From ff3746d69dcb18d0d2877ed2faa71885efb2edc0 Mon Sep 17 00:00:00 2001
From: korenstin <korenstin@crans.org>
Date: Sun, 25 May 2025 21:06:43 +0200
Subject: [PATCH] Configuration vaultwarden

---
 modules/services/vaultwarden.nix |  13 +-
 secrets/vaultwarden/env          | 581 -------------------------------
 secrets/vaultwarden/env.age      | Bin 27762 -> 2693 bytes
 3 files changed, 11 insertions(+), 583 deletions(-)
 delete mode 100644 secrets/vaultwarden/env

diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
index 9adfcc9..1a27dd8 100644
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@@ -1,11 +1,20 @@
-{ ... }:
+{ config, pkgs, ... }:
 
 {
+  age.secrets = {
+    env = {
+      file = ../../secrets/vaultwarden/env.age;
+    };
+  };
+  environment.systemPackages = with pkgs; [
+    postfix
+  ];
+
   services.vaultwarden = {
       enable = true;
       dbBackend = "postgresql";
       backupDir = "/var/backup/vaultwarden";
-      environmentFile = "/etc/nixos/modules/services/vaultwarden/env"; #fichier de configuration de vaultwarden, peut être la seed pour la mettre ailleur 
+      environmentFile = config.age.secrets.env.path;
   };
 }
 
diff --git a/secrets/vaultwarden/env b/secrets/vaultwarden/env
deleted file mode 100644
index 80eb475..0000000
--- a/secrets/vaultwarden/env
+++ /dev/null
@@ -1,581 +0,0 @@
-# shellcheck disable=SC2034,SC2148
-## Vaultwarden Configuration File
-## Uncomment any of the following lines to change the defaults
-##
-## Be aware that most of these settings will be overridden if they were changed
-## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .
-##
-## By default, Vaultwarden expects for this file to be named ".env" and located
-## in the current working directory. If this is not the case, the environment
-## variable ENV_FILE can be set to the location of this file prior to starting
-## Vaultwarden.
-
-####################
-### Data folders ###
-####################
-
-## Main data folder
-# DATA_FOLDER=data
-
-## Individual folders, these override %DATA_FOLDER%
-# RSA_KEY_FILENAME=data/rsa_key
-# ICON_CACHE_FOLDER=data/icon_cache
-# ATTACHMENTS_FOLDER=data/attachments
-# SENDS_FOLDER=data/sends
-# TMP_FOLDER=data/tmp
-
-## Templates data folder, by default uses embedded templates
-## Check source code to see the format
-# TEMPLATES_FOLDER=data/templates
-## Automatically reload the templates for every request, slow, use only for development
-# RELOAD_TEMPLATES=false
-
-## Web vault settings
-# WEB_VAULT_FOLDER=web-vault/
-# WEB_VAULT_ENABLED=true
-
-#########################
-### Database settings ###
-#########################
-
-## Database URL
-## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
-# DATABASE_URL=data/db.sqlite3
-## When using MySQL, specify an appropriate connection URI.
-## Details: https://docs.diesel.rs/2.1.x/diesel/mysql/struct.MysqlConnection.html
-# DATABASE_URL=mysql://user:password@host[:port]/database_name
-## When using PostgreSQL, specify an appropriate connection URI (recommended)
-## or keyword/value connection string.
-## Details:
-## - https://docs.diesel.rs/2.1.x/diesel/pg/struct.PgConnection.html
-## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING
-# DATABASE_URL=postgresql://user:password@host[:port]/database_name
-
-## Enable WAL for the DB
-## Set to false to avoid enabling WAL during startup.
-## Note that if the DB already has WAL enabled, you will also need to disable WAL in the DB,
-## this setting only prevents Vaultwarden from automatically enabling it on start.
-## Please read project wiki page about this setting first before changing the value as it can
-## cause performance degradation or might render the service unable to start.
-# ENABLE_DB_WAL=true
-
-## Database connection retries
-## Number of times to retry the database connection during startup, with 1 second delay between each retry, set to 0 to retry indefinitely
-# DB_CONNECTION_RETRIES=15
-
-## Database timeout
-## Timeout when acquiring database connection
-# DATABASE_TIMEOUT=30
-
-## Database max connections
-## Define the size of the connection pool used for connecting to the database.
-# DATABASE_MAX_CONNS=10
-
-## Database connection initialization
-## Allows SQL statements to be run whenever a new database connection is created.
-## This is mainly useful for connection-scoped pragmas.
-## If empty, a database-specific default is used:
-## - SQLite: "PRAGMA busy_timeout = 5000; PRAGMA synchronous = NORMAL;"
-## - MySQL: ""
-## - PostgreSQL: ""
-# DATABASE_CONN_INIT=""
-
-#################
-### WebSocket ###
-#################
-
-## Enable websocket notifications
-# ENABLE_WEBSOCKET=true
-
-##########################
-### Push notifications ###
-##########################
-
-## Enables push notifications (requires key and id from https://bitwarden.com/host)
-## Details about mobile client push notification:
-## - https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification
-# PUSH_ENABLED=false
-# PUSH_INSTALLATION_ID=CHANGEME
-# PUSH_INSTALLATION_KEY=CHANGEME
-
-# WARNING: Do not modify the following settings unless you fully understand their implications!
-# Default Push Relay and Identity URIs
-# PUSH_RELAY_URI=https://push.bitwarden.com
-# PUSH_IDENTITY_URI=https://identity.bitwarden.com
-# European Union Data Region Settings
-# If you have selected "European Union" as your data region, use the following URIs instead.
-# PUSH_RELAY_URI=https://api.bitwarden.eu
-# PUSH_IDENTITY_URI=https://identity.bitwarden.eu
-
-#####################
-### Schedule jobs ###
-#####################
-
-## Job scheduler settings
-##
-## Job schedules use a cron-like syntax (as parsed by https://crates.io/crates/cron),
-## and are always in terms of UTC time (regardless of your local time zone settings).
-##
-## The schedule format is a bit different from crontab as crontab does not contains seconds.
-## You can test the the format here: https://crontab.guru, but remove the first digit!
-## SEC  MIN   HOUR   DAY OF MONTH    MONTH   DAY OF WEEK
-## "0   30   9,12,15     1,15       May-Aug  Mon,Wed,Fri"
-## "0   30     *          *            *          *     "
-## "0   30     1          *            *          *     "
-##
-## How often (in ms) the job scheduler thread checks for jobs that need running.
-## Set to 0 to globally disable scheduled jobs.
-# JOB_POLL_INTERVAL_MS=30000
-##
-## Cron schedule of the job that checks for Sends past their deletion date.
-## Defaults to hourly (5 minutes after the hour). Set blank to disable this job.
-# SEND_PURGE_SCHEDULE="0 5 * * * *"
-##
-## Cron schedule of the job that checks for trashed items to delete permanently.
-## Defaults to daily (5 minutes after midnight). Set blank to disable this job.
-# TRASH_PURGE_SCHEDULE="0 5 0 * * *"
-##
-## Cron schedule of the job that checks for incomplete 2FA logins.
-## Defaults to once every minute. Set blank to disable this job.
-# INCOMPLETE_2FA_SCHEDULE="30 * * * * *"
-##
-## Cron schedule of the job that sends expiration reminders to emergency access grantors.
-## Defaults to hourly (3 minutes after the hour). Set blank to disable this job.
-# EMERGENCY_NOTIFICATION_REMINDER_SCHEDULE="0 3 * * * *"
-##
-## Cron schedule of the job that grants emergency access requests that have met the required wait time.
-## Defaults to hourly (7 minutes after the hour). Set blank to disable this job.
-# EMERGENCY_REQUEST_TIMEOUT_SCHEDULE="0 7 * * * *"
-##
-## Cron schedule of the job that cleans old events from the event table.
-## Defaults to daily. Set blank to disable this job. Also without EVENTS_DAYS_RETAIN set, this job will not start.
-# EVENT_CLEANUP_SCHEDULE="0 10 0 * * *"
-## Number of days to retain events stored in the database.
-## If unset (the default), events are kept indefinitely and the scheduled job is disabled!
-# EVENTS_DAYS_RETAIN=
-##
-## Cron schedule of the job that cleans old auth requests from the auth request.
-## Defaults to every minute. Set blank to disable this job.
-# AUTH_REQUEST_PURGE_SCHEDULE="30 * * * * *"
-##
-## Cron schedule of the job that cleans expired Duo contexts from the database. Does nothing if Duo MFA is disabled or set to use the legacy iframe prompt.
-## Defaults to every minute. Set blank to disable this job.
-# DUO_CONTEXT_PURGE_SCHEDULE="30 * * * * *"
-
-########################
-### General settings ###
-########################
-
-## Domain settings
-## The domain must match the address from where you access the server
-## It's recommended to configure this value, otherwise certain functionality might not work,
-## like attachment downloads, email links and U2F.
-## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
-## To use HTTPS, the recommended way is to put Vaultwarden behind a reverse proxy
-## Details:
-## - https://github.com/dani-garcia/vaultwarden/wiki/Enabling-HTTPS
-## - https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples
-## For development
-# DOMAIN=http://localhost
-## For public server
-# DOMAIN=https://vw.domain.tld
-## For public server (URL with port number)
-# DOMAIN=https://vw.domain.tld:8443
-## For public server (URL with path)
-# DOMAIN=https://domain.tld/vw
-
-## Controls whether users are allowed to create Bitwarden Sends.
-## This setting applies globally to all users.
-## To control this on a per-org basis instead, use the "Disable Send" org policy.
-# SENDS_ALLOWED=true
-
-## HIBP Api Key
-## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key
-# HIBP_API_KEY=
-
-## Per-organization attachment storage limit (KB)
-## Max kilobytes of attachment storage allowed per organization.
-## When this limit is reached, organization members will not be allowed to upload further attachments for ciphers owned by that organization.
-# ORG_ATTACHMENT_LIMIT=
-## Per-user attachment storage limit (KB)
-## Max kilobytes of attachment storage allowed per user.
-## When this limit is reached, the user will not be allowed to upload further attachments.
-# USER_ATTACHMENT_LIMIT=
-## Per-user send storage limit (KB)
-## Max kilobytes of send storage allowed per user.
-## When this limit is reached, the user will not be allowed to upload further sends.
-# USER_SEND_LIMIT=
-
-## Number of days to wait before auto-deleting a trashed item.
-## If unset (the default), trashed items are not auto-deleted.
-## This setting applies globally, so make sure to inform all users of any changes to this setting.
-# TRASH_AUTO_DELETE_DAYS=
-
-## Number of minutes to wait before a 2FA-enabled login is considered incomplete,
-## resulting in an email notification. An incomplete 2FA login is one where the correct
-## master password was provided but the required 2FA step was not completed, which
-## potentially indicates a master password compromise. Set to 0 to disable this check.
-## This setting applies globally to all users.
-# INCOMPLETE_2FA_TIME_LIMIT=3
-
-## Disable icon downloading
-## Set to true to disable icon downloading in the internal icon service.
-## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external
-## network requests. $ICON_CACHE_TTL must also be set to 0; otherwise, the existing icons
-## will be deleted eventually, but won't be downloaded again.
-# DISABLE_ICON_DOWNLOAD=false
-
-## Controls if new users can register
-# SIGNUPS_ALLOWED=true
-
-## Controls if new users need to verify their email address upon registration
-## Note that setting this option to true prevents logins until the email address has been verified!
-## The welcome email will include a verification link, and login attempts will periodically
-## trigger another verification email to be sent.
-# SIGNUPS_VERIFY=false
-
-## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time
-## an email verification link has been sent another verification email will be sent
-# SIGNUPS_VERIFY_RESEND_TIME=3600
-
-## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification
-## email will be re-sent upon an attempted login.
-# SIGNUPS_VERIFY_RESEND_LIMIT=6
-
-## Controls if new users from a list of comma-separated domains can register
-## even if SIGNUPS_ALLOWED is set to false
-# SIGNUPS_DOMAINS_WHITELIST=example.com,example.net,example.org
-
-## Controls whether event logging is enabled for organizations
-## This setting applies to organizations.
-## Disabled by default. Also check the EVENT_CLEANUP_SCHEDULE and EVENTS_DAYS_RETAIN settings.
-# ORG_EVENTS_ENABLED=false
-
-## Controls which users can create new orgs.
-## Blank or 'all' means all users can create orgs (this is the default):
-# ORG_CREATION_USERS=
-## 'none' means no users can create orgs:
-# ORG_CREATION_USERS=none
-## A comma-separated list means only those users can create orgs:
-# ORG_CREATION_USERS=admin1@example.com,admin2@example.com
-
-## Invitations org admins to invite users, even when signups are disabled
-# INVITATIONS_ALLOWED=true
-## Name shown in the invitation emails that don't come from a specific organization
-# INVITATION_ORG_NAME=Vaultwarden
-
-## The number of hours after which an organization invite token, emergency access invite token,
-## email verification token and deletion request token will expire (must be at least 1)
-# INVITATION_EXPIRATION_HOURS=120
-
-## Controls whether users can enable emergency access to their accounts.
-## This setting applies globally to all users.
-# EMERGENCY_ACCESS_ALLOWED=true
-
-## Controls whether users can change their email.
-## This setting applies globally to all users
-# EMAIL_CHANGE_ALLOWED=true
-
-## Number of server-side passwords hashing iterations for the password hash.
-## The default for new users. If changed, it will be updated during login for existing users.
-# PASSWORD_ITERATIONS=600000
-
-## Controls whether users can set or show password hints. This setting applies globally to all users.
-# PASSWORD_HINTS_ALLOWED=true
-
-## Controls whether a password hint should be shown directly in the web page if
-## SMTP service is not configured and password hints are allowed.
-## Not recommended for publicly-accessible instances because this provides
-## unauthenticated access to potentially sensitive data.
-# SHOW_PASSWORD_HINT=false
-
-#########################
-### Advanced settings ###
-#########################
-
-## Client IP Header, used to identify the IP of the client, defaults to "X-Real-IP"
-## Set to the string "none" (without quotes), to disable any headers and just use the remote IP
-# IP_HEADER=X-Real-IP
-
-## Icon service
-## The predefined icon services are: internal, bitwarden, duckduckgo, google.
-## To specify a custom icon service, set a URL template with exactly one instance of `{}`,
-## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
-##
-## `internal` refers to Vaultwarden's built-in icon fetching implementation.
-## If an external service is set, an icon request to Vaultwarden will return an HTTP
-## redirect to the corresponding icon at the external service. An external service may
-## be useful if your Vaultwarden instance has no external network connectivity, or if
-## you are concerned that someone may probe your instance to try to detect whether icons
-## for certain sites have been cached.
-# ICON_SERVICE=internal
-
-## Icon redirect code
-## The HTTP status code to use for redirects to an external icon service.
-## The supported codes are 301 (legacy permanent), 302 (legacy temporary), 307 (temporary), and 308 (permanent).
-## Temporary redirects are useful while testing different icon services, but once a service
-## has been decided on, consider using permanent redirects for cacheability. The legacy codes
-## are currently better supported by the Bitwarden clients.
-# ICON_REDIRECT_CODE=302
-
-## Cache time-to-live for successfully obtained icons, in seconds (0 is "forever")
-## Default: 2592000 (30 days)
-# ICON_CACHE_TTL=2592000
-## Cache time-to-live for icons which weren't available, in seconds (0 is "forever")
-## Default: 2592000 (3 days)
-# ICON_CACHE_NEGTTL=259200
-
-## Icon download timeout
-## Configure the timeout value when downloading the favicons.
-## The default is 10 seconds, but this could be to low on slower network connections
-# ICON_DOWNLOAD_TIMEOUT=10
-
-## Block HTTP domains/IPs by Regex
-## Any domains or IPs that match this regex won't be fetched by the internal HTTP client.
-## Useful to hide other servers in the local network. Check the WIKI for more details
-## NOTE: Always enclose this regex withing single quotes!
-# HTTP_REQUEST_BLOCK_REGEX='^(192\.168\.0\.[0-9]+|192\.168\.1\.[0-9]+)$'
-
-## Enabling this will cause the internal HTTP client to refuse to connect to any non global IP address.
-## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block
-# HTTP_REQUEST_BLOCK_NON_GLOBAL_IPS=true
-
-## Client Settings
-## Enable experimental feature flags for clients.
-## This is a comma-separated list of flags, e.g. "flag1,flag2,flag3".
-##
-## The following flags are available:
-## - "autofill-overlay": Add an overlay menu to form fields for quick access to credentials.
-## - "autofill-v2": Use the new autofill implementation.
-## - "browser-fileless-import": Directly import credentials from other providers without a file.
-## - "extension-refresh": Temporarily enable the new extension design until general availability (should be used with the beta Chrome extension)
-## - "fido2-vault-credentials": Enable the use of FIDO2 security keys as second factor.
-## - "inline-menu-positioning-improvements": Enable the use of inline menu password generator and identity suggestions in the browser extension.
-## - "ssh-key-vault-item": Enable the creation and use of SSH key vault items. (Needs clients >=2024.12.0)
-## - "ssh-agent": Enable SSH agent support on Desktop. (Needs desktop >=2024.12.0)
-# EXPERIMENTAL_CLIENT_FEATURE_FLAGS=fido2-vault-credentials
-
-## Require new device emails. When a user logs in an email is required to be sent.
-## If sending the email fails the login attempt will fail!!
-# REQUIRE_DEVICE_EMAIL=false
-
-## Enable extended logging, which shows timestamps and targets in the logs
-# EXTENDED_LOGGING=true
-
-## Timestamp format used in extended logging.
-## Format specifiers: https://docs.rs/chrono/latest/chrono/format/strftime
-# LOG_TIMESTAMP_FORMAT="%Y-%m-%d %H:%M:%S.%3f"
-
-## Logging to Syslog
-## This requires extended logging
-# USE_SYSLOG=false
-
-## Logging to file
-# LOG_FILE=/path/to/log
-
-## Log level
-## Change the verbosity of the log output
-## Valid values are "trace", "debug", "info", "warn", "error" and "off"
-## Setting it to "trace" or "debug" would also show logs for mounted routes and static file, websocket and alive requests
-## For a specific module append a comma separated `path::to::module=log_level`
-## For example, to only see debug logs for icons use: LOG_LEVEL="info,vaultwarden::api::icons=debug"
-# LOG_LEVEL=info
-
-## Token for the admin interface, preferably an Argon2 PCH string
-## Vaultwarden has a built-in generator by calling `vaultwarden hash`
-## For details see: https://github.com/dani-garcia/vaultwarden/wiki/Enabling-admin-page#secure-the-admin_token
-## If not set, the admin panel is disabled
-## New Argon2 PHC string
-## Note that for some environments, like docker-compose you need to escape all the dollar signs `$` with an extra dollar sign like `$$`
-## Also, use single quotes (') instead of double quotes (") to enclose the string when needed
-# ADMIN_TOKEN='$argon2id$v=19$m=65540,t=3,p=4$MmeKRnGK5RW5mJS7h3TOL89GrpLPXJPAtTK8FTqj9HM$DqsstvoSAETl9YhnsXbf43WeaUwJC6JhViIvuPoig78'
-## Old plain text string (Will generate warnings in favor of Argon2)
-# ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp
-
-## Enable this to bypass the admin panel security. This option is only
-## meant to be used with the use of a separate auth layer in front
-# DISABLE_ADMIN_TOKEN=false
-
-## Number of seconds, on average, between admin login requests from the same IP address before rate limiting kicks in.
-# ADMIN_RATELIMIT_SECONDS=300
-## Allow a burst of requests of up to this size, while maintaining the average indicated by `ADMIN_RATELIMIT_SECONDS`.
-# ADMIN_RATELIMIT_MAX_BURST=3
-
-## Set the lifetime of admin sessions to this value (in minutes).
-# ADMIN_SESSION_LIFETIME=20
-
-## Allowed iframe ancestors (Know the risks!)
-## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
-## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets
-## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value.
-## Multiple values must be separated with a whitespace.
-# ALLOWED_IFRAME_ANCESTORS=
-
-## Allowed connect-src (Know the risks!)
-## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src
-## Allows other domains to URLs which can be loaded using script interfaces like the Forwarded email alias feature
-## This adds the configured value to the 'Content-Security-Policy' headers 'connect-src' value.
-## Multiple values must be separated with a whitespace. And only HTTPS values are allowed.
-## Example: "https://my-addy-io.domain.tld https://my-simplelogin.domain.tld"
-# ALLOWED_CONNECT_SRC=""
-
-## Number of seconds, on average, between login requests from the same IP address before rate limiting kicks in.
-# LOGIN_RATELIMIT_SECONDS=60
-## Allow a burst of requests of up to this size, while maintaining the average indicated by `LOGIN_RATELIMIT_SECONDS`.
-## Note that this applies to both the login and the 2FA, so it's recommended to allow a burst size of at least 2.
-# LOGIN_RATELIMIT_MAX_BURST=10
-
-## BETA FEATURE: Groups
-## Controls whether group support is enabled for organizations
-## This setting applies to organizations.
-## Disabled by default because this is a beta feature, it contains known issues!
-## KNOW WHAT YOU ARE DOING!
-# ORG_GROUPS_ENABLED=false
-
-## Increase secure note size limit (Know the risks!)
-## Sets the secure note size limit to 100_000 instead of the default 10_000.
-## WARNING: This could cause issues with clients. Also exports will not work on Bitwarden servers!
-## KNOW WHAT YOU ARE DOING!
-# INCREASE_NOTE_SIZE_LIMIT=false
-
-## Enforce Single Org with Reset Password Policy
-## Enforce that the Single Org policy is enabled before setting the Reset Password policy
-## Bitwarden enforces this by default. In Vaultwarden we encouraged to use multiple organizations because groups were not available.
-## Setting this to true will enforce the Single Org Policy to be enabled before you can enable the Reset Password policy.
-# ENFORCE_SINGLE_ORG_WITH_RESET_PW_POLICY=false
-
-########################
-### MFA/2FA settings ###
-########################
-
-## Yubico (Yubikey) Settings
-## Set your Client ID and Secret Key for Yubikey OTP
-## You can generate it here: https://upgrade.yubico.com/getapikey/
-## You can optionally specify a custom OTP server
-# YUBICO_CLIENT_ID=11111
-# YUBICO_SECRET_KEY=AAAAAAAAAAAAAAAAAAAAAAAA
-# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify
-
-## Duo Settings
-## You need to configure the DUO_IKEY, DUO_SKEY, and DUO_HOST options to enable global Duo support.
-## Otherwise users will need to configure it themselves.
-## Create an account and protect an application as mentioned in this link (only the first step, not the rest):
-## https://help.bitwarden.com/article/setup-two-step-login-duo/#create-a-duo-security-account
-## Then set the following options, based on the values obtained from the last step:
-# DUO_IKEY=<Client ID>
-# DUO_SKEY=<Client Secret>
-# DUO_HOST=<API Hostname>
-## After that, you should be able to follow the rest of the guide linked above,
-## ignoring the fields that ask for the values that you already configured beforehand.
-##
-## If you want to attempt to use Duo's 'Traditional Prompt' (deprecated, iframe based) set DUO_USE_IFRAME to 'true'.
-## Duo no longer supports this, but it still works for some integrations.
-## If you aren't sure, leave this alone.
-# DUO_USE_IFRAME=false
-
-## Email 2FA settings
-## Email token size
-## Number of digits in an email 2FA token (min: 6, max: 255).
-## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting!
-# EMAIL_TOKEN_SIZE=6
-##
-## Token expiration time
-## Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
-# EMAIL_EXPIRATION_TIME=600
-##
-## Maximum attempts before an email token is reset and a new email will need to be sent.
-# EMAIL_ATTEMPTS_LIMIT=3
-##
-## Setup email 2FA regardless of any organization policy
-# EMAIL_2FA_ENFORCE_ON_VERIFIED_INVITE=false
-## Automatically setup email 2FA as fallback provider when needed
-# EMAIL_2FA_AUTO_FALLBACK=false
-
-## Other MFA/2FA settings
-## Disable 2FA remember
-## Enabling this would force the users to use a second factor to login every time.
-## Note that the checkbox would still be present, but ignored.
-# DISABLE_2FA_REMEMBER=false
-##
-## Authenticator Settings
-## Disable authenticator time drifted codes to be valid.
-## TOTP codes of the previous and next 30 seconds will be invalid
-##
-## According to the RFC6238 (https://tools.ietf.org/html/rfc6238),
-## we allow by default the TOTP code which was valid one step back and one in the future.
-## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes.
-## You can disable this, so that only the current TOTP Code is allowed.
-## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid.
-## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid.
-# AUTHENTICATOR_DISABLE_TIME_DRIFT=false
-
-###########################
-### SMTP Email settings ###
-###########################
-
-## Mail specific settings, set SMTP_FROM and either SMTP_HOST or USE_SENDMAIL to enable the mail service.
-## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
-## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
-# SMTP_HOST=smtp.domain.tld
-# SMTP_FROM=vaultwarden@domain.tld
-# SMTP_FROM_NAME=Vaultwarden
-# SMTP_USERNAME=username
-# SMTP_PASSWORD=password
-# SMTP_TIMEOUT=15
-
-## Choose the type of secure connection for SMTP. The default is "starttls".
-## The available options are:
-## - "starttls": The default port is 587.
-## - "force_tls": The default port is 465.
-## - "off": The default port is 25.
-## Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 (submissions) is used for encrypted submission (Implicit TLS).
-# SMTP_SECURITY=starttls
-# SMTP_PORT=587
-
-# Whether to send mail via the `sendmail` command
-# USE_SENDMAIL=false
-# Which sendmail command to use. The one found in the $PATH is used if not specified.
-# SENDMAIL_COMMAND="/path/to/sendmail"
-
-## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
-## Possible values: ["Plain", "Login", "Xoauth2"].
-## Multiple options need to be separated by a comma ','.
-# SMTP_AUTH_MECHANISM=
-
-## Server name sent during the SMTP HELO
-## By default this value should be is on the machine's hostname,
-## but might need to be changed in case it trips some anti-spam filters
-# HELO_NAME=
-
-## Embed images as email attachments
-# SMTP_EMBED_IMAGES=true
-
-## SMTP debugging
-## When set to true this will output very detailed SMTP messages.
-## WARNING: This could contain sensitive information like passwords and usernames! Only enable this during troubleshooting!
-# SMTP_DEBUG=false
-
-## Accept Invalid Certificates
-## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks!
-## Only use this as a last resort if you are not able to use a valid certificate.
-## If the Certificate is valid but the hostname doesn't match, please use SMTP_ACCEPT_INVALID_HOSTNAMES instead.
-# SMTP_ACCEPT_INVALID_CERTS=false
-
-## Accept Invalid Hostnames
-## DANGEROUS: This option introduces significant vulnerabilities to man-in-the-middle attacks!
-## Only use this as a last resort if you are not able to use a valid certificate.
-# SMTP_ACCEPT_INVALID_HOSTNAMES=false
-
-#######################
-### Rocket settings ###
-#######################
-
-## Rocket specific settings
-## See https://rocket.rs/v0.5/guide/configuration/ for more details.
-# ROCKET_ADDRESS=0.0.0.0
-## The default port is 8000, unless running in a Docker container, in which case it is 80.
-# ROCKET_PORT=8000
-# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
-
-
-# vim: syntax=ini
diff --git a/secrets/vaultwarden/env.age b/secrets/vaultwarden/env.age
index 270a4465f88b57144f09eb8b193c9d8706c02bcc..89d30a9cc410272fd689c9cb1d94cb67e26d9468 100644
GIT binary patch
literal 2693
zcmZ9|`CkhR0|4+IsWhn+@+dV#YSz}yh6lUvwX1gUQQO+lT3fp}Nt7p%t0Z*LAtpL_
z(t|E3mB*D(dF09wIr2~xdV1gY$Jbx*{d~R>r5r5R$_(~oQ-V$#t}`ehmIwfN4bW&*
zf#vZqBr*a6<m+uw3@ebrHo#--Aej(G!I~0HVwN0amaz?D6pM)<uqX%=8AdlsFf0aF
z3E)Jrh>_MPJAw}tN9nk7s2HUoinV4LmuF*%q&A#1(XvTMwOf?d|7pny7H~2Qi2};4
zcp2OZ#G(`$Hk<+B3)GavXsSjK#YV(Lb9E>Y1p<K(R4Ael&BCgA3c1(>z{3O*DG7;>
zz?#_6$vim^Ll;tXW}8_b1yxEBL@eJ5;#oCz443(T77EXRu>Wgqf(zmeWK%qxCrsj^
zaS&;85{;8ch8j_zM7*AZ#nGiaK3^=BlMnzcC^ABY<8Y$QHf4-F0%X^4%tk1aOd_bY
z7ClzVrV{x^41}vDM*h4=g%RUz93Vx;iqVr8EGC1DBf-c*3)&LHW2x*?MwH%WGJ{lj
zC<lSY$5^yX08(rhgNSr3ORw03!>Cy(0ya_tNtS5LRw<jTAluj)lqrV5H}VsI)@YCf
zu3QOBRzQqu9EZG#79qhxd1w=wWrxd>FcNvPSfrzoC~&J>q2}@}HYGqoQ_)dM7)D`X
ziHtI%ObCKv?J6i$fYAw&YI`C*g3mAr#3rN$`?E%7sd!{7(2msWBq+O;fT0luYJ#2?
zZHX5VVB|=PCW0*_Y?3haC|d%Jh!G+HY@-S)hT143Zj^*Vibq+E(QFg~ZK6e^g|uX`
zC7NOpGlfuyCX(~BCKocXCM*zyByxCkLVSdYuLWtDb{j$uryHmsp(zr_R1lItR;*lS
zq*)TRRzQ?d$gtA5N;*iP15tPe76zn2(ZxKe(iCsR+s$O65Jj~Tm3%T000x7BGNMj}
zkFjYfQmO&QRLkrlgkEGzij1(qbTDyDk}R5tf$A`5u0jbgWKz%adeyCYJ6tb47=piP
zksjGtoYv#Man5z$io!hnUx_3jrKF;jGuW*@KA-k6dnj(_tMi=bfs}-ZZ-2d?r4>>$
zL;X~19|D%F*Sozs@fV=vkYROw_GeZs@wcx|S07CJrrx$a{R(Ki>~T}&#nJZAJcYju
z6*a;8j*L`1WoKwf_Ukc$ZQT3Ezbw*)FD+SChUBK<UcY;Lu69@M!-a%32G0@3{X^-;
z*6HHCQnLG-v`gHb^xtiRP*M(&<+K60t9*{Od&7r{Gdub^+V(zm<h{?{dNBx*J&_Z!
zXHs8L@iH#gx7YLjvQKqt>nWkt-7)R+%(xl-sDhNVKT6I{;D%>vZn<ZOMtm3#r{O|1
zRnJSdO9DyTj$P4K|9!f|-J|eg8AaXjM|wt`TUXA)qv^|^S*Pf0`YE4}##dSyL8zI&
zxXTdl*(>Wb#U=HcmUjb`eGBoEt2T{#1c`2h%=l+#0Vp;rf7M23_`0oQ6Va|g+tTZr
zeeY-WuHvKsU10g>Z&m%BTb{8GdZ}$&z*v}PAl^qe^y89Be(QOyS3nTYAJKH^*SW=^
z3~ZLDOrHAY*bik;d?bdvzYs%J#K#Uo800Vdvh#~{hl(x~r7^Uw@taQ->~HB<pD*Zh
zJ}y|`b7m%VZR6+s`tXUB`K08T&x~H27t7w2eIW|dOMZtuGKKFA2&qCM`su^l`tW&a
zwiL&yBTV-PHJ(cgzYqR{Sh;uP?t4(NBdH^7{th8Hr)!VCO){&Ex%$VkWfx<5q0)CS
zY0OM-Eqd<$Q`t8IIGwzczk%}}nP0xoI(S>$uVg!1MAE5RPx_+D!@B}LP@%E_-@;(H
zY+dp7tLgr7tW)A(<s+c8d#&TJa&K^oj3IiRaIbLnughPLrU)}<3_asHZ&p}4u^+D~
zh2ug0o-NPkIDdVi_)^~<omKdtL0dhq=v=dU)oWW>3v_35`2yboH95bvW8z4W%U%K!
zSv`E-I<4uLXDE1OLHGFFgOSzmH6>f`!kr~0U-}k)`x2OS;l(_nrikD_y=(-#{a!@U
z<Wc+AcCWkhh_}L~yxa~-4&PXj(5)GJ+#s*r2fLYH-|o8N9%}Qc+SJAy{jMDjG`2+V
z^0vFJz#w@_&)m&AgX$cqD@dz-Wr-c|rq$jk)4QbHYrOMub5VOS>v`|0#TpK&y#?L(
zLj5B!EI4GiLXPW;Y`R}a>v<AA+#e>ce|-i+zm@sSno>j9Ht3Vl0In*TYECVkD6sXq
zc@M4#PRfM)mR8D^DE)d~#=3(pXQNk8>pOp$k9uR*&dG^`9M&vj04tl5J&uxhl<u2J
z;C^1tIdB-@qd#H3UK_B~{=sE@dR>ZJkNi&MS=G@{*CSi=IQClCzViIw-l|8*sUv9n
zxiC?~c2SGpg>@@dW3v&Y+P5pGgB&+k??xuY9?W$@azQIPyDQvwIq2XuLRebDtXWPs
z%N<Sn>ECgeCIQ_?wp6tY?&pjPCaV$gZ$dbqM-^=yzdNS0>`(U0<?jz6?#T^_DR|!J
zaR}cTJO21i<LS7`rJu?_&VKEHSQg$*2rI?N-FsiAMx94{wqM-Qy${9kc;Zrb_^lUq
z?^qY<l3(mUcjl7(Ulk>cU9lYC#5Ttn*PYyq*u7!TIr1LI52rowR==3rcPp-(82WWp
zszt_`Gz^!+>H8E<AGQue?<l21t4B68tR7g@=n;wt+bAC&{w<LoQ+21y7|5~CJ+wHr
zL4ln&d~SQ1CheZv$q&+-ahhfGp{*Y4T_&)(SD=woL%ADW+&3KQ*!j+Z@2_cWu4)F>
z%nmL`bJADuZWi!ex1LYGb`nGg={bI$*|GiD+e=$~FnxokykC?I{20f7XZ!6#)fiJ3
z82Co<g!AbP|0(D2L*~|9bG*q(*3wc^n*&CE5;aFK<A5UweYtpp|FuWUbGBo^UA~f{
zKbNKo1U1gz;tmYU4hLQr)+|;RM6efb!d12=EVtaS!&5Hk>qITx;~8-Wlqb0rjKt5*
zg0GRYmtQT-3IXKa=;YQs^Q(BD(-Qn|JLR=$5;~wcT}}O}s5ZyCo(X*!=tCqA^k@pu
zA;r0a&Rv<wC)RjtUt!nu&JdkEy1qZNeWUsB!dV_W(lNE(&a>Bpy&tX&$j}TJq5ki`
z^`w<8*{my`F%~<KQhoLJ>Q4bu-*a)e-JX)E1HO;xPGbf^V0v-YgXh!eSA5!3S!0d!
zIJO^4q9EJ)avJ;1OGZaF4nF>vx>j2EXx=`5so0jF+e*-Pg^dk)F$<ZbyijIn%Yv?u
zwHwBQ{}>gMtAlfkUwWQV&1+f?`5M1C<u1~1dha9fjdkIFqF(f|Pd#n_<eU}Jq#df~
z`h?y7wqh9IJi2%svFlvG-O8a>arUi;gI_|&CmKE)N_S4NcZP3ylTkujb)rh#8+v>2
sWlI5!ylDOCtkUpZ`e6Ubn#O}#?asZFYm+DQ5SlS6A3i!-DtvtKKWYJ-Gynhq

literal 27762
zcmZ77Q*b3*(<tEBwr!ge+qS)v9a|IIwryvUiEZ1~#5Vr-T%PZKRXtU!y1Kf%x=pMs
z7%lA0oV^@ftsU%{9GtC~-C5xn1xZ|70E`yqY@D2|yd>&Qo=Wl_B<dp8?yeFpKxPFV
z6>&vvW-m@<c|~4cCoL~sR!%!MFIO+12Ai@7fQ?NA&c@4(-OZMhT}hQ!S%q6gTuIi(
zg2R?mjDypR9q4Ff=H|!?<Yrfpwb79Hf10DUJEJ2TCl`r@hnN|=2Z@NigqNeNiif2Y
z3$vJ}hK#5gm$ihFyN;WSgcqx;mOZzey{ERDwxts%7cZQek~NQwjf*2IuQ<1pgo~7v
ziG;bCrIwngg}Jt^i=?-b46}^1hKH1+sKftfaf!(@EB|M4sj%2un$U~durupOE32DG
z0o`R>RoS&XoOPUCfwnBF^13FRVhYw4Qp#|;ERqtY%x+ey%96~gn$D`;;v%l1ta9QW
zKyz&t8#a0qb8dQBMGGrsDUbjCMHw~;b59i#cTaa9r?a)Hm#v4Sstmx?&6UH9)m+I*
zS&iFH)<NAx8z?XBqzDA+O0mF6aNByDd#j3>S+Yr4DtmcwnmQ?YI5>;iDS5f@cuH_c
znCdV~aB7Han`->8Cd+KCYGFkpDdVKB?!sbW!s;O{ZqCNeAtDO21hR=aNQ(iu9o2Lt
zls)9xT$HRt*@1A%ELz%9Zfq7hE*=s<ODAV17G)Jh32{|18D36hRZ|T|6@aa&n1-aR
zl+6EXQi=dIDGw4IfS8+vxS5m)H>Z=ll)W1-i>{}XlZt|<qyv{2r=5d~oF@RFD*-fP
z<ALMku~1Z&<o3{2msMw0w6SuQHs#=z@iKAH_SRB#bz+g=<mGg+cjQ(S)A?V`LR&$^
zRfNPuMuk;LjNOdWLBw0a%-%~`g-uJA*Tb1hUdc&OoP`abCaNs~)R42$5`hzSaki0T
zmiP3u6XjBn0BU<Fu(F%lnDL70+G}Y@syJCm*jn*gns}+R{}&^Sj3m-BHqLT9R=lFt
zJPt~t?lyKxlDb@y?riKb>h_*Mb1`!r7AbdGTWt@34jkg)c@TkqL+?>CX2_lx(8n&o
z>@a7{D4tYtubUIZI`)^8y_gCFtAG9ajG-KjI^NkCn!4^U(hf>t!!}4&N~?euhrC^2
zd<WT(N~g{Xr*44J)#u)?m@#3JIySj%s8_KCPv&{@R%d(~+Q_YMkcs<oHbp$*BuAQ~
zRY~ac*zP(X`?U=EQtRgQbMLws@Do|Itu15kOs5i}k78291&7rf?zOh<l1*cNUn@Z+
z)g+tDDW<ie?K-`Bt*>9C&oP6pRvuFy%f;gvpJGNGx@8RzvmI3J)mv0x6`~2Sg|cv1
zcylHpn&mYT3Esinm0FdyC!tJ6YVeF6xSBKkM(5+?vuGtXuP<zzwU6D0LNNsrP}zax
z=-v=n=U80~a4L&2Q<f$))l^lin<N<liLed@`CUVvysr>yEEV+e+e8984@*Z9)bcR#
zCYDX`43#g;`!?b?Dd@yUacjNcaIOQyLwrVNr@MvqMFUqZh@?;%Ydjy+99p9I4$5PD
zV90x44&XBtDbz01J>!764ituy?VgXn#S9d*k6TVC#h2?_M-^}L05`8ekbgD3mrKkq
ze4+gEuv+Gcf=PC<0w+;euHG^8nXB15S0Bi1LJtZfKiT#HZtpZouMo~ckR;FLr8U@~
z$`3X<nYTO<2~lo!viDv0FadfU$HU<n>p27m*%aDmO_ow1<6sVH<yOvJL!X(=#lm?o
zljt$F;ygAx7i71%Y60_as>GKVhmW9U#t@M7l!bU~%bKq!t7s0TL9_-73~|^vI#W`J
zD|4o^yCY-kDEkb%wj;b=v_HIQ9G=-CA}<x{%T?P${+MWKR=M3nCu_4c{%=I+N@tWk
zQYRD6O^ic%`2CsCZtd-{jb4Qmfg44EZ8%Dt`?tMbG6i+BGG=WM7=2c)W?$VtxPi*r
zONm^R3Z-mprA6+^wkyAdJD{gdnRBPPZzTEKZ*zx!?MLgMwsa$xg<_!LC=Cc2@CdOi
zLnR+?DI}otQsBiPo7X2Cnf-2VpTegvOIm~N=BVh(mX|t-I6PzLoJr`d^q0803l_}(
zX5=|w$wLJVOpcj&_4`&i##@+PK0aDN2@`vqZDO0@%{U<4s%n>5K!^Qapt-4R6J~bv
zc9s8Qm}mjMG@|gZto9h#;s?he*i@c?seOl#I=FWOWH-tq`a9i`k9M>GLy%|!IJPnB
z@?)D&=s^!qRPuRM10L6}`rTgp%Ww;Vx~SOWCTQRN(xEn&?P1lHK7t}bJxx6n?G8n2
z@Gjw#{H;EN*y8oFCrVGvoE-oizB({r1Y>3DtypW<2Z%X$t_*XTn}`0yfNz^mK=H8y
zH}<j!+_6hMVw=>6z|&S@kweYbIi0aJB)h*1EL;^gb6W(dEQMQh#{IfFE<qzFAz9d~
z<=kXKbPFd(3+H(hzb!;xx6`&So8%OYF8>h7ZsmGCprcop>%;WaAs%n4PhmZ339VXX
zUh>|ITFgP%`I@yqRii~Vs2@Wr+Y+%QO9wU@bek=`)9t%;%fV-+>*x$vd=zmBi?HUa
zLB^BMpAcXlXsMTX;V>fEI%mVBy>L+3s>GrGLnBFi*TvPnu1ad1rWmsERgW2cp4p&M
zz5sqaF2FpxFu&6D3YX<nX25MfDGulwiqSZN<ski+x@W1Q`UQ(g$#Kqz>iW&<ZWluC
zAUMF#;QBu9e>{ceeO%#>$EU3Ojl%VekpKf^S=F~OS<RLH&#u}Pi}x=DQcxvVTi^7d
zl*BF=7Xj3~+JWb12Gda{iwHtasBeB;q7Fy$iGYq3FSTDc4J>G#vY;SjxK^WHM{O>|
z+JE_!Uqis=_xs%Gxe&s<;N!nxY*LhUF-jms28xf{(T`vhhP~{;uL)g;%^kYm0*N^B
zXRmN2C}ng;T2aYi_v{g#K@zhg?FKK$Pv?%JByjmSrvE}6In`LGXc48pC=AOT@eMdM
zyj2m$!<p7puRRM5uxDwcY+N^)yKGM_8V`!$MK(?k6QK>|9pEF6h+b{Fv{$UHetZL*
z;u0Bu4jJDP`#=6Uc9@t<QaJElUjVOJgJDu-hR9*@OP!j1`=2v#MU~ZXSnvN#j)~%Q
z!)c7dzR0_HgG#x$#2zXyyBGXXe5Kbi+@N1#CA19X)jZ_6zo|%y>1DF?&mcYo`DFNP
zbcZ<hEGTMC+Zs_g88Z9>evtbw!^kP7AfkeK+rNlL7jP7{0eZs*Dsr*GN21s6&@-Hd
z`IOjGbd@lkZMAQj{A8nva~~Uo1DkDHTDznt{_!^#>XOeRY9yF(CQA0v4xpLiTX<}p
zJ(0BF=PTN35dxb}^IQ!s?Pbn;(CGgx_(wsshMZAs14tnu6C<PSmY#YWcJF{)vG461
z2b?4Hy80Nl-FYt;K5<yu|5~Bgk5>eM?JwMP#a#y8?)VM}QvKTL#t}H!CLvD#Ssqlx
zPA!a5`1_GWLNBt!5=A{+Yev&=SfRuAJ@xzjWI)$m;i)zg&2JE9*El_mY%zt1Z+bK^
z&OG^D%PbL1O7cql&Rq=gwz<zFge@eqB2qy{H{R0w$%mFFh0@pY>IoS}*w~2Ie&BKx
zee8~Up63D(BXrP|(fp3zORW3>sYPvPhoQw}8B-Ut3Sm8-TO4zIIDB*Kah^8j!N9CL
zLN~AP=eJ=;&cp7xT2nI|srffH=fDl=F^v&P{0=>|E5gp`Q0@!0mIH>0IN{>yGj;-2
z1|$z(E<qWu^kdQ2IOBp#EuG6s`e=iP6Ig*>u}!oQEO|1<ety;72aleG`MrQHTBXf8
zH>ok598jf^>xoiS;j_jiXoD1_5CaCwejlkhqj)|f_DQ5O%q~f#A36B;=a!K&)i|L)
zg7!cFo6=pSoK)%?sRbb;kv}qw!Ir4SakxLQViw9Vg=|PHBMV(h7ch7J#Lkum=dyAv
zU7|1sIInU|9LJrfu2$xOcARRKKmI_gP)~w+mgBnq3NUkyO!acOq2J9MMY8ig#VDZg
z>RuP^keX~8F0?yjg}Wfr=Ly<Gvj9u-%xgqR1S5C1<oxfgEvPgtS{@{<Nr=Z>p-uOG
zfH*?$3^W?gBtKd0&p<q^lLX|1$H{@@MF$cq)~B4m^ib83AinC6Fy1-Vkuj8+vZ0su
z?Jc;dm1@Z?*Gzj0%Yq`tnPg-1+#fH9Yd8p&mPR>{^3)e>y`ODBh|#?y{@7~U2Vjio
z!<e^Qjxgym1FEpVEKz|zKFjS)>L<<S3X;tq=4Z$P@<LZ%Hpf!_`XywZwQI}diT})V
zGLiZ|eg~CP5rXw|Nl$~!=f{k!PmT_lR0DE`a?aoPdA<2d{6&qlYdyohbN^bmxt!fU
zfM4FE%IU%G$|Rh16t+Nh4f^fi!lHbiDixr$80G2z4+I8;)PR8T#o(Nl0xe%_%8up$
z)amizde_n(w22=8J-{grsClc_(}ehvA0if9Wjj3K7u{~Nww{XkB|tg7|GJa`={*Td
zQFPP2GcOw;*n}f6H8V?iuw&Wx-`<K9si^S=ADh5wy*w0zWaoA<EXW<;vkHq{8wmO1
zz7e+K0Y%l!P|x|I@m>ybXBcB|Gj%cMNN5KRqyAm4|1lX8xlo#2%<~vtA=5i(?%7CA
zjq*qpvtPcF{F^@<TO0A1(sa8zHfsKI0}T%g!b$jaME75Jqz{}{HP4ztqvm`N!AP7F
zvr?`+(bp#=09!n%b0dDD*UKqG29WvYWuZ(AT0GGf%fcWznchL^)!hfdGR&>q>YU5A
z80oYu*+Hu|u{M1+jojq@jw$_%EAv|#F-mT_{oZ=VZ;E<YuY7fo%h&w+H|2;gW9bz-
zbVM)>vm(nj#)jcfL-#knu~8--s<GlS=VpLmrvhFr&Bs)7xfSPZeL)oDbZ?RkpA&BR
z4Nb%rDWNZgCG=JGvtn_4$i}(EjjNp)dRiuIxr@kxnT9<b{CNy?$OL)s)2h_R6>}oz
za)c<soe*ubxMxircq4ys*cpS{gQ0J?FVI(ghY2BhX6jkxlh3gbAJOi-FZ-Xp?wt!(
zr>~Iu<o7q<fU+Q>J@<e~bb5q=mU1I*>^n>4uQ*87*LVqz42P*xr!)ai>J>=eA;-tX
z6SnL`j%6g`?jsc9jM4^~?_Fh^ZBL$9oz|LQW<FPVEylp%ZAY^8MhJUMH%R3Z7fMn$
z@8D9?$;0eZtBD6G+)en>5`d6x;Lv(d_o#U1?V~hgF}Z*EUxAjhQ}8VP51L&?3O_ta
zGF*ZMoU3m)?-g|Zo~^52>3*ndL5*jrJu2(+yJU<`6a&O&qi4s_rY@6X&J15W3u4Zj
z^-#5ev-kng5nT@bJ;>KD9I`cXx8u$YfA%&03{$9BV3nUqayH5!xUg-&ixW03X_;X8
zGixjfkDbB*2#>1J;av7mwn?SKueCgjZ;YlLD{*amh9zH8@;w5Y`13?VkjfCS41EF`
zxR$xRr6Mt1P#1;^>Z+_CuDoepSUid9&k((we?EnOhmiD8ci~tXu%K7klF6*1C;k~7
zy&-f7P%evC7<ctqA3K`1p^PA6#>gb~NgTfns{0Hvb|nlhA_^eQj?Ej8Z5Em%LZce<
zA?A<$2EBO$w^*em+@k0>p;}~cVbulyz8Jk4p{dqcHdV*t3k^H%RRJxHpycpLL&mhF
zBKLlufO?XMnd7@+SHB5O!ima9R?yx?cx+4z!R$V9^N82n>EXJgf%?_5fE5+oS&sT7
z5KQ%ZdJ+C54~IAu(*??7&BCkFl66??2A(Tudso;OBTPHq?FA)10u5r=<IR;-1m={~
zK219k%QrShuS$`A^x*L}+87b)OV_ud>8z|pE~O#D8`gsaK-$Rq&dy-2A9dn=bGQ+J
znh4$!#w{V7dF#GzvNM9@9T_R2KhGeL31{6($k?Z>NLr5(!}2&fM1vP}#c+7-*Dshd
zZ^EgOH7C#N^it;0!GnO;>1!%iASB>IECG(y-WL><8;W8Co0<s0H6xDh4mEVz5H<Pt
zUpvo0BXaF_kb6o++|dk<6mTR2H)_tj@qAfonF53_hQu1xB!{iuza(ogR7uh|?`c1a
zs)q+|6MrU~{2BzA<WN=62@ES<a1t^8-Lk<L^@T3)F-!ws&Kg+Ia#fplbywQBoBL-W
zq`2)IU9~)hj&AR*%egMLT-1auv2wmz%MMLbh^9ZCW)p|V8kHR{;ct=*MuQ#M`&n_5
zDt6tZHBi7Wd_i)E(n*_^D1(hZVIkA613jC=y@Gaber*^_O%x&s2iW<JlHNv9EZFf6
z>nO{@VW$hv>Wam*BpWVf{#G-ut<BWjAVwb_%l*V==|pN(+&RgO^N9gop-Jf3l%$4I
zd?Q$-cMC(M%NP8oZe`i>oLdif@YpQ*qWkgw$gw<MnJ);MDhdi(@VL&E^i-N+%A#m?
zZK;Kk=;i0QERV4tVtiEyv7VEm$m^%RDo%4=*N&~qWe7Z5<n)x$`A=}ex0QDw-i^I}
z@)ljqeAS~2I`?4ffxy3C%DiG?(#?lrkz|v~*(T3Q>zR_akghoCG1ngVtY(GKSS=u#
zf0(We6I$WC``7`?He4vY;>=6mS8~%3MJh`j9fQBe{t-t08HsksE902b<%;Bxf$UPA
z+pi;t$Uz{H{}}2Iu-vxJAis=6f#Kkn(ENzVSkhF%0^IbXP4)>Wq2Eme4S>*<Zvr%D
zRHZ7(jII!ZW5(nk<LmgXtHeXqqSGoEn%OU=I9@q<Xt__eg}*eesXwno?bH1K2`OVw
zuRIqq$By@tqIV!;#taa5NIQskN4NBQDtm2PI{2*VVoihZHaIN~F9O3M%0CIP_{o@G
zxPzi`4ZF#7M+X#&N6$~F?N{wkc@Xr{XP5J#jy5+-XuViHAIu3$xM>6V_acN`&`pHV
z8a)&vAXG5|KHS;=HO+_b7T2c)1TgfP6^c^i_HLoL=tG-wAuvqn@afl*wK|eeZJi5V
zKU~f{!Sv2CBRG8HTtCcUcUbe9B%u_bN5Yk>58$o(4_>$tT&GOV2~MSLcPei-F#0)n
zW50*V#)<K`(IFL0@f`_6Inri54ZgKvEaPAACWLOB-I>{fG}%!ISqS0uW1xRnpzTnp
zpe-6I#eTIkz`;ofFu*~C<93ZI0miS$UYw3@Qn71e5U<+}nL1Ylm<=RUIfrq5(!#W$
z-LsBCR{Xy;N6iTC{i!>h;K<Edkaf<W#km}%?{UF0W7?`!;_nDm38PX|MqsbFHD9R>
zAaA&Y)By-qPpa42=Ad>oSvMb)=JrCG*2!5|W6$r|PJMc;v~|>8d6$dA+=losuqNYy
z98Ic`3ejVhy{vDGTAGa!em6`j7x&+IT;qnEeCMqA$2e{cWEm5F?#tM;*NplBydS2N
zudkhtpSYCdb*7;WTe14{LQM>v<;*RKc9}giJ81Sr@Gdb@m-E${TWI*$5ur`O_z-Hu
zt5d?RS<)PL%YOnB`fe_XuOVBq&W(rw=W%vfJ+6;e$rhHy5Cy;55G4dTTC9|!g;rCS
zVewwxL4XBs2Zg7_hqF2b;(=PTGE$BkpD+7`1s1Zk>Hkz(MfrB@C!*18r$?_jmD3rF
zqdNH=^s1r<XicA419pZvaA3C`3So2$a7b~)qatt(!RU@kn20amEFZ<!(w_%{{1lBd
zH^t9$UpJ{qA0c>mmFs;d@Zx35k~9GetG!t4g>jj$#>CWYc%By7T@~C7LXq6tkgm2r
zkFQCD84syeI4RSbbmgCL%;)6kScc^Qp&U+jTBq%4o=>)^``>oz?h_)2ZT~_cXQk@>
zXz#{Tnr`E;$(qLkBT*?!>xmZ(Ke8emo)+?8_b|ZS&wrR}1zb>(^bWNwN-Rr)M%mS$
z&hGylGUH(b<V~u#+5ht12RR=cNFlb(jyqB>uZTH6Mi)Uiu#V4=Z9ekavmC~Tb*%P-
z=Qw*FQ*G82o-(Slw;fhBb47pVm3NJFT{86xN~Fp$DXpb~g`D@Gd=E<n;9bRC|5`q*
zE?c>ydSlKZrI`<O1+c}~Ex(NI?vn-^6fa>bQ<)<BQeW*dE~#RDN9G6qHEtQtD#EwP
zTd1t#l)jFZgIcGzs!zhZJ1@?p^ei%s%{+l9-Ov9Uz{Aq(A{hs3ql8$G?h=jbR|Fs&
zP<mJ%!j!ydHc8W^uY)HC6_9hn9);`#OkFWXi?<d(*na7h(q|8Jgi#L)f&E!;^aC0)
z_Pr}cZ{IM9V;RBwh024|7rmx7Mre9lI@*S=>@U$G_r>{v20^ZJWZBagM5R;ag#5yC
zLSBZ(FT;?G;p3Is3xJs6!n2>PxnBerF0sN#`wxMS31|&7>|EG#cwsoHLNQT&T2m2k
z1k~S}xU?||f6BmU6;fsnL=F;hmpAi@A7#pT(fS(6%x|c0FbPeQ>#VnQE!gQvMS^m<
zxzt4XHXiGr&<(<3Vx103PvI)EhXqGx`z(v17sX`ySW->SbA7a@nN<*;v%BO~943KU
z58af(^+gH)1KQk$?~U)?j#q;aKScUrU**YbiQHe0XOKuU;hitT{5bTqNnAL==(wIU
z>Lze=D46osnhWwxm>+@T8nw;XP0Q(hd&>bi`(^$>ncGkd4kkKVAH&YvoG0v`k%M+5
zX3dXbi&iCTa}k+Og`G%>qaThwm;)QtFUgelZ5=yF?p&TQX<5=PdfS)(ZfIxPEQh7b
z(r>PSe=&=u6$xVi>-SIX{e>}=qIGV?4&zc}2D6s<Av4~W^N}g8_B6vxHyBaa?d>_}
zaG9JK=2UIrW>H#*2$!-FN7Ec%k>ENKCUr6kd{gk^05Fp)qTsImlH`pN<IkGYZ!g4v
zg*g0NXGdX#0|H7LugcG+u(w3*Ey6nTwOK#OTg*5m`9(86&1@p7lt7zRw*KpL#qJbH
z5mwL&uH!#OIV(guvq<tS!A%uHMx$~y{9VE88~zo(K35nUi!E~;GJ+z*Rm*<Z@?k!o
zFr{>x9zsg?xTIgov)2DYPY(ShmfA0qyv$zHeK5tpv0C5OoUIuH+?_r5&=R_0PIPZ%
zLp%dC_VDk?wp{vPYrN@%0jh@}6sK1H;ehXxFxJT5N_ObgW4%`))%hbqnaXPgUO&`%
z>lQ5DayZ5X?sw1anDk<S#oN1oYAzXCDpcl%5sU~s;s}&umZb)IfzS&s;ayIlEN*3v
zIz1%-K@-oKb8&RycCsVQb|ts!dh${xg#x#E%M@cNz`rIt&?GG+dHsdyst5jZ83o6F
z{3q{rwsmB_Y!cQR>R;9%q6N3GluiTAzy^#PJ_kcokC?-*BwKUKw6@Kosz}=33-zm<
z9H9nUD1v?nH|$T1VZX2QYq*RShZ@3{rHq5J!I%BE`IFZx;hc{kRMq4<Y?}!4g8CL9
zP$9W{nP67uMLtgM$bG@~THM_`s@eL={l2JusX`Bo#o#x5=$)qdAR5z{^<!*MW>kNP
zR8fHVrE!2NtyGI|oo&S!*`qw~p3TQBr_^QP=^}bPP-7<RRAgj9kuD(29;vh-rYf;s
zMytkf51Ou|vKtK4_vYMnIa5e0$E%F{)@1j$&ijZN7}-3er^JUdLu4P}PE)p|IK!+a
zLC&U(GPQy7>OM(^smQ*!)DWJY#g6r0ttiw@m_MzDaO=@q^tkUQy~-qCcB=Q!D`Knl
zlM87<m}lri7-zmnp~gE%1Y{6!U`&EwQGWPcHo(6+j<A_kb)G%;d?OTx)qx>gndqMn
zx2882`Xyx<_dkV-{+T=B1g(sUINZo|naK_f|C$95;?O40NS2qO>5%*h2ww2U=qjTI
zF`=Op$;{6~tqHJ&g#{w87>d*(kSF%>)m29KkHolE_Tb@?WZ;wxKj8KKNpS3T1<f5!
zt#?Y5|FQdaaj2*K5>z=r!NoV(3N2=v&McTa+iAfG__AIrOy=>V%M)UBQvRB0dK}n!
zL_5{D^`7}4eJAUc_-!)-z~qXW;?b%y`VF+R41@vo+O4f2R-!)gUO>nYH~{whNWRtC
z<o5A6fQ=E0wGdDVRj1`gEP#u&Us{E(SR+9Wrjru=)NHxzJ&7h+i#eQzqW51TRri<i
zlZbvZgjbl1N+Be%uJn^D0f=OHo(cUHV`-oS*ZzhvhpR9Cg+#;?=@>|W{IOvhECK|4
zGRKD7wmvw}(>3w8-R%lZ3l#flFI_gH&M9e=YI0tKz3ClCy^zal{e?FcInn*RgxpjU
z6D{kha;CN<n>$oXXiY{_K6!vzNl}^O{jQtMEDR_@I?5l)+-i$#B}&c`3$Jnj1x?ro
zP@$@6tg;hy^!J%$DZ+juz6vq&7k`UK`wehuBnyI?8i>U5J!yA-ZpRh8Yx7s&b&9vQ
zGn5tnnIF0yq|@^d9mVjI`bXXHyM&HVvR?>wRsY5w=dcfXc=yKl@IvD_6e{xmDfw3>
z6CK`SxaIVbFEybqaiD*Ks^zFD0}%bjsRPz{NfIg{*~^#Vr85dKLKIapcdvrvK<>P3
zQb7g$Voq(HjWIBZsqIqMr{SlAl01VV=yqzquLwaVInm~OueX;|<}{|ZbHmyCn|TBc
z1MCFX2HYdQs4^#X?tCSzUPRAl^PoLR8kI3ryN?A|d5Hr)QM7O83r<|&dRK4?)wxml
z-Weo31_BAyRCNxqLGAtELKmr%$i2R<YVJhn;;GZCF{?vsx1D90#_yMkEkf}#wWP1$
z{d+oG`wY7jyN=r6-vy4lfM_P)!=L5G2+F!vX`S@~W(3*qd%I>v%;Shfn(#j|UL~rt
zVdUEWFgrgZY$E}P@E@D(3ytC9)Sz7E8M@H~ACjBeI*b#EpCNLPHvY^m*#Z?vVw){4
z(Uv9;GuvTlvPi?4+XpX5mmij8&9e%X+4mbk`q6*M$w#-L5DT7W*`3cpK|7l>J}|bg
zWU9hyM$CT3VmYK;(UuzR->T$$x-O?xA2-j2r79E?z5VNTzLGN6<J$Ks(g^10DdsZ!
z*N<{Ns)f~{8`M;2d3eis`cNo!X2{kCl1^j5ga-%wv$S4*D=`%FfT1JS3#(tC#-kp~
z6spoLd6;;33yth{%RNRZUxJ=6)Umz1j@|?)gM<rX`Jd;}AnQz!ZTBKx1%j>K)8ww2
zF8*7^pHl~{nj`imUNI$<@!JBn{l+I#lP4dgNHn{?NX!q(g9VDVRH^qz8L3)h8872T
zK_~CqI~OcER=p~WTkkc)4HsRa8z2&CxmeJ3rYw|lK_lrpmy(lXI;;K-KV)|2CTewz
z=i3uv0|Ti4S{Qv<QE^oFie2G)Uw?|}4v;Y_+ls)&w2E_vyFQXKr<!XvcBF>ytsKK|
z$=^inQ+(nXQ_H7OWJ4)xb;*QEn5)@pzd9n*bn!DRP$Q#=<#=Ve@&kR|uerl<ImpDw
zu!I+ZZ}I(nE+h}Xf8d+X!W2idybBj)d@}TBr=GDQ&t%`|3At1VA5=LjCRm`*DNf}G
zk3>rwDRFtE&y*uo*^S+-@ib-SGHTjYY#8egfP7>!%5P4;#=@L?4l@)F10Fi~MY>^~
zfI}$jOZijwxe47KXyyrlh1pj#rgF67wt)||I8|xw^+=pn>z7Oo8u(|1S_r)QyURJ=
zhrzz5Kn+WMW0}N^^OMNh(8*brgGLLjP|^pQu)irFZb!ZvVrjoIvlIBd0S6?+b?_My
zf(_BpTZv^+35C@9*QlXUX++qSf4ew)K61$a@HmmsFWgkPoosz?IC6p`nbazR>c)vC
z9G{B<i2~bFXU=wsW>SaBo7_;YyvNfE$89Uno+i?#Hyxo-tqh(CUq&ij8*qX~T{Z}>
zo_nsTgO-Iu;@%9IQw%1IK;G%aA`dyK0AV-M662Ec*!6I-8fvpM3zdns8Hkn%K@2*#
zZ>W{R5E}5-h5?bs5OAlFidrzJzeRNgQ)5@50s{srKYnN5aZWk#<Fb)$QGaq99T}0z
za~LriDjYtzZ{$MoVcxM&`5gUr!QW5}?}PXa3ahFOv0(a!sDyHCrG)X7o!G6T-RC9@
zqNQF@(+Kz+BhJrfsCMV@A|%6n6fl`QupsQa?;)c+Ulf<nCY4GDRditxeGzsVz5Sih
z;dpTnl!dFymheV|*Ld#j33ZL;NqT4H9^L?m9psfGP_BBBt?{RQl>^_`asqdgo*EGm
zg}xAyoxye)p{-_?XU*$Jp<{;JZwBt3{yq2+K5=8+tF2n*_r^bQ&g9R-C-%npJ7Tv4
zyMsr!MwnonA&a!HC_bHz?1(xw%~F*ROv;b;hsydF*dZ9^-{>v@H(uVR1`i)XNn`!G
z+C%-hc^~gZ(aaoV562Pk-eRY@Y;q(nX6SfCX_~(vxZhY|+xR=FOQiEkbK9^1BW_Ir
zF71!yFo7s&W)0zB0klv<ek#Y&M1vVm2;Qb={rfg2j8+Du29VPs(|m9i81z@!fo9}k
zdlZWpd?F03f8^RtHa+YxYQRv4BI%x?;{fW6{P>q8ny_eb=P#`(O;pwuU73X-99pi^
z*4nH5i+DvX(M%K5rl<Pz`&qBY*iEBQ+^D2xYg4Tg)Zx_B5T6M%2x8Y1s)#7bmvvIR
zvHU0%)9vTW3l&29b(;i=|IOck+3~rPT(=8LbT5H~m~|iTK-og@4>w|gI!Fpw*f#QB
z<?|<6kmI70sbG!4*Ev7}K|0}=(TK;t!`{C)=y8sTIuerH1#ph#NtR`o_1IY;?GWEH
z!vwj*a!O4z^3fZSx#U9RN|{X{h!S4)7uArIXtVI<xDtW;Q7h4XZofwn9y=@#dPx-A
ztiJ~m<H#(k*%ND1U^>?raSwmxJgf?TAt)<io$KiPxy+@J8U6zO`8+T7=s$pAc5)a>
z^+|T(S3wC)pML#07@2CuZImWV&-`~Jd^LrED*o<Q(I-ShjyNSa?r)s}d1xR3pYecz
zpFnRlpaZ8S%bjU<o+WLUj`RTjODKOKv~auRLBIJ)<D_6@gnHGXB}u7m5|tm?GI<Gl
zh3g->(lHAhWR;~<+O%!dKm11|V;OHnnIBL0C*}4<=@Bm-{~1115(50laBryTk#XaH
zF{VsFR^~Bwtdb4lBVaLHVCapHN~xX{Y={MzgWq~Y6pW&(KDMA%7<R<!Shp@D#5p;*
zS<w)S4u_K0Gg#F$D$~DyY~dubH4oWX`1RTr29{KiD{+sMGsN~U{L=g88Bewcqt9uL
z>2^zJtO27_KL}{O4IipK%QwR=pwf_k0b9%2;4=~)rh;g2IK&p-iJa83=Lw`LTGf}L
zDqN-}X1kiYeJroR6kGY5X<5`iKZ}TYE+kU%%}NIYg6zFk+A^fEKxIMR%%&L%Jy%_p
z2H1O{vjJ>~m}A;jfhX4!1P`>!Y93gJrr*)QhvSWnq{u0<tJ0V3M@dY@*A@7}66F18
zUfk8ET|@0(!*D5``4~OyEi*(N=?A|#Pxu$JHQt_9J0FLLp<j7c@i=~%ee#UDbUXZQ
z@YpK|M)Xy>Ux1G43=&c*{9w^JnA}g`-mrZbdD~e{V|hG-crW`57m*%$4BTYK;4KYY
zKs>&)AjBNhjJyl%E17SP@6KEm>T&GZ{cSh|hVi`#&|3`VpchaP^Ih)Z%yUcvmkIBK
zzw3<*1SnOlAxt&Qv_CX9aV|5#MD%*UNS(WbX*!UfyY6T<co+<{+RHjrs!u3)hlXo%
zIn9UX>?cc?K8mf@jYh7dh4j+GWUJqC2p$wldIa#96wMRI!h~Tv+v9`t9Z{Fu{qF|(
ze3XSniGz}ESd}iH)s+6^`0%aZ9R412b~6y0*NUcakHnJfqF#fY7Y-Pg5uK~s#nzuz
zz*45Zv^uq(UT^=-wCYRXh7wSeh`D1Pyicn?Ynv4g_v|)c6n;6k-uHnLKD{pUHJ$>t
z8o8yWI1qR>yvwr_kPR>zX?q<b#^Iip%bWNGh*y(0-!0m#!}Z&R+31ED58YBfd^nVp
zVml4Xe70D;kWX`kxEkNTte2B~AJfqHZx-@)I`3(X6_^w>vN8;h4xZE+J&r$d2oLcW
zKZZ_5346ExDStQ8yIzzqRJ8c?rcB}KA5fi7l=4Uwqusr+VCE8#kF)U}Z7!onOD&y=
zv2nrACpsh^W#b=r3cFR17{ZDuIf`=>{9q6cDDvnzE0)NOX$fE63={xY@Wv6Se~(_R
zHJqU5rZ%*qV;d&B&~n1&@1T1yxBQn6nIkII+zA(HpDJ6|Rfv_+Ig3k1w+VfYz@Eqo
z>V#^WI)UQtL{WIc)U<#qkeY~EwO~q3*B{P1<TlV!;7}Vmh}gPm@mgvj_p`y#W{^A?
zgcEc4qd~OSoB9hDg$x&-d|u5@VJhN>qDX_3cpvJ-VK-a{0$vCp3l|H{lKNe_@zeAo
zN%)PRS$^t+AuY|BG(YsHOwDTrI#p;zLl_5}H0`@zCX(<gqVc6dv7Jg-Xo65U<ir@*
z@p~Yp`Cx8$MA#a$M$7{QbhL4^MA-iEX#05Rfr)iN9M<sft2PMmpLey|aXrX2q{PA%
z?Ur1-0fxhAw%)}@N{wHRX?_8)IM$d*SV)$&X=c2Cb*4|5YS(L&E1*AyZ7d>MkFWLH
z8AQMFk7GoQcF3$JIO9JU*I+PV*k>lgm+ZR3ox@q+ha$$h!m5h{YO(sBK2|0@7$9GM
zuc_E$uc<D2uIy?DY5&9-eBIW8x+&JgN!Lsp=;ouGhxl=3>qqKwsaa;b+{Hdo)S*07
zbqtZy5-$VdBlN-?W~C8MNunfHr$F|P_2PT5<-AsTRJ?o9pP>@_K5_OHA-mx<V`AJ)
zdIeojU8*<Wqe4Q@c0L{`$8TYK!yFShcEs}TD@svs3cK9%Kr|D*5~x+=`|yOCXvl!u
zV245liJF}da4@QZ^MmB4^gG^naE3j7p04(Xy^DRP=L(TXh<GZ3OWsUHG*DO#?u3@O
z5tWZhuy3kwzQGf%7NZk-&S$Ee#Z2j<s9BuKEKWq49WCYiNb22NfvVV{AG!k<(C?7A
z4c6A@*2%dKQ1#<YG_=g#9#?(&{dzShH-Z*r?RN=DrB(+pf%HB-$Q1I6063TmRsqA$
z8jy`28~EQ_d?hC6ysS$_)vg>H>+{q!H7;(`H&F;KReFqqO^eLQj9k_!U%X{)`TAT7
zp<ExcEN+z|CY62q#taXA%(!)2+<jQbwFOHO6Wlx!o0wGB-z-KvK$W^W*}E6{88zN2
z!RX*H@Jtn*zto<7H7KRoxBUbr_SqLYTJ9%MH33?W`m!<XaUn3a{razhFv|7P-uZr5
z^46q`6SD;Rq3S1@&Bawtv9VQS;DBV*&kl*<BY}FovCeXKC|Cx-GKJ)027ZfFhex5@
z6NPa?3ZD<|G`4BCq%m1(tZ{Sn_l6I5w9F;T-CYP@(iw{kVH|P3XuAI34nL5&RHdS}
znCfA&;I}aG^c{Z?Nq)GAa7$?Ge3#Lav)2;eaxxXl=<=NiKhm?vek=YtR~I{_r9!}6
zCP*FA1%wY!EaVH_pc~S#D8gopgnMSTXt7?n;A{9~CYPjzJfUmY_ik=SL{w6)&Hv!X
z6+$W{_YYiejZSF}msmmx0_^J1t0_wK*)=?520w%X0Hq-R6snfwrmO^99)bJ9Vhu6C
z;oli;qkvE!ccT0u<-LsLMepSpOKTZcliWqH=M-sV?n&$Y-xbGrGOEN3&0BFutw#os
z;YEDQa$v_bk6j4+)B=8a9VxOcPq~V%;?o%dF&(@3jub7$ei-o3@g;@2wp_Nw)1MJ!
zKXUImaZlU87!G!6`%d(%PzVm7(7cCn;M$bfu-E+J==_QYrNNlCQQ8^ms-9aVzf4Q^
zsCHE%Dd=OFP@MIMZ|p7&UP3f+C=<pq<zIz@q7b+OYIl@d19;lV)L#DXWXaV^Upe`W
zaj(7Km+PdQi#x&?EO)U*nme%mnMm`dy~426<s~AUOk+j}EKe+?U03yk*QYY<i^Zr8
zdEuI}7n?AD8QEhWhNfgw1I_!4^<A9rrporAMd7=VajtsYLqO;}inV7aBZ!OAh@v4o
z0RBAkEV$$!I`1&m|FYeo4e3^F7$|XCtD}cV{?{R|qb6Ml&cGQb#I3_`02ox(fFkKK
zocmnEVJ71ct)L{R?@o6-#LFJUTB;bvd?reUY*NR7y!@gcxl9#Z4>(ebu^=|+Lwd&I
zK%-#T_~exxaGSRapzk#-`EA6I39<YVuOJkwJ$_n|F>lEvD!TB`^osD?)on+b)+=H|
zYyCj##|IV-`7MSlm#L_AG#87aTmLX#_B0-i6k3u9R#6UqBuFr_(BMwHfDl~ufN0w*
ze>_J=K|LBF)kj-0D)uQs>M@kNgi6Bg%#2a0Kq(XtDq=u;!cis)%=NUA6#jGB1b&*^
zD05z=#|J@ji+zx_wjVS(cUT(X^o}pVSWtN)Y*xAAbQK1WKB*@1V$^&WodfV~vI+PZ
zqIIgC;P*$WK#wWi*r18C|AqSl*te@Vb<E8;&%Hk0CQ6#;_47&Gd5pa9)vP>D9HdYI
z(c*W2D9QKd2MBh86iS3wro<d!VLJ%MxoVZ(du5y2aJ?vjGT&+R|EqPk+hgwQbz(c+
zh~O$bduYqmRs6uz6f~tOArzD#rX!*$8AXn`wv7`zO^~|wZHk$yi?3z)Z$E=P(mqnP
z9sK?Bz84uOB`}HYRQM-~25j2E`9%GYyR>9~azl?-=`Nmu^p~>Ch&l7BYCZ7QGnCRA
z)JJ<%!mm3q*Z<8WL4I<_k8bld#Hwa6$mqd|q=Qoj4{;ht8-A!J0VfLT`8^hY+l_XB
zG}pnV!(Q<kLTYS=nlR${diAL&ljj}P-K^R`tEe0SpjD0`qsbI6%61ZNo;^U~>+XAI
zdZU|{kjrvMci28tepz#uS`#kK!NJ!l?QZrFMyB90OlVA>Q#<_r8*=sBObJ<S9xcUf
z9KaAzd6%lH-GZB$>1fuzY$2NRRz*l2lZd@yIL3rmKu(mEhL*A}trU^2Am}~#@t`|;
zZ0H=h+dpjWUcH+DYNakS6k!z+3dL-AJ5MOHXY}Qbw_v{=J{?X7k?o<nTaZPsRry#Q
zApNoTDM_{BPL!D#tkMrlox|RvE+^Dx#vA-sa_I<`iEYH3Zx{ai2N6v~q`Xq7b(QV!
zf%h7^MD!Z}{t6sojpcY}fK~t6x<`A?RXK^BI$4d-OMPP}H6bJH0vZXvk#(nh8mk2Y
zT<cX?RX)Kd%((@ArU-bQ(vF~L|Df)<@6hy*-st|kif#Y3!$9Ux0gVoAr6(dSx|)O-
z__jVvKdbFZOeWsAE`uDp=gAq!qW`W9`W)Fg%rf1=lT_P<%<T?{mh}klkH?MitG&^)
ztjO1W8X{$NeD?iLW2l>1COEEhBRb!-W3K*qZ*ebGlPq;Negtiv-8)xX(uZ-c$OnqL
zD-~)L_L<V1n{_%0w0e#yeT1*-z8oHPH&o}xr{^bkzN;T{5R#YYWmT3Mzf#QU%OdD9
z0sLw+KQC5odl4hBYlx8IS56j+@ryi|^YGEC-MJ?+`o}nZXVO2y_N2bQ5azptO7~1Q
z0Pw*pVBgp4FHTK=wwa~*YNCu+VbXw-kw?JQ;CTTU9jj8BZ!5}03I4hEjLd+KSfZ4#
zTUS$sXAU`Amz$Ln_^&vVMqovlTf8n_i^KBY4=d*G0=5-zn$}&~rx+EdU>fs$v_Z36
zZ6#?j`7EM^$`H;AM`evkib)HrZ90Vnh~!&w%e}k7D`h{z)VgyP(wfS09KEu@z~}CU
zcLN8kBOevphdOvvQE$*K@o?gzDzTphdD|OZ>cM=!Elp1vPvPIm0yjehuo|U<2%qTl
z7>e0mR%-R_%uo1Wk30hK1(?0nU=Va~djWN~H081LotO=07DrH>!xbF)>S6UodTS=B
zn5arJV1?1~P~j}rW5Lt>7w?2_PVGoIEVPM?RlKwFLgP_vrnZh=5+^AtN0~OvKYpt5
zl9Bc>R2k9Po$Z9(D3E^lFb3B^+@p#$aW<SwPHkb6v`Vc@v#_@C`*x0*XVXWtycO}n
z_|9pmn~I8<U|D*~Ipm`KDmG!WM%<Ept=nCmabl#ZUuw_@uZo&2tuLs5%8_D*H;%dF
z?(j?|{A`;{tfikRUV(XD_<OAeqk<me%f`NUI6|yeAPC#o!e2p4_yQ<5;>m(Vm<8sq
zhO>I`?$qM?7&lEc<;gZ(yQ#f2P_u0nTHK(J?<dLE^w!3E4n<;-m=4FF=8$R4?B;Fo
zu6Nr9Q#wq#y9M$3PT#?C6glQtP8s}wWK(KCHI;7pg4q*vkI+JxHI4LNFX-ayhz=V3
zN%EZCaUFi_!zy)&5WFuxLdpC&0^bk2-VZiP6`}%npiqxp2Sa32mV8Yc)Kpxerr0w{
zYRA(BROiJa#G&~8D=?dmXXJRW!V??5bOfYW$ySd3Ev%Eb6u_3CDX;e2JG0x<p6(6y
z&=(S|a?~r{u+x5#R|T^`MS-Ku<+5!l9^N-thwUL(P;y)gMRX~j2%^@VHv;Xl-l&OT
zY91uiY4KbOVH=&T#7R3#btZlx{;TIqY&+W5okS_H^owac`!n{K&ri1>FekYhEnMn}
zt}V1bOJ(pz=WWs}WXx|FN2`@((5edf;{gl^!$yyK**&@W49}nw_I-&?e}g*+8fi_y
zG0vs8g<8LM%k}LpGb*M_&`02~Tf_t>OhG~6VguUyUfPP%U_OK3Ex$~l-*v%t<dI#n
z4e~aJRPR{C4C|i}A<H<a_O=|6*~`P0$Kx|u=q{5J-08(#|K@;g<LlA*R|>wgLUqJR
z0XzB;1Ci(UFeWP%tL7dn$}hdS>Cygt+X2fZ7F>)?Q^NgC!4%q$^}xq)T5(F@T+oP)
z1yCyB_>#mTTv6y^9B;RylIV-Yx3@i%>2ee!%O+dNvrY=<cAzz&@>oh8?jlR4*rE8V
z&wt6+!k;CkcmLLAu<~6yIra0%xv)0*Jw8(Hs%rD6_C974ix)DBh9rHp=@F3uLTpgd
zl<7Pxhz2ch%@e%3GK>qxq@O7%a_1^1=40nuqbvW2&ZHG@Iiinq%zm+Xl{bKD_U-EW
zI}U|a55*GywV-a~dJMCo*um`-*J`0sy^YW?VoO)n`SgqqNRYAaI^Yn#uS4*4Z^Io-
zRD#tdj)2O@%b7&#nrJaoafNRaLVDExI*Lx(=+SXhvr7GfQ^XW_D||;wq||5R)gRt~
zUR<Ho^-cgg`}gDCCtTzqCtB!Bod?h`f||bKk7cA&x&aeTYJ~1`v+&4g1#uCN2U`m~
zSLCUL9ZnpT)v-T=Mf`YFU_vX`%pAwoT;_!-ZOx?!0T*ay6g0`~6oF*vziXEipXm20
z`)vpYSzU-&uKBlzn35YWEQV8DYctN1!R6uiy=&~>U0!I!kFrMpDadV<cNWY0Uv-!U
zXzFv}+vyf<Bt;ExT#=nQRJ6~@i`&}3;czgFB5LwOehU9VGTkjgxPH0y%6RiNf|`Az
zfNgqX0(jqXd`EjE#=opG25se<A(9dJ4L4ew5xVsZ^FRA3kTWpOAd<Ms6}PJltV&qy
z%H7kfd4c8C;N)Mc8dXqy9%4Ua3T^q0m0OqhG%EJ}Wx)dxDw(&vS^dKKO>F+`l^$L9
z<})O8Vz{ou+En{j4h{cQV_J8fskF+j6^9p8jK&X<I}XWQsv<%FXa5A%v*c%#KtN=v
zYrr*Vx}`u1ut^s3Miz<x#&`c7EY1jTyPzt?gTL)S7YQf;mCwjQP2L+6#zd=dltisB
zfAwfqe~p}wEv{P`kq7ZhP$*fWFsUH1SV(ocXMJovdz}w2E+d*F{A|0`M7|A9Uf8rv
zkcOju2K&RxqVeoaPmR=~5*M8z;)rM7+q^}r=3HpJi^R*)TO6Kt^!g8zKU4fXXn`t3
z_A_R>MWVQ@DPXDc$`s6Tl%gaZdXEAhie5{_^h57Z*%d3>XFKha8xGt?vy@=CFesUX
zp4xMNe;w*0(eC?!pEA2DRBuLDazYPYuUw5Wo<`gH3eg>3R#gH7o|yOftR<WEUV0_}
zA$l%sIlgp&?T#YnBl4~^%~{rIPykehW{<e>{DPIriAI@I3^kZ<S$tE)m#V>Wh|qIx
z5SUwufj-J9l;6!Yn}f`)PCmlkNg4HYV=<>bm^h&Ca<UC_IBM`rv{XP@J2hCcLR)q$
zQ30%2EL;z&KC1Tk5ucq1bgK=w<hoo1fwrj$%yFF<nQy;5`L9M!uNtA8>O8mYfF>(r
z+h&5aU{dJ7?sF#r!S-iEe`rt;g<&%~2SB!eV~2xUb&i22l~oYwF+M@7?64FV=n-d>
zi0anYAbI(AsV{pZoI!wvz+8;(L>3)c(}%0hk*Efnlq1d_0LNfEa+;-%UVqQ7VP*>v
zSKZ27Ate(#+;)hk2uZW<5X}fhZj(^lX8|wk>~1pu4s;$(^wi9v9?nG80y5FV9#DL&
z;M3`?RnCk__RIp|GUn4ptkICPa(3PiGYK(3a^meUlWJ<godmF#$0ssBF>SrLom3*<
zc4s#$S-jA6!C{Y_JX=vmv#nI>P75d7wc$o?(m7oZz<YuaEG_f|Tqjp^GS_p;vwEK(
zUcf?zS4D;SG`M4zcm?}(NXa7XbMh&xxn4eyeU6HnU1WuG>s9o`btSrYx2q;Oj7Q&a
z_g?bkt(`~NYE?B?QZnSGIlx$qE@t!ym&)!$wzu}OeOoT}eK2;L=|=3k2g-QE{S~Vh
z9P|gfdrjjJvaXLJLgp>f*U{15Xr@38eMlw0MS`%|!8W(=Y6eI?jMKZ1w!crsl@#Cn
z5w{`Df9FxSaXUSlUd{7Z&84{3a;bfsNALGmG^DUtwOeugCUEl3waZHAg22Fkmb1C-
zHRa_+`-7ebTM_S0i?vn(8ZPcO6uZf837rD9Zj;dp`dfasvAm$G_Tr~_(Id5X8Y0v~
zDwFFggx5hJ3YnDjq2J>HiE&qdq5Zt*oHE>R`sVc$2Wlcwrdl!2b@X34h0fDoH}$7K
z4zmv7gJqdmQ>B<5iY)Wv$6NNP_>)ICthIXi=Qe3_d#pkiP?}rIwc==qMgjlU>4BG)
zivCc$;h2U?ZrvH|RN;4$h5Yk<rzc0n*F2$<5;hNL8PrF#^!pM$hAsczF=K<Y<%KGk
zCe^D6fxoQsde=1%y{dR=Z%nsk$gfV9jZoUWfHiMq;LAEK{<&Lo;txi5kxEkq|26j~
zK>4eHdBq<N`XU}5KMeUQE?rB|u`_$|;k!}E;|IU9U9fy3*$J#RXRKRvE&*J^U$+^m
zdf?4;Im^Q?zaPrw@}{TN{+(C4t24MVeu8tfXavQuyce<2bIX~796Ltqe!neZY!2at
zE^7P%VbPxx^Xk5M>6F~?^f7;o+={7;3od4wFv&*hTaBcvk-xKwaiBKXsIPE<hJwC?
z%viEJU##%_dh5U8_~z{lp=#dFvQ6=E5!b<E<x!R1!GeY?P78QrUok`@k8#4jhM=D?
z;O4SOF=pYbK0YdibcU!?yV?6i;#(9)bjiwF1&dtZJ0Y##!)Tzd&jkA4^)QW^5Z2Go
z7=UgIk*u)<DEBsS@&>>6%gP$5ByAM{UWlZD2b=%C3qU5tfMJ_ox-L+lY3%Q9=!WS#
zaMIIK?&|Q5)q8_u&9Mhp7LM#&*iPPw?`9@-U&~R~`dem#!c1@Ww!5!Pbg2b#x8H6x
zX~yk)@P3hCRxNFZ$UGwN?ou}wp-O>J7`3QuczZzaD5C8BbqqdQ9g)DA+AgbE|8W&i
zh;$yU80!s6EYV|tywEPKeZ;0Ojiuazp~h=(^nU>sEa}spYFAbuj~Yy$0m#~$pd;J!
zZhKk-nz!+k#MDWH{2y{U<X%(hw}depnqZ}4gV4wJ&l^xjs`8eokh1qbh6Zu~+wURl
z62<Hubkmu^Oili*e@)5~Ob{LG!njtbty|sD!{q@Tz5@uzope-F8RonUFZ8Q>3gsuR
z8^8g$cGA`>!-Cn%!t5szhS?~SMTzs=q_~K{4<k8D7*_f^YxunbKMklbuC2-y)KURt
zKau2D<~a@u^BpD%BAiWn-~2Z!NHlX$ie|-Sjgijm3w5A^RPOwqLSXbf_qX`+WS1VZ
z{V+!@=I~$MuRomF@w)j;0z;INA9&e`<}Dv{UQ3N8u|;wRXRRqpbt*`vb#8;P0EpM|
zNdsIKGLj8K9%>%9;D1MGZ;qqiMt~UZdy1|I_X^^Ds?ORu*r0e%gl*8%*KQob60~cu
z;nI}0f=@t2H@PA?mkvvM>uWKoHYTb8@)4x>2=%)V%CzeB#$xzu*Fh!JL!y&>kJ{Q|
ziyf{x`8<9iHrI*u*_XCv7Rd_GF1-1VuWz}%<Kj42^KvfEVB{G53PinHV#>?(r<;v^
zsqre$lvwz^D;Q%>CZ!d13My*kIKSIK>CkhvQ9;y~+$(wCmTXxFha;K`hWM7-X&}s|
zXANmp5DdIV$sA6!cw09zQFkh)YetpBwiVjVB<?q)dScTIhYNk&Iimp9-hJxTnO!~~
zk$xdc#MK?eIbLqQ#GZ~v9!^d+A`5Nadb$&LVLk2r&~Iqu_y(Mxn)6VOtOa9s;=~!~
zBd1dEp0}QE)O{$tiu^%FRlvd$8dhp-q%9Jb8n{62cccw%8GNe0;hcZsZs)Ee0CZ`3
z|Fkm6a4msuLIL>JX&tlS-j_8_yj?HMc$dVz%vB=>Nq^t?P>%shg<E4;W%n<*(_cLe
zJsEHDm-!J!L)CIWLFt==3JgVr6`MKz8swCaUN05NEi<AkWV3eM1qJzMDA#?>$<SMt
z`=a$4Qw-1ZKhbcQsuJ&?pN)#r5`j^0Z~A02g~UcwIrdss3=E09<kOHx^Nt09kSW<v
z$@*iia%Y{<lOLeezc=4_WEC&Y*g(ne)<%wC5FFuKcNwO0?B<wZL3}vSOw{=u>EXjT
zf>Ajon-NqLF`@M=fZ?>A{HHFPZo2|rU-{CG59%`O-V=1y_ijIDVg<Egq)&1Oi36u7
zDQ-0YO)8Vz<}@#qz382d;_GmaEc30t7|ZYwf<q-01KNLS;q*FwSwB6C$*TGJP|xd5
z%gz$gZE=fwaQanYrF{RNZ;98YbQh;RoDEMGQ2nf>cO$1oEMd_Hin<7Xq99RooAR!r
zud&JCG4sHnn9=&{bYAEF`M4)609%nB`b3xy@kz_<uDtln)c8V6fnvdyNONvcP};0D
zrMrPD0gYQ$#R~~{3@32$q}uLq7-8^x34F5nK@PFbWVrRI#}<?Z|5=LR5gRZ;>RXxY
ze{DatL**yF5d0`Nd_bhRu^g4sLCjn%rGBHez^BImd}H4{MU2k4wU+#%TOFC`wv6b0
zG+YARsuIiEUt2i<@BZw^b>~sXLwTzJHYJ!^^NKl1^W4kEJX9?rk;|x%jO}<n$~>ia
zJzc6UL}G)<)UsiBoZ)j3QHT6fxUVo1yNo+=GlBlfu$bzEOC*XmuglIO;3xCYE^*r;
zoF<SccBi?{QX7pqI{V-9ye5MHhW8xrChqREmOp@L>bN<5+gU2IeT|wOuGBrQb7%lB
z9w#=0CsbC11h;5hn!R{&srWXZB=<G$`b#!CzC|FbzVVyp`A1GF5EpkFUA+`>Bu!tw
zS>LH0=tT;P@ECg7dHkA%{O9|N4laz#G+%)|o+@&V)%!Wbe3eqU_^#?!2zitdw2)kx
zR?A)-bsU3t$NxT6$<uKV>aIom#H|2jP5nABpy~JEVcOsk_SB}$Sl4_XG^Th#<K_<1
zlmz!yi|k$F76QgFa`H|76twjJ-ZxSAUAt4#Kj6}i80~r~Sp^+@TeO1*2Hj`Vq6Xl#
z)!zLXtjEyHt{+35mUKqdX*Ba?!ifVg_NeiP>zrMg-)o-%J_)1p6?rfZ2zAB^S!^P3
zyy*H980Rf#T`)Y(%P!ond*=+XiTCu$87cnES>ZJztRCCn0u+Kk7B4t)<h-3NMxsqM
zEs9XlM+2qk4C`2?orPpfTX5i`jv6uI<N5EaPa|L`lIS~b@z_!KGzjz>s8qXseX%*9
z#HutVEC;0mt|L=W;-tJzk~@=rvv+PZ!<^S;I11fDAWYYu&GZ2RFtEqY)*Py95y>!6
zRqhPy%<{c-7?~Q9iv%`Vkr}F2p8B$ejdt@Qg61ePyZn(>$&cpf+R?A-cV5QrT3IoM
zMN{%V92T62Lwt<<nKnhm7<Hxz00<6BW0lb~_tN^vGgkDt@;WHe{2red?!E`K>=44F
zLAJ9G9(2tnx|@{<W8hZa3s&itwC({FZ4#ewIobbb`T7N;Sjq7T(C^uH;e2pR&i-Ib
zTqowjS2JoGD<v0J#z!YEcIKs;y3d`fXYQfl;f_q-j6^ttJ4Mg&2}U3?4|b!8M=>Lb
z?TYED`TDzXhC(3eNy{F)42O1nW5Qq9cpaI}%+S>?;a85f{%Hxx&%fO*8wrP`gK=!S
z4xf@i>>wMH`29ZMNh0<U4~hohbX!3t$0d{HTYf@7v7X~cG&OoxQMdL*T33{)O$~Cf
z;k_Id&_E7hbWE}PeRq?17F!FyIfnGNE+?>8DQDf_o}S&0k;KyNIjivYaX%jEh5@FX
zzH^Q^`547&JjUv<6kf!qnw6l6)6siJ=uWTSk?H88!apW_)Q6CDn+E%bkeBIS#7WO#
zLodNe3_{*AKjO?e#jUKnUnV6eA(L;;mD@VN&=NwgP{H6SP2WedBxg_I0q3B=(DfGb
zxIUWODo(LU0r>P`hV;*^J-&+T71J*#?3!zjl)m~-rnSqvTN@@k$egaWb4x{C1*HW1
z!8Um>^3Yd%`83!w#x1nY=*+k8YqB_Exd#3)VaS*T_9WIf%d|qu7o9$3d9U+QcZsEA
z(Jf;lkBFV`R@x@lQT|BTW8@LSb8Yiznj^3nL6vtiWP981tdn2BGURwGYCx5RZNUFm
z_83#oTVwAq!twyCZDRvt!IM)A5GlVXG-TnS*KEwnmNu=iap}`@)rK{i0!eXt0U?&r
zaTWeeEXyN*!j!e2OgKuC*Jlk|Cq(Pys-MC~A4}++nq3g}`e(+M&gY-ttL4<*o|2Og
zoFjuxr8|)kW0`tf*n9W8Gd`}@r$HBbk#r%)eu>QY@Ix=BGNH~StV2NGH0U|aEM>(o
zV|#6jdey!~$%|w;y!FD?`v5>#mw|)dV4f<}1)k2;GX3RSD_P7~hKSAPw}sV|=l;h!
zUupg8oPc}_9m0RP8S;4q#VGy;r{?avn_e|+^?TC$ul{h~Ht9~fioOD3sUo0zJsN#(
zFE??R%7%=PDAqiRxi;0N*+QLD320qf(qbdyN&TK31DyrMXMBf>(fhPA!wzBx(wqxu
z#m>WGCc_y@>e3;A%CIwE(9heiTd15)*OKi`ZD7`?tTaMX)++l;CPZ%ER190*Ht(N^
zY^n*@d;5*=CcbY4sgXsmh@2U$%@hR*vqSTU24rfjAINPkbn?9JTNPH~|90%c*<yuc
z?8kt1t}<cGPTloBvMy7W{+ah?lJHx@NxX~)I`N0E>9{_(@3W}=i%XeqWbHz0#;@Ie
z9Ww+MBNbacc8VwCFQoKVUDJr6?_ZnT5!3EGNLBnWZyi4^dG;0c-iJ!bd{`f-5%#FN
z(73>5>OBuRHxJ}RPVy({n6esc5<f-?#o(;bvt}5bi0o)!$&6Rk3H*$8E;LjeR8aeF
zlulF$C=U|jP4vEvjh8OOZRe1BJHNP%1zoDn`~!ZitI28madMKtj;cbj3}ThR_|b}s
zi685(|H0o~Lx@6UVzrcdFUKoq^sM|rD|KG;=%;Ug9z!hr6Sz%z*vDJt2fJiVS0_+4
zz&iFipHsIn_gy-*q=cyK)Fiq(yye%U#_MO`!EESnt`o+)33SN2N%^u$YY<ZFt!V%0
ziXsjuGnPT8CLjv6N13Q!Sy`0m26sDQD<6gT4>v~(Rp>w6;6ZY|(y&x48b%oUBqjGd
z%LD-p#CZ&e_&rhV%~Cxkez9t1Pk(1}_B{qA7l<4%D=o37w@=fd_hfx-wDnELpbEa%
zmFVbMTY!MV#F9j!G5wjGj1tUB_LZyKk6jLl>a7X<U7(`SYZ&*n{2b{X63ZV-Tz?Rp
z+m(Eg_qLyg3w%WdijCVuG?I7=-B=oUepTT^1rb)u-2%|i0vRWW?qcCv97#CHSq*3w
zYAS+QjwWJ+3~u@cP4VMJ<ajx%iF^2$R)!}nAkf^Pu#F>G$r5sy0PAtS!>@gGjyUqv
z`B@j9Tj{5>r)#$X09_qRqsoa^L8ptz*$vg&EaWUI`Sv$Kg<c<wiw_3d2)qNgDw8sU
z>S<ilssJe;X)ga!0$Df!qJ2jeHqA}dyebwm^Qjp1ad!7t0$UtiAiwE76}tARU6XSe
z>3vZ^s!1*-INo|)SRCF{RZ(6&omf2RWY6vIoaTxkC=?9f!N*2KK*ra2vJS0G*+Qg&
zHbJ6pXQ}IFmyJp1;+CYmd~F^g_e-Cagcn7B{K{Dq^?C=-57c+n5Px<zl>9`j<EW&?
zQuneYEu*KEVN4V3lP}j&W+e2tD=jus(n`2^!5i>$4uIhJZ;S84h{<4Z|9PE)7^cj7
z2Tn#&Q(cd@D_*U+L3O$))@|t~@`A6(%2_@LEA9fnb8iL=^QCb3^)8VX#5&``@E0mM
zoH77bFo;5!iicAyubuMw(dy^5j`)q~d;BlcrTY8*uwoPC(>qgf4g}@BmR4SlxO3;X
zk|5q6)BG@gid0EYXN9&y^-*#7L3u2DK}k~lvYoaeZg5tWMo;vlz*Sf2ktTrZve7o!
zx!K%F(RURD3gdVbrH7!XH03S?g)!e>hLl7_#(1*O4zUPoo%u-CNMY+0-+zM;18K9h
z(;*`es|EADqb%K`)En=NmVxTPlq}TS&(=pKs_sWtzFEj_TG2(5d9LlZT}Zwfq3Si;
z%cds@>W44^zqWrQbv}DS9k;;6BW0zoZ5K2KE&}ngZ{Wv_y|<=GLKR{SB-WVaNl=)D
z_07Fkjh*50Yb%+A+wTG2=WkS!n=nX-^X$LE3dbA>)cSMYFg{icumJDPt<-VouHa_&
z2>79sQcZiVw5x34c*EoTGD*)Dd6J+Nth`Ow>Q{hKu1&@8Nb4cUclh>MjPg^(I45|x
zp=<<iTFDWGN(6qVSKy|LvR2lC{wFcn3%}|S@!w)?2b&KXmlht*fifsVW?m6lklDM0
z119ADsW8FxKnWKSfa#So8oxy6)qWbJCV_2NXX%?1WTE<iKt6{K%;K=1a7xP8nr&Ja
z=W7&`VM$n<3?v7oK@LSHfN-8n&couIL8FU@;_H_zLyqk;wShRs=!XoT>cWgrgAxsA
zo8HDX7r?OFlO@<*dTjF31FKEMD4AIx+uU>*Xjl1ts+3*ZET)~dbK&DVq2C{K>!o&_
z@dYttAh-(L0qe$qVn7kDljPWDH}I%E`P=Z?35^d0xgHbJ*nm>JJ!0sWX7vEbV^&7i
zH8Qt^%6>Xl;nl_vy-r02Lz-O&8Ice7c30LUey6}6ZtrV&#<nrPb2Y}IRlsMIH0Bq=
z`U-k%(4`l{GD^~ziY-CZ`Qx`f{)E!ZA;?O|6eoNzrk?@gdlHuTG;f;Wy&s_W)ax1!
zzJd-{Z}x*XGzz*SYkH%!i>GcbL8qJT>xyrDo4H!KA&&8JKLw%eYyo}-S8YQW3nI8%
z;%KuFHjIIg!uGk`;@dxMrX?B6E%Aq8)mQ@_PdZvKm9RiYtd+%SQ+=PoPo^j*JM6^8
zj9euJ+FpOnIL_IMG>WTo6R11d0>Bt3xXwjf?06$H!Q=@`<=4QeWOx4y1D3Gk`OVls
z#kbPGZ<_&$KGFG_U|<0zhaFMgFlN>F5^ju8w>9&Cn$RMn(-jB$x>jeIP4@Y8k<nwl
zm2Heuv6G<k)KKxtiptAcx6DPzT&bB4%6tI*Q+#>$WO$A#3T>j?i+tcXNs1$m8rA^v
z?+%JrxH+5KH!IQMg_VX%5}%1O+fwKpAu$SA-TPZNQq{e5coy=!qjxf?mq;TcNu%>A
zRN*xI626+ffR~?B7M_ttF3A3(SU&BUU}CHHmnO5ebcyTUiZ=)dSa3*8fwZ{Ee|IMs
zR>Nj9%;b@AOa4`>?*_fz?tqAOo6g)#m9G|m(`6Xd#*6$%KltXNgWjG7P6Ak$IkSqg
znwxD}Qc!Sq_ZF|RcC?>uxS6&{aJr%j^;gN0o`xC)3<X#T_;<ph!SOh%`e-zMk7;|U
zFMbkWyESrIeTr;lM`m!Si<2>t^e`ku%bQOy<FTEH?9E>eFy_IXOr|b7Q|-i1SSg%>
z+{y7xW-i<iI+rggFGtiT>Qb>Si|`{fl*m~a6|IBTcj}IWSM+3FgwG7@69KOr--&&z
za7s*hab3Pj^2AFnBk`(ym}BorS<IMk@j~q?ay2URRej~;n{0p#5dxNZSWY3b3LS^~
z;MF0xn~%NmzpM-i%>qxvDs?cF9-$$>y6CF+4o)Du)`mb0KM26<hufLtY3B*thoFCk
z{-a%0MLgvAgBYLF>!Hf*49?YUTzus?d6>IK_m-puG{;xu?F=i<(Pr+UjWMx_kbPt1
zNR5)8$vM?uuHgy#+aSKA%r?RRDMiwhNEpu*e_;NDSzqkLTb3jBSv`wny}528NUrqg
zB+&d2@9oVw4AL|>!fc;u?#BHVb#?Wi&<0bW1Dguc>>4a9jj5SG%WJ!|zl0(8c8^r!
z+!SgZ1ts1=)}WccEq&eJeP1j#m+sKM^wc=T<*`r(IDs8(YESrU&ZJdC=%6H}ZX(w0
zO?ATnO;1n`yZpM)H5EC<OSxL^LH)}(_Kk(uk>_L06N#SE_eRVq|Hv$L(>;ZZI=N6c
z4CE2r6*W+;(z!#d-#uP+D{DIN?!JX+W6~ZZBxUun$KLJ?u?(7}tcdxQznul0vgf%p
z*LnjP-Yd4c1#7{Au>B*?HwL^xOZFzR^1S>8>=Ur)_uq~XMoahLgMheMt$2^kXF|q@
z2C(05QhkXasRvalnm(O3+>a%x=qL6lF5g$tN)FCBR3IB^!We&I@fpt$h)9v=8lj*#
zN|jgXM)96ygTU-Iv2=!~E2L^sE$=GF4`174(Y}CJe*hx&TX&;@$j9@Uc&%JYx^ggU
zhs_pGjL)+r^T^c~u1Ersc9<CabeGeFx&O)V=GpP@cY`MT^?Ht4D&@*Y9g~!Y>zY2o
z;HbEhpuFCSx|VvigzA>7w>Em61AX|zQR4<w0VROcu5<kG79b&3a`2z)9Rx_k;~_Vz
zbF||sJA;n_mg@I@{dC+Q?L<N-^}24PUcBX*5Xh25ljkL_ZxO6^s8uZH3RZI)Epl(H
zGsdZK?ZNXPIM#e(r#z_{>eG{9+XGDQiVPICUp;RSL{+-a6;=`3tv6I(YV}j%t;kV`
zN%q-sq~R|d=jE9DmA-vH>Cn*}NCOo@L8G+5V~a3^eiZ{RTSn}uG5~OPZoHD_;p`4w
z6=1Hqg+c>!WXz;l&6Axj?CV*BI7+)T|0eSk2=H4!HgX{En}kZBoN6BPia?7Dq0_(f
zpo%FsNnU<jLY-nmrSq?bqB^i>N`wK;swaEFZp-GI<7Kvva`f|%EV5quMb_y*Xi}S)
zTzPS```U!(b*UZahdJ8%glVEcEYU%$!C(U17=H6&{||>b)XR-Iu9YQZUNt|6HKgcl
zxVTmnWCjtFUnVsKJ9<X=FCe-J2wiW8dSj&-iW+<LP&udFHx1}Oj#D)G=IlJ7G;ddI
z+12%S%G8L`|6OjjpDaYF1rfacJi(gbSfGZfR=jZlaX#t2Y>ks;q|)!iI}OU_RR}@e
zv{2fQ=@Lg844JKUb0~a|G6hpX<_)WLjXwpco_1o8fE320Y8uHBDB|5gqsyi-Ry@SA
z-^ZgjeixI(p05|AU9WB*?xt&5hv(U(V-PEY{>(rZw~2U*n5bMuf_CVQtaqnq?X<l^
z<FI|Pp<gjtAx9jM!w+O}6BINc?=;*Qyo7v~4kdgm-Gc**Av^=GtERg(uca3Zl5=8K
zCGPjzxJ1dz>uJq)mmE-x{ojvow=<V;QL<@Uw%sS!%f9iSGlCJS6Q59$7H)7nUj`I=
zz0?{oCkng`<b0nEfD%{UkWmA@(>-xS{S1?y9?#zn;!e#sV>qPV&SBrb-!QcKmuDY=
zCjW6;-M(}#K<%2gA)7JH@&WXjVWIC#THF$IxI}02Fb8-3df5qsQ#|CaQ+XK!w*zq9
zOjF!ZAf8C=4o0tg<Y8Ynk|y%oumItAbPtbXL#znmV7Jh)jyql4dx&X4N!dWG?wWf9
z78@Axu*?+_QlP6LQFtSiDPl#qwSITbWX~jt9l480G>-w5#0c~$oh%sc=e*ATe6;_g
zgG(TYf}2WhaFlYp-x$5q9-|G2$9__yI1~c=FXuUMuu(OnGEP*0vy<2XUNJhTFE-D2
zWBIy16b`b+kiczSlsI#&M~_^0#{;46KX0YhvQ53uNDQ_)h3sqb)d2*sd($F5A;9l>
z7hvX1yfv0C8(Dd*hVAp?#0wO2o;|&AUA~^+%&~+8OaZ!N7BXRw;0S5(Kr@LI-Fi`)
znz1(aK?fT^$DQK`pHab6;{8mONL_lu{jM|h3t^90=2U&G%fUf|MU@6$F%hHhLUc3<
zRRH=9f^9vM{TPwdX=w`xW^EEV?>6)4&hpFhR}yd?;F<Gk=5Uh$FZX+Ky=<A?oQjdO
z<oeuwE(V1QC5QYztAzpln#e9{s)_2#FD*7)m`T`<T727y;uQD(<|;ZbuZxs`><#BK
z^@oV7anU&Ah*KoXkr^f4;r=1JV?8f#umc0!*a%h|TaT{4?ADIMAtEY7YD_NGVIsH}
zo?v5;JNC4A-qg13`RxT0r@JZ}ltm~A-vZ}Ec##_vz<3J?+???_kEQc9wLYsy_l$m?
zl|)9eU9e}-7W5O{A1A5wj%W@>Jv&hdc6*!THe<#9?#y8@<dt^~FLzMl_w<@Q)XFk;
zq=St&OD;5!UH^&kF10!N<eSB<1qdq|dY}NIsj#paEomf#l%&3W|F8j4;)ZmBnMsmY
zXmav?_4n%zoL=Dgk9+0gF+mbI!kh2KjmA0JOCg<Ryq2Cjwi+I9zy?h*J()*Mx;V(f
z0;5BDX4Qb1ZL=jATS{ua>n2d#3>#y+jpEEc&UeTAL3{wOg_`tCkPL1RTwOy{*aI9Q
z5XW-C<WO`zP5J*cEAsDM;ep@{wD`$H$-OY_<`6U=<WX<4J^s0=7}8<6&m=&J+%Me^
zaq`N3ORieR(z%sKK*uvU*YKM9f{j?i2hKf%xECI7*_eAd;w&10W$6h!w1YrCtr~uF
zoT8o@H^99M3*AzCr84`>l4As~LRgT;$2`K@`~biF*bph@KWg9LHYTr2)vz}mR=xth
zVi?Qy_WuIh;e<k|=KcdrqQpdS9%0USA5){*bjM&NFt`Y%-SI?Gl&h0+v-o~tpf~H@
zW%L@~Qd&#gEhA{wAU-Dx6LqK-b>YW7q7AkN+N?&!S#O*9;By|TSyx@@){!!QUcOet
z&Q@24IR16pUjELmPeK#WXV?jho;A&p1y@WCrbE>iLZVp=sos;iOxzFIs(4s@LiUa}
zrjBuHT7=vLQFnZDy*`uY-~ZOxZ??grQzm!Np;`oa@?uxgY29U+k!;K%-|Jwyk`(lz
zGf;?6UlRNEoIlfBvQrtMY(@0!7xsTuJL|=GBvXSyUL2#V*3eK3`L0@z#z#;Q5e0u=
z_!79bX=rE}&0Q(&=rCkx(armR9FubaDz$@nz>Vm9(hujuO+aOR9wt>c@k#wxyQiN7
zBqAXKKkU)_pRH7%vC$jnQ7PS5OfoHjGP0j;_nHNk$PPgROvGjHN+T%rh^i{%zUhI<
zI|mYw&9Rlm`vlhL8=1k*XRu{JbZSMW2?N^7jW7JDlJgT$jPS4Cq*Vg7TA(D>RB36b
zmD~hZtlUDSvZ=Q&scq#tKV0&ABG=ge@Y+r0b({r5jG|~X;8psWlSC2JY}mpstsgx5
zhk;+H+3aiP#=TB?G3%bh#BcRc%>~o|s}5h!hEJ2PA2FoQtReVG7g+FpTqwsuehKnd
zQ_AzHwStD0S5#VWm+<sCMj7xF+13+P8jO<P$a;m?4#A8G9DK@B-)3FmVSK&8l!`BV
zRU^>CL#1t##A(u(YVHdk;}`LAUo|6oepDu-U&7&#rq^U^sFKSR77_^eYh==JMHSp{
z&k5iJDyb;v5l@5ulcG&wr^WU!r%}0Uj49Ez3B|ySMR9&)aA&nb=`QZbdm_#ge=TQ>
zj@&~MDdgy+`xrgp&zoqzlUPPs{nH?tf|HFo{vLz2Y7*JbgntkcH#XHYd&L@#K2n3*
zmJ$q_GKRIQmNv<u4I2j;nXjyw8XnT>0IoVCh0+z)wZjMx=yj*#c?gk?sky+{6_|3&
zcT*dq*Tpo-Oyp#qVVDXvF0Av&x5SjI37~anbR%g$mPOt7cJxYcQtM=;MDvv$;YCR<
zgun~X%g|82BcDg;9}aHrY4Rc&a{S)~+CO*|;#o1SwWg57F?%N<7?#IHeZB18Rtz@X
zd=(nK_C54A$9|RVJ5R%;4VIKKQfY&udw?f%0ceW$0pkp37R>wnq>7sB3Iw7@GDoX9
zZ*-~@D-Y@s1F3%8!puSVz0)B7aFC-3g;qe)G(H}1HNsA@FA}E0(3dx?hDw(_x+!I<
z{OCoj=wM1JXx<PqF|*lS<35Gt*3oFptEK8PZ3xtgkZ)9N;ZFL!QKq(eXSeH1Bn@pb
z{0Lz|X>9e2%}yd^=yP)8r~H|tiK=tOZwvMiXdo};u)1cgM2`?OpgB?z`+vAA!$G**
zigqI*7*wvfH>sn-Z(;gL`C}HT|Nk@@e2fbwf*n;z==V4El@@8_i~_NeNtY`9z-{oG
zA{L}-G49qen$lTK<VweV&pSHZV7N($TXpnIvIyB5Gi6MB%We0STNcfav;%{a*ex38
ztnC(k4;|mfi$8AYwK}KS#ItG4v7HJ$7*xK3)`)pd+(fx<wKr=kZ3>%ACvY7Ve=m&b
z{>dXz0m_p>wY&(%)9#Xs;)9gHbDB9s@2CZit?CJ&?4r4dHVpKvpp!^TGF6zRh)e4o
zom|o0Y6IArfxADl?gD*T*Dm_>xRrBVgEXOx`_|QUw?@`_zhY_IS8B@covEzfX7$E#
ze#s{&z<fHrwwKc)@L#tYu;bv2D&JWc|4^eW>9>c4VWBQ97lo=P&Wz8v*&9o>?K2{G
z?KBF4!W|`nHPL#j-Jm1MJM@>{bDo2Zs)Z)tO}ay$_i4aTYM<TW>s)ekmQnzamWb7x
zPCFnno_pDN6S&Q?&p*^21bH~X={TFVaFqfl@%~%VlQs%jr@T6Zy9kgMUbkUpGZqm|
zHau-pR&SW#4_-=V0ruYQglTLzkKUYjPYg~9%|eD$>ZFM;`|3MwKKE9pHU9+{d9|4b
zY${ES^yCu0>w1zU%+i=SKaF#sBByIs`7@O@Cobi*Md#}O6tC3Xal^%Vea2OTNTcsY
zouixqHjvFg*7}!i(-;$v)3CONnDm%rQ|qmm+=<#(+XrGu{0GquYLfv{q1SsGtF*OA
z$TNrEJzJ@d$_T1SgFC)<ee5-Y;_vFZ%h?s$Q)bk3LYwK(OE3{MTu$Tp6^p5az}U7L
zd7CXqOW}Ox68OBmOZeSX`pU^D`a3{;Xb`6Kich;j)1LM!GHgXeEyVA~FCaF+lpF7A
znd^6w?97sOzOSeY2eQ5b6dG%^s2r8}_~IrW-~(lMla<0J)2<1e=$EDwbv}J{Oo(j0
z0jyH^g7t+LsGUsapUGd!PsDp~3O6v8lCNpsDD+tbZvJWKi?o}VPe~(`{>UDXa8V~c
zE}CKoTH6Od5*b(SjQE6BkVV|~xfGlop`QDWZKPg=KF2tsn*<uqA~IbTat`hu-H9Wz
z|MkJb<Ed1GSY~y8IlQP?8x4esg-)>xr`j2oD0lzaY5z}A8(MK~W~9ha2K<y-(m2LH
z7*sC>2C}T6^7um~APUVPzC54m$+6a^VHDnlG1e5Q&@UvX!-*r1<2c_qz9^VvKMKDM
z+k-&ppVW3n789^Eyf<%rXD<X$+f;nbmdDnl7wBxR+uc&m+Yf`7r-2BiwbLp7laztS
zI?)IAQq+Qs>w#7-nCwR<5U~A_(;c6)&TrJ%?;G$?4RyV73sOnO?iLXDt9OtXL%-z8
zdjj_Cxu~t*rj$eG{l`OUs7-}^HcJAl!e{w-iP{z~1ojG-rH0sa_uAF))<@+v%6jk)
zsP-6uUN)lN%TykN%jQ1q7x(CS2jUn4Kmv)<&Z^)Hx24G&{eJvs6ZGLeTcwHJ?A05S
zKD~|o3fJnP!JJZd1#=;A!Ein`K8~8B<%PV5>A{0Ob>S0Kf^A9-M3xra8zPVxsLdbf
z1Q}jc*x_i5mZx&IGp2`2`yfmVhJdZa(k?v7(DerGgzqLXE83lOHey=VETBs`@anlk
z?GFIuss@i)hqu_6AwWND{*&V-iu!2~NreWec-(-`OfPgU)Mrhve_p)Vd(5NfuhVGZ
zj=jGF!Xg@cu)D66crlMMB27=VURi@1e=QhK;5xef<P9C$>zq$o2HUk+R~5D}v+N@~
z5>>W7&2R8Wj7ZYig<9>YrxyD5ny=IXIY(SpGk4NTb^anUl;-4ja7lu?5`4Y2Xyc(c
zgchMLYN(y5xc6)PR8<qxuUz$i_Za?CcpG@WulHe{J1HT~nCbiDdlho`=lH7VgV?vB
z!vH>Rx3q99mfzHkq>O*ZVWyBkoL|r}m=_Jt$_ix?20jaOvWddi5eGS)-N+;C*32VM
z4F-ipqc;s_0IRxa`~PGMQ6@D>7{YQ~T1`szx*>N&-vMoFy3v;=KCWyEa4USlksySc
z;vh~!8tq?)rV;UNI#E!dM3E>&==A_9{7v3>(i<DLhkmprOX_OiABYz?r)JzkO1^jX
z8Vc$n1rtOs3OqN|3O!<v&o`EnYzM%27pp12*$KX#zie#qbWv0UzFU69w3-er6fwMQ
zkWp73Ai>^`7<g(dGF@z}%6lGy9n%I>3el%%&cd-C^*|K<UL}I&{NP%!T>2f=D_X3;
z*8a^>;OG<=5sa8ax8a~CEr*g+m%aTm+L*1WC(5~!wG=<Xr`-Y_v{U746dv^u|BF4K
zjNL!{$%V*z?8OI#HQ|LIIjPoca|MjS#j^lYyJ5S<iX>+6?ztI>Lk_t)IIZ4r&y=2f
zi1uX#`SFy==-m9-8~EYf)AA4Ti32O^Ug2(a&Cxl5wfs4zDPIV*OkX<bk4E6YaV^D~
zo8TVpoZ^oIOz+`56X5}LV}&Slfm30gL9shi6O4dto|s|U(+Q9<;b3*p_Q}@<d1L+B
z4|eEB=>Th)IFOxnnM_bejHw$X1iKqnde%**#mq7->8Gl@@#zl6$B<4w`=Mo?Qzln0
znfFV{6`sE*ejM0`-JpC%K5D9h8F!A!%U?H>7XZ!9vB-vGw4_%LeXDSb*|0-LVsj0&
z;10Ddf4i?P6;wAapQD@x$mObgyb)zg0U7YH@=1&<;N{S|c-GoCQHgJW&h0JjFIN+m
z3rk1QakG*y6vsgn*<JD-qV9I{0r2f`<^uY5oY7|?>pqB8lW{*HE0H^6Jx8dqdgg=E
zj8?3Z<zlhLSZ<7~h=VILV8<TqY>G7LyR*v@tUQKM;whv%$uk!@YjNjIzR1Otlf)A!
ztS6n>$M5YU6i`|Kc(2l$3CshS0Yl4P@kCTTo&F#C{e$(axp=D0*w6rE5AIK(*=K9K
zvZ=3p8xx>GEm+L@YOXcRDh9XBpI(I#&bnD<6sG#&ZgrLkq%Ir&P266;<hOQ+Emovj
zzr>O9AN$Rsjf3sBN3CZ$S80}#4-S1m37O~92Q@gPEvKf-8|K>?x|c@y)uTEnNX<M$
zO`(C{CcGg2YEYy(M^1*p`qA~eZ4N-HGTq3lHh8sP()I)~Z@5XI^})b<;Hx>rL~02n
zL+3+8-I^70BD%v!Q7Eo0kQ72R4z+u(^^bF@k3s9kTJ^nks>b?mf*xio=+C|wI0Pkk
z=dPh*p$x^m+T`F~$e&X_dK1;S5o$uX0Hm5Iq;?lXQxfg?0M)aX{ZmwaPRUw!AJf+O
zsl>FXMM@qsXw$-Ob<@qB(#YZ&SCs(R5BRycm1yK*CkRAMMyWP4voMOZ-W}443scAs
z<Q$RX*wh-Uz;)6tI~mFuJSWX2Z%y_(=yUgN`%_fi07t7UbIS&g0ZmYblwyq>4?8=U
z_tt5mi<N_pwbYKF&CeAjVqXH>)!CpajN}LTZwo>e<7DKXy1~DA($N-(&do%{)T&w2
zQBPTyNhB0C!f&}cs0$g~g$wdYEp8vk>n_8Rs#1|{;auloxz3n*o6^`?!4oCfVfRwd
z8q<p2+MkC=o%)AYqX@Z~ZC5ah4^;n|sNadgw8(<&TV{6Q&ce~WB8-7WN91%S3>7o$
zIQW+aK5$R?z8j&@5v$%H(Sy6WxMPg|kYH^4_pB(*polyZlftwvv*i#NcHKP|Mq)|t
zL=X7wYm9OqGTsRb$$c|a42~H=^}U7bh1+{#-ytm`p>n)K+~U-3P}v=tdp^4L&Ruy0
z{UtUfv*E?a1fiSIuhOB)ABbJ~Nxmj0ezZZ*=L!-L0F?7`fGmH2KQOw|{IKufcf(7A
o!YaI#pudoJ*$a>}wGZW}u+e<T=4fJKc##vE`r?FBU%B^+co^5uS^xk5