From 836a3e023815314ebac2865fe43222c8900b7f79 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 20 Mar 2025 02:20:00 +0100 Subject: [PATCH] Big cleanup --- filter_plugins/configuration_filters.py | 24 ++------- group_vars/all/00_general.yml | 4 +- group_vars/all/07_applications.yml | 49 ++++++++++++------ images/favicon.ico | Bin 0 -> 165886 bytes .../img/logo_cymais.png => images/logo.png | Bin roles/corporate-identity/vars/main.yml | 0 .../templates/nginx/docker.conf.j2 | 2 +- roles/docker-nextcloud/vars/system.yml | 8 ++- roles/docker-portfolio/tasks/main.yml | 4 +- .../docker-portfolio/templates/config.yaml.j2 | 4 ++ .../templates/iframe.conf.j2 | 4 +- .../templates/proxy_pass.conf.j2 | 2 +- roles/nginx-domain-setup/tasks/main.yml | 2 +- roles/nginx-domain-setup/vars/main.yml | 3 +- roles/nginx-modifier-all/tasks/main.yml | 4 +- .../templates/global.includes.conf.j2 | 12 +++-- roles/nginx-modifier-all/vars/main.yml | 3 -- roles/nginx-serve-html-legal/vars/main.yml | 1 + sphinx/.gitignore | 1 + sphinx/Makefile | 24 +++++---- sphinx/conf.py | 4 +- tasks/update-repository-with-files.yml | 2 +- 22 files changed, 91 insertions(+), 66 deletions(-) create mode 100644 images/favicon.ico rename sphinx/_static/img/logo_cymais.png => images/logo.png (100%) delete mode 100644 roles/corporate-identity/vars/main.yml delete mode 100644 roles/nginx-modifier-all/vars/main.yml create mode 100644 roles/nginx-serve-html-legal/vars/main.yml create mode 100644 sphinx/.gitignore diff --git a/filter_plugins/configuration_filters.py b/filter_plugins/configuration_filters.py index b42707ef..9c94a55c 100644 --- a/filter_plugins/configuration_filters.py +++ b/filter_plugins/configuration_filters.py @@ -1,35 +1,23 @@ -import yaml - -def get_oauth2_enabled(applications:yaml, application_id:string): +def get_oauth22_enabled(applications, application_id): # Retrieve the application dictionary based on the ID app = applications.get(application_id, {}) # Retrieve the value for oauth2_proxy.enabled, default is False enabled = app.get('oauth2_proxy', {}).get('enabled', False) return bool(enabled) -def get_oidc_enabled(applications:yaml, application_id:string): +def get_oidc_enabled(applications, application_id): # Retrieve the application dictionary based on the ID app = applications.get(application_id, {}) # Retrieve the value for oidc.enabled, default is False enabled = app.get('oidc', {}).get('enabled', False) return bool(enabled) -def get_css_enabled(applications:yaml, application_id:string): - app = applications.get(application_id) - enabled = app.get('css_enabled') - return bool(enabled) - -def get_landingpage_iframe_enabled(applications:yaml, application_id:string): +def get_landingpage_iframe_enabled(applications, application_id): app = applications.get(application_id) enabled = app.get('landingpage_iframe_enabled') return bool(enabled) -def get_matomo_tracking_enabled(applications:yaml, application_id:string): - app = applications.get(application_id) - enabled = app.get('matomo_tracking_enabled') - return bool(enabled) - -def get_database_central_storage(applications:yaml, application_id:string): +def get_database_central_storage(applications, application_id): """ Retrieve the type of the database from the application dictionary. The expected key structure is: applications[application_id]['database']['central_storage']. @@ -42,10 +30,8 @@ def get_database_central_storage(applications:yaml, application_id:string): class FilterModule(object): def filters(self): return { - 'get_css_enabled': get_css_enabled, 'get_oidc_enabled': get_oidc_enabled, - 'get_oauth2_enabled': get_oauth2_enabled, + 'get_oauth2_enabled': get_oauth22_enabled, 'get_database_central_storage': get_database_central_storage, 'get_landingpage_iframe_enabled': get_landingpage_iframe_enabled, - 'get_matomo_tracking_enabled': get_matomo_tracking_enabled, } \ No newline at end of file diff --git a/group_vars/all/00_general.yml b/group_vars/all/00_general.yml index c7b9a19a..866ac6ee 100644 --- a/group_vars/all/00_general.yml +++ b/group_vars/all/00_general.yml @@ -68,4 +68,6 @@ matomo_tracking_enabled_default: true # Enables\Disables Matomo track css_enabled_default: true # Enables\Disables Global CSS on all html pages by default. ## iframe for primary domain -landingpage_iframe_enabled_default: false # Enables\Disables the possibility to be embedded via iframe by default. \ No newline at end of file +# Enables\Disables the possibility to be embedded via iframe by default. +# Enable conciously on every app in which it makes sense, due to that this a potential security risk +landingpage_iframe_enabled_default: false \ No newline at end of file diff --git a/group_vars/all/07_applications.yml b/group_vars/all/07_applications.yml index cda3b64f..eaff70a6 100644 --- a/group_vars/all/07_applications.yml +++ b/group_vars/all/07_applications.yml @@ -98,6 +98,12 @@ defaults_applications: css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + ## File Server + file_server: + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio + ## Friendica friendica: version: "latest" @@ -122,21 +128,21 @@ defaults_applications: ## Gitea gitea: - version: "latest" # Use latest docker image + version: "latest" # Use latest docker image database: - central_storage: True # Activate Central Database Storage + central_storage: True # Activate Central Database Storage configuration: repository: - enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user. - default_private: last # Default private when creating a new repository: last, private, public - default_push_create_private: True # Default private when creating a new repository with push-to-create. - matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking - css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style - landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + enable_push_create_user: True # Allow users to push local repositories to Gitea and have them automatically created for a user. + default_private: last # Default private when creating a new repository: last, private, public + default_push_create_private: True # Default private when creating a new repository with push-to-create. + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## Gitlab gitlab: - version: "latest" + version: "latest" database: central_storage: True # Activate Central Database Storage matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking @@ -145,11 +151,23 @@ defaults_applications: ## Joomla joomla: - version: "latest" + version: "latest" matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + ## HTML Server + html_server: + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio + + ## Imprint + imprint: + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "true" # Landingpage should be embeded in portfolio + ## Keycloak keycloak: version: "latest" @@ -186,7 +204,6 @@ defaults_applications: username: "{{users.administrator.username}}" ldap: enabled: True # Should have the same value as applications.ldap.openldap.network.local. - force_import: false # Forces the import of the LDIF files when set to true oauth2_proxy: enabled: true # Activate the OAuth2 Proxy for the LDAP Webinterface application: lam # Needs to be the same as webinterface @@ -196,6 +213,7 @@ defaults_applications: central_storage: false # LDAP doesn't use an database in the current configuration. Propably a good idea to implement one later. # administrator_password: # CHANGE for security reasons in inventory file # administrator_database_password: # CHANGE for security reasons in inventory file + force_import: False # Forces the import of the LDIF files matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe @@ -230,7 +248,7 @@ defaults_applications: # initial_administrator_password: # Initial administrator password for setup matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style - landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe + landingpage_iframe_enabled: true # Default enabled because working well in iframe ## MariaDB mariadb: @@ -331,7 +349,9 @@ defaults_applications: # @see https://apps.nextcloud.com/apps/oidc_login # @see https://apps.nextcloud.com/apps/sociallogin flavor: "oidc_login" # Keeping on sociallogin because the other option is not implemented yet - force_import: False # Forces the import of the LDIF files + matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking + css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style + landingpage_iframe_enabled: "true" # Enables\Disables the possibility to embed this on landing page via iframe database: central_storage: True # Activate Central Database Storage credentials: @@ -540,9 +560,6 @@ defaults_applications: whiteboard: # Nextcloud Whiteboard: provides a collaborative drawing and brainstorming tool (https://apps.nextcloud.com/apps/whiteboard) enabled: true - matomo_tracking_enabled: "{{matomo_tracking_enabled_default}}" # Enables\Disables Matomo Tracking - css_enabled: "{{css_enabled_default}}" # Enables\Disables Global CSS Style - landingpage_iframe_enabled: "{{landingpage_iframe_enabled_default}}" # Enables\Disables the possibility to embed this on landing page via iframe ## OAuth2 Proxy oauth2_proxy: diff --git a/images/favicon.ico b/images/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..f1e74fcf8c7e096bc118543a594980f5323fe995 GIT binary patch literal 165886 zcmeF)3B2u9RR{13h^T-#V9pFqpye2;IPp>w$~3i7al%=e)Y1mQPCK z(o#_qt|lslnc1MFy=P95nIj2!&prRvci;c-u2KHgJ6)VDvMegD(`@4eSrzqR(- zYw!QLOG|q!?Y(rs0ZVl}Wa*r}mX_|nw6t`{A#2yKyUNniT`sq@bgNs9*Ee2T`uu@Q zOPe;WT_1kerKRWJVQJ~DZ(X}SX5T%R-u~33rNgU^s&eU|%IcM#Rdp{)!!YcT`*nV^ z^Ugc(8UOP?|MRXded$YQpMU=O@4DcE3!dSASEiL8-`k^(ms?p`Ir%^T^FPn6_lAG| z=YJkP_`wejAN}Y@hkyU~e;+>esZX6-WlmPE>QG+ZtMcAo`N~(`{+Z8wX87yB{_Ekl zfBUy5zxa#4xccNLKY8_uPkiF)OJDlZ$(d)KIeg&@Ul^2A-h28{$CJPK#V-zj`lo+- z!LR(vuS_5M(1#B7&hV^fJ!^QUsR*A3r?pX-}J;efHUt zPk!=~7gT$P{r7+W_p?9!=}!+Yc)<%M4|>pp+B=VW)T4%nJmevR>)cbv10L{z;dg)c zcPB;rQ2cxL=Rg1XGd}mZ&rKix@Q1Jd^iTiv@aRWBdU)8w9ya{MPyEE-`abu$&+xzp zKCori#~pXv>W4r4;c4;ojOy=)@$qMV=4V!m)>i(0_q*S4m%H3$xZBU#I`}Z~u12|Nig)KKtum|N2looRmz4$3FJ4tsFk<_wW49?+h<~@rwt~e)U&> zb@-dV`I|{$XDAFj8^0=F@YSz=b@FF__Gi=LC7OmuJmL}f+VTk}oY3U;rZ>H5`q|HZ zcJhsHe53K1oC*^szv30I82;fO{^5eZ`m4X1q8p$8;xGPU`1N1^_2IeCeeQ7j>8DTs z7N$r(VMU1?X|Rd&zvnj_RqaX&kw1*sdDsuscgosBy?9^ zXC3PL#+C0|`AL<@Q+9sel4)6?3sc<-?=HN#lV{#d(Jz1b%ZE%RlM_l`&MGXNTllNT z3ln>CR^<~aACmX$d{$TP?dZ6?yv!ag751)P?>@is*Qe9zP}jqM{nvjD?|Rp}rX~By zt6uf0$tz#^%1PFv zKlM{BKj8^aXm*QTWTSrhmw$Qq&ENdZp=8l`g9oLPY~HFmD?M)P!#X_F{dQeEzpFwe z!^xlg$)B*Xjb^s6?DL>Kwu-%b{_~$dJmVS97@qT-=L}^-hU1SvzS%G~4_|7GYW*&m z4TY0w(K9Lhs=h|%CX3KZ$M!5)UZswoEt@`+O<;?LvJq`8iCuPN%h_4BlAT0v+3+^D z8JpN!&mG-|S#*>=TQvr2qq4U4tlVtc*q;~F^-#LC0#k*fMi2Xno@BhnXZ=vWaaDWh zzW@F2-_AYPKEC0RJ`|3IvfV2+-WvB_pv~x6HG92pe)F5(sBvla|Nig)ruYO`+QwJo zruLrll&1{FDt&;t-}s> z@-GKiE*wWEP8i$Xqjcl!@@0%!6XUsd(C$5TMds?#z9Sz2y|VEy!Z&snjduKZ+v zWMOl{uF~hj4?n#1U;D7FUi6g@G~DScID?7TT1UHh5d#beCEqUZtA=9o$uWIvSW@pX1K#0 z?lAD{lye_8?|8>Mwm#h81~+Ir05keb|M2D(x41>KU&f3YOD1rxZCRhnR!`UmI3h=U z;0Nl%QAZus+N4uxz5eyD-}-s<(MJzAzVVHle9(wDKl-CT+QtGn#Xov*#1Tg{ef+~e z{KICKwLjWI?LWEjI2cDq+c(_&<~MJ=)fU;oAUe>BZu0rP-}}8Ln`>YD+KpcQz0P&6 z(`YW+J?NW^c71}sm%QX9ZG0-cW?Rfr^pDMAllYJ@L-u@O@5|;s|M4IH(d;{{YrFCd3wP(46VX4ssCh(t5AX3D zrpcOa@H5e)U*rqt#v*#~#y7rkDBrT#2k+_+{F=WQkN8bRD<5GfUZ1D!vO#RX*~Jgz z-2@hmwdi5LVuxXlJZn5{{ALplIpmPm7drOB7rwCh!Nw&#XK$RdRmO<&2lxQh)G#Sq zJhMM+Am7e|N-NrD1KD?Y(Fc8j=iA@@_6>`toN`K&4_zY@ZLrzoHO^Ir=RNOvjc@!C z{Nyi5)z(ToDVwitsjjbA9M}N1jXYqGOvu?dg$KqX^m?bp z{Q(x)edFFpw>Dx`0Ca=|EmFD4Fl=J z{^7a4kVE-w!yo<8AF-nYpU*q)6|YwLbFDKQ_@7-Lf`#Li=V#aaf2DZZFj;enVcWKC z=G~3Iba8okxzWm=@wJUB>~`UFTE5Z>Ij{*e*6z^%P9Lhi)`!CCJqjz^=uOQ}%`H~S z#;%s0P05w5BzrnteoNDr;?=Zdv065N1yA@JmA0u%{dK;>`A7PYa&?@|zsQ{~!CBQm zEj^!>T@0eQWct@-230{?+xN;bH9eA=Q@?%08b}csdu&_`+5f zUx$~y>}Acyl#ku!pA}a+p~j0t7S)w|J9Dfy>E^5--l^*i=ii?7^?JAREcVbp%lY() zS3YTV^B&9JTv|Hr+@+;kp0l)c&5tZC?R)A{1s^MIT3Xt3bBz&lUG7xcJeJ>7?|R|X zs!N^f)`qsUsqMq-d4({S9$tACr?^pFTuf=?!8#tQdYo^GMIBlAyu0kY@?oCMH@{Im z^W`qC>uS&Ztnp8s<)a^1*Y~Y{zOZb|nRWiT%Es{dlk$;PYOXq|n4vlS)OaIa$mSSx%7>mNZdq}Mm9i1>wHvKfnL6*- zwKHoo_r8^5)!A%o*}Vg*-!J7qjA>fq^hB)JHGhSlZ`?GdzvCV6XnrYQRt$+ejB~~f zaSh{H#dW3?^PJQizSW^_ZB%uZ5_a0IZ$wws)B0Y=+gEOmc^#)>@ip!=-ts}%T>WKt zrNTu!_J7LqolvzCW;Vaej>f;zuimjpjS@ zz4@lb<%(UlF;QHKU&miF*XOtLxA5D2eheS5>T70g4 zEk3W3FPyVA65pM_qu=_&&xI8{HoxN!>mz^f+0TA<<2MYs$4BR*IwuG3(QCe%WWH(c zz z0i70C)c??fR+x%D(+jdPX26><&m0XOtV`Cq0bMrU92ptZWo*u?tld^DY()eR5qmK zu>#YTUX}hkmabm4?tR(5fXXdCV0_{a&@X*qD`1|z#3y}7Kb2uiVF@mb0b-lz)<5g! zum$JnN2j{*L>YDIFFO!gwCTS2u(6*EDwaMqH`dq6SJii^&hO)9jpqfoNsEuLVeF1R zlBc@$50=zT7Or6f9`u78(CNAU=nLAMyQjP|>TutI=0QORIhxLGldi{tYp;nH}+W{0OR!#}`NcxQLuLJU{z=B{_WYby`ybU|F# z`*2St%6eBh<eY^GF;GV|h$-unF|@{gwscy!dQsQ^5AeZi4nN^jiKjS< zYpNgr^pnh8Tf5*Rz^guZ=AQEQW#~IQ>DqHXh9lb9SkKu|8PDOwIa$M@^5mfJ|(yll&`-w(<6X%EBAO7JV9`@R6uhxIG-}08XY*@V7)vng~8C|`} zO>WZOL&tvm?bqU`bOV;O=XmhJ2RGl8&&?*6f7;gB3rBpS!z1OQL!Gl-SHAL< z+qxwF;v3#%%)}S5bN!X^Ut8M$p&$C8;bu3x*$h9{kl0b{A3ykmKiIHOH?DDwYcxC0 z2HfaIH)?gWZy9Uo@V@)*+hnXy>|Bv_~HJN%r^;BR}#ZKhpF7|H%o)^@mKz>bAGNZHr~{KMy+SpoTH_39r~&YgV_q z)vemtXB^-QZP~Jg4!3z)*(H6yyJuy4%)6VvfmXi9fd?Kq<2k;Nv+)J*trh7XIg=~Q z>p%X|6*4*Ou)|sz{X`?|9eU`Y4ez(U^{tydVDF5>u&Ce0L-bnzQYW6#TS>f{tcv%u z{ui#upy{`9j(p&WtgdyfYc*RTc21V+!Yk`$V*PvqGSXLV{lE|WK?Z!ZZ!U&T_|jM75?=xK*aC7^k8^!hkFnPnz=yCNY@Ry$W_PIZfDT;1=d1ottqb5k z`@@EiAztaTbsBR*^&9`iZOIvb;i}A8!<85@dSTu@`Y(=eUO;#E-h1y>4o$`Dpp}m4cgEGS@l*4(^5vTTjyCA?uwxCHzshH0|FvIx@)}R*C*Bx~;lLb5 z41}FxH|aGSNPmqr<_^Xiv3mGo!^u${GJ0W$f1a^|d^6vtD`ZO7tWD#;SVg_l_Ma5b zKVNc4oaF+6!JIT>928>uEIRoS$~2_n8G8xfmt-bAKAl$#Qu{* zVcc37{hj#_C7b5IEiW%m)C)WM9}J118OQYPpoq?_?`^q*e@-*5$I zbVFIO3_b_hsap;WY%!fhvvuVpn5e!l^52^OY!5)CW}BSA9D9rR=62)<~>gK{teL-;AKLvG}uuVmsLekco* z>?Xa(Gqm=;L3Js8o6TS9UiyEeK38gUG_p#*`V``SQcq30Uvb$p3U|Hh&!TH*?{4d#7k_7(;(zeEJUi z#tE3BWAu{0z^2IhVC?1l%IM=WqK!X-=lG2-{fB+Bg?l>9uCuq^kzmKzJI>o%pX&Cy z`TN-a$l$i<)PHuAT~QxBkl0`RLIaG@V;H8#j`+);fDvOaS($&k4;$7zj*hI? z;)~eZ$i8;2F7MZPYrnH@Y!^S7qv2(I(Bjz&d*@wtJ8SM@tZ2Y1a)uMQfg${5|JfBb zRxHrCqEBQ%SJ44O^qFsD(ud%MhugZ2ce(QHq(X}pqXzZ!> ztmC%11pG+k1EX-juHqeAomhi;85&?>^l{sGLRRd1Vk_w5Yq8hxZ{Czd?&QcOl`gma zU$qYP$$GwF{16@WJUBYSoTlhpExWmj|LlVCEQxNwFP{t@FijrlfG2Ywm^Xg1N%-!$ za&V~cuJKo_Dv92bAG@IK(g8Zl*V$qGwv$6>c!06k+E(f1D*M5%!TpHCwub_4jGwT8 zw_?@!1}l65IkFM>dtk-hYd&7~Wwe*-51trjjp6i^9bhlY z4_<+-^3%>QKk{2zKbohZn!A0`@p0HJAHaT$7E84+g$-n5`84E!uj5#guD1A1beXNe zf9ps3O9#wFi#PV$$3LJDx7Uw4HY}u1yL!y~brh?xw%JnkeOkD-$7Bl6^n(w^4`S0Z zPQjOJ*kY56&&B~hQ2Bn-x;H5uOTWqTrSa=)?Ebd;9$KrzGkaTdzhmXL$Uy(#sW4-o z%u3mdN%=O@!tsL$nLN@) z(Q=i-{9%=kES+ufnJUM(wWns`{+UJoKE_x;bkfq&stT8vmTIrj($aBDOXoV?a%rjdAk{9UrKR^c7F8c{+_&vf zTC(HmRM&OfJ|0d77{+#N%>u>0IkNZVe=nUQAL--Ot zg>N%HhOgoC$anj+HdWqSdA3i>jY}aFo?!lRl^5!NLQ<+CcEmw8i_-KFH+df}|fn=9YCZ=WmK~m!k0`b_t+7)1)$%2aRc*g}E9c!VDWmR( z)mVDPuH9K5a_^EpRv#J;wNvNh@Yu?;$qrw)=4$p-trpFV7m1^pyNG>=TbYaUW5gBt z$kv6;Tg3&$C2Os<@ulMP_|ekngMPgDq|HXVW93UlC#s#99jf!YRbJZ=QYVF1^P&k_ z(aFaY=diDu4xr6EON`EZ%)E>5$)6LCzytoNJyGJDVkoCq+@9Z5>$v#hJNou*cC{mE z`)-kUozMD~dl%=i>TmomzwAndRen(ty3J`@{L_3Pdo9f8_@d|+6Av)OiL)F`S{yN^Qa{E}J;>h^|SfAXxN#gI`dZVTaz-6r61leU#zXO!Hn3cwPbCN*||Qo-*%|u#WFt$ zc2Zv*k0}{{*}TGhw65E}K)yS=N=E?@^A%$=1HYk?z}D=fx7h(8}Q;^1Q8LDd(zA6w`6ZJnk4?f@C1)&5TF_H-Ji zlVF?vi!)g_64Mr!&)Qn{P*_(G0}-3CW>4?&h<(JjHJH^V@!FS(2W+Q!k9O(Bn4%B* zc7C4EXf2i~8Wc_KX*mX8KV5__laZb!BWhI`x(uR*g~mV?V6+ z+3j)7wdtodHn9Y8hpc6Yvx#$B#}MaAY#dL}Dn>4*CAO{%J{c3d=Xv&=h=s+jB33+9 z?2k@~``XJ{bcY9yM~^tzC7W39wQ;15=7wJ_vZtkDt74zcpVx5Ze+%c3+GXe#GX`O7E>b&`NF#XiHE~Dddb;6Yl_yB=r~-EGajKA z9?$~|?5VQ!M_Kpj1%AkE3jE=*xHexZ-xe4v)hEs***D#d3vErfZtqYJ^1P0BsVud1 zLH-&)O}o}>_$Bl|w8v({ePj-==(l!bTx2uo47+ZvNjdZyFGCwFC}Z8jJIdgnwFvs6 zoHp?aj_?B}v#-EdA;ATI!MIWKUuidsrXAUWDg*bKxBuh#PR5kxi@-f>!5*4n*ij#0 zSe%vZLSOJtFT{am_l!-Fog9VxX+GB%H zY$X1WEquE+hFTkQ4_(F-JhAqztb6$79B=52y0ndNbi{q@IOI)F`JED*U|cN!wEd1p z-FnnW<2v7{?vuTIg{os~9jBFzAFVDrrf&RT|H#z%tZicx+R+M|p0NQkKIpqOS8IPT z3)ArIIhzMlXhJjmsFVJaKf2H#`-hiwO2z}v*blh!9-U0$m(ewINj^)-5lvf*H*8^} z7cZo`Zu}@+d9e5E*w#10NB1P-9a-y#u|^-zNH*-B`{+jxy>=g+Y@xjtY#@B{cRj~L zd}9x-MZmE##y|DIyZ6}yV?}fUPvHz-@SG3js0^%2GjIwMy>}bO?^*Z-F@^_zI;2Ts7s@ZIF?$H*QH^V^N-&DuY+{T2mAGfG` zt2L%g&0pygzY<2#&d1drIm2<}?wp+IfcD+jH`vvGV37XBR`5=Ock?*+$zI+3Qu5UoeLy=NkSqQe?_d+=^j$^|{nS^__17LGW4&uWFC9Uz zI^ZVsdQSFqz`5t@gB$hflYZbWe&UTjni8^G`av(o{bDPPuwi(5bfB)=SWw3n$0`3I zzcte8GnVqX>6&)o9xZr)cI}~E|L|Wwv@ecBR{96qY#zG#{`!qR_ti^w>QaYy)Qtz; zm0_BntbOIvma?%SWPnflr!IR$sC>n0nor3Nl#H7VsN>lq{f+jDC0wuQKcCN3bJnT8 zieXvLHQtH4uuFV_hAX{o8T6Z1y_fN!3D%~3fq&j~Z9WVQ^ z!jCqe&HT#z#yCgL_|N~QgX)AsIF7A@KeilZox^Hu1be3cbcG(XU9cN{hX*;jfY;u2 z5B}+d_O zEXY6d#s}CpcGzF-KAx#ttdv}>tBb9nq4c2Hz|w`+bo8G|=H=H<#F+TJcqfUop+mo} zaD^+heY`LRkB<6ER%Ao2m%H5MnrvXheKgw(ue@=Z-wSfCy<;44jep8IR|ela!vp7g z?zv}s&bInS;eZ1UXgu|vef`Fe=*d3&?9*%k-%{dR!R5HWU;@*X&P0D5je#Gt->K#g z&FAGai@!?zUHYV`@d*$06Mo4|CQC=puT|d$z+cMfpKoQ@G4>vI?ESZg*mwc|Xkjnm z+H>Ck&>ghXH}ePe8UtWcUF1y{;6dATL53B)uuqmPlf-MxS&a!5Q(PTmvmdj*Uyt`I zoPVYjEZ=WD&JOCZcN-1#3ti*_U+B>$eBg)vYM1UC&-G22YhLr3tm8)E((S{yn z@CUAxHKw!gFr+xj_CB7T_&6O)w-Dn(X zZfnqWevWcwAAEn-=D6Z0l6TO==A)mi(XU-Jvwd)`@A?HN?&%Zx;*alfGN$?V#aIph zWXQkw?F~H-rtpX^8yD4yKlGeWZT>*VZ+OESwl-nSGksF0Z>jWGpV%PDH;eoLdQkgD zLqD3YI)0;hj(JkW;HUJSuavm5^#*OxF<8W7IEA_RV6N#1IqMtzk~_a$Ir1>plO-&B zk3G~^HV^&y%5Evoz8O#9+a7Ow@!^^di}|2a8_MD(-l+qh`2z8e=&mF_0t@<6{!Ei` z-EQ<(%oGMbV@xQlPw5K(d5kAFyUF&EiFtqI&W|H6{5L+aaqO0M^u_qjA61UMf}g8i z^{UN=!v=CRRmyG!^>PVl&tt4|e z@p(Rt??K%w-;mC?eHV4!7HhWEx|%ZD5L=eSd+0Y@8>d1y%%MYj{2w;gxp&cyR((K^ z{^1E93V$+prvGdq+>j-_^4DR<_ZDn`@3-KK>_R`;S>UBHgHND5U1uZcDZ2qr^egcY zaWVdnd9b|*#`sEY{Hr#MfzAIZS+DS$%@^5ANm+WYujWx`NSuzJjsN6h9P`XNp7}E@ z^G(TLCNE`;!F*CYvhG1g`8DEJ=9}7QOYn_9Z|uh}av?vufv@-gC)$Nsa#x-`@s8`n zg6*f|7t)uS(`@Je6#kz!(%ODYmkm_jnmb?F{D%ziA2#%j9n^pAuxDgIU(s#eNnT`X zZB&2oz}$cy!a2It%SW+JC{BSd>Rr=|r0Yqj`<`hW|GICF^l7PUF3Hq67L!rfipUdaQkTQ@?w3j;;62vbi&zGajN< zS-J@euwwqew!t!=2Ug&UF2FQ?z!QBU54y(2v6=XTPS0I?mtUYyj{0IP5dV_ku3`XF z^Z81%`EQ-K7(n5n#XoBNo4^&FF$UtHxq)#2=B>5Co_5KeUDh5N^pQ_vJYXxu9Ml2R z{0Czidq#H3u~%$_deER8J4%o7*|(qDwry+pVq5SIAGM<_xw{WDaKKj~dt+DDWc9yj zYr0(e++<((X7P`re-{73n9>!$0p@g;)M4(ZO*&|N5eqRUqaFU)e*P6*Q2c8)p$QO>a4+k(xx6ltW=x4vsydX8( zSNHq)SH{2=|Ey;XG-!sOU`QMcf3;N>ID4=7W4JLZvx*t&6$zO!}skMC?IT(bRiogId6KAM;pEb#T%FS-Ta{6%(}ZRQ)Z z9kJzj!5>7Adc7aKML8#c8iO^ zDVxbQz$U!H0@;$8a^jNeG6#fXy2Ylmvvkdv3(xS4hp+}CbWhg4%m?8=NpLE5Cx+7{ zU_cYvu26a1`qvx=9#zk!d=uL);ui#0QG9WX5xXnf+okvpDvZmcxsv12f+JpYB? z2PZIqANa%$z&bkV5RAb)x$~pwfE0Z4E47Vh+N*J(?H4V%?Qs2j21FfYLi4B``A!~4<`{}09E9qxZXzf|Qi9=?dJtNyR>QSmagv18;G zUEpt+v(b0_CnI#D2R`6mzwm`!} z#-_t8{NM%rz!lu{9i{lT-XjyXna!a0_Ie~$(Qj%0W5C|8<@RMc1)tU#ohUz%2h9R*ebd026%@cNKRwhO*cE9yrAd^2%JF&rEjg zB20~s5@rjIKh@4~7y-3fM;|st{+1noPm)Q3Y9S>p?uT*`0Vb||T;epv{IEQz-0gvpPG0&0RgKu$JV-~qf z#!mK+UEs%?JFt)D4s>3egg*rT{KE48&^=>Zwfn-d6_@DuFC7os*yy@&ez$6S-S!&r}U#;hhzr=1zHHMs5yz>q1<{BF=bKk#)-kuND?U|2V>-O~Hpvvw0=c47+ zr6=#JlrWd%(0%Ei&%TTs%#CqZnv?e zFE^HjuS@LvcTtmr53Ux557s~Hb*!Ifxn3Qn@2MW0Gz=H$#g_VUYR4y(v>dNlKbq;d z?=YO|xcA_936_@j9Q;l}k$qD8-GZeh|EESe?kj7@1KRH!to`2_cdq%KwflRu>Z-!c zYu9_6x^~<<$4zV3d(Iy>uif9{qK<3DcK+{0)tBd+)~eid{&?!z{k?PCymq}u=zP!G z^XLJU+y{w;Aq5ZaC?!ss`C3(=9^u&@(nACc~~Fk*UQe`^Gq3K_qnLv zRT+IrKj_az_T{4L-2MD}n*$?eUWm)$5(!CW%H;rDqH{fbY%+% zel%pI@SU0)^XKZY;xTt$_u)8Dt_GR*3i>-Eby1!Au zZ1-+#U&xm4nX{5_eBpI=xb9!C@-FuLK_;dJxBY7bA!Iz?(@qQ2TG1`JhR1he)-DxtjvaesdAs-LY|H9WtZD? zdt&Sxv~SA(BWZ5$bGx_b&wM%8>P_8?-uX7}>2T=it3fN8(SG?zsm|H!b^cbK?LJ<1 zI6y|doa+3b%6!a!t=y-`e%`jVGQpzn#q5pt-IqNh*=Je)M_N+@z>9+-u{vMJuiW2#{LXSrU2ndwqh>{<(8_swrVB==Y55&Ge0=ZyKbO z_br}1ZT2?#_S824z6G(5&E8gf1%0pXJHiuBJhAQj?B7p4z74c@(s#hYa*iqA>ydjq znebqZkhK?F{I6- z+iRNCilYz zPp27UVD6@?0o}MJ(_*Doac_d9q?Nj{9Gw`a30M0j))D;J--pT3er&Msyz*Q{&L!{hBl4R?zJ2jq2zlT4;_S3KeHY1I`^Mk*V(jkt-Dmqo zl0Ti_FbSTu;X6@dg=7q&Gnt3F&t{9e_->Q`qYu9GriZ>|m9($V+6~@a>nA*$mr9|l zUDRvi(E*Pi8uZoqOa{5P`?zZyC?3viL!BR9dF{vB>ZFpn%{u?M-JSabCp(+iFNuBh z+a*#j@5Ck8I2iWLvTxk{-jnZ~eA^4peg{F~3yX>PHqtks`TajWgZZN0f6O;A!J7As z0e)kL{iO?jd&#$hXyN1drc64q=9R`1x;E?$G-%?SRZ?Me?`PzQ34@S-Vlr_f_oABF2eDfsO6t`wyeW&hw|E*iMwr>Fa zcHj6rTn($~mv0~aMuz#OZ)*ABa4DU1(n-x{*LS`P9ZB-tvAHC?YLl;SuIsx|N&V>X z-L(31ubpiF2ajW~@&1VsP@T_YlY6_5i#brdn#C^a{05cRChK)lDg0f#n)^$}FiB>y zM|@hpa|wfDV7{dnhk!k49@EhQ7%-ko!GUMyQ!oWL#(2NE#jl9%Q$D{n;amz%o#&bI zelN05DaS|lJ1~3&n75Y0KM)HvhxCoFX`3Gf1UH_OkbDtV9Q*P&m$QVf?s0`TKM>q z-zMPOh}lSdAog54smpHx_}vKcLUd^R;DZltcH2A3ZPXvn$JF~EWO8hTR_8OB<=*b& zn!e*h@yA|^7gtW|?L+RZJ4PP-1i#fKPT_lPzgHp|TZ2u%V<=hs5Z{&JH@A!WW342= zYwupL;apoizI*KCxqHej%KbCveM-Ij1vWGZe)C%$#)J6W@a#7?JcD(%nr|+t8(n_y zLX0Hs8WZ^R87I=lP9A$%kWt$cQpeqKy-taXAI%@DNR^DEZ?noa}GWiU+p=bVTH{5G=I&0`aK!*Ccl%Dl==Sh@^Zt1 zG2HKRk)L@Syt7l}C~jumf=y2>F7*U+`ZV8m%H*gnV}SK$hKXKe_%#l^vv8!EKOa0-&M@l@3L7tF$T~Xet_R^bCf;f7t8zvzwgJ7 z*s^6y8&mYj+O|H$E*m@izMbDNV^hT|@F6VHxB32sPkuLzxe(ujasIPp&3(D_+k5DM zcl!q=e%kmOpgTL}L{^TE88Q8RH%~0uVY$sC>iEpclHbQ}ptY9a_c{3t;!R1JtML{5 zKO=so7??S~cOmB(GVZRSauEyDU*{5Dd&){T{?c-02f9VhV&knMk);+}M#GJ(= z>^1UxePRs8f4@~JJNG-S`UIbTkMpF8k+^5BCoaLB%C42Mw*(Kw>F90rvF|f>g{JgB zv^W~G;wSUR#CEJvCPwHvKP-0H9K-**nfGh@HW!?eSq9K&j+nM?@O`oWqv)K`TIVmX zEHTR^l4-MfYzX{`|H3Nl#)gm~Tjn=*CD(qF&-#OTlIvg?Hq>K0&AuLZ4Q_)6*L@;i zaS^{2$F7Ro!7J>-Y<}z0Z|Nl~li!SnXISS0TdOu76=$FW%9*pW6y)P{k@oq{@CQb>--HPKbjvFe(@i&e*7a~dG3)P+(oW1LmuXJ z#&W(gENqm#FDE(YuNeQ$z2FaigG0C_d&k&Z_{{GGivk}&4mMxA!7tkl*YGW~=k${e_ssr2W7pQ2_w{u2*rTWYwQ@!aHNm)5%9s72yw}@wn+p@iU2lh8OC3pV9q72_~EcVC8 zg;`@Z9LuoF@3mgY*0~4A@UDFD?c8&|ig_v<%ICIs56=0(uxzY|EoZ-jZR;%Jc-fPU zel&*WT=#s@4&T{YkhM+g=6vk_9p$wt^*n1gHvZFOT93)N{Z>vLzo#&bp324_SYF%A zSkvh`-!AoXFdwp}Yfi^+Fh=w5U?jhJ&R^!+Ds!bPU8&hub;Ku31M@g$i_L%FlpThp z*x=aT9>ea*Y_jZ`eH<_g$BwXS?;ZTI(|*fVz2YXua2T>)XO9y6Dr4==JHa>I&<|z# zQJGJ|xVeJgN{8c<%3cTC?6rHY`P^)FpMp^~B76{c5yz8_Yp|Wzyg34YN$fg%TD?nO z_$l~%5%`X5$(qc+XMB&)Qb#_sC2 zv0c_+Pe1+iwG!iBm^Q~_``{q*=96;!dW> z`i<~g?|fIs@~Zz?D|z`yf9Ttg9o9P77;};AlgD>5H2!6;JWPu}m^&H^=Y8Zf;JXlW z9vCsV%baczj$x4U9=VC+X4gDt{zvE!vpf#wC^djxlF)~lwz z6Fbc_Hpu^%%wF{QihACfqx{;Gv4!$jl*IV{M}pJ z;ub9i0mCrHw}4-93BI#AEDXXbAA(Qi9$TypHkYqzKBo>?^(`2E$(&JJd~o&ai$2i> z@6a!Gz}mdchBsLDj?BMSzj$`+@*+&Tr~keU^BsY)#d?fy9Qftz27ijVWlxe)XRhat zk$vLR-&L3{T7u=Z4VSg0XO6ywmuxRT85ZHkz8OBJB&N((vYYnG;k$B?NzYIJGlzYG zVR+uiui#V2#&Ny~tiTDmiz&beoGZgG;K#!mT*H}jevI`zW!PbT(--}RT|P97!!;j8 z9Gz{|Z+qw97bdL-nWM7HbS3jddZ9h_$A?y)?bla2B&Gwqc%#o~jz7X)Yac(*W$X~o z$#*e$8y@yYHkdu9cg6|2FPR5eZ`E$ry5fK2edV0@*L5oxc=YIdd{|+i#veX1duuL8C(sTv zVl=*UfnoO@W2^Zy^Z;%81h=l?SiD_7=nNkk4Lz>CV{Xas@{Iudt}Szq@Oln=Gv=Bn zvc>jhGjU8e@wp0!WkdH z_Zs96i!iLL_u$66a16hW=4||B|o-};Z2SzHxG;L@~sk?<8SXXv&XQW zu^*1$See8zoWr#oJnIYF%>Kd6-DJ&j7pZvwGkj{+-*yB)-Dl zde3|d4q(D~!q3qLzr|iqK0@rZaR6Ot?X!FO472L6Rt?wmD1H-c>p$MG;o8GnNBu)j zQqSA|9zOA%B{C835ciPmf5I1uzfC`_6_^)Du|ahjOuz`NTqa{4)vx%>FR61W{?gi2 z_ZPp|UOpn*o3Tm}@p?SB_mf-}rSL|KgDl|GJF&@R>z*U~%I1aCn}BES@wbC#zNx)G-sMY^ zy`%m4+EAbU6#RCWW~15m=q`LZHx4<*4x@v;hG)3uXLt_N^qrl?4}BH)z(abd?eI33 zcFcVIlv7S=`@P&VN6lKS=f(tWNqj^4svqn?;vlKBiUb=k;b+wKWy+VX{={d#f1OL| z@7h)O7fpODJRnPc-%W0ElV+3i&8On9VEzoV8T;H1zwwNm;E#;hN%C|p2g_`i`8|1w z2Pm`19tXeh9gM@Iai0%C_xLN;7tDj$DfjsVGMusfFek3a?~T7fkKj4}hP4-ZlDQyV zgjfDI9MA{jmRKaLx)-0rGc=$p8BXCf*>m)}uTN;F$9$0JJ>7?E^9Oh~M)E(b$1a-R z;eDUj3;RHVb#&)L(be55*EpXTV9J%npm zvxk7~H2yA1!7@3EKgHgVk#jr_o?%ja&;A6yg>jdimSelgTzNQUOUTzbyt{7=N1RQ( z4;Ibmtgk!wf8F`i#uo8I_Rt!LY|R?J%?re<%{Ac}j`o0$K)XRPMu z@J;krd+O6ZZ0ooFID53+|ZGa1ru~d`|4)D z%_q=k9N?4F4Vb3$d@+0ww=>Q=q7#OLYqlMq+?P*0@x;b=W1@37SHF6+i;noz>@}Z9 z3h$i<&*)JH`_E;tPToIn7xf2*>2oj3JgZ}{a{6V#Mpu7=<;RbG%ox&j`9dBT&tL+t z*iW$max#Aw*MRf>cV?r{;U|oc4>^&8BWwoC>Lg2XYFNf=_t?0UNqP5Wc=il-$Ww+b z_475@O8x^M7B=}AFs{$8#lP$uF_yy`%pO(id+e{iihZzoV!r$f^urd+@>3j*`LK)! z>^nc!n4o>vd=2{K+S&}=)JObOw`_c)tLTp(5?;ktYnQIlTYBjoSmt}kd^UW5X*$9W z$$D&LKqfLBvsl|RUKo0~{GgJm{A9D!|yd$=WAHmSGC@iEvq zvV%MGHG1V8_q_w7+81LWFL4ZbvIZgkU@U?4T(i;ikj;j3^=;d>t=Uxe&~G#GQ}`#^ zGyf9@G*07>I0iq(p2E{kJFV5Nz1-6WeG!|a7x5#|29Gcp|H?D>gK7M5554r29cCB! z?d&ugfajjWv}g1LrcWuq5T+BC3#K!6l8<)h{fW#8@lxL;zVrqu*m>u7!bVr0g5?K| z{Y!rqb{DPaGj`$Ajc z<}a8ds)vn-dwxFu3tjpGS8SRw!9DfDtJtm>JZxwqSasB2_=QzAf&OHTD7M;>eWqv1 zsS{7N$+v(>{dvwwivh zzjOwsV~aDk!7V+&^E@-3CM%eCjGSOI{sWuj-9DN3+DENEDP{XIbLTJwOE3jnm&$(W zYA3ciiya#dB2{*l&@a!AIebauFuaI);WgXDe`YVpX(KGNpRjD-1uXVhCRez04@TK# z<=ABH#CL|9;JwE)Kba59jyl2-8N;`7=7a9RH{9zp`zgj|&4jxgTn1Rmf7ssV&{0GO*q9bwBu(m%|`c_c5eKb z$27e2V_@1?W9~qPy&U-#e*YJaWjwN$pK@f{pS$i8d{oX@4_h#HiOvnH{@CW%k9~>H zGhS|gK*NsGJl2(EugC)L*$Fc0u}nt2T@IGXxW_V_x@Z0cXRvFWhuz@Z7@%DI4(Du{ zcp1FHm+YL5@m1g#_QcTGW>|(bIOJa&YhaFFEhY^=#&q#$x+#{YK6tWz2KVfndonu> zzs7p_;>)nh+SImqAzK@t!%?5LgU(~F{({Eg^~A0l=@HW>%u z(={2v8k=VBVjOlIEVETTmf@8w#NoWdPgOox_T0G0_fR)G9~X(S>Yuev_xLI5@eY4fec~R*a($#b;&k5g zK0Kotmf_9(!8xDV91>sPIXaFv#wfVfE_?>p^O$C**>rYA+sexBvm@rO>~#P8Qo(cp zLC(Fbo%2)B!0(Ff&NwYzo9`X#Uhs9qC57qgXYl;CvCq+?kg)EUeu_OAf6VLAG*7pe za*u4`Cj2I^9?N)&kL)DO?Fh?oMRx2FEC;J_%to^#VhiS2WGyyA_Oa8-vy*&QKD0Qn zd7KOf%IY6n=?|TNMfO>I!&o53$Hv)fBGv}munO1afAFD`3eee!Hg}xoAs_kNxI<_47k= zWS1g)vL*AZC5VIIDV<{zq{Q{~i>{3Kf~~h*5_qmQg5}%Qd3>DK_C|luh8A%#^I|Eu z?cY&Grn_t|-s2s41CYJc_G}BI~+K|5xXA$ z*%7YPXHCRjIJVn-O<5RpPA9K>-Rm}6Yh4W{^o{K$Piro0o;V)ev7Q9m{B7|8dzoO` zeq`;_A+b7G=4%)y!XI_&FB~V+VRXYBzYHyS-`ST*yvyyuaskl@zk|4 z^a#e|O9z|1jANtW-gDRN`ttH}vk~kU*~dPU2VYYf-wnpza&h9hs&D(P>v(fbRbJ;e z_cYYA?UFu+w)uy_GQSDW@fNSxl-S?MhTQNIHs`SnW6F^oIjYOGa_Z^vtbTTdjU?mP zZ&)|R!kYSE)X_SjIT||+!|)}(3`^n)FD1%{$w5WFz$Zps8?VO=3q~( zquEvX{#H}!sN*XtOVOKIyJUs8;t2EKk*vM4{onN4e8>1l7Wm{CEW;t$!XKK0Wq2n) zc#~6}e7qkl=h-}->4rMld}Td{XYz(q_uyH*Vr%R$Ji(l}hxrUS`Xb1QQunnR&oIr@pOe#^*siI(&$xUKirr98(6 zxQWexL3#{R_(&$?1J^JXEGyIFnLfc|FyB9$$20pW4u;q42fL_V@`W|+cqcYGz6G0W z?1wG5WLx=yu*8PKCm+K%kFZD=#0S`4c9wsEKYRvdd_N5*%Cg7oH=iTE4WF6)_l|g= zKI&h53+L*GJvc`{y@6$Os~zDvxW!|b);BmM2hY?=51qTOpKLU~_3yG__85|pu}LD^ z$eq8;monF|#+1Ys81ukX>{?ndjt6hBcbyT_-}3i{RY$&|dW!ZcHGK&djjv+sN!Etg zDE(3<L)v$&Cu*{E*55g{^L;TqHyzINU1T2dai$Ci#`owtn!TO^NUz=@W zyI`B&#i!6t{AJj7ZO(}v{XvsV-`G}mlYa}FaAo{K8*I~oyrUn{h5o2abOLYl3{Rc& zNzBDzo~~$9UzAmbElcJ@Ns)2882=b|B(dwOUF~X(5A@F599Ck}$KpA}Mn7f5^SAVE zR#nDdk^O(3PgIsxqj&rYJT*Qp>ib&pHC;_iC-+ibTo%4yn$F{Q_)pek!#1#=>~HKe z`6!2{j(F}}*YkNE&yhL#kU1Q%%f>;m6K%m;GR&w0J~KCjXa0wn8=vL$(@$@DA-?PP z!Pz_5WLMd6@`5e8uMTrUrcuE8~VM)rB9 zf6qLST@J2Y%hm|(DS~TjBKj{@C*Hxg;7jlY_};$j;8U=N##w7=cqGQbHalnQ;Te|s zDsa>Hr$5(UI!`~~3XWk0eeU)2s3&~c=omRD%YO=%@iDwMZW_;W?P&Zle!{f*lmy4Y zr5Lo|SSk!Q9<&1WhfMiwQn1x7*8d5nkAdNOw99^U-l?OtZ4Sap<(91N&{J_$a~b={ z%v+3|Wb1z#kRiKCr=|2Y^qEJ*Hsb+%5FX?D0%Sd@3xUZjbkCpyBx&WViL4GY7`628nx~(H>UmTiVtIt}D@tXZt&YTY3tuJcZJKkmQ z=?Xs_rs0@ht#5MQm-%xv=^t8Q8(pxa+^*tT|FuUK=mxv&8qZ|s+8_h=#^@!@&w87HXUdUL{OO&+bdP7URR=xk*S~`g z?dN>aF_=MDV$<;p;1OP}bsMYL;(Xsre&ov^@h!VGGI2j^zj>d{_dc6!?uR#gE?8aE zm;PSgZ}jS?{;{>WRzBFn%Z;)!{A0N5v7GY3G`uTg+=<;W4~mV>8cJjyJ4U|d!uW;e z-WP>y_*I`VOd9dLHsM;s;x$Gaz0?1nrK-7HWq!&dDobL3sk`xut_7#&GI;MgShjY} z|413{hbI2gylqB<@g9$|o*kTrmyW?SOc_&++hnz?Gm1@k^Ev-jdCbQOKv;o&O?K-$T%yR zx8{AaWnallUgWR!I^Xj==ixmbkh$@DBi=8|;{=hfeBz_0Sa%i$PWE?|t{ATjw zf8hAL6lqVvcA56BMx7RexZ_6%0EW385L&Y0@H=e_Km!!j)LeT*3yUwizgembfw ze~^C-pE8`g$M5D3yUw%3E@066+S895;S)a4$KQ_+=J|YIy{A0B!lb_PW79w7m083~ z&(yD-#4Yf5QCatbXL8h*F-tpl%Yp$o7l+YDF$KDAuPNV@T{J&ikb*&& zyw=Y8991?k=ZB1S#?G&6qPMx}GyEEB$;bR&$}{KoTk_4=9b+%~;}1TwCFn;dyN*8_ z@iX^>X=5Z=WQ>eHc;3sCyxDSmglGE0?^%Rrm{E_psk*&G7kVr!<6XE>hJ4M7#fsTl z_LuLVzwEI7z_q!aqj{hD$X~35@1u|S5&XHvEA<^(LizME^$!{hm5cxntKEBw(`Y_#X*MD&v`Cbk6!S!bgI!W8}g;S=}8559=FkTm+v z?R@+bEIwq!^F{g`^z z!B_qVT#I|+?L0phT`NaV$b<~>*%4MfgFCvTExJVB+6bOKSB}h+VZb~3rMz*&y}q3H zU|Bu~#-^Wcdu0Rw!Cd4FEH^aFkTJonPi9Q8~8dOY)^@rxen zmokp9=2>`!zMYv{2g~|{f5xoHD{~$+k+FU_icd;C4#YLtEEtjapuT}Hm!=$uFA#NxKf?_E>UW+KlLZ^f9yAi{`7sdM~d#TnNpAI_-6P?{%9u; zWyuPk$O_+J(!9;{;9hyp9OrROR`3Hm^n!epBR^PzclEO)FiIY=x!#qv9jrJ8A9zgv zdjHiqe9~REN*n6XU-)F3(8S00%>7^*ALyEL?&qD@VejT0&-4XNbjo|_NBZlCR{dow zVxRHQ`|jb3_mqP{^(Dv02%mFQR>pJp)P;w1!FZ}Ynct0+c*1ZnPzP|_^V&nWk^Y-`@(Kll(ze9?zEmjT3 zaE4AcnQZXOJ{@x+e85|n^9&x~5Kfero#SbEjnDWUUOLBj$H;-Lz;E}-RqPuM*;Teu zIrV8@-P%yEBYDA#cRi1+UBfw@gG7%;C3rBUKPuu9Vw+7GHNf@MeY_+T&S-`{)zXv!6pdd`xvXdM>tN zZ3m9D2fMxl;Y*-{53dfo3p?u34?I9Kn(P;XUHnleTcTh3t&e2pnf75of7mAVDW@Gc zAWL=Pf%@@*tWO#D)CHfxwS9?nKFNI0UOYaEvayeOJ|0)b;|U|4H}s*aT;g=^7~h$s zPVJ&aGOv@2UvOxxAW7UAP42~RJHigy&}|-Ija&@GxCGDs_ZmKvvpur>DZk$U2Vw%s z;yrule|5t(JBDwtU~Lix=oqZ|{b=&=dnS(dzj$AKP2J=Q_u9gL>m2r8XiJ;QlNBt$ zGdY{9&_VC(59}DHlvfW-9enV?t*pK&FJ5O)fY^ri$?N*pzkVyb&p!LKy&3kDiisGT z_>g!b+us4BVp-N^^j#l4(;xq{2QTr7K4}|%?SoU^I4)+Wf9xupYDXUu2lwp(e$o-N zyAQX1ci+0DXMA?oXhFaB@z~KAeWM%QsM!;A!MT_P`vTAGh}cPfuM|$>r?Ln3xftWg z)Bj)I3BMzA!gq{#UKqD4JjQq4ug=dI@i`5iBcJREbl-Ox@I$uNNbpSm`SVixotQIP z*#YvQ3&tdNoDAU49tLALIl(^MxJPI3*`8o>!&@>kx1u}n3=^;J9Tlj=) zn74l!7OgFN2aaG*{hrzXW3QaHjJxcQareLj4{UAe6I_s&|5@a@KI;n%>W}dk_O$Pr zcG*Grp|{Gw0sV#x>oNG_Io!g&Z&=XHAJZ1z!54by7`_+_y{~TN)x)0BFZzf+ZId56 z$)80VJ#f^IU=vMnjZb9C*P*YDum*E!hivf4o;mcdkPjQdR>kM&W6{BscI=J7 zLwpm9mSCJ+lw#AJk9f*N4o3GIF}AK~3fd9PjYCG6GUzxVM$d*tvQkKrpm zhkj&S@y#dOKqhRW{Z)9x4`a7o8$Zd)5%$Od?(qe!aK_HL#xM35#^BOeh$pZdY?A|h z(Jou;U47hZuf3Z7zyn??XS}8laKpBcKmF1UOz1N^?OOfttdHy!EWte+Nk7M>9svkkDyw&J^Sf_+jC{<=2rVk3;rd{VN9 zP4*EU$d3*6%y_{zX+s&$wXbjVhJ5zkd+#=WtIur*>d^+!{8$Xn1pV5M5d@_H*M>O*JjhA@D-^LI6k8fm3CgQKXUm9CyzqGxwl5w2B zfev*_nSZgP=JDfu4V(4&F{6Fn&WEmN!Sl=1Q>ne%uOJkM!y!YUWT=4_l9ig##?gLuGpG-^hf=C z66fAkpXcau4(r;*o6u|Q(zf^VOn>N)zI&FePWRXhZIcgL=`x<{lXG)I*k-@!5x!?$ zt!=g!mS8V+tCRfjNq@r!<@JkP_?hbBn~|Zu#Bf+qm2xnU$z50XD+z*@k^^}&Gq&jkl&VAl+>?1DfZa;s7H+kJ~e*A zG(M4;vCsFx=p{4QWdA+G8|CnXt>BZv4&LEaFyJ|TCPVe93pTt9`{WmF;Vpc5hkW51 z*40N2$I(6V7aP?N z{7HYjuS~APC)cniJ_KKIn!5FguHqw~a7)cu)E~XT3w9L0@KIg(2(#wr=tYkhr}sQV zlYV%Yt;2im7!&P}(J$rji5}?N^71lhG;9Pjd?;fnAC6yYy<44GlS?`KKJ3er>fRdQ zhT+T+&+F!dRU~u4ed~Pf$4v{K!6aI&NAfxB6`8li+Mr|EL+ZV}Yri_X#E(J~I`PrG z1U|zXd}9Of2(RFPO!(Ju00YV@M=v4^<@C>eHr}<2ujB{Mbj7>DfphoCK_9e3hU)aL zaw!`uIeHF*=!l(kKl-2!7^h>wDq8g4Gv(Az?sONuFqd}eih8xJ9(3Z9chjf&WBRKM zn}KF@!L@eWS7&%>TnVo{^FIE$?|t+{N7w|sQ%+s546FK!hu(#GZR)3X$T_hT<|Si2?+6p0_Ke;1O+=skmW8q08pdcp<3Gddz9Xh*bHch8+k9A^H|(c9c3yuL zCD^7nz9TYLST~elIq%!+PyXmc8$RF{zQ7z_sh@A;=$Ua$Id%}o`H#4yCG%u(nk9^o7L;3F*b84lF1Jy>>a-eV4KPNpn5!3WIA zWSsZN(fi6cirw;y^?^J*@3D-g*x|$z;SyH74+m(58RzOSS2DJmi=qQP%BolW=5N}R zty{o^_tCxx)9Oh5umsOC`)rOP21!QhfpKF8Uf_4)&H65zbISOISNf|i_39h_Fkcl1 z5)TpsA}g^b^LzLC;CKSNc%dGBm+`&-JqtLI#dq@!A)mw8q+WgqyAWIjlfmeCJbJ|Q zY%fRM&s^~MvCK-|6%&M8vPBE~gD1w0(`#RewRtugy%N_Zcoru&H{o013Ebc-KJnx5 zRV+ilcP5JyvDM_?<2dK)$3tU*n2LC6>Lst}6T1V;@%v!Od+ZZ?0yp$UOfK)!Iek}7 zdGcXTwQ0Vea$;-x1HbA~AD+=$<4<1}J!~0YI%b(Gix&GrYtnx*>+M(L4Qp@h|gcJk%~dAQLzcTbAG}acFp=yJ$x< zowpB&yyA<*t_NFHMdpOZSKGcRoW(eDUdNLwODl1??N`>`juO8)?doURWZU7G9fM)? z$;KbHq33~fzuzH#il6i!p8N)h`<^=|L-GrT`(yA-r;Vw2>RnlTc#B8yW2|SxdYh+i z&x2>{4c--}6N}Oo9|A4ffKm6Xfmq+PCZnHX!SLWY43Z;E@&`OipTu!sojunl?Q2_H zS{Zek)1wPkJ(qhtr@yeLJ?+vFb*Bz7IXGsY`D`@0e&5$udu2M(RaM!Ply$vNjd%vKgKy})2Hki5Tigh{{~Ks?`TOo zYzW ze`Dgfr#g6kP0=uq=gbGsXcdeh5%WEK#A_+zgY)Q%-%G)xd~fA``e+YQVjJWu8}~II zTV@`K&+Hw(;g2KPuqpfk*fv(vakf!b2G4t2?K<|?T%yM_KU(|b!%k^a9dHSsFcr)= zsw;RVAG#K7vN`|X-ra=QmQ{BEzum1i@dMEy8WmrR0gVvFAQ*}88XPEO;z&@GXM*BP zda4Af!AasEGl^hh^&}A?0fmU|pnXCNaU{WklR#G^L>(m12}$tdbye1H-}AqXuxJ!{CeRzE+LjNPM`;3qioyA6DHHb$;&m<_lO%i&PZnJ4{zNu|W>zEf?$ z^H$7my7t3S@YbzCuzVOXP`}|l=lpOpOpv|z?Skd>(|2Zr0b|h@oE%-5r(qRW;)QU5 zI?0w?aU1z3K5d;rFFq@$jOWNyX4lF;T6-uR&*p7y;aU7G!vW0E1)th^vbut2wr7n( z#^kL{<+K|go6l%1MYM9(R4`-R>v{cRS1ChpmJRJHmK3Jf?YIw-m`vBHh?3V1v$s86LIl{DSncK))_SyVN-s;5{ zc#bUD54|nn8E)xYfAD>9#1AkB+b^U~`qECvGY-|RdoYytx@~IPzOXUkJLTwS7oPc0 zcv8LEmG#S<>KzO9$mVQz>b@~1r=M&SZ^BGpPlj{D0kE(O&wO2SBpdUwxk5W#=J`x7 z(UWu6wQVjX7xsXY(|`N(^h{UumVNKw1Xi5)-;Q%l@;~B?&A7~k{A*>)CW29zeX!cX z(Z2T`Jin^W|Fg2R24tP!`rhuiyYOeJjPV&8jx}y`XU53ypd%Q9XZ%BUkyDP59huQz zWC{c34*G##SaLrcKn9(kaU4#He&UnDh_+HsuFvsoZgDNRqnEy>^)3Y;F#ZH?6u;pk z!RHb`^R?JrUkkD^^9Uc+oK0TlG;_GIn^V|{?A*L&JxLbs^K&C(yvRPn&HM0du5@2n z&yZ#8H|NnsbmJI2dxmY|CAu&#q#t}9dS=^ryyH0>jC=W~5+Bz5D;C7g#4gRBd|GM3 zS}+Q;ud23!=lITVsO$M+ZOVFlZ&G*nt5aA%%~9}0Kiyt&8vT+7U6UakE#X-ia%B_Z z5z6BLWnGVK$<^mwcoq-hyNR>G3?0eAi0AM<8&l65&*ERM!x660hpYj_=!}&<@qaiQ zpP1|AB|MvB>6qQaw7#$xa{=GM`#;pgHmvK!J+zhVvv{ZVv~zw&d{#a@8;l>o=J(+_ zTpqa^D=zXpEb)t6n`1h7W`D+EJh+K{1kd8%!LzwAct)}CBj&3-9|d+3AEs~bB=^*K zGZ=;0H%xfGzs`ea|2sK8cFOju&YZWpH}`VQ-ne-XPK-sIJ>$#VMt8K9}~YaHzxk9u8wEGu@^}G#_gTA{2yB1Ut!bY9r*Fo#Tal4 zMq&0X)!tYW)_L&!_EBo#kGg`>+)mxDdw0Y8e9lu&pV@WroH&4HjhBCBzGVMo9oh6F zow9XUCQIXmL%6`#*`=rbQO7-x5$4cGN~A^byU z+EfqBde++0bF%l*;M7_HwmP1@-x^zjy^d-9gR9sEoZ@2s1Ur+(i+$EloTi__v$!A( z#n(6wp3RZuPsZj8a|D^l=0*GznbVD||K>D!HipDvGk38o^2XaZ9G_-b3DIesq9jlsoOlkZ#0i9*KrTec!{p@YL6kYIh+m8Fi+29)3NN_ zHL~K{l3O?xM|+;WU8jfOnLnvNd{;v>_h5fz6UOVWpa%k;G6xh5#NyrSEXI=8Q^GK123{V zUDFR3hAo&eZwAkB0?%}dv$Ez>ul)o4;2*okXMr)?>pq`@-aQK=-kV5&aF?;c4O#U5 z;8nObrr?wht$+Fn%VcAort`i}V=mODy4Azqkeyq5JBsJPSo%Vbo{7B}i+PdVB<4Yv z+9WeJZH(z#>T%RhdyMcA9je280i*FZU@3Tl9dT&-73(zjkexL%-?f)*cn((IRqevF z|Mjzo=Wwt#$kqEzey>2{?~tc=OZa$nDb3e~{1EGI+@N0>vvn&>(G|>-FHDkUGC2g> z(GA?u3%Q0L+>0JOLuU55(-!VXoX|CWrKk9*?1G=@8eC`-w&x_>r;ZE;n+MkyCGkLa-OL&g|yyb7iZg5IZ_EyXr`M(1CiD#s_4f((8!E^QnjXUdp z`oJN^9vnN80c`Or_*>*l*Y3d!Y^0pB$@GD*_yV{Yci>(9)vjxNYFw{QxTQb(rDuJi zWB9~F9V2k)na<68MSa1U>^tL#@0(b(`Con7>i!0~!3n(RqcXwot6oe%Gln0NC#&+fwl zdvUq8G8$j02a@Io#nF&pFEa)8Fso&%0zLSUd%gn1VtbDMnJ~-5OzF5~iKY@(} zL*xky%Ch60$;UlMI^d`0Icvn+hmq`4IjT!0_g#24UUqJNN}YTw^lOuoT0JHgHFyQi;wR{H4g9l;9Rz^XMO8H($Y6FwtvKD2mU%8rxupZFTP;&pGR zVw?Sx*pRmT-lPAumHnC28Nc4=l+Qg!`g*TqB~=Ej6X>(a0RRU zZTE1T%wL5`nM}=vzIUJc`LEuAW(#=2nzrxfS>LiBGSd(I!DjFsxxz%}XZ@hV)Gz+$ z8eaphVFRw|&N$QypYg%PJM^=!2d$CyyW2!R_dK~7x49&?Vedm*IM^|LGA3hDM{K#{ z5*NU%Y^>&-JS#3prk!@bdyO+??c2aAjM5P~hMzrS{MyB>&W&4teC8AP6yC+# zV$bvBS$@a@Uk1o=0biDd8-?Dszbfx${uhM{o@#A_}KW9?&%8t=uUrK z>v+b=KF3}>55wxiOXgVP^O@c0H+<`B_kH2VbHRo0snD}=;G~}QML*z0hH3tGp7q|Q z_Oe#QoA$)Dsl4&S?-HKLlbw5yFZEd~Sg+z2YfzXbZ~D-e{yhZ#CH&C=dsD`<k)b}&!+{`ljM5B`q7pv;7?;Ca5^9Xv0-kCZljw~LN&1lfsK z@CoB1_U|18&wh{0n2d$K;}2xcA{Y9{&u~F5WPx+p01Uz+xrM9fir&diy=-2Yu4{JY zSu!OPb03a2AI|+(*i*N$Sxdq-&SNv-Xa0#jlJKK7m%8*j8Ai+j+Qcd9;YS-kK7||m zzH}Q58NYWVjm5L-%+WQm6qwc*b@sKSXZ162aPeRKsvJ3z$u2zWvwrn`ANxa|A$RgJ z9`&h+! z)w4-ecDyfI$59q8Wt{9?K3t0Ab3Vmd|*$WLe=*Vy9SU1vJ z?A2%hQ6xpwfavNiC*Y1RPYBp89kj%Ram zkI%46>nZgG&uNQ3aj?wpeD^8+(=Ic`3*AmZmjfTY;yK+gK2XayyInKPgbu?Kjev9>04QHBWw4pRfA9K z3G(+GOwcJgcaH9Uu$U)(c!sUuB6igAEVhvN0za6p#ZhA)Yyn^Cf5)=+m7{lJmib)P zs?NnX^xt@3k^br2bK!sEWfw55p4gQ-#3ad4{p*=5U=&vxC)}i8<|2HE zb39Kb`eMG(E<5QwU@fcfbfqr%)fO4>SFWZVZg+QPlcvWK*ny2QK4!+em;9$X7Q!ZVvN z9~l=PJpP*cWHN#+{V@*sgDvgPv;L5gdWH+mwxn^33-NJ z@i+es7Vr|Di9gK_d;Bo_9sFJX08W9+rFRlMN7l-~4IRZ+a?~c=Xa~pXXSchI5!Z^F z;VyPBla=womNBqBnSH6pxY=#$aO4NVA3Wo6&$9zIr5`fR*A}dpxBK(+bM}#Soj#af z%@;7;-zS+rxAa+C@Jt8t{JS3$Cda{VFtYvp7Nd)B&L8pqMAn28zJlj{--q4&UV&$1 zalx#i(_eE99cV)m#}gZy@3XTd@p1YkOLGyKJGxHB_BPG z;3@L<8PD4DbKiA(cZ@$`?y&D}j>*x!B|C#x^ERH*r(8ES9EG#QL$rZ!d=^81DOeH5 zw4U%gnLV?4>j@a}ei(nkx{sfwKJChUsGB!$jyjZ2RwtR6Z;h92IpS{FyhSGLkZz1o ztjk=)htQrimKdunrrEt%@83aah|nhPGdXS zt5ZgKa~Y0>O?@!u`9G?TJ-cQP);d{x<_z<>^&5_)fA+}VA{S$4zs}hkj2M#?+t5C2A=wdb=;SLCg3ZTP?3Kls59M&Hb_>LDM`YSX&JHEr?H>5xsv z4y*+eqX?ei8!zDsb3RUEQ|!V1E4zY^d@sD=d0@0aw)A^4Sr5Lo?%x8$_MDGrQn;C} zthMdIO0zj(_}_lR!x;G-Fb0og=eH!`jtuBqncz`8$^S+6n`L+h_T2NVITOb5AKvjh zW8_Z$bks9GgPr{EcY5|4Y1-4axdHC@1NcPd!^1iMfjz>Yc$I6o(fY>ktXkXnO>Eg% z;MjVDEzps1xef#R=(`r|mJIaObISW&2fmy#j^aYu4#w$9GY`<~&$@PFak_io^b zO~RtjY?wX3pK&^BgMDb5tc+cD?ixQwEWy0Mj>Tp83FM~?nHm>=fedqve<%J0vvfpP zeow$0!6wLx9kFG7nByv+`4!%G(^qvFL*nD+5q(m&$Irm6^3v~pB?i6qdyMdzI@p!* zv+wl5Z}sD4Ixx@VH>vS<%DBcKA_ILQA6&zJ{Z@#zFg@U5^_lmTfmy| zWv&m8k~jVLj34M)pJ9n^;RNpJj=s#-xLG~?AN(9nb`L+m8QF^Y!ZU2MWBq_@_=8Kj z#@+0JeY@wqEp4->C+qiOWmw}E(7(Fow zHfLV9?h2REk2Y~E8^gEZ4d-MAm!9KK;D0(hs<;^cL_fpP`oTZ|_``eF);I!gtR3Oj+ynReuO67TCdHNJ4*s6KCUskP zsSozy(mn5qo0ohii!b6GTX=3bc!&Xek1VjN!@B@33*anuWUJ$bLB z$MKAd-Rfg(KzZ0EUwFWa_{3Prg+9zdxQwn~Ng4NoO>(1i`hyL2pgdUyyN)>AGmh{b zPRC{90p?~ph9f#Acl-$h)Z~hr8PAh(LY$`WAKC60r}gPBRl?*=h>0I;sF@& z&XS{R_+BPcbCPu_UxbWcS0?9RJNSl4nLdosoTV+?rR{DHo}mwOn7Y_K{^GlkgY}*9 zM$gt^5{v}P#;XlF#O3C%dGZ{YwG?db`#tmEdGr4!(k8u-L+r);rvK>|`LpF+33m8J z=2m@%H~M1_>b9=2jxo336guW_kh$yT9lEo&AY)_4Q7|hz*FQ&CH@D$___uC?L726! zfHRoZ4q4Ix|BSy&_nzSg!2~&qd$~`)d?xQXz$ZVOZ{(c4=rcc&+{J{{rQh1NKhADs zc4e->$L2YH9NCZoUk2`+vqR;{iG8qXT+QCqFSc(iYzp`BP1p=xbKTs4)3u|Y)(N=V zJfv^R@Ga;fm=4Z!glp}Kt0B%!`yvZ6r!$|y!_@iVkPEwpY zvU$%uZ;m4i>u>Fot#JmAg|py!-~XFPjAQHn0flSvh4_%T8vT$-@J#pm$~MVK%01_> zMdt9FxriL`9p4D|(ieNycRUa*TVLQ!zBGLV%dndqOq(OM!+y+>d;&7J2MBYp$nS<@ zWpDw06$ciNqX$?q24hl=9N7qt=6~Cd#l!aI)N2gzCc!2?;)|-2ytFH`7xO)g!WKR8 zt;|pH-}DLBTi3%g-WD4(ChhXK=mVDFM&Dq9E#q$O`b;;*MsDUE^~4wF|MGwE3XTx_ z&=;5vj{6a&$=zBKPqQ`pp(ppqOnH4^Lu}K1e5b$GhVZ<^yL7LwFs~o%##&b!_za%y z2Wm@-J=E#(xNvf^@Baa1O}O>{+F}!Qi=*Hw@1wG_B$b$OLMF`*oUKc-Nk}n%Dy=N!FmM;Yn%T0PU5e47$&r- z&*5l(ws$VrB963A4}-=Q!VVwAJm5L)vLo$A?l8(vP#6E*XSnHD&bjOE>mwV% z_hg&$>ck&nUiwRy?(vKGc>E2vBLx%V!#Vz_BYy3~t-z_<~Hu zj^P-m;%9pY_HFseaD!Xn$R3<~;-BH^_bJ} zru`nA>{)#?PQETK;yc2lb*6UtKR6y=CKEEoP5Och>5Z>&J51Aq`3(oKL9$kl`HPRQeezH*KR)YGx=-ABfTR7vgR-&7 z)>^nP$@-AbBu$tKCinh7%?Z!(p+7g(7e8gxrM=F{J|~fy( z>4G(3{6&}Oj~>j`xP`poQG)m2*>mwZ*q~U5aa%{=RyGeWFif`QE%=7b_{llKaj?wq z!m~aH%gW91Z0`w2!!o|)FS94UJxm)DOp~9wlqFaD)7A{}gI)J-CErcUo(<$5I`;jR;>z@=Xj1N2hn5)f= z)>NGrTk&A>JpYeAKJ-iL`G2447|*9Ke0TddlDG`rnb+`4Qv97f#4D-p^2^_+U^AQj={CH3jSlWd<60_emrU1IEGy5lz%4PG3RHW>CD~?U8-Y_ zWq77{vWFXd3X@{N`oMQ(hd9@}Is8!eh^ujmHMzRs+8P!QTidY*xW>(%=i|c&d$wkS zbN&op1)ktrd43Me!Y3bqkI5c!ChQr%{XLk2CG$Ui^;sRtS*K>6hhy_1eq@K%bml1> zu3i0cR1d!m_tKZSoJ`_F2hZVYvS*KCJoYE&m?mp_p?_nb2WtvGy_g9+lRZq3AwBEg zMG~y2PY!O{^RNh$UxnQ|4y-QWIM=F7eCUtWxitLm_{z9hRbr93rtRR}0}K6ddDyA7 z6&_)`)qNFR$1{HbuB_EOi|5$2wIp9n zU+_5`^Rdm{`XFa6ffM%U8ecWGVNI!CwgbaBALsJH`P}3Mr(_D(a&WCr=1cyLdEZ(! znC`spTvi9U$j)UpgqzI8{CI16X%{BO&GY}sTJU4=T8|B^I^UJ5Oni>l)p<5$Hve1G zJRBcgH(>cZDdTyv<|aM|KTkX9*#8?yuh@zjHA!6gLmLs9L~GjdkR?71_p<>q<3-y!7P3e z2d3BX2t5Sz%JJpIE6sEK2W^;#?Pq!q9WV0-__usiwu7(v3HTP)9o29Cz}4{EaScPT zgp&>q4mRJjfou3>7x2n|#?7+W9sKhF+=Ex+V|VyD+zNy2RG+n>efTwInN68v_{#hf zGQ;Ir`{8A>QidHTmdC#`pPCo>i?{@Lm@8r1Gr_8(@vGZh!Jc4RT(6gdZ?b{i%%$ch zdne*_bifX!=ze^-^FJ^Mi{F~CJTMx}?mN~qFRJXf`~R%6w868!b>Cur`+R>hE?5gk ziw(s8W%J}g4)_a3@w9h8tSRUhW|bp%_u^ylNAYbE9{0Ts{8VEdIO7N4RNM_4_FBbd za5a4^pLL?|Uz%^>$$Su=&e8L51ru~_-y3%M7;MKmY{Rv6tr)U*AYd1!tp(xP(KYkD zcYL)4%i-bR*mc;_9&UwUcELuhpYbW&;%HonkNFMe3_b`BXFKsX_})p%c_w}YeDaU^ z8n~CfakbywBy;-GrbL$E=EUgm6nj7K+?{^h<`@jZBy8T+*9gXycV5TWR9-tkYul)g zcb&?o=19!DrTQaF1(Y9rnzja0Mg!fUlF`ny;y!>hc{l?`*)cHsQ{kB;hUC z)h9>(h7AAa9(xYzlf%o}G=7}Q&ru#W*#Tcg{o)P$DSiMv%P`5_#L(EZ^45cRf?Ui2 zl65a$#S5M%Tc62cZP|ZgyXa&c}y4{}W#W7GE=A^IX10!*t>t zU(>D1BhGQ>UD|%qd>4+6A5AVe!MnF~OBZ}*Twwl(QCvXgxP<=}eA5S;;J$ph}yb# z?b_I1!HF;<{%-E!LyOtPmre`=_rZWV*&8hStZ!@($MP-Y*aTbiJiL+z|B4^O?-1WJ zFQ^OF;GXY}17O|JoRN1WU>P=*b)7ubshoGy@eUrhmbI5C7C_c?K?nM8?qYZBHnD5vd#5KM)VfnUkjo>)PYB_lR;M9x6{_eO_9*n(;BgLPy9_FjT7MY6A!VLR|QP*XA z2soTR_;=(fzD0*@feupEXV}LxV*g}}XJAPT0{_xG{}HFcH(rHDKDIKRr9Ye zoA6(8HD8tPtl!uNEb~?P!j9U2OM67t{Nj6fQlD{c@EnXN%Vzja+J`}Y1nja6`%Lf+ z!!Yi7NBA{n>pk`2Zha*mGBU(Y7s`kc>q@5pSax z_z&;maIp~OU|cLhTl{PoRSuqE&wdL$;YEHwe#Ygn$Bz=v(?>oq|AGH&95Ad+^9qdO zVs@-f*I*fU!t1DE05iyZ6O#G*etA@@>zj^LS}i{H%Gbj0s4@0q*# zdFE&95c?TE^C|hN_Vw|Ma^&j$3h%p*8~5^I;SzSd6Bpk&a|S%BUwv@L9&xud zDSL$}=X@M{N9yt{?lq^7mpLAf+ha7ZSwp}x?5R)O4qxJG{bDQnf=~G(WF_Nj{xoiO zE`~`D+L6RP^%LGD{vQsP?Yr>r@rG<3y5tnheRksJbFTyESg(F1Zuj~+x2QRuavknY z@;xVdwx@-Qtfj2Qyvxrgfp7d^-H112dj@kkpF2)B$Mf`j{OGSt{f@m{$}q@GP7Dx#(ldF{ zJ)KD8NbfjFvi2cYYdm~no}@c_2C(2d9^&Kj?bL(Q%%6N(^SunSbnjU>#Krtn@c@`r z7FV$gK7sPM65l1`RUC*T@f*CeOFVC0!C8E4c!n9iCwqajgM)*CQEl{WtUjBE%;Ee5 zHsZ57aW%VSQ|w;d@SJD#1Fp$aeAL`$j$p6k3d`gK$L2wpjV$#E*Ro%j#VtOw8+wtI zrvr)ZqQ`OJ^8N&CU+Gv}!s&UhRoDEF6+X)!Ru%({KU1fdn}TWlNbfk9-0+74lk^GO zk~Nw8%Hb4xr309!D>_pTp5~K?hu~uPgGsoPah6yg!XFIxY^;1-_wXdSz%b0J$Fs^CqrD;VJZ-w> zS@r_E;ziad_}M%MkNQd`Y=!JxgIgS6T|*bv1>|VnGQWr~nLF`FcqTd<3R(E`EO8EN zFb8`uc;UFl63$ak9ludoiruU~UE<%^x;?`1FBu=zx&|&_g^sMHC45Vt_*r>tAMfXg zF~K_B^Nn#XuI*TcJ^K?9Ov5u=<_Ht`&7J`)!}t=8#onw7wMFOp#0Tc%;5_}dR)A-H zg-O_9r!WK0u<7}ZXXkJmO!KMmEPN}QHu(&E60#E~ab4eI4|tuw?m6x11AOCc_$FU? zhU;*yc)0d)hQv=NcV(?#_)z<>>fW=A*#%?YxGZiCwre=?Io?y}e40Dv=)~rYcPZsM zo;4@)J#Yf<<*S+V=mbvq)pTfHhuvV>d)Q(VH;d2c5eJ)>!>usOKY$bdxI~X|46`r; zJ1~gbtQ+|vb1eJJ=Wq{p_`3WZ_|_($rQ?~u150qiH^6;(9M|Rg9M8ctjKV#hH#Tw* z+c7?JO2W6nvuE`yT+RmI7S~%R!!La5Bdqd0BxClhu}JzDZqWz)E$!mw`E|aWeqS)b z7?8Z@vhm#OtNOn=^(*_2)5raX;FK)ML<+X&PevZf;tzfUd0LZr1~McD=4 z)x2RG?1*p6H^8lUQhbts0Dp5#!y_Nxnw4K+jOH(O^6B~Q{3Z4HtlrcUJmYAbz;`k) zkY9L#+|(_Rm%c^T)*ko-<~@TWr08gTXn&$-?ReK*{70OVZ{wL=&$TL?23z0k*bBd2 z#iQN~RUxGTQ2n37~~5x?<2aJe-XOpv*O z+VBrU@qdFuxPw1?60*;D*>n68yqq}JlE0xIJP-R~iEyPJ_?F?BP2eUrXO1@C=nI^| z4V;-@@FmU;4(FKG22SQrd4{h9d-^9P$QIzZV_E&$QvUGpaIAUF1#AdDaW#3xr|_<~ zd*YVnEn~tZaIc*Brxe|c5ABcZ@a%bUczU)Tp`RpWcIiB2>KJ_O{QmYOW7;0L6gygf zTKKE~8K<#|6WGh}{*Jh%Yq9D1xvJ0#@yjEf1DhYOUCJNjC=XYl6fdx3!~-=@Bd2H5oAnO-ml^7 z^JDlU?AsXG#{(j}3R|dFc zN4Rdx?J(;D>j`7!&q?!gih>JD^YXnrp?f+{4`+%g)&WK86u~EWgGzzBB%0GdRuo#L;0vKg}!QVMiE- z9elaua~K2ehbiMT23*ZA@_g2j&Xt9I{t1~`V^|LymG33#583E5|46cSaE)I0`1n+; zUm3okIE=YP+QmKNX8XhT_;B8Xp=;UuhHOzEcGv|h!4z!47_2?3c=PSBUG>NB_(Gja zS%!YY5nv&L(D@h8YrW*4|n+xE8cG5d!hF+x5*`I!gILy|d;eeq+= zmpDP+;255*QTW1A*UPvt{c)XtVm*vE#MhJXkv7<)_Z#Wmdo7-EkG?Yx*E7M=7vQiy zUrKyVUAt1XF>I!eudM8QiLt3VU8nSqZ|hwN-*JXlV=(7(?$kyAIRFV=mB^YcQ>CIEGW>!j1OHakP74 zf!gsLtn$4ixKk&rvp0B#Ygp#zAJkelK0ABvTF z_eFomM18%^I+tJxreJIM0=sZ{nb)hWaP&v(T#C=L@g2x2WAok_Ur!QKaNWCgWWn}v z09Z{1Lw+>dv_^$xHnhd2Kra#dI`@{wL|4!c3 zqHi2Q9ypm^eb>SFC9DyGYkhaG-aEg=<|}=>K0oJJp4!aX@GaF3lPNqO$4`I`J8;M-haofd@%TQ-S3J>sndDnh*My`W13Fg$M0}LXRz~R`S8l~iTMDy z8bw`S@V))tZd0#r4M3lOY`F> zJpCbK8RorHNLO?UpW(BVXFvMvo$~0~(RX+JMq2&m#c}lkcK)~aiD2ojuK}z5#Z+yF zqdznCzlL+l&*o!^pK5KJ-*~Ia#@M`bY>tL?`o~3$G|j>qYs>g z4<+^DNqlS#rEj>%8i%c!7xAt#_IJf!;RDa%5%vL_)^Ir7x(fc|XE?G8{tH{M{?a#o zhW_X`-oe+#mv|P8<4p6D1efujm+%a4<_+a!J_6ss(f8KOEuMp8HUax&L7w_U9^!`l zXIvWJk9@2_5{I@%);DP%FY{N7&HO`8)=2S9$k;e>2)?mCm&ifvn+)-^`O%n)-v?l- zzRv(z6}{_gK<(^GX}^w7REC-1ckm7CnGvh^p1E`H8S|y_qOstwB)C>aHePE**rSh* z-<0py`Kx#b$H3je!NI_mviOJpZ10axNX~STeHy$A*Ekse@jv03|F0fA=iMFgG;tMN z+5Hda>Ii<>Ex zE#=(&m~v#Wk292$;3m4JCtQs;vmV9O=4A5)Y~o;;lW~jkFv|C*C!7rr)|WUBrsxtU z!cwptp93DvJ^W$*I*y#<*|=r6Ru8 zKZ$*?2{vv17e{g(juYQI;^i=)HceB1o9A%56zcAo?budZpzB}E=$9JuI#+-#;CI3U&{Cknq zj?X70aoJ+iz!>nDg(=8%^#o!YX|Wj zoQkVqnvEE*)Mb~xQ2E7`zh9XwhqC}L^lI%UZbP?Z$gc6XwYfNgxUcKp1ENo|WaBVTH{A}@KTqyQ z{`5?z^sio+*2dxC;qV{zhfe8Ud;CjyII8&?2KcnrOSoD4e2m2R;%jt2I%`9ihIM<* zzB`JeGhX$=wtaVfvnGV&j%6J0GhYL4*<&!wKJ}lEg5P0AUAPIe> z4%T2Azrv)s8kS)T@6ZE3#QXPf%l8vUFh}bn?&FW(CiqgHdT@5I?OL*H?$NjMbnjU) z3FofC9?T{-=NuOsXZ#5~EoLb8!Zs3n5ECRL{j_c-CtNSa06*5GdQ%ooos$=^ zwvi|q!XvwJoH^ERH@9O&*+ITjp`WIjN zp*m-aw+a)+FmzINkKehVBgvYAZHs%r0E~&bS*Iz>--ZjghjEFV;Cew`&&h}XcDxrRLAD`|t@0mm|15(Bc9>#`Xi zW`DF5+0AYZ8>ACi+jJ%21pcz?)-Tcm@4&#oLmeNgviF?NtWQg+`Ws*RlXXr$zak@e z5M!ukP7Z2~E%Cj4maU7e$=Ev{b4^T&Z|gjJ01L7jb@e~Ny7dcQ5-at75gvv!n1(g} zE}z&M4hP~d?eT%F+u_oC32cf_&yRqcy!Qlu<`y=fOfc;jT=TQ>Bfjl8hGE#_TRmBE z#Lk`SH(q_Wrp4!Yo6lj+$vO+BU|LL_y})`n8Rq!TY+Af1en^+ou5)W={uh7CT7+)Q z57vG8jS}yI@|nbi=*N5^?a)tr=1*4Hd(vmtuU)Bz6-y|n8Cj3JX3m0Z z+=r*h(LCy1Ly11bJQCkz8`eVM8}bW&#{=~zpZSXF7NesR8UMpIyzvcWxDIB`9Y;s& z?jQokYp{m3-V&Q*)5=*_ zC?o#Nu3^~R&mXtPEnbnBhw?a?eeju;4~E6=%qfXwL`L%?Ir4w`*rnHzy{DdYu~fWZ zy{BL9(GgxS&q;K%kcRH-`sd-Lj`!U9Prq)L((gKcxw4dTtv}8FTEA4C<2yRu&w?Mg zgeQ15?@Qi&P!1+;m&}FsdGXv~t))7y@ijc)*5I0Nz&GY=h@<&F44Y67pM;Nk^XAQg zZ`@=Z3EPQG*cHxX`}h(EdoDPJ zFLMRIzvI~av#LqC*dCU=(;RcBAIV{3WxM-icO!tT+hB> zu{`yC#5|_+@lRLq^n5-dM_6&4uV>hDV$j~{^qE|h%RAzJr;G0hZ&_E9>5^Q{3v>++ za1E!p8s5wY2j&032R{L}wHOTHUmPDCi@=S8dwPUdS_w~&1m+Rg=8OzYW^CbPRY!6XvX8nTEsm<1< z(-a(9yI0)<&+eM%tOwl}mvB$)*gGNiU~p=DH?|?AuK9W17qUMB$Bx!t=23gy{6p(9 z>#g`BupR!TYrZ$W;`f>>V9q=1{BLtQ-iA&g$16)2@A}j9H+aN_)?GLOe#u-C zPxINnFD&_;W&2bxAKwip&J)>pjKi0`Y#4%T>%90PuK|fuWy@TL4DEZ|i!|u~(I zuuR7f0#6<9=@_#<-bu>1>S+FnW0p8hU0Nq{lFh;P%5j~X?+oLOq^w`~n(V-Sdi8Di zy2^y_Q$EKzu3g93dABauhGXY^5xm9Uam3$`);n_I5&T;?=YPODUmIrmEO2bih>Q8U zdjIqST;7v_$ufBS$w(9B~G4r z`sg#^Cy> z)_`muE+zgwOp7U+1N2e+j;~B!S$lZioa37BTUg_U57QM@4WJH?cWbay~-z! z@oVQ})HoMYiFh;CI$ytpw8ryR@G>|I=g^0>7@ga9HCI;yW3PhVaHG$-6p!#vr08UP znEeR`TwcPq>wFt)I`2)~tayaD1iZpHd`{CMrjub7R)gDM*Zuex z@XN2_C(Kji<7gZyllZYUqqQcP$kuz-ef(r`bM}<)jlgl@DEJ`H=yT++9saeo1pkjN zY8~)Q#aRboR38#w-f&jc^Ba*$H!z*O@lVzHupI8h&DJTAruquPZL z=SRh(IG3&1+cvhuxx1aEUB~plUz?xbxN&2|>&+M5O(7>T>Pa6YbA$I8BTL_(vd-n7 zh+$?OvZFs6ot3ZmDZs5N@7ec@^zUw`8h`c?-(Tl(+J+w%UN9e4KgJrS$_$;tg=_RA z9*uA8!!^PN<(fzj;Qlb?FnVCFgU^5 zo(O-KkA?%hgCWkYtoCrhT!vHQbP`^st2bA@S6C*5mP#)1J^as?^*=YLlS;RqEPvU% zLFUHblHQVVq2H{j>c)5LT&Iha$uZB;6<${!Z}DN3iT>=T9n@UQUoqcGd3Jo5KBwMb zeCb}U&5xdy)$94-)iL$XpYd7zL#!?Dv87*p1mm$E6uyP?+~X5vHXI#Eta_!o+ac(}-Pi3?xFC?-b{zV<>wE~V(kddxne_>+|R*}EFzz&KhQLE?wP0&IBC%{!6a z&z8ixs;47+7fJnM-rlc1IyxF<{DC=svlPxBAErN^GY81pv)1*#l75Q0dygZ@dHe%y z!{YVp*GJsaK8cul#wnhojCY9~@pSrSzsdV6)`9#p@0Zw5VGGG=b9U@9r;FdKx(6rM z`3w484C8pNQpswwwy1NPf7!$)->tY_eGc9?92p(KRrYhUXYM;(HIA`1f=66!|5-{r zz%vqFx1O?pXZ`58{Dz8mLM3y(JxuX7Ni56n1c~oS;c0zxu21$^f;)Bgoc1yg*f-Zl zd*fm!aGN!sYmz$E&lgq~{!M&2zLo3ZE$2*R94wRl!}a_~b-vL}u3a5(FM*PqIOdqo z>iD+G*(a~lWgo;1DHy^>dNxf_WvYygR3+5+kX?2NvsSmakcmzzg_$Ohpl$llriAu`18hPOl%^* zdut!h8kx^wKEnIn^|w!Ht;ko#=lT%;Vsvi%Pxmd{A@jG zk5@i*hEF-9E}te`CDC8CI@az!TMO}KfKLf);3P| zKR$i8OIg=r*QwVrvgy~R^YF2cWc=}}XQVpc=pfgwj(0ABlIMmS>ipG}|Elu(pZToU zid`3V>y)GMv3F@CTvojpJZtYFx`j*szuVf+eK_`RlXJ0Ju@&e1X-9i$l9+Gy*~Jdv z2ac7&mpE5!#&-j}w_*LIT?uDv-@Ku`cTemKNl(bl}&Lb!{mnP!TpT$BX>pGtk3%Bm;zgdC% zy+7eyO-Vn!gXtOX2R&Kw$-GB_Z>?W(ZT6=5N8Z=u4|%swyL@W?yM1-Zeeb%clP!s9 zvI}d#jJewFIQAG>{y{x6Qk`#PooiRe%a=gOc@qOsdwqUy<*!%nY3K@8B)(+6gX|IW zw?wx&n)B`1NZzwlPEL$A`;_+G`L=w4gNjpoXT$pFrrd;t}4l=QG1;{Al+Q-*7JFvv;YylccT|BRQ_`=2nr7 z*?WZS-dp8Hs`KCIJ?qHfxjvTM`5+q(sq^<${)ftI5Z6hiUzP60XMU$Oo7jNg`Usb~ zj-$ozY78T$h0kEs`^es}U>C42rlE`s|NZ-6`~hn*nP1?(c$>QC$@jh0frs7Kh8T%! z{9<#1I(+BJZ_gxI8?w#dF-Q0HG4`9I>)suy_gbGRd;FDmwTw;i%4GGvYICGIhvTbw zas=``9qFL!q0R-25#J_|J7Ib=zlt~WL#3>*#B2Gi9Y3Q${Rt-F#M%pwi)%>u*ykGl zSU1|AaV~p5LShTr5m$r3*n#)DCG~n|+B5c`CET5Q#HE8#SQir%dvh&)8xOTV)!uR4 zH|B2NWI{H7RCSM3=Uej2^{eCaD}lLQ>hqf_f3EV6DsNKhnT`jxVL|2(h@J5n_{*-r z9t;LAIc_SdlVHrzd&Smmk~N||7wbW(ms5}RCEvpDdS_2F-(%++c>h|;_Y?X%%JGHr zesk&`51g)zjc=36o_*r|yS%C*)5n|6S$vOa65t z!M0p$v}dSTPTUQa=Lr_^YmV;E@U-y-=FjGH%KIH>KC-nZzuNu@pV}N@EotqlKkyCf z+Vrfr$&DK~Hs39&e&XNQXqs^}R%15y@va2{*7=oRK@cynRC>cdTXEC+Y(wPFEB|BV z>^Y8@Lh;>k?Wz5$Vh^_pH|FXpa=sLNJ4!Im9`bo!OX?Qquvh5&3H)X2$P)9&{Bip% z*=JPORNsi>R2>X%?wlKwu^Hp3hO-T$KEJW@$13Bn zA6K3ySb-TC|M@(}PhGmR6ij=Xe{IiC?8NVy@-OPWskFzw(vPL~_1zeZ<&9lM^%)mm z#Vfi{evQscx3GPNr)nSNWreBt)xFOZw|=XRKdHPcA@1NSSa(eh2A6P``Zi^%E&tEJ zbL^$p>DsRJlfw76>RD?8eSTS2QGLF@vN2x0FVqF|Ykp4Olis&@+pz2UD=NRc@~0~Q zP37-ZhVgwktJ{ky_+7lY=c2Z>scn7G7kzrgTs3tK2VY@$E|}lY&xM8fBrvh)W7hST zSGIBffy#b7?=LIcQ~OTkA67Q++pzW}09?B(xu=Y>p7E?Y)TK^!YeQQvUs6e34+mfQ z5=#QQy0#^O!b`{Zxp=Rhd9d=UD!-xfTPoWCe@EqaP1(6??kS_}_|28A#%CX@Oy&{& zxWeyDK35;_Oac?G@FGmXR`9jR=NDRPO~u3!1U7ZK!D*-MiE>`fUqdxn3xUvoan zUs?yQDzfgG(o?I0oSr;=di|;EC*R%NIK6)BT9yBN9yq=JPfwLl|Kj>|V{`p@yd?0z zzs#@y*LQ~w{&;@%VwpU4FHG*?!aipG=omFF6uyZtzkYgsb#!|D_@Q?Ft*6(Y zd8A$EolN!oce}hYLrmBIqhEjEU~~On`}Nh$&GpB&uHV>Pe`xFaJ9GWkBU{&hJJ)}) zb$Rt$xxUrS)#&Ju!_T(M-*+(ef4iG29UbMjn_aE0P1m=pS*>2VzP=?*WlEyzIiA<^ z+VyqYXj|!J>+8SVx>z4xyuSWF^XvDoug`|HTGha```vl@)%9_GK3oG<{;@OVZ;b0_ zF4usSf9TAOce;LNxU1D`UB7jv`04@I&xm2QdYS8I#6S>r{pqvyxOj3#Jge3Hu0OR< z{-Ca(5gWnP^|RtB0qwc|*h2j`s{F3&3&mHjtnv>n+<52Hs|9hEKzCnX5c6vFz|*S* zF_)lsUtbV^Dd6eV&lkG6y6@@LuJQ|NDaAa!y6E)yItT zbM>Lsy>|Vn#eP1#dT89$W0^hwi$)?6Swp;(=ZDT$HbN zmEXma7v#;K(UHfTg1-JI=zI&$p zb>lkg08M`5839dx<{3due(4!OOn&T{0Z)GK@k6r?O@8v30Z)GQ$s@D!@x$i>j^92* zL=9_<_hi?)VAncg*Sce-vCTT=m;u!xAT?M4V literal 0 HcmV?d00001 diff --git a/sphinx/_static/img/logo_cymais.png b/images/logo.png similarity index 100% rename from sphinx/_static/img/logo_cymais.png rename to images/logo.png diff --git a/roles/corporate-identity/vars/main.yml b/roles/corporate-identity/vars/main.yml deleted file mode 100644 index e69de29b..00000000 diff --git a/roles/docker-nextcloud/templates/nginx/docker.conf.j2 b/roles/docker-nextcloud/templates/nginx/docker.conf.j2 index 06329d83..bec1e7b6 100644 --- a/roles/docker-nextcloud/templates/nginx/docker.conf.j2 +++ b/roles/docker-nextcloud/templates/nginx/docker.conf.j2 @@ -71,10 +71,10 @@ http { add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; - add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "noindex, nofollow" always; add_header X-XSS-Protection "1; mode=block" always; + {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %} # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; diff --git a/roles/docker-nextcloud/vars/system.yml b/roles/docker-nextcloud/vars/system.yml index 3b066e6e..7299a246 100644 --- a/roles/docker-nextcloud/vars/system.yml +++ b/roles/docker-nextcloud/vars/system.yml @@ -12,4 +12,10 @@ nextcloud_system_config: value: "{{ on_calendar_nextcloud }}" - parameter: "default_phone_region" - value: "{{ locale | upper }}" \ No newline at end of file + value: "{{ locale | upper }}" + + - parameter: "trusted_domains 0" + value: "{{domains[application_id]}}" + + - parameter: "overwrite.cli.url" + value: "https://{{domains[application_id]}}" \ No newline at end of file diff --git a/roles/docker-portfolio/tasks/main.yml b/roles/docker-portfolio/tasks/main.yml index 90229482..550a0a95 100644 --- a/roles/docker-portfolio/tasks/main.yml +++ b/roles/docker-portfolio/tasks/main.yml @@ -36,5 +36,7 @@ when: not config_file.stat.exists - name: add docker-compose.yml - template: src=docker-compose.yml.j2 dest={{docker_compose.directories.instance}}docker-compose.yml + template: + src: docker-compose.yml.j2 + dest: "{docker_compose.directories.instance}}docker-compose.yml" notify: docker compose project setup diff --git a/roles/docker-portfolio/templates/config.yaml.j2 b/roles/docker-portfolio/templates/config.yaml.j2 index 3bcd0473..8636992c 100644 --- a/roles/docker-portfolio/templates/config.yaml.j2 +++ b/roles/docker-portfolio/templates/config.yaml.j2 @@ -10,6 +10,9 @@ accounts: description: Platforms where I share content. icon: class: fas fa-newspaper + +{% if ["mastodon", "bluesky"] | any_in(group_names) %} + children: - name: Microblogs description: Stay updated with {{ 'our' if service_provider.type == 'legal' else 'my' }} microblogs. @@ -39,6 +42,7 @@ accounts: - link: accounts.publishingchannels.microblogs.mastodon identifier: "{{service_provider.contact.bluesky}}" +{% endif %} {% endif %} {% if service_provider.contact.pixelfed is defined and service_provider.contact.pixelfed != "" %} diff --git a/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 index 392cb05d..8d309775 100644 --- a/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2 @@ -1,4 +1,4 @@ -{% if landingpage_iframe_enabled | bool %} - add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin +add_header X-Frame-Options "SAMEORIGIN" always; # Allow iframe embedding only from the same origin +{% if landingpage_iframe_enabled | default(applications.get(application_id).get('landingpage_iframe_enabled')) | bool %} add_header Content-Security-Policy "frame-ancestors {{primary_domain}};" always; # Restrict embedding to the specified primary domain {% endif %} diff --git a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 index 09b2019d..233239da 100644 --- a/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2 @@ -14,7 +14,7 @@ location {{location | default("/")}} proxy_set_header X-Forwarded-Port 443; proxy_set_header Accept-Encoding ""; - {% include 'iframe.conf.j2' %} + {% include 'roles/nginx-docker-reverse-proxy/templates/iframe.conf.j2' %} # WebSocket specific header proxy_http_version 1.1; diff --git a/roles/nginx-domain-setup/tasks/main.yml b/roles/nginx-domain-setup/tasks/main.yml index f2156236..8ae1b912 100644 --- a/roles/nginx-domain-setup/tasks/main.yml +++ b/roles/nginx-domain-setup/tasks/main.yml @@ -11,4 +11,4 @@ - name: "include the docker-oauth2-proxy role {{domain}}" include_role: name: docker-oauth2-proxy - when: applications | get_oauth2_enabled(application_id) \ No newline at end of file + when: final_oauth2_enabled | bool \ No newline at end of file diff --git a/roles/nginx-domain-setup/vars/main.yml b/roles/nginx-domain-setup/vars/main.yml index 6a6c2417..4b56ce9d 100644 --- a/roles/nginx-domain-setup/vars/main.yml +++ b/roles/nginx-domain-setup/vars/main.yml @@ -1 +1,2 @@ -configuration_destination: "{{nginx.directories.http.servers}}{{domain}}.conf" \ No newline at end of file +configuration_destination: "{{nginx.directories.http.servers}}{{domain}}.conf" +final_oauth2_enabled: "{{applications[application_id].get('oauth2_proxy', {}).get('enabled', False)}}" \ No newline at end of file diff --git a/roles/nginx-modifier-all/tasks/main.yml b/roles/nginx-modifier-all/tasks/main.yml index 2efbd5b9..77ba9f1d 100644 --- a/roles/nginx-modifier-all/tasks/main.yml +++ b/roles/nginx-modifier-all/tasks/main.yml @@ -1,9 +1,9 @@ - name: "Activate Global CSS for {{domain}}" include_role: name: nginx-modifier-css - when: applications | get_css_enabled(application_id) + when: applications.get(application_id).get('css_enabled') | bool - name: "Activate Global Matomo Tracking for {{domain}}" include_role: name: nginx-modifier-matomo - when: matomo_tracking_enabled | bool \ No newline at end of file + when: applications.get(application_id).get('matomo_tracking_enabled') | bool \ No newline at end of file diff --git a/roles/nginx-modifier-all/templates/global.includes.conf.j2 b/roles/nginx-modifier-all/templates/global.includes.conf.j2 index c34cac42..85cd62bd 100644 --- a/roles/nginx-modifier-all/templates/global.includes.conf.j2 +++ b/roles/nginx-modifier-all/templates/global.includes.conf.j2 @@ -2,16 +2,20 @@ sub_filter_once off; sub_filter_types text/html; -{% if matomo_tracking_enabled | bool %} +{% set css_enabled_final = applications.get(application_id).get('css_enabled') | bool %} +{% set matomo_tracking_enabled_final = applications.get(application_id).get('matomo_tracking_enabled') | bool %} + + +{% if matomo_tracking_enabled_final | bool %} {# Include Global Matomo Tracking #} {% include 'roles/nginx-modifier-matomo/templates/matomo-tracking.conf.j2' %} {% endif %} -{% if css_enabled | bool or matomo_tracking_enabled | bool %} - sub_filter '' '{% if matomo_tracking_enabled | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}'; +{% if css_enabled_final | bool or matomo_tracking_enabled_final | bool %} + sub_filter '' '{% if matomo_tracking_enabled_final | bool %}{% include 'roles/nginx-modifier-matomo/templates/script.j2' %}{% endif %}{% if css_enabled_final | bool %}{% include 'roles/nginx-modifier-css/templates/link.j2' %}{% endif %}'; {% endif %} -{% if css_enabled | bool %} +{% if css_enabled_final | bool %} {# Include Global CSS Location #} {% include 'roles/nginx-modifier-css/templates/location.conf.j2' %} {% endif %} diff --git a/roles/nginx-modifier-all/vars/main.yml b/roles/nginx-modifier-all/vars/main.yml deleted file mode 100644 index c47120cb..00000000 --- a/roles/nginx-modifier-all/vars/main.yml +++ /dev/null @@ -1,3 +0,0 @@ -matomo_tracking_enabled: "{{ matomo_tracking_enabled | default(applications | get_matomo_tracking_enabled(application_id)) }}" -css_enabled: "{{ css_enabled | default (applications | get_css_enabled(application_id)) }}" -landingpage_iframe_enabled: "{{ landingpage_iframe_enabled | default (applications | get_landingpage_iframe_enabled(application_id)) }}" diff --git a/roles/nginx-serve-html-legal/vars/main.yml b/roles/nginx-serve-html-legal/vars/main.yml new file mode 100644 index 00000000..d68c2ec5 --- /dev/null +++ b/roles/nginx-serve-html-legal/vars/main.yml @@ -0,0 +1 @@ +application_id: "imprint" # Application identifier \ No newline at end of file diff --git a/sphinx/.gitignore b/sphinx/.gitignore new file mode 100644 index 00000000..413092d1 --- /dev/null +++ b/sphinx/.gitignore @@ -0,0 +1 @@ +_static/img/* \ No newline at end of file diff --git a/sphinx/Makefile b/sphinx/Makefile index 917b3268..af87d93d 100644 --- a/sphinx/Makefile +++ b/sphinx/Makefile @@ -1,20 +1,24 @@ -# Minimal makefile for Sphinx documentation +# Minimal Makefile for Sphinx documentation # - # You can set these variables from the command line, and also # from the environment -SPHINXOPTS ?= -c . -SPHINXBUILD ?= sphinx-build -SPHINX_SOURCE_DIR ?= ../ -SPHINX_BUILD_DIR ?= ../docs +SPHINXOPTS ?= -c . +SPHINXBUILD ?= sphinx-build +SPHINX_SOURCE_DIR ?= ../ +SPHINX_BUILD_DIR ?= ../docs -# Put it first so that "make" without argument is like "make help". +.PHONY: help install copy-images Makefile + +# Copy images before running any Sphinx command (except for help) +copy-images: + @echo "Copying images from ../images/ to ./_static/img/..." + cp -r ../images/* ./_static/img/ + +# "help" target does not copy images help: @$(SPHINXBUILD) -M help "$(SPHINX_SOURCE_DIR)" "$(SPHINX_BUILD_DIR)" $(SPHINXOPTS) $(O) -.PHONY: help install Makefile - # Catch-all target: route all unknown targets to Sphinx using the new -# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). +# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS). %: Makefile @$(SPHINXBUILD) -M $@ "$(SPHINX_SOURCE_DIR)" "$(SPHINX_BUILD_DIR)" $(SPHINXOPTS) $(O) diff --git a/sphinx/conf.py b/sphinx/conf.py index ffebb15c..69381b6c 100644 --- a/sphinx/conf.py +++ b/sphinx/conf.py @@ -31,8 +31,8 @@ html_sidebars = { ] } -cymais_logo = "_static/img/logo_cymais.png" -html_favicon = cymais_logo +cymais_logo = "_static/img/logo.png" +html_favicon = "_static/img/favicon.ico" html_theme_options = { "show_prev_next": False, diff --git a/tasks/update-repository-with-files.yml b/tasks/update-repository-with-files.yml index abe75b6c..ad2c8c25 100644 --- a/tasks/update-repository-with-files.yml +++ b/tasks/update-repository-with-files.yml @@ -4,7 +4,7 @@ - name: "Merge detached_files with applications.oauth2_proxy.configuration_file" ansible.builtin.set_fact: merged_detached_files: "{{ detached_files + [applications.oauth2_proxy.configuration_file] }}" - when: applications | get_oauth2_enabled(application_id) + when: applications[application_id].get('oauth2_proxy', {}).get('enabled', False) | bool - name: "backup detached files" command: >