK@MGEQr_p)B8`t* zitf%|eq3~eD`Rb8@F87Y5vB!mibLOh4eeGHN#Hs>b6f1XuFn%06#d>+tm@S))!xju z!fbtUdBxM{hKj(bTYgh(SJ)jsR(Mv^e`;)>VD5z5FDJ#$5w$pPxAn>o{)cVL*WO)| zboFj`qC?ahJK;ZKSN6oNaL;B@n5O(JZ|c|hL-Gw#<%hdxeC-YP{aw>!vq-6CMXhgv z-ypB)% z5p_vl6RFb@#ZBq2Z9g}XbU)r@;>8?@q>K}n8>t-yur1SL3jXUXC%m+=K zIG$a}XWbKFX){0T<(It%cke7~U%pRF0GS`o7+b45%>wb~r znM+hIFTFC;Q?!WR^v#2p$4u_@tDZfT9{(V*^pW>Rk;>b`)w~yr^4)T@Wy?y(cyc-i!AzWjpG(BId@%4zC85A zvpv5f=f2XqZddW+@8Z~(a%R)Y6c%r^{Nr0JCx6YgZ@Eave}*H*Kd-0%4!L(?p6Yh) z9+5vkO`mRvo$<^)Zl~l?we`Xavqfr;|F(biVLsD+olm@*)Ix->2*#_{-Hns)x*b!S zc8w{yobiL*&h-&Lv>(L={b%s-u2>(*(8ILzb=R@KOKr?d|1)rU^R$TB^z<#CrIB&Y zYDTK$PDy*#_fJ25e-n1$=8nK6S=A!{8A^(0eSE!psnoqw4|JvN3C*0|Ki%|= z{f51JqNX35Fa5_laAvOO9QEgyKdl%2X!>N^JiX}OyLGm%Y27ZjpgHb{?wj*ci_0h3 zO}w7_$8nkHv~Y2=Nh=QK?_pf^+tdyj-RlO33q((Zsgd zdeYPO>C($OuN$nSK5Bbi%6ORBb7ha>voo)CCl>ZhTCB9AU%E#A;@97rWk-@{+sN+t zy54K+m3J+1Ip)!`8K&AzU7frp^Skq#s%?|{)?S@b9J4O`#@4#_aoa`K-g2~xkVM}E+6+~els!IRp4w{*S5$NO*oE`FbBBHhBb=SlfW zuUxr4aq%}_()kx<{Z_t}`bXP$>+G7uC6edY7VkRVvd8`5hO;U>x1)c!Cd6h-tz9#F zoz7F{>+(^T=A>MFck!rG*2{VQ3o2Gg0HG z=)vPl%j!5j?tQo`bVt!)g@kXbGnbUCdikbSazUJD<>H_E-`nrnUDY}+;?#-7@X>&9`y2 zABB%it1?|PP2dF2j;EWyu6Ow8J8dc7T+=Te_qCopNH_gl-nW(e_1nC7`?D-&1_6&{ zuCH%xNmV{N*HtX_wba|AXVxlvaHxM?C3ZO`)}x&HAp6qPEU9a=b4$LJM@?{x^V(p! z@{4ZS<*=)lJuW@}oSMVi#aBPIDlc%k^o(Pl)2kn5d*-PMI`BQR)xLOGR^CfM@N@wivo?#geox2KkB_@8oowC877sN`*l9Y@Yy{i;4qN9@V0 z!!vo09ME4^&vj|i&1Ew-&zr-?8+GB2@~YR{)vo()o8&3cuv=_PaIeLyl*N|TA|`uH z{4KV3*=&}Z`qrN1pGdaU)l)NaRB~_pUVUwse#8DvDc7TG93P)vvUzJy(_77h%C_ul zt3&Vi)-Zl}@0Tn5@N0+O;>=yCPkwiO`e?c|@W$7IEg^yKULV?~e|U7$_t~|b3A@wEunnDQ}E7|GP^|! z1QMRhPxamz|9V!D0=sPc(k$;+?n0tT9xHi{to$YusCj$xiD#>4TG#}nC;A*&`Eyqw z%jWziA2K|?^ZYJb>Ty2py~CQ=tt@gy*=}d0^BjJqt$caP?9XwVu(NBIJyER+bx)AZ zno)ap){ByeL(9H?c^^^e-hS)w!e_hW`H#yic<{JSBPTQFYS5?X%9Jl_cK4bFg-u-g zd~43}jHf6)tNj>Zek+PSY0<8i4lbhG~77rA6!wRR`c$;1+(1D6?>lK99#TM zS!BBwL+;vptJm}#dHeX4cEn;$@4yJw{)E?knG;Va7wmY_cU8;mtM+!=&J{OUi`=S` zmxlIbuAV!+(R3oqzmVoUhl6%gUwkuC`S5c=`u)%A#V_Vf<6fwle1IW*Wrcd!=ZAtj zPd#3^E_1c<`ITbbR^Pg1ujuNX`H+3)Pv8=Ta-9~woAOcLJSU%NSo}b9o%nI79Ic*@ zE7kY0YV2mUG^xnjzigM!S*Z_J&-WG;FX>cX7*qc1`tpi)FS~3}Wm!wnldtULX5R5& zuzcMZYqHJ!+i~@8Zx^gu`EcdMS4Y|k&G;9tE}tc{Vdo*4IUldb_-Hj>h3y{-voW7wp|T@zt%g-JkxvpI12N+TCr- z)}B83<5&2!OgZHjXVvOguAA=h(eAp|IgZyo*Yak&r*g*1HRl$s+hg!DsOiWYec2Oh zc-3RtN={5DlUSRfpDg%bd)%ID=}{Yh-DjKEwS(LLH`8;8)f0}HO}sQc^PKiuW%J}u zKOJM%i+1raXfOD%Y({^=c-+XTK`WDZ)FZ=!y zx5SqZ6#?2uRA*_brm|b)W#9g1@FVR%!;y|(b6nPV86U0a{X6N#xtH^bo3alsxV-b# zsgJ^MrD_5vYaV2_T<50!bl5PkUM)Qqrt1K#( zoy*#M;ia8irf%iR?#_^T6_55ddtbg}9WcAPbe;Rd^=&&NBJ}_{GS#!ZTeb3cMns;pt1{Z8EjqccUN`+5xV$o>R@M5(@!5etdanIv$n-UJN>-R0)3*I%`Y|b&Uap(Q z8_tz6W%-6bj_>S9-QH$5gE?LF_n$buuNrOsZ4po~Y!q_!2`TSm6 zCAlfFO`TlJ{9HAI*s}6=1ElhKzs`#{AyI=Z!I`DPzjF=@^3;3q&5LG(bS3g&y zTV&@tyC8uXmS;6szKEJnu|Kg?P_AuO%7l*d8> zo8D+HV#zeSxK?d>$@fV-;yI6IKdqK3I^KAUH956OC7}% zyDpkuI63u5?Z%&%I?gXM4E|}dNbbk-vxyPSiN~V?y8E)~)%%)ncd=N?@LyU!Lr5W% zdyZ7p^f%A?H_!6Cu`aNyUFK4&Lhf7th-iuBD(ri?%0xS+GR@<)(6nXs+3@kKWx~OO zB0n#hxhOCgdiQ);d5x=}LH^%XQ)~Vy>sA!L^isAx8zJ`Z%F_nEE7cB9FRa`6c!ApV zvHxm)DGNsz0$*;OfM@!b@`$9dtxIf2^;l-1z7^ey{k=VeL0pvhHMWbhqZ^`OmOfs_1sYm(}-E zpIiKS8FrglV(FPvn>7B;=qvOW`@3=0F5MsJjK3_`VfZ4VX>eiDwgcamip^Mki18e& zZSKME%g;E@|CT(^dG~pE|_2>33C|`Y^BjP0U_8(WQYAP4>m zly;V}_c#BneYyu;X@&{D>?%(PjJEl<_)Ue4{>$(q+V>jyDwdY9DyG;Pf|YH1P`dP! zt9U~C-w8prlVw*s9N?96kYV(+Zghy^_qo*VV8yjZLGrBD0cn#Grs+3pSJs_;8{Wda z>=q02rR713E@^N(ztB9L*>`_x+;5BJy89)Sx;HK_YS?-%)9!@T+qLqW`MvDU*lO~e zk9O>1)!1_2+4?n%)j=H&kGdNjq8Y5}raakt;_K1aPwY_zEy<0)f_8}1oqqc(s5_=) z_5F0YDT^5IEqkgK6kWUJX}fZs*8Ry|3g1=~?zqyWbhh}j{!72;(0~vo#y46Yw#&Zw zZFHqtWADZAwDNDRb7p?lO{)L(Qo{aB7=PD4u0OgTuda^%vHZZS+#B}yx5fOcSa%@0 z|Kal5`L{Mq6PvP2RBBSR@c|ph{|qem{!ZNEFVkK9;Sh)9e}+CLH|=BlRQ@v@6trXh zF)327M)1+O>F5|KL7q zWo$4>GhpS57q0c*yXLok;VnA*W@|3jxo2t;DbwzH*e|U--)*17f7AVVWWHdH#APYx zKLy7E{!I;-mhSj_a=K5kseZ3oy-mQKAKU$;lPg0SZ}w@2yZu=Ect5}0>sYU6Lj3po zoR;q|?E1Ux$KwACEUAAd?pPB?2R)K`&c9@X`nP^_I_≫tCZ9#-}F@ z3k?5#%f7x(_CLeHy#EZD?|JWOzxwsX{6pa`?HP>hpAIhhG5J3Oi|^kReJgA)JIynH!9mjp|MdU1*xCQEd--;&e(S9>Ma&l>_t{Ua5_ojfzHG0^iC_EJGIyLh ze!q_QKSR@(A3^UpE+3cYNthL|*eE(icx2nK6CQz z{8#$p{<<3RkH_1V8oZk2`gBe654FxI{}yes-?S%undheykJ&evZnb%=yuL2OV$!D@ zTi>0Ozp$_Icg(+&_tdv^efIise;Mmc$B?;Q8_us-_uBE=9_2?nSns#m#4dj&xZ%|7 z>QzAm}Ru4;*aOE4fA4qTJj#8sSI23Wup9wrGlDoe+8S!i~h0t7$yE; z`Vm{@pyv`>_lEs*+Zyk=i}`88_FYBVeE}AA9gD}rTJGZ z)8VlWsXml-MDPHcpVj3(3*4?b2LDvIFj=IZe{SkbRq0->d!)#54((&Dbv|kyc)z0WneyM+i;q3nm?I-5`5qqeeiQH{!lXV=#y7p<%=`mOX};sKfKN9wos{}Flqc>Y`M2i5D_cFp}0_RIEh zv+2|=5kZV9Jd@*X4ljWAdSE*DuV`_RsMt()jw0w|40V_iyumaQ=49Tm@Q!6t%kIvF`G_6V~xB zuza?k^XY}<+tuF`nQ!wgiRY`+{Bil=vYl*87iSmWJ}J`mQblM&NORm@o4EMCup_p z)^<&mQK3t(Nyj-pjMc`TAqQY6{=H7btB0{b3nv<=qcE%gm&M!Yw zc1+zW8S?g+Qt->yVIQg{UYn=Nq}mzI=*DVX_}=fxHcR&4`D-m5)tP2BFdntCVRlqL zz&tVV{+$^*Pj1wuONUfFTgt`s?riWh`)yf!U-4Q-bDl;otJHSCWesi>CMWL(sU`h5uw;?SEu}{OTPpL* zoC^$n_snt6`CJxw%z9o%%kCq}amL?!oom`2W!D-CKh1QuzmPUxL+zq%@1&cK0x5r= zw3oEM_P<(E|F$EwEqO}C2jLAXj~>jN>Gk*GF|E71l@A@^tCl)e5N5vItk3+=_UUob zJElACw#(f;$0qk+;CZFlX0wwsA7=k&5Xm&IEWR0Ue0!Iitow(FucPK^Tndt&VcK!x zbK=y9`2qY&J727S_m!XTWV(!U?z6py^EleP4lHj!zPIw~;#1e!7rMnWdFRfKEl+>%D_Rm>|L|;(zuXUTpX)l$GfJbi3nm%JS5EJdk7*2fw`HyJ5h?2z zX5PD8{Ecoo*?o`=e;rZJSL0j!U~iT`Z`NT>?Nm+)_Q_F~ntImx%vs9Tcl&UhTC(A` zeZG^Jx4GIHhuS1BXPa_8U7ggc zAhG_lX_ueKsUyipOR4j>lv=s`vn`&O`72!4 zEM@PqkzUMe=PR0*W3@i^-h=BqGw$=hHRb2^eKc3;sa(dRJJ&XrmdX}s@BWb9VkeVj zC*B@-sIZ2lPxthQMPH;%Jkx=mRs!G?%97h9rIdBX4>RijK6%Y$ZXcHS=dLl$j&8ZN$wcuS`(nP#@A7hcgew>RXEer(M<@336zU+N;>+6*L=a=6< zR_7*vH~-YmM0562=e@qX4!&M|`}PC(gZo8)%$a^s=c~jz<$D)gS-u z(T`oDTA8+b*^! zX&Ok&ZjKFEz3j|VpJ%Ec&Ub&=eatZH#PV&QuT7H|dwnZH?AM-xbDqb-FYVIx51aMw zYVy?_W;csSWtnR!^ZB;yEty%edU~7B6He)->`kV6MW;AL^o}iEc_6RkKLf8$>ug0g z%QZX0BQACB+W({MI5Ue|h3U$5nRTWgn)3gPO$mL z)IR9ss%ZDQDsn6Chn7Y|oaEwzvYDOriJaOz8Y|rHE+`S1@W=J?JN+o@-3HDwLSbv- zU6=mtiHka)x8nG_jZ9kuU3MC=U)6cTP_faduV$0|`K4}l+7($&+k#%Ina6Q5bx6Aj z{yeWzao)n@_Fw+Px2DeKwvKT5DXqdj+4mr?S=NiH<1JsmXQ;F)ClyF^UA_26b46yj z(4EZk6Bj+~0(b2>^`F7*nn}Fz+l=JHHGRt^S6%qA{K&18l!K4ft5)mu&k3p4eiKw~ zD}G$e{F{~X@ijMoPCIw=v-ql6PfXUgi~af&=M%2b^T9c}>-vxEkNrM7d;gd}?iX|{ zmwuwXtIu{-Zrt|=*V@ZWJ8D9;lnw1-j7u!Ptohq>S=Z~R=KeJ4pSu69FVE&_x4b27 zD)OIU^ZTAh?M#UZvNx-)?VI~C`r*g?O)u>QBW2H@QlF5R_4vnshDXaLtS(-X9agn> z_58b)EQZP-R(%T%5;t4UT>jzuBeuSy$`|i8{65E?wX*!d+2o*^LB0aV6(kB39$c?p zU3WR^UYpH)fr|WO;WnPBD;Lxx{3w3BJDH`Ib?<4714Zm6)mGE4EM55|xW;gA*qv#o zdM`Zq81}|S^--_f!<4Pt!tPkfIj;A*V)ECFQE~T`BKd;3p*Wta#)){-}sN5A*|Q>d8#?CPFe`}dU@k8-${>vuf;u((_RNpdvZ#}-G1)Qq-|1C43+8bst$JC)uFG!|FZR05rgPzy7`Mm` z@~5AzeR+?08dKaC(^F3bw^m)R&3y2mf#c=$!>KzJrHdNxZOO~a`)VDWzUb!hyb~PZ zx2&!iPyOQ5GxKETtnik+wP%+tT*S(KjN{oBlX#9FZiimxy|uBIJ5c$VU9`xaBhFR+ z*7|kk{#ROMgwLkkz4xOn^W3a$leE^m-);<=yy4Ee?5xQdfwyNYxSY`2TpIf8x_Pxo zaE#dJeev&tmu}iOEnY8X4xfkZ%S|^=GT84vFQI;KR+*mEMCId5Qz9CV7y49B-{H(5 z!PMz{Lw@&`d?#0?o65l|#}nG}X;v8H%!0k2L;r-XbK2&ayj;}CTs`C2e3kHU!^*-l%M^seEtOgbSIwf@3%hJQ=RmN+14iXSG-C+u>H_;>X*vLaLin^V@Gl$KLg> z)|S_0Kjrb*bZPCj>T8n}JY_v!#%{SMcIl7);$^etm!EMD%GSDk@KI#>W`QNo+4p){ z&A2D|;mWL|mzPYO#QC7_(5~OHY=>R989K_lK5ehszW8wRQm2G%{m*QqqE9Zqbzp*j zVxZb>tIV}LUvm#kxbgnd8uy}Y7de;b^gj&r*>dUqx?~j%9sg5?x3=n*MCLYBUi4p? zI4@hRH|f-cYBvtQ!T zE?KJ+H{VtsDDbfOvTB#?*R4Ieti7u?PyT+lILa*G%!{*?R&G}Bk{h(=1zy=EpHaAs<_g zJe{J!$HIz?lz!yOe(_e_b6>AQZC5<+4}HIjiZ?#y z7a#j|>GGHFEjh{(UtVaP-og2Fp~}1^Wow>V8tn{n)hx^wpO`I}o_1Vz)!!}B;iqT6 zPnw<2Vz{AP<@-_JZ!^A&b{17nzO}hf#%os3$6JfpCg*8SyS^vy+Rn`zdbTX#b5D-8 z)9E>!`|ag2M)rHMuP0B7H8s{ljojZ?>)Y2P%o8?RAh__!hS$OCf7Kq&Nm|kSsqx;X9G-96vQO?i&${yU zF>N<~?t7NO#ahQ0f6v>xba_;?lTY{I4X)MNAZ_TFl_Ed7<)iJMI4_Q>x_ zm5_N-o2~XZNZ2y>$efZ@X`1uOjbk>ae4JHcu-)48yq{}Or|v6X(Ie}2PM7xy-gnhV z-prCq@G|>ruL)pE>efHvbt+8cJ#F^zkNVH+ zkxMeGdJ3O?3pnycRKDG$npe)=NTTiiqqHZpE>yQq?Bg@Mw5iC|Wtx~r5mV2zMe~Cu zDa7tPzBGJRy2^??k5wyG-Ws|)_k4`pCOu8B)ajK+@T^rI@5XEP2|21ahb3IrTbFJv z%pEJ&_;6>K|5w%iOB<(p1oxhOdC2F)hx?5ZC!c$?-uS@2a(&Vd#}DceAHx>Qh+RwR zJ!~nXzjLjBi#?~QY|&f2)U7`Q_*NgS)&H>g;k%v7{Y>uK1`5tF-qq)S${+eZIdWTs)4>_@mhGF=#wB!dUeFQ$IX^#HoVm612(R3yO|l27p6!(HkmK8R zW$V;k+qR`?Iox9RdRd|`@^V*xcS_%{1eYbxU(b4}er2tGT%^KgMG^VA(=Y9}I=5lo zacR?Mb=^&?Yi!~tesVwJzxCxj#a&%RLLPn+RblaMe@f1m>Dqj5JS=l{eP7hRn)sDj zEdO44@)f>~D}I>kdTyOcC*SeBrafQXr^b9WxGFNWzi7jiuoNLqBaZh$CoSeoaeK7k zOQy=C6O6+8%xklbssy@O9xgYXRc4+#Tl(X&^Uo)LuaA0VC;3|G(xd+jM`uk?RNkJi zZ@2Z_OF8LX*XM@%zq|2ut$ernw|h)K3e_fO-Ar_T$(1_J%X{n}{I$%{(G^|NkG+~tQ%CV$0Dduks}@-4jL_3Y!1oJ#e#Ijd&9-Sc8j&Vyf{ zvQNBus;iNEr!emF?g(`bO}q=AOklO!Y5G_qS^w-VHx&XRzb)(vBthYERhvI89$YeDYjcj@4tw**o9z zZ_ImV>;2$&#wN9tl&73)&UcFOF36sAYfru2o5rqZ{}~?4v$}g{*4A^=i>;@&+PSJX zpRIcSR{deJq}BbY$Ba0>JlnG;R9(`z_jvH>pkl+2h8)}TYkg*|*;Q#|ZecoedCZmx zo2Nb~UvmA~T$Ak;?k*=xkBb(?E-ESeXLc#>#>QUfzgly4O`Bb)QSt0V-k$4|?$%=jn$N8`V!pW0sqcq39o6nPb3ODq+D&HH zT#;9&^qr3$?|-*sqVtUd7SBa5Rk$BB^tWI-X2)@oZKKKjhNy2#)o;C%oup>@WMb^} z_I;um|D^lR%}Tl4{{Vjm+mu`x-x{cRjkWW%-WmK8MG%p4AAhd>N;- zds4n`T==WP*eTC7-W2%RocYwxTBCO9y+giOjm*}04`)9wetB#6e6By@KT01)AG<1l zpsZ8T@*!LJt-Y)d#9XJR-O;W5-nTV2b?JoYSc&Vl#eSh${?5yKEf#wpzxDla_k8|s zy=+aPpX}Z<+gxX4oBuGjSNx{Ykv}`%XzPdU* zua%$RZYz<5yM5;m|6{sP8r?GE*zWq>U0?2Vys(q~Fst%c*pxQErKi5HtABXDb-v$L zPqm`svah%H-95myg>Ke4Hm9 ziz=vmviB-hyQWe%<*EOaw>ICGd2(+&c-|&Nu&L_Hd7sdm0y92n@y@WjxnQEcA=`q_rk!K^c!9zp2Rg^oOPJu^NuulmWg zZyP6vr~b~|p33m5;;65d_(`{yeH?3kXKu5*X7e}e>+U^A9`vtY8xz{IWQ}*4#E!BT z%V)j&qg<8bGq1QO;ksgC&e^YOyKE&mL`3p_uB$p3@o4=b>nT@{OnA_rJUOE3&$372 zaR$|oI`mG)iNEk%u~l-<4KK#VH`3+QU)N;snDXvUUDnH%vmqgUNuS-DJUu_Tdo8waQ=DwPh;iPYaIb4e@67rB zAb8S24(;o=R$fVJkt(;yUe6__ZpgHFZE9?Wkj{P;TdODG%kAb%M{joJwCyx?`tBSq zE$eQ3G}CXhNzsMRWfyBUIH@aqUvb?l)q1|=+4Ar>xozA#R>qiHtormqka@TA%f6|L zSMf#3L`R=m&b{M#Uv==}&q|XScX7RZzeVNNAv+G+!fTuKOcwP-v&ek4eYM!+M3CaP zD|&0sRVv7BU7h$y&GoeK!QY2A%{$~V!Q;r+gU?qyo2r|lk?hkmFLS51Y{;t}bGP+B zdM3nTByv#n^2>h)fu~RTxffsCv*=dkgPe4W2UlN|Rz3`1x%qhEx=OeA&WlX%_P>yR z^Ca-e<9q8R+?N`kcy6(N%`-c3x9~38wNbl#9+@4q3DsA){Ndw~GkYB#gxh9(c3oU! zGbOdS`l!{tIs0VHd>(A(|G3^bpXEmEnd>~w&n%yW_3nOEE}r+RX_E0L&9_n4t}RdV zSg$7$&UWtB)P<@Gk5;rl{5q$q*mO(6B!dF&iI?`tn3O+C6nwb(^1Z!FqLq&%R~(f0 zYO`g#;}N6ApQpX4M<(*5rCQH@{*3zxTSB!@1V$yvd=9&GR>`+%!ojz((=R-EmHPV9 zve}Ez*F5K%I4Sz_+B)-p_x~AoAN|iDxm9w(d|&gQ;gIcz!=d|h zx2VpZxA#N#NAbsLTkUo}etmn+E*yO%b z=%K%T)Zgw8PggYi_Nn?XG$emmfBOCp)%M1`()C>%?n`j1aPK{575-}P-1ey%s}?U1 zef`XTnqhlNZb#XL6wjUqVe=Z7n=P(L&UthEY-rMUg=_Ps8*Jut|Hu=5Hfi#l9EnPe z6Q{0y5t;Px?HiG=&%2&(jc=a5PpRnA-CV~T*O%U^oquw|DM$5*uS4&J_G^jEU%6iV z)z```ws-7|M82l?$NxK5cJb-#08#IMlIK0Aa#pWtyuRM_O}XKk!%T{Sx)V4YJBp*+ zxx1fTa$oD-VKC*vm6yxTn}0ArbeH+C_|dnzn;!gq_3r475bo^@R*UV*x-FK&Kqo839abk1ibo>_7%~stdAu~I@@TwDb2{blK=+Eo{}D{r;T{c%q7 zzLQrI&lizJ{P~yGcG&LsidUXDf2qGQOK603PX2}vQ9Mg zHO)~x@SlN;d0~i?;aRQ2Z+~)a*$~vh@mNH#EL@=fKSQi#!hr{&jcnGzM--YHe+97m zt8deEk$f4p@0@#9Xgl-rpU)astA+ix-^z4<^3muB_oezbe?MA~xg^-^-~FZPH_tDP z`($Jlp!;{TN9LVn+a67EJR2>L@MU?WOv#F83E#9h3U7Z|&QX7IwRiq2%|kqeU72^n z!nD>%zWo*4V)-^~n!w`MegfZ29p*c&I(Vlmkbl8yCjnbcm&h0OUg5GABNL9fe*rB) zTC>Lf-g1s(hJRKrJE66Pf#>oOyXG&ewFQ*>&rNZC>-UChHGfXfH+U|F=(L>){zaE(UHI z5e+t7(@)!NsjT_BY{EMCr}|k%Zk9(a6l5!xuM#rS*r3+-M&{p?%4Au4sS5vK{}9{b z^8a=T?U>2YGI7r37MrA{pN_B9aO{ykx9XO_yrq?oIrEOoFLjyN@r6@{C(m|OuH#gl z8|fV@5ZH2aUZVY7zKDa*=0EL8_$Ttfs6u47pK;gMOB)~dax7k} z;8*$5@8Fl0UaLHxgsLz*G2S*=X!$V9f#CsHLI0JD2})eG_FhHD>~<{wnJ$~b;rQAk z{7U}x`?+dYWmm-nu|E0ipk6rJ_|_D+T2>E{dF)wCljmm%@Cf!4JM^^^J}+*L0XNMrf1r+dONsvF&wqg2yFEKbbKu%gKcI+=8cTt{wV>%^Jc7MU`U!8 zGSQ=4`P2EWObWKELj88{=L%>jeb#v2Nm-KF@~@^7Psz$M=1-58YB+y6s^Is;$)-ST z?&fWo5B+`WOma-tE|@H}F(rL1li}rDFZM*gPk&!|DMftXbH6laWAm*gH#7?v&oa0v zF$lX|e4*u&-V?ySVC7TUV;rBaaK-CZ2Y)lu;HvMa3sG4kE+O0_e`$&vyM)Qx5!eMYr-cco7-lo+FuSn+Sj}^RQGJshmxop zTcZ}es;m3s@}HrJ^N;oQXS3cvoPQ)!XUg;3t)JfiXE@&HTQR-2{y|gy7O{Sw?{YGG zE`8N))|hxAWc%~@brZK;z1{Oy^Il=7A}7nQFrm{gZ#zdMYab6ef1tiA{)12at^9|_ zXWhDgXs*MeqRUYZ=l1>*&_1#CKf}$>kIdT^XPWBsWQk2|ZmXUh?qIj1>)$lxgp2bn zRyWzbX^?*&DW~{B{_uN=$bGXP)w8_ZKH-F+(#gE#%AeLOZaWh6L*?9#XQ6f%|D5%H zIA0|5%`r8d)fbw>bZmSd=ZbROj`eGod7B)+@1MnghNgtN!}l!bMXx^JvN7_!rpoCg zCz)R#HC?+W`(ksW-|V*Sa-^DUSaDGwVRuc1x(tqsLr** z|69k8!1;cWtgp4%aT91N|qi@2rsj$MyJkWQDd*zx#$C%j=T*m(N$2@bzoX z^^5b2{xdW&*QB&bN*~;(fAOo*lAndfKT~&FJn7*-w@3NW_CG@W-*)`SSFAqY5-z?m z;ooPUscOgU?^>?ARTJK`d}&sebK&V%Yu8kTAGZIY&;C~Z;X@fYGus9c+>aC_cg-@3@G{|uX^AB|drr_m(3SQ`FdTq%B;@e)2~p`m*?Nxm)eQd zAB@ahdYS8)C@ zjz4>c`RFa17MD+KUxQrZ`yb6eQmfPOYwE3*V|P3%*6j#6p{>2D&(7yqWoqhXpMTSJ zb&{?;6qhnvoLea=$)9hKP_OK775l`?XWRO(x8u(}KdgWI^|!_!kp*iX-tVZ|Vi$R8 z(Oo;nUukwdtDyuzRy_y;DL4Lg&ThgKJZR`$&kBa^8~j8>6d$E{bD{i|3j4gjon9| zCSGG(ykw_^u9mjKe};XYYo1R|PF|B-`lKl0S8sw!$x0ysi=&12dF`{}Z%%%6ZT`3S z%zqLtrAo^0-nm0?yWQEY_gfAw&F0AKxF7*Lzl0)|RAbo$Yv=tn#*(-GSlJ&aWFUZ@Kv7 zpoH!makXiu-+ZeoDVtSz>?yCh#GTrgf_|SasaL(7TdsQgqTD7gtrHco$1RRo1vQ-F zyXf%XqhF_I%)hDUp4?DhvBzU}%EQK=QOm9@`kWi|vnbN-rv0(io1Xfg{a3kq7Rxcu zXus*a(tVDmlWX15-@11f$!Sf!J8NIG7JuUV@KW#O<#D!q^vd!ch#vpEYCD(2JMD?r zwk;1_>vFB_`l0(WujdKu_jUHXqPlI@=9y_t9aJ5l> z%o`|ubf0`{^3<7azgILc*jZoy{E=Xn$(<>GWo`J*AN7m9mefwHstWf}l=sRzSD?A_ z{9^T~GN#WD^~%M}czCPUHSyJa&Xjihl%1BgBL7TZ^>wZCGww<$+qgqti^<>Xn&~Rn zxJOSqAAYarD}5~xaU|vW*1+k9XB|qBHa}ODwD*;-6}v=6`_s@R7jueyI##gl7Al?mUJ|oDI4E;IZ;ktg6W7+n?o{de=4?++=peR4p zTXu;NTHT&Vsyo+ zqjSPT{xk4yy>XITtnfd>^<^*YxlOBkvw|(2Cp`YW*mV1Kja%QnqHYu5xwCRj!)xjxnYrctUOV zj33zsbGqc7 z2EU3Y#_4O5ZDN@-f>vkGt9&HO^l|p@^20_F`AU|CD-YyHJ+28XF0Ea2|P5-%onj^J)6C#`{aY5w{kC@`i0xgk9xkcYxyp#j6-3Y zE#LFszMmzwao=3Ugwxwnm=&%aZ~ns*9O13&*<-fpoXF;RN-AH!iC+FAzW+nDZA+P< z^Sd4`Nz_hwtaoLoEW!9t;E`+M;p*F5c?9p<`6C1h*5 z?4$K9xAa?|_@+JcSkh&BN6&D=DXZ(#>n`2rOYGdTU*-q9pT25S_em)^mkag6`j_Wi zUzL44>_d2a!iV;ru9mO}I})#i{o}r^@Nstek>$P*>$aQ-om_Boo8_xLkLS%;@Ber1 zo@)6H8>RdFHQ7SDqwd%+xxM04=|68eMde=4t-!Ed*44fIN6TmZ*)~6ai%0&O4s8)< z7QVTwCtcgaS-bM(xo`ZUXI9;2YCLf8`K)UmTi3Jw_;&tq)w~7IeP*6$dU*R?6Q8i@ zt(Rd1H}Bthxl!q70(*DZlT=a2H zpQY%rAL0kMiF4`dnQ{cZ4w!L#`Q5Vx?$g}r%Z}UYRlJT5s#xrBX{&`8?@~RUMwc#2 zhUccw|7rawT-@s(wRztqp-ht-io3Q>Ghm!#JmF@1VBc0fo28fM8)ZD&qyKn5^B=S8 zDIe62{b%4kbS$Gx_py^&==p-fw!6C)W5Wq~!7V zW82@=@P1f*X+!$O8s7)!1rDxwu}#o7yc2yqwTu#3|Rd@8(4t_s5-o4As9q+sQV!IOpNo$Mc)sNcYIK&3rW1`r+HZQ)cz| z{!te(U-jy;FHc-bxYyl?#tYYsmKRr*rn1x(?3?;9Uod<7wCk5T$Mmj$*Q+1&3;h)TRZ~~G#_06cJL?rRzph!V&KdE#HPx!j z>dUIAQ3aqHb-XQ5+!`(>=}@viAd?ipTuA08CJy)e?`n_L73KfB%X zSx^2b{&u-__vMEQ>u=2;s_(|#IB~+1iG9B0d4=aMqc6Xl&snG7XnMZspF+1}?!N45 zT}KZ~+p>uhe_i(~w|vUCeAUbQ^6zz*|7U0s_PzAzxAq1h_j0ax5B@XM^gQm5`cltd z;e9|}^xwtO$Lo1In4LEr3T07yz~_n}65Eq6P%bEAVr3!9lyf$D<9r0UEw=-+KSwzg)R4P7i7P-7yctveb)5)Bfg0` z=IhmRpD900eEU8|{z!b|JoSwqp5I(>@xjg}=H~~CTFVza?~i)Xnl8&3xa-Q#$3E9< z93P5Jce&De#cYn1{n?)(Ro8kS=*FG@?f2>Enz=LBH77Q|k9~71u2E&fvb~ZUcJm1? zou)tK_vFa!-+!4@J^kLcUPp1)775NmHjezNH_PpEI}1HN%S%*5UCTDzdO^u4d`*|7 z>FIkvszck(+|IW0d1m_R1^@H7wd*5a?Gu=gEhoDn*6HkjhHHnGKMQ;t`LSZ&^`qLF z8z#Pa!u{E?P~JJ#aJF&Q@xJ5P*}^6Tcl}n*pW-<&?5(NyX{EIyZlSUVe_hWlPSkO8 zxmwckF8TTQi4FEr&)5A?<-OBm(%tTU&MA3m&eGbGIvMwLFKxA$@BdM(UuWah2+K4Y}o_Ctk;iT~FM%`=aW`X~80IR{Zw2 zxnB6;@ninJKa%T2t}dAQphWB9spb9WcCYy3{qVlH{_QPy-DK^)%z0nRBJ6oCqx{0p z{MZkE%QN1Ze7n44_O67kwEk5U^PTnxXU@8MCAy0D31hr(#WH)rm$#zMuYM6GwZw5> zrJ{p3f1KsIMEi$6*@9d5ZGV`lo05Fe`MXwV=H4TdHa-{IXLWV!>|*hbRCDG$=G`e> zB~@vYH9o(27iXqrWm?|-q5PrV9w~e7A8Q{@th{M1x0R=!`Dr8b%X>;&<~(jlW%##s z)ry^^Ce7*gi!0VWb_-4|Ug51$$_lkni{>mgE2M%HC!f3EAkU|E6|N%DJmO$@L@Ci3N>sC3tGzTzye; zm-}ep;>ct2vVqerO(*lWZJis$r1M8z%b2HeV&uh_b+(t*Gv9a_E;!?_$fHS_Qzn_^ z|6zWxGfi_%Mbd4J0%sS-EDsyr2iBQ2XSMyi?v&jQ-*UD*`lH9c6W2@rGu(g6n8G}3 zY4yW+!I$Qj9L;7cFg%Tr&nITrL(vEJF{={>GTA#*t=SjGdX8GJ}_(T9=GgE z@2aNV$JdpRLsByFC)wT^%neWc<{A-)H%k=LWyR2AulLRrv7~!t- z0#QFt=Oq-Jv6OhUR=@p0#deeTQo_y6C%>%>bX_*du+&~E=DgvhFQ;u={baAt%Q`y6 z__WyXOP>>+Je7_2;)?yM{j;}*KUMj2^PSf58+nVjm`$_LJ8toH zb#bP+qqpHt_vCxqYm67%*}DFg^7be7)oat9n9OpuH9lnatF1#gXvX9TUVYj-Kg3PU z&Q5)rS@xi?;Xu%j`iFntEo+Kibg}VsvaDEU7pseE0}cln8niF*%dP<$`{IA_43T0r>5w3@6PjU3s>`MPrmbG zk*v_&B}UAO55=$TT$_CKp87}8o!h+Ix&;1Awat#w=W|_Y92@65iTxDk%OL&MHP0rv zt={S$6LNA%&a`$jRqu-HIZJQ!q_4}4_xoVC{*kux3P*$1!c$vIr1IPL*yk#{Ondn4 z!HV~@UXGjerlZZm&A_Ml*^gpiy6b8 zZ`s|i9=Io_Z_&nO`!;*V)U5uxYLk|=h}+7wuf7EztCf2>ak?Yhob{rR7z3@d6`)`{~Y4(ru z1O2x)y?g4=zPv~~+xv3l<1;M+>}R_=PdiO6m-<#0Iy>@a!^Fv_`L;Ms+t!iLlcy~6 zef4(19EZ-iOUgwfZuLH0d{808^+oK_Ovd;r-yYxEoVQ?BC8x>+t7{WFuNZPSINbgE zY_+en%p#fey@tz+8e6?K$jBWQd69efoMgp$(W>*_3bOAcKK{-6x@_{^O%=!UqhzMG zEG|pG8FAw6>6CAew&~~`YFK@RFYDj@hiMaeS{}%?t#My+IICc%+Ri(@AtlP&winDa zdD{AIl2zAM5$OtM)3n?E6aR(wY&}M73OA**KHzVavYWo>r@*aa`+}NP)*09}?Vc@N zt9YJ^L^HHFf4KB2Jmrv` z?_%4%*+JJ26|UqIQT=#Kq%iKT)GBtK1y71k7Z&n9e)+44Jzd`TTVPE4G1=&VjUQ6q zgnjrkah>X9yR9$3SGnKZYLSz(Hc;})n!e)=w%O^WpTITIH-7|ly9AugZ~gUXPuuNt zJ1;G4dT4ZQJL`n!E7X_fR?I&l)qAc_rAz(B0_MI$`}8{&&C3idOTU*8|68S&pW(;i ztjpXjR|E8Z_C4(L^G*I?e`wpS>ZMP&BwoGEI(vcWtsj?oq&-Jzl`)PcCZSqTj z110U7g&!!ti>nUr4u81u#l!pBW|!Wm#6^i7c%!AZyIduu__FM3&2`JRc67)Xs;|q~ zzGG@z?9N};XPR6+@22m3wN5<7xx6$#aq<-D4q1z@>$U%G{-<~|Gvi^}Np@DoFXu&H z?q_|w@8H9??nlixJq)$k(fRe+zR15T_c$(oZKpmpe?7BKq;>I?C)dN+_?9}KJQ@;n z&4TTt-{RFbJM&aD))jB43cJ>K?PXq9=bZI*UyouNi>ZSx*I(J>UhwDSDtd)9Ks*LKCXH{G*-HZ9Yg`&jig z-J7z3Km6u9Zu=x_bL1fNrM>ws?$I2|DaVpo!e_Xbvfpm;?p@MXFZIozH?t`A<+V>d zj8A#OXKPj;_ep*y=lnbT=AswhQWiY<;PLv}9x02K{O!!^cx%OfM;(`XQMU1U`LsL9 z8=vi~zQz6imZ7`pWnFFM=tH+UHtcmfSC@FSmhr>)c+a)Uzby`}V14~O*ETuQ`Q3}k z^-(_@*R?TSj92ezj=5BJ<>k}hWwqKLKF3`?^WoUZX?g~p@8ej1*T1|Lb^VB2*XMVh zOcGCynN7U6*Z*+P?6BS`pLYmu+j0K3{h{gMw^;XgJ$0@9*uq!e@+*Ap^mA`M8cuoh z#peDu4bLt5;&JYhyc-YA3}4LkYyRW+tI?)Mb2o){oEM!mjI?$cssP zciKg-ENr|z>-YSF-_4?)x2J!Y`@pi|{IuvhVHHny-hB33Gp{Ch`JQPnE|}~u-Qf7^ z>hX@OYsXH`W+^;s{pfw$`aR4a`QCe&z1i65cgdYa>ga~6XUv;?9(yL%#lV9^T+U~t)JgtBG(puF=!F=nvZ~t^`F1)md`>}X)UX6Xt zuQ>)AI{rRlXWG5tvscs%t-N2t6~>S5zUwSXE@h~id~3Un^G8e5>fiOI&2wKj&NH0# zDMFQRQD}bhm*uf{W0*F%_ysgAH+``~ZHq}y?3>!c+D!XD$^!SJCmehbCh_*T*JHU) zzdp{>o^j&fF-`ll`yIdfkMQ$)Kl~e7Uz>H~u({6Sy`}fmFXWiaHrqd;sj5|W*L9hf z+e$C{Sg)GQ*2*Ly7|7S zJbrw>NVm~6rGPsB_^Rjo1phe1N(US6;$7QU{641sh;P;NBUM)>pS8{jdmwfG!`D-{ zW7o`3=i$q~ywI^IE75Xaw(?8c{NrMiZvWi4jZ@~?4t|krwwE`S`MCyeyMFXb_UAbd z(x&-Zy?WTw6niJVYyIkDe9tbdy0!8AnMrrfgr8QoKm7V^>3;4%(ze%DZ7(;-4YfTQ z|AGC`U;n5*zf;fdH2lxN=U(;oJb#6jtkmgKpB&B?Xj@HHTAWgH@!4d_WtodKnpQE0 zl!-29ooH{Ee{OB`%acN)wtAV7@y6{89PdMyq!sQhoV9wI z%lQotK6aI`S1K#d%i4OR@8(_CsR!Kd?wZB)@6f4QhnJzJ7@j2X~|`Zg;CNIy3X&T3IVm zhl0Jkq)yIucDhpRweg+I=X*lkvPSl6xhC1Gaw7?S5mvp^dNnE)vIM&49Y#8El*nK5Zs`(XR=80e4noUmCV|6 z(r2BUCU)nP<-ylcO;utFd%`W^7Ry}QH&W=$EG*wg{c^da$B@%|r>iin z$m*;<|0he!v-z3d9-q3g8vuK*iycv>f&wA;| zzGE}Kertoiq{|G)<6qW3D7$=Pxyp)$zT(}@UB0h{CoP${ZSk(Dj#~U~FJFereLS*c z<%#2L>#n=sW- z*FFuM^3KAhh&O!4w#@M6i@SpNZnM0VZfiCrhLv%L#eu%Pzu4ZeT z$N8w5V-u#ezptO{`K|D5)F)TDfMXWxSJ~ODQaJG-sM1F8uh#v^jh7~$wEH^a(VM_* zj>tcUELR5I?>qcqwVkgnwk6YLQqHTil-Z5C;W_*cROBFe`FE6g9%EtQ|U^_}vk3+d~M9l+`mEQd70(7e z597U;JAX<22aomb8>1?cz8|^lIDO(&!Hu`~);`&GFqy+v`+58iweyE>?$Q3>bg6nr z+1Bgt9gZhyzw}pOKAPJ<-%hbx;P0p9H~W`*%0#f+t~$`HtTg@9uj_Lj7qi?_cD+64 zlE?|Wt(qNtI~Ta|J7tNQ#BWKF^WUmIrLbq#hKa?DJR^l>ozjg)^ioKuNO7wNoL-v(f@G)hl|DIE*49RN6Q7- zUK#oeGGA(p6}`q}v7BQ=kztsafYrq(JqZEUch)JM&p$P1+v8H&*eyLpeI;{iU%rZf1;`aR2*sRjvlzEz+p45L`>0+_+NWupV!QWE8yhef?>dT*cDSVM%8u96z#*OMnv%(}9 zI@Sly3KV;H)qGmdK#%dK{}*DOxz^@?zH~K^rdbl%M*Fm66wbLsG*InJ%U$b@6+xEPg$jyWz|E ztkBrKFK;{LnP{quRHl4AYBxReScZo)OWl{R&M*B!CC=HOH`(eL*>GQ{>hjcTt^m%L zUfn&DeH?`QeDx0Y1YLA{vYT^bVOL0xP(kLY8BZ>6VE0s(upU+;WSalKv=X;g089GIAzH#>wnN@Z{gNt3{jmK=;mm%f0nFk85FJ+9F z6JYX2A!g2{2j4^(2ga9YX}&5lcDlgUYI|^jp1a7y-8PpR`&g|r z{DYN`T%UOJ)|w)j%1Nw`CLi^?_D{6YUDBrdv-hJ~uIJ%`mHz#@hvl@cZC%=%?9q0p zDE!nx9@fgQ8Jd327d!24wU)f6te?L;vn;3}{u%R)YhU+N>rQ1~@H*t3iG-=h_GwRV z?A^d9wS}p{z*alQRL^_nBkgL}M3LObpOzjtD-s^sr_mw8xNQoPA1m{`FHeJ{Z_Sbt z4bjz*eCbwkRO?9(f0R$+mUPL*%#!D?&D{``(0uvR5@%KjX8kkvCjesxGg1>7K;08I{o!jnrEb+KR2bU5!N!hGdYtK@?VCcn8> zi3GPuGAIOC1-(6Qv1rbmrUe(6Sd(w{E}x%O zz*2Z6V8MjqdkvCaY}J>W8vmK>kbS|()L`hxRd|$(t@3Z?=@TcGrZ5P)YORpftTG`@x2?zi9atHl@~5Lpur;NYUwEdZROn1MaCl+$0#x$`&rv7wviv5}JSv5|7 zJL^-=cde2?TF{%(~qlypQhUGTeRn-P;Jc=>{h0{~6?% zHmY2#30_wBjx!~9uh+BvOY`OaoxjiUPbGTm_Fg;Tm*RyR6rSC6PWauxv7YVY^*@4} zzp4LdUg5j)=1Z$-U6*<|w)}1qwEb{<^|C&D^FuYlscXW-*8W^nC;8G|%uc1kn>%$y ztkU}LvF)Es@6_1;-C<{0Asrw!t@$H&=(dS`bVaPo_)hv{egBlbTOuD|Vk_GJQUTKsu^dFj!J zUsYjE(@&hgk+6KT;llq6P0#;bn-zXo*8kvlJ9F{%mCN^T@~sq0=`otB8X?o%9MAtE z?fsEiYme=%xjpx3rD_?=OxaGAe<|0O)Lq`c@&2*>H|IT7{IT}I>b*KK9znM<1Kv#N z+wEWV#6)7@_76|gjF^Q#CtsVhSxRE-S&pL3tEO@UcW>TtW36(>c@`?wS_ceJPHk{KcAJuvFL8470i`=56 z>XXmEbYOWd!ZR)Ndia*lPHnRcKQmwHI>(t`I5lS>`!cOFg=bloJz`_%ySLRkIy!6S zB(;cV$GEd%7x4Yrg*( zCNbk^Xs(>ib#12hd9DWAtV8Yy&g$t&+qrh-++#IIQs!wcZR(laRake**yo1THqI~0 z6Yp}c&pi3^M(|2zra~{XugM3NTs_uu_Z-KX+_(qX;{Fd$M@nZf+&M9~t?pf|um6fy z=Hip*>bt93{C#^o@o^rmX#R}<9~=C`?vwzeiT8LV2su+`%6 z`j<`(i98v&N&JHWdh# z+Rivpa$t2EN7;k}GIK(;dndjU@RDZOcBeM$&L^F)_nJ?%CjU&E+T|A3pPat>PFC8p zt8(Hy1y{)xEhwIUY;E?fqF(#&oc)T9z2O^VTa6E{I=xu;@bTtCWv_bSS=T3;Hy`*F zpuK4h)BW(v5BEf;YN|N!Cs|$P&GygUD;8_yU2mqlU+b}od`#$kKDUy+PPMF0zbvdwIkJH#m2&1IsWVqr;Z;f-xTrU*ZvzR=F!Q!gSVfWTPb?&hx^fe%2)FB z|5$!>yBPM`qh-V1%lBsrveg{ok7HHuG+}eWFl{Fcm3{K=QQ=EW@zzII&j(aEjy-F7V7(?9f> z&ssaXbIq+g9e3xl-^mZip1Sq=nx*FU0)NaOR=(AJD6qV%z58EKdiV_o&NdSr)$Mqc)n`(zmB=ySrec9(7yZSLeEm0Dec@&HlG3pM3?C-Go+V5rzj zZ{1O{QP5oInAg4!&I{hyzMg%hq&ELsy||d!BkubgS;d{Y4=W{Rh|J?i{CREb{UiKh z5ih4rsyKgG$aGW8nq6i)lg&btZAE`PzqF<0rtq>^)|E;dW*xmA_>uMO);mvS7fo;C zus@VlxFEBz;+yozb+=0QU-I3(+RRzN^Zb)6UE`zwcs?$hyFD^vT8Ur0^1MC2L*f)J zzMc3b*WY`mv2%9i)_a-;52gE$ORT=+b&N}>WnFvLe6Bs}rS*l&Z%1T`-Le7D>i=?eBbr;Z_=gjLEC@Z^{!eu&v=); zW#MMItut5s_;YZ<$>fz8hrXrDc^{NKkyP>g)}*KmF26UA{&=shG5;9Xk$!2tvfzyG z+}16(J_?^dReiOdC#GMp!m8HV_agJunaZ<+ejgK+{JHJB=!y6WyJ!Cyj;v2zJ~P); z+A_>r=J-BwpGnSqkGJM#huzcrFh{qzv{ZCXUgOfqUMg;{&pC#jv;XyFO4zZ^y%)DgN258s~q z@4B*h*N6SRf=}kjZiyvyHiVp5yVY#VakmgD)<7Y+-UfcjMm~ruiLlqH>BqR6oYu4);j7W3u|jDIY$& zoFYfjr}GRy$iJ0*FuS_+qkikx?CfaHS>BZkd!`0es0dzOT2v?UG5y&5mRYB=_wn!F z+nV!~>yY|W<5$+rUB9dk$ZuQTw@<;D_1wnN%%X37D@)VMMDi_Ph09!bk(zaJ&Q*m6 z=Vd+|KO%Nbv9cz&zE<~0j*wD?{Rf@vo1GuqGrWr9-}rgmvW>gbA|6l96Fl%w_uitt z%t!aL+HurfFuVU@W_DChob;@Kji*KDINDeC?=j%8{1x6)6a2Ty&h$qe%Z?A}UDG2k zJ5SCQn9*tW&DJpNr_Z~2&+cuPn_Zl%Hog91koOS8Bi%6VmJ-*XGOB7;U+>TB=#ZT~jy zUj5XjSaz?Kg%A08y?Wj+S?u&!TZR9G&9`N-HKrRUKHqa`9si6uCb3Yopaa)4W=B-|ISp z4`!@c(8N|592l2rr?ai+wrf7i$2TX-UTK) zNB+lXza9QtD%Ksm&_6R}{shZ4*>m;%w$HHZe#HIs)Q8>+q3?ee}3$UDzaOUZJwT-X{JS?|0%~$y7Mg8|n zc4plEA-!0UGGOeUsDR*y|1{@8uE)~%+u zb#`>djnpL;7RQ$=uH|EVUwVE1*#glie-?&!ZItVOG&jpA?BtAj=5k-J#Z)|gAm6s^ zcD3!%KNJ5m2r-EEreyEm(%v?+?({=>Zcj;eX7#end$DXG8-El(DhtTd3%j5BWZsOm zv*p=;^sbon~*Bljh1vR6gfy_Nhn@zdj;aIt^JAN|%VI~Tp>`p%4>bRmh0W4h`a@A<`O*B@_}*gxlG5kV`5{I znN>RT}b!`p*!! z-~Q88gVlfBUkAj$Di_KV^I&?+@awATC6#?j)jQ=aU+^=vOmZv>581h6!rrqlPv-Ax z?g@L={4m$d)gZ=yYw8or{N15CU!>a#^Rt#Y&)a(8#eH5=&5xy~mm7{-d#-t^VlwMa z>GXD!Scw^H+rC@;JQ}yxqh{&Ug$HHbv=?6bqp>n$qr1>F$J6HOdowfRgf}#$&X4Y| z%oFvOxmG>>%$kC4W<}XTVi{(uzMNS1{=hb?n7(PB7p;78gl}%v(f2KnHq2RbVx=(8 zx_e)KTUTpKnBUfn-5Y&v)v>&^eTz%e7q}`Pwn$@U;5)QqZF=mED|$Tog{QyVstVb) z_s*}WC%0|kDVH&p(y7rfIl;5(kAD}!;b3`ZynrzPgXeaN-I#OcW(2< z%ksTO9_wU1C1mPKnOWwk1Z^z*vQ+4v=j61R3jY}dmpP|=+&<&Z^Q}=4X&t#C$NVi8 zWWC7kF~2nD-VV3(cY`P1TX$4y(Tw{nU0q7T?@zH+rCgEPwtv~n8IfvX$=799g{^m* zyi@n?*STv_pFEb`n=SV_e$O0GO4YIh=UF!!WwQ@H%Ry;WV}_p&vPi|?@ODm>}4o7%l| zQJGQl<{h(q92Pph4PRSg>*N$rUd1H1gH?b&>uF4AsQ7p|UFR=BuD znw#af&&BCAJhj=mPxtTLYH&FB$>GNHYXi6RI6beq$xt|JXLa>K=7^ zYE!0wXEKX{Smr_HE1x5$SM|+bek^s*)D8Sun~U?jHk%w@e)eoy%ocvJ>%9^EQ6erk zzJ7F@TPp3Gn&W0rynS*&OhtR@Y8A01+kGCt4yavxA}FEHZYI~F4tSChVAEkdk2j|8 zR`qcYQ_hIT%!O~ydYiSLippT)}FLe@=N?0B-?t;@cf{Z$j>%ex{%6MEZ3*^0leE;pOVsu-+V#np0? zlflS+o?+0b#;AaEh8rFf&yQ+UP(2y;K1%4;xsNj*v3z^9^zxRp-tL%Xj&B3zPRyMu zb}*%-pges}Rn;Z;MS6eUs)T#XwaeeEFKL-3^7O)0;b-a=k0$3Gbx&r~6-qnVXTxWC zK5BpJB9AWTWtFd^3U7$oMdVqmp0@2@ghsqVSnlQsrL{|!o(Yt=QnUElOw~C(+#H>D zSJ&tBY}%(RAGJR_mB;vJ(Sdm7hQ)i6?soYq&%0cbJ-hwRgGD7z!XqF0v-{Q>^ogpg z6!)(!k(2(=dTz}F-3IPI8sZb?d2_SHKDnz__{d+mX0r0slC2gSCALiK$-TFEU3BILmt8pp?&^kf zccjI9sGFK*YaYCRTlMX~FPM5X{~Cs`P4amApJ9t>gxtH})^6p-FJD9#XJ)U>;$S^f z9sEOFcJ=LrtzF?BAF>~*o9}c!_)F&7q+Ql~_LZ5h{#&tbp^d8S+E4oyg+@yXib)(* zi3-^kHbXe=!NWy2Y;7~Q&l3H&v?Nb;PbG_&}b@rba#76kTwF`P!=Jdr?aJJN4Ae zx#y^4%-Q&5?Lya>zOt0KS5gx*mgO3`-dDJHrjpra)~EfqmWN-?F?n{mq%tMpaPgM8 z5s!a{Z+aEJ`%UWA($2aw%ZyxduWWAfj`>#rpVZCOTdUgpPPXavXXZZR*q*X!pMF%_ZgW@P?fU22ZjKSl zZLZJHveTdMdWFf&naM8oZ0UW0)P0jOyH{tH^Tz(F0(_KE6zWujIA!g2powk12=S+HQzlusunZR&p z)~gz+>+-h+x6BM!$8o$ayKSrJ##gI4gVL|eGv1reRwH`(%WJhj-7|{!Z9SD|{iuKZ zB<<73_1E6k1^M(?Z}S)Zy8Y;0x7y&tzd|%TyR03g+4pHb;qO2E#@y+ciB?>av|P)q zFGat!rr!MYHS1hyU-ZH0;wna)nY>Gxx0X%&EV1T3`-=B5``bq> zViqkcHhslRy~}5c=N^`yTdV)!o?z*N8SAI7dYJvpR_?aZY9==hmHxH0njiWjH`g=G zR-KR^WU=0CPp&TC3bO~5=5Mo=yce%>IU1SrBxzq&`5>LYhzK2o&8MdTOiBtbOb7_e0=i7I6 zX8P^U?%uLvmaUS zwi)?^wjPkMkNRDF=+>?qu~AvwcHvpiWnVvf>$_mXkB({YcGs-rmb-hl*7d{r(C&~A zF2bCfP9F2MiM_q^JcnC=&cEyNe0(bxxIf-2b>n3J%x`^nuAk;#r6RO_p4l!Lfx2b; zetnpGw7<_r(!Av>YnU|`gL`1SWZh+Z&LuwzAFaG*a7es(bKjinlf!tcPdr&MX_s*g zuio@^uaa)P;H#?Jy7MFVgS45CY=!a_*n1~0*7w``cvgMSx6_tZq*Wt+wX~l7 z$Ig7^BE<=eN_~$_U&_ndDcpN$rMhRE(Ny8DX)iDBkmrBfR-&f=NW$*wTfrKh{%;*W zN^I;?i=SqRz1?N5th}80)~?54)|>YR_3PgJc)p{w`)_hUcK4)+cNX%!;TxO0+defa z&TO!$zFz;a{afLW$sfW#{AV~6zI@|WqujoiB5&1SN7iwFIDTv0wIU;P2635L?|LJu zZTZy&CEaqq#J5D5RH@Bddb^~x=*;O`o9zrM4jj$9Ca{ltWtiO5i+AFpE36Mcf6KsG z_I&c?wH42M{`jhGtyMkJAZj|-s^-(qN%OUKo_aND?mJG|BEG7twNh`V<&++LB9*sX z`NZvxb5%)8FPgl}%M)4j>DXS4brCa{pH;qKBb=|d-s(U=&tny?ukV>^EWCejotEIm zcjI-;{6qS@TMAS@y*+STr6~K(9<}bwEYUzmix=9Hwq~zZ-ZfR$x1R6CthmW38xH2I z-hOM%>1+X(Rm^WP^pv}m*Hs>M`|dp9$aUdzTMqZBJem?JS|x8o^16B&k8gh-wtVLS zRcXv3X(^sy@xX1TIIA%@4M#%$zUd`!C54w3=_SKP0mFIjrp3jkEfNoFD;7Hj54U0F1Z^T(Aprw!iQ1=Vf!)VnI(d~f;w z$t+L8bkE$Du=9^I$eOlfdvcccpOvxCCkJtFI{fVYr44WMB~OZ$aV|;RGNJHNH?Q^L zq+2hN*A>4E&(+&-lYMWJ!wnYmydA3pVnkU(cZI5^xIOn=9?Nih>brcIRhP?&{ibi?{G7|qi=M8S_T@Co>=c!< zzghPdR=n_<_BQ6+-W8RGn>nq@R`ujLZ+%l>r#AWAt|@YMTTf&K>UoPk=&84QS$g~F zq)P93#n*Pe-ug4LJbiEJ?-`c!Rsbum~$IElVzMk>$lu3}8eCJy1 z(H%n5?@rHhcgzoubxfutSPEol5u?YF4vRi?Y?Gv_n(v#lhGZe9SPWub2Py{_^63f3nwn_@xuXDL-dU(&m+`EDgCnTDffY zZSoN+JZF7HJisIQgiNh=)}@niXJd;v<8~~Iy)mU>eZXBm?TNbns@7h|`PbgIIuf5} zHqW(a*1W_s?KW~#?`Ln@my_GW+*7j7I&#|$2{9JtITNE-+<3d}i{nf{|V3Y0JK1e)gmkHut)RQFfeO1!O;JJU~=3L3Ia>zZy`B*ftTY18z zw&&TBlACO`?oR2{Y6@4sv>|Et4MQ~sTcfP6Qy;CKAg%nP(AiCI=2q5SqWZ7y{0{Bc zGL2dJKIF}M$KD3z?JQRpmrBcVUCWK|%+gZ3b|!gJA4naH(6@r*JVHb&(Kh%czvJ3jhDxC z555a7|NAwr|99Q}*n2feS9;GJJ%8)|U{Y!Jg zMg6OC=S+=#c8ufqtf19>S}p(YqE6SjLZU!HpMpJCpXEkB)p^@JQyC|eqGKB`o!sL=03xRd~67t;!fl_LC?|6~@h zJGxFZSGuup$|A$dqH3%nksKL4$+O~h_@ky29#}M8e!cxL^9lM7J14nar~*PmEE!#>lA|gG;21#_FKwO{AJnHgL_%H z3>!3^Wb&B$cVE6V&1TM%FUuA=%=lT{C2C}K`Gc*-%S(L$f+6}<0mcq0CClCXm6mEZ z><+)w+ibaXsRQT1RZnGaTv$-}=Vd|REG-8H2@%yo!N+}Dp7`|4Dr5Hvbk|s?cF^qr zuLa|V`CfHwhQWyoyV_+6y@an^UJ>VS@-v6oOwN6&hR@{{3$?o*J0;(n8lqR|?bpMX z86CKmiwn!c^xp$w@{m+E^~RsGN#ZUQ z@(MXuIREomrX38Pe=X^z{b8*B+vO>4fe(3q-k zOVrgSb*=clWSiFGIsdjSNMCVQsi@F@^$V4j(4PgF4hN2kg!Ek(4cThJQ&efUMM2`M zu41c5phHuaMx4J1r^1sW%@>O$<)5$BU?^GCxHMr=SKyrs23%FaQ=R%UxY!-Ny&kAt zoO5wY&_(YV3_Lu+S3^oHmxatY>cJ`!=)kZv)V9#2_NZl5{roDnwTT5*NezYS8rANpYO{To_cacL{~)LHe&(vORwg=f?t<9FxSaHcHmnq66ml_ zWR+3XW05HV+Ffjx=jx_Bc~ElH%&55k^S${Fmv`*6wcUNGr}4z`OOw^FTuQlMqSfdB zBWQu_u}nsV1gVfG+iL5NHOMe9i!5NWx+uXi=kf>Z0A{91nx_`J@tZ7QFwj__qt!Df z_*cm?^_ZZQ>Xx=ER5xB(wez`21LLLE1(RG~o;=Ged)8zUo8xQ0;A0sK$K$F3EMK~c z@Vz>`_?>-Jsez#^uO+9#vqmn9m7<&H$W1xJyYu^UbuWgZKgZdYw@%Sy&D!rb)ui^Q zwt`x#a?YHP-S<_eIZ2dQnzFd`G-N*BZ@b#u&*>Jyc>!vKBw;__8pW_lnMm zg9mT1WxZLkUc*gB&M@%x1?O)JyV)2RLfv8}IZE7(_&xa_=i=YRH8ww3m;H!7^iONs z#6_FuF5NR%rf}!^FYB+o=l*y1Kf}iQKHdFWP4auMNfn=1Fk}7Q- zWAVfOqK?mhlt0qzU2*Kdn@Q)s#xGB9KKN~2-=S}|vEDa5HZfQ&X43w-=R^L{{*HgL zJEMDrkA9zaZc>WGQsr5{>JQ3q_kSDxuvYDyt^A|6pH^}iDy{y{@WSDG^a;(7-k0a! z+q~M6>J~MB%VZDT8%tJi_>K1n;g0jtipD8ov} z5B#P1Wl!6#xM@?nE|&*|_y04j_x8HQ5cDPHQsCs*UI*;#=6glu)V{nD z!M;-Bz~U9hCExli?O&@Px4Up&`=!M@w}=Ny+_u&7DyelWpsr@V~OU#cpEn!+xB~=pOT%2iAd`zNJz4_keFViw|AG8^_a)t0G z`1;=(T_}2b-|61mG7~l{`OfvN z&nB<*{MV_{eTJ|2lW=fWdHzGrMSCxr#u){fS<0-?GP_z3-1YOUpq6 z@oRc~*IVY#sAJk-pIOiKL-^P{-u}oBYk%49`R?_aiBGBc{;j?BN2|mpYaM%^wzKr- z-e1?J{V?EM@=?Aujqy!j&6UPBr|m1gtkH7JD|`4VGgak`M5$vb++&d%#|7Oy;^eBny)t9=R|?Hi(O<^7eOo#|AW;E|M;__Duh z=ZEOfeNu1sab`Ma&Wk*{dWDwd+j&#VUAJxb@0!)uq7TjE#;tFk6?GoGs1&@Sow}J=KaWf8$-cJeFP-II+s?oyF_pRRxo8 zbgsDd=IHf3g%9qgnfzyHNqbhUecE&4=_St34?c~yJn{9{b?+sw_c4C#-Iw=v?X!vD zIUkLf7JNUkUi8QGht>QnS;zf8Tz&d=kC5hF{@Y8mkNa_lPtBTV^Rd0{tFYPR^>>uL z6+TPO*_gjBE9%wZLvOs@G>_+&9t<)aNH@*U#4>f6=Y z<1g`i+k8s&$+Y_g!EdUi@>^;mAKChQ@0j#GZ0gC5l;^Um^qIFzj~86KN3q=a^s;-= zoy)gOJ*`+XaRR^pq1pb~eP)|8UYW+`eLor}`0v`qcWY!S>jJuxI|KR{U(fnw_es6TuN#Bb+^U4On3t0@yDTcs?87oX1QLRxq!PUgyTk^QN?=S=7aO3KR!RS z^=gg(vNhiYW0X`*9hK0t4HrEhWbQU$>den+dq3Phx=(7~zpLWD79sq(&s?0&i(4pP z+Y#S!PiTvw`(t@7_RCux%44G$x7hI&vDT`6*tW2EWk&gTW8eHm7Tvy{X=w%v4=SrX z`T9P_{#YX4%7>3-pRUol*8h8En1Tw!$EE`*{mC&O_V8`B%RQI=Q2cG~`j@+cegq%Y z5)z;2ec}XP1W(HIiV|H(Gza!+;KV}VEKLBt)ge)1}i;n`?qg>@+19Y zCeMe8+@9snb_d4>$h~C zT(z-Xd1~9a-e=s_o7OR$a}=HZDE?;lqyG%;f9&#WgjdAhxqXiBb;9g}aehVYQNR3; z)QMauIk=M7>_qgN&yqE5n&%(-{s>-^RV6mDkZ*pqf`dh*bj9E7`O_}$+%!9APIy>^{u2FnQkcj3?J;*CcG+zWa*MtBNTnb?mJfn+h~~GnXeX_KsZqtX`x>YDZiA zm)HJgmi1RRt&e)N$Nj_VfNi{d^TntAXE?v|jZCH3$Bx>mZj_|UAydh;uvx}9xUb9mN^t@rseKB;`Poi$e!$t4jU%Rca@4Wq21T>0);Fw)J+sU7U=Q=86IIvP7A~*Y?mYF`?+Am(i+h^1 zwT>T&x;ypw#N3r$t6xa%de0vp^LpFl=vV7h1LjJ)Moo6wWV}URc($%t=Ft}8JL?6H z9k$Kdwy5NXOzf+&j!h>&8_0^=uG(W3cCBj3rf9WG?N1M`vbuZs=wb0$K6Co67M4pz ziM=b8w|n5e%r&oUox=p4Q2!sEHU6pQGx-`>FP_)f*xY|<;f7wl^!{@JMK?@uROCBc zT6_CU*KL-^>V@BzeP^E8eynQC=8mKft=ng~ab)ZYSseWFmQUPum+cN!nmvzpO>N@P zyXWyJ;K0}8*XGx*zVDdklQWk;;^4}x$Ga^9m;LenXnRdhz3-BOTO=QAbUgRX4EMKD ztp|5cmt-+#T9IvM@=?Sv$B;;?FA>S*%9i*`2JWzxxHnM*!rjuuZ# zs?9cz|0uUX<+st@M8h6dk@gD{_gFr(US0p?uB8Cm!}Bp$Z0$?%g`AsZGFrt zoO?}toLPCy&gZ|coVGccl3bp|@g&dGGgfGB_dSh|*Vdvo)`@$5L`a&$S#G>>|`+=qF1)`!d zRkwIBPQA`2wsW_4^zFspWWWQGXmBqSc zAyO{03nqx2e83p>%f3x7&zV^wz%RmJUBB0+En==mlocLG&G+k-t6gKUa@K{VDqXkS z+m*K4`G`F*W8+_&cdMf6hx^WDT8z)OmQ-s8N}p1cZhUa%>HP`*qLZQ~YsQL-8D`9X z@rqkh-h8cb(AHU%cGs<*1Xdp0(M4iA|x1U4Cuay}N!Nc5P{SkWgK^uH$ILxnE-X z>-F_>rdQA8@oo)#8M^&`?F6SJE$Q{5#jZ@;0m%P-=9y+Sprkq=AL`Oh$KtI&;0I=Z>b4L5Q&RLKM{*fL=|@7~QPzN{{Y z@j9oJWcKc5S8P|uo5k!`!qi@!6;Z#MvxfV)(Yg;-!ja+oRHr>N@4M!(T=vzpZ8pDG zN(FgJ9z0w8%v1Ds_Qd0Bvn8}ya`HGzt*?Bp-^$_h_d?~$2OrM(xO}=Z)AGr7Q}07H zM>UfC&)?hrWl7lHPaQw~0|Tx$Zt+cBbW6v*;BJqoXu1C-yL0<;!WN`_laJcA(QRXD z08dp|+w3#xcK5F>d}A_EcG|ShJ93xzZ7s8vnf|jgcX?092{Ub$#}mV@cCBY$AJw>Y zrRy3YA@7}s`gaG+*XUW!zBPJxnf0cuIR{uRzWis9Vw<+8@?r5D`KatyR+EfX_jw$3 za;vnPvTc*a{kA1jyFAw0Y~Qoz47*v(Gm zyeq>XRFJt^^izGHVE&(=INf6tPz-sNoz_NMPRXZh4))vQ1rZ)2gl{ZTi!rTx~l?vHvtx!f$! zlb5O1{(I3g7n__nn(H&O3wCrrc|7OpkNp*^@eXcQW zrZEpfXP1O`cK2K{i}E@e!T;{t^4C67EYH;z9`)B+rFqNnsAJ(o&ckwxmRvG)&YjAc z*yNj)aVzBe&Oo_~cQ=M?nQ`IIks`xCuXla8x^&;AdjTgH{xet|E42))S@`fgyS7HK zoVQ?4pKsYe?jP=jYwjCIy}XyulUKvF`@?sS%j-)uCOx}jpvU;+_w|eQ95%)aUv4k= zO;1|gU^vPD^E%0^`Ocark38SUUn6$eBw}{_^)*-AIJi_F&yNXTRZ;Yx!F$v66I(Z_ zIvz1%Jh&>baosC@zU9A<^we}%FtdCUePze+p}cMB*2t%q7N>RDp73~)8L;$RLHK&@ z8&B&Withc$w_@ApR}sA(C-S#W1W&F$Ycn%VC_&6}eO#}^(U?!qExo>*nXHz0v-a`q$bbMn<($GAo}IgF_9Fg`(Moyj7Ew=g9`;9k zWXinNmeL`5=(((K*~MjZ^3KG46Fc(vVEto z)2o1*Pn8}L|E3=P(HwDQ%X^9V46|~dX&d7zJtf}koB29cN9@DxNNI^=ChbXLssBE# zRa(4Sc-Mu6k9~`@=UP2`9mw9dTUr$Qn#4^mlo@K~3u7yFnJaO=44w#6%sGXz9R%&Gbq?^3b$_CG=Gy!xjN|3W{izx7}9 zD%0kI>TRuuJJ{v6{@iQ&Ry(UUxvW{~0_4uV;Pwmcm+}JBF^1CJ2 zUdv*=Ql?p%)}*JYtKa5%|7Cx(UGhlapB?YApRMn(le@ad_0gkLPf3?{#_K&P*DroN z(&Hs~Q08jp9?L~0ZE2S;Y_KsDU8442i$(3M=Q%&`WE$PDpKijEbKuymuBVeHxl683 z{g~eVB~j!Ox5znLyRA>G4(XKhbu3`GH}Ba>-_4hntQT6ldi6fu5-FRsh+|g5$AA83 zu+5&c@#oymug71I-g(maiy(sjI>ayrS1M>yW^V*Tz>VOIeo%UJE}86L$&zDdCu3` ztD?Hgo@afk)xNrq|Gvw1b)Owv7rk~zm-`gQX@B_rJOyI!mF-r8{Z?8+IB zmF7f#)<5=I{>^`eE~{e;Q<_h={R-G!m0-9&|L^Qlx2tv1tDZ<2&(l6_pHZQ-^|~p) zBGbF6pZoq?kN+(lcV}bM(WPo?=bo6}@9@05^Q@cQ!?$*NcnRi91|9|4dK+ICM+aK5puo>*>l1*ZcmcFD+d2$7t8KD^ETL zDl0mdi9XZNRGWFad--z1pN${A?)h`Ricg#?8MBk2&Nh41-+6Y1F_~6(s$8x|hu+A2 zzG5x^ZEyF>xnEDOOxVVCx}a?0kL%4pxE?*M@yrTKV=oV=eQj~+N&1|*{TJ?PM_m5n znEqsQTcr2|+t+99%xYM-?btjyX!};3h`fZwufywvV(!QqDW&D_*!%is>el9<4}T`! zJ0>I19+fAq>AS2(;hxN7pS{(|obkFpPyAVZXMf6n2HEI}`Xll;FFmMi;XSr-pH{}K z*kv0nw{HnO({Ax6d(wv`n_k}f5*+D~ocnmH-Ph?hix<91Onc?Jtd{$C=?|m(kL2IH zU2!k!HnZuzo8ehsE!X$kr|)Nozn7({wlw2_%YKc-U)S$U*SU55p!5w>Go!^f{~YX( z`l#PND{OAY@7%Yc4ksSeX0K~?Kj)@2tK^oA`nMVKH;dO!F-(}?sC;RUb--ty2z$-< zvwnGho4sN4q$j%%ENPc8eIRwlaOMqB8LsaI*W9OS#F<&)Er9 z>@X0T?{$2`=53iXeVi}to&GRyZkmqBPvwp_&1-8eZM@ie*zL}lTNiTL<_aBKy*1R0 z&2HQ9}% z{=#+rOr52i_bOyUUt2y+yLEn^tLetwO>S4FvmA2{wG2#sZu^quQfgz)gTAdQT1#a5 zAFWIjJ=M8(lJ4?~bG$wq{v4O@HDoyWpP_2o9)BHt>x;=z(WSi_BCH2ws-7*=ZF#tA z>q_g5^M0(1m^X82F4rd2uGi_#Jz@K%uCmeLs1c6&;xhNZysuRk`@-ix`p+PB%HyWB zw%q)Ov1MUBt|mLr`+O0-eA6Q(Ztkw@vnuKyC8{KNxc@YLu}gd7c9wbf9|v8Xpj!0W zrkW$Mi8cAv_hl9{mFlzuf8L${`P$CAwKFAJEuR0$=z6A|;?A~c!JkhhYduoESLc3| zbI*F5w@%IT-1S%W$F|kzR~D2uBHR%rG~6l0NI$70EUS+f|Rg z7^YV8soZgtxq4U6A@!E$x9@8z)2H}uu{@|CwST$Ce};^^JD!-azYfjSOTO~9##SWg z!|Jc=HoIL8nU`#nytinc=u?sTUhlpbuxPp0gautWw<)OEs+RBWEJndRhL^Kuy*neK z**}H<^PiQo*sHE`^h>izu5;h{$fEi=^ZHvIPm~p^xE^oaF+p1_u`%|0XR>3#jrh-J z3wB*pQaips>#Dc&x>=hnqnEPS+oY{{Wbkfj#oO>aPn`qvKc97%7o23j$9}EK&C9+o z(z41tLaYir4#tGpT-f8%^Pn$#&5mAKgH!zSk0YeEWQexepYzT4xo4baeI_~RTwUO` z#l}p2(dzdW?0eEY|IwdUEamAe8*Q%p1PMwZ!4bso9Y^S%PwM0 zviw@#)YC$>8lHwFrf*HvI6^i(jh<7!y5Rom;)$0f)>v>FJ+|9gre?33Y%yu#M%kM= rKV#e1MsAzu$DPbl#GC4LX6>grMfPi>J7>H*dEQj8b5Fu7`~Noq8t(gc literal 0 HcmV?d00001 diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 08be3e0..2ea0105 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -17,60 +17,83 @@ ]; }; - home-manager.users.bluebird = { pkgs, ... }: { - home.packages = with pkgs; [ - fortune - htop - tree + home-manager.users.bluebird = { pkgs, ... }: + let + homeDirectory = "/home/bluebird"; + in + { + home.homeDirectory = homeDirectory; - nil - nixpkgs-fmt - ]; + home.packages = with pkgs; [ + fortune + htop + tree - dconf = { - enable = true; - settings."org/gnome/desktop/interface".color-scheme = "prefer-dark"; - }; + nil + nixpkgs-fmt + ]; - programs.chromium.enable = true; - - programs.git = { - enable = true; - userName = "Katherina Walshe-Grey"; - userEmail = "git@katherina.rocks"; - }; - - programs.vscode = - let - system = builtins.currentSystem; - sources = import ../../npins; - extensions = (import sources.nix-vscode-extensions).extensions.${system}; - in - { + dconf = { enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ms-python.python - ]) ++ (with extensions.open-vsx; [ - robbowen.synthwave-vscode - ]); - mutableExtensionsDir = false; - userSettings = { - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; + settings = + let + backgroundOptions = { + color-shading-type = "solid"; + picture-options = "zoom"; + picture-uri = "${homeDirectory}/.background-image"; + primary-color = "#3a4ba0"; + secondary-color = "#2f302f"; + }; + in + { + "org/gnome/desktop/background" = backgroundOptions // { + picture-uri-dark = backgroundOptions.picture-uri; + }; + "org/gnome/desktop/screensaver" = backgroundOptions; + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; }; - "workbench.colorTheme" = "SynthWave '84"; - }; + }; + home.file.".background-image".source = ./background-image.jpg; + + programs.chromium.enable = true; + + programs.git = { + enable = true; + userName = "Katherina Walshe-Grey"; + userEmail = "git@katherina.rocks"; }; - home.stateVersion = "23.11"; - }; + programs.vscode = + let + system = builtins.currentSystem; + sources = import ../../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in + { + enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ms-python.python + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + mutableExtensionsDir = false; + userSettings = { + "extensions.autoUpdate" = false; + "git.autofetch" = true; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; + }; + "workbench.colorTheme" = "SynthWave '84"; + }; + }; + + home.stateVersion = "23.11"; + }; } From 85b08086fbcd5b0f46af93d65b221c743106c6a7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Jun 2024 21:27:40 +0100 Subject: [PATCH 019/438] [tohru] DRY home directory more sensibly --- hosts/tohru/home.nix | 137 +++++++++++++++++++++---------------------- 1 file changed, 67 insertions(+), 70 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 2ea0105..e62fc71 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -3,6 +3,7 @@ { users.users.bluebird = { isNormalUser = true; + home = "/home/bluebird"; description = "Bluebird"; extraGroups = [ "wheel" # sudo @@ -17,83 +18,79 @@ ]; }; - home-manager.users.bluebird = { pkgs, ... }: - let - homeDirectory = "/home/bluebird"; - in - { - home.homeDirectory = homeDirectory; + home-manager.users.bluebird = { pkgs, ... }: { + home.homeDirectory = config.users.users.bluebird.home; - home.packages = with pkgs; [ - fortune - htop - tree + home.packages = with pkgs; [ + fortune + htop + tree - nil - nixpkgs-fmt - ]; + nil + nixpkgs-fmt + ]; - dconf = { - enable = true; - settings = - let - backgroundOptions = { - color-shading-type = "solid"; - picture-options = "zoom"; - picture-uri = "${homeDirectory}/.background-image"; - primary-color = "#3a4ba0"; - secondary-color = "#2f302f"; - }; - in - { - "org/gnome/desktop/background" = backgroundOptions // { - picture-uri-dark = backgroundOptions.picture-uri; - }; - "org/gnome/desktop/screensaver" = backgroundOptions; - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - }; - }; - home.file.".background-image".source = ./background-image.jpg; - - programs.chromium.enable = true; - - programs.git = { - enable = true; - userName = "Katherina Walshe-Grey"; - userEmail = "git@katherina.rocks"; - }; - - programs.vscode = + dconf = { + enable = true; + settings = let - system = builtins.currentSystem; - sources = import ../../npins; - extensions = (import sources.nix-vscode-extensions).extensions.${system}; + backgroundOptions = { + color-shading-type = "solid"; + picture-options = "zoom"; + picture-uri = "${config.users.users.bluebird.home}/.background-image"; + primary-color = "#3a4ba0"; + secondary-color = "#2f302f"; + }; in { - enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ms-python.python - ]) ++ (with extensions.open-vsx; [ - robbowen.synthwave-vscode - ]); - mutableExtensionsDir = false; - userSettings = { - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; - }; - "workbench.colorTheme" = "SynthWave '84"; + "org/gnome/desktop/background" = backgroundOptions // { + picture-uri-dark = backgroundOptions.picture-uri; }; + "org/gnome/desktop/screensaver" = backgroundOptions; + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; }; - - home.stateVersion = "23.11"; }; + home.file.".background-image".source = ./background-image.jpg; + + programs.chromium.enable = true; + + programs.git = { + enable = true; + userName = "Katherina Walshe-Grey"; + userEmail = "git@katherina.rocks"; + }; + + programs.vscode = + let + system = builtins.currentSystem; + sources = import ../../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in + { + enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ms-python.python + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + mutableExtensionsDir = false; + userSettings = { + "extensions.autoUpdate" = false; + "git.autofetch" = true; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; + }; + "workbench.colorTheme" = "SynthWave '84"; + }; + }; + + home.stateVersion = "23.11"; + }; } From c51b3f5a1a630870dd1b755c73bc90a3b7564200 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 12:03:57 +0100 Subject: [PATCH 020/438] [yevaud] Allow remote root login only from home network This is hacky and I will come up with a better way of doing remote deployment later --- hosts/yevaud/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 4e3176d..89f7bd0 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -30,6 +30,11 @@ }; }; + # Allow remote root login only from home network + # TODO: Find a less hacky way of doing remote deployment + users.users.root.openssh.authorizedKeys.keys = config.users.users.bluebird.openssh.authorizedKeys.keys; + services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; + networking.firewall.allowedTCPPorts = [ 22 80 443 ]; # networking.firewall.allowedUDPPorts = [ ... ]; From 570e376e2e895f51957505b507b5b59952859f9f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 13:35:33 +0100 Subject: [PATCH 021/438] Remove pre-24.05 workaround for pinning --- hive.nix | 11 +++++++---- pinning.nix | 23 ----------------------- 2 files changed, 7 insertions(+), 27 deletions(-) delete mode 100644 pinning.nix diff --git a/hive.nix b/hive.nix index 41f2d90..f331dc7 100644 --- a/hive.nix +++ b/hive.nix @@ -1,15 +1,18 @@ let sources = import ./npins; in { - meta = { - nixpkgs = sources.nixpkgs; - }; + meta.nixpkgs = sources.nixpkgs; defaults = { pkgs, ... }: { imports = [ - ./pinning.nix (import "${sources.home-manager}/nixos") ]; deployment.replaceUnknownProfiles = false; + + # Make point systemwide to the pinned nixpkgs above + # https://jade.fyi/blog/pinning-nixos-with-npins/ + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake.source = sources.nixpkgs; + nix.nixPath = ["nixpkgs=flake:nixpkgs"]; }; tohru = { name, nodes, ... }: { diff --git a/pinning.nix b/pinning.nix deleted file mode 100644 index dd508f5..0000000 --- a/pinning.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, ... }: -let sources = import ./npins; -in { - # https://jade.fyi/blog/pinning-nixos-with-npins/ - - # We need the flakes experimental feature to do the NIX_PATH thing cleanly - # below. Given that this is literally the default config for flake-based - # NixOS installations in the upcoming NixOS 24.05, future Nix/Lix releases - # will not get away with breaking it. - nix.settings.experimental-features = "nix-command flakes"; - - # FIXME(24.05 or nixos-unstable): change following two rules to - # - # nixpkgs.flake.source = sources.nixpkgs; - # - # which does the exact same thing, using the same machinery as flake configs - # do as of 24.05. - nix.registry.nixpkgs.to = { - type = "path"; - path = sources.nixpkgs; - }; - nix.nixPath = ["nixpkgs=flake:nixpkgs"]; -} From 0908d7a2c8fadc1adfa08a3f28a9697d7d1512f7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 15:16:17 +0100 Subject: [PATCH 022/438] [yevaud] Username change: bluebird -> qenya --- hosts/yevaud/configuration.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 89f7bd0..2801080 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -14,7 +14,7 @@ time.timeZone = "Etc/UTC"; - users.users.bluebird = { + users.users.qenya = { isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ @@ -32,7 +32,7 @@ # Allow remote root login only from home network # TODO: Find a less hacky way of doing remote deployment - users.users.root.openssh.authorizedKeys.keys = config.users.users.bluebird.openssh.authorizedKeys.keys; + users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys; services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; From 3ca50c6d175106eabcdd784ea5aeca041302f331 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 16:11:54 +0100 Subject: [PATCH 023/438] [tohru] Username change: bluebird -> qenya --- hosts/tohru/home.nix | 11 +++++------ hosts/yevaud/configuration.nix | 2 +- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index e62fc71..77f400b 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -1,10 +1,9 @@ { config, lib, pkgs, ... }: { - users.users.bluebird = { + users.users.qenya = { isNormalUser = true; - home = "/home/bluebird"; - description = "Bluebird"; + home = "/home/qenya"; extraGroups = [ "wheel" # sudo "networkmanager" # UI wifi configuration @@ -18,8 +17,8 @@ ]; }; - home-manager.users.bluebird = { pkgs, ... }: { - home.homeDirectory = config.users.users.bluebird.home; + home-manager.users.qenya = { pkgs, ... }: { + home.homeDirectory = config.users.users.qenya.home; home.packages = with pkgs; [ fortune @@ -37,7 +36,7 @@ backgroundOptions = { color-shading-type = "solid"; picture-options = "zoom"; - picture-uri = "${config.users.users.bluebird.home}/.background-image"; + picture-uri = "${config.users.users.qenya.home}/.background-image"; primary-color = "#3a4ba0"; secondary-color = "#2f302f"; }; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 2801080..310b37e 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -18,7 +18,7 @@ isNormalUser = true; extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on bluebird@tohru" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; }; From b83c95b8b69c09044a8eba0eac20b80ce00766e7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 18:14:21 +0100 Subject: [PATCH 024/438] Modularise user config --- hosts/tohru/configuration.nix | 1 + hosts/tohru/home.nix | 20 ++++---------------- hosts/yevaud/configuration.nix | 9 +-------- users/qenya.nix | 16 ++++++++++++++++ 4 files changed, 22 insertions(+), 24 deletions(-) create mode 100644 users/qenya.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 4878136..b39db2f 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix + ../../users/qenya.nix ./home.nix ]; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 77f400b..44eb80b 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -1,22 +1,6 @@ { config, lib, pkgs, ... }: { - users.users.qenya = { - isNormalUser = true; - home = "/home/qenya"; - extraGroups = [ - "wheel" # sudo - "networkmanager" # UI wifi configuration - "dialout" # access to serial ports - ]; - packages = with pkgs; [ - # TODO: move these to home-manager - bitwarden - firefox - tor-browser-bundle-bin - ]; - }; - home-manager.users.qenya = { pkgs, ... }: { home.homeDirectory = config.users.users.qenya.home; @@ -25,6 +9,9 @@ htop tree + bitwarden + tor-browser-bundle-bin + nil nixpkgs-fmt ]; @@ -52,6 +39,7 @@ home.file.".background-image".source = ./background-image.jpg; programs.chromium.enable = true; + programs.firefox.enable = true; programs.git = { enable = true; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 310b37e..06a3d29 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix + ../../users/qenya.nix ]; boot.loader.systemd-boot.enable = true; @@ -14,14 +15,6 @@ time.timeZone = "Etc/UTC"; - users.users.qenya = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" - ]; - }; - services.openssh = { enable = true; settings = { diff --git a/users/qenya.nix b/users/qenya.nix new file mode 100644 index 0000000..9310f7b --- /dev/null +++ b/users/qenya.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + users.users.qenya = { + isNormalUser = true; + home = "/home/qenya"; + extraGroups = [ + "wheel" # sudo + "networkmanager" # UI wifi configuration + "dialout" # access to serial ports + ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" + ]; + }; +} \ No newline at end of file From 4eac965b885db54d5a565ed10bdbbb474e0d71ba Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 19:26:05 +0100 Subject: [PATCH 025/438] Modularise nginx and openssh config --- hosts/yevaud/configuration.nix | 57 +++++----------------------------- services/nginx.nix | 33 ++++++++++++++++++++ services/openssh.nix | 20 ++++++++++++ 3 files changed, 60 insertions(+), 50 deletions(-) create mode 100644 services/nginx.nix create mode 100644 services/openssh.nix diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 06a3d29..c4bb9d1 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -5,6 +5,8 @@ [ ./hardware-configuration.nix ../../users/qenya.nix + ../../services/nginx.nix + ../../services/openssh.nix ]; boot.loader.systemd-boot.enable = true; @@ -15,59 +17,14 @@ time.timeZone = "Etc/UTC"; - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; + services.nginx.virtualHosts = { + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; }; }; - # Allow remote root login only from home network - # TODO: Find a less hacky way of doing remote deployment - users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys; - services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; - - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - - services.fail2ban.enable = true; - - services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - appendHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - - virtualHosts = { - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3000/"; - }; - }; - }; - security.acme = { - acceptTerms = true; - defaults.email = "accounts@katherina.rocks"; - }; - services.forgejo = { enable = true; stateDir = "/data/forgejo"; diff --git a/services/nginx.nix b/services/nginx.nix new file mode 100644 index 0000000..a5a91c6 --- /dev/null +++ b/services/nginx.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + services.nginx = { + enable = true; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + + appendHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} \ No newline at end of file diff --git a/services/openssh.nix b/services/openssh.nix new file mode 100644 index 0000000..5e9651a --- /dev/null +++ b/services/openssh.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +{ + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + services.fail2ban.enable = true; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + # Allow remote root login only from home network + # TODO: Find a less hacky way of doing remote deployment + users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys; + services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; +} \ No newline at end of file From 7b87bdbc2f0e153de39a29c6839e696c425698de Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 20:31:13 +0100 Subject: [PATCH 026/438] More deduplication --- hive.nix | 33 ++++++++++++++++++++++++--------- hosts/tohru/configuration.nix | 7 ------- hosts/yevaud/configuration.nix | 6 ------ 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/hive.nix b/hive.nix index f331dc7..2775603 100644 --- a/hive.nix +++ b/hive.nix @@ -2,30 +2,45 @@ let sources = import ./npins; in { meta.nixpkgs = sources.nixpkgs; - defaults = { pkgs, ... }: { - imports = [ - (import "${sources.home-manager}/nixos") - ]; + defaults = { name, pkgs, ... }: { deployment.replaceUnknownProfiles = false; - + networking.hostName = name; + + environment.systemPackages = with pkgs; [ + git + wget + ]; + # Make point systemwide to the pinned nixpkgs above # https://jade.fyi/blog/pinning-nixos-with-npins/ nix.settings.experimental-features = "nix-command flakes"; nixpkgs.flake.source = sources.nixpkgs; - nix.nixPath = ["nixpkgs=flake:nixpkgs"]; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + + imports = [ + (import "${sources.home-manager}/nixos") + ./users/qenya.nix + ]; }; - tohru = { name, nodes, ... }: { + tohru = { deployment = { allowLocalDeployment = true; targetHost = null; }; + networking.hostId = "31da19c1"; + time.timeZone = "Europe/London"; + imports = [ ./hosts/tohru/configuration.nix ]; }; - yevaud = { - deployment.targetHost = "yevaud.birdsong.network"; + yevaud = { name, ... }: { + deployment.targetHost = "${name}.birdsong.network"; + + networking.hostId = "09673d65"; + time.timeZone = "Etc/UTC"; + imports = [ ./hosts/yevaud/configuration.nix ]; }; } diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index b39db2f..7ca7e19 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -4,7 +4,6 @@ imports = [ ./hardware-configuration.nix - ../../users/qenya.nix ./home.nix ]; @@ -12,12 +11,8 @@ boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.editor = false; - networking.hostName = "tohru"; - networking.hostId = "31da19c1"; networking.networkmanager.enable = true; - time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; @@ -34,9 +29,7 @@ environment.systemPackages = with pkgs; [ colmena - git npins - wget ]; programs.steam = { diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index c4bb9d1..e8c073f 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,7 +4,6 @@ imports = [ ./hardware-configuration.nix - ../../users/qenya.nix ../../services/nginx.nix ../../services/openssh.nix ]; @@ -12,11 +11,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "yevaud"; - networking.hostId = "09673d65"; - - time.timeZone = "Etc/UTC"; - services.nginx.virtualHosts = { "git.katherina.rocks" = { forceSSL = true; From f1dff74fa558a7f8cd8c396e774e483758fb672d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 20:43:04 +0100 Subject: [PATCH 027/438] Move pin to separate file --- hive.nix | 7 +------ pinning.nix | 10 ++++++++++ 2 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 pinning.nix diff --git a/hive.nix b/hive.nix index 2775603..fe52c2a 100644 --- a/hive.nix +++ b/hive.nix @@ -11,14 +11,9 @@ in { wget ]; - # Make point systemwide to the pinned nixpkgs above - # https://jade.fyi/blog/pinning-nixos-with-npins/ - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs.flake.source = sources.nixpkgs; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; - imports = [ (import "${sources.home-manager}/nixos") + ./pinning.nix ./users/qenya.nix ]; }; diff --git a/pinning.nix b/pinning.nix new file mode 100644 index 0000000..9ac8584 --- /dev/null +++ b/pinning.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +let sources = import ./npins; +in { + # Make point systemwide to the pinned nixpkgs + # https://jade.fyi/blog/pinning-nixos-with-npins/ + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake.source = sources.nixpkgs; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; +} From 0f824bc28471d827481357766342317af8afe754 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 21:07:45 +0100 Subject: [PATCH 028/438] [tohru] Modularise vscode config --- home/vscode.nix | 40 ++++++++++++++++++++++++++++++++++++++++ hosts/tohru/home.nix | 38 ++++---------------------------------- 2 files changed, 44 insertions(+), 34 deletions(-) create mode 100644 home/vscode.nix diff --git a/home/vscode.nix b/home/vscode.nix new file mode 100644 index 0000000..8d6efee --- /dev/null +++ b/home/vscode.nix @@ -0,0 +1,40 @@ +{ config, lib, pkgs, ... }: + +{ + programs.vscode = + let + system = builtins.currentSystem; + sources = import ../npins; + extensions = (import sources.nix-vscode-extensions).extensions.${system}; + in + { + enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + jnoortheen.nix-ide + ms-python.python + ]) ++ (with extensions.open-vsx; [ + robbowen.synthwave-vscode + ]); + mutableExtensionsDir = false; + userSettings = { + "extensions.autoUpdate" = false; + "git.autofetch" = true; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; + }; + "workbench.colorTheme" = "SynthWave '84"; + }; + }; + + # Language servers etc + home.packages = with pkgs; [ + nil + nixpkgs-fmt + ]; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 44eb80b..332aa97 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -2,6 +2,10 @@ { home-manager.users.qenya = { pkgs, ... }: { + imports = [ + ../../home/vscode.nix + ]; + home.homeDirectory = config.users.users.qenya.home; home.packages = with pkgs; [ @@ -11,9 +15,6 @@ bitwarden tor-browser-bundle-bin - - nil - nixpkgs-fmt ]; dconf = { @@ -47,37 +48,6 @@ userEmail = "git@katherina.rocks"; }; - programs.vscode = - let - system = builtins.currentSystem; - sources = import ../../npins; - extensions = (import sources.nix-vscode-extensions).extensions.${system}; - in - { - enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ms-python.python - ]) ++ (with extensions.open-vsx; [ - robbowen.synthwave-vscode - ]); - mutableExtensionsDir = false; - userSettings = { - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; - }; - "workbench.colorTheme" = "SynthWave '84"; - }; - }; - home.stateVersion = "23.11"; }; } From 331d4006c298714dd7d667a1f7fe99e83ad55d22 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 21:15:54 +0100 Subject: [PATCH 029/438] [tohru] Modularise GNOME config --- home/gnome/appearance.nix | 25 ++++++++++++++++++ .../tohru => home/gnome}/background-image.jpg | Bin home/gnome/default.nix | 8 ++++++ hosts/tohru/home.nix | 23 +--------------- 4 files changed, 34 insertions(+), 22 deletions(-) create mode 100644 home/gnome/appearance.nix rename {hosts/tohru => home/gnome}/background-image.jpg (100%) create mode 100644 home/gnome/default.nix diff --git a/home/gnome/appearance.nix b/home/gnome/appearance.nix new file mode 100644 index 0000000..129aa1a --- /dev/null +++ b/home/gnome/appearance.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +{ + dconf = { + enable = true; + settings = + let + backgroundOptions = { + color-shading-type = "solid"; + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + primary-color = "#3a4ba0"; + secondary-color = "#2f302f"; + }; + in + { + "org/gnome/desktop/background" = backgroundOptions // { + picture-uri-dark = backgroundOptions.picture-uri; + }; + "org/gnome/desktop/screensaver" = backgroundOptions; + "org/gnome/desktop/interface".color-scheme = "prefer-dark"; + }; + }; + home.file.".background-image".source = ./background-image.jpg; +} diff --git a/hosts/tohru/background-image.jpg b/home/gnome/background-image.jpg similarity index 100% rename from hosts/tohru/background-image.jpg rename to home/gnome/background-image.jpg diff --git a/home/gnome/default.nix b/home/gnome/default.nix new file mode 100644 index 0000000..9e5a1ee --- /dev/null +++ b/home/gnome/default.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + # TODO: nix-ify other parts of GNOME config + ./appearance.nix + ]; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 332aa97..4727942 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -3,6 +3,7 @@ { home-manager.users.qenya = { pkgs, ... }: { imports = [ + ../../home/gnome ../../home/vscode.nix ]; @@ -17,28 +18,6 @@ tor-browser-bundle-bin ]; - dconf = { - enable = true; - settings = - let - backgroundOptions = { - color-shading-type = "solid"; - picture-options = "zoom"; - picture-uri = "${config.users.users.qenya.home}/.background-image"; - primary-color = "#3a4ba0"; - secondary-color = "#2f302f"; - }; - in - { - "org/gnome/desktop/background" = backgroundOptions // { - picture-uri-dark = backgroundOptions.picture-uri; - }; - "org/gnome/desktop/screensaver" = backgroundOptions; - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - }; - }; - home.file.".background-image".source = ./background-image.jpg; - programs.chromium.enable = true; programs.firefox.enable = true; From 050fe2d1a73bcd848d650b7e7f2cdd61f59e04e4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 21:23:22 +0100 Subject: [PATCH 030/438] Sync Git identity across all hosts (and also home directory location, but that's sort of standard anyway) --- hosts/tohru/home.nix | 8 -------- users/qenya.nix | 14 +++++++++++++- 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 4727942..f3b9d0f 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -7,8 +7,6 @@ ../../home/vscode.nix ]; - home.homeDirectory = config.users.users.qenya.home; - home.packages = with pkgs; [ fortune htop @@ -21,12 +19,6 @@ programs.chromium.enable = true; programs.firefox.enable = true; - programs.git = { - enable = true; - userName = "Katherina Walshe-Grey"; - userEmail = "git@katherina.rocks"; - }; - home.stateVersion = "23.11"; }; } diff --git a/users/qenya.nix b/users/qenya.nix index 9310f7b..7d10ede 100644 --- a/users/qenya.nix +++ b/users/qenya.nix @@ -13,4 +13,16 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; }; -} \ No newline at end of file + + home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { + home.homeDirectory = osConfig.users.users.qenya.home; + + programs.git = { + enable = true; + userName = "Katherina Walshe-Grey"; + userEmail = "git@katherina.rocks"; # TODO: update email + }; + + home.stateVersion = "23.11"; + }; +} From c6809078942c58975fa5562b61dc9b37c32b8910 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 22:14:32 +0100 Subject: [PATCH 031/438] Sync CLI tools across all hosts --- home/btop.nix | 5 +++++ home/cli.nix | 12 ++++++++++++ hosts/tohru/home.nix | 6 ++---- hosts/yevaud/configuration.nix | 1 + hosts/yevaud/home.nix | 12 ++++++++++++ 5 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 home/btop.nix create mode 100644 home/cli.nix create mode 100644 hosts/yevaud/home.nix diff --git a/home/btop.nix b/home/btop.nix new file mode 100644 index 0000000..6d4f49b --- /dev/null +++ b/home/btop.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + programs.btop.enable = true; +} diff --git a/home/cli.nix b/home/cli.nix new file mode 100644 index 0000000..b23d81f --- /dev/null +++ b/home/cli.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + home.packages = with pkgs; [ + tree # like `ls -R` but nicer + + # Extremely important + fortune + cowsay + lolcat + ]; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index f3b9d0f..3067b81 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -3,15 +3,13 @@ { home-manager.users.qenya = { pkgs, ... }: { imports = [ + ../../home/btop.nix + ../../home/cli.nix ../../home/gnome ../../home/vscode.nix ]; home.packages = with pkgs; [ - fortune - htop - tree - bitwarden tor-browser-bundle-bin ]; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index e8c073f..bd49606 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix + ./home.nix ../../services/nginx.nix ../../services/openssh.nix ]; diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix new file mode 100644 index 0000000..d5bb904 --- /dev/null +++ b/hosts/yevaud/home.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + ../../home/btop.nix + ../../home/cli.nix + ]; + + home.stateVersion = "23.11"; + }; +} From c8da705e4bf56648a6dc0fc9e3b4b871570fb6ea Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 22:23:45 +0100 Subject: [PATCH 032/438] [yevaud] Modularise forgejo config --- hosts/yevaud/configuration.nix | 45 +++++----------------------------- hosts/yevaud/forgejo.nix | 43 ++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 39 deletions(-) create mode 100644 hosts/yevaud/forgejo.nix diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index bd49606..9ab4405 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -1,49 +1,16 @@ { config, lib, pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - ./home.nix - ../../services/nginx.nix - ../../services/openssh.nix - ]; + imports = [ + ./hardware-configuration.nix + ./home.nix + ../../services/openssh.nix + ./forgejo.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - services.nginx.virtualHosts = { - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3000/"; - }; - }; - - services.forgejo = { - enable = true; - stateDir = "/data/forgejo"; - settings = { - DEFAULT.APP_NAME = "git.katherina.rocks"; - cache = { - ADAPTER = "twoqueue"; - HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; - }; - database = { - DB_TYPE = "sqlite3"; - SQLITE_JOURNAL_MODE = "WAL"; - }; - security.LOGIN_REMEMBER_DAYS = 365; - server = { - DOMAIN = "git.katherina.rocks"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.katherina.rocks/"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; - system.stateVersion = "23.11"; - } diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix new file mode 100644 index 0000000..fa5f6d8 --- /dev/null +++ b/hosts/yevaud/forgejo.nix @@ -0,0 +1,43 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../../services/nginx.nix + ]; + + # TODO: ssh access + # TODO: email out + # TODO: interface customisation + + services.nginx.virtualHosts = { + # TODO: move to new domain + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; + }; + }; + + services.forgejo = { + enable = true; + stateDir = "/data/forgejo"; + settings = { + DEFAULT.APP_NAME = "git.katherina.rocks"; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = "git.katherina.rocks"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.katherina.rocks/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; +} From 104d995dd28718956f287c0f0f0ad33442163023 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 22:38:13 +0100 Subject: [PATCH 033/438] [tohru] Modularise firefox config (such as it is) --- home/firefox.nix | 6 ++++++ hosts/tohru/home.nix | 3 +-- 2 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 home/firefox.nix diff --git a/home/firefox.nix b/home/firefox.nix new file mode 100644 index 0000000..95e399e --- /dev/null +++ b/home/firefox.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + # TODO: nix-ify Firefox config + programs.firefox.enable = true; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 3067b81..6451627 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -5,6 +5,7 @@ imports = [ ../../home/btop.nix ../../home/cli.nix + ../../home/firefox.nix ../../home/gnome ../../home/vscode.nix ]; @@ -13,9 +14,7 @@ bitwarden tor-browser-bundle-bin ]; - programs.chromium.enable = true; - programs.firefox.enable = true; home.stateVersion = "23.11"; }; From 433930bde613d481336746a023663444b7c57656 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 23:03:25 +0100 Subject: [PATCH 034/438] Simplify build-related config --- colmena/local.nix | 14 ++++++++++++++ colmena/remote.nix | 12 ++++++++++++ hive.nix | 30 +++++++++++++----------------- hosts/tohru/configuration.nix | 6 ------ 4 files changed, 39 insertions(+), 23 deletions(-) create mode 100644 colmena/local.nix create mode 100644 colmena/remote.nix diff --git a/colmena/local.nix b/colmena/local.nix new file mode 100644 index 0000000..a610670 --- /dev/null +++ b/colmena/local.nix @@ -0,0 +1,14 @@ +{ name, nodes, config, lib, pkgs, ... }: + +{ + deployment = { + allowLocalDeployment = true; + targetHost = null; + tags = [ "local" ]; + }; + + environment.systemPackages = with pkgs; [ + colmena + npins + ]; +} diff --git a/colmena/remote.nix b/colmena/remote.nix new file mode 100644 index 0000000..a82923c --- /dev/null +++ b/colmena/remote.nix @@ -0,0 +1,12 @@ +{ name, nodes, config, lib, pkgs, ... }: + +{ + deployment = { + targetHost = "${name}.birdsong.network"; + tags = [ "remote" ]; + }; + + imports = [ + ../services/openssh.nix + ]; +} diff --git a/hive.nix b/hive.nix index fe52c2a..6c0d560 100644 --- a/hive.nix +++ b/hive.nix @@ -2,14 +2,11 @@ let sources = import ./npins; in { meta.nixpkgs = sources.nixpkgs; - defaults = { name, pkgs, ... }: { + defaults = { name, nodes, ... }: { deployment.replaceUnknownProfiles = false; networking.hostName = name; - environment.systemPackages = with pkgs; [ - git - wget - ]; + nixpkgs.config.allowUnfree = true; imports = [ (import "${sources.home-manager}/nixos") @@ -18,24 +15,23 @@ in { ]; }; - tohru = { - deployment = { - allowLocalDeployment = true; - targetHost = null; - }; - + tohru = { name, nodes, ... }: { networking.hostId = "31da19c1"; time.timeZone = "Europe/London"; - imports = [ ./hosts/tohru/configuration.nix ]; + imports = [ + ./colmena/local.nix + ./hosts/tohru/configuration.nix + ]; }; - yevaud = { name, ... }: { - deployment.targetHost = "${name}.birdsong.network"; - + yevaud = { name, nodes, ... }: { networking.hostId = "09673d65"; time.timeZone = "Etc/UTC"; - - imports = [ ./hosts/yevaud/configuration.nix ]; + + imports = [ + ./colmena/remote.nix + ./hosts/yevaud/configuration.nix + ]; }; } diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 7ca7e19..d9ad02f 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -27,18 +27,12 @@ sound.enable = true; hardware.pulseaudio.enable = true; - environment.systemPackages = with pkgs; [ - colmena - npins - ]; - programs.steam = { enable = true; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; - nixpkgs.config.allowUnfree = true; hardware.enableAllFirmware = true; services.fwupd.enable = true; services.fstrim.enable = true; From 1ca847cd91d291dd52d2126e362f8dd4b12e05bd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 23:22:51 +0100 Subject: [PATCH 035/438] [tohru] Modularise steam config --- hosts/tohru/configuration.nix | 8 +------- services/steam.nix | 9 +++++++++ 2 files changed, 10 insertions(+), 7 deletions(-) create mode 100644 services/steam.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index d9ad02f..a233258 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,6 +5,7 @@ [ ./hardware-configuration.nix ./home.nix + ../../services/steam.nix ]; boot.loader.systemd-boot.enable = true; @@ -19,7 +20,6 @@ services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; - services.xserver.xkb.layout = "gb"; services.printing.enable = true; @@ -27,12 +27,6 @@ sound.enable = true; hardware.pulseaudio.enable = true; - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - hardware.enableAllFirmware = true; services.fwupd.enable = true; services.fstrim.enable = true; diff --git a/services/steam.nix b/services/steam.nix new file mode 100644 index 0000000..e03ca13 --- /dev/null +++ b/services/steam.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; +} \ No newline at end of file From bf2d7f7f10918a0d976008102390f473226dd236 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 5 Jun 2024 23:30:24 +0100 Subject: [PATCH 036/438] Rename services directory to common --- colmena/remote.nix | 2 +- {services => common}/nginx.nix | 0 {services => common}/openssh.nix | 0 {services => common}/steam.nix | 0 hosts/tohru/configuration.nix | 2 +- hosts/yevaud/configuration.nix | 1 - hosts/yevaud/forgejo.nix | 2 +- 7 files changed, 3 insertions(+), 4 deletions(-) rename {services => common}/nginx.nix (100%) rename {services => common}/openssh.nix (100%) rename {services => common}/steam.nix (100%) diff --git a/colmena/remote.nix b/colmena/remote.nix index a82923c..efe4e6e 100644 --- a/colmena/remote.nix +++ b/colmena/remote.nix @@ -7,6 +7,6 @@ }; imports = [ - ../services/openssh.nix + ../common/openssh.nix ]; } diff --git a/services/nginx.nix b/common/nginx.nix similarity index 100% rename from services/nginx.nix rename to common/nginx.nix diff --git a/services/openssh.nix b/common/openssh.nix similarity index 100% rename from services/openssh.nix rename to common/openssh.nix diff --git a/services/steam.nix b/common/steam.nix similarity index 100% rename from services/steam.nix rename to common/steam.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index a233258..637d9cb 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,7 +5,7 @@ [ ./hardware-configuration.nix ./home.nix - ../../services/steam.nix + ../../common/steam.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 9ab4405..289bff2 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,7 +4,6 @@ imports = [ ./hardware-configuration.nix ./home.nix - ../../services/openssh.nix ./forgejo.nix ]; diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix index fa5f6d8..31e8494 100644 --- a/hosts/yevaud/forgejo.nix +++ b/hosts/yevaud/forgejo.nix @@ -2,7 +2,7 @@ { imports = [ - ../../services/nginx.nix + ../../common/nginx.nix ]; # TODO: ssh access From d9c5393cffadbb7c86915b465c4c4dc7c1412913 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 6 Jun 2024 00:23:09 +0100 Subject: [PATCH 037/438] [yevaud] Change Forgejo domain name --- hosts/yevaud/forgejo.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix index 31e8494..e103297 100644 --- a/hosts/yevaud/forgejo.nix +++ b/hosts/yevaud/forgejo.nix @@ -10,19 +10,23 @@ # TODO: interface customisation services.nginx.virtualHosts = { - # TODO: move to new domain - "git.katherina.rocks" = { + "git.qenya.tel" = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://[::1]:3000/"; }; + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.qenya.tel$request_uri"; + }; }; services.forgejo = { enable = true; stateDir = "/data/forgejo"; settings = { - DEFAULT.APP_NAME = "git.katherina.rocks"; + DEFAULT.APP_NAME = "git.qenya.tel"; cache = { ADAPTER = "twoqueue"; HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; @@ -33,9 +37,9 @@ }; security.LOGIN_REMEMBER_DAYS = 365; server = { - DOMAIN = "git.katherina.rocks"; + DOMAIN = "git.qenya.tel"; HTTP_PORT = 3000; - ROOT_URL = "https://git.katherina.rocks/"; + ROOT_URL = "https://git.qenya.tel/"; }; service.DISABLE_REGISTRATION = true; }; From 8f3b17df2b87137e0f62cd87a1b02d5836d301c5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 6 Jun 2024 00:23:19 +0100 Subject: [PATCH 038/438] Fill out readme --- README.md | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e860f06..a28cfc1 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,32 @@ -# nixos-config +# nixfiles -My NixOS configuration files \ No newline at end of file +My NixOS configuration files. + +## Machines + +* `tohru`: Dell Latitude 5300, personal laptop +* `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance + +## Usage + +### Building + +To build locally, run `colmena apply-local` as root. + +To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: +* `--on [hostname]`: build a specific machine only +* `--reboot`: reboot after building (but note [this bug](https://github.com/zhaofengli/colmena/issues/166) means it may hang even when the reboot completes successfully) + +### Updating + +Run `npins update` to update the dependencies within the currently selected upgrade channels. + +To upgrade to a new major version of a dependency, simply re-add it and the old version will be overwritten, e.g.: + +```sh +npins add --name nixpkgs channel nixos-unstable +``` + +In either case, commit the changes to `npins/sources.json`. + +See the [npins documentation](https://github.com/andir/npins) for more details. \ No newline at end of file From daeb0198df68c5336c326e4f55322d985e590813 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 6 Jun 2024 00:33:34 +0100 Subject: [PATCH 039/438] Consolidate btop into cli file --- home/btop.nix | 5 ----- home/cli.nix | 2 ++ hosts/tohru/home.nix | 1 - hosts/yevaud/home.nix | 1 - 4 files changed, 2 insertions(+), 7 deletions(-) delete mode 100644 home/btop.nix diff --git a/home/btop.nix b/home/btop.nix deleted file mode 100644 index 6d4f49b..0000000 --- a/home/btop.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - programs.btop.enable = true; -} diff --git a/home/cli.nix b/home/cli.nix index b23d81f..689a9b8 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -9,4 +9,6 @@ cowsay lolcat ]; + + programs.btop.enable = true; } diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 6451627..2bf8479 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -3,7 +3,6 @@ { home-manager.users.qenya = { pkgs, ... }: { imports = [ - ../../home/btop.nix ../../home/cli.nix ../../home/firefox.nix ../../home/gnome diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix index d5bb904..de2439b 100644 --- a/hosts/yevaud/home.nix +++ b/hosts/yevaud/home.nix @@ -3,7 +3,6 @@ { home-manager.users.qenya = { pkgs, ... }: { imports = [ - ../../home/btop.nix ../../home/cli.nix ]; From 12fa3004b466307b4ec0e50a80fb886d6d400250 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 6 Jun 2024 00:49:11 +0100 Subject: [PATCH 040/438] [tohru] Install LibreOffice --- home/libreoffice.nix | 9 +++++++++ hosts/tohru/home.nix | 1 + 2 files changed, 10 insertions(+) create mode 100644 home/libreoffice.nix diff --git a/home/libreoffice.nix b/home/libreoffice.nix new file mode 100644 index 0000000..16cf593 --- /dev/null +++ b/home/libreoffice.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + home.packages = with pkgs; [ + libreoffice + hunspell + hunspellDicts.en_GB-ise + ]; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 2bf8479..16683fb 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -6,6 +6,7 @@ ../../home/cli.nix ../../home/firefox.nix ../../home/gnome + ../../home/libreoffice.nix ../../home/vscode.nix ]; From 019df6a883b6027b1206638a9babcdc5dd18a90e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 6 Jun 2024 01:16:27 +0100 Subject: [PATCH 041/438] [yevaud] Remove TODO for enabling SSH on Forgejo It already works lol, that was easy --- hosts/yevaud/forgejo.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix index e103297..410c1d2 100644 --- a/hosts/yevaud/forgejo.nix +++ b/hosts/yevaud/forgejo.nix @@ -5,7 +5,6 @@ ../../common/nginx.nix ]; - # TODO: ssh access # TODO: email out # TODO: interface customisation From 82ee674db46a48ac77cfc136cce0f1c6183cb357 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 16:33:46 +0100 Subject: [PATCH 042/438] Add common CLI utilities I want everywhere --- common/utilities.nix | 11 +++++++++++ hive.nix | 1 + 2 files changed, 12 insertions(+) create mode 100644 common/utilities.nix diff --git a/common/utilities.nix b/common/utilities.nix new file mode 100644 index 0000000..26ea569 --- /dev/null +++ b/common/utilities.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + # CLI utilities I get frustrated if I'm missing + environment.systemPackages = with pkgs; [ + git + inetutils + parted + wget + ]; +} \ No newline at end of file diff --git a/hive.nix b/hive.nix index 6c0d560..84aa279 100644 --- a/hive.nix +++ b/hive.nix @@ -11,6 +11,7 @@ in { imports = [ (import "${sources.home-manager}/nixos") ./pinning.nix + ./common/utilities.nix ./users/qenya.nix ]; }; From 59d4f1324739565c1750b394fae34cc75b8249e5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 16:34:15 +0100 Subject: [PATCH 043/438] [tohru] Support NTFS drives --- hosts/tohru/configuration.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 637d9cb..845a558 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -27,6 +27,9 @@ sound.enable = true; hardware.pulseaudio.enable = true; + # USB drives + boot.supportedFilesystems = [ "ntfs" ]; + hardware.enableAllFirmware = true; services.fwupd.enable = true; services.fstrim.enable = true; From 7476ee2a04ba721a216b032f136f3c5176c9fea8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 19:19:45 +0100 Subject: [PATCH 044/438] [tohru] Install Foliate and KeePassXC --- hosts/tohru/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 16683fb..dfbdbe8 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -12,6 +12,8 @@ home.packages = with pkgs; [ bitwarden + foliate + keepassxc tor-browser-bundle-bin ]; programs.chromium.enable = true; From 87de39d257df0ed59c8e2e2c3852a0c0d16c6f0f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 20:38:47 +0100 Subject: [PATCH 045/438] [tohru] Disable some VS Code confirmation dialogs --- home/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/vscode.nix b/home/vscode.nix index 8d6efee..e940757 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -22,6 +22,8 @@ userSettings = { "extensions.autoUpdate" = false; "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; "nix.serverSettings".nil = { From bf8e65ebe39190ff8b2f7efd9a884ef11d3591d3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 22:08:37 +0100 Subject: [PATCH 046/438] [tohru] Install Microsoft core web fonts --- common/fonts.nix | 7 +++++++ hosts/tohru/configuration.nix | 1 + 2 files changed, 8 insertions(+) create mode 100644 common/fonts.nix diff --git a/common/fonts.nix b/common/fonts.nix new file mode 100644 index 0000000..1820cd9 --- /dev/null +++ b/common/fonts.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + fonts.packages = with pkgs; [ + corefonts + ]; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 845a558..388c069 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,6 +5,7 @@ [ ./hardware-configuration.nix ./home.nix + ../../common/fonts.nix ../../common/steam.nix ]; From 8c747172a74f5f4f8ce92c487b2b26d48039727e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Jun 2024 22:08:54 +0100 Subject: [PATCH 047/438] [tohru] Stop GNOME overriding VS Code keybindings for Copy Line Up/Down --- home/gnome/default.nix | 1 + home/gnome/keyboard.nix | 15 +++++++++++++++ 2 files changed, 16 insertions(+) create mode 100644 home/gnome/keyboard.nix diff --git a/home/gnome/default.nix b/home/gnome/default.nix index 9e5a1ee..160be51 100644 --- a/home/gnome/default.nix +++ b/home/gnome/default.nix @@ -4,5 +4,6 @@ imports = [ # TODO: nix-ify other parts of GNOME config ./appearance.nix + ./keyboard.nix ]; } diff --git a/home/gnome/keyboard.nix b/home/gnome/keyboard.nix new file mode 100644 index 0000000..7950cb8 --- /dev/null +++ b/home/gnome/keyboard.nix @@ -0,0 +1,15 @@ +# { config, lib, pkgs, ... }: + +{ + dconf = { + enable = true; + settings = { + "org/gnome/desktop/wm/keybindings" = { + # These are largely useless on most normal systems + # and conflict with VS Code's default keybinds for "Copy Line Up/Down" + move-to-workspace-up = [ ]; + move-to-workspace-down = [ ]; + }; + }; + }; +} From 8544eca14055c2f587a6aa36147c4463fedf9b40 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 12 Jun 2024 18:39:05 +0100 Subject: [PATCH 048/438] [tohru] More vscode settings --- home/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/vscode.nix b/home/vscode.nix index e940757..4187060 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -24,6 +24,7 @@ "git.autofetch" = true; "git.confirmSync" = false; "git.enableSmartCommit" = true; + "javascript.updateImportsOnFileMove.enabled" = "always"; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; "nix.serverSettings".nil = { From 479dcc536a3877ae81c039059440470f051a04d3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 13 Jun 2024 19:44:05 +0100 Subject: [PATCH 049/438] Add $WORDLIST file --- common/utilities.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/common/utilities.nix b/common/utilities.nix index 26ea569..b8d6178 100644 --- a/common/utilities.nix +++ b/common/utilities.nix @@ -8,4 +8,6 @@ parted wget ]; + + environment.wordlist.enable = true; } \ No newline at end of file From a558fb032466beffebba073ba5dbf7cdd598641a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 14 Jun 2024 15:41:33 +0100 Subject: [PATCH 050/438] [tohru] Enable joycond --- common/{steam.nix => gaming.nix} | 7 +++++++ hosts/tohru/configuration.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) rename common/{steam.nix => gaming.nix} (55%) diff --git a/common/steam.nix b/common/gaming.nix similarity index 55% rename from common/steam.nix rename to common/gaming.nix index e03ca13..b58ffc5 100644 --- a/common/steam.nix +++ b/common/gaming.nix @@ -6,4 +6,11 @@ remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; + + services.joycond.enable = true; + + # Currently broken: + # environment.systemPackages = with pkgs; [ + # itch + # ]; } \ No newline at end of file diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 388c069..70865b3 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -6,7 +6,7 @@ ./hardware-configuration.nix ./home.nix ../../common/fonts.nix - ../../common/steam.nix + ../../common/gaming.nix ]; boot.loader.systemd-boot.enable = true; From 785184c7efc944466c48af709094df308f411f94 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 14 Jun 2024 23:02:59 +0100 Subject: [PATCH 051/438] [tohru] Install Thunderbird --- hosts/tohru/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index dfbdbe8..31f8e74 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -14,6 +14,7 @@ bitwarden foliate keepassxc + thunderbird tor-browser-bundle-bin ]; programs.chromium.enable = true; From dccb037942397584468f165bca0ce369551643a6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Jun 2024 14:04:09 +0100 Subject: [PATCH 052/438] [yevaud] Set up tmux --- home/tmux.nix | 33 +++++++++++++++++++++++++++++++++ hosts/yevaud/home.nix | 1 + 2 files changed, 34 insertions(+) create mode 100644 home/tmux.nix diff --git a/home/tmux.nix b/home/tmux.nix new file mode 100644 index 0000000..407a517 --- /dev/null +++ b/home/tmux.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + # Derived from https://github.com/srid/nixos-config/blob/master/home/tmux.nix + + programs.tmux = { + enable = true; + clock24 = true; + shortcut = "a"; # `screen` muscle memory compatibility + baseIndex = 1; # this is a UI, 0-indexing is not appropriate, fight me + newSession = true; # skip the manual step + escapeTime = 0; # otherwise I keep reflexively hammering Esc + secureSocket = false; # make sessions survive user logout + + plugins = with pkgs; [ + tmuxPlugins.better-mouse-mode + ]; + mouse = true; + + extraConfig = '' + # https://old.reddit.com/r/tmux/comments/mesrci/tmux_2_doesnt_seem_to_use_256_colors/ + set -g default-terminal "xterm-256color" + set -ga terminal-overrides ",*256col*:Tc" + set -ga terminal-overrides '*:Ss=\E[%p1%d q:Se=\E[ q' + set-environment -g COLORTERM "truecolor" + + # easy-to-remember split pane commands + bind | split-window -h -c "#{pane_current_path}" + bind - split-window -v -c "#{pane_current_path}" + bind c new-window -c "#{pane_current_path}" + ''; + }; +} diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix index de2439b..a79e622 100644 --- a/hosts/yevaud/home.nix +++ b/hosts/yevaud/home.nix @@ -4,6 +4,7 @@ home-manager.users.qenya = { pkgs, ... }: { imports = [ ../../home/cli.nix + ../../home/tmux.nix ]; home.stateVersion = "23.11"; From 3d75d0614d8e5eed36a138156b9b88f3f3b52d0e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Jun 2024 20:47:15 +0100 Subject: [PATCH 053/438] npins update --- npins/sources.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index f0bb28a..8212066 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -8,9 +8,9 @@ "repo": "home-manager" }, "branch": "release-24.05", - "revision": "a631666f5ec18271e86a5cde998cba68c33d9ac6", - "url": "https://github.com/nix-community/home-manager/archive/a631666f5ec18271e86a5cde998cba68c33d9ac6.tar.gz", - "hash": "13b22rkylwg4jwqmhyypkyjzm4algk5y43kfwwnb96wxmrqrplxc" + "revision": "a1fddf0967c33754271761d91a3d921772b30d0e", + "url": "https://github.com/nix-community/home-manager/archive/a1fddf0967c33754271761d91a3d921772b30d0e.tar.gz", + "hash": "1vvrrk14vrhb6drj3fy8snly0sf24x3402ykb9q5j1gy99vvqqq6" }, "nix-vscode-extensions": { "type": "Git", @@ -20,15 +20,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "1ae16af500525f1ca1b3295f5ee4e2b1b26f3004", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/1ae16af500525f1ca1b3295f5ee4e2b1b26f3004.tar.gz", - "hash": "0rf225qaim5kgw7qkm7iq2jzjqlanipx8sjc4k6w84lqi2rc2aga" + "revision": "b601ea2daf217f0e9a5247aa90c1cdc3ab169c41", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b601ea2daf217f0e9a5247aa90c1cdc3ab169c41.tar.gz", + "hash": "1mfsmlbykx2w0rlc6ax4gf926c499zsfvsq64jb7zc6d2fkqnwf6" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.675.805a384895c6/nixexprs.tar.xz", - "hash": "1lgx2ln363mhdv1hnmnpiryhg3fpkpgzq50k1gnscp24sm5rskv2" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.1503.752c634c09ce/nixexprs.tar.xz", + "hash": "0rl95c97s2ad1sg7h8dxdsiarmacbi38gwmcy9a9a4blsaa43ahm" } }, "version": 3 From 0c3be502c45aaf67a35b3e5b66fc67ee47d1fe6e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Jun 2024 23:22:19 +0100 Subject: [PATCH 054/438] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a28cfc1..b6a5539 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ My NixOS configuration files. +The canonical location for this repository is https://git.qenya.tel/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. + ## Machines * `tohru`: Dell Latitude 5300, personal laptop From 45e857747d53d488d6a7ab3b05b93bd270b7a7c2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 18 Jun 2024 11:21:00 +0100 Subject: [PATCH 055/438] npins update --- npins/sources.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 8212066..0a2badb 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -20,9 +20,9 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "b601ea2daf217f0e9a5247aa90c1cdc3ab169c41", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b601ea2daf217f0e9a5247aa90c1cdc3ab169c41.tar.gz", - "hash": "1mfsmlbykx2w0rlc6ax4gf926c499zsfvsq64jb7zc6d2fkqnwf6" + "revision": "b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c.tar.gz", + "hash": "0ig6wl067fg1ia3m8jisq8am8hrpxicvh20113p5d9qvm7i2zxni" }, "nixpkgs": { "type": "Channel", From 6bf38b7814aef843595efbf2d53b983e25143236 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 18 Jun 2024 14:20:45 +0100 Subject: [PATCH 056/438] Set up agenix for secrets management --- colmena/local.nix | 8 +++++++- hive.nix | 3 ++- npins/sources.json | 15 +++++++++++++++ secrets/secrets.nix | 5 +++++ 4 files changed, 29 insertions(+), 2 deletions(-) create mode 100644 secrets/secrets.nix diff --git a/colmena/local.nix b/colmena/local.nix index a610670..51720b9 100644 --- a/colmena/local.nix +++ b/colmena/local.nix @@ -1,13 +1,19 @@ { name, nodes, config, lib, pkgs, ... }: -{ +let sources = import ../npins; +in { deployment = { allowLocalDeployment = true; targetHost = null; tags = [ "local" ]; }; + nixpkgs.config.packageOverrides = pkgs: { + agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix; + }; + environment.systemPackages = with pkgs; [ + agenix colmena npins ]; diff --git a/hive.nix b/hive.nix index 84aa279..d7a8ae9 100644 --- a/hive.nix +++ b/hive.nix @@ -10,6 +10,7 @@ in { imports = [ (import "${sources.home-manager}/nixos") + (import "${sources.agenix}/modules/age.nix") ./pinning.nix ./common/utilities.nix ./users/qenya.nix @@ -29,7 +30,7 @@ in { yevaud = { name, nodes, ... }: { networking.hostId = "09673d65"; time.timeZone = "Etc/UTC"; - + imports = [ ./colmena/remote.nix ./hosts/yevaud/configuration.nix diff --git a/npins/sources.json b/npins/sources.json index 0a2badb..f0a5225 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,5 +1,20 @@ { "pins": { + "agenix": { + "type": "GitRelease", + "repository": { + "type": "GitHub", + "owner": "ryantm", + "repo": "agenix" + }, + "pre_releases": false, + "version_upper_bound": null, + "release_prefix": null, + "version": "0.15.0", + "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", + "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", + "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" + }, "home-manager": { "type": "Git", "repository": { diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..15c6b9f --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,5 @@ +let + yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T"; + systems = [ yevaud ]; +in +{ } From 8ed478edb772fc1bd32248b455b8f9f87468569b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 18:37:16 +0100 Subject: [PATCH 057/438] [tohru] refresh hardware-configuration.nix --- hosts/tohru/hardware-configuration.nix | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix index d42b1de..9f80893 100644 --- a/hosts/tohru/hardware-configuration.nix +++ b/hosts/tohru/hardware-configuration.nix @@ -28,6 +28,16 @@ fsType = "zfs"; }; + fileSystems."/config" = + { device = "rpool/config"; + fsType = "zfs"; + }; + + fileSystems."/data" = + { device = "rpool/data"; + fsType = "zfs"; + }; + fileSystems."/home" = { device = "rpool/home"; fsType = "zfs"; @@ -39,18 +49,13 @@ options = [ "fmask=0022" "dmask=0022" ]; }; - fileSystems."/data" = - { device = "rpool/data"; - fsType = "zfs"; - }; - fileSystems."/data/steam" = { device = "rpool/data/steam"; fsType = "zfs"; }; - fileSystems."/config" = - { device = "rpool/config"; + fileSystems."/data/syncthing" = + { device = "rpool/data/syncthing"; fsType = "zfs"; }; From 7899127c056a9893fd30b1b33bddb5628e51f92e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 18:37:52 +0100 Subject: [PATCH 058/438] Install `please` --- home/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/cli.nix b/home/cli.nix index 689a9b8..678bb60 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -3,6 +3,7 @@ { home.packages = with pkgs; [ tree # like `ls -R` but nicer + please # Extremely important fortune From 3e9901bd2aeb67c8e2614a1bea047de613fd6df8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 19:14:59 +0100 Subject: [PATCH 059/438] Add extra package repos as nixpkgs overrides instead of independent references --- colmena/local.nix | 4 ---- hive.nix | 13 ++++++++++- home/vscode.nix | 55 +++++++++++++++++++++-------------------------- 3 files changed, 36 insertions(+), 36 deletions(-) diff --git a/colmena/local.nix b/colmena/local.nix index 51720b9..a567ae9 100644 --- a/colmena/local.nix +++ b/colmena/local.nix @@ -8,10 +8,6 @@ in { tags = [ "local" ]; }; - nixpkgs.config.packageOverrides = pkgs: { - agenix = (import "${sources.agenix}" { inherit pkgs; }).agenix; - }; - environment.systemPackages = with pkgs; [ agenix colmena diff --git a/hive.nix b/hive.nix index d7a8ae9..c9e17de 100644 --- a/hive.nix +++ b/hive.nix @@ -6,7 +6,18 @@ in { deployment.replaceUnknownProfiles = false; networking.hostName = name; - nixpkgs.config.allowUnfree = true; + nixpkgs.config = { + allowUnfree = true; + packageOverrides = pkgs: { + agenix = (import sources.agenix { inherit pkgs; }).agenix; + vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture + }; + }; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; imports = [ (import "${sources.home-manager}/nixos") diff --git a/home/vscode.nix b/home/vscode.nix index 4187060..6620c02 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -1,39 +1,32 @@ { config, lib, pkgs, ... }: { - programs.vscode = - let - system = builtins.currentSystem; - sources = import ../npins; - extensions = (import sources.nix-vscode-extensions).extensions.${system}; - in - { - enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; - package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ - jnoortheen.nix-ide - ms-python.python - ]) ++ (with extensions.open-vsx; [ - robbowen.synthwave-vscode - ]); - mutableExtensionsDir = false; - userSettings = { - "extensions.autoUpdate" = false; - "git.autofetch" = true; - "git.confirmSync" = false; - "git.enableSmartCommit" = true; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; - }; - "workbench.colorTheme" = "SynthWave '84"; + programs.vscode = { + enable = true; + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + package = pkgs.vscodium; + extensions = (with pkgs.vscode-extensions; [ + open-vsx.jnoortheen.nix-ide + open-vsx.ms-python.python + open-vsx.robbowen.synthwave-vscode + ]); + mutableExtensionsDir = false; + userSettings = { + "extensions.autoUpdate" = false; + "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "nixpkgs-fmt" ]; }; + "workbench.colorTheme" = "SynthWave '84"; }; + }; # Language servers etc home.packages = with pkgs; [ From 2bcb07ee60d361b4c49ed6c20aaac489db50cfb0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 19:36:29 +0100 Subject: [PATCH 060/438] Revert "Install `please`" Not the package I thought it was. This reverts commit 7899127c056a9893fd30b1b33bddb5628e51f92e. --- home/cli.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/home/cli.nix b/home/cli.nix index 678bb60..689a9b8 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -3,7 +3,6 @@ { home.packages = with pkgs; [ tree # like `ls -R` but nicer - please # Extremely important fortune From 6fc5a2b1ea54207a13c292a52d664d6227dfe2fb Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 19:39:00 +0100 Subject: [PATCH 061/438] Fix CVE-2021-3156 --- common/sudo.nix | 5 +++++ hive.nix | 1 + 2 files changed, 6 insertions(+) create mode 100644 common/sudo.nix diff --git a/common/sudo.nix b/common/sudo.nix new file mode 100644 index 0000000..fe9b2fc --- /dev/null +++ b/common/sudo.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs,... }: + +{ + security.sudo.execWheelOnly = true; +} diff --git a/hive.nix b/hive.nix index c9e17de..e3ccd2b 100644 --- a/hive.nix +++ b/hive.nix @@ -23,6 +23,7 @@ in { (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") ./pinning.nix + ./common/sudo.nix ./common/utilities.nix ./users/qenya.nix ]; From f464d022e523fb38e946a67b57042a4e5c975c03 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 19:48:23 +0100 Subject: [PATCH 062/438] Enable passwordless sudo on remote machines Closes #2 --- colmena/remote.nix | 4 ++++ common/openssh.nix | 5 ----- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/colmena/remote.nix b/colmena/remote.nix index efe4e6e..47191f7 100644 --- a/colmena/remote.nix +++ b/colmena/remote.nix @@ -3,9 +3,13 @@ { deployment = { targetHost = "${name}.birdsong.network"; + targetUser = "qenya"; tags = [ "remote" ]; }; + # Required for remote builds + security.sudo.wheelNeedsPassword = false; + imports = [ ../common/openssh.nix ]; diff --git a/common/openssh.nix b/common/openssh.nix index 5e9651a..6715088 100644 --- a/common/openssh.nix +++ b/common/openssh.nix @@ -12,9 +12,4 @@ services.fail2ban.enable = true; networking.firewall.allowedTCPPorts = [ 22 ]; - - # Allow remote root login only from home network - # TODO: Find a less hacky way of doing remote deployment - users.users.root.openssh.authorizedKeys.keys = config.users.users.qenya.openssh.authorizedKeys.keys; - services.openssh.extraConfig = "Match Address 45.14.17.200\n PermitRootLogin prohibit-password"; } \ No newline at end of file From 1e20b6b4016e3aef4300420034155c788ca10ae9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 20:22:37 +0100 Subject: [PATCH 063/438] Allow SSH login to any machine --- colmena/remote.nix | 5 ----- common/{openssh.nix => ssh.nix} | 2 -- hive.nix | 1 + 3 files changed, 1 insertion(+), 7 deletions(-) rename common/{openssh.nix => ssh.nix} (80%) diff --git a/colmena/remote.nix b/colmena/remote.nix index 47191f7..84c28bd 100644 --- a/colmena/remote.nix +++ b/colmena/remote.nix @@ -7,10 +7,5 @@ tags = [ "remote" ]; }; - # Required for remote builds security.sudo.wheelNeedsPassword = false; - - imports = [ - ../common/openssh.nix - ]; } diff --git a/common/openssh.nix b/common/ssh.nix similarity index 80% rename from common/openssh.nix rename to common/ssh.nix index 6715088..d8dd364 100644 --- a/common/openssh.nix +++ b/common/ssh.nix @@ -10,6 +10,4 @@ }; services.fail2ban.enable = true; - - networking.firewall.allowedTCPPorts = [ 22 ]; } \ No newline at end of file diff --git a/hive.nix b/hive.nix index e3ccd2b..7251c01 100644 --- a/hive.nix +++ b/hive.nix @@ -23,6 +23,7 @@ in { (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") ./pinning.nix + ./common/ssh.nix ./common/sudo.nix ./common/utilities.nix ./users/qenya.nix From a36c1d5e9f11a991b186fb122001c8f7bdacc400 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 20:30:53 +0100 Subject: [PATCH 064/438] Add key for tohru to agenix secrets file --- secrets/secrets.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 15c6b9f..a4a270a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,6 @@ let - yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T"; - systems = [ yevaud ]; + tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; + yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; + systems = [ tohru yevaud ]; in { } From f71a65d0513d3268b7469c3a382d5a6549309135 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 20:58:18 +0100 Subject: [PATCH 065/438] [tohru] Remove reference to itch client --- common/{gaming.nix => steam.nix} | 5 ----- hosts/tohru/configuration.nix | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) rename common/{gaming.nix => steam.nix} (68%) diff --git a/common/gaming.nix b/common/steam.nix similarity index 68% rename from common/gaming.nix rename to common/steam.nix index b58ffc5..d59135c 100644 --- a/common/gaming.nix +++ b/common/steam.nix @@ -8,9 +8,4 @@ }; services.joycond.enable = true; - - # Currently broken: - # environment.systemPackages = with pkgs; [ - # itch - # ]; } \ No newline at end of file diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 70865b3..388c069 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -6,7 +6,7 @@ ./hardware-configuration.nix ./home.nix ../../common/fonts.nix - ../../common/gaming.nix + ../../common/steam.nix ]; boot.loader.systemd-boot.enable = true; From 19886a488c2a0b853274858228235e54c6effe2e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 21:00:03 +0100 Subject: [PATCH 066/438] [tohru] Enable syncthing with kilgharrah --- hosts/tohru/configuration.nix | 1 + hosts/tohru/syncthing.nix | 24 ++++++++++++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 hosts/tohru/syncthing.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 388c069..47e8232 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -7,6 +7,7 @@ ./home.nix ../../common/fonts.nix ../../common/steam.nix + ./syncthing.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/tohru/syncthing.nix b/hosts/tohru/syncthing.nix new file mode 100644 index 0000000..0bd239c --- /dev/null +++ b/hosts/tohru/syncthing.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + services.syncthing = { + enable = true; + user = "qenya"; + dataDir = "/data/syncthing"; + openDefaultPorts = true; + overrideDevices = true; + overrideFolders = true; + settings = { + devices = { + "kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; }; + }; + folders = { + "Documents" = { + id = "alp59-7gs9s"; + path = "~/Documents"; + devices = [ "kilgharrah" ]; + }; + }; + }; + }; +} From ceece65878a484ee5072447ab5ca971cc7b0b867 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Jun 2024 21:07:34 +0100 Subject: [PATCH 067/438] Update git email address Closes #7 --- users/qenya.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/users/qenya.nix b/users/qenya.nix index 7d10ede..4977230 100644 --- a/users/qenya.nix +++ b/users/qenya.nix @@ -20,7 +20,7 @@ programs.git = { enable = true; userName = "Katherina Walshe-Grey"; - userEmail = "git@katherina.rocks"; # TODO: update email + userEmail = "git@qenya.tel"; }; home.stateVersion = "23.11"; From fc18e5538c173b409487dae0d567f4b3ee157e6c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 23 Jun 2024 21:15:52 +0100 Subject: [PATCH 068/438] Install `lshw` --- common/utilities.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/common/utilities.nix b/common/utilities.nix index b8d6178..b08b57b 100644 --- a/common/utilities.nix +++ b/common/utilities.nix @@ -5,6 +5,7 @@ environment.systemPackages = with pkgs; [ git inetutils + lshw parted wget ]; From 5cfadeea01c93aa89f029263ef3ec87b97b81b08 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 23 Jun 2024 21:16:21 +0100 Subject: [PATCH 069/438] Enable NUR --- hive.nix | 1 + npins/sources.json | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/hive.nix b/hive.nix index 7251c01..35b6cb3 100644 --- a/hive.nix +++ b/hive.nix @@ -10,6 +10,7 @@ in { allowUnfree = true; packageOverrides = pkgs: { agenix = (import sources.agenix { inherit pkgs; }).agenix; + nur = (import sources.nur { inherit pkgs; }); vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture }; }; diff --git a/npins/sources.json b/npins/sources.json index f0a5225..8e0ee9c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -44,6 +44,18 @@ "name": "nixos-24.05", "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.1503.752c634c09ce/nixexprs.tar.xz", "hash": "0rl95c97s2ad1sg7h8dxdsiarmacbi38gwmcy9a9a4blsaa43ahm" + }, + "nur": { + "type": "Git", + "repository": { + "type": "GitHub", + "owner": "nix-community", + "repo": "NUR" + }, + "branch": "master", + "revision": "255122407be8684afd4627ff97331491e127f15a", + "url": "https://github.com/nix-community/NUR/archive/255122407be8684afd4627ff97331491e127f15a.tar.gz", + "hash": "1xl0hwsjhn9px8fjq332ri6g6hz7hclgzlc0wpxivbdcj0ydllwj" } }, "version": 3 From 86fb1b3819d9002e2fdcfbadb1fa869fbd1f796f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 23 Jun 2024 21:16:35 +0100 Subject: [PATCH 070/438] [tohru] Install Digital: A Love Story --- hosts/tohru/home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 31f8e74..cf4ffc3 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -16,6 +16,8 @@ keepassxc thunderbird tor-browser-bundle-bin + + nur.repos.qenya.digitalalovestory-bin ]; programs.chromium.enable = true; From 6483a171adcc9cabb7b721a6ceae226c763feeb0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 25 Jun 2024 10:19:19 +0100 Subject: [PATCH 071/438] npins update --- npins/sources.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 8e0ee9c..29ff677 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -35,15 +35,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/b1d364d5f9d3d7fee8fa854d553cd95d69b9ff4c.tar.gz", - "hash": "0ig6wl067fg1ia3m8jisq8am8hrpxicvh20113p5d9qvm7i2zxni" + "revision": "8b29896b948d4a9ed23f93275f1208b519641c5c", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/8b29896b948d4a9ed23f93275f1208b519641c5c.tar.gz", + "hash": "173mnqn774ih6yr22m98z4gqnmwcplm70b5f8pdzcg2268zyq65i" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.1503.752c634c09ce/nixexprs.tar.xz", - "hash": "0rl95c97s2ad1sg7h8dxdsiarmacbi38gwmcy9a9a4blsaa43ahm" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2028.e4509b3a560c/nixexprs.tar.xz", + "hash": "1q6x6x6hlbwwhq08hhpir6mz2y5i6gm7nak0sas22pamj3y5qjj8" }, "nur": { "type": "Git", @@ -53,9 +53,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "255122407be8684afd4627ff97331491e127f15a", - "url": "https://github.com/nix-community/NUR/archive/255122407be8684afd4627ff97331491e127f15a.tar.gz", - "hash": "1xl0hwsjhn9px8fjq332ri6g6hz7hclgzlc0wpxivbdcj0ydllwj" + "revision": "fb5d243838c4994a7e3c48ac3a7b5a9c1cddaf21", + "url": "https://github.com/nix-community/NUR/archive/fb5d243838c4994a7e3c48ac3a7b5a9c1cddaf21.tar.gz", + "hash": "176q2kq6v7jcnaqjvjlmnw4xh45gc6pkgycx17gvj54c0pj466p7" } }, "version": 3 From d9018e7d75b82d0d3e214db4c732a364bdd73a35 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 25 Jun 2024 10:19:38 +0100 Subject: [PATCH 072/438] [tohru] Update package name for Digital --- hosts/tohru/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index cf4ffc3..ecdc8d1 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -17,7 +17,7 @@ thunderbird tor-browser-bundle-bin - nur.repos.qenya.digitalalovestory-bin + nur.repos.qenya.digital-a-love-story ]; programs.chromium.enable = true; From 55f65b71d14efcf5c4832792b4d740f7c270e907 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 26 Jun 2024 14:49:34 +0100 Subject: [PATCH 073/438] [tohru] Install Discord, OpenTTD, Gimp --- hosts/tohru/home.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index ecdc8d1..1f0d738 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -12,8 +12,11 @@ home.packages = with pkgs; [ bitwarden + discord foliate + gimp-with-plugins keepassxc + openttd thunderbird tor-browser-bundle-bin From aaaa4b81717b78d6ae413cd09291d0612ab61ead Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 10:41:16 +0100 Subject: [PATCH 074/438] vscode: pass Ctrl-K through to integrated terminal --- home/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/vscode.nix b/home/vscode.nix index 6620c02..88245b6 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -24,6 +24,7 @@ diagnostics.ignored = [ "unused_binding" "unused_with" ]; formatting.command = [ "nixpkgs-fmt" ]; }; + "terminal.integrated.allowChords" = false; "workbench.colorTheme" = "SynthWave '84"; }; }; From 5cadb7d36ef6d73079f66a7520d1e7d86d348ad8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 10:42:33 +0100 Subject: [PATCH 075/438] vscode: warn on long git commit messages --- home/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/vscode.nix b/home/vscode.nix index 88245b6..06f5f72 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -17,6 +17,7 @@ "git.autofetch" = true; "git.confirmSync" = false; "git.enableSmartCommit" = true; + "git.inputValidation" = true; "javascript.updateImportsOnFileMove.enabled" = "always"; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; From 082db65a0b0233e2c02af3785233a2c574585fa6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 10:46:20 +0100 Subject: [PATCH 076/438] vscode: remove redundant parentheses --- home/vscode.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/vscode.nix b/home/vscode.nix index 06f5f72..eddcf52 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -6,11 +6,11 @@ enableExtensionUpdateCheck = false; enableUpdateCheck = false; package = pkgs.vscodium; - extensions = (with pkgs.vscode-extensions; [ + extensions = with pkgs.vscode-extensions; [ open-vsx.jnoortheen.nix-ide open-vsx.ms-python.python open-vsx.robbowen.synthwave-vscode - ]); + ]; mutableExtensionsDir = false; userSettings = { "extensions.autoUpdate" = false; From edd13a8775e2c7d2ddd7e35dbcc72699b14b1576 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 11:39:03 +0100 Subject: [PATCH 077/438] vscode: saner git commit message length --- home/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/vscode.nix b/home/vscode.nix index eddcf52..a63d329 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -18,6 +18,7 @@ "git.confirmSync" = false; "git.enableSmartCommit" = true; "git.inputValidation" = true; + "git.inputValidationSubjectLength" = null; "javascript.updateImportsOnFileMove.enabled" = "always"; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; From 03e0fd3188133637d858cf26234caff3540f8efd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 11:43:15 +0100 Subject: [PATCH 078/438] npins update --- npins/sources.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 29ff677..0923f91 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -35,15 +35,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "8b29896b948d4a9ed23f93275f1208b519641c5c", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/8b29896b948d4a9ed23f93275f1208b519641c5c.tar.gz", - "hash": "173mnqn774ih6yr22m98z4gqnmwcplm70b5f8pdzcg2268zyq65i" + "revision": "4157bcc67488e09407f5edc130ebf62c1a1a1433", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/4157bcc67488e09407f5edc130ebf62c1a1a1433.tar.gz", + "hash": "164ndpm0h9mnw0bg6qcmpy10j9ihwgr02n2pr4vaxrh7sykwclfq" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2028.e4509b3a560c/nixexprs.tar.xz", - "hash": "1q6x6x6hlbwwhq08hhpir6mz2y5i6gm7nak0sas22pamj3y5qjj8" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2150.89c49874fb15/nixexprs.tar.xz", + "hash": "04hny4195wl11nfkcxjan7xf15br1x7vsv5xl7yxg6kmdr614i6y" }, "nur": { "type": "Git", @@ -53,9 +53,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "fb5d243838c4994a7e3c48ac3a7b5a9c1cddaf21", - "url": "https://github.com/nix-community/NUR/archive/fb5d243838c4994a7e3c48ac3a7b5a9c1cddaf21.tar.gz", - "hash": "176q2kq6v7jcnaqjvjlmnw4xh45gc6pkgycx17gvj54c0pj466p7" + "revision": "e357bc4c25cf53c97fe0f4c1391705eb5eea6a04", + "url": "https://github.com/nix-community/NUR/archive/e357bc4c25cf53c97fe0f4c1391705eb5eea6a04.tar.gz", + "hash": "02pzrmqwrdcbkm38rfdn9d9skb1ac3kbv0nk40mpifj25qhrad35" } }, "version": 3 From a3c3c9c12c06cd39d8ace54981a280914db23a82 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 27 Jun 2024 11:43:48 +0100 Subject: [PATCH 079/438] [tohru] install "don't take it personally, babe" --- hosts/tohru/home.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 1f0d738..55428e7 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -10,7 +10,7 @@ ../../home/vscode.nix ]; - home.packages = with pkgs; [ + home.packages = (with pkgs; [ bitwarden discord foliate @@ -19,9 +19,10 @@ openttd thunderbird tor-browser-bundle-bin - - nur.repos.qenya.digital-a-love-story - ]; + ]) ++ (with pkgs.nur.repos.qenya; [ + digital-a-love-story + dont-take-it-personally-babe + ]); programs.chromium.enable = true; home.stateVersion = "23.11"; From a0d06b6c0aeac21f8a6cfff4266a8e158e247a41 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 30 Jun 2024 10:32:49 +0100 Subject: [PATCH 080/438] git: set default branch to "main" --- home/git.nix | 12 ++++++++++++ hosts/tohru/home.nix | 1 + hosts/yevaud/home.nix | 1 + 3 files changed, 14 insertions(+) create mode 100644 home/git.nix diff --git a/home/git.nix b/home/git.nix new file mode 100644 index 0000000..0a9f7c7 --- /dev/null +++ b/home/git.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + programs.git = { + enable = true; + extraConfig = { + init = { + defaultBranch = "main"; + }; + }; + }; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 55428e7..703f5fc 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -5,6 +5,7 @@ imports = [ ../../home/cli.nix ../../home/firefox.nix + ../../home/git.nix ../../home/gnome ../../home/libreoffice.nix ../../home/vscode.nix diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix index a79e622..87d8898 100644 --- a/hosts/yevaud/home.nix +++ b/hosts/yevaud/home.nix @@ -4,6 +4,7 @@ home-manager.users.qenya = { pkgs, ... }: { imports = [ ../../home/cli.nix + ../../home/git.nix ../../home/tmux.nix ]; From 5233fe75cfa3ddac79a0b2ea9e37317d3d511f5c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 11:53:57 +0100 Subject: [PATCH 081/438] npins update --- npins/sources.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 0923f91..f693a55 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -23,9 +23,9 @@ "repo": "home-manager" }, "branch": "release-24.05", - "revision": "a1fddf0967c33754271761d91a3d921772b30d0e", - "url": "https://github.com/nix-community/home-manager/archive/a1fddf0967c33754271761d91a3d921772b30d0e.tar.gz", - "hash": "1vvrrk14vrhb6drj3fy8snly0sf24x3402ykb9q5j1gy99vvqqq6" + "revision": "391ca6e950c2525b4f853cbe29922452c14eda82", + "url": "https://github.com/nix-community/home-manager/archive/391ca6e950c2525b4f853cbe29922452c14eda82.tar.gz", + "hash": "17cb6y4dymp351mj89y1bmxvqzw8m9h89nqd3qrwg6qjdm9sgkxa" }, "nix-vscode-extensions": { "type": "Git", @@ -35,15 +35,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "4157bcc67488e09407f5edc130ebf62c1a1a1433", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/4157bcc67488e09407f5edc130ebf62c1a1a1433.tar.gz", - "hash": "164ndpm0h9mnw0bg6qcmpy10j9ihwgr02n2pr4vaxrh7sykwclfq" + "revision": "3be7b0b799d739c3e15f3fd0a909d682c173962f", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/3be7b0b799d739c3e15f3fd0a909d682c173962f.tar.gz", + "hash": "00z3lqlpfabdp6sg8d6z2vlyvnig89brkhwgri5waznrw3ksna2y" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2150.89c49874fb15/nixexprs.tar.xz", - "hash": "04hny4195wl11nfkcxjan7xf15br1x7vsv5xl7yxg6kmdr614i6y" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2355.d032c1a6dfad/nixexprs.tar.xz", + "hash": "1fynyfjsmrxs383mygzlbkb3yhzmlnnpf8x84mikaiqc3ngszsv8" }, "nur": { "type": "Git", @@ -53,9 +53,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "e357bc4c25cf53c97fe0f4c1391705eb5eea6a04", - "url": "https://github.com/nix-community/NUR/archive/e357bc4c25cf53c97fe0f4c1391705eb5eea6a04.tar.gz", - "hash": "02pzrmqwrdcbkm38rfdn9d9skb1ac3kbv0nk40mpifj25qhrad35" + "revision": "6206fd683edcb79c4a0592cf25e610449ed0d82d", + "url": "https://github.com/nix-community/NUR/archive/6206fd683edcb79c4a0592cf25e610449ed0d82d.tar.gz", + "hash": "108k8qshygkcdc1y5k9dfyw24jizcp1jvhkz8a7pzf57frkhzrdx" } }, "version": 3 From dcbd9d18738aa5cf9fcf04c8631566a97d8d31bc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 13:41:11 +0100 Subject: [PATCH 082/438] users: qenya: specify uid --- users/qenya.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/users/qenya.nix b/users/qenya.nix index 4977230..0dadb30 100644 --- a/users/qenya.nix +++ b/users/qenya.nix @@ -12,6 +12,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; + uid = 1001; }; home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { From 7c700718ede9e366356b6dbde93d5e2d94f2688e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 14:52:53 +0100 Subject: [PATCH 083/438] allow non-root users (with sudo) to deploy remotely --- colmena/remote.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/colmena/remote.nix b/colmena/remote.nix index 84c28bd..022ff5e 100644 --- a/colmena/remote.nix +++ b/colmena/remote.nix @@ -8,4 +8,5 @@ }; security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; } From 8c089a1a55ed65cddc90d3381d5418a452126f48 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 17:53:22 +0100 Subject: [PATCH 084/438] hosts: orm: initial setup --- hive.nix | 10 +++++++ hosts/orm/configuration.nix | 13 ++++++++ hosts/orm/hardware-configuration.nix | 45 ++++++++++++++++++++++++++++ hosts/orm/home.nix | 12 ++++++++ 4 files changed, 80 insertions(+) create mode 100644 hosts/orm/configuration.nix create mode 100644 hosts/orm/hardware-configuration.nix create mode 100644 hosts/orm/home.nix diff --git a/hive.nix b/hive.nix index 35b6cb3..5fa0e76 100644 --- a/hive.nix +++ b/hive.nix @@ -50,4 +50,14 @@ in { ./hosts/yevaud/configuration.nix ]; }; + + orm = { name, nodes, ... }: { + networking.hostId = "00000000"; + time.timeZone = "Etc/UTC"; + + imports = [ + ./colmena/remote.nix + ./hosts/orm/configuration.nix + ]; + }; } diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix new file mode 100644 index 0000000..857e662 --- /dev/null +++ b/hosts/orm/configuration.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./home.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix new file mode 100644 index 0000000..e13d4e6 --- /dev/null +++ b/hosts/orm/hardware-configuration.nix @@ -0,0 +1,45 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_orm/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_orm/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_orm/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/3739-E8C1"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/orm/home.nix b/hosts/orm/home.nix new file mode 100644 index 0000000..06f12fb --- /dev/null +++ b/hosts/orm/home.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + ../../home/cli.nix + ../../home/git.nix + ]; + + home.stateVersion = "23.11"; + }; +} From 7c110ae17dc60b033ac3fefdde3e05d16f3f787e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 18:20:38 +0100 Subject: [PATCH 085/438] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index b6a5539..432710b 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil * `tohru`: Dell Latitude 5300, personal laptop * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance +* `orm`: Oracle Cloud free AMD VM, currently idling ## Usage From 18bc4afc65dd9cf3502326746e411cebfd816958 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Jul 2024 19:00:36 +0100 Subject: [PATCH 086/438] regenerate hardware-configuration.nix on all machines --- hosts/orm/hardware-configuration.nix | 6 +++++- hosts/tohru/hardware-configuration.nix | 24 ++++++++++++------------ hosts/yevaud/hardware-configuration.nix | 10 +++++----- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix index e13d4e6..11459e7 100644 --- a/hosts/orm/hardware-configuration.nix +++ b/hosts/orm/hardware-configuration.nix @@ -10,7 +10,7 @@ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; + boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = @@ -34,6 +34,10 @@ options = [ "fmask=0077" "dmask=0077" ]; }; + swapDevices = + [ { device = "/dev/disk/by-uuid/a0ac8f60-25f9-4dec-af70-e3f4cd36c575"; } + ]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix index 9f80893..71a4dee 100644 --- a/hosts/tohru/hardware-configuration.nix +++ b/hosts/tohru/hardware-configuration.nix @@ -33,20 +33,19 @@ fsType = "zfs"; }; - fileSystems."/data" = - { device = "rpool/data"; - fsType = "zfs"; - }; - fileSystems."/home" = { device = "rpool/home"; fsType = "zfs"; }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7DD4-487E"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + fileSystems."/data" = + { device = "rpool/data"; + fsType = "zfs"; + }; + + fileSystems."/data/syncthing" = + { device = "rpool/data/syncthing"; + fsType = "zfs"; }; fileSystems."/data/steam" = @@ -54,9 +53,10 @@ fsType = "zfs"; }; - fileSystems."/data/syncthing" = - { device = "rpool/data/syncthing"; - fsType = "zfs"; + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/7DD4-487E"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index c11d3fc..aa624a3 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -28,17 +28,17 @@ fsType = "zfs"; }; + fileSystems."/data/forgejo" = + { device = "rpool/forgejo"; + fsType = "zfs"; + }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/107D-5AB3"; fsType = "vfat"; options = [ "fmask=0077" "dmask=0077" ]; }; - fileSystems."/data/forgejo" = - { device = "rpool/forgejo"; - fsType = "zfs"; - }; - swapDevices = [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } ]; From 39c1bc664c369c8c6ce0f31d4be56d3ade785eb0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 9 Jul 2024 18:14:33 +0100 Subject: [PATCH 087/438] rearrange files --- {users => common/users}/qenya.nix | 6 +++--- hive.nix | 2 +- keys.nix | 13 +++++++++++++ secrets/secrets.nix | 4 +--- 4 files changed, 18 insertions(+), 7 deletions(-) rename {users => common/users}/qenya.nix (79%) create mode 100644 keys.nix diff --git a/users/qenya.nix b/common/users/qenya.nix similarity index 79% rename from users/qenya.nix rename to common/users/qenya.nix index 0dadb30..74062f7 100644 --- a/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,5 +1,7 @@ { config, lib, pkgs, ... }: +let keys = import ../../keys.nix; +in { users.users.qenya = { isNormalUser = true; @@ -9,9 +11,7 @@ "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" - ]; + openssh.authorizedKeys.keys = keys.users.qenya; uid = 1001; }; diff --git a/hive.nix b/hive.nix index 5fa0e76..685237e 100644 --- a/hive.nix +++ b/hive.nix @@ -27,7 +27,7 @@ in { ./common/ssh.nix ./common/sudo.nix ./common/utilities.nix - ./users/qenya.nix + ./common/users/qenya.nix ]; }; diff --git a/keys.nix b/keys.nix new file mode 100644 index 0000000..57138d7 --- /dev/null +++ b/keys.nix @@ -0,0 +1,13 @@ +{ + machines = { + tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; + yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; + orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; + }; + + users = { + qenya = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" + ]; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a4a270a..c41523b 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,4 @@ let - tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; - yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; - systems = [ tohru yevaud ]; + keys = ../ssh-keys.nix; in { } From 0d0b3e2d2d83353906c52fad64221f18cda249a4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 9 Jul 2024 22:00:09 +0100 Subject: [PATCH 088/438] nginx: refactor to apply settings across all nodes --- common/nginx.nix | 4 --- hive.nix | 1 + hosts/yevaud/forgejo.nix | 73 +++++++++++++++++++++------------------- 3 files changed, 39 insertions(+), 39 deletions(-) diff --git a/common/nginx.nix b/common/nginx.nix index a5a91c6..10e498d 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -2,8 +2,6 @@ { services.nginx = { - enable = true; - recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; @@ -28,6 +26,4 @@ acceptTerms = true; defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; } \ No newline at end of file diff --git a/hive.nix b/hive.nix index 685237e..99e29cd 100644 --- a/hive.nix +++ b/hive.nix @@ -24,6 +24,7 @@ in { (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") ./pinning.nix + ./common/nginx.nix ./common/ssh.nix ./common/sudo.nix ./common/utilities.nix diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix index 410c1d2..7c8f1ba 100644 --- a/hosts/yevaud/forgejo.nix +++ b/hosts/yevaud/forgejo.nix @@ -1,46 +1,49 @@ { config, lib, pkgs, ... }: { - imports = [ - ../../common/nginx.nix - ]; - # TODO: email out # TODO: interface customisation - services.nginx.virtualHosts = { - "git.qenya.tel" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3000/"; + services = { + nginx = { + enable = true; + virtualHosts = { + "git.qenya.tel" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; + }; + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.qenya.tel$request_uri"; + }; + }; }; - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.qenya.tel$request_uri"; + + forgejo = { + enable = true; + stateDir = "/data/forgejo"; + settings = { + DEFAULT.APP_NAME = "git.qenya.tel"; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = "git.qenya.tel"; + HTTP_PORT = 3000; + ROOT_URL = "https://git.qenya.tel/"; + }; + service.DISABLE_REGISTRATION = true; + }; }; }; - services.forgejo = { - enable = true; - stateDir = "/data/forgejo"; - settings = { - DEFAULT.APP_NAME = "git.qenya.tel"; - cache = { - ADAPTER = "twoqueue"; - HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; - }; - database = { - DB_TYPE = "sqlite3"; - SQLITE_JOURNAL_MODE = "WAL"; - }; - security.LOGIN_REMEMBER_DAYS = 365; - server = { - DOMAIN = "git.qenya.tel"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.qenya.tel/"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; } From bae6a97842883a01f99b69bf1bd707f488b43121 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 9 Jul 2024 22:04:00 +0100 Subject: [PATCH 089/438] users: add richard --- common/users/default.nix | 6 ++++++ common/users/richard.nix | 12 ++++++++++++ hive.nix | 2 +- keys.nix | 3 +++ 4 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 common/users/default.nix create mode 100644 common/users/richard.nix diff --git a/common/users/default.nix b/common/users/default.nix new file mode 100644 index 0000000..9602472 --- /dev/null +++ b/common/users/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ./qenya.nix + ./richard.nix + ]; +} \ No newline at end of file diff --git a/common/users/richard.nix b/common/users/richard.nix new file mode 100644 index 0000000..f910d93 --- /dev/null +++ b/common/users/richard.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +let keys = import ../../keys.nix; +in +{ + users.users.richard = { + isNormalUser = true; + home = "/home/richard"; + openssh.authorizedKeys.keys = keys.users.richard; + uid = 1002; + }; +} diff --git a/hive.nix b/hive.nix index 99e29cd..e930b29 100644 --- a/hive.nix +++ b/hive.nix @@ -28,7 +28,7 @@ in { ./common/ssh.nix ./common/sudo.nix ./common/utilities.nix - ./common/users/qenya.nix + ./common/users ]; }; diff --git a/keys.nix b/keys.nix index 57138d7..7573baf 100644 --- a/keys.nix +++ b/keys.nix @@ -9,5 +9,8 @@ qenya = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; + richard = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" + ]; }; } From db566deb4b605a088bec19c1354f8e1408a22f09 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 9 Jul 2024 22:16:37 +0100 Subject: [PATCH 090/438] users: add randomcat --- common/users/default.nix | 1 + common/users/randomcat.nix | 12 ++++++++++++ keys.nix | 3 +++ 3 files changed, 16 insertions(+) create mode 100644 common/users/randomcat.nix diff --git a/common/users/default.nix b/common/users/default.nix index 9602472..620c824 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -1,6 +1,7 @@ { imports = [ ./qenya.nix + ./randomcat.nix ./richard.nix ]; } \ No newline at end of file diff --git a/common/users/randomcat.nix b/common/users/randomcat.nix new file mode 100644 index 0000000..f425424 --- /dev/null +++ b/common/users/randomcat.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +let keys = import ../../keys.nix; +in +{ + users.users.randomcat = { + isNormalUser = true; + home = "/home/randomcat"; + openssh.authorizedKeys.keys = keys.users.randomcat; + uid = 1003; + }; +} diff --git a/keys.nix b/keys.nix index 7573baf..de1a65d 100644 --- a/keys.nix +++ b/keys.nix @@ -9,6 +9,9 @@ qenya = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; + randomcat = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHagOaeTR+/7FL9sErciMw30cmV/VW8HU7J3ZFU5nj9 janet@randomcat.org" + ]; richard = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" ]; From 28dfe1af072f3cbd0e2fe8dc78047a0d1e028135 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 18 Jul 2024 22:25:03 +0100 Subject: [PATCH 091/438] vscode: add go support --- home/vscode.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/home/vscode.nix b/home/vscode.nix index a63d329..9cac613 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -7,18 +7,27 @@ enableUpdateCheck = false; package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ + open-vsx.golang.go open-vsx.jnoortheen.nix-ide open-vsx.ms-python.python open-vsx.robbowen.synthwave-vscode ]; mutableExtensionsDir = false; userSettings = { + "[go]" = { + "editor.defaultFormatter" = "golang.go"; + "editor.formatOnSave" = false; + }; "extensions.autoUpdate" = false; "git.autofetch" = true; "git.confirmSync" = false; "git.enableSmartCommit" = true; "git.inputValidation" = true; "git.inputValidationSubjectLength" = null; + "gopls" = { + "formatting.gofumpt" = true; + "ui.semanticTokens" = true; + }; "javascript.updateImportsOnFileMove.enabled" = "always"; "nix.enableLanguageServer" = true; "nix.serverPath" = "nil"; @@ -33,6 +42,7 @@ # Language servers etc home.packages = with pkgs; [ + gopls nil nixpkgs-fmt ]; From a2f250287da082654301191f420f85ca8f09fe41 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 18 Jul 2024 22:46:51 +0100 Subject: [PATCH 092/438] npins update --- npins/sources.json | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index f693a55..4c161a4 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -23,9 +23,9 @@ "repo": "home-manager" }, "branch": "release-24.05", - "revision": "391ca6e950c2525b4f853cbe29922452c14eda82", - "url": "https://github.com/nix-community/home-manager/archive/391ca6e950c2525b4f853cbe29922452c14eda82.tar.gz", - "hash": "17cb6y4dymp351mj89y1bmxvqzw8m9h89nqd3qrwg6qjdm9sgkxa" + "revision": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "url": "https://github.com/nix-community/home-manager/archive/e1391fb22e18a36f57e6999c7a9f966dc80ac073.tar.gz", + "hash": "0c83di08nhkzq0cwc3v7aax3x8y5m7qahyzxppinzwxi3r8fnjq3" }, "nix-vscode-extensions": { "type": "Git", @@ -35,15 +35,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "3be7b0b799d739c3e15f3fd0a909d682c173962f", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/3be7b0b799d739c3e15f3fd0a909d682c173962f.tar.gz", - "hash": "00z3lqlpfabdp6sg8d6z2vlyvnig89brkhwgri5waznrw3ksna2y" + "revision": "829828eddd52363236a53d55c40e1d4aa7af5a56", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/829828eddd52363236a53d55c40e1d4aa7af5a56.tar.gz", + "hash": "0ahiqmj36ib0fc98isgpqs9adafdgfvll60ccmryx6d6ziga0w5d" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2355.d032c1a6dfad/nixexprs.tar.xz", - "hash": "1fynyfjsmrxs383mygzlbkb3yhzmlnnpf8x84mikaiqc3ngszsv8" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2933.c716603a63ac/nixexprs.tar.xz", + "hash": "0gy2wvfwwi2jss5prhxq5c1rw321mi82c0mnki5m404j2zzzas6f" }, "nur": { "type": "Git", @@ -53,9 +53,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "6206fd683edcb79c4a0592cf25e610449ed0d82d", - "url": "https://github.com/nix-community/NUR/archive/6206fd683edcb79c4a0592cf25e610449ed0d82d.tar.gz", - "hash": "108k8qshygkcdc1y5k9dfyw24jizcp1jvhkz8a7pzf57frkhzrdx" + "revision": "6e46867fdecc920a1de55dc1e553a16f54e2d2ee", + "url": "https://github.com/nix-community/NUR/archive/6e46867fdecc920a1de55dc1e553a16f54e2d2ee.tar.gz", + "hash": "0vwl9svpc51x2byzn844z7q9v4hsa3hhqi8m40fj401hqdivrg3n" } }, "version": 3 From b96ef23c6c54df521b7642a838df86005e628976 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 18 Jul 2024 23:22:35 +0100 Subject: [PATCH 093/438] rearrange files --- common/default.nix | 9 +++++++++ common/{utilities.nix => environment.nix} | 0 common/{ssh.nix => openssh.nix} | 0 common/{sudo.nix => security.nix} | 0 hive.nix | 6 +----- hosts/tohru/configuration.nix | 4 ++-- {common => services}/fonts.nix | 0 {common => services}/steam.nix | 0 8 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 common/default.nix rename common/{utilities.nix => environment.nix} (100%) rename common/{ssh.nix => openssh.nix} (100%) rename common/{sudo.nix => security.nix} (100%) rename {common => services}/fonts.nix (100%) rename {common => services}/steam.nix (100%) diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..31657ff --- /dev/null +++ b/common/default.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ./users + ./environment.nix + ./nginx.nix + ./openssh.nix + ./security.nix + ]; +} \ No newline at end of file diff --git a/common/utilities.nix b/common/environment.nix similarity index 100% rename from common/utilities.nix rename to common/environment.nix diff --git a/common/ssh.nix b/common/openssh.nix similarity index 100% rename from common/ssh.nix rename to common/openssh.nix diff --git a/common/sudo.nix b/common/security.nix similarity index 100% rename from common/sudo.nix rename to common/security.nix diff --git a/hive.nix b/hive.nix index e930b29..33432d7 100644 --- a/hive.nix +++ b/hive.nix @@ -24,11 +24,7 @@ in { (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") ./pinning.nix - ./common/nginx.nix - ./common/ssh.nix - ./common/sudo.nix - ./common/utilities.nix - ./common/users + ./common ]; }; diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 47e8232..3e7dbed 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,8 +5,8 @@ [ ./hardware-configuration.nix ./home.nix - ../../common/fonts.nix - ../../common/steam.nix + ../../services/fonts.nix + ../../services/steam.nix ./syncthing.nix ]; diff --git a/common/fonts.nix b/services/fonts.nix similarity index 100% rename from common/fonts.nix rename to services/fonts.nix diff --git a/common/steam.nix b/services/steam.nix similarity index 100% rename from common/steam.nix rename to services/steam.nix From 35563b1b07ce5f841fb820259912b59a8818bb38 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 18 Jul 2024 23:28:16 +0100 Subject: [PATCH 094/438] tohru: install evolution --- hosts/tohru/configuration.nix | 1 + services/evolution.nix | 5 +++++ 2 files changed, 6 insertions(+) create mode 100644 services/evolution.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 3e7dbed..81891b7 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,6 +5,7 @@ [ ./hardware-configuration.nix ./home.nix + ../../services/evolution.nix ../../services/fonts.nix ../../services/steam.nix ./syncthing.nix diff --git a/services/evolution.nix b/services/evolution.nix new file mode 100644 index 0000000..900fb38 --- /dev/null +++ b/services/evolution.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + programs.evolution.enable = true; +} From c60728e7aa9afb6309efb4f5e3150e9e1b11ed5b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 19 Jul 2024 19:26:36 +0100 Subject: [PATCH 095/438] wireguard: initial setup --- hosts/orm/configuration.nix | 1 + hosts/orm/wireguard.nix | 33 ++++++++++++++++++++++++++++++++ hosts/tohru/configuration.nix | 1 + hosts/tohru/wireguard.nix | 23 ++++++++++++++++++++++ secrets.nix | 19 ++++++++++++++++++ secrets/secrets.nix | 4 ---- secrets/wireguard-hub.age | 10 ++++++++++ secrets/wireguard-hub.pub | 1 + secrets/wireguard-peer-tohru.age | 10 ++++++++++ secrets/wireguard-peer-tohru.pub | 1 + 10 files changed, 99 insertions(+), 4 deletions(-) create mode 100644 hosts/orm/wireguard.nix create mode 100644 hosts/tohru/wireguard.nix create mode 100644 secrets.nix delete mode 100644 secrets/secrets.nix create mode 100644 secrets/wireguard-hub.age create mode 100644 secrets/wireguard-hub.pub create mode 100644 secrets/wireguard-peer-tohru.age create mode 100644 secrets/wireguard-peer-tohru.pub diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index 857e662..a1063ad 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -4,6 +4,7 @@ imports = [ ./hardware-configuration.nix ./home.nix + ./wireguard.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/orm/wireguard.nix b/hosts/orm/wireguard.nix new file mode 100644 index 0000000..be20446 --- /dev/null +++ b/hosts/orm/wireguard.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + age.secrets.wireguard-hub.file = ../../secrets/wireguard-hub.age; + + networking = { + nat = { + enable = true; + externalInterface = "ens3"; + internalInterfaces = [ "wg0" ]; + }; + + firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; + + wireguard.interfaces.wg0 = { + ips = [ "10.127.1.1/24" "fd70:81ca:0f8f:1::1/64" ]; + listenPort = 51820; + privateKeyFile = config.age.secrets.wireguard-hub.path; + peers = [ + { + name = "shaw"; + publicKey = "eD79pROC2zjhKz4tGRS43O95gcFRqO+SFb2XDnTr0zc="; + allowedIPs = [ "10.127.1.2" "fd70:81ca:0f8f:1::2" ]; + } + { + name = "tohru"; + publicKey = "lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18="; + allowedIPs = [ "10.127.1.3" "fd70:81ca:0f8f:1::3" ]; + } + ]; + }; + }; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 81891b7..e969ad7 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -9,6 +9,7 @@ ../../services/fonts.nix ../../services/steam.nix ./syncthing.nix + ./wireguard.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/tohru/wireguard.nix b/hosts/tohru/wireguard.nix new file mode 100644 index 0000000..dc52429 --- /dev/null +++ b/hosts/tohru/wireguard.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; + + networking = { + firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; + + wireguard.interfaces.wg0 = { + ips = [ "10.127.1.3/24" "fd70:81ca:0f8f:1::3/64" ]; + listenPort = 51821; + privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; + peers = [ + { + publicKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; + allowedIPs = [ "10.127.1.0/24" "fd70:81ca:0f8f:1::/64" ]; + endpoint = "birdsong.network:51820"; + persistentKeepalive = 23; + } + ]; + }; + }; +} diff --git a/secrets.nix b/secrets.nix new file mode 100644 index 0000000..a5423aa --- /dev/null +++ b/secrets.nix @@ -0,0 +1,19 @@ +let + keys = import ./keys.nix; + + commonKeys = keys.users.qenya; + + secrets = with keys; { + wireguard-hub = [ machines.orm ]; + wireguard-peer-orm = [ machines.orm ]; + wireguard-peer-tohru = [ machines.tohru ]; + }; +in +builtins.listToAttrs ( + map + (secretName: { + name = "secrets/${secretName}.age"; + value.publicKeys = secrets."${secretName}" ++ commonKeys; + }) + (builtins.attrNames secrets) +) diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index c41523b..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,4 +0,0 @@ -let - keys = ../ssh-keys.nix; -in -{ } diff --git a/secrets/wireguard-hub.age b/secrets/wireguard-hub.age new file mode 100644 index 0000000..6cd9c12 --- /dev/null +++ b/secrets/wireguard-hub.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 l/RSAw +h2Jz8m9ZEklGxWK8HcixO3+D4AVATPI3m3wE1ITviM +US+J+FDPJ/nmLT1ylRGfXyfjiJRgLpdgCg1L3IPrmrc +-> ssh-ed25519 900ILw bX/KdX53EFQCmWI0MU/wKfzqKmAw+/fMs4/955iYOlw +7epwHu5g+p6BHe/ksaA9MAvpneZBwHeqnMtSc1m3FFY +-> !V-grease &x6T2i d0B}! +tkT/G8gEKyx280vDO1QgG5ERBCkR9XCgk8IIE1AeBONi9eo+Z0sGfNHv2DXFx14B +TcKX31wDmUbtv8j+4d7722YeZ4jvKiSuQA38zLREOGJyhA +--- TR/GFMXQ4N6AMuScg8LSednd6jAJugxgCJLegPtFmgI +4>?(Y|R5V  ×4'[K_ѝ,ϧ Tk5TC~c*D[N䃼< \ No newline at end of file diff --git a/secrets/wireguard-hub.pub b/secrets/wireguard-hub.pub new file mode 100644 index 0000000..c6f541c --- /dev/null +++ b/secrets/wireguard-hub.pub @@ -0,0 +1 @@ +birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA= diff --git a/secrets/wireguard-peer-tohru.age b/secrets/wireguard-peer-tohru.age new file mode 100644 index 0000000..f99168e --- /dev/null +++ b/secrets/wireguard-peer-tohru.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 yZzWlg HKjvqxwrKVDSKuKcog2RTryVc+0vWII6DdFuouffNWs +fPlYoR4wSrGPlX3t11J1YSP3yToM2RjJVfLKM4oATxA +-> ssh-ed25519 900ILw f76/jY251hkNMd3fBVZPuoWleh4ZdSdu95p7WDlmZi4 +iSULkGxw9aokMgv59fhW3LzJR/Dpx+LVCc6jbbPwCgU +-> vdo-grease +8NUae81gLW0x8UoCVKqQUZaqkG8FTXwnysjEgXaEGBgDxjpuTp+C5qWczNYAXOFN +ha3mtF6IYHFHBZKsH0t1366nfYDAQXHOuu0hN4GBBz8gqnUt +--- uB1k+yMkL5ZUHXGSDv8ZPHDn0UfHOv1x3tRa2eIdbP8 +EY3Due/e4G[lQ=CovͿz/nbLa_h{A{ \ No newline at end of file diff --git a/secrets/wireguard-peer-tohru.pub b/secrets/wireguard-peer-tohru.pub new file mode 100644 index 0000000..6930ed6 --- /dev/null +++ b/secrets/wireguard-peer-tohru.pub @@ -0,0 +1 @@ +lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18= From 377060873d9de6ee144e0a9131b127dca50e0494 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 19 Jul 2024 20:01:55 +0100 Subject: [PATCH 096/438] add/rearrange packages --- colmena/local.nix | 6 ------ common/environment.nix | 13 +++++++++++-- home/libreoffice.nix | 9 --------- hosts/tohru/home.nix | 15 ++++++++++----- 4 files changed, 21 insertions(+), 22 deletions(-) delete mode 100644 home/libreoffice.nix diff --git a/colmena/local.nix b/colmena/local.nix index a567ae9..7bf35f3 100644 --- a/colmena/local.nix +++ b/colmena/local.nix @@ -7,10 +7,4 @@ in { targetHost = null; tags = [ "local" ]; }; - - environment.systemPackages = with pkgs; [ - agenix - colmena - npins - ]; } diff --git a/common/environment.nix b/common/environment.nix index b08b57b..857dce4 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -1,13 +1,22 @@ { config, lib, pkgs, ... }: { - # CLI utilities I get frustrated if I'm missing environment.systemPackages = with pkgs; [ git - inetutils lshw parted wget + + # network troubleshooting + inetutils + lsof + tcpdump + netcat # <3 + + # used for nix config + npins + colmena + agenix ]; environment.wordlist.enable = true; diff --git a/home/libreoffice.nix b/home/libreoffice.nix deleted file mode 100644 index 16cf593..0000000 --- a/home/libreoffice.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home.packages = with pkgs; [ - libreoffice - hunspell - hunspellDicts.en_GB-ise - ]; -} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 703f5fc..7818b38 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -7,7 +7,6 @@ ../../home/firefox.nix ../../home/git.nix ../../home/gnome - ../../home/libreoffice.nix ../../home/vscode.nix ]; @@ -17,12 +16,18 @@ foliate gimp-with-plugins keepassxc - openttd thunderbird tor-browser-bundle-bin - ]) ++ (with pkgs.nur.repos.qenya; [ - digital-a-love-story - dont-take-it-personally-babe + + # libreoffice + libreoffice + hunspell + hunspellDicts.en_GB-ise + + # games + openttd + nur.repos.qenya.digital-a-love-story + nur.repos.qenya.dont-take-it-personally-babe ]); programs.chromium.enable = true; From ec44c955d2032d04b7a988fafa7f525615e55900 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 19 Jul 2024 20:04:25 +0100 Subject: [PATCH 097/438] tohru: uninstall chromium --- hosts/tohru/home.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 7818b38..fb8c625 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -29,7 +29,6 @@ nur.repos.qenya.digital-a-love-story nur.repos.qenya.dont-take-it-personally-babe ]); - programs.chromium.enable = true; home.stateVersion = "23.11"; }; From d7da04b9c44d6c6cf069a363a04021d3c942075e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 19 Jul 2024 20:24:02 +0100 Subject: [PATCH 098/438] Update README.md --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 432710b..e70385b 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,14 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ## Machines +### In this config * `tohru`: Dell Latitude 5300, personal laptop * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance -* `orm`: Oracle Cloud free AMD VM, currently idling +* `orm`: Oracle Cloud free AMD VM, WireGuard server for the other machines in the network + +### Referenced only +* `kilgharrah`: Custom-built personal desktop, currently running Arch +* `shaw`: [My girlfriend's NAS](https://github.com/randomnetcat/nix-configs/tree/main/hosts/shaw) ## Usage From f36cd491211b06f015462d7b5daeb1894efacc93 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 20 Jul 2024 02:22:08 +0100 Subject: [PATCH 099/438] tohru: install jellyfin-media-player --- hosts/tohru/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index fb8c625..b70a202 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -15,6 +15,7 @@ discord foliate gimp-with-plugins + jellyfin-media-player keepassxc thunderbird tor-browser-bundle-bin From 049e3ff0913f5bf3726d7c71701a856318640f25 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 24 Jul 2024 17:29:26 +0100 Subject: [PATCH 100/438] forgejo: convert to nixos module --- hive.nix | 1 + hosts/yevaud/configuration.nix | 19 +++++++++-- hosts/yevaud/forgejo.nix | 49 --------------------------- services/default.nix | 5 +++ services/forgejo.nix | 60 ++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 51 deletions(-) delete mode 100644 hosts/yevaud/forgejo.nix create mode 100644 services/default.nix create mode 100644 services/forgejo.nix diff --git a/hive.nix b/hive.nix index 33432d7..a4114a7 100644 --- a/hive.nix +++ b/hive.nix @@ -25,6 +25,7 @@ in { (import "${sources.agenix}/modules/age.nix") ./pinning.nix ./common + ./services ]; }; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 289bff2..7abce5a 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -4,12 +4,27 @@ imports = [ ./hardware-configuration.nix ./home.nix - ./forgejo.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + qenya.services.forgejo = { + enable = true; + domain = "git.qenya.tel"; + stateDir = "/data/forgejo"; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "git.katherina.rocks" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.qenya.tel$request_uri"; + }; + }; + }; + system.stateVersion = "23.11"; } - diff --git a/hosts/yevaud/forgejo.nix b/hosts/yevaud/forgejo.nix deleted file mode 100644 index 7c8f1ba..0000000 --- a/hosts/yevaud/forgejo.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # TODO: email out - # TODO: interface customisation - - services = { - nginx = { - enable = true; - virtualHosts = { - "git.qenya.tel" = { - forceSSL = true; - enableACME = true; - locations."/".proxyPass = "http://[::1]:3000/"; - }; - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.qenya.tel$request_uri"; - }; - }; - }; - - forgejo = { - enable = true; - stateDir = "/data/forgejo"; - settings = { - DEFAULT.APP_NAME = "git.qenya.tel"; - cache = { - ADAPTER = "twoqueue"; - HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; - }; - database = { - DB_TYPE = "sqlite3"; - SQLITE_JOURNAL_MODE = "WAL"; - }; - security.LOGIN_REMEMBER_DAYS = 365; - server = { - DOMAIN = "git.qenya.tel"; - HTTP_PORT = 3000; - ROOT_URL = "https://git.qenya.tel/"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; -} diff --git a/services/default.nix b/services/default.nix new file mode 100644 index 0000000..beecd73 --- /dev/null +++ b/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./forgejo.nix + ]; +} \ No newline at end of file diff --git a/services/forgejo.nix b/services/forgejo.nix new file mode 100644 index 0000000..8cca791 --- /dev/null +++ b/services/forgejo.nix @@ -0,0 +1,60 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.qenya.services.forgejo; + inherit (lib) mkIf mkEnableOption mkOption types; +in +{ + options.qenya.services.forgejo = { + enable = mkEnableOption "Forgejo"; + domain = mkOption { + type = types.str; + }; + stateDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + # TODO: email out + # TODO: interface customisation + + services = { + nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://[::1]:3000/"; + }; + }; + }; + + forgejo = { + enable = true; + stateDir = cfg.stateDir; + settings = { + DEFAULT.APP_NAME = cfg.domain; + cache = { + ADAPTER = "twoqueue"; + HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}''; + }; + database = { + DB_TYPE = "sqlite3"; + SQLITE_JOURNAL_MODE = "WAL"; + }; + security.LOGIN_REMEMBER_DAYS = 365; + server = { + DOMAIN = cfg.domain; + HTTP_PORT = 3000; + ROOT_URL = "https://${cfg.domain}/"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} From e3068a144a7c071c71ac5408db4316351bc5823a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 24 Jul 2024 18:29:29 +0100 Subject: [PATCH 101/438] fonts, steam: convert to nixos modules --- hosts/tohru/configuration.nix | 5 ++++- services/default.nix | 2 ++ services/evolution.nix | 5 ----- services/fonts.nix | 16 +++++++++++++--- services/steam.nix | 22 ++++++++++++++++------ 5 files changed, 35 insertions(+), 15 deletions(-) delete mode 100644 services/evolution.nix diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index e969ad7..64d293a 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -5,7 +5,6 @@ [ ./hardware-configuration.nix ./home.nix - ../../services/evolution.nix ../../services/fonts.nix ../../services/steam.nix ./syncthing.nix @@ -16,6 +15,10 @@ boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.editor = false; + programs.evolution.enable = true; + qenya.services.fonts.enable = true; + qenya.services.steam.enable = true; + networking.networkmanager.enable = true; i18n.defaultLocale = "en_GB.UTF-8"; diff --git a/services/default.nix b/services/default.nix index beecd73..7c73723 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,7 @@ { imports = [ + ./fonts.nix ./forgejo.nix + ./steam.nix ]; } \ No newline at end of file diff --git a/services/evolution.nix b/services/evolution.nix deleted file mode 100644 index 900fb38..0000000 --- a/services/evolution.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - programs.evolution.enable = true; -} diff --git a/services/fonts.nix b/services/fonts.nix index 1820cd9..2845030 100644 --- a/services/fonts.nix +++ b/services/fonts.nix @@ -1,7 +1,17 @@ { config, lib, pkgs, ... }: +let + cfg = config.qenya.services.fonts; + inherit (lib) mkIf mkEnableOption; +in { - fonts.packages = with pkgs; [ - corefonts - ]; + options.qenya.services.fonts = { + enable = mkEnableOption "Fonts"; + }; + + config = mkIf cfg.enable { + fonts.packages = with pkgs; [ + corefonts + ]; + }; } diff --git a/services/steam.nix b/services/steam.nix index d59135c..0a3c3d4 100644 --- a/services/steam.nix +++ b/services/steam.nix @@ -1,11 +1,21 @@ { config, lib, pkgs, ... }: +let + cfg = config.qenya.services.steam; + inherit (lib) mkIf mkEnableOption; +in { - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; + options.qenya.services.steam = { + enable = mkEnableOption "Steam"; }; - services.joycond.enable = true; -} \ No newline at end of file + config = mkIf cfg.enable { + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + services.joycond.enable = true; + }; +} From 5f70f26e98315e13d771c7dd9b9e5b9f424f78bd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 24 Jul 2024 18:40:41 +0100 Subject: [PATCH 102/438] tweak standard module expression --- services/fonts.nix | 2 +- services/forgejo.nix | 2 +- services/steam.nix | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/fonts.nix b/services/fonts.nix index 2845030..dcd9d1b 100644 --- a/services/fonts.nix +++ b/services/fonts.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: +with lib; let cfg = config.qenya.services.fonts; - inherit (lib) mkIf mkEnableOption; in { options.qenya.services.fonts = { diff --git a/services/forgejo.nix b/services/forgejo.nix index 8cca791..9f3f6f1 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: +with lib; let cfg = config.qenya.services.forgejo; - inherit (lib) mkIf mkEnableOption mkOption types; in { options.qenya.services.forgejo = { diff --git a/services/steam.nix b/services/steam.nix index 0a3c3d4..d7ef010 100644 --- a/services/steam.nix +++ b/services/steam.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: +with lib; let cfg = config.qenya.services.steam; - inherit (lib) mkIf mkEnableOption; in { options.qenya.services.steam = { From 5d258de4973523ae6bd025fe761feccabf564a73 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 24 Jul 2024 22:32:49 +0100 Subject: [PATCH 103/438] birdsong: begin modularising wireguard config --- hosts/tohru/wireguard.nix | 24 +++++--------- services/birdsong/default.nix | 5 +++ services/birdsong/peer.nix | 61 +++++++++++++++++++++++++++++++++++ services/default.nix | 1 + 4 files changed, 75 insertions(+), 16 deletions(-) create mode 100644 services/birdsong/default.nix create mode 100644 services/birdsong/peer.nix diff --git a/hosts/tohru/wireguard.nix b/hosts/tohru/wireguard.nix index dc52429..bca2cd6 100644 --- a/hosts/tohru/wireguard.nix +++ b/hosts/tohru/wireguard.nix @@ -3,21 +3,13 @@ { age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - networking = { - firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; - - wireguard.interfaces.wg0 = { - ips = [ "10.127.1.3/24" "fd70:81ca:0f8f:1::3/64" ]; - listenPort = 51821; - privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - peers = [ - { - publicKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; - allowedIPs = [ "10.127.1.0/24" "fd70:81ca:0f8f:1::/64" ]; - endpoint = "birdsong.network:51820"; - persistentKeepalive = 23; - } - ]; - }; + birdsong.peer = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; + listenPort = 51821; + persistentKeepalive = 23; }; + + # TODO: get this from a list of peers, keyed on hostname + networking.wireguard.interfaces.birdsong.ips = [ "10.127.1.3/24" "fd70:81ca:0f8f:1::3/64" ]; } diff --git a/services/birdsong/default.nix b/services/birdsong/default.nix new file mode 100644 index 0000000..4e37405 --- /dev/null +++ b/services/birdsong/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./peer.nix + ]; +} \ No newline at end of file diff --git a/services/birdsong/peer.nix b/services/birdsong/peer.nix new file mode 100644 index 0000000..706310c --- /dev/null +++ b/services/birdsong/peer.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.birdsong.peer; +in +{ + options.birdsong.peer = { + enable = mkEnableOption "WireGuard peering with the birdsong network"; + interface = mkOption { + default = "birdsong"; + description = "The name of the network interface to use for WireGuard."; + type = types.str; + }; + openPorts = mkOption { + default = true; + description = "Whether to automatically open firewall ports."; + type = types.bool; + }; + privateKeyFile = mkOption { + description = "Path to the private key for this peer, as generated by `wg genkey`."; + type = types.path; + }; + listenPort = mkOption { + default = 51820; + example = 51821; + description = "Which port to expose WireGuard on. Change this if you are behind NAT, to a port not used by another peer in the same LAN."; + type = types.port; + }; + persistentKeepalive = mkOption { + default = null; + example = 23; + description = "Constantly ping the hub this often, in seconds, in order to keep the WireGuard tunnel open. Set this if you are behind NAT to keep the NAT session active. To avoid syncing, this should ideally be a prime number that is not shared by another peer in the same LAN."; + type = types.nullOr types.int; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = cfg.privateKeyFile != null; + message = "birdsong.peer.privateKeyFile must be set"; + }]; + + networking = { + firewall.allowedUDPPorts = mkIf cfg.openPorts [ cfg.listenPort ]; + + wireguard.interfaces.${cfg.interface} = { + listenPort = cfg.listenPort; + privateKeyFile = cfg.privateKeyFile; + peers = [ + { + publicKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; + allowedIPs = [ "10.127.1.0/24" "fd70:81ca:0f8f:1::/64" ]; + endpoint = "birdsong.network:51820"; + persistentKeepalive = cfg.persistentKeepalive; + } + ]; + }; + }; + }; +} diff --git a/services/default.nix b/services/default.nix index 7c73723..304281d 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./birdsong ./fonts.nix ./forgejo.nix ./steam.nix From 5b79e6826b824486046d196748525a29fa503b35 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 06:29:31 +0100 Subject: [PATCH 104/438] yevaud: add wireguard keypair --- secrets.nix | 2 +- secrets/wireguard-peer-yevaud.age | Bin 0 -> 407 bytes secrets/wireguard-peer-yevaud.pub | 1 + 3 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 secrets/wireguard-peer-yevaud.age create mode 100644 secrets/wireguard-peer-yevaud.pub diff --git a/secrets.nix b/secrets.nix index a5423aa..0e3f84f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,8 +5,8 @@ let secrets = with keys; { wireguard-hub = [ machines.orm ]; - wireguard-peer-orm = [ machines.orm ]; wireguard-peer-tohru = [ machines.tohru ]; + wireguard-peer-yevaud = [ machines.yevaud ]; }; in builtins.listToAttrs ( diff --git a/secrets/wireguard-peer-yevaud.age b/secrets/wireguard-peer-yevaud.age new file mode 100644 index 0000000000000000000000000000000000000000..d331bdaf95c8bb393dfbb1ee6e0e2289cfda028d GIT binary patch literal 407 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^-4>3FIULOP6^QW zFL8D9^E5Xrj|vWV4^1yIjSO^8OE-&34>!y9%y9H9_6?0NisXv$bS(C93OB1rN%YC9 zNX|9$Fs|@6iZb*F)2=KGC^1ORGRRD<(Dw^TH$b<|(!jver(D52!z{$t#l*xtDI?V- zIL{}kJX1d`uc|UR%`Z5}JUz&u#Mj-exWF_tr<|+G-zdwpJS;89q%5$?ub`qdJKI>> zygW}ktvuM@$K16rFQCfV+{nZwKM-V_NtTyYiEesPYGQG!g1?EogMzn0c8q$0n~|~! zS7fnSm5GT7m#(g^f~B{1j$3|MUS+9UMpm6F;6i{JB3dSn|)KVDukPsU3t)vzkwZr3ia#aHX@ n{wvwBZ{Y`lIdKucJhvOqn)UXQXQat#%SEz`zP7>o7q0;T_w|jW literal 0 HcmV?d00001 diff --git a/secrets/wireguard-peer-yevaud.pub b/secrets/wireguard-peer-yevaud.pub new file mode 100644 index 0000000..871b993 --- /dev/null +++ b/secrets/wireguard-peer-yevaud.pub @@ -0,0 +1 @@ +YPJsIs9x4wuWdFi/QRWSJbWvKE0GQAfVL4MNMqHygDw= From e90afae7acb57a0a70317d90314c90403122eb15 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 07:52:43 +0100 Subject: [PATCH 105/438] birdsong: fully modularise existing wireguard config --- hosts/orm/wireguard.nix | 29 +------ hosts/tohru/wireguard.nix | 4 - hosts/yevaud/configuration.nix | 7 ++ services/birdsong/default.nix | 1 + services/birdsong/hosts.nix | 134 +++++++++++++++++++++++++++++++++ services/birdsong/peer.nix | 74 ++++++++++++------ 6 files changed, 197 insertions(+), 52 deletions(-) create mode 100644 services/birdsong/hosts.nix diff --git a/hosts/orm/wireguard.nix b/hosts/orm/wireguard.nix index be20446..38ef0da 100644 --- a/hosts/orm/wireguard.nix +++ b/hosts/orm/wireguard.nix @@ -3,31 +3,8 @@ { age.secrets.wireguard-hub.file = ../../secrets/wireguard-hub.age; - networking = { - nat = { - enable = true; - externalInterface = "ens3"; - internalInterfaces = [ "wg0" ]; - }; - - firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ]; - - wireguard.interfaces.wg0 = { - ips = [ "10.127.1.1/24" "fd70:81ca:0f8f:1::1/64" ]; - listenPort = 51820; - privateKeyFile = config.age.secrets.wireguard-hub.path; - peers = [ - { - name = "shaw"; - publicKey = "eD79pROC2zjhKz4tGRS43O95gcFRqO+SFb2XDnTr0zc="; - allowedIPs = [ "10.127.1.2" "fd70:81ca:0f8f:1::2" ]; - } - { - name = "tohru"; - publicKey = "lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18="; - allowedIPs = [ "10.127.1.3" "fd70:81ca:0f8f:1::3" ]; - } - ]; - }; + birdsong.peer = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-hub.path; }; } diff --git a/hosts/tohru/wireguard.nix b/hosts/tohru/wireguard.nix index bca2cd6..eb7d6d2 100644 --- a/hosts/tohru/wireguard.nix +++ b/hosts/tohru/wireguard.nix @@ -6,10 +6,6 @@ birdsong.peer = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - listenPort = 51821; persistentKeepalive = 23; }; - - # TODO: get this from a list of peers, keyed on hostname - networking.wireguard.interfaces.birdsong.ips = [ "10.127.1.3/24" "fd70:81ca:0f8f:1::3/64" ]; } diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 7abce5a..4fc10f9 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -9,6 +9,13 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; + + birdsong.peer = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; + }; + qenya.services.forgejo = { enable = true; domain = "git.qenya.tel"; diff --git a/services/birdsong/default.nix b/services/birdsong/default.nix index 4e37405..3a42299 100644 --- a/services/birdsong/default.nix +++ b/services/birdsong/default.nix @@ -1,5 +1,6 @@ { imports = [ ./peer.nix + ./hosts.nix ]; } \ No newline at end of file diff --git a/services/birdsong/hosts.nix b/services/birdsong/hosts.nix new file mode 100644 index 0000000..47b45cf --- /dev/null +++ b/services/birdsong/hosts.nix @@ -0,0 +1,134 @@ +{ config, lib, pkgs, ... }: + +with lib; +{ + options.birdsong.hosts = mkOption { + description = "List of hosts in the birdsong network"; + type = types.attrsOf + (types.submodule { + options = { + hostKey = mkOption { + default = null; + description = "SSH public key of the host, for use in known_hosts files"; + type = with types; nullOr str; + }; + subnet = mkOption { + default = "internet"; + example = "roaming"; + description = '' + Identifier representing a LAN the host belongs to. Hosts in the + same LAN will peer with each other. + + The special value `internet` (the default) will accept peering + from all other hosts. This is to be used for servers that are + accessible from the public internet. + + The special value `roaming` will not peer with other `roaming` + hosts, but will still peer with `internet` hosts. This is to be + used for portable devices like laptops that regularly move between + networks. + ''; + type = types.str; + }; + endpoint = mkOption { + default = null; + example = "example.com"; + description = '' + Address (e.g. IP or domain name) by which the host is reachable + within its LAN. + + If {option}`birdsong.hosts..subnet` is set to `internet`, + the host must be reachable at this address from the public + internet. + + If {option}`birdsong.hosts..subnet` is set to `roaming`, + this option is not used. + ''; + type = with types; nullOr str; + }; + ipv4 = mkOption { + example = "10.127.1.1"; + description = "IPv4 address of this peer within the network"; + type = types.str; + }; + ipv6 = mkOption { + example = "fd70:81ca:0f8f:1::1"; + description = "IPv6 address of this peer within the network"; + type = types.str; + }; + port = mkOption { + default = 51820; + example = 51821; + description = '' + Which port to expose WireGuard on. Change this for peers behind + NAT, to a port not used by another peer in the same LAN. + ''; + type = types.port; + }; + wireguardKey = mkOption { + example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; + description = "WireGuard public key for this peer, as generated by `wg pubkey`"; + type = types.str; + }; + isRouter = mkOption { + default = false; + description = '' + The host with this flag set is the subnet router. It forwards + packets between WireGuard peers that can't connect directly to + each other. WireGuard's scope doesn't (yet) include full mesh + networking with load-balancing between routers, so only one peer + can hold this status. It should be peered with all other hosts + (i.e., {option}`birdsong.hosts..subnet` set to `internet`). + ''; + type = types.bool; + }; + }; + }); + }; + + config.birdsong.hosts = { + yevaud = { + hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; + endpoint = "yevaud.birdsong.network"; + ipv4 = "10.127.1.1"; + ipv6 = "fd70:81ca:0f8f:1::1"; + wireguardKey = "YPJsIs9x4wuWdFi/QRWSJbWvKE0GQAfVL4MNMqHygDw="; + isRouter = true; + }; + + orm = { + hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; + endpoint = "orm.birdsong.network"; + ipv4 = "10.127.1.2"; + ipv6 = "fd70:81ca:0f8f:1::2"; + wireguardKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; + }; + + tohru = { + hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; + subnet = "roaming"; + ipv4 = "10.127.2.1"; + ipv6 = "fd70:81ca:0f8f:2::1"; + port = 51821; + wireguardKey = "lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18="; + }; + + # kilgharrah = { + # # hostKey = ""; + # subnet = "weyrhold"; + # endpoint = "192.168.2.1"; + # ipv4 = "10.127.3.1"; + # ipv6 = "fd70:81ca:0f8f:3::1"; + # # wireguardKey = ""; + # }; + + shaw = { + hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; + subnet = "library"; + # endpoint = ""; + ipv4 = "10.127.4.1"; + ipv6 = "fd70:81ca:0f8f:4::1"; + wireguardKey = "eD79pROC2zjhKz4tGRS43O95gcFRqO+SFb2XDnTr0zc="; + }; + }; +} diff --git a/services/birdsong/peer.nix b/services/birdsong/peer.nix index 706310c..d1b659b 100644 --- a/services/birdsong/peer.nix +++ b/services/birdsong/peer.nix @@ -3,12 +3,25 @@ with lib; let cfg = config.birdsong.peer; + hostName = if null != cfg.hostName then cfg.hostName else config.networking.hostName; + hosts = config.birdsong.hosts; + host = hosts.${hostName}; in { options.birdsong.peer = { enable = mkEnableOption "WireGuard peering with the birdsong network"; + hostName = mkOption { + default = null; + description = '' + The hostname of this peer within the network. Must be listed in + {option}`birdsong.hosts`. If not set, defaults to + {option}`networking.hostName`. + ''; + type = with types; nullOr str; + }; interface = mkOption { default = "birdsong"; + example = "wg0"; description = "The name of the network interface to use for WireGuard."; type = types.str; }; @@ -21,40 +34,57 @@ in description = "Path to the private key for this peer, as generated by `wg genkey`."; type = types.path; }; - listenPort = mkOption { - default = 51820; - example = 51821; - description = "Which port to expose WireGuard on. Change this if you are behind NAT, to a port not used by another peer in the same LAN."; - type = types.port; - }; persistentKeepalive = mkOption { default = null; example = 23; - description = "Constantly ping the hub this often, in seconds, in order to keep the WireGuard tunnel open. Set this if you are behind NAT to keep the NAT session active. To avoid syncing, this should ideally be a prime number that is not shared by another peer in the same LAN."; - type = types.nullOr types.int; + description = '' + Constantly ping each peer outside the LAN this often, in seconds, in + order to keep the WireGuard tunnel open. Set this if you are behind NAT + to keep the NAT session active, or if you have a dynamic IP to keep the + other peers aware when your IP changes. To avoid syncing, this should + ideally be a prime number that is not shared by another peer in the same + LAN. + ''; + type = with types; nullOr int; }; }; config = mkIf cfg.enable { - assertions = [{ - assertion = cfg.privateKeyFile != null; - message = "birdsong.peer.privateKeyFile must be set"; - }]; + assertions = [ + { + assertion = cfg ? privateKeyFile; + message = "birdsong.peer.privateKeyFile must be set"; + } + { + assertion = hostName != null; + message = "birdsong.peer.hostName or networking.hostName must be set"; + } + ]; networking = { - firewall.allowedUDPPorts = mkIf cfg.openPorts [ cfg.listenPort ]; + firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ]; wireguard.interfaces.${cfg.interface} = { - listenPort = cfg.listenPort; + ips = [ "${host.ipv4}/16" "${host.ipv6}/48" ] + ++ optionals host.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; privateKeyFile = cfg.privateKeyFile; - peers = [ - { - publicKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; - allowedIPs = [ "10.127.1.0/24" "fd70:81ca:0f8f:1::/64" ]; - endpoint = "birdsong.network:51820"; - persistentKeepalive = cfg.persistentKeepalive; - } - ]; + listenPort = host.port; + + peers = + let + canDirectPeer = host: peer: peer.subnet == "internet" || (host.subnet != "roaming" && peer.subnet == host.subnet); + in + mapAttrsToList + (name: peer: { + name = name; + publicKey = peer.wireguardKey; + allowedIPs = [ peer.ipv4 peer.ipv6 ] + ++ optionals peer.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; + endpoint = mkIf (canDirectPeer host peer) "${peer.endpoint}:${toString peer.port}"; + dynamicEndpointRefreshSeconds = mkIf (canDirectPeer host peer) 5; + persistentKeepalive = mkIf (peer.subnet != host.subnet) cfg.persistentKeepalive; + }) + (filterAttrs (name: peer: peer != host && (host.subnet == "internet" || canDirectPeer host peer)) hosts); }; }; }; From 70247124a692d8e58a8792591cef7c0b53585f39 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 08:05:34 +0100 Subject: [PATCH 106/438] tohru, orm: tidy up vestigial wireguard config --- hosts/orm/configuration.nix | 8 +++++++- hosts/orm/wireguard.nix | 10 ---------- hosts/tohru/configuration.nix | 9 ++++++++- hosts/tohru/wireguard.nix | 11 ----------- secrets.nix | 2 +- secrets/{wireguard-hub.age => wireguard-peer-orm.age} | 0 secrets/{wireguard-hub.pub => wireguard-peer-orm.pub} | 0 7 files changed, 16 insertions(+), 24 deletions(-) delete mode 100644 hosts/orm/wireguard.nix delete mode 100644 hosts/tohru/wireguard.nix rename secrets/{wireguard-hub.age => wireguard-peer-orm.age} (100%) rename secrets/{wireguard-hub.pub => wireguard-peer-orm.pub} (100%) diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index a1063ad..cd96237 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -4,11 +4,17 @@ imports = [ ./hardware-configuration.nix ./home.nix - ./wireguard.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; + + birdsong.peer = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-orm.path; + }; + system.stateVersion = "23.11"; } diff --git a/hosts/orm/wireguard.nix b/hosts/orm/wireguard.nix deleted file mode 100644 index 38ef0da..0000000 --- a/hosts/orm/wireguard.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - age.secrets.wireguard-hub.file = ../../secrets/wireguard-hub.age; - - birdsong.peer = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-hub.path; - }; -} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 64d293a..4218f5d 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -8,13 +8,20 @@ ../../services/fonts.nix ../../services/steam.nix ./syncthing.nix - ./wireguard.nix ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; boot.loader.systemd-boot.editor = false; + age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; + + birdsong.peer = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; + persistentKeepalive = 23; + }; + programs.evolution.enable = true; qenya.services.fonts.enable = true; qenya.services.steam.enable = true; diff --git a/hosts/tohru/wireguard.nix b/hosts/tohru/wireguard.nix deleted file mode 100644 index eb7d6d2..0000000 --- a/hosts/tohru/wireguard.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - - birdsong.peer = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - persistentKeepalive = 23; - }; -} diff --git a/secrets.nix b/secrets.nix index 0e3f84f..e6dd703 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,7 +4,7 @@ let commonKeys = keys.users.qenya; secrets = with keys; { - wireguard-hub = [ machines.orm ]; + wireguard-peer-orm = [ machines.orm ]; wireguard-peer-tohru = [ machines.tohru ]; wireguard-peer-yevaud = [ machines.yevaud ]; }; diff --git a/secrets/wireguard-hub.age b/secrets/wireguard-peer-orm.age similarity index 100% rename from secrets/wireguard-hub.age rename to secrets/wireguard-peer-orm.age diff --git a/secrets/wireguard-hub.pub b/secrets/wireguard-peer-orm.pub similarity index 100% rename from secrets/wireguard-hub.pub rename to secrets/wireguard-peer-orm.pub From d17ef00e1c1b5dd5eae6f4df5a6545b20c25dc0d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 08:14:41 +0100 Subject: [PATCH 107/438] birdsong: rename option peer -> peering --- hosts/orm/configuration.nix | 2 +- hosts/tohru/configuration.nix | 2 +- hosts/yevaud/configuration.nix | 2 +- services/birdsong/default.nix | 2 +- services/birdsong/{peer.nix => peering.nix} | 8 ++++---- 5 files changed, 8 insertions(+), 8 deletions(-) rename services/birdsong/{peer.nix => peering.nix} (93%) diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index cd96237..f0553fd 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -11,7 +11,7 @@ age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; - birdsong.peer = { + birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-orm.path; }; diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 4218f5d..1d1977e 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -16,7 +16,7 @@ age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - birdsong.peer = { + birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; persistentKeepalive = 23; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 4fc10f9..4df7229 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -11,7 +11,7 @@ age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; - birdsong.peer = { + birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; }; diff --git a/services/birdsong/default.nix b/services/birdsong/default.nix index 3a42299..5987348 100644 --- a/services/birdsong/default.nix +++ b/services/birdsong/default.nix @@ -1,6 +1,6 @@ { imports = [ - ./peer.nix ./hosts.nix + ./peering.nix ]; } \ No newline at end of file diff --git a/services/birdsong/peer.nix b/services/birdsong/peering.nix similarity index 93% rename from services/birdsong/peer.nix rename to services/birdsong/peering.nix index d1b659b..9832e4f 100644 --- a/services/birdsong/peer.nix +++ b/services/birdsong/peering.nix @@ -2,13 +2,13 @@ with lib; let - cfg = config.birdsong.peer; + cfg = config.birdsong.peering; hostName = if null != cfg.hostName then cfg.hostName else config.networking.hostName; hosts = config.birdsong.hosts; host = hosts.${hostName}; in { - options.birdsong.peer = { + options.birdsong.peering = { enable = mkEnableOption "WireGuard peering with the birdsong network"; hostName = mkOption { default = null; @@ -53,11 +53,11 @@ in assertions = [ { assertion = cfg ? privateKeyFile; - message = "birdsong.peer.privateKeyFile must be set"; + message = "birdsong.peering.privateKeyFile must be set"; } { assertion = hostName != null; - message = "birdsong.peer.hostName or networking.hostName must be set"; + message = "birdsong.peering.hostName or networking.hostName must be set"; } ]; From b6dd2e231f5f4394b165b9c0153a32cf4fdb8bca Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 08:36:05 +0100 Subject: [PATCH 108/438] npins update --- npins/sources.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 4c161a4..005c6be 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -35,15 +35,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "829828eddd52363236a53d55c40e1d4aa7af5a56", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/829828eddd52363236a53d55c40e1d4aa7af5a56.tar.gz", - "hash": "0ahiqmj36ib0fc98isgpqs9adafdgfvll60ccmryx6d6ziga0w5d" + "revision": "500be2a1404429cfccdb4bf71e515cc38f206a25", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/500be2a1404429cfccdb4bf71e515cc38f206a25.tar.gz", + "hash": "0w01kcnjpwb9zfsw066lnq0l84w28nbryfrdbddnl768l30rbz63" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.2933.c716603a63ac/nixexprs.tar.xz", - "hash": "0gy2wvfwwi2jss5prhxq5c1rw321mi82c0mnki5m404j2zzzas6f" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3214.575f3027caa1/nixexprs.tar.xz", + "hash": "0w5kza4qrnlhsp1ls385zmf6cbkfwcxiriz69bi29zjhn2rl9gh5" }, "nur": { "type": "Git", @@ -53,9 +53,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "6e46867fdecc920a1de55dc1e553a16f54e2d2ee", - "url": "https://github.com/nix-community/NUR/archive/6e46867fdecc920a1de55dc1e553a16f54e2d2ee.tar.gz", - "hash": "0vwl9svpc51x2byzn844z7q9v4hsa3hhqi8m40fj401hqdivrg3n" + "revision": "1002ee1f90ca51d8891642094d3a1e840d82b616", + "url": "https://github.com/nix-community/NUR/archive/1002ee1f90ca51d8891642094d3a1e840d82b616.tar.gz", + "hash": "1b1b4mdhdznbz6rz2hvwfg79x7s6ln44gpn968gyl5kc02wmaia3" } }, "version": 3 From 35f9c007361a97e41ef714beaed25676d077c2ac Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 10:04:14 +0100 Subject: [PATCH 109/438] birdsong: move to external module --- hive.nix | 1 + npins/sources.json | 11 +++ services/birdsong/default.nix | 6 -- services/birdsong/hosts.nix | 134 ---------------------------------- services/birdsong/peering.nix | 91 ----------------------- services/default.nix | 1 - 6 files changed, 12 insertions(+), 232 deletions(-) delete mode 100644 services/birdsong/default.nix delete mode 100644 services/birdsong/hosts.nix delete mode 100644 services/birdsong/peering.nix diff --git a/hive.nix b/hive.nix index a4114a7..54c4f66 100644 --- a/hive.nix +++ b/hive.nix @@ -23,6 +23,7 @@ in { imports = [ (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") + (import sources.birdsong) ./pinning.nix ./common ./services diff --git a/npins/sources.json b/npins/sources.json index 005c6be..1adc343 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -15,6 +15,17 @@ "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" }, + "birdsong": { + "type": "Git", + "repository": { + "type": "Git", + "url": "https://git.qenya.tel/qenya/birdsong.git" + }, + "branch": "main", + "revision": "04e5519bf363388debfafc31285851c7816d087a", + "url": null, + "hash": "04xzplpbqy5lsild4amy58x0d9dbvf988d3r65grg41vy08d3ym4" + }, "home-manager": { "type": "Git", "repository": { diff --git a/services/birdsong/default.nix b/services/birdsong/default.nix deleted file mode 100644 index 5987348..0000000 --- a/services/birdsong/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./hosts.nix - ./peering.nix - ]; -} \ No newline at end of file diff --git a/services/birdsong/hosts.nix b/services/birdsong/hosts.nix deleted file mode 100644 index 47b45cf..0000000 --- a/services/birdsong/hosts.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -{ - options.birdsong.hosts = mkOption { - description = "List of hosts in the birdsong network"; - type = types.attrsOf - (types.submodule { - options = { - hostKey = mkOption { - default = null; - description = "SSH public key of the host, for use in known_hosts files"; - type = with types; nullOr str; - }; - subnet = mkOption { - default = "internet"; - example = "roaming"; - description = '' - Identifier representing a LAN the host belongs to. Hosts in the - same LAN will peer with each other. - - The special value `internet` (the default) will accept peering - from all other hosts. This is to be used for servers that are - accessible from the public internet. - - The special value `roaming` will not peer with other `roaming` - hosts, but will still peer with `internet` hosts. This is to be - used for portable devices like laptops that regularly move between - networks. - ''; - type = types.str; - }; - endpoint = mkOption { - default = null; - example = "example.com"; - description = '' - Address (e.g. IP or domain name) by which the host is reachable - within its LAN. - - If {option}`birdsong.hosts..subnet` is set to `internet`, - the host must be reachable at this address from the public - internet. - - If {option}`birdsong.hosts..subnet` is set to `roaming`, - this option is not used. - ''; - type = with types; nullOr str; - }; - ipv4 = mkOption { - example = "10.127.1.1"; - description = "IPv4 address of this peer within the network"; - type = types.str; - }; - ipv6 = mkOption { - example = "fd70:81ca:0f8f:1::1"; - description = "IPv6 address of this peer within the network"; - type = types.str; - }; - port = mkOption { - default = 51820; - example = 51821; - description = '' - Which port to expose WireGuard on. Change this for peers behind - NAT, to a port not used by another peer in the same LAN. - ''; - type = types.port; - }; - wireguardKey = mkOption { - example = "xTIBA5rboUvnH4htodjb6e697QjLERt1NAB4mZqp8Dg="; - description = "WireGuard public key for this peer, as generated by `wg pubkey`"; - type = types.str; - }; - isRouter = mkOption { - default = false; - description = '' - The host with this flag set is the subnet router. It forwards - packets between WireGuard peers that can't connect directly to - each other. WireGuard's scope doesn't (yet) include full mesh - networking with load-balancing between routers, so only one peer - can hold this status. It should be peered with all other hosts - (i.e., {option}`birdsong.hosts..subnet` set to `internet`). - ''; - type = types.bool; - }; - }; - }); - }; - - config.birdsong.hosts = { - yevaud = { - hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; - endpoint = "yevaud.birdsong.network"; - ipv4 = "10.127.1.1"; - ipv6 = "fd70:81ca:0f8f:1::1"; - wireguardKey = "YPJsIs9x4wuWdFi/QRWSJbWvKE0GQAfVL4MNMqHygDw="; - isRouter = true; - }; - - orm = { - hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; - endpoint = "orm.birdsong.network"; - ipv4 = "10.127.1.2"; - ipv6 = "fd70:81ca:0f8f:1::2"; - wireguardKey = "birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA="; - }; - - tohru = { - hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; - subnet = "roaming"; - ipv4 = "10.127.2.1"; - ipv6 = "fd70:81ca:0f8f:2::1"; - port = 51821; - wireguardKey = "lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18="; - }; - - # kilgharrah = { - # # hostKey = ""; - # subnet = "weyrhold"; - # endpoint = "192.168.2.1"; - # ipv4 = "10.127.3.1"; - # ipv6 = "fd70:81ca:0f8f:3::1"; - # # wireguardKey = ""; - # }; - - shaw = { - hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; - subnet = "library"; - # endpoint = ""; - ipv4 = "10.127.4.1"; - ipv6 = "fd70:81ca:0f8f:4::1"; - wireguardKey = "eD79pROC2zjhKz4tGRS43O95gcFRqO+SFb2XDnTr0zc="; - }; - }; -} diff --git a/services/birdsong/peering.nix b/services/birdsong/peering.nix deleted file mode 100644 index 9832e4f..0000000 --- a/services/birdsong/peering.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.birdsong.peering; - hostName = if null != cfg.hostName then cfg.hostName else config.networking.hostName; - hosts = config.birdsong.hosts; - host = hosts.${hostName}; -in -{ - options.birdsong.peering = { - enable = mkEnableOption "WireGuard peering with the birdsong network"; - hostName = mkOption { - default = null; - description = '' - The hostname of this peer within the network. Must be listed in - {option}`birdsong.hosts`. If not set, defaults to - {option}`networking.hostName`. - ''; - type = with types; nullOr str; - }; - interface = mkOption { - default = "birdsong"; - example = "wg0"; - description = "The name of the network interface to use for WireGuard."; - type = types.str; - }; - openPorts = mkOption { - default = true; - description = "Whether to automatically open firewall ports."; - type = types.bool; - }; - privateKeyFile = mkOption { - description = "Path to the private key for this peer, as generated by `wg genkey`."; - type = types.path; - }; - persistentKeepalive = mkOption { - default = null; - example = 23; - description = '' - Constantly ping each peer outside the LAN this often, in seconds, in - order to keep the WireGuard tunnel open. Set this if you are behind NAT - to keep the NAT session active, or if you have a dynamic IP to keep the - other peers aware when your IP changes. To avoid syncing, this should - ideally be a prime number that is not shared by another peer in the same - LAN. - ''; - type = with types; nullOr int; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg ? privateKeyFile; - message = "birdsong.peering.privateKeyFile must be set"; - } - { - assertion = hostName != null; - message = "birdsong.peering.hostName or networking.hostName must be set"; - } - ]; - - networking = { - firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ]; - - wireguard.interfaces.${cfg.interface} = { - ips = [ "${host.ipv4}/16" "${host.ipv6}/48" ] - ++ optionals host.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; - privateKeyFile = cfg.privateKeyFile; - listenPort = host.port; - - peers = - let - canDirectPeer = host: peer: peer.subnet == "internet" || (host.subnet != "roaming" && peer.subnet == host.subnet); - in - mapAttrsToList - (name: peer: { - name = name; - publicKey = peer.wireguardKey; - allowedIPs = [ peer.ipv4 peer.ipv6 ] - ++ optionals peer.isRouter [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; - endpoint = mkIf (canDirectPeer host peer) "${peer.endpoint}:${toString peer.port}"; - dynamicEndpointRefreshSeconds = mkIf (canDirectPeer host peer) 5; - persistentKeepalive = mkIf (peer.subnet != host.subnet) cfg.persistentKeepalive; - }) - (filterAttrs (name: peer: peer != host && (host.subnet == "internet" || canDirectPeer host peer)) hosts); - }; - }; - }; -} diff --git a/services/default.nix b/services/default.nix index 304281d..7c73723 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./birdsong ./fonts.nix ./forgejo.nix ./steam.nix From 0fc7760b884006d2389e7ac4832e28ccaf371ded Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 12:58:36 +0100 Subject: [PATCH 110/438] npins update --- hive.nix | 2 +- npins/sources.json | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/hive.nix b/hive.nix index 54c4f66..d4d1560 100644 --- a/hive.nix +++ b/hive.nix @@ -23,7 +23,7 @@ in { imports = [ (import "${sources.home-manager}/nixos") (import "${sources.agenix}/modules/age.nix") - (import sources.birdsong) + (import "${sources.birdsong}/module.nix") ./pinning.nix ./common ./services diff --git a/npins/sources.json b/npins/sources.json index 1adc343..cdbd0e4 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -22,9 +22,9 @@ "url": "https://git.qenya.tel/qenya/birdsong.git" }, "branch": "main", - "revision": "04e5519bf363388debfafc31285851c7816d087a", + "revision": "ad6a7c93431fbb371d434f4951a034e8897c4d08", "url": null, - "hash": "04xzplpbqy5lsild4amy58x0d9dbvf988d3r65grg41vy08d3ym4" + "hash": "13d7g24p3pfdrdm2rnv22vd7qhxh4nawjy3z4y3cq6g3pn2avcg7" }, "home-manager": { "type": "Git", @@ -64,9 +64,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "1002ee1f90ca51d8891642094d3a1e840d82b616", - "url": "https://github.com/nix-community/NUR/archive/1002ee1f90ca51d8891642094d3a1e840d82b616.tar.gz", - "hash": "1b1b4mdhdznbz6rz2hvwfg79x7s6ln44gpn968gyl5kc02wmaia3" + "revision": "163ce69fca09c026a5963a4a44f7cf0b83178ee3", + "url": "https://github.com/nix-community/NUR/archive/163ce69fca09c026a5963a4a44f7cf0b83178ee3.tar.gz", + "hash": "1nnis8gjilg2l0hr6vcmsxlfkb6gbip5iry3065ilj5dkxcjn0j8" } }, "version": 3 From 42ce1700147ef18ecd1c6a7d86f76d6bc6480c2a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 25 Jul 2024 18:34:59 +0100 Subject: [PATCH 111/438] npins update --- npins/default.nix | 63 +++++++++++++++++++++++++++++++++++----------- npins/sources.json | 14 +++++------ 2 files changed, 55 insertions(+), 22 deletions(-) diff --git a/npins/default.nix b/npins/default.nix index 4a7c372..5e7d086 100644 --- a/npins/default.nix +++ b/npins/default.nix @@ -3,18 +3,33 @@ let data = builtins.fromJSON (builtins.readFile ./sources.json); version = data.version; - mkSource = spec: - assert spec ? type; let + mkSource = + spec: + assert spec ? type; + let path = - if spec.type == "Git" then mkGitSource spec - else if spec.type == "GitRelease" then mkGitSource spec - else if spec.type == "PyPi" then mkPyPiSource spec - else if spec.type == "Channel" then mkChannelSource spec - else builtins.throw "Unknown source type ${spec.type}"; + if spec.type == "Git" then + mkGitSource spec + else if spec.type == "GitRelease" then + mkGitSource spec + else if spec.type == "PyPi" then + mkPyPiSource spec + else if spec.type == "Channel" then + mkChannelSource spec + else + builtins.throw "Unknown source type ${spec.type}"; in spec // { outPath = path; }; - mkGitSource = { repository, revision, url ? null, hash, ... }: + mkGitSource = + { + repository, + revision, + url ? null, + hash, + branch ? null, + ... + }: assert repository ? type; # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository # In the latter case, there we will always be an url to the tarball @@ -23,19 +38,37 @@ let inherit url; sha256 = hash; # FIXME: check nix version & use SRI hashes }) - else assert repository.type == "Git"; builtins.fetchGit { - url = repository.url; - rev = revision; - # hash = hash; - }; + else + assert repository.type == "Git"; + let + urlToName = + url: rev: + let + matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; - mkPyPiSource = { url, hash, ... }: + short = builtins.substring 0 7 rev; + + appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; + in + "${if matched == null then "source" else builtins.head matched}${appendShort}"; + name = urlToName repository.url revision; + in + builtins.fetchGit { + url = repository.url; + rev = revision; + inherit name; + # hash = hash; + }; + + mkPyPiSource = + { url, hash, ... }: builtins.fetchurl { inherit url; sha256 = hash; }; - mkChannelSource = { url, hash, ... }: + mkChannelSource = + { url, hash, ... }: builtins.fetchTarball { inherit url; sha256 = hash; diff --git a/npins/sources.json b/npins/sources.json index cdbd0e4..96e2f3f 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -22,9 +22,9 @@ "url": "https://git.qenya.tel/qenya/birdsong.git" }, "branch": "main", - "revision": "ad6a7c93431fbb371d434f4951a034e8897c4d08", + "revision": "752faa333d5686b5457e6c956d015bd6ec4e3eca", "url": null, - "hash": "13d7g24p3pfdrdm2rnv22vd7qhxh4nawjy3z4y3cq6g3pn2avcg7" + "hash": "1zl4zwkqapwmghbmzcpfzm4sfmmfxvp8j5bk241zmkvi8frlx1jf" }, "home-manager": { "type": "Git", @@ -53,8 +53,8 @@ "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3214.575f3027caa1/nixexprs.tar.xz", - "hash": "0w5kza4qrnlhsp1ls385zmf6cbkfwcxiriz69bi29zjhn2rl9gh5" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3268.d0907b75146a/nixexprs.tar.xz", + "hash": "1j40g3ms1pqldmx9pfhw4mslhxnrnklj0phwhzgk5g3m5hczb1j6" }, "nur": { "type": "Git", @@ -64,9 +64,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "163ce69fca09c026a5963a4a44f7cf0b83178ee3", - "url": "https://github.com/nix-community/NUR/archive/163ce69fca09c026a5963a4a44f7cf0b83178ee3.tar.gz", - "hash": "1nnis8gjilg2l0hr6vcmsxlfkb6gbip5iry3065ilj5dkxcjn0j8" + "revision": "f769fc25d19d5521a997686ffd66c08a3d23334f", + "url": "https://github.com/nix-community/NUR/archive/f769fc25d19d5521a997686ffd66c08a3d23334f.tar.gz", + "hash": "1jrllqirq1jig9v7f7r9h5jmywcia7h7qdfn58z8gq24vbp8j0h4" } }, "version": 3 From 3bed356294815f3fe3bdf7fc4e8a02bcbf0869c1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 26 Jul 2024 19:37:31 +0100 Subject: [PATCH 112/438] zsh: enable, set for qenya, add config --- common/default.nix | 1 + common/users/qenya.nix | 1 + common/zsh.nix | 9 +++++++++ home/vscode.nix | 1 + home/zsh.nix | 31 +++++++++++++++++++++++++++++++ hosts/orm/home.nix | 1 + hosts/tohru/home.nix | 1 + hosts/yevaud/home.nix | 1 + 8 files changed, 46 insertions(+) create mode 100644 common/zsh.nix create mode 100644 home/zsh.nix diff --git a/common/default.nix b/common/default.nix index 31657ff..1f4547d 100644 --- a/common/default.nix +++ b/common/default.nix @@ -5,5 +5,6 @@ ./nginx.nix ./openssh.nix ./security.nix + ./zsh.nix ]; } \ No newline at end of file diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 74062f7..5974069 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -11,6 +11,7 @@ in "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; + shell = pkgs.zsh; openssh.authorizedKeys.keys = keys.users.qenya; uid = 1001; }; diff --git a/common/zsh.nix b/common/zsh.nix new file mode 100644 index 0000000..09576b4 --- /dev/null +++ b/common/zsh.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs,... }: + +{ + programs.zsh.enable = true; + environment = { + shells = with pkgs; [ zsh ]; + pathsToLink = [ "/share/zsh" ]; + }; +} diff --git a/home/vscode.nix b/home/vscode.nix index 9cac613..480581f 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -36,6 +36,7 @@ formatting.command = [ "nixpkgs-fmt" ]; }; "terminal.integrated.allowChords" = false; + "terminal.integrated.defaultProfile.linux" = "zsh"; "workbench.colorTheme" = "SynthWave '84"; }; }; diff --git a/home/zsh.nix b/home/zsh.nix new file mode 100644 index 0000000..a970ace --- /dev/null +++ b/home/zsh.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +{ + programs.zsh = { + enable = true; + enableCompletion = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + dotDir = ".config/zsh"; + + shellAliases = { + ll = "ls -l"; + }; + + history = { + size = 10000; + path = "${config.xdg.dataHome}/zsh/history"; + ignorePatterns = [ "rm *" "pkill *" ]; + }; + + oh-my-zsh = { + enable = true; + plugins = [ "git" "sudo" ]; + theme = "agnoster"; + }; + + envExtra = '' + DEFAULT_USER=qenya + ''; + }; +} diff --git a/hosts/orm/home.nix b/hosts/orm/home.nix index 06f12fb..e5267c7 100644 --- a/hosts/orm/home.nix +++ b/hosts/orm/home.nix @@ -5,6 +5,7 @@ imports = [ ../../home/cli.nix ../../home/git.nix + ../../home/zsh.nix ]; home.stateVersion = "23.11"; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index b70a202..023f444 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -8,6 +8,7 @@ ../../home/git.nix ../../home/gnome ../../home/vscode.nix + ../../home/zsh.nix ]; home.packages = (with pkgs; [ diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix index 87d8898..e8a18e9 100644 --- a/hosts/yevaud/home.nix +++ b/hosts/yevaud/home.nix @@ -6,6 +6,7 @@ ../../home/cli.nix ../../home/git.nix ../../home/tmux.nix + ../../home/zsh.nix ]; home.stateVersion = "23.11"; From 469072c57e78e8319d91a68dccde1de649944dee Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 27 Jul 2024 00:23:59 +0100 Subject: [PATCH 113/438] yevaud: add redirect for birdsong.network --- hosts/yevaud/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 4df7229..d06c5cf 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -30,6 +30,11 @@ enableACME = true; locations."/".return = "301 https://git.qenya.tel$request_uri"; }; + "birdsong.network" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.qenya.tel/qenya/birdsong/"; + }; }; }; From 230e93bbe780e983515e5266e4ba0e082f646f9c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 27 Jul 2024 00:26:13 +0100 Subject: [PATCH 114/438] zsh: start zsh automatically in nix-shell --- home/zsh.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/zsh.nix b/home/zsh.nix index a970ace..f6ded78 100644 --- a/home/zsh.nix +++ b/home/zsh.nix @@ -10,6 +10,7 @@ shellAliases = { ll = "ls -l"; + nix-shell = ''nix-shell --command "zsh"''; # TODO: tweak theme to display something when inside nix-shell }; history = { From 31bf48154cb77e891a3695e6c155ebd9f81e4df8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 30 Jul 2024 13:02:11 +0100 Subject: [PATCH 115/438] consolidate home-manager config to a module with one entrypoint --- common/users/qenya.nix | 13 +++------ home/{gnome => dconf}/appearance.nix | 8 +++--- home/{gnome => dconf}/background-image.jpg | Bin home/dconf/default.nix | 30 +++++++++++++++++++++ home/{gnome => dconf}/keyboard.nix | 1 - home/default.nix | 12 +++++++++ home/firefox.nix | 6 ----- home/git.nix | 2 ++ home/gnome/default.nix | 9 ------- home/vscode.nix | 1 - hosts/orm/configuration.nix | 1 - hosts/orm/home.nix | 13 --------- hosts/tohru/home.nix | 16 +++++------ hosts/yevaud/configuration.nix | 1 - hosts/yevaud/home.nix | 14 ---------- 15 files changed, 59 insertions(+), 68 deletions(-) rename home/{gnome => dconf}/appearance.nix (82%) rename home/{gnome => dconf}/background-image.jpg (100%) create mode 100644 home/dconf/default.nix rename home/{gnome => dconf}/keyboard.nix (94%) create mode 100644 home/default.nix delete mode 100644 home/firefox.nix delete mode 100644 home/gnome/default.nix delete mode 100644 hosts/orm/home.nix delete mode 100644 hosts/yevaud/home.nix diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 5974069..00f35af 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,8 +1,7 @@ { config, lib, pkgs, ... }: let keys = import ../../keys.nix; -in -{ +in { users.users.qenya = { isNormalUser = true; home = "/home/qenya"; @@ -19,12 +18,8 @@ in home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { home.homeDirectory = osConfig.users.users.qenya.home; - programs.git = { - enable = true; - userName = "Katherina Walshe-Grey"; - userEmail = "git@qenya.tel"; - }; - - home.stateVersion = "23.11"; + imports = [ + ../../home + ]; }; } diff --git a/home/gnome/appearance.nix b/home/dconf/appearance.nix similarity index 82% rename from home/gnome/appearance.nix rename to home/dconf/appearance.nix index 129aa1a..d6f1fab 100644 --- a/home/gnome/appearance.nix +++ b/home/dconf/appearance.nix @@ -1,8 +1,8 @@ { config, lib, pkgs, ... }: -{ +let inherit (lib) mkIf; +in { dconf = { - enable = true; settings = let backgroundOptions = { @@ -21,5 +21,7 @@ "org/gnome/desktop/interface".color-scheme = "prefer-dark"; }; }; - home.file.".background-image".source = ./background-image.jpg; + home.file.".background-image" = mkIf config.dconf.enable { + source = ./background-image.jpg; + }; } diff --git a/home/gnome/background-image.jpg b/home/dconf/background-image.jpg similarity index 100% rename from home/gnome/background-image.jpg rename to home/dconf/background-image.jpg diff --git a/home/dconf/default.nix b/home/dconf/default.nix new file mode 100644 index 0000000..4924e3e --- /dev/null +++ b/home/dconf/default.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +# dconf is the configuration manager for GNOME. + +# home-manager, in its infinite wisdom, sets `dconf.enable` to true by default. +# This is a problem because we don't want it to attempt to apply our settings on +# a system that doesn't actually have GNOME installed. + +# To work around it, we create our own option `qenya.dconf.enable`, which +# defaults to false, and pass it to `dconf.enable`. + +let + inherit (lib) mkIf mkEnableOption; + cfg = config.qenya.dconf; +in +{ + options.qenya.dconf = { + enable = mkEnableOption "dconf"; + }; + + config = { + dconf.enable = config.qenya.dconf.enable; + }; + + imports = [ + # TODO: nix-ify other parts of GNOME config + ./appearance.nix + ./keyboard.nix + ]; +} diff --git a/home/gnome/keyboard.nix b/home/dconf/keyboard.nix similarity index 94% rename from home/gnome/keyboard.nix rename to home/dconf/keyboard.nix index 7950cb8..e96a6f2 100644 --- a/home/gnome/keyboard.nix +++ b/home/dconf/keyboard.nix @@ -2,7 +2,6 @@ { dconf = { - enable = true; settings = { "org/gnome/desktop/wm/keybindings" = { # These are largely useless on most normal systems diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..e3197ef --- /dev/null +++ b/home/default.nix @@ -0,0 +1,12 @@ +{ + imports = [ + ./dconf + ./cli.nix + ./git.nix + ./tmux.nix + ./vscode.nix + ./zsh.nix + ]; + + home.stateVersion = "23.11"; +} diff --git a/home/firefox.nix b/home/firefox.nix deleted file mode 100644 index 95e399e..0000000 --- a/home/firefox.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - # TODO: nix-ify Firefox config - programs.firefox.enable = true; -} diff --git a/home/git.nix b/home/git.nix index 0a9f7c7..cc13d4a 100644 --- a/home/git.nix +++ b/home/git.nix @@ -3,6 +3,8 @@ { programs.git = { enable = true; + userName = "Katherina Walshe-Grey"; + userEmail = "git@qenya.tel"; extraConfig = { init = { defaultBranch = "main"; diff --git a/home/gnome/default.nix b/home/gnome/default.nix deleted file mode 100644 index 160be51..0000000 --- a/home/gnome/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - # TODO: nix-ify other parts of GNOME config - ./appearance.nix - ./keyboard.nix - ]; -} diff --git a/home/vscode.nix b/home/vscode.nix index 480581f..d8ded74 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -2,7 +2,6 @@ { programs.vscode = { - enable = true; enableExtensionUpdateCheck = false; enableUpdateCheck = false; package = pkgs.vscodium; diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index f0553fd..1403b3d 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -3,7 +3,6 @@ { imports = [ ./hardware-configuration.nix - ./home.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/orm/home.nix b/hosts/orm/home.nix deleted file mode 100644 index e5267c7..0000000 --- a/hosts/orm/home.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home-manager.users.qenya = { pkgs, ... }: { - imports = [ - ../../home/cli.nix - ../../home/git.nix - ../../home/zsh.nix - ]; - - home.stateVersion = "23.11"; - }; -} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 023f444..226ed1a 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -2,14 +2,12 @@ { home-manager.users.qenya = { pkgs, ... }: { - imports = [ - ../../home/cli.nix - ../../home/firefox.nix - ../../home/git.nix - ../../home/gnome - ../../home/vscode.nix - ../../home/zsh.nix - ]; + qenya.dconf.enable = true; + + programs = { + firefox.enable = true; # TODO: config is not yet nix-ified + vscode.enable = true; + }; home.packages = (with pkgs; [ bitwarden @@ -31,7 +29,5 @@ nur.repos.qenya.digital-a-love-story nur.repos.qenya.dont-take-it-personally-babe ]); - - home.stateVersion = "23.11"; }; } diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index d06c5cf..0c21462 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -3,7 +3,6 @@ { imports = [ ./hardware-configuration.nix - ./home.nix ]; boot.loader.systemd-boot.enable = true; diff --git a/hosts/yevaud/home.nix b/hosts/yevaud/home.nix deleted file mode 100644 index e8a18e9..0000000 --- a/hosts/yevaud/home.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home-manager.users.qenya = { pkgs, ... }: { - imports = [ - ../../home/cli.nix - ../../home/git.nix - ../../home/tmux.nix - ../../home/zsh.nix - ]; - - home.stateVersion = "23.11"; - }; -} From e1ae112e8a56fd65aa344d63a403f61a4a245c2a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 30 Jul 2024 13:18:59 +0100 Subject: [PATCH 116/438] dconf: simplify default override --- home/dconf/default.nix | 21 +++++---------------- hosts/tohru/home.nix | 2 +- 2 files changed, 6 insertions(+), 17 deletions(-) diff --git a/home/dconf/default.nix b/home/dconf/default.nix index 4924e3e..66f82cd 100644 --- a/home/dconf/default.nix +++ b/home/dconf/default.nix @@ -4,23 +4,12 @@ # home-manager, in its infinite wisdom, sets `dconf.enable` to true by default. # This is a problem because we don't want it to attempt to apply our settings on -# a system that doesn't actually have GNOME installed. +# a system that doesn't actually have GNOME installed. So, we override the +# default to false. -# To work around it, we create our own option `qenya.dconf.enable`, which -# defaults to false, and pass it to `dconf.enable`. - -let - inherit (lib) mkIf mkEnableOption; - cfg = config.qenya.dconf; -in -{ - options.qenya.dconf = { - enable = mkEnableOption "dconf"; - }; - - config = { - dconf.enable = config.qenya.dconf.enable; - }; +let inherit (lib) mkDefault; +in { + dconf.enable = mkDefault false; imports = [ # TODO: nix-ify other parts of GNOME config diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 226ed1a..70e2c75 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -2,7 +2,7 @@ { home-manager.users.qenya = { pkgs, ... }: { - qenya.dconf.enable = true; + dconf.enable = true; programs = { firefox.enable = true; # TODO: config is not yet nix-ified From 3f8e97366c8d9999acfdaf06aef84bb1f07b28f4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 2 Aug 2024 12:01:00 +0100 Subject: [PATCH 117/438] vscode: don't install language servers if vscode is not installed --- home/vscode.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/home/vscode.nix b/home/vscode.nix index d8ded74..32e51ef 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -1,6 +1,8 @@ { config, lib, pkgs, ... }: -{ +let + inherit (lib) mkIf; +in { programs.vscode = { enableExtensionUpdateCheck = false; enableUpdateCheck = false; @@ -41,9 +43,9 @@ }; # Language servers etc - home.packages = with pkgs; [ + home.packages = mkIf config.programs.vscode.enable (with pkgs; [ gopls nil nixpkgs-fmt - ]; + ]); } From 86dc9a560672384473a7718eef9f290539e56d1c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 2 Aug 2024 12:01:23 +0100 Subject: [PATCH 118/438] vscode: switch theme to gruvbox --- home/vscode.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home/vscode.nix b/home/vscode.nix index 32e51ef..bb4c548 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -9,9 +9,9 @@ in { package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ open-vsx.golang.go + open-vsx.jdinhlife.gruvbox open-vsx.jnoortheen.nix-ide open-vsx.ms-python.python - open-vsx.robbowen.synthwave-vscode ]; mutableExtensionsDir = false; userSettings = { @@ -38,7 +38,7 @@ in { }; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = "SynthWave '84"; + "workbench.colorTheme" = "Gruvbox Dark Hard"; }; }; From 7f74fdbe874b4a6901dfbde1b9717355dd68ec4c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 2 Aug 2024 12:03:12 +0100 Subject: [PATCH 119/438] tohru: install prismlauncher, uninstall thunderbird --- hosts/tohru/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 70e2c75..a9b0532 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -16,7 +16,6 @@ gimp-with-plugins jellyfin-media-player keepassxc - thunderbird tor-browser-bundle-bin # libreoffice @@ -26,6 +25,7 @@ # games openttd + prismlauncher nur.repos.qenya.digital-a-love-story nur.repos.qenya.dont-take-it-personally-babe ]); From 54dd52b9785e6c0ec2bd3017d7929d2a85a857bd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 5 Aug 2024 02:07:17 +0100 Subject: [PATCH 120/438] zsh: remove redundant config lines --- common/zsh.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/common/zsh.nix b/common/zsh.nix index 09576b4..228a5cd 100644 --- a/common/zsh.nix +++ b/common/zsh.nix @@ -2,8 +2,4 @@ { programs.zsh.enable = true; - environment = { - shells = with pkgs; [ zsh ]; - pathsToLink = [ "/share/zsh" ]; - }; } From 9ae5563f834f00a7ed21a4bd8c5cc2c8e6df34f2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 5 Aug 2024 02:29:28 +0100 Subject: [PATCH 121/438] deployment: rename from colmena (for potential change in stack) --- {colmena => deployment}/local.nix | 0 {colmena => deployment}/remote.nix | 0 hive.nix | 6 +++--- 3 files changed, 3 insertions(+), 3 deletions(-) rename {colmena => deployment}/local.nix (100%) rename {colmena => deployment}/remote.nix (100%) diff --git a/colmena/local.nix b/deployment/local.nix similarity index 100% rename from colmena/local.nix rename to deployment/local.nix diff --git a/colmena/remote.nix b/deployment/remote.nix similarity index 100% rename from colmena/remote.nix rename to deployment/remote.nix diff --git a/hive.nix b/hive.nix index d4d1560..43603b8 100644 --- a/hive.nix +++ b/hive.nix @@ -35,7 +35,7 @@ in { time.timeZone = "Europe/London"; imports = [ - ./colmena/local.nix + ./deployment/local.nix ./hosts/tohru/configuration.nix ]; }; @@ -45,7 +45,7 @@ in { time.timeZone = "Etc/UTC"; imports = [ - ./colmena/remote.nix + ./deployment/remote.nix ./hosts/yevaud/configuration.nix ]; }; @@ -55,7 +55,7 @@ in { time.timeZone = "Etc/UTC"; imports = [ - ./colmena/remote.nix + ./deployment/remote.nix ./hosts/orm/configuration.nix ]; }; From e9f64faa6f2a68ab52330914ebf018ae2dddac1d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 5 Aug 2024 02:31:18 +0100 Subject: [PATCH 122/438] deployment: remove redundant import --- deployment/local.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deployment/local.nix b/deployment/local.nix index 7bf35f3..752e9ce 100644 --- a/deployment/local.nix +++ b/deployment/local.nix @@ -1,7 +1,6 @@ { name, nodes, config, lib, pkgs, ... }: -let sources = import ../npins; -in { +{ deployment = { allowLocalDeployment = true; targetHost = null; From 50b47981c8de80dc7d349699c1121624ed2ce905 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 5 Aug 2024 02:47:42 +0100 Subject: [PATCH 123/438] tohru: rearrange files --- hosts/tohru/configuration.nix | 18 ++++++------ hosts/tohru/home.nix | 52 +++++++++++++++++------------------ 2 files changed, 35 insertions(+), 35 deletions(-) diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index 1d1977e..bc9f644 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -1,14 +1,10 @@ { config, lib, pkgs, ... }: { - imports = - [ - ./hardware-configuration.nix - ./home.nix - ../../services/fonts.nix - ../../services/steam.nix - ./syncthing.nix - ]; + imports = [ + ./hardware-configuration.nix + ./syncthing.nix + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; @@ -26,6 +22,12 @@ qenya.services.fonts.enable = true; qenya.services.steam.enable = true; + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + ./home.nix + ]; + }; + networking.networkmanager.enable = true; i18n.defaultLocale = "en_GB.UTF-8"; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index a9b0532..20526df 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -1,33 +1,31 @@ { config, lib, pkgs, ... }: { - home-manager.users.qenya = { pkgs, ... }: { - dconf.enable = true; + dconf.enable = true; - programs = { - firefox.enable = true; # TODO: config is not yet nix-ified - vscode.enable = true; - }; - - home.packages = (with pkgs; [ - bitwarden - discord - foliate - gimp-with-plugins - jellyfin-media-player - keepassxc - tor-browser-bundle-bin - - # libreoffice - libreoffice - hunspell - hunspellDicts.en_GB-ise - - # games - openttd - prismlauncher - nur.repos.qenya.digital-a-love-story - nur.repos.qenya.dont-take-it-personally-babe - ]); + programs = { + firefox.enable = true; # TODO: config is not yet nix-ified + vscode.enable = true; }; + + home.packages = with pkgs; [ + bitwarden + discord + foliate + gimp-with-plugins + jellyfin-media-player + keepassxc + tor-browser-bundle-bin + + # libreoffice + libreoffice + hunspell + hunspellDicts.en_GB-ise + + # games + openttd + prismlauncher + nur.repos.qenya.digital-a-love-story + nur.repos.qenya.dont-take-it-personally-babe + ]; } From 2b9b157679ac34d8d1bd4d4c19b4602ccb047d1c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 5 Aug 2024 04:12:16 +0100 Subject: [PATCH 124/438] shaw: init, install syncthing --- hosts/shaw/home.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 hosts/shaw/home.nix diff --git a/hosts/shaw/home.nix b/hosts/shaw/home.nix new file mode 100644 index 0000000..67c36e0 --- /dev/null +++ b/hosts/shaw/home.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + services.syncthing = { + enable = true; + extraOptions = [ + "--gui-address=:8385" + "--home=/home/qenya/state/syncthing" + ]; + }; +} From a2dc4024e086a6a18a44e36ab3d921cf535a9e88 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 12 Aug 2024 16:12:03 +0100 Subject: [PATCH 125/438] syncthing: add extra shares --- README.md | 7 ++++--- hosts/tohru/syncthing.nix | 31 ++++++++++++++++++++++++++++++- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e70385b..0b0fb40 100644 --- a/README.md +++ b/README.md @@ -6,14 +6,15 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ## Machines -### In this config +### Managed * `tohru`: Dell Latitude 5300, personal laptop -* `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance -* `orm`: Oracle Cloud free AMD VM, WireGuard server for the other machines in the network +* `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network +* `orm`: Oracle Cloud free AMD VM, currently idling ### Referenced only * `kilgharrah`: Custom-built personal desktop, currently running Arch * `shaw`: [My girlfriend's NAS](https://github.com/randomnetcat/nix-configs/tree/main/hosts/shaw) +* `latias`: My Steam Deck ## Usage diff --git a/hosts/tohru/syncthing.nix b/hosts/tohru/syncthing.nix index 0bd239c..a7820bd 100644 --- a/hosts/tohru/syncthing.nix +++ b/hosts/tohru/syncthing.nix @@ -11,12 +11,41 @@ settings = { devices = { "kilgharrah" = { id = "RDT7IGD-76FZ6LY-37PPB2W-DWPQRPR-LZ4AXF7-4GIIHYJ-RVXUUSG-ZXPN3AZ"; }; + "latias" = { id = "EN4W2SB-LB4AAZQ-6AQIE7G-S3BSCSP-V2EUNMM-KAQEHW3-PPAPGBO-PXRPWAL"; }; + "shaw" = { id = "NC7WMZS-GQETJYR-IAYGD65-GHTSTVP-VAAG43K-W7N3LO5-C5OQMZ2-DTK6YA7"; }; }; folders = { + "Sync" = { + id = "uln2v-zwzwj"; + path = "~/Sync"; + devices = [ "kilgharrah" "shaw" ]; + }; + "Documents" = { id = "alp59-7gs9s"; path = "~/Documents"; - devices = [ "kilgharrah" ]; + devices = [ "kilgharrah" "shaw" ]; + }; + "Music" = { + id = "7xvkf-y62s7"; + path = "~/Music"; + devices = [ "kilgharrah" "shaw" ]; + }; + "Pictures" = { + id = "tbmhx-ep7wk"; + path = "~/Pictures"; + devices = [ "kilgharrah" "shaw" ]; + }; + + "ES-DE" = { + id = "c1cbh-llw94"; + path = "~/ES-DE"; + devices = [ "kilgharrah" "latias" "shaw" ]; + }; + "ROMs" = { + id = "dcze4-v6act"; + path = "~/ROMs"; + devices = [ "kilgharrah" "latias" "shaw" ]; }; }; }; From 6e2d30751bb27f86eb877f7afb706ea8f780f5bf Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 12 Aug 2024 19:31:00 +0100 Subject: [PATCH 126/438] npins update --- npins/sources.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 96e2f3f..2865bf3 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -22,9 +22,9 @@ "url": "https://git.qenya.tel/qenya/birdsong.git" }, "branch": "main", - "revision": "752faa333d5686b5457e6c956d015bd6ec4e3eca", + "revision": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", "url": null, - "hash": "1zl4zwkqapwmghbmzcpfzm4sfmmfxvp8j5bk241zmkvi8frlx1jf" + "hash": "100l0mjfikv3sjphjb9aw2qhvqz7p616px1rl2gm1f5z9iljy7fp" }, "home-manager": { "type": "Git", @@ -46,15 +46,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "500be2a1404429cfccdb4bf71e515cc38f206a25", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/500be2a1404429cfccdb4bf71e515cc38f206a25.tar.gz", - "hash": "0w01kcnjpwb9zfsw066lnq0l84w28nbryfrdbddnl768l30rbz63" + "revision": "7270c841614adb30d02e97cdb1a81e3757cef092", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/7270c841614adb30d02e97cdb1a81e3757cef092.tar.gz", + "hash": "0y86hbymlz41vmgs9h1f2lgyb8vlchvdrgrx1jpw9brfshnxy6d6" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3268.d0907b75146a/nixexprs.tar.xz", - "hash": "1j40g3ms1pqldmx9pfhw4mslhxnrnklj0phwhzgk5g3m5hczb1j6" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3787.a781ff33ae25/nixexprs.tar.xz", + "hash": "1kjpxcxgf9nd6a18kdq5y2l379mb1rg57imxdx46rbl0aif7w12x" }, "nur": { "type": "Git", @@ -64,9 +64,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "f769fc25d19d5521a997686ffd66c08a3d23334f", - "url": "https://github.com/nix-community/NUR/archive/f769fc25d19d5521a997686ffd66c08a3d23334f.tar.gz", - "hash": "1jrllqirq1jig9v7f7r9h5jmywcia7h7qdfn58z8gq24vbp8j0h4" + "revision": "a4f1c6cf98a629c082edc90fd84be7cc4525e244", + "url": "https://github.com/nix-community/NUR/archive/a4f1c6cf98a629c082edc90fd84be7cc4525e244.tar.gz", + "hash": "0c7j5px26vasr9r9xx4r4s7hkwfc31rcsqivn5cal0zwjyvbdg3z" } }, "version": 3 From e2f5407c757fdfb9d5205b9f0ba276c673b6b4bd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 12 Aug 2024 19:37:39 +0100 Subject: [PATCH 127/438] hosts: add kalessin --- hive.nix | 11 +++++ hosts/kalessin/configuration.nix | 12 ++++++ hosts/kalessin/hardware-configuration.nix | 52 +++++++++++++++++++++++ 3 files changed, 75 insertions(+) create mode 100644 hosts/kalessin/configuration.nix create mode 100644 hosts/kalessin/hardware-configuration.nix diff --git a/hive.nix b/hive.nix index 43603b8..23baf32 100644 --- a/hive.nix +++ b/hive.nix @@ -59,4 +59,15 @@ in { ./hosts/orm/configuration.nix ]; }; + + kalessin = { name, nodes, ... }: { + networking.hostId = "534b538e"; + time.timeZone = "Etc/UTC"; + deployment.buildOnTarget = true; + + imports = [ + ./deployment/remote.nix + ./hosts/kalessin/configuration.nix + ]; + }; } diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/configuration.nix new file mode 100644 index 0000000..84c9f82 --- /dev/null +++ b/hosts/kalessin/configuration.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix new file mode 100644 index 0000000..53ff439 --- /dev/null +++ b/hosts/kalessin/hardware-configuration.nix @@ -0,0 +1,52 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_kalessin/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_kalessin/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_kalessin/var"; + fsType = "zfs"; + }; + + fileSystems."/data" = + { device = "rpool_kalessin/data"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2ADE-A033"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +} From 58a4c5ecc0b777de7b19ca236ecd3c0ad8770661 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 18 Aug 2024 13:31:32 +0100 Subject: [PATCH 128/438] kalessin: add to readme and allow overwriting profiles for remote builds --- README.md | 1 + hive.nix | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0b0fb40..e1c5faf 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil * `tohru`: Dell Latitude 5300, personal laptop * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network * `orm`: Oracle Cloud free AMD VM, currently idling +* `kalessin`: Oracle Cloud free ARM VM, currently idling ### Referenced only * `kilgharrah`: Custom-built personal desktop, currently running Arch diff --git a/hive.nix b/hive.nix index 23baf32..f6791d3 100644 --- a/hive.nix +++ b/hive.nix @@ -2,8 +2,8 @@ let sources = import ./npins; in { meta.nixpkgs = sources.nixpkgs; - defaults = { name, nodes, ... }: { - deployment.replaceUnknownProfiles = false; + defaults = { name, nodes, config, lib, pkgs, ... }: { + deployment.replaceUnknownProfiles = lib.mkDefault false; networking.hostName = name; nixpkgs.config = { @@ -63,7 +63,10 @@ in { kalessin = { name, nodes, ... }: { networking.hostId = "534b538e"; time.timeZone = "Etc/UTC"; - deployment.buildOnTarget = true; + deployment = { + buildOnTarget = true; + replaceUnknownProfiles = true; + }; imports = [ ./deployment/remote.nix From ac57c687244c5470d3080ca4af19bb40bfb7f11a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 18 Aug 2024 15:37:35 +0100 Subject: [PATCH 129/438] npins update --- npins/sources.json | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 2865bf3..340f30e 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -46,15 +46,15 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "7270c841614adb30d02e97cdb1a81e3757cef092", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/7270c841614adb30d02e97cdb1a81e3757cef092.tar.gz", - "hash": "0y86hbymlz41vmgs9h1f2lgyb8vlchvdrgrx1jpw9brfshnxy6d6" + "revision": "5ea2b85a16c2d4b3c847854e7c8c188f3e0c6db8", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/5ea2b85a16c2d4b3c847854e7c8c188f3e0c6db8.tar.gz", + "hash": "0192xjwzh1x9gmj6kwigd1zdpngx5qrnd2qbrc8xh5x0294qakgb" }, "nixpkgs": { "type": "Channel", "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3787.a781ff33ae25/nixexprs.tar.xz", - "hash": "1kjpxcxgf9nd6a18kdq5y2l379mb1rg57imxdx46rbl0aif7w12x" + "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3914.c3d4ac725177/nixexprs.tar.xz", + "hash": "1bs4sl01pbxp47sr3hny9mipfibazw1ch2b9cd6vygi501ickx9w" }, "nur": { "type": "Git", @@ -64,9 +64,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "a4f1c6cf98a629c082edc90fd84be7cc4525e244", - "url": "https://github.com/nix-community/NUR/archive/a4f1c6cf98a629c082edc90fd84be7cc4525e244.tar.gz", - "hash": "0c7j5px26vasr9r9xx4r4s7hkwfc31rcsqivn5cal0zwjyvbdg3z" + "revision": "6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa", + "url": "https://github.com/nix-community/NUR/archive/6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa.tar.gz", + "hash": "1w1n56p4hbq1zlz8hiw3169kxsw4cn5maahlk8vdzprs498f69kg" } }, "version": 3 From 9231431fa896269fc9fd319cf6aa8767b8535f2e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 18 Aug 2024 16:45:35 +0100 Subject: [PATCH 130/438] kalessin: remove /data dataset --- hosts/kalessin/hardware-configuration.nix | 5 ----- 1 file changed, 5 deletions(-) diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix index 53ff439..8e0fb17 100644 --- a/hosts/kalessin/hardware-configuration.nix +++ b/hosts/kalessin/hardware-configuration.nix @@ -28,11 +28,6 @@ fsType = "zfs"; }; - fileSystems."/data" = - { device = "rpool_kalessin/data"; - fsType = "zfs"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/2ADE-A033"; fsType = "vfat"; From b630349c6809aff827177e4acbaa206d1eff02b0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 20 Aug 2024 13:55:38 +0100 Subject: [PATCH 131/438] git: automatically --set-upstream for new branches --- home/git.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/git.nix b/home/git.nix index cc13d4a..c73f24e 100644 --- a/home/git.nix +++ b/home/git.nix @@ -9,6 +9,9 @@ init = { defaultBranch = "main"; }; + push = { + autoSetupRemote = true; + }; }; }; } From 60a9f5981684f2c2b72aac0e48e306bdf0e5e829 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 00:55:30 +0100 Subject: [PATCH 132/438] vscode: downgrade nix-vscode-extensions It turns out a typical cadence for breaking changes to the VS Code plugin API is every two or three months. What the fuck. Obviously this means it's not practical to pair nixos stable releases with the rolling-release model of nix-vscode-extensions. So, I'm downgrading nix-vscode-extensions to the commit that was live as of 24.05's freeze from nixpkgs master, and will just update it once every six months, unless something else breaks. --- npins/sources.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/npins/sources.json b/npins/sources.json index 340f30e..27d6de1 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -46,9 +46,9 @@ "repo": "nix-vscode-extensions" }, "branch": "master", - "revision": "5ea2b85a16c2d4b3c847854e7c8c188f3e0c6db8", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/5ea2b85a16c2d4b3c847854e7c8c188f3e0c6db8.tar.gz", - "hash": "0192xjwzh1x9gmj6kwigd1zdpngx5qrnd2qbrc8xh5x0294qakgb" + "revision": "27ce569a199d2da1a8483fe3d69dd41664da3a63", + "url": "https://github.com/nix-community/nix-vscode-extensions/archive/27ce569a199d2da1a8483fe3d69dd41664da3a63.tar.gz", + "hash": "1dpykmk4xmpvx9i8awd93h0g1q8ir2pwsisjzc7vc5f43lm7h86b" }, "nixpkgs": { "type": "Channel", From 6f17f6749325c6de198e528bd2d7d6ae049812a5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 18 Aug 2024 16:46:59 +0100 Subject: [PATCH 133/438] move to flake entrypoint --- flake.lock | 126 +++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 104 +++++++++++++++++++++++++++++++++++++ hive.nix | 76 --------------------------- npins/sources.json | 29 ----------- pinning.nix | 10 ---- 5 files changed, 230 insertions(+), 115 deletions(-) create mode 100644 flake.lock create mode 100644 flake.nix delete mode 100644 hive.nix delete mode 100644 pinning.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..5f61b87 --- /dev/null +++ b/flake.lock @@ -0,0 +1,126 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": [], + "home-manager": "home-manager", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "owner": "ryantm", + "repo": "agenix", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "birdsong": { + "locked": { + "lastModified": 1722971137, + "narHash": "sha256-1x0vaUy/uFCfoDn0a4K55+MNseAqLQmv1GPP6GQFFIA=", + "ref": "main", + "rev": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", + "revCount": 7, + "type": "git", + "url": "https://git.qenya.tel/qenya/birdsong" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.qenya.tel/qenya/birdsong" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720042825, + "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-24.05", + "repo": "home-manager", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1723688146, + "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "birdsong": "birdsong", + "home-manager": "home-manager_2", + "nixpkgs": "nixpkgs" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..a430069 --- /dev/null +++ b/flake.nix @@ -0,0 +1,104 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + + home-manager = { + url = "github:nix-community/home-manager/release-24.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + agenix = { + url = "github:ryantm/agenix?tag=0.15.0"; + inputs = { + nixpkgs.follows = "nixpkgs"; + darwin.follows = ""; + }; + }; + + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; + }; + + outputs = inputs@{ self, nixpkgs, home-manager, agenix, birdsong, ... }: { + colmena = { + meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + meta.nodeNixpkgs.kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow + + defaults = { name, nodes, config, lib, pkgs, ... }: { + deployment.replaceUnknownProfiles = lib.mkDefault false; + networking.hostName = name; + + nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake.source = nixpkgs; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + + nixpkgs.config = { + allowUnfree = true; + packageOverrides = pkgs: + let sources = import ./npins; + in { + agenix = (import sources.agenix { inherit pkgs; }).agenix; + nur = (import sources.nur { inherit pkgs; }); + vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture + }; + }; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; + + imports = [ + home-manager.nixosModules.home-manager + agenix.nixosModules.default + birdsong.nixosModules.default + ./common + ./services + ]; + }; + + tohru = { name, nodes, ... }: { + networking.hostId = "31da19c1"; + time.timeZone = "Europe/London"; + + imports = [ + ./deployment/local.nix + ./hosts/tohru/configuration.nix + ]; + }; + + yevaud = { name, nodes, ... }: { + networking.hostId = "09673d65"; + time.timeZone = "Etc/UTC"; + + imports = [ + ./deployment/remote.nix + ./hosts/yevaud/configuration.nix + ]; + }; + + orm = { name, nodes, ... }: { + networking.hostId = "00000000"; + time.timeZone = "Etc/UTC"; + + imports = [ + ./deployment/remote.nix + ./hosts/orm/configuration.nix + ]; + }; + + kalessin = { name, nodes, ... }: { + networking.hostId = "534b538e"; + time.timeZone = "Etc/UTC"; + deployment = { + buildOnTarget = true; + replaceUnknownProfiles = true; + }; + + imports = [ + ./deployment/remote.nix + ./hosts/kalessin/configuration.nix + ]; + }; + }; + }; +} diff --git a/hive.nix b/hive.nix deleted file mode 100644 index f6791d3..0000000 --- a/hive.nix +++ /dev/null @@ -1,76 +0,0 @@ -let sources = import ./npins; -in { - meta.nixpkgs = sources.nixpkgs; - - defaults = { name, nodes, config, lib, pkgs, ... }: { - deployment.replaceUnknownProfiles = lib.mkDefault false; - networking.hostName = name; - - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: { - agenix = (import sources.agenix { inherit pkgs; }).agenix; - nur = (import sources.nur { inherit pkgs; }); - vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture - }; - }; - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - }; - - imports = [ - (import "${sources.home-manager}/nixos") - (import "${sources.agenix}/modules/age.nix") - (import "${sources.birdsong}/module.nix") - ./pinning.nix - ./common - ./services - ]; - }; - - tohru = { name, nodes, ... }: { - networking.hostId = "31da19c1"; - time.timeZone = "Europe/London"; - - imports = [ - ./deployment/local.nix - ./hosts/tohru/configuration.nix - ]; - }; - - yevaud = { name, nodes, ... }: { - networking.hostId = "09673d65"; - time.timeZone = "Etc/UTC"; - - imports = [ - ./deployment/remote.nix - ./hosts/yevaud/configuration.nix - ]; - }; - - orm = { name, nodes, ... }: { - networking.hostId = "00000000"; - time.timeZone = "Etc/UTC"; - - imports = [ - ./deployment/remote.nix - ./hosts/orm/configuration.nix - ]; - }; - - kalessin = { name, nodes, ... }: { - networking.hostId = "534b538e"; - time.timeZone = "Etc/UTC"; - deployment = { - buildOnTarget = true; - replaceUnknownProfiles = true; - }; - - imports = [ - ./deployment/remote.nix - ./hosts/kalessin/configuration.nix - ]; - }; -} diff --git a/npins/sources.json b/npins/sources.json index 27d6de1..fc17a6d 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -15,29 +15,6 @@ "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" }, - "birdsong": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.qenya.tel/qenya/birdsong.git" - }, - "branch": "main", - "revision": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", - "url": null, - "hash": "100l0mjfikv3sjphjb9aw2qhvqz7p616px1rl2gm1f5z9iljy7fp" - }, - "home-manager": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "home-manager" - }, - "branch": "release-24.05", - "revision": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", - "url": "https://github.com/nix-community/home-manager/archive/e1391fb22e18a36f57e6999c7a9f966dc80ac073.tar.gz", - "hash": "0c83di08nhkzq0cwc3v7aax3x8y5m7qahyzxppinzwxi3r8fnjq3" - }, "nix-vscode-extensions": { "type": "Git", "repository": { @@ -50,12 +27,6 @@ "url": "https://github.com/nix-community/nix-vscode-extensions/archive/27ce569a199d2da1a8483fe3d69dd41664da3a63.tar.gz", "hash": "1dpykmk4xmpvx9i8awd93h0g1q8ir2pwsisjzc7vc5f43lm7h86b" }, - "nixpkgs": { - "type": "Channel", - "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.3914.c3d4ac725177/nixexprs.tar.xz", - "hash": "1bs4sl01pbxp47sr3hny9mipfibazw1ch2b9cd6vygi501ickx9w" - }, "nur": { "type": "Git", "repository": { diff --git a/pinning.nix b/pinning.nix deleted file mode 100644 index 9ac8584..0000000 --- a/pinning.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -let sources = import ./npins; -in { - # Make point systemwide to the pinned nixpkgs - # https://jade.fyi/blog/pinning-nixos-with-npins/ - nix.settings.experimental-features = "nix-command flakes"; - nixpkgs.flake.source = sources.nixpkgs; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; -} From 07c4e3e8b0ca405cbdb409ffc9c2243229fdbec4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 02:19:16 +0100 Subject: [PATCH 134/438] get agenix package from flake --- flake.nix | 2 +- npins/sources.json | 15 --------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/flake.nix b/flake.nix index a430069..2b0fddc 100644 --- a/flake.nix +++ b/flake.nix @@ -36,7 +36,7 @@ packageOverrides = pkgs: let sources = import ./npins; in { - agenix = (import sources.agenix { inherit pkgs; }).agenix; + agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; nur = (import sources.nur { inherit pkgs; }); vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture }; diff --git a/npins/sources.json b/npins/sources.json index fc17a6d..779ac9c 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,20 +1,5 @@ { "pins": { - "agenix": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "ryantm", - "repo": "agenix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "version": "0.15.0", - "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", - "url": "https://api.github.com/repos/ryantm/agenix/tarball/0.15.0", - "hash": "01dhrghwa7zw93cybvx4gnrskqk97b004nfxgsys0736823956la" - }, "nix-vscode-extensions": { "type": "Git", "repository": { From 1f4c275c984e07d5aee02dc500a73d07fcd786d9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 03:09:06 +0100 Subject: [PATCH 135/438] pin nix-vscode-extensions manually --- flake.nix | 1 - home/vscode.nix | 21 ++++++++++++++++----- npins/sources.json | 12 ------------ 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/flake.nix b/flake.nix index 2b0fddc..f079a70 100644 --- a/flake.nix +++ b/flake.nix @@ -38,7 +38,6 @@ in { agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; nur = (import sources.nur { inherit pkgs; }); - vscode-extensions = (import sources.nix-vscode-extensions).extensions.x86_64-linux; # TODO: This should check the host architecture }; }; diff --git a/home/vscode.nix b/home/vscode.nix index bb4c548..d081191 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -2,16 +2,27 @@ let inherit (lib) mkIf; + inherit (pkgs) fetchFromGitHub; + system = "x86_64-linux"; # TODO: This should check the host architecture + extensions = + (import (fetchFromGitHub { + # On a stable channel, do NOT keep this up-to-date! VS Code extensions + # have breaking changes more frequently than the NixOS release cadence. + owner = "nix-community"; + repo = "nix-vscode-extensions"; + rev = "27ce569a199d2da1a8483fe3d69dd41664da3a63"; + hash = "sha256-yyB4Kh3EFbYP+1JHza/IEeHwABypcYVi6vvWTmad/rY="; + })).extensions.${system}; in { programs.vscode = { enableExtensionUpdateCheck = false; enableUpdateCheck = false; package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - open-vsx.golang.go - open-vsx.jdinhlife.gruvbox - open-vsx.jnoortheen.nix-ide - open-vsx.ms-python.python + extensions = with extensions.open-vsx; [ + golang.go + jdinhlife.gruvbox + jnoortheen.nix-ide + ms-python.python ]; mutableExtensionsDir = false; userSettings = { diff --git a/npins/sources.json b/npins/sources.json index 779ac9c..7110f10 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -1,17 +1,5 @@ { "pins": { - "nix-vscode-extensions": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "nix-vscode-extensions" - }, - "branch": "master", - "revision": "27ce569a199d2da1a8483fe3d69dd41664da3a63", - "url": "https://github.com/nix-community/nix-vscode-extensions/archive/27ce569a199d2da1a8483fe3d69dd41664da3a63.tar.gz", - "hash": "1dpykmk4xmpvx9i8awd93h0g1q8ir2pwsisjzc7vc5f43lm7h86b" - }, "nur": { "type": "Git", "repository": { From 432bc051901ddfbbd058d39201958a7fc63b6a4a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 04:22:08 +0100 Subject: [PATCH 136/438] vscode: check host platform for extensions Closes #11 --- home/vscode.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/home/vscode.nix b/home/vscode.nix index d081191..80c4389 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -1,9 +1,9 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: let inherit (lib) mkIf; inherit (pkgs) fetchFromGitHub; - system = "x86_64-linux"; # TODO: This should check the host architecture + inherit (osConfig.nixpkgs.hostPlatform) system; extensions = (import (fetchFromGitHub { # On a stable channel, do NOT keep this up-to-date! VS Code extensions @@ -13,7 +13,8 @@ let rev = "27ce569a199d2da1a8483fe3d69dd41664da3a63"; hash = "sha256-yyB4Kh3EFbYP+1JHza/IEeHwABypcYVi6vvWTmad/rY="; })).extensions.${system}; -in { +in +{ programs.vscode = { enableExtensionUpdateCheck = false; enableUpdateCheck = false; From 2fcba2b35f632669f83d89c6525aa0ee28037c40 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 11:35:08 +0100 Subject: [PATCH 137/438] purify package overrides --- flake.nix | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index f079a70..0c04f89 100644 --- a/flake.nix +++ b/flake.nix @@ -34,10 +34,16 @@ nixpkgs.config = { allowUnfree = true; packageOverrides = pkgs: - let sources = import ./npins; - in { - agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - nur = (import sources.nur { inherit pkgs; }); + let + sources = import ./npins; + inherit (config.nixpkgs.hostPlatform) system; + in + { + agenix = agenix.packages.${system}.default; + nur = (import sources.nur { + nurpkgs = pkgs; + inherit pkgs; + }); }; }; From eb499ec8c13ba2c45c4fb2450de47b27e31bdb71 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 12:05:48 +0100 Subject: [PATCH 138/438] vscode: switch to extensions from nixpkgs --- home/vscode.nix | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/home/vscode.nix b/home/vscode.nix index 80c4389..0aebd75 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -2,24 +2,13 @@ let inherit (lib) mkIf; - inherit (pkgs) fetchFromGitHub; - inherit (osConfig.nixpkgs.hostPlatform) system; - extensions = - (import (fetchFromGitHub { - # On a stable channel, do NOT keep this up-to-date! VS Code extensions - # have breaking changes more frequently than the NixOS release cadence. - owner = "nix-community"; - repo = "nix-vscode-extensions"; - rev = "27ce569a199d2da1a8483fe3d69dd41664da3a63"; - hash = "sha256-yyB4Kh3EFbYP+1JHza/IEeHwABypcYVi6vvWTmad/rY="; - })).extensions.${system}; in { programs.vscode = { enableExtensionUpdateCheck = false; enableUpdateCheck = false; package = pkgs.vscodium; - extensions = with extensions.open-vsx; [ + extensions = with pkgs.vscode-extensions; [ golang.go jdinhlife.gruvbox jnoortheen.nix-ide From 6968e1b9556d66c8398508a41857f44450066098 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 13:28:56 +0100 Subject: [PATCH 139/438] flake update --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 5f61b87..8e6749e 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1723688146, - "narHash": "sha256-sqLwJcHYeWLOeP/XoLwAtYjr01TISlkOfz+NG82pbdg=", + "lastModified": 1724242322, + "narHash": "sha256-HMpK7hNjhEk4z5SFg5UtxEio9OWFocHdaQzCfW1pE7w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c3d4ac725177c030b1e289015989da2ad9d56af0", + "rev": "224042e9a3039291f22f4f2ded12af95a616cca0", "type": "github" }, "original": { From 84417c27daa4f17eef1bf145594ee50d440041de Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 Aug 2024 13:29:04 +0100 Subject: [PATCH 140/438] Update README.md --- README.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index e1c5faf..e4a39d7 100644 --- a/README.md +++ b/README.md @@ -29,14 +29,8 @@ To build the remote machines, run `colmena apply`. See the [colmena documentatio ### Updating -Run `npins update` to update the dependencies within the currently selected upgrade channels. +Run `nix flake update` to update evaluation-time dependencies. -To upgrade to a new major version of a dependency, simply re-add it and the old version will be overwritten, e.g.: +Run `npins update` to update build-time dependencies. -```sh -npins add --name nixpkgs channel nixos-unstable -``` - -In either case, commit the changes to `npins/sources.json`. - -See the [npins documentation](https://github.com/andir/npins) for more details. \ No newline at end of file +Commit changes to `flake.lock` and `npins/sources.json`. \ No newline at end of file From 43f85cf2c002ccac66c658589fa5b7243ed78c6d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 23 Aug 2024 12:58:11 +0100 Subject: [PATCH 141/438] git: rebase on pull by default --- home/git.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/home/git.nix b/home/git.nix index c73f24e..2101e64 100644 --- a/home/git.nix +++ b/home/git.nix @@ -6,12 +6,9 @@ userName = "Katherina Walshe-Grey"; userEmail = "git@qenya.tel"; extraConfig = { - init = { - defaultBranch = "main"; - }; - push = { - autoSetupRemote = true; - }; + init.defaultBranch = "main"; + pull.rebase = true; + push.autoSetupRemote = true; }; }; } From 6d83a0755633a51069f409dd653320d6d1327702 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 10:39:57 +0100 Subject: [PATCH 142/438] vscode: install eslint extension --- home/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/vscode.nix b/home/vscode.nix index 0aebd75..b36c0e5 100644 --- a/home/vscode.nix +++ b/home/vscode.nix @@ -9,6 +9,7 @@ in enableUpdateCheck = false; package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ + dbaeumer.vscode-eslint golang.go jdinhlife.gruvbox jnoortheen.nix-ide From b4b879a87bf8e6363e9a7b7b70b16ba477fb44d8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 11:47:12 +0100 Subject: [PATCH 143/438] entirely migrate from npins to flake inputs --- README.md | 6 +--- common/environment.nix | 1 - flake.lock | 18 +++++++++- flake.nix | 26 +++++++------- npins/default.nix | 80 ------------------------------------------ npins/sources.json | 17 --------- 6 files changed, 30 insertions(+), 118 deletions(-) delete mode 100644 npins/default.nix delete mode 100644 npins/sources.json diff --git a/README.md b/README.md index e4a39d7..bed7956 100644 --- a/README.md +++ b/README.md @@ -29,8 +29,4 @@ To build the remote machines, run `colmena apply`. See the [colmena documentatio ### Updating -Run `nix flake update` to update evaluation-time dependencies. - -Run `npins update` to update build-time dependencies. - -Commit changes to `flake.lock` and `npins/sources.json`. \ No newline at end of file +`nix flake update --commit-lock-file` \ No newline at end of file diff --git a/common/environment.nix b/common/environment.nix index 857dce4..433a2a9 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -14,7 +14,6 @@ netcat # <3 # used for nix config - npins colmena agenix ]; diff --git a/flake.lock b/flake.lock index 8e6749e..0c14db5 100644 --- a/flake.lock +++ b/flake.lock @@ -97,12 +97,28 @@ "type": "github" } }, + "nur": { + "locked": { + "lastModified": 1724921284, + "narHash": "sha256-mHV9kKOufZMjHSaL+uQ71UfrNqFd50THiNWesfBf9Kk=", + "owner": "nix-community", + "repo": "NUR", + "rev": "0891674223deb1262d8a96a46598fca0840c8271", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "birdsong": "birdsong", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "nur": "nur" } }, "systems": { diff --git a/flake.nix b/flake.nix index 0c04f89..a262ee5 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + nur.url = "github:nix-community/NUR"; + agenix = { url = "github:ryantm/agenix?tag=0.15.0"; inputs = { @@ -18,7 +20,7 @@ birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, home-manager, agenix, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, home-manager, nur, agenix, birdsong, ... }: { colmena = { meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; meta.nodeNixpkgs.kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow @@ -31,20 +33,15 @@ nixpkgs.flake.source = nixpkgs; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; - nixpkgs.config = { - allowUnfree = true; - packageOverrides = pkgs: - let - sources = import ./npins; - inherit (config.nixpkgs.hostPlatform) system; - in - { - agenix = agenix.packages.${system}.default; - nur = (import sources.nur { - nurpkgs = pkgs; - inherit pkgs; - }); + nixpkgs = { + config = { + allowUnfree = true; + packageOverrides = pkgs: { + agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; }; + }; + + overlays = [ nur.overlay ]; }; home-manager = { @@ -54,6 +51,7 @@ imports = [ home-manager.nixosModules.home-manager + nur.nixosModules.nur agenix.nixosModules.default birdsong.nixosModules.default ./common diff --git a/npins/default.nix b/npins/default.nix deleted file mode 100644 index 5e7d086..0000000 --- a/npins/default.nix +++ /dev/null @@ -1,80 +0,0 @@ -# Generated by npins. Do not modify; will be overwritten regularly -let - data = builtins.fromJSON (builtins.readFile ./sources.json); - version = data.version; - - mkSource = - spec: - assert spec ? type; - let - path = - if spec.type == "Git" then - mkGitSource spec - else if spec.type == "GitRelease" then - mkGitSource spec - else if spec.type == "PyPi" then - mkPyPiSource spec - else if spec.type == "Channel" then - mkChannelSource spec - else - builtins.throw "Unknown source type ${spec.type}"; - in - spec // { outPath = path; }; - - mkGitSource = - { - repository, - revision, - url ? null, - hash, - branch ? null, - ... - }: - assert repository ? type; - # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository - # In the latter case, there we will always be an url to the tarball - if url != null then - (builtins.fetchTarball { - inherit url; - sha256 = hash; # FIXME: check nix version & use SRI hashes - }) - else - assert repository.type == "Git"; - let - urlToName = - url: rev: - let - matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url; - - short = builtins.substring 0 7 rev; - - appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; - in - "${if matched == null then "source" else builtins.head matched}${appendShort}"; - name = urlToName repository.url revision; - in - builtins.fetchGit { - url = repository.url; - rev = revision; - inherit name; - # hash = hash; - }; - - mkPyPiSource = - { url, hash, ... }: - builtins.fetchurl { - inherit url; - sha256 = hash; - }; - - mkChannelSource = - { url, hash, ... }: - builtins.fetchTarball { - inherit url; - sha256 = hash; - }; -in -if version == 3 then - builtins.mapAttrs (_: mkSource) data.pins -else - throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json deleted file mode 100644 index 7110f10..0000000 --- a/npins/sources.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "pins": { - "nur": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "NUR" - }, - "branch": "master", - "revision": "6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa", - "url": "https://github.com/nix-community/NUR/archive/6cbb9fb9c5d55fa2af9a5b0d3185d56c90ad62aa.tar.gz", - "hash": "1w1n56p4hbq1zlz8hiw3169kxsw4cn5maahlk8vdzprs498f69kg" - } - }, - "version": 3 -} \ No newline at end of file From 8076f917382246acfcb564ec4e643bf6972fdc0e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 16:00:50 +0100 Subject: [PATCH 144/438] sysadmin: init, replacing deployment directory --- common/default.nix | 1 + common/sysadmin/default.nix | 16 ++++++++++++++++ deployment/local.nix | 9 --------- deployment/remote.nix | 12 ------------ flake.nix | 21 +++++++++++++-------- hosts/kalessin/configuration.nix | 2 ++ hosts/orm/configuration.nix | 2 ++ hosts/yevaud/configuration.nix | 2 ++ 8 files changed, 36 insertions(+), 29 deletions(-) create mode 100644 common/sysadmin/default.nix delete mode 100644 deployment/local.nix delete mode 100644 deployment/remote.nix diff --git a/common/default.nix b/common/default.nix index 1f4547d..6465876 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./sysadmin ./users ./environment.nix ./nginx.nix diff --git a/common/sysadmin/default.nix b/common/sysadmin/default.nix new file mode 100644 index 0000000..5e0cdc0 --- /dev/null +++ b/common/sysadmin/default.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.sysadmin; +in +{ + options.qenya.sysadmin.enable = mkEnableOption "Base configuration for headless servers"; + + config = mkIf cfg.enable { + # Allow remote deployment with colmena + deployment.targetUser = null; + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + }; +} diff --git a/deployment/local.nix b/deployment/local.nix deleted file mode 100644 index 752e9ce..0000000 --- a/deployment/local.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ name, nodes, config, lib, pkgs, ... }: - -{ - deployment = { - allowLocalDeployment = true; - targetHost = null; - tags = [ "local" ]; - }; -} diff --git a/deployment/remote.nix b/deployment/remote.nix deleted file mode 100644 index 022ff5e..0000000 --- a/deployment/remote.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ name, nodes, config, lib, pkgs, ... }: - -{ - deployment = { - targetHost = "${name}.birdsong.network"; - targetUser = "qenya"; - tags = [ "remote" ]; - }; - - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; -} diff --git a/flake.nix b/flake.nix index a262ee5..c86693f 100644 --- a/flake.nix +++ b/flake.nix @@ -22,11 +22,14 @@ outputs = inputs@{ self, nixpkgs, home-manager, nur, agenix, birdsong, ... }: { colmena = { - meta.nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - meta.nodeNixpkgs.kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow + meta = { + nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + nodeNixpkgs = { + kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow + }; + }; defaults = { name, nodes, config, lib, pkgs, ... }: { - deployment.replaceUnknownProfiles = lib.mkDefault false; networking.hostName = name; nix.settings.experimental-features = "nix-command flakes"; @@ -62,9 +65,12 @@ tohru = { name, nodes, ... }: { networking.hostId = "31da19c1"; time.timeZone = "Europe/London"; + deployment = { + allowLocalDeployment = true; + targetHost = null; # disallow remote deployment + }; imports = [ - ./deployment/local.nix ./hosts/tohru/configuration.nix ]; }; @@ -72,9 +78,9 @@ yevaud = { name, nodes, ... }: { networking.hostId = "09673d65"; time.timeZone = "Etc/UTC"; + deployment.targetHost = "yevaud.birdsong.network"; imports = [ - ./deployment/remote.nix ./hosts/yevaud/configuration.nix ]; }; @@ -82,9 +88,9 @@ orm = { name, nodes, ... }: { networking.hostId = "00000000"; time.timeZone = "Etc/UTC"; + deployment.targetHost = "orm.birdsong.network"; imports = [ - ./deployment/remote.nix ./hosts/orm/configuration.nix ]; }; @@ -93,12 +99,11 @@ networking.hostId = "534b538e"; time.timeZone = "Etc/UTC"; deployment = { + targetHost = "kalessin.birdsong.network"; buildOnTarget = true; - replaceUnknownProfiles = true; }; imports = [ - ./deployment/remote.nix ./hosts/kalessin/configuration.nix ]; }; diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/configuration.nix index 84c9f82..238ddb9 100644 --- a/hosts/kalessin/configuration.nix +++ b/hosts/kalessin/configuration.nix @@ -7,6 +7,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + + qenya.sysadmin.enable = true; system.stateVersion = "23.11"; } diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index 1403b3d..d33d4e6 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -7,6 +7,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + + qenya.sysadmin.enable = true; age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 0c21462..d8d11aa 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -7,6 +7,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + + qenya.sysadmin.enable = true; age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; From f5191640f57e92759bd8d40283dd288cadf96e24 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 17:55:30 +0100 Subject: [PATCH 145/438] home-manager: move all config together, allow for multiple users --- common/default.nix | 1 + common/home-manager.nix | 18 ++++++++++++++++++ common/users/qenya.nix | 8 -------- flake.nix | 5 ----- home/{ => qenya}/cli.nix | 0 home/{ => qenya}/dconf/appearance.nix | 0 home/{ => qenya}/dconf/background-image.jpg | Bin home/{ => qenya}/dconf/default.nix | 0 home/{ => qenya}/dconf/keyboard.nix | 0 home/{ => qenya}/default.nix | 0 home/{ => qenya}/git.nix | 0 home/{ => qenya}/tmux.nix | 0 home/{ => qenya}/vscode.nix | 0 home/{ => qenya}/zsh.nix | 0 14 files changed, 19 insertions(+), 13 deletions(-) create mode 100644 common/home-manager.nix rename home/{ => qenya}/cli.nix (100%) rename home/{ => qenya}/dconf/appearance.nix (100%) rename home/{ => qenya}/dconf/background-image.jpg (100%) rename home/{ => qenya}/dconf/default.nix (100%) rename home/{ => qenya}/dconf/keyboard.nix (100%) rename home/{ => qenya}/default.nix (100%) rename home/{ => qenya}/git.nix (100%) rename home/{ => qenya}/tmux.nix (100%) rename home/{ => qenya}/vscode.nix (100%) rename home/{ => qenya}/zsh.nix (100%) diff --git a/common/default.nix b/common/default.nix index 6465876..2430901 100644 --- a/common/default.nix +++ b/common/default.nix @@ -3,6 +3,7 @@ ./sysadmin ./users ./environment.nix + ./home-manager.nix ./nginx.nix ./openssh.nix ./security.nix diff --git a/common/home-manager.nix b/common/home-manager.nix new file mode 100644 index 0000000..6740dbc --- /dev/null +++ b/common/home-manager.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +{ + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + + users = { + qenya = { config, lib, pkgs, osConfig, ... }: { + home.homeDirectory = osConfig.users.users.qenya.home; + + imports = [ + ../home/qenya + ]; + }; + }; + }; +} diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 00f35af..14b0458 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -14,12 +14,4 @@ in { openssh.authorizedKeys.keys = keys.users.qenya; uid = 1001; }; - - home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; - - imports = [ - ../../home - ]; - }; } diff --git a/flake.nix b/flake.nix index c86693f..68f65da 100644 --- a/flake.nix +++ b/flake.nix @@ -47,11 +47,6 @@ overlays = [ nur.overlay ]; }; - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - }; - imports = [ home-manager.nixosModules.home-manager nur.nixosModules.nur diff --git a/home/cli.nix b/home/qenya/cli.nix similarity index 100% rename from home/cli.nix rename to home/qenya/cli.nix diff --git a/home/dconf/appearance.nix b/home/qenya/dconf/appearance.nix similarity index 100% rename from home/dconf/appearance.nix rename to home/qenya/dconf/appearance.nix diff --git a/home/dconf/background-image.jpg b/home/qenya/dconf/background-image.jpg similarity index 100% rename from home/dconf/background-image.jpg rename to home/qenya/dconf/background-image.jpg diff --git a/home/dconf/default.nix b/home/qenya/dconf/default.nix similarity index 100% rename from home/dconf/default.nix rename to home/qenya/dconf/default.nix diff --git a/home/dconf/keyboard.nix b/home/qenya/dconf/keyboard.nix similarity index 100% rename from home/dconf/keyboard.nix rename to home/qenya/dconf/keyboard.nix diff --git a/home/default.nix b/home/qenya/default.nix similarity index 100% rename from home/default.nix rename to home/qenya/default.nix diff --git a/home/git.nix b/home/qenya/git.nix similarity index 100% rename from home/git.nix rename to home/qenya/git.nix diff --git a/home/tmux.nix b/home/qenya/tmux.nix similarity index 100% rename from home/tmux.nix rename to home/qenya/tmux.nix diff --git a/home/vscode.nix b/home/qenya/vscode.nix similarity index 100% rename from home/vscode.nix rename to home/qenya/vscode.nix diff --git a/home/zsh.nix b/home/qenya/zsh.nix similarity index 100% rename from home/zsh.nix rename to home/qenya/zsh.nix From 66cc74e38839b0831d7613e8494cfa4a0dd16e62 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 17:56:13 +0100 Subject: [PATCH 146/438] users: define extraGroups per-host --- common/users/qenya.nix | 5 ----- hosts/kalessin/configuration.nix | 3 ++- hosts/orm/configuration.nix | 1 + hosts/tohru/configuration.nix | 6 ++++++ hosts/yevaud/configuration.nix | 4 +++- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 14b0458..127d6cc 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -5,11 +5,6 @@ in { users.users.qenya = { isNormalUser = true; home = "/home/qenya"; - extraGroups = [ - "wheel" # sudo - "networkmanager" # UI wifi configuration - "dialout" # access to serial ports - ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = keys.users.qenya; uid = 1001; diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/configuration.nix index 238ddb9..4e2ddea 100644 --- a/hosts/kalessin/configuration.nix +++ b/hosts/kalessin/configuration.nix @@ -7,7 +7,8 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - + + users.users.qenya.extraGroups = [ "wheel" ]; qenya.sysadmin.enable = true; system.stateVersion = "23.11"; diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index d33d4e6..e0cbe89 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -8,6 +8,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + users.users.qenya.extraGroups = [ "wheel" ]; qenya.sysadmin.enable = true; age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index bc9f644..ff3a1a5 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -43,6 +43,12 @@ sound.enable = true; hardware.pulseaudio.enable = true; + users.users.qenya.extraGroups = [ + "wheel" # sudo + "networkmanager" # UI wifi configuration + "dialout" # access to serial ports + ]; + # USB drives boot.supportedFilesystems = [ "ntfs" ]; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index d8d11aa..13b70b3 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -7,7 +7,9 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - + + users.users.qenya.extraGroups = [ "wheel" ]; + qenya.sysadmin.enable = true; age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; From 766aa146df9b7a554f5175a9c089f8e0016754a8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 18:27:43 +0100 Subject: [PATCH 147/438] users: change to immutable users --- common/users/default.nix | 4 +++- hosts/tohru/configuration.nix | 2 ++ secrets.nix | 1 + secrets/user-password-tohru-qenya.age | Bin 0 -> 396 bytes 4 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 secrets/user-password-tohru-qenya.age diff --git a/common/users/default.nix b/common/users/default.nix index 620c824..9e58dba 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -4,4 +4,6 @@ ./randomcat.nix ./richard.nix ]; -} \ No newline at end of file + + users.mutableUsers = false; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index ff3a1a5..f248b63 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -43,6 +43,8 @@ sound.enable = true; hardware.pulseaudio.enable = true; + age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ "wheel" # sudo "networkmanager" # UI wifi configuration diff --git a/secrets.nix b/secrets.nix index e6dd703..1eadd47 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,6 +4,7 @@ let commonKeys = keys.users.qenya; secrets = with keys; { + user-password-tohru-qenya = [ machines.tohru ]; wireguard-peer-orm = [ machines.orm ]; wireguard-peer-tohru = [ machines.tohru ]; wireguard-peer-yevaud = [ machines.yevaud ]; diff --git a/secrets/user-password-tohru-qenya.age b/secrets/user-password-tohru-qenya.age new file mode 100644 index 0000000000000000000000000000000000000000..7075ed4f5de7f1dac436ddd5aaf22f9e8f5cc756 GIT binary patch literal 396 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyjH(LHNms}-vNTOh zvkVFMFZZ%c%n!& zs0xWN(+=>-vGj5`^vgCbv-B|abu4uE_Rvn&cSX0&(!jver(D6O$Rf(EtRTrV-^tq~ z!_=$NxzwW4JUk`Ku(HswC?%^T-QUx>Dmhi#*q1A@INa4QJtI}yG`rX*%qT59BuhWn zJ*gl$$k5e4McXahGbAWHsW>>$CzMN9S6891Ft^Odr^Le~ILIhHHL5JFz|b+$$i+Q4 zF~Td-BrQ8UAhOUiAjiqHESan21=r^*vnMi`7U>v!GQ9tGphPZB>~{Q?aF=;O(-zwv zdSx#Ed8K#;x00H~H>acF#y8hI+}-&1-8I4cf*-%LI7~M={yS0h75Dy_YS#I>8{W4^ f{LZahzvaWt?l&%lf%2k Date: Thu, 29 Aug 2024 18:37:37 +0100 Subject: [PATCH 148/438] tohru: install zoom-us --- hosts/tohru/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 20526df..4fdeb48 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -16,6 +16,7 @@ jellyfin-media-player keepassxc tor-browser-bundle-bin + zoom-us # libreoffice libreoffice From 4ed696e5b1eee165bd1d00e3d66c9e736a4c8498 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 19:26:57 +0100 Subject: [PATCH 149/438] sysadmin: specify UTC timezone --- common/sysadmin/default.nix | 2 ++ flake.nix | 4 ---- hosts/tohru/configuration.nix | 3 ++- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/common/sysadmin/default.nix b/common/sysadmin/default.nix index 5e0cdc0..3709583 100644 --- a/common/sysadmin/default.nix +++ b/common/sysadmin/default.nix @@ -8,6 +8,8 @@ in options.qenya.sysadmin.enable = mkEnableOption "Base configuration for headless servers"; config = mkIf cfg.enable { + time.timeZone = "Etc/UTC"; + # Allow remote deployment with colmena deployment.targetUser = null; security.sudo.wheelNeedsPassword = false; diff --git a/flake.nix b/flake.nix index 68f65da..9b8c1a5 100644 --- a/flake.nix +++ b/flake.nix @@ -59,7 +59,6 @@ tohru = { name, nodes, ... }: { networking.hostId = "31da19c1"; - time.timeZone = "Europe/London"; deployment = { allowLocalDeployment = true; targetHost = null; # disallow remote deployment @@ -72,7 +71,6 @@ yevaud = { name, nodes, ... }: { networking.hostId = "09673d65"; - time.timeZone = "Etc/UTC"; deployment.targetHost = "yevaud.birdsong.network"; imports = [ @@ -82,7 +80,6 @@ orm = { name, nodes, ... }: { networking.hostId = "00000000"; - time.timeZone = "Etc/UTC"; deployment.targetHost = "orm.birdsong.network"; imports = [ @@ -92,7 +89,6 @@ kalessin = { name, nodes, ... }: { networking.hostId = "534b538e"; - time.timeZone = "Etc/UTC"; deployment = { targetHost = "kalessin.birdsong.network"; buildOnTarget = true; diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/configuration.nix index f248b63..73c578c 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/configuration.nix @@ -11,7 +11,6 @@ boot.loader.systemd-boot.editor = false; age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; @@ -30,6 +29,8 @@ networking.networkmanager.enable = true; + time.timeZone = "Europe/London"; + i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; From 4c07feb21a4f27bd375b15566caf8c2b5c053419 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 19:27:30 +0100 Subject: [PATCH 150/438] nixpkgs: init config as separate file --- common/default.nix | 1 + common/nixpkgs.nix | 14 ++++++++++++++ flake.nix | 18 ++++-------------- 3 files changed, 19 insertions(+), 14 deletions(-) create mode 100644 common/nixpkgs.nix diff --git a/common/default.nix b/common/default.nix index 2430901..70050d0 100644 --- a/common/default.nix +++ b/common/default.nix @@ -5,6 +5,7 @@ ./environment.nix ./home-manager.nix ./nginx.nix + ./nixpkgs.nix ./openssh.nix ./security.nix ./zsh.nix diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix new file mode 100644 index 0000000..b11cac9 --- /dev/null +++ b/common/nixpkgs.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + nixpkgs = { + config = { + allowUnfree = true; + packageOverrides = pkgs: { + agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; + }; + }; + + overlays = [ inputs.nur.overlay ]; + }; +} diff --git a/flake.nix b/flake.nix index 9b8c1a5..3ca3ae6 100644 --- a/flake.nix +++ b/flake.nix @@ -27,25 +27,15 @@ nodeNixpkgs = { kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow }; + specialArgs = { + inherit inputs; + }; }; - defaults = { name, nodes, config, lib, pkgs, ... }: { + defaults = { name, nodes, ... }: { networking.hostName = name; nix.settings.experimental-features = "nix-command flakes"; - nixpkgs.flake.source = nixpkgs; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; - - nixpkgs = { - config = { - allowUnfree = true; - packageOverrides = pkgs: { - agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - }; - }; - - overlays = [ nur.overlay ]; - }; imports = [ home-manager.nixosModules.home-manager From 12a4c206256372ae97dad16639f060f255ad0d3b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 19:58:13 +0100 Subject: [PATCH 151/438] qenya: vscode: add gitlens --- home/qenya/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index b36c0e5..cff4e5d 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -10,6 +10,7 @@ in package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ dbaeumer.vscode-eslint + eamodio.gitlens golang.go jdinhlife.gruvbox jnoortheen.nix-ide From 444c69edd3892d37ebe4c5ef0b0996c16b068376 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 Aug 2024 19:59:13 +0100 Subject: [PATCH 152/438] zsh: condition on user qenya being present --- common/default.nix | 1 - common/users/qenya.nix | 2 ++ common/zsh.nix | 5 ----- 3 files changed, 2 insertions(+), 6 deletions(-) delete mode 100644 common/zsh.nix diff --git a/common/default.nix b/common/default.nix index 70050d0..bc3cc10 100644 --- a/common/default.nix +++ b/common/default.nix @@ -8,6 +8,5 @@ ./nixpkgs.nix ./openssh.nix ./security.nix - ./zsh.nix ]; } \ No newline at end of file diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 127d6cc..e9d11ad 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -9,4 +9,6 @@ in { openssh.authorizedKeys.keys = keys.users.qenya; uid = 1001; }; + + programs.zsh.enable = true; } diff --git a/common/zsh.nix b/common/zsh.nix deleted file mode 100644 index 228a5cd..0000000 --- a/common/zsh.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ config, lib, pkgs,... }: - -{ - programs.zsh.enable = true; -} From d112e705f1ebda198b05d52a49c28dbf96d2fb13 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 30 Aug 2024 18:22:13 +0100 Subject: [PATCH 153/438] tohru: rearrange and split up configuration --- flake.nix | 12 +-- hosts/tohru/boot.nix | 14 ++++ .../tohru/{configuration.nix => default.nix} | 49 +++++------- hosts/tohru/filesystems.nix | 49 ++++++++++++ hosts/tohru/hardware-configuration.nix | 76 ------------------- hosts/tohru/hardware.nix | 9 +++ hosts/tohru/networking.nix | 12 +++ 7 files changed, 103 insertions(+), 118 deletions(-) create mode 100644 hosts/tohru/boot.nix rename hosts/tohru/{configuration.nix => default.nix} (55%) create mode 100644 hosts/tohru/filesystems.nix delete mode 100644 hosts/tohru/hardware-configuration.nix create mode 100644 hosts/tohru/hardware.nix create mode 100644 hosts/tohru/networking.nix diff --git a/flake.nix b/flake.nix index 3ca3ae6..10207a8 100644 --- a/flake.nix +++ b/flake.nix @@ -47,17 +47,7 @@ ]; }; - tohru = { name, nodes, ... }: { - networking.hostId = "31da19c1"; - deployment = { - allowLocalDeployment = true; - targetHost = null; # disallow remote deployment - }; - - imports = [ - ./hosts/tohru/configuration.nix - ]; - }; + tohru.imports = [ ./hosts/tohru ]; yevaud = { name, nodes, ... }: { networking.hostId = "09673d65"; diff --git a/hosts/tohru/boot.nix b/hosts/tohru/boot.nix new file mode 100644 index 0000000..5f9d144 --- /dev/null +++ b/hosts/tohru/boot.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.editor = false; + loader.efi.canTouchEfiVariables = true; + + initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; + kernelModules = [ "kvm-intel" ]; + + supportedFilesystems = [ "ntfs" ]; # for USB drives + }; +} diff --git a/hosts/tohru/configuration.nix b/hosts/tohru/default.nix similarity index 55% rename from hosts/tohru/configuration.nix rename to hosts/tohru/default.nix index 73c578c..cf28ca3 100644 --- a/hosts/tohru/configuration.nix +++ b/hosts/tohru/default.nix @@ -2,33 +2,22 @@ { imports = [ - ./hardware-configuration.nix + ./boot.nix + ./filesystems.nix + ./hardware.nix + ./networking.nix + ./syncthing.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.editor = false; + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostId = "31da19c1"; - age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - persistentKeepalive = 23; + deployment = { + allowLocalDeployment = true; + targetHost = null; # disallow remote deployment }; - programs.evolution.enable = true; - qenya.services.fonts.enable = true; - qenya.services.steam.enable = true; - - home-manager.users.qenya = { pkgs, ... }: { - imports = [ - ./home.nix - ]; - }; - - networking.networkmanager.enable = true; - time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; @@ -43,6 +32,10 @@ sound.enable = true; hardware.pulseaudio.enable = true; + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; @@ -51,17 +44,11 @@ "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; + home-manager.users.qenya.imports = [ ./home.nix ]; - # USB drives - boot.supportedFilesystems = [ "ntfs" ]; - - hardware.enableAllFirmware = true; - services.fwupd.enable = true; - services.fstrim.enable = true; - - boot.initrd.luks.devices = { - "rpool".device = "/dev/nvme0n1p2"; - }; + programs.evolution.enable = true; + qenya.services.fonts.enable = true; + qenya.services.steam.enable = true; system.stateVersion = "23.11"; } diff --git a/hosts/tohru/filesystems.nix b/hosts/tohru/filesystems.nix new file mode 100644 index 0000000..e60965e --- /dev/null +++ b/hosts/tohru/filesystems.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "rpool".device = "/dev/nvme0n1p2"; + }; + + fileSystems = { + "/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + "/nix" = { + device = "rpool/nix"; + fsType = "zfs"; + }; + "/var" = { + device = "rpool/var"; + fsType = "zfs"; + }; + "/config" = { + device = "rpool/config"; + fsType = "zfs"; + }; + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + "/data" = { + device = "rpool/data"; + fsType = "zfs"; + }; + "/data/syncthing" = { + device = "rpool/data/syncthing"; + fsType = "zfs"; + }; + "/data/steam" = { + device = "rpool/data/steam"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7DD4-487E"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; }]; +} diff --git a/hosts/tohru/hardware-configuration.nix b/hosts/tohru/hardware-configuration.nix deleted file mode 100644 index 71a4dee..0000000 --- a/hosts/tohru/hardware-configuration.nix +++ /dev/null @@ -1,76 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "rpool/root"; - fsType = "zfs"; - }; - - fileSystems."/nix" = - { device = "rpool/nix"; - fsType = "zfs"; - }; - - fileSystems."/var" = - { device = "rpool/var"; - fsType = "zfs"; - }; - - fileSystems."/config" = - { device = "rpool/config"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/data" = - { device = "rpool/data"; - fsType = "zfs"; - }; - - fileSystems."/data/syncthing" = - { device = "rpool/data/syncthing"; - fsType = "zfs"; - }; - - fileSystems."/data/steam" = - { device = "rpool/data/steam"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7DD4-487E"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/a066313e-2467-4e07-ad0c-aeb7ff3f8d97"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.eno2.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/tohru/hardware.nix b/hosts/tohru/hardware.nix new file mode 100644 index 0000000..c4880a5 --- /dev/null +++ b/hosts/tohru/hardware.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; + services.fstrim.enable = true; +} + diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix new file mode 100644 index 0000000..18cee0a --- /dev/null +++ b/hosts/tohru/networking.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + networking.networkmanager.enable = true; + + age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; + birdsong.peering = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; + persistentKeepalive = 23; + }; +} From 5e756c82e7b2eeb2306f56e72c87f64b5e30a058 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 19:14:04 +0100 Subject: [PATCH 154/438] kilgharrah: init --- README.md | 2 +- flake.nix | 1 + hosts/kilgharrah/default.nix | 65 +++++++++++++++ hosts/kilgharrah/hardware-configuration.nix | 90 +++++++++++++++++++++ keys.nix | 1 + secrets.nix | 1 + secrets/user-password-kilgharrah-qenya.age | 7 ++ 7 files changed, 166 insertions(+), 1 deletion(-) create mode 100644 hosts/kilgharrah/default.nix create mode 100644 hosts/kilgharrah/hardware-configuration.nix create mode 100644 secrets/user-password-kilgharrah-qenya.age diff --git a/README.md b/README.md index bed7956..81bbe1f 100644 --- a/README.md +++ b/README.md @@ -7,13 +7,13 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ## Machines ### Managed +* `kilgharrah`: Custom-built personal desktop * `tohru`: Dell Latitude 5300, personal laptop * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network * `orm`: Oracle Cloud free AMD VM, currently idling * `kalessin`: Oracle Cloud free ARM VM, currently idling ### Referenced only -* `kilgharrah`: Custom-built personal desktop, currently running Arch * `shaw`: [My girlfriend's NAS](https://github.com/randomnetcat/nix-configs/tree/main/hosts/shaw) * `latias`: My Steam Deck diff --git a/flake.nix b/flake.nix index 10207a8..de114b3 100644 --- a/flake.nix +++ b/flake.nix @@ -47,6 +47,7 @@ ]; }; + kilgharrah.imports = [ ./hosts/kilgharrah ] ; tohru.imports = [ ./hosts/tohru ]; yevaud = { name, nodes, ... }: { diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix new file mode 100644 index 0000000..6aa033a --- /dev/null +++ b/hosts/kilgharrah/default.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostId = "72885bb5"; + + deployment = { + allowLocalDeployment = true; + # temporarily allow remote deployment for bootstrapping + targetHost = "192.168.2.1"; + targetUser = null; + }; + security.sudo.wheelNeedsPassword = false; + nix.settings.trusted-users = [ "@wheel" ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "kilgharrah"; # Define your hostname. + + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + time.timeZone = "Europe/London"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + + services.xserver.enable = true; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.xserver.desktopManager.plasma6.enable = true; + services.xserver.xkb.layout = "gb"; + + services.printing.enable = true; + + sound.enable = true; + hardware.pulseaudio.enable = true; + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; + users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; + users.users.qenya.extraGroups = [ + "wheel" + "networkmanager" + ]; + home-manager.users.qenya = { + programs.vscode.enable = true; + }; + + system.stateVersion = "24.05"; # Did you read the comment? + +} \ No newline at end of file diff --git a/hosts/kilgharrah/hardware-configuration.nix b/hosts/kilgharrah/hardware-configuration.nix new file mode 100644 index 0000000..6610f2c --- /dev/null +++ b/hosts/kilgharrah/hardware-configuration.nix @@ -0,0 +1,90 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" ]; + }; + + boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/swap" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@swap" "noatime" ]; + }; + + fileSystems."/root" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress=zstd" ]; + }; + + fileSystems."/srv" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@srv" "compress=zstd" ]; + }; + + fileSystems."/var/cache" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@cache" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/tmp" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@tmp" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/log" = + { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@log" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9582-E78D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file diff --git a/keys.nix b/keys.nix index de1a65d..3cf0874 100644 --- a/keys.nix +++ b/keys.nix @@ -1,5 +1,6 @@ { machines = { + kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; diff --git a/secrets.nix b/secrets.nix index 1eadd47..d59c4e7 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,6 +4,7 @@ let commonKeys = keys.users.qenya; secrets = with keys; { + user-password-kilgharrah-qenya = [ machines.kilgharrah ]; user-password-tohru-qenya = [ machines.tohru ]; wireguard-peer-orm = [ machines.orm ]; wireguard-peer-tohru = [ machines.tohru ]; diff --git a/secrets/user-password-kilgharrah-qenya.age b/secrets/user-password-kilgharrah-qenya.age new file mode 100644 index 0000000..529ae97 --- /dev/null +++ b/secrets/user-password-kilgharrah-qenya.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 5PK5ag +ZmALd7qHkzBvgPEcrUac7J7xNYDS9c8N4bXOZAY8Ro +nH+9SmV2dVpnMxaI2P2sEx2JYEjo6uW1gs4au2CTlWg +-> ssh-ed25519 900ILw 4QNlf4uaXZnOQjGMV52Cp708rPmQ30Ri3KSQ5rEJiHE +llXXoqd/q6QR/hc3cyV+W/VF7j2DGXMHKgX7GBvsupI +--- nfTlzqQNfQ/RzfruijtyG4g1wUGGRokvw/KosnmPGKg +k*b-Cj\ ꯄ;V\`YmP Er]߃Q{a\ͷ\js9w2,{S~/;2~IW(ajξ= \ No newline at end of file From 0978b62de6dc618b34514d64cc8969bda1cf19fe Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 19:39:31 +0100 Subject: [PATCH 155/438] keys: add kilgharrah@tohru --- keys.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/keys.nix b/keys.nix index 3cf0874..cb601a0 100644 --- a/keys.nix +++ b/keys.nix @@ -8,6 +8,7 @@ users = { qenya = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjBuuxo+w3yED0aPnsNb8S90p/GgBqFEG9K4ETZ5Wkq qenya@kilgharrah" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEmkV9arotms79lJPsLHkdzAac4eu3pYS08ym0sB/on qenya@tohru" ]; randomcat = [ From 84e44962ee54606a8164f9162df90369c57da9a6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 20:57:32 +0100 Subject: [PATCH 156/438] kilgharrah: install bitwarden, discord, tor-browser-bundle-bin --- hosts/kilgharrah/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 6aa033a..c2b18d0 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -58,6 +58,11 @@ ]; home-manager.users.qenya = { programs.vscode.enable = true; + home.packages = with pkgs; [ + bitwarden + discord + tor-browser-bundle-bin + ]; }; system.stateVersion = "24.05"; # Did you read the comment? From 09087ba1997ebc5a7a052edafd26e1c859b67095 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 23:31:02 +0100 Subject: [PATCH 157/438] kilgharrah: rearrange and split up configuration --- hosts/kilgharrah/boot.nix | 14 ++++ hosts/kilgharrah/default.nix | 26 ++---- hosts/kilgharrah/filesystems.nix | 65 +++++++++++++++ hosts/kilgharrah/hardware-configuration.nix | 90 --------------------- hosts/kilgharrah/hardware.nix | 8 ++ hosts/kilgharrah/networking.nix | 5 ++ hosts/tohru/default.nix | 1 - 7 files changed, 100 insertions(+), 109 deletions(-) create mode 100644 hosts/kilgharrah/boot.nix create mode 100644 hosts/kilgharrah/filesystems.nix delete mode 100644 hosts/kilgharrah/hardware-configuration.nix create mode 100644 hosts/kilgharrah/hardware.nix create mode 100644 hosts/kilgharrah/networking.nix diff --git a/hosts/kilgharrah/boot.nix b/hosts/kilgharrah/boot.nix new file mode 100644 index 0000000..31d92d8 --- /dev/null +++ b/hosts/kilgharrah/boot.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.editor = false; + loader.efi.canTouchEfiVariables = true; + + initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ "kvm-intel" ]; + + supportedFilesystems = [ "ntfs" ]; # for USB drives + }; +} diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index c2b18d0..a157123 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -1,10 +1,12 @@ { config, lib, pkgs, ... }: { - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + imports = [ + ./boot.nix + ./filesystems.nix + ./hardware.nix + ./networking.nix + ]; nixpkgs.hostPlatform = "x86_64-linux"; networking.hostId = "72885bb5"; @@ -18,20 +20,8 @@ security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.hostName = "kilgharrah"; # Define your hostname. - - networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - time.timeZone = "Europe/London"; - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; @@ -65,6 +55,6 @@ ]; }; - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "24.05"; -} \ No newline at end of file +} diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix new file mode 100644 index 0000000..eb9f0c5 --- /dev/null +++ b/hosts/kilgharrah/filesystems.nix @@ -0,0 +1,65 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "enc".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@" "compress=zstd" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress=zstd" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" "noatime" ]; + }; + "/swap" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@swap" "noatime" ]; + }; + "/root" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress=zstd" ]; + }; + "/srv" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@srv" "compress=zstd" ]; + }; + "/var/cache" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@cache" "compress=zstd" "noatime" ]; + }; + "/var/tmp" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@tmp" "compress=zstd" "noatime" ]; + }; + "/var/log" = { + device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; + fsType = "btrfs"; + options = [ "subvol=@log" "compress=zstd" "noatime" ]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/9582-E78D"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; + }]; +} diff --git a/hosts/kilgharrah/hardware-configuration.nix b/hosts/kilgharrah/hardware-configuration.nix deleted file mode 100644 index 6610f2c..0000000 --- a/hosts/kilgharrah/hardware-configuration.nix +++ /dev/null @@ -1,90 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@" "compress=zstd" ]; - }; - - boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@home" "compress=zstd" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@nix" "compress=zstd" "noatime" ]; - }; - - fileSystems."/swap" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@swap" "noatime" ]; - }; - - fileSystems."/root" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@root" "compress=zstd" ]; - }; - - fileSystems."/srv" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@srv" "compress=zstd" ]; - }; - - fileSystems."/var/cache" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@cache" "compress=zstd" "noatime" ]; - }; - - fileSystems."/var/tmp" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@tmp" "compress=zstd" "noatime" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; - fsType = "btrfs"; - options = [ "subvol=@log" "compress=zstd" "noatime" ]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9582-E78D"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} \ No newline at end of file diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix new file mode 100644 index 0000000..715ed4f --- /dev/null +++ b/hosts/kilgharrah/hardware.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; +} + diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix new file mode 100644 index 0000000..58854d5 --- /dev/null +++ b/hosts/kilgharrah/networking.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + networking.networkmanager.enable = true; +} diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index cf28ca3..06e6736 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -52,4 +52,3 @@ system.stateVersion = "23.11"; } - From 5e2e28cbe9ab9682ec60fc4d0651cba59ee3b457 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 23:38:58 +0100 Subject: [PATCH 158/438] kilgharrah: networking: switch from networkmanager to systemd-networkd --- hosts/kilgharrah/default.nix | 5 +---- hosts/kilgharrah/networking.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index a157123..8fe074b 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -42,10 +42,7 @@ age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; - users.users.qenya.extraGroups = [ - "wheel" - "networkmanager" - ]; + users.users.qenya.extraGroups = [ "wheel" ]; home-manager.users.qenya = { programs.vscode.enable = true; home.packages = with pkgs; [ diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index 58854d5..a3f344b 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -1,5 +1,12 @@ { config, lib, pkgs, ... }: { - networking.networkmanager.enable = true; + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp2s0"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; } From 92f5b74584cf25ce13f9e13a9d991fb7ee48dd88 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 23:43:56 +0100 Subject: [PATCH 159/438] kilgharrah: update deprecated option name --- hosts/kilgharrah/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 8fe074b..00b90ff 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -28,7 +28,7 @@ services.xserver.enable = true; services.displayManager.sddm.enable = true; services.displayManager.sddm.wayland.enable = true; - services.xserver.desktopManager.plasma6.enable = true; + services.desktopManager.plasma6.enable = true; services.xserver.xkb.layout = "gb"; services.printing.enable = true; From 324638baa917ce4db75e97daf4fc45483c01cbf4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Sep 2024 23:49:21 +0100 Subject: [PATCH 160/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/224042e9a3039291f22f4f2ded12af95a616cca0' (2024-08-21) → 'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) • Updated input 'nur': 'github:nix-community/NUR/0891674223deb1262d8a96a46598fca0840c8271' (2024-08-29) → 'github:nix-community/NUR/444e1f3fdf23aa476489b0038e0738c6f4d9df85' (2024-09-04) --- flake.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 0c14db5..afd4ee1 100644 --- a/flake.lock +++ b/flake.lock @@ -83,11 +83,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1724242322, - "narHash": "sha256-HMpK7hNjhEk4z5SFg5UtxEio9OWFocHdaQzCfW1pE7w=", + "lastModified": 1725001927, + "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "224042e9a3039291f22f4f2ded12af95a616cca0", + "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "type": "github" }, "original": { @@ -99,11 +99,11 @@ }, "nur": { "locked": { - "lastModified": 1724921284, - "narHash": "sha256-mHV9kKOufZMjHSaL+uQ71UfrNqFd50THiNWesfBf9Kk=", + "lastModified": 1725486293, + "narHash": "sha256-XRWbx8JcTCVoGxr3P2YL/tK4s4HzZBhUqlxr91zLOZs=", "owner": "nix-community", "repo": "NUR", - "rev": "0891674223deb1262d8a96a46598fca0840c8271", + "rev": "444e1f3fdf23aa476489b0038e0738c6f4d9df85", "type": "github" }, "original": { From 39d73b4ed71623399fb04a8524ad607a4a20e441 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 5 Sep 2024 00:20:49 +0100 Subject: [PATCH 161/438] kilgharrah: disallow remote deployment --- hosts/kilgharrah/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 00b90ff..5fa7712 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -13,12 +13,8 @@ deployment = { allowLocalDeployment = true; - # temporarily allow remote deployment for bootstrapping - targetHost = "192.168.2.1"; - targetUser = null; + targetHost = null; # disallow remote deployment }; - security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; time.timeZone = "Europe/London"; From 48a5083a022fa9b0e081f0516dcbfa30878142ec Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:37:34 +0100 Subject: [PATCH 162/438] nixpkgs, home-manager: return nixpkgs config to flake.nix --- common/default.nix | 1 - common/home-manager.nix | 17 ++++++----------- common/nixpkgs.nix | 14 -------------- flake.nix | 19 ++++++++++++++----- 4 files changed, 20 insertions(+), 31 deletions(-) delete mode 100644 common/nixpkgs.nix diff --git a/common/default.nix b/common/default.nix index bc3cc10..f6c8c0a 100644 --- a/common/default.nix +++ b/common/default.nix @@ -5,7 +5,6 @@ ./environment.nix ./home-manager.nix ./nginx.nix - ./nixpkgs.nix ./openssh.nix ./security.nix ]; diff --git a/common/home-manager.nix b/common/home-manager.nix index 6740dbc..e4d7106 100644 --- a/common/home-manager.nix +++ b/common/home-manager.nix @@ -1,18 +1,13 @@ { config, lib, pkgs, ... }: { - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; + home-manager.users = { + qenya = { config, lib, pkgs, osConfig, ... }: { + home.homeDirectory = osConfig.users.users.qenya.home; - users = { - qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; - - imports = [ - ../home/qenya - ]; - }; + imports = [ + ../home/qenya + ]; }; }; } diff --git a/common/nixpkgs.nix b/common/nixpkgs.nix deleted file mode 100644 index b11cac9..0000000 --- a/common/nixpkgs.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, inputs, ... }: - -{ - nixpkgs = { - config = { - allowUnfree = true; - packageOverrides = pkgs: { - agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - }; - }; - - overlays = [ inputs.nur.overlay ]; - }; -} diff --git a/flake.nix b/flake.nix index de114b3..3e5ffdb 100644 --- a/flake.nix +++ b/flake.nix @@ -27,15 +27,24 @@ nodeNixpkgs = { kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow }; - specialArgs = { - inherit inputs; - }; }; - defaults = { name, nodes, ... }: { + defaults = { name, nodes, config, ... }: { networking.hostName = name; nix.settings.experimental-features = "nix-command flakes"; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + nixpkgs.config.allowUnfree = true; + + nixpkgs.config.packageOverrides = pkgs: { + agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; + }; + nixpkgs.overlays = [ inputs.nur.overlay ]; + + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + }; imports = [ home-manager.nixosModules.home-manager @@ -47,7 +56,7 @@ ]; }; - kilgharrah.imports = [ ./hosts/kilgharrah ] ; + kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; yevaud = { name, nodes, ... }: { From 4bb4780186b219d209eb4407c41190b0ede88cc9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:38:28 +0100 Subject: [PATCH 163/438] firefox: declaratively define important settings & extensions Closes #4 --- home/qenya/default.nix | 1 + home/qenya/firefox.nix | 51 ++++++++++++++++++++++++++++++++++++++++++ hosts/tohru/home.nix | 2 +- 3 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 home/qenya/firefox.nix diff --git a/home/qenya/default.nix b/home/qenya/default.nix index e3197ef..4923dcb 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -2,6 +2,7 @@ imports = [ ./dconf ./cli.nix + ./firefox.nix ./git.nix ./tmux.nix ./vscode.nix diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix new file mode 100644 index 0000000..ebfd2ca --- /dev/null +++ b/home/qenya/firefox.nix @@ -0,0 +1,51 @@ +{ config, lib, pkgs, ... }: + +{ + programs.firefox = { + # coming in 24.11 + # languagePacks = [ "en-GB" ]; + + profiles.default = { + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + ublock-origin + ]; + + settings = { + "browser.startup.page" = 3; # resume previous session + "browser.newtabpage.activity-stream.showSponsored" = false; + "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; + + # disable telemetry + "datareporting.healthreport.uploadEnabled" = false; + "app.shield.optoutstudies.enabled" = false; + "browser.crashReports.unsubmittedCheck.autoSubmit2" = false; + + # disable prefetch? + + # DNS over HTTPS + "network.trr.custom_uri" = "https://base.dns.mullvad.net/dns-query"; + "network.trr.excluded-domains" = "detectportal.firefox.com"; + "network.trr.mode" = 3; + "network.trr.uri" = "https://base.dns.mullvad.net/dns-query"; + + "browser.search.suggest.enabled" = false; + "browser.urlbar.suggest.searches" = false; + + "dom.security.https_only_mode" = true; + "browser.contentblocking.category" = "strict"; # Enhanced Tracking Protection + # I think these are implied by the above + # "privacy.donottrackheader.enabled" = true; + # "privacy.trackingprotection.enabled" = true; + # "privacy.trackingprotection.emailtracking.enabled" = true; + # "privacy.trackingprotection.socialtracking.enabled" = true; + + "privacy.sanitize.sanitizeOnShutdown" = true; + "privacy.clearOnShutdown_v2.historyFormDataAndDownloads" = false; + + "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising" + "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix + }; + }; + }; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 4fdeb48..2ebda52 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -4,7 +4,7 @@ dconf.enable = true; programs = { - firefox.enable = true; # TODO: config is not yet nix-ified + firefox.enable = true; vscode.enable = true; }; From 5290f25062708b607ba63ef2573258ce389b870c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:50:40 +0100 Subject: [PATCH 164/438] steam: move to common config --- common/default.nix | 1 + common/steam.nix | 10 ++++++++++ hosts/tohru/default.nix | 4 ++-- services/default.nix | 1 - services/steam.nix | 21 --------------------- 5 files changed, 13 insertions(+), 24 deletions(-) create mode 100644 common/steam.nix delete mode 100644 services/steam.nix diff --git a/common/default.nix b/common/default.nix index f6c8c0a..849dc3d 100644 --- a/common/default.nix +++ b/common/default.nix @@ -7,5 +7,6 @@ ./nginx.nix ./openssh.nix ./security.nix + ./steam.nix ]; } \ No newline at end of file diff --git a/common/steam.nix b/common/steam.nix new file mode 100644 index 0000000..5f538fa --- /dev/null +++ b/common/steam.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + programs.steam = { + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + services.joycond.enable = config.programs.steam.enable; +} diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 06e6736..c8d2ec3 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -46,9 +46,9 @@ ]; home-manager.users.qenya.imports = [ ./home.nix ]; - programs.evolution.enable = true; + programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet + programs.steam.enable = true; qenya.services.fonts.enable = true; - qenya.services.steam.enable = true; system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index 7c73723..d9c3ff2 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,6 +2,5 @@ imports = [ ./fonts.nix ./forgejo.nix - ./steam.nix ]; } \ No newline at end of file diff --git a/services/steam.nix b/services/steam.nix deleted file mode 100644 index d7ef010..0000000 --- a/services/steam.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.qenya.services.steam; -in -{ - options.qenya.services.steam = { - enable = mkEnableOption "Steam"; - }; - - config = mkIf cfg.enable { - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - - services.joycond.enable = true; - }; -} From 9a27610757aba4f5ffd08a4b1ca00cfcc2c85cf4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 6 Sep 2024 02:51:55 +0100 Subject: [PATCH 165/438] kilgharrah: install firefox, steam --- hosts/kilgharrah/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 5fa7712..bbda2a0 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -40,7 +40,9 @@ users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; home-manager.users.qenya = { + programs.firefox.enable = true; programs.vscode.enable = true; + home.packages = with pkgs; [ bitwarden discord @@ -48,6 +50,8 @@ ]; }; + programs.steam.enable = true; + system.stateVersion = "24.05"; } From 5a71df020eb926bdd79276394a6fa4529df0109e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 8 Sep 2024 20:58:53 +0100 Subject: [PATCH 166/438] kilgharrah: install zoom --- hosts/kilgharrah/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index bbda2a0..4fd8469 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -47,6 +47,7 @@ bitwarden discord tor-browser-bundle-bin + zoom-us ]; }; From 5fefab9707545401ada0c981efc876b18b79cc75 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 10 Sep 2024 22:40:07 +0100 Subject: [PATCH 167/438] kilgharrah: switch from pulseaudio to pipewire --- hosts/kilgharrah/default.nix | 8 +------- hosts/kilgharrah/sound.nix | 13 +++++++++++++ 2 files changed, 14 insertions(+), 7 deletions(-) create mode 100644 hosts/kilgharrah/sound.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 4fd8469..3a834fb 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -6,6 +6,7 @@ ./filesystems.nix ./hardware.nix ./networking.nix + ./sound.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -29,13 +30,6 @@ services.printing.enable = true; - sound.enable = true; - hardware.pulseaudio.enable = true; - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/kilgharrah/sound.nix b/hosts/kilgharrah/sound.nix new file mode 100644 index 0000000..cb97bd4 --- /dev/null +++ b/hosts/kilgharrah/sound.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: + +{ + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + environment.systemPackages = with pkgs; [ helvum ]; # patchbay +} \ No newline at end of file From 3fc4efab9ce24d27001c34df9225d5ebf26b9dbc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 11 Sep 2024 05:17:19 +0100 Subject: [PATCH 168/438] rename sysadmin module to base-server --- common/{sysadmin => base-server}/default.nix | 4 ++-- common/default.nix | 2 +- hosts/kalessin/configuration.nix | 2 +- hosts/orm/configuration.nix | 2 +- hosts/yevaud/configuration.nix | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) rename common/{sysadmin => base-server}/default.nix (68%) diff --git a/common/sysadmin/default.nix b/common/base-server/default.nix similarity index 68% rename from common/sysadmin/default.nix rename to common/base-server/default.nix index 3709583..47a82fa 100644 --- a/common/sysadmin/default.nix +++ b/common/base-server/default.nix @@ -2,10 +2,10 @@ with lib; let - cfg = config.qenya.sysadmin; + cfg = config.qenya.base-server; in { - options.qenya.sysadmin.enable = mkEnableOption "Base configuration for headless servers"; + options.qenya.base-server.enable = mkEnableOption "Base configuration for headless servers"; config = mkIf cfg.enable { time.timeZone = "Etc/UTC"; diff --git a/common/default.nix b/common/default.nix index 849dc3d..e380932 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,6 +1,6 @@ { imports = [ - ./sysadmin + ./base-server ./users ./environment.nix ./home-manager.nix diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/configuration.nix index 4e2ddea..3250f27 100644 --- a/hosts/kalessin/configuration.nix +++ b/hosts/kalessin/configuration.nix @@ -9,7 +9,7 @@ boot.loader.efi.canTouchEfiVariables = true; users.users.qenya.extraGroups = [ "wheel" ]; - qenya.sysadmin.enable = true; + qenya.base-server.enable = true; system.stateVersion = "23.11"; } diff --git a/hosts/orm/configuration.nix b/hosts/orm/configuration.nix index e0cbe89..c31dc6a 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/configuration.nix @@ -9,7 +9,7 @@ boot.loader.efi.canTouchEfiVariables = true; users.users.qenya.extraGroups = [ "wheel" ]; - qenya.sysadmin.enable = true; + qenya.base-server.enable = true; age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/configuration.nix index 13b70b3..2fbd757 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/configuration.nix @@ -10,7 +10,7 @@ users.users.qenya.extraGroups = [ "wheel" ]; - qenya.sysadmin.enable = true; + qenya.base-server.enable = true; age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; From aeab8016021127832e0b33016a93653506b23319 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 11 Sep 2024 05:43:35 +0100 Subject: [PATCH 169/438] base-graphical: init with pipewire config --- common/base-graphical/default.nix | 17 +++++++++++++++++ common/base-graphical/sound.nix | 20 ++++++++++++++++++++ common/default.nix | 1 + hosts/kilgharrah/default.nix | 4 ++-- hosts/kilgharrah/sound.nix | 13 ------------- hosts/tohru/default.nix | 10 ++-------- 6 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 common/base-graphical/default.nix create mode 100644 common/base-graphical/sound.nix delete mode 100644 hosts/kilgharrah/sound.nix diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix new file mode 100644 index 0000000..1ef5c98 --- /dev/null +++ b/common/base-graphical/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + imports = [ + ./sound.nix + ]; + + options.qenya.base-graphical.enable = mkEnableOption "Base configuration for graphical environments"; + + config = mkIf cfg.enable { + services.xserver.enable = true; + }; +} diff --git a/common/base-graphical/sound.nix b/common/base-graphical/sound.nix new file mode 100644 index 0000000..bb0c847 --- /dev/null +++ b/common/base-graphical/sound.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + hardware.pulseaudio.enable = false; # this theoretically defaults to false but something else seems to be flipping it + environment.systemPackages = with pkgs; [ helvum ]; # patchbay + }; +} diff --git a/common/default.nix b/common/default.nix index e380932..fd0791c 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./base-graphical ./base-server ./users ./environment.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 3a834fb..bafc19d 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -6,7 +6,6 @@ ./filesystems.nix ./hardware.nix ./networking.nix - ./sound.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -17,12 +16,13 @@ targetHost = null; # disallow remote deployment }; + qenya.base-graphical.enable = true; + time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; - services.xserver.enable = true; services.displayManager.sddm.enable = true; services.displayManager.sddm.wayland.enable = true; services.desktopManager.plasma6.enable = true; diff --git a/hosts/kilgharrah/sound.nix b/hosts/kilgharrah/sound.nix deleted file mode 100644 index cb97bd4..0000000 --- a/hosts/kilgharrah/sound.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - environment.systemPackages = with pkgs; [ helvum ]; # patchbay -} \ No newline at end of file diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index c8d2ec3..7373dd5 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -18,25 +18,19 @@ targetHost = null; # disallow remote deployment }; + qenya.base-graphical.enable = true; + time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; - services.xserver.enable = true; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; services.xserver.xkb.layout = "gb"; services.printing.enable = true; - sound.enable = true; - hardware.pulseaudio.enable = true; - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ From 9e638c009f37bf4ffb33b96b278a14cb5aea741b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 11 Sep 2024 06:36:21 +0100 Subject: [PATCH 170/438] base-graphical: add desktop manager config --- common/base-graphical/default.nix | 1 + common/base-graphical/desktop.nix | 26 ++++++++++++++++++++++++++ hosts/kilgharrah/default.nix | 6 +----- hosts/tohru/default.nix | 4 ---- 4 files changed, 28 insertions(+), 9 deletions(-) create mode 100644 common/base-graphical/desktop.nix diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix index 1ef5c98..40542ce 100644 --- a/common/base-graphical/default.nix +++ b/common/base-graphical/default.nix @@ -6,6 +6,7 @@ let in { imports = [ + ./desktop.nix ./sound.nix ]; diff --git a/common/base-graphical/desktop.nix b/common/base-graphical/desktop.nix new file mode 100644 index 0000000..50ff84c --- /dev/null +++ b/common/base-graphical/desktop.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption types; + cfg = config.qenya.base-graphical; + + isGnome = cfg.desktop == "gnome"; + isPlasma6 = cfg.desktop == "plasma6"; +in +{ + options.qenya.base-graphical.desktop = mkOption { + type = types.enum [ "gnome" "plasma6" ]; + default = "gnome"; + example = "plasma6"; + description = "Which display manager and desktop manager to use."; + }; + + config = mkIf cfg.enable { + services.xserver.displayManager.gdm.enable = isGnome; + services.xserver.desktopManager.gnome.enable = isGnome; + + services.displayManager.sddm.enable = isPlasma6; + services.displayManager.sddm.wayland.enable = isPlasma6; + services.desktopManager.plasma6.enable = isPlasma6; + }; +} diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index bafc19d..b4e969f 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -17,15 +17,11 @@ }; qenya.base-graphical.enable = true; + qenya.base-graphical.desktop = "plasma6"; time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; - - services.displayManager.sddm.enable = true; - services.displayManager.sddm.wayland.enable = true; - services.desktopManager.plasma6.enable = true; services.xserver.xkb.layout = "gb"; services.printing.enable = true; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 7373dd5..eab9a11 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -21,12 +21,8 @@ qenya.base-graphical.enable = true; time.timeZone = "Europe/London"; - i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; - - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; services.xserver.xkb.layout = "gb"; services.printing.enable = true; From c5261caa21b1f265c669992da2b1f1a72a21860d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 11 Sep 2024 15:06:41 +0100 Subject: [PATCH 171/438] base-graphical: include settings for fonts, libinput, printing --- common/base-graphical/default.nix | 6 ++++++ hosts/kilgharrah/default.nix | 2 -- hosts/tohru/default.nix | 3 --- services/default.nix | 1 - services/fonts.nix | 17 ----------------- 5 files changed, 6 insertions(+), 23 deletions(-) delete mode 100644 services/fonts.nix diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix index 40542ce..f651ce0 100644 --- a/common/base-graphical/default.nix +++ b/common/base-graphical/default.nix @@ -14,5 +14,11 @@ in config = mkIf cfg.enable { services.xserver.enable = true; + services.libinput.enable = true; + services.printing.enable = true; + + fonts.packages = with pkgs; [ + corefonts + ]; }; } diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index b4e969f..6372b16 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -24,8 +24,6 @@ console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; - services.printing.enable = true; - age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index eab9a11..53fb544 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -25,8 +25,6 @@ console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; - services.printing.enable = true; - age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ @@ -38,7 +36,6 @@ programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet programs.steam.enable = true; - qenya.services.fonts.enable = true; system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index d9c3ff2..beecd73 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,6 +1,5 @@ { imports = [ - ./fonts.nix ./forgejo.nix ]; } \ No newline at end of file diff --git a/services/fonts.nix b/services/fonts.nix deleted file mode 100644 index dcd9d1b..0000000 --- a/services/fonts.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.qenya.services.fonts; -in -{ - options.qenya.services.fonts = { - enable = mkEnableOption "Fonts"; - }; - - config = mkIf cfg.enable { - fonts.packages = with pkgs; [ - corefonts - ]; - }; -} From a2cb35148c40c39fce067dbb16c8694ee6afc557 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 11:38:17 +0100 Subject: [PATCH 172/438] pipewire-low-latency: split to reusable module --- hosts/kilgharrah/default.nix | 2 ++ services/default.nix | 1 + services/pipewire-low-latency.nix | 58 +++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100644 services/pipewire-low-latency.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 6372b16..4418b4a 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -24,6 +24,8 @@ console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + qenya.services.pipewire.lowLatency.enable = true; + age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/services/default.nix b/services/default.nix index beecd73..fddd93c 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,6 @@ { imports = [ ./forgejo.nix + ./pipewire-low-latency.nix ]; } \ No newline at end of file diff --git a/services/pipewire-low-latency.nix b/services/pipewire-low-latency.nix new file mode 100644 index 0000000..0ba2709 --- /dev/null +++ b/services/pipewire-low-latency.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + cfg = config.qenya.services.pipewire.lowLatency; +in +{ + options.qenya.services.pipewire.lowLatency = { + enable = mkEnableOption "config to decrease sound latency (increasing CPU load) for e.g. streaming"; + # TODO: might be an idea to have the numbers be configurable + }; + + config = mkIf cfg.enable { + # TODO: needs more testing + services.pipewire.extraConfig = { + pipewire."92-low-latency" = { + context.properties = { + default.clock.rate = 48000; + default.clock.quantum = 32; + default.clock.min-quantum = 32; + default.clock.max-quantum = 32; + }; + }; + pipewire-pulse."92-low-latency" = { + context.modules = [ + { + name = "libpipewire-module-protocol-pulse"; + args = { + pulse.min.req = "32/48000"; + pulse.default.req = "32/48000"; + pulse.max.req = "32/48000"; + pulse.min.quantum = "32/48000"; + pulse.max.quantum = "32/48000"; + }; + } + ]; + stream.properties = { + node.latency = "32/48000"; + resample.quality = 1; + }; + }; + }; + # Available from NixOS 24.11. Lifted from https://nixos.wiki/wiki/PipeWire - probably need to adjust numbers + # services.pipewire.wireplumber.extraLuaConfig.main."99-alsa-lowlatency" = '' + # alsa_monitor.rules = { + # { + # matches = {{{ "node.name", "matches", "alsa_output.*" }}}; + # apply_properties = { + # ["audio.format"] = "S32LE", + # ["audio.rate"] = "96000", -- for USB soundcards it should be twice your desired rate + # ["api.alsa.period-size"] = 2, -- defaults to 1024, tweak by trial-and-error + # -- ["api.alsa.disable-batch"] = true, -- generally, USB soundcards use the batch mode + # }, + # }, + # } + # ''; + }; +} From cb6d7f7837624db5dd76e3e582ca0b19c731073e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 11:40:24 +0100 Subject: [PATCH 173/438] firefox: disable built-in password management --- home/qenya/firefox.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index ebfd2ca..8e4d3bb 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -45,6 +45,10 @@ "dom.private-attribution.submission.enabled" = false; # disable "Privacy-Preserving Attribution for Advertising" "extensions.autoDisableScopes" = 0; # automatically enable extensions installed through nix + + # external password manager + "signon.rememberSignons" = false; + "extensions.formautofill.creditCards.enabled" = false; }; }; }; From b18e50fd4a760254ad20df679c096f88e926db23 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 11:42:31 +0100 Subject: [PATCH 174/438] add plasma-manager for plasma config --- common/environment.nix | 1 + flake.lock | 26 +++++++++++++++++++++++++- flake.nix | 10 +++++++++- home/qenya/default.nix | 1 + home/qenya/plasma/default.nix | 11 +++++++++++ 5 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 home/qenya/plasma/default.nix diff --git a/common/environment.nix b/common/environment.nix index 433a2a9..122e2f5 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -16,6 +16,7 @@ # used for nix config colmena agenix + rc2nix ]; environment.wordlist.enable = true; diff --git a/flake.lock b/flake.lock index afd4ee1..3ecf0fb 100644 --- a/flake.lock +++ b/flake.lock @@ -112,13 +112,37 @@ "type": "github" } }, + "plasma-manager": { + "inputs": { + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725914634, + "narHash": "sha256-U74hu15xSb6JNySMOwyJrsh4uk1DVa182bdHLeHdYMc=", + "owner": "nix-community", + "repo": "plasma-manager", + "rev": "60becd0e994e25b372c8d0500fc944396f6c1085", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "plasma-manager", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", "birdsong": "birdsong", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", - "nur": "nur" + "nur": "nur", + "plasma-manager": "plasma-manager" } }, "systems": { diff --git a/flake.nix b/flake.nix index 3e5ffdb..a5348a3 100644 --- a/flake.nix +++ b/flake.nix @@ -7,6 +7,12 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; + nur.url = "github:nix-community/NUR"; agenix = { @@ -20,7 +26,7 @@ birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, home-manager, nur, agenix, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, birdsong, ... }: { colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; @@ -38,12 +44,14 @@ nixpkgs.config.packageOverrides = pkgs: { agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; + rc2nix = inputs.plasma-manager.packages.${config.nixpkgs.hostPlatform.system}.rc2nix; }; nixpkgs.overlays = [ inputs.nur.overlay ]; home-manager = { useUserPackages = true; useGlobalPkgs = true; + sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; }; imports = [ diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 4923dcb..14e552b 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -1,6 +1,7 @@ { imports = [ ./dconf + ./plasma ./cli.nix ./firefox.nix ./git.nix diff --git a/home/qenya/plasma/default.nix b/home/qenya/plasma/default.nix new file mode 100644 index 0000000..f35d05c --- /dev/null +++ b/home/qenya/plasma/default.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; +in +{ + programs.plasma.enable = isPlasma; + programs.plasma.overrideConfig = true; + + imports = [ ]; +} From 19f0d81b9b631fc9f1c8e79e81274837048e27ac Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 12:22:44 +0100 Subject: [PATCH 175/438] qenya: vscode: automatically fetch new flake inputs in nix repos --- home/qenya/vscode.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index cff4e5d..f9d8c6e 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -38,6 +38,10 @@ in "nix.serverSettings".nil = { diagnostics.ignored = [ "unused_binding" "unused_with" ]; formatting.command = [ "nixpkgs-fmt" ]; + nix.flake = { + autoArchive = true; + autoEvalInputs = true; + }; }; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; From afb16a55f3f64ec55677529bfc86022a21903868 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 12:44:42 +0100 Subject: [PATCH 176/438] home-manager: automatically back up overwritten files --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index a5348a3..9746dec 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,7 @@ home-manager = { useUserPackages = true; useGlobalPkgs = true; + backupFileExtension = "backup"; sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; }; From 9fa74d52c129d7cf0a75084f438198ec3d73d865 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 12:44:58 +0100 Subject: [PATCH 177/438] qenya: xdg-mime-apps: make default app configuration declarative --- home/qenya/default.nix | 1 + home/qenya/xdg-mime-apps.nix | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 home/qenya/xdg-mime-apps.nix diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 14e552b..6745dc1 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -7,6 +7,7 @@ ./git.nix ./tmux.nix ./vscode.nix + ./xdg-mime-apps.nix ./zsh.nix ]; diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix new file mode 100644 index 0000000..a5ab3bf --- /dev/null +++ b/home/qenya/xdg-mime-apps.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + isGraphical = osConfig.services.xserver.enable; +in +{ + xdg.mimeApps = { + enable = isGraphical; + defaultApplications = { + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + }; + }; +} From a0a94b86ffe3ec317ada5726acff16398a4e992f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 12:56:30 +0100 Subject: [PATCH 178/438] home-manager: rearrange config --- common/home-manager.nix | 12 ++++-------- common/users/qenya.nix | 5 +++++ flake.nix | 14 ++++---------- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/common/home-manager.nix b/common/home-manager.nix index e4d7106..171a382 100644 --- a/common/home-manager.nix +++ b/common/home-manager.nix @@ -1,13 +1,9 @@ { config, lib, pkgs, ... }: { - home-manager.users = { - qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; - - imports = [ - ../home/qenya - ]; - }; + home-manager = { + useUserPackages = true; + useGlobalPkgs = true; + backupFileExtension = "backup"; }; } diff --git a/common/users/qenya.nix b/common/users/qenya.nix index e9d11ad..19dc8ed 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -11,4 +11,9 @@ in { }; programs.zsh.enable = true; + + home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { + home.homeDirectory = osConfig.users.users.qenya.home; + imports = [ ../../home/qenya ]; + }; } diff --git a/flake.nix b/flake.nix index 9746dec..232dbf7 100644 --- a/flake.nix +++ b/flake.nix @@ -43,17 +43,11 @@ nixpkgs.config.allowUnfree = true; nixpkgs.config.packageOverrides = pkgs: { - agenix = inputs.agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - rc2nix = inputs.plasma-manager.packages.${config.nixpkgs.hostPlatform.system}.rc2nix; - }; - nixpkgs.overlays = [ inputs.nur.overlay ]; - - home-manager = { - useUserPackages = true; - useGlobalPkgs = true; - backupFileExtension = "backup"; - sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; + agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; + rc2nix = plasma-manager.packages.${config.nixpkgs.hostPlatform.system}.rc2nix; }; + nixpkgs.overlays = [ nur.overlay ]; + home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; imports = [ home-manager.nixosModules.home-manager From 4a9e6b5f3ca2bd9685d0474e178890cd6e0be352 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 13:35:35 +0100 Subject: [PATCH 179/438] move tooling to dev environment --- common/environment.nix | 5 ----- flake.nix | 18 ++++++++++++++---- shell.nix | 9 +++++++++ 3 files changed, 23 insertions(+), 9 deletions(-) create mode 100644 shell.nix diff --git a/common/environment.nix b/common/environment.nix index 122e2f5..384e88d 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -12,11 +12,6 @@ lsof tcpdump netcat # <3 - - # used for nix config - colmena - agenix - rc2nix ]; environment.wordlist.enable = true; diff --git a/flake.nix b/flake.nix index 232dbf7..7f3b793 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,6 @@ nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; - nixpkgs.config.packageOverrides = pkgs: { - agenix = agenix.packages.${config.nixpkgs.hostPlatform.system}.default; - rc2nix = plasma-manager.packages.${config.nixpkgs.hostPlatform.system}.rc2nix; - }; nixpkgs.overlays = [ nur.overlay ]; home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; @@ -92,5 +88,19 @@ ]; }; }; + + # TODO: have this work on other systems too + devShells."x86_64-linux".default = + let + system = "x86_64-linux"; + pkgs = import nixpkgs { inherit system; }; + in + pkgs.mkShell { + packages = [ + pkgs.colmena + agenix.packages.${system}.default + plasma-manager.packages.${system}.rc2nix + ]; + }; }; } diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..688ef15 --- /dev/null +++ b/shell.nix @@ -0,0 +1,9 @@ +let + shell = (import + (fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/refs/tags/v1.0.1.tar.gz"; + sha256 = "0jm6nzb83wa6ai17ly9fzpqc40wg1viib8klq8lby54agpl213w5"; + }) + { src = ./.; }).shellNix; +in +shell.devShells.${builtins.currentSystem} From 752fce2538a1f82abe977e29354612dc0ca59341 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 13:55:15 +0100 Subject: [PATCH 180/438] qenya: zsh: automatically run nix-shell when necessary Closes #9 --- home/qenya/zsh.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix index f6ded78..42ccf8f 100644 --- a/home/qenya/zsh.nix +++ b/home/qenya/zsh.nix @@ -25,6 +25,15 @@ theme = "agnoster"; }; + initExtra = '' + # If a shell is started in a directory with a shell.nix, automatically run nix-shell + if [ -f ./shell.nix ]; then + if [ -z "$IN_NIX_SHELL" ]; then + nix-shell --command "zsh" + fi + fi + ''; + envExtra = '' DEFAULT_USER=qenya ''; From 251560f7615404f30528b067cf2ad9619adc94f4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 12 Sep 2024 15:41:43 +0100 Subject: [PATCH 181/438] qenya: declaratively define more of GNOME config Closes #3 --- home/qenya/dconf/appearance.nix | 27 --------------------------- home/qenya/dconf/default.nix | 24 ++++++++++++++---------- home/qenya/dconf/desktop.nix | 23 +++++++++++++++++++++++ home/qenya/dconf/keyboard.nix | 14 ++++++-------- home/qenya/dconf/mouse-touchpad.nix | 16 ++++++++++++++++ home/qenya/dconf/multitasking.nix | 11 +++++++++++ home/qenya/dconf/shell.nix | 26 ++++++++++++++++++++++++++ hosts/tohru/home.nix | 8 ++------ 8 files changed, 98 insertions(+), 51 deletions(-) delete mode 100644 home/qenya/dconf/appearance.nix create mode 100644 home/qenya/dconf/desktop.nix create mode 100644 home/qenya/dconf/mouse-touchpad.nix create mode 100644 home/qenya/dconf/multitasking.nix create mode 100644 home/qenya/dconf/shell.nix diff --git a/home/qenya/dconf/appearance.nix b/home/qenya/dconf/appearance.nix deleted file mode 100644 index d6f1fab..0000000 --- a/home/qenya/dconf/appearance.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, pkgs, ... }: - -let inherit (lib) mkIf; -in { - dconf = { - settings = - let - backgroundOptions = { - color-shading-type = "solid"; - picture-options = "zoom"; - picture-uri = "${config.home.homeDirectory}/.background-image"; - primary-color = "#3a4ba0"; - secondary-color = "#2f302f"; - }; - in - { - "org/gnome/desktop/background" = backgroundOptions // { - picture-uri-dark = backgroundOptions.picture-uri; - }; - "org/gnome/desktop/screensaver" = backgroundOptions; - "org/gnome/desktop/interface".color-scheme = "prefer-dark"; - }; - }; - home.file.".background-image" = mkIf config.dconf.enable { - source = ./background-image.jpg; - }; -} diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix index 66f82cd..912efb1 100644 --- a/home/qenya/dconf/default.nix +++ b/home/qenya/dconf/default.nix @@ -1,19 +1,23 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: # dconf is the configuration manager for GNOME. -# home-manager, in its infinite wisdom, sets `dconf.enable` to true by default. -# This is a problem because we don't want it to attempt to apply our settings on -# a system that doesn't actually have GNOME installed. So, we override the -# default to false. +let + isGnome = osConfig.services.xserver.desktopManager.gnome.enable; +in +{ + dconf.enable = isGnome; -let inherit (lib) mkDefault; -in { - dconf.enable = mkDefault false; + dconf.settings = { + "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; + "org/gnome/desktop/sound".event-sounds = false; + }; imports = [ - # TODO: nix-ify other parts of GNOME config - ./appearance.nix + ./desktop.nix ./keyboard.nix + ./mouse-touchpad.nix + ./multitasking.nix + ./shell.nix ]; } diff --git a/home/qenya/dconf/desktop.nix b/home/qenya/dconf/desktop.nix new file mode 100644 index 0000000..4cfbaa7 --- /dev/null +++ b/home/qenya/dconf/desktop.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let inherit (lib) mkIf; +in { + dconf.settings = { + "org/gnome/desktop/background" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + picture-uri-dark = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/screensaver" = { + picture-options = "zoom"; + picture-uri = "${config.home.homeDirectory}/.background-image"; + }; + "org/gnome/desktop/interface" = { + color-scheme = "prefer-dark"; + enable-hot-corners = false; + }; + }; + home.file.".background-image" = mkIf config.dconf.enable { + source = ./background-image.jpg; + }; +} diff --git a/home/qenya/dconf/keyboard.nix b/home/qenya/dconf/keyboard.nix index e96a6f2..5271bae 100644 --- a/home/qenya/dconf/keyboard.nix +++ b/home/qenya/dconf/keyboard.nix @@ -1,14 +1,12 @@ # { config, lib, pkgs, ... }: { - dconf = { - settings = { - "org/gnome/desktop/wm/keybindings" = { - # These are largely useless on most normal systems - # and conflict with VS Code's default keybinds for "Copy Line Up/Down" - move-to-workspace-up = [ ]; - move-to-workspace-down = [ ]; - }; + dconf.settings = { + "org/gnome/desktop/wm/keybindings" = { + # These are largely useless on most normal systems + # and conflict with VS Code's default keybinds for "Copy Line Up/Down" + move-to-workspace-up = [ ]; + move-to-workspace-down = [ ]; }; }; } diff --git a/home/qenya/dconf/mouse-touchpad.nix b/home/qenya/dconf/mouse-touchpad.nix new file mode 100644 index 0000000..f3fd932 --- /dev/null +++ b/home/qenya/dconf/mouse-touchpad.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/peripherals/mouse" = { + natural-scroll = false; + }; + "org/gnome/desktop/peripherals/touchpad" = { + click-method = "fingers"; + disable-while-typing = false; + natural-scroll = true; # the correct option, whatever Janet says + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + }; +} diff --git a/home/qenya/dconf/multitasking.nix b/home/qenya/dconf/multitasking.nix new file mode 100644 index 0000000..1d93972 --- /dev/null +++ b/home/qenya/dconf/multitasking.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/mutter" = { + edge-tiling = true; + dynamic-workspaces = true; + workspaces-only-on-primary = true; + }; + }; +} diff --git a/home/qenya/dconf/shell.nix b/home/qenya/dconf/shell.nix new file mode 100644 index 0000000..73672fd --- /dev/null +++ b/home/qenya/dconf/shell.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +{ + dconf.settings = { + "org/gnome/shell" = { + disable-user-extensions = true; + + # TODO: this is fine for now on tohru (the only GNOME system I use) but shouldn't depend on certain apps being installed + favorite-apps = [ + "discord.desktop" + "org.gnome.Evolution.desktop" + "firefox.desktop" + "torbrowser.desktop" + "steam.desktop" + "codium.desktop" + "org.gnome.Console.desktop" + "org.gnome.Nautilus.desktop" + "org.gnome.SystemMonitor.desktop" + ]; + + # TODO: fill this out (needs preinstalled stuff removing first) + # app-picker-layout = [ + # ... + # ]; + }; + }; +} diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 2ebda52..ef30554 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -1,12 +1,8 @@ { config, lib, pkgs, ... }: { - dconf.enable = true; - - programs = { - firefox.enable = true; - vscode.enable = true; - }; + programs.firefox.enable = true; + programs.vscode.enable = true; home.packages = with pkgs; [ bitwarden From f4228d99261f19536f604d01aa2689f3f14e0ec6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 15 Sep 2024 16:37:30 +0100 Subject: [PATCH 182/438] correct flake-compat hash --- shell.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell.nix b/shell.nix index 688ef15..a2d1b10 100644 --- a/shell.nix +++ b/shell.nix @@ -2,7 +2,7 @@ let shell = (import (fetchTarball { url = "https://github.com/edolstra/flake-compat/archive/refs/tags/v1.0.1.tar.gz"; - sha256 = "0jm6nzb83wa6ai17ly9fzpqc40wg1viib8klq8lby54agpl213w5"; + sha256 = "0m9grvfsbwmvgwaxvdzv6cmyvjnlww004gfxjvcl806ndqaxzy4j"; }) { src = ./.; }).shellNix; in From 3658b0073cf5a54606e0c332b610828747678068 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 15 Sep 2024 16:39:43 +0100 Subject: [PATCH 183/438] qenya: xdg-mime-apps: open text files in DE text editor --- home/qenya/xdg-mime-apps.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix index a5ab3bf..9a2b72f 100644 --- a/home/qenya/xdg-mime-apps.nix +++ b/home/qenya/xdg-mime-apps.nix @@ -12,6 +12,7 @@ in "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; + "text/plain" = [ "org.gnome.TextEditor.desktop" "org.kde.kate.desktop" ]; }; }; } From cbb44fd11d099160b8bbb15c60647c227a8fd7f3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 15 Sep 2024 16:40:01 +0100 Subject: [PATCH 184/438] tohru: install amberol --- hosts/tohru/home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index ef30554..3f2f0d3 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -5,6 +5,7 @@ programs.vscode.enable = true; home.packages = with pkgs; [ + amberol bitwarden discord foliate From 7189fae10971563bda9dbbb21bfd0a9d992a52b1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 15 Sep 2024 17:40:19 +0100 Subject: [PATCH 185/438] qenya: plasma: workaround for issue in randomcat's config --- home/qenya/plasma/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/home/qenya/plasma/default.nix b/home/qenya/plasma/default.nix index f35d05c..6624109 100644 --- a/home/qenya/plasma/default.nix +++ b/home/qenya/plasma/default.nix @@ -1,11 +1,19 @@ { config, lib, pkgs, osConfig, ... }: let + inherit (lib) mkIf; isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; in { - programs.plasma.enable = isPlasma; - programs.plasma.overrideConfig = true; + # FIXME: this mkIf is necessary because home/qenya is imported into shaw here: + # https://github.com/randomnetcat/nix-configs/blob/75d491dc6904475e43a820287edf3cf2f89abcfb/hosts/shaw/birdsong.nix#L74 + # shaw doesn't understand programs.plasma because randomcat doesn't import + # plasma-manager, and is unwilling to because none of her machines run KDE. + # This probably can't be fixed until we merge our configs completely. + programs = mkIf isPlasma { + plasma.enable = isPlasma; + plasma.overrideConfig = true; + }; imports = [ ]; } From f4da07c4e6e4df33a0c00e17f80b14eb1e0135a3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Sep 2024 17:22:58 +0100 Subject: [PATCH 186/438] move all host-specific configuration to hosts directory --- flake.nix | 33 ++----------------- .../{configuration.nix => default.nix} | 6 ++++ hosts/orm/{configuration.nix => default.nix} | 5 ++- .../yevaud/{configuration.nix => default.nix} | 3 ++ 4 files changed, 16 insertions(+), 31 deletions(-) rename hosts/kalessin/{configuration.nix => default.nix} (69%) rename hosts/orm/{configuration.nix => default.nix} (84%) rename hosts/yevaud/{configuration.nix => default.nix} (92%) diff --git a/flake.nix b/flake.nix index 7f3b793..98baa2a 100644 --- a/flake.nix +++ b/flake.nix @@ -57,36 +57,9 @@ kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; - - yevaud = { name, nodes, ... }: { - networking.hostId = "09673d65"; - deployment.targetHost = "yevaud.birdsong.network"; - - imports = [ - ./hosts/yevaud/configuration.nix - ]; - }; - - orm = { name, nodes, ... }: { - networking.hostId = "00000000"; - deployment.targetHost = "orm.birdsong.network"; - - imports = [ - ./hosts/orm/configuration.nix - ]; - }; - - kalessin = { name, nodes, ... }: { - networking.hostId = "534b538e"; - deployment = { - targetHost = "kalessin.birdsong.network"; - buildOnTarget = true; - }; - - imports = [ - ./hosts/kalessin/configuration.nix - ]; - }; + yevaud.imports = [ ./hosts/yevaud ]; + orm.imports = [ ./hosts/orm ]; + kalessin.imports = [ ./hosts/kalessin ]; }; # TODO: have this work on other systems too diff --git a/hosts/kalessin/configuration.nix b/hosts/kalessin/default.nix similarity index 69% rename from hosts/kalessin/configuration.nix rename to hosts/kalessin/default.nix index 3250f27..e3c08a6 100644 --- a/hosts/kalessin/configuration.nix +++ b/hosts/kalessin/default.nix @@ -5,6 +5,12 @@ ./hardware-configuration.nix ]; + networking.hostId = "534b538e"; + deployment = { + targetHost = "kalessin.birdsong.network"; + buildOnTarget = true; + }; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/orm/configuration.nix b/hosts/orm/default.nix similarity index 84% rename from hosts/orm/configuration.nix rename to hosts/orm/default.nix index c31dc6a..4b6e346 100644 --- a/hosts/orm/configuration.nix +++ b/hosts/orm/default.nix @@ -5,9 +5,12 @@ ./hardware-configuration.nix ]; + networking.hostId = "00000000"; + deployment.targetHost = "orm.birdsong.network"; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - + users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; diff --git a/hosts/yevaud/configuration.nix b/hosts/yevaud/default.nix similarity index 92% rename from hosts/yevaud/configuration.nix rename to hosts/yevaud/default.nix index 2fbd757..18f868a 100644 --- a/hosts/yevaud/configuration.nix +++ b/hosts/yevaud/default.nix @@ -5,6 +5,9 @@ ./hardware-configuration.nix ]; + networking.hostId = "09673d65"; + deployment.targetHost = "yevaud.birdsong.network"; + boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From a6359fdd364d9420f87e4d79f83f319579431643 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Sep 2024 18:40:15 +0100 Subject: [PATCH 187/438] export home-manager config from homeManagerModules --- common/users/qenya.nix | 5 ----- flake.nix | 20 ++++++++++++++++++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 19dc8ed..e9d11ad 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -11,9 +11,4 @@ in { }; programs.zsh.enable = true; - - home-manager.users.qenya = { config, lib, pkgs, osConfig, ... }: { - home.homeDirectory = osConfig.users.users.qenya.home; - imports = [ ../../home/qenya ]; - }; } diff --git a/flake.nix b/flake.nix index 98baa2a..4680f54 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,19 @@ }; outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, birdsong, ... }: { + # The name of this output type is not standardised. I have picked + # "homeManagerModules" as the discussion here suggests it's the most common: + # https://github.com/nix-community/home-manager/issues/1783 + # + # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": + # https://github.com/NixOS/nix/pull/10858 + homeManagerModules."qenya" = { config, lib, pkgs, ... }: { + imports = [ + plasma-manager.homeManagerModules.plasma-manager + ./home/qenya + ]; + }; + colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; @@ -35,7 +48,7 @@ }; }; - defaults = { name, nodes, config, ... }: { + defaults = { name, nodes, ... }: { networking.hostName = name; nix.settings.experimental-features = "nix-command flakes"; @@ -43,7 +56,10 @@ nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ nur.overlay ]; - home-manager.sharedModules = [ plasma-manager.homeManagerModules.plasma-manager ]; + + # TODO: make this or something like it work without infinite recursion + # home-manager.users."qenya" = lib.mkIf (config.users.users ? "qenya") self.homeManagerModules."qenya"; + home-manager.users."qenya" = self.homeManagerModules."qenya"; imports = [ home-manager.nixosModules.home-manager From d881607cb0b430e614ce2848c40f1e23cb0295a3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Sep 2024 18:41:13 +0100 Subject: [PATCH 188/438] Revert "qenya: plasma: workaround for issue in randomcat's config" This reverts commit 7189fae10971563bda9dbbb21bfd0a9d992a52b1. This didn't actually fix the issue, as it turns out mkIf still resolves the children of its attrset recursively. The longer-term solution is to export my home-manager config as a flake output, which I'm moving towards. --- home/qenya/plasma/default.nix | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/home/qenya/plasma/default.nix b/home/qenya/plasma/default.nix index 6624109..f35d05c 100644 --- a/home/qenya/plasma/default.nix +++ b/home/qenya/plasma/default.nix @@ -1,19 +1,11 @@ { config, lib, pkgs, osConfig, ... }: let - inherit (lib) mkIf; isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; in { - # FIXME: this mkIf is necessary because home/qenya is imported into shaw here: - # https://github.com/randomnetcat/nix-configs/blob/75d491dc6904475e43a820287edf3cf2f89abcfb/hosts/shaw/birdsong.nix#L74 - # shaw doesn't understand programs.plasma because randomcat doesn't import - # plasma-manager, and is unwilling to because none of her machines run KDE. - # This probably can't be fixed until we merge our configs completely. - programs = mkIf isPlasma { - plasma.enable = isPlasma; - plasma.overrideConfig = true; - }; + programs.plasma.enable = isPlasma; + programs.plasma.overrideConfig = true; imports = [ ]; } From 3849eeb37b189e4eaa56b9ce8b277bba9311048e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Sep 2024 18:52:12 +0100 Subject: [PATCH 189/438] export homeManagerModules."qenya@shaw" --- flake.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 4680f54..c61e546 100644 --- a/flake.nix +++ b/flake.nix @@ -33,11 +33,16 @@ # # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": # https://github.com/NixOS/nix/pull/10858 - homeManagerModules."qenya" = { config, lib, pkgs, ... }: { - imports = [ + homeManagerModules = { + "qenya".imports = [ plasma-manager.homeManagerModules.plasma-manager ./home/qenya ]; + + "qenya@shaw".imports = [ + self.homeManagerModules."qenya" + ./hosts/shaw/home.nix + ]; }; colmena = { @@ -56,7 +61,7 @@ nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ nur.overlay ]; - + # TODO: make this or something like it work without infinite recursion # home-manager.users."qenya" = lib.mkIf (config.users.users ? "qenya") self.homeManagerModules."qenya"; home-manager.users."qenya" = self.homeManagerModules."qenya"; From 32dabca83f81854dcf46a5ede348ed4fec07643a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Sep 2024 19:11:57 +0100 Subject: [PATCH 190/438] don't import universal config in host-specific homeManagerModules --- flake.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index c61e546..b1a2ac9 100644 --- a/flake.nix +++ b/flake.nix @@ -39,10 +39,7 @@ ./home/qenya ]; - "qenya@shaw".imports = [ - self.homeManagerModules."qenya" - ./hosts/shaw/home.nix - ]; + "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; }; colmena = { From 9f6d0fbaf88f1f2a4936f4f449f82edd8a8a3f8f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 03:06:48 +0100 Subject: [PATCH 191/438] treewide: move all deployment keys to flake.nix --- common/base-server/default.nix | 1 - flake.nix | 26 ++++++++++++++++++++++++++ hosts/kalessin/default.nix | 4 ---- hosts/kilgharrah/default.nix | 5 ----- hosts/orm/default.nix | 1 - hosts/tohru/default.nix | 5 ----- hosts/yevaud/default.nix | 1 - 7 files changed, 26 insertions(+), 17 deletions(-) diff --git a/common/base-server/default.nix b/common/base-server/default.nix index 47a82fa..c074c3c 100644 --- a/common/base-server/default.nix +++ b/common/base-server/default.nix @@ -11,7 +11,6 @@ in time.timeZone = "Etc/UTC"; # Allow remote deployment with colmena - deployment.targetUser = null; security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; }; diff --git a/flake.nix b/flake.nix index b1a2ac9..0a20e84 100644 --- a/flake.nix +++ b/flake.nix @@ -78,6 +78,32 @@ yevaud.imports = [ ./hosts/yevaud ]; orm.imports = [ ./hosts/orm ]; kalessin.imports = [ ./hosts/kalessin ]; + + kilgharrah.deployment = { + allowLocalDeployment = true; + targetHost = null; # disallow remote deployment + }; + + tohru.deployment = { + allowLocalDeployment = true; + targetHost = null; # disallow remote deployment + }; + + yevaud.deployment = { + targetHost = "yevaud.birdsong.network"; + targetUser = null; + }; + + orm.deployment = { + targetHost = "orm.birdsong.network"; + targetUser = null; + }; + + kalessin.deployment = { + targetHost = "kalessin.birdsong.network"; + targetUser = null; + buildOnTarget = true; + }; }; # TODO: have this work on other systems too diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index e3c08a6..d1a568b 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -6,10 +6,6 @@ ]; networking.hostId = "534b538e"; - deployment = { - targetHost = "kalessin.birdsong.network"; - buildOnTarget = true; - }; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 4418b4a..0ebc881 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -11,11 +11,6 @@ nixpkgs.hostPlatform = "x86_64-linux"; networking.hostId = "72885bb5"; - deployment = { - allowLocalDeployment = true; - targetHost = null; # disallow remote deployment - }; - qenya.base-graphical.enable = true; qenya.base-graphical.desktop = "plasma6"; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 4b6e346..3753fcc 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -6,7 +6,6 @@ ]; networking.hostId = "00000000"; - deployment.targetHost = "orm.birdsong.network"; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 53fb544..a071c2b 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -13,11 +13,6 @@ nixpkgs.hostPlatform = "x86_64-linux"; networking.hostId = "31da19c1"; - deployment = { - allowLocalDeployment = true; - targetHost = null; # disallow remote deployment - }; - qenya.base-graphical.enable = true; time.timeZone = "Europe/London"; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 18f868a..eebd456 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -6,7 +6,6 @@ ]; networking.hostId = "09673d65"; - deployment.targetHost = "yevaud.birdsong.network"; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; From f6010a968c6ae560f23c2314e38b621cf3124052 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 03:13:34 +0100 Subject: [PATCH 192/438] treewide: specify hostname in host configs --- flake.nix | 2 -- hosts/kalessin/default.nix | 1 + hosts/kilgharrah/default.nix | 1 + hosts/orm/default.nix | 1 + hosts/tohru/default.nix | 1 + hosts/yevaud/default.nix | 1 + 6 files changed, 5 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 0a20e84..384fd1d 100644 --- a/flake.nix +++ b/flake.nix @@ -51,8 +51,6 @@ }; defaults = { name, nodes, ... }: { - networking.hostName = name; - nix.settings.experimental-features = "nix-command flakes"; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index d1a568b..aeb39a6 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ]; + networking.hostName = "kalessin"; networking.hostId = "534b538e"; boot.loader.systemd-boot.enable = true; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 0ebc881..00daac3 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -9,6 +9,7 @@ ]; nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "kilgharrah"; networking.hostId = "72885bb5"; qenya.base-graphical.enable = true; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 3753fcc..c76bd6b 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ]; + networking.hostName = "orm"; networking.hostId = "00000000"; boot.loader.systemd-boot.enable = true; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index a071c2b..c5b1fef 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -11,6 +11,7 @@ ]; nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "tohru"; networking.hostId = "31da19c1"; qenya.base-graphical.enable = true; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index eebd456..b620f43 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -5,6 +5,7 @@ ./hardware-configuration.nix ]; + networking.hostName = "yevaud"; networking.hostId = "09673d65"; boot.loader.systemd-boot.enable = true; From a938b33679575ae5870e7f73af24e318a034084c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 03:49:56 +0100 Subject: [PATCH 193/438] export nixos configurations as standard flake outputs --- flake.nix | 87 ++++++++++++++++++++++++++----------------------------- 1 file changed, 41 insertions(+), 46 deletions(-) diff --git a/flake.nix b/flake.nix index 384fd1d..71aa94d 100644 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,36 @@ }; outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, birdsong, ... }: { + nixosModules.default = { + nix.settings.experimental-features = "nix-command flakes"; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + nixpkgs.config.allowUnfree = true; + + nixpkgs.overlays = [ nur.overlay ]; + + # TODO: make this or something like it work without infinite recursion + # home-manager.users."qenya" = lib.mkIf (config.users.users ? "qenya") self.homeManagerModules."qenya"; + home-manager.users."qenya" = self.homeManagerModules."qenya"; + + imports = [ + home-manager.nixosModules.home-manager + nur.nixosModules.nur + agenix.nixosModules.default + birdsong.nixosModules.default + ./common + ./services + ]; + }; + + # TODO: simplify + nixosConfigurations = { + "kilgharrah" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/kilgharrah self.nixosModules.default ]; }; + "tohru" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/tohru self.nixosModules.default ]; }; + "yevaud" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/yevaud self.nixosModules.default ]; }; + "orm" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/orm self.nixosModules.default ]; }; + "kalessin" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/kalessin self.nixosModules.default ]; }; + }; + # The name of this output type is not standardised. I have picked # "homeManagerModules" as the discussion here suggests it's the most common: # https://github.com/nix-community/home-manager/issues/1783 @@ -45,63 +75,28 @@ colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - nodeNixpkgs = { - kalessin = import nixpkgs { system = "aarch64-linux"; }; # TODO: this should be generated from the host config somehow - }; - }; - - defaults = { name, nodes, ... }: { - nix.settings.experimental-features = "nix-command flakes"; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; - nixpkgs.config.allowUnfree = true; - - nixpkgs.overlays = [ nur.overlay ]; - - # TODO: make this or something like it work without infinite recursion - # home-manager.users."qenya" = lib.mkIf (config.users.users ? "qenya") self.homeManagerModules."qenya"; - home-manager.users."qenya" = self.homeManagerModules."qenya"; - - imports = [ - home-manager.nixosModules.home-manager - nur.nixosModules.nur - agenix.nixosModules.default - birdsong.nixosModules.default - ./common - ./services - ]; + nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) self.nixosConfigurations; }; + # TODO: eliminate duplication with nixosConfigurations + defaults.imports = [ self.nixosModules.default ]; kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; yevaud.imports = [ ./hosts/yevaud ]; orm.imports = [ ./hosts/orm ]; kalessin.imports = [ ./hosts/kalessin ]; - kilgharrah.deployment = { + defaults.deployment = { allowLocalDeployment = true; - targetHost = null; # disallow remote deployment - }; - - tohru.deployment = { - allowLocalDeployment = true; - targetHost = null; # disallow remote deployment - }; - - yevaud.deployment = { - targetHost = "yevaud.birdsong.network"; - targetUser = null; - }; - - orm.deployment = { - targetHost = "orm.birdsong.network"; - targetUser = null; - }; - - kalessin.deployment = { - targetHost = "kalessin.birdsong.network"; - targetUser = null; buildOnTarget = true; + targetUser = null; }; + + kilgharrah.deployment.targetHost = null; + tohru.deployment.targetHost = null; + yevaud.deployment.targetHost = "yevaud.birdsong.network"; + orm.deployment.targetHost = "orm.birdsong.network"; + kalessin.deployment.targetHost = "kalessin.birdsong.network"; }; # TODO: have this work on other systems too From ad1f4d2cc5688280063c067cd574cce5f90d4798 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 18:58:04 +0100 Subject: [PATCH 194/438] deduplicate flake outputs --- flake.lock | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 22 ++++++++--------- 2 files changed, 82 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index 3ecf0fb..03b5ab8 100644 --- a/flake.lock +++ b/flake.lock @@ -39,6 +39,60 @@ "url": "https://git.qenya.tel/qenya/birdsong" } }, + "colmena": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "stable": "stable" + }, + "locked": { + "lastModified": 1711386353, + "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "owner": "zhaofengli", + "repo": "colmena", + "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "repo": "colmena", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -139,12 +193,29 @@ "inputs": { "agenix": "agenix", "birdsong": "birdsong", + "colmena": "colmena", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", "nur": "nur", "plasma-manager": "plasma-manager" } }, + "stable": { + "locked": { + "lastModified": 1696039360, + "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, diff --git a/flake.nix b/flake.nix index 71aa94d..4f0028b 100644 --- a/flake.nix +++ b/flake.nix @@ -23,10 +23,15 @@ }; }; + colmena = { + url = "github:zhaofengli/colmena"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { nixosModules.default = { nix.settings.experimental-features = "nix-command flakes"; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; @@ -48,14 +53,7 @@ ]; }; - # TODO: simplify - nixosConfigurations = { - "kilgharrah" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/kilgharrah self.nixosModules.default ]; }; - "tohru" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/tohru self.nixosModules.default ]; }; - "yevaud" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/yevaud self.nixosModules.default ]; }; - "orm" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/orm self.nixosModules.default ]; }; - "kalessin" = nixpkgs.lib.nixosSystem { modules = [ ./hosts/kalessin self.nixosModules.default ]; }; - }; + nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked # "homeManagerModules" as the discussion here suggests it's the most common: @@ -75,10 +73,12 @@ colmena = { meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; - nodeNixpkgs = builtins.mapAttrs (name: value: value.pkgs) self.nixosConfigurations; + nodeNixpkgs = { + kalessin = import nixpkgs { system = "aarch64-linux"; }; + }; + specialArgs = { inherit inputs; }; }; - # TODO: eliminate duplication with nixosConfigurations defaults.imports = [ self.nixosModules.default ]; kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; From 28698d1a60db6d04fa890607468da8b8a85bc19b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 19:03:35 +0100 Subject: [PATCH 195/438] yevaud, orm, kalessin: switch to nixpkgs-small --- flake.lock | 17 +++++++++++++++++ flake.nix | 10 ++++++++-- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index 03b5ab8..21f700f 100644 --- a/flake.lock +++ b/flake.lock @@ -151,6 +151,22 @@ "type": "github" } }, + "nixpkgsSmall": { + "locked": { + "lastModified": 1726611721, + "narHash": "sha256-oSDOQ5c7CTVzkaG5A19UW3Yxsv9TLNFNcrvQT9F4Pz0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05-small", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1725486293, @@ -196,6 +212,7 @@ "colmena": "colmena", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs", + "nixpkgsSmall": "nixpkgsSmall", "nur": "nur", "plasma-manager": "plasma-manager" } diff --git a/flake.nix b/flake.nix index 4f0028b..928ad7e 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,8 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + nixpkgsSmall.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -31,7 +33,7 @@ birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { nixosModules.default = { nix.settings.experimental-features = "nix-command flakes"; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; @@ -74,7 +76,11 @@ meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; nodeNixpkgs = { - kalessin = import nixpkgs { system = "aarch64-linux"; }; + kilgharrah = import nixpkgs { system = "x86_64-linux"; }; + tohru = import nixpkgs { system = "x86_64-linux"; }; + yevaud = import nixpkgsSmall { system = "x86_64-linux"; }; + orm = import nixpkgsSmall { system = "x86_64-linux"; }; + kalessin = import nixpkgsSmall { system = "aarch64-linux"; }; }; specialArgs = { inherit inputs; }; }; From a47d1f47e826e18a088d24db215fa2a417ad68c0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 19:05:11 +0100 Subject: [PATCH 196/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03) → 'github:nix-community/home-manager/2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594' (2024-09-17) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30) → 'github:NixOS/nixpkgs/086b448a5d54fd117f4dc2dee55c9f0ff461bdc1' (2024-09-16) • Updated input 'nur': 'github:nix-community/NUR/444e1f3fdf23aa476489b0038e0738c6f4d9df85' (2024-09-04) → 'github:nix-community/NUR/59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0' (2024-09-18) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/60becd0e994e25b372c8d0500fc944396f6c1085' (2024-09-09) → 'github:nix-community/plasma-manager/5a0c70a007837e2db01e0bb68971792e8653d32c' (2024-09-16) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 21f700f..c0faff0 100644 --- a/flake.lock +++ b/flake.lock @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726592409, + "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594", "type": "github" }, "original": { @@ -137,11 +137,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725001927, - "narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", + "lastModified": 1726447378, + "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", + "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", "type": "github" }, "original": { @@ -169,11 +169,11 @@ }, "nur": { "locked": { - "lastModified": 1725486293, - "narHash": "sha256-XRWbx8JcTCVoGxr3P2YL/tK4s4HzZBhUqlxr91zLOZs=", + "lastModified": 1726681508, + "narHash": "sha256-xz858EXcKZjWR6TPyU84BTeMHIPewGW68DutnxghaR4=", "owner": "nix-community", "repo": "NUR", - "rev": "444e1f3fdf23aa476489b0038e0738c6f4d9df85", + "rev": "59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0", "type": "github" }, "original": { @@ -192,11 +192,11 @@ ] }, "locked": { - "lastModified": 1725914634, - "narHash": "sha256-U74hu15xSb6JNySMOwyJrsh4uk1DVa182bdHLeHdYMc=", + "lastModified": 1726509788, + "narHash": "sha256-PmCmO8NDKzwHrTp9Ox/rcLiCYivqIpZlnLk8wZRjv2I=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "60becd0e994e25b372c8d0500fc944396f6c1085", + "rev": "5a0c70a007837e2db01e0bb68971792e8653d32c", "type": "github" }, "original": { From e713fe3b2c8c42ce128f9cfec202f01c1fa93f1e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 19:38:20 +0100 Subject: [PATCH 197/438] nix, home-manager: move common config out of flake.nix --- common/default.nix | 1 + common/nix.nix | 7 +++++++ common/users/qenya.nix | 4 +++- flake.nix | 32 ++++++++++---------------------- 4 files changed, 21 insertions(+), 23 deletions(-) create mode 100644 common/nix.nix diff --git a/common/default.nix b/common/default.nix index fd0791c..a1f43a4 100644 --- a/common/default.nix +++ b/common/default.nix @@ -6,6 +6,7 @@ ./environment.nix ./home-manager.nix ./nginx.nix + ./nix.nix ./openssh.nix ./security.nix ./steam.nix diff --git a/common/nix.nix b/common/nix.nix new file mode 100644 index 0000000..9361188 --- /dev/null +++ b/common/nix.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + nix.settings.experimental-features = "nix-command flakes"; + nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; + nixpkgs.config.allowUnfree = true; +} diff --git a/common/users/qenya.nix b/common/users/qenya.nix index e9d11ad..6e96e58 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: let keys = import ../../keys.nix; in { @@ -11,4 +11,6 @@ in { }; programs.zsh.enable = true; + + home-manager.users."qenya" = inputs.self.homeManagerModules."qenya"; } diff --git a/flake.nix b/flake.nix index 928ad7e..50a5c8a 100644 --- a/flake.nix +++ b/flake.nix @@ -34,27 +34,6 @@ }; outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { - nixosModules.default = { - nix.settings.experimental-features = "nix-command flakes"; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; - nixpkgs.config.allowUnfree = true; - - nixpkgs.overlays = [ nur.overlay ]; - - # TODO: make this or something like it work without infinite recursion - # home-manager.users."qenya" = lib.mkIf (config.users.users ? "qenya") self.homeManagerModules."qenya"; - home-manager.users."qenya" = self.homeManagerModules."qenya"; - - imports = [ - home-manager.nixosModules.home-manager - nur.nixosModules.nur - agenix.nixosModules.default - birdsong.nixosModules.default - ./common - ./services - ]; - }; - nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked @@ -85,7 +64,16 @@ specialArgs = { inherit inputs; }; }; - defaults.imports = [ self.nixosModules.default ]; + defaults.imports = [ + home-manager.nixosModules.home-manager + nur.nixosModules.nur + { nixpkgs.overlays = [ nur.overlay ]; } + agenix.nixosModules.default + birdsong.nixosModules.default + ./common + ./services + ]; + kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; yevaud.imports = [ ./hosts/yevaud ]; From 6a1597aee8ec7852a195dbc831d60385e934412a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 19:38:59 +0100 Subject: [PATCH 198/438] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 81bbe1f..35cb589 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ### Building -To build locally, run `colmena apply-local` as root. +To build locally, run `nixos-rebuild switch --flake .#[hostname]` as root. To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: * `--on [hostname]`: build a specific machine only From 0b6d72a4b630935becaa8b4b78fad01a6f94cac9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 18 Sep 2024 19:45:18 +0100 Subject: [PATCH 199/438] qenya/vscode: disable automatic flake input evaluation Unfortunately the memory requirements are too high to meet realistically (tested with 8 GiB; still failed). --- home/qenya/vscode.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index f9d8c6e..5a4c9bd 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -38,10 +38,7 @@ in "nix.serverSettings".nil = { diagnostics.ignored = [ "unused_binding" "unused_with" ]; formatting.command = [ "nixpkgs-fmt" ]; - nix.flake = { - autoArchive = true; - autoEvalInputs = true; - }; + nix.flake.autoArchive = true; }; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; From bbb3bd3c166295c8bc21bdc19aa7f118b8eeb89d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 21:55:22 +0100 Subject: [PATCH 200/438] kilgharrah: fix networking --- hosts/kilgharrah/networking.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index a3f344b..2db377f 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -1,6 +1,9 @@ { config, lib, pkgs, ... }: { + systemd.network.enable = true; + networking.useDHCP = false; + systemd.network.networks."10-wan" = { matchConfig.Name = "enp2s0"; networkConfig = { From 8cbfb51930afbd828f9add0956078482186276de Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 23:06:08 +0100 Subject: [PATCH 201/438] move deployment config --- common/base-server/default.nix | 1 + flake.nix | 44 ++++++++++++++++++---------------- 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/common/base-server/default.nix b/common/base-server/default.nix index c074c3c..47a82fa 100644 --- a/common/base-server/default.nix +++ b/common/base-server/default.nix @@ -11,6 +11,7 @@ in time.timeZone = "Etc/UTC"; # Allow remote deployment with colmena + deployment.targetUser = null; security.sudo.wheelNeedsPassword = false; nix.settings.trusted-users = [ "@wheel" ]; }; diff --git a/flake.nix b/flake.nix index 50a5c8a..4cafa05 100644 --- a/flake.nix +++ b/flake.nix @@ -64,33 +64,35 @@ specialArgs = { inherit inputs; }; }; - defaults.imports = [ - home-manager.nixosModules.home-manager - nur.nixosModules.nur - { nixpkgs.overlays = [ nur.overlay ]; } - agenix.nixosModules.default - birdsong.nixosModules.default - ./common - ./services - ]; + defaults = { config, lib, pkgs, ... }: { + # disable remote deployment by default + # (can stil build locally with nixos-rebuild) + deployment.targetHost = lib.mkDefault null; + + # TODO: set up some remote builders + # until this is done, as we have multiple architectures, safer to build on target + deployment.buildOnTarget = true; + + imports = [ + home-manager.nixosModules.home-manager + nur.nixosModules.nur + { nixpkgs.overlays = [ nur.overlay ]; } + agenix.nixosModules.default + birdsong.nixosModules.default + ./common + ./services + ]; + }; + + yevaud.deployment.targetHost = "yevaud.birdsong.network"; + orm.deployment.targetHost = "orm.birdsong.network"; + kalessin.deployment.targetHost = "kalessin.birdsong.network"; kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; yevaud.imports = [ ./hosts/yevaud ]; orm.imports = [ ./hosts/orm ]; kalessin.imports = [ ./hosts/kalessin ]; - - defaults.deployment = { - allowLocalDeployment = true; - buildOnTarget = true; - targetUser = null; - }; - - kilgharrah.deployment.targetHost = null; - tohru.deployment.targetHost = null; - yevaud.deployment.targetHost = "yevaud.birdsong.network"; - orm.deployment.targetHost = "orm.birdsong.network"; - kalessin.deployment.targetHost = "kalessin.birdsong.network"; }; # TODO: have this work on other systems too From 9813aaf27b966ed169f30ad0992b96c0fe757a35 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 23:06:40 +0100 Subject: [PATCH 202/438] kilgharrah: disable autosuspend --- hosts/kilgharrah/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 00daac3..01377be 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -35,6 +35,9 @@ tor-browser-bundle-bin zoom-us ]; + + # For the moment, this hosts some network-accessible services, so we want it on 24/7 + programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; }; programs.steam.enable = true; From d7142d8619e4dd41c1a8bd43c663df76d26b74c3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 23:21:42 +0100 Subject: [PATCH 203/438] qenya/xdg-mime-apps: open mailto links in evolution --- home/qenya/xdg-mime-apps.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix index 9a2b72f..9ec8ff9 100644 --- a/home/qenya/xdg-mime-apps.nix +++ b/home/qenya/xdg-mime-apps.nix @@ -9,6 +9,7 @@ in defaultApplications = { "x-scheme-handler/http" = "firefox.desktop"; "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/mailto" = "org.gnome.Evolution.desktop"; # TODO: email on KDE - is Kontact any good? "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; From 58109130e6fd7fc6f09bc38f9c52b1a3b2d81e77 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 23:23:46 +0100 Subject: [PATCH 204/438] base-graphical/desktop: refactor --- common/base-graphical/desktop.nix | 33 ++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/common/base-graphical/desktop.nix b/common/base-graphical/desktop.nix index 50ff84c..7e6a92c 100644 --- a/common/base-graphical/desktop.nix +++ b/common/base-graphical/desktop.nix @@ -1,11 +1,8 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf mkOption types; + inherit (lib) mkIf mkMerge mkOption types; cfg = config.qenya.base-graphical; - - isGnome = cfg.desktop == "gnome"; - isPlasma6 = cfg.desktop == "plasma6"; in { options.qenya.base-graphical.desktop = mkOption { @@ -15,12 +12,24 @@ in description = "Which display manager and desktop manager to use."; }; - config = mkIf cfg.enable { - services.xserver.displayManager.gdm.enable = isGnome; - services.xserver.desktopManager.gnome.enable = isGnome; - - services.displayManager.sddm.enable = isPlasma6; - services.displayManager.sddm.wayland.enable = isPlasma6; - services.desktopManager.plasma6.enable = isPlasma6; - }; + config = mkIf cfg.enable (mkMerge [ + (mkIf (cfg.desktop == "gnome") { + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + # TODO: agree on this with randomcat as it affects her too, since for some reason this is system-wide + # environment.gnome.excludePackages = with pkgs.gnome; [ + # pkgs.gnome-tour + # epiphany # GNOME Web + # geary + # gnome-calendar + # gnome-contacts + # gnome-music + # ]; + }) + (mkIf (cfg.desktop == "plasma6") { + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.desktopManager.plasma6.enable = true; + }) + ]); } From 4dbe61e97ac24c850219e8a705b979924bd5b43f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 19 Sep 2024 23:25:35 +0100 Subject: [PATCH 205/438] yevaud: add experimental BIND config --- hosts/yevaud/default.nix | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index b620f43..d1804fe 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -22,6 +22,36 @@ privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; }; + services.bind = { + # enable = true; + cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; + forwarders = [ ]; + listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; + listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; + zones = { + "birdsong.internal" = { + master = true; + # TODO: pick better email address for SOA record + file = pkgs.writeText "birdsong.internal.zone" '' + $TTL 60 + $ORIGIN birdsong.internal. + + birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 ) + birdsong.internal. IN NS ns.birdsong.internal. + + yevaud.c.birdsong.internal. IN A 10.127.1.1 + yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + + ns.birdsong.internal. IN A 10.127.1.1 + ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + ''; + }; + }; + }; + networking.resolvconf.useLocalResolver = false; + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; + qenya.services.forgejo = { enable = true; domain = "git.qenya.tel"; From 002b136ae83e356a9af2eeedb9295e1405d33707 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 20 Sep 2024 15:58:24 +0100 Subject: [PATCH 206/438] qenya: install units --- home/qenya/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/cli.nix b/home/qenya/cli.nix index 689a9b8..a564d78 100644 --- a/home/qenya/cli.nix +++ b/home/qenya/cli.nix @@ -3,6 +3,7 @@ { home.packages = with pkgs; [ tree # like `ls -R` but nicer + units # Extremely important fortune From 4f99cc5102a195a4a6fd522fc5e081eb058b42a1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 23 Sep 2024 23:22:32 +0100 Subject: [PATCH 207/438] fix agenix pathspec --- flake.lock | 25 +++++-------------------- flake.nix | 2 +- 2 files changed, 6 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index c0faff0..64e1b08 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1703089996, + "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", "type": "github" }, "original": { "owner": "ryantm", + "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -232,21 +232,6 @@ "repo": "nixpkgs", "type": "github" } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 4cafa05..ccca91a 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ nur.url = "github:nix-community/NUR"; agenix = { - url = "github:ryantm/agenix?tag=0.15.0"; + url = "github:ryantm/agenix/0.15.0"; inputs = { nixpkgs.follows = "nixpkgs"; darwin.follows = ""; From 5ef9816a340520fceeeb1ad49a1e0530fa0975d2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 23 Sep 2024 23:22:48 +0100 Subject: [PATCH 208/438] kilgharrah: enable zfs, luksdev --- hosts/kilgharrah/filesystems.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index eb9f0c5..bfc5b10 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -2,9 +2,15 @@ { boot.initrd.luks.devices = { - "enc".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; + "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; }; + boot.supportedFilesystems = [ "zfs" ]; + + environment.etc.crypttab.text = '' + cryptstorage UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key + ''; + fileSystems = { "/" = { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; From f4912efaaa071bd0e41bf4f12725c059bf42cbc6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 23 Sep 2024 23:58:36 +0100 Subject: [PATCH 209/438] switch to agenix trunk --- flake.lock | 25 ++++++++++++++++++++----- flake.nix | 8 +++----- 2 files changed, 23 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 64e1b08..c0faff0 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems" }, "locked": { - "lastModified": 1703089996, - "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { "owner": "ryantm", - "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -232,6 +232,21 @@ "repo": "nixpkgs", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ccca91a..06f6387 100644 --- a/flake.nix +++ b/flake.nix @@ -18,11 +18,9 @@ nur.url = "github:nix-community/NUR"; agenix = { - url = "github:ryantm/agenix/0.15.0"; - inputs = { - nixpkgs.follows = "nixpkgs"; - darwin.follows = ""; - }; + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.darwin.follows = ""; }; colmena = { From 7e1f6886992bf004e17079cd92c7bc9bcd7806ad Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 03:15:53 +0100 Subject: [PATCH 210/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594' (2024-09-17) → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/086b448a5d54fd117f4dc2dee55c9f0ff461bdc1' (2024-09-16) → 'github:NixOS/nixpkgs/23cbb250f3bf4f516a2d0bf03c51a30900848075' (2024-09-22) • Updated input 'nixpkgsSmall': 'github:NixOS/nixpkgs/a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e' (2024-09-17) → 'github:NixOS/nixpkgs/7ca0f93c530406c1610defff0b9bf643333cf992' (2024-09-23) • Updated input 'nur': 'github:nix-community/NUR/59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0' (2024-09-18) → 'github:nix-community/NUR/0d7209843407825066ccf9743c40d50b6d68674f' (2024-09-24) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/5a0c70a007837e2db01e0bb68971792e8653d32c' (2024-09-16) → 'github:nix-community/plasma-manager/6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272' (2024-09-22) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/5d5d5c706fcb6d3f2d5ddd864ab07cd69a35b9d3' (2024-09-24) → 'github:randomnetcat/nix-configs/2a6bd13e96db07e2e904fcc1b93faf5484725c91' (2024-09-24) --- flake.lock | 49 +++++++++++++++++++++++++++++++++---------------- 1 file changed, 33 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index c0faff0..e65e4f4 100644 --- a/flake.lock +++ b/flake.lock @@ -121,11 +121,11 @@ ] }, "locked": { - "lastModified": 1726592409, - "narHash": "sha256-2Y6CDvD/BD43WLS77PHu6dUHbdUfFhuzkY8oJAecD/U=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "2ab00f89dd3ecf8012f5090e6d7ca1a7ea30f594", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -137,11 +137,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726447378, - "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=", + "lastModified": 1726969270, + "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1", + "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", "type": "github" }, "original": { @@ -153,11 +153,11 @@ }, "nixpkgsSmall": { "locked": { - "lastModified": 1726611721, - "narHash": "sha256-oSDOQ5c7CTVzkaG5A19UW3Yxsv9TLNFNcrvQT9F4Pz0=", + "lastModified": 1727076372, + "narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a51a2cef87fc37c7e31d3a5345bc493e5f7a5f6e", + "rev": "7ca0f93c530406c1610defff0b9bf643333cf992", "type": "github" }, "original": { @@ -169,11 +169,11 @@ }, "nur": { "locked": { - "lastModified": 1726681508, - "narHash": "sha256-xz858EXcKZjWR6TPyU84BTeMHIPewGW68DutnxghaR4=", + "lastModified": 1727141325, + "narHash": "sha256-oqM2LaC0RLXgKZmFpj+aFM8qf5Iw9ilMJPWGZbGdTAk=", "owner": "nix-community", "repo": "NUR", - "rev": "59c5c2575c0cae6bc98b9de8161731cfb8cdc1f0", + "rev": "0d7209843407825066ccf9743c40d50b6d68674f", "type": "github" }, "original": { @@ -192,11 +192,11 @@ ] }, "locked": { - "lastModified": 1726509788, - "narHash": "sha256-PmCmO8NDKzwHrTp9Ox/rcLiCYivqIpZlnLk8wZRjv2I=", + "lastModified": 1727020652, + "narHash": "sha256-zwTXt1bcf+wycX389ZyJFzUO2gzCb16ButXxiX2iA7Y=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "5a0c70a007837e2db01e0bb68971792e8653d32c", + "rev": "6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272", "type": "github" }, "original": { @@ -205,6 +205,22 @@ "type": "github" } }, + "randomcat": { + "flake": false, + "locked": { + "lastModified": 1727143958, + "narHash": "sha256-W2DK8AehT9Q5IaYWzUuUYyVRSvu3DdHwr8ioWJluUD8=", + "owner": "randomnetcat", + "repo": "nix-configs", + "rev": "2a6bd13e96db07e2e904fcc1b93faf5484725c91", + "type": "github" + }, + "original": { + "owner": "randomnetcat", + "repo": "nix-configs", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", @@ -214,7 +230,8 @@ "nixpkgs": "nixpkgs", "nixpkgsSmall": "nixpkgsSmall", "nur": "nur", - "plasma-manager": "plasma-manager" + "plasma-manager": "plasma-manager", + "randomcat": "randomcat" } }, "stable": { From 2951f948b4ba2ceb90d95b22555668bc3544d6b0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 04:49:25 +0100 Subject: [PATCH 211/438] kilgharrah: set up zfs datasets using randomcat's module --- flake.nix | 8 +++++++- hosts/kilgharrah/datasets.nix | 12 ++++++++++++ hosts/kilgharrah/default.nix | 2 ++ hosts/kilgharrah/filesystems.nix | 6 ------ 4 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 hosts/kilgharrah/datasets.nix diff --git a/flake.nix b/flake.nix index 06f6387..61126be 100644 --- a/flake.nix +++ b/flake.nix @@ -28,10 +28,15 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + randomcat = { + url = "github:randomnetcat/nix-configs"; + flake = false; + }; + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: { nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked @@ -79,6 +84,7 @@ birdsong.nixosModules.default ./common ./services + (builtins.toPath "${randomcat}/services/default.nix") ]; }; diff --git a/hosts/kilgharrah/datasets.nix b/hosts/kilgharrah/datasets.nix new file mode 100644 index 0000000..161a50f --- /dev/null +++ b/hosts/kilgharrah/datasets.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + environment.etc.crypttab.text = '' + albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key + ''; + + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + }; +} diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 01377be..75dd2ec 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -6,6 +6,8 @@ ./filesystems.nix ./hardware.nix ./networking.nix + + ./datasets.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index bfc5b10..e2baa43 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -5,12 +5,6 @@ "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; }; - boot.supportedFilesystems = [ "zfs" ]; - - environment.etc.crypttab.text = '' - cryptstorage UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key - ''; - fileSystems = { "/" = { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; From 26900a59735fb5e949467a19058f32192d76caef Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 05:29:21 +0100 Subject: [PATCH 212/438] steam: lightly refactor --- common/steam.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/common/steam.nix b/common/steam.nix index 5f538fa..b1e26de 100644 --- a/common/steam.nix +++ b/common/steam.nix @@ -1,10 +1,12 @@ { config, lib, pkgs, ... }: { - programs.steam = { - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; + config = lib.mkIf config.programs.steam.enable { + programs.steam = { + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; - services.joycond.enable = config.programs.steam.enable; + services.joycond.enable = true; + }; } From 3195af88ef7e18baa5b0e9cb7fa95ea18ca5aff6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 05:31:17 +0100 Subject: [PATCH 213/438] nginx: improve hardening, tweak headers Still not quite where I want it to be but it's better --- common/nginx.nix | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/common/nginx.nix b/common/nginx.nix index 10e498d..19b315b 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -7,17 +7,13 @@ recommendedProxySettings = true; recommendedTlsSettings = true; - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - appendHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; + add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; + add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always; + add_header Referrer-Policy strict-origin-when-cross-origin; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; + add_header X-Clacks-Overhead "GNU Terry Pratchett"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; }; From 8d2d55e4c42ddc7c35731c8ecf6f48b8eafe4e15 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 18:41:17 +0100 Subject: [PATCH 214/438] openssh: disable fail2ban We've always had password authentication disabled, so it's not really doing much except periodically locking us out of our own servers when we misconfigure something --- common/openssh.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/common/openssh.nix b/common/openssh.nix index d8dd364..195277e 100644 --- a/common/openssh.nix +++ b/common/openssh.nix @@ -8,6 +8,4 @@ PermitRootLogin = "no"; }; }; - - services.fail2ban.enable = true; } \ No newline at end of file From d1b974b86cc9a3893f2271cfb613c312c47e17da Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Sep 2024 18:56:27 +0100 Subject: [PATCH 215/438] yevaud: specify (non-boot-critical) zfs datasets with randomcat's module Also moves forgejo state directory to the default location --- hosts/yevaud/default.nix | 6 +++++- hosts/yevaud/hardware-configuration.nix | 5 ----- services/forgejo.nix | 4 ---- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index d1804fe..d18de9a 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -52,10 +52,14 @@ networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 53 ]; + randomcat.services.zfs.datasets = { + "rpool/state" = { mountpoint = "none"; }; + "rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; + }; + qenya.services.forgejo = { enable = true; domain = "git.qenya.tel"; - stateDir = "/data/forgejo"; }; services.nginx = { diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index aa624a3..3a14ff6 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -28,11 +28,6 @@ fsType = "zfs"; }; - fileSystems."/data/forgejo" = - { device = "rpool/forgejo"; - fsType = "zfs"; - }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/107D-5AB3"; fsType = "vfat"; diff --git a/services/forgejo.nix b/services/forgejo.nix index 9f3f6f1..cf18e8f 100644 --- a/services/forgejo.nix +++ b/services/forgejo.nix @@ -10,9 +10,6 @@ in domain = mkOption { type = types.str; }; - stateDir = mkOption { - type = types.str; - }; }; config = mkIf cfg.enable { @@ -33,7 +30,6 @@ in forgejo = { enable = true; - stateDir = cfg.stateDir; settings = { DEFAULT.APP_NAME = cfg.domain; cache = { From 59bbcc165e7da1f615018eaea5ad1d1ea01671cd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 26 Sep 2024 12:15:49 +0100 Subject: [PATCH 216/438] nginx: expand default CSP this is required to run wasm and web workers --- common/nginx.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/nginx.nix b/common/nginx.nix index 19b315b..4bd8816 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -9,11 +9,11 @@ appendHttpConfig = '' add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; - add_header Content-Security-Policy "default-src https: data: 'unsafe-inline'; object-src 'none'; base-uri 'none';" always; + add_header Content-Security-Policy "default-src https: data: blob: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none';" always; add_header Referrer-Policy strict-origin-when-cross-origin; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; - add_header X-Clacks-Overhead "GNU Terry Pratchett"; + add_header X-Clacks-Overhead "GNU Terry Pratchett" always; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; ''; }; From 8b04d9039ec1cc7782c8adfb11d15121e550bbfd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 26 Sep 2024 12:16:33 +0100 Subject: [PATCH 217/438] orm: serve actual --- flake.lock | 46 ++++++++++++++++++++++++++++++++++++++----- flake.nix | 4 +++- hosts/orm/default.nix | 10 ++++++++++ services/actual.nix | 31 +++++++++++++++++++++++++++++ services/default.nix | 1 + 5 files changed, 86 insertions(+), 6 deletions(-) create mode 100644 services/actual.nix diff --git a/flake.lock b/flake.lock index e65e4f4..859793f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,24 @@ { "nodes": { + "actual": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1725392458, + "narHash": "sha256-sp1Ps5XBrIwDE0e2QOm2dJRRJ12aEWtJBhzohFwn+K4=", + "ref": "main", + "rev": "4cc6a8289f809ec4470eb01429aa6ed548349a56", + "revCount": 14, + "type": "git", + "url": "https://git.xeno.science/xenofem/actual-nix" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.xeno.science/xenofem/actual-nix" + } + }, "agenix": { "inputs": { "darwin": [], @@ -137,16 +156,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1726969270, - "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", + "lastModified": 1725103162, + "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", + "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -167,6 +186,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1726969270, + "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1727141325, @@ -223,11 +258,12 @@ }, "root": { "inputs": { + "actual": "actual", "agenix": "agenix", "birdsong": "birdsong", "colmena": "colmena", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "nixpkgsSmall": "nixpkgsSmall", "nur": "nur", "plasma-manager": "plasma-manager", diff --git a/flake.nix b/flake.nix index 61126be..fa2a9d7 100644 --- a/flake.nix +++ b/flake.nix @@ -33,10 +33,11 @@ flake = false; }; + actual.url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main"; birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked @@ -82,6 +83,7 @@ { nixpkgs.overlays = [ nur.overlay ]; } agenix.nixosModules.default birdsong.nixosModules.default + actual.nixosModules.default ./common ./services (builtins.toPath "${randomcat}/services/default.nix") diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index c76bd6b..e70bf1c 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -21,5 +21,15 @@ privateKeyFile = config.age.secrets.wireguard-peer-orm.path; }; + randomcat.services.zfs.datasets = { + "rpool_orm/state" = { mountpoint = "none"; }; + "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; + }; + + qenya.services.actual = { + enable = true; + domain = "actual.qenya.tel"; + }; + system.stateVersion = "23.11"; } diff --git a/services/actual.nix b/services/actual.nix new file mode 100644 index 0000000..c78e2ff --- /dev/null +++ b/services/actual.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.actual; +in +{ + options.qenya.services.actual = { + enable = mkEnableOption "Actual"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:5006/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.actual.enable = true; + }; +} diff --git a/services/default.nix b/services/default.nix index fddd93c..e31416b 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./actual.nix ./forgejo.nix ./pipewire-low-latency.nix ]; From 7ce034f2d0650998b6d4dfbd8722aa65ee6f2a59 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 26 Sep 2024 12:36:09 +0100 Subject: [PATCH 218/438] flake.nix: only expose self to nixos modules, not all inputs --- common/users/qenya.nix | 4 ++-- flake.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/common/users/qenya.nix b/common/users/qenya.nix index 6e96e58..d3998c3 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, inputs, ... }: +{ config, lib, pkgs, self, ... }: let keys = import ../../keys.nix; in { @@ -12,5 +12,5 @@ in { programs.zsh.enable = true; - home-manager.users."qenya" = inputs.self.homeManagerModules."qenya"; + home-manager.users."qenya" = self.homeManagerModules."qenya"; } diff --git a/flake.nix b/flake.nix index fa2a9d7..ea28d43 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,7 @@ orm = import nixpkgsSmall { system = "x86_64-linux"; }; kalessin = import nixpkgsSmall { system = "aarch64-linux"; }; }; - specialArgs = { inherit inputs; }; + specialArgs = { inherit self; }; }; defaults = { config, lib, pkgs, ... }: { From 3fc692f0c29e9da48a97253484a5dae2033cdc0a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 26 Sep 2024 12:48:03 +0100 Subject: [PATCH 219/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/23cbb250f3bf4f516a2d0bf03c51a30900848075' (2024-09-22) → 'github:NixOS/nixpkgs/759537f06e6999e141588ff1c9be7f3a5c060106' (2024-09-25) • Updated input 'nixpkgsSmall': 'github:NixOS/nixpkgs/7ca0f93c530406c1610defff0b9bf643333cf992' (2024-09-23) → 'github:NixOS/nixpkgs/37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d' (2024-09-25) • Updated input 'nur': 'github:nix-community/NUR/0d7209843407825066ccf9743c40d50b6d68674f' (2024-09-24) → 'github:nix-community/NUR/936785778bca86332d6b201dda67a38585cab885' (2024-09-26) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272' (2024-09-22) → 'github:nix-community/plasma-manager/a02fef2ece8084aff0b41700bb57d24d73574cd1' (2024-09-24) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/2a6bd13e96db07e2e904fcc1b93faf5484725c91' (2024-09-24) → 'github:randomnetcat/nix-configs/7458a718acedf2590cbfc212e7070afdd3b8c4dc' (2024-09-26) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 859793f..4cbad8a 100644 --- a/flake.lock +++ b/flake.lock @@ -172,11 +172,11 @@ }, "nixpkgsSmall": { "locked": { - "lastModified": 1727076372, - "narHash": "sha256-gXIWudYhY/4LjQPvrGn9lN4fbHjw/mf1mb9KKJK//4I=", + "lastModified": 1727284797, + "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7ca0f93c530406c1610defff0b9bf643333cf992", + "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", "type": "github" }, "original": { @@ -188,11 +188,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1726969270, - "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { @@ -204,11 +204,11 @@ }, "nur": { "locked": { - "lastModified": 1727141325, - "narHash": "sha256-oqM2LaC0RLXgKZmFpj+aFM8qf5Iw9ilMJPWGZbGdTAk=", + "lastModified": 1727348207, + "narHash": "sha256-PvgB7Wolpm8Q20Hquz1j/xXK7MuN6REVmt6jxpvRUwU=", "owner": "nix-community", "repo": "NUR", - "rev": "0d7209843407825066ccf9743c40d50b6d68674f", + "rev": "936785778bca86332d6b201dda67a38585cab885", "type": "github" }, "original": { @@ -227,11 +227,11 @@ ] }, "locked": { - "lastModified": 1727020652, - "narHash": "sha256-zwTXt1bcf+wycX389ZyJFzUO2gzCb16ButXxiX2iA7Y=", + "lastModified": 1727210241, + "narHash": "sha256-lufS6uzSbSrggNCSgubymMQWnQMh7PvQ+lRZ8qH9Uoc=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "6f1db348fcb89fd6b0b9c32e279d29ee6b4d1272", + "rev": "a02fef2ece8084aff0b41700bb57d24d73574cd1", "type": "github" }, "original": { @@ -243,11 +243,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1727143958, - "narHash": "sha256-W2DK8AehT9Q5IaYWzUuUYyVRSvu3DdHwr8ioWJluUD8=", + "lastModified": 1727310986, + "narHash": "sha256-Vo+sWtfO053kPKY6F4X0LkU0yris25F5AVRMvCyI9Lw=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "2a6bd13e96db07e2e904fcc1b93faf5484725c91", + "rev": "7458a718acedf2590cbfc212e7070afdd3b8c4dc", "type": "github" }, "original": { From 309e44aa8a5e2e3f2821bfd61398414d37f4b426 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 26 Sep 2024 13:40:33 +0100 Subject: [PATCH 220/438] flake.nix: rationalise nixpkgs versions --- flake.lock | 71 ++++++++++++++++++++++++++++++++++++++++++------------ flake.nix | 35 ++++++++++++++++++--------- 2 files changed, 80 insertions(+), 26 deletions(-) diff --git a/flake.lock b/flake.lock index 4cbad8a..1161702 100644 --- a/flake.lock +++ b/flake.lock @@ -2,7 +2,9 @@ "nodes": { "actual": { "inputs": { - "nixpkgs": "nixpkgs" + "nixpkgs": [ + "nixpkgs-unstable" + ] }, "locked": { "lastModified": 1725392458, @@ -133,6 +135,26 @@ "type": "github" } }, + "home-manager-unstable": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1727346017, + "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "c124568e1054a62c20fbe036155cc99237633327", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "home-manager_2": { "inputs": { "nixpkgs": [ @@ -156,21 +178,21 @@ }, "nixpkgs": { "locked": { - "lastModified": 1725103162, - "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", + "lastModified": 1727264057, + "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", + "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, - "nixpkgsSmall": { + "nixpkgs-small": { "locked": { "lastModified": 1727284797, "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", @@ -186,18 +208,34 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1727264057, - "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "lastModified": 1727122398, + "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1727320268, + "narHash": "sha256-B4AK91+9frHerQ6mFAtaR46ECMRtZufrtXFj/b5NqYU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ea2838e1ce0a9da2abf88275843aca29d9f82b30", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } @@ -220,10 +258,10 @@ "plasma-manager": { "inputs": { "home-manager": [ - "home-manager" + "home-manager-unstable" ], "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { @@ -263,8 +301,11 @@ "birdsong": "birdsong", "colmena": "colmena", "home-manager": "home-manager_2", - "nixpkgs": "nixpkgs_2", - "nixpkgsSmall": "nixpkgsSmall", + "home-manager-unstable": "home-manager-unstable", + "nixpkgs": "nixpkgs", + "nixpkgs-small": "nixpkgs-small", + "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable-small": "nixpkgs-unstable-small", "nur": "nur", "plasma-manager": "plasma-manager", "randomcat": "randomcat" diff --git a/flake.nix b/flake.nix index ea28d43..a011d17 100644 --- a/flake.nix +++ b/flake.nix @@ -1,20 +1,27 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - - nixpkgsSmall.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - plasma-manager = { - url = "github:nix-community/plasma-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; + home-manager-unstable = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; + plasma-manager = { + url = "github:nix-community/plasma-manager"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + inputs.home-manager.follows = "home-manager-unstable"; + }; + + # TODO: remove dependency on NUR (#16) nur.url = "github:nix-community/NUR"; agenix = { @@ -33,11 +40,17 @@ flake = false; }; - actual.url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main"; + # Third-party flake providing package and NixOS module for Actual Budget as + # nixpkgs are having trouble: https://github.com/NixOS/nixpkgs/issues/269069 + actual = { + url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgs-small, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked @@ -61,9 +74,9 @@ nodeNixpkgs = { kilgharrah = import nixpkgs { system = "x86_64-linux"; }; tohru = import nixpkgs { system = "x86_64-linux"; }; - yevaud = import nixpkgsSmall { system = "x86_64-linux"; }; - orm = import nixpkgsSmall { system = "x86_64-linux"; }; - kalessin = import nixpkgsSmall { system = "aarch64-linux"; }; + yevaud = import nixpkgs-small { system = "x86_64-linux"; }; + orm = import nixpkgs-small { system = "x86_64-linux"; }; + kalessin = import nixpkgs-small { system = "aarch64-linux"; }; }; specialArgs = { inherit self; }; }; From ab035dcd5b5e5d4f00787fab18eb9de546650160 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 28 Sep 2024 05:08:12 +0100 Subject: [PATCH 221/438] kilgharrah: set up ftp server --- hosts/kilgharrah/default.nix | 1 + hosts/kilgharrah/ftp.nix | 75 +++++++++++++++++++++++++++++++++++ secrets.nix | 1 + secrets/ftp-userDb-qenya.age | Bin 0 -> 12720 bytes 4 files changed, 77 insertions(+) create mode 100644 hosts/kilgharrah/ftp.nix create mode 100644 secrets/ftp-userDb-qenya.age diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 75dd2ec..7740df5 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -8,6 +8,7 @@ ./networking.nix ./datasets.nix + ./ftp.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/hosts/kilgharrah/ftp.nix b/hosts/kilgharrah/ftp.nix new file mode 100644 index 0000000..23fe390 --- /dev/null +++ b/hosts/kilgharrah/ftp.nix @@ -0,0 +1,75 @@ +{ config, lib, pkgs, ... }: + +{ + randomcat.services.zfs.datasets = { + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + }; + + age.secrets.ftp-userDb-qenya = { + # To update this, see the nixos docs for services.vsftpd.userDbPath. Note + # that the command it gives to create a userDb, if applied to an *existing* + # userDb, will *add* the entries from the source file, overwriting any + # entries with the same username but leaving other existing entries intact. + # Also note the database format does not salt hashes. + file = ../../secrets/ftp-userDb-qenya.age; + + # we have to specify this manually because pam_userdb strips the extension + path = "/etc/vsftpd/userDb.db"; + }; + + services.vsftpd = { + enable = true; + localUsers = true; + forceLocalLoginsSSL = true; + forceLocalDataSSL = true; + rsaCertFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/fullchain.pem"; + rsaKeyFile = "${config.security.acme.certs."ftp.qenya.tel".directory}/key.pem"; + + enableVirtualUsers = true; + userlistDeny = false; # turn userlist from a denylist into an allowlist + userlist = [ "qenya" ]; # this is just a list of the users in the userDb + userDbPath = "/etc/vsftpd/userDb"; + + localRoot = "/srv/ftp"; + + extraConfig = '' + # nothing in the default cipher suite is enabled in modern ssl clients! + ssl_ciphers=HIGH + + # set this to something firewallable + pasv_min_port=51000 + pasv_max_port=51099 + + # don't bother with upgrading to TLS, just listen on FTPS only + implicit_ssl=YES + listen_port=990 + ''; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "ftp.qenya.tel" = { + forceSSL = true; + useACMEHost = "ftp.qenya.tel"; + locations."/".return = "503"; + }; + }; + }; + + security.acme.certs = { + "ftp.qenya.tel" = { + webroot = "/var/lib/acme/acme-challenge"; + group = "acme_ftp.qenya.tel"; + }; + }; + + users.groups."acme_ftp.qenya.tel".members = [ + "vsftpd" # not configurable in the vsftpd nixos module + config.services.nginx.group + ]; + + networking.firewall.allowedTCPPorts = [ 990 80 443 ]; + networking.firewall.allowedTCPPortRanges = [{ from = 51000; to = 51099; }]; +} diff --git a/secrets.nix b/secrets.nix index d59c4e7..1db2c04 100644 --- a/secrets.nix +++ b/secrets.nix @@ -4,6 +4,7 @@ let commonKeys = keys.users.qenya; secrets = with keys; { + ftp-userDb-qenya = [ machines.kilgharrah ]; user-password-kilgharrah-qenya = [ machines.kilgharrah ]; user-password-tohru-qenya = [ machines.tohru ]; wireguard-peer-orm = [ machines.orm ]; diff --git a/secrets/ftp-userDb-qenya.age b/secrets/ftp-userDb-qenya.age new file mode 100644 index 0000000000000000000000000000000000000000..3d40119b47ab80fefd0623c655a85d5960f07551 GIT binary patch literal 12720 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP4e&NiOjqy=&5dx( zvk1;D%`A4dG)WHhFv;>N&h+$l@hS3*NHa^;FDuW_Epc?t$>wrO3-zhW$qz3yHpucX zbu(}(3G*^H&&`XnOx2EZbTSUl2r>%|EQkybHbJ+oIMvJ2vs|GnI3>Np&BHRHMBBhJ zG$7N%IG{4uFf}RNpdc^F!qOJUGxI zFU7*$uQWe2HQzMEDA30>D8SV()D_(}O9KN>pK^r^<4`Zh{K{aTC=Uu-DAC}e(ZeDK^~0lngFy}VBjZ)$4LH#*;=tmc2Xq3YM}u0n7+4OOX0w&TVIkFZt`sqsAim`8k3_Lnzz_4Zq4?F ztubHTugRHy@NhD7q?Kn;Roc^-In^a{2j-;N7GL-OKBeGhdill;x0#yH>Ih!hr&hLn zG28CR8w3{rI5t_v?C0m;g+9-(c|Y8@`@mz?eNL>Y0`DDfy_UJwv*ELb&Bd*2zN{*= zJ{2l{&Z~EMV$Ct3op&sXXC+xqoO1J_!HT<9SF=uWU0LOL#%BJ*T9u0X{K;Wq*DLhQ z-ha%R%`GIoM{>SR*_-_0*B_bgD0i79A6l?E{K@UwC5z|0Dqn2$>6 z)#Th^b{BF8Tl4eIf#Z7)Y(2pJeX{M7g|YF^5BoWAPTwu`Pwipzy;aNa95PWo*0%5C zm%rD=i&@-OD#-56ind;@w^mVg(wdyz#_uv4V~tZwBdwGRO^kFxXXj-!uh(ViJ+s59 zLYa%ne7Z6?!~l7z6`UlgM(ONH$E6V^`@Yxr3BM6yNf zj_{h_!Mfe-2R=kBe;t|ZZYp<=oh$d{8r8>Mzw#p z;iQel_tKY}UL0cdp2q2z!aRAa#I81Ni%lNwO{vx8hn6mG&B{<-=Eu{(WYV>Fs2JIja&dO^#67=i9_83`Cw~#K_&%v$^mbpF4(|=0$zFn|IU}Q7_K6;1 z&aezF6X9wOqS`rstd3TRhY0Mr!Y=bGt#_eQnS?ceh3m=mpf^8v|KzxLWm(f= z?yn6wwR1Pcwk=*=c47KWIqq5Qr&d=a2&`JUukFtKH5Tz7jb1vRSuGPT5N^_c{QUfn ziNA00ZoX%ANAu;vU;mgI{;4?XG-YH8?7!N0<3`u53%}Q%)3)DZ^X19$pO5A2leSeP zmLxOCXJ?D9J}CaVG4u7I?Xt7|a<}Vj|6Z*qcxN8>-$Mh}V9q_WtDMI^WfI%Dd&PGDGQ4r`x9I=YTcYNF zTFRc3T1fabPyX0>{mJ3b)Q*;QE}C0c7RbF$`zWpDpLfOk;g?T`K3Gq_68ukOWm%oK z>BgS{*VrGX*7hlgS9+MuYpve%{bglSlEIy3d&7I*_zD%06%Tf7DGp$p>ME1|Oioxu z)%fD87bVN&J_Ly`IPLV$+WJl24#fu<>vp-bSN;r`DWkqqyMSlz=Pt83r{3;JQ#!?% zZ0qvWNSkR*d$Ho`2>HDmU%$wh6Vj&O`|+;ixBQ}7*7I&&b)Qyf~Jed=VbE215hd2Efp3CVxWwXq@ z{MlxE!@Z+tt~^=8^Uf{HGDE{ZMCFv8Isg3(KAyJgJeR)C+S9zvWB1b#>2;Z@NyY69 zUk`u0&+2Hg#;5T8x>wgrEA)(3bS1sZ?*1?Edv1i%oYxHsVb=|X1XhRgw;6q4T=?j? z{j(Xbn{JkEO#Jlu&N;D(S%O?_hN_arXY1$I-?~t7%V1Wxk)ZTq0@%>VL?8Hm|vm7y6lC!p!>T5LJeL7iW?^-8`tC&3*X?Ac%Y3g-z4?8o5`We1$rJWHFg@z((|vC8x^)i61$B;o+OBX@Gw_F( ztPazIX2Tu#x$N`$CSPrm_@*zo>ZjhUQmKx@S?QB?W6yi9oM>OZhF>Cc)(xMRZ}zo5 zZ=F18%_`aTeayv-`KB#F0!U=Nam`3m8^T*rvVy z%F2YgSRR(-y{jVne*UrnX)k3 z1HRfH){7^+IiWe>N9f%{Qld*%&exZ_TGnH5qx$^`ktw#VVZy?BHB2@W)`uE|Mx0dUXy`vjMq;^1?X~$+s+BbB+FjeH zrBs`?P|2!bwfb2eTApd5W99X7_WP zc_rwarRm6_Joo3y?;Ntp-{;y68%#28ZFnF2rtrJ0Z9{R1+uH7ru8u9cCoig)!aS{^@cf*UY!b{=g-<@q$M4iaj%e9`E6L+Ivak zMsq#K0v!SMy(Q{itTz9-KTMlDE$aOfqeu6$y+6l>oB7!s$@kvu>2jc=D#+t)Bj@rt z!BHLo$A4%2z2czRF4d)z@btR4hyC+OQgbv5y$-x>knH_`tH!z4o_AX4dp$)7pG61H zZL0P8+@hrHc#2`BH{)W9GbnC+wK?ZZoZdvTX=Mn(j`-^a!(QNhaUMVx9nd>=Nx(w zw8Q=Ugukwa>o_^_`U2dREj*n*)71hwD7jz=XbGl z-MxPo6?M*STVS)}&`JfpMXu?*3Jh;tX3oh~+nvBJyrzq>&ti&2^Upa2p@Gxl(yb-m zomB09e5%f=gW?{H+V#Y+231P$DvrPj;;e-~2vk_nS$rmM<4v@1OcS zo$+y^ioueMJ^CzpZ$GZH={O|mmG{2yJbzI}4D+qMM}Fo+K74W5FZS%RgaqR=kCz$h zd7RL?nb@*?dr49`)0wT#Vw0b_1}RCi#WA~2VeV;H`xOy-_rRf(*JZn`*7z;?cVCT@ zf%orM^<#0l??aUTO(@sAvg>r9i@n50rv24BMY&Hch~0mAqofI6vBCrI1KkI5dG`4K zdgF94ui)FBJXSfAQ@Vf4*jC)-S5QiBOWbkz(k}J>B9{sOb){WdH$J@l@ac(d+l6ZO zuK8l@FT=6IF_<;yT+|HdPrL>b!ZTMlt~ryFpT_vUH}+@k%+%QLG3h3?e=M}UOlpL7 zm9Mh6@HMXPs(N`)bGT^U%&p*y{Hm%&*rwSP=*j$vLak{_@A|1fXS zz5i#d<62^)zSMiIi%V=eW4L4L?xR%~ew;R&dElP6Prb_A%jQ|WTq%2tW^ly5wTqrM zt$gkBmkjGnN;<1EwQAq1O%mW?RP)N5qWj)-1PVo^$S2y-RTaL2-A^W!1NzC8yp#*)uKRPJVV_ z+{*U$4;o~yKJA)rX(_wwwjF0ey%V4Ode@=q-nq*Al-%*V zF)MwTH?LfD{ox6(I_vCm;B{hC5}QmYF~Fq&HQ_1o5P-zSxmv-n~okf zD1Xd#y;s5PuHi@44C8+vc1>Z^zw?S;tiP2Zu4tn2<+6o0_J5u4xxq??)84VRV@hsG zMNFH^nOSagtfYMnR~mOdoLBt*Yx=>}O1x2ZkEYx^p(j|NV)wToFSo_*hP!wBwh70~ zD_35u6Frc+Do-KG&$0Lm-!U_0*(0~K=FhxwGg(~IHCG_ep!S|o&|Zs_tAB)ymQKiz zIdmW@@sBvSXd~B(EEN;cr#d~oH|8w#(>lCrt-J3{+n(8?HcJ=uaUMBSHtkq&O;+eY^ZPI7kt@lF+53|K)<*7Y?C&DG(Q9p6^eqjx>npaxar`hd~UVfv< z*(?0I*ajUX*Wl;-C&bQqzR)nzS5|&qX0fLytBY>`zSu6OGL~fRuMzk1Pp6$-J^jAt zi_@`v3{}&v)H@#6^;0%Y?(amm)y>;2xi`$(s1aQE zdx6*98{6+Q{(RaLzxUkk3*lRgU9af8xA0$Pdo*)A)7CL=H@eoEqLckR3tvFkRruPZ%baQwwf2?gEn2cGaO ztq!QT_R#!*=JM-jqR)5wJa+i@RQ`MOr!!1`Q)En3^XC7&{gy$#Dfv>kbEZ;gtjgYs z1M;WucPm?HJ^0_rnx`GIUU&9^+qZdMDr{7%UHsw*Eqdw%@N;$NrgJ)4RP(#x6*v(K9M4biLrriVsta3@kowzUcZ@ z(9?I<_o*43MR!DXiteAXYxj3J?EL(5q4T%H3j!G?T~5%7%~4ymhd0&i)W=^c>{ z;lZ~BEHgV+MFbyP5Gaz*bUEl%(UBmhli$7gKAxTM*jIM<4;lLu&cV4FZ+uHuhH24^{$Q#b5GYwE~P~qc^`Q!t~+fJvsOyu z+Mmg54jXr!dU-tb@%o)@zAfPn2IcbKkJ&`2Exq^nKXdn?wza1Ba_035pU&z`-~TrI zP40@NRnMNTt;>0t{&SDEzzoB=nhMYUm3|c!T@}2=ue(O|rk}$>+2~sSoV=M-rO-MsPpEm^*PJ; zmQPxy_5G;KBdf>Ky;47Cy;%8{>-_zv)rO2FlIHFC&ifA4&pQ(Gx>Z|xrSKG1_wS0v z{hKFR6+T)0_Rm4R^CA<%Kkty{iwzOD7~?Wf@bK1-5(q>M7 z%k6vPAm47TyMeJ&9Fr!BU0c5Fk@m&avXSNAFUhjakv=lJp`iTVA)WqjGY<=1+iYh( zE9Ca36s@CsZ`SPo_{6h6D>OI1>ej+LbDY#GEM*;{d06H!rY~A^PUL{znfIO#bPB#I z7=E|RSR;1fNm=#+Ml%TdH7Wf06mtuW$dj<~HkXS6la5JXoXu z{OJ#?)Vp|Zzbig-Ia;tSE>oZ9NxJyAkdBzy7gWu!d)Beo?41+1YSwjwNj0m!T(}db z=qO%lcI(?3_hr)pyX`k;Y*A<``%#HP<_^ZGu&%1utq zVO%UFecfMJ?cDTx%c={uo^-ir`E>rm`+5wmKc_wr&r+6|dGhrN-r}#OOlz9TmnuEG zy!c1T#=>Xa9^9Uiv$uJw{oCK3R<`l;pEn=+9Zt*sZZUWCjJ~4s{rvJZ*54Qk&Mo=T za#8ivx_S3j@BI+KI{SD5cg$_4S@W;i{l1v-=loXnM3EaIJ2VrrdRE=^S1yZH5Q&lF z$?<$9%QzwX#6}sh$#TLKN9Cu4_r<$@y~*>oCMVE$#x1tlV%6Ua*Xiw4%iZ4gc!r9D z<0}rsjJGRS9Oj6hSj3Y3^X{)H4}_lCA65FFpp@$J@WInm4a1m<2)45?+h4T*5ZK%2 zbS)v(eRj#w{A817@BT+i9Iu+c#6@ZS*R0+XQm?%>&ku1_%@@A#Z+DQ&^v#|Zpfljo_qGw&y}g2npaB%*#!2jdos7( z>g~&yvu55%oXNa5c&&BBRKXV!ebFbsnH|&ZJ9w;MYu0hTL-!W`?djy_I5cCmvC=KY z-KXbIW^P^}AyxN#_JS>EcJWPGb5u8f#!cS6>+=E)jvm%wU=;iCxwTkiwS&`?`xWU$ zefu97@6qR7bYzlb;cAaqr!~{2e6rF-?@2FH95-z}ra$lD>MdpAs;6z_ zd(7Yadj-C`6yZb z>enPDcO9to*CtEo4@ebP>j*=UH%@Ub%e!STpyC&Tts6hK>oZ|TqK~bZ} zyUv`waaM0}jai;a-8G-(uUTAnSIKl-jkX@_(vBzjxB+6HWWy zY(4+xP);_PfV=dgTC z%c*az*Z$9MD%PQFd#?L@l1@v~%;f?6Q|?^*x=t_e%C`M&JCe6ZX@}-kNPWJ$q)P6h z&!v9_GnYV&O2tjpgFZ!%BaA-@J_X>IJ{^2KO$`%*YYl_9E}1W%1?( zGnYM^Ftv;Glcw>dvp-YJ%9{N+R!;6o;3>Ab{r>d*$`vJCdbPEywa#`rOf#$Ayesj) zzu>(M8k%vpZ&zhpeBJW!Xjr#aVCyNdyAn;RY22m9KP@~TzB$l(QP=6e`VX$9O8MkT z6}&sTW)p{F9@oU=u2;|5UQ9Fizb|a6yPcb@kx|+8 zo50;~MjM>Bbf3DnN7?3v=fQ@gkW8=cyQgP-RA;`L z^KH?o@;TqF&c*NF*UtNz@w@#dyLHM9-&>xxPhf9VUjM>yigWz43}4-M`#vt)_55Sm zVxtKM+BIS-91VpxuliDJ>vZ<{yr4IqqxQ94d_7%#ZfB~Cd`sd&F>c-IY$1Gq+ZJfN z34CT2Zz(!$q3e}P>{b7_F3^#@pZ>IIiWNebea6ME5^8 zUsXD*a9;j;KYSkJscr|4`wN%ptrq+8Yo|fi46)A@iK~K_e<-!P@wL69e*KK|QA+u) zoIbDJ=Z79z|JzdYgRRR+lZj4$*C{D)E`Sv`jx74M?!@K2 zhUd(+m$KZGyp?$+@u9ls>ZaX2?@rxemCrZ%H;q49)ZSAzb^T|#+z57?XUe}hmhR78 zx9baosmPR?zx981i8h9Y{i?GzUOPWK<>4z zXU}l0)9IWa7T&qqax#Jlg@C2ck#NsZKv(F9c3+by)p02LxwOu$AEwp7k{nk zSuK;6^7ijCokb6x{Ad68PVrt#>Tymflc(82$w}{ORL`5eT3Q(MNN|_*o7%YZ>KnzU z_(o2AU9lr=|0?&djZK1wS$VVV<0Pgme(P__CG}&G`*J%a6Vv^?T3>Dp{5?B$iP{{4 zq$PW`9-n&n_LDV(liX)!zS9dkA72X4ZP~H#T!1UPj+ds)o5SZ-Q>6Z|{R>xk&~E?o zq4H1f!=GofF0;3fn{j-vd~u-5k}v09A6WY?^Tzq-w^*Bwoqm4nycWx&dNJmOk1uTC zF>h)T=K9pL^Rsu=x^s~$A3w8f55Jb^(eK)`V71;MAH7$tpO#%{UUI%rd%@w!@4l;B zy1JYC`twa?{&Mfsgu|6j#S(6=)fRHx$u23A-!!Faw`6O2(XWG9E@mu?WWFZ5vCBs? zH&xgDZ%jQEu2&=XCdBQs3+o)c)5*i zpNZIK!F*b(p4U1O!jdaORtViZd*flrdUDWG~m3`hZvFmL4b2U`r&l`JOpOM8m z%Ro76+o~^b)h5iAth2Y;H1lZR7X#h>2Ifn)`yNfWx-x8$z@&-4rf)Yrpg()p$>ukW zvFA5BEfZhYr7ofs)-#){e-cyn--xZZ`PgJvO8U>8nC&`E|LRh9PM0JzUJiA>xMXc^ z?r32V%a0y6+$VCBJqhR1a$NARPpzv;WaVqdS+gt8+<2n)?WEb_?M;?z**FBBO5S+s zlbEn*f*p@pL?hE_~j$>N&^tDyQ$!6aUQCPZyKZmu&y%RdMln9ed@ulc!aF`5gcL_`G!L z<+SCug`QU2Z+f{;>dJ|gt*@7`GgalCJ+960js4=Dd1>qZhifM@if&H+b*SRh^b7S( z=anAtDBaHZcV(J#tL=djx0dS*PFMV$p)-YX$}T3=Q*(R7GHrNOu1$Kf?t=5ZT|8Y= zSKBW7`B(Csxxw+K-A3=Uejm|4em#1Fe6QAt534U5KQvtNQ}dxh#`$S~Q$IwVGMrw) z|E!@#e-iJO6E_75dyW6b9^mCZ9#+ejfbCP!(Bz56_@U9;K)*&FV84eW4m-8T4R~4?m6QBCToa;wH z;Z+5*EPr|F^D7cPa~SU_znb?=)k)V@bwTv~@51}cZYt{@@b)XeHEFJ_!0N-!|CO~a z{Y&Bhvt!z#1&txL5eBJRd%tmP{Sm$+dYRsY2}uoa7!CQy?1|y(9S6gMx~^VoJ|*?jy;t9~D=@5`PcK%x^LL!(eGj|s>IG&d6W*-Yz#8Q4 zr(*ec;(8(3#dH4OJ*~g1f8r14f{*8-6xR7iZhBC0@!##a+aCVlnk-Q5)p2W9>+u%J zO%|n<@e>z$i%1+7ymH9+|N2mc<^7LZ{iX*6h?|~o?)K20c(^K3<|D_Ob?02qo{mX$ zIs5L^vGxU1CQgn#wNmFw?k^6{-&ZrQh@5@!on>j%{XOA#Cau4}eYM?V=3n~97j-gMd@ zZ!{DZcJc10WL~j-_a@dzuAJODPm6h`lAaHoElx2fW->i|tpVv766ByQuy({o)D zi>0?reJ0+iniDGA6IwPg^pMB?o|&tc9lFjdasG_Py}WmEAD=h{f7lmvcWXpkwBB~# zBBOmbU#4tKdl-{bf9L~_C>y*#p1 zv~@kxB&oaIbDk#7+0S_M(8-N|B=w)qzVq2bQ=MP`Q1~~S!h;)IByRVt&D_4M*w^`{ ziB^1mdHT2Vq#Z9`&n@FiI-2bs7P)KFYwP!HYu+7MX=YfiUmnc8rg2v2zU-BTbCh3a z?hjX(#ir@XRpSx$`ks!X<>!E~KetzF#?JZu$^6hZukN(2hAGFKv-uAzTWot&8MI65 z(79zxtDkK7wT6GLn_6y%b8@59t2^cUS!VpNGQCwPUVGBW$V8^O(R=3s7bfw}ea+3w zr_2=p7(K&Lt2Ku2_><7TlQn(jmQQDTxq9OAl`q zIhq&Fb8}eTpR=_3yyfbDr#Tr)Bee}9S29FydzpLq!S5$lw@de)P@NgkRW|wbnq%wQ zKE1r)zxjLD@2Ux$f1{JCryN%}D60BDk@3&R*9yM(pH6Ib?6NF-Isdtc=gH_fzf|4? zO+2bvaPG<>p1yh>=B7Ve?>Ka=P7!gKG2zhTX;Ql<$4o5n%@n=oD)Z^b?lX+*w(S19 z_057Ap#ceh%tc*Z&);Nxw@CF#hNb$w-RGtF;tr;I&8+h}5uNK3vSae{j*08F_K0X$ zMwj?aU`e&C5UyBLS|eY**dbtfol$a#lj$gF*_yl9d-U+L} zZV$}+)OO%Nqv1OHuN+JPd!4mU^sLI^O!%7ld9Hle?3WVipRR0Dd0;&2cfrry=NA>! zvFzOcus!~JZgQ>B?7CT3&%HlimooP?pA*0FsV5e)&i>c!-hJTPaQMZ==VeP25525e z(D_SnlIc6;i4X3^Dhv8A*d1W$Yrq-&__OY^-cOC}_1}ELZq15k@3dT}Q@*vuLFkIt zLbaZrXSbB*zFOM)*x&Ba8I8$JqWP=*w&W_kl#;UkJzL2;g0(#M(|u9#?X`P#uXGpg zd3pMDNeXNF>8pZuM-(m?o918R_RHJ8!E)Wq$#;6#RN~*te0I6@p8KcQ=eo`}O{s-D znzwg%xNJAxVi)$;T5880$y+8y4`;r%HZhEPlVyK(Z_d}&`T$j}$pNAz-?Df&Uul|9 z7O?qBnZ8D@)LV&gw$5~=u(~F#e9_{MYI3f*!F$`{KV0kE9d-5hHXTFd#7Y15zsX(i zaPG~S=M2qWe>)}w9{&51$00TT{fo~FYx&(*xKFI?ocX16S^d}NLA}{t8}`ZG+tE_V z{MPy)r@gU=`tkV}UT=Dkw`8k7-`kg8x6J&-^DzGS$JnZU0n)R*>RtD$a9(@%tM%1v zFT3@gtTU(PI0|}Y$TTNz&Fi~d=l)Sp`+u@}Rm_fKyIA^M^Bd03S5xv&UEOd)Yzd3Oz4b=5qV@srEBX>e z-zxUK7kkan#Kb*kIL_ZRvp(sQoMFw9uEL$K`9m=F%Ty=r$N6)Na$gmT z+D`pd@G1Ow*##A|=x^SKc;il<-S_8+i)mw(!9B~Z#o4d=?Bt{+mmjX)^Vuk9`lWN5 z9iKDs^>yBJTVDH-+3kXUfQ4gP#^o(r)U;9(gP9K76wORoD;N0hWZcE~ZFBg${TDoz zEK!*Bx%(r3+!OQYS?x~KRwt$hn=f_GE#CM0=8F)iw%nLQ+xa$g%vrQAkb8!3hi#b2 z&vjgG3-pW@8c6F+v<&MpVE!fjWQ{W$_s=7S{`{4Z&yrShmy6D0c(3@@P-o-%dcpAR z48PBw4y`@rk)QtXec03zmi7sIrmgt7e(USZg(gP1duE7VsQb_SHP7|av$Sn)4@4g5 zD+=Bgv~CtL-xQd3qT`Xm>jX8+)#^QXK2@A&X^si~p2?x9x|UHSq~!#-?mon7-S^hLg)yh-}}v@;7u!L8|$NZ=rtEBbW}Ix*9R(UVHf4S6k%1>NfjY<}@sb z4V%HmGHYej!7UXsci-g%UFDYJT=DKF$HNUPm^2i8zjVn>J3L|H>rKgBr}NBp{a%{} z-Z;JgxQ{E}oLK%>_Ge_w@APnWFrS_@>(R7~+b2#Zn&&(@&^&xt(?sbE00nCo6k7O47*!(wind*<*ymvlWJ0)j)%6+Qx(Ri77 z-6fO7yUIkDcFjHaHRI)uy1yl1k8({vMi}Q$ai7MoX_M??C;PlIQ*evXv16}HVix~h z`${L{)1HgOdw=?=zPYwwvGGdRZr`~2O7l~( zHq&+FrT_89pABM9N>uB6Almz=w@>?O-qnD8`u}B3BQ0OMrF$_fsWV2Pt@wK5`};duoS%C|OkYSFmTIrbIb$`s`0KlKe^sw|F&+LB!k7~=?_i_Eht8ux z{+aA=p8u%I&p&@ZI^)8#u9eeVrte$%ul~(C=M^HCTY`T+66EJ=yYTyTec&}C{rT(v zo={x8>iz%ZcYM*?{`b19$rPJf@wjqMx6`!!3Vl3Lycf1)wr`m)aAbviW_?f6+nw9@ z?wznv$X z)YRFX-MQ^{%aWr_y9`XamJ~dhQGR*VslE*kv&y#mPx{a4FB+75Iqd13w9*!y13Mmv z=gab#uWb%_=H*=-!5F-sxx Date: Sat, 28 Sep 2024 07:42:07 +0100 Subject: [PATCH 222/438] keys: add kalessin, shaw; update trungle --- common/users/richard.nix | 2 +- keys.nix | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/common/users/richard.nix b/common/users/richard.nix index f910d93..b099667 100644 --- a/common/users/richard.nix +++ b/common/users/richard.nix @@ -6,7 +6,7 @@ in users.users.richard = { isNormalUser = true; home = "/home/richard"; - openssh.authorizedKeys.keys = keys.users.richard; + openssh.authorizedKeys.keys = keys.users.trungle; uid = 1002; }; } diff --git a/keys.nix b/keys.nix index cb601a0..3fbfca5 100644 --- a/keys.nix +++ b/keys.nix @@ -4,6 +4,8 @@ tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; + kalessin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; + shaw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; }; users = { @@ -14,7 +16,8 @@ randomcat = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHagOaeTR+/7FL9sErciMw30cmV/VW8HU7J3ZFU5nj9 janet@randomcat.org" ]; - richard = [ + trungle = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA57legzdIcYTVVri4Wc0CvgWefbRhmUqhu0F/5f8FB reuben@glenda-artix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" ]; }; From 4e7ec3d5717a4f63f7af21a443c6be7113dce389 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 28 Sep 2024 07:42:19 +0100 Subject: [PATCH 223/438] tohru: install nicotine-plus --- hosts/tohru/home.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 3f2f0d3..e5b832b 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -5,16 +5,18 @@ programs.vscode.enable = true; home.packages = with pkgs; [ - amberol bitwarden discord - foliate gimp-with-plugins jellyfin-media-player keepassxc tor-browser-bundle-bin zoom-us + amberol + foliate + nicotine-plus + # libreoffice libreoffice hunspell From 1b18133585add83e0e744b10aaf9dec7ec87f06d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 29 Sep 2024 17:59:31 +0100 Subject: [PATCH 224/438] kilgharrah: install gimp-with-plugins, jellyfin-media-player --- hosts/kilgharrah/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 7740df5..848539e 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -35,6 +35,8 @@ home.packages = with pkgs; [ bitwarden discord + gimp-with-plugins + jellyfin-media-player tor-browser-bundle-bin zoom-us ]; From cd84be16bec75bfd9564f4b96960d08d1ad1afb8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 1 Oct 2024 19:20:34 +0100 Subject: [PATCH 225/438] treewide: refactor bootloader config to common file --- common/boot.nix | 10 ++++++++++ common/default.nix | 1 + hosts/kalessin/default.nix | 3 --- hosts/kilgharrah/boot.nix | 14 -------------- hosts/kilgharrah/datasets.nix | 12 ------------ hosts/kilgharrah/default.nix | 11 ++++++++--- hosts/kilgharrah/filesystems.nix | 6 ++++++ hosts/orm/default.nix | 3 --- hosts/tohru/boot.nix | 14 -------------- hosts/tohru/default.nix | 4 +++- hosts/tohru/filesystems.nix | 2 ++ hosts/yevaud/default.nix | 3 --- 12 files changed, 30 insertions(+), 53 deletions(-) create mode 100644 common/boot.nix delete mode 100644 hosts/kilgharrah/boot.nix delete mode 100644 hosts/kilgharrah/datasets.nix delete mode 100644 hosts/tohru/boot.nix diff --git a/common/boot.nix b/common/boot.nix new file mode 100644 index 0000000..10315dc --- /dev/null +++ b/common/boot.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + boot.loader = { + systemd-boot.enable = true; + systemd-boot.editor = false; + systemd-boot.memtest86.enable = true; + efi.canTouchEfiVariables = true; + }; +} diff --git a/common/default.nix b/common/default.nix index a1f43a4..ba0a48b 100644 --- a/common/default.nix +++ b/common/default.nix @@ -3,6 +3,7 @@ ./base-graphical ./base-server ./users + ./boot.nix ./environment.nix ./home-manager.nix ./nginx.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index aeb39a6..7047dff 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -8,9 +8,6 @@ networking.hostName = "kalessin"; networking.hostId = "534b538e"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; diff --git a/hosts/kilgharrah/boot.nix b/hosts/kilgharrah/boot.nix deleted file mode 100644 index 31d92d8..0000000 --- a/hosts/kilgharrah/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.editor = false; - loader.efi.canTouchEfiVariables = true; - - initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ "kvm-intel" ]; - - supportedFilesystems = [ "ntfs" ]; # for USB drives - }; -} diff --git a/hosts/kilgharrah/datasets.nix b/hosts/kilgharrah/datasets.nix deleted file mode 100644 index 161a50f..0000000 --- a/hosts/kilgharrah/datasets.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - environment.etc.crypttab.text = '' - albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key - ''; - - randomcat.services.zfs.datasets = { - "rpool_albion/data" = { mountpoint = "none"; }; - "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; - }; -} diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 848539e..e9bc21d 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -2,12 +2,9 @@ { imports = [ - ./boot.nix ./filesystems.nix ./hardware.nix ./networking.nix - - ./datasets.nix ./ftp.nix ]; @@ -15,6 +12,9 @@ networking.hostName = "kilgharrah"; networking.hostId = "72885bb5"; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + qenya.base-graphical.enable = true; qenya.base-graphical.desktop = "plasma6"; @@ -47,6 +47,11 @@ programs.steam.enable = true; + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + }; + system.stateVersion = "24.05"; } diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index e2baa43..a1d990c 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -5,6 +5,12 @@ "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; }; + environment.etc.crypttab.text = '' + albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key + ''; + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives + fileSystems = { "/" = { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index e70bf1c..e8e32ef 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -8,9 +8,6 @@ networking.hostName = "orm"; networking.hostId = "00000000"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; diff --git a/hosts/tohru/boot.nix b/hosts/tohru/boot.nix deleted file mode 100644 index 5f9d144..0000000 --- a/hosts/tohru/boot.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.editor = false; - loader.efi.canTouchEfiVariables = true; - - initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; - kernelModules = [ "kvm-intel" ]; - - supportedFilesystems = [ "ntfs" ]; # for USB drives - }; -} diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index c5b1fef..2a183f5 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -2,7 +2,6 @@ { imports = [ - ./boot.nix ./filesystems.nix ./hardware.nix ./networking.nix @@ -14,6 +13,9 @@ networking.hostName = "tohru"; networking.hostId = "31da19c1"; + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + qenya.base-graphical.enable = true; time.timeZone = "Europe/London"; diff --git a/hosts/tohru/filesystems.nix b/hosts/tohru/filesystems.nix index e60965e..6975fe6 100644 --- a/hosts/tohru/filesystems.nix +++ b/hosts/tohru/filesystems.nix @@ -5,6 +5,8 @@ "rpool".device = "/dev/nvme0n1p2"; }; + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives + fileSystems = { "/" = { device = "rpool/root"; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index d18de9a..85870d7 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -8,9 +8,6 @@ networking.hostName = "yevaud"; networking.hostId = "09673d65"; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; From 5e1cfc3997e074d1dc18bfadd2ef78e78de313d9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 1 Oct 2024 19:30:21 +0100 Subject: [PATCH 226/438] boot: fix attempt to install memtest86+ on non-x86 hardware --- common/boot.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/common/boot.nix b/common/boot.nix index 10315dc..eb99def 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -1,10 +1,13 @@ { config, lib, pkgs, ... }: +let + inherit (lib) mkIf; +in { boot.loader = { systemd-boot.enable = true; systemd-boot.editor = false; - systemd-boot.memtest86.enable = true; + systemd-boot.memtest86.enable = mkIf config.nixpkgs.hostPlatform.isx86 true; efi.canTouchEfiVariables = true; }; } From 4f85fb54d80b98456b5a62338092ba3029a29d6c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 1 Oct 2024 19:44:31 +0100 Subject: [PATCH 227/438] kilgharrah: enable fstrim and nvidia drivers --- hosts/kilgharrah/hardware.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 715ed4f..274ac27 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -4,5 +4,9 @@ hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; services.fwupd.enable = true; + services.fstrim.enable = true; + + services.xserver.videoDrivers = [ "nvidia" ]; + hardware.nvidia.modesetting.enable = true; # this defaults to true from 24.11 } From 5a617f9cb3115d3994d491b072116ad24eb66c93 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 2 Oct 2024 17:02:35 +0100 Subject: [PATCH 228/438] kilgharrah: set up jellyfin --- hosts/kilgharrah/default.nix | 8 ++++++++ services/default.nix | 1 + services/jellyfin.nix | 31 +++++++++++++++++++++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 services/jellyfin.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index e9bc21d..8044b0e 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -46,10 +46,18 @@ }; programs.steam.enable = true; + qenya.services.jellyfin = { + enable = true; + domain = "jellyfin.qenya.tel"; + }; randomcat.services.zfs.datasets = { "rpool_albion/data" = { mountpoint = "none"; }; "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; }; system.stateVersion = "24.05"; diff --git a/services/default.nix b/services/default.nix index e31416b..809686d 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./actual.nix ./forgejo.nix + ./jellyfin.nix ./pipewire-low-latency.nix ]; } \ No newline at end of file diff --git a/services/jellyfin.nix b/services/jellyfin.nix new file mode 100644 index 0000000..154007d --- /dev/null +++ b/services/jellyfin.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.jellyfin; +in +{ + options.qenya.services.jellyfin = { + enable = mkEnableOption "Jellyfin"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:8096/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.jellyfin.enable = true; + }; +} From cdcdccb465e66e4d62b8fea537bfd76536b84429 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 2 Oct 2024 17:04:27 +0100 Subject: [PATCH 229/438] qenya/zsh: don't clobber with mv or rename --- home/qenya/zsh.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix index 42ccf8f..0d8ecc2 100644 --- a/home/qenya/zsh.nix +++ b/home/qenya/zsh.nix @@ -10,6 +10,11 @@ shellAliases = { ll = "ls -l"; + + # don't clobber + mv = "mv -i"; + rename = "rename -i"; + nix-shell = ''nix-shell --command "zsh"''; # TODO: tweak theme to display something when inside nix-shell }; From bb2b59cd204c8c54cf74aa06de9e7b87626275e1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 6 Oct 2024 19:07:20 +0100 Subject: [PATCH 230/438] kilgharrah/networking: switch on systemd-networkd debugging hoping this will help diagnose an issue --- hosts/kilgharrah/networking.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index 2db377f..a0510a7 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -12,4 +12,6 @@ }; linkConfig.RequiredForOnline = "routable"; }; + + systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; } From 5c7d371ea560a5fac4e31e7799bf4fc836d83ad8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 7 Oct 2024 21:29:25 +0100 Subject: [PATCH 231/438] misc: init with fstrim and nix store optimisation --- common/default.nix | 1 + common/misc.nix | 7 +++++++ hosts/kilgharrah/hardware.nix | 1 - hosts/tohru/hardware.nix | 1 - 4 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 common/misc.nix diff --git a/common/default.nix b/common/default.nix index ba0a48b..11e5d0a 100644 --- a/common/default.nix +++ b/common/default.nix @@ -6,6 +6,7 @@ ./boot.nix ./environment.nix ./home-manager.nix + ./misc.nix ./nginx.nix ./nix.nix ./openssh.nix diff --git a/common/misc.nix b/common/misc.nix new file mode 100644 index 0000000..e470d54 --- /dev/null +++ b/common/misc.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: + +{ + nix.gc.automatic = true; + nix.optimise.automatic = true; + services.fstrim.enable = true; +} \ No newline at end of file diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 274ac27..899e591 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -4,7 +4,6 @@ hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; services.fwupd.enable = true; - services.fstrim.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.modesetting.enable = true; # this defaults to true from 24.11 diff --git a/hosts/tohru/hardware.nix b/hosts/tohru/hardware.nix index c4880a5..715ed4f 100644 --- a/hosts/tohru/hardware.nix +++ b/hosts/tohru/hardware.nix @@ -4,6 +4,5 @@ hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; services.fwupd.enable = true; - services.fstrim.enable = true; } From 2a2f1674a3fd1976e9ec18c42c21c964c45a1d9a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 7 Oct 2024 23:31:55 +0100 Subject: [PATCH 232/438] qenya/xdg-mime-apps: file association for .zip --- home/qenya/xdg-mime-apps.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix index 9ec8ff9..2fee46c 100644 --- a/home/qenya/xdg-mime-apps.nix +++ b/home/qenya/xdg-mime-apps.nix @@ -7,13 +7,14 @@ in xdg.mimeApps = { enable = isGraphical; defaultApplications = { - "x-scheme-handler/http" = "firefox.desktop"; - "x-scheme-handler/https" = "firefox.desktop"; - "x-scheme-handler/mailto" = "org.gnome.Evolution.desktop"; # TODO: email on KDE - is Kontact any good? + "application/zip" = [ "org.gnome.FileRoller.desktop" "org.kde.ark.desktop" ]; "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/png" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "text/plain" = [ "org.gnome.TextEditor.desktop" "org.kde.kate.desktop" ]; + "x-scheme-handler/http" = "firefox.desktop"; + "x-scheme-handler/https" = "firefox.desktop"; + "x-scheme-handler/mailto" = "org.gnome.Evolution.desktop"; # TODO: email on KDE - is Kontact any good? }; }; } From 82787cea454c0cc949a9c7a1dba30edcea0cc4c9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Oct 2024 01:28:49 +0100 Subject: [PATCH 233/438] kilgharrah: serve navidrome --- hosts/kilgharrah/default.nix | 7 +++++++ services/default.nix | 1 + services/navidrome.nix | 38 ++++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 services/navidrome.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 8044b0e..ba72d24 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -50,14 +50,21 @@ enable = true; domain = "jellyfin.qenya.tel"; }; + qenya.services.navidrome = { + enable = true; + domain = "music.qenya.tel"; + dataDir = "/srv/music"; + }; randomcat.services.zfs.datasets = { "rpool_albion/data" = { mountpoint = "none"; }; "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; "rpool_albion/state" = { mountpoint = "none"; }; "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; "rpool_albion/srv" = { mountpoint = "none"; }; "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; }; system.stateVersion = "24.05"; diff --git a/services/default.nix b/services/default.nix index 809686d..4a25d41 100644 --- a/services/default.nix +++ b/services/default.nix @@ -3,6 +3,7 @@ ./actual.nix ./forgejo.nix ./jellyfin.nix + ./navidrome.nix ./pipewire-low-latency.nix ]; } \ No newline at end of file diff --git a/services/navidrome.nix b/services/navidrome.nix new file mode 100644 index 0000000..d678005 --- /dev/null +++ b/services/navidrome.nix @@ -0,0 +1,38 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.navidrome; +in +{ + options.qenya.services.navidrome = { + enable = mkEnableOption "Navidrome"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:4533/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.navidrome.enable = true; + services.navidrome.settings = { + MusicFolder = cfg.dataDir; + BaseUrl = "https://${cfg.domain}"; + }; + }; +} From ecd98229ff6f6c36a1fb9c00e8daa1a80fb2bc04 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Oct 2024 01:29:21 +0100 Subject: [PATCH 234/438] kilgharrah, tohru: install feishin --- hosts/kilgharrah/default.nix | 1 + hosts/tohru/home.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index ba72d24..636f709 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -35,6 +35,7 @@ home.packages = with pkgs; [ bitwarden discord + feishin gimp-with-plugins jellyfin-media-player tor-browser-bundle-bin diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index e5b832b..4c4ba25 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -7,6 +7,7 @@ home.packages = with pkgs; [ bitwarden discord + feishin gimp-with-plugins jellyfin-media-player keepassxc From 84fb7727da161c6a83717147fec75d062a87947c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Oct 2024 10:46:05 +0100 Subject: [PATCH 235/438] qenya/packages: rename from cli, include common graphical packages --- common/environment.nix | 1 + home/qenya/cli.nix | 15 --------------- home/qenya/default.nix | 2 +- home/qenya/firefox.nix | 9 +++++++-- home/qenya/packages.nix | 29 +++++++++++++++++++++++++++++ home/qenya/vscode.nix | 3 ++- hosts/kilgharrah/default.nix | 13 ------------- hosts/tohru/home.nix | 16 ---------------- 8 files changed, 40 insertions(+), 48 deletions(-) delete mode 100644 home/qenya/cli.nix create mode 100644 home/qenya/packages.nix diff --git a/common/environment.nix b/common/environment.nix index 384e88d..f9d3a84 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -2,6 +2,7 @@ { environment.systemPackages = with pkgs; [ + btop git lshw parted diff --git a/home/qenya/cli.nix b/home/qenya/cli.nix deleted file mode 100644 index a564d78..0000000 --- a/home/qenya/cli.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home.packages = with pkgs; [ - tree # like `ls -R` but nicer - units - - # Extremely important - fortune - cowsay - lolcat - ]; - - programs.btop.enable = true; -} diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 6745dc1..81b072c 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -2,9 +2,9 @@ imports = [ ./dconf ./plasma - ./cli.nix ./firefox.nix ./git.nix + ./packages.nix ./tmux.nix ./vscode.nix ./xdg-mime-apps.nix diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 8e4d3bb..66b202d 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -1,7 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, osConfig, ... }: +let + inherit (lib) mkIf; +in { - programs.firefox = { + programs.firefox = lib.mkIf osConfig.qenya.base-graphical.enable { + enable = true; + # coming in 24.11 # languagePacks = [ "en-GB" ]; diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix new file mode 100644 index 0000000..97d7442 --- /dev/null +++ b/home/qenya/packages.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) optionals; +in +{ + home.packages = with pkgs; [ + tree # like `ls -R` but nicer + units + + # Extremely important + fortune + cowsay + lolcat + ] ++ optionals osConfig.qenya.base-graphical.enable [ + bitwarden + discord + feishin + gimp-with-plugins + jellyfin-media-player + tor-browser-bundle-bin + zoom-us + + # libreoffice + libreoffice + hunspell + hunspellDicts.en_GB-ise + ]; +} diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 5a4c9bd..6a09189 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -4,7 +4,8 @@ let inherit (lib) mkIf; in { - programs.vscode = { + programs.vscode = mkIf osConfig.qenya.base-graphical.enable { + enable = true; enableExtensionUpdateCheck = false; enableUpdateCheck = false; package = pkgs.vscodium; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 636f709..3d0129c 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -29,19 +29,6 @@ users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; home-manager.users.qenya = { - programs.firefox.enable = true; - programs.vscode.enable = true; - - home.packages = with pkgs; [ - bitwarden - discord - feishin - gimp-with-plugins - jellyfin-media-player - tor-browser-bundle-bin - zoom-us - ]; - # For the moment, this hosts some network-accessible services, so we want it on 24/7 programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; }; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix index 4c4ba25..f1a62ba 100644 --- a/hosts/tohru/home.nix +++ b/hosts/tohru/home.nix @@ -1,28 +1,12 @@ { config, lib, pkgs, ... }: { - programs.firefox.enable = true; - programs.vscode.enable = true; - home.packages = with pkgs; [ - bitwarden - discord - feishin - gimp-with-plugins - jellyfin-media-player keepassxc - tor-browser-bundle-bin - zoom-us - amberol foliate nicotine-plus - # libreoffice - libreoffice - hunspell - hunspellDicts.en_GB-ise - # games openttd prismlauncher From acf451a1c99ee6c2aa84f1280762d504d8dbc3be Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Oct 2024 10:53:44 +0100 Subject: [PATCH 236/438] tohru: move qenya home-manager config into default.nix --- hosts/tohru/default.nix | 15 ++++++++++++++- hosts/tohru/home.nix | 16 ---------------- 2 files changed, 14 insertions(+), 17 deletions(-) delete mode 100644 hosts/tohru/home.nix diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 2a183f5..8d6f7b2 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -30,7 +30,20 @@ "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; - home-manager.users.qenya.imports = [ ./home.nix ]; + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ + keepassxc + amberol + foliate + nicotine-plus + + # games + openttd + prismlauncher + nur.repos.qenya.digital-a-love-story + nur.repos.qenya.dont-take-it-personally-babe + ]; + }; programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet programs.steam.enable = true; diff --git a/hosts/tohru/home.nix b/hosts/tohru/home.nix deleted file mode 100644 index f1a62ba..0000000 --- a/hosts/tohru/home.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - home.packages = with pkgs; [ - keepassxc - amberol - foliate - nicotine-plus - - # games - openttd - prismlauncher - nur.repos.qenya.digital-a-love-story - nur.repos.qenya.dont-take-it-personally-babe - ]; -} From 8823cd9b36a60d3817ad9083cd79280c50dcc874 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Oct 2024 10:54:02 +0100 Subject: [PATCH 237/438] kilgharrah: move all zfs dataset declarations to one place --- hosts/kilgharrah/default.nix | 11 ----------- hosts/kilgharrah/filesystems.nix | 32 ++++++++++++++++++++++++++------ hosts/kilgharrah/ftp.nix | 5 ----- 3 files changed, 26 insertions(+), 22 deletions(-) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 3d0129c..eb7bf49 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -44,17 +44,6 @@ dataDir = "/srv/music"; }; - randomcat.services.zfs.datasets = { - "rpool_albion/data" = { mountpoint = "none"; }; - "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; - "rpool_albion/state" = { mountpoint = "none"; }; - "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; - "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; - "rpool_albion/srv" = { mountpoint = "none"; }; - "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; - "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; - }; - system.stateVersion = "24.05"; } diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index a1d990c..b69c72e 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -1,16 +1,12 @@ { config, lib, pkgs, ... }: { + # SSD on board + boot.initrd.luks.devices = { "cryptroot".device = "/dev/disk/by-uuid/b414aaba-0a36-4135-a7e1-dc9489286acd"; }; - environment.etc.crypttab.text = '' - albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key - ''; - - boot.supportedFilesystems = [ "ntfs" ]; # for USB drives - fileSystems = { "/" = { device = "/dev/disk/by-uuid/ad4cbc18-8849-40ed-b0bf-097f8f46346b"; @@ -68,4 +64,28 @@ device = "/swap/swapfile"; size = 32 * 1024; }]; + + + # HDD in bay + + environment.etc.crypttab.text = '' + albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key + ''; + + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; + }; + + + # Other + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives } diff --git a/hosts/kilgharrah/ftp.nix b/hosts/kilgharrah/ftp.nix index 23fe390..4164679 100644 --- a/hosts/kilgharrah/ftp.nix +++ b/hosts/kilgharrah/ftp.nix @@ -1,11 +1,6 @@ { config, lib, pkgs, ... }: { - randomcat.services.zfs.datasets = { - "rpool_albion/srv" = { mountpoint = "none"; }; - "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; - }; - age.secrets.ftp-userDb-qenya = { # To update this, see the nixos docs for services.vsftpd.userDbPath. Note # that the command it gives to create a userDb, if applied to an *existing* From 21fa41876ae0f3336b4e7e744025bdc6301c33c8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 15 Oct 2024 18:03:12 +0100 Subject: [PATCH 238/438] qenya: don't depend on nixos modules defined here fixes build issue in randomcat's repo --- home/qenya/firefox.nix | 3 ++- home/qenya/packages.nix | 3 ++- home/qenya/vscode.nix | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 66b202d..23642f8 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -2,9 +2,10 @@ let inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; in { - programs.firefox = lib.mkIf osConfig.qenya.base-graphical.enable { + programs.firefox = lib.mkIf isGraphical { enable = true; # coming in 24.11 diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 97d7442..785ce1c 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -2,6 +2,7 @@ let inherit (lib) optionals; + isGraphical = osConfig.services.xserver.enable; in { home.packages = with pkgs; [ @@ -12,7 +13,7 @@ in fortune cowsay lolcat - ] ++ optionals osConfig.qenya.base-graphical.enable [ + ] ++ optionals isGraphical [ bitwarden discord feishin diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 6a09189..764fc8f 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -2,9 +2,10 @@ let inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; in { - programs.vscode = mkIf osConfig.qenya.base-graphical.enable { + programs.vscode = mkIf isGraphical { enable = true; enableExtensionUpdateCheck = false; enableUpdateCheck = false; From 0ef661aae7ed1621fd8f80b903b6359b2663a2f6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 15 Oct 2024 22:51:46 +0100 Subject: [PATCH 239/438] kilgharrah: serve audiobookshelf --- hosts/kilgharrah/default.nix | 4 ++++ hosts/kilgharrah/filesystems.nix | 2 ++ services/audiobookshelf.nix | 32 ++++++++++++++++++++++++++++++++ services/default.nix | 1 + 4 files changed, 39 insertions(+) create mode 100644 services/audiobookshelf.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index eb7bf49..14d6aba 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -34,6 +34,10 @@ }; programs.steam.enable = true; + qenya.services.audiobookshelf = { + enable = true; + domain = "audiobookshelf.qenya.tel"; + }; qenya.services.jellyfin = { enable = true; domain = "jellyfin.qenya.tel"; diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index b69c72e..cc77c4e 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -76,9 +76,11 @@ "rpool_albion/data" = { mountpoint = "none"; }; "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; diff --git a/services/audiobookshelf.nix b/services/audiobookshelf.nix new file mode 100644 index 0000000..80cc659 --- /dev/null +++ b/services/audiobookshelf.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.qenya.services.audiobookshelf; +in +{ + options.qenya.services.audiobookshelf = { + enable = mkEnableOption "Audiobookshelf"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:8234/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.audiobookshelf.enable = true; + services.audiobookshelf.port = 8234; + }; +} diff --git a/services/default.nix b/services/default.nix index 4a25d41..a83117a 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,6 +1,7 @@ { imports = [ ./actual.nix + ./audiobookshelf.nix ./forgejo.nix ./jellyfin.nix ./navidrome.nix From 390a60f5989a1cc5d92a80521f8ea32b9d23f76f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 21 Oct 2024 12:43:34 +0100 Subject: [PATCH 240/438] kilgharrah: add commented-out custom nvidia driver keeping in the repo for future testing --- hosts/kilgharrah/hardware.nix | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 899e591..f00dfbd 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -7,5 +7,23 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.modesetting.enable = true; # this defaults to true from 24.11 + + # # Downgrade to driver version 535 as 550 has problems with Wayland + # hardware.nvidia.package = + # let + # rcu_patch = pkgs.fetchpatch { + # url = "https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch"; + # hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg="; + # }; + # in + # config.boot.kernelPackages.nvidiaPackages.mkDriver { + # version = "535.154.05"; + # sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg="; + # sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k="; + # openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo="; + # settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10="; + # persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; + # patches = [ rcu_patch ]; + # }; } From 65884ecbfd4db0528ec3325bd468f45aed2d0f23 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 21 Oct 2024 19:18:39 +0100 Subject: [PATCH 241/438] qenya/vscode: don't leak runtime dependencies into general PATH --- home/qenya/vscode.nix | 19 ++++++++----------- hosts/kilgharrah/default.nix | 2 ++ 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 764fc8f..94c3eb2 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, osConfig, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf mkDefault; isGraphical = osConfig.services.xserver.enable; in { @@ -30,28 +30,25 @@ in "git.enableSmartCommit" = true; "git.inputValidation" = true; "git.inputValidationSubjectLength" = null; + "go.alternateTools" = { + "go" = "${pkgs.go}/bin/go"; + "gopls" = "${pkgs.gopls}/bin/gopls"; + }; "gopls" = { "formatting.gofumpt" = true; "ui.semanticTokens" = true; }; "javascript.updateImportsOnFileMove.enabled" = "always"; "nix.enableLanguageServer" = true; - "nix.serverPath" = "nil"; + "nix.serverPath" = "${pkgs.nil}/bin/nil"; "nix.serverSettings".nil = { diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "nixpkgs-fmt" ]; + formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; nix.flake.autoArchive = true; }; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = "Gruvbox Dark Hard"; + "workbench.colorTheme" = mkDefault "Gruvbox Dark Hard"; }; }; - - # Language servers etc - home.packages = mkIf config.programs.vscode.enable (with pkgs; [ - gopls - nil - nixpkgs-fmt - ]); } diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 14d6aba..271eb97 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -31,6 +31,8 @@ home-manager.users.qenya = { # For the moment, this hosts some network-accessible services, so we want it on 24/7 programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; + # Trying this out + programs.vscode.userSettings."workbench.colorTheme" = "Quiet Light"; }; programs.steam.enable = true; From 87e602fd9fb551727e9e6831f71e6f2ad8e5febd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 2 Nov 2024 13:14:57 +0000 Subject: [PATCH 242/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'actual': 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=4cc6a8289f809ec4470eb01429aa6ed548349a56' (2024-09-03) → 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=befcf0b6e2b9540f01b5caaafcbe62fcf36a063a' (2024-10-10) • Updated input 'colmena': 'github:zhaofengli/colmena/cd65ef7a25cdc75052fbd04b120aeb066c3881db' (2024-03-25) → 'github:zhaofengli/colmena/b0a62f234fae02a006123e661ff70e62af16106b' (2024-10-07) • Updated input 'colmena/stable': 'github:NixOS/nixpkgs/32dcb45f66c0487e92db8303a798ebc548cadedc' (2023-09-30) → 'github:NixOS/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/c124568e1054a62c20fbe036155cc99237633327' (2024-09-26) → 'github:nix-community/home-manager/1743615b61c7285976f85b303a36cdf88a556503' (2024-11-01) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/759537f06e6999e141588ff1c9be7f3a5c060106' (2024-09-25) → 'github:NixOS/nixpkgs/080166c15633801df010977d9d7474b4a6c549d7' (2024-10-30) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d' (2024-09-25) → 'github:NixOS/nixpkgs/38edd08881ce4dc24056eec173b43587a93c990f' (2024-11-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/30439d93eb8b19861ccbe3e581abf97bdc91b093' (2024-09-23) → 'github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/ea2838e1ce0a9da2abf88275843aca29d9f82b30' (2024-09-26) → 'github:NixOS/nixpkgs/ab464abbeb3a2833288c6e907488c49c2e599f88' (2024-11-01) • Updated input 'nur': 'github:nix-community/NUR/936785778bca86332d6b201dda67a38585cab885' (2024-09-26) → 'github:nix-community/NUR/c7dd9f07d3e3c2abf03aac70ebd21d658037f0c4' (2024-11-02) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/a02fef2ece8084aff0b41700bb57d24d73574cd1' (2024-09-24) → 'github:nix-community/plasma-manager/6cb0aedf6160725eee50425b4e8d908c09dcb7a3' (2024-11-01) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/7458a718acedf2590cbfc212e7070afdd3b8c4dc' (2024-09-26) → 'github:randomnetcat/nix-configs/00bacafc2d4d74ca96b02ea34488ab36977a9812' (2024-11-02) --- flake.lock | 70 +++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/flake.lock b/flake.lock index 1161702..951b039 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1725392458, - "narHash": "sha256-sp1Ps5XBrIwDE0e2QOm2dJRRJ12aEWtJBhzohFwn+K4=", + "lastModified": 1728580104, + "narHash": "sha256-M+t/DmOj4cjF7/M9qBW5OK/Lam69z4LX+hXraqegz0w=", "ref": "main", - "rev": "4cc6a8289f809ec4470eb01429aa6ed548349a56", - "revCount": 14, + "rev": "befcf0b6e2b9540f01b5caaafcbe62fcf36a063a", + "revCount": 16, "type": "git", "url": "https://git.xeno.science/xenofem/actual-nix" }, @@ -70,11 +70,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1711386353, - "narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=", + "lastModified": 1728263678, + "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", "owner": "zhaofengli", "repo": "colmena", - "rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db", + "rev": "b0a62f234fae02a006123e661ff70e62af16106b", "type": "github" }, "original": { @@ -142,11 +142,11 @@ ] }, "locked": { - "lastModified": 1727346017, - "narHash": "sha256-z7OCFXXxIseJhEHiCkkUOkYxD9jtLU8Kf5Q9WC0SjJ8=", + "lastModified": 1730490306, + "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", "owner": "nix-community", "repo": "home-manager", - "rev": "c124568e1054a62c20fbe036155cc99237633327", + "rev": "1743615b61c7285976f85b303a36cdf88a556503", "type": "github" }, "original": { @@ -178,11 +178,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1727264057, - "narHash": "sha256-KQPI8CTTnB9CrJ7LrmLC4VWbKZfljEPBXOFGZFRpxao=", + "lastModified": 1730327045, + "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "759537f06e6999e141588ff1c9be7f3a5c060106", + "rev": "080166c15633801df010977d9d7474b4a6c549d7", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1727284797, - "narHash": "sha256-roj2jFZ/VNBQBBmUvvYRGiWbegZEgRk9Y1dhcY8kgLA=", + "lastModified": 1730428893, + "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "37df9bcf93431c7f9f9358aec2d7ed0a52d7ba1d", + "rev": "38edd08881ce4dc24056eec173b43587a93c990f", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1727122398, - "narHash": "sha256-o8VBeCWHBxGd4kVMceIayf5GApqTavJbTa44Xcg5Rrk=", + "lastModified": 1730200266, + "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30439d93eb8b19861ccbe3e581abf97bdc91b093", + "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1727320268, - "narHash": "sha256-B4AK91+9frHerQ6mFAtaR46ECMRtZufrtXFj/b5NqYU=", + "lastModified": 1730449684, + "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ea2838e1ce0a9da2abf88275843aca29d9f82b30", + "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88", "type": "github" }, "original": { @@ -242,11 +242,11 @@ }, "nur": { "locked": { - "lastModified": 1727348207, - "narHash": "sha256-PvgB7Wolpm8Q20Hquz1j/xXK7MuN6REVmt6jxpvRUwU=", + "lastModified": 1730552901, + "narHash": "sha256-K1v1CSzAnfL85MHY07S0BhVKae/ysZqowWdEapFcFJc=", "owner": "nix-community", "repo": "NUR", - "rev": "936785778bca86332d6b201dda67a38585cab885", + "rev": "c7dd9f07d3e3c2abf03aac70ebd21d658037f0c4", "type": "github" }, "original": { @@ -265,11 +265,11 @@ ] }, "locked": { - "lastModified": 1727210241, - "narHash": "sha256-lufS6uzSbSrggNCSgubymMQWnQMh7PvQ+lRZ8qH9Uoc=", + "lastModified": 1730481339, + "narHash": "sha256-Y1yWhjt/38N5IMgWoGnUTzJ6F4kGnpti/l2AOJWPUOY=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "a02fef2ece8084aff0b41700bb57d24d73574cd1", + "rev": "6cb0aedf6160725eee50425b4e8d908c09dcb7a3", "type": "github" }, "original": { @@ -281,11 +281,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1727310986, - "narHash": "sha256-Vo+sWtfO053kPKY6F4X0LkU0yris25F5AVRMvCyI9Lw=", + "lastModified": 1730507817, + "narHash": "sha256-TRIhNijZuIrS/HwlPzCu82srWmuC6MV1TxyQDks3Pxg=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "7458a718acedf2590cbfc212e7070afdd3b8c4dc", + "rev": "00bacafc2d4d74ca96b02ea34488ab36977a9812", "type": "github" }, "original": { @@ -313,16 +313,16 @@ }, "stable": { "locked": { - "lastModified": 1696039360, - "narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=", + "lastModified": 1724316499, + "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "32dcb45f66c0487e92db8303a798ebc548cadedc", + "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } From ee333524623559362560734977023407f9b6ad4c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 3 Nov 2024 09:48:48 +0000 Subject: [PATCH 243/438] base-graphical: enable avahi for printer autodiscovery --- common/base-graphical/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix index f651ce0..b014f3f 100644 --- a/common/base-graphical/default.nix +++ b/common/base-graphical/default.nix @@ -16,6 +16,11 @@ in services.xserver.enable = true; services.libinput.enable = true; services.printing.enable = true; + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + }; fonts.packages = with pkgs; [ corefonts From 8690b4f610cbc06bc12a2330fff4b297f11b8046 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 4 Nov 2024 22:21:46 +0000 Subject: [PATCH 244/438] qenya/vscode: pin more go dev dependencies --- home/qenya/vscode.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 94c3eb2..0b119df 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -33,7 +33,10 @@ in "go.alternateTools" = { "go" = "${pkgs.go}/bin/go"; "gopls" = "${pkgs.gopls}/bin/gopls"; + "dlv" = "${pkgs.delve}/bin/dlv"; + "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; }; + "go.toolsManagement.checkForUpdates" = "off"; "gopls" = { "formatting.gofumpt" = true; "ui.semanticTokens" = true; From f56a5389de0a3a9d4dead248826d29b9fd040cf0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 4 Nov 2024 22:22:03 +0000 Subject: [PATCH 245/438] qenya/vscode: settle on a colour scheme --- home/qenya/vscode.nix | 2 +- hosts/kilgharrah/default.nix | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 0b119df..8a2f8cf 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -51,7 +51,7 @@ in }; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = mkDefault "Gruvbox Dark Hard"; + "workbench.colorTheme" = "Gruvbox Dark Medium"; }; }; } diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 271eb97..14d6aba 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -31,8 +31,6 @@ home-manager.users.qenya = { # For the moment, this hosts some network-accessible services, so we want it on 24/7 programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; - # Trying this out - programs.vscode.userSettings."workbench.colorTheme" = "Quiet Light"; }; programs.steam.enable = true; From 955409c8ef751ee542d48c9540ac8a0063d0a3f1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 5 Nov 2024 14:31:17 +0000 Subject: [PATCH 246/438] qenya: install zip/unzip --- home/qenya/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 785ce1c..125f7ba 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -8,6 +8,7 @@ in home.packages = with pkgs; [ tree # like `ls -R` but nicer units + zip unzip # Extremely important fortune From 9cfe6e2c4c15acbbfafa61b8da35c3b93edb89ad Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 5 Nov 2024 18:31:39 +0000 Subject: [PATCH 247/438] treewide: migrate networking to systemd-networkd --- common/environment.nix | 1 + flake.lock | 8 ++++---- hosts/kalessin/hardware-configuration.nix | 5 +++-- hosts/orm/default.nix | 7 ++++++- hosts/orm/hardware-configuration.nix | 5 +++-- hosts/tohru/networking.nix | 11 ++++++++++- hosts/yevaud/default.nix | 7 ++++++- hosts/yevaud/hardware-configuration.nix | 5 +++-- 8 files changed, 36 insertions(+), 13 deletions(-) diff --git a/common/environment.nix b/common/environment.nix index f9d3a84..08e3fc4 100644 --- a/common/environment.nix +++ b/common/environment.nix @@ -13,6 +13,7 @@ lsof tcpdump netcat # <3 + wireguard-tools ]; environment.wordlist.enable = true; diff --git a/flake.lock b/flake.lock index 951b039..84dc2db 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1722971137, - "narHash": "sha256-1x0vaUy/uFCfoDn0a4K55+MNseAqLQmv1GPP6GQFFIA=", + "lastModified": 1730826917, + "narHash": "sha256-KzpWqP+Cg0H2V036LgIHfuxnpVq2wZ+eGFjuXegRhLY=", "ref": "main", - "rev": "2fd6d96a00ef69a2afe72a2fe9d18d759c1cc8f3", - "revCount": 7, + "rev": "8ca844c0d0ce3b8088c0a380ecdbf555015b0cd6", + "revCount": 9, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix index 8e0fb17..a80e477 100644 --- a/hosts/kalessin/hardware-configuration.nix +++ b/hosts/kalessin/hardware-configuration.nix @@ -40,8 +40,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index e8e32ef..a042e95 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -11,7 +11,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - age.secrets.wireguard-peer-orm.file = ../../secrets/wireguard-peer-orm.age; + age.secrets.wireguard-peer-orm = { + file = ../../secrets/wireguard-peer-orm.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; birdsong.peering = { enable = true; diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix index 11459e7..eddc71e 100644 --- a/hosts/orm/hardware-configuration.nix +++ b/hosts/orm/hardware-configuration.nix @@ -42,8 +42,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix index 18cee0a..6042cc8 100644 --- a/hosts/tohru/networking.nix +++ b/hosts/tohru/networking.nix @@ -1,9 +1,18 @@ { config, lib, pkgs, ... }: { + networking.useNetworkd = true; + systemd.network.wait-online.enable = false; + networking.networkmanager.enable = true; - age.secrets.wireguard-peer-tohru.file = ../../secrets/wireguard-peer-tohru.age; + age.secrets.wireguard-peer-tohru = { + file = ../../secrets/wireguard-peer-tohru.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 85870d7..aae386f 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -12,7 +12,12 @@ qenya.base-server.enable = true; - age.secrets.wireguard-peer-yevaud.file = ../../secrets/wireguard-peer-yevaud.age; + age.secrets.wireguard-peer-yevaud = { + file = ../../secrets/wireguard-peer-yevaud.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; birdsong.peering = { enable = true; diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index 3a14ff6..713cc0a 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -42,8 +42,9 @@ # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.ens3.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } From 052b0c1c4f6ac558c89764df006273e4ee9298f7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 5 Nov 2024 19:05:27 +0000 Subject: [PATCH 248/438] yevaud, orm, kalessin: split networking to separate file --- hosts/kalessin/default.nix | 2 ++ hosts/kalessin/hardware-configuration.nix | 10 ---------- hosts/kalessin/networking.nix | 6 ++++++ hosts/orm/default.nix | 14 ++------------ hosts/orm/hardware-configuration.nix | 10 ---------- hosts/orm/networking.nix | 18 ++++++++++++++++++ hosts/yevaud/default.nix | 15 ++------------- hosts/yevaud/hardware-configuration.nix | 10 ---------- hosts/yevaud/networking.nix | 18 ++++++++++++++++++ 9 files changed, 48 insertions(+), 55 deletions(-) create mode 100644 hosts/kalessin/networking.nix create mode 100644 hosts/orm/networking.nix create mode 100644 hosts/yevaud/networking.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 7047dff..a3b86ab 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -3,8 +3,10 @@ { imports = [ ./hardware-configuration.nix + ./networking.nix ]; + nixpkgs.hostPlatform = "aarch64-linux"; networking.hostName = "kalessin"; networking.hostId = "534b538e"; diff --git a/hosts/kalessin/hardware-configuration.nix b/hosts/kalessin/hardware-configuration.nix index a80e477..1007f6f 100644 --- a/hosts/kalessin/hardware-configuration.nix +++ b/hosts/kalessin/hardware-configuration.nix @@ -35,14 +35,4 @@ }; swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; - networking.useNetworkd = true; - networking.interfaces.enp0s6.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; } diff --git a/hosts/kalessin/networking.nix b/hosts/kalessin/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/kalessin/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index a042e95..004ebd4 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -3,26 +3,16 @@ { imports = [ ./hardware-configuration.nix + ./networking.nix ]; + nixpkgs.hostPlatform = "x86_64-linux"; networking.hostName = "orm"; networking.hostId = "00000000"; users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - age.secrets.wireguard-peer-orm = { - file = ../../secrets/wireguard-peer-orm.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-orm.path; - }; - randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; diff --git a/hosts/orm/hardware-configuration.nix b/hosts/orm/hardware-configuration.nix index eddc71e..34ef7b3 100644 --- a/hosts/orm/hardware-configuration.nix +++ b/hosts/orm/hardware-configuration.nix @@ -37,14 +37,4 @@ swapDevices = [ { device = "/dev/disk/by-uuid/a0ac8f60-25f9-4dec-af70-e3f4cd36c575"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; - networking.useNetworkd = true; - networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/orm/networking.nix b/hosts/orm/networking.nix new file mode 100644 index 0000000..d69a0ae --- /dev/null +++ b/hosts/orm/networking.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = true; + + age.secrets.wireguard-peer-orm = { + file = ../../secrets/wireguard-peer-orm.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + birdsong.peering = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-orm.path; + }; +} diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index aae386f..7ff5928 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -3,27 +3,16 @@ { imports = [ ./hardware-configuration.nix + ./networking.nix ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking.hostName = "yevaud"; networking.hostId = "09673d65"; users.users.qenya.extraGroups = [ "wheel" ]; - qenya.base-server.enable = true; - age.secrets.wireguard-peer-yevaud = { - file = ../../secrets/wireguard-peer-yevaud.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; - }; - services.bind = { # enable = true; cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; diff --git a/hosts/yevaud/hardware-configuration.nix b/hosts/yevaud/hardware-configuration.nix index 713cc0a..72da1b4 100644 --- a/hosts/yevaud/hardware-configuration.nix +++ b/hosts/yevaud/hardware-configuration.nix @@ -37,14 +37,4 @@ swapDevices = [ { device = "/dev/disk/by-uuid/f8b6eb35-33ad-4e19-bf3d-cac5ec38a8dc"; } ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - # networking.useDHCP = lib.mkDefault true; - networking.useNetworkd = true; - networking.interfaces.ens3.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } diff --git a/hosts/yevaud/networking.nix b/hosts/yevaud/networking.nix new file mode 100644 index 0000000..31e1de8 --- /dev/null +++ b/hosts/yevaud/networking.nix @@ -0,0 +1,18 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.ens3.useDHCP = true; + + age.secrets.wireguard-peer-yevaud = { + file = ../../secrets/wireguard-peer-yevaud.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + birdsong.peering = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; + }; +} From b893da35be369e9c28d6c304931d753957a1e56e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 5 Nov 2024 19:23:53 +0000 Subject: [PATCH 249/438] kalessin, kilgharrah: add to wireguard network --- flake.lock | 8 ++++---- hosts/kalessin/networking.nix | 12 ++++++++++++ hosts/kilgharrah/networking.nix | 12 +++++++++++- secrets.nix | 18 +++++++++--------- secrets/wireguard-peer-kalessin.age | 9 +++++++++ secrets/wireguard-peer-kalessin.pub | 1 + secrets/wireguard-peer-kilgharrah.age | 9 +++++++++ secrets/wireguard-peer-kilgharrah.pub | 1 + 8 files changed, 56 insertions(+), 14 deletions(-) create mode 100644 secrets/wireguard-peer-kalessin.age create mode 100644 secrets/wireguard-peer-kalessin.pub create mode 100644 secrets/wireguard-peer-kilgharrah.age create mode 100644 secrets/wireguard-peer-kilgharrah.pub diff --git a/flake.lock b/flake.lock index 84dc2db..14ec9e1 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1730826917, - "narHash": "sha256-KzpWqP+Cg0H2V036LgIHfuxnpVq2wZ+eGFjuXegRhLY=", + "lastModified": 1730833940, + "narHash": "sha256-rr2f5GAXLUY1XH2+Ow5Iju1mCmscAxY+tefnrzseDHA=", "ref": "main", - "rev": "8ca844c0d0ce3b8088c0a380ecdbf555015b0cd6", - "revCount": 9, + "rev": "b4e7b0ca3e466f3d211590ecc422bb74f61875e6", + "revCount": 10, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, diff --git a/hosts/kalessin/networking.nix b/hosts/kalessin/networking.nix index 3c27781..b5ce574 100644 --- a/hosts/kalessin/networking.nix +++ b/hosts/kalessin/networking.nix @@ -3,4 +3,16 @@ { networking.useNetworkd = true; networking.interfaces.enp0s6.useDHCP = true; + + age.secrets.wireguard-peer-kalessin = { + file = ../../secrets/wireguard-peer-kalessin.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + birdsong.peering = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-kalessin.path; + }; } diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index a0510a7..f0d381f 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -13,5 +13,15 @@ linkConfig.RequiredForOnline = "routable"; }; - systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; + age.secrets.wireguard-peer-kilgharrah = { + file = ../../secrets/wireguard-peer-kilgharrah.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; + + birdsong.peering = { + enable = true; + privateKeyFile = config.age.secrets.wireguard-peer-kilgharrah.path; + }; } diff --git a/secrets.nix b/secrets.nix index 1db2c04..82036db 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,22 +1,22 @@ let keys = import ./keys.nix; - commonKeys = keys.users.qenya; - secrets = with keys; { - ftp-userDb-qenya = [ machines.kilgharrah ]; - user-password-kilgharrah-qenya = [ machines.kilgharrah ]; - user-password-tohru-qenya = [ machines.tohru ]; - wireguard-peer-orm = [ machines.orm ]; - wireguard-peer-tohru = [ machines.tohru ]; - wireguard-peer-yevaud = [ machines.yevaud ]; + ftp-userDb-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-kilgharrah-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; + user-password-tohru-qenya = [ machines.tohru ] ++ keys.users.qenya; + wireguard-peer-orm = [ machines.orm ] ++ keys.users.qenya; + wireguard-peer-tohru = [ machines.tohru ] ++ keys.users.qenya; + wireguard-peer-yevaud = [ machines.yevaud ] ++ keys.users.qenya; + wireguard-peer-kalessin = [ machines.kalessin ] ++ keys.users.qenya; + wireguard-peer-kilgharrah = [ machines.kilgharrah ] ++ keys.users.qenya; }; in builtins.listToAttrs ( map (secretName: { name = "secrets/${secretName}.age"; - value.publicKeys = secrets."${secretName}" ++ commonKeys; + value.publicKeys = secrets."${secretName}"; }) (builtins.attrNames secrets) ) diff --git a/secrets/wireguard-peer-kalessin.age b/secrets/wireguard-peer-kalessin.age new file mode 100644 index 0000000..0aa5850 --- /dev/null +++ b/secrets/wireguard-peer-kalessin.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 QjA8rQ 4HpAnWjvN7TUVp09LXeFsbO7Tgm8nSJoVgvOPGrykRA +QV3ye1ZhE+KQxll64Wrrx0MJ5F6KNDJHW6Ux+a9p/g0 +-> ssh-ed25519 seJ9Iw g3lmpwfxc0578ivMnWhCkfjPXzUQJiiAKNkHKYwb/Wg +pce/B/UKdTyeucDTZaDkE7uMt68et597ERCVC1IWp1Q +-> ssh-ed25519 900ILw t8DWkRgXsF1GGzx0qYK7IBuT3j/AB/E0zJ5cadoL8wY +dCEsWHC5W3bSK2FaCtNHHm5gzZYUH0AIdyZUVqelE1g +--- LW82V25epOMftLlIvwqUx0K+coP1gG+Xiz6GXBoyD5E +cwGVc}~$9ԋ>iӔ&(xa߿.%=3o^ \ No newline at end of file diff --git a/secrets/wireguard-peer-kalessin.pub b/secrets/wireguard-peer-kalessin.pub new file mode 100644 index 0000000..0c05923 --- /dev/null +++ b/secrets/wireguard-peer-kalessin.pub @@ -0,0 +1 @@ +9vyIoXuu1UVjV+aFeuX9LoHRBeAAsiHbrLmYQY4nsQQ= diff --git a/secrets/wireguard-peer-kilgharrah.age b/secrets/wireguard-peer-kilgharrah.age new file mode 100644 index 0000000..d9ca07d --- /dev/null +++ b/secrets/wireguard-peer-kilgharrah.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 5PK5ag vCFLl0+KdLDdogU+r2wfwz0UiYBc8TOx5xeC3JpUgQQ +uJD6T0W12rrb2PS8MQ5zeMlTvm2PrWBB8xnr/7BYvb8 +-> ssh-ed25519 seJ9Iw riSe05mcxnPhW97u811QPXym7PxQbNfQj5fWCv4OHD8 +YQ22OWarqaWUmUUcNnt0NOHiTrgJQWPqibmaxrASO3s +-> ssh-ed25519 900ILw 5og8To6PuPPRxobF7DqwG6T14YGf74HssytPS5UjE3Q +foy8rSONvK9OttE6ilTiLkPUuncWhpzYk7tRdpiE3cU +--- ORkr3Q/weTzN4PdKVOFlfdnhfeYN+untw719iE65oK4 +O }? Date: Sat, 9 Nov 2024 01:05:55 +0000 Subject: [PATCH 250/438] audiobookshelf: fix websockets and CSP --- common/nginx.nix | 2 +- services/audiobookshelf.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/common/nginx.nix b/common/nginx.nix index 4bd8816..2ea3d20 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -9,7 +9,7 @@ appendHttpConfig = '' add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload" always; - add_header Content-Security-Policy "default-src https: data: blob: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'none';" always; + add_header Content-Security-Policy "default-src https: data: blob: ws: 'unsafe-inline' 'wasm-unsafe-eval'; object-src 'none'; base-uri 'self';" always; add_header Referrer-Policy strict-origin-when-cross-origin; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; diff --git a/services/audiobookshelf.nix b/services/audiobookshelf.nix index 80cc659..a9c34da 100644 --- a/services/audiobookshelf.nix +++ b/services/audiobookshelf.nix @@ -19,7 +19,14 @@ in ${cfg.domain} = { forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:8234/"; + locations."/" = { + proxyPass = "http://127.0.0.1:8234/"; + extraConfig = '' + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + ''; + }; }; }; }; From 2207c5cf267f1ba203d8a0db8f8ad6b331194fbc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 11 Nov 2024 19:21:48 +0000 Subject: [PATCH 251/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'actual': 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=befcf0b6e2b9540f01b5caaafcbe62fcf36a063a' (2024-10-10) → 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=32894dcff264ee50e56f58130ac59bd86a7afb45' (2024-11-04) • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=b4e7b0ca3e466f3d211590ecc422bb74f61875e6' (2024-11-05) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=ffe25bd95a49d6595edec6caa432703a48b7a8fd' (2024-11-05) • Updated input 'colmena': 'github:zhaofengli/colmena/b0a62f234fae02a006123e661ff70e62af16106b' (2024-10-07) → 'github:zhaofengli/colmena/a2193487bcf70bbb998ad1a25a4ff02b8d55db7a' (2024-11-10) • Added input 'colmena/nix-github-actions': 'github:nix-community/nix-github-actions/e04df33f62cdcf93d73e9a04142464753a16db67' (2024-10-24) • Added input 'colmena/nix-github-actions/nixpkgs': follows 'colmena/nixpkgs' • Updated input 'colmena/stable': 'github:NixOS/nixpkgs/797f7dc49e0bc7fab4b57c021cdf68f595e47841' (2024-08-22) → 'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/1743615b61c7285976f85b303a36cdf88a556503' (2024-11-01) → 'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/080166c15633801df010977d9d7474b4a6c549d7' (2024-10-30) → 'github:NixOS/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/38edd08881ce4dc24056eec173b43587a93c990f' (2024-11-01) → 'github:NixOS/nixpkgs/5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1' (2024-11-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/807e9154dcb16384b1b765ebe9cd2bba2ac287fd' (2024-10-29) → 'github:NixOS/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/ab464abbeb3a2833288c6e907488c49c2e599f88' (2024-11-01) → 'github:NixOS/nixpkgs/3a7266fcefcb9ce353df49ba3f292d06443760bb' (2024-11-11) • Updated input 'nur': 'github:nix-community/NUR/c7dd9f07d3e3c2abf03aac70ebd21d658037f0c4' (2024-11-02) → 'github:nix-community/NUR/805985e00d71b467b1af5491d4c04eff182f70f8' (2024-11-11) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/6cb0aedf6160725eee50425b4e8d908c09dcb7a3' (2024-11-01) → 'github:nix-community/plasma-manager/f33173b9d22e554a6f869626bc01808d35995257' (2024-11-09) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/00bacafc2d4d74ca96b02ea34488ab36977a9812' (2024-11-02) → 'github:randomnetcat/nix-configs/b5c9e7e5cd82be8be28b8b29aa35eea45e8d2ca2' (2024-11-11) --- flake.lock | 98 +++++++++++++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 14ec9e1..5629c1e 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1728580104, - "narHash": "sha256-M+t/DmOj4cjF7/M9qBW5OK/Lam69z4LX+hXraqegz0w=", + "lastModified": 1730687397, + "narHash": "sha256-xluSdua/nB7BVpSx7C3PY5XJOsr9x0IsUwuVHJFpJ+Y=", "ref": "main", - "rev": "befcf0b6e2b9540f01b5caaafcbe62fcf36a063a", - "revCount": 16, + "rev": "32894dcff264ee50e56f58130ac59bd86a7afb45", + "revCount": 17, "type": "git", "url": "https://git.xeno.science/xenofem/actual-nix" }, @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1730833940, - "narHash": "sha256-rr2f5GAXLUY1XH2+Ow5Iju1mCmscAxY+tefnrzseDHA=", + "lastModified": 1730835703, + "narHash": "sha256-VQWyAU+Nyh2a7jQlbn4my5XBE/OgiYKSBfRpPy7GMwg=", "ref": "main", - "rev": "b4e7b0ca3e466f3d211590ecc422bb74f61875e6", - "revCount": 10, + "rev": "ffe25bd95a49d6595edec6caa432703a48b7a8fd", + "revCount": 12, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, @@ -64,17 +64,18 @@ "inputs": { "flake-compat": "flake-compat", "flake-utils": "flake-utils", + "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixpkgs" ], "stable": "stable" }, "locked": { - "lastModified": 1728263678, - "narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=", + "lastModified": 1731249827, + "narHash": "sha256-04iOZoJ0D+y3xhZtaCgSBOz8T4hED7oMVkuAOzXT8vU=", "owner": "zhaofengli", "repo": "colmena", - "rev": "b0a62f234fae02a006123e661ff70e62af16106b", + "rev": "a2193487bcf70bbb998ad1a25a4ff02b8d55db7a", "type": "github" }, "original": { @@ -142,11 +143,11 @@ ] }, "locked": { - "lastModified": 1730490306, - "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", + "lastModified": 1731235328, + "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1743615b61c7285976f85b303a36cdf88a556503", + "rev": "60bb110917844d354f3c18e05450606a435d2d10", "type": "github" }, "original": { @@ -176,13 +177,34 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "colmena", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1730327045, - "narHash": "sha256-xKel5kd1AbExymxoIfQ7pgcX6hjw9jCgbiBjiUfSVJ8=", + "lastModified": 1731239293, + "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "080166c15633801df010977d9d7474b4a6c549d7", + "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", "type": "github" }, "original": { @@ -194,11 +216,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1730428893, - "narHash": "sha256-fLLUd2dO/Vnf96UDr8YPzerYi+n99l3S5yIUDnmcPBE=", + "lastModified": 1731255958, + "narHash": "sha256-cjD6FGfNeQRUXByeRQi0srmwoMXUY4sq12U8LvZLVK8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "38edd08881ce4dc24056eec173b43587a93c990f", + "rev": "5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1", "type": "github" }, "original": { @@ -210,11 +232,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1730200266, - "narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=", + "lastModified": 1731139594, + "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd", + "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", "type": "github" }, "original": { @@ -226,11 +248,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1730449684, - "narHash": "sha256-Hlv3rTPxnO+DpKRXw9yjzERLdk05h7+fEbZxWM2taCw=", + "lastModified": 1731346085, + "narHash": "sha256-JWC3hvUZGsJGisC9d3d40wQalUkSsbaOgAJIOlHn6Qs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ab464abbeb3a2833288c6e907488c49c2e599f88", + "rev": "3a7266fcefcb9ce353df49ba3f292d06443760bb", "type": "github" }, "original": { @@ -242,11 +264,11 @@ }, "nur": { "locked": { - "lastModified": 1730552901, - "narHash": "sha256-K1v1CSzAnfL85MHY07S0BhVKae/ysZqowWdEapFcFJc=", + "lastModified": 1731351894, + "narHash": "sha256-9ChuIb21fFactZYViUyS6gYvCHtkKX+5fxaNUMQpF9c=", "owner": "nix-community", "repo": "NUR", - "rev": "c7dd9f07d3e3c2abf03aac70ebd21d658037f0c4", + "rev": "805985e00d71b467b1af5491d4c04eff182f70f8", "type": "github" }, "original": { @@ -265,11 +287,11 @@ ] }, "locked": { - "lastModified": 1730481339, - "narHash": "sha256-Y1yWhjt/38N5IMgWoGnUTzJ6F4kGnpti/l2AOJWPUOY=", + "lastModified": 1731193165, + "narHash": "sha256-pGF8L5g9QpkQtJP9JmNIRNZfcyhJHf7uT+d8tqI1h6Y=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "6cb0aedf6160725eee50425b4e8d908c09dcb7a3", + "rev": "f33173b9d22e554a6f869626bc01808d35995257", "type": "github" }, "original": { @@ -281,11 +303,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1730507817, - "narHash": "sha256-TRIhNijZuIrS/HwlPzCu82srWmuC6MV1TxyQDks3Pxg=", + "lastModified": 1731352726, + "narHash": "sha256-9Smn0IGEPqktaMrXeHFiYlj7ix3E54x4RUVfq6xp7to=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "00bacafc2d4d74ca96b02ea34488ab36977a9812", + "rev": "b5c9e7e5cd82be8be28b8b29aa35eea45e8d2ca2", "type": "github" }, "original": { @@ -313,11 +335,11 @@ }, "stable": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1730883749, + "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", "type": "github" }, "original": { From 024bf2b990ec5a3dc2c8ec861afda38ac6699893 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 12 Nov 2024 10:51:14 +0000 Subject: [PATCH 252/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1' (2024-11-10) → 'github:NixOS/nixpkgs/d3c490e9c812d0a9dcb0593663d9430451fb8f96' (2024-11-11) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/3a7266fcefcb9ce353df49ba3f292d06443760bb' (2024-11-11) → 'github:NixOS/nixpkgs/d30293dc9854f57d9d5ae1f2e18b6a9506852a93' (2024-11-12) • Updated input 'nur': 'github:nix-community/NUR/805985e00d71b467b1af5491d4c04eff182f70f8' (2024-11-11) → 'github:nix-community/NUR/33f52fb5eb91a1736e371ba6f47f34cec0a50f2a' (2024-11-12) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/b5c9e7e5cd82be8be28b8b29aa35eea45e8d2ca2' (2024-11-11) → 'github:randomnetcat/nix-configs/7cc4488ea39e6ba5c97e9cf688aaf6d9d1680206' (2024-11-12) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 5629c1e..50fe969 100644 --- a/flake.lock +++ b/flake.lock @@ -216,11 +216,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1731255958, - "narHash": "sha256-cjD6FGfNeQRUXByeRQi0srmwoMXUY4sq12U8LvZLVK8=", + "lastModified": 1731356506, + "narHash": "sha256-j0UUHSKvBlJHF3/LyX6FfWiJrcSSqiBXucT/NTKxVQU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5354a00f3cdbab47090bdc51aedbe13d1e2aa9b1", + "rev": "d3c490e9c812d0a9dcb0593663d9430451fb8f96", "type": "github" }, "original": { @@ -248,11 +248,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1731346085, - "narHash": "sha256-JWC3hvUZGsJGisC9d3d40wQalUkSsbaOgAJIOlHn6Qs=", + "lastModified": 1731389305, + "narHash": "sha256-NoPclODC7pLq4LTuIpAIjRUK/IA+c1Te56QIOyW84ug=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3a7266fcefcb9ce353df49ba3f292d06443760bb", + "rev": "d30293dc9854f57d9d5ae1f2e18b6a9506852a93", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nur": { "locked": { - "lastModified": 1731351894, - "narHash": "sha256-9ChuIb21fFactZYViUyS6gYvCHtkKX+5fxaNUMQpF9c=", + "lastModified": 1731407316, + "narHash": "sha256-b0AdjynJwJmg+gXrPvXVTbLJPnInoyG48zKIiNWkcoc=", "owner": "nix-community", "repo": "NUR", - "rev": "805985e00d71b467b1af5491d4c04eff182f70f8", + "rev": "33f52fb5eb91a1736e371ba6f47f34cec0a50f2a", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1731352726, - "narHash": "sha256-9Smn0IGEPqktaMrXeHFiYlj7ix3E54x4RUVfq6xp7to=", + "lastModified": 1731371791, + "narHash": "sha256-1qO3f+Y8/djG0tggk/SLz8VTEmSDz9CK4X01mDN2nwY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "b5c9e7e5cd82be8be28b8b29aa35eea45e8d2ca2", + "rev": "7cc4488ea39e6ba5c97e9cf688aaf6d9d1680206", "type": "github" }, "original": { From f9f262a856bd21d712bdc4cde22fab34a35bd1eb Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 12 Nov 2024 11:14:08 +0000 Subject: [PATCH 253/438] qenya/vscode: use golangci-lint to lint go files --- home/qenya/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 8a2f8cf..80d1a41 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -36,6 +36,7 @@ in "dlv" = "${pkgs.delve}/bin/dlv"; "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; }; + "go.lintTool" = "golangci-lint"; "go.toolsManagement.checkForUpdates" = "off"; "gopls" = { "formatting.gofumpt" = true; From 5cfd5a7a7ce979db79af71c00b63e9d665988fc8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 12 Nov 2024 11:14:20 +0000 Subject: [PATCH 254/438] kilgharrah: install obs-studio --- hosts/kilgharrah/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 14d6aba..57a4933 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -28,7 +28,8 @@ age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; - home-manager.users.qenya = { + home-manager.users.qenya = { pkgs, ... }: { + home.packages = with pkgs; [ obs-studio ]; # For the moment, this hosts some network-accessible services, so we want it on 24/7 programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; }; From 80fcd62ba4271c0eedf48db85256f7747caa1866 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 12 Nov 2024 20:42:35 +0000 Subject: [PATCH 255/438] kilgharrah/networking: enable keepalive to help with NAT --- hosts/kilgharrah/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index f0d381f..f9ae666 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -23,5 +23,6 @@ birdsong.peering = { enable = true; privateKeyFile = config.age.secrets.wireguard-peer-kilgharrah.path; + persistentKeepalive = 31; }; } From d69e1dcc16ab880bfdc23ee05370a61e797ac89a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 14 Nov 2024 13:42:36 +0000 Subject: [PATCH 256/438] users: enable users per-host --- common/users/default.nix | 2 +- common/users/qenya.nix | 32 ++++++++++++++++++++++---------- common/users/randomcat.nix | 25 ++++++++++++++++++------- common/users/richard.nix | 12 ------------ common/users/trungle.nix | 23 +++++++++++++++++++++++ hosts/kalessin/default.nix | 4 ++++ hosts/kilgharrah/default.nix | 1 + hosts/orm/default.nix | 1 + hosts/tohru/default.nix | 1 + hosts/yevaud/default.nix | 1 + 10 files changed, 72 insertions(+), 30 deletions(-) delete mode 100644 common/users/richard.nix create mode 100644 common/users/trungle.nix diff --git a/common/users/default.nix b/common/users/default.nix index 9e58dba..7b46780 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -2,7 +2,7 @@ imports = [ ./qenya.nix ./randomcat.nix - ./richard.nix + ./trungle.nix ]; users.mutableUsers = false; diff --git a/common/users/qenya.nix b/common/users/qenya.nix index d3998c3..6a8e506 100644 --- a/common/users/qenya.nix +++ b/common/users/qenya.nix @@ -1,16 +1,28 @@ { config, lib, pkgs, self, ... }: -let keys = import ../../keys.nix; -in { - users.users.qenya = { - isNormalUser = true; - home = "/home/qenya"; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = keys.users.qenya; - uid = 1001; +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.qenya; +in +{ + options.fountain.users.qenya = { + enable = mkEnableOption "user qenya"; }; - programs.zsh.enable = true; + config = mkIf cfg.enable { + users.users.qenya = { + uid = 1001; + isNormalUser = true; + group = "qenya"; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = keys.users.qenya; + }; - home-manager.users."qenya" = self.homeManagerModules."qenya"; + users.groups.qenya.gid = config.users.users.qenya.uid; + + programs.zsh.enable = true; + + home-manager.users."qenya" = self.homeManagerModules."qenya"; + }; } diff --git a/common/users/randomcat.nix b/common/users/randomcat.nix index f425424..de637fb 100644 --- a/common/users/randomcat.nix +++ b/common/users/randomcat.nix @@ -1,12 +1,23 @@ { config, lib, pkgs, ... }: -let keys = import ../../keys.nix; +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.randomcat; in { - users.users.randomcat = { - isNormalUser = true; - home = "/home/randomcat"; - openssh.authorizedKeys.keys = keys.users.randomcat; - uid = 1003; + options.fountain.users.randomcat = { + enable = mkEnableOption "user randomcat"; }; -} + + config = mkIf cfg.enable { + users.users.randomcat = { + uid = 1000; + isNormalUser = true; + group = "randomcat"; + openssh.authorizedKeys.keys = keys.users.randomcat; + }; + + users.groups.randomcat.gid = config.users.users.randomcat.uid; + }; +} \ No newline at end of file diff --git a/common/users/richard.nix b/common/users/richard.nix deleted file mode 100644 index b099667..0000000 --- a/common/users/richard.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: - -let keys = import ../../keys.nix; -in -{ - users.users.richard = { - isNormalUser = true; - home = "/home/richard"; - openssh.authorizedKeys.keys = keys.users.trungle; - uid = 1002; - }; -} diff --git a/common/users/trungle.nix b/common/users/trungle.nix new file mode 100644 index 0000000..d1736ff --- /dev/null +++ b/common/users/trungle.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.trungle; +in +{ + options.fountain.users.trungle = { + enable = mkEnableOption "user trungle"; + }; + + config = mkIf cfg.enable { + users.users.trungle = { + uid = 1002; + isNormalUser = true; + group = "trungle"; + openssh.authorizedKeys.keys = keys.users.trungle; + }; + + users.groups.trungle.gid = config.users.users.trungle.uid; + }; +} \ No newline at end of file diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a3b86ab..ae5b218 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -10,7 +10,11 @@ networking.hostName = "kalessin"; networking.hostId = "534b538e"; + fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; + + fountain.users.trungle.enable = true; + qenya.base-server.enable = true; system.stateVersion = "23.11"; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 57a4933..33fc8c7 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -25,6 +25,7 @@ qenya.services.pipewire.lowLatency.enable = true; + fountain.users.qenya.enable = true; age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 004ebd4..1d8a648 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -10,6 +10,7 @@ networking.hostName = "orm"; networking.hostId = "00000000"; + fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 8d6f7b2..7832985 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -23,6 +23,7 @@ console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + fountain.users.qenya.enable = true; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 7ff5928..2a8fdae 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -10,6 +10,7 @@ networking.hostName = "yevaud"; networking.hostId = "09673d65"; + fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; From c60b753c5c1064e09743aa337790188be1fcf3ce Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Nov 2024 18:28:08 +0000 Subject: [PATCH 257/438] set up distributed builds --- hosts/kalessin/default.nix | 10 +++++++- hosts/tohru/default.nix | 6 +++++ services/default.nix | 2 ++ services/distributed-builds.nix | 45 +++++++++++++++++++++++++++++++++ services/remote-builder.nix | 44 ++++++++++++++++++++++++++++++++ 5 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 services/distributed-builds.nix create mode 100644 services/remote-builder.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index ae5b218..0bbdfec 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: +let + keys = import ../../keys.nix; +in { imports = [ ./hardware-configuration.nix @@ -12,10 +15,15 @@ fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; - fountain.users.trungle.enable = true; qenya.base-server.enable = true; + + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ keys.machines.tohru ]; + }; + boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; system.stateVersion = "23.11"; } diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 7832985..cae91d3 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -46,6 +46,12 @@ ]; }; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kalessin" ]; + }; + programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet programs.steam.enable = true; diff --git a/services/default.nix b/services/default.nix index a83117a..f136e92 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,9 +2,11 @@ imports = [ ./actual.nix ./audiobookshelf.nix + ./distributed-builds.nix ./forgejo.nix ./jellyfin.nix ./navidrome.nix ./pipewire-low-latency.nix + ./remote-builder.nix ]; } \ No newline at end of file diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix new file mode 100644 index 0000000..e0bbbbb --- /dev/null +++ b/services/distributed-builds.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +let + inherit (builtins) elem; + inherit (lib) mkIf mkEnableOption mkOption types optional; + cfg = config.qenya.services.distributed-builds; +in +{ + options.qenya.services.distributed-builds = { + enable = mkEnableOption "distributed builds"; + keyFile = mkOption { + type = types.path; + description = '' + Path to the OpenSSH private key to be used for distributed builds. + ''; + }; + builders = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of builders to attempt to use for distributed builds. + ''; + example = [ "kalessin" ]; + }; + }; + + config = mkIf cfg.enable { + assertions = [{ + assertion = cfg ? keyFile; + message = "must specify a private key to be used for distributed builds"; + }]; + + nix.distributedBuilds = true; + nix.settings.builders-use-substitutes = true; + + nix.buildMachines = + (optional (elem "kalessin" cfg.builders) { + hostName = config.birdsong.hosts."kalessin".ipv4; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "aarch64-linux" "x86_64-linux" ]; + supportedFeatures = [ ]; + }); + }; +} diff --git a/services/remote-builder.nix b/services/remote-builder.nix new file mode 100644 index 0000000..265241a --- /dev/null +++ b/services/remote-builder.nix @@ -0,0 +1,44 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.remote-builder; +in +{ + options.qenya.services.remote-builder = { + enable = mkEnableOption "remote builder"; + authorizedKeys = { + keys = mkOption { + type = types.listOf types.singleLineStr; + default = [ ]; + description = '' + A list of verbatim OpenSSH public keys that should be authorized to + use this remote builder. See + `users.users..openssh.authorizedKeys.keys`. + ''; + }; + keyFiles = mkOption { + type = types.listOf types.path; + default = [ ]; + description = '' + A list of files each containing one OpenSSH public key that should be + authorized to use this remote builder. See + `users.users..openssh.authorizedKeys.keyFiles`. + ''; + }; + }; + }; + + config = mkIf cfg.enable { + users.users.remotebuild = { + isSystemUser = true; + group = "nogroup"; + shell = "/bin/sh"; + openssh.authorizedKeys.keys = cfg.authorizedKeys.keys; + openssh.authorizedKeys.keyFiles = cfg.authorizedKeys.keyFiles; + }; + + nix.nrBuildUsers = 64; + nix.settings.trusted-users = [ "remotebuild" ]; + }; +} From ea5b59bbe9a84efc9c249416cd8b4be19bb8859e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Nov 2024 18:33:11 +0000 Subject: [PATCH 258/438] secrets: rekey all --- secrets/ftp-userDb-qenya.age | Bin 12720 -> 12720 bytes secrets/user-password-kilgharrah-qenya.age | Bin 396 -> 506 bytes secrets/user-password-tohru-qenya.age | Bin 396 -> 506 bytes secrets/wireguard-peer-kalessin.age | 16 ++++++++-------- secrets/wireguard-peer-kilgharrah.age | 16 ++++++++-------- secrets/wireguard-peer-orm.age | 18 +++++++++--------- secrets/wireguard-peer-tohru.age | 17 ++++++++--------- secrets/wireguard-peer-yevaud.age | Bin 407 -> 477 bytes 8 files changed, 33 insertions(+), 34 deletions(-) diff --git a/secrets/ftp-userDb-qenya.age b/secrets/ftp-userDb-qenya.age index 3d40119b47ab80fefd0623c655a85d5960f07551..53f83c0be1b82ca4b0736044fea276048cb2f839 100644 GIT binary patch literal 12720 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP4e&NiOjmH#E_F!^ z_VWrUO*HVUj4BKbbj~;MaLq0aPczI9^zih^4h?k)@b#{$2;>TN3k}E#4L8t_%*xKr zH>)x%tnkPRbxAI^49PdGG;>T(EcGjQ42%dVk3_evIMvJ2vs}S4HQim`rzj(`B0tEb z%HPF5C^Oec+cnFvC^xMl%Qz~^E63R)AgjtG$CJy~H_^hZu)-|g-zeNSJ<-(AGuzk9 z&Bvl5Bs)39Aj+UPxgxhHz{oW>I~mpK=9H!-6Qk3Jdd$5^pnu%qVZmWJ}W$ zOBde&OP3HM-_nREU$Ybw4_7zmyil%meXqo@NSDa;@;p;7OFy3^(=_)epGc?t07FAx z7vn_F5VI2fz@noSbCyqCn>|i!%Svh}43ph!hV?uMo@Z^pq0cuqbZ> zZ7=h@L~qL^(_$_oF5ZX2S$C9=ov2jKnbb0)NX1mYO2K^^Eb@!ikON zB&U4U{`l%jGTWnji6w>;k7rHY@McEA>6LSe%*z8}}7GJKHlY|28u!E;{+{=9k+`&Ivq!tUsyMBu{nUYwPB$zTg=w z=VVst^Q`_*xz|7b#NJq^U01$`zMod4M_+!15!4VySW7kvUa<{jhe6%c3tU$1B*?}W_j@3JS zen0Wk=?b?y_3|r(KHrx*%~(EFQMxK6{A9*f9pz`tVpT#6mTOLhW&b>O?NL^hirAZH zaoSF)FIT$SBz>9x*YLelg0@oS@s^-6lR2}~qW4_y;^^7R|4XLxe2cD)NKaYLk`L|k z%0w5a&vV={$>)3Aioc!Lh40^;)KPCT?NrI!d4BT(u3!F?V6!V{?~HnHYYFE3JqM;L zsVS~m_b70-d6abAlwIQHuPk2oX_P0OZd>t-_h+ze^HS-o;|DJtjhiC%&2H!FpMoWy z164nC9ljv0w08;5Q~hO{oga57%`6f*a#X16sMV*pv0PeGm6wmRJIR*)d%0lwuEPQh zAGem6RR~8<4*K1Y{QUQoIA*EM1spE#g8Nsc1YYv|{wd|1UW z=YmI*d_%&0GZuebvFcEbz=?gSGvaT5h;F?d^RZYt@c*nIPAP@e`+esHcV7MT(DUZD z#f$GO`6?E(YD2l$U0K&MuWMSt-0!B`N)(u6upm$3YpC|LtQ8-pWcWWQJeB_4TXO0} z>H98c9$QQ->pa7_g}^{BxwBm z`A)vM_>Yg_vA?JPyjy7UmGSxm+kCz9OUEKlEo;2j_jOL5SyznJ_3G*`-InB<8(^*yWC0nwS1J?@v>jI-}Ms(dSF)Mms5!;Mc9w=jEu%CcJqw^Vi1`KP$_x z?W^aq)U?#I#;3)fU~&K8YY~uqMY#XarL>nvtR)4HEDGE*^RmYFo5BIF%h3b2!5bHC?^4Qr{l$wan)cwSEpy9L%N}XLlbC5SB`e&fgGg{2~79D*n7POY3L$U0gHstcSGE z%B;)2evX^1MfMlBwjEr3r(YmDV*aKBRWI+fa@1#huFG5ZX3o~Nr>qp0zS^#(pHy$+ zX0ae@;bWg-hpa71-cvKJUKzC?($T0*EPbqfYQ<%#a}RWOEL(o?LW27*o>R-;M@f_y z8p<^oBb8Jdn+6#fBt{(%5O{ljgLwe%w2Wpz5TjH zExwOc4(V#Rwy%B6mAiIUCk3sGHmT=t83W*J;*|gC`x-gqc`-JSf{5hB7=A5o8NIi9HbL@+_?U&Ze%E{Wd zzFeZj<$vRZqvo%ezuw%hH_7o#KflwT=wKy7kui+hsr+pwe35-fh$cQ^S8XqHjW89ny=rpns2o}rmN*Qv&*_JNHSMf<)|_oYm6oo2)IP zrpP~-mhn<{F=M^j`riy3P8a8~E&FvS=f%${w@$JhcmKO`Pft;Du|)ssPLZcw#}2UW zmx^ZlZF{8W6PwAGUlnKPhx}90{G@2(e&Ar?thlxNe@BbWy`i({PkhdazNyh7IZLj+ zP4?n4&0afszmHVSAJ+a$2@*E{ZBCqSu{B98wbb9oxBt&m!<#Z8%UIjmXExe)TnZA) zoS`=RL~&sBO3VAVo?SJW@c6G_E_eB}6Zv)3ykx*pv0A zcct!+%jfwRekA$sU{=fP{UBudY-wH5p3w6#Q;si7)d)M2biGWgA$$Mhw|j5h{%xuH z_PlxH7m2Ryi~s-?n7!Nv>N*Gc&tw_UK7{ zIH}$@_0O9hODpf*|9a}5`u|hgmT&Lhe&dwnbPzJg3lE$jS0f#oXezX5+ z3um=^bNa#An`a+deEZzHNso>))@2wJ-tg{pHBxH-RpoT))BO2%-fx#$cvWADW0U6TDKe}Yu22Xc8{`>RM9H&#Q4yJCBfjM91T?@&VkU6Y-GT_^xg4Yra`j)WYUh`3 z3_1Ug;pnaJiVIz%UR>B^_Ck5p8Ee&xHC&3DUoLy&baB13=Tkqaz1DjE;r-h86__OJ zfBoQFaZ5g+t9pN)!c>*H9Zz;IKGnWMHR5^0#VIS!Dz1FQD^qu2j=fr=@@wXw4^sD~ zC|78dE_lC2#pLD=g-LT&es0itZ{nzXphx2Q(qkFYuBP%)jJ$KGOZ*>*+$OUma?U zV-BnIt+;6s@~d-xx%j3n#rh3<);*h|u*sx@y^MGBjay2^XPyi8eOazmz+b9+k8O3V z_%)$-0af}1bN}yszI2O~_XakD-zl=kjCjAXG|gJF=%RR5<-<3e9yKp-#{{vK+{}uf zSNhqYLVtp$aH#wn@kiFD+07muzsE5t55tSR4`tbCW1 zN3Os~=s7!g-1^L{`^#swUFL6-shBMldzt54!fuNvv!))sP%=wJY?{P0=DCT|f1MvK zDx13G{>`9I4qm$)zU*h{nBC~UFR}8=tHqP}UL|e&C38jLMWVU#k;w*!%9Y>Pzc|Hs z$8YMAi$NNbI@6ymXL|PA`ha-wF&4H3>%=a|>u;Ut^Kt2l#Zo&pw!L4mhVS|(g~ne? zUOxF^(7*gRXUG@cpBYb1>}a*EV*a_{ykp|}wf`-JO5a2*oW8Nl=w)AkWnAx)N4^`j zDeTw&=In9TPG9_{!3^6sN0ub!h;)A}G)|Vko_*R|_nn)5@QXcGtR_?a`)57p2#-6u z@{HmMuXSAKazy{HJ>~e6<+1()y@ucK{qm19Gv3*=uHpT!_M%H~wW?K*-SJV7dFiE5 z6wNYhVdoJU?LMc#SX z>Ux&-jCEAfAM@FKUB5OT-1&T2!2YXF6T`SG1?n;up7}XB)Y$dBwNdrK?+n{S8JWdC zdkO7P^?b9agx4a{w5?|1?lXVPntHYGe*Jz&DmKFYfcBsH$FCWR&2lWBv~B+HZEQtv zB%Unei_wU@*_qmsUm)%`#Xd1(CiBW48=vqkvCd_mrGCo&Nea7_#3a#aN4=j+oICZ2 zi<%)r&4P@pb5l3R`%l~(c6mpy>B;h>RU1RJmj;Hv*|fu)Wx~?sGv0_@l*zC0uU%Tb z@Yuz!4^DIXLh5hje%O2T{wCwktF8H-EM957{9*jk)!(#UPx~;5)A#nRW0zwW7QWtR zDpwNtM%{GTbm2O+qZd7cn>m-gZhNM`Xr{Tv!bil{r=|R zDGRZo>gx7yJCPo+fP!%1a_{+aCK++cd@`o5pRxl$ibn15!>KAgNr`H7qJM9Ee! zY37tt;q!|YX&0{ERi)9HbA$cAwZ`Y+x659XeW*e13ipw9=4HECw%(h? zHvjt7xh$5gUti8{X83dLzu2|V1xsDHBB#0Qyws4?cS$jg`K2u8bF)rRVd-q~tJx3D zF2-a%T*j|=#_PV*mX8~zR44FVwy>_&jI*?c}u|j<|37=R9KqujjO#Wfw|6Th+%ZZe(~U z$1pqMok*4LVx9QM?jh^MZ=dm0N_4kYV3Af)^<$X8dGF(KIrfC@sqNcarmeWWT2Ol9 zo*ls}C)rJNd8pp^&}Flu+&TBhg$G`lSc{!?IL)!>Kv!&F-?Cpn(^OLrE?ThiSL&s| z0)M8h^H#lV*0Z(7S|LYF|2m`5@{-Fwmst0gyGvvUC|th#!D!V72`)DFKa6oREG`Ev zv1yKqmT#OKu>a0Fvme!?nzi`QcV=78d$+hu*tPlD3eRtMjy!pBu|-7BqJz@{ z#TftjUABAPexax13 zy1>G^MU%0+m@At1x~6yHTXUZM3tnHS;Ymxk%6oF-_M+6f_RCQPri-_|Yip637a(}4 z?cB^Sb$8#WIQK9to>5-f(6hMp=Q*a1+Z%7(3ERe!TT*iz9VrrI8jbm@U#Pp%< zaYDD@%q4lw-P$)l{B(``abW7+hY7n_ikvS>l=oKV$}SgRRNr!aRZVSjpp_SwUEQ>- z*Tvd9;#7{DkDr^vF7vKQNAz3p^Y*Z5M?xf$e!2SR**o1do3E`=^t9wqT5RP<@y}~! z@3NgPafdN%d!OOUH#`pVj)!emUwrcClWdg6mEWwjKUCB=w3qX&)0~@oT7aQ#;`}$o zx6X)a>8k5%y={w|b&lav<=yh0cLo9&pdzktJ@$A&TSI?_ErEm60T(-P&&tRHFckJ4R#Gc-$ zt*ep+Pny1dz)<`*xPO(a+^rU|WPL{G6E7C8@$q#$r1bi-q_@K4xee=|AGhJ!^1QrM zU%z<517X1xv(~R|PTu|aHPh_mJ11s&?kaTIR=g*eUpdd)>e`3-E^f&|y$?!mFp5cD zXP2wE^Fw5TNrWh~#033cV(Zl=TO?eFPBE%FU^|6ZB;+o?;W?Z3jYqqyW^C2{@q3%m z;|#O;>g$g1NZzRGT=$FV;vO+}4Nnor_@7cUh2!34F|&UtD-&_Qf9qIEAL}{?tD+Y( zcWu9QU5RhAN_tcJ17RWOK$98%w;O+?t6zNbZE}R#Ik7W5VLeiRCO*|of4$~Lo`Sum zoJq~}ghVTqt9@JfTx_-|JTE9pdKN2Pc=P@Hn@h{yO%1h;NjfMV9bx^%tIhq#s)R%9 zVl;I1r+ogeo3Xg)^M!m`kBzeO!dxZKU%JyIqtIL z*w*|v2VK^GnXDV}hW*fu7YCmkt)E(G=F0ZxGKcyt( zdUP+$WQ9&j5t6AZV4zoAq zeeP52=SbG&Hr;mGEOVQ0&*eTGdsLjbLBq1?EH<7d)c*uXz3T%ynR!-+!&|+*4XIrXvsF2 z-%HjmivJvacI$&jZ0BNyWhUM(POZFk-(u2(V9spslyaSaJsZ@$4V!f*FOvOtd)GJf z5392pPbhB}kr3-YW_wKj_y>*X@^Yb9)AZa7)?aTr*zhan(bW1$6~0VsZnBGNq^Jr1 zbX&MMy4Tl|F;O_^wKU5et?Leb=It&H&KALyAu?|t$DTR&u_?SeODlHr+2me!j@FMQlsnnz^A@jCx{(G~q3@|Dkm7a~#jPtR(Ytn+Wx1%n4s+n%l#`_@rZ zzwr8&tP4x`Dix`uxTb!4AG>G)pV-ee(iaLR@8wpw+12D>VmznP>c4Ad#;+IVJo*bF z4;g=-!RsKCtv74i;9we9Hpm#SNGS6>%8 zx42=$iO)Lu)8sCfFz@^(_xRM56Wf$_Tb%Pg`=amy*JI|b`z)unhyGVc?e@L(QdnNg zcGY*o<)8fcx3~4r@V~nHWpdc0`mH|pw*o$&Wc;=%{#wv8n<$xu&tgoX#ScBsemi-# zppVbxmxtG^(op=nt}#IM#nI`%^#5NEnQVBY(Ya42KmYZ^2dBUAsVo-u+a0*SDeaQg z*Mke)6(Y~7v{}}ie-NABy%J@lf>Kpd%xFab{Ib@2)vr=al~_ zteS8=(>Gl_VZ)O4uWzPDPEWeKY!^d_l}xPyM-XS@hbL8+zHMtuNjp|qG4;GtdPvOG zhmA&F`@?g7R^6NUB>PaJyUnVSo0H}rD$la!?<)6yVg8Pv$9G$Vc(P)obK|!9Rr}?f z<}UfHw(E28H0yY$Cl4k{$@ZFd3d+sWOb_|hzbonMzfH#u`gra5y84j6U*x-^rKiog z)T5@f??~A);q9*FulX#wr!ER9ZSCGZgR!mVsfF-`S?5ccUKLxb z+Z&qw5iVx_?ksU>f8W=I@#i<)4sVvwcZVq{-{pJg4%d zm#-hqlKfQoR$(ny>AoYY;^(^Vkk1P>UNFDnp25nAPW&B?ix%lUySrCEdG_~R$C%f@ zV!66@j%RA`OS$v=ZFO(4Gn+g=R^;Nre4ATy$u%?as>wzwYm9DBnL0Drr$m`e-F?1S zZI43eTFV&jv-^{GrZi*(o;n@B{&34GLAhU>xhGyc!e2k_LWAw5uk+l_U;1-ZyY$hj z!aIKRo5ONurQWOjwD6nm?Ufq0*yo>^#W4TZq@&ZTrglw8Wsq-pyf{$%*`%C3x7HMV zovWsIsxwkU{>p2I7j25yRxeNcQx(pUQ(~6pmSf8||5}Ze<+WK#qi34sMsx!qs--Mi+c=z<2 z3qKBgR1Zy(>km-W7ZiPLe=(KKm`}m!S>4x}M-qASTm@$_Y&Xn5@%-lVE~kY1+qNvZ zp?~`L;)7jFes}CLH1xm8e8A?Z9WQ@3v-fe`BZ~`!b9BPpCf=R|B;bs2U!^M^5MxWD#v*ELn&d$H{-s6p@ z=#vSnd^7CK%$*`~=0^Dk7xT__P(>!7*e#Z1m7rucJGVI4clLzX5*&WJF1 ze3ymQWXU4?Me$Y|58u7FNZ4qT+|DM%|6@jvMAfNVi?&P&n|)aHxaH>O-FC0K#5aq^ z3G;_KHGZ-;te>E<;p6h44-fa|zY;z#7I%M#;rkDJKdUQDijLs!HjH&xlQQD~SLJ(_ zpeZifuXSupVlG_puI6ZO49lYD1uJKB%-Qp3&kp;Q0Utk3X%IV7E_BJ>d8OHo8w=Dl zRxhdcxE-b^+qSOPGFIXGW#wSY9X|>_IGqgdIG(pe<-6^IJKJk=1g5=O@hX7J<(8Y- ztf+mFr`Cu4om{+2rrt$sk@fVq$F?vv>ph$HvZU(zmGuYOj-UIX*J=LnS3&=cNm{d| znK?F0Gc$da|Ejls)l6ZQ+MmonSh?NXN>XkGdHG#ky2$0O{*B;H(XB~y^P?FquX3IK z!e7h%M`PdH)}_~ND}VfwljGCBu<5O>`Oo@VnH0OqQ0||n^QQX-R^|pLoD7R(?BiXo z{Zez$`|`k-l2^~IVLPDUHFYujgg)1ETNk+8yKqA#-%IArN9S{e+s&2kl`&`QGJVsW zbfUHKx>{=I6CHWQ_qB{USzMNiVoqiS=3Rfb2FNY0e>U@?+ue+CVbzu^%57Pvr5Zcu z{=T{U{so1NT^>^Yad(~13#hSbil+)aS-$ZPf0y1&n=LJ-6J9Ovk2zQGP%fOu$bYCt z>o@DyO;u&DcQ4}mE+cZ-KlkeNT~a4a^n4~gRK6INzM@Pt$Y+Y9`_83nqS><^Uu}NV zZ}`M5MMl@8_x_f(n{3wpo?R7jm5b5fxVZ7=`16mQ3k?pPlDK#1`udwrsoC>Ztu|1u zI}viea>0^?T>U#2DXe!-EVE54X5)7gT3~V5az>G?E$5bvKmWQ0EcOoUcg=n0q1w)B zY}xSD+GMV(`R$$84?p^Jb(N-umt)J0dD=ObI5vKrQ7ykwMDNB_=e@>ikE@exE-7?w z6Uo(jUUEewver|_(D ziKQ+aQMtWVZnI@F=Ipo{u;i0);Wqz9ySqE5?GJh~ZPA6;$|YQNXM>ZZwG1}xO6$H#1^re&mYYHo$qzO*HNrvg3K-(yxU;psf3wLZAZUgUnQUW&k? zNauoSk3PrT|CYf0@21pDW+y$9J^4P-|6VUUH0Au7@Z2atjl+WNJz1BsYya^yE#G}} zM^K?i5$D&i)?-GV*P`>*yp7tz6+SOjpk-}`hnr80kI4KWpLH(_`d+_H4^lm|;q;G> zp=}SFzi!mFI-=Bj&+J9L?!3fB`bL+h8mHEO74Ghdww|5Jwfd2))r?A~%a?v;^>xe; zuYE2eaAfT}S?7zf`}2(Ue$@_(i(62Co7wkBN85xgJEaUBiHCi>?6M%wW1mIq@7*h{ zKA(Q!>%F7;1^cfF2OQ+WgiaVF$Ldrsc+z0Kb@J0y?$cD?i7)=NJ+O^0Szu|+!_=lD ztZ6j|Jw%qackI;J;_*P=eSyaDEAQ^K7$j=vN-gJQV>^`vPa&yy>#kvN6GWgyrY+rg#yI1pL&rz!;4$+c#Yx0>l$$m?HbNcei>-!?N zO*6Es{v5`0;7FI0lrY~OlMAQaw{8{=4p|!ad6DTWjnwaz5gKkC>rIl4xdZZa=d@bs z*yTAFR#$v_va3{ng3$c=4o#PhlfJ!k*v@Dp#xnoIPv@DtOkT^dXiuIi`8%EQ_%it} zPtJnC_Q^5+2admK&S2f9SomRUn$axl9p5{5teGw@`bjvvP&A~scdI|kY*oP%8M)^o z;~Jl8uWnpBHhxiE^Ldti58gjr*}A){ zW%&xRU^l+Ezj%)|T+VhhcK>>KSF+zJn>G9A_3ew0x${Y@PU_XVu!Jw%0ej|sGCIGiH?gGf$r+*42~`(_W7`)vFOrMCGWkoKUBN-# zLzml}m0~acUVLD&`p=|;Y#mAySG}EHIm3vD^}XZlvafe@DusW(pHFMFKz@5)w-C00?3Ud^>%)xs^w7T~+|(WL!_ZGxGFx&c#n=$HPvo&D*$ zzy)TbP+^*TP zn`({rOkXIR7!|mmX|21xz|k-1pPqKjUzmNc+O;j^gn)VX&x2KC#g;J zOuO(rjyGq)x7Y_?l$Zb()Uk# z3zr;Sr*!6r?hlS*<}2EMTlp$T+;pgavUytLtQ$HD|NalW!t=}BRk^j|^T%q2B!;`w zuVg$eX`LY7u)Jbs*zwz$8%{r26daot!IPxCX8n(uHxEm@?6!*Kjrx(g z{r)<|MUA{uEsYLp>OT3u;a}$Ww+>e}+*)*bi`_YntL+;cZ@uu=W8^D+p?W*M`B2EL zSHG_WFj%|Y*Jcr(*UEIpgI6ofw)Gp6MzyAqhC=4bw1$oMGNz2)Vn z-2(`UUChM5Ww# z$M>!J$)CPOOZMID6Ls2ssK|_)<*7dJo0mKO=q+0BvB2hZkJRzK_4@Jdw+_opb=_Dy zThB*Ka#o(A!L-W@ZM5rKe|3jH-n}km=`IG}ScTJ8@<*e79gv^r;Is8d(RZbO*U6w*qqnWSp(F zIrw&lE@-~AgVk}aN{?H}v(8QJ!8f&7+~+YJyLwgcmim*trq`>qBQgy;{O&V9bzV7p z?~_E%E$78}4X?jZjLhw6%_=;+U3&ZfJM2~>!onLY?%vxfGvl1|u2TX_C^5 zTk|yMEztmsZl3(sDO%qgCp7H0d^~AO z?A&PyFXt_NVLQp?*37`A@}^IADW+s@|8QV|hUu9=j*Tk8S9q_!llyf+fmzPoEY)|) zsoK1RV?GkDEWL$N`SPzrtK8%KYDEJUFt>9pJRzPVrm^cXlS9h7_Sm&v|7U71d}?cW ze48-;H#5b1lepI=7F;siYqguXP2_{0-nU;JUia8`S{mI95MVCgR&$yj$-2PSqBQ;H z${Q~0SBg!z)b#V?vThq)hgmQ8Dxke z{|reQY|(p5cXOY$$8Y)mvA8B2N1A}<&CUc4S(5FsfS7IdGtfNxxMb`Zb{IH&L8hftR1R)lNosQYIyw3wy zNBk>z^o)0@o#u};Cht6bA+IYTnYs@zsyTa?F4#QLRa`Vu^1zDC!nvu|Z2P-5DLDO~ zI`__vGfGUS=5xmde^9w2#oUzApn9=lcf_gnx$~B3aQ(aXZ(?+fM?;gZbkmQiV0S6s>MtlIUe{=vCoChK3YemZ~o^I{R( zLg7B2a~zN6cXB%Cdsi#iuVpQo`!(70>(z}7&dnXs_st~@EZTlv|F@NU=Mj0yUfXA( z%Uw!Bc*Vc$`5N{>Y2$f~DW9&eOltN28?=4HHq8`=HNCBy)K%(Kw6}^08g8~SxS>9E z&9;}b+s(VXI65jMyv_fYoZCP9vYnaVCXJxGu6A+`t#9=tO!*CV99u1?eEyyu>C;v&P>q%9WSI@6x@t@8L}QoKIf$our;g^j}h7XQ2A zz{eB(u227}+DY*mzbE-O7EJcq`KQn$^Motg=hlepJa0mtI{xcT+i^ZtY`N$ug|@w~ z-(5K4J=^2$i{+Y&L>3=?wTC;q$!llLy(@Ajem>hdYng`d3ccNa&koh3N$TFc_dl(9 zrfO@T&&Tca{2so|_^|Ga9^>+(b$M&To-TTG?eP|-ha3){kEsN{*-;q6Zn@xgjJfc( zFr7>HUJCI(Kb@(yGH3>~%7>ei{%t*MdRpCw*Dgg(d(r$1-Q-DgwGoAwq?Grz%7CvGcY;BicwWun55?63N%ck*4mMAoDk)NQ+S zmSGiBv(c@~(I;+;FROYcbDyVnSK!VWKbc;voLqEK;8|UNlDh0?6I~&T$1Ha(rXG;h zcz1G{zP(+wpwBgB{>o0nNqYPA_#5=rC{<>ca&z`xmPH5IeQt1dK8l{s z-npf0b?ZM_wX5tK^9!CE@ObCRC?!m9T$I0Z&6bdhC$~RIUb%RwjzZ{kzMQ^t%a=>% z3kB&uzSlo<)s^p;!>(w#)d_dn_h#7aC|7tKWpM(3TzB`eyIVqf;%8n7T_((uh5IO(*4sWkRs&zL$JI&#PCo1e~{Y z3JEvdV%|A5Qq%bOy&Uz^lFSy3x4u;*z1tO$S!CfErxv$6H0|ckhp#GB9&ZpxQBMD9 zwt1V-56Svfr|+}A_dnsIoZ7p?dFmB~qBjrRk4Xr2K6>-O*zMulWd+w2(o($T=83YE ORDLTsocl>GWG4U!jDY6= literal 12720 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP4e&NiOjqy=&5dx( zvk1;D%`A4dG)WHhFv;>N&h+$l@hS3*NHa^;FDuW_Epc?t$>wrO3-zhW$qz3yHpucX zbu(}(3G*^H&&`XnOx2EZbTSUl2r>%|EQkybHbJ+oIMvJ2vs|GnI3>Np&BHRHMBBhJ zG$7N%IG{4uFf}RNpdc^F!qOJUGxI zFU7*$uQWe2HQzMEDA30>D8SV()D_(}O9KN>pK^r^<4`Zh{K{aTC=Uu-DAC}e(ZeDK^~0lngFy}VBjZ)$4LH#*;=tmc2Xq3YM}u0n7+4OOX0w&TVIkFZt`sqsAim`8k3_Lnzz_4Zq4?F ztubHTugRHy@NhD7q?Kn;Roc^-In^a{2j-;N7GL-OKBeGhdill;x0#yH>Ih!hr&hLn zG28CR8w3{rI5t_v?C0m;g+9-(c|Y8@`@mz?eNL>Y0`DDfy_UJwv*ELb&Bd*2zN{*= zJ{2l{&Z~EMV$Ct3op&sXXC+xqoO1J_!HT<9SF=uWU0LOL#%BJ*T9u0X{K;Wq*DLhQ z-ha%R%`GIoM{>SR*_-_0*B_bgD0i79A6l?E{K@UwC5z|0Dqn2$>6 z)#Th^b{BF8Tl4eIf#Z7)Y(2pJeX{M7g|YF^5BoWAPTwu`Pwipzy;aNa95PWo*0%5C zm%rD=i&@-OD#-56ind;@w^mVg(wdyz#_uv4V~tZwBdwGRO^kFxXXj-!uh(ViJ+s59 zLYa%ne7Z6?!~l7z6`UlgM(ONH$E6V^`@Yxr3BM6yNf zj_{h_!Mfe-2R=kBe;t|ZZYp<=oh$d{8r8>Mzw#p z;iQel_tKY}UL0cdp2q2z!aRAa#I81Ni%lNwO{vx8hn6mG&B{<-=Eu{(WYV>Fs2JIja&dO^#67=i9_83`Cw~#K_&%v$^mbpF4(|=0$zFn|IU}Q7_K6;1 z&aezF6X9wOqS`rstd3TRhY0Mr!Y=bGt#_eQnS?ceh3m=mpf^8v|KzxLWm(f= z?yn6wwR1Pcwk=*=c47KWIqq5Qr&d=a2&`JUukFtKH5Tz7jb1vRSuGPT5N^_c{QUfn ziNA00ZoX%ANAu;vU;mgI{;4?XG-YH8?7!N0<3`u53%}Q%)3)DZ^X19$pO5A2leSeP zmLxOCXJ?D9J}CaVG4u7I?Xt7|a<}Vj|6Z*qcxN8>-$Mh}V9q_WtDMI^WfI%Dd&PGDGQ4r`x9I=YTcYNF zTFRc3T1fabPyX0>{mJ3b)Q*;QE}C0c7RbF$`zWpDpLfOk;g?T`K3Gq_68ukOWm%oK z>BgS{*VrGX*7hlgS9+MuYpve%{bglSlEIy3d&7I*_zD%06%Tf7DGp$p>ME1|Oioxu z)%fD87bVN&J_Ly`IPLV$+WJl24#fu<>vp-bSN;r`DWkqqyMSlz=Pt83r{3;JQ#!?% zZ0qvWNSkR*d$Ho`2>HDmU%$wh6Vj&O`|+;ixBQ}7*7I&&b)Qyf~Jed=VbE215hd2Efp3CVxWwXq@ z{MlxE!@Z+tt~^=8^Uf{HGDE{ZMCFv8Isg3(KAyJgJeR)C+S9zvWB1b#>2;Z@NyY69 zUk`u0&+2Hg#;5T8x>wgrEA)(3bS1sZ?*1?Edv1i%oYxHsVb=|X1XhRgw;6q4T=?j? z{j(Xbn{JkEO#Jlu&N;D(S%O?_hN_arXY1$I-?~t7%V1Wxk)ZTq0@%>VL?8Hm|vm7y6lC!p!>T5LJeL7iW?^-8`tC&3*X?Ac%Y3g-z4?8o5`We1$rJWHFg@z((|vC8x^)i61$B;o+OBX@Gw_F( ztPazIX2Tu#x$N`$CSPrm_@*zo>ZjhUQmKx@S?QB?W6yi9oM>OZhF>Cc)(xMRZ}zo5 zZ=F18%_`aTeayv-`KB#F0!U=Nam`3m8^T*rvVy z%F2YgSRR(-y{jVne*UrnX)k3 z1HRfH){7^+IiWe>N9f%{Qld*%&exZ_TGnH5qx$^`ktw#VVZy?BHB2@W)`uE|Mx0dUXy`vjMq;^1?X~$+s+BbB+FjeH zrBs`?P|2!bwfb2eTApd5W99X7_WP zc_rwarRm6_Joo3y?;Ntp-{;y68%#28ZFnF2rtrJ0Z9{R1+uH7ru8u9cCoig)!aS{^@cf*UY!b{=g-<@q$M4iaj%e9`E6L+Ivak zMsq#K0v!SMy(Q{itTz9-KTMlDE$aOfqeu6$y+6l>oB7!s$@kvu>2jc=D#+t)Bj@rt z!BHLo$A4%2z2czRF4d)z@btR4hyC+OQgbv5y$-x>knH_`tH!z4o_AX4dp$)7pG61H zZL0P8+@hrHc#2`BH{)W9GbnC+wK?ZZoZdvTX=Mn(j`-^a!(QNhaUMVx9nd>=Nx(w zw8Q=Ugukwa>o_^_`U2dREj*n*)71hwD7jz=XbGl z-MxPo6?M*STVS)}&`JfpMXu?*3Jh;tX3oh~+nvBJyrzq>&ti&2^Upa2p@Gxl(yb-m zomB09e5%f=gW?{H+V#Y+231P$DvrPj;;e-~2vk_nS$rmM<4v@1OcS zo$+y^ioueMJ^CzpZ$GZH={O|mmG{2yJbzI}4D+qMM}Fo+K74W5FZS%RgaqR=kCz$h zd7RL?nb@*?dr49`)0wT#Vw0b_1}RCi#WA~2VeV;H`xOy-_rRf(*JZn`*7z;?cVCT@ zf%orM^<#0l??aUTO(@sAvg>r9i@n50rv24BMY&Hch~0mAqofI6vBCrI1KkI5dG`4K zdgF94ui)FBJXSfAQ@Vf4*jC)-S5QiBOWbkz(k}J>B9{sOb){WdH$J@l@ac(d+l6ZO zuK8l@FT=6IF_<;yT+|HdPrL>b!ZTMlt~ryFpT_vUH}+@k%+%QLG3h3?e=M}UOlpL7 zm9Mh6@HMXPs(N`)bGT^U%&p*y{Hm%&*rwSP=*j$vLak{_@A|1fXS zz5i#d<62^)zSMiIi%V=eW4L4L?xR%~ew;R&dElP6Prb_A%jQ|WTq%2tW^ly5wTqrM zt$gkBmkjGnN;<1EwQAq1O%mW?RP)N5qWj)-1PVo^$S2y-RTaL2-A^W!1NzC8yp#*)uKRPJVV_ z+{*U$4;o~yKJA)rX(_wwwjF0ey%V4Ode@=q-nq*Al-%*V zF)MwTH?LfD{ox6(I_vCm;B{hC5}QmYF~Fq&HQ_1o5P-zSxmv-n~okf zD1Xd#y;s5PuHi@44C8+vc1>Z^zw?S;tiP2Zu4tn2<+6o0_J5u4xxq??)84VRV@hsG zMNFH^nOSagtfYMnR~mOdoLBt*Yx=>}O1x2ZkEYx^p(j|NV)wToFSo_*hP!wBwh70~ zD_35u6Frc+Do-KG&$0Lm-!U_0*(0~K=FhxwGg(~IHCG_ep!S|o&|Zs_tAB)ymQKiz zIdmW@@sBvSXd~B(EEN;cr#d~oH|8w#(>lCrt-J3{+n(8?HcJ=uaUMBSHtkq&O;+eY^ZPI7kt@lF+53|K)<*7Y?C&DG(Q9p6^eqjx>npaxar`hd~UVfv< z*(?0I*ajUX*Wl;-C&bQqzR)nzS5|&qX0fLytBY>`zSu6OGL~fRuMzk1Pp6$-J^jAt zi_@`v3{}&v)H@#6^;0%Y?(amm)y>;2xi`$(s1aQE zdx6*98{6+Q{(RaLzxUkk3*lRgU9af8xA0$Pdo*)A)7CL=H@eoEqLckR3tvFkRruPZ%baQwwf2?gEn2cGaO ztq!QT_R#!*=JM-jqR)5wJa+i@RQ`MOr!!1`Q)En3^XC7&{gy$#Dfv>kbEZ;gtjgYs z1M;WucPm?HJ^0_rnx`GIUU&9^+qZdMDr{7%UHsw*Eqdw%@N;$NrgJ)4RP(#x6*v(K9M4biLrriVsta3@kowzUcZ@ z(9?I<_o*43MR!DXiteAXYxj3J?EL(5q4T%H3j!G?T~5%7%~4ymhd0&i)W=^c>{ z;lZ~BEHgV+MFbyP5Gaz*bUEl%(UBmhli$7gKAxTM*jIM<4;lLu&cV4FZ+uHuhH24^{$Q#b5GYwE~P~qc^`Q!t~+fJvsOyu z+Mmg54jXr!dU-tb@%o)@zAfPn2IcbKkJ&`2Exq^nKXdn?wza1Ba_035pU&z`-~TrI zP40@NRnMNTt;>0t{&SDEzzoB=nhMYUm3|c!T@}2=ue(O|rk}$>+2~sSoV=M-rO-MsPpEm^*PJ; zmQPxy_5G;KBdf>Ky;47Cy;%8{>-_zv)rO2FlIHFC&ifA4&pQ(Gx>Z|xrSKG1_wS0v z{hKFR6+T)0_Rm4R^CA<%Kkty{iwzOD7~?Wf@bK1-5(q>M7 z%k6vPAm47TyMeJ&9Fr!BU0c5Fk@m&avXSNAFUhjakv=lJp`iTVA)WqjGY<=1+iYh( zE9Ca36s@CsZ`SPo_{6h6D>OI1>ej+LbDY#GEM*;{d06H!rY~A^PUL{znfIO#bPB#I z7=E|RSR;1fNm=#+Ml%TdH7Wf06mtuW$dj<~HkXS6la5JXoXu z{OJ#?)Vp|Zzbig-Ia;tSE>oZ9NxJyAkdBzy7gWu!d)Beo?41+1YSwjwNj0m!T(}db z=qO%lcI(?3_hr)pyX`k;Y*A<``%#HP<_^ZGu&%1utq zVO%UFecfMJ?cDTx%c={uo^-ir`E>rm`+5wmKc_wr&r+6|dGhrN-r}#OOlz9TmnuEG zy!c1T#=>Xa9^9Uiv$uJw{oCK3R<`l;pEn=+9Zt*sZZUWCjJ~4s{rvJZ*54Qk&Mo=T za#8ivx_S3j@BI+KI{SD5cg$_4S@W;i{l1v-=loXnM3EaIJ2VrrdRE=^S1yZH5Q&lF z$?<$9%QzwX#6}sh$#TLKN9Cu4_r<$@y~*>oCMVE$#x1tlV%6Ua*Xiw4%iZ4gc!r9D z<0}rsjJGRS9Oj6hSj3Y3^X{)H4}_lCA65FFpp@$J@WInm4a1m<2)45?+h4T*5ZK%2 zbS)v(eRj#w{A817@BT+i9Iu+c#6@ZS*R0+XQm?%>&ku1_%@@A#Z+DQ&^v#|Zpfljo_qGw&y}g2npaB%*#!2jdos7( z>g~&yvu55%oXNa5c&&BBRKXV!ebFbsnH|&ZJ9w;MYu0hTL-!W`?djy_I5cCmvC=KY z-KXbIW^P^}AyxN#_JS>EcJWPGb5u8f#!cS6>+=E)jvm%wU=;iCxwTkiwS&`?`xWU$ zefu97@6qR7bYzlb;cAaqr!~{2e6rF-?@2FH95-z}ra$lD>MdpAs;6z_ zd(7Yadj-C`6yZb z>enPDcO9to*CtEo4@ebP>j*=UH%@Ub%e!STpyC&Tts6hK>oZ|TqK~bZ} zyUv`waaM0}jai;a-8G-(uUTAnSIKl-jkX@_(vBzjxB+6HWWy zY(4+xP);_PfV=dgTC z%c*az*Z$9MD%PQFd#?L@l1@v~%;f?6Q|?^*x=t_e%C`M&JCe6ZX@}-kNPWJ$q)P6h z&!v9_GnYV&O2tjpgFZ!%BaA-@J_X>IJ{^2KO$`%*YYl_9E}1W%1?( zGnYM^Ftv;Glcw>dvp-YJ%9{N+R!;6o;3>Ab{r>d*$`vJCdbPEywa#`rOf#$Ayesj) zzu>(M8k%vpZ&zhpeBJW!Xjr#aVCyNdyAn;RY22m9KP@~TzB$l(QP=6e`VX$9O8MkT z6}&sTW)p{F9@oU=u2;|5UQ9Fizb|a6yPcb@kx|+8 zo50;~MjM>Bbf3DnN7?3v=fQ@gkW8=cyQgP-RA;`L z^KH?o@;TqF&c*NF*UtNz@w@#dyLHM9-&>xxPhf9VUjM>yigWz43}4-M`#vt)_55Sm zVxtKM+BIS-91VpxuliDJ>vZ<{yr4IqqxQ94d_7%#ZfB~Cd`sd&F>c-IY$1Gq+ZJfN z34CT2Zz(!$q3e}P>{b7_F3^#@pZ>IIiWNebea6ME5^8 zUsXD*a9;j;KYSkJscr|4`wN%ptrq+8Yo|fi46)A@iK~K_e<-!P@wL69e*KK|QA+u) zoIbDJ=Z79z|JzdYgRRR+lZj4$*C{D)E`Sv`jx74M?!@K2 zhUd(+m$KZGyp?$+@u9ls>ZaX2?@rxemCrZ%H;q49)ZSAzb^T|#+z57?XUe}hmhR78 zx9baosmPR?zx981i8h9Y{i?GzUOPWK<>4z zXU}l0)9IWa7T&qqax#Jlg@C2ck#NsZKv(F9c3+by)p02LxwOu$AEwp7k{nk zSuK;6^7ijCokb6x{Ad68PVrt#>Tymflc(82$w}{ORL`5eT3Q(MNN|_*o7%YZ>KnzU z_(o2AU9lr=|0?&djZK1wS$VVV<0Pgme(P__CG}&G`*J%a6Vv^?T3>Dp{5?B$iP{{4 zq$PW`9-n&n_LDV(liX)!zS9dkA72X4ZP~H#T!1UPj+ds)o5SZ-Q>6Z|{R>xk&~E?o zq4H1f!=GofF0;3fn{j-vd~u-5k}v09A6WY?^Tzq-w^*Bwoqm4nycWx&dNJmOk1uTC zF>h)T=K9pL^Rsu=x^s~$A3w8f55Jb^(eK)`V71;MAH7$tpO#%{UUI%rd%@w!@4l;B zy1JYC`twa?{&Mfsgu|6j#S(6=)fRHx$u23A-!!Faw`6O2(XWG9E@mu?WWFZ5vCBs? zH&xgDZ%jQEu2&=XCdBQs3+o)c)5*i zpNZIK!F*b(p4U1O!jdaORtViZd*flrdUDWG~m3`hZvFmL4b2U`r&l`JOpOM8m z%Ro76+o~^b)h5iAth2Y;H1lZR7X#h>2Ifn)`yNfWx-x8$z@&-4rf)Yrpg()p$>ukW zvFA5BEfZhYr7ofs)-#){e-cyn--xZZ`PgJvO8U>8nC&`E|LRh9PM0JzUJiA>xMXc^ z?r32V%a0y6+$VCBJqhR1a$NARPpzv;WaVqdS+gt8+<2n)?WEb_?M;?z**FBBO5S+s zlbEn*f*p@pL?hE_~j$>N&^tDyQ$!6aUQCPZyKZmu&y%RdMln9ed@ulc!aF`5gcL_`G!L z<+SCug`QU2Z+f{;>dJ|gt*@7`GgalCJ+960js4=Dd1>qZhifM@if&H+b*SRh^b7S( z=anAtDBaHZcV(J#tL=djx0dS*PFMV$p)-YX$}T3=Q*(R7GHrNOu1$Kf?t=5ZT|8Y= zSKBW7`B(Csxxw+K-A3=Uejm|4em#1Fe6QAt534U5KQvtNQ}dxh#`$S~Q$IwVGMrw) z|E!@#e-iJO6E_75dyW6b9^mCZ9#+ejfbCP!(Bz56_@U9;K)*&FV84eW4m-8T4R~4?m6QBCToa;wH z;Z+5*EPr|F^D7cPa~SU_znb?=)k)V@bwTv~@51}cZYt{@@b)XeHEFJ_!0N-!|CO~a z{Y&Bhvt!z#1&txL5eBJRd%tmP{Sm$+dYRsY2}uoa7!CQy?1|y(9S6gMx~^VoJ|*?jy;t9~D=@5`PcK%x^LL!(eGj|s>IG&d6W*-Yz#8Q4 zr(*ec;(8(3#dH4OJ*~g1f8r14f{*8-6xR7iZhBC0@!##a+aCVlnk-Q5)p2W9>+u%J zO%|n<@e>z$i%1+7ymH9+|N2mc<^7LZ{iX*6h?|~o?)K20c(^K3<|D_Ob?02qo{mX$ zIs5L^vGxU1CQgn#wNmFw?k^6{-&ZrQh@5@!on>j%{XOA#Cau4}eYM?V=3n~97j-gMd@ zZ!{DZcJc10WL~j-_a@dzuAJODPm6h`lAaHoElx2fW->i|tpVv766ByQuy({o)D zi>0?reJ0+iniDGA6IwPg^pMB?o|&tc9lFjdasG_Py}WmEAD=h{f7lmvcWXpkwBB~# zBBOmbU#4tKdl-{bf9L~_C>y*#p1 zv~@kxB&oaIbDk#7+0S_M(8-N|B=w)qzVq2bQ=MP`Q1~~S!h;)IByRVt&D_4M*w^`{ ziB^1mdHT2Vq#Z9`&n@FiI-2bs7P)KFYwP!HYu+7MX=YfiUmnc8rg2v2zU-BTbCh3a z?hjX(#ir@XRpSx$`ks!X<>!E~KetzF#?JZu$^6hZukN(2hAGFKv-uAzTWot&8MI65 z(79zxtDkK7wT6GLn_6y%b8@59t2^cUS!VpNGQCwPUVGBW$V8^O(R=3s7bfw}ea+3w zr_2=p7(K&Lt2Ku2_><7TlQn(jmQQDTxq9OAl`q zIhq&Fb8}eTpR=_3yyfbDr#Tr)Bee}9S29FydzpLq!S5$lw@de)P@NgkRW|wbnq%wQ zKE1r)zxjLD@2Ux$f1{JCryN%}D60BDk@3&R*9yM(pH6Ib?6NF-Isdtc=gH_fzf|4? zO+2bvaPG<>p1yh>=B7Ve?>Ka=P7!gKG2zhTX;Ql<$4o5n%@n=oD)Z^b?lX+*w(S19 z_057Ap#ceh%tc*Z&);Nxw@CF#hNb$w-RGtF;tr;I&8+h}5uNK3vSae{j*08F_K0X$ zMwj?aU`e&C5UyBLS|eY**dbtfol$a#lj$gF*_yl9d-U+L} zZV$}+)OO%Nqv1OHuN+JPd!4mU^sLI^O!%7ld9Hle?3WVipRR0Dd0;&2cfrry=NA>! zvFzOcus!~JZgQ>B?7CT3&%HlimooP?pA*0FsV5e)&i>c!-hJTPaQMZ==VeP25525e z(D_SnlIc6;i4X3^Dhv8A*d1W$Yrq-&__OY^-cOC}_1}ELZq15k@3dT}Q@*vuLFkIt zLbaZrXSbB*zFOM)*x&Ba8I8$JqWP=*w&W_kl#;UkJzL2;g0(#M(|u9#?X`P#uXGpg zd3pMDNeXNF>8pZuM-(m?o918R_RHJ8!E)Wq$#;6#RN~*te0I6@p8KcQ=eo`}O{s-D znzwg%xNJAxVi)$;T5880$y+8y4`;r%HZhEPlVyK(Z_d}&`T$j}$pNAz-?Df&Uul|9 z7O?qBnZ8D@)LV&gw$5~=u(~F#e9_{MYI3f*!F$`{KV0kE9d-5hHXTFd#7Y15zsX(i zaPG~S=M2qWe>)}w9{&51$00TT{fo~FYx&(*xKFI?ocX16S^d}NLA}{t8}`ZG+tE_V z{MPy)r@gU=`tkV}UT=Dkw`8k7-`kg8x6J&-^DzGS$JnZU0n)R*>RtD$a9(@%tM%1v zFT3@gtTU(PI0|}Y$TTNz&Fi~d=l)Sp`+u@}Rm_fKyIA^M^Bd03S5xv&UEOd)Yzd3Oz4b=5qV@srEBX>e z-zxUK7kkan#Kb*kIL_ZRvp(sQoMFw9uEL$K`9m=F%Ty=r$N6)Na$gmT z+D`pd@G1Ow*##A|=x^SKc;il<-S_8+i)mw(!9B~Z#o4d=?Bt{+mmjX)^Vuk9`lWN5 z9iKDs^>yBJTVDH-+3kXUfQ4gP#^o(r)U;9(gP9K76wORoD;N0hWZcE~ZFBg${TDoz zEK!*Bx%(r3+!OQYS?x~KRwt$hn=f_GE#CM0=8F)iw%nLQ+xa$g%vrQAkb8!3hi#b2 z&vjgG3-pW@8c6F+v<&MpVE!fjWQ{W$_s=7S{`{4Z&yrShmy6D0c(3@@P-o-%dcpAR z48PBw4y`@rk)QtXec03zmi7sIrmgt7e(USZg(gP1duE7VsQb_SHP7|av$Sn)4@4g5 zD+=Bgv~CtL-xQd3qT`Xm>jX8+)#^QXK2@A&X^si~p2?x9x|UHSq~!#-?mon7-S^hLg)yh-}}v@;7u!L8|$NZ=rtEBbW}Ix*9R(UVHf4S6k%1>NfjY<}@sb z4V%HmGHYej!7UXsci-g%UFDYJT=DKF$HNUPm^2i8zjVn>J3L|H>rKgBr}NBp{a%{} z-Z;JgxQ{E}oLK%>_Ge_w@APnWFrS_@>(R7~+b2#Zn&&(@&^&xt(?sbE00nCo6k7O47*!(wind*<*ymvlWJ0)j)%6+Qx(Ri77 z-6fO7yUIkDcFjHaHRI)uy1yl1k8({vMi}Q$ai7MoX_M??C;PlIQ*evXv16}HVix~h z`${L{)1HgOdw=?=zPYwwvGGdRZr`~2O7l~( zHq&+FrT_89pABM9N>uB6Almz=w@>?O-qnD8`u}B3BQ0OMrF$_fsWV2Pt@wK5`};duoS%C|OkYSFmTIrbIb$`s`0KlKe^sw|F&+LB!k7~=?_i_Eht8ux z{+aA=p8u%I&p&@ZI^)8#u9eeVrte$%ul~(C=M^HCTY`T+66EJ=yYTyTec&}C{rT(v zo={x8>iz%ZcYM*?{`b19$rPJf@wjqMx6`!!3Vl3Lycf1)wr`m)aAbviW_?f6+nw9@ z?wznv$X z)YRFX-MQ^{%aWr_y9`XamJ~dhQGR*VslE*kv&y#mPx{a4FB+75Iqd13w9*!y13Mmv z=gab#uWb%_=H*=-!5F-sxx3~&r@pKtz}>}9KSIBvsH!~QHN?xS~giF^>p}06h zH#Nn`)YQ;Yp*Ypc(z9HlB+DSeF)Q3H$k#L@F)*#fyuLJ`EV95o+|*^pHY}eE*_g_f$)7^EA(FUyn*ZFC#yF6Rs_1SdTOZep<)) z(|Pl}OMGu_jxaB9U-9Y7p+M8#7G|~o&n)k}T=nnuC+RT1FR|h;?Xp}iEw`HYKF?-F zk^w_wVE%9Ya~n$4&&qGoZSK_+onW{9!_576t161#x80lJF=h7AiAy*au9|-%v0(K> E0FZ62C;$Ke delta 341 zcmeyx+`~LUCtN!!*U=}%ywD@N%Bd_pz%{ujG%?xS%e=xb(k0k3*}~5xDZ)R>G14L^ zpDWKp+cG#e%qS(SAkViV(bFivsMxi_$Scw{E8na%+%Ub^B(c=UIV2}Med0&)dXqrE zoHUct#E7Uo|G+GF-!M}n=K^yBi=u$sKx2cTOk?lhK+_^uuS^eDuAH2Ri2TA7{X(CGY-vu9+Cl(La+-BQfjTK3f13~&r{2xS(<#xo+{ZG%&@?qNsL<2bB-kV~#K+k!#NVtkC$Tig!X+>~JjKx{ zoy*85y~?{XEHTB;HzF+DHL=*D&@)TlBgeomCD|GnM>DBp}06h zH#Nn`)YQ;Yp*Ypc(z9H_#Iq{5*w8ohf-@+{%K+{>w|*x#b0EXx$b zI!glsPoHuH6H9&lEaSi&eU}{n3df|%oYIUcbDun;bpOy&{XlQ`yrO!ih@{j&%gS6& zuJppFu##ZY;($a$XYHhd-16eoyt078fE{PLIFKk=BD@(Ec zP`BXOhBMEMuhxEP=Y91muu50Pa7KH!>7Iul-T&AxQi$@il?)Y1z9?@b~={#pW}LyBB@?rv2~!mVWz&ZROjJ*hSf^X^S~LHa&fQ!}@pY+<5># C^R6TS delta 341 zcmeyx+`~LUCp^!{(ljy6G9=u;+{-dCKPcNZtH{j9Bqi0*Njs+^$t|eFvNW_R+|Ms4 zpDQ~kEh#rDJJHxLHKVMeDkQ>8JHRK$(#ze@FWb1x(!c_ydY>YT zD7UhLB+q;&Z<7pDuS(}qi%RqGlq|!_Lc^kztdewpPv@%SRBdBluEgSSSHJX(RBhAj zVxKUhwD6ED{ap8?g5)4WSN{}kw{Xvppzx&P;6R^HE?r$+g~GzzG9RB350l^^qx96M zva|w2$4Da=_u#|`uSk=$?C^ld;zG}W94FJVWUiJMT%WJZp2%QYq+{&K@c!F@61g<7 z+woh%UFHQ%TWovimAU-qmEsxPN@^0{oQ{SY-(2%>cjMo8*97kie*DhjFx}+%??lm8 q-1}pyS?B9+c;6oJJGXNEmJc_(-?$V8%8MS#DTz$ZRb#s}UkLy%E`hcH diff --git a/secrets/wireguard-peer-kalessin.age b/secrets/wireguard-peer-kalessin.age index 0aa5850..3c7eb17 100644 --- a/secrets/wireguard-peer-kalessin.age +++ b/secrets/wireguard-peer-kalessin.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 QjA8rQ 4HpAnWjvN7TUVp09LXeFsbO7Tgm8nSJoVgvOPGrykRA -QV3ye1ZhE+KQxll64Wrrx0MJ5F6KNDJHW6Ux+a9p/g0 --> ssh-ed25519 seJ9Iw g3lmpwfxc0578ivMnWhCkfjPXzUQJiiAKNkHKYwb/Wg -pce/B/UKdTyeucDTZaDkE7uMt68et597ERCVC1IWp1Q --> ssh-ed25519 900ILw t8DWkRgXsF1GGzx0qYK7IBuT3j/AB/E0zJ5cadoL8wY -dCEsWHC5W3bSK2FaCtNHHm5gzZYUH0AIdyZUVqelE1g ---- LW82V25epOMftLlIvwqUx0K+coP1gG+Xiz6GXBoyD5E -cwGVc}~$9ԋ>iӔ&(xa߿.%=3o^ \ No newline at end of file +-> ssh-ed25519 QjA8rQ eBORfw+iHPPMYgYQc2gTD9j/QEr36fVFCGYtVX2bGBQ +TH/XvVgv7ugjzL6a8bffLq/dj5IUbZtCXkJ+XefxURc +-> ssh-ed25519 seJ9Iw fLYNcU2XjiryoOx1gEH9pDMOpfmLsvrcslplL2fFwCI +Wn5KlABSx6mJYvVKO5zXq4VA0SIV5s5WztPIwGLFWG0 +-> ssh-ed25519 900ILw wW6lbItZyxelxyTXVLIkInWshc4DtOjGelcm4ixE8kg +/F7kp3AS68QHBitbkZGm9CNF26uw+GtdrTTyYiW6/6E +--- 4t+IrAJ6k/x8FMXiELoDXJICWv7QUcwBRmzKEt+/1+I +:wQOrŽ:P˄9GTrc|6|4 }ҟ3c΀-J-! \ No newline at end of file diff --git a/secrets/wireguard-peer-kilgharrah.age b/secrets/wireguard-peer-kilgharrah.age index d9ca07d..46cb858 100644 --- a/secrets/wireguard-peer-kilgharrah.age +++ b/secrets/wireguard-peer-kilgharrah.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 5PK5ag vCFLl0+KdLDdogU+r2wfwz0UiYBc8TOx5xeC3JpUgQQ -uJD6T0W12rrb2PS8MQ5zeMlTvm2PrWBB8xnr/7BYvb8 --> ssh-ed25519 seJ9Iw riSe05mcxnPhW97u811QPXym7PxQbNfQj5fWCv4OHD8 -YQ22OWarqaWUmUUcNnt0NOHiTrgJQWPqibmaxrASO3s --> ssh-ed25519 900ILw 5og8To6PuPPRxobF7DqwG6T14YGf74HssytPS5UjE3Q -foy8rSONvK9OttE6ilTiLkPUuncWhpzYk7tRdpiE3cU ---- ORkr3Q/weTzN4PdKVOFlfdnhfeYN+untw719iE65oK4 -O }? ssh-ed25519 5PK5ag WsUZWedml5fBAIEog+puLADcitY0uKJttT7ABUIjnnY +IZbF1yTctMOJWOW7A/EIlMC1pfpFR5TLghShF4wpXW8 +-> ssh-ed25519 seJ9Iw OHLAn4ZU6QZ/rv0kzh3q2A502XbNtCt05tJUSnv2MhY +OQ2kxhsFGmCKHlVINHdbDRKbAOFWaSFmf/epGcUJLuE +-> ssh-ed25519 900ILw CcGgENZiqjRLC7pJSzfluC38thwWX/iTeWc9dPgHcjw +Q+IWIEfOaros+rDLJIbzdOndLZMACQjVqebIrYsjvnc +--- uhddG2mrqw+pfDInK0hrzH6BuT2CfmUw/QAkhLD24YY +:g~4buڒ%!4Kړӑ^ƕ`Aj!_Pw#@"7{%Yo \ No newline at end of file diff --git a/secrets/wireguard-peer-orm.age b/secrets/wireguard-peer-orm.age index 6cd9c12..10fd49b 100644 --- a/secrets/wireguard-peer-orm.age +++ b/secrets/wireguard-peer-orm.age @@ -1,10 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 l/RSAw +h2Jz8m9ZEklGxWK8HcixO3+D4AVATPI3m3wE1ITviM -US+J+FDPJ/nmLT1ylRGfXyfjiJRgLpdgCg1L3IPrmrc --> ssh-ed25519 900ILw bX/KdX53EFQCmWI0MU/wKfzqKmAw+/fMs4/955iYOlw -7epwHu5g+p6BHe/ksaA9MAvpneZBwHeqnMtSc1m3FFY --> !V-grease &x6T2i d0B}! -tkT/G8gEKyx280vDO1QgG5ERBCkR9XCgk8IIE1AeBONi9eo+Z0sGfNHv2DXFx14B -TcKX31wDmUbtv8j+4d7722YeZ4jvKiSuQA38zLREOGJyhA ---- TR/GFMXQ4N6AMuScg8LSednd6jAJugxgCJLegPtFmgI -4>?(Y|R5V  ×4'[K_ѝ,ϧ Tk5TC~c*D[N䃼< \ No newline at end of file +-> ssh-ed25519 l/RSAw d62ed4GntqcH7w0Qm7La/1GXBnWbAkrHekt3R/ssuwY +4XrxbvJ4CjPJuJ7oGuoxuhb2/VTI6XUjvI0XQmamtPk +-> ssh-ed25519 seJ9Iw ykj+pdFOkHdCxaotW+SxWQzK6VMMbSaREbx9r7rMIl0 +XEB7ic2SlNQf6C0M3rm9h9D04FYtDkeBobZWnbgQDck +-> ssh-ed25519 900ILw 29vJoPdoyapdB47hK5p1u4daaJbNrwAv+7ndoPB6VCo +m+sOCPiD3MbEJycIgLa24QU5ILna9UI5Luigvv9k2T4 +--- 7HDSsngCFsU9GywCc+8/txXsBwcoFWZ7D4/iTbSbtzs +er\#Zf\zd Wu( 5x_#N̫ +0yDDa+>FӈX^u8e \ No newline at end of file diff --git a/secrets/wireguard-peer-tohru.age b/secrets/wireguard-peer-tohru.age index f99168e..f12a515 100644 --- a/secrets/wireguard-peer-tohru.age +++ b/secrets/wireguard-peer-tohru.age @@ -1,10 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 yZzWlg HKjvqxwrKVDSKuKcog2RTryVc+0vWII6DdFuouffNWs -fPlYoR4wSrGPlX3t11J1YSP3yToM2RjJVfLKM4oATxA --> ssh-ed25519 900ILw f76/jY251hkNMd3fBVZPuoWleh4ZdSdu95p7WDlmZi4 -iSULkGxw9aokMgv59fhW3LzJR/Dpx+LVCc6jbbPwCgU --> vdo-grease -8NUae81gLW0x8UoCVKqQUZaqkG8FTXwnysjEgXaEGBgDxjpuTp+C5qWczNYAXOFN -ha3mtF6IYHFHBZKsH0t1366nfYDAQXHOuu0hN4GBBz8gqnUt ---- uB1k+yMkL5ZUHXGSDv8ZPHDn0UfHOv1x3tRa2eIdbP8 -EY3Due/e4G[lQ=CovͿz/nbLa_h{A{ \ No newline at end of file +-> ssh-ed25519 yZzWlg o1Jax+v/jJ2ayNLw0Z97iA1sjZrK5t266LyZYaj/3nk +rTjIt9vcSdkOohnDBbFMR5iJnJGlIEQU34h1SafofeI +-> ssh-ed25519 seJ9Iw 2EsG0EUBCiaPk/mgADGydGGX72K1q9hKDj/abp8nvVw +5CMR/jpg1o9uQ986L+An6x60SnUrVGVVXXo+CCU3UfE +-> ssh-ed25519 900ILw InEzPKOEkoQ/tp4T3mo9/TMvWtLYqlsdkdV4fhkBLwg +xCupfNr2jilKtPnjBYv234qUE6ont4ofgY3bwtQUY6I +--- 4c4R1a8GkNXDS4zThBBIKvMrXK3zqNvc7hK8VWLCB4I +ٳ ۫-ڮV+ 3~8LRՂ 2Rb6"OpMO5C&.EE1_{ \ No newline at end of file diff --git a/secrets/wireguard-peer-yevaud.age b/secrets/wireguard-peer-yevaud.age index d331bdaf95c8bb393dfbb1ee6e0e2289cfda028d..f85c4b0bd508630196a3eba5ab852de39023518a 100644 GIT binary patch delta 443 zcmbQve3yBGPJKX8T7XBgf3aaolyg9)QBg{EmZ58bQL1BLu&IepP^MpIRY97ob9s`B z1(#QNR-j9zkx^n$xL1Ksg>zwUlD~y^V48VpXsU^!WofySM__PDPE>Zd1(&X!LUD11 zZfc5=si~o*LUF2>rDwTJ!SE#m|p|^W@W@&kVySqiWk+ZRWQkaFgL6u2Ks&`UAWUz%}Sw>!3mA+Rw zx^!kwI>SsV2q|?oL4!WqDC<{#C`!hRH?AK9<=@9-c;(rlD@-u3Wmhx(Zny zxo%~-Q6AbsrBV6X0d6jpft87wKA9G#ffk9`Ud8^-1{DRq20@8gCS0ehrq<1SB~#lR zA8;t7f<^km|KE>qX$GvVF**2O=k^iRD9%ro#pjlN4b(`=-LaKpN9U*OvOj;%UzXqg ZUp&%&M_A-~u0)vw($|hg$Oml~1pwU4oO=KO delta 352 zcmcc1Je_%hPIyLkN`St9iK~;Jr@2{qRB*U^XnKihWT1Omx>;0uxLLMmhNEY(Z)k*3 zBv*u|W3i7@xLHL?qEB8$a;}+&afP>0l%YqMc4c8ei9vFfL1towzF$bX!NiZ^_2wC7 zA-*mqChkcYsV>2JK1t=7`eAuhmC0#-!9nKfK?Wth?ry~erlC3ITvh%?S*GP-X+b7s zfmMD56{XqP#@goPdD>~^!Tvtxu7!C4RnF!{CNBAbT)K7&CRtuqCA#TFsfop@3jQYU z4hr51*)i$~Zbr%`T#?0QRVF4TbzHi-x(b%w+Bt6dVR@CMZW(2TIcd2W!6B|mo=#bz z$>GMqVJ7~*KFQv`u0CcJj$C_Z+V0ez!m!EiK+l&rjaN!)4=jGqJL!>aDE)YO$vhb^ ztyIIRc)MM@ycS=ryZf(X$G(Lh1m?s={PNsxJZsk5OP-M?r!5!BGWyyE>tDPE080aY AsQ>@~ From 6277e955efa8884efecb6610a5e6d4a0de349f0d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Nov 2024 22:45:49 +0000 Subject: [PATCH 259/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/a2193487bcf70bbb998ad1a25a4ff02b8d55db7a' (2024-11-10) → 'github:zhaofengli/colmena/e3ad42138015fcdf2524518dd564a13145c72ea1' (2024-11-13) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/60bb110917844d354f3c18e05450606a435d2d10' (2024-11-10) → 'github:nix-community/home-manager/1d0862ee2d7c6f6cd720d6f32213fa425004be10' (2024-11-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/9256f7c71a195ebe7a218043d9f93390d49e6884' (2024-11-10) → 'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/d3c490e9c812d0a9dcb0593663d9430451fb8f96' (2024-11-11) → 'github:NixOS/nixpkgs/035d434d48f4375ac5d3a620954cf5fda7dd7c36' (2024-11-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/76612b17c0ce71689921ca12d9ffdc9c23ce40b2' (2024-11-09) → 'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/d30293dc9854f57d9d5ae1f2e18b6a9506852a93' (2024-11-12) → 'github:NixOS/nixpkgs/effe68307bf3d891d069293b88a0d8910276b2bb' (2024-11-15) • Updated input 'nur': 'github:nix-community/NUR/33f52fb5eb91a1736e371ba6f47f34cec0a50f2a' (2024-11-12) → 'github:nix-community/NUR/6e17acc00a48253a4d25e5ee4e6c215b8950c039' (2024-11-15) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/7cc4488ea39e6ba5c97e9cf688aaf6d9d1680206' (2024-11-12) → 'github:randomnetcat/nix-configs/3ef27a946f220e7ef45733e315f61646e13ef0e8' (2024-11-15) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 50fe969..81cbe9f 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1731249827, - "narHash": "sha256-04iOZoJ0D+y3xhZtaCgSBOz8T4hED7oMVkuAOzXT8vU=", + "lastModified": 1731527002, + "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", "owner": "zhaofengli", "repo": "colmena", - "rev": "a2193487bcf70bbb998ad1a25a4ff02b8d55db7a", + "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1731235328, - "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=", + "lastModified": 1731604581, + "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=", "owner": "nix-community", "repo": "home-manager", - "rev": "60bb110917844d354f3c18e05450606a435d2d10", + "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10", "type": "github" }, "original": { @@ -200,11 +200,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1731239293, - "narHash": "sha256-q2yjIWFFcTzp5REWQUOU9L6kHdCDmFDpqeix86SOvDc=", + "lastModified": 1731386116, + "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9256f7c71a195ebe7a218043d9f93390d49e6884", + "rev": "689fed12a013f56d4c4d3f612489634267d86529", "type": "github" }, "original": { @@ -216,11 +216,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1731356506, - "narHash": "sha256-j0UUHSKvBlJHF3/LyX6FfWiJrcSSqiBXucT/NTKxVQU=", + "lastModified": 1731663789, + "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3c490e9c812d0a9dcb0593663d9430451fb8f96", + "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", "type": "github" }, "original": { @@ -232,11 +232,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731139594, - "narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=", + "lastModified": 1731319897, + "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2", + "rev": "dc460ec76cbff0e66e269457d7b728432263166c", "type": "github" }, "original": { @@ -248,11 +248,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1731389305, - "narHash": "sha256-NoPclODC7pLq4LTuIpAIjRUK/IA+c1Te56QIOyW84ug=", + "lastModified": 1731701941, + "narHash": "sha256-IV3fk1IY1fg+S8hQJ9Nbvv91s77LnMSxBc/fBkHOuO0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d30293dc9854f57d9d5ae1f2e18b6a9506852a93", + "rev": "effe68307bf3d891d069293b88a0d8910276b2bb", "type": "github" }, "original": { @@ -264,11 +264,11 @@ }, "nur": { "locked": { - "lastModified": 1731407316, - "narHash": "sha256-b0AdjynJwJmg+gXrPvXVTbLJPnInoyG48zKIiNWkcoc=", + "lastModified": 1731695757, + "narHash": "sha256-w+bGxRbZpWc6SyBbtjW2ci2fw1zk0udTjFpQW0g0Pc8=", "owner": "nix-community", "repo": "NUR", - "rev": "33f52fb5eb91a1736e371ba6f47f34cec0a50f2a", + "rev": "6e17acc00a48253a4d25e5ee4e6c215b8950c039", "type": "github" }, "original": { @@ -303,11 +303,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1731371791, - "narHash": "sha256-1qO3f+Y8/djG0tggk/SLz8VTEmSDz9CK4X01mDN2nwY=", + "lastModified": 1731631186, + "narHash": "sha256-c9gcJdAp7MXeCYcjPNadYPpRY+bBhCPhxG1VVs8j8Co=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "7cc4488ea39e6ba5c97e9cf688aaf6d9d1680206", + "rev": "3ef27a946f220e7ef45733e315f61646e13ef0e8", "type": "github" }, "original": { From 8ec6f473677d170e9e57424f95f7e05a9a02c149 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Nov 2024 23:48:13 +0000 Subject: [PATCH 260/438] yevaud, orm: remote builds on kalessin --- flake.nix | 4 ---- hosts/kalessin/default.nix | 8 ++++++-- hosts/orm/default.nix | 6 ++++++ hosts/yevaud/default.nix | 6 ++++++ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/flake.nix b/flake.nix index a011d17..807f3b0 100644 --- a/flake.nix +++ b/flake.nix @@ -86,10 +86,6 @@ # (can stil build locally with nixos-rebuild) deployment.targetHost = lib.mkDefault null; - # TODO: set up some remote builders - # until this is done, as we have multiple architectures, safer to build on target - deployment.buildOnTarget = true; - imports = [ home-manager.nixosModules.home-manager nur.nixosModules.nur diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 0bbdfec..77992e5 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -18,10 +18,14 @@ in fountain.users.trungle.enable = true; qenya.base-server.enable = true; - + qenya.services.remote-builder = { enable = true; - authorizedKeys.keys = [ keys.machines.tohru ]; + authorizedKeys.keys = [ + keys.machines.tohru + keys.machines.yevaud + keys.machines.orm + ]; }; boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 1d8a648..6af5de3 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -14,6 +14,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kalessin" ]; + }; + randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 2a8fdae..aa0a671 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -14,6 +14,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kalessin" ]; + }; + services.bind = { # enable = true; cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; From b25aa75d374bc145ea21e073b7ab709f50ee70a4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 16 Nov 2024 01:40:17 +0000 Subject: [PATCH 261/438] kilgharrah: use as remote builder --- hosts/kilgharrah/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 33fc8c7..f656149 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, ... }: +let + keys = import ../../keys.nix; +in { imports = [ ./filesystems.nix @@ -35,6 +38,15 @@ programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; }; + qenya.services.remote-builder = { + enable = true; + authorizedKeys.keys = [ + keys.machines.tohru + keys.machines.yevaud + keys.machines.orm + ]; + }; + programs.steam.enable = true; qenya.services.audiobookshelf = { enable = true; From 05864180dbd1c83d1f6a0e40a7f32f3ce60d8e91 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 16 Nov 2024 01:54:41 +0000 Subject: [PATCH 262/438] treewide: rationalise distributed builds --- hosts/kalessin/default.nix | 4 +--- hosts/kilgharrah/default.nix | 11 ++++++----- hosts/orm/default.nix | 6 ------ hosts/tohru/default.nix | 2 +- hosts/yevaud/default.nix | 6 ------ services/distributed-builds.nix | 13 +++++++++++-- 6 files changed, 19 insertions(+), 23 deletions(-) diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 77992e5..ef0157e 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -22,12 +22,10 @@ in qenya.services.remote-builder = { enable = true; authorizedKeys.keys = [ + keys.machines.kilgharrah keys.machines.tohru - keys.machines.yevaud - keys.machines.orm ]; }; - boot.binfmt.emulatedSystems = [ "x86_64-linux" ]; system.stateVersion = "23.11"; } diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index f656149..4ac9a04 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -40,11 +40,12 @@ in qenya.services.remote-builder = { enable = true; - authorizedKeys.keys = [ - keys.machines.tohru - keys.machines.yevaud - keys.machines.orm - ]; + authorizedKeys.keys = [ keys.machines.tohru ]; + }; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kalessin" ]; }; programs.steam.enable = true; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 6af5de3..1d8a648 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -14,12 +14,6 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - qenya.services.distributed-builds = { - enable = true; - keyFile = "/etc/ssh/ssh_host_ed25519_key"; - builders = [ "kalessin" ]; - }; - randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index cae91d3..9d5702c 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -49,7 +49,7 @@ qenya.services.distributed-builds = { enable = true; keyFile = "/etc/ssh/ssh_host_ed25519_key"; - builders = [ "kalessin" ]; + builders = [ "kilgharrah" "kalessin" ]; }; programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index aa0a671..2a8fdae 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -14,12 +14,6 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - qenya.services.distributed-builds = { - enable = true; - keyFile = "/etc/ssh/ssh_host_ed25519_key"; - builders = [ "kalessin" ]; - }; - services.bind = { # enable = true; cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix index e0bbbbb..09cdd44 100644 --- a/services/distributed-builds.nix +++ b/services/distributed-builds.nix @@ -38,8 +38,17 @@ in hostName = config.birdsong.hosts."kalessin".ipv4; sshUser = "remotebuild"; sshKey = cfg.keyFile; - systems = [ "aarch64-linux" "x86_64-linux" ]; - supportedFeatures = [ ]; + systems = [ "aarch64-linux" ]; + maxJobs = 2; + supportedFeatures = [ "big-parallel" ]; + }) + ++ (optional (elem "kilgharrah" cfg.builders) { + hostName = config.birdsong.hosts."kilgharrah".ipv4; + sshUser = "remotebuild"; + sshKey = cfg.keyFile; + systems = [ "x86_64-linux" ]; + maxJobs = 12; + supportedFeatures = [ "big-parallel" ]; }); }; } From 7a0f60f8289ac49c197e5f7a172fdbaca0e7d546 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 16 Nov 2024 01:57:58 +0000 Subject: [PATCH 263/438] switch from CppNix to Lix --- flake.lock | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 8 ++++- 2 files changed, 94 insertions(+), 1 deletion(-) diff --git a/flake.lock b/flake.lock index 81cbe9f..8f7fd71 100644 --- a/flake.lock +++ b/flake.lock @@ -115,6 +115,39 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flakey-profile": { + "locked": { + "lastModified": 1712898590, + "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", + "owner": "lf-", + "repo": "flakey-profile", + "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", + "type": "github" + }, + "original": { + "owner": "lf-", + "repo": "flakey-profile", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -177,6 +210,44 @@ "type": "github" } }, + "lix": { + "flake": false, + "locked": { + "lastModified": 1729298361, + "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", + "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + }, + "original": { + "type": "tarball", + "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + } + }, + "lix-module": { + "inputs": { + "flake-utils": "flake-utils_2", + "flakey-profile": "flakey-profile", + "lix": "lix", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729360442, + "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "ref": "stable", + "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", + "revCount": 110, + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + }, + "original": { + "ref": "stable", + "type": "git", + "url": "https://git.lix.systems/lix-project/nixos-module" + } + }, "nix-github-actions": { "inputs": { "nixpkgs": [ @@ -324,6 +395,7 @@ "colmena": "colmena", "home-manager": "home-manager_2", "home-manager-unstable": "home-manager-unstable", + "lix-module": "lix-module", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", "nixpkgs-unstable": "nixpkgs-unstable", @@ -363,6 +435,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 807f3b0..11b6748 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,11 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + lix-module = { + url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { url = "github:nix-community/home-manager/release-24.05"; inputs.nixpkgs.follows = "nixpkgs"; @@ -50,7 +55,7 @@ birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; - outputs = inputs@{ self, nixpkgs, nixpkgs-small, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgs-small, lix-module, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; # The name of this output type is not standardised. I have picked @@ -87,6 +92,7 @@ deployment.targetHost = lib.mkDefault null; imports = [ + lix-module.nixosModules.default home-manager.nixosModules.home-manager nur.nixosModules.nur { nixpkgs.overlays = [ nur.overlay ]; } From fa6465e563f2513a868dee2beb5f5387fcdb71ee Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 17 Nov 2024 21:43:05 +0000 Subject: [PATCH 264/438] qenya/xdg-mime-apps: file association for .pdf --- home/qenya/xdg-mime-apps.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/xdg-mime-apps.nix b/home/qenya/xdg-mime-apps.nix index 2fee46c..b16f234 100644 --- a/home/qenya/xdg-mime-apps.nix +++ b/home/qenya/xdg-mime-apps.nix @@ -7,6 +7,7 @@ in xdg.mimeApps = { enable = isGraphical; defaultApplications = { + "application/pdf" = [ "org.gnome.Evince.desktop" "org.kde.okular.desktop" ]; "application/zip" = [ "org.gnome.FileRoller.desktop" "org.kde.ark.desktop" ]; "image/gif" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; "image/jpeg" = [ "org.gnome.Loupe.desktop" "org.kde.gwenview.desktop" ]; From c5472892d8f2cab95b0480ba7ab7de73ed5ad996 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 18 Nov 2024 07:13:54 +0000 Subject: [PATCH 265/438] tohru, kilgharrah: add HP printer drivers --- hosts/kilgharrah/hardware.nix | 2 ++ hosts/tohru/hardware.nix | 2 ++ 2 files changed, 4 insertions(+) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index f00dfbd..10f0f48 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -25,5 +25,7 @@ # persistencedSha256 = "sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE="; # patches = [ rcu_patch ]; # }; + + services.printing.drivers = [ pkgs.hplip ]; } diff --git a/hosts/tohru/hardware.nix b/hosts/tohru/hardware.nix index 715ed4f..a2515bd 100644 --- a/hosts/tohru/hardware.nix +++ b/hosts/tohru/hardware.nix @@ -4,5 +4,7 @@ hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; services.fwupd.enable = true; + + services.printing.drivers = [ pkgs.hplip ]; } From c573da7c347f8d7c8c9083fc5740fd4e502e2233 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 24 Nov 2024 15:36:30 +0000 Subject: [PATCH 266/438] misc: tone down aggression on nix garbage collector --- common/misc.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/common/misc.nix b/common/misc.nix index e470d54..af95d1b 100644 --- a/common/misc.nix +++ b/common/misc.nix @@ -1,7 +1,11 @@ { config, lib, pkgs, ... }: { - nix.gc.automatic = true; + nix.gc = { + automatic = true; + dates = "weekly"; + randomizedDelaySec = "45min"; + }; nix.optimise.automatic = true; services.fstrim.enable = true; } \ No newline at end of file From 98b43911f0b5320bc0a82fc3df753f6d1b2bbc15 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 25 Nov 2024 18:55:55 +0000 Subject: [PATCH 267/438] users: add gaelan --- common/users/default.nix | 2 ++ common/users/gaelan.nix | 23 +++++++++++++++++++++++ keys.nix | 4 ++++ 3 files changed, 29 insertions(+) create mode 100644 common/users/gaelan.nix diff --git a/common/users/default.nix b/common/users/default.nix index 7b46780..d9c87e6 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -1,5 +1,7 @@ { + # TODO: consider DRY-ing these imports = [ + ./gaelan.nix ./qenya.nix ./randomcat.nix ./trungle.nix diff --git a/common/users/gaelan.nix b/common/users/gaelan.nix new file mode 100644 index 0000000..0a365c9 --- /dev/null +++ b/common/users/gaelan.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkEnableOption; + keys = import ../../keys.nix; + cfg = config.fountain.users.gaelan; +in +{ + options.fountain.users.gaelan = { + enable = mkEnableOption "user gaelan"; + }; + + config = mkIf cfg.enable { + users.users.gaelan = { + uid = 1003; + isNormalUser = true; + group = "gaelan"; + openssh.authorizedKeys.keys = keys.users.gaelan; + }; + + users.groups.gaelan.gid = config.users.users.gaelan.uid; + }; +} \ No newline at end of file diff --git a/keys.nix b/keys.nix index 3fbfca5..73caca0 100644 --- a/keys.nix +++ b/keys.nix @@ -20,5 +20,9 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA57legzdIcYTVVri4Wc0CvgWefbRhmUqhu0F/5f8FB reuben@glenda-artix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAuYWPfYVKdjBY/gBMt2n11Seb+hMqjui1PQ6C4ph8i richard@tress" ]; + gaelan = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFbDvPKnPXe+58QgdgK8yZ3Ac9dkJdtHJ3pQwWhszM7McwCzCEO/b940K0orLjfeUruC+hGJZO8heIh0J6JwSK907aS2wpHofU9q7bMT0PYeuHrSb2iFrOFIkTIWpO8hnWad8TGKOlOdNTKEdB9zwxXEKTFb9QW1Z27Zql79W44jUvaOTb7gKUps37O77lHEJDModaRsXS2523pSbrTZKDwZ73+S0ECeNUwwzLUyOOUHfENEXnM18hWm8mV0iU7kxFcmS33z9rWlWPNiCXnBnSi5LPgBarYOAqQf56f9OisafKqvc3uX+yn0kGCDWglVGUkbhfSIP9+w+yv/h/NJWIJlJC92ndbktAqAQW4gb7lXYxpbdoWcmqEy97q0e2vyBdhcVXwZ+0q+U8I74m8trq36ieHDtLKYkiFBX6zvrLP4I5OZU+EecdV2HcMoU8HNa5u1mvG+oHaEgkR70a5cQtrPzWLS/OMLqvWL39vO7RNskzwWCSuWScxDGitr+BunRRbL4aKNkkPjdDlIqb/SfSrFikOo75f5Ku4I32nbM7SNpIjA4cHe50rx1UB8lT+RwHdxL99OdoxIPCe6OLA5uT8VGPXkvqd/ZIFOL2HaM+uPLaYbjwLrHlwSOLgGbehmsSD369EXv6NAc5wbzsSLJQhJ66d5unnzGjn4dRt9sbDw== gbs@canishe.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHId+2dJYiZK++p8lu9Bax0J29JjeuU4qcIBdLwEz3lm gbs@canishe.com" + ]; }; } From efa2ce3940dffb7b390f93f1f236bf2056db5fcd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Dec 2024 14:34:01 +0000 Subject: [PATCH 268/438] nix: use same nixpkgs flake for imperative commands as for build --- common/nix.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/nix.nix b/common/nix.nix index 9361188..b904568 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -2,6 +2,11 @@ { nix.settings.experimental-features = "nix-command flakes"; + nixpkgs.flake = { + source = lib.cleanSource pkgs.path; + setNixPath = true; + setFlakeRegistry = true; + }; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; } From 61288d4675fa936a7ed5642518b55d58f084e59c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Dec 2024 18:57:45 +0000 Subject: [PATCH 269/438] yevaud: move dns experiment to separate file --- hosts/yevaud/default.nix | 32 ++-------------------- hosts/yevaud/experiments/birdsong-dns.nix | 33 +++++++++++++++++++++++ 2 files changed, 35 insertions(+), 30 deletions(-) create mode 100644 hosts/yevaud/experiments/birdsong-dns.nix diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 2a8fdae..f202d28 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -4,6 +4,8 @@ imports = [ ./hardware-configuration.nix ./networking.nix + + ./experiments/birdsong-dns.nix ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; @@ -14,36 +16,6 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; - services.bind = { - # enable = true; - cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; - forwarders = [ ]; - listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; - listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; - zones = { - "birdsong.internal" = { - master = true; - # TODO: pick better email address for SOA record - file = pkgs.writeText "birdsong.internal.zone" '' - $TTL 60 - $ORIGIN birdsong.internal. - - birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 ) - birdsong.internal. IN NS ns.birdsong.internal. - - yevaud.c.birdsong.internal. IN A 10.127.1.1 - yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - - ns.birdsong.internal. IN A 10.127.1.1 - ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - ''; - }; - }; - }; - networking.resolvconf.useLocalResolver = false; - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; - randomcat.services.zfs.datasets = { "rpool/state" = { mountpoint = "none"; }; "rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; diff --git a/hosts/yevaud/experiments/birdsong-dns.nix b/hosts/yevaud/experiments/birdsong-dns.nix new file mode 100644 index 0000000..036e499 --- /dev/null +++ b/hosts/yevaud/experiments/birdsong-dns.nix @@ -0,0 +1,33 @@ +{ config, lib, pkgs, ... }: + +{ + services.bind = { + # enable = true; + cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; + forwarders = [ ]; + listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; + listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; + zones = { + "birdsong.internal" = { + master = true; + # TODO: pick better email address for SOA record + file = pkgs.writeText "birdsong.internal.zone" '' + $TTL 60 + $ORIGIN birdsong.internal. + + birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 ) + birdsong.internal. IN NS ns.birdsong.internal. + + yevaud.c.birdsong.internal. IN A 10.127.1.1 + yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + + ns.birdsong.internal. IN A 10.127.1.1 + ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 + ''; + }; + }; + }; + networking.resolvconf.useLocalResolver = false; + networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedUDPPorts = [ 53 ]; +} From a206f63e6832ee15cc45df6f41f5c6ab02266db0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 4 Dec 2024 19:46:17 +0000 Subject: [PATCH 270/438] yevaud: add experimental container with networking over vpn --- hosts/yevaud/default.nix | 1 + hosts/yevaud/experiments/pennykettle.nix | 85 ++++++++++++++++++++++++ secrets.nix | 1 + secrets/protonvpn-pennykettle1.age | 9 +++ 4 files changed, 96 insertions(+) create mode 100644 hosts/yevaud/experiments/pennykettle.nix create mode 100644 secrets/protonvpn-pennykettle1.age diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index f202d28..c2d4639 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -6,6 +6,7 @@ ./networking.nix ./experiments/birdsong-dns.nix + ./experiments/pennykettle.nix ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix new file mode 100644 index 0000000..98e84c6 --- /dev/null +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -0,0 +1,85 @@ +{ config, lib, pkgs, ... }: + +{ + networking.nat.enable = true; + networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; + networking.nat.externalInterface = "ens3"; + networking.firewall.allowedUDPPorts = [ 51821 ]; + + containers."pennykettle1" = { + privateNetwork = true; + extraVeths."ve-pennykettle1" = { + hostAddress = "10.235.1.1"; + localAddress = "10.235.2.1"; + forwardPorts = [{ hostPort = 51821; }]; + }; + ephemeral = true; + autoStart = true; + bindMounts."/run/secrets/wg-key".hostPath = config.age.secrets.protonvpn-pennykettle1.path; + + config = { config, pkgs, ... }: { + system.stateVersion = "24.05"; + systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; + environment.systemPackages = [ pkgs.wireguard-tools ]; + + networking.useDHCP = false; + networking.useHostResolvConf = false; + networking.firewall.allowedUDPPorts = [ 51821 ]; + systemd.network = { + enable = true; + + networks."10-ve" = { + matchConfig.Name = "ve-pennykettle1"; + networkConfig.Address = "10.235.2.1/32"; + # linkConfig.RequiredForOnline = "routable"; + routes = [{ + routeConfig = { + Gateway = "10.235.1.1"; + Destination = "217.138.216.162/32"; + }; + }]; + }; + + networks."30-protonvpn" = { + matchConfig.Name = "wg-protonvpn"; + networkConfig = { + DefaultRouteOnDevice = true; + Address = [ "10.2.0.2/32" ]; + DNS = "10.2.0.1"; + }; + linkConfig = { + RequiredForOnline = "yes"; + ActivationPolicy = "always-up"; + }; + }; + + netdevs."30-protonvpn" = { + netdevConfig = { + Name = "wg-protonvpn"; + Kind = "wireguard"; + Description = "WireGuard tunnel to ProtonVPN (DE#1; NAT: strict, no port forwarding)"; + }; + wireguardConfig = { + ListenPort = 51821; + PrivateKeyFile = "/run/secrets/wg-key"; + }; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; + AllowedIPs = "0.0.0.0/0"; + Endpoint = "217.138.216.162:51820"; + PersistentKeepalive = 5; + }; + }]; + }; + }; + }; + }; + + age.secrets.protonvpn-pennykettle1 = { + file = ../../../secrets/protonvpn-pennykettle1.age; + owner = "root"; + group = "systemd-network"; + mode = "640"; + }; +} \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index 82036db..61abf6e 100644 --- a/secrets.nix +++ b/secrets.nix @@ -10,6 +10,7 @@ let wireguard-peer-yevaud = [ machines.yevaud ] ++ keys.users.qenya; wireguard-peer-kalessin = [ machines.kalessin ] ++ keys.users.qenya; wireguard-peer-kilgharrah = [ machines.kilgharrah ] ++ keys.users.qenya; + protonvpn-pennykettle1 = [ machines.yevaud ] ++ keys.users.qenya; }; in builtins.listToAttrs ( diff --git a/secrets/protonvpn-pennykettle1.age b/secrets/protonvpn-pennykettle1.age new file mode 100644 index 0000000..e58dc56 --- /dev/null +++ b/secrets/protonvpn-pennykettle1.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 uJfgGw +h4WiWyMlQZ5iaMFTl/whUD0vJnIN0GYeqRbZ0MIH0o +eKio4DsSJlrvSAjmR0naDO/lmB78o7cy7QC9WZjHUa0 +-> ssh-ed25519 seJ9Iw xov8WY0TxEj5/wkWg1T0kmrbpXsNhDLnZwqyIg0eExA +wu5QApQk6K8Fu5XMTrWY2veoYbJVuQmn3DJXewVB860 +-> ssh-ed25519 900ILw N6RbpHr4Vwgm0BUCuMXzVo3VEgrl29NF8ZJU5Far7yk +KdA1dZXmcSF3cH9bVdmIbj7iZO3uuSY+isjswDzSu+Y +--- YtnS9FqXVat2hi9BLvX+71HEZDw3zcxIQ7Dp5+iao4c +a'|N7NT5]O0Sm<-1:dg^/u7N?XM~s.9cC \ No newline at end of file From 715b3f799a543d625bf5afb5e9fab5cce69510f3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 10 Dec 2024 22:59:44 +0000 Subject: [PATCH 271/438] qenya/vscode: pin golang-ci --- home/qenya/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 80d1a41..107c116 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -32,6 +32,7 @@ in "git.inputValidationSubjectLength" = null; "go.alternateTools" = { "go" = "${pkgs.go}/bin/go"; + "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; "gopls" = "${pkgs.gopls}/bin/gopls"; "dlv" = "${pkgs.delve}/bin/dlv"; "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; From 345bf13b0d49691368eea3df5ce8120efc89bb37 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Dec 2024 17:47:34 +0000 Subject: [PATCH 272/438] treewide: snapshot important datasets with sanoid --- common/default.nix | 1 + common/sanoid.nix | 35 +++++++++++++++++++++++++++++++++++ hosts/kilgharrah/backup.nix | 8 ++++++++ hosts/kilgharrah/default.nix | 1 + hosts/orm/default.nix | 5 +++++ hosts/yevaud/default.nix | 5 +++++ 6 files changed, 55 insertions(+) create mode 100644 common/sanoid.nix create mode 100644 hosts/kilgharrah/backup.nix diff --git a/common/default.nix b/common/default.nix index 11e5d0a..aed2093 100644 --- a/common/default.nix +++ b/common/default.nix @@ -10,6 +10,7 @@ ./nginx.nix ./nix.nix ./openssh.nix + ./sanoid.nix ./security.nix ./steam.nix ]; diff --git a/common/sanoid.nix b/common/sanoid.nix new file mode 100644 index 0000000..82137e0 --- /dev/null +++ b/common/sanoid.nix @@ -0,0 +1,35 @@ +{ config, pkgs, inputs, ... }: + +{ + config = { + services.sanoid = { + enable = true; + extraArgs = [ "--verbose" ]; + + # Local snapshots for important datasets + templates."production" = { + yearly = 0; + monthly = 3; + daily = 30; + hourly = 36; + autosnap = true; + autoprune = true; + }; + + # Reduced-retention version for datasets that are backed up to the NAS + templates."safe" = { + yearly = 0; + monthly = 0; + daily = 7; + hourly = 24; + autosnap = true; + autoprune = true; + }; + + # datasets."rpool_sggau1/reese/system" = { + # useTemplate = [ "safe" ]; + # recursive = "zfs"; + # }; + }; + }; +} \ No newline at end of file diff --git a/hosts/kilgharrah/backup.nix b/hosts/kilgharrah/backup.nix new file mode 100644 index 0000000..efa72f9 --- /dev/null +++ b/hosts/kilgharrah/backup.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + services.sanoid.datasets."rpool_albion/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; +} \ No newline at end of file diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 4ac9a04..8f5ef87 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -5,6 +5,7 @@ let in { imports = [ + ./backup.nix ./filesystems.nix ./hardware.nix ./networking.nix diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 1d8a648..da66828 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -19,6 +19,11 @@ "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; }; + services.sanoid.datasets."rpool_orm/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + qenya.services.actual = { enable = true; domain = "actual.qenya.tel"; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index c2d4639..55faeb1 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -22,6 +22,11 @@ "rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; }; + services.sanoid.datasets."rpool/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; + qenya.services.forgejo = { enable = true; domain = "git.qenya.tel"; From ee7ccef96ca474f4d0ddb4e97c1fede16ba9f1c3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Dec 2024 17:59:04 +0000 Subject: [PATCH 273/438] flake: switch to building on target by default --- flake.nix | 1 + hosts/kalessin/default.nix | 5 +---- hosts/kilgharrah/default.nix | 11 +++++------ hosts/orm/default.nix | 6 ++++++ hosts/tohru/default.nix | 2 +- hosts/yevaud/default.nix | 6 ++++++ 6 files changed, 20 insertions(+), 11 deletions(-) diff --git a/flake.nix b/flake.nix index 11b6748..8e857d8 100644 --- a/flake.nix +++ b/flake.nix @@ -90,6 +90,7 @@ # disable remote deployment by default # (can stil build locally with nixos-rebuild) deployment.targetHost = lib.mkDefault null; + deployment.buildOnTarget = lib.mkDefault true; imports = [ lix-module.nixosModules.default diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index ef0157e..a12fe97 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -21,10 +21,7 @@ in qenya.services.remote-builder = { enable = true; - authorizedKeys.keys = [ - keys.machines.kilgharrah - keys.machines.tohru - ]; + authorizedKeys.keys = [ ]; }; system.stateVersion = "23.11"; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 8f5ef87..63e6840 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -41,12 +41,11 @@ in qenya.services.remote-builder = { enable = true; - authorizedKeys.keys = [ keys.machines.tohru ]; - }; - qenya.services.distributed-builds = { - enable = true; - keyFile = "/etc/ssh/ssh_host_ed25519_key"; - builders = [ "kalessin" ]; + authorizedKeys.keys = [ + keys.machines.yevaud + keys.machines.orm + keys.machines.tohru + ]; }; programs.steam.enable = true; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index da66828..dc42041 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -14,6 +14,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 9d5702c..cebd1cb 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -49,7 +49,7 @@ qenya.services.distributed-builds = { enable = true; keyFile = "/etc/ssh/ssh_host_ed25519_key"; - builders = [ "kilgharrah" "kalessin" ]; + builders = [ "kilgharrah" ]; }; programs.evolution.enable = true; # not in home-manager yet; not declaratively configurable yet diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 55faeb1..d17f0a3 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -17,6 +17,12 @@ users.users.qenya.extraGroups = [ "wheel" ]; qenya.base-server.enable = true; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + randomcat.services.zfs.datasets = { "rpool/state" = { mountpoint = "none"; }; "rpool/state/forgejo" = { mountpoint = "/var/lib/forgejo"; }; From 3b5348edc31008aab03bf69998a6818e52b6b5bc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Dec 2024 23:19:01 +0000 Subject: [PATCH 274/438] yevaud, orm: force build with remote builder --- hosts/orm/default.nix | 1 + hosts/yevaud/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index dc42041..30f0d69 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -19,6 +19,7 @@ keyFile = "/etc/ssh/ssh_host_ed25519_key"; builders = [ "kilgharrah" ]; }; + nix.settings.max-jobs = 0; randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index d17f0a3..288b560 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -22,6 +22,7 @@ keyFile = "/etc/ssh/ssh_host_ed25519_key"; builders = [ "kilgharrah" ]; }; + nix.settings.max-jobs = 0; randomcat.services.zfs.datasets = { "rpool/state" = { mountpoint = "none"; }; From c3f990478cef1ce8553e51a2d8564f5b544dea10 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Dec 2024 18:59:29 +0000 Subject: [PATCH 275/438] flake: update to 24.11 and zero out some unused dependencies --- flake.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 8e857d8..d2f1e55 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; - nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-24.05-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-24.11-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; @@ -11,7 +11,7 @@ }; home-manager = { - url = "github:nix-community/home-manager/release-24.05"; + url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -33,11 +33,15 @@ url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; inputs.darwin.follows = ""; + inputs.home-manager.follows = ""; }; colmena = { url = "github:zhaofengli/colmena"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.stable.follows = ""; + inputs.nix-github-actions.follows = ""; + inputs.flake-compat.follows = ""; }; randomcat = { @@ -52,7 +56,7 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=compat-24.11"; }; outputs = inputs@{ self, nixpkgs, nixpkgs-small, lix-module, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { From f51721aae15d3e7819ff9085c0d13085d57c01e1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Dec 2024 18:59:38 +0000 Subject: [PATCH 276/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'actual': 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=32894dcff264ee50e56f58130ac59bd86a7afb45' (2024-11-04) → 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=7f041ffa7f204deb0fc2e36908b382804f2e108d' (2024-12-07) • Updated input 'agenix/home-manager': 'github:nix-community/home-manager/3bfaacf46133c037bb356193bd2f1765d9dc82c1' (2023-12-20) → follows '' • Removed input 'agenix/home-manager/nixpkgs' • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=ffe25bd95a49d6595edec6caa432703a48b7a8fd' (2024-11-05) → 'git+https://git.qenya.tel/qenya/birdsong?ref=compat-24.11&rev=fa0f559d3b41d5fff49ef081f95830270b4662ae' (2024-11-11) • Updated input 'colmena': 'github:zhaofengli/colmena/e3ad42138015fcdf2524518dd564a13145c72ea1' (2024-11-13) → 'github:zhaofengli/colmena/a6b51f5feae9bfb145daa37fd0220595acb7871e' (2024-12-22) • Updated input 'colmena/flake-compat': 'github:edolstra/flake-compat/b4a34015c698c7793d592d66adbab377907a2be8' (2022-04-19) → follows '' • Updated input 'colmena/nix-github-actions': 'github:nix-community/nix-github-actions/e04df33f62cdcf93d73e9a04142464753a16db67' (2024-10-24) → follows '' • Removed input 'colmena/nix-github-actions/nixpkgs' • Updated input 'colmena/stable': 'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06) → follows '' • Updated input 'home-manager': 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22) → 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/1d0862ee2d7c6f6cd720d6f32213fa425004be10' (2024-11-14) → 'github:nix-community/home-manager/35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84' (2024-12-24) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=2bbdcd73b9a464f8acf45a7100feb979883ba485' (2024-10-19) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=96824d606a6656650bbe436366bc89d5ee3a6573' (2024-11-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12) → 'github:NixOS/nixpkgs/1807c2b91223227ad5599d7067a61665c52d1295' (2024-12-22) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/035d434d48f4375ac5d3a620954cf5fda7dd7c36' (2024-11-15) → 'github:NixOS/nixpkgs/7fb8b8de039a0269c26f79129260cc029473d576' (2024-12-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/dc460ec76cbff0e66e269457d7b728432263166c' (2024-11-11) → 'github:NixOS/nixpkgs/d70bd19e0a38ad4790d3913bf08fcbfc9eeca507' (2024-12-19) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/effe68307bf3d891d069293b88a0d8910276b2bb' (2024-11-15) → 'github:NixOS/nixpkgs/e905913c43d0547a131ca9c7917fa9089b627e01' (2024-12-24) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/f33173b9d22e554a6f869626bc01808d35995257' (2024-11-09) → 'github:nix-community/plasma-manager/d16bbded0ae452bc088489e7dca3ef58d8d1830b' (2024-12-24) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/3ef27a946f220e7ef45733e315f61646e13ef0e8' (2024-11-15) → 'github:randomnetcat/nix-configs/21b3f66c1a7bd94c3f00e12c0b80b53aeab69c25' (2024-12-24) --- flake.lock | 172 +++++++++++++++-------------------------------------- 1 file changed, 49 insertions(+), 123 deletions(-) diff --git a/flake.lock b/flake.lock index 8f7fd71..37cca72 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1730687397, - "narHash": "sha256-xluSdua/nB7BVpSx7C3PY5XJOsr9x0IsUwuVHJFpJ+Y=", + "lastModified": 1733551027, + "narHash": "sha256-nlZWAq4E+cNywCuxpnYcyky4fd+8bVzJHrS2e8QTtVs=", "ref": "main", - "rev": "32894dcff264ee50e56f58130ac59bd86a7afb45", - "revCount": 17, + "rev": "7f041ffa7f204deb0fc2e36908b382804f2e108d", + "revCount": 18, "type": "git", "url": "https://git.xeno.science/xenofem/actual-nix" }, @@ -24,7 +24,7 @@ "agenix": { "inputs": { "darwin": [], - "home-manager": "home-manager", + "home-manager": [], "nixpkgs": [ "nixpkgs" ], @@ -46,36 +46,36 @@ }, "birdsong": { "locked": { - "lastModified": 1730835703, - "narHash": "sha256-VQWyAU+Nyh2a7jQlbn4my5XBE/OgiYKSBfRpPy7GMwg=", - "ref": "main", - "rev": "ffe25bd95a49d6595edec6caa432703a48b7a8fd", - "revCount": 12, + "lastModified": 1731357158, + "narHash": "sha256-RTFqn8DTPXEvkrhMuOODv198z9a0H96mlg4lrc2dplQ=", + "ref": "compat-24.11", + "rev": "fa0f559d3b41d5fff49ef081f95830270b4662ae", + "revCount": 13, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, "original": { - "ref": "main", + "ref": "compat-24.11", "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" } }, "colmena": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": [], "flake-utils": "flake-utils", - "nix-github-actions": "nix-github-actions", + "nix-github-actions": [], "nixpkgs": [ "nixpkgs" ], - "stable": "stable" + "stable": [] }, "locked": { - "lastModified": 1731527002, - "narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=", + "lastModified": 1734897875, + "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", "owner": "zhaofengli", "repo": "colmena", - "rev": "e3ad42138015fcdf2524518dd564a13145c72ea1", + "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", "type": "github" }, "original": { @@ -84,22 +84,6 @@ "type": "github" } }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1650374568, - "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "b4a34015c698c7793d592d66adbab377907a2be8", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -151,20 +135,20 @@ "home-manager": { "inputs": { "nixpkgs": [ - "agenix", "nixpkgs" ] }, "locked": { - "lastModified": 1703113217, - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "lastModified": 1734366194, + "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "owner": "nix-community", "repo": "home-manager", - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -176,11 +160,11 @@ ] }, "locked": { - "lastModified": 1731604581, - "narHash": "sha256-Qq2YZZaDTB3FZLWU/Hgh1uuWlUBl3cMLGB99bm7rFUM=", + "lastModified": 1735053786, + "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", "owner": "nix-community", "repo": "home-manager", - "rev": "1d0862ee2d7c6f6cd720d6f32213fa425004be10", + "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", "type": "github" }, "original": { @@ -189,27 +173,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1726989464, - "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-24.05", - "repo": "home-manager", - "type": "github" - } - }, "lix": { "flake": false, "locked": { @@ -234,11 +197,11 @@ ] }, "locked": { - "lastModified": 1729360442, - "narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=", + "lastModified": 1732605668, + "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", "ref": "stable", - "rev": "2bbdcd73b9a464f8acf45a7100feb979883ba485", - "revCount": 110, + "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", + "revCount": 113, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -248,66 +211,45 @@ "url": "https://git.lix.systems/lix-project/nixos-module" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "colmena", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729742964, - "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nix-github-actions", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1731386116, - "narHash": "sha256-lKA770aUmjPHdTaJWnP3yQ9OI1TigenUqVC3wweqZuI=", + "lastModified": 1734875076, + "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "689fed12a013f56d4c4d3f612489634267d86529", + "rev": "1807c2b91223227ad5599d7067a61665c52d1295", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05", + "ref": "nixos-24.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-small": { "locked": { - "lastModified": 1731663789, - "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", + "lastModified": 1735061823, + "narHash": "sha256-mQbroPNNGpJmE5OQSxZe9mQtoO0zoSWGofXtF/nytn4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", + "rev": "7fb8b8de039a0269c26f79129260cc029473d576", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.05-small", + "ref": "nixos-24.11-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1731319897, - "narHash": "sha256-PbABj4tnbWFMfBp6OcUK5iGy1QY+/Z96ZcLpooIbuEI=", + "lastModified": 1734649271, + "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dc460ec76cbff0e66e269457d7b728432263166c", + "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", "type": "github" }, "original": { @@ -319,11 +261,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1731701941, - "narHash": "sha256-IV3fk1IY1fg+S8hQJ9Nbvv91s77LnMSxBc/fBkHOuO0=", + "lastModified": 1735053414, + "narHash": "sha256-m4CnYqYu5EK18Nl52gYkPUz+S/AIFIUTJM23bGoKoXQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "effe68307bf3d891d069293b88a0d8910276b2bb", + "rev": "e905913c43d0547a131ca9c7917fa9089b627e01", "type": "github" }, "original": { @@ -358,11 +300,11 @@ ] }, "locked": { - "lastModified": 1731193165, - "narHash": "sha256-pGF8L5g9QpkQtJP9JmNIRNZfcyhJHf7uT+d8tqI1h6Y=", + "lastModified": 1735049224, + "narHash": "sha256-fWUd9kyXdepphJ7cCzOsuSo7l0kbFCkUqfgKqZyFZzE=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "f33173b9d22e554a6f869626bc01808d35995257", + "rev": "d16bbded0ae452bc088489e7dca3ef58d8d1830b", "type": "github" }, "original": { @@ -374,11 +316,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1731631186, - "narHash": "sha256-c9gcJdAp7MXeCYcjPNadYPpRY+bBhCPhxG1VVs8j8Co=", + "lastModified": 1735061438, + "narHash": "sha256-k8fVnM7c8p5eJJTS+8cyI5/lo8m/NPieQLtnhYLdgqY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "3ef27a946f220e7ef45733e315f61646e13ef0e8", + "rev": "21b3f66c1a7bd94c3f00e12c0b80b53aeab69c25", "type": "github" }, "original": { @@ -393,7 +335,7 @@ "agenix": "agenix", "birdsong": "birdsong", "colmena": "colmena", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", "lix-module": "lix-module", "nixpkgs": "nixpkgs", @@ -405,22 +347,6 @@ "randomcat": "randomcat" } }, - "stable": { - "locked": { - "lastModified": 1730883749, - "narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dba414932936fde69f0606b4f1d87c5bc0003ede", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, "systems": { "locked": { "lastModified": 1681028828, From 1eaa7d228739b3607bc720c9f4fc464ee89baaef Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Dec 2024 00:03:49 +0000 Subject: [PATCH 277/438] flake: colmena compat with CppNix 2.24 --- README.md | 1 + flake.nix | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 35cb589..26aea1d 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ To build locally, run `nixos-rebuild switch --flake .#[hostname]` as root. To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: * `--on [hostname]`: build a specific machine only * `--reboot`: reboot after building (but note [this bug](https://github.com/zhaofengli/colmena/issues/166) means it may hang even when the reboot completes successfully) +* `--experimental-flake-eval`: currently necessary to build at all. See [here](https://github.com/zhaofengli/colmena/pull/228) ### Updating diff --git a/flake.nix b/flake.nix index d2f1e55..66cace4 100644 --- a/flake.nix +++ b/flake.nix @@ -60,8 +60,9 @@ }; outputs = inputs@{ self, nixpkgs, nixpkgs-small, lix-module, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { - nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes; - + nixosConfigurations = self.outputs.colmenaHive.nodes; + colmenaHive = colmena.lib.makeHive self.outputs.colmena; + # The name of this output type is not standardised. I have picked # "homeManagerModules" as the discussion here suggests it's the most common: # https://github.com/nix-community/home-manager/issues/1783 @@ -129,7 +130,7 @@ in pkgs.mkShell { packages = [ - pkgs.colmena + colmena.packages.${system}.colmena agenix.packages.${system}.default plasma-manager.packages.${system}.rc2nix ]; From 0d52d2ab5c35cc69393d0c8d7b45fb2b950adcc3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Dec 2024 02:34:20 +0000 Subject: [PATCH 278/438] flake: switch back to birdsong main branch --- flake.lock | 12 ++++++------ flake.nix | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 37cca72..43cd125 100644 --- a/flake.lock +++ b/flake.lock @@ -46,16 +46,16 @@ }, "birdsong": { "locked": { - "lastModified": 1731357158, - "narHash": "sha256-RTFqn8DTPXEvkrhMuOODv198z9a0H96mlg4lrc2dplQ=", - "ref": "compat-24.11", - "rev": "fa0f559d3b41d5fff49ef081f95830270b4662ae", - "revCount": 13, + "lastModified": 1735093285, + "narHash": "sha256-i70ytUFLkLPfAbGq02KqIgn/oqu7f9578+9ClLTBy90=", + "ref": "main", + "rev": "91ed1abe655ac270be4e6f6c006af6fa4edd25bf", + "revCount": 15, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, "original": { - "ref": "compat-24.11", + "ref": "main", "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" } diff --git a/flake.nix b/flake.nix index 66cace4..b9177b7 100644 --- a/flake.nix +++ b/flake.nix @@ -56,7 +56,7 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=compat-24.11"; + birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; }; outputs = inputs@{ self, nixpkgs, nixpkgs-small, lix-module, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { From 569b7bb8122917619db1ce0863624eb0d3e807d2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Dec 2024 02:35:32 +0000 Subject: [PATCH 279/438] kilgharrah: update nvidia driver config for 24.11 --- hosts/kilgharrah/hardware.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 10f0f48..0093a01 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -6,7 +6,7 @@ services.fwupd.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia.modesetting.enable = true; # this defaults to true from 24.11 + hardware.nvidia.open = false; # # Downgrade to driver version 535 as 550 has problems with Wayland # hardware.nvidia.package = From ccf07affd6d09d4864bd24f0f73044e842c235ff Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Dec 2024 03:03:56 +0000 Subject: [PATCH 280/438] kalessin: allow login from randomcat --- hosts/kalessin/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a12fe97..858faff 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -15,6 +15,7 @@ in fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; + fountain.users.randomcat.enable = true; fountain.users.trungle.enable = true; qenya.base-server.enable = true; From 644df7986ac87669cbcf84f6e555e51858018c50 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Dec 2024 03:04:12 +0000 Subject: [PATCH 281/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=91ed1abe655ac270be4e6f6c006af6fa4edd25bf' (2024-12-25) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=881078abf8bdc5f7e8bff63288714c6ec245c758' (2024-12-25) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 43cd125..56e9a39 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1735093285, - "narHash": "sha256-i70ytUFLkLPfAbGq02KqIgn/oqu7f9578+9ClLTBy90=", + "lastModified": 1735095689, + "narHash": "sha256-8VdioC1gFMp0OMj4RUUA6zyOmq5eAZcK/d4q+MPdoIY=", "ref": "main", - "rev": "91ed1abe655ac270be4e6f6c006af6fa4edd25bf", - "revCount": 15, + "rev": "881078abf8bdc5f7e8bff63288714c6ec245c758", + "revCount": 16, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, From c6a16f25efad6ba27ab579387314df2e4cb78fed Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 01:38:14 +0000 Subject: [PATCH 282/438] qenya/dconf: allow sound over 100% --- home/qenya/dconf/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix index 912efb1..138bc50 100644 --- a/home/qenya/dconf/default.nix +++ b/home/qenya/dconf/default.nix @@ -11,6 +11,7 @@ in dconf.settings = { "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; "org/gnome/desktop/sound".event-sounds = false; + "org/gnome/desktop/sound".allow-volume-above-100-percent = true; }; imports = [ From 43a3d42406cea346ac1ad585a8034ad6e5d21480 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 01:38:19 +0000 Subject: [PATCH 283/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=881078abf8bdc5f7e8bff63288714c6ec245c758' (2024-12-25) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=fd3965ddee060739fb5b63b14e48ba4bb8c8588d' (2024-12-25) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 56e9a39..fc038c7 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1735095689, - "narHash": "sha256-8VdioC1gFMp0OMj4RUUA6zyOmq5eAZcK/d4q+MPdoIY=", + "lastModified": 1735100647, + "narHash": "sha256-cYcz1o/c8yHwVpWzIPkCMNnWH/73KMkL5pZSrCgvxHM=", "ref": "main", - "rev": "881078abf8bdc5f7e8bff63288714c6ec245c758", - "revCount": 16, + "rev": "fd3965ddee060739fb5b63b14e48ba4bb8c8588d", + "revCount": 17, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, From 2b9514444f6f0298517e3ceb02fbd5123f0f7913 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 03:07:41 +0000 Subject: [PATCH 284/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=fd3965ddee060739fb5b63b14e48ba4bb8c8588d' (2024-12-25) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=54c8b67a44ed58f92b6233934387b6e568151336' (2024-12-27) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index fc038c7..5649a79 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1735100647, - "narHash": "sha256-cYcz1o/c8yHwVpWzIPkCMNnWH/73KMkL5pZSrCgvxHM=", + "lastModified": 1735268037, + "narHash": "sha256-NHIeROmQEF7XkzskWTSeGF3aQrEVoPOO6UHWf5chnuo=", "ref": "main", - "rev": "fd3965ddee060739fb5b63b14e48ba4bb8c8588d", - "revCount": 17, + "rev": "54c8b67a44ed58f92b6233934387b6e568151336", + "revCount": 18, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, From e31fb0fc24fc79e1017cf4a254d7f1204382079c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 03:35:30 +0000 Subject: [PATCH 285/438] yevaud: disable pennykettle experiment as it breaks external IPv6 --- hosts/yevaud/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 288b560..a54c58f 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -6,7 +6,8 @@ ./networking.nix ./experiments/birdsong-dns.nix - ./experiments/pennykettle.nix + # TODO: this breaks external IPv6 somehow + # ./experiments/pennykettle.nix ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; From 7b7e8683b3dd907fdc6c2c92c40a2fa723c3b7e1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 13:09:22 +0000 Subject: [PATCH 286/438] tohru: get scoutshonour games from their own repo instead of NUR --- flake.lock | 24 +++++++++++++++++++++++- flake.nix | 38 +++++++++++++++++++++++--------------- hosts/tohru/default.nix | 8 +++++--- 3 files changed, 51 insertions(+), 19 deletions(-) diff --git a/flake.lock b/flake.lock index 5649a79..7f25a1f 100644 --- a/flake.lock +++ b/flake.lock @@ -344,7 +344,29 @@ "nixpkgs-unstable-small": "nixpkgs-unstable-small", "nur": "nur", "plasma-manager": "plasma-manager", - "randomcat": "randomcat" + "randomcat": "randomcat", + "scoutshonour": "scoutshonour" + } + }, + "scoutshonour": { + "inputs": { + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1735301893, + "narHash": "sha256-d95MCTUYMCcOQv4LpmWxPuVnx7McezXYs2Idw8u8ngI=", + "ref": "main", + "rev": "f447cd380ea1fb81a0ff8f292b6bbdf0be9c9520", + "revCount": 23, + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" + }, + "original": { + "ref": "main", + "type": "git", + "url": "https://git.qenya.tel/qenya/nix-scoutshonour" } }, "systems": { diff --git a/flake.nix b/flake.nix index b9177b7..290d9a3 100644 --- a/flake.nix +++ b/flake.nix @@ -57,12 +57,17 @@ }; birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; + + scoutshonour = { + url = "git+https://git.qenya.tel/qenya/nix-scoutshonour?ref=main"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; }; - outputs = inputs@{ self, nixpkgs, nixpkgs-small, lix-module, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgs-small, colmena, ... }: { nixosConfigurations = self.outputs.colmenaHive.nodes; colmenaHive = colmena.lib.makeHive self.outputs.colmena; - + # The name of this output type is not standardised. I have picked # "homeManagerModules" as the discussion here suggests it's the most common: # https://github.com/nix-community/home-manager/issues/1783 @@ -71,7 +76,7 @@ # https://github.com/NixOS/nix/pull/10858 homeManagerModules = { "qenya".imports = [ - plasma-manager.homeManagerModules.plasma-manager + inputs.plasma-manager.homeManagerModules.plasma-manager ./home/qenya ]; @@ -88,7 +93,10 @@ orm = import nixpkgs-small { system = "x86_64-linux"; }; kalessin = import nixpkgs-small { system = "aarch64-linux"; }; }; - specialArgs = { inherit self; }; + specialArgs = { + inherit self; + inherit inputs; + }; }; defaults = { config, lib, pkgs, ... }: { @@ -98,16 +106,16 @@ deployment.buildOnTarget = lib.mkDefault true; imports = [ - lix-module.nixosModules.default - home-manager.nixosModules.home-manager - nur.nixosModules.nur - { nixpkgs.overlays = [ nur.overlay ]; } - agenix.nixosModules.default - birdsong.nixosModules.default - actual.nixosModules.default + inputs.lix-module.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.nur.nixosModules.nur + { nixpkgs.overlays = [ inputs.nur.overlay ]; } + inputs.agenix.nixosModules.default + inputs.birdsong.nixosModules.default + inputs.actual.nixosModules.default ./common ./services - (builtins.toPath "${randomcat}/services/default.nix") + (builtins.toPath "${inputs.randomcat}/services/default.nix") ]; }; @@ -130,9 +138,9 @@ in pkgs.mkShell { packages = [ - colmena.packages.${system}.colmena - agenix.packages.${system}.default - plasma-manager.packages.${system}.rc2nix + inputs.colmena.packages.${system}.colmena + inputs.agenix.packages.${system}.default + inputs.plasma-manager.packages.${system}.rc2nix ]; }; }; diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index cebd1cb..cde1a8d 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { imports = [ @@ -31,6 +31,8 @@ "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; + + nixpkgs.overlays = [ inputs.scoutshonour.overlays.default ]; home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ keepassxc @@ -41,8 +43,8 @@ # games openttd prismlauncher - nur.repos.qenya.digital-a-love-story - nur.repos.qenya.dont-take-it-personally-babe + scoutshonour.digital-a-love-story + scoutshonour.dont-take-it-personally-babe ]; }; From 39edcc38016c7f57cc26812fd9f60da8b10c30a7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 13:51:25 +0000 Subject: [PATCH 287/438] qenya/firefox: get firefox addons direct from rycee instead of NUR --- common/home-manager.nix | 5 ++++- flake.lock | 42 ++++++++++++++++++++++++++++++++++++++++- flake.nix | 5 +++++ home/qenya/firefox.nix | 8 +++----- 4 files changed, 53 insertions(+), 7 deletions(-) diff --git a/common/home-manager.nix b/common/home-manager.nix index 171a382..cb4e6bd 100644 --- a/common/home-manager.nix +++ b/common/home-manager.nix @@ -1,9 +1,12 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: { home-manager = { useUserPackages = true; useGlobalPkgs = true; backupFileExtension = "backup"; + extraSpecialArgs = { + inherit inputs; + }; }; } diff --git a/flake.lock b/flake.lock index 7f25a1f..d8bb0c1 100644 --- a/flake.lock +++ b/flake.lock @@ -84,6 +84,30 @@ "type": "github" } }, + "firefox-addons": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "dir": "pkgs/firefox-addons", + "lastModified": 1735202720, + "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", + "owner": "rycee", + "repo": "nur-expressions", + "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", + "type": "gitlab" + }, + "original": { + "dir": "pkgs/firefox-addons", + "owner": "rycee", + "ref": "master", + "repo": "nur-expressions", + "type": "gitlab" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -100,6 +124,21 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1629284811, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -189,7 +228,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -335,6 +374,7 @@ "agenix": "agenix", "birdsong": "birdsong", "colmena": "colmena", + "firefox-addons": "firefox-addons", "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index 290d9a3..4e1132d 100644 --- a/flake.nix +++ b/flake.nix @@ -49,6 +49,11 @@ flake = false; }; + firefox-addons = { + url = "gitlab:rycee/nur-expressions?ref=master&dir=pkgs/firefox-addons"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; + # Third-party flake providing package and NixOS module for Actual Budget as # nixpkgs are having trouble: https://github.com/NixOS/nixpkgs/issues/269069 actual = { diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 23642f8..96715e5 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, osConfig, ... }: +{ config, lib, pkgs, osConfig, inputs, ... }: let inherit (lib) mkIf; @@ -7,12 +7,10 @@ in { programs.firefox = lib.mkIf isGraphical { enable = true; - - # coming in 24.11 - # languagePacks = [ "en-GB" ]; + languagePacks = [ "en-GB" ]; profiles.default = { - extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + extensions = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ bitwarden ublock-origin ]; From 0ffdc3de71b49f7cd4057bd74b49d289eef5aef6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 13:53:31 +0000 Subject: [PATCH 288/438] flake: remove dependency on NUR Closes #16 --- flake.lock | 16 ---------------- flake.nix | 5 ----- 2 files changed, 21 deletions(-) diff --git a/flake.lock b/flake.lock index d8bb0c1..ab24595 100644 --- a/flake.lock +++ b/flake.lock @@ -314,21 +314,6 @@ "type": "github" } }, - "nur": { - "locked": { - "lastModified": 1731695757, - "narHash": "sha256-w+bGxRbZpWc6SyBbtjW2ci2fw1zk0udTjFpQW0g0Pc8=", - "owner": "nix-community", - "repo": "NUR", - "rev": "6e17acc00a48253a4d25e5ee4e6c215b8950c039", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "NUR", - "type": "github" - } - }, "plasma-manager": { "inputs": { "home-manager": [ @@ -382,7 +367,6 @@ "nixpkgs-small": "nixpkgs-small", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable-small": "nixpkgs-unstable-small", - "nur": "nur", "plasma-manager": "plasma-manager", "randomcat": "randomcat", "scoutshonour": "scoutshonour" diff --git a/flake.nix b/flake.nix index 4e1132d..f262071 100644 --- a/flake.nix +++ b/flake.nix @@ -26,9 +26,6 @@ inputs.home-manager.follows = "home-manager-unstable"; }; - # TODO: remove dependency on NUR (#16) - nur.url = "github:nix-community/NUR"; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -113,8 +110,6 @@ imports = [ inputs.lix-module.nixosModules.default inputs.home-manager.nixosModules.home-manager - inputs.nur.nixosModules.nur - { nixpkgs.overlays = [ inputs.nur.overlay ]; } inputs.agenix.nixosModules.default inputs.birdsong.nixosModules.default inputs.actual.nixosModules.default From 905cacc84ff4b9a398688d690cd15bf565d3b189 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 13:55:57 +0000 Subject: [PATCH 289/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/1807c2b91223227ad5599d7067a61665c52d1295' (2024-12-22) → 'github:NixOS/nixpkgs/4005c3ff7505313cbc21081776ad0ce5dfd7a3ce' (2024-12-25) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/7fb8b8de039a0269c26f79129260cc029473d576' (2024-12-24) → 'github:NixOS/nixpkgs/1dd8f51e62c0ff199e551744ab46fc4fbe6f827a' (2024-12-26) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/e905913c43d0547a131ca9c7917fa9089b627e01' (2024-12-24) → 'github:NixOS/nixpkgs/7cc0bff31a3a705d3ac4fdceb030a17239412210' (2024-12-27) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/21b3f66c1a7bd94c3f00e12c0b80b53aeab69c25' (2024-12-24) → 'github:randomnetcat/nix-configs/b4b1967ea9d09d7ff64d77c48261fb0f290e7a0c' (2024-12-27) --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index ab24595..bdefc62 100644 --- a/flake.lock +++ b/flake.lock @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1734875076, - "narHash": "sha256-Pzyb+YNG5u3zP79zoi8HXYMs15Q5dfjDgwCdUI5B0nY=", + "lastModified": 1735141468, + "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1807c2b91223227ad5599d7067a61665c52d1295", + "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1735061823, - "narHash": "sha256-mQbroPNNGpJmE5OQSxZe9mQtoO0zoSWGofXtF/nytn4=", + "lastModified": 1735191716, + "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fb8b8de039a0269c26f79129260cc029473d576", + "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1735053414, - "narHash": "sha256-m4CnYqYu5EK18Nl52gYkPUz+S/AIFIUTJM23bGoKoXQ=", + "lastModified": 1735268880, + "narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e905913c43d0547a131ca9c7917fa9089b627e01", + "rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1735061438, - "narHash": "sha256-k8fVnM7c8p5eJJTS+8cyI5/lo8m/NPieQLtnhYLdgqY=", + "lastModified": 1735270908, + "narHash": "sha256-MXyZgw41LY9Ji0PX1Q19mWO9IoZ3pkSTgG/mzfBZ1nA=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "21b3f66c1a7bd94c3f00e12c0b80b53aeab69c25", + "rev": "b4b1967ea9d09d7ff64d77c48261fb0f290e7a0c", "type": "github" }, "original": { From 6168cd0f307bae99dd7c1851cdebd59640f40926 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 27 Dec 2024 14:09:14 +0000 Subject: [PATCH 290/438] nginx, yevaud/birdsong-dns: use monitoring email Closes #1 --- common/nginx.nix | 2 +- hosts/yevaud/experiments/birdsong-dns.nix | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/common/nginx.nix b/common/nginx.nix index 2ea3d20..af2712d 100644 --- a/common/nginx.nix +++ b/common/nginx.nix @@ -20,6 +20,6 @@ security.acme = { acceptTerms = true; - defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email + defaults.email = "auto@qenya.tel"; }; } \ No newline at end of file diff --git a/hosts/yevaud/experiments/birdsong-dns.nix b/hosts/yevaud/experiments/birdsong-dns.nix index 036e499..58db9b6 100644 --- a/hosts/yevaud/experiments/birdsong-dns.nix +++ b/hosts/yevaud/experiments/birdsong-dns.nix @@ -10,12 +10,11 @@ zones = { "birdsong.internal" = { master = true; - # TODO: pick better email address for SOA record file = pkgs.writeText "birdsong.internal.zone" '' $TTL 60 $ORIGIN birdsong.internal. - birdsong.internal. IN SOA ns.birdsong.internal. accounts.katherina.rocks. ( 2024080401 7200 3600 1209600 3600 ) + birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 ) birdsong.internal. IN NS ns.birdsong.internal. yevaud.c.birdsong.internal. IN A 10.127.1.1 From fc245b4619538fb6075b5259fc271030946e5126 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 30 Dec 2024 19:49:30 +0000 Subject: [PATCH 291/438] kilgharrah: disable services related to failing HDD --- hosts/kilgharrah/backup.nix | 9 +++++---- hosts/kilgharrah/default.nix | 31 +++++++++++++++--------------- hosts/kilgharrah/filesystems.nix | 33 ++++++++++++++++---------------- 3 files changed, 38 insertions(+), 35 deletions(-) diff --git a/hosts/kilgharrah/backup.nix b/hosts/kilgharrah/backup.nix index efa72f9..370d9ee 100644 --- a/hosts/kilgharrah/backup.nix +++ b/hosts/kilgharrah/backup.nix @@ -1,8 +1,9 @@ { config, lib, pkgs, ... }: { - services.sanoid.datasets."rpool_albion/state" = { - useTemplate = [ "production" ]; - recursive = "zfs"; - }; + # FIXME: failing drive + # services.sanoid.datasets."rpool_albion/state" = { + # useTemplate = [ "production" ]; + # recursive = "zfs"; + # }; } \ No newline at end of file diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 63e6840..e07b21e 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -9,7 +9,8 @@ in ./filesystems.nix ./hardware.nix ./networking.nix - ./ftp.nix + # FIXME: failing drive + # ./ftp.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -48,20 +49,20 @@ in ]; }; - programs.steam.enable = true; - qenya.services.audiobookshelf = { - enable = true; - domain = "audiobookshelf.qenya.tel"; - }; - qenya.services.jellyfin = { - enable = true; - domain = "jellyfin.qenya.tel"; - }; - qenya.services.navidrome = { - enable = true; - domain = "music.qenya.tel"; - dataDir = "/srv/music"; - }; + # programs.steam.enable = true; + # qenya.services.audiobookshelf = { + # enable = true; + # domain = "audiobookshelf.qenya.tel"; + # }; + # qenya.services.jellyfin = { + # enable = true; + # domain = "jellyfin.qenya.tel"; + # }; + # qenya.services.navidrome = { + # enable = true; + # domain = "music.qenya.tel"; + # dataDir = "/srv/music"; + # }; system.stateVersion = "24.05"; diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index cc77c4e..0cad432 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -67,24 +67,25 @@ # HDD in bay + # FIXME: failing drive - environment.etc.crypttab.text = '' - albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key - ''; + # environment.etc.crypttab.text = '' + # albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key + # ''; - randomcat.services.zfs.datasets = { - "rpool_albion/data" = { mountpoint = "none"; }; - "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; - "rpool_albion/state" = { mountpoint = "none"; }; - "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; - "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; - "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; - "rpool_albion/srv" = { mountpoint = "none"; }; - "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; - "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; - "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; - "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; - }; + # randomcat.services.zfs.datasets = { + # "rpool_albion/data" = { mountpoint = "none"; }; + # "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + # "rpool_albion/state" = { mountpoint = "none"; }; + # "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; + # "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + # "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; + # "rpool_albion/srv" = { mountpoint = "none"; }; + # "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; + # "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + # "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + # "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; + # }; # Other From 6a47840cd79227c41fc8b93553cbb187ba75d445 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 4 Jan 2025 19:26:27 +0000 Subject: [PATCH 292/438] packages: rename from environment, install smartmontools --- common/default.nix | 2 +- common/{environment.nix => packages.nix} | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) rename common/{environment.nix => packages.nix} (84%) diff --git a/common/default.nix b/common/default.nix index aed2093..81a7423 100644 --- a/common/default.nix +++ b/common/default.nix @@ -4,12 +4,12 @@ ./base-server ./users ./boot.nix - ./environment.nix ./home-manager.nix ./misc.nix ./nginx.nix ./nix.nix ./openssh.nix + ./packages.nix ./sanoid.nix ./security.nix ./steam.nix diff --git a/common/environment.nix b/common/packages.nix similarity index 84% rename from common/environment.nix rename to common/packages.nix index 08e3fc4..8b46129 100644 --- a/common/environment.nix +++ b/common/packages.nix @@ -4,9 +4,12 @@ environment.systemPackages = with pkgs; [ btop git + wget + + # hardware troubleshooting lshw parted - wget + smartmontools # network troubleshooting inetutils From e078b80e24cb86c34c55c5d2d5363ef532c871bf Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 4 Jan 2025 19:27:09 +0000 Subject: [PATCH 293/438] qenya/packages: install eza, hexyl --- home/qenya/packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 125f7ba..c7cbec5 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -6,6 +6,8 @@ let in { home.packages = with pkgs; [ + eza # like `ls` but fancier + hexyl # like `xxd` but cooler tree # like `ls -R` but nicer units zip unzip From 473e113c4f1f6d26779a7c9d4cf84d56db5fc0b8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 4 Jan 2025 19:28:02 +0000 Subject: [PATCH 294/438] kilgharrah: replace failed HDD --- hosts/kilgharrah/backup.nix | 9 ++++----- hosts/kilgharrah/default.nix | 31 +++++++++++++++--------------- hosts/kilgharrah/filesystems.nix | 33 ++++++++++++++++---------------- 3 files changed, 35 insertions(+), 38 deletions(-) diff --git a/hosts/kilgharrah/backup.nix b/hosts/kilgharrah/backup.nix index 370d9ee..efa72f9 100644 --- a/hosts/kilgharrah/backup.nix +++ b/hosts/kilgharrah/backup.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, ... }: { - # FIXME: failing drive - # services.sanoid.datasets."rpool_albion/state" = { - # useTemplate = [ "production" ]; - # recursive = "zfs"; - # }; + services.sanoid.datasets."rpool_albion/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + }; } \ No newline at end of file diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index e07b21e..63e6840 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -9,8 +9,7 @@ in ./filesystems.nix ./hardware.nix ./networking.nix - # FIXME: failing drive - # ./ftp.nix + ./ftp.nix ]; nixpkgs.hostPlatform = "x86_64-linux"; @@ -49,20 +48,20 @@ in ]; }; - # programs.steam.enable = true; - # qenya.services.audiobookshelf = { - # enable = true; - # domain = "audiobookshelf.qenya.tel"; - # }; - # qenya.services.jellyfin = { - # enable = true; - # domain = "jellyfin.qenya.tel"; - # }; - # qenya.services.navidrome = { - # enable = true; - # domain = "music.qenya.tel"; - # dataDir = "/srv/music"; - # }; + programs.steam.enable = true; + qenya.services.audiobookshelf = { + enable = true; + domain = "audiobookshelf.qenya.tel"; + }; + qenya.services.jellyfin = { + enable = true; + domain = "jellyfin.qenya.tel"; + }; + qenya.services.navidrome = { + enable = true; + domain = "music.qenya.tel"; + dataDir = "/srv/music"; + }; system.stateVersion = "24.05"; diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index 0cad432..dbafb05 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -67,25 +67,24 @@ # HDD in bay - # FIXME: failing drive - # environment.etc.crypttab.text = '' - # albion UUID=acda0e7a-069f-47c7-8e37-ec00e7cdde0f /root/luks-albion.key - # ''; + environment.etc.crypttab.text = '' + albion UUID=8a924f24-9b65-4f05-aeda-5b4080cc7aa1 /root/luks-albion.key + ''; - # randomcat.services.zfs.datasets = { - # "rpool_albion/data" = { mountpoint = "none"; }; - # "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; - # "rpool_albion/state" = { mountpoint = "none"; }; - # "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; - # "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; - # "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; - # "rpool_albion/srv" = { mountpoint = "none"; }; - # "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; - # "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; - # "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; - # "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; - # }; + randomcat.services.zfs.datasets = { + "rpool_albion/data" = { mountpoint = "none"; }; + "rpool_albion/data/steam" = { mountpoint = "/home/qenya/.local/share/Steam"; }; + "rpool_albion/state" = { mountpoint = "none"; }; + "rpool_albion/state/audiobookshelf" = { mountpoint = "/var/lib/audiobookshelf"; }; + "rpool_albion/state/jellyfin" = { mountpoint = "/var/lib/jellyfin"; }; + "rpool_albion/state/navidrome" = { mountpoint = "/var/lib/navidrome"; }; + "rpool_albion/srv" = { mountpoint = "none"; }; + "rpool_albion/srv/audiobookshelf" = { mountpoint = "/srv/audiobookshelf"; }; + "rpool_albion/srv/ftp" = { mountpoint = "/srv/ftp"; }; + "rpool_albion/srv/jellyfin" = { mountpoint = "/srv/jellyfin"; }; + "rpool_albion/srv/music" = { mountpoint = "/srv/music"; }; + }; # Other From eb557507d07ba7402ad474d2c982bc35ce649fdd Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 14:27:55 +0000 Subject: [PATCH 295/438] misc: garbage-collect nixos profiles older than 30 days --- common/misc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/common/misc.nix b/common/misc.nix index af95d1b..3061e72 100644 --- a/common/misc.nix +++ b/common/misc.nix @@ -5,6 +5,7 @@ automatic = true; dates = "weekly"; randomizedDelaySec = "45min"; + options = "--delete-older-than 30d"; }; nix.optimise.automatic = true; services.fstrim.enable = true; From 96d16a8830b7d08a0a2f6bf4133a84e0b2f334b4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 14:28:15 +0000 Subject: [PATCH 296/438] tohru: disable automatic nix store maintenance --- hosts/tohru/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index cde1a8d..e4f9c8e 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -1,5 +1,8 @@ { config, lib, pkgs, inputs, ... }: +let + inherit (lib) mkForce; +in { imports = [ ./filesystems.nix @@ -23,6 +26,11 @@ console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + # tohru does not have the resources to run these under other load and is generally powered off when not in use. + # instead, just run `nix-collect-garbage -d` and `nix-store --optimise` every so often. + nix.gc.automatic = mkForce false; + nix.optimise.automatic = mkForce false; + fountain.users.qenya.enable = true; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; From db74ab7f42fe17757a04959d7fde05d2fcc28968 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 14:55:16 +0000 Subject: [PATCH 297/438] flake: make colmena perform evaluation with lix instead of cppNix --- flake.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index f262071..82bbf80 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,7 @@ }; }; - outputs = inputs@{ self, nixpkgs, nixpkgs-small, colmena, ... }: { + outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, colmena, ... }: { nixosConfigurations = self.outputs.colmenaHive.nodes; colmenaHive = colmena.lib.makeHive self.outputs.colmena; @@ -87,7 +87,12 @@ colmena = { meta = { - nixpkgs = import nixpkgs { system = "x86_64-linux"; }; + nixpkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + overlays = [ + inputs.lix-module.overlays.default + ]; + }; nodeNixpkgs = { kilgharrah = import nixpkgs { system = "x86_64-linux"; }; tohru = import nixpkgs { system = "x86_64-linux"; }; From 286368b7543103744a045a4ef115c26977b14e16 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 15:02:56 +0000 Subject: [PATCH 298/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/fe816609e68ee1887ee89e43c9ca1aad75362477?dir=pkgs/firefox-addons' (2024-12-26) → 'gitlab:rycee/nur-expressions/b93d8cdf12139da45146a6c3cf53141a437c41ec?dir=pkgs/firefox-addons' (2025-01-04) • Updated input 'home-manager': 'github:nix-community/home-manager/80b0fdf483c5d1cb75aaad909bd390d48673857f' (2024-12-16) → 'github:nix-community/home-manager/613691f285dad87694c2ba1c9e6298d04736292d' (2024-12-28) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84' (2024-12-24) → 'github:nix-community/home-manager/5ad12b6ea06b84e48f6b677957c74f32d47bdee0' (2025-01-05) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/4005c3ff7505313cbc21081776ad0ce5dfd7a3ce' (2024-12-25) → 'github:NixOS/nixpkgs/d29ab98cd4a70a387b8ceea3e930b3340d41ac5a' (2025-01-03) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/1dd8f51e62c0ff199e551744ab46fc4fbe6f827a' (2024-12-26) → 'github:NixOS/nixpkgs/beaa880fbe02536b66d5361dd3e61c1abf44155f' (2025-01-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d70bd19e0a38ad4790d3913bf08fcbfc9eeca507' (2024-12-19) → 'github:NixOS/nixpkgs/6df24922a1400241dae323af55f30e4318a6ca65' (2025-01-02) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/7cc0bff31a3a705d3ac4fdceb030a17239412210' (2024-12-27) → 'github:NixOS/nixpkgs/e554bf17658bd1bfe393dcaca8b8eee6014ddfa1' (2025-01-05) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/b4b1967ea9d09d7ff64d77c48261fb0f290e7a0c' (2024-12-27) → 'github:randomnetcat/nix-configs/5c508fbe33f4fec253589f442e3869afb5632186' (2025-01-05) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index bdefc62..ac9b70c 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735202720, - "narHash": "sha256-7aEdACqT2B7nZNFjn2Y66Qucfl1AHHVFKxm4yvO0O10=", + "lastModified": 1735979945, + "narHash": "sha256-qT25PnbcQ30ypnI8fNazRDsq3WmBXC8Lo+OvPr+Ct+o=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fe816609e68ee1887ee89e43c9ca1aad75362477", + "rev": "b93d8cdf12139da45146a6c3cf53141a437c41ec", "type": "gitlab" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1734366194, - "narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", + "lastModified": 1735344290, + "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", "owner": "nix-community", "repo": "home-manager", - "rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", + "rev": "613691f285dad87694c2ba1c9e6298d04736292d", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1735053786, - "narHash": "sha256-Gm+0DcbUS338vvkwyYWms5jsWlx8z8MeQBzcnIDuIkw=", + "lastModified": 1736066484, + "narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=", "owner": "nix-community", "repo": "home-manager", - "rev": "35b98d20ca8f4ca1f6a2c30b8a2c8bb305a36d84", + "rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0", "type": "github" }, "original": { @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735141468, - "narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", + "lastModified": 1735922141, + "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", + "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1735191716, - "narHash": "sha256-rwHLmGc/2OfudyjGnH8h5vQK2e5uJ6gt2GwPhWL9pPk=", + "lastModified": 1736036397, + "narHash": "sha256-8Z547c9eeE/MCwvDqKPud8ovL6tlIXLfaR+jK7NImb8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1dd8f51e62c0ff199e551744ab46fc4fbe6f827a", + "rev": "beaa880fbe02536b66d5361dd3e61c1abf44155f", "type": "github" }, "original": { @@ -284,11 +284,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1734649271, - "narHash": "sha256-4EVBRhOjMDuGtMaofAIqzJbg4Ql7Ai0PSeuVZTHjyKQ=", + "lastModified": 1735834308, + "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d70bd19e0a38ad4790d3913bf08fcbfc9eeca507", + "rev": "6df24922a1400241dae323af55f30e4318a6ca65", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1735268880, - "narHash": "sha256-7QEFnKkzD13SPxs+UFR5bUFN2fRw+GlL0am72ZjNre4=", + "lastModified": 1736077418, + "narHash": "sha256-2LwAcQXlLkqWyibkYGiS1SfXsewxRuhpYtzrMQSYElc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7cc0bff31a3a705d3ac4fdceb030a17239412210", + "rev": "e554bf17658bd1bfe393dcaca8b8eee6014ddfa1", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1735270908, - "narHash": "sha256-MXyZgw41LY9Ji0PX1Q19mWO9IoZ3pkSTgG/mzfBZ1nA=", + "lastModified": 1736037700, + "narHash": "sha256-xK/bgZBpY8n4Dm3Gd+sKJKxfvBsXHY+wtU2BhG7EtOc=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "b4b1967ea9d09d7ff64d77c48261fb0f290e7a0c", + "rev": "5c508fbe33f4fec253589f442e3869afb5632186", "type": "github" }, "original": { From 6b2871b27f7f74df108b287b65cfde4551fb2520 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 15:37:18 +0000 Subject: [PATCH 299/438] qenya/vscode: insert newline at eof on save --- home/qenya/vscode.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 107c116..d259be6 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -25,6 +25,7 @@ in "editor.formatOnSave" = false; }; "extensions.autoUpdate" = false; + "files.insertFinalNewline" = true; "git.autofetch" = true; "git.confirmSync" = false; "git.enableSmartCommit" = true; From 2cad2dd61477e472967a6448fec7f3a702016ec9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 15:42:57 +0000 Subject: [PATCH 300/438] qenya/vscode: reformat to separate golang config --- home/qenya/vscode.nix | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index d259be6..91e7897 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -20,10 +20,6 @@ in ]; mutableExtensionsDir = false; userSettings = { - "[go]" = { - "editor.defaultFormatter" = "golang.go"; - "editor.formatOnSave" = false; - }; "extensions.autoUpdate" = false; "files.insertFinalNewline" = true; "git.autofetch" = true; @@ -31,6 +27,22 @@ in "git.enableSmartCommit" = true; "git.inputValidation" = true; "git.inputValidationSubjectLength" = null; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; + nix.flake.autoArchive = true; + }; + "terminal.integrated.allowChords" = false; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "workbench.colorTheme" = "Gruvbox Dark Medium"; + + "[go]" = { + "editor.defaultFormatter" = "golang.go"; + "editor.formatOnSave" = false; + }; "go.alternateTools" = { "go" = "${pkgs.go}/bin/go"; "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; @@ -44,17 +56,6 @@ in "formatting.gofumpt" = true; "ui.semanticTokens" = true; }; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "${pkgs.nil}/bin/nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; - nix.flake.autoArchive = true; - }; - "terminal.integrated.allowChords" = false; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = "Gruvbox Dark Medium"; }; }; } From 08e09ce55bc9eb63f68a83ae81d62934cc503b43 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 5 Jan 2025 15:43:49 +0000 Subject: [PATCH 301/438] tohru: re-enable nix gc (but not nix optimise) --- hosts/tohru/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index e4f9c8e..3bb4c52 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -26,9 +26,8 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; - # tohru does not have the resources to run these under other load and is generally powered off when not in use. - # instead, just run `nix-collect-garbage -d` and `nix-store --optimise` every so often. - nix.gc.automatic = mkForce false; + # tohru does not have the resources to run this under other load and is generally powered off when not in use. + # instead, just run `nix-store --optimise` every so often. nix.optimise.automatic = mkForce false; fountain.users.qenya.enable = true; From ba8fc5fef651e9c82f234c4e2c0b639f01579151 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 8 Jan 2025 15:11:21 +0000 Subject: [PATCH 302/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'actual': 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=7f041ffa7f204deb0fc2e36908b382804f2e108d' (2024-12-07) → 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=8d04125d902637c54a6278cf8d10954b2ed95d61' (2025-01-07) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/b93d8cdf12139da45146a6c3cf53141a437c41ec?dir=pkgs/firefox-addons' (2025-01-04) → 'gitlab:rycee/nur-expressions/dfc28c64131d651a0b9c560b298c712d5a79c6a0?dir=pkgs/firefox-addons' (2025-01-08) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/5ad12b6ea06b84e48f6b677957c74f32d47bdee0' (2025-01-05) → 'github:nix-community/home-manager/45bcdbc910dc5131943bb6f7edb156617898fd1a' (2025-01-08) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/d29ab98cd4a70a387b8ceea3e930b3340d41ac5a' (2025-01-03) → 'github:NixOS/nixpkgs/3f0a8ac25fb674611b98089ca3a5dd6480175751' (2025-01-06) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/beaa880fbe02536b66d5361dd3e61c1abf44155f' (2025-01-05) → 'github:NixOS/nixpkgs/aedc34a0abc375a413d16802ee5172b4247d20db' (2025-01-08) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/6df24922a1400241dae323af55f30e4318a6ca65' (2025-01-02) → 'github:NixOS/nixpkgs/8f3e1f807051e32d8c95cd12b9b421623850a34d' (2025-01-04) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/e554bf17658bd1bfe393dcaca8b8eee6014ddfa1' (2025-01-05) → 'github:NixOS/nixpkgs/da76b6311eb169eb526de6feeae7492283fe1f8b' (2025-01-08) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/5c508fbe33f4fec253589f442e3869afb5632186' (2025-01-05) → 'github:randomnetcat/nix-configs/dc1e0ac59b8c462aed7f37579e22912e83a21f97' (2025-01-08) --- flake.lock | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index ac9b70c..153f9d0 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1733551027, - "narHash": "sha256-nlZWAq4E+cNywCuxpnYcyky4fd+8bVzJHrS2e8QTtVs=", + "lastModified": 1736289976, + "narHash": "sha256-odJdL+x5vsCnehZ8U+wONBWX3x0QP+H6edsd026qXpc=", "ref": "main", - "rev": "7f041ffa7f204deb0fc2e36908b382804f2e108d", - "revCount": 18, + "rev": "8d04125d902637c54a6278cf8d10954b2ed95d61", + "revCount": 20, "type": "git", "url": "https://git.xeno.science/xenofem/actual-nix" }, @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1735979945, - "narHash": "sha256-qT25PnbcQ30ypnI8fNazRDsq3WmBXC8Lo+OvPr+Ct+o=", + "lastModified": 1736338081, + "narHash": "sha256-JplmG5RJcTOa7d/HikuTZHRyEEdGaiRuZGsP7ko84dU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "b93d8cdf12139da45146a6c3cf53141a437c41ec", + "rev": "dfc28c64131d651a0b9c560b298c712d5a79c6a0", "type": "gitlab" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1736066484, - "narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=", + "lastModified": 1736336279, + "narHash": "sha256-9Xp2X7ofKY4h39vUbd4coNambsG7Y/9axLFyTXaXOMU=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0", + "rev": "45bcdbc910dc5131943bb6f7edb156617898fd1a", "type": "github" }, "original": { @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1735922141, - "narHash": "sha256-vk0xwGZSlvZ/596yxOtsk4gxsIx2VemzdjiU8zhjgWw=", + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d29ab98cd4a70a387b8ceea3e930b3340d41ac5a", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1736036397, - "narHash": "sha256-8Z547c9eeE/MCwvDqKPud8ovL6tlIXLfaR+jK7NImb8=", + "lastModified": 1736326617, + "narHash": "sha256-FkhJpO0sDDJwrme4faEevh8Dbhw/Qj1qGrgPgLHaZ7w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "beaa880fbe02536b66d5361dd3e61c1abf44155f", + "rev": "aedc34a0abc375a413d16802ee5172b4247d20db", "type": "github" }, "original": { @@ -284,11 +284,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1736077418, - "narHash": "sha256-2LwAcQXlLkqWyibkYGiS1SfXsewxRuhpYtzrMQSYElc=", + "lastModified": 1736296779, + "narHash": "sha256-sCETZgHp3dS6TYMByR3bGjO5rwX6BpFx1bdCpULC8Og=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e554bf17658bd1bfe393dcaca8b8eee6014ddfa1", + "rev": "da76b6311eb169eb526de6feeae7492283fe1f8b", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1736037700, - "narHash": "sha256-xK/bgZBpY8n4Dm3Gd+sKJKxfvBsXHY+wtU2BhG7EtOc=", + "lastModified": 1736296691, + "narHash": "sha256-tJnBE+/jzSb7M81gTI37gDnQLVrzq9AKjHu2UWp/QXI=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "5c508fbe33f4fec253589f442e3869afb5632186", + "rev": "dc1e0ac59b8c462aed7f37579e22912e83a21f97", "type": "github" }, "original": { From 2a7baa9b624f517a445494106ee02bef1f52c5f1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 20 Jan 2025 18:30:48 +0000 Subject: [PATCH 303/438] elucredassa: init --- flake.nix | 2 ++ hosts/elucredassa/default.nix | 31 +++++++++++++++++++++++++++++++ hosts/elucredassa/filesystems.nix | 23 +++++++++++++++++++++++ hosts/elucredassa/hardware.nix | 8 ++++++++ hosts/elucredassa/networking.nix | 15 +++++++++++++++ 5 files changed, 79 insertions(+) create mode 100644 hosts/elucredassa/default.nix create mode 100644 hosts/elucredassa/filesystems.nix create mode 100644 hosts/elucredassa/hardware.nix create mode 100644 hosts/elucredassa/networking.nix diff --git a/flake.nix b/flake.nix index 82bbf80..5579aa7 100644 --- a/flake.nix +++ b/flake.nix @@ -96,6 +96,7 @@ nodeNixpkgs = { kilgharrah = import nixpkgs { system = "x86_64-linux"; }; tohru = import nixpkgs { system = "x86_64-linux"; }; + elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; yevaud = import nixpkgs-small { system = "x86_64-linux"; }; orm = import nixpkgs-small { system = "x86_64-linux"; }; kalessin = import nixpkgs-small { system = "aarch64-linux"; }; @@ -130,6 +131,7 @@ kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; + elucredassa.imports = [ ./hosts/elucredassa ]; yevaud.imports = [ ./hosts/yevaud ]; orm.imports = [ ./hosts/orm ]; kalessin.imports = [ ./hosts/kalessin ]; diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix new file mode 100644 index 0000000..38da22d --- /dev/null +++ b/hosts/elucredassa/default.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + imports = [ + ./filesystems.nix + ./hardware.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + networking.hostName = "elucredassa"; + networking.hostId = "a8ec6755"; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.kernelModules = [ "kvm-intel" ]; + + qenya.base-server.enable = true; + + time.timeZone = "Europe/London"; # Etc/UTC? + i18n.defaultLocale = "en_GB.UTF-8"; + console.keyMap = "uk"; + services.xserver.xkb.layout = "gb"; + + fountain.users.qenya.enable = true; + users.users.qenya.extraGroups = [ "wheel" ]; + + system.stateVersion = "24.11"; +} diff --git a/hosts/elucredassa/filesystems.nix b/hosts/elucredassa/filesystems.nix new file mode 100644 index 0000000..12512ba --- /dev/null +++ b/hosts/elucredassa/filesystems.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd.luks.devices = { + "luks-rpool-elucredassa".device = "/dev/disk/by-uuid/5ece5b58-c57a-41ae-b086-03707c39c9a7"; + }; + + fileSystems = { + "/" = { + device = "rpool_elucredassa/root"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/disk/by-uuid/2519-E2D6"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + }; + + swapDevices = [ ]; # TODO: add + + boot.supportedFilesystems = [ "ntfs" ]; # for USB drives +} diff --git a/hosts/elucredassa/hardware.nix b/hosts/elucredassa/hardware.nix new file mode 100644 index 0000000..715ed4f --- /dev/null +++ b/hosts/elucredassa/hardware.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.enableAllFirmware = true; + hardware.cpu.intel.updateMicrocode = true; + services.fwupd.enable = true; +} + diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix new file mode 100644 index 0000000..ec88532 --- /dev/null +++ b/hosts/elucredassa/networking.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + systemd.network.enable = true; + networking.useDHCP = false; + + systemd.network.networks."10-wan" = { + matchConfig.Name = "enp1s0f1"; + networkConfig = { + DHCP = "ipv4"; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; +} From 30bdb5dd7f878f7449c1f020fb55f85c048466b0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 20 Jan 2025 18:39:36 +0000 Subject: [PATCH 304/438] elucredassa: set timezone to UTC --- hosts/elucredassa/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 38da22d..78f26b2 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -19,7 +19,6 @@ in qenya.base-server.enable = true; - time.timeZone = "Europe/London"; # Etc/UTC? i18n.defaultLocale = "en_GB.UTF-8"; console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; From c021f4dc3d43fd50ea9496877e76bb32a304fd3a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 20 Jan 2025 20:32:37 +0000 Subject: [PATCH 305/438] elucredassa: enable swap --- hosts/elucredassa/filesystems.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/elucredassa/filesystems.nix b/hosts/elucredassa/filesystems.nix index 12512ba..40de941 100644 --- a/hosts/elucredassa/filesystems.nix +++ b/hosts/elucredassa/filesystems.nix @@ -17,7 +17,7 @@ }; }; - swapDevices = [ ]; # TODO: add + swapDevices = [{ device = "/dev/disk/by-uuid/c7c48325-e90d-414d-b579-84cb45616ee9"; }]; boot.supportedFilesystems = [ "ntfs" ]; # for USB drives } From 0665be0db9c699f4b0e754e9ea276e146dfc4c12 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 13:59:21 +0000 Subject: [PATCH 306/438] elucredassa: don't sleep when lid shut --- hosts/elucredassa/hardware.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/hosts/elucredassa/hardware.nix b/hosts/elucredassa/hardware.nix index 715ed4f..aca6ddc 100644 --- a/hosts/elucredassa/hardware.nix +++ b/hosts/elucredassa/hardware.nix @@ -4,5 +4,8 @@ hardware.enableAllFirmware = true; hardware.cpu.intel.updateMicrocode = true; services.fwupd.enable = true; + + # this is an old laptop + services.logind.lidSwitch = "ignore"; } From 7fe71d559c6627bd029e3b08920e1c68110ae071 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 14:37:55 +0000 Subject: [PATCH 307/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41' (2024-08-10) → 'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c' (2025-01-15) • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=54c8b67a44ed58f92b6233934387b6e568151336' (2024-12-27) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=4e461f83a84aba32bdf640163375f1e31b699111' (2025-01-21) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/dfc28c64131d651a0b9c560b298c712d5a79c6a0?dir=pkgs/firefox-addons' (2025-01-08) → 'gitlab:rycee/nur-expressions/acdea85582887f189e7fb80e2f80e424a39f779f?dir=pkgs/firefox-addons' (2025-01-21) • Updated input 'home-manager': 'github:nix-community/home-manager/613691f285dad87694c2ba1c9e6298d04736292d' (2024-12-28) → 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/45bcdbc910dc5131943bb6f7edb156617898fd1a' (2025-01-08) → 'github:nix-community/home-manager/bb14224f51ae4caed12a7b26f245d042c8cf8553' (2025-01-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3f0a8ac25fb674611b98089ca3a5dd6480175751' (2025-01-06) → 'github:NixOS/nixpkgs/107d5ef05c0b1119749e381451389eded30fb0d5' (2025-01-19) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/aedc34a0abc375a413d16802ee5172b4247d20db' (2025-01-08) → 'github:NixOS/nixpkgs/6b90f6de986555ac39fc69c438d1192a397bf686' (2025-01-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/8f3e1f807051e32d8c95cd12b9b421623850a34d' (2025-01-04) → 'github:NixOS/nixpkgs/5df43628fdf08d642be8ba5b3625a6c70731c19c' (2025-01-16) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/da76b6311eb169eb526de6feeae7492283fe1f8b' (2025-01-08) → 'github:NixOS/nixpkgs/886a2858d36245806197fd8b836b4cc52fbb05b0' (2025-01-21) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/d16bbded0ae452bc088489e7dca3ef58d8d1830b' (2024-12-24) → 'github:nix-community/plasma-manager/a53af7f1514ef4cce8620a9d6a50f238cdedec8b' (2025-01-10) --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 153f9d0..2775b32 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1735268037, - "narHash": "sha256-NHIeROmQEF7XkzskWTSeGF3aQrEVoPOO6UHWf5chnuo=", + "lastModified": 1737470105, + "narHash": "sha256-m5wsHkRDsilv6hVYL4BLWM+Gn8MsQwvxIvhC18FH7Lo=", "ref": "main", - "rev": "54c8b67a44ed58f92b6233934387b6e568151336", - "revCount": 18, + "rev": "4e461f83a84aba32bdf640163375f1e31b699111", + "revCount": 19, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1736338081, - "narHash": "sha256-JplmG5RJcTOa7d/HikuTZHRyEEdGaiRuZGsP7ko84dU=", + "lastModified": 1737462887, + "narHash": "sha256-Zk6uEVkITFnBd+HFGa1hRzfcpEOer2h8GW9RmuwK1aM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "dfc28c64131d651a0b9c560b298c712d5a79c6a0", + "rev": "acdea85582887f189e7fb80e2f80e424a39f779f", "type": "gitlab" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1735344290, - "narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "613691f285dad87694c2ba1c9e6298d04736292d", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1736336279, - "narHash": "sha256-9Xp2X7ofKY4h39vUbd4coNambsG7Y/9axLFyTXaXOMU=", + "lastModified": 1737461688, + "narHash": "sha256-zQCFe5FcSSGzY3qauAAHZcPt7Ej4WSGo78ShSTCSBvU=", "owner": "nix-community", "repo": "home-manager", - "rev": "45bcdbc910dc5131943bb6f7edb156617898fd1a", + "rev": "bb14224f51ae4caed12a7b26f245d042c8cf8553", "type": "github" }, "original": { @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1736200483, - "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", + "lastModified": 1737299813, + "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", + "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1736326617, - "narHash": "sha256-FkhJpO0sDDJwrme4faEevh8Dbhw/Qj1qGrgPgLHaZ7w=", + "lastModified": 1737362405, + "narHash": "sha256-IT0B8bzp0JHYlMZ62qFdwKrj9zxdn3AEAsByXFWMcY4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aedc34a0abc375a413d16802ee5172b4247d20db", + "rev": "6b90f6de986555ac39fc69c438d1192a397bf686", "type": "github" }, "original": { @@ -284,11 +284,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1736012469, - "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", + "lastModified": 1737062831, + "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", + "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1736296779, - "narHash": "sha256-sCETZgHp3dS6TYMByR3bGjO5rwX6BpFx1bdCpULC8Og=", + "lastModified": 1737426311, + "narHash": "sha256-I1uGkQwTbesOTSlLsJA2mrCSGFTwn/pSvNW9IuPMMYE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da76b6311eb169eb526de6feeae7492283fe1f8b", + "rev": "886a2858d36245806197fd8b836b4cc52fbb05b0", "type": "github" }, "original": { @@ -324,11 +324,11 @@ ] }, "locked": { - "lastModified": 1735049224, - "narHash": "sha256-fWUd9kyXdepphJ7cCzOsuSo7l0kbFCkUqfgKqZyFZzE=", + "lastModified": 1736549395, + "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "d16bbded0ae452bc088489e7dca3ef58d8d1830b", + "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b", "type": "github" }, "original": { From c109d8e7e70857b5bf271cdeae2e3becec94651e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 17:59:23 +0000 Subject: [PATCH 308/438] kilgharrah: explicitly enable zfs userspace utils this has occasionally come in handy while shuffling drives around --- hosts/kilgharrah/filesystems.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/kilgharrah/filesystems.nix b/hosts/kilgharrah/filesystems.nix index dbafb05..9ebc758 100644 --- a/hosts/kilgharrah/filesystems.nix +++ b/hosts/kilgharrah/filesystems.nix @@ -89,5 +89,5 @@ # Other - boot.supportedFilesystems = [ "ntfs" ]; # for USB drives + boot.supportedFilesystems = [ "ntfs" "zfs" ]; } From 4788c84cd903cfe957a8984c2598bfcf8bf27d27 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 18:03:35 +0000 Subject: [PATCH 309/438] elucredassa: connect to birdsong --- hosts/elucredassa/networking.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix index ec88532..eb12218 100644 --- a/hosts/elucredassa/networking.nix +++ b/hosts/elucredassa/networking.nix @@ -12,4 +12,10 @@ }; linkConfig.RequiredForOnline = "routable"; }; + + birdsong.peering = { + enable = true; + privateKeyFile = "/etc/wireguard/privatekey"; + persistentKeepalive = 29; + }; } From 19561f0e699205d42b6f6ecc05e15efc67b74b22 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 19:51:25 +0000 Subject: [PATCH 310/438] nix: permit "insecure" electron-31 --- common/nix.nix | 8 ++++++++ home/qenya/packages.nix | 3 ++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/common/nix.nix b/common/nix.nix index b904568..3eb2193 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -9,4 +9,12 @@ }; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; + + # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability, + # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months. + # feishin's dev is going to be rewriting it without Electron (as "audioling"). + # modern software development was a mistake. + nixpkgs.config.permittedInsecurePackages = [ + "electron-31.7.7" + ]; } diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index c7cbec5..503cdab 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -10,7 +10,8 @@ in hexyl # like `xxd` but cooler tree # like `ls -R` but nicer units - zip unzip + zip + unzip # Extremely important fortune From 8f3b3adac118712e4d21dca142f761bb37950a26 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 21 Jan 2025 23:19:15 +0000 Subject: [PATCH 311/438] elucredassa: Get IPv6 connectivity through HE.net tunnel broker --- hosts/elucredassa/networking.nix | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix index eb12218..4aa71c1 100644 --- a/hosts/elucredassa/networking.nix +++ b/hosts/elucredassa/networking.nix @@ -3,16 +3,36 @@ { systemd.network.enable = true; networking.useDHCP = false; - + systemd.network.networks."10-wan" = { matchConfig.Name = "enp1s0f1"; networkConfig = { DHCP = "ipv4"; IPv6AcceptRA = true; + Tunnel = "sit-he-ipv6"; }; linkConfig.RequiredForOnline = "routable"; }; + systemd.network.netdevs."25-he-ipv6" = { + netdevConfig = { + Name = "sit-he-ipv6"; + Kind = "sit"; + Description = "Hurricane Electric IPv6 Tunnel"; + }; + + tunnelConfig = { + Remote = "216.66.88.98"; + TTL = 255; + }; + }; + + systemd.network.networks."25-he-ipv6" = { + matchConfig.Name = "sit-he-ipv6"; + networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ]; + routes = [{ Destination = [ "::/0" ]; }]; + }; + birdsong.peering = { enable = true; privateKeyFile = "/etc/wireguard/privatekey"; From 6c3a22566659f9ce708541c8031ae14fef6edf93 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 22 Jan 2025 00:27:30 +0000 Subject: [PATCH 312/438] flake: Add address for elucredassa --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 5579aa7..e2747bb 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,7 @@ ]; }; + elucredassa.deployment.targetHost = "10.127.3.2"; yevaud.deployment.targetHost = "yevaud.birdsong.network"; orm.deployment.targetHost = "orm.birdsong.network"; kalessin.deployment.targetHost = "kalessin.birdsong.network"; From 07c49c3d37828222037cb9a94068a2052d5df078 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 23 Jan 2025 14:24:39 +0000 Subject: [PATCH 313/438] elucredassa: Restrict WireGuard's MTU to fit through 6in4 tunnel Includes a workaround for https://github.com/NixOS/nixpkgs/issues/375960 --- hosts/elucredassa/networking.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix index 4aa71c1..6e7ace7 100644 --- a/hosts/elucredassa/networking.nix +++ b/hosts/elucredassa/networking.nix @@ -19,6 +19,7 @@ Name = "sit-he-ipv6"; Kind = "sit"; Description = "Hurricane Electric IPv6 Tunnel"; + MTUBytes = 1480; }; tunnelConfig = { @@ -38,4 +39,10 @@ privateKeyFile = "/etc/wireguard/privatekey"; persistentKeepalive = 29; }; + + # restricted to fit within the 6in4 tunnel + systemd.network.netdevs."30-birdsong".netdevConfig.MTUBytes = 1280; + # these two lines work around this bug: https://github.com/NixOS/nixpkgs/issues/375960 + systemd.network.netdevs."30-birdsong".netdevConfig.Kind = "wireguard"; + systemd.network.netdevs."30-birdsong".netdevConfig.Name = "wg-birdsong"; } From 716d10da361f93587c7b326e68fde354e4c1c238 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Feb 2025 15:32:03 +0000 Subject: [PATCH 314/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/acdea85582887f189e7fb80e2f80e424a39f779f?dir=pkgs/firefox-addons' (2025-01-21) → 'gitlab:rycee/nur-expressions/727fbb76627296cdeab0f2367930fb1f663b2113?dir=pkgs/firefox-addons' (2025-02-04) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/bb14224f51ae4caed12a7b26f245d042c8cf8553' (2025-01-21) → 'github:nix-community/home-manager/7abcf59a365430b36f84eaa452a466b11e469e33' (2025-02-04) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=96824d606a6656650bbe436366bc89d5ee3a6573' (2024-11-26) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba' (2025-01-18) • Updated input 'lix-module/flake-utils': 'github:numtide/flake-utils/c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a' (2024-09-17) → 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b' (2024-11-13) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?narHash=sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U%3D&rev=ad9d06f7838a25beec425ff406fe68721fef73be' (2024-10-19) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?narHash=sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g%3D&rev=2837da71ec1588c1187d2e554719b15904a46c8b' (2025-01-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/107d5ef05c0b1119749e381451389eded30fb0d5' (2025-01-19) → 'github:NixOS/nixpkgs/fecfeb86328381268e29e998ddd3ebc70bbd7f7c' (2025-02-03) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/6b90f6de986555ac39fc69c438d1192a397bf686' (2025-01-20) → 'github:NixOS/nixpkgs/11e2214d91f0d06ea8575087e3cd8e246c550bd8' (2025-02-04) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/5df43628fdf08d642be8ba5b3625a6c70731c19c' (2025-01-16) → 'github:NixOS/nixpkgs/c6e957d81b96751a3d5967a0fd73694f303cc914' (2025-02-03) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/886a2858d36245806197fd8b836b4cc52fbb05b0' (2025-01-21) → 'github:NixOS/nixpkgs/a1e849ff441fa1315afa27e1fd18c791f61de06b' (2025-02-04) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/dc1e0ac59b8c462aed7f37579e22912e83a21f97' (2025-01-08) → 'github:randomnetcat/nix-configs/efff66f0e1b27a4f0894d1cfde02d0892a9bfe9d' (2025-02-04) --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 2775b32..f9d3608 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1737462887, - "narHash": "sha256-Zk6uEVkITFnBd+HFGa1hRzfcpEOer2h8GW9RmuwK1aM=", + "lastModified": 1738641794, + "narHash": "sha256-MNnDZJuxMTXT1vGHQFSPJx9sJ56JjpjKulNsy01Cu8A=", "owner": "rycee", "repo": "nur-expressions", - "rev": "acdea85582887f189e7fb80e2f80e424a39f779f", + "rev": "727fbb76627296cdeab0f2367930fb1f663b2113", "type": "gitlab" }, "original": { @@ -143,11 +143,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1737461688, - "narHash": "sha256-zQCFe5FcSSGzY3qauAAHZcPt7Ej4WSGo78ShSTCSBvU=", + "lastModified": 1738667255, + "narHash": "sha256-sMMQb9NydZqQ/MvvtPp+Ny0W9P0Jk0moU7SrTBlO5Vo=", "owner": "nix-community", "repo": "home-manager", - "rev": "bb14224f51ae4caed12a7b26f245d042c8cf8553", + "rev": "7abcf59a365430b36f84eaa452a466b11e469e33", "type": "github" }, "original": { @@ -215,15 +215,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1729298361, - "narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=", - "rev": "ad9d06f7838a25beec425ff406fe68721fef73be", + "lastModified": 1737234286, + "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", + "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" } }, "lix-module": { @@ -236,11 +236,11 @@ ] }, "locked": { - "lastModified": 1732605668, - "narHash": "sha256-DN5/166jhiiAW0Uw6nueXaGTueVxhfZISAkoxasmz/g=", + "lastModified": 1737237494, + "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", "ref": "stable", - "rev": "96824d606a6656650bbe436366bc89d5ee3a6573", - "revCount": 113, + "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", + "revCount": 127, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737299813, - "narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=", + "lastModified": 1738574474, + "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "107d5ef05c0b1119749e381451389eded30fb0d5", + "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1737362405, - "narHash": "sha256-IT0B8bzp0JHYlMZ62qFdwKrj9zxdn3AEAsByXFWMcY4=", + "lastModified": 1738663689, + "narHash": "sha256-L9CwNfoGcvAUpPu6DSkhpdT4tczeWREJWj7ah0Q/qTE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6b90f6de986555ac39fc69c438d1192a397bf686", + "rev": "11e2214d91f0d06ea8575087e3cd8e246c550bd8", "type": "github" }, "original": { @@ -284,11 +284,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1738546358, + "narHash": "sha256-nLivjIygCiqLp5QcL7l56Tca/elVqM9FG1hGd9ZSsrg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "c6e957d81b96751a3d5967a0fd73694f303cc914", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1737426311, - "narHash": "sha256-I1uGkQwTbesOTSlLsJA2mrCSGFTwn/pSvNW9IuPMMYE=", + "lastModified": 1738667108, + "narHash": "sha256-dX80jcKirVDmu0vdX+ZD/eHJldqFGTfsuDYlHRT/wxM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "886a2858d36245806197fd8b836b4cc52fbb05b0", + "rev": "a1e849ff441fa1315afa27e1fd18c791f61de06b", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1736296691, - "narHash": "sha256-tJnBE+/jzSb7M81gTI37gDnQLVrzq9AKjHu2UWp/QXI=", + "lastModified": 1738629463, + "narHash": "sha256-9/5tMBd0+V1z5dLf9TzNnodeCuKKh1qELhubcgzhTp8=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "dc1e0ac59b8c462aed7f37579e22912e83a21f97", + "rev": "efff66f0e1b27a4f0894d1cfde02d0892a9bfe9d", "type": "github" }, "original": { From b04e6d131330941c3afad6bb33857f5589857e78 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Feb 2025 16:32:37 +0000 Subject: [PATCH 315/438] elucredassa, kilgharrah: set up remote builds for elucredassa --- hosts/elucredassa/default.nix | 6 ++++++ hosts/kilgharrah/default.nix | 1 + keys.nix | 1 + 3 files changed, 8 insertions(+) diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 78f26b2..925197e 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -23,6 +23,12 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + qenya.services.distributed-builds = { + enable = true; + keyFile = "/etc/ssh/ssh_host_ed25519_key"; + builders = [ "kilgharrah" ]; + }; + fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 63e6840..f9f4600 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -45,6 +45,7 @@ in keys.machines.yevaud keys.machines.orm keys.machines.tohru + keys.machines.elucredassa ]; }; diff --git a/keys.nix b/keys.nix index 73caca0..f3819ac 100644 --- a/keys.nix +++ b/keys.nix @@ -1,6 +1,7 @@ { machines = { kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; + elucredassa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; From 2d42894fa73dfcd83e0e3dc1e6c0644ff888a477 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Feb 2025 17:20:19 +0000 Subject: [PATCH 316/438] nix: add @wheel to trusted-users everywhere --- common/base-server/default.nix | 1 - common/nix.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/common/base-server/default.nix b/common/base-server/default.nix index 47a82fa..9e6125c 100644 --- a/common/base-server/default.nix +++ b/common/base-server/default.nix @@ -13,6 +13,5 @@ in # Allow remote deployment with colmena deployment.targetUser = null; security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = [ "@wheel" ]; }; } diff --git a/common/nix.nix b/common/nix.nix index 3eb2193..12ebcf7 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -9,6 +9,7 @@ }; nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; + nix.settings.trusted-users = [ "@wheel" ]; # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability, # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months. From 0c327b20ea4694a5f672085cab902b355b374a91 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Feb 2025 19:59:04 +0000 Subject: [PATCH 317/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=4e461f83a84aba32bdf640163375f1e31b699111' (2025-01-21) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=007130e869f1223713d588ba0f125c586ca13623' (2025-02-04) --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f9d3608..05f0477 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1737470105, - "narHash": "sha256-m5wsHkRDsilv6hVYL4BLWM+Gn8MsQwvxIvhC18FH7Lo=", + "lastModified": 1738699106, + "narHash": "sha256-pAe4pHn9OmVWBHdZOMQBO21mHnshOxQOaLu/mKycM6Q=", "ref": "main", - "rev": "4e461f83a84aba32bdf640163375f1e31b699111", - "revCount": 19, + "rev": "007130e869f1223713d588ba0f125c586ca13623", + "revCount": 20, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, From 3ec0a2fcb96f5ba4bb2f62751b830d79d2936cd5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 8 Feb 2025 03:04:57 +0000 Subject: [PATCH 318/438] orm, elucredassa: prototype backups for actual --- hosts/elucredassa/default.nix | 23 +++++++++++++++++++++++ hosts/orm/default.nix | 18 ++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 925197e..f80ffa6 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -23,6 +23,29 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; + # TODO: modularise this + randomcat.services.zfs.datasets = { + "rpool_elucredassa/backups" = { + mountpoint = "none"; + zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + }; + "rpool_elucredassa/backups/rpool_orm" = { mountpoint = "none"; }; + }; + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + "testing1" = { + source = "backup@10.127.1.2:rpool_orm/state"; + target = "rpool_elucredassa/backups/rpool_orm/state"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + extraArgs = [ "--debug" ]; + }; + }; + }; + qenya.services.distributed-builds = { enable = true; keyFile = "/etc/ssh/ssh_host_ed25519_key"; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 30f0d69..03472bf 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -30,6 +30,24 @@ useTemplate = [ "production" ]; recursive = "zfs"; }; + + # TODO: modularise this + randomcat.services.zfs.datasets."rpool_orm/state".zfsPermissions.users.backup = [ "hold" "send" ]; + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" + ]; + + # syncoid uses these if available but doesn't pull them in automatically + packages = with pkgs; [ + pkgs.mbuffer + pkgs.lzop + ]; + }; + users.groups.backup = { }; qenya.services.actual = { enable = true; From 1bdb16c788fa79440bcff793e204161e35120192 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 8 Feb 2025 03:45:17 +0000 Subject: [PATCH 319/438] orm, elucredassa: minor cleanup to backup prototype --- hosts/elucredassa/default.nix | 7 +++---- hosts/orm/default.nix | 7 +------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index f80ffa6..147af4d 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -25,11 +25,11 @@ in # TODO: modularise this randomcat.services.zfs.datasets = { - "rpool_elucredassa/backups" = { + "rpool_elucredassa/backup" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/orm" = { mountpoint = "none"; zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; }; - "rpool_elucredassa/backups/rpool_orm" = { mountpoint = "none"; }; }; services.syncoid = { enable = true; @@ -38,10 +38,9 @@ in commands = { "testing1" = { source = "backup@10.127.1.2:rpool_orm/state"; - target = "rpool_elucredassa/backups/rpool_orm/state"; + target = "rpool_elucredassa/backup/orm/state"; recursive = true; recvOptions = "ux recordsize o compression=lz4"; - extraArgs = [ "--debug" ]; }; }; }; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 03472bf..6f21b57 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -40,12 +40,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" ]; - - # syncoid uses these if available but doesn't pull them in automatically - packages = with pkgs; [ - pkgs.mbuffer - pkgs.lzop - ]; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically }; users.groups.backup = { }; From befc4ac6991e0cc234d2bdacb5a8378ba73ba3e5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 26 Feb 2025 02:36:18 +0000 Subject: [PATCH 320/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'actual': 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=8d04125d902637c54a6278cf8d10954b2ed95d61' (2025-01-07) → 'git+https://git.xeno.science/xenofem/actual-nix?ref=main&rev=f64adb78f15981d60af97e7aa691d2ebdf48ceaa' (2025-02-06) • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=007130e869f1223713d588ba0f125c586ca13623' (2025-02-04) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=a40220a4b977bc04cbe9e13ff5c667ed6f252677' (2025-02-05) • Updated input 'colmena': 'github:zhaofengli/colmena/a6b51f5feae9bfb145daa37fd0220595acb7871e' (2024-12-22) → 'github:zhaofengli/colmena/2370d4336eda2a9ef29fce10fa7076ae011983ab' (2025-02-18) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/727fbb76627296cdeab0f2367930fb1f663b2113?dir=pkgs/firefox-addons' (2025-02-04) → 'gitlab:rycee/nur-expressions/9a8a0914000e4453c99a4c12e9862a0a40075851?dir=pkgs/firefox-addons' (2025-02-22) • Updated input 'home-manager': 'github:nix-community/home-manager/bd65bc3cde04c16755955630b344bc9e35272c56' (2025-01-08) → 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/7abcf59a365430b36f84eaa452a466b11e469e33' (2025-02-04) → 'github:nix-community/home-manager/74f0a8546e3f2458c870cf90fc4b38ac1f498b17' (2025-02-25) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fecfeb86328381268e29e998ddd3ebc70bbd7f7c' (2025-02-03) → 'github:NixOS/nixpkgs/04ef94c4c1582fd485bbfdb8c4a8ba250e359195' (2025-02-23) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/11e2214d91f0d06ea8575087e3cd8e246c550bd8' (2025-02-04) → 'github:NixOS/nixpkgs/3133e42e3ef45fd6ae93da6e8ac337f6f3317b5a' (2025-02-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c6e957d81b96751a3d5967a0fd73694f303cc914' (2025-02-03) → 'github:NixOS/nixpkgs/0196c0175e9191c474c26ab5548db27ef5d34b05' (2025-02-24) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/a1e849ff441fa1315afa27e1fd18c791f61de06b' (2025-02-04) → 'github:NixOS/nixpkgs/d4d7eaf04bb369b178ad6eab68e356056aeaa952' (2025-02-25) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/a53af7f1514ef4cce8620a9d6a50f238cdedec8b' (2025-01-10) → 'github:nix-community/plasma-manager/1f3e1f38dedbbb8aad77e184fb54ec518e2d9522' (2025-02-14) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/efff66f0e1b27a4f0894d1cfde02d0892a9bfe9d' (2025-02-04) → 'github:randomnetcat/nix-configs/f6a2aa7f496bf225c8e5434382619a93b7c1cb20' (2025-02-26) --- flake.lock | 76 +++++++++++++++++++++++++++--------------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/flake.lock b/flake.lock index 05f0477..fcd48dc 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1736289976, - "narHash": "sha256-odJdL+x5vsCnehZ8U+wONBWX3x0QP+H6edsd026qXpc=", + "lastModified": 1738814288, + "narHash": "sha256-4WqR/ligsEvxcFOjui1dwquR8U327uGoBjdI5p0ey4A=", "ref": "main", - "rev": "8d04125d902637c54a6278cf8d10954b2ed95d61", - "revCount": 20, + "rev": "f64adb78f15981d60af97e7aa691d2ebdf48ceaa", + "revCount": 21, "type": "git", "url": "https://git.xeno.science/xenofem/actual-nix" }, @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1738699106, - "narHash": "sha256-pAe4pHn9OmVWBHdZOMQBO21mHnshOxQOaLu/mKycM6Q=", + "lastModified": 1738782723, + "narHash": "sha256-tQ8DZrB9pucCl0qOEzvqRBrrYS0f72Sxhf+jYJQV1eE=", "ref": "main", - "rev": "007130e869f1223713d588ba0f125c586ca13623", - "revCount": 20, + "rev": "a40220a4b977bc04cbe9e13ff5c667ed6f252677", + "revCount": 22, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, @@ -71,11 +71,11 @@ "stable": [] }, "locked": { - "lastModified": 1734897875, - "narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=", + "lastModified": 1739900653, + "narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=", "owner": "zhaofengli", "repo": "colmena", - "rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e", + "rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab", "type": "github" }, "original": { @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1738641794, - "narHash": "sha256-MNnDZJuxMTXT1vGHQFSPJx9sJ56JjpjKulNsy01Cu8A=", + "lastModified": 1740212040, + "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "727fbb76627296cdeab0f2367930fb1f663b2113", + "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", "type": "gitlab" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1736373539, - "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", + "lastModified": 1739757849, + "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", "owner": "nix-community", "repo": "home-manager", - "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", + "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", "type": "github" }, "original": { @@ -199,11 +199,11 @@ ] }, "locked": { - "lastModified": 1738667255, - "narHash": "sha256-sMMQb9NydZqQ/MvvtPp+Ny0W9P0Jk0moU7SrTBlO5Vo=", + "lastModified": 1740494361, + "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=", "owner": "nix-community", "repo": "home-manager", - "rev": "7abcf59a365430b36f84eaa452a466b11e469e33", + "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17", "type": "github" }, "original": { @@ -252,11 +252,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738574474, - "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=", + "lastModified": 1740339700, + "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fecfeb86328381268e29e998ddd3ebc70bbd7f7c", + "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", "type": "github" }, "original": { @@ -268,11 +268,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1738663689, - "narHash": "sha256-L9CwNfoGcvAUpPu6DSkhpdT4tczeWREJWj7ah0Q/qTE=", + "lastModified": 1740430871, + "narHash": "sha256-1uwOyQJdF2v1XR2JvNdGSLgxSt9zkNL298yGwiOimoc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "11e2214d91f0d06ea8575087e3cd8e246c550bd8", + "rev": "3133e42e3ef45fd6ae93da6e8ac337f6f3317b5a", "type": "github" }, "original": { @@ -284,11 +284,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1738546358, - "narHash": "sha256-nLivjIygCiqLp5QcL7l56Tca/elVqM9FG1hGd9ZSsrg=", + "lastModified": 1740367490, + "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c6e957d81b96751a3d5967a0fd73694f303cc914", + "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", "type": "github" }, "original": { @@ -300,11 +300,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1738667108, - "narHash": "sha256-dX80jcKirVDmu0vdX+ZD/eHJldqFGTfsuDYlHRT/wxM=", + "lastModified": 1740500346, + "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a1e849ff441fa1315afa27e1fd18c791f61de06b", + "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952", "type": "github" }, "original": { @@ -324,11 +324,11 @@ ] }, "locked": { - "lastModified": 1736549395, - "narHash": "sha256-XzwkB62Tt5UYoL1jXiHzgk/qz2fUpGHExcSIbyGTtI0=", + "lastModified": 1739557722, + "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "a53af7f1514ef4cce8620a9d6a50f238cdedec8b", + "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", "type": "github" }, "original": { @@ -340,11 +340,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1738629463, - "narHash": "sha256-9/5tMBd0+V1z5dLf9TzNnodeCuKKh1qELhubcgzhTp8=", + "lastModified": 1740530339, + "narHash": "sha256-dg2gAojfTMEdnCV7umOU8QtK7Yo8ioeZdGQ+LpkUzTA=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "efff66f0e1b27a4f0894d1cfde02d0892a9bfe9d", + "rev": "f6a2aa7f496bf225c8e5434382619a93b7c1cb20", "type": "github" }, "original": { From 8e4b0d26b35dd3652cdbfaa2a1524c30b6ef9369 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 26 Feb 2025 11:07:21 +0000 Subject: [PATCH 321/438] qenya/vscode: settings for python formatting and linting --- home/qenya/vscode.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 91e7897..ac27f60 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -11,11 +11,14 @@ in enableUpdateCheck = false; package = pkgs.vscodium; extensions = with pkgs.vscode-extensions; [ + charliermarsh.ruff dbaeumer.vscode-eslint eamodio.gitlens golang.go jdinhlife.gruvbox jnoortheen.nix-ide + matangover.mypy + ms-python.black-formatter ms-python.python ]; mutableExtensionsDir = false; @@ -56,6 +59,18 @@ in "formatting.gofumpt" = true; "ui.semanticTokens" = true; }; + + "[python]" = { + "editor.defaultFormatter" = "ms-python.black-formatter"; + "editor.formatOnSave" = true; + "editor.codeActionsOnSave" = { + "source.fixAll" = "explicit"; + "source.organizeImports" = "explicit"; + }; + }; + "ruff.nativeServer" = "on"; + "ruff.path" = "${pkgs.ruff}/bin/ruff"; + "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; }; }; } From 17402985b68c86e4dd530ab060ffdabc7ceb8303 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 26 Feb 2025 11:07:53 +0000 Subject: [PATCH 322/438] qenya/zsh: use direnv to load local dev shells --- .envrc | 1 + home/qenya/zsh.nix | 12 ++---------- 2 files changed, 3 insertions(+), 10 deletions(-) create mode 100644 .envrc diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..4a4726a --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use_nix diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix index 0d8ecc2..b3c0465 100644 --- a/home/qenya/zsh.nix +++ b/home/qenya/zsh.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: { + home.packages = with pkgs; [ direnv ]; programs.zsh = { enable = true; enableCompletion = true; @@ -26,19 +27,10 @@ oh-my-zsh = { enable = true; - plugins = [ "git" "sudo" ]; + plugins = [ "git" "sudo" "direnv" ]; theme = "agnoster"; }; - initExtra = '' - # If a shell is started in a directory with a shell.nix, automatically run nix-shell - if [ -f ./shell.nix ]; then - if [ -z "$IN_NIX_SHELL" ]; then - nix-shell --command "zsh" - fi - fi - ''; - envExtra = '' DEFAULT_USER=qenya ''; From a700ee24457a119fc23a5e333684b71341d6b2b7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 26 Feb 2025 20:29:46 +0000 Subject: [PATCH 323/438] flake: Use flake-parts to define devShells cross-system --- flake.lock | 31 +++++++++++ flake.nix | 151 +++++++++++++++++++++++++++-------------------------- 2 files changed, 108 insertions(+), 74 deletions(-) diff --git a/flake.lock b/flake.lock index fcd48dc..b208f1a 100644 --- a/flake.lock +++ b/flake.lock @@ -108,6 +108,24 @@ "type": "gitlab" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1738453229, + "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1659877975, @@ -266,6 +284,18 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1738452942, + "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + } + }, "nixpkgs-small": { "locked": { "lastModified": 1740430871, @@ -360,6 +390,7 @@ "birdsong": "birdsong", "colmena": "colmena", "firefox-addons": "firefox-addons", + "flake-parts": "flake-parts", "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", "lix-module": "lix-module", diff --git a/flake.nix b/flake.nix index e2747bb..9b33c44 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,8 @@ inputs.home-manager.follows = "home-manager-unstable"; }; + flake-parts.url = "github:hercules-ci/flake-parts"; + agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -66,90 +68,91 @@ }; }; - outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, colmena, ... }: { - nixosConfigurations = self.outputs.colmenaHive.nodes; - colmenaHive = colmena.lib.makeHive self.outputs.colmena; + outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, flake-parts, colmena, ... }: + flake-parts.lib.mkFlake { inherit inputs; } { + imports = [ ]; - # The name of this output type is not standardised. I have picked - # "homeManagerModules" as the discussion here suggests it's the most common: - # https://github.com/nix-community/home-manager/issues/1783 - # - # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": - # https://github.com/NixOS/nix/pull/10858 - homeManagerModules = { - "qenya".imports = [ - inputs.plasma-manager.homeManagerModules.plasma-manager - ./home/qenya - ]; + systems = [ "x86_64-linux" "aarch64-linux" ]; - "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; - }; - - colmena = { - meta = { - nixpkgs = import nixpkgs-unstable { - system = "x86_64-linux"; - overlays = [ - inputs.lix-module.overlays.default + perSystem = { pkgs, system, ... }: { + devShells.default = pkgs.mkShell { + packages = [ + inputs.colmena.packages.${system}.colmena + inputs.agenix.packages.${system}.default + inputs.plasma-manager.packages.${system}.rc2nix ]; }; - nodeNixpkgs = { - kilgharrah = import nixpkgs { system = "x86_64-linux"; }; - tohru = import nixpkgs { system = "x86_64-linux"; }; - elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; - yevaud = import nixpkgs-small { system = "x86_64-linux"; }; - orm = import nixpkgs-small { system = "x86_64-linux"; }; - kalessin = import nixpkgs-small { system = "aarch64-linux"; }; - }; - specialArgs = { - inherit self; - inherit inputs; - }; }; - defaults = { config, lib, pkgs, ... }: { - # disable remote deployment by default - # (can stil build locally with nixos-rebuild) - deployment.targetHost = lib.mkDefault null; - deployment.buildOnTarget = lib.mkDefault true; + flake.nixosConfigurations = self.outputs.colmenaHive.nodes; + flake.colmenaHive = colmena.lib.makeHive self.outputs.colmena; - imports = [ - inputs.lix-module.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.agenix.nixosModules.default - inputs.birdsong.nixosModules.default - inputs.actual.nixosModules.default - ./common - ./services - (builtins.toPath "${inputs.randomcat}/services/default.nix") + # The name of this output type is not standardised. I have picked + # "homeManagerModules" as the discussion here suggests it's the most common: + # https://github.com/nix-community/home-manager/issues/1783 + # + # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": + # https://github.com/NixOS/nix/pull/10858 + flake.homeManagerModules = { + "qenya".imports = [ + inputs.plasma-manager.homeManagerModules.plasma-manager + ./home/qenya ]; + + "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; }; - elucredassa.deployment.targetHost = "10.127.3.2"; - yevaud.deployment.targetHost = "yevaud.birdsong.network"; - orm.deployment.targetHost = "orm.birdsong.network"; - kalessin.deployment.targetHost = "kalessin.birdsong.network"; + flake.colmena = { + meta = { + nixpkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + overlays = [ + inputs.lix-module.overlays.default + ]; + }; + nodeNixpkgs = { + kilgharrah = import nixpkgs { system = "x86_64-linux"; }; + tohru = import nixpkgs { system = "x86_64-linux"; }; + elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; + yevaud = import nixpkgs-small { system = "x86_64-linux"; }; + orm = import nixpkgs-small { system = "x86_64-linux"; }; + kalessin = import nixpkgs-small { system = "aarch64-linux"; }; + }; + specialArgs = { + inherit self; + inherit inputs; + }; + }; - kilgharrah.imports = [ ./hosts/kilgharrah ]; - tohru.imports = [ ./hosts/tohru ]; - elucredassa.imports = [ ./hosts/elucredassa ]; - yevaud.imports = [ ./hosts/yevaud ]; - orm.imports = [ ./hosts/orm ]; - kalessin.imports = [ ./hosts/kalessin ]; + defaults = { config, lib, pkgs, ... }: { + # disable remote deployment by default + # (can stil build locally with nixos-rebuild) + deployment.targetHost = lib.mkDefault null; + deployment.buildOnTarget = lib.mkDefault true; + + imports = [ + inputs.lix-module.nixosModules.default + inputs.home-manager.nixosModules.home-manager + inputs.agenix.nixosModules.default + inputs.birdsong.nixosModules.default + inputs.actual.nixosModules.default + ./common + ./services + (builtins.toPath "${inputs.randomcat}/services/default.nix") + ]; + }; + + elucredassa.deployment.targetHost = "10.127.3.2"; + yevaud.deployment.targetHost = "yevaud.birdsong.network"; + orm.deployment.targetHost = "orm.birdsong.network"; + kalessin.deployment.targetHost = "kalessin.birdsong.network"; + + kilgharrah.imports = [ ./hosts/kilgharrah ]; + tohru.imports = [ ./hosts/tohru ]; + elucredassa.imports = [ ./hosts/elucredassa ]; + yevaud.imports = [ ./hosts/yevaud ]; + orm.imports = [ ./hosts/orm ]; + kalessin.imports = [ ./hosts/kalessin ]; + }; }; - - # TODO: have this work on other systems too - devShells."x86_64-linux".default = - let - system = "x86_64-linux"; - pkgs = import nixpkgs { inherit system; }; - in - pkgs.mkShell { - packages = [ - inputs.colmena.packages.${system}.colmena - inputs.agenix.packages.${system}.default - inputs.plasma-manager.packages.${system}.rc2nix - ]; - }; - }; } From c70b2878900a37c649cef3101ed56fafbfd65b57 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 3 Mar 2025 19:54:32 +0000 Subject: [PATCH 324/438] treewide: define fqdn, use as default deployment target host --- flake.nix | 11 ++++------- hosts/kalessin/default.nix | 1 + hosts/orm/default.nix | 1 + hosts/yevaud/default.nix | 1 + 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.nix b/flake.nix index 9b33c44..3862525 100644 --- a/flake.nix +++ b/flake.nix @@ -125,9 +125,7 @@ }; defaults = { config, lib, pkgs, ... }: { - # disable remote deployment by default - # (can stil build locally with nixos-rebuild) - deployment.targetHost = lib.mkDefault null; + deployment.targetHost = lib.mkDefault config.networking.fqdn; deployment.buildOnTarget = lib.mkDefault true; imports = [ @@ -142,10 +140,9 @@ ]; }; - elucredassa.deployment.targetHost = "10.127.3.2"; - yevaud.deployment.targetHost = "yevaud.birdsong.network"; - orm.deployment.targetHost = "orm.birdsong.network"; - kalessin.deployment.targetHost = "kalessin.birdsong.network"; + kilgharrah.deployment.targetHost = null; # disable remote deployment + tohru.deployment.targetHost = null; # disable remote deployment + elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet kilgharrah.imports = [ ./hosts/kilgharrah ]; tohru.imports = [ ./hosts/tohru ]; diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 858faff..a26ad8b 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -12,6 +12,7 @@ in nixpkgs.hostPlatform = "aarch64-linux"; networking.hostName = "kalessin"; networking.hostId = "534b538e"; + networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 6f21b57..c892c20 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -9,6 +9,7 @@ nixpkgs.hostPlatform = "x86_64-linux"; networking.hostName = "orm"; networking.hostId = "00000000"; + networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index a54c58f..84a2e2e 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -13,6 +13,7 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking.hostName = "yevaud"; networking.hostId = "09673d65"; + networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; users.users.qenya.extraGroups = [ "wheel" ]; From 691c180ac1d38548da65be7e76c98e42bf7b1a95 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 3 Mar 2025 21:26:32 +0000 Subject: [PATCH 325/438] flake: define flake-parts options for colmena This allows us to define options on the top level, so that we can write modules to generate config for multiple hosts. Idea from https://git.lix.systems/the-distro/infra/commit/1c515145867c3e281921794151671b654cd63944 --- flake.nix | 2 +- flake/colmena.nix | 19 +++++++++++++++++++ flake/default.nix | 5 +++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 flake/colmena.nix create mode 100644 flake/default.nix diff --git a/flake.nix b/flake.nix index 3862525..307a812 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,7 @@ outputs = inputs@{ self, nixpkgs, nixpkgs-small, nixpkgs-unstable, flake-parts, colmena, ... }: flake-parts.lib.mkFlake { inherit inputs; } { - imports = [ ]; + imports = [ ./flake ]; systems = [ "x86_64-linux" "aarch64-linux" ]; diff --git a/flake/colmena.nix b/flake/colmena.nix new file mode 100644 index 0000000..1679e17 --- /dev/null +++ b/flake/colmena.nix @@ -0,0 +1,19 @@ +# https://git.lix.systems/the-distro/infra/src/commit/fbb23bf517206175764f154ddfd304b9ec501f87/colmena.nix +{ lib, ... }: { + options.flake.colmena = lib.mkOption { + type = lib.types.submodule { + freeformType = lib.types.attrsOf (lib.mkOptionType { + name = "NixOS module"; + description = "module containing NixOS options and/or config"; + descriptionClass = "noun"; + check = value: builtins.isAttrs value || builtins.isFunction value || builtins.isPath value; + merge = loc: defs: { + imports = map (def: def.value) defs; + }; + }); + options.meta = lib.mkOption { + type = lib.types.attrs; + }; + }; + }; +} diff --git a/flake/default.nix b/flake/default.nix new file mode 100644 index 0000000..65b028d --- /dev/null +++ b/flake/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./colmena.nix + ]; +} From fefc7bd20db473db1104150f2631b365ffaeb159 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 14:43:03 +0000 Subject: [PATCH 326/438] backup: init as a reusable module --- flake.nix | 15 ++++ flake/backup.nix | 126 ++++++++++++++++++++++++++++++++++ flake/default.nix | 1 + hosts/elucredassa/default.nix | 20 +----- hosts/orm/default.nix | 13 ---- 5 files changed, 144 insertions(+), 31 deletions(-) create mode 100644 flake/backup.nix diff --git a/flake.nix b/flake.nix index 307a812..5562b16 100644 --- a/flake.nix +++ b/flake.nix @@ -102,6 +102,21 @@ "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; }; + fountain.backup = { + keys = { + elucredassa = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" ]; + }; + sync = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + }; + }; + flake.colmena = { meta = { nixpkgs = import nixpkgs-unstable { diff --git a/flake/backup.nix b/flake/backup.nix new file mode 100644 index 0000000..30bc5bc --- /dev/null +++ b/flake/backup.nix @@ -0,0 +1,126 @@ +{ config, lib, pkgs, ... }: +let + cfg = config.fountain.backup; + + syncOptions = { + dataset = lib.mkOption { + type = lib.types.str; + description = '' + The name of the dataset to be synced (not including its parent + datasets, if any). This will be the same on the source and target. + It must already exist on the source, defined with the + {option}`randomcat.services.zfs` module, and not exist on the target. + ''; + }; + sourceHost = lib.mkOption { + type = lib.types.str; + description = '' + The host from which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + targetHost = lib.mkOption { + type = lib.types.str; + description = '' + The host to which the dataset should be synced. Must be an entry in + {option}`flake.colmena`. + ''; + }; + source = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the source host, + excluding the component that is the name of the dataset itself. + ''; + }; + target = lib.mkOption { + type = lib.types.str; + description = '' + The path to the synced dataset in the ZFS namespace on the target host, + excluding the component that is the name of the dataset itself. It must + already exist, defined with the {option}`randomcat.services.zfs` + module. + ''; + }; + }; +in +{ + options.fountain.backup = { + keys = lib.mkOption { + type = lib.types.attrsOf (lib.types.listOf lib.types.singleLineStr); + default = { }; + description = '' + Lists of verbatim OpenSSH public keys that may be used to identify the + syncoid user on each target host. The key to each list must be the + host's hostname, as listed in {option}`flake.colmena`. + ''; + example = { + host = [ "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" ]; + bar = [ "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" ]; + }; + }; + + sync = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { options = syncOptions; }); + default = { }; + description = '' + Details of ZFS datasets whose snapshots should be synced from machine + to machine using syncoid. Syncoid will run hourly at 15 past the hour + and copy all ZFS snapshots from the source dataset to the target + dataset (recursing into child datasets). + + See descriptions for the individual options for more details. The name + of each attribute in this set is arbitrary and used to generate systemd + unit names. + + This module does not actually cause snapshots to be taken; sanoid must + be configured separately to do this. + ''; + example = { + "orm-state" = { + dataset = "state"; + sourceHost = "orm"; + targetHost = "elucredassa"; + source = "rpool_orm"; + target = "rpool_elucredassa/backup/orm"; + }; + }; + }; + }; + + # TODO: add some assertions to verify the options + + config.flake.colmena = lib.mkMerge (lib.mapAttrsToList + (name: sync: { + ${sync.sourceHost} = { pkgs, ... }: { + randomcat.services.zfs.datasets."${sync.source}/${sync.dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = cfg.keys.${sync.targetHost}; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically + }; + users.groups.backup = { }; + }; + + ${sync.targetHost} = { + randomcat.services.zfs.datasets."${sync.target}".zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + ${name} = { + source = "backup@${config.flake.nixosConfigurations.${sync.sourceHost}.config.networking.fqdn}:${sync.source}/${sync.dataset}"; + target = "${sync.target}/${sync.dataset}"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + }; + }; + }; + }; + }) + cfg.sync + ); +} diff --git a/flake/default.nix b/flake/default.nix index 65b028d..b567fab 100644 --- a/flake/default.nix +++ b/flake/default.nix @@ -1,5 +1,6 @@ { imports = [ + ./backup.nix ./colmena.nix ]; } diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 147af4d..23c5421 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -23,26 +23,10 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; - # TODO: modularise this + # These are populated by fountain.backup randomcat.services.zfs.datasets = { "rpool_elucredassa/backup" = { mountpoint = "none"; }; - "rpool_elucredassa/backup/orm" = { - mountpoint = "none"; - zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; - }; - }; - services.syncoid = { - enable = true; - interval = "*-*-* *:15:00"; - commonArgs = [ "--no-sync-snap" ]; - commands = { - "testing1" = { - source = "backup@10.127.1.2:rpool_orm/state"; - target = "rpool_elucredassa/backup/orm/state"; - recursive = true; - recvOptions = "ux recordsize o compression=lz4"; - }; - }; + "rpool_elucredassa/backup/orm" = { mountpoint = "none"; }; }; qenya.services.distributed-builds = { diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index c892c20..0db3632 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -31,19 +31,6 @@ useTemplate = [ "production" ]; recursive = "zfs"; }; - - # TODO: modularise this - randomcat.services.zfs.datasets."rpool_orm/state".zfsPermissions.users.backup = [ "hold" "send" ]; - users.users.backup = { - group = "backup"; - isSystemUser = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFa3hjej6KGmS2aQ4s46Y7U8pN4yyR2FuMofpHRwXNk syncoid@elucredassa" - ]; - packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically - }; - users.groups.backup = { }; qenya.services.actual = { enable = true; From 373bd88e1bf84e44c485969b68b7e8873ffe9099 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 18:12:44 +0000 Subject: [PATCH 327/438] backup: hoist variable definitions, add source to target's knownHosts --- flake/backup.nix | 64 ++++++++++++++++++++++++++++-------------------- 1 file changed, 38 insertions(+), 26 deletions(-) diff --git a/flake/backup.nix b/flake/backup.nix index 30bc5bc..dddda69 100644 --- a/flake/backup.nix +++ b/flake/backup.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let cfg = config.fountain.backup; + keys = import ../keys.nix; syncOptions = { dataset = lib.mkOption { @@ -91,36 +92,47 @@ in # TODO: add some assertions to verify the options config.flake.colmena = lib.mkMerge (lib.mapAttrsToList - (name: sync: { - ${sync.sourceHost} = { pkgs, ... }: { - randomcat.services.zfs.datasets."${sync.source}/${sync.dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; - users.users.backup = { - group = "backup"; - isSystemUser = true; - useDefaultShell = true; - openssh.authorizedKeys.keys = cfg.keys.${sync.targetHost}; - packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically - }; - users.groups.backup = { }; - }; + (name: sync: + let + inherit (sync) dataset sourceHost targetHost source target; + # TODO: don't want to have to dig into the node config for the fqdn + sourceFqdn = config.flake.nixosConfigurations.${sourceHost}.config.networking.fqdn; + in + { + ${sourceHost} = { pkgs, ... }: { + randomcat.services.zfs.datasets."${source}/${dataset}".zfsPermissions.users.backup = [ "hold" "send" ]; - ${sync.targetHost} = { - randomcat.services.zfs.datasets."${sync.target}".zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; - services.syncoid = { - enable = true; - interval = "*-*-* *:15:00"; - commonArgs = [ "--no-sync-snap" ]; - commands = { - ${name} = { - source = "backup@${config.flake.nixosConfigurations.${sync.sourceHost}.config.networking.fqdn}:${sync.source}/${sync.dataset}"; - target = "${sync.target}/${sync.dataset}"; - recursive = true; - recvOptions = "ux recordsize o compression=lz4"; + users.users.backup = { + group = "backup"; + isSystemUser = true; + useDefaultShell = true; + openssh.authorizedKeys.keys = cfg.keys.${targetHost}; + packages = with pkgs; [ mbuffer lzop ]; # syncoid uses these if available but doesn't pull them in automatically + }; + users.groups.backup = { }; + }; + + ${targetHost} = { + randomcat.services.zfs.datasets.${target}.zfsPermissions.users.syncoid = [ "mount" "create" "receive" "recordsize" ]; + + services.syncoid = { + enable = true; + interval = "*-*-* *:15:00"; + commonArgs = [ "--no-sync-snap" ]; + commands = { + ${name} = { + source = "backup@${sourceFqdn}:${source}/${dataset}"; + target = "${target}/${dataset}"; + recursive = true; + recvOptions = "ux recordsize o compression=lz4"; + }; }; }; + + # TODO: this should be handled by a networking module + programs.ssh.knownHosts.${sourceFqdn}.publicKey = keys.machines.${sourceHost}; }; - }; - }) + }) cfg.sync ); } From d36c87220ba4399eaa3bb3514f7570c0cdcdd8d0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:44:50 +0000 Subject: [PATCH 328/438] orm: don't snapshot the empty root dataset for /var/lib --- hosts/orm/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 0db3632..f4daa02 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -30,6 +30,7 @@ services.sanoid.datasets."rpool_orm/state" = { useTemplate = [ "production" ]; recursive = "zfs"; + process_children_only = true; }; qenya.services.actual = { From 86f77d2564c2ffbe9bf3978ad043f7d7979b9286 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:45:03 +0000 Subject: [PATCH 329/438] kalessin: add new state dataset --- flake.nix | 7 +++++++ hosts/kalessin/default.nix | 10 ++++++++++ 2 files changed, 17 insertions(+) diff --git a/flake.nix b/flake.nix index 5562b16..4b3c089 100644 --- a/flake.nix +++ b/flake.nix @@ -114,6 +114,13 @@ source = "rpool_orm"; target = "rpool_elucredassa/backup/orm"; }; + "kalessin-state" = { + dataset = "state"; + sourceHost = "kalessin"; + targetHost = "elucredassa"; + source = "rpool_kalessin"; + target = "rpool_elucredassa/backup/kalessin"; + }; }; }; diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a26ad8b..473f587 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -26,5 +26,15 @@ in authorizedKeys.keys = [ ]; }; + randomcat.services.zfs.datasets = { + "rpool_kalessin/state" = { mountpoint = "none"; }; + }; + + services.sanoid.datasets."rpool_kalessin/state" = { + useTemplate = [ "production" ]; + recursive = "zfs"; + process_children_only = true; + }; + system.stateVersion = "23.11"; } From 9760d4d3bc40ec83956844ba127696f22151a5a3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 4 Mar 2025 19:46:37 +0000 Subject: [PATCH 330/438] actual: hardcode domain --- hosts/orm/default.nix | 5 +---- services/actual.nix | 8 +++----- 2 files changed, 4 insertions(+), 9 deletions(-) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index f4daa02..5ee04f6 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -33,10 +33,7 @@ process_children_only = true; }; - qenya.services.actual = { - enable = true; - domain = "actual.qenya.tel"; - }; + qenya.services.actual.enable = true; system.stateVersion = "23.11"; } diff --git a/services/actual.nix b/services/actual.nix index c78e2ff..d5a1599 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -3,20 +3,18 @@ with lib; let cfg = config.qenya.services.actual; + domain = "actual.qenya.tel"; in { options.qenya.services.actual = { - enable = mkEnableOption "Actual"; - domain = mkOption { - type = types.str; - }; + enable = mkEnableOption "Actual Budget"; }; config = mkIf cfg.enable { services.nginx = { enable = true; virtualHosts = { - ${cfg.domain} = { + ${domain} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://127.0.0.1:5006/"; From 789324923be16ecf84c206d640e863a3f2e22a13 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Mar 2025 22:02:34 +0000 Subject: [PATCH 331/438] orm: install postgres --- hosts/orm/default.nix | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 5ee04f6..a61d998 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -25,6 +25,7 @@ randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; + "rpool_orm/state/postgresql" = { mountpoint = "/var/lib/postgresql"; }; }; services.sanoid.datasets."rpool_orm/state" = { @@ -33,6 +34,27 @@ process_children_only = true; }; + services.postgresql = { + enable = true; + package = pkgs.postgresql_17; + dataDir = "/var/lib/postgresql/17"; + # managing imperatively instead of using ensureDatabases/ensureUsers + + enableTCPIP = true; + settings = { + port = 5432; + ssl = true; + }; + # only allow remote connections from within birdsong vpn + # TODO: don't hardcode the IP addresses + authentication = pkgs.lib.mkOverride 10 '' + #type database DBuser auth-method + host sameuser all 10.127.0.0/16 scram-sha-256 + host sameuser all fd70:81ca:f8f::/48 scram-sha-256 + ''; + }; + networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ]; + qenya.services.actual.enable = true; system.stateVersion = "23.11"; From 00ce03ae11241b5ab736e90f16fb994842aae273 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Mar 2025 22:06:20 +0000 Subject: [PATCH 332/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/9a8a0914000e4453c99a4c12e9862a0a40075851?dir=pkgs/firefox-addons' (2025-02-22) → 'gitlab:rycee/nur-expressions/0b95936d94ea2a3ce66538f299351cf0b491aa15?dir=pkgs/firefox-addons' (2025-03-07) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/32ea77a06711b758da0ad9bd6a844c5740a87abd' (2025-02-01) → 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) • Updated input 'flake-parts/nixpkgs-lib': 'https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz?narHash=sha256-vJzFZGaCpnmo7I6i416HaBLpC%2BhvcURh/BQwROcGIp8%3D' (2025-02-01) → 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/74f0a8546e3f2458c870cf90fc4b38ac1f498b17' (2025-02-25) → 'github:nix-community/home-manager/95711f926676018d279ba09fe7530d03b5d5b3e2' (2025-03-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/04ef94c4c1582fd485bbfdb8c4a8ba250e359195' (2025-02-23) → 'github:NixOS/nixpkgs/20755fa05115c84be00b04690630cb38f0a203ad' (2025-03-07) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/3133e42e3ef45fd6ae93da6e8ac337f6f3317b5a' (2025-02-24) → 'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/0196c0175e9191c474c26ab5548db27ef5d34b05' (2025-02-24) → 'github:NixOS/nixpkgs/10069ef4cf863633f57238f179a0297de84bd8d3' (2025-03-06) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/d4d7eaf04bb369b178ad6eab68e356056aeaa952' (2025-02-25) → 'github:NixOS/nixpkgs/f104cca31ba6c0403b678ad9428726476b503782' (2025-03-07) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/1f3e1f38dedbbb8aad77e184fb54ec518e2d9522' (2025-02-14) → 'github:nix-community/plasma-manager/5eeb0172fb74392053b66a8149e61b5e191b2845' (2025-02-26) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/f6a2aa7f496bf225c8e5434382619a93b7c1cb20' (2025-02-26) → 'github:randomnetcat/nix-configs/814314b94a4d44197d2708d4b48d9df1d14892e2' (2025-03-07) --- flake.lock | 69 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index b208f1a..5d05a00 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1740212040, - "narHash": "sha256-Gpvn9Z+ZgKPyb6qaAbahLbo6ZVj7VuLzSCmHZRvsACA=", + "lastModified": 1741379467, + "narHash": "sha256-f314Ke28BGoVh4TK8FCzlPZgOl+oV7PvLyPF++ln9M4=", "owner": "rycee", "repo": "nur-expressions", - "rev": "9a8a0914000e4453c99a4c12e9862a0a40075851", + "rev": "0b95936d94ea2a3ce66538f299351cf0b491aa15", "type": "gitlab" }, "original": { @@ -113,11 +113,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1741352980, + "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", "type": "github" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1740494361, - "narHash": "sha256-Dd/GhJ9qKmUwuhgt/PAROG8J6YdU2ZjtJI9SQX5sVQI=", + "lastModified": 1741378606, + "narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=", "owner": "nix-community", "repo": "home-manager", - "rev": "74f0a8546e3f2458c870cf90fc4b38ac1f498b17", + "rev": "95711f926676018d279ba09fe7530d03b5d5b3e2", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1740339700, - "narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=", + "lastModified": 1741332913, + "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195", + "rev": "20755fa05115c84be00b04690630cb38f0a203ad", "type": "github" }, "original": { @@ -286,23 +286,26 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1738452942, - "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "lastModified": 1740877520, + "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "type": "github" }, "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" } }, "nixpkgs-small": { "locked": { - "lastModified": 1740430871, - "narHash": "sha256-1uwOyQJdF2v1XR2JvNdGSLgxSt9zkNL298yGwiOimoc=", + "lastModified": 1741318725, + "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3133e42e3ef45fd6ae93da6e8ac337f6f3317b5a", + "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", "type": "github" }, "original": { @@ -314,11 +317,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1740367490, - "narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=", + "lastModified": 1741246872, + "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0196c0175e9191c474c26ab5548db27ef5d34b05", + "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", "type": "github" }, "original": { @@ -330,11 +333,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1740500346, - "narHash": "sha256-4fO8s2ptZODefFbdyCuxR3MaqZs7U9A+Q1wak0SkJ4o=", + "lastModified": 1741323510, + "narHash": "sha256-zQL0iErtVTxywxyWc7ajRmRNCncny95uD+2wmBHYOzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d4d7eaf04bb369b178ad6eab68e356056aeaa952", + "rev": "f104cca31ba6c0403b678ad9428726476b503782", "type": "github" }, "original": { @@ -354,11 +357,11 @@ ] }, "locked": { - "lastModified": 1739557722, - "narHash": "sha256-XikzLpPUDYiNyJ4w2SfRShdbSkIgE3btYdxCGInmtc4=", + "lastModified": 1740569341, + "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "1f3e1f38dedbbb8aad77e184fb54ec518e2d9522", + "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", "type": "github" }, "original": { @@ -370,11 +373,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1740530339, - "narHash": "sha256-dg2gAojfTMEdnCV7umOU8QtK7Yo8ioeZdGQ+LpkUzTA=", + "lastModified": 1741308008, + "narHash": "sha256-J+7n6svwbpvSoUgFfjfYNVAT50SarBYiwLgTIixjYlM=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "f6a2aa7f496bf225c8e5434382619a93b7c1cb20", + "rev": "814314b94a4d44197d2708d4b48d9df1d14892e2", "type": "github" }, "original": { From d1b1e0f0caff692105ca6d8334ed18ee7c8ab56e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Mar 2025 23:39:34 +0000 Subject: [PATCH 333/438] orm: temporarily disable SSL on postgres --- hosts/orm/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index a61d998..0c510a3 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -43,7 +43,8 @@ enableTCPIP = true; settings = { port = 5432; - ssl = true; + # TODO: fix SSL + # ssl = true; }; # only allow remote connections from within birdsong vpn # TODO: don't hardcode the IP addresses From 1b66df659ee7dfa1ac1cbe9430890454842956fa Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 7 Mar 2025 23:51:51 +0000 Subject: [PATCH 334/438] elucredassa: add missing dataset for backups from kalessin --- hosts/elucredassa/default.nix | 1 + hosts/kalessin/netbox.nix | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 hosts/kalessin/netbox.nix diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index 23c5421..e4a517a 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -26,6 +26,7 @@ in # These are populated by fountain.backup randomcat.services.zfs.datasets = { "rpool_elucredassa/backup" = { mountpoint = "none"; }; + "rpool_elucredassa/backup/kalessin" = { mountpoint = "none"; }; "rpool_elucredassa/backup/orm" = { mountpoint = "none"; }; }; diff --git a/hosts/kalessin/netbox.nix b/hosts/kalessin/netbox.nix new file mode 100644 index 0000000..c3b422d --- /dev/null +++ b/hosts/kalessin/netbox.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs }: + +{ + randomcat.services.zfs.datasets = { + "rpool/state" = { mountpoint = "none"; }; + "rpool/state/netbox" = { mountpoint = "/var/lib/netbox"; }; + }; + + services.netbox = { + enable = true; + package = pkgs.netbox_4_1; + port = 8001; + dataDir = "/var/lib/netbox"; + secretKeyFile = ""; # + }; +} From 24faa7cc26b66ab11064ebcfe902adc16a3961e6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 8 Mar 2025 00:02:07 +0000 Subject: [PATCH 335/438] orm: add missing postgresql auth method --- hosts/orm/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 0c510a3..a6f95ad 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -50,6 +50,7 @@ # TODO: don't hardcode the IP addresses authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method + local all all trust # used by nixos for local monitoring host sameuser all 10.127.0.0/16 scram-sha-256 host sameuser all fd70:81ca:f8f::/48 scram-sha-256 ''; From 424de492d725c52a9782fb4bd3fa7dca668e484a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 15 Mar 2025 12:29:30 +0000 Subject: [PATCH 336/438] yevaud: move git.qenya.tel -> git.unspecified.systems --- hosts/yevaud/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 84a2e2e..e028d11 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -38,7 +38,7 @@ qenya.services.forgejo = { enable = true; - domain = "git.qenya.tel"; + domain = "git.unspecified.systems"; }; services.nginx = { @@ -47,12 +47,17 @@ "git.katherina.rocks" = { forceSSL = true; enableACME = true; - locations."/".return = "301 https://git.qenya.tel$request_uri"; + locations."/".return = "301 https://git.unspecified.systems$request_uri"; + }; + "git.qenya.tel" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://git.unspecified.systems$request_uri"; }; "birdsong.network" = { forceSSL = true; enableACME = true; - locations."/".return = "301 https://git.qenya.tel/qenya/birdsong/"; + locations."/".return = "301 https://git.unspecified.systems/qenya/birdsong/"; }; }; }; From 6c7bdfa06180638a33b5c6986fa4d1bf983d19aa Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 15 Mar 2025 19:55:22 +0000 Subject: [PATCH 337/438] qenya/vscode: minor CSS default formatter changes --- home/qenya/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index ac27f60..14d2420 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -23,6 +23,8 @@ in ]; mutableExtensionsDir = false; userSettings = { + "css.format.spaceAroundSelectorSeparator" = true; + "css.format.newlineBetweenSelectors" = false; "extensions.autoUpdate" = false; "files.insertFinalNewline" = true; "git.autofetch" = true; From c14b57b186c4cc66381c4a937892d578041b9a49 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 15 Mar 2025 19:55:30 +0000 Subject: [PATCH 338/438] Update README --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 26aea1d..fa9c511 100644 --- a/README.md +++ b/README.md @@ -7,10 +7,11 @@ The canonical location for this repository is https://git.qenya.tel/qenya/nixfil ## Machines ### Managed -* `kilgharrah`: Custom-built personal desktop +* `kilgharrah`: Custom-built personal desktop; also currently running Jellyfin, Navidrome and Audiobookshelf servers (and an FTP server, for shits and giggles) * `tohru`: Dell Latitude 5300, personal laptop +* `elucredassa`: Acer Aspire A315-53, old laptop with a broken keyboard that now sits in a corner being a backup server * `yevaud`: Oracle Cloud free AMD VM, hosts a Forgejo instance and WireGuard server for the other machines in the network -* `orm`: Oracle Cloud free AMD VM, currently idling +* `orm`: Oracle Cloud free AMD VM, hosts an instance of Actual Budget and a PostgreSQL server for other services that need one * `kalessin`: Oracle Cloud free ARM VM, currently idling ### Referenced only @@ -30,4 +31,4 @@ To build the remote machines, run `colmena apply`. See the [colmena documentatio ### Updating -`nix flake update --commit-lock-file` \ No newline at end of file +`nix flake update --commit-lock-file` From df688efb7969657432d231518fd3b2fb688e7c83 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 15 Mar 2025 19:58:34 +0000 Subject: [PATCH 339/438] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index fa9c511..a7ac37e 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ My NixOS configuration files. -The canonical location for this repository is https://git.qenya.tel/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. +The canonical location for this repository is https://git.unspecified.systems/qenya/nixfiles. If you're viewing it elsewhere, it is a mirror and may not be up-to-date. ## Machines @@ -27,7 +27,6 @@ To build locally, run `nixos-rebuild switch --flake .#[hostname]` as root. To build the remote machines, run `colmena apply`. See the [colmena documentation](https://colmena.cli.rs/) for command-line options. Notable options include: * `--on [hostname]`: build a specific machine only * `--reboot`: reboot after building (but note [this bug](https://github.com/zhaofengli/colmena/issues/166) means it may hang even when the reboot completes successfully) -* `--experimental-flake-eval`: currently necessary to build at all. See [here](https://github.com/zhaofengli/colmena/pull/228) ### Updating From a658c88fc06fb1af319dffee9ce702bf028283eb Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 16 Mar 2025 15:09:01 +0000 Subject: [PATCH 340/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/0b95936d94ea2a3ce66538f299351cf0b491aa15?dir=pkgs/firefox-addons' (2025-03-07) → 'gitlab:rycee/nur-expressions/5a0ac85616aa6b166ea715a41bc1255bb802b189?dir=pkgs/firefox-addons' (2025-03-16) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/95711f926676018d279ba09fe7530d03b5d5b3e2' (2025-03-07) → 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4' (2025-03-14) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba' (2025-01-18) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=stable&rev=ed7a2fa83145868ecb830d6b3c73ebfd81a9e911' (2025-03-13) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?narHash=sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g%3D&rev=2837da71ec1588c1187d2e554719b15904a46c8b' (2025-01-18) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?narHash=sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW%2BDvDtuv9SwQZZcs%3D&rev=079528098f5998ba13c88821a2eca1005c1695de' (2025-01-18) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/20755fa05115c84be00b04690630cb38f0a203ad' (2025-03-07) → 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/9290fda826610430b3fc8cc98443c3a2faaaf151' (2025-03-07) → 'github:NixOS/nixpkgs/f182029bf7f08a57762b4c762d0917b6803ceff4' (2025-03-15) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/10069ef4cf863633f57238f179a0297de84bd8d3' (2025-03-06) → 'github:NixOS/nixpkgs/c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5' (2025-03-15) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/f104cca31ba6c0403b678ad9428726476b503782' (2025-03-07) → 'github:NixOS/nixpkgs/f985965fff9d4e5df55df0489ef113d09a6ee08d' (2025-03-16) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/814314b94a4d44197d2708d4b48d9df1d14892e2' (2025-03-07) → 'github:randomnetcat/nix-configs/a448b9a9ce66f8e1d1a1de1205f384da25574c7b' (2025-03-16) --- flake.lock | 58 +++++++++++++++++++++++++++--------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/flake.lock b/flake.lock index 5d05a00..04db858 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1741379467, - "narHash": "sha256-f314Ke28BGoVh4TK8FCzlPZgOl+oV7PvLyPF++ln9M4=", + "lastModified": 1742097805, + "narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=", "owner": "rycee", "repo": "nur-expressions", - "rev": "0b95936d94ea2a3ce66538f299351cf0b491aa15", + "rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189", "type": "gitlab" }, "original": { @@ -217,11 +217,11 @@ ] }, "locked": { - "lastModified": 1741378606, - "narHash": "sha256-ytDmwV93lZ1f6jswJkxEQz5cBlwje/2rH/yUZDADZNs=", + "lastModified": 1741955947, + "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", "owner": "nix-community", "repo": "home-manager", - "rev": "95711f926676018d279ba09fe7530d03b5d5b3e2", + "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", "type": "github" }, "original": { @@ -234,14 +234,14 @@ "flake": false, "locked": { "lastModified": 1737234286, - "narHash": "sha256-CCKIAE84dzkrnlxJCKFyffAxP3yfsOAbdvydUGqq24g=", - "rev": "2837da71ec1588c1187d2e554719b15904a46c8b", + "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", + "rev": "079528098f5998ba13c88821a2eca1005c1695de", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/2837da71ec1588c1187d2e554719b15904a46c8b.tar.gz?rev=2837da71ec1588c1187d2e554719b15904a46c8b" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.92.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" } }, "lix-module": { @@ -254,11 +254,11 @@ ] }, "locked": { - "lastModified": 1737237494, - "narHash": "sha256-YMLrcBpf0TR5r/eaqm8lxzFPap2TxCor0ZGcK3a7+b8=", + "lastModified": 1741892773, + "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", "ref": "stable", - "rev": "a3573779c9ba3d55b90aee6e9b4e70e23d34c1ba", - "revCount": 127, + "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", + "revCount": 130, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -270,11 +270,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1741862977, + "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", "type": "github" }, "original": { @@ -301,11 +301,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1741318725, - "narHash": "sha256-3ShROHs7BXBDH3VNoPmbG4mL8DvRpDM8s4NxkmRVz1Q=", + "lastModified": 1742072093, + "narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9290fda826610430b3fc8cc98443c3a2faaaf151", + "rev": "f182029bf7f08a57762b4c762d0917b6803ceff4", "type": "github" }, "original": { @@ -317,11 +317,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741246872, - "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", + "lastModified": 1742069588, + "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", + "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", "type": "github" }, "original": { @@ -333,11 +333,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1741323510, - "narHash": "sha256-zQL0iErtVTxywxyWc7ajRmRNCncny95uD+2wmBHYOzc=", + "lastModified": 1742095305, + "narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f104cca31ba6c0403b678ad9428726476b503782", + "rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d", "type": "github" }, "original": { @@ -373,11 +373,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1741308008, - "narHash": "sha256-J+7n6svwbpvSoUgFfjfYNVAT50SarBYiwLgTIixjYlM=", + "lastModified": 1742090267, + "narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "814314b94a4d44197d2708d4b48d9df1d14892e2", + "rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b", "type": "github" }, "original": { From addbf7ac3e43d2c231deaaa35c571d22040d69b3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Mar 2025 02:01:22 +0000 Subject: [PATCH 341/438] orm: move actual.qenya.tel -> actual.unspecified.systems --- hosts/orm/default.nix | 16 +++++++++++++++- services/actual.nix | 8 +++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index a6f95ad..c7bbba5 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -57,7 +57,21 @@ }; networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ]; - qenya.services.actual.enable = true; + qenya.services.actual = { + enable = true; + domain = "actual.unspecified.systems"; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "actual.qenya.tel" = { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://actual.unspecified.systems$request_uri"; + }; + }; + }; system.stateVersion = "23.11"; } diff --git a/services/actual.nix b/services/actual.nix index d5a1599..b46540e 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -1,20 +1,22 @@ { config, lib, pkgs, ... }: -with lib; let + inherit (lib) mkIf mkOption mkEnableOption types; cfg = config.qenya.services.actual; - domain = "actual.qenya.tel"; in { options.qenya.services.actual = { enable = mkEnableOption "Actual Budget"; + domain = mkOption { + type = types.str; + }; }; config = mkIf cfg.enable { services.nginx = { enable = true; virtualHosts = { - ${domain} = { + ${cfg.domain} = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://127.0.0.1:5006/"; From 55000c365a8ae372a9936ca3c5be02e66d2594ee Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Mar 2025 02:25:28 +0000 Subject: [PATCH 342/438] web-redirect: init new service for simple domain redirects --- hosts/orm/default.nix | 11 +++-------- hosts/yevaud/default.nix | 17 +++++++---------- services/default.nix | 3 ++- services/web-redirect.nix | 30 ++++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 19 deletions(-) create mode 100644 services/web-redirect.nix diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index c7bbba5..5814498 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -61,15 +61,10 @@ enable = true; domain = "actual.unspecified.systems"; }; - - services.nginx = { + fountain.services.web-redirect = { enable = true; - virtualHosts = { - "actual.qenya.tel" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://actual.unspecified.systems$request_uri"; - }; + domains = { + "actual.qenya.tel" = "actual.unspecified.systems"; }; }; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index e028d11..9e5758a 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -40,20 +40,17 @@ enable = true; domain = "git.unspecified.systems"; }; + fountain.services.web-redirect = { + enable = true; + domains = { + "git.katherina.rocks" = "git.unspecified.systems"; + "git.qenya.tel" = "git.unspecified.systems"; + }; + }; services.nginx = { enable = true; virtualHosts = { - "git.katherina.rocks" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.unspecified.systems$request_uri"; - }; - "git.qenya.tel" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.unspecified.systems$request_uri"; - }; "birdsong.network" = { forceSSL = true; enableACME = true; diff --git a/services/default.nix b/services/default.nix index f136e92..2828a8e 100644 --- a/services/default.nix +++ b/services/default.nix @@ -8,5 +8,6 @@ ./navidrome.nix ./pipewire-low-latency.nix ./remote-builder.nix + ./web-redirect.nix ]; -} \ No newline at end of file +} diff --git a/services/web-redirect.nix b/services/web-redirect.nix new file mode 100644 index 0000000..92b9c5a --- /dev/null +++ b/services/web-redirect.nix @@ -0,0 +1,30 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.fountain.services.web-redirect; +in +{ + options.fountain.services.web-redirect = { + enable = mkEnableOption "Module to do simple 301 redirects from one domain to another"; + domains = mkOption { + type = types.attrsOf types.str; + description = "Mapping from source domain to destination domain"; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = builtins.mapAttrs + (name: value: { + forceSSL = true; + enableACME = true; + locations."/".return = "301 https://${value}$request_uri"; + }) + cfg.domains; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +} From d8e85815bde493b6ffa7ca1569eb2034d119cc48 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Mar 2025 02:57:15 +0000 Subject: [PATCH 343/438] users: custom property to define users with root --- common/users/default.nix | 24 +++++++++++++++++++++++- hosts/elucredassa/default.nix | 2 +- hosts/kalessin/default.nix | 2 +- hosts/kilgharrah/default.nix | 2 +- hosts/orm/default.nix | 2 +- hosts/tohru/default.nix | 2 +- hosts/yevaud/default.nix | 2 +- 7 files changed, 29 insertions(+), 7 deletions(-) diff --git a/common/users/default.nix b/common/users/default.nix index d9c87e6..2a4c5b3 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -1,3 +1,9 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption types genAttrs; + cfg = config.fountain; +in { # TODO: consider DRY-ing these imports = [ @@ -7,5 +13,21 @@ ./trungle.nix ]; - users.mutableUsers = false; + options.fountain = { + admins = mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of users who should have root on this system"; + }; + }; + + config = { + users.mutableUsers = false; + + users.users = genAttrs cfg.admins + (name: { + extraGroups = [ "wheel" ]; + } + ); + }; } diff --git a/hosts/elucredassa/default.nix b/hosts/elucredassa/default.nix index e4a517a..97aba67 100644 --- a/hosts/elucredassa/default.nix +++ b/hosts/elucredassa/default.nix @@ -37,7 +37,7 @@ in }; fountain.users.qenya.enable = true; - users.users.qenya.extraGroups = [ "wheel" ]; + fountain.admins = [ "qenya" ]; system.stateVersion = "24.11"; } diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 473f587..65a0ced 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -15,7 +15,7 @@ in networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - users.users.qenya.extraGroups = [ "wheel" ]; + fountain.admins = [ "qenya" ]; fountain.users.randomcat.enable = true; fountain.users.trungle.enable = true; diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index f9f4600..96542d0 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -32,7 +32,7 @@ in fountain.users.qenya.enable = true; age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; - users.users.qenya.extraGroups = [ "wheel" ]; + fountain.admins = [ "qenya" ]; home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ obs-studio ]; # For the moment, this hosts some network-accessible services, so we want it on 24/7 diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 5814498..f5aa5fd 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -12,7 +12,7 @@ networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - users.users.qenya.extraGroups = [ "wheel" ]; + fountain.admins = [ "qenya" ]; qenya.base-server.enable = true; qenya.services.distributed-builds = { diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 3bb4c52..dd1f21f 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -31,10 +31,10 @@ in nix.optimise.automatic = mkForce false; fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; age.secrets.user-password-tohru-qenya.file = ../../secrets/user-password-tohru-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-tohru-qenya.path; users.users.qenya.extraGroups = [ - "wheel" # sudo "networkmanager" # UI wifi configuration "dialout" # access to serial ports ]; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 9e5758a..b93c14b 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -16,7 +16,7 @@ networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - users.users.qenya.extraGroups = [ "wheel" ]; + fountain.admins = [ "qenya" ]; qenya.base-server.enable = true; qenya.services.distributed-builds = { From 52e3168f8d66378f03112a1b24f4c2e2d4e5b349 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 17 Mar 2025 03:00:24 +0000 Subject: [PATCH 344/438] pipewire-low-latency: Remove Not sure it every really did anything useful, and even if it did, my current streaming setup doesn't need it any more --- hosts/kilgharrah/default.nix | 2 -- services/default.nix | 1 - services/pipewire-low-latency.nix | 58 ------------------------------- 3 files changed, 61 deletions(-) delete mode 100644 services/pipewire-low-latency.nix diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index 96542d0..c73d439 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -27,8 +27,6 @@ in console.keyMap = "uk"; services.xserver.xkb.layout = "gb"; - qenya.services.pipewire.lowLatency.enable = true; - fountain.users.qenya.enable = true; age.secrets.user-password-kilgharrah-qenya.file = ../../secrets/user-password-kilgharrah-qenya.age; users.users.qenya.hashedPasswordFile = config.age.secrets.user-password-kilgharrah-qenya.path; diff --git a/services/default.nix b/services/default.nix index 2828a8e..9a3f8cb 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,7 +6,6 @@ ./forgejo.nix ./jellyfin.nix ./navidrome.nix - ./pipewire-low-latency.nix ./remote-builder.nix ./web-redirect.nix ]; diff --git a/services/pipewire-low-latency.nix b/services/pipewire-low-latency.nix deleted file mode 100644 index 0ba2709..0000000 --- a/services/pipewire-low-latency.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkEnableOption; - cfg = config.qenya.services.pipewire.lowLatency; -in -{ - options.qenya.services.pipewire.lowLatency = { - enable = mkEnableOption "config to decrease sound latency (increasing CPU load) for e.g. streaming"; - # TODO: might be an idea to have the numbers be configurable - }; - - config = mkIf cfg.enable { - # TODO: needs more testing - services.pipewire.extraConfig = { - pipewire."92-low-latency" = { - context.properties = { - default.clock.rate = 48000; - default.clock.quantum = 32; - default.clock.min-quantum = 32; - default.clock.max-quantum = 32; - }; - }; - pipewire-pulse."92-low-latency" = { - context.modules = [ - { - name = "libpipewire-module-protocol-pulse"; - args = { - pulse.min.req = "32/48000"; - pulse.default.req = "32/48000"; - pulse.max.req = "32/48000"; - pulse.min.quantum = "32/48000"; - pulse.max.quantum = "32/48000"; - }; - } - ]; - stream.properties = { - node.latency = "32/48000"; - resample.quality = 1; - }; - }; - }; - # Available from NixOS 24.11. Lifted from https://nixos.wiki/wiki/PipeWire - probably need to adjust numbers - # services.pipewire.wireplumber.extraLuaConfig.main."99-alsa-lowlatency" = '' - # alsa_monitor.rules = { - # { - # matches = {{{ "node.name", "matches", "alsa_output.*" }}}; - # apply_properties = { - # ["audio.format"] = "S32LE", - # ["audio.rate"] = "96000", -- for USB soundcards it should be twice your desired rate - # ["api.alsa.period-size"] = 2, -- defaults to 1024, tweak by trial-and-error - # -- ["api.alsa.disable-batch"] = true, -- generally, USB soundcards use the batch mode - # }, - # }, - # } - # ''; - }; -} From 780a18f6271e928ffd117f1880848b794e121ed8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 18 Mar 2025 13:14:50 +0000 Subject: [PATCH 345/438] qenya/vscode: rust-analyzer support --- home/qenya/vscode.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 14d2420..b9f2ce2 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -18,13 +18,17 @@ in jdinhlife.gruvbox jnoortheen.nix-ide matangover.mypy + mkhl.direnv ms-python.black-formatter ms-python.python + rust-lang.rust-analyzer + vadimcn.vscode-lldb ]; mutableExtensionsDir = false; userSettings = { "css.format.spaceAroundSelectorSeparator" = true; "css.format.newlineBetweenSelectors" = false; + "debug.allowBreakpointsEverywhere" = true; "extensions.autoUpdate" = false; "files.insertFinalNewline" = true; "git.autofetch" = true; @@ -40,6 +44,7 @@ in formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; nix.flake.autoArchive = true; }; + "rust-analyzer.check.command" = "clippy"; "terminal.integrated.allowChords" = false; "terminal.integrated.defaultProfile.linux" = "zsh"; "workbench.colorTheme" = "Gruvbox Dark Medium"; From dc7fdfb7ea809cb10779f67271596f02dc0442c4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 19 Mar 2025 17:17:51 +0000 Subject: [PATCH 346/438] gpg: init --- common/default.nix | 3 ++- common/gpg.nix | 8 ++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 common/gpg.nix diff --git a/common/default.nix b/common/default.nix index 81a7423..c60088e 100644 --- a/common/default.nix +++ b/common/default.nix @@ -4,6 +4,7 @@ ./base-server ./users ./boot.nix + ./gpg.nix ./home-manager.nix ./misc.nix ./nginx.nix @@ -14,4 +15,4 @@ ./security.nix ./steam.nix ]; -} \ No newline at end of file +} diff --git a/common/gpg.nix b/common/gpg.nix new file mode 100644 index 0000000..07d1a0f --- /dev/null +++ b/common/gpg.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; +} From 996871782480e10c120b2be8533df53430dd198b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 3 Apr 2025 08:04:22 +0100 Subject: [PATCH 347/438] kanidm: init --- hosts/kalessin/default.nix | 6 ++++ services/default.nix | 1 + services/kanidm.nix | 59 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+) create mode 100644 services/kanidm.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 65a0ced..a34cbd3 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -28,6 +28,7 @@ in randomcat.services.zfs.datasets = { "rpool_kalessin/state" = { mountpoint = "none"; }; + "rpool_kalessin/state/kanidm" = { mountpoint = "/var/lib/kanidm"; }; }; services.sanoid.datasets."rpool_kalessin/state" = { @@ -36,5 +37,10 @@ in process_children_only = true; }; + fountain.services.kanidm = { + enable = true; + domain = "auth.unspecified.systems"; + }; + system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index 9a3f8cb..f60119c 100644 --- a/services/default.nix +++ b/services/default.nix @@ -5,6 +5,7 @@ ./distributed-builds.nix ./forgejo.nix ./jellyfin.nix + ./kanidm.nix ./navidrome.nix ./remote-builder.nix ./web-redirect.nix diff --git a/services/kanidm.nix b/services/kanidm.nix new file mode 100644 index 0000000..6bb891c --- /dev/null +++ b/services/kanidm.nix @@ -0,0 +1,59 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.fountain.services.kanidm; +in +{ + options.fountain.services.kanidm = { + enable = mkEnableOption "Kanidm"; + domain = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services = { + nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + useACMEHost = cfg.domain; + locations."/".proxyPass = "https://[::1]:8443/"; + }; + }; + }; + + kanidm = { + enableClient = true; # needed for admin configuration + enableServer = true; + package = pkgs.kanidm_1_5; + serverSettings = { + bindaddress = "[::1]:8443"; + ldapbindaddress = "[::1]:636"; + origin = "https://${cfg.domain}"; + domain = cfg.domain; + tls_chain = "${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem"; + tls_key = "${config.security.acme.certs.${cfg.domain}.directory}/key.pem"; + online_backup.versions = 7; + trust_x_forward_for = true; + }; + clientSettings.uri = config.services.kanidm.serverSettings.origin; # doesn't like connecting through localhost - wants hostname to match + }; + }; + + security.acme.certs.${cfg.domain} = { + webroot = "/var/lib/acme/acme-challenge"; + group = "acme_${cfg.domain}"; + reloadServices = [ "kanidm.service" ]; + }; + + users.groups."acme_${cfg.domain}".members = [ + "kanidm" + config.services.nginx.user + ]; + + networking.firewall.allowedTCPPorts = [ 80 443 636 ]; + }; +} From 4265d5bae90c9dc0b9f69e38fd582d72adb1a670 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 7 Apr 2025 12:28:08 +0100 Subject: [PATCH 348/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/5a0ac85616aa6b166ea715a41bc1255bb802b189?dir=pkgs/firefox-addons' (2025-03-16) → 'gitlab:rycee/nur-expressions/60f50437003e17137a871686dfa3fc4291edd5e5?dir=pkgs/firefox-addons' (2025-04-07) • Removed input 'firefox-addons/flake-utils' • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/f4330d22f1c5d2ba72d3d22df5597d123fdb60a9' (2025-03-07) → 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/147dee35aab2193b174e4c0868bd80ead5ce755c' (2025-03-02) → 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30) • Updated input 'home-manager': 'github:nix-community/home-manager/9d3d080aec2a35e05a15cedd281c2384767c2cfe' (2025-02-17) → 'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6' (2025-04-04) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/4e12151c9e014e2449e0beca2c0e9534b96a26b4' (2025-03-14) → 'github:nix-community/home-manager/f463902a3f03e15af658e48bcc60b39188ddf734' (2025-04-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/cdd2ef009676ac92b715ff26630164bb88fec4e0' (2025-03-13) → 'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6' (2025-04-05) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/f182029bf7f08a57762b4c762d0917b6803ceff4' (2025-03-15) → 'github:NixOS/nixpkgs/f27c6099cec4fe9b67c7fbc51d8324dcb4b52694' (2025-04-05) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5' (2025-03-15) → 'github:NixOS/nixpkgs/42a1c966be226125b48c384171c44c651c236c22' (2025-04-05) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/f985965fff9d4e5df55df0489ef113d09a6ee08d' (2025-03-16) → 'github:NixOS/nixpkgs/da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a' (2025-04-06) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/5eeb0172fb74392053b66a8149e61b5e191b2845' (2025-02-26) → 'github:nix-community/plasma-manager/b70be387276e632fe51232887f9e04e2b6ef8c16' (2025-03-23) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/a448b9a9ce66f8e1d1a1de1205f384da25574c7b' (2025-03-16) → 'github:randomnetcat/nix-configs/335ef83e439cfcb4781d5a8f54f606afb63e9f48' (2025-04-07) --- flake.lock | 84 ++++++++++++++++++++++-------------------------------- 1 file changed, 34 insertions(+), 50 deletions(-) diff --git a/flake.lock b/flake.lock index 04db858..cc4aa83 100644 --- a/flake.lock +++ b/flake.lock @@ -86,18 +86,17 @@ }, "firefox-addons": { "inputs": { - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs-unstable" ] }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1742097805, - "narHash": "sha256-N3/7llBZ93Itf7ndnNtEm7lPoMqSC57B/PNaMB6cL1Q=", + "lastModified": 1744010161, + "narHash": "sha256-6PNBLb/YXVlx2YaDqtljQYpk2MlE0VRjGXcEg1RN/qw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "5a0ac85616aa6b166ea715a41bc1255bb802b189", + "rev": "60f50437003e17137a871686dfa3fc4291edd5e5", "type": "gitlab" }, "original": { @@ -113,11 +112,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1741352980, - "narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=", + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", "type": "github" }, "original": { @@ -142,21 +141,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1629284811, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c5d161cc0af116a2e17f54316f0bf43f0819785c", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "inputs": { "systems": "systems_2" }, @@ -196,11 +180,11 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1743808813, + "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", "type": "github" }, "original": { @@ -217,11 +201,11 @@ ] }, "locked": { - "lastModified": 1741955947, - "narHash": "sha256-2lbURKclgKqBNm7hVRtWh0A7NrdsibD0EaWhahUVhhY=", + "lastModified": 1744008831, + "narHash": "sha256-g3mHJLB8ShKuMaBBZxiGuoftJ22f7Boegiw5xBUnS8E=", "owner": "nix-community", "repo": "home-manager", - "rev": "4e12151c9e014e2449e0beca2c0e9534b96a26b4", + "rev": "f463902a3f03e15af658e48bcc60b39188ddf734", "type": "github" }, "original": { @@ -246,7 +230,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -270,11 +254,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1741862977, - "narHash": "sha256-prZ0M8vE/ghRGGZcflvxCu40ObKaB+ikn74/xQoNrGQ=", + "lastModified": 1743813633, + "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cdd2ef009676ac92b715ff26630164bb88fec4e0", + "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", "type": "github" }, "original": { @@ -286,11 +270,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1740877520, - "narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=", + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "147dee35aab2193b174e4c0868bd80ead5ce755c", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", "type": "github" }, "original": { @@ -301,11 +285,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1742072093, - "narHash": "sha256-2aEgxL5RSzNHWFLWEUFXZhkVEYDOuVSXQBiOonzT/Kg=", + "lastModified": 1743891346, + "narHash": "sha256-QNxnxIi6PJEnwJp7ZXUpxX4/z/cmRJGeIOkIYfYh/8E=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f182029bf7f08a57762b4c762d0917b6803ceff4", + "rev": "f27c6099cec4fe9b67c7fbc51d8324dcb4b52694", "type": "github" }, "original": { @@ -317,11 +301,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1742069588, - "narHash": "sha256-C7jVfohcGzdZRF6DO+ybyG/sqpo1h6bZi9T56sxLy+k=", + "lastModified": 1743827369, + "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c80f6a7e10b39afcc1894e02ef785b1ad0b0d7e5", + "rev": "42a1c966be226125b48c384171c44c651c236c22", "type": "github" }, "original": { @@ -333,11 +317,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1742095305, - "narHash": "sha256-L8qjRx4MbX/juwbo8+4qYbqQy0MFUzUJLV5o8oujvaA=", + "lastModified": 1743948488, + "narHash": "sha256-uKcMmNPvGPb58MhAFru/CMDYl69nZRK3A3SLch9ejgA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f985965fff9d4e5df55df0489ef113d09a6ee08d", + "rev": "da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a", "type": "github" }, "original": { @@ -357,11 +341,11 @@ ] }, "locked": { - "lastModified": 1740569341, - "narHash": "sha256-WV8nY2IOfWdzBF5syVgCcgOchg/qQtpYh6LECYS9XkY=", + "lastModified": 1742765550, + "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "5eeb0172fb74392053b66a8149e61b5e191b2845", + "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16", "type": "github" }, "original": { @@ -373,11 +357,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1742090267, - "narHash": "sha256-A+pimpalPZr9Un1yJaVsc+3J71IHuAPN+NSo5MqHtzM=", + "lastModified": 1744004743, + "narHash": "sha256-MIWwT/A4IfXmmSMCU3lVVnFJNmkXpYxcK+Fishja6XY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "a448b9a9ce66f8e1d1a1de1205f384da25574c7b", + "rev": "335ef83e439cfcb4781d5a8f54f606afb63e9f48", "type": "github" }, "original": { From 61d86b7f57cad2be4388373c2033ccbcb7c882e8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 7 Apr 2025 15:20:17 +0100 Subject: [PATCH 349/438] flake: pin lix version --- flake.lock | 17 +++++++---------- flake.nix | 3 ++- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index cc4aa83..64b47f4 100644 --- a/flake.lock +++ b/flake.lock @@ -238,18 +238,15 @@ ] }, "locked": { - "lastModified": 1741892773, - "narHash": "sha256-8oUT6D7VlsuLkms3zBsUaPBUoxucmFq62QdtyVpjq0Y=", - "ref": "stable", - "rev": "ed7a2fa83145868ecb830d6b3c73ebfd81a9e911", - "revCount": 130, - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" + "lastModified": 1742943028, + "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", + "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c" }, "original": { - "ref": "stable", - "type": "git", - "url": "https://git.lix.systems/lix-project/nixos-module" + "type": "tarball", + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" } }, "nixpkgs": { diff --git a/flake.nix b/flake.nix index 4b3c089..5962bf5 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,8 @@ nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; lix-module = { - url = "git+https://git.lix.systems/lix-project/nixos-module?ref=stable"; + # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 8f8f2556a01ba0de9b9389b4c9afe6761c23bdba Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 7 Apr 2025 15:21:14 +0100 Subject: [PATCH 350/438] Revert "kanidm: init" This reverts commit 996871782480e10c120b2be8533df53430dd198b. --- hosts/kalessin/default.nix | 6 ---- services/default.nix | 1 - services/kanidm.nix | 59 -------------------------------------- 3 files changed, 66 deletions(-) delete mode 100644 services/kanidm.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index a34cbd3..65a0ced 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -28,7 +28,6 @@ in randomcat.services.zfs.datasets = { "rpool_kalessin/state" = { mountpoint = "none"; }; - "rpool_kalessin/state/kanidm" = { mountpoint = "/var/lib/kanidm"; }; }; services.sanoid.datasets."rpool_kalessin/state" = { @@ -37,10 +36,5 @@ in process_children_only = true; }; - fountain.services.kanidm = { - enable = true; - domain = "auth.unspecified.systems"; - }; - system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index f60119c..9a3f8cb 100644 --- a/services/default.nix +++ b/services/default.nix @@ -5,7 +5,6 @@ ./distributed-builds.nix ./forgejo.nix ./jellyfin.nix - ./kanidm.nix ./navidrome.nix ./remote-builder.nix ./web-redirect.nix diff --git a/services/kanidm.nix b/services/kanidm.nix deleted file mode 100644 index 6bb891c..0000000 --- a/services/kanidm.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkOption mkEnableOption types; - cfg = config.fountain.services.kanidm; -in -{ - options.fountain.services.kanidm = { - enable = mkEnableOption "Kanidm"; - domain = mkOption { - type = types.str; - }; - }; - - config = mkIf cfg.enable { - services = { - nginx = { - enable = true; - virtualHosts = { - ${cfg.domain} = { - forceSSL = true; - useACMEHost = cfg.domain; - locations."/".proxyPass = "https://[::1]:8443/"; - }; - }; - }; - - kanidm = { - enableClient = true; # needed for admin configuration - enableServer = true; - package = pkgs.kanidm_1_5; - serverSettings = { - bindaddress = "[::1]:8443"; - ldapbindaddress = "[::1]:636"; - origin = "https://${cfg.domain}"; - domain = cfg.domain; - tls_chain = "${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem"; - tls_key = "${config.security.acme.certs.${cfg.domain}.directory}/key.pem"; - online_backup.versions = 7; - trust_x_forward_for = true; - }; - clientSettings.uri = config.services.kanidm.serverSettings.origin; # doesn't like connecting through localhost - wants hostname to match - }; - }; - - security.acme.certs.${cfg.domain} = { - webroot = "/var/lib/acme/acme-challenge"; - group = "acme_${cfg.domain}"; - reloadServices = [ "kanidm.service" ]; - }; - - users.groups."acme_${cfg.domain}".members = [ - "kanidm" - config.services.nginx.user - ]; - - networking.firewall.allowedTCPPorts = [ 80 443 636 ]; - }; -} From 4f82380855898b88bb694ad05948978dc385466e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 8 Apr 2025 17:22:10 +0100 Subject: [PATCH 351/438] Remove rudimentary netbox module Accidentally committed a while ago --- hosts/kalessin/netbox.nix | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 hosts/kalessin/netbox.nix diff --git a/hosts/kalessin/netbox.nix b/hosts/kalessin/netbox.nix deleted file mode 100644 index c3b422d..0000000 --- a/hosts/kalessin/netbox.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs }: - -{ - randomcat.services.zfs.datasets = { - "rpool/state" = { mountpoint = "none"; }; - "rpool/state/netbox" = { mountpoint = "/var/lib/netbox"; }; - }; - - services.netbox = { - enable = true; - package = pkgs.netbox_4_1; - port = 8001; - dataDir = "/var/lib/netbox"; - secretKeyFile = ""; # - }; -} From e2c74a3743ef00c8946c7a6fa491defae1f69343 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 27 Apr 2025 11:20:13 +0100 Subject: [PATCH 352/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/e600439ec4c273cf11e06fe4d9d906fb98fa097c' (2025-01-15) → 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded' (2025-04-26) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/60f50437003e17137a871686dfa3fc4291edd5e5?dir=pkgs/firefox-addons' (2025-04-07) → 'gitlab:rycee/nur-expressions/346899a4b3b651ab447c61e0c8e9d8a1454cda72?dir=pkgs/firefox-addons' (2025-04-23) • Updated input 'home-manager': 'github:nix-community/home-manager/a9f8b3db211b4609ddd83683f9db89796c7f6ac6' (2025-04-04) → 'github:nix-community/home-manager/dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1' (2025-04-25) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/f463902a3f03e15af658e48bcc60b39188ddf734' (2025-04-07) → 'github:nix-community/home-manager/2f5819a962489e037a57835f63ed6ff8dbc2d5fb' (2025-04-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7819a0d29d1dd2bc331bec4b327f0776359b1fa6' (2025-04-05) → 'github:NixOS/nixpkgs/5630cf13cceac06cefe9fc607e8dfa8fb342dde3' (2025-04-24) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/f27c6099cec4fe9b67c7fbc51d8324dcb4b52694' (2025-04-05) → 'github:NixOS/nixpkgs/d1e377e4cfcb3da8da4b71dbef631e8317907cd8' (2025-04-26) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/42a1c966be226125b48c384171c44c651c236c22' (2025-04-05) → 'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a' (2025-04-06) → 'github:NixOS/nixpkgs/1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f' (2025-04-27) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/335ef83e439cfcb4781d5a8f54f606afb63e9f48' (2025-04-07) → 'github:randomnetcat/nix-configs/876f365eaa010988a0908421578c72fb17c28f09' (2025-04-27) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 64b47f4..418db8b 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1736955230, - "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", + "lastModified": 1745630506, + "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", "owner": "ryantm", "repo": "agenix", - "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", + "rev": "96e078c646b711aee04b82ba01aefbff87004ded", "type": "github" }, "original": { @@ -92,11 +92,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1744010161, - "narHash": "sha256-6PNBLb/YXVlx2YaDqtljQYpk2MlE0VRjGXcEg1RN/qw=", + "lastModified": 1745419403, + "narHash": "sha256-pQOOn4UntLSwnL3xZ1JAr3IDhXpL+kTS7Zw8ll59K9Q=", "owner": "rycee", "repo": "nur-expressions", - "rev": "60f50437003e17137a871686dfa3fc4291edd5e5", + "rev": "346899a4b3b651ab447c61e0c8e9d8a1454cda72", "type": "gitlab" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1743808813, - "narHash": "sha256-2lDQBOmlz9ggPxcS7/GvcVdzXMIiT+PpMao6FbLJSr0=", + "lastModified": 1745557122, + "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=", "owner": "nix-community", "repo": "home-manager", - "rev": "a9f8b3db211b4609ddd83683f9db89796c7f6ac6", + "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1744008831, - "narHash": "sha256-g3mHJLB8ShKuMaBBZxiGuoftJ22f7Boegiw5xBUnS8E=", + "lastModified": 1745703610, + "narHash": "sha256-KgaGPlmjJItZ+Xf8mSoRmrsso+sf3K54n9oIP9Q17LY=", "owner": "nix-community", "repo": "home-manager", - "rev": "f463902a3f03e15af658e48bcc60b39188ddf734", + "rev": "2f5819a962489e037a57835f63ed6ff8dbc2d5fb", "type": "github" }, "original": { @@ -251,11 +251,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1743813633, - "narHash": "sha256-BgkBz4NpV6Kg8XF7cmHDHRVGZYnKbvG0Y4p+jElwxaM=", + "lastModified": 1745487689, + "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7819a0d29d1dd2bc331bec4b327f0776359b1fa6", + "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1743891346, - "narHash": "sha256-QNxnxIi6PJEnwJp7ZXUpxX4/z/cmRJGeIOkIYfYh/8E=", + "lastModified": 1745699837, + "narHash": "sha256-RqGZeOaAdvaVRibN/x6QF+Ahcuigj/WMsqLkGjq/mUI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f27c6099cec4fe9b67c7fbc51d8324dcb4b52694", + "rev": "d1e377e4cfcb3da8da4b71dbef631e8317907cd8", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1743827369, - "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", + "lastModified": 1745526057, + "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42a1c966be226125b48c384171c44c651c236c22", + "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1743948488, - "narHash": "sha256-uKcMmNPvGPb58MhAFru/CMDYl69nZRK3A3SLch9ejgA=", + "lastModified": 1745731301, + "narHash": "sha256-2DZgcq2sylQuml+L6FOh8eWMoMGGbNHM7Ls56iBQPX0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da98c5d529f118c82e80a3f9b4fb01fdeba3cf7a", + "rev": "1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f", "type": "github" }, "original": { @@ -354,11 +354,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1744004743, - "narHash": "sha256-MIWwT/A4IfXmmSMCU3lVVnFJNmkXpYxcK+Fishja6XY=", + "lastModified": 1745719427, + "narHash": "sha256-g3Xt07uJyj9WO+FvQFrxZe9QA6wauWIvyWzUPEu4g64=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "335ef83e439cfcb4781d5a8f54f606afb63e9f48", + "rev": "876f365eaa010988a0908421578c72fb17c28f09", "type": "github" }, "original": { From 9c39440238f04c1f96d3248d81c9b6b29e96da08 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 27 Apr 2025 13:30:37 +0100 Subject: [PATCH 353/438] nix: Remove insecure package exception for electron 31 Feishin has updated: https://github.com/jeffvli/feishin/issues/879 --- common/nix.nix | 8 -------- 1 file changed, 8 deletions(-) diff --git a/common/nix.nix b/common/nix.nix index 12ebcf7..bafc8ef 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -10,12 +10,4 @@ nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; nix.settings.trusted-users = [ "@wheel" ]; - - # this is a dependency of feishin (used in qenya's home-manager). it does not actually have a known vulnerability, - # it's just unsuspported because Electron's support cycle is a ludicrously short 6 months. - # feishin's dev is going to be rewriting it without Electron (as "audioling"). - # modern software development was a mistake. - nixpkgs.config.permittedInsecurePackages = [ - "electron-31.7.7" - ]; } From 1216b34206344d7e47c237bb2c801296388c9b0d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 28 Apr 2025 13:06:20 +0100 Subject: [PATCH 354/438] steam: Run with PipeWire support by default --- common/steam.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/common/steam.nix b/common/steam.nix index b1e26de..28d9bd7 100644 --- a/common/steam.nix +++ b/common/steam.nix @@ -3,6 +3,10 @@ { config = lib.mkIf config.programs.steam.enable { programs.steam = { + package = pkgs.steam.override { + extraArgs = "-pipewire"; # for remote play with PipeWire + }; + remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; }; From c22c1e376881611ab441fa54db6fb42d17dfc057 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 28 Apr 2025 13:06:33 +0100 Subject: [PATCH 355/438] steam: Open ports for game sideloading on LAN --- common/steam.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/common/steam.nix b/common/steam.nix index 28d9bd7..cd27dac 100644 --- a/common/steam.nix +++ b/common/steam.nix @@ -9,6 +9,7 @@ remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; + localNetworkGameTransfers.openFirewall = true; }; services.joycond.enable = true; From 278e172881d082159b035b4643838c2d4e28e7a7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 28 Apr 2025 15:18:41 +0100 Subject: [PATCH 356/438] owncast: init --- hosts/kalessin/default.nix | 7 +++++++ services/default.nix | 1 + services/owncast.nix | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+) create mode 100644 services/owncast.nix diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 65a0ced..2b80d96 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -28,6 +28,7 @@ in randomcat.services.zfs.datasets = { "rpool_kalessin/state" = { mountpoint = "none"; }; + "rpool_kalessin/state/owncast" = { mountpoint = "/var/lib/owncast"; }; }; services.sanoid.datasets."rpool_kalessin/state" = { @@ -36,5 +37,11 @@ in process_children_only = true; }; + qenya.services.owncast = { + enable = true; + domain = "live.qenya.tel"; + dataDir = "/var/lib/owncast"; + }; + system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index 9a3f8cb..927886c 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,6 +6,7 @@ ./forgejo.nix ./jellyfin.nix ./navidrome.nix + ./owncast.nix ./remote-builder.nix ./web-redirect.nix ]; diff --git a/services/owncast.nix b/services/owncast.nix new file mode 100644 index 0000000..aa60223 --- /dev/null +++ b/services/owncast.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.owncast; +in +{ + options.qenya.services.owncast = { + enable = mkEnableOption "Owncast"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://127.0.0.1:8080/"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 1935 ]; # 1935 for rtmp + + services.owncast.enable = true; + services.owncast.dataDir = cfg.dataDir; + }; +} From ed43e2a1f0965ff1ee6db17f23df62e352976181 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 28 Apr 2025 17:34:36 +0100 Subject: [PATCH 357/438] qenya/zsh: Use powerlevel10k theme Closes #15 --- home/qenya/.p10k.zsh | 1832 +++++++++++++++++++++++++++++++++++++ home/qenya/default.nix | 1 + home/qenya/fontconfig.nix | 17 + home/qenya/zsh.nix | 11 +- 4 files changed, 1858 insertions(+), 3 deletions(-) create mode 100644 home/qenya/.p10k.zsh create mode 100644 home/qenya/fontconfig.nix diff --git a/home/qenya/.p10k.zsh b/home/qenya/.p10k.zsh new file mode 100644 index 0000000..a47b12a --- /dev/null +++ b/home/qenya/.p10k.zsh @@ -0,0 +1,1832 @@ +# Generated by Powerlevel10k configuration wizard on 2025-04-28 at 17:26 BST. +# Based on romkatv/powerlevel10k/config/p10k-rainbow.zsh. +# Wizard options: nerdfont-complete + powerline, small icons, rainbow, unicode, +# angled separators, sharp heads, round tails, 2 lines, disconnected, no frame, sparse, +# few icons, concise, transient_prompt, instant_prompt=off. +# Type `p10k configure` to generate another config. +# +# Config for Powerlevel10k with powerline prompt style with colorful background. +# Type `p10k configure` to generate your own config based on it. +# +# Tip: Looking for a nice color? Here's a one-liner to print colormap. +# +# for i in {0..255}; do print -Pn "%K{$i} %k%F{$i}${(l:3::0:)i}%f " ${${(M)$((i%6)):#3}:+$'\n'}; done + +# Temporarily change options. +'builtin' 'local' '-a' 'p10k_config_opts' +[[ ! -o 'aliases' ]] || p10k_config_opts+=('aliases') +[[ ! -o 'sh_glob' ]] || p10k_config_opts+=('sh_glob') +[[ ! -o 'no_brace_expand' ]] || p10k_config_opts+=('no_brace_expand') +'builtin' 'setopt' 'no_aliases' 'no_sh_glob' 'brace_expand' + +() { + emulate -L zsh -o extended_glob + + # Unset all configuration options. This allows you to apply configuration changes without + # restarting zsh. Edit ~/.p10k.zsh and type `source ~/.p10k.zsh`. + unset -m '(POWERLEVEL9K_*|DEFAULT_USER)~POWERLEVEL9K_GITSTATUS_DIR' + + # Zsh >= 5.1 is required. + [[ $ZSH_VERSION == (5.<1->*|<6->.*) ]] || return + + # The list of segments shown on the left. Fill it with the most important segments. + typeset -g POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + # os_icon # os identifier + dir # current directory + vcs # git status + # =========================[ Line #2 ]========================= + newline # \n + prompt_char # prompt symbol + ) + + # The list of segments shown on the right. Fill it with less important segments. + # Right prompt on the last prompt line (where you are typing your commands) gets + # automatically hidden when the input line reaches it. Right prompt above the + # last prompt line gets hidden if it would overlap with left prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=( + # =========================[ Line #1 ]========================= + status # exit code of the last command + command_execution_time # duration of the last command + background_jobs # presence of background jobs + direnv # direnv status (https://direnv.net/) + asdf # asdf version manager (https://github.com/asdf-vm/asdf) + virtualenv # python virtual environment (https://docs.python.org/3/library/venv.html) + anaconda # conda environment (https://conda.io/) + pyenv # python environment (https://github.com/pyenv/pyenv) + goenv # go environment (https://github.com/syndbg/goenv) + nodenv # node.js version from nodenv (https://github.com/nodenv/nodenv) + nvm # node.js version from nvm (https://github.com/nvm-sh/nvm) + nodeenv # node.js environment (https://github.com/ekalinin/nodeenv) + # node_version # node.js version + # go_version # go version (https://golang.org) + # rust_version # rustc version (https://www.rust-lang.org) + # dotnet_version # .NET version (https://dotnet.microsoft.com) + # php_version # php version (https://www.php.net/) + # laravel_version # laravel php framework version (https://laravel.com/) + # java_version # java version (https://www.java.com/) + # package # name@version from package.json (https://docs.npmjs.com/files/package.json) + rbenv # ruby version from rbenv (https://github.com/rbenv/rbenv) + rvm # ruby version from rvm (https://rvm.io) + fvm # flutter version management (https://github.com/leoafarias/fvm) + luaenv # lua version from luaenv (https://github.com/cehoffman/luaenv) + jenv # java version from jenv (https://github.com/jenv/jenv) + plenv # perl version from plenv (https://github.com/tokuhirom/plenv) + perlbrew # perl version from perlbrew (https://github.com/gugod/App-perlbrew) + phpenv # php version from phpenv (https://github.com/phpenv/phpenv) + scalaenv # scala version from scalaenv (https://github.com/scalaenv/scalaenv) + haskell_stack # haskell version from stack (https://haskellstack.org/) + kubecontext # current kubernetes context (https://kubernetes.io/) + terraform # terraform workspace (https://www.terraform.io) + # terraform_version # terraform version (https://www.terraform.io) + aws # aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) + aws_eb_env # aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) + azure # azure account name (https://docs.microsoft.com/en-us/cli/azure) + gcloud # google cloud cli account and project (https://cloud.google.com/) + google_app_cred # google application credentials (https://cloud.google.com/docs/authentication/production) + toolbox # toolbox name (https://github.com/containers/toolbox) + context # user@hostname + nordvpn # nordvpn connection status, linux only (https://nordvpn.com/) + ranger # ranger shell (https://github.com/ranger/ranger) + nnn # nnn shell (https://github.com/jarun/nnn) + lf # lf shell (https://github.com/gokcehan/lf) + xplr # xplr shell (https://github.com/sayanarijit/xplr) + vim_shell # vim shell indicator (:sh) + midnight_commander # midnight commander shell (https://midnight-commander.org/) + nix_shell # nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) + chezmoi_shell # chezmoi shell (https://www.chezmoi.io/) + # vi_mode # vi mode (you don't need this if you've enabled prompt_char) + # vpn_ip # virtual private network indicator + # load # CPU load + # disk_usage # disk usage + # ram # free RAM + # swap # used swap + todo # todo items (https://github.com/todotxt/todo.txt-cli) + timewarrior # timewarrior tracking status (https://timewarrior.net/) + taskwarrior # taskwarrior task count (https://taskwarrior.org/) + per_directory_history # Oh My Zsh per-directory-history local/global indicator + # cpu_arch # CPU architecture + # time # current time + # =========================[ Line #2 ]========================= + newline + # ip # ip address and bandwidth usage for a specified network interface + # public_ip # public IP address + # proxy # system-wide http/https/ftp proxy + # battery # internal battery + # wifi # wifi speed + # example # example user-defined segment (see prompt_example function below) + ) + + # Defines character set used by powerlevel10k. It's best to let `p10k configure` set it for you. + typeset -g POWERLEVEL9K_MODE=nerdfont-complete + # When set to `moderate`, some icons will have an extra space after them. This is meant to avoid + # icon overlap when using non-monospace fonts. When set to `none`, spaces are not added. + typeset -g POWERLEVEL9K_ICON_PADDING=none + + # When set to true, icons appear before content on both sides of the prompt. When set + # to false, icons go after content. If empty or not set, icons go before content in the left + # prompt and after content in the right prompt. + # + # You can also override it for a specific segment: + # + # POWERLEVEL9K_STATUS_ICON_BEFORE_CONTENT=false + # + # Or for a specific segment in specific state: + # + # POWERLEVEL9K_DIR_NOT_WRITABLE_ICON_BEFORE_CONTENT=false + typeset -g POWERLEVEL9K_ICON_BEFORE_CONTENT= + + # Add an empty line before each prompt. + typeset -g POWERLEVEL9K_PROMPT_ADD_NEWLINE=true + + # Connect left prompt lines with these symbols. You'll probably want to use the same color + # as POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND below. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_PREFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_PREFIX= + # Connect right prompt lines with these symbols. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_SUFFIX= + typeset -g POWERLEVEL9K_MULTILINE_LAST_PROMPT_SUFFIX= + + # Filler between left and right prompt on the first prompt line. You can set it to ' ', '·' or + # '─'. The last two make it easier to see the alignment between left and right prompt and to + # separate prompt from command output. You might want to set POWERLEVEL9K_PROMPT_ADD_NEWLINE=false + # for more compact prompt if using this option. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR=' ' + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_BACKGROUND= + typeset -g POWERLEVEL9K_MULTILINE_NEWLINE_PROMPT_GAP_BACKGROUND= + if [[ $POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_CHAR != ' ' ]]; then + # The color of the filler. You'll probably want to match the color of POWERLEVEL9K_MULTILINE + # ornaments defined above. + typeset -g POWERLEVEL9K_MULTILINE_FIRST_PROMPT_GAP_FOREGROUND=242 + # Start filler from the edge of the screen if there are no left segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_FIRST_SEGMENT_END_SYMBOL='%{%}' + # End filler on the edge of the screen if there are no right segments on the first line. + typeset -g POWERLEVEL9K_EMPTY_LINE_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='%{%}' + fi + + # Separator between same-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SUBSEGMENT_SEPARATOR='\uE0B1' + # Separator between same-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SUBSEGMENT_SEPARATOR='\uE0B3' + # Separator between different-color segments on the left. + typeset -g POWERLEVEL9K_LEFT_SEGMENT_SEPARATOR='\uE0B0' + # Separator between different-color segments on the right. + typeset -g POWERLEVEL9K_RIGHT_SEGMENT_SEPARATOR='\uE0B2' + # To remove a separator between two segments, add "_joined" to the second segment name. + # For example: POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=(os_icon context_joined) + + # The right end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B0' + # The left end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B2' + # The left end of left prompt. + typeset -g POWERLEVEL9K_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL='\uE0B6' + # The right end of right prompt. + typeset -g POWERLEVEL9K_RIGHT_PROMPT_LAST_SEGMENT_END_SYMBOL='\uE0B4' + # Left prompt terminator for lines without any segments. + typeset -g POWERLEVEL9K_EMPTY_LINE_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + + #################################[ os_icon: os identifier ]################################## + # OS identifier color. + typeset -g POWERLEVEL9K_OS_ICON_FOREGROUND=232 + typeset -g POWERLEVEL9K_OS_ICON_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_OS_ICON_CONTENT_EXPANSION='⭐' + + ################################[ prompt_char: prompt symbol ]################################ + # Transparent background. + typeset -g POWERLEVEL9K_PROMPT_CHAR_BACKGROUND= + # Green prompt symbol if the last command succeeded. + typeset -g POWERLEVEL9K_PROMPT_CHAR_OK_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=76 + # Red prompt symbol if the last command failed. + typeset -g POWERLEVEL9K_PROMPT_CHAR_ERROR_{VIINS,VICMD,VIVIS,VIOWR}_FOREGROUND=196 + # Default prompt symbol. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIINS_CONTENT_EXPANSION='❯' + # Prompt symbol in command vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VICMD_CONTENT_EXPANSION='❮' + # Prompt symbol in visual vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIVIS_CONTENT_EXPANSION='V' + # Prompt symbol in overwrite vi mode. + typeset -g POWERLEVEL9K_PROMPT_CHAR_{OK,ERROR}_VIOWR_CONTENT_EXPANSION='▶' + typeset -g POWERLEVEL9K_PROMPT_CHAR_OVERWRITE_STATE=true + # No line terminator if prompt_char is the last segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_LAST_SEGMENT_END_SYMBOL= + # No line introducer if prompt_char is the first segment. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_PROMPT_FIRST_SEGMENT_START_SYMBOL= + # No surrounding whitespace. + typeset -g POWERLEVEL9K_PROMPT_CHAR_LEFT_{LEFT,RIGHT}_WHITESPACE= + + ##################################[ dir: current directory ]################################## + # Current directory background color. + typeset -g POWERLEVEL9K_DIR_BACKGROUND=4 + # Default current directory foreground color. + typeset -g POWERLEVEL9K_DIR_FOREGROUND=254 + # If directory is too long, shorten some of its segments to the shortest possible unique + # prefix. The shortened directory can be tab-completed to the original. + typeset -g POWERLEVEL9K_SHORTEN_STRATEGY=truncate_to_unique + # Replace removed segment suffixes with this symbol. + typeset -g POWERLEVEL9K_SHORTEN_DELIMITER= + # Color of the shortened directory segments. + typeset -g POWERLEVEL9K_DIR_SHORTENED_FOREGROUND=250 + # Color of the anchor directory segments. Anchor segments are never shortened. The first + # segment is always an anchor. + typeset -g POWERLEVEL9K_DIR_ANCHOR_FOREGROUND=255 + # Display anchor directory segments in bold. + typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=true + # Don't shorten directories that contain any of these files. They are anchors. + local anchor_files=( + .bzr + .citc + .git + .hg + .node-version + .python-version + .go-version + .ruby-version + .lua-version + .java-version + .perl-version + .php-version + .tool-versions + .shorten_folder_marker + .svn + .terraform + CVS + Cargo.toml + composer.json + go.mod + package.json + stack.yaml + ) + typeset -g POWERLEVEL9K_SHORTEN_FOLDER_MARKER="(${(j:|:)anchor_files})" + # If set to "first" ("last"), remove everything before the first (last) subdirectory that contains + # files matching $POWERLEVEL9K_SHORTEN_FOLDER_MARKER. For example, when the current directory is + # /foo/bar/git_repo/nested_git_repo/baz, prompt will display git_repo/nested_git_repo/baz (first) + # or nested_git_repo/baz (last). This assumes that git_repo and nested_git_repo contain markers + # and other directories don't. + # + # Optionally, "first" and "last" can be followed by ":" where is an integer. + # This moves the truncation point to the right (positive offset) or to the left (negative offset) + # relative to the marker. Plain "first" and "last" are equivalent to "first:0" and "last:0" + # respectively. + typeset -g POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER=false + # Don't shorten this many last directory segments. They are anchors. + typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=1 + # Shorten directory if it's longer than this even if there is space for it. The value can + # be either absolute (e.g., '80') or a percentage of terminal width (e.g, '50%'). If empty, + # directory will be shortened only when prompt doesn't fit or when other parameters demand it + # (see POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS and POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT below). + # If set to `0`, directory will always be shortened to its minimum length. + typeset -g POWERLEVEL9K_DIR_MAX_LENGTH=80 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least this + # many columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS=40 + # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least + # COLUMNS * POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT * 0.01 columns for typing commands. + typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT=50 + # If set to true, embed a hyperlink into the directory. Useful for quickly + # opening a directory in the file manager simply by clicking the link. + # Can also be handy when the directory is shortened, as it allows you to see + # the full directory that was used in previous commands. + typeset -g POWERLEVEL9K_DIR_HYPERLINK=false + + # Enable special styling for non-writable and non-existent directories. See POWERLEVEL9K_LOCK_ICON + # and POWERLEVEL9K_DIR_CLASSES below. + typeset -g POWERLEVEL9K_DIR_SHOW_WRITABLE=v3 + + # The default icon shown next to non-writable and non-existent directories when + # POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3. + # typeset -g POWERLEVEL9K_LOCK_ICON='⭐' + + # POWERLEVEL9K_DIR_CLASSES allows you to specify custom icons and colors for different + # directories. It must be an array with 3 * N elements. Each triplet consists of: + # + # 1. A pattern against which the current directory ($PWD) is matched. Matching is done with + # extended_glob option enabled. + # 2. Directory class for the purpose of styling. + # 3. An empty string. + # + # Triplets are tried in order. The first triplet whose pattern matches $PWD wins. + # + # If POWERLEVEL9K_DIR_SHOW_WRITABLE is set to v3, non-writable and non-existent directories + # acquire class suffix _NOT_WRITABLE and NON_EXISTENT respectively. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_DIR_CLASSES=( + # '~/work(|/*)' WORK '' + # '~(|/*)' HOME '' + # '*' DEFAULT '') + # + # Whenever the current directory is ~/work or a subdirectory of ~/work, it gets styled with one + # of the following classes depending on its writability and existence: WORK, WORK_NOT_WRITABLE or + # WORK_NON_EXISTENT. + # + # Simply assigning classes to directories doesn't have any visible effects. It merely gives you an + # option to define custom colors and icons for different directory classes. + # + # # Styling for WORK. + # typeset -g POWERLEVEL9K_DIR_WORK_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NOT_WRITABLE. + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_ANCHOR_FOREGROUND=255 + # + # # Styling for WORK_NON_EXISTENT. + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_FOREGROUND=254 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_SHORTENED_FOREGROUND=250 + # typeset -g POWERLEVEL9K_DIR_WORK_NON_EXISTENT_ANCHOR_FOREGROUND=255 + # + # If a styling parameter isn't explicitly defined for some class, it falls back to the classless + # parameter. For example, if POWERLEVEL9K_DIR_WORK_NOT_WRITABLE_FOREGROUND is not set, it falls + # back to POWERLEVEL9K_DIR_FOREGROUND. + # + typeset -g POWERLEVEL9K_DIR_CLASSES=() + + # Custom prefix. + # typeset -g POWERLEVEL9K_DIR_PREFIX='in ' + + #####################################[ vcs: git status ]###################################### + # Version control background colors. + typeset -g POWERLEVEL9K_VCS_CLEAN_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_MODIFIED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_UNTRACKED_BACKGROUND=2 + typeset -g POWERLEVEL9K_VCS_CONFLICTED_BACKGROUND=3 + typeset -g POWERLEVEL9K_VCS_LOADING_BACKGROUND=8 + + # Branch icon. Set this parameter to '\UE0A0 ' for the popular Powerline branch icon. + typeset -g POWERLEVEL9K_VCS_BRANCH_ICON= + + # Untracked files icon. It's really a question mark, your font isn't broken. + # Change the value of this parameter to show a different icon. + typeset -g POWERLEVEL9K_VCS_UNTRACKED_ICON='?' + + # Formatter for Git status. + # + # Example output: master wip ⇣42⇡42 *42 merge ~42 +42 !42 ?42. + # + # You can edit the function to customize how Git status looks. + # + # VCS_STATUS_* parameters are set by gitstatus plugin. See reference: + # https://github.com/romkatv/gitstatus/blob/master/gitstatus.plugin.zsh. + function my_git_formatter() { + emulate -L zsh + + if [[ -n $P9K_CONTENT ]]; then + # If P9K_CONTENT is not empty, use it. It's either "loading" or from vcs_info (not from + # gitstatus plugin). VCS_STATUS_* parameters are not available in this case. + typeset -g my_git_format=$P9K_CONTENT + return + fi + + # Styling for different parts of Git status. + local meta='%7F' # white foreground + local clean='%0F' # black foreground + local modified='%0F' # black foreground + local untracked='%0F' # black foreground + local conflicted='%1F' # red foreground + + local res + + if [[ -n $VCS_STATUS_LOCAL_BRANCH ]]; then + local branch=${(V)VCS_STATUS_LOCAL_BRANCH} + # If local branch name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show local branch name in full without truncation, delete the next line. + (( $#branch > 32 )) && branch[13,-13]="…" # <-- this line + res+="${clean}${(g::)POWERLEVEL9K_VCS_BRANCH_ICON}${branch//\%/%%}" + fi + + if [[ -n $VCS_STATUS_TAG + # Show tag only if not on a branch. + # Tip: To always show tag, delete the next line. + && -z $VCS_STATUS_LOCAL_BRANCH # <-- this line + ]]; then + local tag=${(V)VCS_STATUS_TAG} + # If tag name is at most 32 characters long, show it in full. + # Otherwise show the first 12 … the last 12. + # Tip: To always show tag name in full without truncation, delete the next line. + (( $#tag > 32 )) && tag[13,-13]="…" # <-- this line + res+="${meta}#${clean}${tag//\%/%%}" + fi + + # Display the current Git commit if there is no branch and no tag. + # Tip: To always display the current Git commit, delete the next line. + [[ -z $VCS_STATUS_LOCAL_BRANCH && -z $VCS_STATUS_TAG ]] && # <-- this line + res+="${meta}@${clean}${VCS_STATUS_COMMIT[1,8]}" + + # Show tracking branch name if it differs from local branch. + if [[ -n ${VCS_STATUS_REMOTE_BRANCH:#$VCS_STATUS_LOCAL_BRANCH} ]]; then + res+="${meta}:${clean}${(V)VCS_STATUS_REMOTE_BRANCH//\%/%%}" + fi + + # Display "wip" if the latest commit's summary contains "wip" or "WIP". + if [[ $VCS_STATUS_COMMIT_SUMMARY == (|*[^[:alnum:]])(wip|WIP)(|[^[:alnum:]]*) ]]; then + res+=" ${modified}wip" + fi + + if (( VCS_STATUS_COMMITS_AHEAD || VCS_STATUS_COMMITS_BEHIND )); then + # ⇣42 if behind the remote. + (( VCS_STATUS_COMMITS_BEHIND )) && res+=" ${clean}⇣${VCS_STATUS_COMMITS_BEHIND}" + # ⇡42 if ahead of the remote; no leading space if also behind the remote: ⇣42⇡42. + (( VCS_STATUS_COMMITS_AHEAD && !VCS_STATUS_COMMITS_BEHIND )) && res+=" " + (( VCS_STATUS_COMMITS_AHEAD )) && res+="${clean}⇡${VCS_STATUS_COMMITS_AHEAD}" + elif [[ -n $VCS_STATUS_REMOTE_BRANCH ]]; then + # Tip: Uncomment the next line to display '=' if up to date with the remote. + # res+=" ${clean}=" + fi + + # ⇠42 if behind the push remote. + (( VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" ${clean}⇠${VCS_STATUS_PUSH_COMMITS_BEHIND}" + (( VCS_STATUS_PUSH_COMMITS_AHEAD && !VCS_STATUS_PUSH_COMMITS_BEHIND )) && res+=" " + # ⇢42 if ahead of the push remote; no leading space if also behind: ⇠42⇢42. + (( VCS_STATUS_PUSH_COMMITS_AHEAD )) && res+="${clean}⇢${VCS_STATUS_PUSH_COMMITS_AHEAD}" + # *42 if have stashes. + (( VCS_STATUS_STASHES )) && res+=" ${clean}*${VCS_STATUS_STASHES}" + # 'merge' if the repo is in an unusual state. + [[ -n $VCS_STATUS_ACTION ]] && res+=" ${conflicted}${VCS_STATUS_ACTION}" + # ~42 if have merge conflicts. + (( VCS_STATUS_NUM_CONFLICTED )) && res+=" ${conflicted}~${VCS_STATUS_NUM_CONFLICTED}" + # +42 if have staged changes. + (( VCS_STATUS_NUM_STAGED )) && res+=" ${modified}+${VCS_STATUS_NUM_STAGED}" + # !42 if have unstaged changes. + (( VCS_STATUS_NUM_UNSTAGED )) && res+=" ${modified}!${VCS_STATUS_NUM_UNSTAGED}" + # ?42 if have untracked files. It's really a question mark, your font isn't broken. + # See POWERLEVEL9K_VCS_UNTRACKED_ICON above if you want to use a different icon. + # Remove the next line if you don't want to see untracked files at all. + (( VCS_STATUS_NUM_UNTRACKED )) && res+=" ${untracked}${(g::)POWERLEVEL9K_VCS_UNTRACKED_ICON}${VCS_STATUS_NUM_UNTRACKED}" + # "─" if the number of unstaged files is unknown. This can happen due to + # POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY (see below) being set to a non-negative number lower + # than the number of files in the Git index, or due to bash.showDirtyState being set to false + # in the repository config. The number of staged and untracked files may also be unknown + # in this case. + (( VCS_STATUS_HAS_UNSTAGED == -1 )) && res+=" ${modified}─" + + typeset -g my_git_format=$res + } + functions -M my_git_formatter 2>/dev/null + + # Don't count the number of unstaged, untracked and conflicted files in Git repositories with + # more than this many files in the index. Negative value means infinity. + # + # If you are working in Git repositories with tens of millions of files and seeing performance + # sagging, try setting POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY to a number lower than the output + # of `git ls-files | wc -l`. Alternatively, add `bash.showDirtyState = false` to the repository's + # config: `git config bash.showDirtyState false`. + typeset -g POWERLEVEL9K_VCS_MAX_INDEX_SIZE_DIRTY=-1 + + # Don't show Git status in prompt for repositories whose workdir matches this pattern. + # For example, if set to '~', the Git repository at $HOME/.git will be ignored. + # Multiple patterns can be combined with '|': '~(|/foo)|/bar/baz/*'. + typeset -g POWERLEVEL9K_VCS_DISABLED_WORKDIR_PATTERN='~' + + # Disable the default Git status formatting. + typeset -g POWERLEVEL9K_VCS_DISABLE_GITSTATUS_FORMATTING=true + # Install our own Git status formatter. + typeset -g POWERLEVEL9K_VCS_CONTENT_EXPANSION='${$((my_git_formatter()))+${my_git_format}}' + # Enable counters for staged, unstaged, etc. + typeset -g POWERLEVEL9K_VCS_{STAGED,UNSTAGED,UNTRACKED,CONFLICTED,COMMITS_AHEAD,COMMITS_BEHIND}_MAX_NUM=-1 + + # Custom icon. + typeset -g POWERLEVEL9K_VCS_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_VCS_PREFIX='on ' + + # Show status of repositories of these types. You can add svn and/or hg if you are + # using them. If you do, your prompt may become slow even when your current directory + # isn't in an svn or hg repository. + typeset -g POWERLEVEL9K_VCS_BACKENDS=(git) + + ##########################[ status: exit code of the last command ]########################### + # Enable OK_PIPE, ERROR_PIPE and ERROR_SIGNAL status states to allow us to enable, disable and + # style them independently from the regular OK and ERROR state. + typeset -g POWERLEVEL9K_STATUS_EXTENDED_STATES=true + + # Status on success. No content, just an icon. No need to show it if prompt_char is enabled as + # it will signify success by turning green. + typeset -g POWERLEVEL9K_STATUS_OK=false + typeset -g POWERLEVEL9K_STATUS_OK_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_BACKGROUND=0 + + # Status when some part of a pipe command fails but the overall exit status is zero. It may look + # like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_OK_PIPE=true + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_VISUAL_IDENTIFIER_EXPANSION='✔' + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_FOREGROUND=2 + typeset -g POWERLEVEL9K_STATUS_OK_PIPE_BACKGROUND=0 + + # Status when it's just an error code (e.g., '1'). No need to show it if prompt_char is enabled as + # it will signify error by turning red. + typeset -g POWERLEVEL9K_STATUS_ERROR=false + typeset -g POWERLEVEL9K_STATUS_ERROR_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_BACKGROUND=1 + + # Status when the last command was terminated by a signal. + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL=true + # Use terse signal names: "INT" instead of "SIGINT(2)". + typeset -g POWERLEVEL9K_STATUS_VERBOSE_SIGNAME=false + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_SIGNAL_BACKGROUND=1 + + # Status when some part of a pipe command fails and the overall exit status is also non-zero. + # It may look like this: 1|0. + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE=true + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_VISUAL_IDENTIFIER_EXPANSION='✘' + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_FOREGROUND=3 + typeset -g POWERLEVEL9K_STATUS_ERROR_PIPE_BACKGROUND=1 + + ###################[ command_execution_time: duration of the last command ]################### + # Execution time color. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_BACKGROUND=3 + # Show duration of the last command if takes at least this many seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_THRESHOLD=3 + # Show this many fractional digits. Zero means round to seconds. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PRECISION=0 + # Duration format: 1d 2h 3m 4s. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_FORMAT='d h m s' + # Custom icon. + typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_COMMAND_EXECUTION_TIME_PREFIX='took ' + + #######################[ background_jobs: presence of background jobs ]####################### + # Background jobs color. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_FOREGROUND=6 + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_BACKGROUND=0 + # Don't show the number of background jobs. + typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VERBOSE=false + # Custom icon. + # typeset -g POWERLEVEL9K_BACKGROUND_JOBS_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ direnv: direnv status (https://direnv.net/) ]######################## + # Direnv color. + typeset -g POWERLEVEL9K_DIRENV_FOREGROUND=3 + typeset -g POWERLEVEL9K_DIRENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_DIRENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ asdf: asdf version manager (https://github.com/asdf-vm/asdf) ]############### + # Default asdf color. Only used to display tools for which there is no color override (see below). + # Tip: Override these parameters for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_FOREGROUND and + # POWERLEVEL9K_ASDF_${TOOL}_BACKGROUND. + typeset -g POWERLEVEL9K_ASDF_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_BACKGROUND=7 + + # There are four parameters that can be used to hide asdf tools. Each parameter describes + # conditions under which a tool gets hidden. Parameters can hide tools but not unhide them. If at + # least one parameter decides to hide a tool, that tool gets hidden. If no parameter decides to + # hide a tool, it gets shown. + # + # Special note on the difference between POWERLEVEL9K_ASDF_SOURCES and + # POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW. Consider the effect of the following commands: + # + # asdf local python 3.8.1 + # asdf global python 3.8.1 + # + # After running both commands the current python version is 3.8.1 and its source is "local" as + # it takes precedence over "global". If POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW is set to false, + # it'll hide python version in this case because 3.8.1 is the same as the global version. + # POWERLEVEL9K_ASDF_SOURCES will hide python version only if the value of this parameter doesn't + # contain "local". + + # Hide tool versions that don't come from one of these sources. + # + # Available sources: + # + # - shell `asdf current` says "set by ASDF_${TOOL}_VERSION environment variable" + # - local `asdf current` says "set by /some/not/home/directory/file" + # - global `asdf current` says "set by /home/username/file" + # + # Note: If this parameter is set to (shell local global), it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SOURCES. + typeset -g POWERLEVEL9K_ASDF_SOURCES=(shell local global) + + # If set to false, hide tool versions that are the same as global. + # + # Note: The name of this parameter doesn't reflect its meaning at all. + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_PROMPT_ALWAYS_SHOW. + typeset -g POWERLEVEL9K_ASDF_PROMPT_ALWAYS_SHOW=false + + # If set to false, hide tool versions that are equal to "system". + # + # Note: If this parameter is set to true, it won't hide tools. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_SYSTEM. + typeset -g POWERLEVEL9K_ASDF_SHOW_SYSTEM=true + + # If set to non-empty value, hide tools unless there is a file matching the specified file pattern + # in the current directory, or its parent directory, or its grandparent directory, and so on. + # + # Note: If this parameter is set to empty value, it won't hide tools. + # Note: SHOW_ON_UPGLOB isn't specific to asdf. It works with all prompt segments. + # Tip: Override this parameter for ${TOOL} with POWERLEVEL9K_ASDF_${TOOL}_SHOW_ON_UPGLOB. + # + # Example: Hide nodejs version when there is no package.json and no *.js files in the current + # directory, in `..`, in `../..` and so on. + # + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.js|package.json' + typeset -g POWERLEVEL9K_ASDF_SHOW_ON_UPGLOB= + + # Ruby version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUBY_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUBY_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_RUBY_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUBY_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Python version from asdf. + typeset -g POWERLEVEL9K_ASDF_PYTHON_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PYTHON_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PYTHON_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PYTHON_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Go version from asdf. + typeset -g POWERLEVEL9K_ASDF_GOLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_GOLANG_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_GOLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_GOLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Node.js version from asdf. + typeset -g POWERLEVEL9K_ASDF_NODEJS_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_NODEJS_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_NODEJS_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_NODEJS_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Rust version from asdf. + typeset -g POWERLEVEL9K_ASDF_RUST_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_RUST_BACKGROUND=208 + # typeset -g POWERLEVEL9K_ASDF_RUST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_RUST_SHOW_ON_UPGLOB='*.foo|*.bar' + + # .NET Core version from asdf. + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_DOTNET_CORE_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Flutter version from asdf. + typeset -g POWERLEVEL9K_ASDF_FLUTTER_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_FLUTTER_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_FLUTTER_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Lua version from asdf. + typeset -g POWERLEVEL9K_ASDF_LUA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_LUA_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_LUA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_LUA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Java version from asdf. + typeset -g POWERLEVEL9K_ASDF_JAVA_FOREGROUND=1 + typeset -g POWERLEVEL9K_ASDF_JAVA_BACKGROUND=7 + # typeset -g POWERLEVEL9K_ASDF_JAVA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JAVA_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Perl version from asdf. + typeset -g POWERLEVEL9K_ASDF_PERL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PERL_BACKGROUND=4 + # typeset -g POWERLEVEL9K_ASDF_PERL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PERL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Erlang version from asdf. + typeset -g POWERLEVEL9K_ASDF_ERLANG_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ERLANG_BACKGROUND=1 + # typeset -g POWERLEVEL9K_ASDF_ERLANG_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ERLANG_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Elixir version from asdf. + typeset -g POWERLEVEL9K_ASDF_ELIXIR_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_ELIXIR_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_ELIXIR_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Postgres version from asdf. + typeset -g POWERLEVEL9K_ASDF_POSTGRES_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_POSTGRES_BACKGROUND=6 + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_POSTGRES_SHOW_ON_UPGLOB='*.foo|*.bar' + + # PHP version from asdf. + typeset -g POWERLEVEL9K_ASDF_PHP_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_PHP_BACKGROUND=5 + # typeset -g POWERLEVEL9K_ASDF_PHP_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_PHP_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Haskell version from asdf. + typeset -g POWERLEVEL9K_ASDF_HASKELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_HASKELL_BACKGROUND=3 + # typeset -g POWERLEVEL9K_ASDF_HASKELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_HASKELL_SHOW_ON_UPGLOB='*.foo|*.bar' + + # Julia version from asdf. + typeset -g POWERLEVEL9K_ASDF_JULIA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ASDF_JULIA_BACKGROUND=2 + # typeset -g POWERLEVEL9K_ASDF_JULIA_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_ASDF_JULIA_SHOW_ON_UPGLOB='*.foo|*.bar' + + ##########[ nordvpn: nordvpn connection status, linux only (https://nordvpn.com/) ]########### + # NordVPN connection indicator color. + typeset -g POWERLEVEL9K_NORDVPN_FOREGROUND=7 + typeset -g POWERLEVEL9K_NORDVPN_BACKGROUND=4 + # Hide NordVPN connection indicator when not connected. + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_CONTENT_EXPANSION= + typeset -g POWERLEVEL9K_NORDVPN_{DISCONNECTED,CONNECTING,DISCONNECTING}_VISUAL_IDENTIFIER_EXPANSION= + # Custom icon. + # typeset -g POWERLEVEL9K_NORDVPN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ ranger: ranger shell (https://github.com/ranger/ranger) ]################## + # Ranger shell color. + typeset -g POWERLEVEL9K_RANGER_FOREGROUND=3 + typeset -g POWERLEVEL9K_RANGER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_RANGER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ nnn: nnn shell (https://github.com/jarun/nnn) ]####################### + # Nnn shell color. + typeset -g POWERLEVEL9K_NNN_FOREGROUND=0 + typeset -g POWERLEVEL9K_NNN_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_NNN_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################[ lf: lf shell (https://github.com/gokcehan/lf) ]####################### + # lf shell color. + typeset -g POWERLEVEL9K_LF_FOREGROUND=0 + typeset -g POWERLEVEL9K_LF_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_LF_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ xplr: xplr shell (https://github.com/sayanarijit/xplr) ]################## + # xplr shell color. + typeset -g POWERLEVEL9K_XPLR_FOREGROUND=0 + typeset -g POWERLEVEL9K_XPLR_BACKGROUND=6 + # Custom icon. + # typeset -g POWERLEVEL9K_XPLR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########################[ vim_shell: vim shell indicator (:sh) ]########################### + # Vim shell indicator color. + typeset -g POWERLEVEL9K_VIM_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIM_SHELL_BACKGROUND=2 + # Custom icon. + # typeset -g POWERLEVEL9K_VIM_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ midnight_commander: midnight commander shell (https://midnight-commander.org/) ]###### + # Midnight Commander shell color. + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_FOREGROUND=3 + typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_MIDNIGHT_COMMANDER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ nix_shell: nix shell (https://nixos.org/nixos/nix-pills/developing-with-nix-shell.html) ]## + # Nix shell color. + typeset -g POWERLEVEL9K_NIX_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_NIX_SHELL_BACKGROUND=4 + + # Display the icon of nix_shell if PATH contains a subdirectory of /nix/store. + # typeset -g POWERLEVEL9K_NIX_SHELL_INFER_FROM_PATH=false + + # Tip: If you want to see just the icon without "pure" and "impure", uncomment the next line. + # typeset -g POWERLEVEL9K_NIX_SHELL_CONTENT_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_NIX_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################[ chezmoi_shell: chezmoi shell (https://www.chezmoi.io/) ]################## + # chezmoi shell color. + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_FOREGROUND=0 + typeset -g POWERLEVEL9K_CHEZMOI_SHELL_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_CHEZMOI_SHELL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ disk_usage: disk usage ]################################## + # Colors for different levels of disk usage. + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_FOREGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_NORMAL_BACKGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_BACKGROUND=3 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_FOREGROUND=7 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_BACKGROUND=1 + # Thresholds for different levels of disk usage (percentage points). + typeset -g POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL=90 + typeset -g POWERLEVEL9K_DISK_USAGE_CRITICAL_LEVEL=95 + # If set to true, hide disk usage when below $POWERLEVEL9K_DISK_USAGE_WARNING_LEVEL percent. + typeset -g POWERLEVEL9K_DISK_USAGE_ONLY_WARNING=false + # Custom icon. + # typeset -g POWERLEVEL9K_DISK_USAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ vi_mode: vi mode (you don't need this if you've enabled prompt_char) ]########### + # Foreground color. + typeset -g POWERLEVEL9K_VI_MODE_FOREGROUND=0 + # Text and color for normal (a.k.a. command) vi mode. + typeset -g POWERLEVEL9K_VI_COMMAND_MODE_STRING=NORMAL + typeset -g POWERLEVEL9K_VI_MODE_NORMAL_BACKGROUND=2 + # Text and color for visual vi mode. + typeset -g POWERLEVEL9K_VI_VISUAL_MODE_STRING=VISUAL + typeset -g POWERLEVEL9K_VI_MODE_VISUAL_BACKGROUND=4 + # Text and color for overtype (a.k.a. overwrite and replace) vi mode. + typeset -g POWERLEVEL9K_VI_OVERWRITE_MODE_STRING=OVERTYPE + typeset -g POWERLEVEL9K_VI_MODE_OVERWRITE_BACKGROUND=3 + # Text and color for insert vi mode. + typeset -g POWERLEVEL9K_VI_INSERT_MODE_STRING= + typeset -g POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND=8 + + ######################################[ ram: free RAM ]####################################### + # RAM color. + typeset -g POWERLEVEL9K_RAM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RAM_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_RAM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################################[ swap: used swap ]###################################### + # Swap color. + typeset -g POWERLEVEL9K_SWAP_FOREGROUND=0 + typeset -g POWERLEVEL9K_SWAP_BACKGROUND=3 + # Custom icon. + # typeset -g POWERLEVEL9K_SWAP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######################################[ load: CPU load ]###################################### + # Show average CPU load over this many last minutes. Valid values are 1, 5 and 15. + typeset -g POWERLEVEL9K_LOAD_WHICH=5 + # Load color when load is under 50%. + typeset -g POWERLEVEL9K_LOAD_NORMAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_NORMAL_BACKGROUND=2 + # Load color when load is between 50% and 70%. + typeset -g POWERLEVEL9K_LOAD_WARNING_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_WARNING_BACKGROUND=3 + # Load color when load is over 70%. + typeset -g POWERLEVEL9K_LOAD_CRITICAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_LOAD_CRITICAL_BACKGROUND=1 + # Custom icon. + # typeset -g POWERLEVEL9K_LOAD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ todo: todo items (https://github.com/todotxt/todo.txt-cli) ]################ + # Todo color. + typeset -g POWERLEVEL9K_TODO_FOREGROUND=0 + typeset -g POWERLEVEL9K_TODO_BACKGROUND=8 + # Hide todo when the total number of tasks is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_TOTAL=true + # Hide todo when the number of tasks after filtering is zero. + typeset -g POWERLEVEL9K_TODO_HIDE_ZERO_FILTERED=false + + # Todo format. The following parameters are available within the expansion. + # + # - P9K_TODO_TOTAL_TASK_COUNT The total number of tasks. + # - P9K_TODO_FILTERED_TASK_COUNT The number of tasks after filtering. + # + # These variables correspond to the last line of the output of `todo.sh -p ls`: + # + # TODO: 24 of 42 tasks shown + # + # Here 24 is P9K_TODO_FILTERED_TASK_COUNT and 42 is P9K_TODO_TOTAL_TASK_COUNT. + # + # typeset -g POWERLEVEL9K_TODO_CONTENT_EXPANSION='$P9K_TODO_FILTERED_TASK_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TODO_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ timewarrior: timewarrior tracking status (https://timewarrior.net/) ]############ + # Timewarrior color. + typeset -g POWERLEVEL9K_TIMEWARRIOR_FOREGROUND=255 + typeset -g POWERLEVEL9K_TIMEWARRIOR_BACKGROUND=8 + + # If the tracked task is longer than 24 characters, truncate and append "…". + # Tip: To always display tasks without truncation, delete the following parameter. + # Tip: To hide task names and display just the icon when time tracking is enabled, set the + # value of the following parameter to "". + typeset -g POWERLEVEL9K_TIMEWARRIOR_CONTENT_EXPANSION='${P9K_CONTENT:0:24}${${P9K_CONTENT:24}:+…}' + + # Custom icon. + # typeset -g POWERLEVEL9K_TIMEWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ taskwarrior: taskwarrior task count (https://taskwarrior.org/) ]############## + # Taskwarrior color. + typeset -g POWERLEVEL9K_TASKWARRIOR_FOREGROUND=0 + typeset -g POWERLEVEL9K_TASKWARRIOR_BACKGROUND=6 + + # Taskwarrior segment format. The following parameters are available within the expansion. + # + # - P9K_TASKWARRIOR_PENDING_COUNT The number of pending tasks: `task +PENDING count`. + # - P9K_TASKWARRIOR_OVERDUE_COUNT The number of overdue tasks: `task +OVERDUE count`. + # + # Zero values are represented as empty parameters. + # + # The default format: + # + # '${P9K_TASKWARRIOR_OVERDUE_COUNT:+"!$P9K_TASKWARRIOR_OVERDUE_COUNT/"}$P9K_TASKWARRIOR_PENDING_COUNT' + # + # typeset -g POWERLEVEL9K_TASKWARRIOR_CONTENT_EXPANSION='$P9K_TASKWARRIOR_PENDING_COUNT' + + # Custom icon. + # typeset -g POWERLEVEL9K_TASKWARRIOR_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ######[ per_directory_history: Oh My Zsh per-directory-history local/global indicator ]####### + # Color when using local/global history. + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_BACKGROUND=5 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_FOREGROUND=0 + typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_BACKGROUND=3 + + # Tip: Uncomment the next two lines to hide "local"/"global" text and leave just the icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_CONTENT_EXPANSION='' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_CONTENT_EXPANSION='' + + # Custom icon. + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_LOCAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_PER_DIRECTORY_HISTORY_GLOBAL_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ cpu_arch: CPU architecture ]################################ + # CPU architecture color. + typeset -g POWERLEVEL9K_CPU_ARCH_FOREGROUND=0 + typeset -g POWERLEVEL9K_CPU_ARCH_BACKGROUND=3 + + # Hide the segment when on a specific CPU architecture. + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_CONTENT_EXPANSION= + # typeset -g POWERLEVEL9K_CPU_ARCH_X86_64_VISUAL_IDENTIFIER_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CPU_ARCH_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##################################[ context: user@hostname ]################################## + # Context color when running with privileges. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND=1 + typeset -g POWERLEVEL9K_CONTEXT_ROOT_BACKGROUND=0 + # Context color in SSH without privileges. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_BACKGROUND=0 + # Default context color (no privileges, no SSH). + typeset -g POWERLEVEL9K_CONTEXT_FOREGROUND=3 + typeset -g POWERLEVEL9K_CONTEXT_BACKGROUND=0 + + # Context format when running with privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_ROOT_TEMPLATE='%n@%m' + # Context format when in SSH without privileges: user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_{REMOTE,REMOTE_SUDO}_TEMPLATE='%n@%m' + # Default context format (no privileges, no SSH): user@hostname. + typeset -g POWERLEVEL9K_CONTEXT_TEMPLATE='%n@%m' + + # Don't show context unless running with privileges or in SSH. + # Tip: Remove the next line to always show context. + typeset -g POWERLEVEL9K_CONTEXT_{DEFAULT,SUDO}_{CONTENT,VISUAL_IDENTIFIER}_EXPANSION= + + # Custom icon. + # typeset -g POWERLEVEL9K_CONTEXT_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_CONTEXT_PREFIX='with ' + + ###[ virtualenv: python virtual environment (https://docs.python.org/3/library/venv.html) ]### + # Python virtual environment color. + typeset -g POWERLEVEL9K_VIRTUALENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_VIRTUALENV_BACKGROUND=4 + # Don't show Python version next to the virtual environment name. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_PYTHON_VERSION=false + # If set to "false", won't show virtualenv if pyenv is already shown. + # If set to "if-different", won't show virtualenv if it's the same as pyenv. + typeset -g POWERLEVEL9K_VIRTUALENV_SHOW_WITH_PYENV=false + # Separate environment name from Python version only with a space. + typeset -g POWERLEVEL9K_VIRTUALENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_VIRTUALENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ anaconda: conda environment (https://conda.io/) ]###################### + # Anaconda environment color. + typeset -g POWERLEVEL9K_ANACONDA_FOREGROUND=0 + typeset -g POWERLEVEL9K_ANACONDA_BACKGROUND=4 + + # Anaconda segment format. The following parameters are available within the expansion. + # + # - CONDA_PREFIX Absolute path to the active Anaconda/Miniconda environment. + # - CONDA_DEFAULT_ENV Name of the active Anaconda/Miniconda environment. + # - CONDA_PROMPT_MODIFIER Configurable prompt modifier (see below). + # - P9K_ANACONDA_PYTHON_VERSION Current python version (python --version). + # + # CONDA_PROMPT_MODIFIER can be configured with the following command: + # + # conda config --set env_prompt '({default_env}) ' + # + # The last argument is a Python format string that can use the following variables: + # + # - prefix The same as CONDA_PREFIX. + # - default_env The same as CONDA_DEFAULT_ENV. + # - name The last segment of CONDA_PREFIX. + # - stacked_env Comma-separated list of names in the environment stack. The first element is + # always the same as default_env. + # + # Note: '({default_env}) ' is the default value of env_prompt. + # + # The default value of POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION expands to $CONDA_PROMPT_MODIFIER + # without the surrounding parentheses, or to the last path component of CONDA_PREFIX if the former + # is empty. + typeset -g POWERLEVEL9K_ANACONDA_CONTENT_EXPANSION='${${${${CONDA_PROMPT_MODIFIER#\(}% }%\)}:-${CONDA_PREFIX:t}}' + + # Custom icon. + # typeset -g POWERLEVEL9K_ANACONDA_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ pyenv: python environment (https://github.com/pyenv/pyenv) ]################ + # Pyenv color. + typeset -g POWERLEVEL9K_PYENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PYENV_BACKGROUND=4 + # Hide python version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PYENV_SOURCES=(shell local global) + # If set to false, hide python version if it's the same as global: + # $(pyenv version-name) == $(pyenv global). + typeset -g POWERLEVEL9K_PYENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide python version if it's equal to "system". + typeset -g POWERLEVEL9K_PYENV_SHOW_SYSTEM=true + + # Pyenv segment format. The following parameters are available within the expansion. + # + # - P9K_CONTENT Current pyenv environment (pyenv version-name). + # - P9K_PYENV_PYTHON_VERSION Current python version (python --version). + # + # The default format has the following logic: + # + # 1. Display just "$P9K_CONTENT" if it's equal to "$P9K_PYENV_PYTHON_VERSION" or + # starts with "$P9K_PYENV_PYTHON_VERSION/". + # 2. Otherwise display "$P9K_CONTENT $P9K_PYENV_PYTHON_VERSION". + typeset -g POWERLEVEL9K_PYENV_CONTENT_EXPANSION='${P9K_CONTENT}${${P9K_CONTENT:#$P9K_PYENV_PYTHON_VERSION(|/*)}:+ $P9K_PYENV_PYTHON_VERSION}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PYENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ goenv: go environment (https://github.com/syndbg/goenv) ]################ + # Goenv color. + typeset -g POWERLEVEL9K_GOENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_GOENV_BACKGROUND=4 + # Hide go version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_GOENV_SOURCES=(shell local global) + # If set to false, hide go version if it's the same as global: + # $(goenv version-name) == $(goenv global). + typeset -g POWERLEVEL9K_GOENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide go version if it's equal to "system". + typeset -g POWERLEVEL9K_GOENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_GOENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ nodenv: node.js version from nodenv (https://github.com/nodenv/nodenv) ]########## + # Nodenv color. + typeset -g POWERLEVEL9K_NODENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODENV_BACKGROUND=0 + # Hide node version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_NODENV_SOURCES=(shell local global) + # If set to false, hide node version if it's the same as global: + # $(nodenv version-name) == $(nodenv global). + typeset -g POWERLEVEL9K_NODENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NODENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############[ nvm: node.js version from nvm (https://github.com/nvm-sh/nvm) ]############### + # Nvm color. + typeset -g POWERLEVEL9K_NVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_NVM_BACKGROUND=5 + # If set to false, hide node version if it's the same as default: + # $(nvm version current) == $(nvm version default). + typeset -g POWERLEVEL9K_NVM_PROMPT_ALWAYS_SHOW=false + # If set to false, hide node version if it's equal to "system". + typeset -g POWERLEVEL9K_NVM_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_NVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ nodeenv: node.js environment (https://github.com/ekalinin/nodeenv) ]############ + # Nodeenv color. + typeset -g POWERLEVEL9K_NODEENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_NODEENV_BACKGROUND=0 + # Don't show Node version next to the environment name. + typeset -g POWERLEVEL9K_NODEENV_SHOW_NODE_VERSION=false + # Separate environment name from Node version only with a space. + typeset -g POWERLEVEL9K_NODEENV_{LEFT,RIGHT}_DELIMITER= + # Custom icon. + # typeset -g POWERLEVEL9K_NODEENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##############################[ node_version: node.js version ]############################### + # Node version color. + typeset -g POWERLEVEL9K_NODE_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_NODE_VERSION_BACKGROUND=2 + # Show node version only when in a directory tree containing package.json. + typeset -g POWERLEVEL9K_NODE_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_NODE_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ go_version: go version (https://golang.org) ]######################## + # Go version color. + typeset -g POWERLEVEL9K_GO_VERSION_FOREGROUND=255 + typeset -g POWERLEVEL9K_GO_VERSION_BACKGROUND=2 + # Show go version only when in a go project subdirectory. + typeset -g POWERLEVEL9K_GO_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_GO_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #################[ rust_version: rustc version (https://www.rust-lang.org) ]################## + # Rust version color. + typeset -g POWERLEVEL9K_RUST_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_RUST_VERSION_BACKGROUND=208 + # Show rust version only when in a rust project subdirectory. + typeset -g POWERLEVEL9K_RUST_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_RUST_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ dotnet_version: .NET version (https://dotnet.microsoft.com) ]################ + # .NET version color. + typeset -g POWERLEVEL9K_DOTNET_VERSION_FOREGROUND=7 + typeset -g POWERLEVEL9K_DOTNET_VERSION_BACKGROUND=5 + # Show .NET version only when in a .NET project subdirectory. + typeset -g POWERLEVEL9K_DOTNET_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_DOTNET_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #####################[ php_version: php version (https://www.php.net/) ]###################### + # PHP version color. + typeset -g POWERLEVEL9K_PHP_VERSION_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHP_VERSION_BACKGROUND=5 + # Show PHP version only when in a PHP project subdirectory. + typeset -g POWERLEVEL9K_PHP_VERSION_PROJECT_ONLY=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHP_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ laravel_version: laravel php framework version (https://laravel.com/) ]########### + # Laravel version color. + typeset -g POWERLEVEL9K_LARAVEL_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_LARAVEL_VERSION_BACKGROUND=7 + # Custom icon. + # typeset -g POWERLEVEL9K_LARAVEL_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ rbenv: ruby version from rbenv (https://github.com/rbenv/rbenv) ]############## + # Rbenv color. + typeset -g POWERLEVEL9K_RBENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_RBENV_BACKGROUND=1 + # Hide ruby version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_RBENV_SOURCES=(shell local global) + # If set to false, hide ruby version if it's the same as global: + # $(rbenv version-name) == $(rbenv global). + typeset -g POWERLEVEL9K_RBENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide ruby version if it's equal to "system". + typeset -g POWERLEVEL9K_RBENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_RBENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ####################[ java_version: java version (https://www.java.com/) ]#################### + # Java version color. + typeset -g POWERLEVEL9K_JAVA_VERSION_FOREGROUND=1 + typeset -g POWERLEVEL9K_JAVA_VERSION_BACKGROUND=7 + # Show java version only when in a java project subdirectory. + typeset -g POWERLEVEL9K_JAVA_VERSION_PROJECT_ONLY=true + # Show brief version. + typeset -g POWERLEVEL9K_JAVA_VERSION_FULL=false + # Custom icon. + # typeset -g POWERLEVEL9K_JAVA_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###[ package: name@version from package.json (https://docs.npmjs.com/files/package.json) ]#### + # Package color. + typeset -g POWERLEVEL9K_PACKAGE_FOREGROUND=0 + typeset -g POWERLEVEL9K_PACKAGE_BACKGROUND=6 + + # Package format. The following parameters are available within the expansion. + # + # - P9K_PACKAGE_NAME The value of `name` field in package.json. + # - P9K_PACKAGE_VERSION The value of `version` field in package.json. + # + # typeset -g POWERLEVEL9K_PACKAGE_CONTENT_EXPANSION='${P9K_PACKAGE_NAME//\%/%%}@${P9K_PACKAGE_VERSION//\%/%%}' + + # Custom icon. + # typeset -g POWERLEVEL9K_PACKAGE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######################[ rvm: ruby version from rvm (https://rvm.io) ]######################## + # Rvm color. + typeset -g POWERLEVEL9K_RVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_RVM_BACKGROUND=240 + # Don't show @gemset at the end. + typeset -g POWERLEVEL9K_RVM_SHOW_GEMSET=false + # Don't show ruby- at the front. + typeset -g POWERLEVEL9K_RVM_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_RVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ fvm: flutter version management (https://github.com/leoafarias/fvm) ]############ + # Fvm color. + typeset -g POWERLEVEL9K_FVM_FOREGROUND=0 + typeset -g POWERLEVEL9K_FVM_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_FVM_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ luaenv: lua version from luaenv (https://github.com/cehoffman/luaenv) ]########### + # Lua color. + typeset -g POWERLEVEL9K_LUAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_LUAENV_BACKGROUND=4 + # Hide lua version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_LUAENV_SOURCES=(shell local global) + # If set to false, hide lua version if it's the same as global: + # $(luaenv version-name) == $(luaenv global). + typeset -g POWERLEVEL9K_LUAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide lua version if it's equal to "system". + typeset -g POWERLEVEL9K_LUAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_LUAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###############[ jenv: java version from jenv (https://github.com/jenv/jenv) ]################ + # Java color. + typeset -g POWERLEVEL9K_JENV_FOREGROUND=1 + typeset -g POWERLEVEL9K_JENV_BACKGROUND=7 + # Hide java version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_JENV_SOURCES=(shell local global) + # If set to false, hide java version if it's the same as global: + # $(jenv version-name) == $(jenv global). + typeset -g POWERLEVEL9K_JENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide java version if it's equal to "system". + typeset -g POWERLEVEL9K_JENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_JENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ plenv: perl version from plenv (https://github.com/tokuhirom/plenv) ]############ + # Perl color. + typeset -g POWERLEVEL9K_PLENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PLENV_BACKGROUND=4 + # Hide perl version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PLENV_SOURCES=(shell local global) + # If set to false, hide perl version if it's the same as global: + # $(plenv version-name) == $(plenv global). + typeset -g POWERLEVEL9K_PLENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide perl version if it's equal to "system". + typeset -g POWERLEVEL9K_PLENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PLENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ perlbrew: perl version from perlbrew (https://github.com/gugod/App-perlbrew) ]############ + # Perlbrew color. + typeset -g POWERLEVEL9K_PERLBREW_FOREGROUND=67 + # Show perlbrew version only when in a perl project subdirectory. + typeset -g POWERLEVEL9K_PERLBREW_PROJECT_ONLY=true + # Don't show "perl-" at the front. + typeset -g POWERLEVEL9K_PERLBREW_SHOW_PREFIX=false + # Custom icon. + # typeset -g POWERLEVEL9K_PERLBREW_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ############[ phpenv: php version from phpenv (https://github.com/phpenv/phpenv) ]############ + # PHP color. + typeset -g POWERLEVEL9K_PHPENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_PHPENV_BACKGROUND=5 + # Hide php version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_PHPENV_SOURCES=(shell local global) + # If set to false, hide php version if it's the same as global: + # $(phpenv version-name) == $(phpenv global). + typeset -g POWERLEVEL9K_PHPENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide PHP version if it's equal to "system". + typeset -g POWERLEVEL9K_PHPENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_PHPENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #######[ scalaenv: scala version from scalaenv (https://github.com/scalaenv/scalaenv) ]####### + # Scala color. + typeset -g POWERLEVEL9K_SCALAENV_FOREGROUND=0 + typeset -g POWERLEVEL9K_SCALAENV_BACKGROUND=1 + # Hide scala version if it doesn't come from one of these sources. + typeset -g POWERLEVEL9K_SCALAENV_SOURCES=(shell local global) + # If set to false, hide scala version if it's the same as global: + # $(scalaenv version-name) == $(scalaenv global). + typeset -g POWERLEVEL9K_SCALAENV_PROMPT_ALWAYS_SHOW=false + # If set to false, hide scala version if it's equal to "system". + typeset -g POWERLEVEL9K_SCALAENV_SHOW_SYSTEM=true + # Custom icon. + # typeset -g POWERLEVEL9K_SCALAENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ haskell_stack: haskell version from stack (https://haskellstack.org/) ]########### + # Haskell color. + typeset -g POWERLEVEL9K_HASKELL_STACK_FOREGROUND=0 + typeset -g POWERLEVEL9K_HASKELL_STACK_BACKGROUND=3 + + # Hide haskell version if it doesn't come from one of these sources. + # + # shell: version is set by STACK_YAML + # local: version is set by stack.yaml up the directory tree + # global: version is set by the implicit global project (~/.stack/global-project/stack.yaml) + typeset -g POWERLEVEL9K_HASKELL_STACK_SOURCES=(shell local) + # If set to false, hide haskell version if it's the same as in the implicit global project. + typeset -g POWERLEVEL9K_HASKELL_STACK_ALWAYS_SHOW=true + # Custom icon. + # typeset -g POWERLEVEL9K_HASKELL_STACK_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform: terraform workspace (https://www.terraform.io) ]################# + # Don't show terraform workspace if it's literally "default". + typeset -g POWERLEVEL9K_TERRAFORM_SHOW_DEFAULT=false + # POWERLEVEL9K_TERRAFORM_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current terraform workspace gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_TERRAFORM_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_TERRAFORM_CLASSES defines the workspace class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current terraform workspace is "project_test", its class is TEST because "project_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_TERRAFORM_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_TERRAFORM_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_OTHER_BACKGROUND=0 + # typeset -g POWERLEVEL9K_TERRAFORM_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #############[ terraform_version: terraform version (https://www.terraform.io) ]############## + # Terraform version color. + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_FOREGROUND=4 + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_TERRAFORM_VERSION_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################[ terraform_version: It shows active terraform version (https://www.terraform.io) ]################# + typeset -g POWERLEVEL9K_TERRAFORM_VERSION_SHOW_ON_COMMAND='terraform|tf' + + #############[ kubecontext: current kubernetes context (https://kubernetes.io/) ]############# + # Show kubecontext only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show kubecontext. + typeset -g POWERLEVEL9K_KUBECONTEXT_SHOW_ON_COMMAND='kubectl|helm|kubens|kubectx|oc|istioctl|kogito|k9s|helmfile|flux|fluxctl|stern|kubeseal|skaffold|kubent|kubecolor|cmctl|sparkctl' + + # Kubernetes context classes for the purpose of using different colors, icons and expansions with + # different contexts. + # + # POWERLEVEL9K_KUBECONTEXT_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current kubernetes context gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_KUBECONTEXT_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_KUBECONTEXT_CLASSES defines the context class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current kubernetes context is "deathray-testing/default", its class is TEST + # because "deathray-testing/default" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_FOREGROUND=0 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_BACKGROUND=2 + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_KUBECONTEXT_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_KUBECONTEXT_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_BACKGROUND=5 + # typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_KUBECONTEXT_CONTENT_EXPANSION to specify the content displayed by kubecontext + # segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # Within the expansion the following parameters are always available: + # + # - P9K_CONTENT The content that would've been displayed if there was no content + # expansion defined. + # - P9K_KUBECONTEXT_NAME The current context's name. Corresponds to column NAME in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_CLUSTER The current context's cluster. Corresponds to column CLUSTER in the + # output of `kubectl config get-contexts`. + # - P9K_KUBECONTEXT_NAMESPACE The current context's namespace. Corresponds to column NAMESPACE + # in the output of `kubectl config get-contexts`. If there is no + # namespace, the parameter is set to "default". + # - P9K_KUBECONTEXT_USER The current context's user. Corresponds to column AUTHINFO in the + # output of `kubectl config get-contexts`. + # + # If the context points to Google Kubernetes Engine (GKE) or Elastic Kubernetes Service (EKS), + # the following extra parameters are available: + # + # - P9K_KUBECONTEXT_CLOUD_NAME Either "gke" or "eks". + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT Account/project ID. + # - P9K_KUBECONTEXT_CLOUD_ZONE Availability zone. + # - P9K_KUBECONTEXT_CLOUD_CLUSTER Cluster. + # + # P9K_KUBECONTEXT_CLOUD_* parameters are derived from P9K_KUBECONTEXT_CLUSTER. For example, + # if P9K_KUBECONTEXT_CLUSTER is "gke_my-account_us-east1-a_my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=gke + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=my-account + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east1-a + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + # + # If P9K_KUBECONTEXT_CLUSTER is "arn:aws:eks:us-east-1:123456789012:cluster/my-cluster-01": + # + # - P9K_KUBECONTEXT_CLOUD_NAME=eks + # - P9K_KUBECONTEXT_CLOUD_ACCOUNT=123456789012 + # - P9K_KUBECONTEXT_CLOUD_ZONE=us-east-1 + # - P9K_KUBECONTEXT_CLOUD_CLUSTER=my-cluster-01 + typeset -g POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION= + # Show P9K_KUBECONTEXT_CLOUD_CLUSTER if it's not empty and fall back to P9K_KUBECONTEXT_NAME. + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${P9K_KUBECONTEXT_CLOUD_CLUSTER:-${P9K_KUBECONTEXT_NAME}}' + # Append the current context's namespace if it's not "default". + POWERLEVEL9K_KUBECONTEXT_DEFAULT_CONTENT_EXPANSION+='${${:-/$P9K_KUBECONTEXT_NAMESPACE}:#/default}' + + # Custom prefix. + # typeset -g POWERLEVEL9K_KUBECONTEXT_PREFIX='at ' + + #[ aws: aws profile (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) ]# + # Show aws only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show aws. + typeset -g POWERLEVEL9K_AWS_SHOW_ON_COMMAND='aws|awless|cdk|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AWS_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current AWS profile gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AWS_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AWS_CLASSES defines the profile class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' DEFAULT) + # + # If your current AWS profile is "company_test", its class is TEST + # because "company_test" doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AWS_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_AWS_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AWS_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AWS_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_AWS_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_AWS_DEFAULT_BACKGROUND=1 + # typeset -g POWERLEVEL9K_AWS_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # AWS segment format. The following parameters are available within the expansion. + # + # - P9K_AWS_PROFILE The name of the current AWS profile. + # - P9K_AWS_REGION The region associated with the current AWS profile. + typeset -g POWERLEVEL9K_AWS_CONTENT_EXPANSION='${P9K_AWS_PROFILE//\%/%%}${P9K_AWS_REGION:+ ${P9K_AWS_REGION//\%/%%}}' + + #[ aws_eb_env: aws elastic beanstalk environment (https://aws.amazon.com/elasticbeanstalk/) ]# + # AWS Elastic Beanstalk environment color. + typeset -g POWERLEVEL9K_AWS_EB_ENV_FOREGROUND=2 + typeset -g POWERLEVEL9K_AWS_EB_ENV_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_AWS_EB_ENV_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ azure: azure account name (https://docs.microsoft.com/en-us/cli/azure) ]########## + # Show azure only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show azure. + typeset -g POWERLEVEL9K_AZURE_SHOW_ON_COMMAND='az|terraform|pulumi|terragrunt' + + # POWERLEVEL9K_AZURE_CLASSES is an array with even number of elements. The first element + # in each pair defines a pattern against which the current azure account name gets matched. + # More specifically, it's P9K_CONTENT prior to the application of context expansion (see below) + # that gets matched. If you unset all POWERLEVEL9K_AZURE_*CONTENT_EXPANSION parameters, + # you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_AZURE_CLASSES defines the account class. Patterns are tried in order. The + # first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD + # '*test*' TEST + # '*' OTHER) + # + # If your current azure account is "company_test", its class is TEST because "company_test" + # doesn't match the pattern '*prod*' but does match '*test*'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_AZURE_TEST_FOREGROUND=2 + # typeset -g POWERLEVEL9K_AZURE_TEST_BACKGROUND=0 + # typeset -g POWERLEVEL9K_AZURE_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_AZURE_TEST_CONTENT_EXPANSION='> ${P9K_CONTENT} <' + typeset -g POWERLEVEL9K_AZURE_CLASSES=( + # '*prod*' PROD # These values are examples that are unlikely + # '*test*' TEST # to match your needs. Customize them as needed. + '*' OTHER) + + # Azure account name color. + typeset -g POWERLEVEL9K_AZURE_OTHER_FOREGROUND=7 + typeset -g POWERLEVEL9K_AZURE_OTHER_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_AZURE_OTHER_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ##########[ gcloud: google cloud account and project (https://cloud.google.com/) ]########### + # Show gcloud only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show gcloud. + typeset -g POWERLEVEL9K_GCLOUD_SHOW_ON_COMMAND='gcloud|gcs|gsutil' + # Google cloud color. + typeset -g POWERLEVEL9K_GCLOUD_FOREGROUND=7 + typeset -g POWERLEVEL9K_GCLOUD_BACKGROUND=4 + + # Google cloud format. Change the value of POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION and/or + # POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION if the default is too verbose or not informative + # enough. You can use the following parameters in the expansions. Each of them corresponds to the + # output of `gcloud` tool. + # + # Parameter | Source + # -------------------------|-------------------------------------------------------------------- + # P9K_GCLOUD_CONFIGURATION | gcloud config configurations list --format='value(name)' + # P9K_GCLOUD_ACCOUNT | gcloud config get-value account + # P9K_GCLOUD_PROJECT_ID | gcloud config get-value project + # P9K_GCLOUD_PROJECT_NAME | gcloud projects describe $P9K_GCLOUD_PROJECT_ID --format='value(name)' + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced with '%%'. + # + # Obtaining project name requires sending a request to Google servers. This can take a long time + # and even fail. When project name is unknown, P9K_GCLOUD_PROJECT_NAME is not set and gcloud + # prompt segment is in state PARTIAL. When project name gets known, P9K_GCLOUD_PROJECT_NAME gets + # set and gcloud prompt segment transitions to state COMPLETE. + # + # You can customize the format, icon and colors of gcloud segment separately for states PARTIAL + # and COMPLETE. You can also hide gcloud in state PARTIAL by setting + # POWERLEVEL9K_GCLOUD_PARTIAL_VISUAL_IDENTIFIER_EXPANSION and + # POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION to empty. + typeset -g POWERLEVEL9K_GCLOUD_PARTIAL_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_ID//\%/%%}' + typeset -g POWERLEVEL9K_GCLOUD_COMPLETE_CONTENT_EXPANSION='${P9K_GCLOUD_PROJECT_NAME//\%/%%}' + + # Send a request to Google (by means of `gcloud projects describe ...`) to obtain project name + # this often. Negative value disables periodic polling. In this mode project name is retrieved + # only when the current configuration, account or project id changes. + typeset -g POWERLEVEL9K_GCLOUD_REFRESH_PROJECT_NAME_SECONDS=60 + + # Custom icon. + # typeset -g POWERLEVEL9K_GCLOUD_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #[ google_app_cred: google application credentials (https://cloud.google.com/docs/authentication/production) ]# + # Show google_app_cred only when the command you are typing invokes one of these tools. + # Tip: Remove the next line to always show google_app_cred. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_SHOW_ON_COMMAND='terraform|pulumi|terragrunt' + + # Google application credentials classes for the purpose of using different colors, icons and + # expansions with different credentials. + # + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES is an array with even number of elements. The first + # element in each pair defines a pattern against which the current kubernetes context gets + # matched. More specifically, it's P9K_CONTENT prior to the application of context expansion + # (see below) that gets matched. If you unset all POWERLEVEL9K_GOOGLE_APP_CRED_*CONTENT_EXPANSION + # parameters, you'll see this value in your prompt. The second element of each pair in + # POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES defines the context class. Patterns are tried in order. + # The first match wins. + # + # For example, given these settings: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD + # '*:*test*:*' TEST + # '*' DEFAULT) + # + # If your current Google application credentials is "service_account deathray-testing x@y.com", + # its class is TEST because it doesn't match the pattern '* *prod* *' but does match '* *test* *'. + # + # You can define different colors, icons and content expansions for different classes: + # + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_FOREGROUND=28 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_VISUAL_IDENTIFIER_EXPANSION='⭐' + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_TEST_CONTENT_EXPANSION='$P9K_GOOGLE_APP_CRED_PROJECT_ID' + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_CLASSES=( + # '*:*prod*:*' PROD # These values are examples that are unlikely + # '*:*test*:*' TEST # to match your needs. Customize them as needed. + '*' DEFAULT) + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_FOREGROUND=7 + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_BACKGROUND=4 + # typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use POWERLEVEL9K_GOOGLE_APP_CRED_CONTENT_EXPANSION to specify the content displayed by + # google_app_cred segment. Parameter expansions are very flexible and fast, too. See reference: + # http://zsh.sourceforge.net/Doc/Release/Expansion.html#Parameter-Expansion. + # + # You can use the following parameters in the expansion. Each of them corresponds to one of the + # fields in the JSON file pointed to by GOOGLE_APPLICATION_CREDENTIALS. + # + # Parameter | JSON key file field + # ---------------------------------+--------------- + # P9K_GOOGLE_APP_CRED_TYPE | type + # P9K_GOOGLE_APP_CRED_PROJECT_ID | project_id + # P9K_GOOGLE_APP_CRED_CLIENT_EMAIL | client_email + # + # Note: ${VARIABLE//\%/%%} expands to ${VARIABLE} with all occurrences of '%' replaced by '%%'. + typeset -g POWERLEVEL9K_GOOGLE_APP_CRED_DEFAULT_CONTENT_EXPANSION='${P9K_GOOGLE_APP_CRED_PROJECT_ID//\%/%%}' + + ##############[ toolbox: toolbox name (https://github.com/containers/toolbox) ]############### + # Toolbox color. + typeset -g POWERLEVEL9K_TOOLBOX_FOREGROUND=0 + typeset -g POWERLEVEL9K_TOOLBOX_BACKGROUND=3 + # Don't display the name of the toolbox if it matches fedora-toolbox-*. + typeset -g POWERLEVEL9K_TOOLBOX_CONTENT_EXPANSION='${P9K_TOOLBOX_NAME:#fedora-toolbox-*}' + # Custom icon. + # typeset -g POWERLEVEL9K_TOOLBOX_VISUAL_IDENTIFIER_EXPANSION='⭐' + # Custom prefix. + # typeset -g POWERLEVEL9K_TOOLBOX_PREFIX='in ' + + ###############################[ public_ip: public IP address ]############################### + # Public IP color. + typeset -g POWERLEVEL9K_PUBLIC_IP_FOREGROUND=7 + typeset -g POWERLEVEL9K_PUBLIC_IP_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PUBLIC_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ########################[ vpn_ip: virtual private network indicator ]######################### + # VPN IP color. + typeset -g POWERLEVEL9K_VPN_IP_FOREGROUND=0 + typeset -g POWERLEVEL9K_VPN_IP_BACKGROUND=6 + # When on VPN, show just an icon without the IP address. + # Tip: To display the private IP address when on VPN, remove the next line. + typeset -g POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION= + # Regular expression for the VPN network interface. Run `ifconfig` or `ip -4 a show` while on VPN + # to see the name of the interface. + typeset -g POWERLEVEL9K_VPN_IP_INTERFACE='(gpd|wg|(.*tun)|tailscale)[0-9]*|(zt.*)' + # If set to true, show one segment per matching network interface. If set to false, show only + # one segment corresponding to the first matching network interface. + # Tip: If you set it to true, you'll probably want to unset POWERLEVEL9K_VPN_IP_CONTENT_EXPANSION. + typeset -g POWERLEVEL9K_VPN_IP_SHOW_ALL=false + # Custom icon. + # typeset -g POWERLEVEL9K_VPN_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ###########[ ip: ip address and bandwidth usage for a specified network interface ]########### + # IP color. + typeset -g POWERLEVEL9K_IP_BACKGROUND=4 + typeset -g POWERLEVEL9K_IP_FOREGROUND=0 + # The following parameters are accessible within the expansion: + # + # Parameter | Meaning + # ----------------------+------------------------------------------- + # P9K_IP_IP | IP address + # P9K_IP_INTERFACE | network interface + # P9K_IP_RX_BYTES | total number of bytes received + # P9K_IP_TX_BYTES | total number of bytes sent + # P9K_IP_RX_BYTES_DELTA | number of bytes received since last prompt + # P9K_IP_TX_BYTES_DELTA | number of bytes sent since last prompt + # P9K_IP_RX_RATE | receive rate (since last prompt) + # P9K_IP_TX_RATE | send rate (since last prompt) + typeset -g POWERLEVEL9K_IP_CONTENT_EXPANSION='${P9K_IP_RX_RATE:+⇣$P9K_IP_RX_RATE }${P9K_IP_TX_RATE:+⇡$P9K_IP_TX_RATE }$P9K_IP_IP' + # Show information for the first network interface whose name matches this regular expression. + # Run `ifconfig` or `ip -4 a show` to see the names of all network interfaces. + typeset -g POWERLEVEL9K_IP_INTERFACE='[ew].*' + # Custom icon. + # typeset -g POWERLEVEL9K_IP_VISUAL_IDENTIFIER_EXPANSION='⭐' + + #########################[ proxy: system-wide http/https/ftp proxy ]########################## + # Proxy color. + typeset -g POWERLEVEL9K_PROXY_FOREGROUND=4 + typeset -g POWERLEVEL9K_PROXY_BACKGROUND=0 + # Custom icon. + # typeset -g POWERLEVEL9K_PROXY_VISUAL_IDENTIFIER_EXPANSION='⭐' + + ################################[ battery: internal battery ]################################# + # Show battery in red when it's below this level and not connected to power supply. + typeset -g POWERLEVEL9K_BATTERY_LOW_THRESHOLD=20 + typeset -g POWERLEVEL9K_BATTERY_LOW_FOREGROUND=1 + # Show battery in green when it's charging or fully charged. + typeset -g POWERLEVEL9K_BATTERY_{CHARGING,CHARGED}_FOREGROUND=2 + # Show battery in yellow when it's discharging. + typeset -g POWERLEVEL9K_BATTERY_DISCONNECTED_FOREGROUND=3 + # Battery pictograms going from low to high level of charge. + typeset -g POWERLEVEL9K_BATTERY_STAGES='\uf58d\uf579\uf57a\uf57b\uf57c\uf57d\uf57e\uf57f\uf580\uf581\uf578' + # Don't show the remaining time to charge/discharge. + typeset -g POWERLEVEL9K_BATTERY_VERBOSE=false + typeset -g POWERLEVEL9K_BATTERY_BACKGROUND=0 + + #####################################[ wifi: wifi speed ]##################################### + # WiFi color. + typeset -g POWERLEVEL9K_WIFI_FOREGROUND=0 + typeset -g POWERLEVEL9K_WIFI_BACKGROUND=4 + # Custom icon. + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Use different colors and icons depending on signal strength ($P9K_WIFI_BARS). + # + # # Wifi colors and icons for different signal strength levels (low to high). + # typeset -g my_wifi_fg=(0 0 0 0 0) # <-- change these values + # typeset -g my_wifi_icon=('WiFi' 'WiFi' 'WiFi' 'WiFi' 'WiFi') # <-- change these values + # + # typeset -g POWERLEVEL9K_WIFI_CONTENT_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}$P9K_WIFI_LAST_TX_RATE Mbps' + # typeset -g POWERLEVEL9K_WIFI_VISUAL_IDENTIFIER_EXPANSION='%F{${my_wifi_fg[P9K_WIFI_BARS+1]}}${my_wifi_icon[P9K_WIFI_BARS+1]}' + # + # The following parameters are accessible within the expansions: + # + # Parameter | Meaning + # ----------------------+--------------- + # P9K_WIFI_SSID | service set identifier, a.k.a. network name + # P9K_WIFI_LINK_AUTH | authentication protocol such as "wpa2-psk" or "none"; empty if unknown + # P9K_WIFI_LAST_TX_RATE | wireless transmit rate in megabits per second + # P9K_WIFI_RSSI | signal strength in dBm, from -120 to 0 + # P9K_WIFI_NOISE | noise in dBm, from -120 to 0 + # P9K_WIFI_BARS | signal strength in bars, from 0 to 4 (derived from P9K_WIFI_RSSI and P9K_WIFI_NOISE) + + ####################################[ time: current time ]#################################### + # Current time color. + typeset -g POWERLEVEL9K_TIME_FOREGROUND=0 + typeset -g POWERLEVEL9K_TIME_BACKGROUND=7 + # Format for the current time: 09:51:02. See `man 3 strftime`. + typeset -g POWERLEVEL9K_TIME_FORMAT='%D{%H:%M:%S}' + # If set to true, time will update when you hit enter. This way prompts for the past + # commands will contain the start times of their commands as opposed to the default + # behavior where they contain the end times of their preceding commands. + typeset -g POWERLEVEL9K_TIME_UPDATE_ON_COMMAND=false + # Custom icon. + typeset -g POWERLEVEL9K_TIME_VISUAL_IDENTIFIER_EXPANSION= + # Custom prefix. + # typeset -g POWERLEVEL9K_TIME_PREFIX='at ' + + # Example of a user-defined prompt segment. Function prompt_example will be called on every + # prompt if `example` prompt segment is added to POWERLEVEL9K_LEFT_PROMPT_ELEMENTS or + # POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS. It displays an icon and yellow text on red background + # greeting the user. + # + # Type `p10k help segment` for documentation and a more sophisticated example. + function prompt_example() { + p10k segment -b 1 -f 3 -i '⭐' -t 'hello, %n' + } + + # User-defined prompt segments may optionally provide an instant_prompt_* function. Its job + # is to generate the prompt segment for display in instant prompt. See + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # + # Powerlevel10k will call instant_prompt_* at the same time as the regular prompt_* function + # and will record all `p10k segment` calls it makes. When displaying instant prompt, Powerlevel10k + # will replay these calls without actually calling instant_prompt_*. It is imperative that + # instant_prompt_* always makes the same `p10k segment` calls regardless of environment. If this + # rule is not observed, the content of instant prompt will be incorrect. + # + # Usually, you should either not define instant_prompt_* or simply call prompt_* from it. If + # instant_prompt_* is not defined for a segment, the segment won't be shown in instant prompt. + function instant_prompt_example() { + # Since prompt_example always makes the same `p10k segment` calls, we can call it from + # instant_prompt_example. This will give us the same `example` prompt segment in the instant + # and regular prompts. + prompt_example + } + + # User-defined prompt segments can be customized the same way as built-in segments. + typeset -g POWERLEVEL9K_EXAMPLE_FOREGROUND=3 + typeset -g POWERLEVEL9K_EXAMPLE_BACKGROUND=1 + # typeset -g POWERLEVEL9K_EXAMPLE_VISUAL_IDENTIFIER_EXPANSION='⭐' + + # Transient prompt works similarly to the builtin transient_rprompt option. It trims down prompt + # when accepting a command line. Supported values: + # + # - off: Don't change prompt when accepting a command line. + # - always: Trim down prompt when accepting a command line. + # - same-dir: Trim down prompt when accepting a command line unless this is the first command + # typed after changing current working directory. + typeset -g POWERLEVEL9K_TRANSIENT_PROMPT=always + + # Instant prompt mode. + # + # - off: Disable instant prompt. Choose this if you've tried instant prompt and found + # it incompatible with your zsh configuration files. + # - quiet: Enable instant prompt and don't print warnings when detecting console output + # during zsh initialization. Choose this if you've read and understood + # https://github.com/romkatv/powerlevel10k/blob/master/README.md#instant-prompt. + # - verbose: Enable instant prompt and print a warning when detecting console output during + # zsh initialization. Choose this if you've never tried instant prompt, haven't + # seen the warning, or if you are unsure what this all means. + typeset -g POWERLEVEL9K_INSTANT_PROMPT=off + + # Hot reload allows you to change POWERLEVEL9K options after Powerlevel10k has been initialized. + # For example, you can type POWERLEVEL9K_BACKGROUND=red and see your prompt turn red. Hot reload + # can slow down prompt by 1-2 milliseconds, so it's better to keep it turned off unless you + # really need it. + typeset -g POWERLEVEL9K_DISABLE_HOT_RELOAD=true + + # If p10k is already loaded, reload configuration. + # This works even with POWERLEVEL9K_DISABLE_HOT_RELOAD=true. + (( ! $+functions[p10k] )) || p10k reload +} + +# Tell `p10k configure` which file it should overwrite. +typeset -g POWERLEVEL9K_CONFIG_FILE=${${(%):-%x}:a} + +(( ${#p10k_config_opts} )) && setopt ${p10k_config_opts[@]} +'builtin' 'unset' 'p10k_config_opts' diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 81b072c..8a1d6f3 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -3,6 +3,7 @@ ./dconf ./plasma ./firefox.nix + ./fontconfig.nix ./git.nix ./packages.nix ./tmux.nix diff --git a/home/qenya/fontconfig.nix b/home/qenya/fontconfig.nix new file mode 100644 index 0000000..6d8e61a --- /dev/null +++ b/home/qenya/fontconfig.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, osConfig, ... }: + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +mkIf isGraphical { + fonts.fontconfig = { + enable = true; + }; + + home.packages = with pkgs; [ + meslo-lgs-nf + ]; + + programs.vscode.userSettings."terminal.integrated.fontFamily" = "MesloLGS NF"; +} diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix index b3c0465..d322889 100644 --- a/home/qenya/zsh.nix +++ b/home/qenya/zsh.nix @@ -12,11 +12,11 @@ shellAliases = { ll = "ls -l"; - # don't clobber + # don't clobber mv = "mv -i"; rename = "rename -i"; - nix-shell = ''nix-shell --command "zsh"''; # TODO: tweak theme to display something when inside nix-shell + nix-shell = ''nix-shell --command "zsh"''; }; history = { @@ -28,9 +28,14 @@ oh-my-zsh = { enable = true; plugins = [ "git" "sudo" "direnv" ]; - theme = "agnoster"; + theme = ""; # defer to powerlevel10k }; + initExtra = '' + source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme + source ${./.p10k.zsh} + ''; + envExtra = '' DEFAULT_USER=qenya ''; From db7efe4cd0ffdf7e4919dbb2a98118a5b6609b37 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 28 Apr 2025 19:23:50 +0100 Subject: [PATCH 358/438] qenya/vscode: Configure vscode to handle python venvs --- home/qenya/vscode.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index b9f2ce2..d190cbe 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -75,6 +75,8 @@ in "source.organizeImports" = "explicit"; }; }; + "python.createEnvironment.contentButton" = "show"; + "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; "ruff.nativeServer" = "on"; "ruff.path" = "${pkgs.ruff}/bin/ruff"; "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; From a8ab37993dd8cb909380472eb1b788f1b06ac56f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 16 May 2025 17:04:42 +0100 Subject: [PATCH 359/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'birdsong': 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=a40220a4b977bc04cbe9e13ff5c667ed6f252677' (2025-02-05) → 'git+https://git.qenya.tel/qenya/birdsong?ref=main&rev=9955b1ae4eb0cbeff2ae0ed6520e651753880445' (2025-05-13) • Updated input 'colmena': 'github:zhaofengli/colmena/2370d4336eda2a9ef29fce10fa7076ae011983ab' (2025-02-18) → 'github:zhaofengli/colmena/df694ee23be7ed7b2d8b42c245a640f0724eb06c' (2025-05-09) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/346899a4b3b651ab447c61e0c8e9d8a1454cda72?dir=pkgs/firefox-addons' (2025-04-23) → 'gitlab:rycee/nur-expressions/1ebb2cf654110901889353440027993312e1aeb0?dir=pkgs/firefox-addons' (2025-05-16) • Updated input 'home-manager': 'github:nix-community/home-manager/dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1' (2025-04-25) → 'github:nix-community/home-manager/1eec32f0efe3b830927989767a9e6ece0d82d608' (2025-05-15) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/2f5819a962489e037a57835f63ed6ff8dbc2d5fb' (2025-04-26) → 'github:nix-community/home-manager/d2263ce5f4c251c0f7608330e8fdb7d1f01f0667' (2025-05-16) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5630cf13cceac06cefe9fc607e8dfa8fb342dde3' (2025-04-24) → 'github:NixOS/nixpkgs/5d736263df906c5da72ab0f372427814de2f52f8' (2025-05-14) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/d1e377e4cfcb3da8da4b71dbef631e8317907cd8' (2025-04-26) → 'github:NixOS/nixpkgs/288a96500445cddb1613dfd3b6fcc9d5b32fa7ad' (2025-05-16) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/f771eb401a46846c1aebd20552521b233dd7e18b' (2025-04-24) → 'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e' (2025-05-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f' (2025-04-27) → 'github:NixOS/nixpkgs/adfa8b0e75657c862acd0119ee42a69a6a6b2b4e' (2025-05-16) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/876f365eaa010988a0908421578c72fb17c28f09' (2025-04-27) → 'github:randomnetcat/nix-configs/a5540bdb3e6e9d2ad8ea9639654ff7263008d239' (2025-05-16) --- flake.lock | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 418db8b..e29c160 100644 --- a/flake.lock +++ b/flake.lock @@ -46,11 +46,11 @@ }, "birdsong": { "locked": { - "lastModified": 1738782723, - "narHash": "sha256-tQ8DZrB9pucCl0qOEzvqRBrrYS0f72Sxhf+jYJQV1eE=", + "lastModified": 1747153132, + "narHash": "sha256-sGFCyWhTcI4TP+4ZlZniBEF41NWyKrojfpsHP7ld54c=", "ref": "main", - "rev": "a40220a4b977bc04cbe9e13ff5c667ed6f252677", - "revCount": 22, + "rev": "9955b1ae4eb0cbeff2ae0ed6520e651753880445", + "revCount": 23, "type": "git", "url": "https://git.qenya.tel/qenya/birdsong" }, @@ -71,11 +71,11 @@ "stable": [] }, "locked": { - "lastModified": 1739900653, - "narHash": "sha256-hPSLvw6AZQYrZyGI6Uq4XgST7benF/0zcCpugn/P0yM=", + "lastModified": 1746816769, + "narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=", "owner": "zhaofengli", "repo": "colmena", - "rev": "2370d4336eda2a9ef29fce10fa7076ae011983ab", + "rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c", "type": "github" }, "original": { @@ -92,11 +92,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1745419403, - "narHash": "sha256-pQOOn4UntLSwnL3xZ1JAr3IDhXpL+kTS7Zw8ll59K9Q=", + "lastModified": 1747403139, + "narHash": "sha256-GpldCFeC+YP9m2xm1POByfT3+9J9/nwst0CYxvR85I0=", "owner": "rycee", "repo": "nur-expressions", - "rev": "346899a4b3b651ab447c61e0c8e9d8a1454cda72", + "rev": "1ebb2cf654110901889353440027993312e1aeb0", "type": "gitlab" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1745557122, - "narHash": "sha256-eqSo9ugzsqhFgaDFYUZj943nurlX4L6f+AW0skJ4W+M=", + "lastModified": 1747331121, + "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", "owner": "nix-community", "repo": "home-manager", - "rev": "dd26f75fb4ec1c731d4b1396eaf4439ce40a91c1", + "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1745703610, - "narHash": "sha256-KgaGPlmjJItZ+Xf8mSoRmrsso+sf3K54n9oIP9Q17LY=", + "lastModified": 1747374689, + "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=", "owner": "nix-community", "repo": "home-manager", - "rev": "2f5819a962489e037a57835f63ed6ff8dbc2d5fb", + "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667", "type": "github" }, "original": { @@ -251,11 +251,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1745487689, - "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=", + "lastModified": 1747209494, + "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3", + "rev": "5d736263df906c5da72ab0f372427814de2f52f8", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1745699837, - "narHash": "sha256-RqGZeOaAdvaVRibN/x6QF+Ahcuigj/WMsqLkGjq/mUI=", + "lastModified": 1747375575, + "narHash": "sha256-FQmc8T0JaLzdbVglulli0az8Z27GUQKg0ZKPzRmW3+U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d1e377e4cfcb3da8da4b71dbef631e8317907cd8", + "rev": "288a96500445cddb1613dfd3b6fcc9d5b32fa7ad", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745526057, - "narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=", + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f771eb401a46846c1aebd20552521b233dd7e18b", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1745731301, - "narHash": "sha256-2DZgcq2sylQuml+L6FOh8eWMoMGGbNHM7Ls56iBQPX0=", + "lastModified": 1747369069, + "narHash": "sha256-ijSyxbvVMV0G6FrGV3+yedO0mGYhLGPZYZpnAheBaQo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1ee8b713821882c66f5ecfde5c4e5874b1cb5e2f", + "rev": "adfa8b0e75657c862acd0119ee42a69a6a6b2b4e", "type": "github" }, "original": { @@ -354,11 +354,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1745719427, - "narHash": "sha256-g3Xt07uJyj9WO+FvQFrxZe9QA6wauWIvyWzUPEu4g64=", + "lastModified": 1747360898, + "narHash": "sha256-KjgQXHGy92V2i5SFt3AQIeJiaW59hHvchu5V0gsTcH0=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "876f365eaa010988a0908421578c72fb17c28f09", + "rev": "a5540bdb3e6e9d2ad8ea9639654ff7263008d239", "type": "github" }, "original": { From 7dc684cce3b3e9bb8ef666a78766d0d67e6ff239 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 16 May 2025 17:05:42 +0100 Subject: [PATCH 360/438] flake: Update lix to 2.93.0 --- flake.lock | 20 ++++++++++---------- flake.nix | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index e29c160..23f2b10 100644 --- a/flake.lock +++ b/flake.lock @@ -217,15 +217,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1737234286, - "narHash": "sha256-pgDJZjj4jpzkFxsqBTI/9Yb0n3gW+DvDtuv9SwQZZcs=", - "rev": "079528098f5998ba13c88821a2eca1005c1695de", + "lastModified": 1746827285, + "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", + "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/079528098f5998ba13c88821a2eca1005c1695de.tar.gz?rev=079528098f5998ba13c88821a2eca1005c1695de" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" } }, "lix-module": { @@ -238,15 +238,15 @@ ] }, "locked": { - "lastModified": 1742943028, - "narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=", - "rev": "868d97695bab9d21f6070b03957bcace249fbe3c", + "lastModified": 1746838955, + "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", + "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz?rev=868d97695bab9d21f6070b03957bcace249fbe3c" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" } }, "nixpkgs": { diff --git a/flake.nix b/flake.nix index 5962bf5..d838a02 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ lix-module = { # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 78118c14dc7a26c7d2c5ea2de99285e0f9b7eda5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 16 May 2025 17:28:53 +0100 Subject: [PATCH 361/438] qenya: Install Celluloid (on GNOME) or Haruna (on KDE) --- home/qenya/packages.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 503cdab..b5be9ee 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -3,6 +3,8 @@ let inherit (lib) optionals; isGraphical = osConfig.services.xserver.enable; + isGnome = osConfig.services.xserver.desktopManager.gnome.enable; + isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; in { home.packages = with pkgs; [ @@ -30,5 +32,9 @@ in libreoffice hunspell hunspellDicts.en_GB-ise + ] ++ optionals isGnome [ + celluloid + ] ++ optionals isPlasma [ + haruna ]; } From b35fefbf98d5b118fcd418c7fe4c35b95b4a16cc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 21 May 2025 19:27:41 +0100 Subject: [PATCH 362/438] kalessin: Add randomcat to wheel --- common/users/default.nix | 3 +-- hosts/kalessin/default.nix | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/common/users/default.nix b/common/users/default.nix index 2a4c5b3..d063db5 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -27,7 +27,6 @@ in users.users = genAttrs cfg.admins (name: { extraGroups = [ "wheel" ]; - } - ); + }); }; } diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 2b80d96..f29dc7a 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -15,9 +15,9 @@ in networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; - fountain.admins = [ "qenya" ]; fountain.users.randomcat.enable = true; fountain.users.trungle.enable = true; + fountain.admins = [ "qenya" "randomcat" ]; qenya.base-server.enable = true; From a98fd9ba8361583c8be4eb14c5e30fbbd73a2eed Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 21 May 2025 19:28:07 +0100 Subject: [PATCH 363/438] tailscale, headscale: init --- common/default.nix | 1 + common/tailscale.nix | 8 ++++++ hosts/kalessin/default.nix | 7 ++++++ services/default.nix | 1 + services/headscale.nix | 50 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 67 insertions(+) create mode 100644 common/tailscale.nix create mode 100644 services/headscale.nix diff --git a/common/default.nix b/common/default.nix index c60088e..5118c86 100644 --- a/common/default.nix +++ b/common/default.nix @@ -14,5 +14,6 @@ ./sanoid.nix ./security.nix ./steam.nix + ./tailscale.nix ]; } diff --git a/common/tailscale.nix b/common/tailscale.nix new file mode 100644 index 0000000..a6337d6 --- /dev/null +++ b/common/tailscale.nix @@ -0,0 +1,8 @@ +{ + services.tailscale = { + enable = true; + openFirewall = true; + extraUpFlags = [ "--login-server" "https://headscale.unspecified.systems" ]; # TODO: doesn't work (nixos bug); needs connecting/specifying manually + extraDaemonFlags = [ "--no-logs-no-support" ]; # disable telemetry + }; +} diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index f29dc7a..7150e5a 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -28,6 +28,7 @@ in randomcat.services.zfs.datasets = { "rpool_kalessin/state" = { mountpoint = "none"; }; + "rpool_kalessin/state/headscale" = { mountpoint = "/var/lib/headscale"; }; "rpool_kalessin/state/owncast" = { mountpoint = "/var/lib/owncast"; }; }; @@ -43,5 +44,11 @@ in dataDir = "/var/lib/owncast"; }; + qenya.services.headscale = { + enable = true; + domain = "headscale.unspecified.systems"; + dataDir = "/var/lib/headscale"; + }; + system.stateVersion = "23.11"; } diff --git a/services/default.nix b/services/default.nix index 927886c..194eb43 100644 --- a/services/default.nix +++ b/services/default.nix @@ -4,6 +4,7 @@ ./audiobookshelf.nix ./distributed-builds.nix ./forgejo.nix + ./headscale.nix ./jellyfin.nix ./navidrome.nix ./owncast.nix diff --git a/services/headscale.nix b/services/headscale.nix new file mode 100644 index 0000000..eeae58c --- /dev/null +++ b/services/headscale.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkOption mkEnableOption types; + cfg = config.qenya.services.headscale; +in +{ + options.qenya.services.headscale = { + enable = mkEnableOption "Headscale"; + domain = mkOption { + type = types.str; + }; + dataDir = mkOption { + type = types.str; + }; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + virtualHosts = { + ${cfg.domain} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:32770/"; + proxyWebsockets = true; + }; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.headscale = { + enable = true; + address = "0.0.0.0"; # required to disable built-in ACME client for some reason + port = 32770; + settings = { + server_url = "https://${cfg.domain}:443"; + prefixes.allocation = "random"; + dns.magic_dns = false; + + # disable built-in ACME client + tls_cert_path = null; + tls_key_path = null; + }; + }; + }; +} From 2e37815edb050b0aa3d9b8e19fd3092960080fd9 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 21 May 2025 19:28:29 +0100 Subject: [PATCH 364/438] audiobookshelf: Use built-in NixOS setting for nginx websocket support --- services/audiobookshelf.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/services/audiobookshelf.nix b/services/audiobookshelf.nix index a9c34da..6019108 100644 --- a/services/audiobookshelf.nix +++ b/services/audiobookshelf.nix @@ -21,11 +21,7 @@ in enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:8234/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; + proxyWebsockets = true; }; }; }; From fa7815612081e218fe19209a958f8c6f8a0bb9f6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 21 May 2025 19:28:39 +0100 Subject: [PATCH 365/438] owncast: Resolve port number clash --- services/owncast.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/owncast.nix b/services/owncast.nix index aa60223..47173d0 100644 --- a/services/owncast.nix +++ b/services/owncast.nix @@ -22,7 +22,7 @@ in ${cfg.domain} = { forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:8080/"; + locations."/".proxyPass = "http://127.0.0.1:32769/"; }; }; }; @@ -30,6 +30,7 @@ in networking.firewall.allowedTCPPorts = [ 80 443 1935 ]; # 1935 for rtmp services.owncast.enable = true; + services.owncast.port = 32769; services.owncast.dataDir = cfg.dataDir; }; } From 27c579e7aaac88bb0790a93bfb48788719605619 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 21 May 2025 19:32:15 +0100 Subject: [PATCH 366/438] kilgharrah: Blu-ray drive support --- hosts/kilgharrah/hardware.nix | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 0093a01..89c6b59 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -27,5 +27,24 @@ # }; services.printing.drivers = [ pkgs.hplip ]; -} + # enable playing from bluray drive + boot.kernelModules = [ "sg" ]; + environment.systemPackages = [ + ((pkgs.vlc.override { + libbluray = (pkgs.libbluray.override { + withJava = true; + withAACS = true; + withBDplus = true; + }); + }).overrideAttrs (originalAttrs: { + # TODO: nixpkgs bug: libbluray needs patching to look at the nix store path of jdk17 when searching for a jdk + # as a workaround, wrap vlc and set JAVA_HOME, which it uses instead of searching when specified + nativeBuildInputs = originalAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/vlc --set JAVA_HOME ${pkgs.jdk17.home} + ''; + })) + ]; +} From b64d34e9c40716e76aff87f6750151fcf12cd037 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 May 2025 01:42:42 +0100 Subject: [PATCH 367/438] tailscale: Autoconect to headscale on boot --- common/tailscale.nix | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/common/tailscale.nix b/common/tailscale.nix index a6337d6..16cffcd 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -1,8 +1,21 @@ +{ config, lib, pkgs, ... }: + { services.tailscale = { enable = true; openFirewall = true; - extraUpFlags = [ "--login-server" "https://headscale.unspecified.systems" ]; # TODO: doesn't work (nixos bug); needs connecting/specifying manually + extraUpFlags = [ "--login-server" "https://headscale.unspecified.systems" ]; extraDaemonFlags = [ "--no-logs-no-support" ]; # disable telemetry }; + + systemd.services.tailscaled-autoconnect = { + after = [ "tailscaled.service" "network-online.target" ]; + wants = [ "tailscaled.service" "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Type = "oneshot"; + script = '' + sleep 2 # wait for tailscaled to settle + ${lib.getExe config.services.tailscale.package} up --reset ${lib.escapeShellArgs config.services.tailscale.extraUpFlags} + ''; + }; } From f1718e5c3b76159770863ec70464e8d409931e82 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 May 2025 03:10:37 +0100 Subject: [PATCH 368/438] tehanu: init --- flake.nix | 2 ++ hosts/tehanu/default.nix | 20 +++++++++++++ hosts/tehanu/hardware-configuration.nix | 38 +++++++++++++++++++++++++ hosts/tehanu/networking.nix | 6 ++++ 4 files changed, 66 insertions(+) create mode 100644 hosts/tehanu/default.nix create mode 100644 hosts/tehanu/hardware-configuration.nix create mode 100644 hosts/tehanu/networking.nix diff --git a/flake.nix b/flake.nix index d838a02..49684cc 100644 --- a/flake.nix +++ b/flake.nix @@ -140,6 +140,7 @@ yevaud = import nixpkgs-small { system = "x86_64-linux"; }; orm = import nixpkgs-small { system = "x86_64-linux"; }; kalessin = import nixpkgs-small { system = "aarch64-linux"; }; + tehanu = import nixpkgs-small { system = "aarch64-linux"; }; }; specialArgs = { inherit self; @@ -173,6 +174,7 @@ yevaud.imports = [ ./hosts/yevaud ]; orm.imports = [ ./hosts/orm ]; kalessin.imports = [ ./hosts/kalessin ]; + tehanu.imports = [ ./hosts/tehanu ]; }; }; } diff --git a/hosts/tehanu/default.nix b/hosts/tehanu/default.nix new file mode 100644 index 0000000..14b4151 --- /dev/null +++ b/hosts/tehanu/default.nix @@ -0,0 +1,20 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./hardware-configuration.nix + ./networking.nix + ]; + + nixpkgs.hostPlatform = "aarch64-linux"; + networking.hostName = "tehanu"; + networking.hostId = "8e1185ab"; + networking.domain = "birdsong.network"; + + fountain.users.qenya.enable = true; + fountain.admins = [ "qenya" ]; + + qenya.base-server.enable = true; + + system.stateVersion = "23.11"; +} diff --git a/hosts/tehanu/hardware-configuration.nix b/hosts/tehanu/hardware-configuration.nix new file mode 100644 index 0000000..04d514e --- /dev/null +++ b/hosts/tehanu/hardware-configuration.nix @@ -0,0 +1,38 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "rpool_tehanu/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = + { device = "rpool_tehanu/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = + { device = "rpool_tehanu/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/629B-BA09"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; +} diff --git a/hosts/tehanu/networking.nix b/hosts/tehanu/networking.nix new file mode 100644 index 0000000..3c27781 --- /dev/null +++ b/hosts/tehanu/networking.nix @@ -0,0 +1,6 @@ +{ config, lib, pkgs, ... }: + +{ + networking.useNetworkd = true; + networking.interfaces.enp0s6.useDHCP = true; +} From d2ec22d8fb3491b4566a44fd8e960e0f26cfd76a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 22 May 2025 15:16:15 +0100 Subject: [PATCH 369/438] nix: Remove redundant manual $NIX_PATH value --- common/nix.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/common/nix.nix b/common/nix.nix index bafc8ef..c5174d8 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -7,7 +7,6 @@ setNixPath = true; setFlakeRegistry = true; }; - nix.nixPath = [ "nixpkgs=flake:nixpkgs" ]; nixpkgs.config.allowUnfree = true; nix.settings.trusted-users = [ "@wheel" ]; } From 5fee65c784dec00e05ad969e9fb2cdc28cec907e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 28 May 2025 09:42:48 +0100 Subject: [PATCH 370/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/96e078c646b711aee04b82ba01aefbff87004ded' (2025-04-26) → 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1' (2025-05-18) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/1ebb2cf654110901889353440027993312e1aeb0?dir=pkgs/firefox-addons' (2025-05-16) → 'gitlab:rycee/nur-expressions/f9801a86d6603260940890c36650275090d1dceb?dir=pkgs/firefox-addons' (2025-05-28) • Updated input 'home-manager': 'github:nix-community/home-manager/1eec32f0efe3b830927989767a9e6ece0d82d608' (2025-05-15) → 'github:nix-community/home-manager/d5f1f641b289553927b3801580598d200a501863' (2025-05-19) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/d2263ce5f4c251c0f7608330e8fdb7d1f01f0667' (2025-05-16) → 'github:nix-community/home-manager/f5b12be834874f7661db4ced969a621ab2d57971' (2025-05-28) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/5d736263df906c5da72ab0f372427814de2f52f8' (2025-05-14) → 'github:NixOS/nixpkgs/f09dede81861f3a83f7f06641ead34f02f37597f' (2025-05-23) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/288a96500445cddb1613dfd3b6fcc9d5b32fa7ad' (2025-05-16) → 'github:NixOS/nixpkgs/8c092804de127b5617972052ea46d499fb2fd424' (2025-05-27) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/adaa24fbf46737f3f1b5497bf64bae750f82942e' (2025-05-13) → 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/adfa8b0e75657c862acd0119ee42a69a6a6b2b4e' (2025-05-16) → 'github:NixOS/nixpkgs/aeb017b5830518483e0081d2ac6e12dd4d787f5d' (2025-05-28) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/b70be387276e632fe51232887f9e04e2b6ef8c16' (2025-03-23) → 'github:nix-community/plasma-manager/b7697abe89967839b273a863a3805345ea54ab56' (2025-05-25) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/a5540bdb3e6e9d2ad8ea9639654ff7263008d239' (2025-05-16) → 'github:randomnetcat/nix-configs/32ddd519a7ce4486e8b8b5a8b3d3262e7442ce6c' (2025-05-28) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 23f2b10..4ef400e 100644 --- a/flake.lock +++ b/flake.lock @@ -31,11 +31,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1745630506, - "narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=", + "lastModified": 1747575206, + "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", "owner": "ryantm", "repo": "agenix", - "rev": "96e078c646b711aee04b82ba01aefbff87004ded", + "rev": "4835b1dc898959d8547a871ef484930675cb47f1", "type": "github" }, "original": { @@ -92,11 +92,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1747403139, - "narHash": "sha256-GpldCFeC+YP9m2xm1POByfT3+9J9/nwst0CYxvR85I0=", + "lastModified": 1748405006, + "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", "owner": "rycee", "repo": "nur-expressions", - "rev": "1ebb2cf654110901889353440027993312e1aeb0", + "rev": "f9801a86d6603260940890c36650275090d1dceb", "type": "gitlab" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1747331121, - "narHash": "sha256-3MmiUN/jOHBHQUnjqzg6qKArc17j2OS6jisEppDY4g8=", + "lastModified": 1747688870, + "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1eec32f0efe3b830927989767a9e6ece0d82d608", + "rev": "d5f1f641b289553927b3801580598d200a501863", "type": "github" }, "original": { @@ -201,11 +201,11 @@ ] }, "locked": { - "lastModified": 1747374689, - "narHash": "sha256-JT/aBZqmK1LbExzwT9cPkvxKc0IC4i6tZKOPjsSWFbI=", + "lastModified": 1748391243, + "narHash": "sha256-7sCuihzsTRZemtbTXaFUoGJUfuQErhKEcL9v7HKIo1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "d2263ce5f4c251c0f7608330e8fdb7d1f01f0667", + "rev": "f5b12be834874f7661db4ced969a621ab2d57971", "type": "github" }, "original": { @@ -251,11 +251,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747209494, - "narHash": "sha256-fLise+ys+bpyjuUUkbwqo5W/UyIELvRz9lPBPoB0fbM=", + "lastModified": 1748037224, + "narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d736263df906c5da72ab0f372427814de2f52f8", + "rev": "f09dede81861f3a83f7f06641ead34f02f37597f", "type": "github" }, "original": { @@ -282,11 +282,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1747375575, - "narHash": "sha256-FQmc8T0JaLzdbVglulli0az8Z27GUQKg0ZKPzRmW3+U=", + "lastModified": 1748331950, + "narHash": "sha256-uMZpO4xycuXkwRTvjX9NyqVcIczOUYTnoct5xVUmbQQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "288a96500445cddb1613dfd3b6fcc9d5b32fa7ad", + "rev": "8c092804de127b5617972052ea46d499fb2fd424", "type": "github" }, "original": { @@ -298,11 +298,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1747179050, - "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", + "lastModified": 1748190013, + "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", + "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1747369069, - "narHash": "sha256-ijSyxbvVMV0G6FrGV3+yedO0mGYhLGPZYZpnAheBaQo=", + "lastModified": 1748410535, + "narHash": "sha256-xATwKIbwrE4P61a1iVvPomVmX5npnLm6Ibc+K1tjzi4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "adfa8b0e75657c862acd0119ee42a69a6a6b2b4e", + "rev": "aeb017b5830518483e0081d2ac6e12dd4d787f5d", "type": "github" }, "original": { @@ -338,11 +338,11 @@ ] }, "locked": { - "lastModified": 1742765550, - "narHash": "sha256-2vVIh2JrL6GAGfgCeY9e6iNKrBjs0Hw3bGQEAbwVs68=", + "lastModified": 1748196248, + "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b70be387276e632fe51232887f9e04e2b6ef8c16", + "rev": "b7697abe89967839b273a863a3805345ea54ab56", "type": "github" }, "original": { @@ -354,11 +354,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1747360898, - "narHash": "sha256-KjgQXHGy92V2i5SFt3AQIeJiaW59hHvchu5V0gsTcH0=", + "lastModified": 1748397860, + "narHash": "sha256-y8P7Q6WNdKsy6yVk91wFi/897PSbclFtdVMCF4YJuQk=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "a5540bdb3e6e9d2ad8ea9639654ff7263008d239", + "rev": "32ddd519a7ce4486e8b8b5a8b3d3262e7442ce6c", "type": "github" }, "original": { From 83e8c3d8f83d45965178a2f2e51b2df5979d3ba3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 28 May 2025 15:27:07 +0100 Subject: [PATCH 371/438] kalessin, orm: Fix broken backups Not been working for two and a half months. Oops. We've all been there. --- hosts/kalessin/default.nix | 1 - hosts/orm/default.nix | 1 - 2 files changed, 2 deletions(-) diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 7150e5a..8417425 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -35,7 +35,6 @@ in services.sanoid.datasets."rpool_kalessin/state" = { useTemplate = [ "production" ]; recursive = "zfs"; - process_children_only = true; }; qenya.services.owncast = { diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index f5aa5fd..ffc6aad 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -31,7 +31,6 @@ services.sanoid.datasets."rpool_orm/state" = { useTemplate = [ "production" ]; recursive = "zfs"; - process_children_only = true; }; services.postgresql = { From 6653fed1c288256f8326ddd90544bab64a34b0fb Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 28 May 2025 10:41:19 +0100 Subject: [PATCH 372/438] flake: Update to NixOS 25.05 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Removed input 'actual' • Removed input 'actual/nixpkgs' • Updated input 'home-manager': 'github:nix-community/home-manager/d5f1f641b289553927b3801580598d200a501863' (2025-05-19) → 'github:nix-community/home-manager/83665c39fa688bd6a1f7c43cf7997a70f6a109f9' (2025-05-26) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/f09dede81861f3a83f7f06641ead34f02f37597f' (2025-05-23) → 'github:NixOS/nixpkgs/7c43f080a7f28b2774f3b3f43234ca11661bf334' (2025-05-25) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/8c092804de127b5617972052ea46d499fb2fd424' (2025-05-27) → 'github:NixOS/nixpkgs/d90ebe5aafcdd79dc9d4210aacf1ff21d4ca31c3' (2025-05-27) --- flake.lock | 46 +++++++++++-------------------------------- flake.nix | 14 +++---------- hosts/orm/default.nix | 2 +- services/actual.nix | 5 ++++- 4 files changed, 20 insertions(+), 47 deletions(-) diff --git a/flake.lock b/flake.lock index 4ef400e..83eec1c 100644 --- a/flake.lock +++ b/flake.lock @@ -1,26 +1,5 @@ { "nodes": { - "actual": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "lastModified": 1738814288, - "narHash": "sha256-4WqR/ligsEvxcFOjui1dwquR8U327uGoBjdI5p0ey4A=", - "ref": "main", - "rev": "f64adb78f15981d60af97e7aa691d2ebdf48ceaa", - "revCount": 21, - "type": "git", - "url": "https://git.xeno.science/xenofem/actual-nix" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.xeno.science/xenofem/actual-nix" - } - }, "agenix": { "inputs": { "darwin": [], @@ -180,16 +159,16 @@ ] }, "locked": { - "lastModified": 1747688870, - "narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=", + "lastModified": 1748226808, + "narHash": "sha256-GaBRgxjWO1bAQa8P2+FDxG4ANBVhjnSjBms096qQdxo=", "owner": "nix-community", "repo": "home-manager", - "rev": "d5f1f641b289553927b3801580598d200a501863", + "rev": "83665c39fa688bd6a1f7c43cf7997a70f6a109f9", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } @@ -251,16 +230,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748037224, - "narHash": "sha256-92vihpZr6dwEMV6g98M5kHZIttrWahb9iRPBm1atcPk=", + "lastModified": 1748162331, + "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f09dede81861f3a83f7f06641ead34f02f37597f", + "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } @@ -282,16 +261,16 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1748331950, - "narHash": "sha256-uMZpO4xycuXkwRTvjX9NyqVcIczOUYTnoct5xVUmbQQ=", + "lastModified": 1748387883, + "narHash": "sha256-X5P7guNZfXJrMH/zv3rHenjML5R0JXFD4EsulXDbl5U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8c092804de127b5617972052ea46d499fb2fd424", + "rev": "d90ebe5aafcdd79dc9d4210aacf1ff21d4ca31c3", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-24.11-small", + "ref": "nixos-25.05-small", "repo": "nixpkgs", "type": "github" } @@ -369,7 +348,6 @@ }, "root": { "inputs": { - "actual": "actual", "agenix": "agenix", "birdsong": "birdsong", "colmena": "colmena", diff --git a/flake.nix b/flake.nix index 49684cc..deed6a3 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; - nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-24.11-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; + nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-25.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; @@ -12,7 +12,7 @@ }; home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -54,13 +54,6 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - # Third-party flake providing package and NixOS module for Actual Budget as - # nixpkgs are having trouble: https://github.com/NixOS/nixpkgs/issues/269069 - actual = { - url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; scoutshonour = { @@ -157,7 +150,6 @@ inputs.home-manager.nixosModules.home-manager inputs.agenix.nixosModules.default inputs.birdsong.nixosModules.default - inputs.actual.nixosModules.default ./common ./services (builtins.toPath "${inputs.randomcat}/services/default.nix") diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index ffc6aad..d2b6298 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -24,7 +24,7 @@ randomcat.services.zfs.datasets = { "rpool_orm/state" = { mountpoint = "none"; }; - "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; }; + "rpool_orm/state/actual" = { mountpoint = "/var/lib/private/actual"; }; "rpool_orm/state/postgresql" = { mountpoint = "/var/lib/postgresql"; }; }; diff --git a/services/actual.nix b/services/actual.nix index b46540e..3a006ea 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -26,6 +26,9 @@ in networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.actual.enable = true; + services.actual = { + enable = true; + settings.port = 5006; + }; }; } From a630607350ad1d23f19bd1f35a9e65ca37a32d42 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 28 May 2025 15:50:52 +0100 Subject: [PATCH 373/438] treewide: Update deprecated options for NixOS 25.05 --- common/base-graphical/sound.nix | 2 +- home/qenya/firefox.nix | 2 +- home/qenya/vscode.nix | 140 ++++++++++++++++---------------- home/qenya/zsh.nix | 2 +- 4 files changed, 74 insertions(+), 72 deletions(-) diff --git a/common/base-graphical/sound.nix b/common/base-graphical/sound.nix index bb0c847..140eb93 100644 --- a/common/base-graphical/sound.nix +++ b/common/base-graphical/sound.nix @@ -14,7 +14,7 @@ in pulse.enable = true; jack.enable = true; }; - hardware.pulseaudio.enable = false; # this theoretically defaults to false but something else seems to be flipping it + services.pulseaudio.enable = false; # this theoretically defaults to false but something else seems to be flipping it environment.systemPackages = with pkgs; [ helvum ]; # patchbay }; } diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 96715e5..603208a 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -10,7 +10,7 @@ in languagePacks = [ "en-GB" ]; profiles.default = { - extensions = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ + extensions.packages = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ bitwarden ublock-origin ]; diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index d190cbe..568913d 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -7,79 +7,81 @@ in { programs.vscode = mkIf isGraphical { enable = true; - enableExtensionUpdateCheck = false; - enableUpdateCheck = false; package = pkgs.vscodium; - extensions = with pkgs.vscode-extensions; [ - charliermarsh.ruff - dbaeumer.vscode-eslint - eamodio.gitlens - golang.go - jdinhlife.gruvbox - jnoortheen.nix-ide - matangover.mypy - mkhl.direnv - ms-python.black-formatter - ms-python.python - rust-lang.rust-analyzer - vadimcn.vscode-lldb - ]; mutableExtensionsDir = false; - userSettings = { - "css.format.spaceAroundSelectorSeparator" = true; - "css.format.newlineBetweenSelectors" = false; - "debug.allowBreakpointsEverywhere" = true; - "extensions.autoUpdate" = false; - "files.insertFinalNewline" = true; - "git.autofetch" = true; - "git.confirmSync" = false; - "git.enableSmartCommit" = true; - "git.inputValidation" = true; - "git.inputValidationSubjectLength" = null; - "javascript.updateImportsOnFileMove.enabled" = "always"; - "nix.enableLanguageServer" = true; - "nix.serverPath" = "${pkgs.nil}/bin/nil"; - "nix.serverSettings".nil = { - diagnostics.ignored = [ "unused_binding" "unused_with" ]; - formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; - nix.flake.autoArchive = true; - }; - "rust-analyzer.check.command" = "clippy"; - "terminal.integrated.allowChords" = false; - "terminal.integrated.defaultProfile.linux" = "zsh"; - "workbench.colorTheme" = "Gruvbox Dark Medium"; - - "[go]" = { - "editor.defaultFormatter" = "golang.go"; - "editor.formatOnSave" = false; - }; - "go.alternateTools" = { - "go" = "${pkgs.go}/bin/go"; - "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; - "gopls" = "${pkgs.gopls}/bin/gopls"; - "dlv" = "${pkgs.delve}/bin/dlv"; - "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; - }; - "go.lintTool" = "golangci-lint"; - "go.toolsManagement.checkForUpdates" = "off"; - "gopls" = { - "formatting.gofumpt" = true; - "ui.semanticTokens" = true; - }; - - "[python]" = { - "editor.defaultFormatter" = "ms-python.black-formatter"; - "editor.formatOnSave" = true; - "editor.codeActionsOnSave" = { - "source.fixAll" = "explicit"; - "source.organizeImports" = "explicit"; + profiles.default = { + enableExtensionUpdateCheck = false; + enableUpdateCheck = false; + extensions = with pkgs.vscode-extensions; [ + charliermarsh.ruff + dbaeumer.vscode-eslint + eamodio.gitlens + golang.go + jdinhlife.gruvbox + jnoortheen.nix-ide + matangover.mypy + mkhl.direnv + ms-python.black-formatter + ms-python.python + rust-lang.rust-analyzer + vadimcn.vscode-lldb + ]; + userSettings = { + "css.format.spaceAroundSelectorSeparator" = true; + "css.format.newlineBetweenSelectors" = false; + "debug.allowBreakpointsEverywhere" = true; + "extensions.autoUpdate" = false; + "files.insertFinalNewline" = true; + "git.autofetch" = true; + "git.confirmSync" = false; + "git.enableSmartCommit" = true; + "git.inputValidation" = true; + "git.inputValidationSubjectLength" = null; + "javascript.updateImportsOnFileMove.enabled" = "always"; + "nix.enableLanguageServer" = true; + "nix.serverPath" = "${pkgs.nil}/bin/nil"; + "nix.serverSettings".nil = { + diagnostics.ignored = [ "unused_binding" "unused_with" ]; + formatting.command = [ "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt" ]; + nix.flake.autoArchive = true; }; + "rust-analyzer.check.command" = "clippy"; + "terminal.integrated.allowChords" = false; + "terminal.integrated.defaultProfile.linux" = "zsh"; + "workbench.colorTheme" = "Gruvbox Dark Medium"; + + "[go]" = { + "editor.defaultFormatter" = "golang.go"; + "editor.formatOnSave" = false; + }; + "go.alternateTools" = { + "go" = "${pkgs.go}/bin/go"; + "golangci-lint" = "${pkgs.golangci-lint}/bin/golangci-lint"; + "gopls" = "${pkgs.gopls}/bin/gopls"; + "dlv" = "${pkgs.delve}/bin/dlv"; + "staticcheck" = "${pkgs.go-tools}/bin/staticcheck"; + }; + "go.lintTool" = "golangci-lint"; + "go.toolsManagement.checkForUpdates" = "off"; + "gopls" = { + "formatting.gofumpt" = true; + "ui.semanticTokens" = true; + }; + + "[python]" = { + "editor.defaultFormatter" = "ms-python.black-formatter"; + "editor.formatOnSave" = true; + "editor.codeActionsOnSave" = { + "source.fixAll" = "explicit"; + "source.organizeImports" = "explicit"; + }; + }; + "python.createEnvironment.contentButton" = "show"; + "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; + "ruff.nativeServer" = "on"; + "ruff.path" = [ "${pkgs.ruff}/bin/ruff" ]; + "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; }; - "python.createEnvironment.contentButton" = "show"; - "python.defaultInterpreterPath" = "${pkgs.python3}/bin/python"; - "ruff.nativeServer" = "on"; - "ruff.path" = "${pkgs.ruff}/bin/ruff"; - "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; }; }; } diff --git a/home/qenya/zsh.nix b/home/qenya/zsh.nix index d322889..e7e550b 100644 --- a/home/qenya/zsh.nix +++ b/home/qenya/zsh.nix @@ -31,7 +31,7 @@ theme = ""; # defer to powerlevel10k }; - initExtra = '' + initContent = '' source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme source ${./.p10k.zsh} ''; From 55c622408b0643a9dc835ca22bf79e924cbc6fcb Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 09:44:51 +0100 Subject: [PATCH 374/438] qenya/plasma: Move into kilgharrah's host config --- common/base-graphical/default.nix | 2 +- common/base-graphical/desktop.nix | 35 ------------------------------- common/base-graphical/gnome.nix | 21 +++++++++++++++++++ flake.nix | 6 +----- home/qenya/default.nix | 1 - home/qenya/plasma/default.nix | 11 ---------- hosts/kilgharrah/default.nix | 5 ++--- hosts/kilgharrah/plasma.nix | 23 ++++++++++++++++++++ 8 files changed, 48 insertions(+), 56 deletions(-) delete mode 100644 common/base-graphical/desktop.nix create mode 100644 common/base-graphical/gnome.nix delete mode 100644 home/qenya/plasma/default.nix create mode 100644 hosts/kilgharrah/plasma.nix diff --git a/common/base-graphical/default.nix b/common/base-graphical/default.nix index b014f3f..e77e434 100644 --- a/common/base-graphical/default.nix +++ b/common/base-graphical/default.nix @@ -6,7 +6,7 @@ let in { imports = [ - ./desktop.nix + ./gnome.nix ./sound.nix ]; diff --git a/common/base-graphical/desktop.nix b/common/base-graphical/desktop.nix deleted file mode 100644 index 7e6a92c..0000000 --- a/common/base-graphical/desktop.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - inherit (lib) mkIf mkMerge mkOption types; - cfg = config.qenya.base-graphical; -in -{ - options.qenya.base-graphical.desktop = mkOption { - type = types.enum [ "gnome" "plasma6" ]; - default = "gnome"; - example = "plasma6"; - description = "Which display manager and desktop manager to use."; - }; - - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.desktop == "gnome") { - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; - # TODO: agree on this with randomcat as it affects her too, since for some reason this is system-wide - # environment.gnome.excludePackages = with pkgs.gnome; [ - # pkgs.gnome-tour - # epiphany # GNOME Web - # geary - # gnome-calendar - # gnome-contacts - # gnome-music - # ]; - }) - (mkIf (cfg.desktop == "plasma6") { - services.displayManager.sddm.enable = true; - services.displayManager.sddm.wayland.enable = true; - services.desktopManager.plasma6.enable = true; - }) - ]); -} diff --git a/common/base-graphical/gnome.nix b/common/base-graphical/gnome.nix new file mode 100644 index 0000000..1d077de --- /dev/null +++ b/common/base-graphical/gnome.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) mkIf mkMerge mkOption types; + cfg = config.qenya.base-graphical; +in +{ + config = mkIf cfg.enable { + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + # TODO: agree on this with randomcat as it affects her too, since for some reason this is system-wide + # environment.gnome.excludePackages = with pkgs.gnome; [ + # pkgs.gnome-tour + # epiphany # GNOME Web + # geary + # gnome-calendar + # gnome-contacts + # gnome-music + # ]; + }; +} diff --git a/flake.nix b/flake.nix index deed6a3..bac5ec5 100644 --- a/flake.nix +++ b/flake.nix @@ -88,11 +88,7 @@ # However, note CppNix >= 2.22.3, >= 2.24 has blessed "homeModules": # https://github.com/NixOS/nix/pull/10858 flake.homeManagerModules = { - "qenya".imports = [ - inputs.plasma-manager.homeManagerModules.plasma-manager - ./home/qenya - ]; - + "qenya".imports = [ ./home/qenya ]; "qenya@shaw".imports = [ ./hosts/shaw/home.nix ]; }; diff --git a/home/qenya/default.nix b/home/qenya/default.nix index 8a1d6f3..fff0309 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -1,7 +1,6 @@ { imports = [ ./dconf - ./plasma ./firefox.nix ./fontconfig.nix ./git.nix diff --git a/home/qenya/plasma/default.nix b/home/qenya/plasma/default.nix deleted file mode 100644 index f35d05c..0000000 --- a/home/qenya/plasma/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, osConfig, ... }: - -let - isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; -in -{ - programs.plasma.enable = isPlasma; - programs.plasma.overrideConfig = true; - - imports = [ ]; -} diff --git a/hosts/kilgharrah/default.nix b/hosts/kilgharrah/default.nix index c73d439..87505c6 100644 --- a/hosts/kilgharrah/default.nix +++ b/hosts/kilgharrah/default.nix @@ -9,6 +9,8 @@ in ./filesystems.nix ./hardware.nix ./networking.nix + ./plasma.nix + ./ftp.nix ]; @@ -20,7 +22,6 @@ in boot.kernelModules = [ "kvm-intel" ]; qenya.base-graphical.enable = true; - qenya.base-graphical.desktop = "plasma6"; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; @@ -33,8 +34,6 @@ in fountain.admins = [ "qenya" ]; home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ obs-studio ]; - # For the moment, this hosts some network-accessible services, so we want it on 24/7 - programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; }; qenya.services.remote-builder = { diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix new file mode 100644 index 0000000..90d1191 --- /dev/null +++ b/hosts/kilgharrah/plasma.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, inputs, ... }: + +let + inherit (lib) mkForce; +in +{ + services.xserver.displayManager.gdm.enable = mkForce false; + services.xserver.desktopManager.gnome.enable = mkForce false; + services.displayManager.sddm.enable = true; + services.displayManager.sddm.wayland.enable = true; + services.desktopManager.plasma6.enable = true; + + home-manager.users.qenya = { pkgs, ... }: { + imports = [ + inputs.plasma-manager.homeManagerModules.plasma-manager + ]; + programs.plasma.enable = true; + programs.plasma.overrideConfig = true; + + # For the moment, this hosts some network-accessible services, so we want it on 24/7 + programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; + }; +} From 303335ee3bee209be775f3a350ad44e00ca57bc7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 11:48:32 +0100 Subject: [PATCH 375/438] kilgharrah: Move to nixpkgs unstable --- flake.nix | 98 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 51 insertions(+), 47 deletions(-) diff --git a/flake.nix b/flake.nix index bac5ec5..90c14c3 100644 --- a/flake.nix +++ b/flake.nix @@ -114,55 +114,59 @@ }; }; - flake.colmena = { - meta = { - nixpkgs = import nixpkgs-unstable { - system = "x86_64-linux"; - overlays = [ - inputs.lix-module.overlays.default + flake.colmena = + let + home-manager = inputs.home-manager.nixosModules.home-manager; + home-manager-unstable = inputs.home-manager-unstable.nixosModules.home-manager; + in + { + meta = { + nixpkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + overlays = [ + inputs.lix-module.overlays.default + ]; + }; + nodeNixpkgs = { + kilgharrah = import nixpkgs-unstable { system = "x86_64-linux"; }; + tohru = import nixpkgs { system = "x86_64-linux"; }; + elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; + yevaud = import nixpkgs-small { system = "x86_64-linux"; }; + orm = import nixpkgs-small { system = "x86_64-linux"; }; + kalessin = import nixpkgs-small { system = "aarch64-linux"; }; + tehanu = import nixpkgs-small { system = "aarch64-linux"; }; + }; + specialArgs = { + inherit self; + inherit inputs; + }; + }; + + defaults = { config, lib, pkgs, ... }: { + deployment.targetHost = lib.mkDefault config.networking.fqdn; + deployment.buildOnTarget = lib.mkDefault true; + + imports = [ + inputs.lix-module.nixosModules.default + inputs.agenix.nixosModules.default + inputs.birdsong.nixosModules.default + ./common + ./services + (builtins.toPath "${inputs.randomcat}/services/default.nix") ]; }; - nodeNixpkgs = { - kilgharrah = import nixpkgs { system = "x86_64-linux"; }; - tohru = import nixpkgs { system = "x86_64-linux"; }; - elucredassa = import nixpkgs-small { system = "x86_64-linux"; }; - yevaud = import nixpkgs-small { system = "x86_64-linux"; }; - orm = import nixpkgs-small { system = "x86_64-linux"; }; - kalessin = import nixpkgs-small { system = "aarch64-linux"; }; - tehanu = import nixpkgs-small { system = "aarch64-linux"; }; - }; - specialArgs = { - inherit self; - inherit inputs; - }; + + kilgharrah.deployment.targetHost = null; # disable remote deployment + tohru.deployment.targetHost = null; # disable remote deployment + elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet + + kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ]; + tohru.imports = [ ./hosts/tohru home-manager ]; + elucredassa.imports = [ ./hosts/elucredassa home-manager ]; + yevaud.imports = [ ./hosts/yevaud home-manager ]; + orm.imports = [ ./hosts/orm home-manager ]; + kalessin.imports = [ ./hosts/kalessin home-manager ]; + tehanu.imports = [ ./hosts/tehanu home-manager ]; }; - - defaults = { config, lib, pkgs, ... }: { - deployment.targetHost = lib.mkDefault config.networking.fqdn; - deployment.buildOnTarget = lib.mkDefault true; - - imports = [ - inputs.lix-module.nixosModules.default - inputs.home-manager.nixosModules.home-manager - inputs.agenix.nixosModules.default - inputs.birdsong.nixosModules.default - ./common - ./services - (builtins.toPath "${inputs.randomcat}/services/default.nix") - ]; - }; - - kilgharrah.deployment.targetHost = null; # disable remote deployment - tohru.deployment.targetHost = null; # disable remote deployment - elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet - - kilgharrah.imports = [ ./hosts/kilgharrah ]; - tohru.imports = [ ./hosts/tohru ]; - elucredassa.imports = [ ./hosts/elucredassa ]; - yevaud.imports = [ ./hosts/yevaud ]; - orm.imports = [ ./hosts/orm ]; - kalessin.imports = [ ./hosts/kalessin ]; - tehanu.imports = [ ./hosts/tehanu ]; - }; }; } From ee984ad59161a00f89a44ec8185528d31072d075 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 11:49:08 +0100 Subject: [PATCH 376/438] qenya/fonts: Update deprecated options for NixOS 25.05 --- home/qenya/default.nix | 2 +- home/qenya/{fontconfig.nix => fonts.nix} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename home/qenya/{fontconfig.nix => fonts.nix} (71%) diff --git a/home/qenya/default.nix b/home/qenya/default.nix index fff0309..f367f63 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -2,7 +2,7 @@ imports = [ ./dconf ./firefox.nix - ./fontconfig.nix + ./fonts.nix ./git.nix ./packages.nix ./tmux.nix diff --git a/home/qenya/fontconfig.nix b/home/qenya/fonts.nix similarity index 71% rename from home/qenya/fontconfig.nix rename to home/qenya/fonts.nix index 6d8e61a..e1b418f 100644 --- a/home/qenya/fontconfig.nix +++ b/home/qenya/fonts.nix @@ -13,5 +13,5 @@ mkIf isGraphical { meslo-lgs-nf ]; - programs.vscode.userSettings."terminal.integrated.fontFamily" = "MesloLGS NF"; + programs.vscode.profiles.default.userSettings."terminal.integrated.fontFamily" = "MesloLGS NF"; } From a299d94fc62b62195b7ea02850d2a442fc39dfc5 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 15:36:17 +0100 Subject: [PATCH 377/438] kilgharrah: Apply Plasma theming --- hosts/kilgharrah/plasma.nix | 93 +++++++++++++++++++++++++++++++++++-- 1 file changed, 89 insertions(+), 4 deletions(-) diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix index 90d1191..6312829 100644 --- a/hosts/kilgharrah/plasma.nix +++ b/hosts/kilgharrah/plasma.nix @@ -10,14 +10,99 @@ in services.displayManager.sddm.wayland.enable = true; services.desktopManager.plasma6.enable = true; + environment.systemPackages = with pkgs; [ + (catppuccin-kde.override { + flavour = [ "mocha" ]; + accents = [ "mauve" ]; + winDecStyles = [ "modern" ]; + }) + ]; + home-manager.users.qenya = { pkgs, ... }: { imports = [ inputs.plasma-manager.homeManagerModules.plasma-manager ]; - programs.plasma.enable = true; - programs.plasma.overrideConfig = true; - # For the moment, this hosts some network-accessible services, so we want it on 24/7 - programs.plasma.powerdevil.AC.autoSuspend.action = "nothing"; + programs.plasma = { + enable = true; + overrideConfig = true; + + workspace = { + lookAndFeel = "Catppuccin-Mocha-Mauve"; + colorScheme = "CatppuccinMochaMauve"; + splashScreen.engine = "KSplashQML"; + splashScreen.theme = "Catppuccin-Mocha-Mauve"; + windowDecorations.library = "org.kde.kwin.aurorae"; + windowDecorations.theme = "__aurorae__svg__CatppuccinMocha-Modern"; + }; + + # For the moment, this hosts some network-accessible services, so we want it on 24/7 + powerdevil.AC.autoSuspend.action = "nothing"; + + panels = [ + # Dock + { + height = 49; # 41 * 1.2 + lengthMode = "fit"; + location = "bottom"; + alignment = "center"; + hiding = "dodgewindows"; + widgets = [{ + name = "org.kde.plasma.icontasks"; + config.General = { + fill = false; + iconSpacing = 2; + launchers = lib.concatStringsSep "," [ + "applications:discord.desktop" + "applications:firefox.desktop" + "applications:codium-url-handler.desktop" + "applications:steam.desktop" + "applications:org.kde.dolphin.desktop" + "applications:org.kde.konsole.desktop" + "applications:org.kde.plasma-systemmonitor.desktop" + ]; + maxStripes = 1; + showOnlyCurrentDesktop = false; + showOnlyCurrentScreen = false; + }; + }]; + screen = "all"; + } + + # Top bar + { + height = 29; # 24 * 1.2 + location = "top"; + alignment = "left"; + floating = false; + widgets = [ + { + name = "org.kde.plasma.kickoff"; + config.General = { + lengthFirstMargin = 7; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { + name = "org.kde.plasma.digitalclock"; + config.Appearance = { + autoFontAndSize = false; + customDateFormat = "dddd, d MMM"; + dateDisplayFormat = "BesideTime"; + dateFormat = "custom"; + fontFamily = "Inter"; + fontStyleName = "Bold"; + fontWeight = 700; + boldText = true; + showWeekNumbers = true; + }; + } + { name = "org.kde.plasma.panelspacer"; } + { name = "org.kde.plasma.systemtray"; } + ]; + screen = "all"; + } + ]; + }; }; } From bef3d8d04a39dccd3197b27ce225134df49b518f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 20:43:44 +0100 Subject: [PATCH 378/438] qenya: install ripgrep --- home/qenya/packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index b5be9ee..b9a59da 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -10,6 +10,7 @@ in home.packages = with pkgs; [ eza # like `ls` but fancier hexyl # like `xxd` but cooler + ripgrep # like `grep` but faster tree # like `ls -R` but nicer units zip From 453ec3c40d084cff9a3d42938cd83e9ea6f15caa Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 23:20:51 +0100 Subject: [PATCH 379/438] qenya/dconf: Enable new GNOMe 48 wellbeing features --- home/qenya/dconf/default.nix | 2 ++ home/qenya/dconf/wellbeing.nix | 8 ++++++++ 2 files changed, 10 insertions(+) create mode 100644 home/qenya/dconf/wellbeing.nix diff --git a/home/qenya/dconf/default.nix b/home/qenya/dconf/default.nix index 138bc50..0fe64e5 100644 --- a/home/qenya/dconf/default.nix +++ b/home/qenya/dconf/default.nix @@ -12,6 +12,7 @@ in "org/gnome/settings-daemon/plugins/color".night-light-enabled = true; "org/gnome/desktop/sound".event-sounds = false; "org/gnome/desktop/sound".allow-volume-above-100-percent = true; + "org/gnome/settings-daemon/plugins/power".power-saver-profile-on-low-battery = true; }; imports = [ @@ -20,5 +21,6 @@ in ./mouse-touchpad.nix ./multitasking.nix ./shell.nix + ./wellbeing.nix ]; } diff --git a/home/qenya/dconf/wellbeing.nix b/home/qenya/dconf/wellbeing.nix new file mode 100644 index 0000000..bea0036 --- /dev/null +++ b/home/qenya/dconf/wellbeing.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + dconf.settings = { + "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; + "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; + }; +} From bd3c9bd5f2e51a95d6f99688a5cabf09de1f08f3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 23:54:27 +0100 Subject: [PATCH 380/438] qenya: Patch Feishin with mpv support --- home/qenya/default.nix | 1 + home/qenya/feishin.nix | 24 ++++++++++++++++++++++++ home/qenya/packages.nix | 1 - 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 home/qenya/feishin.nix diff --git a/home/qenya/default.nix b/home/qenya/default.nix index f367f63..47c64dd 100644 --- a/home/qenya/default.nix +++ b/home/qenya/default.nix @@ -1,6 +1,7 @@ { imports = [ ./dconf + ./feishin.nix ./firefox.nix ./fonts.nix ./git.nix diff --git a/home/qenya/feishin.nix b/home/qenya/feishin.nix new file mode 100644 index 0000000..e3c7360 --- /dev/null +++ b/home/qenya/feishin.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, osConfig, ... }: + +# Feishin ideally wants to see mpv at runtime, but this isn't catered for by +# the derivation in nixpkgs as it isn't strictly necessary. +# An easier way to do this would be to write mpv's full nix store path to +# Feishin's config. But Feishin has one JSON file for config and state, and +# we'd rather not overwrite the latter. Until and unless home-manager grows +# support for partially patching files, we live with this. + +let + inherit (lib) mkIf; + isGraphical = osConfig.services.xserver.enable; +in +{ + home.packages = mkIf isGraphical [ + (pkgs.feishin.overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.mpv ]; + postFixup = '' + ${originalAttrs.postFixup or ""} + wrapProgram $out/bin/feishin --prefix PATH : ${lib.makeBinPath [ pkgs.mpv ]} + ''; + })) + ]; +} diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index b9a59da..df281b6 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -23,7 +23,6 @@ in ] ++ optionals isGraphical [ bitwarden discord - feishin gimp-with-plugins jellyfin-media-player tor-browser-bundle-bin From bf378949d2f008b83f88bb2b58fe6b14d9204819 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 29 May 2025 23:55:28 +0100 Subject: [PATCH 381/438] treewide: Partial migration from custom WireGuard to Headscale --- flake.nix | 2 +- hosts/orm/default.nix | 1 + hosts/yevaud/default.nix | 1 - hosts/yevaud/experiments/birdsong-dns.nix | 32 ----------------------- services/distributed-builds.nix | 4 +-- 5 files changed, 4 insertions(+), 36 deletions(-) delete mode 100644 hosts/yevaud/experiments/birdsong-dns.nix diff --git a/flake.nix b/flake.nix index 90c14c3..3766dee 100644 --- a/flake.nix +++ b/flake.nix @@ -158,7 +158,7 @@ kilgharrah.deployment.targetHost = null; # disable remote deployment tohru.deployment.targetHost = null; # disable remote deployment - elucredassa.deployment.targetHost = "10.127.3.2"; # no fqdn yet + elucredassa.deployment.targetHost = "100.73.34.182"; # TODO: no fqdn yet kilgharrah.imports = [ ./hosts/kilgharrah home-manager-unstable ]; tohru.imports = [ ./hosts/tohru home-manager ]; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index d2b6298..ce4c125 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -47,6 +47,7 @@ }; # only allow remote connections from within birdsong vpn # TODO: don't hardcode the IP addresses + # TODO: move to tailscale authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all all trust # used by nixos for local monitoring diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index b93c14b..1545c62 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -5,7 +5,6 @@ ./hardware-configuration.nix ./networking.nix - ./experiments/birdsong-dns.nix # TODO: this breaks external IPv6 somehow # ./experiments/pennykettle.nix ]; diff --git a/hosts/yevaud/experiments/birdsong-dns.nix b/hosts/yevaud/experiments/birdsong-dns.nix deleted file mode 100644 index 58db9b6..0000000 --- a/hosts/yevaud/experiments/birdsong-dns.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.bind = { - # enable = true; - cacheNetworks = [ "10.127.0.0/16" "fd70:81ca:0f8f::/48" ]; - forwarders = [ ]; - listenOn = [ config.birdsong.hosts.yevaud.ipv4 ]; - listenOnIpv6 = [ config.birdsong.hosts.yevaud.ipv6 ]; - zones = { - "birdsong.internal" = { - master = true; - file = pkgs.writeText "birdsong.internal.zone" '' - $TTL 60 - $ORIGIN birdsong.internal. - - birdsong.internal. IN SOA ns.birdsong.internal. auto.qenya.tel. ( 2024122701 7200 3600 1209600 3600 ) - birdsong.internal. IN NS ns.birdsong.internal. - - yevaud.c.birdsong.internal. IN A 10.127.1.1 - yevaud.c.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - - ns.birdsong.internal. IN A 10.127.1.1 - ns.birdsong.internal. IN AAAA fd70:81ca:0f8f:1::1 - ''; - }; - }; - }; - networking.resolvconf.useLocalResolver = false; - networking.firewall.allowedTCPPorts = [ 53 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; -} diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix index 09cdd44..ec5f001 100644 --- a/services/distributed-builds.nix +++ b/services/distributed-builds.nix @@ -35,7 +35,7 @@ in nix.buildMachines = (optional (elem "kalessin" cfg.builders) { - hostName = config.birdsong.hosts."kalessin".ipv4; + hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "aarch64-linux" ]; @@ -43,7 +43,7 @@ in supportedFeatures = [ "big-parallel" ]; }) ++ (optional (elem "kilgharrah" cfg.builders) { - hostName = config.birdsong.hosts."kilgharrah".ipv4; + hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "x86_64-linux" ]; From 86c977d8ca3372be5055b263569c2bbe43c72a31 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 1 Jun 2025 00:23:36 +0100 Subject: [PATCH 382/438] qenya/dconf: Disable new GNOME 48 wellbeing features --- home/qenya/dconf/wellbeing.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/home/qenya/dconf/wellbeing.nix b/home/qenya/dconf/wellbeing.nix index bea0036..b547b0f 100644 --- a/home/qenya/dconf/wellbeing.nix +++ b/home/qenya/dconf/wellbeing.nix @@ -1,8 +1,19 @@ { config, lib, pkgs, ... }: +# These features are cool and I would like to keep trying them, but they are +# horribly bugged in GNOME 48.1. Consider re-enabling them when 48.2 is +# released. See, e.g.: +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8289 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8299 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8305 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8376 +# https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/8398 + { dconf.settings = { - "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; - "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; + # "org/gnome/desktop/screen-time-limits".daily-limit-enabled = true; + # "org/gnome/desktop/break-reminders".selected-breaks = [ "eyesight" "movement" ]; + "org/gnome/desktop/screen-time-limits".daily-limit-enabled = false; + "org/gnome/desktop/break-reminders".selected-breaks = [ ]; }; } From 8df00f35b85e3ecf97bfce2b5723e588bd7caa27 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 2 Jun 2025 08:51:18 +0100 Subject: [PATCH 383/438] kilgharrah: Slightly rearrange dock --- hosts/kilgharrah/plasma.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix index 6312829..bbd0878 100644 --- a/hosts/kilgharrah/plasma.nix +++ b/hosts/kilgharrah/plasma.nix @@ -53,10 +53,11 @@ in fill = false; iconSpacing = 2; launchers = lib.concatStringsSep "," [ - "applications:discord.desktop" "applications:firefox.desktop" "applications:codium-url-handler.desktop" "applications:steam.desktop" + "applications:discord.desktop" + "applications:com.obsproject.Studio.desktop" "applications:org.kde.dolphin.desktop" "applications:org.kde.konsole.desktop" "applications:org.kde.plasma-systemmonitor.desktop" From d36f33fd93cec8742ea662b7652b42d66b72e5d2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 2 Jun 2025 08:52:55 +0100 Subject: [PATCH 384/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/f9801a86d6603260940890c36650275090d1dceb?dir=pkgs/firefox-addons' (2025-05-28) → 'gitlab:rycee/nur-expressions/0a907047c5b56503dd2e889dbbb694c61b8daf25?dir=pkgs/firefox-addons' (2025-06-02) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/c621e8422220273271f52058f618c94e405bb0f5' (2025-04-01) → 'github:hercules-ci/flake-parts/49f0870db23e8c1ca0b5259734a02cd9e1e371a1' (2025-06-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/e4822aea2a6d1cdd36653c134cacfd64c97ff4fa' (2025-03-30) → 'github:nix-community/nixpkgs.lib/656a64127e9d791a334452c6b6606d17539476e2' (2025-06-01) • Updated input 'home-manager': 'github:nix-community/home-manager/83665c39fa688bd6a1f7c43cf7997a70f6a109f9' (2025-05-26) → 'github:nix-community/home-manager/282e1e029cb6ab4811114fc85110613d72771dea' (2025-05-31) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/f5b12be834874f7661db4ced969a621ab2d57971' (2025-05-28) → 'github:nix-community/home-manager/c7fdb7e90bff1a51b79c1eed458fb39e6649a82a' (2025-06-02) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/7c43f080a7f28b2774f3b3f43234ca11661bf334' (2025-05-25) → 'github:NixOS/nixpkgs/a59eb7800787c926045d51b70982ae285faa2346' (2025-05-31) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/d90ebe5aafcdd79dc9d4210aacf1ff21d4ca31c3' (2025-05-27) → 'github:NixOS/nixpkgs/c9ffdbb8d515b225169ee8bbbff2fdcb8cb6a2e5' (2025-06-01) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/62b852f6c6742134ade1abdd2a21685fd617a291' (2025-05-25) → 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/aeb017b5830518483e0081d2ac6e12dd4d787f5d' (2025-05-28) → 'github:NixOS/nixpkgs/0d0bc640d371e9e8c9914c42951b3d6522bc5dda' (2025-06-01) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/32ddd519a7ce4486e8b8b5a8b3d3262e7442ce6c' (2025-05-28) → 'github:randomnetcat/nix-configs/7db88aafc6ff326ed1987a1fc4d639820c305843' (2025-06-02) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 83eec1c..696a3cf 100644 --- a/flake.lock +++ b/flake.lock @@ -71,11 +71,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748405006, - "narHash": "sha256-pmt0SFjACJJAI8g8QU5arg2c9BXNZG9/okVwRSDJkG8=", + "lastModified": 1748837002, + "narHash": "sha256-K6//1B2kN+gZ2kOIRLqvY6LuOWHjiV7+7eFS4JNXR/g=", "owner": "rycee", "repo": "nur-expressions", - "rev": "f9801a86d6603260940890c36650275090d1dceb", + "rev": "0a907047c5b56503dd2e889dbbb694c61b8daf25", "type": "gitlab" }, "original": { @@ -91,11 +91,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1748821116, + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1748226808, - "narHash": "sha256-GaBRgxjWO1bAQa8P2+FDxG4ANBVhjnSjBms096qQdxo=", + "lastModified": 1748665073, + "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", "owner": "nix-community", "repo": "home-manager", - "rev": "83665c39fa688bd6a1f7c43cf7997a70f6a109f9", + "rev": "282e1e029cb6ab4811114fc85110613d72771dea", "type": "github" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1748391243, - "narHash": "sha256-7sCuihzsTRZemtbTXaFUoGJUfuQErhKEcL9v7HKIo1k=", + "lastModified": 1748830238, + "narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=", "owner": "nix-community", "repo": "home-manager", - "rev": "f5b12be834874f7661db4ced969a621ab2d57971", + "rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748162331, - "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=", + "lastModified": 1748708770, + "narHash": "sha256-q8jG2HJWgooWa9H0iatZqBPF3bp0504e05MevFmnFLY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334", + "rev": "a59eb7800787c926045d51b70982ae285faa2346", "type": "github" }, "original": { @@ -246,11 +246,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1748387883, - "narHash": "sha256-X5P7guNZfXJrMH/zv3rHenjML5R0JXFD4EsulXDbl5U=", + "lastModified": 1748782192, + "narHash": "sha256-bd8BQZJykfEFY5qvNWqHjVR1r2o8vlvzHz8uH7+Ea7o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d90ebe5aafcdd79dc9d4210aacf1ff21d4ca31c3", + "rev": "c9ffdbb8d515b225169ee8bbbff2fdcb8cb6a2e5", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1748190013, - "narHash": "sha256-R5HJFflOfsP5FBtk+zE8FpL8uqE7n62jqOsADvVshhE=", + "lastModified": 1748693115, + "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "62b852f6c6742134ade1abdd2a21685fd617a291", + "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", "type": "github" }, "original": { @@ -293,11 +293,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1748410535, - "narHash": "sha256-xATwKIbwrE4P61a1iVvPomVmX5npnLm6Ibc+K1tjzi4=", + "lastModified": 1748762463, + "narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aeb017b5830518483e0081d2ac6e12dd4d787f5d", + "rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda", "type": "github" }, "original": { @@ -333,11 +333,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1748397860, - "narHash": "sha256-y8P7Q6WNdKsy6yVk91wFi/897PSbclFtdVMCF4YJuQk=", + "lastModified": 1748830122, + "narHash": "sha256-HCfK60MexMb1/2IKxw4dq7wZ2GH+jNr8NKELb3m3Mac=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "32ddd519a7ce4486e8b8b5a8b3d3262e7442ce6c", + "rev": "7db88aafc6ff326ed1987a1fc4d639820c305843", "type": "github" }, "original": { From 3a9a3c40b0240835a472add9f57c6ce205d45b88 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 2 Jun 2025 14:08:52 +0100 Subject: [PATCH 385/438] kilgharrah: Slightly rearrange dock --- hosts/kilgharrah/plasma.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/kilgharrah/plasma.nix b/hosts/kilgharrah/plasma.nix index bbd0878..dba5270 100644 --- a/hosts/kilgharrah/plasma.nix +++ b/hosts/kilgharrah/plasma.nix @@ -54,7 +54,7 @@ in iconSpacing = 2; launchers = lib.concatStringsSep "," [ "applications:firefox.desktop" - "applications:codium-url-handler.desktop" + "applications:codium.desktop" "applications:steam.desktop" "applications:discord.desktop" "applications:com.obsproject.Studio.desktop" From 909f820af567d4b14519b6634433880d22fae319 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 13:28:18 +0100 Subject: [PATCH 386/438] tailscale, headscale: Use internal DNS --- common/tailscale.nix | 2 ++ hosts/kalessin/default.nix | 1 - hosts/orm/default.nix | 1 - hosts/tehanu/default.nix | 1 - hosts/yevaud/default.nix | 12 ------------ services/headscale.nix | 5 ++++- 6 files changed, 6 insertions(+), 16 deletions(-) diff --git a/common/tailscale.nix b/common/tailscale.nix index 16cffcd..2614612 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -18,4 +18,6 @@ ${lib.getExe config.services.tailscale.package} up --reset ${lib.escapeShellArgs config.services.tailscale.extraUpFlags} ''; }; + + networking.domain = "birdsong.network"; } diff --git a/hosts/kalessin/default.nix b/hosts/kalessin/default.nix index 8417425..2ff3476 100644 --- a/hosts/kalessin/default.nix +++ b/hosts/kalessin/default.nix @@ -12,7 +12,6 @@ in nixpkgs.hostPlatform = "aarch64-linux"; networking.hostName = "kalessin"; networking.hostId = "534b538e"; - networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; fountain.users.randomcat.enable = true; diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index ce4c125..31c990b 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -9,7 +9,6 @@ nixpkgs.hostPlatform = "x86_64-linux"; networking.hostName = "orm"; networking.hostId = "00000000"; - networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; fountain.admins = [ "qenya" ]; diff --git a/hosts/tehanu/default.nix b/hosts/tehanu/default.nix index 14b4151..fc1ecad 100644 --- a/hosts/tehanu/default.nix +++ b/hosts/tehanu/default.nix @@ -9,7 +9,6 @@ nixpkgs.hostPlatform = "aarch64-linux"; networking.hostName = "tehanu"; networking.hostId = "8e1185ab"; - networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; fountain.admins = [ "qenya" ]; diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 1545c62..976f95c 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -12,7 +12,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking.hostName = "yevaud"; networking.hostId = "09673d65"; - networking.domain = "birdsong.network"; fountain.users.qenya.enable = true; fountain.admins = [ "qenya" ]; @@ -47,16 +46,5 @@ }; }; - services.nginx = { - enable = true; - virtualHosts = { - "birdsong.network" = { - forceSSL = true; - enableACME = true; - locations."/".return = "301 https://git.unspecified.systems/qenya/birdsong/"; - }; - }; - }; - system.stateVersion = "23.11"; } diff --git a/services/headscale.nix b/services/headscale.nix index eeae58c..d5f2fe9 100644 --- a/services/headscale.nix +++ b/services/headscale.nix @@ -39,7 +39,10 @@ in settings = { server_url = "https://${cfg.domain}:443"; prefixes.allocation = "random"; - dns.magic_dns = false; + dns = { + magic_dns = true; + base_domain = "birdsong.network"; + }; # disable built-in ACME client tls_cert_path = null; From f11815c2b1821db864bc1a2af42a63b1698aab77 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 16:22:44 +0100 Subject: [PATCH 387/438] yevaud/pennykettle: Re-enable, update for 25.05, fix IPv6 --- hosts/yevaud/default.nix | 3 +- hosts/yevaud/experiments/pennykettle.nix | 39 +++++++++++++++--------- 2 files changed, 26 insertions(+), 16 deletions(-) diff --git a/hosts/yevaud/default.nix b/hosts/yevaud/default.nix index 976f95c..6834203 100644 --- a/hosts/yevaud/default.nix +++ b/hosts/yevaud/default.nix @@ -5,8 +5,7 @@ ./hardware-configuration.nix ./networking.nix - # TODO: this breaks external IPv6 somehow - # ./experiments/pennykettle.nix + ./experiments/pennykettle.nix ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 98e84c6..53f7661 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -2,15 +2,30 @@ { networking.nat.enable = true; + networking.nat.enableIPv6 = true; networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; networking.nat.externalInterface = "ens3"; networking.firewall.allowedUDPPorts = [ 51821 ]; + + # RA = Router Advertisement (how a host finds a gateway IPv6 address for + # SLAAC or DHCPv6). + # networkd usually defaults this to true, but instead defaults it to false + # for ALL networks if ANY network has IPv6Forwarding enabled, on the + # (reasonable) assumption that a host doing IP forwarding is probably a + # network bridge. + # The kernel's RA implementation does this too, and the NixOS networking.nat + # module explicitly overrides that with sysctl, but networkd doesn't pay + # attention to that. + # We thus explicitly enable it, as otherwise external IPv6 is broken. + systemd.network.networks."40-ens3".networkConfig.IPv6AcceptRA = true; containers."pennykettle1" = { privateNetwork = true; extraVeths."ve-pennykettle1" = { - hostAddress = "10.235.1.1"; - localAddress = "10.235.2.1"; + hostAddress = "10.231.136.1"; + localAddress = "10.231.136.2"; + hostAddress6 = "fc00::1"; + localAddress6 = "fc00::2"; forwardPorts = [{ hostPort = 51821; }]; }; ephemeral = true; @@ -30,13 +45,11 @@ networks."10-ve" = { matchConfig.Name = "ve-pennykettle1"; - networkConfig.Address = "10.235.2.1/32"; + networkConfig.Address = [ "10.231.136.2/24" "fc00::2/64" ]; # linkConfig.RequiredForOnline = "routable"; routes = [{ - routeConfig = { - Gateway = "10.235.1.1"; - Destination = "217.138.216.162/32"; - }; + Gateway = [ "10.231.136.1" "fc00::1" ]; + Destination = "217.138.216.162"; }]; }; @@ -64,12 +77,10 @@ PrivateKeyFile = "/run/secrets/wg-key"; }; wireguardPeers = [{ - wireguardPeerConfig = { - PublicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; - AllowedIPs = "0.0.0.0/0"; - Endpoint = "217.138.216.162:51820"; - PersistentKeepalive = 5; - }; + PublicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; + AllowedIPs = "0.0.0.0/0"; + Endpoint = "217.138.216.162:51820"; + PersistentKeepalive = 5; }]; }; }; @@ -82,4 +93,4 @@ group = "systemd-network"; mode = "640"; }; -} \ No newline at end of file +} From dbb7af784660b75add315c7d1a73f859d871eff0 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 16:45:38 +0100 Subject: [PATCH 388/438] tailscale: Supply SSH known_hosts --- common/tailscale.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/common/tailscale.nix b/common/tailscale.nix index 2614612..388a55b 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -18,6 +18,21 @@ ${lib.getExe config.services.tailscale.package} up --reset ${lib.escapeShellArgs config.services.tailscale.extraUpFlags} ''; }; - + networking.domain = "birdsong.network"; + + programs.ssh.knownHosts = { + "reese.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd0qGxvcMLDwX1bqYpwOUL5c/CIgBllMFr+bGkwiwAn root@reese"; }; + "bear.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ9Kn1CIcDHaleKHf7zO6O30Rbxs/FwL0/Ie+mEjZJr root@bear"; }; + "shaw.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; }; + "groves.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQNZ/Q+x7mDYfYXftpZpWkfPByyMBbYmVFobM4vSDW2 root@groves"; }; + "tohru.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; }; + "yevaud.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; }; + "orm.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; }; + "kalessin.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; }; + "tehanu.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fNylfLo7Z8m/DroRlj7cHMLhYL7boP3r/upVrtMJQ root@tehanu"; }; + "kilgharrah.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; }; + "elucredassa.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; }; + "carter.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHHHYG6A995Po05+JXQsvB79ZoIiSOJnW6AiJgVYPic root@carter"; }; + }; } From 41cc006b9665ad7dd51ad6c6c8979fca4a98cd6b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 16:58:28 +0100 Subject: [PATCH 389/438] treewide: Remove birdsong in favour of Tailscale --- flake.lock | 17 ----------------- flake.nix | 3 --- hosts/elucredassa/networking.nix | 12 ------------ hosts/kalessin/networking.nix | 12 ------------ hosts/kilgharrah/networking.nix | 13 ------------- hosts/orm/default.nix | 10 ++++------ hosts/orm/networking.nix | 12 ------------ hosts/tohru/networking.nix | 13 ------------- hosts/yevaud/networking.nix | 12 ------------ secrets.nix | 5 ----- secrets/wireguard-peer-kalessin.age | 9 --------- secrets/wireguard-peer-kalessin.pub | 1 - secrets/wireguard-peer-kilgharrah.age | 9 --------- secrets/wireguard-peer-kilgharrah.pub | 1 - secrets/wireguard-peer-orm.age | 10 ---------- secrets/wireguard-peer-orm.pub | 1 - secrets/wireguard-peer-tohru.age | 9 --------- secrets/wireguard-peer-tohru.pub | 1 - secrets/wireguard-peer-yevaud.age | 10 ---------- secrets/wireguard-peer-yevaud.pub | 1 - 20 files changed, 4 insertions(+), 157 deletions(-) delete mode 100644 secrets/wireguard-peer-kalessin.age delete mode 100644 secrets/wireguard-peer-kalessin.pub delete mode 100644 secrets/wireguard-peer-kilgharrah.age delete mode 100644 secrets/wireguard-peer-kilgharrah.pub delete mode 100644 secrets/wireguard-peer-orm.age delete mode 100644 secrets/wireguard-peer-orm.pub delete mode 100644 secrets/wireguard-peer-tohru.age delete mode 100644 secrets/wireguard-peer-tohru.pub delete mode 100644 secrets/wireguard-peer-yevaud.age delete mode 100644 secrets/wireguard-peer-yevaud.pub diff --git a/flake.lock b/flake.lock index 696a3cf..9e42292 100644 --- a/flake.lock +++ b/flake.lock @@ -23,22 +23,6 @@ "type": "github" } }, - "birdsong": { - "locked": { - "lastModified": 1747153132, - "narHash": "sha256-sGFCyWhTcI4TP+4ZlZniBEF41NWyKrojfpsHP7ld54c=", - "ref": "main", - "rev": "9955b1ae4eb0cbeff2ae0ed6520e651753880445", - "revCount": 23, - "type": "git", - "url": "https://git.qenya.tel/qenya/birdsong" - }, - "original": { - "ref": "main", - "type": "git", - "url": "https://git.qenya.tel/qenya/birdsong" - } - }, "colmena": { "inputs": { "flake-compat": [], @@ -349,7 +333,6 @@ "root": { "inputs": { "agenix": "agenix", - "birdsong": "birdsong", "colmena": "colmena", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", diff --git a/flake.nix b/flake.nix index 3766dee..3fcba00 100644 --- a/flake.nix +++ b/flake.nix @@ -54,8 +54,6 @@ inputs.nixpkgs.follows = "nixpkgs-unstable"; }; - birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main"; - scoutshonour = { url = "git+https://git.qenya.tel/qenya/nix-scoutshonour?ref=main"; inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -149,7 +147,6 @@ imports = [ inputs.lix-module.nixosModules.default inputs.agenix.nixosModules.default - inputs.birdsong.nixosModules.default ./common ./services (builtins.toPath "${inputs.randomcat}/services/default.nix") diff --git a/hosts/elucredassa/networking.nix b/hosts/elucredassa/networking.nix index 6e7ace7..82b4e96 100644 --- a/hosts/elucredassa/networking.nix +++ b/hosts/elucredassa/networking.nix @@ -33,16 +33,4 @@ networkConfig.Address = [ "2001:470:1f1c:3e::2/64" ]; routes = [{ Destination = [ "::/0" ]; }]; }; - - birdsong.peering = { - enable = true; - privateKeyFile = "/etc/wireguard/privatekey"; - persistentKeepalive = 29; - }; - - # restricted to fit within the 6in4 tunnel - systemd.network.netdevs."30-birdsong".netdevConfig.MTUBytes = 1280; - # these two lines work around this bug: https://github.com/NixOS/nixpkgs/issues/375960 - systemd.network.netdevs."30-birdsong".netdevConfig.Kind = "wireguard"; - systemd.network.netdevs."30-birdsong".netdevConfig.Name = "wg-birdsong"; } diff --git a/hosts/kalessin/networking.nix b/hosts/kalessin/networking.nix index b5ce574..3c27781 100644 --- a/hosts/kalessin/networking.nix +++ b/hosts/kalessin/networking.nix @@ -3,16 +3,4 @@ { networking.useNetworkd = true; networking.interfaces.enp0s6.useDHCP = true; - - age.secrets.wireguard-peer-kalessin = { - file = ../../secrets/wireguard-peer-kalessin.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-kalessin.path; - }; } diff --git a/hosts/kilgharrah/networking.nix b/hosts/kilgharrah/networking.nix index f9ae666..2db377f 100644 --- a/hosts/kilgharrah/networking.nix +++ b/hosts/kilgharrah/networking.nix @@ -12,17 +12,4 @@ }; linkConfig.RequiredForOnline = "routable"; }; - - age.secrets.wireguard-peer-kilgharrah = { - file = ../../secrets/wireguard-peer-kilgharrah.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-kilgharrah.path; - persistentKeepalive = 31; - }; } diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix index 31c990b..dc696e9 100644 --- a/hosts/orm/default.nix +++ b/hosts/orm/default.nix @@ -44,17 +44,15 @@ # TODO: fix SSL # ssl = true; }; - # only allow remote connections from within birdsong vpn - # TODO: don't hardcode the IP addresses - # TODO: move to tailscale + # only allow remote connections from within Tailscale authentication = pkgs.lib.mkOverride 10 '' #type database DBuser auth-method local all all trust # used by nixos for local monitoring - host sameuser all 10.127.0.0/16 scram-sha-256 - host sameuser all fd70:81ca:f8f::/48 scram-sha-256 + host sameuser all 100.64.0.0/10 scram-sha-256 + host sameuser all fd7a:115c:a1e0::/48 scram-sha-256 ''; }; - networking.firewall.interfaces."wg-birdsong".allowedTCPPorts = [ 5432 ]; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 5432 ]; qenya.services.actual = { enable = true; diff --git a/hosts/orm/networking.nix b/hosts/orm/networking.nix index d69a0ae..9423165 100644 --- a/hosts/orm/networking.nix +++ b/hosts/orm/networking.nix @@ -3,16 +3,4 @@ { networking.useNetworkd = true; networking.interfaces.ens3.useDHCP = true; - - age.secrets.wireguard-peer-orm = { - file = ../../secrets/wireguard-peer-orm.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-orm.path; - }; } diff --git a/hosts/tohru/networking.nix b/hosts/tohru/networking.nix index 6042cc8..be3822f 100644 --- a/hosts/tohru/networking.nix +++ b/hosts/tohru/networking.nix @@ -5,17 +5,4 @@ systemd.network.wait-online.enable = false; networking.networkmanager.enable = true; - - age.secrets.wireguard-peer-tohru = { - file = ../../secrets/wireguard-peer-tohru.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-tohru.path; - persistentKeepalive = 23; - }; } diff --git a/hosts/yevaud/networking.nix b/hosts/yevaud/networking.nix index 31e1de8..9423165 100644 --- a/hosts/yevaud/networking.nix +++ b/hosts/yevaud/networking.nix @@ -3,16 +3,4 @@ { networking.useNetworkd = true; networking.interfaces.ens3.useDHCP = true; - - age.secrets.wireguard-peer-yevaud = { - file = ../../secrets/wireguard-peer-yevaud.age; - owner = "root"; - group = "systemd-network"; - mode = "640"; - }; - - birdsong.peering = { - enable = true; - privateKeyFile = config.age.secrets.wireguard-peer-yevaud.path; - }; } diff --git a/secrets.nix b/secrets.nix index 61abf6e..25ba859 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,11 +5,6 @@ let ftp-userDb-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; user-password-kilgharrah-qenya = [ machines.kilgharrah ] ++ keys.users.qenya; user-password-tohru-qenya = [ machines.tohru ] ++ keys.users.qenya; - wireguard-peer-orm = [ machines.orm ] ++ keys.users.qenya; - wireguard-peer-tohru = [ machines.tohru ] ++ keys.users.qenya; - wireguard-peer-yevaud = [ machines.yevaud ] ++ keys.users.qenya; - wireguard-peer-kalessin = [ machines.kalessin ] ++ keys.users.qenya; - wireguard-peer-kilgharrah = [ machines.kilgharrah ] ++ keys.users.qenya; protonvpn-pennykettle1 = [ machines.yevaud ] ++ keys.users.qenya; }; in diff --git a/secrets/wireguard-peer-kalessin.age b/secrets/wireguard-peer-kalessin.age deleted file mode 100644 index 3c7eb17..0000000 --- a/secrets/wireguard-peer-kalessin.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 QjA8rQ eBORfw+iHPPMYgYQc2gTD9j/QEr36fVFCGYtVX2bGBQ -TH/XvVgv7ugjzL6a8bffLq/dj5IUbZtCXkJ+XefxURc --> ssh-ed25519 seJ9Iw fLYNcU2XjiryoOx1gEH9pDMOpfmLsvrcslplL2fFwCI -Wn5KlABSx6mJYvVKO5zXq4VA0SIV5s5WztPIwGLFWG0 --> ssh-ed25519 900ILw wW6lbItZyxelxyTXVLIkInWshc4DtOjGelcm4ixE8kg -/F7kp3AS68QHBitbkZGm9CNF26uw+GtdrTTyYiW6/6E ---- 4t+IrAJ6k/x8FMXiELoDXJICWv7QUcwBRmzKEt+/1+I -:wQOrŽ:P˄9GTrc|6|4 }ҟ3c΀-J-! \ No newline at end of file diff --git a/secrets/wireguard-peer-kalessin.pub b/secrets/wireguard-peer-kalessin.pub deleted file mode 100644 index 0c05923..0000000 --- a/secrets/wireguard-peer-kalessin.pub +++ /dev/null @@ -1 +0,0 @@ -9vyIoXuu1UVjV+aFeuX9LoHRBeAAsiHbrLmYQY4nsQQ= diff --git a/secrets/wireguard-peer-kilgharrah.age b/secrets/wireguard-peer-kilgharrah.age deleted file mode 100644 index 46cb858..0000000 --- a/secrets/wireguard-peer-kilgharrah.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 5PK5ag WsUZWedml5fBAIEog+puLADcitY0uKJttT7ABUIjnnY -IZbF1yTctMOJWOW7A/EIlMC1pfpFR5TLghShF4wpXW8 --> ssh-ed25519 seJ9Iw OHLAn4ZU6QZ/rv0kzh3q2A502XbNtCt05tJUSnv2MhY -OQ2kxhsFGmCKHlVINHdbDRKbAOFWaSFmf/epGcUJLuE --> ssh-ed25519 900ILw CcGgENZiqjRLC7pJSzfluC38thwWX/iTeWc9dPgHcjw -Q+IWIEfOaros+rDLJIbzdOndLZMACQjVqebIrYsjvnc ---- uhddG2mrqw+pfDInK0hrzH6BuT2CfmUw/QAkhLD24YY -:g~4buڒ%!4Kړӑ^ƕ`Aj!_Pw#@"7{%Yo \ No newline at end of file diff --git a/secrets/wireguard-peer-kilgharrah.pub b/secrets/wireguard-peer-kilgharrah.pub deleted file mode 100644 index fa1c28f..0000000 --- a/secrets/wireguard-peer-kilgharrah.pub +++ /dev/null @@ -1 +0,0 @@ -LXQVU0MFKVO/mml5krHnf6NcL4GxF6XFJmvpmjrLBFA= diff --git a/secrets/wireguard-peer-orm.age b/secrets/wireguard-peer-orm.age deleted file mode 100644 index 10fd49b..0000000 --- a/secrets/wireguard-peer-orm.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 l/RSAw d62ed4GntqcH7w0Qm7La/1GXBnWbAkrHekt3R/ssuwY -4XrxbvJ4CjPJuJ7oGuoxuhb2/VTI6XUjvI0XQmamtPk --> ssh-ed25519 seJ9Iw ykj+pdFOkHdCxaotW+SxWQzK6VMMbSaREbx9r7rMIl0 -XEB7ic2SlNQf6C0M3rm9h9D04FYtDkeBobZWnbgQDck --> ssh-ed25519 900ILw 29vJoPdoyapdB47hK5p1u4daaJbNrwAv+7ndoPB6VCo -m+sOCPiD3MbEJycIgLa24QU5ILna9UI5Luigvv9k2T4 ---- 7HDSsngCFsU9GywCc+8/txXsBwcoFWZ7D4/iTbSbtzs -er\#Zf\zd Wu( 5x_#N̫ -0yDDa+>FӈX^u8e \ No newline at end of file diff --git a/secrets/wireguard-peer-orm.pub b/secrets/wireguard-peer-orm.pub deleted file mode 100644 index c6f541c..0000000 --- a/secrets/wireguard-peer-orm.pub +++ /dev/null @@ -1 +0,0 @@ -birdLVh8roeZpcVo308Ums4l/aibhAxbi7MBsglkJyA= diff --git a/secrets/wireguard-peer-tohru.age b/secrets/wireguard-peer-tohru.age deleted file mode 100644 index f12a515..0000000 --- a/secrets/wireguard-peer-tohru.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yZzWlg o1Jax+v/jJ2ayNLw0Z97iA1sjZrK5t266LyZYaj/3nk -rTjIt9vcSdkOohnDBbFMR5iJnJGlIEQU34h1SafofeI --> ssh-ed25519 seJ9Iw 2EsG0EUBCiaPk/mgADGydGGX72K1q9hKDj/abp8nvVw -5CMR/jpg1o9uQ986L+An6x60SnUrVGVVXXo+CCU3UfE --> ssh-ed25519 900ILw InEzPKOEkoQ/tp4T3mo9/TMvWtLYqlsdkdV4fhkBLwg -xCupfNr2jilKtPnjBYv234qUE6ont4ofgY3bwtQUY6I ---- 4c4R1a8GkNXDS4zThBBIKvMrXK3zqNvc7hK8VWLCB4I -ٳ ۫-ڮV+ 3~8LRՂ 2Rb6"OpMO5C&.EE1_{ \ No newline at end of file diff --git a/secrets/wireguard-peer-tohru.pub b/secrets/wireguard-peer-tohru.pub deleted file mode 100644 index 6930ed6..0000000 --- a/secrets/wireguard-peer-tohru.pub +++ /dev/null @@ -1 +0,0 @@ -lk3PCQM1jmZoI8sM/rWSyKNuZOUnjox3n9L9geJD+18= diff --git a/secrets/wireguard-peer-yevaud.age b/secrets/wireguard-peer-yevaud.age deleted file mode 100644 index f85c4b0..0000000 --- a/secrets/wireguard-peer-yevaud.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 uJfgGw PrfPHcOs1dZCPi2rdkj1Ep2eAQS54LRiNizpfECwbD8 -JWjQDy22aRWJpLxCqmbO8+Qf7uUe419uwBHQSdlZkW8 --> ssh-ed25519 seJ9Iw DMpu+V3zziwZNwGFl0VBddbAxOy3BjzqiH1ifNm50xA -U+F1KGWiuwPGG8W2C3/bV870z4teKbPYS8Avhnfz/Jw --> ssh-ed25519 900ILw CtQ5lpYLMQXGbTWWmz2f4Ya/LWg1cYETOn9yq6p7eX4 -L1tS98YRFqe43XGBRxvnZFOzsC1crcL9kbHI2y5UFwE ---- jHmFvmZH+RuZo+PFDyQyaiLi85Q8akJsOC0xpM0Raj4 -z~}_PTx)P|,%Z 9sΦQ(bmoY?VY -aXR \ No newline at end of file diff --git a/secrets/wireguard-peer-yevaud.pub b/secrets/wireguard-peer-yevaud.pub deleted file mode 100644 index 871b993..0000000 --- a/secrets/wireguard-peer-yevaud.pub +++ /dev/null @@ -1 +0,0 @@ -YPJsIs9x4wuWdFi/QRWSJbWvKE0GQAfVL4MNMqHygDw= From 5fb39104e2e6debfe38a6fe454c6b456aeaa960e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 17:04:53 +0100 Subject: [PATCH 390/438] distributed-builds: Use Tailscale DNS --- services/distributed-builds.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/distributed-builds.nix b/services/distributed-builds.nix index ec5f001..025a0f0 100644 --- a/services/distributed-builds.nix +++ b/services/distributed-builds.nix @@ -35,7 +35,7 @@ in nix.buildMachines = (optional (elem "kalessin" cfg.builders) { - hostName = "100.108.149.33"; # TODO: get tailscale internal DNS up + hostName = "kalessin.birdsong.network"; sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "aarch64-linux" ]; @@ -43,7 +43,7 @@ in supportedFeatures = [ "big-parallel" ]; }) ++ (optional (elem "kilgharrah" cfg.builders) { - hostName = "100.92.127.92"; # TODO: get tailscale internal DNS up + hostName = "kilgharrah.birdsong.network"; sshUser = "remotebuild"; sshKey = cfg.keyFile; systems = [ "x86_64-linux" ]; From d43962290d761b88964e726e48571d2be89bb686 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 17:13:50 +0100 Subject: [PATCH 391/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/df694ee23be7ed7b2d8b42c245a640f0724eb06c' (2025-05-09) → 'github:zhaofengli/colmena/58f1beb074881d7208def140af71b7864b6139e0' (2025-06-08) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/0a907047c5b56503dd2e889dbbb694c61b8daf25?dir=pkgs/firefox-addons' (2025-06-02) → 'gitlab:rycee/nur-expressions/fe13e6abfe72b39ad8381595c3c404849330c3cb?dir=pkgs/firefox-addons' (2025-06-09) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/49f0870db23e8c1ca0b5259734a02cd9e1e371a1' (2025-06-01) → 'github:hercules-ci/flake-parts/9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569' (2025-06-08) • Updated input 'home-manager': 'github:nix-community/home-manager/282e1e029cb6ab4811114fc85110613d72771dea' (2025-05-31) → 'github:nix-community/home-manager/7aae0ee71a17b19708b93b3ed448a1a0952bf111' (2025-06-05) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/c7fdb7e90bff1a51b79c1eed458fb39e6649a82a' (2025-06-02) → 'github:nix-community/home-manager/74d196c9943a67908d1883f61154e594d03863e5' (2025-06-09) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a59eb7800787c926045d51b70982ae285faa2346' (2025-05-31) → 'github:NixOS/nixpkgs/70c74b02eac46f4e4aa071e45a6189ce0f6d9265' (2025-06-06) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/c9ffdbb8d515b225169ee8bbbff2fdcb8cb6a2e5' (2025-06-01) → 'github:NixOS/nixpkgs/2b41bf05854399433a852b438bb5392dc56cbaba' (2025-06-07) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/910796cabe436259a29a72e8d3f5e180fc6dfacc' (2025-05-31) → 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/0d0bc640d371e9e8c9914c42951b3d6522bc5dda' (2025-06-01) → 'github:NixOS/nixpkgs/0fc422d6c394191338c9d6a05786c63fc52a0f29' (2025-06-08) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/7db88aafc6ff326ed1987a1fc4d639820c305843' (2025-06-02) → 'github:randomnetcat/nix-configs/3cc561e5c7c463785f0e79a518572afaa74c8377' (2025-06-09) --- flake.lock | 60 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/flake.lock b/flake.lock index 9e42292..f901e43 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1746816769, - "narHash": "sha256-ymQzXrfHVT8/RJiGbfrNjEeuzXQan46lUJdxEhgivdM=", + "lastModified": 1749409980, + "narHash": "sha256-I/Tvv5UN5DRYXTEy/+j7mYRsdoWQ+rCfrVoNEw0K/Ek=", "owner": "zhaofengli", "repo": "colmena", - "rev": "df694ee23be7ed7b2d8b42c245a640f0724eb06c", + "rev": "58f1beb074881d7208def140af71b7864b6139e0", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1748837002, - "narHash": "sha256-K6//1B2kN+gZ2kOIRLqvY6LuOWHjiV7+7eFS4JNXR/g=", + "lastModified": 1749441800, + "narHash": "sha256-bN4tccrmczfR4PUuepHpxNNmWG3cLZTFIt4BaD8YyvA=", "owner": "rycee", "repo": "nur-expressions", - "rev": "0a907047c5b56503dd2e889dbbb694c61b8daf25", + "rev": "fe13e6abfe72b39ad8381595c3c404849330c3cb", "type": "gitlab" }, "original": { @@ -75,11 +75,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1748821116, - "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1748665073, - "narHash": "sha256-RMhjnPKWtCoIIHiuR9QKD7xfsKb3agxzMfJY8V9MOew=", + "lastModified": 1749154018, + "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", "owner": "nix-community", "repo": "home-manager", - "rev": "282e1e029cb6ab4811114fc85110613d72771dea", + "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1748830238, - "narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=", + "lastModified": 1749483884, + "narHash": "sha256-HdyfdVx0NbgrVtLY4lXdX9X/YE3PZjGZFnSyoAy1GJc=", "owner": "nix-community", "repo": "home-manager", - "rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a", + "rev": "74d196c9943a67908d1883f61154e594d03863e5", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748708770, - "narHash": "sha256-q8jG2HJWgooWa9H0iatZqBPF3bp0504e05MevFmnFLY=", + "lastModified": 1749237914, + "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a59eb7800787c926045d51b70982ae285faa2346", + "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1748782192, - "narHash": "sha256-bd8BQZJykfEFY5qvNWqHjVR1r2o8vlvzHz8uH7+Ea7o=", + "lastModified": 1749330319, + "narHash": "sha256-5UnNMREFRBA2UHakpk2naiCvZCW0LtZ5GMzl3u9V9HA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c9ffdbb8d515b225169ee8bbbff2fdcb8cb6a2e5", + "rev": "2b41bf05854399433a852b438bb5392dc56cbaba", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1748693115, - "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=", + "lastModified": 1749285348, + "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc", + "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1748762463, - "narHash": "sha256-rb8vudY2u0SgdWh83SAhM5QZT91ZOnvjOLGTO4pdGTc=", + "lastModified": 1749411262, + "narHash": "sha256-gRBkeW9l5lb/90lv1waQFNT+18OhITs11HENarh6vNo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0d0bc640d371e9e8c9914c42951b3d6522bc5dda", + "rev": "0fc422d6c394191338c9d6a05786c63fc52a0f29", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1748830122, - "narHash": "sha256-HCfK60MexMb1/2IKxw4dq7wZ2GH+jNr8NKELb3m3Mac=", + "lastModified": 1749435035, + "narHash": "sha256-hgkMTlwU1HGcGcP6Z8vuMupIBOZxqy2bX60TusJEnJA=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "7db88aafc6ff326ed1987a1fc4d639820c305843", + "rev": "3cc561e5c7c463785f0e79a518572afaa74c8377", "type": "github" }, "original": { From 45831f553bed5ed2f2b919a2b510e55068cb7822 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 18:02:02 +0100 Subject: [PATCH 392/438] ssh: Read host keys from data file; rename from openssh --- common/default.nix | 2 +- common/openssh.nix | 11 ----------- common/ssh.nix | 21 +++++++++++++++++++++ common/tailscale.nix | 15 --------------- keys.nix | 11 ++++++++--- 5 files changed, 30 insertions(+), 30 deletions(-) delete mode 100644 common/openssh.nix create mode 100644 common/ssh.nix diff --git a/common/default.nix b/common/default.nix index 5118c86..6b78942 100644 --- a/common/default.nix +++ b/common/default.nix @@ -9,10 +9,10 @@ ./misc.nix ./nginx.nix ./nix.nix - ./openssh.nix ./packages.nix ./sanoid.nix ./security.nix + ./ssh.nix ./steam.nix ./tailscale.nix ]; diff --git a/common/openssh.nix b/common/openssh.nix deleted file mode 100644 index 195277e..0000000 --- a/common/openssh.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - }; -} \ No newline at end of file diff --git a/common/ssh.nix b/common/ssh.nix new file mode 100644 index 0000000..26b752d --- /dev/null +++ b/common/ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +let + inherit (lib) concatMapAttrs; + keys = import ../keys.nix; +in +{ + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + + programs.ssh.knownHosts = concatMapAttrs + (host: key: { + "${host}.birdsong.network".publicKey = key; + }) + keys.machines; +} diff --git a/common/tailscale.nix b/common/tailscale.nix index 388a55b..1fa1da8 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -20,19 +20,4 @@ }; networking.domain = "birdsong.network"; - - programs.ssh.knownHosts = { - "reese.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd0qGxvcMLDwX1bqYpwOUL5c/CIgBllMFr+bGkwiwAn root@reese"; }; - "bear.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ9Kn1CIcDHaleKHf7zO6O30Rbxs/FwL0/Ie+mEjZJr root@bear"; }; - "shaw.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; }; - "groves.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQNZ/Q+x7mDYfYXftpZpWkfPByyMBbYmVFobM4vSDW2 root@groves"; }; - "tohru.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; }; - "yevaud.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; }; - "orm.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; }; - "kalessin.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; }; - "tehanu.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fNylfLo7Z8m/DroRlj7cHMLhYL7boP3r/upVrtMJQ root@tehanu"; }; - "kilgharrah.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; }; - "elucredassa.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; }; - "carter.birdsong.network" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHHHYG6A995Po05+JXQsvB79ZoIiSOJnW6AiJgVYPic root@carter"; }; - }; } diff --git a/keys.nix b/keys.nix index f3819ac..cba8c49 100644 --- a/keys.nix +++ b/keys.nix @@ -1,12 +1,17 @@ { machines = { - kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; - elucredassa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; + reese = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd0qGxvcMLDwX1bqYpwOUL5c/CIgBllMFr+bGkwiwAn root@reese"; + bear = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZ9Kn1CIcDHaleKHf7zO6O30Rbxs/FwL0/Ie+mEjZJr root@bear"; + shaw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; + groves = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQNZ/Q+x7mDYfYXftpZpWkfPByyMBbYmVFobM4vSDW2 root@groves"; tohru = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOk8wuGzF0Y7SaH9aimo3SmCz99MTQwL+rEVhx0jsueU root@tohru"; yevaud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICHUAgyQhl390yUObLUI+jEbuNrZ2U6+8px628DolD+T root@yevaud"; orm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc9rkcdOVWozBFj3kLVnSyUQQbyyH+UG+bLawanQkRQ root@orm"; kalessin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOPt3iSSmgnlsv1/jafgZgI7o8UuXzcAL45hID2ThfS8 root@kalessin"; - shaw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMC0AomCZZiUV/BCpImiV4p/vGvFaz5QNc+fJLXmS5p root@shaw"; + tehanu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ1fNylfLo7Z8m/DroRlj7cHMLhYL7boP3r/upVrtMJQ root@tehanu"; + kilgharrah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgGF3gzzlMbxxk3UAAgHJ7sDdjqtrw7UW16M1XhXtz2 root@kilgharrah"; + elucredassa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA+Y/vqGNc1wXUAg4XMAAcLupkggywj2LpYDwA16ONbH root@elucredassa"; + carter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHHHYG6A995Po05+JXQsvB79ZoIiSOJnW6AiJgVYPic root@carter"; }; users = { From fd31dbed5aec1869a927a38a3f0c21abe19e3e5d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 9 Jun 2025 23:25:53 +0100 Subject: [PATCH 393/438] backup: Offload DNS & SSH host key to other modules --- flake/backup.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/flake/backup.nix b/flake/backup.nix index dddda69..6a103aa 100644 --- a/flake/backup.nix +++ b/flake/backup.nix @@ -95,8 +95,7 @@ in (name: sync: let inherit (sync) dataset sourceHost targetHost source target; - # TODO: don't want to have to dig into the node config for the fqdn - sourceFqdn = config.flake.nixosConfigurations.${sourceHost}.config.networking.fqdn; + sourceFqdn = "${sourceHost}.birdsong.network"; in { ${sourceHost} = { pkgs, ... }: { @@ -128,9 +127,6 @@ in }; }; }; - - # TODO: this should be handled by a networking module - programs.ssh.knownHosts.${sourceFqdn}.publicKey = keys.machines.${sourceHost}; }; }) cfg.sync From c55df8785a39288da8ea6a6b0a57209d1a4d4fca Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 15 Jun 2025 17:52:24 +0100 Subject: [PATCH 394/438] tohru: Uninstall amberol --- hosts/tohru/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index dd1f21f..96b6c09 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -43,7 +43,6 @@ in home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ keepassxc - amberol foliate nicotine-plus From 2347ba609d7b988f641f0bdbc86d9e2b2a4102c8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Jun 2025 08:15:24 +0100 Subject: [PATCH 395/438] tohru: Install Apostrophe, Tuba --- hosts/tohru/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/tohru/default.nix b/hosts/tohru/default.nix index 96b6c09..f9ee12c 100644 --- a/hosts/tohru/default.nix +++ b/hosts/tohru/default.nix @@ -43,8 +43,10 @@ in home-manager.users.qenya = { pkgs, ... }: { home.packages = with pkgs; [ keepassxc + apostrophe foliate nicotine-plus + tuba # games openttd From dfe00fabb4d162995001894728cd85ba22ec3fcc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 16 Jun 2025 15:54:15 +0100 Subject: [PATCH 396/438] yevaud/pennykettle: Minor fixes to port forwarding --- hosts/yevaud/experiments/pennykettle.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 53f7661..883c458 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -5,8 +5,15 @@ networking.nat.enableIPv6 = true; networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; networking.nat.externalInterface = "ens3"; + networking.nat.forwardPorts = [ + { + sourcePort = 51821; + destination = "[fc00::2]:51821"; + proto = "udp"; + } + ]; networking.firewall.allowedUDPPorts = [ 51821 ]; - + # RA = Router Advertisement (how a host finds a gateway IPv6 address for # SLAAC or DHCPv6). # networkd usually defaults this to true, but instead defaults it to false @@ -26,7 +33,6 @@ localAddress = "10.231.136.2"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::2"; - forwardPorts = [{ hostPort = 51821; }]; }; ephemeral = true; autoStart = true; @@ -46,7 +52,7 @@ networks."10-ve" = { matchConfig.Name = "ve-pennykettle1"; networkConfig.Address = [ "10.231.136.2/24" "fc00::2/64" ]; - # linkConfig.RequiredForOnline = "routable"; + linkConfig.RequiredForOnline = "yes"; routes = [{ Gateway = [ "10.231.136.1" "fc00::1" ]; Destination = "217.138.216.162"; @@ -56,7 +62,6 @@ networks."30-protonvpn" = { matchConfig.Name = "wg-protonvpn"; networkConfig = { - DefaultRouteOnDevice = true; Address = [ "10.2.0.2/32" ]; DNS = "10.2.0.1"; }; @@ -64,6 +69,10 @@ RequiredForOnline = "yes"; ActivationPolicy = "always-up"; }; + routes = [ + { Gateway = [ "0.0.0.0" ]; } + { Gateway = [ "::" ]; } + ]; }; netdevs."30-protonvpn" = { From 9cf30613f459e53e5ab90b5e16ad6a8a4fa0284c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 16 Jun 2025 20:35:07 +0100 Subject: [PATCH 397/438] yevaud: Disable networkd Just so much more trouble than it's worth - NixOS containers are really not designed to work with it --- hosts/yevaud/experiments/pennykettle.nix | 12 ------------ hosts/yevaud/networking.nix | 1 - 2 files changed, 13 deletions(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 883c458..cf705e8 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -14,18 +14,6 @@ ]; networking.firewall.allowedUDPPorts = [ 51821 ]; - # RA = Router Advertisement (how a host finds a gateway IPv6 address for - # SLAAC or DHCPv6). - # networkd usually defaults this to true, but instead defaults it to false - # for ALL networks if ANY network has IPv6Forwarding enabled, on the - # (reasonable) assumption that a host doing IP forwarding is probably a - # network bridge. - # The kernel's RA implementation does this too, and the NixOS networking.nat - # module explicitly overrides that with sysctl, but networkd doesn't pay - # attention to that. - # We thus explicitly enable it, as otherwise external IPv6 is broken. - systemd.network.networks."40-ens3".networkConfig.IPv6AcceptRA = true; - containers."pennykettle1" = { privateNetwork = true; extraVeths."ve-pennykettle1" = { diff --git a/hosts/yevaud/networking.nix b/hosts/yevaud/networking.nix index 9423165..d54ca7f 100644 --- a/hosts/yevaud/networking.nix +++ b/hosts/yevaud/networking.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: { - networking.useNetworkd = true; networking.interfaces.ens3.useDHCP = true; } From 7e61ad0aacaaebfe0472255e90d9eb3466b20b56 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 16 Jun 2025 20:35:33 +0100 Subject: [PATCH 398/438] yevaud/pennykettle: Fix IPv6 again --- hosts/yevaud/experiments/pennykettle.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index cf705e8..a8e2d45 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -75,7 +75,7 @@ }; wireguardPeers = [{ PublicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; - AllowedIPs = "0.0.0.0/0"; + AllowedIPs = [ "0.0.0.0/0" "::/0" ]; Endpoint = "217.138.216.162:51820"; PersistentKeepalive = 5; }]; From a7052e1b8f99dbcf6a95d15f2ef537f3a2f0382b Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Jun 2025 12:01:37 +0100 Subject: [PATCH 399/438] yevaud/pennykettle: Run SOCKS server --- hosts/yevaud/experiments/pennykettle.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index a8e2d45..77e6b23 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -59,7 +59,7 @@ }; routes = [ { Gateway = [ "0.0.0.0" ]; } - { Gateway = [ "::" ]; } + { Gateway = [ "::" ]; } # TODO: ipv6 out is still not working for unclear reasons ]; }; @@ -81,6 +81,11 @@ }]; }; }; + + networking.nat.enable = true; + networking.nat.enableIPv6 = true; + networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; + networking.nat.externalInterface = "wg-protonvpn"; }; }; @@ -90,4 +95,16 @@ group = "systemd-network"; mode = "640"; }; + + # TODO: password-protect the proxy instead of relying on only listening over Tailscale + services.microsocks = { + enable = true; + port = 1080; + ip = "::"; + outgoingBindIp = "fc00::2"; + # authUsername = "testusername123"; + # authPasswordFile = pkgs.writeText "testpassword" "testpassworddonotuse"; + # execWrapper = "${lib.getExe pkgs.strace}"; + }; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1080 ]; } From f590432b7d2db0e180484c1d3a9f8eba4448e3a8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Jun 2025 12:02:05 +0100 Subject: [PATCH 400/438] yevaud/pennykettle: Further IPv6 fixes --- hosts/yevaud/experiments/pennykettle.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 77e6b23..3efd261 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -6,6 +6,11 @@ networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; networking.nat.externalInterface = "ens3"; networking.nat.forwardPorts = [ + { + sourcePort = 51821; + destination = "10.231.136.2:51821"; + proto = "udp"; + } { sourcePort = 51821; destination = "[fc00::2]:51821"; From 5df6e93ae35383745221c32a2cd585e3bf52dc53 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 17 Jun 2025 12:14:29 +0100 Subject: [PATCH 401/438] yevaud/pennykettle: Standardise port numbers and interface names --- hosts/yevaud/experiments/pennykettle.nix | 34 ++++++++++++------------ 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 3efd261..80395d3 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -3,25 +3,25 @@ { networking.nat.enable = true; networking.nat.enableIPv6 = true; - networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; + networking.nat.internalInterfaces = [ "ve-pennykettle" ]; networking.nat.externalInterface = "ens3"; networking.nat.forwardPorts = [ { - sourcePort = 51821; - destination = "10.231.136.2:51821"; + sourcePort = 51820; + destination = "10.231.136.2:51820"; proto = "udp"; } { - sourcePort = 51821; - destination = "[fc00::2]:51821"; + sourcePort = 51820; + destination = "[fc00::2]:51820"; proto = "udp"; } ]; - networking.firewall.allowedUDPPorts = [ 51821 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; - containers."pennykettle1" = { + containers."pennykettle" = { privateNetwork = true; - extraVeths."ve-pennykettle1" = { + extraVeths."ve-pennykettle" = { hostAddress = "10.231.136.1"; localAddress = "10.231.136.2"; hostAddress6 = "fc00::1"; @@ -29,7 +29,7 @@ }; ephemeral = true; autoStart = true; - bindMounts."/run/secrets/wg-key".hostPath = config.age.secrets.protonvpn-pennykettle1.path; + bindMounts."/run/secrets/wg-key".hostPath = config.age.secrets.protonvpn-pennykettle.path; config = { config, pkgs, ... }: { system.stateVersion = "24.05"; @@ -38,12 +38,12 @@ networking.useDHCP = false; networking.useHostResolvConf = false; - networking.firewall.allowedUDPPorts = [ 51821 ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; systemd.network = { enable = true; - networks."10-ve" = { - matchConfig.Name = "ve-pennykettle1"; + networks."10-ve-pennykettle" = { + matchConfig.Name = "ve-pennykettle"; networkConfig.Address = [ "10.231.136.2/24" "fc00::2/64" ]; linkConfig.RequiredForOnline = "yes"; routes = [{ @@ -52,7 +52,7 @@ }]; }; - networks."30-protonvpn" = { + networks."30-wg-protonvpn" = { matchConfig.Name = "wg-protonvpn"; networkConfig = { Address = [ "10.2.0.2/32" ]; @@ -68,14 +68,14 @@ ]; }; - netdevs."30-protonvpn" = { + netdevs."30-wg-protonvpn" = { netdevConfig = { Name = "wg-protonvpn"; Kind = "wireguard"; Description = "WireGuard tunnel to ProtonVPN (DE#1; NAT: strict, no port forwarding)"; }; wireguardConfig = { - ListenPort = 51821; + ListenPort = 51820; PrivateKeyFile = "/run/secrets/wg-key"; }; wireguardPeers = [{ @@ -89,12 +89,12 @@ networking.nat.enable = true; networking.nat.enableIPv6 = true; - networking.nat.internalInterfaces = [ "ve-pennykettle1" ]; + networking.nat.internalInterfaces = [ "ve-pennykettle" ]; networking.nat.externalInterface = "wg-protonvpn"; }; }; - age.secrets.protonvpn-pennykettle1 = { + age.secrets.protonvpn-pennykettle = { file = ../../../secrets/protonvpn-pennykettle1.age; owner = "root"; group = "systemd-network"; From 3c058d9b9aa0482c6ebf4559f255fa7322e5812a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Jun 2025 22:09:34 +0100 Subject: [PATCH 402/438] yevaud/pennykettle: Rewrite from scratch without networkd or microsocks --- hosts/yevaud/experiments/pennykettle.nix | 149 ++++++++--------------- 1 file changed, 50 insertions(+), 99 deletions(-) diff --git a/hosts/yevaud/experiments/pennykettle.nix b/hosts/yevaud/experiments/pennykettle.nix index 80395d3..7453219 100644 --- a/hosts/yevaud/experiments/pennykettle.nix +++ b/hosts/yevaud/experiments/pennykettle.nix @@ -1,115 +1,66 @@ { config, lib, pkgs, ... }: { - networking.nat.enable = true; - networking.nat.enableIPv6 = true; - networking.nat.internalInterfaces = [ "ve-pennykettle" ]; - networking.nat.externalInterface = "ens3"; - networking.nat.forwardPorts = [ - { - sourcePort = 51820; - destination = "10.231.136.2:51820"; - proto = "udp"; - } - { - sourcePort = 51820; - destination = "[fc00::2]:51820"; - proto = "udp"; - } - ]; networking.firewall.allowedUDPPorts = [ 51820 ]; + networking.firewall.interfaces."tailscale0".allowedTCPPorts = config.networking.firewall.allowedTCPPorts ++ [ 1080 ]; - containers."pennykettle" = { - privateNetwork = true; - extraVeths."ve-pennykettle" = { - hostAddress = "10.231.136.1"; - localAddress = "10.231.136.2"; - hostAddress6 = "fc00::1"; - localAddress6 = "fc00::2"; - }; - ephemeral = true; - autoStart = true; - bindMounts."/run/secrets/wg-key".hostPath = config.age.secrets.protonvpn-pennykettle.path; - - config = { config, pkgs, ... }: { - system.stateVersion = "24.05"; - systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; - environment.systemPackages = [ pkgs.wireguard-tools ]; - - networking.useDHCP = false; - networking.useHostResolvConf = false; - networking.firewall.allowedUDPPorts = [ 51820 ]; - systemd.network = { - enable = true; - - networks."10-ve-pennykettle" = { - matchConfig.Name = "ve-pennykettle"; - networkConfig.Address = [ "10.231.136.2/24" "fc00::2/64" ]; - linkConfig.RequiredForOnline = "yes"; - routes = [{ - Gateway = [ "10.231.136.1" "fc00::1" ]; - Destination = "217.138.216.162"; - }]; - }; - - networks."30-wg-protonvpn" = { - matchConfig.Name = "wg-protonvpn"; - networkConfig = { - Address = [ "10.2.0.2/32" ]; - DNS = "10.2.0.1"; - }; - linkConfig = { - RequiredForOnline = "yes"; - ActivationPolicy = "always-up"; - }; - routes = [ - { Gateway = [ "0.0.0.0" ]; } - { Gateway = [ "::" ]; } # TODO: ipv6 out is still not working for unclear reasons - ]; - }; - - netdevs."30-wg-protonvpn" = { - netdevConfig = { - Name = "wg-protonvpn"; - Kind = "wireguard"; - Description = "WireGuard tunnel to ProtonVPN (DE#1; NAT: strict, no port forwarding)"; - }; - wireguardConfig = { - ListenPort = 51820; - PrivateKeyFile = "/run/secrets/wg-key"; - }; - wireguardPeers = [{ - PublicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; - AllowedIPs = [ "0.0.0.0/0" "::/0" ]; - Endpoint = "217.138.216.162:51820"; - PersistentKeepalive = 5; - }]; - }; - }; - - networking.nat.enable = true; - networking.nat.enableIPv6 = true; - networking.nat.internalInterfaces = [ "ve-pennykettle" ]; - networking.nat.externalInterface = "wg-protonvpn"; - }; + environment.systemPackages = [ pkgs.wireguard-tools ]; + networking.wireguard.interfaces."wg-protonvpn" = { + ips = [ "10.2.0.2/32" ]; + peers = [{ + allowedIPs = [ "0.0.0.0/0" "::/0" ]; + endpoint = "217.138.216.162:51820"; + publicKey = "C+u+eQw5yWI2APCfVJwW6Ovj3g4IrTOfe+tMZnNz43s="; + }]; + privateKeyFile = config.age.secrets.protonvpn-pennykettle1.path; + listenPort = 51820; + table = "957851094"; # randomly generated }; - age.secrets.protonvpn-pennykettle = { + networking.localCommands = '' + ip rule add from 10.2.0.2/32 table 957851094 + ''; + networking.firewall.checkReversePath = "loose"; + + age.secrets.protonvpn-pennykettle1 = { file = ../../../secrets/protonvpn-pennykettle1.age; owner = "root"; group = "systemd-network"; mode = "640"; }; - # TODO: password-protect the proxy instead of relying on only listening over Tailscale - services.microsocks = { + services.dante = { enable = true; - port = 1080; - ip = "::"; - outgoingBindIp = "fc00::2"; - # authUsername = "testusername123"; - # authPasswordFile = pkgs.writeText "testpassword" "testpassworddonotuse"; - # execWrapper = "${lib.getExe pkgs.strace}"; + config = '' + debug: 2 + internal: tailscale0 + external: wg-protonvpn + + # auth/tls handled by tailscale + clientmethod: none + socksmethod: none + + # allow connections from tailscale + # "0/0" matches any v4 or v6 address + client pass { + from: 100.64.0.0/10 to: 0/0 + log: error connect disconnect + } + client pass { + from: fd7a:115c:a1e0::/48 to: 0/0 + log: error connect disconnect + } + + socks pass { + from: 0/0 to: 0/0 + protocol: tcp udp + log: error connect disconnect iooperation + } + ''; + }; + + systemd.services.dante = { + wants = [ "tailscaled-autoconnect.service" ]; + after = [ "tailscaled-autoconnect.service" ]; }; - networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1080 ]; } From 43273d4689e6825052a6ddda270951ffe560e39c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 24 Jun 2025 22:11:16 +0100 Subject: [PATCH 403/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/4835b1dc898959d8547a871ef484930675cb47f1' (2025-05-18) → 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf' (2025-06-17) • Updated input 'colmena': 'github:zhaofengli/colmena/58f1beb074881d7208def140af71b7864b6139e0' (2025-06-08) → 'github:zhaofengli/colmena/c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b' (2025-06-12) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/fe13e6abfe72b39ad8381595c3c404849330c3cb?dir=pkgs/firefox-addons' (2025-06-09) → 'gitlab:rycee/nur-expressions/aaaf4fec792bad465ea4a35c0be5bc2a54f33095?dir=pkgs/firefox-addons' (2025-06-24) • Updated input 'home-manager': 'github:nix-community/home-manager/7aae0ee71a17b19708b93b3ed448a1a0952bf111' (2025-06-05) → 'github:nix-community/home-manager/366f00797b1efb70f2882d3da485e3c10fd3d557' (2025-06-24) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/74d196c9943a67908d1883f61154e594d03863e5' (2025-06-09) → 'github:nix-community/home-manager/ff31a4677c1a8ae506aa7e003a3dba08cb203f82' (2025-06-24) • Updated input 'lix-module': 'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?narHash=sha256-11R4K3iAx4tLXjUs%2BhQ5K90JwDABD/XHhsM9nkeS5N8%3D&rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc' (2025-05-10) → 'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?narHash=sha256-EfA5K5EZAnspmraJrXQlziffVpaT%2BQDBiE6yKmuaNNQ%3D&rev=c3c78a32273e89d28367d8605a4c880f0b6607e3' (2025-06-24) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?narHash=sha256-hsFe4Tsqqg4l%2BFfQWphDtjC79WzNCZbEFhHI8j2KJzw%3D&rev=47aad376c87e2e65967f17099277428e4b3f8e5a' (2025-05-09) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?narHash=sha256-LmQhjQ7c%2BAOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw%3D&rev=38b358ce27203f972faa2973cf44ba80c758f46e' (2025-06-24) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/70c74b02eac46f4e4aa071e45a6189ce0f6d9265' (2025-06-06) → 'github:NixOS/nixpkgs/c7ab75210cb8cb16ddd8f290755d9558edde7ee1' (2025-06-22) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/2b41bf05854399433a852b438bb5392dc56cbaba' (2025-06-07) → 'github:NixOS/nixpkgs/a5e9291e97f5ba0b4ba7d657ddedd5f86d11acfd' (2025-06-24) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/3e3afe5174c561dee0df6f2c2b2236990146329f' (2025-06-07) → 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/0fc422d6c394191338c9d6a05786c63fc52a0f29' (2025-06-08) → 'github:NixOS/nixpkgs/4396a137499b6cc9f9fe9f3c266577bd52d455a4' (2025-06-24) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/3cc561e5c7c463785f0e79a518572afaa74c8377' (2025-06-09) → 'github:randomnetcat/nix-configs/1a2a536f5550c3b323e19f46d166340ad01745fd' (2025-06-24) --- flake.lock | 80 +++++++++++++++++++++++++++--------------------------- flake.nix | 2 +- 2 files changed, 41 insertions(+), 41 deletions(-) diff --git a/flake.lock b/flake.lock index f901e43..a70d4c4 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", "type": "github" }, "original": { @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1749409980, - "narHash": "sha256-I/Tvv5UN5DRYXTEy/+j7mYRsdoWQ+rCfrVoNEw0K/Ek=", + "lastModified": 1749739748, + "narHash": "sha256-csQQPoCA5iv+Nd9yCOCQNKflP7qUKEe7D27wsz+LPKM=", "owner": "zhaofengli", "repo": "colmena", - "rev": "58f1beb074881d7208def140af71b7864b6139e0", + "rev": "c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1749441800, - "narHash": "sha256-bN4tccrmczfR4PUuepHpxNNmWG3cLZTFIt4BaD8YyvA=", + "lastModified": 1750737804, + "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fe13e6abfe72b39ad8381595c3c404849330c3cb", + "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", "type": "gitlab" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1749154018, - "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=", + "lastModified": 1750792728, + "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", "owner": "nix-community", "repo": "home-manager", - "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111", + "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1749483884, - "narHash": "sha256-HdyfdVx0NbgrVtLY4lXdX9X/YE3PZjGZFnSyoAy1GJc=", + "lastModified": 1750798083, + "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", "owner": "nix-community", "repo": "home-manager", - "rev": "74d196c9943a67908d1883f61154e594d03863e5", + "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", "type": "github" }, "original": { @@ -180,15 +180,15 @@ "lix": { "flake": false, "locked": { - "lastModified": 1746827285, - "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=", - "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a", + "lastModified": 1750762203, + "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", + "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?rev=38b358ce27203f972faa2973cf44ba80c758f46e" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" } }, "lix-module": { @@ -201,24 +201,24 @@ ] }, "locked": { - "lastModified": 1746838955, - "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=", - "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc", + "lastModified": 1750776670, + "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", + "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?rev=c3c78a32273e89d28367d8605a4c880f0b6607e3" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz" } }, "nixpkgs": { "locked": { - "lastModified": 1749237914, - "narHash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=", + "lastModified": 1750622754, + "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70c74b02eac46f4e4aa071e45a6189ce0f6d9265", + "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1749330319, - "narHash": "sha256-5UnNMREFRBA2UHakpk2naiCvZCW0LtZ5GMzl3u9V9HA=", + "lastModified": 1750784235, + "narHash": "sha256-IYCCkKerO3lMUcMaDRLfwnfyPopQbGWF8iHRd0XcCBc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2b41bf05854399433a852b438bb5392dc56cbaba", + "rev": "a5e9291e97f5ba0b4ba7d657ddedd5f86d11acfd", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1749285348, - "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=", + "lastModified": 1750506804, + "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f", + "rev": "4206c4cb56751df534751b058295ea61357bbbaa", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1749411262, - "narHash": "sha256-gRBkeW9l5lb/90lv1waQFNT+18OhITs11HENarh6vNo=", + "lastModified": 1750776346, + "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0fc422d6c394191338c9d6a05786c63fc52a0f29", + "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1749435035, - "narHash": "sha256-hgkMTlwU1HGcGcP6Z8vuMupIBOZxqy2bX60TusJEnJA=", + "lastModified": 1750730821, + "narHash": "sha256-U5uW9mRSuA2dRaOyswmz2I0fUVQbGRSZROXIe2WKS+8=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "3cc561e5c7c463785f0e79a518572afaa74c8377", + "rev": "1a2a536f5550c3b323e19f46d166340ad01745fd", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 3fcba00..73fe576 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ lix-module = { # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 094812e6f1b69d25e2a78f7c440265cdb5e1cf2f Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Jun 2025 01:14:11 +0100 Subject: [PATCH 404/438] kilgharrah: Install libdvdcss --- hosts/kilgharrah/hardware.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 89c6b59..0583c64 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -38,6 +38,7 @@ withBDplus = true; }); }).overrideAttrs (originalAttrs: { + buildInputs = originalAttrs.buildInputs ++ [ pkgs.libdvdcss ]; # TODO: nixpkgs bug: libbluray needs patching to look at the nix store path of jdk17 when searching for a jdk # as a workaround, wrap vlc and set JAVA_HOME, which it uses instead of searching when specified nativeBuildInputs = originalAttrs.nativeBuildInputs ++ [ pkgs.makeWrapper ]; From fa61c1523b6e4c4e1af29c3c1375a306671534f4 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 25 Jun 2025 01:14:54 +0100 Subject: [PATCH 405/438] boot: Enable resolved/DNS-over-TLS --- common/boot.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/common/boot.nix b/common/boot.nix index eb99def..1eb8089 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -10,4 +10,13 @@ in systemd-boot.memtest86.enable = mkIf config.nixpkgs.hostPlatform.isx86 true; efi.canTouchEfiVariables = true; }; + + services.resolved = { + enable = true; + fallbackDns = [ ]; + dnsovertls = "true"; + extraConfig = '' + DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net + ''; + }; } From a2862c099470689b0aa805b2e10ca80b0b90e099 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 30 Jun 2025 14:12:15 +0100 Subject: [PATCH 406/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b' (2025-06-12) → 'github:zhaofengli/colmena/3ceec72cfb396a8a8de5fe96a9d75a9ce88cc18e' (2025-06-28) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/aaaf4fec792bad465ea4a35c0be5bc2a54f33095?dir=pkgs/firefox-addons' (2025-06-24) → 'gitlab:rycee/nur-expressions/fa40d85b15cbfb1a488ef9a119ff2d40a481c8da?dir=pkgs/firefox-addons' (2025-06-30) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/ff31a4677c1a8ae506aa7e003a3dba08cb203f82' (2025-06-24) → 'github:nix-community/home-manager/f6deff178cc4d6049d30785dbfc831e6c6e3a219' (2025-06-29) • Updated input 'lix-module': 'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?narHash=sha256-EfA5K5EZAnspmraJrXQlziffVpaT%2BQDBiE6yKmuaNNQ%3D&rev=c3c78a32273e89d28367d8605a4c880f0b6607e3' (2025-06-24) → 'https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?narHash=sha256-SXUAlxpjPRkArRMHy5%2BHdi%2BPiC%2BND9yzzIjiaHmTvQU%3D&rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02' (2025-06-29) • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?narHash=sha256-LmQhjQ7c%2BAOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw%3D&rev=38b358ce27203f972faa2973cf44ba80c758f46e' (2025-06-24) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?narHash=sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43%2BYI%3D&rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6' (2025-06-29) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/c7ab75210cb8cb16ddd8f290755d9558edde7ee1' (2025-06-22) → 'github:NixOS/nixpkgs/b43c397f6c213918d6cfe6e3550abfe79b5d1c51' (2025-06-29) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/a5e9291e97f5ba0b4ba7d657ddedd5f86d11acfd' (2025-06-24) → 'github:NixOS/nixpkgs/e410afb41ba16a2ceeaeff85c536d35f10bbbdcf' (2025-06-29) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/4206c4cb56751df534751b058295ea61357bbbaa' (2025-06-21) → 'github:NixOS/nixpkgs/30e2e2857ba47844aa71991daa6ed1fc678bcbb7' (2025-06-27) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/4396a137499b6cc9f9fe9f3c266577bd52d455a4' (2025-06-24) → 'github:NixOS/nixpkgs/cbb0f33478508488b2affe24a939dae57cb5a157' (2025-06-30) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/1a2a536f5550c3b323e19f46d166340ad01745fd' (2025-06-24) → 'github:randomnetcat/nix-configs/09459a091c79ead8efe75735da4f784f272e0f48' (2025-06-30) --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- flake.nix | 2 +- 2 files changed, 34 insertions(+), 34 deletions(-) diff --git a/flake.lock b/flake.lock index a70d4c4..073b9f3 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1749739748, - "narHash": "sha256-csQQPoCA5iv+Nd9yCOCQNKflP7qUKEe7D27wsz+LPKM=", + "lastModified": 1751144689, + "narHash": "sha256-cgIntaqhcm62V1KU6GmrAGpHpahT4UExEWW2ryS02ZU=", "owner": "zhaofengli", "repo": "colmena", - "rev": "c61641b156dfa3e82fc0671e77fccf7d7ccfaa3b", + "rev": "3ceec72cfb396a8a8de5fe96a9d75a9ce88cc18e", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1750737804, - "narHash": "sha256-wClGd2PhxdjjphR6wIgoiDcR+Gfg4/+FyseSOjIIzVU=", + "lastModified": 1751256218, + "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", "owner": "rycee", "repo": "nur-expressions", - "rev": "aaaf4fec792bad465ea4a35c0be5bc2a54f33095", + "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", "type": "gitlab" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1750798083, - "narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=", + "lastModified": 1751239699, + "narHash": "sha256-zA1uUdAq3c26fHm26xMWMuF5COhI18EzaH7az/P2OWM=", "owner": "nix-community", "repo": "home-manager", - "rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82", + "rev": "f6deff178cc4d6049d30785dbfc831e6c6e3a219", "type": "github" }, "original": { @@ -180,11 +180,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1750762203, - "narHash": "sha256-LmQhjQ7c+AOkwhvR9GFgJOy8oHW35MoQRELtrwyVnPw=", - "rev": "38b358ce27203f972faa2973cf44ba80c758f46e", + "lastModified": 1751235704, + "narHash": "sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43+YI=", + "rev": "1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/38b358ce27203f972faa2973cf44ba80c758f46e.tar.gz?rev=38b358ce27203f972faa2973cf44ba80c758f46e" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6" }, "original": { "type": "tarball", @@ -201,24 +201,24 @@ ] }, "locked": { - "lastModified": 1750776670, - "narHash": "sha256-EfA5K5EZAnspmraJrXQlziffVpaT+QDBiE6yKmuaNNQ=", - "rev": "c3c78a32273e89d28367d8605a4c880f0b6607e3", + "lastModified": 1751240025, + "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=", + "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/c3c78a32273e89d28367d8605a4c880f0b6607e3.tar.gz?rev=c3c78a32273e89d28367d8605a4c880f0b6607e3" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz" } }, "nixpkgs": { "locked": { - "lastModified": 1750622754, - "narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=", + "lastModified": 1751211869, + "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7ab75210cb8cb16ddd8f290755d9558edde7ee1", + "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1750784235, - "narHash": "sha256-IYCCkKerO3lMUcMaDRLfwnfyPopQbGWF8iHRd0XcCBc=", + "lastModified": 1751230698, + "narHash": "sha256-ANWE9dHPeACz3SIbUhbWZforTgfAvOS5Tg1l4yYa/B0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a5e9291e97f5ba0b4ba7d657ddedd5f86d11acfd", + "rev": "e410afb41ba16a2ceeaeff85c536d35f10bbbdcf", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1750506804, - "narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=", + "lastModified": 1751011381, + "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4206c4cb56751df534751b058295ea61357bbbaa", + "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1750776346, - "narHash": "sha256-sWw7gz2B02fHQkmPSutVcoawLuiPT0hpztL0ldCnIy0=", + "lastModified": 1751247197, + "narHash": "sha256-QSX8/v7sbRO/vX/1Cdb+ZI17bH+5EpnFi9OcfODNpgA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4396a137499b6cc9f9fe9f3c266577bd52d455a4", + "rev": "cbb0f33478508488b2affe24a939dae57cb5a157", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1750730821, - "narHash": "sha256-U5uW9mRSuA2dRaOyswmz2I0fUVQbGRSZROXIe2WKS+8=", + "lastModified": 1751261560, + "narHash": "sha256-IrT1jAtRE1BiwEQtqU+PyvwnE08mrf8xeIdGxDIE2zs=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "1a2a536f5550c3b323e19f46d166340ad01745fd", + "rev": "09459a091c79ead8efe75735da4f784f272e0f48", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 73fe576..abbfa7c 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ lix-module = { # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; From 873adbaaec9861601c3f76ac4157a646e5a36df2 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 11 Jul 2025 16:23:29 +0100 Subject: [PATCH 407/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/3ceec72cfb396a8a8de5fe96a9d75a9ce88cc18e' (2025-06-28) → 'github:zhaofengli/colmena/f560ed613a568aee178576b21c6818ef50819ca5' (2025-07-09) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/fa40d85b15cbfb1a488ef9a119ff2d40a481c8da?dir=pkgs/firefox-addons' (2025-06-30) → 'gitlab:rycee/nur-expressions/680d0ba892443d95ad1afdc523686573111e6c1a?dir=pkgs/firefox-addons' (2025-07-11) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569' (2025-06-08) → 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5' (2025-07-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/656a64127e9d791a334452c6b6606d17539476e2' (2025-06-01) → 'github:nix-community/nixpkgs.lib/14a40a1d7fb9afa4739275ac642ed7301a9ba1ab' (2025-06-29) • Updated input 'home-manager': 'github:nix-community/home-manager/366f00797b1efb70f2882d3da485e3c10fd3d557' (2025-06-24) → 'github:nix-community/home-manager/c6a01e54af81b381695db796a43360bf6db5702f' (2025-07-11) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/f6deff178cc4d6049d30785dbfc831e6c6e3a219' (2025-06-29) → 'github:nix-community/home-manager/e90b28967cacc64de7fb8742314ed0d7d12f47c6' (2025-07-11) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b43c397f6c213918d6cfe6e3550abfe79b5d1c51' (2025-06-29) → 'github:NixOS/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203' (2025-07-08) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/e410afb41ba16a2ceeaeff85c536d35f10bbbdcf' (2025-06-29) → 'github:NixOS/nixpkgs/0d81cd273efaaca0aa5c9685a462c6b91fc704fd' (2025-07-10) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/30e2e2857ba47844aa71991daa6ed1fc678bcbb7' (2025-06-27) → 'github:NixOS/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/cbb0f33478508488b2affe24a939dae57cb5a157' (2025-06-30) → 'github:NixOS/nixpkgs/1bd4d0d4a678d48b63eb18f457d74df2fcee6c69' (2025-07-11) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/09459a091c79ead8efe75735da4f784f272e0f48' (2025-06-30) → 'github:randomnetcat/nix-configs/36ec1db331a6fd39e1f9d8ee3ef36d887fe1e2d1' (2025-07-11) --- flake.lock | 66 +++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/flake.lock b/flake.lock index 073b9f3..72b0b18 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1751144689, - "narHash": "sha256-cgIntaqhcm62V1KU6GmrAGpHpahT4UExEWW2ryS02ZU=", + "lastModified": 1752070778, + "narHash": "sha256-2ArxrGPb39YxeyMgEzFX/YiUwwOgz62qazHhYJnZQss=", "owner": "zhaofengli", "repo": "colmena", - "rev": "3ceec72cfb396a8a8de5fe96a9d75a9ce88cc18e", + "rev": "f560ed613a568aee178576b21c6818ef50819ca5", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1751256218, - "narHash": "sha256-WC1YSV4lFT41AaEhpiQZRuofe+2WLI9PNuuqgdRmjVM=", + "lastModified": 1752206617, + "narHash": "sha256-/Pu0pBOI3hsg3eIK6AsQ6kwvONqE2b1b/zOz06ePJKE=", "owner": "rycee", "repo": "nur-expressions", - "rev": "fa40d85b15cbfb1a488ef9a119ff2d40a481c8da", + "rev": "680d0ba892443d95ad1afdc523686573111e6c1a", "type": "gitlab" }, "original": { @@ -75,11 +75,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1749398372, - "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "lastModified": 1751413152, + "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1750792728, - "narHash": "sha256-Lh3dopA8DdY+ZoaAJPrtkZOZaFEJGSYjOdAYYgOPgE4=", + "lastModified": 1752208517, + "narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=", "owner": "nix-community", "repo": "home-manager", - "rev": "366f00797b1efb70f2882d3da485e3c10fd3d557", + "rev": "c6a01e54af81b381695db796a43360bf6db5702f", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1751239699, - "narHash": "sha256-zA1uUdAq3c26fHm26xMWMuF5COhI18EzaH7az/P2OWM=", + "lastModified": 1752246954, + "narHash": "sha256-c1Rq5Hc4WZLKj1RkmjLFCcX4QHBwrL+DIZNMEHno7DU=", "owner": "nix-community", "repo": "home-manager", - "rev": "f6deff178cc4d6049d30785dbfc831e6c6e3a219", + "rev": "e90b28967cacc64de7fb8742314ed0d7d12f47c6", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751211869, - "narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=", + "lastModified": 1751943650, + "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51", + "rev": "88983d4b665fb491861005137ce2b11a9f89f203", "type": "github" }, "original": { @@ -230,11 +230,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1748740939, - "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "lastModified": 1751159883, + "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1751230698, - "narHash": "sha256-ANWE9dHPeACz3SIbUhbWZforTgfAvOS5Tg1l4yYa/B0=", + "lastModified": 1752140043, + "narHash": "sha256-TPZMmQNsGdsZcsTz+MbunpJ2k1H/IIrOUFhRhggVjCI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e410afb41ba16a2ceeaeff85c536d35f10bbbdcf", + "rev": "0d81cd273efaaca0aa5c9685a462c6b91fc704fd", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1751011381, - "narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=", + "lastModified": 1751984180, + "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7", + "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1751247197, - "narHash": "sha256-QSX8/v7sbRO/vX/1Cdb+ZI17bH+5EpnFi9OcfODNpgA=", + "lastModified": 1752206449, + "narHash": "sha256-NVAbC/s4CupABWGXF8M9mDiVw/n0YCftxwc1KatVjDk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cbb0f33478508488b2affe24a939dae57cb5a157", + "rev": "1bd4d0d4a678d48b63eb18f457d74df2fcee6c69", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1751261560, - "narHash": "sha256-IrT1jAtRE1BiwEQtqU+PyvwnE08mrf8xeIdGxDIE2zs=", + "lastModified": 1752199904, + "narHash": "sha256-gyBZSXxgbq2HLJ8xWn52rF75EaydPn/1NUAqR/+KGpY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "09459a091c79ead8efe75735da4f784f272e0f48", + "rev": "36ec1db331a6fd39e1f9d8ee3ef36d887fe1e2d1", "type": "github" }, "original": { From 0ecedcf56e310456d87073cdb16b4c6a2f2f7576 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 12 Jul 2025 20:45:15 +0100 Subject: [PATCH 408/438] actual: Use package from unstable --- services/actual.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/actual.nix b/services/actual.nix index 3a006ea..36a2d33 100644 --- a/services/actual.nix +++ b/services/actual.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, inputs, ... }: let inherit (lib) mkIf mkOption mkEnableOption types; @@ -28,6 +28,10 @@ in services.actual = { enable = true; + # nixos 25.05 is on actual-server 25.6.1 which contains an annoying bug + # nixpkgs maintainers declined to backport a newer version, so get this from unstable for now + # ref. https://github.com/NixOS/nixpkgs/issues/423541 + package = (import inputs.nixpkgs-unstable-small { system = "x86_64-linux"; }).actual-server; settings.port = 5006; }; }; From 804494ddb3a6f41a3600c1bf3e8f2f522e971e4c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sat, 12 Jul 2025 20:46:11 +0100 Subject: [PATCH 409/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/f560ed613a568aee178576b21c6818ef50819ca5' (2025-07-09) → 'github:zhaofengli/colmena/d2beb694d54db653399b8597c0f6e15e20b26405' (2025-07-12) • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/680d0ba892443d95ad1afdc523686573111e6c1a?dir=pkgs/firefox-addons' (2025-07-11) → 'gitlab:rycee/nur-expressions/bf437c46b2b92baa4a0d3341c27b25fcfa285ec0?dir=pkgs/firefox-addons' (2025-07-12) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/e90b28967cacc64de7fb8742314ed0d7d12f47c6' (2025-07-11) → 'github:nix-community/home-manager/ea24675e4f4f4c494ccb04f6645db2a394d348ee' (2025-07-12) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/88983d4b665fb491861005137ce2b11a9f89f203' (2025-07-08) → 'github:NixOS/nixpkgs/10e687235226880ed5e9f33f1ffa71fe60f2638a' (2025-07-10) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/0d81cd273efaaca0aa5c9685a462c6b91fc704fd' (2025-07-10) → 'github:NixOS/nixpkgs/739c8f530a2c5e0b9eefc8019d201654264cb974' (2025-07-11) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1bd4d0d4a678d48b63eb18f457d74df2fcee6c69' (2025-07-11) → 'github:NixOS/nixpkgs/d3807bc34e7d086b4754e1c842505570e23f9d01' (2025-07-12) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/36ec1db331a6fd39e1f9d8ee3ef36d887fe1e2d1' (2025-07-11) → 'github:randomnetcat/nix-configs/8d3718931bbc5cd9bf6b4acfbbdd6925f119c179' (2025-07-12) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 72b0b18..98047af 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1752070778, - "narHash": "sha256-2ArxrGPb39YxeyMgEzFX/YiUwwOgz62qazHhYJnZQss=", + "lastModified": 1752287590, + "narHash": "sha256-U1IqFnxlgCRrPaeT5IGCdH0j9CNLPFcI/fRAidi0aDQ=", "owner": "zhaofengli", "repo": "colmena", - "rev": "f560ed613a568aee178576b21c6818ef50819ca5", + "rev": "d2beb694d54db653399b8597c0f6e15e20b26405", "type": "github" }, "original": { @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752206617, - "narHash": "sha256-/Pu0pBOI3hsg3eIK6AsQ6kwvONqE2b1b/zOz06ePJKE=", + "lastModified": 1752292998, + "narHash": "sha256-ybCnRdrK49s7xgsaWLuabM/FC5ociZrMkSmzNE119Os=", "owner": "rycee", "repo": "nur-expressions", - "rev": "680d0ba892443d95ad1afdc523686573111e6c1a", + "rev": "bf437c46b2b92baa4a0d3341c27b25fcfa285ec0", "type": "gitlab" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1752246954, - "narHash": "sha256-c1Rq5Hc4WZLKj1RkmjLFCcX4QHBwrL+DIZNMEHno7DU=", + "lastModified": 1752348734, + "narHash": "sha256-w3s5y+9Nn0oKUk6yS77YG1iRSizNStxqhEsgIlJKRtw=", "owner": "nix-community", "repo": "home-manager", - "rev": "e90b28967cacc64de7fb8742314ed0d7d12f47c6", + "rev": "ea24675e4f4f4c494ccb04f6645db2a394d348ee", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751943650, - "narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=", + "lastModified": 1752162966, + "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88983d4b665fb491861005137ce2b11a9f89f203", + "rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1752140043, - "narHash": "sha256-TPZMmQNsGdsZcsTz+MbunpJ2k1H/IIrOUFhRhggVjCI=", + "lastModified": 1752244816, + "narHash": "sha256-xi2uQTCjKev5kzfhLFMrOoCPBYnePmvRWtpCVKP4o94=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0d81cd273efaaca0aa5c9685a462c6b91fc704fd", + "rev": "739c8f530a2c5e0b9eefc8019d201654264cb974", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1752206449, - "narHash": "sha256-NVAbC/s4CupABWGXF8M9mDiVw/n0YCftxwc1KatVjDk=", + "lastModified": 1752298176, + "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1bd4d0d4a678d48b63eb18f457d74df2fcee6c69", + "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1752199904, - "narHash": "sha256-gyBZSXxgbq2HLJ8xWn52rF75EaydPn/1NUAqR/+KGpY=", + "lastModified": 1752307483, + "narHash": "sha256-84dSpidztRZ7eY6bDdrt7616Za0qMHpiATI0nUHoH9U=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "36ec1db331a6fd39e1f9d8ee3ef36d887fe1e2d1", + "rev": "8d3718931bbc5cd9bf6b4acfbbdd6925f119c179", "type": "github" }, "original": { From 01c1df0fcb72b6c2a4034af30c6af4b449bb0779 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 14 Jul 2025 15:11:57 +0100 Subject: [PATCH 410/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/bf437c46b2b92baa4a0d3341c27b25fcfa285ec0?dir=pkgs/firefox-addons' (2025-07-12) → 'gitlab:rycee/nur-expressions/51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7?dir=pkgs/firefox-addons' (2025-07-13) • Updated input 'home-manager': 'github:nix-community/home-manager/c6a01e54af81b381695db796a43360bf6db5702f' (2025-07-11) → 'github:nix-community/home-manager/c26266790678863cce8e7460fdbf0d80991b1906' (2025-07-13) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/ea24675e4f4f4c494ccb04f6645db2a394d348ee' (2025-07-12) → 'github:nix-community/home-manager/1e54837569e0b80797c47be4720fab19e0db1616' (2025-07-14) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/10e687235226880ed5e9f33f1ffa71fe60f2638a' (2025-07-10) → 'github:NixOS/nixpkgs/650e572363c091045cdbc5b36b0f4c1f614d3058' (2025-07-12) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/739c8f530a2c5e0b9eefc8019d201654264cb974' (2025-07-11) → 'github:NixOS/nixpkgs/dfcd5b901dbab46c9c6e80b265648481aafb01f8' (2025-07-13) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/d3807bc34e7d086b4754e1c842505570e23f9d01' (2025-07-12) → 'github:NixOS/nixpkgs/2f21cef1d1dc734a2dd89f535427cf291aebc8ef' (2025-07-14) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/8d3718931bbc5cd9bf6b4acfbbdd6925f119c179' (2025-07-12) → 'github:randomnetcat/nix-configs/ecb7abdd7d477b7d45942e9d0a9faa32fff6ee4a' (2025-07-14) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 98047af..a8e07a7 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752292998, - "narHash": "sha256-ybCnRdrK49s7xgsaWLuabM/FC5ociZrMkSmzNE119Os=", + "lastModified": 1752379414, + "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", "owner": "rycee", "repo": "nur-expressions", - "rev": "bf437c46b2b92baa4a0d3341c27b25fcfa285ec0", + "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", "type": "gitlab" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1752208517, - "narHash": "sha256-aRY1cYOdVdXdNjcL/Twpa27CknO7pVHxooPsBizDraE=", + "lastModified": 1752391422, + "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", "owner": "nix-community", "repo": "home-manager", - "rev": "c6a01e54af81b381695db796a43360bf6db5702f", + "rev": "c26266790678863cce8e7460fdbf0d80991b1906", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1752348734, - "narHash": "sha256-w3s5y+9Nn0oKUk6yS77YG1iRSizNStxqhEsgIlJKRtw=", + "lastModified": 1752467539, + "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", "owner": "nix-community", "repo": "home-manager", - "rev": "ea24675e4f4f4c494ccb04f6645db2a394d348ee", + "rev": "1e54837569e0b80797c47be4720fab19e0db1616", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752162966, - "narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=", + "lastModified": 1752308619, + "narHash": "sha256-pzrVLKRQNPrii06Rm09Q0i0dq3wt2t2pciT/GNq5EZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a", + "rev": "650e572363c091045cdbc5b36b0f4c1f614d3058", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1752244816, - "narHash": "sha256-xi2uQTCjKev5kzfhLFMrOoCPBYnePmvRWtpCVKP4o94=", + "lastModified": 1752436162, + "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "739c8f530a2c5e0b9eefc8019d201654264cb974", + "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1752298176, - "narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=", + "lastModified": 1752467518, + "narHash": "sha256-7SSvjNlM5ZsFZMP7Nw2uUa7EKYhB6Ny9iNtxtPPhWYY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3807bc34e7d086b4754e1c842505570e23f9d01", + "rev": "2f21cef1d1dc734a2dd89f535427cf291aebc8ef", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1752307483, - "narHash": "sha256-84dSpidztRZ7eY6bDdrt7616Za0qMHpiATI0nUHoH9U=", + "lastModified": 1752459679, + "narHash": "sha256-04RW8nDT5ftTLfbY3gTdHcV5moJjzbJF710XekAaCcw=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "8d3718931bbc5cd9bf6b4acfbbdd6925f119c179", + "rev": "ecb7abdd7d477b7d45942e9d0a9faa32fff6ee4a", "type": "github" }, "original": { From 5c2b7f301eb43844efd667362c388fb2e42c2b1e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 12:00:28 +0100 Subject: [PATCH 411/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'firefox-addons': 'gitlab:rycee/nur-expressions/51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7?dir=pkgs/firefox-addons' (2025-07-13) → 'gitlab:rycee/nur-expressions/a38f383959d8bf0c1d5d555469a4c63c4632701f?dir=pkgs/firefox-addons' (2025-07-22) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/77826244401ea9de6e3bac47c2db46005e1f30b5' (2025-07-01) → 'github:hercules-ci/flake-parts/644e0fc48951a860279da645ba77fe4a6e814c5e' (2025-07-21) • Updated input 'home-manager': 'github:nix-community/home-manager/c26266790678863cce8e7460fdbf0d80991b1906' (2025-07-13) → 'github:nix-community/home-manager/adf195f021a8cbb0c317f75b52e96c82616526f9' (2025-07-20) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/1e54837569e0b80797c47be4720fab19e0db1616' (2025-07-14) → 'github:nix-community/home-manager/847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc' (2025-07-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/650e572363c091045cdbc5b36b0f4c1f614d3058' (2025-07-12) → 'github:NixOS/nixpkgs/92c2e04a475523e723c67ef872d8037379073681' (2025-07-21) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/dfcd5b901dbab46c9c6e80b265648481aafb01f8' (2025-07-13) → 'github:NixOS/nixpkgs/4978f362d3ecc18c2b111f46a65467a0e07ef923' (2025-07-21) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/9807714d6944a957c2e036f84b0ff8caf9930bc0' (2025-07-08) → 'github:NixOS/nixpkgs/c87b95e25065c028d31a94f06a62927d18763fdf' (2025-07-19) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/2f21cef1d1dc734a2dd89f535427cf291aebc8ef' (2025-07-14) → 'github:NixOS/nixpkgs/91b279d8c68718659084298ea287c73b5bf6df2c' (2025-07-21) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/ecb7abdd7d477b7d45942e9d0a9faa32fff6ee4a' (2025-07-14) → 'github:randomnetcat/nix-configs/a0363249f2d195f2c1a703981ae8a8703a7ec274' (2025-07-20) --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index a8e07a7..603a35d 100644 --- a/flake.lock +++ b/flake.lock @@ -55,11 +55,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1752379414, - "narHash": "sha256-0R3slhrjrnzyxR/fAYy5UliZvSgaVS38YCESBdH5RJw=", + "lastModified": 1753157005, + "narHash": "sha256-fTdJ2yYjR8O3kEWsveBGu/d8ilEFxVnGkF4wS3N1Was=", "owner": "rycee", "repo": "nur-expressions", - "rev": "51e77bb95540b7dd6c60f8fd65a0c472a2c9c3b7", + "rev": "a38f383959d8bf0c1d5d555469a4c63c4632701f", "type": "gitlab" }, "original": { @@ -75,11 +75,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1751413152, - "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=", + "lastModified": 1753121425, + "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5", + "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1752391422, - "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=", + "lastModified": 1753055804, + "narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=", "owner": "nix-community", "repo": "home-manager", - "rev": "c26266790678863cce8e7460fdbf0d80991b1906", + "rev": "adf195f021a8cbb0c317f75b52e96c82616526f9", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1752467539, - "narHash": "sha256-4kaR+xmng9YPASckfvIgl5flF/1nAZOplM+Wp9I5SMI=", + "lastModified": 1753180535, + "narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=", "owner": "nix-community", "repo": "home-manager", - "rev": "1e54837569e0b80797c47be4720fab19e0db1616", + "rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc", "type": "github" }, "original": { @@ -214,11 +214,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1752308619, - "narHash": "sha256-pzrVLKRQNPrii06Rm09Q0i0dq3wt2t2pciT/GNq5EZQ=", + "lastModified": 1753115646, + "narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "650e572363c091045cdbc5b36b0f4c1f614d3058", + "rev": "92c2e04a475523e723c67ef872d8037379073681", "type": "github" }, "original": { @@ -245,11 +245,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1752436162, - "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=", + "lastModified": 1753118650, + "narHash": "sha256-3qGG9hzkSE6Sc97iC1US7xKucFO5WgxVXHCd8Dswxnc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8", + "rev": "4978f362d3ecc18c2b111f46a65467a0e07ef923", "type": "github" }, "original": { @@ -261,11 +261,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", + "lastModified": 1752950548, + "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", "type": "github" }, "original": { @@ -277,11 +277,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1752467518, - "narHash": "sha256-7SSvjNlM5ZsFZMP7Nw2uUa7EKYhB6Ny9iNtxtPPhWYY=", + "lastModified": 1753088943, + "narHash": "sha256-cIyYVyDTSR6K3+xUGvEO3GAtBsdBhBcDALqHK50QEIQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2f21cef1d1dc734a2dd89f535427cf291aebc8ef", + "rev": "91b279d8c68718659084298ea287c73b5bf6df2c", "type": "github" }, "original": { @@ -317,11 +317,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1752459679, - "narHash": "sha256-04RW8nDT5ftTLfbY3gTdHcV5moJjzbJF710XekAaCcw=", + "lastModified": 1752978528, + "narHash": "sha256-yO7UD0B9NP10znETLXF00ccYMFFOWVVzILhrnx7rreY=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "ecb7abdd7d477b7d45942e9d0a9faa32fff6ee4a", + "rev": "a0363249f2d195f2c1a703981ae8a8703a7ec274", "type": "github" }, "original": { From 631c61e53d3e46325320fccd79f71b24ff983d28 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 12:00:39 +0100 Subject: [PATCH 412/438] qenya: install 1Password --- home/qenya/firefox.nix | 1 + home/qenya/packages.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 603208a..216a0f4 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -11,6 +11,7 @@ in profiles.default = { extensions.packages = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ + onepassword-password-manager bitwarden ublock-origin ]; diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index df281b6..5b338e3 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -21,6 +21,7 @@ in cowsay lolcat ] ++ optionals isGraphical [ + _1password-gui bitwarden discord gimp-with-plugins From 3dbfd4d03b28b6482c0b6b5e37f9e15553b1a223 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 12:14:53 +0100 Subject: [PATCH 413/438] flake: Use Lix 2.93.3 prerelease MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'lix-module/lix': 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?narHash=sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43%2BYI%3D&rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6' (2025-06-29) → 'git+https://git.lix.systems/lix-project/lix?ref=release-2.93&rev=dc6d5962a57659b4f54ebdf0c8676847bd80212a' (2025-07-20) --- flake.lock | 12 +++++++----- flake.nix | 6 ++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 603a35d..1bc273a 100644 --- a/flake.lock +++ b/flake.lock @@ -180,11 +180,13 @@ "lix": { "flake": false, "locked": { - "lastModified": 1751235704, - "narHash": "sha256-J4ycLoXHPsoBoQtEXFCelL4xlq5pT8U9tNWNKm43+YI=", - "rev": "1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6.tar.gz?rev=1d7368585eebaa2c4bdbcb88fe600cfb2239b2c6" + "lastModified": 1753042913, + "narHash": "sha256-qJbb3maOuWoQPI1cN1w1ha/ks+gxGWWr75GCNQjsaeo=", + "ref": "release-2.93", + "rev": "dc6d5962a57659b4f54ebdf0c8676847bd80212a", + "revCount": 17880, + "type": "git", + "url": "https://git.lix.systems/lix-project/lix" }, "original": { "type": "tarball", diff --git a/flake.nix b/flake.nix index abbfa7c..0298a96 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,12 @@ # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; + # Temporary: use 2.93 release branch until 2.93.3 is released + # see bug: https://git.lix.systems/lix-project/lix/issues/917 + inputs.lix = { + url = "git+https://git.lix.systems/lix-project/lix?ref=release-2.93"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; home-manager = { From 89d7d24070ac0f3caebac3712ec08b969101b687 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 14:56:36 +0100 Subject: [PATCH 414/438] qenya: Temporarily uninstall GIMP I can't be arsed to work around this until it's fixed: https://github.com/NixOS/nixpkgs/issues/427155 --- home/qenya/packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 5b338e3..7dd0414 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -24,7 +24,8 @@ in _1password-gui bitwarden discord - gimp-with-plugins + # https://github.com/NixOS/nixpkgs/issues/427155 + # gimp-with-plugins jellyfin-media-player tor-browser-bundle-bin zoom-us From 37d27286185c0f754d2b33e65af315e526d7e798 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 15:32:35 +0100 Subject: [PATCH 415/438] qenya/firefox: Install extensions via policies rather than rycee's repo --- home/qenya/firefox.nix | 44 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 216a0f4..13872ee 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -9,13 +9,45 @@ in enable = true; languagePacks = [ "en-GB" ]; - profiles.default = { - extensions.packages = with inputs.firefox-addons.packages.${pkgs.hostPlatform.system}; [ - onepassword-password-manager - bitwarden - ublock-origin - ]; + policies = { + ExtensionSettings = { + # uBlock Origin + "uBlock0@raymondhill.net" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; + installation_mode = "force_installed"; + private_browsing = true; + }; + # Bitwarden + "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; + installation_mode = "force_installed"; + default_area = "navbar"; + }; + # 1Password + "{d634138d-c276-4fc8-924b-40a0ea21d284}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"; + installation_mode = "force_installed"; + default_area = "navbar"; + }; + # Disqus Auto-Expander + "disqus-auto-expander@john30013.com" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/disqus-auto-expander/latest.xpi"; + installation_mode = "force_installed"; + }; + # Indie Wiki Buddy + "{cb31ec5d-c49a-4e5a-b240-16c767444f62}" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/indie-wiki-buddy/latest.xpi"; + installation_mode = "force_installed"; + }; + # SteamDB + "firefox-extension@steamdb.info" = { + install_url = "https://addons.mozilla.org/firefox/downloads/latest/steam-database/latest.xpi"; + installation_mode = "force_installed"; + }; + }; + }; + profiles.default = { settings = { "browser.startup.page" = 3; # resume previous session "browser.newtabpage.activity-stream.showSponsored" = false; From f22afd23c3b109d9d8841e70d209ae3fe3f993bc Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 15:32:47 +0100 Subject: [PATCH 416/438] flake: Remove rycee's firefox addons repo --- flake.lock | 24 ------------------------ flake.nix | 5 ----- 2 files changed, 29 deletions(-) diff --git a/flake.lock b/flake.lock index 1bc273a..7aa0420 100644 --- a/flake.lock +++ b/flake.lock @@ -47,29 +47,6 @@ "type": "github" } }, - "firefox-addons": { - "inputs": { - "nixpkgs": [ - "nixpkgs-unstable" - ] - }, - "locked": { - "dir": "pkgs/firefox-addons", - "lastModified": 1753157005, - "narHash": "sha256-fTdJ2yYjR8O3kEWsveBGu/d8ilEFxVnGkF4wS3N1Was=", - "owner": "rycee", - "repo": "nur-expressions", - "rev": "a38f383959d8bf0c1d5d555469a4c63c4632701f", - "type": "gitlab" - }, - "original": { - "dir": "pkgs/firefox-addons", - "owner": "rycee", - "ref": "master", - "repo": "nur-expressions", - "type": "gitlab" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -336,7 +313,6 @@ "inputs": { "agenix": "agenix", "colmena": "colmena", - "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", diff --git a/flake.nix b/flake.nix index 0298a96..39bf975 100644 --- a/flake.nix +++ b/flake.nix @@ -55,11 +55,6 @@ flake = false; }; - firefox-addons = { - url = "gitlab:rycee/nur-expressions?ref=master&dir=pkgs/firefox-addons"; - inputs.nixpkgs.follows = "nixpkgs-unstable"; - }; - scoutshonour = { url = "git+https://git.qenya.tel/qenya/nix-scoutshonour?ref=main"; inputs.nixpkgs.follows = "nixpkgs-unstable"; From ff8cf775e34005442fd36ee1751aea6c01d60f25 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 22 Jul 2025 23:26:19 +0100 Subject: [PATCH 417/438] qenya: uninstall Bitwarden --- home/qenya/firefox.nix | 6 ------ home/qenya/packages.nix | 1 - 2 files changed, 7 deletions(-) diff --git a/home/qenya/firefox.nix b/home/qenya/firefox.nix index 13872ee..1748484 100644 --- a/home/qenya/firefox.nix +++ b/home/qenya/firefox.nix @@ -17,12 +17,6 @@ in installation_mode = "force_installed"; private_browsing = true; }; - # Bitwarden - "{446900e4-71c2-419f-a6a7-df9c091e268b}" = { - install_url = "https://addons.mozilla.org/firefox/downloads/latest/bitwarden-password-manager/latest.xpi"; - installation_mode = "force_installed"; - default_area = "navbar"; - }; # 1Password "{d634138d-c276-4fc8-924b-40a0ea21d284}" = { install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi"; diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index 7dd0414..d611448 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -22,7 +22,6 @@ in lolcat ] ++ optionals isGraphical [ _1password-gui - bitwarden discord # https://github.com/NixOS/nixpkgs/issues/427155 # gimp-with-plugins From 90faaf720a30dcbed805f40b5487bb8413d2b936 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 23 Jul 2025 18:10:01 +0100 Subject: [PATCH 418/438] flake: Use Lix 2.93.3 --- flake.lock | 18 +++++++++--------- flake.nix | 8 +------- 2 files changed, 10 insertions(+), 16 deletions(-) diff --git a/flake.lock b/flake.lock index 7aa0420..c141909 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753042913, - "narHash": "sha256-qJbb3maOuWoQPI1cN1w1ha/ks+gxGWWr75GCNQjsaeo=", + "lastModified": 1753223229, + "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", "ref": "release-2.93", - "rev": "dc6d5962a57659b4f54ebdf0c8676847bd80212a", - "revCount": 17880, + "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", + "revCount": 17883, "type": "git", "url": "https://git.lix.systems/lix-project/lix" }, @@ -180,15 +180,15 @@ ] }, "locked": { - "lastModified": 1751240025, - "narHash": "sha256-SXUAlxpjPRkArRMHy5+Hdi+PiC+ND9yzzIjiaHmTvQU=", - "rev": "8b1094356f4723d6e89d3f8a95b333ee16d9ab02", + "lastModified": 1753282722, + "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", + "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/8b1094356f4723d6e89d3f8a95b333ee16d9ab02.tar.gz?rev=8b1094356f4723d6e89d3f8a95b333ee16d9ab02" + "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" }, "original": { "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz" + "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" } }, "nixpkgs": { diff --git a/flake.nix b/flake.nix index 39bf975..7c5e3fb 100644 --- a/flake.nix +++ b/flake.nix @@ -7,14 +7,8 @@ lix-module = { # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.2-1.tar.gz"; + url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; - # Temporary: use 2.93 release branch until 2.93.3 is released - # see bug: https://git.lix.systems/lix-project/lix/issues/917 - inputs.lix = { - url = "git+https://git.lix.systems/lix-project/lix?ref=release-2.93"; - inputs.nixpkgs.follows = "nixpkgs"; - }; }; home-manager = { From 1e11359c1abed7919b5638f7a11f169f92e4ebe7 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 10 Aug 2025 18:43:43 +0100 Subject: [PATCH 419/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'agenix': 'github:ryantm/agenix/531beac616433bac6f9e2a19feb8e99a22a66baf' (2025-06-17) → 'github:ryantm/agenix/9edb1787864c4f59ae5074ad498b6272b3ec308d' (2025-08-05) • Updated input 'colmena': 'github:zhaofengli/colmena/d2beb694d54db653399b8597c0f6e15e20b26405' (2025-07-12) → 'github:zhaofengli/colmena/5e0fbc4dbc50b3a38ecdbcb8d0a5bbe12e3f9a72' (2025-08-03) • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/644e0fc48951a860279da645ba77fe4a6e814c5e' (2025-07-21) → 'github:hercules-ci/flake-parts/af66ad14b28a127c5c0f3bbb298218fc63528a18' (2025-08-06) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/14a40a1d7fb9afa4739275ac642ed7301a9ba1ab' (2025-06-29) → 'github:nix-community/nixpkgs.lib/0f36c44e01a6129be94e3ade315a5883f0228a6e' (2025-07-27) • Updated input 'home-manager': 'github:nix-community/home-manager/adf195f021a8cbb0c317f75b52e96c82616526f9' (2025-07-20) → 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204' (2025-07-27) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc' (2025-07-22) → 'github:nix-community/home-manager/91586008a23c01cc32894ee187dca8c0a7bd20a4' (2025-08-10) • Updated input 'lix-module/lix': 'git+https://git.lix.systems/lix-project/lix?ref=release-2.93&rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a' (2025-07-22) → 'https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?narHash=sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU%3D&rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a' (2025-07-22) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/92c2e04a475523e723c67ef872d8037379073681' (2025-07-21) → 'github:NixOS/nixpkgs/fc756aa6f5d3e2e5666efcf865d190701fef150a' (2025-08-08) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/4978f362d3ecc18c2b111f46a65467a0e07ef923' (2025-07-21) → 'github:NixOS/nixpkgs/c5f08b62ed75415439d48152c2a784e36909b1bc' (2025-08-09) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/c87b95e25065c028d31a94f06a62927d18763fdf' (2025-07-19) → 'github:NixOS/nixpkgs/85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054' (2025-08-09) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/91b279d8c68718659084298ea287c73b5bf6df2c' (2025-07-21) → 'github:NixOS/nixpkgs/641d909c4a7538f1539da9240dedb1755c907e40' (2025-08-10) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/b7697abe89967839b273a863a3805345ea54ab56' (2025-05-25) → 'github:nix-community/plasma-manager/cca090f8115c4172b9aef6c5299ae784bdd5e133' (2025-08-06) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/a0363249f2d195f2c1a703981ae8a8703a7ec274' (2025-07-20) → 'github:randomnetcat/nix-configs/5ec76d807da16b1ecd8aaf230cbb88b140810e67' (2025-08-10) --- flake.lock | 78 ++++++++++++++++++++++++++---------------------------- 1 file changed, 38 insertions(+), 40 deletions(-) diff --git a/flake.lock b/flake.lock index c141909..755c11c 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1754433428, + "narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "type": "github" }, "original": { @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1752287590, - "narHash": "sha256-U1IqFnxlgCRrPaeT5IGCdH0j9CNLPFcI/fRAidi0aDQ=", + "lastModified": 1754254562, + "narHash": "sha256-vwu354kJ2fjK1StYmsi/M2vGQ2s72m+t9pIPHImt1Xw=", "owner": "zhaofengli", "repo": "colmena", - "rev": "d2beb694d54db653399b8597c0f6e15e20b26405", + "rev": "5e0fbc4dbc50b3a38ecdbcb8d0a5bbe12e3f9a72", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1753121425, - "narHash": "sha256-TVcTNvOeWWk1DXljFxVRp+E0tzG1LhrVjOGGoMHuXio=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "644e0fc48951a860279da645ba77fe4a6e814c5e", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -120,11 +120,11 @@ ] }, "locked": { - "lastModified": 1753055804, - "narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "adf195f021a8cbb0c317f75b52e96c82616526f9", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1753180535, - "narHash": "sha256-KEtlzMs2O7FDvciFtjk9W4hyau013Pj9qZNK9a0PxEc=", + "lastModified": 1754842705, + "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", "owner": "nix-community", "repo": "home-manager", - "rev": "847711c7ffa9944b0c5c39a8342ac8eb6a9f9abc", + "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", "type": "github" }, "original": { @@ -159,11 +159,9 @@ "locked": { "lastModified": 1753223229, "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "ref": "release-2.93", "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", - "revCount": 17883, - "type": "git", - "url": "https://git.lix.systems/lix-project/lix" + "type": "tarball", + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" }, "original": { "type": "tarball", @@ -193,11 +191,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1753115646, - "narHash": "sha256-yLuz5cz5Z+sn8DRAfNkrd2Z1cV6DaYO9JMrEz4KZo/c=", + "lastModified": 1754689972, + "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "92c2e04a475523e723c67ef872d8037379073681", + "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "type": "github" }, "original": { @@ -209,11 +207,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1751159883, - "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=", + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "type": "github" }, "original": { @@ -224,11 +222,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1753118650, - "narHash": "sha256-3qGG9hzkSE6Sc97iC1US7xKucFO5WgxVXHCd8Dswxnc=", + "lastModified": 1754767907, + "narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4978f362d3ecc18c2b111f46a65467a0e07ef923", + "rev": "c5f08b62ed75415439d48152c2a784e36909b1bc", "type": "github" }, "original": { @@ -240,11 +238,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1754725699, + "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", "type": "github" }, "original": { @@ -256,11 +254,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1753088943, - "narHash": "sha256-cIyYVyDTSR6K3+xUGvEO3GAtBsdBhBcDALqHK50QEIQ=", + "lastModified": 1754800730, + "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "91b279d8c68718659084298ea287c73b5bf6df2c", + "rev": "641d909c4a7538f1539da9240dedb1755c907e40", "type": "github" }, "original": { @@ -280,11 +278,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754501628, + "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", "type": "github" }, "original": { @@ -296,11 +294,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1752978528, - "narHash": "sha256-yO7UD0B9NP10znETLXF00ccYMFFOWVVzILhrnx7rreY=", + "lastModified": 1754792812, + "narHash": "sha256-AyHt1K+Y3e7Ss5ycNYC47tt+QRTmQJDd3NVudmWhBtQ=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "a0363249f2d195f2c1a703981ae8a8703a7ec274", + "rev": "5ec76d807da16b1ecd8aaf230cbb88b140810e67", "type": "github" }, "original": { From 9ea1a70495513feefc1bd42c2c1a7d8b15900af3 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 14 Aug 2025 22:41:16 +0100 Subject: [PATCH 420/438] flake: Fiddle with Lix versions to work around bug --- flake.lock | 13 ++++++++----- flake.nix | 7 +++++++ 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 755c11c..c9b2cae 100644 --- a/flake.lock +++ b/flake.lock @@ -157,11 +157,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1753223229, - "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=", - "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a", + "lastModified": 1753306924, + "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", + "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a" + "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" }, "original": { "type": "tarball", @@ -172,7 +172,9 @@ "inputs": { "flake-utils": "flake-utils_2", "flakey-profile": "flakey-profile", - "lix": "lix", + "lix": [ + "lix" + ], "nixpkgs": [ "nixpkgs" ] @@ -314,6 +316,7 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", + "lix": "lix", "lix-module": "lix-module", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", diff --git a/flake.nix b/flake.nix index 7c5e3fb..ea9e4f1 100644 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,18 @@ nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-25.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; + + lix = { + # use unreleased 2.93 branch due to https://git.lix.systems/lix-project/lix/issues/943 until lix cuts a new 2.93.x release + url = "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"; + flake = false; + }; lix-module = { # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; + inputs.lix.follows = "lix"; }; home-manager = { From 77698bd2ef9c422d6c4af96ec662bfc0178b28ab Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 14 Aug 2025 22:42:31 +0100 Subject: [PATCH 421/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/91586008a23c01cc32894ee187dca8c0a7bd20a4' (2025-08-10) → 'github:nix-community/home-manager/279ca5addcdcfa31ac852b3ecb39fc372684f426' (2025-08-13) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/fc756aa6f5d3e2e5666efcf865d190701fef150a' (2025-08-08) → 'github:NixOS/nixpkgs/3385ca0cd7e14c1a1eb80401fe011705ff012323' (2025-08-13) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/c5f08b62ed75415439d48152c2a784e36909b1bc' (2025-08-09) → 'github:NixOS/nixpkgs/20a42bc21e54ac69d390af482945da2ed0f818c4' (2025-08-14) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054' (2025-08-09) → 'github:NixOS/nixpkgs/005433b926e16227259a1843015b5b2b7f7d1fc3' (2025-08-12) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/641d909c4a7538f1539da9240dedb1755c907e40' (2025-08-10) → 'github:NixOS/nixpkgs/1a341e3c908f4a3105e737bd13af0318dc06fbe3' (2025-08-14) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/5ec76d807da16b1ecd8aaf230cbb88b140810e67' (2025-08-10) → 'github:randomnetcat/nix-configs/724c16b15be0eccc0b49c0c345185ecbcf9a1b98' (2025-08-14) --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index c9b2cae..e454fa9 100644 --- a/flake.lock +++ b/flake.lock @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1754842705, - "narHash": "sha256-2vvncPLsBWV6dRM5LfGHMGYZ+vzqRDqSPBzxPAS0R/A=", + "lastModified": 1755121891, + "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", "owner": "nix-community", "repo": "home-manager", - "rev": "91586008a23c01cc32894ee187dca8c0a7bd20a4", + "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754689972, - "narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", + "lastModified": 1755078291, + "narHash": "sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", + "rev": "3385ca0cd7e14c1a1eb80401fe011705ff012323", "type": "github" }, "original": { @@ -224,11 +224,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1754767907, - "narHash": "sha256-8OnUzRQZkqtUol9vuUuQC30hzpMreKptNyET2T9lB6g=", + "lastModified": 1755152343, + "narHash": "sha256-6NhwGvii7Fh54oSg08iREp2LouDIpy9cZr2DHpbpzaA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c5f08b62ed75415439d48152c2a784e36909b1bc", + "rev": "20a42bc21e54ac69d390af482945da2ed0f818c4", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1754725699, - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", + "lastModified": 1755027561, + "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", + "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1754800730, - "narHash": "sha256-HfVZCXic9XLBgybP0318ym3cDnGwBs/+H5MgxFVYF4I=", + "lastModified": 1755166611, + "narHash": "sha256-sk8pK8kWz4IE4ErAjKE1d8tMChY6VQR32U4yS68FIog=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "641d909c4a7538f1539da9240dedb1755c907e40", + "rev": "1a341e3c908f4a3105e737bd13af0318dc06fbe3", "type": "github" }, "original": { @@ -296,11 +296,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1754792812, - "narHash": "sha256-AyHt1K+Y3e7Ss5ycNYC47tt+QRTmQJDd3NVudmWhBtQ=", + "lastModified": 1755137299, + "narHash": "sha256-D9ouBQscZhecaTJ/Q6OJ1ZB4oek4HFbCuijN6i9XTXg=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "5ec76d807da16b1ecd8aaf230cbb88b140810e67", + "rev": "724c16b15be0eccc0b49c0c345185ecbcf9a1b98", "type": "github" }, "original": { From 2f619e92dcf36bef626355ed808075b01d2cd160 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Aug 2025 10:02:23 +0100 Subject: [PATCH 422/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/279ca5addcdcfa31ac852b3ecb39fc372684f426' (2025-08-13) → 'github:nix-community/home-manager/11626a4383b458f8dc5ea3237eaa04e8ab1912f3' (2025-08-15) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/20a42bc21e54ac69d390af482945da2ed0f818c4' (2025-08-14) → 'github:NixOS/nixpkgs/5d35709e6ca20589ba8f60ffd50ca73021cec7c7' (2025-08-14) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/724c16b15be0eccc0b49c0c345185ecbcf9a1b98' (2025-08-14) → 'github:randomnetcat/nix-configs/210dfc9f7a5503379cb7270ef677cedbfff26cc0' (2025-08-15) --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index e454fa9..8003ac8 100644 --- a/flake.lock +++ b/flake.lock @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1755121891, - "narHash": "sha256-UtYkukiGnPRJ5rpd4W/wFVrLMh8fqtNkqHTPgHEtrqU=", + "lastModified": 1755229570, + "narHash": "sha256-soZegto0xXzG2zYlu/zjknDHv0Z7tRS5EQs+Z/VRTBg=", "owner": "nix-community", "repo": "home-manager", - "rev": "279ca5addcdcfa31ac852b3ecb39fc372684f426", + "rev": "11626a4383b458f8dc5ea3237eaa04e8ab1912f3", "type": "github" }, "original": { @@ -224,11 +224,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1755152343, - "narHash": "sha256-6NhwGvii7Fh54oSg08iREp2LouDIpy9cZr2DHpbpzaA=", + "lastModified": 1755203481, + "narHash": "sha256-tvQYQ2mPvWX1tD/Saq8tfhH8qIGxXu18vo1vO0B+Z6A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20a42bc21e54ac69d390af482945da2ed0f818c4", + "rev": "5d35709e6ca20589ba8f60ffd50ca73021cec7c7", "type": "github" }, "original": { @@ -296,11 +296,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1755137299, - "narHash": "sha256-D9ouBQscZhecaTJ/Q6OJ1ZB4oek4HFbCuijN6i9XTXg=", + "lastModified": 1755223743, + "narHash": "sha256-B2+qqeYg542ZiOkMnIFgO9lMQjfCKNqHBJt0neaMdYM=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "724c16b15be0eccc0b49c0c345185ecbcf9a1b98", + "rev": "210dfc9f7a5503379cb7270ef677cedbfff26cc0", "type": "github" }, "original": { From 3bc4563613690357110b6e66ade80e6112bb9de6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 15 Aug 2025 12:33:32 +0100 Subject: [PATCH 423/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/005433b926e16227259a1843015b5b2b7f7d1fc3' (2025-08-12) → 'github:NixOS/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c' (2025-08-14) --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 8003ac8..9bf524f 100644 --- a/flake.lock +++ b/flake.lock @@ -240,11 +240,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755027561, - "narHash": "sha256-IVft239Bc8p8Dtvf7UAACMG5P3ZV+3/aO28gXpGtMXI=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "005433b926e16227259a1843015b5b2b7f7d1fc3", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { From 4d5fe2334951633ca071fee1f4c1ad933bbee04d Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Thu, 21 Aug 2025 10:27:53 +0100 Subject: [PATCH 424/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'colmena': 'github:zhaofengli/colmena/5e0fbc4dbc50b3a38ecdbcb8d0a5bbe12e3f9a72' (2025-08-03) → 'github:zhaofengli/colmena/5bf4ce6a24adba74a5184f4a9bef01d545a09473' (2025-08-15) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/11626a4383b458f8dc5ea3237eaa04e8ab1912f3' (2025-08-15) → 'github:nix-community/home-manager/282b4c98de97da6667cb03de4f427371734bc39c' (2025-08-21) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/3385ca0cd7e14c1a1eb80401fe011705ff012323' (2025-08-13) → 'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03' (2025-08-19) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/5d35709e6ca20589ba8f60ffd50ca73021cec7c7' (2025-08-14) → 'github:NixOS/nixpkgs/9b25c330be40afe4b8be9a493439f81aaae27d5f' (2025-08-20) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c' (2025-08-14) → 'github:NixOS/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4' (2025-08-19) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/1a341e3c908f4a3105e737bd13af0318dc06fbe3' (2025-08-14) → 'github:NixOS/nixpkgs/b0eccfbc0168243438e8a6747fcdfb1bb796a3f7' (2025-08-20) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/210dfc9f7a5503379cb7270ef677cedbfff26cc0' (2025-08-15) → 'github:randomnetcat/nix-configs/336fe0913a6cabbadb0bff77271fac83db7f12a7' (2025-08-21) --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 9bf524f..5c11a94 100644 --- a/flake.lock +++ b/flake.lock @@ -34,11 +34,11 @@ "stable": [] }, "locked": { - "lastModified": 1754254562, - "narHash": "sha256-vwu354kJ2fjK1StYmsi/M2vGQ2s72m+t9pIPHImt1Xw=", + "lastModified": 1755272288, + "narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=", "owner": "zhaofengli", "repo": "colmena", - "rev": "5e0fbc4dbc50b3a38ecdbcb8d0a5bbe12e3f9a72", + "rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1755229570, - "narHash": "sha256-soZegto0xXzG2zYlu/zjknDHv0Z7tRS5EQs+Z/VRTBg=", + "lastModified": 1755755322, + "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=", "owner": "nix-community", "repo": "home-manager", - "rev": "11626a4383b458f8dc5ea3237eaa04e8ab1912f3", + "rev": "282b4c98de97da6667cb03de4f427371734bc39c", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755078291, - "narHash": "sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY=", + "lastModified": 1755593991, + "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3385ca0cd7e14c1a1eb80401fe011705ff012323", + "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", "type": "github" }, "original": { @@ -224,11 +224,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1755203481, - "narHash": "sha256-tvQYQ2mPvWX1tD/Saq8tfhH8qIGxXu18vo1vO0B+Z6A=", + "lastModified": 1755724639, + "narHash": "sha256-lQvTMg+zXtjkoBrppU5zbRpBpXtPq4/v4aHgk4BUSro=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d35709e6ca20589ba8f60ffd50ca73021cec7c7", + "rev": "9b25c330be40afe4b8be9a493439f81aaae27d5f", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755186698, - "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", + "lastModified": 1755615617, + "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", + "rev": "20075955deac2583bb12f07151c2df830ef346b4", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1755166611, - "narHash": "sha256-sk8pK8kWz4IE4ErAjKE1d8tMChY6VQR32U4yS68FIog=", + "lastModified": 1755716446, + "narHash": "sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1a341e3c908f4a3105e737bd13af0318dc06fbe3", + "rev": "b0eccfbc0168243438e8a6747fcdfb1bb796a3f7", "type": "github" }, "original": { @@ -296,11 +296,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1755223743, - "narHash": "sha256-B2+qqeYg542ZiOkMnIFgO9lMQjfCKNqHBJt0neaMdYM=", + "lastModified": 1755741491, + "narHash": "sha256-d3ZvTRcEO8BFzbmNkDtbrkm7njdqvwLN7Q7/8Ou5jY0=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "210dfc9f7a5503379cb7270ef677cedbfff26cc0", + "rev": "336fe0913a6cabbadb0bff77271fac83db7f12a7", "type": "github" }, "original": { From d6e22d294ec5a0a693d8aba585b89774bcc2981e Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Sun, 24 Aug 2025 20:34:37 +0100 Subject: [PATCH 425/438] qenya: Remove reference to Plasma 5 as it is no longer used --- home/qenya/packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/qenya/packages.nix b/home/qenya/packages.nix index d611448..5f890cc 100644 --- a/home/qenya/packages.nix +++ b/home/qenya/packages.nix @@ -4,7 +4,7 @@ let inherit (lib) optionals; isGraphical = osConfig.services.xserver.enable; isGnome = osConfig.services.xserver.desktopManager.gnome.enable; - isPlasma = osConfig.services.desktopManager.plasma6.enable || osConfig.services.xserver.desktopManager.plasma5.enable; + isPlasma = osConfig.services.desktopManager.plasma6.enable; in { home.packages = with pkgs; [ From 9e2f48c9dd706b99990bfc13f00ed00c5ae2d2f6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 1 Sep 2025 11:59:20 +0100 Subject: [PATCH 426/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/fc3add429f21450359369af74c2375cb34a2d204' (2025-07-27) → 'github:nix-community/home-manager/07fc025fe10487dd80f2ec694f1cd790e752d0e8' (2025-08-31) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/282b4c98de97da6667cb03de4f427371734bc39c' (2025-08-21) → 'github:nix-community/home-manager/fccb44df77266a3891939f35197f538dace3442f' (2025-08-31) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/a58390ab6f1aa810eb8e0f0fc74230e7cc06de03' (2025-08-19) → 'github:NixOS/nixpkgs/b4c2c57c31e68544982226d07e4719a2d86302a8' (2025-08-31) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/9b25c330be40afe4b8be9a493439f81aaae27d5f' (2025-08-20) → 'github:NixOS/nixpkgs/af39794d2a7403f0121a02cd11af252c2e7ff3aa' (2025-08-31) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4' (2025-08-19) → 'github:NixOS/nixpkgs/d7600c775f877cd87b4f5a831c28aa94137377aa' (2025-08-30) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/b0eccfbc0168243438e8a6747fcdfb1bb796a3f7' (2025-08-20) → 'github:NixOS/nixpkgs/2e6aeede9cb4896693434684bb0002ab2c0cfc09' (2025-08-31) • Updated input 'plasma-manager': 'github:nix-community/plasma-manager/cca090f8115c4172b9aef6c5299ae784bdd5e133' (2025-08-06) → 'github:nix-community/plasma-manager/d47428e5390d6a5a8f764808a4db15929347cd77' (2025-08-31) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/336fe0913a6cabbadb0bff77271fac83db7f12a7' (2025-08-21) → 'github:randomnetcat/nix-configs/42cf6f1a07f024475010dff2c31b980893871944' (2025-09-01) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 5c11a94..14eaca3 100644 --- a/flake.lock +++ b/flake.lock @@ -120,11 +120,11 @@ ] }, "locked": { - "lastModified": 1753592768, - "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "fc3add429f21450359369af74c2375cb34a2d204", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1755755322, - "narHash": "sha256-spCxkNihCk3uT3LUrUwzdEAjLA/E0EtEgF3KVI05nlM=", + "lastModified": 1756683562, + "narHash": "sha256-3fcIqwm1u+rF3kkgUYYEIcLrs93+Pi+a6AwiEAxdP5g=", "owner": "nix-community", "repo": "home-manager", - "rev": "282b4c98de97da6667cb03de4f427371734bc39c", + "rev": "fccb44df77266a3891939f35197f538dace3442f", "type": "github" }, "original": { @@ -193,11 +193,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1755593991, - "narHash": "sha256-BA9MuPjBDx/WnpTJ0EGhStyfE7hug8g85Y3Ju9oTsM4=", + "lastModified": 1756617294, + "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a58390ab6f1aa810eb8e0f0fc74230e7cc06de03", + "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8", "type": "github" }, "original": { @@ -224,11 +224,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1755724639, - "narHash": "sha256-lQvTMg+zXtjkoBrppU5zbRpBpXtPq4/v4aHgk4BUSro=", + "lastModified": 1756662007, + "narHash": "sha256-meKMH0fSaQrKR6BdjDpltfx15WzQwNlTM9TH6w+0Yxc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9b25c330be40afe4b8be9a493439f81aaae27d5f", + "rev": "af39794d2a7403f0121a02cd11af252c2e7ff3aa", "type": "github" }, "original": { @@ -240,11 +240,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1755615617, - "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20075955deac2583bb12f07151c2df830ef346b4", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1755716446, - "narHash": "sha256-AdVENrXoFws0sENT2Sz9SMavbqVJnATmCODuqJ7GcSs=", + "lastModified": 1756662818, + "narHash": "sha256-Opggp4xiucQ5gBceZ6OT2vWAZOjQb3qULv39scGZ9Nw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0eccfbc0168243438e8a6747fcdfb1bb796a3f7", + "rev": "2e6aeede9cb4896693434684bb0002ab2c0cfc09", "type": "github" }, "original": { @@ -280,11 +280,11 @@ ] }, "locked": { - "lastModified": 1754501628, - "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", + "lastModified": 1756632588, + "narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", + "rev": "d47428e5390d6a5a8f764808a4db15929347cd77", "type": "github" }, "original": { @@ -296,11 +296,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1755741491, - "narHash": "sha256-d3ZvTRcEO8BFzbmNkDtbrkm7njdqvwLN7Q7/8Ou5jY0=", + "lastModified": 1756692654, + "narHash": "sha256-tvj2NfbK2kI8K2cmgQdkJmVmNo18iBKnpfI4rLrnqgQ=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "336fe0913a6cabbadb0bff77271fac83db7f12a7", + "rev": "42cf6f1a07f024475010dff2c31b980893871944", "type": "github" }, "original": { From 3d5278e32b929dc3fcec0f4c985a586518849f05 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Sep 2025 00:01:26 +0100 Subject: [PATCH 427/438] tailscale: Add workaround for kernel bug --- common/tailscale.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/common/tailscale.nix b/common/tailscale.nix index 1fa1da8..142b0c4 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -20,4 +20,21 @@ }; networking.domain = "birdsong.network"; + + # Workaround for: https://github.com/tailscale/tailscale/issues/16966 + nixpkgs.overlays = [ + (_: prev: { + tailscale = prev.tailscale.overrideAttrs (old: { + checkFlags = + builtins.map + ( + flag: + if prev.lib.hasPrefix "-skip=" flag + then flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" + else flag + ) + old.checkFlags; + }); + }) + ]; } From 3cdfe214f2d587451766f4754baa7663843d2888 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Sep 2025 00:49:58 +0100 Subject: [PATCH 428/438] flake, nix: Use Lix from nixpkgs --- common/nix.nix | 12 +++++++ flake.lock | 87 -------------------------------------------------- flake.nix | 23 ++----------- 3 files changed, 14 insertions(+), 108 deletions(-) diff --git a/common/nix.nix b/common/nix.nix index c5174d8..1b4b96d 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -9,4 +9,16 @@ }; nixpkgs.config.allowUnfree = true; nix.settings.trusted-users = [ "@wheel" ]; + + nix.package = pkgs.lixPackageSets.stable.lix; + nixpkgs.overlays = [ + (final: prev: { + inherit (final.lixPackageSets.stable) + nixpkgs-review + nix-direnv + nix-eval-jobs + nix-fast-build + colmena; + }) + ]; } diff --git a/flake.lock b/flake.lock index 14eaca3..9a940ff 100644 --- a/flake.lock +++ b/flake.lock @@ -80,39 +80,6 @@ "type": "github" } }, - "flake-utils_2": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flakey-profile": { - "locked": { - "lastModified": 1712898590, - "narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=", - "owner": "lf-", - "repo": "flakey-profile", - "rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d", - "type": "github" - }, - "original": { - "owner": "lf-", - "repo": "flakey-profile", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -154,43 +121,6 @@ "type": "github" } }, - "lix": { - "flake": false, - "locked": { - "lastModified": 1753306924, - "narHash": "sha256-jLCEW0FvjFhC+c4RHzH+xbkSOxrnpFHnhjOw6sudhx0=", - "rev": "1a4393d0aac31aba21f5737ede1b171e11336d77", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/1a4393d0aac31aba21f5737ede1b171e11336d77.tar.gz?rev=1a4393d0aac31aba21f5737ede1b171e11336d77" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz" - } - }, - "lix-module": { - "inputs": { - "flake-utils": "flake-utils_2", - "flakey-profile": "flakey-profile", - "lix": [ - "lix" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753282722, - "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=", - "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873", - "type": "tarball", - "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873" - }, - "original": { - "type": "tarball", - "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz" - } - }, "nixpkgs": { "locked": { "lastModified": 1756617294, @@ -316,8 +246,6 @@ "flake-parts": "flake-parts", "home-manager": "home-manager", "home-manager-unstable": "home-manager-unstable", - "lix": "lix", - "lix-module": "lix-module", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", "nixpkgs-unstable": "nixpkgs-unstable", @@ -362,21 +290,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ea9e4f1..ad5ac8e 100644 --- a/flake.nix +++ b/flake.nix @@ -4,19 +4,6 @@ nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-25.05-small"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:NixOS/nixpkgs/nixos-unstable-small"; - - lix = { - # use unreleased 2.93 branch due to https://git.lix.systems/lix-project/lix/issues/943 until lix cuts a new 2.93.x release - url = "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"; - flake = false; - }; - - lix-module = { - # lix haven't figured out automatic updates yet: https://git.lix.systems/lix-project/nixos-module/issues/39 - url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.lix.follows = "lix"; - }; home-manager = { url = "github:nix-community/home-manager/release-25.05"; @@ -71,7 +58,7 @@ perSystem = { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = [ - inputs.colmena.packages.${system}.colmena + pkgs.colmena inputs.agenix.packages.${system}.default inputs.plasma-manager.packages.${system}.rc2nix ]; @@ -121,12 +108,7 @@ in { meta = { - nixpkgs = import nixpkgs-unstable { - system = "x86_64-linux"; - overlays = [ - inputs.lix-module.overlays.default - ]; - }; + nixpkgs = import nixpkgs-unstable { system = "x86_64-linux"; }; nodeNixpkgs = { kilgharrah = import nixpkgs-unstable { system = "x86_64-linux"; }; tohru = import nixpkgs { system = "x86_64-linux"; }; @@ -147,7 +129,6 @@ deployment.buildOnTarget = lib.mkDefault true; imports = [ - inputs.lix-module.nixosModules.default inputs.agenix.nixosModules.default ./common ./services From 993da5f90c44db2857b68aa19f5aa31ddaeaac6a Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Sep 2025 00:54:52 +0100 Subject: [PATCH 429/438] nix: Permit EoL Qt5 WebEngine for jellyfin-media-player --- common/nix.nix | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/common/nix.nix b/common/nix.nix index 1b4b96d..35c7505 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -10,6 +10,15 @@ nixpkgs.config.allowUnfree = true; nix.settings.trusted-users = [ "@wheel" ]; + # Dependency of jellyfin-media-player, which hasn't upgraded to Qt6 yet + # Related tickets: + # - https://github.com/NixOS/nixpkgs/pull/435067 + # - https://github.com/NixOS/nixpkgs/issues/437865 + # - https://github.com/jellyfin/jellyfin-media-player/issues/282 + nixpkgs.config.permittedInsecurePackages = [ + "qtwebengine-5.15.19" + ]; + nix.package = pkgs.lixPackageSets.stable.lix; nixpkgs.overlays = [ (final: prev: { From 8262ec76a69e7db3624334f0663821c795226181 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Tue, 2 Sep 2025 02:23:51 +0100 Subject: [PATCH 430/438] flake: Workaround for using Colmena HEAD but with Lix as a dependency --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index ad5ac8e..21c464d 100644 --- a/flake.nix +++ b/flake.nix @@ -58,7 +58,10 @@ perSystem = { pkgs, system, ... }: { devShells.default = pkgs.mkShell { packages = [ - pkgs.colmena + # TODO: improve the way this override works + (inputs.colmena.packages.${system}.colmena.override { + nix-eval-jobs = pkgs.lixPackageSets.stable.nix-eval-jobs; + }) inputs.agenix.packages.${system}.default inputs.plasma-manager.packages.${system}.rc2nix ]; From 6df2fdecb7e30dcc9f0c9394677b336f528b1488 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 8 Sep 2025 12:27:13 +0100 Subject: [PATCH 431/438] boot: Add Control D DNS as fallback if Mullvad is down --- common/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/boot.nix b/common/boot.nix index 1eb8089..342b3d0 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -16,7 +16,7 @@ in fallbackDns = [ ]; dnsovertls = "true"; extraConfig = '' - DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net + DNS=2a07:e340::4#base.dns.mullvad.net 194.242.2.4#base.dns.mullvad.net 2606:1a40::11#p2.freedns.controld.com 76.76.2.11#p2.freedns.controld.com ''; }; } From 598f1dc7425b71496161724dc21e0200d51d3d4c Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 8 Sep 2025 12:30:28 +0100 Subject: [PATCH 432/438] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'flake-parts': 'github:hercules-ci/flake-parts/af66ad14b28a127c5c0f3bbb298218fc63528a18' (2025-08-06) → 'github:hercules-ci/flake-parts/4524271976b625a4a605beefd893f270620fd751' (2025-09-01) • Updated input 'flake-parts/nixpkgs-lib': 'github:nix-community/nixpkgs.lib/0f36c44e01a6129be94e3ade315a5883f0228a6e' (2025-07-27) → 'github:nix-community/nixpkgs.lib/a73b9c743612e4244d865a2fdee11865283c04e6' (2025-08-10) • Updated input 'home-manager-unstable': 'github:nix-community/home-manager/fccb44df77266a3891939f35197f538dace3442f' (2025-08-31) → 'github:nix-community/home-manager/f35703b412c67b48e97beb6e27a6ab96a084cd37' (2025-09-07) • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/b4c2c57c31e68544982226d07e4719a2d86302a8' (2025-08-31) → 'github:NixOS/nixpkgs/092c565d333be1e17b4779ac22104338941d913f' (2025-09-07) • Updated input 'nixpkgs-small': 'github:NixOS/nixpkgs/af39794d2a7403f0121a02cd11af252c2e7ff3aa' (2025-08-31) → 'github:NixOS/nixpkgs/16721e9cbabc2847dd62591e5ec8f2ea54379588' (2025-09-08) • Updated input 'nixpkgs-unstable': 'github:NixOS/nixpkgs/d7600c775f877cd87b4f5a831c28aa94137377aa' (2025-08-30) → 'github:NixOS/nixpkgs/8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9' (2025-09-05) • Updated input 'nixpkgs-unstable-small': 'github:NixOS/nixpkgs/2e6aeede9cb4896693434684bb0002ab2c0cfc09' (2025-08-31) → 'github:NixOS/nixpkgs/e568c4e9e6231f948f0d1f3c90859b41e8791186' (2025-09-08) • Updated input 'randomcat': 'github:randomnetcat/nix-configs/42cf6f1a07f024475010dff2c31b980893871944' (2025-09-01) → 'github:randomnetcat/nix-configs/2fcdb2d229a34190cfa24edbeabf4f34bdd5099c' (2025-09-08) --- flake.lock | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/flake.lock b/flake.lock index 9a940ff..f667d2a 100644 --- a/flake.lock +++ b/flake.lock @@ -52,11 +52,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1754487366, - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "lastModified": 1756770412, + "narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "rev": "4524271976b625a4a605beefd893f270620fd751", "type": "github" }, "original": { @@ -108,11 +108,11 @@ ] }, "locked": { - "lastModified": 1756683562, - "narHash": "sha256-3fcIqwm1u+rF3kkgUYYEIcLrs93+Pi+a6AwiEAxdP5g=", + "lastModified": 1757256385, + "narHash": "sha256-WK7tOhWwr15mipcckhDg2no/eSpM1nIh4C9le8HgHhk=", "owner": "nix-community", "repo": "home-manager", - "rev": "fccb44df77266a3891939f35197f538dace3442f", + "rev": "f35703b412c67b48e97beb6e27a6ab96a084cd37", "type": "github" }, "original": { @@ -123,11 +123,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756617294, - "narHash": "sha256-aGnd4AHIYCWQKChAkHPpX+YYCt7pA6y2LFFA/s8q0wQ=", + "lastModified": 1757244434, + "narHash": "sha256-AeqTqY0Y95K1Fgs6wuT1LafBNcmKxcOkWnm4alD9pqM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b4c2c57c31e68544982226d07e4719a2d86302a8", + "rev": "092c565d333be1e17b4779ac22104338941d913f", "type": "github" }, "original": { @@ -139,11 +139,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1753579242, - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "lastModified": 1754788789, + "narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "type": "github" }, "original": { @@ -154,11 +154,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1756662007, - "narHash": "sha256-meKMH0fSaQrKR6BdjDpltfx15WzQwNlTM9TH6w+0Yxc=", + "lastModified": 1757312038, + "narHash": "sha256-34XfbJT/fDl4OQNbtx1dHQRQGRodnHtZcM3VlM9d/5o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "af39794d2a7403f0121a02cd11af252c2e7ff3aa", + "rev": "16721e9cbabc2847dd62591e5ec8f2ea54379588", "type": "github" }, "original": { @@ -170,11 +170,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1756542300, - "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", + "lastModified": 1757068644, + "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", + "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1756662818, - "narHash": "sha256-Opggp4xiucQ5gBceZ6OT2vWAZOjQb3qULv39scGZ9Nw=", + "lastModified": 1757308260, + "narHash": "sha256-y/mYfpaSicNLq3AtR6BrgK7MZl4PiAWAfnYjKHr/zEA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2e6aeede9cb4896693434684bb0002ab2c0cfc09", + "rev": "e568c4e9e6231f948f0d1f3c90859b41e8791186", "type": "github" }, "original": { @@ -226,11 +226,11 @@ "randomcat": { "flake": false, "locked": { - "lastModified": 1756692654, - "narHash": "sha256-tvj2NfbK2kI8K2cmgQdkJmVmNo18iBKnpfI4rLrnqgQ=", + "lastModified": 1757296776, + "narHash": "sha256-j/0sale7a8dDl7fZJSujANEF8EGt6hHl+Cw1UXN8/Mk=", "owner": "randomnetcat", "repo": "nix-configs", - "rev": "42cf6f1a07f024475010dff2c31b980893871944", + "rev": "2fcdb2d229a34190cfa24edbeabf4f34bdd5099c", "type": "github" }, "original": { From e82d1792c9c9fc4ad1c4ac07f52b30d7003e0dd6 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 8 Sep 2025 12:39:40 +0100 Subject: [PATCH 433/438] boot, tailscale: Apply kernel regression patch instead of workarounds --- common/boot.nix | 13 +++++++++++++ common/tailscale.nix | 17 ----------------- 2 files changed, 13 insertions(+), 17 deletions(-) diff --git a/common/boot.nix b/common/boot.nix index 342b3d0..56a0896 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -11,6 +11,19 @@ in efi.canTouchEfiVariables = true; }; + boot.kernelPatches = [ + # Fix the /proc/net/tcp seek issue + # Impacts tailscale: https://github.com/tailscale/tailscale/issues/16966 + { + name = "proc: fix missing pde_set_flags() for net proc files"; + patch = pkgs.fetchurl { + name = "fix-missing-pde_set_flags-for-net-proc-files.patch"; + url = "https://patchwork.kernel.org/project/linux-fsdevel/patch/20250821105806.1453833-1-wangzijie1@honor.com/raw/"; + hash = "sha256-DbQ8FiRj65B28zP0xxg6LvW5ocEH8AHOqaRbYZOTDXg="; + }; + } + ]; + services.resolved = { enable = true; fallbackDns = [ ]; diff --git a/common/tailscale.nix b/common/tailscale.nix index 142b0c4..1fa1da8 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -20,21 +20,4 @@ }; networking.domain = "birdsong.network"; - - # Workaround for: https://github.com/tailscale/tailscale/issues/16966 - nixpkgs.overlays = [ - (_: prev: { - tailscale = prev.tailscale.overrideAttrs (old: { - checkFlags = - builtins.map - ( - flag: - if prev.lib.hasPrefix "-skip=" flag - then flag + "|^TestGetList$|^TestIgnoreLocallyBoundPorts$|^TestPoller$" - else flag - ) - old.checkFlags; - }); - }) - ]; } From 08aa13534ade85be47d033028997fadf078bd9f1 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Mon, 8 Sep 2025 18:48:53 +0100 Subject: [PATCH 434/438] boot: Only apply pde_set_flags kernel patch on x86 --- common/boot.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/common/boot.nix b/common/boot.nix index 56a0896..93ac942 100644 --- a/common/boot.nix +++ b/common/boot.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (lib) mkIf; + inherit (lib) mkIf optionals; in { boot.loader = { @@ -11,7 +11,7 @@ in efi.canTouchEfiVariables = true; }; - boot.kernelPatches = [ + boot.kernelPatches = optionals config.nixpkgs.hostPlatform.isx86 [ # Fix the /proc/net/tcp seek issue # Impacts tailscale: https://github.com/tailscale/tailscale/issues/16966 { From 4e462006178d316f0e28a7478cdc52dd7daec2b8 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 10 Sep 2025 00:07:13 +0100 Subject: [PATCH 435/438] owncast: Enable websockets so stream chat works --- services/owncast.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/services/owncast.nix b/services/owncast.nix index 47173d0..1fbf52f 100644 --- a/services/owncast.nix +++ b/services/owncast.nix @@ -22,7 +22,10 @@ in ${cfg.domain} = { forceSSL = true; enableACME = true; - locations."/".proxyPass = "http://127.0.0.1:32769/"; + locations."/" = { + proxyPass = "http://127.0.0.1:32769/"; + proxyWebsockets = true; + }; }; }; }; From dacc5100744ae1f35dbd535ee9e1e70607a4e1de Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 10 Sep 2025 00:07:27 +0100 Subject: [PATCH 436/438] steam: Enable Gamescope session for seamless IHS --- common/steam.nix | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/common/steam.nix b/common/steam.nix index cd27dac..b262ca9 100644 --- a/common/steam.nix +++ b/common/steam.nix @@ -3,13 +3,12 @@ { config = lib.mkIf config.programs.steam.enable { programs.steam = { - package = pkgs.steam.override { - extraArgs = "-pipewire"; # for remote play with PipeWire - }; - remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true; + gamescopeSession.enable = true; + extest.enable = true; + protontricks.enable = true; }; services.joycond.enable = true; From f6dedeea790c003c1c01266a5de086aaf05af391 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Wed, 10 Sep 2025 11:58:32 +0100 Subject: [PATCH 437/438] kilgharrah: Enable CUDA (NVIDIA hardware acceleration) --- hosts/kilgharrah/hardware.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hosts/kilgharrah/hardware.nix b/hosts/kilgharrah/hardware.nix index 0583c64..89b502c 100644 --- a/hosts/kilgharrah/hardware.nix +++ b/hosts/kilgharrah/hardware.nix @@ -7,6 +7,12 @@ services.xserver.videoDrivers = [ "nvidia" ]; hardware.nvidia.open = false; + nixpkgs.config.cudaSupport = true; + nix.settings = { + # Community cache with prebuilt packages with cudaSupport enabled + substituters = [ "https://nix-community.cachix.org" ]; + trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + }; # # Downgrade to driver version 535 as 550 has problems with Wayland # hardware.nvidia.package = From 165c179b3f13a0c0a5d0dec527342c8bfde48065 Mon Sep 17 00:00:00 2001 From: Katherina Walshe-Grey Date: Fri, 12 Sep 2025 17:18:07 +0100 Subject: [PATCH 438/438] qenya/vscode: Configure Ruby support & alphabetise extensions --- home/qenya/vscode.nix | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/home/qenya/vscode.nix b/home/qenya/vscode.nix index 568913d..1bfce37 100644 --- a/home/qenya/vscode.nix +++ b/home/qenya/vscode.nix @@ -13,18 +13,19 @@ in enableExtensionUpdateCheck = false; enableUpdateCheck = false; extensions = with pkgs.vscode-extensions; [ - charliermarsh.ruff - dbaeumer.vscode-eslint - eamodio.gitlens - golang.go - jdinhlife.gruvbox - jnoortheen.nix-ide - matangover.mypy - mkhl.direnv ms-python.black-formatter - ms-python.python - rust-lang.rust-analyzer + mkhl.direnv + dbaeumer.vscode-eslint + golang.go + eamodio.gitlens + jdinhlife.gruvbox vadimcn.vscode-lldb + matangover.mypy + jnoortheen.nix-ide + ms-python.python + shopify.ruby-lsp + charliermarsh.ruff + rust-lang.rust-analyzer ]; userSettings = { "css.format.spaceAroundSelectorSeparator" = true; @@ -81,6 +82,11 @@ in "ruff.nativeServer" = "on"; "ruff.path" = [ "${pkgs.ruff}/bin/ruff" ]; "mypy.dmypyExecutable" = "${pkgs.mypy}/bin/dmypy"; + + "[ruby]" = { + "editor.formatOnSave" = true; + "editor.formatOnType" = true; + }; }; }; };

^nLC-`SYiL6op;j@+^T)m8<>78%?#=f?c1_zn#1pwNh_uM7p$A^H2ugvu4&br@4}+3w;Y-FxsUNVOSt|cf6*W3 z4@Aw}F1Audi1);1_g~Gi24(KnZvPn?>@#%rBKAKN|Ixi@YG`h+vRZ-d!L^b9q-$h9 z>YmP?$9ZkZ_C0rZnK_lUy`6Y_*5k(?&0FdeBHvvt(OA5zT`r}oAbZsZ(fw^U*1YG| zFS+GybyPB~(eLq=^6#tErycd4FZkp6!4tXv6kZs-3Oo0s?c3RdDaY6Ge_p%SvcLNa z+f^Htr%UBOo&AxrBIipy(;uhut2U;Oo^Q)!%gb43-|&~$b?Fc9<8>m}9WJGJJ@=o` zTA7d|D)~-p(la;n&6fSr8CGFiliWMDJZTTyZnGgq`1-5|CjS{2USB$EvdiX4>$%Iq zHTS1h|7Ym3VO*N+b$ywqp5C_Pr|-Y6*Z-J)_&DYtA{R z&yjoDgqKvD_v`zlV30D=t}tXxNk8wc9lI|5arsub@!YX<7o)b@*>1bmeXC-#>u=j< zh00S7?OgWCPHfxNH$AfyIvbfw627eToqcqfddEMhTYr2nPR*@ZK2P!Y>fLFQDpl9} zE3QB6@37I=necj7buMq~^nCWURjmJ7AN^-0Q7aUB-Fm=xyDL|F~?pyCiPuzQq!! zqfZp>+RJ{-p8d_UZMn{e%d=iRE_QnUGko&vdxF)`Z$ECC7G7x1FE9Bz>Too@AWTB_HCE1 zd-SmIXz)k=!}D9FmG95I{5Hk>@U%X=P|vlKH_kU~|M33!JdG>QV(pKL^(baC9apPV zzP9_V@0QI4$-A$;og~^nb>b$EZ|h{E9k*Xe@b!CpNo9g&uN&wfVf(h=ioQn?mnx@< z%kP`cY?7y!e5FpHqW$6fUcGg8lCN(yM%;AVyi=W1X69q{ZT=$jv@bpU@NcW?vYm_1 zGW4F}yjU4vWxm6;=^Prx$O_QaQ!PhP3qT^E$yTkaXZH8W1Z*NKNIY3k0vmuE|6>G#+1 zSFHAHKm4CTP{G^t84G*ifp2Fk>*lUK^5*Q8RoebH03E z@@S1t(=iddX@ZPitn_#YtTiv|-?G3yR{|t+nv~k^v z;}>g^lUHfYzIt1k$I9Zlsrk2>;QO<0d)~VjasJ&+e$lIOKe7);oniYP`eFG!nYfpE z5^{SUZJK;YDs}C_T;U_LH@UylyRe#T${JIXk~pDji*~wiyQY6Flc_bh&o|@l-MGw; zGZQu$9jfXn65ILt!{?)EhP4ZqFm8L&Xz=9n+xK?rnI67(J0~15IJsS+OK79#vOLE} zy+^pswT`c{&5e4st?KM9*R>V-Db4e(sD^y9i4OWMz7a0>+VXZf-p3w{~pbSpb* z&SVqy{JUp^e}q4JxZ+iDRNT7z+m2jpn%ke%cjuphy|+{!#u(UZp0~MTKA+d7@L}bdII)lUw{lOO*tVmldCtePMN#wH*7o>UCK_(r z(LLjd44dW4sBLz7ACLUv{Pb2Xy@9ndc-FkY&tlI$lr1b@ws(2wmMKk6e%HDsOq=Jnf8)6|qIhou6ENKm2~gH}|16 z=bAm?EGu;;^LA_fXW$LG(mi|D>6ol<7jEo*k}s39py@{H%969*N2Sz$n{76F>F_q; zPutfME7L!`KfJ%=g6;XXJ)YmZAGd|xKWI1A>)d~a&+R=CS9GtklG%-43p7w{d1v#Z+0T=%>te$3eV%>4i5A5xw z(c7=v@D_Y?OJQ->PFDFH>Rau8-NtOv{w~G|$Bg%x>TtZt)Y!DxdePkdy)~ICxw+NJ zvUd~`PSkzs+L`*uGV1xs3;7rGD(q8sO7MPJvs$;>dA5J{imfvo0_W@YNq<`TC0G5h zoYfVcsJdMVyEHqN-)!L33oo=($;_&=`!H>}<%S>gA4KofY1h~_bxHJNmU5NQ?*9y} z0YC0LWUpt+D*Lr=)`PZ+`Oku^1z(4x{3!qEe|T2$%U#oUXI3Yi@m^eWq^tjsyuiZ` ztaG->$zQm4@|k6(o0lQGtahlh^1PtkHnWe--!ymTH1FD^Yta>)NvVQQ`u1F()$QLt zpZ!U-tk$9EwQjkmb4v{l@L2a;zw!KA+xE8Ob(b+ z`Pv&biocC3B=*cQIlp2`%-hrl@=-tE*>l(AczlA^n}}BN*ER716{q7iT$T2b zdaTSmjkW)2^hbv1PBa-^N;Q|D?;>Df4E0Tk%C& zdi7t=Ez+^J@7{UJB_A`|*k2r_o;)kaxkmPZ_R2SM-@KQ2M_f0GvERPbd*#b*{}iu1 z+OhL;9Iu>8@V6!dRqdBwmA1XJv0alDR#;(~$0K&=vANz{hx7JP+aKSS?kx_u{D=AB zkMf%@FRYI7X_q)&?DeQ;tHIXSv)7Bq@>*SE=G`Okm+fH8xg{44Cz{PqDvNHt^~1h? z)|-D?p6Q7Xm+rgBc9115WQNW5xa>1F*5!q@%e~J%kheE{{WfsnRhBtE*{7|=woTGb zJAP?H&GapM5_vFI_*$flpg(Z z+j)!66Gb;4sIy#ao!y<`(b^=mspy1j&}=W?=pc??o7U6_xkt6#ce?!W8V~m>kApEq z;muKQYNG1JdoOQ&8+7er;>DyXtNuRn4-R|!k-aa{ZMO6smMKpb?aw;e9}(@*x^A{e z|I<&A?!i$~VM`xdKmGJ2S1f%}j^@+}4?y8N&3e!ZH!zvXo}`osEG-7URI-z?VW8yu21R!_H?cxzwmN2e{n zCV1Sh{A_vq>&j^>Zb=Dlsq9_aXV`mKQuO?fHXT35n!*$7u5O8VyVh}95#NQ|*&Wvw z&)h1Rk~r~?!WGvn%k9bfI;R}nnC+&Vyc&AN{l@cII~21QEfCuCWySghoSNJ{eRf+{ zZESuMGACs-lU?!!u0D$?YK*s=53IcNw&8@b$~;yVMvd4GmeSQyLN7Moep`GX!D7uy zj(aJd{Xz-MQATH_qvqdBJzVx>mDr1Q?>P_V{@#$KG-GBN`=(=NHLuJKm!B+M>LC#u zEmNknWQ)fl{%40LxZ8w!p56Cp#*@0xFqfAJQY=!S-Lt(W3@4V<~&`DtHD{&eQW zX$=;Q*Kvg(mOVbZ{kMsKtHsZ~+84v@=NH(r8Q&Lu7TP=WO9}4}ueCcS&M?rvaYZR& z?kDm5rOt_JFJ^K+(AAo=;ozI9>xQ>|u5O$=wQMST<7cT|Ju(|~uW+5ZJmaMNy<_}U zJ3PZ~`59m6njLd9E2gVxa;~d--_)v`-D+Nfk<;dzEZy@bq4@o^Es7J({xhsm@8i>o z;#Ru5?~f3>*VMEL+BG{w<17!bXqPQt_l@18=f>Z&+slf-E_dO0rP;MuX1ndGh+i_Z ze3@kUtoY`y^%hR=xss$NZ}!2hI%H#$#n%-k-J8_gEOobeXS?F=-p#ay0{lr@XM|RS*_A8s@$!VJd2+nIwlwVg9hx6f4ZOTewy&H<>a8>Ec z8@|1^`sm((jwi}}Umh43rKmibu5nU!YPo>p<5@|bDsvhPtS^hDyQ%00HXqd~(qNf? zc$TG;(uy7Jy*tlaE^8~|C~#k@VlK{Llp+)S=SJgg?FWxdG+qS!aCALkuld?vNRONC zsM93v=8eaU=VeZck$Ko4H)B;4qsjWc6*UI0{rVgNn(DTOrdZFM@kLZ=*K>w%Z!(yY z6_5KLn{Y~WM^=wV^i%fN9=koXGM5}V*~~a;i}pMD@>#u(%#8b)JyMUP&vT8Kwr0MN zsKUg67{xB5Lji@iO&PCn)xFpr)fL&Pu5S5#!6ZYI-nq~Ft{j`pFiCUi=N-kz|1-ob zD!+ZF&SVXv%Iql(^->E9OLZKM1Xz5PKecRD!c0Ev!dWZgGt*cE-$%J8$vr8m^yRjn zB=WpJYGGxK?%EqWAMk0N`LsfPg5|p6qtkO9MBVl*TBK*z z?d^@a3j|jj`1WmFp->T<65tkb6gN7F*TBPK?XCv9IiFuhBAaz*dV z`MGzvLXvJ;uTafsH(D7sWyhhO$v?02uFIa3{cH8@s5wjgoBO_2KMLDlpP6N{R^nNt z2XFH^t?A8w%yoAy*&eC)L;ZDB(Otf8W+vU7(^SJwd|TV0b82PL9sX-e+W0j?WgQqZ zC;2RkQLb6E>?G@HgH!JoN+ed*W(U=lAFkuQkb2$p^@iQzPkQ7$*J$^8X&-O?80kh!fityaGpY>SI z6s@Ywt~m5da#xr8){51SSm#Y%zV+YE6|VVQ>Ri&2uj6(9Wc^+6W>0jj>H7BdQWgQ5 zQY-HETxWdT-z{hS@yxumjjKEk6mRrnuX?)gjK}>0cZ$zf-4nUu=QVYbuj2OW(|5J> znp_q-Q+#s8fF`hVeXFOh4;2tq?+Ai*4Z?)94p>%HVWUQ{m?xcK&Jq3E*ume3P#-=*bjR7h^H4n3j! zR`*!U+#ApP*IKL=n|f+nRZO0@L;=J5;1d&EBy%TEV70v!$rku+h0UYYzA6GuE6zlG zHx-liI#OPw+4FZ%fWJ(Lrv1!M$94p0=>`n?ZoyUBS>yk}D8 z_RnW?xxGv7$T^%%>e%WpcuIH6Yx6v}h%a(qGX<_r^pE=})58_zIY+KAN>1>D+xABV zazDAE3nJ(5cpq!uZYT7k-eto5tcfO@H@!Pnp?+zXud&ZZznztTC+6o(n(5a zE2q2{3NEjW^mhF4pP{YBy4T)kE8oYS^{1nM#kZA9>YJ9kbW7f_nxA!b$1&vAu-ty;iIm%O#?l86{kh)JH9k?nTAucO6|jWnwwv4+hr4=x* zj;+0EvVv>nfhC=}v$So(T^6Sr{(Uu3SNA@P8KeDN$6RTTh6xgVGneeX@_6I6v0{e zDdpMHg(ufsV!0G%Z0gNDMdz%Ck`S!W{D^{7co@ZYh79ja;Tal&Q*QK^QCVKMm|5o_2B6+jUe}?kL z;}3( zdCF5ZB(vDots?zU;If+sPRM+`b3JnTOMa#XrPt9`dd*CZJ5~hjDbNndEW4OgHd%*_ zsq1OcZd;GwuFmO8GS+M7?+WZYFzfENh)4Y=w)KX(Z;xs-)j8UfzXPd&9R{zt+(8F`RqGsxju=>PqEw3z?GTX-A&EoA4_9^d3yIIG{WsE80`~;DidG>o1O)rexT%!M#E8pAO zd}yEa_KUhLh7HFXELQy!zL0cD*Jg$iL;2&iWm2|HE5(Hs4m=5;9JYAHxm^Vt7e2ge zaAba_;gfk+R~J`J+b~U!@r_o)l})T$cO~1t;&t*+cKUAgPWeZ%tHq7`3uT{PvYIKo z>(^C_4>-D zdB*Rut*31@H96jO)Umbh#ktxn>zO{E#qXZ9`5jVtdaK7g$Cp=CwjNE?VMca~XVwY?d1#j=WT9vv%CcT+0kTUDS&RO>lTLs6)%DE@snL z>8|)SXYPebpMrJHMEpuy6B+BCv?Ju8{8ICv9nsOnT3Y>CPv6%>?+X_Cc+N;WWz9kB z#hd%%D&?O|ncTNk`_RYn! z&q((B&0Jc`Qu3|K^nhkTFPmGdsV%ui!zT<(^%9T16$!cs>VLm(F1a>`7 zet)NUUU7K3b7AhcqY8g^Bxv)#3)1w;vpCPTt;V!c`q&50QyUJ7EZ&)A?xy-Pz(e+E zkkI6Vrfb))3A?1A;X%l`~gCFOd}?|S66 zY~9hTKF?Uvp)m5gPmjmM9p9Erdy;D%y*>Wi3g0p#&Sl;iHETpS+0C^MQM{|FW>Dxg zUGN0Ie5-#h)8;uVpYK>Uw?pjS-R}0l#yhhvZE-m+^Waicl!B9a-hr1tFYme1A$VWp zXWLelojgf*7%aa0sa(^&?MC(2*Ws65e%s>mp*Gv@oteUBxvGFAGk)fDB<=ikU$xKr zWANHXa-yG)J4ddI^o%TS^w_k*M&@I9QeNiPV{VTMXZ5CQe)qS0AJTGh;_mvoDYXmB z3+kpsr0t#i?Akfwc~_Svmrr7};cLIQ^Mv~0n)OFBBhNqG<~*nB(zeBJPm0s6`>Q7E z2QV#2N!z?=$F1eOv)a7>GiaWx3fN-W`B!D1baUkNm-^r4h`svHpm{PeN?U8ifmH$j z8J4^bvi#35&4a-{>d&J!ca|>vyk&Op&B7#)h1PBs>y19&$OJbPr6@Y`eX8nS3o%||J9?fn2u61|bv`DMKXT??1On)~&{Hu4_ zV`_xS(`d=(lIz_+oN>}sQqBMQO#7Tpopg==j%y2ceiSj>Vz}Y7#KFj=D*k%(UCui-6=dWC! zSL1O-?!K=_Ql97fsyTm`1iNleDXZuIXUy?6>zr@)aYM13N1-uwroSdW^mhG_f6zN%li;^n`!gyZPqJLEtyp6wKY!)3 z$LU&Iep+u{6Xy1N-Ez4vJ&M!J!d(jcoEcneR;nM*7n*4*{q)K*!J}$d4$nz9eK&ve zwZ*F{njhYJUA5+tb&T&P@tluw#jCBhL}xqC7M%7sYP!AI@|ktlqjFbQwB5RP&LnIS zgNN%etLx`>wYS=om#?s0*Z;74_1@+Es+{X9{x04Vm~MXL^xV%(+ZJeiJFs4-|J&S; z_J@wnkNog-*JjBwg^5NI#qo;X>@s1BcmAsDp3Qzb({}u&H96m|8!%IEZuTCA)@}gVo;6q->v`jGOAqX-rai1 zUG>Ddt3BcCW%}lR*?CaU;7s-6iSiu#toCcM9|%|Ys~zt0 zck@5X?C`)Sy=AX1SxAP+Ka89FJM>S6|1XLPaVK~u@v`{hgZwkymI^Ol5OD>^xlmE)~$=dC@njtnmDR(|{Y5a;l5VqX^!`&@< zOpi<-?Rsl|WV%#Nb?ywF>zav%g1WorPYq%0y1cP>otlT>&NQZ-DtDIMe0R__(Bu92 zu2Ro0CX;d+uNasH`~6t`k=e6Ytn)GV=@RuReL;-Ne=I+J@r!h=?Gnaqc}hEL?Vd@d z<<3x%I=9qQmuJHk%`3Yz?q0D;eyr>EpW%0yzfdgqoa8g%&vxav%Nc%LwseieR({dg zm_>RHGe0-SSj=E5s`wS|{o%=sMSHIl9&#$U_vN9=che)6mP`4aIQ_By2)}s0%w+M- zyu~ha3N|HHn0}oSzty~VkMnQ4h(FrRA?>Go!+H8Yn_s`SPw8XHbo25{chria75Z1M zTmG$f&y{t5ym+tPS*p-8cg=J8sig-m&sCdc6I05rrRDiXUb3eA5oe93>6Tx2Pky?e zcV)(k^ABUL&hOm1LT_PpZPi(YaG=G6^mptVTo^VmMuPVS9RsB8ktM_HlB~8Gol`aX*_Js zw<-R*{-XZP%LlLh)84f8!{=A)c#@wpd|BW0pCPTfW$Q`XBnTAKHFv-P+P!nT~?XpP#K=`#UDf%KmWu&FA4e?}#q-ZJ2z$Iez*+ z;~&TKO_;2^CkfOuWc|$9=T-W=c%Ka> zUVBPhd(_1he|YDYzInSuubfWJmiu13HAHUfy^8n;^Y)6K$`ZRLFmrZW@Y7j8FMlie zF|Wq+qqXP7wV!o1#Vk&i{HGYd@t10EiTZzet$@+WTJ5y^c>GZ%(zj z%(8RklG=TbbiJ}A0|1&&P zz4|Ux?2<_EIrBNialDV}Z=HUqws}qcp=|LEbR$f_gCGPmC3yXsc zb91VWTo)5qcQanEDtAr3_{+j&?Zs=(GH)qxiTM~;`62mnbxq;NC$rQKzh>Lzt?}pO z-G4899__6^w#)t~zu=F!dfv=^vVEdExYiwMY~ahb@zK(_rS6wTB3%Iw^Jocyr+ z+o~VaSLod5v$0ogn-^U6+=*M?=7X(v`Gfg?gw8vB{NAv(CjF!Ev2f0n_k=FHt?;|V zXTL}Lb#-K&){Pf}5z(0&B$KvB94oxS6BgfYqx`Yj{llFok9jvt^3HKgmN==l=Q@v% z(p#~TzeRHvrAVx5Gd7Hz!T-TU{^Zs4}mEepKJtxSXQTV@_U+%+ zE^OZlT3Th#Wxtx=zF%bN7EQiw%glqA*}tx^e=tXWOZwsUE&mL5|EPY%D`pxS?@^r| zEOBT3?a#-wrXQ{6IiL8bvu|#W(@En^T75@5<X?6XIc)D+T$(l7qmFpco96!3ZJ}6)7b;N9ygx(I@*gsQ6Q%cZ|({5jTU!zSynrrLA+`K?P2*K?Y_32N%Hvs>%w<(`=M&|myd z+J`;+*e6GQN-pQ0bSEJ^`oVvOn~QEA{B>>q%B)}0Z#~}9p?3L|_QVhN-S74omgv6; z_&HI2CVTzAt)=4s86@_2uDR!=*s>z*#Gwzht8R5U`UR)2z8#f$?ZDP8)sAmt+K;d2 zdm*Rrqq;>qpL3%{DvzCH~ldG;h_v_1!1mO1wZ?ws6+B{|sC;30L3j5ftlQ`r1vk z?~4Ak$_u6(vDt(&c?|o+{Us_dh{-0p9ujjFii+=_mR|t2oGFVgiX#WqF(u#Eq zOpi3LC(EzR__3+tPhg>WN8X`HZ})C|m7Vch{so|^_^#z$aQJ$vSV`se`YsjZCQ1;=zzKF!M|Da*01&X6&(Mgu3{PY zNyXLkFVrb#e!I2g;*Z%OU8ZwI7wI@~xwC{MWe2R<+kf+2u`_r0)YB{TkKEJU_hIqR z?XzSiJNAFw*z@>xL{AH*kHa}VI|E%o!qh)Q~J0Bj9t;>44 z)&AD^hi#p!)FxNvE0pIh=wy$2uyyvi-43Ny~}Rvd5nCzlm3vd3NT#}nbGyF&ik zd~54D6ODRumVM@$vr?B|zw5(~JFF7*>6f47zN#&KAb*Sfu)Xje|I&x?JTHqSbCZNT zl?5AiuDdaFdE?tW-ANHQ5-0v-37=he)}F5|x|+olzFYVE>W9*s+9L^XbUl}+8c^}O_t?%#41+K>2Fm7cE7$a!Zxe`57@ z?+5Q&%;VTU9Qg2b%}JF)MH~J-+55$(@gBPCQrD-o_I$@5+svKnS098iFZQr~eey`^ z&J<1axAnr8mv)^^&nhd6bMMO9CvbV6hW3x3dY*>#sf&O6Pwz?iZhGv;_HSAr)f;n; zciKp1_6gHt>%4v=`A@+Yn9f#dF=nM*F}@h?25{q+7V z{sYVpw|8yX&lQ>7^zQ8Bv#jyTlP_F(_+-`j$;DSAI(NmKwb(rC@A8tj(g*G{@6pUH z6zKAGdggg(;x#1>_Rnnl3O9e?Z~f!B;`HLXPHWUH`&{MAO}~Wy5jFcI&G_N?p^FWx zY}7Ve@s}n3)jm`w^fNHNc2(fiAj4VT)jcm>EOVdOzGAiSso0xO{xe9`r>u=WJjrZz z%Ax9_ay@pXjenGRug%-=a?+6l$B%J*S--MQJ1gLPuIQp&KZ6w{Y_(5*?dPi~6Pp*I z+M6D@)5CNdw_w<{X)D$wE&I|rdGWDZTQ|qty2mMHcKGN#S3Ap8b2%r)yDwwno4?vR z*-M_-_FXaANcLd#it|geUhgy5ak(a3Zq|IYKe9i*ug}bup2xHDR+-(FzwP_D@BVT8 zn9%p=Zpx>JMl5-U_C5Mh`C+!lhpVei0#=*Zy^t@tes2E(6dJZr)S%qI#=gXvT$JjTdX8KK#8fjbEucq|am1TB-iJ ztvaoX_%>=aRP}BRHi~h(b!)SWw$J%xITRFDA zUMy_N4$*-VkZ)W@I-}dakOV>nZ@-Yb66}}Q*n=Dn7o}yK)9rd=t%k1jh)%RW* z>)rNz=M(nIzCmB|m(<49%zBG6)joHZSIYd-J0^c^%eOp3)kjOMrtNFde8kP29s2Lo zhdW-k3%NwN&nHgMiuHT;*nfL}=oQ^J|L%Rv?PoCP-_PFFeOT-Juac;iYqyhKZcC&- zXSSJj=Eu}knG;{=^X^OCH~ndcTV*e&!q(D&T*3XOBZTSNn*A`sS zI(m0*+&!Vb_UGqTet7QwaZT@vJI9(d4t`cX$9X&^d}@vJ55Hffx9+?Y*HztZp<&<2 zTATdQ{aa1@fqMdzgWAJWuO#f~opdbZ_pVnPazH{o+T7K56Z*xj^?|9T!sag`aXU?S?8G+tKzb4nL{@#|oea{E(c<$M= zFDOq_oStCB8@~C&s=F_pZk_uW7yNzVu329*ADLLL3JP+cmGvv|>iU#S)q*1r&AzPs z68$&b(J{H^S%&A&@>0Rh)-K)}feU=xJ z^G$B3Uz#1X&3;ef+$G6fr#4^G&F7eRIyk%fO3adA`Khm$$BKt<*vwt1QWvFv`gqiG zv&l=cQd6g?y0gDuFR|`cXyCKZr902PmU^}_UtrV6rsT3dPRGUP_7r|NANiqgY2gyjRHZwU3U%zuLe8^}m%AV|{`{q`>%GZe&@YMLZt?z2{qkP^U?s4&3vobc^jrQL5 z{G`MQ*^lAkxo57Pxm))u`;blIf(rXL=kw|>UE_H>f&bBgb<-WM)+m2u_Ufu-Kgz%K z{t2d&-1euUHt6l~uKzGStU2KFR@EzCtXsGXg?Zk@{SsvnKvEgLF&twY3@hg=(xH&DeJD)|Mi} z+Xa&fn`7o5j=!ZGaPg{*^ z=ezlb=8Kj{CzP(|s$G4$F2zM<*3+$X^^Zv1sw}F|b1Ay7{6?WUZfX6;@<)Grm*04! z`)J3cJO4geCbDdhzqV5UxVF9Q&0gX7ExtxiW70e(vqc@Qx7Jhxb zV#{lTou5@F&k6d`eDFT^7HOfiWu}#f>(}36V848C*M6xA=E!|py1exTw%#$~zq?`b z`fb|h+Yj4I-1NJ+X!DAs+x!Y&A9Yys?&ZrrvdeF|?Pl)GDCzJQ6Zo1|S7aaFC(>rQ zJxg)TMzPo!Qm?J-~Mzf+r0^Rv5p)&A@cT+feg`_FJ|p6J!Jya!eGZY<#HKew%C z;)&ZfAMHddilg?p&w65+$*9V%Ja6mn;@`?Y*n(B>%+ojYHVpf6aIOB2usZt>^VUe^ z%0)cs`18~)WUYDV)jiI|tJo%8*V_2@Y2oCk#dg`o?N|RZB=ZY#F4_Iz{!xx+I&}fz z3!Zl^f2iO3pFy~e^T$jZ?-f59Vt?lTTPEN>!t}C&&Hqd;31=*ZuViU!1JYH(}FWT~o73^YwA3EPv4-@({IWHdgfTU#>f6r_q=lL6n^Mkd&{Z1PN8G*zo{<@GUQ}0 ziged{-E*90o^0~Edv83)FVm?L<64&|I51h z-am35olecP(ft^9>zn$)&|NXc)y1>UU-9oy-7TMgF-P?vXv)RnbztVLx~;0;=kg^Q zZVMIp*wq&;b<90B^}~OLqq}s1D|fw{qpxSFv$m&JQ|F)fkJ*9FtbgClEZW`o%=pjM z6ZTy-u6B!!<03efdfuK?-x|_=?4Qi;nQOmtEZL^;U`DD!*HrGQZ>{7OK8SDn)z-RR z<>I~DYg(JNIuEi`hy1hoq5hGv#!>Zsn^Kd;bLk~|f1~#NcD$tXb*(3R>z?wmN$O{( z&v_z$Zm;m+?nk-7K07XNJuh>|yHKcYyRN!T+2SeZXWluv@kj0B$cD={sRr9)9-J1p zl-s&6dzs?{j?~M4q#w=S>TPbUbBaSW-}hs}ZdU3S}f-)yEt zSK7(qJF{j-Sa#hCTlnzz+mNH{PUJqj``KqP_pDn|Tl=P3-|{X}@0Qou`AXZ|?edrC zvueSs7fCjM+~3o6W&R+Q z&q+SNw&+aFG1ha7DX!SICp(eT6RN zLQ{KIuWz5nGwGMD|HH6-jTV37_1co}7vf#j7}~x|JA7Hw&ENLzVphV-Or1BCa)}S*v(9`h zoA_w9=8|n!Y)(8d;$clPj8<8bekLz_m;8a=>d^3OTaI1M?~vZpP_xaxHKk(rA*pK< z6ZHOYX0smM)j#Es!PT(Sk4$C>>*PKxxxzHZc;Y1OO&_)&wdcJPv3Xz11rPpTQ)7zV z+Hy~P)|T&()4cH2V&U~K(Z_BXDkK#)M@wyQDSa7N7SVy65X>8T`bs?w!Yp_s6ntue0HO#G7{Y%gV2- zt#^1e)Lh`6{4Trix*fxh!!B3&wm;k?xLD$dOZn?ij>vZFjb}6L1xwe|4wZX46-$!9LEyL^3Z#3d7Z zPMys!SFe3#7T|I?t7nt>!{{P)fsXTnaerhpUDIbe$cU@nUX*SEo(01##^*q;JUW;DAV87Ni@x!6dN3Iw7FRJLeC0%%0^nk>g zpS+^!!jmu9aa8boa_*0-KAC(j{Pck&+t0B|uWyC7ZMoJZUD6nmTr|)4Z+6&cw-5P; z-`ZJ}?yb~+GC}ZP@9F24nbuWQKUACkcz4Cu*{h{Ha)kV+ss}CYf9!p8!s~hUiz?EO z+!y%T8q0R}VdvA+CxYMed|e;A?Zda}ANUV`&XU@CMLl4rgw~EbwN{sFGCztRj%P4Q z%wK+kd-l(^+a99Ub)wJuYCIpkp7~GtPh#}amLpN;eGjr;zfqOES5;c_^UlrLhtICb zlJdRZVe0lt>RIx)O#A)k69aD^H#%M^V}3}wbGop_tE+mGlOK71WbgXpnfcAuJ|ouH zFRx?njQ+T<{-GbXEzMuCZ~eo!{^zDS?>OdH`76XzHe}+|(#0<>x~g@q$vUribAsWO zSr4~*d)u?!y&Dmk6uL8JF<tv#{mb*}TPvw{Jgn%O;Q|d5fgs-|PiDcU(5%6W_$r~Lvu|zfk?pHIJ0;;m*~H~9UoU+r6%`YEcVATTfxs86rOk(>o<0$~Rs5=~ zDyDF~&W>~JRiM4Da*mbND*N+GBia-U=I~cNs8h%?U%x6Q`|^)PUs!r(BxbiAwE1?{ zWxB>n*OT*7e+R$XcI!XG(b*@y#8yRrPT8L(o_ELaxuSd4r@-ah(U;VVpH2QO?;IQ6 zk(Rysc6Uqcl1ab!p07H#`BI*~gwOfC-9<;fnohU8`({nY+3quIKE>w!tp2vnIx=J4 zFBj)Yyj5%~vvygXRc1|6KF3;l^t8(NycdN#Hy^*YN-a3-PKsg23C2qHr>mlt?s=(v zTrxDL)b_Qnkm26$zgHhz37_CuxarA(vQ?jctTw2YT+QgsvVET8?iGn4&zc3N9<)2O z{+`P!=VR6-E8gkeGZkk2eP?oLEtA%XqkHaJ?CP`jd3GS_v(n4W8%zBB5AX}72a{v(=AWsH@VWW_V|pqI|NUdZ1dG^ee5>feplk8 z-@mY=lZy4I`nO&rfnFTXgkaoQBUvi}UcMP*i{OUf^vmtyrduGXtKm%VpW z+nod385sBQFh+)yxz~wiRhb`}y?5i>9tZ6S%l3L53pU+!>iDx8#z!m550!6;P}N~9 z4c-#IG-LAOTdTw^6`12vbI;ecY%zJeY}Q?_O&<=g^;wsiYI*GbwS~^Y{P*lEUWVxg z2u_XZySdJIlj>~uTMp+hZCxZ+pco>+uC`fctykjRMwKsXwM*;O6DIUkmoGV+bW?Xi zgyY?lx|e0O-q>q>zP8$7hIHeT(A70Et7WPu2A$s5@}cC=)ef0;{&G`!xEw6(=Xx2r zdHh)^@J%J`oUfgZ%=W016EAOdOEWTaubRYuSV&rK+4KcM3|xu3zAseGaJzBY z%6OS7^tLIV)xVGgvifD?CZ>+o}?@ z<8ku~UxshGoHH6Y|7ad^aA)5e9w{na)W1S)zO;<^+t-e)9o_rh7zE#$wR8Eo)cFQK0RbSr3booYSwL(koNHpSzepFcz4ysyGLV^8&X&HE~u-1FH}d&=C? z6Ym_m_+TB!Qla8W^;*l+`Q zFyGVi8O+oE9Ca@*7Rml(_Q*Z{+$v8)rvv+cK3i>UEc|&E!`wLrcaFcx?6uIIc!8_A z@?hZkpC%`sv9h>)TQ>E;)TO6|)*pC1@2g1TY(41-77M#_4{d)Ku;*UqM-0Q2uq*<@3*&3Y#yjbvt6TZeh97Vu2f`ZL6XlE}cBd zziR8+yGDyv6rO(E)ft}Rki6YwUZdd0ZJf!@r;o>fKI+~7 ziUz(r{M>%2bG_op+pn*!>h5g+ST{vA;l{S>%=5CuCM(S9@OnSz>oQJ>IsY9`DKfh*g z-d*^U@olW%)C>jZQZ)uy##LraDrX9hiJ8b$Uo2klY(2Z+hs%SA<%3i*+lOb95tWI^!Hdcq{)4r}-GRYz| z?4q#KswH(YbtV@lpP6yYfa7hjNulT=ndgfGHi)wsv`@Y^vuDYPNjiOOSx3yIzZ-qC zx$@yA<5cE3g;7>%{U#4*J?U7?B6Q^2lDi$oZ@+BGT)Eq^6Z@t7G{vtySn%oyzsP zlAn8~*i3#IV&nSQJGU+|e@VnqmO>u3z?18WLwD`HrplIkhVi7z6~W!N-uJR`N}gQv zSXxRm;=+`O<1_P{z1&^TORl;eHTUYFzw>=BUlOtP>dUguH*zYvnZvhL%TL1S=yjP# zTW^H#jDB;*V^V;Tzu#Ar46`>}><|4T7=o22`Dg7+&ywV}dfpiHBqX^kyziF#gr zOzu1pwv@@|Hq|g@)oCr&am!nU_6(#W`mnu^2u{rS0-tw z7$|QS4a-!N|yP6)o)3~_j0OwiNr=MIT6rXQRjq!+`dH2`1 z1!rIQ7Ovi`*=Klva>%}$N*k@Wo7KHo?0b2uZPN1-TN=;#-@koKd)boch$=BbYtuA8K7v8Y|h z$&KOQ*X5@(|MrV`)|c(qkY3~*y47CxMOek>84UICq^el*ie&d`<6^E@be?Ea6&b<*eO<;=Tjdf9J&@!ZqSNxwt16{WxH zhbe8!D~)hzKbM+N-7p6kuSrAC!{8YU+KEK<>K1h8$t&@pS#sIanbCwl&ab*??0b$57fFp0{UxXWTZ)FXi^tQ;Sq(c>CD&@Q=wy59J$OO+Dw& zT7AvE`%l65%NzP0u%2@*+VuLo&NI=R>5}Z*v?gsbdS>#K*K_WMH^%d(263O1yy33N z!nbVI=IPe`?7xqETbUFY!FJ-{>n_h5ljANu3(OHXJxy+JW}f~GwL24Mt>pgGa*X4+ zy6ww*Y4126Uu)m+?u}=rhPmTO_1m`D)ozz32Tu&`yKwx{#w~B{GR;mYTPF8ZhcBp* zK5TAuX7b7029CFp+fyvo`uek0D249GH%K%76Y(~#bxGz#r$^iwCuPr?A1>3_+1bvJ zv^{B4m*~-jdG0FVDo@MGA6`9~!;+jMaQu96n5>fIf%7txy)#pCAK&{p=P|=&Jr$3| z4>uKG+T3@%=%RqhnoSHlUY_{#%HI6V$E{Z{^RdfZ*3Wym+0kUN%5}rFKPKwMPOl7L zXSQ9nXr0TliN!(J^75uW&D`d~?|5%R>3kvgtb4JW)0J78BdykVs8;lF7Wh>qT(ik8 ztkg(Uw6I<67p*)iG;(|Ps>(AzdOJ;bE{n7}kUrD#9wYOGP<`GPZ-=t#Z z@b5Xix3GNHvS*)Db2ffm<=J_Xdrhp-$_%xi-6`SL^(%b!qC6|l@l{{#e!c0;)A%_L zif?VoTcWP4@cF{k8Gf-{XDgo>GIFQ)Rfn#%yLjV0kAY#&)#`|)mH!#a<=OkR7k>CR zLn{7DUzdB9mBc|y#S94)v9+`c`EPu;s5ZZsfXX97f#Hd=7cZHoaLmzv-;$NSvKkq zcbNDxX>)|=iR3-nmYaKqnQJ-w(#py6EngnfoVI1Qyn&9NrRZwSP$iKZrLUH&%(io; zwa!TGcr@|d&Fc(bZMqJfDAPS!RQ^cy{NC{W`IaZ^JZ)D+d)#p-yxRXV_~`OOj^%OH zY3r1bXD4`p}8a`=%C#c;6{` z>nFDKAoIkx;X7x}=SVxf>+uDt*ERf0Jy?>q_F?5MHrw6T(+g`hx|N$>+R-l)J$uQd zlqAM?ww3F;40juBo%yUz`O4ZixsmTue(yiTe{Ij=WB(b%=ZR%!3xvyBzK(T2a#KHN z&xzEsAkX(lD~|0gn0)TMR-5MiOS>0~OgyWeb~=2%fNAz|#U%>DpZUEO&02fpbDL2E z=gUx~4g2eTdy9#zH+r@!Q!V52KF6cDp6fCPQ5>P zT-`M7)+4w6cKcTA4A--(BPR&4J8Av$*NC6KKlpXTv`d|A%z}MW*QP!@AsT)oB)dq@ zS0rEg%XwMfydTxRG0h6+{W538&3wkV%l^3N&eV);kIR@IEqk$I_4H@^yuDMlw##cA zG(G=ga@?mGM|TMKS*{kJ-q(mV^;G%(tgT7y@6s>1pVK8?v4-v2Cz%#}tU9zhGWyJ|)sw8c z)~+~lDtb=wrDbntxzyjjU;gXh^-n9GCY+M5Q0Y48toBEFp14tl%wFwcYv(WS{n{wMtNKdvjf_jclUbA@@?L5JQ*GO#>a z?%k_a5+JG4-+XKJ-ISHKwVVC7%{8l8-emP`@w|}avnFeze3gF%9}T})=Baa;uiW$c z%ivhiu1oIfKdSzf2D|Orv~6?f@0d#4qI+L|Zk5UlvQcGwaLe>c&Hm^2rgHN=39Wda z8<7&D{`YGT_YRK(Q|qnXhAiLZZrn3b@9&*-Q`y5gjWhU|p8vd{r=U|`V{f(aQEk?F z_YY6MEjGQ9;F@>TF>h;cs>+(P8keWMQmJYF9Z<3N(Z`rioW-4emcOp--yDCu+Mf5v zB+)DD4mrIO^Sx_OVfy4hgY=)2d#WFE4|*O9)Rbhub6qvPv^e*(qasVm!S$<8f7n>T z$|?6}Rncy__rC)(>*TwSeYcw4uCF}r(#t*r?q1a`d z@6Xo0{`lze(K31N`-kIrKD<5p_36{7}39p!{v1-JDyVKVoa<)gCA>?`Poob^T^N zXN`UJ1N&B~y52SF(@V2c_dPWJ9xZ8lEkCDhUHPN9ExY&|zuG$NlYa9wV1Dqd&!0K| zhI70*vu}5}w5jj9K~35f2U)rt+7sd=k8m_;)^|h=hTG#P+nA_e0bYD zrfFC8RklQ~53)%wl;wXMC-~c`#`Z_&E^2mx4fm^8ZplI z%i_N!{B4)FY_%s%!0t#jV@JLXAu$NyZb`(ClSRoVK0<+FWTe_Z|@R>6JjpT>TVHMx(rr5y>B za9}iyxAkF?(A2846Vb)v3rrv*Oqn+iC{Gi71Ve>?r7IbCelt%8|FZWgAWZ@j-7($#FYo7vTw zzxau7sCwHYr#lb#AKQ6eP9(}8CXRfuK$LrT|nIBgl`FJy9ZFauG z>7GLGX}%F(E3YK3eDqIq|IVwWkq)`X+^svmJlm`ME$_oG@me4CcaI;)l$t(y7Wq!k z?xdLanLiu8tY7?(CnIxlg`I>;g{q^vZ1(+sY`iX?H1)H)imYz?d1}wwy7OVinOjFR z=lprxb!4lw#FN5#Td&oaZuWjJsCe)Y&-K~Dx8}U{oK~lDZ{t-SCI1}_;f7037EF(x z_`x_@Uf^kD>B*b^(jQ~K7@VW~ICV20uGM-S zdU2uRx;SMegD>YzKhA%%`C+f!>jS^ni+A$*@2%bVpMmA)#Vz-le;lgK^Nv(*%T9B+ z?Z39l;?}Bpf=9pE#S87-8o9XsA6NNDz8e*B@~yX$woDH`zRNYPaL%KBN}K*pwQ*mQ zxpHN;l*u7Wwq(@`({Jf-1()5bSpMkEJ>@G(pP7mp+oj!^cKG-IXV}s^z4;G&?n7Qp zMbC@uT5Rr7KYQ5ZXIkpsSgN1u8yw3&v;R#s&-FCH#k&QJinNuF-e=k)|3FfR*Xx99 z!C@^9nV#!@_8IfVOg{OQ#^k*`n;P?)`O&t$EK%>4PVzHPUs@e-@LJ#6IqP=$yxk{V zQS7|^!;ud!#5%=qC2(r-|IE;O-nKtAq9!Wt+2KP0CyFO!Px%<%oAe`ixhwBv_QWZH z^A_#A&sKN&zM#q3AjkC85|5KVwH6sEhWSDD$H zj~B+o-hZ>QP{Uw-+xHExlqJ{p3)EelXS-ut{99e$V_#2go_u2Ueb)UMbDgdq{ct;5 zoN>|2LmP|V$5!NQ+wDJfroUu~@k9ATjUQGY`zCdEf4f@WBkq<2pW1@#ul){trP|v} z-a34I9_exy&KZ~eE$Q~A48 zHWdF`#d!R>>ES;jAKqO0@!Wss#!W^iWgf-rx)pDq_1U1PV4+%dNKlB@>J#)&F z*M^y7#@&{jzj6MX%gg@=Z@*&W&Y`XQ#hZUxHLIoC-s3`({FQdd%ij5ua5-Q1%lo!z z+djF8Y(4CIWAf1gJEM>1-?lICm{wKSm|1AESVPhGPI#`)Q8$~-Hj#;OMtRGP!fija zGdwO;NaEu(eXyT@Px9}C_#dmz9X?)VyLWBxmDy2_64Kc>7GK`uoN-$B*eZEGW)0cO zbt{r~eskB&5n8;bckZWT$)$IG{JuIn_0e9X@1Z*{DV2TJb$@SU@n}AK$ClH*Mzx_T zb}^E7kDI=5n-XPlC#8G$l9!X?e1B(W-*W5xAoWaM;Ed3vZ{IlbB=_&!t^PC2|LyeO z@dtk!{o(F^v~A*Y-7Aw{72Y~7GViC#^?7xd;#BwkT~?nc%Y1a!B;B>g_A15X_!)lR zRVRA7>#)@n>1f#*8lRGcYtK(MS>JX~;@bW^?rQm#W7exH6~)E&#c?oJW__{m6fd4H z7Hcz6@5c;1!~12tRrznMf6Kr4$NZt`--SzAEw8F-w_ZBZW5mUhkbUxxf92oRkF0OE zDSw}SUw_9*)6bUk6fe(Flz!2__4E~Oul#D+>4)tF?ORMEOTA4w^rmpPyg9U2O`h}a zALrYvDvZSE9Q}MgS6+pGX~i9*Hx2<`7z$&<5BK-f>HG*?X}0#^+18s}QzxWGRCiV6 zoIURODokIew<1n@UUTNd+$>3!O@~6*4(*gs_$Br3kG|O6<ZORtM2Ok9@WHlULid5L*C5=KPoeyS?WBUxv5I1s(yad zD}#Ma``Y?g{U*&lKVyAV$*Ub@7W_Pa1TL;&SsbL=k@$4#JMHp+qW4=9w;LQyF;7YC zEn(fj;dnOS>XzueajdKdjSbad&IIj4SZ`k!mGAhxxPO1odsI>XEvu58h^;P!0w&moPxp7z3x9{jr z*=X^wamAPa4E!%>k6GPNokG>#g>Acdpbfo;Od}WNG{IHTrtb+i(0k zXLa@3e!)mFYtIDU=VFp~Uv@p;r}4+)`X6!CBZl6p$0w}r*PqiI@3D6E%?To@A&IrC zL@$^8^?Uau%PPsj+UUAD!;VfBVP0$R#NC zqvVsY-t!0iJG=A#Go)Nx*HgqJnrah%JK$#I?d8*1*JSND#?&?Wbic$6!!PTDBxRP$ z_ndt8Y2QRUgYJj=eKpogj;_hFsyz~LTZ8AQ$HBF-TKt0PXPOQ@-Bq;FaQ(V>IdAoK zZ(VzJSEaX2QnHBGjMwhaO`F}-784yFXmPz-I(f(1lvJB@LDBN28T*ufbT6B>vFXs) zq=^OYQ?AZm_wt|NRmS3__fq68nA_H_el=f9|L3#)Q}w6Ie`kLh^`9a6@@r-J^;cf> z_vh7^K3?%iDEh_r)z0IE%ED~&L zmiL;OGDTHv-Pw$1TVHy;_?dhp?brRoCrz)eUS;(#c1lAw`-3O%^Velviar&dDR1;w z`&GZ(ADa*V8IJICoqkyB$Ix-##K_Gcsc??L`WgS^D(quEq^*9WtAE5Wciz39k9pYn z7R)jD)f0X^y~68eO5W1NcIQ>ktV}cSd7P>xbR;hJ8(c@!@bl$mOT;g?E1_M_l1Cvc7k6g7wZd zd*j1*@3}JHJinoM?p6Jk^HZ05>(#gKEw-ArROyw`s*>|jFV~0FowJ(fC(iD-OewA}tZPoS(nV;^gNItaEZtK^dCaQVG4~t(qnM(P5nEykQzkki2%#ZPhwu?>9>pFgD z!!4Qr3_M*&Hpq9bH~yfvH#s$HzK2Myz(i_2Upii|7f@udvHPg)0C|Ro7Pu-z26+C`$4?bMz(r+#iYAx+xE8e z$+ORodOmq7$33+#nZK*=&Nt1N$3NTuqt@$g~7b(%1hC0=GR&#Z-j!qOZ^T_9FE8;^K32&82qD zUo!uLPp#2Q8{5*=w{OX=&g%HjpzqVC{p$OUYKuP?7kd^@V*G8cQav$F_&)>7WRemd{m zTahWBA8Rf7{d{X`RvW*-&4bHd>Lpx}a{cYl@qkCp|H8F5w`xCZotb>qi0eV+>RHdO zdt6(#Z}*OE)9zXJWQznXJa}L|*V1n$hdz0|-R!u2$&M?0Ggn61-OkYoTJf`aAQtE7r5rv*MIIbH&NW+r~M++tySZ$!c?x6cVG1C`p0~D-umT7 zo@%G`nFM96*?s<(_Pl=V-ZtyeiL80zMhA7TpVf)5HW$7wyL$bHU*fxd%dO6y@wubV zB7SY^AFq#7qMZBrj#o>wOFPYbZmT_Av}=#GY=o4b#gc_9KVR?LGW+%0G+z5hEJxFu zvu+x%Ke39#aUcZ~l_sv2A)-`305mvKgP^M7czZ&lO(V*Y~6S!{xB+HLfz# zue&`yy{-3gued@=`j?k+&L7twn$_1>G2Lud`pxtkVyP|3MZYG-m1Kwdz4>)wjmgSL zdCQ9ahi+RR+}@eCg||3;`}Z^Z4djmP-1)~aarL@f-6u^iWZaVb8D{-z_uH^>vY)qi zuEj~7iER6Hj3>VhS@y$!(U18)lg=NW<}0@(Mmk~jL1s(#`%BA%j-IkIKDXM@dP~jZ zl`nTKn^^E|*4f61#Z71S{LMCdcmD7t#$6|`HkWc=UR#}igrD1gS)6Tq$D8x>r4#$^ zR9zQe^+S()#rNpLJ)b9NUp@RNZ>xn?P_7Km#pqb}&LznL5;51*mOhMrab?|9vj=sl zCx2aE;P_CpWmB}bTu2dbdRCRmH+BXC$ycmZTe26QUg`R(^4;W>r(N2S zYUV;(BU`zA_8*gjN@k}i?wC@dym9S9Z3!>+IY0h09NOTYu+Q|v-KHf) z#l^WjGtSo^+Ek+6d%ex?3rXfmzL-Q${(morDiC|ToF z_S_$>ADGTKs`vhriOcW!bLqC`$@rzYlJP|%rPfEU>`{GO%cU!Rq zKFx!Vw7>sIfBd^JebwzW>$2$$XN=4yyKCI?lrI1HO1Ikf>-n~z*C%V%UR`J8UeovW z?2pqA_aC0$;c(|i-uK_eq1qE=PH!(RK3W#`Yu1ZdN3XZNeKLvrsO2X$iF>y0E7nCH znN@q|SI=~Du{C=34T~PnnzpXz@@AWV+4Y@q3>`0bUF)=7G=G}Q)0nE}s5rT+HomL9 z_TP-E*?sbH)%P#!rag}QDBC*w_G`ZPc@BI%M&Xw>zuA*+*I8xqdz$Oky@^lnY5ZP( zVcxNhTmop?M%eo$4@72*mEtbhT+H5g|9Z=&zSW|C+k7G=Le7V zuGdX&*9%7My!QTPnT9}|x|@8|v)n!6k7VV(#GGAYb8TbIn^VuHuJSsv>C3J9jxFAz zcBr%4qcrP4^ zjjE`N-n;yHsJcp3(%y96k7CbLwue+i*4Jhl^_Xv1v9-SSK9`-MuwC=&{|w2mdW;h4 z1h!^!Mi;5d9iM;nw_}aTrDxveA9(MmwsGFLdijU`owYP3)$?;D>mjyd_A#7Qa7h`M$i6~Ch?csmy2$R$w@y|ZMQx1 z!{lRC5+B_rFLu{d|9(udX?{$&j46N9+Tw53rMow$Jm#ssuKV!4(2w?qe?R^^dHGs( zrQx%q^QT_h6)*Zj-}mFRj(ge{wrt~bNbAz`s(Lm#!_@UfPK{*EyxP6*0_4o)3d2(3 zc~+&}JWp@Z{n3}Tvii(qg!_nN^?koM--z!GCRh`%q z=67tRld_IXAeO?%CLXx7)ov-{iHESDVcTo5V-3}(t`Eb9XPU1(}Mbmh*SJysHe#UOW z*0FAB(}UA|Yc?t7PiLPKQgy#Ke{1!6qu);a8;S%AL*9Pv=esXnS@JViMuzur7sJ)g zNtyF19>+faF(dS?nd!CDH~oty_=#&OSUg*OBV%=K+NK+?#TMHi`pi%t75-u0O6IMH zPONcfTvSj$)$a}a{fvFe8+sM5NciX7sqDVCtwu9*Rpz!&C$Dfh0E^)N}O z&)@QD+?B2>zO;FdbnZjTugk9GnYpY&Zuy-ji^H7kNAxcO(*dTz45tAD(# zXv>C-x8GJuKfM>uZfbgOYjHZ`?rEM%wL5Ybe2$skZl{o8E>(2sm)!5q8h3THn@_%u zTk(t2*X-UY>k~5G5)&WoR4}*QxmI!E>@W*&et8wCDf`o}q`1eh8SRu@`_}x?zQx5= zyK;*B-nifIJt?y5d;32zSK-?~maH*aotG^Bqw85-P3FT|vG_Oh+h_S)I;~W{R(qP= zVbQf0r_Ova`L!6Y)Y(;8+`_AQ*6e+4^*ivx8J+7^W{YLE^ZaCG3pYI(QDJ{H>WlsD zI?H`lC3-uL9_Ojucx~$*-Ulnzre*h z`Si^_@70{D7-Qv+%6DG=V|MXUZPm@7PY-f0ZK-ItR9?xnGHX_PyM0=(_&=e!WuJd1 zAKm`)Uwhv1LO0uwx8=4T%ZSoF@lkdE5&iC}oqMm8illGdI&)|6BnR#rAtsXzigI-R zINMFF=I^x0&Xrrd=C0n0wQ{zHSZx_(SMkgKars#CPvx?SuG4Yx>90H9PP6}7_)Vou zH0^xUr9bA2v*N}7q~{4ev!3Q_cJ`S0+jADSt55GS{g{0u&hSU`%0C`fN~WI=K8Z>w z6qxE)h&%T%cvH3{U{?4bDb4{0LN3%stobusppZkMs=R@D@v}U$Go%;J- z?`DOZFRS+Pe=ys!;pC&-Ed5PUx5akuGFP4%uhPK2H^ceydf8W2CI6H*UryS(dB@M- zqGa3F^o2LsQ}P_yrb^5XopnKy>))5RPkvw5<@j)J<=WY8m**UjX7MQearLhCv3ddJ z4_{^#X9UVVc{^u$;MaAPHiD0NebaVd-@0+RrggJi`&#b{%dYmVx_lr`^7@^Fi?wuq zo>Nz5sp3lfk(Yx}g9<>?=}SRC){SGn|R`mFVb zXY$@%f8_YiRGZtHcjsj-R7-kfB+LJ>Z^iBUhg?^4m#OQ^c-+@Fo&CtaX&>*$sr%{lCZ&S9H@fznJSg-rzVcrZU>Y9ITB>gz^j)^{fLo=ZOxuqyWMjXT@z;!kCtQ)xaq z^HJ!r!#(r9zN!~mmk^utSlY13;dR$%TdxQHb+>~Rwy|k1nz!P?N|k#pyKH-e?&Qxs zZj*5Jy|lOJ(lupa8{UL;KW8XiHLX}wI?$-%z@Mymsrz?MuTaj3*Ij#PPSv&Eh@-lG zu}^q*GP9JORV=UINc(nF=h{b?1AQ}3{JK)^wW?*3!;;L6toJ^&+N`s9dnMFZ!{?dl z0SlJW)tjf!yR*w&!_D?+$RtZuN#%JvMK0~M;!w@KQF5sHU|!pT)G+C$@9%$HU1R)? zr#zS0QdF=la%xB5r)?osq3%f>l1iF0ITgMfHHcm_F=xtChjZ>x^Ov|zQ{Z?|95|)e z=$Oi_vfcyb%eb9t4ct|tRTIh!ns)2++4N^VwR(O!Mz`S6&AC?}=g*8*;CgFgTG#z_ zp+sWu)v2xv@3v*iP5yB8-&vl?KU2)^)Mj6{(Jn~Y+G}yD&vU)WhpSh@c17#mpXbhy ze)-y7;e%^gZsnbbE{t39Rc+6!iMeuXCFkno^&MxnDezdCt75Qt_nZk9a$CJ_w%J!s zY;0n$+Q?>9)lkLtxX{+CD9r3lz?(?^*qv)RZWl8>X858IRyHkUxo)2Y+g61MMwRL8 zvaD&}%sXug8SKmavm+}LHS;-P5rxykDKrctF*{4_E*hgzdhkk*NQcq4`vljQ%+Q$#TG5@tt6m$%h-?i z)2F(ro}TP^@1`b63OTmD;APsWoTuSv)9kfUX2sJd);n%D`l`;DWNBOMv`g#H-r|=b zi|>RB9^<@M7_evcmbcHAOmbIN<@~;C(#f8-#}|S<6=P!02+j>xo11gqT-EH?6{g6t z4ZS~3JQr0-Jz+gVE_33Uh)jk9LMg!ubfQ&0hF)^LyP?VPi>Q`$Pm7P9^#$ui2PQK7 zzNs`{>{|WI4Xoi|yeA~StW>rwH}~>(T6DT#wSdQJfoaYYtgo1Ta!Rtu5wN~8(QEdH zC3E<8ymV`RW-=|}Sx*yN#Zl8K&lz{D`fy^&+_gVLCOnY~w+Y&yW?^Q;c}_D}x?JBO z%l5#=Tb3dlpYZNwTr&0Wj9L0R$NUSbE`EM4`Dms@UI@>F%Ts4Gh3@AH6Mg3^?GY|% zopr`_+r#L_kVQLxa+x{GYI!V6;<$gQ>0;vZn8ysiuheBtJ|+Az;P2|wCj8?-!={_O+BOKUl!1bEGh2R-9S; zQIi;j-s?8a{!^w!O}$p8*k0wP#b%VXD(3A!o9BD==XpPtG}-AYrkNvTbGY?6`?bZw z`-(h{X@+c6nIHF+XB~%Df!3uR@7i_GeekI`VWDm+GCex5G3N8N*}Lv4aY;W@nUuBU zvPIbQ{;CxVc1fEa7Pw&{ch#?Y8^^ssS-8&=Ng~M=~Gqy=arOHlB9+5rxj{b8S??niMw=_zXE$f&1a8rRZoww&I*$kXEIu2 zcYZfzNxd;mZm)0fwfv+ljq}{zo;M9t-OaXp{cYXF(YL*LntReVziEy>k~($s?n$nx z(Us+!ZJrh|o;Y8%(e&DnYYI1Fio;JYoIEjit9Pfw?c0W2?mF7~N943G*_h|JURhjS zd~k*7eW9p~Yw9N^fHKxerI?6zKEp{3cBa* z`?22s%Ae4cuXU2A6>pfot17g5Wju@Z^Lv}0O!XEyuD(#dw^T!=;OY_2X>o;;+Ixi9 zqq-~86#uEyQ*5}dLG%3iSa2~^Q9p~N$b4pjPT^qT- zY_ZB0)3r-p_!oXMs=0D|lcM!ZgO{6P+^0D0u#hQT>uc_~tKiH=84ZR>7He9|P&c3uhV;^7jA@wT}D~>Z?n{}amVRLR`ZKa{1vZ#7DteN*zEt7 zxH~)TTJ~H^S)uC6whOJ(Plp`%`sY<@;}Zpi=j*c0Zqbx5vijV&@5>CuZ{J$Qt9jC| zEuT15@zeEn)m$xi@=qJSFb+7o;>aqeqH3v=%Wm#5QJoYhaN6R*C#|_xU$rO62sW?= z%??T{ODYako8&opJ=0pHIj6z4-DT?xi=5rCl|fcKf?~)kSfg zHy1MxXQi|Jx_Vds(5z`&i;liyI@FRkwVxqq=j7={OV@l8+jc*F!)3F{-|M1k_f1`S zM{MU*zsnar*1q4I@vAc0R))Ki`Qg+2-9JL4w(ZP*csfz{>8W)4_Nv0GEIB7~wn%5_ z&ieGRsiE?2$X0%_+b>_$Z(5kjy!zdf>$Z>LJ1)K2R4L%W#JA&p%-452O^>kMT>A25 z=$m&zQ)jMSQ{#M9CGAt{t>V*C&rD;>-W8lLHY}dtdDgkui1lFok!!YJrt`gB9t7k;nJikvN%#`yh}*5vr}r86$uX6{eiQEA5DAnThE^&lo6eQF~oc4=#so!_c5 z+u=>OdjDMx_i1}qwmnq3zwJ)K*L?r1rNyfZ!jJ4!C>5PwzWUU}+(;vilOl5>1ItbF zN;@uya-OqTQ$06<(_`vi`?UdAOaJ~1Fl%Bsn{;%g&i0_n%Ysre(`?V0tlrL*KA364Nmc*S+iyk_>jp_ZiM3yBlGQyl; zz5iOXOD>u*rnPCwMZ1&l?yQh}dDb^E(IkBKtgwu4O^eIdhM5)Z{&{gxI`h<5$L*$G zh>S9Od(`rP@`aGBV>$&*trf@jXE|!N%w4S9H#K!(m?gJUUr!jdAJ zOtW6j3fbNonapexYOC&JSIAW^!`ys9>dXALd)&Eh4slE(2B!rhPGxCan`&+r|0DCm zKk3QO?k}40?e8V4@I{d?zD;v+&RNLx@zU~(CcAUx7)Jz|gnNF%X z^KvPlYtqu!s}#$Quea6a`uD+&v-hC#{;ZuVUj;1jeKvmzc?pAR3-{ItS` zzv`;%bju9$BUXDho;YyEfSp0=NvW+{mt5OZP6l#VW~L z`NEugV!kO|Hc7Wx^!0_qy2Z|y&Umf5_;km~C6`R5F$nBDZ|@VH{O~NJsUb$BykRJev#pwQ?)Xl($vvKn9d|EhZVX%0{q)Yy<6o8?&iTkB=^r)q2cyV* zuVyppi zpVGBO;m&M-3DJ#xOpYic`kR@m^LTN$fp+p=wo8w=|#>y)r4gI2ytS8h z@~Yj-Jolho^1!`;#7%wb3E!)X2h*&Yu@}Z6Owl5d1AO$*T=@H;=sAb*EVe_ z*e?9W?f4ls*4)?XCp&fKH*U9B=hwcRw?|o-P2D~){L6PE*Bx_suBLBJTGDv%%j#dD zo7S$A>{nl=#hbq{O^l(yN+xtij9WqVtmX4{ekSs(U)o}F+v%L@4*w}q*Q92gT)gPR z6;IZUJ0|pOGtiETO_O+RnD=aF>u!Zyw+CfxQ|?#>c`7SyDcq^LH~NToo5Nl0nb*Gl z%+r-pnQZxW*{jRDjEfs1%*(S{r{1?!CO(#PYtMIP`zL$OhqNi%rZe8<__^=>+Nx{KxjeV>yb44F`@ZtU@`<0B z`DoWK?}bOU1s~q}`&#X`rAix&%;T1XSASGLl)E~M?cXIfMYkBf8|zr#Jjq@xq$eV` zpekg=oqMJ;S1ym$`Sd2BQgn5C>9?8{N&d^S=VWi+Di?PreXrT&@cKu#zb?PXvN z{qj5K4GanMEZ40*T(D)nBE!5J>x2()_N-LM`NVK8`;v`j&a{t}pX8dmo=@Jar}0up zF*@VJz4>d+KK)rFBDZ&yME>`UHBYz}7nZ4&P1(nub?Vv5i1xtUn$jBQe}|rW?b9zQ zaq#Qf*}t!|p4#y1y8Vh1Ysv+$e9De^lU;f$u+!X9=jQuZ{&v+*YV5M@k0T7-JIxjx zD?GXOtYX9txrVZp8++uIFRDlnE;|y_$8Ng(5wF(0U)O&}JeXjpD7R?me+Kq7n`2iQ zeX*ZgHqS@+#doQwRwKb3#Sz=nN|u&X=54H4R3!YAp=6EcJ7>e6onP1b3qN}}4t#C&-cxvP@9R3`byZS{PfGfDo#pI4?k*!<${t}eRJ z_AW!^;*%#&uDtpkAY$LS=7dVJy1K-Jt4nv@GqYsi_bOC<6TxGiBBynPf48!P+U9F{ zcIm&Q=1KN(22Z}#(78NYBeL-U^LL-f6km9>?oLe8(txl38D3v2J=5`I)As)i z>$bVZ3jACn+jp_?*0L>ExaLK(l&x}eb61f0>{9ghq)NKYtZ621`ufgCMJ!S=^Dp$X z+CGn)jrrcrY5N5W*3Y@JZTr6D+&WuVu3tB5o`3nzu>Q%*{`^Tc=O_2=xx6L6eV^!- zZ6VV%RcaU8rL;Fk-qXLjV8g7tX%n=5F4(BPVU5Q=`yXodg0iw-D{h`yXdu0`W?H~h z>r>ZlraSFfq32d=r#<=M_QQAi{DmqOy|UK!IKh@F^Ysn;+H}v4#t)7zZ(X}5>7Q~( zMBK@zx4qBB?qzr#Z(o1Vf1mEluzjqT_Q)@OE$DIi{4*cL$*R>n*QfsR|FQhxU;P8~ zdF$j}%sO@E!!h-J996~!2kiEQ-$OVg&TJ0JFUV(zT($A0xKQo1wk+HB^= z3zO^*?Q40L{pdf#&E=1`ci3>ME!$S5u*-Y9yy1BkIqe%?{xjT?e-yXo=GG5qG&mnv zm@dh_v|QS_S+Z$u+;WpL+YKMAzN}aJyU`~4KLf||Ly_x6KE0n)^=Q}m_J4XG`#Vl= z@6c7~WH|Auk!_FrKQ8x2DVJ;5<@%o|bmtyPzcT;B`Z?zfy-KbmNv4Sf99waE;lueH z_77J45^pta{h;5s#oK7($)`uH5A8L6-Sw;a(0_(4<<0+;G7kM`aN2oU!0L(6%8Buv z`vty6-aZoSbtzqFlD%>4e})75Z*hlzIO6QO@49+~cg^y%HsP)s$0|auJ-@n!SL*WS zGW$68qhT9nC&y&2*|$)5)@J>qyu#tz487Mx+}9YQAIpLygdOqZR#IAN<&Hi}%9qN2lFgZD-aWT9b8O zvc$K@=yS!Ud*aLueFoW&Ca%aTZgPEd{2xn}+5BLZXTS1)zuIvx)8vbLjfGir)S2H> zryoz7ztk(pUo?8x?-N?p^Ly?I?R74&2^R8xtFXTN>ianYd8+xxmbRLzvQ%z*{3@${ zt9ov){gpTBk@M3s>$iwaUMd#cR`6}^2d;CWxu+Q{%4Ta zSj^g1IO}I+?pI6pUpM{jw!BySreZnGvA=5iEZ?LrkHc2kMaxPCHt$q#C~02% zqwlt#%z=55MPdNi2!a6fSCdcV^4pw9+o-M*=B#dHgEZg29_ zzH-dui^Zp>)teW1SUm_Y{Lps#&8K_uQyyvfn;wXGwXpqt_yq0CHmvo_Z`9cD-#05@ z%@2lurH45_E#57t9sKlN!9SIq=2ktQ%**YsZBAk_E55hxzOU%T^p5An!bigdjUHU% zF5WbG3$Luzjq`<4>%$bn^FK~HW@~)NDs@qhyt>*>dyYeSrl+$D=g$iLS9+!Hf_P4T z;^olKPn{MsZQs7D=-Skeg6`9A>&&a*x+5kj-&-BG-s*)t^IC=QTbFm(w^p*X=INDc zJm8+Q;a}Qb_s1<0GvoL!l?42_&5hrQL%wGRx#ZJ~r)4PAHw&uz| zytZ=93dv6%XDi=GJ>gtF*Ut3Lk-x9Lu4liU(f#3|$$5dhvn#f;bH&v9X1h&UGPh5s zG(O!oe&^?N8&~+7{yrD;>G}S>QJ3dMH*}qz5EH)pRsBYmeae?pum0hFrFWhw z{sz^;@vG%o|H=JO_WV)4R`} zZwE}=Vs^TP{l~`1@w4QG_ZhvKr*}PV|GbACx(9S`?c4Wv+n4%od)a?_*;4)uU%Xe( zP@OvIc1}8PPuI_n_77&&Z>?MT``8Dc)AQO-=6_r-t+U>*CtrD6$f5;1=PmEq-@Bao z>4fL6WBD6xQVUb7ML(Z%5GpE;Tblcyfo0*})p>0H8Gg9Q@K^Z%xH?z+ALsnvzUNn% zw{N-2*?WiGSba*x-|TDC(%r6Y>{{%*e3i}QN6Y(`ew5qbbS_e$C*fnvv*t$!Q|sg$ zC&iIuT?cXtHjz!v7-Rb}N{6E9>6>s-Hm@t3K7p}bZCffoQ>xk+5{QezQ zc;@Bh7ph*9dnenRe^h^rS32gyzWHg>nyfn}92I-WR!_RrY$K?w20%e=P1_ z)@T0hR}lD79&{ydpHr(~cbUZ5!iQ6m+jrZ}aedsjvHf>WP2G>e55*6cchp!WOYzoy zI`GCNCfWAne+Jv^r}jTor@wVvTw_=-@+w|b{~7N}58hoHpSPWO9Too};Bx8X{=Qk$ zzjbO72 z33TTS(=STzKIHvop7g{247c>I9Y12H@H@Tjy_jdx)ZFNkD#p+I>bWNS|M0r+9XZub>=sb{Kw7J*ce=5WJ8T<3Swfp5JK8W@Ri&X5b zX zi=!zDk|N8U!Alsmt$wNIE|?5WDSim=wltF4>11-qSk;~p3ryLb1Uo0S*W zpN`wKe^cIsjot;b4AWZ6^SDo}H`@16zip4Y?fKSs>Y>xrb9bM&Jh@ITUGvs8>*QeG zAl*w---KV(y^(csN%sVa@MSNw)n|2CoRm0Qac%D7=#2IMuIjAbVpes%_Thhq&R>3u zm423Undw{DO}*_Ev{ZQ3dR<@sRsZ;ZOn1EaNAB9MdHcm@=t*v~{icKu&0l$5@@ll=iCgmbR=={}GH-6f>J=xqeB;aBCga<^Sk5nc zN#eg{2^;foS#8Vt{q|4#Lk^MMKiaM{|C`md%1*t4VgEFn!0h?HUq1xZ)LmXGDL&~z ze{j&vKbaSwPT66!IeERwe}-#k@=j@r%Q2r0y0+Qw`TieEA9U(0?>l_N;G}``){xJ$ zRxkdO^nu5!$aPi4B#q^P?cuL#Uq7j5`V)33Z~feNf>*RkZNg0-)prYeu05xlP#*B( z#M#7u8euxnVf%%=wXHHg?Re)j%d<{1rg>w@OpgBy1y`;-imCbT?qgxC(0na-eq>hs)@gI5 zEsK@+F%q07y*9fd`P=djYMU20uDpNPCfLI+%#xRWvsNeUldZ{|uR&Kovo`)%vTjw4vE`H6 z8@)Ld+rB^Qoi?^D_i!$EkCS3u6w(!S1R!J(X`J!U*Fuk z@~KW@+1_uHzuM+~{?@*)rrSGWx~)-h-_|n~$B%SB;`aRddwGwq(!*09=kRbnD)n!w zmwGEGr)%f4rO{oq=>50qA5SYY6eE_nDnE;ldbHN&ywv=yL8(E@CnT!O)m&2iooCX< zsc91G*OqLa#Q1$#{JC}gH@hDlDKqwa=CEO<{_A7Ke^yVkoC47W zZ&j0DzD%3J^|5fd_3e!>s$&1m&Ryg!9lIcDr_6Ot+p`O&-dz^tU3FdW+V@XBw`$kz zJ9>4);k_B_8`h_`7-y~DE%Q0*>S0Tji4~z=UdFGz*YpGhD^PGQs*RWjPdcM2xkKYHjdD|K{ zY<6nyv%Xfgw6y-g>yq79bfi*aQbW@AZu?fUGdS-R$FI=6(g)-uKJso^xh7hfVJ2g1 ziN&X5CqDgLzw_tP$J*ZKCF?Fszjmv{U&PptBWTC5>_s1+&E;!f%q#wuRYfN6{Iz|P zeti9{f1JNB`A6r6@7^36)n2!R{JwF{x8~?aHeT6Y&$RC?on_vf zc;Qdx@~s=sMMkz(n-wm*WfJn(`lNry ztiSBPdEeh(U#?{7=C}pZ{hoCFc`O_0EvP(S+V^i_-`npKk}t2qwr>dg z&k$i86qot0Zm#MsGk@0dve#iu51xyBv9JkGlbWu3M%FX#DX-qgN1Ja}e_CaB_sPfm zpH>_CbMve@92a$Z=&%|IsM%N?za zLQ_I}6(z1tt`>eRZlAbw(xaP^ORL2{ZR>ek^C2_unfN{a%=Ni((RXKXEoRwfHEWT) z&z6s}ZOeXrUc{QRWBXhSg{!x_|N0$DzrIdi_m*Vei6qzGtN%WJm-#^LVZh6Pt&=R* zw_cldcU|l1tg20{8ILD66kcAZ&Hu3fNVRVAkqhg#8`jKiS?*9&P&f5%eAWi<565Ho zc!U|s?rGTcpF#Ze^{?w0e^?fl*tku~bW@vVb7Ee0%?^fn*{`mOyj-?xw%eAank(gY zKH|Tn?Y8Yoo{jCYmtCLS3!ml(AABykj{DJ;NjH96{%iMDMOrB2*3DxN=hR8AOFq12 z*Zm_aQ!}RSIqM*Ht1iGhbbimZZ~qxSY=8gdw!aKT1WnxBQbZ+grH8Rpz?KhfP-h8Q2U8-^bkOF?zbo z-Ph{Q?!5DsAKMR`{K#INx$E!Nxp!{GKI>Dt8pe9k)2*)X?S)4>LqCcxdVS&5Jh=(C z7wNq>k@&N2oojZ52J>EU^D8XHN^W-clGWzT>z1&^1cgSH`!e*&szP4-RsNBV+D3~YZj`#DVQDaH_v6~w%DT; zn)fzrl{Nc!?(^@wbG)bf@45CZ+N&S*;aT_J+22mzteHJEfl2V%hOf1TZ#?hZbd$+_ z+4XjDZE*V@n9 z#T`+x>-M=lo5Z#=|1CLr*>3Cll^JZe-ke|NabV-mDPNQp?!J&$V=A1j%|DanWaoop z^-`~UE?dSLo4=Lnn^C{nbhU8((lcgjE_@2xn3H_vpX@8{)wkoM_lmtek#RiY;8)Sh zFLq5m*PNAhY0LLrTaG={zbU&@peY|MafTcJ+0VwXTU3w-3k( zeR#H-zt2RscFXLQ%YtUxy|8>D?{(qI)~O%U7OQvIXd9h;#H}5BVpU!AR$2F*kG6FA z#B%7q`Q!cY^vZmFlPy*7~(IR{OUmKg#FKdSGyXTzm?zwMv~8{F){AeJUMS^G*4b{@{O?s*U#s21$9Fl`)}$|86E0@- zr|VHg# zm1tDxpUon3ft`1C=B)26@9R!J;LY()^6*) z`~Hvn`5gcDKR&C)8}2vN?6AIP(s#B^Tkf~(t`VE;7QkX}HLs_(e{V>nu4Ghxubui2 zCHYO(M_0dm@aNj+buqd|p8weY_)R&wYRNz8E5&DKoXN=!dS?Av;oGdQ%}%H4BHNem zP0gOqGdX6vccah=)stNrR{e*z1if=O8~xyX@0Qi^TYmTlY`LyeHtjA?gGGE{%)Q3P z=LP;)U5k9Llb7r6sW6l8{^GkMMJ?y*=;PcEulWmu7vKYy8N* zY0=#F)5=>aa=u%NT$r_Uv+44-I{g=KAMrEB9N7NRE$Y=_nVqs;*QK-9-oJI`o48ql z%Eh_6WfH!x?XFFJaCh#R^8XC{>+?#w&s&)E?tXgw(r)YX&Gx)?x{>>qKKRcd={9Tg zie%}1=KCydE6#sizTiqu<=-`RMpu@6&Ix0<@iU~4H_QLgdBK-vf-ma~F3Z{d%kez8 z=5O%B=SR=Ci7z#^=5A&(V_9XcDIfJx`J+qJe}?wATmD8Fd~R--q?&BYyE5Y3MH|D1 z{~09i&ThG8v!ILPvytVpSNnuNK01@OaZlyi$I?lLW)AXR*RSR6kyl+)Roc5L`i|Bk z_r{H9#lm(yow}^X{t^G&9XH<3zqHwR<5^{Pr)yj9bKm#;yE!9;wc@k#+Ft3S{{(jP z?AkZ!{N$5us_5n}f3+zx=JC_d_qpeLHR-p=3x4Ui^`GIeo&NS6-Ifv8VsFa#2J{Di zun9DN{ZD-2JW!;vjmZit1CI8$mbKRM3 z@k4)}xF!G0FD=gA$&lK^H#PIl(b?N?<*i-wBdwYv(x!WBq*PGlE#9mj^*)=nT%PpU zV<*$2dkVYzRaUH-FP0^cEyvp(dO_cJ(`pSD83z93&>F$~N74BLYc$JcRx9O}p3jd; znH7F^{i|Q5zqVefOIgBl^1$nutN$6=YE*N?E+4t2dwov0T841ZwRfu*$KU;-_v~`S z6`uN+IzrFn%+^($O}};Y@qY&Xmly74R9)S-Qi{i5CSy*>(iN9CHm?7}QtNg2cl5#V zUagZ&%32}wwg$U?n10Nkl})gsD0_vf{N6VI85ZkK+EhROy`KNh-IurIZ$95PIWyGH zZqcSM`JHxp)t-xXehk)qEc0dt$$Oue=Z4>VCi2Q zdhzYnxzSNql0UNd+`7YlOX=>XiSwpRF1*o~cJYaw+(-HD8ts+G?RGxC%-K?NK|x1a zcJ=D(`?KWRrkQovgnoGUIl!;Cob$o&N4w4o{yVcz{G&|n%8Xy%PR^-$*pO=P^>p2T zhID`F46%0`*DhO{J!gyHg9&z1eecGsICXnkNw53E{|x<0wp`sO9^Gx3rto)K$w9Tv z|5PiSAIEp>aa6tSY@%kPwZ;AEfpb7j^=TO^zhz7|K6mkfVC)___7AOF_uO)C zD~-_AtJy#AnHt0L$03sy&g|ZD@t;`qN&TKb?&=+TybESFo%Bm;nfGkP>o~QKcGH)* zn|B;3ds`@fl65-|`%z}8cCO#+iP_&4@jZLa^6OgrA^mo%={+`) zg)4rnx^VB6vG>zkHz)XH6kmTCvPSJqXa1rc`K?j>Z8oM4Bj2T6m!EGSbBy!JhV@Y! zH-1omv-JT(;8BWm#%jr!(zo zKW24w|Izyr{)Kj1=BIBi-lr-5Wa9K6onKZLU3eDwEKP21W$~l=g0JkQ_o>Ah-MG#F z#jUX6h>(+p`usy{|Jb!3iPOH8_T%H@ipTx_Tf+Ojw@&r2kmZnXE&d+1_GA9B#fQG{ z)49FuVAaMKQK?HDlcydtH~cD_z39jFkIbQ0x9-@VUf*`h>P(Pn+pB-3KNBquC-*Q1 z9e?xHLcV*}`>sE!3%wupx=!=1UOm0<&?S}M9XnZnyp7t=YWkmnE7P8TZH@iXjKaIG zrwhN^{-ji0X4cEEDj)72UeA8F!sw3b->duPZ>rwekh|pXlX&M}*O`Co-pIUm&tQJQ zyxY}Be5QFte7N~So722_-K;G+Rrbg7g^oUa?H$h?r;z>fF|X13yOOVC&M=34R4J1Z zS*5tqe@cVlB(3M&C8zgB9}Ta%-?7p5%h}%xZ?Ujku5o{K*6!%r5?+?oKNUGA@ISK6 zjCYPu%R64lGcT^`(*l>DfekNeU!VV{8kJ>s{d452TRn@e2(TSIxbEM3$N3)Gsz)M? zj>yK8tIs-bK1;q!v{fi;2%H?KS^sUGM%QDBt>(BWG>?HIMCS>g-#yDw3T)sO>LF{>ZjK zH!bj!VB@SyQUVv-ll4|V%#F%Ox}>~gdtyt$PUf|xa!emZ!px0gUR{cI7LV8I+gey6 zYwk8F*6emfWMW^8ur_GtWUJNrUGjWiPM6jC z$3@ItoODQWPF48nTXSyZZGE)*cH6F5wcq`cc1@o2%JW$E3xC-f)gP{lYSeaqG+}yk zH`Yn&?hQGt4?~ z?B*A^xUv2FF0L=}t@DJow|^_y)OPDmuUoA9*(+=X9dJ+{*S{<*6~*u+_%!{p1+772P%thb3=W|0`W<+m|k0Br7Lw+_UU~yH{+L za@B5!+fUV8bAIIAlFsMxT(#-lM8AvktJaDx$llCz@rkeGty<%-8#^OU?xz-%d**C)oy+7qRr}OsUHoQWq#|#@dfkF-^udP;(bjX$!^>I zC+?m#&z#BJ`GnG%liQxVx^qsjd#k#T@0iz-RY&LVI4*L4C$WuF?rN2ENGW4u@cfUf zE<0R%cfe5Du?u zRuMQ+e<@`0tzG=QmFDIbmznd;6m4f+!Jac=)r7@5*0ZjEcyj2{AC4QMuluVyS1&6G zoZ9#8-McVv4*?Ou37%|w^$(V($=X*Wc{BJ~hfh9REpuvNv?O!pSJRjA{3@vz&0{v) zabUi;Gi~qXtB3dcUAi137k5o&;`K}GBJQl2#IZALSFWn7}Q+@wvD&pDN?Vtyaml4iW+_M~d5sqXJi_)nQ1cUAeBde0e-1PA6zOZz-s zdRUrSszL;{R>;=9|8b?`_5PI1+mo{L!q&`8+QG7Oih=zhR!`|&PdfZqRcfmy&ML}t zZm3uisWA6je##yGmwvs?MN9asq>@?-x73BK5tiF;73LH7#*! z;RLM}Qw>~Zelt}G>hrqFF(c-L@{M!6VN*XDiI-UiZ|}WfDzk)7c)u6RJA;%w$=Ckj zjD8^>udP;laktz4VUTOl&eT-3rksc~ExBQ#k`gAL)-2hyvG{nM*2bUrCDk*Zl&wsf zJWYB-u|qe92V;BGBm;(n>g(#I+Qe0!_pkM6FArkX7Mt4nFibM>Y}D2r{bk3G@h=T+ z{3s^9^3fC(=eFF%*KJ>_1jU|yX;bmj&7k6_o%K$ECuW7$Hm{wbvM#LXK-JYH+Un;o z@4vPpS8UVB3~zKZ|$pCGPP4@$s~n`yS|GYE4#Zx zs!v^Jg*x+6#o|7V49;ne^LW{k&uNLyNYMzM9}}E1W2H{<$>$=GqGEoN`X9-@a+w+P zXYcN?id|iyijj@HcS2WJMphNyHi;C8@GRbuJg0oQ_C}U;SuNHZY|nG%dsR%dRG4Ia z=_%uxH#<+BG?kW*`FL&O65ku_vwBY4v?=_uY-(%avxFrFnptF?Uz_l5!j!bfTV0kI z3s0U?wosM(wA{R==^C+o?oJ#IZuj^yi#$%8e51Ki>x|brcbi$RwvH2e6tQ{A{; zWs-s6GLDCveWQCfHGLGQs?9Lm5N~8zoj%J^?dh$c-UzVamSxz^m} zmNLz615@<5D%BQF3k%*dXUw;WxFK96T8ewF{@l|_gnmDkZOF^KS^3`b!^PBjRt9NuguyiRC#J`k<7k} z=PK6d3%>H}Qcy`ZEy|6%8hXvnKmXd!?$hm8^3TukzxQbAZmFZPYMoZy0mm1<4)(WN zw1M|%+Kv1+8Mc=}TYgWU_BQCoCBH|f3s@=w=X*7-bNm_cW!Z`U44SvH*i{{W9`|Ea zU2x0kWI@kTKiiY5_?3+(a2!~ETK$xxOsHpMU_rD@fMb&N)E2{u9}KVULQXCuA32@^JsPObf@dxHQ}Wd zT(_+Ss^@(@diP|h?P+hDnGcv}UEI5Wl8an4j~s7u%xRso*PqJ%%`Wvj@np(vmvG~s zty8VJRxP~VENS=EX663nlFM&K_*&kS)O~%_c$Ty7n$Dlw(ywhTy1Ra{NG4Acw_P!vn>csoeBI+FKTD*0yMOKPRKJ>%X0MU_-C@O+wQ8?}=D0Pq zp7YFl@kO8U*v86V?d&VrKdwD%eYo*IL*cThImxOUZ!O%?F57ckmhZ4{%S55gZ^QKPdwB&b?S;A>vME71wvzY94cS2_lCyZ{+-dh zN=By@rZ$`xJ@;zYnQ*@#(}S|dvzmSf?%P#6aSnfAK;#XZbKaBZ{e16ZJGV18m-nX8 zPFstkaoacLYqJ*iZOuCF7op57apJ^ki!N53zxM01GA=qh^-SEQe}{|RCq!3&O3Oye zx4!$YaPM}1*28>jQ~uVpyHAR*Gh94%=ILU+n0rN${yD;t)5TRgx&AzF4E=ZItg`Y> zyFFK~eU#kik&u@2KqfGoPwye`?o)@^_h!DV;`#iaflWltbG4OSt4iVDML!y>9!sn> z+mSAxaQWdmk0&A9g2J_<)=rxeDRjqV=7Y7~vfGxgJ+~-TtNm#x)B2m4&gFA$6z2WA zx@vmZw-1$J8yOxH9N+2{ZW7?jy|}{L=Te#7W^0c#7G1`FULF0t>PS-Yx9Y@;jIV58 zGlzWizu72scG6z|rG<9JKbBX$_!j6p&*Is(Ug;SjP4145?stksY1yuuwYcrjgsQLW z#DhNiEne?&>E0QyZ$a5Jtd1T%(-wVPukyjwyB1q+Ms5<}>ALA==*AVM&&kpKJz1}+ zIKZ=5#gfO(^ZBgyfU64ICANk=zVJEZLFRjpiQgILOmJ1&*{yT#>}R3k-FyF$30B^67Mu8supbDx_$eUnGAW)=IXq7*tOv0F)bUz zljrTWinLzzO1Am?FgVwpTf6nlQKh5;|KwRG_Uv;FI^S2ztG8C=g4$0Ni{mzbvnO3E z-P#*_SYXfdc~i44x)qz{nci5`F8T7_CVkUuyLna}VLVowJ#WwTxR5}R{|wr4kJqa1 zxqR+HPvZo}uPcj$ruM2=>UTTH_POic+FV-e6K$}0tLjugiRAffGw#3QTo$!;?M$9` zd*+m{3;Xu$!>I?}zYiZt;E&s~J}GWV`J~vBMn4(%?0LHJeNa^N-uow#cz#H4zJG1H z&(@t26sC6C%JemDH~DL7^C&rJxyQ2u-I()yzr6IZ^fU|M(kc1OTF zW!sgz`KR6894hQ2(k3Z4N_OI@BOM;Sa%iR1iHsJ5~~Pw%#%+bK8p=d-?6OK0n<-G8%9uy;;zU$(J-XUPlS z-Ytp2*S4A5PAU*d|9yXLp;x#qSD@$gwPN9xoClA4y(sb3KQ}Q|b9biX(e#&5C6hNT zn!`{y|J<%gB=V1>v_qC3X^d%fK z^FBIj+`Z4X!`44)e&CFg#?#K{d|9h`c%|>6XFFHzJ(#<>M{dTtvIk;m8b*aDSFftO zU^7iN^K8OKHq}kX7py%aIbmDR#?1+z+_K|cK5V&uN_D1}hULlkQC94&Pj~0r6}GgN2i{}5{SH94<#2eZn*(%HG3Q~#Ackc%i^%j;yUEOxwZK~Q9rW`KY4 z_pCnm)w-G66s5lxJ}I|&9la}c5!)@#Q$3Ti_RVI{SScxYb@#%|{Nl0={g0Gws;`Nv zChzCx<&Edh*c5+GRNU66cJ(D2*@y0TY)<@pFLR|%=!5GdSLvs156r_CzMSO~7j--8 zn7^NU)q~aHzWnk0o^emlx9=1Cowi^?rOFCr^=o^r9=m&MyKZ&0WR~~pf0*8U>yrI8 ze>sLY<5<3(qO%Nho-@x0pI?3AZP|^ddO3eqoK7ftEb97*`Kea%tSh?(C^>H^q^+17n46MC#mmdy;)pcEsI-Jl?DuPS4{w zn{u>dgQlS8IZMeEPp>L$4okQ><=>Q|$!9X|p6jyNR(O7IN_N%OZBrA@onusP^li(S zWqxg|^c-h_6D(iXn|{pidvg6Nr|w%vfz>r_>kM9{?^gaO`=8<4wPh(g&mFwXwx%Nf z(8=Y z(q=IF{N|Z;p-?MQOM-zix&UFda96R5b(|Y#PG@F$#vV)IYK3=+Z)3L`K3$wPj zZNKsIQ=GHpi3es@Apyr#k3NnuSC_didp^wYl|Nr)&%~aDv~{-~4ok-rSgz20%x-x! zcI&OZ{!3NN7j4WtcQ92hS-`;J(XyRM8{aZF`fsrjVJP(7?c^9_w{=yS;j6IihbIa4 z75}_8C9GW7@kshp+1hL)wcj?~3U9LO?uW}K2r4!1C=4x9Ip=<4L3C4>aG5Vp!U}-gb_1!t(|8QBS_kRn;qg zR&(b=VRVs3`Ol@=UqmIFpC}X=-`n+Am(N>y-o}dx+vlc!`q;K^+NH#7i9WH%5=Vm- zmCt=SW);MF{4Tr1J55P1&P8WmIcsF7#Kk1cdR*iEpu1M?miOt9JJQxpzpf|pUi(yY zRE8(zs&9_;>NJn&Z4Sy!*%dj(r)-w@R5VHNxO~QN?!5&iq7#$U+&-tWGklDF-|=PI zJWqv;Q}dr?&z6&(tH-%BcY%O`^@Ybt$>wKD>-ishH>pnO(X;x`p!LN%dV-?B;U?SF zr%PmAZrtgX*gc2I`g*?D?);?@^0xmOs@!F+t2{1Wc-Ql8%>6xASq%P8GJCpf*5cCI z-;23~k9!@g7j`6H|iZ=As*_x1LV{5P8% zq!J8g@svX5MyVb|8gN1x>uZGNlHJ~4Fbj|GPH3(xScx+c4F#`&#}6Ao>B z>O0qPTHF5qoCNRd`#SwjPBD`D{5M$8TJ*U5(yF$FdAp7`Z&C>kY3x{4~$u zxW$8O6T{q$uAIyfI%9nNb)Xx!SxB;Nv7b?Id$Jrahrsi);?ShfUz1$UajJYZ`8sFX zip8h(q?ZVKZxc?lV?SOf!b|vEr}qOL`q2Y;(^kU&*Cs@TB=N^HP(Rxi|kR*A!i_ zseQDpTAn%cyv=Gs_Vf?WO+P}Kg>Ap#CPV|%I=k3TC<|%*?&C$$NB!ZZ^gg=3~!^}T)WiMlfR2y zey#iR{|pBW_Sx*)n!o0LR+;^a7mG}?ClvM{@A`dlD`!Z$%3of~{JHHq?vLYojAv~O z^PO{ERQ+4v$Mv1{iT7{W$5tfnznc4Wdjo@Dp5ucmo-6ys*6dTLh=1_4|KN=+*Vyg_ zKmT~;*R0>X>s1bFYyRP_Ir%&0k4LQXQ77w~dHgq;yjF8o*~Y1jNq2OMZryL&<1acZ(mz>2aKoLl>sNP)AM+@6P`tW!Qs^2LoUdMXM5gbQ_O<0YvBKM@&9-U(R(L_KHt3Y5!1Jn)UB84MOD$Vi$k#N#%wn2> zZNs|whjzUWSLb(Vm~=37ne+BkUyoc9d2(IFuFAzh4=g$CrLL{@3|TSzg~n0mL_47h zyTd-sC%Xi{|5OQIfAi%vv#PB9Qx?wn*m!HtweyGTCB7Uv-?oR@=HtAYLp#o2HeIM9 zzoqm};nDmDmJ^oW`)n09p?ltP-mLD~k8BSgEX$Oe{A^YKoCi`r4*%oY{a9nop4Tcn zSr<3x8DCyoJNv`k(%b&5QT?K~IP^utX4(6MKP&$us($Q4{EyWEM-L|S99~~D>*t=k zD<3KQN~e5$cEqo?zojO8)zQM0Hj}pby*k_W+E`xAi#Mf18F5kCl-F@lBu7#0@ zHl953KHjmpb>))kb#))V^S_aQ7*P|xC?@Xp@1)%JF^lq}2yPN%Nq`lfJfQW_7Xdvt^6yzfSTzU>_X!_ILbCtMBbLE+)2RcNbP%FIFyn9jE#*SL$)d z#~8C$ExRoa9Cw`c>&>(&+Hp&&+CRp=Uf&}GJ^jb_im5zjM%l02xu^A~OPsrW<@&;k^2g~NC3D({=rNA!`em|NR#uc>BVRekf$i|k52+|cJ?e0K5=u5aA( z-TwqX%G9TQRO{xMz2lBR+Ukn#gZ~&lZe8{AmhGk6ji*-HFrO_xwoZw2g=|7zPHN0$39J8DC*dCE0fg)d)*Gt`rPY(AWr4O--EvHJ`>C4 zy~@0_n$tUYooKS^V(a|o`!D~QZRzvhB_ka4C;cOj@Q-7UObZ-x7cKmucUo?v?rqKR zraN=yT|HT`@9+CRj<%PDZZEYzw|lMF7R$$#Nilux52v<&JKnYS?V{%;tL&rR)@OFK z?%T{Z&)+b5h4SZh{tsk6-v06J;?m!Xe2?2*UHb9;(Xf9?AD>>iV4$&fOP%D>AYIjD zt-hdR`YMG|x{Ex^7$twUR?R=s-Fo?t;?hj5#-Hw-&F4xK4%(!^qpyJkuLxwNk#!uP5QU0j#>YDP6A7<&CwvJo%a7zE9 zqjhVtx9|VZpRr-t?z&K>rYACT_J2eB5=9nE@0C2-yX4AZ(R=?HX8Irc$9>UcZe(e9 z#Dlhq&VwA**Mt8qdgB@EXwMjL`R{7{hXDI_`%Uu?@!CI1-QM!#%72Ef`6^Afl>bz7 zvbNiN(mrJ)`k#TdyZKl>$NPV3xBqB$-OZI~72*-@`F1wD{q%CJD!I_ikU8tl@0j&1 z$e>hq--EE)Y16Y)SD#(uy3%~E#gX2=Mf;ThPOE>g&QA63(tUdFAD-E_hh4kqW&Die zn8P`({|s-x|7T!Lzh<9e-}AXf?L&Ig+EU5foJZNyCh)B3;Z$DlH)HM7sVBYfsm)rc zS>#++yRmp>$Ay`tk_`VD5-ZnyTzT`(kvFsUUI+`4uA2Bdp7B=w!Hj)Mr$6Za(~JFM zxh4GHh2JUxTk0ztP9C@Edb>Yi{SPhiBmB3yAN$1fmcDQQW;X49>a^;17s(J;b(80l zL#D{A6DV48_x-{z$L6ZdU+QbSZTgCz8RtA%3jDH;6dg6xw%ELb{a@9gW&5=MF8I&z zV1>XRnIAW6KRlA>I9e!E{PvzQOM~b8*u2gE8CVs5xIYkF9QotC(>&|mIM#`wG9NgP zRbA)RS+(b3h1`~nC65=|?fo!q_Oe@9`!ly*e!D2iz(=t4U+AT*>q>`R_v{b;x9aBY zFQzB|NKSV8*x$6qPWgq@xJ9`9_UVkoMTdV!;d3{?w z$I~ly#wSb@>t4%l-FmorV-?@>m+^r$Vp~64+xg+K+sEGRZEx2;-M7iR;gI0Y^5X03 zy}oJ$O<5bnb#h*<=V@McPV3EUx|DhM6sS~iN-!`UIIzsWFh7esHuk8P)%ybN=jR1# z;y?cRHqT(P_eYan;fhaPB05G%32)gJw!{qTPV znR}79qGDaMpB~jb&Y=1J^{iLF=9_G{c~$avaqj%p9ZfDmZV#ung*Lv@Jk`Qief>;4 zTb=fgMaPfK=ldhPCfhtU=MQV;imZRxg3m?!wVvC$7sg%xZTV`~wY?weeXpCoe!gSg z8=HM8y_2`>Jn(0A#RH*NiMo8}nhK0x1|@`*cd6`aK3x9kWuf>EvA)F6SJCVeD^@$- zJod6n@7#{#~?m8&^bcnuPEjw&S1HyMIvr<8o#B zhpXF`F1;JQAX4SZ@=}GBlFIA7KAyIhi^#gam2J|amo>{j>d#c!WFW7RlXAT|X!6=n z%kOs0%n}!R=E&ad-;m-F+??0aV5z0WDRsl_S}&t5+eJ^k-4CBmKRrEmD@)H?&ET-kar+7XLZ3djNOj^|d+}w#->7ccleOoY^uP2A z{P5k=>sQI=&bsoS^hdtM%kLShym9VHHvJ-cZ{`Dk2^Zb1yIBKH)zy@ko~UU4R(~;R zTW$QI?_IB!ziW=!^4x#&eY=a7CQbI}KP12T@E?cEZ%g-@a^H!`)9JE&v}t{v=#2O4 zO@9AXIQ~tt%=+#7*!ze4yQ20V`kDKr*3Rv>_T!AW#e1v$5AW9J_;;aB_M_h18^3mpBTdlS~HJh55Fl){};pe>a58EcHZkT+|cS)(~#TWY+K1`kTe%dpk z>M!eFAB^8<-nUQj#dqWSLus=dw(YHO%F~JA`@`II_riaM2XpVKc1iCwkNnXU8|i-Y zUC5lt_j^*pU5sknb${}mEcEjfJzaeE`NbM}m9)#=b6Ix$W3XJY<$ilud68(JfVa5{ z-`?z7|0L@UT${)7QR~${g^!c71SDq08r6MIKC#~WLLGC3wX0r~?hpIj7Qe3BY!KBv zf3Ndwe2-C8$gL&o&geJI-`szAhMip0-Rxf?!FTSaxuwgpc`$$Zo4q>z=IaNKgxp(l z{c2rZA7?zjq`dL6N%itBi`;)NEZ$}JPmlblGM#7QtD=VGGKTAxb|1Xluf1$;e}Blw z89z_$T6NucZ{OYe^!v>RxAU{#N~zzZ9qs=k`2nwyV1D+))d7naXlS3!`D!mD{`c8R zP04>BSAU9oE$68oIN{^Xvmu2yRJJVXm>1nuWp(CD#~$T}9y_`nw#a`w5!&&^R!Fhq zOLgLx#`;5h`W>!(eZF^s=c-cXZOvdVM$*2rDEuiBk?ueRvN zae2%2e1BK4tuI{?6?xlc^O{LbhgH6;d6hOr>tt}qC7;{eQ_tF!o4u)0e^Xq#EH3VT zY|XynDE(>vF?rASJ~=68f35%AKA*ocOWwwDs!w`3ODu$eZ%+7TlkFKy{~0no-+!L< zwlCM6U(UnTL?#OCRx#zvj#ZK8(PF`Q^ek*tX^N05DSAFh&ndjSeQuOl^Ik#7< z@>6bj?5~-4xpH;nr5! z%u~70m9J7S{5utzT02o}=5NU}rt)u(U6~o@Af1^v^}^xb`Z0^<-g?LXFz$??!%=DR zOMA6y^xL;S`D%0WqhGH2k}r1EKW6^6shIEhVd}A^4}Tvn)XDI>Ds$cVgZ_i_{eRMJ zCjIEs%uR@>tYl-fd>bEXl5r|3Pdr>alXV zXXRusMxFd>6CU}ux5PG!P28&MXG`tdIoFvV*WYA*l-{5#AM>Mn)qjQzSE+ZC&i0?Z z|L#A-ysuxmvu|;*TOHl->y-Vm)n^~ebKR2NoPF)jFAt72uL2GvUVRz*$1k<_oc8{E zj;Ej0crW{L?cJrmhD~sXj%6M>0`58 zRz8xv zS@VhokFFPA+uEyj>Gpy0vTxrGMX&CT6m_#?S$VY1_s9FAQTLncG_s}g)~8(X=e^T) zTH#oD;j{e_^B;+~)t$O-_DS!@hfwSA6ZYHO55_arRDZOtn1A@&$D3J&EAJ)!tU0$w zKI%}#i%aX4$_8F+IF)tM)TAakb)Dk1+d&C@DRqCuk3)0i&(JB1Kd$RO zzTX^Y_anRD{Hl!4TX)#&9x0q;FLmqh9Qn8L0=f^2KTC?tKezW*#IMp7c46t!I#Z=q zh28i&>F?YvUoP9R{HVH|$GPoJy>RRng_N%6`y?_y->fmZka)ZC?`-LkucG_;p5)KJ zwvSo3ykp|SM^ENvW?2Vyrd+-&@%8xU)u)(NF#lfsGqifieevl%PqV6v0W;{FG&g;PqJr0ajcY2W@16U+?O2b5;+jh?FUCSH8YBY3-#KOt-z;oCN!l*q5t3 zk-D*0Z(Goef8P#oe;tyy<;OdRzGnufk{H{pvt=qZ!4{K$Iz@amg#+1juB zwJMzF%{_i;_luJAH^UG8+A_^Pb7Rvhrlg5cFE_t4ob_}2H;oU^J9GAD2*x~IXZN2;Pu}Xk@oakbuJ$*L>t7pXhuaIkVSRjJ&3U;6 z+(LUd#)!ApKbX6##VY3FkM2jR2UC-H#8o!szPY(3yZ?vkxz5}b=3OSTb@!e<*nU#R zcmwIv?AK*^mqCmSNV?c!{*QYZ8<%C*7hzaRogSiPsuOt{LU{DI=q^}-+KSpo;SL9 zJ#6pwl%z>1W&%PLXUpqkKltq|>X~@pUFw6vlXg?z{Yrnc`GKug$Q8Xm{u0^>d>bYd zpRfBGAGz~`eB&Sg%>N7=p+`1*=N8WHcqd;pC#7)KA&Y43lXL5D33hEYEvuAU`B2hE z^{L|{jk7y_@|sc)YM(r7e0-k4kNWkuUxe97e%KQg@@?|TZ>xX&%xv^ws+Y@l{xROv?E6!XrNOH(4JX$E#w!@UsIFDD@-mq`SdA6O;Kbq|<_!qcCQ8kX^ zz5k`_0iCg3Z9xV_8Wl^GP1`f3M|JV0`iKX#Bp>qpvzqH}O7oe`SKj`)((}-N#j`E> zmjiS>AIq`^%<}%>S$KSf?aSb`Wtzd8jAYI(zc2YlI49x5lAySZZFMUAwK7lDl%GjF zHZ6LXyMF47d#(BJu80YChi9bj^btJBwp;V+W=nNXlcK2B)~j1`^Gn73cWTH-o!)uH z^meZ8>=WKArmuQDr#SZR-!0*MfqEftY=rM^)Zb%oyY=L*%TJyB@AunCeR&bS?>Wnh z8&6Galb*fGH}~HZ(j%baq;chIkN z?`coU)m=F4)$LPBd*+myz6_p~F7lvw^4*HVhkkWj>pgRb;pV3~Pd(OV>@#?E{o@Sf zt^E@}_3nLjaB5AoOxUeC2g6wJO3i=#ZB<%54%+^SHh}E_`OMm>nqr!W*?H%Vapb%*(|bps`jg$t9yFpcy5j7$k;Ek z^glyOzssJj+xIHS>$j$@{A2#`KZ7vmxw*A6E0tsyUfjg7X20|w{i|!2`pf(=E8Dqc zV!3y|bj`)T46i*Op6}>h_453(m%pCOs#_^svQswt@~lh0BtLCl^l|UoEm9?Qayz;_ zR3`kHyk6em`E6AHFYYWBYBj=4F9+ttTsNKS$YrnC@Mlv`_NK(j`BOch$WP zXtl6>k;N-o6Zug3@X{Y$uVllWXBOvusyP~dX;Qf2n}Rxn4`JIM@W#Bh=iAyTbu50a zsC4t2?DPZn!fQEE=|nV_W`@=e{#C4*iQ>uCazCcizl(RmC6GJ=*LAG6G#~7}?LW zEBt5J!|oiKvnPDz%Zc0D_c)xjn-SevJZXM!e$0!g_3b7pANddaCY+XOE}58jXUBJu z$s3)w)XP>lAOE)g;eQ6vo2GpW#4|s$G1^^~o1UKe(ARb8rT0E3g&t=YSzjxCb4$H9 z=h(_erm^Nh-3%LII62-&&y)SI$4>F`(`MhRkFpo+SGapR_%5eP$MQXwOJAnU%lLP? zNcej`|LMs;!UfmYSVnGtCDprT;$}0K8>hCG-0JzYy!ozVb8w2zn%(w|dSTW5!F{de$!F^Eve+_IF?w z)9rr(@4E!Ke|v^3y6a)|@~iFZ#rr>`EnoI>x}46IOS$jAY!s}noLb~y`{SK<-xWKS zh}Xs)TV#Dhwo4>8N6+Kl`(yft`_cV}%YIEdz0_@X`sN)!r|$Jw6tk9TYG1NTee;RW zF%_$0c5mBJeok42|4i5#EBk|M126xUe-yHDXa4l_Il)`sbNz5WzU%743rgF!UlsEC z+ms-x{@v$4gVyJ_!9kZyY+b+b3;ocz5$oci`bbOqj@;Mz3e|2m-`h!Cj5X<8n`4?` z%Fx5bZ*ILY^1F}AWcT$ohGFvew%a`ZuwHWGN1tD+kM8}bik|c*F(Ikq{DSqdAMKVu z^5&KI{J84X+uY1jp}$KEe>Nviwfj1|bBknf=&lcJiplZynqmcKM_}L^4gAjU)i#?VZDL% zqB@x?E4E~=?d9c;`jPq2&}{mH+$hfcX~O%SB~LPZIqT^j&(iwZ{LDwZP7k~$`P5e( zx86_{cCUN+i|bKgi&w|~(Qb?G5S-whetzb`^U7nTju?eM5wr4&5qnY}M|A+6?wGAC5HD$*GU2pPP&D;L4S~f1f&HPt< z$6KFuDHGb&r%PIx9{&-1^qxrHHDAkhOSbH4-H>egr0e~bSnt3~c4D{g#kyTOxu?_n zYvPXo3|=2^|7Q^Wk#_z__^rRk+YdW@XJtt#T5j@iHOH~%i+=vZuuh)$p%4 zZ&Ss4`X<|LnU6KM`>Gy(9^`1DvT=vO9wD++-L)NV;+l^oD z>bp5}6Vo=%Wk0GP@$ED{q$7TFhCoes>p{C4rb+)99+{q-x#p~RUyW>`h!10Qx2a9_ zN0+1%n>L<#dC%g<)(_9>H{Q+UEzdKMl(tmblKUrEziZw8ty}iyeRtmzct*#wx8Jrm z|6b(T$I|s%f3P3vR1%SXyY86u%d^GXfARNju{17!I5Q>9hPy;}_or2x#T{lJ*{8Ps z+M9PXOFElT%IpGw}bh z{V=WTmVQ&oiZu!bZ|$NUH{Y2b_2~A)eRK3@xqOt4e);O?`aG676VHpTe$>zZiEq$uuwn@d?Mm_pt<~`Nc_~mgg zrJXZpPd46XS+Vc>!}U$MUskV8(k!iYSmm$NKa=m>+WuoZR_||{CwZyHJUhGovHHfX zS5KW@b=UCcExX;pcP9F8`Qa*m=FN?!jnnvaqXX1)+Bzk4*KBU6#n4+;rpCh+m^2JSii!AMecmU2G1hPfAP$J8DrkMwO%B1S8V&?zdZ(rVtZNy z;y0YFZg2U+$~QIbSJp!FTTNQ>5$!?#OZ^qEpP6JEZ~jr|eLARMQ$xYt%zsiFKRhW9GTXn*$GkvN;?Gv~hC21E zkGIY)zI{jgxWZ2*WfkF<;d)zV&o<3=Uh?GBgPpg}i+a1MZ(Nvd-e|H`t2XaNjK7qD z6QfOd@Q3G*rZ<|bc)ES_mK3KVo;%I+*B0+Gy}I|2bE^_ea4q-(D~GEVy0w)86O0 zX=Zlva(?N%GwXS_lwGUw$Dyp#RUV}G zdwrbWAScZ1a=A1?G-sWuqu|`*Do;|<_I3VU_Q(F=e+Hf(M#qm{-=~(jPA4?%*wvJu zer{I$Ssky|iOMcbessPo%;@YYolHIDiAILUw9oJHvl%DVFBYym6V7V1@ zE97HzlitGg$r;BEcpj}}?_QglUB7u+Zu`55@59C3F4TOH^`q$MgAZ!AS9;$0!}IlZ zsGiE+zKqoE34#WeujgflT~+KqG;LceXXt_CdCNAJPEG0cVXUxy_2}@zGqF*3-5*&- zy`J=b$MzMgb}iv&nN(0V&+*$@?{C7f?^WKtt6i0SRwM4F$mh!Aa$nbeG0J(GTV^d9 zX&koYqUOb$+%m^C4}KM$FH>G7KIzCufslFpOS3cb`4(n;6mAn$xzlrem+jAAg(2_1 z9pT=oeqD5JzJTBsRe!eC@zIT+4(!k|oc3Hqo8$Zz!E-&zlFZkZcuaruF4(U9*0e*C zNv(@#vrMXFUhA95Xy(T>M{M;APSGay_kvRcjLS9vt=WxPpc z$U)hU*Y>=cSZB`#Y0a{atkC?VhgZCEF*gJFfEkSJ>H!rN3t$ zUz_mFtb1pj$V`s=mMT15lPrsF7Ke6DF#GdPu{vbqE=#>Rsa0}2S7-_^SrM*N_+@3% zM9053PaKb0D=qq%;cu3!PIE><<%y-qPM1!8dS~-7Sb3qcZe!oqAkC%RZGL;T4oyvR zS=qawbmhjtlo#Ui+Cr|{a)$kDT}2k#nCFCa9e6VB&x&Xfi~hS`k8fDpzw40hvl-Js_ezG zhcC;owe&psyfI+Sj^H_k9@|+%9`t248qR3&w5|X3RdD+E)XkT_EZaPdU0HI)@~NB$ z^7z>rZP|VvmPo2wwzPATCy(KAQ3k^aZq=WIl--W^8D6*`sJ?ybiH8Qe_a#+deq7}C zv2otkD9br%c8j|c?&#w^9PuqOjrb#MRMl4Y2vs`r8@5n}D&6F+~HcOSOCsI_o=6kK+HhN%o z-)oxYRB6^m^}S3xGg&HiH^`JP-`&IJ%D~kmshpO;XVw*_E#h-YsKAPg)3@()3|oL< z|Ft=54v48d==-~hb+SR_DTzi;k<)s9#a|aJI(27GgI&ud1D>Bk)n9*I@ic1H3VuDy zb&`sT*8Ev>8@5WEn#v%5sNr5DWA&_7JqbD+{NEZWcea{#RL*`(gWdej_a+&d^cdW>ec37L&Xzst=7Z#=Dou|kRfcXCGN}9N znZwin%)^nZxIe15C-OiX$BLUh@fIox3BNCUJ<4~AeHIzPe88qwLz-o&=TT>2*`tqR zrb(zR=`*|aEQX2Q`QA!xPD7c$^AbLu;$&LwU97095ICt~Y5rXg=cCQHO&O;=XsS3b zaw504tg+9p!uFNzMMGtEh7yyLDY<7Sv1x7DerDmKI~;Evw7-gddZrQD^x)&I4PPZw zr%D^kREOS7<%x6;jtu`KduCPLR?k~X+m^cjw%xj$Rb`T;+R7-0O)` zoAGps@_Lr5uU}5=_AdINyf)SMnYaEdOWzyEx0YPK@M*Q*nC}5mm7}8^&VDX(c)<0_#`2-;invGi=dZ2ZEiApI*ep(R=PrBIeU7jEA4l&B zZx{CK&%gOof$@0M%e7xrI^J~I$XST$OxsmE$z*%*+{cT4h3UCkRY^?FuvRd>b5~1L zl4JSgi0ike9=OX9#>MV@ZA*_f@-<$KYO0{j)@>8*Aua{Yc&UibGMY~}^`PUWq-Z-o~@Ob-`&^tbtH}Aik zE3$0~PfP6)*?(K*wtf`)a`5l;CAW^}O7uV1*famwhIwD^G~Z$D`4ysOGC^SNq-?W^ zWuAhuS;Z%(rR%=(4a!(DD_D6>ooSt|?Ti^W3(qf)x^Q`quIim9bKX2|ytes<(pIA{ zf7Pl_nys3kop#!#?}Y4g^()ujRJm@O%08W^X1iD8Vpq3&2GV=Q(^iVa-Lnv{K6$%8 z>-d%Rk#kxCx0JsP`)a+Xt=Hqg36*Omm*$A@-&!Y^aIe+7y^>Q|Qhmj$$x*Di=gNh{ z16)>b;mi6qbBXQY%I|`Sc2mnQJk30DY||y*!|4*wEtS`nO2y4gPs~&2;{N*5#Y`}I zVx7_{BKi63aUs`ciXPHy^pXDpqm!_<{xvI-!YiVK5#<`t``p@k=n|$P( zS@pC`rsQo|{rxt@Y@N$bvMy;j5#D5Zv{Lqb$Je>8OLp#^*e$MFRB^N{Xz8-$wm$B9 z9k2d`KI+H|oyOVE@?rVfBJm>I*WwB8*Vk!oo0og0wc9}D>spVJ70TV2wU>miZMzxq zJXGeZMr2g9#%I;!33m;n+)LWuTzl}rpulcxx$lQ3ll0HM+WVx7RVSLv|Sl9edU~8@wdXy9238^rR2ujH+9uJ%6k}Q z+WuUwEg&*kSD*xmRKpYnw@wu zp{lMlwPbc%@V46)uQFAO7WKGqPgsy_VG|S;akA*B3d=99S0(q^BF}5x$(q&Ra;{AC zXo*#L>mJ)og<0G|KkX}9y=#_D>`oJJ-Xn88V#lr+#v9?4$;;PxG~F!RQr!1t+r~p( zirX5L<~v^7s-xpw_m=IQRk&)Twd@tmPpc=toK>^A<|w=yt3|u|wqJg*WlM^L9-HU!tfL>*yAm%i zFuQO}vgyHus?y~Z-N(W%tX9!sd)Q|k&c8BCTzvCpv7Zs)E(yFh1z$x?nJ)dr;-pPN zSXJdF@8ilcA1}?_d2{x>+FhaD5eMt49`DWGWV}1&T3OE``>7A^zmRfgCTe7F^7LzcSKSOo6@uT^Ik+*M~l)drZ@N?&j ztayPeHtk@&H_1KMS=YVNEs63yek1J4mlWUMOJl?g=^ zq4z&S)X`ouhi}e#1qJSG^OxUfQ<)~oAe0?;k5P|V^8hmo*R{)gEWb6e7`{8NlC){c zmB4^Sw-rD9Yghf!)hTh{$;7z%58g8!&duArC3?nVmA<)I`tA3ajqPVD+%Vvjcr5yI zR@y|?J$4R`TaxF5Pw!Y?+n>(sbW!ugujHB2I4<9^fwYrp@8AHDm2I(V*2j+=dM>Ld4; z*YEAxnhA2f32IxD@2uc*TtVM!-mSY1w3Ig2wT_oc~etcr^AUvR%4$=iU2Se}RZJK!K6fb^k2YCZ%%){>*ASZ*N>9c;Ut?p6JuO2i96k zw@-5r5kBvKZs%QzEj{7${IlNF7$ysO?+Scp98;Qh$y(!}dhzbd58C884l^BL_9*%~ zPgm%+#{A0NSH5l6d6;!~cocbIr^WZx#FS+TdJ}t(aec_tb^`d@*EipX*8G4=hW{PoWvCA4p$2$q_JQEi^b75kWwC!rs zeGZQ2Wj)v3i{-k1IxX;=-Pa;HrEQ;hn#@$bt@b(P9klW4)R zW|QTNKTn=~$}T>9B88pzz{_7(gQqR=lM*S_Rq&LK@!C^;O>SwjM9U&K#`7P!-fy)v zxSRPrJtpOviJin35;FOSRC9~Ve})i_-^b@oJ$Jui z-?x8{yicYpGX8W=jP37B_;)Am@+04kM=$VcpEJF!oU=YX&*N6X@q0V}T?|}avxNww#9t|va+J-L|gYt9Pg#yjEDURGJpEIL1_z(e-e_2LEDy~#;Rf!pU4`-Np( znj5aZ^7?j;6g|V6wOSJIqCCwW?=y@jeEnAK%?Y#TeN|WA>SgLht0d34rk=F9^Ge1A zwu8*;lcU9V{kT~2x3lM(-rVYM9y1%|^^0SUciRM9K6A0tkMRj}_~~NXnfvYg^3rBZ zoxV4(qW-AacmHi){@i>p>yvhD=B<~_ldtz&`!;d)u4d&^XJ5{0_g(Zj(Br#4*ZKUy zx^0hYjv8{gU)%A%+fI7=;i@~=F1a{uyt7<_B}~7)Cb@dKx6GmOTAqzwekK-zs>_JlY3^hNh%&V=4bUQWTA4}iTtX}EVC^tkxBL% zHhs_LiX2ZosXlLOOyc}3zCSX-SGgvMp0xe3Dq&07+%*sW?B4ig^+vxV@7Jt$p8U2a z^o9(_cXpZ5XUh(yeBSi;Q{|UcLTakX7yaYwwrb9FRIsaD;XR$5$MB_}%KIYWmav5V z64}U*P1ef<$QZkePyHi48O}0?=9;) zUp1BU_TJ30#+j2@4+|an#kErPprF9xl@A`jj{08K)#0`B`Ij}(H=YD<6__|L%je$0 zZ%cZe)p>kv({g{7u_S+5bx>OJbzj4!+Vzkl5YN1_u+YtEOD{xW^1)M z`#f^WP0#;W{Ey4>K|Y72=O1m8C8Z44Te7U?KJTpYG}zSnl-F3u{mM1@P8)+uG5c?C znRMgdr|?4;4;{a`dfw{At&{gGF1}mx{)g86hOO4;H@ZLAshm_`b4>JlhWz%@`JGdz zyMNf@=YCK6SNO4$4{YUP9b%Tv5Lv(I(eC|>nJ*v4^POJd$SLG&FZpHNjf54a^p1sU zCOq6C_@!^>@AMy&4}bW(^pCF4$`|z~)=#T5u1UVSPwB^@=V5!b=B3Q!;`e%Qle^-q zeM^G4;h%TAH)TJ2-w}SP`)1V5t{r(C_E9enK6rUyzI{;UZ?(6g$rnp<19czrsXV#1 zZSs24tM?A7`&WH<&+=n=eBbjo-+xWY)$Lt#=lTMEf#b`JPEF@p+u(mTuK9@dt>ZaH zFG6}RU-^E&dDgoAMX$xJj%_Rm;qaekcy&Ye)*tbYymP%Dv94YGIQQs*W7R#^&qVnj zeW6gWJ>1LT?Yyn8{xh)GslG6m+7tDCj>s*6SDwe6eO1kiyS9my1pEBHVn6lwl!qY< z7H>UL>z2MgQSzVR)_;Zr;$hmw<;7AK0n*Q3hnV)?_I~(vHvh&`G9{KGOG6zqYMy^f z(+f&p^J95nti99jy=4a?q}4x|{y6@hfmQh9nyUU@Qx2t~gX^R%e$D#J@Z1xN>viBE?X4uRr&G%wBQh$M?`#@d7u+Cb_H5=r4|AS>Y|%{jKNwr!&@vE@!^0 z*;@4C(?(m*MTb-OfL z?a|$(y3HHDsO@9^+iRn`qT>1E_w6;-c}shbtrW_!{d8mfp8pIFHt$n26aS^(sPpcM z+U%vyA`=%r5HN6mp?&Y{hA9PC9zDMDW6P6`F%v9z?9a7to29zxrgx!mj)dC!7yGw9 zZ~T+Xv#V~BfU(})BPD0+O0%Y4502gS^G&7w(YU9-#VXYD#VgKTyY%jZyRgr~?(OXJ zz8>_~SsKI_>%a8dy;E~%+s;3FkLzQ8r~c9_HnwXj8_$KA>CdF%=JnbeK8*eGMwefL2W9B~9O`lYo)FavDqMBdFxxRMuwRq8+ zne>o#vCmKA2m6n%&GQ#=TzoHP-+u-ZHkRMl@5zaLtlc;F!#}qxk9uy`PC039!OkT< z>*uP=-^{OUSucM0QLmYpi%@f$laX;;`|p5?g?1eOPDdT@FpX{&oOIy!?VXQ}3=|mS z;&RQk;$B_({$a)(J*DY-$Db_!BO?5$b$`E|Np{s6zBbjp6>AUinQ04X#s5&ZKXB~F z?~hrwdcS0hOKJ)%8NyrtgnzWT^}S2AQoh<#GjFe_+J3kF4|?S}t{+-=c{A7SQ4_YY^MTv^MK&(mzUkX<)U z_R;+&dqEpz?cVIe=3FbUKJJ+qzcpU!i^#P#y6Y~5&SG&;4zc`GFQ?6XFrML`{EvON z|7o4)aV!>OFY=h1-4{}5cXh?)r(yOt5AH0n7kYfTlw%#2OP_>X4~J=DX>7dPzT3)1 z8`fXEf4l#i(+|ssxzTUy_&@xLe7~LV;t?w|-x}V>?^)I6KjO^2_c%HK5c_)r9+D_v5;3rRV-vz8t%4<1hI}(&JyL(NZV>Gq0CN-8Q~fqR;fl;Ht}U@15SB=}ybl z8NvlY_v`4#e^%N5;p?Ap4?l;V&oO`ZZCo8CwDFGB#P`v=#EWQ6JZP<<6gqJLv9!{V0iNWUjoqzlv#QRM6d2hbBZsw!;?eHxYsH6G z9F6$7=D2LjT<=5K&aIdBr`z*p`tG`RQ&_HP?d$nWUwF&iYvn%O5}H&HIeB^17uOHx zyZnka{%5#f!q4?%YGcsF{vV&29e~9;W{hS;sBiU9c_a z%%gEj1y>$lct{GKnET^_biVTq%5D`)!Zvw*L(KdP9n3e8QTZAB?(gr}B5k{s*(-1?ZyUpB_AfV8spns+<$UUX=c39!y+v1BvJy1U&$RV#e7FC>ZG{?U4|AMc%ZcRSCr*mAn!QNhQFP0L@#uboxinxFe=er`=w z+O*FHe%byqsX8|^zl8JWo)c}=-`CBN%kEroJ$c@m50lG`>QmXaUf!Q}o+~4+YUW#$ z6%XebRED!Wk-GTfWtGy8a@$4wcs^@Qe4}-)@!?weL%SzCZxe8Pu4Zb(9JBoR*_dT> z(=*N=-fYbE?AW8FT`Qj6InLSMe{FK#@y5(5=kt%gmpp%d;Lqz9^|y@fo%Z=V^=owY z5^3d2$qe%E3;VC_X+QYOW7kKfJ=v2!FOdI!wQB#{^yS(2RDPruKk!vM|2@28k!Sb{ zuHybn(~LGRZMiBpHRHEWtVR6V^C#cmDtmlvo^3U+zU%ayFypq{bC_(k-_8G_o_=h8 zkGxRs!w+f;Yd+n|sA81!`@@>U8dtY$kAL9b*=g5Jf9q=d-MMtv|LLa3>Sful=ik`< zE&19%=ImYDwy&PF=(B$xtIu~HzIv~3pXMB_4Gf;7ZE^U}RK4ugGp)=I*!NGgx>4J7 z>fSYZ0p8HSh?-B$6QZx}S^sGHAECuZ?~B)|XUPlOxURf4d#=;hb*Vvr@^p9qynZ(= zP4d|UpW{DXulhV?{h69GhDL2Cem<+e+5BkFKK(5pQ=)p86h-}r|1F@k|IY@^E&r1C zhCh7P|5(2LAH(Gu#oUGN#y6dx?*4h>y!xy+Elc{A&Eb4K>rKlmyJbcz>)Jy1{%7c! zTVK2Q(DHjxHN`)6cC&BX9`nU6@jnCC6?SIp{Z?#`IG1W@u8q`Mx=S+pk5{+yEADLB zU5B1b$#Xn-@MZkedRhHFu@Cq={gn4kjZK-b(C5jYBhU5+{L|0YUGT^BYALIVVEzVy zsyvJJGyci`J8LKOcY%$k-OjZ>ZQgz=_l&RYOO_5>tCPC&)g-&+s^99v=X&i@e)LxS zTkDU-t6wEu@{Rj2_i6OAoJYIm*-x*j=sv=|;?=yIKIy;7&%1uB2mNPgs`|n2F)i2I zabsI#*;5fczU))`6l?fC+8_GscTfGp50AWeL8i)AXUkvPb}%hCbZ5G>?B@y_7x_&S zzfC_pJ7m+3(#28h3U-xPoZr27HalYDo^|C8xg@%EhAz8{{p z&AXeprI-JThUmxRZxbpYwZa5Qn4OLbm#-$B(?WcWndr5+dKs;|n(mcZo?lus^KmTG`F{f8nMyGywOAkD+k5+) z&PH!u>42ic(jj%Bzx+a@D&}Yv+v}a%Fs0x}XSMO2iQEe^!`WrJoby_e=Jm)rYd*LV zF8*!XktLfF8_sE8JaXyqvF>8`^Ou8)E_}Ez_a`XACb)FD-=70-rI~LuWzUos%6+>o z@<~qH%fPxzcA{5u_QaPz?zLl&wfcC)@c7-y687`7&wlxRe(UPU(|VrI)YQMMKeOD) z?wbGE`HLPd6>V$RdeI+H-?h!Nch6r<{-bNpKV4y=Ec*1&)5Q}POjn$KZE1S|^Mp## z$%}eLX1}PCU4NAAa^9V(HlMGpRX>(~m|@utj-INyi>=Jx3vXYsioamR6Xr;*tjFcm zi!UwzvEB6P=G#0??(C-R^^Yaq9a{QF$)R0)*N!iHG=4Xyt(iIPozR0%R$Z5G952)> z+2S6W`O&oGbhGLbZZS85#geO&AKTu3{`~ocS)ad2x7+**(cNWs|9z-bVfCb+yXD&c zGf1!J@#Wed|8H;Lk+h3qMe8mla@d4lv===$pS_WPvH)-2 z;*aYmnf%@;e{{z?i3i+`O?AumP1as6b+P97i8P6w0c+pQcX?G_$2$F?>-+XU;fW&G z1J@}}SfT1$alK)mKn2_5qn+zt=*#YTwOeR|xi z%{f2LeK3#Isf!A9jat6-?M&tNDj{*PzP+~eU$x-@=j(eb-@i?LB>v$)!$Ixc?TpSod!Ao5 zJ*{zh(kAyZ=9x)>53KT!?=?QO&(P=wYu7h9u>|(0ulDT!uK${P?zX*1^pREn8Hzp$ z7}PD=C$jfr?y;qhJD>9u9NF;aY*l$%PEF{edd_VNm%Az*O=^8I*+wwl)6Mkd#lY?h zzjmD0U-h4%mihI1!HUmEX6>6a>)QPFE4NMjc5I>txA{hf=c0$R?F>GOt*`H{^^2Bx z8?JY8AGdtehxx33g07n!i=DN*#r@~SzIv@+(cj8<{3!n@bKY#V1pmgequLDe*EUWQ z77n~?yiat~A5nExk>4UZ`R~6nZU0rb*JRQj=GrHlQl7{)To3#Z9O3aNusr3uuI;VJ z-7-9rs^yPuSG!Or`6D^BI(z2hCPjO}O@DU#FBILpeEZ@3yjeoocJlLXF3Bi3WMt%i zZLW^ZLcL7yB(zHudZF0!y|L;S^t9UYRM%H58GL~rUv^)UVXE6zMROjIlEu2 za?S6zS~nH{UD!Bbo7J-Hl~=wnn!J|TAk%kfQ9iFqMv&<-f9KcQi{S(lO%kgG=kzOZjg;A>^??>ipG`8()9)O?(tl*eB*-B_DO+it4=c0okj? z61-~;T(Nq$mTxVCLzDXPGsV~TW{JMP@>x4zV>5e;?jFrbj$OOWIrnSaYu=i2ui{re z`|ItuN}uk(m8&kjFs9`7gzQz@x0`?H(AS?VEB@@cNY*}q58pf2@HTY1o?3rW&C+7M zpQv8HSwQ9-yX6n8W8?ke<^Nb0%=W0BZE;@X@JgmFPbPc(IQx)uO_0Uot7|TQ&v`tj zYvIGwy445d)FwT5-5a^~>c+}6|NHTYucP)UTr^pk^q--%@x#M;w_X|Vdvsgk{0gP5 zzB6{rE6sdlFa5{litE}hlia#0JH9C2+WKDoNBYM|pQ_fzO;`MQ!nZw^?%!K#wdhCv zqy24;vqZaohQAkVTKiA*>BS7GY2A-F)~dMmxy(tNQs7|!H|wI;i?pa>JL8nx z;(Oaoa?3qFPTl=7{7jSY4#j@cvp>oot97XSXJ|=&ix_f5Uv`QSY7 zk1pob70yBZHJP8zGJpNDR!U9Vx$#HyhwI@N)hE?j*lf!^y+ZQ1+R8t6*TWB)$E939 z=JDk5o3|HTOSj!q|0vd9{CDP~wmS>nvR-c&o&D%N<4ZZ?GymkTEZ(w{d&1t%6;D-9 z9jP<=aIJl<<(0R$T({rcc}i0;o2SP1>YBIGNA|IPwA}M4ys%H~NN0bRulBL|0(QdZ zZpC+(G?pjbslC%=+naMTamkNq$Nve-w??hLc}F>a-bH`=?`MPjG&1jWAGViC*uSNo z?~lvnvzPj(pDjJo{qx#}AN3F81)A4XSjX{-F@9pMIsGFn_1M-ApN~v-U0mbw;dSQq zPkL9cEbPxR{F-&<+CRx3j}NRcJH!g=BD&Kf}VSUz_YhPpI-FG(!d;IyTJBeMT=jw~Q{qNIb z+bwS0UA5+Q^-d3mhgE_;-D0KZIV*yX86AF<9X{FTiU{x7EsbASZ?}`0AAULN{Bf($ zZTl0H)Ad98kP+iKfQ(@t4f#z<}H z>78r;VBgG#wTye>KkPcYUQd+UKfl1P;`#;6SFTAF`A5WNZR=n8!}+*V#h;JQB0Co= zpPo>gz2(F4-uGK7Kg+z-65euRPoBKj&1>Ngk9Qp_{cZ7RvW(Ya7Wt^cake$tu-XXWFONv)nt8cDW`Yq4)%|(%!7+57?%!cha-bUFT|ccmjKH z%-Qb^Ht`R&7j3uFKDBz{Zkgm+=WmLw+ETRmA^(y6yg%|nKg{pHc`5nSOpX)sQQe1k zg&)t3<@)Z}_EJ4^`j7K$dl@o*?LFVNsNTTot@<67f1#;ga-(khMTXTj2)3WEY8UJ7 zbr%0teRZE&g_~`X_I$q930j;g!A;98POK<(exxgZtY4?>kj444Tlf}yj$Jn~fA!5w z@mW*XxMiw_-aTjJ>i;NK>`{7qOtoRNP+Rcp;1j_!%f83#+y0|4w;<=w7l|~7%45Ej z9M>OQ+?wlGS)=-G$2+xq%2Ud|tuMN$lf3ssPC$%PfU#(t@iE^b@mXn;m;Pw;kh^27 zovS##Ylhm4$EL|=FFk*FY<=E6jau=L%jwl}*&UjwpNx1Wx-k|p`TR%>3vB_Vx z+sA3fvhCK%%vaKO&(`MEIFhw_%y~%UOLZ*K+2( zt&vrmxu@n*3h(mkT{kBm-?pD;OW0)_^VRa%Wqk!HNQ9I{Ku%*Zap{jX2?Yv zs48+Qt;xJ~{qS8c!}2woqNhDdFa0_D)|znD5Bs}o@;|!0KJ#PgvKxBS^LF0~Wqx+7 zLUj4c?0K?3`XAmtYjoLZ)@85DPq+vhM6P&Vd$KLg_~W|Gi_YwtHeWRm=>_*`4oW7k z{IavY)r!47Vpb>HbY=b2txJ;%%&wb%jDCFJ!?mSq?GJSY-!0$n!+!kKR?jlQ*^le_ zMn&{b060}@DK2hxuSlw zpho?}8avbLOKQE3S^cqolk+X_x6}p;mGu5oJJz#Ss2{Z#sEPkJUotyB-FtWAv!Ct! z%JT|X!g4s@)sMWXNT;wj&Io~cjZDw^0CwQ9f{kc zts^B*tFF?I-S=#lzH~+QBeVSrd>_=em22ncrnx9(imWKUyZx`W`NQxxcOU#!y8llo zUchTt&$n}R7d7&@nNO{&nst7vn#IY@{H_;u?1U=n9v}awJI^;h^s2z$rh6uLUfrEN z>t&tT*+*yVAFkW|h+jVAyP$IPbZ#?thIEvt}C=JmX#Ch+5{ zAM=k^nZ9q@vXf;Ro2Dwaq^{E9beXdCWj_KRov^7+Utbfmy;t|~r%Ttg(=0QV${4QG zci40JOMhFr`984^o9sJGr6(p@q_V76Eoj~@x#q6WCPaasU30)p2VNW=wT^w0QqouU)mz7G`g&IJ4n|;WN4H zrHOH3qX4)LH!gi`RRKE4P?sh8d z!b0^!uVY2sRxZ28Xw37cxpn0q`{hTrZ92R9sLk5lPiAKxFkS!QKf{qSIfD-w*YwvZ zb>5u)l*jm3<zLuvQ*{=m(9!&@fs zxFmO7zhYy&yn@|-SFP3^chi^0?%v?Zx}8}syv3it+gADT$x3%rNKShGr<#@GOadzU$6G@>za&j-zFw5nc0%ad90{F z``oJc%2y68Sx`0o@O!?s(+|AoI?T2}$hx;+Kf_m*@ao?oKaw3T{V`tVckA)_YLzab zoAVX^Gi>dO_+zf#F!|y6<|Ui@o=IDm@7~pD5IMK;;4hx5`nT+z>V;oPrLA4QT4%P| zPssi+*>*yN?ce(q>kY204T})EcF#RuzfH&L`r1FC zm%en**2pV~zO1r(Vo~%)_N4{o9}Z2sWIlQB#!}|Bp_ba5mor7TY|t|?@t9)ByX9}T zdi=I|cRkcq{$8-nPJZ~~-?a~WuS|P&BDpAXPRZ*Ky^t7-DW|9Uc_f}REq4kmv+P*P zt3O?V;rrci=hIKL-&jW!9KN>d)!~2Ytu_0nG;Zm-xMgD6$w}`m1U-=I@*$xZ&MNk-tj9-@ayC;OUW(+A?#d z=}uj3qvbWC?|t@esF*VSF|+!uHJ)jQp3b_JyS&2kPnP!&-b?0lj@KC!-)rgG*2cRd z+{f+7<9%AbR-6yF7hFmaKfyM4*`b5W8xO5J9Jcmhy`F=Ao?+;P!ktmRv!iX@*FXLz z+FP;xY^BNt0dIzh%O9W3k97#Tdpobls_Ssa$-j$w7*Et(>dcglog#GmpiHrV*P<_P zqxbQ8&-{8cJM)le;hZmPoC~B_EDkEm{0e=~AG=4K>!bO{{^!BE!PW(zH@?1>a^iMW zfS2GT>uc|(7hGKFHd*H5tmie>g)-AJUd&9BnH(MVRx|#-g52HL=T>Y@-{^W*HmtGi ziJ>chbl9^n)$WEFFL;Y~sh*#*%wm(se+H}jTYFe}p9?uWsk(0L9&|a`SJuH=VopI; z$^+T8$7`-ym!H&%D6$Uua6;r^<-zCnz3FKg-3r<@3-_*cUh&iMyu_+Q9__3L4?Y() z+O^`A^vWe6d44_R$?KQ#`pTT&G41{9(8+n6P8Cb}0=J3TZCMj`^u*IAb3!(HA52pg z^-K%=w7HhoTP{Lo-k)IY89OFxvh!HHo)v83*%l^maQ{JssyS%i(@#d zt>o?V>f*n*{We#_c8A1lt9oF#(&og4X<-MBhVPyxxptoMUa$Y~~WpmXL`16Czjj zK=!XcQ-j{I7ubI+AUHB8GV&S7BH=3bbP;6CBY*Ca>D z^FCdx^ps=+oArbJJP)$89jm&`tCQh&=9Sq5UT>M163XnauWf!jrS)gMaoAdq;AuH? zf;Wqvo_2KRd7I#W7ulZiaeeMRP`YC6T@MAOB8#Io;+h-QRXm!Y<}-;chIxXOR7~$7 z2UoYyLq%*%50dw~rC4t}e&g}HEAMkTb$=c+RndIB*8Z(sg2Mj5kZU<#ZIYUv@UShk zW;=RNWuu#qP}A~N^RC8j<&=06am@In>?^Sy6Z9_lFEudaZYX>o(l)m{Q(IKw+Bb63XTp2dqomvFt1PJdgCMYg3X$W zo`?GOd|j!$qjUCm8^L=mjrWeVVJY!_<=XYKo#6pq^OiOE9X&R2<3R8AFMHx*m(a^rUIElCTf zzP)Cnox1s;Xi#Kcs$I;a-hGc>JA8LNQL0^?C{x|}vcD>4)|yFvadyY&d^2U;bX4wH z8jt%O^{r-+S2n&pUto1vWy-6`KEKx)R6gm-xgNNurf~9ws!;P8tO~PMeea2w_L#Yg zMSL>rx##Nh7Ok$_@YA(DYJF+h=Z$`4eajYPP7G0!xvIM0bepS&U$)jK$Gsb>q~@+W zwaz+JdZnYvbGG(H8v|bj?@B0c?)NI~Id-#q<%;wPGEYiu>#Y<|yzgI{p6jJA{m^Pl zPo=EZ=5w>T%ijjhZ0g}!uX}2lTjr+)I+EN>j>nU<`c|*L_3~Q3$|bFdmuGdo4iz&r zdG|OYu5!Kc$M7Ecn5#=Kzl}V}+#|Wc`}Vx}$nI@798>IZsm>{?0pRX=_v%EAn{ZQOi3^%L{oY1b(~VT@os38XWp* z&(cpfHcvh-n)dcl^IzQsuG8ga9u3s`#I`d(u;*&T(>eE!RkoaaA~>&d<(e&GSC)vK z{j}_zhwQ3<)0f0$6$|o6dpwzBVR|KFp4=qY-}X0uzB>?{cjEZelQVybx96IK)+-sR zpFXD@?|)fu{obpVDvvSW*<5yps7MC?ShArADX?x(*xVLBB zjZJ$h1AL3c=1aTv81c!4{hN9wYgg;pyBGT|89v>9FRAM4@86ZB)eV=uF1YMSSiVvTK6PqRyJhl$qcK~y zdWKhMx5_-<8`=EEsahqvf4i=ff1O?bExeQr)th9<2C#by41P$(7fn z+tlPu68M@g%@zrg?A^LaEb)cKnnvOb?so4pxV~U4GM~Tez@X>$ud4J4YU^ zSUPuKFL##ImW575;kMb`AHzG0w|ZaSwR_LhPI)87<54M6`L|?_Ej-oNE}Ok=^M|5EQ!B1|7x;Sr zXW*C>bs~9Ny~*PVO=~@sCmuaH=h^(lIkA%jDw(;o!%p41bX&>8@!;#OEB{XR-RCR_ zv*B~AToumC_D!(lZNQTln)|aMzuOIDv93wyZ*MC ztP9%Pryg|q*|z@-?h_k|4(w#_S}HeBb^1ELDz3LR*$;N=KF-ZLmTx7VxTCMEFPrbO zr$O)C^HmO86)$hO%3#sHzwYbu>?JcE37u40zUcc=I|cUAO&5VoN3y-V*e6~Q`-1z+N0xo~oca|$|m+YQ+-2d9v5`RALI=hS8lk}acub8I= zh3jPOswwAw7PF8;T3Na4PRE3OPW)3!Zu>Qzv#w~}ed6)K7A1;0$@lWk~;zZv)K2GbE7F_+~`7JHmqOX>>_`Twebe%ts=UiIucWhnZ z#<)kXGT(6?RKD_M&Fh&rEW5-`8y;X<7u(eR^w6IF48LA+$C@0vpFPPT=Igh$zhvI| zJ$|!RHR7Xz$OZpG5jh+{?efo~RXA8Pi?i~31KI+!7%scBgOjKZ=dfsHy8Y7Kce2!mM z`YBKB>bp1PM6&Lr^(Vi*bT^jj?GQ69J2fZ0`S?<;8_(P{es8dNwC-@4+2p=OTej@g z@tP6x{(+Z-cr=IGB!14v1M98)UVNGK)b%{)OLOrA-37-Oo{PTx$G_26iEYvg z;l_y*@2#w{`7kG}pjj)KA#MBCorxPaXXH+QU)49Y%O~4eJmQ+%qjW!an}o247BQW- zv!+!}*}&uXI7}yJp4(^1y7-u|4`E6^-q9so(F|W!dvc`ezw|CFOw3x7GC?Esr0L0u z>5o!djAgBTrc67=8F=MdrPp{_*ud)`4X-|qf5k0BmWnkuNyM@KyBG}3WjD2?PZYwkUuFfdD*dJ} z->!W1Zb(TypuRlnqPvsyg}bu@w|$7~d9_5R)h>D7)d&9>#BC~e?OSwhUivBj@4LRP z)$jVxAa-nZrgrAK!##X;TOYnGUz4?Kc6_|gah<}+w@tmwT$ZPtyYH#1Gg~>x@qut` zS@V+UJrBK$`ws1l=UuY#=Gx1eHU$jp-XFYn-XyN(?RMpbGS`C39J%N6^)HLQbx6eE zo5afW?UhRoDDeEcEU+SW;!X>Rm21P&YPNBlw_KNUu4C3cnI?^xJX!YFvGe*?o!!I7 z^l@^``S!%^3fhg+*6sG%JTW*+oh95hWVUt2US4Z;RSp)eT>>J%|1-=D>I~vJe!pu| z{KIPENkHI z-FC@Fb5cHsg=?+xe8QJ)^eymn%DkPc?(}U}og7hJdXs0)H>FwI<+J1x^!5J&%0J^n;AdV_*LQ8b)S#^6X|F!)`V&->#M3}y7$ku-KeXND~tjoF!pLu^ibA0*IZ1Lo2 z(jfEs%iUW z*QiN6WuE70dNh01F0Xg54Nh7r$X6Y|_9xP&^+@mb!UxZG{xscYEPH7Z=PUcEnG(BM zUfoj<&tJjxxMWYC8*hnJ-l~Nyl`?(V=Y%6YLN=$&NfD?Hn>O>2gG9}fzMUc#yCpBJ z_}L%0VUN33shb<$Udt5H6=g4 zNbo!JF`N675?7HSz7t`0jHvC-q)Kyt_Q~Y-Ljr>?0Mkt zW9x*2=TxpSaI2JDnv|F=_Go(6+dKR+kCwU@nAz=je)|kgKS8u46zbZ0x zzEN}PSc?%$@(XuS8~&5!_Rb-X_)hO$X7&5((EwrfO2N9 z?xe(|Ba`RwWrms5>{ZWPP`9tmr$L0Ja3EQ5#8(0?E)UlbY0%0b9zGq z=-RyX*-RS_squeaeJ!BLY~Eeo43jO=whbAcN*hbL*~3+O(t9SxdL0n0OT68uZ6CDF z)19T(Rx4r-UzE3Q*O3)=k5<~`IVzM`ypFyecH7&{uqSQvvrV2Nf0l&sYRhlGCw}q4 zrDdP5-F3IL*T1%l{qmN-fv37fEniPvd)vNEYRcIyhi&U#*p?}gp%nscu81XX7`e*j(#ESK+Y>Xes zvLAM^F9xTl)+wHb~;XlfMtNdHUhb50auh^P zVi!-#aNLWSEW7&Y{_Z;I4^NkOHAmiFv|`5lTh=Mp7oGo@mdov*%kOqAwM|W8irfAA z>!v5p*l4f5v-Q}5V@}6)=Y17&o6lez<>N_xg@q(Qy^ohbP@pQj2`p zzdY*kp4boD?78xyyE_%87_v%ltv&l&q3)7Avz^!andv*6{^_wXF2ECL|c_xY{k43UZ@A{zL@L-ei;dD8x#E`U2OXI@# z_UA>$Y8-xK^q(PNed8{-=^xh}ek9&L*ZxtY!OY~j4Ghh*HvVT|<=OP3@nij?v-dk< zFZpb)d#85dRbkhaizSj3&asBYG8FNdcJC{sI|2|V~ zwfKzSHB(e|1E18VdG*$37C((mf7sq_GW(c$RL=bGXRFoU>@7`y@Owwz*6PD~-hF$L zXWf|`{xNjIr_!~eYUk6tCuz_BsQPu@N}DpXS;DtY?^c~ypuL{4ry%UEU}yK7sPrpw zdVd$#$W6GNS^Q(eiK8NV(v#m_+qIwTPxS}!=7rn#U0XLT;@IV_=c9hCyZ`Xo&eCGDxHvUkM&UE`muJ=5O?X6{N|?9L+C8hXQxVST*mvE$rQ z5gEH9zHHbMrleP7x9@MKo!*b_dwFFdFj&=Gd_n* z+S@<%T+y0PukXv{OMV{zcI%^$@Q-(|4n^+sE(uZouul8o^~3)eZcIKp%SUSZk-ch9 zx2m3>bBbB>c~9ZQxbEN173^Lg&tCbbH0|c&%GoOOVHkZ|K&v-T2SIR~7cD-Kxxy zOV?KN^Zg$C)VFfg%Y4PY9E+H+aP>Kxz~43%ryVBt82)^*cvblI)gLbY@vIeT`oiaC zP<4GtMf^9BkL^9l?a}RlebQ+!Qu3nLXB`qToSztTt@JAES<6WI8Mn^2ZLL+-m#+kpk!q9EcD)lGu&*l9Pi_U|0MjKR3rM~x|jHTLB%c8?oOC&rE!iu z>cKyb{RjA4;w|g@|crj@pWy+qgS6!2}jMnl57*IfA`hQU+i{Uc-AmKU~XVs zrngK*-AMl2z7qSb+uNk|e$7dk_j~`ZFP*>RDiS@FgZky)*MEI|erwp>bK-|fXXpH~ z)K`A3QvQ0ye+DU!{W3zuxzspCqeb1VB_lQb|dC>BO>ur8q{aE+?!LxO< z;)ru#}?<$lL(&lPl-cE`{eZF zw{}WTI`#bD-&y5<)PFrO*lgN*%<%eY6Z@>GcVc_4`TF^t%6@O_6&s{-f=_GL>j2|i zBd(9p{JrV%SLSngVBi?UoAA9_f*O;a~Q-XIL$LnDKS&Kb&&)xr8 z8QlGB(#4o>C0E{l&lTcIy|yu1&T&Fr$?yDjsnRw2I@`bVYWhW=d2H|X)A`Z#x1sh8 z`;_if*ax(EiYd>%_~hf{t`|oxtZ$jrbM5)uX%9C1Y36-Ly~a&p0p8 zY5KZ4TK(R}Xxcnx0B6s__<^Om-xGns6*lqUFYvSG_ffLL< z?pByiRn_!0tDb+eWJAc^xTN~VX{T3Koc3#rILuridHqIl+}B67YPF@ji!>CTBwU|c z!}lY<^kKhPclRNch=)lse7&*$NB=YQ+!Ol|xF}}p*FVWY8Qjqh{wnhre}ylNnv)&q z`8EB_V|B~NLCY^Zw3GeAx&3mT?w#0uD|yx~zw`60z(LK)2iC`aZ13J8&-A0{`O$rv zdp_x`buc>F^H^QHWR; zH*cACpYN&g@s(%h8~l5qGXDzK*9|{R+m@{>PF^0hH)Q#y3wN&CXTEQm<=*W=dky^E7LPQHzs zyD|G&e#8Au>yPkr*4?mr{+994Unk2+pERe&@Z{^6J>mM5vWstxz16F&l5Q`aOo^J> zpvT5mI=m z#fNA0P1Kw6-N?5{MSnN5t@iUQEq`J4eeD+>W`@pVJZ5`-%U9d5+g@#vY15zg869K~ zjtkFU_M`oAe7Dr$qgE!{zKNN87UmlF?+JO%v?ux4{ttn+dY^9nd0FLjT=nUWUQWxK z=L64{$8Y@4@YZsY;3F5N|nk2zS2?inQ7 z{%u|HWbe60c2h5^UcY%c!$Ki^@{HJ98ozaREVhb?ZVN%jJeWpJS$I+Gk9BacbAo^xXP~xzWe0blbX@9y;^+97BMm`lY?n4^rQr zZ~Wpt*Y54M6X`b&?`IcfKU{I&^Rmg@N+s5}>q9@>eQ~jE;iLTiNiR6rZfBM}K5CjOSp*zjVt>G_U#VqcE$&T!lsz2WQn!idLyL8kJK z9&fjq!`GeX-)CZ z#9!BzcbV?)EkE*oy7W1@SI*~uAKSEalV(M^XZ+02b&rEQZT0H5H!bvw$T;O4Hc{nr zZ06eMQQq^8R9#iyxnt6Ud5t?)|MN-xCVpbIafYC=&V*AON=rj0r#mlo)$KW`c6oEX z$)a}^oPx7%ew1%Wx%l|<*3FhTYncT&Up9BGDS53L@GNFl-j>UmlQ{yW!y0cx=Q=z2S8Z49Q`{u!>Bg*V%JN-|+oER!!(+?kQfHeMdY0(?h&~)1_4L(k zfwIkvanG06or+5RHkGBjF65-p#+=&AG3JM6ta)}-K~TdoG2ZWmR?x|0`$G+k@tG47 zUM6YYtD4V!WX7o(S)IWbo|@#}{QmIT>}7xZUi#f$OD?!0bI-$na7S9YxrHPwuJ=qeI+&GPCQ{m$~>$O`_Too%tR zbIV^Ld@?O8XA5Xm#X3w=XyEBE0MR|VwtbKveFRsp5?q<3EY{fCn z#|!h0zl`CVfA!UV(_d59m+ar><88TW`QgGz4)Psq*?0Zib0p8zAWK!c`D{(Sj{m-A zWlEbbOyW3^^Z4Gf_R`6dnWug|UNz17TdBh5&~-KkmLARKR^~KMFXn#ax7|9USLE%K z*Kv0H*e~vJUwM3WgrD*(OJ@VwpX;4|w3=Rh+H$RR*GjH>t55IQ9M`_Qr|LS*?bDz8 zv+bjPomrAG{5&7DoVF3KIx`@JUNxkY2~&mfC0E4F+wyseXS^A^L(=%vNyV!qtA3oHB9 zeE~v3UHj>rnKhGo@-O6FJ6hrY_NndB z>xcB;?8rNH>a*<1*9X^EoREEeV1KSe-d1i|`xD#KTh(uCYdzt)CTf{%aeL>>R84Q; zl^^!E@3F2n@3iRvwE!!H(u>M_-J>&M24LB#Xb7@ zE1gBMt$H>xq+IW-@w^@!b!quD{uyk{xwURWS&Ka09$n{YDy)9U>e}ixuNI#UyK!8H zJ@MWyUHwP@8MQPetm0B!jkMx(RQC}X**X$ z-+Og-P4qF=Jx{hc%XY3`bodZ&^umW%kA(GXw_Ecg|F`eUd8(I{F8>J$d)UBSJ%9Gc zb+5gz?y>vqxgs-Yr>A(wH7Aet9VWF-8G0<+ie}s}cu+X&n}55U?nm22uC=@mnT*Ue zZCxuZ*D=kt_?KU&|eW20|!eX~kc$Mh0D>*gER7a#p-?R>H1 z#=FIv`d;cO@)oMNKf6@*;&T_p=|2MzO=O*Yrx{_ed&FABiAZI)wyYBo^De=C%MH}~S3U5<8Q_+zZ=U?^u ze)y$jmv8EBdA-vobBni3dQ-*my_Hk%2z~dH$*u8|U9mN-!shW+ZzC9nKs@f0h zv%cULeYdxMTja7&Zxfo^lW*<4V>IP)@w~;J^Sox+yslWg^48;J4x-87mrJa@%cHf; zXT3fnzdQ8A@oT&J#eUcy>CM+Yd#u;SY{g+7VU@=p-Unuw6=YA#U0$IW`Cg>%Z@i4W zQ+3!mPxZpfOV4ewl>gz7YZJQ2x4<+aSG}>^cFo$R`(B@QGfu0%y!_^2<}Bl;Bk2rM zU;ny4h(B`r=JSty3m3(Da;-o6t!4tl`S?>iSNHN=l(-XhVB2;sL$xoj{ibG=BnI;* z_t^1o{irwR)W;=73;qc<`6j)Z&+=^h#_Y!Z^#MCy$Leh}m1TQyW_nZX8Ht}sOE3Qk zC{5lUxId%C`Fo`8=d-1U)=XPDXYx|EH5Z>+wI6yJT(j0@qD``*WXFnG-*~xh3Vk!@ z*}-@|p#IR_@bGQzN2kZdUa2h*s&F&@x~}-xe+J&KVcY$;uE`NB*rXn0`8sZzw5-YB z$EVjf`kg%qbq%nZaEdF{9)N_g!+xKn0667l$w5?C`!rR&xMuqdE?#*?! zbbF@Wv8IOi@sBWD_VC}j-`)v@o|^o1m7MV8N9u=S3wWIlIj0@}-Y=!p@l{}t_0Hl20b`p0jhkEOU-&+C7TKHqk|s%*(Wxv*93qG^Dk?vmG^#J|}j?a=sY-@l*P#%Wf}wDpAv zZy2Ue>z!`vT5eWw^GBcg_MLNuA}c0dZ?b*us#B*?p?BcKTCu%LlpeqNT=${%+k4kr zns$%3*mv9W{;94q@&3K#aw)6h?#iFuQrE897_Q1JH2IdNrw};bNO)ol-_j5FAKX8> z(ezkr#Vx)qkDqm=-JbSsjq8W=ZxuhNs?7Jk^5n{vF9&aNmfrrWxqRJ%2lI|Et8n_y zaOgs|{YRVJ+4p(ko4a1v_E|l zRo|BafrTp&!@x{V`s7zUV^x<#!AQJNxZhvv2&kfB2vN zhmcFg9Pg5HH$85?zcg$4vL!_kOBYtiKk{#xbN5H}@vsY14(sIHPe;9Sk{-~|?;SJm7ulo`8Ng2LlOpy*h1-6^qooTbycth~ho#U)PFi9DZzGm|>W0)z;OhGC}K&rApNmJF_1vAOGd{ z*!t0_qEym*MJ3ZGPP?g^G3hHSyboOuvvTbN_`xXu0O9e(j$`u6=7-vzlmVOl=tQctO5 zl75rbvn4gB*T#7$sXt@*l)ZS%hxqm_xu!a6m}2i8;JZH6F@IV1F=Br`Ksw1qwTSmY!P8yoD<&lZJh4A+i2^(Ni1_!-TaCpqw-r5 zHeFe|&s$@n?4~Z^rDd~@cjV;k(Wr?|UTAvezW$6=GZVjxHYa{`x*XloxJ*;a{Y2-9 zU!1+yZrk}TLLzkTl%yAvAp>8_Wtczx7a6V=g#dpEb)tLe%$UR ze#X0*W>yb3ZT}tl=~+YKp_Gr|>;Gxoezke)vThwWmItf)_XfTAm=SfYxghnT;5Of8 zK^bAs)ds$sPpw-jW|l2Bd!5JqJt}AQycwhSbLJ@LX4OW0dvkBI`stm8moM#=cmH75 zs*?A8mg=r$7C{Y{bxLgIPDf69WNopijpb*M4$s%u{<9sPT6o(_J&xaVO?S)8XBs|& zF3KnGp0`|mpYNaeeg73PKh_`1mfbR4|M!g4XS-sxW48)<%C~>HvG}uIU3!S@=2_4G z8D!O&%~aU^;fwN<>DeG}{z#*CJq}49~OOx4XIbx80NP zJ`fhQMlj1mEc&fm@MmXeLCeJ6`9YXAMDY3x<#&by+<_+#GWGShhRAMJ0&rT>NS zMNFPw_4T&&>-}66lMl_~Fy|KC`$X&V)K@Xh2iKVgSJt?%i$0sQ#(&=K>9z>82MK zKCXYuz3An{mwXXgO{eEiba>J=y1J74`88x&o= z`{X()!_6wm<)>r+#0%_EUr^(8^ZH&sJ*Dlpx-W3O+GD?H@4H5uMFN|c=aez++`UApobP7N zC)Z4|l#8ccO?zW1+dtuqg=w*SWBpd9V@KG1WWJl4cdk{646C^P?6JvP#qe`o!H2aO zIM=nTS(kLNab@(+s=24$sPkX`yuzg8VyWp|iBC5Y{JpM!bnUrzt7p29&`!(aYg04V zO^EG0^yIw+L+H^PXBQ`x#M>^K#w1caRg`7hYmqgZ@}5?xZPQzlaz#us`KMZYfo6}%oi<|p0Mrr-Rvyr#mS&CEg(rq@r5Bu`NyUoF>r`{?@Q((rQItmdbg%IB3Z!cC~qWN}c7tMdHeP zD}ApYx!*BQowdgJq4rXihp`6({kLAOGk#^Sw{vCmEv5?TqC)>E{>~TkYg`v;i&{-e zDLWfdFPah9KR=+`^554&`wy#3t55#9{hvW}?(x-bhJMZ8sxK{{yKdc|+=?49tl_Jk z^!Cg-_v`eLDBZi8PqV(-#{a!NYPJ3mf9_l2UA|$)O4~IgO4p?we$X~iK*Pqr#9WWl zs5o%{o6jG9Wk$JWw@>-3{B!x_*WOe4=gJ`#}WR!aE`1Zx$=0T%h^Fz1U`C>P|&Ytu3{8>eXz*8-&BEDGXM!W5D zQog2itb*sxwbqtx;S4{krua4(m>0*{+8?S-Pn_&`{RZ2Mqvu@h4nOSgTPxuy-g6`Q zJyYh2h3a+7w?)5k)!=-Joj}9 zZe%Yx^L$AQpLU(SWQEy3lizHs1yy*S9`)axSnQd{BCkx+# zudB8-mSh~)*~oKTU#)eXfn{++rQO!9T}w7h+M&LU*CtEII$@qItI8U+EvDDX-L2!b zZ<{7vOWd+$PJh;M?`{8l*)9c9W9IY8UzbfinsnteN72Gf?oJv_PvzB|x7%`x&eQW2p8REH^2`m6%Cavq zcHBC8C_ppeu5Wnd$2q}KkIZ_f6!vLtoNdE=ze`BiWs+CKlZn@thRjQB+EYL0%BKA% z=X5Q$**%;6^D0ltwI`Nj791%sJR6?L)YG?UXoyEyHWFsrB}ClUZ}$Zf%_%d*_U()A#prv5(hx72ZE( zW4}mo;{2yP{9f1Q@T7;TF8I&TF<(6FsmjGKHXHq?&c3&KkMz>JH(h=mTk-J8%)-x7 z$1nad$Yr?leo={%Q;J>@zv(62GusX}gnEQm?+pyiabkJS7`*dak;v^!&W7xb31|{&QZfKRaL4 zY8M?pXcTiwWs*U1Tw&BM+ZM4x;iAPB$CW2XPcxV-?5Wb2%zY!-l(*M?cF?l^hu$d; z9gUTekJjD&+wL6RcFW+?HUsyp)N|`~Pf5$l8a?lswYFU3nt=JO52<-OY%ZmJ?AkcH zXnJ_CXW=T}{qv_9A9x-4-R$Eu6@800+J4VW4aBB)oU{JA%G~%Mo18n>lJXT^PrObn zG+nVHjE7G&TkqGmTgTM4bwToqE{60{+Cj8#)ZlNPz|7L8MByD?S zv*Cn!%Vs{UTycs|;%ip2&kps8Uzcv-FFG2N8+fePX%}~vl{V)x)&)N|RIc^b=FYY* zwEYpheWPraH1C8XQ38f@gsiVv_5M1UcX67f@>0&-Q&Y^NuL%A5S!m%R!?2~I`tbYu zl2u2;OrPxhvZ|_d!`>;9)1L;PzqBoXYjv&MF-J}Y)}IBHCbxFVa#u}ToxNE9#-l5a z+}{f<)`iD>l-V`qUyPn%Piplw*K>=jSKO7Hq~um)csBZSjqQpPF2~Fm=6Oa{EA$5Dp1dQKwN#3~eaWS_b{B0{@94RD@@q%#ThGq$ z^77YCIc@8b<6rJdn^~6oD0Y>IC_}Ml#`ki~8D^`Rdl*lyp6I&rwK%u#x_QxOB#bQ{ ze_k8$hnIKhnc!Da8}t}-Wn}H8rmLyENjbPE&Q5iQTd4Z_y043Km)*GG6nD0+`0AX$ znfr7<&fPcZ(D_p=S`BlGj$hl!>wR3{_N|jTm(%-q@7|xas-Q@?+`M!?_m8S~{M#yy zAN7}UcxUK(x##1Y>%8l0a(^U0IF`$Q@Skw3m+#F?mE^vCSI<;TKDO)HKDo0J9Nskt zzOPv=E2!*yF^a*jcx%;le=Uz^Q*T?x|A>#%zoK_4b07ER+{K(7k>S(Mugmr> zDnFeZ-MKS27&UDxeVuL3=umQXXP5WSB({gg?E-Au_vYStbx-_<^!N+K$>sPJD(xLX{;2kA44cJX7$~QV)r* ztACY*OHWJF@qBFC8ou%3JQW>Ib(zmm+X5@2gISn=T~^W#dOF9q_qdImYrOcn#NVcC z<^=>!?)$3S+m`TI(9z=LYO`A|lRU~Cudj1edy~y=oP6ll+dJEOm)-H6ao3HR=UVIW zmWLTRmohB zd8<6+5Slu zYO7y<+jyJt8DsCB(APF6o@tjzsFbW(ck{Autax(fTo(h`#XnX>Zq8(Xw=<{oefXP_ z7jJbVpV>TLxn{2GQsbS@6Z{Nc2V`7p<9)beTH4IdJ-@CL3f+IrDfhK5;wtmswPoup zl0%i09_4QP)7Ud7tUJkcr$CSKoZ`NzCS{7ho-=J(TXKj|zi$p#$+eHSj~xARd~Mh? zKBvW%1xG{-Ps*@~232obu)?~%*t4`wFD-Wx13UM`ODpz#;+R)y_o~m~MdgyIN7Gua zl$vhaW}%Y2wfK7Yp_m;x&%dlJ)pdQZo+Q!|XWJTZc(>3V##q6y&hGG(AWgo=U0+Tv zj81yGu_u>pzV-vd0zP)p7|$KzlXpJgI=k^Ge|hiars883Z@q=Sa`#n*2yXbyQ?Yv6 z26knQ*cpE>2HjnhEpc~R&fAn(sR1|D85m>zS{L{nEtF$W{{qU}AKh|CUB38voUzD<7z4F3< zU-b45XP<3TuO*6W)mmMjZFyJrV(Y}E5BoXnMCI2@n%>K(6WMb4#LfhX=RKjkd{@sj zZhH{!%>B$z*h_@(=eo3;URJTQc17`8Y38ZUe!?9w>)pQVmrMc}+$`+2+!xHAojcus zW6@#eO7^wM4t|eSx(fKR9*U*i(!U*fUb$0+S$0+S-o!62W>+3+eRBCtzG!gCUBh|V zQ$K#&x!LgGspN_C_GVYO-Z|xW;=srA{powu{VqRA-0@&yh>5S6%-Xw`^Hfsat>Q|k z-fZFE@my}|QjtR*e$Q{Q`&Zr7RyNh1b=vxjo!g;gnaiqs1QZ1)A9#Cj!;|YWCzRT9 zSRZGsJ`+vG2y?pM@+eD$TEdFSx>ZV;u`82(SdDhdsH*Z^V);KRa^!?JFdy!oH!S~j9W;rUZ_R@H;y(Rhx z8@uGH&zebvUsgs*DJ=<*Jt8=-HtSA+mi~;|Dz4Hka>+S?2VaM?PIR$8$ME*GlW?l- z@{?(KmX9`WwRFiiy7A!4=Y~d@*GW0T0EzG?JUdCpS{_HDR6+3#8QD7%&l!e1+oPw4%t$Hx^yz}jk zD|*j$tV=20)w=t{x(P?D5~M!A7kE*8xGrTH&!4NWww0~BZh3R!ykgHsxlG5Z)g~O; z-Egij`shuGD@*1rpLAUPrji!l1;4r}f3=SU9W7Jh-)+N}r7v^rTFxQ;sg6ezGdAzo z6X|K|X1VZmuqo@QbJLHMO^TauvGPgE@9Wz257*mQDap?$6Mb1#)^}^!oD}5+4<4@- zcp-4x?W_{hU3Sr$=X15Zf^6!;Kg_y$yLpc2^Q8$fQKyO~tgxZcn%@Q*wN7Qq27sjtBFsimzPVz4HS% z1E1&F`( zoSB>t{aC}b413*{lvjoAIJ3ZHXMEL*E&PJgm7Ar%*d*PG%VXMM< zIVI!lw)Q-%p4V%2-FyJkFRVBoj!O%`2oH!ot-+-a*sKlq=q)h_nh)#ak~Q(^w89nLEr zJ=P+LGO0v6DeB)!+wA5~v+@mfsGE*fFJh@=HDIJ|*82jkR^1fNdmc0E^tMc!Lw6=d-O6r~ z)+l1N=+ip-IwGXufLztHby04j{ihpWWv$(__GyXwpILMBBGh9ZbsD{`m?k-A8*_}CZ7VFQg@4GMj_D|ts>D#}(*S=Og{YK&2$)kQ!b5=bHnRnvbr!%6d zXDwYOAD(A_snmS;e}v+L9Azvdjb_RHS-p|9I+W7c(}SQ|mDx_2fPU)P&|Sl)8a z);53b)4xyVe2)FzZkikK)qHZ-_S^+Lf^m0VxoRt4>9q?xy`h3B`lm|u>7OcbjgtMQ z=dnGaV=TAF{blf zMaVa+FIG*?D_@>lTzzYMpbV%^78$bX4@qASM)8^)5b=`ycYfHtf_Drjj{cW;Y z?fdT=HrFH9)}7P0GMVMKcKd~J@pU!KAJ29sZT3{^dp%1|ZE~2N(aI~QjgITA@zy-~ zb>+itT#H;KpKndPSHXSMO6SNKwb(G>i=d0(I8XA|Z znfcOA`eSj z_OwIy>4FDmD)`f;{8{owvv z^N+^qTz|Vqy>!*zW%tq;uQ~7TIxXlFveK*2%HYQwmsJ|(3*Xjnet)=D?DV0q>r(Tk zOP@O+p5C`>z33m=AEoP7?!RinkuuRTO!LI+SoJ0y-FRR3KGOg<2WHU=%bI4jXPgA_k4KXZ7Q@nSExOwKt=BB z*Bw55+Bft(_cA_{aC`Tt;*R{L{GMm^n|SN}d;1w?H%8oA{ztg}=sumR|85pP%8;G# zXI`)nZ>{9=KT;ppPIf_Vjx6MCvZ3&;mu?E2y_CG?GA6z}& zus>B-*?rq(r;}ApkKAtePwBJU`bG1DiJkn;?8R9d_sp3ixAl`u&}Xh0Kd%JVtahxe zo2vO~Wp?s`t?zG6et7(FZxnC%p@!qi`|l_>p7;8i&*s>%pm9^#iq|pkkL=!T-<@0X z)kd2w|J<(q9Q^lt7cW@f6!FG2)56bpN%hn$zsRJbyEE@gtmnLRc2~I#*T>Z_mv?M@ z-W)gcV|UQ)k`2rk(tlo`ku`mzx8%>t^_O=<&HmMT^T8vb9;H2f+DAV7n%+(ko_uZd zn$I!|*le?lgFK$5fsQ$vcI|hbV_&4u)S88tv)J=Vzc&XRyyu8KKhZ6Ix z>h75b#=DBO7dg9sOZ+5Xl>O*z`NP^tG2C-4XNl<^3_e;b`JaJR=;N7N>D_-;NB1Q@ zc<@d1)A#l|qkFHa4s6=J`7@Kj@A*+bd#t`q)$-nL*UTIi5u+0l?|kda7$ska z{bBzd{_39S$EEjnvNtW6cJFPZ@5ToV*;_s=KbrDm=0|qVJ)1r}|5n)dm7~qB`un;) zJeI4MxW?3$a@ytU)S5r^WxIW7p2VgPPnZANtsT-@&)D@z|CYY{hqrfxDz?XNjr3h} zFexnN`qmS-6Vq&`Z45rNi@(!kTYv0jbRp}eD?i?d89vO~ zb=PNolbDpteV#98gYJ8_85eU-{u{t9-68pB^}64t8(!wk|9)V}=FM9#uT|c-u`#Jl zg87vo-2uGzA45|6Yvik*2E<2L8vD3>#oW;&?*5~y%!XN4%(QltN zPw`rvawdOzacxo4Jxi-8tey7rw6EF7DxH7S8}zu$+w&K5T-0K(DKCRJzB(@+wq%vB z=iB7!=v`)3x>s+!mf>-KlKs3p{^sgK^UOca{^R&jzpeH7)SQqbMdlmNajvibn8dk7 zGUuf7Tb_+fw&%32uA7^m&e0?>)oFzc-;On#WwtG|7Fv2yGND-VL8hm3SCP8<6pk=Ps()vOYgY5t6i8+=UIq;ecouQ zxs{(K_Vuqhw^OFwoaHY6ZeI4IV?T-?&F{W1%X@6T_Stli+j%KAe|E07TJ!wvW6^ET z{ozU^V%mYwR>7^ zYj*4C=>z8{8J=9B^5JRA=B-C2`$X=pY-ieHHs8yD@%D~%$z# z`*kC!tRMMq4uyI5yJua9U9)hStHKwBudBXS&6}9ix_)bRg+uLM*-R0+0hPk*j{`25Y}$5Y=;&aQqWtCe14sD3K@wf>Fi5AF6p z(C@l$KXyMWFMD>oAt?7K$#><0@mM#8lyifJM-rNtbqxb4I%qp4lpW%SVzpWqCRMxxmR2{leU<6;Kk5yx()QEy7>`C>o%hEj z^6d=1KjC_saod((Oqjc(d)dAAor(MBd|mhbz(teo8Z&<%37`F=N_zIn?%M~Bt55Fw zGQYjxm3rj%joxW$?h=o-9CGy9WWM69@8-LITubiB{P5cz(8QxNNyygtY<7(}TYm3^ ztW9&aUYqhnK6tz7nVO>gyDsb#j=AB<$#bpN@chq5yYJuhyXQZN1DO#ygEh-`;k}`+EQf*P!uVXbo#W&jVTc@zgudSN%A$s%a zUdxjio!QFAZ|%;IW4pR_%DLQ?*+>Os?!=XT3YCS?`c z9R2?F`|?aV8BdeX);>%3cce}7ps+#o85@CMQ~LYusHn+1y#YFz8R${U5uR#~glaS+c!w*C~w$IrW>gr)KAUjswXW}+Ew=Ix zmadjfVlZ-_VHh8n>7b)(-Jt#Ke&a;#tbh}Shq->SAGX>OZaz6mlI`JzwEcb$f2>HH zY;W|avf9Txws)77#k;pp^o0Dsrt|n`_5Y6cJZHaE_w&o=`aiB;aNDbCEBUEw&b<>G zUEM|RE_t3~9=P*MINOrPlB=I}M;TS7%1S=1-}-I6*!&Mu*UTzdUs~3+dR_$cv>|k^k5moH)YYMxA@=me`Ki#o-nOi^Gh%qx=jf~t@DKcyFft{5OCy%Qw*|x{C?Xkk2*Y|9M ze~U-%n|1%goO^HQ+bbRT-I^c$@7R3)Zf};QEkz?nxDx! zTDwm-_ia`Ed&p<@qWCF%SHJYGf3xtzsS635v;V%@aeuSX$*puP*@Yc?~>@KzW0p1o1Qzx8aNR_QzzjmK?-JxA^dvk70Zzw&l z_EcoPT0z0x0!GPad#n%K=i3wgK)xd|BToCGO1QXpCzFuj?rXa>?sNK2s-Bm8H1Lep z&V%zdXa82uI{UEO`eWtPd8|p!bJn?*&gb068DC?$SA65$EsNYv=O=mmd3{wcIl9(} zarrqe4iS#e2OrH$t~oc!p~k?lD{i+q7k1n zPtebf0}aJr)^(h$)|NB&pY_DREb_pUv?VN)FHO3p7P0wN{jnt>%mZL`jh=*|N0w0{xkemcAC40w{YWL zcMGMx_YZFJEq(Bsd-qIkPZfsEa$i67AFX_JrOqU7m*+&;&qj~;+iJhs&*<@~LfAV| zj&Y0MzOB>5I2YeP^H}16V(Qjj-7bHdP~P-Iv&=i!EV*o&?NYHch%=R?=lR5!QCfRa zdpw^5l z{d;GZH(^u;%| zK2HsMw6F2+GCT43A6)mi+Y5Cv?!`>}9=G-3_ixjpJ}ugmlOe4g_b#?8czMZrYsuC* zDdM+U=hUffy`0;?a!m5T*Y&|4c4diMCD(R6(7V{i@@>8NtaEQ`%EcC~@=0WB0-bnr zpR;23qv>7t52ZeQvT^eGwt0Dd)tXaTYqiaCr`&6~ZS|Jh`&y#I##fe41kA&8m;d-3 zb8*Y@jT0je^RBV3&7An}n7q7+$bH$&CXdnJR^vhmG~W zuAjSFD`r~yrH6%+zispRYTp!RwY59IyId|geVOsO>^pnRAJy|6*Vz_!R;TZIwYH+n zyuH~^_cv~5lNX5g)tM2f^|Pfaebz7TV^T7+!sgsl{jlfQBb%l-?JE3-c1)8i?w;a0 z+o?}!Rq)+uU+tyt+^+a_-&ZVKbjn1t+nszh+wwS$U)uEOhv%}2ZQp8>UOj)lF=*oF zBhBh+J71qoyB&F1edASyL}P}8$rcLN10U*3W$emtQMj`HeTyc`Z9VHPHy`kn+FUcy zSfBZR&eRQ`4=29&F1+|h@`LGrhSua6rwav}e0Jun_TseHcz-_Y^5uW>f9yZ9&6&Py zUduLSp900~_MeZH?G4jjWG5eu>g!z|9rs7M?0RXg^{+s}I2Z@N?6ZprmE zFSp&3_>k5t-nz&B>6$PPWr0J^R`b7Yyfe?QHrsa1SKFkM`92>HEmMzdJ#nJvbNlzl zTMHhqv@(s!%WglD?Up_Drv8yn-0^}x<{dxy*fF}(_3R;;h~}opDhc)Tz8?Cq{ekV> zzx}stA~t1)s~LP;*|JfwpW!Y0*Y#zW7Jg9MZMwux_M?cf>AV*;KNs4ioS)}m@pI?8 z=8!8kx{F@CU$pM_?9Rp7${yyPyRYeUGjo(pA+CeHf&pFyz3^tVpy+pBvPR3x6QZC{-!$9TQu_FuklmGeWl&v4P@-Cbby z?wrM=4O``JK6c!8Vd?Gh`TAi64u*pQcS!_MblM`H790 zRrlK;icdWDo@wsx4(mdPt@Dp=FMRneYWB}b1<96=_PRfAZ`s<<`bvAjogZPfdJmlB zGL|Y{{Cu9Z$oTC%?Q>>l8H8`Ha@KfaX4o9JR_fxUJCEkb_SnWBzWnmj$wgLn#j zdM8^qwS8TU+{gLtCX*jkY*{^jqxYr9C+#BDx4lW)%aUz&(R}Kov(|MFCt7`~x0>z! zaoXbYoO#mSfyNOt>pW5{9e+r@TiUVG-{qX-!^gVknLg{4{Qf?vqGo&kBkgOGo<+yz zalT#FeR^(^UC53H^RjQ)Df|$+^}P1(yGh;qr&dVFKfSc))aS$HVL~VBPMqbm;9>Xr z`r*g9(oDJ780+3Q#rs%3x-DLGXIuZ;Cboh#?ks6*f9!s^y{#r*`~J&KYs7yS$r*p& zx8-cMb9Q&J)JER^sT)tMIm=aPqsKE(by7;lHldeAPJgqnEVVc(W7OLx9{OS0;>B5M z$B&d!^1kp|K6HfJo>rV{$5VK-PW7g@w|C!9{#&_DbI}MN$cyFCFPf6 zW4HEPaNDl+(|uw^@{9WORXaR8r__Xg;1BC^{iuJKUu4}2wzm^cpPBJ(?fdrnEh4|1 z|1%tt{^+IFS9(bG$l>+ZZCza-t>q5;cV_!Xw_eqwy;s*Xzb%ZOl$`SQ+nT%Ku^;OD zb^bGKvQvHGBJ=Nk&^G_Mwfv$>((iPu^}AeIUn9HTE$Y}K)3U@(9_LxY>b9>qzxY*M zLYMT0i!A|#6XO!i+iN^O{Hw^f(O$o7=aS6@N%{AVS?2|xjokY2-Td+rZsVUze|b)D z{PJx5qZ=|hTg>y`t$Dsfjn~Fe!+O3==zYE)_g>wq-?U_sM%;qG*F?R;c6h%K51j9# zFqKOsu5Iqa*O^i5(`xmcrTX`*o~L=+S>%m(-96@y%;(ZB2XXJ@6N@;y$U_@ac?FlQp|A+3{TV59>!Ex7y~J#LK*Rav)j7bNf`KB_EFM z{BZclbn|)gAJ!f|Uh=|AXTFAxapXkPOSda0c06~mj48_MUDmI=y)$W_lua0?#ow#P z{d|MM)L!gde(({m+RG>XK5{8V4^>>xTmENw9s1V&xYgg=Yv*lWeo)P-Q(4s4M)ITD z_1KCp^%7AYt=|>Q8S1U>^*{9T^IQ6OzFgFC<+47<36%@AyWh;17*S)jC&^SYWpkOO zUAX_H^)GMvAL5QIzx`ud#aNmyH{H#TrN3XsPpDjU0L9v-;+ay zq|%q)i$D6XzB%ehV7x@#$)bKach|d@KdsX~5+0{_wbcA0YukGEn|Zp64WGKXi>iL_ zTmL8UgL%M5pIHI%Z_ifd=1#sQn%HNXJ^$nK_UD^^^sCJ%^-ONmNivLf^E`Om`K52h z$;lUXu6(giWA`?xm|G_%N-!yhJ~mB1WXC<-bHBOp{h6@=X#y6`;U?O#?uX6P!#;{F znD!z0d#2{kv#u*D_QzJU@4TQZB%voSpD~3mBwgJ!bLQ*h1+yP{SLBEKiaTCZzq-z= zu`r+GRL{4(tBW7YbH&_v;rU3OE7R%by0Y%o79V$5%Vl?5_>;K)N4?vQYq}F9-$kG5 zbCubsE_pWpkJRRmrt7=%6hD@2nrFj?`Ej}GkpC% zN-F18>b$=1zs~GW^w<%@$N$vbV3NY6ul78dWuKz%zIb-d!sE>QKXG3d+V?HKTql3B z`T;kmdUp4wwK{XfWj$7Hdwjr7d3(0-T32n)3tl%)+DC1EJp1y4e9o8mBrg21QscT= z$jvwBilwM%@|?XtmOhR&c`W*D^S9b3`ll*I*FWHwznLM&@lkE(`t#K*?%s^*T->4f zbIKeZxv%vH#oEI+dEfPacp>z2@va0bzOSpZO4lZPU%7PIW80Q(=gvH+ImPR5=%&{G zF*tVrhtvfh{xcl@Iq6ybJ^Pb~dcLY{u1S3~zr$+TauKN>&-~mCIonvo)puH~kND6x zb7|&2X{-Gm%X`C51&Em*XIlMt`awB^{4LIDA=(U^Hod*ud|9n8n>pN~zvUkLN43rM z>b+Z;P0W5p=<}a(ns)Hd>*?1^&Wrq5_3P8CH)l(ApFCanZc}|_Q-NJW+4_`^f8TYc zE1EdFT4N}YGPyyeJ-OYasItzwHPs(lfDXI}8J8vPINBfFC2zZG{} zf6u#TV$?smAF`{nzi*nox;QsaVrtyX=WDB4pY2`r(jzbb{o1z&EGEuuVB4T?pP|p3 zdD$~JS!Fuko;1}H=S`!&3SE35C-+1BVLwNtZ%x6uW}UOK=Iv@9rXS{2-4nYmT6p!V z?x&GP%i=VuA7575xu5CvujNNZHTUGE56`9@J`*l;*P}{f$;a{zq-$);{LgSGIlH**o1OTEkS=%jV*VK$L6;Bj+x+Nty>wK@wXk#7 z0;9Fh9V|ZiI&vTXZ2zlUS4U@C`<}VHE{2EstnFD($)x9)E}{0G0R}$+8x>^Gvy7xtT+8}_`@+>=CJ&Zdj39DmD+7Azt>s* z+`F=rU*t#h!?cu`wjsK3P>R8nn>3v~o?z*>s!<9O& z>_yV)(fhey3nhq4Mko2-JD;~T|LA@`-S_L1tXytxDca=y^pkAWm18UOq@>K|3+FEW za7FmWORbU{GsDjqK4|oORL@<}eB|4wS9aVVqi-$QDE5i*!H0@9{~0>C%L^Y0K77mV zXn50odo^R5+*iG+tK@lKp13wW@4;<@r=DDeexbJ4oZ6Q6$cjho|94^Y{<%wMY257o zs=)JX&u71j)1HTWn2QBkSRT*$x;}KveqWWWUsr!7T)yf3)XYNV*^YkJlixHIu07o( zoG9_eCjE7c;M^zY-3+(z$6Wfu`QhBZUy3X4o%}XacS?#(Q`Yh$Z|x7;30^T-VRFs8 zHPrgT=f?AicTAAJj``ecxr;JUjcZy}!Bq z9u@{mrS-S6S9Vp+w~0P%ws7^UjnRi>j8g^5p6!U2z2#{?GjGCfgB*+F&T-w#qGKW| zrv2t~`_X53=hrp1d4hSVGv9vS%yuvSx^3p6MQM9>#XQ<$%(KzaL}=MjfvNfH*A~uC z=UinYl+5*f{(HXc{S|$$XU4RuY>>|G+jS{r=Z^Y-T~BKC8TVY-vtu^T;fa1ahdl4x zyE0MiwBNqjtB-Es`OdcZdQQ&T zmizKWVij!u?FSF3)lT&k>)3?C$0@v>4ZV%_nvfF%Hwe7{kSDT|+RNkvryljrz z72|N$q<9^JPv1?`@GwoOUAj}M=C{97vH2Nkoqb+!*|xTCk&3;2-<7$~*JWR*ll0L0 z`usxb$>_yf!)193_%~fX_UnG@c7|JN3oZ(=C!hbiTzsXD-nwM7B=hY#hQ}Dzt`?0b zDQUa^^!&YVqEmuvE*_QsBr$87eu`64Wr1^DX>QD_yyM9aq;IZW_qg^+aqF|ac8AM_ zeC=XipR7?X;8`jC<@KyDXPKUPPAHIO+Nq^{Wudn8w@W7G@;bM7@oin5ZQc0!|HTOas_RRgser>19x^k!7*#`ISXz{)>>-T@|y7$wb-LX5^E!TK% zwJiJ7SNXWnH~MMEJEQpv*WBUj@Z7w%?WIq3C^Pe=rQ$}poE!cezPz;fR@lPgg4+T@ z>zxJBe==aH{Iz~)|yKTZ!u75lz>}}0)Kr(IO2JKnb{uyR$ zbAMx{l3Q7LLC0BPmWZ_aZ0CJKM*}=|_ssk}ZRV!pC@s&tlh0Lm{y6_gw@j@2 zz%7~nb3$qT%yK(d3I7Ox)ZX=g^HIF84af5tZ|{7t)!w?b?b5N!Z^FbnMUwlc79LgF z>~=39%X_N0WX!XY`OR_yTmL>=)mwI;FU`8szPBW7p7e)n(-q93ba&;->j{MPTBYk< z<+vi=d*p-RWY^oWH%soE%$mQ8(LI$})a&8C3-^j;&+NGz^5pZ$MZH9 zPNvSNIlJ(LP2blvVJ^Lz1N<_RL*CAc40%7fcTZuMn6=XZHP2U$3$t8&ljrw=9{SUF|;G$X?|noQwN4_FwFKmK{aQ1R2l7(<)U0{Z9qv3kPdqk_mD1c^IX$uPyQ6%?mHZNR z<_7*ihf8{u>xxeB`)OrYpLFpNJm>Ky+e~`9N&_3Onf6J+PL2coS?pJ?m>ccM;ggtn zC)9hltafO_?Rzf`_Ek;m339G#<-GgP-VwNm|s=}}EYs+OmVtjCW3)l0tmLi%@NIsi>=xBRY0v(%5~GRMl5ZvDipW?){rcIuS{+4UAa9O_NJ1ya)w+jE>U z&peZqd(*vlm(=O~{vC0wA+>t1e|z09d*0I*5>m7*o4?{~M5)EXV>cV^k4P`I{3^I{ z{yD7$>CJJuOaH`f+&>{ItIG81njXvhf(QO&SKW@+<<;dt zKC{Jb>T@pS?O7KiJo%XQb%TpOcW%XO+VMo@gVyz1ruw>KW;%x@ZC9I3VqV-Hz_r`! zizUmI4X;!=A4|NC2>U+S$+*Zap*HJO7Mp{kguIvQL8-}cOV;lYlPNR#y2nz(^FM>s z>B!k>9_KVq7kS*?zhG6j=HgJj?FG?HOS|5zIQD*R^6>%#&zwhdwnwlwm%MhpFv(Qv zLwei$^Cm}k9sc|7?`!k7iTk_vTKL`keOPYi!i^CZ%=d_v$;dUW^e+4?eAaMT(DLkB z&sEPdK2*NGH7n_r=S|MTlgTJUzxm)90fFqEEq-tT^|^dgp71v6#j zk8N6?q7yC4FS+{DMurdk@{c2@zdK}fyQ);=V%T@Dxai6q>2CwF{wZ(xaCUc0tk+J4 zM9p?KSQnk8OVx8|AI-blbRp`VQOIRe?e2vRQK`>eU4P zcwM|QzP9V`$w1A}h;y}>`}s|(SAVPZ`X)cKFWfdn>g)&m!*7Mu%&Vrz6>BFJpFF>| zO1*tcgw1|^|K6s@OY>DGZL;~#kgI7VS+e@(3|GZ?#R{$JtBt%%CsiuEy~U`$QFKYJ z>zFNH4>xaX1 z*ZjEm%ig9zY1Y1qTJ~zZJd&{{l%Ae9>(|m1J+?`u4kN5mHju~ zf75m)oBS6?!mVqoRX-auAHO~;KRIGA*Q|RxmCbY?sXUjIWlcVy4K57YZfZ zXLZ%P+txoi`SVo&Z>#=H_B3g-_^D8{AZ+Q>1-%SA6;6cItoFO6^j-NweaoB6--}re zNT$_2+hw|I!=`PYp7fb1JV>ly+H|J)XX<3ds$ALZVAl(ZyV}q0zI*cAt@f2+M(f;G zuJbv$%%x_j#o64!fSVJ)$$${yQ%ufA?rlLbz(}I!_)U@2s-cV|;a6r?0M< ze`KD~mD6|Q{w(>#pBQtzzotC(;qT(5hbz`vK6IKlbxlUG@~q-O?H}upda|C`pE+Ys z?;oA2(sgFJZqEbCCOvZQe;Bo1WcsY5x3k1m<{r0H+wx{h%MLboCk7d=TZT`=l#F~u z)_i&0siG}Y!P0X*cu_^=x6M``Cr&eYYj%%ASvl)z;Yrcjue=*sxy+a^6b2o%-gIg2 zwpqO*S$tMqrTe?`w!DtiORCok;-BX5GBWFaCV#oIXfOX6&)1RHcdd#$aau}Vr$8&G zYuAmoPtP6)PkooK$FuJ2q%%dXVTNCC?cv*MwNlIDnBmW>p6le3MOBjjGpvt{oN{ZU z^eKf0dc}8Uo!z(p#tt6FlkbD#ye7JN*33GxZ)d71Pklw*)`G_KnhW;q`8=iPU#Xkq zBjXu&i^TUD-pdg>z*9AAW#LK_!7bT6^S-XvoO(Pfygl)^b}sWYm1}GZSDoCr-SYK; z^TF@^_U-=sN#TC;Vdj8kb5+*vJb2(ggH1@JLe6^jnT5(Z-78NXTx)CX)_Z63ys|$3 z{H(o8DykkjpEzZ3ewpOTyyn49;fxiQQKy*wPr7? z&wM>=LGQ;;4tqVYgarl_aoh4l?U=bKCWxAv)nQbO#&KFa=*~=m`1paug>l5*c~80n<~*OE?S0tF@YBti1x`J`=VkHpS0sIU z_W12|y@*nq!q^t89J6h+=N?*T-0b@<>F&&#Dh81bajzTLjAPF2Tv&%JotbBbg0_K)i#)&E_XotVUCb!}qzhQEtcw!81&_gi<87)wLtOZTp;xr(uB zY(IC|*=85}Y}|G!=hioqzYml%k4GKe*XF4{?c4MB!t=5gty9AG$<*x%H zBZbvfwz)H06Drfx?z@~Tdtc)G?(oou{rqQj7PihbERQ^yy#FZea_#V*6x-9;5Av z=WL$f$MAjC_1902ah*IV)3sI5%X`YQhjrL7gwUR36?$w``)}4 zZ&ZCR@t&PC@z&1QmC2Lh_3mzPm+mczQeCmJ$J1u!odUxj*L+{(Oue`@>#UB$j1RV~ z*_qRpWwwh>U$%MEwyy`&6|TE3jNW>tN#nrty+v29+~T-%@uIR*g+lqdX1ALvi;Ej7 zlr|-AGg#54^7gaTwGUsXY`--r+FkG!qw?0IZ)VGPUVl-xEd0)%2CGNg6?+p^gPXge zWo=D%tG4vd&R@zXqUU*jY0;L_eBAFe1gKJ zni;W&z1lQHdh(LbWnO=lQ)Jlpb^Vf;hS7)8X4y=zIGdJzJ?!I&5ShY5vxGJo2kkbx zpZ9jg>tosak()Bo46WoG6lU%F{#rUeK$@j6xMJ#*n@hj3Ylrhn8s*B|=vd;O@%qZO z+@p()g{*&vzPEdnaL!+LV}Ps7C85?%%SXH9mT9}$dtQz*iaam(_jR#%!!7&S(mj*! zT&tas5v%Gpt$rdkOdujcxRKux~$F#GqolN)F-Ff1%=~)dbF(V6$bxDs@cLrTfk@>Pd^rPq2 zotL}47C(LPB%Ir9cD};B;HNB)=B~;0TE2T_XTD(jv(U#czb?;`mOFd3<76D?+SZFM z6VupY%Aalgx>qk)*k$H9%Vq0=XH9$(FSzz?>^-%_Ip5YP9lG`W?Zv}fV$#R$d#m)j zZKPMl-c_jl@* zY9DIyzgx!qalQV>+6y`lgpT&BgvYPGch*Kn&}trU(X1_oCOMyy%a^asXFcUIYvc1> z7YdFA6&O$MIQn6Pmf~50ztaz8Z^yX%ksF=HJq`XJp6%Lgy>!aEV}^ak*LJ>N`Om*5GB z@1{C|3-bIbpS5l%7LB^H;w1aTlPiwy)Df3SzP4qaQ3bO?)n(RQJ8gJ^Vb_W+<$pp=`y*b*mtK3cr*J2@83AV`gPrZhEmhBu{ACi-kHX~*(>fhO;dQCpKJW~ z`9XW~%~H=l{JM6w$Bbp?*86;H>nyt$^3213rA*ir|74@OSKriwtYVzR?Pn9^ zkD@D+AMUkF5VC!(_;PD+vR+uO#FpOThq~fntobH4may-;cs4z&ezSd}jk9q6MnkcG zudcf;`oVmJV^Owl!~>qz!dWl3yw!hXJ16y6-*iERr_(lMmdLd?{aE~u^LzT*18*0; z@;>n}Ciz!*Z%x?Wjyk0p%M0uBBi$!-M8?=ltl!OkG}ivGRm}Re6?w&4&8?1eq<&of z_V6$0ki(VnhxbXfJ>oY1DbH0EW;oa5im#zXY{btwnc=%q+^l!6@mkv^y*cjaZ=t)s zD{6AKUVd71vE`2E+s};gX0KL04%wNuE0gh@-=pGqr~eEGZT=WOikGbT^vG7NcDvyb z!4&0pbDo=i5j6~%#(T=|mtgx+^^m`lKTL16F;0FM?bdZptT=D!%^9UfL$1C1ve!;> z`KB9}-|k?BHn)>MDoy1r$}&e>6uD<3~gejigh{kXjBtE$>7le6aABr32znB459 zY;fpYlwsh3tINgD?)whXga(&Y7jePF$L{lzWfpN~GHT4Ir_i-HkIQ?7u zg*}!l&Of>7TPuHSY2pEgqT`>|EBxqQ>%Zd1vM~44CzWN7&s(~?3e%Mt{tnRn&C{o>fhI|JTSasl(VQ}rS64~5}BcK=e}+H&G}%yz#pz3xetA< z5AM?Me526pv)MzL!{1fnykAx5-rz^-hwBAyc#8F}b*+gg^ ze@s_$F`BTBaozVrfktkhk{4Z{QQ;lv8-DE8lv6iDrf1~GWncXgx;<9$Szjt^_{3R% z?z6isSz5L|{l+tcZxI>6T`&4|eym?n`Rh&R6^-NZYb&3vHoKb2{`J@O@W;D1>TN7~ z=JV(I{BwKmM}IV36ti{b^a+LW+fyRyQyaSM@};dqvp33KJ)u|mG9b!dX7hwQZ%r9@ zY~7){Xa~F9e}<@T|Aa{=*j2VieP1js!{xr9g8isfdfV2BQt3lxu1cHv7yf5>9e&Ab z`rG9nCVPCCo!#--RwZ0)7B^Jf1CJGz3)Fm2EWXm>^Q0IO83H&MEe~)AMIJ~@xi^XhI8H8yYHr)Id#*z z^2FJyGvBXA`KX$_^zrRm?e~H8@4w}bqf4(o5jr9x#$%yudRWS4KIi_eHQQcfR7fA6 zRktwnTjtuSoYJw9mBFz*=3&<+=f$>EO^mVIo4M>&ys&z#7&F(&G7+5`zOCVpk9X_Y zN&IoFXTA|LbI%Utq#x&X7CipC&TGn(8;c&@?f2huRp*lL%grA}@70KZ^lM%8qJgDykJ~E#r~o3$2-%Wy*laKcQ^Zro#1?tiuS`&(-yBj_Q5k-Dn}(*<=U2z z7v3{PGyL>)ejh(7zeWBqueMK0^O1?CZBB2KxKQM|?z%_9uh2aW{If*!Y>#DsF81j@ za_L8t^y%f5E&iV-_|{hbw)ztu`6Yb*v3~{?XB1SzK9^{*%Us{vdi>z-D^>H{jCFc4 z|GoJ3OS|Lx{*3(AIGHWxv)XnYWv_UA{_7fB@o#7T&M*BNTH3Jl*G=@qKrl z%B(XVm%r71(Cd6?`?WZ^N#*l0B$diy7(7f*{*n54uJPf2hBiBu{a4;U^mTlsE#vni z(`X5Uz0@beh+CnBTmjQge91_ym?aUpYU0&-OCQE}RH+}0&B`_QxYxPVXR=rHk8>6B zUT@h&fBt7!SmW^H?ZbM3xbqKgAIz6|-&S~ax~1qs`(x*CJf-gk4M)`$z6g{m3q5ADEeJ(i#bOx%tvgca-A^wP!fA>Gts7$tmOM7mnzN)$|rY`w+acA$; zN!FkKFdaA+wD(=@&JX_?T>J9d4PRb&d9!P~#(}aR!%!RU5B&$`^Ddu~@$Jr;9lGj4 z#j$SvnX+xYxhc)uG7jOrH6=ebKE7-ID7C-IM)Kj#C$76X{EJq2XnCB?)iMYbeCSrH z6*enqQ~K7!**p$8j&B=dmUln+aj@{w0vpMdH(i%^v^|~6nS1B?-qMenpRRfwyk#88 zTfS`Xmp8MH$!Ol%yGi?kpTUhMOZ|c-UwT&F_~m`qwOeyO|F|BzdB--5niUT^n%3Ul zzcnrPNByI}NB7=#eLN%Cea27g#Gez3DqctbvfIfO5o2?`>$f`#-eqr*F;^3_v|kkbXV@a%u_ye)`ftfszq(vk*?HxX#N)mfA8s$1pfB--ZBO^Z z`lI^tzK`#ge%&wZrFf}^D^1D$_h*C0lJDcr|MrS~DYgC3*NbzNclAAcr~C1pq_ki0 z&+D^(gx&YZ=c||=F#B-9?A>=Ybr(f4oIH5UeYxoBV}adUkNdMn1>_x9T~ZVM(WQJo z&zHZ!N3U;itxYVgT;U}#iP`+*ul{TMYCrTJvG2CC`7zO?YI?`}CvD%4ofqM_wDGRc zDR#R#%<(=I+8$m186vjF3;ihK*Y>?Q@79U-V_Z*G{5hLkqxB=^7kh8+AJ0d+LbvW+ zx*lNe{!F&W(>~@(eMZ2>t1`PbF8nC`=GOhUj@e5W>TeHeGGTer&@Ay+`?V)GyLGfo z_=z}%u#e_%{g-7gRHd0^F?gC*y?e}z}I@7|L@fJx`22=CR+k6yl=Q}@b*p+_*T#>V=ww|s~A z#TQzS)Mr0c|F~{eeS5v&RvGW=5|Jv6HLoAMI=6b_tB0FqObq_4FZ$2Wk`m35EaT;D zzO-uj!O3!qAA37KDzIoJ*OY^AMcm^V=lP9ZQYC| z0ivH~Pt~6DpsW5!_F4aZJ#A}0T5Yjw z*5cRl+!fi6-yi)eB`+EC<5aYD^o{MhyFPIJ=DBwL@cf&vk6QU2J#uS**Sf{LQ~xtW z`4zv7)BJGzAJ@?j#)oF9u0LGs?6PZiz~#jPC!d^Ru&{WiT^|3Rp=tdes|y>;^_!oG zJuUux`uy|%4A<609`uVj=ku!Y_)&}CF7Jh}C)Az4r_}c&S`9b@LyIACh%{=-zfY?3&7_2W7X`-8GKbCw)QZ>tB=j==jA# z1#H>R3x05YoxZDo?aDcc3)bD_v6`}A;xpkN*Hb^FUHX1xpY^3TO7gGulV4v*+3Deku`YaXx z7RMESWd2sZ{hFTI^*ySOs%J}YJDp=Rspazl+0}>YSZZQ^EPk|l_UrI#&kbD7lpXE} zo~=IKxK&>ui|cXd?kNuncdni;9(mCCY=n9Hju6&{cL zwN=kT`W9_6`CW18YMq0h)x@xtHEhOi+!oX1X7@}zZ!I49D681$1qYv-W|3`H$JFD& z4pSQ}O)u?e(taZ|@AR4N%6f-(@A_3|`fR^w(vO2nT}tiS?(fm_*OWYr-!S)W@w6X~kM7I8uF~|Ey{%K;alFv6!96*)I@Ytf zIdnmvprN3fc;g(d8SAvqRoroT^j1;0j_&`EHh0yX?$^Il zE8P`O^<4X?%))nNLDQb=v&}VkZws~Bykzh7q$y=}F-eMZG!C3Kiq*4ZdtfQ6_08QT zh;bfk>Iu0^;l@GIKl*MwQQj{>cQZe> zeGY1s^Y-7i(_QBIumfp1RoKIz5VLMQi$^ex)s{b16M`bY9TrLx=+ zEk4`J`!1ZQZ=RHWuSWJm|Dk_E+os);VAeJ(`?hY49M{?@fp5}83tmlEbq>0HL@M^t zyUjCB*oI~seScKnwnf(cw{?W);+YfncyE5M@lJcmrb}Di+S%)!yC_ht>$vhqw$rt| zMLVy2Iq`IofJ@%#6YMK~g|Cj+TfkEF4c2hz~x#XzvXyijpfQe!B=t~Y!G}iU-0cKOVevL8b8b* zt&Zn(QD|~&+}XR=wIa0g-^$aXE5H3rhg+ufLULtc=W@RT;IM3+t}^TEnBZhbbia zgz|re^`ZaN>n`jnKeC=*o@=g_N@Rqw)u$rkpW(BjYb@qyIiyJ>9=rBB>Ynls<8>9z z4&6sPJUb6Ox7&I;ocidA^Lg(||F)jOA*~p3J#|6dg{Xaf zZ!>jfi}d9FKJ}og>vP1r^`+Je)AQ#{WB43xr~bqHu{`%-o?lyMFS_HtPfh!Z+?Nlg zv%5WIBip2==$`v(tM2^q?DD?E9h^|AFt!*sr?S_mehH|^^W75r=>F6MjQV%71 zlBfC|pYEFd6J1~TRP&!uh5eCT(f7R9#2u6gw!ZbBA=RKg;mcD$|GmX^l9z0}KfDj$ zb=AlI)~5S-DeL}msk8b}q(X-e@-{NPW;|bZb1qZM0J-=Wzm+^vIWntF5#SiDV z{c(|deB{>`t36%Or;If2oT+Mlp?%UO^@H%kV~bbceYyR#*bEitr#}ndh2}qxd%3j6 z?n7Gps%6u2b61#bI=*uqr>ed1JpP9<&%6E!$7aQ8U(x%r@{+&OMK6_0pQ2~I%-Z{N z;*&(fh;ntdFLpj3-4E=3&o@&~$75fU%sWr(u21#?2gN2^R!e8Dof-4YOs1~%+xx~p z{JD>2d!MdN4;S#xi>}H!F>&Wl)*^f1e+)m=4~zY(eYbkqozuL(tYahv7<%?Rkgs}o zDCxE8ds)+$m!55jTYfT5?&IO86Bk}}r8*zGW~=pWcj3dg@vi6QW+hFp^OrF#|7Y=c z{vY!dKEJlNEt+)i;>M?w?o5uWTvx$;R8A&SH#ByUgM_gjqv*Q}N1VLgeAW(5*Hv$O zI>qK0ORDUCtLN{x=$k!VP#tjX$!DHsrR`gzyHCeDzxnnr%U$D1`r_(9p7Pw3+~6Kg6?vV30?>vY)X%KFpUvz!FlxgMl+eOVb6+|+2OTD@Oa9=;~!K-^rwWD@E zJz!&gZBB{GmB2UoB{$YZOIXU(W-l_1<&ojH*n0Vo?}uO9vu%SyuaxXQAY>`>WUA?u zd9rP{Lu>Usl2a0YFIG6tzO-zf;>E4Ugek>XG=(yQ; zv6ro$Z05QdbI(lL_MG=W1BdM1-jBOBT{*g^<8hJOP03#&QPY|q<_pDmE`Md{%=+GS zn&5WzYrCxHv&ZXvoSmKid2@Th&6sQK9gAYMJ~^*>5&ira%LbW*Z>C%Ff^Qt&_ThQo zAM0GRS)XUGc1u#?zY^BpwkL93rdYU``F8Cr2kuR&k9wsasqJ07>%hUh#Blc0JN(@3 z_P3Ul-&43~lf1z1bA^|t3Lo>tgUr{qK6AI~a<#A#Uh!kTpZKk~)%nUBpC(LZ3C`W4 z__5fv^YP}L6B})`&1$o)_}e~mPpo`!Ufh4#osEy!CU;GHd^CQ`{D!6J(@yc`-H>5m z^RwrX+Hvd1j#*)1_Ck7ZQa4{)t1vk~Sp6RJt<|?H7~iGbEUvi7E^Esh+Wu|Ag|E>E zQy=y7#Jx0H&8XA+nW_5QYN_pgTiy$733w58MOVPaYMb=Og(^42(t6h)nj3aw!-lJi zQxoT|d91cpgf11beUh2|pMiT%@S|vJ>$m!zX2lBJhM&JZ`E_~W-?=uSl@k9h zeAM05_xrip>SdiDX9r(+vUTUj8Lh|djT0uugkGxnS9$ALyxcB^+mT0>d|!Fd=+WJN zAOD-{J-79yUfol&N_^7>hJR@buhy78n9sKEH@{4?PO`SppQF8%H51m&FOxnJXSIK~ zi)F^ebNrX4oqPRHX!SLJz6{}|ds5hTOqo=-WoMIq@Kqb-hx>(UoGzzc+3IP24*L^@comhvECXj z&;R1Wo!EUgzh@rvJeu}n(ecC<*w0J<+Ujlhr_O~En$Ax&v&;nU+>zkDf4GcjGa1f;^H6KhcCvsZ(Q7Fd&$GC ztn2YRQ(2kp{>q$xStpEl?kb)&uWVvqSH_h+TR+zK)Cs9~)ZO}&EtS)x^s4IU-^cGG zIamK!R?Tv$bfL(#AIBa?*|B~!*=67PE?X;D77fwF?BrvaS^O`-1j|5lxE}A`m zs;ZLCJg+AYuKaeB=`e|v_q+0ShfeFpBSmaFy*-SxZhSo7ne%>+GwZtkLX{%dR@I#{ zg~8eL`JaC%>)H6?`=&ehVke~6B%g|R^nO^+;F-;`YkKEW?PqFAx;K7Z4k{A%nDn3F zQT35oW$ml8cv+VO)i3qVKW(vY{=s=RAGUWXUfZ&l;f%>!rMr6T);*E0^t4I7-t{Q$ zN6~ew(7j8-Ils+(*QK-0h(mpCm3Uj7>`U`|GJAg%KR6q!G~tl)HB-?J7KtaH@5{~m z>T+Y@(jR~Ssbv{OW#moF5Sx}({racd)$P62bN(~vZJoZh#yK|n=(KtAA6}hiZ%^!0 zi$2imdyHQtedCw4r|()Hj52Rl_!0c@x4RgpLG;e(r`6ZlEo(}Hs)P5qu8NYCQ=9GH z;+(a}XyP&UQ(NAtyeXPz^<(Xl_-rR#W$zuk=b7G=f7dVHn{asLpRnxxb_~}V+drl& zR6V%1Z~4c3|4ln?K3vb$HnIJlLDzIAJME9Yzq9Ssc6w)s7Afahd|7?NKWO_O1*`oX zXNrF;KJw{opVQ>VpJCG`eyH}m`n6+AuhO$*mHDsd=yPdGn!c@%@aE^8aCp&1cF~vj z*e~SO$z^WZwR6}09WllmPB_1HnB>uYG)lF<)y6XM!+(auo7UgV74a@vP;=?*yd~Fl zmsOZYehl0EY(w!(gB5>RMPI}Te%Nxoyj<$s#?QNZTJvVE?RsSN^jt;q+2Z1D=eBxX zv`IU5@BPuJealO$6H-0ztnp*#ei^&}Q1}%a<@~~jcZ+@GQ|Bbz3cfS%*!C^DT=87d zp36KJw$3>DX=O}v*NqD{>iQk;jxJmC{0#pd9nXfv8yo? zcggRYb!Y3AmK5dYqm|DO*QWWh9o@tHsC(0{)=gVHCKW{RwSQTka&=3u({abhlI&?+ z&n`BzYR`RqS#Ij{`Eqs=S@yy^XH_6PaalDE=_<&?X;A8ooF=X2q}{zFS-f=fj^dt}egdiP+% z)!Z8I<%?Eq+g5q$?Cjq=E!Hs~kSe*=(C#|HP?uRo<9YL~-TOH*FJ=8>yq>QY|6JT? zPV>KutK?aA(sun=oSM39h2FL`Y!45-K3k}{RQYm?eOdMXrnM!r?OViyJU+>9y0y4w z@!SI+eXiSBX4?1Py7l_${NN8AQ%n+`?wTW0vew!ovMX|y z?Rv72cY}P?jgMk8_s8$+ow>bs;f?gak6pK}U9u~D+M9A^A&-Bdg42^19=~hT?6)hk zbY+gLdEVXIi>tz17fF8AOl&Nx+`V|REi>2agiDK?kNL4nFVz$1I<@n|=Y88(s_vQN zRdeF%j$4m6nBM1oSgmC|`#%<~FoeffPl^4x5hO*Ln~73}${EV17Fve56t|CFnn7IeJZ{;=O>*3u+Z z>ABv=1@~Vwx&2~hlq;Kw?1}fD4}U)0xNGB;iyglILLTnrjlcRfZ|$Fi?bi(xQ(ThY zajbZ6^7VFcj>M|P?aUt+C=1X3nAcXaU(DBZ+oiRidH5{PI&AYaea&&_GvAx)>+X+c zN4ztUf6Jl5dV$sUW7pBkO!8VkH~CBuDEx6*UdttpbyuwX(U&UCdh;!Qh4CMm&$Dgv z$I~I#zC1ZMf2E`B;S>ILi7|q|!W|!8x%6cBtam08mvDr3zV+YPb@`|qNA=I`N4^Pd zQFHsJz&;zTZ@{fSuT$`vodGleAe5`xA}%k@4KSb z<$q{bWuRet;)B=Ee>--pKgDO{TNT$@b6Wo0F%Jg5s_T<0BKv3W3YT?bFnt*(wbx_Y z%#Z}e$uV1%szOwkwa2FFJW~FY@cZhFr;{^2N84Qux*pv1$TUKF!7KNu4V#qpxSsUy zjae)EWoDx6ohdOrMaDjnfoXOLlFU7qYaT6W&1+hD@3q;)g`dTB_WGur+u^BP?6Z5G zbnnHfA;(yL8v*J7ZnIq8&H4?oE#3Oz?{(L5+jlYI*yhVM!5_08F8wHaW?GoXPmjkcVsdS}_H$J*AD$;Q!JBtOntb7m zw5^XniR5nE9@9*t&X`pBd_!RWdCiSmBT(uS0)~-4#>!K zm>sZrn}zJI3z3msi{|{gA~wnAqQDd8Fl9T>dmeUM!&1!r(~cZ^u+G3i@_krJNu}h~ zrn$QdSi`pM>~Ra+*z+MPb)t%!^6goHccv#rs8pPPKfi!^tFP$6soNADFMIE`=o5?O z>tk8QMHZb)xX%arF6i2%w`D`kyZr`|E28r3LQin9J}=MZQGZVV^^HJ&U-v6 zOw#<8eTM=|@%hJrK4&6Rr&}aW>}v3|pLE`&yZ_;BpXhD9&Yl)U?#!~9ss%oqrnCBm z?p$f}b8h|PC&{u}T{BYD9L*&9cWIt9daG{1ysY~2hW9J8&tx!Y>%EUE|29K#>T%Qg zh2=tr&Rt${;6H=ZO2K*Y_q_fy=-o5C*KM$C=W5emEhi?M`o9hD-F-%x;bZezSNUmg z*o^zGEXbQWnSJ8Vz+4uNPeysh1}dMH?~m&9Sp3A`9>;@OKJvFEByV-vHEaBVpl(ksg zo^S2bU6TVhU3uD+l0VhCWwc6Kvn`5? zXyZ(kWzEl&)82X|+0N(e1O~~+A}{6CoF+%N2Y+wo+Zr8s;qCe)<0zMH=h#mKB+rUj z6eYc_ygA!ud7NuB`GCruUu`mRlW^UJz(?hXv)Er&fAlBDui6T@2qia$D?Iub}#m_Zdfqq>w7P~ zh#tP@D@|QhZLMmxTx)t~Z|-vT*`X&cQ&)0y?v+WtE=$zP4PN?MH(1nJ2TVP%Nza>a zujU0WNpq`DSv`{_raXA^<A?AF1zJ!N9aDJgYdcW+#~ST3}rGW3<@ zn}84R+f}Z7o&RR9-Sh8;9yK?Q7svJHE{*8hfh%EW{$g}`7OKVEW8#t_XgMA*GoREZ`RXa<9lqyypZU&Xq!i? zDuSIiY|vf#%INRm9g6S6(?800>OJ+J zxg>AOtWB)CY!&5)Z>{|-nb0wXS-spj$TR)vM$hPmBf0XudG~*;yX?B9mf0m`R?-b4 zjR#?6lhcb=#0b5TJo#+unspZ2F3d`6t*lfq^H>SvDpeN+|tecP5xN?MGex1W1gm3)^dL*MD4(sZ)|Db1 zhr^t&49_ax;r(&{jm63bt!4QVmbR}Xmz2qKZxYPo^OTt%wK0?Z))KRYyNdo@xgDL| zUTSkpFYH016Wc#XbA=gokxdM|c65mFtOgwk4 z?(d;@$-Aw0Fl}6?TFK4!=XG{q!wGH+!M>em(~jpe-<@%F=1Ez@gCe#qb5H2z+zZ^t z9yI^%anp^*KbY|@5gruDa-J{otdW;nCaH0KdsY28(&Lukg_N*Yi<9}<7pyMux|UqRtS-as9}(!8F8hIT#UbMp zA^e4XS7&Cb=;>|coN>o{Lbcr0<;xFja8lx)Qx)p%acI&y!{&p3Ub~%id&9tHA0_Q6 zDjS)_vF(^}zHQdut=+rwD}E>~*sxt(f9H&c{$4LlRu`6wPZf#pEk2iCYLVf*EVJi$ ziUrGjuNP}_ls9yEU1Yj(Kz*;6R8E=pGq3%RvXa%V8|CR#Ghg7E@ycvVM#CY!Cq}Uf z0ajei!Pnw6Y*rj_4ea6j^7{0&h+AO{`Z-nC%~!lKni*YqUNo@xOzw)aUSDDjtv}s( zIjh^Ny=HmA-4m}vA9pUBeBP;+wKR_V!=CNI+?|)3FZX--MqD*b&OTgK5mCPRf#8XC z)sNUamv-fEh~CEZapLi{WmS7_)ip2kw4bv;>+|Fb*E=hAA6dKVHJ?x(b79|~Yg1O< z57snI@?7_H=Y)gOLjLTcJ0HGf(+Dnp^1)n4Tm7&ZTl(pqIpMjfoNb4n$3+xa*JelF zlsu;Amij$dXdA=3?DfSux{$heM}!(iZ{6{r8=BW+woj`b6m92^~OKusY&~9 zZO{C)K$^{J*3G?pvzI8O6dzbUz3}F(q)YeTEjV_+>g=AW$uSy|=S@o%uhhIN`s7T) zC*FV^>1An|d<-wN$|r0*VEam6$9m2L2ARpRVHO1!53$rJPbVY-qcll)xn36Rh*co^|!y6OlU({&~I0aFf!nw*DkNvqSC6 z%nPGGp3Glzb3*`kW0P+h_iTN>TPLe4)h=$gSSNjCzQFpg*~`olCy83{UN$M}EZ6&S zIQI03F3+5=Y&*Q46`fUSnKN(e^1^lP>Th|cQ=^J4aT05s)4pZDD zcyw3z%r^hK=S?$BnMG6{H(y9!8@#3Oeo(MMZp%F1{D_L!JO$Ri;1#Q;PEwk6#h>HN z75z^aAMkmKUQ^w>bH3o|3G7}AGnYoaoVHX~Jkz%D+Oo?FcJ}4|_KRM)F4B4}--^Aw zyUjnp6JtGR+}!o0pZ$fw(IkDt+dJ0zAGqba<-7e$&(A5vU0i+I)DZ6?O zW|`I47^FCp2fPV8UigR*TMd6Ea$9lQ0+y5)wn?XItDZ2dhy=}WmXto*X7(5It% z#ewbncK75yN#5#hdv}#f>ds>hk7lo&ynNp?nNqf$f89Q=yLeUA)~ZWrqj#G7npeMy zy>1J0U+#Y%bM)Q{o?{x%bYC_Gyw)#iognsI{o|U`)tgj*9;aLJm z&y43CKWFuIbLMAHnJll#jbGMefU$gJ>-&nR!IUMZ{^o# zy({*t;ho67Tq}Fk#f(R@XQfM*F0EZv^I+oZu8r9bxr63qPyM~8P3GCI+x+aWvf7@$ zmFOuj4A?utGtP2yzJ%zk>CSRt=gfW|Dy;M?XK?uGxh^>D@)^BTAHP5Nb$wY@RnDYo zpMFYLh08zUH42~b%*gPVZ|S9SH{+P)BHuQy_TaEMf66#$Nv1N(CkJ(z(32&{8*iUs z`E$2bAbQhIt(FIur>sevdQ&98U8GgrQsQk?*|ZBMX8SuVUcTPcTRL`0;T+}?#5->ll(Q@2jFep-BM z!#g{9k)%^|JLRrUnwT|v=fsEghFm|JCs-cOdb8#2F@sP(&Vy@mjUB4hwUyG#{j`@{ zPN=xfQec&|DSPE@|D*~=2VwiF^-+0Uh7+p(mGT6%+8cemtv)d<_wwqLiG6J=t>0L@ zE_#!DAdKaA+FG}e#}?1mzYbZXBJ*5U>xxmrgT`ws-zH7km?@ES;E%8MIaUAjXG4>m zL|HynK7Z|dM`X^NUkO)kq;5E}F{${aSC84$_kFC6!mUX~?lK`O6*+G_C|$srEF-|{ zDKyXXvB~M$HAZ_1!*Ul2)xK-r%b?;o+a_IBfLDpmbgQ2uPrL#5k)R<&;LOxYeN zknuy}ZPc#(-X)iBzhzi2d*Eff-DBZR0xK`=*0aUhANg(v%sE|bHTk~jD|y!c44M9nHCCQm{`%eWe71x6^d|!kyPu2ZN?a*3 zUHNs!<(k#O=cB)s{+Q0*As6d*%j1E}-$U9(m%T39C>pu0bW5Ka!LL!Owr~B#t*h&W zDmQE4z1Nsds{r2xodUTl*OhS zk7n=RqW|swk=OB@FXh7I-58FudbN_+k@ zc;qsj4w)RW=OX9M^z*X=ek{}W@3=MpTkYF3oh%hvYbwqbpX184JHA@VX4UceKg?XRy7$I`fhS z^Y6VY@BNnie0kYhwc=@Va+_Rl9jFsszqBIjl=|n#aakFE)K}fym_6gB;q`LS`RjhP zRjx9LW{|7}&H`D2dX^7R?hHaPit_AvNg+E=@0`=*UWCB0c09=~^|n3jA0 zSo~4^@Cz0@rO%K3cdfZ|ZR0{oW%I2QU)AaTXK2c;J2%f@+l0)YO>PoA_y4VW{7^^V(`+D++^^f;=mRj&0+nV&6$NAZWBHohlc&RO#TbJ%MJaO~Y zzQ8rB9)2mT=4)AXdG4ckR`-wmXAn>H*Q&LJuI-EZfKE7_*|pP@$T{H`DS9~^gzI&2@hUiGO(UiQ3Ro7jxqpBA5K+gaB#weeZ{teh2p~V_1L8|A&_QvFAV5e%v0sbF;M4mikS%kMTK#s?Wc+o^!fW z#fpR0cl%%8yYza>&&`Lef`9Bk_Aye!$Ye5u!o09%uMN^n>5|!*zTYx(=5z zd0LCuTON=4v*~Z+KCV~$1?!9>HnyH!6TD`+5UV@Thnns;5j`*HozWxr?H*}t9Zyz)=TkBcjB+3pE* zwK;k#!aYjhPuz!3-=+opLp*Ydr1X4HSfUH5_X`;I!v zopaaa+;X%$ZLMwz+7x%t>U!r^+0=ynS8pm!cx(88@oeOW_D)@!_`LI}i;hW@9atOu z@brz&9bE?l+Z7&dZHsJMa{1|vWBXF0Ru!gCt;wGp{G)vB`K7Pk_dYi~d9(3F_VM*! zJ@lSs`W`rGTO99DQ~e=t`A2Pc@#&ZIcWmy^dQjx>HeRD*zT4F=-QTxH-u2pMkp1F= zM8}R#aw?B*@9CRyFUEmq!X25~tZ#E4Wp_s$-f;3=VO-um<*RG>rM^NxhgD_AanUF&v}YlcLTb-2D=_o~|lWm{4e zz8+0^9j7(fcXIBP`Q^=Li?6KaYn!m>$rrP&wVs?R+lu`@d|R^3XzQo#T6^Tr?b!A) zb?esyas|h#o~=LsNIK$8)V+HNk$<%`&l>u*EGm;@pCtJwoo!*kAMVyNmEX@c)dXke zKF;rvnzp^j=E8O9fccIGR_&9$YIizU_4>?z>y#YXSFSlLeKdPP%(}%TMwd??cvqC^ zseR}8q^Nmwm;Mm%4J(!LD_>awvPNYM?UU782d?#ZPQ$}i&smkY;HX%K5%V%aGu-i9nbc> zKl&}~pY%r-IgLw;<#*Q}oxC=o#{1*6oe!%`vZE(Oo|n0Z-0!`K7<_%r-vS zxZKYxO8St{(`W9xf4D!Me)w(nk+S~`A2xs8{CC=hoE;sdXUneH@%^1@r?%Sl!{bMy z_hwdW|9h$TqvJorf!*Qr{xcjjx8wSe{y6=Jy};{ufh`{Ib4qSpKiTFNUYMl)=B)R( zs2}3>Le9AlUg-Q;zay9J{L|Rr#j4UK1=r6kZeD-7y!dFz`t zShS}xuKrPfvz*nnua;^T-z~59_A!}s#P1S&+|;kC@88^h;GJvaQ8G8^-Ib0L_fpgT zrLC3cjQnHs!{Zj~(&KZV%h()W-Bf(G(qe_*lvKTAQ;I7dN%h{&z40?Bdv>qT-K4oP zCfQpy#%)pWRNm9i`cw3E)b_?NzH#c&-K9Tw%?acGqj{d&!KYL3Ty6HjzEth3{_0mD z>6>lthwN#4cFIHDvbR0>$F=k~i$C04{C8>MM-g);?|`+Rm=Bm<{uBJ+Y}@pd5?d3| zY0p~|uY^5+6a8U#&?TGb(p58;%s$DLa`)VwS-)&1)!npepV{AhSY7&y-4W(2t@=`i zWviSvRo+kUum66E=U=Jzv7?<#v!Cw&?pqz4_xzAuURu$8(WM{n%#)aP`M}}aBh9=P zk{Y(F4@LX^ILNYI=GNb9Z~okNWZO6I)7;7cN4u%~-%2}@&L;}0ugo}>eeB4?LQ}0` zr!w0)yGKXcsw$GR0E70m$*Um1HH)w(|hCAMAHKUe+E^efkmoBG^|;`U$8 z1h-Dz@G@Ec`YF+-gOBZ>KYXdD)c@zF`>Emz=0~OvxC<*Q_3Zb~nsoo+_Wr9i+xuSp zHPU{yrGd%p&|+D;0L|N}=gj&~gt{|#R9Q9sXNXkWwy1yVe};#_6|WL}%C<*-J-O;r z4cCv!HGgV1v-d@Aj1S*X5)_fZcyig|hZO~mFGFQ^<^E?7Y<`sEy1%8L_lNL@@FQ`e zALlMxyXMxWr90E^Jf8Dd^j%-bq+;Lu6Pxa@)moWQ_Brk-%ZkfS@}4*L9t}Mn`mN9G z3+sXNwkz4=kIfNy%xCx_(^#bDq!Is0(NZnPpsG0+mIj`7Ie-2?!w+5YPSfmu@gMF7 zZ}}}tsK{Be^TAi0qxIjSKH1+0kN&uJd8es%zD$;rx5rz_MM<^28UGm$#(n)8ANqIY zrF*x}R9EwwD)nA?>UfJ&ex~W?{|txyyW~tSChy$7WnU_r(Hei5;yAb1s9D8D?`qH5 z@W#J+;dbr9H_rOpdX69Ak3#=5w3~LbYO`Kuwv032d>?oH0e}BIjvv#Pbf4!tw~1B3 z(9hx5^+V!i|3p99E!E0?zwObpqNvpOlj9Tr9f)T&nag~*>gv+D({DYTCGha6v%Yw~N}&E<}=cX!M<)*8JyY37QGtW!1bdL6%tUifkSu;&B&n|HUq zPMrDldZ4oHk;Lf!#wHrtgq`QiE-v;O^xwX--=$FXZxm|^ezS2A<1yI*-LK|Mew4OwU7X9#Tqhs-++(}%cf<>tybQZ0uNmvRPeSl`)yL9Zld?ZobIWcz zbN1)P)%R4c--=%GAnn+dfb4TEcedCq(=1w9DfjocSjOwMf8sAC+@5hisGp%KUncyG z?2|IHMG?t8{JNrowFZXqQ~oo2@Se+2vH9_|$ztX@;*58ylG*l$l&Va6^(aj?V%D6q zrYzHwPaeM#G|A^D`#-LmALHy9YnV4ry7!=y_ruTP_gz2y56f@=^H1=?zf%*fPs!wj z+P?nc|LytTKGXPHiw{rRCp4|RPa~D5Y>wQ{^>f$MKWO#X*l&Ksx5@akhtdAE1y3bj zCfpA0J-aG+anz*Ew%Xs={xdW+SG<3`Y^ivQsdmKMoRZ&8m)>^d*?hO}trCB$`aAST z@q=$0P0vnRGC4kDva7J%!Wn`S-$(A>^!$(TckjP5@>Ql?dgF6lpt8uU==hy$%a7&X z2;%RZr?BmcUOJ=h^{h6VWYg>M(o!?F1_@qx7P3$(&)nwqH>Q0%f82dMTUY*=RoHLq zMAdiKSW;G=`j@uvKLZ2b)Q9&O|1+f9bN@SAJ|Vl@eB&{@V+s267}mS(|8e)jc3+me z6}xUEJop?R*m@)}mHXD2kA@w zEVcL&99ws-w=aJ6wKvw^=1xO;I@i?ohXgPS2d`3XOA9`6A^V z>W=QxiGH6a>&*M+!LOcKzvTV5wTbErJ+@ta)IMpi$$y4JTHAXJpQ&-$J=^>2)wOG< zTszfdHoT0toMB%(JACqfEz{g%H$tkpO0|xhYDn%W{Bk+nTic@}3=O&7DMF#7bLH~Bm#VV;(@p7+k@&yM;qyzc5Mc-H7& zIJ=0C-78?G{A2$EiCWNBL{ZRxCa4 zRNd8iDd2|im6-*M&p#|Z#~ycO|vYc;kX@>VZ=ttM;sIETm2Ap82Hz-7;71TR^2^~oIny>IHXPO9BaTz1>t zSY21~IrHar4S!1euKUNjzs)%F_*u{6uAli2KOcT5p*k(x_@s`DMe>|$_Fa3tA4jjO zSL;H?617Y{St9A7IR#kmnuk!Ky8}l_4v!f=5 zU)d@>yEEqVF6aK|kr$6&TrTUoDkW&e&Y%mw`5#^XBWnCGZRUfBJ=qVfHI~F%9D8%X zjNigG`)r-Wzv~IRM@wRG*Q^vs8;d@idQ!M;U;0P)WBM`` z`N#Xy6LU4U8Wo-3V>f-Bd?e1Q-|aW+zlqutW_ydijuC!ozU}+wn5;PYa(=atEw$Q{ znKc4d-8Z~D^Uyk_sZ%1;-Ttn$sZ4ytU7=cjb4$_5Tl+dcn7?IQ`N#Q3wR!ti?`5j8 zk)i!dYd+?SwH6%A+ak2%<&<@c56)A+yv5d4aZ}?YyGf}P>w_h`zWpc{IWMetz^hHw ztFX*g2u=>bMO6zhm$Km?~jq2dV1QeIkM;GywtiXI_>z?`z&>)74b(- zuQl7Q6WDsW{l>@Mb3b3$YA^rL|JM64ubSgB&r%sPu~%Xe*G!-A-CRFy5ARa_W|hwi zuNW1GHs)=;9{0N7Z2q@u&+WT;c0X^Go4QPC&sG2OnEL@(ckqjt}=%9e18|R&7(G(e!UmL?!<- zOv|awI$Ys?be_T0@c0jR*DjmA+~%wTVwI@TFYYRJ=?dX-U<_N z_;i1t<17EQh4+POav#lax&HjnwD7i9(pR|!0w;2Q|FX_%M#eFl>$|KK?(99G7g;&i z|A;?h_O0zrX&-WgZrtzO_|3bz<5VcpVi>qYNnR!u2(VLkJ$ zftfST!1B?a!=XRgKT03IzA$Oe%#;9++#@M+J5100XE=29qubUMCztH;*?oD!-Pd#N z!mH(4Wu(958BM)xx8!P_a%S+4vfA)NQD@gou8iN&m)sP+P1A<^;cW5BJd_CKPoRA8FxC(lrxEIrge(Kqg{!C zN8coT%F^RAnA*R6Jo#qv?XD91%KB=Gg^{KqnKXva%y0>J%ZB{+= zBQQIgi+6$Ck-i`6+~nn7NBt=}r6)1rhVK4Z&%fsS2emGlbfJC13Hz$5)yxOaTD(@S zc#!BNwbvs*@nd+~y6GNQ*WOLIquMLGQ|39_qK~R`pLeNue(fw$WzD_7!+gE#O3VN7hebv|!+mUs|Qt z^H}7(+R_M3lk-|Te=shK%{aR3B`=X}&r{l687pV0AZg=ec(n4^&WDmY`YD-8>dzkAzJC3m zVZ;3z$II(XZdW_zFS~i_e&&uH{`b`GJe8Q|rhTeT;fMNRt9Psac7OOD@H@hBTlBK{ zsnK&9zpUG1r?y2ktuJdz=E<0!&z?@ZDramd@sFo;UD3DiM~m4f`&?eq!)M;u^L2gR z)qT=8Ul`Z6efGUyRB`X|%5}xzAI$dVOWQb~iuougGwZuX(z`Y1&6Y~%RIK^+yzi}q z*+#<~d}X_yZ8zB)CNHWN#~K+}pwjdB^SbsUcJfkL#OMxdMvaj&wAB!rZRGNIe%km zr;E6qeD66AY4POr`=TQ9ye7f9rssNfF1*W2Hu|z!pvJ*_Lh48VMwN{@PYnA1X#JbN zqQdHOg1KTd7-xK)2EagN0S8JVxEu1apXI3=f4 z;_aLtyK>DVwx|6Re0#l8KJea-ztIo(H<_;fUaRc1`%>)fnWE>;{b`KV{rhb8iaXop zU6)Ut8~sH0z^bZ!vmeJ^yp_4DrQG`X3Fjt57e`$lUh9Km^W-OGm;LDdwqWtomeOBo zYcuDWeB^I?mjC9gRpeCh=V>fGp_LEhxGNR+ZS=nDmAG5*^V5H!a;=ZzJFKQY+#D(YY+6A#)zPH}L{KIjlYwr@TnWP1% zoKSNGQMt9=m;bwtp$Fd)$s`*3T>j_f?8$#&kNJ zc#&7*{M#Rx)a%vvv8-wOJRes(yzy>KAq>U z;rk%A{LzW8YqK(+PYkaq+$^+M=0Ahiv(kKq?0uR)`t^HCPtQKQ{FdEq??A(!kAn(! zoc9Uqo;XwEq}=Vr72gjSzYcp_A*8R7+q?PtdbQpDt=nhCt$lRY`-ovS^P4h*w?XGy z?zlgl^)o!~${&wkr(<0ohHu-}d!R9NSATKb#YcaWejl8_iFMuPWtoA;S7e#zTv}WZ zxl7~wsvwWGxyg%mUE0#C_O|5p?FEtRq-r~U-tjz_o%i}p{z98swRZ|P$}5XMFs)dB z@Vxks+lTFh=O3>ZveCMHH{K~>^Q5#x%L6#%pD!(rGp+9y%yhHo&6*hJa_PyMaAswj zFX!{7+MHgvB=dDzwePm6>$kA^hTbnWV|KigzSirWix z^1m}jPMt`(;h-XTeQ)j`^Xv5w^)_6y6S|*y`IsqprD}7)RK6<{{TwB~GEJSVbj>#Z zaG4y##RrjV-se6~?h$w}YwMa<_ar}@o-Y!oqUFeCE?2kp(Jc11J-QFP&G%gUlWcnS zX8fIwt4&PC$NUSU>Nq~uAFfS5@;yqw-;{0NmMaN@k~90?-IjIVmsJ^tFb{ z+BHuTC;mDs=f|hL;={hyd;Ey3(ecCA@3DNyn{0GD@@-~b)8n_B)O2BQE_>l?dIUuQQsD>KFMSDD?`w$aYpWO%O_#B z?TuSI@~34!pRmYta`PY4t1%UBmTwkzX|EIza!~lBv1z03W|K&F*6UN3y%aFJDl2Sr z?d)e0`q=hcmuB1ZzPOZ| z$bl*#W&G(V--GDt; z>~HQr_WrRf?>t-KpxLQkJodOfnLqzVc*?|#?NYJ#b|>4ht&~ei_{pyDW!?Hm=7(RF zO6HlI{vza9DVfrF%&l_0`iEzW%^SWh|53Wm%@wp4YOYRmtMZTHTk9mhBul?|}{aajjeX5Ao zYSYaoiS3LVW9@Ef%Gk`BublNO^wy7A(cQC)P8OQXdHi>A$dXI5uA6;3!S})AR^@t! zA2S!Pu@9n@vzJ*x2iVTtVCmPZ8^s^M>hS~xz1bSN$(Ek zo>|RDca_{KoBi#K=+xQja_xJwe%$t$`}Nv9J43w(g@H9*n`YfVIN`qWd(WjDeg&@O zm#1DlsiAU?vt;(+6>ExeBJ{5(+o#qQ&i8t}RhB>C!}s2l4Z;r(=N4Hd?f%P|v(;BD zSE_oWOt0FFJ3UkLuDU;pZ<+7=VcqP<7VB6hA1?it>&nMy*BiakB<1l+z3EGQixc90 z1>9FqnDu#ohgHd}yv-^Po!b(>XJ0R=<$L=j;vLg8cZYEHt(DJ@%vJih?%B?pTUZ~I zJz6DvJ*YBLyi-qgU(>l?-pAwb9P_K1pj{s2?X0oe$?1GvYsWvW=c*Ipen_2r^~zP) zU0RL(ao6iNLH8p*^!2Z?Vo2TkY3I8Gv+gfFb0x~~i?_?{z=9BpAFfj@4V#?)Fh6Y88*f#+}EjO25rkDHnfqOZ1aUV8I&q^-)U4 zb4`s+x?Se`UU?@Z+H>r-yXfqPk-6{pvHS_Wy#7Yzuh=X4sh0m_52SG2)!10!9du>F zb5`!gfExP`Z_KUyyB|(0&RzfVRgmz76U|>&MM?O^d^o>#rb-`Yw4#E~_I0j;oh(Ne z&F=ZI)#>a*ejWFsJw-ESh@In_WWO|OyL$OOW?4_uYuhX@UwKtysd3LPp>o~l!{5^r zjLJlx+sSSf_tAT7vr*Y(1MTbATbd62YeZr>|@=WUnrQ;yyC_@4Jy>r40~r!|r% za~?d~`PM$9+C=GIfz(o~&h0#BZr{AEWgPQo#hXx_oI9^BaqOt$cyd*CdU(R)37I)- z*Xc8=FAw6)y!G;-lD)Y?$r`nZS3P$s?ovs+&6_J2Gsmu8E_=bHce3gc%k4GKpR4LR z-D0R}+{1UZ?Cv!KmUWygd|S`mYxlA$y`s2%>+PI{C*nBY2Cls`ozM5nZ--+}U)CJ7 z3<|ruX-VnI#Yc9s`7ubEJQlgQC`@Pn%_Y;t9?sBTYpWO;JNMnbM}IGda{qK}-f*s3 zYIEAQZyUUg&rVBuZ2KaU>(N;i!(736-REkv+7>^`-*8(vzpePV>?%$DnW?2Snye>Y z2u<0(W$(_+2@H!HY<*>B@fzi--4EPx_T8d#^BBe`vy);*Zmy2`x(DRkE-<_*z7piF ztY}eSYkY6&#F|^;&T8HoZv$sfy;1r0; zNAFAizM6G2Z6ep9pX~Eo6T2UB-iol7Wn4Nv>`LhI$#w_Ar;0?x9Q(MvUU$#Us|J=Q zSDjHVQHjx)&6Z8sIdl8Tvb&a&uY;8>B!UmV_Bya6GunG$u70IV-{T&(M+5bpQt@^yOm(q{W+*ARKL zdt04<*Zp(RwcwJLxhx(~9_0Pu3_JUZ1(w|t)uxPpchrKpf33+Dal-|Z9HnMnJY92xrRvH=qZ7+=pZrSNl(@f-H6yf< z<;(Y#;lVc^UP%hh;RTV#nZ@6&}jZ*LS{xx92Lmr%N!?yc2xJ=Ym*w^F-e``K&dqMy6( zX|fsazBMbhD_E{m>!CP6fO6rU&yD_4c~c7xe)-QJxMK!!_NsfPQ6V_^0i6bE}rw{wO`w{FK&?uckK6AUpbjyaH{5np~Iid_G{pJ%q z)1Cyqy7gjX$4q@e$FH`pXYK!ZZFX+nv&_)hKPp#!%bol-Y1eFXsq;6*&wRG9UET4c z{c*AA_UXx`?Fr5d)t^I3`#X{zM%js|YdOBYwqy0}-Dl$-zBk-kdCYF>Rj;O3g;$T< z%y1Mv`fqV5&-L#LIEoHud$JGm><$~^OH zF3u2({M^(3aNS|Y53zUd@7v3e@<}6CMP|*?1wV>IuBqR;D9E+l?r-+`O&3e*d5&!I zdidnk3auk-vR0?xlwFum*wYwzJfZJwY1MwEK5w}{*Lb&`eXyqMx@PGk%Z--WBI&GE zOj^9rN22W8-$r{~TF91@u;J~sm9OWSZ`g8Yn$bG{QwM#E7e;+5-*bOj@>%PQoGl8w zD!;l=I@!XO4R97b->(~#Jy`0+IT$9@mXI> z+ghc&=*E#xMfOpbKg#V)T{>CF=!16m^{)>r&1VW1eqFn0i&BtB+cS^HQRCTmw+d+w84W+~dYR!Z#cs#Z2}UiMOO>)Od| z%0H&9pLOD(+ncoBWf}KmHw*0X+{%{1z;ms>vnIQ^oc)_wGlR#Shh2PEvdqPQb^bP8 zJDc^z`@XI9hvNC(zfTnwRkC?{{Bg{useK*6S{3dGwwvcZbLZqaW4<}Oc439rarcgn z#r(=e5!a^mFOjt~PS0D~@ajO=*|te(>{Hio<(r3;3 z;GWEwa)9~AUafz->zDi}I^})(Whhh0y{hYT>+^o}KXN@Y|K_P{w@Qozb&t%~nqYik zmNL82&MARn+ij%gUT!YARCDt{p0<40wY4?Y8Oie#%6_k$SAC^k*iN~^|DcumH~tn? z@73pcwtE#hKJWT;*6MrA$GUC%vv*B$Po6yaLb$J0nY+!aWo6fYt$iH*ckfdb^SjC$ z*7*k%78}Q!#m-;wW$oIaL)ihdlG+Z)SKEXLyu7v{b$Mab%-ET~>L!|<)LW-?h;h!N z)%Wh#ZZ11N)s2C9Y1}o_Ep2yh9q(OQ*ckK2U-jwz$$7lmSutfzjOeNF`#UX?oo6!?_bs`f0%HS_sXVwp1*&byTIdCn>)YN@kHE`($$603x7BCBr60(Pmk!}z4AFMDP3Ti3h(j$s_Due zM|vVWZDx!16*fk3r%d~x5qqFjdhe@i{Y&>`ew$`vao*JQ50eGwJ9qzM8;h(IWqCU9 z&hlO5`TqRc=*w@L5BS;TJ)6xo-)2*R$ID5sS+}EG4$a|TvGN(K*a_ARjdo?PUxvMT zyF_=!^=HZqmu}xSJ@YT#fh{}g(8+LX;W@>TXJ=h*Tm0p(=^}?NqqA48$3DDWT`ldD z7I@;oH=ApEbMusfcU!)Vy7pP4$E|R;tZ(s_vZG77#m$vf^4a?gZ>_4`IJtcKm3f-m z*VsIB;QZ<4>txQ@aJX;kqQ17=iCMzt6Kc*pzqH{U%VqmhGbLWfvV2=QS+()3bN*73 z@7|m}0+tf8*&ez+_m0NOd+yv>+NW|tdBfY-D^|VJ+f63t39AOLe3O}DvO3q;SNNpV z!rMnH?;pt*I+fQucgqfmgEy{v&Ar*Y;$rVd>Eq(Rj(*(S7NhWL=em6F4Zq74*!=7~ z`DkvT;G`$J4T>C|Z84c4#m=7b`e)cnjU!Xl&TT#%Cg`bk``G^S)nV7x7w5CC*wQd> z&its=4>@Yq+OALOdALdBcSw2AIyp~E`@@sJu6SBx-gC)KZ)>5T%p{32(~g*w$tP`| zt$U?+UD$eq#lO-pZDWN~&6gLhdK&0fzFT{9LVD)U_9&eN#xXw?IW1Suzj@{X?~*E> zu=(vJ6J&O~)OL#YEKSLG)7|u~arr@ZJ3oKF>~$A(jx5RbTfSq>USq!rS_^z8_ciV1 zKNKhN=|T7`n@N_x!l!o3O5fbx<+@kcpXol=p6^UsA8ekuQOf!DV>7uMI_49Ati$_~V*+i^=&7 zQI+!o;^wX{(y-qb4m(r{`j(=XuTODY=_8Uh< z;P=&L&m`VHyyftF&-|)a%Vqf@ttCI-`I$1|&bL)o^R|i@{#5gy@k^>bY+oN++WonE z+t(IZP5rV~`JTsfg+GgSC34R>7d7kF{w_K58!FNc>x^TrKH9s(oO$w`gn9Fy|GJ#N zwQZ6mH&ghPZ|lmmSHF!96qBln?#wCv^E#DP#Jftiy!FVh-b*TG57xage*8MFHG654 z|I#fVlh1Y*oc?)Te&JE|cHMpF7&0Sx)-PPT^W&F)GCNsLtU3E{WARb#8%LL&%YMYS zxo~CN-X^Ar#}CgtzP3eoAGO!k`HS15?!+j^tol4gy6LFs-z*^5U1{#pFIRe93% zondj5qMotqijyWTjX>r~^Zfj7)y>Dgn zUQBxORk`cJC8egjhdtQDFKxRi^K$oGvEJp;Cf%Ag=~GRwMxGU^=+krft3BgV+V7A9 z&T^sEU3a!mylNoMwsV!)xm|&7R}`1tYH6yPbM0Jjf?Vo^V}90E*Z8_+j>UdTUh&xU z-U~5@x3?DCzMd83a(~L*54k-G;!~aG-3eb@5qUtp{!N8 z@XNZR>vT(YxVFtz^Rr9hk9s=UJyhdGwvAbwb!tnzDB$~0x_q6Ih}FAcjO=CHQV zxcIi({Q6R@ZGrz8v<_~LSYFM?(b%>5`{S;8$28UECiU)`czkV8^x@6VY@Y3^XM4Hm z@jo?RxzM_I?p3q1GVW_#xq11^w{4p~J%4rh(q_F$*4fRUdcLpgls@Zb*S0fX_`Z9- zN}t~WtGv~nlkOb&*tVcovSV*Tl!ev-17?$5d%xdKQ=P5++Gp#{Ev)5rK zW6^=<^SuIV9-1`2jgc2<4k&9rLn4!bQAZk?LFw_|O;l8%hWUMsG1yC*K5vS<>U zrKrtO*H`hEQznH({AcK1ruB1Yh0IY+nbI}ATG5SmPtOTW4%|04_L;p|#=chBw9b`L z9yJT~_!qnnd$-Ra@?7!jxYYbd(x<)8+etaS0px{XPq@z%x~=Zx>umS`&5A9b2~lQZIB z>CV$9yi05iBaFQgCro`g|J*LwtXmesC(5Lc$6VK4<#o|eQsV2{OV3K#0*WRm-oiXD1Z&1Bs1cxln}OuO$mF!TQrYn zS8r3(9R|bLj3;6e$1F_SqvcvHWe=f0pGD(4w%FS3ISg z<8VdVJB#ltl_%bqDD~xa;H@UNyL-NyS}h1wO_sZ{Fv4Tj^)sb%c}D(OyBU909MiTl z5UANBWEHwv(yM7nVgI$2Z$h`|$`u{|_^44z@bdg9fo+y6l>`1WXqYO=Ow^1qXKEA- zwXWitDDeI5rD-NMPm13=209A5#94g|Q=Fq|nZxhZviLFk=M|@o=A?`8Dt(UOk>j`3 zT6*U8=Dxp$KAE%G=Y8eOndcwnobgwE>qnjo%haa4`)<0Fzw3$FQt=5@pW~{FS1p{K z?A=$J_4)O;Z@=PhJU`91-1NyFtMsK@ed=kude7bxZS;F&p>XZ}p?Z#rWzUaXyn8?M zy@{{J&%JEf(|#Ci{;@nFBBg%92GK9?rWY=*vA7WS&Nb*MLrmB6q7v2Aofn>0$X%@d zXzzCEpN!+fvqI+C$F>NpiNE{cKg0ZEd*&aOU6!Ao|+yN!kPEF>0yCyqPn_%#e-gs3;s91-dX;b zU$jE)koJ4Nh(C6R59j&czVZFfD*vYWykGc*E1YbDzLivO-}Q6xi4#$u?+g6#wwgBK zTKKn9a*n@`u}_X&|K{}Ktf-|oCf)K3x?}EpCu!YM?Vz0{uRbkb`DK4=jsAic-wL%| z1-KToZafOsD8Z&ZEVE*dCp zeKL2?mE*pVj}N;U#>V!yZHZp7=eBJSC*#X@QJXsUeRDe+c<1e0yLZlYr>PP1idR;6 zs^>Vgmv2~dsZQWWbMU_2snUss^OsihwSV|_@50aT1@DyCWiMP5gY(Qi#hO4W8|JlPZ3>|uDG<@$!~IKJ&48GmPVOz!tOeYH+1 z`fN(g3Xjq+qH~^E1qWKj+TDwu?ep%`#Pg;zSG@S-Y^YJRbFHnj(?_;h%eW&X8efL; z&3@G8GuQU~-sE$AQ&oOVQQBDg^7YH`oRTLK+h)mX^4DH!|Lmy7R#6U)P_Ow|}|0C;jn_EweSw zOuFOW8h>o>Jjp{=Kc0t0yPR5@%9VH5f4BXEN%MJ^Z@jdw##eXwuNxmE`hKq8_Fm^* zT(LmQ=li0QfAiIyEx*tAkLzVwe&X+w3nEhz=9Y)=_W#iJ=-K)6T{qszUHKdnzV+y- z+sa&JUe6~Sefay$>bD9~7vdS>?rKat#=c^G$o3zpg=({sCtc_iUoLXi{NSz&VVfr1 z`FP;bo*h?BgWSX$b4u-b4CWnq(qI=++t`+p*7X8MGF8n4XLHp?#zvweDQ) zj&NAcHt2ll*@ScxpwOGg`<4LvI^FPjSdb3aAN9vZl4y(7F;rV7-qAy;O z@b_u)W`=0$U zeW3A2`9sp_Lt(#_i(+=K>hnx0j@f>6K3~Q4hu>P&J5AyRl~wx0(+>F63q~dx-slRI zo!3^8<14i_R&C8Md8t>|@2P(HyQV$*QmjFHXY$dS#~+1{h41RyXgt$wWpM**U2jGE zgYVt{6#kg+`Z&LPX_trc_VlL=_HC>+?T_}~+$I}U-M!cB#Ed_OKQq4fnrBp8_wnV0 zsT!VJSAM=z^>0bbmSQ=rr_+1aKP>##ro#2E^!?5AF`M|VUDz(WA-n79Kgo*K-f2Ra z?;PIuuPr?+DzQ7}b@1YV+n4rfu*GjasVDN`>dhb3u^;4iec%mypxDv7Z|bA-i?hlu z3EJ>1k@qSoioe~{UV5}N_^4WHFss+1i}M3x{`h=&Q+_cz;vR3OgiAv9#Xq@^d98fa zeWE>^SvK~_R6U;cW4_Ck(&+9NZy(Q`vAbcv`QBRPMK6CHJ>I_NQc(Qq)}otds{{(> z=v9VpSk<#7-S_YQbQ|5B9||vR(%af`@!YXh>vNLS%$209oeqB7dA3?l=JT$7ym$MBqgRAZKiR$8?ZFq(&)<))@A`GW;h#nsKvdRr5woK+)vZ^jK;<4$~rh~@?-pxGUapcP4jla78 zGq9}x5xwSz^uy~NHqL8qZ>rCHrLk>EpPXr&$G5Z9`@8Loe%K%Qwfbe$pPo$`>}|}~ zuUu1qQ@GlBUEP^~;(OZob?VcV=GlFe^?w{MQh(67PCF*1rt*r(TQ#>u#H{WYPMwI~&hG$&&BdZWvur#jQ}l zGlzd^MgAXQp;M2ee`MA^=5>1Jt`^#6Z*24R7 zw60#~+WE$5$KP}PoE`YV{LSTN-bax_)=!w@ z?(>Eg95VT8m)>P;6DKaT*lW7k?0J{P|A-&=5}Y#mz@PrdsivzJ*B{J%Z{sddtA6m? zbM>BCKVQ|e*PZrF|7Q7k!!7ortnOxtnlMl08hYPH&%OY0BD{s~+a!=3nWwZ}<|XM3+dxc;`f_M^6Au7Bi?ZJP^z zaP3J6e`vE`%Eo_Tw!mFS0{1CHrlYnwwSk zdgC{(xvJ7Ti@$`+VrU zj_?hYCC)a^W$q8-SzgcI=C|{~>J@EUYo8gHF z&Te5h^+{5Ojjp=(op%QV7HUl|xbREc^Y5-b{*R((gk6pcIn5NlEPHADwI~8XWDV~&+GgC$g}R7{M-HIJ*my}-x~bgXCzr=@H#&0`t8&i7Vf;2uWo** z@$X!0^|4jrrqZU&vJ;+np1->K#9l=8&x#Me!D*khiqUMJf5|(@pa^_x~Y%k+wZCTySi_0X32jB17^u5T^}A! zJvVQa`<*Li4Zbcud3xpNbvu9a{W$D=_2C|mo{c68H(3|Qhx|J)Cwujue1%)CnN#w_ zZ;dym9`}0Ze&jy`)5&zcy9yhBdfr>`Y;{(h;lk&%+Ai)nGs^4ymDRp9_Svxh7W(n(vo|+GzoXfQRXq$cZ*JK$ z$L)NW@u>UowT*`ktmr7Rm-@N=AJ@xAi3|Q6zdp^VSZ?9!Xh*Ha?+vOOe+BkUwYV_( zlg%F+Eq|d!zvuT`rS?qJ;kYottEot9-rl^ls}XEZ1PtSLXU!A3{^ouSx5&n$6C1mp zU4K}+Zl`tJOY^RCXAez|mv5cFul9C#PtGs-==y_VdkpmKwC=uE^w!){&oHM{tuq^&AXmA+32sy-qqXLxqQ3eQ8l}d>T7FrtCwd5L~V3`dEaDn zOityxU2<&N6R$tb`FZ`@iNAYo6n`7kIQjErO?No)k-3S}^7*Ab@uB}2n$B0aT@w9m zT{$oF09VVzxYGX&tO|d7|1)IR_x@+t;(NU7k8Vodnj?;iEQSXxzpdx}aQ%ebGq6fs`p=Nw-(@Z*c_r4#+3Zq_@SM{1Y=39jS!Ks>Q1AMx-)3igc}~pfT$v_I zf!@>e?p!~)fBW>K)$e=jB~9}sGIrG-jC^`(MbE?HlSj)A3pcHf_2R#q)W@}X_qOLZ z=L`O4c(5|}vGkHHm%UB*UgVW(D%ko;p0`fy-k%j<5J5ssgKB&~Q55YPa?G#@{?Y6xZ0N)bm8eyKhVDIjL5Awo2k=U_{Cb@8GUY^8|}S z+|SbL3*5!@ty}W;#6c5YZk$P^Uzy4;nxU$crAI6(oe|?Ud`uIPCfa}Bf z8?mL@KkKVX);>KS^LBk_eVV>##qJ~XMNFcZSJ-qHSM0tr=SklBxbA1GHMVa&EooM_ z@87v7qYOEgwp)hhjy~bLv07frP9g4x_F?g;H#(l%dv?g}SaAI-;!JJKkIU^!-XA(waZ06{@j}BKFj0nfk!KjOD#4nek!Z~kIQ)FUC(Bn z?u{EaHolEJ`JwyU{Y@WFt!;g}P}N<>)m{9}@()Ui&+Vr2Ju0dTJR17(_@Vy{ZE>t0 z#5S(1NMdPwciq1-A?3iGQ&!>a?zV-Q7V}dro=TkfZJ)mSlkI$;ABP{T^<*?ZWaMsX zx_^0gl-(NRxyvQq`jlubpa1!6&Dsym-}Ze>@7kvz z&+u~c$wFg8!FCxl>+mi8-S<>BrfvRc-}1blx7j3fVq{p8*YWdVCtn3tc^dD&T>QlF zYw_Q#qs8}Resn&R^%G>ca?R3yx4QhfUD9Q3A8k&1&v+v7k8R~*(bLK2R=2J9^ZUrf zaNeufT}j4hqPOgxKF(td@3KQhi}@n$n#<<>CycM`S-EZc?N7hvO+Ec%|0DkP zJw^xOUK#eT;k4cr-uk2eTkns9AKBctd^k5JSFuiH)jZdvJ2iYi_CK1fX_}k%=$V7S z?$jN}qn^(7np!7P%O~Dm@FTxkGEn`-*Yy&0*X=kiDx2NX$t^W^NRpBITrX62VZYFy zjAy(Orfc{L?^~>w*|zWU9^G|&`&OHMb5mxXWEi`3{t;6f1FEQ?)z_|Ug^(e-Ur`@5f-+o|r$bhO@Iafkohx?6t?f8;*AY7}?Z=^VQjTQ<}C zV|MEMH%@wc`Y6|T$)m+9D_6Y!-YXTmS$|!|k|%#}Wqe(AVKK+&ut}RV{v=$q(XA~z z?%Wv6JNH1+h8pGN-I?9K3J*%x#>>9g{>yE;>5*bKt({MwDDvuWYZ&hBIU=u4t%)RD*eYv zAa&-{a;^2IuXj!F{Ug7mLg}-|l`jjePcu5)E;x1P!S#uLUeRA|v#zFcY~_uz*~eQQ zb6MbyW7b=S*GhcaOFz8t&fQvZBrY(M>kG5W_3bq*e`mef>fa`p-+5Dx*YEzBZ4#%o zwkyo{dTA$GchXMqgWNLH*znvl(>}>>UjJdL?Uh!x`=I8AtC8>83on<3~rs$m7_HCZTPM`Ht9KVW2 z{XT3bG`Gt{U{1ed-1-lfzr|j%@&2$%y8Ey1<$&7TvQ<1KZ2M||Y-jy`_`JO9L&KV= z(D|n(GN&(GZ&z8H;bc_nAJ0GU!K!O>O{>N zFMaU7;hxz?xo)}5nfZDrr-)cSxHjwGx&49*CNoKTHJBm3BJ$f=TX;&)yQdj;%xjA>X zn0?pXBIjGnz3dO~k45Ja{CQ;>=g&N_LjIxok+s%moF8&VKeNaofBK6#Ek_VqT~s+`{L-8s+Qv2p9&O-quO zY2RJjarn`Ok42Xv#@{(h>EPG|N>UH+^@j|E=-bA8DtfKV044 zu3P?!>rwWM%XyLqS^I2PpZL`&YV;c}2@xmAb8a3cfrlJ}({m;^y5S^55FG{it8y z{m`2`Bf?*5OT5}c>2mdZOLqSFx$fTUfY6E+A01~y(2fz_3obIr`Xq3=4ah1$?J0sHG5aP=l1^Def?y5pwQ%kQ-}&KaI~m7VUq^Y3gM*$=PoA3pA|W9zPtg?sjLES=5#?BF@S z+Sf;yO%A@CGwt5-_@Ij)PF`l;TWq!U-S!n*`Ywxw<`}(yxO!<=cC_Rw&ebvRzgVAd znWy#f-||QHf)$-_bCh=^r;A*eRyn1>u%RGpdheG14DA!o>OP&eLvPWJpSg1%-nj7j zfZf(7^AtbI9XPdr_e2Xtk!gnjNMvT!W6?Oz+Bz3;$>jj8t~E2PYJ<=USW zepho`sXyw$9`6sEUP(`zbgyW#>u0^kSFV@lKbl;evc6d1v%972D(RQHTQBbW^t7=j zwd}j;MH%Ni&*w?%^2=T^U7PMS<3Gb8=OxpXpMIWL)nB!I*^g7)uG3E4GYhphlDqr* zT4}A&;qcAb-Y>2+8A!`!pSB78@HqCuSC)O37W7pp*G#cVEskrI35nWlsoK6#X4l&P z3|%JQveTM^_K0LHPG50;;hFyox8{j*HCi3~<1~p^*dsSAuy)nHIeq0WAGSNc594qC zQ=M-9t*!gf>R3OyMV3}m*S!e6@VumlyQ5CJ;#AtU>4!hv_MNl(vCQvlX$wEByJgvO z%Wc!sgC}C-r)~e*{*h%n^V>LKv3JX-_b(3dT>Wa=#ht$y-IVjLN*>Kytu6CzcFxIt zKY~|hi(S0uxYp_NqQ{vv#$lNs*n9t2EPM1U?4J7x!OzDZ#;VO-^eQ~)?*?y$grZ8* zT>I^B*7Kfz#dy_^%cJGvS+2D+_Re-^T>fgY^X|&@ODa3}sQ*pr@QAVr|0sRLJS_g^ zFCWFo4=T52DDBQZFBZ-#X@>+`+gwntB0d@iNl z@ztL_>U?==lGLNrzc*6fzxMs`Zt=Q`wy$4h%kD1e^*{M3K`49Yp51$P>@|pcArO=B zfLY$rb9Kei#I3RX{vW>IyejFP+rLue@<#rosnc6ZPY3*(`{XzG@{-*#@k`I13zm3~6`22~J>TDbK2riBI(R@TZC%*c~ zy=0HWU2pbyR*EfMe#d>;{l&JsIUavGD|205^XY!^Kl-(mqT5@yXuq^OpRyp`X4=up ztLqzWd>6f&sS&ic4;TYOtE}gA?kT! z$7+e|^F;Sww&Qc;@=Dox<(XYU;i(nt?7cpSuH7xEc+t#CgZ;Eh%CGC2vu}Eo0Aq=eOtV&{df7{MSTV$N1J%vjdi1rOFqcWJ}Sq#WA2+h>N0H=-|{Ef z-bvfC_{Yr0Z-t}!1GZmI7M$5Eoh&E7=g53%*KF^#>ESy+ADi;+|?w58{hru4L;KQpF!xZo1sp?LHS=h4L|c-6PdQ3_si<97e{-riMxQ&m_*ZCb@_)woYd!O=$%Rlmum|Z+7yXIbsq-E~T{|v9g{x0q7e&{XQ zcSz#u;+(msj66&i`AV7!Q1XE zlbu#2IexeLc)Y6b(WQ7%`E9XT`XU~;TMA`_zpgrV>87c?6|d^LQ}ZVmo_`#*tmjIe z<3jJHXB98M-(swPOW@&?-&?Q!sCM}~6t6l$Cu94MuxMn(E$ffk}wrdw< z)&zc>w>Nw7{NNAw=BiASs++)_%ocd%YVo9tJm0^?$zM+0zAbfU$s0C5&3)24X9s$& zd$K9P?43h(=v!ll?R{nuCY#O{?K$!M-L;O(k1yvOUE4HMRU>pStEtMFd&k12^S76B z-gyuXT)2^Fx)*CjlU3R$ma9eM92g1 zFLcUqlj+N#TN@sVo$XD3H065v`E-%qq6dOot)!MFK4=$of5a~sJz>+nrw!ZXd*d#Y z{it1EY|EaF0Xp@dA;HKEl@CtmhrlYQIXxHj!G z%hIO-+|B~;Uq+doHCtb%^S12fEfGl#ON$jXs@V(gWNr3d_#!xF%CVQ~_ImHW-pI5Q z4gGBD8|T`dlhW#V;C$A@m0`zI65cMH{V>{A?07`lwoCIqPUNhNs7k-KzQWt#V|Y)g z_TIE-58OFwH#qGTNZT#XTj6ymmic#9q|KBN>nnUIGS`l`tkEf1oxj;pQpjKKiBEy? zobbufVplI&uL#(+b9(-Qh?lvdd(K=JE{ImQSofd7t@*HdR7jX}>dub5iRZ(=t;y$l z$(>#H`IS!Z)LABUH5L|Sbln%U(vEXr#9yoUs&#UJn?}(`_V@omvr^i=3WqH z(WshNc{J~J9LqK7!HBWsGfWd*?p6!_Ua_%L{j~n`^Ov8G6})O-82-KATd+_2L;5Wf#Yef8G50fXPI|zTpfxXBt2pE4L6sWGN43$xS4u)ZTv!avTyCrKF|Krs&&K1`K>uq)&Da@ z7bN~us19$gF}~8y71MWg@5Du9k=4F->APU zzO*;()!{?G)*rIaUz6K7M^8ne$YQh;63$93o__Q5&jNC6Y#rs22WOBRC-Qkr(pJu$|-`&sq< z)>&e2a&5-P)@iDdk>9?iKHJ?dknzjEr$#sV zQTNx(;OK_hMR&!yc~&2*_d5CE=q=9$cQYP|7EG)ccyjIiVPo@-IKivY-p+PCb$5c9Q3NRaN?%b-L&51m}~Q^LUHng-W`!r<`j1eZ|^+<+EM+Z0^f$ z|Csc1>Bjo4@eUVaw!NQV)ZC`LtuXSQavQJnVS#(f41qT-zp`9fuJ%Nz%Vz(fFoF9& z>Z32^O)=S(&6y;7XwI`;^3A~q*Z)!5v7wyjSKN}L(mUKtqa821)ES@Fh_3ZJ`EY9c zM|+Ev^=aH{O~zu($&UK4^A_`oz?zu-I8r_A|G16p1C;n>eoz#>4lFQFNAwOj^{l6 zQ2V~r537g&8Om~0rZKo{SvAK6cW%jV+RtM;d-tNiKe382at!Q}c3;=(*UDTKPd>3; zXSTz~?VVqCuju+|r?}$=f2y9xU#;xKZ`XfYrI@s^99Vb#(f&hkt3E%zw=;18$CI{S zZ}lW5pL$XpwpH4n{g3VjDbI@cTh%2i-4*#4d|!7}Y~u0ijW*^FD@!75Zr^^IKAA`P z-`f%~BhlI&KMM~Yk9t;PHtX72?blV)T&y>&vaSjbPR%W>2-TfjW}z-RW!iFI^Q1eh z-MQ>`%eIu9PT5tkX`{5=OQn_WOtFyKV;K!DA z%3{JC5BBZPBL(ki#!vYBYTm7Ym`PRNOXV=G*|<$x`yy*rEIxPj z^yJr(*Md0Oz87%wZOxND9g-|lB(vdX$NQLb>Oohw@>j=4~%Sjo7BNpzz{R>&aC8D zLFbqbw+5cec$)m&G&;ap+H$_!j@S1V{C1zo7kaxt>io7HDMgzta_{tn?9XgrdkL`268?|CmTTGwDKdqEm4UOC?Grp+J^6j2+ zx$B+A)P{|!Z3e#T^KJTPDsxY~@XvIr+D0zRikmmyvh;)qXO(Zye!6&`yWEzd4bRMP z{X2Hi{7#Gl_lvBl{~3BkqKsZ%dwA-(XuI6x68HDZe&4;jZ>#S5_5iQbW}7xPUuT#T z92o07qfcJo)#P(=sfvXs)R)F?+P7=BwQ_Qk-ACE1uYKJQvkT5#_AL6r#rZ(KYX9<= z*LoSNqjR*ju~`K@ReJZ#>Tm(Kvc7Gv-PQc%Wv#k>4#!+`oih~pZEyN8zwXnD|KVXG z&#xV`b=n6v4|dDN(;dyubbRskdvcwT97jxUn zC)jeX+Wh13QDN<)nMEJnZrpzQb>)+U+1r+_-G8WFUSjjNj0yHibLt{sdwD1&x@wn^Spk-nZMO?`N{KV6(6m1{VIAt zc=7fhu`6Bmo_{o(lccQoEb-Ho-VaZrng270y3Rgkc}ni<>4S^?CP~imVgFt}iGOco z)4gB+UccFv_=EW=%cX+UWp7vR{LjEq)+(V{{%FON@*7oG4nJJqkhazSW8@y6=h9Ps z9p>|Gt>K*Scbil4%%hoaBiRZ{Y%6Ep4je<*!Bnd^RJ=VR-p zX%P|sELXg%Py5aBE>5FPw>^wm%_X7m*7_*N)hBAERYxRBJhW7sujA46zPRpy+ze5x zMU_h&#ot_f5Wkh>s-4QI6Cz?<%bQ;ZxqgU#xUJ<=efp1G?;f5w)hXV1{oZ14T|HN$ z`kZrb=kM+b`DTaD`Y(u-YJ}{*nfySn^`(HTgysw)ukV4zaBiZ^*LMeKCoPDMKe}<@KXD<5A+4;e3w@vG; zw;o4b*&AvKS=LG7446%ciVVd&blPJ<-~u6 zP_763%S~KQ9sbs{@;?K|^DbR=f%q58^nRX?nx*Z1W6nX-TgTWP_)X`S%8R_}p1n8D z_d(&bWqUqL6xNn-YaIJ{ZBBG*vDEddHC8U_XD4_#yep0=Tm5K<%I-|X&91V?tUiZq z-J9ber(C#$@zbR2zUwx=+>044mRB*qnA{xfj?WYmARh`A^)z%}z`<~Q@pdULrqo6N60 z?vV8}C`#~cv{BeY)9BXA3z8!GXJ?$_Et8Y@z;iJo?VZxfo}ND6k~roc;ma~R?kQej z(w|~vUN3%WZFbe4@N?I0m0eh2kg0v+?D-jo`%hd7%~|ZqI9qykvHNL<%a#@|EY{?2 zaxVF?!}uAi`+X_==WyYDQ2B@>3PPVddgQ%`<43j&py{lbG{^L zUF%$UzOqbkZup#MyR&tz{XaaNS-B`!QFiz5>o$A(R%JWS`*6Q$%U{-i_se!aO`H&Y zeb!5ptI;Pt;>4LJhNgJ0erl|{o8!Qfi9vU=x5-IeyjPyMUtVF!y4ddWPcLrCZkaW0 zxdmh0t9f6a-825tS-XC7M25q0vC4$1u7&Hff6edKpXc3uO(30XD(}*{TkKzPSXapu zhD$76>8aPOv&E88$k)>Lc6o6uZ`)+0BOEq@p-rzXcjW$2Up#-V&nF%h+3cfV zwO`MTOW(g|@_I#wwVJ{E)*LFzQr6!peby=8to+X1M%%1hZU6r2lPgY0%tb$L-(SJ70mDeYrQJP} z%@6)FaK4&#_xNPh)vEhhHvUtLTefH63kXby^@vGjx{of8o_o>Z zI9p70_@s)@k6qt)d1uN=>Sixz-e&R8;>7c{Nj0t?zwLZ{dRz6)$OJb#ABH~*>!!|J z@N)NJCe042BDP@xJyk)!dc`^brrgd5bsOIgIWlj5$?KH04S0ThA<^FgLaJCGXCO z%qjU-I`Qd=caD#353bdenftKg=~2dEjq==>yx|6cTu-z z?>xC{Zv3pO4(;^{7O=3d2n#)PQ>Ux2!6iJ}$g-?L%_H?-{GbFWiX8 z?9OHQ`DwHa-O)0F%8MS16n zBp1CgIJRi?!86G zw_*9K>T72TBt&}_GcQ~VlLs9prdF&m6(xoy_%2yR{Sw3UB?dI?;ztar! zN*NxDtWmsSBotBhXp+T*r)6^1SGR1}^XfCu{1_#9`FrNY4bdhSc~*+BMKUR+&vPx6 zVsBrYyDJS8h^te0r+y!Y`5^OZi&)p3?r9$x%oU+|%6?Pi85sTE~vzhtf- z*)M-9!XZazP6}UPoM*Yot*I|3rK^|gWaat?P7mEbDRYVLIg2-0+0ub#smB<;tzEnD z)YmG}2iq%`t7-JHi|$vfIka?$vyh3AZ_uf*Qi zarDN#Z+A`BswQ?YtumY#VKuYkHvhe%JG1V8WXU>pTDtD7xbE4)TT>rxS(eq<0jH6p;Z5AqEkj>6M z94E8!!`8)F<|>j;nKP89uFPE{blKRa?!BMZveoO3XSIEM^UTCv!}h$1t!Fjc-bXGM zb5-|F3$5;Se|KS?YeBf3>h#dG-`=vvw^d(}y88Fp#+9aTHd*r2g}h-^ojRw|$S7sr zzqy&mI3-tRmG0-QNzHu_J#BtKW7@WPwwsPszK(f*?%xN9y9mC)PHh& zf;^Hkws|dSecgX-+aKL(u_co#$|L6J?(F`~b=SM>XuhoAoY}k6=XnY}c_O3l{MtLK zS7)_|=Z=jBMC~^5&f8d+^igo*31-`!YwKHg$^5$BA=)GTIQ&W9l_hUl{miZW`G2J4 z+WSR5YiDiqm({wvZJy)l6aF>~+N-XZ{A_=x)LYj2@@;71x(~E#-?+f+9hfmYD|~JWQniN%oeykXXhK%D%;+*YkRmea~3~kR@<=R zvfKHjuT4>zWls(~uP*S*x;C%Lv*s$x?_XCX5_AfRqvy%>iG*c_Z(~>|DI21f;bybL zQ2N^n_1Nc==Y*URes((_I9UeuPbY1z3PHyB>V z>~D*?ap<~Gviihd*A`xRKGplEpt_{|T9Y*{>(0*Z%{%PdvgPcKRbOP!R?hD>?LM3L z%X`gRp9unmjj=hqO7H$%Gu_;XA+$*R+K#_Y7n=T65a zu3BSLde$|4`SGG3d{x(GN2_j0^-ABcs#D&zvD|@_ET&iaU*TTnJgPQ^lXMXv*Y^LPFn36?r3SBO~;#=ca++Vdb z`>DLf2Smt=dbWi2Em4<`uTUK?~ZCoo_YpY_JIf#vy` z9L{RiNt?e`&sgT9TvvQ>!HjLi>}u2~T6V9=|-J;C{p=Yv!FsJJ%WeaGHKPD)F;ZwtChVU%iWO-cInC z(`5N&x$wL)o9U0#I!tbFn;7t9j@0M1b(&m83)k2FSh+M}57UE$NtP_(6JGyvDQXi` zvzvO^FP8Pv^XYMWPHV4Dktto<&wBsv%kNAN&K>AU;6Jt|Yo7E()g@itRC%3yL>YDkR5+i%`7iZF)_Wit)T&0W$vwi;Me*O_m>j%nMR66PK*@mOKvy}6uO#UZzy#dsI% ztex2RY|9!oj#K9k@?O5SF;CBR%UZdI=hc>7F6FrBk!ha3tU5fnudQHZdh(ST$rXDN zj80TFPL6$*<@iR>UtMP6y*<+p?&@ds{!~A;N_5*&!A-r98@#ToZne!a6?T1@*OJ1T z$Di*t>sszPX`7@?s=M7Rf~-P!TlXm3|MB2zR>sZUDRxO~e}o?CslEFA^{q{7_1!LR z37fk25Q}8+$tM?O4+^Q+yggy6Vm+n6`uoboed=uOxQH_31g6pIrEiA3!EGj`vZ@9=iC;V^L@e6 zMY`_XR>`s!uYKpSx&EAxY-+pH`MdO5tCxM}3XjKW#suD-8FWm1b#QRviNXUfG(Wdl zGVlD)Ak`q|;P_lbtafrO+g9F#)h%`WmZGfh78Z+0e)c#oake&H{or5jUuQ?~TwH$dz}u*Qwm()smKVxU_K4+u z#94&o#BTHetSKXO=>a$%hhaC1i;i%|623W_tU+m~=-;cB`}gpHCLd zYP<7AZe{-xTf9tf(j_eq(ezMR?Ol1InxAG|p1QvH)oXqEmj{_&BC3PI(IH(g7MMV5B|Mh?ZqQ~RJPBOU42sJy7<+2y=O%W+a~Yr zPx&!@-H*UO+AHE6S9ItpZBJ^AeqT_r{;YoYJca8iA5-r>n_u^KrYFzxd;6AsTt2^I zbLQhCeT`Gv+$~Q$+jCF;=E*%_anFt=TzvO)3HR6KZHrd;o}BF#xLhvcP0jD*kIj$y zCM`9w-Z}Hie+Frp@XUw#w;n&PYvuaSkac>0eqeLg7g_Ibl^?FRU-K@%mi*hz?&aH< z)aQp{9qyWL$(!Wj&$c(qPdHlQ+-9HmHJra|?`|;sG3!K6L1FCC>2I%oc$Qt1ayj<) zD~t64@|$yZZQXV{fZ4p%R7HN{`rhPi#<$}bU-0^RRpj2%5{-7>ml?l(e$&Ef)*fFv zV@}-;V6t5I>Gij+jax5<2k-l^_lTy3bX@2G(@*}5_38Q@R{2M2t!%?C?A;Ttb>=|f zwS5c!uKwe?Jo6v(r5bY)Lvg`np$z9L*U2~?R+%DrQTo%}>0A77aUYVJ^YJ#XVM=BU z-~?Q`_?4?$-G?N*;@}iq3dE=lae+ zJR7drsYFJ+EHclFQfE`gx#3umtfx<8KpBP#xF%GElvn(Qm3)+eW* z+Mdk2%cU;B`udcAhwb^-@2UQH*=ysL{*p;??$hiKnKRXUJ^9a&p)YcLeZ{k1k60Nz zi=Mhw3uV8x|DkmK&ENkFob_G*86K)soS3p{m1qC%NtUADDs3eajZR+84(t6W6y@?a z>%*k1ePSPC*KXZX_L_C+EC#Q>hH&Ghe~PYs-7k0RN6;yYQ=SDYZiioawClZO-C3)9 z-48jxde=+)oEDL+=xJyFuwL%(e3K1!){!?-yiS&x8&@$^uAkD97`EoNVv@qcck;e9 zDQ5o}_-#0L{hi{Kev9$M`<^fBlD`$!3;uE4GXF@_(^+e{6}h|;t$uWxm*0Ei z#$Aew4;r~y{tD-PV1H}Y`9r^0s@SGnILh@&{IsOydM&QFOR-&tgH{K#s_auczwmhb zmz1FS$v(fY>weVt`gi)`zl+O^7EeCrer?a=U;3XR z$u;YFz|=P5`O{4=S0o2tp7l!pt^CAt=Ffdo@7$<}KTue)u_m$f(buWp5)+ab@Ixuq{*QPB+#-{h)q_0@_ z{GZTzu4uiZ*A|A#TCShBKj%L~$1cD9t6tWLeR#HPlM!FpyeHRHtMaz|41DtRN7bd{ z)t<*ry!}&IyXN3;6X_Z1f{q)M87vEmyAJ)Ze<05lU3d0Yd*{}*mTEhv$}XDt`EW|> z@yEe+7o@r?(!Uj4FyT~J^L*s2@bA0)->TV1%#AC=zd3K+zAJXqU5+!^uZ$=AO_lbX z*R$lReq{a3i66`#rZ?9q{@C{GePIVeL_wG&)M%|d6ss~q-GH!+0oceL= z%Ez+i3x8hQZ<=Fg@Udo}?8Ptltsa>xEYi1;37s$WpW&e8pQvv-FCT7?pZ+7{N!`>h z$KOm}cz6Gi+Tc!uf7>64Z(<94q5Bl2VOhx6{a?vWq9T)6Gl z{Ji7=*LPpL6BWn5P34zjmb}8v#4fLC`U*lK64 zrG;0HUYVz4a%=DTrs()>(+oFNy?%Da3#`?%h{j-3(p`S5jL+Y{5oM1#xh-S?-|GCe+Ye{+26m(}xBq*8L+ zm$_xhi~Kt=fAjm^tvC00Kgws*J^JMRzQ`!&lk27*_^0=yKKDVd(YfPCzG;et8EUQE z5#T1i%=l=={@yrf$P=tAM-!Fx)!fhFBY9Ae@I?!PyQqGWBzRa z84d*(YhHbPBmRl%uCAYV-tL+*C8=7Hk6%zHddfxTqjGE)|3oWT?NR+!d&f|2tGnxu z?1%HY?wBoI9yw)V$e-Jtk7nn7tUn~axx3oe&%DfrHRsy2h3lqWUOLM{p2?^@X`kEb zm0rANwO2B(_fFYn7w~ucAIBv%!F$^eY<#^b$}{VTwaX2g>u0{--}J6KkN4>Ho_Epe z*7Ka>{(h8qyKH*DLp*BzsZU#$F!Ap#ke4v|xn+08M8CU-w^m1bmAuqgzO&74uI9Kju62*kE-X!2xjN$eS>|uaKMEh~8obIcy1eLl-cRGn@uBqx?do{lKP*0M z{%u!<(!E!Yi<)1?G5)sA*!EqX^UJpAN0aZk?+u;3&bOBF!}V_yJ{&*vR`ZYP>YU28 zC+?IN&nkWSNb6L{;}tKjF6GL5cinEs$J(j;|0wRtn`z^9>clz6sE6qv);GQ_$ql*} z%P95k+m+)i8`p7}C&z`Zs=Hq&a7FiVUy<3NMuEH++H(1~iw}N^$>~x$^5xl%^l8a| zmzyXRC$36d>3FPEPyNv8uRq*Be)gGttnXb|&XF^f%JZXs&HB&qZPo?db!YdOCG@R` znCJdHUgAglBi7|d`@5?6w$yn%+T}7i;d!R%`>1d8AH1!94Y@e4&a6#ZGIUqfjW65(F3DYz`uCQW=hUC!%U?(A=PTK~>c@sV z+->z%wKwyNXDwa!hyU6-o%3_kPWT6e?=7|GwozVRk$t4_=!%=3PZb{p?FkQ)+p;wL z{>~?#FD!NQ(vA6=rX;}`|1i#;=lUsoVdb56N_(!9&)Is}^7u~EuXd{|Wv5Lpta`33 zqH~=6g4EA*hh4iLsdvn~WC}DYIeg2uo=H5ba`F6>kZ(m(`jtP(&0cBVQ`#H! z@0^S0@_5aeRSnwFk4pD!{83fwt26WA*6x}$>xcJ$xaO=$n)b=! z5O+uY-utgZYD^!j-dp@&f5(zqot!=4<|5wp*URVt3G0(X`DQW?r5CRI6>%(!Uel#>YlJ+57k2hpI2n_C5Jw z_#yh?`__NbFT55n0Mw~5B~6X z-{f@FBb*O^7t}0KQJG=ger?vhi4X=}Adm|6DuCKe<0HKdKkn-}py6 z>6Db&BxRk-1F}Eg#+1KJf5_i+U)*H1ean6!vn~0CJ39l}%!?S;hx}bslgWQzzi7s- z`HfqCS3K`K`FMI(&!#zjwb^ri)IYWtsmc4;l(p;MWgWq~Hw|oTRiWqRtPa{T_f2ZJ z*mC_`t}M-;@_aQ}f2WxGH%(Z1{1edPzrp`NZ}z%s@^N*dq5W;Zqx)c8Xs0Tew)E=VR!X*`=EhxpKs;X ztZJ9{SANb~7rf@_v!YEEn|}N4oODm0f3d(FYu7nf^dIjRYzot5Na?%yH+%6;vu?F# zw@)rPyJ+s=+=`$BuG?3>3_facw7UI-{WkeGzK`N>&3`m)@<*#v;v08v*z!p|LWI%a zoMTRN%%=Yg2Tj+f#(&w%80C{VV|o0geJ^~2?x`KxA@8*@zgYCZo%M5mU-#va>ZuI2 z)p)++R=}plkNPe44`wkP4iwK{;xfDP+^yg859`~a58Csayyvt@^qmvU5jS?96XFS@>dRnExe#@!TEB+YGK0NK6Z*nlvm4a6R@gp&EBkN? zi)^Uj3yJXcQy#wZJhkYRd6kJWTj-C@4|(|=^6cRcb#H3t>Hb->UZ!N7{R8&R^7*-CYHRjB z`(pXl|6zI4*GEUcyjKgdn51W${iI+1--SAZAIcx~z8^B%b!5#1KPRS}k8Q$l2P#Ex z_EhO&((||7x&F-gTlPnz^w$1%cs+glb_wpXGN$U3>$YP1b}ZUvJ7-hqT}#dESGAE3 z{BKP^a{XJuzTIM9r!s~yZQ7^*r|!pcA&wgD74EWI?pLfh&HrJ&%@6r<^`rVcTj#ay z-*;K@#O*)X^RMm7p5OjG?0eR&wYOD**K7P|ICS-XH20ZX?hC!vY6(3r@SP#W{A2l1 zt25#I)UT;cmE9Ru+#FlqUMKq_|DVvz`H@=FcCzc?Oz9aGfS+NHT}HCI$so^5g~_S_bp;NBDW(w$?rcho39tV}S9 zja@j6Mu--otNsqOK%o2%Njx-xe2(J!^0bqY0!J1$*v;5~YqV^dYi$9Rv-_)XjU zbJi|0zSXb8aNw~e+a7P1AHKB@b?f-Mq+(dts_wnH|6=3$FY6bU^xv9)Br0|3-X)tm zEhBzP+D&bFb#bMsSgn}cJZt{esXo?U^()pty!<2n;n8msOBZt5T@|=(DWP$Ap7yi1 zO8>sQUwvQlwQ+jlPtNsA_Ghf`iZj{zp>~TdSI2t6l%55$ug}&={L%Qx-~Huvzd&53 z-m~x%)>d5CW_>d)aqrcMjePjzm3LSr+y25wXKSBq?GnFroJF8g)c){!&X^3n@8YYs z%sUdkKck*?t8{Njq*~YS^FB+9>t*+_)_-_*%dj%(qV2&W&UwZ$Hz!Z^;-4y&QZXy= zxL%t6n}r{K{_*{IPB*M#T87S*lSUg(Xutp2b?fiil6sCG%Ev#gox13_@S#aI+LsI0 zJN<2|;r~1Fq4#@p02Z6%|b{Y7+Nv3r&ldB@%yXYlXyN{pEVw z-7cO<54T=1`Flu|?dgZ#->S+^KdfseYwqP{c7fwW+8e9T?)qDQ6?LZnk`iP85iNSS zhWkhU!}~HdHeJ8IAJt4$df?5yL3Y>G`?7!JKJd41S$0KtPi3aI{=In1qWY-si-STQ ztT{hxt)I|(U8}h%`?slX?Cp_a67HX_m)-L5Kf|%R-j75!+|M#}7COM;(oy~W&B7)9yGwkP&L95eBBk4)B%RUZzIz?}+Nkv=8~?7^#}niDEcQpkp~4Fb z^PhUm-}?N3rHaAfN1xtVX&tz!erex7(+?k)muJh*wXvX9x90TY`djV?zyD_tUAw26^|o{F zatCEc&ErL$-_Dl*ihq0bgMQSZmr-jji^}igmXzlIx?W!I$b)%GYp!m${Zkh^V~wmv z)}?5nX=2K8pXLxvgJ!%Y`4#hk7n+{`8*YA@f!A z#kDgVO0M3v$#{BW|CTkivEQPDcg)WCmptt!yZXJ&Uwg$5o)(UOT~#|tC41Vm)KCWg zsvq7#{~4Ov{$%XPJfq~XAhGwg#EI8$+N0V zKTPzWCY~NEvv1MWlT-dP{k5mR7CH z%&X-oELCKcepB)*{)oL$?5#~lD-JX_c&=bSvR*86)`rY?eMcm9{Mi<5ySOf)cVR_1yFZ*gw_0iCmP)3-mln*CdbRB9l^4tV)=WRT@a=xqeP&zlUW$G-S?Er}qrF|v zk6$Z}+Rf3@@ruuu|Jt7I-<1E(`^qo+Bp?@m9$nsc)zks^PCL zUH-%0d)F16TgBfhyPmdGKDKxt+s_zP@Vv`xNfq~WU}j~`G+5dNXl#c{rGa$>$iXGwO{J;{%y!~REiH>Z~mk4;o4;1sq4gy zpY{bj+GP+}@^t01XBHjd{!?cBSbucd>Zd9$JWmU(`m&1ye=J>@`HN$EaL48uzjnN_ z4i|o?FB&`h#hb4ppG711+_P@~*j<{wHgiH$rm$NX{|xoS7uolkedUb?V{j!)YQc#C#?_ISJegS>0jKC{p7mu{J+aVa(Etj6OCxp`mDn|G;X zwp_ep)bnZQI%VgNZ#H|B>v`|ymG^c=Jk?tAU2dz^{G!Plx30?y z&bsy5apG3KH}jS)j`f}9oFy8eaa!go%ay1*d(XV!-t^d1B-v}lvey$|L|Soqt$A&BJ9qV&PhF9^=@HTcJZW$@C%>% zS!B{JO-9N8YR+~N58Xp711__kYrPqf{R?eyjg3+`Qh zZ=FQ9uFrCpC#Emn99^lTQfhIGHF(3kbJmh#x2|4FGT{1h-1N@L2mU-+=6c)qDK-48 z;FfzQ@oar;MfBlqy>fG_p4~CAjPBj9VW}*7k?Xnk^4#-!mup<@<`yOIx#;~ir_*VY z$I4Ruj$J0xXRBTeVRF#9_&Kg?7i;U1{|q-T#74(h_Z)e^yd%{6ep}eDW=TDhh)w*; z5@+*PFSbuDp0od&jrQuyz$n*psr+Nk3AwAj#|eH&cF;HF4U%zVbDB6gY>)4UUDwVX zxhJi=$jOTsSCeZ%qKTHV~m>t>u) zeY-;EY@>oq*u*)`lbwG4=v^ZCE%n3X-OT-SQUt?9ZB*;?^!3(Ux?b=!K>^K{31bC>-w*gx;_nQQN)Gc2|IS;D4=8E2iCcI(pt_oo$A3{Pa()V7w)uHL9H zJ7#aF%0uU}6^nLV_%bIVB0`JRLTB;bpzFfF-OkRlH*#lhJt?ZPytvL^Ak)+M<+gW| z1i#;8%gUDi{WnBb+HdkpP*d=}V z#2x;`$Z5aUx0`s(eZEWFJmsO;oJrXWKOCF5uHw4yym(QcYu7ezFgqp9(sl8yl8Cfq z>dG6L!dttw{hKe@dA^SRCv`O}b5{8!-z9?UB2HPF@-=2Id@-$Gu6OyCbL-E1>i@X% zt8B2}&JwAuw>T~oOU>VxWxMor$eXT-*;UJXOpjOSux_1WQ~BiY!+Be`=T<+g*68^b z=9bpqtkd39xvu2Zu64W1OxCh{3EWzp@K(MeJaX}mc=s;W9al_EW1D9s?`jT>QL{L2+N`$z+l)!C z{dP>e!apzW(4;lHxJ;z)T)0wWTD>M#hilHxXKpX7K8Kgsx814Ih~ez z`mMpkw7GnFMboSMZ#LYTU9IVNV}_nN*GoI`A7cL*j?H=!R(Sg9>Rp{`b9X4)R<3v7 z`lGV^(fp3~Lq;=}Z@M(c<@2pR!?#@zS9S(oc(K&uQH>?*{+2Bqd+Zn8;7m{D)jiDf zWY)_X{fF%Px99rDRz{XLh}7Qt{-2?J|K|KdYr~IwKYYt~J77}8n?0}FuOw$YR{uMX z%{B02{lT;k$2;EFsPaDYFBDOF`Sz`J{bWh?yf-C(vd^uLTDq?EQcr&Jxl&!8tU8(M zSScap?eX_yl6Ky%mKV&tG9?L*C;*P=cLZJJeG>Gt4g;l#I5QM&6Jo?X1lIgNX#mx`A( z_oT|?w}BO_BR;C+?Fxz7xufYyWn$xrZ*pIc2HsEJ*4e!FRawAYtCtgPQvP1M;}~^x z@5kPM6M43&2TbxV|&Z{nx-ojjcDWPI=(yXoiYU0Y_$^ZYo)nWM*bx-Rgc1ad3dsqIS zfy?*kpYKvlXP&HDt*!1i_x1HZy34b6&2OHWb8}KeO0xQIhwtk}{?7j6`JaI!uX|;M zbolO`yHgHK3Y_%vcBbj;dmJC%f2%#Q@v8jkNJT+D!{ZhvOP)M&ZocyAzWj~ztW*DP zX_=;Tuz!8j$KSqe5C7;EGwX%MO!Z${%lwh=gxccODhgIpc?|EQ?b#f5dEwSfm6k`A zlmAA1U3W^JZ@Fyld2?^?_DgE}w@q0-T`*FFFT3U6xyCi`O1M{g&2*nJQ}VppUUR?g zvu?-C<6iO2U0LMTUA`)*2c@^Gx9*r9w!J6mP?_h)yTx&>k`a$*-TAbhHRAlzn#9?M zu3vJ0ayqY!lU>KJFjl`=Z^4K2U3m&!Pm?D(IUlK)I`iZ9vVGG(b~}FzYm}Vmy2x8e z=?nX{Enj6>mwsf<{>VS=0n<)d?Zva6amMT|6l+~rF+Xi9^X+|04kqrf(NterR4$gg z>}8$8hiA)X%sL#*x8qfE-Q!z(^^eKP?f$s_;P1>Q8{Ov}D*S!^Q7C)!tgd>_%zIiF zqmO8&*&MqZ#{IH*(wn`!Rz=?%m!GPzTes+%$CC{z($-7zYB`^aE_~pf9nbpj>NK}V z$+cUfYj@ASdgY_v^)EMdZIaby95=jk``_!n*Z&z_t(q^WKHYEEhyA^}$)9fBd#F6g z`9|BZdaW-Ce=pCpHs1SV`@@%C-gD{x_<8MonC9gvLB%nCbC;c&we;D_1n*r+=Q(U| z`qeM3mOt97`!&8LYTN4cqA<)8Nr`|idH}J)O z2FWen`GT)^g?B&ht$(!o!G?bu#zX zz2>xfzQOd%{U#gB6*bO3!k1Kp9W1+FQTNMJah7xA(+xSFvQPi1eB96fga4cBwfB4c za_{~2{b)1oSHzC#S<%*(rytuqUR(O`%Y`Saeg;0X-^$)+a=(3_k(|JXZ8OAUC;K$K zwwm_H>1n0QpX%##{>cA`Twjy;QRn*hqWw2?Qg}^vTBMyToOS8%+O5iR3m>i*Iuvkn z#g95;+hdl~pFZ5zzW#B1;J>r`xxd_RpTFVQ#P!)$^*6uzW-i&WBRxiFr?vkh%XMGN z`ZzsfKCc)0k?(MMQTyRvrW1HJ^02r#*5RUjt5=-VoPX}L@HCz5e7`I2qU7)CRXlA?dpUPPnUzJ}GiKH{ z_Los+LR-3b`W0Te#ya=>j3SQ%l1f{2zp`pHxKhIft=;Pa<=rbQ> zR{Sh5K5A_woxC6-J7GoJP5+&;uk`J*CvJ-T#$@3sK*9YUtW63oS%Ej z;qe@o{U^v+i$Ju}YTx70pv$RvFxBlt2G{-E@ucR;iz@~k89E5oggOS7f+>gu5DhrgMfh>p58mHY2i_Q?*evjTmW-JU%2 zyG7z>u8n+ab6O>(?t@j7x===YW{2Q_ofD&$X%_>lEQ&S2|2<8Rd(k8a#NAitI| zyT5UdzwPOxxj8oL-&?#4+p=OScl3U%?3O;)7a?J`{~5YfYqp5DJb27ywQ@=ATyvr3=qzt+47>0$a4_|&y>O3>5owU3@JP5rrfli{x4YYtn!^{?K& z&1u3ZVfF1xo%hmRJ z7M!7Cx*~?=;nR&Le{b`Z*)El`P2fh<`?klyl^g$F463}OG}Gj_k^A@AAD17mU9MyQ zLMkxMfKycT+1@7(A0KE7HW)fJ%;^fw+N`qtY^n3xh+Y5IYegHo&QId?EM0MXht9{| z$2&`3M zhz{Jm-TQ46!@0l8iQlu`5B+1`aCz;2hAm$+58vUj`gm`bhRI&9UvF$YKTUfbZnld{ zJUiI#g!kGLNgn4IxEpVa?tXZlau#OqRNlS1>%VjLwr#;jbNBsn zQJFJ=y(-Jyrs3~Iqw0?#YbGps=g-k*y<*Ko@3ZQK7sA8&W+*g9E@A9Arfq!amrTc_ zPa!9dtIKMyxmcsT`p2XvQ4vv_i;s(JH|zFTz0A>MdXjcz(Y-@^gAc`Xvn@<2-7gxm zCD5&*_YZT#KluwK^6lm6f!C8Gmvu|D{=RPevH9DC{ns8@xlL5)EZmyh-Jq@MxH;pj zZSVe0JEITl+e)Uk`_B;P30d%D;_EoWNAhB?;l*C!o*c>asFdyxCRqh6`HY#G05`=)0oma-mvx|;vke9=9o4{pTW*fHzP`gf0l z=Y-~W?HACkQGR%Hai6RCWW5s(uQ<<}KAQHnvexj*R&k^A>ftuOu6b3;MpQSW-2ONyJfwQOnm`=?~>daghAyRUkvMiv=e z3hP|4SkmjMwZ=ouO%f+>Sz5fx@=VWm{Io*1Z|cs~yxh*)V!6F%pPlO`J0)#J{og-D55{J7a(9maqwbAGrqyRIneq z{Oa@Uj+|T8AyS+2`K3koXS@mAq^U9~dS}LrJoX07{L*S) zx!b>;qo-(1J8<%~+e*9X4|~mGR0ze}FV>BTbFoj)?YQrnj{ z$*K6%=a?JYjMmG1e;IqyjqAkIDYuQ^Zkb%Gs31JgDm?zdc_#1T!hYxbdp#f4^Ez~? z?wp-9C*`^)-{Q=NU#h#!jb!&L%gubY@YFNj*q-a_O!PSyTu!ilcaxE4ulS9wXWP%K z^lP8+tGeplslPQg%zO4qhD?dM&tFGJ+4Y;;%GsWAs%%cOZB~iaH6uM9jke5`hqc=C zuB!ODC3(p_=F%=c`sP>Zp2X`c{~35wf5hGMO%C^%CUii4M&pIhm60*$rw7L$j0$}^ z#V_doOao@YTf2P~md#{V-MizC|CuMnv)VM)zFGTW{%g(yp>MQmrZzb3H?&aOnD^|% z@|2(}i+5bnJ2T1L&v4#Wuc8xcg@hXqu8q{4UU>MyyqRnE7NuN%GvDI*&i9_$v)>Af zhwO@WwdUiq6g?Yv*VCp+-*{h^Z*Y|GspKx7$=5}B%=$htO8q(CILorqCuZHjq?3vt z>iM>+Po1!%nYmn{D)h#eubbn|lB8C}#Tr?LymEgTDpVzLPhr~42@)q&Ye4V;6%g&zRK0b$5K>^8?3LI+r=|-o=*&w?aU9#&eY8_60cl+G5X!DkV)2|*243r z2Ba$_e_p%S=z@Vt9kZ;K%9|MFGxk1PbbcxnSYK<3uFU*>N9LPovB$;Dl4&uImhar0 zUKX+Vh2f>0cixp=ZtgN}N!cb?b@jA%n!55FK8Mv+X`O`{ca#p;U0u7pBKL9brjMUL z)v`KIGVRWtvgXV4Ig%+18uD{(P5v{OOcWAR-ESWvdU(gLFe<1x3_PUtaz9D+bxNmq5SLGx%FZ5-@FxFz+k|fXZu@a@gdXBy7@}_MX^P(GjK6mwrRorMpXZItls}hrW69WcRL!hyB+6>X){cM$gX9HHdTzF<@3(solAj zOMKVSb^R%M%88Bl_gSvj`Z4z-Q*M4~@18fS4$qOg{qcTh*d!dy@~?@ZrtUMcKw!SUi`v6aQB4G7N;6RZ0uS0-diy3 zUz~`!%J;SBB~NZTnUiziCdZSii{d32S0^5MZFTm^#4QSMgAZ3<6JndJ(fniov9+(n zxvRBP3){{|&Gz4rbU@@>rApb_@Lior&)2p5d=+`x-pN(rT;W~5#_r-lY*P}_*T!7e zyLISHWVB}s^Yg4tvTssf^IWoKFkAI;{<)pHg>iqju8g1PFE@4Rs_fvnH0ekKc9v_l z-<(5i?y|S^KwYb7fr|U!~GallWwx%4X#aYq{?x-8yyW(3zTJuNG}w zwzGF%`tM^akIY!aJu`Lk_nxw*tew-I<}1&;J7d$tCVsCCOny7&IW&}hUmL4+?#OY8 ztvx1JJU>G?&JPY*83pVK8HneW?kA>)AYmBw%gyh zxLe<`rz+%oS&l+xn!3e-zuB7Bvx2?U>XxsZHgQQL8$Z+1i)(yOb>0wI^3^o%yj%3i zGv9-9TdUe+v(wIbJdtxTOfrel5bchVS~hcS^2(!&ZvPak;Hld1DtqAv)3aay^j!Cf zNND zqKijZ2m|XYUhB86r%ehQ-)T>KJGUTaMXYy`FX6NSnCaUy3%M^FPVNfYagJfh+eF>d-;N|qz7g{6;+A&7p66@b^92M2 z=cMp$wel%BVw}(Lc(3Y8m$jl>=TyJD{;ucQj{Q=9vM=sYRhE#A>3_(+G~`G3N4bhO zPg_+O8XS+WH~sv+yEJ?E?~|&P5_XP`&GtjT4zQI`X| zKGvoGlA5^mm}gGUnEj7Pq4k|8CD z7fRQ=M+zKT^O&LU>a$&F-_rDWd}f=%nH_2!UT1b!FBe{wdFsX44e2}Ag}u{w zG@(VN?YQZkS0DE9eVk+|t3Bn)8=uytp^q(&Kab@ON!@Jpc;fK- ztB=mg&iv6knSJNcO7q^-ig^K>%vm1H(tN2rbIF3rd+Xe9aWZd@_uCqEDR;BM?Fr#M zfotvvDx}@K^qpJ2*x)tMlfY()!!XXBf6K6lgp9T%8u@ z{r#Zaq8*y1^XDjg_B>WMUAa7)YhlfDcAIq5?Br{`Dd(LpzrQ-cqwwT`wR7#tYT6SV zUcQZS>#Vu#Vwd;0>y^pQIqO9FeEp`IH~YNMO^p#c@}Q4nWt2ns)10n_xr*o28>~VX z9XMq6>+`I%MdAu?dFNc&_ReQUaG!0K#ubr!)gMp1^w@pPXPs5hhInr&0n5bed;Mi* zM>HRo&Fb+BUcvArg=?dvn^s&av|@zH=hG58LN1HUu`|~WZJJ_t4YFp<2B4`Pdps7SNr%jL?R$;5AX*E{7p>+*jW;&}t9!C` z9b3HQPItnC4zq3dw(k9?{%z-viM31JcIi#p*5|-FCE+^v+CRSSei!3D9S+^TqxewA z9kZ%m;Yz#yEnTI4YrV{7%ahDoi%;`eqMUyt~nbGGIjf7egywctk~_c>$iR9 z7yoU{*Gno@u5It#pXD$4I(*q{?+fiDAf4CJd z%eFFI!}nM^l;L0Kjhet8OFvjgPZRwhbo=&#_?d?qC;tdP{hvYR{$b7)bKPP?e3k7# z%rB11i46@p_OU1Jo9(>(TkTGJ>#gd!jw=>^-*|0%jsEYzj4-j@6ce^ii6?Jl!q3^? zntw}FYBZOe(YZLLaK4IdDjz}WYd?yOW&F(-&|75|FQfL>+$ZbocT7| z`ct*}))dAWm#(Y3^sDqu+o`8|%Dhu=6(3b^|7UWxV3ppNOGh`bU7U0MO8lns#y|Ft zSEpY4`c^JbuyAU|uWJ!A{aLveujlle>;7Ke?g#gy`^QzT*sQJhnk4FE`Fz%|NMN_TrbufxTmyo%>#SG2O8_FEPl;c za%JM$Dv^b2_*dlHWPf;Yle?SqfoH=xZ=Pp+HXkdD`Q!P~q{z8a*p-=weF}r+che`o zrfpn%>yS^AD@*y=f_pkY+Sk3@_NjK-Cs&11p6sZSgeR4sW_z9Z#ePhlzmzxVt6E=% z-x&s$=AQ6N_cyC|nD}#5Sej%{YfW)5uQ~k8^r!C1KN&wJ^WN6&?|9}vyT|fBgVg;G z)8F!boObh~d&fJ&11cWbSNcT#CWl+zy_GqC>HRJ3&HEo_{g`#{x!0$I{nB-XJ?XQ4 zn*ZZ&{O#=h;rh3<562Ji${#sgdcj<3joEjZxifF9Z9eh7>p{|w-yZ|t^d7z6p;xv@ zEZt}x`}6p@@!QIe+l%}O`q5iizUH;i9gdiz5|x~Xn%`wNO=I=iv~1VL%Uj=UbMK3Z zx$~p@SoYSNe_n17|M)t7OZ*3Se&!p03_hf`?OpH5yX(}vl11s{!Qis z6DzJi)|;=kVdD~RtId^rMVKegUt8Doqxn&F#`TqpEAl=nZr#?S^i!p=@p#s+Qy&8s zYw(>1?-I56f09d2D}f&*6vf-@N>2e(;{^^kbK! zns$3DYxg|9w%?+L^|$+v!w>n)IwfyK3siBp*U%uXJ>S+Lih>%-dmW8dRN_IQ>qbAN0WR%Wj;UE;|#-uH*!OWkl*o4oYy z>B2q#8P@P+pZc|EX{kyTx1joFy9L+mWd5BoH`sOfqu7Z%f`?5G^jv-4Jdfjt?n8M| z$JP70bMzLwpSzMX`Px36`47$??Pj_zp!0@b{d?Q;4^O`zv1g87dv0ZB=~n4ELKz_| zBG>jlHhc8<_59qr3-&@bI{UP?^&hsH74354-YWz4xa>(gKd#%UQ26jaLr2+lSBFFC z6XR{~|B1c)$62vEIP&6&LtDBkOfOcj-FK5JzJELG@VUhAHnhZ?Dn8N`-DAIZKPPwZ;qnGaS@0$>nz1xAn66<(BR2 z1|E(Nsb^~wBRA(CzW*U0zu}+MG}jAXRtl!d8yY^Cm%VEG zx2-?YAD@-fTiE0uaq#W?I79nCLd%bvZP@xmPJ2UHfdACJo2vdZY>wgi6=TOZFP7=q zPcd&Z!<~2U2=P|_*fr&$sa&*Zyd1p zHyc+q_8!~U{C8#zr+!~)`SjS`#VnaSH&k)`ynSGrleWZ@RO=1A)%}O;yXUEYP@7qr z|L{J4?aJjXN6u8-evy5Dx>n!v{`i?kS7e+EcD`=%pF!~71*_|AsaK|PM_W8gG1|v| z%H#c)^{PMavn^lwDn9#ysrfve2|WID9?Y73tbX(P~QjmyF!Um zH>}uG^=;kfWB(Z#_bL3Ce(3r>+1(%iP3GNuB~`NZ!3mk`#~yz$&HAGo@oQ@Da#L~Z z)g{}WADYLv|99E)@>OwnKIKL99=~&4^tZ#0_kP|t5+}WMJ2&U+`k;^355=-S&2gNaQ>mS-TOYNC)?TyNg!|6IL*Xy{ZYB-v!E_|9MamIVaPt9$~ zf7n0Tx4$!$%v-j{XI1Y`)3?7|->yC5_K4G2^M&Jj!^<_=AFO>F=1Tj`Qe$rD?7IBn zKSNKBNp<<#0nc zh3U_Yk8I^5KdK+OJ=ag#J$2H@8FTj<9oz2_9si?vRYrX3)i>|br_a5eY@vK<&xarE z52JtFcvV&>HcLCXDa7&0vn>ZS5}u!1y4vz}lHpXfOUvHm|IxmDZ2rTyLRY1;4kt?- z-w*0iNd36%I{j$Ws{2`5ecO3<+&ytnX>ah6e+nP=?p?xs=$7mqe>Sscc6`PWajbu5 z|C6bS+PmXwjjLtbt4wdBc}AX=>sCels_^Pt_H0Yh8NWn6x1Iia`Jz9P->kCVdeFMf zBWrj1qxZZ~cbA-At;tfJ^^5EBKhDn|<}PH?o^<$SnDT#yrn(vf7TL20Uv?Eex@B1Q z#Oyyq@T$_8N9xYm3w+6S{?_(ke^Z{?nX2A5uBow8I8E*auO8I;*7;T( z|MvUG^F=?}o_lTo*n5AvaI#YH`}e_rH2-e>XI1h1=;X{@>-JaWUS*$lEckQX)_2ZA z&!w02&!6Y&Bz0=xuk??>M{eo2*~w*XGF!}%m=~Zv!#s7z%Xr1CINd8IZ^bIMSU-L? zv&d|_&Ez=yl{MiX@9lql{POy(-EFOpe;(ecaK*SL$V$GGZF03<;PvKtU#G~d^82J_ zQ58{Paq!Ns`QOSeo$s~@Tz>iy+vklM>F&?Vv|q$`NiCcCu)l5A)~_c$68cVFVP#;5 zZv1uq^!?4tkNmZF+}Rw{b@AOT)05j9Qg7ejk9t?1_n)CF&p!F(9_Qt^VxsKU+ZgJE za|F5kJm)CiS`z-GPtN1hQ_j;u6Q3WC-@0S#Bya7d_HIir|5N#~=p1AI-`y52zgKLM z2|r$Ceym>PMdH*_NlE{tW7|#c-^vf#RR870>BjeQqUNmr&iB6s`5n*w?e_0typRp| zqZNMLkGr2lH=fcxTu?W2$q&Jg@!xuX+e}3fcq3<@cKKOUf7f$&2 zz2~i7LeFmZlg@Fke~Z`DT-Ya6!D z`_hVapAXNoscxHe>FJ`+YO0$YmG@T5zj^*BSMT1lXYcL@_l6wX?U@tywEb{D^B=bj zJFeS=X39*uduOJ1gYjpX{|r$d&)=$kD7XK^ER9n6wp}gvTn`s*NPjBx^=QpCX`3gj zUWT}b)@ZHfmb?5h+5gf$oj(zmxBO7|ZrOf$x(=VC?W=RMANh0rQOw``Qe1Gt`Oa^J zO}5!5?H|nFwomV)_)*LA-T6-^S?J8!?B##Ts(iiE-;Mudf7Cym-xz&tmhX$t={ujg z*X_A3mOkV1(pc5aJgQO!E8j$2o%QSZ+rJ;qAMPu;y>jxojz^C3*Jiwo-xl9$Dy%=2HWcOZv%eu~$XSRL2-gWLSL)PBHkCVQi&P;6Bq!QiD zclBrJZ}XahADydz++B3#Yh=t3Ple}Ce|D_jY$y3AWywhOWc{)Z2Ih( zeE3r7gL6YZ7<66Z_`)0h?PSyO=vwJSJuAU^+S7ObXJ}gdL;A3I{-XGMZt7d7XKP!s zNPV=PFYzPV|D(;Wd8;0*i(a|Dxz13%`;X^G`^c+*Y>oFA-9Hi7R+VS*SKDXPIJ1pE$eGBX7CI z`V;kB70r*?+n(`EH&^dTRu_F2zgfIvPxd4JE-C##DgpL4-4;sjNVgR)Sifkl&bE@- zJzKxp+<2&cY}v%i7k+VnyLYudBfoo}(w5mCO&N#&aA$CR?`}jY~^)9n-R%(3WT`Dvsu*twM#=mV3Yiag6*Wwi~KXND+#K_3>TyJ)_ zU)kz6$4YM2sTX1GCg0!G6?^|S`ggH|Vcx%rlm9+%EsbOR5&hBoVPL%Q>!_B`ZxXzw zsT5>?5q@0Pyy(aDBe(MAKX}dBn%1Mz8q8pp&3?>&V}5T<_yWD|Z|n5}e%>)Wv8pCC z)^+78{Wp79H8lOa%x#u?|7U2L_4=Op2c0O}OY&N$bm!a0a4mh1|3h1B{pzgVMVS{o zpKO|zrtsj}ww?bOSQ@VV@nzX~|Mj^=!PB@kn08dJ|DmSdV<(WUy(HuE-*sX?Tb6FB zoBI5)^`Xz7edOdhO&EqUJu&lQBQdkJx{RnBVzbY<}vME!juH{ioz6?ppbS z{U6uekLSLJ$1)%OC$(GCrm@KQ&e!#8*V{jsE6?@yE+<#!iR)rZo-@>({u%Vc{U7J= z59beW|M<%A#vz_O=@sYMU&fjguQ939nDFZ1n@bsQ_b12S5d)- z2kS@otNz=@Cf(u3<^?x*--z6>?aG@I=O?PY`Puy@`_{qd zdW#CD_=`)rvs!fpOxtcHFa5*$*nD0)iI>;KZ!MoGwv1)spPyQVbL0#meq;?9u<0&TjCYLC)dR75=Aj{2x9?POH^6l8aaQm$tWNU);6X z6Ca;7*{WC39ehRo`of+&yBR0h67kg$*~N)+mb0X$D_Us_!k>FKgpy zI{DVkql!nado8W4T>C1pH#BL*qg2Pcau3(VFPr&6-@~a(asO^3_je9To9v`B%Jyl0 zyf$+|tg%kHxMF$Z_pJNJbRzx;eNda4x5Th_X@c!*>4#5teTsLjUwU%mgM^#!<5YEI z_U*gx{33DorM6Iu_~z7VAYmupi?McKn!?U8nt#_sB()RF%g03cqBkt|zYjcWpnnNzt)?clyf% zfYMdkNt1m4$VFB?#eCIr zE4y3;+IX|iro*py2oE3dq$XB!111*>l6OS z{BT{IZKv9Fi(SyzL*(&x)9-riOT8Drn6@im$7j3qT+2S+XBK^z`0{UR)Gv9{*{gPV z-ny3a;e`Ezx&Im1)c(HPs59B~?w$?BKd&o)JpV27!}Npoysqmjq?Di9%!^qS!o;6^ zv^Gq6^3Ff2=YIUpaCk+XVn%RA)UstSx%;Pv7B}CxHe(Kps@uh=d1?HzadY$1&NtQY z=T|<;O?vD#!#YN#Ma}rqUS_`^va4cOh+pIJD{A4}y8E~N4{P5K^N+ti%Y0Omdv^A* zmd6wPDxUAHjkRw#iDaK<^5Ot<@8YG!frq!P1I3MO+T1dxb4Y!ck}(W zooD?I?8K>N8hikgn ztDYX;6It!+ZJJe-jmYryQ$zzVh3D2C3h|53e73%l_~`Lz`Q#?3^H*2FY{x zIM?OyaSH~AE_|0(d6&n=GI6zC?3Tatx5oNix$T`&m-v}!Z}x^Cp1*be=v>xMZ$Gxn zYW0>#=k1b~>+2^UE(^5yl+4A>+;_Ec{g2eR52qEiH~%>A925#e%>SJe>R)(@B2MPt0fi&ybR7Q~!}6bJyxU1xub7+b3|YU$Nys!%gXj zSLgTTu6^`jmD$Y9rMWwHO_p9dXP)7Y(v@}0e{?^_wLjwi&mi`rLSbe z!v9X(X;AN5-Kwk`caCfy9jB(<_cA>o@b2Hv)6;n&?JMJ!Z7h-RDvmp*zgWj*E_ai0q{oY;Vi(uv zKJ+Mg8|QuZta8rn^I5x>N4lpkn~@OMbY!D_RBGEQQ`65q4<&y!-`l2evF94k<7ey_ zu6#C*b4gxwwAy~6b;IJO%;FO!6_Oz>Z;?XZYo#b1+$R@H*Vj0)0@9P=(O86M2J9;&&eNBfZZ zg&+SJ;y>(t*DiEFDt5Ov|3no@mT>J=FQd%X3Lmb_n&|VN;aIciyL;L{$}?;8mDcos zyYW=XgZ)n6jplnhXY;p5MVs`lIAX4N`|{Fk8K1zDQo-pHZvHU3b)tVm#jM-|?+&Un zT$_O?bBsc zu=CMoo7jhcll?Ep2`;b+Z+KczIO}S7%iYPU0dvAu+`D8aU9mdu@@>B>raw-}?^WKg z>~%cD9%s854j+x(H++2ZaZYvD=Wo~lT?Qsr2->9u0w;$#Fa#G1REMH$D z;O45p$>l-pA`|vmemLIscw@BmS*MIg9j%{TcJQ!24&9^waK3DIn0!*RkDb%}X_@x@ z>%9~&+4w$c?=|K1bI-VK=bg@zy>jEmA7__E?K-xR!{fG?ecNv3;Hgp1byjXx`hNJI z+6R{Ga=z)`+VWN`ULKcaVdJ{$wZMie%4VNSwEP%ES0_K{@3xwf{yYEZYmuzqU5~df z6`#*%qxJe*=buRBojF#0&$hOfY&V#yRybXFUw`G3yI$gFa@uXBcJcEaT<$OSZKu(R z7&eCVt{1lt{NuRzg>l8}3p39o8&>Wu3@xeN@m00(VK+;gk%8oOnXq|RO@4TC;JX;mTQ?0PMf8=>AvnPlcjZkR$tmO$v5v)YTK=c^D}=28h3r+ zRX#9J;iKmyw+l-?HN@_SNeB=B&%klL<;ykiTIs`=IhA@UTc;FVJ!^Bw&`R^6x?cOV z+b^QNE#%m|V@GPwr_gYw<(L03C+FNZ-F(-={^*79B~carN8%Lr{8pR0EH~|i$1!%( z{pN2zKRT;-PW$xi7xs0=nfPnLu{s&i&wuU;Uw`yN(7khvs&79SS)7zuEmeP5R;GZb&p$Qp>v5ZR zW*6sf`H{D)YVqm+3=hL9%-;n0mah^k=~r}mURpHa=X%y-lk+AX&X+upQ*`J0u8RE! z#CPep>1}mfa#F_dnCH~V%%TsIUM}BJ9c%7mbZVXVzKY|fmz$3L4!QfTa>t#W50|I) zEk1DRwb(QvUVVQ@xwFgMnAz6d&a}GU$A2>~Q0U&>owpCDg!-z7URic|vYU|7$KUt0 ze}-Kt7vB{(L+DJa{9Re!%%CkZ&vJ3R)U7d@lxc7~bGt6f(L+ZzmRh_jvJT%a3U9oE~{@h?`leBZjq8YFC6AO2GCe$4L%UiT+s>++2 zJrAWkHy!WZy1Q|ebmy`uerI>3TAp=W^<&YoZ>LYU9p(|K`Ok19d->%O?OLZpskK7U zv!5sNEMM-&>%O$cV#}2p^HSNrTlU`y`^%C&&p57E#?;g0r zm}-yA3A>N)W1k-H-dg=u=(>-9+lFHc)TivNJ-@f;dz|c^?H{gG^(|yR`gHD!+jYO1 zyXO0Dn8>BX?DCtN&GX4_b*&+j!Vbpb zgQB|&KU|9y410DjxZwS#qv9-k=FM2~PweHzlk0D0|Jr(^ccL7}^TLTj)m$4N`5OIt z^e8s?@T>!U73xA_JVBmr@4S9L+EeWnWY;&@OWf4tZ~hUhrF*2x7JkU`NZ&3O^F5PM zLe}U2U*8 zJiNJ_eO|VDMBk;@f>)dF#MZ7n_&G(lm8bZ8RI8|L@86g2D$1MUB z_c@i<$AA8D{hYi|iQ&qZhOd8B+_azE;2z*wJMp9Wfm`3UF7ht5S!=qH#pTT%sh`%z z4DMFg{fgH99Xvx_@!~Fl>sE@ZADhkDC11a; zJASxMZO=!sxnc`VwDi_~6g{H6LV0h|eom!-=RV&2cWA=j?!d`LPW7!P56XLe;qRyu zoPHoq!PoE9ZGqFxg;M-`=Y73)Cn;I`vr&JCDO=m8%-ia3C*>~;9Q zcE3#A&DXwmi&>kGKHK!Rr-#2dL4oS(PV`Ot>*%VJ_*Uf#&d zXkGZ#RKD*^!t|>6j^zzg%eZys9^(zQ?Dy*Tdb$7%ZQ^1>$49j3)Pb!oE{J|CQv({|9vqvsP>*6+-&U4rPY>Zo~o4oS*S-a$`|D?{%7v7(8bXR)s z%rEct)hF5PW3ZoEadq1Kl?N9`?kQ4x?b)LjetG_fb+5m%U7MHBQE~iX?9<(Xi|!kq zF6W)twN!0_`bX9O4DD}qj~%*~z`T!h$)hP}mEQDCfB0<2ue5HRjfQR$8kO~>+b!1# zf7|h+_+h<7-Pyp3xZCcYs^-oij0|_)Z2IKCVSUtx^0r*lwQR4>87#c)JvAY~@_yge z=l5hYzP@EXY@a*Hd-q$jcaOcUy!rOwf~9ql_2)mU*EL;xuBPO5=I8E5{cUPLE`L0H zK%V!@?ToZsr--#ndp5A2j$8am^xN{cz6)Q*$zR&CzD;a<6R)-B#m5~{$L=(UGuyYO z{5vPVS^e<(#((yEK3+c}seI*+;}S>Rd-Iui@44joah&)1c>h-PW4)>Qk0YP$|0t96 zJ~VB|G)vWIs!0X&8`isOyL?`B??j0!ZdA6h} zlS6C1flUh6v@PZ>=lV_uh;u$uRLMKIGV)C8Jh7ivDPPZ~M$Qy7+%ShZ?2$M_QM=@M z(aD_`R%JvviSj)=&)i=%NmDv429X{F>UrP5I4N(HXeZ!43N+0yrLH*l~mo;vIEYO%chrkay;nr~cHUcGCz z-9N{pA>OZNe^WY>C%097s_D+ZZ<6P2`B|bociMuTJhNY3zPqJ&JG1C~)mN*H3=YJ5 zNj*}Sm-fli)>gw~U9r=>r+>~&o>LX_=$Y9G{^P~7jz=#^O7<+<_&UhlAVgt@y2+i` z<{6hiGZ~vbDt>)y-t>tsYg~5nUS`^K=FP;P^Ahcvrkz|ewcFc(`NH>=Pi0b9ZcaAX zsoUhn9~^u)>llmJMfV;2dlgJOel2X3OfK4gZPmI}52hsDuwSd{bMZ=;nd*bydRsRa5hoJ3qaizt+x|GuU_5ggw5~rfzKRsk-u?;WjsuiP*No zDvt}-gkA}&n4R3WcU6S`Wu6sx9u#F&nrP3t+V<|lGq*XD_#D2hT)JmkS^O5~z0>DR zzP4F+iLvXM*@gE->&`^2H;R4EY^p0Rsgzx!^YohT!aj#DYo)m}Ie$*k$m2Bi)4r=F z$&>VA=PL&JrIs~b0zakl=IdONVO8Z7?3TAOuw@=2ZaxbN!nyc`{ciDKV0&hK28 z^z8T}wxyC?+F|W=9LZr{_?z!3?45k}y6FXTbLGJ=wGITr+o|}ByY4afif5%^ zSlC0yS6YvcO;CTA7*y*Y6LhjRF{{w_&~sT$-6dDos~Bd?Vm*3!!_Tr~gZ?1v{LTt-v10-kB`Kdtc5G@0y^c~hcSYp0!0_2)koOVjoVR)&>roU>i!>x!@Zvgg;V^i@B+ zI-g61Y4PNjff`rR8%~!NY|wbZ^EqVE(W30r&C6U=_RV#-FOhm)D(ja0yXnK61>asr zZ{TI~xEH-bZCB|NWBw_%+0#DG@B5>_bb6avNP*$gid~E(*AwlA(~PGDGv% zb;h+7&3;=m)3&-)&fS?)74lE*HRG;W<=l|9*G+qIu}{xcYxXT91Y&#gAc?xJPnGG*@LOj}L%^WMswcJ8c1?v3Az zwtcx>5j?HkLV1G5goW#t@+u!T@)xMQ^JjlW)vSA4H%_{17y5*2yM2erUA61{nLAHB z3@LWqKfhG!Omgm}B4L?pIxhk*JF)f#a^9WxeZ}If(&cyN%{7h+zF9kE{Vj(uTanTw zTR(igx6p9c-cxRtE^%Kvzm*#=zTEm+-dtO1ec-(-S-sh3FHL~A&fH9TFQTF9IFRfz}+FI-Req`mwJzQFGGm!tDa@U(Zx*xvh z%+JhdyYqS1`XAMvZQAixpGx`+*ccx#4f+^9^J7){yLXZIw2l)8WTg6-ck5AV!7zH&{!RK+c`*5}oW&Yoa5eY{WMquI*! zuY_Fl)xNSny;B|Ts-<0)9=2TT!tTfN;&&x7Cb(7xZlY`bk^de|m!V z=QZDTa|>ncq8#GFUaUUnTNQpdzMb9i(z1{4oohdYIK%~e8TRn)r8D}PKYYr5JJmUTz;!K@NH`KD`k<=@5| z*IqrYwmIABapA7g7Ae!!ucD?ToO`S~``XqT#Rq?@k8eL+ETU$ud$^>fz%~BE{KLBO zM}EyI&gwdu)m)taK5i}R-oDnQYLgc`bgf`W3+y@+^d?u9t1$E1F55X(aq}8@DSuVFzWTH~rlXnuY!*Ua61$S83ZSD4ZwsJ}4?QWOu(>6Qpr$?=SBrjMIe{h!Y zkM<+GS_+kFPn<4#ere%H^^Py`?f+z_$6Q+)UOU5M^Jl|n`(i%+XXrNF-(fZ9y4Bp% zf4k3|37CAS=en;H@2fM*qfVXJ{n7i;w%s4khfF(ks8Y9N#*>2q9`_huep%I-`pqJF z^H#M*@GOA|lTE;#yRO^ZG=!>6p{owAEI zxBGVgUhwhC#RM@S^(4djep$L<4`S|e%B#zyEjzP3+3MWUa)~ETo~v9BU*a&W%EwzF zASLN0`_Jpvsd?AMJM+5d%$dX=pY`I8JNviLJz~>tszsP5d|REm#&FO zHy$|fI_e(thc~-e7vH07JW^7w9M;? z8=LJJuNM)X6Zo{%J~O#`EGW0$^=Nyk_@yl;X1_IFZDFsaUv;cDa+_g9!}Ff2ZhA*f zZ>&H3PvYXEDOvyYcHQQhvv$|lnzCQPe-b}tM_x^e=c}*`_r4tbR6B1+Cd1ctY0p0W z`sSoo6mG-wW$D(|!?F#*PmQ{+T)Jqs^wiy$X+?}WXRplaj@)G)-sX6yf$iQ^)eggz znbw6}O(jR(?kq6-7}R%V^r} zx|YWMOkjt~gGVd11um&vS}SsLYVzme$+7uuU(Q~toRrf1HsY4vyibDieirL)AO6PA zarpDZ^P=YiZ@fCJ>~`y7Vq=rS+sR$gzJfe$o=YW?@2y+dpBcM{hv)K|w>57s+q+td zo=x6+W7bujg#H|NYd1#ay{7LXjvX#g`TDraQzek|Q^GN};(%4ghqrQ`E}j^4QSgp; zbmh8d2?uh|TddW{U2yrKwbkz{v;1bfm=Sz^np&@8sES76rCH&wcW*2=i1d4D)%@wf z*X6fw|Loo6^ZClG3?@&r)qK41+qWv@2r*Bx3ifv7+q9k6z;P0%=t>hiFP7HAX~(i+ zjlBfxJ|6cE414!v)7CBe7PnUMtF6*{vNPiJ=X2f6cjWgto;)9Qde4<5lRb02(iJuy zYI`5jx8T;jCAlrfPx3b1eCzk|_R;)BOT=`1GAvcT9L<%8IDacvuJEy~7qB6Eu^KGw?@!v2V3wyBfs5{r;hljSmc#s;4H4 z`p*hC*EPAE%XD07;-_zKBe&<-9Pjb`?r-;X|N2+ge&uey<;Fg%B8j!g*U0OL%gyw^ zzNu;X61Sa~eNdZ|@;Sd|Q3%gFrP+_AU#!i!7yI~3{gk?`yB~JeZ`xz9=poZn&z!zR zdu|{7wc^SihYKo8R>}M>U)6MFxoENxx3TT%Qk&SC2rHAi-290lPPQRWwUqkTnr0h)so)X&=Ki_?q7Ir*NYsrx_Md8W|Ry>O2S*u_v z`Dj^(NtZ+1luK7;zX;2&__#HAeGseNaevnDCw6{WEqHr}PvgMMYRcC+=O&eOi_0bV7|QOtKJ%_m$xR-f zr%&?OYpx!Q71rfkzwS@RJ?_-I%GeKM>at@-5g~ z;ns$amy63+?QjmVnDpyg?Z$~)%1v)p82bb&BzPt^&I$AD+!(X?R$ul78_DIjI(puU zpYdQ8owD@8Rrlz*@$I>>CI|Dxbtj&)y83!`#59A+3+#?9-B@Ar+E77ZH(&eK&{>ho z%63fsJg-6O#J<4(#C!#&h^7TEyShrZwfrnQ*{2n$erIRe1Fkif7bb;IeC@e4@zaaU z47-qWySO_$k4Jr}WqS56I#Ui& zeY*rNtd*UzIn7dLe$@8-<)XeFd-!(#$^4ibuIN|$>fHQqvrnEel$rA@OjBEywU^uD zcj&R3A#X*mxi7nQG)qY3d4A%(6)!ic&6T@ZIHx#D?D~XFd1;K*v$m}1+_%j1%ciJl zy&KQRWvi%sf9Le1`1`86e;z&hc|}v%Lhh@Mq3YV^1fIsp0a;tzHPmzTeKK?Q0_L@8nffg|({nz(b9L^Ux#mBE;3}qM zhQbTsp%&XNmmHfQAlqK``2DwIan-Y@Ciyd)Jic+zZkfxr6&t4|urFM7ZChi^yglER zT&ZzpxGUmS{64_5=3CjKvV!t?#}}-6lCtxtw85K-({fCoW7hZD#HY#>Ig1?DvaQ=X z|Iv9_ySXWcZaH!D9p7&Hskj%CN99$;b1>bf26TpM9)w zLWSv(yFQmKJBz2;ByHN`_=sJ|!1#;p+2G5iJL5tf6`vmCSa%|*Fx=vv(l6QkHXGyG z%JPoKX#t0=v#OV0GaRhgYxI*SeZy zs+HD>f84X}dgr{l1WUWG@9lW6UJku<$x*>FaMsU!->#>s%*i~-leBN!ac57OG3`?F zsXn9X;+U(~wXIg%3b39p6n)&pX9o)(ces3c>ZAkmdD+{q1g7;iGxjaG&ikl)*@p67 zf4lv26M0iCUkZ18^g5qgQ@%pkX4dof%X*(0AC*7Fe`f3QN3(x-&zLE@am&ZPWjm)_ zd9ro)ZF?`f(<>h(`PP|gKuI}IS(?74TShwxl*~i;{m&otgKD9C^ zn>*mchu!sN*8=-?d|92TB(kpOHTSi$({fucWEv|ar_8x#yREZW=Dxw9=5toFc1`q6 zVrfZ!9cgw+CiLe0ir{cohXiL$@_oVi*Za0}T@9O=GsMXE_m28Z% zui0kqwbXb~zU{rt1wn-q$CY;eXAu0Mc0OR@vNqvqvW8Jns=w|WbE~vi`&!%CCc<%E z#o4rb3r$OEzJ9EK@NLtt;(IT{mVBIc;AOntkI(M=o4#dNE-rF@Fvv)wvSwDhV_jjyQF%(#@cx#Pe^hN&}pH>}x)j!EJm#s`^J-_9-!mle# z&Pv6buy;Iud2jFZ=pSiI%%_#hJYVj0VEQ5MJg=WB0=3$gUR18@_IoBaIen8_&}^rk zcV~S*9TS)uc;Hp_)!TP<*IYQX*Z*Uf=_mh5Yi|4s6T5b7;)V4l_X_ja7p(m9^OpTI z{Re-uCiY&iZmN)*syA!N9k#S{Rb9IyMV4GUUifhK%zKKT{=Ny%USci6o^SD3ZO48t zhv%%)k`|KdUc2`;ePF9@jJzv1RWdd!J4)z3gE_Os**M2NHC^^nYg1NPYW5Uly*j1L zdVT*^+rE}JI)zOV$rCS4GYv9u%VeJ9DL3V5(c-)VwHX`UFL>J6omj;+i{slqiTQ_S z%5)sg`WSquE_iqID-E`j3jONuOH8%$a#mWbxUi1XXX2OT?-f2(g(V7l+?;TB-c-Tl z^Y&A11YUXCx4KnG7ZlGb*Z9l3`|m6p{#ANBB|h$Nc@jw(V3~{ZLyc^IzT7OwNl1eQovpL+82wgngX5L~PgA z#hj_BapKqa)>=M1e?!=3`=z8Se*zy1^(FBeN&IlW&hl()$i|Jo)6LY@^E;ir( z^KDFj?>^}or;n=Nzb#3e(*H2{+Ft#~vg?mz$7VhFQSUaxY0|c{6TeEDKKu5cL8MOa zg}JWW=7%SJvv}PV?BSsJS7lQa4T8CA0K>+dj1yh9U+&Uf&rW?VMY8{%F-~ z=9NqKYrf;H-Z%AQ=~jV>S#r|Fdm22wzU1mZWS!r=`yz2Q!dy9Q9%=X>ZxbGQT_6eKdWfjMRuGL-VpE=(^&iHkF{po38dA z5*F)oR9>~VaM$`b^RAss>$^Cex#?td;^$X|KPDcJSD7QfTYJ7`jpawPr4P?$ow^** zUdc0i$~w&|;!%-^yy>OVv1u9hVUtgLJW+80&_zy9E>%WoFgCwcQ-RsIqAzFX!;{}wLWy?MvW z>!-Qwy;d&rTynBV_swMKs%Lvv2mR=_`PKd{t($9^pOmX(tZaLSyz|9duOc@q#!Q}d zoqxK9!=v?G``Sw%b=PveJG=Jjj)21RqEF+@epIH`=R7*}Rbt-FHFxtL#ojroyk^aD z8?K{Q_N1~o11$MsSw{xclEFYNf? z^~2P+U%qQi-ou(K`?)!OcAVCp$&nvLt`{37oc}o~`wjmOP4y!lPp&Tfu(xM+sAFZQ zzwGO$`tARuc7Dw7eEa1`ve9IXpAP3L*X>y}du3FpyrbG;{~6!b-^_maW}8&~A60R$ z(EESmY_)Id=__sHyWMFYzqTsB!9Ml-h98B?59TC$O5Kc|zRzRLe!;r)^RzbH`FLx( zJr`<{SN*6;o9?zd!}~+cJ|peL`+mee(l%4d zHFE4*p17_)^264nOZLTlJO49m!?ED4>(Wn_mF(x;`kz7g*1frP*CP_mgLm$_zWPV> zw*?=+%~fa-nVfl0XXn|9ut|DfUU(hj5Z$}r^|G4>D|X7hwwk=u_UuE+h+qCbe>aw% z4&`2z@!`adpPP29n|}B|!&d&o{~1I!yRP{WF^A8^LHO78)8%q1;=uxsWvYTI!XGJB zB!^{2icXj#^>DS@lm$NnZ?^WEhAjJHxBrq&{0HYF_fm>0>Q7pG2E8(#^>pj@OJU*t z?j6x?b?>L$nf2M8=TE|i)YELnON!)!V^intUiey~bYJki7So!yUJ?7MRg=Hus0AOM zbog^fR-AL&)Wl~qW4848hvi&d@yH`YM~mT`=-vnNEx*nmv5hr3&wnQ`)6u55!E)6< z)gRf9&$Hk0`o7EN(yhf)KVRfyTY_Cn-z!&$}0R zj5o8Q{J^$bd(Rwu+2HY5cjAw0F~;-!E>EbE+q!qz>+Mx#-Id>}#U|ckTCn0}OhEI* zFF)@1>q*a>Y_P|6h3A4FOY^p9ZuoGvweU8}^%vLQTz|A*{Kw*lbLTCuR=%@-n)sRG zKKHCYcR#rH9x<0oTU55$d-Cqr@eAcQFFzLFI#2kA{ql^c_D*Hbhr!R>*!(=t)`mr& zd}EpRrmpgM$?K#|JFE(xO}zUj;Od^@WffY#11>1^N@+ez@Pwmo4V+ zTkW*oWa7i~W~Y|z44L`xpWp?aX&aA<@iB9& zALSqLK0mNm&t61t!*sKK88Ic_*UdgSe>;EU8yn;7CGju0;%+Ile{W`&{TTO`=Qw|l ze{{t2Y4UB^XCdrejP74D{%eWr5fs|FMRv-YSQ7QPFq8k?UFaHiJX3LSAO@p-1Q|# zW?tMNd9FAn_ISr0QAU-DH0I{(qF?oooWI$BXxH|(Qhmu+lXQxrqP8saDLr8N!MxK> zJtN@9p?sdh1%+M@vQiJ_6pYM^XT97fS$AWWSwoP$*bfuGg$-%_+pq0inHp5` zUiOT}p{a1eY7Qf{!xxZQb=zoT$dig!k`3rtj zyF{$>*O%6pk^0qi`{DG)M@g#}-tLj9J@vtG%0`RIPkZ@J{p{s2T`PU($NnQy`&P5#*mvxAQKPo8w-Kf~s4UH=R}%-FYk5ATKt z8%~EPrvL85cO-|zKnXsR~m#wLI{B7Tl{R@uguegk;h&ztvD|8{?A9%uI9jX>u5lxMFbgfrAP{<^+G|IPIe z{6|0iyvKHJ-)Td871zzb!q+-|@;rLy=dE>1wLiNqK3AW(zHL`q<3}dxxxOxqYtF3R zlfuXF=e7SouDg%4eWf4ROztY0tPq*> zl{*(@PusRnFZ*`yQo#mG(=YW0_Y2lY?4BfjH!Zajawb$@IR z5(^XGw*SSXCr#_;)NTFZenkF<^7f8DrWvO3E&GhJcbvF0?TugI?R7<3h9-tWZCx*R zJT9onT4h?2UipAGw)p7sJZ;wvx6El6Wcx#QHIkVMQ=@*IKMn?i- zF8=7B{Kfx=O8&ua@6J-)IG0J4(#3|7C;zNov*ABOQ`H~a%ZX-X+n**GzR_Y2{jz>h z+0pr5r_9{WJk$Mo47dK#lhHH(KHGG@*wXrQ9s7AX>HiE(xqtXCoG#SL$@{c_yir zL3@hh{ni9MpV4cXq-7NH*S942)W?vkchA&s|M>P#eB+b-y!%-0XIfRi+;#MZ8YhQS z@n`+4SMG;&%~_25vNx4XWUJXc`SQI5lb)5jC9>arm%UEH^Jvr&f1@*oLPbTEAwQfK zYYH30ew+~UctZB#jT@)tUhz~^;Yr^c-FWS0x?FNtclyGHv*GQ>>%@1?%zbNGky2*E zS{UxOIbnJJE%rxQ)8gIN_}t}*wd)nQpJ5Pt<77(n>2R4GiG!;iANq7UVcYd^pZ5}s zDe9B7gS4kiEqA+9b*=PzPf54+mw^A8z%8e4fes9T)PhyLPVCia52YX7}PHTR+@7E`3m^Wid}t*3;?jB^x>V{#{kqGU)kR81awu$IOTO z<@RiRA>M7-T6CMQKs)c<_cvi{%RU;j$h68_kI}q**gIlISVUKF;pENgvEojSt(O($ zKS&i^`ciuCHb?s(w$;)1XHV`}SX9OVTCvI=Nxpvwt&ZBc8{xg)#tX=kE*Swi_ohxn}S6zE(>NKN0QeCfJ+*p~} zcxVEzYkjGTnNZA%->YY>O!IVIDl)St^X%4@pSHhkT;yN;=(c?OEMa5!+@z!8mWO&C z?YVzomgv3Ni+_rDgtorE=AZkB9&Wo8TQw4M9au5G!_%DdJ#o|vrJ-jQBYd-V9{^~OIgtgn5ntL*=J z*Vp>FRdF4^->-XDd|&?Dp4UeO|1;$NNx!5seeQNG_vi7>uGP=yN8VDu951&eTe?>N zP*vDHg^S4+Uu>?+KJ>m_?Y85S0n;4j*z&i!CExDpZMo#{ovX$At7g%j{q9$}O`bK%haS%Ry7oOj=P!N%llu|W*0 z{Haa*Q|-B4SFyf5|3^h^lcSXy*RBW6G4~_a`*lx|?f7-XP~h(;-=Fg)W`C4_bo6_F z?jMC;O*-Y8pSDkLlD@RnMssOR%*WDi%a>-~Q^^k9yi-$VqD)@=sU7ApXXuJ}=zcJ=x8JJa<~C+{tNu<=~Ue}<~tmWC0TJK}nR%HCwXkl$=K zbxFl6e_{WXCX+X}XL<`ouD+sMwuWo==dBJW-*(0Yd43D{a{PcX2)!Mf( zeRWjK?ReMDwR4UZ$~4P&d}Z5n==ZmITYGCJGw|@sl&qQS{@8BsBk8GEOI)~BQu4X% ze*KbqI?u>dr7Za5>Z5U0$~V5sb7joa`mng7?5+8&-I@n%4T}G2CvjJ-&AoK(uG5kX zQHD3{OnbZ?e{6kpV!4^F`J_JchLE~S)47l8Z*d>}<@({`mdvPEnVUEr44P-XTiV~M zantS1xk_KRf4cl(*XopBFdr+dv7UW~w^&l>PVS-f`4i-$KJM?l$JZSAV`t_=eWt9U z+qWwfJeB+>sIYH*lP&h`_oMXwnQu%^%zV%G(xLmkTjgmc>ud3cy7x<02*=G1`k1=^ zc5^LE&jOp5x6e08eXkPoSue}AN3zwVN?21;+5|5jsVu~@3nl^ z^Q*qgbNo1dc$fHr*Z1{fwnfgnGPV26;pZ>o=bq~I(oTN)F=%BlE61%*yLQUA{j>k0 zdtu$XoUhqTpQqnd{+Y#B%k+GyEBjl`59gkT?%28Cr<3i*)o51NisSA3#N%sRwp_7E zn9kG9kyaky@AEO@9@mf3^0hyj-%Rg_jPhabySX->^KkgaDVx^F+@3Ps*T3qzea3lC zk2YPlXZ}-|1m?`C6PeZj)_cK=3tQhV>zS;2$7?OmT=NG_b#1E-eo#L6kK>AB*QZbH zpBJ&t+;Lpia$WYZdjdb|tCBC~=PNa*+!Q|Y^Zjwril{r2zw;=zoL=R2=&WbFFJPZ!nXHECK<#t!U{Kz@A z>U&J&vt)x%%l&2jGfnSvXIOo2z4hyY``)@B!#2@p=KmRZ*59-4b-QMBG*?n}+xPWr z?d&SFAMD-Vyv|Oc!aQc%mN^_(*DRW>6m(ohufq2Akv+n7`g`na|8C@2pOvDujOF3^ z1m9X+uI;_&6%W0<8#!O|$K^xex7J)b%ENj>#i%i^Qg!aT>D99BH|Hlz&bT#)ao*Q2 z|MotZ>uI|3>t8KKk&GuIHq+QPnfi15vD+DO*yZNrPAjJ6_dl++T{A4Br!RRGaD;X4Z>5x)H5ErQEABt|@!`w1Thn@rHXnMD%x+zE)%$jBu}4VS zVcx|GVSOW=g-B?XCJ-_UeaE{%z+wVdE2vXFG4(OT3y^ z*>{U+t>WR0U)G*wvi8jn>pF7V>}3R7;sLp3n=^Jt{4zcqXT5Frhj%lVROBE2wtc&C zTUUBwYa@rfwS3k`dAT2XhYvrij?QkM=6htz8oQ6@vwle*i086leYl?EU?u-iZ*AtH z{d>ELKMOY>kNUa!G4HpvV*3kOTMv0l%vg1zz3s{8m_9!LB$Iv5e6q7{6=Xh->64z9 zE%ZBP+vT*=Y^&vd2L`kvH19~0!iHe!jsjM%C-ZeqI>J#VyYi!Hb|_ezY# zEq>o)>pUNG<}Z%5DcW%`L3?)JrDr9d^HLAIX<8F?FZ!nWvHXl22@Mc$|CdROK?wX3?` z?qbUtWs-TS!aWyd-P(F>)~?e1UEv&lC)yosS7$7nsJHay#z*S~qhs!#%YAz$GUx4y z6YDY#YqigHEUokA+Q0I}E}IEVrYrOGX2`x^GsyB~ciA!R@@ZpZO=*V^mC0w*PrS?J zbX`2>($*Pkzj97`IYWp&Fjn+<-xt@*Ld=VQwizGRcrxqyhxUV~=Vk{_ll-!K=JI37 zJ!)^4kc92`(kO*J0-MVw)@fcBih+7!w-G3F-&Jv z^Leyry4%P5{p+IsGXzdE)~Y#LxZO7UWv>3WtPfY0_^)`it9QpXb)mZ}CC=Ay?S0sP zbN}I}w{!0;e~_CId;6eb_>Nslw##3h7cE)kRjnA()su66nx36xmY73tzS|U;+7Hd5 z`R*Um+jL|3mYv&R%x_p$bD%o>qE&f|o!rZNO0)fb^sbFLE92aL`G(a-S@HSLBkcwG z4~p|HsW5lAqWJgb-@iBb_wGDqz{XnUR5WShQHx`?{1W;673#mktYht7C#`At*|BHh zKhv#``#EmDm{6aUS$=L>&w|!z4$=0GA$#mUJU(it@G;nZ=}RAT`*)8Lx9nW+wDIqp zuRAXJ`X4FRa@`m`wp z93~x9GD|OydGdV0`tsRcA8Mjnrj^Cm+5dvY^8!Ulsh5`B7h>A{N%MuE%MG zW7G2uM}t1PHz{6tuXZ_kW9e=un=3aj{Jy?0Tk42aN%l9+g}JUXtYTanpH6&Zu_{h{ z|FyL>?v;<^!Ot9*6bG#s++GX z%&FD(@{PN9>yfYYq0jA^)3Z+6)G$@Ns^a=OyL$c2-%*#P{VvsLv;69x!eFjfQ6KYc zS3UP1r60xr8926du8Fw0_sGO)sgaF_AN-88rxh#>D))Q7*x7J>%kmQ!pU&g`J8QkH z+v>;r-H|HoY*IRVrsLQ72nqLSz`Yf$^~xxkb0VX;{25K#N8L>Wj*%h4_>&Wn5QK6&bq?+ zTYcZ&`gd-h&h^Ph%Diot$bZz|cuww>?;Wki*RSJ+E4)Ll<>#_YKDObGuf*pm@;mqg z<9_}QtvGc1w^gl`tjVJGLy4V&4gR7J?Syy6dR?9E-F}A2$J_AboG+rU9*SgMe%fWT zCg#<(6;A`_Eqw5v>vnWzcC~Tu?s74;?IphY{(H*y@3G$%+!7y`9saPtab0OYuWRv& zIY$;Vq&G)Td=XY=G=q1=r_a4V9&K3N8#vkH)xxQ#mRR;=XTR3qj=p)wYrRib=C!;d zXIb~y2%Zz~dS7Gyz?Scq`_U_2#;47hwrrWtUXfcGzBSZSv}#xXlgt@ZxepH(F7mA2z}fh4_Bzd3W^MY~5hl@L@%hG+l6r~wwp~WI{?4=CEZV6QGxxZK z%~kLDLa(g!=CZ!)nY{HwzmU(J_Hz|Vd)aOu`W5v~KX0+jW0CHMZ_QFGCS9!hc(mNT zWA%!g$_J;nM_5|#oLBzvzIe>phdWF53*4~jT60u%S5vmtu}ANHGnKb&v-4@!+)=b_ z_v!gu$MdT`9M3bl%XZ7x-FegIZ35nWG3%T)UY<=2H(ME7ed6`Of;4&k+?67GY*)qq zXGlBBeCFgf*Mnc4&-#`Bu>WvA`;YF2zwW*YP`PyXNNB2!N!*TqrJvhYFXy%PVC49{ zaLVIZU*&J!f2>m$xUPS-)|SE#3+FTXuUK0U`sU{>vBZWa%O0~8*Gt-QFmS-o4n&f}YK^7+YJcS_~9zO@%CJM>XOQ|4eJq|$*T(u= zX!V_btEanGeLGsM=a=>3;cC9nl1jhjOI#oPXAoR_#w$vC@`S=evyOih-MVh-;|NoU z&eRS@nc7 zXJ*WrH&68j({c4Phx?4gw3d zooknU`rsdWw%WccXHj;FS-q88QRM2gcB&O=4_@>?>K0?uSo(x-(JrNPdESDrHo0d% zdN%2vlJc&AgZ+Eu1)fck=e~8a>Str>Pd_WEb^7Ta*<0Rh^+=L`VXyN^n-e^}<8LQto^C7OKCf)XY)ANZwlWtdD__aZ{wKD#2gvo6G z?yB<*rm;@h+$WyhO*oP~@oI$B*Y}Ls^65Vk7u2L)(7BQ&#kXkNuYLUY8sAgLEFNx98?(2)dY1=H*wx*tMwo2W9@cpe_uMdk` zO*)zRXs-RaI~HeJJM3@X zT5fQ@-~vw{W1eeT{UO(7H9|k0ue@7uzl#9`JgRY4A>u z0xOTHr~X~u<@&wnjc(~(A%X2-x9cuyyegHUIl_KE$t{m5^5<(e9$E2a|1gftiHtd)?d<*jXhR1x&~AzS}r zd!E-~FH2R|ggt-D!L>7P@w~4y7rnk`)AvZjw7zXtu*;9T<*bW(@4qcscR&Ba^W~n} z^Hpn1|IS~U{rkQ^4fDs%QAcG~P5M!PBwl^iaZ9dRZRJP(hx+BWl;7IlQYU}+=BrzY z=N4x&+!bjl)j0h5Xl?DI_pNo(A4|l;FTUIu6_bB2>i!djf1SjW#hzBg#Is+Z@?&3|k^+;5xupW$J`>mpa3+{rxICs%CcEk4|w z+t-;R>eM5jt5&bB3A>p1S?9|SF}HIP zi@tnYwX3{u>+j!yJbwdB%@Y_eN z?sn>yi|9+nELzpo{!b`+_l&7|iG4bA8d&v$rhL6n5*(2^ZN2HM%~SuqIB9ovcK+%N z@$fuTT`{)@Q_^I(F8b#C^=|hSi;!um3dwzBYg8F!nVZb<`2FLhs@$UIPEWJHVd$`) z?y9Lt@p>d$*UJVX3?|>GCzF3!)k`vwPNLC;m-@I z0v@g5@}0iugWBBHY-aZq8dL5b(7h6T`(fXji-P&(GE3x`wif-G51KQs`8iAW%mSG$ z6P|oL@3lPjqnxi){^rZTl<_+JVc$-cH{U&+1V6ofwrQ)Zc-)0$ zlfo~h&SaXCP*gY7|DU++;hJmn6!aKg&bh4cQ@94uhWc8B`8}@b=+v~9Yx4MrD^Td6(Y-QzOsZ1ygTf09?US_6f zzDajvvc#Q5ibuJ`e{1|PaYc-c z{=?HAYYv|B=rNZ+EK;-}RHbX5%#Y0VYgFGK?47$K`1ab8U-k!Aub$E6ztUA$__XD^ zsN0XjdzQ8SyPe2&de6_qN{P3DXFtjxtD1RN=hYey>ENyDCs!`XvQ*x(<45%3+dn71 ziqr93VG+?DwKVhLdY&l1b-5^`l!S{2APl#+1GE)Kb^CNt?+H%k2V@=o#aaF~H=$CP} zEB<)yzmifdotvVW_Q2&%*W&zzFRx$PdTgc5cE9_dFP>!nurlQR&Ly!IUv00K{l}e= z5q(HbbbiQ=;6~MxKcgj|Z7$`%#r)`ghi>b($;%HeyFKw!?K~YbTjQ8#)3YDmH51%* zQ9PX?*v9#zzSqTzxw?XpGyW{BKfl#qX~X;Er1MT6^>#cD_-M9K``xjco4l%5k2h~I zDJ--)tu!am|L2!=T>lv!m3MCa-L`R?nuYuFx;&8v0g&X4|JxkP&%=bc~H+)X}G7AL(S*80%46K5}Z z-Y8$keAN7Y<__=f-N)xWz5TRDeu{k5MW<(ZOZ%Fmf2>~ZrE=*@#8riaqQZ09-McQU z?b`plX4NN;Gklj%oXx-SqpZ4v+2?j-!|$!@m;ES+Tz8Ch_LZ&`OL=?l%;`%zen396 zxUgLDXaAYiFK4|hdC&cFn&z{EdCZNiIoIaSU3BDjsOLA^SAW77Z@lYY`Or0J#ifnY zH~QW={af&y*FUCp&e=Nk3O)%1tZ}hi&u(6O^t7PIfs0*jonykZS9y9f*1g}wpEccj z)-f?-h0AKw3KF(`RyiJI5x>?x_-g)^WxvIyee^BvpV8MHrdMj+ue!$Mf1wEjnP+~qy`!jWqqZ9NdYXPtr7H9y}sac8by+M>_; zV%ytQugeuVj=u|*TyOqk^T$W0BxgHaywcF);#kdBbzS^%f2Y;I1)pw3#|rfnc$gl4 zIj!8PZ^7A8&55&rbUfSIqqFW**VfzOM`wM#wp%(TYrF2295pw(^no_j#|L zbc9S;VU9TAZ}XN%_n(<=*=u-UU31XH(zmvcwoj={Zue^zRc+Z`wdP@Zcj`XNv-VLJ`xc9T z3v1Wd&RXz^Z|$|6dY7$|xfl2C*(A2B>17m;T*)~D21(AZ>lPpU&%mvJ@0s=8sCui^ zCrW){+iEx;RNM3X`xpG|uJ>W<;;#2SyWH9r?FoDQSMy)mgn3u>a%UB(beUCLT%29r z88JojeAc?pM;ztijBY+!alW>=SfyuObeW}T)(xKojxO0bg>N!8c3+(2uu;0VF+#{9 z@ZPeIVtbeU;CHd=TXj1n^-SQ#gK8^&%s(z=e%MxVtM>P z=%yb#W8?lvH*m`8rwYyu?iLbjR|Y?;nt86wWxild^|~LQ1802>p1N?W`w{JVyanH- z_U>6%@;hhR%Zc|koB9i8+bPV@(Q^s>u(9v!$|V{98ImgU^c2)GH!v_STz7h@w9MN( zSGI`#5^wu=y{IQoRfVrQ^gQ>=>B29KUx|Bfji^~NYwOAvCq69+KUL?-7{1j!a%Xiu zzjU@GSJRKjmlp2jc$&ug_Lb@3+ir9D@2ybo&r*KU{~|K{SunY+5?AGESvIrW`-he1T2?J8}9ZEFinHW~cvWUY9#(7N}C zY38C$o4l%-Vo~$dqzh}G?uG-1ps=aP3^&1~6Z zpu)T4ao^R9b^Lc9%VsGHZM=21r|)XDveEMC(?1<}e{0QQjsRwv@}-T+4JIv29)~7- z7CgJeHZSlr|8(1|{Dqu1iqCHKYL~65y1JPAWcKqt>Di@^U&lQEHfQ3gFvmIb3}ct| zTU@Qt=za33&sqN5#KO!M$@gy^Ix+3TB&Xivealwe&MewSQW7}H@AO^Tk)M)S1;?x zY@hL5KF~WcTY9IF&_b(}(zUTl2iGsR*FUxAVzyHBh57zlrd!|rw8~QS=%3J!lic%4 ze0BLg*(GW3xW3g|R_@{?UwWFF7@d^^_c`jL5B=6uUf2cMQ}Tg7$ED9>Zd zlAIFw!M?#nX=2UUqhIN>QBB)qBt0c^o*YK5f-MInLr$Jk4AEy;>RP%)GC%acwV?#M+{New?yd zYbGhrdh_Dz+<;{r&&%)jbJ%L1nb>l@-=t-;^?!z_*I%QLPGe42{%}}g&1_qir6zUUJo!-9NWf`1bL{9L@lSxMe%+C0-c_ zJl*7>wron?nN^!R_hw8n={|XWZF21W_xajA+r4(Kx_j{VNk(PmjcdHU-FD4=C$nkJ z$1m&M3@<#}dv>i!qL;Z&cG_WYxq!QO!tz_!#Jzj7D`myHO&ZfUICE0?IOU_J%Q}5C zdcL{ooY*|KLyZwt)3%xf?%bBcD#JDZsMVQCcV=tc$c@{vE*IeGf91-f_O_++MXb<2?sf*s?#473lJ4 zdzXGMUV3`vd)3E39MW0LVNX{vTqt({4T@w=8xsWZe2TNW#>74Mq2p`1^YFl z5A74!F)z{d^VEK3o6>drtY_C+r?$jI$-} zMyz+V6h5C@>h;#=+j5U@w^Ho)TK9ilEtTR~pLb?C%e<)xb6c%ScQnMX{*zm_^S;ol zMGQG_cb*T@t`6DT?0-2!HIr{>LGOOK$G2`(rHUskGT9_OW7q(yrX?41J6DrYFU^T-L7GeLUQ%_xA0Z z`)*u$5UySQ$nz2ZGe7_3uLI)l<=!>kc=Bb0`1glP438Bz_f%b*@}@6pYsn_Pxnb2i zr7{_rZCwMe)kJ=)c57X#waTa{%Rx1x%<{O!@wG*Ewk^lGkIU>gl(aCt>UDNb@RXTn zD^?#bHxJsh=0-qWeAPpn$j9skbIvxg8Q5k$+pF1mqxA98f?pRWJ-p@f5V^H7xr)a>JnPN>!#|iaMh(hs-FGIpC^3s%lecbo(~fj-0YlZ zyY8+?-@UC%J&(E_3t8~g?7Y*(g|T*bG-47M8^hk)xSDR=7?E=OINQo-p>Q6*x~(%; z`YWmiq%hyPF0?s)rEk%ZzSlv!c21oYy~xu>FH6JJdUhsLsXN|B9GW^aXzG#cTjp{%*@MH$(dQQgiD((H7Uw-wXNd&y7%FJ>9d)9*YemIrRJ{F^X1Jb zd9fsSy5^Q|O6#_@F3I{)RSoZyuq;tL3KZ zX&sc4=n1^>xON`45iGemp($&9WP>ugkt(-yFDoccYL0EWxLJNfC3>`>S3o>x(?}=I87q z_cxdAU3yZ>_47K51M8H-f2gm!apb#s8IM`dr>)<*GcUyKoR!8RcWmPy@5PzhuboZ% z=5g~y+4XSKiKnf?-4Dnqe+d0zWNjjouB|P)1#cQN?Zl2`c-L&&T-xkec<5?lGTWo~h`&CRi#;Ja5X1XK~v-z3mPwP&H zeAs(OoKH{JK_h$q{!4L};ti85&PT0YJnyWvtbVKB<6a@1riv$B@3&0#Napc)KF|94 z#Ftf@Bk%rM+q)!uQH6SVuIIMXdWPTq_d0KU5jbgU-#*111$^v2!GG?V?R+%pj<$@V zrL2Flr-G}x!W=1KE1{f8I@^^kL^a9+w+QznPYgH|W_m0uEM)rAAV2H0xnK0mJ+e-T zKTAHoG-}KA=Ho$@s}|kap0zP=nF>p}OqYMsl~R3$pACU$y)NcCPwaE|>XKv#IPgWb zF!<*Iz4G*B*+!F;xVKDTb$P?6z&F*}N+`xWYPoW2(Bbt97px2ZZvSoP58u@_p}V&H zHqqGF#uVgko$dcH{LSVE*7`iRUrxUjwSStkaNn}Me2+5rL|Pb3DEr*?;)}KYo73_4 z^bGbE##@T~%)QXH_ENik@R@xIKf=9##4hDcKK$*q$i$*KRblmQ_F21qqrE44{b)Dl zE_2%H$N4t+-<4f&-Y-(^;XN%grz&lye8YV9B_EG>>MXyyMl9MQ#^luDHij>z7hPR1 z)f`!#RX+2@F4_H^f4no*l=xq$y+$ezU26)$$*{Lxf-j{QuZ|EKjOU5^h} ziEuBEj*E;uF2R@>Da!Ci`&^ybtElqUb&EfSt<<{fY?NdXJ|VkXSgYi5$(avZSBI}Z zt#Q+~U!uC!?p@e+tEiKGJ7cc(HU74J@y~+o(SHV~)}*vo7rP#%|6R4m_`%!YkgoTK z6ZWj_=ri7uw)~>~gT;0tAHK~ndHC?`8@tbscB*n+?%!2?;o#Y$JMyZw_P?qA@JfL> zGeAbL|1Q_dTs!8BTP57QYZeBwF|F!jt@*sN{$PZS>caD~OZJKKeA*^#`|J1h><_QM zef#jecYTsnZ^!1|WAFU4p3f6nuX{^1;d8{YtIqrXGqlzxs&}|eWNDnjKeMa9s{gp1 z;1B(WbJda`?Ts?{7iq1mZ24@@@kh(wb|#Bnxwem8@K~yZ@g(!|?~gX@F#cTEmo+2cza?@U(_%D%j?dv$x4$E$fzWR9o*8dD|g&&>gt`WPcxHtW` z>l-zRC%Ttyv(oz(s-~Pb+ZNulWL*vG@0dTH@p6Cs_U&rRIi?q7dhnlsZ^?g#4ep1| z=0A!*nvs0r0qX*1b?u3balEVVo?iWWll3IW`aRX3;}`D#;BlTI;zzyj-XF~?JvQuF zn6QQay5vdIFFSL>kMc(&sHkq$epiUlU&aYAM%`2TF~Umx{h z`NwS)Gt;c4!@WLkaJQRV&sZLv+056oXkwk<5BH;mHrID?HTS&h2@^j&zdcU9-t+B)UztADhAWBGWz?UB?x&xS9LyM9l9^q=AA`WutKMTm<>UA?>a z-y{=;#)+sq4J)~kPi%+xL4@J~L~@W@f)%Szk&lz&dpywZN?yyt(0rs^8U zUG@U&^h~oiC~ey`q3P`XOs0M3F59X8F}qM>uutma^|su1y6^=9yg1D=o}jlC?~GS&kTQbDXQsPLro1wP}$@B)UXu zo2Oo%c|X&B^SniyHop?uy=(pqeXlR^?eW~XUv!NBf zS2tFdNKP_r@~u32C$oB;>yqq!1{Jzt79RH@98#I}P=y(h}GKf2!{&;50G^70?%NA~C6Fw~5X`nu ze4DaMMlOGgqwCnOTtAqUzMbK{eP#br*GK!iR@e1rm8#si!{YpP`Kje$FJ3L5{^+sq z3bjji2|sQ=oIRV@{Y{wPs}qI$jGN;<>kn$%s6Mi&$@+fl?w?~Cx~E+x8(RKK+avs_ zZ0#ET&Nxq<{|sd*EY|w$v)=#X_~ZR?#x-4&xl#`lr%n}5PPVi-TK(r^M4ju-qphbl zM*I>@){Kn2^H*`lt}RXJz3&19?%(@$rT&%}L&`lj_LW&5;w66^di`Mc&FDWaLB4mi z)t*ka_$s=7!JpC}oNI1O6SgU5tcyLqa{cV}TpRO_pYd+_s5fh+r{&SF?v}qR{&;NL z`5||Gi;a1O+U#nRM$6|*YogU=Kk_%2uN83fB(vSuclWnUTe~#&$0l38nzB9TSC&cr<_#Ygi)QOBH(h)yySwbtnRtyk#lbiG zMefEwRh?|zW|#areD2cfY4a>S*nealo%>~4pIT*sXq#_U$^AW98;!kQ{9gS{t?QS3 zlh^lC_pBg|F(i*4L;1@%i}u$o$?}ojX6OtuzTc@=@-Saokj&UE3@**7i3ZJteYPGAV0s zezny7E%|S2*Bt-wpCRPK{I>N+Pv42!lj5?!;=zOPXWRBZ{Lj!?e@lO@?{a@>OOujDyvbXOfo{CBE#y8Io{>(1)G*6)=)S6Rri?oyOI z+ri~o-*5R8zq-70O5@bzOS|eD|M6ZljTiMd@6Z!I(UTjZzS8u|wcWpUD#HFV6mH-8 zsq=+M_}uLJjcMDLXQhXKShw3mFNH5Ky6t$@^_y4wUR;`%>$Yyvg)i|pwjYo>H~C}H z_s|b+bM~cfuuRz7?;IaQ;G~8yja;m-LAR z&YS!CN-6)X{@-q%3LoCKoC#lf%VB;0*$-PcO3V#wzxvQ{`+}V+YoC=e`~5i2CA=d3 zw!$}we_J2gZ~b!5{+fwL3EQs73znHK=@zCJU)M|4_^vsTv~yp@{+s8o?fgA$dgSEN zBhQ@t!%WY&p87jy=abl&n#F93_b>dkZTX_?Z8;b3M0yzB&rSXD-2KW{?~2^D4=2t{ zWM+{1b#o8nk}OMcvy9qPS1bPsRm54$y~e`BE)#y?(t53|vLAZD!<&L^IhFdyOw8leAO4YQDOG!=O0I#*(qCN*95QX z+Wo-S@2Z~L(gj)Tf-Kn;cZKtR=zskF@LcKO>+k+4ynOWNcGyP2MN{rRwXk(xTJTTf z@5ViX56%nR$+Q#dGh~^e$nk8K!I#1xWjj?;b@I3cD=aea{NC>R%@w|E?R~uZYQ-m6EBf zotJT?=Fo;3_x}v6>U%GK`JBD-N0zBayAgNHm#^#gkLz9~lk?x1t68i|elWFd=A(Wg(|s$G7AV|_msnqTN8o zE9M_I`zMynHDRs6_5=34SryUW!na;pb31f%$AQZWd5ZhA7waEPR$8x8DS2G)$N@kbLmIfKBdl*KE5N4<^bU$-U`U7{9>KU3QCiKEthvD?$Tr@M%Au|3m%! zo1c%~x7X>{i`|Mh`IQ;gmo{;e<(Ksvxp|NLzP|I!f;IhfjwC(q$y!pzR+iKAFBKl`upZt?*0+J=w#`Vm+uRnwq5C8ZyNr9{m9(( zM}F;k%U5Skik|y4naA?+-kd*CyFXmI|9AQkz6Iu|8uw-|{17^=_u+lE+y5C-BVBen zy>69xwohKtf8uWWpjF4_v1uL;OaBq{D*JENS5xb&9t(EdnwcY07_W8qcR|JUfWMos zKk)14lC`aInAU47;h9C{&9k1LzVqVbt__zLzPu1wwY)xK-Ss=QD@&6_jD)2a zc05|>&9QD_QcLb}J$|M=UG{DDTUfs&Y5!*sY3+27@hT6_*~9+ZEn|9crkT}~;+NmO z+w~Ps&3_pfcy-R*MV0w_2bM1_Nz0CxDwU|uwY7g}Hq|6I{i*&e;W>YHTCQK%W0*3D zwdU`G{u_^@KHNXL+rL+;ze{m)U{k=Qr)iFkL14?8rB^dqUUnMBi$NS@C>wTxit}tK56u?`*jwW}W@yDwqAC``CSPz1%I@{Gu6oJe%L_ znz{JcRrS3!p&#!*WvwF{MeDt5;R^=CtcN}ffd7=E0C)a0gN!|Ei?c9YqKf^i}+a1~y{BToz{J#rU z&vr|F7C$XrSNeHJXK_+azqM9Z^ZM|U^RA|@{84}Km(Imk=9$7ve5Vy3b1?n!@V8Ul zrF)jUe>`6Ia#qQAxu`5ZWiCICJK0~WAITqnTYdai@y%Ojg3s7nvahYwvH#$w&mQ+m ze{Ggk?d}-scjXz!Jioq-da%)AjhW&(!(CPd{MxOYR$Ft`&cy#vE$>=fD;>7yquG+= zY1t~b)N|6==WYGEZQ-gHziM~I#@#=%(f7M_nWN~Vf6{*^MIRFUStWaYl3|Z~wgBJlcu}&C7k}W_|mSA5qn%KcNWdLvC7i4s;ln$2kY1GyX2TIyj`+$ zdQ{J*g}0lm9$Y`XpTAE1UY7jUzvnx)E-l;an_N~c!2fmqvUmGaPiOyRzqM8T`0gvS z)Zer|=+<6ba;EX~qyxqCqaG~`7nM4@b?4Q#BPkYIxlXzFPrSEDe&kWg&GFu(viztK zTe$4&Id&FT^aFDYj{oo%y;PBZQ1FG6P=>g~QR8oXoc*0g>G zC7I-p>pT8g{+O%yF>bNlzs=jLzJ5xrDc#d?XkSLi{9 zlN);BiQHaExTdg*%3xOPo_ zP2J_Hy=&%+=C8f+z*(el&V1MP;venSe&gpqsk&X~a?-B#w+@R1*l%&R0WPkF; z*Z0)D4=(nt7J6^C`dO>;I-~lfHFrTbgt9L_oLlvzP-efZDNZ1OE*$=3ZnHj5X=&G?nH=kd3= zEgP?{+p4R5%uqTrcR|LD4aa24*VdZ-`h0l%bzv`?$GPe!Y~3nM-vxFDZnoKVDKxco z<=gA;^FQpmcmCnAx%tZLw)vE8{=%(aP`C9!<}|VSJpUB#X7d%+?&v&Vc|L0G%9^BW zHLm$tzcxKxbH{Y^+o#gkO}p1+msh?0{p#|WIQQT0?_6KV8JO=@8Jc;$ZJSQT#+tiGB* zYu1;AL1xZ}!&kf2oO$-PuXV+=bcYD}+009g-9GkiZ~No@cWS=;=_0dt$Gsw!_Pg(@ zG+8abMe@!%hf^!x&stray!=Pem)CU)f1jLrxK`1xT=+t`sts57&ilb;D^*V?@A@(S zk*;i=d}LHq+U?NIj8SP4M$Xf$3-4R5)Bjc@bic;ed%u_m>y(3wLnrral##h|`Nogt zW8(iAZq3tli}bUZ(f?t6R`gtZ|IOPcc>mrm!8qY@HedU#?cWMq+_rkIR;emKwBlWz z{Ezd2AN9Ky8{9mt?40xCal(1~xrMX7uG_xybye@P{vx?!(bF;x^>I!1+5Yi-=O5?f z+=t#TqyjVLUUcdCbkB3&8~@?WudIr7(z$H)U$h(AJm!3{e6~~jQmFFjTE029kr!7y z&GmDS{2{(N@?P}o=N_e=9m$_Q95%Tx`@`<;mQv3z%foLsygE`C?_CpdMNh{@MfXds zndLgBwgwM}0QRg0`_z8a2k-h(x#ZRNk4K+Py{+WLev04b*Y)Y$r#0OEtb4w+>1?*& zombZ_^V{q{bXSx=_LpWsj)u&e{vANgcEV79>?EZZrbr}{e07S(buonvF_YAy`U~+ zqv$Jn5u3~v_g|l18+~i_2J3llF+!f}wLj`jTp9DD;q`Q}O@6Y6=O5eKvzgVeSHCi= zvSQX-JFjZxoBw40NPT2KqR&x(DD>gq$n{(gd~?~)yq@z|Y17vF7I~pBYn^Vg&Inzq+T{dj)Vp38>k*7VjdZ~ZRnrG`!O$cenLJ>gE_tTP|iAFB;Nw#mEr zQM7DisfmyKvuLALRZ080=Gv%l+O_q(=+&dY%cXbAl=uHJedNzqVRHA?uBMF^hm4;z z$MV1V{>We4^@02kx1}F;?76gbx3O9Bv#@u&SI_;J-e+TM-mu=}yikTz&#%d9x$7h* zH2j)4FMILd+50oj1|OWy{ouo~sSg;}itj2qalGNle}?(zHm%HyK03?IsA$W?BXyTP zWd9Rr_|bRl_?xip*V!~4hMl{_XtAF6^4GcPVd*=nH>_CxO#S2fq`yn|xIWr1yk(oz zy{=gWpL?3_*f|N$`nWpQ%-f$o#wq1z=Y#&3s{udq&ZsZWc(LfZP_*i%9lIvE-Z7t= zHT#H^$;5--p6OgPkPEA{_`d2sS4pgP=(Xf6dmlez+%Ctzw^sh6@q_uTU-H{-rR~nT zXt1-rEXmez-qwpHJv&S7BBD!n)K0u@sqjTZoZR2Xm`S08q)j3}s z+cQ5v%(GbM`UOd~&ciF2ZME4|(oelRm-PE^_^n&KPLXo=SZf!U2m3W2Fk7{x*WGks z?IZ2e7rx~)L_C>dXXv+ScYk&C&y;z$Gmov=Dz2<)-g52KofCQ84BAHDJuTUkW20|m z1>J6z-I;1%>0TJ3_vOU}^GOm0l3I6Nz1LmP%AFBV5%fDKnafx;OZ@N|5dUf_Q@8d0}&biC9pEz1+JHN~EYGlcZQ`-#px<`FI z-};|{$Hsf@-GkZn8E1ZV$T>4kxcT<$x?6ccLS9lE|0(`B`DnfPkLG_u?a9d|86qcB zvy=j_%V;o7KYCxt#{UsNe>A^T#iX~(!~Zk5Z*{#DS#7Djwse+y_tyTlU#-s@+h%4- zX-cLEA6etv(`4`U@SnmR$F+CXUVY-?*TW>y#&$pJ>XqI#7Xw>n@2Zlx)!$d+y7Z;e zA#3fuy(w$6wP)D%*JL)O<~s^>$0E3aX5E&6PZx6MMNNUf@o~*;Oi8VPS{Q_}6E>`@{Iy zTUXgJpCh}RcK9hrf}H@>YmZ$G%tZj1jW)hCN&QjVVAZ<2YB>!bWFspyk) z9`DF=SkY!Cc-1&{`qdR{bNSvsW~#BjT$9QByyffRBIVwqlb;&y9yl8L(Y-V0@`0dj zGo;MtGVQzg{dn#1dpl?Rv3~e_cEp1{(?Vu0;X3#8LDiMd_ishLI)3n%_PT|+l032g z{%gapSFSr77W?Ls>-yI4Y1j9uY`bR4IZN{G&(6(vN=(_0+DpA=KDz0Zx%jb1mG_^| z73Vp;Jb%Gj$A{N1FX<2Ny1Tf*{lwx1?Va}gb}~PfA3h$}9NGW&v{>BvbdAIJWnW7? zUMiOJ>BRoZ&4<3e7t5X=l^q?UEyBBh9p~En46oj1Ez~AQC+KR`H7q7cT zItcjgSzY~g)h@CA!dezBCC;n|tUHgHKlmJXRwmw5mS1ZduiIju&GH?2au&I3LsqYz zzs26NW*+;)D6=}1-F+c_Z>9#_NR>UlwoGb$bDgAPl1`0mX<_+Fj>~86>|~hu+B^Tl zv46j=iC;5;d_T%uuc@lf32VO7XSnjVaxO&Bj@2fXeEPojL zaN75SRjPNFKFHs*T_^eAxw@dLtMR;ll&)_1ak^sBH}0K}u3681VIO&{8 z?#7?#I{$Vatuk5VXLzM+MpjsQM@`Y5OI!6heHU&y_%3~hAX`|6n`C~oRaem-yN-5=?P?x|gU7oaw`u;`M2ki>MI z?6!5H=lqU`>QpaS^UZLL&KJv4!^C{)V+{{yJZIb0`k$dC+y63GrMJx5Lt0;suPu{P z{E@iy#Xhmz;P|;Z%RhY-op|h1t)EqR&;9JMS$#|Y_VONgzrEYma-G+V47V3wHtcw{ z_3pLf?tgctCkh|mU~x`7AH!I}NeOhy4 z?!`|x-^Z2zXW;tx*)!R|ny)H-t+VX%&Oi1#)60u2{8mes%WW-O>~~Aj>eK8!bNi0} zw)VNao^9<4*XM3(oLl6MZQhfxPpa?j+1|;E#8}=v@B4CA?yc#J9`PXIXL@GW(;rpm zavz_jzKcaQs2p-p-PU?kL+$ zVkhmjljmRC^V&N&`BD1jEjv*THv&lWGp zN~#Ss)JYLqzVXYt>F$%APxjVlUin(9{P5}Lic}kSonsc_j7C57jxWEqOP=+Q?sd}x z$B#@n$&>2Yc)GwnYx%>~Gip3Pyt*I%F}=fPb#6%aHS^P*|7nyDF(oVLu_sArMN%O>QKJmIf zoZmQ2&g{drEj7h;&)$1Yib(6b)3o%e=lAttAOG!sc%MJ&){pf^%$Hf$D%Bgg_oPg6 zWOR_Nn|iWF<$_IiV*aX%3lTccqvo!AvsUV*(Y8dY}S{k zY4hqUe`bGNeRy;9EAcRi(2z|~ z?H29b^*-+M*1vZ0vOkKF^`@8jPg`Tz`|-2-!?^gz{QRd^SIlh5-@3%y1!|j+6Ha56}`eoiwuM- z6wLSw=WX5lk^O+VdHv>ddq12%CU&p%dRtwr(Idxc1(spKcaoXr{tl_ItFS3vR^xhk ztpvYe(5DQGpZtFAm$p8-ruwl*IKrmo#H_S4Z0G09c{uw@*FC;-FAhb`$P~cL$6OcRaj>~=gs!`nEvMb zN0*qJH`ja%|CFD2`*huczuNch1S;kqo~Lo4G*|fWhK^enE_3+z#-3g2aLntrV1#S& z;@9GJ5?AuLC7yj&2&&Mk)w(x7IkWuH$vwhr-9k&f!=fwecl|hF+W$D#Epz>wKYk6I z4+2Gx-Fr}OKQ;fyx^tJ0O6kpA`_foq{R6{OTzr07iVJxTeH4n$*uQz*(xq8uK__ag zSN1M6o;1CYyB+U+nnMbC)7UkI_q@d0=;e1>Cb>%A^?DFrJ3shJ zZ1kRvyV=nWmsPImKHc@wLG`1(CetX`( z)~)2Xx2^G+zR1cP?Vh%%TVjTjHM6Cb9$jeoWB$R!v~4=}TXc>3=gix&ZuY@?k$vJn zPCM-QV1A_g$Q6aq(C**fGehL~Bt992ZuwipYweq1%4U36;q;njm1}-`Kcqi=-hb%) z!Ys}FvXeX3+}E>f+uG#&D)nrlP3~{Sdzl9HhrB=7$5o$}ys~l2)bDS;+>Wccr|_}8 z@txT5<8{29lhpq{^5nnwHa2#9r=4cq`R(((&z9*tK6Z(-;!fEw(1`^fpFenhtebIJ zjmza+<((-vpKs!Serro%cG8?JcJ=Z+cD#S$WV<aNARQi;pR66 zo3qUP4CV#Dw^)%8INQDXEZ=g*PkL*goOs(eW%22$*U#h_Sp4j*TDJQEuY<|AKm7(nSEC(MfrWA@#_$M(`B2I z^pg#btv;P=bLrx0mXvZU^JC{btb!%hr}RBiWnf7?msP#LyN>C)#L>s{?S?y*`Beh{ zZGAq?PHn^76W)z|hG*lN%H|m*l&J4CnUZ6+#r*M)`rp@8FT~iVL*uGg+{b)R=UXVb+cd?7p<%3ug`lU0=-h6z;0yQ-8FIj+VdY`*FC7Wdb`%n{@=NKrk7i{AC+(YX4Leb!LaXUk?o5u zU3(^eo;QDWrm>T9(?3fNi?p!SC%?HL-jb=P&K0`)PHBI;{0G1JQb#UFzbdcNy=`&q zfcp!rv)kX;{#LEn>{a%`{Vl)lly?Sgj~*uk)!$pXwlRL?gNbpO(_DUDHpsohaF;c7 zlIQ#M?2NCLVn#P5@|yNuy8n;U*Yxd1Iq|jo%GGz>s;LwbZoQ#8|Ki5Cr zXs^!2vHrDM1ra63ZC`!e-fUyDiGR}%Jxi{V^q6aPmo)Z9*(~|7{+LuZceSih=2GRS zx0bVn-JAL0{jsV|Yj$nv&s)M2ZmWGocj}t!Z$4y(eY+uXXN8fb-1YD)@h6+^g)=7(vVo+D_Mw&U;$4rWZ`9uU zR;&FWtUpoy+q5kgl{L>#dXoNWb=Cd8KZ+mT`xs_!%Y3%#d6NFU#j}1h=PLJqcz!@P z*mIL_aBzUvgLDZ|_Rg())!om{`+o7A49A7$nEwnN|1|$3{8;cddAW8(1e;>zL8a-3 z?(^&9sz^=SUvWKHD`C3jvvme#S5BH2>plDSIAU6~uW7*=i=6V+yUZKk=!&ZBl}p)i zGWo`}Pnq9d9-X>s#d!%)lduob2H7j^(&S5|^i#yjl{Q_}y~;m%0=w6RO_x&nj^6ZR zjlT3&&cp7~;Vd~eH`}a)+`~pr4|mIi)!drSv1ri^mm_ZjCm0`J8@+9d;PP9lEn1C} z3eQI5TK(b(`zXq^oxAyL*vFJ#yE7j8*hSnvUGiwzvx!dUANi_13yrm7oBK#++6&&) z`>%wv!dX0i6cvcnnVjdYs6QgL>!+37tb;K%pSIUmedTYT&%TC3C@Y{@JGrF)V&QcW z%N4y#3it7SXj{GF-m&BjX{!4|m?y_=T~cGw@3z_Mcvo5UQ6aWZ(W~Vu);`<$LH}^9 z{rOLir+thr@o7n^4xd?Z{!#0_J=^6<-aYLrYd&5jRBXI&>3;^fKgIu!c7D<4cNSf` zS&x7Em4Bv>=P7;cTe#}Ze7!R3+0T=*rgxM^mUjPCoA_bXAEvCH<^u*bf-GXLAj+!@BT2dXdqs6VvrdsNeIh2k9r*>`Kq z7gZQPoZo)D`%ipnUh1dq(UI?1=GTM;&5ly`IQ2{BesdlFt4|02Ze8o4&{%n9PTI;p zos#Ygyl)^g0JgNJ$KyoTkBS&%i#r~amK-B(>hLviEYlD zxM=$nqy1XTw1a&&&ii}oeZY*CAhYEwR&MdrN2TP^Z&i98T>_i|3qt%Qw-_nvot8SpYHP_k40S>pGGwI22tjFvo|{A2a3 zsLlJNTqdekC&d2y>sV-d_TtYamMkgN#a=sR&huQNV(#2kVpcBh-JzVY;NhH}T*&?(ihyC9B$bYs!=02=vjy9W`Sh0OpqqK+fgniHU zBpfo+3d3{OyRNZd7JBVvUVL? zxc;uh6CP(7Ew0_=BG--5Gj*zxcJXsoI9XTh-%@IEs`tK{Ys{>^V|;JcKIG@_&d%Qw z>v}`Qh zYZ-2`e48CvnKv)U;yBZST}|-10m&Vk+YobT{_3<{AvU-9nj7HN$)>(WEg879u#Td_`8+*hdbbRHkS^6#s6 zD&EI_INte8`;)wGw=$n^(c9&`H@7*QyjrnVbf??~s_0MImrILy^95g?UX{W0=u)zhGQZ*UAO1@V&!!39 z4K3n#j@{qRBLATy{?Mhwor&kGo+@veV4b>w;kjv;uv_*4GvOY_&?np7Y&n$oW}Or^ zyfx!NamdnmBj>5FUk07XST*h9^h3QjzP^o|r?h+0%RO5Tgh(7%8#zzA+I`{={p0(z z`2wN>*zcaN(p@;W=fi%(vK+>qw7td;Wmm;lg#GjWal>7@?tR~q>*7m))c;O;o3l81 zdcl(G>uzM4*-3oZQzfGCq#<_q#+AEFm$Mgl?`%Jza;$oSarhtmwC_gj$2bqDi;AA@ z*>rbfkjI^hKd%>jcs5^l@2;P#n<|wyuejtMYWpVhAp3+aY4&`_zAd}GH>%GmIk2*+ z_qNAlk&VkzZ!PE#ei>74^|M6a)`srl5A{>M(>fM*E}RseraLFOYZ7>dvKbiK--tK|y`*YdJzL#BIHq7{%7-=QFW#%Nu`yY;$ zNTq(CtoiBsd;UXfH#&!@Z7$ASn0d^#;P}Gh$uVp@*KYkhHSI*+y{WrD3f}#$6Z9b6 zrevK;)8*W>bL`9aa>k15dSBbPu+;H1*PYE<(zdepE2La=>lF5^5jf_N!{A$9c1uR- zj#I@?$K!ilW-Mf1dFo!I&g8sQOXg?aR)?9L$~~Q9BWL{btZ!k~=~|_Q>biZdac##> zbw-}}&a|n>w53$*c!tg1rHtp-MsC{hd2YGPp#|EiMa$47BH3Z{9rX)N#v4x|J%sCh^E_EIIf(uJo~NoLKm6b@jEm6|;k< zal}4$igH_TcSUdB?|_W|46V_+XG+TtD?@n=ecieSddAN3-_fF}J6MU6=Vtuw)ze`P?WK~U%0FF(z!DmSA>Y3&zjZLl)Er*aZmZ`@a<=R zAL-rIleF?yX3^c0U5%40*G}sYU1xUc=o9HBwy)lp_3PYD_McL!wkA4CMftRb|H9Rr z={6guY&{_P((Ag$g%7`OA1HX)X2Ybtbi?Lpq0$kLcdV;+-_&>f*^cSO!au{K7oMNO z!|_;R&Ap?lC7xolO_qP>o}^vxeo?QCUAygl*dF`Ty!(3%zy4=Nej3l3!wHgW zW=mgax^~aj?qtt#-ahTQAH_DE;N9bYeRbHpwQJq0dAf5Ie!2%n7-W2YEw1Jnv8plh zO{UzV45|EYQ*JWM`TA_H^ubvsTnr&kWWsG1XH2|tber(^>gx+?%r7k6Ir}Zo@~p-Q zu0>a7-ITt3?ahvB%7r0*VZGL#yRYV7yQO-F?dQfH*Mojpz0X+CZ+YCb*!jYBult4D zpXDw8ysj*3$(4xPxl-ERMGaphlsbFY&CYwn5YxABYtpk{=dMb5uVm`G_w~%HU31Uv zEYsCVQc|ep-VzjMF?%2k!YoojayE~aQWca48xTH6GaZIcox6;$%JJ;D+ zW-aeFea70&e4yu2zQg9sZqv7a|DHZ6JYQ2ni2re9)tSpN=Pqru;bUJ~daJ)p?Xr^D zI|dy_%XQ^JTeYMNm}|8yc5mzRTrN_yYwBe&!=2U+ZzF>5AIy6CUFhadhqdt{p81J8 z=jAT{IqT8AU)85SYdQ)4XSg2AW#%qC+5B?Iq>Nc^J8Z%&A5EY2WRtQX%imX*wl>5z zKk=xLFTb|QCbH_5+jLEaeC~txz1eQxg>QW3m(D79`R2mUQ~s7G*G2p9+H_^zp2-H5 zmXDXF{`elZYkEMXo-~7y;cZFNxev2frtNjk*1Noe=lWvNcXysY3!2)W^5J~*lZ>!u z8s?hE&%TZQ)}EHTIF!rnVvk^?9k={P<;Ez#jXl@hv$YkZ4^6yndOUE;xl;xkbCstY z-J#BYX=RoeYa@r>n{<}YE4%yO%~>dW)Kf+Hj^2$WyxW&$I_{PgyYNIWN3CbdEa8b4 zn!m1a$(PPOc=F|}SIaNtE&2JhcLTfSnw?v|2>sdX_-uRkF5}Hn-3x9W$rCM`Jo#Mq zl|S0cxuaR8hQExfeYo4-IN0Nx0Gq|pYX0^b^|igyza4dNE^s`}cxmSh0lo2VT2GTzlqwLs>yT>fElzrA`akSTkex zv)(kw^-`IyGIM!!9sJp%Eg6a@UfMiAq+-Snn_1Vd?kiO(;w{>B<=D*= z8tx02*GFw#X@22)Zh=wmXO81BQqy>|d7JKhytHGbX}TvzPS01BzggL_L8&S~+a(^% z%F`*Fl)m((oMNj*+LH(Amv+rnj_nLDDEun=L@I2(^1S%2ms|E`xd!a+IA$30)@ar) z+ir)CHr~J2o22wK`IhdA@5p_p`)6k1yti?xOS3z7@cuBp@J4@-u^v-!0v7j6HnZh7E!TyWw?bMK226C#anSIxQ{-*Nxew|^nQZ&^y$ zDoZPe?Cf{lc11@|NyU$m{rXz*@T!s*f*iW@wmzR$^<|?XTi$Z!SywKt(@V+UvS%j4 zm-AU$7l|zBYx?Zn^wlTl@x-{?kIDx;E_&+(@L5{OW?xFsEo7J~J?Gn!ofq}KdM8ba zdavF$)!KMop`XrA=A-wxx_&OXna3F9=P&xq&hW$T!@}+YHgfz+Ym-0vKV;jSwmD0z ztUd7!YsI?#55G>?W4wTOzE^pf&B@@JTXNimOZ}za{@i=c>U!{l$R}HO1w5I0%qrY@ z%?}=v)(iYGT`LopbSsIvpPf^(vfSNQHF-z$?RdqoE1$Qd+ijJ;lh{Aw&aW`v-p4AA z9+tKe{cC;HCV4U&Ctq8~xuwiK*-vwt+r!--!yc6WUc9dAn(Lb9T5GK2y>{}n8I^r} z?RWI(YAIzd11*me+{Y|r>#fdvZ%eT~VK?Q+Q$6Eng3Yd5bR&)a6i*FW-qTl*xxVP| zQ~t}>Rk1%3_%BO`Nzy+ClPs{JBZD#GeRK;+C%T{_cEyu^KUU9O%M37Dre0z z>7)ryG{3KR`@wSY-m8Gl$>qvxYu-u~m4wWE6}r-CQPGrA)sNqs|7rYjnWmXjqgayr zv03e$)%A5XY#-tlKk(<@acymsCQI}jgC~r!cNb>lDt8$%wJ9D&rDb2&Nl;z8R07yi+r)u*xmK}n1Ah~@aZ`je{Hk-c3st3 zo1XEs*}`W2vAw&G-RJts-#RO07wgxjd*-FgR1-gM`b6q_W9sgiPg{4*`Lb$x$8wGv zzidn`&%Mnly6%3sYS~`VqeqxIFYT`8&35l%5&Jad#*Wx!J1zgoXHE1<=}Bkr)5zz4 zy=~&8q$GwH+KWsVo9?{!^5x3Qaj&C{pZwi;nD6JxHUE_3U;Z+g6+3OIX4u=wF}Z8o zR?U7g>FkYpa{_0tn9{jW`}I-v6BiaPzH{5o;_AbsdxiE$L^jR=xhcoBy`w z?h=Fil)igmol627pR2zPTzVvZ!r>3=?RQ)&jh>$QPAzBhoy$od#g=j&ijk?F^{SU` zQBdZ*w(Eu+Cv|vhJV9F^eymElru4zJ_rOh-=%rls9h2j|Uds#WndHh<-=67qW3i6^ zWz(MrfBRPadwe`zpp-YryXjcw?Q~nVtPM9j!;TzNljuAoaywo2L9LO$K*g%-zT7)J zE!df_Tz~cc&EE&S<_GWdmb|sQCM;b$Gjii`wS5eKoB#2|{_+2@Jvo776G7Jg>B;CuZY}t~nRyPQ16_%G0`Pwr&l!px2C z-zGe-nK{(nPTkhm++3WeFpS>veG1FGl zdSTaPvX?!dHr!zO_&QGeVZHnx-ybn;r|h|AI<4brDgCQ8y|Yg5^*yzz@llu6nlsNG zkqNH})jaibp3a8LJ@=FEo7i_*+01?$R#f))k#^tT1$Ejl=1G1i&I&X4Nll&_`lfOn z_knoflGED9w(r_pq?%xKcxg3zTOD_e^p6i4U&a}K43Vnc$H@1-M`}CE(uF-QcVs6& z={5iM{Mwf4o4R^yo=sEB5jgPW*>3x$dZ9nQkMiYQAH6Vn-M{gqy~Fa1v$chb{xcj@ zu21$CJ~!d;$931w6d&q1dGgEpx*vi68CaJ8aD9*~Woz#E@mFm0@-qzE+5a=7t(&!D zeY)#WSDA~GT7J&T_-xNv6Lj&9;)4@;@1A96u4BkuQo8m%cTGxvQ14fj>$y&R`%-2o zZP;f~ck;f_pZJf${{-|~Kh!SbHc_(dxFs$5XZ55H_unx7cKIQEq%f;q;7wYt&KdK+ z^8y?spIexIUeB~zU9FZ?=H6Uw*SW`g?X)w^4J@Um&-*vAx$9GPzUaN1uf?T$SN&&L zQ`2;OX>InZx>I#rAN>zoD1Qj+RJfA#pP_&GiF4Xd<$L3}uh@ybnv_`_<&_e4P&)hM zG`>x9Cw{H87fcP9y6V^wtNDF@d{;eH+pAbB-nBgC`*w29w`-*VH2`)$Z9Ahx>DO^lY=+H?4m1)#a*wnQ~{>{*n1G zy=$NFo!HlPicObZT|0fIG4j~U`Le7P(;M}+>NCbJeIm5kn`icf`2iK{eWpKYAF>U7K@|;`mw^yBhaZlNrYa6%0x^}DkMDOMV}7*y+mzc2JbpaUSeNf+r!vbY(o;k7!LzNp(FbSMRPLBv%(v&d z~MEIBCZvlgUe)7cX~OH+w z)|^||v2JbX<|~ip|7YM_I!7z_2-khDt@-OuXLIcQcQUCZ#k5MK;78b6S^v(n#yZyp z^{P%CnJ&+@<@AYehuNO8tA)dUSe8H8u&wA+wbb4Cj_s3VH%3^>9@BFDxNWD=lx{zZ z@2e}gvO_8^p805SdBzjPOQrfe3LP&MT3;QkTpMfmuGa6yiH#H3C60UTue9$pO)5-o za4r5`eoy(rdb_jVbl6`ueqHy*;iKhWryn%iH^ve+|v#>pQS*WAjCv)Xle%XJ2K zHO9EV*=v5df2e;{-)Bpw$l zU0>aqD$k4in0{2<49=_;RFrtRf1Tn$_?2)1y*bGajbd&!==VV z=ikZy3>;tAUDzSf5pEl^X^-^N8=o_uXRfcanlF2^BFt>-?aG~n*Pog?AF1d2qi52& zPESvw$@0{f_3Pf($UoF&_7V19aNF*sU0UhumoegfHQ689->M%fep%LObK|F|RYP@M z=u@v&SG(|?uM;=^yJd5+ul=;}zjO9HrPBP{)-5d9Z1tqox#zm%>bmphW#u~ad+Frjm$zj1Y-U$I&?7f< zUB|KQBmbt{Y0+=>A`>S6xLVxx^YG)c{zq@EkJ)E*d(CAC zJhjmB^~?B;@?v{jKiobd&u1#jb=;--Ex(|^L${FUYis%+`E&eGK2)c+;bVWl?&DpT z7w&M|)fsL*L9T7f;m|o+Q9d)St~~Wr;#H0D!~H#W>L2DDWB<%3Un%Qx{7QIa;>Y_= zSJ&Rt7s&W%QTSPQ>r449uFDVB_tbAOTf5?q^oQ=~jHODP68((Qc^vQWtAAYMFY@n1 zmGAU6|Bl@CJVuj`xGyaYJs#AY`6}E0R%riz!TsF(EPr?(__!sCZ7z#fbivQcvsJwB z-v*biy`eg7u3l;qL+IPMWc@daA7?#2T<~N2;i_uiOr_^#mkhMI5889?Q_qOgkM{NV zm>H*AXSIob;+pkBZ*2~nyC*$8ZTFcXA7-NxcGK5YdP{c2x2;t$ zV%~I-LH%XS{iE@$ryrG+Z{F-a$9qbetUL=e!Q(uc3;K`iPci&J#w#{ROTzcj${3he)OL0$L0MGKj?Rw zXwP<3sXlwzrHrwse|^-uJ-T)~%{$+fNbgQ>UAr_T_wh>hCcCYD%ADN`eZ8Uub?lg8 zE;e8J%K!F+f#+nqpR3CM>4~kV*?HjcwM~}~U4Q49eW!3v+Md&l|Q}_k7yMj}6oRrY!hpT3Pzr?Dyq{x~(6l?BB|_I{Bls z|A#rkX}2Cd465Y(-E1@e)L#EbW&0oV^Zu#$@UDANeB~^*6$zDUG7qKKE8qWleWN#L zg~ zzpoGYQT;$dzvStzS$+|GU*nJLXL=(YB>v0h%|>A1V8-BpJ!bw&Qj7eNp#S zoL^;XXV=NghV2!9IQ8z-^_`2%%NaBhPW_!U@6S4;bm1WT zlG?haJ?;;_cbELwr}Vn;tN~BD&AdOezWis9ta$D!C3Bkf7VowvdeZM@q<-#yc=m{4 zRK@i8y;IhnDSjq+`A2W4jm_TGQzkx6-7?4EbIFiJv)t_iQcygZpeJKm2DnxUnMW zSK03Vh|;++PiD-vJeGZm**`?Mzg3Aj{q zEqr&sLdo4Y&)-QWSKYY%@>hE6Y26bYo2PseeORU1{#MkuKL5DktXr(S8Vb+zs>030 z`Bq;p%1>T4jhXY!Vzupd&p&+c%&~FLxo&2}7En--?O?`vOuONSbiwNf)!BEQ?i?<7 z!E>UvHhc5zknJAaoosbmPpYjvxq6)7mwp2@!t z{`{Mz|2E`U%~Si{^mE;PY&E;3Zaw|wxG3iAoZQyFdgl1K@v?t>zFU3$7;ba!Kf{^p zcjwuEg6h|mzTd1K zyM+|=+N~*X`xBwNrDJW+4eQFYRoCD6Kb*L-#(VOScdgSbyET7t{rvvsx?I#z0UJKU z_@KHI;`JXoE2>_(ZA#lYiT|$o&h;Bt2N|}tiz}!1)?{3H_A&m*+S**kX(4+iZ0g&= za(!jp!TTKb4|P8FL`_?t<+^uCT{fF+C8#T;%ioe$WBV~V;L0EO#Ep6P{AXTYSCsuq z|EBC7;RO|W(KGWEw(m;Z>b*lUX4V?5)>!EaU8hQ3n)Rp8cfXXzwfW`8O~)377=00a zENB0t_MvX_x3=bh>p6-7vm>syT`<>p88`dU{7yTL%UiPN-qYC<>EfOs)KnaA_9ywr z+eP<(EIS@_x%5Pw$J&;nDRo7*+2_u_2wraTpd=+ED|FSBx$A26Q$KuuxTWyji$f z;u-hjFJI_eT(Ew|KgGJM=JmpF?Kdu%#%-EVvrM@B**@JLJ6F|Rx%lJJGk(4w&3{EK zKb+{LPgYs*_-D{pdFThrxdauIxWyKTLWG77qjjdZIJxwrbowh{L1(DZB<*hPVfHX zFSliR?P<>^yT0&n9*y6#ciX+qM+-KS5pQMLAJ%7?Y`E^A#v;X9I+n%rZ5pcY+V%xg~s|Bwu{n%m<@ycIz`6-Ldh(plVOw&Iu3ZlG^*<85PSw6(zsvar>lbf1-!Pwd%L*axTFrfqJ?~%t z3i(_k{G+sBck0EH{}~#uUpUR(Ii+Od$8JGS&li;0a-Ze;sEc-zKfDjWI+>afYqg|k+k^IbQ@1DQ zvMyb9`?iaq_@cf$vu0V=@6TFuE#jyC!^MZ++cEvu?j~=zQvGybUS-^QEip*^pyL&Nh; z%->aEK2P8Ou}oH-GWmR#3Y-PTd0r5pcv;r^c6uf#5RESIi1;cD*o@9f9vhkktZ{9|=-(&AIQTrBK^W8}NG zJl}Fjx&OCbTFU&HQ!9=ZTZyhuzP>P==l}IeO-Mr>iSyW1zY?hhe9r{78UBlN(Rb2R(5#u}GVza2Y_J{Ym4;H7Y{cdj-(zCvL zthgtqQq(eCt>W192Z~GLeGAj~3v3USwOpU@qcHo?`VOna4{!JOo_*xlv&1V#X>!k; z647HB^GvMR78c9wDw?UD7Q0EWh_7Ppe3n1nAFm(o?%w=i)8Cvt(~1`3JuCO;TRtdT z?=-n(`kunGA)B9?)dYVqKD?jLCUxcQKaN)(-_K_#%vFL6-!@QiB_Ul~snzwWzQ^!})oc!$a6 zhi{#vJLNo@Cd9W)kl)+y^=xg}yNee}9$fl9bMm8jri@!={kh93GI>6{3cHu$`cv!l zLAm>Xt3Lhy&(Ib%{ae@4I~$H|_7M>N`abUIgLtWoD8B8>GViH1+RU{p3p!evYWekb z%<{fP8$afEACc0U(q+9^rP@8fl4-|v>)mdz%r1Q7?~>=cf3Qxs?NsEY43ATL5*q$9 z_;k&7{4l5JF2B}|h8xG8u8;q_q$YV$P3VO$yi&Pb)|_87=K8FdVce6z{PM)v{6CC8 z!o`o+w+mOS_RWy0$P>Ecvg7xPHHG_M8EJd$Rx;gq=!f~k=dB+LW<5RF7t*lD!#(Vc zcGt({%{j}8RxIRuCs{A`?Y{I6<|9=h;r|(K>5ELxwBOP9j^)sq#Y-!9MXIeXl-+xh z=j`{NFC)EtH}B{6^wWE8{Gh)@DsOROVezUgwfhNw@AO`{F1)5f?YZYi~%h%HI5CKg&xgk!$h(*tUg_>IHtNAL>nC9+S6q=dFKn7AoNjId@gd^i9di zb6j=f_2nNOv9G_k+&fcqGKF2uscQ1q^-h;-1Rw0IQP*3(*5h84la$dC0e{oOKjfbN zaV@cNTzju}4$GOK(}ESB>{~Zpkox-Cm-(>0sL6`!hi2VfHg%<=Rpa8jDSy`_Pg=vz zFmL7>t;=)$mb+@M3J=?Ppmy=WO-h2xPpf3N98&x_XAWcRvZ<+$Uuz%C%zs#MNxS0X zlP8s3R-bP#Ew!58zVJegktuKR!|r{MKk(#I)fYgRNo2dB)P!`oCR+e3w+}le_!2Wa%K6nUOxR2B0X(Q|JyksOHcC(K9UF>8vR`x_IG&|y&J^Q5 zJ#~t)-{W}D*8gzXTF-g*0Y66#-_GuUd3R3Qtu{8v%vZF3EwQd%>%{B_tk?Ut z+(`cLpP`i{=+*(T@NF|DDwo$xj@9RMn`<)Z>ZHw5S67+c>v&n?`H-Lahj!rhNtYjm zOri%4z-C+G*wtbL6tMADbVN{=Uih$Mi!Vm#kHcoV$rhpzxsF4f|fF zL+&@XC$7o4^E29FZoK=o_4*I4n??se@v}LdvCM+S-11jg%P!ehj=76tUwg5gz39qZ zu*xrc?$!LSXN?`EN&kMf!zEF6a@)D9GK^nVg&V#qdL?-8UUsgOiPnl!b&1iJm!1~< z9d5qzEB~Qh=7UlyRx#qcF4>3&Y|hd;oPB!-yS#a!=b9f@`C@+p`>sFy&u~Oq|BbAX zq1x8k%97QcovO+4?+f_+y*{j7FHymE=&=9B?tp!JCmGNFmfhRfpRi-ie$lw-AAQea zg%3*UK5|#;OzX{)n8a4(DX}78!IGbki?zB1_o!U_`fT&cKg?FSkF)H>Otz-o-g)HJ zA)5k+n9nh#&)+J3uz#p}c8^v0k?2~#n~N;}oxQy0q?BLTLWYm=W*PJO*ViPjKKRge z|F(_24-ZZ%RnPoxxAj7Fjr0fq#;rR_Wc?oauX1{I$vfp?)AI=huKALQ$^IUTXC4>S zd~J5#{c=s=@7O;T*YE!m$mNrjcdq>ATe?!AVU5b)KXM+&6L_Pq)-hy7$z1!kU$D+7 zIx9YF%9^rYNe?&QSKje`9n<}wzYD(B3&sAZK5TXN=_xn!>W++#Jbd%cS;u@ydG&#GE$@>*&} zv)5(aPH%}c-$`e7Dp%Tlz4s&hVcA3je|6uG7IPzW>+@@~e$@Rwa9={FZS$h+iFXgG z7)t6+bEs*sJixrrZtL~N+-0|Q0^PR?Fsx`^zhI4KLhZ7(FN%{sOI?ha>wotC4~y($ z-{whtU_Y$i_Dh>}=gw>I)-CA`{}-{u+VMZbzWq~cSby7ABs~uM*dwQSEqB(no9e8~ zXFOD~e8BV7^gH_>@l)q?{U3)P&REytaoA;N#-HOaKX0o)v`_s<^`m%!8kZjnAD(aD z7%93bHcF-In(DEyyr<=Z<671`^-epsv#NN>?K^*U{?4`0|Mv4Och9jXgW}7g-)h97 z@>@%SY;+eLQj2gu-;?rqrRh`q&FTk#bL;Zm4%pTFBw)Wb-{b!bSL3diC$k>W&sm(c z>oL=ws~wZ~_SK|%xUK5^JpWj|z^h$zriYv7#U;&nyx>@c=tDcni(j+n3)QZR&J<`r z%~Sep@AJpJTk6EFEtfjFG2-9}-3wh0P3k2p(q0GMU$*Mq%f{x(aW1RR2~EBDOD(=- zamS%Ufj3^)SXZ5!c=OC`5e=TgXz}mY!aDym2tDC!{A@LEtGoM$_`cHH@o#OF4}bEO zw6CpTTXXz@zx0{2y5~BT+~tEF_go8^>v{aH^J<%YqNS5|Y2S``bx(0;WKxk&x`Mg? zv6+v#&pL;7zqy|lT5&<`gVpu;hwm9`+?%f4y`51orS$l(dy7`SlIPi{`1HAz)|?`y z?e?d(c&#e)c=YQVTj;DQ7f;q$UOqN={Xx4W`%(f=NM88QAaLI6TYpEL(ueCUIcwLg z{qj|F#mQY77wsZbk8>4X+H>ph!{^@oDWSCf14}coOYp*Z^fhNO!?+1 zGClLOFYi%)_~Va#PVSP<>lw%HT>i?d_4t?_@0Pt6^WEkat(Y9`bCF57ucb3Y>=(;v=`)_(0B$hC;~+N&xiE3RwPPFa?$T=Tu-VMgEM8~kzE%Hbc5 z?R-?2Uif#d?3RrAM(XExd{g+&{_DEc=~p(=+gFMdn#~HjsQlFbR{ukpI>qf*OJ8Sa z^0t0k!ZKa8fO+Db`lvs@e#~8VqayqfbI0A3XzR1^|tl-dnEPN zKD!y?FSC;S7(<*@*AMY;+kfQDa_?CB(R7t^^s6kNM*B9$dD+WZJp=l_+rBE@yZUnS zMf>D@(U(RQ#z*IK|M9mv$@|5-dg0>w)0*r-oZm#vcI)=;F*ucba^Ah?&nEP7{gV0+ z-!f10s*UY8U#CZ5zkL_~%sY8;(c8G!rE4R8EO(r^NSpg4-_!Fxzpi}^`MKpr(NgiU zfFC;-9L)IiY8IQ#&V~G2iZ^b&v}e_~tESp4Q%>=oNqK*~>brl-KdC)G_UD&A*q!OH zJGv4iZ|I8I@-%nHi+4gwe&lP(zQ&+vtUzRn|AXy-G4ZFJN)8q8?vb8hblw}qCOnLjzbG_=1 zjSIXV#%A^yv*!MoIHOe3V%@F4pfJm)YW<#n7yT2_KN8<|$#e0Hsc#j2hb}o~m#KXG z?)gi5^uJ~QSn|ugYwefc)uqxYW}8>@h{Zgf^_{;lUi!;_2B8ekhjZ)hx=eebmTDmv z?o)levnKgN;}8CiCrcmZ?7wL~xqC)RYem3u)3p{`?syb^_s{?6*1i1htDu(`Z$GYJ z|GauW|C%LRKDt;%TkR>FJKua6ubFSz^&|86F8?WCdW_48b+T;Xt+@-lnvX`gt>oG1 znW7Y6Enl@|&6z7(EaID*F8p!-c>my8pBdp{(;{_3k1SohGTbn(qQkuU2s zu0Pl`Pr`NU!TC?QUKLKN=la~=f9(08IJ^H0EzjLMAMD(4rRL=_|Hp9^rqz$P^)C8% z;XZTHkLeF?l*LCTJq~E&lRY4Bnl&jUe&;(gvtOlOC!G{qzdTFOsK>}>$)>-?vyOkX zKlGo0^HpH&qQfEHndK?RB64lB5ARQ_ZwoiWEbuIS5s$bz7y+7=C z`U}lC7g&oZ0=uLw#%7wrjbk7ye#)TxsWD=L6rTg(oSt z=OlETmv1f2{SbUqs^W7=z3|!_aRn+Tk3S4~+#P>u=FvYJwG|KN*<5$(?Tg-aF5_0k zqFc9oxtyyII7|0(@oe>gYqtG;-+z1fxiZpWJ}>t1c|eZi{tX4srz+^LoKYnFTR z#A|gbHBKK6>aYJ%bU$)qKZ~`3N`Fk>RI|?CPXEq#8l8M(-*!7s&(ZVZ!n+c|2iMKI z?ep)P%I#ZgE_&=vX^V5__d4-W{*Zp#KfTUpll>=q?X2r*E)xE$dF*_l*(s~-Z+`!_ zuSwogoBiPG8qGd;VR#PuH_lbp8?h*0QR-T_lvHIcO@Wazn8B^ltitcWVw8|Cbyz_Bx{6qf(ww`kD{xcj3 zUekZjpzL*IaNX(qtX~C$56?5Zy5(6;LBNLfOW*8I-`_ekI5tH}nopOTx)ZqFXhaa_0 zp1SE{+~f+0n)Wly_A%El+NpksKkCnMQ(8Cr(6{Q;gw;mdVQkQS_>}7i2Zhccc)%ze!fX2 z%ghfV_qpv9S6A-pZ_>NunrE(__towBfq6=oQzn&OH0AhUbT862`-^el$LFo4Noy+~ z?6`T-lGR~N=U02iJNh?Me&h=?-I?TRXMOU2KH z*FUj}T>Ln9dy}1c%%Pkue~V)R+%B9sR~-H&|K{RvO&>$%MZcE1U9l7yDmG!LlhHhKzOBCg>E$k&w|^I!c(C7dc{1zd-XE(b7~gtfmg-!yaQ0p=-)W09 zKh(AqRc=8;Xy6oxS`gko90@>CBFR-5acD9p3+A^-9}2)9wjf ziu9Vh(qyrP-IgnnVYX6-4?VdtH~6U3(!IT_%+Flj!7lH&^~{ge-==*KZ&BWHVV_u( z*~0oB$v=Ae_b1AnVz$$gd|^>529e=bQq zZ=!MYmBpf~OTYKk1U!$r`Yhwjeq&{sWRvN3l9!*`)vfqfGUEWlbM{#`E^oOnl09+e z*X+`*K}M_iELLpQ-13*nta656|Lj?p^bSqBaH#KKqO+8flEh=#qbl(?C+MA2QQg?2 zHEr#qA9}}LM|2!_j@)*={QIXCE}p*odREu2U+6e0b-ils-VG5CdY*h>cvW@vKLh8F z!1qg~wk_QmA}6{!-r+;)viUi)mTfb7W9OQ9`Q8?_ebKGIb$5ma9!!;yI(t(5MB1zE zk(1wuE&lF(wc&NZ%nR!$Co=@Far14>UAt)ioTE&0SAXwVJuOPc?|yohk;T)!*@m}H z922)svz&Ni;(?g2rk5+cA8yys*GM{M8xSuby08{;egtdf;GZQX8GAOB}~RbRoX zr#wckd-w9FhkE-IPRmYq78X`6IJU|3yrlml?)w`e^KS87;k-ZVbq(hOSu>64f!7v% zR?$6@JnQYI7N75iHL?rt|7glIwSGBMiFd*}!&$ErE+#uE`Yx<3jK2O$bnetu_ha3* zUC@x|-npi2m-kK2tu-#opIW?*h}{-CvFui@@!<=#E2VXsRr}W#%~Sg*a!-9n_1XCF zzlZ)atmgT;bnWRp&OZ~opEAgCiny7xtBT~k`lr6R zjX6Kj{>%=EHIjNPlT6QSl9@Nv>yjncw4SFOPoy@oZY-QsWPJJB*4Bx$S3I$tRqOqo z=Xj?4+_;N5I)7|z9_Byyxp$T8_L`j4k_izX9M*gP$o)_q@=;~ut8j&*`5Zh)uS>7G z>oURBEa!*tApzH=$5+29Y*slS($hC{ZS)RZoo5+qKb*hY@IuQs?2)zgiVKTQp(g?X3^>J|&dpgtbjxVz;91Y=+YWgP5z)8uQXVUA8z^ z@iw}QC2}%rqrRrZS7zmv&0c5bQd{hzX(_6;vB&T5 z5upm}hifOr|2Q8WGS6{m&XlJozRRvYR;TpuqSV^g{!4z;oj=igQt*w<+qbhG)HtrM z=nnrVGEd=S*@o}aFKw%O8c@aPyR*-H%AHRVjR)UGADfd@bZXb6GR=iMD&qsLM9fsN zp4)ly7gy%zrD>G`6Yjq{X2rELKhdOrSAZAa{I%IHW*KFPJDfRW68I-{_1vjFc{igE zTCr|5#^QBC#=1`PsHc##<|rtY=O4zjW`B z@5YbKpVKx@TXvya^|9u93$a*6|1d$XSb&% z8U9(d@5Gucn?lDW%8z;OmVIAsW#S}KebY!Z_^JA}m8ag8YDGC6Xs|rKHty5h$KDZ} z93*neR|pGnTo0JKF7+I{<<})wqtB}6*}XXGcYDnufmI2~^NT~?F4((ocS67eKI2Ps zw}^zb)m&R|SkZC*y#?AqfcEwXw!E;w7lVAI8T64=Ne_it7jX6RU-&b|#>B+dWEVg_;t3PC>+?(6l zH7lww=cowY=@hBG=NnX}s$LxJ-4?lgvTti$x=;F@u#^vXqGL{Gm&{I)uc)hk{&DSn z{+ORtt6~}0&lvB19c3?=o1;GUE63xIDJ$$X9$eYkKjpzQUe3v?AP=9-n+dPftE@I_XIelf}p&OTgtJd|uaM)C3?FO4z2z>#g+jbGrYCEcvwULB&D@r~J<~6wt|a2dzV{Z2%J~+5 zvc2xz&?|dT80qtRG1LB=8(Ns^rfNltI&s(Y+mx=nC|WKfBY$m9_l{}0x0fa-FQ2|p zL~OsN>ZZbLYoj90{JdfHWo3@eyd*(3Z@Ig#mtU$eQz$GfY*@8ZX>wB5iBp>{)O06& z=V45ox3}t2d*9Uv=RCFwUjM6kbMC&~uFO5bFfe*rf=lyu=a3}jqcVjvck0x>;#BFo z%d@%sLGs>+iC%8$6B@ctoUb}?T~3v7|RS&H3S7+oUEkq_6X52jH&3I|&v#qARlhi!KqLI%`JezPyF7-&8Ce3-m*{bImvk*;EwBjs4I2b z^U}1U{nqOW?iR{1gZx$ywJo$KQ=PKijX>S&0GS+Tg zx#Z<_tJYW1j)F;Nj2my8I-SseajJJ0EUj1mo=DY`0*UeetZ|!({|K0sU4!*)`8`qULT{d`oZ|lCJ#d={I@1mEAsSTepaN!OPpTqF;ABX5v^P5qKdqWC!cXQ1y&e`&w1+T->H}JfmCT zyXnHbl|sDdo39jJ+Vpnmj7d)t3#_i3Eb4jS@$)%D+LYLCk4xKcz299{P#y07aK)^L zM?ChVByHRx%U8YPT0l$cPKmd%^LkTerAa2AmYXV6CC*Yh%e2Wk$GCyvxoP`j-<$(& zx2`!986MAy%|EKSJYq)6d~3d@ofi4;w&pq)AB)L*8S^rGMRfG+I&tsL3nvRNwl6J> za+}YzT7dI>RP$k}M8n>XZ<%FRuf1eqy2CET^G=Fj#MP-2*IIm5vgLNn{wXHf@m7WB z`idXHhue;wi9WR7%y8EE4}G2a96SMeUraBaex$2^C{TL$Nzoa#Hx54AkzDrfT+7-; zrfavbZrCC&K7*xaQnt|V$Zh6q(&G0RpEIqD{c-q6yuc%Y+qbr^VR-0XCVKgY{lhKK z4Dua9&YwAZ+|Q0Sb05|hTD^xk9!*M-u;IF}bK*Sr%Az9$ z7Qe1|r$4*hR&n6j=E+yCsj=-X)XvD2n*90ek{|wyqi@7{uYYwZw@LI|M5$?dbjuy@ zC(aG4EZ5~9jnk{Pwg1g@v?1ot)9TNGvc7M2^3E6iG4FEt{;6;MPtKnb#(LW^Ia&Aa z!Jqw(Atk4GJZAHpU0#Kf{`1rXi}b{Kg-@EiGP|RaBXGP<-x= z_c3RuZ7s_Cch;o&G&4*8+R}fT8@6q4@?NpzOpk5V^?4n6DHFSzuPbo9?aAxcT54^4 z#m015#JyXbZt-DNzPUg zI-9y;S#%}4@-pL?caxV@TD9cnEm$#m`L^tf%e60Cl!p3Oe{h_W@!{v$`FHtjS1)P{ z>fSMb!Mf@LYqrm_Vkq3|S`rtMYBuql;j9O%cfP*(gEQzm_x7^NwYEx;DvDEz4CgOR zTJ%PR`M6`$EbFt<2JDhD)mILmxxDaVbQbe(yVCi5YYdiuTvPdQtIg@`ruyB%zDBnr zXM`T}IJxHeKE=-S7GHl|d+j2#Y+q|;+I6jO?*f~7Qo^_Va6Y;@@<-y9^3u|Y1;_Rn zdt8w|8s>Z{F6DL2os!6 z+&n6!Fh!L2Y`}EC29L-j_7BU?WGs18c*z~Wl6(D)c3z${$0X(Rz4_U>8h!_BU&n`TxpB0-h&}80 z&dIis-F`jEuOPC1|5HFJ+n|Nrf1%qZ|imcGqfxUXAO$8 zzH+Tjx%Q#Wxn>!ui$R+Vzg^7vCTo54P0yy-GoC?wwb|=0*p#zfe7cSQ+8$-^k76H~ zJv?M9*R^|mG&{V_vR_@$F=51z3wY} zU*BmTb-DSdlf||*3*L#ENxQF$ugSle~~_`TQ5IEW9vVrGLqm`rG!0ZcUq$vnP7dyE_J6Yb*1Q$P52aKeB7f ztp4_e25aUD%SU}q+0}XBoig)QU)C#f4;q8lo{`nK_w=lr$zhS2zN@`D8asmyBrjaO z`RrbvcjAOACOoo*}an{n{*t#vQIE4FdU$So*cni3M)%b}Ri zGVQGOn>P%}YV1|f&d(T|XHC)iw4^6!TkGnL$_eeV?pa%fcw4{MYB6pMUvM|b?FECR zy3)iY-i1~<#|*N93pWaK@%+&^|7ou~Ry_1*Fn zS;AT~?s@V(;;(vGBmSZ8^KU0z@34=ytBA%{CFUQ-?eG<6#2%9SN zhLKQdBr?S3(*^XnwIJiqE$N1I*rk58X}X!quav6@fQ z|6S_}&zanOw&0%D$JlGLSN~^7eeq58kca3T-QtUftv+qC{yR1iURNh!`dbOhXvFp6mD{f_0rD#t& zWv=w`XvyEe%kC_nHLvXLiL6gP?Q11)Yt2QMGYxMUgk$`V^xxcn_!jG`7}sK%Cb#20 z3D@&KCO=MFn!nyRk@w(F3H_+g{~08I-1~gQ$|r1X(M|pxbFVhHOk3FgZBlv8=XilX zikEViCiEG<$(H$})5usc=X!z9WW#$${$@U6VprO^cWcPqneUtopI-U={e#)+%!!$X z5-+<7E}KSICv6XFbCcy1eIa;b%h_!jpZvFGW&UHlYHE|SNku+uN7#z*MzfdgnkT!` zaW&7glMQFnTKAl;oM7<$(!LEJ{xiHeTf8P>_U-=+dM38B*A~ZF{V;vFo_l)hliu@1 z49nj>N%$Dxcj8C?wR|G#idq!ZVP|QMC`*Zs^t}mY+d}Ya;Nk{fEu3vBeV97k| z4}a%({AYN`bu+e#+03vFXS1BiE{I)OBqR`qiGTWpnhsx>9TX!s9)w z-zqKIH9x2Rp!VY}A9VJAm>D10+!>&mc%9w!>-}T?eUmDhk0gg&?&#dsdc#)xm>qwO z@XinV4Qsx++R7=Bp2Q-&Ho_k2-F&+FP(If8+J`=H=Yd&yPl}TUn4d z>&3gg9j0~Xk4WwD+_6#l-j3as?{h2|`m6+_cCmNr<*ENR`Jqs*wDX~#@P$jEbHdv9 z)G&USH~aBN?H|*=91{7nJA7?foyrf*MK^c;JGm!a?sd%dH%IxFuZ`=@)w^)QJz(*y zZ~Fy~u7B}O=xp)Q1|`X-mFx9oTUyk2p86~`=bK&iNBg$o;DX^=5zid)5l$ zBfqZSs>!a~aI;m#Sg^@G>)Aflx!FgLMgM2m{L^4P!{gU6p?j})EZ8np+qbbL{$cpq z4>L@IX12zhE6h_b{um#3A!kou>5_`HJEm)bM0+O|PvDO_^5J{SSAEeny@|_rvq3m+`A)T{saGK!6BmwWUp_qx56x7#`t@}Ajy>By zJD&P8Q-(kOKSONIXQ zo*Q>Bdv0&X^@Yc;i(d3MZc#qT7Rn_d>3(%(p+SD*SgKo>k$qp2=U! zcQOS%_qJ{+yt4coN6*ULH|NjYHT`&hm&dtzau=U(WnMnz2v03*Y5iu_6AN|7NIBXg;#>cExIeHLoI*?l;x0zG5TzTjP(^53lQTDj)8) z-F$n!#Aw=+uuI2OUAGGT-M^`9-?Osi5A|hh)PF=TsVGwKdU@%C$HrqjwEkwF-)CHR zDqeJ-4R^i3>DAFU&u-Th7T~wrI{CNDzpL^BI_k0ZPP+rPl}mIvG%L1Mo~_*4{xHt)GVv@e}v5+n_QTfx%SqHTAOoQFJ;7U zu9?sDPvUj>e+B{7j#qLHeOK6CRGwT{e;uQKeElu&ZRb<2ui;7)FM4$yKKE(rnOfVt_xgFNoAzJEy1a@{2!@w&?$7NZT)Mby}yqMJIFr`n>E- z?P_9SxpO1dgkO8Pp_xD=5$MPJBV6)HX0>wSkni6)m2Zrju z{gNB->}i1Dg)8A!J=3@IrEbf8Jnh7vAu#8nsQ_ zup{c_(x~95IbT1$3iMr8b$0y$d8znYs)t^letJ?O^>lG_5KZlUVEwe+imTZu&{lWn+;VGlbJ-57#>gVx%RxLlwT%u|K{r*@<%?)ItQ9f za%;P5;PKS3ctM{IBR^%Qm&RfnrF@sx+%t2xS|7~MEl_^Aq&{d97a+`jqZH6oAgGw0MM zD6M)GFSCbvS(InF&2=4R$wLP!|7IU@Kic0Jr@z7KUGs-+U*8%|wsP=#{9(16jK5gL zZ}+BW*BvK{J$rpp^}2L~oa6F%<6|n1u02{lH9_aj(v3I%g#389{MD@zv8dS1$3+%b zb+SoZ@5>H5_C4_5t>2c}t@0|px7U`>m#Y)6ICTE7SXIYnk0qDe&YS7~%zQcd{?fvE z@*mb8(~b82o!j2Je0OU|UdH0PT_3U%4NcRY%nq`BvtM$0qQ>p17IXY>)Pyg{3d**U zol{qsRL*$b@@&a`mi(`K`2#2Y`*gwSKZDt0h1a{+Mo)V6@8-PQaTlI#naIaKQ&8r! zPkYc-=TBZ7rsuVGE){w3)wauD>6rD>w6ba6;^Zrz?%I8o{k`#2cBP%?#r|0QNPZN{ z_1a@^*z|L?r_Vcww&<5~pUqqTR8l2;K@Har*~&*><3(SW^GuUVe|O#Hbo2R#F<&&& zB5vK8=yqfNo1FbTuPt*ge6Y3uRsp&rOe%Ul?@PB}<<#vfzOTD}pnh}h{-e4{=e<9Q zPPuR(h0SSIS>yFz;n<`E2BV#r(?M*2z+rlgj+&WPHu6%NI+!b*25TmYDQ`H`(&Nj79p8lqH}-8e3I^$tO@+!J7e>{ zZM(N`>iPG!QPH4Qd+Cqv-wvwZo3?oCsvqII%pLz_;)y*ge1gF>?~5<)e^~97eE4L88{^r+ zdnVVv?3ehl*!yaY+q~SlJ+1SE@A_rSAN>}#kN?8kt-3{5j!bWV!e{uSYwfCv=7WJh z!frj2b+J9|CwkrD*1TnVW?7b`zIT;dw3;Jh+Ve?2J|8SN`|*`+@ZoFca%68_c)Z}e z=okN{XR)Dc7hiquukXJpSYpEG3B`^68!qnSJ1lVBVy?P->-b^Z8F#TXvF7}v%Y)onCyKuCsuFaqenN}%=zDQt<|~UvwNB+ zPx9ZG2Q?SX7k(8@KQ6yr|G<8!A5FY|@m#U)Hp)4ZBz8`ylFxc$BmFqO>7VJg9Upc3 zrd>E_;#|XXQS~>ASMTAQLjR|FOt!zSp~d>RIxSDwZDIG*LIA?>Z(Q=J#5hxV+cvpQWOj#*!(zkNDc}Z79*G376ZM zEw)rJVov|w>yqmi+sV}^e7N4ZxW`rFV8A(tmq8zZ@2)QN7bv@YB_K)4#>{ z|MQ(S)5knZ(Qbj%ug}Nrw5JDO+oJ#G^tDFCfKSo=kA7Cwl|~<}-z?s=M|bz}TRKI1 z@6P<3cDK*rmAmMvS8~eRKZ^HlSsTpFV>oxx+s6t|(smeD*rb}jd8N(D<0mdHS5abW zypn0YNqxlKEBeBz4FKYWk0eXvLDLsUMue(`0Q=tC!_eX`W1h(tsj|p z+Gsw|=kl*#7`JBE6xTS7{d=#>`dBaYC;vz1$GUIYym@z9Tk`m)h;vAkuXop6$nh{; zGOzH_^045RX`Lmu>knP1mMlnx#6Saq7?#P?P5B41BTKKQ-hhS|$`LQ2fL!%rt^#x0pyk>jSA^s};L zf4*_=hkFwr_lEnnz5Dc_Z6afWwbV6#&L6%0XDh0zuCt~;zTa78HeGbfFX#6RItl!H zWA1m_XPy_VNcvUHn{;*IG{(=1djz8{96YtHyZFvZ&QrcCwdGc>`5_;6bvT?WWJ_Bz|N*%;$=z*zUQ%P4oJ1J%9ar1#=72gRkPZ-I#hyVyjE=*L78&A6?u0 zNOGOtm)F};cXuqAE#1a$oBg8bjjRvP&Szf?);6!~Sbl2mP4h$Rn&CC^m*x5Pr=Kl8Y{g=9W9o!e4a<8b#@p6NeEhcffv!iqKS$AtQ=GC!hOvL=zg2#` zT4LY%^cA~~tSRfg_w_~iv4DKH;!7tsPQIuu`=6n2f9iUv8kZ~o8Mf-Zzr@_1IPYq2 z`ftHMP9D7L|EOPbm9W=vKW49WDE?OaBQ=9vXXe`P4cz}$_oI;Ct~2w$Urm&$QT(v! z>EViJYfJLIe=}FKJ(1t`$74s%-v^hzu9><2!K`na{nBP1>pSBgtebYH?!tY6JjSqV zOaC+MTg9=@s^XdXy<11t)ZW`X&&;$=Ez`MenP9SG3D=8zPPLk{_#dlpvha)K@Rq-ewtC+A9{P9cK8D*e z`xY$t&v4!KKLc0A-&y|{S14qy{LfJD{v*6$e^*V=pM6UW|1&g7P2w#-8l*o%@2NuH zn@pR~d&i9)+>t3QiZ8OA_4%9I-)ZaK&koq{9jThX=iTYaze3Mif6M zyT=pb(pUUg`EG8<4BoqiN5eln>&;%9z2aos)H^(7HrHKsLcQ|urU{+ipx3i^(=NNo zAO17E^{=nqm3^P@nNDg9bJz9mZ*B9w$#1#&^5k~eM$_tt`iJK-@w4hgU7I$^xWVA? z(yWa8Ts5l8JHy{pgeL{MXMI)dJ{}U~@#nT^_sPubb3$cj9)3N4tI02cv(M(O*m3S{ z+m3$Gf4A;w#|Bx~3VZx#aG$~Bv3TM7#E<0%*K=i8xorD*OS7P8LEqw8Pj&0l=JVcH z%4=|2btfgL;*8UeC1)1)oQ}zt%9Jav{~c80-}U;fnPqz7sfmqU@9g;NE^VKuy>ZWl znw&Ly&$k!mZCqD$Ls{<7_Wb&^ejfJzH{ThW3_RaPTG_w(@Q>riOu3DV{H6qX>!dqw4-+`-+-#4zi#~}L`KNTd z#{1)wIOWSk9pU!mn4Cs>H>g+gp@X&-F+3>U!OG%c5soUEq6Ornjf@ zWo$rTH22JJR<*(3mR$Yvp1GeZHj`H;aMxs=a-Ss)RRR|46@Fa(X!iS&-%8mNZ5|h! zdW@$X(=HGH@N;gQ1mD}m^RMk#n|9@P%+e)Z=E7~?mW%RbPk(RxQoeD&_}6~!KjQi9 zC)d9GeCXs>-F0sdTUAX}=)Z2d^WlGn&i#B_<(cpOs6JwqbII%TyPhM>+x=>_pP%Q* z+EqG5Yr5;qN5={(eo0-vW~UN&->3e!d6`|w8o zvuUc+OAPYV*>A0?n0(agecQsFALg!|6JUCQ)26Sv>hb-pA(iFs)-8{IM!vYuZm0UA zKk`S$HU0IrYpQx8_Vl{>-GBEvuKh!64d>Dq<+tkAvTkY14(BedGOw&)X|gqrH>=^i zx=$gpV*Wn??i&gbUn^}^q|adJ@cez#R{QSshv&QZXg;dFH9P8+*oRXso@_Op9{(6$ zM_g^%oZ-FM=Gy0n`_`|0wf>QX&XZ4`ikv<*J8d4{TekhfxmB~aZk;xF+4R}dq{CGn z?Q7e5t;YM|TC?vFAGaSqk^9C}K#280^Ssu=OFQj(vVPe&*(vwBoiN#O`{4dF6OBSP z9%R3@qjt&UjRl_5O8Pth*Y*W{{2%JQ?_{V>szUBX3cuhE7Nh4 zIX&;|`+po)Y@}CZ6~8F^^>^XyfVBOWBtNuF{I^l0UX0&#W#O_H?t#DScCU&&+aY1~ zu+rvZ-`AQ+cPG9TH+DZ6r~grJZpDSWcV7MrR<3z&8@0>7ZNA_i)n%Tx_f{@&H$COX z!rQ;gzsUOXKfM~8jaTwinteOP%qPx_-o=;Qv|;zo57RprZn?T3JiLc3cTa-cRxhiJ zsB+i$f_H9K91q*MX`<7y##u_jypt-QZTh47s5kxLnoTda&ARh?`JGcN8&*#+XFjOB zx4bx0N^ScimMdSZ7C-Z}{`^Wee9aCK~v(Lv*7H(hc;eWb0a@(Vr z9Op;%-BNXnAH=_T9mLWzVT#_*ZQ2dNn9Lp%sZ{scW>ZTuQf{ZmX&osyggrvz3+M0 zZ!4AR)0RIAtivTA{Z)GIIq}jB@em81{pWUfzh|#_eAw)|etFu5+Zwl(1snXo`|mBD z@ap1CSF?qy-S-$xIB|E^e}>l5%PUVWwp?}0ICt^%i?^N!PKZ|e_jLxVO3|{t-bZ$w zo1Ob%(`EPl7j)Ob@sb2?~yKDd}|G-%&VY?lpe!_U(}ah+hB5D;C@BaFWqe4YkIzC zxBuF7NytH#EoSJ}vA2)mqy|PJZLGtojCuT31*zfW!?%7^xj~^4){U~>@4G#P8r~Z~z zvtX)Z%+Je)$AeG)XLubxA!FA5Mw2^P6DzKLJo?d2fFUmK4#ZjG)mRwA+ z+t2p>VDCEjk!?S3f2+E8X2Qm;+b5Z1zUNSEus8a1*UvcGYRf9mDEGNsp^I*N{M>f@ zQTP#g<{w8YP9Lq(5Z5oAy7%TbwevE+n6%m!KkmNY6Q^-~eNE{47{`P>sfabXOOJT1 znsGv1eNOn=nw*dS84j+Oh&G+x^|d=0-ZiVs?98&AD%6RQ7h)r)E0b#z+~*7g)d7GDU9?=wB? zk=13w9l5ym2J^FRmETsC-($M6c6odFj;m>rvL~h4ElwWO&i44QZ*$^W-D^9ayY(%c za;NAFe@)riWNU@q+gANNHTIWE^_lLz5`1OuzvjS1U)c@)PeRn6m8oxETE0(s`y~@y z{kNa8vh+(OYBo6j?Bd(QH39*h4~rAxg0 zbzP-I^47C^r(G`UE=+ei7RYf|gS}_ovUT3ee_W5b##8pq_|U}#pF`YR?Hymnycd`A z3+uI8sj8QkI8XWG^3EFJN4w{9ytZnaX+Gh$)UzYWXXKt=+qUjc<%jRb=5fjM{|SE> zk=7MiUtKQ6v*7DFfktd(#E|G=YPLMMVd`C@)yQ_>bzx z{zqyvA99rTi&Y4D|4vxw`gYEP6Vdyg92b3Vr?TP4`Um>$MKAX0Y=}N9_DJA^>6Yq4 z$#W)I$?#lH|E(AMGU{J<;j%k%CO>=ibpPe?q$|&lbIq2zs-KndbTvnjxmjKAe};p_ zb;@TyGJjk2;opRWS!Ye^xtT?Z_-DFIG8U@+RIl~X{)hV4)^*!|NB!WEcvpAT@_L|< zrTBZE&v8rtGq7&nwPDBK{adB8)%kVg~DTzU*h8-CX0Z>-m-` zwQBD5$xMy-le1o8PWapB3-5S7xUzTSo-C`*ZYX|YU$pTv%&_a z%s+gN`~1=TNcZE4Gf~eL<#F?QPhfw*&a~sK{$VTM)q>m~=QK#|>2XUIo0HUkVN=bt zy*yUmCZ%6|{77|q+dmQ2=Phr-Di^c{C+095DZ2Od*)@CVeTrF9&JkIGUN3&~O1T+c zzb^SVoB!>k;|u>zJNC{sRc3{al+OCCty`T%59^;ko8NHk*j#H*dD|IJzA8rf&AvPD z;s^Jb?6-1(rDYekF@Abh^ZomZf0}=iW*@qIbYX_s{EVGCa+Ssh9OtoFU+*_t`6!@Q zM7(EJ)mz(aGwZo^zGdO_zTON{+#-C|A}M@p{=y@lX4d3~Rkye7GmF1>^vSDV){;vV zoPQr+tNpR|_4>|VvRlvJba|!PE}!XqLGFRn&s&cJujxGgcfmZ5Nk-v(Rg-kRz~{V4eYMtq$@_iEFA8t%J%8)5VeZ4zMf{ic)IXYk)S||7 zh3n!M-@5kYpSNBzGfb=agz3SoU;9=k{bxwsy{mrnB%@PR{87)|Cr2EY>C!*D_AXkwVG7esj);%pYjxj8opIToV0P#6g|Htz`P=V2 zJ@iy`rTUpK=_`I5e|&Cfakh<=kD>08iBprWZg6A?iD&(1eUiUP*za0T(B9b+53M_r z8s?!X71$+f4+QJ zx43X|MO&_M(47eK%WGBsxN1U{ZU*(R`B zWhV>YPt%njHXjwgw%zIPyMnHT@}*T5R=$0iksUU5;u|^9{nzZo|2VgYZroj+))$)b zP5u#k|JuZwqRV#+v8qhICW;NmeNzsm}iASjSo&|)-JexRBo~S^!(DvxrR1ER$b?JMZSF(d(%jQ z`PsGaU0Y`6-t*-TEIQ4zW>w1v4)uvKZ#Uo5+4SuT{w?`ALi zvHhUgK63}}JBLL7&IymSn={GpyN=D2o#$r=7D(>=&tTu1Sm9)?n`P_#(DzT8x>MR_ zcln^I>#3HJGDYF(?G^43J1*`C+H}vmU-eK-PubhJzrP)Su-$)j{@{+uo|i6p>MDeN z-rt>e`SPuOl^^A%S1ztNxpvEsvj=zX)YQo_a#v^D*YbD%p4^qL%U|v1ttsHYy|8m} zFX!*hKGyuR>x~qTe2%|qf3)1{U-RleM%UF!XPxzElz1?AU(;@X)_ZX;w{MTqeUrMp ztI%|(`h*3aSPQbcKb$_ksp8e8>-xFI?iCEjPtW6jq%ZWosTjuJruc_bt@yR=7WmlvpxSA9d5FaIO`oY|jl`CRkbuA8qI{Zn!T|dL&sh#E36J@u_>>khNOXt?ilbXlW zl6SAJaNgI>^)()sZrxoMbS}?{4py zyycX;=rQy5KlTaxGdiDlh2_uCRFPjBFxw;gXJl|dOPdW-v&r8%kyVn0 zBW>HF?PV+cWYcbL?hL8>z<6JImZ-^$i?7S(S^uc47o7CymTHiJN}G?=-evdy*zRwf zC0lW1!G}$0wYcK>W09ibVw>uYbBcf-z>Fe#rxzXx7_Z!PxxIw z)s?@s&Md?CX{J%U3GGVlphbJP{QY|P-&Wt` zl$AaCuXOU^xdJPbU+#Qgr+Sj5Y@Xsp)g7r%!vg2jnX-uOI(a3=`+@nyru3{7rtIh1 z^|y+@b?rHHC;lFr`lN_QYxLi;|MqbC&yYF&sA@>r@h>YXiv6-TzsRm<|1mju?vh;} zLK@xeVtNW{SAM(C`}IGA&focmH%2wxar=}k`uXDDh5Kx>1SC>Ft~urTTJWIg{OfqN+5074ZJKE+FBgBNis!Dm{o0sKm%nB(pXS?Ws9L!5srs*Leobx{^V~15 ze^}4-a>4qJe@ZX6yc0%<^^e@8yjpU%!nI zzrU5eZQ<_tH~kzY6Ima|_S;8&*4W}LaWLbNli`8Tl?yM(ET6xb;qO)ErCf7_E`(dX z4gc17b?Z)+D)Y95n?h|J)PG)++x_UgOtyGZbgg6K0ZE&rX~$is)V)l2+Hq2uA$0Za zx59^)P7d4|K6%r^mqCwaU%13~)H;?uexH5TwXJRmZjQ-wu6BFqD5%P`rC8pLsCs^6 zcG;<0Y6ccj$F^SollaKHt=skT90r4w+ecN|%uV{12VE&S?GgEGCfmKjd0Qu^ugWc#|70u99}#>0PpCFAaT{~v1kP`3BXs`B|FPSoxjgfv$&;GT=4yMMAB~qxnO?(b zGwI}R#(?X_YqRI+edJxynKw(~;7OIoU4={4SL^Zbd|{{iu0Veh{hnHr) z+$Q#`DzAgB?DyHoxqR286PF)Om~lYoKSRai*Rf)a58uBvniO4fj)Q5_gGpu`l^dHI zCx?91?=Gq+c_(uK3W z_$oiVH|bTk(3$|Z1%j6?R{0s;Q2Be8ulS+)p{IweBgLm^+_&yyT<iQ;I{CK^f$$gfL;|>?5%tOFo@6%_N9Xc}c)8A}&?+!t6%!%PUo(Z>@biXC^ioSRC`sxch3K z)Cau@zk2^Im!Er5koje_#?Bn?GRI{=GN0ZvCPk( z)91|k+*|*+zVlCbweGaJ1&`E!cgk~#n;x!lxN_fP8~=*C^9}#K5}w3ca(Usp5CJULc$-*nL(pC#R85`JC#{Tko!j4j3uG$U6SV;ZMNHHfgYu;&4)YIzU@r6 ze75DUR2iW_+dkm$lWwRtMxf4fsRfN8EaPcJsX%2|*EjzRdetGXhg| zZalV;+MdjFTH0Gv;=F&LcY2P{o!t)#PprOnE9LTScJ5Et?51Jn+0)z+%bOts<9_Z*s7nJa9KKE%MY%xH9AzA^fY&EaA6W-P08BVr=`~mymE`o-N`OpyShkQ z*ZPo^u|E%oWSgh0d)$d#Ui*sIrsYY2*5uu4hDs1Im=CaRl@gmX}ph|c{1$DfU*;?Gw!==1!jXRbzX$%$8~UGh&xFNi$rF+rni(m1}Zy&#!A&IvR_2 zTb%bgb#>|X4Q|t7rYC;tUthI5DIs#Sb&Gws=^TIZV7}L6w@n@; zDFSbqcO1>gycKiS=*WQwzslFBFTCl+);o9B;k=!X3!ZmP%1G+xFnk+TbW=s_V6x2H z<4T*KHuLY8_(k;8)8cJfCmMI2d&0n1q?!Bn@pO&oZS`|)1Iud`EBv~;n?vkTy`IHS zWs&tsmwhgMxHnUM-tx3J3C}NW`x@Eekrc_!{kbY|`E9eQ$Bhm+ zLG^r@tT)%GTS!QpSex$V;k9|)CF`%Nw?$P=6>yjMZaQ=I{aY$)ndZE;u#d}JJL9|5 zG1bNs=lvF6TH(KP-`t$nIbBk5e?Okpzjd?O;|LEA|8mpmg~r}$k;Z3D7ik$@DOqQ; z*<>@*@s(?CFO%8S!(cpX|2NY~cb9}8E*3xod$g!e%owkzpJ`I*K;4~J(GD-ly$vrOGJL&{K!o^Qf9x)(LMM_ zds@)Os~k7QYt$c3{jf_+AouTmn^Mzy|1Gn=z4DwPd;Hzyw11bjF`ar{_U3b}dz*=c z>xxOv=hv?-4oP(`b6@zQ>e;i9{*%9t6vs_pdh_U#m#;IK8b5swv9V9g&t;!Ak^jS5 zrF&`7mu0T2Y_)p1EcDt|{!N*iPF3bEmsqd8V_xRdS>GNcOnYn}95?ZiSeI+Yk{XRC z{ZS7}Uso*OrNnlKr$BpI(|4a&wmvhxV^?(aqIb-kj zWNY^7xlT`?7|YJy`RAp^E8ZJ9MJL`}Hm{VxuCLsUTem$wm#9cRx8EEW zuCmW_X>!DBr5!VuPwd*6GpAPT>k=0J8Kv*CqGd$`#4Tj4{+T8w%O&>6d_JmX-4pRN zm23Gv2DzyhemEb{U3q8i*~{~F3@ldd5}T=e<+jrk&Gil!6{EEaMKU9IM)KOV_0F4_ znwpjD(SFLpRP^X!M`n)$Dg4uxe=gT7x^ZC5UDs#R6)hzmn@-N1byVcujVwR4ozr=a zGf2JMqyI3P)%Vq$ZAOI=zvS9YzrOPL&rnj7eesX&(p$G~b6oYbcrdH&O;_M<^^0GQ zwAO6cuW{UN>!lahSnaP)?73=d$MGO$oo}Ski34lW6W^XK^1bt>MOQfJbS^}BuOTfaKCJ|jCw%<1N>n>k-^+$Z!?dVvIPmH0*8NzdQwnw#|x^>ea^cEwBRk-1UjJnI|&%_zNnBKk>lR3+7 z!guz>$&%j}={=hICaq%9sq=2zd)?1!KJ8qW_vlTGTe%FA;h$IMcCYnc6*E&p$Xe>u z%-gI*hF30p6G^&c@NP?Z_2R83Vm=;KTbrG`{N=oq{^ma0*IAcB4;oE9zJF;#jmx&3 zn=hvB55KqLr%2hFwJWpA?mXDzyY6t3*KvE5BJGYnS02oIv5oP3%oVG9+r9_w%skKX zWd5<8Gq+|ks>U~7xVCZGq8_bBF|mCMzj~K-tdZAbo)fP8=)BlmP1$9+$0e9;tv>th zyDsj1QT2-Ce};yCYJ0ek){C3khW(2;Gn>KU@&3T*prz-|m3D<+`NDl);`Azy0569x zXML0NQVX@37OY<$_1T{H_4Z;PDbJ$i+bT_8)k#lXw{~Kqd`aoLc0Si+&yZf%l2SX7 zZ3f<(PkuR^v|GM&qThc8{{0s^_$H<|UfUVV^fsY(=_cN?=~3rquY9pO$gNmR`y|>BS zdp94iIz0cu!F};>HFO=4uZI7;_T||_VNtJ7J9|Go_nURvjji^<B?fuI4HJx;EC#(mQ>DtZ(4P&6)BQ zZ?Z!+Zr%RrIM3Z;FRr7d%DX058w6R1Iw()_l=T-)o-_51W~jNQwOiKvqLU>JVUE+z z@z-6wTag^(T^CU*u}#EEABUW z%4|znr;JU18n~<=e9eRY z30tr3yZr9n{h$q#l;`mD?fcqY_-UHf%`YtBxBglE(0nkz!%W40`I2&pN3Ig4pQj($ z-%zLcA#B0Z#Lu}WPg$*xdbu!qvBf-1i&vF_lR}(sZ>Vp-a4Gt}mCz@T;(4su_cA`M zOr0dVq(mhw@bWf8{@XTH*NY0XoiwlPzHssK*Rb$Uk8RS|Wykwpy`?I@$L{C4D2+?X zJ1ZV{ZI}JeFl}FyVRBzqs>pe_UbpSmv+V_rizLqNi^E>c_|JGW+ZL(hGHfHP#R+n8ru760S}3D;Ip(wLfunQq1(H z?UJHBi<6`Bo(IdEDctdA=d+1k?-bqYw$5Z*68~Os{-w1CEBEe@W!1Q|Y^zSk4YLCd z&-7dGK6ajom)7KXR^}Pp<#-*UofQ)CB>cfAehbmGvoW%(`2DVG zY&)P6l2ANr-o2X!lAg!e*_LMMo(?n8uy&W*vGV(qJodh;JcSQx=Kj7iQH-bNxOCyA z$*Gf$aq~PjHFCQbap=p6B*od^Qy6cpy*WMg(-UR6E!~|0TXXjcd%3L96Rp1&`>e08yPsXB zKi&6JuIWjknEExKEu;DUYxCYNsrVF7%`-86{+i_I%`Zc;Jgv8Wm*afg&-`QYL${r3 z^B-An7MXuH{YmLc8_tKm*~iNl-S;@NUb&Us_T-Wu{U7Qd=XaTEn&y^$^FBG_$!;^x zHM#u$KQ4cGXRqylN!`b+T*LI`<>L>Zd!37#lg}Myyvz2n%ijt6)U}!}9^3!z!~Vxn z7weA8*-lBTd?X)v{Kxg~TYu_)+|N~?Sa;paf@NFw)jIa*nt&f$RQK-sXmV|%y6>CH zHL6~77Co7Jc5c*_MYpF;U%0dUw^jY2T_3K3R+cJH3hn6#lrB7PH}#R&;iL29s@GrwQ&aTQd`1iJK1!qtAjvwrg%-@`Skl!-x zR`0c`BDe089WUTM_sOx~-QCHMb)HWM)} z{8za?sc^6MW{aTb7jAug-t{G4DE|D4gAJc76WAX|h%r^q_-<(NHm-Yp-O>A^UqpEK zNp|ZqN^MyD!|-FY^NibfDuP}fn&;)>v5vLlu<5DNgP~2kBp>>-+@AAXoEf8-ly?J?m$ zgLK0DLwoukvHuY@KP<;`fB6q~U+ww?AARkgoEK*yAlotyHjfVv`k)ftM}^{rP91XmJ5rP7kO}q-m^cp zd&b&ZmiZyM9krL^HG}o%q}{e&Jo8-EnYyhX?jH^_d;e{P;1cEqf3mxFeAqTQP4215 zC5Cfmv%cBiJpAB$_kV_r*RNN2Yh77Uhtwdx8~vw z(F4q;Q$w{T?O9yRRXLAqapAP~=8FFeN2keYZr-{1L+$J>oO5#hwmzKIJ8l2stlaWy znG47F&ppuh^%sBfZ^IY+gs(ij_{Vtpn&wkHo<8Z@Ne@U z%k(+cx4&JlS9elmlW0%P(ze1FvHt%IEXV#X+_E;X)R*CB@lmxOu}=dS*_BtW^%t!_ zX!M^U%f2&e`5%>g<{x>tOwU*#@ZE9dftPQiKd)Lp^Vl_$xjC|CQ&LMpe&~N(9`fV* z$99K}P1fBR@AR)3b8Tc;SNu9Y<=K*{YyMyyy6MCBBiY)wU+?&{ z;^For51A+Pv@fjnYps!eyz^O7a_r;eH))9EKfzHsea zzh=vmK9BD%HznT2Pny5!{#)(b58scK?-xkx+32Rq{N?uK__P{@{|rq{S@Xrzx;;MB zb!Vj4iD%gSn>sgVTir?DGV`OCOXYRHx?f!-De!F8@@KE(Z7NQGJ9oWK=FWeHqjB3- zDd%`f$o$oo`uvZp_(60@^olPt4&?Rtv+a4m$}3uC%cogi#dlr&YJSu8NUD5K*V@d7 zGjd~Rnf^Ymwy*eteg4LeoO1SjccO1UNN&)2`FB}OG}Gpjk5p}{LabyqZFYAlk_kz; zJ-(U;AOjk?qKIcvPv-M;&uA@jJ_BHoWH{^@)D^#8}j{^8L1!*Ut| z6XOCUt0m(%-Ptpsp_dZ9&)+CI?#m+vqh{?AaGf-l}(p-9Cy;GkC@D&U!oF+}AhvG0flaBR={gkGa+{ zS^Foc-)*k5udZR-f1xI}baB?Nu2_y6tW!fizdu{0-}*;v9{&&9)fvCSXFhvXq~qqm z$ual!g@vI`db%<n1a4|#0q^^5K;kDIVc{nVNtXUo6uWBxEe@-P1zd3W9Qt zFaJ|A{ky$&pY#u_pGlwIea(3HkbCZp&*IJR|C!GJ9bU0b*84HbF9EIp3~9F|I>$)R_;_6fG_Ch{%rht1s{ zdtc+$_EXJx5@%k1w7{O@>(4LoywR#tZfGsGFunI9{dk?q)jzRf)4qM&I@_)0_&e#X z>70pKAzQ937gL+2By*|xLj95ZEI+OvyXAN($JD#xv7W?gzWqz(d6rzMQO#s;+b} z&X=z^#iA(Q!1%9n)v*UJLzY)(xd|09OA zw8!Y4;D!GT8||*BxXipIySkyn&*`7&@e1Qd=|^6_=Zf~P{4nq9@(joD&l5xUaF8F(yXY<7Clf7Cp5;O1W`et2O+r8?_^M$Xh)-4p9nR4Ce zl<>3ApaYLp9+WH&xK`4uq&7SF%EHEwl$j~a{m1rbKgw_3pON^0`)>V_e>OqePN`)_ zCvGXoejeX-U+|w^<}I11j~jOHY@DCHL!G7Tv!Udjmsg**n0~h1vsvNbqpPpN!amuZ z|0w>J_rv+auU?rp7QMchAj$r5op9{mO}a_EVx0>V9R^_PX178^tFjSUi~=$EI(7Jal$+mHdLIcT^_?x0@e*b>8{M)Q{^Ue{5g8t@V+| zW3%1cIYb#GpU?WF8~kAY;oR_IyEz?aPbwrW{HT6(J?jrQWwo{I9L4zfUNWq=|Cs+a z{Xwm%*1bd@E0EWwFXv+o!>rr(afE+|)bqQvW|g>Ux%wJKyG+r7vLH zabDoxsjzG7K4;##;w5ck{Ah>w`&+M%-FmiAMapirN+GLy-Ma8Sq&@+N)#6E-qef)-NwQ<7ug|*R1rt=O0*~Z!c$Ew^d`BLU|saw$$-| zTmt(!Ti>^(w!ig$HnlIN$^G)I&-F5|>hwP5HocUZw^w8Cn?EQ1{mrAijQ5DJ>PtGp8VV$+VXY(&fMR|w)$h)uTQd78E+Pb*#!n)DKowO zQeNhb&Yn!$c}v%8ccifC?2nQ9$^O9q&Cie1qd#Q**!}R?*N!JAZrCvT?Em0@EbaQa z6(zqrm$dooh4p;Aw)>tuYuM^8_oj_oU+R9b4_s!o{q5uj-0B}X`dly8mukBdp8s*p z;BS{ry^WjY!a03&nq%ev2=O2O9w+~I?pKYk3SqBulWR^KpZMuxd_+ps^@;H+dHIu8 zdv9E7^K7f>5@9==5A)xoK91)-Yco;z*v-k=&AYaloWJq@*t9aCNX{jOCyE@^_N_kg zb#YJWI?aN&U#F&JZGIE8rAPcu&HnV?DnHKMGUht37}V-;r(#XN_#fsUn;+`)onLW! zap!_9Ez>5M-6`V_(0(1N@l#W+u5D68P{usY04uAhsd*2s>8rJ}mWIbqoa=L0INWQ( zPx-Q@=KS^34E3seYMT7` zZtyq7kEJcXwPq7@m72_R4w~*x{4G=Cx8>rJt(Qx=y%TjRL*0(q?h3zL_G@2nUC*?r zB|@zh36q$c1MmKre0W#P>)aLD(>|OytToAtQEBH>XSQ{7v)2b#m2Tt;YqhQAKPP|d zw$G2nAKZQ&KKT85>e3zlMq$o#)>W9kp3k4QptIoG2fzO3K$^*@~;apRQ8 z%@DsME@CwwhD*ZDZbnX}37v`DNRDEDrNNaa%DxaGTyWjnZd|bJeHD*cwPR=iC z`#%2d`s2Si_K)H0!@kv0aR+POU3+&Usb_VY+@6)|eAGnU%+t%#Lr=9#@!NjPo^Q)+ zTe;kL@3{{?iCY^V5ItEj>)GYQVpU}eA2I&k-O4NW`1{eS{_Za~xB7G6%iQ+H+*j@% z|K7^wN7pmI-e>Z`ZT^y@f{|M`PgMM;$}F*7UA%GGYO{%Fr#*V5u{7|jxsA@P{3EhX zmmb|ZD<-WT9<=&6``()J{|u~_AK&#q^zYiWbcUwLVlTJk%Y~ND_8vcQUtZw{kLtym z$Ym#OiuvzuNngmehxyy0e5SgKan`#()-BK9sHYUsl4IN&bJ6$V3diW`c}Hco%Z3X) zXMK0u`LlKCkIj#M_ltPtZq>YHtj}V2Kyv*B`5$WehyF7N{i*$tzv|At`{uWFbZ2?k z-2a(XRJQ(c*TYADr_}N4-nhN=7~2CsK4o-V+pE=~JXBDFI z8TF&@Uu@XB!}_I~6Fc8e^2;jy5xdZJzR|(rFYD*be)6KWR@}~I-qZRYF|)Mhnb(C} z{H@BjPRlq|ht_r4eF?lZk9|26Df{R0#A zV_S>LZtVQe&@k&p{~;@$WTvC`?`M_N$zD{lh*tT}urF(>>y7!39EIH}t zpR(?7@Q>!@M;|=BrkkMjREE8!FGA|n_RA%^)9%X7O5ZM;b=`aO)w^#_trFUkzHoK$ zen-#hT~kf^yKePfdHM7uU%3JA)VH&~MASq-yq#;SxNoDbnj;^(#P@ajzL(wR3btj0 zSII3XTb-0LAt%XV?ZZ&VoWjudEq7k$md@wO4mZx6(A4H}u=9XL*!qAU-jCn6{*(OB z{3HMPt(b6Ol@^tcE}SWL%l1fVuiyMp>cOu^Yn)dl9xOlkRc%X~^7NFVYX>f`mo{JM z{pjBAM-n!U)%J}gCsj8_a=U-}5;KSE^T)^QJ1#Z%Y95sBy1x0vJk5SjBg0-vHQ!Ba zk|);0hS{oR-iqd!&hlL1Wz42m7wkum z0(;#Y9DfG0?x}g#5ms}_T4;apnfS;bD-A4qTV1~I7nSrsbNE8|imiL93!myg{km$i zXI4vF3QN_cXA^}2y}sL=IQubh|I-KmLSNKx-cn~_XR&R^^*lqVQ_JVC^?n}daUm%Oce*8A%4+YgLZm98j``4cQJ8FfVmsi)y zw9VK4)*n1?smI--nfqMttO^az{3mw2D)svGCAaN1t~ep8=yUGyg1G+-tyxNMV}v9B z>0Dg)QM~p27VYYZBGbdpN_iYs^kkdK4rmD65)BZ$1@E5A_|FL(~(M4y! z&93%Nv`~1!`pRz0uH()7G=H!k-gfKV+9ihD(m3-K4sy9FkKyKYLmcl7RJu&}UQ@ni3Tis?t|c(0i7I$12-GAYF1d`{$(0O|fId|S`T%nDfW zewXe3x7ndy*7DX7H)~uzrcOP!a`{W)7*B?uN3#4bzRJ?R&sgIW&v)|ClZ#6ulpjTg z*|A>It6=rp9e>Use zr?Zb|XZXdQW-@M^Q|lXbvQoox`-=J;uhJ_?TkNzyrfpss@B7VtHUm$pn}K%Uj*E|@ zr|qb`{XRv^H0^!l?tMGcHg!eKhs(Wio(09Kro5T(} zD17Wv4xjlV_iLSNn$;oSc%RL+EeWq7WdRVwM%QWr%ZM_TPG7Hw;5$=4mewW7#_NVOk z_7;Cj|1oz>#cju}KZ+l7cV{GSoiJrq=!?o%{y(3s{G;^4XTN|6zY>SJ-QC+8=Y;Y1 z*hoLR&sxzr`|vk?`APMc;uCKa-nQFXGWYtP%Bxdq7k8y!nJ4vOf5*EmJ14#S#`)%F zw1?VuiQ~S9m6dPpdF}qg*G67se%!?F%#WJeXDPCMo;+`{=+PRBze~PW#|s@__G;E= z*RljbopAjY1v$f8dw1H|RYZGV?z#0vVt&#j-G)NNKU%LYELDB?qVk=^EZ?nb&uf3Y zHt~^v+wQdsFP;51HM92HZ4Gk@`>~kjf-D}&sI_9Ha?}zz^uU~vACzXC( zZ_U)OcP9_4ysLY;W<6g`+O?X%oLS~aVwud^IKpd!c=k*xKU-QGW$5?joaw6V8=utk z>9%!$bPxVu-)-ZYcgt_eTZz3k#~!4!?F~L;CGGuS#~<~F{aq7ux9)vDH+^UMmgAOO zd*ptsbAPn{V65}QcU}K%H-GpN9;N$b{>y^Jvfo}DSNPB1<^RJ$caQWVU*SjU2Y;@s zJ1FCEecQjXzegL{^Oq*Sv5ea-eQejH3-^EQeIVbpcHz?dU5j%a^WND%zNd3STvm4D z_d=f^o*$;Y`fw{Q;*U$Le0WptY2gREHUB-ZUA?3GQEY#^{$!VrnO98yGrW}!*U3vz z^`1~*USuVIZHKMT5B0;FBeJ(y?c6!(y0OKq*hvoDGOMo4n#n;%5{IJhud>Ui5$?QHG6R&3MW zoq8K9=fJ3&&uy(X<+~U`uAE?SGO#Zhv@hxsCZf=B`}( zs7Xefe81J-dC*gH<8|caCv#?}o(yRTim&`w{ztjEB0aVup-`HWA@zLl>#)+lL62_P zf9YgC;;*%L@9WDpuFJP=Us0cyHO=g_%_L*?o=V@G^-!}Znj;u z!S7)k#~*FAZ@f`|BqEP2CfB4t4oli2uxi(I`(#LC?^WJ2>kh|yt zt`#$q+Lh;hJ@V@NuHJP^gf4W5y0KLpEsbY?_uSWG-^%)l$_>v~-k$X`Y-^uneo5&q zky%@(Ez?hNPth@Yt|AzB{lR&e%xzI2)5S0SjNiprl-+w>r-rdaq5p7I%YTNn1L6W3 zf6m-J>%yjsb#k|Ey6wu_pjN5MsWxBFd(rozD#qY9moJ1kAAA}m^-s~ zig#a?!N{}Zg|^wd75tgG0{ zU73AnPRZK)3^m?Y|H(QjUC8IUyLI2`&J#a3RDHg+d1;hil&sL<%Y|jBvdIrazqLO4 zoVzC4o%Ph|&2Qd0Yd!dOTy)~2T&@V4h;Q42Y?i8iIxRTyvW4iC{rzj#eND~2-IBd6 zr!#hQU)KE&{gT-9Bj2Wll?TSeoGg@??8hcjzq$W)+!=8b{p8aHQ&eJp1h0I3kLOzQ zhjZ-@J5^_&G-ms>DP-gEA7Sge?AU7j+T;E+v^U9%SK3Rs z9%t-$;lH%>*V(@L5BDmAkI;WP&nF(2SQqN$`TL+v$tvxG8G%2RK3LhEY49RSVcPeQxk(d~j~#J5ZTa@n zk_-PN{`UR-@>^iz{wbl0&fU4bAZx`fx4%)IVIGe&jtER(pJv>4@cqQd@;LPmrRNqF zD!(rKIODo@@qWfy$8}vBmy68(YVjicXh^QcohN_9*Z*if6!m4F-_urNob{}S?xY~em`l!d(zo$XD+h+x?*r6VzpSrss9YS zvcA;GPI`CYm2UA?cWK8}8ykhEoGT2t9JP6yaI>%b!n{ido2G5qJ=MIxBWrhN=9*|` zsk`iPw_EKGm;GnRyPFfydvEG1Ii4SOrrrEzpFX%Pb#y!Cxpw8%fH1pg^CK4zojtYK z=Az$nvGQm(xdm4Z*SMyxJ*#r9Ps+PS>+Om2rf>T{XdPs`yk_C^g%Yc-|7X~Ithdm1 z>lLewcT|tG@R|K*h$>od@}@%D;$ZapI~9MIcvdp*z0wi8c1rK=>c3e>@2y-G6=^cb zXG!kkd0St_nf`EI@M2b8(jJ|dBopnErjr-coxe6~>c6*zk8jE-e%@^}uUX`t>amxL zJ<=pRgP-qfpZ4;e)b6YAeUGiye>YpsC+_&p)tnDA6!+}vy3EYNwBte7H(Bck;ce?@ zx$N9AMKu1diSLEaJy&kYABdKgo~f7ik=fduO}$(BHoK|GN8?p*MN)Mhvq~>7KBTgF z_oZdouFc>5iq`B6xOQy9r=wywAKhyxJ#PBCPWwmghu5B$X4<5(Tu?mzD|DZKO$oDU z-r)oBTw7$L;BU4uUg%i-$U5U4(`y0O zXKr>W;TF0-LaMem?Bl%YXg76Pjl;Z4xwr41@4XpOeBm+Ej(d7CXXBH1&C?TVdfHuX zQ}pXUL(GRcyi4PDR)?`fZ;xI4d*@nt_LjYu-md$)C#F?BX}f}+zv#V+c;^q_kK~&D zXE{po23nH=tJytdPy{l?2E{?_+v^$(w3^}<|Q{PgdoA(Ld=KWfUp zwqNI-yvgv{GtaF4nfBTGt%k2|J-Kyu*^GU$7n22!F-@HH^S;xL$=+AydmBHtJwNTKzhRp!bNGS%Tdp^k+~@w|k}v!t zEaLH|D~mk09pJk%dB^%>?W4b4v*(z;Jf*u*TW(Q}(qv?lRow`p))f{vW-M zQ}4Ii6kXeB`RSdfCsY3(e$nUg%%v~${xe*ZdK%%&rxIqHz4V%H^kJz}*}r1`EY?Bs&vaK_wv9d5iO&Hmn`g>9Tq9_?8bnY!_+%kBOcyX+VIT~<@i zAGOY|7jT#piUb5}yJ7L$G^WSeRT#+gMt<6$*>EFv` zskXeKvqasq_nIl>rn z?YYN(S;f6a_Y7CwIF~dn0^lh?XHy2M&c&xVJx}Tij$EqJy zubg!kpPjCMAfP%tB(7aLEZy?sg{X=w)sOP6CKlW8Ey#QqrF&FjUO~0g=YG!Yf4c2Q z9tVddYa|?dAR``pMe6%{q1c;0lC<~gADPx!yd;Zr+qD4W4WCb}m-*57FxUCOuBrQ$ zF7W;KR=4AJp}@JzCvRo1n!IbX(PZ1;BX;~3w%T)eKB|aWBL1r~ddG3~IzGvC7BkO&YH2+~O(@@rU;S;R*;jUK*}GMj!~VdJ-&=c^ z--tT8a_!QiEA`V$4is;Bqs|iUYM#A#T6lWxL)|oafeN{2S7Ma!-r_mEq3H0fo&0h? zvW|WC^z}Qf^PRJEvP_$({f$z4j*7X{eOQ&}q)KmI_^)*Na_?u}OIF!8{!ZK3FZIJb;79w1d;I+T0{fV4TOl)foZt^VmucBQ?2@`4r0N4D!GKi=Qk znO@uw6`|(F{*i6&sz2&KELY68Iv*Xa6s|SNtkB8V*tMizZriT(&Y2I4n*X?jm0q1U z>)mCJICJ$CHsQ-(?dM#-xlPG_2TGA(F6D0PQ*dA^{Q z>%72LbCsaf__y6F*WNhuQsdyy^cI;~I3?)t zWY@L-8CsS#ryiN;IqgaFt<~Gx_eiP#jxuzdv%+o3ZI&M0aMvHJmu>sY#F6*N)~O*| zDr29?xijk*tx@%7oxZgyb<6%2Zn{!0_cGA$g2M{~W-c-+le+WS zdq$nH%1ycO7=c=?Yx5tj@2u+DdTn7jOCtXnDaT8@X4VuwsP*iQbvK%PUt-DT>vfV^ zKaHJD=6p%YwA>sq=gB_Vs}1?qVNQi7dv{%aV`I#A>C9%oH!P&StnI_FN}T8uh98hZv0HLD3}q~w0N@P=R4Og|2zM5diBy!W_7i>#gAi+ z{d=b!seETWuW9E`J*8U?(+iLLT=k!7bi&QLC+LaL%%aCf{~27JdF`gx@9zA#6O%J<}^e@YPbU*f6YP?tMQy+slx6~(98&&;02#VN7mi`%M&@h%tYw|H!C zHCWhiCws%z4c*?`#lj}6`}c-jZNbI0VQ!z^EMhFLIZ}1qbLq93*FL$JeEu<%3jv&)~S5w47c#@tyZT!wru^mC@oWZy$si^$V>OsLi}e-vYVdP z-j>O&H23Hpv6L0Bs%AAZmi!EPz%y;d(yKZP%4Y}daMAnt;I{R(@!`0$f_e7U$JhXDgB6Z1cM=Q&_?9A?GPft7T z;LN&d4o|7+iL9#oNAx?(<8Rd|rG0XKqG?kd{Ot1EFGm?x@E)st9pyI5>wRJIiwv{X zE3(4pXU#m*R}pk)Vl3NK)w4$ze7--apkiIR-|v$BdQ(#_nU@`xShwD#@xkWXRZC8| zMY@K*N&Bj!qjpbx#~q`+j4vaNqqlUc6f(T=t9Z68edFxFBe@!Vf;}r`vpi;9x@63{ zw9jl_%=eZ17H@3MewZ=g=k*Q-6@jgFx43uzzPjmh!lCv2YKBK+H(h*R8p(6+orsxL z;l1sOTblhgXXwo5pBFFtD&}O!yRb_-dn^~+-m-ne%sj^v$!BB!-MVV}?Ne@Uq+$>Q z^U|=UBRh=Z%pUJvTOudEW#^8BX%`qJl*^w-Y%lh3I`04Bx=$|O-S)E6gi^}I|empn#p{#w$b;o!KE`Ig3m1_GRbN^?MxI5|KpCu=H$}G>TO^#{Z zYU}5H`}AhxjprmjY;|21?Ymt~@tH?OXk61SMN#2trO~Oo*Gt{}A?%!)xQ)Li@wU(} z!FgMsPmcf5el+~;nu@lvOcnd$4X-b4+p4W-Jo|6p$(%o{>ZM|ZF23LD8q#jqCR4?A z(^`3A*4cix7t#+ue`jDgclpkBN7I#)pD36#OFmy3v8j(?*|l>9JD6w9yY3euezuHt z_WtKFpH>#Hnrh2+@dkToQ~I6V``gyskBz!%b>o)H(eu(9qY5$$Z!VwNbhQ1o@6OA) zH`|^b7QS+g_s;8{oG!6hC3?%M7kHjC$oBU2cut+7e|W?>vt>IU=g%sxR|?yF zg*|?YIJUh@$=x&S?51tWdJ!D+xEULE9Df}VHFZsu#iU1>+#aW=GH+aaZQ_E>ItCW! zZL??XxMbtF_Em4yI~E((gKxc~nP)c5GWm7%^!-=9JCiM$w&Y&bFT3R+r&BO9h~fL% z)DL&Rl*<)+EHwUJe1&Uk)`cuyCC}VV79SXy_xd}!2VB_lJJw2mOUxrTSM`GTaix#{ zGl<`NJ!^GlR8h^U8{b~X+V}m5<(r#V;w$GAEi?6%_Jj}5rt$uIB|N>1Wzv$;MOwFd zXI{TmoH1=#^)%K~4;ZSiN$ge~ADt2zs^Ev~=k-y353 z+f(e})q}^_EEb&*$|!GMn45g$!)>c~JqGHwuNVGU(Hy*YTN6j2ie}IH@7dZ9?|z9A zTl4v@^KJ!>4?8VQFIP-DyL7wNY(?h{6FA4}L)mpzaqV6u4lz2RA%etOBeQAZ$KV9_~-T6S*{%zHwW8urRHKJ`k z%kKHyr+vYW??q?nN{%SD^t4y(jxK8@TGcCMYv=aVIdmyrUa|H*|I69u=Ny>oc>dbF zU1GN<%Xst%l?b)?h18D)9Gc)4BHMQ6wZ3F zF87jk%+CJ|HrK5S%8kWy{#?~kebcq>q%a%1x@~Rt$`AJK`!4vctlAlTYHh%WZ(XLG zSC@7dX+HIMA3MqIo7p0btD#N_jGjkCdUpTb5%qA9b88&KmsO5oPDdjq-G=Zm&?VjK3IN&=W+iK(X%TKnsG4}gMJ;=NC>D9xXCv;D)n;y~k=-tDP#7Wjt zM<)sA?{$#A@wxfZF3r^vC)?)d%Bb$S$`bCq=s=i40t4GI*5Yki{(*DkYF{t^(7R{S zsUy#yNIt*RsjMy8f|lw%>+5na?I0 zZ9mmvd9-+<-}TFEL4NNl7rI^4)7Up@%L)0YF zYd=2xo!Y3ECn5LS@!6uMamTDPUy9C|&hW9XZO`W;RjrrecDXC4*D;u1S<&HW?#wCd34Ff zT<0Ov8iVJ>a$C=56q+7(ncyZ;z_4!q@t3mGo7U+rwKr_$-tyJ7`$wyMsa&#oXLR5W zoi%>`^~bjUv9_5mE|)VyvGCwJXP@o%$?1~6@1*V8&$(v8(On_u9v(E!T^AgcA6#8O z=j`6X=zWrI+m3u-dwluY#@yVc)9UwGC)AZ*{ZV%+BI(nq50$0|%~#%=ym9NYEwkpd zMNhrsW@&n(qV9mv8lAQ0v!3m-Ox^cYIryM**H>O)M>lRIO%}!m)*`>ODK9r(yRe4y z$%4nSuPonPGB_f;(BE`%ZPK@iW`COhtY-RR*m?Ip!*>6ybDExWqukUjAJvvUocYl0 z_4$Wqi!W?Gs~F@Vd)D`HZPKZO^1?hT4=nw#hqp3E@AkV5@2swuBuuiHojdKJYnQ;P zof1zTt;m`%yK~Pm3kR*ge|ED^6*w3iSw7u$vEgn$ey@w#%Y4t&x)r4uu6MBdS32)M zLt2yAB-h_(kITM#v0cq=Qo5>}Z<^8hHF4b0uBrjQN|v~;3%nA0)oA17uP-C2S}(7A zyQZl2^|FsFWmd7PD=)3uAk&oHxp$Yj(3Y7$jT?Vm>&P-wzu!%?OA>P3eS?&xtBDa6u4#_&bio@;HI5+?%u6iH?}@Z zJ}wjLS$A4_vcN6Q_dl-jebbuP8oPFLrtHd&f6+P-qv z(r4*Jk5JhiXVWvHE-94HiZeX)D^T>k z%;l+5yYEZX$=Eh|uCFNEb36FVY|GoTK7D6p@bmNII9e4q`!TP#@0HYJd26e@^PacK zO=a)-Bfjv}x77+K=&8WXzMQc(g-tW?@6!*3YeX zKX3VD$DJ~H)_4D&*U9DFw~m`V=RM{hxAozyt;;8uojMgh@6qmpiyNPZP4+u+??dRB z&AXodJaM!-yzO1eZ=FKcpP>#X)(d^`-T2!};x_9NnX1omj~{kNiXANPlV)b`2?;Mx zU)XX@J$T6-iK*39AFu7=HPhevXD7oq)3cFm9VsR3dvi0zbyV)}=kj=eY3HN9>#}@Z zr@i_fwiK_(t1>N#s&9VWcIRx)(kVT;Yu59{+}_ow-DK;(w)B_TlAN7BX8b;17aeL< zn|R`toP59E%snSM+$5gwE&R1^y6oQ5OC~b#Z>`qv`69Ws*0R)BPxi#&=W(yHTdtLq zn60%vVwqxL6Y6U8aN)6oi6ZG|*d<o1SFxt7cd;aFT&7xO_| z>k>onXZ^zHs*3RLEV-%r*#f7npKni=NoZBxxaiumikl5nzJ6UPrLJN2uWrk0X`55! z8c$cx%Tzgc%Y1A1tkhX|)45MR+WtkJ?|7j?@54J154zSbj$r=OdfYa9`9+27NJfSa zZoCC&@6J7?J>}4kg&#KiZM)F>bnC)Mv-HMm`;tD!wjRpP&tpz7SH8TqcJ10TrP0hh zJ5n`!!q4m%`=e5_Ui4&1f})BgZ=dnm(tt8|RhKoFE$ulni?*J-Ryg$ufp(ORZlUo%!qC zoLs%PS3m6dc|0qpoQIKlf~(7$Cz~~1U)s{v-X0k7@qK4Ki*mlzXYYmmM~)trdAwlV^<#FD`#$_V9d+;a)WnIWzOS=;??2&PK;@gl z*ehwv`u(QqnTqw~Zhg`%aOVa~>B?!ZBBvNk5U@C=ZM%3!f75YW1I-VWU6J$RIG@bA zxOkbUv}x|rG@eazj*phNJ)CXW%Ff)BZNxb@;@{`;>q{;3RfD%!9M7o=tK}8xjaYYk zqQVR7^0nOB&m^on6pI*5JGKY(OwC)oeywMI`Nj>>Pmgh|d9p6wZ)xAU`@y^oYnyu} z&)T26a+|@sJ$+k`-+tvK&T;dbY2EGMQxEL@u5xL-==s@q>3GQPKNZRgzpmc)>)4<5 zpVryk4q|38bFg0_DpT1_@oA&e9_okmZWmP)Mtmm-=n ze!Mg}O!VS%o)w3=3X1QoS@THas#?*};-_3d0a4e5u?QeUb z7gk#ox7_vPZnZxu((r8mJX!m1?LTHNmsgTadmCycI=B7n`oJH7{~1^%e?0zhuOP=J zu);w?TYH-9-|QntKD4^lrz_uC+JE@Uedq7qV#RY3GgU8sxjngkd+(0tPep$kK6w8_ zXZz9JmVsY|^NSp%_dHcd{-Ct4>qp^#2G%)0qH7cSAKm3j-J!*-yE`TQ)}E?6hBGck zY0u>rblhL&eoK5l{~pt7Y1?B{#ca#C-tH63yeIf!ZS&!0&TJ6{e#Y^7HJ1MwnkLts z`_CYBHD}G&Z=2>hu}`l2H0!Ic@+1Aj`XU-;`)oI=9+%Ez|8ZTVpyG_lng=J=J0@l9 z@O^Q9Vd_WurqlV8L$_J{XUGX}{-P>sEO%fd^0ENdoPN=`U_d%ft=^oPBA|L(sP zo7FMT$RcCui8c2HYP3Ea?@%O z0RJHE)gRRMuKB?p(|ts$O!`XL! zUH-X$#Aj%==fa2tU^-S*CZX;=r?YF#^(D^--%T zPqNSYVtLt}WxMwIWYH&X_a01Gere^=MfWnpwF{TT?Rsk|VX@ZE^Wc)7Q@1NVDfydS zC0gm}yR6Fp;Qm|Q$Kyoyc6;u=mX;F6=)6;D-_9Swzr%jG2XZc}aldGD;sf&?ryGSo z%GaN_{&_@a`^0@W1DcOk^*7t3nyq|zW4)By=f%>pSH7;(Db*^9xn}j!FUb9E`kR-( z%m1B^=ldsn^kIJMuOky;JXT$<-6`sspO<|hw?02#=G?s0w(0q0&5IlOs(yt(TsQwC zb71>yUoV%^7tRyo=6{&~?edTQ2a&G*-~OzZP^c{4nBe|6-Z-AwZ_9f2w5lCeQ#4nH zgnzY9;D3Alqw3|NjBSr!v@Mq3&VMv>N54l)`tp-;g1?#m-MYWo|ETRerXN=qxaO|7 z<7IbxMdk6#yxAV-4CCXn>$(0(F7I0NW{>t#SKTcOqt68IFtBUevnGyNwms%9zn?|V zHtS1a?K^|pP|$LZm2WKwN_$yyeIjO_KPb&0-B!UHd5#QstE}^^YXZP4!j%WS8(` z>qGmVcww99{|uaEJD0|s68`Hsl=lGNw=f7KO zc(c+zociH)OCtAV4+oo(qq3#tdPX~D&}}NtkGp^G)_AhL?-tw4Pen{!UknP5UiR{T zXqla~VsB2x`@`#5Grn6nADft{`tabN?EChqy!vh*;Bf# zYajl$>2VV`C~T~eFEY@6^E~)()9a0&zAo2Hl6)dB_fO|X z^HDpaD{PBbom8q_`HlDPcA4;5ucQ8cj$TrqUBlNEwcz8l-KyXA7c1sWoASl(YyZmF zJ(HLC{5Yq5a>1JZy7{|(<(eOy@0h3lA#KX7X|uK899Opq-&mvcW8tHI@gJ#Q_vV%N zvfn+qo~ilBwq0($a&t>_RQcG#Mc>QwzDeHuqp0cD_0y4TPK{lcg*6V%pLy2O_r+;D zrH|)3EppjQTIMbJ*mdKF?4$XTKR!QFoBv>@uu<%tHMz}~)z?>-+P~9pK12=$yw_k-rkrid$8cla#>$r&A^Hy zvu}L;5VGR;yLq?dUH{1MyHFGQ?Y>}zyJy#Zze!Kl*hM}5u-1r#B@_^_D%5v{)^6QOx34_PnhhO$twT z_SqK4vQ4dJJ;j-n;J&qZi?xZ~nwoA+nRy-A-VfgQZMElm;hUc+Wpu}LZ*$*Y7@fGQ5ShZ8~i>c_b*36Yh?$xCB7w@>zvEb|5 zu(!uggvg`>p1HI^_nbqG#^vX`%)eb1c6;!_c}}?F!}-nI#G+E~?Jh4+n_|JyGjHG5 z^~<7WTv@%Z_O);RHCx*^Q$C!X?8RMnsCdPf&c^KQ;@oxakHqH8ULl}TG;g7M{?ej* zray9*Rm=~Z9WwL8j+v*ef6cj`Y0OlyW^K?Ti`1LDUweA4ow?k!C!V_^qayC;TGopb z%G7qfXS%;`ZgJsiKfcq^Wm7j;Gh|QSdF7Fl!-TrhsgLA4C;f0gJpF85K=@i^JujfAInL(R_uf76k7w%Z$=+Ri zFyp&$56|Q%t9iSZ$7CDDo@G!uQFwgkYJ==wxqD9KEcSROlgrz;;7RyS_q*Y*iuRXA z%FX|6{^Fj=kM=bgb!uBT1TU}8cAK<8)@<^weP=(iH}A21G<&!A+;Y#hCpS;T$(tH) zUH$Yw!_9@J`}u$5oj+X1zk^qC=jXDve`cnaYC?XTd>pHOwEtnmKTXG_F$X`L7jC^} zFB3NT_~qsAPCTvP+WNd=zMFS(de*|UoqdWI@(MJY!!Eh=uDbo7;r`SA3{ro-{9W`< zvnKMxzgE4i>_>uEFslFAuv4Yhjko6Dn!20va=JBv`AZ{TUFYXH+o@7HyKmo@g)@Wa zUW%F>eA062ZTm3$?EM|T;#=!@{1Vin~lMk-vyk=AS@NWLM(#vm~ zkA9n2s59BgL5Dr-r;~s8e9_YEl<9%j&a8Nl8hi3z+FtF4vc2CnCvBhgZGn&FQ^p6^ zn`dl4^XjDBx8UhV|Gk=R$uIFI$XCj&R_boei5X8hjuy@rs?W$Rs^?mBOLH!}ffScW&R+A9d+z?-fS5 zr^ooR@2>kN`9i9`$>j9yu*N*yT()NiPOkoTaqdr#U5m5l@qX+Ny|QI)nC6#fsTBz> zEVY*F*yOE`L_M-OKIy>8ciFe5AKTCMHEiF9>s`7m)8`d_S{AqCdDjd3bo-mj56R2y z)4QD!CtsZ#Mt!;>UNkr{?ZSuXuU?`{JcF!E1l0KbGsR*tl<^)f)RF3!cq= zIKSgRgMf)`M$|p$!mSla4<1}!&ha6@|1Rv8u?b%8tUCS3?Uv6BI&C!q z^;Rc8hQDS1c>eI4*?&@3c(k7JhmHgrLUG`h_Iv<{nmyXUB-xL`) zCx4n-;{1i{(?0%ZIKI9!O8?MY;iI>BCV7@B8SG`Ync%0DFI2()TmNBfU+=@;OfD(A z4~VzsRfY5BS3dgB@aFNu+rND$x_L(2wOD^%E9rUE=G}JpT5WWrJa5Lz>L0N0wU_>< zS<&X*8x`*D(q3lkVfy-d_&=4s7vGuRwRApsw9@^cuHP$NxA%v4CFvNg-R!|<5H0y= zuk=AX`H$y2_n3U#`lBzC`;+GZn@4;0Bp=zeXX9>*k6T_i#eCZ2b(eFWXk_NK{|p)3 zerZPSclDxeu21-PYuCGtiI4y4dtFM;xc}y7x|`**z0nWC+ihGQyk6^RljX4^@`hOA zVV)1}TPwD|joI~X@5eA(Z|^OcNlgqp17|%xeEEpCz+&x}JLd^rh@7&@^`2Q+`l5el z>V!TV+x&og=bxmo*8%#!m(QNNx4?aG4+a)AkdA6@<%3P`GK9`oP_+4q~nWcZ&Hv7na zNi~0w-roy51rPt?(|)<1Te1D{w+j}BbsPlatUo+{c)rty_hIMbi#pe<7Nmtfc>L?S zaqyV@IU_-j|bQrNOFVzblgzYnzU9ZCy69P&Kl!^R&ON%wUvb@?Vg?%Vmd`NR6K zD~s~yS-4%`x76+WX&mu^zoS0$wP3Ps$0TdcY3?cst?Vq<&&p~1XK0#R@jK|p!peoO zgYV3>P0M(;eP-VUN88o+>X_=T?~~tqaenB9&TT@=ZZ^%|V;t9~`p7W*cElW0E(;F} z^PN{J7Jp;ef5G&{(ht*?wcU!C`uLVX$m0q1Qa3Kyr`_+eB= zpC0wXbpEZr%ibSaitpW7)vCB?>g??{;l}oF3zz)p_x)|VZr!?mAo<(oOX z`3`?Kewokx$~(W}q)EEKdUs=AP*(X!Tk|RGx@4AFpR%5Ao-(_8L+YNuo&&B&*QL}|{W$!vzWa}4 z&i1H#6Lk#tb1N$zG(CGbZ|U}v=d|D3-%9tqWNP2uoxM8p=#~=&N8L{q-r5&^@yq(w ziE+}gMgJ^5s+kvFHa+jn-Wgoz_2PHW?oQ35f_;}ZZ8o-H{LuW!{ODP^h&^0^DVwc3 z@^-A7e8isRpUMy8!v%MLY<4S|Fn7%>BhLQ}O8XlA&M*1T&{iid6jzZP?k4Oa+VAr# zyztRqcaN)Iz3tiKIF@z?xFvY7q?D{*5LwEZSo^-`XHU9da$;ZI@dtKtc9PfA*z;yR zzN{U3`_Mj3r|{pVzv|0h$EU^AsC@XMI3e?~R#od7-(-&uagzo6vNfhX(knRqy|v)D zZr~mN&X1w;yK2l={pdb2t^CqWe*T!e&JRZ?e_gp%{NuXW%X*7{3wb6eh;i&`jQ6eh z`cL}atEA^X7ZbXY7WmDOu=%=f(qZo(D*L4QrQIH7n4Qk~@l$$l$(l_zOLTtAJS~25 zS2=d`Rg=xJ5e^WTT?T|%a`}<_>W3?-H^&ff9`s&vCZ+$(~qgCqpas=tIQAkce^|hJ5^7b#SaEQySGQAwv5LOYV+$MKu=gNnQYUi_-6>A)>^$QOFkhXH^ z%hRh(*Zq**@nv0o$Pe>%*@bhnJ$9FEn^Gk3scl!T-}^^L|4#pARZ;dZQN1^!cZCT^3a`=bgKSXC`S~+LDr1qxpAcjq@XUfwgw8|*Z(O*!koW2Fv;BML@fJswcddJq99!&mIXy^z3P%xd6@UAGhAizJp(eH2 zPCJAIM0}sh?fZJ2OQPhfduzC0@2u}>Rs4tiTd&#kY?-+>VZxTl+v3$5SWCCge&}1c z$8nMSiqp()XAg!+m}Y$ry}ad%QQSS1EURgzUvGHrs0tC<+dpm1>X7x?uTG1E8`giE z|1fW6QO#~0m$7!YKa$jpsD)WVP zUlHIqD7nh_k*=7nKt)^hlW3>LJ5 z`r6qS4m~n7db(74^Tw?gzRZ@MT%Mk?@kH@7C%5A3$_v-oKfc~tBfs(obI`S|_c?FH z$3#b-P?#0bm@%V?IsL}x$l$tb_c<0eK96;B=P)YM%Rc|l;NSH)v5)=D>un?->RN^8 z2H7iFPtVEKDV!5Nzw3BnR^n5MQ*Y<>@+_A3+f>{-$u9L{%(2U7E0RNcLl{JocHZ{> z8uB^jx!u<{^TqAcYwHiziEiG1b$w&sCx(ls`^*LBNPT!4?SG{tlgC_8cJX4q_O&&< zUU@=U?)M&U&v$v&Y6#EU2{#ELOeBC7~jY3UR;0BzIBV)ugR}IZdoPTCLF{-ic2x zA3N5Zmv`M(|69U`v(qMjxLMq|iFfJE zg%iV{1^LVOCbk~++g*6$)meit1|e4#&9asM7%8xzS^L!w6CF_`S0}D?)b~^XPmmIwcCU7 zr^AZU^*mAcp{-}!m9Yq{q8g^%TA_RsfjlX!Od?C+y_ z%Ds6{4ul`SXYcQ|aIL@G^r}3SM3ePBxwe0`_wD(SSXf)|UC^>KpKkK#w|R4(5?xKC-1x!Jen z-;H8ePfa}`k(0K0i+}sHIQfKSX_kDr z?bowSYu0{U&;5Dv{#iEn_$#ho+o>G7Yx-nssrHReyEe{Ee-N$TDrY{~;hHJSo(=sx zo3x)-e0jE4_<+$Leew9;Uv{*=CyxK}`#-6LYkxT1UA#5z@5RpT zxu%mJuAV*HP$o`gmVuDN@}5b?Crz(LL|1eNZlC1O_LARZ-A$J?3$BXe*H)eUApgj{ zU&=dl-nAo#X722mV>Nl6$amAao262V7cTv{?Dm7YsSms>bI}9 z%U^0Wl|9rW|7=>vGBYecCTW#Xr_j=6?V4s2AMXBpa;?B7zVhFn!)h2mEIuk{vp3iN z;nUf7PH-MlJh-m@f?2=U>)xH;e7nZ?M(~CqeQkFc-_fw3v>H(w8YJO zq4Rs0Wz+dN$X{m;cv|6d5iX=XI~b%-hdw@sK%Yq%8CJb(royts0N3 zSKpLczEjQopfamm@9cjDCY!5k%O5`PDb;4Vc5bGIbE~^nLG7yaAi-BIN%x-aXZ?7;+o2Frv0Rp1l32)cxceXz~yX$3De9KqPfA@_Zy-oGe@tspsowu(vzHPvuchlZ?AtC zTqE+sb?x!x@$S`+Y|{mQ9<$m0d%?Uew(Nsj_ZH?n+BJ=7U(VYGhTjW>t2@~ULLiBKX-%f(giZw&nKU) zS@_^TL(jEewQK(<2lJJ7YdqeOQ=)zU*1Cfqr7nBA>}e0{bLZi^zkI#vr-~g`rcwSO z)mKD$Tx_52{5G%uaX#1mL;vJIjg%Xu1sp+`SvodX4Tca<1q#jR{Zn6yGQNQzM}IsH}{Wwq0Q-%-*2BznB&>? z^y`*urLk_0q+@McSJr+$c_De$&3fTKu3JB>Z~O8(pVhU}V$i6*O%Yto2%<2D`p=JH-DR-xu~M*Q9__Y(5ZIr$e?A<-kke2V@0rE=8L-EihC0J zHR4sK_J-^8w?;Ak+ya!tF?>RG0@g6jcGwf#~1AKWj_wtsW-(OEaA{(AN9&fSxl3+24tvivH2 zv~Qk-Rq>&dzBeO&`uJH3w&$(YJ->X(-&yN~G=2B&miuJqa3cG3P3ptl@7Z5{ij3#k zHK$r`>z8F4A7%S0>DzvY-(+|!`-GkT%k6e{*X`~vKaiL#wf?&7>*pJ1#OQDSd+qt+ z!#}s#Ma+Jr`p)?Dw9f(hPuDz6e%HL$zD&As-TlM&8ExWMMAt4==2`MsZQb?*{K7NO zt~$ouI7$0tg^%-#+MdmSHqDt+dGX8-Yt5S3{;I9jYunnU|C8<#t}SHFWij#ZdRSxs zf&1vLyhYQ4&&&&&;BmByz0<}u^}%iF>grSLtC_HD8`>QPnA?sY3$CJYkKbkCh z9&|1COl|s+dV$nS@(~~9=331NC^+F}@6~;%>iyBm8f&=)|Jbg^>h*n{X!c;8pVhXk z{YUj>e;gODlfCj)Z9@L7)jb-PUsiwk6ZX+}-)y$2!c&^0OM1(CQW(3wE^e6IeBo>D zoTcqyPp`bNF<(;?ad~0(?tGRzoA%qqtecsCZEak|{YUf8Z}t6f>YJ()=cg{A`j4-k z{%3fYard_4vy*Gi3dAjtYU1xPy8o_=x2R0z@zWZq6{$Bmj-50Zc}E^dGHy`QhgF-8*;g*f=e5zUlYG&5@TYw*QvBc0O!g;DHpw7?B+LLO;ti^{MxM z&AqaBPQqg8*h=Y*Kgy5CseGtgGwbb+{d+b|Oqs?|aC`c*19E%9u1#I>L-^6R9d zSsi;TwDya>*mXDgO8=)ZyxaTV{NaDZ{OCUeXLk8Xo#)~g;$nVoJhOL)O_ObL*gxs) z?S-$W|I^&n*t+%2qk6j=0vC(V-6{PpYH%uRnT}J>qT5wpzS?F7{iuHM+B0#s*M+3U zgxH>qJ$doGiw0Gy84{s;^JS*h!Hm5R!pLa+4Htqe>ADOq8{7&8f??TtV zLyn*Qr60LGd9EGv_jrGul;=m?t=9g6M@{$M>$x`R*6KNJEZaQZ&Uv(@(&u*7yfC(9 z*1XYk?=J5B5&m#L)9c`v3jHH#7H=8kqCMEI)s$F1HvM${?e-7cK5h3yKe)EM{C2w5 zG0)_uZh*jrx9ak9Ya^Fu#EE=(e^l1}P@U4%4hp)ZSywo>Ao1h>v#Rv*XQbNe&}64v`?iu@S?(z^1@E( z`HyU7-Tx8&SmKZC;_XdeC-2TliDtJizqPN4^PIUwmTC6n8q<$^q)MMu*)0~#aG9fR zF6w-wdr9`JZ7b7xk~E$qT{x=K zx?8*S(XN$&{YH~4vajs%SKBo8jcH|~+hKLq{d-u=j|OgS=svnD#F8avr{l}le%Awa zw^qDgc#{8g`p@9tNb`gn9p<-AaGfgr?pu9Dd{@QQNq0_vRPr;)*b}}i@o{gn(EJ10 z`p15i?9={WGEe7%gl8pJ(}~3@v#x$farU}W%Fh*hf5|rU;DYgO4~m6&sN!{yQk7wg8kaY8sQ`C*OykKHKnI+LF8`!sbc2=;a#MJvYOyYR~Y}6t9#1vG4J5gM$y}3nu10Y@K&5xaY*YnO|4e8411=k8<0bw`u9o zxd*%(-hSF8+?Rdo%lxF5^j-w!rt zi5+WzyC$zA1^~ zAFevJzWwX&)#br0zinFbo-bU#aGyqv%*K!RTi5pz2cQ}lh&Gv{7@*4}?M;urhTT>GQtn%R%)`Cb;>y5k}zd4xgad_r;D%;kTK z|IXUVU9nDYPjc0DU$JM=*%L&PH%P2_mUH(_>WfbYm+qXzTlQpA&%>Bmi&s^gKYFY8 zakTWxD2BR#BXh1h+}eL|KJT$>b<&r%a&K48`x$TF?{#k1$Jn_?PKwQbI6cnd#OqLz znKRwJuJ4JIedd(c|GPEo*~(R~gBL${?3`@t_-x^o8h5j4Vz*)q7f<{>@j_Vkk4dj0 zYIZ!;ZvMyKq?pLk_--7tJ#AH~jI)9$>K4PAcuh`SDN4y;Sf|u{ji>l}|oquYE zHrwl2^J2X{DpIhj#&k}q=O&il*nPOY=*+L)aE$okWT`+k!dtVEWd zeYARa#HpWNAq84X_w6kBB;9Q7a^Qv6AZ6yQTg!u#_hlBvL~Io!)m))C1aP^@`{W1&o=kjWi1tY94PAFm2_n`@3KY7 zKaN-RzR#T)VR|s|>uU2j=DiswFRSr2d~80O_)1D`b;cR>jZ-vUdAtsIv@TQf&Xl{h z7n6A}$*)|-nb7Ke=bY`fYoeDnHH&UKWq760w<14EphJ3ju=i9cwd^~ur)~QvuO+xc zZtHaO&gVCN3na@LeqD3(-Lkf~xpHEX@)e)7)*f4!vB}7{xOb14`1Z9yT^nW2OnZIY z>P+Ibdv`yuv(`&JUAMJfG;7oTS!t(B5-i?FpR8YQSfTq>;0(i|H?RFJm0En|j625} zupz;0Rmq}jF58u7Z@uu9;oWv)k0bN200qzf)^cR?7OX&5nxU*k72Pmb@;G)e}+z}bLO|@Qfx)ty$;H0_uXB( zW8a*~n_Is>+x&j3UYmDiv87)_tw)BbpMdPnR&r^6Pvj(3Sv zHXU2u{ZFIf_;H+ zrUp+H2qF&Qj0!S%*p_Y~H>*+Ez|rg;n*nCssAR zoT;qrWwxs;_VQJF&p5VoOUS7S?%S-cnJrdrn{PhXr1zQdkn{I`&;-20O#MuWO@yjV?-T zUSVPJZ0*g=)2g$M?oN}QwD(p1=BQgA>T2e(Wl!=CtJ<<)O<2X;r6HYccj`i;s`V{T z=O4QqrEzJupo~LR(xTtmJsaxoG->(n^!g^ozyD0moOxf%?%k5OxLjdQ-B!K%sl`f$ z8fA==?#~U|e{HQo{ie4M-HiX$pEniH>5lN;v_GMEzfAF$XM1i(d}O&U{^{oK?bFuY z+m$a=vB)E-VsTF1?={*jd-wR8E}J|p`Q-aqx8~%ooIGvG^r|WPoZB1bFc}~9Uf#&M zIk#Ky?s*4oy|X<%UOm(D+#g3PrXF(NzTnw9ucPXPPuip-m1uTuwRo8;=e zRp_1NdVqoBldV?wVcoBnPZtyl^=N!ut>&55JN@*n)fa?4g;*bFTE3olXp`P8(X=hz zQw)1pj&a()nlkzJfwSp(jDf95%a?ku%X(zpwrS(mJ5D{@mj-OwyhH2##GU8uzUC+8 z7G+HQnr^7f^E^Z0vE0{*kNO4FTfe+i++315ThV>x*R?M%U3b3Z`#43EW%KokudSZk zQ~bzm!cggTH~Lkko4H9-pv$eiiKX?%uguqhGC1h0VhEO?V})=2LU`#GkBeZAXsJHVbzzSL)UFoI7Xp zhLZ}j_9Y~Kn&8Ku_vKwj-{GXGZ*QMH$6-?({oN|3e3tLtCw;9;YXsc0o_lINRPkvj zaQM33>B1hH()FA-&ou@tRNO8TR4wIp-kJZ=L3PJVQ6ZRXM+nYoN| zC8t6SthjbAKc2n7X0k-+v-1jbdaA=!AHU`o_^~Vgtx1cHU^>GG4pGCsr%KMrc|__Q zNH15LzQ{RAcv8bOS>wp? zsgpgf^KzfKxcTxDp`UXbU;n(;=Mb-1!MxWsLyyN-(}JP)R-5(V)Z66*ysX4Z}q?a$dyXm`ktJ=EmOtl#?Mw8gpwtQJ3`P4jEjp@VcpI1LCT1Q;I zyyZmB!XqB+r}#x)zf9^g`n>*b9IJn}j;}+q2*yX4oQJEz1g z^$iYo5Bu~;x?OZ?alyr72h42?vMk?S^W~Moh4$Xs2vXO?y1c6qG_ zbz7g$7cAX137PU)NiB9$Q;&ddK^d@t3p3+SZ%% zyp?#>{ra9g)D;t+eDcw*)!D2KmE0VPY(}=Vne${W9uYA8(~x(L(R682>+;k*Z<+rL zR_F4aqXe$(et4I6>6CM?CvY(B>bP?Ip$K2|oX}h&(d~`N%#*KNU2%BN8N>NrpPy@Q zzT6V*9{Sy0TxhFVr zWyPY03u|99+*(?dlD2iRtmo`4IfYXD+tzPgn|tJ)OLUv#`&gY~*JU?V=P2;5?)i1e zeae>Vo10In2uDn>I#qMd=*9!CFFJj$E0cq+PV{uGtMB+%+OK+iR{6~8j{)9=#%&W1 z2F_|!b!dx}Xt33cyDfCHER%adm+A94v)1Z9-QRAqQg6}0=`1U3UvcDLE%#Yh)*NZ4 zwpaYYx<6&{g-+qB8HKmb?OyeIdamh1MQrK6xAR{>ru1*6Fjg7AQBL-)nX0~o37gPVDht#;gHUv9Z8vbFV6y%)5b zPL`I;x1O)-z!30`@=WH>GP5Q3Q#Rjh-qE9Pdg}h| zo0SjF8>ZX3N4@#uy72BjZ3ZbdW-g93y!HpIT94jSE8>=)+Hsbzr(J5JTkN8#y^9-K zza7uoDSCQQW#Y~kyxFh*@kwzX=RUi0iKM!G)UsbSfxK_~v}z|ihc5c2-MLjl!fKyu z$vydNl1Xen!hP9I`>uSwc6Hz3WVWRE$INR>wi(^coRxp;S+~8OuYUT%#Vb?F#J97) zSu!(S`rA{sx~Cw7F+e^>ur-EpfFIcZSKe?UL_`s##ffttwFU zbdkN)=Py>Rb1$^LV`I0ljIZi*?kdeYci(B(w92}R`3j#MeomOT^~#O==d%-auP$Ss zEq8l$nvBQR=f4z6ck!}3u~bNqn|dMp`}b+LoMWB!R9&CCORsv+S+vV$^S3EK0xSPB za2)(G@u4?+t)=Sik|axm{Wb5GH%=sTrhkdZyUR}E4_TTO9 zS40l3$-KmS;^XAg$(#9(?Xd5$=XmqSux!8JAI25SmOr!&41K%IdD>R>HTf^xz1}QU zKUL&4yXeY^5ArP$KGPky#hPJ$%czL**{_f>ZP6w^ng( zxh**FPGKK!s%rVlmx&KECOa1?J*-Qxnzc2%rf|o`qsb_)!m&+Hd(&+4&Z2%3HK$cURl<(*2@1M%z_FBK*9qZB`V^ySAGO0TsupA8lK+eFtYB$C}$2yENmyu57dmmps2> zrLfMD!s$QxUq(sQSUKbSu4&D0W|e)L{pir-d0!VU zdnr`e@RoOS$eVPn85WXj&q_T{IgqR{an`fd)v`N^%RN6l>6bbY@UdrNtZrLJC!eh4 z*Oew7tY^FS=q;#{y1s4GgR(iv%_qPMIBUbMDlODBsiH z*KKyX@*tylkC3~i>A`dV87y<}T7@m^tUB^AYRl7i#eTC^%t~K$;|^Ot%X86%Vslka zMA_M9&;9Uhf$YV!^LxvqTo-u?OjEKd$}~S!DY~KW-7(>tyJRd5%6<$u5~Q=b_?)Ha zrB_ytf`1pwl&_Iqo#JprU*+$s75kEp9=TL<^T40zAFhdyZwD48KRs&WRp9jZ)z8hx z?lE4mQD14>`^CpDN9_2ueaAH}Zo8VZzUp&*?|eS#BV|JO9XXAT87<*kwB_5p^TE^R z`ni|XY_D9JQ>dhQt14~P))}EUMDornu3mN3qjrMMOmmYoBYjVk{ zudl=2epQbV;(We6EA)~Ihl3yEE6ufuT1;+b-;UaaCTEqdiR+HMWe`9Aq0+jWuUVQ_ z-RVgeZMwE*=3n-z5>Kri%32JM+1L7OZQNt1_dGCv^`zg-bDq!IDYhbXlj?b!nmgs| zq9pT@Pq(S=t`2S4JIz%3y5zIvQ&xuVyqQ_GTXungy4~K@%P;ADmsy;wzPEDQ^i^(~ zSc02hX)n2G<1C`R~5Be&Y?>*O}GVTlRPG+eHBYMKYt{S?Ikmq%cG?xyRd;`+2eb-Is5xCGYtQv)t9|o7n+wuUwofg5 zwIuwDe)+?A=GS3Q-*1_1SzdLFFT49=`kTrR!pA@V{I$JB=gRhbDILr)SANWv_q?^p z>K>dEOy;Fco6f}+x;DBj`}umYf2ZPw|L7VoxhJ#N!8Z4{?BCT{mFs*v^Ji&2 z57#pi*nQ*o=g9vIO@}M^kKE(83R}3yXOp*>?8Q%v2fwciKk%PnEB~SY3{ocB#cus6 zJn?7B%%+KN&(>AEj^p}R)^a;9=UI$gtG{fv{@Z<;mm{_=oXPcD%3JTW+MJc%#q6Cy zyC(k1&3|;B=hgHDk*~!r)!fOQBL6z3{jKlEb;lnbZ<2|MU4Ltt(}YzUPCWP=&+sx{ z%%*bToxjVZe?Cf4=9B5m`p?i&Q~x-=vqSHX_iA6m(A&GhPaaM9bYlCv-E*#HuQ+o2 zV|ZsNzeIM?{aBAn?V{KKEuQzE;oM3!1VP1ws`)w1DSy;beun&Yzk zYu#2^vdp>eB6~*eK~d%ThaMJj)xkY3C9=CNO<`a0I_l_+@Qp$LB%XF|pVMTyZvI2r zOR_@W4la2rBN+4N18dO@=lx&4)C|mJ7Bq9NOPs^_X{uf$<_E=*5~X%#ZnD_%Yh?N8_SwR<+ApIi5WEEq~2{dnU@R7(mU#|N%1c4kvo0(y1CyfW%jIjPpO7 z{*?z88;#9otMoi6@{9?SKVr}Q}GW#$*Z%sf_j=<;&;u)6A3_cyOU`d&Kj?yD-hp3ll2 z(N82TRIX=!P=1(xWPbB5_Kx__i}T-x-^z|Y#5HH#n``=q*59f=GLPY-%#7WcxhgeQ z={9Nmj{GQ1F8sLuP~eZ_ewY2H8a2+{BOJHnW$5zuF!PoA>E*ipXXXpP{Pmxq-6m9J z*WTT$JNe4{i{qv)dTo%opW*B2&qXZLHIyCa)n>o;@BYuQA@})_*`D)``+B_Vn$+hY zbN!^fn0?~;TiJ)~@;X_24@I^==J48Z*8Z)ej{W9YhD%n2u3D>7bN`_|*S#OjN8YMT z>$|9#mK1((=X}YdWi@^mBM%)inat1_U-3iuoBtIX*54*s`-N(}g?io0Bb2vme%@9* z`B(VqU;A2jM`dT9=iZ_B$3xlTT(*vx_N=mKxg)Bwd8P83`w!*nAB&RNb-qLANRyt( zj(6IZ-|OrA(Oj-Kcew+TJ_F;WO?DD5Z(VQOWB4sw+B{@RN>A|D=<6fZ{|N_o8&L>D&x9v=F=ryH*cI; z+kd6&`Rc%+LtD;#4Anekckb8b(|>e7?mk%j?~?X|xkdLl*Ut_}<=Ch#bi2RmyMOom zE$^HE32{HY^5)Os;zAJVLk^8>ieP;UVyM0vXDyvZWoeR(Mh>0!R z^oQU1??OA>OgovsbH1LJuW*j+s{fKKyXE5!<;wpIU&Eg-TlhPrChg-#Imziqw#zvt z%!`=tpy%^Jq@@_hT`GygNNyC3A$Kl-|4yLnyCdXdI$J;_b{rk|_+9p3Qbp4P_c zhpZm^sqXF(omhBvbw9sV;StYM*7N3xP34j(oBaEHZMVXQkuoBNa6J6Jw zr$xyVH?({+z3Telwm$!%Pnlr}O`bRVww|l#x*j||cH_hxobk*Tgxk_@{4N{FtL1A=t zw!bm0cFvkP*Z-82)UT53y6-Cdro7FT3bePGwKMO4=E*gQt0PvYoZCOwZ=S;CK+ftd z-+r#R8xwb|ws*!Y15491_RyegAz44m4M|A{z6T!ltbJrHYsCL$B~!YDP62Pqt3%&* zXcgt1xEsA;MZuMgv1*n%&vs_ogr?~DEz1*e-kmYoUa!_TwEaju|Jz%p8k_(9Smj$H zzj5}9((S^>q`9s>uHRCBEcnA=_dQn|M-Q$OTht~mdwcT<+osn)o2i3h%~_cC5`_wq*3f~}WoR>vJbQz!TF`4R8h;y1hA zAMW)(t^1!rUOpvv#`$&H7yk%9;1{k*zs~)m?vm?ot4VY0+_^3$~Db$--8`1~Pz*FJ+AKZ5SNUz4hsWF1|jq1egN_~-Sa(o3yZCLZL` z)Aj#8VI%*+^W3lJv0OC28)N1FjCcLyiSL6du0OcnT2s2hbM5PdlcnmqhQ*V=u9lPd z(Vx2Jhn@KTlFzcvLR!-nK3;7SEV|`(|Hfa}k35U$y88P4#_u!jVl{#X{xh65tLgjtV82WqW44{_rDgLEmuVInNcK)GD*h3E;h);aBg?~mZG1m_ zRi!Tt*mEVfYwC`a`sB!ms@+TVQk7rM3vF4+?WsLq^pEXDJJtHEllhM;^%l11h58k6 zoUIl9aQsM^RQaLbZ_|Fq8QRTxC8l&|*LRC`laE}?G#4wXtP06_TJe*$c$z$qNw3?% zg?qPasmNRDGwt2lH#g$eBAcHDZ!CAN^g49>xBn0SBeSf2L?2wbzSQ#El@>M6tdFnz zyY8u8-Q&8VBKpWK>FBdrPs>j1P_jy8C<%m--^KwO?KI@Qmewr)RzR=>5K9o?83SYqvtz9*#b~ zhcmWT`^F#hkIe_9N;ESc<+^b$?R7|-+Ey=fU2##}`FUFYqOSF8TW5(B6mQ!tFYxc| zJg$$D#=a?wVt1&EJdNtzqSVh9HmCMk(S0F1qZ;ii>s2mo$}TN#2j!P>z2LmGx<{^2{SWr-UAE~c->kIL z3}$^>3y%bQyA>sE%KA}!+{XR`kMC;P+L}XeiYL#@ekcD!-T%$|M;u@6e|RLeR9foX zNzVUywCJALkC<<>V%Q$Lm81slFp~PZzolO2D}U=+6|t_1tLwRB!u_PB*-M^O{+J`D z7GjyyU;Lx_LBCkVbMM)Qto+tJxTDyU=G;)Zeop>>hUELbR&JYh*DifIw`F!^kXv!w zhWf1T-Pud7F5AYin17Dc3tju{{|qcy!JgUWO2>= zLu^CF_0NhK_urp9mtA(<`A6(G-&FFku|m#-###Wd2M0jW9DbfJC7FqGyXfnPT9azeg92 zNjm6uElmCJ*mr0C)~v8c;kGxz14Rl;G_(R3Bt&oR41KfJ=6L6%n2i^fFM45B*0WZ2 z>aJrF39I_FE*}=FzuJEwWa3womV}9cr~1k*J@0Nz+*xh-yMOw|<5i#Y`#-&`s&Ck; zFO>Db#B5@|=HK^OU(y-eVt$36xxc;r=nNbC4~N4(EKol)PsrWk`8c4|A?#J#oJ3_U<3MbBiC!8o5vDjB@d0|GuH>`t1iVwmQ1X?3n54d*^HXE&r&G zTjbf_F1?tmHd8Ke-B%QckO`7 z<^$(<=*!52&yB2!`%%B%B|P%OABXKMtC(YVWCbsoH{C+ZfA-4B5Bht5&D;L5=<4&` z_9;{AEBXpVu3xv`y#MXwhxs?Ry{h#O>5>d=jFc`ocBy#Y*3adK|1-4wXW*_=%oeX& zH@if4(p`hc%Pzl;iqro){cVl=0@J?cM@w`T_nf>oH}cZ--5RZS6|ZJ~4{QF|x0^3xbHDf6XYe!LF~9Z4zC<~G&k4@+Pb2oQv1L2{Ou+6uduQJh zt=Qu2k+$u#eM$0HyF+{I55}|oXUNzuactMS-K%1>;%aU?O%Q$=m#Y6Z`?0iV!uG4% z*RVOLcI7;&W82$*`2L4rS-Zmy{Rhu3KB?>|CV0szKCqSJ_cYU`J#+pkznp*b{K0uP zAIduaPG0j`$Xo4#aCLFlcm4J_p^tg1%Vu4=FWK8YUw{6t?9bZ|-rru|UwXIVc4nR2 zZmsjJX+4iuuHU^s(ZBn9)qjTets)=K9@sk1EmA?~1J~pE$96t#?yk9%?($Lh(8Z{E zGuPMnUHvDYDf}wx?)G^i{~06{(r5iV|2X_@`-7M7#r`wIZE5z?Dl_yfP_eYInYZ=w zzZ>x)rSpY<6g@vYkL&5Y7)}2pY5NR5Zhv#}qxPdo?z!vED!I!nY_!epGMSRPa;e5q zy-ewP;r|R-9qa!11s^u=Q{v!M+|?g-{91k1$u~L)o7;o)t%3|UuJ+2mak4}^Lgm_W ztxJbQV>UhsRsGwyN0DV-=Kgcm)6_+C%dA#jYcgA3rx2fAC)@TVdv{A0CzIcQhPhSY zZ>D}o_x4@PgY z>SS0`Q*J9VD>lB#o>#I^b>$xIkSXzc?Hj#+3;r>?n3ucNSLyAc+vhgLa4+IWVV@W^ zYx|+~4fj+(-v6WE`|ykBr7M0?!mT;qSjyKG{}Z3yTe`b?uHK(VmJ7AG)@f@Wwp!oy zwzRO;Y`)PM2EjY#L3UeDTNNy~K4v9(X=zws)>7Xpxw8+?H^%eS7^dXp)L05HwEX-1 z?4Q?%_di%5&%1WPhh^O>Dwsq!T(P^Sl(x;yO;;4x9ezW!5C7)jK83 zyqV+DADtKdG5P4N#x2)RS57=R)yUp2d*QWj_ns&wX{5fJ>Yp97^t|Wa={4LBPoHm{ zRKb6&aOu&<+rI8f{QUWSEZ@f8mNz1|6i3D#v)TSrVjFK>4dVyfc{3k&{BgPbv%g&6 z7XOEY>xru>igf*+s?2(LNb|IoOxl)tky;y`rOywRdHE<_d6VUP#u}}QHHIaoFCVpe zItlJ*D4h58>e_RiochnA)vQ187X7pAyM5Sf<0;c`O_tG_y|joILFYbtBc-zU$`&hPwZdxHLvqwGqLO21!MZRJaj)b_iSbPksCGU zkLvrZ!uxV^CTUkB23IU(xOelp-PS8{HF{UK{AS-bIhe=s=N)sll_x(uvOd!GbdP7A zQ1Qmo9&Cr-$6Q%xH8pzTOD_|Rz?gO4Z2j&Zt>@TxX1i|n(&Kv_e>O2kZ4>-q9=G*( z+RWV4QVAQIj5Wsb(tq48ZrRUO@pg-@cbuo$j^CS7%cFSIA|)Sc*^H}_n)trpQ5H-ot`uKZ*DBlGqen;_|%O~)SdMDLIKvXLjT zY%2TfIM&}8=O6OwWO}dkmkAf1c4!*2Liws=53;PxcTS596F5?R;^%*cZ!12gw|>3r zc0c$>BF{>zT;VMVe~!=jvfk|KmcRK&%`UvWKFj6ONvj44%@bL_q91IXez1D#tazcj zw>H|Bda}>@!q54_o^ioPld8SzmZwT=pIqsA)4|^7`b@XEUQt=KqBYKQOl;)8*?@Mp z@IUgM`fu-oQyUH&o!Xa@!o;|K%b!ZoEBkn_2pziMZ?Ij>qW`1dIc>H4o_cnZW4h`+ zUv6~uEpo6}7k>2qw)JlwKDgkv`0?pVK1+em^Uv-56&|u?=BKYqHLvdJsh%(MV^@8v zaYgALW#v;Jwp5Gq1$^$)7CtDydCNcD4^P)EeWa@)*-}w(|MaZmm;W>5*SA&u+ilnT zP;-&lcH!PhAHS?$@J~K&-O`6IzH%(%6?tG}^u=<$wroqqbP3NFNY>%9E}kw&(Lf`OTvHyT88tTF-xub?=&=H|L3N{`30fe4&cl2k%L4 zPyNW>u~v6`&5l_CmX>cL>N)-dKGeP|R9&m}@AesSzDpbtH8*YKw3{SdwIo`md`ZtK zUX!!Jb8qCqALk#eKiV&!vF#tbtteSG7e((7~ACwO*j$Hb-HD{80q{fxx zd5q;{Oq0)Dd!uz_VcM2S9w#i~B;=;Dca+!~MVs5_8`$wrt9?D`hj;y>*|TH)t{?F_ z`NUVr>Fn_tix-DnUG^~U`pzf8E!sh)`f0t^(Z`Ip1bsNZes9o6yO}IvhFKT*@2|b3 zS1Y>XY*fXb8=>cg^c9|M`BJj^%9q*mx4HC$*=W>NKA-qAY2lbEiXra$bLcwsMitkL|v&imZCmtuGRy)>_!>nneAa70Dh ze};&Up^x6{*5oeg`4TAS`1sDXyXV_ug;>K-gVIR(_Pum$F+i= zOu8vo|Dd1q@FVS&B}?`;nB@2rnX!G~e;u3N`cLNe%U!LvUt7h_ne?79S=q8*{xxgh zhxVrTIw_MqcT1c-Xtrs6K+AX2d(pRJ+*h7V_%6New)#}Pa}JU$!uPLjJA5Hj?A9EK zH#v*ma%P;j`MCaI_v+o&GfYAqChMPhVX%rn=Gl(b^6mEAdo-7wT%67H^6Tu1eQ!A8 z#GkjF&-%XN%Q2_qX%FWaf1f(LIcDj{tA9+_+P-b;m~`9EX7)7Y2`wMLK3ld#)-p%J zresz1q`LP045`2U?Rp(Mx9*InIlK52i%{+P#He3=OCLSEu-=rH-L0f!WyZ{i=eK9Q zvhiLV^)hVjiejX?`r|I_T|W zu=dXNMUj7Wqw~3?XQ=*tKmD_le_*IppVo0#9-Fi|ODeYQUY_y6tJCIU8}9^}6496U zIk%i=uITr*@;%p|{cUAI!km-aGrzp<%RaYHv4T7FO5QB%kUa6;eOFI7udcX#;5s*t zlL2Jlg%z(@%YBXLGAt|0)~95ApujZK7tW9-UJ5>~6WYf+g>j>yhg#@(e5a z+xOT%7T>Xb`!@R*pC+8@pL{`%UG%|yo;vLx_g!|hhY9;Ey)q%?gqGn6)3vMqcXlLwryEnm1o%W8dEKUU5=>zL{N8 zSJ7hAogc*?^=*8#*XsD8gU`)Ac&slMOzvd(y}Ey$w$_9#+%4;sw|)$pUHI^Pn^g?A z{<&*)nL))ZHY<*2{d|68zpUNys$1#ZN|S2sIQge0J!zS`^U3v#W!u6h{jrF3KC;nv zM}+sD%l*?_|4Ceap?$_C{X_JF_s9M-u-})C7rC7&)gx$r^ZN<5XAJZ9W~N$&R|(Fz zRJ^=m^W**U6{`>3Q~%iVA?k?oR-K4L%NM6ymtOlqYR*2@=(k2cTW9p-a~1z!4B6xS z@NWGfd%=6RU3X?5*}7ZsZi7)-p2Do{OMVy~_L9RD1 zyZ^?Y|J3izS!}%WN9Chj|Ddf#x2;(_x4oSp;Afj%mg^opx5w%A>7XKmtmQ3#^s84K z6kEC=a_Vn4$w%rI>TAn)l^^sMjk_(~nG^A(X2<%|#_2UB_h){+A+G8e@%W4M-gy6O z%6oV1lZ%)ba>D=a$=C5I|IYqr*eW*t!+!?H`G@0_wp`XzZL~SMr}AoC$Z;-Co4?wR z`^9Q(Kdzgtvh8KE(bOk@+9lSxWq!S#y)d=BT!G=wPIZOrOi%9}U+R~;T&%9)mHdaG zdd7n*k6Ty7X?O26m2qV8Gv2x5gyrKt?dSHl)W0?U==|-FU4OeysdbIXeG85^k4~Iw zDp>MeZtJr+{^`FZw!Z!2<|M9ttZvz=ip7t_Hm=PohmLdib^_`8#TQnhtM#d9-H#Z}UHn`>pmk@zfk)nt5LGMfRQl47vXqWN-gS z{>ORnqxsR?q>ZQ5rpivy5tp9j&fI@$=Zi~4Yu1$R>Z_=$p5JM8Zhv;|BWqimA7yGD zO7VJ0?N5%@o%qjikZH@zFZXZCAGK5a^k>SIKM~Kwm79b_{w!ftQ!Gu|9i&xhlH2GswqpPrOVyX9LL*>8OIy;hocKzb4- z|CRSQ#mr?^9*r}Rf>`Xjadi7W59t2EtUZ7rxjpY>5Qxc94J>2t5Si_X{mu=~#Y zfIIuMnfld&>8$t>63y z&yURJ@2q3kaQ&U$#JqJ1ygIHM9PO@7{&?*}#xJYbZAM*QbHc(8pKtp9PiAxEB=e5j ze^zqj2=-^K{MdB;NbqslWt;d;vMGnzvbt&B>yFtaD;X1iP2}k=yV{T9Z_U>@udSW< zINamOt%b_Wdu#Q7n`QSt@|FG__L#}NLnfJRk57%{hvL_|g|#+Z2i~2Y*!6XN>$HMQ zhsccUDhp!Ry62RxlggWwc~tJI*VNaS=A?ZwtW!C?{8q)Qm-$x=gnO9pExlG#y7=tF z!)d!zG#+|<7Pb7gj{nit{|p`ab_$M*UrzM4*&LUfBrxaEx*z>cAJ0u)KK)8bfJVRy6gGo=c;tgyuEGDZoePhAN_qMoX%f%XWDrd z%}0CJ2kx2l>FyeZR-WF&%=cD#KkQ82!u)1q`|4mR4I&J@NOtt1i)-VA-Z(H66uR|h+J9TIZCiU;#X%YVs%JH8BW1UI+ zyz(v~=Dn&!L*17D48nhGr@MWqs+jKhqxYG=@?_mjD|F^oKU#Y)BWig=RBqHeN!Haz zA~&^&vj1q`T0T$rhxW?DA4+~KyBxP=7H5vwBc-+9H<>fOe;KJ&zIWow!;*HP#V7u# zKJwPKeyjET*#69^I!_Jnc&z<>tY`j1Q}JV(HinPhx{HZ#*O%DQXHoO~bY<%9-;Z`z z*74c**2&(iSSIVnIxX7aUclq2682G_dBJ{S;EuxwXIfOZCUd4 z%Hx0PKgaae7Wz3*PggXh~#C!0>~?=i8+U3X++eAHtd`@OHjPw&0fs)p&1s%OqWSCEUDBzJgQ_Tp_jnvY7U z>{8pBp=Vz@BU)17+w)6nUhT@6)w}u3#NKtgQ+oRLeLa#Xr+CFi_0i(Ys`gX))68vK zOI?eVr~Y2DkNxUbex4s~zQO@+*^-Rz+l!As{8xQl`D5^5{)gwK^?SFxt`y?#EARR8 zvMKx0*O?|~OMA-A>Ri7tc;{QjPs=Ipx$;kbw%^BX(@P)T7jcv<>v?q3YUP{kh!;t> zZRQ{QW%2QQOL)w7=HLE4F>H?iwh6y}r#<14%HDkbZSA}Ve*13OpSfANjmK(*>DGt8 z_Y3@y{n2mVzEAN)u-l$F$McSqxSf!hcQyG~J>U90#%q_YToUhYH{bZ@w9AWAc;@e_ z)!sB`lJOjAYg?~l{N4L`-qfjP3QKH_)iRX*lDIQ>kIe6@>sx27o4MxbiW-xTGD~y5 zo{nAh^Y^CeI@8mC%&(Tpx9`(57rwdWmfxm*zE6^;I#q4o>X^!L=}&Iu!zX(g4i=hQ*hKm6B9x^KRD|F-Q$-|?JM zhL7=)KW_Lxw#>a(aq!BThrBzhPBiZ=tTWj>{pc>4S!Q#(MH)SKmOk8IJnLG|Enda7`M=0IyLbe>IcqwDVNvbDw?X7C)b_Ek8EPJD9JQf6*S(kNY2{iNsVa z5}Vj&=PD!h!o=5g{jJAG1n!d-cswgn>XCt z*{I&+TFd-cU+CaNd;X{jm*d&F#z&;ySup&pWjyNr)bGT+>^Xn$?O$DSMr8YkhdO*> z?h*%9Ek6+TA#B=*!*cf`9ar7|F!7~<#^L_T)4Nvnk_MbAC*`)`){jy|Qt z(6q;sqoSU;#rF1!hvb{w{yUqi`s!Twqhj}Dw-=i(u577k=)bmc%Xz`mODBD}slDL< z>#FsgHr{KqudA+G`#99~g;u4h{%ohfk3k|j`b7criY#7-N!I8;-oZ0VymL|0OLxva zO#VxY^-E<8r|jC)d(47`FKf-LY17k9%B#v-E~d)LT0EOOwUzB%R@UVj_Ybd^&D-A7 zSY@BKQg@$X#eF|V)n}($Bv|ZC(_MZ{Wm_-)ExubPH0hX_+bb-8PoHTo3!;v;6$lTgTVST3z)tnXBj6oFVg{p;~@v%yz4(hm1U49Vk5? zH8sId?|HZ7JFQB`DQin?#q3<0*j|3miq@8u_nz=mswgk{`_#(S*Q%;xH%^@SIHojp zWy;0~M#1GX3=AArYKlBrv0(Y4S*hFG->hR+HkA1ozIaIjjplwupOeoVT@a2uIU@hSP!vk6PT_XxmpDwDaN?j_vVThGNR^@NlguV%xKxKLOpX?>GupX#SN8GCK@z8$y1Bl5TcNw~ z+8)nmCdIxoI(Dx=dYVm)n%Vi#o7-{5a-F*eZNm2TF5I#^u}${)(#(u|%o&F|(pBX5 zod0p%J2n5|dw$j?&LiJ_>XNLuYJN$%>73i}A$Qs=pVJa|`)BsAU$9y`Kc{z_f(P^D zKE~DBI@5!M-q|J390-ei~Zbx%i;)+NAfVH}#xXW_6YI4Z2bjzvQK$ z<^1gZIp$uEzV>&N%jwUGmAYS2FmFluT4k{_cP?4!dOu<@TJ0#T$8pQZ>blmofRkmv z=4`f^Bz#DCPT=y4ZtnM!9(aheF z65qY;axBl?e+{qNUEDs2 z(c*oymF$FFdn0ZMDTlF_Szq~ft0+c-EiGRk`leZjU?sRR_<`4qWuJ z`*M`y^4mXo+(Ii(tht%KEwe~bMW(oGcE}ahv#)>FiZ}2Yu?h(ssOi2fn{9m2Q)9Yr zZbBvdgav$8vup+P-nmb0*m+v`rQgN3QO^=OX3EIfYROAgbm=ntW?Or@&->4yp|tGm z#-lU;nSTtO+T1JbspzDC?(yEj>E=Nm>+NlgXQiw+ebW>@d3y5a^bM)6EX9J4NLjsENRX0}B4JL_bI0^h6`_vAOV-HGzL z8Dy7`z57Fa>zjSY*5qtZPPibTE$Maa%H@>(y#M5R6@^2u*k7OVFZGLQb^J#iw#0{j zC7JJds!1Mrq4jR>iuhYMX4{$>UG^zk&3E&}S?fb`!WaH%=A`W^+qrM*W|KZE`K+VX ziz|+b>1@gPQY$R}T~}pE-bq{Eq`R*^3+b+Xc-WY6_s6xm?g3KUmgPLiaa%rl*822^ zo|D7GT{gB972lfryLT(`Mi{(t7l&}K4$rH zzSk2wlZs2n5C4+f()Tdxm2-=$P1n}dswxxD|B3u~BxtX4YZi?co8tc20V^`I*n%da2hv{)u@E=l;|jzqaL~w(yJ4t8a4GuHpK5e~(0I=kLy4Y-<%V>D}>LH%`h_pMJo9ZOLR##uRn+ zE2S$RGoJ~FFKWItvr?xhRk7pG+*LulwK$ig-n+AQ(`w6~GaF*~isO!FFW)xtgWt7S zcfqY!mM*?$mvhbj(0Rs;S#NyTzutE0H%EqY;;$?B?62QHGHb`hoM$OpwkRsa9k^J% zTAX9|Owa6Z-jVC|^d#pTKcKer_TSpu&eP7n<=J`e0&n)~>xPk$e`nlf(=v$uyiPdk zYI6NF#l9=9Sy{IX-aRWU`crDba%G#w5kqyA4}~FV6Ksx#PrUy+yyVEqg!XOP(Knt< z+SAv3&`y5Gm8~yY65fRIc!<8WDw}J&$I+ndL2_x)eg>0;)~9vP&a~dJQ~N^rnv;u< zoKoQa)OfV=YnG*1-!6gZIj@|O`q}(ApNpJS6takTWN|+D-qyS?UmAHl&zsIIF1VoW zsd;O`1LoI}$CFp?=FRwX(#L_-@xrew+tzOE@otlRVVl)bo~sw@R{1(gs_M--tL-XR zBPXuyHb4KZ);Q^8)8WZ4W9~#b-#KV{GU&uk>s{CW-Z8qnVcW$0WgK_Ap8r$&@#wV6 zW;y8(zeFeQ`^`6FtWD*V#n9<%+X{jE=7jyQ-fy@A>JT zNgY*uUza|79X3hXq=7ZAIOu|!&eJy~pR;qkrpL&XuX)~<+Tr>vd0w{HlcT1mPd`iH z-`zLW^QyOy=Ye-wWx5&uOOKtmy!C*ELFRhkl2(PMC!cpcH|epkJ$Nty40s+~O63D5S-esuLqVWG%z?sM7~o?jK+Dw+GdU{#j`+n(k} zKKpM~wM_dKBqaKu!RpeS+?7-APVJe`8NF}+TKA<3f6jSsclB+Y^kw^p@|(T0BibSo z<`lU%Zdy)N<#a*G$vTyy?|&U#;-bWSY5@&9tg1 zEhalc4?f#iWBf33ZRk@&d0l^&@84J0xT>E0wns^*X5v1p>#5mRFaHS{i`;o*_U`MN zYi;jNN_@U^oF_iLTT-?)o8Jq>_TOi4O<8j?KX~@_Jk<+- z1WSvv8%;L8>Ax{=>(hO*7t@>0dCy*UrtiL?ebg8E&dGOP896_^YZSXmx?~Nz*R!qC z5o>h6>9liL+AZ7lQl;3hYUV!uE04Bb4mxM#5THHP(`A+4z2(ZL#le+dZ5@`()UtZE zaGq*I$7AK@D`DR^8eUoVTIGQ29KFglZ=D`lrvA3!J@Cpke&5tfyeo|Sve|>?S(g~B zX|CU%w`JNwjhg~@<7bx{x~e&RS@XMlazXtiKC^AChEFEW?J7JUmBF?8^PJCN+YG(V zOyuA(D4u6^W#dFioZ>oi|DzZs@1-zlcTV?A$s)(1LM~*U$aWwwgky1 zCMX2ANF1|RyO-&bN=~Iif7SWTfrScPW+!AOk1(BUTeO>DzA?T zKUrS2b?>xQxhCHPnR_t=olTm2zD z@Zy&DZ@u>#MZZ>BUefv5r0(nKxIdbPE~RrB|J}@Sf1hBp>z`=rgY&nNABW9a_~?q_ zjvn>*LXHQS*Jiw^-+FF>jmM=|^8{~ND(mMlhTDE(_p)5M$+kCRdy=mF0kK&}CPlyG z>MU6Pto4Wb+SFHad{^GByML&hBWdENg(;8iy}n4--{SsO{G+$(Tb*K?FL!{ewBA*& znmhkWue`W*{Ghx<#D9iEmXBh~xTi7b&RfsT@TywasU;`vd6f0y$A62z znD^|?2~VX0$_&pZU)rngdf{D-`682Y`#pD>TV%p_XUTJ$?$w;`wR2zdkzFinKY0tc zO%r_Gw{_~eKfE8sW;18)6S#akWV2t|=36yK;+OKxH#_FHdfW2D_hrAlmx_)%x#mZ< z-}I-G-?v&EH$DC%{Yae7RgQRp46h>vGRK>=-&gB5?K1CvXfCDWCfT7>tM|#qSn#^! zI`+uF(`}4b#l=Luw3`0SZ`G3j3=86pZ;knO(4;onA#~9fyW9&~W_zZZE4)p(`Fv~K z$GGXmr4LU|J2KxyQOn_V*O&P}f~>yvuJL>rFJ4jS?Rn?lqc@tL?$0~6I{QBZyG`c9 zwIA26X=V5svGAbGHKRor*Qkos7(V*zAAEW1>J`tzN>$ce6#Tx^bnyrOW6CZ&c7G6C zo|A85z4qwS^W0xrKOe46xW4U=&)?azj}+Vfy*t}cv-Ye?M)mWxm8I7Y*muP9mFmBZ z*42FfWxM5$3P+3Q{Yyn2s&q|Rxji|Lzcu)e{nbZXww<{a^l)44&THvg*-DAmK~uZ-PS_{6dy@6kp7rWW%XgVA zmhaeO_e=N5j9JFNH^02Lqt{BT?UB&}9=RRgSHE51y(EjjJnv|KOxol!m%Q_y9}ejs z;b->z@ax;-zjn9czhp``_j`So4fdJtdR6VR-i0+2P6cj$1!{}$NV@Xqqv$G83AWsQ zJJ+7?u9Lm|$8~Y^kN*q~Yylq8XPe*22M6yof0{ne;i<@`b$k^o6LwBBs`ql)R=Z%u z^IMai**2I}h`e2T+U;0(g=%e^lhC$JHgJ?X*6= zTf5HdQjF&t?Y?V&d~K!)Wqwy+@Ml}Le@~LR=96&iwbp0aEtPGOKdx(;IM;1W(e`uO zzU#N0(EVqc@3AxDTu7~PWYr$O>8U>tymp&ixyeU4C4GKYTj#R(3-7-uf3c3+(DcPV z-Ya1dhgP0YZk+XTuXTvRTONC>H-ESv>8rhP`^0zmwYgZ#OLgIEQu0}+j;{gO5XK}PArtZ?bmgxiaC6} z?&9qeJl0OUENT;$aZ26stH_ftc6lMHlE#PsS^SaZO}O=Jdd3a@&#khn52tR((2KjX z%xqq9eBr$tQSlMBQ@Y<_P<=e!V{S zz90*(>c+D^6Bfqs*?zt@Uuj8UTadJ}#WJ1VNnW4(cfXB&slM{U($WQsG`intPkiem zu%^d>;jO)1bwd9S=f!s;1Is7Y4r88G3+eJKWk0}gec__ko z;;ffswECI1M}x{W{XC9M_u;Zjk+9`ev8q2kHKzFIwPRrpoE<5pa$8k*xn5Yoz@>L_ ziMGj^;Pfp*jL#W92cFJvJ$dr{+I(r%2}yzH4b(_ws<-mrbWBPi~yRa6al~ zNv}iB?LG6VXFYtoa7RZ@>O0GI?Oyx(6qse2tgqWFUU}1P>%8UJnMIct@*HmrUbE(O z(|?A)RVOd!Cu;AQw;*YY^Fkjs_Lq?sTdD#lP06dH`gQY%)T!$x=fypI z5~#E4&ewIf{eE;l+%4Ze&DnqA(km$rso&OQJ=FA)`(<5lRqMW6ZOnfLxsoZN(c1M^ zVF#FY{$~*SccD&oYuT1h^BAh-w9ox#NVSgjeq?^c+d4N&Y1+Jm&nbxqB-byhDgJG& z-}@)w;tQc8x}w`S{jBOI#>vL)=UaBk*7KRrq1|$#Yb#C%Uf*9`Xnp4Rgypji@4B?U zG-GDkhg}{mMVFlCzl;yAi2oM$A#cXH&9B2Ic}pHe(p?%zbbNu1^;;+1RZEsBspZe4A7@Os~>+b&{h0sI z<+|>lc)95|C%BG<$kp;I?QMQ!*8VWp+GBp~wrR>rr)sv!R-ASGkp8GU<`r+^n(TS5 z8{#A`i#KHQGdr%o`|KY~4ExWpY5n1EKiW$l&$W7XcF9elW6KL|9&fJ+ zKfrT3UFYIL3*N?l$M_ZXA0qYpCTIT>*!sbD-HOlAu4Z3ZJ6U=jTz@+E^r_2+d2c62 zJvCmn+EhthR(4+Nigi~T^BsM&7tWbCH8R>TX~w0p<6ggR1@5vr`Qo%%;z?O8VZ|bc zKd%HFS%ln8bvVq#Mb~T2xVDx3S%RhuLrPD`QqT7u4#%`3%+g$+uH&=f`=aA@Dtyl6 zZ+wU5OYqzXJ{x?M~L!>S4Ta zSsIZG%^NqwZtPt!>)g^OYhvw7?oPY+Fyg7l@fE9{pYiz^Ar>!II`wpxRnUo+ zPwrVaF7K&*ur{@3=acNr=>8dnvz|nh%{{l{it^;_X~A=vryk9(U=PTyO}pzXWOH$X zZ$Qe2ACu2-zouAtUv0^UMTcyHx!sGFrp(A;zHIs>()#JDb;Z}ePy8!Ue^8^;)v~D{4m2KE z-!bL6*qi>N<=@7O0>W3=&u z>o1+Oi+*qTo=?(R-fGA9Ql5Kj>E26v-dj44xhtE#2+NncotMTkZ`m&8xFrwMDtFFP zO;XPCb_&Sr_|FjMerfTpEzwT|@2xtu_(w`W=IcT}`)mA%mNay#a8Iy2=bNZ;Pv^s8 zuT52IHBW!XR$M!MSa^S{@^|Zis#vuT$f8-9|X;!d-d(l{)5$LVNwc9r^gC zs{Ls63&qYQE>l(V0ul|~{aA(}%M>UM6 z9G6Kv4D2y_v}KR=N8!V_=6;Tfk8p3Yy0-ArKkm1+w|1!-oxzD8~iWrynl1?gK5hXAN-b$`p*y`c-x5gLgVSKFZHrD zmX~T`ABKG>;oA1?$UKqquj{o9zD>NoJeh0ihK)z#SKXa2p?{e9;e6rSult$2c~6P+ zayL2J?RXg{`8(pr=12C8?}PIBUx|BMzN5h@EhjQLe!(sEHYoC&Od5DvOiwmm1}a= zJ$`p@x#rZn=NMjPzl`tx&%poXeVg?j-PA|vxf@n%vb;OLaDC{H^56Cu^{n1^E0{QD z1SXy>Mc*DjU}!wK67hYtNhJx#}A1M z+&KD3tn1mccSgF?94Ak_w%cs$hqC35JGRKmU6VJu^uT1d@VklU)i#>wH}2E8Xqugy z?K|%t=UV$Kdhb}v>;ylY+qpQaw|Zq%WT$HKGj9&-8S{Rw70nU~&v?Ez%xcG}UlGsj zOtQ7vb}5M$9)G&v{EWNV6EcR^|Jopb z0h42le9`jd?55Gt7q;Hstv2i1-H8H1F^baeYtypiW!XFbDQvkVdvx2xJf#rh*uNLw z6~^wHmi)18zFmLu$Mx>>&$ldA-5F|OAMC0pcf>bNYNo$opWL}z<)b!^4||!9q#U}Z z7jI;CqDQVc(yWSYbN)(c_m4iEa(7lFR8?JHbo94iR$0~U?0fP*8m24WR+ad8{l<0g zbv3Nhjyufz9R5+Yb<2k+GuazV1-vDD45iwQX|R|1N)Y@6|mrKg&3J z$z5rd2G-ipltn?mrW75COE5}Ks94ukl66Qt=dj_KSBYPibI*|D{UF!=@I1%MTWJfI zyQ|(Q>)0+Nc-qcV{oYRh{yM=A{}wL2?J#YT(t&9=557NJ747uN{H{uW)@T0ys9lj+ zfe{`LL|bIiukAS#y|RAh<5a$_HB~tu*Gp}^63@HNPVz^cx=!DvrRNKd$bEgVPwI#L z$Gms}on6y*7fkz?7X7{DLE66Qn`d2mcPza}G3n0sny~2&HbVEbK1yXatO!?Dmu-*Q zCA5Cy*Q+x4S;{co3GFD2Z?`I)dv))&y@?{> zK4}WLW<5>rKRtKz1oISz zti8t%uXT35`qW=MQ|PGhf=PGwGfto9TJ`>zymXE755*6cKJjzEE{MJJs=VV&&4Hr@ zH~+8}-Fmip$sdmorq{b|JRkpXzVY(ZwSZ&uYm%+2u8C@1@6nn0{y|~Q`&)iy{_kzV zAMrNd6yJT(A;fXg{<$eXnnSMEct65?&TTx*xS!sS$`?XEj&5h^kmle{eoL#171!(5im#b@_Vi%K4?3U8_7s`$@v)QIKM9(!x%t1anF zdzByUZ`;T9@9aLK%U{n5dx?LyHY^rdJ@MeWruf@Q=9jMj6O?ChX5RE&g875Q>TPm@ zdp%{mEzfS;7$3ZR@vBpEJbydC?w-+lz3VH-+wdRFG844DAE_VAZ@9<%A@taEy}dHC zCab@jD4ReXA=>L7DXu-|LO-^D?DW<7E$D&J^xT{I?7 zQZGV(M$oCvUQ+Z31cqVwh3@)wtT?+)r)r)Yw_OVU6%?ke925Q6j*U( zpGbxO(fN{|4HeqjBl0t<3GYEcJE6e;X`$y-; zxVP%pZ8&$`z5O?(nK}P)+{uUQZx$c?&%jjj^!nTNVbc5cjhxz7h`heC+MBo1{aMA2 zH>X-NcNxrm@>|wz>4)P7!pz?CKKbUo&8V(Oe8GCD569d0$^5wdh~=L^-!s!4lY%zn zC_HJ(p7(drJ~j7`{9)0){86(G+&-q1+IfP6T=;a(~PAx7>?rEaKm2{?WL8wop*eg!hp7 zUek`1Qhz3-i`Z>hU9GE{d-L%x{?%hYq6{oWPsdj*KRQqKquI)p*;f1$bd|*x zxyTgMdwsoH6Ox*CM(suD$`hCNp6mbSdHMaC{H@k=%f8;c+u(1yJ8kc;YyU3vsGO>6 z+n4jBynf}8?^Qi{K@tyb))#3n{cyc!kHb9nT_0_qE%LwluIcSJwH>dLENAarX5BtD zv)Czi`m^eeolQwj9-MOROP%r(`kYjz@KnuTTao+x*z1?3Cbev__Ywk5`B%ND)2-MX zeQE1mH3|8wJDDH%+^*l_>S{G%#k!dX?IhN_tw~h>sQyE4Gf&Z-BdV?3`bn%oyUd>l zicQ;g<_OP@ckF9@KYTv=i}8c$)?*7-9u;<*G5btj@p;p8um3a1+o(SL&md{C(P4Ac z?AlFt-0mAD_%X;$eP5q?q2#fu@zdx2!cKc$?s!wmW~uYoC|2)+;mIZ9(|&t*y0Hgo zPnrEVbbJ37@9uh@%=>%Ji5Nb&U7h@pZ|0+)y6_^@v4)BE!I?@Ii|PcMFHE~Ld^ zarbq2o&2q+F{LK$XUj1CVeD%f` zQtkbJ3}u{5t}3hU2;5N|C;vOJ?)*HJAE%d@e{*k7n^zL_;IZ`e$zAz}qbp4J3*B0_ z?9D~hLo&vNhr_RNUHf=MGLk8op~OZtPHv5R)e}qks;}>!er&1MroeLd z?v53&0{s?kwyXZp{^+jRzlxHSE3wHPNe=F(zplwOci5Jsc6qBxfwY3ylj}Ec`M>f0 zkp4)$)s*$xvglYZartzvJv-jVu08)p;JN=*8{X`-KinU2JD2Njn0``O*3E%^&UM$A zV_T(fN(L`=o@hB=tb#xON{zYR62)-MLJs#&=bh(m&5rre{K%gFM%(55=WeABzn8C% z`LOxv(jze)V<@y9r(pZWaC$o@Ub{xf}D zin}t^RdRz_y=R@A5zqY3{zt#($DZ;y<(=LKWl|@qn7+1>e_Q)dUNoy*Eb4x{?h;oE zjTaX3Q9suowkrQ--;uiIV}HBe8U+N|E4luDPSiRVt%#@DT%VU*-*I-s zk4o3yCw?vV`jPm-`%p)ewFb*Z^VmgO^6L!#*ne0zFYMemjk3Zi1=>%m@89zGyRua? zIoEUh#&^fI{Zapre(b))x~Rv_`#vkqNSz=&LA$AF&7xcGF)J^-Z#e%u@Q2;AaBnxy zJ8}!2?UL^AwKD!;xHTh?<;JNMud>g4S$`w^Xcg;}UA=1$b2>dwuDb61A^ltJwbHYm zTk^$KI)Z#sik75&j?vnh>3T;|V(&TgNA_>EA90^$oT(cZm^*1>pU1a#-Vfd1ny&k? zJYdqb--pb-Rv3O>`TWcJO<(rkn0;X9UDHK7Y>VZJW4E`|r|`GbiKSjS-}-oZzJAA{ z=3n7fE91sxaL9xrs97`~;R_m9+NeKB8S*X>=77v4O$rnlGA+AP~^ z$;;&#W;I7YEQ{|6zH55CbC1$ThxG>)<{8H={AmAe@&~o<50`57bh(~nef!X`LbqT+ z&nKz9ZLg2+=U=NTm3#N@7U>^B0SwtQel&kL{P6w}d;UAe7aYtseRt{9#fg)zZQq-z z{l%y^^5pN28$X`l&u(o$cE2ai_(vz-()2|!w-5Aj_s+35 zeQ&m(`^^^Ks%M9zw)Bcwaxh+&cpdBhN6C(h^kD0^B#-`3(>GG7w_n-aYm?rKT|64jTp978{=uSu>OU^cy4yDS z!w2g%Ugdjq4+hVxSTFuTzi)rWT5iAU=-=9%vAet?KE}t^I9~h1`fxU{yz57nk9Y58 ziS6F=lF$EnV1@r-JBBM;CDy!;G88$YsVuLTeST`?(Ob9Ye$hC7)3(em<8qzGpZdyw zXI>Y)_|Krtp4=F1CjOs6T+FgO&SsN`MemG1Tfd5T+o$j4cfFAJwN|C_n8ukVgJui4 z`R%5M{#af9qjS%s=XKfJZ(%X^qRVZg^6!Q1JgOJUPmboFJ~ul<{>-pI*a%=r@Cy(vnRvD-BE$Kr?mjG5EaK0EG=R8E}6{KL00_di3Y zPL0XS!fc&B^9GN%p2<(S=JZ_VZ)jP$Gv?Pidzl}JxnY%CUE(ZdX8k<>?bwg({Ey$m zE}O39`}Rm>L+d2xCi9f}r&eX|7i!z|HhsyoNv^TC9WB?y7Jr-Hbo{8;Jh`^B6Vv5F zo=$FXtGe!{Y&d0Mb}P@e`CBeL_;UW{rT+|m^UrMiXmX&BLr7}pqxz;>XP3>|?EOf4 zhM$p)<_pSIzELnOTn(_Vs$d-ndO) ze=5hF#|wWbrkB*5{8MS1K54z?s_*wVl^^=gAmXKP)%0Y_%yX71{m+AHEIyvGnzz_? z-rA%Wf&J>QV>eZ7KOE)y%3E~bzoUg`OV-pxZ%UUjI<8Ud@xVs?x782(hwC;ZHl>Aj z`A^wa`E1|mzw`g;{;;XY)91*#b#?Ea4J!mBQy46M&71mZ{gL+_VdjOk+YVj4=OSO| zc(&-4!pHLNMX}|cJLU;;{(Vx@rzNK7SH5%eAt#eNDYbh)miv83@7UwLKHys#~7HF~8^4EY|eCc|3VZ^=%80=`%yhpH1R^ zoxN1;p2LrSFV`#nXJ|PeQeL`a${aJ}d0TClAIUzeb$9XBB<>H#HdW5kjMa{~ntJ8d z{oszjdu;?){z?6Cbz1vFS%cGs>BckX=c@=Fkbl0nX5oj+5BdB4NPkq~sBum$+jiKc=1%v^@)C_wo8`kE#L08eZ!KK$CDTR zsQPYDQTOcKsoLKBoY?+Vjp2L5KbpH-{U?$&%R4`Nhmb=`%EOa3GFS7NoHP067pN6K zHAyizXQaJg--qvqv+Y@58CT@=tg)P)o_v36)s*Ov***`~zxNNRx%gYEBHMY$G>n{?_K-we{!c##% za*YpH)pew1^V%jGn?;5snn8{K11XmZs z@tX2=dev)t)Tdm%eM{c!Y(gG`utPL^Pgmc&OXn^fi%b{1z3z^zSw@(=G>wO}h0Yzv9Qq2ancd{!_mARiAg? zgiS0npV;NJFIroC)l2WtG@($XCtr8&U(UHz*XUlZUVvI;`%J|rtk1SD>dvruGH>~{ z%{5xHQkS*!E}Lt0VujtW`Fo?h9-q;kck|%7Gu&NQvnndqr3NnCZs@I|r+b2b%iFt` zP0yTvY;C+K=B1tbRH_j&NK3=n- z`ME_-!Y}@)IrY1PotNt@Ssl7L+@iX_`<71bx7^Urnb~GncYLXUVrnm@3r;0HJ*#^=5C*OI>ue6zNGAEd00GOZhYY6!?#+mPgakZ*m!td zRrBQ!ufyu3D>hxa>>X{L;?glepx^7&x}(ds^okxm5jxSKDdIZ6bX9X)uZ@{hm1kC^ zXyJ`pc_&{~n0NeRe{CoC(Qe_o3~|F(VgWVBBt3%o3m9$wiJtxu?0?aw@R8%guUorr zJ$-spOK{TKS-*^rPI!6C_l@wYs>t2F3eQ|~m(IT0@Zi~==)>DQm((OpKKh{|_mZ$> zg5mL~QiCrU=cigPQtV#avFxetxp(q6=O6l2*ITOIk@xtn(0_)-zCr@44F5RqH+}vq z|ImJ}AIFbwtTEiY&%IuE*EcH z6~%5Py*1{ayYpy;M31}5oP_F#Dx;O&@m+t~EI(Aep5u7+Q~jyEW;Myl4|>D66+qzJ$z94tr-*$hvKicho zcw()|b3t#JkbIN)A(>j&hkfU)`Wu#Pb;ahJ&B(Y zw)4mB$GqlY|1Nbq?G!Rf_%k>AiQ!cBs4Yw8J>S^UqIvnLWxQyO@{eQN-t#SA>h#b} zMvUe0hxKwF=O0)b_wH8p>$#E>j!*JhuKhmVG4@a8wNj_caT(t|ZvMQo@Z`GwhpFeL zepC*YGMN>!%<|mr2^UL(kNH)Fi#)Y(c^S~0e&|-Q`{N<2zTDVx9P+VbZF=j9;r+ z3;gfrzWsUq{C@_vbz8FI1&;omD|M`8ox|I+CI1;dMA%ClPW{dHBl{rRhcmm@cRtQc z?s)Ll!QXyv$%8wKBh4~BT_4~s&43AZ?bG(>hXBHunF=fy8hMtkzV>EHf`s8zl(W6K8ESV2ko~0m90DUdWHTQ z*AEx<77L#J&%jaI_f&bor(^a$;TOWE|2EF}^zr&dp+DuvH#Kjj<;W>^95AQUd}yLJn?MVe*QZC z+dtF~2v^vB4l+-B%5>)3o`f>d$4)}~I_6br^{qMeL;d4JJN4J%yQDL3OuO>nten}S z-E*sa{jAljD%c$Cg0l4w%5&~v{_yHmt@EK-{u514{Qdm?T=t>_RqN&6c<_hsHK z`^fX*M4`~htuclNpY2=scjDJ*-D3aj#bxUix)qq`ZM|~)-^ux#pKjTg6VLay{;tZz z*zi_6nF{3tKmRkdL_4%yR%Sna-s|*ly(P(I*V@j@&6?!-s-nK{YekLh$5_)z3uec9 zcp2?6kK>L1c>LJv{n9V{7k5`YZkaP_^|{LT(enlNiNBs_a8jGWcg zTKk7#+p|PdF9dGxf4E-vw8Z45D7mlf)2s^T+~1R4!~4VX;eOHX-tf3BMG6xnjv4Nm z_x0th?Fa6+MIE1#Z)0c7f5&heZ(2pr=VNuU*OWhe?Qdm{vPqp6zl%|Jb^cMQ`+d45 zl6qg>im6OV=1M(Z_1(aDsW)%s;o#>Vzg+e4E}XR4qP|mpvsv%@m#6a|c5iP=o35@s zLHyFj#J`ib=5JcM=hhUL#-Mbsa@TyAp(>>9X8lRq^TEqQHXp;e@~1^@K4@oE z(S7*VzvX%pw(au?`|x+}qQX8l_fPBOZXeZL7`?t#zjU(Nl#6d0z2_(>OB}7P@7SNV zpC^0P)PFlyWSbk^iQVULjA5nH-zob|XzBsJ_0S#`%Zn2kCzTwo#Y8_kPNIa(Ri_ zIlUt1Tosw5g$db?`!ki7Mf@=iU&?!acEXk1B_C#G>{=5zV`=Fm%dSsrY(b5c7h%`L z|1;b&6STQj{AUwWQOMs~?U(yo@AK6O);RnyUYtGYuBBk+WY<-x8$RAq77aUQRUElr zU>{e7|DihWeIM>^nEh^@$$4wPovAYdkmuGJnl{(SrRy}jj< zcdmq?H_z;~PmbIAM*T=#Q-3IHa|PSSrkD?+ODulw+xk*o_z!boxpL;TGUaof<~m(= z=}ddPJo5i&KPp^#>qJ{|xJ6Z)B}KcEtOBw|o7A?3sH^*WP&%{&~_zkARJ~ zpQGoQeBh~?Ht(L|W@WDV_L7q8q<;OY-s>bU;NX9TeNL_a-sSEYZey?rq6zS(#EZS~*$vYo>(zFAZ9pW&^v z@QibeOk4hGR77NcE6x@Rd?fUv;^6OnU(f%@4w72d{dZ0}>vo>i*EhR)724eT_%y{z zzLRnLj?1OfyEK)gC*Ium>6_`XKR%Ze`(E7-n#6nUbK|CpKDSq|YMdWhJkL}Wl;3h& zGhx9;oth_MWph_X)F09-IexkI2y4gBb2S@kwYSYYYO*HHef_P|OLeC$EL!~Lgw)mZ z;fa4NS1j7Q@k+k^wvsE8B)|1;>a%>eMqBT_SHI7HhR(7@lDSJK*qF1=-7_o8_S?k5 z!h}?(vz@v(iX_6lx;CD8Gqe6tc~i;zo_`WzQhOfV58Qrm)68E&mbZKheidcy6T7_R z!@hl!1Xcw$%O3PNue96Zt4FDZoa8$x%|4qGRSEwYDnj?l=}JXNosZfk93%LzSEqZT z!WUD|8zNgR<}+7JEXm&g=H!VTp8cm%j~$DfA=kb)^zXtgr_ZxiwEKO0HtT54`@oBeEv@E_XPklyf@I&20VmX}jjy`(C!Q_#=H~kHDq&y&Jo07w>#t@TUI! z(rnJxE9Y!6{-Q5>b4}Sl&Fy>7Omtb;Y00y1>c&UDW|srE?Y_2!Wj+@J0D( z!0TNF?5EYa7VoaQw!P(#iVg3B=^u}6Uvk)P&!x%Bq79xbd>>oi|3^KMy-O5# zxBHSdPtrEpsbobhJ-2?z-OQ@`InzG5i!{`8rORrs6V8ozHYLhRR{U7me+Fh7ee)yv zk{QRoAC=lVbDBl;#B_P*ugA;Q1h0AZT~7O2$?4upCn5uys(*#A|5MheV>;!k zzTVL*#?gyyEKY_pzxy3NH#X+=et}1t57slNF3RJ|%d24Fdk}VUl6SD4Tax=D`!0Jy zQ`TI`Tld6dmNaLGUVSl7`s2H4t8-Vp`j>64o?IfidY|ME{f|snFa2kT{wR|vb}xCm zPx{w&TQW448QhbdIhkSO->jIg8!l%&dtb^?W2(emow+W(ZUN8dD6uH{?myMbW_#a| zyL7)G$KYsbAV0?sH__{+wv$%G&#qTCoos&Wtn!h`rqkw#2^6hZW%y;G>&c8v@v`8_ zhr{B;FW>i-H&$e^cpp)IPGq9;!{YO6-76oxjr!-Ab1HFhO)~btu!qif#Vgws`i!rwxSM_LvN3ne+qK>&g3<1?XBXdI zUe%l4BMNWh;hXJ3p(ryTlaSN!$8m_Q@?lu8ZdgpYxAe_i5Q>l~aP& zNh{B;i*QwTQ#)sUMJiU-cIy+V1?o(eo$soyl|Fs4?b6m=Ju>08#p`eFp6)r<_f|}r-W7b};Il0z^95&n)<4QRqGo+9=9k#o zr7=eLVkU6@?KpZ`X8BEnM6%Jw~k*>ZMFE+jG`F_ELMx1)Df6w?(n>6 z>(piLa&z;yT@~49A-a0mjjZw~re_i@pY%Q2m>qOw(w*)3`F0D;co!C#OWnRy^4I7n zXU3HM#jgXRUS7O)guy=M%E=k$M9YN_FfDzPv1H~-w&ly^r#(|WAg|T;wf3vD^$at2 z4hJ@EK5omm%5*Uoq4%wVM~DJ+-(aV@9*2S^vL9Uhx284Dgu7ygy|mJ{8992>W+OL zlb7#JxtU=vl0QkcJ!%SL!^1Z3@WhAf+oH}C)-I2_5;4K@v(|cvrpXh}-_q|&>Fv3` z^r?-e`qr$>UoOk^zpO4uImVs5Hpe|NTc)3NPo?(7)$U%Gzx>WQzsk!YuFLBCifPLx z_O<#NyM9_I?6vxGPuKn&Mr}EV;|rF@#2qa;r0sg6`_gP4;gcF6y#Fq)nPujw;%oc& zM9b|128KNx>D8O={KKQch^egCgV#xb;FOGHIn@#RBIfv;HJ&F z z^^fJ~rinZIc=Ix(q&iyQ42|%9QD~yP&}}f6vikt1r*Ei&N7TgmyCP z-Uz$jnU}hG$IPSyWp&4P>UzD3RLM+vdf?%2NVD-}wzQxzppImmj&?Zyz(Bhx{+jp-0o!VA2b8+mc1>%XmYOSZ1 zB)t3;blXj3mXoJ^x#-0VGokhGmA0$QoB1|4W1n2E-`n+heoDQ^*zCSXy;Rt?#iMMQ z5&v?>NYB}qnp~r~ne%Qx^=YV3+Zy)pVSkC2h0K$0t9oWS`Rs^tR+uNV%ps=mb)>ED zqe%(A$8Rl}dn|BQVU(5b>aFwm1MbXsoVD!o8t-Q|4f@}G9nCwhvHe!v^3Yk%W1-ry zCzGtY=N9{Xcs9G?$0X;5tIw+LZ7y8#T3Bc8j(0zcYG37Mefu1AEn&jFyjF`($BSP_ z>es5wI(wu)DS)xH_)qAT#D(1}la5Reyx~%F$!ASEZ{|{%hS=VG;p4f08 zWcM+Ha+3L*WTNe&-lkwPIXTFoja8o{Fai-&iwS%XZYdu{K#6_CzFMD?yp$1 z*WgBU#s~LAkr|5Cq19#=Yh;tA?aJ}G?XFUq9B|`aeAcho_wTuG&^W~SGUn30=e`;@ zr8Jr>S-Kc)it43OuWWMVna(e+Wt-)pT&Z$Pg28%Ln}%NLUEh+|o{p{3#xkXHQ|FYM zc^!@Cih3orZe99swiCOWZ|#nJ*qPoZ+9MM9`<%s!gx`8Ir8B>2u!*a#+WKuh@4VhZ zll8qDCq?hCTC(oM#8W@MAKj(bE_?LIt|^6D%$p03MWlCq;J$r&z0B+2EOFuKT*s4s zeGc1`S^P*}`p2r^4S)MI?aP+#NS>Enez1;X;ssBUh=Kz$C2QX-=$U#`zNN%5lQ}l# z&(f;GpsZrAiMD6fIs6l-)h<4g{M$ zN~(H8$U-w-rJ@roJ(c0`z=@V}} z`L{3_Uta6`RVvKgUZXVVA)9!E`{VE$^M|qCF+1IMbgYp+_PH-Y>eh$t?YX5YnstVf zk5wM+?lrn~?6lT~HHEhsy!jt3JauBnu~*OXcGqV<_|L$*Z2Izp+X9$2KVPtpw^S@M zs)Sv2=XblUYd^9_=embX(vW^~KI`d|c@gci-F9_-=&q)(^CV`pF|%9~Tb%pkV7t2I3Dc!(QZ-+sYzy74_0{Iuyk>@Z z2?9c%Z){&Ry7TVObNHLR`-l6(8C&0ac-#mHGBS+$stNs^x)pjB+1; z)ib@XVmo)H&M4UPSL@!+m6mof`iEuagk?E>HaqIPqt8!!*__a=B1@t#E}k4P=P*mX z!aLjSC9$##L*v35eLozV%r`wFJx46@;OeS#8}pY&)oyz8gn3TL$?OF?r}nIkdb&m1 zGhanP_)v3P{)(8JS-+-i_9(Z^-@}?!ar}|Mb(QLDiT)|ki}~heOWkDJ_TnMq?)k5y z4(aA4JzE#KWuxJ`z#{(bCRswqh3dY=F5vr`cCBpVw)>?9I+a|ki9eb$*Q>d1@9f%e zIBg4ePm{&^cl{G~sxM^PGB0fN*55jTb7ay*i=8j#ZrL3=&4JrK=G$t48_tD=&v!DJ zzNx-qd%DT3#4Ol!@~Ky%{*L!HnMz)jaavKSz!UDi=FV>Q={yx&hFiGW5A9-!I{NMO z4bKDTvZ6PcY-^j}RHLnOVtcPxk(*KW_G@_yFO{UWrH5)6cbQaMl-WEl;#Bve+;8dQq*5G`mHb>c*EbYtOFIy%#I7rCqse*IKjX zMLr4>=Pkc%x^GtK+P_UPS~af>{FiBO{Jqg~-EHAR*SA}_ZjN@UoGiKSR&9{2`r-JT z+09#o7@wP-%9v$)WctP}r$6zvZLvu$Wx7$He$3m<;lXv`zU8Ur88d#BzCE^at=1}; zlj`zw%eQ~eWO9G_xJQfk@Vy=X8CW7+S?}MPF=rWO#kq1oGK3!(EeZBg_6keS}N_BxJzO9MoU_PmOdZqQg7fieEx0S87+?lyZMeAK~ z%vF_1R+x-1{_L(9Ljje&RmL{*-`)$tkA~UuN?63dTOFiEc zzEbtj8olxdU(Q$U6+L!WPeZWbRMUZ=p2)dhQavB`zI(DOFXH>U>SKn-zZK@JZBL#z z^%6VliMZ^UACENM3sgv)lMo)OQsf!uuCCa0R8p;GV_fl%Yr%I8YKz^otynF!_TsL| z3H>S`{GW&D?OAPdLm)5pee?;XpB|>XZqgodF>Dt98KfS+(|a=S;S-q${~7E*|GGAB zb=^6+JA8W$Lvl@i-ZOe5k}kPOxoF3YN0Zaf_M}bnXmRJM=i02oEg~&FjeUF7{^dWi zVtrfI6c`vE_sYE~oUDKN7VGhjul}2s@NSIODZCKA;z#_!ZC18BGNwP1^;K^x*{y4I z$2B`|VaMTpmZsa8rb@FrRP}v5uU>HNXm`dm(L3F{nJ0IZ9{neNTG>8uEE6?X|mi>$Lmj*4{-LIb|#7x^B{+xtFUjN_S6^#1*aP8zCESt8D5> za(eP@r9$|`BY9RICq_rbO_rTBb533ooA%UYXEjex6wKUJu}RHY;O?#UC+oA9+?sv* zI+u0&LQ@s9NvEWec5t85?*91n?7y`oIyU#UEY3+VU+Rl%)V%ZMKLgY2vRilfS^PL( z8NQ6zFRXjd+EZb(gw50aR*(0{KK8cficwu7-g;-7MAg^z0rO<7kKU8%dyydS^MtS1 z(=PbzoFz+(pU2w!Uir!|xOKPk6gM?@TZU)5*UI~Ng!tMlOk#efzPF@mdTWj4LtCxq zVORARdz`rQe4)kLIM&Dh-BI^DOf7Y6tnDYK^*AN3PMCE`ckULgof%bU_Gxcxb8q)b zI3b>S@b&AU%D?GMjd z^6p&sE4T0YEAMZ8GM!W8)qQPqC*xTD#y^gaxMNdXOS85MY&`ZO-2dzVGee#?AJd|K~G!4v-(H2!9@ zegAgs$HNb|V`AN%KPF@bcP^SHd)nan{jTR*-;2~vt!dxwyUOCb>C^oJrZ=DLGWXVc zzUceee5a~;rCx>Umv^QA5t;S*sNqfTNBzxSrq+?3R;>$f$j|!|zVvq8)%eZ-8IIK& zME~);pmI51B-htbn5TW?9qkAAIewfE>Pp+TuOQh*kKOC-8kId;xBV{ie73qMw4I?= zd;P5?sWL`(XD`^qe@Oe!;9Jj8G5^@Ms$;XQldcB@|9+i(+thCJhxVgoQsuX8RLj}B z_Sn6gpj43BTQ|43>!-BiN7Y3~zeS%;4Vmz;$C;)2+S~Pg`&4SIuZa1x)_CmOvUN&o zvd}xnH?CfDBJ0C4GtMv4txx^WAbfJM_v3hmA9c3z{@VLqd+mtv7hiGk*^b}&4OQXY zlRm|_pV?Nm#MykG?B4!NWt#_5kNZ*$ zqmS46n$8#bW8HT=l!N)zET7qtd(X>!Sy~bG+~&j8{Dnti|DCJjyLKyA`J@%wCcle3 zAK$vwXFcEJ_}l(R_d!G5{hezYcjkW$7i3CK{JMVmmioSW#yZUm&t-ptFU-65(QtcM zC)57TGUcnqw%ucEdjFd*Uos;5pZv}fJ*OU~H~L?{G`S^8L^Lb?sGY`-!bkrZ_@kwN z|CM`uBJs#d$rOd}C)S&O3~$`yn{2pe%jG8(cbKyOtl$^*VmE zPCoVTzv(*N&yFnLaJKOJ{!Me{*O}1>l z*XOzE-;y?8Ubp1K^&_%YvD`sIx!ZSX?z)%nB)ws|j>x24=|RVxZp{;3etYpekCmm| z0nri?2mWon`N#bS^W*oe<{uBQiE7_A|DSFC0_#N+YOBNac7J$%d{=D4m3JkUa(AZ~ z%+jA(7*o91;zg`YsAj3=53P5~rE2X}_jeb5`kTG+hvTXnvT45`K3iGboxMb>byxcQ zsLvjH`6YiH^OkHY3T(8H-ITrJiqiH^3qG1n)$H@%gln`#f;J_)_hj$D%M1IlneQV@Lj!M@$LIRq4RtZFVMb`^I-hnkJJ>i!OYVXZf*led4E-yyC{#2)h(#{Ymaw zAJ=ognsocbTA3xquj7_Kd>g8_&?(wN=9;={Rp!x6SGFZZoT+$jBc=P;@JM3LB>t$~ z8|KdqTUc>wWzP3!lhd2yrmdaw?$N}C+w-d)+bRDjvln==>E&m=w|AOfRIYn^*jrM0 z`_jPKzT0L=vOJ#lLQC)3@!5efKdv8}<$AqstEY}yPw#U1vW?qMrJT$WvbuiBUV5K! zboMQi?cWR<4W4{_8E?Wq-6Q;{cmmlmou4%V(&Cf5# zN)-8>=V=~YxMPdM_k&8G{v6_~di>hoH$J5<%X#aL^J;S|E2is}nOi(I4QN`fdhjIMrtq9sz32Kp zu5`-3<~;CrTx=@!q}21`ks@P!r0ei!!Gt5ns#J@<2F)2hh_ zR_fMpmOqsKJ^SV3TMe?!@==fSms~47TXH;c_Zg!C_q^;23p?Ai%%df&f)4wg`78H# z`XAwi74;9Fy;!$Kta^9-wD1XRLG@Fs{F_bve>jyqyHx6%#=R+G+m{(KJ+uDoySk_J zWB7qtF$MEQVpbdz7Ls~x$5@m1v2FdM-QK+EM}$38rZC0DS$$vgv?+M^&NYfsA9FW< zv5WOT7!+rF;lsO^jOYF{Y~8`~kgde^UFIrWzb8i3Fb=wcv^V^tL zKHOdX)<0%T+AP)FMFAe{*Js_kTqpU*?oyuI$M?E3Bc8k~{AYUTWk}B!i`RZr)lhO_;B~{+0$~4ZTpnVP<*}X*V8Ta zZQNq!H%eZm#D83ue(Y0?;fL*Q`K70=Z=3CCQ~Kz#L}tF%^Hr~$^n)^zR4t=#8h=Xu z$94C^rtdx%-`aR4F0Gw+$h*yjujuePWudhVo!8V7erwE6BXvV6Q?#rcIM ztBQ}?l$)?7@mVUbt=-DD(_d&+mQ(HM93*Cj8__o?m@v&x#fz5V?Oc8M=*6WNueriuuLyL`BMZg0-H11)c^Ha@cD zJMVX;Z_anGON^(QW6$^2crO2A{o%7t4$DzPp4gMmXMJ?JQfeC=mc3IgZC?4;=aXXv z7d+{!3cWq`mn_4jb@`ENbQJD|zZaD}8?xhr-Fiv2TqB2Cr&-_YZ*(84XSWmh6VM&` ztBuPjXdgOB|!?|^83-WL;pBzaCrQk&7Ra0$e|~L-`Ndexg5-qovWjQ>(@oa@P&nVXPa{MA z!{i#hA3K+yW?62yW@6jzuSYA7AJzY1{{8X!wgr>wd2YS@b!){*v;Hj;&%4@O=aaTP zlDI0az-qZx;P;gC5`Sm@XLztJerx=J{d}4C_%?lXU3zSCqSTRDwRdN2%6-T9pzC+` z!|8uyTt6Iod|2SlALkz~k3(<%erd9^>Dcjkjhoz`$1_&^{>Pd6+wq57roz>K{Mlu{ z`O3T1wQ3I@t@z$mpYAX9BdUDs?(Ms_mD(J&$yxr%^lrGtsf|{ly)z9DUtF|V)squpoY`h{!uXRW`Pe{9wpp$vQJFOg+>Z<}5g zo_`#FHure*pYjDK@^mi+Zr^#S1GN+hM=CC?`2<&YE*G6U(v} z{+0Q6;Xi|HNj=X|xy29lg>Kzr>({z=sV(kb+a9s_+sThYRx7(#DZAFLo*3UNC-ZmP zKl2K!D=)v<>F+iaK4tw*ZtmyU{C4{Xi|-4rnXCKtY4i?H>Anm6FC!1Dw2EAbN{{8( zap=t7b(i;N%BH=3=(114UwCoc%3B+SjOWLM&#Te>ySYv+t6pfb`$x3}pKf&8SFI{2 zoagXI`}606@*jf!Gqedtu8~^1^idvjkz@ti-s*??Z>RsZ|FJwca!u)voOde9O6kmB z&!%kJHDPzbF7tqx^}%1%9e-GVc>nnL5%1k!x6R|$S2^LKu+2Yb;_I0Fqy0CRKfK=d z?$&AND{mP?7viM_MTfg#8@Wtd=Z>Q=$p7oPCA$^{&+WHUE zkKY%ni7&2P^2gz_y#J)4GaqACS{GHmj+0AlohRpc>o}{r)zoFXl%MuXyu6h+dCkei zH*QS}vADxtwe`VzuFPGvZ>rv{VDS`gd;U6Z^2hfNS>pIVI$o}kEZKGDU(lBIdB$ze z6|TL1^ZmDF)_(?x_p`1)V(q;)KUpMt&Z2~k?2RW@9lH7~TI$MHiDJ(izwE!&|5*KC zzT}Uj%LjkyEu8(^+TgNt|HJd~SHkT-uKu>;!}){uBKGa2v7FBg8+SP$D}EX4f9U?r z?+^bo96X!$Jm$mxdDqR&9*JenSJ1HCuQmIT{ek&y@}gfkzQ#*sblY55C)zIEzE9i7 zmp$lGEI(`b;Wf@v*Ufx-%l_@(hxY|ymd@+{@aj{g>Lc5B>;9+F`xO7K`Z}NM#rgF= z`X7cKUApMYq%>vI?T>%oZ?@mu-ukx2Z6C+hptVnLR|YcNWL}s3e1HG^?b};y>K{th zD3(5ueA?y7%;qz1<~nhS&o|yLmI#eG#dUm7jndymU(ff>vibGAd7pgV_NI8P>yby}o(6^_I>v6WQHV`%TxZ2-^GT@Xfl9_q2{*{qW=T z@xWI}*MmM}9h(N=5FHy1LN1m+e1Fbjvis$h3Tt7cgRp}>l`N%XT4bJ)DrxBqTKme z_FOxIzja@;379Wrnw#%;CF1b6cCCfGQ?7F_|M5L$w)^kgKhIg3mhNhfyZ+dg`9PiG z<;DAX?dMlCoE1CdHTl+#_mXwzzt!KkR)1sGq<_EdQdAx+IGeCK@xjleswt}GEPduj z?F^;|{HQE0+SNUCX4B@jXL~ju+#aX3|0CBHsV%>Q94|SaH+?l<%1+`x!=Y_IYO@w4 z#l1Z(dVXn9J#&qDas49+rB9!q`|aKP`tIphuCANgg=SCQ`E~k1-r{3rzf9L;u8CPu zaUk_`)Sm0#PJNu;+2511rEvXSx78A#%g$7?%=&)5ElxDLY6F8@rJI{&-2e5)_Oik`}KbQ zTQ#a5S~MSd*Z2OKa^dy{ZRzt<)#q`Xtzp=wedUk*{)nc#OZrb+hJIajPyX+QQs%|J zi(+2PY&kpap5=)(siz~W*L+{z>L>T{7x$z847aAcZ|d_j@$WEb5br%<aD?HP^+D&HSerzqYl#^?AS%y{FDyU+!~f%(^x)Z_>Gxo(X(> z*~iy9O|M5EhgMU}@l|61X zH>O62FiW1ToZqfnr&2N7;78KgXB>rdcdnAty>6%cL+jz%Jsg2#5n z{~5y8&(gEgtJw6^%=B>X+qm$L=8wgXWXJk>Tr#@$d|BA`g+aZ(B7Idi&98p9eg9bY z{GszwFUy50q8+B);@?);@hqt>?(nSlHjK+^Brg4DNQ>V8_G2Bgm3*}{jK`PyeW_EPpqrm}@3k8Sp*mee?LpSMdEdfwHZA69oPPOSg< ze+GfP>G8WVoiab!WGkMF?kQcr_7CHOT>XQ$VkR6;m3tW@Nl&cUHxP7gLPBaz5bqWd-T+nc`5BGy~jo0Cw}@FvUKC8 z81L|VK|%KyPFz`$bU)_Dhv@AOYG5q_`Cdrd*`&k z=Nx;QtgZ~Ui&kIEE+xu9b|D?6k?wQx@3}460 z_~5pVW9ybnPg(dvlWoFpmDQ!+6iu_p}Xg4)8|0LLr-KFA{yfw_20CYm##Wl zUi^qfv7Yt=@Ys`e6K~xUG+WBwy2i z^LTqxf%Msll?vCxSNuC(&%Q@G@!Q|@BR#6!JQue#WWtMrzm z&n@qnuG;jZ>BVl@^F9CUDx?qp68aH*AS`g5g5Y}&^K^;z%-3yXKZYNdnjL?BdFSP_ zwC+xC)BB=ZCAr7dELm@Pp)FhXt6ctL`?+Ty+L(21+K1WI8CTQihA=FbJzF`Y zVDeP=z`UxTQyxxEyi#y+zuDV&74D6D+&|hsnAX&E|L`QsSqUnwB5#$it-n_jboJJw z-%k1MYelE66N{eR?)=Guoki+DfO%KW0D3p3jkG z#dP!b(&JNt3|1K}xBr{CVUNT`&F#{?WMn zr#xv_++v~J1kZHI1ESCNm}cF3yEXlV=w==^zMfU?ap5bU*vVfvIWi&U_L&7uhUcqZ ze|;|(_hZ$gd#`>a#N89^_4p#Iwf}A4ht1AElo#(?ncZZO__U|+Y~_E3=F+?JN9Dx& z<1UqMjWKX@uX7I9wUN{N)DrcLBqrGz7%Cc=zQ{Fz=#&|esZ~TGz zYj7n>yFtSJs<+#UGw;+GDLT+x0?XW1FR8bV+ckbz<_1<-e}q zDhgiCo>EtQR&#IUr|rjLOSk5CS}nO`pkzH+O7O*=FrGTYYdTwQeyOg$7M(qnDWmb> z#@D_dGp>Bim&g)|K5#VdmGAL<=N;Ev&jj4u?Otep#%gVyx<<&<%I!;U|2h9cXO%^1 z!&0y7nM&_wKk_t**}IFo-_)2_R%Y=&DATnbKk1zmV>zG&Bv*VPuU`s^Q> z_t|Gf&u6$F5uI6{o2^o_qG6Kz&STk6U)xLkN&N6^+sf6Ep3>9VPnRfsU4N0oJ||u{ z`skCB5BAzF3hZq);P|8cJpNYsqis_kuNQP)eY-|y+va%&%zyigm_JpnU$}5)Q1cd* znmXn7!VlqdOf3I1H1GP)(6cA~5$F`uIP2-9(hl}!*LDHSzD)XS=kP_H=J~ zQ}fT7yW{Xu{ZD;=N>kr?ztl49p{-~Er{$IlP-5B@W> zsLJVGR^Br)+R)%uWbMxNmO)b%JiKvFPgL{sj(0Ubf5%rOU4N8+yt+5|;6HwE?dm3* z)202)568#zo6B~6?q3THx#eA-|8gJuwqM*%{r->U z!@r_yC*0+2PUqq@{qBBqY##Mh@{mt;>{KL9cj}PBE*RCe;?^VTw zDHE!i`?BBG-`anq>U!%wwOg;N+-80Bn4r-1b~?ib+y1A~^1S~UGIZ^a+>_b4>Bs7Y z>z3PY&Tr{Xtv&tac+}&-!0z%JuX|RV2$iA^Z z?ffn7kPmh%S-yvT58G&da?%n_xvjVV-K>&tsj2*U>17S~!*5$R>`pE14400ddz^W> z>6htmetzKpRxHo7_N|?IX2-2AJ?^(ZJ8U`DCibk9vRXa$WLdGC*xw~zV$=LJx3=WI z{vP@IvYl{^&xd`ztL@fTvX~26B~F+)p<3$0ec8GrVbkZS?Yi<$>{YOPM)Y@;l;pL+ z-4F7Q&TsjpBB!^$tTmu&A# zVqRC3@^x))`J;qOUzX3)ymP9<|8d;W><>!P`h2HznH6Svd^*9-lYMkeiA7D~x>s@H z7r%U+_Uh;g*AopLH4gI}yH_;{4}I?qlP zy}GUM?b-kMew07Ft!$sxrJ7*XBSFXHr=Mdl$eQ2xpCRS-VU=Ikwmx{ARkdZ24&PUA zhl{59teMQ7m)=Djv3p?iAne`RjLT0PIWMfa)9-ZspHW5h5%F{P^gF{Iujy;yy&u(d z`BC{HZ*BQancvPVkc&QZHsM7)myP+OCE51{?``r{XZ5XOKe)bGo^y|SrB=lu)*ajH z0(P9^tujgX3i*2H^DCznzQ2g^%UsGo-9KZIm``IZ^jQ zCj8p9e|&#u@c1NMe)EA{Ip6eL#2?ci>c#8Mf6M1P@?rX!oLX(E8(kry$KBf0cGsNv z$$Ug!TmkByxT_lL%j2a zcU%>5qLWWsOYpT{+wg~NK4;#SM&ADnt+`L9Mn9dr^V!ao&rF_tvwHb-Mt|C~bw%@J z|E{akw(IyNZf0~+d{Qt!n1+UoKH`+0tZAHUD9`^R%d<~#L?CngB@E-71e|HHf* zo*%^zmtEN!&v(mBS>|15wEf(KAK~Ao{K#JSO4#wkt3(#nW{D&P-n&0UUtL)5x2AG! z@#*!gM;y0Y-E%(Fp8XHQM;qger_III; z&a~U>7uTLLh^(G9>H6dU3~l;v=RG@gsM1MBU~h4(-a1C@Q&w{V4=3M0^hL#f^Z7%& zv(LY^Rd)U@dVoD=f=B(tbJ=tE{he4R^{RaB%J@H@#ZJ^VcWuu9?ciQsX+AyY;)2|L zF{_)lUi@Kx{M$d(y`NNPiU=N8D2~(331b(Go~XPx_2)9F>04hE^Zr)(V=myE4lx@QlL=%VXLi8z!uH&^wLa^hi)}(SpOs9aY0MRaHS zZ{0tNTNoE#ESIT$cJTbmxYP&zx2_+K7rO9zyTI%KcP)PQd)vOQzqQnL#^o>5LsA}} zyD%?*qwQclZ2wYqvIMS4sJA?gu|tRR+i0=<$>4*%{*d z;^~ZEt7p%5S~m5=^+)cFi}&;&Uee8UH0jfg=AL=H#kXou@b8oJoqCr~uby~1JpX~N((NPjRN6gv zhNPAq*8VQKsok*G^~BB7741RuB3Z)ZjfF4NTPAJ=!H4bKc1;YHnDgbvpYm&_@*J<`OX^MYPWa9qn0usW z&b##s-lXsPu=UyWrFXofq&u1qEcn2AW4*O_f+K8x$yaj?w) zxNf<}-{yU?G48DYc0STxJyXGYZJcmx$SaMNZF62&%$*T)&LnGP#HVatUEd88!>!wV zquYHa=W`T(S-+@c|IO0}tV*1e(q=HQ#r$Vzjqz`?=UXeXI6C+I_a*CfQ>QMLy?8g; zYGKgY$6_@%N><)iOjduPCBN}Bv+!nCf1mIxX7(I*a<{h6=9{<9KPYZeR$}wBqu29uR3|>1u%~ZfAa8+q(T}71 z6rv+D^9{T^|1(qs$na&~`;+?N@j*GcEwhhYeEnhe>i$`>cIv!O+;0fKe(m?e@qsS; z(P`yc-&gY<`uF**d%sRO^PNkJTUT;z_j%W6Hs{5b$15-X2!Gh$xqgqeh*-JmI#ITt z2Oo0E+MW%#zDIOjMa=Of@$plHYR=A+c=GFd;i4Ls%YUpFZ);zylbSPS-E&Jl_b|I9 z*C+k>9{gkG$NVD(cQSuXy49U(*ve&>S9RS@ub18b?w!NTR_8W9&z|zlzcniL>e30F zPwxsav&?$+cB^#dR>>_7me?4!>E3Aa_j>q8IQ!9hu0Qt4t36bvDxLQ1+p*5x@#Fq3 z)7q%W+{aT)&TlpFJaM-2ht}nmJ4t;!enJwnF3+CU@%6qy#b)nIx<}Zax?JZ9GrC`D zVY7X~`rd!0H9>p3kNGDiuas04o-*;m1IzPKzxX3R$REi~JLg@gGh?RJYIFZ%dx9Uu zzghjr{QBCjzG0Utn$Or@ebRik?CSEk#m{D$oPL#P(7WPv(7e?TZ>%%njt%0{d&dEMRNhT;eFS!c|8eB_^I)1_zTTo&)WtVsq_+1FKYQeHsfwJvb3Q4|4vhF0BKf8^`?~KDb^o)!v;}6& zX5BhOl;kqCdoS8dZeWHcH+N;9S>Uz_HXfTwlQUIUGih$Lx)Qz#h&czy{}Tv-FJ2V zBYUnN%O9Tqm3vborL(4Y?WumBU)PmaR$RrO*7f>&Qsi z&XSPy{e196sr`ok3|-UXKCJKgn%!|XExY5MO4_*-Q_WiCJJw~|*gpKvAX72xdCZly z(|o_ThR-W&j#>ZaKg0U$U$Xx;Cuf#iaDQUtCEidxZ|lt;&K@6b{jm4*wGPa#4TwGY zt@rGahK&l>r-ogcmA<*<&EwMZFWZu;GRdG{g8$G}FsGOT2w7OI@{AeBLhuZb+?@dpdni{v>6}Or8 zW!)~Bi#KJy?wyl2@uU5by>6cm-U=jTXE3zo;CFXr>t>EBtlJuUyMrmEns zZK}^D?7p6ht*ANs@snrXqrT+LTI-B=Ps&a|Ze_c4-gc>*8K<+23z+zf;}hL)?BX(t z<)1Pq+ilI9_}~}(g8wec30yT@vSX8gTdaVmBr}hDP3YbHNAivDZ7eoPXNT=L_x9C- zqjbHkJT3q&E3XV z7i(&~>MxsrWS@L%>PI2}>}SRe8+XY36TS0C^~dgqzU*#0+MauD|NKs3+Kvw1JALyV z<7F!5AGj|a_tE6VqBL%WJIpd&-`?MR{P5kDO^bfqP4y6Gypeuy$3}tWT)xXn1DCBj zbvC2uKf@N&OIg>aPr9Y;CE2Oc=dZS}@T1vW*?F>$b$Nb9hRc^+f1%(1PvnnIw5Qm) z@QF)WCOr9)_0#{c`Qd17*@(;yb~lz;3Tb_uSFz59H^XzstfUR^LVixVD5v~DR_?d& z#{lol=u<{a(%Xz8;4*jUM zYFD&Qrp$IhH#0p8J@Hxp=Kf=^$dhOP!}no%>w*bZng3)qZV!_^qFc&vN~%^anlt#UJ7i3wau*S+OoiJ6Gi5rG0%hr{8pyatp(c z-`AB$fBVG$H01d;p7LcE6q8nQC*LjGJyRDU> zp5apX#6d3;V=wa-R*l_*AE0mG!*r&JWk$cB^-ls%^bgqr6k(Q^C#S z&*PRqvTxrf{&A!K4-b4}+6ZD#BDiZ8tB zw~cSEwU>Fi@XET&V%JV6ZNH#u^gXD(IaaUvBS-c==~};kH`gAY{(WX)Ea!*qZ8x`X z>&)|C*%NX(Gpc0Uva4$rYxc0*K3Z-gXL$KXkDM}ptx{pwtnGcvE(Y0Jy$t?7vnx_$ zTe!O9TA_Ug({3L5ek#rIyeI^I&p4)xQL15L>e$!(w?u&2D@4R(nmf3WH3Yl$JBu+}$gqd!Zs&)(C zdA?UG++5ReVwFU{W5BwQ0`?0b@hNjl8?~%7CSA{DU#W0?W!qUpk;kXi zi{;Z+d45_H`8C$)mS@n->Gk-xj@o1 zUMSv0R99k)kNbO(;s)#aS&Ntdxc*RVXDZ*;?AnZdNlb<McN|GZu%FYgyHWyzJu zEd>^xZXcU7p4chXSk8YG-n(2or@3}hlmA8qse>QhAF!_G&3F+nR1;h*Kcg)3y~u*f zRTa02v@e*(_sH{qIsIb)#!~J~)d@z%e0%s9{$wAkQ}}WEk$R7ftK8D%Gb3Cc2C1s# zFnpDGQTzI2#IC?2asIP|Z!c~-cCL44WoU2x&EE%R>9?EsI{ROKR5{(}+Pd8J)BHkY zZ^jwdmP<72xrMZ3# zMLQ3kVE?pkPVnJ#dP~gHm6moc4Rotke!O1nM}5Hd4-Fr`bysc7vXh+{^~&7gbg86@ z0Yl%SeepjICg!iMXp43CZViq6bM(_OhVyFs{_Xvs-?XLts*Us`3lYQZli0UKaw-K` z6vr$4iT;tbkL#n)uHvaX8re^TFV=kfRrIV^may0JB`Z%JJ*j+RkMi2vch~%4y?N{P z0rkD*^;|ZIYkq|Nig-K6@b*)0=?3S8udnU-ek@Kx%5TrEXHz7U5;n*lU${1w|A^SF zHJNK)76~OEIbqj*frqQ5UsXSUYx-fj>m?h;r9X}z5P!Ym<#(}_e-|pP_)B&7^)5Se zoRn1Ilc}%TWpGv2vS{=9mHy5=FK_ku%dJkdwzxfc$8+T!rsuQDZpF<|n|5Mq+ly(R z4nB$A)HYq&j{8}@qrXYhKoWp{$ui`TU14!{SWu8LS=Ccae;sDS3RrWtg}b`QKoL*e}>v+ zcUK<%&roj5o3Yhsn46wEBo-dW&5?M{x_Z!Hx|u!`95ae#N_G^n;*GUbyZHx zn|*rkwqpz@kNZ8^%*>q`rXB0hy*qNxS*w@Qc^CMqt}m>Zf22!B|SepJ}S>_ zQ@E)%{P49$-+gz@Y})L^c{2Du)2@|gEpD6*&Y11c#l1G@x%1A`m0@qbz4NQhRzCP` zd*G}2A0}sgbMw$`R+%_|$MZQ--G`<}^>^v(=G7P)OW(}>v&~Jm@Zj09S@S06{bQc~ z@b1z}(OCkX`y##TCD%Sy6^b!2*jl}xDdtDev-g2bmiqZIt1N3~G@NG$?|Z#nURdv| zXNf&qmXk#C0rqsqD68kK&wo^}u1~M{9jiP2Uf0^D?DZd(x7|Me@p$pWGO+;0-zS$y z=&)bg)*Zg{yy?=edX6vh-P^d*KfYToGcB<9z~s|&t}XBU6Ji=0Yw}tw=#xRf%0H%+ zdFg$>{|VmKShh>>!<+vM<*$QoMptkj{?#KMyoIy&8Pmb}w!f0Lb?sXwvrF>6Xo;*% zMcD1bW)JuLVV`>PpVsHS@`nm<#Os_jRF$>~UtX~|bi+rp%{H4fbvU@fmub(vqI2J8 z#<5$)6Dq?)AADWtx!5Z^h&SAK+m73{%a7QV9+@G_8+3U~@0p;t+xm{*+qR|p$!~49 zgcIruS4nkFpI&l<-D}G23m4yn@7&!gyXEGb!b7tTT-DcIqn2no@$31uS?6;TSJXYP zu3V5BQ}sD=))w>c*Us_;rapX}DKjx_>O@wLJ;4c^ati{jQ!c0M^j@x;TzI@@*4f_@ z6aREi4RCys6*24D#g0D4c@59^vMew96BUvAS$|!#<`d?#DcMzbm(G@0lgQ&9r@3q0 z{xt`B<>oIF%iZg-uFCvl&c!X?r)A3dbN5~KvSPiN6zjV_{I8<)de=W$oLg>tFY<|u z>HC^=>3mozzYeqVGSY4PB zxsKL;9^$(kPlpjwF*~-rz zpE+r^b*Zj+Xo7X{l0CXc^Q|*=jNiu1d~jFqcE}~)Z;MWBbZ^*XdF)Ndo1B>kE9wtz z=c{=c@K#3P&@PRKVlSVvNW95jxM!B;JC$u4HwSY4y&n2HGW^gz^-oXyZk|{(_r|HT zL!Tbx-78C9vD(R6n}d5ZPfwuepGGO}a%qMa?$=hG)^X&%vqN>al&>h;W#t`L-aWl@ zaiie3vq|yNx6fW&bJWq^kbP~;j_TEI+Ic^M3dFZ*3GytxrEloQZ?Wdh*~vTmOjamP zKIL+H@|CZq>A&qgF6*8>dUmtN@kLy>wr;zu^SFBV^T5XMCx2a2TlkUtU{uZ|jhT6> zeiN6QT#1$n*YMAL^tP(NMt{L^sd+Xxr?;*y`zN>KQb)dM_C?9EhYOlzvvt4j@2oRo zla+h_+wANy{?pA}moEI#OkS)wJ9u~X>1lz}($r_khBsEBzk`bl z_T}wfV;EE!YO&_al;iX7uF1X;@@<3j$_X(WTwiyEr5?Odwt8jc!R}f4brU%b{Tp#1#%1l}FDYucixlRVAnbIjYHn~bWi z&gZL85BbP@r&DzHn&_f5?xSWGjndSnE{c7%UG1u~6$6L*>)4oCvHk69uW^*U&yl*= z@7R8LTh1ie9dXe+P0zXOURzxD*?+=WM1_ZskjqQZNhoh#Cdxb{oa*+X=iQF zpY5kh!rcT%1xnbAaeQVXiuGvp?KX*1_gX5aG*fj-5cAVohopw*}TH2Jwes6aaS%)3U zzVt#W{C3)5j}TG6XS)=om1pIh*}m$fxY@;|`+kLL4?EeN1G4JkrZ4-u@7tYcrmDwR zuJx`Lw~;Ebnzq*L$^@pB{d=-|KeBgjT`!%TzvyMyGVRd(87KclzRFy3X5Eu>?hzkf zy}s2QnR)HgQJK2A(zCWN$+&g&%ei9Gwsibs;VpLRP+%4VRlT&WUqEQv%lix17cN)b*~E5r{RsxW0)PL{T{G4?ZfaXt z%QktL?b|Q6L-eB6C&z4?`RM3JkGVQieF~pw6dx{K7ypRAKhGv|rSFp4@A~e_XJ}P@ z4zH8G$-(|k_xqwb7U!#8c)F<-WgRoAGKoq(d-z^d!nqJBiZ!Qg zlPWzXD$W=+XO`EA8TWkpW3OM5PPv@(_E<>5gsQOA-aWUbJbUz!;YNXfvY&UwpF`)4 zp0u=BU2NYzr<)tM`Wg0pEswqW@bVg|Q=Hv~uZlx+qkmi4 zybR^L_=!2fPUTusWaJ^H;|oNtE%rNBdpaiO?iBXIyq_;aw*C#`wYqcTaFc)V`>0uQ zvvuc9wC^l+XD~O^d@$?b`t@h8KAB`*lwIPoZo4ioN^ArpCSSUd=-mbmwrt-nzB-06adlG}Y#-|lDrqb@gnnfCdNnw!EZ6W_;_ zANBby`()kxmzJ*WGh*Fo_HEUf3Z|X$GTB90i{E^( z1fH948bWD4|11tyz(w{XVrbXZo-=d@2Adg@XdT_ zbmz{|Z!@PT3m>q3wZ=};=@?G}g^oI_s7H-R;v1n1g#a zP5paOIlt=ej_qnj(~5Y~pV{rr+WNJ1YU>1j^)q)rN8S(iICb1o%U5M-Q9;$LSAQfI zaVQ$G|J*n)t8IEB_vvSH#pg|LWKJuac=+2sL4nlHFH62&xMZZARpgtz+&+h=P4rQ` zM2)M#%|xCfc{Ll($8EjxC+5e=-29qvWnDHiidF^ueH>@H`t|fWKk`HTpN4slXl6;nBF_#<;z~)i{7GT_d$m}>%kuNWF`A={h^M>T&v=n z6aHQ9)mu_jw%u!1FV`f;Wah|Yk<%IGJ=>h;5`H~r!knEs4As}3AJM*@t94I0+laGn zv8=Z6;f`m|&lhk8&%Hl4@xqH;9v8Q7s8u?mq<`-C#9-%LP8&H+ESZ$PXU=9bhyM(( zum0us-!;AFQvXzcww=#%J$7euwy_+STedrw>)v_S4-@xC^3T>h@GIPSNv7Jjx4BDf zgpZb19r2W(xF~A-yGM?@<+eT#O<(A#a3P_(v-hIJlRDFzw_;DHCn?E1Tai(vbvUb2 zs&A&cXm0yVMUI~#2Oe$odg_&Ri(}hr(_=rQRla>$ov(QJiOY>QnmG$1&8^mR-8m{ zX4V@;tcBk`dzbhutV_NUoFTL`>4NFqXVD6LJKsmGX5ng2{C%MGZO9wlw9ctd4(i@0 zTdR@$+vi4L58u?;Wv;3VW|ht9w~I44tkCtUq}Fng{}jd@A0uy>&KBOCsJtwD)#W#b zcs|bI+p=?ubf<3b;zcPu=?vFe1ZFI>OO(5^ZNr1-x!QjpMF=-u+E8@GGg83!{HeW# zftkNlwwK56@tKr$%5~@Lq)+u;_b%k{?th>5;L6SyF$r0jRWVUw6Zcs%O#S%jSJ2T? zYm4A%)~nP!^;Azxn0J_MdyVD8z3cS#1twWCTrhjdnT(H?`)Y-QV@N#tY6Ce>64@#{2fuHS0_wW zY@hRF``WU}S%o&)EDFU3l=lYhyZHXA#h;an!+QH9XM7PAnru+C>B@(_V&~&O%6A@} zH$7WX@!0dg1JCyLerVxd_#*ISx$*nbz#Uam&z4L-ypQ#=OhwTpO}&VJ9~+*pEe`$@ zDR6)97RT-L{HlYRirDrp+N4o;x%|7hS?1DX@5G#^-l*!iKCL47pmE$QZ6?J}raaxqr&4-Zw6ubkjkx@W6it zyD6UAj;p6s-tVaKF0Pj8;$XLtKewaP#+i57;>`g&csP$qt`0xGy*T1#jC0-+qvb56 zrccUu9kx9_v*^j3QuTY=7yS%dZv6deO0{~M$?Ub^p?$TMKGV*hwohI6C-x+Rz~T>! zS;|a1e_P!+&42i3Y37Bga~>(V#|KB7wIkuRp0(RZst;zD!VDA+DkY;H7xnM^sSVZ)`{71A6=|!GMBox7Z|*c z`Fr(Fk&m9ztY_+y)(dAehMLZG)9&7>Cp>4~R>#u*&66U8mThSbJ5|^fEgRlmr&#g$ zuy}mNhvofWwKW}1G8Ki)FUa2c;rmtDTYC(o}b5e9cw+)6q4xXkK$Kd;}l z2b=-|wc5cx`!?*{Jn2@X*QEW`w!CFQMxUNf4odi z@59u4Vzt(RGkuRv$a%0Vt6uQm=~?&N7T9V0Q2rJ#m|^6)>$THP#d(Hzxc>Z{r<;Db zpu1ah`Ih(lBsuQ>4BOvipLM@)KX0l2_KN67WsAjgOlHda$Z0J;ZBpdTX!>FE%l`}_ zb;th+{@5yW>-(YIY?n>D6KB6=dRq{Eoq281H~UTPO@CaMpMH@2`}A7wBZg*S+z&gJ z8ZTVe6Fe#R9R@)P&rf_;apH zeiZ(e`(xsVQ%|=3Z9bcIdYAT!kS#fu@8hF?Xn))OcV20(!4LjNBA;Vl>h0LFg$UPNDau<{g+j^YX3^F;f(O-E9qTNZ3=(e{R#fS zdZFnr@3FZGXRM|$m!y=b%WB)NIw|ce>KE%TdqpQQReSs1^wUW7X7d`&x3nx%b|Qjj|nUVkM7U4Qbhy)@Aqf z=F8WQq%3EN));x^Di#@4d1I4$s@0tuAJ^URv&QYL#kx9=oG= zp`7@-;)p7~B|H{s=b5%8&oh^_pPKZ=W{s=(%9wxe;w&T&u3WZ}O;Abg&DWz&Kg3zm z_y4&1SE%5V>72z{$De*%vel;Y;!}gKt66t#sBp35F+5u#fAoFJ$$XXR-vU2HOg>uc zZr2jCSwq?MRK?{(ndNC8`~_0ge{U_%oDp^E#gFO$x6A9KG$*V(+~@0>z3OLBP9+EH zj`cA=Zht6EYKnfVb>*wdTUqTx=}qsnx3#_5^d_e`cFMD5Yrbpgy?0)}^@^@!;WI;( zCs)p@q?sjN7Cj#MYSV4IyEoJud~ST$LDPT{PD zrAv5QHdjAvkGi#C-o0ncDtSwH^Mn+s-O3pHn7i7&H|U2VFh zdWLer#-{37ub;FQT;k73S|F8mhq+b7=wqlP_p2*U-kozyop)k`>b{uJEg!j$EhwIN znO$`8s*1E{8fR9tPU%0jalXe+W;Q$atvPd2dS4zo?;LeKQvbBfB+HYlubDRmappYU zxUNb=wY6-+Im@##8`4|){5TJq&hC0q9vl_%YOS7f{-YPhZ||*jEk5?d*6L$KSa@Ty z_Osl_lcU1EGyZe>x#o`FEw2;*nx`LIRL`&0DW&DMDt)MlT2^JV6&m*Fnk zbdAkb*-c-@i%GqzxTmoo&wcr|xxWp6aJ`TJn6&nc>*V^v_wlh)gQv=zoU>UhA*ezRUO6wYVaFh3mKHZ;5}C{4x4b>MZ{U zZ$(ZD9se|swdSe*8{dz+{bqe|U36ACs($^AC9SU~WbbQDS6%r$=xETw3bXXgdbxe7 z5l5zNtXTAd^%%p9{|vq5ae_Z?e=PeX+NGQHDd0)*o>@;y-rux;tgyX5X4eHZGrNSa z`S}db_HFzj{^9l^JMK%1FOw5pf1AGOwQi2ti=%AL`I)ntUeB1%b?dOd)PIKVcLpA(9I7VA zo@;y<@n`y`4`mIFSKemMmXUh3Y2z9l2rk&+AK_T3*S;R^8d9 zeCm(=gT2K^r(5gh&f*re&^atq9q#=|H~Y|jjz0z$PbyXJt}hp`H=ZA5r(RS4p}l2o zwA+Uq&0-4)HpAAa53i4Y+<#QIbX}@vUh2esApr$@=AYVIC1I`WZx>v2bxKYAquTi6 zyDsjTU!0e_@z~zBs_^O$j~{&5RlDi+uRqbLT08|Ce(!s>E1sc-ZS#lTMX%!&19dON ztVtk^OKw`s1^eyxZm`>a2MqX0bSCn&s-LQ6UOX%@Q_o;iG0BD*O)V1|PrZ zy`tOV?8!(*y(cMOUdGSezp4I@@K-yY8kP1(ZrjTyyfznP@4BCHSHAwh)wkY{%8$i! zS4_=0x9QLo539+ip1+Rgo$=V<=G=4+mHw3rTUSb`2F_n1#kTI(8rJ6-&jT-R>#url zQ~BHa-}(E(ExnJ|x7;%QGO70Gla2lc{}~Q6oDKau`%mJsAKM?g_P)tEU$n8Y=+u%w z_jazER4-XkB|Uw!_=A)3_Z^l@T|e>Y!>3NUGFw+(`F7TM;V1jIuKyWWj{NO;yT@vK zoX`h_OZj@LhqrE?lRPi`Nxne+L9usrim!RoKim$A+;dE~Q~CGmdC&IU`@7N3wxaHN z$hM0%_SQSMOGh^uWl#B${M+|cJEj z{~21+KD$f#&$-#z$R#3tZI?!R#VUER79U$v`2=VNyDpR(7x$?<8EXi2P^xw)}_naxmG8${mLVjM!WfCJse*T9$dF{UceFUuw^q1p7s8W z?ULUd|3}>Z@$^Ie(!T3|9J+Kqdh5;u^R!=ts}`T*;}rd7-@O09Q~$>BM1`w%Tz7Bo zW_)J4_t4w(#n(-LCVo`^Ci`RS1AfD;@f`P}TiD;bPW%<#pCu>oQLne+!`_|)tBXI) z)4qJ@`iVlpr&B89?-XA<7`E!?`r=>GKZ^e|upat5;h(D8%G9cF+gWNZ+}+_*r@pp| zzkUCM1^2n_RPX#}NU6|1a?3~OIKRsFlL!91{yE2czu?Qeg9Q-Tk+CGavoIje&|1)sh@6B6q)py2E zmZ09n_h&sbz27~5qk3EHgZ)2BrB5to{?2vt^}YR!HR8W3>MqFfT5kDRd(ful(#E9v zsBin5_kRf2m#e4`>3jSrye+5ngh0=d)m!`R_FQj|Zksf@pxo4Zn$?lNMce)^-Jg7H ziaYzk4!iW*lG8*bP2bOB`jPk{{pdfz%^!2(d2$r`zA37BK4tziuWi4)zWswW{}~wU zlwOyKOZ6WvUZRr9vO2SAr|j!5`@cp1XK0#ScT8UBpWMqTvEGky=lyqX+w9T1ZsCk` z4$oOWc0Hfw8aCBjU3$)ql{NX7oZeN#_~CKb&JEY?)Aw#G_|LFnZ`b7_58DbE zt}ptm710l$ckav6t ztuFs?-s$?{Yr1Nk3CySao<@Ft$9T3Ve)IEo(`tXg$b09Po_wOslp1(RFD0!xW4?sRi$g`fA19TV``ijSNX7>v0}OFHIuXUK|S3omfu%<=O4AJd_7;~ zEGLnSeHrhnZ2mKB7MZ?F>&z>&(_(LTyp40L{%z=<|LB{`#$qbrVbMh0A*~yY}{rs--eRGMbEgUx7;+*D!km4V|Herc)p;;?LGN7*wPLX*quDH;VGotMQsQUp6!u@+7yYCDaqvU#AExi$GAuZ? z^xQv&v$gdPYKsre7p}3D{kr#!c$e9Z*n=DH?O4BXbyLxT$?nf1w=9<_J{pi;*WOvN z`kUPk*N54swYk@Z`5S$0S~S)26=v>C#|=TziQnk(|uN_b3dLx8eFmXNZ_<- zfuD=7?b#pjccu;N%BNCScfPX@U-v`(fSkq0mTtD`3;ngt>|P1SU4GDiqx_NH!sVW8 zf3$hzEb3Ews-7dqmc47L)tATb?j3iHspD$j^`w7x9Y>ALjvwB|h0A_e6?0`3R*JhG zD_4A_{iXYXeU}aA!}TpvdhPbzI!cqcO(O;0g^1?N`QTgg^8r8GzjM3loAXNjWh&M# zzH+TBLb1ta0=xhE=W($gr5>96byNHBZ?p12YoW!JEIc3MzHytaZg1E5YQs|&+kW=h zm%{CF&tFK@IDQbGqu%r7Q?1>#`H$ngKe9i{n=F2;errbg%3|5QP0rfKZpO5!Jox@f z`-yhF@GGmlMbjq7dBpTI#9a4Y;`!Lt>1F+36Ke)=I@X|vsli8DJ zevfb6r}V@4$giZkk=ff$onksId}h^&x|XY}&*mRA7u>pU@w&`)OA^*>*X+M?{gj;S z-x+llv5}su9(iy+{eDjT=foKCBi`{66-;5V=^muc2x6eG%Q=w>?xsCZ3D5ttDUPYTBSr5Vq+O}b`#=4cV;mtWVP*B`f+$`0Evx_*6){o)O6mWL0#lwYp2 z#ZELk&irHUmw(Dv7f;}vqj}<0ao78WbJi!9FE*Oz+CFF9H+!c&+P@X=Qk7}Em zt)#nWw&*fzXQ`i;za9DbzQyD{m-k0u#~7@AIJSa@;C31 zyLQ2{PrHrvDj#2M_9+v7zL&F(AMs9HA7y$Z=-k3dPJZudUyFB6(~5b#xZ!YO>brTf ze@p)HobLDIV&+HVBcIRe&6wsdvh9f&#}gSd+w2>5_BF8|%6tBJ&0635M1XZW$D0!( z(^#HvjEdv|I)2xEbIX}cIc!>{s^w-id)HMg)HC_1c%}5QrZU63m)CanH`oha z{U?-N&;34caq1PdQ!!`$ERT=+EL(m!Ao8q=k#=fCpZ`MTUtuv~L6O4WGVdAG?<$Ph z;p4xlIVgJGvrNBvsVtAa*nU1ZEvUwLe|PA{k14)N>n^xF_|FjabWduj-P}iff?IkmvtVWt{%V;^7YY+U5scKkeTfXgZMm zaoO>dbsjhTs+l8?-ki6#YKo!Y_XYjMe;5C={UQB`zbU_@`)u*s>ArG`3eQD9|7U0| zk&So!kYcrSZ(+90eVdFM3eDF=GhUV%SeAFB{JMG~@6m6IEr~N4A6kcpvaL|N9(?M^ z<>j#}++F&9AFvnunz?1APSQ^1HyfWRYd(2w`l6nzKJUFiCimZ|tL}0pwY(KPf6lIL zkK5IflW+IzVCda=?$-Iq{@XT8oTI>QdA2Oz%yRdK?xH@MruwR{{Pw-YKF^-zHQ&Z; zsp{jCn|0KcKdqY`@^?+0Ky>DM-Dzu8kNoD-y{5(@S2!vA!CLE>d6$e76q1+m#%=f* z`pB@-^Sj!vtaQ`mzDITaG(LP|z49#E`NjM8{|vH!gdfhn8}|9gE|&0#cTb#U+Qby{ zWKMC6c<&$YwY=%j5*-UG|?7zgRP| zY3t|E4VPzK&8Usz7Hv7?d1}`8waG#JE%Vf>?YG@MmE?GJcGt5#?u%nH!`Y-`U3|af zT=#yQFZyHt5f70pzlp8KPMl*c`lUCwSZ&4Tn3yNpO$Ymc$CuQU{Rn>`&vR?GKbOk% zjYq^H&HDGgp7r>jQccAbJC(OvW*imWReNG$ZDz=VmAZ1vZF#O69!siYS-F1C!y3z# z_im}*{8AmS>;6&WXsK1~xBV(7?H1N+wJ1E;_-xnxmi;_?jMqo6y?bmmlbEvLZU)cu zOY>`@K3s3z!mIq|nw9UNQ;VNX&p%arG@IkmW4`PcMUOt$*ldgs|5k52i-tFS%7qj%l;@1C!+57Zg`J5klv`KbG>)cGT;i*vlT?mqIzXnwqN+}Xty=Ev=H zIc~X5^jMO+TF>fw!u`$L_AbdhySifYk-*ig{~4zBS%v3n{g|=r;=@OY(^u`;-(=B$ zGx?Am$B*a-y5Wbd{;u+@Eq;13yKqZtMA_L|>krS5n$1(Z@Tk#1wM{{SuZ7PzUMqVW ze`fW62BEhO23>wm^A_#pemMQe%^E?*y=g)#eN0@wuJ>o2eNOoAv*Tu|hqq)WMlbwm zbo`Hqd&IUaKb-TItu1?X*IhLK$9b9CB)iajQo!zYp0Bj; z)|vk}{7?MYeBL#;9Qvf4?kiZnzPD%E`G@h%Iq#45Ok{fg!|Xb5&N-taCsj)hvmU;x znXtc7WtL5wzI2wI{*U&`)u)%VCjE2?ePvV?e(^s8OPy{-`N3Z)#XmN?dB3RmbY%YF zH^nhmuOC{^|D!tg@*dBnx0OtS`i+$K*Q768_xiY;=#T1knZ1Rn%S~6*7<2pxsD89p zB02fQ7Q3n~mRcrNz5Q>~f7`k)-g<1w#K?~0@0EUAD1TX(edPYu{col|+U>aHbjtP* zoXmDNwyl4DZ=cnViKhK6{}g(4)hf5#ZoPF{alP9Q&fiu)iXVMj`*-4k6C2+3>=t{m z^`=Z#X7zL{&6FRNfu(ca)cP*^cXR({xv7hn&0kirOuIsNF_U$nptSpfb!DHw&HOvD zCiii4ym;33XP$2jpWcmeb6UvWxAn99k@Yvtem}h4^ZfGHo83wV3fdnWU$|chYn%Ps z(D#w8>B5U!X19m?FiQ!a6+ZKFt&AyGrJQW=w|UpyY7=XJSJj=CDmL=|Xmn-M$E}QN zEB=W5==`mjU1zlKqk7{WU-@rS{~Voh*CV{r{w~`-fsgTTTC*2sP3K-6b;r3}@XkpM zg}(*aTYo5isEf|kdK`PHl+Am#;>4XFd&0JS=CRG+ypmffu(@zv&tH}w^B?iIU$c{_ zwLfmPC*aoo_0!hQnf%T$&h}A0SKXOi?rr;SF0FXPZ)7;NciEk@Uu9h@e4qE3{%4TM zT>mh){0Q&!qo0nQ`FX2$_4FMd^mZ@L7Y`S@^Ca1NwWdbM5?XOOIX4T3sjHt1> zl5_N4>mzB)4*7z8oNMAcwo4uBntg`(Wa>{@34wa8kG$rG?9?vkDqqRXOK;Qk3vHHR zei`fE{`6zr>Wo{d_ZI3NNqHLDY4Iz3V$abFi}gJ6YUQG*gsqg%HP2X_?z8J7-%iVZ z-x=DEd*pmGBL6slly8%`l_l1Zb}fFtxnHzD!pA#g>ctmvdOsGfujmuo@F_O1jr-Zo zyXHsilrHGj9hg2lMrLK&+q3Bv^^cCV-AbSMXs%dviPFBi7r>8bM;`)q}TuzAr*?Vq{Gffa&V?~N++CY}TsrE*zkb0T%`U#DZ|G@h*Z2N&fA`kpS%6i8 zcDY=6<&j68ZhD4O`^!Gox7LWtF1~x?$NDon5}VBDB<-1fG~h?lMY-}RlF27;-`#sO z@qSHy#6q=i;=zBfz4zbov8;F9OT$-eid*}nuY?&l?Y*?|vQy6$ef2^c-ys>Z(X`o^f@N8~* z_0%&PT_tszuZw>E5@yEcdnw}hobORz`y2l=NC-bsWab5&O&vGHkqT3(&3)WpQw+oy3aIIe1u8y_| z6I+#coLnare|vW9B!9z2+dD-!Z?gEQ{Cd{vHFfv5pIdb8l7&K=y~#>>`*XW(x9YWb z>ns+VzBhTrkJ%5--x5DA#S>nYyY^JfA;(E~mmbhPzu)w%bM^0-AIb-}w;!#NeZ7Rk zr|7`#K3fCr>Vx~Y?b)s^aWyw-mcWkt7yI{R@psp6UGn`_(9s8XQzB0#YuotqJ^0Vy zJkP>pY1FK%GcTXoc;}kei_iC4_v!rIwWo09y0s7Q>MpzF@;mbB9L--c^DNfKU9~a% z?U7Zrck0=B6UrLwZfuTO)%g0P>7#!#f0yp5fAHHg_m5?RsY~Zx9}L&IUL?Eu zP|6{VciwW^6Ry`u|H+&>PhQ+*^GU=146c(jnYH9>W@`lRnJ`Vc=PD*?0pu# zD@@NVEt}*}yvev=!Q+pniyv;;`{C2J$=X|j+-|2ZH_!RLUiJF^jP)H>J#Lz&nuqlj zd)m7${mA|(A9N)xajj2ECZF@hlV?*U)k?0P&I)XvRBoH}@A0XIE&fgJ>epsI^o`;* z6WuZQ(1bf1-=7V%Y7xGv)8ybN^EouRP5O2HMw{F(<%jI~Gs137`L+0-+al&|8Yv11Wj0s-aZj`{exNL~p?{-F z`sr>7>y1}_htK`teb`R_*_6D61?QOUu}P#)x93h z__q;8R*f2~ws$Z4(W0YWB%z#=``q+d)cJ$*0vTq;SsN-QpPT4bwxzXxZpnO}oOSC= zwnggKWn6z&W~+T~W2fD{#dWx+IwN1neZ=- z{26tjw*5_Csx5k#9zF8;fp*Q=*1NBNT(dp4|52^oe}+?5Jw}n82FESSepQD}ecro9 zZR;lmMn{R7dBy&(B`VFA9n)v;YF&F}W%-B24%ck_`8)KQn%N{1Lm&3HcgY6N9mdFuQtUG&V2KTaQc3hrhXRf-$jw!86m>W7G`$$l26 zL^8MRnkvJlwfg%umw1u?3>oq)Ka{F-?YO7RdzQ&i68zn*lHD}#cf*};#0>)M%d zAKk*mmRi8MzOT-pM*YXskHU|9pZA))e!eYIZ{~vS;i}0eU)UDLegEKeI`V^mbF{}t z-Pd zxuBdf!7Ot6wLLwdo?(+SUsdlcQT1x>*|P13ynvnDt9stNW!tuOC*M{0Ipyzz%zq+3 zLLbG(`}W7Rhjl7#JD4%c$INzRP3)t3;n(Hv0oNClGp{yyG(Y*HmdBR-H$S=-+}<+r z;QJVZUXR^-&--bGYDU`n`giRYtkHdVpXG37^4imCD|hD|oTJ9LUgG2Qqw_n$!Zxn` zbXG-gX3(7HYfEO$yqN#~*89MOBlDJ|gzBdLF-zcm*3NyA<3adFx7}eEKEHbKX5R9~ zm-~hPxcp}ji+Z54=C_5a|LK$K-v1M}7kFK#w_W_A$CJlT6R+*ucBSMre`oRirCW;h zofcLV$2Bi_HOu$k_Uua0RqG^V9_^bZG4;*XSpK=w#DeBdepPl-Zgt6vOE*3DCmcVK zU4H1=JhdxZJ-$5Y%Ds6=k5Bu;9>w)1*L$Z;d>Qu4H8kLm;^*4z%Uk5xvVN8R%6hx_ zc6$)NgMs#;;9o~>by;WMX6LVcRrB+4K2OE&hi{M1U3qJ&@wzX1R$cuE_X~U#XuB75 zBX4!w(chuboL}zRE5(?dUwNn7_ivCg~WwN}kcFj}f^!FS<3K`y78U&b8oe!i<-;FjuU zQ6>M6>vYzdht8W<>Ni(Q%h0mFdq4l%uf3wnFF3ZnyZ(K`4he;x54<&;zl;A^U;9(J zz;2=LlK$GI+L9BirmC-4fB8RyY-X`MTkRt5Qu8z;iS>0m)}PD2C4J=9-}%S2-?#s| z#rjiJmhtJ;-?M&2@ouXLt+*BLexiO;eoO1|OkE9<4L0k^aGNH}!Wwg>6Z+(aG{h)nW59es{=By84Ux zw|nNVN8Xj|US6-?ZIs-6@VMyfbK6yfUsYc6+j1-0`Ax3!w}l_tk8rrnT&mDVv1$2W zb=`1{`JuaUe`i(yu3V5RJ$>E#tT%hIAN=N*d7;1HRk)D5@CKda*T=G-d+W3O*mnJK z_#f@x)|_>RmKVirn!`Bj=bJDg!BsyaUq5)g&i(ApH(|H-w|tpv=egyrRB*10b#lZ> zTjL(Chc(e3jV}9K3XaY-3ocpbw5FpXF8k{8%Qn^vGs|wNEi4cUvI}?lef-{xePSPc zU(c3xIwn1>^!HIW!#F>6-nX__l`kE9yz;_yn}x+s<%MFh?R0i!|Gc|rr?i5`<5{~O zTF;F>I9c~@<1|Zlx0vR5|EL<mRK!}Eh_Vr{=YdS#QfxXNv3?fA_vP~-DKzfFDXrIHta)}Gm@J+FK6 zS)UBA=6lcOwARU+E*2R*8hZ*hIxXM9wlC$Xoo>a0*PA%DayOh- zW>q{dGwb%gzYG85FQ~}MRf|sXl=b`0QE{%g>rsv6`j@w+J_(=hRX$D4A-r*N#MQj? zg_BaVna^8o%Y5U#CVQX3^{?{Q0aw&gBX;r}pSLyIH#c)Jzf6Bqn;2hV4s_?D*55DKQ8F^NB&*_3P;f)0z z-$f5qG(Y6q{K$3dwJ+JF73&uAN^m(on0S6^$Oeh7!m@BV`Hlk9S9PCVD)y~i|2llW z$hxm>yX?xAr;CWo{AXAb@ryZj+TxGuN2Of%RGq!HxG1?-Onv?t%TQU-{-tt8KLj81 z^JYtl_thQQ^t0;FQQH-X^Y!OUejE4k(O&z9b-fQa)~$QJeUf{m! z{I|WnMNS2$EY~lr)2*nw{qTBs?iPFAqcXQ-pRS+H$ishglb=BS<~yPC9se0NA6xj? zzRlpr@k8Q;F)?cn_-6(GFz(|`|El$6qn=>-M&mOETR(Ia#jKsrP_f?kx7b3xxmJ0t z$AV1{XKu@VSX=k#8RNfR`}-{==hxOUeiVN=ZE@wYvyYmWKjY5c*7&5O$!Iy-p7!t$ zXOdo}w8gCESyz31XUm%FyOj^Fn!Gz&a`FkqJ-*3)61_8YR_)#SI`-UJt5;Gk;o{|P z9ySdt-ro2XKKHiYwZ<*i*iYLCM&A>^9`)XD`k`Qh!}ISNeqHbRdgVdYV)n=nPo#7& zT$_}Ccgx}lRmDELt|~M~cxPXg3wiyS?cMQ(q8H^k;=EUxHWa+p zU+&%U2kW#w&QH7lV!GuM!ArY8d=35{c`!~qO7gxyjqb|KY5Q+gWn0XQ5NBQ(wemr~ z$cyjK@_Dj9Ru-KyJF1^`Z`)OUwSCi_uFe1cahu5gkNRGZ|0(>a{bTuvm**eeUTC}8Y-!f~7oUz*CfH^#)a9|7 zX{Yhw+RO*KrCB33uN{tYDY#?7VGmIUcG$BTKNv=qf*xoch`%v z3*XJ0ykXDw#LugquPy#3^-;df#!L6;z1wLMn~Vi7zm7T@%Xeb$hvMVAzO}FS&tG_F z`^}9r*LFTwSF3&Xk9G9}`;K2r|1-4N_&;2s^VNGb`?kIZ8g~NQ1F}!}&Hm58b^lmV zwCM@4?-Qp)w@L=Bja6&sTb%xAuXV_-D?DB5f!|tR1lw&{vTJHxu(4P5;T?Q>%U$Wi^1{mf zp+9=_C1(3EIPR%AV|-}V{uMu-yIlxf@ZnsOpwdr{&@bQCR(H?m<#l`Zub$7u@Jvy- zjOLo%v(NLX9`asxyDeS4X^&}XPdf+655es{~5S- zx0Fjw+rFZ0YJ_3t(v#~0H*dMRb*h!|tBDaRbD8FZ^L}K1@NeTo?u9FVOb^_-V^jL6 zEx8jO?Rsq2@@cc4=ht56kZO6}TU!n=&OC95@%7}eb$>D!{0L&sfApV0+~KUm&$o{g z>Zhh>@49nc%-Qc^l(%-!4r{y5T#w(?$^VGUe!qS1mdTzy(2UtT z@~pF0OxKE^$ygAy)cw@ov))_VLawh>xRN0Cr;y`GaOWbMI@5OBzpE8L%{Se?f>S^7 zbNR$MY|IPgw)*_B+1X}xW& zxLnhkTgP5YcA3c*Hr|{3S11t1b`{ehRwwiR;rUy8i9@*h| zX-(!lzRnXnudHLM_qRC7UkyVekGjy(f(WE$E03NJN@upH{Zm( z`x-k6rz>CE8J%f5dt3F{^4J}FcTAos75-?x+N`P4^LkfTywq#l^5NWkAvgP{i>ty^ zt{ZtPORsK`DJqT#j5S@A)9`@t#G1RYHO`g4Pgk2q__Lla40tqgRh9Jidun~Q*S;mB zOWcnPIA0_ER>*hG{70ry(k2_Fm(MSm?S9&E!uc7O;@3L6s#ynqG$}I>EG#hMb6WX2 z((|#bSM~hOnX{_5eLnnXovhHUNB%~S6rNVeZOuD(?ADE$hW$QVtqWt0h5TpWDfJhR z?Y^6RwD=(3{U6`l6{K!l`X^SAe|SN+bm_#7bI+el4tumi;Q04r9_ReC3a{t|XCE|s zCiCFp%9vY%wry*9<^}e+%I9!xF3c{@&*Cu-jpsC1n5Dgnc(zzNUAMNN>_0=vwPSN@a})&*%wXQXHvCGdK5tgx=EM1$0;=cn z26l&C%1KUC$@6&Gl_#b*)qA$N)s`~DJeI0Q8@|?eRy7~{HcNn8QM!CJd@y^yQt-{=*rbWJEt!FV;V1>t-ZS9*0=1>yA{>c zv;MMHsWxToliv87ZDztm#zRVaTKOBJZ#r#U#CklwYSv-ry;t8mdRUw|_(k-*)%3J0 zmyK^d`t<2>&bBpo3K&-2cG&mHBV&s3&~4&WbpF!&Ud0I$Bf*)_GkZR;P}tb zYV!PAUYh4S#h=agu4{JQcV1-R8FTc*^Ml^i2jx3#^6SOsE~^^g9K*;YPY>u}4tq)e?Y)FP%T+;iRAdbY}uBgnVAt^AJml!v_1$}kle>=I_udZf2Et1 z>eJqasLaxLuSjQ7v6MZ(G=BTEj0-y6yXP5)>X=;J)^f7ow&$03S$C)3{B$PbsmFq) z&!Qa?dzZ|X-kr4UQttY^-27SBpX;)#`rnnguKLJd)Svg{rMH{+-p)w8A@}uejrfjQ zLDen$7!ih zvZzl!H>iB=ib+%d%Ux=E4O$tS}-t%il(^C zvi`lgmm$N@wXE?PPeStv({r)0cTNBFE{g1*!DAt-^}T&TchsgG;W2Ch1y{4YcbH_i zZr!#u+%Dpd$LmPbq=a<=AMUrU-Ew;Ix*uINR&($CXVAL0@uTV1dyBShGdr53|GnV_ zZ{peX`bW}h=Vz*gJxq#g+O5w~W4-gjW8dUp+x_K&lFv3xSuA_@inQsM-O|Z3f2JjW z+9-M@W0&u-`=*l{H1|nN-YWdSQ&7vQf5xcy3ErvUM_pHCiJ)6 zjRU#|SKXSnHhr<%`?<#@VydouzdrGxSOIql(*}Ls9aDYpES-D*X-CL0bL|Y!C`^^1Co|&UQfN#v$lut#_H}(O3Ra#Gba3JSbah?+vDQ1 zEAOsJOlR%0TrH6K$Z@Y#O4+*O56`#SZ!3NAR(Hx12JgnpvpUbJxLWyczEH>gL+Z2d z_Q)j-3|01Pt8$KMJU*Qu@07KyGi#UWjO}-f8u+x$L#{m8HTz_DLBJ1{@^x-I`%bt| znf5{Y_@PgnZ$nkKXWSP^_$v8j^@L+e0sRM8oLR9hBw1;Wa^fl9?uC)6Ep4A3v(Bj5 zcXiFCpN*Xbj51v(JY|plw0l>DZ5IO-<-P)|tGR0Dc+IY+Omes+eEIiQt$Tldm-GC( zsM{H^v4~rob9Vd;=CcvgBoo<8gDjpa^>TPii%;pF@qO*mPCfaQ+wQimg`PKOYus79 z_||5_K6e)3$a!j>Qs3Xq=DX8l@awwMw~sD8+YT>$EXuQOeuiC27bo-jr7A~Hg?@N9 zS#}GXch7?oyQ}`k|7lyfwX2l9I~ZA)dOkoqI{4~Zlf7!5?+%8#yzcr?-vPR2=?%ZrdiuEIr#W>EWfT;SKPPb(T+>Itr8b5el&f{N3P?hN7r3rs5$*Q z^5gA0nHR+(_QkQe#%y!j)hHVMlzC~$6;snK7D6fV55F$E*1FbPD&cp?zZmC9g%e|! zPF-SVrY-ZvTvVp&TK(a@TBlwe+`2P~!`-3!%A~zVeqEogep+h&^!u|OtXA1#z2eZR z=bj7y&boQ;&EbXx36Hkc*k|Rxk9!nk;8&1s?Y%YoM2`=LOwz9Td@s^&PGRhMtot&C z*V1_1pN;0pttEF2HYQHm>z^3$?bFOuj^2ZHSg-Ug0hj%cOAa_`qq`r{wG+HO;;{_acXg;W1sP?t+@-u_h=~H;(YLE>!ibPdJ>N3 zZ9S_geN5Fj@iS`=kNl-|nYWBjsxf`2ezf-HZBDzO`N7e%VglPDTAUfK>AuK5x!|p~ zdvt|}Nrk=FwJn>%YJYPcXIdM1)7?ZDuN6{n7$^Y=PF^F~+-Hz#*%OjXd@ zmQ5=aD{WchHf=j8m-SV2X=Wyi_VW`Jva8j1JX-hFFxTW@*6nrT6A!YjcX={*xf3vb-Nv*V3?smHoS*@+S= zdJHmQbC-Bab?7eQTKz)v*0o6|v!89$GMxB6ut?VLx$>h-Q`FdpC$iUJ^SLM zSI<5MDel}n&2<0T$a}9^Zrwf;l0Hw%m;3OyI+;H2)7_g@mZaaP4vmdEW~#C#(=lfw zqw-?~{zI#>tKME+;xp~(4Ecv5C)Tff$Lz(a@I_SE?VP#g`4ww^&6zZ{FFaIxg>}b;ga*f@_ZCi(5wN;8b?M$CVoTSho;EYcKJkZjz4zKz4}-NB zpUnF5^xDH&FLR}8jtfYiO%D^ZPL>wWckvLr<=Ln{?Ql5jXRw?x^CwD$M(FA-?e4dH@D4u_?CQ8>ngl(G2;A=DMqymCHMoZzOS`aex!PL z+KgZMxB92CS3P^bJY&v`bH!KEHmUE;F@IrOb*+nOlAoEm{+9iMf1GybY9Ic_Z*$J_ zmK9&t?0+Zhg;cL4M!z*lkl1akTAK#n&*2wT_ zkyXNVd$Cm;=Wa55d~JDql=H=3^E_8YiJr<)JzaS?!6x)a-l=Jp&qX^^i}(4SIDTz? z<;|Xb4$3Q+pW!l-)mxow_d5INiGO0s6SBU|RFV3U?s6s1B`^H1+~X_1q@I~tPcB-b zaO?3h>#McOv0DEblIKj-y5aVYHXy)*^`bKSoudLZkw?cS4((^w6nyPK&Q^A(TFg!U>Q z2{-h9cKc3Dbjs7XyC<~jxt>lA`gHk3&lAtr!7pzuJ>{pw-jJ;xIbC9PZ>W6 z?=2_!@!#}iKl(1Z$-njfeaN=A>^{%_2g~KyFX_%dbYH+ubo0wZv%eEJDllIVzO<#L zH{z5<)yFD1$;b0=6o+2=GWiid?|+6P#|}&H`7J+V#dqdepW}a|uNTV}`#hiH-R|s~ zP9?use;dIoQolRxGyHF=MPFX`NB!fSUozhrJPVh`9r0nmT5I`i*IE0A{BJ&fyrAE+ zkGIBY<3$?}gU^R1Gm5;wBR4mj)oZr&%FbnV3BC{XWnYTtCRQ#!rRpc^^>F%!75DwF zmMrZ4%_%bfz2f>y`EvhGfBf<7OGWXc@b>*1OD}kAxc23ZiMYkf9bJ!2-`~7bq3`F< zQCR34lez0|9O83Nx;kgWhH9xx$4+J{KPcI|J?!U+;Cb2ME?1Nz4TT@8?VIys z?r)YGwL_ciuxivQ{G=JraOO-R3C69Whs!Z4xZ24`Kz$>#! zYEKJqt-Gw$`!DO9 zT4|}ZczM+CxPMnuS?;*l8phRr6hE|W*4-@=kBBQP=UH8wxXbW|YDo?I%FJ-9lt+>e zv~KUXdvA5^%C|F~9$a7iWBZ4s>WY+o+ZuQqHsr@=eaJ08yKU;jNj$k0D*bEAF05L* z*m}hyMU~5DCH?{&@;nva*8cW&)mxm_Q!NudSvILUGxBlT!wsw@aZ(?BW;bm)F8g!c zNyn%c=ay?%$?lSUd^)+W>d~^z9DRo@jpwljZP>Ma|28)BCw#uqTYko{)_gpsJv%MA zEN0S86^9+?Wx5uZE_5_baesT_*R@3+2i7QZ9(WymTA_w%apU!S%jX^IyzxxW#$3#^ z*Q&2Lq^;K^FQB3NulCv-2A4im7iC*T9GPTf`Th!5+^u61*C)@9IJ6S*v&2Z;KR8?axL#8>x4YHT0+=KZS7c^Yv+eoF4!Sn)SUAI=p!AJ=#9Y?%8U zMuqBY^50_HyWZ-UJX$y1yl1CEGQ+H2?GOClynOhdp>-SQiaY9aD;^l={!!b0*ePpv zx6!dj20OC+YW>|WpN@_=&NYXnU*fnQZ*i1-^W#f4sw;2ajX$b$tLKx=bX5jf6Qcafp97G%soMsnZQdWS;Ff8~)I(a}oF6sN->M;RhU6SW2v0{-`JX zdY$6slD)R7pB8K{S2S)u$ZUElOCaV)`5~d%vnzSN3k#nuy80vX<%6kr-wgQ}teAYH>hO)swqpmpT-Rh+YM-zB%HOm`n3B(hgaM%G3qr7^-PhF z)HwX}(f;}V-Bp|7eyp4#dz<6V;e~5=heDp~X4vh~c_58of<@0ey_JH2hK z@0m$+9%rg8yS8P1pS*zTZ@c9t9~aszp41&5@SowJ_CB@>a0pE-7-%=R3i? z{-fO2FJXIsoBXgo_I1>iR4AT;O2nlSvnT-f@e!>ib}CRipjeFv984 z^P^F>roFnj{Ku>>zTB=K(wh>+s?=u6IUJmzul{lU;yvlVCGTh6o^@t^YU(<^_un!; z)^2H4y39SHLLq#yv(3RrqCfk^w#9aLZ+4%aWiFiEa_b=5#n+)~7xEHX)OGw_nf5+^ zxcyD-N9kkx6x$s)Zfmn#Ua%td0blj?OaB?T_dl3gCRN{|wCP9tqm1Qq5>E2&cv$)M zeaw$Dzq#AGpO&ZH@R_zZ{r!vn^ZyyxYotH=_kB&-wtYit?+m6hJ4Amm{^t6l|HJu% zhT8ha`rK>(E!fy7a!Em3^6Sg^fC}e-oYOxXci-5R?Hee}AYj%Q%YT&r=I@9551ntl zE+q|A>EIJnvS1UfXGHmyVaX zi3opsJkNIZQPcaJS@)E-S{3+bhqb3Hq{9LVY=2$X|LFYqes`Vrmh2Ue zOnN&R*^_V04duOflt)Z4w7g2LaBW50{R86Xixbtp^6xa8U-hge@MCw>_N&W2vYtJC z`|Q(>i&GvnXfM3J$1|Hzdu5)M{T}VZ`wV|9tZ`ja+wKy3pn&Q7>nOKH^E%!wZGT$# z@n-$u(2BkrmCi@L`?!})`OnZBcHKVfy_o-UiM2I>rMv&_Hve&b;=u><5-}S&m!3WU zTW!t!mU))9pUsua-D@OpxoFY6Xzi>KFHPy!Xo=nxEYL zeDdD~*5OLi?25nZOefC}CqF^KZs_ zrH|*|Ed8i`FnEvE^7iLF3!j*z-`l@TUm~hT_<{-N9{bdXv(*?2XB=SVU-xdw^<(p8 z>?HnJ?)@lw<+xv8Nbz@B$5r!+dk%zbT6rdpo8z6@Pxf7tc>fSuYUwKTI!D`huS ztStFkf9#+9&a+GJT%369X_0|F*WcnF?Y~Xy&K3M{c@_1&$!Er^Ok=x{lb6v{tsRGw`)KA<1krKrxWih!jNRWdB5`gIoFr|xc`si=;P=J zseGOvZI|9KPS|Y_{b@b_$NPVT{U4uiecw~`L+@Se{-YwPo9wl|X%?oji@&?Nbmila z(~o)cYHdIG|Kl_I@$unbw}^l08QY|e&YAc|aZ``+{gvxBd;e!>y8cJxs_t$7D_^{4 zT+2Mu6K8PHQ|0k`uOGrk_iyw+@}4bY?W))R1g@-YGvfKyv-tDT%Dm+tZXdZ7(qng0 z@!%KB_mN)voZ}V;$1J(HP`fy|+`epoa{O)fZ_YoKJ`%fX6aHv7hq8gNRII>`nx3?M zYxe$K@sBBUR(56`>-9IK>=j){bkk#)Dn$S6bgX=A&)0K1=8g;FbC#|bdsKhB)+B$( zeRS`|J-z*{j}%r$-roK=;`)hAcl`IeEn+YG`?XsBLVox1>kr!Eh5XZegvBze9)ckN&4v(OWTfz2VeGG2cBcz5xa>yKP^`Cgl>x^I?HCKE&W zO3?@ZtUvbkKj(b|1flami#T| z2j7oBX?lDh&TLDDEMuuLtMZNO)BUxNCBC}l?YuB_sV#s0wf_v+^*nJuTuu79r_Re= z%w;LLUhc>0kCz|a??~+88OOG)&->fW&En*@X3sV9cxU!;mpPC2%B?>- zpZevkdnB*%Krn8pjYwurU)JQjsGP9vKNkLWeI4cfa`9mwN6SMy+4q*kv(;zqzh(ch z+I8u{hiilGupgg!&T!V-`gHHBAO9^&E9p&eW7r|Va{c=CdY&5grGFIX{mWJ2Tpy+? zXc^~L{cq~?G>MZB6)uHaZ76JwTIs#o=8~*C=$_&_(esb@i&brN2S46;1>B9mU_xbk;we9U<*r~w6 z|9ax-y1CgW_Nmt0nlH6aS$Wx#{^d7!9>4k4XcgnzE0cd-=T7~t_3uuV;l!`{n#HrO{4QSa>N+f zJ$g{&TQ1L6Cs?ujk@&>5ncFsdGbrmeIeiZOV`L{4Sy6xHx^mC`ynse6pC&$o|*YlU63P?tD?4^+;)FknQFJ^_$EO%ZhuoAN^JozjFCkuL=Fe z?j@UL^yI{vHXf<5``i9cEvu?3yMLW)rt|{C!!|8>?E4w6O>eMI%bw5wCuw{0@o8~6 zyc!3~PkFE}b^rMO@%tn8oYDQf71c+C947M4^jlh$Y^rQMSf%Y;?epyd z(*>_LMMjm+b|*UtEj=^w$$7!f6;IFWN?xf+`@nvv*ZfiLzo~4~v$_mh7-Uky^kzPo z&yo4d{>GLkZKgtb(hOgh{OJAg?cVdF*FW)#Ysb1uq~29Gl6(Bx|A*~|_=u0kcKp&? z_((Zpo@b%qQJBUxwAyBr>R0C!0S1C;Z`h z*VZ2?AJwL3F-J^PY2gu-d>tSAN`7Nm``_t0)AtJ~rn~5vKbEQb9FsQrx5W&X4=?Hz zVtcr}l=5WiqwdXK-`20~qT?pF>Y4d}hNS+EdkP=@JJmLQtlJ@F?Hv=X^ZtPHWm|3e zZzujPunB%}zbkj)5AUNw-Hut^g(5~Z3;W7TzWpmb9sft+s*UPu(>YP6Z#NZBnVhM# zO}9SnJY&VOXZLdbkF8YMETEE^ax(tNtT*4TzPkLw&(oQc$9?PG^AaD$J5;ah?BDWc zX3YGr%{y$a%#;6j{G;CFZ<03?cRPOC|Gj_Vdaoa6f7|{De()zg=aT8gs>#Rd%f(ea z&KYSR-=q8Rtbc@Y{Ly?H2g6&Z_%w?y&XJn6!6r81^sLEcYI`rMZ<+b#-D0iRzpe