From cc574f8aedb65b98c03726b5407ad195147ecbfc Mon Sep 17 00:00:00 2001 From: traveler Date: Sun, 12 Apr 2026 09:53:51 -0500 Subject: [PATCH] New Grimoire --- Green-Grimoire/Library/Stash-Management.md | 453 ++ Green-Grimoire/Overview.md | 58 + Green-Grimoire/Scripts/VHS-Restoration.md | 531 +++ Gremlin-Grimoire/Overview.md | 72 + Gremlin-Grimoire/Runbooks/Deploy.md | 73 + Gremlin-Grimoire/Runbooks/Model-Management.md | 41 + Gremlin-Grimoire/Runbooks/Troubleshooting.md | 64 + Gremlin-Grimoire/Stack/Agent-Docs.md | 503 +++ Gremlin-Grimoire/Stack/Build-Config.md | 383 ++ Gremlin-Grimoire/Stack/User-Guide.md | 194 + Gremlin-Grimoire/Workflows/Forgejo-Audit.md | 105 + Gremlin-Grimoire/Workflows/Kuma-Triage.md | 63 + Keystone-Grimoire/Docker/Caddy.md | 522 +++ Keystone-Grimoire/Docker/Swarm-Template.md | 144 + Keystone-Grimoire/Hosts/Host-Inventory.md | 59 + Keystone-Grimoire/Mail/Domain-Setup.md | 401 ++ Keystone-Grimoire/Mail/Hardening.md | 391 ++ Keystone-Grimoire/Mail/Install.md | 490 +++ Keystone-Grimoire/Mail/MXRoute-Integration.md | 430 ++ Keystone-Grimoire/Mail/MailCow-Overview.md | 85 + Keystone-Grimoire/Network/Port-Assignments.md | 60 + Keystone-Grimoire/Network/Topology.md | 49 + Keystone-Grimoire/Overview.md | 36 + Netgrimoire/Audits/Calibre-web-2026-04-03.md | 26 + Netgrimoire/Audits/JellySeer-2026-04-03.md | 47 + Netgrimoire/Audits/JellyStat-2026-04-03.md | 50 + Netgrimoire/Audits/README.md | 31 + Netgrimoire/Audits/SQL-mgmt-2026-04-03.md | 107 + Netgrimoire/Audits/authelia-2026-04-03.md | 47 + Netgrimoire/Audits/authentik-2026-04-03.md | 48 + Netgrimoire/Audits/bazarr-2026-04-03.md | 44 + Netgrimoire/Audits/beets-2026-04-03.md | 50 + Netgrimoire/Audits/beszel-2026-04-03.md | 44 + .../Audits/beszel_agents-2026-04-03.md | 46 + Netgrimoire/Audits/caddy-1-2026-04-03.md | 29 + Netgrimoire/Audits/caddy-2026-04-03.md | 47 + Netgrimoire/Audits/cloudcmd-2026-04-03.md | 52 + Netgrimoire/Audits/comixed-2026-04-03.md | 48 + Netgrimoire/Audits/commander-2026-04-03.md | 47 + Netgrimoire/Audits/configarr-2026-04-03.md | 54 + Netgrimoire/Audits/dailytxt-2026-04-03.md | 26 + Netgrimoire/Audits/database-2026-04-03.md | 52 + Netgrimoire/Audits/diun-2026-04-03.md | 42 + Netgrimoire/Audits/dockpeek-2026-04-03.md | 53 + Netgrimoire/Audits/dozzle-2026-04-03.md | 47 + Netgrimoire/Audits/dumbterm-2026-04-03.md | 52 + Netgrimoire/Audits/dupecheck-2026-04-03.md | 40 + Netgrimoire/Audits/filebrowser-2026-04-03.md | 52 + Netgrimoire/Audits/firefox-2026-04-03.md | 49 + Netgrimoire/Audits/forgejo-2026-04-03.md | 53 + Netgrimoire/Audits/freshrss-2026-04-03.md | 46 + Netgrimoire/Audits/gitrunner-2026-04-03.md | 40 + Netgrimoire/Audits/glance-2026-04-03.md | 42 + .../Audits/gremlin-stack-2026-04-03.md | 41 + Netgrimoire/Audits/homepage-2026-04-03.md | 44 + Netgrimoire/Audits/hydra-2026-04-03.md | 47 + Netgrimoire/Audits/joplin-2026-04-03.md | 50 + Netgrimoire/Audits/journiv-2026-04-03.md | 27 + Netgrimoire/Audits/kavita-2026-04-03.md | 52 + Netgrimoire/Audits/kopia-2026-04-03.md | 46 + Netgrimoire/Audits/kuma-2026-04-03.md | 44 + Netgrimoire/Audits/library-2026-04-03.md | 64 + Netgrimoire/Audits/linkding-2026-04-03.md | 50 + Netgrimoire/Audits/lldap-2026-04-03.md | 43 + Netgrimoire/Audits/logging-2026-04-03.md | 40 + Netgrimoire/Audits/mealie-2026-04-03.md | 47 + Netgrimoire/Audits/ntfy-2026-04-03.md | 41 + Netgrimoire/Audits/nzbget-2026-04-03.md | 47 + Netgrimoire/Audits/ollama-2026-04-03.md | 53 + Netgrimoire/Audits/phpipam-2026-04-03.md | 57 + Netgrimoire/Audits/pinchflat-2026-04-03.md | 54 + .../portainer-agent-stack-2026-04-03.md | 67 + Netgrimoire/Audits/profilarr-2026-04-03.md | 44 + Netgrimoire/Audits/radarr-2026-04-03.md | 27 + Netgrimoire/Audits/readarr-2026-04-03.md | 50 + Netgrimoire/Audits/recyclarr-2026-04-03.md | 31 + Netgrimoire/Audits/roundcube-2026-04-03.md | 47 + Netgrimoire/Audits/sabnzbd-2026-04-03.md | 48 + Netgrimoire/Audits/scanopy-2026-04-03.md | 50 + Netgrimoire/Audits/sonarr-2026-04-03.md | 47 + Netgrimoire/Audits/termix-2026-04-03.md | 46 + Netgrimoire/Audits/tmm-2026-04-03.md | 52 + Netgrimoire/Audits/tunarr-2026-04-03.md | 30 + Netgrimoire/Audits/vault-2026-04-03.md | 62 + Netgrimoire/Audits/vaultwarden-2026-04-03.md | 45 + Netgrimoire/Audits/vikunja-2026-04-03.md | 44 + Netgrimoire/Audits/vscode-2026-04-03.md | 27 + Netgrimoire/Audits/wallo-2026-04-03.md | 54 + Netgrimoire/Audits/web-2026-04-03.md | 45 + Netgrimoire/Audits/whisparr-2026-04-03.md | 42 + Netgrimoire/Audits/wiki-2026-04-03.md | 76 + Netgrimoire/Conventions/Doc-Standards.md | 276 ++ .../Conventions/Service-Doc-Template.md | 122 + Netgrimoire/Conventions/Theme.md | 174 + Netgrimoire/Overview.md | 63 + Netgrimoire/Service-Catalog.md | 356 ++ Netgrimoire/Services/Media-Services.md | 72 + PNC-Fish/IT/Overview.md | 28 + PNC-Fish/Marketing/Overview.md | 13 + PNC-Fish/Operations/Overview.md | 13 + PNC-Fish/Overview.md | 42 + PNC-Harris/Overview.md | 49 + PNC-Harris/Services/Actual-Budget.md | 53 + PNC-Harris/Services/Immich-Migration.md | 128 + Pocket-Grimoire/Hardware/Inventory.md | 45 + .../Hardware/ONN-Media-Streamer.md | 863 ++++ Pocket-Grimoire/Overview.md | 64 + Pocket-Grimoire/Software/Stack.md | 39 + Pocket-Grimoire/Software/Stash-Integration.md | 1927 +++++++++ Pocket-Grimoire/Sync/Deployment-Guide.md | 3703 +++++++++++++++++ Pocket-Grimoire/Sync/Pre-Travel-Sync.md | 50 + README.md | 47 + Shadow-Grimoire/Arr/Bazarr.md | 125 + Shadow-Grimoire/Arr/Radarr.md | 119 + Shadow-Grimoire/Arr/Sonarr.md | 127 + Shadow-Grimoire/Downloaders/SABnzbd.md | 98 + Shadow-Grimoire/Overview.md | 83 + Vault-Grimoire/Backups/Immich-Backup.md | 841 ++++ Vault-Grimoire/Backups/MailCow-Backup.md | 879 ++++ Vault-Grimoire/Backups/Nextcloud-Backup.md | 1151 +++++ Vault-Grimoire/Backups/Services-Backup.md | 19 + Vault-Grimoire/Backups/Wiki-Backup.md | 567 +++ Vault-Grimoire/Kopia/Kopia-Overview.md | 940 +++++ Vault-Grimoire/Kopia/Kopia-Service.md | 113 + Vault-Grimoire/Offsite/Vault-Architecture.md | 44 + Vault-Grimoire/Overview.md | 60 + Vault-Grimoire/ZFS/NFS-Exports.md | 393 ++ Vault-Grimoire/ZFS/Storage-Layout.md | 239 ++ Vault-Grimoire/ZFS/ZFS-Commands.md | 168 + Ward-Grimoire/Access/Auth-Overview.md | 39 + Ward-Grimoire/Access/LDAP-Client-Setup.md | 218 + Ward-Grimoire/Firewall/Blocklists.md | 239 ++ Ward-Grimoire/Firewall/OPNsense-Git-Backup.md | 182 + Ward-Grimoire/Firewall/OPNsense.md | 508 +++ Ward-Grimoire/Firewall/Suricata-IDS.md | 212 + Ward-Grimoire/Firewall/Zenarmor.md | 159 + Ward-Grimoire/Notifications/Alert-Routing.md | 31 + .../Notifications/OPNsense-Alerts.md | 463 +++ Ward-Grimoire/Notifications/ntfy.md | 122 + Ward-Grimoire/Overview.md | 54 + Watch-Grimoire/Dashboards/Homepage.md | 90 + Watch-Grimoire/Logging/Dozzle.md | 118 + Watch-Grimoire/Monitoring/DIUN.md | 129 + .../Monitoring/Monitoring-Config.md | 143 + Watch-Grimoire/Monitoring/Services.md | 216 + Watch-Grimoire/Monitoring/Uptime-Kuma.md | 115 + Watch-Grimoire/Overview.md | 53 + Work/C9300GX-Port_Breakout.md | 77 + Work/C9300GX_2_Build.md | 797 ++++ Work/Cisco/NTP_ESS9300.md | 899 ++++ Work/Cisco/Nexus_NTP.md | 518 +++ Work/Ducky/ess9300_upgrade.md | 289 ++ Work/Ducky/ess_3300.md | 248 ++ Work/Nexus-upgrade.md | 165 + Work/Nexus_1_Build.md | 715 ++++ Work/Overview.md | 38 + home.md | 91 + 157 files changed, 29420 insertions(+) create mode 100644 Green-Grimoire/Library/Stash-Management.md create mode 100644 Green-Grimoire/Overview.md create mode 100644 Green-Grimoire/Scripts/VHS-Restoration.md create mode 100644 Gremlin-Grimoire/Overview.md create mode 100644 Gremlin-Grimoire/Runbooks/Deploy.md create mode 100644 Gremlin-Grimoire/Runbooks/Model-Management.md create mode 100644 Gremlin-Grimoire/Runbooks/Troubleshooting.md create mode 100644 Gremlin-Grimoire/Stack/Agent-Docs.md create mode 100644 Gremlin-Grimoire/Stack/Build-Config.md create mode 100644 Gremlin-Grimoire/Stack/User-Guide.md create mode 100644 Gremlin-Grimoire/Workflows/Forgejo-Audit.md create mode 100644 Gremlin-Grimoire/Workflows/Kuma-Triage.md create mode 100644 Keystone-Grimoire/Docker/Caddy.md create mode 100644 Keystone-Grimoire/Docker/Swarm-Template.md create mode 100644 Keystone-Grimoire/Hosts/Host-Inventory.md create mode 100644 Keystone-Grimoire/Mail/Domain-Setup.md create mode 100644 Keystone-Grimoire/Mail/Hardening.md create mode 100644 Keystone-Grimoire/Mail/Install.md create mode 100644 Keystone-Grimoire/Mail/MXRoute-Integration.md create mode 100644 Keystone-Grimoire/Mail/MailCow-Overview.md create mode 100644 Keystone-Grimoire/Network/Port-Assignments.md create mode 100644 Keystone-Grimoire/Network/Topology.md create mode 100644 Keystone-Grimoire/Overview.md create mode 100644 Netgrimoire/Audits/Calibre-web-2026-04-03.md create mode 100644 Netgrimoire/Audits/JellySeer-2026-04-03.md create mode 100644 Netgrimoire/Audits/JellyStat-2026-04-03.md create mode 100644 Netgrimoire/Audits/README.md create mode 100644 Netgrimoire/Audits/SQL-mgmt-2026-04-03.md create mode 100644 Netgrimoire/Audits/authelia-2026-04-03.md create mode 100644 Netgrimoire/Audits/authentik-2026-04-03.md create mode 100644 Netgrimoire/Audits/bazarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/beets-2026-04-03.md create mode 100644 Netgrimoire/Audits/beszel-2026-04-03.md create mode 100644 Netgrimoire/Audits/beszel_agents-2026-04-03.md create mode 100644 Netgrimoire/Audits/caddy-1-2026-04-03.md create mode 100644 Netgrimoire/Audits/caddy-2026-04-03.md create mode 100644 Netgrimoire/Audits/cloudcmd-2026-04-03.md create mode 100644 Netgrimoire/Audits/comixed-2026-04-03.md create mode 100644 Netgrimoire/Audits/commander-2026-04-03.md create mode 100644 Netgrimoire/Audits/configarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/dailytxt-2026-04-03.md create mode 100644 Netgrimoire/Audits/database-2026-04-03.md create mode 100644 Netgrimoire/Audits/diun-2026-04-03.md create mode 100644 Netgrimoire/Audits/dockpeek-2026-04-03.md create mode 100644 Netgrimoire/Audits/dozzle-2026-04-03.md create mode 100644 Netgrimoire/Audits/dumbterm-2026-04-03.md create mode 100644 Netgrimoire/Audits/dupecheck-2026-04-03.md create mode 100644 Netgrimoire/Audits/filebrowser-2026-04-03.md create mode 100644 Netgrimoire/Audits/firefox-2026-04-03.md create mode 100644 Netgrimoire/Audits/forgejo-2026-04-03.md create mode 100644 Netgrimoire/Audits/freshrss-2026-04-03.md create mode 100644 Netgrimoire/Audits/gitrunner-2026-04-03.md create mode 100644 Netgrimoire/Audits/glance-2026-04-03.md create mode 100644 Netgrimoire/Audits/gremlin-stack-2026-04-03.md create mode 100644 Netgrimoire/Audits/homepage-2026-04-03.md create mode 100644 Netgrimoire/Audits/hydra-2026-04-03.md create mode 100644 Netgrimoire/Audits/joplin-2026-04-03.md create mode 100644 Netgrimoire/Audits/journiv-2026-04-03.md create mode 100644 Netgrimoire/Audits/kavita-2026-04-03.md create mode 100644 Netgrimoire/Audits/kopia-2026-04-03.md create mode 100644 Netgrimoire/Audits/kuma-2026-04-03.md create mode 100644 Netgrimoire/Audits/library-2026-04-03.md create mode 100644 Netgrimoire/Audits/linkding-2026-04-03.md create mode 100644 Netgrimoire/Audits/lldap-2026-04-03.md create mode 100644 Netgrimoire/Audits/logging-2026-04-03.md create mode 100644 Netgrimoire/Audits/mealie-2026-04-03.md create mode 100644 Netgrimoire/Audits/ntfy-2026-04-03.md create mode 100644 Netgrimoire/Audits/nzbget-2026-04-03.md create mode 100644 Netgrimoire/Audits/ollama-2026-04-03.md create mode 100644 Netgrimoire/Audits/phpipam-2026-04-03.md create mode 100644 Netgrimoire/Audits/pinchflat-2026-04-03.md create mode 100644 Netgrimoire/Audits/portainer-agent-stack-2026-04-03.md create mode 100644 Netgrimoire/Audits/profilarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/radarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/readarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/recyclarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/roundcube-2026-04-03.md create mode 100644 Netgrimoire/Audits/sabnzbd-2026-04-03.md create mode 100644 Netgrimoire/Audits/scanopy-2026-04-03.md create mode 100644 Netgrimoire/Audits/sonarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/termix-2026-04-03.md create mode 100644 Netgrimoire/Audits/tmm-2026-04-03.md create mode 100644 Netgrimoire/Audits/tunarr-2026-04-03.md create mode 100644 Netgrimoire/Audits/vault-2026-04-03.md create mode 100644 Netgrimoire/Audits/vaultwarden-2026-04-03.md create mode 100644 Netgrimoire/Audits/vikunja-2026-04-03.md create mode 100644 Netgrimoire/Audits/vscode-2026-04-03.md create mode 100644 Netgrimoire/Audits/wallo-2026-04-03.md create mode 100644 Netgrimoire/Audits/web-2026-04-03.md create mode 100644 Netgrimoire/Audits/whisparr-2026-04-03.md create mode 100644 Netgrimoire/Audits/wiki-2026-04-03.md create mode 100644 Netgrimoire/Conventions/Doc-Standards.md create mode 100644 Netgrimoire/Conventions/Service-Doc-Template.md create mode 100644 Netgrimoire/Conventions/Theme.md create mode 100644 Netgrimoire/Overview.md create mode 100644 Netgrimoire/Service-Catalog.md create mode 100644 Netgrimoire/Services/Media-Services.md create mode 100644 PNC-Fish/IT/Overview.md create mode 100644 PNC-Fish/Marketing/Overview.md create mode 100644 PNC-Fish/Operations/Overview.md create mode 100644 PNC-Fish/Overview.md create mode 100644 PNC-Harris/Overview.md create mode 100644 PNC-Harris/Services/Actual-Budget.md create mode 100644 PNC-Harris/Services/Immich-Migration.md create mode 100644 Pocket-Grimoire/Hardware/Inventory.md create mode 100644 Pocket-Grimoire/Hardware/ONN-Media-Streamer.md create mode 100644 Pocket-Grimoire/Overview.md create mode 100644 Pocket-Grimoire/Software/Stack.md create mode 100644 Pocket-Grimoire/Software/Stash-Integration.md create mode 100644 Pocket-Grimoire/Sync/Deployment-Guide.md create mode 100644 Pocket-Grimoire/Sync/Pre-Travel-Sync.md create mode 100644 README.md create mode 100644 Shadow-Grimoire/Arr/Bazarr.md create mode 100644 Shadow-Grimoire/Arr/Radarr.md create mode 100644 Shadow-Grimoire/Arr/Sonarr.md create mode 100644 Shadow-Grimoire/Downloaders/SABnzbd.md create mode 100644 Shadow-Grimoire/Overview.md create mode 100644 Vault-Grimoire/Backups/Immich-Backup.md create mode 100644 Vault-Grimoire/Backups/MailCow-Backup.md create mode 100644 Vault-Grimoire/Backups/Nextcloud-Backup.md create mode 100644 Vault-Grimoire/Backups/Services-Backup.md create mode 100644 Vault-Grimoire/Backups/Wiki-Backup.md create mode 100644 Vault-Grimoire/Kopia/Kopia-Overview.md create mode 100644 Vault-Grimoire/Kopia/Kopia-Service.md create mode 100644 Vault-Grimoire/Offsite/Vault-Architecture.md create mode 100644 Vault-Grimoire/Overview.md create mode 100644 Vault-Grimoire/ZFS/NFS-Exports.md create mode 100644 Vault-Grimoire/ZFS/Storage-Layout.md create mode 100644 Vault-Grimoire/ZFS/ZFS-Commands.md create mode 100644 Ward-Grimoire/Access/Auth-Overview.md create mode 100644 Ward-Grimoire/Access/LDAP-Client-Setup.md create mode 100644 Ward-Grimoire/Firewall/Blocklists.md create mode 100644 Ward-Grimoire/Firewall/OPNsense-Git-Backup.md create mode 100644 Ward-Grimoire/Firewall/OPNsense.md create mode 100644 Ward-Grimoire/Firewall/Suricata-IDS.md create mode 100644 Ward-Grimoire/Firewall/Zenarmor.md create mode 100644 Ward-Grimoire/Notifications/Alert-Routing.md create mode 100644 Ward-Grimoire/Notifications/OPNsense-Alerts.md create mode 100644 Ward-Grimoire/Notifications/ntfy.md create mode 100644 Ward-Grimoire/Overview.md create mode 100644 Watch-Grimoire/Dashboards/Homepage.md create mode 100644 Watch-Grimoire/Logging/Dozzle.md create mode 100644 Watch-Grimoire/Monitoring/DIUN.md create mode 100644 Watch-Grimoire/Monitoring/Monitoring-Config.md create mode 100644 Watch-Grimoire/Monitoring/Services.md create mode 100644 Watch-Grimoire/Monitoring/Uptime-Kuma.md create mode 100644 Watch-Grimoire/Overview.md create mode 100644 Work/C9300GX-Port_Breakout.md create mode 100644 Work/C9300GX_2_Build.md create mode 100644 Work/Cisco/NTP_ESS9300.md create mode 100644 Work/Cisco/Nexus_NTP.md create mode 100644 Work/Ducky/ess9300_upgrade.md create mode 100644 Work/Ducky/ess_3300.md create mode 100644 Work/Nexus-upgrade.md create mode 100644 Work/Nexus_1_Build.md create mode 100644 Work/Overview.md create mode 100644 home.md diff --git a/Green-Grimoire/Library/Stash-Management.md b/Green-Grimoire/Library/Stash-Management.md new file mode 100644 index 0000000..befe7b4 --- /dev/null +++ b/Green-Grimoire/Library/Stash-Management.md @@ -0,0 +1,453 @@ +--- +title: Stashapp Workflow +description: +published: true +date: 2026-02-20T04:25:56.467Z +tags: +editor: markdown +dateCreated: 2026-02-18T13:08:53.604Z +--- + +# StashApp: Automated Library Management with Community Scrapers + +> **Goal:** Automatically identify, tag, rename, and organize your media library with minimal manual intervention using StashDB, ThePornDB, and the CommunityScrapers repository. + +--- + +## Table of Contents + +1. [Prerequisites](#1-prerequisites) +2. [Installing CommunityScrapers](#2-installing-community-scrapers) +3. [Configuring Metadata Providers](#3-configuring-metadata-providers) + - [StashDB](#31-stashdb) + - [ThePornDB (TPDB)](#32-theporndbtpdb) +4. [Configuring Your Library](#4-configuring-your-library) +5. [Automated File Naming & Moving](#5-automated-file-naming--moving) +6. [The Core Workflow](#6-the-core-workflow) +7. [Handling ABMEA & Amateur Content](#7-handling-abmea--amateur-content) +8. [Automation with Scheduled Tasks](#8-automation-with-scheduled-tasks) +9. [Tips & Troubleshooting](#9-tips--troubleshooting) + +--- + +## 1. Prerequisites + +Before starting, make sure you have: + +- **StashApp installed and running** — see the [official install docs](https://github.com/stashapp/stash/wiki/Installation) +- **Git installed** on your system (needed to clone the scrapers repo) +- **A ThePornDB account** — free tier available at [metadataapi.net](https://metadataapi.net) +- **A StashDB account** — requires a community invite; request one on [the Discord](https://discord.gg/2TsNFKt) +- Your Stash config directory noted — default locations: + +| OS | Default Path | +|----|-------------| +| Windows | `%APPDATA%\stash` | +| macOS | `~/.stash` | +| Linux | `~/.stash` | +| Docker | `/root/.stash` | + +--- + +## 2. Installing CommunityScrapers + +The [CommunityScrapers](https://github.com/stashapp/CommunityScrapers) repository contains scrapers for hundreds of sites maintained by the Stash community. This is the primary source for site-specific scrapers including ABMEA. + +### Step 1 — Navigate to your Stash config directory + +```bash +cd ~/.stash +``` + +### Step 2 — Create a scrapers directory if it doesn't exist + +```bash +mkdir -p scrapers +cd scrapers +``` + +### Step 3 — Clone the CommunityScrapers repository + +```bash +git clone https://github.com/stashapp/CommunityScrapers.git +``` + +This creates `~/.stash/scrapers/CommunityScrapers/` containing all available scrapers. + +### Step 4 — Verify Stash detects the scrapers + +1. Open Stash in your browser (default: `http://localhost:9999`) +2. Go to **Settings → Metadata Providers → Scrapers** +3. Click **Reload Scrapers** +4. You should now see a long list of scrapers including entries for ABMEA, ManyVids, Clips4Sale, etc. + +### Step 5 — Keep scrapers updated + +Since community scrapers are actively maintained, set up a periodic update: + +```bash +cd ~/.stash/scrapers/CommunityScrapers +git pull +``` + +> 💡 **Tip:** You can automate this with a cron job or scheduled task. See [Section 8](#8-automation-with-scheduled-tasks). + +### Installing Python Dependencies (if prompted) + +Some scrapers require Python packages. If you see scraper errors mentioning missing modules: + +```bash +pip install requests cloudscraper py-cord lxml +``` + +--- + +## 3. Configuring Metadata Providers + +Stash uses **metadata providers** to automatically match scenes by fingerprint (phash/oshash). This is what enables true automation — no filename matching required. + +### 3.1 StashDB + +StashDB is the official community-run fingerprint and metadata database. It is the most reliable source for mainstream and studio content. + +1. Go to **Settings → Metadata Providers** +2. Under **Stash-Box Endpoints**, click **Add** +3. Fill in: + - **Name:** `StashDB` + - **Endpoint:** `https://stashdb.org/graphql` + - **API Key:** *(generate this from your StashDB account → API Keys)* +4. Click **Confirm** + +### 3.2 ThePornDB (TPDB) + +TPDB aggregates metadata from a large number of sites and is especially useful for amateur, clip site, and ABMEA content that may not be on StashDB. + +1. Log in at [metadataapi.net](https://metadataapi.net) and go to your **API Settings** to get your key +2. In Stash, go to **Settings → Metadata Providers** +3. Under **Stash-Box Endpoints**, click **Add** +4. Fill in: + - **Name:** `ThePornDB` + - **Endpoint:** `https://theporndb.net/graphql` + - **API Key:** *(your TPDB API key)* +5. Click **Confirm** + +### Provider Priority Order + +Set your identify task to query providers in this order for best results: + +1. **StashDB** — highest quality, community-verified +2. **ThePornDB** — broad coverage including amateur/clip sites +3. **CommunityScrapers** (site-specific) — for anything not matched above + +--- + +## 4. Configuring Your Library + +### Adding Library Paths + +1. Go to **Settings → Library** +2. Under **Directories**, click **Add** and point to your media folders +3. You can add multiple directories (e.g., separate drives or folders) + +> ⚠️ **Do not** set your organized output folder as a source directory. Keep source and destination separate until you are confident in your setup. + +### Recommended Directory Structure + +``` +/media/ +├── stash-incoming/ ← Source: where new files land +└── stash-library/ ← Destination: where Stash moves organized files + ├── Studios/ + │ └── ABMEA/ + └── Amateur/ +``` + +--- + +## 5. Automated File Naming & Moving + +This is the section that does the heavy lifting. Stash will rename and move files **only when a scene is marked as Organized**, which gives you a review gate before anything is touched. + +### Enable File Moving + +1. Go to **Settings → Library** +2. Enable **"Move files to organized folder on organize"** +3. Set your **Organized folder path** (e.g., `/media/stash-library`) + +### Configure the File Naming Template + +Still in **Settings → Library**, set your **Filename template**. These use Go template syntax with Stash variables. + +**Recommended template for mixed studio/amateur libraries:** + +``` +{studio}/{date} {title} +``` + +**For performer-centric amateur libraries:** + +``` +{performers}/{studio}/{date} {title} +``` + +**Full example with fallbacks:** + +``` +{{if .Studio}}{{.Studio.Name}}{{else}}Unknown{{end}}/{{if .Date}}{{.Date}}{{else}}0000-00-00{{end}} {{.Title}} +``` + +### Available Template Variables + +| Variable | Example Output | +|----------|---------------| +| `{title}` | `Scene Title Here` | +| `{date}` | `2024-03-15` | +| `{studio}` | `ABMEA` | +| `{performers}` | `Jane Doe` | +| `{resolution}` | `1080p` | +| `{duration}` | `00-32-15` | +| `{rating}` | `5` | + +> 💡 If a field is empty (e.g., no studio), Stash skips that path segment. Test with a few scenes before running on your whole library. + +--- + +## 6. The Core Workflow + +Follow these steps **in order** every time you add new content. This is the automated pipeline. + +``` +New Files → Scan → Generate Fingerprints → Identify → Review → Organize (Move + Rename) +``` + +### Step 1 — Scan + +**Tasks → Scan** + +- Discovers new files and adds them to the database +- Does not move or rename anything yet +- Options to enable: **Generate covers on scan** + +### Step 2 — Generate Fingerprints + +**Tasks → Generate** + +Select these options: + +| Option | Purpose | +|--------|---------| +| ✅ **Phashes** | Used for fingerprint matching against StashDB/TPDB | +| ✅ **Checksums (MD5/SHA256)** | Used for duplicate detection | +| ✅ **Previews** | Thumbnail previews in the UI | +| ✅ **Sprites** | Timeline scrubber images | + +> ⏳ This step is CPU/GPU intensive. Let it complete before proceeding. On a large library, this may take hours. + +### Step 3 — Identify (Auto-Scrape by Fingerprint) + +**Tasks → Identify** + +This is the magic step. Stash sends your file fingerprints to StashDB and TPDB and pulls back metadata automatically. + +Configure the task: +1. Click **Add Source** and add **StashDB** first +2. Click **Add Source** again and add **ThePornDB** +3. Under **Options**, enable: + - ✅ Set cover image + - ✅ Set performers + - ✅ Set studio + - ✅ Set tags + - ✅ Set date +4. Click **Identify** + +Stash will now automatically match and populate metadata for any scene it recognizes by fingerprint. + +### Step 4 — Auto Tag (Filename-Based Fallback) + +For scenes that didn't match by fingerprint (common with amateur content), use Auto Tag to extract metadata from filenames. + +**Tasks → Auto Tag** + +- Matches **Performers**, **Studios**, and **Tags** from filenames against your existing database entries +- Works best when filenames contain names (e.g., `JaneDoe_SceneTitle_1080p.mp4`) + +### Step 5 — Review Unmatched Scenes + +Filter to find scenes that still need attention: + +1. Go to **Scenes** +2. Filter by: **Organized = false** and **Studio = none** (or **Performers = none**) +3. Use the **Tagger view** (icon in top right of Scenes) for rapid URL-based scraping + +In Tagger view: +- Paste the original source URL into the scrape field +- Click **Scrape** — Stash fills in all metadata from that URL +- Review and click **Save** + +### Step 6 — Organize (Move & Rename) + +Once you're satisfied with a scene's metadata: + +1. Open the scene +2. Click the **Organize** button (checkmark icon), OR +3. Use **bulk organize**: select multiple scenes → Edit → Mark as Organized + +When a scene is marked Organized, Stash will: +- ✅ Rename the file according to your template +- ✅ Move it to your organized folder +- ✅ Update the database path + +> ⚠️ **This action cannot be easily undone at scale.** Always verify metadata on a small batch first. + +--- + +## 7. Handling ABMEA & Amateur Content + +ABMEA and amateur clips often lack fingerprint matches. Use these additional strategies: + +### ABMEA-Specific Scraper + +The CommunityScrapers repo includes an ABMEA scraper. To use it manually: + +1. Open a scene in Stash +2. Click **Edit → Scrape with → ABMEA** +3. If the scene URL is known, enter it; otherwise the scraper will search by title + +### Batch URL Scraping Workflow for ABMEA + +If you have many files sourced from ABMEA: + +1. Before ingesting files, **rename them to include the ABMEA scene ID** in the filename if possible (e.g., `ABMEA-0123_title.mp4`) +2. After scanning, go to **Tagger View** +3. Filter to unmatched scenes and paste ABMEA URLs one by one + +### Amateur Content Without a Source Site + +For truly anonymous amateur clips: + +1. Create a **Studio** entry called `Amateur` (or more specific names like `Amateur - Reddit`) +2. Create **Performer** entries for recurring people you can identify +3. Use **Auto Tag** to match these once entries exist +4. Use tags liberally to compensate for missing structured metadata: `amateur`, `homemade`, `POV`, etc. + +### Tag Hierarchy Recommendation + +Set up tag parents in **Settings → Tags** to create a browsable hierarchy: + +``` +Content Type +├── Amateur +├── Professional +└── Compilation + +Source +├── ABMEA +├── Clip Site +└── Unknown + +Quality +├── 4K +├── 1080p +└── SD +``` + +--- + +## 8. Automation with Scheduled Tasks + +Minimize manual steps by scheduling recurring tasks. + +### Setting Up Scheduled Tasks in Stash + +Go to **Settings → Tasks → Scheduled Tasks** and create: + +| Task | Schedule | Purpose | +|------|----------|---------| +| Scan | Every 6 hours | Pick up new files automatically | +| Generate (Phashes only) | Every 6 hours | Fingerprint new files | +| Identify | Daily at 2am | Match new fingerprinted files | +| Auto Tag | Daily at 3am | Filename-based fallback tagging | +| Clean | Weekly | Remove missing files from database | + +### Auto-Update CommunityScrapers (Linux/macOS) + +Add to your crontab (`crontab -e`): + +```bash +# Update CommunityScrapers every Sunday at midnight +0 0 * * 0 cd ~/.stash/scrapers/CommunityScrapers && git pull +``` + +### Auto-Update CommunityScrapers (Windows) + +Create a scheduled task in Task Scheduler running: + +```powershell +cd C:\Users\YourUser\.stash\scrapers\CommunityScrapers; git pull +``` + +--- + +## 9. Tips & Troubleshooting + +### Scraper not appearing in Stash + +- Go to **Settings → Metadata Providers → Scrapers** and click **Reload Scrapers** +- Check that the `.yml` scraper file is in a subdirectory of your scrapers folder +- Check Stash logs (**Settings → Logs**) for scraper loading errors + +### Identify finds no matches + +- Confirm phashes were generated (check scene details — phash should be populated) +- Confirm your StashDB/TPDB API keys are correctly entered and not expired +- The file may simply not be in either database — proceed to manual URL scraping + +### Files not moving after marking as Organized + +- Confirm **"Move files to organized folder"** is enabled in Settings → Library +- Confirm the organized folder path is set and the folder exists +- Check that Stash has write permissions to both source and destination + +### Duplicate files + +Run **Tasks → Clean → Find Duplicates** before organizing to avoid moving duplicates into your library. Stash uses phash to find visual duplicates even if filenames differ. + +### Metadata keeps getting overwritten + +In **Settings → Scraping**, set the **Scrape behavior** to `If not set` instead of `Always` to prevent already-populated fields from being overwritten during re-scrapes. + +### Useful Stash Plugins + +Install via **Settings → Plugins → Browse Available Plugins**: + +| Plugin | Purpose | +|--------|---------| +| **Performer Image Cleanup** | Remove duplicate performer images | +| **Tag Graph** | Visualize tag relationships | +| **Duplicate Finder** | Advanced duplicate management | +| **Stats** | Library analytics dashboard | + +--- + +## Quick Reference Checklist + +Use this checklist every time you add new content: + +``` +[ ] Drop files into stash-incoming directory +[ ] Tasks → Scan +[ ] Tasks → Generate → Phashes + Checksums +[ ] Tasks → Identify (StashDB → TPDB) +[ ] Tasks → Auto Tag +[ ] Review unmatched scenes in Tagger View +[ ] Manually scrape remaining unmatched scenes by URL +[ ] Spot-check metadata on a sample of scenes +[ ] Bulk select reviewed scenes → Mark as Organized +[ ] Verify a few files moved and renamed correctly +[ ] Done ✓ +``` + +--- + +*Last updated: February 2026 | Stash version compatibility: 0.25+* +*Community resources: [Stash Discord](https://discord.gg/2TsNFKt) | [GitHub](https://github.com/stashapp/stash) | [Wiki](https://github.com/stashapp/stash/wiki)* diff --git a/Green-Grimoire/Overview.md b/Green-Grimoire/Overview.md new file mode 100644 index 0000000..aef4eb9 --- /dev/null +++ b/Green-Grimoire/Overview.md @@ -0,0 +1,58 @@ +--- +title: Green Grimoire +description: Adult media stack — the satyr's private library +published: true +date: 2026-04-12T00:00:00.000Z +tags: green, adult, stash +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Green Grimoire + +![green-badge](/images/green-badge.png) + +The Green Grimoire is the self-hosted adult media stack. Separate host and domain from Netgrimoire. All services sit behind `*.wasted-bandwidth.net` and Authelia. Homepage tab: **Nucking-Futz**. + +Data lives at `/data/nfs/Baxter/Green/` with two libraries: Clips and Movies. + +--- + +## Services + +| Service | URL | Port | Purpose | Host | +|---------|-----|------|---------|------| +| Stash (main) | `stash.wasted-bandwidth.net` | 9999 | Primary adult content library | znas / Compose | +| GreenFin (Jellyfinx) | Internal | 7096 | Green Door media server | docker5 / Compose | +| Namer | `namer.wasted-bandwidth.net` | 6980 | Scene file namer | znas / Compose | +| Whisparr | — | — | Adult content acquisition | znas / Swarm | +| NZBGet | — | — | Downloader | znas / Swarm | +| PocketStash | Internal | 9998 | Stash instance for Pocket Grimoire sync | znas / Compose | + +--- + +## Data Structure + +``` +/data/nfs/Baxter/Green/ +├── Clips/ ← Clips library +├── Movies/ ← Movies library +└── Pocket/ ← Synced to Pocket Grimoire pre-travel +``` + +--- + +## Pocket Integration + +PocketStash (port 9998) is a separate Stash instance that maintains a curated subset for travel. Before a trip, `syncoid` pushes `vault/Green/Pocket` to the Pocket Grimoire laptop. The Pocket instance runs in read-only travel mode — no writes while traveling. + +See [Stash Integration](/Pocket-Grimoire/Software/Stash-Integration) in Pocket Grimoire docs. + +--- + +## Sections + +| | | +|---|---| +| [Stash Management](/Green-Grimoire/Library/Stash-Management) | Library config, scrapers, metadata workflow | +| [VHS Restoration](/Green-Grimoire/Scripts/VHS-Restoration) | Encoding, deinterlace, restoration scripts | diff --git a/Green-Grimoire/Scripts/VHS-Restoration.md b/Green-Grimoire/Scripts/VHS-Restoration.md new file mode 100644 index 0000000..6c41a4e --- /dev/null +++ b/Green-Grimoire/Scripts/VHS-Restoration.md @@ -0,0 +1,531 @@ +--- +title: Video Restoration Script +description: Restore VHS Video Captures +published: true +date: 2026-03-06T03:48:12.713Z +tags: +editor: markdown +dateCreated: 2026-03-06T03:48:05.841Z +--- + +# VHS Video Restoration — User Guide + +A pipeline script for cleaning up and upscaling old VHS captures on Ubuntu 24.04. +Runs in two modes: a fast FFmpeg-only cleanup pass, and a full AI upscale using Real-ESRGAN. + +--- + +## Requirements + +- **Ubuntu 24.04** +- **FFmpeg** — `sudo apt install ffmpeg` +- **bc** — `sudo apt install bc` +- **Real-ESRGAN** (optional, for AI upscaling — see setup below) + +--- + +## File Setup + +Place everything in a working folder with this structure: + +``` +~/your-folder/ +├── vhs_restore.sh +├── realesrgan-ncnn-vulkan ← AI upscaler binary (optional) +├── models/ ← Real-ESRGAN model files +├── input/ ← Put your source videos here +├── output/ ← Restored videos appear here +└── work/ ← Temporary scratch files (auto-created) +``` + +Supported input formats: `.mpg`, `.mpeg`, `.mp4`, `.avi`, `.mov`, `.mkv`, `.wmv`, `.m4v`, `.ts` + +--- + +## First-Time Setup + +```bash +# Make the script executable +chmod +x vhs_restore.sh + +# Create the input folder and add your videos +mkdir input +cp /path/to/your/videos/*.mpg input/ +``` + +### Installing Real-ESRGAN (one-time, for AI upscaling) + +1. Download the latest Ubuntu release from: + https://github.com/xinntao/Real-ESRGAN/releases + → look for `realesrgan-ncnn-vulkan-*-ubuntu.zip` +2. Unzip into your working folder +3. `chmod +x realesrgan-ncnn-vulkan` + +--- + +## Running the Script + +### Quick cleanup only (recommended first pass) + +Fast — processes in a few minutes per file. No AI upscaling. + +```bash +./vhs_restore.sh --no-ai +``` + +### Full pipeline with AI upscaling + +Slow on CPU (plan for several hours per hour of footage). Produces the best results. + +```bash +./vhs_restore.sh +``` + +### All options + +| Flag | Description | Default | +|------|-------------|---------| +| `-i DIR` | Input directory | `./input` | +| `-o DIR` | Output directory | `./output` | +| `-w DIR` | Scratch/work directory | `./work` | +| `-b PATH` | Path to Real-ESRGAN binary | `./realesrgan-ncnn-vulkan` | +| `-s 2` or `-s 4` | Upscale factor | `2` | +| `-q 16` | Output quality (0–51, lower = better) | `16` | +| `--no-ai` | Skip AI upscaling, FFmpeg only | off | +| `--keep` | Keep extracted PNG frames after processing | off | +| `-h` | Show help | | + +**Examples:** + +```bash +# Process files from a custom folder +./vhs_restore.sh -i ~/Videos/VHS -o ~/Videos/Restored + +# 4x upscale with slightly smaller output file +./vhs_restore.sh -s 4 -q 18 + +# FFmpeg cleanup only, custom folders +./vhs_restore.sh -i ~/Videos/VHS -o ~/Videos/Restored --no-ai +``` + +--- + +## What the Script Does + +**Stage 1 — FFmpeg cleanup** (always runs): +- Deinterlaces the video (`yadif`) — removes the horizontal combing artifacts common in VHS captures +- Denoises (`hqdn3d=2:1:2:2`) — gentle noise reduction that avoids motion blocking +- Sharpens edges (`unsharp`) — recovers detail softened by the denoise step +- Colour corrects — boosts washed-out VHS colour, adjusts contrast and gamma, corrects the green/yellow cast common in aged tape + +**Stage 2 — Frame extraction** (AI mode only): +- Extracts every frame as a PNG into a temporary folder + +**Stage 3 — Real-ESRGAN upscaling** (AI mode only): +- Runs the `realesr-animevideov3` model on each frame +- Default: 2× upscale (e.g. 640×480 → 1280×960) + +**Reassembly:** +- Rebuilds the video from upscaled frames with the original audio + +--- + +## Live Progress + +The script shows live FFmpeg output. Watch for: + +- `speed=3.5x` — processing at 3.5× realtime (good) +- `speed=0.5x` — slow, likely a very heavy filter load +- `corrupt decoded frame` — normal for damaged VHS files, FFmpeg will push through + +--- + +## Troubleshooting + +**Script hangs with no output** +Run with `--no-ai` first to confirm FFmpeg is working, then check that your Real-ESRGAN binary is executable (`chmod +x realesrgan-ncnn-vulkan`). + +**Output looks blocky during motion** +The denoise values may still be too high for your footage. Edit the script and reduce `hqdn3d=2:1:2:2` to `hqdn3d=1:1:1:1`, or remove `hqdn3d` entirely — Real-ESRGAN handles noise well on its own. + +**Colour looks over-saturated** +Reduce `saturation=1.8` in the filter chain to `saturation=1.4` or `1.2`. + +**Real-ESRGAN not found** +Ensure the binary is in the same folder as the script and is executable. Or pass the path explicitly: `./vhs_restore.sh -b /path/to/realesrgan-ncnn-vulkan` + +**Error logs** +All FFmpeg and Real-ESRGAN logs are saved to `/tmp/` for diagnosis: +- `/tmp/ffmpeg_stage1.log` +- `/tmp/ffmpeg_extract.log` +- `/tmp/realesrgan.log` +- `/tmp/ffmpeg_reassemble.log` + +--- + +## Workflow Recommendation + +1. Run `--no-ai` first on one file to check the cleanup result +2. If it looks good, run the full pipeline on all files overnight +3. For heavily damaged footage, consider also running **CodeFormer** (face restoration) on top of the output — particularly effective if the video contains people + +--- + +## Output + +Restored files are saved to `./output/` as `_restored.mp4` encoded as H.264 with AAC audio. + + +## vhs_restore.sh Script + +`#!/usr/bin/env bash +# ============================================================================= +# vhs_restore.sh — Automated VHS Video Restoration Pipeline +# Stages: Deinterlace → Denoise → Colour correct → AI Upscale → Reassemble +# +# Changes from v1: +# - Gentle hqdn3d (2:1:2:2) to prevent motion blocking/pixelation +# - Aggressive colour correction for washed-out VHS footage +# - Live FFmpeg progress shown in terminal (no silent hanging) +# - Logs still saved to /tmp/ for error diagnosis +# ============================================================================= +set -euo pipefail + +# ── Colour output helpers ──────────────────────────────────────────────────── +RED='\033[0;31m'; GREEN='\033[0;32m'; YELLOW='\033[1;33m' +CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m' +info() { echo -e "${CYAN}[INFO]${NC} $*"; } +success() { echo -e "${GREEN}[OK]${NC} $*"; } +warn() { echo -e "${YELLOW}[WARN]${NC} $*"; } +error() { echo -e "${RED}[ERROR]${NC} $*" >&2; } +header() { echo -e "\n${BOLD}${CYAN}══ $* ══${NC}"; } + +# ── Default configuration ──────────────────────────────────────────────────── +INPUT_DIR="./input" # Folder containing your source VHS videos +OUTPUT_DIR="./output" # Final restored videos land here +WORK_DIR="./work" # Scratch space (frames, temp files) +REALESRGAN_BIN="./realesrgan-ncnn-vulkan" # Path to Real-ESRGAN binary +REALESRGAN_MODEL="realesr-animevideov3" # Best model for home video +UPSCALE_FACTOR=2 # 2x or 4x (4x is very slow on CPU) +OUTPUT_WIDTH=1920 # Target width used in --no-ai mode +OUTPUT_HEIGHT=1080 # Target height used in --no-ai mode +CRF=16 # Output quality 0-51, lower = better +PRESET="slow" # FFmpeg encode preset +SKIP_UPSCALE=false # --no-ai flag sets this true +KEEP_FRAMES=false # --keep flag sets this true + +# ── Parse CLI flags ────────────────────────────────────────────────────────── +usage() { + cat </dev/null; then + success "$1 found" + else + error "$1 not found. Install with: $2" + exit 1 + fi +} + +check_cmd ffmpeg "sudo apt install ffmpeg" +check_cmd ffprobe "sudo apt install ffmpeg" +check_cmd bc "sudo apt install bc" + +if [[ "$SKIP_UPSCALE" == false ]]; then + if [[ ! -x "$REALESRGAN_BIN" ]]; then + warn "Real-ESRGAN binary not found at: $REALESRGAN_BIN" + echo + echo -e "${YELLOW}To install Real-ESRGAN:${NC}" + echo " 1. Download: https://github.com/xinntao/Real-ESRGAN/releases" + echo " -> realesrgan-ncnn-vulkan-*-ubuntu.zip" + echo " 2. Unzip into this directory" + echo " 3. chmod +x realesrgan-ncnn-vulkan" + echo " 4. Re-run this script" + echo + echo "Or run with --no-ai for FFmpeg-only cleanup (no upscaling)." + exit 1 + fi + success "Real-ESRGAN found" +fi + +# ── Locate input files ─────────────────────────────────────────────────────── +header "Scanning input directory: $INPUT_DIR" + +if [[ ! -d "$INPUT_DIR" ]]; then + error "Input directory not found: $INPUT_DIR" + exit 1 +fi + +mapfile -t VIDEO_FILES < <(find "$INPUT_DIR" -maxdepth 1 \ + -type f \( -iname "*.mp4" -o -iname "*.avi" -o -iname "*.mov" \ + -o -iname "*.mkv" -o -iname "*.mpg" -o -iname "*.mpeg" \ + -o -iname "*.wmv" -o -iname "*.m4v" -o -iname "*.ts" \) \ + | sort) + +if [[ ${#VIDEO_FILES[@]} -eq 0 ]]; then + error "No video files found in $INPUT_DIR" + exit 1 +fi + +info "Found ${#VIDEO_FILES[@]} video file(s):" +for f in "${VIDEO_FILES[@]}"; do echo " * $(basename "$f")"; done + +# ── Helpers ────────────────────────────────────────────────────────────────── +probe() { + ffprobe -v error -select_streams v:0 \ + -show_entries "stream=$2" -of csv=p=0 "$1" 2>/dev/null | head -1 +} + +human_time() { + local s="${1%.*}" + printf '%dh %dm %ds' $((s/3600)) $(( (s%3600)/60 )) $((s%60)) +} + +# ── Create directories ─────────────────────────────────────────────────────── +mkdir -p "$OUTPUT_DIR" "$WORK_DIR" + +# ── Overall stats ──────────────────────────────────────────────────────────── +TOTAL_FILES=${#VIDEO_FILES[@]} +PROCESSED=0 +FAILED=0 +PIPELINE_START=$(date +%s) + +# ════════════════════════════════════════════════════════════════════════════ +# MAIN LOOP +# ════════════════════════════════════════════════════════════════════════════ +for INPUT_FILE in "${VIDEO_FILES[@]}"; do + + BASENAME=$(basename "$INPUT_FILE") + STEM="${BASENAME%.*}" + CLEANED="$WORK_DIR/${STEM}_cleaned.mp4" + FRAMES_IN="$WORK_DIR/${STEM}_frames_in" + FRAMES_OUT="$WORK_DIR/${STEM}_frames_out" + FINAL_OUTPUT="$OUTPUT_DIR/${STEM}_restored.mp4" + + header "Processing: $BASENAME ($((PROCESSED+1))/$TOTAL_FILES)" + FILE_START=$(date +%s) + + # ── Probe source ────────────────────────────────────────────────────────── + FPS=$(probe "$INPUT_FILE" "r_frame_rate") + FPS_DEC=$(echo "scale=3; $FPS" | bc 2>/dev/null || echo "25") + WIDTH=$(probe "$INPUT_FILE" "width") + HEIGHT=$(probe "$INPUT_FILE" "height") + FIELD_ORDER=$(probe "$INPUT_FILE" "field_order") + DURATION=$(ffprobe -v error -show_entries format=duration \ + -of csv=p=0 "$INPUT_FILE" 2>/dev/null | head -1) + + info "Source: ${WIDTH}x${HEIGHT} ${FPS_DEC}fps $(human_time "${DURATION%.*}") field_order=${FIELD_ORDER:-unknown}" + + # Always deinterlace for VHS -- safe even if not flagged as interlaced + if [[ "$FIELD_ORDER" =~ ^(tt|tb|bt|bb)$ ]]; then + DEINTERLACE_FILTER="yadif=mode=1," + info "Interlacing detected — applying yadif deinterlacer" + else + DEINTERLACE_FILTER="yadif=mode=1," + warn "Interlacing not confirmed by probe — applying yadif anyway (safe for VHS)" + fi + + # ── Stage 1: FFmpeg cleanup ─────────────────────────────────────────────── + header "Stage 1/3 — FFmpeg cleanup & colour correction" + info "Watch fps= and speed= for live progress." + info "Corrupt frame warnings are normal for old VHS captures." + echo + + if [[ "$SKIP_UPSCALE" == true ]]; then + SCALE_FILTER="scale=${OUTPUT_WIDTH}:${OUTPUT_HEIGHT}:flags=lanczos," + else + SCALE_FILTER="" + fi + + # Filter chain notes: + # hqdn3d=2:1:2:2 -- gentle denoise; low temporal values (3rd/4th) + # prevent the motion blocking seen with higher values + # unsharp -- moderate sharpening to recover edge detail + # eq -- aggressive colour boost for washed-out VHS + # colorbalance -- corrects the green/yellow cast common in aged VHS + VFILTER="${DEINTERLACE_FILTER}\ +hqdn3d=2:1:2:2,\ +unsharp=3:3:0.5:3:3:0.3,\ +eq=contrast=1.2:brightness=0.05:saturation=1.8:gamma=1.1,\ +colorbalance=rs=0.1:gs=0.0:bs=-0.1,\ +${SCALE_FILTER}\ +format=yuv420p" + + if ! ffmpeg -y -i "$INPUT_FILE" \ + -vf "$VFILTER" \ + -c:v libx264 -crf 18 -preset medium \ + -c:a aac -b:a 192k -ac 2 \ + -stats \ + "$CLEANED" 2>&1 | tee /tmp/ffmpeg_stage1.log | \ + grep --line-buffered -E "(frame=|speed=|error|Error|Invalid)"; then + error "FFmpeg stage 1 failed. Full log: /tmp/ffmpeg_stage1.log" + FAILED=$((FAILED+1)) + continue + fi + + echo + success "Stage 1 complete -> $(du -sh "$CLEANED" | cut -f1)" + + if [[ "$SKIP_UPSCALE" == true ]]; then + cp "$CLEANED" "$FINAL_OUTPUT" + success "Output (no AI): $FINAL_OUTPUT" + PROCESSED=$((PROCESSED+1)) + [[ "$KEEP_FRAMES" == false ]] && rm -f "$CLEANED" + continue + fi + + # ── Stage 2: Extract frames ─────────────────────────────────────────────── + header "Stage 2/3 — Extracting frames for AI upscaling" + mkdir -p "$FRAMES_IN" "$FRAMES_OUT" + + FRAME_COUNT=$(ffprobe -v error -count_packets \ + -select_streams v:0 -show_entries stream=nb_read_packets \ + -of csv=p=0 "$CLEANED" 2>/dev/null | head -1) + FRAME_COUNT=${FRAME_COUNT:-0} + info "Extracting ~${FRAME_COUNT} frames..." + + if ! ffmpeg -y -i "$CLEANED" \ + -vsync 0 -stats \ + "$FRAMES_IN/frame%08d.png" 2>&1 | tee /tmp/ffmpeg_extract.log | \ + grep --line-buffered -E "(frame=|speed=|error|Error)"; then + error "Frame extraction failed. Full log: /tmp/ffmpeg_extract.log" + FAILED=$((FAILED+1)) + continue + fi + + ACTUAL_FRAMES=$(find "$FRAMES_IN" -name "*.png" | wc -l) + echo + success "Extracted $ACTUAL_FRAMES frames" + + # ── Stage 3: Real-ESRGAN ────────────────────────────────────────────────── + header "Stage 3/3 — Real-ESRGAN AI upscaling (${UPSCALE_FACTOR}x)" + warn "Slow on CPU — est. $(echo "scale=0; $ACTUAL_FRAMES * 10 / 60" | bc)-$(echo "scale=0; $ACTUAL_FRAMES * 30 / 60" | bc) minutes" + info "Upscaled frames will appear in: $FRAMES_OUT" + echo + + UPSCALE_START=$(date +%s) + if ! "$REALESRGAN_BIN" \ + -i "$FRAMES_IN" \ + -o "$FRAMES_OUT" \ + -n "$REALESRGAN_MODEL" \ + -s "$UPSCALE_FACTOR" \ + -f png 2>&1 | tee /tmp/realesrgan.log; then + error "Real-ESRGAN failed. Full log: /tmp/realesrgan.log" + FAILED=$((FAILED+1)) + continue + fi + + UPSCALE_END=$(date +%s) + UPSCALE_ELAPSED=$((UPSCALE_END - UPSCALE_START)) + success "AI upscaling complete in $(human_time $UPSCALE_ELAPSED)" + + # ── Reassemble ──────────────────────────────────────────────────────────── + REASSEMBLE_FPS=$(ffprobe -v error -select_streams v:0 \ + -show_entries stream=r_frame_rate \ + -of csv=p=0 "$CLEANED" 2>/dev/null | head -1) + + info "Reassembling video from upscaled frames..." + echo + + if ! ffmpeg -y \ + -framerate "$REASSEMBLE_FPS" \ + -i "$FRAMES_OUT/frame%08d.png" \ + -i "$CLEANED" \ + -map 0:v -map 1:a \ + -c:v libx264 -crf "$CRF" -preset "$PRESET" \ + -c:a copy \ + -movflags +faststart \ + -stats \ + "$FINAL_OUTPUT" 2>&1 | tee /tmp/ffmpeg_reassemble.log | \ + grep --line-buffered -E "(frame=|speed=|error|Error)"; then + error "Reassembly failed. Full log: /tmp/ffmpeg_reassemble.log" + FAILED=$((FAILED+1)) + continue + fi + + # ── Cleanup ─────────────────────────────────────────────────────────────── + if [[ "$KEEP_FRAMES" == false ]]; then + rm -rf "$FRAMES_IN" "$FRAMES_OUT" "$CLEANED" + info "Scratch files cleaned up" + else + info "Frames kept in: $FRAMES_IN / $FRAMES_OUT" + fi + + FILE_END=$(date +%s) + FILE_ELAPSED=$((FILE_END - FILE_START)) + PROCESSED=$((PROCESSED+1)) + + OUT_SIZE=$(du -sh "$FINAL_OUTPUT" | cut -f1) + echo + success "Done: $FINAL_OUTPUT" + info " File size : $OUT_SIZE" + info " Time taken: $(human_time $FILE_ELAPSED)" + +done + +# ════════════════════════════════════════════════════════════════════════════ +# Final summary +# ════════════════════════════════════════════════════════════════════════════ +PIPELINE_END=$(date +%s) +PIPELINE_ELAPSED=$((PIPELINE_END - PIPELINE_START)) + +header "Pipeline Complete" +echo -e " ${GREEN}Processed : $PROCESSED / $TOTAL_FILES${NC}" +[[ $FAILED -gt 0 ]] && echo -e " ${RED}Failed : $FAILED${NC}" +echo -e " Total time: $(human_time $PIPELINE_ELAPSED)" +echo -e " Output dir: $OUTPUT_DIR" +echo + +if [[ $PROCESSED -gt 0 ]]; then + echo "Restored files:" + find "$OUTPUT_DIR" -name "*_restored.mp4" | while read -r f; do + SIZE=$(du -sh "$f" | cut -f1) + echo " * $(basename "$f") ($SIZE)" + done +fi +` + + + + + + + diff --git a/Gremlin-Grimoire/Overview.md b/Gremlin-Grimoire/Overview.md new file mode 100644 index 0000000..5df87a5 --- /dev/null +++ b/Gremlin-Grimoire/Overview.md @@ -0,0 +1,72 @@ +--- +title: Gremlin Grimoire +description: Netgrimoire's local AI — the gremlin that runs the machine +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, ai, ollama, n8n +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Gremlin Grimoire + +![gremlin-badge](/images/gremlin-badge.png) + +Gremlin is the local AI layer of Netgrimoire. It's not just a chat interface — it's an autonomous agent that watches the infrastructure, audits the codebase, triages alerts, and answers questions about the lab. The gremlin lives inside the machine and knows every dark corner of it. + +--- + +## What Gremlin Is + +Gremlin is a stack of four services running together on `docker4`, all pinned to the same Swarm node: + +| Service | Role | URL | +|---------|------|-----| +| **Ollama** | Local LLM inference (CPU-only, Ryzen) | `http://ollama:11434` · `ollama.netgrimoire.com:11434` | +| **Open WebUI** | Chat interface + RAG frontend | `https://ai.netgrimoire.com` | +| **Qdrant** | Vector database for RAG knowledge base | `http://qdrant:6333` · dashboard `:6333/dashboard` | +| **n8n** | Automation brain — autonomous workflows | `https://n8n.netgrimoire.com` | + +--- + +## What Gremlin Does Today + +| Capability | Status | Workflow | +|-----------|--------|---------| +| Weekly YAML audit of all compose files | ✅ Live | Forgejo Audit — Monday 06:00 | +| Uptime Kuma alert triage | ✅ Live | Kuma Triage — webhook-triggered | +| Interactive chat with lab context | ✅ Live | Open WebUI + Ollama | +| RAG over wiki/docs | 🔧 Wired, not populated | Qdrant connected, knowledge base empty | +| Doc generation from compose files | 🟡 Parked | CPU quality insufficient — awaiting GPU | +| Email triage | 📋 Planned | Phase 3 — not built | + +--- + +## Models + +| Model | Size | Used For | +|-------|------|---------| +| `qwen2.5-coder:7b` | ~5 GB | Code review, YAML audits, compose analysis | +| `llama3.2:3b` | ~2 GB | Alert triage, Q&A, summarization | + +Models must be pulled before workflows run. See [Ollama Model Management](/Gremlin-Grimoire/Runbooks/Model-Management). + +--- + +## Sections + +| | | +|---|---| +| [Stack](/Gremlin-Grimoire/Stack/Build-Config) | Full build config, volumes, env vars, compose YAML | +| [Workflows](/Gremlin-Grimoire/Workflows/Forgejo-Audit) | All n8n workflows — architecture, patterns, gotchas | +| [Runbooks](/Gremlin-Grimoire/Runbooks/Deploy) | Deploy, model management, troubleshooting | + +--- + +## Planned Evolution + +- **Homelable MCP backend** — next up. Provides tool-use for infra Q&A (topology, running services, resource usage). Blocked until Homelable stack is deployed. +- **GPU support** — unlocks doc generation and larger models. Compose GPU block is commented out, ready to enable. +- **Gremlin role variants** — specialized personas per domain (Proxy Gremlin, Storage Gremlin, Security Gremlin, etc.) with mood states and dynamic badge serving via Caddy. +- **RAG knowledge base population** — index all Wiki.js pages and the compose template standard into Qdrant. +- **Gremlin Router** — dedicated Flask container for webhook routing (currently handled directly by n8n). diff --git a/Gremlin-Grimoire/Runbooks/Deploy.md b/Gremlin-Grimoire/Runbooks/Deploy.md new file mode 100644 index 0000000..8e5e121 --- /dev/null +++ b/Gremlin-Grimoire/Runbooks/Deploy.md @@ -0,0 +1,73 @@ +--- +title: Deploy Gremlin Stack +description: How to deploy and redeploy the Gremlin AI stack +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, deploy, runbook +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Deploy Gremlin Stack + +All Gremlin services run on `docker4` (hermes), pinned via `node.hostname == docker4`. + +--- + +## Prerequisites + +```bash +# On docker4 — create volume directories +mkdir -p /DockerVol/ollama +mkdir -p /DockerVol/open-webui +mkdir -p /DockerVol/qdrant + +# n8n requires specific ownership +mkdir -p /DockerVol/n8n +chown -R 1000:1000 /DockerVol/n8n +``` + +--- + +## Deploy + +```bash +cd ~/services && git pull +cd swarm/stack/Gremlin +set -a && source .env && set +a +docker stack config --compose-file gremlin-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml gremlin +rm resolved.yml +docker stack services gremlin +``` + +--- + +## Pull Models After Deploy + +Models must be pulled before n8n workflows run. Ollama returns a silent model-not-found error if workflows fire first. + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull llama3.2:3b +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull qwen2.5-coder:7b + +# Verify +docker exec $(docker ps -qf name=gremlin_ollama) ollama list +``` + +--- + +## Verify Open WebUI Secret Key + +Check that `WEBUI_SECRET_KEY` in `.env` on docker4 is set to a real secret, not the placeholder `change-this-secret-key`. + +--- + +## Service URLs After Deploy + +| Service | Internal | External | +|---------|----------|---------| +| Ollama | `http://ollama:11434` | `http://ollama.netgrimoire.com:11434` | +| Open WebUI | `http://open-webui:8080` | `https://ai.netgrimoire.com` | +| Qdrant | `http://qdrant:6333` | `http://qdrant.netgrimoire.com:6333/dashboard` | +| n8n | `http://n8n:5678` | `https://n8n.netgrimoire.com` | diff --git a/Gremlin-Grimoire/Runbooks/Model-Management.md b/Gremlin-Grimoire/Runbooks/Model-Management.md new file mode 100644 index 0000000..770d8ff --- /dev/null +++ b/Gremlin-Grimoire/Runbooks/Model-Management.md @@ -0,0 +1,41 @@ +--- +title: Ollama Model Management +description: Pulling, verifying, and managing models on the Gremlin stack +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, ollama, models, runbook +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Ollama Model Management + +## Pull Required Models + +Run on docker4 after any fresh deploy or after the Ollama container is recreated: + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull llama3.2:3b +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull qwen2.5-coder:7b +``` + +## Verify Models Loaded + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama list +``` + +## Model Reference + +| Model | Size | Pull Time (CPU) | Used By | +|-------|------|----------------|---------| +| `llama3.2:3b` | ~2 GB | ~5 min | Kuma triage, Open WebUI | +| `qwen2.5-coder:7b` | ~5 GB | ~15 min | Forgejo audit, Open WebUI | + +## Models Storage Path + +`/DockerVol/ollama` — survives container restarts and redeployments. + +## ⚠ Pull Before Workflows Run + +n8n workflows fail silently if models aren't present. Ollama returns a model-not-found response but n8n may not surface this as an obvious error. Always pull models immediately after deploy before enabling workflows. diff --git a/Gremlin-Grimoire/Runbooks/Troubleshooting.md b/Gremlin-Grimoire/Runbooks/Troubleshooting.md new file mode 100644 index 0000000..8e4118b --- /dev/null +++ b/Gremlin-Grimoire/Runbooks/Troubleshooting.md @@ -0,0 +1,64 @@ +--- +title: Gremlin Troubleshooting +description: Common Gremlin stack problems and fixes +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, troubleshooting, runbook +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Gremlin Troubleshooting + +## n8n Won't Start / Permission Error + +```bash +# On docker4 +chown -R 1000:1000 /DockerVol/n8n +docker service update --force gremlin_n8n +``` + +## Workflow Fails Silently on Ollama Call + +Model not pulled. Ollama returns model-not-found but n8n may not surface it clearly. + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama list +# If model missing: +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull llama3.2:3b +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull qwen2.5-coder:7b +``` + +## Forgejo Webhook Not Reaching n8n + +Add to Forgejo `app.ini`: +```ini +[webhook] +ALLOWED_HOST_LIST = * +``` +Restart Forgejo. Required when `OFFLINE_MODE = true`. + +## Caddy Routes to Wrong Container IP + +Ensure all Gremlin services include in labels: +```yaml +caddy_ingress_network: netgrimoire +``` + +Never use `{{upstreams PORT}}` — breaks during `docker stack config` preprocessing. Use `caddy.reverse_proxy: servicename:PORT`. + +## Audit Workflow Times Out + +Check `N8N_RUNNERS_TASK_TIMEOUT` is set to `3600` in n8n environment. Default timeout is too short for 67-file audit runs. + +## n8n Code Node Can't Access Env Vars + +Set `N8N_BLOCK_ENV_ACCESS_IN_NODE=false` in n8n environment. + +## Open WebUI Can't Connect to Qdrant + +Verify both services are on the `netgrimoire` overlay and pinned to `docker4`. Qdrant gRPC port is 6334, REST is 6333. + +## Audit Reports Not Committing to Forgejo + +Check write token is set in n8n credentials. The read and write tokens are separate — confirm the workflow is using the write token for commit operations (POST new files, PUT+SHA for updates). diff --git a/Gremlin-Grimoire/Stack/Agent-Docs.md b/Gremlin-Grimoire/Stack/Agent-Docs.md new file mode 100644 index 0000000..c4439c3 --- /dev/null +++ b/Gremlin-Grimoire/Stack/Agent-Docs.md @@ -0,0 +1,503 @@ +--- +title: Ollama with agent +description: The smart home reference +published: true +date: 2026-04-02T21:11:09.564Z +tags: +editor: markdown +dateCreated: 2026-02-18T22:14:41.533Z +--- + +# AI Automation Stack - Ollama + n8n + Open WebUI + +## Overview + +This stack provides a complete self-hosted AI automation solution for homelab infrastructure management, documentation generation, and intelligent monitoring. The system consists of four core components that work together to provide AI-powered workflows and knowledge management. + +## Architecture + +``` +┌─────────────────────────────────────────────────┐ +│ AI Automation Stack │ +│ │ +│ Open WebUI ────────┐ │ +│ (Chat Interface) │ │ +│ │ │ │ +│ ▼ ▼ │ +│ Ollama ◄──── Qdrant │ +│ (LLM Runtime) (Vector DB) │ +│ ▲ │ +│ │ │ +│ n8n │ +│ (Workflow Engine) │ +│ │ │ +│ ▼ │ +│ Forgejo │ Wiki.js │ Monitoring │ +└─────────────────────────────────────────────────┘ +``` + +## Components + +### Ollama +- **Purpose**: Local LLM runtime engine +- **Port**: 11434 +- **Resource Usage**: 4-6GB RAM (depending on model) +- **Recommended Models**: + - `qwen2.5-coder:7b` - Code analysis and documentation + - `llama3.2:3b` - General queries and chat + - `phi3:mini` - Lightweight alternative + +### Open WebUI +- **Purpose**: User-friendly chat interface with built-in RAG (Retrieval Augmented Generation) +- **Port**: 3000 +- **Features**: + - Document ingestion from Wiki.js + - Conversational interface for querying documentation + - RAG pipeline for context-aware responses + - Multi-model support +- **Access**: `http://your-server-ip:3000` + +### Qdrant +- **Purpose**: Vector database for semantic search and RAG +- **Ports**: 6333 (HTTP), 6334 (gRPC) +- **Resource Usage**: ~1GB RAM +- **Function**: Stores embeddings of your documentation, code, and markdown files + +### n8n +- **Purpose**: Workflow automation and orchestration +- **Port**: 5678 +- **Default Credentials**: + - Username: `admin` + - Password: `change-this-password` (⚠️ **Change this immediately**) +- **Access**: `http://your-server-ip:5678` + +## Installation + +### Prerequisites +- Docker and Docker Compose installed +- 16GB RAM minimum (8GB available for the stack) +- 50GB disk space for models and data + +### Deployment Steps + +1. **Create directory structure**: +```bash +mkdir -p ~/ai-stack/{n8n/workflows} +cd ~/ai-stack +``` + +2. **Download the compose file**: +```bash +# Place the ai-stack-compose.yml in this directory +wget [your-internal-url]/ai-stack-compose.yml +``` + +3. **Configure environment variables**: +```bash +# Edit the compose file and change: +# - WEBUI_SECRET_KEY +# - N8N_BASIC_AUTH_PASSWORD +# - WEBHOOK_URL (use your server's IP) +# - GENERIC_TIMEZONE +nano ai-stack-compose.yml +``` + +4. **Start the stack**: +```bash +docker-compose -f ai-stack-compose.yml up -d +``` + +5. **Pull Ollama models**: +```bash +docker exec -it ollama ollama pull qwen2.5-coder:7b +docker exec -it ollama ollama pull llama3.2:3b +``` + +6. **Verify services**: +```bash +docker-compose -f ai-stack-compose.yml ps +``` + +## Configuration + +### Open WebUI Setup + +1. Navigate to `http://your-server-ip:3000` +2. Create your admin account (first user becomes admin) +3. Go to **Settings → Connections** and verify Ollama connection +4. Configure Qdrant: + - Host: `qdrant` + - Port: `6333` + +### Setting Up RAG for Wiki.js + +1. In Open WebUI, go to **Workspace → Knowledge** +2. Create a new collection: "Homelab Documentation" +3. Add sources: + - **URL Crawl**: Enter your Wiki.js base URL + - **File Upload**: Upload markdown files from repositories +4. Process and index the documents + +### n8n Initial Configuration + +1. Navigate to `http://your-server-ip:5678` +2. Log in with credentials from docker-compose file +3. Import starter workflows from `/n8n/workflows/` directory + +## Use Cases + +### 1. Automated Documentation Generation + +**Workflow**: Forgejo webhook → n8n → Ollama → Wiki.js + +When code is pushed to Forgejo: +1. n8n receives webhook from Forgejo +2. Extracts changed files and repo context +3. Sends to Ollama with prompt: "Generate documentation for this code" +4. Posts generated docs to Wiki.js via API + +**Example n8n Workflow**: +``` +Webhook Trigger + → HTTP Request (Forgejo API - get file contents) + → Ollama LLM Node (generate docs) + → HTTP Request (Wiki.js API - create/update page) + → Send notification (completion) +``` + +### 2. Docker-Compose Standardization + +**Workflow**: Repository scan → compliance check → issue creation + +1. n8n runs on schedule (daily/weekly) +2. Queries Forgejo API for all repositories +3. Scans for `docker-compose.yml` files +4. Compares against template standards stored in Qdrant +5. Generates compliance report with Ollama +6. Creates Forgejo issues for non-compliant repos + +### 3. Intelligent Alert Processing + +**Workflow**: Monitoring alert → AI analysis → smart routing + +1. Beszel/Uptime Kuma sends webhook to n8n +2. n8n queries historical data and context +3. Ollama analyzes: + - Is this expected? (scheduled backup, known maintenance) + - Severity level + - Recommended action +4. Routes appropriately: + - Critical: Immediate notification (Telegram/email) + - Warning: Log and monitor + - Info: Suppress (expected behavior) + +### 4. Email Monitoring & Triage + +**Workflow**: IMAP polling → AI classification → action routing + +1. n8n polls email inbox every 5 minutes +2. Filters for keywords: "alert", "critical", "down", "failed" +3. Ollama classifies urgency and determines if actionable +4. Routes based on classification: + - Urgent: Forward to you immediately + - Informational: Daily digest + - Spam: Archive + +## Common Workflows + +### Example: Repository Documentation Generator + +```javascript +// n8n workflow nodes: + +1. Schedule Trigger (daily at 2 AM) + ↓ +2. HTTP Request - Forgejo API + URL: http://forgejo:3000/api/v1/repos/search + Method: GET + ↓ +3. Loop Over Items (each repo) + ↓ +4. HTTP Request - Get repo files + URL: {{$node["Forgejo API"].json["clone_url"]}}/contents + ↓ +5. Filter - Find docker-compose.yml and README.md + ↓ +6. Ollama Node + Model: qwen2.5-coder:7b + Prompt: "Analyze this docker-compose file and generate comprehensive + documentation including: purpose, services, ports, volumes, + environment variables, and setup instructions." + ↓ +7. HTTP Request - Wiki.js API + URL: http://wikijs:3000/graphql + Method: POST + Body: {mutation: createPage(...)} + ↓ +8. Send Notification + Service: Telegram/Email + Message: "Documentation updated for {{repo_name}}" +``` + +### Example: Alert Intelligence Workflow + +```javascript +// n8n workflow nodes: + +1. Webhook Trigger + Path: /webhook/monitoring-alert + ↓ +2. Function Node - Parse Alert Data + JavaScript: Extract service, metric, value, timestamp + ↓ +3. HTTP Request - Query Historical Data + URL: http://beszel:8090/api/metrics/history + ↓ +4. Ollama Node + Model: llama3.2:3b + Context: Your knowledge base in Qdrant + Prompt: "Alert: {{alert_message}} + Historical context: {{historical_data}} + Is this expected behavior? + What's the severity? + What action should be taken?" + ↓ +5. Switch Node - Route by Severity + Conditions: + - Critical: Route to immediate notification + - Warning: Route to monitoring channel + - Info: Route to log only + ↓ +6a. Send Telegram (Critical path) +6b. Post to Slack (Warning path) +6c. Write to Log (Info path) +``` + +## Maintenance + +### Model Management + +```bash +# List installed models +docker exec -it ollama ollama list + +# Update a model +docker exec -it ollama ollama pull qwen2.5-coder:7b + +# Remove unused models +docker exec -it ollama ollama rm old-model:tag +``` + +### Backup Important Data + +```bash +# Backup Qdrant vector database +docker-compose -f ai-stack-compose.yml stop qdrant +tar -czf qdrant-backup-$(date +%Y%m%d).tar.gz ./qdrant_data/ +docker-compose -f ai-stack-compose.yml start qdrant + +# Backup n8n workflows (automatic to ./n8n/workflows) +tar -czf n8n-backup-$(date +%Y%m%d).tar.gz ./n8n_data/ + +# Backup Open WebUI data +tar -czf openwebui-backup-$(date +%Y%m%d).tar.gz ./open_webui_data/ +``` + +### Log Monitoring + +```bash +# View all stack logs +docker-compose -f ai-stack-compose.yml logs -f + +# View specific service +docker logs -f ollama +docker logs -f n8n +docker logs -f open-webui +``` + +### Resource Monitoring + +```bash +# Check resource usage +docker stats + +# Expected usage: +# - ollama: 4-6GB RAM (with model loaded) +# - open-webui: ~500MB RAM +# - qdrant: ~1GB RAM +# - n8n: ~200MB RAM +``` + +## Troubleshooting + +### Ollama Not Responding + +```bash +# Check if Ollama is running +docker logs ollama + +# Restart Ollama +docker restart ollama + +# Test Ollama API +curl http://localhost:11434/api/tags +``` + +### Open WebUI Can't Connect to Ollama + +1. Check network connectivity: +```bash +docker exec -it open-webui ping ollama +``` + +2. Verify Ollama URL in Open WebUI settings +3. Restart both containers: +```bash +docker restart ollama open-webui +``` + +### n8n Workflows Failing + +1. Check n8n logs: +```bash +docker logs n8n +``` + +2. Verify webhook URLs are accessible +3. Test Ollama connection from n8n: + - Create test workflow + - Add Ollama node + - Run execution + +### Qdrant Connection Issues + +```bash +# Check Qdrant health +curl http://localhost:6333/health + +# View Qdrant logs +docker logs qdrant + +# Restart if needed +docker restart qdrant +``` + +## Performance Optimization + +### Model Selection by Use Case + +- **Quick queries, chat**: `llama3.2:3b` or `phi3:mini` (fastest) +- **Code analysis**: `qwen2.5-coder:7b` or `deepseek-coder:6.7b` +- **Complex reasoning**: `mistral:7b` or `llama3.1:8b` + +### n8n Workflow Optimization + +- Use **Wait** nodes to batch operations +- Enable **Execute Once** for loops to reduce memory +- Store large data in temporary files instead of node output +- Use **Split In Batches** for processing large datasets + +### Qdrant Performance + +- Default settings are optimized for homelab use +- Increase `collection_shards` if indexing >100,000 documents +- Enable quantization for large collections + +## Security Considerations + +### Change Default Credentials + +```bash +# Generate secure password +openssl rand -base64 32 + +# Update in docker-compose.yml: +# - WEBUI_SECRET_KEY +# - N8N_BASIC_AUTH_PASSWORD +``` + +### Network Isolation + +Consider using a reverse proxy (Traefik, Nginx Proxy Manager) with authentication: +- Limit external access to Open WebUI only +- Keep n8n, Ollama, Qdrant on internal network +- Use VPN for remote access + +### API Security + +- Use strong API tokens for Wiki.js and Forgejo integrations +- Rotate credentials periodically +- Audit n8n workflow permissions + +## Integration Points + +### Connecting to Existing Services + +**Uptime Kuma**: +- Configure webhook alerts → n8n webhook URL +- Path: `http://your-server-ip:5678/webhook/uptime-kuma` + +**Beszel**: +- Use Shoutrrr webhook format +- URL: `http://your-server-ip:5678/webhook/beszel` + +**Forgejo**: +- Repository webhooks for push events +- URL: `http://your-server-ip:5678/webhook/forgejo-push` +- Enable in repo settings → Webhooks + +**Wiki.js**: +- GraphQL API endpoint: `http://wikijs:3000/graphql` +- Create API key in Wiki.js admin panel +- Store in n8n credentials + +## Advanced Features + +### Creating Custom n8n Nodes + +For frequently used Ollama prompts, create custom nodes: + +1. Go to n8n → Settings → Community Nodes +2. Install `n8n-nodes-ollama-advanced` if available +3. Or create Function nodes with reusable code + +### Training Custom Models + +While Ollama doesn't support fine-tuning directly, you can: +1. Use RAG with your specific documentation +2. Create detailed system prompts in n8n +3. Store organization-specific context in Qdrant + +### Multi-Agent Workflows + +Chain multiple Ollama calls for complex tasks: +``` +Planning Agent → Execution Agent → Review Agent → Output +``` + +Example: Code refactoring +1. Planning: Analyze code and create refactoring plan +2. Execution: Generate refactored code +3. Review: Check for errors and improvements +4. Output: Create pull request with changes + +## Resources + +- **Ollama Documentation**: https://ollama.ai/docs +- **Open WebUI Docs**: https://docs.openwebui.com +- **n8n Documentation**: https://docs.n8n.io +- **Qdrant Docs**: https://qdrant.tech/documentation + +## Support + +For issues or questions: +1. Check container logs first +2. Review this documentation +3. Search n8n community forums +4. Check Ollama Discord/GitHub issues + +--- + +**Last Updated**: {{current_date}} +**Maintained By**: Homelab Admin +**Status**: Production diff --git a/Gremlin-Grimoire/Stack/Build-Config.md b/Gremlin-Grimoire/Stack/Build-Config.md new file mode 100644 index 0000000..e1e9c55 --- /dev/null +++ b/Gremlin-Grimoire/Stack/Build-Config.md @@ -0,0 +1,383 @@ +--- +title: Gremlin — Build & Configuration +description: Complete build and configuration reference for the Gremlin AI stack on NetGrimoire +published: true +date: 2026-04-02T12:22:30.000Z +tags: gremlin, ai, docker, swarm, n8n, ollama +editor: markdown +dateCreated: 2026-04-02T12:22:30.000Z +--- + +![Gremlin](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAYAAAB5fY51AAEAAElEQVR42uy9d3hd13UlvvY5t75e8NAJgCTYwCKJUKGoAkqmLFqW5ZJA7rZiJ3SaJz0zk8z8KGZSZtI8GU+csZxmJ3EcIW6yLMtWI6xeIIoSCXaQIDoe8Hq59ezfH6BsWZZL4hJb5vo+fCBw8d7jPfecdXZZex/CBXyvIAC8Z88eMwxDjZk1ADjpn3QnRyed/j39ZkfY0RmV0dl7773XvTBcF3AB/35oF4bge4IAoABQOSwnqU7NaDQaeBFP7+IuvW+oL0ATekNrVKIyagK4QFgXcAHf44K7gH8/1PDwsLzmhmv67NCmxx57rJpKpRx3wXWVo3QRFV26rsunH3i6kM/nmxeG6wIu4HuDvDAE/243EHv27DGLbrHFCZ3Gow8+ugSAxsfH1aZNm8y6WQ+kJm3BouXMO88sz/3zXPji6y7gAi7ggoX1QyetZrNpi4SoPv3A08vnf8cAyPO8cOzusWbIYSmUoRh6cqgTAIb2DV3YIC7gAi4Q1g8dDAB+0g/dKTcEgIGBAf3Fi6Ojow4Y0Ms6q0AtS11mtt1wQ3R0/2hwYegu4AIuENZ/CGlFm1H14g+5XE68xOWjwUsHNRmTSdLMWEihkY0G7S91Jy/gAi7g344LWcJv4/K93KJ62TWWUgZaVosAcEZHR72X/l2sLZZVUnbrQgkEGnRPn37xdf+Gz+cLj+ECLuCVF+UFvIIFOjAwoNm2zWM3j4XYD/Xy8Ru6aajNVnbx3vi9we7i7piylWUYRhv7fmsgUA84mNNYS2sUFL/8+dHJ82OuLgztBVzAvx0XgsDfwe3L5/Oqs7NTpIO0zA/nGaMrgfUXCa2vs6/5wAMPhENrhjLSlhuIqD0AklJKqFBVAzcoN5S1APiJlutaKnNjc+F3+tDB3buT3RtXpTt6uzPtW1ZFM71dem57IsyP58MLj+TfhoHhAWPtjWuN6SemL8QPLxDWq97yJAA8Nzendm3ehcRkoiNxccL9GnEMQ7SIFnPjxo2rDWl0hCqsatBsQCkovQioRSfqlJ6860C9taefIg25qq+zz5mcnPRf4fNocHBQ79m2vkeEhJrLdWjlRqoR9YThs2y06J2rVsVz6ztj3ek2b25u7oKV9t0Q1mUDOpHV2X7lhujMU6cqL702PDwsxzdvFhgfv+B6X3AJX3247KbL2k1lhrIpq4giFSrZqhuc0qCBBDkhSIIDkxQ5vqKaYWDxvs/etwQAQ0NDIoxoawyXyw8++OAiXiE+tXP3zk4llPPEV54ovNLnDw8Py0Us2rWKiq9JtC+OjIxcsLi+G+zbJwbn5uTYHXd840axDwL7gQsu+gXC+rFEf3+/mexLWmkAjmmLwA/ItE1lNAzf8zzSNM30LT+jk55iwfWQQw8uAEJgmEZPKEIHCrUgFD4LN3h4+8OTOw/ujHaZXY2RkRF+GUnxy10Xu2lrY3ePNfAdAu6Dg4O6vkaPPzHyysR2ARdwgbBe5eMwMDygp2ZSpq7r0VALI7BQdB1XmJapAIB8imlCMzRLW6tYedKQzwdOoHvK8yzN6gbDDIMw7/haMxHxIgXSquRUfSd0wufve75+3uXTYrEYj46+gh5rHwRuB4O+Y2aQAPBFbxxKRRqe8fh9jy9eeHwXcIGwfkKw7YZt0Vg9Jh577LHaeavmlawbumr3VaukZbWZJAwSdI7jXHCqTka4gqUuM5rVmFaIhT78EIsI3FaXnhh4wj2fWaT+Pf3GqXtPfV+Lny9/wzWra1b7zPjIiHdhKl/ATwJ+UnVYNDg4qAHQ9apudq3qKr+EpL7JwtmzZ0/cZddmEkaoQl9zG3WuxzTLtjSWrDm+M2f4qXpDykiKLD+wA7arNr9UBnFJ/JKg5bUtGVET/kvI8XvZaFgj090MYPzCPP7+gUHfhZV7ARcsrB+i+zcwoOdyOQUAr+ieveRvh4aGosIWbdKUEaUUMbGrlE6mRF2xCv3AV6ijZGfsFjdwk6qiTre2tvojIyPq5aR0ww03REtKWcouNXVbZzNicm25Jpr2mmB8ZMT/N5AYDQ8PiwVRXN+m0icuBN8v4CcFPwmyhm8g5aGhIe2ZZ54JJicn1eTk5HfKDom+LX3rWOO0DMKmCsmJUmWGyeololTI4XKMOFRRTZckV5Oi0jVXXlP4yEc+8orvOzEx4f/cmfe4s1fOCm1GAwxoXuDZZpWN7g05bdUlq8Ta3FrttttuU6Ojo/wK90AvWlcd6zsySqPol+68+0IM6/uEwb179e2v613beV1rZXJ08icpc0gXCOtHEAPDA8Yz9zwTfreWzJ49ewzWOCdYsB5a877uW2xHHalkyOA+hCiFEVmDQo4EuUZgLH/sYx9rvmwC0Eu/RjFKl6+/XN1zzz3+5Pikl74oHWhzoSuiQg9cIxHqTuz09Ey6c2u/7Fvfoa1pXyMmJydfbE3DL5JuM6E6Qm5OTY9fEER+v5C+eY2WFhxPjcdL4xe0WReY9T8SO3bssP2Yb4zdP1b+bl8zNDRkaRGtx7O0qq+VS2bT7DWlWa8sVJYi7fFdGlM5pHBJkCiltNTyeTfwO0dJXgHDw8MSAKYwZUQL0Ugj0ZCsxQOUKzBdszE6OursGN5hsxNJGPAjDatRGBv57u/lVTJPGcwr/ybil1z7/pDLvn0C+/df0GT9COMnJehOTbNpakWt/m8gcHZbXZKOtKyg4Td8n6J6NE6CZCQX8XQIgw3NNSC7Pd9b/nfGkcSePXv0fD6vRlZiWADQHBoa8g3NsFB3Y01hasggcuVNV0pyLUtavufDnx8bGftJ6mD6dUL6OlF92w3g34XvkqwG9w7qY3eMBfjBFafT9/ne6Ps+VhcI6wd8o3HNGxsdC7/NA/2asHNw76COMcCsmlmhiUQz4CCHXKgMVeXQT4QirGvQptnzwoBgSpLbb3jjUD5wRTWwg0ZU46BeiWqINKB7uvA1TRhBqEN/yXj7CDzhsSvdTKwnre9cdV3ercmlNel0bWRkJADQAFAHwENDQ1rSTsp777rX+14n3Y5fG86YicXKv7M3F31t2t++j/ad/+X45vF/l6U+cGSA999+OwP00nf+Ztf8jp/tNjWdSpPjeaAPo/s/7vxHzqU1xTVqjMd+kP7Jv/sZ7xjeYaeqS+reb5bQvCpc3J8Il3BoCFoeA9b46Hjt2/3d7t27k7CQdMmVZtMsSCnTvumvllANT/FpjbWEJjQb8BAKKRDA0SJOSSGSDJthzgcCokAKEgaFxCFCEwI1FlyHj0CRciXLhpSSfc8XTBwEKghNwxRhqGVC6Sd1gUCZavqRkUfy38Ld+Z5coB2/Npx54kMjJbykHGX4zmE5cmTga++57zwJLR5ZJAAYHW9lDIzwK3Sr+P7Px+FhMTwMLB4ZIOwCWvPjbDo92YZo2sul/PIGPe3e8YE7/B/YavgxX9YDwwPGZmwOX62Z458Iwhq8eTCyVF1Sk6OT7vkpSUNDQ7K1tZXPP1hxzY3XtAlNZAM3qERFtDadnK5lqplkxIqsVoGadwKnaUWslCnNhvLcjBdwPagF516URQzuHdRjx2NmPB5XVbsqAMAwDfamPHd0dDQEwDfccEO0alRTZmhSKMO6rMnmaOuov29gHz/22GO253mkLBVnU/YoaFOP3XX/7A/EnN8HMbx5mKoPV7W8q0k9avMTHxr5ji4mM4u/xEgkP3bOys8Xo5MLSymXfT2azNqyJWJ6SyU9dAPpMISdiJFXd9h1fNJsXRoahREhA9syVao96TUbDbfLjOR7LbOU02ON1mgiuKrn1iZ/K0/gXTeYcGf8/vYeeudbrggBYDw/ziPDI+p70U0xQPSdxnYfxODcoHzRDRweHpYjIyMvXlX/UTQ3NDSkfQdZzquIin9CCGt4eFgemzuWyMhM9TxxYGhoSNq2Le+9915vYHhYz5bmu1gx6aYekiTH8GvNfD5sogN6Wkv3CuGzG2Le1uzVmgiWA0dLhVZY/cqdXzlLRBgeHv5a59bFxUXatWuXWgmJfC0mQljRTtEiFm3hiF5hiQQ7PJG1sksjIwO885b7osITVhAPagCg+fYAhUHh4S88fOZ7dC5o+NZhsTiwSK2bW3nk1lfeefc9sS8xNV1L+0I3/UI14TYbq8pNt9N3gm2eq9JO6MV8L+wOiTIB2AArW0kZgYQIQSBTAwQhCBiBCgH2ESoGdAOka9ABSCJoUoBZwdR1xHXNNTS9oUvhhH7gmJqcTmt6yXOcqpGMHk1mYjORQMysW9e5ELBW/c+X/cqE7/qvxKS078DtcnN+Mx85coT3/xsC50P7hjTba02LjL5Jt2zx+Q/+zSgzg745Vray6AkY2DRgXPxb179bOU7hU7/w13cB+I+wZmj38GDi/pGxCn6CGj2+6glrYHjAiE3GrKeeeqr6onWFYYihxSECAFe6baZu6gAgyJfCskul1lLl/G5K19+yZ6MhghyTPBFSGJMsa7pG633FpJQav++z9+UZjNv33U4HDhwQxirDJJdM13MVSqi9xIrD0NCQ9uLPN775xo5QhANO3Xn+kXsfWcK+fbTn1JMxr+TFs5FsvlqtUiPe2E6gF0ZHRuvf1aRk0L7b99EBHBAbOjfQHfcXFV7mGtx5+E7j06P3tAXSWO/XvC1u4G9YrtS3lQuVVbquZZtNV1MgU0nAByBMDSEJiIgOIxGB0AVSyRhcMKCYQxUiu7ZdmTGTAwXSIiYiQoMlBAeOA9YlAgE2XRY2E9erTfJrLorFIjUBYdomVNNDtdZEs1pD0HRgmRYkEfy6B4sF0qmYJwNRycXEdCoRn7Bs6/l1LanJtlT86NsHLz5CdF3t5bP6TnWnxMgIbv12Fth5Vftr971lY/912/8ikognH/qTz9z8zCcPLBPRK1u151+z9wu/8yduuTb/8Xf9n//9QyAswrcuG/u2uP4NV7TZcd374icfKQ0PQ4yMILxAWD/S8ashDYA1Ojpae/nvPcPLMHEgDRkzlKJmlBefGHniRR0VAVC7b9ndKaVsJ0GB5KD5xc/cf/INb7i+zTeok5VGQgnfDdxCTMYq7e3tziPFRyi3mBPn1e7hvn37xNjYgUygiWSgy4jvkZQcejIhJ0M3TAmlX+sG/MjDF185g/371dDwUHugRPZR0XLsGm++U5OaeOgzD537lhOVQcMjKxbey60nAvCbn9vXubxU2LBYKF3hBeFgpdTcvlyo5JRE3CVACYYQEs2GCzsXQ6hLJDpSiLcmw1guwQGFpEmNU5kYKY8pCANoIahaqsENA7CQCAsNEoFiv+GTW6wiaVsIQoIUBCtlwYhoMITG6UyCknGbPcOEIQUMzUAqFkcofYSJKEeIOF+tsee70BpNzE0vsl9uiMn5kqxO5YGlOhwOEUnGkI5EkY4Y6O5IzsatyAlTaE+32fYTGWhj77r5v0++dBweemifBgAHDkC9kvV1w5/cEG3tvehdFHBu4v7H/+Kxv32s+p3Iobu72267uI3G7h5rfl8snBUifEWS3DG8wzYjJo9+fNT5t5LWDW++stWlZvK6rW88vf9VINn4iSCspt2MPHXvU9/QvO3qPVfnIioIG7rGJpCWfqT0la98pXDedRMvbQezZ3hPi/DCLpZaH0k6e9nIPc/fPTgo02vSEV1wG3t6kjSVUkQsWChIQLBQHitfY7/CgWa55C6atlls1prCdm11Ln7OGR8Z917z1tetlxxe1qg0vvLIvQ8vDe69VIuUs+3sh7pn60t2U3W2yuTJbwiifguSeoafidzxd/+0tl6vbK974WC53LjUDf2BWt1JVqsNhEQgqUGP2Uh0pcJEZ5xT2TRKgU9BGIq2rixKjTrcxSpi0LF0cg6Fc/Nwyw55s0VuNB1yGh6HDZ9QcwFDMBQTKg4AYpiSIM9PKcdb0UyZxsowSmKwOh/xYQBE0DXWIyYiHWnkMknOrmql9vYWJONxRNfG0ZPOoSOX5XocVA99bpaW2DYllicqan66QNOlgmiWq6JRc2FbJlKGgdZsorq+s/14zIw+0Zq0P7e0sPTcB9/yP5dfOnaMO8Xtt3+T60hYyZr7P5LrdB/o35H0oOHhYTExMSHGxsZeFEzzBcL6Eb/Hwd2DibH7v+7rD+4eTJoRUz1212O13bfs7HBJykaYXB67++7GtzK/B/cO6tl8dkDXqJdJlgIODn9l5CuFl17PFXMpTVNZqelrVCgsIUUUIqxWG8GJ0GvOjn5+tPwNE2algZza/dbdmxBgE3w8UWwv5sfuGAtuvvlme8529AjcjAmzcP/A/dUh7BPAAbxUkvCLf/eb7YVS9TqXvZuLpcaVSzOLPY4KZSMIwJIATUe0Ja7aNrarWDaOeComlCEhak0yiz5K9SZOHZ2kuUMTcJfqcN0AWCoDQcAwdEIyAS2qczQbpZa2FMd6c2SmopxIRmBnbbKjJuqNJoxEjCOGTYYkGBrBaTQRGkAjAFRTQROAVfW4slwGGzqayw6WJueoWQ65ViqRU21wtVaDV6gRGi7DDQAVArEoMqta0NuXQyYbp02be7Fp0zpe39cJPRWBx8zzcyXOTy2Ezx87IybPzmswBCKWie6WHNa2phdzscRT7S25exK28eDVm959/KWxr4cO3C4PHIDa/3u/p2glsfBdx75ax7/u7n8vrt4tv7S7k2LmesNrnhz50IMz3695f/PNg/aSrfONAze658mZLhDWjwF27twZ13W9eT6jQjt37+zoSpeWgM1hsTjbhYgdaF6ldu+9T1UBYM8798SNqsHldNlPFn3dF3aHr6gmpWTNqzuUSG1EiLYwDKd94S/a0nZVqLRQha2mYbYKU/gc+h4Dqwki6gZ+PvTCOSVUlQJa2PnZ+5b2n584e/fu1e644w7/hrfe8NowgPRE85lHRh7JDw0NaVqPlgwCmQsC1Xh05P5zL97Pnz700Zap2bNXL+eLt05Oz72m2mi21uoOyjUHiZY4rFw8tLJRbuvIUiwZpcLZOeJQUXW+zKXpJVo4PY/KfAm8WGdIBkiQ0Z1Dsj+HbEcaHas70bd2Ndr7OzjablAsnkBoWIjDYACowaE4JEswFZp1GJoBgkC9UWLbEAgDBeVLCoMmsw6yo0m4jgddApGoxXU40BGhNGyECCCgcyQgOE6AZqWERr6C0sQMlhYrmJ/O48TxM1iaLWFhuUD+YpnBAWCY2LKtH1t3DaCnvxNXb92MlmwMUmiYmppTzxw+zs8eOStqTUckMnF0tbUgY9uNvq7cwY505rMD3cnPbmh/58TXuWufGMFmuhW3qh9at4bz8bC3/Odbrr382oEPz0/Of/iz/+uhf7ztttu874f7dvPNgxHYVosbKOe+z746+qb9RBDWtm3bouk06aOjh0oDAwNGe3t7+sHsg0tDi0OkTNURIQROuyiOfnzU3bdvHz02/lgvBZSAgQIcgCySpFHBrJlC2arLD/1FqcuAmCRxuI2kSBJpGSFASqFIIphymmFNQXlaqPnCFJewYt0P/BlWXCGNZr8y8pUivp4iV3veuSceeME2PxRL8RbjHADcfcfdXv/Ozb1dXZ1xTmthW1/nUOAFu6vlyo5Cs9lWqNbhQSESt4NYLoGW/laxanUHheUqNRbLOPfCNE89f47yx6cQND1GqMjoaEG0I4bM1h70bOjhzr42yvSuQnZjN1qljl50oYQKQt/jcqFMixOTPH+uQJWJeZSKDZgKIGqgUG0iXyyD6wFzEJDvh1BBgDD0AE2DDBmkCdYkkTAkREBgRWzGbcR7IvB9RVYoubWjlVb3rmUtY1NnVxsnYha6e1uRsnVEYSOJBLkoMaAwuZRHcWYZUyeW6NCho/zcocM4PnYG1WoVMBj9G/tw7ZUX0/U37OStm3sokTH48Kk5vv+xp9XpqVnOVxt6LB5FSzyBvtZM/eING55pS2c+m0ok7tm+6g0nv05ed8pXcBl/cJns/3xzT2dvy+7lufJU6eC5R+9e6Tr77YLv331IZHgglvJy2uc/P1r6fr3nBcL6wcexLEQbqdF7np4feu+QJfKi7aF7HpocHh6W5fJ8JwAkk+2zIyMj4WuHX5uBgwxFKND8QOgKZUfXhfKUFYnoHaEUSdVong1tbSHunXMaWJ2TBi63o7F+xcGyU60/o0g2BYuKF3opCLh1WS8nkUwHAdYBARSrE3W3vvTYXY/VcV7AObh3r55uznZUS6XUkwcemenp61Fv/sC7esv10ttrlcYbCs36quVyOeY0HbhhiEhrWqVXZVU0F5fJbJychoPmdB5Tj5zA2RPn4BaqgA9ocRsdl6xF6+ZOpDa1oXtdJzK9WY6m4pQyDEiXWC4zFScKPHfiLE4fncR0Po9SPg/Hc8A1h4y4zS1Zm3RmhFLCjEUR+j5rKkSl5kGSIOUpkB/AiEewNFPkoNgkO24wCyaWklkKmAmDgoARMSRMU2ev5pLjuAhCZhOSlClZ+QGsSAS5eJazmShau1oo25rBloF16Ols57bOGKJGnDwwVYICCueW+fT4DD73zw/g0MFjdO7kNBCAY90JbL9iA15/05W44forEYuZmJpbwOFj0+ETL5zAcqOpSUOit7sdfa0tTm9by4NbVnX/zZa+q79M1FEHgDv5TjmMI0y0X/0Q1iHd8r5bombVbPyQRZ8XCOtHMfDuSCf75INPLuzbB/HIM1f3XX3pa87ux37c8PwNLbryOpfc5sRTVzxVu+mFm1YFMqiGfkg2ab2exmeN5rLDkew6jfR0INDQAtUMtdAXAbHQjY0B+8uuE57QdX2j0tVESGGxECl4elHXEiLRQkSJHRt2HH18/PEUgH6hCSPgYIJCMu8bue/M3o/u1Y9/8rgcHR2lt//2e7YmWjNXMuGnz03NDc4v5W1FAj4DsZZ4IEwBKxERmbaUKJVKXF+q0NLkAuYOTqI5XWSkTeQG11HvJesRH8hydm2Ksi0ZRCMmYlKiXqyyKAWYOXQOi+PzNHtmjhdLy4ApSOkKrd1pJNJR6LEIDJe4NFUgKYh1LyCv7iM/VYRb9dBsBuzXHCgiIAgRBooUK2bFSOaSCFVI9VIdzARmgtAlhFBgBQgNLHUJ09Kh2zppmmRdEyQkIZa0kcnEGeyTGwbsFjzIiAaLdDQrLkfsGKVzWfSs6cS2zRuxemsrOttTxKqO+flZnDsxw1On6njkkROYODWFM+MTMJI2LrtyA95yy1W49sotSGbjaLohP33ktBo7dZZL9aZOusCa7g5s6uqcyLW1/qtVkR+/dse7x7/mLo5spltvvfVbiUS/t0XPIAbjW0opLhDWTxZhAcDley5PhPmwOTY25u9+/bXr/AjNjY6M1nfs2GGlO+JXkkLhns/f99zw8LAxMjLiDQ8PxXxht/m+ZGh+nEl5Uhe+dPWkH6JIZq2iifh2wXzqM5/84gQAXP+269ssYXXU6/WzpmEKd9Gt2LYtg3TQ4wfpuXhzQk3Ya4IOUevThewIBLknjp2cPDd2bO4Nv/q2zS1dHT83NTXzllK1tqpcrMB3XUDXAisdE6nWOMWzSYrEDJTmCpg5NoX5U7OozZUAIdB3/Wb0vnYLt27rQkf/KmqPd8CGh/LUAgqn81gcn8PE0ZNYOD3D5ZkCREyDEbWQzMbBkkgTEiLwmd0A9aJL9fkqPMdllhqchkde0wcCBUgJkgQ7arEiJikAQ2hoVpssDJ3ADKEU2nJx5JcqqNZcSF1CGBqICJqtQbmKSZNEAhC6xl7TJeV6YAaCSnMlgRg1YEcstm2N4lGDE+kIRZM6dFOH33DQrLtMviTdiLJtmVi3oZ3WbuzGpYOb0dGb44WFIlWXipibK+OJrz6Pr371BT55fJKEpvHll26kW95yFV+/+3IkU2kUilUcPnVWjR07gelCWa7q68bl69c4G7ra7zSa9LeXb3/n6Iur5U51p7yVbg2/z4v+5dUMP2wS+bEhrZ8YwhocHNSRRmTs/rHy7lt2dvqBrkbvGZ0f3Duo55ZTWwxpbCVSX4XjlBpxwy9ECl7XfDonYmYHOIx5QVhWaM5IJA3DCIlYrJE+ToyM3DMPQLz4wN9w654rIPQzs4mOQu7cOdFsNkO7wx4I3XA+paVKyME4cuCIl1qTGnQ9FW69YvtuKxNtP3L02G2uF8YX55fAGvnQJcXjMRnNxtC+uo3qtTpOP3EMC+NTaJQbsDIxtO7sR8vWHmQ3dGDdYB+yqQRidZ2rJ5dRPDiLE0eO8vTRU8gv5tmPG4jahtQkId6agFtsInRCVBcqqNd95YcqDEpNATcUke40tISOes2FFTHJNExOQSEVMUnXdU4lbDiewuJSmWbzFdSaPutSkCEFS0Mnx/GxqTPJBik8cWSedEmARtB1DZdct42PPzdBvFIPwyCCYesUTVkQUqJZaTIrBafiwK034TUDCE2QW3eZCIhETdiGhmjUoEzW4paOBCzTIrfZRLnowKspjkZS2Li5jzYO5HjrxT3U1pLEYr7Gi4tVeuap4/zIV4/ghUOnARnwtUOX0mtfdwVef9MO6ELi+Jk5/tR9T6vJ5SWtv78V29f2YnVb25ezEfOv/mzz++4eAUIiglL/Iolu/b6X5bzYZqharWo9PXl1xx1jPi7gJ4+wAGDHa3dkopEoPfC5B5ZveMM1q+FYi/fdd1/jtW+8ptswor0kKMXMC9T0zm3f/mB+/3ndy9DQkJboSGQJfqcQeo+Qwgl0fuyuv72r+hKyYgB4/a2v38IBV0WLyA92DDr7sR97Tu2JhRSG9/3jfXUA+IU/+oV0Mtn63qPHTr410LRtNc+LnB4/hUCFvh4zZU9/J8Vb4qQUo7RQQHG+hJmTs6y8EJF0lFqvXIf1N27Bqot60J1qhZiucO1kgc48c4wnjp5E3a+zMhXXC3UR1pl8pdDa14LSTMErTBXmmw3fD9wgwSE3RMSIGqZhhZ6vGaZu+G6gNMsQcVunq9a2YNflvVjbmqFWgzgqmAQRNCEgGNBtC1NFHwdnyrjryTM48PRxpLMxQEiEtQbeu2sT/vdnn0K8NQ0OQ5i6xJZNPRh77jRaujOo1lyAATNqrAwgK4AZkZgJp+GxW3XIcwPWNIKuSTSqDkJWJIjASsGpefDqTUQjJlqyEeS6EshmYggcH4XlGpPQYWg6NmxYRddcuw2X7dgMaRHOTiyguFTlp58+gU996kEsTi2hb8Mqestbh/CGN1+Ldb29ODKxwJ978NFwfOI09a3pkFv6V6Mtnnp6c3v7/xnc/I5PAQiAFVHqddftD79fxPXefUOWbPi6VnZD37Sjf/fhR5Z+kNbP3r2DetHMpUY+fG/+AmH9CMaytFjYI7zKgmnq7MlIdnm6MT84OIjF8skeV8mITmYbUeACmArr+qIQBclmrE1qol2QECG4OH188djY2Ji/b98+8bJ6QX7Te/as9dzA0B1/zjBaqwMDA1/LNn1g3wf6rFTiXZVa470hRP/szALm5vNwXDe0khFqW9NGJECWTlg4u8jHnjpOTtmB1pJAel07urZ0w+5KoXNTN2fjFi0fnUH5mRnOHz3Hc/N5uGkdkZQpIiGhseSgmq+E9aqzrNnWU37DWQwCviqSjT0YqnCQfcWSeSkM+VLD1lKaoCorNWdFIv0tccse7ExyX9bG3HID9ZpLcU1wLmZSb8riVMwiy9Sw3PB4YF0Xre2MI96S5c8cnKc/+fiDPL9co4W5An51eAcTFP7knx+hTGcOzWoD/V0Z+JpA3fNBUgJSwPcCBEpBCIFIzECz7rJt6xBSIPRDkCAEbkCe4zIREYcKbsODHTGhWxo8x4XnBIjGLCzNFBAxdeTa4ljV24JIxESt3OBmw0M6naRtF2/Glm3r0d/fBqV8npydo2MnZvDpf3mUX3h8nGBIvO6d1/DP3vZ6bL/kEho/McVffuTp8NnTJ6ilrUW+Zvtm9Le0PGNI/a+++sxTn9r/gTsaAHDnnXfKW2+99XsJlgsA6r3vHbLMdt386P+8r3LrrbuiAwOjjf37v63gk4aHh0UaEzGk0fi3WmTDvzgU00199Sc/dP8LFwjrRxA333xzxKf6amhBwWbDi8WEc/RowRt7Zix4/TuvTmn1SAyGTEGIlGGEImAywFxiYU187h8+V3hx4uzbN6QBu9TLCWt4+LUZV8o1XNemvvCFL+QBqLf91/e3WYb+fqFrv1KuNVrn55YwPTUXtHd3kjR1YcctirREoXwXc8encfKFM+wUq4h1tlD3YD9yGzsQa41DY4Xq1BIq08tYOD7DpcUCmxmLAhJkRUy4izX4rmoEflhSIcYjcfvTMmqcDPywWzXdzsD1+5koK0AtXsONUxBOkxAJZrZIUE0Q9WRa4g12g6zfcNsqZYdjSVskYxZC3+eIoVHO0rA2bdG6zhRWtSTg+iF6sxa6UybirVmuaTH6v597Fp9/5ChvaEvgr37nFrzpN/8JL5zJUyRuIwxC9PS2cCxuU6HcYCUIgReSHyhEEzYX8yXSNMmGrcNreiAhwGFIuq2zpklIQRT4IaQQCIMQhq3Drbvwmh6YGDHbgAoVGrUmKsUaQwGpdJzW9ufQ0prgaq1BxCayyQze8MbX8pbtXcj1JalSZzz12Dj+8W8/jwP3H2S4Li65dit+6dfeiRuuvQKVWgl3jNyjDh0/pdZ2d+g7Lt2E/vau8bjM/sU//80f/cOHPvREk5kFAH6Fwulvi337IA5gSLSOwxoYaPX27x/xzstdQgDEKy0l+Nu5kQl5tKV7w+GveQUXXMJXEfbs2WOy2eyQUrCQkm1I25VhXCqpTFMI32dPhJhDOu4BRYzccf/XWxGvqNO/5ZFgw8PD9ln/bKQ92661ptNtBSf4Kda199abzd75hWUUlssBwELalhh+9xvRDB08f3Ac8yfO4eyxswg8hYErt6F9fTvLbIQSXVloKkD9zDxOPXkc8ydnYaQjKpo0BClCebGKctkpccgFcv1xI2o/bSSsMhFMTcqJUGgRz2n2mZr2JYba6jXDGzVDe9it1bsFqFXX5ESgwjyH2AHwFlK8pGlaWmiyXzAbUqkogQClSArimGVQNmohZ0tKmTpWpU3uTdnU15lAzJBwmx5au1sxOuPiga++gLdc2gOjsx1v/Y2/h5GMwXd9Ng0JXZfoac3QiZklJk3AtE3EEhaIAGlKqFCRV3dZaJKEFFChgtNwoRsSRAKBH3Lo+ZTI2rA1jUuFGoJAUegHiEQM6LpE4AaslEJhuU5OxYEwJHd1pmnV6iwbtkaFosstyTYMXjqAPW++Bhu2r4UGiWfHJuiTH/8Cf3rkS2gulNB/eT/97M+/Ebv37ORTxybpscfGwzP5eV6/fpW2edNatKQSh9Na4neu2fq2L7zETQy+M1HtE3O428JcBzo+OujgdohnD981EI1Gwk994tEjLwuGEzNw++37aPP4OA0PA2P3T4gRK92xxiku7f3oWBPny7UOHFmkXZtbGQBGRoAjAyP8baw02rcP9C2I7kcuGP8TfZDqLbfcEudILRIXtuf7oQZTJU1EK6WIX7v7jrsbL06qAwcOiPOtaWh4eJheQSdDAHhw76C+RltjRuPR1eVK44PVWuNWNrSkYoLje95yoSpdLxBd/Z3U2tUCKQinDh7nicMTICEonopj7VWb0bY6B9KBwPVQPJfH6YfHudZoUnZVmkNmNBcqVFyoNn3CGaW4Kg39lBGxx3WDAklYcl3VlBLrhSF9qZlfgac6Q89jYhUjw1hi4nroepewF+TYDwMFtBm6nEeoamHoa5phxhHwVoBXVwv1i4OGq6DrSEQMas0lSAqBXERDR9wkg5hzUQ3tSZu29GVhGxoHjkv9q3N4vgR++OEjeOvrttE/PTKB//OJA2xlkiAGhGQMru1AaGj0+POTTCFDaAKGoUEzBEXjFkLFXKs4JKSAlMTKV1BKQQhCsiUGz/HJaTho7Uiw23AhdJ3qlSYapSYTEZmmZDuiIxI1qFJ22Wl4qFeaFAQhcq1J9G/qYCsbpXrD59pyA92dnXjbu38Kb3njblIQ/PzZU/h/H/knunfkAS6eXcDgay7Ce37+Tdi+dQ3OLJTp8InT6uTcbJBKR43t/WvQEjE+0V7WfuO6W35ziZnF7bffjleoV+SvE8WwPrlYuOippblDl0XqotTIDXu+n+zsyY50p6/Jd87dLfe+PcbYtUsJ2q9eiTne8N/ffMMXZsIn+gy38+z/+/Lxb6ueuBMSR4YI2KVo/37+dlnJ4eFhWa0e1O79Ph/+e4GwvsWA79u3T9x9991ybOw7+vTfahdZEcW8xBwfHh6WiUQ5KWVf9Y477vCZmW6//XYaHx8ndMMYSAz4h84d2qOgPjy7WOituD5FYnYQT8Ql6RKsGOsuWo9KtUovPHqITx4+A9PWqX1NF68Z3EC5vg7YKQtLZ2ZRr9X42EPPUjVfYTNqsjQ01OYrVC83FHTteTMZm7ei5rNhiFkOQ2LJNYLwBXGVpWEIVoY0ZRzEghSWWXENYcjS0PPsq2Toh3GdeNl1vV4iuVEIOQ3PF6Szh4BbPS+8qllzV6Vsc8MVW1bpuy9qp/a4Ts1mALfpcciSqlWXhQpIIUDI4HqhTr2daViWjlYTWNWRwjnXwMmJebzuuq244dc/wfN1D4ah06VrW1Eq13DRpg7c/9wMlgp1BK7PDCYOmYUmYFgaMcChHxIzWDckhJTErCAFcSRiEEHBafhQAJQfsh41CSCoIEQYBFAhswpCsmwdxIDreghDhucGjJBhRQ3q6Mtx35oWkrrgxdkSEukWvGvvG+nGW27gBHI4OnMCf/OJv8O/3PEFNGaqtGXHJn7/b/001q7pI1Iaj504rY6fPot1q1vlpWv6TqfI/INrB3/u787PQ23//m+wtsSLm95bf/bq9dWq07Jz6wbniWfH/8pteHd88M1Xfb6lVqzv/I1vaKhIGBqK/tediWgvN9ZEpOjOxq22aOhJPXB0XcqklFpG54AazJXQCWowZcU0rLmTs5Xysqcmfvmz/izmvlFBz3cOy9uPjPCPkxv5qiUs7IMYwpD4Dr3L6WW7zEsJjzaPj9ORgUXqnNtApeS89Zr+dmditkjDWFQ4b3KLt46E5+tltWtff+1qI2JcVm8Ev1Bx3EE/VGbIiuqeg7a+TnTlWuDUGhh7+CAavo/+yzdh7Y6NsJMRSlgRlKZmcHrsOKaOTkMJINWaRGm+oBoVR/hNF2Yycpg17QEzapYQsC7Ak9LSx4SnfJf9Vl2Ty46noiQQj9r2EhtaNORwSCicDj2eYcF1g3hBsUroyihK0w/9Ojo91+10Xb9VhMqMxIx6pei8ztZo4JpNHV07Llmb3N5mEgoFqtSaVPcYQcBI2Dp8BmaLDnSN0N0W4/mSS3OLNfStyqJZLHNbwqStm1fhsZMlbOnN8peem8Ltn3wMqXQU27rTtLW/i09OzlBLZxv+9cARDpseKaVYSkEAWEgJAihkhqZLBhhCECVSEU5nY0Rgjsd0cpseT00WqNnwoRkSmmUg8AKwF8A73/BPKbDUBL3YTEIpBbfps9Qk+Y7PUteopS2BLYNrWE8ZND1XhBGL8q3vfRPe8fphJBHBfWcP4NNfuI/++U9HGIt1XPvWIfzSL70L6zasoeNTs/ylrzwQmDGh33LZILJS/uv/+9T9v/qJPxyZeUkmEX/xwT3Gr3z4Xvdnf/G6zUdOza8b7O++pNpwf6tUbe7//Kef/l9ved91vZ/524emr3njNZ0/N9hy1eqId3GbTpdJDvoiFCZ0QjpmGNJEALgOEHqA7wNCrOyumn6+G4YCFMELQnh+0KyymPcZB2shPf5CGaNv+z/PPIfznSn4zmFJt/54tFT+iXYJ8fVAFI0MD4vcwCLtwi4l9r+y+f2KuPzyxPVr2uxrtq/p8Hz/5sVirSOw9DewoFXLy0U1vbhMQtPgNj0sT+URugE2XHsx2vq6KNmWAChAUPNx7oVTOPr0UVhRC2DFtVJdueU6K0ADuMCgx/S4/Zxh28dU6PrStDoUBYo8fIVFci5mNKUKnIjc0LlcP7awmQWlhKanIhm7T5jaieZyfZ4balJZehyeE4MftiEMQLZ9CuX6ajDnJXOHFLTKULRraH325lu2d8RVvUkEBd9T5IaAZmgwdA1hGEIwo1h1cTZfg2RGLh3FzFIVlmHAMiQc18OmVRl0tqdQrDno7+/G237/C5go1HlLb452D67BE89P4IqBDv6jkWfJNnX2vICUYkhdspQEwzKQSFlULtYR+CFMU4NpalBKwYoYyM9XseGiVSjMFVCruOzUXXKdYKV+mRlhqEBCgISANDVouoRh6TBNDRwq1OsefMdjVkxQQNBwkOhOoXtLF7ItGRSKRc60Zum2t9/KN91wFbWgFx9//p/w5U88yF+8cxTKUHj/+2+lvXvfxUfLkzh7YkItzs+qK9b168JtzCzNFH/mF97z5/fdeeed8q1vfWvIzPiv/2P45+DjXWmJ5PS5efGJu8beXco3Dl3zxmtW/fqVnddsiPpvsqR3Q1c8mjKcBtB0AN8Hew5Cx2H4gWq6AaoNH+Wqw+WmQtVnBIrBQkDTNTbBpOtEOinYupSpqI5EwkQsEUFDaoqlOLLo8F1/eLD0sb/9zNHJ76pV9AXC+v5jeHhYzrgzkcfueszZs2ePuPdL93qvUH1Pe/cOansHBzGYLqpv2l0uGkoNb9MTV2b1VlvX1iVtrSWTiGcadSeXiGoxJ1B+01f1WDy2WPKFvywtayrUSejmjfnl0s5S04FuatyatjA7X8KRo2eINcmxTBotna1k2hoAQjwVw+lDx4Eg4GK+RI7LaFTKqlGqswqVFKRgxMwnhdQ/DxY1xaGlmfo4K0xBpx1hEJJE+JhtOicdIymjBV1rAj6l6rbyZathW3aj1GiThkgE1caElkzkhVSrEHIeYRClkM3QkwGFTtZj+XxU+YPT89Wha1dnbvutG/szzZqjDhydE4t1H42AVNkNwEohbkiyDR0tUZ0GVmWgCcapmRKIJOIRDSoIkYpHUXc9VEsN3LizHwkD6Ozv5o/dd4r+7ksHsa4zhesvX48z00u8cVWCfvcfnoJGYAXA9wLYcRu6qcFveIhFJDp6sjRxYoGdpkcEsBkxKN0SQ7nQgNPwoAvmlvYUzc+W2fMVBBE4DIiVAgkCEwG00iPPjpusGxr1rG9HfqGKarkBZnDo+aQbGtcLVQo8hVUbO3lg+3rEWzJ0bnGZcxGDfv0De/nai3ZSHk3c+9xD/Pu/+oc0MXqcezavxgf2/Tz2Dr8N943dR1944P7gsv4+rTeVCGqFyu99+atPPWLY0XSXpBtX51p+tlos0+zi/MPr1/b/0bUbOtpKpeVrUs3qazuFvypmMFS5ArdSDcNGk5UfUKXq0lzBwemSRxPlgBZqISpuiEYABMxgACGvWI6GJkBMIGLEJXGEwtAQpMmIgUxUx/oIsGVVFOu7YwgNY+FQYP63S/c/8de8D4J+xN3DH1fCIgD8Mh0UAGDnLTvjka7E9uSazh3efP7OL/zpF86+eJf79u2j2zeP09j9E+Jt53Li1L33ugBwzd43d/xUwt+5KUI7dMJg2pRr4XlJSxPReMTQTNOA0HRIpaBAgGGCTAsMwHWbWKj6qBMtLyw3555drHWP11RiothkK5MQ2y/aiJOHT+CiKy+BZgo8dN8TlIxGUfddOH6IztYUqpUKjj8/wc2aw0LXhCCw8sK7Zcx4OB41Z1w/9IKQL2biphEzxtgNDnsQLfB9hJaej4el5QaimjA0tjzSHYN9ywvijm3uSl/S945ke7xHlRtfnLz/8N12OjnHVTcSgjThePXQCzQQLWUjuj01Xdq+MSF+511X9F7xwuRy+OTEcjBXDTQiZk8BpEl4ni+8pg/f8ylq6rAtHVdvyNFFfWmUqi6qdQ+5pA2n7qC/KwXXB88X6/T21w5wJG5jYsGhn//zL2Hr2hwu39oLCkKAQvzeyEEWrEC6JDtmIfRDDv0Aui7BnkflYhMtHRkOXQ+eAgkJOHWHCQTN1EEckmlqXKu48LyQSAgWkij0AiZBxEEI0sRKPxcpkGxLIt6aQG25dl60ylChgpCCk20JcqoOL04sEpo+7LYENl22GT0bVyGxKYPXr9mBto396G5tAUKPP/JXn8Bf/NFfUThb4evfswd/+j9+B0fyh/Hlex9SGzs66JpLN4r7vzx2IsnN9qF1fYkTp6fUwwfPlG66+qKnru2JXxlpLiX10EHYcMCuE1ClhMrcspzN1zGx7NKpZQ8T1YDnHIbHBAKTLghCMAiAIAIRQGBIAdYEyNQE4qZUKQ1CE0BdN6fmyTy+WPfdmYXaQsakjiTx1us6je53XNuFCY584JL/8fgdPAxJP8JtlH8cCUsM7h2UADD2zSI5uvnmQdvv6VxtZ2MtRTH76IsxrDuHh+WtL8nu/cGv37xxa8J8XbtUN9pufdBUfgtxCJ8F6o6PoqPQ8BSEEKFuWyASzIGCrhNFoxG2ohGybAMgBYCkJoGKGyJm6nD9kCvCxjTp0FNZcDSFpw6+ANHageWA6MzEWbSm4jhy+iySUQtP3vc0ZzrSqrZUJ5A4bsWsj7R3to7C8FDJ12IiEVujtdqXcsS8ovDEmQ+FoXG/nqQciGMGzLzwtaXpVU94wDD6q5PRpq2vlvnKuWZS7r70P938fzZff3H78Xuffu7eD/7tbWuv2NB083XLD9EwauV8NWaFABB3uKNUqN16y6bsLz/6wmxz3gmmUlEjFQTUJiUiIIr4AQsOA9gGUdMNuVbz4Lg+VKDQlo3iiv4skrpENhmhhcUysjEDV27qwOjhOQwOdODKbV1IJZN4/5/dh6RBfNm6VlrXlcQTp5bwv790hAkgTdcQjZnQTAkCYOoSkZiB7t4WBJ7AwkyBjx87B6+xUttopyPU0pWE2/BgWTq8IEQYhBAk0Ky5sKMm8jMlsCCwH7ARt0m3TRgJC4EXsqlLMuImnIYHSELohJCWzvF0BG6lQfViA17Dg7tc4UhLHLvftgfNGOPYmVO4es+VuGn9pbjpitfi1PwEfveP/pQe+NiXuGd1F/3BX/0We2aAz3/+UU6zr37uxuu1eHkGE+cWwoXZBeze1CV6LaLQ8xAETmAoF6KwLKZOTonnJys4kg9wohKiGTIcBiAEaKXDIEJmEMCSmc4382YCYAoiWwdsTXLSFippSbkUUKEstI+cs+P35p3wXFfGwt1fPDr1W793S/bz9x4fOHoiv+vWTu3mN29KtXwmLy7716+MF/hHuLbwx9bC2nbDtkjH6o7EVHFqeXxk3Pt2LuKdIyOKAH7/+9/QdnOr96ac470N9drlrGmRpbKD2WIdhYYbNHzFNaWRqyAaIeAxka5JmFKABRELg0kIsjTJcdug1oTBq3MxaklGIKVg29TBKoSQgCl12KZOUhMo+Awv8PnZho753GpanJnl+WodLxw8glwuCVMITEzNq+JyWRhS+7uLL9/4B+emlkxNE5bTaGqyLblB2VpfZvuq24qn5+Ya5yq/Hy5X51jnen6BpzD+9ftPDl2Uyq7O7NQ1o7XpNPz2bT25zi1rrjv0+ceecM8sjwrdmnRrlXK8ZkuRKzMKgGEbql6qt5ia2bW0VH0PM66JSC6Um16rZMQ4ZIPBMSGFbmgCAgrRuA0iosXFCjQpOQhDsjWBrV0J6m+LYW1rAo++MM3XXbaGNAXMVZrYvi6Ly7etxse+fBSPHTyL123v49WtFh47XaS/vO8YCylgR3WSmmQCoFsakgkbQdOljrY4PF9xqVKn1T0tbFoamo2Az50riLm5ElcrTfZqjoAhOdOaoEg6yrqtgyFoaaqAZtUBIDjRnqDubT1cK9cAQ0NlsojibJHSPRkkWhNYPrsEr+qyEoIyXSlYaRuNhg/WJcKay6HThJGKIt6eRH2+gqpTxrpr1tOv/sz7uW3jahx48CG641f+ilO5LIbf91pkbRu5MMRmLVBms0xGrUnd6QgsAQSBqzTlk17IizNnFnDX2DwOzTVQY4ICMcmV/g2+UggUwCtieBbEkEREYEgiCAIMAmKm5LQtKKKJMBsR8qgjp590tJ+96Q1XPpQYf1yuQiJ8uOrR/LlTPDIOTwDQJMG7fmv0mqXCYDIRGb979MQSLhDW9x9Dw0MxPW1fTI3wxH3/eN/iN2tc9hEA/N7+/Yr33Wk8xJ/4pUxp8b/UHa/19LKD4wt1Nd0I/bIPIaWUhiQhiGBoEgSCx4AiCUgNIUkWgmillESDkAagG7ANnSPExKzQko6hRfPR3xpDImqwFESaaUJHCHZdhIGPiCnxQhXI926Bo4i/8sQYJuYWaOfOQX7kS48GbW2t+tgjzxxfd93lb2hU54vCN64gS6+Upov19tdv+dPu12y81u7MyMWHzzzx5O//y5+0XdwzxsuNcmhwt9TN7kBSSUD0xFJ2jU1ZaCy7k7WJeVEtFts6NvTaQiLKCucC16sZDvvxhKg1yg2JDNxkT1LNPbK0WUN4FQHXkOdv45BXCUkxIoIgYjfkiuuGwvNDQ+pCi9qGLJcb8PwQsaiFRtNF2iD0tcZ5e2+aEraOydkiXnfFGhybqWDb6jQMAFoshj/65DPYsT6HKza1Y7rs4r/e+SzYD6EZAjAMDv2QZBBwEIQQuiBdl9ySS8L1fDQKVU4nLaTTEWRb4tTeFmefFZWKdZybKuDE+AK8pg9oEggVpVdlEM1E2IcgOxNDo+pCM3SsvrwXs2eXUJwqwi/UYEcttG5qx/TRGVRO5llPRsiO25zobyWjP4PLLtmGysQ0nrjvWZDPMBIGqM5wRMiX/fRl6GjJkZEw0BNJYuHoDDeOn6abrtvOQ6tSUMUSRZ0mtGYJkAR2XIhKAcWJKTxyrIzPnqxiOSRYhgRhpQ0PAA6YSTGvnC8GQDBDrhAWpFj5bmlA3JBIWhIJQ6msJURBi5369JL2M9eu0yfmlkvlf7xvofn1TXxAA8bDkREorATb1Y9Lfxn540pY0c1RzJycmveiXjM/nv8mn3vXrl20f/9+tfVXfn7DJ4KH/jW9OL33wNli9EvHCzhUCrEcEAXQNFOX0pDEAmBDCtIkQQoBxQSp6RCaZKlJ0nUdgQJCCCSzWUSjJqAU1ep11D0fxWaAc4UaTs+W0Gj6ZBFQrzbgN5rQoUDMYKWQ00JojRIuWt1OVwztxNR8Hvd/+XHu7esg4TPtft0u3Hf3faV1Wza7hYUF17DMNtWo1WUiasRyicunvnz43sLzkwfgBVNB3c+F4IwuzEARFUWo5j3fPXz2s0+OLz07MV0+dkWza7fL3evW1t1m0FSeKlk+iu/d9cbFz/3TSG1hYsHvWt0VKeTdHbXJ+i2aRF8QKkcp8bhlal9OROSBnmz00VTcbGoEoz1htjJgBYqhEanliiOiUROWoaFZd8m0dC7XXMQtHfVmQLYpUat7aElYWCjUYOsCoQI6WmKYrwRIRA2s60hgpuzxfS9MIVRMqWSUr7tkNa7f0oH+bAzZuMlCahy3DARuSLVGwOV6wMuFGs/OVdXpyWIwfmIBZ08vETNz39ocb9/ZS/0DHRSNWfB8xYXpIirzVei6ICNioHN9G/t+QLWqB93SoZkSioHSdAFO1UPLVWuw+jUDZCSiqAMkBUEqwvT0HGaeOwcRMVGYKyKeTYFsDVIIYgVc3L+ekpqFbl3HJZ2d9LarL0ZrUEaKNNhOg5CfY6iAUK+BF+fx3JMncOezRXxx2oUrBQwpOGBFzF/beSlk5vMeIJgZmgBbGpGpEQxJSFoCmYiGrC2RimiqJyFpSbOX/qZgDR986tQT//iJj662pVMYO1HzXtzQx8fz4fj4N1Rr0D5AjF7IEv6QtVcvEY3+3v79auC2d17234xT92TPTbb89RwfPGcl84EfNJ0QS7omlMXKNMLwik6DNiQlQ4E4BFbClyRBUoOh68wkKSSCHzCsZAKpdAZBEKCYX0LT9xH4AUgICGJ4rg9DaliVsrAma2NLZwS2ISF0DYYdAZ/vNODF4whXrYfTtgqf/vxXMVda5hcOnVTX33iN8OuN0lMHD5UcxgHXVS8EUJutdDQRqLBZnS8/DBUcj8Tiy/DDovL10vQTTzRfNgACK0pmYGhIbvB9O0wsegBw6t5T7uDgoF5Li4sQuDvB6GrWGhIhqhDqYXLCceiW1Wx6CQ8ePJcFh6GRNKilNaYNBCG9oen6O5NRQwtCYGaxwkxEmiYQuAFYEFOoqCtpIBMzsL4tjpipoSUZxcRcgfdcvppsTeLBF+YBw8KbrujBn3/+EO56coKvuXg1fuPNF5Pv+yuhQUHsByG6slFSQqmphRoCzxNH8lW+88BpXqy4nh2PVALPizcbrh8ErMPxpBHTVW9/i8ymIyIe12U8YYenThXo8MFpUg0fsbY4pTpTbCVthIZBjUoTTs2FmbDheyFqixVkBjr4ordeS4svTGDi3kNoVn3E0xFuFqu45ZffRAsnpkG65HypQr29q5A/u8iXDl1Kl3W1IRf62Gj4nBI+SQRswydemmdvaYm0Zg3VpWXc8+wiHp1zsOCCNWIKWa20eCeAGSsnDgErUgUA5zv0sC6IbAlENELUEEjZEnFLg21pHNNIGZaU/7Co/cKgWPXXZ3FWS9g6z8cNHvnGsMkrrZ0fi55Yr0rC4n37BB04EPlgB0a3ls90f/R043cbW7c+3uU0vHQk7iKdLruBq0zNFMWZc63OcnVPC7s/34ZwAIJCBqSQGqSmw9AkoBih0MAk0L1+PaTUcOz4aXieBz8I4AUBlFLf9L+JmTrWZy3sWJNGW8pGkyVkKscKRG6jBmpvh7aqB0crBE8wz0wt4l//5Qt41/veqpYXFumxY6drpaXqEadZY2Frn9E1rRwG4XErmT5cXFqm6StvLGElS/riydPq5eJZ3A7uf12/4XEyYzGSBmGtH6hLfMdLM/gMgWZ1FkfCarNepWoxG2T9ol3UkkgmfcfXdEsPEjKQoWaanuexT4EWC4INS5XgtlTE2GNKaZ9bKqPh+IhFLNQaLgWB4ta4DkOCLl3byrZG1JGOYKHqYl1HnNfmYjT6wix8zcQNWzv5V//2CdrUm+b/9u6rsDCbp4ilIaJJfmqyrB47uYTT8xW/VHMDyUpLRSVfOZAzOjJxeu5sMfzqiaXQZ1WzDRk2Gv5SqDhGUG1BgHqz5jwHhL2rVqW6+9bmRDQdMWbPFdWRZ6YobLrI9XdQrDsFxwuwfLaI7Pp25AY6ce7x0yifzSO+thUDw5fx4pMTNPXkWcRzMXYXK3jjbTdxd3s7+ZZAayaJsNTERRtWQ9aXyayH2JQxkfSKLIWAWjhLXCnBXViEGbo4fW4Zn3y+zCcqIQVQUOedMWYGCYJggMErPhoDPitIEHQJ1gUobkikTUJMlxw3BUUNgtQkpBRhV0KXh2v4p98+2LL3P19d1J9YXFX/FkfZ/9gSlsSrD7R/dJR371i3dm1QXv//zuID40cmv5wfv23pPR+bKYxsHqzBORJWvaYR5Cu8/NxT5cHrBw5Ni9izyxV3ICXVqrihhVIKIsWkEUMnQApC01fo6l+Hjds2wSsXUS5W4IcBfD8AkYAQhDBUCMMQrBhN18VcNcDp+Sp7Ia+UjHgupVpSqFabYGmiyhKmJUBkoLUji7aONrwwfoJzbTnY0agJ9g2v3jxn2aYyWR8NPHU6l/SrDT9sSyxMh+Xjk85LTPsXe3OtbESj4M57LstqbK7TRLibgGtUyPnAUY806s0vT6vYo0Xr0PEtclOxUW6Ek5svb+ZHR8Ps+qyMNWJgi8Otq9saBVM0xh445CxWeK0mxW/VQ/2KWDJWrVWdXtOQdjJho14PyA8Y1XqTXNfH6s4Mqs2A6k0PuiRKR3V4PsMPmHQpsFx20Jq0UKw0KR61sffGDfTks2eRsHR4vqL9nz7Enzs4x0fmyrV6wKeaSi00SCyWAz7z6LHizLMnl7Wuttj0hv7cqfFTSwdty5g3TLGoa1peMw2RSkW0XFu0Kk39cKHoPjJxYulkebmmdfcmW7fv6ONYS5LOHl/g5cklCMXUu7Ubtbki5l84xy19LSSlhAgZhYk8rIgNKSVZiQh0EL/znW+ijkwLHnj8aWqPJ3HpmtXUwj5FXRfdmRTSqgThNsifnaJgaRbuQh5wHDw1UeKPjhVoxgGRBEK18qjU+QO4COcjSufPVCViSBAMCbakQNwQlDQE0pbkdFSnmLUSb4UQKhM1qEpa6e6idtvp8cNzHQPF4J57JsNX3eL+j7KCftDYu3cwcsd8l9x3ySVNYL96ab3U8PCwxDAw87+fj/S+4ar3haXawfJjz59c0GKru/3q/s222O17fsjMUoBgSAlN19EUJnQ7ho6WJDLtOZw+PY18sYxi3YHjrBzKG6gQQRCeD5yqlXgYCGCCaWhY3ZHGwLpu2JZktPdQLJfAdDnggcGtdGh8ipVqkhex+dSJCaxfuxqz5841Rz53n1rbv3p+7KtPvfvX/+T/PvvlkT+XzQYyrtKix770yMkXx3hgYMCoJBLSUkpv2s2ERXIwDLkdpOYY6qRXL0zOjc01VsYAcnFxiACgVqtRXdQTbZG28ujoaDA8DDkxMSiee+6gH4YqsfmiDduHtqTfs64zvqcvHenIJizEbB2eH4IMnevNkITQuVgPcOjELL707DnSIFBxFXuVEnWlLFy6vg35Yh1ewNjWl8aZmTJSMQPQdazvTqNarCKZsNnQBP1/n35BTTdVEI9oFV3TDkpNPB8q+IahlVSoTCISfhB0V2p+zI7IOw0hchD6OU2EzQAg1/XWENHmqC2vajrhQU3TxsyIVi3ka9tLy9WbEjG9d9tgr2EmLTk5viDOnV6CZmjoH1oH1wGdOzSJRHcGlfkyR9OJMNGWkiJiojFfxGu2bseeN+/isSNHyQ18XLN5E0kVICYU+jIpdBhNGAtn4C/Mw19eBNXLcMt13DO+jHtOluGTAIMRKoY8H5lSIRMBLOjFstWVZSkJ0ARgCLApiOIGIRfV0ZW2ELUkGm6AhhsiYmlBZyai3b2EP/7wvSf/87590PbvR4BXozWCVy2Y9u3bJbF/VO3HN6l3XyRS8Y7/edtmP6T5kd/9uzwB6L/p2k27vMI9LaHbG5AAASQYSKeSUJq1UptVr0MIoKN/HfLFMhaWyyhXa+y4HrEQ7PkBhcFKE0pJAnx+93RDxY1AUffaNehoiSIIgc2XbUXLmrUoOSGv39hL48dOw2ePa65PlhHhZMKkhx8/2NBc4cwszP3rszO1X8/KZm8mk5xzSzVTLdSWx2IxHsjnRbM9npahv9pxvQ7l+21aRHueRO3ZydFJB/sg+p/co5+KxwOMjKhvsMSGIHvRq02OTvoAwsHBQf25Z5/1QzavfvcbN/1/P70xeW17XDfnSk2Qr1gELgJNV8K0RKXqkCKNm45H2YTFmzd0USqX5KXlGiaKHv585FkqLRVw0fo2dKRsHJ8q4qrN7Th1roBswoY0dGhgNgVoY28L//2jZ/lL4wtBaya2qBSe0A39Uc/zbV2Tddsyz/qhXwhD0iyBRMMPLtNtfUYITHDAMwKi1FBMhhQdHtgLHHdVRJflZqguY6XMUFFvGHhDTtM/1Vys7jRTZnTwqj6hx005e6ZIS1MlQsxiaZlUm6sg8MMg2Z3mdRdt0IRlIu4R3rhnCJm2JKqVBnLRKMVsm51alXoyabQtHEI0boGLZajpMwjcBpozc/jnpxfwyFQVJAmeYqjzxae0EkhnViu98QWIBZiICAIMAYKtEzQCYrpAX9ZEe8rmREQHMZMXhOz7IUd1olmlnfvjKbrm1DOnp89Pt1dlX6wfqku4Y8cOO5FIiHw+/0MwVfdjdHRSfYfMB79w/3OL4w8+19i3b59gQB68/6uLiTXdPVmDdkrPVyEJoWsGW7EkSalBSg2JdBIMQqPewNpN6+G4AbwVITV0IUmFCn7gr6SiiUC80hZFl0RRXYB9F8K0sFyq4sixCchYFD5JWi5WkW1NISRJ7PuoN5ukSQ3xTFo9+9zhxpaLBq4mVXl2fiZ/qfIcPbm267QDZFpkbZ2b1Azh8xqPlEXgY9NPjt9fPpefKk+WAwCi291hata0UbjrEfdlVi9hEmpTxyY9sTZhrO0w5U2XrJOPLDWGf+99l/7dTw1kt56aLGoPHpnzn52uNh4/U3YOnqsUnj1bMQ5OV7R6SNBNE4qZilUPz5xcphPHZtAak9QqA7rysn72EzlMnM2jM6FT3Q3QnomCAQRegKghoXyP4obEZKGBO5+eCUxNDxXo2Vgiepdl6Yd1Q57VDW3WiKgJsvRFWzeDwFeBZsqzmm4WJWhB2KIYQGTMGCtF5pIG4Uej0gk08mzTPi411HRTO5VIRg9E4tY5GTWjLhCcPV1wluZrworoNTsebzRrnl2eKRKEhjBwKze+4Xp5ce9avXRmHr/4n96DeDJCxeUGnZ6cQ293O9b0rcLyYoHEzHF4rgNLhaDFaSjfQWFyHp95dhFPzDWh6wQnVFC8wiQvZgJXAu0EAUAIIklgnUCmJNgGwdaIW2MG9WUtZKMaIpYGQaBQMZgVKcXsshJfLYS/8uDjkw+PD0OOj796m/j9UAkrsTZhjUdzPiYnf3QGlEHD48PyIx/5iJqcvJwu2m3+dqwldZtvWfGGGwoTgCkEdMOgaDwO3w+gcQhD11CtVFGYX0THqi5I2wYRIfQ9KDB8LzgfCmfomoBiRhCECAIFCIFUPMZtq7qo7IeoVOvItaZRLtfheT4nEgkKeKU2zLItdLZmtVCSoVmGvmXz5pRkNdvwvKtq+eXTPtRqz3OWbBFvAH7m9IPPPlQ+t1g8bz197XCMyvunw8LfFJxvMQoikUhQT4unLCsV/5uHTl73sb2X/tkWmzv+cOSF4AtHl8YPl4LHTiy75xbqitrbs+LKK9alXrOlVdvYHidLJ7S3xKgrE0Hfmg6YrVk6NlXiuuNTWlfU15VD2+o1cMrLVK65nLB1sArJcQMIIjiOB8sycN/RJZ6phbOWaTRMyxg3Te15W8qzDDErGuJ0YMKVoWRLtwIpZVWatRmwseBn4sWLWzYUnWK9IBLCCSPNBkXDuhVYzcCLFFNKKyT0+DlGUAwsbd7UzNnAV0rqGsyIuaxA6WYjOBAyjgupbWjWmhIcYuP6dcF733GrqccjeN3Nu6inrRWzc8s0OTWP1147SGu72umBx56i6uI8RKnAZEYpW5tDWChg4tQcPvPcPJ6db4A5hBMyFGiFsM7LqlZcwBVvQBMECSYBkCEJCUsgF9XRnbbRl7WQjRlkWzo0jVZ6mgqC64WhJJYnXPnUh4K1v8aXT9KtP8JlNT/qhEUvdznzk3nvR4qsAAyPr7Sive6WSzdcvBufYMbPh2GYbHohCnqENrQl0aERYtEIWfEYdE2AVQjFDNO20ahWUVpaRiqdRiwSQaNeB4mVpF0YhgDz+Vm50lmLAWiahGHo1HfZZYgnImgGjIAEWnpa4TUdisejsC0DtmFAKeZ600VLJqVZmhaGpNZls8n5Rrlx5bFTU6uHrry4NxuP6Q998oujHet7+9MDPUvLx6f887E64fX0GIVTpxRGv62lSbt25bldrdYfmqpu+sM9PR9VlUrfL3/8ucemGsHjmhSTli7m68VKz5tu2HbJe95+Xa6Ty8JounBrTfiuB98NoAAySFHG0rClJ02BH2I6X8fizAKFnkN9A+vw3OFzCFRIrBgRS0e56cNnoBEyRk8sh5ouPU2XVcs2vmCZ1nOCVNNotZfMpJkyQ9NQpAIZlZqmhTG2I95bht5SPPfc8fD+q+5XnSc6xXMdz/kFs6AKdxXCzp7OmJFQPQcfOThz5ZVXqgXVMDTibCQml91qMGla+qQRMaN21Hai8fj9dsRqxpPWDl1oVjwRxwf2vlvv2NAl43GT+ro6Kb9cJNPUsGFND1QIPHvoMEI/gNaoYNW6flora6gdfh7HJmbx8PElnquHYA7JUWCWkvxQrfjhgkjgxanBRAzogkgjQkQXaIvq6Elb6Eqb6M7YlIpZpEnBOoEEAUIwgQiGBpW0pHimGv7L0w+9cC9vHtBHv65JpJd/Zwbt3/9t9m4GAftEbUNNu3rN1TQ+Pv5NTf1ywzm5a1efsX7X5WJ8dPwVu5Ruu2FbNDuYpVfSR/44WVj0H/V+w8PDxvDwMI+Ojr68yZ/2kY98JHz/7717U2ZNy+cKTnPH7HQhjLSlqFzz6PRcCS22hc1JG8l0kgImRDMZBM0mIARiURvJZASsVgLsuq6DWcE0TTiOhyDwQQQWQpAgQQyCkIQgCNEsl1Gam+d4S4oGNq2D0HUoXUcsHoNiwNANLhSWKWLpUBxCcYhkIkqaYfLM7GLPhnUb4xOnTm3NpZOzO7Zt3Xx6cfKrLW19BW42euffOTWPUWB8fJy7t+Yy2TUdsfzJ2dq3G6NjR0k9c2I281/euO5X6+X67t++88iHelfnPp02dZelCIul+sCvv/3S7T+3Z0P89KMHmcs1qtY9msjXabHqUzNg8kKGZRvcbDjkuC6HQYh81SMrFsPS/CIrz6P5so9itUahYuhgFOs+0kkbM6UmH52thOl0TIH4ZMSO3p9Om0ctpBc99gxLyn5T+OFTDx6a672rN1A+pcihxj9//J/rc3NzwCgwNzenhjcP02Zsxvj4uMqszghTxJKd6bbC/fffH7Remgo1j6oGDE50Rirt6Za8o0Rgmtqz0ZhdLC+UMlduv2RPR3u3FtFNvO1n3iwoDLkrl6NyrUoRy+KJqVly6jVeWlokFSp2SyXq7+uCVV/C9EMPYezkHB+ea1I1IDS8AA6D6o5Ljr9ilQsCC4BeTOnqgoiIIIlha4RcROO+nE3ZqI64pXHEkERgmKYEMwMCkLogJmKDWZxrKufOGf6t+YXKzOh4/hu6mw7vGzCGd+V59Pxm9e3I6vx10do6Svf/w1zwErL62jrL3ZBLYh6txx9Z0Cf/edIto/zNhDQMuWAtBPmRH0zY59Uia/iW5DW4d68et2stR8eONie/bt3RB//ig+Yf/5c/9t/3v959qSPCL05MLqyph+x3DvTK+ZMLVCxU+aJta6k91wI7BGKmTuWFJSRyOdjxOHuNBumaBo1DRCIWhKbDcz3odgS6aaJSLkMFIWuaBkPXSGoSISuEQYhAhWj4IarlKi3O56HHIohbJmwp0dHbhbVremEbBmXTCQ4IZJoWgiBENBqBZphcqZQj1XrTWL9mlTh67Ji3fduWTDyV2fmv//KJL/Sv77+qa75jZuroVGP/+LhY7TnthgjdmRMz9VfYdb9mCf/08A5LWfrVXVH9v33hhaWPx3LZr2pQnUqQWK7Uszddu2Xjf3r9xnWTTx2maiDo3mOF8F/HZkvPz9WWjy9Ug0NTJW0i3+Bqw5MxnZgVqOn6aIZMFSfAbKGJfLEKw5A0u1SFACEe0RAowNI1nqt43AwFJ1ORGgs5mmuNP2QEotDUlS5T0u0yemaj1lw598UBXZvRgscfeDw/NznXOB+7Bs4vxvHxcby42PKTeW9uYnpxbu8cMArOj+fDhYkF3+7finSaUaq5mwxLmzD1iGtoWm52ejr+//3ur7356QNPqetvvlb0re6CLiS5fkDxiIWnnnueUlEbHZkkhQowOKT+1R1ApYIn7roXJ2YKPFHyabFQw3KlTnU/QNXxqGdgM9KdXagtLkCtFDATrciuiAisgUgD0BrVsL4zTrmkxVFTUjJmUMQyYJs6dE3C0CV0XRIJYmZWzWYgnizz459/fOYP9t08GFl79Wrr4MGprwlEd1522daJ2c7m8UOTzvt+65b4lqvXrn3+0ZNLYBBembz4JQp4eklyigBgVc+qeOvWnj1b37h9b+6KrDq8/PxJzIK/4b3GwRj/wSkDfmiEdfXP7MkZ1/SHhadO/ZuYd2DfgDGAAZp8qSvJoKGz77UmDx36jqnb9TfHhCEN/sonv7JSmjAM+cEPfFD/8K982H3n/re+xjHEpw8/f6az5HhB57a1+pEvHaLC1DKGbt5Jrhvy3EyB0tkcaHmZ6oU8WnNZxFvbKHBWOm369TrCwINu2rBsC7ptw7AjXCmWqOm4pGmSbMuE1AT8IEAYMiswMRECENfLFZo/t4D8UhFTE+f41PEzFEodViKOaMQm0zThBwEtlRtouB4ks9A1izVTJ8PWaePmjdmZqaV0PJ7Y6jKW0+l4WUht7Xvf8u5De6++Wju7NLnB1PXpqeNT3rchec5tXmtFguDqsotkRcmvJHSqkyaWDU2kFwu15ntv2nZxa1Br/8dHpyr/75Hp58bmGvdHUvFRR9LpqhKnqkz5SsDpI9PFpcOztYTnM5HQUK67tFj3ebni0sR8CfGoToGvoEvBiahJ5YYPIYgcJngQIpmMziupPyN16SASnYhkIh7NkXfPPff4PT2ro6Ws6xnLBm677TaM7holjALnDwV5+enJX7/P0W/sKru1q4tqbTW2wvigrfNZSxi5+fxyy953v2lNtjV9nQeo97z9TdRs1MX00hJFLAPT+WVuy6RoS/8abjoOIoYg1/f57JHT9NC/3o1jh45juuRQECi0bViPHTfuQv9F26n9oku4HgjMHj1GjWYdUgjSpAAzIAgQIEhWlLIlNncn0JWNwNJALUkTsagOy1zRWrmOT7Wqh2rNhdvwobyQHSHFs67x1285/cuPVD53RnoWm4ObV7dfuiPnjY3NBZsG0w10dDXHR8fDzVf26IGvVm3qGZwfPjKO0W8fIsC+ffvEyzwS6r+0P4WE2RsQR+rFSpAIY7OzPz1bwf5XYdC999JNbbma35x4fsL/t1hNl/Rfkgw7rPjk0ydrX5uU+0EtV1xBc2Nj6jvFzyZHJ9Xxx457w8PDYnx4nN6be69xx3+5w33jf3vrbXou+qlnD55M6olI2LqlVzv0qSe4vljBW3/5p6hYqLIB0LFnT7ABgZTXAIch2YaGrnXroYIQ9VIJXqPGBCIrEYcAo+l40KMR1Kt18oOAjRU3kUKloFhBMRGvRAtIrFQVw3MclBeX4NYa1HQ8TJ46g3q9AV+T7PsuRSIR6BLUqDepu70FDadJLZkUiuU6GZomDNsQa/o70Z3NbD5+7OTJ3Vdf9UZXimfu+pfPLKwb6O83JEXPHDs3Nzw8LM9bH1+ztPbs2WOeOnWKJ4dv89tOH0s0mm7F0I1njJh13LbtvC3CssciYYfeVV9+Zrr+qRfKH17dmxnty6WOshSLpmWyrRlLpqW7uq4FyWQ8Vao2rcNTJePoVAmGlHC9AMs1F6apkRcq+IGC44WIR3QsV11KJWx2dYtrgQw1TZtmxV+ImHYIwkadgql61A83beof1C3THf2Hx8p9u/qMheML4tTfnHpxw6KhoSHZt6vPmDz0imLJl8ZTaXJykjetuWiDZZttoesd94TYMH1m7sZf/aX3D3sUpi7dfhEMTYrTM3MwdA26rlEqFqVUPIFDLxzB7MkjePKpI3jm3gdp6eCT6Olsw7qLNvGu192A69/8elqz/WIsNIBnHjvIE4cO0amxp4mUt6JIF+fD7C8WMQPIRXXa3BVHS8xgSaBkzGTl+mhUXPKcALWay6ZlINsaRSptI5GykYkbNO1r+HJB/PXvROn4e/Z/xT14cLp56Y5c3XVj9KY39eHDf/xYc3x0PASA5x+f8A8/OTEzPv41svq2IZWXh08A4D1vOlM/nV8VHL//4H1B2ZuwTKt27qfPOa+eLOFLTM9zz54o/RvI6muEtfq1rzGstLnx1IFDUy+9+G3ICsN3Dss1A2usE6Mn/BffZ/ONm61d3bvMv/7Pf914+5+997eo1frLp589IcK4rbq29Mrjn3gS3plFetNvv4POLi5i7tQ0GtUmqotlmp9dwvrWJAnXg06AZRloX9MHp1JGaX6JfAU0XR9K6rASKRAEgQDXcUgQSHEIpRghA74KOQjV1zphrnxJkCbgNB00KjVEEzEIy4br+KR8nxskCOddznyhgkjE4ngkQlIISCnIsHQRBiF2Xn5pPBqNXrpUXG7va22/+rEXDh6+dOeVM9ddtulXXKP+iPDK1NGxnicnJxWDaT/2o3WgtfV9b3tfbXT/frVu4ypTGGYpbvALtmYGoRNp+kljKaVrdGyuZpxzxD/dcs3GL9Y8r9IMtGVT0+d1y6iagseFRolKtZm5YnBttO6o3ogGNblYpplCneyIQQvlJoKQybAtZmYUqw5t6knR3GIF69bmKNLShkgqLXJJ3az6FDSDUHZ2ZsaT0UxZKE426/UNOy96zdjay5NR5Vgygkjwmg+8RuuN92J8eBybGpsyOumJUy+cqnwLtxdDQ0Oyr69PnD17lv/hrn/5gO/57pb+jaq4mP/zPdddt2fTxQOtUVMim06L0zNzdL5BKcWjEfiuhwe++jifOXmKZmYKhEaDrrl8I1/zplto2+tuQKqjh5ZrLj14z3343N9+EieeGUNxcY78ehWWbYH4/DldwIoOi5klgJQp0RE3qTVhIGHpFNUlNDDZtk6pXBzppIWWXIwy2QiJICAKQ7AKSVeKH1pimtW0i8cfmfjcc2fL5QMHhrTPfObx4NChyWB0dFJ9v+PG9rY9RqVE9faNSY8kxR/5+CNzLx3jgeEBIz/8i4xXILsfC8IaHN+dTG+2+Hy24N81eIOda4IFw1+cfmL8u1bujo+M83myAjPTgQMHtOhbovj4z3zc3/uRn9/nx+XvH3puQiXXdsBOR+ULf/Ug3Lki3vEH78TM8hLOTc9DQlJhZgnNxRIS7a3U15LhlPLI0HVwvQItdJBIJpBI2DANA+WGCzOZAOkGDMPAUr6ASrUGyzJhmgY8P0TD8eCHil7MHmq6BlYhwCvZIyMSgWlbqE9No1mqMAuNLF3CCwPKdXeAQZify2NmdgHxRIzaMmkUihW05bJwPB+zy0W++ortViRqoSXX0nfxhg3bPveZzx67afeuG64dunzi9/+/vz112223aaOjo+H48LgcHx/nVatWxQ+ffO6Siwf6ijqJqp7UlguzaF5//TPuwoKOdZGcng9FOZGInOnvSZ/Iz5VrRfLnDz508NzareuU5LCuJ41mNpE9Nb9Y6F/T25XMtLX0Ly0WOPADKleasG2TiAiLpQbFojY6W5NUKFa5rz2BIAhp3ep2IJYhy5SwVVVbrvob615wUDQKXy40aqlivnRRPJOsdK+PL5w9mb+yqz3t//1HP1C8accv+l3bu3LrCn2XtGbjPUY0Orvzop3e2NgYf5PWDKDLX3+5/cWRL7rrb9i+cfdVl/9hLpl+eFVnx8/3dbUMDd14HRzXod6OLnru1AQpFSIMQ2imjuVCCY88dRCb1q6lnRcPYnBwK2645XW8autFmDw7hY//8f+l+z/9ZT763CHKLxbAUkOoGBSG0DQJsDqfJMb5QkGQAMjWCJ1Jg/pbo+jMRpGIGsiko0hnY0gkbdgRA6alsWkZ5/v3MSul0Kg7qDshHeC4CnStxSGZeec7Fz972223YXR09AeV/KLkxUl65u8fdiYen/DXX7zeXn/1eu/US0I8PVe/WfROPWZMj0//wFT2Pwyl+39sUeU+iF/b/Gvmh279kPMLH/uFP+eo/qv3jz4ftG3rlclknA7sGwGVXbzxd34Ky8UKps8uwa268CtNBEt13rR+DaQiWmvruKq/AyguAqEPQ9eRaW1BNBmHZkVQLDfgei7YimG5VMPs1AyaThNhEGB2dh7VRhNeqNgPQwpWWvFC0zXo8ThKNRdtfV1oXduH2aUa2lozKEzNQkRttKzugWFqiKdSyLTkAPYgpMTh8eNY09eFbDyFQrmMlkQcJAU7gYvt/f189NSkv3V9r/lP//KZo6dPTU188GfeGXvNrW97/UOfesi97rrrwj0f3GN4Z4upB7/w5MLl11180ZGzs/P1M4sLALTh4SErnW6VwIR/xx1jDPTyn935Fpp/+rT23LFiSyobi1ma6T55cLyQTSVWzyyX6u2ZDI4en4zvvmbLL4Wkv7u4kA+nzs6JhcUSWtNRam1J8HK+SO1tKfS1JzGXr2BjZxyaBDraWhBfv5VnJqdg6Lp/6NS8Ho3bj2zZ1L88n1+uH3zhuB6PGM8USpWKFYl1HR4/dX8ml9M/8DM/tb1UD9yxg09PlmrNBx+767HqSzPD1WqVrrjiCn///v08tG9I2oXuyL0f/qfKO/7Tu/5m49qN737g8Yfv+v3f+pUbJ5fy0Vx7GyKGjkqtBtOyCAA8p4nFYgXVSg1tmRjaWlqgPAe6V8NSvoax+x/C4aOnefWa1VRcysMJACEFyrNz8GvVFZYMfSjFkAwGK7BSRGAYBG6LatSdMLChK4H2liiyLTHEYgYEMwSvHJ4RBiGcmgsVhEAQwA9D1pnxL2eaOGBkoNfrYSRqaMzqjs99+rlfHB4exsidIwr0g11zez64JxG4Ad3/0kOGfwhr/VV/as5Hn9mrf+DSO/x3fOh9v6dnrP/++Ojzgd2dkWZLkg7+zy/CDEO87tdvwVK5gfnJPAqnl1FfKsOAwOU7BxG3Ijj27BFs7OnA26+/AtmIRGXmHJq1KrQwQCIa4VhnJ2mxJNx6HcVaEy+cmGTNMKhRWML01BxKtRp8xewHIQWKoQCESoFppX3IxmuvhhcGEMJA16YNCAyJRDbLHavaicKQpSaoXqzz7Ll5au1tRXsuw8ePn6VTp89g19WXQGo6EBIMA5BSwJDEhqbDazaDbMrW//7vPv3cG2943cVnps/80S//7H//nYce2qf9r888KbFQvSQi9WRLOlFa05XeNjdbOhkA2bliPVKoNLx40rZuuXpT/NTp6al7n5laanBQX9uds5r58iWJbObqtlxqdH6h8JaOrtxCJBabP/Dws/Ky9d26G9IvP//8CXieT8sLBYRBSMm4DakC9PS0cTZhUbURYFtfCqYpkWxvg5bt5VTcQKEp2Gn6fNM16+WG9X1YOHfOqTmqZljxwuzcojDt2GklyQ6bpSueeOr52pPjU/87k9APrl7bU81EZOro2QVrpthYkoZ5ZC69YXkXoA4cOCBad+0Suwc7tf/xP/7kTft++9c/Xi7Ug4mlqca73vKm9HyphI19vTg6MYFEPEoggbnFPOq1JgbWrOZqpUqz07Noa0vBKS/h8AtHueGBWtJp1OtNnjl+iqq1OiJRG7X5JfbLRfiNBklB4MAHK4ZQilmpFR2VYk6aROtaI7i4vwVt6QgiER0EhlNpwqt74CCEbkhASpCmwdQYdL5OVSnm/3qKQdk4aU0HzBx0rcpoE6eX/v6BLz3/M0P7hrTR/aPhD5I8+vfsMXvXWrEH/vJzyz9Mo0S+mslq3537jN+84c/93/7Er/+mH9d+/7FHxoPk+nZhp2Ni7A/vgUaE1//2zehsy+D4sSksn1lC/tQ8orqOrjXdWN2zCsoNeebcNMVicVyUjUBvlhFPJRFPJ2GaBpNYyVI7rodKqQJlRLiYXyZd1zB37hyq9QYc34fnB8TntwjFCoFSUMxwmh7yk9OIZTNYnF/AzMQ0/DBEfmGRJg4fBZipMrcII2nTpZdvY6/pUKVSoYs2r4dSCkdPT8G0DcTjNhKWgeViGZlkEpZlkCElpeMxlUxY7cVyCet6sr13fuH+O//+Yw+VTzxxkj+4903lhuMgCNFMxcxYvly/IpOOrL1yc9f2Gy9f3dcCf8fcbDG7dsPa167va39nWzLyDsuO3SRjSTozMaEHAV0XjdrZZrM+lm3NHV2YW7ykXCxfvXZNT/bsmSmqVldEpbqhk20b7PsetbRlkWvLkBWNorOvG23dbXC0JK/u76NI1CLLtPGGofViXafFhIAjuitbkoaZSwa53p50prsn1t+pyr2dGSk2r22JbOxpubK0sDj43POTGTeErHvBcqPpTTu1ZRFtVqy6V9ei6ahdL01dPvL5+/Qrtm393Q/c9vY+ZbIc2nF5dKlWRXdrjir1Bjm+i0bg0+ziMla1tSDXkkWtXqNSrYpYIoW5mRlMzC/BTrZQuqUVXshAw6G2tashzQgqxQJHEkmqLy0BvksAEAYhWJ03eAikEyNhSurNWDy4NkurOuJsGBo0U6fQDWBHDKTaEkhmY0i3J5DrSKClNYp40kI0ZSFOIQ7Oubh7MUA2alI8ZWN+oUxBAD+Xiw/muhLhQx976sC+fUPa6K5JfAvB8PdsqBROnVKZS6L+3NjcD1UI/uNLWMz07ZRwH/3oXv033/vn/u/e+bs/09DCvzx46GSodaaliEfEc3/5AIyGh90f3I1MIoaDB17AmefOYfHwDGKJCHoHehDVI1i3upePvXCMgiCAJgQu6WmD5TdgmBqk8gG3SZFMC6VW98H3AtQrVeiRKAX1OgQpFJcLKFVqcFd2xa8FMJjPtxYhghACHAZYms8j09cDlxUWZ/NoeAHaOnKYyxd5dmqWxg8dxdFjp6mzJYu2XAvKjTp6165CLrXSqqbWqEOXAoloFHP5IqWSMQ5CFq7rUzoZoVK5wm2ZaCIIw4iMmnzTG65MHTwy8Vpbk+8+duR4cP+T025Cl9e84/WD26/e3rtr69rspRsG1q/bdlHXtvV9qe6+lnhrX1sybUXT2UxX9yWX7bwsI3WZbTpBd1tr57pDh49vZ8XrrERsrZSMymIRYRjADwLEE1EyjRVxViKTpM7eVdy/eRPi2QzFW1oxsHUTdbZEkE3Y2NRpUNaoMDSLnHIBwdKU0NEUfrXEbnkBzz/0qPKtCBItaWHqNtozhnb5VZe1bb/0iu2DA6vjHNQbBx4/bJjRVDKXta3dl66ffX789I5EMv7ai/tXvf83f+nntpgRPQYIagY+IpEIabqOuuugUKtRsVTHJf2rMT83j0LdRTwR45nZPD3y6FNYLlbQ3b8aTd/hRCROmWQUoQoxdfYsZs9OIz+1QE5+AeS7xEqx53q0ciDGeSW7ANKWxKqUhe39LdSVsdgyNYolImSZGqKWhljMgCUBy5BsmDpRECL0Q7Dvw2u60HwPX5kHnlj2cPzZCRq4qA+JVIyWl2vUqLthX3fL7k2bOqf/74cfHhveNax/CzX69wU/bLL6sXUJb/iNd0Xv+7N/rK9Ujn7zDvLi8eC/+ne/8e6mdP/+meeOc81niqxtFSc/+TT8s8u46l07+OJL1tMDn3scpycW4MxUYRoarx5cQ7NHZ3HVVVdyLpumE4dPoFoqIabr+JndO7E2KWHZGoh9sO/Bq9ZBhoFIWzuTptPCuRl40FAqLuPE8QmcnZpHpemsnHQiCKFaOVTgxQM+/VCtWF2K4TY9RDo7EUkkEbKC3ZqG6/jo6F/D/du3UmlhmX0/QCqdRKYlSX19XYhqJgQIxVoFxAFrmqBa3WFLlyQUs21qlIoaKC8X1fzMjHBq9eo//ut9fymInYvXrbrp4i19A5ph1jUh5cZ20XLJhhY0SiUmjUKhFOnJNLHUhdTNsNZ0KZBpnK1FKZAmqcDBYr6qNNOms5OztJgv4Nnnj4ZbNq6TXr3KowceRcS2sTy/TJGIiUjExEWXbsP6rQOIGAIaCBs2rEO1vITW/5+9/46y87rO+/Fnn/PW28vc6YMZAIMOEARAEOwAKVIsoqhmUL3YsiXbklus2IntGGLiKHZsxTWKLFm2ZdmSTKpRhaJIsYCdAAGSKIM2mN7n9vL29+zfH0M5jmMn+f5W7Nhx7lpYa/7Bmjt33tlnn72f5/MkJUTYQE+akbAttFdXEFQmOVPMkWUlUVtahd9x0L1jM9zVKiI/xPJSm41EnjdccwVDS0CYWQkinBo79/Dv/9FXn33pYuWClS22dKd+65vfdNtbr9i3b/2Wjesxt1rnhusRkUA2mwGBsFyvodHoIGNbWF5dQr3WQj6bx8TsHKrlKrZv2wIrb8GWErZl4eLpy3z+lVepVakjdnxEoYtSLoeV6Rl2F+cpmbAgX8sHECqEzsyWRjSYMbCpN42NgzmUCjYMKZjDkDRDwjR1aLoGAQVNgkkKEpoG5QdQQbBmgWq7/G9f8RBs34AH/ugxMjWN3/aeG0AMXDg/pzK5BA+Vcrg4s/qm7z944qEPfWif/pnPnAgPH16zoP1fqxD/P9c4MdGa5e7vHOC/4VM/vS/flS79+b3//uG/WbTuv/9+ee+998afffEP7jg7N/Otxx47LtudgJObekX9whLmvvgidr7tKhy4ey9eevQsxl68BCMWcFcavPu2HTR3dh6akeRtOzbTyPA6rC4so7q4isD18Y5br+M9fSlofotMQ66lg4c+hCAsTc8jiAHNsmH3D6FZr+HUK2MYn5pDy/Gw5iNjKF4LFhBEiJRCFK9ZDKNYEQD4QYQ4lYWdTcNzPKwurSKMIiSzOQytH8a2A1eiMNSLUDEPDPRQqauAXCbNmgbqtFosNI04jhBHChLMhgTZho6UZYHjmKvz81RfnDnZqNa0Ow/u2bmuLy1ENg3Uy6iMn4bMJhQFIbWbHUoldKT6e9FqehBmBpphckgJWkU/Gh5zuOapJCmIdd3g6fllYhbo6evBsy+cgO8HOH3iFLVbLQS+h+G+Er/9vT9Ey8uLnEkn0NfdS57XQeS6yJvM+ZSgBFz4c5eRNBUS+SSU10Gz2eFOyyemCCvzFbRrLlaaIUpdOey5/krEZhqFvi42Ewl2QoOZIU+9Ogdke6eb9Uay5rbE5h07s8VcDk03prlKjTRDkmXaUABanoeVWh2BF6HRbiFhmahW6uwHEbaNjpA0NMQC3KrXaX5qDjPnLjGHAdmWxbrnU3XyMuxUEl193YgaHTj1CqIwQOh46FRrjDAkk9YQOpu7bFyxoYhS3obOijVBSKUtMi0NRsIEQKxJIoE1CCRJQuz5iIMIgmM0OhF/+JkWX/3OG+nS6ct0/+9/H/3rSzj87utRW2lienpZbRzuoUTCrJy6uHTTUw+9fG7fvn36iRMnQvwToYr+k7oS3rd2zSMcOSL+Lj3Hgbff0PTDOHfF3deUzux7fukHhffw/YflfffeF3/wkz852hbxQ489cTzV6gSsryuIuOZi6k+fxYbbd+Cat1yF5QtLOHV8HDJgdOar2HTDJlqdXOUwEhTHMbkNh6/cewWRYti2ya2Oi40DfdjUWyTltQG1trKWpOC02mhVqmhVq/DbbXTKqyisG0an1eF6o0mu76059MHEDHotVoB0KaEAKAUSUoKkhNQ1GKaBVHc3Jws5OvCG12Fg8yYkCgX0b9oAr91CvdlBMpdGyAoLiyvUcDx05dMIHIcs0+KOF5AAoadYoCiKueN6VG904ASKtnYxHxhN9u/d1tsjvCYai1PQowr7gceB49H85WVYCQPlSpMajQ5it8PpjEXVuRXYmRTcZgPlDgiaSRAK9WYHumGCBFEQBkimktCEgOMF2LhhHZqdNjbv3EIjI4PYf/VeKpUKiFVE2XQaKo6p1XYQdhoYHSoiaMxTe/w80qIFM5NG0OpwY7VKC/OraLRcWpmv4sSpJSzVQowOd2HXVVvg+gGqM0s8efIUVaan4VWWyPdC1VNIYuNQPj/cV0iYiZQdxiF5QUhztTalEhaIBDVdn2udNnl+iCiKsVKrcSqVJKmvJXNvH11P1WqN3SCgSqNOlydm2Wl71D84gD1X7KBSKoX1w/107cHreWTTRlJezHOXJqg8v8iNpRVyag1wFJMuiNOGwEDBxu7REvUWE4hcH8mUiXQhRbZtQNMkdNtgzTIgsHagxWHEAiDSDUhNA6kY1WaIT50oEyU17N27gZjAp18Yx/Jyg669aTssXdKly4txoZhN9fYWbmyW8BfXHhymfVvSOPF/4Ar3z2OGxSA8efQHlor/rgs89fXnwx36wCIP24MbruquXTx6MTx48KD2pne8SYxNeOmDd2352lMvnti8tFyPUiNdUjU8XPrsUWy6cQte994b4YYRTj45Br8ToXVxARtu3AK37mDpwjIV+opQsUJ3qYt6e3sQeD6EUtRpt8lk0Ja+HNhpwCCGhELgunBbLQhWMPQ1movbaMBvt3ndxhFqV6uotToIwngt3EKttVcEgmICSfnaT0ykGBCahkQyAc9xqLZaRWVlBRu2b8bQ9k1wGk2Mbl+PXFcOgeehu7+PLF1Dp9UkPwwpUECn0yEIgZVqE/VmB8Vcii5NL4K8JnYXGujN6qR8V9VWqph48UWaHBun6YUa0twWMSTabkjPPTdG+68ewuxMFbYhKHADuEEIjn1KJzSytQhLtRbMZIbCwKGO61M6lSalmHRdo0w6RflcmjLJBMXM2LppA63fMIze7iLCOITr+LB0QRoBE5cmMdxfwPlT58lsz/FgnkhLWAh9B/XlCnl+gEorpHTCxImX56FIYM/2XqzbNIhz40v88DdfIOpUaKHNEKk0NRot0lREul+liTNj7EcucglG4PmohCa6iyVarjepFYQwTQMTC0vk+T6v1JskpEGmbsIPQ6QTNs0sLkKBaLVWR6VaRzGRpAO7NmDXuj7q78kjmTYoYUpcfOlV+trvfgZnXzhG1eUlWMSU0CV0KaALIKULyloabR4uYEN/jixDIpNLcTJpQtMEpBSQa8ZoEIHotQNNSEmkFBDF4CiGiiJUmz6+ermN+fkqNm0bos27h8j1Qzr74mUECnzLLTup3fbF5Ew5HBoo9PdZqQ2f/c3vfnnnDVenX33xgvdPXRnwj7Ng3Qf8T3AoOHz4MM3q1TDwUuLyky97Hyh+wPrYzR8zP/H5n/nDM+cv3/HsM6cjq7eoabrExc89i76tfbjmfddDCwmvvnQZqxNlNC6vomfXIIRlYu7FCQhDIpGwQbqGTr2NwPeRSNprLRAIZhThipFeUNBB0pDgKESzWkEilQTAaNUaiMIITIROo0G2ZSJfyGO1XEW95a4hTtcQufSaN2etR2dGrJhIECLPg5FMIjM0hP6RARS7Srw4twQNgG7qaLR9yhTznO0pwfF8pBIW9XQXQEIgUAwhNYABVorjOKKlchVJO4Gd1irv2aCTCmKMn1+iEyfGIRMm+YqRkYpePD6Fl46Po1xpYWmlgfm5Om9en4RUEfkR4NZrKHSnwUQwuI2EDlyebSCMIqzUXbhBCMs04IcKkYoQRPHaacOgdNJmTQqEgY9muwPb1MgLQh6/MEE5W2JmYh4lrYkr1lkkiFBreqjXHRw/dhm1poeliotqK+DlqkfDQwXMLTt44eVZjE+uUO9gAcuBjotzTSR1gYRkmAmLLk9Vab7i0tj4CuJWnYxMHr0jmyhppfj8whKKhRy5foDZhWWqtlrkhzH6+3vRCX10XAd+EK4hrklyxrRp51A/Nm8Y5KDZpOXZGR4/N07PPfECvvy7f4KT338Klm0hkTCRNA3oBJBi6AJISCBlSJiSMNCVoEJCRyphsi5BkkCWpZNm6SQ1QYKZwAyhSxIxQ0URSwKpIICKIiBWODfXwiuUQGWlhbOnZmjbVRv5yj1D1GwFOP7kORgZm/btXc8Li3VZrbbDdcNdV+zcu6H1x7/zrSd+6nfvMI89PB4DEMz8g9vM/ytY/1ulCUeOiKeeeuq/K15Hjx7liw+/3HnPoXv8Q6uH9Pveel/wK1/5pX+3Wit/6MEHnw/0fFq3B/M89ZcvkRFG2P/D1wNEOPbsOSxOrqI+toTihiISvTnMPHOJ9aRJHCtYqQSUYoRBiOpqBdVKnQ0hAFbkOx5v7S9SSgcit41WuYxMqQtSSoRhyJ1maw0hIwQEEVgx7FwOlUqNOx2HSBCEJGLFHCtFhq7DNA0wiAQRmGMYug633oQE88BQHxnZNEVCA3wfyVSWxl85g5OPP00riyvoWtdHmmnA8zxUKg3Umy2cGxtHIZNmw9JpabHMcazoim4NVxY9evX4BF54/FU+9vQJCn0XC8sOHT+1wPMrdbpitARDCtSbHSg/gm3rtDBbJekHnLA1WpotI1tIAb4H3ZTQJWBYBpTTAUjC9z20Ox5HSpHvRxBSouU46DgOPD8kTRDCIEDge+S1Wzh69CR12wq9oo0NRcaeEQ1SN7E6X0EQBjj6wiTGL5dRbkbQDQ3zy224oaKJhTZOjldweraJ1XaIlbqHcqWNjT0J7BhJwWGJV8aWoGkSGzcPY8OOLeQqjasew0gWYGbzMA2Nmp6H8ZlF+FFErh/CtixkLBuVhWX0d5dAYYBMIo04CKi7lIUSEU49fwInnn8Fx585QU9/+3G++PwJyhWyPLxllNxWBzoYAgqCAUMjaJJgSkI+afBwTxqFhEZd+SRSKZPMhAE7bUFqGjTLYKlrJHSdpaGvIZI1CZJr6BkSci0JutOh80sOvnSqSre9aQ8989gZbqw2sGP3MHX3ZbE4V8UrL47T0GgvDQ8UeWGlLpqOH68bKN58xZ6hJ//gV787Va1WjWPHjkV/rVjR/ytY/xuL1bcXT1gLaOlHPtSO/xuH+Ws+xUNPHqL7dt4X/c7jv/NWV0S/89n/8tWIUgkts72fVp64AHdsnq7/yVthJCzUOj4un5iCM1OHnbXRvWcdph85C5kwiQjgKOZ0LkWhHyIIQpgJC57rUbVcpcB3MbdcIdMwsKWUhu901jx/KkboOoCU1Gk0wZGC33EgBaHU1w1h2VhdLlPgB2uKZyIIQcQkIKWEaZrQdQMMtRYnFq+5GhqrVZq7OIXFS5Nor5bJDSOyUklsvHIXb7lyD7l+h9rNFlfrLeq4IQspSNcEspkkxicXaHpuiQ3DoJ6Mxa8bcChaWcbJV+aw6ihKixiXF5tUjxR2DqXo4kwD3z6xzCQEFZIG15sOOZ6PdX1prCy3STckXx4vU8LSEDcbSGQsJHJppEWHe7KSLPhIyQ6vNEF+4IAhoBkmlFLsRzGFkYIkoNlqkdNsYPncGVzRB76yK6ZN3cTDBUGtpgMymJfm6xRJySdPTBNrOirtAKv1AIutmKbKHk5Ot1GNJHqGerjQ20PSlNAMHZYmcGmuhWXfRKqnB5TOwZEmlhoBi1SWzEyO/Jgpeu1zXyhXKVCMwPdJ0yWEEKjOLHKIGGcvXqZyuc5NL4SSRLXFRTz79Ufx1Dcfw/LkLK1MLyBud6ivO8fZXAbNeot8x4EpCZogGLqAoQtoRKyBKW1r2L6+CwN9eSoUUkhkEjATJnRNQuoCYo3xyFITBGYWRCQUg+IQQgJxECD2QjKZ8fycS395YgUJA3zNLTvoiW+9Qn7EGN3ch117R3D6xDSdeWWKb7rtCpJS0qXxRS6VMnqplD9w8+GP/un1d40khq4t2e+572dv27x/xHnpoZca/wPczP8rWH/bvOoI/juUBQDQ0aNH+aaffuv6/W+99UdONkqXDnxwqzt2/2HCfUdxBEfo0McPyfvW3xf/1nd+a3P3+tI3/uRzX7OWZ2pUumaDaE7XsPqNk3TNh2/ldF+WUvkMv/Ddl6k9WYGuSYy+8QrMPz0Ov+VDWDpzEJMKQhS68xTFMRSDJQkSRKxiRY7rs2JgpeViaymDghYRhwGiwGe71EOKJJxKBbouoadSKPT1wE5n0Om4qJdXETEjVjEzKxJSshCCSBBM22IpiOIwZAZIKYAJEKaJRDYFqRto15q8OD5DF189i/Gz4/CDCPnuLnR1l2AmbBIC5IUxQhUjm8sik0vBNnWKlOC9GRdd1KEoYGzoSyKXENxyQ9SqbUzNVnFmYhW9+RT1Zw06P1vjhboHXRJNLrbhBjGXCklysfZexy4so6c3g6DTRKa7C3EQQDdA6XyG87pLkdtBRDpUGGG54XOpmEe93qKO44BY0eXxaUSNCg4fyPCVIwnKCB+prixVZpbBusT5M9M0eXEJkIKeOTGHVkhIpWxeavg014zQkkn0rx/E+k2DyPf3UKDZqAUCnpllkcmSkUpztr8f846gqdUOAtfBhYkVrNZ9cjwPkzNzXOrqQjaXozhey5JMplKk6waEAGpuh5qeT+liAaXeAtqVOi6cGaPH/+wbfPGFVyg3NEA2MVSsYCdMmEmLVmcWEHQ6pOuSLUmkS0ASQV9Lu6FcwuBtI13Unbcpk0kg151jTZfQTIO0hAWSEsIwWGiSVBwjDiIK2h57TZe8jo92pYVOtYUwUqBI4YGxJp/xmCbHFpDJWjS6axBPf+sVjG4f5MENPch0Z+jlpy5gfq6KG27ZiYXFGjlOEA0MFHuv378x8R9/4U++seMNew/uvHbP7zb8ZpTK2hcn3jjR+X8d1v+HedVrxYr+przhvvvuw94ff8MHrt179a+dn574/uSDnZkDtchY98ZbExNWTYMTWrVIt9/wxlu+/O3HH9/68tHTKrulTyonwtwDL2HowAb0XLuBYgk895UXqTXfgCBCae8glB+hemEFiZ4cECiCiqFiJqkJdA2UuF1pkmEaDGbSQYiCAOuH+6nj+tRXyGB9VifPC5Dr74c0dCIIpFI2ItdBJpdG18AAGvUWIqcFUiFUGEEwk6lrSJgaWZYBAhCFEXGsQGBSSiGMI0QxgwBotoXMYD+233wj9W7bCJgmzIQB3dKo5QbU6LjUaDRQqzfAUQTHceF5PtodB0EUobW4TFdtKFKz5WHhzFl878nz+ONvn8Hz4xWcXfEwUfZofKlDr8y0UHUVRnoS5PkhzZVdpNJJLFZclJs+xZFCrBRiJi4VEqQUQxcKmUKGVMwwLEm6ISG8FqjVQT5tYrahERFRtdrAymoFnXoN23MRdlgN9OcEaUQIHQ9SSiwvVFFreZi+uAiZSuL8+ArGZhvo785gsRHQTDMGTBu5XBIsJTteTEHEaNSaqDXbyKaTqHmgSihorupSremChYbITMGXJvw4Jl8RwEyO71A+m0UQKb68VEHDdShmRkQEN4zRabThtBwsLKzi/LMncfnFl6l7/RDtv/tWLhRytK6/Fxu2b+Fsd5G6+3pxyxsP0frRESAMSOMYoe+DWCFtSBQTGtZ3p2l0pICuYgqplAVDI9KkIArDtRz6ICT2AlKej9DxELU74FiRCmNErg9hGBCmBk3T4IaM33luiVogLhaTGDsxQ+u39yKZtnDsmXG69uYdNDJUgp4y8dzDr9L60UG6av9GGh9fFBFzvG1T3/U3Hdp16YVm+TFdBeR32mczQl+98rb9/PL3Xw7+X8H6H+m9XmtDP3Lij/oPfvhtO5/7zDdm/zo07Afyhv67rnJ1QyysjC8dXTfTqevWBiC9iu50j/zC+3+j8x8e+KVPnJqdvPfhbzwZZtYVNW0gj8WHz8KUEl37h7E8V0Zrvoml0wtgAnKbSkj35bD87CTiGGDBUK7PrEAkCK7jcW9fibr7SlwtN0AEeI5Hlm0hn0lSuVzDpqF+2tjfBcs2YBmS/FYTRioNt9FC7HQwtGsnN6s1SMtC0GohVhElkyZ3HI9ixTB1+ZqfkAESr0XdM+KYEUbRa0EFjNj10a7U0Gq2sPOm6zC8bTOyvSXKlro419eDRLFIQ5vWI51OQ8WKrVSS/CjmZr1NSzMLnMokaX1XEi8+fRIvvTrDxybqOLfUocW6Tw0nQjKbop7+bnZiRVNLDZyfb6HSiaDrGl9caKLlKcyVXYrjmAuWRCKhQ1chMREMjaDrGqxUgknTCSpGrARIxUiqOhqcwmLVganFmJ4voztl8DqUaX0mQDZtc9DoEElCEMZ8YWyOyuUGdFPycsWnR47Noacni7l6iEsrHmIIVJseVitNnp4tY3GxjMXZRbiuhyiMUKu34PkBea4PaRmQhgmSEpECpNRgZ5JkmCaEYUKx4FzaRiafpedPjGG10qC262JhcRXzc0swdA3pVAaprE2Fvl4a2LGZjUQCtmVTJpNBcaCfbcvE9r17sHPPDjrx1PO4eOwUqqsVhJ6HhAakTYnefAIb+7IY7EkhmzSgEdgydGjEJKVkadukpVMQlkm6ZUDa5tpsMGWzlU1SImcjUUjCTJlgz4VXdzA22eQ/G6sjJEDXJVgKunhyFtffdQXPXl6huakK771+O/K9KWo0PH7kGy/idbdfi2IpgbPnpslOm7x758bbnenm18tHn/+2LlPLzSiuJcMknTh6Ivz/6+/4n02H9fE1a80NH3hjjy5547N9ey5u6V+UJ769xrna9+sfyg5df51x9Kf/0/Rzf/jNp4euttsPfeohNXb0qNp9803al3/vc/SJL/y7Q1W39Ttf+sOvMumWMEcK1Bgvo/n0Jaz/iVuQ3joAL4gxf2wSca0DI51A/+u3o/rKHJoTZWg5G1AAK0UcxmAF1k2N6uU6RjcNU76YQ7PWQG93kXp6uqiyWgGIkLR0XLVpCKZlIHIdEBg6RUAUIFUswsh3Uei4lMimqbU0T5Jj6ByTZWjIJE0YmkAQRlCxQqwYUazA/Ff0ZjDzWgSUkNBMA26jhZkLl7Hxyp1c6u8m3TZJCkkcR5i8eBkJy4Bum8QE2KZJcRSj2F2kBCk0Zqf50nyDxpdbNNcIKJQ6dNuGNHXSbRO6aSCTS1IiYbEgpkYnQt0NyUrYVHUC8mLC+LJHumQqmIJqNRcchRyFCiqIKG1rpCeTELqGqN0CaRKR20bRDHHs1XlkcjlYpobmyiqt60xh67YeRF6wtoDQCFOnJ6leb6LVDnFupklPn16GrxjLHYVLyy7avuKVhketTsBBqChwPGpXGwhcH/VKE6uLFep0PIIggAGpSeiGjka1yYZpkJ1KUBgqCMtCVykPCEkdJ6REwkQ7UCQ1DX4Uob5chcEEw7bQv2k9ikN9qFdrkCmL0r1FisIAqtbBzNh5LM7O4PQLx+mxL38d06+cRthxoPHanC6hS3QndVy1ox8DfTnkczZy2QT6Nw8j2ZWFkbKh2SaEXNNHy7W4cHDgAXG8FrQEAGFIcRAgbrsIXR+ImV9a9PDgpTpMS4fvR9CstQH9zKUluvVte/HEd16h7v48Rrf20/DWATp17DIuXJiju958HRFHND1Xibp68va20ZF9/+5X7v/sF578ePTRm+8L/heL1T+PDuvgkcOp0dv3pScfO+X+DYUoAOCFz32r+uxnvnn+4CHIr33sa39lHei/fp9MYszretft8kPfegmfv/mHFQA+cuSIaA4WjWZ7uuvaPfv+4mvfe6pUXqwjMVoSvlJY+szTWPe2/Ui+9Qo0VpqoPj8Bd7GOxKZ+2Fu64MxW0TyzBGkbaw+4rjEUkwpigEAqVCApUa3VeWikDzuv2ErdXd2YnZplz/MhNQlD13HjtkGkEgmKPAekQmhxCCtpQwkDRvcgm/k8+cvzcGtVaFBsmQblMha6immkUzY0jdBqewiVAogQRjEUM5MARbFa21QqhudHELqGVsvBxbOXQARKFrKQgmCkkpCaRHm5DMOy2fMDqpdriBUjnU4xATS12qHJhRqWy00EIE4XchQD0CyDSdPR7njkOAHspAkSgiKlELJAteXBc0M43tqzPDbXQrUTQgoBqRTcZocgBXpLCRiWBtJ0xDEjaLWgzBQyXpnrVY9aiV5oGmPu8iT25troLqYQhzGMTIpXppZpebmCc5erqDkxXpqooexEmCr7mK0GqLR8cOhjXcmk2w4M0jtvG8VPvfUK/tF334D3ve1a3LB3GBs39oDDENOXF2hhusyVRgudVofabYcc14cfRdxqOxQzWDeNNTwxFMx0lvv6uuEpRZ12BzoRVMxw222cfvUcJl4+A3ZczJwf5wvPvERLly5zZX4Wlfklqi+ukKqUYYQ+p5I2kpZGKUtjSxOUMQXypsBQMYGego2kpSOdTyHVXSQpBYRuALoBEkTse39lkiZmIIrAQQDlOKTCEPxahqHSJetRjN8+VsZMK4TT8SkGURTGsFMmGpUOEzM2XbkOj3zlRVx3026U1uWRyCfx2F8+i97h9bj2us2Yn18Vy5VGdNW+0aFDd+xx79zxs0efeOKI9vnPH/2fCkqPHDkidv7IzsKIPhL8gJl/8Mj7reknX43/70EkHzkiRtAhzVZq4tFT4d/1QRx98hBNf8oBxtaMmkf4iCi/RPrjv/wl/wZ7A33q8L38GrcbIx84ZH7hA7/s/syRn/nX52pzb3rhxVei3Eiv8FMGVb57FpqtYfitV0IYJryVJlYefAk7PvZmbP3AIbQ6bVSfmwJMHVrKBgcx4o4HFcZAFBMZOhMDKorhNtpYqdTABKSTSeS6i/A6DnV3d1Gj6SIlYiqlDGjE0ASBooA10yQWGnLrRoiikBsTlwhRiGTSpHwpD8M2mMBkWjoSCQOtlgcvjBgMIilZMVP8mjE6VmtQv1gxXD8AA1BBSFPnL6NRrsNI2by8sEyhG8BKWPC8gKSONf2TYnSabdJNnRvLq/DaLTQbbUhdJ8/zkcnnoGJFTscj3dDgtjqYm1qhRq2NrK3xtpJJm7osHsybaLsBtRyfBRGWmwFNrDiotkLSpeCRLpOYGbmuDJTbhpZMwa9XYaWTaC6t0vnFEO1EiYVGVCvXuCcoI6MJkkKgulAhp+lgcqmNs1MNzLUVZhoK52brqDsRHDfA4f09+KUf2ka/8MHr8dbrN+C6DTls7s/SYFpDrx7RlQM27ryqH++8axcdvn0b1venqdns4MyZGURhSMl0EuXlKqUyKTRqLbKSFpumQYhj9PZ2I2aFWq1JM5dnMD+7iDiI0Ko3kUvZELaO8nIZrWqdZBQjQ4SUrpGq1xC22xBxzLYhSBeAJSUZkskSQEonDHWlUEyZyCU1WIYGjmJwGLAQRBwEJAy51mEyExkmiAgkBRhgxIpISMiEhdgPETTaSMYR/ujJGXxt2kMiqaPjxxTHYN3QKAoVrJRJsxdXsHF7H/kc08VTs3jjW27A0JYiTc2v4vsPPIs73nYzDQzkaHmlQbVmS111xc5r0732gx/94KeXf/VXf/VvW3r9N6/uQ916drD/+lajOjf2Gkxz91377Hc8ek949O+RMPoPeyf9O8zJf/11zSd/zh4amgseuPcB9YPovrvu/1gvhZRuX0xMpvsXc9/+8GfKOAJxx7qfKh74kUJFfzS71xHhU5/76reNjJUUqidJ5Vfn0fnOGez+5TtBJsHQczz2ew+Tu7sb9/3Ff4Sse/yJz32O3IcuAHEEaeuIKy6i1RZixwcrhp5JsApDEiQQdzwYmmQtm4AmdGRTCWzdvBGR69LE+DS2rR/Cu67dhm7qwIg9ZGwDqXwGUcTIbtwCv1pB+dJ5sOewMCVxFMEPAkSxAqRAy4uwuNrExEoDLV/BjRQCxfDCGF4Ys+dH5IQxgog5ZKKYmVlIYpLsBhFyw4O06dq9CFkgVjF8BiLPRV9/H+amZpDrLkIFESbOXoDvOnA7ayJnUgpCEFQYo75ag+uHiJst7F6XxRuu7MU1mwvclTbJMHQoBl6ZrOHZc0t44vQSZhsBNE2HkISEZLxlZx5vvLoPI5uLKPbnYRgGlhcqsNJJXJpt4Le/u4J7P/JjEAJYnprFqa/8JX/w4DrKpE1Uqm1cWujg9FQNbdIw1YhxabGFWrWF9d02fuGNW3DT7gEQEVqdtXnw8lIdzbbLMyttWm5FsHWBvAke6cvQQH8B23cMINlXxB8/Psn/8rceBRIp2nbVdm42XSr2dWPbzs3IFPLoLWaRy6ehmxbazQam5xa5WnXolWdfRqNcQb63B61qFZHjIHR92FHABR3ktzvwOm1Ypo6MISEBJHVC1pJsa4LyBnFv1qThnjS6S3nuKVqUK2U4UchR7PssCJBg4ihkoRskdI1ZxUTMQBwx6RoxgxHHRFGA0A8hGw1cGi/zW746Q6skwXHMnh9T6EcsJCiRsQEAURwjm7H5nh++jj7za9/EO953Nz7y8cM4c2kCH//xz/C6wR468u/fj0eeeBHVRie+6bp9cqjU88Sd1/7E65kZRPT3ys/63/XS/p7LIf/NjuuazJj5ws8/4P7A+9dajNT2s9tfS+1eq5/JB6ZXH3jggSUcOSKuadc6AHAQ7zf6twx699EvGr/xwqd+79FHn7MjJ4ppSw7NxQYaj57BTR+5C6M3bIUrdTz3mSeps9rAzve/A72tFC7oEemxhg4raJYBPWEwt0KihAGKFRArxFEEMEMJQC8kOZlNQgqJTrWFxbkWAi+m3bs2Y89Vu1FeqePlyWW8fn2SSTcp8AP22w4JTQOxgpZIQBBjdblMsVLQpIBh62BixIqRMAwM92ZgJ3UsVB1ebLhUaXo/yDgkZgYzAFpzajBAURwjYIZmm1iaXkA7CJHv74eesMByTWz45De/B9MykC1mEYUhQj9Au+0xASQEsZCC/I4H13G53XLoqj6bP/jWvXTVpi4wGLW2T9Nll+uNVWhSIp1N0r03bsCdu7r4uy/N0SPnqrzSDqnGxH/84jKdmG7wO28YoG2jLdTqHsAh1m3oxSuvzkNYBQgJWKaNfE8JNZGkh0/M8xXrslRtujg72+bJqkfNmHBmvgnfC3hbf5p++e5NyNkSp88v8GzFxUvjZZydbVG96bIUBNIlIsU/EOzCNjX0JnUeLCTp6h29fO+d2+naTx/Gm//lN3Du+BiGtm9gSEGXLk5iZGOE4YEutDodNBZWUOrJo9hdROgomKaO8twiL16aoNgPkMqlQJDQDSLHWaPHGqYB2xAQYJhSIGVKWJqklKWhK61TMWchk02jZ6iLuoo2pCYgdAkjnV9DIjHAgb/2uAtBCEMoxwMRrcVCE4h9D3EUIfBCoO3h959bQi1kWEkJLWWSHoSAJlFfbMJrBzCTOjRNYnmpScefuICb772av/y5b+Oet72ei/1ZuudDh/DZ+/6SH//+Gdq2Yz3GLs3I50++HO9+5/tv/v2/+MR7iehPmO+XRPfGfxts4J+vrOHoUWy+69rCuruvpenvHAtLzz3dT5qv/qSVDv660fmvQhyPHuW5R8YiALT7va+3v/zm+7x//dB//BczQeMDz3z/pSjVV9CUEFT53lnklMk3/eQbqaZ81GaqOPnv7sfb/sNPonv/Vnzj7PMYH5uA0AnQCO7YIiAliTCCJEAzJOIgAklBhmWAmSEMQXZvllrLTWLHp67hXnSXCmi5HqYnZtasOI6Hzb1Z5DMJRK06Ba0mNAFYtons5l0IKyuoLyzAcTxoxGwaknK5JGdzCeRyKcrkksinDaQsSYLWop9cP4TrxwijGDGAOGYOYkWR4jXFsxAUMyGZMEkyw2m1UVutol2polZusJlOUXF4AIZpwfN9NBstxGFMSjGUYjJMg2MWVF+u4kf2deEnb98K29DpkdNL+Nrzk/jSk+P41ovT+N7JJXr45BJ964UZPPLyLFabAfas76K7r+yjrV06ai0Pq06M5Y6iyfkWFhebvLjqkB8B4/MdfO/YLL/hxz9IpBnIZlK4ePESYhXwybFZWlxuYr7m8XwjoOlGhJmahzCMYemSfvZ1I8haAmfn6vjCExP05RcWsdQK6MDVW/Dh970B73v3XXjLW26mt735Fr7rzhtx1RWbYKVSaLQcemViBc+fW6WHn5vkQVvQT779Sjz63ARNLdRpy5ZhJDNpJNMpLhRyZJoGGs0OOo6PwA/o/PgM7FQCnXqTOIxgJxMIOi56ervWxMF+wJogyhgSuiAYBORsDbYuYQqwpRPJMMJgTxa9XQl0DxRgpxPQ02kShgHCa6RHzVg7hQJvzTgoJYQuATDY9cC+D+UH8Jou1GoVn3t2EZ8520IQxeT5EfcM5inbm4HUBHw/IqkLBE4IBmAlTZ65uERbdg5BJCU99shLeM873ozt2zZQM3Dp6198gm+75zrKpA00HAdgj2+8as913zh77P6ff98fNgCIf8jr3T/6grXvQx/SRbc9qNsyuurPH41Vv9gsSDTXxwuYePRU+ANCw8E/eb/1gSvfrH7w4R05ckTUhi7xoYN39mc3Fv/4q9963E4UUiSLSQoWG2h89wzf+bG3UD0RIplO4fivfQ0qZbNxbS9e+e7z1Lq0gNmvv4B4sQnD1hF7IdDyENQ6AK0depqhEce8xn9hhbgTUOwFCBoOC2Ya2DTMfqtDzVqL05k0ZdJJEpqGcxdnsXuwQBZHHLgOWbYFLQoghIb05t3wZi4gmbKQTFuUSFogAkzLIKkJaJoACNAlQSkFL4jgRzG8aC0KK37NYxgqcBQzRYpZEGHNKE0ImdCoNeC1HfhegEalRk65At8LUBrs4cDxMDs+TZFS4NfwNoEbULPWxI8f6KUDG4v0+KlF/MUzl/HdE7N0aakNM5XGpi3DdM1Vm3Dd9bv42p1DGOjK0ULDxdPny7g4XaEt3Tbu3FWiajuimZqHRshY7DCckLFU9WlppYWhA9dgaPt2GKZFumGwMG1wrGi1XOazkxWaa8Z0ccVB1YsBQQj9AG+9ehA3bMrjwePz+NIzcxjatRUf+5m34WM/eQ+95Z13c2nDVvRs3YJNe/fQ4Og26hkawu4brqc77jqIO16/n0aHujG7sMzTC1WcHK9Rp9LBu9+wDacXXcS6zVt3baFk0qakZSKVzMAwDM7kMmTbFuIwwsL8CvTXfi9xGKHUWwKCAFGrBRnHZEiCJQmsFApJA0lThwRDEpOlEXpzFjYMFdA7WEChv8RaNk8ik2NpW4TXeGgQAhRFhDgEBwGz41Dc6QBxBDCzCiMKXB+y1cHYRAO/9kIZzZgRE5HnhsSKudifw+JcjYq9OTRrbUgpAWYk8kmwLmj63CJuvmcfHXt+jDRdo1tvP4j+0fX8wGcfhISBt/zQjbS6ukrnZxbi7VtG0ndcd3tx0+DOrz/55JNibMeYGLt/DIczh+1rD1+beflbL7v/PAvWkSOiv3s2VRjqvdPszt84m23atmkUHC+qkM3Uc88hc65pejh6lKffvZmPfvRTf1Xpt3zyXdoXbvuN8O6Pv+fffPPhJ26bvzwfa10pKTQd8984iXXbh7Dz7VdRFIeILtdw7M+fxMjh/dRcrlH77DLi6RrCsgN3tgJrUzfSQ3n4U2WoSIG8EFYxRbqhwSu3SLkB6SmTpKkh9kJETRckibPFjGjX2ugfGqB6pU49vSVMXp7GStOlcifEpv482QkLYbvFGjHQrlFm6074K4sIK4tI5rLQJFgIIhKAYRtgVtB0uXZdI8B1A3ihgudHrzHgmaKYOWYgZlCsmPwwJt8PESkFO5vmRDa9tn3SdOS6u5Dp60GimEWqkCO/7ZAwNI4jRZEfQDBzeW6Vblmf5FtGc/ijx87Tw68uoupEuHb/VnrP22/hN7/pJrr7jTfirnfchd17d1Lfzh207apdeP3OXtxy9TDcZAbPnl/FSxeW6c5dXRjJGzi36AAkqJjUqSttAJkManaOlqtNZLrSNL+0Srl8lgbWb0A+nyJp6lguN9fkGxwjCEIUEzo+cvMw3//MNL0w2cYv/fSbcPCWq/D0i5fwx3/yEP7s8w8hOHMRc3/2BYx/+1HqqBiZLdvQbFTRbDkkLBtbdm7iW27Zj+XlMp08dRkrDZ97LEFXberm7794GclCjsxkAiwkwsiDUjHZtoGkbXOn7dDc1Bya5RonTJNW55ehRSHcZhOh58PWCLa+VhiytuSMoRGxQlKXSEhCSgLD3WkMDWTQt3mYzXyRRCIJYRgACSKlQCoiiiKC7zGikBDFFDudNd6Q65HyAwq8AFG1hfJqh3/ukTmMe0zFvI22G5GQEq4XYXWpSVIX3Kk7pBv6GgAyZrAgWLZBnhtQrdLCvpu34jtffIY37+/GwGCGSt29+LM/+Tq9551v5K5SF63UG/TS2bH49dddvXvX/t0v7991/fkf/tE7E7mTg/GmwU07M9nMFU/9+VPn/5ZQ1f/7C9boFbYxsGl0KO5Kvq401P8jBzbufFsEv91ymwuK7TRz0Jn9+d9cy5R7YIz/+hbxP73rY+ojG/7V5stzs58+9sI53cokhLm1l9pnFxG8uoDr/uXdFEUMK5XBt//NX6CwdwTZgRw6lQ68xSb8qgMOozVTsikQzdfQnqxAxDHsriRIMernFsFrzQvMYhIqjBDUOhBSwEzZaKzWm9lcmqxkSoa+j/C1uRSYaaETsCIDo90ZeLUqESuI2CeTI6S27UPtlRdZNzQQmEgIEBiapoGEAClFrzVNiBXQdgIoAsIYFCiFKFaImUmpNTFpEK/lGyoQPMejMAyhJSyGIIoYcF0HC2OXEQYRSiMDDBLktBwIFSHwArJVjA8f6KWvH5+hY1N1NmwLP/nhN9F73nc3b9m5mfI9XbAKXTj1hQdx/Dc+jYtfehBnvvoQXn3+NPy2QnVhGeu2b0Bxwwi+9uhZGkwSRrqTGFt2sak3DZ80lEUSVk8BiUKOMrkUophx+vQFnDpziQt9A5iZX6HxC5Mc+QH5rg8VK3zk5mFeXG7h2GSTfveX3oLJqSX+s9/+S6jzl3ByoYkf/9hP4Jf/4LO04Zo9oG9/EZe/+B1yO03qu+VGRO0Gq5jhuAGMRIJuObQPM3NL/NhL49Rp+3xgY5E6rs9nF5s0PDoMTTfYV4qazRbb0qJEMgHD0smJFS/PLmJm7BJ57TZrBIrjmG1NkqYUExEVkwZ0AnEcIakLaMRIacCVG7swurEb67evh10oEBlrG2GEASH0QSoGKUUIA+YwAKKISBJIM9fSdOKYAi8AXI8Xl5r0sUfmcaoZIwgiQNcQRRGcTgCSAiQJmqlDt3WKwxjSNBgCFDghmED53izPX1qhwXVFjiyBymQTN75uL7Zu24kXnzhBJ4+P44pDO8CIUV5pQDdJ7tm8ad8XX/jOl37+1490vvPAdyiTzTRqq7XJlx98OTx68z+ea6L4hzAw7/vDD+mjd25C23U431UobO8dznxg5HWld+2+4/25gYHDYai8nXG4+rdtLcd2jK2Fkkr1W2OvTGYs21RGKUvOhRVUvv4KNty+G8WtffA6Pp77wlPorDaQOzAEFYQQXgx/sY6o6QJeBCOpo9SfQ/vsIsy8zdAEyNAQdLy1ZBNdg1VMQTIjqDpMINZNnVQcL7NSn/TD8FuplE26qSs/CCiKGelcBqVChp54dQLfP7uAttLQaLnkhODyubMwLA19N91GqtmAYRrQNbEW4RRHLFQMxCEQRWt2joSGlClBrGAbErYhYRka6VJA1whSCDZ1AUMKSEGsVIxOo83LE3O0Mr2ApUtTXJ9dQmldH0Z2jsJzXKRzaeSLGUR+CD+IsX+0iItLLRy9VIVhW3TfkR/G7XffBGEnKAZBS6fw5Cc+xed+88sYcGucthgzIeNtv/17+NkvfY9+9vc/DX7uNNntNn739z6KGcqg1nTxhitKODZR5xmHMLx9K7oyBfT3dsF1fPT19+O666/BlVduJUGKuvM5DA/3o93sMDOwfV2Be7M2PX6+Sp/8udvAxHjoK8/hXcMZ9PYV0QQhtNOQMo3uXbcjOHAt+goWj/3hX/LFR56Enc8RoKAZOmKl4LHEv/yF99LB/Ztwer6F41M1vmr7oEhbOoeuh3azQaalo1DIk5W0AUGUTViw9DVnes/IEFK5LOmWCd/1qe14bCVtyqZMRHGMthtCFwJhpBAFEV+1ucjXXD2MrdfugNVVWMPqKEWIwrUHOoqgystQ1TLYcwgQBBKvyR18xH5AgePBqzX5wsUV/OaTC/xyPUIYKQpiplrdpUQ2SalCkqQkUrECK0DFCkKTkJqAnjChWTrchgsQKNud4VeeHsf2/RvoxPkJvPjUaXL0Dv2bX/0XePSZJ1CeDdDXU6Ke7rx8cexsaGb1zZ//5O9/9Ga6OfrkG99Fn7r3U+0//tE/bv99x4X9o+uwjh46RDe0ZuU86yyZoAndmA1bpav7tq8PWcVPzJx4mOebk9Fgpn7hy8/5/63o9KD20Ecfij/85X99/djFmd+4cHpC2QNZofXnqfnMZfBiB3f87N2wLMbq1CpO/uGj6L9tB7pKKaiFJqLlNiqXViCkYFZMI3ftgDO+guZ0FZqpE0mCkU+gM74CkU1As0xolobO5Crz2mqOhEZNqWs/ny5lnxSkzvf3dt/T6bi2ruvQdB2CJGmaDqfj0Ivnpkgl82u6Kq8DSwWkPAf5Hbu5NTeDuN0iwxCQkiCkJCEEVBQh9EO0Gx1QFMH1Qyy1ApSbDggCSjGHa/hk1jW5trkhsOsFpOkaA4QwVMSxAlitdWoABUEEVkxeuYrQDdDpeFBBwFvzGj11Zp6bfkw/89P38p79O9FxAxCAVDFHC08fx/ynvkLr1yf5ycjEZ5ZCetWJ8Y4f/1FsHd3NrAvoD36eTj5+jrqv28E//L5b8O0nx2goyWDToMyWbdh/w14uDnTT6MZB9A10IaFrHHkeFfJZvnLHKHZu3U7d6/LUqDWo3erwG3b14dFXF/C21+/AvXdeRd9/+gJWTkzQUErDpxd9hCTo5WMnCQj5i1/4Y/zWf/4ybi9JlITCSt3D0JtuAzseQci1OZ3vgwRhsJSibzxyAoqZdgwk4dpZDG/eRF2lHNLJJEq5DDeaLVqZX0CtXOf6XBmzs0toNDoUhRG8VhvZYp53bdsIv9WiRqODpCkhAIR+jISUuHl7ifbsXkfF3gJkMglWMaPTWbsCagYQRYDbWfsHWtuDqxDsuYDnImp1yCvXGI02PX1qmT5xvIZFzYSwdJpfbSN+bRuqAHSPFKFZGtp1l/SECcOUBCHgOgGxYiSKSfidgEI34HRvmipzNSgosrsSdO6Zi3z7G24gJxvx+CuzODc2iTfdczs1/CrXXY8ggZ3rh7dc1Fc+94vv+11vsX9RO/HtE//oGPB//1fCo0cxdnRMLe67m3uyLd9rtGqBE8xdFtXk8aXzzy1OzH5VF0Y1jrxw8uvHvL9KwmHQCD4gpj9/VK27ZfvvXxqb3dqsN2NZTEvJhOq3TmHw4FZsu/0KduIYx7/0NDlRzFvu2kF6vHanmj42jdBd0/BYpRSlN3dh+uHzsHsya2K4PYNwpitwl9qAJmGkDERtD5ETQWpCGQlDkq79UfdA959Gruqu1Wp2T1/f1lQmPex0XBXHLOyEDYB4ZXGJDMvCSttHXSbRqLfRk9YpIWOgNAgVeBQGPktB8B2fIs9D5AXQM2lYqQQCzwcRwQtiVNsBghhodHyEEVOkFEexoihm0g2dpSAYpgE/CCmKFaJYEYjWdAvMYMtE34ZhFHtLiBWTtAxuNToQnoesxnR6skyHbt7Hd959E/lBBNM0IYggUwlc+LOv0ZbGEp/TLHx2OYDQNAgAzz72GJpOg77zR5/GhvEzNJwiPrfaxtVvuxVbRnvpy986zjsHs5hcbEJBIJlMotlsw4DE2TMXaXGhDAMCYy+dw9TKMiamp7H/loNYuDQB22kik9DoR++9lsz+fjz13RMoLC0xJS08shpAMzSKVczfe+gRvHTiVUjLwN0ZgUEtRiMGMnfcCoNeC9ICiNXaXEypEMefO4trN+bomu1FIFNEJdJo3Ug/BoZGUK+34bs+RY6HQk8PfNMkQzfQNzhI5aVlBhR1Dw2gPL8IU5eUNwitahM2R9g+3IW3HBjE1Vf0ozQ8AE2X4DgG2i1CFAFRCK6tgloNqFYTUaSAWFHcdhC12hw5DnXKTfZWG9ystPHwKyv8iZcbfKoRk53QYSdN+KGC6wYEEDRTY9+PyXUj1nQJBihRSCLwIghDrjFppCArbcHvBCj0ZajQlabpM/O8++A2unRhBrZI4ba7DtGm/o343f/8X3DVgauxd9coTc4vYKpWjXdt3pDdPbjd2TRwxdFf/PVf1B741AP/DAvWfy1cvLjvbgwJ5elx27s8NfVUp1w9HU+Gpzuq0X7hJz/XxH33/VX7eRAHtaM//PnoLZ98/zWk6b9+4nsvwUxYIj1SourJKea5Ct38y29CZIIWXp2ksW+dRO/2fupb3436TB2r5xZRPb/EpEmitE25bb0I6h044xWoSCEzXICuC5RPzoI1CZIC6VKSW5OrZGVtZWYsze+Ez1oZ+7cDP+wiXSvYyWSuvFpdHujrvp4VdDBz5IdUq9RI1yRSCRuJhEWVRgMLrqIT821oPQNozC+hcuZVCERkp1MUBSFHUUyu48F3AyghYeoSPV1p5PMpFBM68ikTMccIIgUvVOT7ITp+yH7MxEJCEsg0NESRIpISILFGLgVo3bZRbNg5ClOTEJpOhqFTLmHRlm3r6fzZyxAA7nzjDchnkkgkbdKxptb3fB/+l7+F/TKg31yOaDYEJQ0JJmBlpUZPPHGUXr4wSa/P69iZFKhXW5D79mL33lGaubyAp49fpKoHqtab1D86gpGNG1DMJmnLxiFs3DiM4fXr0Ts0CA4CajZa1Kk1qD47h+050Ov2DGD73lFUfAPf/8pR7PTapCKFxzsKQgoyLBO5bIY0y4TyPLw5TeiTgGNblH7jXbB0ScwKSsXMcUhQEU3OrWLYX8IHbxykBGI+Ot6ijddfj3Qihbn5FZQyFu0Y7ub9W/qxY7iXrtq2hQ/s2ErpbAGbto3i7jsPUKdS4/WbRmj3liGUijnac80NuPbaXbhpvYmtI1kkuwswS91s9vaSzGehlbohpQZWQOR6QKMB9gKg06KwWgbaLQTVOtWWGjy95OLUXEd87uUy/cl0SEu+YiJQtRVACkGFUoYadQeKGcLUKAxiCE2S1AWRoYGkgDB1kCHJLiahWzpC30cUROS6ITZfv4HnTi2SlAKD+4bphWdO4Y7bb6RtuzfSqbFL+P4jz+GOt95KybSguaUyyNB43+Yr9hgjua/87J0/W/n4xz9O/9iopNo/6He77z5l/sFPytgw6tvSvdOVVnv0sY//lnvVZz6s/U16+0c+/hE+et9R0Tc6+IvHjp6VrMlYFpIi7vhwTkzTznsPQKZ0rJY7OPvQKeiahr49Q+jU2mgsNXnl9DwBTFraRGZnL/SeNJa+9gqEpUPaOqSpo3Z+GcoLIYpppPsz8MptCCKV6U7J2mJzxbDM3zYTtq9CXqcZclaxkKvl1e877U5fT0/3z1y6OBELCAqjmEypQTGj7XowTBNSCOj5HC7GWTz07adwIKewLw5BSiGTssi0LRhJG7HjoLW0irmyg04UY9O6IsJOGwZH2DqQgW3qSFZdNH0LLSeghhOiHSlEas1/aJk6AjdAzGuexF037Meu6/ej025DhRF1ddnoKuQwe2ESlYlxhB2HN24aQjaTQqwUwMxhGBKYueMFFHo+hE1cDRUJBjw/IMXMuibZMg00g5gCEAo6kHMCBPU6hLYOO7YO0Csnz3PV1Wnv1TuZOILTqEDP9yOZ0FkIiQgKyYSkrlSAA7uGuNXy6eGvtrFxWwmDaR1R4CGiECqbhbOyhC0JAZsUWpGCpWIIKG67PjbqwJaMQMKN4RlJZlOjwPehmEHE5PoeK8+lHapM+3dmuN1o4eGxOla1PtbOnCHqTuKG9TYGSzFMrQErVkiILCBTUKUE+rJ9LKxtkELxvXfdSHEYktPuYPLSPDqVVaQsgXVtHbZyWBgWdZaW4ZVXYHIA4bWhmh6E1BFUG+hMzqHdCRGaJoIoworLmKy4PNtR/GoHNOnEjy6F4nuFrL3TBj5QbfmRZUqxXOmQmba4f6RA0xdXEPkRS0MjIjAJQameLBs5iyqXV2EWEmBNojFRxvAbtiBm4PL9p3hxsU7d23sx/tI0Dt9xBV+6OIdvfuUR/qmf+wj9ws9/mN76to/wd77yLN/0tp1U6MqLYxcvRge27My//fW3/BQR/SzzExqA6J9bh0V/vRSN7L9LiYbt7f8I4vkXArxv/+3O4lUn/lsD5eHD8v7DH1dP9EzfoBuJf//8IydgDxWlub0X1eOXoVc83PLTd6DmdFBeaWDq6yfRtaUHRtqCs9pCvNqh2oUlQAgY3Rn0HhpF6/wSnEur0AspaDl7rbhcLkNmbST784gaDpzFOhJdKQAgrx3OaEnjvBTS00mWIShFTHOFXLpncWnpbHepuDuK1YDTasdKKWGlkpxI2KRpGq8bGaKNmzZi71W78fKxE3j1/GVa9IkC10VWKAgAQRBAxxo/aS2sQOI7L0zhsdMLmFxxMVl2udwKKFIMzwuBWEEXBEECmYROPcUkdF3CDUKEMSNTKmDrgb3oXz+Ep77zOLqKRWzeugErS6tUmZ1FYvoM3rc5gVu3lejMYhs9/SX093eRqWlrGF6A7Hwap549gb1eg8ZJ8qlGDEuAGAxdSrRiRSWD+BcGdORI4ekAZF11JQ0P5tFZXcTU5DLFAG7cM0Kb1vXQyNAgDSXA2bhJvSmDjNiFalSo1w6RUQ0M5pm8epUqE7PY2J1Aoa8E6DbSxSweePw0v70gKJk06JlmzF6o0O4E4DjGfxrRcUOXjuqSh9XbbsbQjfspaLU5ZEWVlVU0zp+l5NwYeHkSKlL00lQdy2YeOzYWceveLrrliiy6jCrn8wZlEoISaZt0Q4GER6ZOyGZMJG0NFLWhvBp5jgOn0wCUg2TaAjNQnpqBqUBa4EDVy8TtNpzJOTSXamg0XUxOLOPM5QpemnfxxELA37jYwtcutunJOVcdq8b0TDVWs744kSkkfzuTNldqncg0Da0riKI+CMEgokbdRaGUJhDQqTkQhkZxpJAsJslteRS4IWI/hpm34XoBkhu6uPvgRjK7U6gen6NOpY3iugKqS3WIUNH21+2g5x9/GQdvPkAbN4ygtlLFNx95it77tru4HdQohiAvcHlz35at1nDP1569aqZ66NAhefR/wRz9fy1eZvroUTV99Kg6+vGj2Hh+IyauPPXfgcOO3P9x/eaenfGPfeKjv/TCC2evXqyVY70nJShpovngy9h2xx7ktpTgZUxc+PzTiBsORg5thnRjpPIJjH/vHOIYSPakkb96GJEToH1yHqEfQetKQEgJv9KBcgIkh3KI/QjOSgsEwMonqFVzSEuakdT1xWTKPhYEQUFqWqykrBBzxrbT3tjp08dH1g0eSCWTxWq1oRKphDCTSagwoB3bN2No/TDKq1U88ciTnM6myY0Z58s+5hoBCqZAThfwHRdCSgReAKERXAWcnm9houZiqeFTvROh2VrzAEaKwEIgVgzHjzhpm1QqpDG8dRP6d2xHMp+DkbDQlcti/83XkZm0yXfalNIl3FqVB1STMirApsE8UghxuRbS0IZ+TiQtCAZiVigVMtSSGk9+9yR9bGcC328qzLQVIgYCFmTqEr+xTtAhQ9GFRoA/9y1687sOwgyaaK2u4Py5eRRswoasQC4psL7XQslmSguFlMEw69NEC5cgnCZnLZ2SMsS+zTm8dHYe/SnBtiTyyUYhm8BErNGLJyb5E3sydKsZI8+MrakIv9bNeGueaGzWxdGeIcp/4O3k11uoLy9Ta+ISZ+rTNCIbQKvBrAl6dbKG6VDj3r4ibtzXSzu35mEIhURXN8xUDtIwSGgWq8glpQJmjoi9BljF0DVJVrLAhqGToQu2ciUSuT7UWh1uQ6fjl1f4ucsVevX8Is5N13FivIETl6p4/GIDL8y28cysgyeWArxcjzDVjlCF4LrQVYW0Ziqf/lo2YX7f9bjR8sPNoeJkrPiMYejbXC9KCbG2PGk1XR4Z7aZquUWKwUITMBIG6YaOgBn5zSW0yh0UbxhGe6ZOq/M1mCNdsFIWyk9PYN0160GGhssnJrHtms24NDVPQ+kuzm/uxob16/DFv/gWdm7dgV27NlClVkctdNVwX29ShlrrZ9b/7GO/+Mu/qP/F7/9F/M+jYP2PWNH3AfveuUWN/TXN1Q/+z6Hu7dy9ce/GlJX+nUe+97Rl5lNC78lSMLaI4MIKtn7wemZbo1bZxcU/fQYDhzZDCEIik8TKuUVUTi9AmBry2/uhiAA/Ru3YNAr7hiBsA+5qC8qLYBYS0CyN3ZU2ccdHdiAHy9LQXmwqPZMwNE2kI7CnadoUWTQdh4ZvQCsLnVjXDS/0vPNbtm2+seP5yU6zGZd6umjX7h3oHxqgxYUlnDl1BivLFWKlGGBAEFYDprFVj3VWKNk6hXHMQaSo40doeRFaboRaoOAqghczPCW45sVouD7abgTT1JFMJamlNPb0NKl0DmZXL3bt2Yo7bt6D67Z1o5AgHugr0PquNCOOaGmhjPriItkCnLQktgxkCY7Dq00XSjcATYcmBEkobNyzmS6fGmM+u4T3bbYwWpToSUncnNHx8SFJN5nMM3UPf7ACXP+OG+nWa4Zw9uQ5Li/WaXiwC/ccGMC120vY129iUOug1F3kXG+JUlqE3EAPekf6UKAWZcmB7jtIF7Mgz8Orp+doy1Aa9ZUGFALs3rsN5zzQg0s+bxzpx+u4itcVbOQGi3jcNTC2bgPFh9/AQymmVHkSW/QaNqRj6rJjwPOwslzHYydm6YXxGue6i7RnW5a2rLehScBIJaHrkohiIgFw1CHSTZZGgoRmAVGTELYo9msgUgAJBPUpKLdGRlCDimLIdAlbb7wJRrYLp8em8MRL45hpR3SxEfCCG9NsJ8Kso9BWYBaklBCw0zYJXVtJJa3HTYP+0g8VM6gqDK2asMwTvh9dEAJdzLgyiJmlFAjCGFIK9A4VqDxbBWmSIjdCfkMJVpeNWAG1S6tIjBQRtHwYpRScM0tY/659WD0xi85CHev3jWDhwjKkAgb3r8fxR1/Cjx9+J23u3kILCzP0zUcfx7vfdZhWOmXMrawiYek0mOta993W8S9++kd+r/O/PMf6B2DD//0WrL/rzfMavO+/K1YAjnz8Ce0++uH4vb/1oR8/OzXzhovnJmKrtyhlzkLlwVdQumo9ht96FbWVwvyjF9CaXkbPdRuQ78pAkxKTT15E0PQhkiaCto+o0oGRtGBsKMDoTqMzXUPkBjBTJmTCACuioNoGggjrruynlfPLFEegiBmZ9cX+7bfv7J56bOyzXb2lFsNo6JmMgyCGYctso9VslssVJ51OHSh2FcSmzRuRStpi/NIEjj3/EjptF/V6C5ppkB9EYFYgIagTM47P1mmi5sMWRIIZzbaPOI5g2zqqfgQvAixdQoEpYRskMjlK9vWTUexCaet22nTN1bju1hvQNTBAQxuGeaiUon7NBXseEqZG+XSWVbtOldk5yCCg8tIKYt8nFcaU0gW6MwYNJhVsv4lKtUP1WhtNN+J2CIzceCWNLyzh0lKDbjAjOpAQGBUxlSPJL5KB0yPrUbx2K/3QzUOoLJdx8eRl2jeSx8FtRZR0wXGtTfHUNKQfQoQeoVkDazr4whjixXkg9EBCgxa0kUzpsLpyeOjJ87xS9Wh9SYPfaTPaVbpx7zA27hmhuWyOlkbWobZ9B6aHhtF34y46dPc+vrFH0oCzjITTQKPe4sXpJZqbWcWzYwt4/NV5cqWGFZfpmn1FvOn1G1gmM2RmcywtC1AhwDERKZAAk1iLSGMOiElnoenEsYco7IBin+xMlnQZAQrMQQsvPf4sPfqtR+FEGjKDAyCdUa/UiYmoFiquhwxXASGBWdNQyKUcP1QVJbWndcucC8LYNg3tDAx9iTimMBJxIiWbzWY4JzTcHAVRNghiJaUQrVqHeobygAC1V9uI/Rip3jRXJ8sUS4GeQxtgbO9B6EVIppPQsjacuSoyG4tYevQi7A1dUBph8eVZ3nvrdpy7NAOzoNP12/ajsK6fP/vd+2n79l3YvnUjTc1OUTuM4oO79xWyZlf5+k3XPfO/ysz6h+Biyb/HuRXuvv8X121716104S+Pen9j+P53oW3oyY//KY/tGLN7ejf956NHX+5yOgFZA3kK5+tovzTFfW+5kuKEQKvuYvbLzyPZk0JyqIBO20NnuYnVVxYgUxZEQkfgBIjcEGEcQ/QmQYYG59IKJBHSfVn4HR8IY4RlB8WNRZi2htVLq0y2AWHpnCqmmL3oc8tTlceoYIQikGwDuokW2poKc1bWrKyutGzLor7BgV2zUzNqZWlF1Cp1BJ6PRCKBarUKTZdQigkExLEiKQRJMGabPh+ba6PsRGRLRt2J4EbgUi6JUjYBnyWl+gY5mUli3aYRGr1iF/cPD9C60WEu9vejUMhh63CB0qZPGeEgnzY4aROVjAoSXKdNg2ns6Gc0ZybZ82KanKmyTjFIMZUyFjuuQtbQqM9mXpdiZFplUjOTgN9G/4GtqJoSxxK9NJ0pAhu7YWzup/U37qLNO4awp89GGIX0yolJ5ElhNAmsXJpDda5MqtVBOmfALGQQLayCnTaiah20MAVtaQGyUYEWOtBtHc25ZRQ39OLqmzfh0WNzmLiwTF22pEI2geX5FV6cWECPxjAiBTP00MM+iY6HpdlVqs6s8PTleTpxeg4LK3U6M1HGyfEVzK004AYRqsLGj330en7rPTsp0tJkplIgTRJJHSRAJE2AYnDkkQp8itwOxW4LQadBURgwEZGAojhsQcU+hG5Cs3OkUYB1G9dkI88//wqefu4cTpw8Bykl6l6IshOyHzM0TUJI6SYTVuAE0Txp2lOmqb3MzL5m6qsc65dZU66mdI8svc6ur1RI80ZaF7qpHfK9iNfE3cTNSou27xvG8kJzDeqgS0qOFBArBWsoj85SE97lKpxLZWSvXgcOFPSsDT9mqFaAgSsGsXR6joSmIT3aSzOvzvKb3/wmZAsGXnz+OC7PL+O9t9xLlWCJFpo1tiymbaWhriejF//0P/3E16L/WZd18MhBbe9bXrd9V3q08lfwgn8yW8I1rhU00IB0vSKAV17bAv71H4Rf/9mfKwgn6jz8M7/vA8BPPfS7BhH5n5793ntPlqe3TdVrUaa/pMWWheqxSRRu20E0lEfkMdqvzEP5IYr7NrORTVCimMLUw+egIoXSvn4UrxtE5/gCll5dgJQChmWis9oGK0JytAuq7SOsu1BBDOiEVE8K82eXAU0jFiJOpGyNwvjBy89Nf7lneDiwlhtx3FclD4NKslkwI+7xA8/s7uttTU7Nzvmuq4aGhwUrBWFoSGfTCIKAlVIUMwNi7UBXihEiBqQOYRD5scITix6OLbucNSRKtqDuhIaUbbCRtCHTCTS8kCwWyGkahjZu4tH1fbCNGHZcgaEczpkBksmYDKMOg4BUwoLUiOPYAZlpvOOdN4C+8ATGL4Imqx78kCGkoNF1OdiGghW5FK620VNMcH/epDioI+U7PHpgAKyYw0jB0JlWVuqYvDwFPWFQy9KxPFvm504t0q2jGZyfX0ClGaLhKeQsif07cui3NCD2oGo1IJnA7PEpPHGpidNtgUxC4p4daVxxz3XcrjSotyuD3/uNe/Dgk5f5S3/2Igqnluj11w1RsWCg2qijUnVgahoQxWg4PmIhkDUlkQA6foxmg1FrefBcD6sdxui1u/BL778SIwMJcpoxdHMN10NSAwBSUYzIqwMgKBA4jhAHPqIwROQHrFkJghSAbgCKEQRlMASkmYMwC1B+jQwm7Nm7g3cdSKjnnj6Jl556llZaPhe60mRKwfW2G8ZMq6FSnYDE0YxpvigNqsYxFyKl6ppBATzTDzJxJRUmIl+XWSPbGVZKPpLK6O9vdbz1oRcrYUjhNx2ErNCzvoC5s0sIwxh6oOAutth7aIxEQoe9rgvoTWHp0bPIX70RViaN9PZuLD92Ht3r88ht68X4SxN03fWvx9j0OXrx+NP8+v0Hcc+b7sC/+uQnqVFZxo6hEVxYmpMTK8vx5p2jV37iPff9EBH9xd+BnwEzExHxtmsOvrPTak9+4f7PqTVxM/E/nYL12pv9xr2//jwAefjwYfEA/W0itCaAhAnAB0B+t7XWdirx5vOLS5BSgz7ShfZMGcoiDBzcxkoSyWQCKyemODGYJy1lI664WJ6toXG5DC1r89U/cgvZ27Koli5i/uQcosUm7M0l2MUkuJhE5IVoT5YhbB3sR0j1ZRH5EbxqC5SwGQJkZ62OmTA+XcrnF2GEm5tdXRMZs+y7XjubiMmEJEAoKwoj2La9atk2kxBQsaIojKDpOhqN1toZrRhS0ziMfAqiGESMRMKGUgwVxTB1gSCOadmNuRooTNZcdPX1Ul9PH0IvoKF1Q0jlUhxKCcMIkDNcGMEKpGrBEEyazkDsw5QmDI0ZHBKUASEUSSEgdRvv/vFb0ZES3/nKSZ5YaqHqRfje2UUaKaZ4c2+aurIJzjXbZJkChm7Aj2JyXR9Bx4fjK3SaLTRaPsjS0D9SRK8wkUnrtHP3AP7gG2MYTOtoxECXraFfMiwo5EppyMhjoYGa42X8xtEVfLsKTjHgK8bXj1Xwh1tHcdX+AXidDhmGyW+6ZSPdfMMG/tP7T/JnHzwNlGvUk9GRTZlIJG2k0gmYaRMMYKHho9UJ1rqpjs+OGyJZytKP/cqdfM/tW6AqDQplGnZRB2k6K1bgwCWOfYSByypmkBQUKyCMGFLqUGGMarVJC8sriKMQXT0p9K3fCGEl4TbbqE6eRWl4PUwzw93dBrwoi8m5mrr+mo2yfyDHz75wKl5dWFFhHC/quj5lSDmr6XIia2rPKgVXCK1JMp4XseFFmtcSwmz1p/rd7u5uPnv2LElDika1U17XX/pCLlK/urJQX+OiaRpfenUOV995BS3N1uBVO5xclyermKKo40NFDGeyAtmfRrInh2iuAYz2oLBhAO3JKlpugI3Xj2LswVcQl10M7d3Mf/DFL+KW/XfTW254I//G/X+Er33/cf6Jt9+L7vzLNF6u8KpqUF+u8EEADwCHo7/9T33tb70+X3lsUbarf1+F6h9y6K7+rhZxcG8mjNzlcProNOPIETrx7o/F7/3Gv93jGuLfPn3ihJbuzotEd4Gqp6dYltLY+Lo91PYjOIt1lJ+9SEZ3Cp25OkWhQuvSKoK6D02TBF1BNBmLs6twqx5ExgRSBvwLZbDrQxcEaekIOz7ghujfO4CVs0uIYwC6HhsZS+qm/qdO2/izpOM4lDdNpUWJsKq7VsKwFSFkqQcUKU3XKAq8KJFJJW+VRPraMQ6qVWsgIvheACnEGrJGgUCEWDECPwKDsUa0YUCBdU0SWLESklzPx9L8MmYm5zA5Ps35fA63HdqD9V0G5eIl0tGmrBnAFA685gqJyIEGD7qpvfbIMGmmDRISJDW20knaf81G7h8q4NL4CuZmKxguWnBjhcvLTZyeWMaFqTKNTVZwanyFz15eoQtTq3xxukpziw1cWnZQJ8lXXNFPd965g/v6c7T7xu3YsrkEmyMcX3R4ohrQ1KoPPwa6Ugaa02W0FpvolDtUa4T43YmYAzegg4M27tqax733bKJd1wxTY34ZWi7LyZ5uCn3AYqZrbtpEb3jLtShtGqKaAs+XOzhxcQUvnl3GmakanZmqYXqpyTUnIDNjY9O+TXT4x16Pn/voQdo1mqOgFRElc5CSwESs4oDYbwORQ2GnBqdWgdNoEBkm4lhx4MfkdRwOY0WFvgEkc1kQEaYur+DS+XHEYYhUrgg7oYMil6AnUejKY6DbxLe/9xz/9n950Dk/NtmBUrqZtCbCUL2YTNnjpMvndMt8SRqyYuk8H8eiHepGw2C7glBvCyHielddyIbkeledzdBsGymRbLX9qXXru24tL9YLKmZFuiSv5uDK27ZSFMYoT5bRe/UIMRFUxoTMmdAKNvpv2w5ntga37cAopTFy6z6OpSAKmYs9WapWm3Cma9h84yhdGJuku153I/cnC3Q5nsMLL5ykd77+bRhvT6La7ohm5GF3764hZ33iu2++6vY5HIHA0b/dW3jmm8db0w++Gv3Tm2H99U3Bff8zicO0mj46rdbCVNf0Hm/7+Iffcamy/MaZZlWVNgyRkczRUnmVNhy8gmRPDpoHuCenUF+sglIWUt0ZDiNFjUtlIIigJQ0sHJtCfbIM2Ztj59wy6aNFsBfCn6ggbHggUyKsO1AtH+mBHKyMwdWLFSJTZ9KlsLNWwzC1jxjUXI2sSCy8NLlcEgnXymZ1Hc2APSOKEGhSMWeTyeZStbq+vze/O5vNdlXKNXSV8lSt1qELDUEQALxGf1asyDAtVq99HStmiLU4coCJNAHdtIhjZk3XsWF0mG6/40Y+/Pbb8YF33Iwe0yWvMg2nvYpsCvA9l+LAJdPSGGBiCIq8AJ1mEyQ0BO0WOAaDYwTNNlhp2LatRK+/YxsiKejl03No1DrwOgGxYnK8APVOiIYTUbUdouYzKdvGwI4B3HLXFvzwe/fh5hs2w9A0JAtZYl2DpmvYf816vPGW9di/vRvdeYvmXcax+TbyUiIKYur4Ck/Ph3CzaXzsQ1fhA+/ah0Nv20c7rtkI27ahlUpIdncRkYAwLbBmsXIVJSRoy84+3HrrVrrjrj247Q1X4oorB7HvqnW44dBWuvOtB+j9H3wd/9C7r8Ub79lLmzeUYEAQyGJp6ITIQxyGLII2xa0qgvoqtVaW0a7W4bkBVesePNcHC4EojKndcsh1A7DQOZnOkCZjdA/1Y3oZOHnsAubGL3N3l02amUIcg3I9A5TM5nD17kEpDT0++fLldrPpx4ZlfjmRsI7phnxBaMaSKWSdVKbMnKhxtiMzHLiNEseyITE2NhZt7tqsLy8vkzFscDgZhnomK6cnVowr9q1TURTdVF1sxNLSBEtJtVqHD9yxg84fn6ZOrY3CletBUYzs6ABS+SzaoY/ORBWpvhxMJdHs0ZFkAxuv2YBbbjiI88dPYWZ8gfZduYnrIiJv1aWbr7yOU90pevDJJ7i/2INsfwqVdhXLrXq8f/OVmsZW58HP3v/YE08yff6++9T/aG79T07pft3H39E3cDhefuCB/yUfEv3VbOsJ4PDhwzJt6betZAQywz2IdQ0Oh9y9Zwtde9XVOFOfgi41LF6eh11MQSQM+NUOeTM1cCeAbkpkdvRDS9rw6h24z1ymuOUgb2twV1tgP0Juez+CmoMfpGp1byigMlV9rdYiNhK6lkgYXzWs3oturaZVLlzo4AiE/qLO7XZs2KElOK2CZKSpGCzbkWfoQmtZVuIcgNFmu6OM1Zq87vqr+clHj1I2n0G9UgMUYOgakyTomkAcAUIIWvu+CiwkOGa4vsO6Lqk02Avf89lpt5CzfCxPnSH4bRbsYXi4l1qNVbSbTWiSYIqQLFuHigmB58M2DYROB4X+fhi2SVARx8RA6FBrNYSta/QvPnoz3vOeA3TizApPjC/Bbblw/RhkEExJKKRNDA+lsbHHxnBvBkJKxK4ixwnWcv80AyQAMiV8EOxSgm64cwA33bMfq+OL+OqjFzF9ep6XphexsZShwUOb8NNvuRKZ/gKBJRQDUUQQGYmUXJshQeoAaSBmYtOAEhJxm5kUU1Jq2DRSpE1bul7zRBAQhkCoiP0AQaXJUEyh00a76ZLfaSHuNBEFES2ttOB0fCxXHW66PrlujJbPrJkGFTIad/flqas7B6kJBIGCqywymy5IGtC1ENs35bB+YCc6voXTFyb50Ov6QcLEw9/4LtK5HPbt3a5+/ifuskvZ3PK//LU/P9rXkztFZLzQbnsdCUBKDmdl2b26+2q1spLyVodWlXEW2LFjLB47fATmk/eFXtegPr4yEB4cAFZXV8vrNnZZE4vNb/YOl+6dm2tsDrww1vJJuXRmEXjzHmw9uBlnn5uAM1MGp3XYVhoxeQguLUDFMZz5FpwgwCa5m37ine/B42eewReeeAS3vftu/Mny5/nyKzPYc2gXHn/uBf7Z9/0Y7Snswr69V9IXX3iY/+3OH6VT8WXYMhbTrUlsGh66PXN48N8eAmr/w1bln2LBeu6+Ly/8f+nHDv7pESv3sFa67+Z/M/vTX/8P+6b85uvaiLh3y6jIUYLOz07zrTuuxB35bcwiwFPj80QjJSRCRnIgC0yuonliFmZmjeYZzNegJSSUsgFDwu4bwLq7duPib34PFIbo29qPxsUVVN01R78ioLXcJCRMFrYmdFsGseQvzpkmI44DHITAfVDGdoPJlh0nVJSMdI1lQJGIVeyJUU1HLfCDJ9teeE+xmBNTl6e5f6Cfenp74LouZ7MZajRaYDDFYchQikxT5zCISWoCrBhBGCGRtNlOJdGqt7AwvQgVeDhw9U709vTR7NQ4BnKKhG7xqdPTrMdNkCCKIx+FvAYrYcKwJKBC2Gkb0pAsSZFym4ijiEzb4Mj1mV2XfKmhPufB1Ijv3J4h7C+tgewtEyAmhAEQxUAQw3cieJ4AIwbFDN22IMwEhG6CowCsYkihrc2IiCj0FWcH+vDjP7eJ4kjR5OQyBrqTbA/0EFoKETMErdE3pWSoOIIiHWRYrz0SCsTEAIhJsCZBJDUwg5TvsWoHa0sdZnAUAKEPCGKmgMIw5vrcHL38/AU+falKU2UfnUChWvfRciIoISiV0pFKGtANjUAehEY03ADMiSa2burigcEu8rwA1XJrzV1gZ9Bpd3D+wgJuvHaENh/cByHB+UKGNm/owr/6D98N914zi9uu3Srecvvu9cVi6tj7fv7z5dsPbjU6tl/2GylTwDW70l3+2bNnJQA1dnQs2rdvnwQOA/fdR0ePHFG47z4XmBNHAYV9+/TtBVOMvbC40n946/29o92/Mn1xCcLSQCmbnn38Al911xU4d2KGmo0OsqODoE6b07ZG2vo+zLtzsAbykBtzODi6l1/GLAwzRZe+egLpd5nID/fQpbkl3NV9CN9vP42zl8a5Z/MQ7d+9i3/rP/0hKu/TsH5gPZ678CKdmh/nuzb0bvyDX/v0JiJ68f7775f33nvv/zEhqYb/w690EQJS2whgoZXEG5bYMXvSpeje7qu0RhywH0f0owM3YEDm0Z9P0vimZZ7/zsvkNwNkt5TgEhB7EVIDWXRma3AnyoAmYA8Xwcww1g1g8sGTaF2sAASc/+ZJaKaGqO0jv76AxlITsRcz0prSdClM03i0QuELwNEI44gw/l/fq225XVEgWy7gCwBSSQ9x5Fu2aS4uV1alEMczycT+YjHLp185wwcO7MHZMxdQLBbAitHudBiGvpb4DCbd0DiOFRQzaboGBqi6UmEJYPeBXbx712a649qNXFmc4VJXGrl8ki5cnCQSFmzyEboOgpDBiNGsV9BudJBKCPT2+fAdn3QhEPkKFEVs6hJOJ8D8bIPdRodi3eSJSkiSmA1ibB3N4+q9Q5TOpWFm0jBtGwBBCAPyNaKlMHUITQfpBlQcg0hAaBKk6WAikNRZty0CCKECpEYY3ZECYkbUFiykTgLxa301EbFiorUEVBI6MwmCCqBYEYQEMa91oEQAMYRhk9AMQMV/FeTAAmAVk9/uoF1rkO96yOaSVG9X+eWJDuZrPsWK0fYVDF2wJn1K2jpyGRM9pQSKGQ3zKw5qTR8vnlqg1x/ajk2b+iBlEgN9aUxPLfHMbI00M8kPPTFON1ytcOX+HfBCgS27duC37svjv9x/tvP5rzzf2jpw9slbbrnu8Cd/+vXtH/uVL//Ku999B51Xq47ybB39CEutEnd3d/PY2BifuPtEfAIn1jqT/2r6X+v7T5wIvduuaA5uTevlaufB7pHSR2bHV/IsiM3+POYvrdBWS0PvaDcatgY2TI4zJnkh4CQBK5+Abhmc1RLUXSzi1ZNn4Bku95g5mn70VWwaHeRnXhyn+YsrvH3zRnz3kSfwc1t+GgPrRsFORFPnxzG4s4uFpuPS6mrkbFX6UK5wGMCLhw8f/ketdP97v5duuOYK4bHi3/haX6N95OpPfP/kK0M52Hz1wDbx/foFdAfA7tIGOuHN0qlwBSenL1N1dhmphAVeacCruxws1kjPJWFlEtDSFmJBYD9CTIChCcTzdfgrTUhbR7IngzhUMItptnMWOWWHlZQKjDidtzSZtP6Fc2J2DF375Ggyqds7121IjQx0OwHauoTUtURgWJEdM0kZSmIBljrVEFPAKj4nBZaabXdPNp9Voe+LZNJCu92BFGtg0TiKKWa1JlIEURBGFCvmKFYI/QCJpA07neAwipEwBQw9RCFrklQeLSyuwlEJVMtVNMplLC5W0G6F8PwYtZoDTRLiOMbsTB0TUw2ceHUJZy+U8ewrK/jao5fp8ZeW6LGXy/TcpTYeObGESq1DW0eyuGFvL11//QYyLBO6ZYLjGCoMoRkaWCmOPY+kaQIkQEJbC/0UEkTM0Iy1YAWpEwlJ0CyQNEDa2lnISoCjmKRmgl7jVUHxWry1EAQhAYi1uCsC1jYfYOKYAAYz1vbmKgJxDKgYiANw5K99rRRiz0XQbsJrtzE/tYrl5SaiICT4MWlgbgdM4ZqliZxQwQ8Vau0AoSIIKZDP2cimLdTajAuXy8ikNEjBKFdb6O4uUuQ7KC+Xsdoimpmv87YtQ+Q2WpB2BpFiGCIIU5lEZqHsHPu9zz/3B/fcsf09b7h19/GP//r9F2/YvdkIW44MpkVoGAYe2v8Q4yiAo+C/a4ANALWJZef2D77Oe/K/PFq94QOHrq95zmgziBU0IRQUN90Qm67fjrlzUzTynoMUs4Zm6GDx2Dg4VihcN0pmLo35sIqZsUs0unE7JsfHqXJ8HAfvuQnnnzpDzUYLd77tFjz0wMP09rfcjfXJPI6ffAVTlWV84OC78VL1NJdrDZGyTCqJ5Lpvt1748uW0b+w8dK169cGj/0dM0X83cfQIxOgddxh/z6ZouF16enKh3vYv3tM3PTGzy52v4fyFM+LfnfgSP/Kdh9khiYm4ikvBCj8xfpKbF+dg9eXhtjtriTAxU+yH8Cpt6BkLLNdOfRXHMLrTQBTDL3cAxRC2jsgNENRcKMcjKYj9ICYta7Nuanoqn/xq+cTEd7Fvn44TJ8Kg104Ig7ICsr186pRb2G1Wx23bUbGihKn5WpIdzTZWdSVaLLEsNNGxktYfaQLfsgxNJ0ApFSOdSpEgwZouX0PcSqgoxOBwP4Y3jbCQBMM0KJHLQLNMVJbKlNFAt163jfq7e7C0sIozY1OotYGl1TaWlmu4NOeh0hZsJhNg3QTpFiZmGvje0Xk889IKvn98BY+cKPN3/3/c/XeUpelZH4r+nvf94s67clVX59wTe3rQzEij6RFKgzLgFsaCgwAf4YB8MWB8j4+Xe8rnrmMbG2OwOQbZXBsMDmqCJEbSSCOhKYXJNalnqnOoHHfeX3zDc//Y3aNRApxkuL1Wd3XXquq169vf+3zP83t+4bktfGZui+aWU7y0mmG5p7HeyzBcD/Dm20d4z1iAwJdYX2kiyw3SJOe4F0FnOXSWQ8URkeczk4TRZlDMBtaGbMkByIE1BmCAeFBw+EY6lCDJEC6zNcxsybIlkAQgwDywwwGJQbwbG+Y8ZZYes2Vi4d6Y/CzZtA9ow2wsWCuYLIXJFas4Rt7tsIn6QBrDNJooWg3Tz3DhSgfPXuvh6aUY6+0MJWGxf7TIh3fWeLga8MRQiCzVfHmhw82u4qP767j7lhEc3DuMcxc2UKzWwPAhkXF9uIJde0bJF4abjS5WFxbQ73W5s7XIxUpRPH/2UrzR0kuTU6M/dvxYZfhf/cH8Q37gvfPUqTdNJ0nf9vtONLdvzgLAQ08/5P4peM/NJoF7Qz0CkI1Ojzxy4v4jsGByRksI75imbuAAo3WafMMR9naPYPeb7uSuVfD3TcA9tgNeKcD62Su88Nx5tBtNRGfXMfmmW5E1uygVQxw6cRDnnpmnVrNP7WGFJy98BedxGe98ywP44vNfwfn0CrtuQO3tHn3h+aeNqPrTM6c+eteFS+cDLnaHX1uw/Tee/VOnTsn/sR3WLLh5+bL5n9Bx0eu2iXTbh2/D0z/xG117146/dG197S81rqwZJzKiVqrS8hdfBB0cpk5F43Jrk77ynz5L3fkV+K7DI8f3U80NsfGZFwDXgU0UTJzDrYWIV9rwqiGC0TKCks+ds2uE0INTLUJ1ErCxKO+qcdaJoZTJh3aPptKBkxvz97KN7oUDxaJbvq3sgn136fGXrg3tcfLOQkev7bsfiCLyuqmljKnkW07znMBMrgOPBq7xLTJ2Qyt9S7VamhDMdnLHhIiiiEyec55mZA2jUilCSAe9To/CIEASJwQCpXGC++4/gQ/96Lvx7LMvY21tG0P1MsJaHYuLa0TSQaPRQ+A5KJd96kc5kr7GeiPCc6+ss7UgZQUuLvew1c2x0cqQGktFX3I1GKj9R0oedg37mKp6mKj6VK0EKJUGGFKxEhKTA+G4EFICJNkJioPkDBKDwuRIYmvIWiZi4EZ09dffYCEGnwQR65xICCIhb/LzCBCDDoq+buYhWIO1IjAPMKt8IN+BtYNGS+XEYBiVg1UKpBHJuIv+xjZdfWURT3/lKn77kav8h19ewaee2aY/vhrxemIwXXDpI+88xD/w4EFK45SUZZoaDqhecrlSckGCsLIZ0ehwiLvvOoRaJYA1GlcXu3jTm+9Cv9PF2Fidzs5vIAgE9Xsp1UJGt5/iueev8uFb9opYuRf/71955A+2u8kX9+8sf9/33bu3/w/+1ZdeCsrB3s/+0bPza2trFvOwCwsL1jt+XD748C3fVpb2zWekulUVa/evsd0e7ozsH/7QlZcXCpXj+60uuFQ8PElR1ee9D94JyZLG6kPgiou9b7iVsh0FlIIyouVNmji8E61WTL3WBh5603148lOP09COIQyNV+jiUxcwtW8chf2jcBLBuw/spNJIlT77yS/QsYP7UBny6MKl69CpNYVAyjv37IsffvBnf/c3P/7j6cdmHrF/JinOd9AX/rey4f9rPd3/R2wCvoHt3itP5gBs6HvvUr0E6bVNhrVoXl9H0ZE0VvCwdGWFl68uw2kmqEDApjnsWpOnb9uPEx94E0hpkOtADpdglYXwHS7uHILNFPoLTYI2cEbLcEo+rLaAK1GbqlDaz2xpoho5HhWYxPPxlr60/6EDvud5XBwr2sWvnm3tPnlH1TX1MgDGsWOM2Vk97bq56/t2M6RcZo4NSsWcNLEBx1maUm54kwm/nmf5Aqyliu9w6HlgrVHyXbDWSDOFXjdC3O2DCCiVQyYSfM+9x+n22w/hn/yj30QGHwcPTnOpVsfmRgtW+AzpI8oMV+sVOH4ILyjBDQLEsYLvOuS7Dl692sZ2J4fKDU3XPLplooRASGy0U45ywxu9HC8u9vGFl5v0R0+u8+995jIe/+JlXD+/hvMvLmN7qYG01YPqJ3DBlHU7yNMM2jBybZH3Y2S9CEm7A5UrsLYwaQydRINCZQbAOFvDnMaA0oPCozJilTNbPQDM7cBxEAzk/R4ZrWHTBCrN2eQaOorY5jlIZ+RICydqsdtcR/O5eZx95Dn81se+gp/9h3/Mf/OfPI2f/a2L+PgLLTy+kNB8R7MA6CdPTOLff/RN/KH33kbdNIcMHNx71w684dZxHJgu08EdJTq4swyjLcex4jjOsWfXCN7+4EEEgcBmM8HE9C5cu7qGSqWMpeUWQk8gzxS3OwmxsTT7pZf58M7q1B237Xpyq5M8+uu/99I/iOHv/8D33YHLy1tfOH36tH39PT9/5kx+5oN/NifPubk5dfJdP+bO/atHllTJ+9y++4+ivbBlS0cm4Y8M8fi+aeyZ3otD0wf4o3veSW8/cR/uvOM4itrnxRcvwSuX4KxklJ5d5KWrizBJiiP33cHPPnkW1V0jcMpFfuHFCzwRlPnxLz2FGo9zpwLePTTJn/rko5gYrkFoQ76FfObsi2iknXed/MUfm/jYx+bAN/DFPyMP4C+YvcyNvMHXeWPRqflTIv+pt3rZuZCGb3Vqo+MjD59/6Vota0YoH5yi9pMXUdw1DAwXYBNNq3/0DLrPXEawqw7ViWjri69gc3mFzLAPt16E6sRwXIF8qwdxw+varfhIlttsEgVvR40409CNCIWpKpeHQmqu9Tb8WthQvSwnxi/UT+x88XqnrgvForxc3Kvx8C1i7FxjyNO1/tbCQg5AYs8eob1OYDJpfNmyQgY+WUhSMhMSOWkn9h1RY85N0o82kiiZnJ4YH0mTxF6/tkQWgLE3Un/BnGcK0pHwfB9jU2Molgr8+U89Rjt37+As16iUSvAkqNOLaKjootNXNL17GlGnQ2wZ0vUwPT2O7c0mslSj28vQj3M+NlWi+w4M8f6xIlVDlwNHoBg65HoO4pypl2ms9RRd2EiwuBHjlYUuPTPf4JdeWcfS1SYuXlij7nYf2wubnDT6VJQWyWYTNk5g85QdARJikE0tiwW2eUaGMeA0xX2y1gDMxEaBhYAFM1tDN+K9B5iUEAAskUpIsEa8vo5QajgmJZmnkFZBryxj49WLeOmZK3T28VfpU39wln/1P76Mjz+5Ri9ejzmzLtq5RWKYICV1coODNR//5ANHcerthzA0XqK5c8t49co2Du8bwp1HhjEy5GPXRBHlio9XLjfh+w6N1nycOFyFcATuumMnlYoF6KiJo7cdwdXzl7G02kGzm1LoS3iOoPGRkpVeIJ47t9V2i7XgA2+9Nf3Ff/rJT7z5LcdLz7y00Pc913zp08+92u/3nbW1NXOz03jnb3xk8uB777nz8tqza/jIabzuXHzDMT95+qRTHCs6vHufXXtkLj3xU+/0C4XCD54/f81OvP0uUdg9Rg/eeoLeVr+LpEPUkBoqUaAoonOXLqJkJDlRDjQzpL2IcpWRP15HUCvS/OMvYOzuI9Rfa2D54hLuuP8wzr18Dm+46w20Y3QE/dUmffGJr+Gd732QLq1cx9q1BnSe8+RwtTJcLH3uK7/0pYVX0lecO7//TjH3yNx35GWd/LGTwcJLC3j/6fdXbh+73c7Pz/93bxe/m1tCOnH6PSHWphROAOtRNDIRN8INtZ7dcmznPVcuLe7uXt+y5fEKuWB0r25gzw/cBd2J0e210Hn2MoKyD05SpM8tgFxB5XIR7YtrKBQLGHvgMHoX12A3u2BBMA7Bq5XYxIqo5LOKcjbtmCCA6mgJNgcsRB+ZveSG4R9u7bn90daZM4zTgPv0Q3wMr4YLfzcpdifKauPJ2QgAjm1tia1ReAWMalcmHpJxeP1+HFfVcEEQd0V3vebVKtrojrSyLgUnzUbr8tbW9uFqwaeJSggKinR9ZYMdZs6VBgRR6LmcpDm2Nhu0troBv1Knc5eXcduR3ZCOi5WtDmqVCue5oSPHxnDp/AItLTYgiPjw/nEqE8GHhCMcNPs5xsoeskxjcTOCLxjNWFPOQJYbBILo2FQZ+3dUCcpCZTkRDKJUodHN6cK2xtNXV8EAExao7guaqgXYVXJQLweYGivA9yXt2j2KauigXHAwNFSicq0Er1pCnltKOh2EBZeKQzUoreFWiuw6gtgYGMtQBgBbqMxQ1OyxzjPa3mhx3IlJGYutdo52q49mK8LCWkSNTsZuUOJjt+3CH15McWE9wzuOjPGeqSFa6eX46kKLLYDcMt5zaIg//IYpjE1WaDvK0NvuYX6ph+MnprGj7qNUchFpi0JJ4qkvXIN0JXWbOYZLgk4cq4PDKqy1mB4vYss1iOKYqrUy7zY5XVomzjJNQRhy1E95ZGKYN5pb+Re+cv6Pfv6vve39H/zhN3/qymo8t29PhYvlisGxY96+ffvM3Nwc8PBpAmbYJGp/OBa+f3pjem4ZMwbfPg6e422n6o7un5j7yMfm8VPApaevzh9/4GgyvHsoGK1Psh328YVLL9Pq/hzvDPfiF1/4BDaXt+jOUhm7d4zRC9dehgOFXTumuJd3YQsV+upjX6F7PvwQ1ydHB0Vr7xitf/UCll5aBCcxX37qeT5w6AO49w138//3t/4zzi21uLJrB9YvbmF7sWGSNyRi/46RB+bm5r7wwN99IFxf61cAbH/L62cQCBh7y23f/6PvvefWS//ly7+0896dEmf+otAaZmYsTp8Wnr40mu9rtUurhQyj1SI5Ztz22y4D3xu1EwgCgyB6l9fg+BIuAaoVwax3ka9uw7t9GtlmF7odwZmoIDMaypNob7RQVAZUC1F580Hkqy3kiUK00SWTKcihIoTvEEsBG/qoTVWwtdDUTjnInKKfiwCPv3apZ8AfOn2P+vXPr1Zv/ev3vS9u9C9sPPlyc/fJk06EdlBAO12YnU9vf/vt8uUVre7YUTxWFaLW2+5drZhKlXzKPEOuYpvYLBfDQ5U+kr5eXO46SZTYMgBpFMghuJIgBXEeR4gzDcE+u47E1kYTR47upZ07pvDKxSV+11vvgm8Vnb+4iKvXtrG60oTnOPBgKVpd4+cvX6F2L2XONXZXXKr5LkWJgktAKXSwb9xFkiskueW1VkydTIEAfuD+vWRycNEn1CshLa91eXm1j61Ogq++uIDNfo6OAupw+eWNlJyGws7Ug9Epzn36MnYPF2msVuAszhBIJteT3M8N+VKg7DvseS7lWnPBkxT6AkKCk1STCyDLNeKc0bNEG62EpRAIHIK0zMHoGIJiQDt2H6Jd4wJbL1ykuYVNfPhv38u1+9+Cn/5//TM8udSlz13aRqwtLEA+wKffso/uP1SnlJgjxeg1erjWzFAeLmDnZJkDBygPFZC1I7q81MV2O2PDoIm6hzuODMOvVFj6BcpVjtAHV6sFWl9a40E4aYpK6KDRTNDuJWhpwzv3TlFQDDa/9tzF9IlnD1x877u+5w0/+qP//Il9e06uf/X5iylOndJnbjLDb3z8ws/8uycAPA2G/pPGpWd/7YuNwz/xvhwPnybmh0FEr4w/+guP7tg39f2Xn3jZjN59QESb21gvr+PsVAHF+Tb01jquOg3s2j2OtNWBTw5euvA8YShAcqkL24px7rcfRzhWgy0BSZKBQh/Xzi9h+MgYzb34Et//oTfDlg3GykN4+akXsecNO9Hd6hEpK5aWt7Hr1tE34TSEdb1xJXTv28JEN1BqG+vzmUjEU3XVe+rnzqjvUJz/nI2Ep08LPPggYWbG7nnXbcKyJzPTNJbkuB5yjvglB3FX/eTa+ZUx1UkgayF1Lm1ipFpEebKCzkYb8SvLiFc6KB+dRHK9AdvP4VQDHHjXXRiankCz3xtYefgevIkK3HIBBSMQb3WhN3vwdw4RS4IxDFnxef8b9tC1ZxeaTuC94EjnsYCHXuh+/vMZAJ4+dW/4crRcXHnkmca+H77v7zgFeQzN7Eq4MxwRhlp9DZo6eoJouWX8SkW6nhEOi9hyss0yDGyeWccxmQAZx/JOq/Qdd+4Z37u2uIz1TkI+GxQ9AVcAbAyyzKLV6YMZCKSggkPYO1Wjtz1wN7qdPr/vLceRbLdo6fIKdLuFOnKMCIU99QBVTyDaalHAjImKT7sKTLdPVnBwqoTbd1VxZLpKO4YLODBRwe6JCk4cHaNb94/i9gOjOL/QIus6/N6/dDft2DFC2gocPjhGu3fUyCdQkipsNyMaLg7M/Q7vGsK+6RHcdfdR+J7A6uo23vXWE9h37ABJSaRIgB2PytUyglIJslImv1bF2cUWtRIDLQPk7JMsVYFiFX6lgmK1iNpIDbv3TNKdxw/Rnn2TSOKcgsDDm0/eSVO7JjH7/GU8/tJ13upnmHvhKl25skqLq1vo52aQhg3gQNnnf/yDt9L737QHi50IbtGjC6sdbOaai0MFuu/EJIolj4RL5HhM11d7+NJz69hqplQvuzj19j249w17UKgOE4QDlURwpKDlzQxWaxS8nBzfR6sZU7vd43IpgPQK2DlZFwmFl6+stfNOFL96dPfwbZe2+tdrtfrWybve3pp9XajK6xHc0zjNf5Zw0sYLF3LMzvIjU2uu19t25I5J3n9g1w/Ofe4ZjOwaFRvPnMPK4hJGJ2tAt4ON9S00P/cy9t55K3CpAZFnaCyvgPoZyhN1yIqH49/7Btp39xFeubZMw3tGsfXSEqwFdr3tDlx4fp7ueuNt2DW5ExdefJVefHUex+7eTyEL3ljaIgimiUIwtP0k/cFoff/a7/6NX+39Sa//3KefW3/1D585i7k1CwyULP+91jPOd6W7uoFbLZ1fSaZu3Vnx3LF9fGziww8ev/t7Fy5e6sx+4ssH8k4MGTgiaydQK22U3jwCE8UoVwrYuLQG8iS80IWNBtZawXAJymFYlzmQDlUO70Dnheugaw3YWMOPDNhaUL0AKvngXgaAMLJ/BJYZSulUSjGlc7VWec/OPp56yuIURJIJpxg3afTUydL67LV/Il2SVCo0+mmWHUwKMUIUgMsAPHhKefOryfootrxd4S6b2KTgsaipWE87jq05jjzUa7cPTI2UYY/uxvYz80zMBAYqLrFipnfvDXHb7bfgxYUOCqUShqohWcdBvHqN94DpwmNf4I1GF/VqCQWH0dmKUPQddLIcoSdwZLyIbi8BqxwMQjc2yIWDkYIPawz8ogcGoVJ04Pge6iWJ8UKIB5TFU/Mb+NSnXuKf/qmTqAY+dbbaOHpsJySARrNH640IOk25Had0fdvho9UKGQu88OoC+sJDwfMY3Q7tnhpB2XPAVsPzXCil4fgCtXodm0ubGKuF2LdnElGcAVJgZKSCbpThdx9/Fcd2DuPeo6NQFigGIb56rcXNXoxXthNeb/ZwZWNgmSMF0cXlbeblbQRSILWWNAM/uKeCf3DqbrhDLl5d2EBuDF6+3IMSwJ7pIdq9s8phyadeLwVLxsZGhGfPNRBnFtOTJRw/XMe+PcO4wcxAHkdIYoU4jbndzqgbaUwOCY6SFCNDHi4vSQwN19gLy3ZxM5Ffm1t6fmSkuvj8+dXn7zyyp3PLwemx//zbj335D/HYt9+qE3gGM3/aoX2tEznw0EN+/OrKrqE33h1eeOyll0/+n3eujzruxLnfn7WB74vs8gqWdoxg37bP0QvXCYZx8dGnMTVRR+W+Y9jcWsfBPXvglH28/MQreOoTX4IZLVBQq6DPGjL0EW20URYBQBJXr1yjg7sP8pvuewMe+2fPYGOtzYXhAkqhh+tLazq4767qu9987/GZH5+58GdivTO/ZjXzZ5Tr/bnAsPjk6ZNOH2VR9eq8prcO3r/72HvePvmOg//2yiLy1W1ro4zZIWJjQZYRTlThFQrorvWQrnfh7RtFttKG2YoAISBcQvf8BpQmyrci9LwNiNCDDn10n7sKWANZK8K1Ft5oGUYZoKtR21FGZ6XbpSBYdkN3znPlc+Ha1cENdAzsPNG3Dns2hHEvnXnsxdduoJMn5eqDs/bEIyeSZJ9HrdGw4prcTLsVWRSG+uhLGGileRwGB6xFOU3TXXGa+y+dvWofOnmLePq5C7i+3qGff1sFvmVCTrj1cBmq5tPRA7fg7KUtJHEMm2p2jUWWpAhdh24dD9laRY4gFEYLiKIUmUsohB7G6iGO7a5hfbsLQYR2pLAdK0SNDHtGApR9CeFIdLMcWS9HWAqwtdLGSC3EfbdN0qXrW3j2qYt427vuRRIl3NhqUr3q8f6dFdq5UMHSqqYKSfRSha88fwXPXVzHpZUG+obxS596msbKAcaGqzDGoiCJR4oeeQ5BuoLPra3Qs8sdLmz0qK0JviuhSeCJyxv441dW0EoVP32tQZ9+foGHQpdyJlzf7sEAtHRuiSVArhRQ1sIYZimIHCk4VgYE8MPvPISfeudh6hhLV5a2+HojocVuhrAW4vC+Oo4cHkE3ymhtu49eonBttYsrix1stzPce9sICqGHWtXH6PgwBGlkSR9bGx0ozej2U1paaADCpV6XuLHdoZ2TFRQCn8PQp9Q6SFNGoVpMlpabC3smR4b+6OlLv+f7g7TzmUF39V/bTdwsVHziI+8pdGW6O2C2uZG9A8fH1174R7+f5T/7Q0/tOjT1gY2n561pp0JsdHH+c89h/M47qUyAGi6jvbgOMy7x7vIQzgkXG1GMIUUIhqtgAOWDU7CxgsoUqruHsPlEE2vz1+CPBHh67hW89cF7aO/xAyg4Lq1eWcK+g5MIA5+XL6zzVqOF47fseACE/zx66tU/fVP4P9hu5rsGus/OzJoTpz+CJpD1Wsnl7sbGmT+qPfX2xbW1Q9xJqjrNmTwBvxQC5QBuOUS03Ud3cRtsAWeoiN6lDbAyECUHxak6GmcXEF9tAkQw7Qj+UAU8LkHVACY3sFIiODQOZ7gEV2uoPOX6/lG6+JlzG07Jny1Uio9u3P+B9cb8DN3Ar7Bx6nB6cnOTZr8wa15P4sPsrMYsaONe11m+Cr3XyaTkNPf6xrTCEpGIQl/ZUcEYFdKBtHZvFMUepKTHvvaKqUhD73nnUTnZfA7HdhXw+U8t04dOFvD0YhNPvZLj+PcUsHd6CGlSQM0HCcHY2mgiilNoZciRg+1ilmtUKiGUMohTjfVWhCTLMFT2YZThcU+QHzi4thnh+rpB0QUSC3gewXEcLDXaSLXGVidDvVZErezzo4+dw733H0avF1Nzs4HxkRKFnkC96GCJBByXeLzkUKeX4pnFbdxsmReaES80I8JC49vx9Oj1H59d/5bpgR0iMszY6Ge00c9u8mxe+z4DwBjLjiAEUiDSBrk19I5bJ/nv/dAJnNhTx7nz17G02sBSzLSSWHAxwKGjo5iarKDZz9BLNS5cb2K9rXFtqYskVdg1VcTenWVstXIYJghpkSU54iTl60sdCooFrG/2sbkdwQ0DXL2+TUf317C1HXPouggLBfz2f3lFv+3tt7jF0D3U7mVzhVLREx51ojzvP/744wKDeKz/WsyGj5065el6Z1/XxBUDsX528nPLmIG9/eRpDwRlQ292cmrHB7D6FOC7oEaKZH4N5cN34uDEBF68vAJPumivtOAMl+AYICu6uPUDb2Hx9HMULTTQLbtQWz1krRjeWAkEgbXVTUzdsgtLryyimXWwe2qIRwoVbi5u0959Y1QfLRFe0mJ+/hqO79txBxh4EA/b74ov8v+iLSGXHr+QA8h37tlz6XO/959+01R/7xM7aeJM2k+qkpll6FPeigbunHkGx3eQbnbA1sIt+kh6KcAMEgKmlyEIPMTKgFwJ6bvovboIvixRum0HHHKgMgNnqgRRDFAoBRzUCjSxd2d63rv8h6UR93kuBOdu2DXza4XpzBkz+x1+gN0nT1al2+fdqsSc28DmfhqGcJAkQod2VFvez4QRYexhbfReRzpjLrEU1ZJ56ul55yu/+n9RkBzgza98nt50dxXXr/eRMrNIiT73+EuY3jmOsWqITdIYGS6jnyhUy0U0uwk2tjuoVgpsAESJItcVIAkwMy6udhA4ElP1gNZbMfqKYUmi1U/Yd0FCCuiuRSc1yABICaSZRaERI/BdvHJ5C5devkIClpfWO2QtY73Zx1YvRStRLIVEZiw2ejmICDcENkwgCHo9F5jZMgh8g7wwWBbxjb8wMxMBkERgBgyYxWBg4BupzSi7EpP1Ct9xaC8ZQfjic6+iFadE1vADt03xz7z3Njx0fAd6zRY9N3ce8yttLPQ0ugw4oYfd0xV4oYNXrmxDG2C92cdGK0Ojq5EbRqXk4pZDI1jbTnB5qYfbD49geaWBRiOGAdHCSoQ0a0E4Eo1OiqKV6CcGwvW5302wY3qY+8YVT7+y8Oyb3nLM6fXz5ZzlurZmnR3ZKzVL6sEHH7Szs7Pfnrd4kx1+E3A/PRDXA6A7furdU4noDbN1G5d+8/Pnv7H4zxswcL21+mJQEVZ4rrSOZBZMHGtcX1ziyZ11ev7yEkxuoM43sZo0OItzmJUm7B6PgrMeegWHfa9ATF1E3RjBaBUycGAjgyxX6K5s4/L5S6gcO4bDB3fR2UtXEN26G/1ujNpQha5dW4PWOPrQLzw0TUTLpz5+Sp754Bl76tQp8T9i5PtzJX6enZ01AHASwM7DE+vlcPhop9GY0L2UBQmSqUba7KM6WYUkAiCQr3cgSh74hsiZpICNM/SvNRBWCuBcg5WGE0pIJhgr2K0WabRS414Ukbh1CsZxAUfAj/pgv9Lt+7g6Xa63tVXdG4JT+lNadDH1jrt3mG62vTA7l+x84/EpD+aIIX19K8Cm76oCxZQ5ktoe85jviVRlJBOjKzAm4MwGt+yvC89X6LQK5O/ZjTfW1jH7BxnHW4p2lyMsrFqsbfex2RwsELzFNkqORuD24DoC7dziyrVt0tqgUvDgSkKmBuGpSa6Qa4ulhgfLwGYvg+M6YGso9AQsCIaBzV4KawHPHfQxTpajH1tkucWrZ1cQ+g59+kuXsXeihNgwVtsJVtspGTAbw0hzDRq0DjcOIpO9Wbu+8XrdNBEcaJyZYXkgypFCQNvBZu/mN7mCyJUCI8UCjgyXcHTfTjp++xFubHfQv76E6aOH+AMP3Ym3HalRvLqOL3/1Fby41MJqJ8VmypChC0iBI9NV9DKD8wsddGKFxbU+erGClBKWGeWCxNHdZZQLLs5fjeAHAfpxjrPnt3F9tY9KtYRmK0Gnm6BW8WG0RpqmHGcW6w1NgevxUksRdTZatdHqb3Ra3Z2tXrzDDUP2fTTkMV+NYYx/9+mn3ZM/djI0qkTNWl/Nb40luHGYTz580u80w/IL/Nlt+uAHBWbOmNt/7u1FacKjuaCNi//802dfV+he6/DPvHqMT58+LWY+OPPC9838yPVKOdjXTlIrqiGJUOLKpWu45Q3T7EaKWDF4pYvk4irVD0/w5uxlNOaXeLmQ4cSx27GSt3CpAKZMkR+6EFUfdq2L4mGNtVbM8VILdNjQXSdu5a88PQebZCi5gmFA/UbXxlGv/j3H7zjxKB5d9Rf84NQvf2ga7fwagP8/KFgDTga/juVO/b9ymOZ+6mPxe3/9owdbW9u+ybWWgec4noBRBoXREoTvwfQ00laM8u07oda7IEkQvguTaeh+xt1+RuRKFMfK8IZL6OgVMDEhZ7TbfaKaj/GpUajAQ3Wkjp859AB+54kvFt2p6t1YzV9c/szTyQ22v/1OfBgAYsc77ryNtNpefuq5BACMSjJy5WVPSKuyfNRAVBwpqmz1TkhnD4OnwaZcCP1ApcyCDd5z1IG78SUuTbjk7buVo2tFesf/rsl5JEKrJRFfiZGmCjtHy4j7fWx3E4wWJZSx8FyJZi9Fri0ypfjqVp98R4CIkCoLXwIgwtXNPoQgKMtQhlEOHQgiaAZ6mRp4WhnLDJCxzLmx6ESKir7k5ZU2ms0IxIxXFzqINHB+pYtebge2OJZBRPAEcVESOVLAMgbseseBtpYzpZHkmnJ7w/IUTI4gDoWkoULAoSfJIUIrTnDHrnEUAw8vXttAlmsu+C45DLRafVxb30Kl5tGevSP4tX/xYd5bI+peWuSnP/sUv7raxnKkqS8E2sIFlQb3hGXGaitBp5vBYsA5a3dzMICqL2CZMTkaolzysbDSRaOdoFgIcG0lh5QCjbZCJ43QaMaoFB2kilEuB1htZKjVSihVCuhGuXnxwqbju/gDzcFnz15unIwVlkdHileoX9B4XOHM7Blz6tQpJL6T9/xeoZSHxTtLvVB+5ER77mNzptX3pCiGeya/7zjw6Itb954+dSCN1Y4kxSvnf+0TjW/Gsl63vOJH/u6pClrolCCfGqoV9rU32swWcIXDnW4C3UxRFg46UiMYKfLCo2fxtr/2Hvo3n3iG2+dXae+d07j26KvIXImjbzyKqy9uIuvHcEoFJI0eXCHADujK/CLf9YbDuPeeI/Srv6i4sdrkA7vHsEhr6PYTG0d9MVKT9wJ45M2VQv573Xj5sZkz6tuc97+ABevbvPhktUUAoDY2vqd5eRlCSJjcIIny18jwaT9F3s2gkxyuJOTtGGwJNtXwqgV4rkPeWAl5KxosIvo5agfHkaUK6dUN2LEyROLiwm9+CcW79kLesx+LYx1sbEfO6IE99xqz8RhOn5zDzKy+0Zbzt7zykyflPrdfFEJeu/zHz3RxChI4hXB9vpBn0gKASPmIdOQwwTQcQSUilMkaktYGShnhCXLG64zxdoOy7W3QyA5c+Z1PY/J7j2O9fwB3vovRenURt/aKODPXAFjDqAysLW90FfmOHGQSphrKMFJtKNGMrjYDT3gLuJKgLSNTGo7jIFEG1lq0c8taW7LMcB0By4YtMyltYZjBYEpyy8MVjzq9nDuJocVWgrVmxt1Uk7bMoSeoHjiYKHlwXIlOYshqRp4oLkhJkyPDKAYu6vUyuX6IVjfG0vomLq1uUN8wRn2X9gzXMFEpExjY2Grw/tEhunX3DvT6GXr1FBv9Hianh/nYkUm84e6jdMu+YeysePClRePqIj32pUu4uLBB65nBtgJE4CIHkBOhUArQTw2STCHVjChVEETIcgPhCFRLHsrhoMOyTNjuKrS7KZLMgDmDMRZJqhFFGrWqgck1pg8MQ4ARZ2DPE6iWC/zsq83cldZzBC1fbWR/8IY7Jmr9NH3CcV2ZrWTbO/btsGfOnLEA6MZoFN/4PdjnnDrlvfX/vbN+YXU9eNsPveUH+ncdTc/dtmdOSCneXzj2yMw/nbGv3YenT9ProAq6QQ8iicsMQKiS84qshUBmWJR9mHZKRhg02ykmR4poXFiFVy3R4qsL2Ox14HtFevo3P4cjf/UBbp5fwO4ff4D+8q3fg3/tPIuoG2Ni/wiuX1jjohBExmDl/AZs1OG2ygkaSBsx5dMGTAwVK1y7uoqjR/ccAmA+8pG34afog9H/LCnOd71gPfD3T92ms+z6E//0U6+hrvMzZ9RDv/JRf/O5F2/tNXqwxggCgVMF1gZwBEgSGotbAzxLArqf4cbpBDmEcKQIqzS8SgAShHS5DaUNsk4y6JmUgXQkVKbROb/MyjP8650eLZ559upItfhrZM2VXefs7fbUvdeXZ55qfnMLDgDHxrZEtDmaXf3C7CB++QwsTp8hZ+W2gjaWJGkHwkphucBAZKypSQEhwK4jgLDkOlmUUZ4r2uwaNM+tcn1vjZypcbIL8xi/+zAufbaPTLjYarex2e7BExpFT8IVTMIy+44kIotuqhHlFtpYaMuwr4mOCYIIygz4iawUNDOkIM4yQ5nWEEQoSgFlmNJ8UMyIQHTj5jo6XcFKI8aT57bQjRXiTJPvCoxUfYyEEruqPt82GtKx8SKmd4xAjtWw0LPUSwV6vZzXWglJ6bAwBM/RZHQRtXACjisxVAxQKfsoVSsYq5cQygOY3FGDX/JQKPqolhwM1csYr5cgHAF0upwsrdDVp5exsLiOzUThle0MPcsI6gWwB5AnkWcapcqgWEWJgnAE4tRASAmtDVxPoFJw4ciBXNb3JMeJpm4/R5IaCAFst2L2fZ/276pBZQpZZlCbKkEKcMF3cPZqm+PUmKde3cpyQ0kpdMrkuR8LgrGnOhtWDw1NZYvlRZ7/3Lyam5ujbxrlXi+54fkzZ/Lv+Xenoy/+zid47Gf+5q0nd+x9+/r62v9hG8l/+Rzmawc++lB0eebR7GY39S3a25kZzv72u8s4Nu1kvuhVdw4DrnAgbojSkxzNjQZ2jpT57Ff75AyXEa130V7aQq1WxtZmA2Xpkp6qsXxlja/e1cSOe/bzC5/7Gk0fngJAaC5uc+g7dO3VVahOimJVYHxiBGsXVvnQ0UnUqgWKtiOxut7GvXeH+3HsmCfED+U3k3NO/dKp0AuKt+ab0UtnZs7kfyELltUmygr2tY3bsVPH3Pkz83r/aDC8YTBplYUgQWwtdKzZC1xyQxdZlCJZ70AWA5gkh2pGcMohQIDNNPqrbbiBA2kYnCnE/RRCCjihC+FKkGH44xXkaw1wlFKdBYfr/dSsd86Kgvfowm/NXp8+dW9oIEen3nf37sD6jauPfG3xNSD0YfA8zeev0z8CAA48/ZDbzbaWHGtrUliHiXoZqzgQsi5BTm609RxHCBKZD5swC69r4D6xSSQ+G+F7dy9wfTgkf8SBunwdvcUWJ8UhurIVwVjGVjdB15XwBFhYJk8SXFciyjWizAxAbYDtgN8ysGi5CSOJGzA3AZm2N16zYBDQTzVpa1lpM3BeAMMYi70TZWx3M8wvdaidaniuxN56CM8hgJmKgQsFwnpi0b3axp2W+BZh6YHpMa5NjpNfrQL1OkO4pAzDsoUMQgi/CEgHzAaS9GDqNinAFuh2gTQGQIwkJRV1sD53mTpbbSxeX0cvTqEcB9uRRscKOJUQJSmQAIAQcDyBoiPQzy0yZQbzvAWkK6C1hiOYS0WPjLYo+IPuioiQKYN+pCAFoehJLlY8EpJw6/5hXLzawDMvb/D0eAXdKKeFzUQ12qktlnyjLEXlO3PLIwABAABJREFUamErSvTXCkH5NyqMZHtoyA4BmMct5sSJ0C2VSnwTo/0OQn/6rR+fSU+cOuF/5YmvffziyIUnTD/6qpEYNYnJal7o3PLzH0jYGGJjyZOFGDaPOIs9HZI2TqCMseXyzolS3lVlhoUTuFveUGkozttClirUzDLcfc/twB8+i7yTAJ6EqHmoH5sEhguoHJxGadcOvPRvPkvOgSFoziCVRLeXojBZofWr26hNVLF2foPWljf4yK3T2L+vTrNfOQ+hGAWHmJShVrPLURQdeNfJkf2fmedzDz/8MAGAm7uTYc0Z7xUyH8BfzIL11X/8B1df/6aNFkYFAGpuNHb7Qo4Ype1g7iXWqaLidB2laohuL0X/WgPB7hEYBsgTg7gjMFhbqF4GGA2pDMpTFfQbMfJeCo4BOVJCai2yjTYc30Xe7rNMrTBJNwXo7Ic//ODyzJ5ZsTzzVAJgcde7b+spR9y66/vvu83m/OLyzFMrN7a1gyfl6dMCmAFmwNWtLXu5VDJ7+ps7jWABogYrOU5sUwk2mkmmhrtk4PbihMqCuKPgXu1ZcSy3tH0hgouYu4Gk7csRzq26tNxfARvAWINcEdgYaCnIWIYUgG8sSAhoANpYWAYNYi0GuzcLwBECZIlyfRMSZ2a+scYbXDgwgYqhB18KHq35OLSrjFrRo2ZisGtXDb0ohzKM0JVwfBfddgrWGuxJioQDrxji+dWINhKNwvw67ayGKBdDKhV9BJ5EIXTh+u4A6wqLcEsFyMABazMw2ev2wVZTlORQuQI5RGmq0Gz2qRPl6GnmnrYU1oogKZCbnJNEExXdgUDcDppnYy1YOIiSFJ7vgKSF6wpEiYZSFuVQEluGKwmBJ5CkFp7rUOBaJGRQ9CW6zRRJqtFPciyuJPzSpW1sd1K6utTn2lBpMWchh4ZKSmnb8jw3EdJ5kj35tXtvu7d14cLn5I7Ep0dnZ90DDx1AqbTDzI7N8nd0NDl9WmBmxr7xJ95Xjou5F33yiT/4xGMv25OnT6qkGRZKQ0k86z1oj2HeqXRd2UyTYh7EdQhRgxZAJktOqrtKOJ3R3aPD669sXdt9755t+cZpVHeOqVIzD/rXtrFtNRfHh1CeqHGSKpKhj6WXrqC4Zwitr87zi787S2NH91LvlU0sz57n9cfOIxypk9Fg4UrqbfcxuX8MSZyziXNKmx0MjxbZ5kw6zhB1EsqTnNvd2KysN4rTtfphAOdu/tAfNCrbuLzx7B/9oz+K/mJvCU+dkrvzzfKCN9ZbidfKGBrKuhvb051Wh6y2mjQ7dhDjDq/iwysHwFYPUAaFXTVkmz0w0yDqnQRgLFgbdsOAOitdMAOFqQpUrtn2Mupd2UZwcJRLB0Zp530HcPWPzzLijLTl5Xyr95mHH3zYzDw4c5NCQoufPtsC8JWx994zHjj21t3vP3Ewjb35jcee3Pw66Dm4Eefm5szoyWMFArFVqqOJq2SI1MDarmM0FwHtGaWgjdXWklIQ9cuR8Ba7FmdfiTE5TFi9anClxbwNgSOHR+jz1xpwBLErCdpYUsYMPOoNw4DYEaBcWxhj7WtrTQJby4KIkBvLbC0cR3JY9Mn1Pfi+xxAEP/AhjEWuLe/fNYIDYz7qBVAUxciUxa6aRBQrpNqytEwMwam2ZATBCgEtBFISyFwHWhme34jp2O46GlJiq92HH0UoeQKkDMLQg80VXFjAWpTrRYShC+E4CEohon6MRBk4oce5MaQkoQ2Bws4hNDZjKhYdWCb0M80qkBQWPCBw0U00pEOslEFmiWKlIaRAlGoE7mABoZRBMXQRhBK9Xo6xiovN7Rjnr3ZwIy8XAsBWK+YkUUiVReAKm+sWuY409XKQGaZlKeUTHtEoCbHlSqcrXNkhwZdGh0pPz63OuaOha3plPf5z/+Zv/f3rl1Z+5fd/8fdfPX36tPgODHbCzIy99yffMZQECF4cenT99BtP4+UvnLWzM7M4efpknGPnEDCzPT/zWleS3BAVAxikKrf6nu/oyHWKow+s6dbdP3DiruT97/4rO/2Caz/x0tfwmV/5ONrbXQIMdkwN4/yrixAQuPo7z6F4aAQ6N9R+9AKanzmH0ngF6mKLVKIh2xGzqpA1DBjAZUbSz+jsuQW+8/gEFUMHWS/muBkDluEFLm1td9hh4PZb9u3H6dMiLiwVH/746cxfeFl5TsU7dfqUc2YAwvNftIJFOHVKHHI260LFQ0fd9ZPQ1EKz+YTu9m61Jh/Y+mpDVltAG7ihi6DswmgLLnrg3EA3YwjPgTdUYNXLyGYG/lAReScDRxnbWkC9jR5ULyNZ9FmmCtyMUJoeQnj3Pk6+/DJ27R7D5uX1LwQkGg/jYQLBfsMT8TTE5szTGwA2dr37/rpLycHdb717hyS+enVmpvN6bGJXP8w23OSyIKq5GSqGaNEyfG2xQxI2jbEFTZwI14mNYeEUCiuNWIx+8npaO1DPyRMBcs/jy10NGViceX6bX1mJUQokMm2RGQsiYo+IpSAobRFZYyWRlFKQIIIjBxQBch0lPC8tFQu+LPio1GqCjeKR4SqxzkW3F9kwCM3G6raXJik3e4rCAyPQHHMztzDKksg1W8tkiSjKLcJAwBrLYcGjLNewUsC6AuS7mBwpUp4pXG3HSMsedo1VwUYhBUO4FtZ3EBQ9gBhWWcSuhCj48EMHXHIh/QIKroQCQfUytLspgskyWAJu1YUTepCBh34zJuEDYeCh0U6QKINMM0EIJMqi01csHUlpptHrWy4EkkgQerFCr5+h3U6xct2iFeVY34pQ8iQTgcAWnpRUdAQI4ERZYgZJIbpBOXzc9+TFTj+5PfDc7WK1vOK49CQglJK0ua2iPDTh3i1Z7aGTFgIhhoQUNzCm70yLOf4Tb5vSXihf+LVPLg2+dOYmzMCzM7Pm5OnTzffs+dlD4j9I/tSP/tMLJz7yEReYw9zknMHMgHR95Ge+v2Kz9E4u6w/cds/dPzA9dcDp2Rx/fOFl8fQfP80OE+WbPW6vbdLkZBXnn06AoMDhZIWKVsIfr6O/3sXYiT1Imz24RZfHj4yTSTSplTbC0EVztQ3PMnyH8PLcZSr/1Ft4z3SJbKZ4Y7VNUZSgWPQ40Zqa220UXO8e/P4nRp9/566j+eYlMVYf63rKXr+5JMDMzJ/TgnVjlfnA33r3wSjNNuc+9oXOzSbg1nRxxAaWuutyqbyXj8FwA4BuN3r1JMogPYeICNbkKO8a4uJEmTILZP0MouiDHAkTK0ASMwAhiY2xcFwiHRuwsWRyA3+kBN1LoeKcIARMJ0He7KLziXnoxZbA3UnabXRe9D3uzNC3uZAzX+djLX76qy0Az+x654lJS3TnnrefSDUll5Y/P98CwBuu6xR9XUFm0pzzGBBkLDtgdgDOiLgHYExZVIW12wrkFwterwlz8J+8mFfu6RnKNZBA4NqmtlfbGr4nkOQayoB44B1MBiBjCRAExxfW89yWdL1lx5WR0botBJaE6w0JEvu1pD3FakmwJ9xSUKN+kjr9TtckaZ7Gq21X5wbF0KWpsQqefmmFXKF473SRAIs4yojBEFLC9wnagiwI0hEo+T7SzKA6XAAEQYTOAOwvBchcoMeMwJEAWdSKAeI8h+cLkCfgWAsndEFFDzJwQYEDvxwgSXO4jkM6VZAVH9IVgDHwq8GNjpLhFHyIzGBhrQvXd9DsZixdSZoZqTLQzNTpZDDGwHUEdSON9a0YrXYCayziKB8QVQWxkCADBjHYI6KCS1x0HQSOgEeAYotNRVhP1bUpT677oVsiKY3Vdt4tOwukRGxCX/kGxnEdkYikH9qw8zv/9gt/fyT3r9woQvbbjYG3fPgdOx3jqGf/9SdXv5OJ5ezMjH77b//ckmymEgDeMzlpZh6e46+TS0+LofiFPlVHXr28du1rtY3JvecbKyc+9eUv8MbLK8IlSaqfAULQteurPLV3HLAgAiMs+aiNlLC50kL12DgTG+ovt1AeLpBHAnGUI2lGCGoFNrkhYwyqw0UkXcMXLq9h374JFKtFam13UR0pwWYamTKUK42peuW2PbdVj/z1D3/oF4TLB7527tXfeOXFhW0XJv7I2hp/DLB/PgvWjQuby8JyabKvXv+mvBLs2p5Mrvpr73w2O/LSW78i3LUMYCJ53xGVGniuQ/BdWGWYPEHTO6vIWSHNBy6hPFmGfUbDJoo0g9laQFsIz2GRaQIDsuDdKFYKbujBK7qIWgmiFxaxev4ZLt8ySdyPN5Yfv3p+z/EDpVptT7owO5t/C9fl9CCp+sa/xOLn5tZAWNv7llvHYZypHfcduxPGxoHtdk0CJK7RvqF1a6jsSdRY8ysGCNnaXDLa7IiGBO8U1pqCK8rKBuUF61K8lDvTJTSWe6a+3lelUsFHlhtoZuv5jvUKJThS9jJl1h1JLa/gS2PtmuN6S9KhFWPJd4gcYs4ZdssY6rOldmO9tb9cLZVlyWRb601JQhSUMpKZBFmrhyuhXFtviW4/QZ4rLK73MDIUsOcIYrYc+JIC34XrS2T5YCsZehJh6KEXa/gSGB0OERYkOj3Dfr1CMTEKJQfWaMTEIG8wQm72FVwJ7J+uQlgDGUooIZAmGYwycHwP5aEi0M+grAUFHlQSA55Eoixiw+jmAw+WXk+BpUMsHaxvxiDBsMzMBMpzi63tmFfWewO6hrFgwxA33ONZW2RgpMq+tjjZSDQEQCVP8lggaWfZwVunC0N94f5vs8u9a2Gp8FzJc/tWcNH07F5bFkuUK1N1YFIOVpEhL6GUPv/U8+cXmL+dLAmYmeE7f/yhUVcH8bP/4RONP0WmQ4/9b78Uff1bZ+zrMdRj3SdrzbxAITq66pVfXZ2//LsfX1rUvbX+PWqpRSqQQG6A3PJ2q0t7hmuAMjD9lMJyAKfqo/NcB952RF1j2av4JEHobvdgM82ViTI6m30SUmBlqYXJ3cNAP4cLQPiDERsGGB0tY3O9Q9ZadLsp3J2OLIchX95ek3tGCsMmUaMbi43o/bvems9MfkvgKjEzHn74YZr5zmGs392R8KlfPpN8yyfPnDH1U8d0ff6YEy61u8A8bv+5Hy30zyVjRgOWLfrdBKw0iSRD0k8wdGgMKslQPzACOVlGWw2k9KzMQNOBQS6d0RZwxGA7lOTgVENWC2Bj4RRdSA0QiIsgbCw1VvR6YxXTt3Xd5DJ/8wr66A/ct5vmO415zPdvFtwTJ064c/v22WtnzmycBrZ+5823dHJDeyxhyGqlfMdVJbitdjEt2kxJB6IPGGEgqlLq1OZ2WxAVhEtNDa46vpOWhJxUcJIta2ad0B8edtUtmjFa8t2wKguJFOKadjwHRP1QYJWJWpYxbI0dM8a0SDhgwxkkYJkdQdL3fNkD4Uocq0qz2eNOq7viB0Epz9S+PM0DAKgVfNJm0DmRlJDSUL+foLecE6yF50lyHYFS0cPwUMhBIMnzHUSx4jQ3VC26SDONTqSwZ0cZ640YW50Ex4+NIe70MFbzICEgWMJqCyEkcgsYh+EKgnAYsdJQBASVAKllMCyEKxBIB5utDIkBtGVEucXadorMMLY6OSwDQgpoZaG0AQSgNGN1PeZOO6Y4yckYO8A4QaBBUwp5A+iTDB4ohniwMRzUFu7nFv3ccDMz1Eutfcu+2uhHT4yPPLKU8mJqnqt7qMZEpZKWU5q5mZK7wpabxWKxM1ucTV4XwvD6e8niNMQbl943AaD3xH/4RA/4JpLDd3Bm+DakSwZA87/8+eaxv3GqlKiux7mNEKsV087mIPgeo3JwRw2+MtbYvLTJxTuPAp4kkg5aSw3AI/iBCxiDwkiJ/KLLUatPqp9iz63TaKy0QAS4oYs0UZja5ePKxQZWVyPccmCIA09S3E1YiMFjgCBoe7OHzcm43tpQzd/7oy/MlD1/ZPfEqB4u+HZmZubbJerwIBYJf87tZQDh5qOFhpdl+WjNXn4U2eEDSztcKSZvuk46NFCKuq7Egf0TWNjsIeskqE8NozBWRnd3Df3zW7BK3EidERBSwMQ5IAU7jiSlBkXMK3nI2wn8koekGYGZ2GMgW+s0kabrO4YSnn30sv3m1jxOdVYsvgZ6Cpw6RXObm4xjZxgAnTl2zNGiv1VwhkyW9w7mqakLYeKUzJjMMUJELetQmbRuOo7wSUtPuGIE1q47TtAmYceEtp2C4CcATo2V1rBoBL7bZ0Fdx3f7aap3amO7BJEDGLEgDwwFxvOeI+vaYhcDLRJcFK6j2KLCzCPMiCCoJV26xCDyHNlnZm2U1mmSyFtuOcjSaGp3+sizDGmaI8sysGFobTjLFUxnYGkMAH7gIgxd7N09zJWyjzTNIR3BgefQ0lYCJ3BQqoW0ttbFymYEshphQBgf8iHBcASh3eyDpMRGI+FD+4coyzSEJyCIESmFfqLBxkL6LtLcYGU7RqQMDAi92KLVy9CJBmTZPNfQlqENI9WMfqKxvt6nTicFscFrKiDQgLZHIEkESTcqFYgtgwQRkyCyPIhRZB6wQlLNvBIb+uS5bfvGXTmd2jN0z9e2VfjF5Whr71h5ma3RjjvAqqSnMqHY4hj45OmTEo+/Jjl7zWWBFvLhSjnffPRfPpqdPn1aPNG/EvY+mNmn8G0e6IPp/9uTLl+rrSD4Hc+3WZJSsOEIUdBaKU6UEFICroUAg4se2lt9lMtEfjlEnjPIAgXPRdeTCCtFFCoFtFda1G30EZR8JHFKhoAgcEDVAL1mDKMNIpXT8tI6mlurLF2H+/0MxIBKcuhMIc5y5FoX7tg7JHeUvRfjfo3+/c/8TnL69GlMn54O9mBP/rpOit7xf75/erhe2Q2ifOmVq9e++u++uv3fUrzE/+xqtfvkSS+XPOq1lAc0fQAouXywPlQayzPFQhIJQSAeMLbzOIO/HUNv95Gv9RG/sIJgsorCgREUpqtgbUBSQBa8AZYiBgxInSjAcyAcAd+XIAhwbgEGmThD3s46ANTY/Bi/bhSkEx952657T90bLnzm2fX5M/M3C5bFmTMWs7P62PwxBwDdcsu8yfsjwgiulQveXy4WxK+Uis5bmTj3rU4812tatisgLyPJHfhiy3HJSNdtATbPNFmW4jKk0/Y8Z5Ok24KUyEGuMiyURku6zpL0vVz6csX13WVy5JohigVxCySuC0nXhXS2hONFwpErwqVtN3BiCN5i5o4jnTVHynVtuCclIYkib/eunQiDgDu9GL04Q5xkN6TLgLUW1hiwtSTlgL9FBHaEQNTL+JX5NXrx7Co1Oyk32imtbcdoRRqr2wkWNmIERR+vXG1hs5VhvZ1js53CEsCOgJYDGkY3N2SkgJESUZKhGyVod2Lk1qIdKTR7Ga4sd7C01cdGR+H6Sh8rmxGur/XRTxViZdDs5Wj1cqxsJbiy0MHCYhu9XgoxGAzB1jLYsnhdMgLzQAXAzCwAculGIWOwSwQJcMEhOGLA/Cg4gsbKAT253MeFpY79iVuGb3/L7tIdS61e7LM21thhOACnVmvrG8yforH5MZ6dndU376WTp06WvCzfxZ7XePRfPpoBoMfxuOiqTknVr+qHPvqQ/83n4/af/9HC6dOnxbd1u3j4Jq0GNFrJui/9ymy7Hdmt8b2TcyIy5/Lt3pKwlnQ7geM5cMs+9VNFy80mB54D7qeDBG8AeZzDZBrbV7a530owcmgcJAh+pYC0FXPcSSGY0WtGA+RJMK+uNvjosd3kBR4lmaJWo4skyiCIKNcWUgD3fM/O/AsvL5a6oisA2JmZGRvfEquZh2e+AWoR5IzkCsN5mpWXri71/ls7rf/5HdYeQMd57ARwfTcMAHRZ5/U0N2AGu56kPMlZKUO+I7nfjenInTvx5d97EdG5BbS7OZzAwdDeEdZak+sIdC5tD8TQ2aDzFI5kRxApZuhUw/Ul0iiDUQxoi6DsIwMv3TAR+4YLJVJTjv1y43WawgFxdB6EM2C5JovHjh1TTy51TTHsFE1fFCcODN25vd0u69wUOwllldDtk4UnWRastQEJsiSRspWKmBgO+g6LNcD0LaNgLIggNKRJXUtXmZ0th2AHVFCsMkQuhIgE2xGXhDbG0UQ8RIIniQQJIRhMhoFtWP4SQJPCcTRb1Kw1y5LkeBwlE9WhunvkjqP8wlPPkyME52lKruMgy3JkWQ6rDXhAqmQhiDzHYd91UQxdKKWoF+fod2P0ujF2Tg8jCB2kuYFwAKuZrZFU8AUUCb6yFlMQOhCuQKUItGIFzxFQuUIvzcGasbYVoVwNsNHKYKRC6LtY34jQiTR6qYEfOmj3c271FeWG2ShGN1aUxApRxpwqS9oCaZyDrR24Ld085TfIoQCTsYBhsDPIYAVgEUpBRYd4kFImmInQVwaOAFkmbmWGRwIJ35V4qZFg+NyG/ZGjI+9pZfbF7ZwvOL5tQwMOyh0XrsKZM/YMwD/2i6cm2g0RrC13mkpitBOXr87/1pn8tS3gw7MGhA0w6OTDJ7/B4fehX/moDxUdmvn5mRe/HRj/mlxsBjx7GjjxkRNux5d688rKrUkvKgqGEZ4EwyJLczgFjznXsIoQehIdw8iiHHmikLYTJK0EUgqqTlVglAGB0Gv0UBwuUtJOEZQ8EAO51iACol5OnU7ErsuU9gcypkEIMHGr2adGOw4LslAQZ+OrnUrntWL7ulSgm7ZN9lH8/gsAXviO4/Cfl4K18FuzGU5jDTPgfadOVADAZTGstYLjSPZ8l1InB2vDQejSwVvGsbXQhlaMkX3jaF/dAhKF1vl1giMxvm8UnicZoUOsLGCZvGoAETogPWivs0RDBi7yVhfkOVQo+mheb2SDwE5+/UXiZ3/7S6/e3MTc8dSjexyjbXImWT81OmofPw3C40iSXSteUZX87nZyi1V2z9WLa2cEcz9XtutLp6hSXZZWCOthQvr2uqsqHXbiYUdzQ0lAMnIhqJcZGtPWTApJXetSjyxZL/SeMeQUYHXFABkYbWKqaNaOEO6mYlNxSAxBmMSyuAgpQMzCgKeMtqmQTkP4okWAZ4GrZO20lfSmqBvt+Uv/+yk59+yzVKlVWHX7VCsXB66fPLhXrLEw1pLvSK6GIYNAcZqhmaSDUGYAnjNgim83ehgZKsMvuMgNWAqJle0M9bKLQsElvxRguamw3VEYqQVII4M4ijFa9bC62kYh9LC2nSBnwvW1GJCESrWAxY0MjkesDVPay9DPLBUKHrJ+Ts1ujijRyNQANHccOajTNxMNBzwFsB1kuGpmuAzUPYHxwEFZAtXAoYJDuJHuRpIEutoSC4lGavh6J4VzQ7YUacaBesgvbvToE+e27XjVdf/qHSPv+LEvbn/63h3+SE5WUpjVY6Xy+999f5a5meg37D2+oCv9vLw6f+zMtdctbfgbxjwCz2L2mzyyLiHjoeaJ0+8J3UrIfndTzc7M6hsbxtcO8oGPPuTVs6D07MdmG8wsqu88/sE8VT9qklQE5dCSskJvRwgOFQFJFPdjVGtFrKMJk1noOIdf8CCqIRxfYujoOJKlLjfWezS1d4R1Ysjc4G+HZR/aEoR0abMRsXQ9Ghuu4dzcMoNBk1MVvnZ5i+JuYpMoExPTY+XLly9nH/rQDmf225sdfKvK8L9Db/jdwLBee1KYzVIGAGmcjCs1SFDRmUYWZURCINqOefGFZTSaMelMwS940J0EpC28coCkl6K12uKgHMAphJAFD7abwvEcSFeC9eCgMYCgHCDeiiBdAWMsop6OCACfBGH29dvn02KwlZmxePe9qp/npdJUODFz9eUOPqZc2KLAxoZCtVqpl9xi6Mltxxcvl7ywEBalAvGQzkWxUgiSnG3KkjlTKLmZJzTFPWkcSYEIWYkSQx+W0hGuQ9eNsQ4JIQxjgi1rkk7PgZkGy5qxxrqOG2lGKOCWBKjFwLYQWIaRoRR6xBoaFhAgAZ9cIVgLq0064vnewa2NrdL9bzvpspQc9xK0m23yCYj6EXJtbiY4s+M4tG9ihJFnAIM2Wh3OlCZHCAgGLA92cZZBUT9FHGUIiwH6SU4TI0UIR6AdGSRX29i3s4xGqtBup9g9WcTUiI9+zmgt9uFIix0TZWx3U2xFCp1YY7unYZZjkCOQKUtRMog7IwF0+jmanQxxZuF6LrJk8KyxDORK04Dbf8PDhgdjny8E7S252F10eNgDFRyJfmYgCDAECAEIJlQ8gaGCg07OXHQdbCeKhRDE1rIE03TZofNNwZGyYm6hbd8/VXvjyZ3h/QvN/PnRsbCfKz2E0BuWfTnrVt1w6aWlLz3z6DO9hx56yJuf+TOt8fkmGdRp7pK5l1ZLbdmZxZkuHh6YSN4MrDh5+seCfiseQ9EU0m7i3vFjJ809v/ojlgwXBABr4ZlcQxY8ZlgiQYTcAIoxMlnBheduJHUbi+JIEd1OjNG79jNVQxodqlF7sYmls8tUHK+wcAVpZWCsRXOjCwhwt6fwxJNX2Sv6BBCSRCEsusgzAykIxlj0MxUAwNraYQJm/6Ri9O1yovm7V7BOnZK7C5vuwm/Npn9W8kNxbMsCoG4nFwQDkylKlCYpBIQHaDAWr3Wo10/hlHz011sDTZTjQOsYNtOwlZAai23s2TeGQslHd7sPKAO4DqA0yFr4gYPeagdh2Qcxs08EzTxoU2e/gcpAMzMz9sSJE66eLhVVe6uza+eO9sUXLr7z3Xe/MZI2qaikH44UDlESJ0eTPN21tNHlXj93Gt3WWpoZMozNfqwXkWY+QBFcGg98WahUQjs+Xi+QsY4UqFPAEsrruUJu52zHWJhUK84kMMGSNTESCCGVMVpKCUtUcwRZRyA2Bj6YrMsOwQMDTg5PrmhtSlKIcWNZQcJ6gVtVmVLlYqF6/I334cuf/SJa7S7SJOXMGtLKsCRBJJgzY+mtx4+h4kqav7aM7V4fxlg4QgyATWYWBNyAgUiKGy4acYaNXCNJFE+Ml6hW8tCONDaaGSQNQPFLSz0oY5HEOVgbXFpJ0c0ARQ7WNlMkuUU/taiWPbR6Cr1Ew/MdKA20uhnaPYVUMaQr0Y1yJiHIcRwkcQar7GtINJghmFF0BMYDgZJDWIsUVnqW6ea4SDe2hiB4DlhGoLIv4RDR7VMlDAUlPL3SR7Ugsa8WQAI4NhTSs+sx5hrKvlOROLm3+qFfWllsj2lvwbpO4pLdfPDBB+3MzEzvZr/w6MOPKjz6DaLnb9hCnzp1SkbfUxiNIqT9XsMxmTO0Lrd3lcKiNAVv7fb+j4T1h5ey2dMDiY4fy5EuMkCmHuXOFIrBxdorcb9d608HobeglW7A2ikVZZqJPB0p6GYEKOakH1Op4gOeAydw0F7tYuz7DmHPgTEM33+ErLbYnF8A/7EHvZ1BuoJc34XnSvQNIzUWQS2EYY1UZ3RtYRMQgqQr4XoO5dqw1WwbvUSMGDU5+Bnn/mwEqP/GQvXfXbAO9HpOWbpDC8Dqn+WF7j6527fdsD58+HBfeqJm1ADDsjcoCybTcKSgiy8uIe6ksBDIEzVYkTsEE+ewSiPd6qG2fwzd69uI2zHgO1BJDpVrCEeANGNooozmahthvcCB58AREtYgFjcIEa+/eG/962/dp7s6T7qJe2jslpWr61fDsYLHP3B78dfOLyYTgVejuskKVrtY6jAmgzKCwEMvUdDWIrdQMNxzwnBbCm72UtuKFG20O/3+divVUaLiXpR2c2PaUlJOhgue46TlsoewXPJLZb8KIVpKcU1Zw440PTaiJiQAyBwwHek4OYOLYJsYIkeCmcHKkaIycG0Qw4IIju8X263Ovne8/32FVquL65evQmsFMMMaCyGIhBDIVE57p8awa6iKtY2NgesaA6ErSRDdBIVIWYa+Ydp3s88nMRglkyin1dUu9EgBniOwsR3DkYDvC6S5wfW1CCo3kGyx2UixozegI/QSg/XtBHJA1UecauSaYWGx1UqhDSNJNXIroFKFciWgTDOMZuS5YWstDVwqwMQMBwMKQyszaGUagRDkCiAQhFASpMBrZFRpiYgIrdQgkAIvrvb5DVMl6tR8TsyAfjEUSij2eKig0FCMp6+3cfux8XFLjnZdxxe+e+Erb5jb2Dm/j75p2PkWh4WTJ086N0B5nDlzxr7v7p+IwtDcUpvacUcwVNlXLFduvXLx2hmdcLVSsXorHVOYmdE7Tv9Ire/EFQ/l62PLZuNqvb7q1Vvu7OysPv3g6cV/62297Af+iqZe5jnObdJ3rKkVhbAaIEuCPAyPlICqD7/oI9w5hMJohY+cvJPum7iFZ7NLtHh9HXk7hV8Kub/Vp7SToDhVBRuLYj1Er52QyTTX60UYPWjntje6yPMi7A1h/fJaC6JYGCIinvzh9zD/xnNEX/dwp5v46Ouvy8mTJ518pzfkVfJ49v+Zjb5rGNblRx/N8GcpVqdOyWN4VUaFUVR0GJ3/3Fw8uuf2kjUCwpWQTMwMJI0cQSDp7jfdgRe/fBEjh8Zh2HLNMFX2j0JJxqXPnIOOc2TdBFYS3yDzwiqD4eESVja66G73EBZcHDg6iUuvrqE0XSWda4Bth79eqOgmSTQIgrKOdWfrytZK+66269bdvJo5b0GnsX9hacs++uRVloA2EDDk0pHDe9BvN6GyREyN1blWKzl5ng/pXnfIgUIQeDi8dwKEKhxpuRLIpFAutR3Xaa+s97mfi/V+P9qcv7pBaxutaGU5bmfdZA2Ow361HI8MlUvlms+OdGOlzX62iDXZlgB1GLIriTLHlZkUbqBUHhVK4XhYKI5nqfZaW827a/WRXWPj42LuiWfAYAqLIbpZDkdKsLVMBORKY7RWRacf0+WVLSRqQPLE4L0gPdgKwGrDriAIJsqtfY0CJyTBGIMoslhWhuu1gDxJKBcdKG0gBKHdVwg88doccHk1gmWG5zswTGBL2Gim7HuScmW401dkiQAJlCshNAQMA0mqIYVErnK85mzKBDaGbq4MJICCA5QcCUcAriAEgrjoEJV9CQlGIAllz4EUQE8xb8eKmIGLjYR3Vz0oELVSg3ZmOLaEvrIAMy20E77V8PDuYW8ky3Ct5KruibUTstfriXtP3es9deyp7Nt4qeGtf/MDw67Y2ceNggUAn/yF3+zf9sNvvXb3D9/3Y2+6+46f3DW2y/24fXTzmatPvnwE9y4uXX9c3PrT7zhyZWHdFevOxcv33KZO1B+RHX/UIIYBgz7xMy9WjDVDjievw5G3VCYrXNkxREtXNqFaCvA8tNoRPGfQXWaZhkMWJADZ15wkGUphFcOTY7hecJF1EnIKHtgR6HdS1CdrEBoQhjkoh3R9oc1GMBXHypwlObYtk3Qkx+2IWs0IYq2xh5n9mbfMmBnM8GsQy9d5V6/9OvGRE4U89kqezHOgWHroow+pG9vU7xqG9aeh/IQzZ8w8YHa9+fa91/TyoQNvv+PtAH8v2GJq3xB5DlEU56hOlDC+axjGKNz+wEGk0nJzs0tDx8aRs0EcaZDrwHEcdBaaqOwbGVwOo1EoeODE3HjUEXc7MR284wBvbvUhJUhIw1DGDnpz4OTmSTk7M7iRPv3Ln3752Klj7vwt8wabKN1/6x3ipYW5O66tJ6wzZSv1utAgkeYKb3/vQ/T+970Tj332s1i6vsIqjkVQqXE45FqTtNDLmGOl8Or1FP1+hrFqSM2t7ULgmoLrmKl6uYipXRO37N5TxJuO345yrcpMbtzu5O3VzW601uhtv3JxdXN5o7PY7rdVtRx2q2VfFwqOEI4zLD3fz6L0mnUoZKAgpFRSipjZSKXzHhOKtbHxSj/OaHN9i/1CgVSeg62lzBi4jiRlDIMI1WKIq8vr2Gj32HOdgfU6W9KWIW5WdSKCHaDa+DpcBDZMMAzhSDADFoJjZYkjhWIgYOzAqyvXgwLiu5LjVJNwBKCYc23J5hbSEaQHGz2CGIRkEIDcCp4ar9DKep+zTEEgJ7CFinOGtSC2VHQIO0IXEz5hMpDsCZDSjIwZmQW7gsglRs0XfGTYp9AhVAoeCoHD672cFto5nt9MkEBQxEBmLBILtBTTq82cVxONikuIUo0Lq33Hk3KIPMrDsCT2tXbYV8uv0mhhlE+snZBzmPvmDot0vxp98d//yxz/8uvdxcOPP+w4oWel5rnz167RuYtXnM7G5pfO/ovPnZ365T07JieH3qRAx/bdNrXR6/U8LDx9ae5jc10AOPXxU/Lyw6dJd54s+77fSLN0PTN64+Dk0FhHWYq2e/BiBbgOtrfaGCl74NQwjYSklUVvpY/LtoNpz0N/rYV8pQW4Ay8tx3MwOjmGfqOPocnqYAnBFrFhbkQ57b5tEnd+7yGqeB77gcsF38XK9W1RKpZRGyr/lV0f9e9IhCt275z87Zmfn/lNADj9h6drUpgd/+D9/5/5m53WcGl6WJTMoeZG51mxlXX6dWW/26D7txSrEx854WIOmJub0/tOnagUZDUYqvk/snRh8RfGx4fGol4CKQjkC87YikyBU83kei762mB+9iJsZrhY9Wlro4tguMi3ve0oWsurxDdMU4QryaSaxWBnxJ1Gn/rNCJCDA5S0E1y/uEHl8TJzJ2bHdb/uaXUGNv/+fPTEqRPZ3Jm5zqlTp8QZnDE4A5s/lEe6vTVsLYugElLvsqLMEDxfgrQGCckra1t04dIStxvbpNMUZ186T3maYWR8BABEQYJ3TE/Q/SffwNvbbb7lnvtt1Gmg3Y54dW0Lz39tBUmc8Ei1iIJHVApM4cDuoWIhLODYWHjowSNHoaQ0jYjjVy9vXlva6r56bbm9ttXoKmPy9oFju/qh48pcOEfcQqjTfrwUteNM+v6IIFrMs3wi6vYKjhCIspxtrnCTnsQgBgih79HUxCivLK5wrRQiU4aLnqRMKSZlSDOzMkyGmY21ZCxg+YadjRj8H0Q0mMuEeO1zEAKZHgRQ5IqRK40wcLif5JCC4BIjZUPKMDuOICEFK3Mjt04IIhKcKQOlDBrNCDrX5HqSe+2Urb6RM2kthl3BB8ouTfgC+4qEQ7WAAncw8EdmcE57uYUxllNtQQDqJQ+VgsuuQ1Q3DhQRX+9rrKeWS0UJz5dI8xxsCYuRQjlwUXcJgStppZOb4XJpq5WabqfjqtnZM/bkyZMupjHiS78D4JsjgXj2t34rxW99I+Q89/CaV91V57Wra2e//PmnPgsXO1TMG9//63/jrSRxC6fFL1TLlU86peKdvXbve8dHam+u/ez7ripDXz7zwTNtAAhO/3ASX9towHeC6mg1HB2t0+VXr8OrhgNsrxuxG/g0vmOc0c9ITtUgFWPjhUUq3TrOZ4MX6NpXXsXKI/OQqQYPAn25PF4ir+BABC5qO2rIF5uIein0Rpd7G11IR6A+XqbAdeF4Eo4ApxZMHg+xxJullCgWw/Ef+bm3/+7v/NJjEUIIj0vfwPH3+qahQnUlLIbeSiPMdmwm/N0uWN/ya+5jcze1hIJTJ9DF/HuVsv/Mq3jIlLbbqy1WuRFhJYR0CUknJXIEnMBFq9GDX/AhyqAEhNGjk9g+v0HnvnSR/ZIPr+xDxWqgzvUk3dwXF0eKyOMceWwgpSCdGGxcb6EyVUMQuCLtqwgurwzOHCgfzVulCyW+/9T9oyvYHjpRP7E0x3NJ9aeq9uWzK+PS2nIoGRSEXKq50mjFIrEolIrkhSGCkk9DVEWvYXlouE5aaxodKmF1aZ3XM01BpcIXLl3Fi8+fFX7gY2JynJmJwsDD1PQoSsUQhw8fRhJHfHlhERuixluLW9w+2+SiY6lWK8pj+yfK4wXn9iN3TN4+/MBeO7ZjR/96TzQ/+ciTv7zR6s6HldJ2muTaCVzj+l5mDHWtUYu+h+OkE7S2NtkykyRBbBme68JqjTiKMT02YkPHEXsnRvjqygYcoSiQxNYYSqwCg+nG0+EGoMVM4ibLaYBi80BxQI7vstaWSgUHQgh4LiHPNXJjIIUAZ4ZuMNBhLN/YjwgKfAfaMhlLsBaUKgPPlxRFCn7o49r1FooFD1ozwVomY+GyJVeASxKUKY1lxbjSZpxvKzywo4jjO4pwBRE5AkpbpKmirmYOXHkjF56IHRdGANe6ObXgIuEMjczwzqJHDOaLG11ClmOiVuKxeoH6jstJlsv9O/3mI2e72w/cacKHHnqId+3aMhculNZ3jO3gP2HSeA1wxz+Hd3UNamK/X3ccmd05MdzpOEJM7Jz8Cbje4nOfePo3RgvQZ/ZA46dnv3roI+85PzzsjThhMF2qFn7oLf/sx7uUmi//8X/4dHf69oMrbsVvO+V6bfS2fZQtr7DdMpAFF/AdSgCsbTQJxkB1IthcwxiD1c/MU+daA5TkgOuisLuObKXNlXoZylpkzKzTlFrrbe62Y6LAw9TOcR6qlGnh4ipSYxDFGXvSQZJqEqtdzpVh33ONVkb0IlWe3lkvAIhmHpppAmjeoJ8wADzysUdiANdfa2wulP4X0xpOnZKHnM16udzvtK6i0N+MUD84uhFKJ11fbvrMREpZISCgY4VMG1gwqlNV5P0MeSuBrAGV0Qo6ax00lpoIxytwqwGEYTiugKyFSPRgdyUdSdoY9LcjBKMlxO0UJAkkBgdqc6GB6V1D0AYZpJ99Q1Fl0OmH0Zi9+OBdohU2QUgn3wN30/FGS2yGe3EOY5iEH3BQKSDq9iGkgPA8EA2oEkppSpIUQoiBvS9AQehzvx+RdCQPDw8xD9oPrG9ugYiQawujDV589QLKlSpBEE17PpeG66I0MowkSXHHfW/ku++4g3/ln/1T3lhfYsem4vj+66W3nbyz8nd+8l3/8MwXXvjlr569uFopF5fIypYSGJKwU+Vq8cU8yw47gX+PHxZsc3tb5r0+u54HKwAvcDG08yB21MuUZ9nAtRQD/V5bKYrSHNra12+f2Q7SvIgAtjRwkuBBaBeEECykINeTkK4DxxEsYEmpgYXz4A+C6wzeEzvYOsKCoJlgQVBmoJPRBpAWCAMX3SiH7zvodjMWYgBUWmPgE2MyEDThCRQEULvx0NpIDH/mSoe6ucHJ/TV4BC4GEkWPyNdAZgmelGjEAxLrYkehxZKHJytUS1LeOTkMDZeJe9g9Svgrb38j91ptPPvVOVzfimjP9LCz1s73TE9jqJ0alSRJb71bHxsbq28fO3ZM/4nzB4E+/vGP23c+/FfDg0dxMFWeGCvguZfPx2O7btvxY1rrhf/44X/x74+dPuXN3rAVZma672c/GE1fRuvMmY+fv/dvn3q+MF15lyjyTz/0t34gSVpxstxqTtcnqnG1PoJuPwXZGxVTEjwS8KRkMBPllne+eRo7D+2gFz/1EkS9CLcSIGn2oVdaGNk5RGE9xPZ6F57vkhM4iJoxFYZ8lOolpL6grY0G13ePQQimpYUl8jwPnudCuJJsbjk1uXRc14alYCgQ7i4AW6dOnZIf//jHLX2HINW5yTmDj8H+ry1YZ87Y8ntOxCgD9QCqsdEVIzsONqJWl5N+Rq7nsuM7gGU4JX/gm1T00Gv0IVyJ6Z+4F8WxEEIBpaUO4tU21mcvIe+ktOuN+zG5m7B2dQsqVQAx+WNFZI3BNmrs1mE0rzZhLUAOISj50IZRKvsoVXwHxvjf/OybAezbf8T96slDo+qen/uR8AfvGbUf+cefOlHzuBKGAWeGqFQIqFwKueFuYMfoECaGauwC5NnBSddZjiD06WZ8VqY0qSRFliRIs5xKxRC+K0jcELyFrgP2XGYi0tpwtVpEEsWUugGMGag88rRP261NKtSrfLhewfrKCq43cv7YH86pqeFXqxOTw+/Z7qT/dzEMYAkRrCUmWVcWt0vHXLx2ZfF4mqay4Pt88m0P0OjuHdRottHpdLG9toUrS+s8sXcHJXmOSGlOlKJcG86NIUkEVxCsZbZgkgP+06BwWYCJMPBptrBKk8o1lC/RixXIMvmugL6RHem5g30myYH5mCcEMPBfRKoZnisw2IYSyiUXuR7gYuDB8iLuZaRzA9+R5IIx7AK7A4H9ZYfHQ0m1QPJowSUSkl5Y72Mj0ji3HuHO6RJZZuSakVkgMsBSK0WPBDYyAx6awNseehDFQPLI9CQJz4W2Dmx3E5ZyPPHsNXrp/KI9u9LG1Fh1saPUkgUwXBren8vsorez5eusbi8D2MTjAgxzg2vB3+Jicvq0eM//8aGq8Id1kncnVYynrm0Yr7Zz9I39ZvL7n/kHHzt38vRp50FAP/Z33ld2C52EiDSA9CkAp06dklejeu+Pf+5jv4Njx7yTP3L8B50w+IDK6Oh773vHaBAbcMjwR0rINtqAIFBBIFc5wQLeWImO/9D3cFFJjsjS5tUmWmfXEQhg5P79yKIMnU4MMCNuJ8jrAsc//Fb85fvfhwIUrjZjzK+9jCf+4+fpjtE9fPvRffjkmS9C5QEVygGqw0XKM41CLeQfev8D7tNzl48CmDt16hToT0p9nvnzIc3huUfm4kGzdcrOnZ1L43fcGShivz5WAbsCaZQgHC8jTTS45KF3aQu27mPfB+5EfHkL61++BOMLIM5RHSpj/3vuxPUvXcDVP3oZ9/21BzHBQKeTwGqgOFVB71qTVKbR3egPbnYQjNac9XMyygCWIVzpyLDg2m/QnJ4mR/5Dfux3HoseG3zK/BIQhCPV8o4Do550HcTKkIHhIAiAQR3kouuSwEA5SyRISoLVCnGcQRtAMFAuBYi6PXIIMEajVCxhdFRhc6sJozJUa2Xqpxoqy8AooD5UhxUuulGMLE3A0FjfWIfnB9BxH1oZ1IcrYvfOEXbCMn9p9onK7pGKShOTicC4BPeg5zhN4diLSZq9udm4Et1xzx3VN73jLdhqdTH35HPYWBg4UBqt0Or3KVYKvSxHK06JrUGuDYWORNGVsMaCJJMjBTJtkWhLihmKGZoZA6MmAhsLleToDUItBm6jAFxnIHImR8DkBkQEYxleQSLJLZgImWJIhxCGDtSAsgA/9NFqJZCuhMo1j45XqN3oAVGCsgSKktDJLRa6OVW8AFUQWbYYLXq4d2cR1zoa7dxgvadQ8ggdbbGWMLVzxmYGbCmN4297E374Jz+I2sgIVKaQ5wmyLGEYpoudpv0Pv/159BODWq2G47ft5yzP3V6iaHWj90PWTUqThbHZW27Z7axEm+k0dcYzYO21HNlvMxKe6s77m5VCUnI7w1vb7S8WbcUWJ4O35IH3lc/89P+zPggindGzAN74d94Hk5XKAFpf7wHOWADmoY9+1N/KMjv79z72n2/7K+9+tD/aea9r8H89v3i9EI5UrVWpZDCgLPxayDbTgy44cLB1eZN6JQkMhRCvWk66fdrzPTuhlUVvrYN0vQtZHRgnlt88jVRa/KeP/z5f6a1D6hwHDu+h2//mg1j6/Dx5lyP7l37gnfQHj3wJ1ZEyAk8izXIu1ArIHKAwXJZ/xkXdnyst4WsEsc5yY4g9Em7J5yzJUdhVR33/MHqbfWzOb8DZXcehHziO+Oo6WmstuPdOozhaQiUsYuPTL6PV6aN4dAyyWsTlc2sYGS6gXCsg7WYIPR/kOCyMpULpBhjoOFACpDMNAaDVSrlQLgSlQA51ADz00Yfcz/7qT2iiDxoAzt/+139vXC1uPjTq0g/cOebWW3E6/tijX/O1VhgtutT3QraWqeC6bFQGgkWpECLeVCg4gCkGsMagIA2UMIi1AasMFR/YShPs2VHF/qkqNja2B1ynMMDA5BhMxBQWivie++7Bc8+9iHIxBKsMQ7UKCIyo04FRObRlsM5w/MAUGrmgu27ba5+60NClskPainHriksU+m1PILGuvO0d7/s+Z+/hQzR/9jzOn7tAqcqQa42020OhWGSVZtSNM+5lhpTWLAVRyXdRkAKSLKqBx0ZrynkAYxkmwHz9TVX8dZcBZgutNAqlEORICIeQagPfdRCnBoEnIaQAOQCkRG4GhQpgaEsgQzAgeIHEdiOBdAisGFZbitIIEy6wd8iFsAZsGSOBg5ov0P//Uffn0ZJl13kf+Nvn3DnmePOUY2VWVtYIFKoAECAKIAAS4CCKEgvWRFNsydSyLKtts23ZslcDWFq22pO83HJLLbspmy3LsghLbFK0JREcUCCJuVBzVmXlnC8z3xRzxJ3vPaf/iARFq9V2u1vsRcQ/b1rvrVgR7+67z97f9/tyw1jX1hMr7WhJbFiNHCpj7Tfvx2hHJK6sHRkls8oyLCz/wp/6w/ZTP/ZRifPMHl55V7CGbr9HUeSEYYPdc4/KX/oPHmNjvcliPiebz23U6Gynk4Pto/07fPGbN73fvnb/7pXDgzfWOs13G4Fe/Hef/5Wa/9e0HAD57Gc/K1cev1KEB1UjPayr1dVVtMtHjeg3/6c/99cOHwaj/k5wxVf+o19cfOrPf9r7nQPlw6ARgEn/sOEut4XT1uxM9cbf/Ju/ev8H7v7Zm2p4yu13bHwvxus1qB5MbLcRimeXJ9Xuet+ePJjK6uUtHOVw7+p9aaw1sa5LMY2Z3R7RP7uC4zusfe8FJosZb/7iy2z/4FOSlC7JIGexfwDffpcXXvwAztlY8tfu8+EPP80b92+xsbXF6Uc3xdMO3TBgsVg8fP5f+GcWhhc+u/RTfmdL//ulYNkvLLEsdnQwXAu6AUWe29q1YhYFgzsTonZAsNli99NPoaYWKo+1Tz1BJgbVCCh9h81/4TmOfvUt2p2WVUGArLaYnUzBGOnudEhniUWQ7loLldSYol52bkvmO4hQZDUN1xWt7JZ98+c9eeIzlfx333zkL/+HP/PDHzzf//5OHT+jw+Z6pBXaFvzClbukcWJ3+qGc6QccEkqj17MngcdsMOC1b3wL7yGCJR0lrIWgXY/VbmjfPTkhr43YRUKQjK0qMnk0zPjeS22m03X7m5OZuJ5vkySRolwKIHf3dklKQ1VVeI4i8D1WNrbtvf0DsvlUWo3IrrQD2V5rUaQTbtw4odvpxoPRzbzf3a5LXR352r3vQH88T+un3nPx5t6ZMy0l2rQ6bdXqdhhdv4VVgtWayXAs1lgGk5l0G+FSq+W5nOo0KNKMojK2rmuZF8v5orGCIxaloTSgrRKMpXwoDDSVwXWXQaZFUWHQFpRkhUEpIQhdrLEoR1ErRWmhyOrl61fW1KKpa0sjcinziiIzOFqRz2M61LhYCl+xFWjOtRzOdDxCR2h4mgqRvK5tVi1FrgdxzbgwclIYRnNLqZUcpgXzouZf/td+gg998nnZv39M1GgIWtNqdVGuQ+i60myEmNlU7tw/ZjwJUa5vnWymb1x5nUBL3e2EKgjU9ImLe8cvvXIj6a02nC/89f/x5HchYH5navXCZ1/QX/rcl+rPfe5zzG96W9RejiwcpapP24qXf/Hf+pt3Xvz5F/XvLlbf8Rr9I8h/19e/86k/KUzRbHSufl3lK91hv/nkhd3t3QubZy6dtkdf/YrKjxdLM6VjJSwVWrvQCJgfTaX3sYtkBbz+V37FNi/viFYl+TSlHMQ4CDvPnrY3vnld2r6lvJWz9+n3cHswon12k51nW0hVkr57ZL/y17/MX/gvf4b/6ht/XTYC11588ozkSUW03SY/iuU3v/YKKsnmAG+9dfmf2UH9f1uofu+9hFeWb6Ny9DhLSpzIlVPP7IlxPO5cu4+/1cObpOSDBSYMOZ6OcbOQ1edPsbLaQaymLms85TD6xk0JTyo7Hy2kOJqjRMhmCekgEb8XMRsnnNwdUxtrTWVElMDDpJk8KyRNirrTbCTyxGfcP//v/Ss//vHH9v6Ds159enFwh8VoiKtrMxNjvCCQr79xV9rtQB0PF/bxcxuijzK72nflhsamw2MWYlkJXXRD8+jZFv5wn243wmg4faEtSTy3F7eUzIqMZ86e41y7sIvjA06veFzrhNwfzEQ7iqqs8MOA+3fvM0sK/Cgii2MC37fT6Zw3Xn2VdiMky0uMMaRZwWS2IC4qbFres6aOleeOm3V9FJus0wiiYDA4tI8//of+2Omzp+3rb71j3712w966flvyNKXOC0SpJXfFWjmczGxnrYfvujQDX9aaEQd5bkEkraxFiSxFvUZ8JVgRPAuVtdYxIovKkD9UOlR5QVVUaN/FQ0SJQmsh9B2KyiAiGCMoq6iN4GptXd+RZJajlMVxHdLCoj2X2WiOYyrbtLVEGJIa7lUVXV8vj5K1ZbXp2qa/DA8L0JLkNblVJHXFnbjmODXMamGUl8yVwx/9Yz9IsLbGg6MJ21s9HMejEfoEYcjh8ZjpbM5wNCYIQ3zft2UtUueJ9CLf2qjPyWQsb9+5Y668e9D5B1+/Zv71n/q+w7vldPriiy96lz93ufr8Eg9qX/zsi14VdtYbOht/5t/4jJELK+d7Rad7597JorMaPFcq/Y2rtw/uvfDZz+ovfObz/59cuL/TrSUbbR3lVew1cynQZ3eb/cbRcHLYdMPTfmms8tzfwYNTWA6OZuBqJu8eMfk//UOMGIJuW05+6yqrlzfQXpf50YzmI2sc3xhI6+IG6YMprUsbrL//Ar3a8tT5xzgpU8bTAWZjk+uTBTe/dZ0/8AMf5r/5L/4uz3ziSdotuL4/IBtmthP4bDUiA3DlyhX5vSgrv3cF6wvLFztNC1NVNfF+intmjembN8mHMaFySePc9nd6srg7oTzd5j0fesJe3jkv72ucYeFW9v/y8t+X+SjG7bcgq8TeHFJOMlxXgcLWeSXp8QywKFfTbPkyn+ZL1IgSLEtA3c07Y5VUxe4v/Oy//S9ttdr/sc7HztuvvFs2NLLaDXTgKimr0un3mqz1WxwdHVMvMnny0fO03BNZkNkf+cA5sVLy9PmAfDxFn9tAS49i2MaL2gR+KP22otMVCaMMx4lEdJfaDaUd5vy1v3uFweGQqNXAUcvBdbMRsFjMeOKZJxiOp1hXUcZTaXsVgafBc3E8l2JRstZv2ygKrZEZwyS55jWbdVokfqBX6fS9+p1XvpX9yI/+gb/86JNPPfPlr3/dXL16U48OTsBUeFGIVpp4OkdcR7zQZ57lcvNkhBP4rDQjxFFUxopoTVmVYgBjH+Y2CHgPfU0iShoPv57UltQ+PB3qZTxZEee4UbAEwmlFmtdorVDGLAWlWuN4SrK0Zj4vULK08iRJyWI0J6gK2o6VDVfQFtAQacVJUtpRoOXSmodFJC4NtYXcwKQU9hcVt2aVvZsaGZXCSVxgA58f+vFPcPqxc3aWJBLnDfaPJgSBS8NV5GlCXDsgmgpFpRwaQSg6ithc61LGc7m0uWMbTi11POCDzx6ff+69Z/4P//HPffkvtjfb77zwwy9Mv/T3v6Rg6W465tic2YgGw2HUTPfcZ7r94NN3J0eHm89sthrKPzm6ejS+9MQp/ct/5vP5/9YTS3dosy/+p38nfvann3UX7s67zcDZ+/mf//s/H0S+LCbJk/mtQRh1ApsaRbul2X97LiQluhtRW4uuFc21BmsX10juDkmbAXVlYbiguduz2vclGWXIOW0XUslPX/o0PRXZVJdy5I3s3zz4Rcm3A37z732VP/1Tn7CLWSJvfv06UTOg12/bRVbIU0+dxyRltJxhwxe+8N1UsF58UfjCF/CVY5SnKDvWDt48kOpojtsOWNwYYH0l1ELUafHI5XN4YShP988TOS3uTfdZ85rgJ6hdn5NX9/E6AfN3jtHrLTRIMUmhMvQ3W3zokxeXuX6J4asvXSeJC5Cld24WZ+a5c+v/UreItw+uH0mj6dWPXD7vOkWKTRPrqlqC0LWuMnJwNGSlHfLIbo/FbMH2asA0LTi/2rDt9R1Zbyq87QaF43Nw4x5eo8ViXGPIOZqUHN2b0Ghq4kmBHwRIWbIaFfyhD5/j7/1GSGzA9VzrVZad3XVQruR5bpWtxXEEo0BRE09n5GmO6/sEnsNGU8vh8UjSUtjb27w9+8bV2RnVVJvb2/aXfvnv1j/yx//4v/WJP/ijn75642Z19GDorK2u4GnNvBVyvH+I3wxxQp9RlmOKEq0V40VqW66SXqfFdD5fzt+Achljj1jw9RJy5whEDz8vsTQcISgNo9KQWaGsaurvODWtZVFXlKWHXUZD4WCZTWKMKBZ1jcjSKziuDWW8hAq2qNgNYdNXXGq79AONrxW+o7gzr+TGtOTauOC53cimZS1ZZZmXhoOk5q1hzkFq5aSCQVZiHZfv+ch70Z7D0WDExfOnrNVajoZT5nFO01e4vst4klKUtW22m6LjnPFkjiuKN99RNJs+G2td+m4pq03NI4+ccR690PvgH/2h9/yF//FbN//Nn/iJv3ryr/7n/6r30Y9+1Hz+c5+Hz8HP/dTPZd//n/zUJ55/4UN/7tlHLn3IZoV688G1O1/87a/8R7vn19vTwbz85F/6Exv3q/z+lc//E27WPwPg9z87Un3xP/1vE0Be/hvfqp7/C39IpSn329P6fkPUX0yS4s/asvxDZSI1ntYNT5El2XIkkhbwMB385Ks36Ty6SbjeIj6Z4bqaaK1JtNGS0c0Tgs02Oupwfu8CrlH8Wv6GPK63ueyfktZ6n2i75tpLX+MfvPINCbstimQptB3e2Rev7dgzW2u8+/b9786o+s9evmw/D3zsU0/kN6494OrdE/Ejz54YK5LXlHm+1GBpTeyXpHcHbJ7bo7YjfvPoCl87uipRENA6u8Lg5RtUwwXRZhtqgw5cbJItjbkifPTTj9FaCYinGW5T02gHxNMc7WssYMqSJ3ZXdt5857ZtNiMbho6OJwtaviVoBuL7GkwpdZqRp4WdYOW160e2kjHH44X0t3qy3RZ6Bwd8a2LZ2mvTCeDoaMbh4YKGb7l68wTPU0TNJrVVmNLy+CMNGn7NahCwYWd86qk2//DNglYjpCiNpHFmmy3N/rXrYrSDUhZX4O6DCdPxjGagUFUujjG0QsdOZ5WKFBycjKbFJD3qrO+6v/Xml+Vjn/qBRz/9B37wD1+7+m59/d0burvS5ea714jHE9JpjMkLjAhlkuG6Dm6vzeJkYm1dS+U41vd9GY4nlPZ3glpRWEJH4anliCZyFKGjMA9JnkoLTZYD8xDIjSIzhqIyVNkyaCJf5CilyFyNqSoeEtetKUuxyFLXlmZEWBoaui6cjxSPdzw2GprzKwGB6xCXhu0OzOo5bwwz/EDLSuhwktR2UtQyKuCkhOOHw/XUwuWnL7B9eot+r4UXBjJPUkQJjUbEPE6Z5ZZiOqfX7yNlJZmp2ej1iFxFXhuajkuka2w+l9h6OHHF4dEJtQjvXr/zg44jl37iz3/qJ2ej2ZtTd7r6R/6DP1XNqjT4sf/izz63dfnUT+yd2v3AE+1Tjait5e9869cWLPL1Bwd3HqvFXu/3GsfhLHV++m/8tP0v/8x/Wf5u/913rp8P/OsvhnsfpPjCZ75QYxE+91nh8583L3zuo84wa5eOtj/iNpzcuPplsupdVxTl8cKS1/jh8lpQAu/56AW2z67w9tUj7r5+yPTGCeIqgrUGJ28+wIQOcuOYxlaPjfed5UEyYWOaczV6ndXQ42p9m6yO2fA7fO1bX6G92uT2jcHyWmv4ZJMZrrWYEFzfY/f06ZLvtFh84bunYH3uc5+zn//85wn7jbmjrU0O5tK8ENgw8EiLGjdwKSYL5t+4zpnve5p3bz7g7f1bqDq3m9WmnIlXuTq7S+gFjN+6R7Pj4zQ8TFkRhJrFfDlYF4QkKzi5Nsd3Ncb3vhN0/LtuW0rVWHs0mhFnpei6ZKXp4/UbuKGHVQpHC2EzQrSS+6OEJ89vyLBw7CItObp2hP/oFo2dTX7gD38fL/2j3yBODWefPI/XOeCtN25x6twOqIiTkyF+u817n9zlwiM7DPf3GZ/cYbDu85EnWnxtP7U4jrhaSOKF7G6v8tgHnuAbr75FKxQaURutPDxXMZstCLVibzO08SJhOk8l8hvpzYOj6elWq4C5e8lZt3/0j/+JP333/kHnrTfeqh/s3xdjasRRTAdjlLGErYh4skAEgmZEtoixphYrkBalWKVIinKZh/hw1qtFLdOksTS9pZ4qfojbtcAiN8zKelnkzFLu4GhF5CsKo8irmmV0vVBny3kiSmHqWgRL09GsuBZlliJTxxoaovCVEHmKfsMl9BWIxUVTFyXPrEd89SDlnWFG09fMK6RAOEhqjithjkNOxebZHS48fp4kL+mKYjSLuXn7Pv1Oh63NHrP5gkarS29tg9FsQRBoWs0mJcIsy9ncXEeZgraraHhq6QDAlVJ52GwuaVzkv/Cbb5zdOLX5FyeD6V/Sbd8pvcqPTm1c9M6s/4iNwr1Um86Imn98+5X0/uQ467Rbz47Hx6kWNc8Pi6Ow3/bfuD049eF/58Xhl/jS+Kmf+ROh25xYl+6247lT40h2cM02sQye/TM/7bB14L4MyUd5yfx9+6mzjuv1bCP8SrfT5eju4T5ZaU1WaFHC7aOhnByM2bq8xaXvO8f47oDtR/uMpwWjOCfPS2xcEHYj5vtjWo0IZwOOTk7obvfk1sldG3k+g5OFZIdTm3/yCfn6y69R35vSurDG8MYRfjMkPpjR6Xh0exEJmtF8zmCUlA/1GN9dHdZ3VieTg3hWlSYVbCS5obvZIb09oIpzHM/l/lsHuM/sYNKEg2/ew/tIQ46GI1Klabf63P3yawSlobnd5+avXGHzzBprG11m96coR2Oyyr76ygNZ3WlRFRWrG30Ww2Vikq0MpqqpUfbOg5F0t1pUZY0yJbbw8XyNsTUSaDxd0273+MFPPMN/9XO/ZkPfyu137sjmSmQfP39annnqPP2VFr/9G9+g0d+yRQVOI5JeW/F9n3wPUaDZ3x9g5ifsbfs89cxFbF2wtrnOcWltFTXlzDmPpy8W6FbfjiaJWEfbTjsiUJXs9tsMDu6TFgUnbptkkWCrmrN7fVYjS54mLJIc6zaGWUHSe2yv9Wt/69eyP/5v/6t/6itf/+afODwZVLeuXdOz2ZytnQ0mgxFVZRBrmd07QgcB2lGkswWmqvEaPskgw9Y1t05G+EFANpzhOxplxXru0osTugpfC1mNzSsrcVUvQXq1pVq6of/J+20sVVGjRIi0UIpQ1mapqrQG1xh8R+h4jm25IrY2FmVlKZ5Hmo6i5Tv0IpdW5OA4GkSY5hVGhEVtKCyMc8OwgtQqFrVlXFoGhaF2XNZPb3L5mYucO7uNrUs21ldZX+3guy5FmjEaz3GDiGlacTzPWGm3saYmzmuK+Zzawv7oPiudgJauWWu6srneZZFVdMKIzb5nH3/0vDcsdPXX/offMM+878JHxXj/E7VRyXR2c3G7/u9VM4yuzeIL+91bTx0fHR6v19443Gh+fDHPzqg0+0ojDOKj2ydvFrm+z0rFpnfG6TVxodMsMc2qUKOv/bs/O3/2b/x09qn/86c8+yz9unAFSL6Y/O8ajeb4uTwt5/mi6O2P7n46niQ/ZSorXjO0Zjin3QlAC7uX1pkcz0Fpu9GPZHLZMLpyH3E0yYMp3UfWKd9+wPGtI9R0ytbmk5RVze3bBxJ6PtPBkFa/zWvfuEL6S1fptRsQuuSHc+IbA+qsItpsspgVtPd6BIFDusjN7+WRUP+e/eUraNZe0G0v7sgi+8lFZaN4HJNnhTiRR51X1ElFlRSki5zOM2dIj6bUvkvdD5jOx9jxjPFvXSfo+gy/fpdqWuBoReArlLXMxjmilMSjhNJAkVuuf+su+SJHPHeZsOM4KN+VoLKstzySOCHNS+I0x5QlvlbousSRGi8Mee9ju9jRhK+8fFU2+h6Op+n2e1LkBTdv3uPbb94hSWtxbCF1aXjsA++nqSdEekE8K7h9Z8TGRtdGfiVZpi2OlqSwcjh32GjXXL8zks1zl+T86S3Orvhy+Xxb2nbKqVbBE2f7nF7tQHqEZwu2trYokxmbbSSOM3tnkInf7V+7dzR5NYjC7ImPPveprDL/x9kibYynIyniRDmiSKYzTF1brZXMhxO8IMCPfOLxDDfwCFsR04Ph0klukbio6DdD4jSjNgbP0RIohaeXqve4qFlURqZFTfXQAiJL0TqOUixDHSzqIRW0NlBUNcZaAiUECtqu0HUVLVcIxEqkYN1X8t4VnzMtVxqOkBvLbtNjNXJxlZBXMC8M88Ly7rTkxrzixrwis8K0hsPMMMhqTvKaSjvoKKC71mN9dxPP9Wm3IpKs5GCwIDViwcrKSg/HcUmynCDwUUtYIrM0Z5KWWKWJ2g3rN5p4oSemrhgOxlilmcxiJvNMfF/b9z+5q89u9Oa//Jtv/IZ1lFlpRZNiFg+aWfzq7dduv3V4cDy+dWv/wc233vjP9/4d9ffDF9d/Peq3X85m87GIebrVcj/aitjteKo3ORmVX/tP/v7RnZfemH5g/dJJ0jZ+90ef1hc2F+Xxm74TrK6cTZMJOx88r3WgPl7U1TxLit2qLDS1zSZHox82lh7WGD8v1DNPb9tv/vp1ufjh89a4SpqBIw8OYo7uTpjeneB3IxorTRbHU+olfYCqtFRHc8qkoApd5vdHUNQsjudy9NJVQu3j1CXjl+8SXx+SjVN6220C38XTyq6f7vHcey+om1du/+xXvvjGDV58XF35whX73VSw5NkfWFXx1HOkTH8iL03PbwZ27dyaNBo+w/3xcsZUVrY4mkt8MMVZb5PcHxHfG1AeLaj2x1RxxvitA/J7cxytbOBpEWXtZLCQfJIhjgaBYpGTTFOMFdDLO7NyNKI1ru8S14auqzFlSZoVWHEosox8EWOyApNm1rFWGs2AD33oUbk7rWw+neFSSv/8ZSJV0giE1Y1Vkjizo+OhNHtrnH3mObt+6XuktX2KdlhTlTXtjU2uvXNXVh95lt1Lj8lqp6RWHYb77yDi8cipNfphRXx0m9VGwdmdiHbg0Q6g11A8fdplpwk3783YXfFYb2qu3B7bQVwJQXjzcJR8LZ4N/L1HHvmL4kan50mqkngu05OxzAYj5uMZKC3j+0eEobds32cLHK2J2iEndw6pq9p+hyBTZLkNAk9ariJJC3ytUCIoweaVkXlpSCtjrUVcJXgPfx46arnxxFIZiyPQcBRtR1gJNF1XaGnsqqek7SgaWmg5ilVfsddweGLFt+c6nmw1HHbaAVVtrbFIJ3CYFYY4r5mWhluLituziv24YlpCarGzWmRSWGZFjRNFKN9hfXeTvbO7NFoNmp0m09GcJM2sKC2u58vh0YBbd0+IWg07XcRyNJwySXLictkF1hbyrGA2m0ltrZRGocMuge9Yp1rIYJoyyeHo+ETqxcR85Jm9nQ899cjlr75y/etv3Tqcv++9jy0OT6a77Y1W23HDC72o/ytf/ff/3tEV+6K89vhfOn7r53/zxu1ffeON6+M3vrZ6/rGXbVqnonjWYt938WOPvbD5oYut6ZZz4jqX5mFx6A6nunvq3Hn3eH6y2ey0vtf3o09pV7kmKRWWd8Ynkx+2jnbyef4EsFJMEnqRI+sbDbny6qEdDxbS2mhz4/UHpCUcvPoAqxVVVtDY61KmJYhCC1TTlHyaEr9zRPbmA8z9KfGVI9x5adNZKnqe0goUD944IN+fcuaxDZ7+4BnGk4Rmw6fZC9X2aquYHaX/8Vd//Y2TFy+/KC+99NJ3RcESgMsvvtCwtQ7fup5MT606f3hyPD+F55h4MFebj++wurPC0fVDlKNFRx7l8YL0rQPyt47I3j0mfveYyesPSK+eUD6YIbWlTgpRnsZzteRx8ZBGqrDWcurZ09bvNiSbF9S1WTLeRTDGLhsJrWQUF2y0fLSjlkkjecF0UZEsYjqhlnKe8fprtyjixH7600/jrpzi9a9fla01jd9oMppldmdrVVbX+qKCFgfvvsPw5msSdpq0VtfwO2s2nR2I9hxqry0rfUfuD8Qe3nhNWnpkrxy1pY5WrVOXDG/dleF4jiiXBwdDvv6td7l3b0ZeK37lm/d5/eaMZuhxZqdFyyn55vWxTfNa6PS+ef2dm2988sd+7IVHnnzPD0ySxMurkvs378h8PKGqKhAhm8U2bEXi+h4n947ww4C6qpg8OKHKCsQiGIsoZRGRWZzatUYgUlfktUFrobZWytpSGGO1KAlcReAoArXcFlq7LFTFw9lXz1dsBopH2i7nmw7rvuJM05GdQNN3FX1PONVy2Qk1F3sej6z4stF2iTxNWVmUiCitGKQV48JwlNbcT5c0hkkN8xpSY0kMMisNuQGvFaJDn/ZKm429TTqdFoilLItlfqXnSDMKQAzzeYzjaY5Gc5klBX4YUlQleVFw4+Y98AMC32MwGNvxcCJxmpCamqKsJHQCs7q2KU8+ukmnEVCkuZoMR/Xzz55fffbiqR+6+tZh/qVvvzvoB84HPLdxxzO89ouf/dmDFz77gnPnYz9XY628+PgVvXZ5Tf/Ji3/S/O3P/7Xk7lfeObj95Xe+du+r1166+H2X7qQpm7a2j2XloFNsNFZbXnvlTnH8oSc/8p5/95kLl3/o28Nb2+PZwk4W8dbwYPC+eJ79kPb0x6q8WKlmmVQHU7nw6JqErubW7SmiHbn127eI5yXJYEGZ1ygtWLNskb3IJz1e0NpoU+UVNi5RnovfDvECF0+UdQ2SHs7IDqYcvnKP1UaDD3zsUba2Ozz//Hmuv3XAPKutNkin1zz55S+/858M3z1IXnrppd/nM6zPoh4aGn+nquZWa15+uZKLHxiWlSE7XlhblRy8e8DZp/do9KLlP31Zo30HrKUYJVBUYAy2fpjdlNe4/QDH08yHMWVWsXtpnaO7Y9yGz/TOiJObA9l4bAdbHj0MLLBLS4gFWxvxXddmWsk37s15arNBmpVWVaWsNSNiU3L33ojCOKxsbWDcjhxfvc/3P71J41/5w/aLf/eX+OQHv5edopLKGhpRZNvtVEZ3bjCtXG5eeZVWecvuPPFhufw972cxmbIeQ20de/TuFek0fNs5e5m12Q17/eaJHM6ndr0p7G53rGIu77xz247GlWTpkJe+fd822x6PXz4jmxurdrVj2H/nREbjBU6rzXw8iZ94/3M/sPrIY3/q1StvqySe29HxiRRpCsZiypp8EeNGAWjF6OAEa2ExmFAmibXG/A4DWbkuSouAxYhwd5qyF3mQL+PjjTHwMIFUP8zve6jJBSylsdTWEmrFqZbDRqAJtXCq4+IAeWXYabooW5OUoLVaZiKK2M2mI93QRSloRg5hZNHjnK8/iJkXBiPCKDfMa4gNVAipEWZGmOUVtdY0+y3cyCdqN4naTcIoIi9LpK44OTih1WraqN2Q/dtHRFGIF/mURW7DMJDSCPsPTghDH99zOXVql1mckLkO86wU7Wi7f/2BtA7HnN7d5K41stU6tll+ijNrgYT9VR7cvKm+/OXXzXufOhN8/qc+/Of/b//jtz78P7x666++99Tq4O/9e8Xx5y78ZNBuJPKln/95+6UvfU4++uKL9q/sf9X9N/6Nj5af+9znlu+BWhJ3//Hnf/E2cJsXXnCefjJ6f3Kv+tTpTzzykQ+fee7yn77wQxuJ5NQtVu/cP7j4yjdfD4pp8nW1KNXiaO4XcWZtbaCspbMakcQ5VZyJtQ+vxSWdB4zBbYX47ZB4ltpimojbDkjnORbQDQ+lFfkktfk4oVrk4jU8XAGvF3Hx2fO2023ItEh5cGPEaJba0iAWsQahKMpr7/7yyyNrrfwvGp9/XxSsfyoxJMTVabR4uKpV+552mE8WCIbBlUMmt4YUWUW40iDc6ZDcm5GNYoKGTxkX1NMM3Y3EVjVeK6C93mT6YIpWinyW4TiKIHAYHc1wPYfFvTGdjQ6O71KlBW7gL68qrUREYbDiKWFSlLx6b8oz2x0p4pKwntJsuAy15tEnT3NmvYtrK0T7jG8NeLTflbf6AbNrX7bt0xescgrRiwpxm/bjHz0vb789wcxz6H1Q3nhraiO7L+HaJrbTtu3QlefXa07u3pavv/RNbl/f5/jghBt3h2Acq8uUZrdln3/2lDx3sWU3Tp2RhbHiew37xlu3eP3lt+UD793ht948YZgYteqVdWut/56tD3z4yfv37+FoZeejiRRpjOtq0rqmzPKHMyYl2XSBiMJUFUWa4rYiKeN0eUtRIqIVVpbgPa2EtKrZXxTsRC5lVVNai1FLLvp3BELm4TbQWLF5UYsG1iLNTsOl7yuansJ3NHlZ0Q5ctBYUmo2GRimhMhZBxCjIrcVTmlFaYQV8TxF4mntxzay2oBSL2rCwwiivKY1Qi0I8D0eWMHfteXRWenT6bdJ5wtbuOo7nsrO1yvHxRIwBP/QoioKDg2P6myvitTymoxm+79LtNKhqS15XNLstjg8GlLVhlmTiOgq/1SArKvZ2V/FsKS3P2jSJjRdGsn3+gpRpzI2jwqx48BdefP/7mr7z2S++fvifyQdXfpav/VwK8DN84XdrrdKf+Zn/7DsnkWbjk58Mf/C93YtGTJRUNo4CmQxLu5kq07t97+CRaVj1P3DqxMzI2OlvOm8Mhs7h/vg1e7D48vxw/JQTBYayFikrwRE2N1p89Veu0ug3aKy3pbPV4tylXb7xS6+ycBR7z51hdGcEs0x04OIoRV3W1qSlBGstXE9x8aldWYxj9t86oCgqTr13F1cpBsdz2T8cEgSubUaBpIscqwRTVFaJ4ugwvgOYz3zmM/o7Ytrvli2hlL5URWYsgB/qN6nNUgXtLamgdWksriPpKLHxPJP+qRXWz/Q5fOMBra023ae3KdLKZtNUFpOMMq8RLWjRKKW48+19u/fEhmzvduzNK8eSs7yDKN+BvMJpBtRFJVgoi4JOq2Evnt8Tty74xjeu8MrtIbtNjc5LHCV0t7s2XyxkFE9tr+2LKgPbXouYvvu2vPzmPfvO3QEH07d49IkLttdbsBIc0uv1eXTD0OjuQfmAbPwAE7h4pk0ZF/LmW2/aX/t//CabbZGNNnz920f21vX70owciZzUnu1Bd91BvNLeOBjLg6lLjs+d4TXmJwsuP7qJ5yk7mCS4vi9pmouzdvrx0XhsQl9JnuaiqB+m3ICparSrCLtdLFClOUpb6lpwGgFqyXVfpmXbJcZYECsiorQWrSCOC+4tDDtNDy2QVzXWstwIAkovP+ZVLRboBJrV0EFrQbuawlqO04qWq3AcqEUozJJi0XAUDpCkFWIF10JV1hzNC3IDi2KJKV4YGOa1RVlJrGJQGLJ6eQR1QgfHc2j12/hRiOO4+EGA0g575/e48uo7uJ6DYy3NVoP2Wp80SamModFtkmUZs1v7zOcpzXaT2Xi5bU7zEu34S8xKkRM1ApJFSlUbu3PpDAeHJ6yt9xjHFW6ElHUpo7i0s+GIwI+kHTmccof1T3zk3Lnvf3L9r949Tv+V+Md/8tf3TnfvzjIrNuioQnlemS+c87urG3VZ7q2SnUoWE/2P3jqK7s3q62Hkv3o0m18XxynsLLlw/8tvmZtftvm/fP1BEHVD8eLK3vnaNcUw7RnHfP+FP/f94eTGgR390qvYvEJ5DkHkc3Ic40SB3XtqW7Kq5ptffMtWGnEbHrNpyvxgijUWK5raLLlu7b0+OnBZ7A/JqhKaLv3dHvevHtHdarM4nDE6meMHPnVhSKocE1kZTzP80FuCBibJ6/weP5z/H2dV/28zyF7/b78YP/vssy4gaVJNzZILLvLwmIYgVVagA1dsUpI8GNF7fs8mxzNp9Btc/N5zzA7mHF87YXx7xOnnTnHzm7dRocf03gQdOozvTZhqRx5mUZAn+UPwCdi6RjmKbLTgwqPn+cwf/DgdKaydDGUlGfGVK/fZHya2bPmiM2vbkwVNKsK2Tz3PmSepkMxsXpbcPsr4WF/wei7vvvpNTvc1Xx8FLLJ9uhpWug+o1Tfp7qzjdfdQ0bdlPbR2/90HstMd097q28k05Uc/aam+f5c6tTZNXDl5MLerzZwL5/rSiNp2dvuWuOGI0+VEfv2W4mtfW9jRbIFjhXQS20sffp/UOxtW25JkETO4f5f5ZEqZ57ieR29zldrU1HlBkZXfIfMiSnBcl2IWL9d4SqE8B3EcHNdBK6EqSqqswgt80ryw9+JCdiIX37GkhXlohLaIUZTGUBlru4GSjYaDdhSVKEZFjSvQ9h3mRU3gCEphlYiM05q0triOokQYLyrsvKQwltrCorRkBo6SmoOkZlpDWhtya6hEoR398PjXYG1rlZ3TW4jrcf/uAe1uE60V0/GMndNbJEmCqgy3bt4jfe1dept9PN9Ha421BtEuVZbz4GSI32vRajQQrZjORtS1QTwXaw3PPvMYYRhKLVjXcWQWZ7xZWk6ttERMZpFSmpFvs8WMWantSejJQtX1yuqWnD8XXIo891KzFWHERYIQ8T1wU8gXZHfu8wu/doW/+407VVrb6SSvnWa//ZXuZvPVN6/ff2Ga5mEaF2mZGTUYJlYHgrG10AwJV6JTtXVPNZWyi3kqNq2oK0O3F1EWhmSSsL7bl7tXj0AJVVlJviiINtvopsf2e05x68tXEQnpnOoRH89BC8nhDKsUpjSs7XUZXRtgFhmrK00bn8RiK0tZVHi+I3lRkRc1jUaAsUbStKLS2a3fzwXLLlGnP+0ejV937n3ha+k/9XPVbDYtvKCT+XSKErSrHzKqDG7gIrWlmqa4/QiNQuVWvHbA4njO9CQmniRS5RU2Kbj7yj7pJGNvr4vnWLSjJQw8bn1zn60ntjHWYq0BR2GNoa4NBuh0W3z6hz5Gx0Pi4zEmnvPBJ7a50IWvvnMi7xzGFKKlESY4eYoxbWkELl6dUeeefPXqgN0eMpsk7K77PP9Cx967EcsP/lCLYpLx+g3L9mlNdX+G6dznlVfv8NXXoNtF9nrC1cqh/c6YQCuyaUmlLA1PybkVn8e3FaO7sVz/n75tx4tSNvoVC+0wPjLcGtY8GN+WRuRgogZtx9i183vcqSsxWcLdW8shu+cIbuAvqadiSZNqOXhXgnKXUVrKUdRFhV1i2HFCHxCCdgPPc6VIMmpToH0PUy/j28vacC8u2Ygc67lIXtbURsitWSZCK6HraZqeeujnM2ANkRJKWyPGki8qmm4tgbcc1seZZZ7lWAVJabHWsshrMgOD3LCoLPPCMEORKpFCLc+iWhTad2mv91jd6HPqzA79lR5FZYjjnHgWs316i9e/+hpnHztLmVUk8wWOAa0dZqM5vTWH+XhOPE+IfJeVrVVUu8kizhALZVHSaDfZO7vN1qkdtBKiIKDZCIkXmdR1bedJJr1uS26PF1YXmQQa8siT7bV1tju+PLLVwtdg4hmBqusiSWySx0SRK3Us9urb+1y7sc9vfPuO/Y13B/bGLE0MSq12G55oeaaR1y9M8mondPS/OCtso+N7UXimbQejlPjOzCrHEfephv33/6O/aP/mz/0t3v7bL0loNF7gksQ5/fUmk6MFVIYsq3AdhzqpyGY5ftNjMVjQ3GrTOrfKuU9eYnRrSD5O8HyHLM6wSlCi8AKHbq9hVW1EHMXkeCG1sfjNAEEoshIlguNAq+nZeJErY2x5/2R+srQRf+H3ZcECoJlf1eNe0wPS39V1yekXXvBeWn+pBGhE7z+aeKo01rparBXPkTJddgCilr9S5hWOq23YCmR6b8rg7hjH1+R5Ba7D5HiBiHB0c8Cj7z/NbJqRLwpU4HC0PyZqeWw/vsP9q8fED4kOlTU8/8H3sBpgnTKV7bZP5QRIWrLWb/HsmYJV1/Ly7Qm/vciIt1qYqrTdyJWWNty8ndovXT2RlcigKrF3JznzN3KpBfvu/hGuEpnVloO7Arnl4p4nT+9qHhyWjAqIreLGcUlzUJKUSOA9NBA78O7tlOIVJU2xtrCl9BqwEitGw4IauBrDSsOh03QZZpUVJTzmx3zfVhPB8FvRNl/86pTheEa716EqCsosx9EK1WxQ5gWu72KBdDKnynJMUaF9D1sbOht9lO+Rxwl5muO4S/ih0grX8aizgtrRHOblcjYVKrKiorKCFvAdJUYUaW0xokgKgyuQY5iVBl8LvhYGuSXy1O/kGda1tUqLGCvkxtppbmRWWpLKgNLkWttFAQXLgAtRguN7NDsNNnfW8XyPtfVVEKHXjrBKeOWrr9PoNCmKkqIoEQEvCrCiiA8G2Npw45V30Y6ivdZDgoCjgyEq9PGUInQ0jz1ziUanjedqirwkKyqK+YLI26QsCprNUMQTposUU9fMD45tkaQSRCF3Oy0aruY3bG3dKpXNloNjUFu9QLAl8/mC0hjujTNyE9jT732af+mD2vrltJVaxcF4ZuLU0HL1Tx0tcjOs6mC7F0hlRMWVrRaOiGn4Jk8LKK38g7/3Cxx97Saz+3MpPGcZJBznRJHL6GQBjmOLeS7pOKHKK5QIXqeDNpbGVo/J3RFuw8NvhxRJSbDSIk8yvMiFvKTd8mn4vviOgzGGsqqYD2LyRY4f+bi+xhQ1jueyWGTW1qJODmdX9NnVNx+CD+rftwXrpWXyc/ZPGTbtnZdeyr5TwKpecMe5p++5rj5b5RWOsgTdkDItKeKCappjHE2c5IKnIa+Yn8wJmj51WrDcwy7Dp5KT2Jq4lLWtFod3xpjSEPRc8FwO3z7A8xRiLGWS0+21eezSecrKiK0KtE0pi4wsL6i0z/pan4Z2WIl8vnlryBu3B/Zk6MpGy8MzNWWeS4kwSJaFtaytdENY1EruZkKcGqtF5M4UklQI+4bLoSKrYTA1FmPFIgwLK71AbGlgmltCI8QWiQtDs4soI8xzmKXWRi7y1J5m/4ax2hi5cZjZ0vVJDbzwzJ48tb1CNRryo+eF8cc/zn/3D7/N3/rSLXskgdjaUNQWx9W4gYcovSxkaf4Qayy2LksJOi2cwKXIcqq8sq7vitLLoqKUoswLgnaTIi8wCplaS10b2p62ujaiRBCNLcTKUbYMQQVwZJkJ+BAUjxZBYfGr5bSsMgYRkcoY0spSWytKCSVCoRQ5wrhGSkdZa6xYgWa/RW+li98IcXyfM+dPkRUVO1tr7N87pNlpsZjFjAdjrEC6SGg0IkbDCWVd0+h3MFmOf84jnSUkk2XAjQ59ms0IL/IJOy1MbZgMJ4SBD6ZmNpkzHs3wwgbT0YT9uznrK21u39ins9qTeJHgWEtXFNM0x9UKr65ksx/xYD9mMZlz+vQGnTAgCroU1rB12ufxRzfkzFbPTsYzVWQJjghuPtY2yxlntXv17pRro3n16v5IsrBps/HM9SphHpfgaltdG8kvv/JLRFFgvRJMUeKIAWNY6QYc3DwBT4vf8klGCWE/IupFVLXBb/rMbw3s8Pax9E+vMLk9whQG8RzypIK6oN0N6G71qJRlOl5YP/KlqAyTydJMnScFbhBapZUgygYtz2jtSZVU/+DBL35zCMgPfvbFjSIj/dX/8AvT7x5awz8pYLr5Rz86mbzzhRt+MzhrTWpQop3AxVq+E3kHtaHMKppbbaZvHREfz2k2A/o7XSZ3RlRxQf/cGp4r8tpvXLW7j2+RzFPp7LZZDGKcZoBVELb9h2XSYIwlnscETZ+jwRDjgTZCu9PGDzycIsecMrZ18670QmW/eWPIa0cpo0VuO67Qdq1Yi82MklZDyWhSM56DdYxNa6QoLXmF9VwlscW+u1/LRzYMq03L0RSZZxaxQtMBschuV2y3EiYLyCrDXkdwNWixrDaFvLSitbJlZaWskHZHMc2NVLXF1cp6ZWkXBxMpiwotGR0GfOZ9e7zx9iG//NaxLfxAgtBHu84yM1UsyWyxFNFqRWWNiGi055InOXma4/keYK3juWKtpUhzmp0mZVZgaoMX+lRZQWLsMvnnIS3ULkO2l1s/kSXAz1qrvpODLMtbjKeXlhoFVisRK5A81FApBcZAVkNiFLlS4Go8rUQHPnlVs3dul263zfrOBt1Wk7woSLMSN2yQ5iWSpHT7nSX9VIRbb97gme99L/PJgiROqa2hs9LFKZciye5aj/loQjZP8RsR7fUVvCBieDwhTTNWN1bI0owo9Gi2Guzfvo/CcngwsLNZInWS8uBWbHsrXSmM5fhoTOQo2+k2pNFrUVjBAd7zzAXOn9pAsgJMQqoidFVw5U7CW/sZuspsUxnRroPUrn3ztVuczBb2W7fHFMqqGcqeTO6L1dbGxuK1fCLfpaprq5Na6rQSx1HYh6htypqVlQZvfuUm4rlUaUVrpYE4CjdwGb5+D78dkielrD6+STHLMVlFsNqkmOe4gUM+z7FacfvdQ3Yvbtjp8UI6G23ytKTMK5ZR7UBtRTmKsqxpr7aVUp7kkrxuLfBZxOAlznY//33ZYf2vPl5AXvrY56vzH338BAGn4VoVeFSVoX64+bMPh8OTuxN6O23Qgq2Wd/Ug8OlsdRhePaSujF19bEsG96dy750BIpb1C+tsnF/n4MaQCuhuruI4ByjPJy9KO5/MpKMa5POYsOHR7bTwPIOvFE4zIj4+EVUVlI4nvcDhXN9nkdfiYthoOnZeQ1KWtqoNzz2qZJJb7u5baXqKmTFiKvvQQ2flQSx0L7j4r5RcXBG7v7CSFtY6rkjoCrPYsN1WzOaWi+sKm5slzkUrTG3xXEEEuTkwxDk8sipEvravHy3ZWVGeiHasrapC6jplVNYoL6HTcKgcV6JWRBAGYJHa1DaeLsRWBsFSG7OsIqIezrwE13NRjhbXczB26anprHZIpzF5khE0fLJZSqsdEThIkWTkVWXrvJIEaGgIl2MyxAh5jdQiYJeq98JYamOxFjxHxABVvYQDikBqIbca4y4dCcpYHN+ns9Ihy0vOnd/D9X3OPHqWNMnwo5DCGDa2OhweHXN0PIaTEZeeeZR7dw9wXJcHx0PGwzFVUaAdRTKYczxPWN1ZI4wCFvOExtoKeZzieQ7JfEGZFbR6LUyZc3D7njXWSOfSeaypSWZTjGhMXcp0MKTMC0xZSrrIaLRCa+qKw/EcjbFPXj4n73niAt31jr1wdotsMecwVrYTtSRPCxqUpNnM1sqVXuQxKWqmxxNWVzvyfZ/+kPWkkEe++S4/94vf4NqDGd1OxGgWI74jdVFZPEeqsqbKSpTvYquKKi0os5K1jRah7zA6WtA9t2Gj9YYEDZ+TW0Mcx1nGFWlFY62F2wo5eOMApZfxa7rlk96aIVpz9vyqPffEjty5fiImL+msNFgMEjCWsBmQxIU1etlGR23PtnuRGkyrdybp9LUX/uwLzZc+/1L8j/jbs+8+L+F3sFjPvyhXrlyxu0+eeiTLyk/kZWWUiPpOMKapjBVXi/YcrLVE/Yj4YIrXCvF7EXVeUaQl6TChVkrchk8QuqRJsdTpHM7J85r2Zod4MF8ikrW2+SwV6zh0Ik/6zYj9G7fotiKU42OzBZ7jMDoecXDzHr7vUSY5m92Aj1zo8/R2m+NxzGCS029prKp5dEtIK2GnJTz3tM/TT7vSCWE9tGSptZ6vxNbYuBSGC5G3TiwF4Ollll8jVJQ1nMysXNpz+PYDI//ij0d8+j0uaVzaUaIwFqmsoH2xd0ZW3ntaePaiz8s3K/Y2u/KHnl2nynNqU0sxmxLnFXlu+G++9kBuZ9BsBraqjIgxy2CMRSJ1UVKVNbaqLNaK12rQ6LVRerl5sw/VhQqhs9phMZ6TpxmNdkQW5/Q6Po3IJU+LZYoUVqLQsY6jyA1S1Mut7O/Eqwmoh4HRRpZHadddstzj2lIpEeuwXI64DpV2qAHtuTT7XcJ2g7XtDfprPTq9NqvrK6ys9cnzkiwvcD2XLM0RrdBK8dbr79JoNajrmsl4RjpPGT84Zm13g9l4gfY9qqommSxo99to1yWeLmj22mhH4Qc+ZV2zmM7RrkOj2ZA0Tjm4d4wx4EQBdVlRFCWmNtYqJY7nkSYJo6ORVMZKoxny3POXeeEDj8l2O7Df895LErlacu3b5uqqFGVp8zgR0UIUBuI5YusikzJP6HSbNuqsirXQ9Wp58kwol8/1+fq3bsiNg4X0uqF4WhMoEaxlcTKztq7Fa3hLYOIkgUnME+/bIYh83v7GbVrbHdaf3pUiq8iykiotKWc50U4XpZVtb7ZlfndEHecEKy0QocpylKdZWY+kf6rPjZf3mdwesvPENklaURVLecvDvCS80JVHn9myn/j0++TOIvnmfFF+qd/v2jvfuD77p7he310F6/HHH1dXrlyxO8+c2sTRn5kOF1YHrhKBuqhQ/pJMqRRisajQxeYl2TilsdEmTwoWRwuqYul9M9aCXqYY16URlKJYZBR5jRN4xKMYaxGTFVhBppM5UTPkzs196spQpBkOlslwyvH9Y9vvRZIuUh45s8GF033We00u7Hb5xPt27N5mi5evjTieGlnEkKcwL0Wq0oquatvR8NiuQ4AwS8AYy/FRLfuJWFtZHlnRKCylQayxRBrRSlhpiawH0LCW8aTmUz9xlpWqlq9eSTmKwXeQcWp5aselzgwv79c8steVTz62xtHxTPLKME0KsqzgpXcn9uffnUsUuhRljaO1OJ5j41kiFmvrqhZTVtZkhaCEqN9ZdlhaLXPrlML1PTr9tp2PZhRJLp1+i3gW0+/4tBo+Yi3WGDyNNCIHrZDAW4pNw8iRSomdF0YMYkUQxxWrHI3WSuyyWcZ1H+YXepogcvEbIUG7YTODNHttVjbXOH1+l93TmzbLK9k9tQ2i6HU7KEcxmczJi8IqEXFdl+PjEe1uh8l4RjJP8HyX+uHzzOKM0eEQa8DY5bEWUaSLhHa/s9RdLZKHm2ShzAvqsub47iFlXtLotdCOZj6cMDwakRfVQ8Ua4irN6GhAHqdWtIjNC/vpH/iAfPSZM+w2A9leCeXWvSFv3TzhZJIwi3OZTqairLXpPJZ5XKC9piivaV2NJGkm8TSxkS6k55bMxwktVfITn36UV16/z+s3BnLu9AonD8ZUNRYty/xATyNKUcYFtijtR77/Mbl59Zjj44SL33tRTj1/jpNrxxhjqZKSbLRAuQ5VXonfDHA7IZ3NHtP9EfHxjKDXIIwCVk61Ea3Zf+W+TYYLWb2wznyS4gQeRVpYrUTCyKfV8eQjLzxqv+/jz8vd0dge3xp8qe95t2/+8E+U/M89hPJdVbCuvHhFeAnbubxlGo3wp7Ky8mtjbV3X4gQeylHiRK5gH24K2wGeFtLDBauX1glbAeUsJRslYi00ehH9vR7NbihZWlGmFdS1dXxHwla4FCh22+TZMpPSaTZkuEg5PhgwGEwRDBUOD44m7G10ZRIXOJ7LI6dWCPyQzV6DZuDQDF154Qefkq+9cyK3742xIiSFkWkOJ1NjrSviaGE0qKUySHfdyk5PxNVi/8THA/nTf6Qr5xpGTgY1cYYEDsSJtXs9JYcTY8VYqTLDYGT50penTMa5VBUcL7COY6WqsJe3fLkzMHJzZHh6r8VuUzg8jiWrhEFiefX2lL/z9kzSVpu6KFEiYq1lMVtInua2rmqx1lImmdiixG83aa71sFVFkRVSG0MQBdbzXJmPZtRVJe1+m8VkQb/l0e82oK6oqhplaun3PExtCH2NUiKhr8XRYsvKinoYliqOiBURrZEKUApxNOL7mnbTpdkOMEpbv9kQp9OR7TPbuGHEuUdOsbLWZ2dvSzY216x2HcnykiQp0I6D63nEcSLNVovFIqGqq6UYtNXg5MEJZV4QTxesbK9TYCmSHGMM+TymSHKsgSLNmI4nmKoGtZzlLY5HS9ppv40XeCSLmMlgQlmUViwSNSKqqmZ0cMzoaMAiTqypKnwt8vjlM/ypP/oJ+cEPXiKKGtIIfE6mubWuTzN0aQdKVlseSrvEaS6ZeNQ4eFHLGmsk8DzWNjaIS8Q3y2LwyOOnaTYa4mrFj334jExOYu4dz23Y8EWsxfNc8rSQfJGjtFBmJW7kyPs+eIrf/vVr1I6Hq4XjG8ccvn5AdGaFapFSLsplUlFeUmPs2s4KzSCQRZJapRVew5fWSoMzj2/jRi5v/eo74voe7a0Oo4MZYSe0tqzFdTSNti+NhsfZizv2q6/dkte/dv3bjSD8pSL3x/f7P1vwEva7tsPipaWg2vu/byXdlfZnsqJaw9fWVDVO4GLrpbvMiZYreCugPE1ya8TK2XWiXkiRFCwO5xalRAeO3bu8LYPbQ5zIp73ZXqZIDxcSrrZss9+S2XCGsVjlaqkNtuk58shWj9u3Dyiq2jZDV0bznIbnUGYF26stWoFDpITQNTYIPZQScfPS/uOv36HJQjoNh7UmEipjFxncPjDy9oGRtw8sg9wymsH+ECaxMD6oGB4U4jWt/diHI3EWNVtNax+76FBpzYVTioMTI+f2lH3qEUf8plq22rmRw8TiaaESkbVIGCaW3GrZbLqsNbQMFjXTpOTNgxkv3Zlzx4YYa8izAtd1iGcL8iRDlJJGr0WV5bZYpKBE3CjCDV2bx6mYsibqNPA8l3g8E61E2r028WyB7wjra21m4zl5VpAnGe2WR5FXuFovzeVaoQTy0ojrKOtoJa6jcBwRpQTfUdb3lISe0Gt5OI627aYvvV7Dur5Pe6UnvY11zj16nk6nyalT2wSNBq4f4D4sVkEU2SzNZTKZ4gU+SoT5PEZpxWQ8o9Vu4jgO9+8+wBhjK1OLqWqKrLCmrmUZVw2mqqxdptvYOqtEwIqjpUhyW5WlxJM5db7ULcWjqRXtLINMDDI+GbHabfH0ey/b06e2uLi7K6e2V3j88kVOnz8rDtjZJKVcLMQVg1KKtmdkvRPIyTjm1tGCZrNps8JgDOLpmjTNJI4zqqLEitBoNe1RCvEsZX7vgKZnRPkax3Xlhfed5cqV+9wexOzsrkqal5RFKQLUxlCME/ZO99jZ7fKt37qF9hwGtwbMThZo10F1AhZ3R9iHYSC9nR57j+/I1tmu7L3vEkf3h9I9tyLpLKXb8Dnz1C43XrnLwesPWNnr01xtkSclooUqr0XU0iHhBY6tqlpdf+fw1dFg8YtrzfCVojEdHfyVg/r3spz83g/dgcufe9G98iO9cuvlu79ZWy5XShl3reVgjK1rK07koByFVIYqKwk2W+AIi5MpQc/HuoL4jtiyxmSluIGLjjxm+xOMFes0fVFFRRUX4jRD/MizzZYrg3tDVvqaP/eHP0IwH9n57TtyaxzLTeeYZiPi7XsjepGHPpyy0m3Y0BeZzlJxsFSVZfFgQFCXUuiA7baWQFWs+si1UY1IifY0xwvDLK4pc+EwtvQbyK0ZvP1KaU/fFc5erew8taI0HN6yklcVbQXrHcWgFD5+WdvN3OO//oVETAGOI2Ifxrrfm1iGpebUms/tQSzfuONZUY7UKue4EB7kGloeVbac6WRZTlXVhM0IYyyL0YwizmQp/1fWWkOR5ChHW78RihJFHqdoJbbVbkg8W2Drima3weBgsNTg5CWRr6wpCgldbcGIUksblLHGBr6WvKjFdQStRBTgaiF0lTQCTeQJnqNQWokVTdAMZW9lDW9th6NxRrfbsX4QSNRu8+DBCZvdLgdHI4Io4sbNe+K6GoswHk4oipIyL9ne2yKJE0YPTvCjiP7mCge3H0ij0yAezRBjRbkuRgkmzqzjeVIXJaKVKNexeZqJqQ1+t0XYayGz2C6mcwmigL3L52R4/5giz6SzucIP/8AH+eBTl/BDkc2Ndc6fPsvh/TtSpgllZW1T51LMJ2hl0cWExWQmC4SSkt0gIHJLquFUBgtFHGcWa0S7LrN5yp2sYHetaS+cWserRO5PU7LAMn53xO6KJ9vbq2in5i//zKfkh/7s3+at1+/aVjcUBJSrrEYkyUv2drsMjmKMEvyGj/I0+TynudnGpOWyKbDQ3GzyxB95nz34xh0Zzgr77f/mixI1XJhVLG4cs7t1jjgvQDlgwe14JEWBqS3UVgSLfRiKq7TDZJBy//rgnZXz64dTsa4LLlB+dwL8ftej89QpZ68KIuvVj0rD+77x4RjlaGlvd5cJN44SYw3a05jK4jZ98uM5gtDZ61FWkA8XVGlpDcLa+VXJqgpHhMm9KY21ltSVIU9KWxalWEQaoU82nPIX/vd/TDpS2eHBobTJsWVl757MZT5LrKuXPKjJPLMr7Qah7whZbNNFIvO44OBgxC/fmDLIlcwk5HAumEaX577vnL14wadvKvn+D+xwesO3Jk8lxBAvLMOpBYNMUuSNA8vdOXK/Bltb8tTKjaG1rY4S3xX5u79ays9/qWScGA4SGGeWtcCK7yhGBdyYVHzPmSZvHxcM40LSypLUwmuDgge1Q7MV2UWcSZZmmHKJlhGBeDKjTFLqqgIQ7TrityLRWovjaHEdTZ3nKCUShT55mlGmmTQavjVZLlWaEbpiXUck8jWBp0QJUtcG11E29JQYkLq21lGI72m0UrhaaAQOIFgLj5/vsdYLaTZ9Ot0GnX6fOujS295mMFyQl1bOX9jDDwLiJOPgcEir02YyXZAmKUmao5QmTTJEaaaTGX4YkOcFR4cDhsdDonaD6WiKFQgCn9GDk4dpZtYq18EUpSz5aM7Dl0eo0xxTVaJ9H+1oyWcxyTxlOprS21zj/NldfvyHX+DTH3mvtaamyCuwims3b0lZG9sOHFnrhrh1Lo6yKFOx6eesNDVZlmO0Qxi6dGzCfDCwyvek2WmLiWd4trCdUElcKUrrSF2VdNuh3BskvHb9CFPXTGLDfDhjMhjaYj6XH/jIZb7+6h2u3x/j+K5oR5PGiVRpwXu/5zz7t4fMS4vjKIqkxFQ1bj+iLiryWYbJKxqPrBCdWpG3//GbPHjrUDzfoXO2x+EbD3Bdh63LW4TdiPHdCYNrR5x6epf5NEMtvfJYa9Fa4Ucevu+SLHLJjfpGb7X120prT9WhHLx2e/zPmFvJd0PBEoAXPvuCM0/d0On5K6Yfvb9xuvch2/et2wgEEanLSuq8wgk8TGmos4r22VXISuLbY5p7PdyGRzFNyWa5WGsl6ASs7PVwA4/xvQlVVkqVV4i1ki9y6rRgEaf8gR9+wV7cWZXjm7ek0WnaqirkbM+XUGAwTWR/mBCEPmHoc/9gKEWaMY9zqQ0MRjO+fmsi//DaRBzfZ1YKutMh0S3evWe4foAcz7UdrlySvQsbstqybF/Ysh//4W0+9lRHLp8OeGzdtc9vi1zccHnvWU8eXXfE0xqnRspSs5jWdjyzpJWl5QuBI9LxRD75pGsbgciXblSc3QhtJ9Ryc1gS+Q5xYbhJYG/HRpQWqtpIXVXLuYwIju9SPAzoMHmxBH9obUXUUvMjgu85FHGKchR+GKAEWUxjqCtxTSW+VKx0fBwtok3N5mokvudQ1pAXNaGnJM2XW17fUxJ4GsGitdCONOu90EaBljit2N1p0e82CKKAja0VjHaRoE1d5PhRxHCWLQfargeypDzcf3CyfF5KMxxOaLabFHmJ1po8XjrAHNehrA1FUbIYz+it9RjdP6a3s4EpK+LJnDrNxfE8EWNRSmEAx9HUZYGxNXWak03nZEdDjLX0Vpr2wsVz8j3PPcH3Pfco/ci1J8M5VZZKqJV4NpdAV8xnqQyHM3t//0jSeG6Pjw7FV8J0kpAWJbos6HUiIjGIaCqLJA8L8EpgcetSMjQ4HrOk5Hgcy2CwYGNz1a6t92Q4zclKh6PJgl6rKYNxQm1q++N/8HvYXgkkLnKzSHIp81q0q3n+A2d49Vv7lMbS2eqQTjO0wFM/8h6mh1PiwxlaC91Lmxy8cpeV7RVMWtA50ycbp8wO5nR3upx9do9G6PHNX3wVa2HlkQ2m4xjH1ZSVQWlBlCKIPNuOAuJ5Vldafz5w3Nc2n9r9441W8M6NL7+9DJf9/HffkdC+8JMvBAdsN6PTzp7baz7ZPL/x0Q+ff0Ryavtr336F6RsPqOyyttmiWmJlipqyMqw9f5rpq/eJZzlbF9vUp1eY3ByifJcHVw5YHM/pX1invduT0bVjxNXYh3MrAzxyaov3PHmBG1dvsNlpMR2PpCoNWVyy2Qt5XvfJsoIbxxOuTBPptHwmSY5fFbRdYa8X8qu35qR5zTSr6LRcTiYZ+A0cY6SoHZJgTYQdzp3+Hr72jb9jF8MDeGPKqQ3DejugvduRpoxs2zak3XFZ70f8+HpIpWtuHRxycD+RZAp3DlN7NLaSF5YiL5kUIqPUsNf32etHpFXNOKtxG45le1OqVlcaakCRFSRJilIKRysqa6mLirqqsXW1FHguyaGy3KtaPE+DMcstXcNDW0u6iFkLjWw0XTa7Huu9ENdTxHFOGDgYKwznJUfW0g4DyrLCGsFVmk6kEQXtZoPRJOXcXotLZ1dkOFhw0HCYzUsunOvy2tvH7IYtFmnNrI5JKuHsI2e5cW/Mvf1DWllFmqQ4nk+e5twZ7XP5mUu8e+U6IyUorUkXMet7m9y/uU+n31medAWmwwl+M8LxPOLpnPbOGllRks8WD7tMC2VJZ7VDa7VPnSQ4jsL3fYy1vP+951npdtg4fUouXziNSubEpVgHw043xKVgPE/saFHRj7R0XUN3rSd1Edj5ZIbRnn0wSUimqQS+g5unbOCR5zUrDUvtBigzJz8c8O3BgrXNPs2VdRzt0O+FUJfM0oIrNx9Iv92k3W5wcDzn5HDCtTsnfPjpPQ6Gpbx1720bKNjthRwP5kyqms2dDrNJQloa6qImnWWU84xovcn47ojkwcwC0ljv0Ow0GLx+fylTKCtMWlBXBs9zaW116G10mByOKYua3s7Sq9nc7GHjnLrOHgqyl8PA8TgVL/Snk1n6WvtMrylamtnR4M4//73g70XBeuEF56k9z3/9v/1iwmc/K4+Mvu52+qf0yWwcaEcaOE7DicKG228k71l7UnalKfuXJ/ZqbWU+mCCiqPIKcZaG3dmdEesffQR/pUkxjnGiXXTLR7Rg8ppws8vo3oT58QLtuziuQjwHvxVQLjLy0YyNtVVQWkrt2KNZJpPjCTurXZquZj4cErY8eptN+9RGJIeLkt+8M2dfaRrKcisteHda20FW8cTFTZmlFVUtNowcGQ9GNBoRpqxxCwP7t3njWxp6PW7efiD5wvLmvoFiQRQW9DwPihMKFKJ8fMdlu6PsetdnOFZyfTCjsJpFZmyaW1ltR/aVNxfy5F4L1y0QjBRK25H40lzbYvf8WTufJzJzNEEzol6kGLMUh1Zlja0txTzGlNUy6dxxQSkcz8FrBEv3gbXS7YRUxqDLnDMtuLDZYq3tQF3j6ZrNtYCVix0MDtduDe1iYeTCdsgsLpjOa/yGZ7sNLRdPd3j0kTUOHoy5sa+5cLbLM0/tsZguSLKK3/7WPbQSVje6XL05pNtrsX9waOelSNTtWWtqiZMUNy/Rrsu1d29x+twe+998i/ksJmo2iOcLXD/AC3yKoqLVbTM6HtFoN0kFur02x3cPaK/2SKZzrBI6/TYn85jWWo/vfe4i3/vUObZ2thhOEzqtkKQsmSxy++jZbYnjFMcPeXy3ixodY9c71vU8yfPMBq5InFScf3RF3rp+RO426TRDrPZsO6rECz3UUWnffOceYRQRaAfRmvsPBhRW2esPjJzaWwfHo1AOO+sd7p4kTO5ew49C3LUNdnc3GY4XeKK4duMB/aZHIxD8IODbbz7glXcO+PT3XiBQtbx948gex5kUSSXxaMG5j5zn6HiGE/iIW+G5Dqa2OJHH/dfukM1ToTIEm016q330k+e4/ur1ZWiIo8mO56DACxzcbsjtr9ygjgsaj7eIZwm6HeFGHpKUaGfpIzUGixIx1g4abrCo0ro7uz/95a/99ZcW/5RF7/fpDOv552Vzk0dW3/OYf2pmE8Jso5a5Y+NRJkJIpUQc24hN9bRd75y7lw6V7oVy6+17DN64Y+0sFZTCFDUmr7B1TfdMH2Vqjr95h533nsFrBxy9fYAtllhkLNR5xcb5VdZOrWAUtFba4kU+8cmc4WBMf73HbDqTOE6xSqEstCIflcxpuhoHI92GR8fTbEcOiziz9yaZnGSGaV7KExc2OLfdl26oaXdaIo5HUdVYpVFeYBdpIc1ehzhJuHH9jsxnC8TVthQrTuixdmrHbp5al9loTJ7mdoYrh5XC7XRl84mn+cr1qRwMF7h+KJOkkqDXZVEJR5NENvqR3T+Zy3vPdexx4XKv9Ln4zEXptRuSpgUP7hxQVRWe65IuUoq8pM4KikWy5II5SzOz1pqoGS43sMYQeI7sbPdskecko4mc7ggX1jwcMWRpRbfp8cylFbbWwuWwXIGIsN5x5NS6j7WWrbWQ7ZVAzu22+cB79+xjj25JK3TY22xz8cIWWiytVsDlJ88RakvgCuf3OgzGCXFubFaUMs1qVrq+HB8OlrHqnk+SJgwOBqR5gTU1Bw+OcFwXU1uqvCBLEibDCVjI83xJQAWMqW1dG/GaAcUipcwLqqKknk75/L/2Gf7Ej77A2VNbTCZzOq0G+wcnkMb0m5HUyYKV1RV7KcjEf+e3iBbHONQSVAnfevOGnJTaFuLJnVHFXtulMo4tayWhLaQqcmudULbPn5Jm5Misdrh774ittkNvpYuuS7l265CbY2xcIEle4tQlux3NvZM5RWXJZjOUXlqbppMJmJI7dw8oS4OSmm7k4SjL8XjOySThwSimrIzMFyl5bXj2Q2d54/UD5osCk1ck4xgr2OZWR5JhjPJd6lliN58/KwYYvXOAuxLhPESLJ5MUx3fte37sKdl9ZNW+/vW7Mrt2zNoTW6TW0j2zynQUo0OXZtNHaWE+TozyHaUd59addwc/u7XTapm4PDm4sj/9ve2v/nkVrCtX7NHX3h189OxTi1/9W3+rOvnK1fnxJ95dnPzgn6w6s30jzdDHdzfDKOifOPnj+8cPxm/99htH8cm4VU0SfEeUDh1bZqWIQJWUNNdbhE2P4bf3ae2t4HQD4sMZ+TCmfgjqK+OC6eGMqqpZObVKERccXjtEaU2xiCmris2ddY5HM/I0t44W2eg0MHlqi7yUwPeIAg/X1ax3fN6z15VT/RAfy6K0OEEorrK4WlHX2G6vRa0c6a6vWa1dWd9ax282CQKPMi+t5yDPffSjjCcz6rKWZjOUle0tTk6mdpGXFNaRtc11+8zTF4njVF598zp5UTFLK+JiadYbjxesND3pdyPJyppLZ/pya2o4MR5nHjsnZVGSlJUVsZIuUsqqtqauxZS1rYpSrDXo5XAZaw1+6FLmJaas2NpbY329Q5ZmouK5PL0b8J6zbTb7HrsrAe9/fJXHz3VQtqYqSlqRax1lpd9y2FgJJAw0p7db9vRuW/Y226z1fdZW2+I4mna7QbfTpNVp0FvpoOsUW1ecvbCD1CWrKy06kdhZgmRlDdYyHE5ZbSni3DBZpEShjx96TMZzRCkmwyl+I2Q6mgKW2XBCmmRgapqdJkmc0uy2qapaynLJhGq0mySLBMqKv/xv/jH78e99rwxGE8ZJZU9ttjkazNhaW+Gxi6el3QjZbFrOd5Q8+O3fJNIVbqdPsNqj1QlorG8jjVWyysgizVlUGlccmb/zFo82F5xe1dIhYTGJObEh9wcJpQ5JS6FSirSoWFlpk5dW9qclXrO9TGtSYvudSAaLihKNcXyyChxXEzYaOErx4OCESVxy/3C0DJxV4IglywruHc84OJzJ7tk+jZbP/lGCqi2zwymVsfgNTxobLWaHs+W2L3Sl//Q2R2/eY3DjBLDk05TK0ZikpLvdlcufuEgyz+XKr76DJAXbz5+hcjRxUlDXlrAd4PoO6TTBQt1baeuVldaX7n3t7Z/ffuaMXzrh5Oj1m+Xv9QLvn+vQfe25Nf/MHzzDnY/dWdr3X3qJ0en3VNuBm/JgcKdI8+n47kmWH49//fi169dlkZ9J7py0ynEiJAV1WYn2tK2yUoq0pLHeYvTqfXQrYO38GkHkcvLWAXguYS+yVVKIFSGfpBhHozQkgxhrLNr3GI6mdm2tJyrwuPtgILO4oNVpMh3NxBNodxo0WyECNPp99nZXeWQ94hNPbuEp4a37E7RWLEqxR9MYJUiWZZwcDyXLC7ZOn7aXHz0jd969RpYmcnw0ZDIaiTWVOI5L0GzRDF17/96hDGeJeM2W7W6s0ez2SUsjr7z6jnXDQIwoWqGLqSoRDO8725VHdrp2UVrpd0N7a2LoX3yUKPIYDKZSlJWkSU4yj62pKlEi5ItEqA2CtbaqxBQVApTJErfy9Psv0Qxdju4esEJmH92M5NxGyGbXsy0X6bdcEMNkllOWNf1egAgSRh5YQ5IW0mgEeK4WaovnKjSGdq+FVlDX4LgKU9U4rge2pi5zXM8nbDXJk4RW0xdfV6w3HZ6/vIZnazzH4dzpVQ7HKZNZujzKYml2mowHE6IoIItTxidjlNa2qmqZnoxxHE2z1yVLMsIgsE7gyfhogGjN8O6B/Yt/+oflQ889KsOTEbsrTVBKSqOktpbZIpHReMHxaEK31eT+699mvesRdnoMpEEsPrPaR4cNHD/gZP+ezI+OrJOn+Ee3+aFn27Ky2iHwXBrdFuthwfzqddL2BvuHQ9KqJmg1iEvF8awkNpqTwQSlYXgyIa+s5FbT74QcnkztZJFKWRR2MJzLbDLDDwKs45HkJVVZcv9wQl5USw+fdqS0VsbHc55+bo+TwZx7d8a02yH9jbadncxk+5k90llKPEisKSqJNlo0z61y8tYBra0etjTYorKd8+uSH8/pP7Vu1VZHBsOK67/wLbvzycvIub6M4so2z65IMs/on9+wRVmJiXPy2tin3n9R5Wn+X++/eudrpy9t1y//919O//+hOPjnWrDu/ME7pnHleX1y5co/EY+9dYXdv+faV/+vLyW93ziXmqTMdG5vKseZ1kfTRTFPnnI8z6vTgmK85I0rV0uZljS3OrYeLSQ+XNDc6+OEHqNrJ9R5hThKxFhMaRBHW8/XNLsRs8FCMBaqCgtycjSwK2s9SZKcu/tHeL5v0Y6cDKd0Gj5xmhO1u6z0O3hUdLsR3X6Ljzy2RlEb+8U3Dok8R/KyZpFk4vkuzSigrAydXldOn9mz9+/ckcVkYj3P58KlR+TuzbvWDwMaUYRLxYMHxzKfp7a3sYryfNGeJ/F8bh/cP6LZblLVRiJPi6lrHBEe2+vJ/WnB5XPrjIZTDkxgV07vqsV0LgeHI+J5wmw0ocwKqfKSbLrAlCWCxVaVYC1OGFjlaPFDlzOPn8YYQzqecn7F4exGKGtdD08MVbXUUBlriOOCNK/odcPfWWE7jtiirGm3GxKGPu1OA2OsDcMlTrTdbeJ5PkorHEejlAVj8KIQtXTmLNE1gq3KXNqRw/Z6kyDweexsm55f2a4vEjrYm4exOGFAHsd0V/s4vk+eZtZaK4vpAsdzxI+WELmDd2/TWuthAVdr8ZsR88mck8OhfeLsJn/2xRegzKTXiqyLlchzuH84sFdvPpDBZMY71+5RI+j5mFMtS1Mrrt2dEHa7rKytMjc+eV0Q5znDwYwbd0/oT/Z5zF1IrxlQlQartK2LXLQj1q1S9kc1h4WW8Xhqb1+7IzundxjMH1JwXYfDw4mdJpXcvP2AMklZzDOM58vNBxPKyshskTCeLFjEKQUKa7HxYiGCZT5LKbJKnMDj9v2Jpax5/iPn5PU3HpDHFbPBnGSeit+LaG207ejasRjRYtOCMy88SjlLl/H1nkt8d0Tn3LqIKxSjmEe+/5K0dja48kuvUeYlvR9/v5TrLbv6zFk5/4FL4Djk1jB5Y1+KtLRh01OPPXm6vH798HPDtx88+ODjH7RXrlyxv68K1ouffdG78tEXLf9LWWMvYU+uXKlffPFFfeXKleX3Pocc/IGD+pHRp/y69jxblk6VlYiprnva+XqZ5O8ri+qME7jGlkZsZZaTPQsOVqJOyPj1fcKdPp2za+SzlHh/iIp8xNPYylibFdJY78jmxS0Ww7kUWcl32DVllnN8MBKlNZPRlEVacPHSORkOp9QGFlnFWieg6wuOWHyxqLoGDI6IfOHlB2itJAw84iSTeVzaOM0E0YS+tlY7MhwObRynUpRGrDgEjQZxkoipS6kqI6PhlCDwxA9D8QIfUxvyvGI0HEuRJlRVJVmaUxsIPM2ZlVBarYZ4nmae1bx+UorbiuTkeGxn44lURUkWpxSLhCrNsOUS/UFdL5NYPE+UqyUKXDa2urQ8wTUlq01hp+djjcV3YKXr23bTk3mcIyK4jqbX8VGynHcZa1jEBRtbffFcMFVFEPlYU0uzFeCIEDVCsAalFV4Q4DhLbjxVTlUa8ZsNqiKnylJRWlCiqeuKOM5p9To0QxFtC7a6WnxbcOckwwkDJqMZzVa4LIJaS1UZ0jhZyjREgdLMHpzgeB7j6RyNYXB4wu5qj5/80Q/IqltLLxAcvyGFhVpcHFfLdLpgOkkoqwLSBdn9uxRxxvG0Jjr3KMHGFkWzx7xSuH4D1/Hk4OpV3nz1Ko9Ftax1I1qtCBWGWCtSi0difIq8kq9cPZaDTDGZLiQvC8bjOZtbK4xmGdMkJ81rqaqSvKwZj+cs0pzcKqZJznSeUhtDmpUkeclstqDMc0REsrRAO46Mxgv27xzZfJrIpedOiRu4vP7te4gF5SiUq4lWWySDOYtRIsrVuA2Xx/7IB7j95avUFeSDGBU56F7I9MoBp77nLO/5gSdZPBhx80tXwXFk40ee5tGnL8ufe88P8Uf3PkoeZHz5V74sapwjWtmt02tqb2/t6q/+yrf+ModxdeUzV+zv5aD9f9uW8KGl4V4hFz9sr93/LRj/r/DcOb58LKd/8gX/zs+9lJ3+ky/4d3gpB3zHlkZMNU2zUjtWHV3/G1+cnf4zH7+f3zgmi1OUt6xUdVaBUiTTjPVzfdAO8eGU+elV/LUWeC51WqAiH+U5Yo1hcTRhcK8h66dWWJzMEXnI7lFKiizn6M4BCEzGc3nj2j57a6tkZYbvKr707Vs8utXh8l4XfyUgjSsca7h+d4oX+qJdYaXjyyObEY5YmVRCpTw2Gog3vWf9YiFuXTIcTGxeVLK2syPKCnVZcm80RTkuxhi6K12eeM/jvPz11zFuKOcuXbCPnd/mrSvXbNMVuXVzn8iWxFnJRs+lETgyyYxNa8v9+8d2cjAQ/dAPVsQJtqiWe/3aLCs8FrQjxtR44tDphATUtF2DMTUrrcCmeSWdyCH0NUmay+HJgm7TpTIWqyBOSqThggOu45BmVsLQs+l8vlSd1zVB4ACGqOlTVwatDbY2iPjYuraO74rJckxVMT0+otHpoASqorDWLtkyjVAxPXpAZ20V38+Bkh/+0A5S3eJLt+akmeAvFkTNhggG39e0uuuki4TxcIYbBcRlyf1Xr9Ld6NqVXls++WMftd/z3CV53yN76ME9K5FH7YBoVzIdEQYRvnOX11+/StRpEpqSb71zH8dW/Mv/4idpb23ZWBzxasdmIKq22KLkN7/ylsyOjmB7i9oK/0/23jtKsqs6F//2OTdV7tw9OeegMMoaNMoSlkAIkMCATbSwDX4G+9mYYI8GbDDYBAM2IECYDBoQCAQoS6OcRtIETU490zlWvumcs39/nOqRnh82xhjj5/W7a83SUqequlV3372//YXp8WlwyCh2dSAOGdOuA99tw2TtOEYamsvjU1RvROjuBFd3HqT5SxegNjCKqUoFyghoz4P2A04kkTGA8FruIwQoZdCoNWGIW9pQAiuFOFWIw5SNZuQKPuYv7OQnHz1MQSEDFaYQjkBQCuAGEvFUSm4hAxUmmLNxBSbHKkCQQX5OgOrzwzC+AHwXupmgtGIWmgo4tm8EteOTWPSKDTADZfBixVJpTIbjeG7gAJmxhrWSjhK9at0i4QXeQ9g52th84yZnC7apX1QT/usKlrWrwmMfuWXPix1F/0354JZtasEbNzmrr1vt7fnqAzFAKMXjYdixOKpXUtcVjlOlWPddfkrWmdM27QWuSZQiEbisI2WD2lKNqBqBAg+5hZ2YPjqJzLw2FHtLyMxuQzg4DeF7MAyQ4yBpJhh47hja+trs5l4zE4EAYkgikL2o0ijG83uPoTm/F7OyAonDEJkMnjoyycdHK1g9rw19BYeE0vjec6Ncb0RU9DOYKDegUwddxQBtgYOedp8Dl7F63XycubYPTMzVeozRiSZrBSqXGVEUo33FLJwYqSLwfUQqxSnz2lA/nudCeyekIKw7ZSGdu3YW7rr7KT4cRdTWmUehrYRmGMNxBcaqCTjRqI1MIK03oYyBilOG0gQBmxRr3w62NG6GG3hUassi6wvOZhyqNxPM7vSZjSGjDZpRimYzZgmmrnYfru9xpakoSQwWzs2jEaYIAom4at0lwzAizYRCIYs4UoiTBEZpdHa3M0GTIAFWCdKwAaM0ub4HlaYQEkjCGHGjCceV8Mih8mQVqQb7uTypVPDYiRHysxmkYROOC1y5cT5KuUHcuS/BZJzCLQkEpTziMEWmlGPubiOWEtMTVUhH8muuOQfXXHUBzZrTC0dbd1pRm0B3T5ZCWeRaAhRLWUSTdZwYnMTU2DiSKITrORAmxcDYNBbM70FDBpiMmLKBhFQJuVoxcu3Uf6If01GK0WqMbbuHkNQa6GvPYO6pHZzogJpMkI4h7ee4va8d++/YRWecspSfe3IXjTEjqjfQiBXWrV2M7c8eRBqmKHR1YTxSNDI6gWwuBUkXcCQaUQJoA20Ma2PIGEZtqga0HCek5xATuG1eO3buGKBaM4bRBmklhsx7CFKJtu52lI9NwS/mIIxB32nzMDpRg+zIwG0PECxus24dnotcdw7z1s9BvdZE+dgUvJyHsF7HxMPPY9CEKC8dRSNsov++XVwolahaHkNbV0ksWNrHOx7ff6fdt/X8u2rCbwLD+qWeUGVHv+q+cHWme+HfYXzPuB7ePmzG0U1tgUqMp70iOcQLOwXX47LMy/Mp53cllZClJHJzHpJyCBl4aJ9VhOMIVPaMoLC8Fz1LupErZjC+8wTgOBCuYBOnREJAgKANs44SglIEowFjCMYAUsINXASFHLf1ddL4VA1BJkCsDDQY7UWf4iSl8WpM5UjjZwem+anj0zCGqdJMMV2PMVWNMd1MIVlDGg2CwvTQEI0OjGJsaJyiMEHGY5KcorPooLvNg26E7IsEPQUHro5oemAARkXUrNcwOTJMxw8ewa0/ehh7DvST5/s4Y+186utpA/ke9g3XcGikjqmJCqkwJtaa2RibEcQ801URSNhbC4FIOpQvZNBeCjjrCYpjhYwn4TpEzVAxa0NghmEix3eQz7poNFPSLNiASErC2HSMUtGHG2RQKvkkiFDIu0hVCqMZJ4ZqiCKF7s6AvIwP33cgyIDZQKcphBQwRtkoKcNwPAe1qTLiMISf9bhRDanRiDA5HVEYJgjDGHBdsNFoNBMsXNCBDhmiOlHGwcEKDEl2fI8MawqyPnKBi+PHx/D2lyyld750LUWjA1isR/HMU3tpeKyOJe0alWqEIVOkWiOig8/tQyRcPPTkHgwMjyNKNcIoxODIJIZGyzhl7UKsXr8SHBSROB43tSCXiI5PlLHnwEHs2rEP49UQo/UUuWyOl526BrRoJZ1QGa4qpuHhSYRRQtrP0759x3Dk8AlSSnO1UiXp2iCNobEavEyAMAoxMjRqMcMoRbXaZEdogtKoVOpoNELUKk2KGxGKhQBLlvWh1JbnRphQopkZQHWyQR3dBV6zchapRGHh8i5kch5q9Qh+IYOJE1OsSZDfkcXSi1Zh0hjEcQRVS9gt+uQunYXy7kEsXD8bPWt6MDZRx+EfP498VxaZBR0g14U+WqHqdIXqQ9Mkp5sUTzcQp8osPnWBnN1VGr71I7dtSavN2vXXX2/wX3j8WsXPe8Z7wgVZdK++7rqpPVu3JgDQv/DCZOnUE02hQ8Nj00W/sy2jDJvKvgGIjEdoJjYgM+tBN2OMHRxH5zxrgRtXIiRhiraFXfB625CWmxCZDCmbTgyTKk4qVq6Q68ihq6+ETM5HvpgFE4GI0NHVTgPHpzgME4xUGgSlkWGNSs5lqTUJATzWX8FYPSYhBZhtcFhqwGmkqdqo4/hwDQCT40m05T3uKfg0q+Qi541TPnA4n/OJCMxSQIIRNjVqk+OYbigkkHBcAa1StOUDTJQN93VkqKs9i1qosH9gEofGq5gqNzFRi3i6GkMQMRumlqALbCxzHWbmHtKKYhaS8gUfhZyDNFUUMsEVDN/zUKlGyGZcEg5Z33eHOJv1qH+kiSRW3NWeQU+7h+mGQU93AcJxuBZqCBFTZ6mIcjnkRiOhWtPwQ9tHceXG2WSIoFJlsw5BkI5EqhNwGCFNYhgDjsOIpiYqyJfyqI5X2M8ZyhYyGBmpIokNao0UQeCiNt2ANvb5VvqrmD+nhI3LFfyjIXZMTZP0M1ACSKMEcSPCuUu68JZNi0DTgzh3SQeigTJGxxq8qNtQfGgS/qx50FOH4OUzcCvjuPOhZzguddBDT+5HoZAFQWFiqo56M2Yn8MgQwagE/tQ0KWXg9HWjOTbE/XsOUb0ZcSNKqZJqHJqOMB2mxFNlVBo2fHXWnG6MT9UwNNmEZINapQbNICHAqdIYn6hSqVNgdGgUIIYQBK00+75DKk5o5MQE0iSFFAStNdatmsdnnLaYzjtrKQbGynxkYBJz5ndgZHicypUmXE9ixWlzaPnqXiQ1jcWrumHSlIcGDR549gjt6mqjsSOTSOcGOHF4CJXhMhwDTD9+lBb+0SYox4EamIa8ejnKcYLD9+yHGpzEwt96CRqRRq3SRDRZh6qGENLalzuug9Sw7sznaUVH7/3h4NTY9u03Of8RsfN1110nt27d+vNdHTZDbMZmbNmyxfw6Cta/Pbdu3aq7btgwOa7NXGxGP/b0MPbsoUOr76hjz3W0cH7j9GBRz9vKzep8ahaNJ32KRyowlchG12uDsBpBcQmZuUWUdw3i9CvWw3UFFp69CAd++CyoPQc36yNtxOhc1EVLVvVCSgloghDEzWZMlVqMOFYwhjEx3kRtqkasNTciO9qU4xTDlZAEEUyiAAIL1yFjGCfz2UFELYkICYBbwQwT5ZgmpprY83+fEwLA0pHwHEFEYCEEk4XVIARRqgwcScSGkWoDbRjahjOAmQESrVQhEEiAIMBaW1nxC5HzAADhOZTNWR+msBFDOgIicODnPExVIs5nHCIiaAMQAX7g0v7+KtLUoJCR5Poenj9WR3vJw0RdobPkU7kaYU5PnoulLD341CiVqwnKlZiyWc8m24QxYg6RyfrwPAmVKKSpTf2RnCIJEwoCD2CBpNFAtuBTM4rBUkIZ2Fh5AQyNNdDeVcTgSAOJZkShwu6jFeQKPro7Az49a+jZY2UkRsDPeDwxUqdrNsxCBxKYQh5ulGDHwAQwOEQrFi5Fxs+hOTIGARd+g3Dg4DCGRqZooH8ShUIG1WaEsNnE+HgNxWKW2sIqkicfxPpVvZzllITrcm2og6r1GgXVabjSIWQzrBoRHjs8TvN29mNjkGVDkuKwjilpMLfdh/ESfGNwDOXJCuJGCMf3kG0vkOO7aPQPQbYKbrPasIaVTEjjhEkIclyblTh3dgmrF3dQ4Bg8+cxBfuTpw7RgQTeGRiYQZATPWdBNK9b24PDBQX60PEVt7T6ODQ+irbud1q3oxZ+cdi4bNoS0A+PVGt/8wBN0y9374Wc8yLYsnFwGzWdOwO/Kwi9lkeYKqByeQM/8brR1FtD/4AEYzXAZ0BMNsCRAM+C78MGirytL23cd/CkA9eMfD/2Hisa/UqwIAJ934rzcz+InCED159WXX7Vg/cIxcftN29OlV145tMi/uPvo6tXj2LKFrc5wLHhauO7bX3nNeWuz3Zn7j+w0d267H43BaSBJIVrpxKocoVkNkV/UifH7DuDgQ/sxa1UfcnPbUVzSi9rxCXidBaAWQimD/uPTiOopdJRCG6tOISaw1ojDBFIKSFcik8sQDHMK69+k0xRsGMJzwcxkYEDSJvUwwW6mCDDWUZiIAEgJIoBYtLYTdrsGZhvuyoA2hsJI8784+fSvnEtqMT5bKUEMVq3uCYo4fdHP/YtDx0DT4ltIkhSuJ4F8wNOTDdKGqasjA9YMxxVwBDA8Ooy2tgCuFJgAY//RaaSK4TiAkBLzevOoN1P0tFfw1R/tx1Q5RFvJR8YR6OrM0XfuOMRLe3NoL7m0clEBmYzHjUYMQUxh09IjoihFKedxJuNRahhaKWaS1EiqnELi6LEKVesp10JF1XQKk9PNlm1xgMRoDAwNoVj00ddbgIhjrk4rmog1pYr5giVr0KyHlJfA7ueGcN9du3HtVeuxcOksqBQoSYM+T+LAoVF+Zu8Acb6Eo/sHrE+9NiiX62g2Iyzu7MArVndg+fwiiqWApF8ADMOvTGOwUkZluopYaRghycn4XB8vgzJ5UBiSOzbC1KxRoc1FQXdh05xurO8U2Lt7CtnOAuIopnAwguM5YM1QqQKiiGFaY7wQdqRvfSocz0FvT5FrzYh2HhxF/2CZfN/F0EiNGYxUa1q0vIrjo9OcGuB4/wS6egrIlgLEagDfv3UH5s7qovm9RRQ6XW7kBA0cGkU6HkLrGqjo4/jND0NrgwUXLUVnZxHHDo4iPTqGM264EscHJpFEKdJQA4mCUwgsoE+EcLrJC8+cL6ujU0e23b3roeuuu462bNnyS3tfnfX6K4tOrcr5dfPanKxc+tP3f+t+ZiYiYgB49OZHa/9WffkPF6ylf3SlXypkOrZ/+AfDv6gLO3THHfHSP7oyXDDywPyuG24YDGdNU1wFZWqjUwdHj0/PWtHZXSrmkYzWkO9tQzjVtO+lI5GmIWojNXQsaIfTkcOxRw9CFz3MXTkXfafMRfXQCFSUwilmrN1rOctO4MKkhtgYu55v1QsCoBls4pS8jM+u55BWGloDJCVANojBViQBBpiEICFky8aZoJUm4lagA7/QUBmtgZmVO9kOrPWgFvQHWbkMg0hQqwYS/IzXapEA4Ui4roDvO3ZrZ4AkTuF4DubNa2etNY0NV4kIyGZ9uK6E77twHQEyBq5H8HwPjhTI5nxrh+sS2trzTAKUzbiwsyrB8127lCBCZ3uJXSmIoCwcxgIwhokN4oTIQPOsvg54nkuBS8gHDtebAvsPHKLAl6w7c9BZH7IkIOHwrPZuajQjjsImZT0NIgfNSKPoMVgE7IYapVKGFp4Ss0oVDCSybSV2A5+mawlGx2soV8soT1UgHQcQjEQzTY9XMTE2hWg6wsRkleqDIcKRSVSMh9e9901wJoew68m9KAY+9y2dTS4kThwbp8mEeXRwghKtUR6vgOwLB5TBmcu6+ZSl7ZQwQeazMImCSlIUAxdJGGPHQAXG97hebpAgAaMVUxJReOgQL2sjWnbOQiCNIQtZZDnB9efMxvceOgKTKjhSIE5SKBVDSsF5X8BtayPPc9hzBKAN+Z5E1hdYOq8Dfs7jno4cntg+wMeGquR5ru2IBaANiCFQbMtzva4IUmJqtIn+g9PomFtCe08OUko8tf0IHk4MPMm0aN0c9O8aZdRDyswuwu3Oo7pvHNQeYM6SXkSJQf9tu9DRXUSuN8DQM2MtigTBpASHJANMaRyDHKFPWT7XUfXojumHDp9YvfkN/6HaUSKtG10Qk+ONyVInJbB3f/61Y1hpNcy4xbZTNr1x0/S2hRcm+Fdmzpkqeegzd1R733CZHu2edjrqZTHEotgZtMntP3voqcefeHwpDVaMOlF1w+EKzHgdJkzgtAVw8i7UZJOjvEvta3sx/nA/wlrMYTOi7Lx2yI4sdCNCprsIJAqqHpExBsJzAUFwXA8EsLatEYGZhBEcNWLKFbNwPXuTkEQWi7E2ZVZIbAy90KwyiEQrYEG0WiwGiLk1ubExNvgTbJsy0TLcYq3ZcSRARFJKOK4gZkbGd+F4Ao1mAuk65HgOBDOEIzjvu5SmitaftQTFYgY7nz3GhVKW+xYFMFoj8FwyxhZXlWgYBpKUoIlBDgOaEWuC05ZHKB0irZDGGnGoAAB+VsPPeSjkAxwbnkLfvE4eGZiA5wgq5X1EiUYUJxQlirMZlxRphuexX8xTpg4sXDMPaxefwzseegIiSjC7kKGirzjrx2jrcLGyrYgkAqdaUaiBjOvDNCPUoxr52SwTYvazAbW1FzgMFcIYqIcR57IpihmFclSiQ/2MwCPqLrk8OVlDV1s75QvgAzuG6Mm9I8B0HVedt4AvPWsxFTs86Pkr0LmoF5UTk+g/PIzO7hz2HJ/GeD1GOUpRCxPEScrSkdTVU0KoDFbNKtDAkRGAGbXBcXQvmg24Ehwm2DtSQ/9Enecu7CEncKBjTbEyOHJ4kK99yVz09ASYGK8icD24cQO5RSWs7gr49NPnU/eSHhQEoz3no7ungJ7OAjLZDI2XQ06TCA40HKM46xJBCBCA4bEmqZQxWW6wkA6UNgAxVKgJUiCTC+BJQY3Ihps26ikME8aOTmHkwCTAhgUzvGIAmXGp1JtgeqxBZAyWX7UGwzuHoBZ1oK03B9mRx9hoFfGBUZz9W6dh6NA4NAs4rgCThm6mIEi4LhCblLu6ikI2YrNj18CtrY7oPwS23/2Nuxsv+t/mfxno3v/VbeV+4A5s2uTg2ANiBvn9t47Rb9zdwHXXyd72RcLoY3GTaqEIacDdF9Undg06mXVzZXOyIYKMB/asFa8/q4TwwDhVDk+h57TZEHkX5T3DlOstoGdxL2aftQQn7twFw4BTykDFNYDIBgpqpiSJ7YgmhF37A0xSQMUJjA4sMtoCsI1hFg7ZjqoF5BMRc6udEo6AdCUnUUJs7FdB1gTQCMvmZjbUejxYGIpAUsIARMyQjuCZYpcoTY4vWQpQmigkkbWGieOEpBQIcj6OHhjBnNntfHTPEAkp2bHND1oOoiQdyTZVmckkthiRABvDNtTDPi+bVchMLIi1NpTNByi25yAkoOMUmbwPzxUwaQqdKI5jRZl8BsIlSMfh4/3TaBhCrpBhVgmtuHIF1l66gQ+O1HH0a4+hzSMUBdBWcGAUOEk1OFXIFjLMjiSHwIBBHGs0Q91aEwguFnw4nsP1MMFURUEKAoipFoNTJggy8KHguw7GpmNOmQiJxgnB+Ivrz8K6lQWIIIdIpUgmpyDzeXQsnYtIaR7Yd5T6yzH2DZWhtUGcKBhtyKSah/vHIByH+veewPFgNpYvnwWjNEaPjqBv1XxSqcbTB8YgkgTTo9NA4EO4EhCSj06F0K5Hz+88jvkrF6LUU0A0MYHGeBW9bQFxuYI9OyOUMi7YGBY2d5bqzZTJcxFkHWRcQWmUMBmDejVCX18RUWQwMFzH2HQI6UpWqSbptJYZyrDrChoYrkAEHqbGqjYVnRkAMwkmQIABiqYa6Dl1LsZPTKMyXENmQTsSo1GvRRAZB4tfdSqSgoPao+PwGbxo1UK6+56nIA0jridAy0izWakSQDBK67aM65wYGLv9yB3PPnj99dcL4D8l3fmX5m796qD7tm3ql3lyG9rbxRCGXE/FTbe3o1I+cmJHMh0eFb6/oHlgLCuYWdVj8nvzCA+OQ083wcwwkxF0qtF15nyMPXgUkgiNMEZx3RzIJw4jThTcjOWzwLMAc9oIXwSBMwlJNlEHgGHrAOAEHiiVkFJAKU1GG4ANpCQYDaYZtIgElNKQQthIMmV/jkEAEaRtzUBCWmP6F71qz3XIcSWUMdAgUqmxljDEaDRrpLWVs5jW1o+kgAYhTDSOD5RxYqhCInBhNChSusVmsJ+XVKtWF0gg17HVSimCS4AQbF8CIYkVQQhIT5BTCNBUBrXhKhxHsnCIdCWB8CTId1lFmgACR3b5IQOCN7+LOjoyUG0ZiN4iHyXGwR17qW1WO+sL1tChJ44irUQkK4DrCeiUATeLAnsoBQE3taaoEbInHU6UolQbjmoRmSP1FtevRdXQDCfjwScinaQwRFBsDfvYMAwbyERhVyXCM0/v53lRB+W7J9G5ZBaajQTxZB0kmExYxeGxGE8N1rhaC0n4DqQnkfEDGM2UximEMVi/ohdnnbcUbqkbQXsbH3zwaUorNYTVGE8dnoAxmhrlOuCEgOsABNo3WsZPnj2OS+YVUJo/D/6cLoyNVhAfncayUxagq+Dz0ztGUOrIEQFkWegCmoEcCRJacKoYykiK6ik84aB/qMZCSlJgpMpQqg1MohDkApAjoLQmOBK5Qg7Do2WEkWIhBZlE25lKW8yVU4X2xV3IFH0cf6IfInDQtbwPYwemETdiXrZmFrlFH+NjDQw/eBCnnjYP09VxTE03gXII+B7SMLVmfY4DJmauhyIbeGnT0KeYWdlUyf8cz7xfe4e14I2bgn4bT/8fesCJWbGcPTw7zS/cz/2jzdzK68+999B3H7tChWotpxpOew5huQm3HCFoyyI6PgUqZkAZF5UjU5h33iJMPDmA8d1DmNOZB/kOes5bguGHDyOzoAMcp6yaCVFbHn6bQFxutJo/gmmB1sxW3xaGCYrZgP2MR0IQXONCK237KWPAzARBLV4R0DariPb2PIaPjFmA2aoAoLWB1hrEdgNnuy+C67sQglrpoUxC2G5NSMmudEkQAW6GQYKMtYpuyWJs9yY9BzJwQSQQRylUosDaFjZjXjj1QgJSSEAQyLAt2iAIwSQCOxqTNpCuQJookCPguJIkE5iZNDG8rAdlHQ/IDTwgEBBSQkiQEBKFWSWgPYc5G1cj6GujcqOBpqswq72bnOkGhhbsAk81kcqEPemRqDaRVmN0zcpzzvcpkhJRnBLBYZ1GIGNIJZrjekLSdyA9QUIQ4kihWMwim/chW1Fk5Yk6XLJOoUmYcFqOKKknePTEBLXtGEZbZhz5I1Oc7yyRLwDA8J59I/TENDid3YszVs9CwoB0XTARTJRiengKc0pFXHzOEqSphuu5UFqRLGQhADy1fxyjcDFvwyx0zmlHpDUEBJKpBmINjCjJXT2dNOeMdfAk4Poedt5+P/dO12nj2YtQnT8L8+e1s0o0panivvklch2XcvkMkiimvO+hPRdwFCVUb9RQLcc0OlLmoyfKFJTqaJabrZBdiUwxg/kFn8tjVUxN1gBHUAoQW7AVNmEDAJi8vItz3rQR2778EJgIbafMRn52B8YeP4x8KUNnvOF8DIyPYfz5Aaj+aSx/zam0fe+gvV9IAVbaurMqDZCBEazb57U7pPW9u77/1LYzSmc4ABR+Q8cvW7DILWb4V6mm/Vu+GvVv3ixWj+/PuhmnXu2fJpWVj8rOzGV6rNKukjDr9OaQTIVwMh7IdyELvs0qHKwijDXaz5yLyWcHMP/KtfDbclAbFmH40cNQjkTb6lk08fQJqHqIRZuW48TOQSRTjRbZXUMnmsTMmKY14mZMfsaF7XEZljFgQXQ2ll7guBIMIJpuoK41dKrs3R8ErbQtUq2yKGZuPszQSQoWBGOYkLaY9/ZPkhs41tA/Zmr5j4OEYJJ2vUhCIEU0szqEMgYwYPJaUdnaTuBsbGAppLDAGYhJCnIcS7/QUQwmgnQEqGXuhlSza0CstX2djoBhA0cKCDbsGEUOJFhpkCb4jmYeLlNzpIIwBtINC+GcOwf5oSZGbn8O7vFpKB2hGARoVGIkUQNZxwEZjfpYg+pcQSFXZC/woEwCXQ+hjYLrOOSQgaMNoZ6CNbMLJsd1MDxYRuAKMmAkqUYgBFgbCOmQJMEZR9DBmsIXTtRwWm8Gov845TIufF/CD3w8PdTkAXaovTPDUC48RyINIygGfFdyR2ceDgwatToVO+dAawVuRKhPVTFcJ+w4Mok0SuAyEAhiX9gkHa8nB/YdPH94kg4PTmBdowGTzyEjCW4uRyPHJ7GyPaBv7h5nApOf99GoRzQ2VoEQgierEaWGIQAEgUtz5rSjlBUIfBe1RJPM+FiwOo+urgyKhQxIGMzuLqKRMj2zewhH9oxyZbACkICTsRI1kzCE60BXGzjnTZdg7x270DwxhWxvG3pPn4fpgTKcuTmccvl6dM4rYmBiAtM7h7HwlFmYlC7GhiNIZWCyPnQzgYkTOBkfgEBaD6l3STdExrkZgMrvz79QM+w2nP87Fyw+9Jk74l+tCWQCkcHHrtso4iSq7D7xXMeahQNckpP1pN4bPT+O+lMnOFjbR+Q7kJ05qGoI7giAVKNyZByzzlmAyaf6ceLpozj1zRciaW9i9lWnYujBA5hz3RkIT1TQGKoATY3VF63AsR0nkNZiuK3L33MEwkaKsBYjaoRIWzQKIQSSKAG38CsQgQ0jThSQpOjozGPw4BhSZjiuAwMDluKkgolAMGxp5MwMFWsGWf4WSUFGacASQJFYUJ8tY/3FA2SLXnWS3kAvJkK0bqdkBeLU4ohxa+6Vwn5PGcDoF3FKZ/462Vx5gCqi9ffZAvQveniCtsJxu6ptfcOXEB05HH3kKPDpu4DlPRbFqDeBagKok79DUMp+z5EvulfZcgo2dgvJDKTmhSZdt35Xtl6vI4EweeF5c+vnXAdgYx/DcwDX5aEjNZqTd5H3rKIhkRqDtYSiNMTYdJNMktrtLVvpJcE2om2u4LEzOkDawLg+RsfKGDw6howQ+NZzI9AkMHB0go8fGieSZDFMaUXiGg4ezUuctXM/jOtgbP9RTAyNoc4pHp4E9j5yFDLjQKcakHZJI4QgIcDGcugYxmCXZmoJFRgEsgEPDoK8h0zgIJD2/JXLMTJtOTTKEaCAoD0Dp+iifGQC5EnW0xVafc2ZUAY49vBBiI4cZp2/GLnOHPbfuRPLrzkXq89ciPYq8/B4heK9wzjrjy/Hs88fg2AD00zgtOUQNxLAkRBZH0ktMoWCL7u7i8f7x6fuaIHt6kWfJ/7v3mH9qhMrbXrgRrn3ZYs651989u/JTNB+8I6HP4be3MprLrt0zvldS51Pfe9b/NCOQdIjNbgLOxBNNUAgOJ5Ece0sVA+Ow93oYsm1p+LwT3dj+PJ1KM7rwJzrz8bYk0dRGa+i59ylGHzsMAbGynzhBctRbSQUTYeQqYbnO0hqMRJVhUcEzvkcTlRJutKGTCqr4yS2iDpajpvwPQz2T8DxXbgzl5loEbOMtaQFE0ycELWKGFxJBGI2BgCT9FrGepi5AOUMemPnVMDqKPFiTqgtSiREiyphCxwTvVBUWyRT0WrvWBpAC0ASWpahIMNgZ2a72SqALQZsq0yBtbHFWgrYLC/72gDrBsCpgfQ8oMuBGW6CCh7geKCO4CQlxKQaQoqTz5kkAY6Afe0EHaUwsZrZVthKbwzNPC6UAQEwSkM4JVvjlAIRwWhjC5sdZW0HaAwZeHyinhKQ2tcrJIQjWLqShGMlWRCw3aWx6dBSG1RSTd9/agjnzy1jvJ6gXIvQ15bHvcNNHKqkcLI+jJAkMw5IEojsiBqlGl4g+e7jNfR972FaUHAwXQ1R14aPTiW49WgVsuBbW50gAARQbM+zG7hUm6pTEiaQjrBLGGWQhpHFzaVAVAkRAWjWffuxUYqMsWvnbMwwRJTmBZzFBVZjTXLyGaQTFZp7+jKc+vJTcMt7vwv4HowrkFvaiaM/2Y2+0+fjd15xMaaKDfx4xyE6ctsunH7WcnQs68XEA7sASfA7s0iaKUTOsxpdY2BY89p1i+AG3hf7b9tRvvDGC2fGQdr0h5tyoq93SXWgeXD7Tbc3//uIn/+Tj54L1/D2j0qjUp1vciQ5SufFU/X5ulz357bPweyOedq4QiajEbEoA4kGuQ7i4Rq8jAvpCBy//wCWvep0FJ4dwOBjBzm74VLKdrdhyR9fgf0fu42Xvv58co6XYAoePfvUYaw9ZykOPXIQYZSiPFgGJQraAGmUshO4JLMeTJSCmRlS0ElqZuvObjPdich17IUibREQ0lp6JI0IcZi+SCtODEeQcAQc6ZCJU7BhdnxJjudCpwoqTmE9QYnYtELeTzahrZI20wExiI052QDxTLERL4yfRLZxgbGEVgh64WcIzBIkHWkrk7QW0xYr45NNEBu23xMEI1pkWTnzmDbQAgywIMCTzMwWlNMpIOzfFo7T4psZGG1gLzoDHVttIRHZLrBV7O1OkABJIEFMrrTAmiQYhi1kvmtBPaUJDmwRZIBSbZUJ0tibBLP9O7J1oyAGS8Hs2GJOxNCGrYQ2VWCAv/v8NIUskSeFrHSwbTTF9/dNQWR9sCuZPJfgSpAgaG3ArWAPpRQdroX46rN1XLikkythTMcrip6biBBrgHyrnBLSbmqr03USjmTXIbi+JOlIOL4DrQ23z28nAtCYbkBphgoTEECSmeH5MI0YQVcOhXkdXDOalr9jE9x2j8bvO4qJb21H4DnY9PuX4vGfPg2dAtnuEpa8/kzEtQhRonHGmiW8sDug+w/sxrGn+pE+N4KN/3gVfvzjB5BWGSIAZN4DKwaHKUTgQkWR6Sr6oq0zV96xZ/gWMGgbbdMz7i3O3L7Zs1cv/IPjhx9/1/+YDqulGXqh7yfwVlyvAYwPXfb0O0w97Y6n09HmULj9PueR3m/yz05ZtGD24jwCWa+V4fTmWQQu6SgF5X2ksYHTnUdzvIFGU2P9m17Cj97yGE2PVLFwwRLkrz4blYcPYXysjJ5rT0HyxAiHaYxMTw498zvoqZ/sRpD1IAAbg2WY4kqTM21Z1OtRi034QmdDVkdjqQpgEDFUEgPaMBxBFvMiUD4P0ooBIrbjFBEEa5VClyftmgsEpRlwBbyuTpjWKDfDL22R5V90BduHx0xHRi+UJpIWjxJCwBgNbkV8zRQwkgQIOUNeBTm201BxCIQRkKSAa7sOJIqQKsBxGNkcyWzGsvXNizs9ArfGY7BhO9fY0Raptl2NFCBPQldr0ONVwHdA7R2txGG7hCDpADAtJ3YA4oXaTCBixcQEhn5RASKy2knmkyoDtDolkgSy/lutSgi2rFzLNRFSMqQECUHkEKRDLAlklLYTq+ug3Aj5a4/3U8YDd3S20WAtBTkScCRICmLYpQqEA9vCtl52nEK4EodizYd2jLbY6sQIXBKuhGk9aaOZwIbZAIBGokAm1QCl8I0P6UjE9QSO74BJgHWKbHsOtaEyjDEEIkjfRWFWiZMwgekKsPiM9cjPb8eJW3ZCRxHmXbqKJzmio8/0Q2ZdzL9yObIS2P+zXSicu4AXr+jFocYYTxyZpPEfPoPLrz+TD504iqnxkJyMg7gZwy1lIWMDEWvIrAMdk1m6bq5DRJ8bunfngU03bnK2YZuecW/pz/X0Zwcm/n7br7CA+29XsP5VgSNAex7H0Q3tJ/rFrMUFP83GY/uGPt6cKC/uWrzkXYsuX3PerkrNCN8V6VRo7+gMRJUIuUXtoHKC0ecHMee151FXqYTxR/ZDnH4mutqK6PidC+jATT/DvDk9GOqdpsaROp58uh/nnrUMHXuHEWR9ZAIPUwNTSBsJmoPTSMOUMp15hFN1CMexg5kFwgkgkp4LE8dYfupq/O/3/2+TCi1CHXGHX8LX//ErdM9dd0IW2skobQ3mIGAadVp5+jr84R+8HZXqJBsSHBgXh04cwxe/8CUSMoB1TjC2c7HTnZX0zMyJtghxK/vTFiTfaQVKpGxUSnB9SM+3wLsyrR6vta4EQwYeVJrATI1j6co1fOaGDVi3ahW6+nohPAdhpY6xkWE8t2sXPfXsczwyMUqiUADp1q00VTCmFfzhSoamFzhoLVADAhC+hK5Vee3qlbjuZdfS4f6j+Nr3vw3hZJg1bJF1CKzp5CZ15tcBWDoJgQUJgiNtBfMd+5oMgwVBkEMmSYFUw6TK6jrJLlCYqIUCsS1i1Oq0pNUlgAhMRDNVj+2ISYIMLrn+Kkjh0j333c/kgaTvQyvNkILcwGWjDKnYWk1DG5gkZSYiSAEZOISsy8xMZEDkSJg0BQy1iHytzhVMrG3YxIybq0o0J2ECSIFiZx5JPYZWmnVimexojf1u3kdaj6jhCKChcd+ffwWdK5eheWgc/rJuFC9dSjsefh7UGaArX0Lv2oW8647ttOKslbzk4pU00R1geHCSwwMV9Igsz14zm378sydZkoPYJ/ilItJYISo3kV3ai+Zk1XTMLki3EEw+e3j882CmbUT6xUXp0B9/Jj4EHPqfjWG9GM26ZavZTtDYfHV5bnhnuEDOm6ouKx19+geP5UsdxXMLi7pIT0cwUcuuJFUgX0LVE2QWtqN2YAxDu09g1cvPwiMPPIvnjx7BS848D4svOAMYmMaJZ45izmXrcOgHT/PUWI0mKg284d3X4PZbH0WpmMGJHcdBzJAFn+LpJvKdObiFADq2HQNpBpO9/xvDJLMZ7H34Kd7+1HZ6x1/8KU6kQ+hwO+hv1qzGMxuf5XI1JBICTPaDJjuLfGz/PlA+Q6+7/vdRQZnmYxbe+vtvtriY7VLAjrRTmWyNaoZBqtW1iBaZ3pFsnRrsuJjPB5g7fyn19PSi/8gxnBgYhHRcGGphWtqABEEGPqfT09RVLPAH//4zuPa665DPll58OySnVRqbaCKqRHjvX/8lvv7Nr8Np74LRNkkaxBb/YU3/AnAluFayZOpNrF68lO657WcoZNqQBdDX18sf++jH4JQ6oI1hJMrOp47tLGkGB9T2tNluyirOGQDpVoslATKwtA/PgSGCcB37+0rbrykNZrbj6MwiQhIgbIE1dsC25VFKSEdyMjyGd3/gz/D+972fFGI8cu82et1vv5GVFPZMztw8LDIIo+x/WdhCZKmwJ5cVzA61QAQCCSIIYmoxDmx3ygxph1XDbK2PWiTn6niNYUDCdezsKlMiw8walCllgEDC78mDlUF4YBwjJyZROG0B2lb1IZ2OMTlQRnZeJ+ZsPJ0PHx8n2Z3DhW+4nI5nKqgEORwZPk7Htu3Gm3/nZThSn4IIAgrHQigWgCuRTFThzW5n9hxypDCzV81x2HG+PHz79uObbrzQ2fbzqAy/gS2h+E3xKWbAHmzZYgY++Xj4eHF1nKCmTMU8aKLogO87aI5WNSRZFpUnQSQQDdcg57Qjs6IXh544gLgvi6WvOBcHH9uNkbCKZV6Jz3/9NeBiO+opcM6briS/zcXR/gkMpzFWnb4Ih548iGxfHp0rZ2HWKQtRWtyDuJnCL2WtNMfaNJOQwiqjW/g7AsLe3XugdMhho0ETlXG0dfTgxg9tgYlqkKXA0guEADkuRWmE7/3gFpR1FRPNCvYO7ced995NaMvBOAT2JMiVIF9aqCpOLajsSIuTuRJwJcGThMCFKGWJmzV86m/+hu+5/Wd8681b+f1/9ucwYR0icO3WTFqwXWR8pLUynXXKejxyxza85Y1vQ+oTKtwgAqiWVGjf8CHsGjiAicYYFIA5pQ5at34d4BKEZwsvnBYO5gq7uXuRTpIcK/4WIHCjiQULF3Mp08aHy0d5giO84mUvJzCRmdGGixncjZiIX8DgiMkS1iwSP7OlZbuxAGuGYYaxuFNrFBSASyBXgF0Byvk2u9KTtiN3X6zptN0cG8uXYzAMM8Fz6NKXXkqDehRHykO46JLL0bVgFunETjnsOzCOQ1oACFxQIEEZF6KYsSTdmffIFjcryxItnZckCFcSXAGWtkM2ojWrSuv6IRzbIQopIaUkJ3AgXQE22uYSEJEMJDqW9iLtyMIUPKA3j44bzoR/8WLwml7MuvxU9N+/F2nTINfbw8f3HsTwWD/WXHo2eEkHioV2NMfLqN53CEvautF1djc99djzSCMCZzxkeopwmGCkhLu2h1QBKnvmQsmzOg7Fk/HnV2++Lr9ty79CDv8fvyX81xwKAMaWLcbbfF00fsudh7Nv3fipBafM/1z9RJXjqQaE74BTK2ImCUTD0xC5ACY2OLh9Py5+yysx2Yiwa/9BPm/jSsx2mM973dXYvv85LF+1GhMXHqNDP36at/3kGeptz2LtBcthcg6Gdo8inQyRViOQK6GaCrmuAhoT1ZkxjVsgo71YhSApJAtJJIRA4Po8GI3hla/6bdx/1/34wY++D7e9GyqM7cWYDSiXLSIjs3CcBgJPIJfPcxQ2SPjeybBT681gP7gs7PrcaAN2JWD34C06AIOM4fagBAEHoakj4zl2o0d21DJaQzoOTNjAwllz8MNvfZ+zxTY6Eo5ze6aAxlQZ7/383+CeRx7ioYkJ6FShM5fjNUuW0Zt++w1crpXtH2r9m6kjkPaGysyA1CAhIITlpxmtQaUiHn7kEdz99AM494yzITTw5Ztvttt6w4AjIFzXvulaE/NJigWIJMgY8En2Ap9cMJC0MqnWAoTNTMeizcxqtRUA3QokYUDY58atdxDGaEuEdGSLTWBHXJKEb3/tO/zXn/wwOtva6btbv4vxgWFIzweYIEhAuvYS0UkKIaVF4EiAAmpx9ozdwFqiMaxYXrDdgdpKbYT9Ry1MsUXwALe6QmXsZpQThpNxIRzLl2Nj0LGoG9F0A/nlPRBnLUCjEWLtVRvR5XVDqQpOPPEcmgNTKK1cjMyCWYhRoatnnccrNq0hEaZ8MG5SMtnE+H3P4Y8/8ae48/5HkCYS7BLSiQh+dwlRLURu5RwsuP5sdJFLq3pm04Gn9t+y78hwdmXe5z3473P8pgvW/0Hx34OtatNfbXK2bdn2lcWfecPbetbP3XDiwf1aZFzJHrNppsRaQzcUZEkg01NEee8Ijhw6jJdfcSlufuReTIUhvSU4BV6PAbnA7ukhzNuwHgNPH0bz8BSOHh7jfMaleLLOjuugemKa0jCB4zlI0xSCgEx7HlE9BhtDQhAMTgLQbIyBAliSS4YMJDSG9AT91Ydu5Icee4imwhDCdVoJny2HTzBZebIgEoLhOMyxITj2Ay2EhOYQRodACuiEAddn4eSJtL2QSUqQJ5mFQbPVARghKO9nwNIgkZZPJTwB+A5Qj/Dpv/sEF4sdGIomueTnqDkxhSteeTUOH9oPdHZaMJoI9clx7j/Rj59uuxeF9g5QtgCVpGA2UFEE+B4QK8spc10W0iGdpmzCGsHxIYMAwgC1eo1e/trreP0p66leq+HIoQOgvi6wAoxWMElkR1sQ4BALASJXQtcbjCQm5LJwgwA6sSng5AioMAKi0E6JQoByeUh2wVECkBWRU0u4Llr4ngobQGzdM2yX6EEEPoQQYGXHM60UuJDjb3z5Zjz2+BOUzQS8a9dzQD5PwhCMMdD1KlId2PPpsO08QVBxAjTqgOtC5nLgWAOOA4KBdBxOG00gbKAFWAFeQMLLWBqKNoBpjRdCtDp6y9XyfJd1lLTkEAL57iJMrDA10YAfJ6DjUwhOn4+h259G8JJzENer2P/VbXDgYtVbzofIZej4sw2cdeG55La7PGlqNJFz0P/EAWy6/hKMVyt4YudhZEUOyWQTXnsOaSOB15VH55oeLCp18puWX4zR2mTyZO3xWkeh2Lj7f3+9iT/7xi97PfP/5A7rhWMLTP2GugRzMvGX13ywa277bSPFDOkohZP3SYCQsgGMQTpcgewpwHV8HNu5H6eeegqf2bmYvrF3G1562gpc4MyGbtf8UBrTcwOHMXfhIjq4/TicuqLqdIh4tGKtk0Fwsx5UM4H0HUS1EG7Gh5fzEFdCa2AmCDMSaOvEICiF5hw51OYXUYlqWNAzjz70oQ/hD264gd3u3pm+idgwSxBJFi2aQKt1EBZQNaSByXHMXrQEp6xchXxbCTqO+cDRfuzevdNeFG15GM1I6w1qy7VxqVhg3dorlnIFavey7JJAnIAaDrMKq3jZVVfjyvMvwUhSo4wTcFH4/Nb3vIsOHzuCTN88pEbZBsAAIpsnUSiBCVRrhBDSAScKQcbH3CULUKtW2PMCJI2Qx8tT0JUyZi9YQqctW4F9g8dw+MgRyEwGPbNnQbhERw8dYh0mJDLZFvlUo9RWRM7zycCwDiOqNyOEnALlKpYvXUFL5i7AzgN7ebD/KLyeHkrSmDE5SUuWruEN69eRzGQwemKQtu14CiqJIJ0AhvVJEqoIXKh6FSCBU045FfM7euCXcqzCEHsPHKL9B/bBOBJOtgA2FjTzGehYuYSm4gpCpNS1YAGm6lXmRFNXdyfaSkU04pAFCLVGjWpJzKpcpo6eWTj97HN5anoSz+x4jihXgBCCDUDp2Ci1zZ6N9eecwwUvIAnCwRP9vHfvPoIEvFIbdKwAw8zaEEkiIRyWrkNSEGkhQGA4nkSuPctCCsp3FzBxZBzJQBmFaojD5QYObX0EXImAqQbmvHEjOtcsQeX2Xdy7cBmqPQ7aNNMzjX4evH0nlRLwRddfjH/4q8+R392F+t5RQBOkNgwvIXdBB1wC4qiB+2tH5HP79qnRkXJtaZgJN7z9DGf7/+0qOgOSmF9VG/jfpWD9R0hkBIDjztkd6//+d+o7//pHP3nJZ994+9x1864+8tB+jVhJb3YJaioER5qNBMlqDNFdQG2kyU/v24Hzu9Zi56HH8eVVO/BPmY14JhqgeW296JfHMeqnyJbyqOw7gmJbFj1r5uDEzhN2+58qy0JnS15UUQIZOOz4LimlACaGsUiqFDNIOIgM8f7Dh7Bi8TIajIbximuu45/e/jP8+PbbEPT1IW0ZABKIHSHIEcKaYDFD+C5UHCPQKT7woY/huuuvQ66tiAAeAENpEuPxRx7H+7a8n/cO9YMI9JH3/hWuv/rVEHmPtFFgaFqxdi0/9eBTEI6D8vQUX/a6V2JysoLXvuI6CgFOdco9Xgd+dPePcMe9d8Lr7kUcRy2+RIv2IGxHYXSL9Km0HZniCJ/4yw/ivHVnoSZTErHC2nNP4Wtf92b87V9+EJlSCSaKcN1b3oB7f/ZjXPxbV+GTH/oIKmGDumQB7/jAu/Hd238I4QRY0NeLW7/8dZZBQAG7+Ondd9Ifvesd/PnPfYUuveQi5DIFNCpl+ofP/xN/9NMfQ1tPL27868147WtfS6WgCA0Qg7H7uWf4re9+J/aeOEzSz8AoayWkpiaw6ZyN/MH3bcb8dStQ9PPw4CJFglpYx+4nn8N7PvQB3n3sIPnt7Uinq2jraqeffPtWdM2ahSAIsH37dvzWa64FeQ58ADf/4+eweNFyGGhMDY/irE1n43Vvehu/913vIac7T23I4g2vew3fcf89hEKeRKOJLR/+O1z7yldwsaeDXPJYQaFWr+LwroP46w9u5se3PwW/1EmqGRKT7dggQCZVSAxDuhJJLUSxtwQVKZKeRDhaBWuN9jltaEw1QOUQxVyAyADO2jnIllx07qxjp4ro9ZdegCtpGe5N9/OTTz4D/ehu/odvfxbf+u43Ke0ugMop3MBK3lQ9JjIMLoeYPDJhxJ7j4tDA5FDUP/XdXEM9GM0pNSsD3eLFxG8Q+Mp/eHNXpj03+we/+9kdLzbf2/je67pDL2zkH6gl27b9epJ0xH9J5/RL/I5Ionrz+IQEoOvjU+/vWNQWO21Z0q7LSaiAKAUcQSQkZCkDroZwSVD/k0epPFfi8u5luOvRu/gz4XaMygjPTR5Hsy8PLQnwXA48gdmblkPFMYzSUIopbSYv4L+eA+G7rGJFJAVDCoa02zCw9UhgMJEhLvgFfOGDf8/D+4+h6BYwkIzhxg9tQVdvF9K0ASgNx5XEEJDssUMuWDBbMqeCn6b4yhf/GW+94R2cFCUrCIxHEwihEHrMGy+6BD+99UdY3N0HVOu8Yv0aXtzVCy/wyUAjNZrJ92hu3zzM7pqFlctWgpjhd7XTurVruYKQjLCfpu/cupXIc2BSZccSYiYh7Phq2Aq3HQkROJCuw8Jz0WzU+B8++xnjZ20CcmwUXnHttfjk33+CM6U2riHiYpDDnAXzAd/FIw88xBEMq7Ysu6U2LF64EEhi+PkCdj71JN9+z13UUeiBWyxh+aol/Ikvfha/c/W1nMnkWUOzLnn8N+/5S9z4vg/wd750M/74TTdAecxVNDmCwkhSxoZTN+BLn/0cXAIbF5A5H6o6jde/9nV8+60/40VnrIfnB1RuTNO+of1UQZOSjMCpm87l239wO05ftpLj6XH2u9owMnAc9z3zCJygwE0YLF6wiLO5AOS6GNx/AD+97Udw/AKlvkeFtnb+7bf9Dv7+bz4Nv7uLa6qBEJovvOJS4kaD80Lilm9vxVv+4J3s9raDyeGxiWFMpw2ifEBLzl3P3/rhrTjj9NMoLk/Cukc4MEazUQZ2aWiYUoPuuZ3MqUZb3rfpUeUIpe4SHADxaI1LPXn4rkBSjcDjIQZu38H3/uRnfNWK9bgiWAjjMG7d+QhVvvUUffD3fx8P3HMn3f3ULgRTCnqwAkkClChWzRgmMUhrEYfVBJUD401z34E/nf2JR27cL297/tH33Fz7P6R4LQ7WHVPzJ53ggt2tbcPJa33KQwWVtJSs6uiYMeD9JeoM4ec78f432RL+K0czkepQR9jctHmT8+yWH+8s5bLfmnfaPIHRivbyGThtGTbKwMQKSTWEZgMfgJyM8ehP78P8eT0oPjtIf3/bl/me5iHECLl+cBD1gXEkY2UE8zrRUyoya4brODxDz2FmwGjoKIHWmoQgNkrPbJha63LLF9JgVkaRFA4mJ6fpL9/zXpRknptxgzr6ZtFH/vpj0JUGKHBBDLBVHdo9sCGC60JNTuEv/vwDfOlFV/GR5jFCI8UH3vMnfPUrr8Xb3/4WjiYqNB1Pc7GjDx/4wGZwpOjdN76P3vSed+LQzufZpwBSODQyNIi/+PiN+NCXP4XPf/tmVGsV6ujoQq5YRGJiGEdwXTWwb98+Zsez8ptWY6WTGGp4FHpsEunoOPREGapcQ1ovQ6sUKOZpYnKUmoigodj1Pf6r9/4VHHh4/vgeDB60NJxqrWrHZqKWowRTgxXCKASEYCJiCnzat/t51gAPhCO8dOVqXHn+Fbjhxj/B9a9/Dbbe/n0uIMDhZIL++B1/RmduOBvv+tj7+cIrLsMVL70U99x7J/d4JT4WT9G6NafS2aefA1NrQIVNrFy6Ap/62CdpMJ0kAuOu23/El1xyIa648kp+++t+B+lkDRPhNLgg6abPfxFtXg5pHIECH1HYhGFDmjVinVieFhPI88CRYpcZYdRkk3XoI3/5EUw3RvHMM4+iPDTGOQS8e89uhgb94+c+zy+54DIMRKNUm5jGO9/yFvqtyy7n11/6W2bv488iTGLU3BR/+8mPc+D6LdttWIF/S7jOxn4UCzmf2vsKrNggrEfsCEKz0uTywDSEK8nLBVwbb8ANXJgwRlhNqHdOL12wbj0/0xjEB2sP4vmv3s5vvvxlLBaV8KVv3obuJMuqtXhI6hHSRkrSscoNMJlcxhNdkLfWnj56e/1dpxlsaVmc/Lxjyxaz9frr/y+O5Z4tW5Ptn7pzJDHd0xvefmlx/dtesmjta8/uxb/DK+//FQzr/zpmKvq2zRCbN28W3zvyxN/0zut8+eiC9o7moVHjdOcFIg3WGjwBBOcv42i8Rr0bF+LYT7fj3u4CrnjZZfjmp2/G4JwezD91JR0d3Am1axgwmmpjFTzx46eIEw3Nxi7pHAFi63rQMyePZact5N1PHKawDiC28fFszfFYCAaBSbFCgiZ1tXfxfd+9Dd/55lfp+tf/Do7VB/Cyq1+J1913P3/rq18grTU7EMRgNjbYBjAK85Ysw+te/1r0x0NYmJ3LW/7mr+gb37gZ3uKFOPzDpyjrZfHFz3yJhtNJvviSS2nRmafi6LGj+OqDj+GiCy7CivUbUCCHH925C5+6cQthdjegmMGEggwYvkBsNPuOT+Pjk5iq1wFYOY10JHS9jrNP3YB/+uBHudysUpRG7MClUCs+OHyMPvrJT2BiaoJTMGKVkBZAJpNhpxHhze96K91+zx3QoeJTNpyK4ZEJoFgCC4KCRoNTlKgEaG45kQEcJXDYaqI1GJ5w8bt/9Ga6+wffA2Z14e7t23DaulPRPX8eIqP4nrt+in/46w8TFs9hjJfpvVs+wBdecBE07PpizZqVeOjpB4DU8Pv+93uQOhKkgGOHDtPb3/UOTjwJIT2660e381/kcrjpi/9MRxuDvGrBCrr+1dfzTV+72RJhQ00+SaRMEMxMriRiAeMKwBMgIlbQ1OYV+P577qK/+PM/xYlKmbOFLNatXiueeOYxvvTal/OVF12Fw80TPDfbg3f+6e/Tj27/PoIF82lgz25s+eCN+O6PfoTRcAKrVq3DqWds4MefeJSyvX3QSkEyIYkSFq5DcZqib24XNpy6mA4fPIHy7Cb1Hx3F+ESdiMG5zgLiMCUw2KSKEpVi7op5fNVl5+Kuyg4KagV+7otfw/LZ82jBS5dhy6f+Ae2ZLjSjhHQtRjafQb0lSVXawGkLjIoS0S4w5Srx+XF0R+Pjq82/mJTopPj8F1EZGNhON6XLr97grvn9Kz+rY1Ue33Ps3SM7RsZ/gRUy/yZHwl/92AKzZc8eev4zdxyWafonczcuJ6SauRJBCCsKS6fqUCNVOLPb0Jiqwnc9HLntaRxsnMApKxbR/o9uRf+efehc0wciAx2nMGECDlyoOLWraG3ASkMBWLxuDt7xJ6/C1z/zUbzh9S/lOGzC8ZyWTrglqoUEWtoQCcGcKKJ2Hx/98Ed4ZGiA85k8TqSj+KsP/CXau2eh1qzBhWPlf8wQLBiVGi46+3y0FbqgwBhpjOKb3/8u4GeQjE0D5ODRBx9B00RQxqDgFXHakhWgVMHpbCeQdUnVAFzXI2dWF7J9s+D39BCCAMooKDYwADTASZpwmqZAai2fjdYQuSzvPrwPn//uP6Nn6XzesPEiLN54Bl+y6VLUy1NcHhhgBB7FqUaSJpzolLPI4B+/+I/4/pdvhsnmoDsKtH3HcxgaHQZcD6w0MQwUa6uAtE1lS9MIZjZIoeB6HgamR/HEc9tZ9s1BkC8xGDh45BAEOUxCYrI8RbK9hGw2T7K3B2MjozR44jhc32ND4FJbG1Bv8IL5C3HBhZswlVbQ7XTi+7d8lxMVUzZfBEUMZ948uuO+e3DoyD4u5dowwWVc8/KXwwlyQMuwkVv8FSGsBhFC8Iym0qoKNAfwcfMXb+ITx47Cy+bQDBU9sX07kBq65uWvQIQUfuBjYPgYfnDrVkY+j2h0AnAkHdpzgONqBa6QYBa0fs0aQCswASpRlIQxHGmN2zUztbdl8Lu/fQ3+7I/fjHPOX40wiaGTlFkICmsh1SdrYMNQ2sBTjIuvvQg7KsdxoP8YHvjSDyjaeQKvuuIKfPnT30Q8bFAoZpExjHx71nLZtDlJLo4ma9zTmadlG5Z8evuHbnlm9YU94ufYnVtd2r+Hd9UaGw/UtpejqebNzeHph7tWLff/szz/ft0d1q8Gum3dqjd84Qb3kbff9LWzN1/zyq7T5l4z8cQxO4uxZSyHDx8gf6AT8uzFYKGhj5fx6D/fgTXXbsDsB3M4+KFb0feG81BYNwfNMEY6XIYamp6xjrE8REfwGReupIsuW48VS+fj8e1PotYswyEJHWswG0hhAG2IBSNmBW37JVaGmX2XpqYnsOUDm/GFm7+MA1E/OjsW4s/f937eest3yEqbbQoQXAEA3LVwNiJOCTCsoPCOP/hDbtYiymV8pEpxX1cvhSZFpFJKpeKOrk6wMqSIWVjJMidIyA8CqESBoggm0YAAwjCEjhKivI/UJPAzAWccF1UYK2NpETBjR+KLn/4UHR8fMl/83D/TWHOSMhkHjz31pKU1GwAOUWIUUhAbgA4fP8KyqwNkGFIzOMiBmKHSFCyN9WAlC5BD2lsiMVrMfQEDqxeMo5Ao8GBgoAWIjOEZCYuChrGBH9DaEkZNqgCloWGQQCPwfaBpaPXSFQiyeVTDKU7dFDsO7QXJgHWkiDwJQcRJ3KTD+w7wgsUraMKUefaSJdQzZxaGjuwHE6BhkBoNmolV04YgBYxqOVUICYWEIjIQ2XxL0kNw/AySaswrlixBhAQeSySBi7/4qw+QYmtDI9lwe0cHTOAgUSHFOkVnb5cl6UcKJtEspA05MSqF7zk4uPc4br/9Hly06SycsmYxXnXdZfjGV+4grQ1UlLKb88hoQ9xMcdrrz8NxNYXGpEeVo9PY/4278PZPv5ue+Ml9OLF/BItOWYSkHoEThZiBKEwA1bqZRcZ09RbEuvULh448ffwrS//oSrNny9b0X5YqEPjqb/7RJh3GjZ+97aanZ772b16726B+tu2T32+JiuV/Fvj+6y5Yv/KT3D50kwaD2v6S37Nw7eyLpw6MZVkZe8pSewGqRozkxATLlv1wsneMj2efpblXLcHER+/HxHef5ra1c6ht7Xx0trVh6P7noZWGIMu2LHTlqdSRx2MP7cbXbr6LK9M10jXF0GBtFEEKQOuWjbFV3TITn4zNSRT8nl6647Yf4kffv5Ivf9XLMRCP0DWvfxUq05M80hyBzLoMNoKNYUgidohjStkYjbaggM2/92cwLe8YB6AUQB0GgZPlXjgodLa1CESGNAxrMBSYpRSEOIVpxrDG8QKTo2M0MTHJfcUFKId1mt3ehUWz52BsbAgUZMCixeZXCnJWL4wryQgDIwGS4CCXA3IZAjNr0xJWz4gTFZFWBtIQdJxY7pcjYf2kGSww89yIQZZ35QnAdYiEYILgFEwkBZMvASWtpElreIHPxqoiEUi/JYfRYM0AWdJmYhS0aEGDEtyVzUFAIoEmA8VRkhIzQysNAwZJlxApmGYKwAFrQLrEvusQYMm4BsyqBWWSNmBlO0PWDAGwFK4gCE4lk3EkBFtNp/EdkBTwpGCCAGmi3vZe3PgHf4EIYBcgCbACqIoEWTR4NgoQQgBaE5ihYkWSiI3SJD0JKQUf3DuMf7rpx1StNnDZxWdjdk8e3T1tGBwY51wpg1gZRNNNLD13IfIL2zh1BY0dHcexv70N13zgtXA95vvvfgQrrzyT2jIe5AIXk0fGUS6HHMxrI1VLEY7X2M/55oLrznZMM/rInr/cenzDF25w/+X1t/nGzbQFW9hz3b5E0MT/yff+BRc/tyxIrA7xfyaG9fNGw03Y5Nz51z/af8Vn3/DJRRet+KvDd+5Rohg43GIDszLQkw2i9hwQpzCc0uhP96K9fT1Of8sZePwj91OlGaFr7TwUl3SgdKwbk7sGYAQx6hHk/HZsu207pCcpjjU40WCjAQMiT9qxRgjLerf+UMzEJ73hYeOfINrasOWDW3D2pvPgtgVomASvuOH10GCQ1kLTjG+5gUpT+BCAIzBemcDHv/QRSOkSjFX2t1po1jCIJ2t46OFHIfMF6IkpGG1IQcFAwyExU1DAYDgkkFQqeObJx/HaxasxqcsQ8HDZJZfg8Ye3gYodMEq3dHyAjlO2ommGYsUa+qQfoGXZazLGsGJiDSZmA2gNVqnlEQGAsdw4+9IMaaNsh8Vs1b4t40GLEjKYFZMUQKzAzQSc9RkAKaVO2noIQa2/yyf9sjSMvcmgZccjwKO1CoWIWbdE552ldiajSQgBnaSAY2U+mg3swMXEmpEaA5CEFIJFa9axpBOyukZlANEisLD1M2v5mtnznSgrp1IGSmvS0EiFRqNRw4e//Y9cadQJhlkQIU1ijtIEbAyxYn7gwYcgcgWkjci+a9pAeNazXsUpMvkA1WqMT37iVn7wwV1YuKSH2rqzmJp0qFlvQnou5qzqReeaXoSNhCbGqzj25Qdw/qXn4w2veCU+9NXP0ZyF81E/Pg3Tk4M60gBnfIjYUBzGoEgjrTT1igtWOqZaf/SH7/rWl6675Tq59fqb1L9sMmYSmG+9/hPf/WUlOfRrkO789y9YALbduE1ft+Y6OfzM9Kd6F3e/eXRZz9z6aF0jVRJSwCQaaSWC01rLA4BMXBz7/h6c/5YzMPuCBRjaPoSoMwv/vGVY8fsX4sn3fAc9XZ104e/9Fp647zE0kwgiZohIETuCTcpEnlXct7z8CAwopVhBkYaVU1DLg8koQHgBJoZG6cM3fhgf++xneag5RBkvS6692JlZkc0bY6oNT5AGI0pD9Ja6+K7b7qITe58H2tpsUXSkze1ybdsDI+Dks7ZWugIpNKXQzEYTudJq6uIU0nWhCnl8/Zvfode+9nfYdQlTehKvfs1r+TNf+ieU05i8bAYqSVpoOFPSaLAA4JAkAQGVpEBgAy2sfxZTyhoxUhYZj2Z8bgRZAbdR5uQeKGZNTIwEqfWcUIY4VkCqYXnfrfPmCDgKBK3BWhGUZk0zoBeQpikhUVZw7UrmyHrmGyJOoEmblCFBzx/Yx9XqFEQAxDA478xz6PYfbAW5HSClWppAD5m2PGKkcFzJ44ODGB8dIzgOdJwSg5FCQ1jhD808DWlF2JxCwcCwzWxkolaBFtJAs8GxqWHM5XWUcAqfXP7Mxz9D0ycGgExAUNqeG4a18FGGkM/A8QLL1m+5gggiTlOFIOdR1Iih4pSFEPTkUwcwOl1H0miivauAK1+5EU5J4OjAJDQxRg+N4uC9u3DG6vX8jvf9HvbdfRfef8nl+MiR76KpEpo+mkD5HtKpGnQzRlpuQtdCU5rXhrZFHfGJscq7mTm+fuv14t+ciFo+j/9iFPy1M9v/3wHdfw6Q9/Df/mRaRckfLT97MYk4YaSGEWuIwIPwHEgIiIxvo7ZnlRBXEzz39WewaOMiFGfnMf3cACYPDiOT8XHun70UNRVh+0PPoFwNke/Mw8s5UPXopHeX9U0mq5RtgYZsuBUaL+yHuJXOSgyYJIXT24Mfbr2F7//JT9CV7UIjaYDZpu0QBEycElji6e3bOTURGzZISNPHP/5JdrNFCMeHX2iDlyux294JGIcRKwiSsBewIa2sgFeAQL4LTlKrXHMkoqkpsONi+/Yn8MPbb6Mev5erUQ0dfbPx2b/7DKje4KRRBzvSCptdwUmSwICh2cw4DTBa+r80TaC0PmnRLF5kq2yDatnapNq4NJJELEhCApC2++OWUwFY2y6JuaVawYvYOtqQNnrmzSYboCpa7qw2nU2ASEKAYaAMExyfh4YH6NCefSi6JYwlk3T5VVdyId+JuFGH53tIm3Xu6enFGWedjUpapi604dFHH0ZcqQCaoWwoLhvWsO0QwyR21AURuwB8ODCwHTU8hy0219JGCsYjDzyEIuW4mTThZ3P0qU9/GvB9uN3d8GfNgje7D6KvC/Adgu/BEfKFgN+W71gaK5AgpMrYERsgHacIhMDsRe2YHK3w8vXzsOyU+Th6Ygwq66BZVzj6yF4s7pvLb/7wm/HQnjtx2upFuPolF+C0FcuwbH4nz+rMs0o1OEztaA0Ce45ees4iZ+H8no9t//BPnrz+xuvdrddv1b+gXeKfg1vxf2Wx+s8uWOLfNdj+R/H367fqTZs3OU9u/uFtuYz70QUblzmUcxW5gsEGoiuPJEyhKxGcQg6KAKeviMnJCPt/ehDn/vZp3E4Gx299Fie2PY9MWw7LXns69t32BKpHRhHWE5R6S3ADh0yqCACZRIGFZbVzqgEBFq5EZGKKOUYKTZCCZyLlWRmYSEFkC3TjezdTODnNGTdAUzURm4SNUXZCyuWwe8cOuvcnd2JerpdHqkN8yjln0Mc/+xluJ4m4UUMyPQk1XcaK+fPxvj9/LzoLRWhoIGEuN6rIGoeTuEmrVq7FuS/ZiHRiDKpW43POOJPnz54DeC4+/KEPcqM8gY5cGwYag7Tpysvx/W9vxYWnn8kZbTgNa4w4QVdnpxUxs4FCyjpuEXRTDTYCyhgoTqCRwM36LWvmVjyGtUAmECCE4NgoSoyyDZcr6IVUDpCUBANNDR0TCYGM41oHU2VAQrBmgxQJFBQHTms7q9ky70FQZBCakAwMfM8BXIdMM8VNX/g8tVOGm1EN3d1dtPn972fRqHNUnUJJOPj7j/wdy1IWWiuouImvffNrkPk8ECs4vkSKlFJWADMLRzB5LuAIEIFSgFJi22OlmtBMiOMUMAzdTCBkln7wwx/SyHg/dedK3N/sxwWXXYLNH9rCmSRB3KwiqVdRcHy+4tLL+cN/80Fr3Kq1FU0zM6cKwhFEDOI4hY7sDch1BFaevwT9+4aRhCkdPzKGu+56DOVqA6P7hrDv7j0QYw184G9/jx5/5B56+Md76dPf+hntOXKEXnbpmbRuVh+NHhuhTCOGn/dBnoCqNfRpV69zO7uL9977p7f+7XW33CK37vl3Zgxu3vwbb3D+00bCFS8/L1cu1s3oN3Y2fl3bxW1btqlNmzc52249+pdrNnae33fxio3DDx9SlCrHLQQQsYZKCVyPAJfAJBD0FTFxoswH7jlIL3/3hfjJxx9E/717wDrFglMWYO1bX8K7v/IwmaZC0p3nnvWzaGj7oM0T7CqwasQQroR0HejIUBJFXFNNLqcNSlTKzXKt5dfbUuKnGtIPMDxygj/+Nx/DRz/xSX6u+Tw8YSA127ZIGYh8Dpvf+36sP3UtFs6bi6O1fj7r5efjO2f8kPfs3UdpnNDcvll83hnnIwefv/SFL9AMyP/sk0+bN7/mbdRMQvYyEp/70k301BNPorujG6efdio2XnIxkxvQ8cEB/O4bfxvf/Np3Mac0C0PhGNa85Ax84yXfxOHDhzEwMkztmQL3LJ6HiWgaDoAcMnbFrhSgDdUqVYRJxKkLinTKMQw4SazRoLDOCDC2A1NpijSJWTsE4yiqpyFDKxAzQWmEYQNNFaGcNtjXPqnUbqzIBVilqMcRV1WDJFykUQxO45alK5BqhTCJ2KgISmSp0WwAaQyvYxZ+9sMf4WuXfxm/+9tv44PJMXrZG6/H8jWrsPfYAT5jwwbMW7QIU6aGZcECfu/mP8Who4co09HHYRQj0ik1dYRIxxCpRpwmgGOx5xSaldZIVUJK+oiimJEqsNCA1DB2u0fl6Wm8853vxLe/9S10Zzv4WHOAXv2Hv4sLr76c9x7aT550MXf+XJyx6Ex+cv+jIn1/k51sAeyCOE6tLQ0YOk7gZjw2AHEjweor1mD02DiGdw2gtLALxb4i59vz5DYjHH3sKNLhMm746Kvxw/vvwO03PYJsd4Fri7pw849/jM58jvqHpzmqp/AKPql6hLQRmjlnLJC9vfmxPQ8cvKH9ho1q6/XXG+A68e+6Frds+Y0PW+JX+l27riQAyPdlRWe2pxOb/52d1ubN4px3X5f5ZbeL2/b0MLZvT+Pp9E2lYuZY73mLHAMyyVgdzqwStFIQfUXrHCps0fK683T08DSeuW8/Nr31NMTHp3Dwx7vw/LYDKMzvpA1vvgCmEWNyxwnyOvIoruqCcAR0tUlOziMZOBCeAyhg3YbTsdpbiVV9S3iBM59+6xVXsQtpE5YdYQ3/kgROsY2+889fxcPb7qMzSusxL+ij2R29ICEYiYGQPsarFXrja17H+554DvMLfUTCUNvcTrrksstwzdWvwsYzLqT9u3bRta+4GhPlKQgjIErt+P43vy1+8JNvYVlhAQnHpWyxyK+47NV4+YYL6aMf+wgdf243hHAg29roqe1P01UvvYwev/tuzHZLlEdACpKWL1lPv3X+VTjj9AvQ2dZDPUEXzc/10Ynjh+jIYD/JzhIQxzj3rLOwrGspZmd60CHb6C2vegN19/bAqIRJCItsCOuR3jOnD8t6F9Piwjya77TjikuvhN/RQRoKwnGwav16Wuh0Ykm+F8vaF2LtqlWMNLY2Kj19OHvdqTTP6cUsp5POPPtstM2eDZMqRqwwe84srFy+HAu82ZjvtOGyTZcgyFk3A1kq4S/e/Wf4wj99ktpRYANNq85YT9e/+rdp4aIlFtgeq9Ef/fFb6aZ//hK5XT1QKqVMsYizzz0P3bINc4MerJq1lFYuWgrdCEGOi5XrV1O7lNSZLWKRLOKK8y8kipWl9GsmKE2carildjz6wEN49ctejpHnD9Oi7GwGDHXPn00vvfgqXLnppbxo0Xy678mfiM1//D4I2ZJDEWy0mxDQrUwAFaaUlhtYsXEJpganMbzjONy2HLoWdSIMI1Qm69h+5x6EwzVc9Lpz8NxTB/CzbzzJ2Y48jGKohsIPf/AUvnHrw5gIEzKGqKkUolrEXtYxc1b06aHjU287fuvTRwDgJV9/V9+FX+w959/ooOhF/zW/6YJF/wnFbobCz2vfenGviGV95zfu/vd0WWLDDRvk9pu2p7/0I193ncTWrXrJWzddmF3Y9dODTx/1leuS25mF15WjzMrZmLxjF4RhYLoJNVkDNWKoSoTV581BT3sOD3z5aQRz29F11mIsXD0LzePjeOZrj8Frz2LepSvQnGhibMcgwAIi51vJSZrg5de/kmfP7eFYRxS4Pjy4+OrNX0el2iDyvZMCahBg6nV093bzG97wWsxYBH/uy/+MRi0GaSYhJHTYACTxuRvPxYazT6X5SxfBDXwePz6Mpx9+Bvffdx+lzRCiWLLbJMduLSmJ8JrXvIYvvPwidHa0YWyqjHt/cid97wc/gPAC6x3mSPvcqzUgDrF63Xpc9JKX8IpT1lJXqYNBQJhEPFqeEGMDg/zszj14+tnt1IgiOJk8dK2G61/+MixfuoxVwAAZtGfacNs9d+LRex8k4edtSo4nYZIYa9euxrVXXYmGillEGkzEX7nlezQ1MUWZfIA3v/61KGZyLHyJwPP5iSe3009+fAdBSKw/dS1fe8WVqDRqxAAX3ABb77oD+3fvIWjGqtUr+NorXoqGbrBkh3xy8cXvfgcTY5MkWIJdhqlWsHTtGn7pZZfQvBWL0dXWibHRMX5++0766b138+TUFHldXWClWUUhze7txR/8wVvYJgtJ8n0fTzzzNN/61e9QqbeP3/Wut1M2k2WA4TBholLGxz74CVJKvxAbZqPcIV0Hql6Fm/X5yisup9PO28B98/vQaDRptH+IH7r3EXrq8afYxAoimyULwhGx1kzCJn2pMIUUwJKzFqI2UcXQziF4pQzWXLwSU5NVZAOP+58fpuZ4FWe8dA3a+wq4b+uzyM/uQFQNYZjg5gP4BY9Lc0pUm2qgFim4HVk0x2tqzaXLndk97Z+460++86ebNm9ytm3ZpjZ99g/zOiMzD7/1M+P4L0q++U0VrN/oMXPCT/vEmz4pFna8a+9TB3SmlBPFdfNwyVkb6Yn7H8Lz33sQGcdDtG8QUhAcApojVVz4W4sRVRI8/p2dcBd3YdZp83H+xStw4vkhPPyVx+C6EvMvWY7EGAw/2g/Dwma/sQGmpq3XzEyUV2KAtmIrRaLl0CmpFZkCG/pQbZjWnhHI5y2J0rTOvWy5JtTqjMS0vnbSNhAoFmy0c6JmEnDsWj1wgJEpi1FnBE7+bleHlegoY+1jwIDjAJ60Hk5RzGhRkGbi7uEKCzL7ASGba7GHADgE1MuAbnkDR8r+XjEPZLKEqCXIn0nLiJpA2LSPxS1KQqZEcFzrcTw91UqbhU0SdXwgl7dZhGkM1Gr2tQtBSAwjyAJBYEMnGiEjjiwA77Vo/sWCdRZMNRC49nU06owwAqSkGfoBJAHtJSCbsY/fbBkssgEmpu25buH78DxCkAXSFGg2+CS6Y22sCaV2a0qoT4LR1kfCWF97w4ZRqRBi3fqMsM2i9F2gUIBkwaw0sTLseA7pOIV0JVSYsnQEzVrdh8qJKVRPTMLtKGD5uYtanxfGid2DqJ6YxqzVPVh/yTLc87WnIHwPbtaH0mCR8Uh6DrzAQUXHoJThFDJQBrpzcYdcvWHB/e4zUy+byk4l22/arrAZ1NIM4v+FYvX/csEiALxh89XZsUzm6jMu3vhl0+5nHvjevTDSFatffg6aQ+N08DvbWJ+oEkcxRDOBJwhquolovIZrXr8eh/eNYfe24/AXdWDd+UtwytkL8Mzd+/Dsj3eCDGHZy9dAEeHo/YcAbaOQXM/lNFRE0lYUkxiQZyOgZMYFJ5anZMXADOk6cHMeS0FgpSlN0pbMh+BkXDiuZQF5QQDHc8FSQLOyFNIW70cwQbqSjbZ1zxBgjCbptKjkrgPpOCBj3TVtHBVYCnnSVJxZwJES7ApW0ORAgiRBKwOhDITrwCgDlSZI2cAIhitdZIRkyQTjWsqDZuZIhaS0YaUUsdGglGGUakV8tayUZxpwZY1hYJiFMSQCn3WiSKsUwnGQGA3XdRD4HjsgkpCcskGaKGJiGCsNgnAcFDMBmAmSCcZhKJUijBO4vs8eCyLHtSO3BBzfB0lJrhaIVWwzI5MYURLDERKCmLUyyGSy1hetBf4LEGsiIsOsoShWCXSkoeIUSS1CONXASWZZK9QCxliRtxQEY0COdTttxZphZkPRCtKFdAXrKAWBKTenHdWDo3ACh3vXzqbJA6McjddJFn0sOGMBOvtKKI/VePzQGJWPTaI0vwNnvGw1nrljH1erCQnfteJ8zwEFLsuOLGXmtGPlqvl4/um9qAzWdGFZt1xxxsKxxtPHTtmDhePr55eDnR+/uwEG4UbQefNuuDQNVW3s6cPP9v/ztvgXstj/J4Du/1WFasMNNzjbZ83iudWqm+bHezu6C22jqjH53qUvW/D6d5ytb/z+V3jXl+4g6s4jv6CH4qZB/UAVSA2SVCPbnoH0Je7+8QFcfN0KJAwceOAY74g1MRusOW8x3EBg+4924+Btz2PhS1dh7sbFGLj/EEwzhWIinaQt22LrJUUkwdKOBjMx82jxTY1hGDCRKwEJyMCGTjAbSN+Bk3MhBMMNPEhH2qLn+jAGoESBXAKUgHQlGWNaHustC2VjIEjCzwUQJMEGcD0XMWuQI4g0oLV1nCBl2JU+ImgkHMOHC+G4VgDrCmajSJIDYxhhEgGCIF2HPSlJkuQWCo2UNDleFoaJwnoDM7nVWhlwMwW5BPJ9mDSFYIIwbGkdnkdMgGAQxwoGBhSncOHCsSESpAlgSSSLeXCSQBLZG4VWEIEHJ7XJzsIw/JYuDpNVzpVKcKCQzZQgtYDmFA4kQAF8R3CUhiQdyaxTaqoELkm4PkAJICFZOo59T1yCywJIBcMYKqdV1NMQOgbSVKM2Pg3FliCr6pFND2qF1RIIwhWWX6qMZSto88IN1lgveuk7zEqTiVLM3bgY1cEy8m0ZzD1rIR1/+hiiiTr5fUUUZheRaQugUoXhvcNUHyyjY0kXlp27ANvvPoB6LYUMXOucbQAda3g5n9gTyJ0xD9e/5Rp86u+muTEd8urzl+no+OS79mx9amTDDcbN5/Pxi+hCrD5Ho4nSlVkdPdT/IjnO/99h/SvPYdOmTbJl+PULgHqI1bgum0G7qXjTuawftFMhM4dmdVzx6o0v/0ORNYUfP3QvHv/87Wlufqfb3HkcAgJcrgOxhqlG8PM+pCcRl5vwjMYFr1qFo7tHceCxQVApwKJzFmDV+jkQYYoffeZ+Rsy08NLlcAo+jtx/GCY1EBnvhXc7VS1WdCtaRRDNJB6bVNvvpfbOOiOoPflRSDXDtEY5w3ixxf1JX3VBNtx1xlvdIRsLb7s0htH2e55jbXnj5IWlhSTAdQiZjB1dBQDHe6HztxcVw4YkMDTb8cz17MWWaqsH5BabndjmGYKBtMUhmnExcoSNnletiHs2rUAMWIuGwLGBDVNNIOfZsNconclGRE9PBzODDAGT02WG0gQNIE0AoQApGW7Wkkllq4ubqQcznvcz507CCq49abedqsUdk/KFztV3Wt1f60wYJqStZGmt7M8qABnP2i2b1oN5svU+WmdQJhuDCEcylCFqpWu30rxtOnUrql5mPehaBE415p+/GMQaUwfG0bGkGxPPD3FjpEJ+ZwGF2SWsvWAJolqMZ36yC3E1Rr47ixXnLsC+R/rRiAxcT74wjksJ4bd4a0Uf+TV9yE+GPDJZTk9/04VeMYw+dtcff/P9191yC/88W5gXYdLm/yCK/gZCJv7bF6xNmzc5w8NoO3DTtolfjLVfJ/eeKrtEMV9yArcghGyfPnJifypUT3Da8jcqSRcKw9XxO3eeXz0yrpEqSc0UwiGgGsFMNWysfCGAMIykGiKQwBlXr8DQQAWHHzgKUQgw+8x5uPTS1YiqDfzsnx9Dpb+KvnMXwOstYGrvGBqjdaDl4mBSG8jASgOC2Ak8oowLXY8AY7lNggHWxo4MLX8tho2Pt84zoJO8ppZkj1ts95k4epJ0EjNhS9S0fE1XwggGl6voXbgQp5y6HnOWzOVipoChkWHs3jGW0vcAAF0uSURBVPE87du/F0J4oMAFK3tRMgCRccGawakCScHEbPlmngNyHZioleLDDCtRopauz5IqYQxBW2kJXpSFSEwtvycCuTYRiFxh5SwtoiRrw0Qg4brQU5P8j9/8J5x16UZM6zr+11U3YN+e/SAhaeWpq/CWd/4eH9qxBzd/+sukHWkZ+K2CzQwi5tb7YIm09nyJVgKFncgkCev3niirTrChNKyVIWjDQthUHxm4IABJPZrxZCfyJOtQkeNJCE8iqYR2sdKqdZZs8gJRnIjsVhmwmlUh2C0GlE42kO/NYOllqzF5YByTB0dRmlPCyLMDUNUIblsWHfPase6CpVCpwjN37EF1sIreZZ0466Ur8fDWHSg3NKRNNJr5wEC0EsnJlcismY1ktIbw+ePpsrdtcs/ZtPJH3/vEPe9YcO6ScN/f/nDyX9nJn+yoFrzxlLbEOMXhry8eBLbq/79g/UePzZvFhuFhGc6a9jOz22VdKuMlvhOmVe2pwGlOTRfIoXWVo9NjhTVdH5l+7PDF1UNjSnTmHakANCKwTsHVBK7rWDlNkkBFGoEDLDlrNrzAw+6f7IcpBsj3FrHx0hXIdQa461tPY+q5IXScOhfzzl+IwZ1DmNw9BvKs1II1MxybCsyS4LYFkK7DaTkkVsbGqc80T5IYxibHnCRetjqsmUgYfsF7CDOdEonWBeK0YuYJkL4LrRJkhYPf/5P/xRe9/irq65xjtYtIkIGPHLJ4Zu92vOW1b0S92gAJm+EnRCtynghQBiJw7fWZWkIjSdkKdLVxXJy2tgRS2IgtspgPQOBUA1q3vk6tr7euhBZex+aFtOaTCwuQDRSdnMDr3vYGvOVj70JD17Hlmj/nZ7Y/B4QpffqOr/Kac9ZRAT5ec9a1fPToMZK57ExUl40Ya+kViQDyXIsfSgGOEhve4VjdIjkCqplASMky41KmLQc/K7k+Wqc0TCALPtJKBJO29JItVr/0HNaJJi/nItNdgPQldKJRH61BNy08IDzn5Lkix6btGLTyCLWBLjfRdeZ89F20FMM/2Y3GYBX52UWUD41D1WKQK7Ho7AVYfd4SjOwbxc5HD4E8F4WMg8t/93Q8ftseHN0/BTfrstatAFpBINeBk7Xvnch4cLvyqD4/kPaeMss9bdOaR0bu33/txKpl9YFPbo1+ofSGSG665T1v6lk87/qjTz7zR0//4c37sXnzz7Ob+f8xrF94bNlittv75f9liD/33dcFvSu7atiOoaqTBrOF99uZtbO/CaUvre4cVM7SXoe8AHoohr+kG+b4FDi2Qlsv6yANFZ5/4BiWX7AQp7xqLXb9bB/qoxXc+9NdWHXOYrzkTefgua3Pov+hw3Ako2f9XGTbshh85CgZQyBXEIjgtGWs31CcwngO6VSBI8UkBXGqmALX7pSIX6hHypYXEvTC/dpKY1ppo7YDs6oZArUi4oUUACu0ZXx88ttf4AWnL6cGYvzg1m/g9h/+lOvNOnJBBssWLcD1r3w1FdpLqFWqkJ4PZou/CdNKAhJWpiosexzkO+BGDNO0cezCk2BqxVhJARKw1iv2ZUOQALTtMNhiXzDagGzcO3SSQMwUkVZgBKcaJlZ2A0qEtJFyhAQpayIpgUASmgpP3v0ILV4yB/ff8ygGj/WTyARgZpZSkuNKaKVBmu2cLYilK4m1vUkwEUNpmFQRuZIFM7kZF8wgVQvRbMRQJZ+SRgqjNOvRhHSkAOdk9wtWhkXGIx1HECUf8WgZ0WTIXkeWdCWCzPkAJHSiIAIHrJnJFWRa05oIJOD5PP/V60lpg31ffgLZ7jx77XmafG6QWTMhcLD4vEVYuXEx9j50GIefOg6vM4tFa/qwdsMcPLR1J04cmoab86FTDWOsuEJmPXKKAZJqE35nHrqRoPrkYT3v3MXuyvOW7j+848Q7y2ES/mFxdbzlF20AhWAsgBMUstn29s6lg467EsD+/wjB+9d5SPwPOKpXdGN4vuTh7ZFYfUG3evJ/faVZnN/5M7crdwm8zJxw35ByF3cJPR3CTDdABKSV0KZEGVjcwXEwtn8cTt7FuitX8ui+UUpqEcJUw/McvOyNGxHHKQ7esx+14QZnZpeouKTTin8BG+JJgJxVAKca6VjdtugLOsjtyDIJO06JrEvScwA1M0q1MA+e2T3NtPqtRt2i+lZIRwSrbxQWD5kq43999H284or1NMV1PHTT7fz3v/8+Gp2apunhaRo7OkR7n3yOvvfNrYjCFOw4FmaTEmaqAm42LWtdCpiwCW5E4EbTwlXadkemXoeZqoLJMCcJca0OYzTIdUGetfY1lSq4GYLDGMwMU66A4/T/a++9wyS7yjPx9zvnhspVnXOYPNMTFHoUQbQIAiFEpoVNMBgbGcOyi/Pa2Dses16bn+1dsNd4CbYxJpnBRAGKoBHKmtbknhw6h+qurq540znf749bPRqBhCSUod7n0TNPz6irq2+d+90vvN/7gotlaK8MRCPgahWcWwY7AXShUJOdNpmkIF0pY2DrFhp83UsJWuOu/7iNpienIFMp7L/9h/jKv/8n3/W175FKxGulqgddLJCqVsGCmCtV4nIFrDWpQhHaJAjTCvtpANU2FWjFCzAoe6FSjxcwhAx3nV1FHKhzSW24PsNMkkIT1qoPuzUBrYGg5JI2TUAz7I4kjEwU/lSeQ71tkJCC7bYksSRE1zWhY2gNLZ+Yx+zNR2ClojDTUSqfXYAuupTszuCyGwZx6TVb8OB39uP0vikYURNrL+3CBVevw/5bjuLMgTmY8QiYQs9K1kwiYhIZAtFUDMI2oX0Fd3456NzUYazb2jU1cyb/+mNfcY/2v3eD/vrOTwWPE2zoUV8vI7A2Ns5Onj61tzyW27N477Eidu+uTwmfoDzlxysJHyM1rZmwnmvYq5FdoIHhYTObWk6R0F9u7Uz2eieMZvfgVGA0J40gW4LKVwAiaCcgIUP1TikFIjGLxx6couaGGL3i/Zfinn99CPnDszgBwDQkht59KZq6Mnzbv91Hk3ccRXJTO1pfvhrBQgULB2ehpGC/5JKOCFiX9UIkDKiCA4zlKb6xBRRoFA/NIL6pDdWzS1CehvYUWGtQoIkDfW5H75F6MOyjgMUKkwskCEG5xGsu2oJNb9xGZ4OzUEcc/OPOT5Bob4UgI1SjMgiIxqADBV/XCK2BhnaruOH33o2+1b1cqjj4wv/6NF1+3cv52re8luZn5/Dpj32Ci4EiXi5g06UX8auHX4dtF25FYIDPHjmFm//9W7R3/wgLo5EMx8e7//gD3NDWQvNnJ/nbn/kq3vmHH8GW7ZfQ/NwcH7t/H/7zq99Az9pVdMP7384dzW0oVwN86XP/isMP7iPZ0hL28A3FDJ8EMYvQnZXgB/zrH/2v1LluNarlMv+/j/0DVYpVrL1wPd56wxuZfabv7PouEukE/+r730OmIXjsxGm67Rs/4AMHD5KMJkl7AetAEYV9RKiKdy4iCcsgrTjM9MAgg5gViGoSQit7kKEwIrEwZdjjMwwm1yOjIYYgX0U0E0PjNRuoOr0ML1tBUHVJnc5y40vXUsN1mzF3035UDs8h3tcEXfJQnVxCkCuj68IuDL33Si5UqnTrl+/H+KEZJOIWtrx8HdZd3Im7vroXUxMFWE0J6KoPloJJSMiIAJmSA9ejTGsLqrqK+QdPqOY1zbJnS3v56OGJd87efvTw4I2D5sjOXd7jFYE1LqPCeUvMR/7sG2MAxncAtPMJtk5+2QMWn8ee58cqCX8qWO3YQdi5k3+iFscokbf1q7/3K37U+vXgjgd+p/+irv9x+sen1gUlV4l4RCqikG9ANa6MDDuOZsREIm7i0P3jkAkTr/lvV+Ghrx3EifvHcEwI5JcruOY1m6lvTRe+8ak7kD04AyiNjpesQdebt2Hs2/vJbk5BdyaRuu4CVCeyKH72HmCuCvdMDkZHmmPrW0hYAnZ7EpUzOch4+HRkf6VnQo+cn5VJIZiZNUELQITBVedL9JI3voyrMQ82Sdz81Zs5WC6TjIUSyVAK8GvETtsMBfYChrQMBLkqStk8XvvRD9KUnuW+S/pw1barMIccXoqX8s3f/D4O3nQP3vSRd+PGj3+YSJqYPTvOUdPGdRe9Aa9/++uw49f/O932ox+Bqx7ilo1f+dV34Uz1JN70/rchEYui6Ae8OX0xXTd8HV81/Cqs2rIakUSEFAAHLv7367bjd679AI4cPw6YEoHSUAgQaJ+0IIZhQOUL1N3bya9882vJKRb43//mn1GpuliaWcRrhq9DNJnkLa/ZTuv6V7ELnyOI0LZXbePXv//N9D/fvwN3fP92yEiMVKCgfAW5Ut6q0H2VRCgXHZ46AVaaWCmQIZlr01vWHDpxA2RELVYVj8g2yGyKwp1ZRu+vXIbotk4snJhBclMTknYK83vPcvHAWWq6qB9T3zsERCxktnbCXSjBy5Wg8lX0XbUag9dvweR4lo4+cBbzx+fR3J7iy67bQA3tadz26fsxO1VApDkO5SqQbUAYkrSvQGaohCu0wNToKQRLJRVtiMlVm7ud4rLz3tnbj+4evHHQfKItkt0ABnYMm6PnB7Was/ZOgn4hVlMvNHkZveF9VybW/+71zT+Vrp5HbcB59vaPl60ZJqVs7a3OF7SflPTmlrXNsxYrGczllTAEVkThakUY60AjFCXSsGIRHL57DMcfmsDQBy7HljdsRHbfBCbPLuCrX7kfTpTxpo9eh8ZVGRT3T+HUt/ajML2EzMtWI7a9B5ELe9G1/WKsecdrIC7tASUsUCaKYKFMfraM9KZ2BGUXbAhoJwjpAYFeGb+H/Zja8CnMrkDnCE9cC2aGiZa1LVT2C8x+wBNHzhLFbUBpkB8gk0lx55oebutu5qZUAq0tLYgYMpz8WRaOPHQI0+VJXlxeoP41ffjXT34Kf/8bH8NXvvQVnDhwmFZfsQ3v/tvf5pKs4KbPfQ2/efU7ceNL3k577ribFmWJ37fzg5yIpZgl88TxMZpS44AJuu/We+h1a19O79n6ejz849046Z/GxssH6Jv/78t4y+ZX4xPv/wuUczl2bI/f9oFfBbtuOFRQoAABPPLDIFL7iE9PTtGMmuHFwsK5S1JYWsLxsRM44Z6h3u4u/O8//mt688ZX4yNvej9mJqcobxT4PR98L7O34potar20AASClY7SShIrTBmSXQFYcQvRthRICkKtJJYxK6Rj+AoqUEQxCwyGO7mE3ndfgcy1m3D2tgOolD3Mj2WxfmgrPvCVndT82i2YuPMQRMIG5avwppZRengcqY4UX/HH16D/jVswkSvh8INjmN83iU2XrMdb/+g6Snc14ebP3If5hQqMmAVpSZgxE8IOJ7zh8WDIiEEiZiCYzqlUW0JuvXr9klsJhke/+uDXn0ywCpOA3cHmUahLP3xt6rw7jV/IxNEXnB7WsZ57y0L7Jr5W2yCvDc6GduwwAGAIQwLDP2O7vKbUWXjg2L+V9py4Mer4hx766kOHYybe3rGupWxGpGQv0CJiYeUJyjUCqFNwEHjhNEyQwJF7JnDXVx/GwKvX4Ip3X4DS0Xksncrh+9/ah9Gj07jqv74KXddsgFooIfu9Ua4cnoPd1YJIexN7RZ9lews6PvQKyFWN4IBBCYu9hTKq2SK45vzMgYYu+9BOOMUKGyrENbVOrCic0or7tNbMWjMEwU5IBMohDSblKOZAgzTA+RJf+rJL6UN/8tv0J5/+I3z81r/DP931T3j7b7wZeiEPEMGyTThBBamGJH/vU9/gz33kk7jz23fg7z/ycThTeVz15qu5hAKCcoAv/c0/s8qV4IwtY9fnv8qB8inRlcDmiwYIZY9MywRqDfVd//hlBJpRXsrh8N0HOGEmaDY7g//89NeRny/ge9/9Aean5qChYCVFje+kEe5REwJwuOVUoyRISWCpagY24bRCWgYsQyJjN/Cdt97Ju/7u85z3A9z/vTt5/wP72YCAtJlkLAKtw8+TvdCPUfkBlOtDGJJl+B9ICrbTUY40xlmYYVvXSkcgTAkzGYEVMSEiBpKrm2G3JxHtTnN8ayf63nMljn/9AXA8DmUwBodfhbe+6noOUMV/+Zs/QcvaDpgNMVQPz6B4cAKx1c246PdfSaUGC6eOzeHAdw9jce84tr1mAC9574V86uFT+MZf346FuQpMy4AONGtPId6RBisFTSF7QvuatefDyxZU+6Z2ue6Svkmv4Fx/4D/uu+Xy4cujTypYhfcV7dq1Sy2XLd72e9fEwaChHUPGzxAleN6ZBi+8KeFO6KO4ZQafqBFF/+C61upvOHxs9o6mvvcMTZdmNpSx6zPqCUpLnPr/vnsYwGEAGBgesEZ3jd618aVrf2XNhvZdZ0ZnLLcUaCIIskxSgWIzYgAsWEYMMg2BQAHK8zExuoDcYgmXvmUrXvKei3Hvv+9F0VMY9QO0Vzqx/R2XcdOGdjry7X0o7h2Hl3fZuKCLzNY0l8eXUL7tMFD2wj03DahcGdWxZbab4+QvVkEGIdachEEClYUS/IoGMRMLwcI2iL3gHAmxxmcID0jZQ25+ARGVZoeqZGZMIsXQrIHGJN36rVtw67/+B1/8+iG878sfwTznsbiQq+0uakAxK9bECFAulCGTBozWJmjF5Ks8923uRcA+GSbwe3//J+QWfZjCRPuGbggJbpCN1NCYAAJAKR8aPlynCrIkKGoDSpE0BBQCOEEVIm6C3ChkRMJzHXhwyZeqRuYMf0cFBQmqCZ2GY3spDJaQFBBYhCQ0wGfylQ+FANW5AoQlYJoG/ESEPd+HA4+qCEImZChzGk5da7wwHdIgzvkBSksCguCWXPLLHoyoAWEbCCplGJaESJiIr26EW6jCyZZgRE1KXtSHku8j1p5BaWIJKseQzQn88OgI6ahGpC+Npm19GN/xdQgysOV9L0PfW7fCI8Lc/acwf8cRyEUPN/zBG9Hx8i7c/De30rE7TsFqzcDQHryyCxExyc1XEetIIdqSRnWhhMDzWRgCwVJZtfY0yNUX90wsji+85djt2/Ze+QYrdu/AveUn1ROuZVFD7xmKnErbwbE9yz5uGBatAB8ewFPhX/Evd8A6r5nOf87c85rNXs+vXPUrDf3d106NnPzf07tHHnwMasPjfCQhLWB016g3ODhojtw9ctOGq9b+5voLur544uEJ5ZQ8bcRs4VcDUlX/HNmPDMFB2UXgKSJFqCx6uOtfH8Zlw9vwtr++Dt/9n7djad80vEIFuVKZ1l+yDheubqHT392HxXtOk7dYBgmCdzoH7+RsSL50FLhQpcw1A2i9cjVNf3NvuF7jBEDEgF9wEVQ8cMULWdhKU3gzGVBesOIrH5axngKUxrH7jnDbq/up6Faw4eqteOib90CaBjgIIBNxqKoDBAp+4ECTAc/zQ1Z7WGGSEhpVroIkWCkNUpo0ATBNyqST7JPPlcUiEDMQS9nkqiomp0/T0cOHQC7zvgcOAoZE4Prkwkeg/dBCCgLQGq72uAqflAjVNBmADjQ0NHlwAbP2UTNxmAmFlrPKV7yybCykgA/FDHVOnRMMKMHswQFZBE06VC0mkIDgChwukUcidEYK9bgITIYIx7Eq1NgKfMVGxIRWTHADaMeHqnisiEjaCtGGGJyFMoQtUZ4rIr2tCzLQKI6cZLmpkzKXbENlXxa5fWOIr2rFoW/uRu51l+BNL3sVvvmf38KZr9yNVG8Ttv72y7D5FRdi/PhZTN9yDPNfuAfdbb340L//GuZji/jan30XUwfnYbZnarQFzSuiiGQbnDuepUhDDABDmoL8mbzq2NQhuwbapo/umRrOHTj78NoPK/Pe2Ysq2Ak9eOOgWV2q0uiu0cdsuA/eeH1Mr0ptr+RKJxFbnkdhwsTu+wMA2BXee+oFGhdesAErfAL++Z9T37FyRfn+dENby1q9rrp6/+duGhn89I3myG99xn/C1zjPC21kZMSvTUW+tPbC/ua+DW2fOHloRvklR5uNCaG9gAmANASUF5p1CilhRMMlYcMyMPKDI7jsTVvwlr94Le74+7t5au8UBRUf+xar6L5yI6753B9i/6e/hyP/5yaUdu2DaIkj0tuIpo5WLjrL1Pe+q+EdnMaZf7sHwjaR7MnAny9BWgSrMYpowoKdtFCeLSLwNZMhqTi1DLIls6rtLUqCVhpIRbHnW/fTFR+8Gl5cYeubL0LfFzdg7L6jED2NoNqIPggF9JiFIrCuSQugpsvOCJ3sQ84Xax2u3FQdnstm0a/TIFfhf7z5D8DVKiNq07k1mIIidDXUZIw1+/BIixUHnZAdb5BJgEKgdW1zpraFRIzQP/uRBW+qdaiICCRWKPNhCAvfqw6zx9ryNytd47GK8wYV4c+gR3jg4Xs9xwlByMGv/au0DGgvYDIkqaoPUhqRpgTpqot4dwNMQ7Lv5CBlGG0rZxZBgULjVRto1VsHmbM56l27Dt4FUyhUK0hsWgNzpoQv/MbHUD48gYaLetFz3QCS67sxdTCLo//5MM7etR8Xv+xy/PZfvQPf23MPf/+vbiVvKYDVkghLwEATQCQsAWEaDCISBnPg+CRjNpz55aB/S6fRPdCRm5pc+pXcgbMPARAnG0/6+IeTDAAjxxJ88fbWqwb/ePX0yF/ddPQck732p9fI7ZG4/ZaI0rtL41M3TX5mpPp8ZUwv+h7WT04G+9/73uDB3/qX7z341Vv+YHLv0XuxbbEycuNngsfgkTwhdu/cHQwMD1gn9539ZKHif6RjfYuUYPKLVSVjFsEQpAMN1wklks24AWlJtuM2tGIWmnDPfxzAQz8+iZd99OU09OEroaaXUTk6h7Pf24czdx7CZX/9Lmz91odgtMRJzxSgF6soO1UyOjOY+Jd7cPrz90Cko+h//TbEexoRbU2AhOSFw7Moji2iOLmM0nyRg3wFqdY4Io1RcMAkDQppD6EuN0srgmK2hLs+fjO6GltRllX85uc/hIvffAX0Qgn+fI71okOZjiaqBA7BD2WcoWu9Mdbs+w5Y6TBmEIF8DvcBfUX3fGs32SJCqhX0Xz7+IZLSwoozq5VM88BV29lAjcVuairpIkq6CCFqqzuKwQahpB34qrZT6QWgQMP1fFTYA0xA2CYQKGIQFXUZOtAwYXAoyaDDTQLtw4MbkjkVg1WAqleBwy4MiFDHpzZAiUobgdbschlWqE/GkIJDEmtIlGIVLqOHE2JB8BXsuIloZxqGLbjtkl4k25OcOzpDRsImDhRntrahebAbm/7rK9H2ju2Y/s7DdOCfv49SIo/oJb0w+5swd9teHPm9L6B8bBpbPvByvPqDb4BsTSFfNXDooUN89thx/O4Hfxv//LWP4ccHH8K3dv6AhBmFIEJQcELrtRoZl4QEB5p0xUOkM0Wtg33wssuqZ0OLseqS/vnx0ws3nFnOjwz8xtDqwQ9eN7h57Kquc5XF7t0BGfKkLojCo4rDWhlo5Wh28tYDf4Js9Ud+pdF6MXEujRdgbvWoTfHdO3cGAJD6/vitIyMjwSOD15+PcTu6a9QbGBiwRg+PfrJ3W3epd2PbpydOzEtneklZTQmpgprtYLgqQ8pX4ErYV2HFsAyJ8QensDRZwFXvuQTv3b4at/zNjzCx9yz2NN6OhaUZvOTX34A1P9iK3b/7KSx9+2H2K1WyjphwZ5chTQOR1iRKuRICBOwtlKGIiASxu+ySm6syTEGBp3n+8AwaVjVBMMH3FSuhV2zCSDPDbEvj7q/eBTMq8NqdN0D0mnjXV38br7zzNGYPjlOqpwXdr1gHmIQmsxHucjVcomOGCgIybQmSEiYo3C8MFLQXQKTjuP8bd+HK61+KjW++EBe/7yrs3NBHZ+85AkrYuPL1QxQcX+L3v+1GhpQkIsQQCnYk7KPBC5eFhSFAQsKOWuGyJDMp32dtaQIRR1I1V5lAsVYKUWGTsCV4ZWE5UCSEhBQmsSQOtAYMgvYVG5YgIsGGCLllJCkMfFENCM2RJoMFgaCYhC3ARNCuD4Fada00lK/JsCSspIWGlgTnxpeoPJmnWGMMpZkCmakoGIAzuURtl/WjfWg9Jh46jdnvH4bsTsOutmM+cxLZPWMofP8QYokErv+N10FfsxpeMoa9s2PsLDp0Ytc3kXQJX9r5t5weaqT3f/4TOPTF/RxLpcgvOyHDhhkyJpk9TSHni0g5GlZzDEHBwfz4qWDjtk4j3ZqYPXV0/q3jHcaehtPRaKy1ocsgvYlEpHHoPUPZ3f+22wGAkY/fNP4YWRMB4JHP3FQBgBmMVJ5Oy+b5CA8vPKb7zseePMzMzDwuL2THjh1i9+7dT/oCZrNZNTAwYJ08dGpP94a2/bF05PVOxbfdpWpgJmwhjNA8wbANCCkocAOQEBCGDP8Ew1l2MH14nkWLTe/46NshysDJmx7G8lIRZw+dwtqLNmDLu65FZkM3Lew+hKqhkb5kFagjifIPj7GzWCGZjFCsKUqWIeDMF0kzgQwJCEFkSmgvoIbuDHwv1LjSngIH4R4Z67D/JQwDZ+46hhM/PoYGikNECOmBFvRetR6N/c2ozJUxcddpfOMvvoI9tzxIZNnEhSpd9LorecOWjVRdqFDEj/J9N98LkYkS19yOWRAe+u79bLhMsUwKLdvasOrqtejdtgbzZ2bx+b/8LGZmF0kYBl/7njchHU9SrBxHfr7ER+/bS2Yshle+/bWwohYMx8TJh4/TzOgZdKzpwatffx35Sy71yFYc2n8YC2fn6Lr3vhHN7R2ULpmYOjmOQw8coFhTA7/l194KMiQZJWDfXSO0ODbLGy7eTK+85hq4xSrFPIvu+tE9cAplpBsz/Np3vo6cioOEl6Dp4xMYHz3FZjJOyvXD8rc2vDCiFoEZia40yPUhbYsoasFZKMFzAmgieIUquOLyxndthyUFnf7OPhSOZZG5qB+mIVEZncPiD0bhPjzJg6/aTtd84h3Q61M4sTiHSkA4cds+mr/1QR6+7Dr67P/4GD20apL+6OP/hPF7Z2CxQX7FhXYDJlMSGQbYD4ikADHIMA2QabA3tQR/vqjWXtBpJNPRsf0/PnNDQ8/Aw+32Mlb7Hd6y62SLucoJMxrhIBGxp+8/sXRe9fHo+2h4WGJ0lB+H6f68Tf5+Hnb5CwKDNw6aomPtqvKoPju663EZuk+7mb/yRW166K2+pPeVpiG/Nj9VaFyaLQZ2U9yQcQskBAuDIGyDlBPu1ZEhIY2QvGUmbQQWof8lq/gN73sdKg/M0hf/6z9julhE8j2Xc/OFq2j9xZvQaER57PZjOPytH5HjV9C8pgP5vWfgzBQRaYmieV0rpK+wfCaHxZMLNQspA7rsoG1zO2TMwszJRaS6MijPF6EDZjKIdC2TYQbgeEAQwG5IIt3TAGkb7JVdKszk4S+XwmlcPHrOmDSairLyfLCvISMWXNcnETXD8jDQIEtCB4qxkCejKcWNPU1k2AbcoseLJ6dDp5x0HORrRKMmVDUI9cnjBjkVL1Sc0QylNYuIBSEEuRUXlpQQhmDlBxSJWhyQoGqlyol0HJ7jwxICmhnVQJEUAhbAnu9DSgmtmYKAEUtFmH0dGsISk28Qa0+TZLBBBFf5MIUBKSVVXS/UK9OhsgXXdjc5CML9uUBTLBOFbIwikYlhbu8kYEjoxSK3DrTTRe9+KS9MztPo9w/BbEqAmmLw50qoHJ0FIhLdqzvxmg9ez9FXdNP373wIhYUSxLKH+TsOoi/Thk/8j7/il192GT7w0Cfojt17UL57FnqxAu37ADOCpQrLmE267LEuOkRCwIhakIZgZ24ZXHGDjUNrzHjEfmDkgTPvpMXiqd6reiNju8ec88/zwAeHElErkhz5xC2zj9mLGhoy+q6GMbYzzMBerHh+A9bQkIHdu8+J0G74gzck04nI9r5DfNeuXc+CtMXQkNEHGPHWrF6ZoAwODpojIyN+97q2Sxs7k19ZWqyunjg668O2DKshRkbEZDtpk1IaKtAwbQkrFYHreJAxEzIdQdVx0Lqpk1/1rteS5Wje98930r277oSOx9H2m1dh/Rsu5bZ0mihbxt5PfhsLY7OwOhNQrgb5Grl7z6BpbTO3rm6gfLaC2f3TUCWHRdwmaEbvYA9yM0VoIpZJm/yiB2epDDIk2A9gxS2QacAveWCDoIrVR47sCjGSCVrpcN2Ea83omvJD2P+hmuBcTUFChrpbZIqQyOkHYctTABSzIUBQqBFeWQE1lQT4NS0pohUlzrDvtjLhq7WcanpeoeZWEGpniUSEZVTAzzsgFY4ymTWTQYSahrqViIC1Ckn/pgFvqQo4KpSvCd9PqARa07oiKRkaREJAuz7gBhCpcMCR7mtEpCGCTGsaJ+47A2+xBDdbBIhxwQ2DaOpvxv7vH0JxvoRYewqVXBneXBFgjejaZmx8x5VYfeUGzCwv4MSeU7CaIqg8MI6lu0fxq299B/5ux8dwTE3z/7rtc3THbSNI5AkibqF0cAaSCcoN7bxICnhT+dDMA6GtGReq2rANbL5qjSDWt+77/qFfY+Ys1eTfH/NBPDws17YXjZP/cLP7U0d/x5AxlYvKx/q3esB6khgYHrBGvzbqP2fM2sFBc22LjCqTome++8Dc+X+PkRE/0hDpXbO5a1e54F46cXohUD5LozFOdkMMseY43IILdlzITBQyEwErHd5rMQvlbAEiZnDfqwZo3ZUbEEyVcN+ffR3L2SKSQxthX9yK3m3rsHb9Kizdtx+H/+0uTO+fYpI2UcSALrkwpeDurW3Us7kd2dOLOP7AeKirFbXQsrkDdsRkr+rBTkRQLjhUWiwj3pJAvCWJ5aPzKOfKsDJR+NUad0vVFBZYg1f0msJ94JVeFtVoHFixug//PRTmM6IWtKdr8zvGI2p3CJn4tqztNgpQuENck5rimtqBCKVk3OAR6RVTgr3QxZkFzpmyQhJkxGQEmpRfEw80ayJ1HE4RRTRcllYVD9KQ0F7ALAWx0rCTdii34yh484VQaA8IVUlrWaNIWGje2IKmroZwglr2ODe5RPnZIgfLFYIpsXprFzZevQHjx+ZwfN8EYu0ZBEUHlYUC9LKDRGMSfTdcgJ63XYZc4GL8zkMoThagJgtwjk0gWgI+9em/xeCrLsZH//MfcffoMQiKwJ2uwF0oIpKKwZ9YQlByQYGGmYnCX6yAvQDaVeBSFVx2Vaa3Ua5e2wQp5Ccfumn/fx8aHjLOzp8NapnV0+ktEYaHBXbtUtgBcZ6mez1gPRNN92dhKqp/Rj9PAUitubjnH2XUfNf0mZwuZcswW9Mi2p7kSMwiK2LAbouj6vgozhQQBBp+wQklSUAIfA00Wdg2PIj+C3tw9F/vx7Fd+yCa4kgPreHEhjbq6EhisK0Jc4USHviXezB19xhgyFCBYbmCWMLEqot70NLbiOX5Ao7ee5arSw4oHaFkaxKRpMUwJEWb4uzkSrR0MgdWDL8YmisYjfEa8dELV3Fq0i4kCMKUrH1NZFCo+0QE9oMw86JQQJC1hh23EWmJwS16cLJlnDNUIKwICzKDaUVFlVY4T1ETZApwNQAIkBETIECVPNT6M4/ofSnN7CsiK6SO2PEI/KIDv+KFooha1+SmQwliMogN2yBJxE7BoRXFU2aGlbDDXUEpUJkvQiuGsA0wGKnWBJLxCBJtCQhToHA2h9nTCwiWKgBJRFoSWHdBN9rWtaBacXH0oTEsTuWx0nQPliuwLQt9b7yYt3zoasov5XH0rmNYPjwBXfbhLFTAe87iVa9/GXZ88vdx0DmDP/ubz/DimIP0Rf3klh2IeBSV43OIR6OgQCOYyoeO4QAHJY8YgJpeAi+WVOeWTtm7tjm/MLn84ZN7znyRmalGy/jZwaXmJvVTpNFH31MrO7j6JwLck2ukP8/6WC9a15xnawhBBMUMdG/p/rOm1vhfzE3kMXtiXsmWpLRaU2ha1YhIMoKZE/Mgy0RlfBHUHIOI2xCBBkFABwwvV0Lz5b1Y9/aLwIencfRf7kP+VA7mmlbEL+pEalUTLnnZZlBQxdSDZzH+g6OY2jcBxKMhybLqI5q2sf6SHrR3Zzg/U8DUqQVMnlqklaVmIx0Ngw4zWje0IggYlXwVbskJTXl0KKcCKSCiVm1oAESaY6jMFEOHYaNWvnFN7kYrgIFEawIbXrUeo7cfh5NzQj4UhyJPFBJbmWuihYiE8rxkSyBhgaQBNgVIMlAKwNXQKVnYErrk1VxgNOBrCEmAr0Epg1/2h6+lhYfOYv/n74NIRcNMLGKEfcOogWCxEgryifD3IiEYRri5Li0BN2ShQ0iCZQr0Xd6HWEMcBjHyZxYxd3YJy4sVqHwVMAXaVjehf0snp1tTyC9W6OTBKeROzgO2CbMhDr9QgRm3sO4V27D1g69HtiuO8Yf2Yv7eE1BncwjGcnBPzKOrswlv/OjrcNXAFfjsF76OH95yN8iPof3t21HWHlrW96JvYy/O3L4fc5NZBFN5WKaAXiwjcAOwx/BPZgHlB2su7jEy6dip8TOF92YPnL67thcYPIWpnBjaMSR242qN0VHC47dWnrVJ3+XDl0fvR4+HZ6GtUw9Yj3FNhochdu2C6t3aNdzQnvxsLltOTxyaDWAZRrSv6ZyrtL9YBK1qAmwBcmtjfE3wi1WgGkB5PoyEhQvfsBmt/RnM7ZnAoa/shZt3YG5uh9meRLothXXb+7C5PYXcyDhu/+Y+LI4vh0J6lgF2fJa2pP6Nrehf3wLDMlHJV3Dq0CymTy2EJZVpAIFGZk0zMqsaoVmjOLGMcrYEMg0oXyHwfISMS42GrZ1wF6uozhUA22AKAhKGAaU1WGlIQ0KVqlh11To2ogad2H0qDDahaB+LhE1c9hgGheYakZrKZ8SElgDFI6CICUkAfA1VcGocTgWu1FjvKxb0BNhxC9Vymd/2e29FpVSku//tx7w8uUxkGyDLhIJG++Z2WFpifPexsPe1oicftWFYBqykgYaeBmQ60jAtAd8J4JccFKYLyI7locouYAjEGmLoWtWI1Zs6UCw7PDdTwOxYjspLFZgtCZAKddhFwOh62QDW/NrLQWsbcHbfWSzfdwrV8Tm4Z7JwJ3MwXIWr33Ultr/nUpz60TF8819/jGDZgZVJAQ1RxK5bj4ZNXXjz625Au2HjgYlR/Ojbd6L4nX0wLAErHUGQq6B8zxmWgB4YWicNiR/uveXY++C6YwNv22Q9Hlv9Ce7nc5nVtj9+0zpTQiXuXhrbvXt3MHjjjebI0pJ+NoLJCi56yxV9vqWdQ199YO6ZDoyyHp8eg6s1Ch4aGjIOPHjwkEzEb2lqjw019TS0Ls0VAq9YFWQa4KgZ+v11JSAbEpDtUbjjS6GeecEDaw0pBdSyi+kDM1g8s4TWS3vR/fJ1iJgGFvZMwJ8vI1AK1aKDXL6Evs1deNOvXs4NvTHyyy7nJvKAALEUWJpcxpn908jOFJFMx3jL5X3UtbYZrZ0ZuL5CpVCFky0gf2YJlWwZ2vFhxSxk+jPc0NdALWuaEW2OAbYJDSDRnQZsE8r1qeNNF8K0DK4cmSURsaHLJUAayM8VKdWTQXm+BOUGIFMyMYidoNbkBnEQBrhIWwZ+1QM3mGh/yyDsy3pRTjGbZoSCxRIQBCFx1VeAQii5rDXsiAEjasI5u4iNL10Dx6lgfHSG3KkCWANWxGA7alBTf1PIzVIKzf0NaNvagZ6Lu9G+qRmZ3hQy7XFEoiaK00VkTy9i5vAsskfmUJovg5VCS38j1lzYgZ4NbXA8heN7J3DqyCyWZoskLAPSNiAUgzwfLS/biHUffi363vUSFGzg+J2HMfP5u1CdWUTl1DzU7DK2Xb0J7/s/b0dzRxqf++g3MHLnESafyEpEWUcN4ooLJEy0vPwCdCXimA9ymMktYfyuA7CkBckMXXZQfmBMpVuSYuOVq4Qk/Zm93z7w3h2+vzh1/xetY9855v3cyQYzDVy9K97+mm2/I2LWa6YmJ0aWjk0XZ1aPALtGn7WSbmhoyKhWi6xi1WJ2NPuMB8V6wHocjI2NaQxDFn+0PD03U/nP5q7kxpb1bRsdV/nViSUhhCTZEENkfRva33sF2t98ObQhQiuwmWWw40NYJrgasJCCKrNFTB6YQZU1Wra2Y9X2HqiSg6V9UyjOFFHVhNPTyyhWHbr4gk689VevpI2b28ituMhO5qCqHihqQzEwdXQWR/aMU26hjGjUxPqLu7H54n7YCRvlqgcnX0FQduAVfRSzZSovVlFZKHNQ9SnamoSwDRhpG5oZ3vwy1vzRryFzyXrMfPMeirQlcf2fvxcT+87AL1fhekHN/YeZfU0rk0RpS5KZKOJrmpFc34bymQWIzjRSr78Q773xA/zeC15Lxb4YTk+OE6bKMFY3A/NlsK8gLQPsKuh8BR1XrUF5ugB/ModtrxzA+IlZim1o4f5NnbTh1ZuQWt1Ase4E4jEbrS0xpPoaEE+YKOcrKC5UkBvP8dKZPGaPZGl+3wwKU3k4y1UQETr6G9C7sRUda5rQ3pPh2fE8Hd83iVy2BDZl6BJkEJQfINOaRPO6Jmx610tgDl+KuaLLU3tP0+QDx7m07yy5i0WoY1l09DbgFX/4Sqy/chVGvrsX3/y/P4SWApZlknZrFJOoSdoNoHyGuaEd0Y1tOJafwuKtR5A/NQMZsVA5PAVn74Tq2NotNwz2LKuK95GHv7X/4zd++kb/f29/A+dO5oKndYB37kRvcy97LZhz8s64ztLYwtEzVYw+yjiVno37ZmP/xmDP9/f4z8Z9WS8JnwjDkLQLigGr94rVX2hZ0/z2ibGcnj80BwSKki9bR6v/4DoYa1uRPTuN7Gfuhr93CqrkQICgw3WYlYY1s9ZkxQx0XhhmCGqpjFM3H+e50VmihjgaLuzEps3t6O9I49KL+9HWHMfSfAXf2/Ugfvzdw1ieLwEROxSiExTKpvgBmrsbsWpjK1raEoilYliYzOP00VmeGs+TKjkh7UAzYEukuhtgZSJwyj7KU0vc84YracPvvhEjf/o51oUiXfqB16J0ZBaj37iPS/NFiqSjMFNRgBjVuWJIqsyWGKwJtgGjKYkgCIAL2nDJh97Cf/ma/0IbdQYHxAy/64s7KP+N/WjZugruYh7FPWfAEwWg6qP9paugih6y+6fZEoxX/9YrcdsXf4yL3ns55vZM0NLxeWgQsyFIeYqVG5BX8cOeGNeoEr4PQEA0xtDRnUF7WxJ2zERXfytcz8WZ43M4e2IexYIHYUhIW8Kv+kChgtS6VnStakXrmmbwmkbYPW3ILjoYPzYJr+giKFTh7BsD/AAb1nZg85u3IrOqCYd/OIoD3zmIaraKSFMCDI3ADbWqZNQERyRgGZDJCCLbuiF7MlCFPOLtrQjmS5j/6gMqEjCtuahbxJORPQtnl3779O2H9gwMD1vPBf/w8ZrpQ3feKZ6U3V59SviCh6itjnLvS/v/KLOm9a+WFWjqgQk/mMiZVl8joq/YAFUNUL3nFCgVAVd86KVq2EiwjNBZpmZhz1UP0BpWQxRdF7eje3svls4s4swdJ1DOVmEkbaTWNCLZFENvTxOvbkzQJdt7UXYD3PntfRi59zR8xViaL4eeeSsedTU/wKbmOFatb0NHdxqB1iiUPBSWqliYK2J+ehmq7IcN9JgBmYqwWi6R1ZAMzUBTFny3AuQDGNEItFbou6QX0wenEetOIZ6yEe1Mcrq9hQpOFZXFItySQsJq4FyzQVe851r+2NZfQytH6bP5O/j7U/tp/o7jSDgOBt94FY79eD8b+2YoK6pYmprDwl1noZcq6LliFRKtSRy9/ShghGaj4WIiQt9Fxwv9GQ1isgxKJSNobUtxT08TNXemwG4Aw5Q8cTaL0yezWFoso7pcJYAgk5GwfVd2YMcs7lnTSlsuXQWzMw2diWCi4GBqbAnlUgCPGKLionRoEiLQWDvYh4tevQnRjIkTD5zF3i89jEoltJeHENBawUzYYIR6YDJigs3Qu1C0JkGZKEiCY+vaqLmpFSc/9QO/qTNtrl7fhmK28MlDd038Ja7qLw2goJ5iv+qZC1YA+t4zFGkLotaDX7q5gBewbX09YO3YIZ5gmnLuWg3tGJK7d+4Omrf1Xt91Qef/dSOyb+ZoVhVPZkkvlgWSEcimeEg5sgyg5CMoOzAb46y9gJQfrIyyw4mcF9pjmRkb/a9dh1VX9SM7MoPTN41iebYUNpejFoyEyU0tcVrT34yLB7uRzMTZcQNaWijhwD2ncfjBMbjlsKlOSRskRZjZBRpW1EBzewot7Sk0tCWhDIJb9VHKV5HPVZBfrKBSch8xCzVqTXRVW2GJmEh1JcGuQmF6OfQjjRuIdabARJCJCETcQvv69ZxPMDquG8T2zZeiUFrkPZN7yfSiVDgxg8L4DGhqCfasx5EgwOJYliqzBbAfgMseos0xVAsOUPJC/hUzRNREQ1OcbduiluYU0g0RtLRkEE3YIMnI50pcLrg0PrGIybEFOAUHCJgRNUiaRug5WPVgJi309bdh4yV9iLbaYCmwsOzg5LFZzJxdgjYNGLYFFoDyFaxcEf2XrcLG67Yi092EfV+/DyduP4bKVBGUisGQAipQoXqRFJCmDAUqRMhpk6kY2BCgqAmrvxHRljhKD0zo6tk5WnfVOlqzrv3M/JmF//7wF+752vCOYev0Tad5ZGTEfyEHinrAer5R46Zsed+rXudpb/745+966EkS6VYOVWf/1ev/NtGf+dWSC8zcdzpwC64U6RiJVAxQDF2sgmt+eIhbDF+RLrshBYD5nPMw+4oRKGq5oAOb3zCAdFcKlWwZR762DzOj84BhwIhbIEtw4CnKNMTR0pLAuo1t6F3XjJnZIvxiBXNHZnFwZAKVvAuYBkQiAmEaCBwPqPiAANtNCco0RJFsiKKlp4E1c6h5roFirgyfETbwCy78QCMIdOjlJwDtqJrOfG0QJQVQVYBFEBsa0fC6rcCGTkTXdKK0mIfKLkM7LoQ2UP7BIei7T4VBOBEFyjXrr9pCeSRmItOeQixiwLYk1q5rR2M6zkxMqWgDT8zM0/JyETNTeUxOLCK/VEZQ9hlKESwjnNAi7EdBMWREoqM9hY3benHBFWuBZAz7R8dx5ugUirkKlqaXoao+hGEg8BSwVEZqQwtWv2I9urb3Ir9QwolbjmLh5Bx0tgpETAjbqJkfhiRZYRqhrRuH5GEZMaADDUpYYBBE1AQlLFQfHg9k0ja2vGIjOjoavnzogYm/nvzB8vFrP7wWN//DzV49SNUD1pPGwPBLeh1bO6e/eN/8Ez7hhiEHUq9Oj+5bLNLeh33WjPbtXe9OtKf/UmTiPXOj87x8cIZFOiZEczIcpfthySZiVkhk1BpqqQJ2/Ud+kgaINNgLy8bO7V286foBWtWXwfKZBRy9fxJnHppAZbGCSCaGAIDSGtpXiCUj6Fvfgq7uBgxu74Zb9jB1aglH909g/OQC8otlAAIUMyGFDLWoagvOCEJDg2RTDLF0FGbUgBU1kWqMwzAI8agN5QbQDFasSWhm+ArVqk9KA4XlcD0ozwFSW7qwcCoLIxYHXI1SNgdzdSu82QLs1iTiV65F0gHk0hLiiuHmyjCrHhpSEQgFhtbESiM7U4DvKzgFh3Mzy1SueAyDAF8RYjaMiAmj5nSjmRE4PlBxgaiFTFMc7b1NWH9xD7pWNyOTimJ6sYC9I+OYOLsAv+jBX3bhFp3wewIFmAYSfRmsu3Y9Oi/uQm62iBM/OI6F0fmatpaoeUbWpLQNAYQahURShsx9AEISjJgFkYoiqLjQnoI/v6xR9rDhVZtE66qmBZJyx11/d/O/d1w/qC5Y1aLOBavhYbm5eWm9Krj5o1/68cyLOJbwwPCwtRlQ563W/Wzl03rAepbKxp079SUffcvLtGZ75K++eVvf0FDk0tZWf9euXQrRaNeqoVV/GrGN3yovOTS5dyLQnibRmJQr7G+zIQ5VrIa+fWUX7AbnXf0VTTmES8daw4haaOnNYODqfnStawU04/i9Z3H0jhMozJehlYaVjMCI2/AcD8KSSLcm0dObwfaXrkMmE4WlBabPLuLhe05g4mQWuYVyGCiJQp6XKcMla4R+d0rrmhmGgoiakIbkVEOM/JILPwgQSdqIRkzE4xYsy4AVMZDsTGP/PcfhChN2Mpxitg50Ij+dg19yoS0DqqJAzTG0re+He+AUdL4Cr+yiWnAQlD0EvmYEQXg1ZG1wXdOFsuIRMADP9UAGgZfdsHSNGIhGLDQ0x7B2oAvt69tBFsGIW3DdANOnszixbwLlig/fCQAngF/xzq0JNfQ3omVdM1LrmmC2xrE8toTJu8+iMFkApBmW9AKhLZoK9x+ppi5NNQMLMgTINmHHLMCQUIaAMATc2WXWhapq6G8y1l3ej6auzJcmRrOfOHTr0eOXvvNSRBurlZq9FlYC1ra2fC/yKB/44m3zz2Rv6mnHh0dY8T/xoB+wRneN+vgJpvzgjYPmSMeIerZWfn4ZAtYTfbBP5glAAPiC33ldVybVvHj2zjuBTCYy9u39eQxDYlcoKdu0oe3lja3JvzHi9uDU8SwKYzmFeFTIhhiBKAxUqnZOw2VgJoMoFNKs7epphoxKCNNgv+wRLInGVRmsuagD/QPtsITAwtgSJo5lMblvGqVsGZoBmbBgp6NhyWUAMdtEZ18julc3Y9WqVlhVH6fOzGFptoiJ04uoFh2Uiw4qZZ+1ECQsEwwGawUyDFipGLQfIHB9GLYF7SuoIABqrHUYgqE0oegi0pdGw5ZOuJaBjvWtaGhIw8s5jJKPXFpT3E5g+p4xZEuLwNmlsIw0ZGjQwgRS6tyiog6CUCYaxNCaAA0jE0N3TwsaWhNo7W3k1WvaKZGwEUlFUHIdzM4WcGj/BFxPYWEmj1LRAanQxt6v+ghypVA8MGaheXUj+i7qRuuGVlTLHk4+eBazB+bg5xwgErpen7OFVABYhx5GYYhiBgiSQkFAU5KZsJFe3YzKXBGVqRz07LKy25Ny8ys3oaGz8Uyh4v3pQ/94+7f6hvr0pVdfqndhIMDOnbr2EOTHOXc/68w+132ux/x5w8PD8gkECp6V9/lLEbCGhobk7t3nDCOfgYwLAjtx/mGjwcFBo9Y4jfYP9v+mmYr8bnGx0r88s4xq2QuoIS6FIaGLDnFoixfeBVKE1vE6vDlI1BQRSEAa4Z6eDjSU5yPeFsfqS3vQP9COdHscDMLymRxO338Wk0eyXMpVSEsJI2rAjFow4jZgCc5k4pRORNDek0ImFUPABAkNAY3F6SJOHpqFEwRQBmDDQLnswHcVAhWWOs7ccnjz1koj2CaMVIS145EwJZIDbYht6kRldgkSQFlqKCm5pbeNPF1FZzmChvV9OPrjA8juOQmSErriQRddIAgAxweZAmQagFbcs6mTpCm5IRajtVu6cMEVq9DS24j5fBXaV5CaMT2ziGOj08gWHEycWURxMgfLNhBUwkxKOaE3o5mwEM9E0Le9Dz2b2lBZLCE7uYST+6bhFD1wMdTQJ1lTlWAOVSwQOirRyi1CAGtmSEFiZQoYMSEjBsgP4JzKagjmtVeslV2bO13N+Mf9d5/8VKHBLmy7bFXlwN/dVvmJ80eP8fXKg7PefP9lLgmHh4fl8cZKe9lSxZP/8LTGtk/0fYIIoSdLe3tLR6f132zb+LCz7KRyM0V4ngpgGZKEJEgKbwBRs0r1w4Y2nUfnC4NZOHw61+5SCsI2kO5KoO/yPqze1I5kJgo4PuYOTuH0g+OYOZNHcbEKSAGrIRZytphhx0xE4hE4gUKqKY7+gQ40ZqLYsr4FEiYK7ENIAfZCFYrWZBxzfgUL02UsHpnF7EQWfqDhaMb8mRwCk9F64SrY/Y2YG88i0tWA+OAqBHETftEBAh9mawqlIzPYPO+j++VbceuOr6AaaAg3QEvURiodQfeadiSaY7BMA5nGFJKZGBzlMaRBXR0NOHNqFrO5Ap8+MUvVQhW2Dvt+2VwRS1NFQDO8ohuWe14AOx1B54Y2dG3rRKo9welUBIu5Kh27+wzG9k8BTgCKmKAaWYVrxUu4bA2ABFhrrnXYa3I7YUAjI9Ra10FAcFzofEUDzC0bOuWal6yGHTV/MHZq6ePLRvxMW1r4whM8umv37DOR5Qz+7vXNyg9o3z/cnH2me0P1gPUCQ1hbX6+ewqY5AeAN77sy6SjTH/u3Jy18RhiCxO6aZlFrZltPR/L3iehtlWI1ujxXhO8qhVhEkGWGqzc17fIwSMnwxjEIwjTOUSB0oCCNmnOxDg0jAq1hJS10bWpH7+Y2XHRBO5KNUczNFTF+ZAHTh+Ywtn8SxcUKtF8rbGImZMyEGTEBg2Cmo0i2JtDX04SergZkOjKcziSpq6sZzXGJsbkshNmAk6emMFcscmW+QEGpirEzi8jnSlj9ik0YOzmHSmcC8Q1dCDRDNMbRd+FqzE/NoXh8Fu1XbcHCF36MSzp64MWBOz/xPSQzCVz/ju1obkxgZiwHXxGEbSJjSuSzFWTLeZ7KLpGsEBamlhA4PsjTcJaq8FVNrkZrGLEIEg1RxJMRtHen0bOuCW1dGbAiHD+ZxcJkHnNnc1icLkAXXZAUYX9KM/SK7yOvKONwWPbVtBHOM8UALAkSkjkICK7HOl9mMHOiLS1Xb+9DU0f6RLns/t2DX3nwPzpuHPTW9G24qDo2f2jkM7cv/8Rk+merLgwPyy0dTvOhv//uAmruNcPDw3KvNRa3GxtbolLynk987zR+tvJIPWD9kmafvPadl6aibMmDX7576Sl//zDESn8r3tOwOR6P/o5piXc5yxV7abrAWkMhHjFgGhCGPKdfBQ7t0VdUQYQgMFHY/6qZvgrLqGUDBPZ8kGkgHjfR2ptGpj2F7nUtnGyLkwBQmi9jeaGK6WNzOHt4GqXFau21KPwvZQFxE0hFkOlvRCYeg1Q+BBHSZhTN/S04c2ICXtlDqeJgTXsLH957igIhuOcNF1ExEwWlItBRE6I9ja41behJpiCsJA6fPI6FbA7WUhnLX3gQb/ov1+OWj38DhVwZfYN9KC1W4Ds+pNKoVjx45dC0Isg7EFJAMwGuz4ZlEhtgO2FRx+pGtHc3oH9NK5paM/AkuLhUIrfk8ezpRZo8Oo/FmQJKyy5IUqgIAUKiJQknX0bgqpCnRsSsdK025/BhoXTY1KfQLRqWAWkKCCJWJQfBYgEAq3hLyujZ2onGtvSYDoJP3v/dw1+H48xse9c19gH3Nmflcz8PK/JFj7QVsAM/8QAlDA+Lzaml9S2Xrxvmpcpndv/hv80CTNjx5wTsxHnN7Edl+1e+7w3JPDnm6D/fmvtFLinrAetZxMDAgAUA0Wh0hRgIMx27sKkj/ceGpLeVl6oiP7cMZijEIlJE7fDJr1R4swhRe8Kj1vRi5kATEUHGjHMfnmkbHLiKNBjechVGQwzkBIilLW7ub6DW7gzWbe3kRFOEHFehUvDgLVcxM57D4lwJy/MFVIou2DTgkoZvhNmY1RyHN5UH4iasVAJ6oYJUYwJuvohYNIaiE6DtJetRTkWRuKQPZmsSfS1teMvqS3Ex+hAVEdys9+HO4imM3vIgpr9yL1KpOOxSgJn7TsI2LTjVACiHi8JGygIKLhpbUoimI0g2RxBJRdHW24JMexLC1Fi1ugtXbt0I1ythYiKP++89hsnjczj4wBnkFytQXnjtDENCrKiagiGkQKqzAdWlEryyC7/ih5mq0mGvSlDoeeZriKgZylTbZniNfZ/9hSLD87SdiBh923qQbE3M6UB/Zu9DZ/8Fc8vj1374WrN6oKrOrbY8okEVlnO//6Y1ZlwOlqfK9x783M2TT1TSvfSTvz6gHZq494/+pfikztrwsJXqnpD3/5/7q/UMq46n+sQiALz6mm2tVtxWR7/10CIAiaEhQu1AJ/vbLkun7A/4jvOucr5qlPNV5kBrRCwikgI1y/SaYB6TCP9aaM3CkKEAX63NspKBQWmQEboZkyD4ToDADUBaIRIzOdUUQ2tHmroG2pFuiSPVGEEkEYFrSLQ2pRGPxzg3WyStDJRyZZSzRXg5j5dmHXKNEqaPzWExKOOlr70UD96xD8WIidbLVyOwTdDGDvRdshYvaejCxdG16BRpMBzscU7hW8snMXbLYUz9624kOtPwpvKI5DW62ho52WFSMh1HZ3cz1q5bg4aMCdgKlGAkWuKoLjsoLTlwlqpYnq9i/FSOs+MLtFSoYHJyCblsAWCsuOHU7J0JKlBMNa2scxmrZhgRCb8aQPsayg2YOcywSFA4GZQiXFr3FUMp0oWKRuDrSCpqdK5rQ7I5uRgo/aUTh2f/yZtZPD5446AEgPM0qx51Vnbs2CF27typL/vL4WsyPU1/vLB3+mMjk/Zd2LVLP4oS8Gj6QL3p/jgw6pfgZz21BqzRgeHg51BYZACo5szS6Zxe2VpX2L0bAASGQcVdcw8UgQcaels+G21K/n68IfEGr1iRy9kytO8EMC0hUrHQnV1pCrvzGgwiISncT/QUmBlKaxCFRCFWNRVRTzEFiqIpG9AErQJaLgSYn53GwYcmYVgCIMBOWEi2JtHWlUbXtk5ata0PfWs7sDYTgx0T2Jrqoh5qYwUTd+x7kL7w2a/jsrddgQfvPwjOlVBVAce0JHID9JGJJhlhaQjEQdgbTCAvFS1n8ygv5KEWHcj2Jvi+jwsHB9AkTLrw9X1oWNeIwukFVKtFHju+TEtLBVQqPnLZInLTy1zOVii/UIIfKPi+QrIlwYGvSWpCa1cDyvkquyWXlGLSSoeC0FKGiqQAtNbQroadinBTfyMtnMjCKfvh+qWUTKYENJMGIDRDF8rgsqPBGtF0TDav6hDJTGxZa/7yycPznypPzh25fPhya6F4iTnymZ/SSGcMD8vBhqo98pmbKjtD6gKKU/MHuez+nbPknAS+85OZFWPnzke/BvMj5LwXz4O6HrCeT0SrUWPgzjutUaAEQAwNDT2lbfa4lMZAXykYHXnUX2vsqvU0hoZoaffuewG8JdWYujTZmrgxmoz9iltx4uVcBc5iPkDEJrJNIaSgFYdjpTQbDBJGuHALXXOvAkAkWEgijdA3tDaqZ2KQIQkyEe4aUjilBDOjkK+iXPZw7NAMq3+5j2KZCHukqKExiTWDPejf0k2JRJwXygUcPnAS8oGH0LCxDdW7zyB/dIq2/NZ1MK0I8hMLOFmo0OnYFDLxJuSqWR5fKmDy/hPwx3OQEQn2PURMC06DxrJycexsDvu/cA8oACaPzZIAgUigEvhMoaUZSduEEbGQsiVLKSnwFQxTwI5Y8Mou64BXyjoIQxJxLdEJG+dMTMTMMC2DKouVsM9eMyslS4baw0EALlVZOa4CIBJNCZlqT8OM2WOB731xdP/Ef2CpfHjwxhtldeluef+u+53Hu5kHAAmoNRgaOrKSUY+27J7Hl9bejpMn/cdplj/6tZ77YPVYwekFN4msl4RPhPOcfYaHh8WuR6fyT/dJRbXmPK00aa32xk0NKfudliXe7VXc3tJSBZWCwwzSIhElkYoKYchwrcYINcxDgxquyQYTC0OSVrrm6swwzLCBLAQ9UvoA0DXzVCNmAiQQTdqo5qsI/ADJ1hSEKeHHCWSZSDQkoQhwZpZgsELPK9bgwX/ZAxm1seb9L8G6t10FNZZFzCa0NDThloN7sTyRQ3B6GXxqCeUzi0gmI0h2ppB/eBLrX7MJCxMFVBdKyB6cht2aQropHhq6Kg2/4q/078JgrEJahtaMSMyCW3EBEJQXsO+FsjNaawgpQyczBqQUYOaQ9lZTshBSQGsOf3cNsOOyKpQZgdJmxDQaOjKIN8UB0L5y1fv8/GTp21heHt/BO3DT9pvkSi/yMfHTeueP/txf2IXei6IMrQesFw4khkDn6BCxWEeqKfrGaMR4Dwm6vJKvorJcQeBzgJgNMxOTRtQiwxTQfjj1IgKkaUCHpROz0mTYFkgA0hSA0rDiNjwnbDivBDAmwIrZDAIFXgA7acOIGPBdHzIiYUZsuDVJYjtmoDSZQ+vFnSjOlTH1w1NIXtiJzNVrYfc2Y+tlF6E0M4/RPcdQHs/CncijemoByUQMzetakT0yjd41bXBNwtSDEzAtC37ZhRUxQtoGEPoH6pC2EJLOCW7ZZWYmEhKJlA1QWPGx56NachH4GipQoXJyyF9bkaoP+1KmBJRmKQW046O6VGKUqhpgkWiIi8aeRtgxq8TgOwoF72vzZ90f4pKBhctbXXNyYhKT9086AHjjmwc7WNmlY9+5t/g8BJJf+t5WXXH0KR6etdeutZNdSXN5bPnxSkPxcx4qxhh07ftl35Wd3vyBmfvLufKXzUzibitmVuPpeHeiIZaSAiIoVskteQGTYK2YmEFkGWAR9qakYazYHJMVM2FHDTS0p9l1fGIGG4Ykw5QwbANCCARuQF7ZhZQCVlTCtExUiw5M04D2NSQBhhRwskVIKTH38BQ6trai/4JujO0+heLcMjhXwcSR0zi7bxxi0WPn4ASllgKs3tSF1s3tOHvbYcRaG4CWOLKnl2AkolCBYjNuk1dywYqRbEnCdwJmpci0TJghxxZSShKCzrnkGJbBXsUj0zLCTEszlNKQUoZPYUJIBdEMaVvQnoK3VII3l1dBvoRI1JStPU2ibXUzxZuTx7Uh/9/k2aWPLByb+cdyy2uOrt225JhZZamJZRXEAipMFoLh4WE5XS6AlabcySn3SQSapwdmWvvAA1bu5ElVv/V+8TOsp/U0+lm7UhvfdEkTAGw1+/NP0vD1530vxtDQEM71zToaejOmfFM0Yb0mYhuvVp4yissVlEsuPFcFsC2ImC0MyxBaaZiRUA4lEjMBAM3dGV6cWiIraiHwFZQXwLAMBJprdICQ1ZhqjqG1pwnjJ6YhbRu+H3oTsgCkKbmSq1AkE4GXL2PNq9Yimklg8qEJBGUXGzb0o8oBlsouNmxZxUIE2P/DUTr70Cmk17fBboqjuODATMegF0rwKz6a1rSCWGPpRBZCaZAUsCIG7JrRqwzXYuD5CsIU4CCkKbgVF6ZloFr2oIIaFQSAUjo03qh4YN9nXfE0ggCGbcpMWwrptjRMW5zWPr6/VKremZ117sPi4jQBeNnQkLF7924GoLADom/fBalkUdlezFbHB0dy2An9GKtZ9ZKtHrCeX/QNDUXGgADnNdk3vmtoiyBkSrnc4YxH3oHbDpSfoyalGByEfHgE/soLRzobrujozFxnWOJqAJcgYLu4VEK54KLiKq2U1mQZsBMRYSejZFiSzKQNUppNQ5AVtbiyXKUgUDAtA1pr2KkIKiUHti1BSsNxA0Qb4nBLLpQOB1de1YWZjIIighMNUarMlWAkDfRt68VytojFyUXE2pNo2tCBwtgiH7/tAKJWnJou6oMPBqtQGbVwZBa67IVyMaaBeEsShckcyA8Z/XbMhPYVDCPkVNmWRLXihvwqKeBWPDBCake54ITlIsBB1YW7XGFUPYYUTFIYiXQE6eYE4s3JeTtq3VYpeN86eWDyxyiX58I25ZCRzWbF6OhocF5DnDAMsdkf7K8U3FJFitLcT3/e9R5TPWC9IBvuDADrhi/vskg2R045oz+z+foT6L788qiVrCRP33Zg/hn4vMSOHTt4586/0LW3ZZkdzVuam2JX2kn58kTU3q419TqOj2K2iGKuBNdVYF8p2RDjaCYuhG2KSMyC0qHnpmUbsCImrJiEz6GbfFB14bsaph2qlzqVIFxlIQrJmJKgowKJ9jQCP4BnmWja3InSwRm0NDdi9KFjkJ5GqrcB8XWtYE9heakC8jX0XBGBEzoy65IDYRqwIzaqhQpiMRNBxUUkEYG0wklgJGph/cZV2P/AYWg/VPos5kpwSy7cisu64jJ8xdAKkEJG4hEkWpJINidgElfIMG7Rpvmt2dn8fcUjU2cQWmrQDTfcIHbt2sV49NRuZZvzeV172bFjh9j55zv5OXNFrwesX2CcJynzZP//vvk+8wlsxp9y1jU0BNHaOsw/UZa2tmzuvqihIfZSWOKlpmFscKtuq9ZaluZLqOYrKJd91oHWMASTaUDYhrATNgxLkoxZZNkGwAj7W4aACjSsmA2n4iLwApimCS0IjmAgZgKmhJmJQHkB0NeEaE8T5j97L2whYLenEGlNgRMmSpNLcCfy4GLoAi2YISwJI2JBaGZpSrIYqJar0IGGFAQVMEsBqhYqLKSAX/HYL7kM1weY2YqZRiwVhWUbiKUikFEL0pJTzHTUL7s3l5bdHy6ckkeAyergjYNmdalKo6HNVYAna+3+7GTNddQD1i9tal7LvMB3Ykjs3nmujJXo6OhqSFNXKh27MJY0L7Mj1tWVitdXzZXC6VpN2aZaqEJVPbBihik1DAPQGmbUBBmGiERM+JpBhiBpylqGZYCiJmBIiJY4lGXAWt2MyNYOZP/6DpCQSF/SDVV1ESxVUXp4CuwENXVlAREJFVhFaBiLoOxBOx7X2OkMrRFyFDQgBMyYIUwpKNYQRywdgSkErHTEE6AxVmqk4qp9y0V9sFx2TnoLWERxehHMNLh9uzEyMqIwOCgxMhLUsmeJZ1Jy6Jm5D3nldF37zx8eCore9O0f+fTJesCsB6xnqGIcMna3tvKz6aL7hD9/9279GCWNHB4GDwzsYADY+Rc79XnHvSu1oXtLKmWsFwKrzER0LaLmWi65trNc7dGsTa/ih4YQDGgvgFYhm55DBhozmKE5DGpATcFUAnFLGE1xRLZ1ofrQaXCgwQHOWdWHJqo65Bpw7R1pBpRiYpA0BYRlCCGJhBGaOxgRA3bEgpACliVhRs25wNcT2vGPVTy1v1Dx9roz/nE4SwvAkIfBEm1oDrq4JbXazTmjY/GHstgVqo2FmwujAe4cEh3JkjVz00jlhXCOtv3eNXGrQo17/unWSQCMYchXXv1b7xSm+ePbbvy/Z87bS3y+H5iPViKpB6wXWUY1PCwxsIufohzsM1VirOyfPdG0igAIDIGGMIQ777xT0fks6sH1zb1rG9/oTOUeKo3njGhTtIsDrNZOsFEKXqOBtClFFwgpQRQzpJAkCAyC0gpCCgSugu8GCJjhOz7sZARGLAJ3vhA6+CgFEgJG3Aq1z0EgISANCmkLhoRhGSAwKmUPnq8dIeBQwPMsMMkkTmqlTpUr6nip6szDoTHEYjlccYXaZudNt1AWBe2qhujqYPTWW+NX/dWv/mlmoPctk9+954/3/t33vgGGX7vhVygnK79/+PUO0PMw9TuvYQUxODMoRz7zBH3RHRADowPGs2QH9qRbEc9nf68esF4E6Lh+MDYzOOI8RmCUGB4GnliqNgyQ4RBhpXcjhoeB+fkhml/FV7DSc0f//e7jj3wXAcwCLQMxWLMZ05RNViTSGqEgxizSlkWtSnOaCF0GoVGYMhooTrOBtGmZ0K42CBDSgAFBBIYfBEqzYjaEqHpO4ClPFRR4CUCVCXO+601rmKfZMOYUByVhREpuYORQLCqsSouO1nSQypWkYzp+P8aCcDUTjB3gcwGnuzv6ir94669ZrYl1Rz/1/X/YqNtmb04mg+crC/55waEqV70UrAes5xGDMLdddE13JCoXH3wKyqdrr11rn7zspI+d0LXyABd96FWDgsyB6fv2fX1mZKZy7rMMswX9qCfiDgA7wQNDA/HR3aOVn3hCCmDAAEb92tOTMARgN4BB0EB1gEaHhwP+8z9nEsThEl5NDDB8+4SOjihM08ZSICB1AloZsAEUPIWYUDAMC8wCzCFR2XGWEI8DbW0eLMtFIuHhzjsVpGBWmm644QZxGIelV/TIqlpmvqLt6aWghJMnV2gH/JjZLnYBAzv4UaoHj86e6tSAesCq4ykUluKKP33bDQJ88J7/+Z+Hf86NfALAF374uitlxNi28LX9nx8bOzd9pMEbB43SrB35qdWRHRADdw7ERtHi4NEL3GFpGY7Q8Tg39iNZ2jDk0PwQ7S7tpkEMolqtkud5ZFkWR6NRrq6uUjnWIpoPldSePXuCzTdsNgGgZaBFl2ZKtDy+LNK9aZ04luBSqUTVapVGW0Y1dp/7eQyABwcHjeWWZWH4DQmuFrxj9x4r4smaMzBTTS30KUsC1Q9qHXU8e70E6zH/fnj4sVauqG9oKPJiehCuv36wufd1WxuexGs+Ez+Puocvjz7OtasnJnX8kn5o/II5PBTK9AKDv/v6ay74zZdvfkavU3jji6f5eoShIeM5+SyHh+X64UtXbX7TlWu2XbMt/otw4C9957WpC37tFV2/SEFY/BIFLH6BhImf/T7CIELDz/4hOzfdtDLxHopG07VyCoODgyZ27BBPI/jT6qXTicHBQYkdO37m/9s3dEFmcHDQfNzX/Wn9sWendNu1Sx3Hg+OGbSoz02q8yDOT0OMxiTURy2h/sQ0c6niRYSjMKuTzlh0ODRkr2dfTeBA+qfe8+lWD6bXXrrX7hoYiGK6rhzyT6Lh+MPY4GWoddTxL5Wt4E68I/T07NzQzPUtBkZ5E2XgucA0MD1gvqvL+xXWe6tesjmcRYUlGtXJJYBjygjdekHkKN/Vzf7h37BAYHDTDbOlJlLQ/fz+vfvM9lWu1A+JpZswvwCd5Hc/0dX3G+ywd1w/GZm4aqeKFOH7fsUOsfeAHCa2ciJCi2ZOJmfFYRwEDA/wYJh51CkEdPxfqPYNn5wGw8qd4Jm/O0vEZ/wX7m1+9mzLjvSkrYbWyIbUJZfQbOTWTDXyMjp77/QeGB6yWzWvS2dHJav241JOSpwpR/8CeUZxPflzRVPrlsBPfCS2kckyDyZCGENIyq/NV1Tc/vzJxJAAY3TXqj+66P//LXe3vEM/Z2d/xqIfoiz541TOsZ/10QrRZ22Ll03PBL/qvmjs55WU2d8ZsacAte7NOkPabkyWx/vi0HhsbO59B/8tbDg4NGbsrFZyfdf6Mxx8N3jRozszMPNmH3mPQQh6l8lBHHU+Mda/bvnpgeMCqNdCfqYPzgjuAO3bsEBvecGUSN9YGBfXp1KM+r9rA5KklCU+tWU5P8zzVP6s6Him920IG9Qu5DCc8c+UKPZuBdWB4IFFbNaIX9PX8ia/XXrvWPo8o+1y+D/Ekzii9KG6kOp71w6oBYO62A2UMnzs8L8Rr/1gTvZ//tR795zMKwza4OVkS56V3T/t6DgwPWIM3PqPB5FG/+9prr7WsZJeZSCSe05J4aGhIrr12rfkEDxCN+uT2BfeE+2V9D78w6L788ujPXOX5OTB446A5MDyUuOy3r3vLJb95zYU/Ryn25PDIfmUdPyfqTfdnEYODP9Ew3bFDDLRmzexwlgeyA2Y2m9W/pJfm5w40zVe0xdFQDbKjWY2fdkX+uTAzMsO90Wb2Oow8UXRqZuS4f16z+plD2Gjn5/Ga1x+edTw+aj2Wc0/UDW+4MjkwfNWltQfFk+kr1PFk8cxlRC+Gz+SpBp7nYpm+jl9Q1IPUs4ChoSHjGWhmP90MRDxHgwB6Ktdl03UX9T0HK131m+cXFLp+CZ557N69W2EQT7f5/rTLteZS6bmwDnvSrz8VnZJaaYqejtYb6r+wqKfPdTzF7O5nZD31vtEziPqN+VgYHa1fgzqe5MMNMmG1r+9d216e+cldz+FhuXWVTDf29sUXzkzXdyfrJeHzn3L/sqDtZ8sG/8JkEUNPVfBuFzRYlaYf69/m56nsWtojHdRPUD1g1fEcYi6zwflFD1hDQ0NGPpNPPMXfhw9/e8/0+mLiMcxNd+N0w+rS6dtHlusnqI466nihQ9Zln+uoo4466qijjidXNuGRVkJ9AlbHc4r6gavjqZ4XwjBoAAOyZb5F7/5pG6466qijjhdMwBJt12yLd1/eHa1fjjqea9Q9y+p4KmAAHPGWFex6L7mOOup4MWDHC1bPq4466qjj0Wjb9oJXTq3jFxT1Q1fHU0aysxKgvg1QRx111FFHHXXUUUcdddRRRx111FFHHXU8M6iTw+uoo446ng/8/zgiwyKlC/2kAAAAAElFTkSuQmCC) + +# Gremlin — Build & Configuration + +Gremlin is the self-hosted AI agent for NetGrimoire. This document covers the complete build, deployment, and configuration of the Gremlin stack as of the initial deployment checkpoint. + +--- + +## Overview + +Gremlin runs entirely on local hardware via Ollama — no cloud APIs, no external dependencies. It provides an AI chat interface, automated infrastructure auditing, and alert triage through a four-service Docker Swarm stack. + +| Component | Role | +|-----------|------| +| Ollama | Local LLM inference engine | +| Open WebUI | Chat interface and RAG pipeline | +| Qdrant | Vector database for document embeddings | +| n8n | Workflow automation and agent orchestration | + +**Host:** docker4 +**Network:** netgrimoire (external overlay) +**Swarm manager:** znas +**Repo path:** `services/swarm/stack/Gremlin/` + +--- + +## Branding Assets + +The Gremlin mascot — whiskey glass, cigar, mischievous grin — is the official NetGrimoire Gremlin character. Two versions: + +**Full character (scene):** + +![Gremlin with Badge](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAIAAAD2HxkiAAEAAElEQVR42mz956+t2Zknhj1hrTfseOLN+VZksVjFZmymbrLjdPd0z0x3SzNjSZZGEjyyDRgGDAP64j/Cn23AgAHDcBIwkmY01rQndGQzFclisfLN9568z45vWut5/GG96dSIBMiqe87d+w1rPesJv4CD6R4RAygAAICCIgAiAiIAIBIgICIoqKo2vwba/psSojFMSESEiERICF7UOw8I1jIRAgCGD0Jk5sFwkKRpmiZVUWZ5Yawx1hAxEcVxxMwnJ2cnx6dZnov32v9iVQUAUERCgPaaw49VFQnr30YABUSE+l9AVbG+KSQEBEAId1l/avstGu63/gxQBcT2m0ERMPxO+El4VuEpQfi+8MXh99qLCB8RfgjhCxEoPHBo/0r4SfMfhPB12N49YvM54RcQ2wvV+mNA6//vPiQ8AARsbhQQUJvP1d53Yv+JNH/SXpiCYngy9SvF+ptU62tQgPruwveGy8L6r0H9m9h+EYAqiCoShTWGiAQAiOG1Y7M067tQlfrRYf1iABABEVXCRVy4kXBtiti9xeYvaf0JzUMIXwGIGJaQNO8bAFFFmofdPDMBpPpZNk8YmscTHrX23qJC+BOtH36710DVAFH/NaMCEjVvt/7G5roBgertBwiqiIBAiIBEWC8iRURR9d4DgmFmJhUF0PZjiYiIVBQBFYCImJmJFSBs0dVyFXYgqIYnUj810fZ+2met7eoNj1wVkeoXF+60+VdEUq1XvAAYRASgZiOFR4aIouFpIYYVVC9bbLYkYPOGFagOBWFbK/SDTb10wtqq93L4odZXCtjbek08AGyWa3Pvzfe2y1YBCKm/V8PNoipQvQPa4IPt4qq/GOpdj81SDM8Ew8PqLeH+km5WOdZ3oIhY3y7Wt9UuknAV9Q+aGFN/e1jjWN9uvUpRm33XLsRmRYfLxy7IAHS/gETN82ljXVgt1AQ1hbBCm8to7rre5YDdSyUg6O1GJYLPRHOtIw0iqrQ33txPHUnbcNcGQa3fZbPHmxeEGLYkIlH3280a6H1iE9O095rCltBmzQAbouanYVF67xHAMBlDYfeHS0VCBGBmIlKVsCHZGGauD1tRVV0slnmWUbMowgGL0Jw3gNTuwvoaQ1yoz3Bs4gEghPeBSIjUrjZVwO5Mb49UbH6kvUUA9YnZ/To0Z0kdCMM31gdCewVh12J32GKzRNuzthc+tb5BgDa0doG8XrLYXUKzw+ufY30J7d+ut1pYVNRbC9CsOgwnSh152hBGTabQPG7s3jogUJMf1amNYm+RYLPGkKDdb4rhYKsPTMSwdvspQnuXAF0WVq/bJrHqfg261KPesUjYnNX1Ggt/l9oXoNoGUWzjQR17Ueu/EmKYqgqChKDZxO7urYSPVJH68sLeaEJ7k3ZdCIzQhPDeByJ2S4gAwEB3Gmt3rmIvjaqDQzj95EKi0z6B7iRC70UVCJEY60SkWcvhDVtr2r/MhpGYCL33XkRVq8ohIRGJSPPtYWEJ1oG1/kgEUAIEQMU2o6xfaJefhH3Yy+3a6xdtstJmgbfJYptLaXMcYP8jmn9vs86LqV9zngGFC0ZEaM5zxW6rNVvjYhjEfgIT3gQ1K7fJJ3upqAARKEgvyLbpVhd/u0VUx32FkLfXD69e1W3GrvVW71ZFeBKI0GYW0GSnQPUZICE56h0M0GRlSKgq2GSw7Ykd/gGbSN/k/NpErPow1DpId5GrTg2ZFP69IxxCKG0SDETtpcPYpMLaHsTaJLfQ1B11ZlSHu/BXVKXJCfAzL097AbV5fdIuqCaf7D2NNvNSBUTTREa4uNrgQhHVVQ7YRbKQzhEhoohQyEkBVARBiajJE+rbCF/BiGwNMxljmRkAKue896qhNpAiL9I0HY6H2ToTFZH2+bZ7CUPp2UTAOttWES/qvReRUDS1Z5R2D6dNLnspeKgBVUGVkAQuVkpNXYhEKnJhFWAIBqhaJ9tQp+rUZPLae25YZ9dwsSJr/rBO2FT7cb+LB+HwDh8j4a+AAgBhm3WGXacXq8mQU2F39ndZEl54y9gvQbBOiLDLZRH7dWLdOwj7r3nA9YLUJqopAEj9najYHt7Yhsk2zW5CTlcEISBQXRm0BVa7K5oH09aqzfNSUMLmeUC711DbLLDONLRNeXo5aX32tFluk4vW7YZuSbeZuGoTlLTJRlVBu1xfL76U/icoCCiCmnCpCv1Dr729NhRpeCBNylBffp3LitSnDYKoqCoRNilkG59D+YfGWmstExtj6uNftH2NipDnBRve3t4yxpRlpW0J2pV53T+2L4OQwg5TAF+50rmyLNVr7xzolTpQvyoFZWwTBoS6rsN+KdC1HKT3r00G1FTYzS22PSAEApD2uptjpLeKm7+Mnyn5tCsPe3+bmn5Lly62a6hJIUGlXkHaqzHr1YLQbOPmLWNvp7YpLBI2UYMwJCMI3XVrk49TuydRuy1Xpw/tI1dAqg/AdjM3pWld4dfVMbUZGhCqNl0ygiZ9wGa3o6piXbPXq1kFu9tqukH62SKsl83UWxK1KbV6ZxRoL+HX7g+gy4qI2tDZna5tiGqzCW2jwIXt33QBtd2RRtsaEfoPumsYtOdhU/z7pgZRRKprSBUiChfV5Z11RgQYWi+GjTEmsojovPeixExEvYNXQNFVVVEU6SBNBykSVWUlPuxTUADw0t5a15ZB8PURSQBorLVRFCdxkRdlUSlI+H3sRyPtN9xAAYlQ6vZaXcVqd3BCd6Zie4DVt9/WKW0wh7ag1Ppc6HUaQaTp5jXdn/rwbHspF6JN3WpS6PZOLyNtDrFwg0jNFfaah9pVFt35Rr1+Qf8/zfbTC50gaA+v9hzshYA6WvWeEnR5Xf0V2rRStUloukWH3ed07e5wL6pARE2DtannsWva1s+EtOlihiDSRJP25Wl7zLTdW+z6GtArOZtd2fZT2zO9yQqxa58homp/A+KFvd51ebrg30YVoJCyAiLHg9HF3RcyK+xKfsJ+qYi9mFE3taBuUhBTyJuJmJlMvfEobD9mBqo/0TuvokRojAEACT0CVQAsy9I755xnJmsjJlJVFfXi1Usv8yciROY6hja5gdZnqzJxFMeGScSL93BhhSghImp9ORcKBKybEM2535422HV6eu2L5jhuer9dQ6UJ63QxCwQihF6nprmEtovZfkI/h+lKGe0ldG1l3891mk/DXn3aXRI2UQTxQmv9wpdj+7QULiz4utsF1NaRvZYntR2o9ve6E7D+GbWHvbaJDLXtq65a7ne6eiEC6kcKeLE4rLcfUn3jvXS1+fDeGm5eHGC7yqE7rKFZ802Lr2tPdw0/6PVC2sZs85Ftb7bLu9v91LbZ6pYSICByNBhB94TrwWDdcmlXVVctdkV5l282XSlmCtdvIxtFlplDYdhGPFVAZCL2XkSEDYf/qIqIhEsry9J7UVXvPYJaa+MktpFtEoLuIVKYdiARM1GzMpH6U64ostZa8eK9dKMgQEToPedmENorxvTiEK57SVqnVOEj2i5eL4HoppHY25bte+n+pN3D2OvtdP9PiF0V8e9/SP0O2uMXe8dV7wKaH9VHXNs/V2za673l1QWl7ri40NjvZUnYK4277d7MrLCXKEP3kBEvTE0QEJW6KI/atve7cNPVHaECgnr+odj7oi5r7C1IbO/5Qiu5DoVtFAQNkbG5eUIkZGIvIiLcbEXoGqRtP7I3CKubTl3yeiES9CuObpxWP0+OupOwiVUamp7tAlLsFZRdFEYkpO6XCZk5imwURZE1CCAiKlq3KJuAHTaM915Fw/ZBBDbsRVUEEL1zzvsQEr0X8R4RrbVxHMdxHEWWjamTWO3iFhNj+2K6sgkAwpFoVcKurm8/JH+ESFTHtW560Cw0hbbW7Rqm7YuoO4/Udl+xPdt68yO4sI2w7ib3si/sImYzK2uXtbZLlag5GDoYBdSTSgSkduyOhND0Fbrw26zMMAqjfky5cOoiNu+62SzapADhpWvvUIRuEtTbvfVHNeln/d8w2yDqAlzzLHptdYSuU9Pb49BbyoS9/ic14bh3rFBzJ4RdH7z5eXti14dNkyi2zzRsRUZUhbysxqPk8v52UTrvPBE1iSGpQlU5L8pEbQqqqoTUXwvdM2oeRz127v6wLhkN9LZ4N6hQbdK8tq3QIUj6O7m5TSIAZk7ShBBdWYkXrWdoYVgUKm0NnRsRBYSyLI0xCMCWImsKVVVFYkIMvxwSS9XCVS6M+Ik5MRYQQNR755wT70XVhMSXEInUixepKifeqar3zhgzGg8BtCyqBhej9Tir7YY13UlC9HVpS9rlZx3OJPRCm0MSP9txbHEyoEi9YqVZEqKfzQFbLAhRW8KErKM3pSXUHg6lK7zwAqhGEUCU6jtCrcEH0IdD6YXUHNuRV92a749j4DMzZGqaNt2ZXA/JesCWdqyvvequtzl7yxJAQ8cOSWvAUzMcBgQEaU+RMJdvWh/UNU76l9lkt917bUvu3hPCDuijQC32KewAYygvKiL6lc/fHA9HHz544bxjQwGhUFbOeZ8m9salXWvtixdnor7+sD58RkERPtNMbqZEdcu0G0QhmLZ330uhtd/gxrbDo10bqA18bZKNTDayRNQgo+qClXqhtX03oQsjqHleEBN4YaIost6LMVwxe++xuTlRVeeqtj5pclDDnCRpyIGZDTG1zcTQd/Xiq7LKs6ysKmPMaDRa4boqwz7UMKyqqxeto36HK6oxSNiOeVqwQDM9a9EEGjKC3iC2eRPaH2lAr+TW0Bts065+q1N7DeB2cNFbbM2uDtPlOittuiCA2h4XdSRB0WZl9nuwbar9PwW+aboj4T4xICuaE75uFIUGZDtKDwCA3j+3g8l6HovdyLHZtIQ9JFwvZawHRk0Xg7DtZnf4mF7/GHtj9SYNaAA9YV4Rrl97sKI2FwxQKtRwii2z4pVb+19989ZHT0+//87HqmKIALQoHSBeuzK9eXlrlETLTfX8cFFWroaJaIv37J4xt2lsmK93Dbtug4YnYvrjMuhBbZo6DqQZotZRpW1odSNuAAA2zIa98wjKTETWMCtoVTkAJELvBXtHKwCoqANfFGV4k0QURTZ8clVW0kxmRLx4UQlnnqj3AOq9qAgRR5EdjUdxEgNAnuW+TmUBCYk5TpIkTcsi32wyQEqSWL2ICqoSACFQv8OuXQ+1OwKbpagN8pP6K6kbgYdCsY3vF+a5HcIGURr0RjvF6irPLt3oJhj1YRJCdb0O2967QNej6LU6AzyoAYZ0GVNYwaI9bHAz1e4m5u0WB+0qLWwRl9obNvTzRanxYk2QaNqvF6AFenG/a+hBaH9Y1w43mlKgzS7CgamI9fQRPjNxrcNHh5lr/wCBG0hfOPdEtJ9MokGuvDjVP/2NN+/euPR//1fvrM9X45hzh6pSerl5fe+1O/vg/aePTt47WvjSpQZvjKLEYGxCYq0iWnrxArmTtZNV5fPKiwISGkLG9sKxQQPUcd90eVb3+pv/DSFUtEFeaNO/IOyNfGrwGhMoeO8QgJCMNXFsmamqXFl5Ed+F0rpTXy8a77z3PoqMMYxEqTFRFDVgN2oDsxfxzpdlWRRlkecqpRNfuqLI89V6MxgkW9OJjSIVcc4DAAg45xBLa2wSJ3Ec53mOqGVeSOVbgFWosEWkWcfa4YYQRXr4GOqP+bpGZdMlb4+8+qzrYYLbzEM7SCNBD5vbzC+xBSfVFWjd7qsRI/UxT2E11f/QDUTgYq1Zz3jrKYa252iAXDbA6x5AqI3TdQuN2jwI2u5tF4O0g60Qhcii3Q0EJH27KeoUqodQ78FO+n19RCC9gBnB7ok1h1wH3OgByzroEtZTGNR+ZdbMFMR7QNoaJ8tVZphEBRE3zo+H8f/i999KYvN/+Rc/vjay0WT3ZJGJYhLb2/uTl/aGBwdnq8X6m3v2xt0rOwnFIuAdCqj4UF6JgG9yzUxx5vC0lKNN9XRRPF1UZ1nlASImIpIahgshVcLR3pUaAYY9qkHXzlGVriHbIsvDOL4dOFrLgzQN4QAB2HCaxKE3YyMLiN6L8+JF2Rg27EoHANR0R21k0ziO4hgRfYC9AXjnGxw9IpFhZmvCxCLLi+ViOZudb1Zr733IrdiY8WQ8Gg69Fy8+vLBQWBJRkqZxFBVleXJ8ulouQJVAmZERQgrtRZxXVfSqCqgI2hQqzYNoYAoBPx9aIE0zsC5auu5nGCt3U+Sutm4PiR4OpJ7HEn62k9PhfcLbkW4i2QGjLwL5Pzv66+aF0Js7aANYbbkRvXywBY60ceQimwE6MgD1pqCq2r/Ydqn0ZyABl9nGY70Q1erZewPAQJHQzUH57CCuyeG1bWD16uk28WsaWoooXgMMtSjLl+9cWSzz49O5Ex3EjMx3L43+9Jv3nNe//eBge2A+eXYeU7Q9SoeWXr00ujEAk+fGOQuSb9bzxXq5ruabapP7vJKiEmlgWuFMtIbjiJPYpIM4TUyU2Az58cr99Dh7/zRbVBpxaGs0ld1w72p4xPSZl4cdNaVGuELHRiFE6rAVGFuTprGIqnjDbK1J0thXzntvrGU2JjJIXPcymUPDpTsbCZkoSVNj2TnvqkpERUTEtzN54kC2IBvZOI6tNat19uzp87PTU/FCzcrc2p6Ox1PvnfdevITMAwCYKUmSJE1Xq9Xx4XFRZAxAhIxKdSsNvBfnVbQGK0o7cO8tMuijGXutOSDsj9T6s4161Nycqu3EvQZDNYtIL2wivDDDU+m1Sxq8RW+wFE7Fpk/bh9v1YJ7NvF6kG+83yCrtDddCydfljt039gEoFw/ediwu0jAOWpyLKhH1kQihiqqDeLcRe72/9hn2AMxh81J/htSg5PUzk0Tow6lD90gmozTLq7LyN65Mru1P/vxHD9nQW/f2puN4PzHfe233aFEs5jkoPHy++PyVyb2dAYJMjBSL5eJ0cX6enZ5ns3W5KP3aaS7oAaR51tIDwYgC1e0WNKAGJLG4PYov7QxGk/TM098cFn9zuHEijChap6O9JKEFxfXO+hpFLC3Jrt7E2OFEQvMKNHQ++9wwQAQQFec8c+BsECKqinc1Vp2IQUCIqCiYEkIKQ0LVgFZXLx4AVEicOISiKLMsH6bp1nQ8fvXlh4/i589eqPfhKaxXm/F4XOO/KQC5AjhO8jwnojRNRqOhd5V3FXWch4ZTQtqiVbHDvbZjYtSWodaPVtSSofCzQ2Tok2j0whyyN3cKjck+NBHbs7eZG9VDSKDeDrwwRO6VEtiDkIAGXCE2PRyqExpooPWh5oQGbtJUGYra3xz18CMAuBEu4nHx4tKvC+Re373e3tj0jWsWm/QeBNb5fzfsCyDcHuykVwCrAuJn8c4dxwWbvgwVpXv93mUi/vDBUWT5zfuX/t0PH4wS8/e+cVeZxyhfvjo6O11PfHV9gOsMfusr12N1i9PZ8dH5T18sjhb5rJCVg0rAI3rkAPeUuoNfQ4JEVBQCYcQrlkAFkAtPqJT4rBqdnU0TurY9/J1L02sp/7OHi6JJl81FWmfAPPZT+Bp4i1xXkh0JTKE3CO1WXq9dFIgsdTcTACTgsRFEpO6g1ONaQqTKe+N9HMVRFCGUIiAUhvg1xUnFha6Xiiydr6pqd3fnlZfvKcDzJ8+abEcCyC18PhFq6HOLqteyLGOI0jTON1EuHrvxtyqAqAAiG25wch1gFy/kAR1FDwj6s6/eCAd7a6KeS6mEx6vSNVFUL7IRe/mIUkOAxAa+ropOQlpF0rQiwwMH5HoLaQu7bLoaIaXrTskwwmiOee1gKGGrSRsFwiPtINZtG70ZtmCPZdXDY/fg1tqbrZP22YM18037YNm6uY5Q06YUmpaQdpP5Bk3SEE27DEIaqH2b8HvR6TT9+hdu/rf/5n2v8sWXrp4vc0b8X/7+m89nm8so37kWrxeLW+jH0zixJp364+fPPnx6+ujF6vmiXDusiLxhQFAGAfCAvmndBuSmDy1kVlRdC5wJzpUzxarpHyGiARio38/96cHmYFHe2Bu+PuIfLsQSKjZUpvCAqJ8D1X0rpR42QttDEEBFAocCNLCwgAnFq4p458BwOANVVECZFAioQRowk0iL2aj3KSK6yhnmKIoAVHzdQwrHq/feO+e9E1X1AAp5UZydzXb3du7fvblZrs7PzxHQMCOir5yKKigTEVGomwFBvIiKYROniatKEI9YF1oIihpqD2ViVPV96LhiPzltMfRhrfdBX+060V4fAtuNCBfI3NjDgwXQu6pKg3PABmhe4woQkGB3mi431Sor4sheAKb3Oivap7SDNKu/Qy5rR9khBWm7TNpBy2v6Qtcj6J2d9Xqvt1Y70mpLTMU+9ypUE9RBA3rYFq3B6R20VYku4FCoqZy76hmbplEDzyAIsUOohQ4oqCIzztfFH333tcV8M1tkW6P47vWth4/P/vd/8Ga+yt6O5Y0tyubr7dQm6cAV5fGjgxdPzx4ero/XPlMsldWghGwzFCwNs1a7NVC/Qo/0tIIDh0XNTwJq+kcK6gDOgeZAp2oWmTs9WJ96IuQQR0yP6gv9Jil2hLQe8jC09gUUBQFVBInrkwqAiMArgHrnvQgbVueddwaN90iIzFRPpgjrTKQueUQBgMh7X1XOWpskSeV8SPyahBsRxFWuKMuqdKqigkVRzueL3b2dGzeurddrV7koigHBex9QrN57YwzzxSkzobUmiqyvFGtWSF0XEZJXBRBibuE+LVvnM0jfGrasBHgB4aU9SmE3nqsXcDd3xQ7/ogRYOl96YcJxYkbDeBgZaxgUSuezolpmZVaKV4ktvXX/2uHZ8pMXszS2IdPu63JIGIGG3lI7XsOGMUcINROKOjYHgCBQX6kAgMKcH9vTqf4EFQ1TbpEWMdvLjxtyA3Wk/ebUbPjAHZO/5UpiA4No8BAETRu/aczX6XEYZzWnhTTJbP8QDtuCGdd59fLtvTfvXPo//b9/hMyfu7N7e2B+461Lu5IVshmmUHkcTwdaVU8/fvHo0cmTk815ISWQRxZQH2bUoa8DHUELuyiEospIFeBHFZ04RFRuksEWfhyeQsDbnSktlE0puQQWWlMTNmWOtrRRvABE7HFf2nwfQDGctnWFLV5MZIQ8CHrRqqw4TY1BXzPoA9/Xq3oSZqKqrDTQDsOo35iIma1BxLIsrbVVWRZFIV5FNSCwbWTTNBmPRpvNpijKsPiyLCvyYmt7azQcLZaLNE3ES5iUhNgvXthwaOZCC45BZMMgpCKEEIrPVoYiDGWITUDOtT2plkldg5h6GK62Nd8O4bTXb9D2+MM+sKRGujmnhcqVncGbN7devzq4tZUMYmZL1loiRgQvcL4uHx0t339y/sun859/9OStl67uT5KffHpETPXmVg3cXmtYVSpfX2TH6enKjQaZRz2UbM1Eg3a0oO1Q5IJgi9RgA8BAvdSO998q72CPj6sNkbfeT9LiqEKsqAOBQoOMb+gpNSNbW8mQhj/cYjZUZJDERLRe50gBlFfn+YLgvOxvD/6rP/riv/h3Hx3O86/f3fqPXt++ZJSzrFhlo1ESjWJ07vjx0UefHD082SwrcIAeySt4Vak75NihNMJhr6DQQHkACLFU/dDzTMkQaHNstihrlW4QFGKgV3VIQN1Q1EDHKe5yJA2FFCH2SXK9Fl6r7iOqqCiolXcRGhtZVznxUlYOsYgiS8ThysS5UK4hURRFXrwXMcxk2LJhZgVwVbXKlkVZpWmapklRVN55BRXvRSTbwGq5mk7HaZp40aqqQNQ7yfJiPJlMtiZVVcZxVJZlm0iGc8B7b40NyC8FJSACZCIlRkTvXbtwRDwAKag4HxmD1viibGf2NfYCesDqbhof9jYhdD2VLnqFT6e2TY8BBcJElfdbk/jXXt373F5qfVXl2ez55kyVCCPLSRolqUlie3mQ3L6/9ZuvXTrfuE+ONj/65ChO7ei1y3/54REzemkKLVUB3RunZ8ui6r6w2fbUNXV6Wi/YtK+a8ScFqmpY9p+hMiAShi5djWILCBDsdAZaLZ26mdnwGKnu1bWTGGyxa3VREDirHcpGa5JuDdyD8GrCP4bVf+PK3vZ08lc/eDdJorDzKyeG+fb+eJWV/9s/+fKnj84++PTkH31h/+++NBlBUSwKARxf2k4szg+O3//g6JMXy7PCO2Qf+gYQth+1iJ0a14sgoozQqQAgKECl8LHnmRA3Qljd2YcXiLwNW7+Lbm2MNj36MMIF7YALyIe+zFGH+wMEBREFQufFOR/Gg04rES2KsqwqZiZmYm5nxagQUGmEWEs8qWZZVlVVmBa4qlp5z8xJnGwkU/FQDzZExC/mc2Yyhp2rAjTMVc5V1Xg8KoocQOthfQNfqysxVCb23lPLiAdgRhAUj1pX/wKAoT0T0rwkTZ0XV1XNDTeU9naJ9diTARvbSqzUsYywPf5EQoFX95kJ0YnuDuNfvRKNzs9+8DCfl+IUE4SJpZh0nEaTSTqaDMajqBiWbJnZRIZf202+fOe1g1U535TDmP/Zj54ksWlY3FB5BYRXrk5++WLRzBTbGCqf6dNii9iEdvB7gXmo0OdhhvxTkVAR0TfM2gCooVYNA/viYPUBrK2+HLZ1JioASN0CxVb7ClpEXseGxIs0V4DA/9yZjncmI1E1TE585XR3kn7r9esfPjv/D3/r5SHS0aPT//qb1z83haoqyspFo2E0HsJq9eC9J+9+cvps5RygEAuAV3UACih1w5tahGdLvGgHvaFdLQCPPZ8KMbZj6f7QpkW9B72NgOSVbhs1rW2OhkPsE9UaFSXFLobV8FZt01FsU/tePwJVlQmtMcQ1n0ikLfeo+XtEzHEcRZEVVedcVVV5lhd54Z0XL4BITCLqqsrGkWGu+6gNVAABmYmQvPMhp7KRZcMI4J0visJ716eKhoTXsLHWgKoxDAjeOe+cim/6PhIanRqmyaqAQMyj0aisKudcX0qpUzMEaEE3EIb+tUIkdcO+TisJW45P00ZXBUgBXszyn5xUD9bwosDDEg5KPCz0NJfzzC2W2XyZzVZFVshokExGiY2j+aZ4fng+srgzSX7lpb2BoR9/ekZElng7tbsDXhf+jSsjy/RiWVmmwFUnrDuN2NMYIAwCegER1t4j9XDiTa+AWpZdw2WtWT3U8VkaHgH2OHkdpbwjWvW5IygNxQAuzO4hfFRIqqGGzGvQzwwqRGXlPv/yTe/9gycHhjG25t61rb/71bsfvFh86fbed64P9ejkm9t4PZI8K8HQYG/HxObswZOf/vDBTx7Mj3LxCB7QAbbbT9u12vChAi6FAAmBES1TxBjqmxeOHnjDDdO0VjXoMEqf4fRoB7Ru2XMAdTp6kRHeH5I2RWGvXQwUNkOPQVzP2cR73WxyiW1krbWGmUP+SUzExNY2yxS9SFFWy+WqLEvDbK0l5lCmeu8NGhsZ7zXLsvFoZKXWuQhCU8gEgM659jqJSZxjE3JLCdOAjnGsikTWGMOsIswUNlXoCIj0pA+6gKegtXKMMQZ7IpEXuDxIF9TdunpItU9kulBRd8Sw8NhPKwFgZsAmhxHANeIK4MhDorgteqUsluvi9Hx9ZXd459r21ctTw/jwxfl4mO3vDP/g7Su7Q/N//fPH61JzB7d3h/tVpQC//fr+8/P8vHQWSXujhXZE31Zr4UaoUbGs2zlSSzh17YFm4SgCMahgX34W2r4T9sWXWlnUFgIOFxQE4IIGaa2bQxd0YltWJvEF1igzbY3iR89PVPXS1mB3a/jtz13+xePz79zZ/fYe0enxBArvXC4QjQfJ7lY2m3367oN3H8yP1lohKKIHqAAUwOsF4l8IDQSBOQ4MigSWkBltQ8o7yOGxv6iSGDJt6eaqrS5jr0d+scMnAggcjyYXWNk1qoXapUVEFObsHXyrFUFtKOHN4RAUR10AgCESkTFkrDXGEhGolpXLsjzf5GVVlkXpRQI4Jjz6IIBIRMaYKIoCJM1GkW8yTGZOkpgInfchLbDWJHEsIky8Wm+KIm8ne9igA6LIxEkcMiVm45xzlXOuDPPKjlAvnbqjAtjIDkfj1WrtnUe6wJipYxM1CwKBGjTwhWPwAnu1pqv29O4QEJmRCbomPRETMZIlZEQB2oBZqik9ondlUW02RVVWW+N4MIhmy3ydOSS6vZu8fW/7YLZ5PsvPN9Xr1yeg8ubtnbt7wx8/PCOmmvlZX3ITq3vaHAA9Yl1dwfYUBqllS/aIedAXjsELQB/s/35PGyPA3LBukiK0/FrtBpVUrzpo6JfhIKz5q4HRB0BMsTXffuvuX/30071hdHl38tWX9ozKazH87iXAfMOuEhElSne3o/Hw/Mnzn//ok3cerk9LVQQP4BRcnaBfwNyGr2AkIjSEhiBmTCwNIhpEFBuyjKWHn2V4qkR92C4g6GfEAC6A7fqil/3lwfFg1Neu7JFGAetZArVUyFq3GBQvbNlOKQhrGqC4qnLOhf/1znmRqiyLsiyKoiwqESEK617bDyFiQHCVK8syzwpVTZOYCeM4JiJVZcNJHDGz967m8gYGI1FRlMaazWZT5KW2MqdITMRMaZJEUeScC7dTlVVRFOK9d64vi9b06QJIhYbjCQCsVittqZ8XNJZqQYWGSV4vlo5SqtBXNehx6FumQ1htdRSrKc5EXrQScF4IdRDRKCZEXgPPKjzL/WJTZHlZlS6JeDpKvZe8qJQsKXzt/g6Cvv90frZxb93eYtSvvnpJvfz06SKODNR6KNDphTdiEHWxh02vvxOECPdIgBpKjE7iURu8DEKf3l5zS3uzfsRWU5sQuS9Z3nDUoUUOtkKj9fur41SjgtD+P1NRyWu3L927tv3u+49vXdm+vZf86etbl4rsi1Mo8gJVRYSSON3bJoLnHz74wY+ffHBc5YoC6hQcgNSlR9u1QgnYJ6qPIUvICBFhZChmMhSIBFCJ/nIDn1amFXVrhdcB4bO7sEPu9nmdzegYNIzyWxEdbMFaeFFUFruYJkgIgqq1qGYLxu9IKxomVeDFeURwQMy2Vq+oExJR8V4C8AMRDRMgVqH0AnDOB0iNiozGI2M4iiJEUC9IJOIxqGQgRUmUJHGel2F+5WsmcZ2mMpMxJkni4SCtnEcIcv1cVpVKmD5Iy5yXHo+HEEwUg8JivuhLcWorPYZwASza07vuyXCoflbEtx40K0g4Ggk7hWkg2FSCCNcm0avXhrd3k92h3R1FrH6+zBfral2AkskrN5ut3308c6K3Lk8NMyhkmzyO4ycHy9976+rNvdH/+X/86GcPz1/68tVPn57+0VeufXi4/PmLdRKZMPzvZMXhAr8PCGut9JaY3MDx6joCpAZrtEJtbd/rYnugVr4OIpF9eXnpdWvqFpm05GkUqQeP/aKoZcUDiKgxHIjKXuRrr18/Opp94c7emPCfvD4ZLc63jatKYVVRsaNhsr1VLs/f/+knP3l/dpqjIEjovjTi1y2RRGsxVGpx1IzACAnDIKLUUGTQEAhAJXqUyaMSJJCXeweh9iS6sFVb7DGgoV/GtbBhVY6G437Cjz2hhDpiUafb0aCkevqvPWU1BODPiKm3x3vTlVAFkbppSczhomrIqWiAYoXyhIgBMc9LYh4MBkwEiBIqFaKQlyZp6r3keUGIxpr5fB7kMBCJmaMoiuNokKZIWJUVGx6kg/V6s15vVLyrqgs6/wANdRvJGEQqq6qqXJ9a3wGyqFcNEnXaB/8+fKavlt3W6zV2qMYoEYDzUlXVm3emf/jVG3/8lWvfeGX//qXplWk6juxkGO9MBqM0InHrxQYqf31/cv3q9jJziWEmKivvnRfnh2n08GD5yrXJazd3/scfP96bxNOYIoJXrk3+8oMTJWrps61SygWlpJ4wEjXaHbWqUz1qbhCkrawnUZvSNkjVWqa5k/foZQ+hVRHebP392j8qu6QtGJPUbZKmFzoep3dv7B2fzJnpzuXpH3zl9uz07Fd2+Tf2zT65fFPVAQKUR+N0Z3t1ePSTv/nwBx/M5xUKgletADxiWGTSvT4M5EsmIgJCYMIIYRDhVsq7qdlKaBRhYnCYskH8YCEflRQuryXnQR9QH55SH7QeKslGraIvwAcYsKN9JLw2Oh168Ty9gKPvgfP1M42GhoFYP3VR6PTAVMF7CW0jL8KgROCcaCePUwfagFpmZu99nhebTQaqxprExOESjTHWmsr5PMtFJLImqP+GtWKtsdYgkfdSOmeY4jgaDger9WaxXKmKq0rvHXfajQ1gMkwqRJyE3Y7SwLfasXRQ0a/b9BeUFepBXaPR2nw4UQey7wbgGDQ5DVGWFbsj81/8nbe/9sr+/HD24NHJTw5Xh7NNVTkGHCRma5Ls7Y6v7Y9vX9k+nq1//tHxppCr+5Pc6UBRRSvnc6kmhJd30vc+Pvz8y1f+w2/d+6tfPL2/c+PwePnq/cu/+tLOv/5wllqjjcJ7u23qoKrYk3RDVUHi0CdCpEZztcMrNF3NFkMWFFxJ1dccyE6lAlUEWuncBqXXEpd7CO+Gd0k1IIyRRCWNrTG0WBe//tWXf/jug3vXJmtHf/i1O6kWb03gzQSodOuVNGJfGG9v2eHg8MHTH3z/4w9e5CWhgFYCHkEafodiq7ajgMANcoERCdEgDCMcxzyMMGYyWHOyROB04z/coBAHFfNOmEgvWG60u1E7HA9pT769G8gAmL4NR4tlDkI6dSIr2hPGwL4KXvMcGx2b0DZtDFnazVnjRYhCCl4T2wi993VQ/PeYnlgbPFFjdiBFUWJZxlFko8gYZqayclVZOu8J0Virql4VCK0xxpjQ8GEiVUnT4Wg4WK3WpyenznvnXFmW3AxigpETao2+q6UKkFpt21pHGrFVN1HsR8D6UWs7X6rZ3ngBya1d1tBSJQhxnZevXJ/+13/yK7DZ/It/9oOPH56crN3GQaWIhBHVyQMg2the3h2+/dL+Nz5//dHB/N1PTj4o5YsvXb5zbXy+zERhvcmn4/TKdvLRw4Mv378yP18+PFjc3Rucnm2+98aVv/nkXKAv703QBtAWzSPgFJiAWmHGhjkZ3mgr1NwH0zS+PWFNUk1y6BAzIXGolTQaqc6uEdkcq4Sd2UjQ4gIRTeLo/u39dz589ltfe8Wq56p46fb1geWv3hxXs8Utqz53oekNoETEk0EyHrz4+Mlf/tUnHx/niuRVnIJHkFYNp6N/dMpcXNeiYAhSgwNLsUFLwFSjiCqvy8z/9FwO1dYdjZYv2tNhbcHBPUuCWqMEtcXNX9ikHA/HfXWyNkG4QMZpoJV6wXKkJ2usNcMfQRl7FKdWFIYZCb1IK75JiCJKRBxQpNhvXRAiBpVuAAgya6FQdN55L8SkIllelJVnYmaTJklVVcv12hjLhr34EPCNsdPpZDqdrNfrFwdHeVG5qiryTFUI2ufewJoVpZZJqXNo0XbBdLp9XT+h9ljrabN2EzDqmwr1XFZ6DwUxq/ydy+P/wx+++enPPv5//PfvvHeUPZH41CTrOM3iOI+TtU02SQxxZA2jyukyf+/J/Pnx+tpO+tL1nbzw7z8+HUR8aWuQl1VeOGtokBpLOF/kr9/df3KwiA2KyN0rWw+O10/mpWVuxc7aVi4zViJ55dPE7G0lsTWVUyLs+epcGCE0/Rusyd3Qstk6Yg31B11Nk5OILni2tTNUaho2gXBTO3dR6eXXv/rq4WxlI/Mf/cYX/uwvfvHdL796ZTL4zquXN8s8Xmdms4ltYGYjGjaTYTwevPjwwV//7cNPT0oP6EA9oLRC6jUUDvvid0gBQQWGMDKUWpwmvJ2a7YEZxSaxHBuKrY2YTzP5iwWskC/KodZ9SoXPAIz62WJ9pDX2Af2jH8Im7AtVXOSLdLTwjlhdWwoR9k0xAmaX6roWekoWSMRsOYiXh0KCmFpJHmKqpaN7OxuD5yERIqZJYqPIOaeihBhFFgA2Wb49iaejpCi9IsVxVJRl5aqgsiEqiMTGDAeDvb3d9Wbz/MVhXpTeS5Hn4l3IOuqX11DIW5uimsLTc7jDht52UcwTKbgxdgK+7TT6Yj9UO334eqSB6LwOEv4nX73243ce/n9+dnRsBycc52Q8kQB5RQX0oA4oR1qT8WwGhi24k0X+8YuFqr58fQsJfvLx0TC1l7bT9abaFNUwiaKINllJgONhMptvImvHiS0FfvJsYQ0BUa04rqoAzJhXbnccff7m9s2dFBws1y7zgQndXr9SE1jrdm4rmtv0oi84M7WZPbaalL0gBorQyI3WCpuEIS7VuphEzE7g9Zeuv3730vd//vC/+vtfr9ZrL/B7v/r6lXG6XJf5prLL5ZAlssQAaNgMk2g4ePHxk7/4/oOPjgoh8ApOwYMiBdcHhFAQNlEl7EEGNUyG0BIOItoemGHEBkkFvFcR8KKl06x0v5i790ru+Qb0xgIdd037+sqdbGzbsOv4YLWkQi3+eyHYdcY1F/XmWzEThN4YqHOxajpLUBOpm0hIhgMpIejKUMvTx0AFViRUgYbDF2ry0ARTBEjT1Bj2rmrwGVhVDlRKJ1f2J6/fuzKIrQLMV6s8r2ohU0QissZOJxMFePHioChKUc2zXNW3xyBTE30DYEKkaTkohIrogk5mk2woQt+dK8hFQXcwAnby5P2Qr30+HoICvLVnnzyf/5sXVRbFpSIBUAP4pNp/Qqmm9GIBuEaDRAMUL3Iw26yy4t7l8WQQvf/odGsUTwZ2uSmzvBoNYmY6na13tgZl6YLwfmzNT58vHQU7Vyy8GKb9abyd2u99/urdveHjw9XRrETkydAOE0bQjdNSgAiDJlKnINrkAg1BqUcIaW1imnkFctfBCk4HXYwm0poICcR1fCMiJ7q3NYAo+qNff+Pw8Pza3vj3v/H6s4PzL71xF8XPluWm8LBcDF05YIhRmZnSOJmODj5++pd/8+nHx4USVgpVW0/UXYamDdvECkYCVcNoECOG1HLMFBmyTDFjajG1lMRsI2MiWlb4b+dwFmaD7RwM4ILNVteNogsg0P+JAaK2u9j0hxz9g7AvGl6TDPCiA1uvRgxblDqX12BBgUHhNwhhBKukGtrfQEqIMEmTJLLWMtXygspEaRQN0kSRcicmiovSVc6PBvHVvWlWlAcnS2Le3RodnKwQ6aufu6VOfxnL0SkfnG9WuSMiQxRHkYicnpyulksFvLQ/PSjzTSnNsu7GOoEzTIhOpBmk1zenF/wAL1ImOrhVfw1KM0aFnmVA0wNosnpVtASPz8q5Q2VGEWr7JS0qTmuVt4ZwCKo6g6iyvI2byrknJ2sU/eqrl7z4H7x/8GtvXb+yOzyabQ5OVvu7kzi2i8Vma5yezjebvLLW7I+iJ0sfWVxX/tp2emd/NCD49bdunS7yk/nmP/3NV6/uppahcj4vyvUie3q8eff5+p3n62UpdIFq2lcm1bbj1xEo2mEkNarw1AirSlBepfqADb1XJm3m0s7LZBRf2h+rTd66f+3wyfH3vv6qKL728s2qKI/npbKtinUqrrK2AjWkPIjtaHDy8PAHP3r86XEpCF7BX1RiaxtRCIJt0FQgJAI1hLEhQzCKcZxQYshS0OMLNHZhome5vqg6x1nsGye3D0R6bIdOX06hNurrH2jtC0eOhuPOtfSiO0IYJ7eq2z0PSO0VkNBoh4eeUx13uhKPMLRJROt2i9ZDJAziiFEcMaIljIiSyBIzKDJhang6iq/t79y9fnl/OoqNyUtXOL8zHd25uh0xLlb5eJQK4GKZ3dob37sy2Urx5t5wfzIsS59VPoy/1+t1tsmzvEjS6JW7V588PaFa6RwIQy2rhBjIg3WrkGrCbqe7AJ1qfMdO7ewNe1YMSP3i74ILAjVU1/opaqbNcQyf8Tfti+R3fLEgZlAoEfMQpfQ+r6Qoq7uXR1npj8/Wt65MhoP4fJGfL/Ld7eFqnUeWnZPSeSZ8sXaHm6pw8sU7O7/35rWrk/jXv3CdQS5tRW/dHMS+ODicPXg0e/fT2fc/mv3k0fr50sWW9gamKt260p7UNrUaH931UgdZaH8VGl1BpqZv19wV1Wk5EJOijoZpSJSKyn/nK/efnq5+5+ufu7m3lUZ05+YlJ7jJy/NVyVGcZxlkawbvgPatHyZsh4PVbPHOTx7+7MmyRPSdCWMHvdRGrYwanTtqRLsZMTI4sLg94HEMMYEljQwZQ/VCJThfu3995A4cci3JjHrRT6bZedT34mxONtLOJLwPfawXB0fDSaOPXgM4esaXDaD+gql3W9lAX24Oa3Jq17YOV2iMISZpnCIbk2jwIl7UeanKSipHVTkQN1Z/yeqVmHYtTNBvgbucRFcG0R6UtxO5N8QdrGSzIS+vXd16aS+tso33nmx8OFulFi9tpeebfHd7/I3PXb++M1DE42V+vlxHFp33s9ny86/dEtHj4/M45pCRYlPQaOCzA0l9g9TtO+xwhb2eXiPtznTRGLjTRccGMd1KgXQYe+zsJlob2+abajkNasTCGr/hujgwhAVSQmS9cx5KpwB6Y390uswt0XgYpbF9crA0BseDqCwrZspLTwBzB788Xn/vrRv/8Cs3RxbvXRktV5txQouz8++/8/QHP3/x4sXcZxUVBZb5YrV599R9OKuOc4eIpZfmKvvOLz1/GYWelQy1WmzNzEOBqO5GB5JU0O8nUoXBaPDa3RuHx3Pn5fb1vS+8ev3xi/l//AffQOStrUmlmBVuviriNM0rl69XXBWOeEvK6wMww8FmuXr/F0/eeXC+qDScgdoz9FVEDdDynpsYNmNaJhxENE54nFBoig4SO0hMktggw6kIJPrpuf/rBVWN2Yt2U7ULDhTY041s6kPsPCe79BR7jqRgOmutljuMvaQ0pOlNwdbzJOn0iUD7XpOKQbQ5oDMoJPyAoIbZC1ReFCBiHTPuJfbK0Fwd8MTi2OCINSYxVBF7Y6yx1sTWjslEZekWldsQy+2xVInLXSmz9WAU39/jRVFldkPp6PmT55PLkzcvj3/6fPWT2frlq1vf2R29eaf4lz/wDw/OXrl1+f1PX/z0Fw+++7XXHz16oQLEyI2LmJLWAp29mSV0LuU9peeL0qMSZlrUzgu19gnsCYgpIHGHktdGRKPtk/XGjdqmLtQcmzW9vWG7N5RIOFW+Ecd+vSkdvZgVseXpID5b5KPUDlO7PYmfHy2n9/aIMSiJOFVG/cpr1//h1++uT2dZXp16bw3+2+8/ePj4NCucIhXWZutSFA1pRDSISJW89/NK2nq2M7iteWlhNF8zzZvb11qdtq6WqLFHVaqZCq3oIWZl9dL+ziQdlGWFRF9/+65z+vd/48uTyeToZBbabPN1QTZyCnlRCkBp4kGxuZmiSZOyqh5/+uKdj07PNw4IfeOz2veylc5eQwJsNbSFGDGxNIppOuDEUGppGFFsWBXWmS+dVt47hU0p7y10A0QEEu6Aar0lgZ6dtXbWap3QvWjDq9ZWuDUE5UZvK/gTtuqufSFo6g3hCRAIRC8wpVqV8g4qUEO3GlZMPYFQVa9QOc+glxNzY2Rvj/hyTBMDFrz6oih9uZEzL6IggExkmIw1SZqOCozsGsq1QYkMWqY4omlKIurKTER2EaNII4L7u7hZnaSy/N7++NFCHz49GG+Ndsfpf/q9V/9/P3328YvZ19+88xc//XS53nzzS6/9m++/Gw0jUTVEqmqIVcGhYN2UoTpn7vkSA0ibtjda7NQXdegAtdip87VVE/VM/lo4Qxv+qG//0uvkaIA+gHqtfW+bKTYi0Uqj/dTNC5dXfDgrrkzjSv35KhOV3a10tshni3x7EuWlB4C8qF6+tfeta5ez+eqjh6eXdoZo9Z//xQfPjhY+sueYLJRLR9B4JoqiQSUUBWBsGHHNgsPO25OD5l/d2hTt8B11160DTjIFoQiQmpgLiOC9v743dd7npXv13pUvfe6WQHL75pXzVVZUPmiUlF6iyKwWKwAQYq9whX1iUVGOnh389MPjo2XpkbxXJQRUH4Ij1HOzcPZS48CGRAzAqIOIRxEOEx7HPEjMwDA6X6zLEgAsD0aG2ILCs7PiwInU7tM99w3sbHv1M1ah0ArWNc2FJgfsMKZ1XKqxowA9VF+PQtLJ3xGhQJ/Wq32f18+4Iob2ISExoqhWzqeMN0bm/pAuxzQgEeey8+ppKXnlnUAu4FVRUcPMhpCZbEIDMsOlaDYv5rMYNWUYRzQe2NEoGQziJIlqaj+id069H6FYX+H8/I1h/NIwOi0yAsgL+Edfu/HT59NfPj75O9987Ye/ePCnv/21s/n87q3L3//Be3lRRtbUFUMzhpCQOzWqJ20i2Bq7g9aaEq3egvb8Weu6qIElhupDRaixZce+obw2lLke9SeQFgSh9B5UE0OTmFImAnSihZPMoXe6Yp4aG1V+XbjYcFZJZMgrrbPKsNmeJOfLfDSwIuqcVF6vjZKBzz9+cOQqN0zMP//LXz45Wi7i4alGioSkNU4NNEiA1YgnxEDcV2k1LKhRHLpoPaXaF5wJwT2IbFG7Rqi1tkdt6uprV7efPJ8D4ne+eu+V+7dKb/K8yPOyqjwbM19tbGzL0sVxtFwUeeVuRDotnUnNwZODn7539Pi0cIBAZLYm7nyBoh1VpWZyamj7UWNvzkzDhIcRjWIcJ2aS2tiQlo4Yh9N4GlPD6UARrwjrwKUiFGl9dy4YT3YdqXag0LFltLZb70Rha/GKsBPNhU5Dj+7Z+Pp07qyNxr/26bzQWdQqIRAQgFAjB+BEtyK8P4nupjgC54rifOmfVrrx4KWmUbanTWPziERk4ogmW3k0yHOfzTfFqmJERjBQpaYa2nwn4e0hb0+SyfYwSo2NIxVRLyTCqEWWJ4P49tg6KB1QmS1+/d7W7Z3Bxsnt/cGz5we/+523ssrfufm9/9v/619ZpjSKzpbrMLT1XrCx6WpQQY2C2AV1M4QgktsZCGgPpK59MWBsXbi1V07ViURN723dDEHEiSLIKDHX03jEMLWcMMXMhBQkGBxA7mG29utZOSTyXvPKr3I/HWJeepPadVamMZ0tqyyvrOGyckrM4M9O5i+O5l969fJf/vTRpwfzIh4eYwwAFHB5WAvVhBUTgrw0umbtFde27PV4vlt8SBgAar3sDGtX99odoDMEa9pUSIQ7u+ODWbm/N/r21z9nB6Pl2dI5v9rkiJhXZU2GMXo+W4rKpWk6OJ1NR3Y5m3/4wdEnz1eVACZ2dO/m7OjMe18byyKEcoOw9S+vjwjDlFgcRjRJzSSlYWwSRAa105gtqoj6puNJWBb6YOHmnogCcKrVowupQeeVpX2H+W6bBgWdIMdOjZ6IdlbNChwPJ11tSRfAfB1vl9qhD/Q6eBeEVxtAMpggXiSaML69E31rz95gV66z57P8cCXzEjKhUsEDCAb7Kw2dytDkUEIzSOPphKPYVYU4t14sBFQQhahCKtlslM9yfzjPT8432WKNriTwg8lguDWJB4khxKoELyBiDUdMEUKVV9t7e6Px9O6VLfbuyuUdY8ztW1f393c++Pjx5b3prWt7z47OQ0NJQ4eqbU9pG8R7Hrfh50St26j2/Hr7Oi4AFywjsXY+7Ib+2NrlIQpgZGlvyLspDRAHhNPEXt+f3LwyurE/2NlOrYHIIIsMSC5Noht7I/AyX2y8qGFMYwuISWzyyjNB5UUUkticL/PhaLA1Sd/75HAyiivn/+LdZ95Gp5wKEUJYrxedNLVHj9Mg01zbVgH2xYe1b9dGjVVAT+QUupSAsIUKQu1Oid7Ld7/x5uk8v7Y3/IPf+fb5+cZVLs+r+SqLk3i9yeMkFtXFYkmEW8O0OD66aQsusicfHXzwaH68KuLd0ZUvf+7s4HT9/JjZNILMBAhMRNoaVWFoa6UxbQ15kvJ4YIYRJ0w2gnhogRFEDTFzIFaQF1hn7gfH5RNnwhwlPCDfzOH6LkrYF0dtB+vYQFs6IGS/QQOIVLsyha0Zeiq1bVfHz6/fRetOKkFkVxuZ2Y5kEGQuQZy/MTRf2Y2uWJ0v10+W1bpSp7W3Zms2JnXXAsOMDgmBKU7TeDQkNsVmjQoq4lRql7Igc8YkIk41V1jnMCvcs+Vs+8n5rSvnN25d2rmyn25PdBhXq7UUpQdAthxHsS/PT2eL6TVEvH/n+irPX7p95fB08a0vv+bL6vs/fPeVK9u/Poj/v3/5C44MKBROjSEUEAnT2SbP1K4q1M9YTfdtGy+YFobpX9uMqYf9dYewc6dHJEoYBiz5phyNR196ff9X7m9dm0ZDVl9kROTVrLJquchfHK0OZpu180z8+Veu3Lo2/cEvnp0s8skwRsKscACw2DhreFNUI5+UXpLUPj04P1/m1y9N//aXT5VpZdO25d73zqu95RFUWn2XTu1FujlZXSGKl56jWTtjbf5i01Jn6gaJyK0Eq1pD0/Hw2t7m9Zc+77xZrLIkiubLczYmL6p0kHqR+WIVx1Fs+OTx09uypmrzycOjDx7MXuR+cP/mzbde++THv5g/OgyOQF0EUUSRur2soKARY2JwkuAkpa2hTQwlDEnKyKAIxjCLqpN6pRFYpVLw1CFSnUDW9khSi2q1vMB+y04bq/VO3b1uydYLuXHXqEsajoeTZqLX1Yt95FprxF2zWLmhr1wYWNQiHKpgRN7eMl/dIiqqZ+flaeYzH8Rz6qwcEYL0E1HDfidiw2RtnKY2TRGhyjbiKmKuyqqqqgDyU6wBTQpQlVVw2BaiEs15IWfz4vx0LqtlhD6dDNOdHTJGnVNRFWBjJducVVQmQ2UTR9ZGbOOocu71V+5MBsmnD59/7qVrSRx9+Pj4yuXt6WRwOltPRoO9nfFiueHau1pb4jwg1pR4ot5Qp/MZ70Y7dVrbZjHUMznHHiATmHCTFzHRH3/rpf/5d+++fS3B9frZp0cffHDwwUdHHz84e/p8vpjnFnF3MtwexFp6Vc3yapza63ujonLn63IQ26CGkpWemIvSE6FTHQ7SB8/OkiRiw+8/PNZ0cASWsW8N3CcgdVZPDRq2bsxCX/C/AbtfACrXwNQWmVl/CrfjnmZuzszey3Q8+MPf/tVLu9v37t47PT313q82xWy+TIcpG66cXy5Xo2GCTp49eTFdz6/61dGzk/c+Pp7Z0Y2vvTW+feP9P//R8ulRnETiBWogpBICkVBHL0ZLEFkaJ7QzMLujKDWYWEoHlpgscWSM8UoAbIkTZsPMyIRH8/JvTv0KuFE07okR64UirkbQdt21brDUg161m4wa/DiYjjgBPUhr21mtDT21e5oqcNHqvJU69QID1K9vm9sxnJ4Xi6qWQpKmsO87kQaQdi0aQkSG2Vo2Rp2rxIF4DMooTWzFBjkVPJ68qooCIyJ4BEU8B8oyOn+8OjhZ3b1+cu3utem1/XS0Vy1W1bqoyjI2lM4OD0p1Vy6lEbvcRWnsyoqsefvt18bjwcefPPneN14vVP/ynY9/99tvMvODp8ff/OprlXNHx+eGsHb4aWBrTQu5Tw9r3Y96lJbO4LFt8dctCdEO8ECEm6L85mvX/un3Xoqz2bs/+fDRweZsnm82hQv360WdN0yjYXxlf/ray5devj19drA4X5frdaZe37ixfTjPn52uCJPIcOFASwGFTe7S1K7W+fkyu7czfnq0sIZnHKlQZxrTO9par57OAg3qbKU+BrBn1I6ovn+ndSynzji6dRGv6aqiwITEBIhpEr10/9bNa1fzCsqqXK42cRSdzWbjydhY3mT5Zr0ZDuLNan1+Oh8Wqz23PDg5fXKamfv3X3/tlaOj44/+zV/Dcp0OYuc8cnOpzbVS6ySDag1PU7M95O2hGUQURWwjQ4yWiQBIBRPi2IjzwTtKBEDhPKsyQTa1AWN7umNr1tGUfvUb7WnHtUh3bJNQbeVhOiRBrTHTSmkR9VEhnQlfn4LZ07LQRp0LFTRG+Ma2uWHkaFmuKmCmRruhhujWQhkErYlS4L8jMVMoiF3wAAUEMoaIfVUG1CgHRfsA7XXOVVV4tGQopFQCSswVR6c5HB4usrO5KTfJIBrsbps0lqp0CpG1eeVPKkgmk1KkAvWqTmQ4Hu3tbm/vTGfz1Rdeu354unr8/PT3vvv2j997cuXS9JW71959/4m1BL0hgxIicRj3Qm2W3kpF1Ixp7B0LfbcgYqwtE5qwwghZ4f7+1+/+r797/+ijT/78hw/e+XR+PM+9aByzgFZOdrYGb79581vfeOVLv3L7tdev7O2NptuDq5fHe9PYGkLETVYNkyhN7fmySGJbOXGiKlA6Px7Gi0252JTb0+Gzo7lncyCRBI39epzdHPKN4h5qp4NSd/G6472hujSrBqjDkTbIKKCGUBIEKdqBuajcurq7zt2l7VHK9Pf+7vdevnMtL/zZ2RmqLtcZEo3Gg8VyDSCGcXZ6tlysos1qOD+q8qKY7u28+fl4d/eDd395/OHHcVV5r977prYOvVAMdAwGFEBESCyNYt4eRbujaDKwkcF4YI0hEiVDJmZOLRoCr+g0yNKiqi/dzw7zdzc16r3RFGg6wA1erZHM7sQyuqIY+4zTHiVXoTV95Xg80Qab2zy7Pk28w0f0ZtigtRpX07gHRNUvj/k2++NVWTgVwgxpBTQXWCitFAtARbTNtzARI3DIUtSDOGqLe8LWBFucU5H62DSMZJDIVZX3HhoKPTFDIzVHbARw7eBgUc5OV7heWpTh3k48maj4vHJg4qXTeeGnOztOfOV9WQkSmchMJsPReJzl+ZffvPvuR8+3xslLd6797IPHv/aNN999/5GrHLWkghBRuEFqtbzzDs3cPkLtzHYampY2tkRh5RLBpnC/8YVr//S7d//mz9/5858+O1xUMWEaUV5WR/N8sjX6ta/d/+3vvHrvzp56OTk+f/F8dnA4Xy0yFU0SOxlGo2E0GkRBTcKLZIUnIudVFEQkTcxskQtSHNnFKsvZnohpt01PL67njtEHMTZtqg4VA9QghKlrMmlPlaZeZ7VCYZ1/EorCZBC/cu/qs8PFzf3R3Xt3/vQPf221zjebfLVaIcGmqIbDdLHOoti6qjw9Pi3WWTFfcL6aXro0eekV2t17cXj2yXsfyHrl59l6mTdOWjWfjgkBkAE5ZCuEkaVhxNsjuzeOxzGlCUfDiA0aRhuxjY2JDAqgAhNHiY1io6JlJevM/+Sk+rRiJJbGqVo7Q3iCngdy300CWh176Di22MhtwUWNDwON7w+29utNABRQCIMRrIVtBTU43jR2kNp438idBG8aPVtXpdeZ4rHD0hAQuYYHqqKEMBa4xDoxQcYDDRNBcFMDQVHg0CZUVVIN0ZPqWRsQERnWulNXT56CgRISqxcv4kUQKRgJPFjD7IPFwVn56qy48/mXh/t7Fc1mJxsGtBbPzs5293fJ+80mmy02xIYJh5OxiSOpiv/8H/32n/27H33upeufPjkkg6++dP1HP/kwSaLaVwqDFJo2mwpqP8pWsFYb89DOdJ7q6S02hsmNx2hZ+Ws7g//su/f/6q9/+W9/8swyp2msZI9Ln0wG/7M/eOlzt7ZOD2c///mD2SLPSslyt8yq+aqsvAxjc/vSeG87nYySNKb9vTROTVZV58uiKJ0HMIZJYVP4xaZMB2lWejLsyKhDbmeTNZWsNWbryZe0ijJ9V+IuyneHpIqyoSBTHdoy9biinWABIoDz/vqlvUGaTkbJndvX/t4f/EaRF6t1Nl+skHGV5XES5WU1GMRHR0cHjw9QfER09erlnf3tSvXgdHb2/OD84Cg1tMmq+fkGGePY+rzk+mJIQZhbnSmwjKmlScI7IztNaJhQNIqRgQiNoRr/K0Cx5cggksvK5apwpQfEUmHhoBEZaDznOnH3tjIMixBqaV/oq2Z3bi/QUbtrpH6IzxwPJ623TEtxbAHLgBdpFxpERzXoULROsRbg1QFF4jMnx4oPPWUKxNyQU0JXFzzwUmmu6IEGDIYUFQiUQAnBMBlDQfQDAJCYjVXxEPR/EJgNGaOq3jkVDc2SNsupHbaJ0BgNTr0KueA8l/Vs7jfr4WQ42t0V52fny7XSdH8ny4okTZIkLoqqchJZWzkfx7GN48uX9/b2tmaz+SC2o0maJMnP3n0QxxYRFSnYgyBzrdgZJAUbnnZPmo0w2CjXwNmel0kPKp+X7r/43deT9eK/+1fvxZHJOH7u40c5Xr6281/+8a9cGtCnHzxZLtZJbHa3xrvT9Mre+OreaH9nOB7Gm8I9PlyezrLluixKj6re+dEgig2fLfPC1SmkAszX5WiYeC8AuFBeKtWIwkZnrUW3BiYVXhD9DCdh4FW1qPTPIP5reJ22mjF1bVNrKBEAM2Vl9Y0vvUwmLir3H//J71y7snd0crZZZ6WrNkUZMPdJHD1+/OzRJ0+GSXL96uWbt6/Ho9HpYjmbnS9m89XpnL1sTubHj4+M5Uu396q8lKIKHUNmDjiLkKVYQ0nEk5R3x3Y64NHAJOPYxGyIrOXABmUiM4g5TUShyiunQIZtZAxRllXfPyyOPBMFp6DOrwUApSdL0LVJ64Kw1Tfu+EjacXKxxwYGToLuaD+BapQGqC/j0yQiHQyhN7CPSC8ZZS8zDw88eQUmZENIFLpnAuiDwjFRxWauVCgkiAbUoMaGrEFryDag+9pXz1hAUvH1q2eyUSwq3rkOUN6UMSoSnJjY2OAtWreGrdXRyCGvTmbjUTycjtG786w8WeV7+zt5URhjRqNRVTknwkxSgyz46rVLOzvbm/VaQV579d7f/vADcRLA6MZwFHHVGIm34M7aArW1660p+4Qd87eGH0EjrFd6uX1p+idfvvrP/4d3lk6f4OCJREe5vnpz+r/63furw7OPPz4+XWYPD5YfPFq8/2j2wePZwxeL0/ONiA4i2t8eDNPoeLY5meelU6fATJusimNOE3s8z8I78qKrohqnSek9GZ4LbQLOjLBHJm2kIqmGxbTOqT14eeB01OdAY2lXzwSo1SRsCLrtkKOWhwSw1vyD3//mclN96c1XvvW1t54eHBVldT5fZIUn4kEaEdGHHz86P5vfv3fz9t0bw9FgucnOFwtXlpv5cnlwaqtq/uzoxYMXO3uTmy9fWi4zXzgmABHmmiPEHMy/KLE8TMzu1G4NzWhoBqPYRNYYNpaZKaxSM4iRjS+dz6twPLIX9KrOH8/yvzqRBXAdmRpFPQnpG/Qle6npVjUg9yYVbUC2HfK/nfWHUMXJaNKXd6FOwaHRcG2Zg6CdYqyq9gb0AT6miAceN4JMtQGaMVw3SAEEUJCaV08bxUxgSDhgjQylEUdMhsPgAmoDcGY2xrsKa4EMYmPEuSB03yrKhVjRoKIBEckaFR/mmKVzWeVlMKLLV9frfGDBMlrDBcfHZ+ej8bBy4r2Mx8NAZgvScM55Nryzs729Oz2dzT//5msnp/P3PngYR1GYmb589+psmWutfh86pl2jpdFVkR7oSKGptwOJLDSrCie/+ur+YHn244+On/DkVDjzent/8E+/ff2j9x7/9P3DD5/N3388e3KyPllVs9yvcne2KJ7PNk+PV6eLoqx8bPDK9mBd+IPzzDB7r0kazVfF1jjJK11sSsvkVLPSJUkkClFkzz1V1m6PBnnl6kQlOMFQZ9bZN9CtfWBa9YpGlBZqgnxzUhL0lGgV22qRav8NNvbWzct/77e/sTWdfO2Lb5wv1+usmC/X88U6TdPRKF1l2eHRjIlee+XOYJTmRXm+WJZFIVU1f36YHR7xZvP80ydFXtz7/L3L9y5lRUWAJK5cZ1zrEoHhZgjOlFraHtvtEY9GdjiKo9ja2BgEco4EEICsQWNc5cUJeGEiAqDQhgA4nZd/feLXQNrhwoMmGPaVC7En/NuNoFpXN+zP+3p0y4afy/Foghe0mFvgdctfbEwyG4PLAOmhHt0cADLBmWCuELKumidi6+pfAQUwzHQD+58QC8WNwphhaAK1mYw1xhhmjqI4TlMTRWytryoVYWONMUDkqlK9qEjL8YbG66ZlPhhrQUEad3abRvlmszyf28vXZ6Wa4VCjlONkuL19NpuH06AoXDpIhoOkVgRHzIsSELa2p1vTsRd5/bW7P/3ZJ8tNPhoNkjS6eXUnsvZotoysaSn/CMisF3HtIWMOlHFqLBsaFUEED/CFS9H50+OfLnChllDY4B+/sf3xR8+//2Dx8YaeVrzhSK0JtiNFJYaJEQBhkbnDRbXMvHfu0laaVf58XVqDKmojkxXlcBAfnK0NMxJWXqxlJLSxzYAmu7t3blw+mS8rJ9Bx5KkW7AAQUSQwzDUAJShQli50hftUEkLyEsxk8cL6DIuESEGTyI7TdJBEX/uV17791S/sbm/nRblYrSvnDo/PhoNkNB4eHM8AZH9nenl/r6qqxXK9WW3A+2qTLw5PjHMGQQzv3776ypdeGe9Nq01RnpyfPjpYny3DckVEW5tWoCFKLE1S2h6brUk0GidxEhlCqhyBkrEUWYotEItoEJ8yERMTqLIhtiyle3qSf3+mJXI7DmxJDAEZ1waqFsOBrZ14gxLt8bz6vdMuBeFkPIFO5AHa8qBxeKw5uK1WcQAuBTvx4IbSa5rWC4uCpn0jkh24ZMFxKvgwhSVLSLni0sOEcWyJyRgT2cgaYw0RGxMPBsloGCdpWRYqYqJYQV1RiPi2PRPecQMOrJPsoAnZ3Lj6shpMx+l0Mj8+LgRmhYu3t3E0AuLp9tZmk1dVRYSrTWaYJ+NBkHgqK1eWTkUm45GKbm+NXn/1zuMnB87Bzs742uWtrcnow0dHURwpdiJhWjc9qeFz1h3QvgxEGzoUQAkvUfX0tHjiIkNQev385SRfl//6WXGk0VJMrrABXqlZkbGRGcdYVB4QS6fWEACcr6u8UhHZm8SbwmeFQ9DIcOEkjc26kNwJB494Jma2iU1G6effeo0Mv//wuQIOB7FXYMNetSgrJ+pFjWXDFKoAJi6clKKv37+2uz04na2IiJEQIS996WVrlIjU7ah6QFe7bpEqDAfx5+5ePz1dk6H/8h//3tZ0vMny49M5MJ6cnYuXwTA9PV9tT4eXdqYAtNnkq/WmKgpL6KuKxe/sb29f2Y93poPd6WBr6Jw7/eTps3feP3p8IF6NISY0RMx1u44RDMEw4Z1JtD2243ESWSbvEcEMUzNMMWIkqhezKjOZyJjIMhEDQOmqdVGsyo9Pih8uVYlVWlZbbWCsnXI59jzNSJup+wWIGnQ+QG3C3xJxOR5NqBMvrNOMVpCjlT3S2vqj1iXjQE4nxB77GxvgMmMLqARmU38UMUfWRJGJYmNtAySHTCBT3DLICkAgznlXgnesAuJUJBlN0uGoKksiVlVXlCoeFJgYOfDjpUVaNyLqNfkyBDZQcZucvJ9evkKRjUaDoiyAKBkN0ZjJeBR0a5gxy7OsKNNBkqaJMVyWvigqVU3TJM+Lm7euvv7qLWPwg0+fv/HqrdfuX//JL58476kVL2nN3GtnlIZK2mn+dUzF1liTnDwvqGwU4J3gJ3PngAighqaqBOjcxoFH3krYVS62ZlM6QowtFc5XHphwPIzOliUiWUNkuHIeETalMJMJmEiC8Xg0vbT9nV//+nyTffL04Le/9eZinZ8tN5WXyTh95c7Vl27u3ro63R0nWV6VXr1A6fTqpek33rqRRPT+g2MnGiDjSnTz6va3vnR/exI/PVhA22CHWoGbiEonX37zvjp976Mn/+D3vvnbv/7Vs/liNlvkZemcWy5XcWQ3ebm/NxkmcVm5snB5XkQGB4lNEjsaxlGa5q6anc+LLC+zbHF09vxnHz579+Myz20cB2p88K4I0T/oPAxj3hra/e14Oo4tAzNF40E0GZIhAEGtbeqYiQNgi4gLx0UleemdOEDv5L3j4t0NAbMoNP6W6IO/mTZvs5VYrW+8pQAqtWgT6P+khhm1nrOcjKd9j4FaLLvzcK3NRzs3L62HI41nFfRje+hQECAzUsNqIWsVEJiJLbEhY621zEYUvCghbURLgQkreq/iOOBujUFjiA0AJMNhMhyrSJltpCqDPBQzMXOtUdira4kYmUUFiWxkw6FNxD4vspMTl+U2jneuX41HAyI01gBAFNskTZgostZ7WawyQEzTeDRKQGG1zkTEWLNara5e3Xvzc3eQ8NMnT//ub379wZPDh89OrOEre+PSaeW1E5qrc5MQKYE7lW7FFrStQIALBxV0Kt5rJ3XmGrQ2WlqZqkHMPWAc7aS2zKs0NpvCGSbD6EVLJ0lsEXGVVWwoSWxReQQovbeRMZbj2ADAeDq4fPvGW198YzJKvvLWnb2dwb/8i19uT4d/+Btv/+nf+crtq5PnByePX5yfzgvvxStc2R1//c0b+1vpj959/uP3nuelI8NX9qa/8vrVr75xfW97/MuPX7z7wQG2L70GAJGAWmuG49E3vvjqux8+f+X+rf/8H/+Oc36+XJ/PV4Ca57nzgsTbW0NAKEu33hReZTpO4piIYLPJD4/OT47PN+uNlkV2tjh/+OL8o8eLp4cqfrw1UlVXOjKhP12fCCZQdRPe24qmY5NEnAzTeDw0EdfnHgIbJkZjyDAxEnvh0oN4YfCJcdYoklTyi8P8/YKDJo122JhOSq0nu9TYCDZkS+oTRD9DVGrFagEBwPQxyW1JHcZZrelVjcW54NyuEEjK0GmeXjADqzG8ICLoHUcxACszULB3BbbGSlQ558UR0IGTUYn3Ux2kSZIkJo7QRmgsmohMRFFkIzbGuCKvsswQEjIyASijepDG5EcMGzI2BA02htggkhcF8WgjQKg2+cmHH589e7736t2br79ikySY9FhrkmHqxUdKoprnhXNuNEjHo3Q0SlbrTZblcWyOj092d7b++Pe/vTVNN0X+H/zBt955/1HpvBd49d7VH7/32BILaHAXa0lOnb5X40DaV4kVhZpoHvqHUI87iDkcl8RGvAu2UdbweSb7V6djgNViPR7E83U+SayoeIXzdTlOzGqjWeFHTVBIYovGMONoOio3m/F0dPXq/jBNPnf3prL89//ux9/58st/8rtffuXO5cOz5b988GL38pW33/78OLVSldNhVLni5x88fe+jg2uXRtcuj9Ik2psOiqI8nK3f/ejF4emKgIaxNcw1/6SZhonAyy/dHI+Hl3YmL9+/8ae//53hID0+Od9keeWcQc4LZ6JoOEyzqhKvVeUs09YkUeeOjmYHL87WqywmjBmy8/PVwTEsVtVytTqf28TsXblUeWGve2l69uxAqgoJ1SsqEKMlnAyjwcDa2CbTkY1MIB4bZkYg1GANRCLkPDhVBE2NB1JR8BJm1+Jr0+wgi4miBKqBrtW4tvRGgfV/O8nRWtBQoGdJ0elXdL50aLpDDi8YZnXi2Q1nTmpSnGhPE71VPG2ABPU0t/OvUFAvKMoR+6AfTxxm/WwNkRHwiuqBDsBcZtpLYpPGFMCzCKAe1VtCYAMql65ekapYL1fArKrqvVehpmtHbNlYJCrLkpk5yNsAkDHqABAq7z1haqMkHc5ezOaLd269/vLOlctxmuRlpQiT0cB5cU6YSVUq507PVwHmr6JFWTHj8fHZZDz+9lfens3nb1+//oe/+ZW/+tH7y6zYnqTXL20/PzwLEulIQd24Fw5V+3qHCI3bX0imqdfuhgtwJRVh5soJKpAhVZlVePfa1bOzDxPLgyTKymoYGe/FixaVZ8asdFnpDHPlXToaVKrG0OWre5vV4vK1/dt3bsZRzISVwq999e0//N5XY2OLyo1H5k9+9zuDCC16Y6OYlZjnq8233rrLPlMURnp6ePrf/Nkvf3lUlGBHw3QYWVTIC1c6UQUv2k5JB8PoS2+/YhFeu3fjlZfuXb+yf3h8WpTValMoYF44AUyiKCuqrKicc9NhlER8cHj2+OGL89O5IRwlFp2fny6krJJhutzktLN957W7k90heL84nrtNvjw608oRAAMGlDUhRBHFqRlMh+k0RQZVIWvYMgYjE1RSBedBRBA1YUBFFapEw54UACcg4JG1sc0NDRcRAVBC9bXHUdhmzQmnAj1CRWc6EEZVnaRF8OwIiDowgfzfA6ZpDzLfAd20mXggEoiIdFSXTpO0BcgpAkqNb0UIik5kg39DDTwUaQVQEQCiKOLB4JlUOyVEKZk4tXHMxpCxAGTi2KZDWM6Z48s3bhw+eZLnhZdaQVQJiYhNFIytfOUIgJiZa0cRMkYam0bn/PnZfD5fDXd3Ut45fPg8K6rtS7uD0SgviqJ0+3tbkYXSuUBUiSMLAEdn8ziygzR2zhPRydn51mS8NZmo6j/8o19TX2Wle3w8e/Xe5adH80FsLcMqq0zIihEE1ItybYQK6lu/DWr9e0IfSwITpjXGqvVCAEB3xuP1usjz0hjev3Ht/hv3Hn3ypMzyOCIvXHghxMp5RlVA56UoPQ+4Ek0jM7RsYr7zyq1subz/2qtXr131quoRDU/Hk6oqq8pXzhksI8ggK0xiTOnW67mNYiqrBDAdxMHKIL2S/G/+weuiPFv7v/zZ0x9/ePzoYD5fF1nhArw32OjmZfm5u7e/8fZrpHDryqW88mfn86Is87IqKwcIhfNs2aksN4V62Z4OFsvlD374cD3fTEbp9ZuXBmliUC1THEdkjKiiaBLZcjk//PCj5x8+nh+cFvO1JbSRCWiN2kmCYZjy1s4oHcZhIsuWOcjZEjET+QpEIDI11qVyXHoUAVFRUgRgUEtKrgTSbk4XOHVBaqCRAhPpDNIa4fG22Avkh2YCC50/ycXdwsl4in03xp40atu07qR+O+agdkMN6pEaAbgmBhI27u3BQEWJgE0nw0YIqlVVifeRNePxCBVyxTSOL2+NbBQRIgMwsU2iZDwdTLfiJEUANkZV14u5eA+gzGSjyMYJG6Oi3jnxQoatMcSGiIm5FjYgQtWQ16nIZrlaz+abxWa+3GRF6Zx3zs2Xm8ViQ8zWMjKKyCYrRXQyHpSVK8pqkMaB0bTOcmIEgO2tyfWr+zevbC2LksmdzrO89K/c2TuZbyTwx1XTNLq2PzqebUwwV27gz6paOhENTqzgBHxjOaCMbAwbG5KhvHKXr+z++rffTtKIo+SP//R3r1y/8sF7H2VnMyI0RHnlQ1kZGRLAyssgjW1sC4Hdq3vD6fD67StvvPnazv7erfv3OUoECJm9YpYVlfNFUSUwn9A5lqfD1Ep2Oj95jj7fLM9dkY3HkSs2q7OjF09fnBzNjIk2m4wAruxNX7q551W3tiev3r18/co0juxqlSFi6av/5E9/6+tvvTEaDsvKL5ar9SYT1XVeOpGsKAyTtWa5LkUktvTxg+cPHx1eu7z71ufv3bl7bWtnPBgkURwhs1d13hXrfLFYPfzowcfvvHv44HGx2kBWWMOGyTTyaYbJEI1H9vLl0XQrjSzZ2EZJxIaMNcTEhlkEESmyiACVx7xEUSASZo2MMKm1wOgrKdblj4/LhyUwoW+1ZBAVSKEW/ZcWpt8X6sK+jzX2ZH6xaecEBH+dlxrs1YI9VS+ouX89NQdBAVGQYGxRM3qDVmSH14EeErVpw6qCeC9FScAcAQEBkop650PjN03TwPGNk+QUzem62CtzG7rOkgABlDnq2MbR2O6kztkkLstydnRobUSGgagqK+ecuAoUbGyRaggcEKj4YJmo4kU8NkBqZgLVanY2Pz57/tGjwe7uzvW9vav769Fgs1lPpuPtrXGSJpHl+XI9my/2d7YA8fR8tbczHkTRpijOl5vxMAHiG9cuX97bGkymf/3OT18/z/7iJ4+m09GNq+XHj07SyABDlrvRePD1L4z+5p0nwJTGRkVEdH97ePXy9tkiW2+KrCinw+TS7nh7PBiPh+PRcGsyTNPBZDJFouUmf3p8Nh7Ff/orn1sW4tX//GfvcRRhFJe+iiwSo2vEw72qBxRiRzS9tH319nUk97m3Xr92/QbbuBRwXpFIPKw3G4Piymxk11cGm7Ojw9F45JbPjw6O4nQyX1f7Vy6PBzQ7OpyfLY9O14YZkZ4sXmxtb4/HEWM5Hut/9t2bi4L+4hcn/+z7nz5+fJTlvnT+a1977be++RVQLIpivlytNrkAVCKll7zyw2GqCuu8VPFlVWWZu7K3/aU37lmDRVFs1tlyuV6tNmHI4b3PsiLPinK5zg4PYb5MiLxCCcqdrn4YS2Ac0XQSDUcRGzSxjdKYDRkCZibxpJ4sIRKUJThHAJpYQRSt/WrRa7BhRFUvuvEAnZuqNr2RUKRpA0jslK1U4IKBcV+7vpdW1tooDefCtAqkRD31e+y8lzqdaiRFldoSC0QDNRxIelosDTJSsUW4oQKqgne+0oy8kGEkCsba4n0UR5G1ImIMW2NyoINKduJ6nGGMMdbEScwEzlXqHSNPd3Ze+vznn36SrOcL8a6sKgKwhgzHwQRIVME5QajNRhs5Q/USiBcORZ0XL4Z4e2htGjtwi0fP18cnyc5WMhmOppPheLKzuzWZDkfjVMQczxZJErMxL47nl3a3RoPBYrXZZGWYSEeG79+8gugZo4oGgwG/eu/6Rw+PQ8izBn/+0cFX37r9n/zhF//dDz998GIOCElkl1mRLNc3r+wMEpvGGEc0X5cfPprNPz40hOOBvbSz9YW3Xn37i6/fiZN7xa0XJ7Nnx4sXz4/Oz+dPHzw7P1tCFLlcQMQYUzovSE7Ai7IxjtlMt+6/cefOvVvpwN6+fQc4yp3mlRrDKloUubhM3Hxi1zd3+OjxExHRQp49eZak48X56vqtK8YtDx8cPn8x//TRcpCY0TAZpAkBPfn0YVXJeBSLogKng8ErY/r9L9/5s8kWK9y6vvdHv/WrBHR2vsiK/HyZOfHGcFb5KI6SQey9O5uvVbRwbjxK96ZjJsyz7PBwcXI6z7KcEdNBokhVIavVZnF86l+8qI6OdL1xVRlifWRsUIJrMXeMmiY8HFgbcZxG8SBmGzoDQKBMwMaiF3UVEmISCYCKgCgKEAJUDkXFeRHRypeVzxSAKLDppe6vhG0oiCChI9IZ30E37WtnCQ3fAgl604r61AyViKlbq9ycj7X4AsBFv4kwiAdCBJIwC5O6yycKCEo9RW6t0fd0QaVERTw6KcDV4mKhmxJZG76MiRFxMEiqyM4hnwAworE2TtLIRgZRVXyRi6ogpsng1kv3P3nnnSwvImMotl60qirvxTunKuJ9KGu9KDETkXNV0+7VaDwcbE0JKF9tsuUSy3y8k+7s7dvp1vjS3nhvZzAYRNYOB0kUURSbQRoT0XJd5EWlyC9OFpNRurc1XiyX66xQxCSygHrr6iXnZDDeWa8XWV4mSRRqibxwXuFf/c1Hn9zc/eabN77yhVuPXsyfHS5mq+L5af5idpCm8Y1Lk9fuX/2tX3vld9j+6JePF8tsPIq3JqPSuR///MOz+Wp2vso3RZkVy/kyW2/ydZ7nBbOFCPIyTw2AVyUrROJ1MBmNLu++/OZLb3z+/pX9/TRNKuWikKJSw0acd6JVPh/B6TTeXLuUzk+Ozo+P9y/tvPfuR2kSIeSTyfb88ODs6MXxrPzZL48vbw1AIgKYna6QIU6SS3tbBqUqq9Oz8yefPgVj3/zcvW9+89s0vjqKU+f14ORkuc5XWe5FkyRyCnESq8hqk83may+eEbbG6fZkKF6OjhafPnw+m632d0fb2xMRKbJyPV8cH88WL174F8/j9ZIRg3VE4OkTKAKKKNdCUmgMpjEmCUexTQdJnERk2KAQCDMzMvoSATCJA68HnYAqeBGnKqpEgirAqkZZN04yqfVcBFqDwHqa7kXrnBAaHzht6Mv1HLH10qYLMrR1F1OpsdwzNfgrFE31iFl7DqF9yScN0pGA1FAp6qyUFEN9ShxaL9rJw7Ym1IGVTyQ+GNYjCDCTNUZVjWFjzWCQRlE0X2efarG9E4/TQTwaErN4J66UIhNXiogXAZXR1s7lWzcPHnwsgK4sfFn5MNhqMoMa8mgYibxz3lUqEnwxyvO5VtXkyuX9l+6YJFIEO0jtaLBz+dJka8tajqPImkBME2sIQJlwZ2sAgN7DOq+Oz5alk0s7o9U622SFKpSVm46SO9cuDQeDxSbf5OV/929+dnpybphevjq5eXViI84rfzRbVg6uXdn6O9996/L2iJlGo8RYkw5G4+llwxGBvPbSnfNNsViuz5crEXn09Hm2XM2Oz9bLdbHJEdRXTkGVqKoqYy0aLsULSDQZM2MEcveN27fvXXv7zfuX9/aYrQDmhSCBdwrgfeXLYn41PdmKNjvb4/Xi7MWDJ+Lg8MXJ8nxz7ZWdo5PV8nwzO54tMvfhg8UXX9urSrcpdLlye7uDrVGq4p8/fvHhg9P1KlN1YuIkSWbL924fnt19+0uwf3+V+/k6816jKEqSWFSdoq+K0/l6tc4MoyjGkZmMBstV/uHHz09PF1vT5HOv30xiu8mK4+eHTx8cZLOFPzvhxSwGYWtQNKg2hb6DqjLVw6mwJ63RQcpxbNI0Ct0aQ8hkOJgs+pLIkiVUAOfBCTgvXoUYorCQRb0CIHgFwE0Jq6AVHLJVBdDgIFHvurogrC1Twz6sG+DaQEQbsm/doWmFeKjJMVXV1JIoAFRLxAEC+hpigz1H+2A1Wn9lkLtTEai9EoFUAZuw1KDA2yZ8i/gJpq3aDFHYGGNMyKYGaRon8Wa9EVeVSeImu4PtkWFiayhOXFGUeRaI9mQsE4G43StXz549zpZLcV6dA/E1ya8220Jio0i+rHxVqggRgoJN4nQyAATJFtmJG129uvvSvUu3b0eJBee9K1XUO1TxhMCk6sERiVU2XHrPRNNJOh7FR2fro9lqdzpcbTKsnGGarbKdUXppdzoapsbw17/48n/zP/wtEy/W8umzrHLgnPvSG/v/we998d1Pjq9O+Te/cqss1+Xq3JrKpHyyeuJx5NEYjwkhjwaDOIoj8/rd68dn86Pz5Xyxmc+Xi/myyHMgXqzWz58fL+cbEfXOIfHVG5cHlhKrb3/ltZdvX52ORgF1u84qAHZlxYyrTQ6SXU6Pr44yRCizxdGTF0fPZoNhMjtf3bi2fXK0OD5YIMAyqw6OVr/1lWuHp8uDk3I0TPe3kpPD+bvvHTx4fr6Y53vb6f0721cvjSaTJE0teO9VimfvWYOj3ZfiJM3yTBREaZmVm7xYb9bi/HAQz87nALgzGb44PH3y7DRN7GuvXmFE7+Fktvj4lw8OnhwmiHBybNdLtlSVopUjETQowR4i4GNAmQjAI6g1HFtKYpMmURRHNZffRmwYXQEqaBMCJe+DGJ8gSWy9goqoE1ZUJ6CgQZDF+WWpmdQoMycoKggoCq0bHKhIo5sNCp8ZEwTnWVUNIpKtUmRjPNvKyoBpMByttA+1k1ZosZi1KUwjRNoeyY0UfIBqcfc11K9Fe07MrTJcLbpouLYmt8YkSSpOyrKajAaX9/fyJFo73Y5osLUdjaZFtqmqqsrW4D1HUWStlmUcJ8PxuFguDCFaBgc+2DsHfzU2qlgVuTpXG1wHd+I0tsMBM6ZpGo2Gw+2JZJvnH33McRQlcZLEcZoAGosooK7yIB4Q1+SYOUliIlyvMyLcnSZFpVlZJWmyXmfDNM5Kt8jKYRJZy0kc/ePf+/qz5yd//eOPFfls6Qaxffn29I2Xr7x2a+e7n99/+umjh+/87WA62Ww2rsyvXNvaHaarzQvBlHGiPNz4iGwkqip4dW9nZ2vsAbOiqpwH8WVZEOFyk3/86ODZwSmheoHtnenA0v4k+dIb95l5tXaTUbwp3XJTDuIkK0vnZRQV++ns1q6LyW5Wq/np/OjZ2WKRF0WFiOLwwadH49Seb/T54fLt+zvff+fgwUG2P0mW5/lf/ujpyTwX4p1xdOvaaGcrSSLOsrJyfr72B0d5bPHqla3xyY8vvbRIr77mheeb8mxVFmUJ6i1pVmQPH5+maXzt0s5itRaEV165XhTlar5mwqPDs/d/8QkD3rt3bX0yE97l+Mp6s4HVJk1MmpjEIjhHXmW9KU7PkZAb6UkmSpI4jW0SWxsxEpokIWMAHFmDRCgevAdfKqskiSqoB3IeAIFN4+ldo0ldUZ3mvgAKRws2wOB2KqAijTe8Nip6Dbip7YY051iQdA39yMbNQpv0FowG4fBORVSbY6yeO4rqZ8zBGtlRbK1LanZ/wNcFsCY0xu3wGZdXCIlo98dhRxMTUVFWSRzv7e5Op1OPslC/l47i0ZSNpeFIdvfcZumrIooiY4yrClQ/moxXR6SAAcNZeVENdA1Q78V59R5UiKDhVMB6tpwdnFbOG0RDkCY2TgfJ1jS+dIm2pvFoYNMkHg2n29vj8TDMe4q8nC9XXsRauzUd72yN4ojLygMxsfFerDVFUUaRzctKROPIiJS3ru7/7/7J7/4fzb8sCvf3vvfqd764tzUyhu1ysfrwF0fZcvX00xej6eClV2+uXPni0dH+tclwNADwnPDGVaWNF+XwvDDOaVVBFBGBOoJ15SLD25MRo+5Ohrev7h2cztZZFlkuKh1E9sbehNmeLfM0ipDwfJWrahjETIfVG9dKyJeDZLCeLean86PnZ8+fzbwDQhgO03d/8SwxOFtWf/vu4efubP8//+zJ4Rov7w2fr/Hp3FWaTva2hglFBk9AP3m4lnweIRDT7vb4Cy9vX9pNt7YnnAyoWhUnn5rJzWAzFg9sVen8fJkX5eX97ckoBYDYknflycncEIp3n3707Ojo/NVX7wwGydOHz81kaHam5Pz2/m46TKwvq6Oj4vC4mK/UOUY1TCHbI0ZGsIyD1KQDayIiQpskbJjAW2uD0AU6QecwTQCBKlEvUAk6D6IqEHQZwHtgVpG8qI4K8WiaM0rbaTqCikojvNZTUtMgmi2gjYykQu+MDBN7gcapvCZbqnI63WoAb/WssB7MU0Mf7utOQ+3YrtqprLUC+7X4L7Uo5YZ7CKiAoiCIigRILTGRiAZpoiLW8Gg4RIDRcDgZD5MkieLEWrs/HSVxVK2XPlvbKJKqAPHpZGqiyJcFEXlXbWYnDCree+fUiziH3oF3ICIi0EhMtP6qKiG0sTGGjak8ZkW1OF8sT043s/nidHZ6dPLk0fMHnzx+8uTw/HxZli5J48l4yERF5Y7PFsezZeU1TWNELJ2rfI2MMYxegYiqyosIIexNp9/44kt/52tX37iCzz/8+MWDF9l8kZ2dWHBJTEx0eLh49vhoaxKzsYvzpXcVkzLJcJwktNydOHA+qwwyZYVjCrQ+OjlfoWpsjYgQ6u5kaKzZGg22xqOtyQAB55uyFJgOorySs2XGBPNVNkmyt2+VU7v2ZY7gzg9ns+Plk0cnJ2eb7ckgz935fPPpg2Mi/rMfHjCb956VJz4d7e9uODnxMQ7H8Xhq0mGB0dLb0wxWjgVswjiOcGtkDJSr5erJs9nZ6bn4Ik00GViPUZIMjLHOCyKLKDGL6HyxfPHiZL3KB2mc5/npyblz8srLtzbrzbs//di5ajge7m2Px6PhdJC62fnyw4/mj5/k5yvwwqAIaggoQJJJI4RBYqaTaDyJRpNBMh6aOEIEY62JYkJg740rOYhYVR4UgSkkn0qs3NgRAvjKFavN0Vn2N6d6qCao8rZCQe1kTltPeryg/xvOI0LAcIA1zZjGdr4VPMEWYcPJZNoOEDtiNWKwj5YGhtNoFUEHY+0artoI1dTkJkM1IaDl74iiRw3s3tatN8BZBkkS8L5bk3GaJGyIiJI49iKguhXRwFC1WfhiEw/S4JE+3No2USSuREQRvzp87spCnPPOe+/DzTeWjEg9Im19LxJqemwlW4nQGAaiMs+L1aYqSxtHo+EgstZ5f3Y2Ozo+W+eFje1kMry0tzVM47ysZss8spG1VFUuLyWKDAAyMwIzYeVKVGFwuHo2f/TLJx89PHx++uTh0acfPs1Wm3KTp2kyGkeX9gdns/WLZ2f7uyNic3Q4y9Y5aWkijpJY/Xp/m12eZSWoUlFJEtkoMgh4cr5CZCJSEWM4sqasfBJZ72WZudxLEvEgNqusdK703kWYv3Vjc3kbs8VCfVWssucPj05PVodHi1Eae5GnzxfHx+uT2fr9x6ulRGsc5NGIksQjr3Mn3vnKF3kBADay41Fy+dLOtat7SRwhgkderouzs/XJvFxs/HLtF+drqMqR1cnu3vlGPnl6/Pzo7GQ2y7Jys84X81VVVaNBPJ4Ml8v1YrF2TgzRz9756NOPn+ztb925e+3Oravj4WBre8JSlafH4ktKUgIh7w0RolIQeWMyCJGh0cDs7A3Gk3Q4HtrBgAzbKDKRJfXsSlIfpE/QEFqjbBRARKU7sUBU0bAC5Kvil0/XP1jyhkhUfKtaX88HVduTrnHOJaxNc7DfTekJ5EMH3O9Rj0BBwYTaTEUlaMQ1cgVeGteOmsTUuAJRJ5YRhmANgVjqHo7W7pEKSo0iRtNNgo4WgIAA3vvK+0FsVUVUmKmsqs0mGw5SQjrLyrMEd4dRNBiSpsQcJ7ExZKxhGzNhnm2ktJbEgyiCJ0RAV7eh0IuqiPoa/15r8YAAIofGEtRSkiayTMhENk3I2sxLXmaLM2+Gxdb+3qVLu+PtCVsrinleWbaT0WBvZ7LalPNVppCksa0KN1sWO9OBRVZCsnY0TGx5vnn0weLo8XK+UYDdncHO9ujgcPHpw5OnZv7ixeLGrW0y+NLd/ffee/GLnz58/Y2blu16nmWrzFfu6v1bzjlr1jcvR3xwsirT83K42fg4iXcniWWcr4q89LFFZE4TWziVrCwrX1RKDIyiIiqe0RndvHq9ujLx6jBfrcT5gycnTx+fbrIqtpym8ScPzk5n+dG8WFbxHCzEqXBCgFp5v8kBkK1JEpuO0u2t8WCQpElUOndysjg8mm82BakWa/GljCIkLUa2urITc5wPdrLxbX9lZ8sDHi/i1SpzVYUAzFhVVVlUBwdnq1V2fHh2eHB29OLk8qWd73z3K1ev7I4GVipX5UW2WizPT9cqAujLEqoKa3NHaJ10kZCYklEcp3EySE2a2MiaJGJmAiF1aBg5DnQgVAHv0VeoYa7WSG+pB0VfVS4vF4v8k7lfaMygQTtcRBlRURlBpJa6lV6JpSptyUadJ2GjbdGqcSO2bl7SDOKN1mM+7Cl5t/mn9Cn5EqQyRfsiGX3/7JqD32JOAVtEd4OARQ89aw5EAciLcpDEkTV5ngdtm8wVm002Hg6ReFFJ6fxkPLRRXK3Opdiwsage1Y+3tuLhiEBGw4RckYMCQOVrgflKFKEmlfqwGb0GlhYJSu2jV2sYjXe3J1f2nVdXVsbS1mhgJsNoOKQoHW1vjaajQRoniY3jiKmRkFEdJjaObF75sqwSy4uNn63yS9sjw6RSnj9+8Ojdd374/V/khQDApZ3Bvbs7927uvXJ3dzTgjz89nc2z/KMiTqKPPzq9e2f3ydPs4Scvrt7Yn62dMfTR+0eD0WC4PV3Nz6f7O3uTYlzke0zPz6OzjVPixPL40nCxqR4+PXF+dMlMiOh8mSOihGDjwTKAFANc3trPbu6yK0uoynyVLc/XDz89Xq/KsnR7e5Oj4+xklh+cFQtvVvG2iywxqah456sSAZI0SdKYmFBlvcmWq1VVeee9MfbytV1rKBzIZVHNZwufl4RapXZjhisarisCqirnVMQYBGXv3HJZzBfL2en5cr48Ojg7PZ4nsf3mt97+5jff2toaHh2dPHt6MD9fLs9mq6NTPT2z2dpUJSvEhgwh1e5DSoiMwIRRRElqo9jaOIri2ESWDZMKo3KSEhG6CipBV5F4dc5VHgSg9OBEG190AFTgqoLnJ9mDgpSQ1dfnR4M/UxVgdEBeBQRFpPaLk/YARG7ZM4Qirb9Q0B6rx4HaszUzgfUdBg6kKL7fSFFsTtjAzdHa/rLRBVLpKfB3IqTaACADubYjWoR2Uk+HBACyIs/LZJymWZYjYJqmrvLL1XqYJtaYQnFdlONhqt7JeqHFBtIBWUZ16qvBcMx4Bd/68vnzJ/OT4/nZbJ2XSFR6VQCQuoINNaoDrOqWMjKTeME6i8bzF8fFaj26dXV698b25cvbe/9/rv40yLYsu+/D1lp77zPcOefMl28eq6pr6K6huws9oLuBRgMECAgAIdCcBIIECRKkZDkkm2E5HA5aDvkDZclByXKETZFiQKRoirQpYiAGDhjY6Llrrldvfi/fyznvfM+wh7X84Zx7M4uf6kXVy7HOOnuvtf7/33+VtNJapY0UFAhICCErfe5CEkVJHEVaG03NBmaFA/TWeVeGNNaIKs/LlDyMnrqjB6kUL1zf1IpKG/pj+513Dr71/YPlXrq+lDSb0ZOdYZGX3VYSgArr2q344c4oaTZm0zJJo/E4v/Pes099Ji2KWbMdR4kRtu3GrJXaZydqZxAPMkniaG21MxonO3snrXYSR/rhcJYmcauZDEfjhBoEvm1my+nk/DKg+OAKb2U6nu0+OTk+mqVpjEjTLDzenQ6mfuqpiDsODQlI1U5zIFJE4EOYjicKMYhUpB+lVZzGcRzpyOjIEBEHjlTUVpErnXNuSnTM6XKpRrlLySGE4Ox4PBmP8+m0mI6mx4cno8G4yMvOUverP/Lp8xc3m83m4fHgD//t90f9oc+yYjjJJ7Ol4FYMm0ghxeiDAqbF8H0ud1YIscY0ojSN4maqYkNaobBSShtNwVNZIFfEzggoMBFTCC4AEhqW0ktgVzrn2Hs+Opp8cGSPoKkRPAOJYC1mqYQoc65evXNAYUERZl5ooukUQCdANUiezxjaUIRPuVmglXB1QSTGhXZfFlgZATr1SfECLQxz9elCAVAbb0SqleHCMncacVhjp2geIFWjOZk5z4syTQEkLwqltQBMZ1nZaSdGFy4Ms3I5GjMEPx0Ae9IEkUZRIZ+SsFa6s7GdNNsrF8v+4d7u/TuT4QRQ0Es9UiJiEQIwUNNQfKU6WIQKCLBAMc3CgyfDvf2T9bXO9jnVbDGRc86HIITNdrvRbGmltTFpmnQ7zW6nmUQqjbTW+mSU+yA+SDOlhkaVnQz29+6+//Teg8Nnh9NmqrdXW41Yr7Ybj58Ovnn/GLTa2mhGiqaT8tnhrNdOTgbZlcurWRG++9bTV55fPzwcdJc7H3ywt7He6qwk4+OjzsqyQmCfpXFyeVOn2t471McTpzVeOb907/Hes73ja5c3XAiT/rjVTkfjyXo3xjDbbk0a2mtlnC1cUWYzf3I42dubFKVXpAHx/bv9g6N8WoRMNS3FEthzQCIQBhZhZhBkFpHCh7DI41UKEVQUNdqNpJkqrVGgovOIiFKaiTKmx8eF3ulfuRQrhGais5k6sX40mAz7Y6XNxWsXL13e2FjvnhyP37/95GDvqH8wwBASca60SLTWitPSl15kZg1zRKgIFM7Vl3P2sNKUJiZJ4iiJTRybOFaEWmtNiLZABIgjRiUC4pwEZK4UH1wt4kSBAIpWwcl4nD94Or5dRE4bFK42IMxngkGrngyCQghz1oRwjQCt3fpnCNB1I0RUHZnVw88Aqr4PighojbUZl2SeolA5TUForgA4xSXOV3xn47nrcpu3nlXzxQLIoAiwIh1WioO5fqdqgtXcf8HC0yJPtFZE1loRCMHvH/fTNI5JH8+KtTBJpFQgZDSwD9ORaneRKGRjihKFRAq10VtXbrSXV+99/9snRyeiyQsz1J5KqtCtIAoAEb2IIOjKgMt1DHWZlZyVeX9ydO8xNpvQXY5WltorvTSNxsPJ4eHAOnY+EOk4TlZWl65e2Vxf6TaSaKkVT3PnAgQfiPzBw/sfvfV+f5B1Eu2X4if70+98eIyISaTTNDKNlkP10YkYJamKXSEH42kvobxw57eXdw8mSWxWOgYCNxrJ97/z+PmXNpfWm8ZMCUgnwErpxGxvYkT5e09pNOalbrqxnD56snf54npsaG9/SJc3J5MpSa+p7HLTA2NwJQmMTsbHR9nJ8ezoeNJsJMNRPi3l8bMpoow5KqKUbRAOilCcC84FH6x1znpbOB8CswhIdbxEsdGKlHa2cGnhTBKljbTdTk2k68uTgIkjRrKMk6xMYpNlxTQrkiQ6f3710sU1ZYwxejQY/et//c5wMMmmWSgLw0E5V4I0YupwQaNiJtRkF0tQiArqbCtFdSCIJiACTZI0orSVpu2WiSOllElikoASyGiMYwEEH8RZ4AAccJ5byp4FUQKz9WJDWYThwH44kGPdRBCWiq1UpzzIokCECTAIKqSAlYUbTuMj6qJDNc+yl0UghywQkPXJVsGJVKfdooUupp7t8CINpOb2VFfWOkFWCKCGGiKo+t/LArKGc8DRfENfDaBwjjxEqWPWTpFTOjIi1WxIzRP8JCuKySwDJOd8T4oGeFRKRybMJmF8ghJUlIh3ochE2EQJaS3BNbq9tNUZHux65yuWXz3/RKjjcvHjtMia/TjHLglwxZQsyjAcZ6PZtPBJp7t1Yfvile2r1y5cvrS1tbnS6zWd9zt7/f2TKQMQhzRWiiDSEvvJ9OgpuzLWGkB84KyQiQWdJpDEEjd8lAYTi448mpzJq9jpxIIJPuSzPInNnSfD5V5nNp5eutAdDbLdvUmzFUcajVG2KKMkQWBSqpFSDOVwYpmSViN554OH589vei9Pnu5furhx/87D82vp5RXXSjwwl3k2Hkw/em9nOCwfPDwGgaLk/ZPi6VEJIhM2E9N2XoQDSiizfDKaDPrj0ckwG05VmXeUdGNqajTB+bwYj6bjcWZdqLIMvPMcREBIUSU/1FoprSvKKGmVJkkc6RACEcax1oqcD/2TyUcfPXn/vceDwdQVhS8K8Za9R0WGWAfnUfk4bYYy9a56oKvkL0VEiioOgVIUaWwkenmtvXputd1tp400brd1FCmtVTVEBQFrwTmwBZYlZAWUpVgr3tf+Hh/YBZvZwdH0nYejd3yz0Ia9C8z1QqASvgSuJx5STzMXXiICUDXDFRWRotNVwxxAD8yVkPIUec/z5YbG+bEm1YK9imOqoJFwhiy8YLrP/fO1gqA2kqCccfvXM1WkIDU29fQknc9Mq5QiFqhQTEHEOk9kbfDtRkMrYubhaDyZztpxtL3d2u40icBPR5KNCLg82WObx901QPLTQVBKx43IRMHlK+fOXbpx89HtD2wAckwBK3wYAyilODBBHVDs6/A64DPJHghSOX2IMMqzycPH7z3dv73UWz63sX3lwsbWytpqd3N7rZFG3vmD49Fokh+NXFkWnVZsOOw+vvP2tz8cDos4iqbT4vaT8bSEOI0xTsAYpXVgFhZEMrEBYe89BymJBsS5K5antsjL776/+9LNtYePBxfWW6Npce+jA/H+8jU1G00FqLe5Zmdj02xtrlA2m53wOGl2jcL9o2Gn087ykgHGw+nezq471/NqCqSGh/2P3ts9GdhJJsdHmdHqcGAzCyCQix6qlvWAwsHa0WA0m2QxyMXlxs0bm5e3epe3l86dW43iJAgUeTadlfvHo48eHX//zv7Dw5PRKFpZ7ZGiYgaNRhxFrWYzFqksshI4OOeneQHCaaqD90+fHe8dDEfDbDya2aKECmsRgi9LBDFGg1IA6JHiMm9PspQDEbLU/8tqHmMF1CQkBKOx22t0V5canU7cbidLPZ3EiILBQijRmAoVwmLFRFxvy0WsDYV1loMIELncTgez+09Hb+XROIoxeKVIoEpVgAVrUM4I0wiIMKhqs06ADCJSkZcqjHy9VjhdsS88ucKMckauos+qbBAWCb7zfCxZxDx+DN12Ggctp3kMIoBSoVHneFIkrtIX5MwU9XTxCYBV2CgTKmEOIVjryqLsdlpxFEfGcAiTvHh4FK6lvhWBAWfSuPoJwRWcDUxrGZXiYLnwKCmRUuK3rt2YHe9Np9PScVFK7kLpKoA/1pHeIVTnedXkwDwtIwgKESN451FT0mr0TKSsH50Mn/QnTx/tLW2trm6u9pZanW57qddaXW4vdRvIQBqzwrpi8Oj2fZ/bRqQPh/mzo8wLJqkGFBGuTDWoiAOLAAcPAEopQgYA68VSYiXqxDAbZ+99uLe52gxONpYTBL79/h4h9LrRzt2nUawAQRutFG4thbQcDrxuJHTcH/aWuqW1SFiW/v1377987nK84aOEntzb29sZeErv3uvnWbDel4EAMAd9KK2SFbGfjMaTo37k/WvbnS9+8uInntva2ui1ljomSQTIlk5EtOpqhYTy48z9k8nbt5/9+tfvf/vOYZYXq5ur4+HM+bCxudxb6jQa8WIqmOelUgQYksisdNs2dz53U2Gb58F5HxiFkzROmw0ILHnGeR67rBEsEXpEEND1AAKDLCSjSiHERnU6yfJ6t7PcaSx1G6urKokJASWgdWi0KAXOVa1QraJGFEKJNSEil2Fa2tKVhX+yM/p2nw5Ug73zgUPgUK/kq51zTTqsjhERAeDqXirV5fEUJ1v1PUxnLL9zuN4iHkhOIYYAeqHrnvuQThOAT880ORODNu/+FhoUqh9tnJ/Q85RfoEV5nz0JYXEjBqquybyYnwoQYlEUR8dlI03TNI2NVtrsDPMnOLm2pDDRZBQaQ0ojaXIWiolJms55EESvMSJk3+p2VzY2CFxhg8IACMyBA/saYFXdBKTq64PwIr+UBZAo7TajdssFtsySNlZ73RUh74NniFuNTitJk0iCPzoaTMazVruRJjGiWWpEVIhR5uA4u/10OshZaR03Em1iNEaZSBBrSC6AMOMirK6S0WoMzAVTic12M86LWb43GY2ypaa+ernXaqp33376ysvnfXAPP3y0vNoB4bTd0OS7cZ6VAyVuOssQsbTOebeyvvr2739w+1KsMxMZNx7lk6l/uN+fzhwLVJT3QYj60PJAXBQnR/0wnVxqxZ97YfsHXr1w6fJms9uWEIrxZHJ44j0IoHO+QmeZyCijY0Ofe/XyK8+d/6O3n/zqb7+7v3t08cZFIjUaZXnpu91Wu91IGkkcJ9pE40lO7SSOzdJSa2W5c/WKPemPT04GJycjQIzSZDjKjx7v2tE4sjZGD1qNKNUgPfF6fsNigSBAIgQKBBRimpql1VZ3vddaXUqXliiKUGmUQDZHYCAF3oEtqbBQWimtVIXIzC4EFwSRYiM27OyMv7XnHlLbugrIzswSqpRCYaySqefoXZmbxOcmooqLUdFWgStML8+7w3qjUO3JWc7sAKs7Jwvo06yJ0zzHUxjGabwMwJkc34Vfd55lMD9vBetgGqooqLJwBp/G2cjCLixceQ45BIBI6kBsJCLv/XgynUymWiuFqJgfgbrYSmONDJ4lgFI6bZJWRKAwVB5M5lAF46goSdIkNkopBeIExHtmT9XAFOceTcRTVlX16lEEHAKPZ5QmF25ebW+sYpxU9+rA4nyI46TVaTYacRxrEC6tty54FwpgVnZ4cHjn3tHRBEySNjTqNEVjdByTUgAg1oXg3bz8UKr4jCAgIQggaK21MaD0FLRqxIWzs6zIvR2+f3DpXKfdib7+jccvv7hZFrPpaLael2vnVpldAD07yfLBwHdTIrSl75+Mrt+6/Du/9i+/8b1ndpCmupwMp/eeFoVFVIq95D4clHpCCWrgPOvvHjTEvXSp+8VXLrz4wrnIqNHR8OndvYOjyckwm2Zl7usXc6yx04hWlhrdXqPdThvNuNFufu6V7Uubrb/3G2/fOTzp9dqNZhIlCSI6HyQvQdCWDhA7nSiKkyy3+8d9rTVpWl7rLa31RuPpvQ+e7Nx9wmUZaRICh0oAm8IN8EqY5rGIcz0kVSLJJNXL662lzeWlrfX2+ppuNFARAaPLCERMzOyrXzETBAIB4dyydVLBHpy3ucsz+/jJ9FvPyrdcNMZQWXpFIIQgMmedAVYZrTB3EiIA11t0FK6ENygioGh+ZtWJSWfVnXPvQ32mVeXBLHruNTrlQ536juZH2cKzeFqMFWVK5tBlEjwjzoSFhFUECYOwVEiL0xB3OZMdLNW5T0Q+hFgZUgpDEBYRdjYEARa5P6KXlnWsQSslwiIo7FWcmGZbRTEpCrYE0hRFoLVWEBmK2KNgojEYDLGSwMzClfGqRgLUwyfmuSQJkBBDCPlhfze3nUvby1curG5tNluJiEwLe3Q8vn+/n+dFkkTr60urq71GEqEIBldMZ0+fHh6Oyv60nLEyrYZK0wqQHHxg54SD+FA5YJzzeV4UeWlLyxyqV54iVEbHSRI3EhPHURxnlOyFcjnMiocnK504bSUnw8cvP7/WTLF/tFPmrrvUGI3tzjO/82hv7RMbgT0EfvJk/9OffnHr8qWvv/uecksrDXalc6KjhDIbhjbsFVGhm1ornxf9Zwc9Cm9cXXrzxXNba72dh3tPdscPdidPB/nYOY9IhkApo7UEhiAk0iLopnqjl17c7Jzf7Kystld67V/52df+7u98tDuZrq0veWBlYtIaUXzwIcjaWm9zfVlrKkvnvX/67HAyzfKsODnon+yf2FlutDKRDiKliAJpedsSH9GZ1Ia6F6wb9zjG3mpjdXtldXuj0etpYxSIcrliS1UaQfAQvAgzs89yb70wS6QDS5jlLi8CQjYr7z8af/vh7NuFHgAxu7kVHJhlIT0RwOoRPZVwCpzJqK7+siBiYOY55kzmOczVXZTl34VcLBSgqtFswhlFKNd66/kXQ5Qzq8AFZrH+DmFuxgAUIBHhOZ4/zP9CLeDGalFBMkcGz6c9lUsSiCjSRkAQQSvtQ/h3JKo+yHailiLUyBV5ikNArXXaIhOxLUCEiMhoZSKVJGE2pHKiNM6/o0o6g4FPaTwLfQ+L0HyrSfMkBlu66Wg6GU5OBpP+aEpGLy911tZX1laXTBRNJrNnu8c7O8fTrFSEhmRwdPjBuw+fHmeZaN1IUeuKhsvCEkJwzhWlhFBMs/7JaDQYKWfXErq8nJzvpRvNeCmiFJicC0VRTrNimmWzLDBQ0phREkhJUYaszMrw4OlkloXJyB0ezsYj+/jJ6O6T2VsPxueeu97rde7deTocjq/fPJ8k8Vtv3z84nma5K634AMcZH2RyEhIXNaPIeOtOnh4sU3jzeu+1G6sK8Y++/+R3vv3o/cOpLLduvXr9059/8fNfeu1LX/nM57746muvP//iS1euXFnrrbTYqEEZdvqznaPpeJSHPPfWNZrJSze2Hh+MrG5cvXKuCjnTmqLIbG2sPHf9PClCpOVeJ4mNQphO8+FgMjwZseeoEZNWJCDBJ+y7oWxBMFQxvPGMMQC0UoowSWhlpbF1cXXt3Fq712mkcYJeh0KJU9VszVlwBedFKArxgUsv1nFZcgghBAbwnsfHs3uPxt9+NPvmjPYDSgjWh4qHEoKEIFUqSWDxzMI19aKaHfgqfI85sFS9I7OEisFUH07CIqGqzlrMzAvlN4sw1zFKIKJ5XivV+VQfY7UhVxZQU4BThzzynFAzV6ayAJGcUk/niRmAEGA+40UUnDe4UD/zdfC3QGltpI3WOoRAGiJjyhDmlklBwAnLo6m/2tEGPUhQPpgk5go3gnVkjtIGEUgRIRC7OI0UC0S+4rwKqgCOxYqDykehAIWAQziVLcH8d4YQQvDTWZ6X0Tg/Pmjeu/NkaWP50pUL585trK70jNHJQX8wHO88PTo8Gl86t7TeiptLS+qwJAjOOmIhrRFRggTnbenEh/FgMhmNt3vJZz659fyFpc2VRquhkzgiHY+n9vhkunswerQ73BsVwyJk1k0PDqb9QXt12bebGUVLYbpSOmK692ScxFpRlj6eURx/tF8Upp200sOTUZxE9+8++eCDhzdvnn/jc69+/xvvPJg6GnujQMUxmNhEkRbmIIP9kw74T1/pXl9vPD2YvPVgmCG+/kOv/+hPfemlV19e3TxHqgfQAlDeWmYAEVeOJycPjp7de3D3/gfvP/zwzrPbT/vPRke3jrMLJ9ml6+d+8o2Lv/bB4GSYP3/rfBARkF6v1Ujj3f2TOIkubq9zCO1mI4qj8+fXkiRqNpInTw6K6Uw8B+8bwF12DWSqbDciei56rKYNAhAZ6vaS1fV2u50kEcXizGygglFpTEJAIEgsIgzsg5+VobDiAqCwDcEH79m5kM3sg6eT7z3JvpPrZ14q/2y1VmaGqlGA06TU+jhYkGZqt20tk16IUWRxAVwIQGV+bsppriCcHoI18jBtVZ+rapd4LnapuaWCzDiv72pTWh2DC6NT1YnWZ2N1LHNFWKtCGar/VIW5Aggtgrnr/rJKkBQA5qC0IUUAQKoyU/JCJMcAnsOVlllqaGO0iYzSShmT9FYIKZQ5EqEyQKjThjCXh09QPEWmRvaTqloKrt0hdWqfnHFY1rTz6gepgmYRAbEoXVmUpePj4+GjB3vPdg+L0raaSSM1gXmWFcPBZDorjYJ8PB2MrRPEKEq63aTZNFHsrSuLkq0dnAxVKH/q9Yt/7iu3Pvv85sX1dqcZRYToA7oQa7XcTc9vdC9tdtbasVGkUEVaQ+DJaJJlJSRpGbXHnoSDIgmCDDQp5e5+cWfg/9jPfe3i+c0sL3d3jw53T7Yurm9tLl25vD0YZeNJoZJEp00VJUpRtSCZ9scwGr56qXN1NX18MP3G/dHNV6//b/8Pf+EXfuXPdnor99+//+G33rrz3a8f3HuXRFrrVwXSorDaNDrd5c3zmzefv/bii9euXVxpxbBzMLq7N3GFxcDLS61L53of7PQPhtN2O07SeDorPrjzpJGk1y+dOxqMD46GmytdQhiMpmVZDobT4dHAZ7liTlFaEiIJGlEjKqywmaCQpI4UQKOp046XlxudTtppRA3kJDgNopixLKEopChDlnFZ+qJ0pfPOe+tdUYbSsg82d9m0mAzyew9H33k8/aOcngZSIJVqqlqVVbGucmrFnYu8pTpF6kSKBcCi9vKd4TvLmf7vjLt3fqCdxqTVAG29oMXgmQkMLOK95rMgPGPLW5AQgef9HeGZ5FBZBHgKSABBohrcTbSYksLHNKcCAD6EWTZL08SQAhFSysRxdS1AEGQ+8f7eyG53WpEgsyAzkBZA9g6EkXSVD4uk3eAAZiMSFlIKwGgKMSZAQYARUJFgWZSeucLbASoSPv2GqLrCI3gREtDaOIGytGSiwOHZo/0nD/cazWRlrdfqdsoyFFlhsywGqwNQFEWGME1NHPnS5pOpzQrwfjQcLUf8iz/88itX1kR4Mpxms3I2KQaj/GScDablzAbHAkRpGi130o12vNZOTibl0bg4mhYHk+JkZ6+zviq97jMX42RGwQM4z3CShS//ez/8+msvOFuu9FqDk3EUpVevXhzPitVe98tf/TQD7zzcBeA67E7EW5ePRjeX4gu9+NHh7M5B/vO/8NVf/OWfFYn+/n/5d773638w3e8rlzc3Lm6/9oV/8z/9du/8xh/7S//JxRsvlNnYs/XgEU134/wba+vPvfz8q6995x//z//mO9975BhZ5OLNCz/yqYt3JvBo5yDwnjbRKy/c/MSNSx8+fLJ/NHj11uVIq83VnnUuL/JGaozRpYghSBFiEU2o6lxVJAQW8DLP8RMxGo1CI4J5IRMg4OpiGKyF2ASlRIRDEOcCi+PgQwieQcQXZbDelnx4ONvZm7575L5T6KdMisBzladc1w4L1Cj/xeYY5gz7eTgayiL37JRGX6umz5TQ4qKHC/jvmad+zrwAFaetBaxiEZFwNhBZ6lErQuXdQIQ5GHwhI51bDXHhslrEyFRHTGU0BEQkhaTwNElGzrTdyAIhhGp865zjwFD5TQAUkgcsrd9OVTMiAAGiuLscNRpVC05aERKaiFD88RNkq6I6MksQkRSRqnItAYUQFoLAwHKav7II+pivVVgk+BAArdZOaUFS2iCSLW3/ZHywdzLsj/LpbDaZWRdAGQ+kktSkiSvKcjYrixIDzybTZij/o594+fnzy0f7w71nJ/cenbz14OTtneHdfnZomZtJtNROlrtRp+EU7Y/zezv9/cORRljrxJ3UGKIQeDSaMGCr28O4wVHKUepV9MIbL335a2+ORuPpLGcOS73urPSNZjKb5YPhWCslgsPh2JUu+ADMwDKZzFKbvbrdKl24czD7lf/4Z37xr/6Jg2fHf+uv/Rd3//kfrAbZSmj7+ed//r/6h1/4k39u+9obv/f3/rt/9Q//Xuvc8q2XX/R2SsojMrNjljhtXbp26cXnzmWT4bfe3QHnGxjiRnTl1o2bz12/tL310vPXV5bb333vTn84fv2F62mkszy3zjUSvdJrOmvBuyhSxF4VGdkyRogU6robrJmfNceJINXUjGgpoZVm1GkkzXYjibU2pJsRJpFo7X1gkeBc8N4V1uaFzYoiK8vSjwf5s/3ZR4/G7x2573izh1oRhjnpYTGqQKyaK6xc6qcRKzWAdIGpnw8WF96qWsXysfHLIpi3LrmqEOCUNCOIehEjVOeB/jsVWBch1acrkQCEeQx9Zcebl+LClS9ndxj1tz5PUa5l3IJVOtzHrFBSM/MLtpFShOCtW6hsK9PKE+F3DvNuonomSls9imJf5IQiwVIgMJEyhvNRKKdodKVsipRSQJHHwrKOmBQpTUoRS9VggyjwIMyoEBir0ZScJnowo4AqsthZiRs2SkEZQIySRDFLEJYAgsyQZWUUJ6QUCKOwMgoQjdZFadG5P/elm1dW0ru3dx4/7T8Z5EMG3YxXL67cuLZx69b5S5fPd5e7rV670WkBYF7k+/vTt79z5xu//9a9Dx+nGs51G4lR8ag47PePfFhaXybSKopMEje7rQ8/vDedzsrSd1qNdqv1+M6D/v6h1lQWZVEUo8HYWx/FUT6ZZZNp2mq5orja0Umiv//o+M//0td+7s/+aP9o8Lf/xt/OPnh8a62TKvVwPFq5cm3r+Ruzg9Gtz7z4tZ/5s//8//p/+jv/6f8edfGVH//JYjpRigkQiCR469z2tet/7X/zp5udX/sn/+QP25EC0EfTwKvrSafLSg1G02ar+cYnrimSg5MBMydGry+3N5Za28utB9udd9+5fefdkVZxr9lViFl/4qYWAxtNSukq4kIrIIROrC4st86f63Z6TWl0KKaowTqJMI5EGDyL9y4vXFEGxy5wOS3KzE6mdjj1R4Nyr1/czem2ivu1RB0AK61L3baBAgASXmS88PyAw7lcBgUEFfF8rrKACwIIoqrYbIvo7DMGI5qv6xaDzprXpmUR8iyLzKa6CcZ5/cz95/NQcxGeh3sxCOGc6QK1VVDOrPvrVD5CICVEQKqqcWFeJIWdTkVq5QqXIRiqYnPqURMLoKJC5N2RvzL27eWuarRtliFHWiGw97YwJkalXTYWDlXFA9FcA8SJUcoYJFJGISkB5Tn3vgiI6ANixW2sHFvVbx9YuGpLEFH5kLgx4NQmTaeNJYQqkgtrGR67wD5EcaTjCLVWANxIvHKzWf656ys3VtLvvP347pPh03GRLjWeu7bx8ouXX3rt1uVb15pLPVTGpPHo6OS9b7778N372TQz7XTj0tZf/ZWfODnq/3/+56+/+9a9iyut6yuNSKsnw+FAQntpqchYGXXnnQ8fpXEQybMSieIoclnunWcOUA/RsIqS9qVTSgXBJNjtpcajw9Frn73xMz/3gyL4//sffv3k3fvPr3aDd7854W9MoivffOuHPvy9l19488njD37rt36t02iDg1/9m//lCy/eXNvcCK6sXDWVt7MsXNxq/4Vf+sn+MPtXv/WdRhy/sNrOxpJBaG9trfY2e92OCB8OZsKw3GkutRuaRNhFRm2vLzVevvrazXPT4eTxvSeHe8cqVY12J03iMi+nxxmIaE2NWG11olvbvQvbS41uI0u7fRtdKk70UpMFZJKVk2w6yrKZLbPSWu+CMPN0Wg5GZX/qD8d25OAJRQ/iRgFIIdQXt6r2aOFcr65786w/oXpsWQm3WRaKY1kkgoKchvgKSMWFWewYqHYWntm2oyyW7pWLAhZRhDS/j85zuE8VzrVydA4vnEeb13n0uEBuz4tpkdIGc2ywUlVsyzwi85SICqdBUFIbkBFZxHqvSRFRYK5a2cCiCA8sfzCDG1GrzC3YGVEbDUlwBpA5CAsXJXDl9BcSYkRlDCVGMSlApRUpDagYyXn2njm3nhEZSakgYSGWB+ZaSsuCQEFrVyUKWgveBQHPME9TRaVVkqZBhAVCYBQvIpoI4ni1k7y4RrcfHr7/sH+Qu4uXl197/drnvvTGzRdvRM2GZwiMGv3v/+Pf+d2/+5vDBwcQAtg83b7yb1Vjf7j35lde+Su/9CPf+u61f/AP/tVGw1xdTgPA0+EkihOTxmVW2LKcDEZRmqysLnc6rbywM+be1vrlq+cvXNgSlIOD448+fPjo3g5732x3nA+bDWrH+mQGP/vvvZm2O3tPDr73m9+83Gu0NfzhFP9wHBpx9OTh0V/95f/1Jz/54ltv3T748N7Pr6bbkX73ydG//Kf//E//x3/Z5V4p4OCBWYRBgiscKfqFP/vDt28//tynr3/tKy+fFHzSPXcQzDS3s9IV1rcbaaeRKARny9hwKwqtJjY2181La7bIn97fubTRZCH2bufR/u7O8cjbxkrainQqvN6OL2x0Vtc6Ua89iJoH3EqO7re2tS29zYrjp4Odx4ODfjErgg8MIIGlDGJZMhtKwUOMHibpidZSTRoViedFjGR9vtECErqw51UFh1WGUpU+UoMw6jOyNtnKHDBRnz+EEvj0aa+7y7mGjBAZq2OWEPTcJg51BsWp+68eXdbEp7lD95R0X9/X59GMAqjmoxpcSEOrmiKgOvS8ih86RbvVgNQqareiS9UXQRZxzkVGE1Hw1dikwszBPjUeTxjtNEZvYksUQ+mARXROZuLKEpxTWmGkMdJUDV4irYF8EFJ1EhkzexfK0pfW6yABuRKPgXPVTpih+m5BIQCH4JlJsTJBUR0bWI1vkKLYRHHc6rRJ6eoniuLIlkUUG62iLZiW0+yDneFB7m7cWPnSD770+a++uXpugwXKskBUWsM/+2/+8b/5739zOYquLC+Rz5LnfuCL/8e/Fzeav/p/+U9/7Vf/3+9+/9F/9jf/9Pa5P/Hf/Lf/rMvuxmrDMez3B6tbG0qpIPyJV194/c1PtVsNZvaei9JV5GJry8k0CyDr59aKojx8chA3mzIeX+jG1rpr1zevXDkHDHfefeCPB2urrcLz96aBADkIknp4//j9d34jiUxQ0X0brjT0VpK88wff+bm/8PNEyN4CW+EgIQRXiveltd1u8y/+iU+/fnntcP/kpIRjWR4SjyZFu9Pa6rTBl1HIlxq81uJOKsYEIhBhJGo09FLv0it03XvqH/WvXds62R8WeTkZjrmwEcByp2GU8qSfcjSCZn7/3guqL3pzcjy8f3vvwePJ8TQUAQNL4SvfFXgATzRW0VGU7kNUAmDwCyMEVEFlwlUmIBJVxtzK8zq/DAlhfWmkOblMBBQA05xqsYh+mFNkKmkkKoLAFeaozrfHMwnauOgaRcvZXDRYEEgXTeqc5lAfh/PDcr7snpc9Cp7mrs2HQXV+exUiX/1kp2U2z3Saf5X5kVjb8mtdm/deaz13EAuLJFGCjfZ3DzJsuu0W6sIDUpjlSqOxHnVEcQKcK6MqO7RU2Y4cVBShNiiISMza+1CmUbPh8tKXPiiqRG2CRAgSQqheQzznyRkQkmBd0KRmSjsVB1LEoIxRChVCo5U0Oq3ZNBdmW9o0TZdWV06OT5b6+f40O5gUVy93f/grL7/5lU+3eh1XWlIKEOJG9Nv/4F/8m7/zm+eX2zFwcO5Olj/3mS81N9clyI/+pb+8+3v/372Hu//53/wf/tZ//df/2i//xP/z//VrG5qfX29Nn44mo0mr0xalBv3Rb/wv/3I8Hjvrq3Dg4INRlDQSUgq1Ygb2QUWGlEoUrKZ6OMtf/8TFOEkAcHg0bAC3tZpYHttAylSGcSLodJoQOLNlPxApWEvNg8P+aDRc7ratLyRYYAneBu+8LSVwkRU3LvRcXhw+O8zi5p7Jiki21pZasVF+en7Vr3VUYjyQsLdVr4cEAk7EA5DzQQIvr7eW1lpXntuezcKoPyoDlVZGo2Iys6WD3OP49t3e3oPOi1uHu/37948e7kwnhRSCpSAjetIOwZIqlBkrM1aRBUyZExaWuc4EqVqdB66f48rfUwmqaolzHewrhKcKL55rWqog0dPVHyxkolXx8NkwirpYWE5vffP+EKvr6JnJ6el2AWqZHp1ByFS35zl5nxaTGBCcc07xNKOpQqrBAsW9iBbFU7D3XMM8D5ASOX3b1GYnZg6IVDmtmH2SJgiwM879pHyjpy8qQ8ogaGFBLy4vk0YnlDOQINYzMyCKVqQUoGiNSsfkPBL5AM6Ldb60vrC+QpSCLFCpUocxVrxSrAOGSQQDq+A8MaACAG8L1oqNZglpM1nbXAueSelOuznKy6TMVJ4/7mdxQ33uzRuf/MyLpDQHVoqYfRRHT+7v/O7f/c1z7Tghzq3/jTG+OzWv/s6//uLXfvrC1vYffesPDwv3wkrznbu7//Sf/eEv/9WfG08n/+h//FdXu/rWWut7exObJE7C/tODazcvf+qTz5/f3jTacOA0TbvddrOZMoe8KKaT2SzL337vwQcfPdtuqNWGnlh94cJK8F5CSFLTMCo11FCoKgkyB6kEkyIKQAA0YaLQokQoweXiTCgzEJHgvS2CD947ELGTQSpyst8/6k/8amvkZGutDbZYioc3LkdJDCw5OwsUg0mqJ6ye+AcP7KtASREvzErrSBe+nD64NzwZBdIRAkqW2d3d3uHuubVmvz/76P7Rw70s91Cg5lYLkqSahEdEiJoEE4BNqHBfIIKu2mecsaoHgVPLkUCoQkArsYtgLX+pfPgidQBEBc0E4FBNMOYDnlOJ13w7wDUAxlego1AFkXHNTZzfXnXlAp5Tgs9cahf1RHP3Qx2ndgoUPc2YkHnJnYGA4xlhWpW6XXGo5oW4aDFhPl6tvjhJLfDEhWSdFC3w40mS+BCcDzuM0Leg8yiJm3FCGlCTL0tptFSj54d7CAG1JqOkOs8BwVpkxsDIGBlKkihNQ5q6Vhms58DCClzgKjFQJCzUpDyX1Fb7GYMYAMJC6I4QNZLty9sAMBgOl5aXUOTxzg7FcduXeelOcvvmJ8699MkbREoEmNl7j0iqSX/0u9+Vw+H6dsf78M8H/HapGiZ659vf/+W/9IubGxvf/vZ3O17fYrjZjN/7g+8f/Jk/9tUf++zd208efO/eGxfWDjL/eDA6d2nzE68/HzebpfDTo6PYmMiY8uSkvFdE2iitggvBeWDeOrc2cHL+6QmCMEG7aWxpg7Urm8uQRICwkurzMb1fsqKFcbS6SMH1hurG6ngY0k4zjckVM1/mCBC897bwzoNIWZRRsOXJ6NnOcYEqgyhOUyynL5xzl7eTgM6HgDrBtIkgwh44iHfiy+CKUJTBeQEUquZniFEjbaaXb57r9Jone4ODh7vZ0wM+HIb+NI7NST87GBQPjvKJFUvKLHVMs1nNPypcmAZIqjZnzlNCQGbFzEFq00O1Rld13C4EgSCqkqbMG6V6Ksgg3gdAUkqJQKjoGFI7h2pNCaoF16Xa5DHXywKvIo8UEL1IYHbe57ac2cLlpS+txo81j6dKWcSz7Gw4c5mdN6zzJeaphX7RytalWz+gspg21b+Mau3BlW50UfJzIFQVQYpCAEJAwvWICjkEQjAmqlYDCnHHKxo4kxQXl+LEYLMZASnvXNRcQjsDN0OFwfmKHRZKq4gwNhQZRaRRjIJIUyMxeewakfFOAohGEmQQCado43o+TPXrjRVyRCoYxcqgVqiotdRp99qb6yuj8ejD24/L0q6srW5trGdPHx5NSh3Tp165lDbTyqYWnBNRSuvpNL/3zqPlSDWA7xThgxxiBSJiTHT39r2PPrjTTKJjD4cePtlM3ns23N/ZW3vlxo/8+Ov/93cf9lL8wRsr//DbO0VRPLj7aHltZXm5nY1CfzgZjmbNtHHp/GZzORFGcZxGiVI0y4tODJeW4uwk9ywRBHauzGbbF9bMSrdw+Xov/dqGvf+4KFlHWKOEJp5vJvS51ThJdcHh4otXGpHORmP21nsnzN5aYCnLgrwz0+LJnWeTmU/PbwxErUX82ra/cCH23iJqitq1ZilYCUG8Aw4ASFEDKAJvXVGWWREmU6W1iQsfJTpJl1bSVgM6zXCYukO2x5kvRmWWF7tDe5w5h5SuNKNIs3NV/+MrV9r8XsciilQNLgMOPtT2gypas7KWLxbzAhLklGM4F0YjCwmjACkVAqPMwwkrPhOAAM0tOrX5WECqzENB1MoabVBrMjHFDdCR1ypHcc6V06leJIzPz8LTA2ohezmTPHq6xp7Pg7BeZlTXy0p3MF971HrU04I9VQvUkyJcCMrnF9cazkRSbe0X6TJQK60BhNRcHiC4Y1Gd2Nz67RaF4FsCLIgmilcuuIP7oSwAhAOzC0opaqWoFCIiB2JPgTWwIUwUJZpmACQAgEHEB+EgYa5mAiSZb/cVIYgY9uClEBbROkre+PTLy6tLO8/2rl05/8JP3XAuZDY8/eiBGwxHpV9aSTfWuraw2iTBWY+iwSBAUeR5f7quqEPSt6EQZQAqH00UGSKUEITBCiYa2i6MDvqAeOnq+edeuXr33Qc/9Nnnv7MzeCrQXe4Yo3vdzq2bl9rtZl74drvdaqRKqWxW9I9PTk6GewfHTmSlZTag9Qe3nxolip3NJkrppaXlmz/wwrN/9vuXtzpfvNIZo/yjJ3bk6/bh+UT9leuNm6vRfj8fpfEf/+obxWxS5FP2rqaeM/vCRkanhbv9zQ/2j6bx9uaRR2qpz9+izRXtnUcdkdKAQYTB58IMqMGkWIW3egvIOo6V0XEjdaW1RWkLS847W2BFbdeUKc2by51218zKMMh6I0uzIKSFwZa+klNXj4YPgog8J9AKh/n8nWnuO6qLh6vUvgolgUqkuqNWmn4R8bW3t7b0swvV3Y/qm2q9dPPshZm53mhUhtVqpUGIzNniiBPSrAyaWJI0bjTSdlfPAy5OE9BosTyYz1Hk1AkMdbM33z/IGRD/QuhWRzgJIC1OZhLmqsQIaoNW7WM4kza8iEUU4fkbBgGEiERhFYU9y/J2q6W0keABwbPsWQlTPMnstaxczcturw2Aam3FdLfc0Y6wddYprVVshJCZuQjihYQ0gRI2wgqAGBSiMHvP3gcXwFZuYxHPggSCyFIDfxBQEylCxzy12Uuv3rp6+XyaJq1G44MP737g7yVRErzzO0/Ho+mzif3CzTUQKHNLpgAiZg7Bm8iEEAgh96AIe5HCuVda6jcHgQiBbKTYTrCpoMKfIeJrr9/81a+/H7F78eLScR+We0tXr19o9drjwk6tN1r1x2NblBVtOYnM2tbK5Subu3vHLOX+N2/ng8mbn9qG4GfjsVJmBvDFP/bmr37/9tOD4esvnvtzS9Grm8X3jmy/CCsGv7IRn++qaWY/PBy//id/5Mrlzcmgz8EH5ziwt46967U7ajS5+/W3jo7G3G6Ztd7eTv9P/fiLm2vkXSAC4EJEBBWgRp0iqkpgCIIYSkRkL2zz4AOgQoVxIyVli6wIhdWRMUncXW5fvH7+3oc700nfS/CKdBpt9hJCLEs/6GfTkVNEwEwISqEPTIujioVBFCFIgNpNcArH9tX/5no/CIZICVQOO+uZGAhBCHxgRNR1/kWdV1+RpRlAAVcXuCCn2mya92YaxXOt9/SldVUuOiCTCiZWUXsJa2/uaWx2XbN0ej+dz0jnp95pjq8sNGinPI36Kivz9cjp2OZURnO29s589VpZg1h9V0SkibTSFaVORLz3K8tLOjLWulMceRT3Ax7PPJfeBK8IESRqtjF4NxkBookNIQAzl5Y9CyAH8dZ754uszDM3ycosd86LC8E6LgMHBmbxAkHA8Wn6FQNQ5dTQ1FjrXX3lxo3nr42n2dFxv9Nu3bx5LYkjIOoa+KSafu75zZl17U58+cISIFV4CwSUEJiDifWD9x9njw82ulFC8P2xjAXNvOFWiCXzqpIf34x6ER4HefGPf35lrVvOskjLO9++A3kRLXfU9tUrV88/e/IYB0/XZbxN0ws4vKann2iVt5rFmkxoNjjY2z8YzJZW19e31rF/+OMvr3zq85/wQUaTgghcWSaRvvDcpbc+eOZPJssNfWuj8ea59I0187mtuBfBo4Ppu/3i4h//4pd/6nPT0cDlhSsKm2fBlo04Xm00po/27nzjncPD8URF689fevfB7ps/cPnlVy/6okCxEnJABJ1g1EbTqsdxIYiz4gqxFkIAQPaFs86V1rvAAkhKR1qYJ8OpcCCtGp3GyvqSQhXHsabo8HBy587+48f94SAPXrRS9WNTWSmgkipzCAFBCEVRvfWrAM4VrKy6r3I9L2FEjAxFCghEWAIzAGiqQKFiFAFUIm9RRERz6wILoqiKrAQCwBWSWIShysyoQCrA1T0YQRSICDvvgy1V3OmdUkjndQBn/gl4Gq00318sVoPzwPo56PtMJS2St+eHrNTbDPrYvGd+zMMiCIOMUrExRmtNSiFqpQnRumrUCdY5BFxdWRYRW+FDABDARNEowEHB45klZzUE0lrHsRsPSCsBEB984SQIIgmDt85ab0tX5m6WuVnmyyCktY4MIHrmwOAFvAjXYIU64oJZfAhBhGJ18eaFL3z59YsXVpe6jUYa7+0fnJwM1teXL1/aurDSxJ0HV7Y6L17fenrUX19rK0WkNZKSOk+HjdHeh7vfun1xJV1rGfT89th7REMAIAWL4fCnz8Uvr0RZYcuN1c/9+z9MzN6WENyj9x+Zabb04ouzOF0d3//Ji/LTn1j69Hb8wpq50qNLa42tJbOVypW2vLgMr63hxbjY3T26uzvmtOtnM/FFtxlvbawqVC7wbDqNDF791HN7Vn/w4OTJ3ujweDYcl4+Oyg+P3cHq+os//flPvfncZDDKJ7OyyBViM027cWSm7tG3P3zw/oNn+6OjQJdfvfnRk6OLlzo/+uMvu2IGfoZEGHXRtJBiCY7LMefDkI38bGhHJ8VoUIxG+XiUT4beeVSESJ5DWRTWlUSUNhNjqMjywB6VDj588PbTb3/7WVaErc3e+XO9Rho5xyCg69SRCtUVqryF+W2GNZEmMAqUqjWhlXSkorMvsgKNIq2QEDiwD7zAWQOCJtRqHiQoUOXGVnGASGJUVahABBrRqCq6p9IFQFWoRJX4TRQiixRBGLCVGhV3l04nngt/0XwXv5iqwKn483TKUiVxwryoFhULZxeLpx8m89b3TFohLZBtFS4OtVKR0UlkjDaKiBCVIs9sXYWgAyIqSut9SNMkeB8CVxL4JI611nmQAwcHOZd5qbyLkziUuc0zZvDWB+tVZDgEWzpvvRew1pdlyIuQ2VB6QWOiJNFaGaWQqg6mSs6qT8K4GXU2OkubvbULa9devvHKZ149d+FcEsfGmGYjXVnukoJslk9nuRI5uPtgcnj88ouXGSGzRbOZ1OCsmkEZQghr59bu336qh+Nz270bS6bBfmcaMg8gsKnxT22nP3Kp0Wyoh4fjGz/5pedee77Mc5dNy5P++U6UrK0OAX9kq/jJm83zyy2VNCRtQ9qC7gZeeFG2PylLm9xoB2Hy5WoCn9zUGybfH9sd3330dPLg/m5/dz/ytpvEaaPBgElEl58/v/7KdX3xYrm2Gc5fNM/duvDFT37yyy+sbnTz3Gqlm2naa7VSVuFouPfegw+/eefpo6Nnx5Oy1Xr+M8/ffrifNOBP/pnPigT2JcUNUKmwgLehHLGdicsARIIXZhbxtsxns8HJ4PBwNDiZzKa5CChFJjZElM2yIs/TVpo048oaH6fRxcur7P077+zu7g/H07LRjDrtpCgCB1YEmmqpZSUDqJYrWqFWpBC0xiq1dzGTr6z0ShECKEVG1YdCqBDkdXq8RAqNxgXXE2qfByiFkQajQVUIRoJY13cdrrz1UocvEYJRqCrqNGDp2Qm2YlLAKm73KlHL4iYqp4UFleT67AXytMQqZeaZ+2Qdk4hntoOnd9hTkfe8zOs50OJTVj+gVhQZY7Sq8dmKRMBZW4UZVOoXRJzluQ8hTdMQQj1OVpQkqQi4IDOho0DjIiggLIvRcd8FcdYjoQ/BuxA8l9Z7Fu9Cnru8CHkZpoUrrSNNShsRUaRMZeSuEwEERAJwo9N49TO3fvQn3njtjVsXLyxrCigOJChUSZIuLy8vL3VA5KQ/Msy79x83NN+6df5wMFIatdaVmbq6W3MIURytXlh/+49uN9lvnWu/sJ5+sqtvtdSbK+anLySvbcattnn4dKBfeO4H/4M/XuYzOzrh/tF49+SdhwMP/OOXYTuS0kKQ2gBEpKi9hq1VwUYY7rvjAz+chGnurXM+nOvQK+vu2q1Ntbw+tLQ/ozsPjh588GD6dBcnMyqKKNiO9udWosuXO1dvrl2+trKylCjxKnADBGaZOzoe3Hmy+8GDJ7ef7D/t7+4N92ZF77nL1z917XvvPIqS8Iu//EVjJDin4oaIIJcIXsSzzdk7DhycLWfZbDItMpsXhS3LyhgwzezgeDIeTWxZIkiSRI1W6qyfjKautEiaAxOppNm8dHXj4sUVEfbO7j0bjse5MUqCEIJRoAiJKiZipZMUhaC10hq1qoCfwIwhiPdMiEpVzxQQQqRJEHyoWp9KKFM9k2Q0KYVzFlFVMKhQjCZCZOaFSbaq7ToPsz6Q6zqvSr3wUgSIDBmU3AVsbV8hlLNlA2fiJs5IZCoRqlTFshABwMcmmCi11HRuzThV21SkYqyhwGdUo4v9PCIqpQxRpHRkFFWm2xCK0paltdZyxU5WVHesRKsrSwoxOKeUTtJoZakXfJjOcmEmRXGktzqt85DHew+bStKYVntxogCFSZEQBQHreJb7o1ExmPHYigcEwihNBKkoXelD5hxrUolKG3r74tqNWxeu39zcPr/caqHRYoxCAhGwFvJCj3M9KqOTXAWhk6Pj4tGDwfsfmtngy194obPVe7R3jEaZRqq0VlpHcaSNJqJ2t/voo51v/Y+/e57c9fPdlV6KPhS5DYEH4/LhyMLN6z/4p384iVAmg/Lw+P339j/o+0+cb3zxYrx7/7AsQ0WRMMaQRqVr1ZJzvpxZWzgXWJMmTWkrbvZSpUMWhfNf+7G9vv/6N+4dHvl8Wvr+cTw+SYNdaTcbiU5Tg4SiqigKRgJfcj4tObAtfZ7ZaeEmeVkwpBtrW89dpER977sfXb/e+8W/+AOmEYWyIBUBMIfgbZnPcleU3tl8ls0ms8m4mE7K4LjiBSttoiSKkoQBy8IVhUsS3WxGaSNqd5orm6sgcrR/kmVFFMVJmrTajVlmvdONVmv/2fDoYPjuW08++uAwUqoRK0VYafeQUCtiEecCIhitjcbqbPRBnAvWhkp7qDQRoQ9csUwDS2GD8ywsqBBFtCatSWsFIi5IaT0R+Ypki5WqmUsXADCwgAgR2FCDocKcyVbb6ARckKllY4hEMhsGhcPWuctIQouaw7NDynqbAKdK7DPANTwDRMU5XvFUqkpwWogLJU69z6iqdA5cw7lsAoiqqaOKNBFgCME7b61z3nP1bjm95xICNBppp90KzhGRicxyr2uMnkwy551WFCdxt9NG5v3bty+TO69Dy0hUMaA0KiLnQ2DJHQ9mduowC6C0BgRUSkVR4UPSbS5fXI6aSovvtfSnPnXpuVeuRYkhLCWURKKjqJpfcUAEIlSl13sDun9I/Ywef/+7jZPDnQ/vXltrvPTC9saVjYG1o+lUUJGJTBwZY7RWRKrZafdPpu/83jvZw72WLyl4ZpEohvWVS5/+xK2XLlA5Df3+k/tHH+5MBlHr/Ap9Op49ezTsD3LFnBgipUhVowlAAB84BAg11AQmllOFqYFmM+qttqwq409ee/nHvsrW3/5o94OPjg/6Pi8851ZG06J/4qdTsbYKHiMR9l6C+CBexLFQkkS9TmdrY3V7VUh2Hj179mz/R3/k+Z/7+TdYnCsyYAbBIptl02mR5WURppOifzKZTHJbVulelMRKa6WNQgQGBFIqUo1mrAiqhXg10UsbyfJqt9FqHB8O+8dDTbq30tGR/ta/fTSe+G6vbQu3ttrcPxq//Z1n5dQlkUKRwIKEUUTCEnyYV0Et1faBbcmlDcBCCo1WdV4oICnyLpSeva96nwr4jYpQKQrM3rH1QWvtWTxXYO5acsMC3jGpOpavKsIKPK0UJZESgVnh+5lrp6ahcZy7w5nv507Xjo2PuQhP/VFn+Ginjd5puPa8ZGVRrnN991ne6Jk/y+lZW891CObs1DlCp5JWV7zcqm9irhYuSAsjVlXYzvvKsF/JA4KIrhCRNYQVTRQB0uOAO5YuGLxiwyq6WAXAis9TzT/ZMwDpWJPnIIDBCylqJ4bET58dz5zPCnvlWucLP/icIse+CCGTYIUZSWsTKWNMlJIigJBGcqOtN7rFB0/oYKk7PDrYvLR95+4DBTAeTC7durB2bnNa2mme2zIvilwQiWg2GTeazc/+2Kcm4+cn/SkKJo20t9RY7SXKluOHj549Pny0O913ysfR0opujw/f2RlkFmezcndmLcPzq+ly01jHoRKDIAKAIpw5/rUH4/cGxWqs/v0b3avMlmGU5xdv+FDOBPQLL51/4db6k6f9d24fPDvAScM0N5eUCAbvi8KWzheFLwqlVJpEysStpV7UTAVgOsneufP4aP/40rnmX/8rX/zUZ68VWcZ2CoFtUczGk2KWFQX3+9nOs9HR4Wwytc6zDwBQEbBAKTSRaTbN8lK6vNJIUq00RrEyhlrNFIG8FwA6Phw0c9vttTjIaDCdTbJ2L331jUu/8y9uf++7TyKlvnE4XV1vPvfC2v07J9m4TCNNGrSq9ougSFkbmCH4YEzddrHMo8MEQ+B6wkhwNmdsPiiBaq2PNTsYjFFKEbvqyRQkVAqVQmsFNBKBC1wF4QpABZ4iAiL0QTLHhLjU1OxDZsO49MyM3QtXa2/tv1uEcGZ3uFhSnKGRno2hlzM944KDUV81QeZOSFxYMaheAlKdnTaXBFS/gyraJ8yxqpX+cw7CqFaXhAQImmh5qaeIECGOo1ajSYpm05kPwcQmbaSXLl2czrJ/+41vV2KlmGCTYI24iyEFVsL1wU1YkLakESAhiQiND9b7sfOhEa9fWn790xc/96XnVpcaIT8BcYCoTKwqtz4SIGtFREqZCLQBECJgC3cflP/93/u3PUSZTnfv7Vxcbi419bnt3tr2Wme5TYZEEROh0tWbVNdHGbGXcjorR9OT3ZOj49nhxI0pyqM4buFnPn3hjTeu/rP/4p+MHo5NrA/G9p8+Hp+U4VxD/+z1zvWlpPRgfSDCKqfhH98d/frjUUKwovCnL7eu96LC+Wufv/bVX/mZuNniYKFimkUaFLpx/vjJ0d27u/cfnRwc5SxGERERaU2oQuC8sNNpNhnPimyiKFy/uvyVL9z67GeuJg09y6bIvsyK2Xg6m8xG/emz3eHeQd7vZ7PMl5ZLG6rHuAIlcbUmR1RKtVrxxmq6udnY2Gg2WlGjEcWRabSSaruulOkfj73zyyud6bR0zjWbcdpusZP33zn89V//KFJKASDBhSvLh8+GrvBxbBBYESCCd1w65iBEGEcoAHnhyzIsIq+VQoWECEohEVoXnJMgEpgBQREZTZGZQ49ESKvShrwM866PRILWFAJUklLvGRAZsDo7uDYlQOZgOLPthr64khwPi9sH+agMAoKd81fqLg/q4OgzqN/Txo+qkRMInVnu1Urus/fXjynf5qvK+uI6/xtnhjen5snqMBSoaK3iWZgXGQCLIsQzqaOERAi9Xjc2hojiyDSbTWGeTmcAomO9srpy/fr19z746O333ldKAQdG9AKIlCI0SFKo1ckWZCI0C4Ao68vJrfOdqw05t5Z2l5PNi2ubm2vnNnpKBTc9Ii5Ik4lTJCUhSAiIqI1RmpTSyhgyGrUBVIKkUN/74PBv/9e/s9zqaGuf3HmynKi1ljEIrWa81Gs0mlGjlQAREhCBMJeFL3I3y8rRMB9ldswKu21IoxLk2tWlr/7QcxdvbPf39v+r//DvF3t2baUxyvw3Dma7VqYubDXozzy30jIqMAcWrdAK/t/eOpxl9jPb7Vcv91a6UW+9c+OTF179sTeosVTBl1FYxFfqeULBOAKFYZbt7548enS08+Tg2dPB/uG4yK0PIUnN8kpnc6N77Urv5o3tre1VpSEbDYN3rihn42wymh0fTp4+He7ujkdjW1hmgeDrgyfU1oLK4gNIwMyeUQRNpNtN3euoK1d6a+vtNNFaYauTImKZB63V8eE4z+32hdU8d3Giu0vt8YSzYckBf/u3740HWRzrEMLyWnMyyCgAESAEALCOfZBKJWIMlTZYGyrhdfUwKlWvb6uH39rgg7CICywixqhYa6VAESKh9wGIShesk9IGJAyBSWNkVNX88VzOxoK+2n6AaE2z3B+NvfP+8maj2zDvPhw9GVnLvNKKdS3mgWpACqdYikXwzKmaRs7acBdsqLnSjURqmz4Lzyc1NS8ZF1U0d4Wcir95sXeZj4DqCIA62rQG658evwu3sdQxAARESIoIsQyBq07amG63UxTFs739GuYPCAIGEUEc4FDoRGR+0IsiXF9N09RoBcd5yJzcnuSXi+aL7aWt7Q1v89HoGfqi1UrKmRv0M29tHEeNVqPRbuu0oY0hrZAIa4GpAJELfP3Fc3/9P/ry3/pbv5Wo1o3XP7H7cPfOST8lbI/9Yb8wGiNdg4YqW13mwsxJCYhpHHdWbKStL7e76o9/6eYnX7kkhNPh2Cj80k+9+Bv/+N2nkyx4OZ+gDmECNHbyeGxvdaMyMAB6ZjT6h6/3PvHi+Z/4yVdXr2xGrTRuxRAptvVbDyEAKYQY2AN4QeTSCogyevvKxva1deBb4BlCCK4AEGU0mLie9wUoptNgcwk+n0xOjqYnR9O9vfHDx4Px2FrHAOA9FqW3jq1lH7g6bar9bx3XbpQm8F7K0nvP3kdKTxApTbVRNBoWcWKc5bL0nW4jzOzTp/31te5sVqaNJE2SD58cFFn2lR++9G/+9aPRSZZEejIoADBwUETeM1eiACdEAIilDc5VvEskQqUQROJYGU0sEgJXHwIwjxgjrManWlUz1WrrIDRXQMtc4IYI1UifmQDBMwQXVBVjhtWICEsf2qla7pijfnE0dUGgleirqwm2ty/NlWhnu7y5t+j0AKtVcDD3QZxxJdfQmJpauuC8Va1aLRDnxZBmnlJ42h9KHWGBgMiBJQSpNLIVkfwsFKqKgpl/XYWwutLTJtJEzWYjjuPpdGadj2OztLJ09cqlj+4/fPf92/P7f+2brvA2c5FALehJk6jRMNZyWbg8d71u+sLNLZLw2Vdu/uxXL41230OxSRKNBpPZOG904s2tXmepmzZSMlH1TJGqlBEeULMQUoREgSkyZufe7n/7t3/76bPi+qVzsYKjw8HkeCilVRJIBIkYEY3WiaE4Ns00kJpZ67zbXIu/+uWbb75+KW2meemxSmoH0iiDw+Huk342zvNp2d8bff9bj9+/e3xztbnVVAJ1G8PBPffm1a/9xa+aXleIwMQiAVhQaUBV07nYASohA8IQSqhG9QAQHHOolU7CICwheFcE54N3ZZ5779nzdDwbnowGJ9P+sDg8ygdjax1YJ0XJec6zIoyndm9Qlk5ahlINWpMxlCSq09aRASBJUhUZCgEHI+s9r640rl7urq+m7XakjUpT42zY3xt7L+cvLmezotGI2u2miU2z2Xi6M713e6/fn129vv72d/dCycISWCqJDFdmBxbnmBC0prmRSUREazKa6rQ2QmudD+yCOCdIyCzWM4goojTRSaKqdMrqDlaUPrD4AJWOS2lspBERShDrfNUFKkUhhOqAmRX+YGgz6y9vNtc6+tsfDXfHTghubDQu9uJqWY8LKy/ML6VnpZyLSpRTL+9p1CESzW35p06n+SoCzyRjL7Kf4Mw2BOGMXEdkAfqute24uPHiwsi/kM2J0arVbBBSZEyjkQYfsrIkwmYrvXTh/GSWvfP+R3lZ1nE51Vaz5tqAIFR4g8rO6DyPJuVgmGutX/7EufPnlg4Oh6++dOGnf+hq1n9Q5mNnff94yCJb55fXtzpRYpSC4J0rc1dkvsyCzbksgi19UfgiZ1dCCIQcgl9e6Xzh87cU5t956+7O/tAkcXtlqbHai5a72Gljt62XutRpuyguBMZ5icpfvdL+qR97/ud/9vVbNzcCkPNAShEq4EDKCFLaSrcub164denK8+ee+9TFT3360nISJkfjfFZmpXWeQeGFF899/k/9YLrcZlBACpRGUqRovsACEI+kBRjYVZILAITgkStzc40AQtKIhKRIRUhaKaO1JlTCYMvgPYIyjVayttZeW2kA+ywLRcHBw2Tmnx3n48J3Ir3VMqlRFUg7t9wfO6VVZBBR2u2o042MpunUzmZeGBsNbQzGsY5TvbbRAZGdJ8Oy9L2lhrUhinWURDqKJuNiZ2cSvL537+DGrbXD/Wk1IKi8fM5zUfoQJFSzKlVj6RFEKVSKkFAppRR5H1igmr4rhUqTc/VwBQCMQWNUxdj2XorSF7beT1cBYVqTMToErn6rIQhRBU4FpSgEHs18f+ZaDXVtq3U0tPf2MyfQa+qrq2kIoHlh1TmVwtRJa3CKDz7T4C0qYM6DkTMq7lOVmpxOehbbi1PH7vxMmvvv5/TRGpFzykedU3bo9OtWt1MkEIgiTaQQMY4iAChsCQBRZFZXlkmpDz66N5nOaN7Wssw/sA4DR64iyOs6Z0R84dbW5lrr0c5JvpP/8BeufvGNC5yf5Nk0m8wkhG6vs7G5jOiLvOAAriwFuNdrN1oNFSWkSOlEmURQYXV4hMDBIQVbeB3HP/tnvvC5L9z8vd//8N13n+0+3RuN7TRzQUBpigx12tHWeufmzc3nb23euLq8stwAVNZjVgYUAVKIJK5ApRExeCsMDBpsHlxOJm1vLv/4L375zR8bHO9N9neOXWlvvXpz88a5KE2DD6gQtQFvIWoKeEAAdgAIaOYNIYovgRQCAmgBAe8AFaIRZAkBqgAhEFIalNKRiRqNJnN3bUkCB++9C7PJZDKcLHWj9ZXZu+/3v39n9OAwz8vQjfSFdqxJhIARgKQRqczCUb8wOkoStbISd9rxxlqjkerbHw2PT/Klnul0TWld4nWelxcuL5eW3337WasVx7F69mywfV61e+2LVzfe+t7h0fEwTdMnjwfnL3Yf3D0xmqp9XRUuHAIToocAnqB+p4jWigWc5wVEW4BK5xGBlLKWHdfkJkIwWrGAdRwYPEtWeCIihFD94ggR0XtWmkRAaWIBF1gBGkPGqNHUjXNPiOu91Gh6cpxbAaVxo5ckRu32C401X3jely0sf3OM1KLk6LSCFvxflIUoFD82ncE5g/SMavu0dmVx7H4sRrEKkQtzdml9GMopq/jMmgQAAKIoISKlyBiTl6V1noia7WZ3aenewyd7B4dnu9Dqe2OROdByAbyq/kyXz3eNod/79oPz68lnXzu/sdJrR1TmE5tnrWaiNaWN5PjgWMSPx2WRl0tL8bnzy8ooax0gKG1sWSJMiVBHMZLh4JEIRRNScN5ZXF3v/vyf/OzP/LQdDCYHB8P9w0FR+FYrXllKlrrtViPRShMqQF16QgRCYe9QGUJkZxEU6sS7Alh00hQJEJxJmgAYrEOdrlxubjzfvJXlBw8edzfWKUoCg0oaXM5AAEixzcg0QSwgQXAiHpQBCVDZhVwpSKgMIgEZEJbgABUqDcEzO/YeEIQ9sGcOIYh3roJNFbktcjcdZ8cHk/c+6H/93ZOHR6UTaCq62E1SDYDkQVSMOgITqXaHqA9Fye120ukkW5tt5/z6WhNYdp5OtUajVbOZAqKzfjicXb+1vncwOTgcn9/uFbm7d/egLPylGxe+8OVr//R/+p6wFCXbNLQ70aCfK0XVelDP3X7CUAbPDIQQR1TlvnhfNXSslJK5O54DO88hiNEELERY3U49i0iVVFQTMqtTw2gCEWZWQCLiPRMhCXrmRBlAGuZ+WoQ0UWu9tD92JxPLIp3ErHei3IbBzOmF0hoW4NA5TLjyFC2EnfJxNtpicrrYMs43i7SAHdY0x7mb4pSRMT8lZW5EhjM5vyIfcxPPMYxnoKtQY7OjOFZaG60ExFonLMqo5eWlyXT26PETH/w8WvhjKoQzR+3cOiRgjD7qz05G2fUrS+e3ukvd7hdfu6ZlWpZF2mxkowEzH+z1RWR3d1yW/tbzm8trPee9G4+V0jISZwMAxHGklPLeIWGcRGmaKtIhCCIqrb0yXlgRNht47Wrv1o3lEHwxy7Np7orpzHOStpI4qgmxHLwrlU4QiF0pIqRjl01AQMWJcGCbkYmBlNictAEkZnDWO89l6WxRRM1WVTOoY3EFximyFztDkwB7QA2ukMCojXBAVKgTtrkEJhMjsCAAGWAvPogwIJHWVa9o89xZFwJ755khWOdmRf9w9t4HB3/0/YP7u8VJFiwLAVzsxr1EVREKzbZeWkuaTSodO8uRIef9he1Or5sqRYQGAT75yc2lpXGcqFYrqqQqiOrkaGqtvPTy9r/4jffbrURr6g/K+/eOGGhzq/fVr17/rX9xB0T29scry43j48x7VyEKNQEClj4QomMWqVrhAISqSuMSRqqaEtSaFiu+wKJYFKHWhIRF7gnRi5TOC4gPIkBK1RgLAEFma121i4u0AcTgvIgUpZsV3gfutlIkerg/LTwDwmoriomejYuprfI2Tv228yWhnMIm6pTtM0aKxfVUPrY5X4hHYTE5Otvw1cWwIPvPsxLn1l/42DoEeBHBjad2X8EzJamJoshU+jXnfAiBhY3RURTdf/h4Opud+abmPSlBHYs258ctViUhcO7CynJja7P3wrXNy5u9o35+ZRmtd8+eHdo8S1KtiA4Pp/1BduPmRqsV7+0O2Ps8d8H74D0p3es2I6OYAyEAKmexKL1zQRE2mrHSyhijNYkIgfjArvRl6RTxykpvbWsrSVOlDAdHQiDE3pMyACDsgw86SoItIXjSBhC5zKslsXgHgKRj9iUAAaI2kdK6GjQDmKqoODhwJZIW7wAKIIUgqAzbEgKjJgmMRKTjYEs/mygTgSJAFg7CAhyEGSRUxyYpE4ItMuudmw6ng3724H7/e+8ePdrPslLiyEAeAvOlXnKuaaKIADjpqJsvrfaW0tKWReH7J0Wa6Fa72elErVasiFhCCNzpJi+8mFgb0mYUJ5qZSaGJ9N3bh7de2Lx5a+3Bvf7ly0vNhhmN7MN7hzb3NucvfP7K7/7ORyHIcFg2m/GgP1VELEKI1cLGSxWZLoIkThCDURXhEIhQEVXrE63IBQ6B1YKgS+QdO8+1kW0uQmIRo5T3gUhpIgDxgY1WWqk8dyIQxUorOhwW09zHhpY70WhS7g9LL9BK1EY7KsowyHyoQ0JhkUm4mMDUN7iPJe3OmRen9qWz7AuRxd6PT9Fp9Xr9rFlKkFB4Lgqv1UJ1mHX1XqkGctXeBBeBOGcN/ijCRKSIRFgRVUYnFNBaFWV53B/MqTt8NmNDGKpRtSz0BQt2AGIA+eSLW2++dOnB45M/Ohj9wo+/kI37+3vHvih7naTZbkzGM+fDhfO94MO77+7NJnYyLtMENzYaKyvtdjstZsVuf1KWYZaF/sBmM++DI8I0MUoRV7d6IKNQKRAOS9345s2Ny1fPtXpdJAzesndKRQJoy0zrWFhEgvhAOmLP4r2q4qqdFQ6olTCzLShqiIh4j2QkhCqLloNIYBAHWrO3SIa9JaOBdLCW4qQKLiJtQpkjKyRk50FpMjEzuDxD0rVmGESCY/bsPXvrvffOZdNi1M/6x9P7dw4/utOfljItQhpFmvgk85kNa4l6ab15YbNX2tKTe+71jaWVBhJMJgGBmw3VbNL6ZqPdiTmwBNG6kg9Dq5sgKOdDFBvnPAeJE+1DuHvn4MKl3uHBbDgue93U5GH/YKq16ffLONKvv37hX/6r+1kR0kiJQOWIXwClfTXGrIVEJKFKIRHSSiuq8LYhBK1JE1kIugYwcAgsIM6z0jTXstVRFcJCiNaGoFBrCsyqwlQFBoAI9WRWHg1zFumkJjX0aG86tV4A1jomNepoVJR+HpeNeBZcsUChCZw139Lp03qKUjyjm1mg7+vDkRYTmPqzycLOLB8Hv9Wf6qyku6rTBaGtPirpdC4KCKBV7ZxmlhAq1xFqrWezvCjsArRaLVbk9CBeXI/PNJpE09z+5FdeeP3lzX/0v7zzZG/0N/7iF2MKu0cnwYdGI1pZW2bxItBqxbPMnTydFIUMh/lSNz5/fml9vT2ble+/u3t4mM1yyXJ2XjhIpUgkxNGUvZPA4HwQ5tjA5kr6yZc3X/jE5tJSCwm9zZFIkUHSriwksIkTEbFFSYSIGljE5rXxSyA4S5EBkGALYECkUOQQPBhdPTjO2uB98A5JVaMnMpEwsPdEiKRCkasoYu8BPOooFDlpgwBcFAKgtEZUrigIkIPzwXMItf3K2vFgcrw32nk6fPBg8GRvdnc/L5E2umnTRFqLgD+ZZYb9F65uf/nN50j8vYcPr722vX11aTIp8txqQvEcGWp3014vSVJTFKHIfaRVbzkljXESAZCRyDuvSM3yUinqdOI79/tLK+n6RnN3d1Ykvrfc2Nkv3/nw+Pnra3/0rZ1Pf2rrxs3V735/l1NTBwYGDkGUQqxsRAQEFGmNc0KK0qqCx7JjAVCaSFXTTlVlFwVFLogSCCK28L6WZQsiMEvltXdBCs/kmUBCcHGktVYVoGyW28IxITZS5RwfjssgEBsipOOJHWZBgDwHfZbhvbgYLoRnZxOczk5ETucpZwKYAM70fnPS8MeTgFHOkAXOyEjn2VGnOlI5Q76pTRM1B5Fq0z6Rqu7DIYTAYVHD3ofFAT5PSj1DbTzdrdQjWVI0zcsvvXH1hStr/4+//83jk+l/+Iuff/7q2nh8AOJY/Or6KpIc7Y0nY5sXIcs5TePBcJak0bmtpRDwG998cnycBS+lAx+w6gAroJcPkJdcWM8iRkGa0Foveu5a74XnVtY32gJ+Np3FURRcMEmCSopirJRKWm1m9mWmtKn2xuwcCIsiQLJFQUpL4AAYrDdREmwp3gFW1GdBVCLAQYCFJVQv/1CWpLQ4J1qDBHA+BI9acVmKlMpELpvpKK5RcHlORChS5jMOIfhQ5nZ4POofTvafDXafjvb2p/2MPaki0LtHNgs+Ppg1I73ciBBxMsp/5vXL/6uf/bzNZx+9d/vqS2s3XzrnnEsiYwvLgYW50TBLS2kcaQ6steLgC+9NbKJEGaNmU2dMVBl8neey9EorRHqyM7l6ZfnkpCjKENhdvNj7xrf2njydnD/f+61//eBrP3it202yaakQXZC5wbe+exGRUmo+XgABYGYmZOZqF2EiXS36SZFSRAjgAgsHAVJUWu88O+/rexOzzO+6gUUcaAU+CDMkiTZaaY3WS2CONcYaj4bFpAiKMDEqK8Jo5hGIQaoMRpEz85Y5B+40qr6eZsppKzi/ptZi0BreXUUEz//9AmgxrwI8DcdYRE3hYhFYr+6rHaWEU/hnlXVWHaW4QGbMgcdVBq6q4KyVu0okNjqKosJaQhTmU23OWTH64j1AlNtw+fzSizfW/rt/9M2idD/25eeWOo3xZJJIaa3tdJujUfb0yfFwaJNEbW93AYtnuxNAaKTx7v74+GhaJRnmBXsPHGqGcGllmvMkC1nJUxtijVc3kitL8fmNdK0Xu6I82LXdXlMSQQYTx1D4zM6SNFHGFNNMBKO0IQyBfYBAREjEAlyWEhggAGAoCwBg5dl5ACRUHKxCAFQC6JznwKiUywulDQdfbeWqjB0R9oUlpYUD+xBKC0jFeIQApJQELorMFnYyGB88PTk+nB4eZs+ejU+GxaxgIh03oqijOkn8tF9YFoUYBEaFO8lsG+TPf+7aL/zC16bDwb17d1ub8bWXtioZUfAu+AAgOtKNZpQ2NIJYG1BBnChCDIGViqvh3P6z0ep6s8ytsFgX9vemSWQm43I8Lrq9ZDx2R0dFnMQXttv3Ho5eeWEjK/jtD48uXeh+/629yCjPjFXCjwAEQICYqsSJWkstAMggIESkEFhEC5pIBUEfvPMcVTvNUDPUAosPoQoOq/aHle3Qeq78hMwQKXQQtKfIqKL0k9yBQDNWsVYHo8ILKMJEU6UKQEQW9AL6zJlUM4aqScgcgTifyZw53hYP8nzwCGe3hPO4pgV9VGSOmZHKjF8pZmjhdFrcWhefnE8D3uY5HfVgphbBzclTRBLC2W4xhNBM0267UdrSOjefM51Bv1H9OVEWSjz51HNb//Lrd4eT4rMvn7u01S1yO50UABOFOBoWe08Hg34JBOfPdwFhPM4jQxax38/z3GlFQaTMvfM1LKi00h/7acYiUNFuSs9TC7Od/HDsbp7kg5PphXPNjc22sIrj0G5DmTtUKm23ytwVMwsCaavl8pxDUMagYJSm3jpljCsLExlvWWko8iKKjbMOmBGJIQBAhTkWljIr2AdxFhh8UYgglVYkIBFpjVXkW8iJiJ0LPpBSPiuy8XQ6zqbD/Gh/uPdscHI0G4ztMPeeESLTbEQj6x8MyueTeFlrItod5S4Eo1EhBsAWhF/6wRu/9Is/Oh1P7r39rkd365XLcWqstUVuZ7Pc+2AMEZm4YRDJe+ecNwiNpm40UwTJJlnabJDCnSfDwGIiyAtblj4vwjTzcaIGw2J5uaE1l7Y8GU7Ob7SfGNw7nC31GvcfD5eXGyrWeeFqFlOFlyLQVTUFASIW8VyhrSUAsLDRaHQFWgKjSUSXpfcsEoQZCutZwAepQmYEoM5SgLnAsho/CDgAIdGBfZBx5rMyiEhsEIkmuWeR2FCiMXc1ZtGyMIte2BPqLSCePbzOxEospKJn8kTxTObL6ZpijshgDqcuqDNqmfn+gk5HlvMr5wJOXBsp5obFM7iMUw6V8x4ASGsGUEqTDwJQWpck8dbm+qzIecreh9ND73Trecqb8j4stZPJuPzoUf/cWvvGpeV7j49ajaj3XDPV7vgkOzqaFHkYTsLqSgQQxpOi0dTjcT4YuywPirB0XJZeRIgoiHgnz46c89COtSbwnhOtLcPYShHk3lH5pF9eP0ou7pQXN7LzG40LF3pFx6fNxMTaFSOtdRTHWqtiVlQGBlfaKE5tXgBiMcuVUhyYlC7zEoBYQ/Ceg6cFGyiKETF474vSFUsiAUGCqxpFT1pJYNK1Pzuf5dPhrMzK8cl0MswGx9PDo+loXE5mLnccBA5mLkqj7ZVWTBgQosgcHpW3D2aP+3mvYYyio0lZPbxOIOXwKz/83C/9wo+MB6Pbf/S9WWkvv3Yu6UT5LEOC6XQmAsYQKvRBmGU2KyJDRKg1JImKU51P7GxauoAmMqXnd985eOETK7NZOc0caT2ZFtro0dgpbZGUCBydFFnmz2+2Hj6ZKKWsC/uH07RhptOSFFXQF0QABiLynpEgCCOh9/UBoqQ6L09zGxDFKKTUFIWz1VZQsHDeV/kWAiJSUX4JUdVAICgBEDFUp6tAaYN1zIJGodE0nNppGVikGateM/bjsgDmWpcpi8FMdY88Q8GfL/NkTnijjzV4pwlNi/HJPJeJaqlBddpXaozqxnpm87fIo1hch2WeGHo2xxfOLEQW+eBICIIcgvehAgdGxnitAotzfjbLzm9tTiZTYR5Ps9NIgLks4XRCAyAisabD40npwhsvbh8cTu7ujC5v99pJe3A0GwzL0sEkC1EckVI+cCONJuPpeOpPhg6rmRAzEWhNpZPgcfe4nBV8bilFEGKOYs0syykWwXlhg1h67jvV8dHgwfT242zl9uTCWrK6lHbbUTNVneVWd7kZJREAxGmsFChFzCWR9c4zS9pMwCGz886bJOaKj+pslFQWKhRCHSWxibJ8OhuMCDF4X2aFt2Han1gn2TjPpnlhQzGzo1E+GhezzFVeci9SCpImpTRFlCg8GPun+7ObHi4uJ52GOZj6h8dZogkAjqeWBYxCrdAG7iL/Jz/5qT//Z37o+OD4va9//2SSbb6wtHSum2eFLcqqk2+0Yw6S5bYogvOcNky7bRLEKI6iNHLWlqUfj23pQEekNe7sTlrdOIpgNvOCYAMXJQeBwdAtLxlmnOXy4MngB9/YBoTZzBLhYJi3GsazYCXOqV72iEGEBH1gINGotMJqhikMzIK6zh3xvtrUMwABoGexNgiAInR1ZDUIQOHCAqgEFe2CkBmIiFmywmnFmRUWacQqMWp3YAvPRNiMdbUawEoOzgIAejHOlEUCw5xiWLMTqU5sq/cEMk/erhYZzHPsBVT73ErMXSdsA56ZncrHcNwLfxNBpf/BhTimsk2dmoprMwctdD1QtXuS53mz2chKaxGMNuK9CA+Go/XVpRtXLpa2dC5kRbE4iKuEnVqcg5WGBGe5nWbu0lavGZs/+PajtJV+6rlVDTzLnXVhljtSynu2nhvNKJuVRRmOB0XpxDnxHhqpRIoCswCOZuFk7DaWUqUBBQJLRCCILVQriRTTEAQ04WBSnF9prW+27z45+caT/rlOutGYdBNoRbDWTjq9RpLqRqoTQ2nDNFqxNjpuaF/YOI2RiJTi+cRaEQmA1lpVrHEiQdEmnp7Mhoeje3bHliHPXTYrskmRz2xpg/VSemYgIRJC1ARaYyMSwP60XE7r+7rCOgrWBnz/YHa/X3RTM8rczHI1OTSKRIQICxcuNtT/7uc+9/N/8kvPHjx+9xtv7/enrYvN1Us973k6GpvYcAhRrE0SzaZllvv+oCSFK6tpq6VZRCkFILYMo1ExHNnYcpSoPLdZ4e8/GrQ7UWRIGKJIl44BqbSOuSRFRRlmhds7ztKG2dsdK4XTzBlVpetVgZpUUVxFMAAAomfgyrpZjV4QmcX5AAimeg5RAYL37D1bGwoXAIArTmHVTPKCUVpt6qs3EbmKBiwiAqXzk1IqyU5ueZx7BoiVMkSzMtggocq9kLoI4YxltlZxnVWbCSzoVHiaTDOvE/wYt/djDF+BM7q1UxLGx4ThddDpXEhKiIwkEOb1t3gtzIPiAIjUIsF4mmXLvGQiUxRFmsQVU6QsipN+/8qlC+fPbc2y0jrHHBZdZS1LhhqTrgit57xwr764fW+nP5rZN1+9eH4teXZ4UDXNIqCNOhkWG+stZ0NZ+pNB6bywyDgLmrBFVH2HRgEgp7GODSKw0RhrDC4oUErTSsNY5sOpBUQf+M7TwW5ihrNclDosQwbEk+C9f2ENk8OSAIiFvWtHpBQRkaEaRgQIzKx0PedTgIiotZLAHELd1QMEJ0XpHUsAFCJUiAoFEZQyqSmCzAq+upZaDkJYee8KK998fLTZ0Z++1FFEIqJQOQEEiRS5IAdjCwhaoUBlMQciykv72mbzP/sPvvLlH/+BB2+9+9433zmelLhsNq50AHA0GFWvYhNpJTrLyoOD6WjsJmO7da6xutpIU1MWLi9cYBwP7dNnszznhmeVyWBUepbx1I1nfqkbxxEqoiDgg5Q2zIosNpoUcJCjfra+0vSh3hxkZQgsur7HsaJakxGYQ3V7CxgkGK2ERamacsvM3gcOgooQoUqIrkYyLOIDVzFVOM+Brx7sSgzAAhpEK+Q6laKKtRCNYBRlRZjZIACRJhdgVrIL808igiB6PurAM1uIMyLSU2chnGbFIJ513c91MnOJDS4+Vhb1PEfQSG25kAWrG2WRfsowR3eHOscDAXgxg52zbarkOEQUcM6f9Pvra2vOeut8ZLRW5L0bDIYba6vbm+tHR/3JdGpDmDexFa01QCVVmq9bWs0YCd+9u3/jQm97tfnw2cRP7UZLlWWIIp3noaL3nPRz5zwzt5s0y9w8Ux0AII4Uoqx0NEkFz8M0letX2kbpxw9nRQYmog1EBjiZWRIui8JobESaRWalH+VSJVAdFH67ExHA06Hdn9ofuNRpKAosOQMyVktREQJbv+JUHY7scY7GI6ovYQOQpeXUKCKFWiutFSmFCEmkd/v579/eEbPy0sVu7tmzJLEenxRTGz489AL4pefXDWHpQlklQyJQFQUwz3rWhAGgLIqfuLX2N37pa8+9/vztb3zvg2+9dzgpfQNv3OgmTTOZZsVstryxZCKNhNPh7GB/9vDRdDJzm+uN7fOdyqzgPAwG1joZD+3TvcwY5YWdC6Opqw4cH2Q8sd1OHJgFyHrO8mADC/skiYgwy/00s9WrQQQmM3vmNJDq3eWFK/uaCDAwBAIUjUAilTtcKxWC2OCrSU4I4jyHmmwEkVZFYavxZtWjBQYQIJK5/FIIgRSyQGBwgUVYawKEzLJlAZBUEwhX2YkCUKGiNFZ6+VN70JnCqLZ8iyjDqn7gjJcCz6755zCLeelWupmP1eACmCjz7X2t5673DdXlHQhQKQlcLXIqm3AtAa0MirUPqe5hh6NRmiSdVns2mzkfjFZaUVmUJ/3+5UsXN9aWj46OgrPz8JlqJkoBTudCnmW1nT47nCDgp25t3X54lBh9vgcMFERQxIegCIvc2yyYCJZ6sdEwnfms4MBQNRvVEbHUjQl9lnO7Qdsb5trl7vJKd3lp+tZbx84hGYpT9Xx75Qufe2ltpW0La7Q+Oem/d3f/j77/5GRcENGzYZE7DswnmQsMQw8rbeOCIIJCev8gu7LWSgw6FgJIIr03KDqJWelETmrenTAToQi+e/eoG8fLS4lUhmetAIgZx4V9a2cwLv1v3z4aOv6B59dbhhKjv3lvWDhuxPThwczy4Vdf2uq2Y5ovm7DqeebdQG65ReGv/8iLf/kXvtZaSt/9nd+/f/vp8cyO2F+63FMRWMeTyazdSXWkg8hslO/tTR48nDzbm3W60YXL3Va3MctKEsgyv39YeC/9k/JkWDabceHCNHPO10JfpdB6Lh2DAIOUVo6HFkB5hkgro1Vu/XhasogLUL9cRQKgEmAERpnf5SQEUUSExAI+cGQWkWPgQwhOENAzswNFipmt954ZEUmBUlh6ZhRSFFyo9KbMohUiSGDRpLSq0tQY5kEJgSF3HACIMDGUapVRKMOiuwRCVHFn+UytyNyadMrSPpPDRItzj4gW8DQ4LUmEU54awZlCxVMoMC40NGf0OPO47oVUJwhWF2b5GMkbTzH8QvOXQVGUURQ3G2kVYlVJARVRt9OJjBmcDMpspglJFl0lIiDXZB0UgHYj2jsav3JjC5D3j6bBw3rPROSLrBCRsgyKIHjvfdAaVlZMHIMEtk5KX3eoaaKMVnFkKkULIQLQ8Ym792D6dDcrnVTJyM2G0SST8fTNH3jl5dc+sXluo9tJn7u2trbUGA+Gg0kBRNPSZ471fKl1YaWhFCZa3T3Jv/Goj0RXNtuN2OhI7wyKr989npSh1TAewLLkNoxyP5i5h0ezO3uTg1Gx18/u7o0/eDZ899HJ9x8cf/f+wXfuHhyM8sgoBHx4NH18lK10m4Dqd99+aj1XM/qTmX18nGUOjqdlmKdKEyIROoGysJ/abP2f/8IP//lf+klbjN/73d9/+NHuwYzHitevtlq9SGldFFZpanWbRWGPjmdPn0xu3x8/3cu1oVu3ehub7SIvs6nNs/BsN9vZzbI8HBwV45lXmpznWe4rP2ktERNCpYrSK6LR1B+fFN5LaQMiFaXz1TYhMM03ZFXGIJ/GesqCrlDLK7ESSqFWCIiBa7tdBeCrjqp644RgfaW8UdVsosIi8hxGW32grvoGRAEgIhtkfozD1HLuOdHUTSMfpHDsWbyAYyFEU8VlL3KgznZr9bK88jkufE71kmKR6DnfH8wdGLI46mpYuCwyP+dDWJmTNM7sQ84eicL17xBOB5hzuNNZfd2pn9ELH/ZPljqdbqcFlZtauCzLPM+aSbrabY9PjqUKE6joetWqe745VAhZbr0Lm2vt924/Tf7/ZP3Zr2VJluaHrcFsD2e8k/v1IeaIzMixsrKmrkqxq1kqNJuSQFEgIQFsQAQEvelFf4H+Db0JehAgPUigSAiQIEgQWE00u9jdNXZlZWVGRMbk4/U7nXEPZmstPZjtfY4nq1HorEgP9+vnbNu2hu/7fXW9a0KQyXqvgCQxJvrLbife2XxWnJxUXcOVL5g6+bbtekHwbYONQeGN0JeFU7H11kIIgOCYijEnAcE77HbN/+n/8F/+Z/+r//TpO+ezxSKE8LM/+kG722r81Wev93XBSYThCG+2/baPT5fF1zfdX3x7Xzj+1ctNMHt0Ov36avvsemdgX1xvvrzdZZKCpUg9UFXHdLXpXtw1R1aUzI0uHKfvoS7cy7vm//Jnn5ee2l6SLcAMCu/umvgvP7uqPFeeCdEMuiixi+9M/X/yj7//n/9nf/rOd55++Vd/8fd//tdv7vs3DWwcP/1wWs/dvhF0oe/jdFY8f3F/fbN/8XJ/fRd2jSDAo7MCyV5dbZpdBMPtpnvxsm168x5Xu6AATS+miZCcxVUiEA2staub7mSmIrDbByYhptgFRuyitRohUydS1goMqYOpgAc2dRkfAUy52YuiKZVG1LyBmoaoaWiKqOmWI0RCjGIIxsQGRoTemUUQMGZKqmfR9MwjErZB22jJ5B7EOlEDqLwzg00bO9EhWA0ZjQCOMPgw2upp7PtGHz3gkeXggGk6Cp04pItC/sV4oOePgMMDZD+rS48CMMactBxJrKAKx7/LoaIFPLpUiRARutCLxElVeu9SSTab1IvpJHb9/c0NqPIRwNwGiY5h0k9oVfKjs9lnX92cLmddF71zpccKOxNhtK6V2CsYI/B+Zy+fh9tr220QjOqiqItiWhZV4QnQM1fe1aWf1cVi6ua1RzBGrEtXOgTT0vO09qXnL3755Xe+/8nJyUxifPHN108fn2O/v71vN230KbEDMYgywsTTv/jsrgmW4rDerNuvXm3XTU95WjOCEDCz2QmTsJYQHaFz5AiZKV1lhzwRNAN0TIgYRZloADsDIBBB4dKIwjpVjfK0cv/89z783/2v/+l/+j//EzD52//vv/j5X//qxSbcRFsbXrw7nS/97e2+mpRdG7bbsFp3X32z+fb5/vVN10czg8JzUVIIcnPdvXzd3d73Vzft7Tr2YkGsD4JE6QDmhHgEALzfatvqrpFX1/s+mGO6vWtEFNSiqEQRVdFhJWiolm+BVEsPRw/ThIYG3ZdjSn/Z9MQlUqSq6RBDb2YxWogKgCKa7PkJNxoFdJjlJ1hu+tO94z7qXRv7qNOSZgW30TadGMK0YFNogqiBAMQUfUHoENyB1XTQbxscZGrDLU7w1u4u9YdjXsaoAh1VM6mbQwTQ9BfXsaHM8F+1ARKVJzNwJEjNw1HKuKcxa3VYY4yOpOFKNUJr2/Za5eL0ZFKUphJD0NifTOtF6TehNwBFC4ABjHJkDgYwRQxRl/Pq/n6/3keJwgjdvosF3O86iwJi2LM3lg43kXZ3EsRUpa78rGTn2AAcAxogsAGIqsQUggdlyUzYdTH0YTop6pL7IDHIbFKs1tt/9Wf/9o//h79nKvtdmFb62z/56M1te/vvXhkCgTECAn9903xz0zZihaPkpymYgIfIOssqQxqCHnFcJo2+mKFkSv+Rjzc9A9EImMehH2Ee7EezELU2++HZ9H/82+/9R//+b3360+/2SF/81d//6m9+8XKzXymuFRrAas7zU3d9ve17o1V3c7ff7iMAbLax61WGLiOq3d732x3vG0lzHjXoozkHKAaYzw8CkIICKEDX69VNUxTcdrJvYyIXGoJIXhOoahrzKVg08MMYP0//CdKgChE00xuAM/8onzrJlRb0MTNrE9tomK+AmqZyTKMw0xGrJcEGIH0pSGBgQTWnI4pF1iZITDN5wC6oKBiAaGIxWboY3CE4HtAw3RJZsWk5yW0E0KTh55Hp/jA0PRLUDBpss4RCo1HShkNJNBa/GTmRzmEyr6V61wYK6yAmH5Jk8lKf6LDmOAxpQUPo7+7vJ5cPK+el66RtpgTnJVtj0bBTUDBDjKYuBbxw3pNdFnHRrf/oMZ/xWkB8ALlBCbHvYtPFqixPZ6WqNV2oJ8V57UMfRGSzD0F0PikIrfBut+8QcVr7PmjXRTG7X7fEVHnuernbtAZWMBMhEYrhv/3LXzx4OH/n3YfT+eTrL589vDj56J2TL15sXt/vHWJKBeoFxaBgDHq0NR3kfOnzTxM7RiJLY0wgAMUUlQ6Qah5CQvRIbMaDtZoQC0aHAAoG1hu0ZnvRro+s+qT2v/PR5T/76Ud//LNP3/n+e30MX/3is29//vnr6/Wt2LbkddfvAbGkcubu7vevrxpmd3PXrza9IDrCKKBqyCCixNx06pWaNkaxMTxXAYEwfS+pKdk1WpXU9maKq22/3oWyl6aLYNB0Yb2DhKIVkWFlZojZOjgONyjPLYAZCIfNeHpSVJlJhzhaNQtqhUPVHGEvYiFrt0xEs61BlBwSAhgIWgrJU7AoxkxRzRGlE46AhBDVNq10YmkThoCS05nSLsAcIiPY4CfM3RqNNiI7ErQc2QmPrfXZFYhHjsKDU9fgoLYevLmICsAjVGaA0xyRS8e398B4Us3iUjxCnQ4xGDQcwSMFKiBA33fr9frp+Zm2je5cQfBBxQ7iCumkYiMEAnTkHdWeJp48mQcTkyA9zMA7MZ/S5KBHmNX+dFaudv226aZ1WRfc9VFU5xOPaAVT6mGAcbvrUnmza0MMKmJEQES3qxYA6tIlLQWzFIz3244QN/vu81+/OluW0vVs8Or51cOzaUXGRAAmhmzmgNRMbJyRHcKdTVMthAWRBySA1PYQQJosCJhxtqQwoAcoiFLyISMWTA4xheSIqoqy2bnjk1n95Hz6u588+oOffPzx9z+cXiw2u/Wv/vYX3/zi81fP7xqxHYGeTDdNt2padc4hbZu4uW6321gW1nXSiXKOSclrXkMMMZc8UYQ5iZYx8SkNLGpeJ0elN3f9cs5Nr6G3u1VrZrs2mlry2e52AYac1qFksuS1pTzFVSQiVXIsYFGyrCcBpdXMeU43T1AjMESImhLLaMBYQKJtjv7dFISWdAypgmUiNDBN7aMFAA2iRl20qOYwD/+SF7hgAtNMIYX0dOVrUAHdbxytI5SLHTgUw1lCRE3JgmkORYMhaGSlHZFgDAaPxZD7PbBFR+U2vgWYGVAwgASYHrW8ysAhttcO6dlZMDcaLlAzr8gQd9tNW/n5tJS9Vdr/4cPd1sJ/8xrfCJIvL86rFNoYTQk1vUG9o8JziLJrelGY1kXlqfJ+tetN9dHZJAFh69JF0U0bREii9FEQre8jAu6b4JiQcNdJG7T2JFHULApumrDahqogUYWoWzE1Y4IY9MsvX7x7Uey3zfXr1WRS/sOrV20QQGAkRGNmyaQdA4OBGZ3/Z+J4SlggUeZHHmIIkEAHN9jwKQGaUapi1AxRVIiwYDzx7uHJ5J2z2TuPTj967+KDj548fO/RZDlp+/b1s1e//Nu/ef3i1c3tZt3GDsGmVYskMb66W/cKHrHb610MEk0VtBfLZEqUBIiipItAM/Oe1IyIkp1Pzdhx1wMSOAJDjGLrva12wRV+twttE/og43OpYAAmamhIZEE1PRZpxYUAcgCrACCmRAoaJPxJsJBOWgBgQtM8ohNFNVPKVG5NGdVvA6gNLCogGGF+1tKnKumDNjPEqLYLKmqFQyIM0USNEE5KVxCuRBVRMgM3aaZRwRwM6Z7H2uaR/mDjDXfIOxuZMEAIOsq486BDR63Nkakva8Ixj3wo3fSHKHo7LCqOkFAZcnE0kMXRfkGA6b2SkmcOTnkDRoAom9X6hCYVtr9Fb/7J/2TZtO/U/4/7v9jJ36/6VTd5fnX/449Oa4IuiIgyokQFMO9oXvtd0+933RZgNvGzkte7sNq287qQKK0IEZDpat1E0abTNui0BhVpOzUzdixqbbDNPpIpMUaBKNZHMbAYBRGjpnW6eqb7bf/sxe1mtb9b9+6+uV+1YfjLJBsNE6pAVO0HlVOqBabMCyI/fLSAIGpHXbwddy0OoCCaO5oVvCj9SeUvptWj0/nl+eLB2eLBw5PzRyezh6duOYO67Pe77fWbrz//h5dfv7i6Xm3a0IoGw10Ut6w7lSaGbdu1UdBxiKJqISrzsMPKV7GmLRIziampOQeIIGLeOR1GavsG1tvoHCwXDAKbnb6561Q0RNntOxHFzPuycaBkZpyXyEaD48aG11B6NjgDUUA1Kz+iGrsh+cRQRNMoJwWnJaiMiaX1ukZNkTw2PJtJ8NgEJcAUM6pmjGQwSE2SwNOsi6KABiqKidzqmCpPqEoEoBlDnuZnAKAwWJlGKBmOjgP7DUMvDFMmQ2QbEL4EibE9tH968Pwd9hrDD5otSHa4+4bTbwOW+1i6nW5Ww6MwmQN6ETGtBEeujaEhIgM4M4cY2q65D9+h8Ie/b+73f3hy+uBn+784/9ZOXvUnH33wL//ql59/e/vTT84JoE1ZrYgi1nWREKvCtSZdgNd33bxmR7TZBxUFsK5XJiTmfRu7oGrYBWtDO6ncpglRATESoSo2vZiZdxRzcw9Nnw9RE6RwCAYW7f66WU43oQuv79tpyRJl16kjVFUCiFG3Xdi2IUZ1RJ6IADzhsuAFkQMwNUfEBJ6wICod1d5Vjj1CwdQbPpxP3zmdXM6qs+XkZDmdLifTk9l0OavmdXEyx2kNDCqx3Te71XrzxYvt7f36+u72+n6179Z97AyUsHe8bXvxjKK7pmtD7M0yiNk0pfyla1eiDng7BERiJMpp0gYYBQy4CYAA7Pj6trtfhRCFCKpqgoivbva7fSgL2mzbxOYZ+F8mBg5J1dKQIXWPakoHK5zRKMmA0XBjSduR5k/psKXduo6bGwJO724AlZwfKWZDDnaSHKsMdbUBEJKlaxYhqJkqoEmwqCYpOcVAFKKCqE0rR4T7TlLYc0qrT5sPUQUDd3TzHHHmM8QpYarfisVOH0DKRkunP63+0TkzHUc0ZgezYbprVdN6fZAEDHD7VGMcspyGievBRwXHVsNUfqSJDg6COhwh/knG5QAY7Kzf/+5TWv7xE3n399T56vtfv7OcvbCXs8uH/8mfLv6P/8W/+Ozbu6cXE4ka1fqQ8gk0qjqmpJgStdf3fe2QGa9Xbemp7VP6qhBCEOijhCiGEDQ4R7t9QEKMAECG0AWJKgjYBCEmCIYIproNWiu3UdvQn86r1a5vko9BhAcMRxNkte+j6sWk/MfvXXx4Nn0wK2feVUzzuqwLXzCjGoEV3pXeeccFk/fel66clM57VxaGXC6n9XzCkwLrKfgCitJMTfrQbDarVff1y93d3fZ+vVlt9ru27eK+j51oE2XXhcDYiCKSOG7ABKHfNlGTZT8rb/OaG4faJ8feARGNi6UUCdgGU4VNE1TtdFnf3jbXN00S6wFi01rTx/W2dwR9iNZDulhGBWUyoaeZgGGeLqbHJY/3iMXADTMnMxBQHNI/AUeH3LB7MyADIkhk+3TadUA5ZRhmnkLk2b5jRMg3WHqkmciDRgUmohQGSpYgUWoQ1AyhYOyDBDG1PGvAI2go4QB6OizHxxJxaLXsILZOSJgjZxGhqiFBUrolSPtYOeaSCEcpAOapnqX4Ujy46tOfYkPoi+lhbZLXI0iAaXKLhsmsSYczmvzSuRVIDZI3/d0H9O6nBXzyKfjHhr07P7F/uHrv0w+/fnn19MMPfvvds//nX3w5Kblw0HS670REHGOfCn9ARDK1bRNaRkdIaJt97xyJQh9jmlL2UYgomppByQBmMRoDBJUu5WYh7foYxEg0U2jVgmonSoBpnrDedk0naKKDKSFE6brw7kn1T3/0zm+/c/b4ZFo4ZoeOqCycLwsuSl8UzjnnHZclOw9E7ApwzsCMMAF6wn4XvGtjsHWjb97EXdPv9v1m06632+2272MXYxtiRAgCxhQMGtXeNIAGp1a5vkHncd+Hzix0MaoldTIAAqoYRsmTRrN8baQZnyH1EUSACHYtrvba9NJ1sm36s5P66ra9vt3RIOQAs/U+rtfNkMsFKW96cIgbITGgmVE+XTAqIcWMgNLUMVWnjJRODQ1Q+HS0BunPUIbl45wYaskglBYeg0UXgSmnfKZDIWqMgJYM96qAYOoIszyAkq8aCYERgqZfjyLaA8QBAJV6h7RjUgUkdIOFN8sqCQ5/5Nh+HBKRRpDood1Nm4yjw5vyegc//Pg7wJENceBd0GBWHP6R6eEqznwMOobdDPim/JFhOnRDBjwcFALg0V5c7Tc6PRWD9c9hOrV6Mjstd7tG2m5zd/feo5NtE7+63n/0oG662PXahpgGtgYYFByTqHZ97BEjwNRj00ulYGZNr70AUZqVaxu19mQK+y46phCli6aAnnEfZd/LMOfKHwilph8BEEpPfZAQpWQrGN+sQ9vFZUkfTMtPHi/O58WvX9388psrUq0debBJ6cvCTeqidI6ZvScgIiRGKhwTYzQLMfZ9bNs+9IEI4mC/SW6ANFuQVLaQocMQNCoAm9VOve+2rTGZOnMsQXqRTdMFtaiGgGmvDWiEmCideYSIAECiYEBBMUTbNQJGfYi7Vle7LnEPiGi77UOOSctzPWJar5uuj4PTJj9mpkn3QQDjOx1HLfFYYeWtcdKpGaolqlrKaMjralFQMGZMcHQAS8k9ooCAIikeZ5gH4uiTRce5LxJAUTPAoIb5R8vmHEaMBn3UPmpUYwRgVFPR7GBRBdHDc0wAfASTd3YYZuY55yDpPnRfMIrRRgrGYO8dCDOH+5MgScMOM3UbVwhmWd2BlqrZY/fTACy1kUGoh8981BDkifSIKj1kBWN+HSKhAUwdvffRg1gu7H6Dm89MFS8/Li739fO4mJX/5t/+4nzqL0+nz1a7i4lf7/o46AbTjd2nXEi0Nohj3ouRYRM0RCsZ26jbXhyjI2xCFAVHuA5x36kjTa9MQAuGQQa2//DmSGt1Igyis5KnJfcCnpHIdr1NCrqcFhUjM65F/vblrQcgg8LMqZFZweiIKk8FUUpmB4SkhnGOyspFQgSIUfteY5Bp7XzJquodqYAiEiMwELNGNUKraLfqkZkrpAq5dNghMqmhqCnivksZm/mNl24cHOCxiBhiKhdp15kadr0i892ma5poalE0RLEctwAi0qSg0MH0jkiiGlI2FSbdYvatZ2J6lmQbYbaJiyoOoBJCyoFCwzM7evzSLIIpozfETCXZ5owShE/ThWEjFcwOd0ACplnqFcUsIdtEDQyZKO00039beVDDJApNaeU5LgawYPJEIeb3iYKqaUH5sk6KXDdUpjDS78fko1Q92xEZcFwBmh32CdmsTkcWQTPMeSM2wp4OeG064HcHh4YdTL6Zy68w6LHocEhHIeogaLUhqwJB85QIBIAM0dHTcz+9PDM3Xf/f/3Uxd/X/9DL4otlu3tzsXt1tH54/KgreNPF2F1Rs30cC7ERFzRGlM0ZEXdQg0Ks2xvugpaMm2r6XIBo1L4II8b6JQSQBDtLol4dxJTMOkIH8QknZdwXjw5MK0Apv0xILR46BjGIwcoSE4gA8EHNZFtp1sRdQFISq4CDKKh6w8ISAjrGcFOJpI1LUTAwYqUTENgKDn7n0XHv2fRPNlEoSVS5c03Ts2M29KoADQ1ONVGAUC2p9kD4kTAMoGBDm8X0OtEz7cROxTnC9lyZAAsirwWbXIoCKwiHE+S1MynGKiR0s4OMKC8SU8lOOwwkbARQ5QW+AxMM4HlcVJESkgcsHw6oy/wsGSnhIlcah8jVVHpSUOgTN2ShkzgABAABJREFUG1h6pztEyf88z2sVDAGTN7fmFBdjCEBojijpjdSs9K4uHUAMwZK2gBkdExGkKQnSoScc9oSUurqBf292iJKwkUwxHLSUR3xIFh6nMTjef6Cjhj2JPIeB1OAZTk18Pk6YX7E4CHne4iVmM6Eh4G9uU8bkitzH2n3E1zcNKNjrV3If1l/cT/7kFtTvrzenjx7hr16s912M0czu9rFAiwpRtA2ZwtWJVeiaLogYoCrQzqSL0kZNOXUIEFMhlAbN6QMd4lZT05FGdYnHmGCLjrH05J1V3j068XVBhJqUn5QZyJDUTyMzq5NYlzUgC5qpqRk5GwwNyh6doz5E77wrEIJhiWXtJCohVgsvXU8lFlUR+kCO2aGF4Cqn6UGLhAX5wocuCbBMRH3h9ptu38S2j9smqoIO78wouRA1g6gQBVc7a3vYtGHbKICFoGbpHGZJRlZFDREmebQCmPqw4YDkuk5Nk2g29ZdmKkcAaBqpmUeD+3EYmxUwQ9+XqD+EEFRH+hHm7w5TgO4w/IBh1QFqkLxLBxe6Ju3E0TNJlJASCsZoorbvBAyCWlR1lO/tmH3qkIyM7NkMCiJvUDksCF3BKcjIHdOTRtLuiCJEGqqOwUx4nPBpmZaRN4TJ2AF4CDEEQ+T0W1KuGVPjh4drjdKy5ZCtlpSiaEdCgAEDBSk7CY7cj5Dfdun1BqpmjMy4Dfa6A7fbwoO5gdGyNgz67bdXK9rD/off++AffvFrJopi205qJjFrgzbBxuWMWGyD5B+JLEouMseiAMeaYKCPJwzeKChjwtJh5d204vmECoelx8IBYSYXH97hZlGNgQCQUZBRBBCg63pGWN1v6tpTwSZCyOgotKGsCu01gBSViyB97IsZMxM58FPvQgTEybwKDcc2FBMHbECInjUAMTCQCJA4KgjAUPLJIeZ9E+83bdNpHyTqqOemPmra0cVoUbENdLeOq13sgiS6GQDpwH/Orc2gTsx1i1k+lQiQGShHMV82plmO6jwaT91wXWJaD44hP0dwpHw1pNsvyb/SLEbH3xTUAHUQZaWmERE4PX1D46B6cNSKIqLxMPAnyPXriJTmgfmQpN5goKoKGDVrx9toMV2pACkd1Tma1MVs6md1AaDugMI9gAsP3pexEh0tS3Yw3lsW0h3v2fE3ApQSAZvVLNMZAA6z0bf2gTkCTVHtUAPr8N+kloLGnzKnCucEGzpOeUr/vnf4L7/qLv9fz/+jn81s4U9+9iE07avPd8+buatis28A6eurdR+lE44qUaSPaUs0iOeGNEmwg+wEEYk4QUdyc2qabhV2RIST0lelr0uaVLyYsiMsHRUOEUTVUhAsgaW8aEK0AenvIIszVIFAmV16+ARMuxCjLuYVO0YEX3tEwIIdm4pwibOq6tuePbqiMLOyLtQzmpW19wU3iCpS1k4ARA6rWBXDgkP6ixC2TVBEZ3R9s19vY3bVpdKass4DAPpg+w7WO207ubndGiQNZ3bGEKIRHXxvgzpkuL5GSxoeQe+G+HNEHeJcCUmzBFlHNdY4xYNhqpnPqg0OestCbc7DG8znHEEBHI1HfJCtIKaLbsCfKIA5oihKg9cg6a3ZJbpYng/pMGZLRgwmyI1JlolaEDMDl3TbopJEcAdpJibvBZkiWhrM0HjFH1O3h+C+AzweR25MfkWNl2euNeHA7s4fH4wkejzs9GCkkyKlQj3dxnpk682HktBUxzzt4Rji6HcZkaLp5+JkxAJU1R7w7NH5tu2f/vP/kdu9/If/8pd/9jeyPynvrp99/uJuOfXsHVHfR0mWUMjqWdDRnzA8IOnlnYw9setUjYqCvWfniMh7P59PTcIH7z989eLNpPQSg0j0Zc0Mm10ft+oIUzC6xOiZPENGOyN6dprHwkaEBqRmFgVTOJOaAQQR2HbT2iFZF2JZuiA6n1cqIkBVzUBOwOrK9V2MUXzhHEFROkDQKG3TO8cEFqUnRgMMQZqgUUGCdl1g5uSj7fr+ftMHSUKI5LpAFRMFU2g62zZyt47bbdd1fYzKR4WJgSARGqW1lQxQIjsAvw7yRTWjHHueqsEkDR0uMdB8po6nhvnDyG9sg2GmMub7QXqpGRxS/LIlABCiWpmeqATCGFSQ6U8MZmjAPIyv8zcOqsPwPr+Mh8ja0RpPUDjsBQY5qBlAyLIYVLNk4U0/lZoyApn1nqSgmDhb+b043Gl4SFA6gD5NDXlg5g5pLXgUsgvDEBlQD+CI0XZIY7KawiFee0hBRKDsUM7nD4ny5Dh9uqOgfOzbbewT4C148eC7SoKjFvlf/fnz3/lfvhd//Yuv/ruX/+bn+m1HRdP97RdvlPDRxfR20xKCSI4OOaCusiAj3cSaXlxErIg0XV58+PHi8ZO+ic2r1ywdxN76bnYyv3vzphcULL9+ceed67pwt7HLy3nhp7erXbNrEaEqqPTU9bEuqPLEDAbkCAoGAnFsCICMYJhVJnmtioTQtMFMi4KiGM1KImx6mc/L/b7jHqfzOgYRA0BumlBUha+cSCwrV05cVBGw0AVVU6AQbLeXrpOo0LQ9ExjEu3VgpvWmi5q/zzRzSjyVfaf7Hm/u+6bT9WqnEkWNEMUyRhnBiEhFUI04TVJIAXRUCNOw+hs8bDpIisfQoMSqHQ00dKiV0oo4d0bDO2vskEbfT6ahWD6gmopeMUgZacGU4SAlzdDepHYkwNG4B8BEkFa3gGIGAp7TfQ29pLs6936GIABNVFEsHCY5eEwNKucrLdHyUxtOYILAFp30UgCacXV6fkRvQqAjvAUcLLs4IGeGsNsjac1wayNhLrGH3QQRDT5ePHoZHkthcIB560CNAdMsEsLfyJfBo83HqIIb5maJ7D1SAJMGvEO37Jpf/3fP/8//9ZovL6bz+u++vTOwpw/mv3x+99X1xjOpHSa1GfWaBmvkzHuaTHG+sPkSl6dxMjn9ye/87n/8P3vw7vurN6v2+pY0Quhj17a7vUZpdm01qXfrbXo2QoibTRcFiqpq+tA0/b6VPlgQWO9k22nTQRfxdiubRtsAbW+iYMDskgkB06BhZB6EKEm9EcWc5zQfKku32/fOswGQc1FUBLz3MQbIszbqgrT7ro9iRtttv9qGpgldr/s2tH30nq9uml0jXRe7XpNmQBWigipExTdreLPV23V/t2nbpuv7gIdUrWEYdojqyT5ZOmA/8zYcfsOOA3n8iAfe33HLfRSvjrnaGsgmwx9/nGKZ0JupN8WRtpabl2QSHpac+Z/rEHo5jh+zwI1QLY/comZ1Zdpd0aDp1SSgQTDEINpGCAaDNwraqGrgmRxxSlBJBo7kenAIHs1rpNhbDG5UPsNvxrQcWrZxe0E4wOPTJUV4ZCyC4fVwdGsdcs4OQG9TSMPuo7eYHSsB4BDWAnQcoDSUo7m0P3JAj0seBYi5lQIEemX4v/87qaxeGf36F68Kx8vT2XJaPbvd/80XV55JRYbIRDLHyGxFAb4A58F5dpy3N2qqSuyWp2eua/e3q+bqDWhAU1UlQO0DgHW71gyLqgxNm9F3Eu9u10XpOcFMEJI+jon6oH1Q7oQQtiEykffMBJW3SWXLmgsHTOY4bZez7jAEETMRU7HForq5a87PJiLw/OXm5LSO1nnmrmuj2mLuu868x6Lk/b7bbQN73u3a7TY0bSDGZh+J2cBuVt3dqkvfghoQQYwW1NoIqni3tTfr2PV96PrYBTLDNKC3t4C0yc3AhGPoVRqM0KCMEqPDEsIsz+cQwQZI9NBCUkrWzbfasNoAtCzZz5zMrCpJTFqgMbkhaTyiGSMmeCEBRDNCo7T6HwYw0Sz5v4afKg9h02YyRc+nSyEiMB1u8ZxnaFB4ZoQuYtSQlsDJDBUz//qttLMkISBARnAIBVlFxqgu/TzE+LZ4Gsd8waETtEPO35FVCQ4hvxlyRcQ6QivytZk/SUIyFRgENSNnzdQQDImGLUMeZeMRZfjIanEsoRmtiWlwiZYNLGAAisQKkbhBB0Xx7a5p77bz+71j+vZ2V9QlMBsRFIU5b96j88iMwxJpGFrLEJChbjqZn5x6du227fcNEanAOB1Nb5xu3yoAEltaTCAgQN9F6MJob8dB7ggAIioJyC9ZYNH2er+zdV2en52gdiX3tSewmCkyYKamqG3bq2pVutdXm+Wi2rdx92K9WFTL5WS/6za7IDIxEFCZL6qmiW2nzX2/XncSrZrw/aqNSo6tj7rZ9lHMe0QwpuT5gHUHTYR9p3cbaZtO+t5USUdnMSoYIHAqfmjMwvsNrLoREAMUCILaG8aMSbAh9wRHlK6CDqZtO2akj8wjGx9Cy7+KcMx+NjVwCMl6k+erOrZGWReatMrpFiUDR6Rmg8JmlG2iy31jVmQm59JoCTbJ+4qUek+Og0gU40EmF1XzJDIlZB4MuQZZe2DDHWU6hoSOw6vx1x7yyd5ayL29mcuFAqYaiXJdcQTTH4VGuWHLzJiUETp8OkO/m/ejZqpgKYtioP0gplgZy6q+QXaKo7UHAA6QxTT+iqpMlJzOqgizua/rVdcHtfLpQomNcnAnDiIlHQBaWSk/Ul4JVKFaLBcnJ2DYrLcaAiU5cGIfZPNO0lAmuQ0BmIodfYL2G20M2ChkzxV3GnBPppPJ4qyLJh3edaGuaFoio1QeGTShGQyg72MCqYe7pix4t227sOt7LSu33TT7Jpwsq+22re57Ztq1sWli6GVxUm/2Yb2N7HjTpzUoOsp0lqgQBF9v7L6FoLDvIASLIUqMSTU9PtYpiYEG6g8ngWGSYqYbNef4aZpwMFGNFBBaPQzQ1XIOhB68N+k/kYEN4T2AKeV6SJVN/5tXcIN8DMxkLIDztiF3UUNPiqMYmQ6x0Bk0o2YO0wYCDKBg6mNmHCGljX+q1yCV6ynYENT2fUzFpwNlBDOMagpWJcyr6gESaJiW+ADWCTT5akN37J/PuUVpDZGbtPy8w1sBnWj/vbxsPPQIg0P/oGo5QmlneB4cOLKjVs7y/39EmxlONLwtrciKHDtAbrL1EMXyHDndzWLmxh9GTZCwqlLm45hbivm6O0reoKPEqRHngTA9PZ1Maglhe3+PGhHUNJoqgiUP9nDDp9m8Hl5ZBgOZjlKWeuK0gxmNKuNcUOPJ6dliebK7v93f38QQDGANMJ2VZek8w9mCicC53O/0QZi566JEJeY+yO19U5WMRJvbfdNJ6KQo2Tlo29h2MqmL+1W73bVEGFpLCzwmMIMYtBXohHa93Te6CxAkEXayPTxLD4dWlTM0D9/28xkTAmA0i2Z0CJJN5lf1ifZ9WEcfPEfjYNzMMPMYhuXh+NrO0vHcd8Jw4nAgLRwfy3RY0/aOBj5LKqQND4m3PGgKYLihuqCOkRk1G3bTBPWwABv3CAYY1aLYaKmLpsEAATznlwMhOEBgCiaqCmZiEAD6Yafnji+5cUAIx8/+Ib7X8K2W+lBPHkLGDv+bb5T0X9M4+Mwwn1R86jiJHVdJanlROlySeJxRM2jBj4yJ2XLFow1KM780N81qmSOSi0rLrsocpk2U1DwJKzYcHyNiBEzcirRgBseT+cKza+5W/XoNaCIKMaBKivtLguRUZqUXZ1K225Fo1g7qkfzGUhHNeiYg4tPTs+l0ev/6Rb/bmIqpqpqqru8COYfMqy0/eTgrnVZF5heBKiJEkSSfiNF2GhnJANfrhpBDVEQVtRh1Z52ISBKOIDGjqHYR+ghNgFUParDrrReUwX6KAMhskVQjDTO5hG+wYS2Og8XWstsVk9wsqqVOSrIEyEzVITmkOGCKYKhAAdODPghrsnx/7FvsMMPD3ISOlYoOXtikp0uhKDnvCw71VN7vUZ7QpCmLpVJzmFekyhbUSkImVDMicERBNRpIshTntXUeR+nAA0yjVLFIiJ6QEZAImRJcPqqmpEQY77WUOX08mDFQIjI7Hl8dRUf8xj8cdw5Ds6gDrP8A1bbhtXMkL8KRWopvR9sfgd+Ot5J2UA7YsdB8XEzY+C8mBU9aOOWs3KOLO8fX4PEULst5hoo/v1ztUM4M5wV9Wc1PThzh/u4+7HZgIGoYBUXSqdNBLWJDC2F2kBfZ4P631DGamoGKFGUxnZ46582MiZ1zq9vrZr0CiYdtLYKqhT4Y9PudhSDTSVkVcLL0nqBw4BkBjHPuosVgykYIIqgIFoHIYlREiMmoNahb+2id2LrFXY99EhebBsUBO4ZgScdHwA4G8YJnyhrdRLVJ/BUYc7uy19YTZfrL4AKlUREzGGnGeBLCwxIaM8FdRyfB+OgYjhYKG90DadwwQOTyjaQINAx08gZSATBPRwaQXx4laCbl5vlnsuT2Ucds6YROyS5WgGigoi7jxkBUKaulIZqZGRMygvfsCwbCIBj6MUXGCGFSubOpm3hUkaOecFRhHevS4Mi5frDHH8pFHBbxgEDZ05Qq+HFtjwfPHw6aNTU4CgMeNySDu+VgjhjyQYf2Wy3PkIZF4chFBRtDTg+qF8qqGs3XWnozDITJ0R1iOsaPJhUrpfc6EWXtqkk5nS2WSxNt7lax78AAVUCFTFM3mD4vGnvL8XOkwXNy+Ee5dXx4+fjB2YWG0HZN33eqGpqGkIvJPHaN9p0dGAtpo42Etl3v2qYjovWuPD2tvMNZSZ6ME94PkBmSc5wIRMSU1DQ9sqljMUBR6AS6aE2ATQfEoyAWRHOow4E+kmIWSE3iyIL2lCmm4yprFEoRZiBQQSRmQbPYUE0dsx4NJ0YgRYL2phpFh2E74FEMkR2tMY4mdLl1HLOFBoSfDTe2DrmzWQ4+NJCj6DfNLQfe7bDGMOgUEKxwlOZnAOgQk8d/sKWBQ0gvLH+0ElRV5xwx+YJ9wQb5r4bJjghYlXy+rC8Xvi4QRNywh8GjAeRggLe31hVjcm7KfBm+jLy6SBuLw9ASxzCZnFuYnnI70iqN+RaHP1YHABuSZuPBwRA1/mhHi/XMoTmKoMFD80lDOzc0EDjyNsyQxmORS9MDWOBgZTy8bCYnp1Vdx7bbr7cZXRd70jSpHlRU4zsMAWxI2rEDtGr4u4BIePLknU8//OTl11++ef2877sEYhm+DhozCIZCQMVGbC+GIES2WrURcDotdo1NSjSz2qMn8wzeIZjGaAAYVQjQMcKg3miiNQH3gn3EPioTKmBQI8KohkQWBQ51A+a0W3NgmpZEjpCHe2AAe2PeyOWJi4kBoTEgIQXNOc1mQJQ/+rE9hiyFGV736UYaF2BDVTyoT4fykQ4Qq+FwJiU9HFdVo9A3aQIS3GXgjwFgQrIMd9GIVBlWYmm8l3YPAAfu07i/C6pAyPlixSh60Pdk3hz0olmSBYAIhaMEVkYzpFzb4+HqGO214wd8WIYe2sKEDBlc78M0WZPqKq8NEzI1/ZY0IHEOthZ8ixR8HEIog+HFjiMKj/7iA/n3yAKTLGJjIXv89QwThTFLY2hCceyDZRh8jXAqtYGvm75O5xfn51VR7G/u280aVFQCSJSsKzAazdijOQQNxiZztDTnzZVMJtNPP/n07vnXr559GWLUsfEVSe+LA/4YIOUajE9qGvkkfmTbBHIOAdqATLhtrS6QwQCxLqhgJTRCEjVE7HoTw13EbQ8RSHSoTgFMTNSQ80CYCEVsMAhhOi2GgEQE5jkpCTLQeohmRiZymYCaLNHWiwYFh+gYo0GEcaidFSfDZus3PKWjXG/w8RzvqeCotjryw1EOYhgHRXg0zj94ZJO9MOrhkUmyz3wFDOExgzA52Tm0YIyAcaRzD49kNBNLGzIiBFUVyyoFMQhi0SCBiIaJEaKBikWxqFlG7vIkCscaUNOVRcci7IPLdxSgDfo9MeRRSJbnf4ZD7O5hhGpHiWjj4bNxEHTEoxkArYkdPDKn7MhylaM+7IB1Q8NhrjJeidkGmoufpEHFUWhz2PXgUf17hGBUU7Q0ntZiOp2fnjBCu9r0+0ZCDyaWkF12kNQOj0VKvhi63fEEjh+v2oMHlxXR9asXpsrOO4QY03ppvH2znj+H4B21AOMmKYpSgQliachB1DF2DXg0Qtt0OCmZySoHDu2uwU44KHYC0cylvEtIUulc7idLtKgmQgyYpCcUEZOekhE80lhtKoCppTFpQegIHFiBxoQlAzvqBdbBtpKUzQSmmkbTb0mUjw7f8QN3YGSOk2McOyaCUU6M47OW9AMJ+5AcFUk4SvkFnPRYA7p3kH0PvBWIEThvYoEQbJiNgiRDXh78JLBvau0UQEGzcw1Jk8STiIkl2l4FiMRyIu84wmh7ud90pNI4BDX3m+6HcaSZxumUBC7DFgJHv9OwNM3/Fx2JY5SQDwH3R6aW0a1PBmZKxDZkvwzRhZheCdmre/DjH8luhnb1UEIPUxw7iOpz85eoJ3Z4d9lhuDw63GD0Io3l6xD9nWturU9OF8slim5v7kO7R1CNfQZnmWZa5TipM4Xcc+JB5ZhHQZTIM4vZfHV91bSNq2oD6JtGohxxtYfxYFZ8HXIgxzGvmbFn9k7NzJQcqyKZAmCrMHGgCrteC8ddMDNqJW90oyoziuWgb0AThZRaq2pEJCLJ1ycpFcUyARfNfCY3GRN6woLAD3M5RKgZa4KC0GMKfkBjmDFc97qOCggVcafajwbnQb1p2ZCdpTg0zmIORmi0HCAChyX2EBU2Qi6GfIWsPh+7Kjjqg3KpRAiaWcAwUMyHV3YWuKUXQbKddIJwlC/ABAmeqmIDAT2HFhqCI0yLsa6PaRpDlKQWmfAdze623b7pEpbK0fA3h0GCeWxkMj1CaZuNkWbD1BCPYgezPoAQTSWJDSyr2wfXfdbgZuakDf7mt6RzR/o5BcUjVvdxJT7w2vIeYvx9LM9+KL9WTZH4iJSDQ42T5mmD5O2QGAXjVZ9fj2ZAPDs5Lauqb7r9/b3GgKagESSapisKB96J4hG7McmsBmgfHG3GUCVsm72vJlQW65trkQgpjmWwMSdLumY9em4WB29nogkyezawGKNzBAOOAQGiQKQsioiqCNhFFAViCFGzbTv9Yhv1g8DMQZQZmDD2MQmXlMkk/bHiEQrmEqAgnDDOPS4cThknnhCwGxjyCf3qEBCNkZpkk0DcRAXEyjsVExue8qHU1EFxgRmRCAlmMRSXOiYhwJF0+HiCjXmmM3xpw4iChmno6AUdJD0ZM2OjLyftINO/PjKVgKKaoAKgJxjv3ShmhmlIk0ZvGa9myAiMFmSwTgCiGSOltAxRRTNECACCllrtIdcbD+yaQ8v2Vs1wvLA/1lLDsTx7dCsdNdrDcQPQBBewo7L2MKoZdoY0ru8HePd4WR3k5IMf/7A1tGGZTCMMPKE6Dvry4XjQ8EjnNlDTSaYxnTtb/dAAgH05Pz8v2K9Xd816DWam2QNLAAmxfEzVObwwD8ttHJocS1Vf0+yWrlient/cvDYTYoaDB09Tu4IJU0SQokh12J3piAsDU00YeRzDHhNTKA5vLRRDhF7yOE0NHGG68Y4G42SAxEQGMUoyBsYgWfmDaCoOrEaoCD2AA/OAFeKMcVFw7cghOAQz6NTWvSlAReCZtn1UJGYs1NjyCrf2rJr51iKaWlzCIeQZ0nRaB2cc5qsYEYDM9FhNfAyVGQy6eVSf9dn580/uV0tEPs2ktfzaSuUb09ChpDEYAB1m8AZZzg15XJ2ooWa9WLrKHELUjKLhLCIHh5Q83ghGppmGNeApEMAhECbFjFk2T9CgzR4qdh1buWHINDzTBoR2XM8P3dYAI8ScJEF4LILBRM4+GgWNa/gjzOHRvamGR1lOh4C0cXSZX2o6AOAO5eVvcBBsJBZAHtKMsBocBnrjqRz1wybmp9P5cokG27tV3zUZlZYXf0ZHAeOjHGuYtOUv2Ibzbrnd1d129/jd832zD21DSJrUvao2JqPSsOXPm+m8g8prlVQMYR6ye8eqZqYJbqt5QQvEKJrh+YXDGJLeyqJAkmKRDcgCNQRlJrM0jjcksJjSicSrlmaO8urVEXqCFARhag7AgZEBGnhGKqAVc4SdaATci91FCEjgUIjL0hNB34Sm6RFgPi2LihFJFNq279v+kHg3CkDwoNDCo/+XN09HgLKD4P+gvjySsQKIDcpysGhjcMq4qwQxYwAkjDJox3LvpYlDm618qqNiZkgHwagqQ6qxJK9wAqhnLaTmDfiBJpXFG86GWX5eKuQzSgM3O7ekI300pywNSaBvzy0Ho+MRRHgIXjowfMZxFRK+lQWDOZo1tbF2xIfKuTY4vCBSo23j3CMZGQ8BbqMdchxy4SigS19YRjOPV7gd7vIRZIeAhCpSLRaTyVRC3N2vLAQwQxEa9ne/OVo45JOlWT6Tq8gXSGTe83zG3se25aI0cn3bhije+9Jx7HsZFCdDzQw6qG+SPoPANJtHTLKWGp1jA9QoxCiaIqNx4L6aGCZtbCq9ElE3KjAAE0UDj6Rp46KQfWeEqdslJgsBVAuwihENSoITh4uCzgou8jbc9l2cekTCoGaKjFAgtqL3QTcCrdF91G3sqSoePlw+eXTi2IjZe4eE213z5npze9fsttvQKx6Z3DQ3wzgalCCnf1KONoKDLJKGcdswQ0zgwzR3G0iiCnEAVYztBw3YYh1nhDjahGB0ljCCjS5ByjkshKSqnC4rRlGwwQClAJ6AATHmq5iGZoEy8PiAuXY2fGFHJi489gulWjIhqGg4/YMsdGivE+QYbEDQwVtK0ySbgaHfwbdIhZBpj4aIOkjIcFBFwdGrLmn1MYP+YEwp0HGxMO6R8mYXVTX9WylGHPPIlDKqeLzzjxXB6c2XHA+qyLw4O5tO6m69bzZrkZiq15FMRYPsIOVyDVMTAARih1Xl6prKyp+cTp485qoM+7bb71V0s9uZii98XVaxa9N0R4fXfcawwygnMhgalUSjJSJmZkcGIDEmNp0qqIDzeBCrIpgCu/R3TxrIhEUCIuz7JAfHJI8jJTMTNRGNfVQREq3QagIPNnF0WvB7Ezrx6BHS8lpU26j3rTJh7Tn9sJ3qba83ATaA6yChcO9/9+mPfvDek4fLSV2Kmois1ttvv31zd7O5en2/3nRBFAETnQ0p8chQxET14LYZtup5lwyj+IksO5VSf65pFzkA12wUHWvCFA1joKyqPGh1DBIBKpmbBpkEH9QAI7UNkDMjIxUXA98ePMLUk0NUwFRUo5kD8ACOQASCmSE4hJKwZnNpT3gUpHT0BOu4XSF4yz05HJAjuAwOXsmD4/1Ilny4i7IYNeV6c9LsqZjk4i51CWpqqInkkV/qyRycWBKIMKQgWN7Q6HAjZaDueCcPznAbuArDUGnsLo8UBXlEBgcdj6loMZmdPXhQOH+33jTrlamYiKlmA04SBwEKJB65HmBzafDT7Puum7zz7skH7/rpdH93v3lz3dzfaxBhnDs/n876tomS2x5TTd+lDGbpwWJio86WssUc1BSCKanzTIQiKpIYpJp0Q6qak0CJdIwlB0SwKJKyvro+es9mIGJRAyKKgqqCGqtO0WqCgqAieljyw8rNnE0cFZS8AliSc6zRZBtV0RChU20U7gRfG+6A5o/OfvrTj37re++dzuoYrY9iYkjy8HLy+NHlP/p92K63t3eb+/V2v+/X23a769abruvDZtvsd0N1ekCD4jB9SR28MpFkQShloDENd90498nmfBzx24BHzgXNu7OsRz2sjO0419mOXK6W8TWYuDLppZbuycJx5QgBk7UiWYJLsimBGgSyVgwJGaEkqBgqhhwgkZ6b8bQdpJVZ6nYUyXmI4B2ghuMcZMwBwSPjdPZ4Ug5no1RFsGksTWtPZQHT2jnniX2IGmMMfWzauN912732QUQtaFQD5oBERMCMiMicHy8kotGrl535lMNGDwlSdNDI4RG21AwozXh01KMchlFq9Xw+XS5NdXt7F9tmtFkNHGgcc9ty3nIqOYhMVVX9cnn5279z8snH++3mzZdfrV+/ibu9xaAhXKuUBTukViR1tsmvnR6V1LLTuDKF5HzLLYqoKSgagmNPbAZpy0jprZBy29WIUUXZcfpX0ncRVYkoqg2zLuj7yMyEmGZ3KTvCqZSYskoQzaq0eEAgpCDmEBgxigWzgqjysI5210npeBuhQ3wpcI9ucr746McfvfvhO24y3xsXlZ849oSowUS8w4JxuZycnEy//OrVq9ffvnp9v9qGppPQS5Q4JFmAHs6iDaoSwIF/QcMEblzvj6kNnJ34qJajRenIhqDDM4yDYA3eiqg+HltgIlYfDSOTVlvR0BOmeS8iesa0tc99gyIgFIwFqhqUjCwgBsSIDExQOHRHQ/8ha2PkMI0/YFoz2Ntu2lGwaYfoMksrXOIRSWh5/TFwB/LFKB9x/2RKUW15Nn30aFHVE3Aler9czM+WU+t2GjrTCCZRbNPpvsc2aoi6a+Oqidtdv961212zWu9Wu27fhiGDEpiQiIgQCVmNHI1vxLetjjYKawbZb4o5tAM3CmB+fj6dTPr9fn97ZyEAmImkYBGE9BpM70RkwihGRKqqMfq6mr//3uOf/o5fnFx9883di1fdbichxhAs9CaiIg3qzFSTESqxxhA9AR6ucBhxnZikY0cS1PRtiApodjOQ4/Q3C0GYKRmS0SxEHRstNWAGMBBLREw0hBglt9yiFqVQrfMJhAKBEXrRTQ9gIAXXZKJQcXZ/dRkhh73BuhNBWqndKFbn00++/+H3vv/R6ckCEUVtGwR78Y7mlfeuMLAAYuR9WV0+Om/70LZh16xVgohyqigNdBCQoMGhDxl5S5Y1GKNaXgen/5DqeThY9jaZJl+xhGPZOZghM/abhtF7GrLrwOJnoiS5A0CHQAC9ahxCikQhAWxENE+48WgXj4AAETAYCGJvaVlvA83/WKEAh7SHAdY43PI6hIQO/MExMIYy/vattfJoiko6DEUoQR/Na9EwK4tisny2K14/2226XRNi+eCdk08+ePlXX8HmtnI481YVuJz6xbRYzquLZf3hZTldLGaL+XQ6mVSFmWw2u9evb69evHlzc3uzbt+s29ttWO37bRvbXtpeRHNrwUTOsXfETOkitSTIOlAWbbwH0QCLYnZ27h23d5uw2SAm7UP+NWqSyVbZJJEfBVdP5k8fn3zw/oPvfCeKPvvsV6vXb9rNtt/vJYpmt4Wp2aqPBaeNlonlLBGPlCSLduAd54IjDatTwqtA7kKjACIQExGm/KPQSRKVaTT2FKNi4mmppSBOzZpMMFPR9M2imqoYq9amBYAHLAknjOce5w4dYjDb9XrTaoEwdbgs2BN65l2UXnUnthPrDBqAl4I4n3z46fvf/8FH7Iqbuy1R/szrskCm3kCiWZQYRUUKcvPF/ONPXFVXs89fvL5ar1bN/WqXnB8Eh4T2pHyiYSCj4+s1HVRTGpIqxgH6KISiEfc+LNXSdl4zIHSIwNRj+BGMGjQ9kpvkpEA1JuAUuC2W1j9RbduLowynScPGHq0AiGDdaK4CbBVIoQd0eARV+432z7JDYnDEH80OD2rOoYfCQ9i1DZlPKHoktcMBWI80IUtYWUfhce1+/uzGh/hoMnVTKPgNX/+irpp923dRd/v4ptdfG/YKcYTqMpYFV6Wv62JSFbO6WFSuktbF/SnH81NwDydAEyIGcq1RBGqDbju92/W36+Z2027aft/0YkZgRMjsk6QBj/2NqkVdz06WZNCsNt1+h5pSyk1Nj0wziYpHCoLs3XJenp2q88XylIvy5a8+X796s7u5jRI0RddKNBGTSGo70xq5dk5CSD1k6TmddAIERBmDQXMCNrzFK7CEhCBkAqQoRmaJI0pMIQgRarqmkm9EM6Qn9NF7J1ERQSXtRRDNClVvVg0dy5nn85LOPNQENSMB9JXddnrbxV0kQ516ZtMIsIpwK9AYro3uAGVSPXrn8tGTR10wIKnKcj6t6rosC/aOHSGlu6XrIFjoKUQNAmVZfvzxU+ddH7/a7Jp6Ujb7XkQykm80XhBhXkGNdaKlgKTBLqeZDQuWw7yGZRWP+h4AA4jDczmgfrPCiQduRHJW6KjHys+1MYKjrCVI1LloYAYF49TTKCJOoyFD7IG2SEG0TWXqYOxoFRXRjZMUpIModBgrHY1vUdOcO6X6JBFR1iTg8Itx8LrnRN7sBTjyASaUqpaOEKQoCij45Q4+v+6cI4oaYn+ydO8/qELfOtlXJJdTrc84hXtE485ch24v1CjuI+5bu92Fpm9jiNK3sWtZBaX1oJ7RO5xPyum0PFlMz07mTx8/+t5i5h2X1ayLcrfaXm+a2113dXN/c7deb7a7/U4lOibni8J7ES1m8+lsqlE29ysJvSatQ7pBANSUkd5eb6K23eqbZ5e/9eNHH3346utv7169EQA3n+q+saY1MHQMAEiMIVjUTbSSkIhVxHtHcNjpR82N7SjEs1Exi4AGPn33lKbnmuJW0u89TGtJVIFITYnJzCwmYVoCYoGqIICJsqEHK4b6xhMuPC4LnDmsGQswBmAEx1BWOGV31WmrgAKE1oitFXaKK6Abcub96eXpo3cup/MJOWZ2BtgFJY4pRorZJbRCT9AqsHPTCaOFrm00hnefXEzq4vx0+sWXV6+uNptNMxIKMgkGycBElfN2H48UtTnTc1gFG4JRwtraAYMCxzSxQYWMRyN9tXzgySDtC5EwAWlSBqbnxClOqF/Q9MsIPWPFhGxi0EeRvJMgRerAeoMo8aBQGWDhbggAzIu7gWc6YB6RDnlxkHuVdIwROQGaAMkIjt43R0StgyEYIcPtCMwmDlOQsi/LbVBVZXJIoAblbNEZ3u/7dhtUwZE6h94RmWrYe8J5yWcF16VzNabgnU7wfh/XTWiidtHaWPQCQWBvuG+dtor3Lb4Q91njGAqIJ8vFxfnpsoQJNp8sl7/19ONyMrOivN13z9/cvnh99eLV1f3tvYrOT08mdd013fZ+pSEgmoqAiGoqHekg5UuyiBgA9PFPfvzb/+F/cPXy6vr1FdclaQybjcSITITeYgAzC8GiAECr1iI4RO9cwRxF0m2bvLAj8CP1OZytepBmFWbgEng/2WfHTE6DGIUIJKoZECRtgSGRSoqphBgiApIZmxZJCTfsdNmMCGtHCVgsgIYQBxOmI1yUaESbCEC4jbqOujfcI90amy/KeX368PziwVldVZOqqMrSF74uy8I7JGg76Xv1jCqqBoHc7a692oRZSad1BWYxxrouCo/Tyj26mIvIdtNk6cJgWMsjfNMU1TBImfEoOgVxMM5n/pCOr7DcfCWf0bHfPHMPcNDvAsho3R/uUqTE/874B4fkGTsxSbHbiArmEBO+YPAnIxCpmljUg+kEhuEDOkA8RABkqbSNsYEHFeWQcDMCWd+OX0oOr7EIx4HeNgwiR5kaIgEUiFE0ihq7TdNnjryaGbiilK5D6T2CrwoEUQBXVm0X77vYicUdkEPnqSzcxNPU2dQhWaylmYCUpfkaPRMyRcWIgsTGGIndzG/3/Xod+936utu96Nt2u2IVtFiX7vLi5OHDh08X86cX1fzHf3C9a/78L39RLRe+qG6vr7rNxmJAVTDJ1aCNXrvhdarAVTX7+IOPfvaHzX7/6qtvutV6fXUVQo+OCVFj0BBMIiRIr2cwMNGd4ZKoYIZEpDdThUGkNuz0EFzCAg91acrWIrMSk8VmPLRZszo8BaSZUoRsKDHNHQxVHUCF4AGY8iSdhh23iG57K5F7QjYgtJKxE8CkPkBYEiDZdW8bsa3ADvDGWH1RzCfvfPTke999fzqpRKRpe1F1Me72bVVWdV0uZpPCU7Pf913vGAmMCRqVF7f71wiXc1+iZ29P3r38/ItX33zzSiz3uqmkSgKUQUmTY9IY87NHlNtzGkwT6VQkq3tUG3dnKdVnoLzBEQojD1dpTFs41qvkfaGpYUgZTARmkKD3lApjMaVEKJZMMc1gx3HrkdVfNEgz3RgAioMoyHAEKx2HVh9svHbI9zyI2oZlRm5GFX4D9JqRwQbAYCgiYKrKrti3zei7RUR0rm12Evq8LBDN9HkJDhQcMSI5JEZEao175ftAMWDY9xZ777n2PCsZxdCgYKsAaoeLCX33eydV7F5/fXW/7Ywx7NudQ/B1ElNw2O1efNk8D7Hryl9Ui+XyBxC+evmN/vh39vdr6RoGVVNUtcyTHMW5kJo3Kn395NHZhx9O57Ov/v7z66++adcrcOSKQiVq11qMxGRcqCgaQIzp9moVJ8gVYswbwiN4DqTBtxU44nnyEO+Y+sMIChBVI2LSVkpentCRQBJUI5qCApo6xALADZpIT1gglIhEzGgERmC92J1E9eQLEgNRiwZbkWTh7wRXQe/FGsUbcI0rfF2dXZ49efrIFUVR+LLwzmHpfVVVk0nlCLsu3NzeE2FV+ai22mwZLa04CWyzl9t1f7ksK8TZ8vSf/bM/+Ku//NVf/s1XN7c755K+Mm8RcqqDmWWbLB5ZTvGwJ6SBfoEk2YiEMmT64miOHf+z2ZB/k/YBeTZKA4gx1XHMGAxaGUkOEMzMzDGSaR/NmBQPEdd0EKcceQLhsIJy+dQMmiU4IrjAEP9woMEMZ25MUxoEmYc4HTwOmE83Bh3ZFAw9JiY5IBKya7veMUEi6rCjourvVpAN62l4Q0kZRMwgAnjQKzOiZ4LsrBVyZGjMaKL7JgixMcc+RA04pb+4fk4SS0Jkf/m93+pXN5uvPnMCaLE6OZ1fXHZ3d7i5ieSFini/6/ZNy9A3XbvZad9bFhsdhlFjZKoZELGfTiPiu9/5eLvavPj110LkT0/73dZCr10PCFwVNl5zoYcoWVXHbqcwQyAii4KDzTT3AgglER24OhnqgaOlMtmmwBwAqQbEmBMzDUzJcrwzD3xLIlJFGWSzBOgJJ4wTxqlDguRFMk5gaYFGDXqpGBExGPZiYhAMGrHbCA3gBn1bVK4qzx6ePrg8Z89dEGx6NXDCaljVUHpXFn45m8K5rTe71XafHoCb23tn8WQ+8R69we0mfP26PZu5mbdZ4RZnix/86P1vv7n59tvrpE3RRHOho1X2UQzTyNEmAsxWZnBMUTLyZ9zWp82hDZrhFPKgRxcKjavunOWXat00g7FeIBqUBIjYKwQFJCodlYxiFvIay4CIiYhxiITLJ54RiZIEFxGTs/7ILko4QFFGRlWKTB2X2HhQbGdazFtZ2kdUGRr+oRlkJDYYQoVGiAxETGLY9iH58VXM1x6ca3fbVBBHEQfARGyaFgkGRMxITMRgxsyAqCIaJYbgvRMzVTVQNAUxR8AEjgAZJnWhnUkUjQLMQaCJgIh9Z5NF5eqL3U0XmrvQ26PppCi4DyEat7umWa9VYuaumIEJZmvf4LUAQ6bdbv/9/8EfLi7OP/v5P1SnS/V+e3ubghPMjJxLozQ0S20hJrw3gKkGo1ZjaaPk7aB8cIc0K0M7jKoToU0h9WlZR0yIBYAfRnZJA8JglKESQ4QbUxhKD0KYOrwoqQTwhCVDTZC02mXJt61sowFirwYIt71Gw06tMWgUBWBNbudKLopyMjl/ePHuO5e+8N47z2wATS9tL+tte/Xm/mQ5e3i2LApXVSUz75vWRM/PT5vNpm+75bRcFDhjvN7CpgveuRnR2fniL//61+z40ePzN9f3GiUVctk8mI4aIpgM6TXIiEwjcQiPDGrJSpHqTEIbN/gpNAYPpkMDQ+DhEHgiykXKQfc/hjoNxnwDMEdYFiRq+17i0FVy8hYeUAlIiMxQOioY8iEcv+xsrBzQDEcuOyVkGjYe2RQwKNHyLYcpESm5bEbQko1anLEcBcSCyIMCQMGujxpj9IVPgAtf1WIW2g4SmNlSdhzm4MUkjCCHAM45E6FEfRoMCwNlCDUdmaEwNkh7exBJrSsTmDQ7RkBCTzCtysIkaEAG9q50hKIxBPCuWW/ifps43KZqJgj5ExjE+4BEfYiXP/7eRz/50Xa9McLQ99vra0aQtrU+kHeWlrgiEJWdAwcIoFEtRiQ0olbApxssSdgR0vdKY0TmIXMVDJLX3hCBKYVwoCSgNUJU84QJK8Zjmt3boASXJqsAJeHMYYVQMzoABqgISsYegBEf1m4adRs0GKpBUNiKtmaG1AKskWNR+bLkqjy9OJnMakI+Xc5DFFUrvJs6l16SEvX51f3zV7eTulrMJ4vZNPamQGVV13XZbTdN300LPJ0WsxKvt30jaujeeXrxB7/33f/qv/pX7Lxz3EeF4wBNMyZMu8F0uhiB0JjIDA7bv6F0xWGSmYxJhBhFkquQEY6Qp0fsCCBVUxz0m3l0TI1IdjbZQHlkJIQglsNkRA2BCZkpLQ/TJZJEHUzomBwlW0JSzFiOSExCgfHxggPceBSRpkjTg3V1sAENiJqUTXdILMxp8jr4Xs2sQiBQT1gybto2hFCWRRLsuLIMfbAYEEEUipIotdRR1DDhGAmTYDYvhTSqRdEYCCxZUTApO49jnpiJiCixLpGLAkG178ZEZV+UCMhoEQAdEQEKRDV0rl2vwm6jsR8DIXRcfuaSmmKMs8cPv//HP+u78M1nv37+xVfb2zsCiM1e2h7KIlsp09EtvKqAqIUIIlQ4MDAJDVA15NQm1Rsh8bAszur0gZplw9KWET1h4vnQQBYjxFThpM1+duylfhIJERyCQGb+piw4j5gUxo4wGJChY4pqFePUoRrc97qJugrQqkWineGGvbqCnafCz05mH3z46Ox0udm1SDib1s45BIgxTmpfeBaz87M5M+/3/XbfbnddFDHRSelmFVV1qQ52+2YrUjGcz6pNEzab1mPx/e+9e3Oz/bN/8XeUreyjihNTHmcyRqY3VDpaooZHHh6TgwAaYRyxgiZr4ggUz1YDHHPPBsMNptrDEw4570YI6f1ImbZmJZIjDKIEYICSyJZMjnGILxioJAhMxAlEixjSdPTtjBwcRT5v7y3yTz6iqOCIapRv2XzpHZJ3MZdMWTCdZMSVAwRgsLrgV+vWTLODRsQVRexab9EGllYyrQ7R58DMCeYBZsguz2JFQAQH+BdlcZbxKIJARCZVTQ5Fdg7MYteOkAtXViARJCR/bZJr9VGBXd+00nXZg2+WceQDgAiRRKSYTb/3xz8r6+nzr58/+4fPt3d3RBibxkRwWpmBxR7HaYsoimqMYMZVZQjS9YgY2LdgC1MliirpBuQB/nfIEgAgpGCGCB6RMSceURbcIYAVTGgJc5bJeTG9rQFKAodQMiJAp9gm74KaamKHAgJ00cSwctir9WolAwA0Ymk3KES3xqEooKiKqmDvy0n18SfvPnn6EMFOFtP79W67a713jmlSlZtdq6rM2DQdk5vU5dlyFmPYbPfbtru7X3mw00U5qVzhCqS4j7JvhA1Q4qur/cXZ7Hd/95N92//rf/2r0aJ1ZAmwUVeUwGCZTj88fZJV7CnJfFRi5AXDUMugGOjBbpB3Fsc+NT6okC0hSSlLyLPa1hGUjgmoj9qHBOsBx1QwDUBpTUbAFHWefAiKpABuFNHBAcGBg5ISD+zaw7TFjmAQ6bcbib94IHkPOm6iA9AFiTzizJs3LVirwjVt45jTFadgSg7aBkQd2tSjKHhizxgUPYGJEbFiZsUNUe8oOWkyKwNwWGo5IsUcAUnsctirGnunMca+T/xPYmTnSAJqBDPnmdDArI+C7ELfJ9E2HiIpcbz21dSV/smPPgXE1e36zcvXzWrNCNp1AIZ1qaomgmYQo6mZyACbAfTemC1GQgRiBNyDL1ULiDZCj+w4y5gQNFdTSJAW6IMvOc3W0sErCArEgrEmMIBg0AqoQUk4Yag4s2EahesWVJWQCCHFnKhYL0kJCUFNzbA3MduIbRUi0pqKjj07x4VzVfno3ccffPAYELznxaSWEB4/PNnu+z6EzXb/4sU1EM0Xk2ldMGHom+ublWOa1uWsLqqz6em82G7am/vmBrQufF1g6YmZelMB22zbLsjjB4vvf/pku9n/8pcvsgdtMPzZ0D0n1luakFKO17VjLMQ4a5FcMthoJB/cwiN2zAZr6pjmkGgdeQ/Xi0bDghABg1nUobiNcmCHQzqBmUQ+ahAHwyYiszELkCba2m9QLOCQq4ojqgkQRs5SgsMdxjW5LRyoLpCzQdLgLqp1fWCmqmBAAJFlWbioFZsv3L4PhWcECKLEHr233b2aeYLS8brVZCFM+B0mkgQwBycKTrlCorjnuO/AUlrVgNzJP5QSqUTODlkDU0Rwvuj2Tex7TiKS1DqEoBJFtWZyCKoaxJB8bFrMDeEIp4WkzDQAX5Yn772zu7mlelo+4NXrN4QgfVARLAsFMxGL0aJYH2AYFGephfeQAXBkqOyc9Lomf6rqCHTAImACYx5IyGlvbA6ztyVVoTiw/kvChaeFg4qgZhIzMdgr7qN5tLnHGSOBFoy1YhBrI6BZUCKACMpECrCPxqZm0Ko1UaPaXiEi3qPvyRdVhczkXDWdPHr84PR0Pp1Wm82OAKZ11fd9WTjvHTM5R5vN7vb6/mUXKu+X87qqq6hy3+922/18Wk4n/vxsen462zfd7d32/s3egZyeVMzoi6KeTa6u7iVKQXZxOuk+OH/27V0MMrgclMeIShj5jBDtsG0/YrFAHJ5fzVDtzFLTwdaaHuAhlgQY82CZ0oecAgbRksWcEKKqGMrQrncxf1/px3COvCNCSHlbaS1JmMTfKACGbEii6o7wDxkNPpg4bGRGpDH8AQtjhxVkVuYDgssRoQbQxAhg09JXBReMP3z/0e9/+ODhrPKMv/zq6qtfv0SkiohAPjqh3/vkgsj9my+uXwZGttvbO99HITAD76hwBAhiGAwbQUArUJbUndXycAIz6C+/896HP/jD/+t/8f/5xevgnKOBAJxixPPrEJGIJPbp/eKrMjkPCVFMgQjVNPYpJrauvKXGEggApW00BkrUejM15cHGAohuWm+urhTp4Y9/9Pr5i3a9shgUjCa1iGjXWYiaxTGYhPeqiszEbCJp0qciVBRp+xGYtuYmGpgyrHzAYybc04GJNWD2EI7oYx7grOAZw8LhwidxGCJCFSGx0irCKWOBREQVQfD4OpoCRrUkI973IkidYdcbILRi0UAM1oYroN55Lr0xAuPyfHny4LTr2roqCsfnJ7Ob29V6vStLX3jfhxijFIV//Oi87+Nmu7+/3X377Zui8NPFpCh8VXIU3TfdpPbeUVG4Rw+Xm7r49tn13dc3Dy9mhfeTqlqcLK6u70/npRETwMnp5ObNBkbdzLgqyqYTU8WMMzQd9V6DpM0GDvMBqKAHPz4cgJWIw8odGc0RBTUZyn5J7200AuyzAAATYy49FYlY5Jg8IYPFHH8yonzTBUYyMFDcb0BzBsVBdhHk71wVKDMFBmbr4H89oAeACKOqgv2jD5b/+DsXHz+Yn018xbaclAhk7KrSPXTLC9i/vt5W5AqvP/tg8dHDip3/4OTy5abfLuQrnfd91Qb89tlVH4UI+7adYLw4saWTExem2M8rKNimJdzvdQ3l8skHf/DhMsT7L67D+aIijTszTsYxIogx9+7DpJR9Edp2CJRVLio0Tc4pIqg8a98gqCKJWmzbNLJS1dRdJPV2isrc3d6byru/99MY9f7Vq2pex1jEKDEE63vrewlxZFSpCIiid8isXU/eg2NTBWIsnHUhzZB2ZhFgpsHl5ZYeOFpDReLTVACOr0SMqDNHCwdThpkjMqscEmAwCyBTNMdYE6BZMTCylp52gfdRxKATLZmAaB0sAASzXk0NIsAWeGUUGLnwVPjJfPL4nYfT+fTx43NRvHp988F7j5ndbDLZbrdXV7ch6slyVlXFer0T0dmknE6ryaTan8+262az2W23Tdv2pyez5cl0Uvv5pCi8I7DZtPzk48tvn10/e3l/Mq/3pTs5nU66eLffc1mtd32MNpmU+303egVHRjjkiNi0SFIAIDMGlFG+rWMOYab02ZjjmUCGwxDVzHjwtSU0V9oQI2JOfUtEfRv7TyC0RC4MloalXDEUBKqaqGCpDkrrQTuY4UEBHRxZP/JhpHE4CmMBOliEs3du9OqOqj1CiCKLSfG/+eOP/v3vPkhgxrIsmbBr22a1avb7Zjp59fz6w4dVZW1dljf3OybsxRzCZDp5ry572C+W/d0uvNkDlFuP9nCCj6Y0q7EuSQz2fbFqi41R6GJt0EXREH/985+HLvzRJ6dX969Joql6BDYjNLToHBXeVVXRNdGEkpAvdn12Nor4qnKEGnuJofTkHfSdOjNDUjEJfbb8JzVF8owpqAkgWpTF00dnH354fX17/s7jPsb1m9sYG1BViYDA3pupiVoikCCCmTQtIFBdg6mJ8KRO7R46RgSL0JJTsyWaBzEa8uuH4ip19ukn8YQezFGe4804+bURk/3cEEBVjBEmDgWgVysYo6pnNMOace4tqjLm4Wow6NVaU0TszVrDjvyWvHlkJmA+uzz/+DvvPXp8fn46jyEWvtjsulevbxaLqXdMzIvFdLXeffPNq6ooTk5mbdd++/Wr+WwyW07LSXn6YPHgcukIXzy7+uKzF8+fXS2W07Oz2Xxa1FWxb/vFrDw9myPh6n6778Oui7NpGQScd48fX/y7v/2yKj0SqqghEBHoW1Fho/wdEaMZWR6c2oH8DiOm+rgHGxq5UfZmoz0/dX2mQwyNHaQr6YQnYV3SrgVVMygZp44KhA6oT3pdREZ0REhJT0OMmXLpcEQOmsER9OGwKhmwVm9hqschCI1yAmPC/+0//uiffHJxtxdih9WUbTHzjmFXBF1fXW/Xm9XtdjE5sxiwLpum5arY7lrvpG3g7766+uyq+cHv/8E73//g/ekJbK+W4eX9q5dffvXmxSqkFVHohUHZOgTtO2h6/ehHT/b3d8+vd//e7z787sP1s7tQOBLGicfC017MF45qJ4StGRHlgJiuyZFYZkVdO4JogqClY0/QZYc7axTo++H4yRgphETeeyqK8nTxgz/+2ck77/J0/ub11f71FagwIxAUnoC5FxBJiNiMP9EugCl6Z4QQjZyjstC+S2dL+x7QiF1AuI840X4KMTk6E2MPLe2RjQA8QUFZT8OEXVRHiGBR0QhKhE7UEzJhicCGjRoiRrXAyEBEKKpnFSfAaae2DSoAnVkwALON4j06Q+fLkgunCOWkvrg8PztflEXR92E5rcuiAIUQQrNvYuGIqGn7ovAfffjo/m7z4sU1qLb7/sU31/WkPH90cnK2mM7q2bT89HvvPbpc/sM/PHv96r5r2+2sOjmZzWbVZteeLmrnmX3RNW3bNft96xhWm246mzy6PH327No5ygGVMLDEBnLXeNFlxB1iGrMxHC6xAT+bf4HZyIyG5NPOIHRDICDIU1BPKGq9qgE4AjNUSyhuKJhSXE+vFg0c06x0M88G1gTtJW8mHaMjAiRLdyKlrZu5ATuZIIYDQmPMHT+wPYbyO5E8B/7SSKhpo/zJJxc/eVg/u1pX80WkGstz4KkzmzkgXhPzy69f7AI127Zt+nqibdM5gzXAfIY3q20DePmD3/mn/4t/rsB//fdfljUVtr98n0/OT7/++vXnX19v9yl2jwBdNGza/uTxeycXF/tfPzODVWt/9KPH/7f/5qtVY2rYklu1UhSOgGZsdaXQQStqrnCE0Ld5jcZERWkSNfbzmksHaMqprUBnoQfpM/JpCOJFA1cV9cX5g+9+9L0/+J3Jcvnsmxe3V9fbm1vr2oJhAsZiZNr38Q6dDMV6IgWPnuHUmnBV5UAP50w15V6khUpgt0YEgRkEBJTMJci6x4RH95R2vgPEFlEMGlVnUHgOKZN9iApMvnkxa6IuSygQo5knOCvpupNOYSsWzHqDxnAPtCcH3mfCu/fnD07PL88uLk5ClJub1elyplHms0lZkqoAWOF520dR3az3L7bNkycXn366aJu+aUM9KZ59fXX/96tqUs5PFheXJ9uz2XJZ/fgnH55dXH/z5etm3xJCiKEo/Ha7m1a+79r1eu+YWlXvgABWbUuM00nRd/EwvR+aw9Hfm+bJbmQnHYWtp49x7KrG5zsvynNW2ghQyn0YDZJPAxU9RIKlRjFPbhIn0xAB6sLNq6L0FGOMYjEZypEc07grTOyHZMFxR2lBaJntdkBXEIEdmX0RDk3gsC5LjmbzCD95MLm+WRmRFFOczrcNu8jVjIh7LuvZbHZ739wFWky3230/XUrXBacAIiHIq9vN0+88eYHV+v5uvrzo7m+mch3bu7u4XcyKT7/7+PLxyS8+f/PlN+tOiJjAsBf+8Q9/Qu3dT5768/rpX3726g9/+/0PHlT+9Pz3fvCwYFvt7Nmru1c3uz4Id9uLAlYGO+SCCU2YQFU70dN5ueAopX7/uw8+/+YONDpURVI0izGzYkQsIy3Q19Xpu0/e/e0fffDD77Vd+Lu/+He3b25j30PfVNZOuMfYGnQNQoNemSH2MGSP2yHtEpgInYPC59gROLDJU54rIirghgpUnEJ0YBGG1mVYT6fHhg2D5KWCiTkmcLiNWgCamUf0DIggYp1aksTfd+oQ0owhmN0E20WLZq3BHmiH3AEDE3uPjqfz6emD08ls+ul33+9DP5/Um+3+iy+fP3500bShKKgs3cvXt4Xn2aS6fnO/Xe+Z6Ze/fLaYV++992A+L4vywcWDxa9/9ezl8+v1/eb61fXz5fTkZLJY1ufns+//+P1XL25vrtdqwHMsS3d/vwNRjeHqza7wXNdFXfn5YrLf7roQRZUAjYzGZIVRmow45POh2sDSRhMDzolGWcAwJtKMkFhCGHCzmDIPFbJCIoFGmYjIvJlHIMS9iqgWPkOWGJEQGLGuqqKsjUyitdKnoX1KLMxoQsIhz1QJgeuzCxvL6fFeIxxdSJhXuDgGbw+/RS5Q019m6umnZ167Bpnh5OFNnOylOKmKudcSA0pXYPj2xZvnNzsG6KJUdXV1dV8QpgLJleV3f+uTu756+OS9XRtvf/337u7bsFuHEJq2a5ree3pyuThdVlEsConYo8cXn/7wO/bmyx9+/2I6rbptp0iXi+IH332wnNjt67vzk8XpfFpK92jhJhNP5Fa7rveT5XLZ3t82+xbJ/uSn7/znf/p92N4X0HznveWb2yZEA5Uo8fUOlbx1jUo0U3auOlks33/3/X/0e9/74z96+P67r19df/b3n2/WW+0DhWZq+yVG13cY+j7aPRS9q1RFo5gBiEKiIQOoKBL46YS9Z+c0RjAlcpDQRkwWJTP7zIiwJ0a0KguscuzRCNJSM0eogJ2CmpWODaETC2qKaAYhy8GxN9tFC4aN2FZ0I7CKetXF+2jrqMFsZ3hPbks+sifvyTtgmiznT957/Hu//4N3372sSneymHVdd3G+jEG//PKFL3wfBMBi1Pv7TeHdbFrd3m6uXt4s5pP9vnv27Zvttun7LkY5OZtP51XXhmbX7LfNZr1f3W+ur1ZtE04vTmaTer/Zd/vOVBcn0+mkWM5q76jZtyGKc3yynHz4/uXZ6TzxHSm/rQ6s+Ix+Snt5OIrqHoj6DBm0TkeV3sCBzpfnEZU656NCkoqgAWInxph6RmjFelFPVDtOIdhiUJbVdD53RSXA2y7eNb0oMGPB6NLdR8SOEXPAi1nG4KcTR5hN8niMMs5E6DGjAhFMiXkEqaVUTTN7/eauWJY0X65WIdZyfkITl6Tb6IoCy2I5823bv3wTZvPpbtvFXrSGiEhm08VkebK81KLtdXvztd097+KWyFSla1siYNSicNO6+uH70xBhv29OnzzudusPH09cAWVN3//ew6+ebx9envzV33zZKThftdipwr6H6Wz+w08/fPH81Xa3nxYozUr69qNH0//g99///R+/D44ktPPa9V1fetru29JD6FBEFTokVLAoSgje8elHH7z/ox8U3r1+dvXsy+ftvo1tU0I3d8FLhBB6UUHeFbWgh6YxUfLeLKoGOGqqzQCJyLscoVMU2kczwMJpzFIsEyXHCECgir4N5kWcKg0wfIV8wDrJgvIOYC+aRtwlUwgaGRGgIDMDRvCE9731Cp0ln72JmpoqYktuixzRETMyAxGXnsvyw0/ee/z0YVH4d58+jDEigmcMMX704aMQ47ffXl1cnDT7tiqLzaYpvZtMyqdPz5t98+ybV/N5HaJ8+fmqrnxZexWrJsXp+Zwd7XctEwESOW7b/qvPngMgA5gKMhZNd3EyOT2bPnm0aNsHq/td1ysiGtJ3Pn760fuXX3/98vmz6+2u3e+a0EcdqLE4EJgIh8yi7LGgIWcbdFCAjXK+sbjFsSEcpbYGiAn4i71oVANKd3BOSSwdMaEZqRqxq+ra+SICidk2mhgwo3fI7q0CMiVip3GRw4Mcg/77/sAx+hoHzNyh+MbjBHnoBF7d7RcOayWLykQzZ9t92zZS1k1VSbk4/fR77//rnz9/ebMz5geX+MF3n1zfbELbfvfDk+f3+7tV89HTi7/++V/0r7+BzW1gMOlR+8WsOl0Wp6ezyWziCw9F2bZxe3c7efz4m29ue+i/+Pzu9PKcCprPPYA8eXT2i69vZL95c7MW9heXD3o3+fLZDRl+/P7DDz7+8Pru/u+7+p/89tOP3z1fbfZAFGMsHXZd8ExmWle83mhRl8gllu70nctqNism9fzy0fLJk8399u7NzeZ+s7m7M+mnRVywYNtaF9gssts4H10J+wZM3aQKQbTpgMliZpYmUAoVJTsX2haJ0qsVnctkOucsRGRCpJK0JmATMxaHEqRQ5ZH4DxDNGgHPGNU8p82VOsIYhBA7NTNjhLTJiAaNQrC8uUaAaLY3bNhrUQESqAChrytX+Pnp8oOP3lmeLd5792HoQtO0i1ndtF1ZuKRD/PjDx20bXr588+jB2ardFN6/fnWzmNdqtlzO2ra/eX2fdle7pt/tWudot2uJyRduOp+EPlZ1NZ1W83n1+MFMY3z9ehsNXeGAqA1hs9XFtFpMynnlkzJLFEzNe3dxsby5ubu92ccQRICyrQdGusCo/ARMpFYzJMVDUErOqbfBjQamOZAUxzS2XEOOMT4AouoIc62LSEie0lQGiKmqirJwCqZmTRfaEImQCL1DHg56gq+lPCwFNAOuTs4h/cIjgcHAOxq6GMigtEFZjkeuiDxaFaQ69qfOZotFMV0Ae5C+396d4XrhWmcBAR49vXTQf/b11e/85H2z8PUXz55/e71wNnVwu2574rPLs1/91d+1b64uFn5R6NPL6cc/+GQ6n5x/8EkApmpWnD1Z74QnJ8vH792v2ps3d+w8mK7utn2wEMLJk3e8ybcvbgO58/PFdOKfffvibrWpSndxcdqH+PL5t//kT//48Qz+6s//5tXrFXsihJev7jwGVWsCrDfNtHb3m4ZPLh88fVzU5eL05PGH7z/58KNyOr15/ebFV9+urm+39/eIMi11oo12PSkg01psV0xgMomhlxDcpDTifteBqKlYjCqaBK1c15PzMwDUriMmpBRQxqnwQGITJSLHOPc28+ZGYnnS4o3kcs3KATUQSECkrK8TMDNMMJlgJoaNWkgZDAAGFgB3BivgHXv1FRCRc+Q9ME+Wi09//N0Hj84++ODRg7M5ExBT0/SF47Lwu30jIkmgO1tMr9/chdDHqGbWdX3Xtq+e32b/WgxJ8escA6IpTGfldD5JdBjnOPRaFsVyXpPqrOYHy4JB59Pi8nz53qOz88ViUlWALgh2AYOykgd27PxiOX/33cuzs7l3xJwTwUYkPuZqL2/U8DARzVN+tSN59JFOTJGyYx8yEZMoRwoQYEr8LAgJMCp0CkQ8rUrnvXOuLtykct45Neij7to+hJ4IPeeguITVI0LvqfRUeGJGAODy9CwrXXDkOuVt4YBwwIOB/BBPfhTTQllzJwbT0E6qcjJfiEW/evGQVgsOBYNjdEwS48cfvxPa3X/73/78xbfX622PAH0bP3++vd/3Trv5cmrN7nKGk4JB+g9/60fu7MmbdbPteXn5tDp9LOj7/e50Yu9+8t7nn73YrltwZVUWFDpP2EedTarPf/H14yfnfbPVGCfL+R/9h//xk6cXXlYnDy/nJ8uf/nt/8nf/8s+++q//39fPbr78/PnL52+uNu319WpeUlAQwPtVM6vc9X1z9t4n773z+GQ2mZSOLO5Xd1fPvrm7uu6apms7Y6i8ctg5ETCKCndt7Kva1XXoOhPxdRGihV0HfdLNRBv43ABQnZ4UizmIWYzADOkQEoEqAKUo3sJzybYo1GEOnGJCTuo1Zip9ULVhb5G+pFRKjXaKbKrPaXugYGl8GhADc0u8Re7IUVGyd1x4InJVef7kcjKfvvPuww/eu3QOp7UvnDPQrutjFDMV0aYLBtC2IUTxhb+/2xDharVjR3fX90T0zZcvvGdQa/eN81xUfnkyd97FqBcPFg8ulvWkKLyra980cd/EybQmollBD2Y8J13frUPfX5wsT08WZ8v52XI2nUwAqQm263UftI9GBNNJMV9MqrpgR4YYgySfzZjCjAAipmK+8mXpVRK8B2lkVec5DgyQ/LTb0DSNTMLGgRWKTVQD8GmZRMy+mE+n8/msKIqqdBOPtQcEE4V9H7s+AAIhpanM6EAmR96zc+QdMyMg8uT0bHTGpXBOGq3EME5+s2I449No+Od4YKsSQoPkQpihzOazqe4Xce1j60GYQGNMOm1kfv+9x5/96qu4by4mvu3Fe17MCjeZzOb17fPXDy7PVjfrXRPK+cndPr65Xl28/50f/PgnUfT66nW3vXPaU2wc49ff3Ly53U3ni2i82TSr+x2Dvfzq+d4m00cPu6uXV9+8qKfTk7PTkmLc3lw8fGTN6vabn99/+1Xz6k1ZuLsdoMbTJ09e3653q21RFq4sVpt2WvHru3b24LJEY40ood/v1ver7b7bd9K0fVT1BRWx8SLRcN/rugs8nfiyaHeNmfiq6rsoXdA+xLbXKCpZ8Qhm5Fx9cUbMAKYhoHcpBADMQAWZTbT0WDmYep05ze3NkBSLAOzIOQpm4NiyaDRLHI+sZ0eRqolTChCYAnNwjIVjx9HAiKko2LH3vpzUi4vT7376wXvvXfZt9/DBSV2VyfxWVyURNm3fBemDhD6GICFK03ZEGEVCiPt9a2a79VZF+i6sbtdMpCLNbmdmRVlcvnOW7BoPHi4mk3I2q5zj84uZY7663qphUZSVp8Wkenw+0657/frNzf2miwpgVcHTAuuCkvayj9pHdd5Pp5OTk3k18SF0zb4JbRCJoKaiMUZCqGfl6eW8qIpm15kovJXMnQmzqfuTw6WYH+lk2k47OTGIBoBYOPZlWdb1fD6dTaqqcIXjgm3ikjDOgmoTNIx+91F4ljVnlL6+BI5XQ65Pz0bHA44gqCEKh/KxGyy8h6h5GjtZzNYMNMTGaB67Zc0LVo5twWwSY5TMsmAipnpaf/ejx//6Lz+LIXZB9xHIOWD68c/+4OVXL3e7/fTBAwVcPn08efDwkx/+5Ac/+Z39vrm7uWbvSp/mSlCUk/ly/uLFtStmTS8NTlYw63Fyt9UtVpeffGf35S/ePLtaX7369V/8+Zd//Tf76+uv/+ov759/+eDxKcXm5vnNPtj1XnedNLvmwaMz7fu7+/3J+XyzbacVv7ptTh49ajbb1Wq93TZ3m+Z60632Ydv2hlZNuHRGoe/7eH23b9WK2cQ5bnZ7QyvrKrRB+lgw9ftGAWIfhiQ1MzO/mKN37DyomUSqSukDmIGkPFgghEWNFcvMK2eqJogYIhIDO8JUWYgREzEBkzHr8La1fGZBEQWpR4zEvePonXqHBdeVI0bnEIgCMHnPhT85X7774dMPP3pnuag/ePdyUpd3t5vT5aLrQ+G9qM6nNSB0QZs29kG6tg8Suz72fWDPTdu1Tb/Z7E1kfb9J4q+u603VzGIf+75XhQePlm/erAHg4nwuUepJSUyXDxYni/rmbtsHmFZFgVHNFsvZYlIVKDfXd1f3u+t1s9n3bYi7LoqpZzbAJmg0LMpyvpw9eHh2eXl6/nBxfj47e7B4cHly+fjk0fsX85N6u2nu32xNLZV/46ptdKjYIYA6STKT4YhgcAIQoiEpclUWk0lV19WkLqeVK71zDIxCGgjE1AJAE60XGMMCs6gVUhJB9t8QEwCJoihyfXqOI5sql89HufJ0EMkOkm3Do0y/vL4fDKYdchftgTWL0lkUTxhFiFlUzVIAkCHx2YOLp5enn3/7enm+3AcVVVdVy5lfXd++fP5mfnH+6e//tJrPLx69W8+XN2/eNNvd/PSkcBT2a5bQ90GMqrLwDp89v9l2sevlR3/8pzfbuIlw+mB59xf/v6svviBmRPTOM7tdE9kVF48fTM7P1zer59/cimFU8IVX5OX5nDR+82Jdlo5K78FuNuE7P/lhUXLbhzaENoSgUdB8yfXMAao27X69u7nfKWE5n5hqu28Q0JW+76LGOKm4bxpF6ppe+phTXUSpKFxdgaqfz6zvkRCYtA+glhiERjipeF5oRVJ7kJCI3RCipUQc59kMUiPEhETACaJQsDkXABUxMgVGK11kDkRUenRcVM4xVgV5hwDgPbNnZU/V5PTB6XsfPPnkO+9ePjyZTirv3fnpfL/v7lebBBMxsLbtqqoQg+2+u7vbsOO27YPIbteKiIhuN81uswOzrmk1pSkRjtg4FW02TQxyejF/8ex6UhezabXdtXVVItKkLh5czK9vt+tdmJU88SZqVFToiot5VWh0ZkDcRO1E2yh9FHZcVbUiN70ZkHPFbD57+Oji8dOHFw9Oi9Lvm/b189uX39zsN12GrQAe+qkM6Tx4iGiYijAlWlQK/EE0UARkX9XVtKqmk7KuXO3RMxAISq+hlRhDlKjQCLSK0Qgw+fjSH4SDES63eWokhmIoCjw5O4cx5A3GdDQbZ6XpLNOYlpKO3FGTO/S9kCJLd+hq7WehSf5H70iixBC6rm+bptk3+82Wffn0vSdhv//816/effcCq7Lrw4tff921PQG+ef5yenLy8IOPiqruQ+ya5uT84un7710//7Jb3/f7XTWp56fn9zfXZycTZL/tYPLw8U/+8I/ubq/6qy/u/u2fvf7iy0nlS4ZtD4VLLnZVg+liVi5nq5v71fUakMQQTN/53ndPHixfP3vV9saEncD97Saq+/CH3yHCsiJ2WE5cWRF7BMZ2326uN5vbddN0VBbVrI5diF2valwWZhb7MKkK0xjFtpum27TpEzJRQPSTWrvOT6d+MrEQqPAiClFRlZjAzHk6LWXmtGQjUxHwTCmuqiyYELwjBGA058AAmIkZGcF5IkIB4IKR0XkqCm8I3pH3TAR1yczoHDnvkLDwXNTFdDk/efTwweWD9967nM7KyaSaTiZdHwBsOq1ubjer1W6/byfTerNttru2qsoY49WbO1Xzhd83XR/iftcCwOp+2zetxCgxqojGeKD1QTbS7rf7GGSxmL54fn2ynKro3f1uNq37LjrmJ49Orm+316s4LXxdsImtmvhqFaaTik2d6bwqq8K7olRybZDQBQfmnOuDxmimGvtwf33361989fd/9dmLr990uy4zWtRSTJWoSbR0QpBQ1Y6dezSwCwhHnQwCoSuKsqqmdTmf+ElBdWFo0WInoe+7tu1iG3QfYBetUwqKcJDEHOJtibO1ndilhaWYIRKXy9Nx7mLjhBdGbhUMKjo8XIeANrw00p/FOSAcE0lqrTiP3f+fqv96ti3L7jOxYeacy2x7/DnX5L3ps9KUtzDFKgAEGiDYRHST7G6RCnV0KPpVDIX0qr9AoReFpAg9UFKoFRJNd5MEQIIEYQiAKABVhbJpK8319/izzdrLTDOGHtbe5yZfMjIybp68ec9Ze805xu/3fdijB1RQNYTYhbh942D/zvMh6emDB9bZF164+cPvv/v2Tz5mRJO5YjwsytxYgwgnDx/NLs/nsytk61NKMVqDSLC4vCjG24Pt/d3nXr712ucBdefOy5dVraH66M9//+L7f3jyl99ZzRZ54RBSF3HWiE/i05q7gcbsPXfEbJ5+8gSQ6yYI0Stf//LDD++1TSuKQlAtVucni6OjvV/+ykuzxWrepla0CbFq/GLZzS+Wi4tlU7WigJnlPItdSG0HCmSMJAmtz5xR0HblF7O6XTYbYSf0feK+upFtb/UFf2TWlKQvN6ZkMju2cTuLLGIIYlJDgAg+Sv8SQ0RrSEVFoWd5G0OGkRiMYRVgJpcxguYZ99Tt3LGCOot5boiQmSyjYRqVZm93uL07Prp5ON6eZplxzqmCcxYAl6saQa1180VdVauqqkejweXVsutinrvgw8XZbDQe+hC61ldVDYqLy3nXtilGFZHrv8a40V+tz4Bt3RKCCFxeLIZlvljUPsigzKpVh4h7W8Plqlt2YklLg6TQCRzPGrTOaAptaxGHBnNIoJjQhJBC2xGIiqSYRLFHTu3f2J1uj4pBgUxoyBh21mSFLYfFcKvIBw6YUlR5dkvs6fIbAS5uVMFIxrmiyAe5G2RmlKPFGELnQ2yD+ghthCpCHaETiAKi66r7eqO30UwQU180B0JjzXrdgIhIZgOm2vgDN+CnT6lA183jHn9/TffoAauq0KZ1xclwX49FT9lDZq6WPqlC0YbkLD7/yp1yMokx3nz5xcX2+JOf/OSlV1/4lW9/9pNPnrQXs3R+pcZQUWRlZgwPctecPH1y8fT43Z9QMXT5MCsyY03wYVCW0/3d9L0fvvLGZ4aF/c4f/+snH3149vG9dH45cEQuJ8tNFzuCBOoYe+BkFyQlNauaCC5OLupOnE1FaQ/u3lgcP+ia2itaTLpY3syxUd0e5m8d5DfL7Y9Oq796PLtqBB2ZgqxnE21iTiEim9B26GP/sx59BBUU9QApynJW+aZTIuzZuj3RRFW6zpSlyTMUMdbEmACUDfdC3czhjosZgU/Qx7IJVQScY2f6KoVe8xLYErAyoygY4F6CTkQKaogtU+s1y2xuoepSkRvDKIjOESOOR25vK987GHMxWGiSYYHMAHA1XwHSsMwIYb6syyLf3hldXkJdN7NZRYjn57OYhkWZi+pyWRlnRcW3IfqkIv0fwrr2lZICaEqgAfqWqzF9MWs+W+ZF3qzS48fnw1F58vQMAPa2R4+PL/e2x7duTE7Pq+OVoHbTwhQAdpRfrLqKYKsw2jR1VTmm7cy2nM/UJM4UgVER1gpUsjzd3x3vbkffhhCi975tg+9Wq2Y2by4vl8t5Hdq0ponCdYd2rYfvtxICiIQ2c2WR59aUGZYOQELnfe1Tm9AL+aRBIEhfWgHuLb4om83/+m1GzKrSU7t6hno/lWEk6IFA+qmszqemLZspESEo9RaajUYbFJARO4EB0+d28zuTnBHOFn7Zpb6PFdq0EKLGnxNOBm5ImSgsZsvkWzZ4+Pxd1HTv/ff293eeu3Pw8ccnzpmQpJkt5leQ1oFh4ywNSleUuRAzAq8bG0pM493tJ+/9pKnq86eX3aoOXRgMx5G0ChAFEdSAEmFCVGI2VBhLjOPtUTWbLxbLrcNplju0tvHxwdsfLRarbQpHhZQTAy770ZM0LjMCGBr87E72/HD3dz9If3ket3bKbGDdIl6c1+0KNCbpOiYW6duFUZMgUapDu2pC0+m6LXWdwVCNCUDdaGA2pd6e/8t5FuvGDfKJbUsHbavGEhFY6n+SKcuIUSXE655LEulnB4YpRLGWYxTDRIyqYI0hwpDUWDSouVXLhABZYQYFO8uvvrh9uFeYzLLLPfD7V00x2BYBVXj89Gw6Ge7tjJdVU62aIndb2yNjOabUf4ycn11NpqM8t/PZcudg2uNAfdMhgMSICNrTv9cbF+zDdeB9ipGcI8N9EIqNPT+/6ungjx8eW8aiyD56ePric/s7W+Wi6i4TplaHnKAJ+2W28Hq8SuOMps7EENtFVWR+N8sbZS8kgIoYiUBJooYoltAZp8FXy/rRvZOzk6um9r0RubfJb1igeD0v6VOpaxkbgbOuKIo8s4WBnFMKIcTYBGgTrQL4JNcQDaaNoeB61b+hvPY5NMOmX/0z994+AuK+/WiupdV6DZYlusb46iZS8EzJpNrPTLukL+8U/+DNnZe3XcYUYnxwPPvRu6cPz5sAakTngGbosAnEnNBfXi5B1dCwulqc2sfbN24tz89Xi8XOzvidD06UNKoSM/dBW5UUQu21q1uL86FDQ6BoBLmfW9VXS2ttl7QOgLYQ5aovaLr1bkdRA6AgJ9wAOGOaP7p6dO+pUYUoVYwaI6WYIe0QvrxlxDAxV50kxUlBqWs0xlW1IoVfvT2pfHivjYMyS8ptq74JoWt5rbFmEdX+NCMa6jZ5v97r9ZXonvmbBEHtoMgnI5BkrAltp6A2d6npimHpLI5N0gREmOfcf4e7yGycpsSUFIGZRFQEmNcBJlHgPp6PwExsKCXpxQXGoDNIqA40s5hnfLg3yHIabQ329oa3DvM2AFuLBs/b5rKpnSsm40G1ah48OvEhDAbl6ckFTKgsHKgkEd/FLHdN011ezl3m5stV14b+BNV1HgGZWVKE3jROCEyKCAl7XAekJF0H6sialAQhIODl+awYDSSljz96/PwLN4dF9s7PHr9we29YOB9iS3bVyZB0Na/K8ZCsOZ6vzhEOh9kgxyQp1suMjSNSJCVCpRRRgRVp5ZNKMmwm+zu2KIbj8vjJ2XxWhy5iv1xFxI3a5RklF9bRNmab54U1xrI6Fkm+67xP2AhXEXy6thUoYy+i6D9se4XSmvvaPyyFM9Ohmwzz3FFmuf+lUaDxadUmA8/i5z2CUfv24Dr4/+zSitfYPFJNKkcF/7efGR8VWtdttAZQ97YHr7+4vWye3r9oEiAiHM+iTEuXSZv8yXllmA1RTGIye/H46en9p74LF5d1UghRgFBEUw8yeqZbw0mmOSsBVD5ZjEbTPGILYDXVSk/ba5vmNTESn+Fe1y95IQUGGVl9YQR9xc4WJEoC2TJoVBTAVcQpSogIiKOcu9UqKajvmi4mgc+O3IMueSaDwRktcwpqujYhk6hI7Dk0GH0XOw8p9VcBSXHdi+rT2NYMd7b78LFK6p31CGBylxcuj8ucJUQYlCZJQoQuYQt5DmoxMiEY6umpzD14Dvo5GRH2gwdiZINJgAklKQLkuSkyijEd7eVbI/vC3a1F68fbA+QMjSktBmUiOJrC8eOK2PgAW1tjNvzw0fnR0W6eZ3XTGkZnue00L1zrQznM57Oq8945W69aXFfFlQjzMq/my74XqyK9WVl0rfgEZRCRzgMAO5tiYiIkrJcrm2WLRfXhhw9fePG2JXz3/Ye3bu1vj4uYIhA9qeJ2xhfzWtiMM3NZte+d+knGOzlPS5sQVQQh9VE0SxQFo0IUSgKtF2cpHw3uvHrn4Pbu1cXi4nw+u6wWl8uuDWsgJmIvG+0BpESoSNZlxljDYFAket95n3QVsRYJSdPaVdk7kZRAUQWJ0zoOx6prjYY1tDvJbxyM97eH41FhDQGiDzGEWLfxYt5yNt15Nt/EZ92I64bvZit/nZlRRBLRbx3aF4Y0X7Wg0lM9ATHLnbNcrZplE9qQEKD2yVljLVdNVzomwjwz88vF299/Zz5rjs8WD59e1k17fdNc+1DXx3QtWDOCIcPcYx3BADhGn9ALOkON8jIxEgv0y8q+J0mO14hVx2QIDRMRGaatjLZz7H+xALQRkwIhZgTOcETKcpo3eN7QN7/w/PYoCyH5pu3qdrlcWdDjqLOEmBKmVFpMPjVBkSmFNWYrdTGFAKoisvloFVzLjIWYx7tbJs/IOWaWENg545xhdkUGyU+pMSqOEVBDFFVdBttIXnDMWWgdaNIYxFlCwv5ckxRS0v793yuKAcAwIGKe89FBubdbbo3tC8+NDnfzu89N2JqixICuDbQ9MrUHRcOkTbLHV8EYI6psmAxdXizKQR5jIl4fm9cmDFAmrFctM4eUVLVddRKigBaDolk1vcMWepGgYfi0tQM/JQRkvg4+iiYibpquqtrRaFivmvnVMinlRZY70pROzitIsW59teoGBpP3q9p3SZdNbEP0IXUxxph8iN5HEAVJKSbGNW1pfTJkNxgNt3en+zd29m/sjLdHaCn4lPpV9hqYDQJIzrk8N8YYTAZiDCEmaQPUCXyCuA7t9TsFZVDq9wii2kdVN2A+IhzmfLg3vHEw2d8db28Nh4O8yN2gzFzmmImQuNjaue5EXi8G18yL61okADFeuz8V0SG8NcQCBYiMc2RdBA5klGw5yBWlab1P0vioonXnR4MsRGnbMB0VV/PVT3/wYdOE2aK9uFqdzSrVxASImABFkVA3Hms4KmA/19OG5gG3M+iCdlFyBgUwiHXCeUBRCD3eWlEAvWLQ9e04bQRjooCAE6elAQGwfZdrM3FiAkOYGLOCz5Zai/vFz98xoEkkhnR5vqjb0FSrC6ALsBpTYQ12cbVsA3LwnpxRgOijbMBaxJuC9JrSLEhYDEvuYW+DgaaEAOyctcZYo0lcrCY2aQJrsfUCCCHhVW2twbGLjtd/JiEkRLSWU1JruJeIxqTM1E8UmElFi4KLwhwelc89N9zeKgdDd7ibT8fZzs44AQApcvZo7nZGmBS6REiEJj+ZS+gjp0xZZkIIq7olIhV1lgGgab0x1Hek2i6EEI3h4FP0wYcIgMUgB5G2bmFDfIXrrN5mUL/+xE+9uZvgmcQEicm3XdeGcjJczhbNql02kZwzlgj16dN59NFaXlaNkRSaJnZdE9KsDk3bsabgg/cCxP37TQQ7H5u6a1q/amLjRQFDlLZLy3l9eTrrmo6ZskGGhmNIz3wQSDbPTZYbIkM9J0Wj6CpomzQmSLrWjzOBQWXQtQBxY465lpEZ5lFpt6fldDIYDwrnnDH9q3ddzI9RDFx3ffFZoUOv+xO6DrI9Y18oiIpB6Tqdt5SjQeG6BZNlgNYQGpe99HIu5OCTU16281XbdvH+09ntg/HZfPXex8ezq8ohqoj3cbmqJHpnABH78S6oBIGkOLH64hQzggdLvPQ4spAbrDwtvU4UxxmIQhIVQEbo2z29zhQQU99DF2HcmOoVGJURk6oq9gp3XZshQQFS75oiXPk0LByBVHWnMZHCYtktah+T7wqSIrdMmJJfNVluqE5oiKhPLaqkhGuvQW8YlP5Tv59raeej6GB3F4kkKlljLPefetG3WxRUxHAPKAVEnFUQEu8VamnN0fIxgqqzHEWQgAkiaF8sSCIEQIw9xHQ8ssOhOzgaHB2OvRiJMS/ZObLOqUnRq7W4CPlxJdPMN5GNoSi6Nc4fHa/yIlcRZhqOirPTK+dM6wURjOGmC03rjUEFZUPSimXTT/9QweU2xbh/tLecLXoZ5joTez3qw56cum7kqoi2nTir3IuZ+q9EbdPIudg8a6vat121WOwebhWOy2lxcVZ1CqNRcVU1i0WXOaOYxqV95dVD5yy5zGZZlmV9dR1Vu7b1qzqEzgfxCXyIimAzN7S2acPF08umWgH2EnqNfa9XAZjIGiBKiOBKMBibyofWa/QhXruADCKBmB76BIAKqX8R9hH6ngwkEmJqu9i0YdUGQHR2LYjpQuq62IZk1qeB6w/udXa0d2spfBq02t8VQRWpJKjbcIq6BSymg8woGlA3LTMHKaP02mdKkxdv/+wxMddNWzXhkydXt7byh8edYQ4KnQ9t3TRdk5GmgIIQBJKqJdjP9ahM00zPW37SAADeLFFE5x0+bgABM1GOMDQYZL06uU4tr1nmmwdMen2ugqpaBsdAAIK9fhXSp0JJgMgGVbXxcrQ/YOLTs3nycWhN08ZHlzWAnKmYQjPialWLwGhUXLQrl9sURZNI7GtKgES6gUxCij2NAhIGkWI0ZGdVBZlNnvfkxRQ8NpUbxD4C4X3MM5qvtGp5PCGHnSMlpOBTEnGOe+64ZRQRIlJN6wIwADMaRuPMeJzv7BaTSW4zG4Iz1ghpH22Lwl6dUQLk+3Ob76ZlpyPDPgETWeZq1QxGZdN6ImTDnQ/W2avZajgsk0i1aMrSAmmIsW18OShoE6vKy6yaLyfT4WRnev70rG9FrnXV0DcS1nnotbBMSVPSrgNj0BjpV58KbDh2PsVoMpe8b5bV07YtR6W1hh1fzCqynOUuzla39kZbW8NXXzjIikEfVsizTAG9DyGJihq2aC17T603IZiUll6uqs4ybR/tGkP33vtkeTlXUaae7gQKwIb7qSbajPJSAJKDrlO/sZcTAhM4UovIfaIeEQCCYARV4LRpDopq3cXLeeMym5IOyiyzpv9MiqJVG+aVN/ApeUv/HMraNIj/iSO9xzOuR6kakp5VofWyNoknFhqIZh2ZUVaUEgZWXn7xjiX4wbuPQNVymNf+wenyxoiZYeF11fgUvADUkRBhYHXH6U6uW5kahMtGfrqATqJjSkhPVikkjKqlAUfYCkrSwkBOaDeWzriJLG+WK9qHhnrjHCNmJAa1dxBL/+rblNMdYwdgSbsodYT97UEUcEUeKN5/PEPCqyZcBdGDgYkptKlaNuWg8IBsDCQJwV+fInrK9zqJKIn62CCiinKRcZkDs4iwNSlGwwQo3WK2TV0PK/Cdzy10ES6XUBY8yeNWIaWl1SqiSJExIqQoiMqMMagx5ARFABGYMXPIjHlmhgM3mWRZxgnIK+eG2xRIMETxgvPO2YTMvAz2pIptkNgQMXufnLPnl0vrXErSpsjMq7pj45rWS0rGctf5pmlGkyKEVNddUXdkSDfp4qzMz4/PpzvT2cVMYgTAZzUFUBUh7qnCn1Z4IYQoMZExABpJAYSNTTH2EQgUCSEuL5f5oGBDMYZl1WTbo4Od4Yt3D45u7SHZCJwZx4SLOnadDyGBpH5knUKnKYkqAjtndjLMc51X3aoNk93pa59/9cn9J5cnl/WyVlVCQiLmPloNiixAqhKV2wQ+CgAyAqNmjI7AMZj1qwlElBE7xagK1MfdQBR81PNF59Piat7luWXD0PtMCUPU+Sqa625oD7ehjen60xCnjQ1602tSqAGugnYxEGiMaSAkmDWequAiZOjYBm+1fWGvxG7r+x+EGsSOsmUTpG2+utu83RkLmowGoIHVHSelBURsEz5aUZvUMmUZlpoQKQBaQwagS2oJfdIqaC1wHsgR7lkNsH6Lpg1/S9byGZDNJwgSOgK6zgoiylqHBbnFRnAutIfSJY2CW6MipTTdGlSLplWsFu1s1Xa7O5Nh2aya1bJNos6Zy1ltiPsCDHH/uAlc96d7re8msUXW2LIwedGnjDY3Jm2XjWlWxUQZ2Ps4sKCIV0vMC7MzMremaW+czxeeCqKSFbTrYttJ5kyIYjPMc0o5pKRMAKBbUyuA1rBl7I+6tceVt4BJBQRh0fqQ7Ly1uVUFFKF5l6Xg60TDvB8KIiLMZ4u8yJvGS0rBx6ZpJcnlfDkaD0Tk8nzBhhUg+DC/qrb2JmvGVEx5mc+eXqQgLsvaXsBI61MWEmoCFUFiTRGvh9i6dvtoDJoiOheVVIGdFYkQgQyx5ehTvayLQaFJg4/O2VdeOrp5e1+AQqLRcMCMVdXWTScpkQqJUA8PQEgEIWHro08xNzi0TCWvOq3qlpOUZRa3Rs7Z1XIVQuwfQ+gp7L5rSQnUd11b1ykGA2pIHaIDyJkMaa+tV9F+ErGBwSgQ9R/NouCDXi79oknEtA6UrjH7ENMa9LRBEuM1ghHXAy3aXK3XOVRVECLyQAu2GP1xHdqYplEHCWWglTeAxmVNTktorwYmvXI0xBR++NF5E9AyXXn60MPYRhK5OUxN0kVAL9C1gAQRMSIDY0CswlqVA0SCFJIyKiJNhxhbsYzMdNlBTICgBGLWthalzQt8AyBRVGWEwkDQHm1EtDmAI+JloCtPwxEqQeOByJTOsGFGDD5G0NN5XRu7e/dGH4xqOm8z2/rUtpHYhc6bzIXWJx+esSIlosgznwgCOYdFbgeDTXNbLbPvfJrNd7JIqjGkcU6GzazF4YAPtuyd/Xx/RMtl46bOGkJEY3C57OomNl1QocyRs8iEPiRmQoDpNAuJmi4xiiYQhdbLvDFJaWxDF2VYQgRadDapiFJKGsSEFLVPjwASYVHmZ+eXIppU5ldLNkZENMmqaoBIEbs2XF0ui1EJSPPz2fbuOCvcEiH6mJd5PiiXFwsl6BkoeE1BQVQiiEn7MZnqM5H0dWJZFHxAa1VDQiBjRAWikjXEGrogKWXOlmX+4vMHR4fT1gtZMx4UIYT5rE0qBjEvjCXy3sfOgySfPKjmxmTGAdi2DfXKs4GRAZdbyBh1dHF8sZhXhtkwrx8GkaTiQ9DQEmjb1L5tQNSg7jDsGnQMLXCj60V673WN0o8EdD0hZ16L9HojTBTsHYAbp1o/ujPrHYReW5kUdSPk/ZRfVHG93NSNnW/GllVZuqs2tlEmEUZJZeDqiiQuqm42wG4ycaDw0s2xiLx9f9b4ZMh+EkZ72N4dVwtPjyrsBDKDTLBocRlRNGE/a0HIWHMDQGgJcouGmSwtwe7uwr7TDsgFPPVUC7b9D3/nWYRRURX75XgSYnQZOVZMsbBadRI9GAQBqANeBewExjkBoxBVAYhNu2qaVQdRui4mkfM2lK88b6yrqpXvYg8dvbqqugCQgioaZ+PVAkTWP0lJUK8vBdpPG8BwNp2gsRhD39cOPqRldThIGYMg7EzcuHBNoJtj3h7R87dGt/bHV5eL6chGH4y143EuKSzmzdPTKgScjDNnMcZkDfkuIZFz7JxB5qtZR4ZiSEZsSrL0dpXIDUPwzWyAQLwKps8nhxAqNKgmqQaREFWVnOOUUts0xtlm1Vhro+UYYtt6BeU8A8L5xRKdIaam9nXVFMMSAGNMkiQrs9WcRQS5f+TWZ07p33hEmoSYNpYWhp73ca21FIUYgVmaFvMMrEuiEhNQD1eTre3xq6/duXkwWVZdVpSTQbZcNU3jnbODPBfVtunmy7pPqxmNzpBlkBRSTKDqjAFyyyZACo4JmKa72299dfz0/pNH957UVTDO9NdYiRJjki6hSOe9pIQKE6uvDfTWUA3qeccfNTwXTP3gWimppn4gQ6K9uqSPcauiEipLWps/RdZyEVUwn377XSNGN7N16WWousGqfkqhqIh0aTJJsBWb1scQVz5ENwWj0beL5JvJ1LZdzCwJwN3DkTX83oPZog655YD2zJj7l1UKqXR4ESgoqurNke6VSACO0RooDDAjWY7GorPLSLUSqIUMbR5KxrZzk8QQEYQisIYISURkbSRQAZHBqJgOga5mxof9UrYLeudh9+4lxKRB1AuOMxJEAUqo8w4V6OKyMkhb01HT+cWqW7oBGLes2tXKJ9Esz5qVny98QA4hYObaVZPqFgGgb+722NnrFC4iIObbW4PpVKKIKhGmGKVe3RqEgaWug8O9wdHOoG7T0UG5t5UdHYz290fVfHnjxtZyPmdT7uyMrSHv666tD3bzsrTjcQYAvvXEHHxKKbnMWkMuM8OSYsBVIJFkAETSec3TzGozP71y2cAE4ZmH0kBMsbpqJ+NSFFofvQ9KjIxM2DZtyRS64LvImdUkIcSUklMEwnZVN1UukgRgdr44moyAKcZYV7UxnA+yrukkoK4NdxurrQLyWnVNxNpL2okxRbjmHq2NHcpMUreYKzqnSdgwEo4H2Vuv37p9c2tVd8VglBdZ45O1Nsts3fgnJ1fee2f62EdKMfoodZcMoSOyfVYwdihQGK4SX628IXQuEfPhnaPJZHj85PT0ZNbbZlREY9AYN8BLMQB7Dm4N0l6hiMCIp42etNj0DmXoRRTQ5wkFUEkVZY2fIESM8Myy9Uxjb/A6n93nYzZo0/XVpt96rC2V0r8Se1JYH9eYcVmT2fbNMIV51WT+xMZ2UUBBsGpUEqXMEKES7k+K/AX+2ePFxaLdHuc3Dg/2j5Z/8cOHF21yFguCgxLuTqHMcZxDVhhyJssYcpucvUhFazKO6BQHyXg24UbJy7NUMSY2AhhUlEQUQkIf+6cRUJipA6nqrjBGmN+Out9CzRqdsoqLKXQaFCOiB2iFZx20Sc9nTUogiiGE08ovzLCbt8PMxBjzPAtdWsybuo1qNIZIxO1sCakfVCpiP7TEZ8d6gHxva3LzCEUwRVLFGPO4OBrrOEPf6QsvbO9tF5LgxkF5sDPY3SmHo7xt24Oj3WY5Zx4fHO6wMSrh4ScX1vBzr+wCSJ47VfU+SFIRSDFmuSMCY3E0yFZ12FJzvvRWdTerLlejRQNjSPNFY3QCgBdVpDGryNnppcudIep8WC5rtuyczcus8yGmpCptGy2ApJSS+i6EpP2FsF02/eh5PlvudtEYUzdeUlMM8qzM2Jq2abtV0+NyAQGJNUYERGPWyxvoL4Trg9m1JpzZEFO9aq0z1HagynlhmFPwz9/evXtjq4uxHIzLoiQmNtw2zfnFvGl8bnk0ygEgJYkhMGGHSZKGFDWmulGiPokpBkNOCoZqn+o2GAPMeH42k5gm47LpQuyFSCqYIqoYVVLNEMasjrTXA4tiTNAErOTaUYZ9l3qDiVknQ+B6PbopEq8J2qqqaHQNh9fNAINA12XCZ4fUNTZhA0xAVFHciAdbV7Q209lZjoo+XJ5fpYEbF7bA5DP0ng0zMSlACGlvkh3ujTTG7ZG79cZr08ngX//Ru45xWtAoiy2AJ3Pmho0phTMgAyZDZ/OBe/WFg4nE41ntqJSsPHz++dWqmkSaZCO0RTIGXA7OgkZIQUOXvK+buls1qQ24XMrFWTw/by8vj32XD9q8SSlgltn9nOZdCkyeuRK9CmiAzlYhJEhKAnCvgeUAISQUZRBxWi+b2axKShpjTAJ1k+oGkHs0fe/xXfe2RZRwdPNweOOIAUCiSrIapmY1LcMgsynoS89NDvdLZtoal/vbw62tgbXQde3+3jT6VnO7t7/l8gwBHn38pGvCZz7zXJbZzvu1MVOk66KKIJJzlhiRVFLKi0BoXOGWdWBquk4rb8ZTV1Xed43lXGNYVL50Jnh/cT7f2ZkYJt+F1IatbVuUeeeDCmZZVi0acoYQkSl5kc5rsmyM7wISqmiIcX45N5mVq6QIKSYidoUhZ1KMvumuf2CQDcQIvKHrEmoU6HPh8J9IIV58+XbbND/74FGW2dQ0WZ4Za3eG7o0XbzLw9miU5wURd6JN41H0cGssU00pxphEhRARixSi73oeh/jOOwpOxCepvCxicphQxSiioR79MNjdevDupYbIme2LLyqpn59kqIhAqj6Jj9oZQIXLWi9bCAk2lBe9ft/3lSbpI22fYjNdd3d1PQ1d7xvhP8Gkrt976/WqKiDxtff6+l/u64MAwEw3WGgxXylchdQanoCkqm181GTGOWeWSmeYMYp61ZdfPLp5tG0zd3J8MbuqPvfZF43hf/8f3pkO6O4OfiTji2wcsoKLHHJrh3k+yfOdYdjeOnvhjdF4C9vOZiOwBWfloK7Pzk5TiItZ3V2m0F2FtiMU76MltqjjCRl2nGfl1n755udclnPSZlHjxaPiZ++fvPdxdf/pVs4pZJVoXlBUXSoOHV0k7JrYptpbe0zWMItC2/pBbpsmnF8sfRSwFNouiWqMIAoGUWVdiullSgTZZDg62McswxRROcWYQ3dj4Ec2MjMCPHdrvL9dZDkf7o52pmVZOGNAUbd3JpoiE25tT4w1RHj6+Lhr/Esv3d7e21ouFjll1HecEJhNW3eD0QAA8jITSaBalMl3/sZweHG1mo7VcvPxedweFwOjy1gz5tslX1VNabOdrfLpyeV4VDqLRZFdXC69T4Z5NCqrqjOZZcv9CwcZu6ZThRQjEqaQJK2lyJdnV6OtsYJKTDGYYuhiCESUlUWKEnxApj7YCcywGUmgrP26GwD5OjmZUnrv7U9ef/POF77w4o9+9LE1lLyfbNu/8eUXD3a2srxgYxWxk1S30ZDmzihgiMn7qIBdgpSSxLSOuicBCcjYghFDDDpwAnWYr9q27RwBGhYiizgYj269fPfpRw+iyGZwgqpqELi3CShceLhX4VaALsHjFVQRR4yWNGdggCDSCa4Eg2JQDQJhc868NujKemi/HuAjgtHNBea6sbsB3W8ETBszjGwUxNdNJ1G467hYLWcimbNM1IboJY0tJYldTDulHWZcW80sNSEcHU0V8HJWb+/YV15/eTlfzmeXb71x5/7Ti7Pj0/dl62k+1jLjcQmjkqelbk/M4eH4+ZcmRy9MRkdB08Xxg6cfv48XZ29fnDqRB+dzH6Kv42omZe5C6xExhCRBMQmTR4xsTM4wHWXVMu7d2H/1S69tvfHG6KtfHa+Wqydnlz/+Pv7op+2TWSjzGCiU0ORGRbokdYQZYswsq4YQMabM2eWsqhuPxNHH2HpFxN49uKa6ICGqJeOKfDy0RVFfzl1ZTO7elNANcXU4SEOTFJBR93eHh3uDrUm2Pc3HwzxzxKzGGuuMxA4U8iI31hLB+fFJUzU3bx/tHGy1TW2sRUVA8d4bY5ht13ZZ7lJK1rqe4Z1itC72ZMoQpcyMMVVQ2d4ri0U7kOUoG2iEFMKtw/HVVXV+enF0Y3cwLJbLputCkbtBWQBw6EJWZGRNVjpVbVaNRunr4SgqIUpKiOCbbkVLYkyiMQSkgplX8yqlxFkWU/+661+Ia5lXj4DT9Qher7v31/m2H3z/w9/49S+99urtd969t3M4/PYXX3rtzn6WOUFIIlVKSdUSMmmIsW6D97Fuu15+1Xk/n69Wi9oQlYUdZEgpGtWGHbqMjcXCDK3Vyl5ezPsjtI+QEtg8n+zvXJ1f9izmHoNvEAigT1NGoKctnLR9gBtHDkcGdjLYyTVj8FEvGjhu9DxgrdgJtApBBBFJof/4IQAv69RL/+RxPt3ZuJWegWaAPtXt35D+qY/tbwAzApRbvk2p6bwgJWRBNkwgsvDSJ4DaIDGqjxoFg+iwdL1yDxS89+OtSR3l/sm5LbIfPlktbtx1N3eksHIwSS/d3P7Sl+98/VeP3vr5jvMn9+795Z//4Tt//aePf/w9/+Ahzhe+jsHjbjkcunLAxd5wa5iVk+FwOhxMhoPp1mhnezzZGk+2t289/+Lhi3d9ssD58moJ3eKHf/ndn/zgx48fn+jBjfGXv7H1lc/nd27wtn30dH4VHG1NWmtr4+Y2W9kMiRhJQiLCFNPlxSpFAQDftBIiAmhKaz5dv1wl5Cwna3zTLM/OXGaPXrjttJ3I8qCIAwsiCpJ2t/Ib+4OdaXa4WwxLtgzWGGsZUVLoANRYmxeFpnh6fBq6uH+0N93bQYRqthgMRt57Y9i33ljbg/CIoCiKJCkfjIiYma3NEDHPMwQpimyQY7VcjoYut1paKU0cF1x3aZDTILfH50tEmm6NjTF13bJhABgOyijiu4CI5bAoChdCJESXWWM5JUkqGqVvoccY1zU5EGONK7LgQ7tqe/uJprhhufSmP+rrXet/1lcr4Rq6q4YpKTDIV956/pOHp7/x7S986fXbSTSSXURsojJIaWhgkRV8F0JIKtr61IaEoNZyljufYFa1V7N62UQ2zDGw96su1REAISUxhl2eLVe+qlo2NiRJIqQQuq7rQkySYoIkPeSldxIaAkPQD/BHFnZyPCzgxkD3B7pbwshBRqCKQcBvjDOIQKAWwSHwum+hqEqorMCgpr8dX9d519ziPkatz+qJvfXlU5h+VIACQUNIqkgswEIkIg5hYFLdxdDEseOkUAftEiCqOatAICVRxJBkEdIn57MAusKseO5Wtbu7tHF4++Dwa19/4a1fCEAPH37yve/8T2c/e487PyzKUVFEX0jVzE/n1VXVVI0QL6vkFy12msJ6itWb+6jH5BC6nJ0zeZG7MhttT86OE5qJ9WHx/pMnP/7Ebk1Gz928+eW37n7zF7IvfrL6i3cWTy9o3nIbMUROokl8TCgCgKsmeB8RIHkvIaydOtdSkWs2QdeFNkVJw+3p4Z2bJbRDWZVWSUASAcDuJNub2vGAd6fOshAgEwMEXb8uFIGcM9F3p0+P2dgbtw7zwQAR5xeXRTmIsT/jkCTpTy7loEwxICoqpBjYunWZAhQAyrJMKTIP266rm257Unofu4iTFAaOTxbd1pFl3v3w4WI2W+7uboWYuhh8kOGQ9/e2mlU7m1WZs1nGW9NR3fhhmTWrBgDYch3XBSJQSSFmRQZAKSYVKcelb71vfG996wu+gH2mTxF7LvZmJX3tRwJQ1RBj5sxq1e4O83/wG195/sWDs4Vv1VHEwlJOYgAwpCaAAAHb6XSAhEUT6s5Xq6ZpfRQsxsMd51ZV3SxWx5f1pDAuRcbUcryKmmfWGCbE7b3p+fl8sWxG4zLGCCGuxfAKAiCwpur3Z0ZWiAoOwDFOcxo5nTodWM2MWgZCKB0PHOReMoGowAhRABEsqkUF2BxQUWXDfeN8aws/NQ5dP3sbsO8zAiI+W+j3UgtFKlCHyQdRRVKyyEaAkIARMkYRrUNSRGYMSSPiVRP6+mmnGog+mdXnQVpyy6xs33jN39h54StffOOX/tbzz33m7Z99+Me//9v3f/gDnC+23aCAYnXSPP3p/cc/+ujJ2/fP7p3NTxf1rLG2/Pxv/bL4cPbuvf4l3L9p18XEJJoktaFdtKvL5fLk8urh6cmHT2aPLqCNo/Fka/8Aol58dP+Tv/zBo4/ujQ+Pvvgr39r//GdPcryQQGyAWBBTTKAQUuqaIDGhqO+8Sj/dkk/duXGzXFVkGm5NRjvT7QFtGW81MaIhVJWDnfzmfj6duO1JlmecZ1aSVxHrDBOCJpc5w6yq58fHeTE4unlos1xS8l0rMQ5Gg9Vi4fIyeO87nxcZEBLScDxu65qN0aRs1ulEtg4AXJanFI2zRZG1bcvMRZFljplpZ8yDjJjkcDdnl99/dGVtNp0OAcCHIKqjwjHzcrkqBnmRO+eMJM0yWxYuJnGFi14AwGa2T1vZ3Lo8SyGyZWMtMrerRpL0IxzY1EQ38mJUlY29E2hTLmdCZuo6f7A9+vJnXyzK8mypwPkocyOGMcZCI61TnNgpJgWRtGy6xocQIhEKYN34GIJoiknYIDM2bQcGfQJMySAeX1QxiRKRMS53bRd801lnJITYtp33IUmI0nMRempr6jHLgAKQMWxnUDrNWC1TZtAwJcWVp6sO5gE6QQHo1hVZNKi2z8kAhE8zTlV5ON3qO4LPiKgARHhNXMRrhv6aLL6pWhA51TL5JCBAQqTIxIjETGBADIIhbELyIoaxyF0kvGwDMEWkGfLDqGEwvMiyD184nHz15976pV+7Go++++7bf/a9P3/vBz+5YbOpGdSP5598/5OPvvfRyQePq5NFW4XQaQoavTbzujzcm7zy4of/4a/9fCWqKSZJPd+k11tvjHNr2wYzc7Y7ChldPjg/++jJ5aNTJndw59bundt+0b33nZ+cnV4eHB18/m98Y+vVu49DWzcdg0YRAI1diD5CTCmGFOI1UB0Jr/9+faAy5MqCjdkd2b0BsqzPq0x4c7+8secyB1tTNx7llqBpWmNMMcglxZRSXhQpxhhT6HyWFzv7eybLQ9cSSNc0xaCI0QMQMiUfVMTm1hgjKWVZnhVlNV8Ya1Pw1hlVYWOJjGhyWZZSyPMiy9xyUZVF4VxPpE772wNDMCz0cMcB8icPZsWgLIpcVIMPhmk0KpvO+xDH4yEB9BqpvMhjEpc7IkpJXFm4wvY77sF4kGJKIbG1KSUk6uq291c/a+dsWID9D3VvfkyiSGgMWWsO9sZfePXmF998frC1j8V4Op0OB9kw55xhZMFATKKdSNTI6lHaalUvVs3FbPn4dPbwycXp8dXs4mp5MYudZ0MCoqpZZqNiRPACiJBn5uRk5ttOEI2zCCAiqfOGILZN8CFGiTFtYKE9u4YFMCgIgGXdKaC0mhQWHdaJuoSzFk8bOGt1mSAo+KQdYATsm3e8mWwGxdTzmlQRkUeDAYmgCK3jQ/if0O6JNunRDah4U1fsR7dl8KKqiAIkuB6bG00WlBEY1BEKQB0kiAwHWbJ2JpBGxVNn6tHgYpgdf+mNn/sv/9ujoxd+/8/+6Lv/4rdXHzy+sbW/O9w6e7p4/7s/O/7RJ+35AroIUSSIBAGF2IToIzEvT2cf/tH3Yt0Q01orrs/cpgBA1rC1yYcegKxsfu7/+J8f/GcvPfmje1C3sYvzBydn798P59V0d3fn7p2g9M73fvzw8eNXXn/5V7/6ueTo4fl5VmQSk/igXZAQpR+HPlPbwebuvJ7MKCEoHO1PjrZzSKE3wGQGbx8WR7sWIe1sFdtbZb3qvI+DUVEO8pgiAOZF1nVdDClz1rpsMBqxMSkEkCQpoEKWZyklAIg+GsOqaiwbl6WYEMnlBVtTVyti47smczb4xjirSYnZWut9V5S5MebyYlYOiswZVQ0+bE2HklJuYXfExNm9p5XNssGgbL33PhZFXpZ5VTUAUBQ5IjaNJyJjjYIaa1TVOJsXZjgq2rozhotBUc2r/szpGw+EEkJ/CPvUuWrD0exXqZndnhY74+zW/ui1u/tvvnTrlVdfKqa7kQvrHBJ3CVYhRZUmahUlqEpKMXS+6zofUowSA0FiiE3dnB5fLC7nset80/q6M8aQoa4NfdHLh/XPirXm8vwqNG3XdGiNJCWE1PUgwy4kSUliWo/cdNNxBYAgYEn3SiwtRoAnFdxbwpMKHq3gaaPzAAlAAKJAKxABAYB7oZ0iAHiBBM8cpjweDhmAVY2I2fyVVLhPXfYi4fWekdafZbremSRQmxLHGBSgz0EBkAQLgqCk6lAMATIl5hagiqkclTQqLws7mxazveHom9/+/C//5uzDn/2z/8v//fzPvv/cYGd4eLOd7tDhzZNHZ93DU1rW4IN0UXzs1VPShRTSZmJELrO09qj0hWOgviDMjAjsLBlKIeL6WgttkvMfnazePl7L59gQcbuo509OLh4+yqaj5199dfXo7Ds/+GGd2V/5wlujGwf3Ly9T16FCrBqIUZNscrR6DcnC9T9QAXGZPTzamY5yAmFUVXUGDrbc9ggs6/ZWURZ8erwApL39CTH6rsvzjA3PLucIurU9JWLuN3PMXVMZw75ti8EA2HRNjUTBR2MNMRERs0FASZGZjTXWmnpVO5s19cpYWy8XeTGQJERESHVdDYcDUJlfLQbDARN5H1KMw0HZdcEaPZg64fzJVRtimkynPsTWh8l4KElXqzbLbOZcCNF3oSzzGKJhAoCiyEBSkVlm09ZtXuYxpHpZW+eij77tkGktKlvXCvuwpKIKiBjGlIKkdPNw7/WXbr/03NHudBIV2ygOZSfXHZeOSj0sYNt49isDiRh8iE3T1Y2PIdaNf3qxOr5adV0clcYZCiEqQpY5aziGSEwxptmsBgWXu671SRUNI+DsYh69V1VmhpRAU2ya6EMv2b2GF/esz3UbRJUJdkosrIQExzU+rXXW6czLKmlaG0hVAFrRKND7z3jdLoAI2COe+oMnTydjImREJiRAi5ghGBWjYkRMilYipUiSMCUSpXXkbT3D8UQmBNK0jh1JIommDwxIsCBMGIAgs5g7LbKV4TQt4u6geW7nzV//e8+98bkf/Zvf+d7/919NojncP7ictU+W9cFXv/h3/uavfHj89OKnH8CiSk0nPgIgGZuaTkJcP22bqW70sZ8k+bojQ74LbEzoAlsTVXwbrLXXL8nFO6fVe6d9xU1F15cTpmxYJkOP3/9oVVXPvfHq3Vt3jqvq9999760Xnnvl9Vcez66Wp2dGQGKCPoG83nWtaxm4yVyVw2I8GalgmXPGohIzi9sjk1stMtia5kz48MGVs3zr1k5KMaVYlkXo4vHj0yyzu/vbRP1NCbOirKuFdS503lpnslxEfNsYZ7umcy7L8rz//VtnQ+eJwJiMDWXWeu+zrIwxphDbps6KMgZPBIhYr1aTyUhVry5mWZYZtk3TqeqgzJs2GNbtkfFYzmq5vJhPJpMQ03K5Go7KEGLwIS8y5+xyvuoL4iKSQjKGraHQRZtlMSSJyTpbL+vYhf4kIjHCtSvpWheuSqpEGGN8/ubOf/E3v/QrX3/j+aOtaWEN6tBqSZElpOAl+uS9+C40K2kqaVZt56MCqLRdW1U1xDiwypqatltV3hncHrlBZpHQ5JnLDapaa5LI5cVSkuS5jTGKostc2/m6aWKILs9ABGLQ0MUQgmjvaF6n6UBpo0kDQEs6LcCxtgmPK7zqwKsGhaTABIxAiEG0EwgKAGAAzcaJGBRk80ADKI9H4/6AudkdyPW8DwEtgkVgVUpiRCgppIQxUkws2n/FRIwprs17knq/NKBiSgwqSMKshYNhAZOhOdhKu0Pz6p3P/uZ/NTw4/Kt/9k+Of++7k2wgTbj//Q+qs7k1Ng2HF4oPf/Je+/EDmVVp1RIZsiYsV5Bk45RGZFLFxPiN/92vTl87Ov/w7KXffLNpw1f/4S+fH5+9/Eufa3x36+svv/zrX370/Y8wKTIB4LoNdn2wWPtdSRF3Xr61jOpjnM1mcrh756VXSoQ//usf3Zrmv/C1r17Uq7PHT50CJNG0/tZcd77646l1lpkkyWhUjgfIGHMDo4IJ0rA0B9u5ihw/XYwm+XPPbbVtJ5IGg7yp2uNHZ6NReXhjt+ezqWhWlqFreyldijEvB2xcs1qqJOOsb4JzzjiLhBJjVhQxBlVlQ8SGuLeOMLM1lhezhUhioug7gERsmno1GBSS9OJs5jLjrK0Wddf54XhQN96yGKZWyhDh0b1HWeaMMU3X5nnWL8GNMaC4nFd5mYcQQTElzTLrfehrcst5RUQxpa7pVIAYJaY13QwAFUSSpNQDjUpnfuHzL/wvfvMbL945VEUijsC5c7k1w4wnTrczGFu1mmJKXYxe0Sdpm/ZsVj+ZtfMmNVGbLi5bL6rO8qAwjDDIeJgbSyAiCSjLDCIWZWacnc9WMURrKSXpu53eh+CjpugyJ76BGGKISaTf2l+PjuCZuhMswyhDZ7AJcFrjIkJUSLB+6VlCIEzavwkRABjXSSHZOH37QQwj8mg4UgAAMkSIwMREaLnnRK2Bkb0im/rZjiiIsirGwCliCCApKvSjkJCSSOovjAIqiIEInJHM8t705W+8Weem/Nxnnv+V3zidX373//qPw/fvjXe2n7798dMf/AxCwBBS3TYn549+/I5/ciwXs3S5cEVOhN1suf4uIoJiClEV3PaQD4Zf+e9/SdU8/cnjr/53v3D8s6dv/tpXHvzko6//d79+/Oj0rW997iu//tX3//y9tOp80/brPqRriAAhExARsyoefPFVGA1N7rZffuG0Wpy07Qv7h/ujyU/efX+5nH3ly1/Ih/mj+4+ot8Cl1Ncm+hN7v7/u+WKjyXh7qyhcsKSOAFWY8PlbQwJ98nS+uzu8cTgKMTBjkbvZRXVxvtzZHR/e2CZGNhxjMtYpqIjYLPNtR0QuL0XUty0CsMu6urHOucwhUYoxKwqVlGI0lo2zbd1al8UQbOZUUl5mx4+PjWEEUY0xBOtc13mXO+vc2emVqFrrlsumabrxZFQ1nTXaeopQuiw7fnQSuuCc7T+YU0qSUlFkbevjmoNK3kfrjAjEKGzYt11dNS5zvvVIKGkT5dvILMsiH42G08nwa5+58be/+cbXvvCqp+JkBUtxl95cRbuIvFQzS7bmIplCFUkCpugICKWJMPeQkuQGo+B5i6vExhpCDUlDAi9IgBkjqTJqF5KPai2JgrV2MCxWq2ZVNaKa1tFwSilKTCCakarvQpTYT/cSrHWFqoTXV39kgqEDS9oFvaihipsEOqAlsISEEFR9gqDrh9BQ3/iGKCCw5pECAA+Hwz7ivQnNACEpKK+5Wr1q+NnacQ0z36RnGID6t0ofloT1AKVftSgiGKPOwrCIO6Pixf3BG69PP/+F40f3f/r/+OfFVbDWffJnP6qfXjlrtKfehCDLFV4utPNSNTYzJnPtyRWud76agmSTwdZnbm+/+fz4xk53vvzp//xX9/7Du35WffAHP62fzt/5/b9uz1fv/+GP5h+dnL3/5L1//0Mb4OYrz40Ptyi3bdX4Vdf/ufczUyDqfXWd4Rd/7vPNqj1v/Ohgd//OjYefPJx98ujmjdunj54+OTt59c2Xi0l5MZujVwgJJPWHB9rQ6IgpK/Lt3fF0RAZjfxaIId3cL3em9vhkubU93NstY4pM6Jw9O1nWTRqPit29cZZbJOpaz2yRuPPeWKcp+c7n+cDmRfRdaDsAtLmLXTDG2CJjYhDtuWv1cmmtNc6lENvVymVZjJEMg0br7OnTc2O5R1q2jXeZ8z4AwHgyWi5Xomqsvbxceh/K4bDuIhCvoglKeVleXc5OnpxZw0VeNE0bvA8hFMN8VbWp5zUBxBhd5tq2S5IQsVnW/bwqhUjWaJLN/FjzzClCbuDbnz36xht3ssH0yruOCzC5siXrrLOAqGTQ2IiuUbsU44VANYWAKQ05scrFKnUhjTKYWKi9XNVJVacZZggh6aKTLqEzIEmIsAtpWfnNgFKzMm/qbjmvAJCQbGabVcOE4oMBwZhiTFE1iYiibGaRjGiY+luMISyNGpSQdNZikzb8UkJL4AgJIQl2/UsPgFHtmmgKAhjXAmxA6N+EujbG9K++6yAbgdImLnNNTNrYhhUAZG1ORwFMm32IIkbATrRRjETgDBQOt8f1fjn8ylcOX371p3/0B+/+D/96a7qldbj377+HXoxhjQn6nUIUSEm919bbm9vQ+u7BGTGDQqj96GDr9s+9vv3ioW/ai/fun73zoFtWqfYaA66NKwAigCqtR4D6ajl7erG4mJ3cf+rbbny0d+ONu8XWoLpchdoba3TzwUZEq/mi8h24XKp276UXLj98EB4ezz68d/Hk5MbzL7WL+qOHD1/94uvjrfHxvScUE/RVi/WgGRCRLO8e7OztFCwdS0+YlSLjW4cFQyrLbDLOVCIRGuaz0yUbOxpkW1vlcJipqO8CExNxtVwZZ9mY6mqOgMVohEi+q3txQjbIQxckaTEa9EoTSdG6fDGbqarNMkBYzucpJmZiphBDXmTep/ms8j5lWSZJmsbnmWuazndhe3siSYjBWHtyukyqQBYA2oh1oFXbWWd9F58+OmXicpCn9eRejeEYUw84TRJ77GKfsEkiTdXaHi7KjMwgkpJklgpHLx6O//63PvPa3aOGRp0ZqSuADCEykoismrbpQu1j1cT+9FM13cJDi5mSVYHzVUpC24UJMT2ddZrSjhUUOa/Tqg3bDgYkreAqSOvV9rxGMopwdVWJCAAuq8ZaG2NqV40kTaLIFJrWEmoM/ZUq9ix/gesqH16fDAEJNTdgUEOEhYc6blIsiBlBxmQQkoJP0KuRCcCsxXX9kuN6mAA8Ho42p4T1hmFdzodNlmaja+vx26lnSQOEXnAjGgViz0IF6EWKQVGIIpO33OUOJoPqqHz97/7W4a27f/m7v/3kT348Hm+n8+WjP/qxMRb6e6g8y/CCCADYg4nO6/jkkphTE2zhXvjFN/c/89zFg/MHf/Hu/N5xCJEyg4bQco+eA0vrtz4TWgJGsryWbwA0y/rqwcni+Gqyv33jjTumyOdPLwGUrZWk2VZ5+wt3nr77YHLzYHLjwGbF4z/9i/DoKYqk4GeXs6M33vBt894Pf7L/5iu3Xr775Gf3KPbh4HVzMMuzyfbUGBxkYCGiqgGxDNsTd7TritwYy13XFrkxTIt5w8ZMJ0WRm+m0AIKm7kQgz7NVVRvnjDW+bVeLejAa5mWZUgzeA0CKsRyWvvO+aQeTISCoiG9bl+fVfNk2ncssG1bR85NT52xK0bo8ScqLvGu9CISQ8iJD5Lqu8yxbLCrv43CYI4J1lBfZwydLYF51imQWLXRBY5Isz5Lo7HLhnMuKDBGC7yGlQIQpCRNu7lex3wD41vfSb1AlJlSYlm6Q0Wt3Dv7etz83nUw7M+7MOKArM5NbmwBi0jZEBZUkPqQQYutj3frMctv5q6pbBExomflklS7qNC14aLTyuuzS0CQVqSLUQbdykCRLr61PQbS/W0UBYlzMaxFhw4v5yhgO3ocuxBDWs7UYLCqrRJEkKqopbXA4oAy983hdkywZDEFSqDy0adNSBnQMOQMCJtFWICr0W3cD0PNp4/oh3JjYRsNhf13uvfWMYAkdUW+8o/VmAtYSEkIRiKpRnylF+4jDMx0woCAKAjgDg4x3R6ub49f+6//ijdc/93v/5P+Dx4vReHtx/+nJf/ixyfJrdeZmQIL9dCl78UDOKzm+IoN+1e2+devOL725eHL54R/+cPn4lCxTZmH97BFkDIXBwkBmILeYGyws5hYyC84oo65p5GwNq48XnzxdPL3Yf+nouS99Zv70sq1qNyi6Jg73tqY3dk/euT+5ufv4+z9OT88xCcSkmQ0IlyfHr/zSL4QuvPNH//H5r7xx55W7997+iH3qGcxZlrnMNk0zHmXjgWFJBiQzkFu9sVfsTK3vwunFYme7NIwiYp0ZDjPneDLJicm3sfPRGgbVlJLNHCJWV0sRGG2PrHXB+xg8AKYUsyIX0W7VDifD/ltQLyuX5cGHq4tZllmXO2vNcllfnV9l2drpbp0NIYEqMXsfiiIT0a7rrLGXV0sRtZaRqMhNlrknpzUYdzJTtIVPKoDElGVZTAkB+u0IqMbQXwWlN7KnKP2ZJaUUQ5QgwXtio7CWxISufe32/m/9jc8PRuOaJxWUXaLt0gxYTPI2+RGlHHwIvqm7tgtd51MIEkOMnomSpFlVL72uEjhr6iQny5Yljow0CeZtGhlR0VWENmqG0kQIAk0bfFQiJsImJMPcNEEUiGk5X/X/FwoqMSCgJjEqDElUo0gfu1pft9ad+HXQBxELo5Y0ClZeO+lFFMiIGakjINCo2CnE9XEULSIiCGhcw/bXm1Kejkb90MYQMmrv195IFEk3YieDSIiW+0bLBiqtkHTdXNU1vVP7rwKWsXR2ZxSf23rt7/3tr3/9F377n/4/4WQ2oMHDd+91Z8vx0UE3X6j0jI7N+zcJZi7/0p344EouKjQUm3Dnb705vLPz4b/8/tUHjzk37IwSCqM6wsLyKOdJgeOMRwWOMhplNC54lNMo52FGgwwLh44Vac36RbDOpBDOP3iEMX7x13++XbUXJxf5IL+4fzY52C63h/f/6p3tW/vStLENwcdXv/zG7qsvXJ5d+q65/fxL+ujsh//qD176+usvvXLzox9/aPtOdYxd127vbm3vDCwkTMmxZha2xuZgN2eETx5cTafFZJQr4Hic957A6WRgDKcobeuZ2Vrud41ZnterZjmrymE5nIwQoGs61YSgMYSsyJnMalnlZd5fcprVyhiHCKfH50Q0GBaqaq09P70SUTZkrE0xOefqpi3KnMmEEIzh4ENMKSZp2pCSAKICloVJyueLWAVzMot5kWfO1k1nrSUkEXG56TuqfXJgXdsFYDbeR2Nt8NH75H1PlEggKTdwZ2/0Gz/3xm9+84s2yxeSL8V1CfaztI+Lor2a6mIPV8O4KMPS+pX4GjYs834kG0LwPrRdWK6aTmDepsbHpPR00XUhGZDK68Lr0ELr0yr0WlK9qIOkVNddTGItieh8UTNz18X+ANO1bZ+VQVAQQVVWZVRRjf2bUJ7FWnXD8lMEQi0YLGlSWHnwG08yATiCjJEIg6iXTWIdwdI6ex3X3qb1toZ3JmPCXh+q17B7VSV6hsS3TH0uJPVwS9CMMDOYkVoCy2gJDWHuODMgvX7BMU1yvT196Td+6Vvf+pu/88/+h/k79/fcYHGxfP0Xvn724f1yOunmVVw1674iAUSBzJY//0L45FyO52BIQnz1739ZOv3o//dXGhPnRgGEESxBZniYm+lAtnK8XWavbA/e2J1+dn/7rcPJ6wfj1/YGL21nd8Z0UMYRCREiI7P2AvIkBGCcmT89P/nwwVvf/hK57PTBcVbYi49P8tGgmOTn957uvXYXY2xWrcuzwzs3rs4Xi/fvffxPf2//1i2Y1R9++OELX355d2fr/tv3c0IAHU/G1tnSoQWxKLnF3MH22I5G2f2H88zx7ZsTVR1PSsMUY9raGjFT8Gm5aIiJLeeFC10HSGTM7Pwqz/PhaGCcBdCuafv9Yei8ccbleV2tqIcWEDarumf1LefLGKUc5GTI+2BttphXWeb6VbV1TiL44MuykCQ9WUxSTyfv0dShTyzmjhZ1umw4iLm4XBVF7pypVq2zxncBFLLMWseSUkqSooQuAKIxHFPquoCA46F99cbks8/v/eJnX/jam8/94hdf+eaX37h5dFgFnEVXqctIjmyzo/Nc6oySav/FVCUxCklMXQchioim1L+BVZKIzJfLFBMRLVfdctX6pGfLEBQzkHmbmqgDh4smrbxkqFUTV02Lqm3jk4B1FGNcLWti6kN5ElMfQlSRPjzAGyVLVE2in7oTrs99ayMLYs5AAEmhiRh0nXxlQkPgaM0R9rqOidJ6RYEKkADlGiaKaETWQ1Em6seZims6lmGwhIooCsQ9Zhh7vxAzgmoiMER9bqQ/kNitSRiUVedxMuC7B+m157/0zW/93u/+j2c//fgzNw4/+d4H6MovvvWZH/6rP/SrRmLaqA5Bo6Azxbdf7N47SffnlBkBuPvffHnx8ezJH7xrR5moSBKwrJbQGTPOcZTbV7de+PYLd968vbe3PRwUuTWM3H/a9JCRtguX8+XDT47f/5OfLf76OMtavaq0QekChOQGhV+13/mnv/+V3/plJf7wuz/Oyvz4Jx9On79RDItH33337i9+nox5+JMPqzqu7j32izkBfPTv/uTVb3/j0Ucf/94//jf/5f/6P//Sr3/9h7/9Z5OyXCyqgZZpxMRSZEyYkkiW24ePqhj0pbvTGOJ0UjrDbdM/BhBFVqvWWkaCLLMxBN9FV3A1XzpriiLvv+W+C23bjkalqiJBDyxiY33bsQEFiCFGE5Exy121qJfLappNQghZbsfTSYipbTprbdt0g2HZ1Bh86AM0PiYkMqwpSp5nl1e1MVFEo+LNHX6yjCs3yJw8eXJ+eLg9KrPFsi3KvFk1oYs2ozx3ITQ9jNR3PkXJMqcp3dgbf/XFo4PxyBgnSBE4kTmrI3m1NmtTOMibqa5cbHMDMUEdwRmTEEnEonQpqUhhEUG0DRBj16VkHBuygNNBdnpVpZjyzLWthCQhpdNlnFjIYnfpNebGEVxUEToxIr71CYEIry4XACOJSZN0dYtEPiY21LW6nvpHYQRBEL7eIuM1funTfvt+NJkUtEfHrcET60Y3fEqwu2a8b0j//UtVN5ut/mvy9ni8ZkupEkJ/kESAfuIiKmYjXQNYt78MkyG0hsrMrqdGxICQDUv7yvNV20JmzME4+8KrX/rPfuO9H/3FvT/83vPjycUnJw9+cl9W3V//wZ9jSuRcc3yhosggUSk30197tX7nOH08o9JKG278rTdWH12c/cmHduL02kDlCJ0xWyVNi+1v3/3V/83f/OrX33huZ2/iihyMFcJ++huVBBzwwGT7k/GLL9584UsvrEZ0dbLgoJrSZpKrmTOEeP+nH730ldcxzy4eHmfDorlccpaRo9nHT3befHHraIcLA4tllhlytlvVy6end37+S6fv3D+dV3/z7/7S+dOrpx89GE3HRVnsTniUASPEFA53yrYJV1f1qy9sFTlay4NBse6xEiNqU3eEYB0jQVG4ZtUk6YPcYTQerdftua2rFfUBO4IYonHGOJe8jyn25rUYpCcIphBWdcdILjNIGENyztWrOs8z7yMxAwAxbUwK2t9t0tr7a5C57SIQM7EPSZEeXmg5GjatPzu73JqORSUl6U+JTNzfWUKIbNj72HUdADrSX/n864e7e53aqxZPq1QnDAlzZ3OHQ2xfLJs8riB0k4xWQduInBULzS6CvWwEUiiMpv4nMATSlLMcTexeyYdD2iqIVRsvV1XT/9Q3TYeIvvVdApM8Bn/ZijXcdr7uooq0IaQkiBiThC6JaPAxhiDav1kFRCTG9YVKkqE1uUVUVSCu6xob7u61ohohIzCkANimNUu6H3c6hozW8w2vmDYzGMY1TS7pdepMAYAnw2HP2+5LTIjUrzs2HUvo+ZMxSf8a7UcoguhFqy75pIIExECU7WzDzvDq4WN2Fl86+trf/a+qh+/97F/8wfZgyw6Kx28/ytiSYzedqE/dYpm6KDGiAmZ2/+98tnr7SffeuRlmseqOfvW17qy6+NMP3TjTlBQVDKslyAxNc9out75x+2//o1+9NZ3GVZAohOSssc4aZ6xja4w1xhCrqg8++jiy9s0378xYnn50wV776J4BQNWkqIhPP7j/hW9/uUsyO75wRRbmKx4PpOm6effCV1//5I++Dymp4nBvmyyvHh37VX3ja288+NMfXYTw7d/61sXZLC6qycge7ucQYwhhe2hzyyeni9uHw4OdHFCGo9IYbhsffCRSRPWtzwvTdX4yHfjON6tuuewQdTwusX/mEFxmF4tlOShTTMQUfWRnXeZiF3zrRQWJUhRQddb5tglBVJOxbKztumCdkZRSFGNMD2I1bKIkBIgxrnWUgCLqg89zt6gCkkmqACwAF5XOatyajuaLVVXVk8kwxNR1PvjEzCkJ9sk1UQVo665ru7/xxc/dOTq6WoXKSxTZLWFawFYGu87vcz2FOvl27DQ3cF7rLLhYbJ/GwVlrLmu5XMW6CwQpt4igIHGY897WIHe2yKxjyCmOjKDIrA6LOoiC9z4lCd6nlHxImOIqSBuBEVZ1B4SSUoyxf4/EELyP0ofgQ9R1NFRBtFf09PqMXveY1ouKDbNpk9++7ltlJI5AAdoIUdeKXyZwCFnvwlHwALIB169Z3aAR1h3M/inkrdHwGsL/qVck9IFSBDBMjtESOsOOiQlVtYspRlEV7qXZgJw5H2Nxa8cOXNobf+5/9Q8HNn73n/1P2OZmXHz07743HQ2zQTG+c2v2yUO0lpztzmYAoD6NvninO5mvfvzEjvJQdbtfeK7YHz35t2/bUQZJkTZ/MIWlQWZ3B/rc+Fv//Tfv3Dhoa58ZWxZZG9LT44uPP3j48TsPP3n30YOPHh8fny9XlbE0HBVEnJIYpaPn93927ySc1SigSfqAnQIAk4iePzz+4m9+9cm9k9B0xNzNq8GtfYxy8tN7zdksrDpfNfX5bLy/qy6rPn7IuZ2+dufeX7w9vLP1pW989vTR47tv3GzqVQqhMDgs7NV8tTV2d26OmNU5m2eubeLZacUGRmPX+ZBltlq1xSDLi+zyfNm24WrWHh5tsyXoRTMISLCYV6PhoOtaYvatNy5ThRhSVTUiikQxpv5VmSSmhD3Ykw13XTTGMENTd0h9BU+QkBl9CKpaVQ0ikmERCSGFEI01l4sA5IJoE1SRn8zEMI9Gg7OTK0DMMpdSqhZ1s+oO96c74yxnygm3B8XOdPzZV1/9/Eu3c2n2B3hYymERhxRKjTs2TKhD31hIo4xXwg+W5rSzKx5eBitAjvFq2YoqdCsIPsZoQApn2Lo2kRcMSvM2zepwvmgI1DJdLH3jYwox+IAKvvMJIPoYFduQCElVQojMFLwnZuknTyqSUn9qFEn9fH6NdRHBXlG+QdKLQpINtmvjlrpWmGUElgAAuoTrfYEqIeS0fhOG/iHsm3/9nXCNgdqcKhEBkMejkWzq4YzIjIzEvJ7JMIJK39sBEe3p3dYYw0Sgro8KEaNltVacWVYr2Zu4b37ts1/50h/9v/9fp++cbd05fP+f/1n74Hz++Gx+74kaO37h1tVPP863xmFZx7oz02G6XHX3L7l0GlI2Km996/V7v/NjWjfPUA2AZSysGeZmWuBuOfnKrZ//lc9qEEvWh/RX333/P/7Lv/zp7/71h3/83v3vfPT4e/cefv/+gx98/OEPPvzg7Y+PZxf7Rzuj4dDHMByWy9id3LtwyNCnAteDXSVD9XxV1atb33z9+CcP7aigzFKI2WQwf3RmmPrzHqq2s+X05mFCWHz8pNydZMNCoH7rs8+/+Wu/cu/8bPXo2DCUGTeNdxkfbuej0hCiMdyswmLeNk27fzgQEURomiCieweTs9PFfLZqmuCK7PDGNAYhYiRCgrbxbeMHw7JrvWFqW89sRUFFq2WrKBv5hTIhEnkfRBIg2Cyrqjr6mOcOgBaL2lpKKaYYAZGZvfdNG5omZLmVlER0vmhGw2Jep4uViUpdkC7CvOE2grWmKIuLsws2hgm7plvMqqtFnYJuZ8Xdg8PXbt342otHbx0WOzo3XXVxUS2WDQKVzu4MbOnIGcotdWoed/kndVlB7tEu27iTayb+6fnVrGoy5wYWrfppyYjUqAU3KIfjYjAim1lnF6vusvJnSx9jlCQnFysV9V0HCsF3gJhCiklUNaZEiDEmQBRVSQmIVLS3VUpK0svBRSVJr9Pqr3EIYHhtmFWAJNcA2f5qd10j1ZzRsYJClzAo9AB8BrAIGSMDCWLYHB77VSH1gxntlUTYJ6F5ezw0RLruAPTjGlibuLVPzGy6HNJ/p0R7vK6CIkYEYBKmaDgNnLlz5L/41lu//O3Fw599/7f/9ODo6PjP3l7dP3dlhkRsuHlyDoTZ/vbqkyflwVZYtWiNrrp+MRLbcPvX3pp9cFrdO+dsbSEEyzjKYejiXk4vT7tb5a2v3H3r5VsQgQh//3f/+u3f+ZH/6Cyd1brocOWxi+QjeaVOdOHPPzl7Op+9/Mbzzhgg9KSfXF5yUURACIoKkhRERNTkdvb4auulAyqL5mxV7G+h5cH2CA02pwsya16YiPiqHh3t+dWqfnJ+6+WbywcntV+99JUvfHR8Jd6XBmPTGsJxydOByS2lJKuq0wSLRTud5oOBCT6GoFXVHd3Yms3r4yfzfuV9eGPLGE5Je1gsIs6uKmttlmdNUxs2vgtsbfQBEZfLFeI642CsJYNAWC2bru36WGnbdmcnV9OtcQwxBFmtGmup6yJofx/SlHQ2qwmRGVNK3qdq1U2n5SdnUMU8KcxWqY6u9mCtsdYlSWfnF11ISrRaNfvD7Ntv3f3CK3efO9h+ZRLvFNWOCyOrGQTu6t2hefW5naOdcW4pJrls8OGSnnTFikrjnE/Kvv7MKL46ll0bIXTHizYoGWMcSkEa1OaDYTYYLTS/aOGyBSEzKlxV1efz1aIJMcli1XU+qCQVUUkpiQD0oWuRnv6sSZQN93sOUE0xqkgvTusnjQa1IB0wlAYLw7bXXgP258O4juUh4rPpCKgyYMaQMQBAFyGI9u7F9YqCCFEFMOoaSkEbqqpej0Zh7VTjrdFQQQ2RNdQn0ZJIzz20DIbREBIgIxIhMzgmRLCGmYgYyTA5Q0WG0xEf7PDn3xh8/YtfvHPne3/4Z+HJFV2tnv7VBy53oQsSEyKi4XBV2VEBmfNnM7c/DVcV9p/kIQ1ubo1fOnr8B2+bgkUUGMExDjOcZAe/8uLP/6Nf/uyvfe6Nr77y2t0bBRtjuFq2f/UvfgBPF2G+CstOai9dkM4nHyVESQoAmc3qurv9+u3dvZ3Oh8Ewv/XqwfNfvnPwhZtXbVM9nmNMGte2ACJaHc9ufuOlk58+CGdzP18tnpyPXz5MquGqIsuqikSxbdXY8XNHzfF58LJ1++iDn364+8bNu2+9dlzNU7VC35WOc0OlgRRlvuwICRTrxt+8OVLQGLWquslkEEN88viqJ/kC4e7eJEZJsWefQ4pyeb7Y3pmIJN95YowhWmvbtrPOXV7MjSVmYjZIa9RzU3eLeT0Y5KJqHZ+eLUAhy21KqaraECIAtr1jUEVFVpWvm5A57o9q51e1tdSJfbq0daCmg9lKgUxQjCHkBguNQ0z7A/eNV27/ra++cfvowEAadxeDuCBNkjCFaEi3SnZh6auZb1Zd4y8buF/ZhnKyDpFWbbcrs8+P2+eG/RhDt3Pi5J/MW2ttQcKSsnKgWXEVeNZKVAxJZ6vQ+Lg1sIv54nLZrrrUdrHzoV+u9qlHwX5vKWsZCUKKSRWMNaAgfVs+xBiCSspIhwbGFkvG0tIgM/0+PfWHI1AAjYrpekqqz/oURJAbtNd3QtnodBEywoyBEPtYy4YWChv0/5pNep2ZMWvfu4hoL1dXVWBSInB27bPoMRtE6/aqIVRC00/4rBFnw6Ck7Un28t2rt1567fU3njy8/+B7HxwNhh995wec2Zji+GAHkGaPT9kZNLR6cFo+fyiTYfvkwu1Mw/kMADWlva+9ePn2Q01R1Kz9bIYgt+al6S//o1+/fXQYfceCIpKiYIZ11XVnVVjUseowKfikIfaJdxRGhEQYMq8tN3VQAYliDNyYTgD17s3d/bvbv3O1XP7JA7CoEUAVGauzRfPk8vDNO0/+4gNTGBG9+OEn08/dYYb6wTk7o6psTLtYFi/ccnvb86fnu68+t3N44zv//i//4f/+C9nO9OLp46PdrW6xipSWrb9qQ0oyHvDFrNnfKYhgVfmUBJEuL2oUsUzMEDwgYdt5UCUyKYmILud1vfLWmbqqQwimIyTqOh98FIFq2bqMjWWIEYgYKQRPRIt5O5mGggmBhoP89GQ+HBXeB5fx6clie3vku5hiyguDiGzo6nxlDA2HGYCy4QePl9Ndl1KYtyZ6jDF1Idwew9dujo4GZmD3DTOaXN1wmexqdjGqHpfgxbogBWKMMUTfEooG365WwnPMR1dpvExsMtMGtRZv68ULbmmVmsYSWwEk5LsjXlTNk67pMpPy0lNed1SHNGAoOSWWCvFsqQ3R7cOdx+fLtvMxJdTeUd1jlwGItX8OJRExMaeYUuqIyFhL1iARixiVgcGhRVIw/eWLyBASSgjri6IhXTc/Pt16g83pcs1Bw3WnbbN5gOtNBAA9k5pdH2fX+wm45nEjGO439dQnsDWJ9DZlWpMt1v/1KEKAGVNmMXccBCOSIiYEtAYGxfDmgX/txfIzr90oit/+n//t2GTV6Xk9X7nMhdni7i98JcV09c9/j9iQte7G3urDJ4MXj+KqRR8oz2JV49Ca7WL+/rHJrUpayzstC+Pozs50a9SsKlQiY23ujIJjk9J5t1hBG8RH8AJr+v1a7oaUlCM2IVYaYyxtAQRKEiXV3se22dvefvkbL37/O4/IsvjYR2pMZp7+5MELP/f6sWNIQkzIOPvBJ3ufe4GiVk8vyLKKGEuLH74zev4GIjz8wQef+9u/8P4HH/zgOz/+4je++W8vzrrHp8aEyHI270KnB0N7ufDey3BgZ7NGVZdVuJr53e28zFAVgpcQJCZpam8MAwQASiE+fny5tzdMMdSrVjV5Di7LmiYY5uWiXiya/cOJJJAYmCnG0FfIk8jlRXWYcedlPCmrqjs9mY/HmUJig48fnzvjQrCD6PLcOENNE5aLlhkVIDO0XPmt7TjJwvESfRd8gM8f4K/ddbujfnivwORjWNXLsGzz2eOMYsd5RMchJ7ZsUPysnZ2heE3SrFbYQbTOx2zldTQabMWLm3K2mnecD6koJGES9bFr23DgpE3tIg5yHnaRYkoDksNchg4QqYumJPdknoTs3aPp6exxDBEAQbS/GUtSQCHDkEBiSpKQN0OWlHxKlikjzBmGjgtG2kBKgoKKJkBm4p5xuOnHAMi1aws/hQnvpcPr7cWGxNs/sPIp9TVde1yu3Wfr39D1swWmJ5yi9GgySaI9ljWJxiQOkBCY+lOsIoJhdBYzNk2CJoEa463l8Vink9XtWy8e3Xzwo7dPf/rxKy/c+ckffBcZU0p2UN778+/bMlfDv/C//K3HHz56enJitobdozMaFpok1Z3Z3/75/+3ff//f/GlqvBlYSLA2BjOhZc4MiLKCMfz43vnlxcxlXAzc00fn2Lc0QlCIgLw2o61TsAyWhRGAPv7gAQK0vhFNxah4/pW7jKwq5Tg3uYHWK0GfcSBL9eUyVs3kYHv+6MSwA2L17dkPPpzcvWHLKrYeFQhRDHanV3d+8bPv/e5/PP/40dHNo7/8D995/Vvf2vnMW/PTPxmU5bxaxWAyVGQ6m7cHW9ly5esmxCCf3F/eOCyzjOo2OIttJ96rsdTUfjjMk4hIe3mxqip/6xY3dbuqmqLMRSAptk23tTM9eXrZtkEBQ4gpJuu4bZqkMBjkWW5OTxbTrdzH5DKX5fbkeGbdNmIajdzVZX1+Nj86mqzzT4hJoaqDy8ha7i9Kp1ft9iDzT4MAf2Ycf3W3yxpfp1WeZ2wMImbA0MHy4pzVp7JMgwkN99ENGg8hppQNAkapnlqIPoTUrbo8j2LtdJhrux3O5rNZ3eFgf5twlCgLKcS4apt5Xa2mbGvNItkQwkC7gzxNDBgiIMsA00wuUBYRJuPR80db333/mNkorLd9BCghSIzsbEICjcnHPjeMAIWhsSWHUFiyTISQREU0t8YhJgGkXlxAfTCTAFKvdlu/y1B6ffV13gxRRdbF7o0uCT+1o79+iz7ji+M1mOLaug0miBIBKkTRpCCApP0nEzBCbrHMCIGqNjReQ0xdQidsDRgmRmyR8MZN3RrUBzvmcP9G1D/4vT892t6+evD4+b/ztdGtnR//n/4ldKk6uRARBvjop++TcQPDIXOxquPZLNvfAgB3sPPGL3/++//n/5Gs6T9J1gDGPstjmABVhS19/NN7P/qdH5oUY9vFNrKwRGFjgEmSPAs0IPTxc4hiqvD+P/nu+/x9W9hkYOetozsv3SUgAiZDZEmdQWeQVdvQq4+PPz4pb2zPHx5D/2QSaUirJ6cbIh1CAra2PrlcnV69+qtf/uA7b3/1jW+enZ1++LOfvfraW3/83rv18UVTdQJuXPLVqkalLDPnV13XpatZxwa3t7Jl1RrGpoWzS587k+fUtGEwyLyPMcjpyTLPjQLUq27VhKzIAKlZtUnBh3hxschz17Vdv2DqOt82Hg17H4rcPKr8xXmVD6wAGstR9NGjy9u3t65mjXVcN/Hyqh5rjoR5ZoiwbpK1fjjIuk6sgacX7Y18kBGr6JfKFYXMjXcGw0KjR1CNgZihbdrZ+Xh3MtiehmKn0kEXbSKzSv68apswKtNiFFoJUSTGtESbS2hzbLSaVcvuaZdNt/KBFEplYG1UmxbryqNWWQmpG1MKQ14OESEhkJWYuiAZwmsHeZK8bbtb43wyHL17vDo9vWybNvmgRAognZckyCzrmJiSyjgzI0uZIe63bpYts4ogIBERUew9syJWEX1cj1P0meBOrw0Q6/osPkvUfPqRWiMwdBNz082Lb+M7Q6Deh72ZgxpDeH2G7T8FkyogRNEgSsyGEUAzi6tWVyEJgCoWihFhpVQ79ovKTYs0LF4cDLt3P3n84w++8vLt7/7o/a98883h3uSneZaaiozpW1H3v/+2Gw1vPH+zD78BJ42RrEmXi3/zf/jH7bxBy/2tehNMIMTe1bX+8OEkpk7YeFg2WPvYhL5PtU4UaR/TVkVAIjAklsgSF84UGStxyZYYkPpfgojICAQKolHWJV2ibtlgniGTQh8xV0Ikop5BuvnOqC2zR3/59uf+9s/d+eIrx/eOb7548N0//6t/8ObrWy+9fHa1dMZNhhCxbSucWBOSHJ83mTUhysFOtmpC5jAkvZrFp6ft3VujahWmW3nbhaaJlxcrH2QycUmgrrs+ZBh8mM9X4+n49PQqhsTWdl3Ic+N9IMblyg9HRedD/3NxclrdeX57Pm+L3DrLDx/PdvaGqzqkCMTm4qpzuRVpeXvYeQlB21ZT9GjIoM5mXTGKJXNZz/bGw9HhzXwwBEakJixnKCm2zfx8JhIG05HH8nhuG1XkmCDNm/Zi2VzOva3NLWBug6Ro1DrutnIZhPrqfB6V22zamLGjsvHYdDFFW2t2VQfqqqwJwHluqXCVtBSZxRsFsuxGw9IY49u21bjNfPTqVtYu//X9KkVQ0ZQCGgOIKQZSIUJSMAgDSyOHjpAJnTV5Zpkos4aIgCgmRUQLIAJeUrdqiagXCRKuReC61pyua+3XyFBd7xnXD1sPzN4Q5TbvRnhWE4I1OW1zOUTQvpWiqlH6cy0lEQBNgkoaEvigLQkCdBHaqD5ql2JI6AKiheA4AMYUjGEdDl8sR//xj//Ndp4tTy/nJ5f/8f/22+qTv1hyTMaafr6/+/yt7uLKFSbFqNgXsxAB1OLJ5VKdpRglergG6nyqIdX/34eUYojQhdhF8Ql1Qzvrb8BJnl1kcXMdENEQBFVJ0NqY0rOvi6Q9l1Y34qn+rpwZNSi8/u09u1Gv/+DWREhAzHL3zh/84Ev/zbcuqqYclA8W1f2PPnr9tc/8u/ffn9beerO68pJ4u0iXy65aJTtmY7DzkgtghKaR+0/qMueYJAVFwq5L1bI7O6u3tweIEKPWtR+UDhTm87qnUx8/udzdmZyfV21n88LFIA2mrk3jCderLkUZT4pHj2cHR+O6CUxEhNUqnpyuALjz0TpeXsWqCsbCaFR2Xfr/c/Xe4bolV3nnWquq9t5fOvHm2OHeVge11K1utUIrISHJCJFFsjFgY4NtPPbYYGN7BtvY4/EwzvMw2GAMjtiADcgCRFDOodVJncPN6eRzvrBT1Vpr/qja3zmMHj3wqOMJX1Wt8L6/1wftBVvVfjDKQwihbde2mwWLb7h9+dDtd1ibA0oILYBphaqtLVTd2dkdra6YYjAJTsEs9Akl7M3qZjKN//HjqYVqEBoQbzwuLh09lHO5sbU7rt1w1JAbe0SPzNCK+CBTDw2D9V7axtp1LowOZVZr3suMdcY6ciA1tEh1WVazSWi9AXjXuYUrN4ovXdqzhgARmOMnGVVzhMJhz2KGSgCZs3nueoN+0Suss4jkMgcAgUUUfN0QkQmhav28v8MDVLO5gaJTuiQjfIq17jJeuv4RECBhRBPXeA6nwA5akz671rPgPkNKo7YNEESgFtgquWFS1bKV2if9KjecCTm06EAIAIGJVo8fm26tvfL4U7f1CjbZ69/yBvXSlpU/zaGubz75orFWgpTjEhQvPv2qGAQRBCVD3vu3fu+7v++vfu8//8v/4tKHP2+dkdAdw6RUIO1aXkYVRMJIQYXkSIR0AnXe/HaK2XhzRXEsq6pIpwaEuZkZDKWDbBAB6mn94Nvufvf3v/vf/Z3/snNtjRAZm8RVS/ZOIEMms1LV5KwCPPuxJ85866NmYfSaw7S3s3Xu/Lns5AmtQtgdB8YMUVHXtxpD1Aapa+7lhlCrSm7crNqgx4auqkKRGUtU1357uxKFwSALgWezOngxxtR1O51Wh44sXr+2FX97jZeqkaKRxmvj27L0oFhVDKC9vqtq3t6uyWFdt57ZM2zvNKOha1rJc2tMOy2Dc1CW7az0Ilo5AtTpDMpKUGRva/cdb37gzlO372puWfqGcwJftwy2Zdq6eUsJFw+v2mKwCG7ZssqsLCvxkzZMZ/WkrEupp9v1rNHWAjsJC6ENk61yvOdZh3m22Hdl5MyjEoIhHfQsFs5XUM4abtfz1f5Oq4S6uDQyxmfOtVQZY4hQVdtyOt2dGmt6g+LNd648e2NSMpgU3qeEMMxsz2BuySA4QwuLo37hBsN+o7iwvJw5qxp3xCAszAz9oqlbE0zmnCHkFPoQZzP7Am4FpS42twsPjLbAeF/HMYzGTiiuDefncj+NONatXZS4jXl6EZMInTpnjvMrW63boKDxcxtTm0SURZDZqESPcevs0vHV6y9doWnVBn/h8QuDYT86UH3js2G/f+LI7PoaWVetb5mFUVQPJMI4oc2yzfXJMy9dC8ais4CCpIBJ4KOEaiiSRhlUYpRGxM4TIsUCe7/b7RjPGtM3YJ+wB4ygCAcgwaAAsl/jI6oQUTyNDz1w90fPnNi+uo6IEQs7h3prhOBntrFkAHJnGWkjGLzz3JHZ9uPPXrjzNa+753UPvrS914xLVRoUVLdc1rrcM3XNTavOYlnx3m67veePHC4MQVVxr2dD4Nms2R3Xy0sDYfEhTKcw6Bcxcsg6V5VhbW1y4uTyZNrUTVvXeVn5tgneqyqGINWsNY76vdxlZm+vXlwqyhDaJrDAeNLmhWu9FKMsL0xZhrzAWdk2TQCEsmpFFVvdHvtBv/fw+XuPn7xvo3Z1EFVwKIeo6gk3lQ9KjecjZ44PDx9X0yMh0CDAGTQjF8S1ra3QlOtcTptmJkzKRvxwc3MR67qsVSVzcLSvN6AJEhBIRFB9gYEys2dcxc14MsmNNkYHPYe2VhZnYDjs9fo5oVFhQs1ypyLTabXSN2eXimfXS+sMIuQGe9YMCtfPrLU2dybP8/6gV+RZNugXxmaZY+8J0bMQYnweABRUvOeoi1IBpS5Rdx6te4AsnQqkDrsEB6JcOipFGoeSqkQpXHopEykjkUxVrSVCRAElQGNQOVW6qAgUtaf7xLf03iIgaEeaBkGgIwuHFvsvvXRpZE25tldu7La7UwkhSjNVdOnc6d7xw+X1DXJWy6o4tOSrmapAJOkA3Hrxypc/9+TG1y+Ss8ptvEY0XgcJBA5pMgUIBtWRWgJnBAEE035TugxTFQRVQ2oA4rIxGpYtqemuq/ikEUYuDsydyiIGYPPm3guXy1nA/soiCYOh0HrqFShBrOHAVGTu9hN/+f/8sWvPvvI/f+EjoyOrt7/vnf1zZy59/OPl+u7zV2++6Y2vffno4ebGdpbbXGy5LQAUWHwrmSMA3d1rJlN2lvo9U5Zt2yoh+MB7k7aq+Vhumya0QVwGqrqzM2WAxYXi0qVNUFTVybRtvbStr0oMnsfjemmxKMt6VvrRYtH4UBSurH3RGESsah9YQ9C6Cm3DOkQkaoK3THXtmzZYg+OJIOGhleG5Y0dfc/aOfPHU1pQaH0TVkTRN0/rqCE61rqaTaTYoVs7cAW4oghqp0CjWQGY0A59jyKXBpgx10wq3ntu9ZmmU2RPL3jOoOJKBC63WO+0U0DoIGVZIbZNTZW0juFOFJS8tYxPaNmio22HPCrP41joDqiEIsLa1r4OIsScX8pc2K0QYZXaQ0aBXDId9S5hnDpH6w4Eh7A2H8bNdz2bJUSviWTgwGsNNG1GdKtKRlVIN1ZGy0y4QVOZTlvjudX91euMopmoQosQnMcplsAsOVxIV2K9PrYJGSAoZVFbTJWRHBCl0bVKXNqrRs+gMOlACtRYqC6MTS72tjfXHX1jt9a/cumyMQURDhN1rvffKtcVzJwanD0+vbJBCtbbtFntRCqeBVbW8dOvV33vMb+yhCgBSnnEIgARE8eFX3J9PqSUoLAYHCNDS/EelqbRGVVVhMEA2wtQAMqLcQWYpnsEDuHydz5EJ07YIdO/67n//Lx+/dvEqWSMCuDAEH8gZNMqca2Asem6hf8drTk22tgQMs1z/6tezq7f8xvRIr7jw/IvvePCu0WhxSrRIdq8EnUq/6xr6PdN6DkHbVoZDiyBlw8BgDE2n7XTqicgYKssm+uKns2pvrx6Milvrk/Wt2bGjC23Qnd0KEZu6tQaryld1WFqCnd1qPGlcborC2szUtW8aTwarmlsvBUtZhqZR74VZEKFupW5FAatGcmPuP33sNaePj7IeSD3ZebkJR6rsMHKjUi1gFWZbE78XymldTo+fO0cLJ8YtTT02XnqGhwQgKsErs7bteGe8szcrW2lZdmft8sidO3eq6A29l5yAUC2EETUsUyA7ckwyDaadWMksVK1nxGzQv7k+0aZZLsiCMmcud4DB+ZhJriFAAMOIqrgyzJcKW/SyhX7eL/Jev+j1ety2qGqzzBL6pmkJm7oOwRtDoOqsbVovgUNgY01eFARSz8rWexHphNrd3l27YhLmtHXoeGgH9odpJKqmawgNoiVQwLgCa5LQNx1pQlBAy12dGaXiRGAElSC+YXhgOoIABuOnOtnvDWjmTOvo2OKwevrV9uauG/Wn23tkzTwUOEkHDO69cv3Qa28z/d7OC1cpS64NVSBDoapf+743/Yn/5bv/89/7lVufecwOihiskyR7mMiLAMqgooC5MRaDbwEsFQ4AOAdsGQVAxIcACtZaiORGRGONGmxJCgNojWpH81cVFaD5DifSBZRZjh1bPn+0v3to4D3H0LUgDgl9XStD5jJQ8VfWf+mf/er2le18ONJJuf0Hn5VBLxsWp+46tr22UU22ji4vvYCmClLuejuVsvUTYAsaGuxlKECq6Cy1TZCgg55DlLLkqvJEFDyXZdvru8C8u9fUjaLltY1Jv5eRc7t7TVlxnpEoMMt43AKCAOzsVl6wrIJ1hkWNo9YLMYynofUgCpNpWze6LBJY2iDW0qyS1mvP2DffcfKOIytGlNvSWruci4dbLzbWBwC/K7AXpju+qXc3NleOHRmeuGunyjZLqAIyC6keK2hBtG19WzeTSbmxM9stW1Yc16Fhvf3USr9XVGUFSIqECuL9qPCOKkWToTC0wUjrSFTLlot+b2fir2+VEsLE4WrPFEXGtofDBcpzNEZFoWmg9RQ8t22vkJVhXvTy5cVhCIzM5XhiEIIPtm2bGQTvp2NSDiIJH0qEIQgihMC9Qc8ZGo+noWNus6qNqVvzEcqBCWcXyqLYRV7vByqpxlLLIEoaG4IBdRjPJJQKQWJDmB4Ci8loOP/AI6KaaKsCjBaKOI4gREKQCNNnjYBRP6nbxf6p0cKVT71QEM7GU2ZwGTVNcERAkT8j8XvefPrCmfc+gjbbfu6CpqjSCKzAtVeufe5/fGx88ToSaQjeK0StQyyqATgJ+VhA1VC+Onjrj77jxvM3n/vIkyceuv2tf/ptz3/y689+9Mnls4fu+5bXX3vq8oVPPt87PHr0R9+9/ty1r/+Prx267+SDH3rLK5985vKXX47vfGdxBgCkLGNolBUQWQGtvXF1vfzCExvXtjRV1MHPaptnwiG0LRkLiD6b1XulKHLTctvg9hisaQtrzywZRxcvXj166sgLg4FkmbXW5c5Kq3XwgTenbIkUwRCW0wZQIhFgvOedQwlicyrLtm7CaJRNJ832dp0X+fZO1TQ8HJnxpCpLmUx9cagHqHUTqjoMBtl02o4nHqxlMFXNbStFz4hI0/J4FmlDMJkFtMYHaVppWskyO5n5uuLX3X7kUH84mXlLPsusdUjWDCgs+M3rdY/aSRV22+mkHE+rJtx77u5Ki90KgtrcIWNoW5y26ETaph1Ppls7s81xE1jLoLUXa3F7r3zsiZdWF4e5M6oqgKTct5JBWzbBWQLwQGAt1axVUA5+b1KXjQcQFSwyA2TaIGJ72F/ArGcAQ9NS02BbYjkxWehnVpnr6awNHKcmBtD7FE5KhmLyE3QcCQD1QVi1cKYs68l4yqICWNVtYIGDj8+BGUy8rlWivhtEIR2NeIgilzAadAEMAQmQQhZJpBBZhBGDn8b90WFDqkqKHQlfk1sjDR07sTni3BfcshJii4qeoWp6g17fZdcu3FhYGuxdXUNr8uNH7vqG+1/+o8f8jW0Ifu6cQoS1x19YvussWAvzCZAoZXbj1WvrL14DUZM5ECYiie8yxnBUE4+CqMResTi08LpHH8yHw6//4TOjk8t3337H+MbOM594bvX88be+8+EnF3oXv3yxf3zpjofPW6SnfueZ1XMnHn7DQ+PrO69+4SWQ2AODqBokVDTOSu6kaiOpRxEDIxXDumyABUFVOMzqOE/j1osVJGKQxhAsDbARaAMQkjCXZbW2W9w+fOWli++6+2x+bJUvX3OGGCEAWkRLkGcU70URaSuJv/Jy6jfXqzwni5oVXM0CEpb94H3wXslwOWuso7r2gLi12aCoy8AHYc91w0Vfx5OmrJksNW2oK/FBCyAfZG/Cs4rzzATW7bE/fMjWjS8bbloZIe7uVYcHg+Ori2Iy63KxrgQraqVRR74IM9rbG+9uApZ1VW1s7j3w8H3Lhw/v1WEhN32RVnDSBA2hbBrTTHlS7u2Va9vT2kvDWPtABABw6dbklZuT4yvTN587nGc2LZSEjYGeU9VgYzYqIitOmxA49veqCrWqGuMyF7z3den6CypW0GExQNMiZgYoK9oQQtn4tkqjBADMnWnaAKCGjIhYQiKsvVhLmTGsYhBBtfXBV40COGvr1vsQbU77Y02FfZf7fCOvfwyMH5+uLn84cSBQul2/I8gIIDotIlcwKtUAAdSqAiHGJ8kAGlVW9JGXnB5a7NgzwJo43YyAigZRRBePH6rqZmtz7/zpY1f2pkHBnDx04p3nX33xCo/bXs/6zW1o2hiqzJ43X7qMyNARh1lBBfLVoTm+Wj57OV4DHALmLqoINOaMAkia3xokS8Z4brVhIIMsjTQc2FoHCpXUEsS53KLRqgVBynNUaqQEFmMzJKOdkh3JIhKHNhsNVKle30Yk4WCLbHDsCDgDqkSkohBd0yAxAJgyo5ZWH73rLT/0Jz7xb/+gfuIVCAFAaaE/3Z4evdNs3dqyXpbOHNt+6jljqPOyECA1PjAoIThCZymzaBAEMLBiLUo6mQYFcJa21mtrgQy5jFQl7zsRaFuejcPqag6os2nbtkljOJlUVa1kpMiprEJRmBCkrMJ4EpqGB327N/Ft0MzBZOq3dr1zNKu9CJw/ubqwMBI1nPUgXwiQe3WesW3qabsD5dWttbWx+L1peerU4ftee96iX7Y1y4yNa9FYq1tVmIxn7XSM1XR9c7w1buoA09Z7ASIMrHUArzjbKE8uTe87sxR3egwoCkIGFdQoKFtnBNCziEocZihC7WXacpa5zKA2NYQG80WMGncgcDlIYfPcWdPOmvgSsULkCIMqKzTBI0AF6pDIYGCJUPk6cJzSS0xxqxtJ2yzo4s8BdL8p2x+/ICLGE6UY41sUDkTtpikKKRICoRKAQyCLDe+vA6O3kBBtzTo/4IQag3sMkIoqoIgiqCEkim8kaPLwk3XGOtMUdun0kd2tMU9KqRvXH9z7J+7dWnSrwRw6tJS9Ps+MvXy156/e0KoVVTIEJmId0yEkY3zbPPSNb/qhn/rBn/7+/33ruYvZ4qBYWZht7aqhbGkow57JzFyGR85RkUPmIqoIEdEYIEQksAm0gcZQZtEaIoNk0BowFFVqaAyiEVVBFVACMs6KMQaod+IIABBSXVW3337m+775G/7NpauXnn6ViFCxjZEvywsWgKxFZ9jR8M5Tb3jt6x+/8/kbL1xxDQEI9fK2CQM0e9M9s7mxPBm3vjHCGjwwowqIOoMRluxVicAQCSghGUJQYdEiI2FAUPFSN2knoohgWqSIEcXZXnuTBQ2KgHGmLNvZxJeNOidbBE0rh7LerPTjaZjM2BpsGtnYaoqeRYStXV+3mhc0nranlkdnVkez3XFogxmwW+6rKzxrUFNpPtaeMaapm4sb48PL/be98Z6epdCMqW0kBIuOKEOgQDBpy83dWbOzc2NrVnqpAgdVUfUMQKSKgjhr5aW16d0nF8gYQVMLNZB5MYhkwSC0zkq/cETIIbrZAQGD4o1Ju1e1i4M+Bw/1zBUzMcQcREQRlay1LirXY8YDArbMcYg4Z3MiIJNKUEJsVXNnVKEJDACWkFnikQgirErQNXx4cOwyX0LvE6BwX5mNMTUwSovje0mKBtGgGuxiYbALHQQwhABgm6CdJAcMJbklAERnU5wZWoOGUARa7RKzEYwhMobybLQ02rm6nme2nE5g0HvX973nVz/+2UuXrs9urG9fWQc0rfeU5ajkxxMR1RDBdinaWhXJ2msvXf3Yb356tlOBsUQ0WByVGztKMRJHLVK3CISA2qqwimIHMEzpp+xBpVs5MIEiEJECcIzCAQECIWSMwlxBYGa2aCDP66298ta2IcPKynr92vVf/Z+/e/H5ixpCACVEIKLcCVFbNegZK6Dc3Xrswj/5x7/sn72cOUeIoazCzt5uVQ7ED6vJ9PKVOzJX9Z0yBxUSiR7iuN6NAVpzqDru70jAB7EmjokQCZnVmPRLYZ+o++Oddne7RQLnTJaTc9AGbRkIze5uk/VcWQdQ2NlthcHltL3b+MBHF4tZFfamnGembUMvt/edXNbZLHf5wqhXTrbr6TQ/frtzQ9+2vg7WTwotLYlXffdDtx1b6TfjbWEvLIAGLWjTQBt6wSxZXq+qK7d2d6btbit7QUW0FfGAEkSRAIQV1ma+FQRypWSTuigxF3QGIVfqq+YGFge93FLjFZG8aivqASsvF7Zmx5d6qMJ1VbQTI62y+jp4MIBoLDlDXtR2hJZYDbYCltAAWIRoM1QAAeUAjWdCVBVC9KoRO8gqQeY8Ne3CI7qY+APnUNMevzuQsciJvgOMYS0gihF8GBtASg8g0H7+tQKgjcR8BsVo5+1yn1WjyE0JkBAsopKKJiWBKDTxmGbG5Xb35kaeWUBdu3r9jz7+eXPt2quPP2sr3ri5nS30bK/HVRN1mOy9cvxACWjkCwgRTm+uX3z6ReSAqs3u9Mbm85Q5yGzYm7ETSpcOAWhvdbB4dnnh8FBVzMD27lwxi7kHj/2sd2qxWO2Dgsvy3vHF3tERWTKZLY4O7MgF9dlCf+H80dHJJQWN55BDCK3n6ZTLBlv2oUVEX9X5uVN333/3xS8/t7M3QWsDqB0WLALTGSpgzPFp/NLqaHR4ceP48ujQSGfN0oml6cbmjScu7GxtN+XsxuWrh2874fv9PLe+qTkECIyiIuoMEJJIrDIgfjwMoXFGJIl+VTSICkBQbFnjZNwQBoY5jMsotMzgRR3GZqH2XkB8FdpZaw1xq8bQdOqnM7+8mKnI9pjjiH1Wh7tPLt92aPHIoSNLhw7ZvBfa9vILr2xcf3l07BSK8eW456dlM60Dv+Xe4/fcdripSlFRUQ5BRE2mSDa0DVe+D6TtbHdal0Fu1TwOseumTmophCQKjaqarGa7HbI9U3jKyDhUQdYhyCpJkbnCmY0pimjFytGwgnR1p94c18dGGYaG2onWexnAgAFaaMFa0Dyzkdgb1wpK0YENEpU0oKwQWOJ8MWqrAMAiAAFL9E+AF5H0bHaIQj3gYdJ5F6jdIDQWnOmAdWUqdfKqeJ6QQb0CIQRFieIahg5nobbn0LO20olNu4Gszv8P6ly/aSX9745nqq7n8sKWm3tE2JQNVtX0+q362auTzdnp191WLPa49ZrncQADhJo63oMzXwyz+q3f8ra/8Ld+4Me/++9d396zeR67YTLkej2f596HKOvxrbz2DWfvf+CsJWrr5uiZ1R/4qW81SFVT3nnvibN3HXFkfF2fOLv6nX/1/cYQt/7UbYd/4Cc/SJlpm/rcQ2fueOC0QURUz4IqofEkCYcca2NR1Swzg+Frbz/xxG3H2qZ1mSNARGqZhQUJAMkSNsoPvueR93/be//lT/7T9c9+zbfqd08eP3/yehXaKrg8m+3sHj9z3BKY3JEKEqIqgrJqE6BFIQUiIAFUsAYCp7UvdspBSe17t/AlIgRjkFDboAjgHElUWhA6hQxBhQGhrT03Aa0povsx6GJOGep0r0WmDLGatXedWnr0rtO3nTk5WFwWQFAxWXbmNefL6VO8d3MwGLT19ng8u762Z4jecNexwIygaIzJM8pzX9W+KgGNtL6t6qbhpq4UcBxg4qOOvpvIpe4KFGChl+VFb6cx26bgrE8uawODgqr1wUT1k7U08XLQpUdEew3f2q2O9IwBRl9bY03mCqR+LtPKlx4WBzkAiqbJZMtCiMBJrQkpXwxDzPzsRuMBQDjlB0cXQIw2MjGHpYtA0nggIy5e/5i7F/aFzl3CC0I0BRhIzyMLtgCE0AIE3U+YiefQZia9laH7Z8Ycw273kf7NKcOJQBkCamTUKEA+6uW59dMKRMrxzAjasqnW9rgJazd3jUU/CzGJphv1Ysy1QEQhAuXAki+PHvvME3/1q89df/IChsA+9l8QEAMz6mjtuVvj7fLw4cWmaQCRHBKgIqChzOZRU2qtKZyNqz9rydksfmPkbC9zDCKqxiBaYBVWtc76ADdfWNfGc8sQBADbpjl29vj/9g9/8Dd+67N/+4f/AVkkwiahjUnnjFdjAhklffIzT13ZnK19+fkHH7n/5Rev7d3cPnb+JBhsqzYfZr6uVhYXXa8gXztrkT0aQtCCTKeCSArBCFMWjZa2+c2KzmDcuabfWewaUPMMc1IvGjiIkigigrMYZ4yGcFhYQCAkImCFPKOWRRtWAWPAe3nwthMfet/Dowycy9h7JAIyGprx5razWvR7TV1W4/H62uTK+vTBu46uLA0Y0CCCaKgbIEPWoeemLJvK12WzO/VN4yvWWyWzapoidvy+ufhr1C/E9bZ14N0oywpAMgZIFAGDh2kQJwiInsU5G6NX4pCkYbkxru4/NlBmXzdqA4cgZABNZoADHxpkmTOt50juNYgcvfZArSTaRRSXRqNNnE/G1TmBElKsOxhQouRqvwzF+SqwG7xoTGmZM36SUC0qJhEjWw2iqkwUkIIoILbSufUxcS+ws/YrdR4nRDQEBaFB9Qwtp1yK+Fgn3g0BG0AC40wxKEgxVD43rvZemlbqdnj6SLtTLp1cXXtikxAFMLolCImIlJKulRA5MDjrevnm1y+ue7a505gKgOnnrz6Y0vuXtr7wX7705u95Y28xT/PZ/ao6KbzT7l1VQCXOMRAsmeifBgAkICBFSOk/O9XzH3th82s3LSI4y8NCWV2RN2Q/9ZkXtm9NyBm0KAqoQKLcejRkbLS9MoiKwfFTr8wurcu0uvDi9Wp3ViwPi0EOPiBAr5fPqm0hMkVmfAsEaElrNoioQghINJcBgiqRiYWHoFDcQbES7GszrIm5rUCo3jOB9h0CIAsEVQFkjrUG+CBIYAkNKRGxAgJYQmOIHIqARTha2IVRP+/3fFlK25IhZd3b3BpvbS8sjYT52o31azd2X7xV1mDOnFjBvEcuM84SEihz2wbvFVBYfdMwS+ND6cPNWRj7AwtuOCiUB1D1rFPNJF/s9Xo9o8Slaht8bRDQCYt6UEtRDBIzMJMsU1R36xAUWCkISlBu29Z7BVIiFljIaKmfX98pjUVQCLGOjfQZTcINVqE4NQDgKPiHyK43XiS+K170AGk7zSylW1jEexDn35Xu4+zj/5nzgYlQ431KyACiKF04jMK+EAcQLEfRZbyGERHBESz2MCMMQuNaWo57dZDOChUlNmpMfvspXeg7a70PC4ujPRYQ3n7+yui2o8tHl/cur4WycUWhkppSBQBySKjQIJKwmmEfBerrW4RocicsSUU3X5Gy8qQ2ztz8w5d/98WNwYmRtelXIqrJc5nsXHNzF3Rk/ljFIUFshSPUkVQklKG8Oa2u7Oi0DrOay1o9qwJas32z/e+/8lHInLUG4lERzbNsZWFha2Nrtjcma2LTbgq3cGwlGNDl0d5khpldOLl87YlXACkf9nPjNss6Azp15Nj2cNA/naFCfWvTr+8YIkSoAwOgM2A6Q0z8zbh4TKPdkhLORAGFxRqycYKtCICGIpwP0ZAPWocIjIXcmsg4gqQaTK5wYAkMqOAIX33l+qd/57P33H/noRNHXO5C2+6tbTZl2Rv2m1l54ZVrl6/vXdlqL+36B+9eXVkaeVbwdS1qDGVFbowjUQCvZAQIQAlpr+KNKiRoX/cQduwVVUEAnTY+gF3t5wPX9mSKfiwcvISGUZGAAAxlligWdoSEOFfN9zOTOSdog83IWbKOmqaumqpqqiYw0DC3cekVr/H44s31zwFAkj4qwTvT8QaoReKV3qmo5twKUj1guUlHR/TAlAb/f9NSjXmNSQcZF1OoEcCRanNMVoy0g7QtqxcI0pULCpmlnkVnQARYUJsoMcMuewfQICAp4NgHVzhLVIzy288dDZPJZGOXkIqmaSZltVsOV5bJZlXEPEdNKxmI/zU2X15kBr85TncMC8SjMy/GgQBQg/K4RTWNn/BNb3KrIhwCMKsIqqKkJiplA2NiXChoFL/hQQ18RPy3QRvPjecmaOD+0rKEgJY4SJbn1tngW1UgIhZBIrTGrozuuOPEy0897yczBAJQHPUPPXrv5rX1+sa6dYSgWy9f9dPaLg/6qivO7an2vIRnny2G/Xxk1h97sn/4KIxnxIIgfUciKXgHAKxFQvRBnME4r7M2Ks8RCRuvtVcWcY4I1BIiAYsyg7UIAswCAgbRGTSoxlKc7zgHzhFzirgLrERoEdsyPPbUlWsX108cXzhyYqXfywyCiO5eunX1xs7VrWq3lJulFL384fNHIYSbr1yREPI8iwdjYXmxN+xHP42QVUOsfqf0TRcvAl1FqnPpIoIqGGOWevZwVhfYoJSstedWWVSJxYiAQ+hlzppU/M8nKAiw0rPWxLqOAA0AgnFKwigNB1EpnNHuiERhiSJw7Ks7llJQiTdySF5B7eacCgohqka7dlZEIZoZQOEAA/8A/UkxGpdg3i7G7GokAAG1CK5rxqSDh0aeYpdoiNZz7BSxE8Ipi7Ki0XSdEWIA1a5YRaL4xIIxWLfEGtp2NCoOH17aXl3YynMVmW5OpA3YtL5u1XkpCrIWAdQYMBaNASI3GJrcVZdvmNggqQBQMnnYBJrSzkwIgtKqaYGJ20YQ1AGIFw1Bu+x4AMVYxkQqjkEJosIYYzv2iyMFVY1MxMiUZLHDPHgjrGhAETkwkTVkVFhTL6Dbe3v54uDonWc2Lt8y1oqIWxk+/NB9F48ceerFmzSZxl3lym0ro1GxYtyx4fJO0SdybnFl+sqVMPMSzHRz18RCixBBrZkvdinespbS9WMNOoMIKiok4GwU0AKzIiGDildK4c+gKpYws2DjyRQAgKhLyXMggoo1xi7gfFjuaG8q9Xa7Od7qX9rOM8qc9Sx7JU9aLQOUrDutvOe+Q7cfG924fMt7f/TM8dGhFXLZZGtv/er14ag3XFoQVgVglrJuZu18FR3nr+kcYkKSoTF0x7Hl1T64sAfqEdQYEjGsCGp9IB84eMgzZwi9QuRKxUPsDPacYZYQBBoPioIcgrQNe8+BVRScIUPEMdsMMKo70kouVqSIGBUCil417uNNJw+Lu0RJnDRNptTOJt+BZuaOiliOzlOv5/JRRFDTrSJcjOQTlQSt2cc9UfehtOl/YDpvloBZJ1XoORLF2kOQdJfE91UQwJAaQ8ZoYFJg5u1bk5fsxesvXxvf2jGIHbQbwVjKchwMsrw/m06xaTErwBhayYa3n5tubuJgBMwaPCT/CAIZcA6ti/qAWMmgdcYWNdvBysmzR45Oy+n1S5dtKxQAWk7bDtBIK0BrWmk5BJfnyCIhxIUk7E8IQH3Q6K8XNUtLk1tjmdZAhIgNIBChy5gBjHUWxdfArMLjK9uUO1BF9IAIRbi6vnfl4rqvwZYCEkC1bXV9cze3buLq7elsLPXYhmZWhrWxWKdBOKgyICupGARrMApWLUJEgTKiJSXAwCrpZCoRFpkBjWAxQEUBifdiJKPnjooshTAGRlYiIkNpLdnPybO2LTRBO2ozSpHtVlox5jVgpSxtAAgKrUAZ4FbFx5bzt772OLdN4ejsXXcOVpdN3iOXj1YOAZqbL7+C1imisAQfdibNXsPdPAY6uC5IohCAqGbOHhn1sK3qxhtS5xwSCVkPUgYzbc20UvDEEUyR5F9pKEWIjlBEYpZLW7ccuPVceWlFGx/AmHhE4oOTbN+iJg4RY88lGlU4UZET//ECc+x10lHO50g4JxbOIQ8wfz51ruiENMOe02XUIFpUQHAKgqCEwsrYialB4woxMWao08JFVZZBVNXSYxUiix9DV1Ibk5JKo6pTCMk6BWIOLs+stZnLjDFd1pkqABkrNjt0+/nf/n/+2Scef/Jv/PQ/NMWgFV25/cwnf+Gf/fyvf+Tn/tW/zcCHpgKROERCl2Gvr/2e6w24qtW3UVBaL45+5Ae+++9+6JtPLQxr5v/86S//zZ/75fLGNTLE0oCAzXK0Nva+Z+6+7S1vfOh3f//j5cYmKIL4uNuPpbwygyIAKTMtLkojUjMWvVRBWYfOSdF79G1vn83qZ776mCEnbYMSEFQUIbCqkDO8W37lP3wilLUpGw0CISBACyrIkWBgjHMGtWl0ZSErpd2dqEb5SPx/UUgRp+jp0pf4TnZhd5ZQFIKg9wogRGAwTcCNMXQAdtJ4CQEyh86AMSgcWyO0hK1nZjaGDMEgI0GcNLpXw7SBOigq5Ag5gUEMAmWQcSs7Xlrmbz9/crVv6sn02Omjw6URGYvMwpUKDAY9dFnV+Lzf84EnZXNzr5q0Qsmdk3I1u4elq6SUm6psygkBO+dUFYxlQR+0bX3bShOkrnzZBFGRhHaZG4nSk4OITVkp6tLyQu6l2ZpMJpUYazNilnnPFIcohMkTG1XXcyu3ajqcAgqIMg9JmluKQBVSIGd39LquR3Wua90f+neNcDTUA2gUyIoiKwhAQERVSreSptIHMQUTRTUNYXTAptwmz93PrvseIgECiDRyWawF6+o2lEECQQABa1jVYMe/idI56/LFpduPH/lr3/mBX/vq00989kvOGDcYnju8cvb0KRgsknpyBaXyhTDv+SK755HX/aef+Et//V//l89+/qt9oon4H/7B7/6lH/7ej77y6k/89u/cdfzoP3rvN6A1P/Yz/zK3OfkWQAOgyQrrXDOdffe3ftPPft/3fuP27ON/8Ilez/iqUg6kADGTwCgBQvB0aMRt0HpKeZ8MIQIbQ1nOSIfPnv79f/V3n7xw+V1/6gXrrTjHvkUV64wEjlpWssZUasGyMUAxbhyQCEnjdWCsI2fIuGAMnj7W6y80129oDDoQAVACJYNmHnwXNzgavTYas3e8AAtwMpykX7+IWkOZhb7DiIZMPAXCygshWEOgEBhMbIDIKACzWlLq5CMtq2dtGfYkLaValpo1iNYi51eyB29bFu+LflEMesoMwaPNDGDTNPV0aqx1vV5g3RuXNzf2buzVTVy4aVfBgCKCw+g30ADKzDu7k6YcFbmJn6+6mdWNr5tQBlNTwWrbti1bH5sxka7a6waJxhoi9L49cebYqdvOVLMyy9ardn1r1gKZGNsW6+BoFud9tbUqIAPE/EoBFE3KFfjjopj59DGe566Rwz9GAe7SmQTAgBIiYYopjKsLYyj1baIGIWYa4Zz8MM8xVAAAm26Obrp6YBak+19+goDGMX/0UyCS8W1ohXyeYeFYlXqZAJj04KJGVafLxZjdslrORz/xJ7/rT73wKvoGe71WBY2BwcgagLYt2xYQ86Jw/X4Dunzy5INnTqyePsHDBcnc8qHR//GhD3716o1v+Zf/nusGgn/x5vpfefSN/cXFdg+CK1Q1y7KGtUGkleL3v/IC6IdfuLaerRxm78EVFrQpaxDJsgyQ2raFwuX9Qq7ehMVlY0yrAK1/93d94NWLV6/cWK9M8Q9+/Xcv39wwwyE2tqmrYjhsVdl76pFzzijUHAQ0A3GgEgJKAAQgAgumV3iirN+jYsDFCAaL6Aa8e52sJQD1HkJQ1ShjN4SE8TMneOBuDSICEASCzKVSCCKESIQxyZkFjI2/OnAGDSFYI5rkByLS+BQpSQjWaZy39UBXepgbrAM2DLNGKi8ta8r+sESsp5eyxcV+f2WkwUdgPqgAB2atJ5PdzR2bZS7Lbt1Yv7m2s7Zbb8w8q0YedmSS5IYKQzHPjlTrIONW29YLB0ILIrOdvaqqijx3HPzebNoadgMvWjc+yjg7y3UsEjGIWGcMaFG4pdVl6zKQWebM0kJvr/IAwBL/7Shd8yEHXa3JDyDR+A6dJVfmBMPOHB5PnqBGYOmBg5eESvP9QncDKkXPRNxLprlUTN1NZDXsgpkkwQChK3vBxnFQ9NgLRi9vTKIHpEg7Te5aIKOIiiTR8G4I0bTG6qjvFgYsWvTz9DDHiouMGqvWqrHO0uXJ7AOvPf/2tz7y6c9/0fX7hGSswYURAOCy+cYH7iqK4jPPvNJM6qXl/t2nj7PIudMn7nv9PS9fvX7fbWdODgf/50c/wzvTpWHfC/zm733uk3/0Jc8iveLO08eGo4Unr9548M7bhtY+8eLLL167tVF+ZbtpcWl0cnFxUtcbVfXOu89PZ9XXXngZcvfmh16bDwaf/uRX6LDaPG9Bz5+/7cG7br/JfEVvZEeONUi/8Zmvhbaxw8HK8cOPnDj6pSvXlke919929ulnX9rb2G6tefC1d91+4sgXXnjpxvMv9a3FtpCqFKOSIQ77lbErR4/i4pH60Jh2Qn3pqg2hWBjZpoG2geCBRZiluwEtxDVnxDYiGXSkCOoEWk6SCVFVJUtxAiHOQG5TqEikFMQQkTimj1j4OOcHTdRmZ0AVTFBLMMyo9MiKMiQWnNVcezGgoFAFtMLra9uLy8NiNEJVBVIy6Jy01WxvXFX1cHV5Op5ev7a5tlPdGIfdRuYvhEPsWxxYHGaYG8wMIFAd0JFkJpWCofVtXZ04c+LYqRNtXa9fv/nCi9dv7Gw2Jm99iJl8+59/SX2Yc9YgqDhrrIQQfCvCzlIvMzGwk3Xe4XVwFt0PFYwnTVLDpwTIc+ZEyndOabjSwcJED/gncE5cU5g/Wfj/A+R3IAwVBRTFLvQeu1FqSmiaUx2s7pdCwN14di4PNwDcue4FEJEEUImEjCJh5nzmIM96hxfra1s2s2RM2g4hqTFoDFinxizk+b97/OlHz57+x9/9ze947oXgnAiANdDvu6Xhf/vrP/TWu+5gkRevrb377//rN91z289+2/tV9We++Z0//rY33P9T/9fyaKAKz1y5gSyz8cyXFYSw3bZmOGB0P/PD3/Poved+7akXfvxtbyThO/7iT91x9Oin/u5fe/jv/Yunr17/9Z/+X79y/RYgfP/Dr+shfccv/df33Xvurzz6CAH889e//id//leDpT/53rf+4g99Zx24IPz7//Pj//x3P5Nl+e/+9I8/e+Hq9/yjn//ed73tl//sh/7JF77y/rtuv2tl9c/+wn/6r3/w2f/thz/009/+/o2yApY//f/828989A96ziqhAmPfuoXBpEA5dEQWlqS33JYvo7E4GBGQIXSOTHAYgnjvWVLFoaIGRADiDI0QSQ2qQ8yTbARjGqQPwSAYFETuZSbCfkBVBIKADxrl+ZYAEK0BZyjyelDVh/gwYkSN5QRA4Awh4lIBgWPgiJY1tZ6//ux1npbHTh9eWFnsL4yss1QURhWdzfu9pmouXbpx+dZ4s+TrU65Zo3UwIxo6GFg0hJnB3GFGIAKWII+hQyzWmtA0Cwv9U+du648Wm8mYVIR19szVtVkjKgDoKIZGY/Q1qSiLAIKzRq0FFQ4+8a0AMotqopw/pR7Fek/3xyn7POwE/ozvYKdd0g4mo6oECIqiQrjflu5LOnGf8wvdAjBKC1A74SEgAMVAGNYYUq/RyWYiU0LmxiewHTYRDz7ciEjUoYZFo1shcRYJGVCQBMkaq/1+JXbh5OG1Sxunjq5iL5eW44YHjAHjEI0COmvG49k/+sPPffiHvuPb3/am3332RQBAa9TSj33be99z9/l7//EvzDS8/Hf+4t/6vg/8zK/93p//td/7H3/mu370P3/44197Zrw7WerliLBTVgowGhZnbzuJRBbg8sb22mTSIp0ZjYaID/3kP1odFhtbe6+94w5nrev1IS+C4o888sC/+sJjd//9f/Erf/o7f/NHvv+xa9ff8LP/74+/5+1/7Rve/I9++2No7c//4Hf85pPP/YWf/08/+v63/Yvv+baPvXT56zc3ijx3eQ5F3gKC6rtPn/jJX/yvF6/d2vT+3je+7v/49j/xM3/0xX/8Ox//jR/73n/+I3/yLY89HjbXs8Hw+GtOXZ/sDldXt6S1h49cLtutrd2hK9QVQlWDpGhVOQM1qMaCQojZlISWWRQwSBIFowFjIDZ4mXVROEWEwgFBIvQjbouEo+ZCrUFCZVZAddZEoak14CwRiA/SevBBkTBCjA0hIDCLIewXFlSalpkhzwhAr++2vty4cnln2M+Go2Kw0O8NeyBSzqq9md8c19c3JuuzsFbpTstxQTuw2LcwsNi3qIAxuqiXmcYLK1iSGOtrjXGW8iJzWYaIIAwqo0Hv5LHFybVxZk1mcZRTYTEj8qxN4KqFsglV3Q4W+pkjCT54I8wheBaOmN7M0pFRxqqiICI+SMsx9X1/2qkdtQm7ZuuA7gz3Vw+JIQ3dEj9JzTqWryanEWhXjgLLvr6tg5IBK3gB33kUY9NIaWua3mZLnWwtSlfn2TIdkgyh4+1HMQEoCKAYA0QSJGzXu40snzlx9Usvab+vw4FOqqhxRmPBWDUmKATRxTz/nceeu/St7/6b73/nx65v1j4AEYwG3/7A3Z945fKrN25B4T556dp3PfCav//hP9qcVQBwYWPnyrV1CGoUAcAYAg7f/tYH/t2f+b5KpYf0l371w//69z7Vz7OZ57/xK79VXrkKloC9dVYVyDkgLKx5dWv3b/7mx6CsXtkev+dO/cH/+OGLL1/44u23/fmHX5dl7u4zJxat+7lPfKmc1b/wyS//7W953/vuv+vJtXUAtdZAlreqgPhT//UjH//UF4eD/hT0z3/7+7zqL33l603jf/Xp53/hez545uzpC+PdQb+/0wZPTgaLk3o6On58rIZtxsYSGTVGCFvFEM1KrDb5uUBVIwzEGjQESOQMZRaNSddfHGmLsCHKnCEkYyhIjEBRRWJhUDEEWUYx5JxMWkkpApHJLPUKCAxNK57RB3ACItCyBo7tpThrkNS3DArW2ZLlRgMTz71JhbemMV7WIApiyVApTYNu1nqr5lbUIvQNLDgcOMoJI4vIGHAmaS+dQUvAgZmFADNnrCFgryGIb8W3hDossmOrw7WGN2fN0NFCzxhAUalaUJFxFda3pwOLBDzZ2XFFz3uvCswcyfEiutzLckfWYERGNEEndZjUvg7SeElZD/uysW7esn8S55o1iFFk81Kyq08V90MKI2cm/pFuGRmX6YgYg35VvaKXtOQ76PtNRAxAaxBs3K4AIKCXRDUl7FQ8cw4FIKfmkBQJ4kiwCrvj+tjhZZ8VAcktLTSNoGH2DGSsdUrEAALQc07G5T/8wy//u+9937c/8rqdpgEiGPQs0dtuP/Wln/5LmTWvP7T68uY2OIqNTWEMkREIs7pVhUFR4KD/sQvX3vJv/sOj99z5T9/5NrQWrFFEz5wrtM7kRDPv437HGAJEIlwbz0hAnSOA3braG1dUFOIDAKiBsysjAdgrG+z3vMLWrL7j8BKYeDAMGNJOCmh7eY4wzezxpQWL+Ls/9qGZ58ODPCdaWRhdynJ0WellsLIswwHndOz4sa3GMBntkOiS3GYoAt6zFSURUo0vH1IcroAhUuwmNYk4C4RABp1Fa5BZ2sDR6xRpA4JoSJE0it2oAy0wqwQoWYLD3JExaGzaabVtlCrEA46qxAKIxlkMosLaAk28lgZHRjJjCIyKsoBn8GgqhZ3Gr9VSBjUIPYuLOSz3TN+a3CKoGovOECAGUWOMZ0bAwFzVLai4zGWOpA2eZ76qQ936piHUxZ49utC7sjUlRALMHRkymQksMqvDhVsT8n5UWNiesah11mZWkchS0/C09q1okRtDaAkRsHA0yM3KwMXvtGWZNb5upWFpg/gYVi9J85iWBlEoN69SD6Asuro0tX5zaavu62n2TU+dXA6CagCMcZuEBKoGNHLMonjNGkz23vgpIex0BskS0jWcUSKOpBjbC0QyYAwp7G7P9K6zC+fOTndnxepSs1dz60cnlkFxslsRGQUQEFAF637jq8/8rfc88pNvft1C7lgUmDPCZ26u/ZvPf7UgA0Gub0+o8RACABiMvj+9sbOLCPedOPr5Z1/e8XzlpcvZ4gjSAElFhFCFvdYNI4KEVFWoxE2AMGsI2vp4cSqL+MAhxEEWM6fKwFhAivwPCCLJgCOiDADG2eDblcUVObzQeN+K/NJXnpjUNQpMZrNLaxu9wYABA+HKiUOzQe4Gg5XlpUsXNti3kUqgXV553NiCqDK7OLADBQVyxKKRyhjlHFEBbIgQ1BpjLebOGEMiYplbLyjArK1nZhEEtUiCImJtWmjFcxjLnNarMUY1eqYQkBTFGIq/SUukKnHYJyxNkL1adhrdUBhZ7BnNEQ0oK7RKlcq44b2GWwZCHDpYyHGxoGFhhrnLCImAiIhAAUNgVkCimqENOpnWTdMsLw2NIV/VCthUTdN43wZmT4grg2yp7wILIoqiM1QYt8DQeL2yVwcfVnIChZjLa3I3HObGmfVJs1f5LLMGMY/jYFAidNb2ckw/BOaBoyBpR+9Zas+1Fx/lcyKeVVg6JlIa7MSXZ9/J0rWVHahwzsSHDmaPSNHOq5LewyQOls56320JI3c0kbdRFVjnFr/4N6RwbUVUIoyj9AT2jsm2SgDT7YkfDcPKYrUzWzh1ZPv6DlkX0AALGsvzwG4FYJ6sbf7cp776rz703jhQhkk5rpqpb//D73wSXAZlC2hMZqH1qtqwl9mUsuy5S9fXZ+WPPfqGX/zMlydlBZlx1khMU2QWVc8iTatNrRh7XlEAYAHmGF+udQNNwyGwAnsPrQ8hqIIBvbK5TYgLw55UVf/Y6rHR4PrWLrRNXFVBCBJCVLkbFWPNZG9ydW0zI/pvX3l848YaFDlUZa+ps8xR4ejwYOn4SjXoj06ueMq2JjNqU2SNeIEgFLXnwsAMLK0KqFCS+Ka0dEzOT0CDooIEKhRRoUIqwkQxfbyLkEMUNpGMBaiIVoSNiY0GSwRKA7KiMKp02XuKRJhlZAx2JC7KGZqWWdV4KSwMHIxb2GziYxyN3hBAPKuoGtRhhoXFUQZ9C4UjRGTVNqgxaFQpYmIIg2ciyjI7q8L2tN7Y3C0K1+tl463NtuW2bUMbgiorKLAlWCjstPHWUu3Zi2QmwSDWKj/2eijDoUEbI1ymQXZqtbTV8KzVJWdENTAbxczZPLPOGQCsWy7r1rM651xSSaMo9By3LHHHH1TLhmdNmDY+BFbtcIBJZdrR7xP8N81UuySmRG1KcRQdISo2krEpNXGdmHb6SB1HygpgiOonjW4L7VjXGJWV0k129QCUP77KompUmr3S13ro2JH1SxtLRw/p8Aq1UpYtiMScBkWwRFYEJrPcwq9+6vN/7h0P339kOQeA8d5//NxX//UPfsePf+f7/+DrL/zZtzz8ha+/8jsf//zu2jIivvvec9cvXrt5c2Pvxto/+O0/+rk/9W2/+Zd+4Oc+++Ujh5f/xjveRIhWFKo6uZiaBtsWUCGwhIAAFAI0bRqHVQ3UlQZBVGhqqCtf14gwJPraC6/s1s3f/eC7/9re7p97z6NLWfbRrzwB00kbmAPDdEJ1hYjGe5lNuR4d6vc+8pkv/pMPfcsvfs+3/I2PfPTcsaNvP3X8//6N3+ZK8uOrw3Mrh1aXL/aKO44emdVhujcZ1DX4gAoojCzIAhyoU++IqgggKirG8V+IkCIFQ+AYCcEadVbbljmAsJhY00rU1RPEaEtKWg1EsCYKpxQIiMhw6ugNURQlBxbPyCKpCEpm0RiyoEiQWeSMFlV7Dketll6CQB3UiyqoBRxYsAQ5IaEahMxAZqhwppe7mOsRXTnWRgmVEmHdCqhUAW5Nw/D6dtU0i4NcAk8mlSiAMdHyxkjTRgmhyIw1hIA+hMAaWFpmUdhtwzRQz2BBaACCaC06YxGAgTM2GmrnODdmRGVRH1Q0Ps5IRCIagsRg3E4QjTlh4YwzGERmgQXmTovugM3TduNWQ+e5TPvxQ9FQYpI9UDvRW/qzEaqG+2tfAEDLghI/DRBFd51EQedr0nmEUZfrIJpUZqwSBMt2Y337zvN3vPjlF5ZHo+zQEm/PCFA9KxCo+qaZ+jY0DWxu2r7Z3L7xs7/1kV/58z/gyymUe7/8mx9+/fGVn/uuD/B3fRMC/OhzL+PuzrNfeez/+h+/97e/6wN/871vf/TH/zNmMdkAAEBxSURBVO5Xrt341//h1wYWfua7v+U7XnsXADy/vnltPOVZDbt71Wy2NZmE6ZR8i8rQNPV06kWxqmB7e68sZ3UF0wlUVTmdzZpGx7uwt11t77TMPebZlWs/8vP//hf/4g89/g9+ogD8O7/+24899hhm9trO9rQsYX2t2tqeBdZZqZNxNelbQ1efffGHf+6X/+1f/KEnfup/7QN+6sKr4DJT5G2RZUjYGzR5cXZhcXdnTHvTrK6pbYiZABCEQEwsl+PSHePDnRbGHCsllOjCD6zWIGu0vYIqsLBzRIiBlRJMIUZygApISuzAGLsbPS9KgqpIc29K0gsbSs1/9HkiKDOEEN0jUGSIgI7VEvccMatqtMnSASUXAIAxaAmdIWeNNSbPDKgGL4qRKxFtysaQqui48dMGlXljUvctxYorRK8WoCFiot1WKtF+LyucU6s+TqRybDyzqPPiWZsgM+1MigCEWhCOMuw5jBNja02R2ywzhkgELGuWqffceG5b6aweiWcNAI3nNshc8nrgG9SDb0+3g8Q0lInr/i5zqUtfmqteozwnmhCTIIAAJU1pu3/m0cNHu/Vu/LuU4mgr5TIgAwgaMCTWgrFsDVijeS7DAS4McWVBjx1a+caH3v/oo7/+Hz9yKOjOS1d2rq7bJkjdQssAREXvtjNnyt3xjYvXCBis4mjwmvN37ezt3rx2HREC6P2vf+3pI6tPPPHCzQtXLQEwB5u/5jV3Lgx6z7/0SjWdWcKG6MS9r7nzzMlJ0zx3bW1ksnZ3r9zbW11eyo25cfky1TPloIjFkcO3n73t8o2bs1l58vQxZr51axNEVg4vD4fFtSs3lHnYK04fO3ZxbbPxIYicuu3Ufbefubm9/fRXvro06NnVJZo2xGFjZ9xz5uixI1sbW9PNzf6gr4NBuTvmon/qrvP33H52IvL19TW3vOCOr7YDe+rk6urCwsVB/t0P3PPMcy9tP/VCb20t29hy47EtZ6acYlVBU2HrTQioAswa72PA+RUOEbqVUoHAmPi+xdwftDGsUaMlHMgAQqTZpuvSGDQmSn9BRJnFmIj40Qhujtp1MmgMGEJnCZBUlVl8SH9XiM+EamCpPUsUhIkoAFH6AgwZpKjYM6ISo/XiNyDMRGAJAaBuRREs4aRsL24367MwcLSSYd9gnniSyppkZbMAY4Z+YY4s9keFE9Gm9XH/1gau2+BF05mRuOeaU14wy0w/dxS1Ioi9zBaFNYYAoA2CSKDQBmk9MyfDkIgYQlGomlB7RoN1y3tVU9aeQAxgUG2VBPaNvJC8FzAgWbRaGA2KUw+sYEEt4oLT4zksOggiOx53PLWanLoWlOLeQjF0LygeO3KEEOMdHGWsUUfqKOmGRDEOB5iIjQ1k1VrJMun3dDjA5REeO0xvuec7vu0Dn/v805tPvbTo9dILl23LMi1xdwJNgBB87SF4EwKKIAFY460zzqGyNrUb9Gtm2NwB46yzygEQyRjfelA11hKCAlGWtyk90JDLhBVDMMohMIgYEGAPyoAoSMqAzkZDIKAYYwCVhUHB5jmAStuKZ7KWAMm6FoFGQ62npiy5blfuODneGfvr62Zp0eRZu7dDgAYQDQqSIrm8x9Z649xooX/mVH7fnefe88g2ymmRrbbGY8tvOnvia597zF24YjY2su1tOx7bqrJ1pVUJVU2+IQ4kaQgaG/UuQj3RVXCuj0o4ZySMfnns7lRwFp1FY9AQHchzVEJk0cAqokhgCJ0DRA1e2gA+CCS9fprHApGIiqhnEgVJKg+NGbKJdhNCvMCNIVFQ0fjvZMBoYw0sccglooiQOSRUYWi8sCgRtIF3Ju3Nid9rBVRzQxbQJFeCBlAv0AgowpGF4tTyYFRYYSlrL6I2ektZ49srUQSP6EwU8UFgsdZmmVEFHzg6J/PcIYIP6llE1BoT1z0soqqBNTDHly6IRsds1YS9qp3UrQU1AF61VdID5WhKPgMdki47yA0E0WkAETAIFnRk9UgBSxYYYKfF3YCVICHkBBkCgQbFViBE34aqtRgDFeOqML21CZIRJYkRRkEgBgJqQA2gARRCEA7Yeqqbem17c3v7njtO/t4Lr55ZHLkjUxiXEAIYAvHaNM436r0GH02aaskigjEiQoRag51MkFClljqV0MLGEaCChFZFAQ23lSODxqgHmanVWJSLgShZFFDBGFoGYIi0AQB0zkkI6CwQWGFE0JoBFINYFakbURBES9RDbspZaFtE3Hnx4uD4Ki6N2skEuegNhn53VxGFSVTIWC9sXN7vgWEvdSWO3OLwkMGFyfQKN29YXZ6Op7ozpqrGuoa2xRDUd10Id/YwUVBGAFYgTJpm2pdlaMI+IaiqVTAEouo0lZEKQkJGyXQfC+2yYuOOIUoSrSVrIbOAKM4YyxoCsiSxdZRlatDYYQiLAEZavCFKuFNrLMYyWmJPRQai551FgSObCh2ZCJtXgMiXVRUAcUDIyiyWcKFnCWGhCdNWWtaWhUWDAieTABDhMDfLPTvMjTMkiL1MmYUwkmNUVJGoZ2PomMavRwEgCmYBDUXZuIpoCLF5S7wMH9J0PHnkVDUaeQHmU7GWuihYST2czvOu5yG7mnqB/XSvSJfpwndVgAFE0vPeVbg6P2SabMcCgLYL5D7gmOqWj5QYN0kYDhBVVNKiGNQA4r3XuoFpadd2nnvuhTc/9PreoaFMZWlpYWtadvFHotyKr7FtQSUdQk4ze1NkIOQ39uL937kQo1REBTRdwlHWJ8yxVaZ93hwkc1b8zqRzYkIXOkBki8GhpdneniqrAVFWDTE7QAJHHyOgCsN0Y5oWrcZq8LMrN/PDK67nwmSCgz46A23bO7zqgxcvAAgkLB64Iq0gzC688uLth5ZbBTBwdpB/7cVX7XSCVQl1rXWtbavBSwgoCoosAIoUpbxdwGKcmPE8VEQxvkU4Zz4rUOdfCiyGIIgiS0wNmdtODYFqpCXElkwADCIaSyBiLYqLVhoNIUJY0HcW2piCBahEZFBF40hQLBEj+hZ9UADOnNGotkJMt4pIxKfqPi4seW+IAFVIwVmTOZtlduS5bH3dcuOlDdGUTUjgjLWW+rld6BeZs7HDzTKrqiEwIcSJaPy8chJ5pXCUNigABA7GGugSU7jlqHMhREKMzuYgieUSpWEmnpbObQj7kLdIdUm78gRo0v0E6C4KRumAQxe7XM0Y46Lzv647iSkG9IBvw4rM/xDOITbzL6UrkABYyBCBAJEjaYAbNSriW89lTbvTmy9cnNz3mtvOndh57NLxpdHapWtZxH/HCENlwChOj75BUBbKM1SV6bhTsGNsgDQD1YgqAWMovt8gIXIANcLV9kl0nfYo3VIH6EKIIsH1bX5kNA0TtqghYAMKoHUDZNAiRPCI6txsiIja1DE7tN3YzA6voIrUtRK6XlYcGlLjfdlwYDCImUKhrq95uW1uXFoe5c/uTm+/6w4V3ryxNpiWUJZY19g24Fv1QVtPzHGWIHKA79p9O/GB03lIFiaOehqMxeMavU44Nw0kpgMpqqqlOKiA+I6pgFcQ5cDoLM4BIFGhYQyCYgCN4rWI6BFVaynWSNr5/YlQffwXEoAG1pisEBtIH9R7kdTZQcpCoZS3yRz3ylZBjcWBswrY96FuQ1V7Dhw7DDKG4qqW0BoDiXqGjhAJ4pUAgA4TJ1s8R0m3KEjgeEZ8UC8cv7DA4llE1RA6Q3G/yqysMRezw04ozL8RpCRh6pRrUbuC+8OZTjSaHIZxghpXFPsO4LRlwCSvwf100bj8F0U4oB2V9DlOWm/sDt2+TicOmwGjRxtRDFEBQsrAgT1p0+K0DDe3r126dfsdJ1998sJRsqN+NtvdBUIABY6aGYEIfxdRVZM5YwzPZvupGgbUkhqA473b3nNu9eTq9NbkyucutNfG2IJ6BT1gcj4wEz4oathHYcWfirFVPakuTXmQveUvvGM0KP7wn/5uPiru/t43Xv7US7tfukqF1cBxFpHUg8FHRBCCgmpY33QrCwzO783MwnJTN/W0TH8lkRIZY6Bp/frmoSMre7t7XvDuE0de3twM2zs6m+FshlVJ3kMIIAGVQRhFaM5fick+mEwx0qVF6Xw3FfF83V8ZEzkgxd+pNQhBVE3AqPEVa8BIwmcQUbyS2yDUgrMEqARgLbmIz+t+PyLAknSSRKSKgSHyMDJLRBQ/QtYZUDSmAzEBRkgIdGRUiGt6QBZWBRHR5BVSonhTRPgB5pmzxuTWBg6RVYWIAuhZQVFEQoD97bh0NnhMSnab6u/4npGzGpj5AGqgCziK9xESokRZZnI8piiGmDUS9d4qAoJz+PIfZ8bpAdD2PPoZE9Swgxd24O7E1+oynEDil4FzH8acnggQN20H/875PqTjgih0+BNRIUEURVFiyUh8CBZIykr3KB/1X335woP3nD919ujVp6+cPnP0hbUbg8NZECeUg1jwXlofN1sWKZQNj2f7XwsCOAtG3dmlD/yz71pYKTYubd33znseeN+Dv/XX/6vs1ehonng4D7HQ+UeWFU36Yevcio2IiJRZyh07XT196MSJFehbt9y/9z2vrzfL3SdukHPKAtGAoAJtiNcFJjw9qGq7O3Yry7K1p60HAD+eGecAQIiIdealNa7vsmOjwXOvXj5x791LmfvcxUvFzh5MplDOtG60bYg9SjDKoIwo0TtNMeeY8ODFN0cjpX6sM98EhcAS5RNpHwWaEVqLBiXCp1XUEBrSfm7yzNi4UYr3HgKyEgIQhCCEiY0tUYkWSW0m3fos6lv1LKa7tsl0O+SYZkVkHUVRsQgJiXFJXhWHH8xpjZUquq56FAQTzbZxsOSMc5H1SJpq7ORzF5E4rQiigMBB5gxQiYcyalBi0yKqCoFj6wKGUglqDRoymSNCZGZVDJJU7zbu0Lv0WU1lxb6+s7vL516nZLjFJFLDSBSjjgrHHVYj6rz1wG6DMNkkcB8XHF1nigg2Km0M7kcgxo+DJMl5IhVI2k5qjKtP7ixKKgwlNXuD8uLVi9euvuW15//b488fGY6WFvP61k3KOFhFVmmCRrWigiho1c4Vs2AQLIEjIXn0L793dbj0X/76f653yt6oOPuaU5gTjJwSsgi0AWzskohDgFEGrUDodOs5RSQQkZE2QGDIDChmPQcOWh/KsgEDzbj8jb/6H7QVd2xBhFkUWm+skVmLNUKDWAdQSb8eRCSSEIanjx05fzo/vFQdP7Jx5QYxQJ41wb/h/vvWfJMv9tu9PSV80123Xb9xU1+9bnf2YDzGsjZNY7xH74kDCJMKCuM87Idii59GocKdZwUBAVmUEGO9zKpBNAhE9gOCWgQ1qECNsmdtgoqAqOaW6gAjoV6m1oBBNDY2OvGIIhJKKiY1BPWc8hIgNtegCinSKL4YnhVFOWhgFSVEFZvi+GINa0yCqCogc4r78SysHfGF9sP+QqKtxAAiVAUkJ92zYUysyhQJoss5SHxQo2NIiYxvOb7FUUyiIiHWl6rcOfyMSUu5WA+DgZg3gJ1JCEBo/94DYCEw8TvCuf6sSz6bh6N1Au40ZTEIGamXfQwbppiXZAgmQkvIqTaJraMSdRQqREKwzsSkGFTQoCj7lJsEikv1HmIcdSEAMMdsPYkMGnZKAHuT3q2Npx97/HXf9cFzpw5tfOLxO88daw+N1m5s75ldtCSt57UdrZpkegsVHKyLCRkgO7t6/9vv+8R//FR9azfrF9XW9IVPfp16uV3N3/uXP7A7ni0sZSuHFj78z/5wujN76/e/7eFHX1NO2t/+95/efOraoXuPv/P733r92vo9996Z9/NP/M8vLyzlD7z9nrUrm5/5719tt6YYk4uNQg7f/BMffPmLLz//R0+988+8Y/HU8u7W3p2vO3fz1Vuf/ud/0FzdAyvRXqQKSCiBe4Pe4TvP7t28+ba3PySqf3T5ZpiWC4eXckQd76nKqbuOrV25dv4tjwxy/NpXn+nd2oCdXRhPqaywrrmtgRmjhFUERUUkfpy71UJagMcFXEiVd9o0xEFLHEMZVEAQQkIk0MzE1+KABR3As3imNgiREhISGkQDYAzGMjUlqgMk2T6SiCCiSKp7VMUgGoPWEBEajAkaXaWs8X+SskYfiBzIZWbVECSoBsZ52iZp2ojEkisC/wnARPKSCBDGBz/yqeLMimW+GQcAZBFRZFZAiArPWPFGknYaySKlL0aihFqVVUSI0RBGMSdLUnUS6txoYoEi5yJ6ZudhDUkk0XU/2KlFVdUiOgKLigQGlTuWRwoyi/BNRES0Zl/qErcNpiswCZEygsKARTHxbSXoUL+QBl+aKpCUFy+iqswc2sDeS+u1brVqZTKljd3q2VdfvnH14dedp8WcZ7Nb4+nOpO6dO33iA285/s2P5redsEVhEHvDYX54RX1A2M+wUdXBkVHWK3ZubQPh4PDo5OtPH3/o9uLQUPv21L1n3vKBh7du7T31R882nh/6k29+6Jsf/ujvPrM742/9X74Jjy+6wwsPvvX+ex88/5UvPD2Zzr7nL3/zkTuOP/655+95yz33vvMeUEZCIQBnMLen7jk9Or6kFobHl97wDQ+aXv7455+56xvvv/db38DCFD/aCEgkIiazS2eP3Hr8uWZr/PgnvvDiY09mzjzw3d+4fGSl2Zs88bVnDh9fbve2Gl/dc/up61ev9svKrm3i7phmM61KrRtpAtc+ND548UHaIJ5BFKMjIeL6VJKzHkFN3ArFRRGle90aLBz1HPUzGmZmlJlRYfrdH+nnNMrNqDCLhRn1bOHQEtouPg7mgXup0tPkRoW4agdDFLGc+wpkmv8XhAUVDBEiWoPOobPUucrji4Sx8mi9BgaO6nOdq3ziWhwCa1DwQaJqLMqPRVSUmVlTHBIQgTUQ0cZE4Cw5lyxeAhBEWy9Ny62XwMqinjlaZp2lPKPMISKwSDShGIrgYaHIo43BV9IF/YnOqYadVTCdtH2O0/5zifPEWxNln4iFoRyhR9I3UBgoDERybIT7GML42zSgJs1dkSDC0dEQooJNg5cuMRsU00YgIg0QaD7fAUw6RwFRDQpBlUEwRndMDRL0hvmXPvOl7/2md97xtvte/fBnD60sTYrcHlt+25vu3tqefezxV8Cua7/XTCuXF3ZpgcdTJNtNOIXi8FQEAt/1/gde8757Cud+71/9/rWvXwaWJz717Fd+6XOYObvSf+jd9928vDmpmxdfuf7Bh9569P6zUtbTSf1H//MrVz//fD4cLB5b+dSvfancnd39yL3DpeG+8sgZcrap6tZ7sCYwXHvlxqd/9fPS8J0PnV85ewisAWEgACT1jIaOPHB+cmVNnVk8cQSDXv7qi6ZnTz94kq1s31o7/ujrz95x5MkvP3bHN7ylb+CZx57WW2PZ2cW6xrLUtmHvsW0xvn1z+KKKQaLOWAoxCiYySGJzTmBiAYNAhICxX0uO8bS7RbWUpqoFS+C4wKaY10iElshSlxWWGIrJ2xr39XNZcJw4E1J6gjVlD3EHPVNJASSEc9xE2oNpapE0Np8C+yR0a1AlGgOQJUYKxLCvaMOPpoAYjplesPkwJi4hk7D5gPMd5gC1DigMMX4s9tjSoSU6HmGknmXOZs4EUc8SeZecCj7SuVwiJWLPvYb7ALY09UsDmHRKDaIlJFRnoGcwAyVNcWgEQAQGMUMtYgRsTBRNaU9gIgYyuihYJUrf4usXRAUQVOMFnNrcbpEae9i4XW0ZQhrbBARFIgV1VVNMqt3d3dfed+dXfvsz+fr2iZPH17d2n376QlN5W9Zt02AI2ZGF6vI6IWKRqQ8xpx4cldvTln02zLHIn/zoky987eXv+RvfbkyMGsRqWqOzuTM2t4B46vjqt3zrwwK6e3O3AKgEGJQYyeXO2LJuiaFX5GlUk/JXEa2JrM+4XbXOiGgGhA4pMrCiStMQ+KAAx9702vLGZjOtR0cPcQjjnUme52bY+/2f/dVi1Neah3178YULi3efvv/BB68+84zsTGh9C2el1LU2jbQtcSARiJsJTQQ7BAjChGgpgQ+w81Nj5y1MyGoCQ5hMLAQIhlkR04JTUY2JehpyBpIOMinL5pEswJo6DRJk6UZbqMZQXCcg7tt00uBWIDZIQRUQgiREkjGgXeOU0ByAighAohJkP9E0Et/ARFF9SiaLh9wQmpgiaChzlFIxkUQi6AgjLUdYW5774pNdgVCto4SmSB0TMqvErzDVnN2OQUHmA00AF99WVGMgsMTRcRCVtHxUmMdydmCLLo9pPnbX9DKlDjBSDIE6cNOcpRELGWe0UI3Tpn0waTd8imA4Gxg40fQgbXm6jeO+SAdSwlv82yL/K3Q1N5AQKFKNIOHqWlnO/mBj47t/+Dvf8p3v+tSvfOT1rV/J8+vPX33/ux/ZffqVNVXyQapy8PrbJ199CXwwvVyDVx8oy6srm+uvrj3ygYcuffa5ZmPPoxC4BARAkeC1CYBYbZdVWV54efNjv/Rpkxv2DF6O331SRNSztEGCKAu3XjzHSTWwCIME1RCUCpRo+8UYNcGNJwBhH0nBMcwKFE6/+w2TyxuzWzuLtx2jINPtMTgjVX3qgXv2trd2tnYWlxYVdaccv+l1b+4H2bhwaWUadje2tZxh8OhbCoFEMGLCUTFy3ePoD1FAWaC77mJnHo9QCooxadOQku7i754Ig8ynt6iSgosikBtNjAOOi0j8Y+EegMmkl1p/FBFjKO6Kjem0IEQaRxjdUisEVUDRNF6IoX8yR4ohRauWdCgyBWCRNJSPjk/VpEvRyFoH7dCg6dyntBC1iEKgiixKjAbjAdYOuitIiYEWP5FpwQQQIfbE3SIvZuMo+KDOEntmBUMaybSgiEQQofcpX0I649E+KjpV1HMSTXdA4h0VRAMDk7JAI+gFIuTCGWxEvaCmcjI1F3FBToCx3ybQSNK2XgggwWo6incaC6atK6Sk33iLMwCreonseQVQFEQG9IqgYYvDrAwcPvJrv/+dP/TBlx48/8Knn7n/Ta/bqoJRklkNGxMUbm7s0LRZfeNdm597xiCqtVJ6bAMyfPrn//DP/79/7vt/9gee+vSLp+89dfTUofgjdQOHRqD2iiSz9qu/9fj7f/Q9sxuTyXjWW8y+9t+fhNq7oUNRqIK1xuVWGy+eXWGywkIdgOXQiUOLp1bLcV30814vB9b+sOj1c2iDioIj27MoIoGJ6Lb3PbL96s29l68duf9cuTOWNhAZX9YyLbeeezVbGvVHiyfuOb1x9crJd7zu3rvv++Jv/KZO2u1rt3hnisImeMNsJAb0ppBYVZ1fmbHuiSaW2M/H+UJ6ANOOVQ0iR9SkRi2TSrdAElElZI74fzAEoMl9o6KUto5d8Eg3GEjhr93aOYY9IKAEABBDCBqzu4EFVAQxXuQ6f5/TEFBAFVU0Ma91/+VARQRK5WcMBozwvuiPjh8kAQraJBIHUYILAHZJVEnb1w1FpEO7aNyyIsaUm9jTxeDBaMbuGrlI/VAFlBAZMF2yZkIr/7GNVzegno9e5l0gEkKqsaNuRRPUMAgEhhZVAWuGkiEWnk7BImYIjiAotKpBsBMhKhFmCLnRvgGHiqCm6PchYRFxnoUU7zBrwBFYPFCmA7BCUOzEUtDltsxBjgiiw9Mn6ul0j+Seh+6+9OzVcmvnzJGVj3/4083L17CsgQUz43dnpmr6507yrBXfCkfpkp1e2Xr28VfP3H37+UfvVsQbL69f/uKr1c3xodsO33z6ytYT19Erqm6+sL6zM73jredW71wtb05ufOWyzbPi6ODSF14pr+z0Dy0owMVPvyRTv3p2de/qzs2vXOHWH77tsNbh+pNXj549euv565vP3zx04nAzrl755LMwbbKF3uT6ztqXL+VF9ppveHjjpetbz11aOnWkt7RYtz7UAX2gzGLwvmrGG7tnH31tube7+Joz3/BN77vw2FevfOHJ4dJKfWsD6oZCoBAsi1UlVRCZ50bFxYDug9YjlFhlnxvdkfYQVTF6kAApjePjflrTLlPj7y7N3GMJQwAkcZOhmHQ53dpJk3k3riuo0+GApE88dFKpg+knkagZnXhA3cMdU53jsjztM7otYvegQDojqe9LsnSiZEGKqhvPGhjqoIHVMzSttj6BiYVTuks3r0jr0zg1ZdHAyXq9nzcWnVaESQTTTY8EUACj1pw70gyLiPCBvSCAgmdtWX3gZP+D1NPO4d0J/AJgURcsFgReYBKgFGgVA2CI5DTAVqkUnAasBXxHh0GAwuBCRss5LBfYc4grq0cOLsyjdCPu7Wz3R2I/FaHFrBgUUoRZ+qkmto0SqDVKBhb6YrRe7b3lJ35gKNkf/OJHjg36w6x4+dNPUNOK9yCiiNoGu9g/9shrd56/ML52yzingJjbEAWwCwUA2OUFU3meVUGEVFKZbwidDSzQc2SN1MHmFhUCB2NMzP0WlviYCEXoKgbvWdkYa4hYGLsUVmW2PgBLaAKoGpu95l0P3HruysaFG8u3HZWykcwUGR697cSFr7xshn0ZT0LVnP7GR5g9LGTv/pPflkn7+V//rUFwosAXrloBw2yZrSY3etIm6n6nr/t4d4jJbYBg0yCz2xxC6gOJjKEoqUlh6PGqnBM1yRChxrVKXILF2b10xO4DmVQ61xnHf0uUC3pJam/COJYkY4xoRIegdL/u7uB39hpN6GlJBAMVjf4nlCTHkw7csv8tzyHy88DM1DNoikmK31GEuMSLAhEDi+fUU8bpi+xbZlNZm45cWvOlZjiqiIFMOshIMac9DqkQlVBikmEsqGsv0zaUdQssBpUFa0Wex0tDlPUCAAyNnixgwUArsNHChNNmI0PoG+gbsIRB1CsGAINgAAqCgnTZweECj/RxkAGoml6/b6KrheK7p44wnkDqtpQi6cfESgl4MU8sBZyHh6aFjorUDYeAe9VkfevEux44vLT87OeeLAq7enR1++LN6N8GBXK22SuHiz07HEyu3DS5i3MRg2AMYs1UedwticjlDtqgTas+gAgKgKglMgLEYoigYfRsFLBlbZmCGK/QBvBsgkITpA0EYJUoiNQem0ACveHAMOBelf5KQGLNh/1WZP25K4fvPVtt7flZzSBv++Bb/tT//gNf/oOvVbMqTMuTD9/jVobbe9vnvvHh00sLj330D9z6Hm/thY1t0zIFBk5pUHFEIKIgwKrxJxmnmAokB54y6PZ2kuwAJEhJpB7jzzWhmQXmhIR0ecYU17l0DObVVRdzuR8FlKoa6MQimF4txMgxEY2eKmJJej4WTAYL0Pi6ss51Wh3vPort47fbIRpSBGrkzCAYImvAWswcZS4xVCUR/DAoBE5R1QIYmTQY39945iHuJFPEwnx9H5++rkBNNVmnD0sfTSUCtBr/7PxPdTJX6lQxmp5H9TH7ScV29afs40vnBnrICPoEiFCLThlrRUlsO7RRRh9BTwd+H4YgN7DgYDmHxQL6ORSOzOJolMXjR9ChAfZPmETRE2AQYIFkOUkY0u7o4YEaWubIYiRnm7W9za218+99Y4HZC596bHR0afHIoe1LN4yNcWhqrCm3dhePrIbA9bQ0xiQ5dRCI5gAWnlTStLaX216OgBpT+birQuLyNb0ySVWcfqJJ1CQQWFmkZWFGgKyfF0ujYmmoXtrNPQyMqhilB6JgDGSGy5Av9Mv1HbTW9rLx2u61l69dff6akB6648TqHceuXHj1xNvvf/h1r33u458sn7tiZq1MK9MyBgYWjF9kKpM6eHYKrJxHL0ZJIUrKq6OUChM98GRwPp/pSNJyIKRgnqGQxgjp09l9niBqWdITQSZOIOf5ql3kq8blNOg+czZ9coPERhZE48GInQiwYroLROIIVlWiGk41OioOjhiiKwAtYeYwy8hZzKLlqZMmR89BV493i/FuZ4kpaClphrrjj1Gdoym2fX7dUJfmkP4hyaxCBEhpJUT75iNCAE25wpKc8iCqrUicIdsUhJGGmfvhZwgIyR+oAI1ALRi6PxOnQhZTFIwmTUR65/oEyxks5rBQ4LBHzqhZXRhYSkZePCAwFYAAwIqsGBSDIiuwznOjDqwt4WB4RVrRxrqRrK3Wdnelvff9b1WgV7/41OrJo8Ojq9sXr1lr4xkWlnJrd/XOU23tw6xCY2K1sH/nE0DgUFbq2eSZ6xUmz4hIRSQGgERwmGpoBJ0JXpJFtQ1EpMJEZAdFsTQYHl3qLY/QmHZv1lZtmNXQhu6JSUsizKwd9tpx6Qa5n9YI4BZ621fXr75w1Zf1sQfOHbv7zIWvP3v4kbvf8Z533Xru+a3nLvfRhmmFVYtBgBWjGPVA4zcfl88fKSI6UMpH2XT3C0Skbsmeoi2xg1CqKmg0lpgYa4tCpJE4E9dzLBIjCiPVL+4GUxGFc+Fid7Hjfn2cKH8HPgOpZEvbv1QBHQh2gPkTG3f/Ip39t1vQd8cJjAFrkQijz10URFBEWOIku0uEjU66efWqafIZW1bAhL/q5lgwT8zVuFrtWt/kFUjVbfQymbg3iAw4g0gk8TN/sCU0ZOJ0h1kQxAJE/oh2pNB5v2bS7FcVMCg2gjxXQu+n0mP6uSlEMz4BOMIcIfLFAdQHMKuLA0rVEM6flhAPoSArdpMYmFf2aWza0Ytxv+TH/fDEufKVqNzcq48u3v/2hwDNS19++vCp1YUzx7cuXLfdL1x8qHbHi3ccbyuvVRORt90qORbuMSpUpGqkbkHUZi4b9HsLAyF89M+9/a533nvr2u6bfuTtt65uvP+vfHBvWg9OLp1+/2s2H7986g33ZLk1hrht263xbG2nWttB5wiAPCOo+tBdKAAAlGXYL/ykdgu9MCmBkHqOAgPL6l1njt598uLTzx9+6DXv/s5v3rlw4dIXv74wZT+ueFZpGzBO9NKHem6owhTxg/v7p3hVRcw5dm0YRqaBJWvQENrUD0WempokRIxuE7AEzqgzYE0CrnWGSg0CdQieYwhq6pEsAWHkysQBZlLKxdSRVKAmPHs3iO8A76r7EY+dryf5G5MSOGE6MB2YeA66l3l/qJF8wOCDBFaOMa2yfx11I9LY+CIneWqEGYln4W4hITAPbkl8nvTIxztIk5guVR+IgAa6+pZQESQpJRAOuvtiTR8bB1SNIa6sKGn5nhAVBsGh2uR4xwDxGUz0nbghxM7DFIOFuz+YErqDgmeoPExbtClVeH7tzTGHgFHsmpaBB3xOmgKEAaPAAubpVXPnR7yZBQHBsG5P1z/++FOrSw9/06O9hYVnPvalU0eW73zvwxc//jXLiobIENft3stXFu86PX71VphVYAj2sf7dgY8fSREuay4rsNbmzrNkhxbKRnqrg9NvPPvE7z92/p33vPLkxenmzvLJJeAwXt+dXbwmjY+aWhHtHVlR1bC1h52Huis1EshRWCPXEdIPj5ppdfzhu1fuPHbp8WePP/r6b/2+77j68vPXn3qx52Fyc4N9qz5g4EgLJUQGIAWbDhwcUCDGzzx0t4wQEsB8H6iGyGBC9xrqCsZu0EAIFsEAWAPOROqMAkAQQFJC8BzfHyVMC2tL6ggzo86gowQKY4Fouev8dF3k5b5kNR0JUAjR4xT3ZCLQzUfjfxj2dcXzCRR2Hqx0SkEZURUi/zd+88z7Nq7OT5ScFqkBjlIijs87e05Kt3iMTEeEQEABVBaAuSZXo2kEERSl6640dtjRn4VzdijznJUWGxkkctZ4I8wpWneuzCaMNYg6ivrP9DY6RSX0ibeffK7aBTXOr/g4ompFpwq+xZKhZ4GQzGg4iDGULBDLzgBpA7EfmzivN/etUHP8WleT4B//C1J/DPE3reOqRdk5uvT2+++1w8FLT71k2vrU687vXtvgWUXOAqK0IexOB6ePSuPVh4S+Tq02AZF2zTcaQ8YAgAQm1Ytfu3jpY18Pu/VLn36xfO76i198af3Ji3sv3Ljx2ZewZVMUOqvQJGt6/8RhCdxu7XZyqfnckIAQnKPRAArnt8duocdNq4qc0+k3nFs5f/LGsy8df+Seb/7QB7euXLj6+HNwbavaGcO0lBAvdpFOXjXvzbqmDucugW6DFaVaJkmcECI/hghinZluza6tm9PXDcb4we4vI0ir+k72KJHnDWAQcouZxZ6D3GKRURQLpWFO8jVEYYBSJ+CNr3G0IMRPEXZN5n7qYJdRIsnlmFB9kpZ7fwy2ibHnTF9bgtVL9z+jfjS+znGMEeXKabuQXPPSBm6DeJYgHOK5nMc4d+xsEQ2szBpNF0mhMP8VIEUKRpSriigLM0vU5cXBxwH5QexRGIVx7uQEjNGOFiEjyAw6hIzAIlqT1vGO0CBY1IzQEhKAiwUIoknsubhuxcjxUkDPYHr9YRBMChhJXV/y8e7j+ecy/4OLpoQGS58YnCdY0H6ssKYtIgHK9jQMi8uob7zr7MLhlRc+/4Tf3L3tLQ+2s3K6tm2cQ0PchjAtzfHVUDdS1/srbZCE0+5kkNDlfgECVi0FARbenULrm5u72rSool4Q0PZyrRtQkNb3jq+qaLO2TcYgAkcXHSIYw8KHbz91/n1v2lBfDPLCZmbgZhu72eLg3m95JDe6/tKl297zwIPveMPNl1+9/NizeHFtb33bBJFxKVHj2HHU58HJinNVV7KiEHY4pg6PhymsJ4YRJMZMuuM0VhMwP4kIGn+jceeLnZBQo4IsbQWjXwkyh/3cFBYzC5kBZyMTKRVdXXkpUfVvSVGFUBDVGDAd2Q/m4615nlHcNyZ+ftQ5puV76E5Xd3xSBRB1CF3Qih64MroD3EULzteVsf6KP1Nm8elo7TvqEgahC6OPe4tkK5yv3KIMHVJrnZaZIioswiFwLJul613jM0ZkjLUH0J4xEiqmaqey2SI4SictOpAI0SASQkbQI+gZLQxmBnIDGVFGkBktLBYEQwsDgwuZLmZaEBQGTFYMQpLYdoTveX85pzqm+arOp78EmDDj2HXK2rXN+5dPAlzGeB71rFsTXh48c/PGHWeOnH79XZefv7jx8pXbHry7t9Dbvb6hIjZ3vmru/uBDp95y7tZTl22RkTOUW8odZpZyh4XDIrP9olgccVNpRLaAgErEiEBgsgQKyhwRM9EsJI3Pjy6Jan1r01iLAKFpl06sLpw5Qr28OLxsV5dOve6exTvPnH7DOchkuj3zPiwdP3TiG+5Tassbm3d/85vPP3j3xa+/dOULL7j1qZ+WWZ7zuNTaJ9lFZ9rcpyHg/rTx4ARr3qMTzF12+xKu2FtTF8s8V3Smh2cef9kVLEHRM4SQhITxcBrqbmWDNmZJQsdxB1CBOH6Og34CjTTUKIzULp42pHU2JGdwN3/FtGXBLgAQeP+GjDVYbHFI0jA/npD5ClHnw5u4c47nOR1j0IPJ1fs/lGhKQEz+L0RDB2nU2qW+p86FOgcDzsuKpJpjUGHh/YFy8tESGWusoywDlzNgEFbmJLrrpBRpfoOQUWLRR2JqLIwtQkY6MNB3MHDYM5BbKCwOHCznuJzBcgYrmR7pwYmhnhjB4R4sODSuNzj4hUCXkHrgIYQ5+CaNpTq7C3Xgva4indNz9mcS2M3FEYAnpdzaNsPixbW11fPH3/y+N1d19fxnnxytLp554K5yb1pt7JjF3p/9J392eZA98YfPuMyhc+ScMcYCOIPGGWMpgoPS1+sMWUfW2LxABGnahAxYXkLrsA1ucQie7fKCgLZrO5ECxIF7K6Mj95zduLTezBod9GFhsLM72a7b17zp7r2N9Y1LG3e/7QF3cuHyc5cGh5fe+6F3L505+fVPfOnWF1/OdmvZmzprZFzKtEbY3zqnRnkOZpqb5g8MaZLWj5BA5+9iUgV2n5Po+jOE88H9gZcJmEEgbtXACwbWljEq76Wr0/BAwdI1bJ3WIoAX9UFDkOQ5AI0BhpGZFRfxIRZ4UZvC8zig7vlKQ8suYKN7kaSLiOgWgEmYoukL6LIVWOcT1PSP0oNqmy7+ZC4bAzVIhsgQGkNxehwP4X5phvtS52TCijQdAtRkYsLuXtsv9gmNsWQdOWvy3OSFyXtMRkTbpvXBR/WCiHKag4BDKAhtzBhV8Ip1+rMIoDlh4XCQYWGgZ6BnoW9gtQfHF+DEoh4dwaEeHFuA4yt48ggeXsaFnuLC8uEDzIs/hvuGfRFech92ZZZiVBiaeBlE2UcX9Y0k3SxbkqcaAVEQwBqvAMM8P3tEhu7oPWceescD15+89PVPPl2X4cFH7p1euv7sF59ePn+Ep2HrwibGBUUCuquxBpxRIFUBjkkvgkSUOQREY3hWhqpG0DAave+vfW+/X3z47/1yb1hQZlmkWdsiY6LO1/SypfMnty7clJZtvzArC2ZxKIZaluHx5dtfe/vh1eVXXnj5+rXrt73xdR/8xjdlYfr7//Gj7ZUtM21lUhsJhhmCYqS3qST11JwX2lVu8dFLBv1uzhS3a466jgWACDuDkmZGbewPu6VR9/NE7t7b2CRaQ9AloUcinopGi5NBcAZAJbJxuwKXWFQkMmYjNAiIwNloDojgBFAgFhBFTqFFGONTJO2utLPdybwLiV9ELBclUYmU0imaL2kwlXgdoOXAux5BD9jtRONcFOega5grPGm+qYlUi67Mhf1nE7ujOLfhpqWigCJ2kfQYUZdIRMaSNTbLTJajcWCM92E2GU93d0NTG5AMlVnrllmREArSkdGMFBG9YCUQgCKlLEMojC5mOHJRMaMWITN6dElPH4PlVeznBAEt4GjV9paIjDYTwYXlI7D/jei+iyr53Qn+GBujm/p0W0mTiEoACkSdgj6ZddJ9lqj9lCxrKYs4t21OC689/fC3vGmh19+8PH7l6VfdtD59/uwzn3t665VrqJD1cmOi2ghEhYPMZbfdFB1D00rZxq8zTjIVQQTOv+v1y7ed/MpvfLroZ6LSbuyQtXMs1PI9Z3Yv3Qq1t3lGvRxHfe0XdmF4/PZjR247XJX1lRs33eGF+19/37nTh3cuvnDtiy/uPnnDAbSTEplJhaIwoNNHJmNbN8LFfWloUnPGSi/SLGMjQWly1pWvSSahjtQiOIORX4IEiNRZyzvxYLd5iN7jZF1IPxKg1GdqDAmc49wYQJXmee5RNUMGDaUTmPZanEqsRIWRCGeMpMDkvSDcD1eIQmpVEJCo9owZQqYTu0SzD8s8NT51PQTdom2+QCdUmLv1UedlehwNUee1wAPz2Y56pvPoT1BUMd3ctwMCpMe2G28QJ7yEIeuMdTbPKCuMywCpburp7u54dye0rUV1BAaAWXwQUchIB6g9AkAMCrVi1IUigEUdWVzIdMFiYTQ34AgGmd55Eu88R6vHXN6zzpIhyg/nbkhoVFvBhZUjcKCX7c4XRKMNRrkw7Feh3eQPunTRWCxoKmLhQH2S1qkdngATlzB+HsUSWtMCNyvFmTedf8O7HvQtPfXJJ9aeuXLo9KmVk4eavXL3ws3dG9sgYoxBQhXZL3EJyRCt9sXg9IXrOm3QUCKUIgKi9wFUB6ePMfvm5lYk+CER+7By7mQzq6dr27aXCQPkrnfm8OpdZ++477a6ml64tb65Obnvkde96V0Pl2u3nvit34e6XSlp98ItCR6DqEjs2bDzH8yHAfsqsgM4uG4DP7+bwQBgWtl13XYCqAEgWFRDYEAcdYD3GFWJyKIs3YN2ICchIfC7uaiqRGoodWkQ3eHRGI2YJviR/Du3xmGc7ux/HNKYAJP6OVoMu8S4+XDo/yvrynrsuIpwLae7770z984+XmbsYBMnEQk7YssLeUBIPMADP5Q/AEggHiIkJCJBiBNkEtvxhLE9+9yl+5wqHqrO6R6QRvKMZF3NdJ+l6qtvQePliRu1+GiOUJnJs2u8KMIBwxMQUEyg42wFIOybwShgEQzWuGZxAxr9jYm86vfyOOtSNDehIoguOi4oVA4d8+LDDmuzmQ11zXXNdRPqkQAul/Or8/Pr84u2bY1H7WwWBUmCIA1okxM7I2ImZ0NA3QiwO8JpgIrUiuFZA2/eo0ePeO+gbsZc1RxG3Gw1PGGqMEXhZjRxhSsMmjoYNHXGzO+HaX3FlZnxiqV2HSASWobB2Pc+Rn5FURTBpAwYOjl/+urf//hisrv9/q9/Oprx08dfPH/8jOtw+Oje5u7G8vRqfnq5/PK4O79q521cLFdXi9XF9eL1uQK3ry7Gd7a7s2tSMNzXRrccqFqfYODVV68pBATEKgDgeHudZ5OzJy/MS2h6f3f/B28++Mm741ubnzz+1wWmw+9/+5e/+cW7Dw/+/vs//fO3v5ej87ESthEZpEtp2RXK8FCDneen+eH1SEAWJGDfNatzsrwGE7vD/T4cfmIBHKDkFJRhQOcunwVOhN6MxejCqIQw+I3MJTF7CHouIiSBViAJxoQlyLasXbdGRg+Mpp5Ro4imlysjvUE0UW8KkYkKQIM5cuZ3kkkzcsGY97wtvaiaUm4ajYLrYg6mwMyBwuCLA9i15trnwsslsW7IiJ02ABe3b3XHXwX1KB33qk1dG1er2K4MvvGZsVmieUQgCkACjWrKDOcPVAhrAWdBJwEC+TFGiOMGZlMajRAUU6spOkFKksarxKPxesENcOCGaHxzLBYIQ6hmwLcoHhyDmVtprPM/uZotw2B/i9boKAREXMqLT599/vmLt7/5xjd+/Patw71XT18+/uizZer237n//V/8aPP2PlV1bGO7WEHnI9Tx5ixezglp/f6t1cszDqEQTAzYjZdzZEYnKGNaxY137p0+eznZmR788O27P3h09903L1N68eXJ5GD38L03P/jVz3eq9ScfffTsww+f/+Fv1XWERVuH6uLL43a+muxttWfXZWRTOEb90sr16ADeM1u6wcDKeNtOSnaW2jBJua+a0OW5Dj+CS+xSVlQnyTuz4DHenCuDMip7jEivwMgWRlJwRfE9nDO5ekP2ISPRNXuFCjWYmwy8i/sZqa+n8utJjy4O0eOi6+3Zvi4mVKMr91ph+/OsgyNCQ+MwBOQAxJ5uQwTEQIQUgFiJFRmIAUmAgNjKAX9n6iZU4qdcLnElpW4V2za1nZMBxZVlxR7WMDdCEsKUCXSiwKhjhglrhcWOA6sA62NcG2MI1C7k/EQvTlO3VAKVVhcvI254OTrcRH6R9SjnTaX98L/h4BstdgOFuJwdOnKkW7k6BtiylaZ1gHG9Yo01bbyx8+A7X3/44N7r1xdPP3n65OPn7ULu3L976/bepBphu3p1fHz65avF8flka+vls6N4dT15eBcu5ovjM2/OHB8kAMQQqlE92Zk109HW3a39r79x+p9T2ZpcLhbHT19KNbr7s28+fOve+9977/V8/ukf//L4dx/Onx1vVjVcL7FL2nbN+tgOrTCqly9OCgm/3BFZEOS3nZedat5h/SUIwxIjPzqny3hqnS1CsY6RiUCFsqgaMnjouKJBC/mRZ/WZVgSMWhFU5Bb65Stz1O16QVUquRgKZAWVw2+Z3W2xh5JDiYqu3AhoHhRbNN+ASSR5p+dSo4wamcDKmTGgw8x4F7GLPTFzGBMQQBuml7XChIFDqDiEgMxcBSS2nB7bx0a7tg+TPJQvDDoRkZRSjG6G4/NOlztyYK4qqgIAxq5tl8vlYmUAsrgRNwQCpkxawuLCms9HUVaZMW7XMK1cQh0Id9bwcA+3N3BtwoTarhAAdm9X+wf1eEJpJbixtT9I4i5h3IUWc9N6ZHChZWqcSzvNFcqD2LRgepZiqUPfnJsO2u4CB4jKKE3QgBIwBmj2Ng++9eDOozu39rZfH50++fj5sydHq+u0Xo+ms0k9q8fjejZqMGEgvl6uNjfWLo5OrxZLNyRCxQop0HjSQIUdwHzeLS7b05PreYzS8Nr+9tvffeu7H3yvntZnJ6fzi/mnv/vo5Z//2gBTG7WNLELZnJvHI6pCvJxj9qmmHMfqyAJhQT5VgfJhS7ki9HGOQywODlqdjnlAN/DEh8K3NpaGXRKYJwRW0Ru5xPYAowaChm0fKoPtQ+dDmx7D90myDYz5DtQkGBUQSHrehWb72sL+9AXn2g2wJK/eL9cgTevOotv1Q3IUCLMq343xMcfZ5tsXpUhEjNY/1IaAh3DY0JcDMzNxoBA4BECGLIwumZqSf5Yk3pTaFRejpiRdJynmuatfNsTEgTkwKHSxaz2+W0olLJnvYtPXmoDKGeNMeEDRAGrDCTMtrxj2J/S1PdzboKoCEYgd1BXdPmi2d7EZAQLgbHO3lBmDYlQL/IVZblV8g/IWoqEvwP/ssYFFFWRnTR0kRdyYQ2ZYA4FIGYFJmSLpihA317YOdw/fOrz/6M50tn52fvWfo9cvn786++p0fjrvurbmUFMY11XVVFxVUUwOp20XV6tlbFMA6tp2hVBvrY93pnsHe/cf3t0/3B+trWmbvvj86Pmzo/PPj/Z2bulXZ6/+8Ulg1mVLIpCkYORun4zF3asU2H0iRkZkcvgOFIW3jQXRsUTNxkjZkcCc5hAkm7qABQ5l5DPnjahgoUQP6CZ2iAXCio0wBQTCDvA4yGZpFrnTc32gITE2jchWm34E06CtNVMW99J25S+L17E9AUCydkyyFUUm1gj2aNqQJ51DUX31Dusxp8y6Z43eGESTRQ+QbceAHOzdCBTfuMEQ348FVVGRpClKihLNxjia/51DGzaBtPCMmNooKUoSSeJDGcltKwCaDiOgkqFf5EAxuSETEDkZgwCmNR7O8M4mrjXYRl0sdTKiB4fN/i0cjTUlxdnGbpkuExSb4ZJ91IuhQYeBMn6UlXZQb4Dy/SbEHshRvfHxgwo4l7JEbAW62NXApEwtQceI09Hmwc7u/f29e9s7t2aTyQgSnJ5dtMu4um67Zdeulu2y67rkNT5BYhzVzcb6uFqv6q21ZjqqKVRSnRyfXS/Tiy+Ozj87wqhNVFrFydbm6uyyfX2ChGSWoL3la9FN5rYmH34yQETziBxLo0EecUWApDbv8TgXY2wOTrdBmaoAlitPAJaqTQbGOosNVQXd+rpULlgzMKpxu9kigREJTaTvJhGIMKC5WMyPM/VVscSj4KDqMf98uzNjzlJXolRiU3IxIDnbSDPCrtLvpcIGwcKJ1NIDZ3VqH0sChU7t7Dz0Oiuz2X0vIrEZfGZIljzxGMmo2P0Csw2XkqSoMWqKIhFEjM3Ve66iikBKEqN02Rm1VHKFL1EwXkazwwN2go6rzCrKAa8EjDgOuF5BFXxSMmY93KSDHWgauV4pbmztYQ6mdD1EXgsFO7+xWcrPfklq4TmK3Z95q/1f9gWWFn+IKlIm8heZjFv/u+ATE6EyCWMETQRQh3o6Hu9Mt27vTHenG3vT0VrTTEYhsEcRpSQxtl3brtpuFa9OLhZXq+V1tzhbLM8X7eUyXS+bjdloMtYXJwiIKQGAxIiZHYaFWlEEdr0GaViWg4ivEn8cpdZS8fPVEU80tN7OXSTAPPKSUhFpH/qGoKhKtg/RQrY9jRE8EUGKcNbAfXYY3TpDBzPLe7S9lO9hx1UkOwJj2SHodmZJ1HzoRMQ6PfD+AgAo9bZOUNAda8QlM4ewN33RXtSjQG4C4C0uZeGdlMiH4RjBKm0qW90mYZkeYJzsTLXBvtQ3CJoGagNyIFRExVIykkqyLozdRMK9AlLSlCSJGq1H+rlqH3EmGZd2p+AMmfoh6BJ5JPuGibP9qVGoSLUmbVj9SNrY2qMbuHp5ZDpM1S6171BIATcFvTeqzSG6ltMosdAkfJUMkMQepqGsDS9MSXT/ZLS7EZVtWSNXTA2GEVejigM7cMUICVLbpVXSVmJ0iA2TcLkPxN0jigqzxJSVw91WhwMJSEUEi9ifGcU3pjR+vf66dM++WrgUWCYFyacPGOufkKx6xGxjRub4CkKgbN6Gg6Uv0oPQZotIYAC6e4GRjzs8lTajR7bf8+RAy2mJ2Y7fsCbSwoCx+wDMZ8XVtMUB0GbuipC056uUu9SDaBBAkbNtsA4IMEUnUhZObxUDboqBJZDS7BjdR9RFtE6d6wXH2qP5uV0ScNfh3ntALOlACYGZyIxzVRExJjU7cM+ulp6+mpvObHQwgB4zB8AQNSRCRqgIA2tgqgkDESMS28t3vNq6yv8CZWoEtSjtSrEAAAAASUVORK5CYII=) + +**Badge / logo (green portal frame):** + +![Gremlin Badge](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAYAAAB5fY51AAEAAElEQVR42uy9d3hd13UlvvY5t75e8NAJgCTYwCKJUKGoAkqmLFqW5ZJA7rZiJ3SaJz0zk8z8KGZSZtI8GU+csZxmJ3EcIW6yLMtWI6xeIIoSCXaQIDoe8Hq59ezfH6BsWZZL4hJb5vo+fCBw8d7jPfecdXZZex/CBXyvIAC8Z88eMwxDjZk1ADjpn3QnRyed/j39ZkfY0RmV0dl7773XvTBcF3AB/35oF4bge4IAoABQOSwnqU7NaDQaeBFP7+IuvW+oL0ATekNrVKIyagK4QFgXcAHf44K7gH8/1PDwsLzmhmv67NCmxx57rJpKpRx3wXWVo3QRFV26rsunH3i6kM/nmxeG6wIu4HuDvDAE/243EHv27DGLbrHFCZ3Gow8+ugSAxsfH1aZNm8y6WQ+kJm3BouXMO88sz/3zXPji6y7gAi7ggoX1QyetZrNpi4SoPv3A08vnf8cAyPO8cOzusWbIYSmUoRh6cqgTAIb2DV3YIC7gAi4Q1g8dDAB+0g/dKTcEgIGBAf3Fi6Ojow4Y0Ms6q0AtS11mtt1wQ3R0/2hwYegu4AIuENZ/CGlFm1H14g+5XE68xOWjwUsHNRmTSdLMWEihkY0G7S91Jy/gAi7g344LWcJv4/K93KJ62TWWUgZaVosAcEZHR72X/l2sLZZVUnbrQgkEGnRPn37xdf+Gz+cLj+ECLuCVF+UFvIIFOjAwoNm2zWM3j4XYD/Xy8Ru6aajNVnbx3vi9we7i7piylWUYRhv7fmsgUA84mNNYS2sUFL/8+dHJ82OuLgztBVzAvx0XgsDfwe3L5/Oqs7NTpIO0zA/nGaMrgfUXCa2vs6/5wAMPhENrhjLSlhuIqD0AklJKqFBVAzcoN5S1APiJlutaKnNjc+F3+tDB3buT3RtXpTt6uzPtW1ZFM71dem57IsyP58MLj+TfhoHhAWPtjWuN6SemL8QPLxDWq97yJAA8Nzendm3ehcRkoiNxccL9GnEMQ7SIFnPjxo2rDWl0hCqsatBsQCkovQioRSfqlJ6860C9taefIg25qq+zz5mcnPRf4fNocHBQ79m2vkeEhJrLdWjlRqoR9YThs2y06J2rVsVz6ztj3ek2b25u7oKV9t0Q1mUDOpHV2X7lhujMU6cqL702PDwsxzdvFhgfv+B6X3AJX3247KbL2k1lhrIpq4giFSrZqhuc0qCBBDkhSIIDkxQ5vqKaYWDxvs/etwQAQ0NDIoxoawyXyw8++OAiXiE+tXP3zk4llPPEV54ovNLnDw8Py0Us2rWKiq9JtC+OjIxcsLi+G+zbJwbn5uTYHXd840axDwL7gQsu+gXC+rFEf3+/mexLWmkAjmmLwA/ItE1lNAzf8zzSNM30LT+jk55iwfWQQw8uAEJgmEZPKEIHCrUgFD4LN3h4+8OTOw/ujHaZXY2RkRF+GUnxy10Xu2lrY3ePNfAdAu6Dg4O6vkaPPzHyysR2ARdwgbBe5eMwMDygp2ZSpq7r0VALI7BQdB1XmJapAIB8imlCMzRLW6tYedKQzwdOoHvK8yzN6gbDDIMw7/haMxHxIgXSquRUfSd0wufve75+3uXTYrEYj46+gh5rHwRuB4O+Y2aQAPBFbxxKRRqe8fh9jy9eeHwXcIGwfkKw7YZt0Vg9Jh577LHaeavmlawbumr3VaukZbWZJAwSdI7jXHCqTka4gqUuM5rVmFaIhT78EIsI3FaXnhh4wj2fWaT+Pf3GqXtPfV+Lny9/wzWra1b7zPjIiHdhKl/ATwJ+UnVYNDg4qAHQ9apudq3qKr+EpL7JwtmzZ0/cZddmEkaoQl9zG3WuxzTLtjSWrDm+M2f4qXpDykiKLD+wA7arNr9UBnFJ/JKg5bUtGVET/kvI8XvZaFgj090MYPzCPP7+gUHfhZV7ARcsrB+i+zcwoOdyOQUAr+ieveRvh4aGosIWbdKUEaUUMbGrlE6mRF2xCv3AV6ijZGfsFjdwk6qiTre2tvojIyPq5aR0ww03REtKWcouNXVbZzNicm25Jpr2mmB8ZMT/N5AYDQ8PiwVRXN+m0icuBN8v4CcFPwmyhm8g5aGhIe2ZZ54JJicn1eTk5HfKDom+LX3rWOO0DMKmCsmJUmWGyeololTI4XKMOFRRTZckV5Oi0jVXXlP4yEc+8orvOzEx4f/cmfe4s1fOCm1GAwxoXuDZZpWN7g05bdUlq8Ta3FrttttuU6Ojo/wK90AvWlcd6zsySqPol+68+0IM6/uEwb179e2v613beV1rZXJ08icpc0gXCOtHEAPDA8Yz9zwTfreWzJ49ewzWOCdYsB5a877uW2xHHalkyOA+hCiFEVmDQo4EuUZgLH/sYx9rvmwC0Eu/RjFKl6+/XN1zzz3+5Pikl74oHWhzoSuiQg9cIxHqTuz09Ey6c2u/7Fvfoa1pXyMmJydfbE3DL5JuM6E6Qm5OTY9fEER+v5C+eY2WFhxPjcdL4xe0WReY9T8SO3bssP2Yb4zdP1b+bl8zNDRkaRGtx7O0qq+VS2bT7DWlWa8sVJYi7fFdGlM5pHBJkCiltNTyeTfwO0dJXgHDw8MSAKYwZUQL0Ugj0ZCsxQOUKzBdszE6OursGN5hsxNJGPAjDatRGBv57u/lVTJPGcwr/ybil1z7/pDLvn0C+/df0GT9COMnJehOTbNpakWt/m8gcHZbXZKOtKyg4Td8n6J6NE6CZCQX8XQIgw3NNSC7Pd9b/nfGkcSePXv0fD6vRlZiWADQHBoa8g3NsFB3Y01hasggcuVNV0pyLUtavufDnx8bGftJ6mD6dUL6OlF92w3g34XvkqwG9w7qY3eMBfjBFafT9/ne6Ps+VhcI6wd8o3HNGxsdC7/NA/2asHNw76COMcCsmlmhiUQz4CCHXKgMVeXQT4QirGvQptnzwoBgSpLbb3jjUD5wRTWwg0ZU46BeiWqINKB7uvA1TRhBqEN/yXj7CDzhsSvdTKwnre9cdV3ercmlNel0bWRkJADQAFAHwENDQ1rSTsp777rX+14n3Y5fG86YicXKv7M3F31t2t++j/ad/+X45vF/l6U+cGSA999+OwP00nf+Ztf8jp/tNjWdSpPjeaAPo/s/7vxHzqU1xTVqjMd+kP7Jv/sZ7xjeYaeqS+reb5bQvCpc3J8Il3BoCFoeA9b46Hjt2/3d7t27k7CQdMmVZtMsSCnTvumvllANT/FpjbWEJjQb8BAKKRDA0SJOSSGSDJthzgcCokAKEgaFxCFCEwI1FlyHj0CRciXLhpSSfc8XTBwEKghNwxRhqGVC6Sd1gUCZavqRkUfy38Ld+Z5coB2/Npx54kMjJbykHGX4zmE5cmTga++57zwJLR5ZJAAYHW9lDIzwK3Sr+P7Px+FhMTwMLB4ZIOwCWvPjbDo92YZo2sul/PIGPe3e8YE7/B/YavgxX9YDwwPGZmwOX62Z458Iwhq8eTCyVF1Sk6OT7vkpSUNDQ7K1tZXPP1hxzY3XtAlNZAM3qERFtDadnK5lqplkxIqsVoGadwKnaUWslCnNhvLcjBdwPagF516URQzuHdRjx2NmPB5XVbsqAMAwDfamPHd0dDQEwDfccEO0alRTZmhSKMO6rMnmaOuov29gHz/22GO253mkLBVnU/YoaFOP3XX/7A/EnN8HMbx5mKoPV7W8q0k9avMTHxr5ji4mM4u/xEgkP3bOys8Xo5MLSymXfT2azNqyJWJ6SyU9dAPpMISdiJFXd9h1fNJsXRoahREhA9syVao96TUbDbfLjOR7LbOU02ON1mgiuKrn1iZ/K0/gXTeYcGf8/vYeeudbrggBYDw/ziPDI+p70U0xQPSdxnYfxODcoHzRDRweHpYjIyMvXlX/UTQ3NDSkfQdZzquIin9CCGt4eFgemzuWyMhM9TxxYGhoSNq2Le+9915vYHhYz5bmu1gx6aYekiTH8GvNfD5sogN6Wkv3CuGzG2Le1uzVmgiWA0dLhVZY/cqdXzlLRBgeHv5a59bFxUXatWuXWgmJfC0mQljRTtEiFm3hiF5hiQQ7PJG1sksjIwO885b7osITVhAPagCg+fYAhUHh4S88fOZ7dC5o+NZhsTiwSK2bW3nk1lfeefc9sS8xNV1L+0I3/UI14TYbq8pNt9N3gm2eq9JO6MV8L+wOiTIB2AArW0kZgYQIQSBTAwQhCBiBCgH2ESoGdAOka9ABSCJoUoBZwdR1xHXNNTS9oUvhhH7gmJqcTmt6yXOcqpGMHk1mYjORQMysW9e5ELBW/c+X/cqE7/qvxKS078DtcnN+Mx85coT3/xsC50P7hjTba02LjL5Jt2zx+Q/+zSgzg745Vray6AkY2DRgXPxb179bOU7hU7/w13cB+I+wZmj38GDi/pGxCn6CGj2+6glrYHjAiE3GrKeeeqr6onWFYYihxSECAFe6baZu6gAgyJfCskul1lLl/G5K19+yZ6MhghyTPBFSGJMsa7pG633FpJQav++z9+UZjNv33U4HDhwQxirDJJdM13MVSqi9xIrD0NCQ9uLPN775xo5QhANO3Xn+kXsfWcK+fbTn1JMxr+TFs5FsvlqtUiPe2E6gF0ZHRuvf1aRk0L7b99EBHBAbOjfQHfcXFV7mGtx5+E7j06P3tAXSWO/XvC1u4G9YrtS3lQuVVbquZZtNV1MgU0nAByBMDSEJiIgOIxGB0AVSyRhcMKCYQxUiu7ZdmTGTAwXSIiYiQoMlBAeOA9YlAgE2XRY2E9erTfJrLorFIjUBYdomVNNDtdZEs1pD0HRgmRYkEfy6B4sF0qmYJwNRycXEdCoRn7Bs6/l1LanJtlT86NsHLz5CdF3t5bP6TnWnxMgIbv12Fth5Vftr971lY/912/8ikognH/qTz9z8zCcPLBPRK1u151+z9wu/8yduuTb/8Xf9n//9QyAswrcuG/u2uP4NV7TZcd374icfKQ0PQ4yMILxAWD/S8ashDYA1Ojpae/nvPcPLMHEgDRkzlKJmlBefGHniRR0VAVC7b9ndKaVsJ0GB5KD5xc/cf/INb7i+zTeok5VGQgnfDdxCTMYq7e3tziPFRyi3mBPn1e7hvn37xNjYgUygiWSgy4jvkZQcejIhJ0M3TAmlX+sG/MjDF185g/371dDwUHugRPZR0XLsGm++U5OaeOgzD537lhOVQcMjKxbey60nAvCbn9vXubxU2LBYKF3hBeFgpdTcvlyo5JRE3CVACYYQEs2GCzsXQ6hLJDpSiLcmw1guwQGFpEmNU5kYKY8pCANoIahaqsENA7CQCAsNEoFiv+GTW6wiaVsIQoIUBCtlwYhoMITG6UyCknGbPcOEIQUMzUAqFkcofYSJKEeIOF+tsee70BpNzE0vsl9uiMn5kqxO5YGlOhwOEUnGkI5EkY4Y6O5IzsatyAlTaE+32fYTGWhj77r5v0++dBweemifBgAHDkC9kvV1w5/cEG3tvehdFHBu4v7H/+Kxv32s+p3Iobu72267uI3G7h5rfl8snBUifEWS3DG8wzYjJo9+fNT5t5LWDW++stWlZvK6rW88vf9VINn4iSCspt2MPHXvU9/QvO3qPVfnIioIG7rGJpCWfqT0la98pXDedRMvbQezZ3hPi/DCLpZaH0k6e9nIPc/fPTgo02vSEV1wG3t6kjSVUkQsWChIQLBQHitfY7/CgWa55C6atlls1prCdm11Ln7OGR8Z917z1tetlxxe1qg0vvLIvQ8vDe69VIuUs+3sh7pn60t2U3W2yuTJbwiifguSeoafidzxd/+0tl6vbK974WC53LjUDf2BWt1JVqsNhEQgqUGP2Uh0pcJEZ5xT2TRKgU9BGIq2rixKjTrcxSpi0LF0cg6Fc/Nwyw55s0VuNB1yGh6HDZ9QcwFDMBQTKg4AYpiSIM9PKcdb0UyZxsowSmKwOh/xYQBE0DXWIyYiHWnkMknOrmql9vYWJONxRNfG0ZPOoSOX5XocVA99bpaW2DYllicqan66QNOlgmiWq6JRc2FbJlKGgdZsorq+s/14zIw+0Zq0P7e0sPTcB9/yP5dfOnaMO8Xtt3+T60hYyZr7P5LrdB/o35H0oOHhYTExMSHGxsZeFEzzBcL6Eb/Hwd2DibH7v+7rD+4eTJoRUz1212O13bfs7HBJykaYXB67++7GtzK/B/cO6tl8dkDXqJdJlgIODn9l5CuFl17PFXMpTVNZqelrVCgsIUUUIqxWG8GJ0GvOjn5+tPwNE2algZza/dbdmxBgE3w8UWwv5sfuGAtuvvlme8529AjcjAmzcP/A/dUh7BPAAbxUkvCLf/eb7YVS9TqXvZuLpcaVSzOLPY4KZSMIwJIATUe0Ja7aNrarWDaOeComlCEhak0yiz5K9SZOHZ2kuUMTcJfqcN0AWCoDQcAwdEIyAS2qczQbpZa2FMd6c2SmopxIRmBnbbKjJuqNJoxEjCOGTYYkGBrBaTQRGkAjAFRTQROAVfW4slwGGzqayw6WJueoWQ65ViqRU21wtVaDV6gRGi7DDQAVArEoMqta0NuXQyYbp02be7Fp0zpe39cJPRWBx8zzcyXOTy2Ezx87IybPzmswBCKWie6WHNa2phdzscRT7S25exK28eDVm959/KWxr4cO3C4PHIDa/3u/p2glsfBdx75ax7/u7n8vrt4tv7S7k2LmesNrnhz50IMz3695f/PNg/aSrfONAze658mZLhDWjwF27twZ13W9eT6jQjt37+zoSpeWgM1hsTjbhYgdaF6ldu+9T1UBYM8798SNqsHldNlPFn3dF3aHr6gmpWTNqzuUSG1EiLYwDKd94S/a0nZVqLRQha2mYbYKU/gc+h4Dqwki6gZ+PvTCOSVUlQJa2PnZ+5b2n584e/fu1e644w7/hrfe8NowgPRE85lHRh7JDw0NaVqPlgwCmQsC1Xh05P5zL97Pnz700Zap2bNXL+eLt05Oz72m2mi21uoOyjUHiZY4rFw8tLJRbuvIUiwZpcLZOeJQUXW+zKXpJVo4PY/KfAm8WGdIBkiQ0Z1Dsj+HbEcaHas70bd2Ndr7OzjablAsnkBoWIjDYACowaE4JEswFZp1GJoBgkC9UWLbEAgDBeVLCoMmsw6yo0m4jgddApGoxXU40BGhNGyECCCgcyQgOE6AZqWERr6C0sQMlhYrmJ/O48TxM1iaLWFhuUD+YpnBAWCY2LKtH1t3DaCnvxNXb92MlmwMUmiYmppTzxw+zs8eOStqTUckMnF0tbUgY9uNvq7cwY505rMD3cnPbmh/58TXuWufGMFmuhW3qh9at4bz8bC3/Odbrr382oEPz0/Of/iz/+uhf7ztttu874f7dvPNgxHYVosbKOe+z746+qb9RBDWtm3bouk06aOjh0oDAwNGe3t7+sHsg0tDi0OkTNURIQROuyiOfnzU3bdvHz02/lgvBZSAgQIcgCySpFHBrJlC2arLD/1FqcuAmCRxuI2kSBJpGSFASqFIIphymmFNQXlaqPnCFJewYt0P/BlWXCGNZr8y8pUivp4iV3veuSceeME2PxRL8RbjHADcfcfdXv/Ozb1dXZ1xTmthW1/nUOAFu6vlyo5Cs9lWqNbhQSESt4NYLoGW/laxanUHheUqNRbLOPfCNE89f47yx6cQND1GqMjoaEG0I4bM1h70bOjhzr42yvSuQnZjN1qljl50oYQKQt/jcqFMixOTPH+uQJWJeZSKDZgKIGqgUG0iXyyD6wFzEJDvh1BBgDD0AE2DDBmkCdYkkTAkREBgRWzGbcR7IvB9RVYoubWjlVb3rmUtY1NnVxsnYha6e1uRsnVEYSOJBLkoMaAwuZRHcWYZUyeW6NCho/zcocM4PnYG1WoVMBj9G/tw7ZUX0/U37OStm3sokTH48Kk5vv+xp9XpqVnOVxt6LB5FSzyBvtZM/eING55pS2c+m0ok7tm+6g0nv05ed8pXcBl/cJns/3xzT2dvy+7lufJU6eC5R+9e6Tr77YLv331IZHgglvJy2uc/P1r6fr3nBcL6wcexLEQbqdF7np4feu+QJfKi7aF7HpocHh6W5fJ8JwAkk+2zIyMj4WuHX5uBgwxFKND8QOgKZUfXhfKUFYnoHaEUSdVong1tbSHunXMaWJ2TBi63o7F+xcGyU60/o0g2BYuKF3opCLh1WS8nkUwHAdYBARSrE3W3vvTYXY/VcV7AObh3r55uznZUS6XUkwcemenp61Fv/sC7esv10ttrlcYbCs36quVyOeY0HbhhiEhrWqVXZVU0F5fJbJychoPmdB5Tj5zA2RPn4BaqgA9ocRsdl6xF6+ZOpDa1oXtdJzK9WY6m4pQyDEiXWC4zFScKPHfiLE4fncR0Po9SPg/Hc8A1h4y4zS1Zm3RmhFLCjEUR+j5rKkSl5kGSIOUpkB/AiEewNFPkoNgkO24wCyaWklkKmAmDgoARMSRMU2ev5pLjuAhCZhOSlClZ+QGsSAS5eJazmShau1oo25rBloF16Ols57bOGKJGnDwwVYICCueW+fT4DD73zw/g0MFjdO7kNBCAY90JbL9iA15/05W44forEYuZmJpbwOFj0+ETL5zAcqOpSUOit7sdfa0tTm9by4NbVnX/zZa+q79M1FEHgDv5TjmMI0y0X/0Q1iHd8r5bombVbPyQRZ8XCOtHMfDuSCf75INPLuzbB/HIM1f3XX3pa87ux37c8PwNLbryOpfc5sRTVzxVu+mFm1YFMqiGfkg2ab2exmeN5rLDkew6jfR0INDQAtUMtdAXAbHQjY0B+8uuE57QdX2j0tVESGGxECl4elHXEiLRQkSJHRt2HH18/PEUgH6hCSPgYIJCMu8bue/M3o/u1Y9/8rgcHR2lt//2e7YmWjNXMuGnz03NDc4v5W1FAj4DsZZ4IEwBKxERmbaUKJVKXF+q0NLkAuYOTqI5XWSkTeQG11HvJesRH8hydm2Ksi0ZRCMmYlKiXqyyKAWYOXQOi+PzNHtmjhdLy4ApSOkKrd1pJNJR6LEIDJe4NFUgKYh1LyCv7iM/VYRb9dBsBuzXHCgiIAgRBooUK2bFSOaSCFVI9VIdzARmgtAlhFBgBQgNLHUJ09Kh2zppmmRdEyQkIZa0kcnEGeyTGwbsFjzIiAaLdDQrLkfsGKVzWfSs6cS2zRuxemsrOttTxKqO+flZnDsxw1On6njkkROYODWFM+MTMJI2LrtyA95yy1W49sotSGbjaLohP33ktBo7dZZL9aZOusCa7g5s6uqcyLW1/qtVkR+/dse7x7/mLo5spltvvfVbiUS/t0XPIAbjW0opLhDWTxZhAcDley5PhPmwOTY25u9+/bXr/AjNjY6M1nfs2GGlO+JXkkLhns/f99zw8LAxMjLiDQ8PxXxht/m+ZGh+nEl5Uhe+dPWkH6JIZq2iifh2wXzqM5/84gQAXP+269ssYXXU6/WzpmEKd9Gt2LYtg3TQ4wfpuXhzQk3Ya4IOUevThewIBLknjp2cPDd2bO4Nv/q2zS1dHT83NTXzllK1tqpcrMB3XUDXAisdE6nWOMWzSYrEDJTmCpg5NoX5U7OozZUAIdB3/Wb0vnYLt27rQkf/KmqPd8CGh/LUAgqn81gcn8PE0ZNYOD3D5ZkCREyDEbWQzMbBkkgTEiLwmd0A9aJL9fkqPMdllhqchkde0wcCBUgJkgQ7arEiJikAQ2hoVpssDJ3ADKEU2nJx5JcqqNZcSF1CGBqICJqtQbmKSZNEAhC6xl7TJeV6YAaCSnMlgRg1YEcstm2N4lGDE+kIRZM6dFOH33DQrLtMviTdiLJtmVi3oZ3WbuzGpYOb0dGb44WFIlWXipibK+OJrz6Pr371BT55fJKEpvHll26kW95yFV+/+3IkU2kUilUcPnVWjR07gelCWa7q68bl69c4G7ra7zSa9LeXb3/n6Iur5U51p7yVbg2/z4v+5dUMP2wS+bEhrZ8YwhocHNSRRmTs/rHy7lt2dvqBrkbvGZ0f3Duo55ZTWwxpbCVSX4XjlBpxwy9ECl7XfDonYmYHOIx5QVhWaM5IJA3DCIlYrJE+ToyM3DMPQLz4wN9w654rIPQzs4mOQu7cOdFsNkO7wx4I3XA+paVKyME4cuCIl1qTGnQ9FW69YvtuKxNtP3L02G2uF8YX55fAGvnQJcXjMRnNxtC+uo3qtTpOP3EMC+NTaJQbsDIxtO7sR8vWHmQ3dGDdYB+yqQRidZ2rJ5dRPDiLE0eO8vTRU8gv5tmPG4jahtQkId6agFtsInRCVBcqqNd95YcqDEpNATcUke40tISOes2FFTHJNExOQSEVMUnXdU4lbDiewuJSmWbzFdSaPutSkCEFS0Mnx/GxqTPJBik8cWSedEmARtB1DZdct42PPzdBvFIPwyCCYesUTVkQUqJZaTIrBafiwK034TUDCE2QW3eZCIhETdiGhmjUoEzW4paOBCzTIrfZRLnowKspjkZS2Li5jzYO5HjrxT3U1pLEYr7Gi4tVeuap4/zIV4/ghUOnARnwtUOX0mtfdwVef9MO6ELi+Jk5/tR9T6vJ5SWtv78V29f2YnVb25ezEfOv/mzz++4eAUIiglL/Iolu/b6X5bzYZqharWo9PXl1xx1jPi7gJ4+wAGDHa3dkopEoPfC5B5ZveMM1q+FYi/fdd1/jtW+8ptswor0kKMXMC9T0zm3f/mB+/3ndy9DQkJboSGQJfqcQeo+Qwgl0fuyuv72r+hKyYgB4/a2v38IBV0WLyA92DDr7sR97Tu2JhRSG9/3jfXUA+IU/+oV0Mtn63qPHTr410LRtNc+LnB4/hUCFvh4zZU9/J8Vb4qQUo7RQQHG+hJmTs6y8EJF0lFqvXIf1N27Bqot60J1qhZiucO1kgc48c4wnjp5E3a+zMhXXC3UR1pl8pdDa14LSTMErTBXmmw3fD9wgwSE3RMSIGqZhhZ6vGaZu+G6gNMsQcVunq9a2YNflvVjbmqFWgzgqmAQRNCEgGNBtC1NFHwdnyrjryTM48PRxpLMxQEiEtQbeu2sT/vdnn0K8NQ0OQ5i6xJZNPRh77jRaujOo1lyAATNqrAwgK4AZkZgJp+GxW3XIcwPWNIKuSTSqDkJWJIjASsGpefDqTUQjJlqyEeS6EshmYggcH4XlGpPQYWg6NmxYRddcuw2X7dgMaRHOTiyguFTlp58+gU996kEsTi2hb8Mqestbh/CGN1+Ldb29ODKxwJ978NFwfOI09a3pkFv6V6Mtnnp6c3v7/xnc/I5PAQiAFVHqddftD79fxPXefUOWbPi6VnZD37Sjf/fhR5Z+kNbP3r2DetHMpUY+fG/+AmH9CMaytFjYI7zKgmnq7MlIdnm6MT84OIjF8skeV8mITmYbUeACmArr+qIQBclmrE1qol2QECG4OH188djY2Ji/b98+8bJ6QX7Te/as9dzA0B1/zjBaqwMDA1/LNn1g3wf6rFTiXZVa470hRP/szALm5vNwXDe0khFqW9NGJECWTlg4u8jHnjpOTtmB1pJAel07urZ0w+5KoXNTN2fjFi0fnUH5mRnOHz3Hc/N5uGkdkZQpIiGhseSgmq+E9aqzrNnWU37DWQwCviqSjT0YqnCQfcWSeSkM+VLD1lKaoCorNWdFIv0tccse7ExyX9bG3HID9ZpLcU1wLmZSb8riVMwiy9Sw3PB4YF0Xre2MI96S5c8cnKc/+fiDPL9co4W5An51eAcTFP7knx+hTGcOzWoD/V0Z+JpA3fNBUgJSwPcCBEpBCIFIzECz7rJt6xBSIPRDkCAEbkCe4zIREYcKbsODHTGhWxo8x4XnBIjGLCzNFBAxdeTa4ljV24JIxESt3OBmw0M6naRtF2/Glm3r0d/fBqV8npydo2MnZvDpf3mUX3h8nGBIvO6d1/DP3vZ6bL/kEho/McVffuTp8NnTJ6ilrUW+Zvtm9Le0PGNI/a+++sxTn9r/gTsaAHDnnXfKW2+99XsJlgsA6r3vHbLMdt386P+8r3LrrbuiAwOjjf37v63gk4aHh0UaEzGk0fi3WmTDvzgU00199Sc/dP8LFwjrRxA333xzxKf6amhBwWbDi8WEc/RowRt7Zix4/TuvTmn1SAyGTEGIlGGEImAywFxiYU187h8+V3hx4uzbN6QBu9TLCWt4+LUZV8o1XNemvvCFL+QBqLf91/e3WYb+fqFrv1KuNVrn55YwPTUXtHd3kjR1YcctirREoXwXc8encfKFM+wUq4h1tlD3YD9yGzsQa41DY4Xq1BIq08tYOD7DpcUCmxmLAhJkRUy4izX4rmoEflhSIcYjcfvTMmqcDPywWzXdzsD1+5koK0AtXsONUxBOkxAJZrZIUE0Q9WRa4g12g6zfcNsqZYdjSVskYxZC3+eIoVHO0rA2bdG6zhRWtSTg+iF6sxa6UybirVmuaTH6v597Fp9/5ChvaEvgr37nFrzpN/8JL5zJUyRuIwxC9PS2cCxuU6HcYCUIgReSHyhEEzYX8yXSNMmGrcNreiAhwGFIuq2zpklIQRT4IaQQCIMQhq3Drbvwmh6YGDHbgAoVGrUmKsUaQwGpdJzW9ufQ0prgaq1BxCayyQze8MbX8pbtXcj1JalSZzz12Dj+8W8/jwP3H2S4Li65dit+6dfeiRuuvQKVWgl3jNyjDh0/pdZ2d+g7Lt2E/vau8bjM/sU//80f/cOHPvREk5kFAH6Fwulvi337IA5gSLSOwxoYaPX27x/xzstdQgDEKy0l+Nu5kQl5tKV7w+GveQUXXMJXEfbs2WOy2eyQUrCQkm1I25VhXCqpTFMI32dPhJhDOu4BRYzccf/XWxGvqNO/5ZFgw8PD9ln/bKQ92661ptNtBSf4Kda199abzd75hWUUlssBwELalhh+9xvRDB08f3Ac8yfO4eyxswg8hYErt6F9fTvLbIQSXVloKkD9zDxOPXkc8ydnYaQjKpo0BClCebGKctkpccgFcv1xI2o/bSSsMhFMTcqJUGgRz2n2mZr2JYba6jXDGzVDe9it1bsFqFXX5ESgwjyH2AHwFlK8pGlaWmiyXzAbUqkogQClSArimGVQNmohZ0tKmTpWpU3uTdnU15lAzJBwmx5au1sxOuPiga++gLdc2gOjsx1v/Y2/h5GMwXd9Ng0JXZfoac3QiZklJk3AtE3EEhaIAGlKqFCRV3dZaJKEFFChgtNwoRsSRAKBH3Lo+ZTI2rA1jUuFGoJAUegHiEQM6LpE4AaslEJhuU5OxYEwJHd1pmnV6iwbtkaFosstyTYMXjqAPW++Bhu2r4UGiWfHJuiTH/8Cf3rkS2gulNB/eT/97M+/Ebv37ORTxybpscfGwzP5eV6/fpW2edNatKQSh9Na4neu2fq2L7zETQy+M1HtE3O428JcBzo+OujgdohnD981EI1Gwk994tEjLwuGEzNw++37aPP4OA0PA2P3T4gRK92xxiku7f3oWBPny7UOHFmkXZtbGQBGRoAjAyP8baw02rcP9C2I7kcuGP8TfZDqLbfcEudILRIXtuf7oQZTJU1EK6WIX7v7jrsbL06qAwcOiPOtaWh4eJheQSdDAHhw76C+RltjRuPR1eVK44PVWuNWNrSkYoLje95yoSpdLxBd/Z3U2tUCKQinDh7nicMTICEonopj7VWb0bY6B9KBwPVQPJfH6YfHudZoUnZVmkNmNBcqVFyoNn3CGaW4Kg39lBGxx3WDAklYcl3VlBLrhSF9qZlfgac6Q89jYhUjw1hi4nroepewF+TYDwMFtBm6nEeoamHoa5phxhHwVoBXVwv1i4OGq6DrSEQMas0lSAqBXERDR9wkg5hzUQ3tSZu29GVhGxoHjkv9q3N4vgR++OEjeOvrttE/PTKB//OJA2xlkiAGhGQMru1AaGj0+POTTCFDaAKGoUEzBEXjFkLFXKs4JKSAlMTKV1BKQQhCsiUGz/HJaTho7Uiw23AhdJ3qlSYapSYTEZmmZDuiIxI1qFJ22Wl4qFeaFAQhcq1J9G/qYCsbpXrD59pyA92dnXjbu38Kb3njblIQ/PzZU/h/H/knunfkAS6eXcDgay7Ce37+Tdi+dQ3OLJTp8InT6uTcbJBKR43t/WvQEjE+0V7WfuO6W35ziZnF7bffjleoV+SvE8WwPrlYuOippblDl0XqotTIDXu+n+zsyY50p6/Jd87dLfe+PcbYtUsJ2q9eiTne8N/ffMMXZsIn+gy38+z/+/Lxb6ueuBMSR4YI2KVo/37+dlnJ4eFhWa0e1O79Ph/+e4GwvsWA79u3T9x9991ybOw7+vTfahdZEcW8xBwfHh6WiUQ5KWVf9Y477vCZmW6//XYaHx8ndMMYSAz4h84d2qOgPjy7WOituD5FYnYQT8Ql6RKsGOsuWo9KtUovPHqITx4+A9PWqX1NF68Z3EC5vg7YKQtLZ2ZRr9X42EPPUjVfYTNqsjQ01OYrVC83FHTteTMZm7ei5rNhiFkOQ2LJNYLwBXGVpWEIVoY0ZRzEghSWWXENYcjS0PPsq2Toh3GdeNl1vV4iuVEIOQ3PF6Szh4BbPS+8qllzV6Vsc8MVW1bpuy9qp/a4Ts1mALfpcciSqlWXhQpIIUDI4HqhTr2daViWjlYTWNWRwjnXwMmJebzuuq244dc/wfN1D4ah06VrW1Eq13DRpg7c/9wMlgp1BK7PDCYOmYUmYFgaMcChHxIzWDckhJTErCAFcSRiEEHBafhQAJQfsh41CSCoIEQYBFAhswpCsmwdxIDreghDhucGjJBhRQ3q6Mtx35oWkrrgxdkSEukWvGvvG+nGW27gBHI4OnMCf/OJv8O/3PEFNGaqtGXHJn7/b/001q7pI1Iaj504rY6fPot1q1vlpWv6TqfI/INrB3/u787PQ23//m+wtsSLm95bf/bq9dWq07Jz6wbniWfH/8pteHd88M1Xfb6lVqzv/I1vaKhIGBqK/tediWgvN9ZEpOjOxq22aOhJPXB0XcqklFpG54AazJXQCWowZcU0rLmTs5Xysqcmfvmz/izmvlFBz3cOy9uPjPCPkxv5qiUs7IMYwpD4Dr3L6WW7zEsJjzaPj9ORgUXqnNtApeS89Zr+dmditkjDWFQ4b3KLt46E5+tltWtff+1qI2JcVm8Ev1Bx3EE/VGbIiuqeg7a+TnTlWuDUGhh7+CAavo/+yzdh7Y6NsJMRSlgRlKZmcHrsOKaOTkMJINWaRGm+oBoVR/hNF2Yycpg17QEzapYQsC7Ak9LSx4SnfJf9Vl2Ty46noiQQj9r2EhtaNORwSCicDj2eYcF1g3hBsUroyihK0w/9Ojo91+10Xb9VhMqMxIx6pei8ztZo4JpNHV07Llmb3N5mEgoFqtSaVPcYQcBI2Dp8BmaLDnSN0N0W4/mSS3OLNfStyqJZLHNbwqStm1fhsZMlbOnN8peem8Ltn3wMqXQU27rTtLW/i09OzlBLZxv+9cARDpseKaVYSkEAWEgJAihkhqZLBhhCECVSEU5nY0Rgjsd0cpseT00WqNnwoRkSmmUg8AKwF8A73/BPKbDUBL3YTEIpBbfps9Qk+Y7PUteopS2BLYNrWE8ZND1XhBGL8q3vfRPe8fphJBHBfWcP4NNfuI/++U9HGIt1XPvWIfzSL70L6zasoeNTs/ylrzwQmDGh33LZILJS/uv/+9T9v/qJPxyZeUkmEX/xwT3Gr3z4Xvdnf/G6zUdOza8b7O++pNpwf6tUbe7//Kef/l9ved91vZ/524emr3njNZ0/N9hy1eqId3GbTpdJDvoiFCZ0QjpmGNJEALgOEHqA7wNCrOyumn6+G4YCFMELQnh+0KyymPcZB2shPf5CGaNv+z/PPIfznSn4zmFJt/54tFT+iXYJ8fVAFI0MD4vcwCLtwi4l9r+y+f2KuPzyxPVr2uxrtq/p8Hz/5sVirSOw9DewoFXLy0U1vbhMQtPgNj0sT+URugE2XHsx2vq6KNmWAChAUPNx7oVTOPr0UVhRC2DFtVJdueU6K0ADuMCgx/S4/Zxh28dU6PrStDoUBYo8fIVFci5mNKUKnIjc0LlcP7awmQWlhKanIhm7T5jaieZyfZ4balJZehyeE4MftiEMQLZ9CuX6ajDnJXOHFLTKULRraH325lu2d8RVvUkEBd9T5IaAZmgwdA1hGEIwo1h1cTZfg2RGLh3FzFIVlmHAMiQc18OmVRl0tqdQrDno7+/G237/C5go1HlLb452D67BE89P4IqBDv6jkWfJNnX2vICUYkhdspQEwzKQSFlULtYR+CFMU4NpalBKwYoYyM9XseGiVSjMFVCruOzUXXKdYKV+mRlhqEBCgISANDVouoRh6TBNDRwq1OsefMdjVkxQQNBwkOhOoXtLF7ItGRSKRc60Zum2t9/KN91wFbWgFx9//p/w5U88yF+8cxTKUHj/+2+lvXvfxUfLkzh7YkItzs+qK9b168JtzCzNFH/mF97z5/fdeeed8q1vfWvIzPiv/2P45+DjXWmJ5PS5efGJu8beXco3Dl3zxmtW/fqVnddsiPpvsqR3Q1c8mjKcBtB0AN8Hew5Cx2H4gWq6AaoNH+Wqw+WmQtVnBIrBQkDTNTbBpOtEOinYupSpqI5EwkQsEUFDaoqlOLLo8F1/eLD0sb/9zNHJ76pV9AXC+v5jeHhYzrgzkcfueszZs2ePuPdL93qvUH1Pe/cOansHBzGYLqpv2l0uGkoNb9MTV2b1VlvX1iVtrSWTiGcadSeXiGoxJ1B+01f1WDy2WPKFvywtayrUSejmjfnl0s5S04FuatyatjA7X8KRo2eINcmxTBotna1k2hoAQjwVw+lDx4Eg4GK+RI7LaFTKqlGqswqVFKRgxMwnhdQ/DxY1xaGlmfo4K0xBpx1hEJJE+JhtOicdIymjBV1rAj6l6rbyZathW3aj1GiThkgE1caElkzkhVSrEHIeYRClkM3QkwGFTtZj+XxU+YPT89Wha1dnbvutG/szzZqjDhydE4t1H42AVNkNwEohbkiyDR0tUZ0GVmWgCcapmRKIJOIRDSoIkYpHUXc9VEsN3LizHwkD6Ozv5o/dd4r+7ksHsa4zhesvX48z00u8cVWCfvcfnoJGYAXA9wLYcRu6qcFveIhFJDp6sjRxYoGdpkcEsBkxKN0SQ7nQgNPwoAvmlvYUzc+W2fMVBBE4DIiVAgkCEwG00iPPjpusGxr1rG9HfqGKarkBZnDo+aQbGtcLVQo8hVUbO3lg+3rEWzJ0bnGZcxGDfv0De/nai3ZSHk3c+9xD/Pu/+oc0MXqcezavxgf2/Tz2Dr8N943dR1944P7gsv4+rTeVCGqFyu99+atPPWLY0XSXpBtX51p+tlos0+zi/MPr1/b/0bUbOtpKpeVrUs3qazuFvypmMFS5ArdSDcNGk5UfUKXq0lzBwemSRxPlgBZqISpuiEYABMxgACGvWI6GJkBMIGLEJXGEwtAQpMmIgUxUx/oIsGVVFOu7YwgNY+FQYP63S/c/8de8D4J+xN3DH1fCIgD8Mh0UAGDnLTvjka7E9uSazh3efP7OL/zpF86+eJf79u2j2zeP09j9E+Jt53Li1L33ugBwzd43d/xUwt+5KUI7dMJg2pRr4XlJSxPReMTQTNOA0HRIpaBAgGGCTAsMwHWbWKj6qBMtLyw3555drHWP11RiothkK5MQ2y/aiJOHT+CiKy+BZgo8dN8TlIxGUfddOH6IztYUqpUKjj8/wc2aw0LXhCCw8sK7Zcx4OB41Z1w/9IKQL2biphEzxtgNDnsQLfB9hJaej4el5QaimjA0tjzSHYN9ywvijm3uSl/S945ke7xHlRtfnLz/8N12OjnHVTcSgjThePXQCzQQLWUjuj01Xdq+MSF+511X9F7xwuRy+OTEcjBXDTQiZk8BpEl4ni+8pg/f8ylq6rAtHVdvyNFFfWmUqi6qdQ+5pA2n7qC/KwXXB88X6/T21w5wJG5jYsGhn//zL2Hr2hwu39oLCkKAQvzeyEEWrEC6JDtmIfRDDv0Aui7BnkflYhMtHRkOXQ+eAgkJOHWHCQTN1EEckmlqXKu48LyQSAgWkij0AiZBxEEI0sRKPxcpkGxLIt6aQG25dl60ylChgpCCk20JcqoOL04sEpo+7LYENl22GT0bVyGxKYPXr9mBto396G5tAUKPP/JXn8Bf/NFfUThb4evfswd/+j9+B0fyh/Hlex9SGzs66JpLN4r7vzx2IsnN9qF1fYkTp6fUwwfPlG66+qKnru2JXxlpLiX10EHYcMCuE1ClhMrcspzN1zGx7NKpZQ8T1YDnHIbHBAKTLghCMAiAIAIRQGBIAdYEyNQE4qZUKQ1CE0BdN6fmyTy+WPfdmYXaQsakjiTx1us6je53XNuFCY584JL/8fgdPAxJP8JtlH8cCUsM7h2UADD2zSI5uvnmQdvv6VxtZ2MtRTH76IsxrDuHh+WtL8nu/cGv37xxa8J8XbtUN9pufdBUfgtxCJ8F6o6PoqPQ8BSEEKFuWyASzIGCrhNFoxG2ohGybAMgBYCkJoGKGyJm6nD9kCvCxjTp0FNZcDSFpw6+ANHageWA6MzEWbSm4jhy+iySUQtP3vc0ZzrSqrZUJ5A4bsWsj7R3to7C8FDJ12IiEVujtdqXcsS8ovDEmQ+FoXG/nqQciGMGzLzwtaXpVU94wDD6q5PRpq2vlvnKuWZS7r70P938fzZff3H78Xuffu7eD/7tbWuv2NB083XLD9EwauV8NWaFABB3uKNUqN16y6bsLz/6wmxz3gmmUlEjFQTUJiUiIIr4AQsOA9gGUdMNuVbz4Lg+VKDQlo3iiv4skrpENhmhhcUysjEDV27qwOjhOQwOdODKbV1IJZN4/5/dh6RBfNm6VlrXlcQTp5bwv790hAkgTdcQjZnQTAkCYOoSkZiB7t4WBJ7AwkyBjx87B6+xUttopyPU0pWE2/BgWTq8IEQYhBAk0Ky5sKMm8jMlsCCwH7ARt0m3TRgJC4EXsqlLMuImnIYHSELohJCWzvF0BG6lQfViA17Dg7tc4UhLHLvftgfNGOPYmVO4es+VuGn9pbjpitfi1PwEfveP/pQe+NiXuGd1F/3BX/0We2aAz3/+UU6zr37uxuu1eHkGE+cWwoXZBeze1CV6LaLQ8xAETmAoF6KwLKZOTonnJys4kg9wohKiGTIcBiAEaKXDIEJmEMCSmc4382YCYAoiWwdsTXLSFippSbkUUKEstI+cs+P35p3wXFfGwt1fPDr1W793S/bz9x4fOHoiv+vWTu3mN29KtXwmLy7716+MF/hHuLbwx9bC2nbDtkjH6o7EVHFqeXxk3Pt2LuKdIyOKAH7/+9/QdnOr96ac470N9drlrGmRpbKD2WIdhYYbNHzFNaWRqyAaIeAxka5JmFKABRELg0kIsjTJcdug1oTBq3MxaklGIKVg29TBKoSQgCl12KZOUhMo+Awv8PnZho753GpanJnl+WodLxw8glwuCVMITEzNq+JyWRhS+7uLL9/4B+emlkxNE5bTaGqyLblB2VpfZvuq24qn5+Ya5yq/Hy5X51jnen6BpzD+9ftPDl2Uyq7O7NQ1o7XpNPz2bT25zi1rrjv0+ceecM8sjwrdmnRrlXK8ZkuRKzMKgGEbql6qt5ia2bW0VH0PM66JSC6Um16rZMQ4ZIPBMSGFbmgCAgrRuA0iosXFCjQpOQhDsjWBrV0J6m+LYW1rAo++MM3XXbaGNAXMVZrYvi6Ly7etxse+fBSPHTyL123v49WtFh47XaS/vO8YCylgR3WSmmQCoFsakgkbQdOljrY4PF9xqVKn1T0tbFoamo2Az50riLm5ElcrTfZqjoAhOdOaoEg6yrqtgyFoaaqAZtUBIDjRnqDubT1cK9cAQ0NlsojibJHSPRkkWhNYPrsEr+qyEoIyXSlYaRuNhg/WJcKay6HThJGKIt6eRH2+gqpTxrpr1tOv/sz7uW3jahx48CG641f+ilO5LIbf91pkbRu5MMRmLVBms0xGrUnd6QgsAQSBqzTlk17IizNnFnDX2DwOzTVQY4ICMcmV/g2+UggUwCtieBbEkEREYEgiCAIMAmKm5LQtKKKJMBsR8qgjp590tJ+96Q1XPpQYf1yuQiJ8uOrR/LlTPDIOTwDQJMG7fmv0mqXCYDIRGb979MQSLhDW9x9Dw0MxPW1fTI3wxH3/eN/iN2tc9hEA/N7+/Yr33Wk8xJ/4pUxp8b/UHa/19LKD4wt1Nd0I/bIPIaWUhiQhiGBoEgSCx4AiCUgNIUkWgmillESDkAagG7ANnSPExKzQko6hRfPR3xpDImqwFESaaUJHCHZdhIGPiCnxQhXI926Bo4i/8sQYJuYWaOfOQX7kS48GbW2t+tgjzxxfd93lb2hU54vCN64gS6+Upov19tdv+dPu12y81u7MyMWHzzzx5O//y5+0XdwzxsuNcmhwt9TN7kBSSUD0xFJ2jU1ZaCy7k7WJeVEtFts6NvTaQiLKCucC16sZDvvxhKg1yg2JDNxkT1LNPbK0WUN4FQHXkOdv45BXCUkxIoIgYjfkiuuGwvNDQ+pCi9qGLJcb8PwQsaiFRtNF2iD0tcZ5e2+aEraOydkiXnfFGhybqWDb6jQMAFoshj/65DPYsT6HKza1Y7rs4r/e+SzYD6EZAjAMDv2QZBBwEIQQuiBdl9ySS8L1fDQKVU4nLaTTEWRb4tTeFmefFZWKdZybKuDE+AK8pg9oEggVpVdlEM1E2IcgOxNDo+pCM3SsvrwXs2eXUJwqwi/UYEcttG5qx/TRGVRO5llPRsiO25zobyWjP4PLLtmGysQ0nrjvWZDPMBIGqM5wRMiX/fRl6GjJkZEw0BNJYuHoDDeOn6abrtvOQ6tSUMUSRZ0mtGYJkAR2XIhKAcWJKTxyrIzPnqxiOSRYhgRhpQ0PAA6YSTGvnC8GQDBDrhAWpFj5bmlA3JBIWhIJQ6msJURBi5369JL2M9eu0yfmlkvlf7xvofn1TXxAA8bDkREorATb1Y9Lfxn540pY0c1RzJycmveiXjM/nv8mn3vXrl20f/9+tfVXfn7DJ4KH/jW9OL33wNli9EvHCzhUCrEcEAXQNFOX0pDEAmBDCtIkQQoBxQSp6RCaZKlJ0nUdgQJCCCSzWUSjJqAU1ep11D0fxWaAc4UaTs+W0Gj6ZBFQrzbgN5rQoUDMYKWQ00JojRIuWt1OVwztxNR8Hvd/+XHu7esg4TPtft0u3Hf3faV1Wza7hYUF17DMNtWo1WUiasRyicunvnz43sLzkwfgBVNB3c+F4IwuzEARFUWo5j3fPXz2s0+OLz07MV0+dkWza7fL3evW1t1m0FSeKlk+iu/d9cbFz/3TSG1hYsHvWt0VKeTdHbXJ+i2aRF8QKkcp8bhlal9OROSBnmz00VTcbGoEoz1htjJgBYqhEanliiOiUROWoaFZd8m0dC7XXMQtHfVmQLYpUat7aElYWCjUYOsCoQI6WmKYrwRIRA2s60hgpuzxfS9MIVRMqWSUr7tkNa7f0oH+bAzZuMlCahy3DARuSLVGwOV6wMuFGs/OVdXpyWIwfmIBZ08vETNz39ocb9/ZS/0DHRSNWfB8xYXpIirzVei6ICNioHN9G/t+QLWqB93SoZkSioHSdAFO1UPLVWuw+jUDZCSiqAMkBUEqwvT0HGaeOwcRMVGYKyKeTYFsDVIIYgVc3L+ekpqFbl3HJZ2d9LarL0ZrUEaKNNhOg5CfY6iAUK+BF+fx3JMncOezRXxx2oUrBQwpOGBFzF/beSlk5vMeIJgZmgBbGpGpEQxJSFoCmYiGrC2RimiqJyFpSbOX/qZgDR986tQT//iJj662pVMYO1HzXtzQx8fz4fj4N1Rr0D5AjF7IEv6QtVcvEY3+3v79auC2d17234xT92TPTbb89RwfPGcl84EfNJ0QS7omlMXKNMLwik6DNiQlQ4E4BFbClyRBUoOh68wkKSSCHzCsZAKpdAZBEKCYX0LT9xH4AUgICGJ4rg9DaliVsrAma2NLZwS2ISF0DYYdAZ/vNODF4whXrYfTtgqf/vxXMVda5hcOnVTX33iN8OuN0lMHD5UcxgHXVS8EUJutdDQRqLBZnS8/DBUcj8Tiy/DDovL10vQTTzRfNgACK0pmYGhIbvB9O0wsegBw6t5T7uDgoF5Li4sQuDvB6GrWGhIhqhDqYXLCceiW1Wx6CQ8ePJcFh6GRNKilNaYNBCG9oen6O5NRQwtCYGaxwkxEmiYQuAFYEFOoqCtpIBMzsL4tjpipoSUZxcRcgfdcvppsTeLBF+YBw8KbrujBn3/+EO56coKvuXg1fuPNF5Pv+yuhQUHsByG6slFSQqmphRoCzxNH8lW+88BpXqy4nh2PVALPizcbrh8ErMPxpBHTVW9/i8ymIyIe12U8YYenThXo8MFpUg0fsbY4pTpTbCVthIZBjUoTTs2FmbDheyFqixVkBjr4ordeS4svTGDi3kNoVn3E0xFuFqu45ZffRAsnpkG65HypQr29q5A/u8iXDl1Kl3W1IRf62Gj4nBI+SQRswydemmdvaYm0Zg3VpWXc8+wiHp1zsOCCNWIKWa20eCeAGSsnDgErUgUA5zv0sC6IbAlENELUEEjZEnFLg21pHNNIGZaU/7Co/cKgWPXXZ3FWS9g6z8cNHvnGsMkrrZ0fi55Yr0rC4n37BB04EPlgB0a3ls90f/R043cbW7c+3uU0vHQk7iKdLruBq0zNFMWZc63OcnVPC7s/34ZwAIJCBqSQGqSmw9AkoBih0MAk0L1+PaTUcOz4aXieBz8I4AUBlFLf9L+JmTrWZy3sWJNGW8pGkyVkKscKRG6jBmpvh7aqB0crBE8wz0wt4l//5Qt41/veqpYXFumxY6drpaXqEadZY2Frn9E1rRwG4XErmT5cXFqm6StvLGElS/riydPq5eJZ3A7uf12/4XEyYzGSBmGtH6hLfMdLM/gMgWZ1FkfCarNepWoxG2T9ol3UkkgmfcfXdEsPEjKQoWaanuexT4EWC4INS5XgtlTE2GNKaZ9bKqPh+IhFLNQaLgWB4ta4DkOCLl3byrZG1JGOYKHqYl1HnNfmYjT6wix8zcQNWzv5V//2CdrUm+b/9u6rsDCbp4ilIaJJfmqyrB47uYTT8xW/VHMDyUpLRSVfOZAzOjJxeu5sMfzqiaXQZ1WzDRk2Gv5SqDhGUG1BgHqz5jwHhL2rVqW6+9bmRDQdMWbPFdWRZ6YobLrI9XdQrDsFxwuwfLaI7Pp25AY6ce7x0yifzSO+thUDw5fx4pMTNPXkWcRzMXYXK3jjbTdxd3s7+ZZAayaJsNTERRtWQ9aXyayH2JQxkfSKLIWAWjhLXCnBXViEGbo4fW4Zn3y+zCcqIQVQUOedMWYGCYJggMErPhoDPitIEHQJ1gUobkikTUJMlxw3BUUNgtQkpBRhV0KXh2v4p98+2LL3P19d1J9YXFX/FkfZ/9gSlsSrD7R/dJR371i3dm1QXv//zuID40cmv5wfv23pPR+bKYxsHqzBORJWvaYR5Cu8/NxT5cHrBw5Ni9izyxV3ICXVqrihhVIKIsWkEUMnQApC01fo6l+Hjds2wSsXUS5W4IcBfD8AkYAQhDBUCMMQrBhN18VcNcDp+Sp7Ia+UjHgupVpSqFabYGmiyhKmJUBkoLUji7aONrwwfoJzbTnY0agJ9g2v3jxn2aYyWR8NPHU6l/SrDT9sSyxMh+Xjk85LTPsXe3OtbESj4M57LstqbK7TRLibgGtUyPnAUY806s0vT6vYo0Xr0PEtclOxUW6Ek5svb+ZHR8Ps+qyMNWJgi8Otq9saBVM0xh445CxWeK0mxW/VQ/2KWDJWrVWdXtOQdjJho14PyA8Y1XqTXNfH6s4Mqs2A6k0PuiRKR3V4PsMPmHQpsFx20Jq0UKw0KR61sffGDfTks2eRsHR4vqL9nz7Enzs4x0fmyrV6wKeaSi00SCyWAz7z6LHizLMnl7Wuttj0hv7cqfFTSwdty5g3TLGoa1peMw2RSkW0XFu0Kk39cKHoPjJxYulkebmmdfcmW7fv6ONYS5LOHl/g5cklCMXUu7Ubtbki5l84xy19LSSlhAgZhYk8rIgNKSVZiQh0EL/znW+ijkwLHnj8aWqPJ3HpmtXUwj5FXRfdmRTSqgThNsifnaJgaRbuQh5wHDw1UeKPjhVoxgGRBEK18qjU+QO4COcjSufPVCViSBAMCbakQNwQlDQE0pbkdFSnmLUSb4UQKhM1qEpa6e6idtvp8cNzHQPF4J57JsNX3eL+j7KCftDYu3cwcsd8l9x3ySVNYL96ab3U8PCwxDAw87+fj/S+4ar3haXawfJjz59c0GKru/3q/s222O17fsjMUoBgSAlN19EUJnQ7ho6WJDLtOZw+PY18sYxi3YHjrBzKG6gQQRCeD5yqlXgYCGCCaWhY3ZHGwLpu2JZktPdQLJfAdDnggcGtdGh8ipVqkhex+dSJCaxfuxqz5841Rz53n1rbv3p+7KtPvfvX/+T/PvvlkT+XzQYyrtKix770yMkXx3hgYMCoJBLSUkpv2s2ERXIwDLkdpOYY6qRXL0zOjc01VsYAcnFxiACgVqtRXdQTbZG28ujoaDA8DDkxMSiee+6gH4YqsfmiDduHtqTfs64zvqcvHenIJizEbB2eH4IMnevNkITQuVgPcOjELL707DnSIFBxFXuVEnWlLFy6vg35Yh1ewNjWl8aZmTJSMQPQdazvTqNarCKZsNnQBP1/n35BTTdVEI9oFV3TDkpNPB8q+IahlVSoTCISfhB0V2p+zI7IOw0hchD6OU2EzQAg1/XWENHmqC2vajrhQU3TxsyIVi3ka9tLy9WbEjG9d9tgr2EmLTk5viDOnV6CZmjoH1oH1wGdOzSJRHcGlfkyR9OJMNGWkiJiojFfxGu2bseeN+/isSNHyQ18XLN5E0kVICYU+jIpdBhNGAtn4C/Mw19eBNXLcMt13DO+jHtOluGTAIMRKoY8H5lSIRMBLOjFstWVZSkJ0ARgCLApiOIGIRfV0ZW2ELUkGm6AhhsiYmlBZyai3b2EP/7wvSf/87590PbvR4BXozWCVy2Y9u3bJbF/VO3HN6l3XyRS8Y7/edtmP6T5kd/9uzwB6L/p2k27vMI9LaHbG5AAASQYSKeSUJq1UptVr0MIoKN/HfLFMhaWyyhXa+y4HrEQ7PkBhcFKE0pJAnx+93RDxY1AUffaNehoiSIIgc2XbUXLmrUoOSGv39hL48dOw2ePa65PlhHhZMKkhx8/2NBc4cwszP3rszO1X8/KZm8mk5xzSzVTLdSWx2IxHsjnRbM9npahv9pxvQ7l+21aRHueRO3ZydFJB/sg+p/co5+KxwOMjKhvsMSGIHvRq02OTvoAwsHBQf25Z5/1QzavfvcbN/1/P70xeW17XDfnSk2Qr1gELgJNV8K0RKXqkCKNm45H2YTFmzd0USqX5KXlGiaKHv585FkqLRVw0fo2dKRsHJ8q4qrN7Th1roBswoY0dGhgNgVoY28L//2jZ/lL4wtBaya2qBSe0A39Uc/zbV2Tddsyz/qhXwhD0iyBRMMPLtNtfUYITHDAMwKi1FBMhhQdHtgLHHdVRJflZqguY6XMUFFvGHhDTtM/1Vys7jRTZnTwqj6hx005e6ZIS1MlQsxiaZlUm6sg8MMg2Z3mdRdt0IRlIu4R3rhnCJm2JKqVBnLRKMVsm51alXoyabQtHEI0boGLZajpMwjcBpozc/jnpxfwyFQVJAmeYqjzxae0EkhnViu98QWIBZiICAIMAYKtEzQCYrpAX9ZEe8rmREQHMZMXhOz7IUd1olmlnfvjKbrm1DOnp89Pt1dlX6wfqku4Y8cOO5FIiHw+/0MwVfdjdHRSfYfMB79w/3OL4w8+19i3b59gQB68/6uLiTXdPVmDdkrPVyEJoWsGW7EkSalBSg2JdBIMQqPewNpN6+G4AbwVITV0IUmFCn7gr6SiiUC80hZFl0RRXYB9F8K0sFyq4sixCchYFD5JWi5WkW1NISRJ7PuoN5ukSQ3xTFo9+9zhxpaLBq4mVXl2fiZ/qfIcPbm267QDZFpkbZ2b1Azh8xqPlEXgY9NPjt9fPpefKk+WAwCi291hata0UbjrEfdlVi9hEmpTxyY9sTZhrO0w5U2XrJOPLDWGf+99l/7dTw1kt56aLGoPHpnzn52uNh4/U3YOnqsUnj1bMQ5OV7R6SNBNE4qZilUPz5xcphPHZtAak9QqA7rysn72EzlMnM2jM6FT3Q3QnomCAQRegKghoXyP4obEZKGBO5+eCUxNDxXo2Vgiepdl6Yd1Q57VDW3WiKgJsvRFWzeDwFeBZsqzmm4WJWhB2KIYQGTMGCtF5pIG4Uej0gk08mzTPi411HRTO5VIRg9E4tY5GTWjLhCcPV1wluZrworoNTsebzRrnl2eKRKEhjBwKze+4Xp5ce9avXRmHr/4n96DeDJCxeUGnZ6cQ293O9b0rcLyYoHEzHF4rgNLhaDFaSjfQWFyHp95dhFPzDWh6wQnVFC8wiQvZgJXAu0EAUAIIklgnUCmJNgGwdaIW2MG9WUtZKMaIpYGQaBQMZgVKcXsshJfLYS/8uDjkw+PD0OOj796m/j9UAkrsTZhjUdzPiYnf3QGlEHD48PyIx/5iJqcvJwu2m3+dqwldZtvWfGGGwoTgCkEdMOgaDwO3w+gcQhD11CtVFGYX0THqi5I2wYRIfQ9KDB8LzgfCmfomoBiRhCECAIFCIFUPMZtq7qo7IeoVOvItaZRLtfheT4nEgkKeKU2zLItdLZmtVCSoVmGvmXz5pRkNdvwvKtq+eXTPtRqz3OWbBFvAH7m9IPPPlQ+t1g8bz197XCMyvunw8LfFJxvMQoikUhQT4unLCsV/5uHTl73sb2X/tkWmzv+cOSF4AtHl8YPl4LHTiy75xbqitrbs+LKK9alXrOlVdvYHidLJ7S3xKgrE0Hfmg6YrVk6NlXiuuNTWlfU15VD2+o1cMrLVK65nLB1sArJcQMIIjiOB8sycN/RJZ6phbOWaTRMyxg3Te15W8qzDDErGuJ0YMKVoWRLtwIpZVWatRmwseBn4sWLWzYUnWK9IBLCCSPNBkXDuhVYzcCLFFNKKyT0+DlGUAwsbd7UzNnAV0rqGsyIuaxA6WYjOBAyjgupbWjWmhIcYuP6dcF733GrqccjeN3Nu6inrRWzc8s0OTWP1147SGu72umBx56i6uI8RKnAZEYpW5tDWChg4tQcPvPcPJ6db4A5hBMyFGiFsM7LqlZcwBVvQBMECSYBkCEJCUsgF9XRnbbRl7WQjRlkWzo0jVZ6mgqC64WhJJYnXPnUh4K1v8aXT9KtP8JlNT/qhEUvdznzk3nvR4qsAAyPr7Sive6WSzdcvBufYMbPh2GYbHohCnqENrQl0aERYtEIWfEYdE2AVQjFDNO20ahWUVpaRiqdRiwSQaNeB4mVpF0YhgDz+Vm50lmLAWiahGHo1HfZZYgnImgGjIAEWnpa4TUdisejsC0DtmFAKeZ600VLJqVZmhaGpNZls8n5Rrlx5bFTU6uHrry4NxuP6Q998oujHet7+9MDPUvLx6f887E64fX0GIVTpxRGv62lSbt25bldrdYfmqpu+sM9PR9VlUrfL3/8ucemGsHjmhSTli7m68VKz5tu2HbJe95+Xa6Ty8JounBrTfiuB98NoAAySFHG0rClJ02BH2I6X8fizAKFnkN9A+vw3OFzCFRIrBgRS0e56cNnoBEyRk8sh5ouPU2XVcs2vmCZ1nOCVNNotZfMpJkyQ9NQpAIZlZqmhTG2I95bht5SPPfc8fD+q+5XnSc6xXMdz/kFs6AKdxXCzp7OmJFQPQcfOThz5ZVXqgXVMDTibCQml91qMGla+qQRMaN21Hai8fj9dsRqxpPWDl1oVjwRxwf2vlvv2NAl43GT+ro6Kb9cJNPUsGFND1QIPHvoMEI/gNaoYNW6flora6gdfh7HJmbx8PElnquHYA7JUWCWkvxQrfjhgkjgxanBRAzogkgjQkQXaIvq6Elb6Eqb6M7YlIpZpEnBOoEEAUIwgQiGBpW0pHimGv7L0w+9cC9vHtBHv65JpJd/Zwbt3/9t9m4GAftEbUNNu3rN1TQ+Pv5NTf1ywzm5a1efsX7X5WJ8dPwVu5Ruu2FbNDuYpVfSR/44WVj0H/V+w8PDxvDwMI+Ojr68yZ/2kY98JHz/7717U2ZNy+cKTnPH7HQhjLSlqFzz6PRcCS22hc1JG8l0kgImRDMZBM0mIARiURvJZASsVgLsuq6DWcE0TTiOhyDwQQQWQpAgQQyCkIQgCNEsl1Gam+d4S4oGNq2D0HUoXUcsHoNiwNANLhSWKWLpUBxCcYhkIkqaYfLM7GLPhnUb4xOnTm3NpZOzO7Zt3Xx6cfKrLW19BW42euffOTWPUWB8fJy7t+Yy2TUdsfzJ2dq3G6NjR0k9c2I281/euO5X6+X67t++88iHelfnPp02dZelCIul+sCvv/3S7T+3Z0P89KMHmcs1qtY9msjXabHqUzNg8kKGZRvcbDjkuC6HQYh81SMrFsPS/CIrz6P5so9itUahYuhgFOs+0kkbM6UmH52thOl0TIH4ZMSO3p9Om0ctpBc99gxLyn5T+OFTDx6a672rN1A+pcihxj9//J/rc3NzwCgwNzenhjcP02Zsxvj4uMqszghTxJKd6bbC/fffH7Remgo1j6oGDE50Rirt6Za8o0Rgmtqz0ZhdLC+UMlduv2RPR3u3FtFNvO1n3iwoDLkrl6NyrUoRy+KJqVly6jVeWlokFSp2SyXq7+uCVV/C9EMPYezkHB+ea1I1IDS8AA6D6o5Ljr9ilQsCC4BeTOnqgoiIIIlha4RcROO+nE3ZqI64pXHEkERgmKYEMwMCkLogJmKDWZxrKufOGf6t+YXKzOh4/hu6mw7vGzCGd+V59Pxm9e3I6vx10do6Svf/w1zwErL62jrL3ZBLYh6txx9Z0Cf/edIto/zNhDQMuWAtBPmRH0zY59Uia/iW5DW4d68et2stR8eONie/bt3RB//ig+Yf/5c/9t/3v959qSPCL05MLqyph+x3DvTK+ZMLVCxU+aJta6k91wI7BGKmTuWFJSRyOdjxOHuNBumaBo1DRCIWhKbDcz3odgS6aaJSLkMFIWuaBkPXSGoSISuEQYhAhWj4IarlKi3O56HHIohbJmwp0dHbhbVremEbBmXTCQ4IZJoWgiBENBqBZphcqZQj1XrTWL9mlTh67Ji3fduWTDyV2fmv//KJL/Sv77+qa75jZuroVGP/+LhY7TnthgjdmRMz9VfYdb9mCf/08A5LWfrVXVH9v33hhaWPx3LZr2pQnUqQWK7Uszddu2Xjf3r9xnWTTx2maiDo3mOF8F/HZkvPz9WWjy9Ug0NTJW0i3+Bqw5MxnZgVqOn6aIZMFSfAbKGJfLEKw5A0u1SFACEe0RAowNI1nqt43AwFJ1ORGgs5mmuNP2QEotDUlS5T0u0yemaj1lw598UBXZvRgscfeDw/NznXOB+7Bs4vxvHxcby42PKTeW9uYnpxbu8cMArOj+fDhYkF3+7finSaUaq5mwxLmzD1iGtoWm52ejr+//3ur7356QNPqetvvlb0re6CLiS5fkDxiIWnnnueUlEbHZkkhQowOKT+1R1ApYIn7roXJ2YKPFHyabFQw3KlTnU/QNXxqGdgM9KdXagtLkCtFDATrciuiAisgUgD0BrVsL4zTrmkxVFTUjJmUMQyYJs6dE3C0CV0XRIJYmZWzWYgnizz459/fOYP9t08GFl79Wrr4MGprwlEd1522daJ2c7m8UOTzvt+65b4lqvXrn3+0ZNLYBBembz4JQp4eklyigBgVc+qeOvWnj1b37h9b+6KrDq8/PxJzIK/4b3GwRj/wSkDfmiEdfXP7MkZ1/SHhadO/ZuYd2DfgDGAAZp8qSvJoKGz77UmDx36jqnb9TfHhCEN/sonv7JSmjAM+cEPfFD/8K982H3n/re+xjHEpw8/f6az5HhB57a1+pEvHaLC1DKGbt5Jrhvy3EyB0tkcaHmZ6oU8WnNZxFvbKHBWOm369TrCwINu2rBsC7ptw7AjXCmWqOm4pGmSbMuE1AT8IEAYMiswMRECENfLFZo/t4D8UhFTE+f41PEzFEodViKOaMQm0zThBwEtlRtouB4ks9A1izVTJ8PWaePmjdmZqaV0PJ7Y6jKW0+l4WUht7Xvf8u5De6++Wju7NLnB1PXpqeNT3rchec5tXmtFguDqsotkRcmvJHSqkyaWDU2kFwu15ntv2nZxa1Br/8dHpyr/75Hp58bmGvdHUvFRR9LpqhKnqkz5SsDpI9PFpcOztYTnM5HQUK67tFj3ebni0sR8CfGoToGvoEvBiahJ5YYPIYgcJngQIpmMziupPyN16SASnYhkIh7NkXfPPff4PT2ro6Ws6xnLBm677TaM7holjALnDwV5+enJX7/P0W/sKru1q4tqbTW2wvigrfNZSxi5+fxyy953v2lNtjV9nQeo97z9TdRs1MX00hJFLAPT+WVuy6RoS/8abjoOIoYg1/f57JHT9NC/3o1jh45juuRQECi0bViPHTfuQv9F26n9oku4HgjMHj1GjWYdUgjSpAAzIAgQIEhWlLIlNncn0JWNwNJALUkTsagOy1zRWrmOT7Wqh2rNhdvwobyQHSHFs67x1285/cuPVD53RnoWm4ObV7dfuiPnjY3NBZsG0w10dDXHR8fDzVf26IGvVm3qGZwfPjKO0W8fIsC+ffvEyzwS6r+0P4WE2RsQR+rFSpAIY7OzPz1bwf5XYdC999JNbbma35x4fsL/t1hNl/Rfkgw7rPjk0ydrX5uU+0EtV1xBc2Nj6jvFzyZHJ9Xxx457w8PDYnx4nN6be69xx3+5w33jf3vrbXou+qlnD55M6olI2LqlVzv0qSe4vljBW3/5p6hYqLIB0LFnT7ABgZTXAIch2YaGrnXroYIQ9VIJXqPGBCIrEYcAo+l40KMR1Kt18oOAjRU3kUKloFhBMRGvRAtIrFQVw3MclBeX4NYa1HQ8TJ46g3q9AV+T7PsuRSIR6BLUqDepu70FDadJLZkUiuU6GZomDNsQa/o70Z3NbD5+7OTJ3Vdf9UZXimfu+pfPLKwb6O83JEXPHDs3Nzw8LM9bH1+ztPbs2WOeOnWKJ4dv89tOH0s0mm7F0I1njJh13LbtvC3CssciYYfeVV9+Zrr+qRfKH17dmxnty6WOshSLpmWyrRlLpqW7uq4FyWQ8Vao2rcNTJePoVAmGlHC9AMs1F6apkRcq+IGC44WIR3QsV11KJWx2dYtrgQw1TZtmxV+ImHYIwkadgql61A83beof1C3THf2Hx8p9u/qMheML4tTfnHpxw6KhoSHZt6vPmDz0imLJl8ZTaXJykjetuWiDZZttoesd94TYMH1m7sZf/aX3D3sUpi7dfhEMTYrTM3MwdA26rlEqFqVUPIFDLxzB7MkjePKpI3jm3gdp6eCT6Olsw7qLNvGu192A69/8elqz/WIsNIBnHjvIE4cO0amxp4mUt6JIF+fD7C8WMQPIRXXa3BVHS8xgSaBkzGTl+mhUXPKcALWay6ZlINsaRSptI5GykYkbNO1r+HJB/PXvROn4e/Z/xT14cLp56Y5c3XVj9KY39eHDf/xYc3x0PASA5x+f8A8/OTEzPv41svq2IZWXh08A4D1vOlM/nV8VHL//4H1B2ZuwTKt27qfPOa+eLOFLTM9zz54o/RvI6muEtfq1rzGstLnx1IFDUy+9+G3ICsN3Dss1A2usE6Mn/BffZ/ONm61d3bvMv/7Pf914+5+997eo1frLp589IcK4rbq29Mrjn3gS3plFetNvv4POLi5i7tQ0GtUmqotlmp9dwvrWJAnXg06AZRloX9MHp1JGaX6JfAU0XR9K6rASKRAEgQDXcUgQSHEIpRghA74KOQjV1zphrnxJkCbgNB00KjVEEzEIy4br+KR8nxskCOddznyhgkjE4ngkQlIISCnIsHQRBiF2Xn5pPBqNXrpUXG7va22/+rEXDh6+dOeVM9ddtulXXKP+iPDK1NGxnicnJxWDaT/2o3WgtfV9b3tfbXT/frVu4ypTGGYpbvALtmYGoRNp+kljKaVrdGyuZpxzxD/dcs3GL9Y8r9IMtGVT0+d1y6iagseFRolKtZm5YnBttO6o3ogGNblYpplCneyIQQvlJoKQybAtZmYUqw5t6knR3GIF69bmKNLShkgqLXJJ3az6FDSDUHZ2ZsaT0UxZKE426/UNOy96zdjay5NR5Vgygkjwmg+8RuuN92J8eBybGpsyOumJUy+cqnwLtxdDQ0Oyr69PnD17lv/hrn/5gO/57pb+jaq4mP/zPdddt2fTxQOtUVMim06L0zNzdL5BKcWjEfiuhwe++jifOXmKZmYKhEaDrrl8I1/zplto2+tuQKqjh5ZrLj14z3343N9+EieeGUNxcY78ehWWbYH4/DldwIoOi5klgJQp0RE3qTVhIGHpFNUlNDDZtk6pXBzppIWWXIwy2QiJICAKQ7AKSVeKH1pimtW0i8cfmfjcc2fL5QMHhrTPfObx4NChyWB0dFJ9v+PG9rY9RqVE9faNSY8kxR/5+CNzLx3jgeEBIz/8i4xXILsfC8IaHN+dTG+2+Hy24N81eIOda4IFw1+cfmL8u1bujo+M83myAjPTgQMHtOhbovj4z3zc3/uRn9/nx+XvH3puQiXXdsBOR+ULf/Ug3Lki3vEH78TM8hLOTc9DQlJhZgnNxRIS7a3U15LhlPLI0HVwvQItdJBIJpBI2DANA+WGCzOZAOkGDMPAUr6ASrUGyzJhmgY8P0TD8eCHil7MHmq6BlYhwCvZIyMSgWlbqE9No1mqMAuNLF3CCwPKdXeAQZify2NmdgHxRIzaMmkUihW05bJwPB+zy0W++ortViRqoSXX0nfxhg3bPveZzx67afeuG64dunzi9/+/vz112223aaOjo+H48LgcHx/nVatWxQ+ffO6Siwf6ijqJqp7UlguzaF5//TPuwoKOdZGcng9FOZGInOnvSZ/Iz5VrRfLnDz508NzareuU5LCuJ41mNpE9Nb9Y6F/T25XMtLX0Ly0WOPADKleasG2TiAiLpQbFojY6W5NUKFa5rz2BIAhp3ep2IJYhy5SwVVVbrvob615wUDQKXy40aqlivnRRPJOsdK+PL5w9mb+yqz3t//1HP1C8accv+l3bu3LrCn2XtGbjPUY0Orvzop3e2NgYf5PWDKDLX3+5/cWRL7rrb9i+cfdVl/9hLpl+eFVnx8/3dbUMDd14HRzXod6OLnru1AQpFSIMQ2imjuVCCY88dRCb1q6lnRcPYnBwK2645XW8autFmDw7hY//8f+l+z/9ZT763CHKLxbAUkOoGBSG0DQJsDqfJMb5QkGQAMjWCJ1Jg/pbo+jMRpGIGsiko0hnY0gkbdgRA6alsWkZ5/v3MSul0Kg7qDshHeC4CnStxSGZeec7Fz972223YXR09AeV/KLkxUl65u8fdiYen/DXX7zeXn/1eu/US0I8PVe/WfROPWZMj0//wFT2Pwyl+39sUeU+iF/b/Gvmh279kPMLH/uFP+eo/qv3jz4ftG3rlclknA7sGwGVXbzxd34Ky8UKps8uwa268CtNBEt13rR+DaQiWmvruKq/AyguAqEPQ9eRaW1BNBmHZkVQLDfgei7YimG5VMPs1AyaThNhEGB2dh7VRhNeqNgPQwpWWvFC0zXo8ThKNRdtfV1oXduH2aUa2lozKEzNQkRttKzugWFqiKdSyLTkAPYgpMTh8eNY09eFbDyFQrmMlkQcJAU7gYvt/f189NSkv3V9r/lP//KZo6dPTU188GfeGXvNrW97/UOfesi97rrrwj0f3GN4Z4upB7/w5MLl11180ZGzs/P1M4sLALTh4SErnW6VwIR/xx1jDPTyn935Fpp/+rT23LFiSyobi1ma6T55cLyQTSVWzyyX6u2ZDI4en4zvvmbLL4Wkv7u4kA+nzs6JhcUSWtNRam1J8HK+SO1tKfS1JzGXr2BjZxyaBDraWhBfv5VnJqdg6Lp/6NS8Ho3bj2zZ1L88n1+uH3zhuB6PGM8USpWKFYl1HR4/dX8ml9M/8DM/tb1UD9yxg09PlmrNBx+767HqSzPD1WqVrrjiCn///v08tG9I2oXuyL0f/qfKO/7Tu/5m49qN737g8Yfv+v3f+pUbJ5fy0Vx7GyKGjkqtBtOyCAA8p4nFYgXVSg1tmRjaWlqgPAe6V8NSvoax+x/C4aOnefWa1VRcysMJACEFyrNz8GvVFZYMfSjFkAwGK7BSRGAYBG6LatSdMLChK4H2liiyLTHEYgYEMwSvHJ4RBiGcmgsVhEAQwA9D1pnxL2eaOGBkoNfrYSRqaMzqjs99+rlfHB4exsidIwr0g11zez64JxG4Ad3/0kOGfwhr/VV/as5Hn9mrf+DSO/x3fOh9v6dnrP/++Ojzgd2dkWZLkg7+zy/CDEO87tdvwVK5gfnJPAqnl1FfKsOAwOU7BxG3Ijj27BFs7OnA26+/AtmIRGXmHJq1KrQwQCIa4VhnJ2mxJNx6HcVaEy+cmGTNMKhRWML01BxKtRp8xewHIQWKoQCESoFppX3IxmuvhhcGEMJA16YNCAyJRDbLHavaicKQpSaoXqzz7Ll5au1tRXsuw8ePn6VTp89g19WXQGo6EBIMA5BSwJDEhqbDazaDbMrW//7vPv3cG2943cVnps/80S//7H//nYce2qf9r888KbFQvSQi9WRLOlFa05XeNjdbOhkA2bliPVKoNLx40rZuuXpT/NTp6al7n5laanBQX9uds5r58iWJbObqtlxqdH6h8JaOrtxCJBabP/Dws/Ky9d26G9IvP//8CXieT8sLBYRBSMm4DakC9PS0cTZhUbURYFtfCqYpkWxvg5bt5VTcQKEp2Gn6fNM16+WG9X1YOHfOqTmqZljxwuzcojDt2GklyQ6bpSueeOr52pPjU/87k9APrl7bU81EZOro2QVrpthYkoZ5ZC69YXkXoA4cOCBad+0Suwc7tf/xP/7kTft++9c/Xi7Ug4mlqca73vKm9HyphI19vTg6MYFEPEoggbnFPOq1JgbWrOZqpUqz07Noa0vBKS/h8AtHueGBWtJp1OtNnjl+iqq1OiJRG7X5JfbLRfiNBklB4MAHK4ZQilmpFR2VYk6aROtaI7i4vwVt6QgiER0EhlNpwqt74CCEbkhASpCmwdQYdL5OVSnm/3qKQdk4aU0HzBx0rcpoE6eX/v6BLz3/M0P7hrTR/aPhD5I8+vfsMXvXWrEH/vJzyz9Mo0S+mslq3537jN+84c/93/7Er/+mH9d+/7FHxoPk+nZhp2Ni7A/vgUaE1//2zehsy+D4sSksn1lC/tQ8orqOrjXdWN2zCsoNeebcNMVicVyUjUBvlhFPJRFPJ2GaBpNYyVI7rodKqQJlRLiYXyZd1zB37hyq9QYc34fnB8TntwjFCoFSUMxwmh7yk9OIZTNYnF/AzMQ0/DBEfmGRJg4fBZipMrcII2nTpZdvY6/pUKVSoYs2r4dSCkdPT8G0DcTjNhKWgeViGZlkEpZlkCElpeMxlUxY7cVyCet6sr13fuH+O//+Yw+VTzxxkj+4903lhuMgCNFMxcxYvly/IpOOrL1yc9f2Gy9f3dcCf8fcbDG7dsPa167va39nWzLyDsuO3SRjSTozMaEHAV0XjdrZZrM+lm3NHV2YW7ykXCxfvXZNT/bsmSmqVldEpbqhk20b7PsetbRlkWvLkBWNorOvG23dbXC0JK/u76NI1CLLtPGGofViXafFhIAjuitbkoaZSwa53p50prsn1t+pyr2dGSk2r22JbOxpubK0sDj43POTGTeErHvBcqPpTTu1ZRFtVqy6V9ei6ahdL01dPvL5+/Qrtm393Q/c9vY+ZbIc2nF5dKlWRXdrjir1Bjm+i0bg0+ziMla1tSDXkkWtXqNSrYpYIoW5mRlMzC/BTrZQuqUVXshAw6G2tashzQgqxQJHEkmqLy0BvksAEAYhWJ03eAikEyNhSurNWDy4NkurOuJsGBo0U6fQDWBHDKTaEkhmY0i3J5DrSKClNYp40kI0ZSFOIQ7Oubh7MUA2alI8ZWN+oUxBAD+Xiw/muhLhQx976sC+fUPa6K5JfAvB8PdsqBROnVKZS6L+3NjcD1UI/uNLWMz07ZRwH/3oXv033/vn/u/e+bs/09DCvzx46GSodaaliEfEc3/5AIyGh90f3I1MIoaDB17AmefOYfHwDGKJCHoHehDVI1i3upePvXCMgiCAJgQu6WmD5TdgmBqk8gG3SZFMC6VW98H3AtQrVeiRKAX1OgQpFJcLKFVqcFd2xa8FMJjPtxYhghACHAZYms8j09cDlxUWZ/NoeAHaOnKYyxd5dmqWxg8dxdFjp6mzJYu2XAvKjTp6165CLrXSqqbWqEOXAoloFHP5IqWSMQ5CFq7rUzoZoVK5wm2ZaCIIw4iMmnzTG65MHTwy8Vpbk+8+duR4cP+T025Cl9e84/WD26/e3rtr69rspRsG1q/bdlHXtvV9qe6+lnhrX1sybUXT2UxX9yWX7bwsI3WZbTpBd1tr57pDh49vZ8XrrERsrZSMymIRYRjADwLEE1EyjRVxViKTpM7eVdy/eRPi2QzFW1oxsHUTdbZEkE3Y2NRpUNaoMDSLnHIBwdKU0NEUfrXEbnkBzz/0qPKtCBItaWHqNtozhnb5VZe1bb/0iu2DA6vjHNQbBx4/bJjRVDKXta3dl66ffX789I5EMv7ai/tXvf83f+nntpgRPQYIagY+IpEIabqOuuugUKtRsVTHJf2rMT83j0LdRTwR45nZPD3y6FNYLlbQ3b8aTd/hRCROmWQUoQoxdfYsZs9OIz+1QE5+AeS7xEqx53q0ciDGeSW7ANKWxKqUhe39LdSVsdgyNYolImSZGqKWhljMgCUBy5BsmDpRECL0Q7Dvw2u60HwPX5kHnlj2cPzZCRq4qA+JVIyWl2vUqLthX3fL7k2bOqf/74cfHhveNax/CzX69wU/bLL6sXUJb/iNd0Xv+7N/rK9Ujn7zDvLi8eC/+ne/8e6mdP/+meeOc81niqxtFSc/+TT8s8u46l07+OJL1tMDn3scpycW4MxUYRoarx5cQ7NHZ3HVVVdyLpumE4dPoFoqIabr+JndO7E2KWHZGoh9sO/Bq9ZBhoFIWzuTptPCuRl40FAqLuPE8QmcnZpHpemsnHQiCKFaOVTgxQM+/VCtWF2K4TY9RDo7EUkkEbKC3ZqG6/jo6F/D/du3UmlhmX0/QCqdRKYlSX19XYhqJgQIxVoFxAFrmqBa3WFLlyQUs21qlIoaKC8X1fzMjHBq9eo//ut9fymInYvXrbrp4i19A5ph1jUh5cZ20XLJhhY0SiUmjUKhFOnJNLHUhdTNsNZ0KZBpnK1FKZAmqcDBYr6qNNOms5OztJgv4Nnnj4ZbNq6TXr3KowceRcS2sTy/TJGIiUjExEWXbsP6rQOIGAIaCBs2rEO1vITW/5+9/46y87rO+/Fnn/PW28vc6YMZAIMOEARAEOwAKVIsoqhmUL3YsiXbklus2IntGGLiKHZsxTWKLFm2ZdmSTKpRhaJIsYCdAAGSKIM2mN7n9vL29+zfH0M5jmMn+f5W7Nhx7lpYa/7Bmjt33tlnn72f5/MkJUTYQE+akbAttFdXEFQmOVPMkWUlUVtahd9x0L1jM9zVKiI/xPJSm41EnjdccwVDS0CYWQkinBo79/Dv/9FXn33pYuWClS22dKd+65vfdNtbr9i3b/2Wjesxt1rnhusRkUA2mwGBsFyvodHoIGNbWF5dQr3WQj6bx8TsHKrlKrZv2wIrb8GWErZl4eLpy3z+lVepVakjdnxEoYtSLoeV6Rl2F+cpmbAgX8sHECqEzsyWRjSYMbCpN42NgzmUCjYMKZjDkDRDwjR1aLoGAQVNgkkKEpoG5QdQQbBmgWq7/G9f8RBs34AH/ugxMjWN3/aeG0AMXDg/pzK5BA+Vcrg4s/qm7z944qEPfWif/pnPnAgPH16zoP1fqxD/P9c4MdGa5e7vHOC/4VM/vS/flS79+b3//uG/WbTuv/9+ee+998afffEP7jg7N/Otxx47LtudgJObekX9whLmvvgidr7tKhy4ey9eevQsxl68BCMWcFcavPu2HTR3dh6akeRtOzbTyPA6rC4so7q4isD18Y5br+M9fSlofotMQ66lg4c+hCAsTc8jiAHNsmH3D6FZr+HUK2MYn5pDy/Gw5iNjKF4LFhBEiJRCFK9ZDKNYEQD4QYQ4lYWdTcNzPKwurSKMIiSzOQytH8a2A1eiMNSLUDEPDPRQqauAXCbNmgbqtFosNI04jhBHChLMhgTZho6UZYHjmKvz81RfnDnZqNa0Ow/u2bmuLy1ENg3Uy6iMn4bMJhQFIbWbHUoldKT6e9FqehBmBpphckgJWkU/Gh5zuOapJCmIdd3g6fllYhbo6evBsy+cgO8HOH3iFLVbLQS+h+G+Er/9vT9Ey8uLnEkn0NfdS57XQeS6yJvM+ZSgBFz4c5eRNBUS+SSU10Gz2eFOyyemCCvzFbRrLlaaIUpdOey5/krEZhqFvi42Ewl2QoOZIU+9Ogdke6eb9Uay5rbE5h07s8VcDk03prlKjTRDkmXaUABanoeVWh2BF6HRbiFhmahW6uwHEbaNjpA0NMQC3KrXaX5qDjPnLjGHAdmWxbrnU3XyMuxUEl193YgaHTj1CqIwQOh46FRrjDAkk9YQOpu7bFyxoYhS3obOijVBSKUtMi0NRsIEQKxJIoE1CCRJQuz5iIMIgmM0OhF/+JkWX/3OG+nS6ct0/+9/H/3rSzj87utRW2lienpZbRzuoUTCrJy6uHTTUw+9fG7fvn36iRMnQvwToYr+k7oS3rd2zSMcOSL+Lj3Hgbff0PTDOHfF3deUzux7fukHhffw/YflfffeF3/wkz852hbxQ489cTzV6gSsryuIuOZi6k+fxYbbd+Cat1yF5QtLOHV8HDJgdOar2HTDJlqdXOUwEhTHMbkNh6/cewWRYti2ya2Oi40DfdjUWyTltQG1trKWpOC02mhVqmhVq/DbbXTKqyisG0an1eF6o0mu76059MHEDHotVoB0KaEAKAUSUoKkhNQ1GKaBVHc3Jws5OvCG12Fg8yYkCgX0b9oAr91CvdlBMpdGyAoLiyvUcDx05dMIHIcs0+KOF5AAoadYoCiKueN6VG904ASKtnYxHxhN9u/d1tsjvCYai1PQowr7gceB49H85WVYCQPlSpMajQ5it8PpjEXVuRXYmRTcZgPlDgiaSRAK9WYHumGCBFEQBkimktCEgOMF2LhhHZqdNjbv3EIjI4PYf/VeKpUKiFVE2XQaKo6p1XYQdhoYHSoiaMxTe/w80qIFM5NG0OpwY7VKC/OraLRcWpmv4sSpJSzVQowOd2HXVVvg+gGqM0s8efIUVaan4VWWyPdC1VNIYuNQPj/cV0iYiZQdxiF5QUhztTalEhaIBDVdn2udNnl+iCiKsVKrcSqVJKmvJXNvH11P1WqN3SCgSqNOlydm2Wl71D84gD1X7KBSKoX1w/107cHreWTTRlJezHOXJqg8v8iNpRVyag1wFJMuiNOGwEDBxu7REvUWE4hcH8mUiXQhRbZtQNMkdNtgzTIgsHagxWHEAiDSDUhNA6kY1WaIT50oEyU17N27gZjAp18Yx/Jyg669aTssXdKly4txoZhN9fYWbmyW8BfXHhymfVvSOPF/4Ar3z2OGxSA8efQHlor/rgs89fXnwx36wCIP24MbruquXTx6MTx48KD2pne8SYxNeOmDd2352lMvnti8tFyPUiNdUjU8XPrsUWy6cQte994b4YYRTj45Br8ToXVxARtu3AK37mDpwjIV+opQsUJ3qYt6e3sQeD6EUtRpt8lk0Ja+HNhpwCCGhELgunBbLQhWMPQ1movbaMBvt3ndxhFqV6uotToIwngt3EKttVcEgmICSfnaT0ykGBCahkQyAc9xqLZaRWVlBRu2b8bQ9k1wGk2Mbl+PXFcOgeehu7+PLF1Dp9UkPwwpUECn0yEIgZVqE/VmB8Vcii5NL4K8JnYXGujN6qR8V9VWqph48UWaHBun6YUa0twWMSTabkjPPTdG+68ewuxMFbYhKHADuEEIjn1KJzSytQhLtRbMZIbCwKGO61M6lSalmHRdo0w6RflcmjLJBMXM2LppA63fMIze7iLCOITr+LB0QRoBE5cmMdxfwPlT58lsz/FgnkhLWAh9B/XlCnl+gEorpHTCxImX56FIYM/2XqzbNIhz40v88DdfIOpUaKHNEKk0NRot0lREul+liTNj7EcucglG4PmohCa6iyVarjepFYQwTQMTC0vk+T6v1JskpEGmbsIPQ6QTNs0sLkKBaLVWR6VaRzGRpAO7NmDXuj7q78kjmTYoYUpcfOlV+trvfgZnXzhG1eUlWMSU0CV0KaALIKULyloabR4uYEN/jixDIpNLcTJpQtMEpBSQa8ZoEIHotQNNSEmkFBDF4CiGiiJUmz6+ermN+fkqNm0bos27h8j1Qzr74mUECnzLLTup3fbF5Ew5HBoo9PdZqQ2f/c3vfnnnDVenX33xgvdPXRnwj7Ng3Qf8T3AoOHz4MM3q1TDwUuLyky97Hyh+wPrYzR8zP/H5n/nDM+cv3/HsM6cjq7eoabrExc89i76tfbjmfddDCwmvvnQZqxNlNC6vomfXIIRlYu7FCQhDIpGwQbqGTr2NwPeRSNprLRAIZhThipFeUNBB0pDgKESzWkEilQTAaNUaiMIITIROo0G2ZSJfyGO1XEW95a4hTtcQufSaN2etR2dGrJhIECLPg5FMIjM0hP6RARS7Srw4twQNgG7qaLR9yhTznO0pwfF8pBIW9XQXQEIgUAwhNYABVorjOKKlchVJO4Gd1irv2aCTCmKMn1+iEyfGIRMm+YqRkYpePD6Fl46Po1xpYWmlgfm5Om9en4RUEfkR4NZrKHSnwUQwuI2EDlyebSCMIqzUXbhBCMs04IcKkYoQRPHaacOgdNJmTQqEgY9muwPb1MgLQh6/MEE5W2JmYh4lrYkr1lkkiFBreqjXHRw/dhm1poeliotqK+DlqkfDQwXMLTt44eVZjE+uUO9gAcuBjotzTSR1gYRkmAmLLk9Vab7i0tj4CuJWnYxMHr0jmyhppfj8whKKhRy5foDZhWWqtlrkhzH6+3vRCX10XAd+EK4hrklyxrRp51A/Nm8Y5KDZpOXZGR4/N07PPfECvvy7f4KT338Klm0hkTCRNA3oBJBi6AJISCBlSJiSMNCVoEJCRyphsi5BkkCWpZNm6SQ1QYKZwAyhSxIxQ0URSwKpIICKIiBWODfXwiuUQGWlhbOnZmjbVRv5yj1D1GwFOP7kORgZm/btXc8Li3VZrbbDdcNdV+zcu6H1x7/zrSd+6nfvMI89PB4DEMz8g9vM/ytY/1ulCUeOiKeeeuq/K15Hjx7liw+/3HnPoXv8Q6uH9Pveel/wK1/5pX+3Wit/6MEHnw/0fFq3B/M89ZcvkRFG2P/D1wNEOPbsOSxOrqI+toTihiISvTnMPHOJ9aRJHCtYqQSUYoRBiOpqBdVKnQ0hAFbkOx5v7S9SSgcit41WuYxMqQtSSoRhyJ1maw0hIwQEEVgx7FwOlUqNOx2HSBCEJGLFHCtFhq7DNA0wiAQRmGMYug633oQE88BQHxnZNEVCA3wfyVSWxl85g5OPP00riyvoWtdHmmnA8zxUKg3Umy2cGxtHIZNmw9JpabHMcazoim4NVxY9evX4BF54/FU+9vQJCn0XC8sOHT+1wPMrdbpitARDCtSbHSg/gm3rtDBbJekHnLA1WpotI1tIAb4H3ZTQJWBYBpTTAUjC9z20Ox5HSpHvRxBSouU46DgOPD8kTRDCIEDge+S1Wzh69CR12wq9oo0NRcaeEQ1SN7E6X0EQBjj6wiTGL5dRbkbQDQ3zy224oaKJhTZOjldweraJ1XaIlbqHcqWNjT0J7BhJwWGJV8aWoGkSGzcPY8OOLeQqjasew0gWYGbzMA2Nmp6H8ZlF+FFErh/CtixkLBuVhWX0d5dAYYBMIo04CKi7lIUSEU49fwInnn8Fx585QU9/+3G++PwJyhWyPLxllNxWBzoYAgqCAUMjaJJgSkI+afBwTxqFhEZd+SRSKZPMhAE7bUFqGjTLYKlrJHSdpaGvIZI1CZJr6BkSci0JutOh80sOvnSqSre9aQ8989gZbqw2sGP3MHX3ZbE4V8UrL47T0GgvDQ8UeWGlLpqOH68bKN58xZ6hJ//gV787Va1WjWPHjkV/rVjR/ytY/xuL1bcXT1gLaOlHPtSO/xuH+Ws+xUNPHqL7dt4X/c7jv/NWV0S/89n/8tWIUgkts72fVp64AHdsnq7/yVthJCzUOj4un5iCM1OHnbXRvWcdph85C5kwiQjgKOZ0LkWhHyIIQpgJC57rUbVcpcB3MbdcIdMwsKWUhu901jx/KkboOoCU1Gk0wZGC33EgBaHU1w1h2VhdLlPgB2uKZyIIQcQkIKWEaZrQdQMMtRYnFq+5GhqrVZq7OIXFS5Nor5bJDSOyUklsvHIXb7lyD7l+h9rNFlfrLeq4IQspSNcEspkkxicXaHpuiQ3DoJ6Mxa8bcChaWcbJV+aw6ihKixiXF5tUjxR2DqXo4kwD3z6xzCQEFZIG15sOOZ6PdX1prCy3STckXx4vU8LSEDcbSGQsJHJppEWHe7KSLPhIyQ6vNEF+4IAhoBkmlFLsRzGFkYIkoNlqkdNsYPncGVzRB76yK6ZN3cTDBUGtpgMymJfm6xRJySdPTBNrOirtAKv1AIutmKbKHk5Ot1GNJHqGerjQ20PSlNAMHZYmcGmuhWXfRKqnB5TOwZEmlhoBi1SWzEyO/Jgpeu1zXyhXKVCMwPdJ0yWEEKjOLHKIGGcvXqZyuc5NL4SSRLXFRTz79Ufx1Dcfw/LkLK1MLyBud6ivO8fZXAbNeot8x4EpCZogGLqAoQtoRKyBKW1r2L6+CwN9eSoUUkhkEjATJnRNQuoCYo3xyFITBGYWRCQUg+IQQgJxECD2QjKZ8fycS395YgUJA3zNLTvoiW+9Qn7EGN3ch117R3D6xDSdeWWKb7rtCpJS0qXxRS6VMnqplD9w8+GP/un1d40khq4t2e+572dv27x/xHnpoZca/wPczP8rWH/bvOoI/juUBQDQ0aNH+aaffuv6/W+99UdONkqXDnxwqzt2/2HCfUdxBEfo0McPyfvW3xf/1nd+a3P3+tI3/uRzX7OWZ2pUumaDaE7XsPqNk3TNh2/ldF+WUvkMv/Ddl6k9WYGuSYy+8QrMPz0Ov+VDWDpzEJMKQhS68xTFMRSDJQkSRKxiRY7rs2JgpeViaymDghYRhwGiwGe71EOKJJxKBbouoadSKPT1wE5n0Om4qJdXETEjVjEzKxJSshCCSBBM22IpiOIwZAZIKYAJEKaJRDYFqRto15q8OD5DF189i/Gz4/CDCPnuLnR1l2AmbBIC5IUxQhUjm8sik0vBNnWKlOC9GRdd1KEoYGzoSyKXENxyQ9SqbUzNVnFmYhW9+RT1Zw06P1vjhboHXRJNLrbhBjGXCklysfZexy4so6c3g6DTRKa7C3EQQDdA6XyG87pLkdtBRDpUGGG54XOpmEe93qKO44BY0eXxaUSNCg4fyPCVIwnKCB+prixVZpbBusT5M9M0eXEJkIKeOTGHVkhIpWxeavg014zQkkn0rx/E+k2DyPf3UKDZqAUCnpllkcmSkUpztr8f846gqdUOAtfBhYkVrNZ9cjwPkzNzXOrqQjaXozhey5JMplKk6waEAGpuh5qeT+liAaXeAtqVOi6cGaPH/+wbfPGFVyg3NEA2MVSsYCdMmEmLVmcWEHQ6pOuSLUmkS0ASQV9Lu6FcwuBtI13Unbcpk0kg151jTZfQTIO0hAWSEsIwWGiSVBwjDiIK2h57TZe8jo92pYVOtYUwUqBI4YGxJp/xmCbHFpDJWjS6axBPf+sVjG4f5MENPch0Z+jlpy5gfq6KG27ZiYXFGjlOEA0MFHuv378x8R9/4U++seMNew/uvHbP7zb8ZpTK2hcn3jjR+X8d1v+HedVrxYr+przhvvvuw94ff8MHrt179a+dn574/uSDnZkDtchY98ZbExNWTYMTWrVIt9/wxlu+/O3HH9/68tHTKrulTyonwtwDL2HowAb0XLuBYgk895UXqTXfgCBCae8glB+hemEFiZ4cECiCiqFiJqkJdA2UuF1pkmEaDGbSQYiCAOuH+6nj+tRXyGB9VifPC5Dr74c0dCIIpFI2ItdBJpdG18AAGvUWIqcFUiFUGEEwk6lrSJgaWZYBAhCFEXGsQGBSSiGMI0QxgwBotoXMYD+233wj9W7bCJgmzIQB3dKo5QbU6LjUaDRQqzfAUQTHceF5PtodB0EUobW4TFdtKFKz5WHhzFl878nz+ONvn8Hz4xWcXfEwUfZofKlDr8y0UHUVRnoS5PkhzZVdpNJJLFZclJs+xZFCrBRiJi4VEqQUQxcKmUKGVMwwLEm6ISG8FqjVQT5tYrahERFRtdrAymoFnXoN23MRdlgN9OcEaUQIHQ9SSiwvVFFreZi+uAiZSuL8+ArGZhvo785gsRHQTDMGTBu5XBIsJTteTEHEaNSaqDXbyKaTqHmgSihorupSremChYbITMGXJvw4Jl8RwEyO71A+m0UQKb68VEHDdShmRkQEN4zRabThtBwsLKzi/LMncfnFl6l7/RDtv/tWLhRytK6/Fxu2b+Fsd5G6+3pxyxsP0frRESAMSOMYoe+DWCFtSBQTGtZ3p2l0pICuYgqplAVDI9KkIArDtRz6ICT2AlKej9DxELU74FiRCmNErg9hGBCmBk3T4IaM33luiVogLhaTGDsxQ+u39yKZtnDsmXG69uYdNDJUgp4y8dzDr9L60UG6av9GGh9fFBFzvG1T3/U3Hdp16YVm+TFdBeR32mczQl+98rb9/PL3Xw7+X8H6H+m9XmtDP3Lij/oPfvhtO5/7zDdm/zo07Afyhv67rnJ1QyysjC8dXTfTqevWBiC9iu50j/zC+3+j8x8e+KVPnJqdvPfhbzwZZtYVNW0gj8WHz8KUEl37h7E8V0Zrvoml0wtgAnKbSkj35bD87CTiGGDBUK7PrEAkCK7jcW9fibr7SlwtN0AEeI5Hlm0hn0lSuVzDpqF+2tjfBcs2YBmS/FYTRioNt9FC7HQwtGsnN6s1SMtC0GohVhElkyZ3HI9ixTB1+ZqfkAESr0XdM+KYEUbRa0EFjNj10a7U0Gq2sPOm6zC8bTOyvSXKlro419eDRLFIQ5vWI51OQ8WKrVSS/CjmZr1NSzMLnMokaX1XEi8+fRIvvTrDxybqOLfUocW6Tw0nQjKbop7+bnZiRVNLDZyfb6HSiaDrGl9caKLlKcyVXYrjmAuWRCKhQ1chMREMjaDrGqxUgknTCSpGrARIxUiqOhqcwmLVganFmJ4voztl8DqUaX0mQDZtc9DoEElCEMZ8YWyOyuUGdFPycsWnR47Noacni7l6iEsrHmIIVJseVitNnp4tY3GxjMXZRbiuhyiMUKu34PkBea4PaRmQhgmSEpECpNRgZ5JkmCaEYUKx4FzaRiafpedPjGG10qC262JhcRXzc0swdA3pVAaprE2Fvl4a2LGZjUQCtmVTJpNBcaCfbcvE9r17sHPPDjrx1PO4eOwUqqsVhJ6HhAakTYnefAIb+7IY7EkhmzSgEdgydGjEJKVkadukpVMQlkm6ZUDa5tpsMGWzlU1SImcjUUjCTJlgz4VXdzA22eQ/G6sjJEDXJVgKunhyFtffdQXPXl6huakK771+O/K9KWo0PH7kGy/idbdfi2IpgbPnpslOm7x758bbnenm18tHn/+2LlPLzSiuJcMknTh6Ivz/6+/4n02H9fE1a80NH3hjjy5547N9ey5u6V+UJ769xrna9+sfyg5df51x9Kf/0/Rzf/jNp4euttsPfeohNXb0qNp9803al3/vc/SJL/y7Q1W39Ttf+sOvMumWMEcK1Bgvo/n0Jaz/iVuQ3joAL4gxf2wSca0DI51A/+u3o/rKHJoTZWg5G1AAK0UcxmAF1k2N6uU6RjcNU76YQ7PWQG93kXp6uqiyWgGIkLR0XLVpCKZlIHIdEBg6RUAUIFUswsh3Uei4lMimqbU0T5Jj6ByTZWjIJE0YmkAQRlCxQqwYUazA/Ff0ZjDzWgSUkNBMA26jhZkLl7Hxyp1c6u8m3TZJCkkcR5i8eBkJy4Bum8QE2KZJcRSj2F2kBCk0Zqf50nyDxpdbNNcIKJQ6dNuGNHXSbRO6aSCTS1IiYbEgpkYnQt0NyUrYVHUC8mLC+LJHumQqmIJqNRcchRyFCiqIKG1rpCeTELqGqN0CaRKR20bRDHHs1XlkcjlYpobmyiqt60xh67YeRF6wtoDQCFOnJ6leb6LVDnFupklPn16GrxjLHYVLyy7avuKVhketTsBBqChwPGpXGwhcH/VKE6uLFep0PIIggAGpSeiGjka1yYZpkJ1KUBgqCMtCVykPCEkdJ6REwkQ7UCQ1DX4Uob5chcEEw7bQv2k9ikN9qFdrkCmL0r1FisIAqtbBzNh5LM7O4PQLx+mxL38d06+cRthxoPHanC6hS3QndVy1ox8DfTnkczZy2QT6Nw8j2ZWFkbKh2SaEXNNHy7W4cHDgAXG8FrQEAGFIcRAgbrsIXR+ImV9a9PDgpTpMS4fvR9CstQH9zKUluvVte/HEd16h7v48Rrf20/DWATp17DIuXJiju958HRFHND1Xibp68va20ZF9/+5X7v/sF578ePTRm+8L/heL1T+PDuvgkcOp0dv3pScfO+X+DYUoAOCFz32r+uxnvnn+4CHIr33sa39lHei/fp9MYszretft8kPfegmfv/mHFQA+cuSIaA4WjWZ7uuvaPfv+4mvfe6pUXqwjMVoSvlJY+szTWPe2/Ui+9Qo0VpqoPj8Bd7GOxKZ+2Fu64MxW0TyzBGkbaw+4rjEUkwpigEAqVCApUa3VeWikDzuv2ErdXd2YnZplz/MhNQlD13HjtkGkEgmKPAekQmhxCCtpQwkDRvcgm/k8+cvzcGtVaFBsmQblMha6immkUzY0jdBqewiVAogQRjEUM5MARbFa21QqhudHELqGVsvBxbOXQARKFrKQgmCkkpCaRHm5DMOy2fMDqpdriBUjnU4xATS12qHJhRqWy00EIE4XchQD0CyDSdPR7njkOAHspAkSgiKlELJAteXBc0M43tqzPDbXQrUTQgoBqRTcZocgBXpLCRiWBtJ0xDEjaLWgzBQyXpnrVY9aiV5oGmPu8iT25troLqYQhzGMTIpXppZpebmCc5erqDkxXpqooexEmCr7mK0GqLR8cOhjXcmk2w4M0jtvG8VPvfUK/tF334D3ve1a3LB3GBs39oDDENOXF2hhusyVRgudVofabYcc14cfRdxqOxQzWDeNNTwxFMx0lvv6uuEpRZ12BzoRVMxw222cfvUcJl4+A3ZczJwf5wvPvERLly5zZX4Wlfklqi+ukKqUYYQ+p5I2kpZGKUtjSxOUMQXypsBQMYGego2kpSOdTyHVXSQpBYRuALoBEkTse39lkiZmIIrAQQDlOKTCEPxahqHSJetRjN8+VsZMK4TT8SkGURTGsFMmGpUOEzM2XbkOj3zlRVx3026U1uWRyCfx2F8+i97h9bj2us2Yn18Vy5VGdNW+0aFDd+xx79zxs0efeOKI9vnPH/2fCkqPHDkidv7IzsKIPhL8gJl/8Mj7reknX43/70EkHzkiRtAhzVZq4tFT4d/1QRx98hBNf8oBxtaMmkf4iCi/RPrjv/wl/wZ7A33q8L38GrcbIx84ZH7hA7/s/syRn/nX52pzb3rhxVei3Eiv8FMGVb57FpqtYfitV0IYJryVJlYefAk7PvZmbP3AIbQ6bVSfmwJMHVrKBgcx4o4HFcZAFBMZOhMDKorhNtpYqdTABKSTSeS6i/A6DnV3d1Gj6SIlYiqlDGjE0ASBooA10yQWGnLrRoiikBsTlwhRiGTSpHwpD8M2mMBkWjoSCQOtlgcvjBgMIilZMVP8mjE6VmtQv1gxXD8AA1BBSFPnL6NRrsNI2by8sEyhG8BKWPC8gKSONf2TYnSabdJNnRvLq/DaLTQbbUhdJ8/zkcnnoGJFTscj3dDgtjqYm1qhRq2NrK3xtpJJm7osHsybaLsBtRyfBRGWmwFNrDiotkLSpeCRLpOYGbmuDJTbhpZMwa9XYaWTaC6t0vnFEO1EiYVGVCvXuCcoI6MJkkKgulAhp+lgcqmNs1MNzLUVZhoK52brqDsRHDfA4f09+KUf2ka/8MHr8dbrN+C6DTls7s/SYFpDrx7RlQM27ryqH++8axcdvn0b1venqdns4MyZGURhSMl0EuXlKqUyKTRqLbKSFpumQYhj9PZ2I2aFWq1JM5dnMD+7iDiI0Ko3kUvZELaO8nIZrWqdZBQjQ4SUrpGq1xC22xBxzLYhSBeAJSUZkskSQEonDHWlUEyZyCU1WIYGjmJwGLAQRBwEJAy51mEyExkmiAgkBRhgxIpISMiEhdgPETTaSMYR/ujJGXxt2kMiqaPjxxTHYN3QKAoVrJRJsxdXsHF7H/kc08VTs3jjW27A0JYiTc2v4vsPPIs73nYzDQzkaHmlQbVmS111xc5r0732gx/94KeXf/VXf/VvW3r9N6/uQ916drD/+lajOjf2Gkxz91377Hc8ek949O+RMPoPeyf9O8zJf/11zSd/zh4amgseuPcB9YPovrvu/1gvhZRuX0xMpvsXc9/+8GfKOAJxx7qfKh74kUJFfzS71xHhU5/76reNjJUUqidJ5Vfn0fnOGez+5TtBJsHQczz2ew+Tu7sb9/3Ff4Sse/yJz32O3IcuAHEEaeuIKy6i1RZixwcrhp5JsApDEiQQdzwYmmQtm4AmdGRTCWzdvBGR69LE+DS2rR/Cu67dhm7qwIg9ZGwDqXwGUcTIbtwCv1pB+dJ5sOewMCVxFMEPAkSxAqRAy4uwuNrExEoDLV/BjRQCxfDCGF4Ys+dH5IQxgog5ZKKYmVlIYpLsBhFyw4O06dq9CFkgVjF8BiLPRV9/H+amZpDrLkIFESbOXoDvOnA7ayJnUgpCEFQYo75ag+uHiJst7F6XxRuu7MU1mwvclTbJMHQoBl6ZrOHZc0t44vQSZhsBNE2HkISEZLxlZx5vvLoPI5uLKPbnYRgGlhcqsNJJXJpt4Le/u4J7P/JjEAJYnprFqa/8JX/w4DrKpE1Uqm1cWujg9FQNbdIw1YhxabGFWrWF9d02fuGNW3DT7gEQEVqdtXnw8lIdzbbLMyttWm5FsHWBvAke6cvQQH8B23cMINlXxB8/Psn/8rceBRIp2nbVdm42XSr2dWPbzs3IFPLoLWaRy6ehmxbazQam5xa5WnXolWdfRqNcQb63B61qFZHjIHR92FHABR3ktzvwOm1Ypo6MISEBJHVC1pJsa4LyBnFv1qThnjS6S3nuKVqUK2U4UchR7PssCJBg4ihkoRskdI1ZxUTMQBwx6RoxgxHHRFGA0A8hGw1cGi/zW746Q6skwXHMnh9T6EcsJCiRsQEAURwjm7H5nh++jj7za9/EO953Nz7y8cM4c2kCH//xz/C6wR468u/fj0eeeBHVRie+6bp9cqjU88Sd1/7E65kZRPT3ys/63/XS/p7LIf/NjuuazJj5ws8/4P7A+9dajNT2s9tfS+1eq5/JB6ZXH3jggSUcOSKuadc6AHAQ7zf6twx699EvGr/xwqd+79FHn7MjJ4ppSw7NxQYaj57BTR+5C6M3bIUrdTz3mSeps9rAzve/A72tFC7oEemxhg4raJYBPWEwt0KihAGKFRArxFEEMEMJQC8kOZlNQgqJTrWFxbkWAi+m3bs2Y89Vu1FeqePlyWW8fn2SSTcp8AP22w4JTQOxgpZIQBBjdblMsVLQpIBh62BixIqRMAwM92ZgJ3UsVB1ebLhUaXo/yDgkZgYzAFpzajBAURwjYIZmm1iaXkA7CJHv74eesMByTWz45De/B9MykC1mEYUhQj9Au+0xASQEsZCC/I4H13G53XLoqj6bP/jWvXTVpi4wGLW2T9Nll+uNVWhSIp1N0r03bsCdu7r4uy/N0SPnqrzSDqnGxH/84jKdmG7wO28YoG2jLdTqHsAh1m3oxSuvzkNYBQgJWKaNfE8JNZGkh0/M8xXrslRtujg72+bJqkfNmHBmvgnfC3hbf5p++e5NyNkSp88v8GzFxUvjZZydbVG96bIUBNIlIsU/EOzCNjX0JnUeLCTp6h29fO+d2+naTx/Gm//lN3Du+BiGtm9gSEGXLk5iZGOE4YEutDodNBZWUOrJo9hdROgomKaO8twiL16aoNgPkMqlQJDQDSLHWaPHGqYB2xAQYJhSIGVKWJqklKWhK61TMWchk02jZ6iLuoo2pCYgdAkjnV9DIjHAgb/2uAtBCEMoxwMRrcVCE4h9D3EUIfBCoO3h959bQi1kWEkJLWWSHoSAJlFfbMJrBzCTOjRNYnmpScefuICb772av/y5b+Oet72ei/1ZuudDh/DZ+/6SH//+Gdq2Yz3GLs3I50++HO9+5/tv/v2/+MR7iehPmO+XRPfGfxts4J+vrOHoUWy+69rCuruvpenvHAtLzz3dT5qv/qSVDv660fmvQhyPHuW5R8YiALT7va+3v/zm+7x//dB//BczQeMDz3z/pSjVV9CUEFT53lnklMk3/eQbqaZ81GaqOPnv7sfb/sNPonv/Vnzj7PMYH5uA0AnQCO7YIiAliTCCJEAzJOIgAklBhmWAmSEMQXZvllrLTWLHp67hXnSXCmi5HqYnZtasOI6Hzb1Z5DMJRK06Ba0mNAFYtons5l0IKyuoLyzAcTxoxGwaknK5JGdzCeRyKcrkksinDaQsSYLWop9cP4TrxwijGDGAOGYOYkWR4jXFsxAUMyGZMEkyw2m1UVutol2polZusJlOUXF4AIZpwfN9NBstxGFMSjGUYjJMg2MWVF+u4kf2deEnb98K29DpkdNL+Nrzk/jSk+P41ovT+N7JJXr45BJ964UZPPLyLFabAfas76K7r+yjrV06ai0Pq06M5Y6iyfkWFhebvLjqkB8B4/MdfO/YLL/hxz9IpBnIZlK4ePESYhXwybFZWlxuYr7m8XwjoOlGhJmahzCMYemSfvZ1I8haAmfn6vjCExP05RcWsdQK6MDVW/Dh970B73v3XXjLW26mt735Fr7rzhtx1RWbYKVSaLQcemViBc+fW6WHn5vkQVvQT779Sjz63ARNLdRpy5ZhJDNpJNMpLhRyZJoGGs0OOo6PwA/o/PgM7FQCnXqTOIxgJxMIOi56ervWxMF+wJogyhgSuiAYBORsDbYuYQqwpRPJMMJgTxa9XQl0DxRgpxPQ02kShgHCa6RHzVg7hQJvzTgoJYQuATDY9cC+D+UH8Jou1GoVn3t2EZ8520IQxeT5EfcM5inbm4HUBHw/IqkLBE4IBmAlTZ65uERbdg5BJCU99shLeM873ozt2zZQM3Dp6198gm+75zrKpA00HAdgj2+8as913zh77P6ff98fNgCIf8jr3T/6grXvQx/SRbc9qNsyuurPH41Vv9gsSDTXxwuYePRU+ANCw8E/eb/1gSvfrH7w4R05ckTUhi7xoYN39mc3Fv/4q9963E4UUiSLSQoWG2h89wzf+bG3UD0RIplO4fivfQ0qZbNxbS9e+e7z1Lq0gNmvv4B4sQnD1hF7IdDyENQ6AK0depqhEce8xn9hhbgTUOwFCBoOC2Ya2DTMfqtDzVqL05k0ZdJJEpqGcxdnsXuwQBZHHLgOWbYFLQoghIb05t3wZi4gmbKQTFuUSFogAkzLIKkJaJoACNAlQSkFL4jgRzG8aC0KK37NYxgqcBQzRYpZEGHNKE0ImdCoNeC1HfhegEalRk65At8LUBrs4cDxMDs+TZFS4NfwNoEbULPWxI8f6KUDG4v0+KlF/MUzl/HdE7N0aakNM5XGpi3DdM1Vm3Dd9bv42p1DGOjK0ULDxdPny7g4XaEt3Tbu3FWiajuimZqHRshY7DCckLFU9WlppYWhA9dgaPt2GKZFumGwMG1wrGi1XOazkxWaa8Z0ccVB1YsBQQj9AG+9ehA3bMrjwePz+NIzcxjatRUf+5m34WM/eQ+95Z13c2nDVvRs3YJNe/fQ4Og26hkawu4brqc77jqIO16/n0aHujG7sMzTC1WcHK9Rp9LBu9+wDacXXcS6zVt3baFk0qakZSKVzMAwDM7kMmTbFuIwwsL8CvTXfi9xGKHUWwKCAFGrBRnHZEiCJQmsFApJA0lThwRDEpOlEXpzFjYMFdA7WEChv8RaNk8ik2NpW4TXeGgQAhRFhDgEBwGz41Dc6QBxBDCzCiMKXB+y1cHYRAO/9kIZzZgRE5HnhsSKudifw+JcjYq9OTRrbUgpAWYk8kmwLmj63CJuvmcfHXt+jDRdo1tvP4j+0fX8wGcfhISBt/zQjbS6ukrnZxbi7VtG0ndcd3tx0+DOrz/55JNibMeYGLt/DIczh+1rD1+beflbL7v/PAvWkSOiv3s2VRjqvdPszt84m23atmkUHC+qkM3Uc88hc65pejh6lKffvZmPfvRTf1Xpt3zyXdoXbvuN8O6Pv+fffPPhJ26bvzwfa10pKTQd8984iXXbh7Dz7VdRFIeILtdw7M+fxMjh/dRcrlH77DLi6RrCsgN3tgJrUzfSQ3n4U2WoSIG8EFYxRbqhwSu3SLkB6SmTpKkh9kJETRckibPFjGjX2ugfGqB6pU49vSVMXp7GStOlcifEpv482QkLYbvFGjHQrlFm6074K4sIK4tI5rLQJFgIIhKAYRtgVtB0uXZdI8B1A3ihgudHrzHgmaKYOWYgZlCsmPwwJt8PESkFO5vmRDa9tn3SdOS6u5Dp60GimEWqkCO/7ZAwNI4jRZEfQDBzeW6Vblmf5FtGc/ijx87Tw68uoupEuHb/VnrP22/hN7/pJrr7jTfirnfchd17d1Lfzh207apdeP3OXtxy9TDcZAbPnl/FSxeW6c5dXRjJGzi36AAkqJjUqSttAJkManaOlqtNZLrSNL+0Srl8lgbWb0A+nyJp6lguN9fkGxwjCEIUEzo+cvMw3//MNL0w2cYv/fSbcPCWq/D0i5fwx3/yEP7s8w8hOHMRc3/2BYx/+1HqqBiZLdvQbFTRbDkkLBtbdm7iW27Zj+XlMp08dRkrDZ97LEFXberm7794GclCjsxkAiwkwsiDUjHZtoGkbXOn7dDc1Bya5RonTJNW55ehRSHcZhOh58PWCLa+VhiytuSMoRGxQlKXSEhCSgLD3WkMDWTQt3mYzXyRRCIJYRgACSKlQCoiiiKC7zGikBDFFDudNd6Q65HyAwq8AFG1hfJqh3/ukTmMe0zFvI22G5GQEq4XYXWpSVIX3Kk7pBv6GgAyZrAgWLZBnhtQrdLCvpu34jtffIY37+/GwGCGSt29+LM/+Tq9551v5K5SF63UG/TS2bH49dddvXvX/t0v7991/fkf/tE7E7mTg/GmwU07M9nMFU/9+VPn/5ZQ1f/7C9boFbYxsGl0KO5Kvq401P8jBzbufFsEv91ymwuK7TRz0Jn9+d9cy5R7YIz/+hbxP73rY+ojG/7V5stzs58+9sI53cokhLm1l9pnFxG8uoDr/uXdFEUMK5XBt//NX6CwdwTZgRw6lQ68xSb8qgMOozVTsikQzdfQnqxAxDHsriRIMernFsFrzQvMYhIqjBDUOhBSwEzZaKzWm9lcmqxkSoa+j/C1uRSYaaETsCIDo90ZeLUqESuI2CeTI6S27UPtlRdZNzQQmEgIEBiapoGEAClFrzVNiBXQdgIoAsIYFCiFKFaImUmpNTFpEK/lGyoQPMejMAyhJSyGIIoYcF0HC2OXEQYRSiMDDBLktBwIFSHwArJVjA8f6KWvH5+hY1N1NmwLP/nhN9F73nc3b9m5mfI9XbAKXTj1hQdx/Dc+jYtfehBnvvoQXn3+NPy2QnVhGeu2b0Bxwwi+9uhZGkwSRrqTGFt2sak3DZ80lEUSVk8BiUKOMrkUophx+vQFnDpziQt9A5iZX6HxC5Mc+QH5rg8VK3zk5mFeXG7h2GSTfveX3oLJqSX+s9/+S6jzl3ByoYkf/9hP4Jf/4LO04Zo9oG9/EZe/+B1yO03qu+VGRO0Gq5jhuAGMRIJuObQPM3NL/NhL49Rp+3xgY5E6rs9nF5s0PDoMTTfYV4qazRbb0qJEMgHD0smJFS/PLmJm7BJ57TZrBIrjmG1NkqYUExEVkwZ0AnEcIakLaMRIacCVG7swurEb67evh10oEBlrG2GEASH0QSoGKUUIA+YwAKKISBJIM9fSdOKYAi8AXI8Xl5r0sUfmcaoZIwgiQNcQRRGcTgCSAiQJmqlDt3WKwxjSNBgCFDghmED53izPX1qhwXVFjiyBymQTN75uL7Zu24kXnzhBJ4+P44pDO8CIUV5pQDdJ7tm8ad8XX/jOl37+1490vvPAdyiTzTRqq7XJlx98OTx68z+ea6L4hzAw7/vDD+mjd25C23U431UobO8dznxg5HWld+2+4/25gYHDYai8nXG4+rdtLcd2jK2Fkkr1W2OvTGYs21RGKUvOhRVUvv4KNty+G8WtffA6Pp77wlPorDaQOzAEFYQQXgx/sY6o6QJeBCOpo9SfQ/vsIsy8zdAEyNAQdLy1ZBNdg1VMQTIjqDpMINZNnVQcL7NSn/TD8FuplE26qSs/CCiKGelcBqVChp54dQLfP7uAttLQaLnkhODyubMwLA19N91GqtmAYRrQNbEW4RRHLFQMxCEQRWt2joSGlClBrGAbErYhYRka6VJA1whSCDZ1AUMKSEGsVIxOo83LE3O0Mr2ApUtTXJ9dQmldH0Z2jsJzXKRzaeSLGUR+CD+IsX+0iItLLRy9VIVhW3TfkR/G7XffBGEnKAZBS6fw5Cc+xed+88sYcGucthgzIeNtv/17+NkvfY9+9vc/DX7uNNntNn739z6KGcqg1nTxhitKODZR5xmHMLx9K7oyBfT3dsF1fPT19+O666/BlVduJUGKuvM5DA/3o93sMDOwfV2Be7M2PX6+Sp/8udvAxHjoK8/hXcMZ9PYV0QQhtNOQMo3uXbcjOHAt+goWj/3hX/LFR56Enc8RoKAZOmKl4LHEv/yF99LB/Ztwer6F41M1vmr7oEhbOoeuh3azQaalo1DIk5W0AUGUTViw9DVnes/IEFK5LOmWCd/1qe14bCVtyqZMRHGMthtCFwJhpBAFEV+1ucjXXD2MrdfugNVVWMPqKEWIwrUHOoqgystQ1TLYcwgQBBKvyR18xH5AgePBqzX5wsUV/OaTC/xyPUIYKQpiplrdpUQ2SalCkqQkUrECK0DFCkKTkJqAnjChWTrchgsQKNud4VeeHsf2/RvoxPkJvPjUaXL0Dv2bX/0XePSZJ1CeDdDXU6Ke7rx8cexsaGb1zZ//5O9/9Ga6OfrkG99Fn7r3U+0//tE/bv99x4X9o+uwjh46RDe0ZuU86yyZoAndmA1bpav7tq8PWcVPzJx4mOebk9Fgpn7hy8/5/63o9KD20Ecfij/85X99/djFmd+4cHpC2QNZofXnqfnMZfBiB3f87N2wLMbq1CpO/uGj6L9tB7pKKaiFJqLlNiqXViCkYFZMI3ftgDO+guZ0FZqpE0mCkU+gM74CkU1As0xolobO5Crz2mqOhEZNqWs/ny5lnxSkzvf3dt/T6bi2ruvQdB2CJGmaDqfj0Ivnpkgl82u6Kq8DSwWkPAf5Hbu5NTeDuN0iwxCQkiCkJCEEVBQh9EO0Gx1QFMH1Qyy1ApSbDggCSjGHa/hk1jW5trkhsOsFpOkaA4QwVMSxAlitdWoABUEEVkxeuYrQDdDpeFBBwFvzGj11Zp6bfkw/89P38p79O9FxAxCAVDFHC08fx/ynvkLr1yf5ycjEZ5ZCetWJ8Y4f/1FsHd3NrAvoD36eTj5+jrqv28E//L5b8O0nx2goyWDToMyWbdh/w14uDnTT6MZB9A10IaFrHHkeFfJZvnLHKHZu3U7d6/LUqDWo3erwG3b14dFXF/C21+/AvXdeRd9/+gJWTkzQUErDpxd9hCTo5WMnCQj5i1/4Y/zWf/4ybi9JlITCSt3D0JtuAzseQci1OZ3vgwRhsJSibzxyAoqZdgwk4dpZDG/eRF2lHNLJJEq5DDeaLVqZX0CtXOf6XBmzs0toNDoUhRG8VhvZYp53bdsIv9WiRqODpCkhAIR+jISUuHl7ifbsXkfF3gJkMglWMaPTWbsCagYQRYDbWfsHWtuDqxDsuYDnImp1yCvXGI02PX1qmT5xvIZFzYSwdJpfbSN+bRuqAHSPFKFZGtp1l/SECcOUBCHgOgGxYiSKSfidgEI34HRvmipzNSgosrsSdO6Zi3z7G24gJxvx+CuzODc2iTfdczs1/CrXXY8ggZ3rh7dc1Fc+94vv+11vsX9RO/HtE//oGPB//1fCo0cxdnRMLe67m3uyLd9rtGqBE8xdFtXk8aXzzy1OzH5VF0Y1jrxw8uvHvL9KwmHQCD4gpj9/VK27ZfvvXxqb3dqsN2NZTEvJhOq3TmHw4FZsu/0KduIYx7/0NDlRzFvu2kF6vHanmj42jdBd0/BYpRSlN3dh+uHzsHsya2K4PYNwpitwl9qAJmGkDERtD5ETQWpCGQlDkq79UfdA959Gruqu1Wp2T1/f1lQmPex0XBXHLOyEDYB4ZXGJDMvCSttHXSbRqLfRk9YpIWOgNAgVeBQGPktB8B2fIs9D5AXQM2lYqQQCzwcRwQtiVNsBghhodHyEEVOkFEexoihm0g2dpSAYpgE/CCmKFaJYEYjWdAvMYMtE34ZhFHtLiBWTtAxuNToQnoesxnR6skyHbt7Hd959E/lBBNM0IYggUwlc+LOv0ZbGEp/TLHx2OYDQNAgAzz72GJpOg77zR5/GhvEzNJwiPrfaxtVvuxVbRnvpy986zjsHs5hcbEJBIJlMotlsw4DE2TMXaXGhDAMCYy+dw9TKMiamp7H/loNYuDQB22kik9DoR++9lsz+fjz13RMoLC0xJS08shpAMzSKVczfe+gRvHTiVUjLwN0ZgUEtRiMGMnfcCoNeC9ICiNXaXEypEMefO4trN+bomu1FIFNEJdJo3Ug/BoZGUK+34bs+RY6HQk8PfNMkQzfQNzhI5aVlBhR1Dw2gPL8IU5eUNwitahM2R9g+3IW3HBjE1Vf0ozQ8AE2X4DgG2i1CFAFRCK6tgloNqFYTUaSAWFHcdhC12hw5DnXKTfZWG9ystPHwKyv8iZcbfKoRk53QYSdN+KGC6wYEEDRTY9+PyXUj1nQJBihRSCLwIghDrjFppCArbcHvBCj0ZajQlabpM/O8++A2unRhBrZI4ba7DtGm/o343f/8X3DVgauxd9coTc4vYKpWjXdt3pDdPbjd2TRwxdFf/PVf1B741AP/DAvWfy1cvLjvbgwJ5elx27s8NfVUp1w9HU+Gpzuq0X7hJz/XxH33/VX7eRAHtaM//PnoLZ98/zWk6b9+4nsvwUxYIj1SourJKea5Ct38y29CZIIWXp2ksW+dRO/2fupb3436TB2r5xZRPb/EpEmitE25bb0I6h044xWoSCEzXICuC5RPzoI1CZIC6VKSW5OrZGVtZWYsze+Ez1oZ+7cDP+wiXSvYyWSuvFpdHujrvp4VdDBz5IdUq9RI1yRSCRuJhEWVRgMLrqIT821oPQNozC+hcuZVCERkp1MUBSFHUUyu48F3AyghYeoSPV1p5PMpFBM68ikTMccIIgUvVOT7ITp+yH7MxEJCEsg0NESRIpISILFGLgVo3bZRbNg5ClOTEJpOhqFTLmHRlm3r6fzZyxAA7nzjDchnkkgkbdKxptb3fB/+l7+F/TKg31yOaDYEJQ0JJmBlpUZPPHGUXr4wSa/P69iZFKhXW5D79mL33lGaubyAp49fpKoHqtab1D86gpGNG1DMJmnLxiFs3DiM4fXr0Ts0CA4CajZa1Kk1qD47h+050Ov2DGD73lFUfAPf/8pR7PTapCKFxzsKQgoyLBO5bIY0y4TyPLw5TeiTgGNblH7jXbB0ScwKSsXMcUhQEU3OrWLYX8IHbxykBGI+Ot6ijddfj3Qihbn5FZQyFu0Y7ub9W/qxY7iXrtq2hQ/s2ErpbAGbto3i7jsPUKdS4/WbRmj3liGUijnac80NuPbaXbhpvYmtI1kkuwswS91s9vaSzGehlbohpQZWQOR6QKMB9gKg06KwWgbaLQTVOtWWGjy95OLUXEd87uUy/cl0SEu+YiJQtRVACkGFUoYadQeKGcLUKAxiCE2S1AWRoYGkgDB1kCHJLiahWzpC30cUROS6ITZfv4HnTi2SlAKD+4bphWdO4Y7bb6RtuzfSqbFL+P4jz+GOt95KybSguaUyyNB43+Yr9hgjua/87J0/W/n4xz9O/9iopNo/6He77z5l/sFPytgw6tvSvdOVVnv0sY//lnvVZz6s/U16+0c+/hE+et9R0Tc6+IvHjp6VrMlYFpIi7vhwTkzTznsPQKZ0rJY7OPvQKeiahr49Q+jU2mgsNXnl9DwBTFraRGZnL/SeNJa+9gqEpUPaOqSpo3Z+GcoLIYpppPsz8MptCCKV6U7J2mJzxbDM3zYTtq9CXqcZclaxkKvl1e877U5fT0/3z1y6OBELCAqjmEypQTGj7XowTBNSCOj5HC7GWTz07adwIKewLw5BSiGTssi0LRhJG7HjoLW0irmyg04UY9O6IsJOGwZH2DqQgW3qSFZdNH0LLSeghhOiHSlEas1/aJk6AjdAzGuexF037Meu6/ej025DhRF1ddnoKuQwe2ESlYlxhB2HN24aQjaTQqwUwMxhGBKYueMFFHo+hE1cDRUJBjw/IMXMuibZMg00g5gCEAo6kHMCBPU6hLYOO7YO0Csnz3PV1Wnv1TuZOILTqEDP9yOZ0FkIiQgKyYSkrlSAA7uGuNXy6eGvtrFxWwmDaR1R4CGiECqbhbOyhC0JAZsUWpGCpWIIKG67PjbqwJaMQMKN4RlJZlOjwPehmEHE5PoeK8+lHapM+3dmuN1o4eGxOla1PtbOnCHqTuKG9TYGSzFMrQErVkiILCBTUKUE+rJ9LKxtkELxvXfdSHEYktPuYPLSPDqVVaQsgXVtHbZyWBgWdZaW4ZVXYHIA4bWhmh6E1BFUG+hMzqHdCRGaJoIoworLmKy4PNtR/GoHNOnEjy6F4nuFrL3TBj5QbfmRZUqxXOmQmba4f6RA0xdXEPkRS0MjIjAJQameLBs5iyqXV2EWEmBNojFRxvAbtiBm4PL9p3hxsU7d23sx/tI0Dt9xBV+6OIdvfuUR/qmf+wj9ws9/mN76to/wd77yLN/0tp1U6MqLYxcvRge27My//fW3/BQR/SzzExqA6J9bh0V/vRSN7L9LiYbt7f8I4vkXArxv/+3O4lUn/lsD5eHD8v7DH1dP9EzfoBuJf//8IydgDxWlub0X1eOXoVc83PLTd6DmdFBeaWDq6yfRtaUHRtqCs9pCvNqh2oUlQAgY3Rn0HhpF6/wSnEur0AspaDl7rbhcLkNmbST784gaDpzFOhJdKQAgrx3OaEnjvBTS00mWIShFTHOFXLpncWnpbHepuDuK1YDTasdKKWGlkpxI2KRpGq8bGaKNmzZi71W78fKxE3j1/GVa9IkC10VWKAgAQRBAxxo/aS2sQOI7L0zhsdMLmFxxMVl2udwKKFIMzwuBWEEXBEECmYROPcUkdF3CDUKEMSNTKmDrgb3oXz+Ep77zOLqKRWzeugErS6tUmZ1FYvoM3rc5gVu3lejMYhs9/SX093eRqWlrGF6A7Hwap549gb1eg8ZJ8qlGDEuAGAxdSrRiRSWD+BcGdORI4ekAZF11JQ0P5tFZXcTU5DLFAG7cM0Kb1vXQyNAgDSXA2bhJvSmDjNiFalSo1w6RUQ0M5pm8epUqE7PY2J1Aoa8E6DbSxSweePw0v70gKJk06JlmzF6o0O4E4DjGfxrRcUOXjuqSh9XbbsbQjfspaLU5ZEWVlVU0zp+l5NwYeHkSKlL00lQdy2YeOzYWceveLrrliiy6jCrn8wZlEoISaZt0Q4GER6ZOyGZMJG0NFLWhvBp5jgOn0wCUg2TaAjNQnpqBqUBa4EDVy8TtNpzJOTSXamg0XUxOLOPM5QpemnfxxELA37jYwtcutunJOVcdq8b0TDVWs744kSkkfzuTNldqncg0Da0riKI+CMEgokbdRaGUJhDQqTkQhkZxpJAsJslteRS4IWI/hpm34XoBkhu6uPvgRjK7U6gen6NOpY3iugKqS3WIUNH21+2g5x9/GQdvPkAbN4ygtlLFNx95it77tru4HdQohiAvcHlz35at1nDP1569aqZ66NAhefR/wRz9fy1eZvroUTV99Kg6+vGj2Hh+IyauPPXfgcOO3P9x/eaenfGPfeKjv/TCC2evXqyVY70nJShpovngy9h2xx7ktpTgZUxc+PzTiBsORg5thnRjpPIJjH/vHOIYSPakkb96GJEToH1yHqEfQetKQEgJv9KBcgIkh3KI/QjOSgsEwMonqFVzSEuakdT1xWTKPhYEQUFqWqykrBBzxrbT3tjp08dH1g0eSCWTxWq1oRKphDCTSagwoB3bN2No/TDKq1U88ciTnM6myY0Z58s+5hoBCqZAThfwHRdCSgReAKERXAWcnm9houZiqeFTvROh2VrzAEaKwEIgVgzHjzhpm1QqpDG8dRP6d2xHMp+DkbDQlcti/83XkZm0yXfalNIl3FqVB1STMirApsE8UghxuRbS0IZ+TiQtCAZiVigVMtSSGk9+9yR9bGcC328qzLQVIgYCFmTqEr+xTtAhQ9GFRoA/9y1687sOwgyaaK2u4Py5eRRswoasQC4psL7XQslmSguFlMEw69NEC5cgnCZnLZ2SMsS+zTm8dHYe/SnBtiTyyUYhm8BErNGLJyb5E3sydKsZI8+MrakIv9bNeGueaGzWxdGeIcp/4O3k11uoLy9Ta+ISZ+rTNCIbQKvBrAl6dbKG6VDj3r4ibtzXSzu35mEIhURXN8xUDtIwSGgWq8glpQJmjoi9BljF0DVJVrLAhqGToQu2ciUSuT7UWh1uQ6fjl1f4ucsVevX8Is5N13FivIETl6p4/GIDL8y28cysgyeWArxcjzDVjlCF4LrQVYW0Ziqf/lo2YX7f9bjR8sPNoeJkrPiMYejbXC9KCbG2PGk1XR4Z7aZquUWKwUITMBIG6YaOgBn5zSW0yh0UbxhGe6ZOq/M1mCNdsFIWyk9PYN0160GGhssnJrHtms24NDVPQ+kuzm/uxob16/DFv/gWdm7dgV27NlClVkctdNVwX29ShlrrZ9b/7GO/+Mu/qP/F7/9F/M+jYP2PWNH3AfveuUWN/TXN1Q/+z6Hu7dy9ce/GlJX+nUe+97Rl5lNC78lSMLaI4MIKtn7wemZbo1bZxcU/fQYDhzZDCEIik8TKuUVUTi9AmBry2/uhiAA/Ru3YNAr7hiBsA+5qC8qLYBYS0CyN3ZU2ccdHdiAHy9LQXmwqPZMwNE2kI7CnadoUWTQdh4ZvQCsLnVjXDS/0vPNbtm2+seP5yU6zGZd6umjX7h3oHxqgxYUlnDl1BivLFWKlGGBAEFYDprFVj3VWKNk6hXHMQaSo40doeRFaboRaoOAqghczPCW45sVouD7abgTT1JFMJamlNPb0NKl0DmZXL3bt2Yo7bt6D67Z1o5AgHugr0PquNCOOaGmhjPriItkCnLQktgxkCY7Dq00XSjcATYcmBEkobNyzmS6fGmM+u4T3bbYwWpToSUncnNHx8SFJN5nMM3UPf7ACXP+OG+nWa4Zw9uQ5Li/WaXiwC/ccGMC120vY129iUOug1F3kXG+JUlqE3EAPekf6UKAWZcmB7jtIF7Mgz8Orp+doy1Aa9ZUGFALs3rsN5zzQg0s+bxzpx+u4itcVbOQGi3jcNTC2bgPFh9/AQymmVHkSW/QaNqRj6rJjwPOwslzHYydm6YXxGue6i7RnW5a2rLehScBIJaHrkohiIgFw1CHSTZZGgoRmAVGTELYo9msgUgAJBPUpKLdGRlCDimLIdAlbb7wJRrYLp8em8MRL45hpR3SxEfCCG9NsJ8Kso9BWYBaklBCw0zYJXVtJJa3HTYP+0g8VM6gqDK2asMwTvh9dEAJdzLgyiJmlFAjCGFIK9A4VqDxbBWmSIjdCfkMJVpeNWAG1S6tIjBQRtHwYpRScM0tY/659WD0xi85CHev3jWDhwjKkAgb3r8fxR1/Cjx9+J23u3kILCzP0zUcfx7vfdZhWOmXMrawiYek0mOta993W8S9++kd+r/O/PMf6B2DD//0WrL/rzfMavO+/K1YAjnz8Ce0++uH4vb/1oR8/OzXzhovnJmKrtyhlzkLlwVdQumo9ht96FbWVwvyjF9CaXkbPdRuQ78pAkxKTT15E0PQhkiaCto+o0oGRtGBsKMDoTqMzXUPkBjBTJmTCACuioNoGggjrruynlfPLFEegiBmZ9cX+7bfv7J56bOyzXb2lFsNo6JmMgyCGYctso9VslssVJ51OHSh2FcSmzRuRStpi/NIEjj3/EjptF/V6C5ppkB9EYFYgIagTM47P1mmi5sMWRIIZzbaPOI5g2zqqfgQvAixdQoEpYRskMjlK9vWTUexCaet22nTN1bju1hvQNTBAQxuGeaiUon7NBXseEqZG+XSWVbtOldk5yCCg8tIKYt8nFcaU0gW6MwYNJhVsv4lKtUP1WhtNN+J2CIzceCWNLyzh0lKDbjAjOpAQGBUxlSPJL5KB0yPrUbx2K/3QzUOoLJdx8eRl2jeSx8FtRZR0wXGtTfHUNKQfQoQeoVkDazr4whjixXkg9EBCgxa0kUzpsLpyeOjJ87xS9Wh9SYPfaTPaVbpx7zA27hmhuWyOlkbWobZ9B6aHhtF34y46dPc+vrFH0oCzjITTQKPe4sXpJZqbWcWzYwt4/NV5cqWGFZfpmn1FvOn1G1gmM2RmcywtC1AhwDERKZAAk1iLSGMOiElnoenEsYco7IBin+xMlnQZAQrMQQsvPf4sPfqtR+FEGjKDAyCdUa/UiYmoFiquhwxXASGBWdNQyKUcP1QVJbWndcucC8LYNg3tDAx9iTimMBJxIiWbzWY4JzTcHAVRNghiJaUQrVqHeobygAC1V9uI/Rip3jRXJ8sUS4GeQxtgbO9B6EVIppPQsjacuSoyG4tYevQi7A1dUBph8eVZ3nvrdpy7NAOzoNP12/ajsK6fP/vd+2n79l3YvnUjTc1OUTuM4oO79xWyZlf5+k3XPfO/ysz6h+Biyb/HuRXuvv8X121716104S+Pen9j+P53oW3oyY//KY/tGLN7ejf956NHX+5yOgFZA3kK5+tovzTFfW+5kuKEQKvuYvbLzyPZk0JyqIBO20NnuYnVVxYgUxZEQkfgBIjcEGEcQ/QmQYYG59IKJBHSfVn4HR8IY4RlB8WNRZi2htVLq0y2AWHpnCqmmL3oc8tTlceoYIQikGwDuokW2poKc1bWrKyutGzLor7BgV2zUzNqZWlF1Cp1BJ6PRCKBarUKTZdQigkExLEiKQRJMGabPh+ba6PsRGRLRt2J4EbgUi6JUjYBnyWl+gY5mUli3aYRGr1iF/cPD9C60WEu9vejUMhh63CB0qZPGeEgnzY4aROVjAoSXKdNg2ns6Gc0ZybZ82KanKmyTjFIMZUyFjuuQtbQqM9mXpdiZFplUjOTgN9G/4GtqJoSxxK9NJ0pAhu7YWzup/U37qLNO4awp89GGIX0yolJ5ElhNAmsXJpDda5MqtVBOmfALGQQLayCnTaiah20MAVtaQGyUYEWOtBtHc25ZRQ39OLqmzfh0WNzmLiwTF22pEI2geX5FV6cWECPxjAiBTP00MM+iY6HpdlVqs6s8PTleTpxeg4LK3U6M1HGyfEVzK004AYRqsLGj330en7rPTsp0tJkplIgTRJJHSRAJE2AYnDkkQp8itwOxW4LQadBURgwEZGAojhsQcU+hG5Cs3OkUYB1G9dkI88//wqefu4cTpw8Bykl6l6IshOyHzM0TUJI6SYTVuAE0Txp2lOmqb3MzL5m6qsc65dZU66mdI8svc6ur1RI80ZaF7qpHfK9iNfE3cTNSou27xvG8kJzDeqgS0qOFBArBWsoj85SE97lKpxLZWSvXgcOFPSsDT9mqFaAgSsGsXR6joSmIT3aSzOvzvKb3/wmZAsGXnz+OC7PL+O9t9xLlWCJFpo1tiymbaWhriejF//0P/3E16L/WZd18MhBbe9bXrd9V3q08lfwgn8yW8I1rhU00IB0vSKAV17bAv71H4Rf/9mfKwgn6jz8M7/vA8BPPfS7BhH5n5793ntPlqe3TdVrUaa/pMWWheqxSRRu20E0lEfkMdqvzEP5IYr7NrORTVCimMLUw+egIoXSvn4UrxtE5/gCll5dgJQChmWis9oGK0JytAuq7SOsu1BBDOiEVE8K82eXAU0jFiJOpGyNwvjBy89Nf7lneDiwlhtx3FclD4NKslkwI+7xA8/s7uttTU7Nzvmuq4aGhwUrBWFoSGfTCIKAlVIUMwNi7UBXihEiBqQOYRD5scITix6OLbucNSRKtqDuhIaUbbCRtCHTCTS8kCwWyGkahjZu4tH1fbCNGHZcgaEczpkBksmYDKMOg4BUwoLUiOPYAZlpvOOdN4C+8ATGL4Imqx78kCGkoNF1OdiGghW5FK620VNMcH/epDioI+U7PHpgAKyYw0jB0JlWVuqYvDwFPWFQy9KxPFvm504t0q2jGZyfX0ClGaLhKeQsif07cui3NCD2oGo1IJnA7PEpPHGpidNtgUxC4p4daVxxz3XcrjSotyuD3/uNe/Dgk5f5S3/2Igqnluj11w1RsWCg2qijUnVgahoQxWg4PmIhkDUlkQA6foxmg1FrefBcD6sdxui1u/BL778SIwMJcpoxdHMN10NSAwBSUYzIqwMgKBA4jhAHPqIwROQHrFkJghSAbgCKEQRlMASkmYMwC1B+jQwm7Nm7g3cdSKjnnj6Jl556llZaPhe60mRKwfW2G8ZMq6FSnYDE0YxpvigNqsYxFyKl6ppBATzTDzJxJRUmIl+XWSPbGVZKPpLK6O9vdbz1oRcrYUjhNx2ErNCzvoC5s0sIwxh6oOAutth7aIxEQoe9rgvoTWHp0bPIX70RViaN9PZuLD92Ht3r88ht68X4SxN03fWvx9j0OXrx+NP8+v0Hcc+b7sC/+uQnqVFZxo6hEVxYmpMTK8vx5p2jV37iPff9EBH9xd+BnwEzExHxtmsOvrPTak9+4f7PqTVxM/E/nYL12pv9xr2//jwAefjwYfEA/W0itCaAhAnAB0B+t7XWdirx5vOLS5BSgz7ShfZMGcoiDBzcxkoSyWQCKyemODGYJy1lI664WJ6toXG5DC1r89U/cgvZ27Koli5i/uQcosUm7M0l2MUkuJhE5IVoT5YhbB3sR0j1ZRH5EbxqC5SwGQJkZ62OmTA+XcrnF2GEm5tdXRMZs+y7XjubiMmEJEAoKwoj2La9atk2kxBQsaIojKDpOhqN1toZrRhS0ziMfAqiGESMRMKGUgwVxTB1gSCOadmNuRooTNZcdPX1Ul9PH0IvoKF1Q0jlUhxKCcMIkDNcGMEKpGrBEEyazkDsw5QmDI0ZHBKUASEUSSEgdRvv/vFb0ZES3/nKSZ5YaqHqRfje2UUaKaZ4c2+aurIJzjXbZJkChm7Aj2JyXR9Bx4fjK3SaLTRaPsjS0D9SRK8wkUnrtHP3AP7gG2MYTOtoxECXraFfMiwo5EppyMhjoYGa42X8xtEVfLsKTjHgK8bXj1Xwh1tHcdX+AXidDhmGyW+6ZSPdfMMG/tP7T/JnHzwNlGvUk9GRTZlIJG2k0gmYaRMMYKHho9UJ1rqpjs+OGyJZytKP/cqdfM/tW6AqDQplGnZRB2k6K1bgwCWOfYSByypmkBQUKyCMGFLqUGGMarVJC8sriKMQXT0p9K3fCGEl4TbbqE6eRWl4PUwzw93dBrwoi8m5mrr+mo2yfyDHz75wKl5dWFFhHC/quj5lSDmr6XIia2rPKgVXCK1JMp4XseFFmtcSwmz1p/rd7u5uPnv2LElDika1U17XX/pCLlK/urJQX+OiaRpfenUOV995BS3N1uBVO5xclyermKKo40NFDGeyAtmfRrInh2iuAYz2oLBhAO3JKlpugI3Xj2LswVcQl10M7d3Mf/DFL+KW/XfTW254I//G/X+Er33/cf6Jt9+L7vzLNF6u8KpqUF+u8EEADwCHo7/9T33tb70+X3lsUbarf1+F6h9y6K7+rhZxcG8mjNzlcProNOPIETrx7o/F7/3Gv93jGuLfPn3ihJbuzotEd4Gqp6dYltLY+Lo91PYjOIt1lJ+9SEZ3Cp25OkWhQuvSKoK6D02TBF1BNBmLs6twqx5ExgRSBvwLZbDrQxcEaekIOz7ghujfO4CVs0uIYwC6HhsZS+qm/qdO2/izpOM4lDdNpUWJsKq7VsKwFSFkqQcUKU3XKAq8KJFJJW+VRPraMQ6qVWsgIvheACnEGrJGgUCEWDECPwKDsUa0YUCBdU0SWLESklzPx9L8MmYm5zA5Ps35fA63HdqD9V0G5eIl0tGmrBnAFA685gqJyIEGD7qpvfbIMGmmDRISJDW20knaf81G7h8q4NL4CuZmKxguWnBjhcvLTZyeWMaFqTKNTVZwanyFz15eoQtTq3xxukpziw1cWnZQJ8lXXNFPd965g/v6c7T7xu3YsrkEmyMcX3R4ohrQ1KoPPwa6Ugaa02W0FpvolDtUa4T43YmYAzegg4M27tqax733bKJd1wxTY34ZWi7LyZ5uCn3AYqZrbtpEb3jLtShtGqKaAs+XOzhxcQUvnl3GmakanZmqYXqpyTUnIDNjY9O+TXT4x16Pn/voQdo1mqOgFRElc5CSwESs4oDYbwORQ2GnBqdWgdNoEBkm4lhx4MfkdRwOY0WFvgEkc1kQEaYur+DS+XHEYYhUrgg7oYMil6AnUejKY6DbxLe/9xz/9n950Dk/NtmBUrqZtCbCUL2YTNnjpMvndMt8SRqyYuk8H8eiHepGw2C7glBvCyHielddyIbkeledzdBsGymRbLX9qXXru24tL9YLKmZFuiSv5uDK27ZSFMYoT5bRe/UIMRFUxoTMmdAKNvpv2w5ntga37cAopTFy6z6OpSAKmYs9WapWm3Cma9h84yhdGJuku153I/cnC3Q5nsMLL5ykd77+bRhvT6La7ohm5GF3764hZ33iu2++6vY5HIHA0b/dW3jmm8db0w++Gv3Tm2H99U3Bff8zicO0mj46rdbCVNf0Hm/7+Iffcamy/MaZZlWVNgyRkczRUnmVNhy8gmRPDpoHuCenUF+sglIWUt0ZDiNFjUtlIIigJQ0sHJtCfbIM2Ztj59wy6aNFsBfCn6ggbHggUyKsO1AtH+mBHKyMwdWLFSJTZ9KlsLNWwzC1jxjUXI2sSCy8NLlcEgnXymZ1Hc2APSOKEGhSMWeTyeZStbq+vze/O5vNdlXKNXSV8lSt1qELDUEQALxGf1asyDAtVq99HStmiLU4coCJNAHdtIhjZk3XsWF0mG6/40Y+/Pbb8YF33Iwe0yWvMg2nvYpsCvA9l+LAJdPSGGBiCIq8AJ1mEyQ0BO0WOAaDYwTNNlhp2LatRK+/YxsiKejl03No1DrwOgGxYnK8APVOiIYTUbUdouYzKdvGwI4B3HLXFvzwe/fh5hs2w9A0JAtZYl2DpmvYf816vPGW9di/vRvdeYvmXcax+TbyUiIKYur4Ck/Ph3CzaXzsQ1fhA+/ah0Nv20c7rtkI27ahlUpIdncRkYAwLbBmsXIVJSRoy84+3HrrVrrjrj247Q1X4oorB7HvqnW44dBWuvOtB+j9H3wd/9C7r8Ub79lLmzeUYEAQyGJp6ITIQxyGLII2xa0qgvoqtVaW0a7W4bkBVesePNcHC4EojKndcsh1A7DQOZnOkCZjdA/1Y3oZOHnsAubGL3N3l02amUIcg3I9A5TM5nD17kEpDT0++fLldrPpx4ZlfjmRsI7phnxBaMaSKWSdVKbMnKhxtiMzHLiNEseyITE2NhZt7tqsLy8vkzFscDgZhnomK6cnVowr9q1TURTdVF1sxNLSBEtJtVqHD9yxg84fn6ZOrY3CletBUYzs6ABS+SzaoY/ORBWpvhxMJdHs0ZFkAxuv2YBbbjiI88dPYWZ8gfZduYnrIiJv1aWbr7yOU90pevDJJ7i/2INsfwqVdhXLrXq8f/OVmsZW58HP3v/YE08yff6++9T/aG79T07pft3H39E3cDhefuCB/yUfEv3VbOsJ4PDhwzJt6betZAQywz2IdQ0Oh9y9Zwtde9XVOFOfgi41LF6eh11MQSQM+NUOeTM1cCeAbkpkdvRDS9rw6h24z1ymuOUgb2twV1tgP0Juez+CmoMfpGp1byigMlV9rdYiNhK6lkgYXzWs3oturaZVLlzo4AiE/qLO7XZs2KElOK2CZKSpGCzbkWfoQmtZVuIcgNFmu6OM1Zq87vqr+clHj1I2n0G9UgMUYOgakyTomkAcAUIIWvu+CiwkOGa4vsO6Lqk02Avf89lpt5CzfCxPnSH4bRbsYXi4l1qNVbSbTWiSYIqQLFuHigmB58M2DYROB4X+fhi2SVARx8RA6FBrNYSta/QvPnoz3vOeA3TizApPjC/Bbblw/RhkEExJKKRNDA+lsbHHxnBvBkJKxK4ixwnWcv80AyQAMiV8EOxSgm64cwA33bMfq+OL+OqjFzF9ep6XphexsZShwUOb8NNvuRKZ/gKBJRQDUUQQGYmUXJshQeoAaSBmYtOAEhJxm5kUU1Jq2DRSpE1bul7zRBAQhkCoiP0AQaXJUEyh00a76ZLfaSHuNBEFES2ttOB0fCxXHW66PrlujJbPrJkGFTIad/flqas7B6kJBIGCqywymy5IGtC1ENs35bB+YCc6voXTFyb50Ov6QcLEw9/4LtK5HPbt3a5+/ifuskvZ3PK//LU/P9rXkztFZLzQbnsdCUBKDmdl2b26+2q1spLyVodWlXEW2LFjLB47fATmk/eFXtegPr4yEB4cAFZXV8vrNnZZE4vNb/YOl+6dm2tsDrww1vJJuXRmEXjzHmw9uBlnn5uAM1MGp3XYVhoxeQguLUDFMZz5FpwgwCa5m37ine/B42eewReeeAS3vftu/Mny5/nyKzPYc2gXHn/uBf7Z9/0Y7Snswr69V9IXX3iY/+3OH6VT8WXYMhbTrUlsGh66PXN48N8eAmr/w1bln2LBeu6+Ly/8f+nHDv7pESv3sFa67+Z/M/vTX/8P+6b85uvaiLh3y6jIUYLOz07zrTuuxB35bcwiwFPj80QjJSRCRnIgC0yuonliFmZmjeYZzNegJSSUsgFDwu4bwLq7duPib34PFIbo29qPxsUVVN01R78ioLXcJCRMFrYmdFsGseQvzpkmI44DHITAfVDGdoPJlh0nVJSMdI1lQJGIVeyJUU1HLfCDJ9teeE+xmBNTl6e5f6Cfenp74LouZ7MZajRaYDDFYchQikxT5zCISWoCrBhBGCGRtNlOJdGqt7AwvQgVeDhw9U709vTR7NQ4BnKKhG7xqdPTrMdNkCCKIx+FvAYrYcKwJKBC2Gkb0pAsSZFym4ijiEzb4Mj1mV2XfKmhPufB1Ijv3J4h7C+tgewtEyAmhAEQxUAQw3cieJ4AIwbFDN22IMwEhG6CowCsYkihrc2IiCj0FWcH+vDjP7eJ4kjR5OQyBrqTbA/0EFoKETMErdE3pWSoOIIiHWRYrz0SCsTEAIhJsCZBJDUwg5TvsWoHa0sdZnAUAKEPCGKmgMIw5vrcHL38/AU+falKU2UfnUChWvfRciIoISiV0pFKGtANjUAehEY03ADMiSa2burigcEu8rwA1XJrzV1gZ9Bpd3D+wgJuvHaENh/cByHB+UKGNm/owr/6D98N914zi9uu3Srecvvu9cVi6tj7fv7z5dsPbjU6tl/2GylTwDW70l3+2bNnJQA1dnQs2rdvnwQOA/fdR0ePHFG47z4XmBNHAYV9+/TtBVOMvbC40n946/29o92/Mn1xCcLSQCmbnn38Al911xU4d2KGmo0OsqODoE6b07ZG2vo+zLtzsAbykBtzODi6l1/GLAwzRZe+egLpd5nID/fQpbkl3NV9CN9vP42zl8a5Z/MQ7d+9i3/rP/0hKu/TsH5gPZ678CKdmh/nuzb0bvyDX/v0JiJ68f7775f33nvv/zEhqYb/w690EQJS2whgoZXEG5bYMXvSpeje7qu0RhywH0f0owM3YEDm0Z9P0vimZZ7/zsvkNwNkt5TgEhB7EVIDWXRma3AnyoAmYA8Xwcww1g1g8sGTaF2sAASc/+ZJaKaGqO0jv76AxlITsRcz0prSdClM03i0QuELwNEI44gw/l/fq225XVEgWy7gCwBSSQ9x5Fu2aS4uV1alEMczycT+YjHLp185wwcO7MHZMxdQLBbAitHudBiGvpb4DCbd0DiOFRQzaboGBqi6UmEJYPeBXbx712a649qNXFmc4VJXGrl8ki5cnCQSFmzyEboOgpDBiNGsV9BudJBKCPT2+fAdn3QhEPkKFEVs6hJOJ8D8bIPdRodi3eSJSkiSmA1ibB3N4+q9Q5TOpWFm0jBtGwBBCAPyNaKlMHUITQfpBlQcg0hAaBKk6WAikNRZty0CCKECpEYY3ZECYkbUFiykTgLxa301EbFiorUEVBI6MwmCCqBYEYQEMa91oEQAMYRhk9AMQMV/FeTAAmAVk9/uoF1rkO96yOaSVG9X+eWJDuZrPsWK0fYVDF2wJn1K2jpyGRM9pQSKGQ3zKw5qTR8vnlqg1x/ajk2b+iBlEgN9aUxPLfHMbI00M8kPPTFON1ytcOX+HfBCgS27duC37svjv9x/tvP5rzzf2jpw9slbbrnu8Cd/+vXtH/uVL//Ku999B51Xq47ybB39CEutEnd3d/PY2BifuPtEfAIn1jqT/2r6X+v7T5wIvduuaA5uTevlaufB7pHSR2bHV/IsiM3+POYvrdBWS0PvaDcatgY2TI4zJnkh4CQBK5+Abhmc1RLUXSzi1ZNn4Bku95g5mn70VWwaHeRnXhyn+YsrvH3zRnz3kSfwc1t+GgPrRsFORFPnxzG4s4uFpuPS6mrkbFX6UK5wGMCLhw8f/ketdP97v5duuOYK4bHi3/haX6N95OpPfP/kK0M52Hz1wDbx/foFdAfA7tIGOuHN0qlwBSenL1N1dhmphAVeacCruxws1kjPJWFlEtDSFmJBYD9CTIChCcTzdfgrTUhbR7IngzhUMItptnMWOWWHlZQKjDidtzSZtP6Fc2J2DF375Ggyqds7121IjQx0OwHauoTUtURgWJEdM0kZSmIBljrVEFPAKj4nBZaabXdPNp9Voe+LZNJCu92BFGtg0TiKKWa1JlIEURBGFCvmKFYI/QCJpA07neAwipEwBQw9RCFrklQeLSyuwlEJVMtVNMplLC5W0G6F8PwYtZoDTRLiOMbsTB0TUw2ceHUJZy+U8ewrK/jao5fp8ZeW6LGXy/TcpTYeObGESq1DW0eyuGFvL11//QYyLBO6ZYLjGCoMoRkaWCmOPY+kaQIkQEJbC/0UEkTM0Iy1YAWpEwlJ0CyQNEDa2lnISoCjmKRmgl7jVUHxWry1EAQhAYi1uCsC1jYfYOKYAAYz1vbmKgJxDKgYiANw5K99rRRiz0XQbsJrtzE/tYrl5SaiICT4MWlgbgdM4ZqliZxQwQ8Vau0AoSIIKZDP2cimLdTajAuXy8ikNEjBKFdb6O4uUuQ7KC+Xsdoimpmv87YtQ+Q2WpB2BpFiGCIIU5lEZqHsHPu9zz/3B/fcsf09b7h19/GP//r9F2/YvdkIW44MpkVoGAYe2v8Q4yiAo+C/a4ANALWJZef2D77Oe/K/PFq94QOHrq95zmgziBU0IRQUN90Qm67fjrlzUzTynoMUs4Zm6GDx2Dg4VihcN0pmLo35sIqZsUs0unE7JsfHqXJ8HAfvuQnnnzpDzUYLd77tFjz0wMP09rfcjfXJPI6ffAVTlWV84OC78VL1NJdrDZGyTCqJ5Lpvt1748uW0b+w8dK169cGj/0dM0X83cfQIxOgddxh/z6ZouF16enKh3vYv3tM3PTGzy52v4fyFM+LfnfgSP/Kdh9khiYm4ikvBCj8xfpKbF+dg9eXhtjtriTAxU+yH8Cpt6BkLLNdOfRXHMLrTQBTDL3cAxRC2jsgNENRcKMcjKYj9ICYta7Nuanoqn/xq+cTEd7Fvn44TJ8Kg104Ig7ICsr186pRb2G1Wx23bUbGihKn5WpIdzTZWdSVaLLEsNNGxktYfaQLfsgxNJ0ApFSOdSpEgwZouX0PcSqgoxOBwP4Y3jbCQBMM0KJHLQLNMVJbKlNFAt163jfq7e7C0sIozY1OotYGl1TaWlmu4NOeh0hZsJhNg3QTpFiZmGvje0Xk889IKvn98BY+cKPN3/3/c/XeUpelZH4r+nvf94s67clVX59wTe3rQzEij6RFKgzLgFsaCgwAf4YB8MWB8j4+Xe8rnrmMbG2OwOQbZXBsMDmqCJEbSSCOhKYXJNalnqnOoHHfeX3zDc//Y3aNRApxkuL1Wd3XXquq169vf+3zP83t+4bktfGZui+aWU7y0mmG5p7HeyzBcD/Dm20d4z1iAwJdYX2kiyw3SJOe4F0FnOXSWQ8URkeczk4TRZlDMBtaGbMkByIE1BmCAeFBw+EY6lCDJEC6zNcxsybIlkAQgwDywwwGJQbwbG+Y8ZZYes2Vi4d6Y/CzZtA9ow2wsWCuYLIXJFas4Rt7tsIn6QBrDNJooWg3Tz3DhSgfPXuvh6aUY6+0MJWGxf7TIh3fWeLga8MRQiCzVfHmhw82u4qP767j7lhEc3DuMcxc2UKzWwPAhkXF9uIJde0bJF4abjS5WFxbQ73W5s7XIxUpRPH/2UrzR0kuTU6M/dvxYZfhf/cH8Q37gvfPUqTdNJ0nf9vtONLdvzgLAQ08/5P4peM/NJoF7Qz0CkI1Ojzxy4v4jsGByRksI75imbuAAo3WafMMR9naPYPeb7uSuVfD3TcA9tgNeKcD62Su88Nx5tBtNRGfXMfmmW5E1uygVQxw6cRDnnpmnVrNP7WGFJy98BedxGe98ywP44vNfwfn0CrtuQO3tHn3h+aeNqPrTM6c+eteFS+cDLnaHX1uw/Tee/VOnTsn/sR3WLLh5+bL5n9Bx0eu2iXTbh2/D0z/xG117146/dG197S81rqwZJzKiVqrS8hdfBB0cpk5F43Jrk77ynz5L3fkV+K7DI8f3U80NsfGZFwDXgU0UTJzDrYWIV9rwqiGC0TKCks+ds2uE0INTLUJ1ErCxKO+qcdaJoZTJh3aPptKBkxvz97KN7oUDxaJbvq3sgn136fGXrg3tcfLOQkev7bsfiCLyuqmljKnkW07znMBMrgOPBq7xLTJ2Qyt9S7VamhDMdnLHhIiiiEyec55mZA2jUilCSAe9To/CIEASJwQCpXGC++4/gQ/96Lvx7LMvY21tG0P1MsJaHYuLa0TSQaPRQ+A5KJd96kc5kr7GeiPCc6+ss7UgZQUuLvew1c2x0cqQGktFX3I1GKj9R0oedg37mKp6mKj6VK0EKJUGGFKxEhKTA+G4EFICJNkJioPkDBKDwuRIYmvIWiZi4EZ09dffYCEGnwQR65xICCIhb/LzCBCDDoq+buYhWIO1IjAPMKt8IN+BtYNGS+XEYBiVg1UKpBHJuIv+xjZdfWURT3/lKn77kav8h19ewaee2aY/vhrxemIwXXDpI+88xD/w4EFK45SUZZoaDqhecrlSckGCsLIZ0ehwiLvvOoRaJYA1GlcXu3jTm+9Cv9PF2Fidzs5vIAgE9Xsp1UJGt5/iueev8uFb9opYuRf/71955A+2u8kX9+8sf9/33bu3/w/+1ZdeCsrB3s/+0bPza2trFvOwCwsL1jt+XD748C3fVpb2zWekulUVa/evsd0e7ozsH/7QlZcXCpXj+60uuFQ8PElR1ee9D94JyZLG6kPgiou9b7iVsh0FlIIyouVNmji8E61WTL3WBh5603148lOP09COIQyNV+jiUxcwtW8chf2jcBLBuw/spNJIlT77yS/QsYP7UBny6MKl69CpNYVAyjv37IsffvBnf/c3P/7j6cdmHrF/JinOd9AX/rey4f9rPd3/R2wCvoHt3itP5gBs6HvvUr0E6bVNhrVoXl9H0ZE0VvCwdGWFl68uw2kmqEDApjnsWpOnb9uPEx94E0hpkOtADpdglYXwHS7uHILNFPoLTYI2cEbLcEo+rLaAK1GbqlDaz2xpoho5HhWYxPPxlr60/6EDvud5XBwr2sWvnm3tPnlH1TX1MgDGsWOM2Vk97bq56/t2M6RcZo4NSsWcNLEBx1maUm54kwm/nmf5Aqyliu9w6HlgrVHyXbDWSDOFXjdC3O2DCCiVQyYSfM+9x+n22w/hn/yj30QGHwcPTnOpVsfmRgtW+AzpI8oMV+sVOH4ILyjBDQLEsYLvOuS7Dl692sZ2J4fKDU3XPLplooRASGy0U45ywxu9HC8u9vGFl5v0R0+u8+995jIe/+JlXD+/hvMvLmN7qYG01YPqJ3DBlHU7yNMM2jBybZH3Y2S9CEm7A5UrsLYwaQydRINCZQbAOFvDnMaA0oPCozJilTNbPQDM7cBxEAzk/R4ZrWHTBCrN2eQaOorY5jlIZ+RICydqsdtcR/O5eZx95Dn81se+gp/9h3/Mf/OfPI2f/a2L+PgLLTy+kNB8R7MA6CdPTOLff/RN/KH33kbdNIcMHNx71w684dZxHJgu08EdJTq4swyjLcex4jjOsWfXCN7+4EEEgcBmM8HE9C5cu7qGSqWMpeUWQk8gzxS3OwmxsTT7pZf58M7q1B237Xpyq5M8+uu/99I/iOHv/8D33YHLy1tfOH36tH39PT9/5kx+5oN/NifPubk5dfJdP+bO/atHllTJ+9y++4+ivbBlS0cm4Y8M8fi+aeyZ3otD0wf4o3veSW8/cR/uvOM4itrnxRcvwSuX4KxklJ5d5KWrizBJiiP33cHPPnkW1V0jcMpFfuHFCzwRlPnxLz2FGo9zpwLePTTJn/rko5gYrkFoQ76FfObsi2iknXed/MUfm/jYx+bAN/DFPyMP4C+YvcyNvMHXeWPRqflTIv+pt3rZuZCGb3Vqo+MjD59/6Vota0YoH5yi9pMXUdw1DAwXYBNNq3/0DLrPXEawqw7ViWjri69gc3mFzLAPt16E6sRwXIF8qwdxw+varfhIlttsEgVvR40409CNCIWpKpeHQmqu9Tb8WthQvSwnxi/UT+x88XqnrgvForxc3Kvx8C1i7FxjyNO1/tbCQg5AYs8eob1OYDJpfNmyQgY+WUhSMhMSOWkn9h1RY85N0o82kiiZnJ4YH0mTxF6/tkQWgLE3Un/BnGcK0pHwfB9jU2Molgr8+U89Rjt37+As16iUSvAkqNOLaKjootNXNL17GlGnQ2wZ0vUwPT2O7c0mslSj28vQj3M+NlWi+w4M8f6xIlVDlwNHoBg65HoO4pypl2ms9RRd2EiwuBHjlYUuPTPf4JdeWcfS1SYuXlij7nYf2wubnDT6VJQWyWYTNk5g85QdARJikE0tiwW2eUaGMeA0xX2y1gDMxEaBhYAFM1tDN+K9B5iUEAAskUpIsEa8vo5QajgmJZmnkFZBryxj49WLeOmZK3T28VfpU39wln/1P76Mjz+5Ri9ejzmzLtq5RWKYICV1coODNR//5ANHcerthzA0XqK5c8t49co2Du8bwp1HhjEy5GPXRBHlio9XLjfh+w6N1nycOFyFcATuumMnlYoF6KiJo7cdwdXzl7G02kGzm1LoS3iOoPGRkpVeIJ47t9V2i7XgA2+9Nf3Ff/rJT7z5LcdLz7y00Pc913zp08+92u/3nbW1NXOz03jnb3xk8uB777nz8tqza/jIabzuXHzDMT95+qRTHCs6vHufXXtkLj3xU+/0C4XCD54/f81OvP0uUdg9Rg/eeoLeVr+LpEPUkBoqUaAoonOXLqJkJDlRDjQzpL2IcpWRP15HUCvS/OMvYOzuI9Rfa2D54hLuuP8wzr18Dm+46w20Y3QE/dUmffGJr+Gd732QLq1cx9q1BnSe8+RwtTJcLH3uK7/0pYVX0lecO7//TjH3yNx35GWd/LGTwcJLC3j/6fdXbh+73c7Pz/93bxe/m1tCOnH6PSHWphROAOtRNDIRN8INtZ7dcmznPVcuLe7uXt+y5fEKuWB0r25gzw/cBd2J0e210Hn2MoKyD05SpM8tgFxB5XIR7YtrKBQLGHvgMHoX12A3u2BBMA7Bq5XYxIqo5LOKcjbtmCCA6mgJNgcsRB+ZveSG4R9u7bn90daZM4zTgPv0Q3wMr4YLfzcpdifKauPJ2QgAjm1tia1ReAWMalcmHpJxeP1+HFfVcEEQd0V3vebVKtrojrSyLgUnzUbr8tbW9uFqwaeJSggKinR9ZYMdZs6VBgRR6LmcpDm2Nhu0troBv1Knc5eXcduR3ZCOi5WtDmqVCue5oSPHxnDp/AItLTYgiPjw/nEqE8GHhCMcNPs5xsoeskxjcTOCLxjNWFPOQJYbBILo2FQZ+3dUCcpCZTkRDKJUodHN6cK2xtNXV8EAExao7guaqgXYVXJQLweYGivA9yXt2j2KauigXHAwNFSicq0Er1pCnltKOh2EBZeKQzUoreFWiuw6gtgYGMtQBgBbqMxQ1OyxzjPa3mhx3IlJGYutdo52q49mK8LCWkSNTsZuUOJjt+3CH15McWE9wzuOjPGeqSFa6eX46kKLLYDcMt5zaIg//IYpjE1WaDvK0NvuYX6ph+MnprGj7qNUchFpi0JJ4qkvXIN0JXWbOYZLgk4cq4PDKqy1mB4vYss1iOKYqrUy7zY5XVomzjJNQRhy1E95ZGKYN5pb+Re+cv6Pfv6vve39H/zhN3/qymo8t29PhYvlisGxY96+ffvM3Nwc8PBpAmbYJGp/OBa+f3pjem4ZMwbfPg6e422n6o7un5j7yMfm8VPApaevzh9/4GgyvHsoGK1Psh328YVLL9Pq/hzvDPfiF1/4BDaXt+jOUhm7d4zRC9dehgOFXTumuJd3YQsV+upjX6F7PvwQ1ydHB0Vr7xitf/UCll5aBCcxX37qeT5w6AO49w138//3t/4zzi21uLJrB9YvbmF7sWGSNyRi/46RB+bm5r7wwN99IFxf61cAbH/L62cQCBh7y23f/6PvvefWS//ly7+0896dEmf+otAaZmYsTp8Wnr40mu9rtUurhQyj1SI5Ztz22y4D3xu1EwgCgyB6l9fg+BIuAaoVwax3ka9uw7t9GtlmF7odwZmoIDMaypNob7RQVAZUC1F580Hkqy3kiUK00SWTKcihIoTvEEsBG/qoTVWwtdDUTjnInKKfiwCPv3apZ8AfOn2P+vXPr1Zv/ev3vS9u9C9sPPlyc/fJk06EdlBAO12YnU9vf/vt8uUVre7YUTxWFaLW2+5drZhKlXzKPEOuYpvYLBfDQ5U+kr5eXO46SZTYMgBpFMghuJIgBXEeR4gzDcE+u47E1kYTR47upZ07pvDKxSV+11vvgm8Vnb+4iKvXtrG60oTnOPBgKVpd4+cvX6F2L2XONXZXXKr5LkWJgktAKXSwb9xFkiskueW1VkydTIEAfuD+vWRycNEn1CshLa91eXm1j61Ogq++uIDNfo6OAupw+eWNlJyGws7Ug9Epzn36MnYPF2msVuAszhBIJteT3M8N+VKg7DvseS7lWnPBkxT6AkKCk1STCyDLNeKc0bNEG62EpRAIHIK0zMHoGIJiQDt2H6Jd4wJbL1ykuYVNfPhv38u1+9+Cn/5//TM8udSlz13aRqwtLEA+wKffso/uP1SnlJgjxeg1erjWzFAeLmDnZJkDBygPFZC1I7q81MV2O2PDoIm6hzuODMOvVFj6BcpVjtAHV6sFWl9a40E4aYpK6KDRTNDuJWhpwzv3TlFQDDa/9tzF9IlnD1x877u+5w0/+qP//Il9e06uf/X5iylOndJnbjLDb3z8ws/8uycAPA2G/pPGpWd/7YuNwz/xvhwPnybmh0FEr4w/+guP7tg39f2Xn3jZjN59QESb21gvr+PsVAHF+Tb01jquOg3s2j2OtNWBTw5euvA8YShAcqkL24px7rcfRzhWgy0BSZKBQh/Xzi9h+MgYzb34Et//oTfDlg3GykN4+akXsecNO9Hd6hEpK5aWt7Hr1tE34TSEdb1xJXTv28JEN1BqG+vzmUjEU3XVe+rnzqjvUJz/nI2Ep08LPPggYWbG7nnXbcKyJzPTNJbkuB5yjvglB3FX/eTa+ZUx1UkgayF1Lm1ipFpEebKCzkYb8SvLiFc6KB+dRHK9AdvP4VQDHHjXXRiankCz3xtYefgevIkK3HIBBSMQb3WhN3vwdw4RS4IxDFnxef8b9tC1ZxeaTuC94EjnsYCHXuh+/vMZAJ4+dW/4crRcXHnkmca+H77v7zgFeQzN7Eq4MxwRhlp9DZo6eoJouWX8SkW6nhEOi9hyss0yDGyeWccxmQAZx/JOq/Qdd+4Z37u2uIz1TkI+GxQ9AVcAbAyyzKLV6YMZCKSggkPYO1Wjtz1wN7qdPr/vLceRbLdo6fIKdLuFOnKMCIU99QBVTyDaalHAjImKT7sKTLdPVnBwqoTbd1VxZLpKO4YLODBRwe6JCk4cHaNb94/i9gOjOL/QIus6/N6/dDft2DFC2gocPjhGu3fUyCdQkipsNyMaLg7M/Q7vGsK+6RHcdfdR+J7A6uo23vXWE9h37ABJSaRIgB2PytUyglIJslImv1bF2cUWtRIDLQPk7JMsVYFiFX6lgmK1iNpIDbv3TNKdxw/Rnn2TSOKcgsDDm0/eSVO7JjH7/GU8/tJ13upnmHvhKl25skqLq1vo52aQhg3gQNnnf/yDt9L737QHi50IbtGjC6sdbOaai0MFuu/EJIolj4RL5HhM11d7+NJz69hqplQvuzj19j249w17UKgOE4QDlURwpKDlzQxWaxS8nBzfR6sZU7vd43IpgPQK2DlZFwmFl6+stfNOFL96dPfwbZe2+tdrtfrWybve3pp9XajK6xHc0zjNf5Zw0sYLF3LMzvIjU2uu19t25I5J3n9g1w/Ofe4ZjOwaFRvPnMPK4hJGJ2tAt4ON9S00P/cy9t55K3CpAZFnaCyvgPoZyhN1yIqH49/7Btp39xFeubZMw3tGsfXSEqwFdr3tDlx4fp7ueuNt2DW5ExdefJVefHUex+7eTyEL3ljaIgimiUIwtP0k/cFoff/a7/6NX+39Sa//3KefW3/1D585i7k1CwyULP+91jPOd6W7uoFbLZ1fSaZu3Vnx3LF9fGziww8ev/t7Fy5e6sx+4ssH8k4MGTgiaydQK22U3jwCE8UoVwrYuLQG8iS80IWNBtZawXAJymFYlzmQDlUO70Dnheugaw3YWMOPDNhaUL0AKvngXgaAMLJ/BJYZSulUSjGlc7VWec/OPp56yuIURJIJpxg3afTUydL67LV/Il2SVCo0+mmWHUwKMUIUgMsAPHhKefOryfootrxd4S6b2KTgsaipWE87jq05jjzUa7cPTI2UYY/uxvYz80zMBAYqLrFipnfvDXHb7bfgxYUOCqUShqohWcdBvHqN94DpwmNf4I1GF/VqCQWH0dmKUPQddLIcoSdwZLyIbi8BqxwMQjc2yIWDkYIPawz8ogcGoVJ04Pge6iWJ8UKIB5TFU/Mb+NSnXuKf/qmTqAY+dbbaOHpsJySARrNH640IOk25Had0fdvho9UKGQu88OoC+sJDwfMY3Q7tnhpB2XPAVsPzXCil4fgCtXodm0ubGKuF2LdnElGcAVJgZKSCbpThdx9/Fcd2DuPeo6NQFigGIb56rcXNXoxXthNeb/ZwZWNgmSMF0cXlbeblbQRSILWWNAM/uKeCf3DqbrhDLl5d2EBuDF6+3IMSwJ7pIdq9s8phyadeLwVLxsZGhGfPNRBnFtOTJRw/XMe+PcO4wcxAHkdIYoU4jbndzqgbaUwOCY6SFCNDHi4vSQwN19gLy3ZxM5Ffm1t6fmSkuvj8+dXn7zyyp3PLwemx//zbj335D/HYt9+qE3gGM3/aoX2tEznw0EN+/OrKrqE33h1eeOyll0/+n3eujzruxLnfn7WB74vs8gqWdoxg37bP0QvXCYZx8dGnMTVRR+W+Y9jcWsfBPXvglH28/MQreOoTX4IZLVBQq6DPGjL0EW20URYBQBJXr1yjg7sP8pvuewMe+2fPYGOtzYXhAkqhh+tLazq4767qu9987/GZH5+58GdivTO/ZjXzZ5Tr/bnAsPjk6ZNOH2VR9eq8prcO3r/72HvePvmOg//2yiLy1W1ro4zZIWJjQZYRTlThFQrorvWQrnfh7RtFttKG2YoAISBcQvf8BpQmyrci9LwNiNCDDn10n7sKWANZK8K1Ft5oGUYZoKtR21FGZ6XbpSBYdkN3znPlc+Ha1cENdAzsPNG3Dns2hHEvnXnsxdduoJMn5eqDs/bEIyeSZJ9HrdGw4prcTLsVWRSG+uhLGGileRwGB6xFOU3TXXGa+y+dvWofOnmLePq5C7i+3qGff1sFvmVCTrj1cBmq5tPRA7fg7KUtJHEMm2p2jUWWpAhdh24dD9laRY4gFEYLiKIUmUsohB7G6iGO7a5hfbsLQYR2pLAdK0SNDHtGApR9CeFIdLMcWS9HWAqwtdLGSC3EfbdN0qXrW3j2qYt427vuRRIl3NhqUr3q8f6dFdq5UMHSqqYKSfRSha88fwXPXVzHpZUG+obxS596msbKAcaGqzDGoiCJR4oeeQ5BuoLPra3Qs8sdLmz0qK0JviuhSeCJyxv441dW0EoVP32tQZ9+foGHQpdyJlzf7sEAtHRuiSVArhRQ1sIYZimIHCk4VgYE8MPvPISfeudh6hhLV5a2+HojocVuhrAW4vC+Oo4cHkE3ymhtu49eonBttYsrix1stzPce9sICqGHWtXH6PgwBGlkSR9bGx0ozej2U1paaADCpV6XuLHdoZ2TFRQCn8PQp9Q6SFNGoVpMlpabC3smR4b+6OlLv+f7g7TzmUF39V/bTdwsVHziI+8pdGW6O2C2uZG9A8fH1174R7+f5T/7Q0/tOjT1gY2n561pp0JsdHH+c89h/M47qUyAGi6jvbgOMy7x7vIQzgkXG1GMIUUIhqtgAOWDU7CxgsoUqruHsPlEE2vz1+CPBHh67hW89cF7aO/xAyg4Lq1eWcK+g5MIA5+XL6zzVqOF47fseACE/zx66tU/fVP4P9hu5rsGus/OzJoTpz+CJpD1Wsnl7sbGmT+qPfX2xbW1Q9xJqjrNmTwBvxQC5QBuOUS03Ud3cRtsAWeoiN6lDbAyECUHxak6GmcXEF9tAkQw7Qj+UAU8LkHVACY3sFIiODQOZ7gEV2uoPOX6/lG6+JlzG07Jny1Uio9u3P+B9cb8DN3Ar7Bx6nB6cnOTZr8wa15P4sPsrMYsaONe11m+Cr3XyaTkNPf6xrTCEpGIQl/ZUcEYFdKBtHZvFMUepKTHvvaKqUhD73nnUTnZfA7HdhXw+U8t04dOFvD0YhNPvZLj+PcUsHd6CGlSQM0HCcHY2mgiilNoZciRg+1ilmtUKiGUMohTjfVWhCTLMFT2YZThcU+QHzi4thnh+rpB0QUSC3gewXEcLDXaSLXGVidDvVZErezzo4+dw733H0avF1Nzs4HxkRKFnkC96GCJBByXeLzkUKeX4pnFbdxsmReaES80I8JC49vx9Oj1H59d/5bpgR0iMszY6Ge00c9u8mxe+z4DwBjLjiAEUiDSBrk19I5bJ/nv/dAJnNhTx7nz17G02sBSzLSSWHAxwKGjo5iarKDZz9BLNS5cb2K9rXFtqYskVdg1VcTenWVstXIYJghpkSU54iTl60sdCooFrG/2sbkdwQ0DXL2+TUf317C1HXPouggLBfz2f3lFv+3tt7jF0D3U7mVzhVLREx51ojzvP/744wKDeKz/WsyGj5065el6Z1/XxBUDsX528nPLmIG9/eRpDwRlQ292cmrHB7D6FOC7oEaKZH4N5cN34uDEBF68vAJPumivtOAMl+AYICu6uPUDb2Hx9HMULTTQLbtQWz1krRjeWAkEgbXVTUzdsgtLryyimXWwe2qIRwoVbi5u0959Y1QfLRFe0mJ+/hqO79txBxh4EA/b74ov8v+iLSGXHr+QA8h37tlz6XO/959+01R/7xM7aeJM2k+qkpll6FPeigbunHkGx3eQbnbA1sIt+kh6KcAMEgKmlyEIPMTKgFwJ6bvovboIvixRum0HHHKgMgNnqgRRDFAoBRzUCjSxd2d63rv8h6UR93kuBOdu2DXza4XpzBkz+x1+gN0nT1al2+fdqsSc28DmfhqGcJAkQod2VFvez4QRYexhbfReRzpjLrEU1ZJ56ul55yu/+n9RkBzgza98nt50dxXXr/eRMrNIiT73+EuY3jmOsWqITdIYGS6jnyhUy0U0uwk2tjuoVgpsAESJItcVIAkwMy6udhA4ElP1gNZbMfqKYUmi1U/Yd0FCCuiuRSc1yABICaSZRaERI/BdvHJ5C5devkIClpfWO2QtY73Zx1YvRStRLIVEZiw2ejmICDcENkwgCHo9F5jZMgh8g7wwWBbxjb8wMxMBkERgBgyYxWBg4BupzSi7EpP1Ct9xaC8ZQfjic6+iFadE1vADt03xz7z3Njx0fAd6zRY9N3ce8yttLPQ0ugw4oYfd0xV4oYNXrmxDG2C92cdGK0Ojq5EbRqXk4pZDI1jbTnB5qYfbD49geaWBRiOGAdHCSoQ0a0E4Eo1OiqKV6CcGwvW5302wY3qY+8YVT7+y8Oyb3nLM6fXz5ZzlurZmnR3ZKzVL6sEHH7Szs7Pfnrd4kx1+E3A/PRDXA6A7furdU4noDbN1G5d+8/Pnv7H4zxswcL21+mJQEVZ4rrSOZBZMHGtcX1ziyZ11ev7yEkxuoM43sZo0OItzmJUm7B6PgrMeegWHfa9ATF1E3RjBaBUycGAjgyxX6K5s4/L5S6gcO4bDB3fR2UtXEN26G/1ujNpQha5dW4PWOPrQLzw0TUTLpz5+Sp754Bl76tQp8T9i5PtzJX6enZ01AHASwM7DE+vlcPhop9GY0L2UBQmSqUba7KM6WYUkAiCQr3cgSh74hsiZpICNM/SvNRBWCuBcg5WGE0pIJhgr2K0WabRS414Ukbh1CsZxAUfAj/pgv9Lt+7g6Xa63tVXdG4JT+lNadDH1jrt3mG62vTA7l+x84/EpD+aIIX19K8Cm76oCxZQ5ktoe85jviVRlJBOjKzAm4MwGt+yvC89X6LQK5O/ZjTfW1jH7BxnHW4p2lyMsrFqsbfex2RwsELzFNkqORuD24DoC7dziyrVt0tqgUvDgSkKmBuGpSa6Qa4ulhgfLwGYvg+M6YGso9AQsCIaBzV4KawHPHfQxTpajH1tkucWrZ1cQ+g59+kuXsXeihNgwVtsJVtspGTAbw0hzDRq0DjcOIpO9Wbu+8XrdNBEcaJyZYXkgypFCQNvBZu/mN7mCyJUCI8UCjgyXcHTfTjp++xFubHfQv76E6aOH+AMP3Ym3HalRvLqOL3/1Fby41MJqJ8VmypChC0iBI9NV9DKD8wsddGKFxbU+erGClBKWGeWCxNHdZZQLLs5fjeAHAfpxjrPnt3F9tY9KtYRmK0Gnm6BW8WG0RpqmHGcW6w1NgevxUksRdTZatdHqb3Ra3Z2tXrzDDUP2fTTkMV+NYYx/9+mn3ZM/djI0qkTNWl/Nb40luHGYTz580u80w/IL/Nlt+uAHBWbOmNt/7u1FacKjuaCNi//802dfV+he6/DPvHqMT58+LWY+OPPC9838yPVKOdjXTlIrqiGJUOLKpWu45Q3T7EaKWDF4pYvk4irVD0/w5uxlNOaXeLmQ4cSx27GSt3CpAKZMkR+6EFUfdq2L4mGNtVbM8VILdNjQXSdu5a88PQebZCi5gmFA/UbXxlGv/j3H7zjxKB5d9Rf84NQvf2ga7fwagP8/KFgDTga/juVO/b9ymOZ+6mPxe3/9owdbW9u+ybWWgec4noBRBoXREoTvwfQ00laM8u07oda7IEkQvguTaeh+xt1+RuRKFMfK8IZL6OgVMDEhZ7TbfaKaj/GpUajAQ3Wkjp859AB+54kvFt2p6t1YzV9c/szTyQ22v/1OfBgAYsc77ryNtNpefuq5BACMSjJy5WVPSKuyfNRAVBwpqmz1TkhnD4OnwaZcCP1ApcyCDd5z1IG78SUuTbjk7buVo2tFesf/rsl5JEKrJRFfiZGmCjtHy4j7fWx3E4wWJZSx8FyJZi9Fri0ypfjqVp98R4CIkCoLXwIgwtXNPoQgKMtQhlEOHQgiaAZ6mRp4WhnLDJCxzLmx6ESKir7k5ZU2ms0IxIxXFzqINHB+pYtebge2OJZBRPAEcVESOVLAMgbseseBtpYzpZHkmnJ7w/IUTI4gDoWkoULAoSfJIUIrTnDHrnEUAw8vXttAlmsu+C45DLRafVxb30Kl5tGevSP4tX/xYd5bI+peWuSnP/sUv7raxnKkqS8E2sIFlQb3hGXGaitBp5vBYsA5a3dzMICqL2CZMTkaolzysbDSRaOdoFgIcG0lh5QCjbZCJ43QaMaoFB2kilEuB1htZKjVSihVCuhGuXnxwqbju/gDzcFnz15unIwVlkdHileoX9B4XOHM7Blz6tQpJL6T9/xeoZSHxTtLvVB+5ER77mNzptX3pCiGeya/7zjw6Itb954+dSCN1Y4kxSvnf+0TjW/Gsl63vOJH/u6pClrolCCfGqoV9rU32swWcIXDnW4C3UxRFg46UiMYKfLCo2fxtr/2Hvo3n3iG2+dXae+d07j26KvIXImjbzyKqy9uIuvHcEoFJI0eXCHADujK/CLf9YbDuPeeI/Srv6i4sdrkA7vHsEhr6PYTG0d9MVKT9wJ45M2VQv573Xj5sZkz6tuc97+ABevbvPhktUUAoDY2vqd5eRlCSJjcIIny18jwaT9F3s2gkxyuJOTtGGwJNtXwqgV4rkPeWAl5KxosIvo5agfHkaUK6dUN2LEyROLiwm9+CcW79kLesx+LYx1sbEfO6IE99xqz8RhOn5zDzKy+0Zbzt7zykyflPrdfFEJeu/zHz3RxChI4hXB9vpBn0gKASPmIdOQwwTQcQSUilMkaktYGShnhCXLG64zxdoOy7W3QyA5c+Z1PY/J7j2O9fwB3vovRenURt/aKODPXAFjDqAysLW90FfmOHGQSphrKMFJtKNGMrjYDT3gLuJKgLSNTGo7jIFEG1lq0c8taW7LMcB0By4YtMyltYZjBYEpyy8MVjzq9nDuJocVWgrVmxt1Uk7bMoSeoHjiYKHlwXIlOYshqRp4oLkhJkyPDKAYu6vUyuX6IVjfG0vomLq1uUN8wRn2X9gzXMFEpExjY2Grw/tEhunX3DvT6GXr1FBv9Hianh/nYkUm84e6jdMu+YeysePClRePqIj32pUu4uLBB65nBtgJE4CIHkBOhUArQTw2STCHVjChVEETIcgPhCFRLHsrhoMOyTNjuKrS7KZLMgDmDMRZJqhFFGrWqgck1pg8MQ4ARZ2DPE6iWC/zsq83cldZzBC1fbWR/8IY7Jmr9NH3CcV2ZrWTbO/btsGfOnLEA6MZoFN/4PdjnnDrlvfX/vbN+YXU9eNsPveUH+ncdTc/dtmdOSCneXzj2yMw/nbGv3YenT9ProAq6QQ8iicsMQKiS84qshUBmWJR9mHZKRhg02ykmR4poXFiFVy3R4qsL2Ox14HtFevo3P4cjf/UBbp5fwO4ff4D+8q3fg3/tPIuoG2Ni/wiuX1jjohBExmDl/AZs1OG2ygkaSBsx5dMGTAwVK1y7uoqjR/ccAmA+8pG34afog9H/LCnOd71gPfD3T92ms+z6E//0U6+hrvMzZ9RDv/JRf/O5F2/tNXqwxggCgVMF1gZwBEgSGotbAzxLArqf4cbpBDmEcKQIqzS8SgAShHS5DaUNsk4y6JmUgXQkVKbROb/MyjP8650eLZ559upItfhrZM2VXefs7fbUvdeXZ55qfnMLDgDHxrZEtDmaXf3C7CB++QwsTp8hZ+W2gjaWJGkHwkphucBAZKypSQEhwK4jgLDkOlmUUZ4r2uwaNM+tcn1vjZypcbIL8xi/+zAufbaPTLjYarex2e7BExpFT8IVTMIy+44kIotuqhHlFtpYaMuwr4mOCYIIygz4iawUNDOkIM4yQ5nWEEQoSgFlmNJ8UMyIQHTj5jo6XcFKI8aT57bQjRXiTJPvCoxUfYyEEruqPt82GtKx8SKmd4xAjtWw0LPUSwV6vZzXWglJ6bAwBM/RZHQRtXACjisxVAxQKfsoVSsYq5cQygOY3FGDX/JQKPqolhwM1csYr5cgHAF0upwsrdDVp5exsLiOzUThle0MPcsI6gWwB5AnkWcapcqgWEWJgnAE4tRASAmtDVxPoFJw4ciBXNb3JMeJpm4/R5IaCAFst2L2fZ/276pBZQpZZlCbKkEKcMF3cPZqm+PUmKde3cpyQ0kpdMrkuR8LgrGnOhtWDw1NZYvlRZ7/3Lyam5ujbxrlXi+54fkzZ/Lv+Xenoy/+zid47Gf+5q0nd+x9+/r62v9hG8l/+Rzmawc++lB0eebR7GY39S3a25kZzv72u8s4Nu1kvuhVdw4DrnAgbojSkxzNjQZ2jpT57Ff75AyXEa130V7aQq1WxtZmA2Xpkp6qsXxlja/e1cSOe/bzC5/7Gk0fngJAaC5uc+g7dO3VVahOimJVYHxiBGsXVvnQ0UnUqgWKtiOxut7GvXeH+3HsmCfED+U3k3NO/dKp0AuKt+ab0UtnZs7kfyELltUmygr2tY3bsVPH3Pkz83r/aDC8YTBplYUgQWwtdKzZC1xyQxdZlCJZ70AWA5gkh2pGcMohQIDNNPqrbbiBA2kYnCnE/RRCCjihC+FKkGH44xXkaw1wlFKdBYfr/dSsd86Kgvfowm/NXp8+dW9oIEen3nf37sD6jauPfG3xNSD0YfA8zeev0z8CAA48/ZDbzbaWHGtrUliHiXoZqzgQsi5BTm609RxHCBKZD5swC69r4D6xSSQ+G+F7dy9wfTgkf8SBunwdvcUWJ8UhurIVwVjGVjdB15XwBFhYJk8SXFciyjWizAxAbYDtgN8ysGi5CSOJGzA3AZm2N16zYBDQTzVpa1lpM3BeAMMYi70TZWx3M8wvdaidaniuxN56CM8hgJmKgQsFwnpi0b3axp2W+BZh6YHpMa5NjpNfrQL1OkO4pAzDsoUMQgi/CEgHzAaS9GDqNinAFuh2gTQGQIwkJRV1sD53mTpbbSxeX0cvTqEcB9uRRscKOJUQJSmQAIAQcDyBoiPQzy0yZQbzvAWkK6C1hiOYS0WPjLYo+IPuioiQKYN+pCAFoehJLlY8EpJw6/5hXLzawDMvb/D0eAXdKKeFzUQ12qktlnyjLEXlO3PLIwABAABJREFUamErSvTXCkH5NyqMZHtoyA4BmMct5sSJ0C2VSnwTo/0OQn/6rR+fSU+cOuF/5YmvffziyIUnTD/6qpEYNYnJal7o3PLzH0jYGGJjyZOFGDaPOIs9HZI2TqCMseXyzolS3lVlhoUTuFveUGkozttClirUzDLcfc/twB8+i7yTAJ6EqHmoH5sEhguoHJxGadcOvPRvPkvOgSFoziCVRLeXojBZofWr26hNVLF2foPWljf4yK3T2L+vTrNfOQ+hGAWHmJShVrPLURQdeNfJkf2fmedzDz/8MAGAm7uTYc0Z7xUyH8BfzIL11X/8B1df/6aNFkYFAGpuNHb7Qo4Ype1g7iXWqaLidB2laohuL0X/WgPB7hEYBsgTg7gjMFhbqF4GGA2pDMpTFfQbMfJeCo4BOVJCai2yjTYc30Xe7rNMrTBJNwXo7Ic//ODyzJ5ZsTzzVAJgcde7b+spR9y66/vvu83m/OLyzFMrN7a1gyfl6dMCmAFmwNWtLXu5VDJ7+ps7jWABogYrOU5sUwk2mkmmhrtk4PbihMqCuKPgXu1ZcSy3tH0hgouYu4Gk7csRzq26tNxfARvAWINcEdgYaCnIWIYUgG8sSAhoANpYWAYNYi0GuzcLwBECZIlyfRMSZ2a+scYbXDgwgYqhB18KHq35OLSrjFrRo2ZisGtXDb0ohzKM0JVwfBfddgrWGuxJioQDrxji+dWINhKNwvw67ayGKBdDKhV9BJ5EIXTh+u4A6wqLcEsFyMABazMw2ev2wVZTlORQuQI5RGmq0Gz2qRPl6GnmnrYU1oogKZCbnJNEExXdgUDcDppnYy1YOIiSFJ7vgKSF6wpEiYZSFuVQEluGKwmBJ5CkFp7rUOBaJGRQ9CW6zRRJqtFPciyuJPzSpW1sd1K6utTn2lBpMWchh4ZKSmnb8jw3EdJ5kj35tXtvu7d14cLn5I7Ep0dnZ90DDx1AqbTDzI7N8nd0NDl9WmBmxr7xJ95Xjou5F33yiT/4xGMv25OnT6qkGRZKQ0k86z1oj2HeqXRd2UyTYh7EdQhRgxZAJktOqrtKOJ3R3aPD669sXdt9755t+cZpVHeOqVIzD/rXtrFtNRfHh1CeqHGSKpKhj6WXrqC4Zwitr87zi787S2NH91LvlU0sz57n9cfOIxypk9Fg4UrqbfcxuX8MSZyziXNKmx0MjxbZ5kw6zhB1EsqTnNvd2KysN4rTtfphAOdu/tAfNCrbuLzx7B/9oz+K/mJvCU+dkrvzzfKCN9ZbidfKGBrKuhvb051Wh6y2mjQ7dhDjDq/iwysHwFYPUAaFXTVkmz0w0yDqnQRgLFgbdsOAOitdMAOFqQpUrtn2Mupd2UZwcJRLB0Zp530HcPWPzzLijLTl5Xyr95mHH3zYzDw4c5NCQoufPtsC8JWx994zHjj21t3vP3Ewjb35jcee3Pw66Dm4Eefm5szoyWMFArFVqqOJq2SI1MDarmM0FwHtGaWgjdXWklIQ9cuR8Ba7FmdfiTE5TFi9anClxbwNgSOHR+jz1xpwBLErCdpYUsYMPOoNw4DYEaBcWxhj7WtrTQJby4KIkBvLbC0cR3JY9Mn1Pfi+xxAEP/AhjEWuLe/fNYIDYz7qBVAUxciUxa6aRBQrpNqytEwMwam2ZATBCgEtBFISyFwHWhme34jp2O46GlJiq92HH0UoeQKkDMLQg80VXFjAWpTrRYShC+E4CEohon6MRBk4oce5MaQkoQ2Bws4hNDZjKhYdWCb0M80qkBQWPCBw0U00pEOslEFmiWKlIaRAlGoE7mABoZRBMXQRhBK9Xo6xiovN7Rjnr3ZwIy8XAsBWK+YkUUiVReAKm+sWuY409XKQGaZlKeUTHtEoCbHlSqcrXNkhwZdGh0pPz63OuaOha3plPf5z/+Zv/f3rl1Z+5fd/8fdfPX36tPgODHbCzIy99yffMZQECF4cenT99BtP4+UvnLWzM7M4efpknGPnEDCzPT/zWleS3BAVAxikKrf6nu/oyHWKow+s6dbdP3DiruT97/4rO/2Caz/x0tfwmV/5ONrbXQIMdkwN4/yrixAQuPo7z6F4aAQ6N9R+9AKanzmH0ngF6mKLVKIh2xGzqpA1DBjAZUbSz+jsuQW+8/gEFUMHWS/muBkDluEFLm1td9hh4PZb9u3H6dMiLiwVH/746cxfeFl5TsU7dfqUc2YAwvNftIJFOHVKHHI260LFQ0fd9ZPQ1EKz+YTu9m61Jh/Y+mpDVltAG7ihi6DswmgLLnrg3EA3YwjPgTdUYNXLyGYG/lAReScDRxnbWkC9jR5ULyNZ9FmmCtyMUJoeQnj3Pk6+/DJ27R7D5uX1LwQkGg/jYQLBfsMT8TTE5szTGwA2dr37/rpLycHdb717hyS+enVmpvN6bGJXP8w23OSyIKq5GSqGaNEyfG2xQxI2jbEFTZwI14mNYeEUCiuNWIx+8npaO1DPyRMBcs/jy10NGViceX6bX1mJUQokMm2RGQsiYo+IpSAobRFZYyWRlFKQIIIjBxQBch0lPC8tFQu+LPio1GqCjeKR4SqxzkW3F9kwCM3G6raXJik3e4rCAyPQHHMztzDKksg1W8tkiSjKLcJAwBrLYcGjLNewUsC6AuS7mBwpUp4pXG3HSMsedo1VwUYhBUO4FtZ3EBQ9gBhWWcSuhCj48EMHXHIh/QIKroQCQfUytLspgskyWAJu1YUTepCBh34zJuEDYeCh0U6QKINMM0EIJMqi01csHUlpptHrWy4EkkgQerFCr5+h3U6xct2iFeVY34pQ8iQTgcAWnpRUdAQI4ERZYgZJIbpBOXzc9+TFTj+5PfDc7WK1vOK49CQglJK0ua2iPDTh3i1Z7aGTFgIhhoQUNzCm70yLOf4Tb5vSXihf+LVPLg2+dOYmzMCzM7Pm5OnTzffs+dlD4j9I/tSP/tMLJz7yEReYw9zknMHMgHR95Ge+v2Kz9E4u6w/cds/dPzA9dcDp2Rx/fOFl8fQfP80OE+WbPW6vbdLkZBXnn06AoMDhZIWKVsIfr6O/3sXYiT1Imz24RZfHj4yTSTSplTbC0EVztQ3PMnyH8PLcZSr/1Ft4z3SJbKZ4Y7VNUZSgWPQ40Zqa220UXO8e/P4nRp9/566j+eYlMVYf63rKXr+5JMDMzJ/TgnVjlfnA33r3wSjNNuc+9oXOzSbg1nRxxAaWuutyqbyXj8FwA4BuN3r1JMogPYeICNbkKO8a4uJEmTILZP0MouiDHAkTK0ASMwAhiY2xcFwiHRuwsWRyA3+kBN1LoeKcIARMJ0He7KLziXnoxZbA3UnabXRe9D3uzNC3uZAzX+djLX76qy0Az+x654lJS3TnnrefSDUll5Y/P98CwBuu6xR9XUFm0pzzGBBkLDtgdgDOiLgHYExZVIW12wrkFwterwlz8J+8mFfu6RnKNZBA4NqmtlfbGr4nkOQayoB44B1MBiBjCRAExxfW89yWdL1lx5WR0botBJaE6w0JEvu1pD3FakmwJ9xSUKN+kjr9TtckaZ7Gq21X5wbF0KWpsQqefmmFXKF473SRAIs4yojBEFLC9wnagiwI0hEo+T7SzKA6XAAEQYTOAOwvBchcoMeMwJEAWdSKAeI8h+cLkCfgWAsndEFFDzJwQYEDvxwgSXO4jkM6VZAVH9IVgDHwq8GNjpLhFHyIzGBhrQvXd9DsZixdSZoZqTLQzNTpZDDGwHUEdSON9a0YrXYCayziKB8QVQWxkCADBjHYI6KCS1x0HQSOgEeAYotNRVhP1bUpT677oVsiKY3Vdt4tOwukRGxCX/kGxnEdkYikH9qw8zv/9gt/fyT3r9woQvbbjYG3fPgdOx3jqGf/9SdXv5OJ5ezMjH77b//ckmymEgDeMzlpZh6e46+TS0+LofiFPlVHXr28du1rtY3JvecbKyc+9eUv8MbLK8IlSaqfAULQteurPLV3HLAgAiMs+aiNlLC50kL12DgTG+ovt1AeLpBHAnGUI2lGCGoFNrkhYwyqw0UkXcMXLq9h374JFKtFam13UR0pwWYamTKUK42peuW2PbdVj/z1D3/oF4TLB7527tXfeOXFhW0XJv7I2hp/DLB/PgvWjQuby8JyabKvXv+mvBLs2p5Mrvpr73w2O/LSW78i3LUMYCJ53xGVGniuQ/BdWGWYPEHTO6vIWSHNBy6hPFmGfUbDJoo0g9laQFsIz2GRaQIDsuDdKFYKbujBK7qIWgmiFxaxev4ZLt8ySdyPN5Yfv3p+z/EDpVptT7owO5t/C9fl9CCp+sa/xOLn5tZAWNv7llvHYZypHfcduxPGxoHtdk0CJK7RvqF1a6jsSdRY8ysGCNnaXDLa7IiGBO8U1pqCK8rKBuUF61K8lDvTJTSWe6a+3lelUsFHlhtoZuv5jvUKJThS9jJl1h1JLa/gS2PtmuN6S9KhFWPJd4gcYs4ZdssY6rOldmO9tb9cLZVlyWRb601JQhSUMpKZBFmrhyuhXFtviW4/QZ4rLK73MDIUsOcIYrYc+JIC34XrS2T5YCsZehJh6KEXa/gSGB0OERYkOj3Dfr1CMTEKJQfWaMTEIG8wQm72FVwJ7J+uQlgDGUooIZAmGYwycHwP5aEi0M+grAUFHlQSA55Eoixiw+jmAw+WXk+BpUMsHaxvxiDBsMzMBMpzi63tmFfWewO6hrFgwxA33ONZW2RgpMq+tjjZSDQEQCVP8lggaWfZwVunC0N94f5vs8u9a2Gp8FzJc/tWcNH07F5bFkuUK1N1YFIOVpEhL6GUPv/U8+cXmL+dLAmYmeE7f/yhUVcH8bP/4RONP0WmQ4/9b78Uff1bZ+zrMdRj3SdrzbxAITq66pVfXZ2//LsfX1rUvbX+PWqpRSqQQG6A3PJ2q0t7hmuAMjD9lMJyAKfqo/NcB952RF1j2av4JEHobvdgM82ViTI6m30SUmBlqYXJ3cNAP4cLQPiDERsGGB0tY3O9Q9ZadLsp3J2OLIchX95ek3tGCsMmUaMbi43o/bvems9MfkvgKjEzHn74YZr5zmGs392R8KlfPpN8yyfPnDH1U8d0ff6YEy61u8A8bv+5Hy30zyVjRgOWLfrdBKw0iSRD0k8wdGgMKslQPzACOVlGWw2k9KzMQNOBQS6d0RZwxGA7lOTgVENWC2Bj4RRdSA0QiIsgbCw1VvR6YxXTt3Xd5DJ/8wr66A/ct5vmO415zPdvFtwTJ064c/v22WtnzmycBrZ+5823dHJDeyxhyGqlfMdVJbitdjEt2kxJB6IPGGEgqlLq1OZ2WxAVhEtNDa46vpOWhJxUcJIta2ad0B8edtUtmjFa8t2wKguJFOKadjwHRP1QYJWJWpYxbI0dM8a0SDhgwxkkYJkdQdL3fNkD4Uocq0qz2eNOq7viB0Epz9S+PM0DAKgVfNJm0DmRlJDSUL+foLecE6yF50lyHYFS0cPwUMhBIMnzHUSx4jQ3VC26SDONTqSwZ0cZ640YW50Ex4+NIe70MFbzICEgWMJqCyEkcgsYh+EKgnAYsdJQBASVAKllMCyEKxBIB5utDIkBtGVEucXadorMMLY6OSwDQgpoZaG0AQSgNGN1PeZOO6Y4yckYO8A4QaBBUwp5A+iTDB4ohniwMRzUFu7nFv3ccDMz1Eutfcu+2uhHT4yPPLKU8mJqnqt7qMZEpZKWU5q5mZK7wpabxWKxM1ucTV4XwvD6e8niNMQbl943AaD3xH/4RA/4JpLDd3Bm+DakSwZA87/8+eaxv3GqlKiux7mNEKsV087mIPgeo3JwRw2+MtbYvLTJxTuPAp4kkg5aSw3AI/iBCxiDwkiJ/KLLUatPqp9iz63TaKy0QAS4oYs0UZja5ePKxQZWVyPccmCIA09S3E1YiMFjgCBoe7OHzcm43tpQzd/7oy/MlD1/ZPfEqB4u+HZmZubbJerwIBYJf87tZQDh5qOFhpdl+WjNXn4U2eEDSztcKSZvuk46NFCKuq7Egf0TWNjsIeskqE8NozBWRnd3Df3zW7BK3EidERBSwMQ5IAU7jiSlBkXMK3nI2wn8koekGYGZ2GMgW+s0kabrO4YSnn30sv3m1jxOdVYsvgZ6Cpw6RXObm4xjZxgAnTl2zNGiv1VwhkyW9w7mqakLYeKUzJjMMUJELetQmbRuOo7wSUtPuGIE1q47TtAmYceEtp2C4CcATo2V1rBoBL7bZ0Fdx3f7aap3amO7BJEDGLEgDwwFxvOeI+vaYhcDLRJcFK6j2KLCzCPMiCCoJV26xCDyHNlnZm2U1mmSyFtuOcjSaGp3+sizDGmaI8sysGFobTjLFUxnYGkMAH7gIgxd7N09zJWyjzTNIR3BgefQ0lYCJ3BQqoW0ttbFymYEshphQBgf8iHBcASh3eyDpMRGI+FD+4coyzSEJyCIESmFfqLBxkL6LtLcYGU7RqQMDAi92KLVy9CJBmTZPNfQlqENI9WMfqKxvt6nTicFscFrKiDQgLZHIEkESTcqFYgtgwQRkyCyPIhRZB6wQlLNvBIb+uS5bfvGXTmd2jN0z9e2VfjF5Whr71h5ma3RjjvAqqSnMqHY4hj45OmTEo+/Jjl7zWWBFvLhSjnffPRfPpqdPn1aPNG/EvY+mNmn8G0e6IPp/9uTLl+rrSD4Hc+3WZJSsOEIUdBaKU6UEFICroUAg4se2lt9lMtEfjlEnjPIAgXPRdeTCCtFFCoFtFda1G30EZR8JHFKhoAgcEDVAL1mDKMNIpXT8tI6mlurLF2H+/0MxIBKcuhMIc5y5FoX7tg7JHeUvRfjfo3+/c/8TnL69GlMn54O9mBP/rpOit7xf75/erhe2Q2ifOmVq9e++u++uv3fUrzE/+xqtfvkSS+XPOq1lAc0fQAouXywPlQayzPFQhIJQSAeMLbzOIO/HUNv95Gv9RG/sIJgsorCgREUpqtgbUBSQBa8AZYiBgxInSjAcyAcAd+XIAhwbgEGmThD3s46ANTY/Bi/bhSkEx952657T90bLnzm2fX5M/M3C5bFmTMWs7P62PwxBwDdcsu8yfsjwgiulQveXy4WxK+Uis5bmTj3rU4812tatisgLyPJHfhiy3HJSNdtATbPNFmW4jKk0/Y8Z5Ok24KUyEGuMiyURku6zpL0vVz6csX13WVy5JohigVxCySuC0nXhXS2hONFwpErwqVtN3BiCN5i5o4jnTVHynVtuCclIYkib/eunQiDgDu9GL04Q5xkN6TLgLUW1hiwtSTlgL9FBHaEQNTL+JX5NXrx7Co1Oyk32imtbcdoRRqr2wkWNmIERR+vXG1hs5VhvZ1js53CEsCOgJYDGkY3N2SkgJESUZKhGyVod2Lk1qIdKTR7Ga4sd7C01cdGR+H6Sh8rmxGur/XRTxViZdDs5Wj1cqxsJbiy0MHCYhu9XgoxGAzB1jLYsnhdMgLzQAXAzCwAculGIWOwSwQJcMEhOGLA/Cg4gsbKAT253MeFpY79iVuGb3/L7tIdS61e7LM21thhOACnVmvrG8yforH5MZ6dndU376WTp06WvCzfxZ7XePRfPpoBoMfxuOiqTknVr+qHPvqQ/83n4/af/9HC6dOnxbd1u3j4Jq0GNFrJui/9ymy7Hdmt8b2TcyIy5/Lt3pKwlnQ7geM5cMs+9VNFy80mB54D7qeDBG8AeZzDZBrbV7a530owcmgcJAh+pYC0FXPcSSGY0WtGA+RJMK+uNvjosd3kBR4lmaJWo4skyiCIKNcWUgD3fM/O/AsvL5a6oisA2JmZGRvfEquZh2e+AWoR5IzkCsN5mpWXri71/ls7rf/5HdYeQMd57ARwfTcMAHRZ5/U0N2AGu56kPMlZKUO+I7nfjenInTvx5d97EdG5BbS7OZzAwdDeEdZak+sIdC5tD8TQ2aDzFI5kRxApZuhUw/Ul0iiDUQxoi6DsIwMv3TAR+4YLJVJTjv1y43WawgFxdB6EM2C5JovHjh1TTy51TTHsFE1fFCcODN25vd0u69wUOwllldDtk4UnWRastQEJsiSRspWKmBgO+g6LNcD0LaNgLIggNKRJXUtXmZ0th2AHVFCsMkQuhIgE2xGXhDbG0UQ8RIIniQQJIRhMhoFtWP4SQJPCcTRb1Kw1y5LkeBwlE9WhunvkjqP8wlPPkyME52lKruMgy3JkWQ6rDXhAqmQhiDzHYd91UQxdKKWoF+fod2P0ujF2Tg8jCB2kuYFwAKuZrZFU8AUUCb6yFlMQOhCuQKUItGIFzxFQuUIvzcGasbYVoVwNsNHKYKRC6LtY34jQiTR6qYEfOmj3c271FeWG2ShGN1aUxApRxpwqS9oCaZyDrR24Ld085TfIoQCTsYBhsDPIYAVgEUpBRYd4kFImmInQVwaOAFkmbmWGRwIJ35V4qZFg+NyG/ZGjI+9pZfbF7ZwvOL5tQwMOyh0XrsKZM/YMwD/2i6cm2g0RrC13mkpitBOXr87/1pn8tS3gw7MGhA0w6OTDJ7/B4fehX/moDxUdmvn5mRe/HRj/mlxsBjx7GjjxkRNux5d688rKrUkvKgqGEZ4EwyJLczgFjznXsIoQehIdw8iiHHmikLYTJK0EUgqqTlVglAGB0Gv0UBwuUtJOEZQ8EAO51iACol5OnU7ErsuU9gcypkEIMHGr2adGOw4LslAQZ+OrnUrntWL7ulSgm7ZN9lH8/gsAXviO4/Cfl4K18FuzGU5jDTPgfadOVADAZTGstYLjSPZ8l1InB2vDQejSwVvGsbXQhlaMkX3jaF/dAhKF1vl1giMxvm8UnicZoUOsLGCZvGoAETogPWivs0RDBi7yVhfkOVQo+mheb2SDwE5+/UXiZ3/7S6/e3MTc8dSjexyjbXImWT81OmofPw3C40iSXSteUZX87nZyi1V2z9WLa2cEcz9XtutLp6hSXZZWCOthQvr2uqsqHXbiYUdzQ0lAMnIhqJcZGtPWTApJXetSjyxZL/SeMeQUYHXFABkYbWKqaNaOEO6mYlNxSAxBmMSyuAgpQMzCgKeMtqmQTkP4okWAZ4GrZO20lfSmqBvt+Uv/+yk59+yzVKlVWHX7VCsXB66fPLhXrLEw1pLvSK6GIYNAcZqhmaSDUGYAnjNgim83ehgZKsMvuMgNWAqJle0M9bKLQsElvxRguamw3VEYqQVII4M4ijFa9bC62kYh9LC2nSBnwvW1GJCESrWAxY0MjkesDVPay9DPLBUKHrJ+Ts1ujijRyNQANHccOajTNxMNBzwFsB1kuGpmuAzUPYHxwEFZAtXAoYJDuJHuRpIEutoSC4lGavh6J4VzQ7YUacaBesgvbvToE+e27XjVdf/qHSPv+LEvbn/63h3+SE5WUpjVY6Xy+999f5a5meg37D2+oCv9vLw6f+zMtdctbfgbxjwCz2L2mzyyLiHjoeaJ0+8J3UrIfndTzc7M6hsbxtcO8oGPPuTVs6D07MdmG8wsqu88/sE8VT9qklQE5dCSskJvRwgOFQFJFPdjVGtFrKMJk1noOIdf8CCqIRxfYujoOJKlLjfWezS1d4R1Ysjc4G+HZR/aEoR0abMRsXQ9Ghuu4dzcMoNBk1MVvnZ5i+JuYpMoExPTY+XLly9nH/rQDmf225sdfKvK8L9Db/jdwLBee1KYzVIGAGmcjCs1SFDRmUYWZURCINqOefGFZTSaMelMwS940J0EpC28coCkl6K12uKgHMAphJAFD7abwvEcSFeC9eCgMYCgHCDeiiBdAWMsop6OCACfBGH29dvn02KwlZmxePe9qp/npdJUODFz9eUOPqZc2KLAxoZCtVqpl9xi6Mltxxcvl7ywEBalAvGQzkWxUgiSnG3KkjlTKLmZJzTFPWkcSYEIWYkSQx+W0hGuQ9eNsQ4JIQxjgi1rkk7PgZkGy5qxxrqOG2lGKOCWBKjFwLYQWIaRoRR6xBoaFhAgAZ9cIVgLq0064vnewa2NrdL9bzvpspQc9xK0m23yCYj6EXJtbiY4s+M4tG9ihJFnAIM2Wh3OlCZHCAgGLA92cZZBUT9FHGUIiwH6SU4TI0UIR6AdGSRX29i3s4xGqtBup9g9WcTUiI9+zmgt9uFIix0TZWx3U2xFCp1YY7unYZZjkCOQKUtRMog7IwF0+jmanQxxZuF6LrJk8KyxDORK04Dbf8PDhgdjny8E7S252F10eNgDFRyJfmYgCDAECAEIJlQ8gaGCg07OXHQdbCeKhRDE1rIE03TZofNNwZGyYm6hbd8/VXvjyZ3h/QvN/PnRsbCfKz2E0BuWfTnrVt1w6aWlLz3z6DO9hx56yJuf+TOt8fkmGdRp7pK5l1ZLbdmZxZkuHh6YSN4MrDh5+seCfiseQ9EU0m7i3vFjJ809v/ojlgwXBABr4ZlcQxY8ZlgiQYTcAIoxMlnBheduJHUbi+JIEd1OjNG79jNVQxodqlF7sYmls8tUHK+wcAVpZWCsRXOjCwhwt6fwxJNX2Sv6BBCSRCEsusgzAykIxlj0MxUAwNraYQJm/6Ri9O1yovm7V7BOnZK7C5vuwm/Npn9W8kNxbMsCoG4nFwQDkylKlCYpBIQHaDAWr3Wo10/hlHz011sDTZTjQOsYNtOwlZAai23s2TeGQslHd7sPKAO4DqA0yFr4gYPeagdh2Qcxs08EzTxoU2e/gcpAMzMz9sSJE66eLhVVe6uza+eO9sUXLr7z3Xe/MZI2qaikH44UDlESJ0eTPN21tNHlXj93Gt3WWpoZMozNfqwXkWY+QBFcGg98WahUQjs+Xi+QsY4UqFPAEsrruUJu52zHWJhUK84kMMGSNTESCCGVMVpKCUtUcwRZRyA2Bj6YrMsOwQMDTg5PrmhtSlKIcWNZQcJ6gVtVmVLlYqF6/I334cuf/SJa7S7SJOXMGtLKsCRBJJgzY+mtx4+h4kqav7aM7V4fxlg4QgyATWYWBNyAgUiKGy4acYaNXCNJFE+Ml6hW8tCONDaaGSQNQPFLSz0oY5HEOVgbXFpJ0c0ARQ7WNlMkuUU/taiWPbR6Cr1Ew/MdKA20uhnaPYVUMaQr0Y1yJiHIcRwkcQar7GtINJghmFF0BMYDgZJDWIsUVnqW6ea4SDe2hiB4DlhGoLIv4RDR7VMlDAUlPL3SR7Ugsa8WQAI4NhTSs+sx5hrKvlOROLm3+qFfWllsj2lvwbpO4pLdfPDBB+3MzEzvZr/w6MOPKjz6DaLnb9hCnzp1SkbfUxiNIqT9XsMxmTO0Lrd3lcKiNAVv7fb+j4T1h5ey2dMDiY4fy5EuMkCmHuXOFIrBxdorcb9d608HobeglW7A2ikVZZqJPB0p6GYEKOakH1Op4gOeAydw0F7tYuz7DmHPgTEM33+ErLbYnF8A/7EHvZ1BuoJc34XnSvQNIzUWQS2EYY1UZ3RtYRMQgqQr4XoO5dqw1WwbvUSMGDU5+Bnn/mwEqP/GQvXfXbAO9HpOWbpDC8Dqn+WF7j6527fdsD58+HBfeqJm1ADDsjcoCybTcKSgiy8uIe6ksBDIEzVYkTsEE+ewSiPd6qG2fwzd69uI2zHgO1BJDpVrCEeANGNooozmahthvcCB58AREtYgFjcIEa+/eG/962/dp7s6T7qJe2jslpWr61fDsYLHP3B78dfOLyYTgVejuskKVrtY6jAmgzKCwEMvUdDWIrdQMNxzwnBbCm72UtuKFG20O/3+divVUaLiXpR2c2PaUlJOhgue46TlsoewXPJLZb8KIVpKcU1Zw440PTaiJiQAyBwwHek4OYOLYJsYIkeCmcHKkaIycG0Qw4IIju8X263Ovne8/32FVquL65evQmsFMMMaCyGIhBDIVE57p8awa6iKtY2NgesaA6ErSRDdBIVIWYa+Ydp3s88nMRglkyin1dUu9EgBniOwsR3DkYDvC6S5wfW1CCo3kGyx2UixozegI/QSg/XtBHJA1UecauSaYWGx1UqhDSNJNXIroFKFciWgTDOMZuS5YWstDVwqwMQMBwMKQyszaGUagRDkCiAQhFASpMBrZFRpiYgIrdQgkAIvrvb5DVMl6tR8TsyAfjEUSij2eKig0FCMp6+3cfux8XFLjnZdxxe+e+Erb5jb2Dm/j75p2PkWh4WTJ086N0B5nDlzxr7v7p+IwtDcUpvacUcwVNlXLFduvXLx2hmdcLVSsXorHVOYmdE7Tv9Ire/EFQ/l62PLZuNqvb7q1Vvu7OysPv3g6cV/62297Af+iqZe5jnObdJ3rKkVhbAaIEuCPAyPlICqD7/oI9w5hMJohY+cvJPum7iFZ7NLtHh9HXk7hV8Kub/Vp7SToDhVBRuLYj1Er52QyTTX60UYPWjntje6yPMi7A1h/fJaC6JYGCIinvzh9zD/xnNEX/dwp5v46Ouvy8mTJ518pzfkVfJ49v+Zjb5rGNblRx/N8GcpVqdOyWN4VUaFUVR0GJ3/3Fw8uuf2kjUCwpWQTMwMJI0cQSDp7jfdgRe/fBEjh8Zh2HLNMFX2j0JJxqXPnIOOc2TdBFYS3yDzwiqD4eESVja66G73EBZcHDg6iUuvrqE0XSWda4Bth79eqOgmSTQIgrKOdWfrytZK+66269bdvJo5b0GnsX9hacs++uRVloA2EDDk0pHDe9BvN6GyREyN1blWKzl5ng/pXnfIgUIQeDi8dwKEKhxpuRLIpFAutR3Xaa+s97mfi/V+P9qcv7pBaxutaGU5bmfdZA2Ow361HI8MlUvlms+OdGOlzX62iDXZlgB1GLIriTLHlZkUbqBUHhVK4XhYKI5nqfZaW827a/WRXWPj42LuiWfAYAqLIbpZDkdKsLVMBORKY7RWRacf0+WVLSRqQPLE4L0gPdgKwGrDriAIJsqtfY0CJyTBGIMoslhWhuu1gDxJKBcdKG0gBKHdVwg88doccHk1gmWG5zswTGBL2Gim7HuScmW401dkiQAJlCshNAQMA0mqIYVErnK85mzKBDaGbq4MJICCA5QcCUcAriAEgrjoEJV9CQlGIAllz4EUQE8xb8eKmIGLjYR3Vz0oELVSg3ZmOLaEvrIAMy20E77V8PDuYW8ky3Ct5KruibUTstfriXtP3es9deyp7Nt4qeGtf/MDw67Y2ceNggUAn/yF3+zf9sNvvXb3D9/3Y2+6+46f3DW2y/24fXTzmatPvnwE9y4uXX9c3PrT7zhyZWHdFevOxcv33KZO1B+RHX/UIIYBgz7xMy9WjDVDjievw5G3VCYrXNkxREtXNqFaCvA8tNoRPGfQXWaZhkMWJADZ15wkGUphFcOTY7hecJF1EnIKHtgR6HdS1CdrEBoQhjkoh3R9oc1GMBXHypwlObYtk3Qkx+2IWs0IYq2xh5n9mbfMmBnM8GsQy9d5V6/9OvGRE4U89kqezHOgWHroow+pG9vU7xqG9aeh/IQzZ8w8YHa9+fa91/TyoQNvv+PtAH8v2GJq3xB5DlEU56hOlDC+axjGKNz+wEGk0nJzs0tDx8aRs0EcaZDrwHEcdBaaqOwbGVwOo1EoeODE3HjUEXc7MR284wBvbvUhJUhIw1DGDnpz4OTmSTk7M7iRPv3Ln3752Klj7vwt8wabKN1/6x3ipYW5O66tJ6wzZSv1utAgkeYKb3/vQ/T+970Tj332s1i6vsIqjkVQqXE45FqTtNDLmGOl8Or1FP1+hrFqSM2t7ULgmoLrmKl6uYipXRO37N5TxJuO345yrcpMbtzu5O3VzW601uhtv3JxdXN5o7PY7rdVtRx2q2VfFwqOEI4zLD3fz6L0mnUoZKAgpFRSipjZSKXzHhOKtbHxSj/OaHN9i/1CgVSeg62lzBi4jiRlDIMI1WKIq8vr2Gj32HOdgfU6W9KWIW5WdSKCHaDa+DpcBDZMMAzhSDADFoJjZYkjhWIgYOzAqyvXgwLiu5LjVJNwBKCYc23J5hbSEaQHGz2CGIRkEIDcCp4ar9DKep+zTEEgJ7CFinOGtSC2VHQIO0IXEz5hMpDsCZDSjIwZmQW7gsglRs0XfGTYp9AhVAoeCoHD672cFto5nt9MkEBQxEBmLBILtBTTq82cVxONikuIUo0Lq33Hk3KIPMrDsCT2tXbYV8uv0mhhlE+snZBzmPvmDot0vxp98d//yxz/8uvdxcOPP+w4oWel5rnz167RuYtXnM7G5pfO/ovPnZ365T07JieH3qRAx/bdNrXR6/U8LDx9ae5jc10AOPXxU/Lyw6dJd54s+77fSLN0PTN64+Dk0FhHWYq2e/BiBbgOtrfaGCl74NQwjYSklUVvpY/LtoNpz0N/rYV8pQW4Ay8tx3MwOjmGfqOPocnqYAnBFrFhbkQ57b5tEnd+7yGqeB77gcsF38XK9W1RKpZRGyr/lV0f9e9IhCt275z87Zmfn/lNADj9h6drUpgd/+D9/5/5m53WcGl6WJTMoeZG51mxlXX6dWW/26D7txSrEx854WIOmJub0/tOnagUZDUYqvk/snRh8RfGx4fGol4CKQjkC87YikyBU83kei762mB+9iJsZrhY9Wlro4tguMi3ve0oWsurxDdMU4QryaSaxWBnxJ1Gn/rNCJCDA5S0E1y/uEHl8TJzJ2bHdb/uaXUGNv/+fPTEqRPZ3Jm5zqlTp8QZnDE4A5s/lEe6vTVsLYugElLvsqLMEDxfgrQGCckra1t04dIStxvbpNMUZ186T3maYWR8BABEQYJ3TE/Q/SffwNvbbb7lnvtt1Gmg3Y54dW0Lz39tBUmc8Ei1iIJHVApM4cDuoWIhLODYWHjowSNHoaQ0jYjjVy9vXlva6r56bbm9ttXoKmPy9oFju/qh48pcOEfcQqjTfrwUteNM+v6IIFrMs3wi6vYKjhCIspxtrnCTnsQgBgih79HUxCivLK5wrRQiU4aLnqRMKSZlSDOzMkyGmY21ZCxg+YadjRj8H0Q0mMuEeO1zEAKZHgRQ5IqRK40wcLif5JCC4BIjZUPKMDuOICEFK3Mjt04IIhKcKQOlDBrNCDrX5HqSe+2Urb6RM2kthl3BB8ouTfgC+4qEQ7WAAncw8EdmcE57uYUxllNtQQDqJQ+VgsuuQ1Q3DhQRX+9rrKeWS0UJz5dI8xxsCYuRQjlwUXcJgStppZOb4XJpq5WabqfjqtnZM/bkyZMupjHiS78D4JsjgXj2t34rxW99I+Q89/CaV91V57Wra2e//PmnPgsXO1TMG9//63/jrSRxC6fFL1TLlU86peKdvXbve8dHam+u/ez7ripDXz7zwTNtAAhO/3ASX9towHeC6mg1HB2t0+VXr8OrhgNsrxuxG/g0vmOc0c9ITtUgFWPjhUUq3TrOZ4MX6NpXXsXKI/OQqQYPAn25PF4ir+BABC5qO2rIF5uIein0Rpd7G11IR6A+XqbAdeF4Eo4ApxZMHg+xxJullCgWw/Ef+bm3/+7v/NJjEUIIj0vfwPH3+qahQnUlLIbeSiPMdmwm/N0uWN/ya+5jcze1hIJTJ9DF/HuVsv/Mq3jIlLbbqy1WuRFhJYR0CUknJXIEnMBFq9GDX/AhyqAEhNGjk9g+v0HnvnSR/ZIPr+xDxWqgzvUk3dwXF0eKyOMceWwgpSCdGGxcb6EyVUMQuCLtqwgurwzOHCgfzVulCyW+/9T9oyvYHjpRP7E0x3NJ9aeq9uWzK+PS2nIoGRSEXKq50mjFIrEolIrkhSGCkk9DVEWvYXlouE5aaxodKmF1aZ3XM01BpcIXLl3Fi8+fFX7gY2JynJmJwsDD1PQoSsUQhw8fRhJHfHlhERuixluLW9w+2+SiY6lWK8pj+yfK4wXn9iN3TN4+/MBeO7ZjR/96TzQ/+ciTv7zR6s6HldJ2muTaCVzj+l5mDHWtUYu+h+OkE7S2NtkykyRBbBme68JqjTiKMT02YkPHEXsnRvjqygYcoSiQxNYYSqwCg+nG0+EGoMVM4ibLaYBi80BxQI7vstaWSgUHQgh4LiHPNXJjIIUAZ4ZuMNBhLN/YjwgKfAfaMhlLsBaUKgPPlxRFCn7o49r1FooFD1ozwVomY+GyJVeASxKUKY1lxbjSZpxvKzywo4jjO4pwBRE5AkpbpKmirmYOXHkjF56IHRdGANe6ObXgIuEMjczwzqJHDOaLG11ClmOiVuKxeoH6jstJlsv9O/3mI2e72w/cacKHHnqId+3aMhculNZ3jO3gP2HSeA1wxz+Hd3UNamK/X3ccmd05MdzpOEJM7Jz8Cbje4nOfePo3RgvQZ/ZA46dnv3roI+85PzzsjThhMF2qFn7oLf/sx7uUmi//8X/4dHf69oMrbsVvO+V6bfS2fZQtr7DdMpAFF/AdSgCsbTQJxkB1IthcwxiD1c/MU+daA5TkgOuisLuObKXNlXoZylpkzKzTlFrrbe62Y6LAw9TOcR6qlGnh4ipSYxDFGXvSQZJqEqtdzpVh33ONVkb0IlWe3lkvAIhmHpppAmjeoJ8wADzysUdiANdfa2wulP4X0xpOnZKHnM16udzvtK6i0N+MUD84uhFKJ11fbvrMREpZISCgY4VMG1gwqlNV5P0MeSuBrAGV0Qo6ax00lpoIxytwqwGEYTiugKyFSPRgdyUdSdoY9LcjBKMlxO0UJAkkBgdqc6GB6V1D0AYZpJ99Q1Fl0OmH0Zi9+OBdohU2QUgn3wN30/FGS2yGe3EOY5iEH3BQKSDq9iGkgPA8EA2oEkppSpIUQoiBvS9AQehzvx+RdCQPDw8xD9oPrG9ugYiQawujDV589QLKlSpBEE17PpeG66I0MowkSXHHfW/ku++4g3/ln/1T3lhfYsem4vj+66W3nbyz8nd+8l3/8MwXXvjlr569uFopF5fIypYSGJKwU+Vq8cU8yw47gX+PHxZsc3tb5r0+u54HKwAvcDG08yB21MuUZ9nAtRQD/V5bKYrSHNra12+f2Q7SvIgAtjRwkuBBaBeEECykINeTkK4DxxEsYEmpgYXz4A+C6wzeEzvYOsKCoJlgQVBmoJPRBpAWCAMX3SiH7zvodjMWYgBUWmPgE2MyEDThCRQEULvx0NpIDH/mSoe6ucHJ/TV4BC4GEkWPyNdAZgmelGjEAxLrYkehxZKHJytUS1LeOTkMDZeJe9g9Svgrb38j91ptPPvVOVzfimjP9LCz1s73TE9jqJ0alSRJb71bHxsbq28fO3ZM/4nzB4E+/vGP23c+/FfDg0dxMFWeGCvguZfPx2O7btvxY1rrhf/44X/x74+dPuXN3rAVZma672c/GE1fRuvMmY+fv/dvn3q+MF15lyjyTz/0t34gSVpxstxqTtcnqnG1PoJuPwXZGxVTEjwS8KRkMBPllne+eRo7D+2gFz/1EkS9CLcSIGn2oVdaGNk5RGE9xPZ6F57vkhM4iJoxFYZ8lOolpL6grY0G13ePQQimpYUl8jwPnudCuJJsbjk1uXRc14alYCgQ7i4AW6dOnZIf//jHLX2HINW5yTmDj8H+ry1YZ87Y8ntOxCgD9QCqsdEVIzsONqJWl5N+Rq7nsuM7gGU4JX/gm1T00Gv0IVyJ6Z+4F8WxEEIBpaUO4tU21mcvIe+ktOuN+zG5m7B2dQsqVQAx+WNFZI3BNmrs1mE0rzZhLUAOISj50IZRKvsoVXwHxvjf/OybAezbf8T96slDo+qen/uR8AfvGbUf+cefOlHzuBKGAWeGqFQIqFwKueFuYMfoECaGauwC5NnBSddZjiD06WZ8VqY0qSRFliRIs5xKxRC+K0jcELyFrgP2XGYi0tpwtVpEEsWUugGMGag88rRP261NKtSrfLhewfrKCq43cv7YH86pqeFXqxOTw+/Z7qT/dzEMYAkRrCUmWVcWt0vHXLx2ZfF4mqay4Pt88m0P0OjuHdRottHpdLG9toUrS+s8sXcHJXmOSGlOlKJcG86NIUkEVxCsZbZgkgP+06BwWYCJMPBptrBKk8o1lC/RixXIMvmugL6RHem5g30myYH5mCcEMPBfRKoZnisw2IYSyiUXuR7gYuDB8iLuZaRzA9+R5IIx7AK7A4H9ZYfHQ0m1QPJowSUSkl5Y72Mj0ji3HuHO6RJZZuSakVkgMsBSK0WPBDYyAx6awNseehDFQPLI9CQJz4W2Dmx3E5ZyPPHsNXrp/KI9u9LG1Fh1saPUkgUwXBren8vsorez5eusbi8D2MTjAgxzg2vB3+Jicvq0eM//8aGq8Id1kncnVYynrm0Yr7Zz9I39ZvL7n/kHHzt38vRp50FAP/Z33ld2C52EiDSA9CkAp06dklejeu+Pf+5jv4Njx7yTP3L8B50w+IDK6Oh773vHaBAbcMjwR0rINtqAIFBBIFc5wQLeWImO/9D3cFFJjsjS5tUmWmfXEQhg5P79yKIMnU4MMCNuJ8jrAsc//Fb85fvfhwIUrjZjzK+9jCf+4+fpjtE9fPvRffjkmS9C5QEVygGqw0XKM41CLeQfev8D7tNzl48CmDt16hToT0p9nvnzIc3huUfm4kGzdcrOnZ1L43fcGShivz5WAbsCaZQgHC8jTTS45KF3aQu27mPfB+5EfHkL61++BOMLIM5RHSpj/3vuxPUvXcDVP3oZ9/21BzHBQKeTwGqgOFVB71qTVKbR3egPbnYQjNac9XMyygCWIVzpyLDg2m/QnJ4mR/5Dfux3HoseG3zK/BIQhCPV8o4Do550HcTKkIHhIAiAQR3kouuSwEA5SyRISoLVCnGcQRtAMFAuBYi6PXIIMEajVCxhdFRhc6sJozJUa2Xqpxoqy8AooD5UhxUuulGMLE3A0FjfWIfnB9BxH1oZ1IcrYvfOEXbCMn9p9onK7pGKShOTicC4BPeg5zhN4diLSZq9udm4Et1xzx3VN73jLdhqdTH35HPYWBg4UBqt0Or3KVYKvSxHK06JrUGuDYWORNGVsMaCJJMjBTJtkWhLihmKGZoZA6MmAhsLleToDUItBm6jAFxnIHImR8DkBkQEYxleQSLJLZgImWJIhxCGDtSAsgA/9NFqJZCuhMo1j45XqN3oAVGCsgSKktDJLRa6OVW8AFUQWbYYLXq4d2cR1zoa7dxgvadQ8ggdbbGWMLVzxmYGbCmN4297E374Jz+I2sgIVKaQ5wmyLGEYpoudpv0Pv/159BODWq2G47ft5yzP3V6iaHWj90PWTUqThbHZW27Z7axEm+k0dcYzYO21HNlvMxKe6s77m5VCUnI7w1vb7S8WbcUWJ4O35IH3lc/89P+zPggindGzAN74d94Hk5XKAFpf7wHOWADmoY9+1N/KMjv79z72n2/7K+9+tD/aea9r8H89v3i9EI5UrVWpZDCgLPxayDbTgy44cLB1eZN6JQkMhRCvWk66fdrzPTuhlUVvrYN0vQtZHRgnlt88jVRa/KeP/z5f6a1D6hwHDu+h2//mg1j6/Dx5lyP7l37gnfQHj3wJ1ZEyAk8izXIu1ArIHKAwXJZ/xkXdnyst4WsEsc5yY4g9Em7J5yzJUdhVR33/MHqbfWzOb8DZXcehHziO+Oo6WmstuPdOozhaQiUsYuPTL6PV6aN4dAyyWsTlc2sYGS6gXCsg7WYIPR/kOCyMpULpBhjoOFACpDMNAaDVSrlQLgSlQA51ADz00Yfcz/7qT2iiDxoAzt/+139vXC1uPjTq0g/cOebWW3E6/tijX/O1VhgtutT3QraWqeC6bFQGgkWpECLeVCg4gCkGsMagIA2UMIi1AasMFR/YShPs2VHF/qkqNja2B1ynMMDA5BhMxBQWivie++7Bc8+9iHIxBKsMQ7UKCIyo04FRObRlsM5w/MAUGrmgu27ba5+60NClskPainHriksU+m1PILGuvO0d7/s+Z+/hQzR/9jzOn7tAqcqQa42020OhWGSVZtSNM+5lhpTWLAVRyXdRkAKSLKqBx0ZrynkAYxkmwHz9TVX8dZcBZgutNAqlEORICIeQagPfdRCnBoEnIaQAOQCkRG4GhQpgaEsgQzAgeIHEdiOBdAisGFZbitIIEy6wd8iFsAZsGSOBg5ov0P//Uffn0ZJl13kf+Nvn3DnmePOUY2VWVtYIFKoAECAKIAAS4CCKEgvWRFNsydSyLKtts23ZslcDWFq22pO83HJLLbspmy3LsghLbFK0JREcUCCJuVBzVmXlnC8z3xRzxJ3vPaf/iARFq9V2u1vsRcQ/b1rvrVgR7+67z97f9/tyw1jX1hMr7WhJbFiNHCpj7Tfvx2hHJK6sHRkls8oyLCz/wp/6w/ZTP/ZRifPMHl55V7CGbr9HUeSEYYPdc4/KX/oPHmNjvcliPiebz23U6Gynk4Pto/07fPGbN73fvnb/7pXDgzfWOs13G4Fe/Hef/5Wa/9e0HAD57Gc/K1cev1KEB1UjPayr1dVVtMtHjeg3/6c/99cOHwaj/k5wxVf+o19cfOrPf9r7nQPlw6ARgEn/sOEut4XT1uxM9cbf/Ju/ev8H7v7Zm2p4yu13bHwvxus1qB5MbLcRimeXJ9Xuet+ePJjK6uUtHOVw7+p9aaw1sa5LMY2Z3R7RP7uC4zusfe8FJosZb/7iy2z/4FOSlC7JIGexfwDffpcXXvwAztlY8tfu8+EPP80b92+xsbXF6Uc3xdMO3TBgsVg8fP5f+GcWhhc+u/RTfmdL//ulYNkvLLEsdnQwXAu6AUWe29q1YhYFgzsTonZAsNli99NPoaYWKo+1Tz1BJgbVCCh9h81/4TmOfvUt2p2WVUGArLaYnUzBGOnudEhniUWQ7loLldSYol52bkvmO4hQZDUN1xWt7JZ98+c9eeIzlfx333zkL/+HP/PDHzzf//5OHT+jw+Z6pBXaFvzClbukcWJ3+qGc6QccEkqj17MngcdsMOC1b3wL7yGCJR0lrIWgXY/VbmjfPTkhr43YRUKQjK0qMnk0zPjeS22m03X7m5OZuJ5vkySRolwKIHf3dklKQ1VVeI4i8D1WNrbtvf0DsvlUWo3IrrQD2V5rUaQTbtw4odvpxoPRzbzf3a5LXR352r3vQH88T+un3nPx5t6ZMy0l2rQ6bdXqdhhdv4VVgtWayXAs1lgGk5l0G+FSq+W5nOo0KNKMojK2rmuZF8v5orGCIxaloTSgrRKMpXwoDDSVwXWXQaZFUWHQFpRkhUEpIQhdrLEoR1ErRWmhyOrl61fW1KKpa0sjcinziiIzOFqRz2M61LhYCl+xFWjOtRzOdDxCR2h4mgqRvK5tVi1FrgdxzbgwclIYRnNLqZUcpgXzouZf/td+gg998nnZv39M1GgIWtNqdVGuQ+i60myEmNlU7tw/ZjwJUa5vnWymb1x5nUBL3e2EKgjU9ImLe8cvvXIj6a02nC/89f/x5HchYH5navXCZ1/QX/rcl+rPfe5zzG96W9RejiwcpapP24qXf/Hf+pt3Xvz5F/XvLlbf8Rr9I8h/19e/86k/KUzRbHSufl3lK91hv/nkhd3t3QubZy6dtkdf/YrKjxdLM6VjJSwVWrvQCJgfTaX3sYtkBbz+V37FNi/viFYl+TSlHMQ4CDvPnrY3vnld2r6lvJWz9+n3cHswon12k51nW0hVkr57ZL/y17/MX/gvf4b/6ht/XTYC11588ozkSUW03SY/iuU3v/YKKsnmAG+9dfmf2UH9f1uofu+9hFeWb6Ny9DhLSpzIlVPP7IlxPO5cu4+/1cObpOSDBSYMOZ6OcbOQ1edPsbLaQaymLms85TD6xk0JTyo7Hy2kOJqjRMhmCekgEb8XMRsnnNwdUxtrTWVElMDDpJk8KyRNirrTbCTyxGfcP//v/Ss//vHH9v6Ds159enFwh8VoiKtrMxNjvCCQr79xV9rtQB0PF/bxcxuijzK72nflhsamw2MWYlkJXXRD8+jZFv5wn243wmg4faEtSTy3F7eUzIqMZ86e41y7sIvjA06veFzrhNwfzEQ7iqqs8MOA+3fvM0sK/Cgii2MC37fT6Zw3Xn2VdiMky0uMMaRZwWS2IC4qbFres6aOleeOm3V9FJus0wiiYDA4tI8//of+2Omzp+3rb71j3712w966flvyNKXOC0SpJXfFWjmczGxnrYfvujQDX9aaEQd5bkEkraxFiSxFvUZ8JVgRPAuVtdYxIovKkD9UOlR5QVVUaN/FQ0SJQmsh9B2KyiAiGCMoq6iN4GptXd+RZJajlMVxHdLCoj2X2WiOYyrbtLVEGJIa7lUVXV8vj5K1ZbXp2qa/DA8L0JLkNblVJHXFnbjmODXMamGUl8yVwx/9Yz9IsLbGg6MJ21s9HMejEfoEYcjh8ZjpbM5wNCYIQ3zft2UtUueJ9CLf2qjPyWQsb9+5Y668e9D5B1+/Zv71n/q+w7vldPriiy96lz93ufr8Eg9qX/zsi14VdtYbOht/5t/4jJELK+d7Rad7597JorMaPFcq/Y2rtw/uvfDZz+ovfObz/59cuL/TrSUbbR3lVew1cynQZ3eb/cbRcHLYdMPTfmms8tzfwYNTWA6OZuBqJu8eMfk//UOMGIJuW05+6yqrlzfQXpf50YzmI2sc3xhI6+IG6YMprUsbrL//Ar3a8tT5xzgpU8bTAWZjk+uTBTe/dZ0/8AMf5r/5L/4uz3ziSdotuL4/IBtmthP4bDUiA3DlyhX5vSgrv3cF6wvLFztNC1NVNfF+intmjembN8mHMaFySePc9nd6srg7oTzd5j0fesJe3jkv72ucYeFW9v/y8t+X+SjG7bcgq8TeHFJOMlxXgcLWeSXp8QywKFfTbPkyn+ZL1IgSLEtA3c07Y5VUxe4v/Oy//S9ttdr/sc7HztuvvFs2NLLaDXTgKimr0un3mqz1WxwdHVMvMnny0fO03BNZkNkf+cA5sVLy9PmAfDxFn9tAS49i2MaL2gR+KP22otMVCaMMx4lEdJfaDaUd5vy1v3uFweGQqNXAUcvBdbMRsFjMeOKZJxiOp1hXUcZTaXsVgafBc3E8l2JRstZv2ygKrZEZwyS55jWbdVokfqBX6fS9+p1XvpX9yI/+gb/86JNPPfPlr3/dXL16U48OTsBUeFGIVpp4OkdcR7zQZ57lcvNkhBP4rDQjxFFUxopoTVmVYgBjH+Y2CHgPfU0iShoPv57UltQ+PB3qZTxZEee4UbAEwmlFmtdorVDGLAWlWuN4SrK0Zj4vULK08iRJyWI0J6gK2o6VDVfQFtAQacVJUtpRoOXSmodFJC4NtYXcwKQU9hcVt2aVvZsaGZXCSVxgA58f+vFPcPqxc3aWJBLnDfaPJgSBS8NV5GlCXDsgmgpFpRwaQSg6ithc61LGc7m0uWMbTi11POCDzx6ff+69Z/4P//HPffkvtjfb77zwwy9Mv/T3v6Rg6W465tic2YgGw2HUTPfcZ7r94NN3J0eHm89sthrKPzm6ejS+9MQp/ct/5vP5/9YTS3dosy/+p38nfvann3UX7s67zcDZ+/mf//s/H0S+LCbJk/mtQRh1ApsaRbul2X97LiQluhtRW4uuFc21BmsX10juDkmbAXVlYbiguduz2vclGWXIOW0XUslPX/o0PRXZVJdy5I3s3zz4Rcm3A37z732VP/1Tn7CLWSJvfv06UTOg12/bRVbIU0+dxyRltJxhwxe+8N1UsF58UfjCF/CVY5SnKDvWDt48kOpojtsOWNwYYH0l1ELUafHI5XN4YShP988TOS3uTfdZ85rgJ6hdn5NX9/E6AfN3jtHrLTRIMUmhMvQ3W3zokxeXuX6J4asvXSeJC5Cld24WZ+a5c+v/UreItw+uH0mj6dWPXD7vOkWKTRPrqlqC0LWuMnJwNGSlHfLIbo/FbMH2asA0LTi/2rDt9R1Zbyq87QaF43Nw4x5eo8ViXGPIOZqUHN2b0Ghq4kmBHwRIWbIaFfyhD5/j7/1GSGzA9VzrVZad3XVQruR5bpWtxXEEo0BRE09n5GmO6/sEnsNGU8vh8UjSUtjb27w9+8bV2RnVVJvb2/aXfvnv1j/yx//4v/WJP/ijn75642Z19GDorK2u4GnNvBVyvH+I3wxxQp9RlmOKEq0V40VqW66SXqfFdD5fzt+Achljj1jw9RJy5whEDz8vsTQcISgNo9KQWaGsaurvODWtZVFXlKWHXUZD4WCZTWKMKBZ1jcjSKziuDWW8hAq2qNgNYdNXXGq79AONrxW+o7gzr+TGtOTauOC53cimZS1ZZZmXhoOk5q1hzkFq5aSCQVZiHZfv+ch70Z7D0WDExfOnrNVajoZT5nFO01e4vst4klKUtW22m6LjnPFkjiuKN99RNJs+G2td+m4pq03NI4+ccR690PvgH/2h9/yF//FbN//Nn/iJv3ryr/7n/6r30Y9+1Hz+c5+Hz8HP/dTPZd//n/zUJ55/4UN/7tlHLn3IZoV688G1O1/87a/8R7vn19vTwbz85F/6Exv3q/z+lc//E27WPwPg9z87Un3xP/1vE0Be/hvfqp7/C39IpSn329P6fkPUX0yS4s/asvxDZSI1ntYNT5El2XIkkhbwMB385Ks36Ty6SbjeIj6Z4bqaaK1JtNGS0c0Tgs02Oupwfu8CrlH8Wv6GPK63ueyfktZ6n2i75tpLX+MfvPINCbstimQptB3e2Rev7dgzW2u8+/b9786o+s9evmw/D3zsU0/kN6494OrdE/Ejz54YK5LXlHm+1GBpTeyXpHcHbJ7bo7YjfvPoCl87uipRENA6u8Lg5RtUwwXRZhtqgw5cbJItjbkifPTTj9FaCYinGW5T02gHxNMc7WssYMqSJ3ZXdt5857ZtNiMbho6OJwtaviVoBuL7GkwpdZqRp4WdYOW160e2kjHH44X0t3qy3RZ6Bwd8a2LZ2mvTCeDoaMbh4YKGb7l68wTPU0TNJrVVmNLy+CMNGn7NahCwYWd86qk2//DNglYjpCiNpHFmmy3N/rXrYrSDUhZX4O6DCdPxjGagUFUujjG0QsdOZ5WKFBycjKbFJD3qrO+6v/Xml+Vjn/qBRz/9B37wD1+7+m59/d0burvS5ea714jHE9JpjMkLjAhlkuG6Dm6vzeJkYm1dS+U41vd9GY4nlPZ3glpRWEJH4anliCZyFKGjMA9JnkoLTZYD8xDIjSIzhqIyVNkyaCJf5CilyFyNqSoeEtetKUuxyFLXlmZEWBoaui6cjxSPdzw2GprzKwGB6xCXhu0OzOo5bwwz/EDLSuhwktR2UtQyKuCkhOOHw/XUwuWnL7B9eot+r4UXBjJPUkQJjUbEPE6Z5ZZiOqfX7yNlJZmp2ej1iFxFXhuajkuka2w+l9h6OHHF4dEJtQjvXr/zg44jl37iz3/qJ2ej2ZtTd7r6R/6DP1XNqjT4sf/izz63dfnUT+yd2v3AE+1Tjait5e9869cWLPL1Bwd3HqvFXu/3GsfhLHV++m/8tP0v/8x/Wf5u/913rp8P/OsvhnsfpPjCZ75QYxE+91nh8583L3zuo84wa5eOtj/iNpzcuPplsupdVxTl8cKS1/jh8lpQAu/56AW2z67w9tUj7r5+yPTGCeIqgrUGJ28+wIQOcuOYxlaPjfed5UEyYWOaczV6ndXQ42p9m6yO2fA7fO1bX6G92uT2jcHyWmv4ZJMZrrWYEFzfY/f06ZLvtFh84bunYH3uc5+zn//85wn7jbmjrU0O5tK8ENgw8EiLGjdwKSYL5t+4zpnve5p3bz7g7f1bqDq3m9WmnIlXuTq7S+gFjN+6R7Pj4zQ8TFkRhJrFfDlYF4QkKzi5Nsd3Ncb3vhN0/LtuW0rVWHs0mhFnpei6ZKXp4/UbuKGHVQpHC2EzQrSS+6OEJ89vyLBw7CItObp2hP/oFo2dTX7gD38fL/2j3yBODWefPI/XOeCtN25x6twOqIiTkyF+u817n9zlwiM7DPf3GZ/cYbDu85EnWnxtP7U4jrhaSOKF7G6v8tgHnuAbr75FKxQaURutPDxXMZstCLVibzO08SJhOk8l8hvpzYOj6elWq4C5e8lZt3/0j/+JP333/kHnrTfeqh/s3xdjasRRTAdjlLGErYh4skAEgmZEtoixphYrkBalWKVIinKZh/hw1qtFLdOksTS9pZ4qfojbtcAiN8zKelnkzFLu4GhF5CsKo8irmmV0vVBny3kiSmHqWgRL09GsuBZlliJTxxoaovCVEHmKfsMl9BWIxUVTFyXPrEd89SDlnWFG09fMK6RAOEhqjithjkNOxebZHS48fp4kL+mKYjSLuXn7Pv1Oh63NHrP5gkarS29tg9FsQRBoWs0mJcIsy9ncXEeZgraraHhq6QDAlVJ52GwuaVzkv/Cbb5zdOLX5FyeD6V/Sbd8pvcqPTm1c9M6s/4iNwr1Um86Imn98+5X0/uQ467Rbz47Hx6kWNc8Pi6Ow3/bfuD049eF/58Xhl/jS+Kmf+ROh25xYl+6247lT40h2cM02sQye/TM/7bB14L4MyUd5yfx9+6mzjuv1bCP8SrfT5eju4T5ZaU1WaFHC7aOhnByM2bq8xaXvO8f47oDtR/uMpwWjOCfPS2xcEHYj5vtjWo0IZwOOTk7obvfk1sldG3k+g5OFZIdTm3/yCfn6y69R35vSurDG8MYRfjMkPpjR6Xh0exEJmtF8zmCUlA/1GN9dHdZ3VieTg3hWlSYVbCS5obvZIb09oIpzHM/l/lsHuM/sYNKEg2/ew/tIQ46GI1Klabf63P3yawSlobnd5+avXGHzzBprG11m96coR2Oyyr76ygNZ3WlRFRWrG30Ww2Vikq0MpqqpUfbOg5F0t1pUZY0yJbbw8XyNsTUSaDxd0273+MFPPMN/9XO/ZkPfyu137sjmSmQfP39annnqPP2VFr/9G9+g0d+yRQVOI5JeW/F9n3wPUaDZ3x9g5ifsbfs89cxFbF2wtrnOcWltFTXlzDmPpy8W6FbfjiaJWEfbTjsiUJXs9tsMDu6TFgUnbptkkWCrmrN7fVYjS54mLJIc6zaGWUHSe2yv9Wt/69eyP/5v/6t/6itf/+afODwZVLeuXdOz2ZytnQ0mgxFVZRBrmd07QgcB2lGkswWmqvEaPskgw9Y1t05G+EFANpzhOxplxXru0osTugpfC1mNzSsrcVUvQXq1pVq6of/J+20sVVGjRIi0UIpQ1mapqrQG1xh8R+h4jm25IrY2FmVlKZ5Hmo6i5Tv0IpdW5OA4GkSY5hVGhEVtKCyMc8OwgtQqFrVlXFoGhaF2XNZPb3L5mYucO7uNrUs21ldZX+3guy5FmjEaz3GDiGlacTzPWGm3saYmzmuK+Zzawv7oPiudgJauWWu6srneZZFVdMKIzb5nH3/0vDcsdPXX/offMM+878JHxXj/E7VRyXR2c3G7/u9VM4yuzeIL+91bTx0fHR6v19443Gh+fDHPzqg0+0ojDOKj2ydvFrm+z0rFpnfG6TVxodMsMc2qUKOv/bs/O3/2b/x09qn/86c8+yz9unAFSL6Y/O8ajeb4uTwt5/mi6O2P7n46niQ/ZSorXjO0Zjin3QlAC7uX1pkcz0Fpu9GPZHLZMLpyH3E0yYMp3UfWKd9+wPGtI9R0ytbmk5RVze3bBxJ6PtPBkFa/zWvfuEL6S1fptRsQuuSHc+IbA+qsItpsspgVtPd6BIFDusjN7+WRUP+e/eUraNZe0G0v7sgi+8lFZaN4HJNnhTiRR51X1ElFlRSki5zOM2dIj6bUvkvdD5jOx9jxjPFvXSfo+gy/fpdqWuBoReArlLXMxjmilMSjhNJAkVuuf+su+SJHPHeZsOM4KN+VoLKstzySOCHNS+I0x5QlvlbousSRGi8Mee9ju9jRhK+8fFU2+h6Op+n2e1LkBTdv3uPbb94hSWtxbCF1aXjsA++nqSdEekE8K7h9Z8TGRtdGfiVZpi2OlqSwcjh32GjXXL8zks1zl+T86S3Orvhy+Xxb2nbKqVbBE2f7nF7tQHqEZwu2trYokxmbbSSOM3tnkInf7V+7dzR5NYjC7ImPPveprDL/x9kibYynIyniRDmiSKYzTF1brZXMhxO8IMCPfOLxDDfwCFsR04Ph0klukbio6DdD4jSjNgbP0RIohaeXqve4qFlURqZFTfXQAiJL0TqOUixDHSzqIRW0NlBUNcZaAiUECtqu0HUVLVcIxEqkYN1X8t4VnzMtVxqOkBvLbtNjNXJxlZBXMC8M88Ly7rTkxrzixrwis8K0hsPMMMhqTvKaSjvoKKC71mN9dxPP9Wm3IpKs5GCwIDViwcrKSg/HcUmynCDwUUtYIrM0Z5KWWKWJ2g3rN5p4oSemrhgOxlilmcxiJvNMfF/b9z+5q89u9Oa//Jtv/IZ1lFlpRZNiFg+aWfzq7dduv3V4cDy+dWv/wc233vjP9/4d9ffDF9d/Peq3X85m87GIebrVcj/aitjteKo3ORmVX/tP/v7RnZfemH5g/dJJ0jZ+90ef1hc2F+Xxm74TrK6cTZMJOx88r3WgPl7U1TxLit2qLDS1zSZHox82lh7WGD8v1DNPb9tv/vp1ufjh89a4SpqBIw8OYo7uTpjeneB3IxorTRbHU+olfYCqtFRHc8qkoApd5vdHUNQsjudy9NJVQu3j1CXjl+8SXx+SjVN6220C38XTyq6f7vHcey+om1du/+xXvvjGDV58XF35whX73VSw5NkfWFXx1HOkTH8iL03PbwZ27dyaNBo+w/3xcsZUVrY4mkt8MMVZb5PcHxHfG1AeLaj2x1RxxvitA/J7cxytbOBpEWXtZLCQfJIhjgaBYpGTTFOMFdDLO7NyNKI1ru8S14auqzFlSZoVWHEosox8EWOyApNm1rFWGs2AD33oUbk7rWw+neFSSv/8ZSJV0giE1Y1Vkjizo+OhNHtrnH3mObt+6XuktX2KdlhTlTXtjU2uvXNXVh95lt1Lj8lqp6RWHYb77yDi8cipNfphRXx0m9VGwdmdiHbg0Q6g11A8fdplpwk3783YXfFYb2qu3B7bQVwJQXjzcJR8LZ4N/L1HHvmL4kan50mqkngu05OxzAYj5uMZKC3j+0eEobds32cLHK2J2iEndw6pq9p+hyBTZLkNAk9ariJJC3ytUCIoweaVkXlpSCtjrUVcJXgPfx46arnxxFIZiyPQcBRtR1gJNF1XaGnsqqek7SgaWmg5ilVfsddweGLFt+c6nmw1HHbaAVVtrbFIJ3CYFYY4r5mWhluLituziv24YlpCarGzWmRSWGZFjRNFKN9hfXeTvbO7NFoNmp0m09GcJM2sKC2u58vh0YBbd0+IWg07XcRyNJwySXLictkF1hbyrGA2m0ltrZRGocMuge9Yp1rIYJoyyeHo+ETqxcR85Jm9nQ899cjlr75y/etv3Tqcv++9jy0OT6a77Y1W23HDC72o/ytf/ff/3tEV+6K89vhfOn7r53/zxu1ffeON6+M3vrZ6/rGXbVqnonjWYt938WOPvbD5oYut6ZZz4jqX5mFx6A6nunvq3Hn3eH6y2ey0vtf3o09pV7kmKRWWd8Ynkx+2jnbyef4EsFJMEnqRI+sbDbny6qEdDxbS2mhz4/UHpCUcvPoAqxVVVtDY61KmJYhCC1TTlHyaEr9zRPbmA8z9KfGVI9x5adNZKnqe0goUD944IN+fcuaxDZ7+4BnGk4Rmw6fZC9X2aquYHaX/8Vd//Y2TFy+/KC+99NJ3RcESgMsvvtCwtQ7fup5MT606f3hyPD+F55h4MFebj++wurPC0fVDlKNFRx7l8YL0rQPyt47I3j0mfveYyesPSK+eUD6YIbWlTgpRnsZzteRx8ZBGqrDWcurZ09bvNiSbF9S1WTLeRTDGLhsJrWQUF2y0fLSjlkkjecF0UZEsYjqhlnKe8fprtyjixH7600/jrpzi9a9fla01jd9oMppldmdrVVbX+qKCFgfvvsPw5msSdpq0VtfwO2s2nR2I9hxqry0rfUfuD8Qe3nhNWnpkrxy1pY5WrVOXDG/dleF4jiiXBwdDvv6td7l3b0ZeK37lm/d5/eaMZuhxZqdFyyn55vWxTfNa6PS+ef2dm2988sd+7IVHnnzPD0ySxMurkvs378h8PKGqKhAhm8U2bEXi+h4n947ww4C6qpg8OKHKCsQiGIsoZRGRWZzatUYgUlfktUFrobZWytpSGGO1KAlcReAoArXcFlq7LFTFw9lXz1dsBopH2i7nmw7rvuJM05GdQNN3FX1PONVy2Qk1F3sej6z4stF2iTxNWVmUiCitGKQV48JwlNbcT5c0hkkN8xpSY0kMMisNuQGvFaJDn/ZKm429TTqdFoilLItlfqXnSDMKQAzzeYzjaY5Gc5klBX4YUlQleVFw4+Y98AMC32MwGNvxcCJxmpCamqKsJHQCs7q2KU8+ukmnEVCkuZoMR/Xzz55fffbiqR+6+tZh/qVvvzvoB84HPLdxxzO89ouf/dmDFz77gnPnYz9XY628+PgVvXZ5Tf/Ji3/S/O3P/7Xk7lfeObj95Xe+du+r1166+H2X7qQpm7a2j2XloFNsNFZbXnvlTnH8oSc/8p5/95kLl3/o28Nb2+PZwk4W8dbwYPC+eJ79kPb0x6q8WKlmmVQHU7nw6JqErubW7SmiHbn127eI5yXJYEGZ1ygtWLNskb3IJz1e0NpoU+UVNi5RnovfDvECF0+UdQ2SHs7IDqYcvnKP1UaDD3zsUba2Ozz//Hmuv3XAPKutNkin1zz55S+/858M3z1IXnrppd/nM6zPoh4aGn+nquZWa15+uZKLHxiWlSE7XlhblRy8e8DZp/do9KLlP31Zo30HrKUYJVBUYAy2fpjdlNe4/QDH08yHMWVWsXtpnaO7Y9yGz/TOiJObA9l4bAdbHj0MLLBLS4gFWxvxXddmWsk37s15arNBmpVWVaWsNSNiU3L33ojCOKxsbWDcjhxfvc/3P71J41/5w/aLf/eX+OQHv5edopLKGhpRZNvtVEZ3bjCtXG5eeZVWecvuPPFhufw972cxmbIeQ20de/TuFek0fNs5e5m12Q17/eaJHM6ndr0p7G53rGIu77xz247GlWTpkJe+fd822x6PXz4jmxurdrVj2H/nREbjBU6rzXw8iZ94/3M/sPrIY3/q1StvqySe29HxiRRpCsZiypp8EeNGAWjF6OAEa2ExmFAmibXG/A4DWbkuSouAxYhwd5qyF3mQL+PjjTHwMIFUP8zve6jJBSylsdTWEmrFqZbDRqAJtXCq4+IAeWXYabooW5OUoLVaZiKK2M2mI93QRSloRg5hZNHjnK8/iJkXBiPCKDfMa4gNVAipEWZGmOUVtdY0+y3cyCdqN4naTcIoIi9LpK44OTih1WraqN2Q/dtHRFGIF/mURW7DMJDSCPsPTghDH99zOXVql1mckLkO86wU7Wi7f/2BtA7HnN7d5K41stU6tll+ijNrgYT9VR7cvKm+/OXXzXufOhN8/qc+/Of/b//jtz78P7x666++99Tq4O/9e8Xx5y78ZNBuJPKln/95+6UvfU4++uKL9q/sf9X9N/6Nj5af+9znlu+BWhJ3//Hnf/E2cJsXXnCefjJ6f3Kv+tTpTzzykQ+fee7yn77wQxuJ5NQtVu/cP7j4yjdfD4pp8nW1KNXiaO4XcWZtbaCspbMakcQ5VZyJtQ+vxSWdB4zBbYX47ZB4ltpimojbDkjnORbQDQ+lFfkktfk4oVrk4jU8XAGvF3Hx2fO2023ItEh5cGPEaJba0iAWsQahKMpr7/7yyyNrrfwvGp9/XxSsfyoxJMTVabR4uKpV+552mE8WCIbBlUMmt4YUWUW40iDc6ZDcm5GNYoKGTxkX1NMM3Y3EVjVeK6C93mT6YIpWinyW4TiKIHAYHc1wPYfFvTGdjQ6O71KlBW7gL68qrUREYbDiKWFSlLx6b8oz2x0p4pKwntJsuAy15tEnT3NmvYtrK0T7jG8NeLTflbf6AbNrX7bt0xescgrRiwpxm/bjHz0vb789wcxz6H1Q3nhraiO7L+HaJrbTtu3QlefXa07u3pavv/RNbl/f5/jghBt3h2Acq8uUZrdln3/2lDx3sWU3Tp2RhbHiew37xlu3eP3lt+UD793ht948YZgYteqVdWut/56tD3z4yfv37+FoZeejiRRpjOtq0rqmzPKHMyYl2XSBiMJUFUWa4rYiKeN0eUtRIqIVVpbgPa2EtKrZXxTsRC5lVVNai1FLLvp3BELm4TbQWLF5UYsG1iLNTsOl7yuansJ3NHlZ0Q5ctBYUmo2GRimhMhZBxCjIrcVTmlFaYQV8TxF4mntxzay2oBSL2rCwwiivKY1Qi0I8D0eWMHfteXRWenT6bdJ5wtbuOo7nsrO1yvHxRIwBP/QoioKDg2P6myvitTymoxm+79LtNKhqS15XNLstjg8GlLVhlmTiOgq/1SArKvZ2V/FsKS3P2jSJjRdGsn3+gpRpzI2jwqx48BdefP/7mr7z2S++fvifyQdXfpav/VwK8DN84XdrrdKf+Zn/7DsnkWbjk58Mf/C93YtGTJRUNo4CmQxLu5kq07t97+CRaVj1P3DqxMzI2OlvOm8Mhs7h/vg1e7D48vxw/JQTBYayFikrwRE2N1p89Veu0ug3aKy3pbPV4tylXb7xS6+ycBR7z51hdGcEs0x04OIoRV3W1qSlBGstXE9x8aldWYxj9t86oCgqTr13F1cpBsdz2T8cEgSubUaBpIscqwRTVFaJ4ugwvgOYz3zmM/o7Ytrvli2hlL5URWYsgB/qN6nNUgXtLamgdWksriPpKLHxPJP+qRXWz/Q5fOMBra023ae3KdLKZtNUFpOMMq8RLWjRKKW48+19u/fEhmzvduzNK8eSs7yDKN+BvMJpBtRFJVgoi4JOq2Evnt8Tty74xjeu8MrtIbtNjc5LHCV0t7s2XyxkFE9tr+2LKgPbXouYvvu2vPzmPfvO3QEH07d49IkLttdbsBIc0uv1eXTD0OjuQfmAbPwAE7h4pk0ZF/LmW2/aX/t//CabbZGNNnz920f21vX70owciZzUnu1Bd91BvNLeOBjLg6lLjs+d4TXmJwsuP7qJ5yk7mCS4vi9pmouzdvrx0XhsQl9JnuaiqB+m3ICparSrCLtdLFClOUpb6lpwGgFqyXVfpmXbJcZYECsiorQWrSCOC+4tDDtNDy2QVzXWstwIAkovP+ZVLRboBJrV0EFrQbuawlqO04qWq3AcqEUozJJi0XAUDpCkFWIF10JV1hzNC3IDi2KJKV4YGOa1RVlJrGJQGLJ6eQR1QgfHc2j12/hRiOO4+EGA0g575/e48uo7uJ6DYy3NVoP2Wp80SamModFtkmUZs1v7zOcpzXaT2Xi5bU7zEu34S8xKkRM1ApJFSlUbu3PpDAeHJ6yt9xjHFW6ElHUpo7i0s+GIwI+kHTmccof1T3zk3Lnvf3L9r949Tv+V+Md/8tf3TnfvzjIrNuioQnlemS+c87urG3VZ7q2SnUoWE/2P3jqK7s3q62Hkv3o0m18XxynsLLlw/8tvmZtftvm/fP1BEHVD8eLK3vnaNcUw7RnHfP+FP/f94eTGgR390qvYvEJ5DkHkc3Ic40SB3XtqW7Kq5ptffMtWGnEbHrNpyvxgijUWK5raLLlu7b0+OnBZ7A/JqhKaLv3dHvevHtHdarM4nDE6meMHPnVhSKocE1kZTzP80FuCBibJ6/weP5z/H2dV/28zyF7/b78YP/vssy4gaVJNzZILLvLwmIYgVVagA1dsUpI8GNF7fs8mxzNp9Btc/N5zzA7mHF87YXx7xOnnTnHzm7dRocf03gQdOozvTZhqRx5mUZAn+UPwCdi6RjmKbLTgwqPn+cwf/DgdKaydDGUlGfGVK/fZHya2bPmiM2vbkwVNKsK2Tz3PmSepkMxsXpbcPsr4WF/wei7vvvpNTvc1Xx8FLLJ9uhpWug+o1Tfp7qzjdfdQ0bdlPbR2/90HstMd097q28k05Uc/aam+f5c6tTZNXDl5MLerzZwL5/rSiNp2dvuWuOGI0+VEfv2W4mtfW9jRbIFjhXQS20sffp/UOxtW25JkETO4f5f5ZEqZ57ieR29zldrU1HlBkZXfIfMiSnBcl2IWL9d4SqE8B3EcHNdBK6EqSqqswgt80ryw9+JCdiIX37GkhXlohLaIUZTGUBlru4GSjYaDdhSVKEZFjSvQ9h3mRU3gCEphlYiM05q0triOokQYLyrsvKQwltrCorRkBo6SmoOkZlpDWhtya6hEoR398PjXYG1rlZ3TW4jrcf/uAe1uE60V0/GMndNbJEmCqgy3bt4jfe1dept9PN9Ha421BtEuVZbz4GSI32vRajQQrZjORtS1QTwXaw3PPvMYYRhKLVjXcWQWZ7xZWk6ttERMZpFSmpFvs8WMWantSejJQtX1yuqWnD8XXIo891KzFWHERYIQ8T1wU8gXZHfu8wu/doW/+407VVrb6SSvnWa//ZXuZvPVN6/ff2Ga5mEaF2mZGTUYJlYHgrG10AwJV6JTtXVPNZWyi3kqNq2oK0O3F1EWhmSSsL7bl7tXj0AJVVlJviiINtvopsf2e05x68tXEQnpnOoRH89BC8nhDKsUpjSs7XUZXRtgFhmrK00bn8RiK0tZVHi+I3lRkRc1jUaAsUbStKLS2a3fzwXLLlGnP+0ejV937n3ha+k/9XPVbDYtvKCT+XSKErSrHzKqDG7gIrWlmqa4/QiNQuVWvHbA4njO9CQmniRS5RU2Kbj7yj7pJGNvr4vnWLSjJQw8bn1zn60ntjHWYq0BR2GNoa4NBuh0W3z6hz5Gx0Pi4zEmnvPBJ7a50IWvvnMi7xzGFKKlESY4eYoxbWkELl6dUeeefPXqgN0eMpsk7K77PP9Cx967EcsP/lCLYpLx+g3L9mlNdX+G6dznlVfv8NXXoNtF9nrC1cqh/c6YQCuyaUmlLA1PybkVn8e3FaO7sVz/n75tx4tSNvoVC+0wPjLcGtY8GN+WRuRgogZtx9i183vcqSsxWcLdW8shu+cIbuAvqadiSZNqOXhXgnKXUVrKUdRFhV1i2HFCHxCCdgPPc6VIMmpToH0PUy/j28vacC8u2Ygc67lIXtbURsitWSZCK6HraZqeeujnM2ANkRJKWyPGki8qmm4tgbcc1seZZZ7lWAVJabHWsshrMgOD3LCoLPPCMEORKpFCLc+iWhTad2mv91jd6HPqzA79lR5FZYjjnHgWs316i9e/+hpnHztLmVUk8wWOAa0dZqM5vTWH+XhOPE+IfJeVrVVUu8kizhALZVHSaDfZO7vN1qkdtBKiIKDZCIkXmdR1bedJJr1uS26PF1YXmQQa8siT7bV1tju+PLLVwtdg4hmBqusiSWySx0SRK3Us9urb+1y7sc9vfPuO/Y13B/bGLE0MSq12G55oeaaR1y9M8mondPS/OCtso+N7UXimbQejlPjOzCrHEfephv33/6O/aP/mz/0t3v7bL0loNF7gksQ5/fUmk6MFVIYsq3AdhzqpyGY5ftNjMVjQ3GrTOrfKuU9eYnRrSD5O8HyHLM6wSlCi8AKHbq9hVW1EHMXkeCG1sfjNAEEoshIlguNAq+nZeJErY2x5/2R+srQRf+H3ZcECoJlf1eNe0wPS39V1yekXXvBeWn+pBGhE7z+aeKo01rparBXPkTJddgCilr9S5hWOq23YCmR6b8rg7hjH1+R5Ba7D5HiBiHB0c8Cj7z/NbJqRLwpU4HC0PyZqeWw/vsP9q8fED4kOlTU8/8H3sBpgnTKV7bZP5QRIWrLWb/HsmYJV1/Ly7Qm/vciIt1qYqrTdyJWWNty8ndovXT2RlcigKrF3JznzN3KpBfvu/hGuEpnVloO7Arnl4p4nT+9qHhyWjAqIreLGcUlzUJKUSOA9NBA78O7tlOIVJU2xtrCl9BqwEitGw4IauBrDSsOh03QZZpUVJTzmx3zfVhPB8FvRNl/86pTheEa716EqCsosx9EK1WxQ5gWu72KBdDKnynJMUaF9D1sbOht9lO+Rxwl5muO4S/ih0grX8aizgtrRHOblcjYVKrKiorKCFvAdJUYUaW0xokgKgyuQY5iVBl8LvhYGuSXy1O/kGda1tUqLGCvkxtppbmRWWpLKgNLkWttFAQXLgAtRguN7NDsNNnfW8XyPtfVVEKHXjrBKeOWrr9PoNCmKkqIoEQEvCrCiiA8G2Npw45V30Y6ivdZDgoCjgyEq9PGUInQ0jz1ziUanjedqirwkKyqK+YLI26QsCprNUMQTposUU9fMD45tkaQSRCF3Oy0aruY3bG3dKpXNloNjUFu9QLAl8/mC0hjujTNyE9jT732af+mD2vrltJVaxcF4ZuLU0HL1Tx0tcjOs6mC7F0hlRMWVrRaOiGn4Jk8LKK38g7/3Cxx97Saz+3MpPGcZJBznRJHL6GQBjmOLeS7pOKHKK5QIXqeDNpbGVo/J3RFuw8NvhxRJSbDSIk8yvMiFvKTd8mn4vviOgzGGsqqYD2LyRY4f+bi+xhQ1jueyWGTW1qJODmdX9NnVNx+CD+rftwXrpWXyc/ZPGTbtnZdeyr5TwKpecMe5p++5rj5b5RWOsgTdkDItKeKCappjHE2c5IKnIa+Yn8wJmj51WrDcwy7Dp5KT2Jq4lLWtFod3xpjSEPRc8FwO3z7A8xRiLGWS0+21eezSecrKiK0KtE0pi4wsL6i0z/pan4Z2WIl8vnlryBu3B/Zk6MpGy8MzNWWeS4kwSJaFtaytdENY1EruZkKcGqtF5M4UklQI+4bLoSKrYTA1FmPFIgwLK71AbGlgmltCI8QWiQtDs4soI8xzmKXWRi7y1J5m/4ax2hi5cZjZ0vVJDbzwzJ48tb1CNRryo+eF8cc/zn/3D7/N3/rSLXskgdjaUNQWx9W4gYcovSxkaf4Qayy2LksJOi2cwKXIcqq8sq7vitLLoqKUoswLgnaTIi8wCplaS10b2p62ujaiRBCNLcTKUbYMQQVwZJkJ+BAUjxZBYfGr5bSsMgYRkcoY0spSWytKCSVCoRQ5wrhGSkdZa6xYgWa/RW+li98IcXyfM+dPkRUVO1tr7N87pNlpsZjFjAdjrEC6SGg0IkbDCWVd0+h3MFmOf84jnSUkk2XAjQ59ms0IL/IJOy1MbZgMJ4SBD6ZmNpkzHs3wwgbT0YT9uznrK21u39ins9qTeJHgWEtXFNM0x9UKr65ksx/xYD9mMZlz+vQGnTAgCroU1rB12ufxRzfkzFbPTsYzVWQJjghuPtY2yxlntXv17pRro3n16v5IsrBps/HM9SphHpfgaltdG8kvv/JLRFFgvRJMUeKIAWNY6QYc3DwBT4vf8klGCWE/IupFVLXBb/rMbw3s8Pax9E+vMLk9whQG8RzypIK6oN0N6G71qJRlOl5YP/KlqAyTydJMnScFbhBapZUgygYtz2jtSZVU/+DBL35zCMgPfvbFjSIj/dX/8AvT7x5awz8pYLr5Rz86mbzzhRt+MzhrTWpQop3AxVq+E3kHtaHMKppbbaZvHREfz2k2A/o7XSZ3RlRxQf/cGp4r8tpvXLW7j2+RzFPp7LZZDGKcZoBVELb9h2XSYIwlnscETZ+jwRDjgTZCu9PGDzycIsecMrZ18670QmW/eWPIa0cpo0VuO67Qdq1Yi82MklZDyWhSM56DdYxNa6QoLXmF9VwlscW+u1/LRzYMq03L0RSZZxaxQtMBschuV2y3EiYLyCrDXkdwNWixrDaFvLSitbJlZaWskHZHMc2NVLXF1cp6ZWkXBxMpiwotGR0GfOZ9e7zx9iG//NaxLfxAgtBHu84yM1UsyWyxFNFqRWWNiGi055InOXma4/keYK3juWKtpUhzmp0mZVZgaoMX+lRZQWLsMvnnIS3ULkO2l1s/kSXAz1qrvpODLMtbjKeXlhoFVisRK5A81FApBcZAVkNiFLlS4Go8rUQHPnlVs3dul263zfrOBt1Wk7woSLMSN2yQ5iWSpHT7nSX9VIRbb97gme99L/PJgiROqa2hs9LFKZciye5aj/loQjZP8RsR7fUVvCBieDwhTTNWN1bI0owo9Gi2Guzfvo/CcngwsLNZInWS8uBWbHsrXSmM5fhoTOQo2+k2pNFrUVjBAd7zzAXOn9pAsgJMQqoidFVw5U7CW/sZuspsUxnRroPUrn3ztVuczBb2W7fHFMqqGcqeTO6L1dbGxuK1fCLfpaprq5Na6rQSx1HYh6htypqVlQZvfuUm4rlUaUVrpYE4CjdwGb5+D78dkielrD6+STHLMVlFsNqkmOe4gUM+z7FacfvdQ3Yvbtjp8UI6G23ytKTMK5ZR7UBtRTmKsqxpr7aVUp7kkrxuLfBZxOAlznY//33ZYf2vPl5AXvrY56vzH338BAGn4VoVeFSVoX64+bMPh8OTuxN6O23Qgq2Wd/Ug8OlsdRhePaSujF19bEsG96dy750BIpb1C+tsnF/n4MaQCuhuruI4ByjPJy9KO5/MpKMa5POYsOHR7bTwPIOvFE4zIj4+EVUVlI4nvcDhXN9nkdfiYthoOnZeQ1KWtqoNzz2qZJJb7u5baXqKmTFiKvvQQ2flQSx0L7j4r5RcXBG7v7CSFtY6rkjoCrPYsN1WzOaWi+sKm5slzkUrTG3xXEEEuTkwxDk8sipEvravHy3ZWVGeiHasrapC6jplVNYoL6HTcKgcV6JWRBAGYJHa1DaeLsRWBsFSG7OsIqIezrwE13NRjhbXczB26anprHZIpzF5khE0fLJZSqsdEThIkWTkVWXrvJIEaGgIl2MyxAh5jdQiYJeq98JYamOxFjxHxABVvYQDikBqIbca4y4dCcpYHN+ns9Ihy0vOnd/D9X3OPHqWNMnwo5DCGDa2OhweHXN0PIaTEZeeeZR7dw9wXJcHx0PGwzFVUaAdRTKYczxPWN1ZI4wCFvOExtoKeZzieQ7JfEGZFbR6LUyZc3D7njXWSOfSeaypSWZTjGhMXcp0MKTMC0xZSrrIaLRCa+qKw/EcjbFPXj4n73niAt31jr1wdotsMecwVrYTtSRPCxqUpNnM1sqVXuQxKWqmxxNWVzvyfZ/+kPWkkEe++S4/94vf4NqDGd1OxGgWI74jdVFZPEeqsqbKSpTvYquKKi0os5K1jRah7zA6WtA9t2Gj9YYEDZ+TW0Mcx1nGFWlFY62F2wo5eOMApZfxa7rlk96aIVpz9vyqPffEjty5fiImL+msNFgMEjCWsBmQxIU1etlGR23PtnuRGkyrdybp9LUX/uwLzZc+/1L8j/jbs+8+L+F3sFjPvyhXrlyxu0+eeiTLyk/kZWWUiPpOMKapjBVXi/YcrLVE/Yj4YIrXCvF7EXVeUaQl6TChVkrchk8QuqRJsdTpHM7J85r2Zod4MF8ikrW2+SwV6zh0Ik/6zYj9G7fotiKU42OzBZ7jMDoecXDzHr7vUSY5m92Aj1zo8/R2m+NxzGCS029prKp5dEtIK2GnJTz3tM/TT7vSCWE9tGSptZ6vxNbYuBSGC5G3TiwF4Ollll8jVJQ1nMysXNpz+PYDI//ij0d8+j0uaVzaUaIwFqmsoH2xd0ZW3ntaePaiz8s3K/Y2u/KHnl2nynNqU0sxmxLnFXlu+G++9kBuZ9BsBraqjIgxy2CMRSJ1UVKVNbaqLNaK12rQ6LVRerl5sw/VhQqhs9phMZ6TpxmNdkQW5/Q6Po3IJU+LZYoUVqLQsY6jyA1S1Mut7O/Eqwmoh4HRRpZHadddstzj2lIpEeuwXI64DpV2qAHtuTT7XcJ2g7XtDfprPTq9NqvrK6ys9cnzkiwvcD2XLM0RrdBK8dbr79JoNajrmsl4RjpPGT84Zm13g9l4gfY9qqommSxo99to1yWeLmj22mhH4Qc+ZV2zmM7RrkOj2ZA0Tjm4d4wx4EQBdVlRFCWmNtYqJY7nkSYJo6ORVMZKoxny3POXeeEDj8l2O7Df895LErlacu3b5uqqFGVp8zgR0UIUBuI5YusikzJP6HSbNuqsirXQ9Wp58kwol8/1+fq3bsiNg4X0uqF4WhMoEaxlcTKztq7Fa3hLYOIkgUnME+/bIYh83v7GbVrbHdaf3pUiq8iykiotKWc50U4XpZVtb7ZlfndEHecEKy0QocpylKdZWY+kf6rPjZf3mdwesvPENklaURVLecvDvCS80JVHn9myn/j0++TOIvnmfFF+qd/v2jvfuD77p7he310F6/HHH1dXrlyxO8+c2sTRn5kOF1YHrhKBuqhQ/pJMqRRisajQxeYl2TilsdEmTwoWRwuqYul9M9aCXqYY16URlKJYZBR5jRN4xKMYaxGTFVhBppM5UTPkzs196spQpBkOlslwyvH9Y9vvRZIuUh45s8GF033We00u7Hb5xPt27N5mi5evjTieGlnEkKcwL0Wq0oquatvR8NiuQ4AwS8AYy/FRLfuJWFtZHlnRKCylQayxRBrRSlhpiawH0LCW8aTmUz9xlpWqlq9eSTmKwXeQcWp5aselzgwv79c8steVTz62xtHxTPLKME0KsqzgpXcn9uffnUsUuhRljaO1OJ5j41kiFmvrqhZTVtZkhaCEqN9ZdlhaLXPrlML1PTr9tp2PZhRJLp1+i3gW0+/4tBo+Yi3WGDyNNCIHrZDAW4pNw8iRSomdF0YMYkUQxxWrHI3WSuyyWcZ1H+YXepogcvEbIUG7YTODNHttVjbXOH1+l93TmzbLK9k9tQ2i6HU7KEcxmczJi8IqEXFdl+PjEe1uh8l4RjJP8HyX+uHzzOKM0eEQa8DY5bEWUaSLhHa/s9RdLZKHm2ShzAvqsub47iFlXtLotdCOZj6cMDwakRfVQ8Ua4irN6GhAHqdWtIjNC/vpH/iAfPSZM+w2A9leCeXWvSFv3TzhZJIwi3OZTqairLXpPJZ5XKC9piivaV2NJGkm8TSxkS6k55bMxwktVfITn36UV16/z+s3BnLu9AonD8ZUNRYty/xATyNKUcYFtijtR77/Mbl59Zjj44SL33tRTj1/jpNrxxhjqZKSbLRAuQ5VXonfDHA7IZ3NHtP9EfHxjKDXIIwCVk61Ea3Zf+W+TYYLWb2wznyS4gQeRVpYrUTCyKfV8eQjLzxqv+/jz8vd0dge3xp8qe95t2/+8E+U/M89hPJdVbCuvHhFeAnbubxlGo3wp7Ky8mtjbV3X4gQeylHiRK5gH24K2wGeFtLDBauX1glbAeUsJRslYi00ehH9vR7NbihZWlGmFdS1dXxHwla4FCh22+TZMpPSaTZkuEg5PhgwGEwRDBUOD44m7G10ZRIXOJ7LI6dWCPyQzV6DZuDQDF154Qefkq+9cyK3742xIiSFkWkOJ1NjrSviaGE0qKUySHfdyk5PxNVi/8THA/nTf6Qr5xpGTgY1cYYEDsSJtXs9JYcTY8VYqTLDYGT50penTMa5VBUcL7COY6WqsJe3fLkzMHJzZHh6r8VuUzg8jiWrhEFiefX2lL/z9kzSVpu6KFEiYq1lMVtInua2rmqx1lImmdiixG83aa71sFVFkRVSG0MQBdbzXJmPZtRVJe1+m8VkQb/l0e82oK6oqhplaun3PExtCH2NUiKhr8XRYsvKinoYliqOiBURrZEKUApxNOL7mnbTpdkOMEpbv9kQp9OR7TPbuGHEuUdOsbLWZ2dvSzY216x2HcnykiQp0I6D63nEcSLNVovFIqGqq6UYtNXg5MEJZV4QTxesbK9TYCmSHGMM+TymSHKsgSLNmI4nmKoGtZzlLY5HS9ppv40XeCSLmMlgQlmUViwSNSKqqmZ0cMzoaMAiTqypKnwt8vjlM/ypP/oJ+cEPXiKKGtIIfE6mubWuTzN0aQdKVlseSrvEaS6ZeNQ4eFHLGmsk8DzWNjaIS8Q3y2LwyOOnaTYa4mrFj334jExOYu4dz23Y8EWsxfNc8rSQfJGjtFBmJW7kyPs+eIrf/vVr1I6Hq4XjG8ccvn5AdGaFapFSLsplUlFeUmPs2s4KzSCQRZJapRVew5fWSoMzj2/jRi5v/eo74voe7a0Oo4MZYSe0tqzFdTSNti+NhsfZizv2q6/dkte/dv3bjSD8pSL3x/f7P1vwEva7tsPipaWg2vu/byXdlfZnsqJaw9fWVDVO4GLrpbvMiZYreCugPE1ya8TK2XWiXkiRFCwO5xalRAeO3bu8LYPbQ5zIp73ZXqZIDxcSrrZss9+S2XCGsVjlaqkNtuk58shWj9u3Dyiq2jZDV0bznIbnUGYF26stWoFDpITQNTYIPZQScfPS/uOv36HJQjoNh7UmEipjFxncPjDy9oGRtw8sg9wymsH+ECaxMD6oGB4U4jWt/diHI3EWNVtNax+76FBpzYVTioMTI+f2lH3qEUf8plq22rmRw8TiaaESkbVIGCaW3GrZbLqsNbQMFjXTpOTNgxkv3Zlzx4YYa8izAtd1iGcL8iRDlJJGr0WV5bZYpKBE3CjCDV2bx6mYsibqNPA8l3g8E61E2r028WyB7wjra21m4zl5VpAnGe2WR5FXuFovzeVaoQTy0ojrKOtoJa6jcBwRpQTfUdb3lISe0Gt5OI627aYvvV7Dur5Pe6UnvY11zj16nk6nyalT2wSNBq4f4D4sVkEU2SzNZTKZ4gU+SoT5PEZpxWQ8o9Vu4jgO9+8+wBhjK1OLqWqKrLCmrmUZVw2mqqxdptvYOqtEwIqjpUhyW5WlxJM5db7ULcWjqRXtLINMDDI+GbHabfH0ey/b06e2uLi7K6e2V3j88kVOnz8rDtjZJKVcLMQVg1KKtmdkvRPIyTjm1tGCZrNps8JgDOLpmjTNJI4zqqLEitBoNe1RCvEsZX7vgKZnRPkax3Xlhfed5cqV+9wexOzsrkqal5RFKQLUxlCME/ZO99jZ7fKt37qF9hwGtwbMThZo10F1AhZ3R9iHYSC9nR57j+/I1tmu7L3vEkf3h9I9tyLpLKXb8Dnz1C43XrnLwesPWNnr01xtkSclooUqr0XU0iHhBY6tqlpdf+fw1dFg8YtrzfCVojEdHfyVg/r3spz83g/dgcufe9G98iO9cuvlu79ZWy5XShl3reVgjK1rK07koByFVIYqKwk2W+AIi5MpQc/HuoL4jtiyxmSluIGLjjxm+xOMFes0fVFFRRUX4jRD/MizzZYrg3tDVvqaP/eHP0IwH9n57TtyaxzLTeeYZiPi7XsjepGHPpyy0m3Y0BeZzlJxsFSVZfFgQFCXUuiA7baWQFWs+si1UY1IifY0xwvDLK4pc+EwtvQbyK0ZvP1KaU/fFc5erew8taI0HN6yklcVbQXrHcWgFD5+WdvN3OO//oVETAGOI2Ifxrrfm1iGpebUms/tQSzfuONZUY7UKue4EB7kGloeVbac6WRZTlXVhM0IYyyL0YwizmQp/1fWWkOR5ChHW78RihJFHqdoJbbVbkg8W2Drima3weBgsNTg5CWRr6wpCgldbcGIUksblLHGBr6WvKjFdQStRBTgaiF0lTQCTeQJnqNQWokVTdAMZW9lDW9th6NxRrfbsX4QSNRu8+DBCZvdLgdHI4Io4sbNe+K6GoswHk4oipIyL9ne2yKJE0YPTvCjiP7mCge3H0ij0yAezRBjRbkuRgkmzqzjeVIXJaKVKNexeZqJqQ1+t0XYayGz2C6mcwmigL3L52R4/5giz6SzucIP/8AH+eBTl/BDkc2Ndc6fPsvh/TtSpgllZW1T51LMJ2hl0cWExWQmC4SSkt0gIHJLquFUBgtFHGcWa0S7LrN5yp2sYHetaS+cWserRO5PU7LAMn53xO6KJ9vbq2in5i//zKfkh/7s3+at1+/aVjcUBJSrrEYkyUv2drsMjmKMEvyGj/I0+TynudnGpOWyKbDQ3GzyxB95nz34xh0Zzgr77f/mixI1XJhVLG4cs7t1jjgvQDlgwe14JEWBqS3UVgSLfRiKq7TDZJBy//rgnZXz64dTsa4LLlB+dwL8ftej89QpZ68KIuvVj0rD+77x4RjlaGlvd5cJN44SYw3a05jK4jZ98uM5gtDZ61FWkA8XVGlpDcLa+VXJqgpHhMm9KY21ltSVIU9KWxalWEQaoU82nPIX/vd/TDpS2eHBobTJsWVl757MZT5LrKuXPKjJPLMr7Qah7whZbNNFIvO44OBgxC/fmDLIlcwk5HAumEaX577vnL14wadvKvn+D+xwesO3Jk8lxBAvLMOpBYNMUuSNA8vdOXK/Bltb8tTKjaG1rY4S3xX5u79ays9/qWScGA4SGGeWtcCK7yhGBdyYVHzPmSZvHxcM40LSypLUwmuDgge1Q7MV2UWcSZZmmHKJlhGBeDKjTFLqqgIQ7TrityLRWovjaHEdTZ3nKCUShT55mlGmmTQavjVZLlWaEbpiXUck8jWBp0QJUtcG11E29JQYkLq21lGI72m0UrhaaAQOIFgLj5/vsdYLaTZ9Ot0GnX6fOujS295mMFyQl1bOX9jDDwLiJOPgcEir02YyXZAmKUmao5QmTTJEaaaTGX4YkOcFR4cDhsdDonaD6WiKFQgCn9GDk4dpZtYq18EUpSz5aM7Dl0eo0xxTVaJ9H+1oyWcxyTxlOprS21zj/NldfvyHX+DTH3mvtaamyCuwims3b0lZG9sOHFnrhrh1Lo6yKFOx6eesNDVZlmO0Qxi6dGzCfDCwyvek2WmLiWd4trCdUElcKUrrSF2VdNuh3BskvHb9CFPXTGLDfDhjMhjaYj6XH/jIZb7+6h2u3x/j+K5oR5PGiVRpwXu/5zz7t4fMS4vjKIqkxFQ1bj+iLiryWYbJKxqPrBCdWpG3//GbPHjrUDzfoXO2x+EbD3Bdh63LW4TdiPHdCYNrR5x6epf5NEMtvfJYa9Fa4Ucevu+SLHLJjfpGb7X120prT9WhHLx2e/zPmFvJd0PBEoAXPvuCM0/d0On5K6Yfvb9xuvch2/et2wgEEanLSuq8wgk8TGmos4r22VXISuLbY5p7PdyGRzFNyWa5WGsl6ASs7PVwA4/xvQlVVkqVV4i1ki9y6rRgEaf8gR9+wV7cWZXjm7ek0WnaqirkbM+XUGAwTWR/mBCEPmHoc/9gKEWaMY9zqQ0MRjO+fmsi//DaRBzfZ1YKutMh0S3evWe4foAcz7UdrlySvQsbstqybF/Ysh//4W0+9lRHLp8OeGzdtc9vi1zccHnvWU8eXXfE0xqnRspSs5jWdjyzpJWl5QuBI9LxRD75pGsbgciXblSc3QhtJ9Ryc1gS+Q5xYbhJYG/HRpQWqtpIXVXLuYwIju9SPAzoMHmxBH9obUXUUvMjgu85FHGKchR+GKAEWUxjqCtxTSW+VKx0fBwtok3N5mokvudQ1pAXNaGnJM2XW17fUxJ4GsGitdCONOu90EaBljit2N1p0e82CKKAja0VjHaRoE1d5PhRxHCWLQfargeypDzcf3CyfF5KMxxOaLabFHmJ1po8XjrAHNehrA1FUbIYz+it9RjdP6a3s4EpK+LJnDrNxfE8EWNRSmEAx9HUZYGxNXWak03nZEdDjLX0Vpr2wsVz8j3PPcH3Pfco/ci1J8M5VZZKqJV4NpdAV8xnqQyHM3t//0jSeG6Pjw7FV8J0kpAWJbos6HUiIjGIaCqLJA8L8EpgcetSMjQ4HrOk5Hgcy2CwYGNz1a6t92Q4zclKh6PJgl6rKYNxQm1q++N/8HvYXgkkLnKzSHIp81q0q3n+A2d49Vv7lMbS2eqQTjO0wFM/8h6mh1PiwxlaC91Lmxy8cpeV7RVMWtA50ycbp8wO5nR3upx9do9G6PHNX3wVa2HlkQ2m4xjH1ZSVQWlBlCKIPNuOAuJ5Vldafz5w3Nc2n9r9441W8M6NL7+9DJf9/HffkdC+8JMvBAdsN6PTzp7baz7ZPL/x0Q+ff0Ryavtr336F6RsPqOyyttmiWmJlipqyMqw9f5rpq/eJZzlbF9vUp1eY3ByifJcHVw5YHM/pX1invduT0bVjxNXYh3MrAzxyaov3PHmBG1dvsNlpMR2PpCoNWVyy2Qt5XvfJsoIbxxOuTBPptHwmSY5fFbRdYa8X8qu35qR5zTSr6LRcTiYZ+A0cY6SoHZJgTYQdzp3+Hr72jb9jF8MDeGPKqQ3DejugvduRpoxs2zak3XFZ70f8+HpIpWtuHRxycD+RZAp3DlN7NLaSF5YiL5kUIqPUsNf32etHpFXNOKtxG45le1OqVlcaakCRFSRJilIKRysqa6mLirqqsXW1FHguyaGy3KtaPE+DMcstXcNDW0u6iFkLjWw0XTa7Huu9ENdTxHFOGDgYKwznJUfW0g4DyrLCGsFVmk6kEQXtZoPRJOXcXotLZ1dkOFhw0HCYzUsunOvy2tvH7IYtFmnNrI5JKuHsI2e5cW/Mvf1DWllFmqQ4nk+e5twZ7XP5mUu8e+U6IyUorUkXMet7m9y/uU+n31medAWmwwl+M8LxPOLpnPbOGllRks8WD7tMC2VJZ7VDa7VPnSQ4jsL3fYy1vP+951npdtg4fUouXziNSubEpVgHw043xKVgPE/saFHRj7R0XUN3rSd1Edj5ZIbRnn0wSUimqQS+g5unbOCR5zUrDUvtBigzJz8c8O3BgrXNPs2VdRzt0O+FUJfM0oIrNx9Iv92k3W5wcDzn5HDCtTsnfPjpPQ6Gpbx1720bKNjthRwP5kyqms2dDrNJQloa6qImnWWU84xovcn47ojkwcwC0ljv0Ow0GLx+fylTKCtMWlBXBs9zaW116G10mByOKYua3s7Sq9nc7GHjnLrOHgqyl8PA8TgVL/Snk1n6WvtMrylamtnR4M4//73g70XBeuEF56k9z3/9v/1iwmc/K4+Mvu52+qf0yWwcaEcaOE7DicKG228k71l7UnalKfuXJ/ZqbWU+mCCiqPIKcZaG3dmdEesffQR/pUkxjnGiXXTLR7Rg8ppws8vo3oT58QLtuziuQjwHvxVQLjLy0YyNtVVQWkrt2KNZJpPjCTurXZquZj4cErY8eptN+9RGJIeLkt+8M2dfaRrKcisteHda20FW8cTFTZmlFVUtNowcGQ9GNBoRpqxxCwP7t3njWxp6PW7efiD5wvLmvoFiQRQW9DwPihMKFKJ8fMdlu6PsetdnOFZyfTCjsJpFZmyaW1ltR/aVNxfy5F4L1y0QjBRK25H40lzbYvf8WTufJzJzNEEzol6kGLMUh1Zlja0txTzGlNUy6dxxQSkcz8FrBEv3gbXS7YRUxqDLnDMtuLDZYq3tQF3j6ZrNtYCVix0MDtduDe1iYeTCdsgsLpjOa/yGZ7sNLRdPd3j0kTUOHoy5sa+5cLbLM0/tsZguSLKK3/7WPbQSVje6XL05pNtrsX9waOelSNTtWWtqiZMUNy/Rrsu1d29x+twe+998i/ksJmo2iOcLXD/AC3yKoqLVbTM6HtFoN0kFur02x3cPaK/2SKZzrBI6/TYn85jWWo/vfe4i3/vUObZ2thhOEzqtkKQsmSxy++jZbYnjFMcPeXy3ixodY9c71vU8yfPMBq5InFScf3RF3rp+RO426TRDrPZsO6rECz3UUWnffOceYRQRaAfRmvsPBhRW2esPjJzaWwfHo1AOO+sd7p4kTO5ew49C3LUNdnc3GY4XeKK4duMB/aZHIxD8IODbbz7glXcO+PT3XiBQtbx948gex5kUSSXxaMG5j5zn6HiGE/iIW+G5Dqa2OJHH/dfukM1ToTIEm016q330k+e4/ur1ZWiIo8mO56DACxzcbsjtr9ygjgsaj7eIZwm6HeFGHpKUaGfpIzUGixIx1g4abrCo0ro7uz/95a/99ZcW/5RF7/fpDOv552Vzk0dW3/OYf2pmE8Jso5a5Y+NRJkJIpUQc24hN9bRd75y7lw6V7oVy6+17DN64Y+0sFZTCFDUmr7B1TfdMH2Vqjr95h533nsFrBxy9fYAtllhkLNR5xcb5VdZOrWAUtFba4kU+8cmc4WBMf73HbDqTOE6xSqEstCIflcxpuhoHI92GR8fTbEcOiziz9yaZnGSGaV7KExc2OLfdl26oaXdaIo5HUdVYpVFeYBdpIc1ehzhJuHH9jsxnC8TVthQrTuixdmrHbp5al9loTJ7mdoYrh5XC7XRl84mn+cr1qRwMF7h+KJOkkqDXZVEJR5NENvqR3T+Zy3vPdexx4XKv9Ln4zEXptRuSpgUP7hxQVRWe65IuUoq8pM4KikWy5II5SzOz1pqoGS43sMYQeI7sbPdskecko4mc7ggX1jwcMWRpRbfp8cylFbbWwuWwXIGIsN5x5NS6j7WWrbWQ7ZVAzu22+cB79+xjj25JK3TY22xz8cIWWiytVsDlJ88RakvgCuf3OgzGCXFubFaUMs1qVrq+HB8OlrHqnk+SJgwOBqR5gTU1Bw+OcFwXU1uqvCBLEibDCVjI83xJQAWMqW1dG/GaAcUipcwLqqKknk75/L/2Gf7Ej77A2VNbTCZzOq0G+wcnkMb0m5HUyYKV1RV7KcjEf+e3iBbHONQSVAnfevOGnJTaFuLJnVHFXtulMo4tayWhLaQqcmudULbPn5Jm5Misdrh774ittkNvpYuuS7l265CbY2xcIEle4tQlux3NvZM5RWXJZjOUXlqbppMJmJI7dw8oS4OSmm7k4SjL8XjOySThwSimrIzMFyl5bXj2Q2d54/UD5osCk1ck4xgr2OZWR5JhjPJd6lliN58/KwYYvXOAuxLhPESLJ5MUx3fte37sKdl9ZNW+/vW7Mrt2zNoTW6TW0j2zynQUo0OXZtNHaWE+TozyHaUd59addwc/u7XTapm4PDm4sj/9ve2v/nkVrCtX7NHX3h189OxTi1/9W3+rOvnK1fnxJ95dnPzgn6w6s30jzdDHdzfDKOifOPnj+8cPxm/99htH8cm4VU0SfEeUDh1bZqWIQJWUNNdbhE2P4bf3ae2t4HQD4sMZ+TCmfgjqK+OC6eGMqqpZObVKERccXjtEaU2xiCmris2ddY5HM/I0t44W2eg0MHlqi7yUwPeIAg/X1ax3fN6z15VT/RAfy6K0OEEorrK4WlHX2G6vRa0c6a6vWa1dWd9ax282CQKPMi+t5yDPffSjjCcz6rKWZjOUle0tTk6mdpGXFNaRtc11+8zTF4njVF598zp5UTFLK+JiadYbjxesND3pdyPJyppLZ/pya2o4MR5nHjsnZVGSlJUVsZIuUsqqtqauxZS1rYpSrDXo5XAZaw1+6FLmJaas2NpbY329Q5ZmouK5PL0b8J6zbTb7HrsrAe9/fJXHz3VQtqYqSlqRax1lpd9y2FgJJAw0p7db9vRuW/Y226z1fdZW2+I4mna7QbfTpNVp0FvpoOsUW1ecvbCD1CWrKy06kdhZgmRlDdYyHE5ZbSni3DBZpEShjx96TMZzRCkmwyl+I2Q6mgKW2XBCmmRgapqdJkmc0uy2qapaynLJhGq0mySLBMqKv/xv/jH78e99rwxGE8ZJZU9ttjkazNhaW+Gxi6el3QjZbFrOd5Q8+O3fJNIVbqdPsNqj1QlorG8jjVWyysgizVlUGlccmb/zFo82F5xe1dIhYTGJObEh9wcJpQ5JS6FSirSoWFlpk5dW9qclXrO9TGtSYvudSAaLihKNcXyyChxXEzYaOErx4OCESVxy/3C0DJxV4IglywruHc84OJzJ7tk+jZbP/lGCqi2zwymVsfgNTxobLWaHs+W2L3Sl//Q2R2/eY3DjBLDk05TK0ZikpLvdlcufuEgyz+XKr76DJAXbz5+hcjRxUlDXlrAd4PoO6TTBQt1baeuVldaX7n3t7Z/ffuaMXzrh5Oj1m+Xv9QLvn+vQfe25Nf/MHzzDnY/dWdr3X3qJ0en3VNuBm/JgcKdI8+n47kmWH49//fi169dlkZ9J7py0ynEiJAV1WYn2tK2yUoq0pLHeYvTqfXQrYO38GkHkcvLWAXguYS+yVVKIFSGfpBhHozQkgxhrLNr3GI6mdm2tJyrwuPtgILO4oNVpMh3NxBNodxo0WyECNPp99nZXeWQ94hNPbuEp4a37E7RWLEqxR9MYJUiWZZwcDyXLC7ZOn7aXHz0jd969RpYmcnw0ZDIaiTWVOI5L0GzRDF17/96hDGeJeM2W7W6s0ez2SUsjr7z6jnXDQIwoWqGLqSoRDO8725VHdrp2UVrpd0N7a2LoX3yUKPIYDKZSlJWkSU4yj62pKlEi5ItEqA2CtbaqxBQVApTJErfy9Psv0Qxdju4esEJmH92M5NxGyGbXsy0X6bdcEMNkllOWNf1egAgSRh5YQ5IW0mgEeK4WaovnKjSGdq+FVlDX4LgKU9U4rge2pi5zXM8nbDXJk4RW0xdfV6w3HZ6/vIZnazzH4dzpVQ7HKZNZujzKYml2mowHE6IoIItTxidjlNa2qmqZnoxxHE2z1yVLMsIgsE7gyfhogGjN8O6B/Yt/+oflQ889KsOTEbsrTVBKSqOktpbZIpHReMHxaEK31eT+699mvesRdnoMpEEsPrPaR4cNHD/gZP+ezI+OrJOn+Ee3+aFn27Ky2iHwXBrdFuthwfzqddL2BvuHQ9KqJmg1iEvF8awkNpqTwQSlYXgyIa+s5FbT74QcnkztZJFKWRR2MJzLbDLDDwKs45HkJVVZcv9wQl5USw+fdqS0VsbHc55+bo+TwZx7d8a02yH9jbadncxk+5k90llKPEisKSqJNlo0z61y8tYBra0etjTYorKd8+uSH8/pP7Vu1VZHBsOK67/wLbvzycvIub6M4so2z65IMs/on9+wRVmJiXPy2tin3n9R5Wn+X++/eudrpy9t1y//919O//+hOPjnWrDu/ME7pnHleX1y5co/EY+9dYXdv+faV/+vLyW93ziXmqTMdG5vKseZ1kfTRTFPnnI8z6vTgmK85I0rV0uZljS3OrYeLSQ+XNDc6+OEHqNrJ9R5hThKxFhMaRBHW8/XNLsRs8FCMBaqCgtycjSwK2s9SZKcu/tHeL5v0Y6cDKd0Gj5xmhO1u6z0O3hUdLsR3X6Ljzy2RlEb+8U3Dok8R/KyZpFk4vkuzSigrAydXldOn9mz9+/ckcVkYj3P58KlR+TuzbvWDwMaUYRLxYMHxzKfp7a3sYryfNGeJ/F8bh/cP6LZblLVRiJPi6lrHBEe2+vJ/WnB5XPrjIZTDkxgV07vqsV0LgeHI+J5wmw0ocwKqfKSbLrAlCWCxVaVYC1OGFjlaPFDlzOPn8YYQzqecn7F4exGKGtdD08MVbXUUBlriOOCNK/odcPfWWE7jtiirGm3GxKGPu1OA2OsDcMlTrTdbeJ5PkorHEejlAVj8KIQtXTmLNE1gq3KXNqRw/Z6kyDweexsm55f2a4vEjrYm4exOGFAHsd0V/s4vk+eZtZaK4vpAsdzxI+WELmDd2/TWuthAVdr8ZsR88mck8OhfeLsJn/2xRegzKTXiqyLlchzuH84sFdvPpDBZMY71+5RI+j5mFMtS1Mrrt2dEHa7rKytMjc+eV0Q5znDwYwbd0/oT/Z5zF1IrxlQlQartK2LXLQj1q1S9kc1h4WW8Xhqb1+7IzundxjMH1JwXYfDw4mdJpXcvP2AMklZzDOM58vNBxPKyshskTCeLFjEKQUKa7HxYiGCZT5LKbJKnMDj9v2Jpax5/iPn5PU3HpDHFbPBnGSeit+LaG207ejasRjRYtOCMy88SjlLl/H1nkt8d0Tn3LqIKxSjmEe+/5K0dja48kuvUeYlvR9/v5TrLbv6zFk5/4FL4Djk1jB5Y1+KtLRh01OPPXm6vH798HPDtx88+ODjH7RXrlyxv68K1ouffdG78tEXLf9LWWMvYU+uXKlffPFFfeXKleX3Pocc/IGD+pHRp/y69jxblk6VlYiprnva+XqZ5O8ri+qME7jGlkZsZZaTPQsOVqJOyPj1fcKdPp2za+SzlHh/iIp8xNPYylibFdJY78jmxS0Ww7kUWcl32DVllnN8MBKlNZPRlEVacPHSORkOp9QGFlnFWieg6wuOWHyxqLoGDI6IfOHlB2itJAw84iSTeVzaOM0E0YS+tlY7MhwObRynUpRGrDgEjQZxkoipS6kqI6PhlCDwxA9D8QIfUxvyvGI0HEuRJlRVJVmaUxsIPM2ZlVBarYZ4nmae1bx+UorbiuTkeGxn44lURUkWpxSLhCrNsOUS/UFdL5NYPE+UqyUKXDa2urQ8wTUlq01hp+djjcV3YKXr23bTk3mcIyK4jqbX8VGynHcZa1jEBRtbffFcMFVFEPlYU0uzFeCIEDVCsAalFV4Q4DhLbjxVTlUa8ZsNqiKnylJRWlCiqeuKOM5p9To0QxFtC7a6WnxbcOckwwkDJqMZzVa4LIJaS1UZ0jhZyjREgdLMHpzgeB7j6RyNYXB4wu5qj5/80Q/IqltLLxAcvyGFhVpcHFfLdLpgOkkoqwLSBdn9uxRxxvG0Jjr3KMHGFkWzx7xSuH4D1/Hk4OpV3nz1Ko9Ftax1I1qtCBWGWCtSi0difIq8kq9cPZaDTDGZLiQvC8bjOZtbK4xmGdMkJ81rqaqSvKwZj+cs0pzcKqZJznSeUhtDmpUkeclstqDMc0REsrRAO46Mxgv27xzZfJrIpedOiRu4vP7te4gF5SiUq4lWWySDOYtRIsrVuA2Xx/7IB7j95avUFeSDGBU56F7I9MoBp77nLO/5gSdZPBhx80tXwXFk40ee5tGnL8ufe88P8Uf3PkoeZHz5V74sapwjWtmt02tqb2/t6q/+yrf+ModxdeUzV+zv5aD9f9uW8KGl4V4hFz9sr93/LRj/r/DcOb58LKd/8gX/zs+9lJ3+ky/4d3gpB3zHlkZMNU2zUjtWHV3/G1+cnf4zH7+f3zgmi1OUt6xUdVaBUiTTjPVzfdAO8eGU+elV/LUWeC51WqAiH+U5Yo1hcTRhcK8h66dWWJzMEXnI7lFKiizn6M4BCEzGc3nj2j57a6tkZYbvKr707Vs8utXh8l4XfyUgjSsca7h+d4oX+qJdYaXjyyObEY5YmVRCpTw2Gog3vWf9YiFuXTIcTGxeVLK2syPKCnVZcm80RTkuxhi6K12eeM/jvPz11zFuKOcuXbCPnd/mrSvXbNMVuXVzn8iWxFnJRs+lETgyyYxNa8v9+8d2cjAQ/dAPVsQJtqiWe/3aLCs8FrQjxtR44tDphATUtF2DMTUrrcCmeSWdyCH0NUmay+HJgm7TpTIWqyBOSqThggOu45BmVsLQs+l8vlSd1zVB4ACGqOlTVwatDbY2iPjYuraO74rJckxVMT0+otHpoASqorDWLtkyjVAxPXpAZ20V38+Bkh/+0A5S3eJLt+akmeAvFkTNhggG39e0uuuki4TxcIYbBcRlyf1Xr9Ld6NqVXls++WMftd/z3CV53yN76ME9K5FH7YBoVzIdEQYRvnOX11+/StRpEpqSb71zH8dW/Mv/4idpb23ZWBzxasdmIKq22KLkN7/ylsyOjmB7i9oK/0/23jtKsqs6F//2OTdV7tw9OeegMMoaNMoSlkAIkMCATbSwDX4G+9mYYI8GbDDYBAM2IECYDBoQCAQoS6OcRtIETU490zlWvumcs39/nOqRnh82xhjj5/W7a83SUqequlV3372//YXp8WlwyCh2dSAOGdOuA99tw2TtOEYamsvjU1RvROjuBFd3HqT5SxegNjCKqUoFyghoz4P2A04kkTGA8FruIwQoZdCoNWGIW9pQAiuFOFWIw5SNZuQKPuYv7OQnHz1MQSEDFaYQjkBQCuAGEvFUSm4hAxUmmLNxBSbHKkCQQX5OgOrzwzC+AHwXupmgtGIWmgo4tm8EteOTWPSKDTADZfBixVJpTIbjeG7gAJmxhrWSjhK9at0i4QXeQ9g52th84yZnC7apX1QT/usKlrWrwmMfuWXPix1F/0354JZtasEbNzmrr1vt7fnqAzFAKMXjYdixOKpXUtcVjlOlWPddfkrWmdM27QWuSZQiEbisI2WD2lKNqBqBAg+5hZ2YPjqJzLw2FHtLyMxuQzg4DeF7MAyQ4yBpJhh47hja+trs5l4zE4EAYkgikL2o0ijG83uPoTm/F7OyAonDEJkMnjoyycdHK1g9rw19BYeE0vjec6Ncb0RU9DOYKDegUwddxQBtgYOedp8Dl7F63XycubYPTMzVeozRiSZrBSqXGVEUo33FLJwYqSLwfUQqxSnz2lA/nudCeyekIKw7ZSGdu3YW7rr7KT4cRdTWmUehrYRmGMNxBcaqCTjRqI1MIK03oYyBilOG0gQBmxRr3w62NG6GG3hUassi6wvOZhyqNxPM7vSZjSGjDZpRimYzZgmmrnYfru9xpakoSQwWzs2jEaYIAom4at0lwzAizYRCIYs4UoiTBEZpdHa3M0GTIAFWCdKwAaM0ub4HlaYQEkjCGHGjCceV8Mih8mQVqQb7uTypVPDYiRHysxmkYROOC1y5cT5KuUHcuS/BZJzCLQkEpTziMEWmlGPubiOWEtMTVUhH8muuOQfXXHUBzZrTC0dbd1pRm0B3T5ZCWeRaAhRLWUSTdZwYnMTU2DiSKITrORAmxcDYNBbM70FDBpiMmLKBhFQJuVoxcu3Uf6If01GK0WqMbbuHkNQa6GvPYO6pHZzogJpMkI4h7ee4va8d++/YRWecspSfe3IXjTEjqjfQiBXWrV2M7c8eRBqmKHR1YTxSNDI6gWwuBUkXcCQaUQJoA20Ma2PIGEZtqga0HCek5xATuG1eO3buGKBaM4bRBmklhsx7CFKJtu52lI9NwS/mIIxB32nzMDpRg+zIwG0PECxus24dnotcdw7z1s9BvdZE+dgUvJyHsF7HxMPPY9CEKC8dRSNsov++XVwolahaHkNbV0ksWNrHOx7ff6fdt/X8u2rCbwLD+qWeUGVHv+q+cHWme+HfYXzPuB7ePmzG0U1tgUqMp70iOcQLOwXX47LMy/Mp53cllZClJHJzHpJyCBl4aJ9VhOMIVPaMoLC8Fz1LupErZjC+8wTgOBCuYBOnREJAgKANs44SglIEowFjCMYAUsINXASFHLf1ddL4VA1BJkCsDDQY7UWf4iSl8WpM5UjjZwem+anj0zCGqdJMMV2PMVWNMd1MIVlDGg2CwvTQEI0OjGJsaJyiMEHGY5KcorPooLvNg26E7IsEPQUHro5oemAARkXUrNcwOTJMxw8ewa0/ehh7DvST5/s4Y+186utpA/ke9g3XcGikjqmJCqkwJtaa2RibEcQ801URSNhbC4FIOpQvZNBeCjjrCYpjhYwn4TpEzVAxa0NghmEix3eQz7poNFPSLNiASErC2HSMUtGHG2RQKvkkiFDIu0hVCqMZJ4ZqiCKF7s6AvIwP33cgyIDZQKcphBQwRtkoKcNwPAe1qTLiMISf9bhRDanRiDA5HVEYJgjDGHBdsNFoNBMsXNCBDhmiOlHGwcEKDEl2fI8MawqyPnKBi+PHx/D2lyyld750LUWjA1isR/HMU3tpeKyOJe0alWqEIVOkWiOig8/tQyRcPPTkHgwMjyNKNcIoxODIJIZGyzhl7UKsXr8SHBSROB43tSCXiI5PlLHnwEHs2rEP49UQo/UUuWyOl526BrRoJZ1QGa4qpuHhSYRRQtrP0759x3Dk8AlSSnO1UiXp2iCNobEavEyAMAoxMjRqMcMoRbXaZEdogtKoVOpoNELUKk2KGxGKhQBLlvWh1JbnRphQopkZQHWyQR3dBV6zchapRGHh8i5kch5q9Qh+IYOJE1OsSZDfkcXSi1Zh0hjEcQRVS9gt+uQunYXy7kEsXD8bPWt6MDZRx+EfP498VxaZBR0g14U+WqHqdIXqQ9Mkp5sUTzcQp8osPnWBnN1VGr71I7dtSavN2vXXX2/wX3j8WsXPe8Z7wgVZdK++7rqpPVu3JgDQv/DCZOnUE02hQ8Nj00W/sy2jDJvKvgGIjEdoJjYgM+tBN2OMHRxH5zxrgRtXIiRhiraFXfB625CWmxCZDCmbTgyTKk4qVq6Q68ihq6+ETM5HvpgFE4GI0NHVTgPHpzgME4xUGgSlkWGNSs5lqTUJATzWX8FYPSYhBZhtcFhqwGmkqdqo4/hwDQCT40m05T3uKfg0q+Qi541TPnA4n/OJCMxSQIIRNjVqk+OYbigkkHBcAa1StOUDTJQN93VkqKs9i1qosH9gEofGq5gqNzFRi3i6GkMQMRumlqALbCxzHWbmHtKKYhaS8gUfhZyDNFUUMsEVDN/zUKlGyGZcEg5Z33eHOJv1qH+kiSRW3NWeQU+7h+mGQU93AcJxuBZqCBFTZ6mIcjnkRiOhWtPwQ9tHceXG2WSIoFJlsw5BkI5EqhNwGCFNYhgDjsOIpiYqyJfyqI5X2M8ZyhYyGBmpIokNao0UQeCiNt2ANvb5VvqrmD+nhI3LFfyjIXZMTZP0M1ACSKMEcSPCuUu68JZNi0DTgzh3SQeigTJGxxq8qNtQfGgS/qx50FOH4OUzcCvjuPOhZzguddBDT+5HoZAFQWFiqo56M2Yn8MgQwagE/tQ0KWXg9HWjOTbE/XsOUb0ZcSNKqZJqHJqOMB2mxFNlVBo2fHXWnG6MT9UwNNmEZINapQbNICHAqdIYn6hSqVNgdGgUIIYQBK00+75DKk5o5MQE0iSFFAStNdatmsdnnLaYzjtrKQbGynxkYBJz5ndgZHicypUmXE9ixWlzaPnqXiQ1jcWrumHSlIcGDR549gjt6mqjsSOTSOcGOHF4CJXhMhwDTD9+lBb+0SYox4EamIa8ejnKcYLD9+yHGpzEwt96CRqRRq3SRDRZh6qGENLalzuug9Sw7sznaUVH7/3h4NTY9u03Of8RsfN1110nt27d+vNdHTZDbMZmbNmyxfw6Cta/Pbdu3aq7btgwOa7NXGxGP/b0MPbsoUOr76hjz3W0cH7j9GBRz9vKzep8ahaNJ32KRyowlchG12uDsBpBcQmZuUWUdw3i9CvWw3UFFp69CAd++CyoPQc36yNtxOhc1EVLVvVCSgloghDEzWZMlVqMOFYwhjEx3kRtqkasNTciO9qU4xTDlZAEEUyiAAIL1yFjGCfz2UFELYkICYBbwQwT5ZgmpprY83+fEwLA0pHwHEFEYCEEk4XVIARRqgwcScSGkWoDbRjahjOAmQESrVQhEEiAIMBaW1nxC5HzAADhOZTNWR+msBFDOgIicODnPExVIs5nHCIiaAMQAX7g0v7+KtLUoJCR5Poenj9WR3vJw0RdobPkU7kaYU5PnoulLD341CiVqwnKlZiyWc8m24QxYg6RyfrwPAmVKKSpTf2RnCIJEwoCD2CBpNFAtuBTM4rBUkIZ2Fh5AQyNNdDeVcTgSAOJZkShwu6jFeQKPro7Az49a+jZY2UkRsDPeDwxUqdrNsxCBxKYQh5ulGDHwAQwOEQrFi5Fxs+hOTIGARd+g3Dg4DCGRqZooH8ShUIG1WaEsNnE+HgNxWKW2sIqkicfxPpVvZzllITrcm2og6r1GgXVabjSIWQzrBoRHjs8TvN29mNjkGVDkuKwjilpMLfdh/ESfGNwDOXJCuJGCMf3kG0vkOO7aPQPQbYKbrPasIaVTEjjhEkIclyblTh3dgmrF3dQ4Bg8+cxBfuTpw7RgQTeGRiYQZATPWdBNK9b24PDBQX60PEVt7T6ODQ+irbud1q3oxZ+cdi4bNoS0A+PVGt/8wBN0y9374Wc8yLYsnFwGzWdOwO/Kwi9lkeYKqByeQM/8brR1FtD/4AEYzXAZ0BMNsCRAM+C78MGirytL23cd/CkA9eMfD/2Hisa/UqwIAJ934rzcz+InCED159WXX7Vg/cIxcftN29OlV145tMi/uPvo6tXj2LKFrc5wLHhauO7bX3nNeWuz3Zn7j+w0d267H43BaSBJIVrpxKocoVkNkV/UifH7DuDgQ/sxa1UfcnPbUVzSi9rxCXidBaAWQimD/uPTiOopdJRCG6tOISaw1ojDBFIKSFcik8sQDHMK69+k0xRsGMJzwcxkYEDSJvUwwW6mCDDWUZiIAEgJIoBYtLYTdrsGZhvuyoA2hsJI8784+fSvnEtqMT5bKUEMVq3uCYo4fdHP/YtDx0DT4ltIkhSuJ4F8wNOTDdKGqasjA9YMxxVwBDA8Ooy2tgCuFJgAY//RaaSK4TiAkBLzevOoN1P0tFfw1R/tx1Q5RFvJR8YR6OrM0XfuOMRLe3NoL7m0clEBmYzHjUYMQUxh09IjoihFKedxJuNRahhaKWaS1EiqnELi6LEKVesp10JF1XQKk9PNlm1xgMRoDAwNoVj00ddbgIhjrk4rmog1pYr5giVr0KyHlJfA7ueGcN9du3HtVeuxcOksqBQoSYM+T+LAoVF+Zu8Acb6Eo/sHrE+9NiiX62g2Iyzu7MArVndg+fwiiqWApF8ADMOvTGOwUkZluopYaRghycn4XB8vgzJ5UBiSOzbC1KxRoc1FQXdh05xurO8U2Lt7CtnOAuIopnAwguM5YM1QqQKiiGFaY7wQdqRvfSocz0FvT5FrzYh2HhxF/2CZfN/F0EiNGYxUa1q0vIrjo9OcGuB4/wS6egrIlgLEagDfv3UH5s7qovm9RRQ6XW7kBA0cGkU6HkLrGqjo4/jND0NrgwUXLUVnZxHHDo4iPTqGM264EscHJpFEKdJQA4mCUwgsoE+EcLrJC8+cL6ujU0e23b3roeuuu462bNnyS3tfnfX6K4tOrcr5dfPanKxc+tP3f+t+ZiYiYgB49OZHa/9WffkPF6ylf3SlXypkOrZ/+AfDv6gLO3THHfHSP7oyXDDywPyuG24YDGdNU1wFZWqjUwdHj0/PWtHZXSrmkYzWkO9tQzjVtO+lI5GmIWojNXQsaIfTkcOxRw9CFz3MXTkXfafMRfXQCFSUwilmrN1rOctO4MKkhtgYu55v1QsCoBls4pS8jM+u55BWGloDJCVANojBViQBBpiEICFky8aZoJUm4lagA7/QUBmtgZmVO9kOrPWgFvQHWbkMg0hQqwYS/IzXapEA4Ui4roDvO3ZrZ4AkTuF4DubNa2etNY0NV4kIyGZ9uK6E77twHQEyBq5H8HwPjhTI5nxrh+sS2trzTAKUzbiwsyrB8127lCBCZ3uJXSmIoCwcxgIwhokN4oTIQPOsvg54nkuBS8gHDtebAvsPHKLAl6w7c9BZH7IkIOHwrPZuajQjjsImZT0NIgfNSKPoMVgE7IYapVKGFp4Ss0oVDCSybSV2A5+mawlGx2soV8soT1UgHQcQjEQzTY9XMTE2hWg6wsRkleqDIcKRSVSMh9e9901wJoew68m9KAY+9y2dTS4kThwbp8mEeXRwghKtUR6vgOwLB5TBmcu6+ZSl7ZQwQeazMImCSlIUAxdJGGPHQAXG97hebpAgAaMVUxJReOgQL2sjWnbOQiCNIQtZZDnB9efMxvceOgKTKjhSIE5SKBVDSsF5X8BtayPPc9hzBKAN+Z5E1hdYOq8Dfs7jno4cntg+wMeGquR5ru2IBaANiCFQbMtzva4IUmJqtIn+g9PomFtCe08OUko8tf0IHk4MPMm0aN0c9O8aZdRDyswuwu3Oo7pvHNQeYM6SXkSJQf9tu9DRXUSuN8DQM2MtigTBpASHJANMaRyDHKFPWT7XUfXojumHDp9YvfkN/6HaUSKtG10Qk+ONyVInJbB3f/61Y1hpNcy4xbZTNr1x0/S2hRcm+Fdmzpkqeegzd1R733CZHu2edjrqZTHEotgZtMntP3voqcefeHwpDVaMOlF1w+EKzHgdJkzgtAVw8i7UZJOjvEvta3sx/nA/wlrMYTOi7Lx2yI4sdCNCprsIJAqqHpExBsJzAUFwXA8EsLatEYGZhBEcNWLKFbNwPXuTkEQWi7E2ZVZIbAy90KwyiEQrYEG0WiwGiLk1ubExNvgTbJsy0TLcYq3ZcSRARFJKOK4gZkbGd+F4Ao1mAuk65HgOBDOEIzjvu5SmitaftQTFYgY7nz3GhVKW+xYFMFoj8FwyxhZXlWgYBpKUoIlBDgOaEWuC05ZHKB0irZDGGnGoAAB+VsPPeSjkAxwbnkLfvE4eGZiA5wgq5X1EiUYUJxQlirMZlxRphuexX8xTpg4sXDMPaxefwzseegIiSjC7kKGirzjrx2jrcLGyrYgkAqdaUaiBjOvDNCPUoxr52SwTYvazAbW1FzgMFcIYqIcR57IpihmFclSiQ/2MwCPqLrk8OVlDV1s75QvgAzuG6Mm9I8B0HVedt4AvPWsxFTs86Pkr0LmoF5UTk+g/PIzO7hz2HJ/GeD1GOUpRCxPEScrSkdTVU0KoDFbNKtDAkRGAGbXBcXQvmg24Ehwm2DtSQ/9Enecu7CEncKBjTbEyOHJ4kK99yVz09ASYGK8icD24cQO5RSWs7gr49NPnU/eSHhQEoz3no7ungJ7OAjLZDI2XQ06TCA40HKM46xJBCBCA4bEmqZQxWW6wkA6UNgAxVKgJUiCTC+BJQY3Ihps26ikME8aOTmHkwCTAhgUzvGIAmXGp1JtgeqxBZAyWX7UGwzuHoBZ1oK03B9mRx9hoFfGBUZz9W6dh6NA4NAs4rgCThm6mIEi4LhCblLu6ikI2YrNj18CtrY7oPwS23/2Nuxsv+t/mfxno3v/VbeV+4A5s2uTg2ANiBvn9t47Rb9zdwHXXyd72RcLoY3GTaqEIacDdF9Undg06mXVzZXOyIYKMB/asFa8/q4TwwDhVDk+h57TZEHkX5T3DlOstoGdxL2aftQQn7twFw4BTykDFNYDIBgpqpiSJ7YgmhF37A0xSQMUJjA4sMtoCsI1hFg7ZjqoF5BMRc6udEo6AdCUnUUJs7FdB1gTQCMvmZjbUejxYGIpAUsIARMyQjuCZYpcoTY4vWQpQmigkkbWGieOEpBQIcj6OHhjBnNntfHTPEAkp2bHND1oOoiQdyTZVmckkthiRABvDNtTDPi+bVchMLIi1NpTNByi25yAkoOMUmbwPzxUwaQqdKI5jRZl8BsIlSMfh4/3TaBhCrpBhVgmtuHIF1l66gQ+O1HH0a4+hzSMUBdBWcGAUOEk1OFXIFjLMjiSHwIBBHGs0Q91aEwguFnw4nsP1MMFURUEKAoipFoNTJggy8KHguw7GpmNOmQiJxgnB+Ivrz8K6lQWIIIdIpUgmpyDzeXQsnYtIaR7Yd5T6yzH2DZWhtUGcKBhtyKSah/vHIByH+veewPFgNpYvnwWjNEaPjqBv1XxSqcbTB8YgkgTTo9NA4EO4EhCSj06F0K5Hz+88jvkrF6LUU0A0MYHGeBW9bQFxuYI9OyOUMi7YGBY2d5bqzZTJcxFkHWRcQWmUMBmDejVCX18RUWQwMFzH2HQI6UpWqSbptJYZyrDrChoYrkAEHqbGqjYVnRkAMwkmQIABiqYa6Dl1LsZPTKMyXENmQTsSo1GvRRAZB4tfdSqSgoPao+PwGbxo1UK6+56nIA0jridAy0izWakSQDBK67aM65wYGLv9yB3PPnj99dcL4D8l3fmX5m796qD7tm3ql3lyG9rbxRCGXE/FTbe3o1I+cmJHMh0eFb6/oHlgLCuYWdVj8nvzCA+OQ083wcwwkxF0qtF15nyMPXgUkgiNMEZx3RzIJw4jThTcjOWzwLMAc9oIXwSBMwlJNlEHgGHrAOAEHiiVkFJAKU1GG4ANpCQYDaYZtIgElNKQQthIMmV/jkEAEaRtzUBCWmP6F71qz3XIcSWUMdAgUqmxljDEaDRrpLWVs5jW1o+kgAYhTDSOD5RxYqhCInBhNChSusVmsJ+XVKtWF0gg17HVSimCS4AQbF8CIYkVQQhIT5BTCNBUBrXhKhxHsnCIdCWB8CTId1lFmgACR3b5IQOCN7+LOjoyUG0ZiN4iHyXGwR17qW1WO+sL1tChJ44irUQkK4DrCeiUATeLAnsoBQE3taaoEbInHU6UolQbjmoRmSP1FtevRdXQDCfjwScinaQwRFBsDfvYMAwbyERhVyXCM0/v53lRB+W7J9G5ZBaajQTxZB0kmExYxeGxGE8N1rhaC0n4DqQnkfEDGM2UximEMVi/ohdnnbcUbqkbQXsbH3zwaUorNYTVGE8dnoAxmhrlOuCEgOsABNo3WsZPnj2OS+YVUJo/D/6cLoyNVhAfncayUxagq+Dz0ztGUOrIEQFkWegCmoEcCRJacKoYykiK6ik84aB/qMZCSlJgpMpQqg1MohDkApAjoLQmOBK5Qg7Do2WEkWIhBZlE25lKW8yVU4X2xV3IFH0cf6IfInDQtbwPYwemETdiXrZmFrlFH+NjDQw/eBCnnjYP09VxTE03gXII+B7SMLVmfY4DJmauhyIbeGnT0KeYWdlUyf8cz7xfe4e14I2bgn4bT/8fesCJWbGcPTw7zS/cz/2jzdzK68+999B3H7tChWotpxpOew5huQm3HCFoyyI6PgUqZkAZF5UjU5h33iJMPDmA8d1DmNOZB/kOes5bguGHDyOzoAMcp6yaCVFbHn6bQFxutJo/gmmB1sxW3xaGCYrZgP2MR0IQXONCK237KWPAzARBLV4R0DariPb2PIaPjFmA2aoAoLWB1hrEdgNnuy+C67sQglrpoUxC2G5NSMmudEkQAW6GQYKMtYpuyWJs9yY9BzJwQSQQRylUosDaFjZjXjj1QgJSSEAQyLAt2iAIwSQCOxqTNpCuQJookCPguJIkE5iZNDG8rAdlHQ/IDTwgEBBSQkiQEBKFWSWgPYc5G1cj6GujcqOBpqswq72bnOkGhhbsAk81kcqEPemRqDaRVmN0zcpzzvcpkhJRnBLBYZ1GIGNIJZrjekLSdyA9QUIQ4kihWMwim/chW1Fk5Yk6XLJOoUmYcFqOKKknePTEBLXtGEZbZhz5I1Oc7yyRLwDA8J59I/TENDid3YszVs9CwoB0XTARTJRiengKc0pFXHzOEqSphuu5UFqRLGQhADy1fxyjcDFvwyx0zmlHpDUEBJKpBmINjCjJXT2dNOeMdfAk4Poedt5+P/dO12nj2YtQnT8L8+e1s0o0panivvklch2XcvkMkiimvO+hPRdwFCVUb9RQLcc0OlLmoyfKFJTqaJabrZBdiUwxg/kFn8tjVUxN1gBHUAoQW7AVNmEDAJi8vItz3rQR2778EJgIbafMRn52B8YeP4x8KUNnvOF8DIyPYfz5Aaj+aSx/zam0fe+gvV9IAVbaurMqDZCBEazb57U7pPW9u77/1LYzSmc4ABR+Q8cvW7DILWb4V6mm/Vu+GvVv3ixWj+/PuhmnXu2fJpWVj8rOzGV6rNKukjDr9OaQTIVwMh7IdyELvs0qHKwijDXaz5yLyWcHMP/KtfDbclAbFmH40cNQjkTb6lk08fQJqHqIRZuW48TOQSRTjRbZXUMnmsTMmKY14mZMfsaF7XEZljFgQXQ2ll7guBIMIJpuoK41dKrs3R8ErbQtUq2yKGZuPszQSQoWBGOYkLaY9/ZPkhs41tA/Zmr5j4OEYJJ2vUhCIEU0szqEMgYwYPJaUdnaTuBsbGAppLDAGYhJCnIcS7/QUQwmgnQEqGXuhlSza0CstX2djoBhA0cKCDbsGEUOJFhpkCb4jmYeLlNzpIIwBtINC+GcOwf5oSZGbn8O7vFpKB2hGARoVGIkUQNZxwEZjfpYg+pcQSFXZC/woEwCXQ+hjYLrOOSQgaMNoZ6CNbMLJsd1MDxYRuAKMmAkqUYgBFgbCOmQJMEZR9DBmsIXTtRwWm8Gov845TIufF/CD3w8PdTkAXaovTPDUC48RyINIygGfFdyR2ceDgwatToVO+dAawVuRKhPVTFcJ+w4Mok0SuAyEAhiX9gkHa8nB/YdPH94kg4PTmBdowGTzyEjCW4uRyPHJ7GyPaBv7h5nApOf99GoRzQ2VoEQgierEaWGIQAEgUtz5rSjlBUIfBe1RJPM+FiwOo+urgyKhQxIGMzuLqKRMj2zewhH9oxyZbACkICTsRI1kzCE60BXGzjnTZdg7x270DwxhWxvG3pPn4fpgTKcuTmccvl6dM4rYmBiAtM7h7HwlFmYlC7GhiNIZWCyPnQzgYkTOBkfgEBaD6l3STdExrkZgMrvz79QM+w2nP87Fyw+9Jk74l+tCWQCkcHHrtso4iSq7D7xXMeahQNckpP1pN4bPT+O+lMnOFjbR+Q7kJ05qGoI7giAVKNyZByzzlmAyaf6ceLpozj1zRciaW9i9lWnYujBA5hz3RkIT1TQGKoATY3VF63AsR0nkNZiuK3L33MEwkaKsBYjaoRIWzQKIQSSKAG38CsQgQ0jThSQpOjozGPw4BhSZjiuAwMDluKkgolAMGxp5MwMFWsGWf4WSUFGacASQJFYUJ8tY/3FA2SLXnWS3kAvJkK0bqdkBeLU4ohxa+6Vwn5PGcDoF3FKZ/462Vx5gCqi9ffZAvQveniCtsJxu6ptfcOXEB05HH3kKPDpu4DlPRbFqDeBagKok79DUMp+z5EvulfZcgo2dgvJDKTmhSZdt35Xtl6vI4EweeF5c+vnXAdgYx/DcwDX5aEjNZqTd5H3rKIhkRqDtYSiNMTYdJNMktrtLVvpJcE2om2u4LEzOkDawLg+RsfKGDw6howQ+NZzI9AkMHB0go8fGieSZDFMaUXiGg4ezUuctXM/jOtgbP9RTAyNoc4pHp4E9j5yFDLjQKcakHZJI4QgIcDGcugYxmCXZmoJFRgEsgEPDoK8h0zgIJD2/JXLMTJtOTTKEaCAoD0Dp+iifGQC5EnW0xVafc2ZUAY49vBBiI4cZp2/GLnOHPbfuRPLrzkXq89ciPYq8/B4heK9wzjrjy/Hs88fg2AD00zgtOUQNxLAkRBZH0ktMoWCL7u7i8f7x6fuaIHt6kWfJ/7v3mH9qhMrbXrgRrn3ZYs651989u/JTNB+8I6HP4be3MprLrt0zvldS51Pfe9b/NCOQdIjNbgLOxBNNUAgOJ5Ece0sVA+Ow93oYsm1p+LwT3dj+PJ1KM7rwJzrz8bYk0dRGa+i59ylGHzsMAbGynzhBctRbSQUTYeQqYbnO0hqMRJVhUcEzvkcTlRJutKGTCqr4yS2iDpajpvwPQz2T8DxXbgzl5loEbOMtaQFE0ycELWKGFxJBGI2BgCT9FrGepi5AOUMemPnVMDqKPFiTqgtSiREiyphCxwTvVBUWyRT0WrvWBpAC0ASWpahIMNgZ2a72SqALQZsq0yBtbHFWgrYLC/72gDrBsCpgfQ8oMuBGW6CCh7geKCO4CQlxKQaQoqTz5kkAY6Afe0EHaUwsZrZVthKbwzNPC6UAQEwSkM4JVvjlAIRwWhjC5sdZW0HaAwZeHyinhKQ2tcrJIQjWLqShGMlWRCw3aWx6dBSG1RSTd9/agjnzy1jvJ6gXIvQ15bHvcNNHKqkcLI+jJAkMw5IEojsiBqlGl4g+e7jNfR972FaUHAwXQ1R14aPTiW49WgVsuBbW50gAARQbM+zG7hUm6pTEiaQjrBLGGWQhpHFzaVAVAkRAWjWffuxUYqMsWvnbMwwRJTmBZzFBVZjTXLyGaQTFZp7+jKc+vJTcMt7vwv4HowrkFvaiaM/2Y2+0+fjd15xMaaKDfx4xyE6ctsunH7WcnQs68XEA7sASfA7s0iaKUTOsxpdY2BY89p1i+AG3hf7b9tRvvDGC2fGQdr0h5tyoq93SXWgeXD7Tbc3//uIn/+Tj54L1/D2j0qjUp1vciQ5SufFU/X5ulz357bPweyOedq4QiajEbEoA4kGuQ7i4Rq8jAvpCBy//wCWvep0FJ4dwOBjBzm74VLKdrdhyR9fgf0fu42Xvv58co6XYAoePfvUYaw9ZykOPXIQYZSiPFgGJQraAGmUshO4JLMeTJSCmRlS0ElqZuvObjPdich17IUibREQ0lp6JI0IcZi+SCtODEeQcAQc6ZCJU7BhdnxJjudCpwoqTmE9QYnYtELeTzahrZI20wExiI052QDxTLERL4yfRLZxgbGEVgh64WcIzBIkHWkrk7QW0xYr45NNEBu23xMEI1pkWTnzmDbQAgywIMCTzMwWlNMpIOzfFo7T4psZGG1gLzoDHVttIRHZLrBV7O1OkABJIEFMrrTAmiQYhi1kvmtBPaUJDmwRZIBSbZUJ0tibBLP9O7J1oyAGS8Hs2GJOxNCGrYQ2VWCAv/v8NIUskSeFrHSwbTTF9/dNQWR9sCuZPJfgSpAgaG3ArWAPpRQdroX46rN1XLikkythTMcrip6biBBrgHyrnBLSbmqr03USjmTXIbi+JOlIOL4DrQ23z28nAtCYbkBphgoTEECSmeH5MI0YQVcOhXkdXDOalr9jE9x2j8bvO4qJb21H4DnY9PuX4vGfPg2dAtnuEpa8/kzEtQhRonHGmiW8sDug+w/sxrGn+pE+N4KN/3gVfvzjB5BWGSIAZN4DKwaHKUTgQkWR6Sr6oq0zV96xZ/gWMGgbbdMz7i3O3L7Zs1cv/IPjhx9/1/+YDqulGXqh7yfwVlyvAYwPXfb0O0w97Y6n09HmULj9PueR3m/yz05ZtGD24jwCWa+V4fTmWQQu6SgF5X2ksYHTnUdzvIFGU2P9m17Cj97yGE2PVLFwwRLkrz4blYcPYXysjJ5rT0HyxAiHaYxMTw498zvoqZ/sRpD1IAAbg2WY4kqTM21Z1OtRi034QmdDVkdjqQpgEDFUEgPaMBxBFvMiUD4P0ooBIrbjFBEEa5VClyftmgsEpRlwBbyuTpjWKDfDL22R5V90BduHx0xHRi+UJpIWjxJCwBgNbkV8zRQwkgQIOUNeBTm201BxCIQRkKSAa7sOJIqQKsBxGNkcyWzGsvXNizs9ArfGY7BhO9fY0Raptl2NFCBPQldr0ONVwHdA7R2txGG7hCDpADAtJ3YA4oXaTCBixcQEhn5RASKy2knmkyoDtDolkgSy/lutSgi2rFzLNRFSMqQECUHkEKRDLAlklLYTq+ug3Aj5a4/3U8YDd3S20WAtBTkScCRICmLYpQqEA9vCtl52nEK4EodizYd2jLbY6sQIXBKuhGk9aaOZwIbZAIBGokAm1QCl8I0P6UjE9QSO74BJgHWKbHsOtaEyjDEEIkjfRWFWiZMwgekKsPiM9cjPb8eJW3ZCRxHmXbqKJzmio8/0Q2ZdzL9yObIS2P+zXSicu4AXr+jFocYYTxyZpPEfPoPLrz+TD504iqnxkJyMg7gZwy1lIWMDEWvIrAMdk1m6bq5DRJ8bunfngU03bnK2YZuecW/pz/X0Zwcm/n7br7CA+29XsP5VgSNAex7H0Q3tJ/rFrMUFP83GY/uGPt6cKC/uWrzkXYsuX3PerkrNCN8V6VRo7+gMRJUIuUXtoHKC0ecHMee151FXqYTxR/ZDnH4mutqK6PidC+jATT/DvDk9GOqdpsaROp58uh/nnrUMHXuHEWR9ZAIPUwNTSBsJmoPTSMOUMp15hFN1CMexg5kFwgkgkp4LE8dYfupq/O/3/2+TCi1CHXGHX8LX//ErdM9dd0IW2skobQ3mIGAadVp5+jr84R+8HZXqJBsSHBgXh04cwxe/8CUSMoB1TjC2c7HTnZX0zMyJtghxK/vTFiTfaQVKpGxUSnB9SM+3wLsyrR6vta4EQwYeVJrATI1j6co1fOaGDVi3ahW6+nohPAdhpY6xkWE8t2sXPfXsczwyMUqiUADp1q00VTCmFfzhSoamFzhoLVADAhC+hK5Vee3qlbjuZdfS4f6j+Nr3vw3hZJg1bJF1CKzp5CZ15tcBWDoJgQUJgiNtBfMd+5oMgwVBkEMmSYFUw6TK6jrJLlCYqIUCsS1i1Oq0pNUlgAhMRDNVj+2ISYIMLrn+Kkjh0j333c/kgaTvQyvNkILcwGWjDKnYWk1DG5gkZSYiSAEZOISsy8xMZEDkSJg0BQy1iHytzhVMrG3YxIybq0o0J2ECSIFiZx5JPYZWmnVimexojf1u3kdaj6jhCKChcd+ffwWdK5eheWgc/rJuFC9dSjsefh7UGaArX0Lv2oW8647ttOKslbzk4pU00R1geHCSwwMV9Igsz14zm378sydZkoPYJ/ilItJYISo3kV3ai+Zk1XTMLki3EEw+e3j882CmbUT6xUXp0B9/Jj4EHPqfjWG9GM26ZavZTtDYfHV5bnhnuEDOm6ouKx19+geP5UsdxXMLi7pIT0cwUcuuJFUgX0LVE2QWtqN2YAxDu09g1cvPwiMPPIvnjx7BS848D4svOAMYmMaJZ45izmXrcOgHT/PUWI0mKg284d3X4PZbH0WpmMGJHcdBzJAFn+LpJvKdObiFADq2HQNpBpO9/xvDJLMZ7H34Kd7+1HZ6x1/8KU6kQ+hwO+hv1qzGMxuf5XI1JBICTPaDJjuLfGz/PlA+Q6+7/vdRQZnmYxbe+vtvtriY7VLAjrRTmWyNaoZBqtW1iBaZ3pFsnRrsuJjPB5g7fyn19PSi/8gxnBgYhHRcGGphWtqABEEGPqfT09RVLPAH//4zuPa665DPll58OySnVRqbaCKqRHjvX/8lvv7Nr8Np74LRNkkaxBb/YU3/AnAluFayZOpNrF68lO657WcoZNqQBdDX18sf++jH4JQ6oI1hJMrOp47tLGkGB9T2tNluyirOGQDpVoslATKwtA/PgSGCcB37+0rbrykNZrbj6MwiQhIgbIE1dsC25VFKSEdyMjyGd3/gz/D+972fFGI8cu82et1vv5GVFPZMztw8LDIIo+x/WdhCZKmwJ5cVzA61QAQCCSIIYmoxDmx3ygxph1XDbK2PWiTn6niNYUDCdezsKlMiw8walCllgEDC78mDlUF4YBwjJyZROG0B2lb1IZ2OMTlQRnZeJ+ZsPJ0PHx8n2Z3DhW+4nI5nKqgEORwZPk7Htu3Gm3/nZThSn4IIAgrHQigWgCuRTFThzW5n9hxypDCzV81x2HG+PHz79uObbrzQ2fbzqAy/gS2h+E3xKWbAHmzZYgY++Xj4eHF1nKCmTMU8aKLogO87aI5WNSRZFpUnQSQQDdcg57Qjs6IXh544gLgvi6WvOBcHH9uNkbCKZV6Jz3/9NeBiO+opcM6briS/zcXR/gkMpzFWnb4Ih548iGxfHp0rZ2HWKQtRWtyDuJnCL2WtNMfaNJOQwiqjW/g7AsLe3XugdMhho0ETlXG0dfTgxg9tgYlqkKXA0guEADkuRWmE7/3gFpR1FRPNCvYO7ced995NaMvBOAT2JMiVIF9aqCpOLajsSIuTuRJwJcGThMCFKGWJmzV86m/+hu+5/Wd8681b+f1/9ucwYR0icO3WTFqwXWR8pLUynXXKejxyxza85Y1vQ+oTKtwgAqiWVGjf8CHsGjiAicYYFIA5pQ5at34d4BKEZwsvnBYO5gq7uXuRTpIcK/4WIHCjiQULF3Mp08aHy0d5giO84mUvJzCRmdGGixncjZiIX8DgiMkS1iwSP7OlZbuxAGuGYYaxuFNrFBSASyBXgF0Byvk2u9KTtiN3X6zptN0cG8uXYzAMM8Fz6NKXXkqDehRHykO46JLL0bVgFunETjnsOzCOQ1oACFxQIEEZF6KYsSTdmffIFjcryxItnZckCFcSXAGWtkM2ojWrSuv6IRzbIQopIaUkJ3AgXQE22uYSEJEMJDqW9iLtyMIUPKA3j44bzoR/8WLwml7MuvxU9N+/F2nTINfbw8f3HsTwWD/WXHo2eEkHioV2NMfLqN53CEvautF1djc99djzSCMCZzxkeopwmGCkhLu2h1QBKnvmQsmzOg7Fk/HnV2++Lr9ty79CDv8fvyX81xwKAMaWLcbbfF00fsudh7Nv3fipBafM/1z9RJXjqQaE74BTK2ImCUTD0xC5ACY2OLh9Py5+yysx2Yiwa/9BPm/jSsx2mM973dXYvv85LF+1GhMXHqNDP36at/3kGeptz2LtBcthcg6Gdo8inQyRViOQK6GaCrmuAhoT1ZkxjVsgo71YhSApJAtJJIRA4Po8GI3hla/6bdx/1/34wY++D7e9GyqM7cWYDSiXLSIjs3CcBgJPIJfPcxQ2SPjeybBT681gP7gs7PrcaAN2JWD34C06AIOM4fagBAEHoakj4zl2o0d21DJaQzoOTNjAwllz8MNvfZ+zxTY6Eo5ze6aAxlQZ7/383+CeRx7ioYkJ6FShM5fjNUuW0Zt++w1crpXtH2r9m6kjkPaGysyA1CAhIITlpxmtQaUiHn7kEdz99AM494yzITTw5Ztvttt6w4AjIFzXvulaE/NJigWIJMgY8En2Ap9cMJC0MqnWAoTNTMeizcxqtRUA3QokYUDY58atdxDGaEuEdGSLTWBHXJKEb3/tO/zXn/wwOtva6btbv4vxgWFIzweYIEhAuvYS0UkKIaVF4EiAAmpx9ozdwFqiMaxYXrDdgdpKbYT9Ry1MsUXwALe6QmXsZpQThpNxIRzLl2Nj0LGoG9F0A/nlPRBnLUCjEWLtVRvR5XVDqQpOPPEcmgNTKK1cjMyCWYhRoatnnccrNq0hEaZ8MG5SMtnE+H3P4Y8/8ae48/5HkCYS7BLSiQh+dwlRLURu5RwsuP5sdJFLq3pm04Gn9t+y78hwdmXe5z3473P8pgvW/0Hx34OtatNfbXK2bdn2lcWfecPbetbP3XDiwf1aZFzJHrNppsRaQzcUZEkg01NEee8Ijhw6jJdfcSlufuReTIUhvSU4BV6PAbnA7ukhzNuwHgNPH0bz8BSOHh7jfMaleLLOjuugemKa0jCB4zlI0xSCgEx7HlE9BhtDQhAMTgLQbIyBAliSS4YMJDSG9AT91Ydu5Icee4imwhDCdVoJny2HTzBZebIgEoLhOMyxITj2Ay2EhOYQRodACuiEAddn4eSJtL2QSUqQJ5mFQbPVARghKO9nwNIgkZZPJTwB+A5Qj/Dpv/sEF4sdGIomueTnqDkxhSteeTUOH9oPdHZaMJoI9clx7j/Rj59uuxeF9g5QtgCVpGA2UFEE+B4QK8spc10W0iGdpmzCGsHxIYMAwgC1eo1e/trreP0p66leq+HIoQOgvi6wAoxWMElkR1sQ4BALASJXQtcbjCQm5LJwgwA6sSng5AioMAKi0E6JQoByeUh2wVECkBWRU0u4Llr4ngobQGzdM2yX6EEEPoQQYGXHM60UuJDjb3z5Zjz2+BOUzQS8a9dzQD5PwhCMMdD1KlId2PPpsO08QVBxAjTqgOtC5nLgWAOOA4KBdBxOG00gbKAFWAFeQMLLWBqKNoBpjRdCtDp6y9XyfJd1lLTkEAL57iJMrDA10YAfJ6DjUwhOn4+h259G8JJzENer2P/VbXDgYtVbzofIZej4sw2cdeG55La7PGlqNJFz0P/EAWy6/hKMVyt4YudhZEUOyWQTXnsOaSOB15VH55oeLCp18puWX4zR2mTyZO3xWkeh2Lj7f3+9iT/7xi97PfP/5A7rhWMLTP2GugRzMvGX13ywa277bSPFDOkohZP3SYCQsgGMQTpcgewpwHV8HNu5H6eeegqf2bmYvrF3G1562gpc4MyGbtf8UBrTcwOHMXfhIjq4/TicuqLqdIh4tGKtk0Fwsx5UM4H0HUS1EG7Gh5fzEFdCa2AmCDMSaOvEICiF5hw51OYXUYlqWNAzjz70oQ/hD264gd3u3pm+idgwSxBJFi2aQKt1EBZQNaSByXHMXrQEp6xchXxbCTqO+cDRfuzevdNeFG15GM1I6w1qy7VxqVhg3dorlnIFavey7JJAnIAaDrMKq3jZVVfjyvMvwUhSo4wTcFH4/Nb3vIsOHzuCTN88pEbZBsAAIpsnUSiBCVRrhBDSAScKQcbH3CULUKtW2PMCJI2Qx8tT0JUyZi9YQqctW4F9g8dw+MgRyEwGPbNnQbhERw8dYh0mJDLZFvlUo9RWRM7zycCwDiOqNyOEnALlKpYvXUFL5i7AzgN7ebD/KLyeHkrSmDE5SUuWruEN69eRzGQwemKQtu14CiqJIJ0AhvVJEqoIXKh6FSCBU045FfM7euCXcqzCEHsPHKL9B/bBOBJOtgA2FjTzGehYuYSm4gpCpNS1YAGm6lXmRFNXdyfaSkU04pAFCLVGjWpJzKpcpo6eWTj97HN5anoSz+x4jihXgBCCDUDp2Ci1zZ6N9eecwwUvIAnCwRP9vHfvPoIEvFIbdKwAw8zaEEkiIRyWrkNSEGkhQGA4nkSuPctCCsp3FzBxZBzJQBmFaojD5QYObX0EXImAqQbmvHEjOtcsQeX2Xdy7cBmqPQ7aNNMzjX4evH0nlRLwRddfjH/4q8+R392F+t5RQBOkNgwvIXdBB1wC4qiB+2tH5HP79qnRkXJtaZgJN7z9DGf7/+0qOgOSmF9VG/jfpWD9R0hkBIDjztkd6//+d+o7//pHP3nJZ994+9x1864+8tB+jVhJb3YJaioER5qNBMlqDNFdQG2kyU/v24Hzu9Zi56HH8eVVO/BPmY14JhqgeW296JfHMeqnyJbyqOw7gmJbFj1r5uDEzhN2+58qy0JnS15UUQIZOOz4LimlACaGsUiqFDNIOIgM8f7Dh7Bi8TIajIbximuu45/e/jP8+PbbEPT1IW0ZABKIHSHIEcKaYDFD+C5UHCPQKT7woY/huuuvQ66tiAAeAENpEuPxRx7H+7a8n/cO9YMI9JH3/hWuv/rVEHmPtFFgaFqxdi0/9eBTEI6D8vQUX/a6V2JysoLXvuI6CgFOdco9Xgd+dPePcMe9d8Lr7kUcRy2+RIv2IGxHYXSL9Km0HZniCJ/4yw/ivHVnoSZTErHC2nNP4Wtf92b87V9+EJlSCSaKcN1b3oB7f/ZjXPxbV+GTH/oIKmGDumQB7/jAu/Hd238I4QRY0NeLW7/8dZZBQAG7+Ondd9Ifvesd/PnPfYUuveQi5DIFNCpl+ofP/xN/9NMfQ1tPL27868147WtfS6WgCA0Qg7H7uWf4re9+J/aeOEzSz8AoayWkpiaw6ZyN/MH3bcb8dStQ9PPw4CJFglpYx+4nn8N7PvQB3n3sIPnt7Uinq2jraqeffPtWdM2ahSAIsH37dvzWa64FeQ58ADf/4+eweNFyGGhMDY/irE1n43Vvehu/913vIac7T23I4g2vew3fcf89hEKeRKOJLR/+O1z7yldwsaeDXPJYQaFWr+LwroP46w9u5se3PwW/1EmqGRKT7dggQCZVSAxDuhJJLUSxtwQVKZKeRDhaBWuN9jltaEw1QOUQxVyAyADO2jnIllx07qxjp4ro9ZdegCtpGe5N9/OTTz4D/ehu/odvfxbf+u43Ke0ugMop3MBK3lQ9JjIMLoeYPDJhxJ7j4tDA5FDUP/XdXEM9GM0pNSsD3eLFxG8Q+Mp/eHNXpj03+we/+9kdLzbf2/je67pDL2zkH6gl27b9epJ0xH9J5/RL/I5Ionrz+IQEoOvjU+/vWNQWO21Z0q7LSaiAKAUcQSQkZCkDroZwSVD/k0epPFfi8u5luOvRu/gz4XaMygjPTR5Hsy8PLQnwXA48gdmblkPFMYzSUIopbSYv4L+eA+G7rGJFJAVDCoa02zCw9UhgMJEhLvgFfOGDf8/D+4+h6BYwkIzhxg9tQVdvF9K0ASgNx5XEEJDssUMuWDBbMqeCn6b4yhf/GW+94R2cFCUrCIxHEwihEHrMGy+6BD+99UdY3N0HVOu8Yv0aXtzVCy/wyUAjNZrJ92hu3zzM7pqFlctWgpjhd7XTurVruYKQjLCfpu/cupXIc2BSZccSYiYh7Phq2Aq3HQkROJCuw8Jz0WzU+B8++xnjZ20CcmwUXnHttfjk33+CM6U2riHiYpDDnAXzAd/FIw88xBEMq7Ysu6U2LF64EEhi+PkCdj71JN9+z13UUeiBWyxh+aol/Ikvfha/c/W1nMnkWUOzLnn8N+/5S9z4vg/wd750M/74TTdAecxVNDmCwkhSxoZTN+BLn/0cXAIbF5A5H6o6jde/9nV8+60/40VnrIfnB1RuTNO+of1UQZOSjMCpm87l239wO05ftpLj6XH2u9owMnAc9z3zCJygwE0YLF6wiLO5AOS6GNx/AD+97Udw/AKlvkeFtnb+7bf9Dv7+bz4Nv7uLa6qBEJovvOJS4kaD80Lilm9vxVv+4J3s9raDyeGxiWFMpw2ifEBLzl3P3/rhrTjj9NMoLk/Cukc4MEazUQZ2aWiYUoPuuZ3MqUZb3rfpUeUIpe4SHADxaI1LPXn4rkBSjcDjIQZu38H3/uRnfNWK9bgiWAjjMG7d+QhVvvUUffD3fx8P3HMn3f3ULgRTCnqwAkkClChWzRgmMUhrEYfVBJUD401z34E/nf2JR27cL297/tH33Fz7P6R4LQ7WHVPzJ53ggt2tbcPJa33KQwWVtJSs6uiYMeD9JeoM4ec78f432RL+K0czkepQR9jctHmT8+yWH+8s5bLfmnfaPIHRivbyGThtGTbKwMQKSTWEZgMfgJyM8ehP78P8eT0oPjtIf3/bl/me5iHECLl+cBD1gXEkY2UE8zrRUyoya4brODxDz2FmwGjoKIHWmoQgNkrPbJha63LLF9JgVkaRFA4mJ6fpL9/zXpRknptxgzr6ZtFH/vpj0JUGKHBBDLBVHdo9sCGC60JNTuEv/vwDfOlFV/GR5jFCI8UH3vMnfPUrr8Xb3/4WjiYqNB1Pc7GjDx/4wGZwpOjdN76P3vSed+LQzufZpwBSODQyNIi/+PiN+NCXP4XPf/tmVGsV6ujoQq5YRGJiGEdwXTWwb98+Zsez8ptWY6WTGGp4FHpsEunoOPREGapcQ1ovQ6sUKOZpYnKUmoigodj1Pf6r9/4VHHh4/vgeDB60NJxqrWrHZqKWowRTgxXCKASEYCJiCnzat/t51gAPhCO8dOVqXHn+Fbjhxj/B9a9/Dbbe/n0uIMDhZIL++B1/RmduOBvv+tj7+cIrLsMVL70U99x7J/d4JT4WT9G6NafS2aefA1NrQIVNrFy6Ap/62CdpMJ0kAuOu23/El1xyIa648kp+++t+B+lkDRPhNLgg6abPfxFtXg5pHIECH1HYhGFDmjVinVieFhPI88CRYpcZYdRkk3XoI3/5EUw3RvHMM4+iPDTGOQS8e89uhgb94+c+zy+54DIMRKNUm5jGO9/yFvqtyy7n11/6W2bv488iTGLU3BR/+8mPc+D6LdttWIF/S7jOxn4UCzmf2vsKrNggrEfsCEKz0uTywDSEK8nLBVwbb8ANXJgwRlhNqHdOL12wbj0/0xjEB2sP4vmv3s5vvvxlLBaV8KVv3obuJMuqtXhI6hHSRkrSscoNMJlcxhNdkLfWnj56e/1dpxlsaVmc/Lxjyxaz9frr/y+O5Z4tW5Ptn7pzJDHd0xvefmlx/dtesmjta8/uxb/DK+//FQzr/zpmKvq2zRCbN28W3zvyxN/0zut8+eiC9o7moVHjdOcFIg3WGjwBBOcv42i8Rr0bF+LYT7fj3u4CrnjZZfjmp2/G4JwezD91JR0d3Am1axgwmmpjFTzx46eIEw3Nxi7pHAFi63rQMyePZact5N1PHKawDiC28fFszfFYCAaBSbFCgiZ1tXfxfd+9Dd/55lfp+tf/Do7VB/Cyq1+J1913P3/rq18grTU7EMRgNjbYBjAK85Ysw+te/1r0x0NYmJ3LW/7mr+gb37gZ3uKFOPzDpyjrZfHFz3yJhtNJvviSS2nRmafi6LGj+OqDj+GiCy7CivUbUCCHH925C5+6cQthdjegmMGEggwYvkBsNPuOT+Pjk5iq1wFYOY10JHS9jrNP3YB/+uBHudysUpRG7MClUCs+OHyMPvrJT2BiaoJTMGKVkBZAJpNhpxHhze96K91+zx3QoeJTNpyK4ZEJoFgCC4KCRoNTlKgEaG45kQEcJXDYaqI1GJ5w8bt/9Ga6+wffA2Z14e7t23DaulPRPX8eIqP4nrt+in/46w8TFs9hjJfpvVs+wBdecBE07PpizZqVeOjpB4DU8Pv+93uQOhKkgGOHDtPb3/UOTjwJIT2660e381/kcrjpi/9MRxuDvGrBCrr+1dfzTV+72RJhQ00+SaRMEMxMriRiAeMKwBMgIlbQ1OYV+P577qK/+PM/xYlKmbOFLNatXiueeOYxvvTal/OVF12Fw80TPDfbg3f+6e/Tj27/PoIF82lgz25s+eCN+O6PfoTRcAKrVq3DqWds4MefeJSyvX3QSkEyIYkSFq5DcZqib24XNpy6mA4fPIHy7Cb1Hx3F+ESdiMG5zgLiMCUw2KSKEpVi7op5fNVl5+Kuyg4KagV+7otfw/LZ82jBS5dhy6f+Ae2ZLjSjhHQtRjafQb0lSVXawGkLjIoS0S4w5Srx+XF0R+Pjq82/mJTopPj8F1EZGNhON6XLr97grvn9Kz+rY1Ue33Ps3SM7RsZ/gRUy/yZHwl/92AKzZc8eev4zdxyWafonczcuJ6SauRJBCCsKS6fqUCNVOLPb0Jiqwnc9HLntaRxsnMApKxbR/o9uRf+efehc0wciAx2nMGECDlyoOLWraG3ASkMBWLxuDt7xJ6/C1z/zUbzh9S/lOGzC8ZyWTrglqoUEWtoQCcGcKKJ2Hx/98Ed4ZGiA85k8TqSj+KsP/CXau2eh1qzBhWPlf8wQLBiVGi46+3y0FbqgwBhpjOKb3/8u4GeQjE0D5ODRBx9B00RQxqDgFXHakhWgVMHpbCeQdUnVAFzXI2dWF7J9s+D39BCCAMooKDYwADTASZpwmqZAai2fjdYQuSzvPrwPn//uP6Nn6XzesPEiLN54Bl+y6VLUy1NcHhhgBB7FqUaSJpzolLPI4B+/+I/4/pdvhsnmoDsKtH3HcxgaHQZcD6w0MQwUa6uAtE1lS9MIZjZIoeB6HgamR/HEc9tZ9s1BkC8xGDh45BAEOUxCYrI8RbK9hGw2T7K3B2MjozR44jhc32ND4FJbG1Bv8IL5C3HBhZswlVbQ7XTi+7d8lxMVUzZfBEUMZ948uuO+e3DoyD4u5dowwWVc8/KXwwlyQMuwkVv8FSGsBhFC8Iym0qoKNAfwcfMXb+ITx47Cy+bQDBU9sX07kBq65uWvQIQUfuBjYPgYfnDrVkY+j2h0AnAkHdpzgONqBa6QYBa0fs0aQCswASpRlIQxHGmN2zUztbdl8Lu/fQ3+7I/fjHPOX40wiaGTlFkICmsh1SdrYMNQ2sBTjIuvvQg7KsdxoP8YHvjSDyjaeQKvuuIKfPnT30Q8bFAoZpExjHx71nLZtDlJLo4ma9zTmadlG5Z8evuHbnlm9YU94ufYnVtd2r+Hd9UaGw/UtpejqebNzeHph7tWLff/szz/ft0d1q8Gum3dqjd84Qb3kbff9LWzN1/zyq7T5l4z8cQxO4uxZSyHDx8gf6AT8uzFYKGhj5fx6D/fgTXXbsDsB3M4+KFb0feG81BYNwfNMEY6XIYamp6xjrE8REfwGReupIsuW48VS+fj8e1PotYswyEJHWswG0hhAG2IBSNmBW37JVaGmX2XpqYnsOUDm/GFm7+MA1E/OjsW4s/f937eest3yEqbbQoQXAEA3LVwNiJOCTCsoPCOP/hDbtYiymV8pEpxX1cvhSZFpFJKpeKOrk6wMqSIWVjJMidIyA8CqESBoggm0YAAwjCEjhKivI/UJPAzAWccF1UYK2NpETBjR+KLn/4UHR8fMl/83D/TWHOSMhkHjz31pKU1GwAOUWIUUhAbgA4fP8KyqwNkGFIzOMiBmKHSFCyN9WAlC5BD2lsiMVrMfQEDqxeMo5Ao8GBgoAWIjOEZCYuChrGBH9DaEkZNqgCloWGQQCPwfaBpaPXSFQiyeVTDKU7dFDsO7QXJgHWkiDwJQcRJ3KTD+w7wgsUraMKUefaSJdQzZxaGjuwHE6BhkBoNmolV04YgBYxqOVUICYWEIjIQ2XxL0kNw/AySaswrlixBhAQeSySBi7/4qw+QYmtDI9lwe0cHTOAgUSHFOkVnb5cl6UcKJtEspA05MSqF7zk4uPc4br/9Hly06SycsmYxXnXdZfjGV+4grQ1UlLKb88hoQ9xMcdrrz8NxNYXGpEeVo9PY/4278PZPv5ue+Ml9OLF/BItOWYSkHoEThZiBKEwA1bqZRcZ09RbEuvULh448ffwrS//oSrNny9b0X5YqEPjqb/7RJh3GjZ+97aanZ772b16726B+tu2T32+JiuV/Fvj+6y5Yv/KT3D50kwaD2v6S37Nw7eyLpw6MZVkZe8pSewGqRozkxATLlv1wsneMj2efpblXLcHER+/HxHef5ra1c6ht7Xx0trVh6P7noZWGIMu2LHTlqdSRx2MP7cbXbr6LK9M10jXF0GBtFEEKQOuWjbFV3TITn4zNSRT8nl6647Yf4kffv5Ivf9XLMRCP0DWvfxUq05M80hyBzLoMNoKNYUgidohjStkYjbaggM2/92cwLe8YB6AUQB0GgZPlXjgodLa1CESGNAxrMBSYpRSEOIVpxrDG8QKTo2M0MTHJfcUFKId1mt3ehUWz52BsbAgUZMCixeZXCnJWL4wryQgDIwGS4CCXA3IZAjNr0xJWz4gTFZFWBtIQdJxY7pcjYf2kGSww89yIQZZ35QnAdYiEYILgFEwkBZMvASWtpElreIHPxqoiEUi/JYfRYM0AWdJmYhS0aEGDEtyVzUFAIoEmA8VRkhIzQysNAwZJlxApmGYKwAFrQLrEvusQYMm4BsyqBWWSNmBlO0PWDAGwFK4gCE4lk3EkBFtNp/EdkBTwpGCCAGmi3vZe3PgHf4EIYBcgCbACqIoEWTR4NgoQQgBaE5ihYkWSiI3SJD0JKQUf3DuMf7rpx1StNnDZxWdjdk8e3T1tGBwY51wpg1gZRNNNLD13IfIL2zh1BY0dHcexv70N13zgtXA95vvvfgQrrzyT2jIe5AIXk0fGUS6HHMxrI1VLEY7X2M/55oLrznZMM/rInr/cenzDF25w/+X1t/nGzbQFW9hz3b5E0MT/yff+BRc/tyxIrA7xfyaG9fNGw03Y5Nz51z/af8Vn3/DJRRet+KvDd+5Rohg43GIDszLQkw2i9hwQpzCc0uhP96K9fT1Of8sZePwj91OlGaFr7TwUl3SgdKwbk7sGYAQx6hHk/HZsu207pCcpjjU40WCjAQMiT9qxRgjLerf+UMzEJ73hYeOfINrasOWDW3D2pvPgtgVomASvuOH10GCQ1kLTjG+5gUpT+BCAIzBemcDHv/QRSOkSjFX2t1po1jCIJ2t46OFHIfMF6IkpGG1IQcFAwyExU1DAYDgkkFQqeObJx/HaxasxqcsQ8HDZJZfg8Ye3gYodMEq3dHyAjlO2ommGYsUa+qQfoGXZazLGsGJiDSZmA2gNVqnlEQGAsdw4+9IMaaNsh8Vs1b4t40GLEjKYFZMUQKzAzQSc9RkAKaVO2noIQa2/yyf9sjSMvcmgZccjwKO1CoWIWbdE552ldiajSQgBnaSAY2U+mg3swMXEmpEaA5CEFIJFa9axpBOyukZlANEisLD1M2v5mtnznSgrp1IGSmvS0EiFRqNRw4e//Y9cadQJhlkQIU1ijtIEbAyxYn7gwYcgcgWkjci+a9pAeNazXsUpMvkA1WqMT37iVn7wwV1YuKSH2rqzmJp0qFlvQnou5qzqReeaXoSNhCbGqzj25Qdw/qXn4w2veCU+9NXP0ZyF81E/Pg3Tk4M60gBnfIjYUBzGoEgjrTT1igtWOqZaf/SH7/rWl6675Tq59fqb1L9sMmYSmG+9/hPf/WUlOfRrkO789y9YALbduE1ft+Y6OfzM9Kd6F3e/eXRZz9z6aF0jVRJSwCQaaSWC01rLA4BMXBz7/h6c/5YzMPuCBRjaPoSoMwv/vGVY8fsX4sn3fAc9XZ104e/9Fp647zE0kwgiZohIETuCTcpEnlXct7z8CAwopVhBkYaVU1DLg8koQHgBJoZG6cM3fhgf++xneag5RBkvS6692JlZkc0bY6oNT5AGI0pD9Ja6+K7b7qITe58H2tpsUXSkze1ybdsDI+Dks7ZWugIpNKXQzEYTudJq6uIU0nWhCnl8/Zvfode+9nfYdQlTehKvfs1r+TNf+ieU05i8bAYqSVpoOFPSaLAA4JAkAQGVpEBgAy2sfxZTyhoxUhYZj2Z8bgRZAbdR5uQeKGZNTIwEqfWcUIY4VkCqYXnfrfPmCDgKBK3BWhGUZk0zoBeQpikhUVZw7UrmyHrmGyJOoEmblCFBzx/Yx9XqFEQAxDA478xz6PYfbAW5HSClWppAD5m2PGKkcFzJ44ODGB8dIzgOdJwSg5FCQ1jhD808DWlF2JxCwcCwzWxkolaBFtJAs8GxqWHM5XWUcAqfXP7Mxz9D0ycGgExAUNqeG4a18FGGkM/A8QLL1m+5gggiTlOFIOdR1Iih4pSFEPTkUwcwOl1H0miivauAK1+5EU5J4OjAJDQxRg+N4uC9u3DG6vX8jvf9HvbdfRfef8nl+MiR76KpEpo+mkD5HtKpGnQzRlpuQtdCU5rXhrZFHfGJscq7mTm+fuv14t+ciFo+j/9iFPy1M9v/3wHdfw6Q9/Df/mRaRckfLT97MYk4YaSGEWuIwIPwHEgIiIxvo7ZnlRBXEzz39WewaOMiFGfnMf3cACYPDiOT8XHun70UNRVh+0PPoFwNke/Mw8s5UPXopHeX9U0mq5RtgYZsuBUaL+yHuJXOSgyYJIXT24Mfbr2F7//JT9CV7UIjaYDZpu0QBEycElji6e3bOTURGzZISNPHP/5JdrNFCMeHX2iDlyux294JGIcRKwiSsBewIa2sgFeAQL4LTlKrXHMkoqkpsONi+/Yn8MPbb6Mev5erUQ0dfbPx2b/7DKje4KRRBzvSCptdwUmSwICh2cw4DTBa+r80TaC0PmnRLF5kq2yDatnapNq4NJJELEhCApC2++OWUwFY2y6JuaVawYvYOtqQNnrmzSYboCpa7qw2nU2ASEKAYaAMExyfh4YH6NCefSi6JYwlk3T5VVdyId+JuFGH53tIm3Xu6enFGWedjUpapi604dFHH0ZcqQCaoWwoLhvWsO0QwyR21AURuwB8ODCwHTU8hy0219JGCsYjDzyEIuW4mTThZ3P0qU9/GvB9uN3d8GfNgje7D6KvC/Adgu/BEfKFgN+W71gaK5AgpMrYERsgHacIhMDsRe2YHK3w8vXzsOyU+Th6Ygwq66BZVzj6yF4s7pvLb/7wm/HQnjtx2upFuPolF+C0FcuwbH4nz+rMs0o1OEztaA0Ce45ees4iZ+H8no9t//BPnrz+xuvdrddv1b+gXeKfg1vxf2Wx+s8uWOLfNdj+R/H367fqTZs3OU9u/uFtuYz70QUblzmUcxW5gsEGoiuPJEyhKxGcQg6KAKeviMnJCPt/ehDn/vZp3E4Gx299Fie2PY9MWw7LXns69t32BKpHRhHWE5R6S3ADh0yqCACZRIGFZbVzqgEBFq5EZGKKOUYKTZCCZyLlWRmYSEFkC3TjezdTODnNGTdAUzURm4SNUXZCyuWwe8cOuvcnd2JerpdHqkN8yjln0Mc/+xluJ4m4UUMyPQk1XcaK+fPxvj9/LzoLRWhoIGEuN6rIGoeTuEmrVq7FuS/ZiHRiDKpW43POOJPnz54DeC4+/KEPcqM8gY5cGwYag7Tpysvx/W9vxYWnn8kZbTgNa4w4QVdnpxUxs4FCyjpuEXRTDTYCyhgoTqCRwM36LWvmVjyGtUAmECCE4NgoSoyyDZcr6IVUDpCUBANNDR0TCYGM41oHU2VAQrBmgxQJFBQHTms7q9ky70FQZBCakAwMfM8BXIdMM8VNX/g8tVOGm1EN3d1dtPn972fRqHNUnUJJOPj7j/wdy1IWWiuouImvffNrkPk8ECs4vkSKlFJWADMLRzB5LuAIEIFSgFJi22OlmtBMiOMUMAzdTCBkln7wwx/SyHg/dedK3N/sxwWXXYLNH9rCmSRB3KwiqVdRcHy+4tLL+cN/80Fr3Kq1FU0zM6cKwhFEDOI4hY7sDch1BFaevwT9+4aRhCkdPzKGu+56DOVqA6P7hrDv7j0QYw184G9/jx5/5B56+Md76dPf+hntOXKEXnbpmbRuVh+NHhuhTCOGn/dBnoCqNfRpV69zO7uL9977p7f+7XW33CK37vl3Zgxu3vwbb3D+00bCFS8/L1cu1s3oN3Y2fl3bxW1btqlNmzc52249+pdrNnae33fxio3DDx9SlCrHLQQQsYZKCVyPAJfAJBD0FTFxoswH7jlIL3/3hfjJxx9E/717wDrFglMWYO1bX8K7v/IwmaZC0p3nnvWzaGj7oM0T7CqwasQQroR0HejIUBJFXFNNLqcNSlTKzXKt5dfbUuKnGtIPMDxygj/+Nx/DRz/xSX6u+Tw8YSA127ZIGYh8Dpvf+36sP3UtFs6bi6O1fj7r5efjO2f8kPfs3UdpnNDcvll83hnnIwefv/SFL9AMyP/sk0+bN7/mbdRMQvYyEp/70k301BNPorujG6efdio2XnIxkxvQ8cEB/O4bfxvf/Np3Mac0C0PhGNa85Ax84yXfxOHDhzEwMkztmQL3LJ6HiWgaDoAcMnbFrhSgDdUqVYRJxKkLinTKMQw4SazRoLDOCDC2A1NpijSJWTsE4yiqpyFDKxAzQWmEYQNNFaGcNtjXPqnUbqzIBVilqMcRV1WDJFykUQxO45alK5BqhTCJ2KgISmSp0WwAaQyvYxZ+9sMf4WuXfxm/+9tv44PJMXrZG6/H8jWrsPfYAT5jwwbMW7QIU6aGZcECfu/mP8Who4co09HHYRQj0ik1dYRIxxCpRpwmgGOx5xSaldZIVUJK+oiimJEqsNCA1DB2u0fl6Wm8853vxLe/9S10Zzv4WHOAXv2Hv4sLr76c9x7aT550MXf+XJyx6Ex+cv+jIn1/k51sAeyCOE6tLQ0YOk7gZjw2AHEjweor1mD02DiGdw2gtLALxb4i59vz5DYjHH3sKNLhMm746Kvxw/vvwO03PYJsd4Fri7pw849/jM58jvqHpzmqp/AKPql6hLQRmjlnLJC9vfmxPQ8cvKH9ho1q6/XXG+A68e+6Frds+Y0PW+JX+l27riQAyPdlRWe2pxOb/52d1ubN4px3X5f5ZbeL2/b0MLZvT+Pp9E2lYuZY73mLHAMyyVgdzqwStFIQfUXrHCps0fK683T08DSeuW8/Nr31NMTHp3Dwx7vw/LYDKMzvpA1vvgCmEWNyxwnyOvIoruqCcAR0tUlOziMZOBCeAyhg3YbTsdpbiVV9S3iBM59+6xVXsQtpE5YdYQ3/kgROsY2+889fxcPb7qMzSusxL+ij2R29ICEYiYGQPsarFXrja17H+554DvMLfUTCUNvcTrrksstwzdWvwsYzLqT9u3bRta+4GhPlKQgjIErt+P43vy1+8JNvYVlhAQnHpWyxyK+47NV4+YYL6aMf+wgdf243hHAg29roqe1P01UvvYwev/tuzHZLlEdACpKWL1lPv3X+VTjj9AvQ2dZDPUEXzc/10Ynjh+jIYD/JzhIQxzj3rLOwrGspZmd60CHb6C2vegN19/bAqIRJCItsCOuR3jOnD8t6F9Piwjya77TjikuvhN/RQRoKwnGwav16Wuh0Ykm+F8vaF2LtqlWMNLY2Kj19OHvdqTTP6cUsp5POPPtstM2eDZMqRqwwe84srFy+HAu82ZjvtOGyTZcgyFk3A1kq4S/e/Wf4wj99ktpRYANNq85YT9e/+rdp4aIlFtgeq9Ef/fFb6aZ//hK5XT1QKqVMsYizzz0P3bINc4MerJq1lFYuWgrdCEGOi5XrV1O7lNSZLWKRLOKK8y8kipWl9GsmKE2carildjz6wEN49ctejpHnD9Oi7GwGDHXPn00vvfgqXLnppbxo0Xy678mfiM1//D4I2ZJDEWy0mxDQrUwAFaaUlhtYsXEJpganMbzjONy2HLoWdSIMI1Qm69h+5x6EwzVc9Lpz8NxTB/CzbzzJ2Y48jGKohsIPf/AUvnHrw5gIEzKGqKkUolrEXtYxc1b06aHjU287fuvTRwDgJV9/V9+FX+w959/ooOhF/zW/6YJF/wnFbobCz2vfenGviGV95zfu/vd0WWLDDRvk9pu2p7/0I193ncTWrXrJWzddmF3Y9dODTx/1leuS25mF15WjzMrZmLxjF4RhYLoJNVkDNWKoSoTV581BT3sOD3z5aQRz29F11mIsXD0LzePjeOZrj8Frz2LepSvQnGhibMcgwAIi51vJSZrg5de/kmfP7eFYRxS4Pjy4+OrNX0el2iDyvZMCahBg6nV093bzG97wWsxYBH/uy/+MRi0GaSYhJHTYACTxuRvPxYazT6X5SxfBDXwePz6Mpx9+Bvffdx+lzRCiWLLbJMduLSmJ8JrXvIYvvPwidHa0YWyqjHt/cid97wc/gPAC6x3mSPvcqzUgDrF63Xpc9JKX8IpT1lJXqYNBQJhEPFqeEGMDg/zszj14+tnt1IgiOJk8dK2G61/+MixfuoxVwAAZtGfacNs9d+LRex8k4edtSo4nYZIYa9euxrVXXYmGillEGkzEX7nlezQ1MUWZfIA3v/61KGZyLHyJwPP5iSe3009+fAdBSKw/dS1fe8WVqDRqxAAX3ABb77oD+3fvIWjGqtUr+NorXoqGbrBkh3xy8cXvfgcTY5MkWIJdhqlWsHTtGn7pZZfQvBWL0dXWibHRMX5++0766b138+TUFHldXWClWUUhze7txR/8wVvYJgtJ8n0fTzzzNN/61e9QqbeP3/Wut1M2k2WA4TBholLGxz74CVJKvxAbZqPcIV0Hql6Fm/X5yisup9PO28B98/vQaDRptH+IH7r3EXrq8afYxAoimyULwhGx1kzCJn2pMIUUwJKzFqI2UcXQziF4pQzWXLwSU5NVZAOP+58fpuZ4FWe8dA3a+wq4b+uzyM/uQFQNYZjg5gP4BY9Lc0pUm2qgFim4HVk0x2tqzaXLndk97Z+460++86ebNm9ytm3ZpjZ99g/zOiMzD7/1M+P4L0q++U0VrN/oMXPCT/vEmz4pFna8a+9TB3SmlBPFdfNwyVkb6Yn7H8Lz33sQGcdDtG8QUhAcApojVVz4W4sRVRI8/p2dcBd3YdZp83H+xStw4vkhPPyVx+C6EvMvWY7EGAw/2g/Dwma/sQGmpq3XzEyUV2KAtmIrRaLl0CmpFZkCG/pQbZjWnhHI5y2J0rTOvWy5JtTqjMS0vnbSNhAoFmy0c6JmEnDsWj1wgJEpi1FnBE7+bleHlegoY+1jwIDjAJ60Hk5RzGhRkGbi7uEKCzL7ASGba7GHADgE1MuAbnkDR8r+XjEPZLKEqCXIn0nLiJpA2LSPxS1KQqZEcFzrcTw91UqbhU0SdXwgl7dZhGkM1Gr2tQtBSAwjyAJBYEMnGiEjjiwA77Vo/sWCdRZMNRC49nU06owwAqSkGfoBJAHtJSCbsY/fbBkssgEmpu25buH78DxCkAXSFGg2+CS6Y22sCaV2a0qoT4LR1kfCWF97w4ZRqRBi3fqMsM2i9F2gUIBkwaw0sTLseA7pOIV0JVSYsnQEzVrdh8qJKVRPTMLtKGD5uYtanxfGid2DqJ6YxqzVPVh/yTLc87WnIHwPbtaH0mCR8Uh6DrzAQUXHoJThFDJQBrpzcYdcvWHB/e4zUy+byk4l22/arrAZ1NIM4v+FYvX/csEiALxh89XZsUzm6jMu3vhl0+5nHvjevTDSFatffg6aQ+N08DvbWJ+oEkcxRDOBJwhquolovIZrXr8eh/eNYfe24/AXdWDd+UtwytkL8Mzd+/Dsj3eCDGHZy9dAEeHo/YcAbaOQXM/lNFRE0lYUkxiQZyOgZMYFJ5anZMXADOk6cHMeS0FgpSlN0pbMh+BkXDiuZQF5QQDHc8FSQLOyFNIW70cwQbqSjbZ1zxBgjCbptKjkrgPpOCBj3TVtHBVYCnnSVJxZwJES7ApW0ORAgiRBKwOhDITrwCgDlSZI2cAIhitdZIRkyQTjWsqDZuZIhaS0YaUUsdGglGGUakV8tayUZxpwZY1hYJiFMSQCn3WiSKsUwnGQGA3XdRD4HjsgkpCcskGaKGJiGCsNgnAcFDMBmAmSCcZhKJUijBO4vs8eCyLHtSO3BBzfB0lJrhaIVWwzI5MYURLDERKCmLUyyGSy1hetBf4LEGsiIsOsoShWCXSkoeIUSS1CONXASWZZK9QCxliRtxQEY0COdTttxZphZkPRCtKFdAXrKAWBKTenHdWDo3ACh3vXzqbJA6McjddJFn0sOGMBOvtKKI/VePzQGJWPTaI0vwNnvGw1nrljH1erCQnfteJ8zwEFLsuOLGXmtGPlqvl4/um9qAzWdGFZt1xxxsKxxtPHTtmDhePr55eDnR+/uwEG4UbQefNuuDQNVW3s6cPP9v/ztvgXstj/J4Du/1WFasMNNzjbZ83iudWqm+bHezu6C22jqjH53qUvW/D6d5ytb/z+V3jXl+4g6s4jv6CH4qZB/UAVSA2SVCPbnoH0Je7+8QFcfN0KJAwceOAY74g1MRusOW8x3EBg+4924+Btz2PhS1dh7sbFGLj/EEwzhWIinaQt22LrJUUkwdKOBjMx82jxTY1hGDCRKwEJyMCGTjAbSN+Bk3MhBMMNPEhH2qLn+jAGoESBXAKUgHQlGWNaHustC2VjIEjCzwUQJMEGcD0XMWuQI4g0oLV1nCBl2JU+ImgkHMOHC+G4VgDrCmajSJIDYxhhEgGCIF2HPSlJkuQWCo2UNDleFoaJwnoDM7nVWhlwMwW5BPJ9mDSFYIIwbGkdnkdMgGAQxwoGBhSncOHCsSESpAlgSSSLeXCSQBLZG4VWEIEHJ7XJzsIw/JYuDpNVzpVKcKCQzZQgtYDmFA4kQAF8R3CUhiQdyaxTaqoELkm4PkAJICFZOo59T1yCywJIBcMYKqdV1NMQOgbSVKM2Pg3FliCr6pFND2qF1RIIwhWWX6qMZSto88IN1lgveuk7zEqTiVLM3bgY1cEy8m0ZzD1rIR1/+hiiiTr5fUUUZheRaQugUoXhvcNUHyyjY0kXlp27ANvvPoB6LYUMXOucbQAda3g5n9gTyJ0xD9e/5Rp86u+muTEd8urzl+no+OS79mx9amTDDcbN5/Pxi+hCrD5Ho4nSlVkdPdT/IjnO/99h/SvPYdOmTbJl+PULgHqI1bgum0G7qXjTuawftFMhM4dmdVzx6o0v/0ORNYUfP3QvHv/87Wlufqfb3HkcAgJcrgOxhqlG8PM+pCcRl5vwjMYFr1qFo7tHceCxQVApwKJzFmDV+jkQYYoffeZ+Rsy08NLlcAo+jtx/GCY1EBnvhXc7VS1WdCtaRRDNJB6bVNvvpfbOOiOoPflRSDXDtEY5w3ixxf1JX3VBNtx1xlvdIRsLb7s0htH2e55jbXnj5IWlhSTAdQiZjB1dBQDHe6HztxcVw4YkMDTb8cz17MWWaqsH5BabndjmGYKBtMUhmnExcoSNnletiHs2rUAMWIuGwLGBDVNNIOfZsNconclGRE9PBzODDAGT02WG0gQNIE0AoQApGW7Wkkllq4ubqQcznvcz507CCq49abedqsUdk/KFztV3Wt1f60wYJqStZGmt7M8qABnP2i2b1oN5svU+WmdQJhuDCEcylCFqpWu30rxtOnUrql5mPehaBE415p+/GMQaUwfG0bGkGxPPD3FjpEJ+ZwGF2SWsvWAJolqMZ36yC3E1Rr47ixXnLsC+R/rRiAxcT74wjksJ4bd4a0Uf+TV9yE+GPDJZTk9/04VeMYw+dtcff/P9191yC/88W5gXYdLm/yCK/gZCJv7bF6xNmzc5w8NoO3DTtolfjLVfJ/eeKrtEMV9yArcghGyfPnJifypUT3Da8jcqSRcKw9XxO3eeXz0yrpEqSc0UwiGgGsFMNWysfCGAMIykGiKQwBlXr8DQQAWHHzgKUQgw+8x5uPTS1YiqDfzsnx9Dpb+KvnMXwOstYGrvGBqjdaDl4mBSG8jASgOC2Ak8oowLXY8AY7lNggHWxo4MLX8tho2Pt84zoJO8ppZkj1ts95k4epJ0EjNhS9S0fE1XwggGl6voXbgQp5y6HnOWzOVipoChkWHs3jGW0vcAAF0uSURBVPE87du/F0J4oMAFK3tRMgCRccGawakCScHEbPlmngNyHZioleLDDCtRopauz5IqYQxBW2kJXpSFSEwtvycCuTYRiFxh5SwtoiRrw0Qg4brQU5P8j9/8J5x16UZM6zr+11U3YN+e/SAhaeWpq/CWd/4eH9qxBzd/+sukHWkZ+K2CzQwi5tb7YIm09nyJVgKFncgkCev3niirTrChNKyVIWjDQthUHxm4IABJPZrxZCfyJOtQkeNJCE8iqYR2sdKqdZZs8gJRnIjsVhmwmlUh2C0GlE42kO/NYOllqzF5YByTB0dRmlPCyLMDUNUIblsWHfPase6CpVCpwjN37EF1sIreZZ0466Ur8fDWHSg3NKRNNJr5wEC0EsnJlcismY1ktIbw+ePpsrdtcs/ZtPJH3/vEPe9YcO6ScN/f/nDyX9nJn+yoFrzxlLbEOMXhry8eBLbq/79g/UePzZvFhuFhGc6a9jOz22VdKuMlvhOmVe2pwGlOTRfIoXWVo9NjhTVdH5l+7PDF1UNjSnTmHakANCKwTsHVBK7rWDlNkkBFGoEDLDlrNrzAw+6f7IcpBsj3FrHx0hXIdQa461tPY+q5IXScOhfzzl+IwZ1DmNw9BvKs1II1MxybCsyS4LYFkK7DaTkkVsbGqc80T5IYxibHnCRetjqsmUgYfsF7CDOdEonWBeK0YuYJkL4LrRJkhYPf/5P/xRe9/irq65xjtYtIkIGPHLJ4Zu92vOW1b0S92gAJm+EnRCtynghQBiJw7fWZWkIjSdkKdLVxXJy2tgRS2IgtspgPQOBUA1q3vk6tr7euhBZex+aFtOaTCwuQDRSdnMDr3vYGvOVj70JD17Hlmj/nZ7Y/B4QpffqOr/Kac9ZRAT5ec9a1fPToMZK57ExUl40Ya+kViQDyXIsfSgGOEhve4VjdIjkCqplASMky41KmLQc/K7k+Wqc0TCALPtJKBJO29JItVr/0HNaJJi/nItNdgPQldKJRH61BNy08IDzn5Lkix6btGLTyCLWBLjfRdeZ89F20FMM/2Y3GYBX52UWUD41D1WKQK7Ho7AVYfd4SjOwbxc5HD4E8F4WMg8t/93Q8ftseHN0/BTfrstatAFpBINeBk7Xvnch4cLvyqD4/kPaeMss9bdOaR0bu33/txKpl9YFPbo1+ofSGSG665T1v6lk87/qjTz7zR0//4c37sXnzz7Ob+f8xrF94bNlittv75f9liD/33dcFvSu7atiOoaqTBrOF99uZtbO/CaUvre4cVM7SXoe8AHoohr+kG+b4FDi2Qlsv6yANFZ5/4BiWX7AQp7xqLXb9bB/qoxXc+9NdWHXOYrzkTefgua3Pov+hw3Ako2f9XGTbshh85CgZQyBXEIjgtGWs31CcwngO6VSBI8UkBXGqmALX7pSIX6hHypYXEvTC/dpKY1ppo7YDs6oZArUi4oUUACu0ZXx88ttf4AWnL6cGYvzg1m/g9h/+lOvNOnJBBssWLcD1r3w1FdpLqFWqkJ4PZou/CdNKAhJWpiosexzkO+BGDNO0cezCk2BqxVhJARKw1iv2ZUOQALTtMNhiXzDagGzcO3SSQMwUkVZgBKcaJlZ2A0qEtJFyhAQpayIpgUASmgpP3v0ILV4yB/ff8ygGj/WTyARgZpZSkuNKaKVBmu2cLYilK4m1vUkwEUNpmFQRuZIFM7kZF8wgVQvRbMRQJZ+SRgqjNOvRhHSkAOdk9wtWhkXGIx1HECUf8WgZ0WTIXkeWdCWCzPkAJHSiIAIHrJnJFWRa05oIJOD5PP/V60lpg31ffgLZ7jx77XmafG6QWTMhcLD4vEVYuXEx9j50GIefOg6vM4tFa/qwdsMcPLR1J04cmoab86FTDWOsuEJmPXKKAZJqE35nHrqRoPrkYT3v3MXuyvOW7j+848Q7y2ES/mFxdbzlF20AhWAsgBMUstn29s6lg467EsD+/wjB+9d5SPwPOKpXdGN4vuTh7ZFYfUG3evJ/faVZnN/5M7crdwm8zJxw35ByF3cJPR3CTDdABKSV0KZEGVjcwXEwtn8cTt7FuitX8ui+UUpqEcJUw/McvOyNGxHHKQ7esx+14QZnZpeouKTTin8BG+JJgJxVAKca6VjdtugLOsjtyDIJO06JrEvScwA1M0q1MA+e2T3NtPqtRt2i+lZIRwSrbxQWD5kq43999H284or1NMV1PHTT7fz3v/8+Gp2apunhaRo7OkR7n3yOvvfNrYjCFOw4FmaTEmaqAm42LWtdCpiwCW5E4EbTwlXadkemXoeZqoLJMCcJca0OYzTIdUGetfY1lSq4GYLDGMwMU66A4/T/a++9wyS7yjPx9zvnhspVnXOYPNMTFHoUQbQIAiFEpoVNMBgbGcOyi/Pa2Dses16bn+1dsNd4CbYxJpnBRAGKoBHKmtbknhw6h+qurq540znf749bPRqBhCSUod7n0TNPz6irq2+d+90vvN/7gotlaK8MRCPgahWcWwY7AXShUJOdNpmkIF0pY2DrFhp83UsJWuOu/7iNpienIFMp7L/9h/jKv/8n3/W175FKxGulqgddLJCqVsGCmCtV4nIFrDWpQhHaJAjTCvtpANU2FWjFCzAoe6FSjxcwhAx3nV1FHKhzSW24PsNMkkIT1qoPuzUBrYGg5JI2TUAz7I4kjEwU/lSeQ71tkJCC7bYksSRE1zWhY2gNLZ+Yx+zNR2ClojDTUSqfXYAuupTszuCyGwZx6TVb8OB39uP0vikYURNrL+3CBVevw/5bjuLMgTmY8QiYQs9K1kwiYhIZAtFUDMI2oX0Fd3456NzUYazb2jU1cyb/+mNfcY/2v3eD/vrOTwWPE2zoUV8vI7A2Ns5Onj61tzyW27N477Eidu+uTwmfoDzlxysJHyM1rZmwnmvYq5FdoIHhYTObWk6R0F9u7Uz2eieMZvfgVGA0J40gW4LKVwAiaCcgIUP1TikFIjGLxx6couaGGL3i/Zfinn99CPnDszgBwDQkht59KZq6Mnzbv91Hk3ccRXJTO1pfvhrBQgULB2ehpGC/5JKOCFiX9UIkDKiCA4zlKb6xBRRoFA/NIL6pDdWzS1CehvYUWGtQoIkDfW5H75F6MOyjgMUKkwskCEG5xGsu2oJNb9xGZ4OzUEcc/OPOT5Bob4UgI1SjMgiIxqADBV/XCK2BhnaruOH33o2+1b1cqjj4wv/6NF1+3cv52re8luZn5/Dpj32Ci4EiXi5g06UX8auHX4dtF25FYIDPHjmFm//9W7R3/wgLo5EMx8e7//gD3NDWQvNnJ/nbn/kq3vmHH8GW7ZfQ/NwcH7t/H/7zq99Az9pVdMP7384dzW0oVwN86XP/isMP7iPZ0hL28A3FDJ8EMYvQnZXgB/zrH/2v1LluNarlMv+/j/0DVYpVrL1wPd56wxuZfabv7PouEukE/+r730OmIXjsxGm67Rs/4AMHD5KMJkl7AetAEYV9RKiKdy4iCcsgrTjM9MAgg5gViGoSQit7kKEwIrEwZdjjMwwm1yOjIYYgX0U0E0PjNRuoOr0ML1tBUHVJnc5y40vXUsN1mzF3035UDs8h3tcEXfJQnVxCkCuj68IuDL33Si5UqnTrl+/H+KEZJOIWtrx8HdZd3Im7vroXUxMFWE0J6KoPloJJSMiIAJmSA9ejTGsLqrqK+QdPqOY1zbJnS3v56OGJd87efvTw4I2D5sjOXd7jFYE1LqPCeUvMR/7sG2MAxncAtPMJtk5+2QMWn8ee58cqCX8qWO3YQdi5k3+iFscokbf1q7/3K37U+vXgjgd+p/+irv9x+sen1gUlV4l4RCqikG9ANa6MDDuOZsREIm7i0P3jkAkTr/lvV+Ghrx3EifvHcEwI5JcruOY1m6lvTRe+8ak7kD04AyiNjpesQdebt2Hs2/vJbk5BdyaRuu4CVCeyKH72HmCuCvdMDkZHmmPrW0hYAnZ7EpUzOch4+HRkf6VnQo+cn5VJIZiZNUELQITBVedL9JI3voyrMQ82Sdz81Zs5WC6TjIUSyVAK8GvETtsMBfYChrQMBLkqStk8XvvRD9KUnuW+S/pw1barMIccXoqX8s3f/D4O3nQP3vSRd+PGj3+YSJqYPTvOUdPGdRe9Aa9/++uw49f/O932ox+Bqx7ilo1f+dV34Uz1JN70/rchEYui6Ae8OX0xXTd8HV81/Cqs2rIakUSEFAAHLv7367bjd679AI4cPw6YEoHSUAgQaJ+0IIZhQOUL1N3bya9882vJKRb43//mn1GpuliaWcRrhq9DNJnkLa/ZTuv6V7ELnyOI0LZXbePXv//N9D/fvwN3fP92yEiMVKCgfAW5Ut6q0H2VRCgXHZ46AVaaWCmQIZlr01vWHDpxA2RELVYVj8g2yGyKwp1ZRu+vXIbotk4snJhBclMTknYK83vPcvHAWWq6qB9T3zsERCxktnbCXSjBy5Wg8lX0XbUag9dvweR4lo4+cBbzx+fR3J7iy67bQA3tadz26fsxO1VApDkO5SqQbUAYkrSvQGaohCu0wNToKQRLJRVtiMlVm7ud4rLz3tnbj+4evHHQfKItkt0ABnYMm6PnB7Was/ZOgn4hVlMvNHkZveF9VybW/+71zT+Vrp5HbcB59vaPl60ZJqVs7a3OF7SflPTmlrXNsxYrGczllTAEVkThakUY60AjFCXSsGIRHL57DMcfmsDQBy7HljdsRHbfBCbPLuCrX7kfTpTxpo9eh8ZVGRT3T+HUt/ajML2EzMtWI7a9B5ELe9G1/WKsecdrIC7tASUsUCaKYKFMfraM9KZ2BGUXbAhoJwjpAYFeGb+H/Zja8CnMrkDnCE9cC2aGiZa1LVT2C8x+wBNHzhLFbUBpkB8gk0lx55oebutu5qZUAq0tLYgYMpz8WRaOPHQI0+VJXlxeoP41ffjXT34Kf/8bH8NXvvQVnDhwmFZfsQ3v/tvf5pKs4KbPfQ2/efU7ceNL3k577ribFmWJ37fzg5yIpZgl88TxMZpS44AJuu/We+h1a19O79n6ejz849046Z/GxssH6Jv/78t4y+ZX4xPv/wuUczl2bI/f9oFfBbtuOFRQoAABPPLDIFL7iE9PTtGMmuHFwsK5S1JYWsLxsRM44Z6h3u4u/O8//mt688ZX4yNvej9mJqcobxT4PR98L7O34potar20AASClY7SShIrTBmSXQFYcQvRthRICkKtJJYxK6Rj+AoqUEQxCwyGO7mE3ndfgcy1m3D2tgOolD3Mj2WxfmgrPvCVndT82i2YuPMQRMIG5avwppZRengcqY4UX/HH16D/jVswkSvh8INjmN83iU2XrMdb/+g6Snc14ebP3If5hQqMmAVpSZgxE8IOJ7zh8WDIiEEiZiCYzqlUW0JuvXr9klsJhke/+uDXn0ywCpOA3cHmUahLP3xt6rw7jV/IxNEXnB7WsZ57y0L7Jr5W2yCvDc6GduwwAGAIQwLDP2O7vKbUWXjg2L+V9py4Mer4hx766kOHYybe3rGupWxGpGQv0CJiYeUJyjUCqFNwEHjhNEyQwJF7JnDXVx/GwKvX4Ip3X4DS0Xksncrh+9/ah9Gj07jqv74KXddsgFooIfu9Ua4cnoPd1YJIexN7RZ9lews6PvQKyFWN4IBBCYu9hTKq2SK45vzMgYYu+9BOOMUKGyrENbVOrCic0or7tNbMWjMEwU5IBMohDSblKOZAgzTA+RJf+rJL6UN/8tv0J5/+I3z81r/DP931T3j7b7wZeiEPEMGyTThBBamGJH/vU9/gz33kk7jz23fg7z/ycThTeVz15qu5hAKCcoAv/c0/s8qV4IwtY9fnv8qB8inRlcDmiwYIZY9MywRqDfVd//hlBJpRXsrh8N0HOGEmaDY7g//89NeRny/ge9/9Aean5qChYCVFje+kEe5REwJwuOVUoyRISWCpagY24bRCWgYsQyJjN/Cdt97Ju/7u85z3A9z/vTt5/wP72YCAtJlkLAKtw8+TvdCPUfkBlOtDGJJl+B9ICrbTUY40xlmYYVvXSkcgTAkzGYEVMSEiBpKrm2G3JxHtTnN8ayf63nMljn/9AXA8DmUwBodfhbe+6noOUMV/+Zs/QcvaDpgNMVQPz6B4cAKx1c246PdfSaUGC6eOzeHAdw9jce84tr1mAC9574V86uFT+MZf346FuQpMy4AONGtPId6RBisFTSF7QvuatefDyxZU+6Z2ue6Svkmv4Fx/4D/uu+Xy4cujTypYhfcV7dq1Sy2XLd72e9fEwaChHUPGzxAleN6ZBi+8KeFO6KO4ZQafqBFF/+C61upvOHxs9o6mvvcMTZdmNpSx6zPqCUpLnPr/vnsYwGEAGBgesEZ3jd618aVrf2XNhvZdZ0ZnLLcUaCIIskxSgWIzYgAsWEYMMg2BQAHK8zExuoDcYgmXvmUrXvKei3Hvv+9F0VMY9QO0Vzqx/R2XcdOGdjry7X0o7h2Hl3fZuKCLzNY0l8eXUL7tMFD2wj03DahcGdWxZbab4+QvVkEGIdachEEClYUS/IoGMRMLwcI2iL3gHAmxxmcID0jZQ25+ARGVZoeqZGZMIsXQrIHGJN36rVtw67/+B1/8+iG878sfwTznsbiQq+0uakAxK9bECFAulCGTBozWJmjF5Ks8923uRcA+GSbwe3//J+QWfZjCRPuGbggJbpCN1NCYAAJAKR8aPlynCrIkKGoDSpE0BBQCOEEVIm6C3ChkRMJzHXhwyZeqRuYMf0cFBQmqCZ2GY3spDJaQFBBYhCQ0wGfylQ+FANW5AoQlYJoG/ESEPd+HA4+qCEImZChzGk5da7wwHdIgzvkBSksCguCWXPLLHoyoAWEbCCplGJaESJiIr26EW6jCyZZgRE1KXtSHku8j1p5BaWIJKseQzQn88OgI6ahGpC+Npm19GN/xdQgysOV9L0PfW7fCI8Lc/acwf8cRyEUPN/zBG9Hx8i7c/De30rE7TsFqzcDQHryyCxExyc1XEetIIdqSRnWhhMDzWRgCwVJZtfY0yNUX90wsji+85djt2/Ze+QYrdu/AveUn1ROuZVFD7xmKnErbwbE9yz5uGBatAB8ewFPhX/Evd8A6r5nOf87c85rNXs+vXPUrDf3d106NnPzf07tHHnwMasPjfCQhLWB016g3ODhojtw9ctOGq9b+5voLur544uEJ5ZQ8bcRs4VcDUlX/HNmPDMFB2UXgKSJFqCx6uOtfH8Zlw9vwtr++Dt/9n7djad80vEIFuVKZ1l+yDheubqHT392HxXtOk7dYBgmCdzoH7+RsSL50FLhQpcw1A2i9cjVNf3NvuF7jBEDEgF9wEVQ8cMULWdhKU3gzGVBesOIrH5axngKUxrH7jnDbq/up6Faw4eqteOib90CaBjgIIBNxqKoDBAp+4ECTAc/zQ1Z7WGGSEhpVroIkWCkNUpo0ATBNyqST7JPPlcUiEDMQS9nkqiomp0/T0cOHQC7zvgcOAoZE4Prkwkeg/dBCCgLQGq72uAqflAjVNBmADjQ0NHlwAbP2UTNxmAmFlrPKV7yybCykgA/FDHVOnRMMKMHswQFZBE06VC0mkIDgChwukUcidEYK9bgITIYIx7Eq1NgKfMVGxIRWTHADaMeHqnisiEjaCtGGGJyFMoQtUZ4rIr2tCzLQKI6cZLmpkzKXbENlXxa5fWOIr2rFoW/uRu51l+BNL3sVvvmf38KZr9yNVG8Ttv72y7D5FRdi/PhZTN9yDPNfuAfdbb340L//GuZji/jan30XUwfnYbZnarQFzSuiiGQbnDuepUhDDABDmoL8mbzq2NQhuwbapo/umRrOHTj78NoPK/Pe2Ysq2Ak9eOOgWV2q0uiu0cdsuA/eeH1Mr0ptr+RKJxFbnkdhwsTu+wMA2BXee+oFGhdesAErfAL++Z9T37FyRfn+dENby1q9rrp6/+duGhn89I3myG99xn/C1zjPC21kZMSvTUW+tPbC/ua+DW2fOHloRvklR5uNCaG9gAmANASUF5p1CilhRMMlYcMyMPKDI7jsTVvwlr94Le74+7t5au8UBRUf+xar6L5yI6753B9i/6e/hyP/5yaUdu2DaIkj0tuIpo5WLjrL1Pe+q+EdnMaZf7sHwjaR7MnAny9BWgSrMYpowoKdtFCeLSLwNZMhqTi1DLIls6rtLUqCVhpIRbHnW/fTFR+8Gl5cYeubL0LfFzdg7L6jED2NoNqIPggF9JiFIrCuSQugpsvOCJ3sQ84Xax2u3FQdnstm0a/TIFfhf7z5D8DVKiNq07k1mIIidDXUZIw1+/BIixUHnZAdb5BJgEKgdW1zpraFRIzQP/uRBW+qdaiICCRWKPNhCAvfqw6zx9ryNytd47GK8wYV4c+gR3jg4Xs9xwlByMGv/au0DGgvYDIkqaoPUhqRpgTpqot4dwNMQ7Lv5CBlGG0rZxZBgULjVRto1VsHmbM56l27Dt4FUyhUK0hsWgNzpoQv/MbHUD48gYaLetFz3QCS67sxdTCLo//5MM7etR8Xv+xy/PZfvQPf23MPf/+vbiVvKYDVkghLwEATQCQsAWEaDCISBnPg+CRjNpz55aB/S6fRPdCRm5pc+pXcgbMPARAnG0/6+IeTDAAjxxJ88fbWqwb/ePX0yF/ddPQck732p9fI7ZG4/ZaI0rtL41M3TX5mpPp8ZUwv+h7WT04G+9/73uDB3/qX7z341Vv+YHLv0XuxbbEycuNngsfgkTwhdu/cHQwMD1gn9539ZKHif6RjfYuUYPKLVSVjFsEQpAMN1wklks24AWlJtuM2tGIWmnDPfxzAQz8+iZd99OU09OEroaaXUTk6h7Pf24czdx7CZX/9Lmz91odgtMRJzxSgF6soO1UyOjOY+Jd7cPrz90Cko+h//TbEexoRbU2AhOSFw7Moji2iOLmM0nyRg3wFqdY4Io1RcMAkDQppD6EuN0srgmK2hLs+fjO6GltRllX85uc/hIvffAX0Qgn+fI71okOZjiaqBA7BD2WcoWu9Mdbs+w5Y6TBmEIF8DvcBfUX3fGs32SJCqhX0Xz7+IZLSwoozq5VM88BV29lAjcVuairpIkq6CCFqqzuKwQahpB34qrZT6QWgQMP1fFTYA0xA2CYQKGIQFXUZOtAwYXAoyaDDTQLtw4MbkjkVg1WAqleBwy4MiFDHpzZAiUobgdbschlWqE/GkIJDEmtIlGIVLqOHE2JB8BXsuIloZxqGLbjtkl4k25OcOzpDRsImDhRntrahebAbm/7rK9H2ju2Y/s7DdOCfv49SIo/oJb0w+5swd9teHPm9L6B8bBpbPvByvPqDb4BsTSFfNXDooUN89thx/O4Hfxv//LWP4ccHH8K3dv6AhBmFIEJQcELrtRoZl4QEB5p0xUOkM0Wtg33wssuqZ0OLseqS/vnx0ws3nFnOjwz8xtDqwQ9eN7h57Kquc5XF7t0BGfKkLojCo4rDWhlo5Wh28tYDf4Js9Ud+pdF6MXEujRdgbvWoTfHdO3cGAJD6/vitIyMjwSOD15+PcTu6a9QbGBiwRg+PfrJ3W3epd2PbpydOzEtneklZTQmpgprtYLgqQ8pX4ErYV2HFsAyJ8QensDRZwFXvuQTv3b4at/zNjzCx9yz2NN6OhaUZvOTX34A1P9iK3b/7KSx9+2H2K1WyjphwZ5chTQOR1iRKuRICBOwtlKGIiASxu+ySm6syTEGBp3n+8AwaVjVBMMH3FSuhV2zCSDPDbEvj7q/eBTMq8NqdN0D0mnjXV38br7zzNGYPjlOqpwXdr1gHmIQmsxHucjVcomOGCgIybQmSEiYo3C8MFLQXQKTjuP8bd+HK61+KjW++EBe/7yrs3NBHZ+85AkrYuPL1QxQcX+L3v+1GhpQkIsQQCnYk7KPBC5eFhSFAQsKOWuGyJDMp32dtaQIRR1I1V5lAsVYKUWGTsCV4ZWE5UCSEhBQmsSQOtAYMgvYVG5YgIsGGCLllJCkMfFENCM2RJoMFgaCYhC3ARNCuD4Fada00lK/JsCSspIWGlgTnxpeoPJmnWGMMpZkCmakoGIAzuURtl/WjfWg9Jh46jdnvH4bsTsOutmM+cxLZPWMofP8QYokErv+N10FfsxpeMoa9s2PsLDp0Ytc3kXQJX9r5t5weaqT3f/4TOPTF/RxLpcgvOyHDhhkyJpk9TSHni0g5GlZzDEHBwfz4qWDjtk4j3ZqYPXV0/q3jHcaehtPRaKy1ocsgvYlEpHHoPUPZ3f+22wGAkY/fNP4YWRMB4JHP3FQBgBmMVJ5Oy+b5CA8vPKb7zseePMzMzDwuL2THjh1i9+7dT/oCZrNZNTAwYJ08dGpP94a2/bF05PVOxbfdpWpgJmwhjNA8wbANCCkocAOQEBCGDP8Ew1l2MH14nkWLTe/46NshysDJmx7G8lIRZw+dwtqLNmDLu65FZkM3Lew+hKqhkb5kFagjifIPj7GzWCGZjFCsKUqWIeDMF0kzgQwJCEFkSmgvoIbuDHwv1LjSngIH4R4Z67D/JQwDZ+46hhM/PoYGikNECOmBFvRetR6N/c2ozJUxcddpfOMvvoI9tzxIZNnEhSpd9LorecOWjVRdqFDEj/J9N98LkYkS19yOWRAe+u79bLhMsUwKLdvasOrqtejdtgbzZ2bx+b/8LGZmF0kYBl/7njchHU9SrBxHfr7ER+/bS2Yshle+/bWwohYMx8TJh4/TzOgZdKzpwatffx35Sy71yFYc2n8YC2fn6Lr3vhHN7R2ULpmYOjmOQw8coFhTA7/l194KMiQZJWDfXSO0ODbLGy7eTK+85hq4xSrFPIvu+tE9cAplpBsz/Np3vo6cioOEl6Dp4xMYHz3FZjJOyvXD8rc2vDCiFoEZia40yPUhbYsoasFZKMFzAmgieIUquOLyxndthyUFnf7OPhSOZZG5qB+mIVEZncPiD0bhPjzJg6/aTtd84h3Q61M4sTiHSkA4cds+mr/1QR6+7Dr67P/4GD20apL+6OP/hPF7Z2CxQX7FhXYDJlMSGQbYD4ikADHIMA2QabA3tQR/vqjWXtBpJNPRsf0/PnNDQ8/Aw+32Mlb7Hd6y62SLucoJMxrhIBGxp+8/sXRe9fHo+2h4WGJ0lB+H6f68Tf5+Hnb5CwKDNw6aomPtqvKoPju663EZuk+7mb/yRW166K2+pPeVpiG/Nj9VaFyaLQZ2U9yQcQskBAuDIGyDlBPu1ZEhIY2QvGUmbQQWof8lq/gN73sdKg/M0hf/6z9julhE8j2Xc/OFq2j9xZvQaER57PZjOPytH5HjV9C8pgP5vWfgzBQRaYmieV0rpK+wfCaHxZMLNQspA7rsoG1zO2TMwszJRaS6MijPF6EDZjKIdC2TYQbgeEAQwG5IIt3TAGkb7JVdKszk4S+XwmlcPHrOmDSairLyfLCvISMWXNcnETXD8jDQIEtCB4qxkCejKcWNPU1k2AbcoseLJ6dDp5x0HORrRKMmVDUI9cnjBjkVL1Sc0QylNYuIBSEEuRUXlpQQhmDlBxSJWhyQoGqlyol0HJ7jwxICmhnVQJEUAhbAnu9DSgmtmYKAEUtFmH0dGsISk28Qa0+TZLBBBFf5MIUBKSVVXS/UK9OhsgXXdjc5CML9uUBTLBOFbIwikYlhbu8kYEjoxSK3DrTTRe9+KS9MztPo9w/BbEqAmmLw50qoHJ0FIhLdqzvxmg9ez9FXdNP373wIhYUSxLKH+TsOoi/Thk/8j7/il192GT7w0Cfojt17UL57FnqxAu37ADOCpQrLmE267LEuOkRCwIhakIZgZ24ZXHGDjUNrzHjEfmDkgTPvpMXiqd6reiNju8ec88/zwAeHElErkhz5xC2zj9mLGhoy+q6GMbYzzMBerHh+A9bQkIHdu8+J0G74gzck04nI9r5DfNeuXc+CtMXQkNEHGPHWrF6ZoAwODpojIyN+97q2Sxs7k19ZWqyunjg668O2DKshRkbEZDtpk1IaKtAwbQkrFYHreJAxEzIdQdVx0Lqpk1/1rteS5Wje98930r277oSOx9H2m1dh/Rsu5bZ0mihbxt5PfhsLY7OwOhNQrgb5Grl7z6BpbTO3rm6gfLaC2f3TUCWHRdwmaEbvYA9yM0VoIpZJm/yiB2epDDIk2A9gxS2QacAveWCDoIrVR47sCjGSCVrpcN2Ea83omvJD2P+hmuBcTUFChrpbZIqQyOkHYctTABSzIUBQqBFeWQE1lQT4NS0pohUlzrDvtjLhq7WcanpeoeZWEGpniUSEZVTAzzsgFY4ymTWTQYSahrqViIC1Ckn/pgFvqQo4KpSvCd9PqARa07oiKRkaREJAuz7gBhCpcMCR7mtEpCGCTGsaJ+47A2+xBDdbBIhxwQ2DaOpvxv7vH0JxvoRYewqVXBneXBFgjejaZmx8x5VYfeUGzCwv4MSeU7CaIqg8MI6lu0fxq299B/5ux8dwTE3z/7rtc3THbSNI5AkibqF0cAaSCcoN7bxICnhT+dDMA6GtGReq2rANbL5qjSDWt+77/qFfY+Ys1eTfH/NBPDws17YXjZP/cLP7U0d/x5AxlYvKx/q3esB6khgYHrBGvzbqP2fM2sFBc22LjCqTome++8Dc+X+PkRE/0hDpXbO5a1e54F46cXohUD5LozFOdkMMseY43IILdlzITBQyEwErHd5rMQvlbAEiZnDfqwZo3ZUbEEyVcN+ffR3L2SKSQxthX9yK3m3rsHb9Kizdtx+H/+0uTO+fYpI2UcSALrkwpeDurW3Us7kd2dOLOP7AeKirFbXQsrkDdsRkr+rBTkRQLjhUWiwj3pJAvCWJ5aPzKOfKsDJR+NUad0vVFBZYg1f0msJ94JVeFtVoHFixug//PRTmM6IWtKdr8zvGI2p3CJn4tqztNgpQuENck5rimtqBCKVk3OAR6RVTgr3QxZkFzpmyQhJkxGQEmpRfEw80ayJ1HE4RRTRcllYVD9KQ0F7ALAWx0rCTdii34yh484VQaA8IVUlrWaNIWGje2IKmroZwglr2ODe5RPnZIgfLFYIpsXprFzZevQHjx+ZwfN8EYu0ZBEUHlYUC9LKDRGMSfTdcgJ63XYZc4GL8zkMoThagJgtwjk0gWgI+9em/xeCrLsZH//MfcffoMQiKwJ2uwF0oIpKKwZ9YQlByQYGGmYnCX6yAvQDaVeBSFVx2Vaa3Ua5e2wQp5Ccfumn/fx8aHjLOzp8NapnV0+ktEYaHBXbtUtgBcZ6mez1gPRNN92dhKqp/Rj9PAUitubjnH2XUfNf0mZwuZcswW9Mi2p7kSMwiK2LAbouj6vgozhQQBBp+wQklSUAIfA00Wdg2PIj+C3tw9F/vx7Fd+yCa4kgPreHEhjbq6EhisK0Jc4USHviXezB19xhgyFCBYbmCWMLEqot70NLbiOX5Ao7ee5arSw4oHaFkaxKRpMUwJEWb4uzkSrR0MgdWDL8YmisYjfEa8dELV3Fq0i4kCMKUrH1NZFCo+0QE9oMw86JQQJC1hh23EWmJwS16cLJlnDNUIKwICzKDaUVFlVY4T1ETZApwNQAIkBETIECVPNT6M4/ofSnN7CsiK6SO2PEI/KIDv+KFooha1+SmQwliMogN2yBJxE7BoRXFU2aGlbDDXUEpUJkvQiuGsA0wGKnWBJLxCBJtCQhToHA2h9nTCwiWKgBJRFoSWHdBN9rWtaBacXH0oTEsTuWx0nQPliuwLQt9b7yYt3zoasov5XH0rmNYPjwBXfbhLFTAe87iVa9/GXZ88vdx0DmDP/ubz/DimIP0Rf3klh2IeBSV43OIR6OgQCOYyoeO4QAHJY8YgJpeAi+WVOeWTtm7tjm/MLn84ZN7znyRmalGy/jZwaXmJvVTpNFH31MrO7j6JwLck2ukP8/6WC9a15xnawhBBMUMdG/p/rOm1vhfzE3kMXtiXsmWpLRaU2ha1YhIMoKZE/Mgy0RlfBHUHIOI2xCBBkFABwwvV0Lz5b1Y9/aLwIencfRf7kP+VA7mmlbEL+pEalUTLnnZZlBQxdSDZzH+g6OY2jcBxKMhybLqI5q2sf6SHrR3Zzg/U8DUqQVMnlqklaVmIx0Ngw4zWje0IggYlXwVbskJTXl0KKcCKSCiVm1oAESaY6jMFEOHYaNWvnFN7kYrgIFEawIbXrUeo7cfh5NzQj4UhyJPFBJbmWuihYiE8rxkSyBhgaQBNgVIMlAKwNXQKVnYErrk1VxgNOBrCEmAr0Epg1/2h6+lhYfOYv/n74NIRcNMLGKEfcOogWCxEgryifD3IiEYRri5Li0BN2ShQ0iCZQr0Xd6HWEMcBjHyZxYxd3YJy4sVqHwVMAXaVjehf0snp1tTyC9W6OTBKeROzgO2CbMhDr9QgRm3sO4V27D1g69HtiuO8Yf2Yv7eE1BncwjGcnBPzKOrswlv/OjrcNXAFfjsF76OH95yN8iPof3t21HWHlrW96JvYy/O3L4fc5NZBFN5WKaAXiwjcAOwx/BPZgHlB2su7jEy6dip8TOF92YPnL67thcYPIWpnBjaMSR242qN0VHC47dWnrVJ3+XDl0fvR4+HZ6GtUw9Yj3FNhochdu2C6t3aNdzQnvxsLltOTxyaDWAZRrSv6ZyrtL9YBK1qAmwBcmtjfE3wi1WgGkB5PoyEhQvfsBmt/RnM7ZnAoa/shZt3YG5uh9meRLothXXb+7C5PYXcyDhu/+Y+LI4vh0J6lgF2fJa2pP6Nrehf3wLDMlHJV3Dq0CymTy2EJZVpAIFGZk0zMqsaoVmjOLGMcrYEMg0oXyHwfISMS42GrZ1wF6uozhUA22AKAhKGAaU1WGlIQ0KVqlh11To2ogad2H0qDDahaB+LhE1c9hgGheYakZrKZ8SElgDFI6CICUkAfA1VcGocTgWu1FjvKxb0BNhxC9Vymd/2e29FpVSku//tx7w8uUxkGyDLhIJG++Z2WFpifPexsPe1oicftWFYBqykgYaeBmQ60jAtAd8J4JccFKYLyI7locouYAjEGmLoWtWI1Zs6UCw7PDdTwOxYjspLFZgtCZAKddhFwOh62QDW/NrLQWsbcHbfWSzfdwrV8Tm4Z7JwJ3MwXIWr33Ultr/nUpz60TF8819/jGDZgZVJAQ1RxK5bj4ZNXXjz625Au2HjgYlR/Ojbd6L4nX0wLAErHUGQq6B8zxmWgB4YWicNiR/uveXY++C6YwNv22Q9Hlv9Ce7nc5nVtj9+0zpTQiXuXhrbvXt3MHjjjebI0pJ+NoLJCi56yxV9vqWdQ199YO6ZDoyyHp8eg6s1Ch4aGjIOPHjwkEzEb2lqjw019TS0Ls0VAq9YFWQa4KgZ+v11JSAbEpDtUbjjS6GeecEDaw0pBdSyi+kDM1g8s4TWS3vR/fJ1iJgGFvZMwJ8vI1AK1aKDXL6Evs1deNOvXs4NvTHyyy7nJvKAALEUWJpcxpn908jOFJFMx3jL5X3UtbYZrZ0ZuL5CpVCFky0gf2YJlWwZ2vFhxSxk+jPc0NdALWuaEW2OAbYJDSDRnQZsE8r1qeNNF8K0DK4cmSURsaHLJUAayM8VKdWTQXm+BOUGIFMyMYidoNbkBnEQBrhIWwZ+1QM3mGh/yyDsy3pRTjGbZoSCxRIQBCFx1VeAQii5rDXsiAEjasI5u4iNL10Dx6lgfHSG3KkCWANWxGA7alBTf1PIzVIKzf0NaNvagZ6Lu9G+qRmZ3hQy7XFEoiaK00VkTy9i5vAsskfmUJovg5VCS38j1lzYgZ4NbXA8heN7J3DqyCyWZoskLAPSNiAUgzwfLS/biHUffi363vUSFGzg+J2HMfP5u1CdWUTl1DzU7DK2Xb0J7/s/b0dzRxqf++g3MHLnESafyEpEWUcN4ooLJEy0vPwCdCXimA9ymMktYfyuA7CkBckMXXZQfmBMpVuSYuOVq4Qk/Zm93z7w3h2+vzh1/xetY9855v3cyQYzDVy9K97+mm2/I2LWa6YmJ0aWjk0XZ1aPALtGn7WSbmhoyKhWi6xi1WJ2NPuMB8V6wHocjI2NaQxDFn+0PD03U/nP5q7kxpb1bRsdV/nViSUhhCTZEENkfRva33sF2t98ObQhQiuwmWWw40NYJrgasJCCKrNFTB6YQZU1Wra2Y9X2HqiSg6V9UyjOFFHVhNPTyyhWHbr4gk689VevpI2b28ituMhO5qCqHihqQzEwdXQWR/aMU26hjGjUxPqLu7H54n7YCRvlqgcnX0FQduAVfRSzZSovVlFZKHNQ9SnamoSwDRhpG5oZ3vwy1vzRryFzyXrMfPMeirQlcf2fvxcT+87AL1fhekHN/YeZfU0rk0RpS5KZKOJrmpFc34bymQWIzjRSr78Q773xA/zeC15Lxb4YTk+OE6bKMFY3A/NlsK8gLQPsKuh8BR1XrUF5ugB/ModtrxzA+IlZim1o4f5NnbTh1ZuQWt1Ase4E4jEbrS0xpPoaEE+YKOcrKC5UkBvP8dKZPGaPZGl+3wwKU3k4y1UQETr6G9C7sRUda5rQ3pPh2fE8Hd83iVy2BDZl6BJkEJQfINOaRPO6Jmx610tgDl+KuaLLU3tP0+QDx7m07yy5i0WoY1l09DbgFX/4Sqy/chVGvrsX3/y/P4SWApZlknZrFJOoSdoNoHyGuaEd0Y1tOJafwuKtR5A/NQMZsVA5PAVn74Tq2NotNwz2LKuK95GHv7X/4zd++kb/f29/A+dO5oKndYB37kRvcy97LZhz8s64ztLYwtEzVYw+yjiVno37ZmP/xmDP9/f4z8Z9WS8JnwjDkLQLigGr94rVX2hZ0/z2ibGcnj80BwSKki9bR6v/4DoYa1uRPTuN7Gfuhr93CqrkQICgw3WYlYY1s9ZkxQx0XhhmCGqpjFM3H+e50VmihjgaLuzEps3t6O9I49KL+9HWHMfSfAXf2/Ugfvzdw1ieLwEROxSiExTKpvgBmrsbsWpjK1raEoilYliYzOP00VmeGs+TKjkh7UAzYEukuhtgZSJwyj7KU0vc84YracPvvhEjf/o51oUiXfqB16J0ZBaj37iPS/NFiqSjMFNRgBjVuWJIqsyWGKwJtgGjKYkgCIAL2nDJh97Cf/ma/0IbdQYHxAy/64s7KP+N/WjZugruYh7FPWfAEwWg6qP9paugih6y+6fZEoxX/9YrcdsXf4yL3ns55vZM0NLxeWgQsyFIeYqVG5BX8cOeGNeoEr4PQEA0xtDRnUF7WxJ2zERXfytcz8WZ43M4e2IexYIHYUhIW8Kv+kChgtS6VnStakXrmmbwmkbYPW3ILjoYPzYJr+giKFTh7BsD/AAb1nZg85u3IrOqCYd/OIoD3zmIaraKSFMCDI3ADbWqZNQERyRgGZDJCCLbuiF7MlCFPOLtrQjmS5j/6gMqEjCtuahbxJORPQtnl3779O2H9gwMD1vPBf/w8ZrpQ3feKZ6U3V59SviCh6itjnLvS/v/KLOm9a+WFWjqgQk/mMiZVl8joq/YAFUNUL3nFCgVAVd86KVq2EiwjNBZpmZhz1UP0BpWQxRdF7eje3svls4s4swdJ1DOVmEkbaTWNCLZFENvTxOvbkzQJdt7UXYD3PntfRi59zR8xViaL4eeeSsedTU/wKbmOFatb0NHdxqB1iiUPBSWqliYK2J+ehmq7IcN9JgBmYqwWi6R1ZAMzUBTFny3AuQDGNEItFbou6QX0wenEetOIZ6yEe1Mcrq9hQpOFZXFItySQsJq4FyzQVe851r+2NZfQytH6bP5O/j7U/tp/o7jSDgOBt94FY79eD8b+2YoK6pYmprDwl1noZcq6LliFRKtSRy9/ShghGaj4WIiQt9Fxwv9GQ1isgxKJSNobUtxT08TNXemwG4Aw5Q8cTaL0yezWFoso7pcJYAgk5GwfVd2YMcs7lnTSlsuXQWzMw2diWCi4GBqbAnlUgCPGKLionRoEiLQWDvYh4tevQnRjIkTD5zF3i89jEoltJeHENBawUzYYIR6YDJigs3Qu1C0JkGZKEiCY+vaqLmpFSc/9QO/qTNtrl7fhmK28MlDd038Ja7qLw2goJ5iv+qZC1YA+t4zFGkLotaDX7q5gBewbX09YO3YIZ5gmnLuWg3tGJK7d+4Omrf1Xt91Qef/dSOyb+ZoVhVPZkkvlgWSEcimeEg5sgyg5CMoOzAb46y9gJQfrIyyw4mcF9pjmRkb/a9dh1VX9SM7MoPTN41iebYUNpejFoyEyU0tcVrT34yLB7uRzMTZcQNaWijhwD2ncfjBMbjlsKlOSRskRZjZBRpW1EBzewot7Sk0tCWhDIJb9VHKV5HPVZBfrKBSch8xCzVqTXRVW2GJmEh1JcGuQmF6OfQjjRuIdabARJCJCETcQvv69ZxPMDquG8T2zZeiUFrkPZN7yfSiVDgxg8L4DGhqCfasx5EgwOJYliqzBbAfgMseos0xVAsOUPJC/hUzRNREQ1OcbduiluYU0g0RtLRkEE3YIMnI50pcLrg0PrGIybEFOAUHCJgRNUiaRug5WPVgJi309bdh4yV9iLbaYCmwsOzg5LFZzJxdgjYNGLYFFoDyFaxcEf2XrcLG67Yi092EfV+/DyduP4bKVBGUisGQAipQoXqRFJCmDAUqRMhpk6kY2BCgqAmrvxHRljhKD0zo6tk5WnfVOlqzrv3M/JmF//7wF+752vCOYev0Tad5ZGTEfyEHinrAer5R46Zsed+rXudpb/745+966EkS6VYOVWf/1ev/NtGf+dWSC8zcdzpwC64U6RiJVAxQDF2sgmt+eIhbDF+RLrshBYD5nPMw+4oRKGq5oAOb3zCAdFcKlWwZR762DzOj84BhwIhbIEtw4CnKNMTR0pLAuo1t6F3XjJnZIvxiBXNHZnFwZAKVvAuYBkQiAmEaCBwPqPiAANtNCco0RJFsiKKlp4E1c6h5roFirgyfETbwCy78QCMIdOjlJwDtqJrOfG0QJQVQVYBFEBsa0fC6rcCGTkTXdKK0mIfKLkM7LoQ2UP7BIei7T4VBOBEFyjXrr9pCeSRmItOeQixiwLYk1q5rR2M6zkxMqWgDT8zM0/JyETNTeUxOLCK/VEZQ9hlKESwjnNAi7EdBMWREoqM9hY3benHBFWuBZAz7R8dx5ugUirkKlqaXoao+hGEg8BSwVEZqQwtWv2I9urb3Ir9QwolbjmLh5Bx0tgpETAjbqJkfhiRZYRqhrRuH5GEZMaADDUpYYBBE1AQlLFQfHg9k0ja2vGIjOjoavnzogYm/nvzB8vFrP7wWN//DzV49SNUD1pPGwPBLeh1bO6e/eN/8Ez7hhiEHUq9Oj+5bLNLeh33WjPbtXe9OtKf/UmTiPXOj87x8cIZFOiZEczIcpfthySZiVkhk1BpqqQJ2/Ud+kgaINNgLy8bO7V286foBWtWXwfKZBRy9fxJnHppAZbGCSCaGAIDSGtpXiCUj6Fvfgq7uBgxu74Zb9jB1aglH909g/OQC8otlAAIUMyGFDLWoagvOCEJDg2RTDLF0FGbUgBU1kWqMwzAI8agN5QbQDFasSWhm+ArVqk9KA4XlcD0ozwFSW7qwcCoLIxYHXI1SNgdzdSu82QLs1iTiV65F0gHk0hLiiuHmyjCrHhpSEQgFhtbESiM7U4DvKzgFh3Mzy1SueAyDAF8RYjaMiAmj5nSjmRE4PlBxgaiFTFMc7b1NWH9xD7pWNyOTimJ6sYC9I+OYOLsAv+jBX3bhFp3wewIFmAYSfRmsu3Y9Oi/uQm62iBM/OI6F0fmatpaoeUbWpLQNAYQahURShsx9AEISjJgFkYoiqLjQnoI/v6xR9rDhVZtE66qmBZJyx11/d/O/d1w/qC5Y1aLOBavhYbm5eWm9Krj5o1/68cyLOJbwwPCwtRlQ563W/Wzl03rAepbKxp079SUffcvLtGZ75K++eVvf0FDk0tZWf9euXQrRaNeqoVV/GrGN3yovOTS5dyLQnibRmJQr7G+zIQ5VrIa+fWUX7AbnXf0VTTmES8daw4haaOnNYODqfnStawU04/i9Z3H0jhMozJehlYaVjMCI2/AcD8KSSLcm0dObwfaXrkMmE4WlBabPLuLhe05g4mQWuYVyGCiJQp6XKcMla4R+d0rrmhmGgoiakIbkVEOM/JILPwgQSdqIRkzE4xYsy4AVMZDsTGP/PcfhChN2Mpxitg50Ij+dg19yoS0DqqJAzTG0re+He+AUdL4Cr+yiWnAQlD0EvmYEQXg1ZG1wXdOFsuIRMADP9UAGgZfdsHSNGIhGLDQ0x7B2oAvt69tBFsGIW3DdANOnszixbwLlig/fCQAngF/xzq0JNfQ3omVdM1LrmmC2xrE8toTJu8+iMFkApBmW9AKhLZoK9x+ppi5NNQMLMgTINmHHLMCQUIaAMATc2WXWhapq6G8y1l3ej6auzJcmRrOfOHTr0eOXvvNSRBurlZq9FlYC1ra2fC/yKB/44m3zz2Rv6mnHh0dY8T/xoB+wRneN+vgJpvzgjYPmSMeIerZWfn4ZAtYTfbBP5glAAPiC33ldVybVvHj2zjuBTCYy9u39eQxDYlcoKdu0oe3lja3JvzHi9uDU8SwKYzmFeFTIhhiBKAxUqnZOw2VgJoMoFNKs7epphoxKCNNgv+wRLInGVRmsuagD/QPtsITAwtgSJo5lMblvGqVsGZoBmbBgp6NhyWUAMdtEZ18julc3Y9WqVlhVH6fOzGFptoiJ04uoFh2Uiw4qZZ+1ECQsEwwGawUyDFipGLQfIHB9GLYF7SuoIABqrHUYgqE0oegi0pdGw5ZOuJaBjvWtaGhIw8s5jJKPXFpT3E5g+p4xZEuLwNmlsIw0ZGjQwgRS6tyiog6CUCYaxNCaAA0jE0N3TwsaWhNo7W3k1WvaKZGwEUlFUHIdzM4WcGj/BFxPYWEmj1LRAanQxt6v+ghypVA8MGaheXUj+i7qRuuGVlTLHk4+eBazB+bg5xwgErpen7OFVABYhx5GYYhiBgiSQkFAU5KZsJFe3YzKXBGVqRz07LKy25Ny8ys3oaGz8Uyh4v3pQ/94+7f6hvr0pVdfqndhIMDOnbr2EOTHOXc/68w+132ux/x5w8PD8gkECp6V9/lLEbCGhobk7t3nDCOfgYwLAjtx/mGjwcFBo9Y4jfYP9v+mmYr8bnGx0r88s4xq2QuoIS6FIaGLDnFoixfeBVKE1vE6vDlI1BQRSEAa4Z6eDjSU5yPeFsfqS3vQP9COdHscDMLymRxO338Wk0eyXMpVSEsJI2rAjFow4jZgCc5k4pRORNDek0ImFUPABAkNAY3F6SJOHpqFEwRQBmDDQLnswHcVAhWWOs7ccnjz1koj2CaMVIS145EwJZIDbYht6kRldgkSQFlqKCm5pbeNPF1FZzmChvV9OPrjA8juOQmSErriQRddIAgAxweZAmQagFbcs6mTpCm5IRajtVu6cMEVq9DS24j5fBXaV5CaMT2ziGOj08gWHEycWURxMgfLNhBUwkxKOaE3o5mwEM9E0Le9Dz2b2lBZLCE7uYST+6bhFD1wMdTQJ1lTlWAOVSwQOirRyi1CAGtmSEFiZQoYMSEjBsgP4JzKagjmtVeslV2bO13N+Mf9d5/8VKHBLmy7bFXlwN/dVvmJ80eP8fXKg7PefP9lLgmHh4fl8cZKe9lSxZP/8LTGtk/0fYIIoSdLe3tLR6f132zb+LCz7KRyM0V4ngpgGZKEJEgKbwBRs0r1w4Y2nUfnC4NZOHw61+5SCsI2kO5KoO/yPqze1I5kJgo4PuYOTuH0g+OYOZNHcbEKSAGrIRZytphhx0xE4hE4gUKqKY7+gQ40ZqLYsr4FEiYK7ENIAfZCFYrWZBxzfgUL02UsHpnF7EQWfqDhaMb8mRwCk9F64SrY/Y2YG88i0tWA+OAqBHETftEBAh9mawqlIzPYPO+j++VbceuOr6AaaAg3QEvURiodQfeadiSaY7BMA5nGFJKZGBzlMaRBXR0NOHNqFrO5Ap8+MUvVQhW2Dvt+2VwRS1NFQDO8ohuWe14AOx1B54Y2dG3rRKo9welUBIu5Kh27+wzG9k8BTgCKmKAaWYVrxUu4bA2ABFhrrnXYa3I7YUAjI9Ra10FAcFzofEUDzC0bOuWal6yGHTV/MHZq6ePLRvxMW1r4whM8umv37DOR5Qz+7vXNyg9o3z/cnH2me0P1gPUCQ1hbX6+ewqY5AeAN77sy6SjTH/u3Jy18RhiCxO6aZlFrZltPR/L3iehtlWI1ujxXhO8qhVhEkGWGqzc17fIwSMnwxjEIwjTOUSB0oCCNmnOxDg0jAq1hJS10bWpH7+Y2XHRBO5KNUczNFTF+ZAHTh+Ywtn8SxcUKtF8rbGImZMyEGTEBg2Cmo0i2JtDX04SergZkOjKcziSpq6sZzXGJsbkshNmAk6emMFcscmW+QEGpirEzi8jnSlj9ik0YOzmHSmcC8Q1dCDRDNMbRd+FqzE/NoXh8Fu1XbcHCF36MSzp64MWBOz/xPSQzCVz/ju1obkxgZiwHXxGEbSJjSuSzFWTLeZ7KLpGsEBamlhA4PsjTcJaq8FVNrkZrGLEIEg1RxJMRtHen0bOuCW1dGbAiHD+ZxcJkHnNnc1icLkAXXZAUYX9KM/SK7yOvKONwWPbVtBHOM8UALAkSkjkICK7HOl9mMHOiLS1Xb+9DU0f6RLns/t2DX3nwPzpuHPTW9G24qDo2f2jkM7cv/8Rk+merLgwPyy0dTvOhv//uAmruNcPDw3KvNRa3GxtbolLynk987zR+tvJIPWD9kmafvPadl6aibMmDX7576Sl//zDESn8r3tOwOR6P/o5piXc5yxV7abrAWkMhHjFgGhCGPKdfBQ7t0VdUQYQgMFHY/6qZvgrLqGUDBPZ8kGkgHjfR2ptGpj2F7nUtnGyLkwBQmi9jeaGK6WNzOHt4GqXFau21KPwvZQFxE0hFkOlvRCYeg1Q+BBHSZhTN/S04c2ICXtlDqeJgTXsLH957igIhuOcNF1ExEwWlItBRE6I9ja41behJpiCsJA6fPI6FbA7WUhnLX3gQb/ov1+OWj38DhVwZfYN9KC1W4Ds+pNKoVjx45dC0Isg7EFJAMwGuz4ZlEhtgO2FRx+pGtHc3oH9NK5paM/AkuLhUIrfk8ezpRZo8Oo/FmQJKyy5IUqgIAUKiJQknX0bgqpCnRsSsdK025/BhoXTY1KfQLRqWAWkKCCJWJQfBYgEAq3hLyujZ2onGtvSYDoJP3v/dw1+H48xse9c19gH3Nmflcz8PK/JFj7QVsAM/8QAlDA+Lzaml9S2Xrxvmpcpndv/hv80CTNjx5wTsxHnN7Edl+1e+7w3JPDnm6D/fmvtFLinrAetZxMDAgAUA0Wh0hRgIMx27sKkj/ceGpLeVl6oiP7cMZijEIlJE7fDJr1R4swhRe8Kj1vRi5kATEUHGjHMfnmkbHLiKNBjechVGQwzkBIilLW7ub6DW7gzWbe3kRFOEHFehUvDgLVcxM57D4lwJy/MFVIou2DTgkoZvhNmY1RyHN5UH4iasVAJ6oYJUYwJuvohYNIaiE6DtJetRTkWRuKQPZmsSfS1teMvqS3Ex+hAVEdys9+HO4imM3vIgpr9yL1KpOOxSgJn7TsI2LTjVACiHi8JGygIKLhpbUoimI0g2RxBJRdHW24JMexLC1Fi1ugtXbt0I1ythYiKP++89hsnjczj4wBnkFytQXnjtDENCrKiagiGkQKqzAdWlEryyC7/ih5mq0mGvSlDoeeZriKgZylTbZniNfZ/9hSLD87SdiBh923qQbE3M6UB/Zu9DZ/8Fc8vj1374WrN6oKrOrbY8okEVlnO//6Y1ZlwOlqfK9x783M2TT1TSvfSTvz6gHZq494/+pfikztrwsJXqnpD3/5/7q/UMq46n+sQiALz6mm2tVtxWR7/10CIAiaEhQu1AJ/vbLkun7A/4jvOucr5qlPNV5kBrRCwikgI1y/SaYB6TCP9aaM3CkKEAX63NspKBQWmQEboZkyD4ToDADUBaIRIzOdUUQ2tHmroG2pFuiSPVGEEkEYFrSLQ2pRGPxzg3WyStDJRyZZSzRXg5j5dmHXKNEqaPzWExKOOlr70UD96xD8WIidbLVyOwTdDGDvRdshYvaejCxdG16BRpMBzscU7hW8snMXbLYUz9624kOtPwpvKI5DW62ho52WFSMh1HZ3cz1q5bg4aMCdgKlGAkWuKoLjsoLTlwlqpYnq9i/FSOs+MLtFSoYHJyCblsAWCsuOHU7J0JKlBMNa2scxmrZhgRCb8aQPsayg2YOcywSFA4GZQiXFr3FUMp0oWKRuDrSCpqdK5rQ7I5uRgo/aUTh2f/yZtZPD5446AEgPM0qx51Vnbs2CF27typL/vL4WsyPU1/vLB3+mMjk/Zd2LVLP4oS8Gj6QL3p/jgw6pfgZz21BqzRgeHg51BYZACo5szS6Zxe2VpX2L0bAASGQcVdcw8UgQcaels+G21K/n68IfEGr1iRy9kytO8EMC0hUrHQnV1pCrvzGgwiISncT/QUmBlKaxCFRCFWNRVRTzEFiqIpG9AErQJaLgSYn53GwYcmYVgCIMBOWEi2JtHWlUbXtk5ata0PfWs7sDYTgx0T2Jrqoh5qYwUTd+x7kL7w2a/jsrddgQfvPwjOlVBVAce0JHID9JGJJhlhaQjEQdgbTCAvFS1n8ygv5KEWHcj2Jvi+jwsHB9AkTLrw9X1oWNeIwukFVKtFHju+TEtLBVQqPnLZInLTy1zOVii/UIIfKPi+QrIlwYGvSWpCa1cDyvkquyWXlGLSSoeC0FKGiqQAtNbQroadinBTfyMtnMjCKfvh+qWUTKYENJMGIDRDF8rgsqPBGtF0TDav6hDJTGxZa/7yycPznypPzh25fPhya6F4iTnymZ/SSGcMD8vBhqo98pmbKjtD6gKKU/MHuez+nbPknAS+85OZFWPnzke/BvMj5LwXz4O6HrCeT0SrUWPgzjutUaAEQAwNDT2lbfa4lMZAXykYHXnUX2vsqvU0hoZoaffuewG8JdWYujTZmrgxmoz9iltx4uVcBc5iPkDEJrJNIaSgFYdjpTQbDBJGuHALXXOvAkAkWEgijdA3tDaqZ2KQIQkyEe4aUjilBDOjkK+iXPZw7NAMq3+5j2KZCHukqKExiTWDPejf0k2JRJwXygUcPnAS8oGH0LCxDdW7zyB/dIq2/NZ1MK0I8hMLOFmo0OnYFDLxJuSqWR5fKmDy/hPwx3OQEQn2PURMC06DxrJycexsDvu/cA8oACaPzZIAgUigEvhMoaUZSduEEbGQsiVLKSnwFQxTwI5Y8Mou64BXyjoIQxJxLdEJG+dMTMTMMC2DKouVsM9eMyslS4baw0EALlVZOa4CIBJNCZlqT8OM2WOB731xdP/Ef2CpfHjwxhtldeluef+u+53Hu5kHAAmoNRgaOrKSUY+27J7Hl9bejpMn/cdplj/6tZ77YPVYwekFN4msl4RPhPOcfYaHh8WuR6fyT/dJRbXmPK00aa32xk0NKfudliXe7VXc3tJSBZWCwwzSIhElkYoKYchwrcYINcxDgxquyQYTC0OSVrrm6swwzLCBLAQ9UvoA0DXzVCNmAiQQTdqo5qsI/ADJ1hSEKeHHCWSZSDQkoQhwZpZgsELPK9bgwX/ZAxm1seb9L8G6t10FNZZFzCa0NDThloN7sTyRQ3B6GXxqCeUzi0gmI0h2ppB/eBLrX7MJCxMFVBdKyB6cht2aQropHhq6Kg2/4q/078JgrEJahtaMSMyCW3EBEJQXsO+FsjNaawgpQyczBqQUYOaQ9lZTshBSQGsOf3cNsOOyKpQZgdJmxDQaOjKIN8UB0L5y1fv8/GTp21heHt/BO3DT9pvkSi/yMfHTeueP/txf2IXei6IMrQesFw4khkDn6BCxWEeqKfrGaMR4Dwm6vJKvorJcQeBzgJgNMxOTRtQiwxTQfjj1IgKkaUCHpROz0mTYFkgA0hSA0rDiNjwnbDivBDAmwIrZDAIFXgA7acOIGPBdHzIiYUZsuDVJYjtmoDSZQ+vFnSjOlTH1w1NIXtiJzNVrYfc2Y+tlF6E0M4/RPcdQHs/CncijemoByUQMzetakT0yjd41bXBNwtSDEzAtC37ZhRUxQtoGEPoH6pC2EJLOCW7ZZWYmEhKJlA1QWPGx56NachH4GipQoXJyyF9bkaoP+1KmBJRmKQW046O6VGKUqhpgkWiIi8aeRtgxq8TgOwoF72vzZ90f4pKBhctbXXNyYhKT9086AHjjmwc7WNmlY9+5t/g8BJJf+t5WXXH0KR6etdeutZNdSXN5bPnxSkPxcx4qxhh07ftl35Wd3vyBmfvLufKXzUzibitmVuPpeHeiIZaSAiIoVskteQGTYK2YmEFkGWAR9qakYazYHJMVM2FHDTS0p9l1fGIGG4Ykw5QwbANCCARuQF7ZhZQCVlTCtExUiw5M04D2NSQBhhRwskVIKTH38BQ6trai/4JujO0+heLcMjhXwcSR0zi7bxxi0WPn4ASllgKs3tSF1s3tOHvbYcRaG4CWOLKnl2AkolCBYjNuk1dywYqRbEnCdwJmpci0TJghxxZSShKCzrnkGJbBXsUj0zLCTEszlNKQUoZPYUJIBdEMaVvQnoK3VII3l1dBvoRI1JStPU2ibXUzxZuTx7Uh/9/k2aWPLByb+cdyy2uOrt225JhZZamJZRXEAipMFoLh4WE5XS6AlabcySn3SQSapwdmWvvAA1bu5ElVv/V+8TOsp/U0+lm7UhvfdEkTAGw1+/NP0vD1530vxtDQEM71zToaejOmfFM0Yb0mYhuvVp4yissVlEsuPFcFsC2ImC0MyxBaaZiRUA4lEjMBAM3dGV6cWiIraiHwFZQXwLAMBJprdICQ1ZhqjqG1pwnjJ6YhbRu+H3oTsgCkKbmSq1AkE4GXL2PNq9Yimklg8qEJBGUXGzb0o8oBlsouNmxZxUIE2P/DUTr70Cmk17fBboqjuODATMegF0rwKz6a1rSCWGPpRBZCaZAUsCIG7JrRqwzXYuD5CsIU4CCkKbgVF6ZloFr2oIIaFQSAUjo03qh4YN9nXfE0ggCGbcpMWwrptjRMW5zWPr6/VKremZ117sPi4jQBeNnQkLF7924GoLADom/fBalkUdlezFbHB0dy2An9GKtZ9ZKtHrCeX/QNDUXGgADnNdk3vmtoiyBkSrnc4YxH3oHbDpSfoyalGByEfHgE/soLRzobrujozFxnWOJqAJcgYLu4VEK54KLiKq2U1mQZsBMRYSejZFiSzKQNUppNQ5AVtbiyXKUgUDAtA1pr2KkIKiUHti1BSsNxA0Qb4nBLLpQOB1de1YWZjIIighMNUarMlWAkDfRt68VytojFyUXE2pNo2tCBwtgiH7/tAKJWnJou6oMPBqtQGbVwZBa67IVyMaaBeEsShckcyA8Z/XbMhPYVDCPkVNmWRLXihvwqKeBWPDBCake54ITlIsBB1YW7XGFUPYYUTFIYiXQE6eYE4s3JeTtq3VYpeN86eWDyxyiX58I25ZCRzWbF6OhocF5DnDAMsdkf7K8U3FJFitLcT3/e9R5TPWC9IBvuDADrhi/vskg2R045oz+z+foT6L788qiVrCRP33Zg/hn4vMSOHTt4586/0LW3ZZkdzVuam2JX2kn58kTU3q419TqOj2K2iGKuBNdVYF8p2RDjaCYuhG2KSMyC0qHnpmUbsCImrJiEz6GbfFB14bsaph2qlzqVIFxlIQrJmJKgowKJ9jQCP4BnmWja3InSwRm0NDdi9KFjkJ5GqrcB8XWtYE9heakC8jX0XBGBEzoy65IDYRqwIzaqhQpiMRNBxUUkEYG0wklgJGph/cZV2P/AYWg/VPos5kpwSy7cisu64jJ8xdAKkEJG4hEkWpJINidgElfIMG7Rpvmt2dn8fcUjU2cQWmrQDTfcIHbt2sV49NRuZZvzeV172bFjh9j55zv5OXNFrwesX2CcJynzZP//vvk+8wlsxp9y1jU0BNHaOsw/UZa2tmzuvqihIfZSWOKlpmFscKtuq9ZaluZLqOYrKJd91oHWMASTaUDYhrATNgxLkoxZZNkGwAj7W4aACjSsmA2n4iLwApimCS0IjmAgZgKmhJmJQHkB0NeEaE8T5j97L2whYLenEGlNgRMmSpNLcCfy4GLoAi2YISwJI2JBaGZpSrIYqJar0IGGFAQVMEsBqhYqLKSAX/HYL7kM1weY2YqZRiwVhWUbiKUikFEL0pJTzHTUL7s3l5bdHy6ckkeAyergjYNmdalKo6HNVYAna+3+7GTNddQD1i9tal7LvMB3Ykjs3nmujJXo6OhqSFNXKh27MJY0L7Mj1tWVitdXzZXC6VpN2aZaqEJVPbBihik1DAPQGmbUBBmGiERM+JpBhiBpylqGZYCiJmBIiJY4lGXAWt2MyNYOZP/6DpCQSF/SDVV1ESxVUXp4CuwENXVlAREJFVhFaBiLoOxBOx7X2OkMrRFyFDQgBMyYIUwpKNYQRywdgSkErHTEE6AxVmqk4qp9y0V9sFx2TnoLWERxehHMNLh9uzEyMqIwOCgxMhLUsmeJZ1Jy6Jm5D3nldF37zx8eCore9O0f+fTJesCsB6xnqGIcMna3tvKz6aL7hD9/9279GCWNHB4GDwzsYADY+Rc79XnHvSu1oXtLKmWsFwKrzER0LaLmWi65trNc7dGsTa/ih4YQDGgvgFYhm55DBhozmKE5DGpATcFUAnFLGE1xRLZ1ofrQaXCgwQHOWdWHJqo65Bpw7R1pBpRiYpA0BYRlCCGJhBGaOxgRA3bEgpACliVhRs25wNcT2vGPVTy1v1Dx9roz/nE4SwvAkIfBEm1oDrq4JbXazTmjY/GHstgVqo2FmwujAe4cEh3JkjVz00jlhXCOtv3eNXGrQo17/unWSQCMYchXXv1b7xSm+ePbbvy/Z87bS3y+H5iPViKpB6wXWUY1PCwxsIufohzsM1VirOyfPdG0igAIDIGGMIQ777xT0fks6sH1zb1rG9/oTOUeKo3njGhTtIsDrNZOsFEKXqOBtClFFwgpQRQzpJAkCAyC0gpCCgSugu8GCJjhOz7sZARGLAJ3vhA6+CgFEgJG3Aq1z0EgISANCmkLhoRhGSAwKmUPnq8dIeBQwPMsMMkkTmqlTpUr6nip6szDoTHEYjlccYXaZudNt1AWBe2qhujqYPTWW+NX/dWv/mlmoPctk9+954/3/t33vgGGX7vhVygnK79/+PUO0PMw9TuvYQUxODMoRz7zBH3RHRADowPGs2QH9qRbEc9nf68esF4E6Lh+MDYzOOI8RmCUGB4GnliqNgyQ4RBhpXcjhoeB+fkhml/FV7DSc0f//e7jj3wXAcwCLQMxWLMZ05RNViTSGqEgxizSlkWtSnOaCF0GoVGYMhooTrOBtGmZ0K42CBDSgAFBBIYfBEqzYjaEqHpO4ClPFRR4CUCVCXO+601rmKfZMOYUByVhREpuYORQLCqsSouO1nSQypWkYzp+P8aCcDUTjB3gcwGnuzv6ir94669ZrYl1Rz/1/X/YqNtmb04mg+crC/55waEqV70UrAes5xGDMLdddE13JCoXH3wKyqdrr11rn7zspI+d0LXyABd96FWDgsyB6fv2fX1mZKZy7rMMswX9qCfiDgA7wQNDA/HR3aOVn3hCCmDAAEb92tOTMARgN4BB0EB1gEaHhwP+8z9nEsThEl5NDDB8+4SOjihM08ZSICB1AloZsAEUPIWYUDAMC8wCzCFR2XGWEI8DbW0eLMtFIuHhzjsVpGBWmm644QZxGIelV/TIqlpmvqLt6aWghJMnV2gH/JjZLnYBAzv4UaoHj86e6tSAesCq4ykUluKKP33bDQJ88J7/+Z+Hf86NfALAF374uitlxNi28LX9nx8bOzd9pMEbB43SrB35qdWRHRADdw7ERtHi4NEL3GFpGY7Q8Tg39iNZ2jDk0PwQ7S7tpkEMolqtkud5ZFkWR6NRrq6uUjnWIpoPldSePXuCzTdsNgGgZaBFl2ZKtDy+LNK9aZ04luBSqUTVapVGW0Y1dp/7eQyABwcHjeWWZWH4DQmuFrxj9x4r4smaMzBTTS30KUsC1Q9qHXU8e70E6zH/fnj4sVauqG9oKPJiehCuv36wufd1WxuexGs+Ez+Puocvjz7OtasnJnX8kn5o/II5PBTK9AKDv/v6ay74zZdvfkavU3jji6f5eoShIeM5+SyHh+X64UtXbX7TlWu2XbMt/otw4C9957WpC37tFV2/SEFY/BIFLH6BhImf/T7CIELDz/4hOzfdtDLxHopG07VyCoODgyZ27BBPI/jT6qXTicHBQYkdO37m/9s3dEFmcHDQfNzX/Wn9sWendNu1Sx3Hg+OGbSoz02q8yDOT0OMxiTURy2h/sQ0c6niRYSjMKuTzlh0ODRkr2dfTeBA+qfe8+lWD6bXXrrX7hoYiGK6rhzyT6Lh+MPY4GWoddTxL5Wt4E68I/T07NzQzPUtBkZ5E2XgucA0MD1gvqvL+xXWe6tesjmcRYUlGtXJJYBjygjdekHkKN/Vzf7h37BAYHDTDbOlJlLQ/fz+vfvM9lWu1A+JpZswvwCd5Hc/0dX3G+ywd1w/GZm4aqeKFOH7fsUOsfeAHCa2ciJCi2ZOJmfFYRwEDA/wYJh51CkEdPxfqPYNn5wGw8qd4Jm/O0vEZ/wX7m1+9mzLjvSkrYbWyIbUJZfQbOTWTDXyMjp77/QeGB6yWzWvS2dHJav241JOSpwpR/8CeUZxPflzRVPrlsBPfCS2kckyDyZCGENIyq/NV1Tc/vzJxJAAY3TXqj+66P//LXe3vEM/Z2d/xqIfoiz541TOsZ/10QrRZ22Ll03PBL/qvmjs55WU2d8ZsacAte7NOkPabkyWx/vi0HhsbO59B/8tbDg4NGbsrFZyfdf6Mxx8N3jRozszMPNmH3mPQQh6l8lBHHU+Mda/bvnpgeMCqNdCfqYPzgjuAO3bsEBvecGUSN9YGBfXp1KM+r9rA5KklCU+tWU5P8zzVP6s6Him920IG9Qu5DCc8c+UKPZuBdWB4IFFbNaIX9PX8ia/XXrvWPo8o+1y+D/Ekzii9KG6kOp71w6oBYO62A2UMnzs8L8Rr/1gTvZ//tR795zMKwza4OVkS56V3T/t6DgwPWIM3PqPB5FG/+9prr7WsZJeZSCSe05J4aGhIrr12rfkEDxCN+uT2BfeE+2V9D78w6L788ujPXOX5OTB446A5MDyUuOy3r3vLJb95zYU/Ryn25PDIfmUdPyfqTfdnEYODP9Ew3bFDDLRmzexwlgeyA2Y2m9W/pJfm5w40zVe0xdFQDbKjWY2fdkX+uTAzMsO90Wb2Oow8UXRqZuS4f16z+plD2Gjn5/Ga1x+edTw+aj2Wc0/UDW+4MjkwfNWltQfFk+kr1PFk8cxlRC+Gz+SpBp7nYpm+jl9Q1IPUs4ChoSHjGWhmP90MRDxHgwB6Ktdl03UX9T0HK131m+cXFLp+CZ557N69W2EQT7f5/rTLteZS6bmwDnvSrz8VnZJaaYqejtYb6r+wqKfPdTzF7O5nZD31vtEziPqN+VgYHa1fgzqe5MMNMmG1r+9d216e+cldz+FhuXWVTDf29sUXzkzXdyfrJeHzn3L/sqDtZ8sG/8JkEUNPVfBuFzRYlaYf69/m56nsWtojHdRPUD1g1fEcYi6zwflFD1hDQ0NGPpNPPMXfhw9/e8/0+mLiMcxNd+N0w+rS6dtHlusnqI466nihQ9Zln+uoo4466qijjidXNuGRVkJ9AlbHc4r6gavjqZ4XwjBoAAOyZb5F7/5pG6466qijjhdMwBJt12yLd1/eHa1fjjqea9Q9y+p4KmAAHPGWFex6L7mOOup4MWDHC1bPq4466qjj0Wjb9oJXTq3jFxT1Q1fHU0aysxKgvg1QRx111FFHHXXUUUcdddRRRx111FFHHXU8M6iTw+uoo446ng/8/zgiwyKlC/2kAAAAAElFTkSuQmCC) + +Store these at `assets/gremlin/` in the Netgrimoire docs repo for use in future Wiki.js pages and artifacts. + +--- + +## Repository Structure + +``` +services/swarm/stack/Gremlin/ +├── .env # Environment variables (secrets) +├── deploy.sh # Deploy script — sources .env, runs docker stack config + deploy +└── gremlin-stack.yml # Swarm stack definition +``` + +--- + +## Environment Variables + +All secrets and configuration live in `.env`. Fill in all values before deploying. + +```bash +# Open WebUI +WEBUI_SECRET_KEY= # Random hex string — generate with: openssl rand -hex 32 + +# n8n +N8N_USER=admin +N8N_PASSWORD= # Strong password + +# ntfy (self-hosted) +NTFY_URL=https://ntfy.netgrimoire.com + +# Forgejo — read token (scope: repository:read) +FORGEJO_URL=https://git.netgrimoire.com +FORGEJO_TOKEN= + +# Forgejo — docs repo write token (scope: repository:read, write, contents) +FORGEJO_DOCS_OWNER=traveler +FORGEJO_DOCS_REPO=Netgrimoire +FORGEJO_WRITE_TOKEN= + +# Ollama models +OLLAMA_MODEL_GENERAL=llama3.2:3b +OLLAMA_MODEL_CODE=qwen2.5-coder:7b +``` + +--- + +## Stack File + +```yaml +services: + ollama: + image: ollama/ollama:latest + ports: + - "11434:11434" + volumes: + - /DockerVol/ollama:/root/.ollama + environment: + - OLLAMA_ORIGINS=* + networks: + - netgrimoire + deploy: + labels: + - homepage.group=Gremlin + - homepage.name=Ollama + - homepage.icon=ollama.png + - homepage.href=http://ollama.netgrimoire.com:11434 + - homepage.description=Local LLM Runtime + - kuma.ollama.http.name=Ollama API + - kuma.ollama.http.url=http://ollama:11434/api/tags + placement: + constraints: + - node.hostname == docker4 + + open-webui: + image: ghcr.io/open-webui/open-webui:main + ports: + - "3000:8080" + volumes: + - /DockerVol/open-webui:/app/backend/data + environment: + - OLLAMA_BASE_URL=http://ollama:11434 + - WEBUI_SECRET_KEY=${WEBUI_SECRET_KEY} + - ENABLE_RAG_WEB_SEARCH=true + - ENABLE_OLLAMA_API=true + - QDRANT_HOST=qdrant + - QDRANT_PORT=6333 + networks: + - netgrimoire + deploy: + labels: + - homepage.group=Gremlin + - homepage.name=Open WebUI + - homepage.icon=openwebui.png + - homepage.href=https://ai.netgrimoire.com + - homepage.description=Gremlin Chat Interface + - kuma.openwebui.http.name=Open WebUI + - kuma.openwebui.http.url=http://open-webui:8080 + - caddy=ai.netgrimoire.com + - caddy.reverse_proxy=open-webui:8080 + - caddy_ingress_network=netgrimoire + placement: + constraints: + - node.hostname == docker4 + + qdrant: + image: qdrant/qdrant:latest + ports: + - "6333:6333" + - "6334:6334" + volumes: + - /DockerVol/qdrant:/qdrant/storage + environment: + - QDRANT__SERVICE__GRPC_PORT=6334 + networks: + - netgrimoire + deploy: + labels: + - homepage.group=Gremlin + - homepage.name=Qdrant + - homepage.icon=qdrant.png + - homepage.href=http://qdrant.netgrimoire.com:6333/dashboard + - homepage.description=Vector Database + - kuma.qdrant.http.name=Qdrant + - kuma.qdrant.http.url=http://qdrant:6333 + placement: + constraints: + - node.hostname == docker4 + + n8n: + image: n8nio/n8n:latest + ports: + - "5678:5678" + volumes: + - /DockerVol/n8n:/home/node/.n8n + - /DockerVol/n8n/workflows:/home/node/.n8n/workflows + environment: + - N8N_BASIC_AUTH_ACTIVE=true + - N8N_BASIC_AUTH_USER=${N8N_USER} + - N8N_BASIC_AUTH_PASSWORD=${N8N_PASSWORD} + - WEBHOOK_URL=https://n8n.netgrimoire.com/ + - GENERIC_TIMEZONE=America/Chicago + - N8N_EDITOR_BASE_URL=https://n8n.netgrimoire.com/ + - OLLAMA_BASE_URL=http://ollama:11434 + - NTFY_URL=${NTFY_URL} + - FORGEJO_URL=${FORGEJO_URL} + - FORGEJO_TOKEN=${FORGEJO_TOKEN} + - FORGEJO_DOCS_OWNER=${FORGEJO_DOCS_OWNER} + - FORGEJO_DOCS_REPO=${FORGEJO_DOCS_REPO} + - FORGEJO_WRITE_TOKEN=${FORGEJO_WRITE_TOKEN} + - N8N_BLOCK_ENV_ACCESS_IN_NODE=false + networks: + - netgrimoire + deploy: + labels: + - homepage.group=Gremlin + - homepage.name=n8n + - homepage.icon=n8n.png + - homepage.href=https://n8n.netgrimoire.com + - homepage.description=Workflow Automation + - kuma.n8n.http.name=n8n + - kuma.n8n.http.url=http://n8n:5678 + - caddy=n8n.netgrimoire.com + - caddy.reverse_proxy=n8n:5678 + - caddy_ingress_network=netgrimoire + placement: + constraints: + - node.hostname == docker4 + +networks: + netgrimoire: + external: true +``` + +--- + +## Deploy Script + +```bash +#!/bin/bash +set -euo pipefail + +STACK_NAME="gremlin" +COMPOSE_FILE="gremlin-stack.yml" +ENV_FILE=".env" +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +cd "$SCRIPT_DIR" + +echo "Loading environment..." +set -a && source "$ENV_FILE" && set +a + +echo "Preprocessing stack file..." +docker stack config --compose-file "$COMPOSE_FILE" > resolved.yml + +echo "Deploying $STACK_NAME..." +docker stack deploy --compose-file resolved.yml "$STACK_NAME" +rm -f resolved.yml + +echo "Services:" +sleep 3 +docker stack services "$STACK_NAME" +``` + +--- + +## Volume Directories + +Create these on docker4 before first deploy: + +```bash +mkdir -p /DockerVol/ollama +mkdir -p /DockerVol/open-webui +mkdir -p /DockerVol/qdrant +mkdir -p /DockerVol/n8n/workflows +chown -R 1000:1000 /DockerVol/n8n +``` + +The `chown` on n8n is required — n8n runs as uid 1000 and will fail to start without write access to its data directory. + +--- + +## Model Setup + +Run on docker4 after first deploy: + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull llama3.2:3b +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull qwen2.5-coder:7b +``` + +Verify: + +```bash +docker exec $(docker ps -qf name=gremlin_ollama) ollama list +``` + +| Model | Size | Use | +|-------|------|-----| +| llama3.2:3b | ~2 GB | General Q&A, alert triage, summarization | +| qwen2.5-coder:7b | ~4.7 GB | Code analysis, compose audits, YAML generation | +| qwen2.5:14b | ~9 GB | Already present — deep reasoning tasks | + +--- + +## Known Issues & Fixes + +### n8n volume permission denied +**Symptom:** `EACCES: permission denied, open '/home/node/.n8n/config'` +**Fix:** `chown -R 1000:1000 /DockerVol/n8n` on docker4, then `docker service update --force gremlin_n8n` from znas. + +### Caddy label quoting +**Symptom:** `caddy.reverse_proxy` value has escaped quotes — `"n8n:5678"` instead of `n8n:5678` +**Cause:** `docker stack config` preprocessing adds quotes around `{{upstreams N}}` template values. +**Fix:** Use literal upstream address in labels — `caddy.reverse_proxy=n8n:5678` — instead of the template helper. + +### Caddy wrong IP for upstream +**Symptom:** Caddy resolves service to wrong IP, 502 errors. +**Fix:** Add `caddy_ingress_network=netgrimoire` label to any service with Caddy labels. This pins Caddy to the correct network interface. + +### n8n env vars blocked in workflows +**Symptom:** `access to env vars denied` error in n8n workflow nodes. +**Fix:** Add `N8N_BLOCK_ENV_ACCESS_IN_NODE=false` to n8n environment in stack file. + +### Forgejo API 422 on file create (Forgejo 11+) +**Symptom:** `[SHA]: Required` when trying to create new files via API. +**Cause:** Forgejo 11 changed the contents API — `PUT` is for updates only, `POST` is required for new files. +**Fix:** Use `POST` to create, `GET` first to check for existing SHA, then `PUT` with SHA to update. + +--- + +## n8n Workflows + +### Forgejo Repo Audit +**File:** `gremlin-forgejo-audit.json` +**Trigger:** Schedule — Monday 06:00 +**Function:** Fetches Caddyfile once, walks `swarm/` and `swarm/stack/*/` in the services repo, audits each YAML file against NetGrimoire standards using `qwen2.5-coder:7b`. Swarm files checked for homepage/kuma/caddy/placement labels. Compose files checked against Caddyfile for matching entries. FAILs trigger ntfy notification to `gremlin-audits` and commit a full report to `Netgrimoire/Audits/` in the docs repo. + +**Architecture:** All Forgejo and Ollama API calls are made inside Code nodes using `this.helpers.httpRequest()` — not HTTP Request nodes — to avoid n8n body expression limitations. + +### Uptime Kuma Alert Triage +**File:** `gremlin-kuma-triage.json` +**Trigger:** Webhook — `https://n8n.netgrimoire.com/webhook/gremlin-kuma-alert` +**Function:** Receives Uptime Kuma DOWN events, sends to `llama3.2:3b` for triage analysis (likely cause, immediate checks, severity), fires urgent ntfy notification to `gremlin-alerts`. RECOVERED events send a simple plain notification without AI analysis. + +--- + +## ntfy Topics + +| Topic | URL | Events | +|-------|-----|--------| +| gremlin-alerts | https://ntfy.netgrimoire.com/gremlin-alerts | Service DOWN triage, RECOVERED notices | +| gremlin-audits | https://ntfy.netgrimoire.com/gremlin-audits | Weekly audit FAILs, doc generation notices | + +--- + +## Service URLs + +| Service | URL | Auth | +|---------|-----|------| +| Open WebUI | https://ai.netgrimoire.com | Local account | +| n8n | https://n8n.netgrimoire.com | Basic auth (see .env) | +| Ollama API | http://ollama.netgrimoire.com:11434 | None | +| Qdrant Dashboard | http://qdrant.netgrimoire.com:6333/dashboard | None | + +--- + +## Useful Commands + +```bash +# Check all services (run on znas) +docker stack services gremlin + +# View logs for a service +docker service logs gremlin_n8n --tail 50 +docker service logs gremlin_ollama --tail 50 +docker service logs gremlin_open-webui --tail 50 + +# Force restart a service +docker service update --force gremlin_n8n + +# List loaded models (run on docker4) +docker exec $(docker ps -qf name=gremlin_ollama) ollama list + +# Pull a new model +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull +``` + +--- + +## Notes + +- All services pinned to docker4 via placement constraints. Deploy commands run from znas as Swarm manager. +- Do not use `endpoint_mode: dnsrr` — it breaks internal DNS resolution between services. Default VIP mode is required. +- Wiki.js syncs from the `traveler/Netgrimoire` Forgejo repo. Gremlin commits audit reports to `Netgrimoire/Audits/` using POST for new files (Forgejo 11+ requirement). +- n8n workflow imports: delete old workflow first, import JSON, click Publish. Each reimport resets node configurations — Code node approach avoids HTTP Request node body limitations. diff --git a/Gremlin-Grimoire/Stack/User-Guide.md b/Gremlin-Grimoire/Stack/User-Guide.md new file mode 100644 index 0000000..7a2e839 --- /dev/null +++ b/Gremlin-Grimoire/Stack/User-Guide.md @@ -0,0 +1,194 @@ +--- +title: Gremlin — User Guide +description: How to use Gremlin — the NetGrimoire self-hosted AI agent +published: true +date: 2026-04-02T12:23:18.000Z +tags: gremlin, ai, guide, n8n, ollama +editor: markdown +dateCreated: 2026-04-02T12:23:18.000Z +--- + +![Gremlin](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAASwAAAEsCAIAAAD2HxkiAAEAAElEQVR42mz956+t2Zknhj1hrTfseOLN+VZksVjFZmymbrLjdPd0z0x3SzNjSZZGEjyyDRgGDAP64j/Cn23AgAHDcBIwkmY01rQndGQzFclisfLN9568z45vWut5/GG96dSIBMiqe87d+w1rPesJv4CD6R4RAygAAICCIgAiAiIAIBIgICIoqKo2vwba/psSojFMSESEiERICF7UOw8I1jIRAgCGD0Jk5sFwkKRpmiZVUWZ5Yawx1hAxEcVxxMwnJ2cnx6dZnov32v9iVQUAUERCgPaaw49VFQnr30YABUSE+l9AVbG+KSQEBEAId1l/avstGu63/gxQBcT2m0ERMPxO+El4VuEpQfi+8MXh99qLCB8RfgjhCxEoPHBo/0r4SfMfhPB12N49YvM54RcQ2wvV+mNA6//vPiQ8AARsbhQQUJvP1d53Yv+JNH/SXpiCYngy9SvF+ptU62tQgPruwveGy8L6r0H9m9h+EYAqiCoShTWGiAQAiOG1Y7M067tQlfrRYf1iABABEVXCRVy4kXBtiti9xeYvaf0JzUMIXwGIGJaQNO8bAFFFmofdPDMBpPpZNk8YmscTHrX23qJC+BOtH36710DVAFH/NaMCEjVvt/7G5roBgertBwiqiIBAiIBEWC8iRURR9d4DgmFmJhUF0PZjiYiIVBQBFYCImJmJFSBs0dVyFXYgqIYnUj810fZ+2met7eoNj1wVkeoXF+60+VdEUq1XvAAYRASgZiOFR4aIouFpIYYVVC9bbLYkYPOGFagOBWFbK/SDTb10wtqq93L4odZXCtjbek08AGyWa3Pvzfe2y1YBCKm/V8PNoipQvQPa4IPt4qq/GOpdj81SDM8Ew8PqLeH+km5WOdZ3oIhY3y7Wt9UuknAV9Q+aGFN/e1jjWN9uvUpRm33XLsRmRYfLxy7IAHS/gETN82ljXVgt1AQ1hbBCm8to7rre5YDdSyUg6O1GJYLPRHOtIw0iqrQ33txPHUnbcNcGQa3fZbPHmxeEGLYkIlH3280a6H1iE9O095rCltBmzQAbouanYVF67xHAMBlDYfeHS0VCBGBmIlKVsCHZGGauD1tRVV0slnmWUbMowgGL0Jw3gNTuwvoaQ1yoz3Bs4gEghPeBSIjUrjZVwO5Mb49UbH6kvUUA9YnZ/To0Z0kdCMM31gdCewVh12J32GKzRNuzthc+tb5BgDa0doG8XrLYXUKzw+ufY30J7d+ut1pYVNRbC9CsOgwnSh152hBGTabQPG7s3jogUJMf1amNYm+RYLPGkKDdb4rhYKsPTMSwdvspQnuXAF0WVq/bJrHqfg261KPesUjYnNX1Ggt/l9oXoNoGUWzjQR17Ueu/EmKYqgqChKDZxO7urYSPVJH68sLeaEJ7k3ZdCIzQhPDeByJ2S4gAwEB3Gmt3rmIvjaqDQzj95EKi0z6B7iRC70UVCJEY60SkWcvhDVtr2r/MhpGYCL33XkRVq8ohIRGJSPPtYWEJ1oG1/kgEUAIEQMU2o6xfaJefhH3Yy+3a6xdtstJmgbfJYptLaXMcYP8jmn9vs86LqV9zngGFC0ZEaM5zxW6rNVvjYhjEfgIT3gQ1K7fJJ3upqAARKEgvyLbpVhd/u0VUx32FkLfXD69e1W3GrvVW71ZFeBKI0GYW0GSnQPUZICE56h0M0GRlSKgq2GSw7Ykd/gGbSN/k/NpErPow1DpId5GrTg2ZFP69IxxCKG0SDETtpcPYpMLaHsTaJLfQ1B11ZlSHu/BXVKXJCfAzL097AbV5fdIuqCaf7D2NNvNSBUTTREa4uNrgQhHVVQ7YRbKQzhEhoohQyEkBVARBiajJE+rbCF/BiGwNMxljmRkAKue896qhNpAiL9I0HY6H2ToTFZH2+bZ7CUPp2UTAOttWES/qvReRUDS1Z5R2D6dNLnspeKgBVUGVkAQuVkpNXYhEKnJhFWAIBqhaJ9tQp+rUZPLae25YZ9dwsSJr/rBO2FT7cb+LB+HwDh8j4a+AAgBhm3WGXacXq8mQU2F39ndZEl54y9gvQbBOiLDLZRH7dWLdOwj7r3nA9YLUJqopAEj9najYHt7Yhsk2zW5CTlcEISBQXRm0BVa7K5oH09aqzfNSUMLmeUC711DbLLDONLRNeXo5aX32tFluk4vW7YZuSbeZuGoTlLTJRlVBu1xfL76U/icoCCiCmnCpCv1Dr729NhRpeCBNylBffp3LitSnDYKoqCoRNilkG59D+YfGWmstExtj6uNftH2NipDnBRve3t4yxpRlpW0J2pV53T+2L4OQwg5TAF+50rmyLNVr7xzolTpQvyoFZWwTBoS6rsN+KdC1HKT3r00G1FTYzS22PSAEApD2uptjpLeKm7+Mnyn5tCsPe3+bmn5Lly62a6hJIUGlXkHaqzHr1YLQbOPmLWNvp7YpLBI2UYMwJCMI3XVrk49TuydRuy1Xpw/tI1dAqg/AdjM3pWld4dfVMbUZGhCqNl0ygiZ9wGa3o6piXbPXq1kFu9tqukH62SKsl83UWxK1KbV6ZxRoL+HX7g+gy4qI2tDZna5tiGqzCW2jwIXt33QBtd2RRtsaEfoPumsYtOdhU/z7pgZRRKprSBUiChfV5Z11RgQYWi+GjTEmsojovPeixExEvYNXQNFVVVEU6SBNBykSVWUlPuxTUADw0t5a15ZB8PURSQBorLVRFCdxkRdlUSlI+H3sRyPtN9xAAYlQ6vZaXcVqd3BCd6Zie4DVt9/WKW0wh7ag1Ppc6HUaQaTp5jXdn/rwbHspF6JN3WpS6PZOLyNtDrFwg0jNFfaah9pVFt35Rr1+Qf8/zfbTC50gaA+v9hzshYA6WvWeEnR5Xf0V2rRStUloukWH3ed07e5wL6pARE2DtannsWva1s+EtOlihiDSRJP25Wl7zLTdW+z6GtArOZtd2fZT2zO9yQqxa58homp/A+KFvd51ebrg30YVoJCyAiLHg9HF3RcyK+xKfsJ+qYi9mFE3taBuUhBTyJuJmJlMvfEobD9mBqo/0TuvokRojAEACT0CVQAsy9I755xnJmsjJlJVFfXi1Usv8yciROY6hja5gdZnqzJxFMeGScSL93BhhSghImp9ORcKBKybEM2535422HV6eu2L5jhuer9dQ6UJ63QxCwQihF6nprmEtovZfkI/h+lKGe0ldG1l3891mk/DXn3aXRI2UQTxQmv9wpdj+7QULiz4utsF1NaRvZYntR2o9ve6E7D+GbWHvbaJDLXtq65a7ne6eiEC6kcKeLE4rLcfUn3jvXS1+fDeGm5eHGC7yqE7rKFZ802Lr2tPdw0/6PVC2sZs85Ftb7bLu9v91LbZ6pYSICByNBhB94TrwWDdcmlXVVctdkV5l282XSlmCtdvIxtFlplDYdhGPFVAZCL2XkSEDYf/qIqIhEsry9J7UVXvPYJaa+MktpFtEoLuIVKYdiARM1GzMpH6U64ostZa8eK9dKMgQEToPedmENorxvTiEK57SVqnVOEj2i5eL4HoppHY25bte+n+pN3D2OvtdP9PiF0V8e9/SP0O2uMXe8dV7wKaH9VHXNs/V2za673l1QWl7ri40NjvZUnYK4277d7MrLCXKEP3kBEvTE0QEJW6KI/atve7cNPVHaECgnr+odj7oi5r7C1IbO/5Qiu5DoVtFAQNkbG5eUIkZGIvIiLcbEXoGqRtP7I3CKubTl3yeiES9CuObpxWP0+OupOwiVUamp7tAlLsFZRdFEYkpO6XCZk5imwURZE1CCAiKlq3KJuAHTaM915Fw/ZBBDbsRVUEEL1zzvsQEr0X8R4RrbVxHMdxHEWWjamTWO3iFhNj+2K6sgkAwpFoVcKurm8/JH+ESFTHtW560Cw0hbbW7Rqm7YuoO4/Udl+xPdt68yO4sI2w7ib3si/sImYzK2uXtbZLlag5GDoYBdSTSgSkduyOhND0Fbrw26zMMAqjfky5cOoiNu+62SzapADhpWvvUIRuEtTbvfVHNeln/d8w2yDqAlzzLHptdYSuU9Pb49BbyoS9/ic14bh3rFBzJ4RdH7z5eXti14dNkyi2zzRsRUZUhbysxqPk8v52UTrvPBE1iSGpQlU5L8pEbQqqqoTUXwvdM2oeRz127v6wLhkN9LZ4N6hQbdK8tq3QIUj6O7m5TSIAZk7ShBBdWYkXrWdoYVgUKm0NnRsRBYSyLI0xCMCWImsKVVVFYkIMvxwSS9XCVS6M+Ik5MRYQQNR755wT70XVhMSXEInUixepKifeqar3zhgzGg8BtCyqBhej9Tir7YY13UlC9HVpS9rlZx3OJPRCm0MSP9txbHEyoEi9YqVZEqKfzQFbLAhRW8KErKM3pSXUHg6lK7zwAqhGEUCU6jtCrcEH0IdD6YXUHNuRV92a749j4DMzZGqaNt2ZXA/JesCWdqyvvequtzl7yxJAQ8cOSWvAUzMcBgQEaU+RMJdvWh/UNU76l9lkt917bUvu3hPCDuijQC32KewAYygvKiL6lc/fHA9HHz544bxjQwGhUFbOeZ8m9salXWvtixdnor7+sD58RkERPtNMbqZEdcu0G0QhmLZ330uhtd/gxrbDo10bqA18bZKNTDayRNQgo+qClXqhtX03oQsjqHleEBN4YaIost6LMVwxe++xuTlRVeeqtj5pclDDnCRpyIGZDTG1zcTQd/Xiq7LKs6ysKmPMaDRa4boqwz7UMKyqqxeto36HK6oxSNiOeVqwQDM9a9EEGjKC3iC2eRPaH2lAr+TW0Bts065+q1N7DeB2cNFbbM2uDtPlOittuiCA2h4XdSRB0WZl9nuwbar9PwW+aboj4T4xICuaE75uFIUGZDtKDwCA3j+3g8l6HovdyLHZtIQ9JFwvZawHRk0Xg7DtZnf4mF7/GHtj9SYNaAA9YV4Rrl97sKI2FwxQKtRwii2z4pVb+19989ZHT0+//87HqmKIALQoHSBeuzK9eXlrlETLTfX8cFFWroaJaIv37J4xt2lsmK93Dbtug4YnYvrjMuhBbZo6DqQZotZRpW1odSNuAAA2zIa98wjKTETWMCtoVTkAJELvBXtHKwCoqANfFGV4k0QURTZ8clVW0kxmRLx4UQlnnqj3AOq9qAgRR5EdjUdxEgNAnuW+TmUBCYk5TpIkTcsi32wyQEqSWL2ICqoSACFQv8OuXQ+1OwKbpagN8pP6K6kbgYdCsY3vF+a5HcIGURr0RjvF6irPLt3oJhj1YRJCdb0O2967QNej6LU6AzyoAYZ0GVNYwaI9bHAz1e4m5u0WB+0qLWwRl9obNvTzRanxYk2QaNqvF6AFenG/a+hBaH9Y1w43mlKgzS7CgamI9fQRPjNxrcNHh5lr/wCBG0hfOPdEtJ9MokGuvDjVP/2NN+/euPR//1fvrM9X45hzh6pSerl5fe+1O/vg/aePTt47WvjSpQZvjKLEYGxCYq0iWnrxArmTtZNV5fPKiwISGkLG9sKxQQPUcd90eVb3+pv/DSFUtEFeaNO/IOyNfGrwGhMoeO8QgJCMNXFsmamqXFl5Ed+F0rpTXy8a77z3PoqMMYxEqTFRFDVgN2oDsxfxzpdlWRRlkecqpRNfuqLI89V6MxgkW9OJjSIVcc4DAAg45xBLa2wSJ3Ec53mOqGVeSOVbgFWosEWkWcfa4YYQRXr4GOqP+bpGZdMlb4+8+qzrYYLbzEM7SCNBD5vbzC+xBSfVFWjd7qsRI/UxT2E11f/QDUTgYq1Zz3jrKYa252iAXDbA6x5AqI3TdQuN2jwI2u5tF4O0g60Qhcii3Q0EJH27KeoUqodQ78FO+n19RCC9gBnB7ok1h1wH3OgByzroEtZTGNR+ZdbMFMR7QNoaJ8tVZphEBRE3zo+H8f/i999KYvN/+Rc/vjay0WT3ZJGJYhLb2/uTl/aGBwdnq8X6m3v2xt0rOwnFIuAdCqj4UF6JgG9yzUxx5vC0lKNN9XRRPF1UZ1nlASImIpIahgshVcLR3pUaAYY9qkHXzlGVriHbIsvDOL4dOFrLgzQN4QAB2HCaxKE3YyMLiN6L8+JF2Rg27EoHANR0R21k0ziO4hgRfYC9AXjnGxw9IpFhZmvCxCLLi+ViOZudb1Zr733IrdiY8WQ8Gg69Fy8+vLBQWBJRkqZxFBVleXJ8ulouQJVAmZERQgrtRZxXVfSqCqgI2hQqzYNoYAoBPx9aIE0zsC5auu5nGCt3U+Sutm4PiR4OpJ7HEn62k9PhfcLbkW4i2QGjLwL5Pzv66+aF0Js7aANYbbkRvXywBY60ceQimwE6MgD1pqCq2r/Ydqn0ZyABl9nGY70Q1erZewPAQJHQzUH57CCuyeG1bWD16uk28WsaWoooXgMMtSjLl+9cWSzz49O5Ex3EjMx3L43+9Jv3nNe//eBge2A+eXYeU7Q9SoeWXr00ujEAk+fGOQuSb9bzxXq5ruabapP7vJKiEmlgWuFMtIbjiJPYpIM4TUyU2Az58cr99Dh7/zRbVBpxaGs0ld1w72p4xPSZl4cdNaVGuELHRiFE6rAVGFuTprGIqnjDbK1J0thXzntvrGU2JjJIXPcymUPDpTsbCZkoSVNj2TnvqkpERUTEtzN54kC2IBvZOI6tNat19uzp87PTU/FCzcrc2p6Ox1PvnfdevITMAwCYKUmSJE1Xq9Xx4XFRZAxAhIxKdSsNvBfnVbQGK0o7cO8tMuijGXutOSDsj9T6s4161Nycqu3EvQZDNYtIL2wivDDDU+m1Sxq8RW+wFE7Fpk/bh9v1YJ7NvF6kG+83yCrtDddCydfljt039gEoFw/ediwu0jAOWpyLKhH1kQihiqqDeLcRe72/9hn2AMxh81J/htSg5PUzk0Tow6lD90gmozTLq7LyN65Mru1P/vxHD9nQW/f2puN4PzHfe233aFEs5jkoPHy++PyVyb2dAYJMjBSL5eJ0cX6enZ5ns3W5KP3aaS7oAaR51tIDwYgC1e0WNKAGJLG4PYov7QxGk/TM098cFn9zuHEijChap6O9JKEFxfXO+hpFLC3Jrt7E2OFEQvMKNHQ++9wwQAQQFec8c+BsECKqinc1Vp2IQUCIqCiYEkIKQ0LVgFZXLx4AVEicOISiKLMsH6bp1nQ8fvXlh4/i589eqPfhKaxXm/F4XOO/KQC5AjhO8jwnojRNRqOhd5V3FXWch4ZTQtqiVbHDvbZjYtSWodaPVtSSofCzQ2Tok2j0whyyN3cKjck+NBHbs7eZG9VDSKDeDrwwRO6VEtiDkIAGXCE2PRyqExpooPWh5oQGbtJUGYra3xz18CMAuBEu4nHx4tKvC+Re373e3tj0jWsWm/QeBNb5fzfsCyDcHuykVwCrAuJn8c4dxwWbvgwVpXv93mUi/vDBUWT5zfuX/t0PH4wS8/e+cVeZxyhfvjo6O11PfHV9gOsMfusr12N1i9PZ8dH5T18sjhb5rJCVg0rAI3rkAPeUuoNfQ4JEVBQCYcQrlkAFkAtPqJT4rBqdnU0TurY9/J1L02sp/7OHi6JJl81FWmfAPPZT+Bp4i1xXkh0JTKE3CO1WXq9dFIgsdTcTACTgsRFEpO6g1ONaQqTKe+N9HMVRFCGUIiAUhvg1xUnFha6Xiiydr6pqd3fnlZfvKcDzJ8+abEcCyC18PhFq6HOLqteyLGOI0jTON1EuHrvxtyqAqAAiG25wch1gFy/kAR1FDwj6s6/eCAd7a6KeS6mEx6vSNVFUL7IRe/mIUkOAxAa+ropOQlpF0rQiwwMH5HoLaQu7bLoaIaXrTskwwmiOee1gKGGrSRsFwiPtINZtG70ZtmCPZdXDY/fg1tqbrZP22YM18037YNm6uY5Q06YUmpaQdpP5Bk3SEE27DEIaqH2b8HvR6TT9+hdu/rf/5n2v8sWXrp4vc0b8X/7+m89nm8so37kWrxeLW+jH0zixJp364+fPPnx6+ujF6vmiXDusiLxhQFAGAfCAvmndBuSmDy1kVlRdC5wJzpUzxarpHyGiARio38/96cHmYFHe2Bu+PuIfLsQSKjZUpvCAqJ8D1X0rpR42QttDEEBFAocCNLCwgAnFq4p458BwOANVVECZFAioQRowk0iL2aj3KSK6yhnmKIoAVHzdQwrHq/feO+e9E1X1AAp5UZydzXb3du7fvblZrs7PzxHQMCOir5yKKigTEVGomwFBvIiKYROniatKEI9YF1oIihpqD2ViVPV96LhiPzltMfRhrfdBX+060V4fAtuNCBfI3NjDgwXQu6pKg3PABmhe4woQkGB3mi431Sor4sheAKb3Oivap7SDNKu/Qy5rR9khBWm7TNpBy2v6Qtcj6J2d9Xqvt1Y70mpLTMU+9ypUE9RBA3rYFq3B6R20VYku4FCoqZy76hmbplEDzyAIsUOohQ4oqCIzztfFH333tcV8M1tkW6P47vWth4/P/vd/8Ga+yt6O5Y0tyubr7dQm6cAV5fGjgxdPzx4ero/XPlMsldWghGwzFCwNs1a7NVC/Qo/0tIIDh0XNTwJq+kcK6gDOgeZAp2oWmTs9WJ96IuQQR0yP6gv9Jil2hLQe8jC09gUUBQFVBInrkwqAiMArgHrnvQgbVueddwaN90iIzFRPpgjrTKQueUQBgMh7X1XOWpskSeV8SPyahBsRxFWuKMuqdKqigkVRzueL3b2dGzeurddrV7koigHBex9QrN57YwzzxSkzobUmiqyvFGtWSF0XEZJXBRBibuE+LVvnM0jfGrasBHgB4aU9SmE3nqsXcDd3xQ7/ogRYOl96YcJxYkbDeBgZaxgUSuezolpmZVaKV4ktvXX/2uHZ8pMXszS2IdPu63JIGIGG3lI7XsOGMUcINROKOjYHgCBQX6kAgMKcH9vTqf4EFQ1TbpEWMdvLjxtyA3Wk/ebUbPjAHZO/5UpiA4No8BAETRu/aczX6XEYZzWnhTTJbP8QDtuCGdd59fLtvTfvXPo//b9/hMyfu7N7e2B+461Lu5IVshmmUHkcTwdaVU8/fvHo0cmTk815ISWQRxZQH2bUoa8DHUELuyiEospIFeBHFZ04RFRuksEWfhyeQsDbnSktlE0puQQWWlMTNmWOtrRRvABE7HFf2nwfQDGctnWFLV5MZIQ8CHrRqqw4TY1BXzPoA9/Xq3oSZqKqrDTQDsOo35iIma1BxLIsrbVVWRZFIV5FNSCwbWTTNBmPRpvNpijKsPiyLCvyYmt7azQcLZaLNE3ES5iUhNgvXthwaOZCC45BZMMgpCKEEIrPVoYiDGWITUDOtT2plkldg5h6GK62Nd8O4bTXb9D2+MM+sKRGujmnhcqVncGbN7devzq4tZUMYmZL1loiRgQvcL4uHx0t339y/sun859/9OStl67uT5KffHpETPXmVg3cXmtYVSpfX2TH6enKjQaZRz2UbM1Eg3a0oO1Q5IJgi9RgA8BAvdSO998q72CPj6sNkbfeT9LiqEKsqAOBQoOMb+gpNSNbW8mQhj/cYjZUZJDERLRe50gBlFfn+YLgvOxvD/6rP/riv/h3Hx3O86/f3fqPXt++ZJSzrFhlo1ESjWJ07vjx0UefHD082SwrcIAeySt4Vak75NihNMJhr6DQQHkACLFU/dDzTMkQaHNstihrlW4QFGKgV3VIQN1Q1EDHKe5yJA2FFCH2SXK9Fl6r7iOqqCiolXcRGhtZVznxUlYOsYgiS8ThysS5UK4hURRFXrwXMcxk2LJhZgVwVbXKlkVZpWmapklRVN55BRXvRSTbwGq5mk7HaZp40aqqQNQ7yfJiPJlMtiZVVcZxVJZlm0iGc8B7b40NyC8FJSACZCIlRkTvXbtwRDwAKag4HxmD1viibGf2NfYCesDqbhof9jYhdD2VLnqFT6e2TY8BBcJElfdbk/jXXt373F5qfVXl2ez55kyVCCPLSRolqUlie3mQ3L6/9ZuvXTrfuE+ONj/65ChO7ei1y3/54REzemkKLVUB3RunZ8ui6r6w2fbUNXV6Wi/YtK+a8ScFqmpY9p+hMiAShi5djWILCBDsdAZaLZ26mdnwGKnu1bWTGGyxa3VREDirHcpGa5JuDdyD8GrCP4bVf+PK3vZ08lc/eDdJorDzKyeG+fb+eJWV/9s/+fKnj84++PTkH31h/+++NBlBUSwKARxf2k4szg+O3//g6JMXy7PCO2Qf+gYQth+1iJ0a14sgoozQqQAgKECl8LHnmRA3Qljd2YcXiLwNW7+Lbm2MNj36MMIF7YALyIe+zFGH+wMEBREFQufFOR/Gg04rES2KsqwqZiZmYm5nxagQUGmEWEs8qWZZVlVVmBa4qlp5z8xJnGwkU/FQDzZExC/mc2Yyhp2rAjTMVc5V1Xg8KoocQOthfQNfqysxVCb23lPLiAdgRhAUj1pX/wKAoT0T0rwkTZ0XV1XNDTeU9naJ9diTARvbSqzUsYywPf5EQoFX95kJ0YnuDuNfvRKNzs9+8DCfl+IUE4SJpZh0nEaTSTqaDMajqBiWbJnZRIZf202+fOe1g1U535TDmP/Zj54ksWlY3FB5BYRXrk5++WLRzBTbGCqf6dNii9iEdvB7gXmo0OdhhvxTkVAR0TfM2gCooVYNA/viYPUBrK2+HLZ1JioASN0CxVb7ClpEXseGxIs0V4DA/9yZjncmI1E1TE585XR3kn7r9esfPjv/D3/r5SHS0aPT//qb1z83haoqyspFo2E0HsJq9eC9J+9+cvps5RygEAuAV3UACih1w5tahGdLvGgHvaFdLQCPPZ8KMbZj6f7QpkW9B72NgOSVbhs1rW2OhkPsE9UaFSXFLobV8FZt01FsU/tePwJVlQmtMcQ1n0ikLfeo+XtEzHEcRZEVVedcVVV5lhd54Z0XL4BITCLqqsrGkWGu+6gNVAABmYmQvPMhp7KRZcMI4J0visJ716eKhoTXsLHWgKoxDAjeOe+cim/6PhIanRqmyaqAQMyj0aisKudcX0qpUzMEaEE3EIb+tUIkdcO+TisJW45P00ZXBUgBXszyn5xUD9bwosDDEg5KPCz0NJfzzC2W2XyZzVZFVshokExGiY2j+aZ4fng+srgzSX7lpb2BoR9/ekZElng7tbsDXhf+jSsjy/RiWVmmwFUnrDuN2NMYIAwCegER1t4j9XDiTa+AWpZdw2WtWT3U8VkaHgH2OHkdpbwjWvW5IygNxQAuzO4hfFRIqqGGzGvQzwwqRGXlPv/yTe/9gycHhjG25t61rb/71bsfvFh86fbed64P9ejkm9t4PZI8K8HQYG/HxObswZOf/vDBTx7Mj3LxCB7QAbbbT9u12vChAi6FAAmBES1TxBjqmxeOHnjDDdO0VjXoMEqf4fRoB7Ru2XMAdTp6kRHeH5I2RWGvXQwUNkOPQVzP2cR73WxyiW1krbWGmUP+SUzExNY2yxS9SFFWy+WqLEvDbK0l5lCmeu8NGhsZ7zXLsvFoZKXWuQhCU8gEgM659jqJSZxjE3JLCdOAjnGsikTWGMOsIswUNlXoCIj0pA+6gKegtXKMMQZ7IpEXuDxIF9TdunpItU9kulBRd8Sw8NhPKwFgZsAmhxHANeIK4MhDorgteqUsluvi9Hx9ZXd459r21ctTw/jwxfl4mO3vDP/g7Su7Q/N//fPH61JzB7d3h/tVpQC//fr+8/P8vHQWSXujhXZE31Zr4UaoUbGs2zlSSzh17YFm4SgCMahgX34W2r4T9sWXWlnUFgIOFxQE4IIGaa2bQxd0YltWJvEF1igzbY3iR89PVPXS1mB3a/jtz13+xePz79zZ/fYe0enxBArvXC4QjQfJ7lY2m3367oN3H8yP1lohKKIHqAAUwOsF4l8IDQSBOQ4MigSWkBltQ8o7yOGxv6iSGDJt6eaqrS5jr0d+scMnAggcjyYXWNk1qoXapUVEFObsHXyrFUFtKOHN4RAUR10AgCESkTFkrDXGEhGolpXLsjzf5GVVlkXpRQI4Jjz6IIBIRMaYKIoCJM1GkW8yTGZOkpgInfchLbDWJHEsIky8Wm+KIm8ne9igA6LIxEkcMiVm45xzlXOuDPPKjlAvnbqjAtjIDkfj1WrtnUe6wJipYxM1CwKBGjTwhWPwAnu1pqv29O4QEJmRCbomPRETMZIlZEQB2oBZqik9ondlUW02RVVWW+N4MIhmy3ydOSS6vZu8fW/7YLZ5PsvPN9Xr1yeg8ubtnbt7wx8/PCOmmvlZX3ITq3vaHAA9Yl1dwfYUBqllS/aIedAXjsELQB/s/35PGyPA3LBukiK0/FrtBpVUrzpo6JfhIKz5q4HRB0BMsTXffuvuX/30071hdHl38tWX9ozKazH87iXAfMOuEhElSne3o/Hw/Mnzn//ok3cerk9LVQQP4BRcnaBfwNyGr2AkIjSEhiBmTCwNIhpEFBuyjKWHn2V4qkR92C4g6GfEAC6A7fqil/3lwfFg1Neu7JFGAetZArVUyFq3GBQvbNlOKQhrGqC4qnLOhf/1znmRqiyLsiyKoiwqESEK617bDyFiQHCVK8syzwpVTZOYCeM4JiJVZcNJHDGz967m8gYGI1FRlMaazWZT5KW2MqdITMRMaZJEUeScC7dTlVVRFOK9d64vi9b06QJIhYbjCQCsVittqZ8XNJZqQYWGSV4vlo5SqtBXNehx6FumQ1htdRSrKc5EXrQScF4IdRDRKCZEXgPPKjzL/WJTZHlZlS6JeDpKvZe8qJQsKXzt/g6Cvv90frZxb93eYtSvvnpJvfz06SKODNR6KNDphTdiEHWxh02vvxOECPdIgBpKjE7iURu8DEKf3l5zS3uzfsRWU5sQuS9Z3nDUoUUOtkKj9fur41SjgtD+P1NRyWu3L927tv3u+49vXdm+vZf86etbl4rsi1Mo8gJVRYSSON3bJoLnHz74wY+ffHBc5YoC6hQcgNSlR9u1QgnYJ6qPIUvICBFhZChmMhSIBFCJ/nIDn1amFXVrhdcB4bO7sEPu9nmdzegYNIzyWxEdbMFaeFFUFruYJkgIgqq1qGYLxu9IKxomVeDFeURwQMy2Vq+oExJR8V4C8AMRDRMgVqH0AnDOB0iNiozGI2M4iiJEUC9IJOIxqGQgRUmUJHGel2F+5WsmcZ2mMpMxJkni4SCtnEcIcv1cVpVKmD5Iy5yXHo+HEEwUg8JivuhLcWorPYZwASza07vuyXCoflbEtx40K0g4Ggk7hWkg2FSCCNcm0avXhrd3k92h3R1FrH6+zBfral2AkskrN5ut3308c6K3Lk8NMyhkmzyO4ycHy9976+rNvdH/+X/86GcPz1/68tVPn57+0VeufXi4/PmLdRKZMPzvZMXhAr8PCGut9JaY3MDx6joCpAZrtEJtbd/rYnugVr4OIpF9eXnpdWvqFpm05GkUqQeP/aKoZcUDiKgxHIjKXuRrr18/Opp94c7emPCfvD4ZLc63jatKYVVRsaNhsr1VLs/f/+knP3l/dpqjIEjovjTi1y2RRGsxVGpx1IzACAnDIKLUUGTQEAhAJXqUyaMSJJCXeweh9iS6sFVb7DGgoV/GtbBhVY6G437Cjz2hhDpiUafb0aCkevqvPWU1BODPiKm3x3vTlVAFkbppSczhomrIqWiAYoXyhIgBMc9LYh4MBkwEiBIqFaKQlyZp6r3keUGIxpr5fB7kMBCJmaMoiuNokKZIWJUVGx6kg/V6s15vVLyrqgs6/wANdRvJGEQqq6qqXJ9a3wGyqFcNEnXaB/8+fKavlt3W6zV2qMYoEYDzUlXVm3emf/jVG3/8lWvfeGX//qXplWk6juxkGO9MBqM0InHrxQYqf31/cv3q9jJziWEmKivvnRfnh2n08GD5yrXJazd3/scfP96bxNOYIoJXrk3+8oMTJWrps61SygWlpJ4wEjXaHbWqUz1qbhCkrawnUZvSNkjVWqa5k/foZQ+hVRHebP392j8qu6QtGJPUbZKmFzoep3dv7B2fzJnpzuXpH3zl9uz07Fd2+Tf2zT65fFPVAQKUR+N0Z3t1ePSTv/nwBx/M5xUKgletADxiWGTSvT4M5EsmIgJCYMIIYRDhVsq7qdlKaBRhYnCYskH8YCEflRQuryXnQR9QH55SH7QeKslGraIvwAcYsKN9JLw2Oh168Ty9gKPvgfP1M42GhoFYP3VR6PTAVMF7CW0jL8KgROCcaCePUwfagFpmZu99nhebTQaqxprExOESjTHWmsr5PMtFJLImqP+GtWKtsdYgkfdSOmeY4jgaDger9WaxXKmKq0rvHXfajQ1gMkwqRJyE3Y7SwLfasXRQ0a/b9BeUFepBXaPR2nw4UQey7wbgGDQ5DVGWFbsj81/8nbe/9sr+/HD24NHJTw5Xh7NNVTkGHCRma5Ls7Y6v7Y9vX9k+nq1//tHxppCr+5Pc6UBRRSvnc6kmhJd30vc+Pvz8y1f+w2/d+6tfPL2/c+PwePnq/cu/+tLOv/5wllqjjcJ7u23qoKrYk3RDVUHi0CdCpEZztcMrNF3NFkMWFFxJ1dccyE6lAlUEWuncBqXXEpd7CO+Gd0k1IIyRRCWNrTG0WBe//tWXf/jug3vXJmtHf/i1O6kWb03gzQSodOuVNGJfGG9v2eHg8MHTH3z/4w9e5CWhgFYCHkEafodiq7ajgMANcoERCdEgDCMcxzyMMGYyWHOyROB04z/coBAHFfNOmEgvWG60u1E7HA9pT769G8gAmL4NR4tlDkI6dSIr2hPGwL4KXvMcGx2b0DZtDFnazVnjRYhCCl4T2wi993VQ/PeYnlgbPFFjdiBFUWJZxlFko8gYZqayclVZOu8J0Virql4VCK0xxpjQ8GEiVUnT4Wg4WK3WpyenznvnXFmW3AxigpETao2+q6UKkFpt21pHGrFVN1HsR8D6UWs7X6rZ3ngBya1d1tBSJQhxnZevXJ/+13/yK7DZ/It/9oOPH56crN3GQaWIhBHVyQMg2the3h2+/dL+Nz5//dHB/N1PTj4o5YsvXb5zbXy+zERhvcmn4/TKdvLRw4Mv378yP18+PFjc3Rucnm2+98aVv/nkXKAv703QBtAWzSPgFJiAWmHGhjkZ3mgr1NwH0zS+PWFNUk1y6BAzIXGolTQaqc6uEdkcq4Sd2UjQ4gIRTeLo/u39dz589ltfe8Wq56p46fb1geWv3hxXs8Utqz53oekNoETEk0EyHrz4+Mlf/tUnHx/niuRVnIJHkFYNp6N/dMpcXNeiYAhSgwNLsUFLwFSjiCqvy8z/9FwO1dYdjZYv2tNhbcHBPUuCWqMEtcXNX9ikHA/HfXWyNkG4QMZpoJV6wXKkJ2usNcMfQRl7FKdWFIYZCb1IK75JiCJKRBxQpNhvXRAiBpVuAAgya6FQdN55L8SkIllelJVnYmaTJklVVcv12hjLhr34EPCNsdPpZDqdrNfrFwdHeVG5qiryTFUI2ufewJoVpZZJqXNo0XbBdLp9XT+h9ljrabN2EzDqmwr1XFZ6DwUxq/ydy+P/wx+++enPPv5//PfvvHeUPZH41CTrOM3iOI+TtU02SQxxZA2jyukyf+/J/Pnx+tpO+tL1nbzw7z8+HUR8aWuQl1VeOGtokBpLOF/kr9/df3KwiA2KyN0rWw+O10/mpWVuxc7aVi4zViJ55dPE7G0lsTWVUyLs+epcGCE0/Rusyd3Qstk6Yg31B11Nk5OILni2tTNUaho2gXBTO3dR6eXXv/rq4WxlI/Mf/cYX/uwvfvHdL796ZTL4zquXN8s8Xmdms4ltYGYjGjaTYTwevPjwwV//7cNPT0oP6EA9oLRC6jUUDvvid0gBQQWGMDKUWpwmvJ2a7YEZxSaxHBuKrY2YTzP5iwWskC/KodZ9SoXPAIz62WJ9pDX2Af2jH8Im7AtVXOSLdLTwjlhdWwoR9k0xAmaX6roWekoWSMRsOYiXh0KCmFpJHmKqpaN7OxuD5yERIqZJYqPIOaeihBhFFgA2Wb49iaejpCi9IsVxVJRl5aqgsiEqiMTGDAeDvb3d9Wbz/MVhXpTeS5Hn4l3IOuqX11DIW5uimsLTc7jDht52UcwTKbgxdgK+7TT6Yj9UO334eqSB6LwOEv4nX73243ce/n9+dnRsBycc52Q8kQB5RQX0oA4oR1qT8WwGhi24k0X+8YuFqr58fQsJfvLx0TC1l7bT9abaFNUwiaKINllJgONhMptvImvHiS0FfvJsYQ0BUa04rqoAzJhXbnccff7m9s2dFBws1y7zgQndXr9SE1jrdm4rmtv0oi84M7WZPbaalL0gBorQyI3WCpuEIS7VuphEzE7g9Zeuv3730vd//vC/+vtfr9ZrL/B7v/r6lXG6XJf5prLL5ZAlssQAaNgMk2g4ePHxk7/4/oOPjgoh8ApOwYMiBdcHhFAQNlEl7EEGNUyG0BIOItoemGHEBkkFvFcR8KKl06x0v5i790ru+Qb0xgIdd037+sqdbGzbsOv4YLWkQi3+eyHYdcY1F/XmWzEThN4YqHOxajpLUBOpm0hIhgMpIejKUMvTx0AFViRUgYbDF2ry0ARTBEjT1Bj2rmrwGVhVDlRKJ1f2J6/fuzKIrQLMV6s8r2ohU0QissZOJxMFePHioChKUc2zXNW3xyBTE30DYEKkaTkohIrogk5mk2woQt+dK8hFQXcwAnby5P2Qr30+HoICvLVnnzyf/5sXVRbFpSIBUAP4pNp/Qqmm9GIBuEaDRAMUL3Iw26yy4t7l8WQQvf/odGsUTwZ2uSmzvBoNYmY6na13tgZl6YLwfmzNT58vHQU7Vyy8GKb9abyd2u99/urdveHjw9XRrETkydAOE0bQjdNSgAiDJlKnINrkAg1BqUcIaW1imnkFctfBCk4HXYwm0poICcR1fCMiJ7q3NYAo+qNff+Pw8Pza3vj3v/H6s4PzL71xF8XPluWm8LBcDF05YIhRmZnSOJmODj5++pd/8+nHx4USVgpVW0/UXYamDdvECkYCVcNoECOG1HLMFBmyTDFjajG1lMRsI2MiWlb4b+dwFmaD7RwM4ILNVteNogsg0P+JAaK2u9j0hxz9g7AvGl6TDPCiA1uvRgxblDqX12BBgUHhNwhhBKukGtrfQEqIMEmTJLLWMtXygspEaRQN0kSRcicmiovSVc6PBvHVvWlWlAcnS2Le3RodnKwQ6aufu6VOfxnL0SkfnG9WuSMiQxRHkYicnpyulksFvLQ/PSjzTSnNsu7GOoEzTIhOpBmk1zenF/wAL1ImOrhVfw1KM0aFnmVA0wNosnpVtASPz8q5Q2VGEWr7JS0qTmuVt4ZwCKo6g6iyvI2byrknJ2sU/eqrl7z4H7x/8GtvXb+yOzyabQ5OVvu7kzi2i8Vma5yezjebvLLW7I+iJ0sfWVxX/tp2emd/NCD49bdunS7yk/nmP/3NV6/uppahcj4vyvUie3q8eff5+p3n62UpdIFq2lcm1bbj1xEo2mEkNarw1AirSlBepfqADb1XJm3m0s7LZBRf2h+rTd66f+3wyfH3vv6qKL728s2qKI/npbKtinUqrrK2AjWkPIjtaHDy8PAHP3r86XEpCF7BX1RiaxtRCIJt0FQgJAI1hLEhQzCKcZxQYshS0OMLNHZhome5vqg6x1nsGye3D0R6bIdOX06hNurrH2jtC0eOhuPOtfSiO0IYJ7eq2z0PSO0VkNBoh4eeUx13uhKPMLRJROt2i9ZDJAziiFEcMaIljIiSyBIzKDJhang6iq/t79y9fnl/OoqNyUtXOL8zHd25uh0xLlb5eJQK4GKZ3dob37sy2Urx5t5wfzIsS59VPoy/1+t1tsmzvEjS6JW7V588PaFa6RwIQy2rhBjIg3WrkGrCbqe7AJ1qfMdO7ewNe1YMSP3i74ILAjVU1/opaqbNcQyf8Tfti+R3fLEgZlAoEfMQpfQ+r6Qoq7uXR1npj8/Wt65MhoP4fJGfL/Ld7eFqnUeWnZPSeSZ8sXaHm6pw8sU7O7/35rWrk/jXv3CdQS5tRW/dHMS+ODicPXg0e/fT2fc/mv3k0fr50sWW9gamKt260p7UNrUaH931UgdZaH8VGl1BpqZv19wV1Wk5EJOijoZpSJSKyn/nK/efnq5+5+ufu7m3lUZ05+YlJ7jJy/NVyVGcZxlkawbvgPatHyZsh4PVbPHOTx7+7MmyRPSdCWMHvdRGrYwanTtqRLsZMTI4sLg94HEMMYEljQwZQ/VCJThfu3995A4cci3JjHrRT6bZedT34mxONtLOJLwPfawXB0fDSaOPXgM4esaXDaD+gql3W9lAX24Oa3Jq17YOV2iMISZpnCIbk2jwIl7UeanKSipHVTkQN1Z/yeqVmHYtTNBvgbucRFcG0R6UtxO5N8QdrGSzIS+vXd16aS+tso33nmx8OFulFi9tpeebfHd7/I3PXb++M1DE42V+vlxHFp33s9ny86/dEtHj4/M45pCRYlPQaOCzA0l9g9TtO+xwhb2eXiPtznTRGLjTRccGMd1KgXQYe+zsJlob2+abajkNasTCGr/hujgwhAVSQmS9cx5KpwB6Y390uswt0XgYpbF9crA0BseDqCwrZspLTwBzB788Xn/vrRv/8Cs3RxbvXRktV5txQouz8++/8/QHP3/x4sXcZxUVBZb5YrV599R9OKuOc4eIpZfmKvvOLz1/GYWelQy1WmzNzEOBqO5GB5JU0O8nUoXBaPDa3RuHx3Pn5fb1vS+8ev3xi/l//AffQOStrUmlmBVuviriNM0rl69XXBWOeEvK6wMww8FmuXr/F0/eeXC+qDScgdoz9FVEDdDynpsYNmNaJhxENE54nFBoig4SO0hMktggw6kIJPrpuf/rBVWN2Yt2U7ULDhTY041s6kPsPCe79BR7jqRgOmutljuMvaQ0pOlNwdbzJOn0iUD7XpOKQbQ5oDMoJPyAoIbZC1ReFCBiHTPuJfbK0Fwd8MTi2OCINSYxVBF7Y6yx1sTWjslEZekWldsQy+2xVInLXSmz9WAU39/jRVFldkPp6PmT55PLkzcvj3/6fPWT2frlq1vf2R29eaf4lz/wDw/OXrl1+f1PX/z0Fw+++7XXHz16oQLEyI2LmJLWAp29mSV0LuU9peeL0qMSZlrUzgu19gnsCYgpIHGHktdGRKPtk/XGjdqmLtQcmzW9vWG7N5RIOFW+Ecd+vSkdvZgVseXpID5b5KPUDlO7PYmfHy2n9/aIMSiJOFVG/cpr1//h1++uT2dZXp16bw3+2+8/ePj4NCucIhXWZutSFA1pRDSISJW89/NK2nq2M7iteWlhNF8zzZvb11qdtq6WqLFHVaqZCq3oIWZl9dL+ziQdlGWFRF9/+65z+vd/48uTyeToZBbabPN1QTZyCnlRCkBp4kGxuZmiSZOyqh5/+uKdj07PNw4IfeOz2veylc5eQwJsNbSFGDGxNIppOuDEUGppGFFsWBXWmS+dVt47hU0p7y10A0QEEu6Aar0lgZ6dtXbWap3QvWjDq9ZWuDUE5UZvK/gTtuqufSFo6g3hCRAIRC8wpVqV8g4qUEO3GlZMPYFQVa9QOc+glxNzY2Rvj/hyTBMDFrz6oih9uZEzL6IggExkmIw1SZqOCozsGsq1QYkMWqY4omlKIurKTER2EaNII4L7u7hZnaSy/N7++NFCHz49GG+Ndsfpf/q9V/9/P3328YvZ19+88xc//XS53nzzS6/9m++/Gw0jUTVEqmqIVcGhYN2UoTpn7vkSA0ibtjda7NQXdegAtdip87VVE/VM/lo4Qxv+qG//0uvkaIA+gHqtfW+bKTYi0Uqj/dTNC5dXfDgrrkzjSv35KhOV3a10tshni3x7EuWlB4C8qF6+tfeta5ez+eqjh6eXdoZo9Z//xQfPjhY+sueYLJRLR9B4JoqiQSUUBWBsGHHNgsPO25OD5l/d2hTt8B11160DTjIFoQiQmpgLiOC9v743dd7npXv13pUvfe6WQHL75pXzVVZUPmiUlF6iyKwWKwAQYq9whX1iUVGOnh389MPjo2XpkbxXJQRUH4Ij1HOzcPZS48CGRAzAqIOIRxEOEx7HPEjMwDA6X6zLEgAsD0aG2ILCs7PiwInU7tM99w3sbHv1M1ah0ArWNc2FJgfsMKZ1XKqxowA9VF+PQtLJ3xGhQJ/Wq32f18+4Iob2ISExoqhWzqeMN0bm/pAuxzQgEeey8+ppKXnlnUAu4FVRUcPMhpCZbEIDMsOlaDYv5rMYNWUYRzQe2NEoGQziJIlqaj+id069H6FYX+H8/I1h/NIwOi0yAsgL+Edfu/HT59NfPj75O9987Ye/ePCnv/21s/n87q3L3//Be3lRRtbUFUMzhpCQOzWqJ20i2Bq7g9aaEq3egvb8Weu6qIElhupDRaixZce+obw2lLke9SeQFgSh9B5UE0OTmFImAnSihZPMoXe6Yp4aG1V+XbjYcFZJZMgrrbPKsNmeJOfLfDSwIuqcVF6vjZKBzz9+cOQqN0zMP//LXz45Wi7i4alGioSkNU4NNEiA1YgnxEDcV2k1LKhRHLpoPaXaF5wJwT2IbFG7Rqi1tkdt6uprV7efPJ8D4ne+eu+V+7dKb/K8yPOyqjwbM19tbGzL0sVxtFwUeeVuRDotnUnNwZODn7539Pi0cIBAZLYm7nyBoh1VpWZyamj7UWNvzkzDhIcRjWIcJ2aS2tiQlo4Yh9N4GlPD6UARrwjrwKUiFGl9dy4YT3YdqXag0LFltLZb70Rha/GKsBPNhU5Dj+7Z+Pp07qyNxr/26bzQWdQqIRAQgFAjB+BEtyK8P4nupjgC54rifOmfVrrx4KWmUbanTWPziERk4ogmW3k0yHOfzTfFqmJERjBQpaYa2nwn4e0hb0+SyfYwSo2NIxVRLyTCqEWWJ4P49tg6KB1QmS1+/d7W7Z3Bxsnt/cGz5we/+523ssrfufm9/9v/619ZpjSKzpbrMLT1XrCx6WpQQY2C2AV1M4QgktsZCGgPpK59MWBsXbi1V07ViURN723dDEHEiSLIKDHX03jEMLWcMMXMhBQkGBxA7mG29utZOSTyXvPKr3I/HWJeepPadVamMZ0tqyyvrOGyckrM4M9O5i+O5l969fJf/vTRpwfzIh4eYwwAFHB5WAvVhBUTgrw0umbtFde27PV4vlt8SBgAar3sDGtX99odoDMEa9pUSIQ7u+ODWbm/N/r21z9nB6Pl2dI5v9rkiJhXZU2GMXo+W4rKpWk6OJ1NR3Y5m3/4wdEnz1eVACZ2dO/m7OjMe18byyKEcoOw9S+vjwjDlFgcRjRJzSSlYWwSRAa105gtqoj6puNJWBb6YOHmnogCcKrVowupQeeVpX2H+W6bBgWdIMdOjZ6IdlbNChwPJ11tSRfAfB1vl9qhD/Q6eBeEVxtAMpggXiSaML69E31rz95gV66z57P8cCXzEjKhUsEDCAb7Kw2dytDkUEIzSOPphKPYVYU4t14sBFQQhahCKtlslM9yfzjPT8432WKNriTwg8lguDWJB4khxKoELyBiDUdMEUKVV9t7e6Px9O6VLfbuyuUdY8ztW1f393c++Pjx5b3prWt7z47OQ0NJQ4eqbU9pG8R7Hrfh50St26j2/Hr7Oi4AFywjsXY+7Ib+2NrlIQpgZGlvyLspDRAHhNPEXt+f3LwyurE/2NlOrYHIIIsMSC5Noht7I/AyX2y8qGFMYwuISWzyyjNB5UUUkticL/PhaLA1Sd/75HAyiivn/+LdZ95Gp5wKEUJYrxedNLVHj9Mg01zbVgH2xYe1b9dGjVVAT+QUupSAsIUKQu1Oid7Ld7/x5uk8v7Y3/IPf+fb5+cZVLs+r+SqLk3i9yeMkFtXFYkmEW8O0OD66aQsusicfHXzwaH68KuLd0ZUvf+7s4HT9/JjZNILMBAhMRNoaVWFoa6UxbQ15kvJ4YIYRJ0w2gnhogRFEDTFzIFaQF1hn7gfH5RNnwhwlPCDfzOH6LkrYF0dtB+vYQFs6IGS/QQOIVLsyha0Zeiq1bVfHz6/fRetOKkFkVxuZ2Y5kEGQuQZy/MTRf2Y2uWJ0v10+W1bpSp7W3Zms2JnXXAsOMDgmBKU7TeDQkNsVmjQoq4lRql7Igc8YkIk41V1jnMCvcs+Vs+8n5rSvnN25d2rmyn25PdBhXq7UUpQdAthxHsS/PT2eL6TVEvH/n+irPX7p95fB08a0vv+bL6vs/fPeVK9u/Poj/v3/5C44MKBROjSEUEAnT2SbP1K4q1M9YTfdtGy+YFobpX9uMqYf9dYewc6dHJEoYBiz5phyNR196ff9X7m9dm0ZDVl9kROTVrLJquchfHK0OZpu180z8+Veu3Lo2/cEvnp0s8skwRsKscACw2DhreFNUI5+UXpLUPj04P1/m1y9N//aXT5VpZdO25d73zqu95RFUWn2XTu1FujlZXSGKl56jWTtjbf5i01Jn6gaJyK0Eq1pD0/Hw2t7m9Zc+77xZrLIkiubLczYmL6p0kHqR+WIVx1Fs+OTx09uypmrzycOjDx7MXuR+cP/mzbde++THv5g/OgyOQF0EUUSRur2soKARY2JwkuAkpa2hTQwlDEnKyKAIxjCLqpN6pRFYpVLw1CFSnUDW9khSi2q1vMB+y04bq/VO3b1uydYLuXHXqEsajoeTZqLX1Yt95FprxF2zWLmhr1wYWNQiHKpgRN7eMl/dIiqqZ+flaeYzH8Rz6qwcEYL0E1HDfidiw2RtnKY2TRGhyjbiKmKuyqqqqgDyU6wBTQpQlVVw2BaiEs15IWfz4vx0LqtlhD6dDNOdHTJGnVNRFWBjJducVVQmQ2UTR9ZGbOOocu71V+5MBsmnD59/7qVrSRx9+Pj4yuXt6WRwOltPRoO9nfFiueHau1pb4jwg1pR4ot5Qp/MZ70Y7dVrbZjHUMznHHiATmHCTFzHRH3/rpf/5d+++fS3B9frZp0cffHDwwUdHHz84e/p8vpjnFnF3MtwexFp6Vc3yapza63ujonLn63IQ26CGkpWemIvSE6FTHQ7SB8/OkiRiw+8/PNZ0cASWsW8N3CcgdVZPDRq2bsxCX/C/AbtfACrXwNQWmVl/CrfjnmZuzszey3Q8+MPf/tVLu9v37t47PT313q82xWy+TIcpG66cXy5Xo2GCTp49eTFdz6/61dGzk/c+Pp7Z0Y2vvTW+feP9P//R8ulRnETiBWogpBICkVBHL0ZLEFkaJ7QzMLujKDWYWEoHlpgscWSM8UoAbIkTZsPMyIRH8/JvTv0KuFE07okR64UirkbQdt21brDUg161m4wa/DiYjjgBPUhr21mtDT21e5oqcNHqvJU69QID1K9vm9sxnJ4Xi6qWQpKmsO87kQaQdi0aQkSG2Vo2Rp2rxIF4DMooTWzFBjkVPJ68qooCIyJ4BEU8B8oyOn+8OjhZ3b1+cu3utem1/XS0Vy1W1bqoyjI2lM4OD0p1Vy6lEbvcRWnsyoqsefvt18bjwcefPPneN14vVP/ynY9/99tvMvODp8ff/OprlXNHx+eGsHb4aWBrTQu5Tw9r3Y96lJbO4LFt8dctCdEO8ECEm6L85mvX/un3Xoqz2bs/+fDRweZsnm82hQv360WdN0yjYXxlf/ray5devj19drA4X5frdaZe37ixfTjPn52uCJPIcOFASwGFTe7S1K7W+fkyu7czfnq0sIZnHKlQZxrTO9par57OAg3qbKU+BrBn1I6ovn+ndSynzji6dRGv6aqiwITEBIhpEr10/9bNa1fzCsqqXK42cRSdzWbjydhY3mT5Zr0ZDuLNan1+Oh8Wqz23PDg5fXKamfv3X3/tlaOj44/+zV/Dcp0OYuc8cnOpzbVS6ySDag1PU7M95O2hGUQURWwjQ4yWiQBIBRPi2IjzwTtKBEDhPKsyQTa1AWN7umNr1tGUfvUb7WnHtUh3bJNQbeVhOiRBrTHTSmkR9VEhnQlfn4LZ07LQRp0LFTRG+Ma2uWHkaFmuKmCmRruhhujWQhkErYlS4L8jMVMoiF3wAAUEMoaIfVUG1CgHRfsA7XXOVVV4tGQopFQCSswVR6c5HB4usrO5KTfJIBrsbps0lqp0CpG1eeVPKkgmk1KkAvWqTmQ4Hu3tbm/vTGfz1Rdeu354unr8/PT3vvv2j997cuXS9JW71959/4m1BL0hgxIicRj3Qm2W3kpF1Ixp7B0LfbcgYqwtE5qwwghZ4f7+1+/+r797/+ijT/78hw/e+XR+PM+9aByzgFZOdrYGb79581vfeOVLv3L7tdev7O2NptuDq5fHe9PYGkLETVYNkyhN7fmySGJbOXGiKlA6Px7Gi0252JTb0+Gzo7lncyCRBI39epzdHPKN4h5qp4NSd/G6472hujSrBqjDkTbIKKCGUBIEKdqBuajcurq7zt2l7VHK9Pf+7vdevnMtL/zZ2RmqLtcZEo3Gg8VyDSCGcXZ6tlysos1qOD+q8qKY7u28+fl4d/eDd395/OHHcVV5r977prYOvVAMdAwGFEBESCyNYt4eRbujaDKwkcF4YI0hEiVDJmZOLRoCr+g0yNKiqi/dzw7zdzc16r3RFGg6wA1erZHM7sQyuqIY+4zTHiVXoTV95Xg80Qab2zy7Pk28w0f0ZtigtRpX07gHRNUvj/k2++NVWTgVwgxpBTQXWCitFAtARbTNtzARI3DIUtSDOGqLe8LWBFucU5H62DSMZJDIVZX3HhoKPTFDIzVHbARw7eBgUc5OV7heWpTh3k48maj4vHJg4qXTeeGnOztOfOV9WQkSmchMJsPReJzl+ZffvPvuR8+3xslLd6797IPHv/aNN999/5GrHLWkghBRuEFqtbzzDs3cPkLtzHYampY2tkRh5RLBpnC/8YVr//S7d//mz9/5858+O1xUMWEaUV5WR/N8sjX6ta/d/+3vvHrvzp56OTk+f/F8dnA4Xy0yFU0SOxlGo2E0GkRBTcKLZIUnIudVFEQkTcxskQtSHNnFKsvZnohpt01PL67njtEHMTZtqg4VA9QghKlrMmlPlaZeZ7VCYZ1/EorCZBC/cu/qs8PFzf3R3Xt3/vQPf221zjebfLVaIcGmqIbDdLHOoti6qjw9Pi3WWTFfcL6aXro0eekV2t17cXj2yXsfyHrl59l6mTdOWjWfjgkBkAE5ZCuEkaVhxNsjuzeOxzGlCUfDiA0aRhuxjY2JDAqgAhNHiY1io6JlJevM/+Sk+rRiJJbGqVo7Q3iCngdy300CWh176Di22MhtwUWNDwON7w+29utNABRQCIMRrIVtBTU43jR2kNp438idBG8aPVtXpdeZ4rHD0hAQuYYHqqKEMBa4xDoxQcYDDRNBcFMDQVHg0CZUVVIN0ZPqWRsQERnWulNXT56CgRISqxcv4kUQKRgJPFjD7IPFwVn56qy48/mXh/t7Fc1mJxsGtBbPzs5293fJ+80mmy02xIYJh5OxiSOpiv/8H/32n/27H33upeufPjkkg6++dP1HP/kwSaLaVwqDFJo2mwpqP8pWsFYb89DOdJ7q6S02hsmNx2hZ+Ws7g//su/f/6q9/+W9/8swyp2msZI9Ln0wG/7M/eOlzt7ZOD2c///mD2SLPSslyt8yq+aqsvAxjc/vSeG87nYySNKb9vTROTVZV58uiKJ0HMIZJYVP4xaZMB2lWejLsyKhDbmeTNZWsNWbryZe0ijJ9V+IuyneHpIqyoSBTHdoy9biinWABIoDz/vqlvUGaTkbJndvX/t4f/EaRF6t1Nl+skHGV5XES5WU1GMRHR0cHjw9QfER09erlnf3tSvXgdHb2/OD84Cg1tMmq+fkGGePY+rzk+mJIQZhbnSmwjKmlScI7IztNaJhQNIqRgQiNoRr/K0Cx5cggksvK5apwpQfEUmHhoBEZaDznOnH3tjIMixBqaV/oq2Z3bi/QUbtrpH6IzxwPJ623TEtxbAHLgBdpFxpERzXoULROsRbg1QFF4jMnx4oPPWUKxNyQU0JXFzzwUmmu6IEGDIYUFQiUQAnBMBlDQfQDAJCYjVXxEPR/EJgNGaOq3jkVDc2SNsupHbaJ0BgNTr0KueA8l/Vs7jfr4WQ42t0V52fny7XSdH8ny4okTZIkLoqqchJZWzkfx7GN48uX9/b2tmaz+SC2o0maJMnP3n0QxxYRFSnYgyBzrdgZJAUbnnZPmo0w2CjXwNmel0kPKp+X7r/43deT9eK/+1fvxZHJOH7u40c5Xr6281/+8a9cGtCnHzxZLtZJbHa3xrvT9Mre+OreaH9nOB7Gm8I9PlyezrLluixKj6re+dEgig2fLfPC1SmkAszX5WiYeC8AuFBeKtWIwkZnrUW3BiYVXhD9DCdh4FW1qPTPIP5reJ22mjF1bVNrKBEAM2Vl9Y0vvUwmLir3H//J71y7snd0crZZZ6WrNkUZMPdJHD1+/OzRJ0+GSXL96uWbt6/Ho9HpYjmbnS9m89XpnL1sTubHj4+M5Uu396q8lKIKHUNmDjiLkKVYQ0nEk5R3x3Y64NHAJOPYxGyIrOXABmUiM4g5TUShyiunQIZtZAxRllXfPyyOPBMFp6DOrwUApSdL0LVJ64Kw1Tfu+EjacXKxxwYGToLuaD+BapQGqC/j0yQiHQyhN7CPSC8ZZS8zDw88eQUmZENIFLpnAuiDwjFRxWauVCgkiAbUoMaGrEFryDag+9pXz1hAUvH1q2eyUSwq3rkOUN6UMSoSnJjY2OAtWreGrdXRyCGvTmbjUTycjtG786w8WeV7+zt5URhjRqNRVTknwkxSgyz46rVLOzvbm/VaQV579d7f/vADcRLA6MZwFHHVGIm34M7aArW1660p+4Qd87eGH0EjrFd6uX1p+idfvvrP/4d3lk6f4OCJREe5vnpz+r/63furw7OPPz4+XWYPD5YfPFq8/2j2wePZwxeL0/ONiA4i2t8eDNPoeLY5meelU6fATJusimNOE3s8z8I78qKrohqnSek9GZ4LbQLOjLBHJm2kIqmGxbTOqT14eeB01OdAY2lXzwSo1SRsCLrtkKOWhwSw1vyD3//mclN96c1XvvW1t54eHBVldT5fZIUn4kEaEdGHHz86P5vfv3fz9t0bw9FgucnOFwtXlpv5cnlwaqtq/uzoxYMXO3uTmy9fWi4zXzgmABHmmiPEHMy/KLE8TMzu1G4NzWhoBqPYRNYYNpaZKaxSM4iRjS+dz6twPLIX9KrOH8/yvzqRBXAdmRpFPQnpG/Qle6npVjUg9yYVbUC2HfK/nfWHUMXJaNKXd6FOwaHRcG2Zg6CdYqyq9gb0AT6miAceN4JMtQGaMVw3SAEEUJCaV08bxUxgSDhgjQylEUdMhsPgAmoDcGY2xrsKa4EMYmPEuSB03yrKhVjRoKIBEckaFR/mmKVzWeVlMKLLV9frfGDBMlrDBcfHZ+ej8bBy4r2Mx8NAZgvScM55Nryzs729Oz2dzT//5msnp/P3PngYR1GYmb589+psmWutfh86pl2jpdFVkR7oSKGptwOJLDSrCie/+ur+YHn244+On/DkVDjzent/8E+/ff2j9x7/9P3DD5/N3388e3KyPllVs9yvcne2KJ7PNk+PV6eLoqx8bPDK9mBd+IPzzDB7r0kazVfF1jjJK11sSsvkVLPSJUkkClFkzz1V1m6PBnnl6kQlOMFQZ9bZN9CtfWBa9YpGlBZqgnxzUhL0lGgV22qRav8NNvbWzct/77e/sTWdfO2Lb5wv1+usmC/X88U6TdPRKF1l2eHRjIlee+XOYJTmRXm+WJZFIVU1f36YHR7xZvP80ydFXtz7/L3L9y5lRUWAJK5cZ1zrEoHhZgjOlFraHtvtEY9GdjiKo9ja2BgEco4EEICsQWNc5cUJeGEiAqDQhgA4nZd/feLXQNrhwoMmGPaVC7En/NuNoFpXN+zP+3p0y4afy/Foghe0mFvgdctfbEwyG4PLAOmhHt0cADLBmWCuELKumidi6+pfAQUwzHQD+58QC8WNwphhaAK1mYw1xhhmjqI4TlMTRWytryoVYWONMUDkqlK9qEjL8YbG66ZlPhhrQUEad3abRvlmszyf28vXZ6Wa4VCjlONkuL19NpuH06AoXDpIhoOkVgRHzIsSELa2p1vTsRd5/bW7P/3ZJ8tNPhoNkjS6eXUnsvZotoysaSn/CMisF3HtIWMOlHFqLBsaFUEED/CFS9H50+OfLnChllDY4B+/sf3xR8+//2Dx8YaeVrzhSK0JtiNFJYaJEQBhkbnDRbXMvHfu0laaVf58XVqDKmojkxXlcBAfnK0NMxJWXqxlJLSxzYAmu7t3blw+mS8rJ9Bx5KkW7AAQUSQwzDUAJShQli50hftUEkLyEsxk8cL6DIuESEGTyI7TdJBEX/uV17791S/sbm/nRblYrSvnDo/PhoNkNB4eHM8AZH9nenl/r6qqxXK9WW3A+2qTLw5PjHMGQQzv3776ypdeGe9Nq01RnpyfPjpYny3DckVEW5tWoCFKLE1S2h6brUk0GidxEhlCqhyBkrEUWYotEItoEJ8yERMTqLIhtiyle3qSf3+mJXI7DmxJDAEZ1waqFsOBrZ14gxLt8bz6vdMuBeFkPIFO5AHa8qBxeKw5uK1WcQAuBTvx4IbSa5rWC4uCpn0jkh24ZMFxKvgwhSVLSLni0sOEcWyJyRgT2cgaYw0RGxMPBsloGCdpWRYqYqJYQV1RiPi2PRPecQMOrJPsoAnZ3Lj6shpMx+l0Mj8+LgRmhYu3t3E0AuLp9tZmk1dVRYSrTWaYJ+NBkHgqK1eWTkUm45GKbm+NXn/1zuMnB87Bzs742uWtrcnow0dHURwpdiJhWjc9qeFz1h3QvgxEGzoUQAkvUfX0tHjiIkNQev385SRfl//6WXGk0VJMrrABXqlZkbGRGcdYVB4QS6fWEACcr6u8UhHZm8SbwmeFQ9DIcOEkjc26kNwJB494Jma2iU1G6effeo0Mv//wuQIOB7FXYMNetSgrJ+pFjWXDFKoAJi6clKKv37+2uz04na2IiJEQIS996WVrlIjU7ah6QFe7bpEqDAfx5+5ePz1dk6H/8h//3tZ0vMny49M5MJ6cnYuXwTA9PV9tT4eXdqYAtNnkq/WmKgpL6KuKxe/sb29f2Y93poPd6WBr6Jw7/eTps3feP3p8IF6NISY0RMx1u44RDMEw4Z1JtD2243ESWSbvEcEMUzNMMWIkqhezKjOZyJjIMhEDQOmqdVGsyo9Pih8uVYlVWlZbbWCsnXI59jzNSJup+wWIGnQ+QG3C3xJxOR5NqBMvrNOMVpCjlT3S2vqj1iXjQE4nxB77GxvgMmMLqARmU38UMUfWRJGJYmNtAySHTCBT3DLICkAgznlXgnesAuJUJBlN0uGoKksiVlVXlCoeFJgYOfDjpUVaNyLqNfkyBDZQcZucvJ9evkKRjUaDoiyAKBkN0ZjJeBR0a5gxy7OsKNNBkqaJMVyWvigqVU3TJM+Lm7euvv7qLWPwg0+fv/HqrdfuX//JL58476kVL2nN3GtnlIZK2mn+dUzF1liTnDwvqGwU4J3gJ3PngAighqaqBOjcxoFH3krYVS62ZlM6QowtFc5XHphwPIzOliUiWUNkuHIeETalMJMJmEiC8Xg0vbT9nV//+nyTffL04Le/9eZinZ8tN5WXyTh95c7Vl27u3ro63R0nWV6VXr1A6fTqpek33rqRRPT+g2MnGiDjSnTz6va3vnR/exI/PVhA22CHWoGbiEonX37zvjp976Mn/+D3vvnbv/7Vs/liNlvkZemcWy5XcWQ3ebm/NxkmcVm5snB5XkQGB4lNEjsaxlGa5q6anc+LLC+zbHF09vxnHz579+Myz20cB2p88K4I0T/oPAxj3hra/e14Oo4tAzNF40E0GZIhAEGtbeqYiQNgi4gLx0UleemdOEDv5L3j4t0NAbMoNP6W6IO/mTZvs5VYrW+8pQAqtWgT6P+khhm1nrOcjKd9j4FaLLvzcK3NRzs3L62HI41nFfRje+hQECAzUsNqIWsVEJiJLbEhY621zEYUvCghbURLgQkreq/iOOBujUFjiA0AJMNhMhyrSJltpCqDPBQzMXOtUdira4kYmUUFiWxkw6FNxD4vspMTl+U2jneuX41HAyI01gBAFNskTZgostZ7WawyQEzTeDRKQGG1zkTEWLNara5e3Xvzc3eQ8NMnT//ub379wZPDh89OrOEre+PSaeW1E5qrc5MQKYE7lW7FFrStQIALBxV0Kt5rJ3XmGrQ2WlqZqkHMPWAc7aS2zKs0NpvCGSbD6EVLJ0lsEXGVVWwoSWxReQQovbeRMZbj2ADAeDq4fPvGW198YzJKvvLWnb2dwb/8i19uT4d/+Btv/+nf+crtq5PnByePX5yfzgvvxStc2R1//c0b+1vpj959/uP3nuelI8NX9qa/8vrVr75xfW97/MuPX7z7wQG2L70GAJGAWmuG49E3vvjqux8+f+X+rf/8H/+Oc36+XJ/PV4Ca57nzgsTbW0NAKEu33hReZTpO4piIYLPJD4/OT47PN+uNlkV2tjh/+OL8o8eLp4cqfrw1UlVXOjKhP12fCCZQdRPe24qmY5NEnAzTeDw0EdfnHgIbJkZjyDAxEnvh0oN4YfCJcdYoklTyi8P8/YKDJo122JhOSq0nu9TYCDZkS+oTRD9DVGrFagEBwPQxyW1JHcZZrelVjcW54NyuEEjK0GmeXjADqzG8ICLoHUcxACszULB3BbbGSlQ558UR0IGTUYn3Ux2kSZIkJo7QRmgsmohMRFFkIzbGuCKvsswQEjIyASijepDG5EcMGzI2BA02htggkhcF8WgjQKg2+cmHH589e7736t2br79ikySY9FhrkmHqxUdKoprnhXNuNEjHo3Q0SlbrTZblcWyOj092d7b++Pe/vTVNN0X+H/zBt955/1HpvBd49d7VH7/32BILaHAXa0lOnb5X40DaV4kVhZpoHvqHUI87iDkcl8RGvAu2UdbweSb7V6djgNViPR7E83U+SayoeIXzdTlOzGqjWeFHTVBIYovGMONoOio3m/F0dPXq/jBNPnf3prL89//ux9/58st/8rtffuXO5cOz5b988GL38pW33/78OLVSldNhVLni5x88fe+jg2uXRtcuj9Ik2psOiqI8nK3f/ejF4emKgIaxNcw1/6SZhonAyy/dHI+Hl3YmL9+/8ae//53hID0+Od9keeWcQc4LZ6JoOEyzqhKvVeUs09YkUeeOjmYHL87WqywmjBmy8/PVwTEsVtVytTqf28TsXblUeWGve2l69uxAqgoJ1SsqEKMlnAyjwcDa2CbTkY1MIB4bZkYg1GANRCLkPDhVBE2NB1JR8BJm1+Jr0+wgi4miBKqBrtW4tvRGgfV/O8nRWtBQoGdJ0elXdL50aLpDDi8YZnXi2Q1nTmpSnGhPE71VPG2ABPU0t/OvUFAvKMoR+6AfTxxm/WwNkRHwiuqBDsBcZtpLYpPGFMCzCKAe1VtCYAMql65ekapYL1fArKrqvVehpmtHbNlYJCrLkpk5yNsAkDHqABAq7z1haqMkHc5ezOaLd269/vLOlctxmuRlpQiT0cB5cU6YSVUq507PVwHmr6JFWTHj8fHZZDz+9lfens3nb1+//oe/+ZW/+tH7y6zYnqTXL20/PzwLEulIQd24Fw5V+3qHCI3bX0imqdfuhgtwJRVh5soJKpAhVZlVePfa1bOzDxPLgyTKymoYGe/FixaVZ8asdFnpDHPlXToaVKrG0OWre5vV4vK1/dt3bsZRzISVwq999e0//N5XY2OLyo1H5k9+9zuDCC16Y6OYlZjnq8233rrLPlMURnp6ePrf/Nkvf3lUlGBHw3QYWVTIC1c6UQUv2k5JB8PoS2+/YhFeu3fjlZfuXb+yf3h8WpTValMoYF44AUyiKCuqrKicc9NhlER8cHj2+OGL89O5IRwlFp2fny6krJJhutzktLN957W7k90heL84nrtNvjw608oRAAMGlDUhRBHFqRlMh+k0RQZVIWvYMgYjE1RSBedBRBA1YUBFFapEw54UACcg4JG1sc0NDRcRAVBC9bXHUdhmzQmnAj1CRWc6EEZVnaRF8OwIiDowgfzfA6ZpDzLfAd20mXggEoiIdFSXTpO0BcgpAkqNb0UIik5kg39DDTwUaQVQEQCiKOLB4JlUOyVEKZk4tXHMxpCxAGTi2KZDWM6Z48s3bhw+eZLnhZdaQVQJiYhNFIytfOUIgJiZa0cRMkYam0bn/PnZfD5fDXd3Ut45fPg8K6rtS7uD0SgviqJ0+3tbkYXSuUBUiSMLAEdn8ziygzR2zhPRydn51mS8NZmo6j/8o19TX2Wle3w8e/Xe5adH80FsLcMqq0zIihEE1ItybYQK6lu/DWr9e0IfSwITpjXGqvVCAEB3xuP1usjz0hjev3Ht/hv3Hn3ypMzyOCIvXHghxMp5RlVA56UoPQ+4Ek0jM7RsYr7zyq1subz/2qtXr131quoRDU/Hk6oqq8pXzhksI8ggK0xiTOnW67mNYiqrBDAdxMHKIL2S/G/+weuiPFv7v/zZ0x9/ePzoYD5fF1nhArw32OjmZfm5u7e/8fZrpHDryqW88mfn86Is87IqKwcIhfNs2aksN4V62Z4OFsvlD374cD3fTEbp9ZuXBmliUC1THEdkjKiiaBLZcjk//PCj5x8+nh+cFvO1JbSRCWiN2kmCYZjy1s4oHcZhIsuWOcjZEjET+QpEIDI11qVyXHoUAVFRUgRgUEtKrgTSbk4XOHVBaqCRAhPpDNIa4fG22Avkh2YCC50/ycXdwsl4in03xp40atu07qR+O+agdkMN6pEaAbgmBhI27u3BQEWJgE0nw0YIqlVVifeRNePxCBVyxTSOL2+NbBQRIgMwsU2iZDwdTLfiJEUANkZV14u5eA+gzGSjyMYJG6Oi3jnxQoatMcSGiIm5FjYgQtWQ16nIZrlaz+abxWa+3GRF6Zx3zs2Xm8ViQ8zWMjKKyCYrRXQyHpSVK8pqkMaB0bTOcmIEgO2tyfWr+zevbC2LksmdzrO89K/c2TuZbyTwx1XTNLq2PzqebUwwV27gz6paOhENTqzgBHxjOaCMbAwbG5KhvHKXr+z++rffTtKIo+SP//R3r1y/8sF7H2VnMyI0RHnlQ1kZGRLAyssgjW1sC4Hdq3vD6fD67StvvPnazv7erfv3OUoECJm9YpYVlfNFUSUwn9A5lqfD1Ep2Oj95jj7fLM9dkY3HkSs2q7OjF09fnBzNjIk2m4wAruxNX7q551W3tiev3r18/co0juxqlSFi6av/5E9/6+tvvTEaDsvKL5ar9SYT1XVeOpGsKAyTtWa5LkUktvTxg+cPHx1eu7z71ufv3bl7bWtnPBgkURwhs1d13hXrfLFYPfzowcfvvHv44HGx2kBWWMOGyTTyaYbJEI1H9vLl0XQrjSzZ2EZJxIaMNcTEhlkEESmyiACVx7xEUSASZo2MMKm1wOgrKdblj4/LhyUwoW+1ZBAVSKEW/ZcWpt8X6sK+jzX2ZH6xaecEBH+dlxrs1YI9VS+ouX89NQdBAVGQYGxRM3qDVmSH14EeErVpw6qCeC9FScAcAQEBkop650PjN03TwPGNk+QUzem62CtzG7rOkgABlDnq2MbR2O6kztkkLstydnRobUSGgagqK+ecuAoUbGyRaggcEKj4YJmo4kU8NkBqZgLVanY2Pz57/tGjwe7uzvW9vav769Fgs1lPpuPtrXGSJpHl+XI9my/2d7YA8fR8tbczHkTRpijOl5vxMAHiG9cuX97bGkymf/3OT18/z/7iJ4+m09GNq+XHj07SyABDlrvRePD1L4z+5p0nwJTGRkVEdH97ePXy9tkiW2+KrCinw+TS7nh7PBiPh+PRcGsyTNPBZDJFouUmf3p8Nh7Ff/orn1sW4tX//GfvcRRhFJe+iiwSo2vEw72qBxRiRzS9tH319nUk97m3Xr92/QbbuBRwXpFIPKw3G4Piymxk11cGm7Ojw9F45JbPjw6O4nQyX1f7Vy6PBzQ7OpyfLY9O14YZkZ4sXmxtb4/HEWM5Hut/9t2bi4L+4hcn/+z7nz5+fJTlvnT+a1977be++RVQLIpivlytNrkAVCKll7zyw2GqCuu8VPFlVWWZu7K3/aU37lmDRVFs1tlyuV6tNmHI4b3PsiLPinK5zg4PYb5MiLxCCcqdrn4YS2Ac0XQSDUcRGzSxjdKYDRkCZibxpJ4sIRKUJThHAJpYQRSt/WrRa7BhRFUvuvEAnZuqNr2RUKRpA0jslK1U4IKBcV+7vpdW1tooDefCtAqkRD31e+y8lzqdaiRFldoSC0QDNRxIelosDTJSsUW4oQKqgne+0oy8kGEkCsba4n0UR5G1ImIMW2NyoINKduJ6nGGMMdbEScwEzlXqHSNPd3Ze+vznn36SrOcL8a6sKgKwhgzHwQRIVME5QajNRhs5Q/USiBcORZ0XL4Z4e2htGjtwi0fP18cnyc5WMhmOppPheLKzuzWZDkfjVMQczxZJErMxL47nl3a3RoPBYrXZZGWYSEeG79+8gugZo4oGgwG/eu/6Rw+PQ8izBn/+0cFX37r9n/zhF//dDz998GIOCElkl1mRLNc3r+wMEpvGGEc0X5cfPprNPz40hOOBvbSz9YW3Xn37i6/fiZN7xa0XJ7Nnx4sXz4/Oz+dPHzw7P1tCFLlcQMQYUzovSE7Ai7IxjtlMt+6/cefOvVvpwN6+fQc4yp3mlRrDKloUubhM3Hxi1zd3+OjxExHRQp49eZak48X56vqtK8YtDx8cPn8x//TRcpCY0TAZpAkBPfn0YVXJeBSLogKng8ErY/r9L9/5s8kWK9y6vvdHv/WrBHR2vsiK/HyZOfHGcFb5KI6SQey9O5uvVbRwbjxK96ZjJsyz7PBwcXI6z7KcEdNBokhVIavVZnF86l+8qI6OdL1xVRlifWRsUIJrMXeMmiY8HFgbcZxG8SBmGzoDQKBMwMaiF3UVEmISCYCKgCgKEAJUDkXFeRHRypeVzxSAKLDppe6vhG0oiCChI9IZ30E37WtnCQ3fAgl604r61AyViKlbq9ycj7X4AsBFv4kwiAdCBJIwC5O6yycKCEo9RW6t0fd0QaVERTw6KcDV4mKhmxJZG76MiRFxMEiqyM4hnwAworE2TtLIRgZRVXyRi6ogpsng1kv3P3nnnSwvImMotl60qirvxTunKuJ9KGu9KDETkXNV0+7VaDwcbE0JKF9tsuUSy3y8k+7s7dvp1vjS3nhvZzAYRNYOB0kUURSbQRoT0XJd5EWlyC9OFpNRurc1XiyX66xQxCSygHrr6iXnZDDeWa8XWV4mSRRqibxwXuFf/c1Hn9zc/eabN77yhVuPXsyfHS5mq+L5af5idpCm8Y1Lk9fuX/2tX3vld9j+6JePF8tsPIq3JqPSuR///MOz+Wp2vso3RZkVy/kyW2/ydZ7nBbOFCPIyTw2AVyUrROJ1MBmNLu++/OZLb3z+/pX9/TRNKuWikKJSw0acd6JVPh/B6TTeXLuUzk+Ozo+P9y/tvPfuR2kSIeSTyfb88ODs6MXxrPzZL48vbw1AIgKYna6QIU6SS3tbBqUqq9Oz8yefPgVj3/zcvW9+89s0vjqKU+f14ORkuc5XWe5FkyRyCnESq8hqk83may+eEbbG6fZkKF6OjhafPnw+m632d0fb2xMRKbJyPV8cH88WL174F8/j9ZIRg3VE4OkTKAKKKNdCUmgMpjEmCUexTQdJnERk2KAQCDMzMvoSATCJA68HnYAqeBGnKqpEgirAqkZZN04yqfVcBFqDwHqa7kXrnBAaHzht6Mv1HLH10qYLMrR1F1OpsdwzNfgrFE31iFl7DqF9yScN0pGA1FAp6qyUFEN9ShxaL9rJw7Ym1IGVTyQ+GNYjCDCTNUZVjWFjzWCQRlE0X2efarG9E4/TQTwaErN4J66UIhNXiogXAZXR1s7lWzcPHnwsgK4sfFn5MNhqMoMa8mgYibxz3lUqEnwxyvO5VtXkyuX9l+6YJFIEO0jtaLBz+dJka8tajqPImkBME2sIQJlwZ2sAgN7DOq+Oz5alk0s7o9U622SFKpSVm46SO9cuDQeDxSbf5OV/929+dnpybphevjq5eXViI84rfzRbVg6uXdn6O9996/L2iJlGo8RYkw5G4+llwxGBvPbSnfNNsViuz5crEXn09Hm2XM2Oz9bLdbHJEdRXTkGVqKoqYy0aLsULSDQZM2MEcveN27fvXXv7zfuX9/aYrQDmhSCBdwrgfeXLYn41PdmKNjvb4/Xi7MWDJ+Lg8MXJ8nxz7ZWdo5PV8nwzO54tMvfhg8UXX9urSrcpdLlye7uDrVGq4p8/fvHhg9P1KlN1YuIkSWbL924fnt19+0uwf3+V+/k6816jKEqSWFSdoq+K0/l6tc4MoyjGkZmMBstV/uHHz09PF1vT5HOv30xiu8mK4+eHTx8cZLOFPzvhxSwGYWtQNKg2hb6DqjLVw6mwJ63RQcpxbNI0Ct0aQ8hkOJgs+pLIkiVUAOfBCTgvXoUYorCQRb0CIHgFwE0Jq6AVHLJVBdDgIFHvurogrC1Twz6sG+DaQEQbsm/doWmFeKjJMVXV1JIoAFRLxAEC+hpigz1H+2A1Wn9lkLtTEai9EoFUAZuw1KDA2yZ8i/gJpq3aDFHYGGNMyKYGaRon8Wa9EVeVSeImu4PtkWFiayhOXFGUeRaI9mQsE4G43StXz549zpZLcV6dA/E1ya8220Jio0i+rHxVqggRgoJN4nQyAATJFtmJG129uvvSvUu3b0eJBee9K1XUO1TxhMCk6sERiVU2XHrPRNNJOh7FR2fro9lqdzpcbTKsnGGarbKdUXppdzoapsbw17/48n/zP/wtEy/W8umzrHLgnPvSG/v/we998d1Pjq9O+Te/cqss1+Xq3JrKpHyyeuJx5NEYjwkhjwaDOIoj8/rd68dn86Pz5Xyxmc+Xi/myyHMgXqzWz58fL+cbEfXOIfHVG5cHlhKrb3/ltZdvX52ORgF1u84qAHZlxYyrTQ6SXU6Pr44yRCizxdGTF0fPZoNhMjtf3bi2fXK0OD5YIMAyqw6OVr/1lWuHp8uDk3I0TPe3kpPD+bvvHTx4fr6Y53vb6f0721cvjSaTJE0teO9VimfvWYOj3ZfiJM3yTBREaZmVm7xYb9bi/HAQz87nALgzGb44PH3y7DRN7GuvXmFE7+Fktvj4lw8OnhwmiHBybNdLtlSVopUjETQowR4i4GNAmQjAI6g1HFtKYpMmURRHNZffRmwYXQEqaBMCJe+DGJ8gSWy9goqoE1ZUJ6CgQZDF+WWpmdQoMycoKggoCq0bHKhIo5sNCp8ZEwTnWVUNIpKtUmRjPNvKyoBpMByttA+1k1ZosZi1KUwjRNoeyY0UfIBqcfc11K9Fe07MrTJcLbpouLYmt8YkSSpOyrKajAaX9/fyJFo73Y5osLUdjaZFtqmqqsrW4D1HUWStlmUcJ8PxuFguDCFaBgc+2DsHfzU2qlgVuTpXG1wHd+I0tsMBM6ZpGo2Gw+2JZJvnH33McRQlcZLEcZoAGosooK7yIB4Q1+SYOUliIlyvMyLcnSZFpVlZJWmyXmfDNM5Kt8jKYRJZy0kc/ePf+/qz5yd//eOPFfls6Qaxffn29I2Xr7x2a+e7n99/+umjh+/87WA62Ww2rsyvXNvaHaarzQvBlHGiPNz4iGwkqip4dW9nZ2vsAbOiqpwH8WVZEOFyk3/86ODZwSmheoHtnenA0v4k+dIb95l5tXaTUbwp3XJTDuIkK0vnZRQV++ns1q6LyW5Wq/np/OjZ2WKRF0WFiOLwwadH49Seb/T54fLt+zvff+fgwUG2P0mW5/lf/ujpyTwX4p1xdOvaaGcrSSLOsrJyfr72B0d5bPHqla3xyY8vvbRIr77mheeb8mxVFmUJ6i1pVmQPH5+maXzt0s5itRaEV165XhTlar5mwqPDs/d/8QkD3rt3bX0yE97l+Mp6s4HVJk1MmpjEIjhHXmW9KU7PkZAb6UkmSpI4jW0SWxsxEpokIWMAHFmDRCgevAdfKqskiSqoB3IeAIFN4+ldo0ldUZ3mvgAKRws2wOB2KqAijTe8Nip6Dbip7YY051iQdA39yMbNQpv0FowG4fBORVSbY6yeO4rqZ8zBGtlRbK1LanZ/wNcFsCY0xu3wGZdXCIlo98dhRxMTUVFWSRzv7e5Op1OPslC/l47i0ZSNpeFIdvfcZumrIooiY4yrClQ/moxXR6SAAcNZeVENdA1Q78V59R5UiKDhVMB6tpwdnFbOG0RDkCY2TgfJ1jS+dIm2pvFoYNMkHg2n29vj8TDMe4q8nC9XXsRauzUd72yN4ojLygMxsfFerDVFUUaRzctKROPIiJS3ru7/7/7J7/4fzb8sCvf3vvfqd764tzUyhu1ysfrwF0fZcvX00xej6eClV2+uXPni0dH+tclwNADwnPDGVaWNF+XwvDDOaVVBFBGBOoJ15SLD25MRo+5Ohrev7h2cztZZFlkuKh1E9sbehNmeLfM0ipDwfJWrahjETIfVG9dKyJeDZLCeLean86PnZ8+fzbwDQhgO03d/8SwxOFtWf/vu4efubP8//+zJ4Rov7w2fr/Hp3FWaTva2hglFBk9AP3m4lnweIRDT7vb4Cy9vX9pNt7YnnAyoWhUnn5rJzWAzFg9sVen8fJkX5eX97ckoBYDYknflycncEIp3n3707Ojo/NVX7wwGydOHz81kaHam5Pz2/m46TKwvq6Oj4vC4mK/UOUY1TCHbI0ZGsIyD1KQDayIiQpskbJjAW2uD0AU6QecwTQCBKlEvUAk6D6IqEHQZwHtgVpG8qI4K8WiaM0rbaTqCikojvNZTUtMgmi2gjYykQu+MDBN7gcapvCZbqnI63WoAb/WssB7MU0Mf7utOQ+3YrtqprLUC+7X4L7Uo5YZ7CKiAoiCIigRILTGRiAZpoiLW8Gg4RIDRcDgZD5MkieLEWrs/HSVxVK2XPlvbKJKqAPHpZGqiyJcFEXlXbWYnDCree+fUiziH3oF3ICIi0EhMtP6qKiG0sTGGjak8ZkW1OF8sT043s/nidHZ6dPLk0fMHnzx+8uTw/HxZli5J48l4yERF5Y7PFsezZeU1TWNELJ2rfI2MMYxegYiqyosIIexNp9/44kt/52tX37iCzz/8+MWDF9l8kZ2dWHBJTEx0eLh49vhoaxKzsYvzpXcVkzLJcJwktNydOHA+qwwyZYVjCrQ+OjlfoWpsjYgQ6u5kaKzZGg22xqOtyQAB55uyFJgOorySs2XGBPNVNkmyt2+VU7v2ZY7gzg9ns+Plk0cnJ2eb7ckgz935fPPpg2Mi/rMfHjCb956VJz4d7e9uODnxMQ7H8Xhq0mGB0dLb0wxWjgVswjiOcGtkDJSr5erJs9nZ6bn4Ik00GViPUZIMjLHOCyKLKDGL6HyxfPHiZL3KB2mc5/npyblz8srLtzbrzbs//di5ajge7m2Px6PhdJC62fnyw4/mj5/k5yvwwqAIaggoQJJJI4RBYqaTaDyJRpNBMh6aOEIEY62JYkJg740rOYhYVR4UgSkkn0qs3NgRAvjKFavN0Vn2N6d6qCao8rZCQe1kTltPeryg/xvOI0LAcIA1zZjGdr4VPMEWYcPJZNoOEDtiNWKwj5YGhtNoFUEHY+0artoI1dTkJkM1IaDl74iiRw3s3tatN8BZBkkS8L5bk3GaJGyIiJI49iKguhXRwFC1WfhiEw/S4JE+3No2USSuREQRvzp87spCnPPOe+/DzTeWjEg9Im19LxJqemwlW4nQGAaiMs+L1aYqSxtHo+EgstZ5f3Y2Ozo+W+eFje1kMry0tzVM47ysZss8spG1VFUuLyWKDAAyMwIzYeVKVGFwuHo2f/TLJx89PHx++uTh0acfPs1Wm3KTp2kyGkeX9gdns/WLZ2f7uyNic3Q4y9Y5aWkijpJY/Xp/m12eZSWoUlFJEtkoMgh4cr5CZCJSEWM4sqasfBJZ72WZudxLEvEgNqusdK703kWYv3Vjc3kbs8VCfVWssucPj05PVodHi1Eae5GnzxfHx+uT2fr9x6ulRGsc5NGIksQjr3Mn3vnKF3kBADay41Fy+dLOtat7SRwhgkderouzs/XJvFxs/HLtF+drqMqR1cnu3vlGPnl6/Pzo7GQ2y7Jys84X81VVVaNBPJ4Ml8v1YrF2TgzRz9756NOPn+ztb925e+3Oravj4WBre8JSlafH4ktKUgIh7w0RolIQeWMyCJGh0cDs7A3Gk3Q4HtrBgAzbKDKRJfXsSlIfpE/QEFqjbBRARKU7sUBU0bAC5Kvil0/XP1jyhkhUfKtaX88HVduTrnHOJaxNc7DfTekJ5EMH3O9Rj0BBwYTaTEUlaMQ1cgVeGteOmsTUuAJRJ5YRhmANgVjqHo7W7pEKSo0iRtNNgo4WgIAA3vvK+0FsVUVUmKmsqs0mGw5SQjrLyrMEd4dRNBiSpsQcJ7ExZKxhGzNhnm2ktJbEgyiCJ0RAV7eh0IuqiPoa/15r8YAAIofGEtRSkiayTMhENk3I2sxLXmaLM2+Gxdb+3qVLu+PtCVsrinleWbaT0WBvZ7LalPNVppCksa0KN1sWO9OBRVZCsnY0TGx5vnn0weLo8XK+UYDdncHO9ujgcPHpw5OnZv7ixeLGrW0y+NLd/ffee/GLnz58/Y2blu16nmWrzFfu6v1bzjlr1jcvR3xwsirT83K42fg4iXcniWWcr4q89LFFZE4TWziVrCwrX1RKDIyiIiqe0RndvHq9ujLx6jBfrcT5gycnTx+fbrIqtpym8ScPzk5n+dG8WFbxHCzEqXBCgFp5v8kBkK1JEpuO0u2t8WCQpElUOndysjg8mm82BakWa/GljCIkLUa2urITc5wPdrLxbX9lZ8sDHi/i1SpzVYUAzFhVVVlUBwdnq1V2fHh2eHB29OLk8qWd73z3K1ev7I4GVipX5UW2WizPT9cqAujLEqoKa3NHaJ10kZCYklEcp3EySE2a2MiaJGJmAiF1aBg5DnQgVAHv0VeoYa7WSG+pB0VfVS4vF4v8k7lfaMygQTtcRBlRURlBpJa6lV6JpSptyUadJ2GjbdGqcSO2bl7SDOKN1mM+7Cl5t/mn9Cn5EqQyRfsiGX3/7JqD32JOAVtEd4OARQ89aw5EAciLcpDEkTV5ngdtm8wVm002Hg6ReFFJ6fxkPLRRXK3Opdiwsage1Y+3tuLhiEBGw4RckYMCQOVrgflKFKEmlfqwGb0GlhYJSu2jV2sYjXe3J1f2nVdXVsbS1mhgJsNoOKQoHW1vjaajQRoniY3jiKmRkFEdJjaObF75sqwSy4uNn63yS9sjw6RSnj9+8Ojdd374/V/khQDApZ3Bvbs7927uvXJ3dzTgjz89nc2z/KMiTqKPPzq9e2f3ydPs4Scvrt7Yn62dMfTR+0eD0WC4PV3Nz6f7O3uTYlzke0zPz6OzjVPixPL40nCxqR4+PXF+dMlMiOh8mSOihGDjwTKAFANc3trPbu6yK0uoynyVLc/XDz89Xq/KsnR7e5Oj4+xklh+cFQtvVvG2iywxqah456sSAZI0SdKYmFBlvcmWq1VVeee9MfbytV1rKBzIZVHNZwufl4RapXZjhisarisCqirnVMQYBGXv3HJZzBfL2en5cr48Ojg7PZ4nsf3mt97+5jff2toaHh2dPHt6MD9fLs9mq6NTPT2z2dpUJSvEhgwh1e5DSoiMwIRRRElqo9jaOIri2ESWDZMKo3KSEhG6CipBV5F4dc5VHgSg9OBEG190AFTgqoLnJ9mDgpSQ1dfnR4M/UxVgdEBeBQRFpPaLk/YARG7ZM4Qirb9Q0B6rx4HaszUzgfUdBg6kKL7fSFFsTtjAzdHa/rLRBVLpKfB3IqTaACADubYjWoR2Uk+HBACyIs/LZJymWZYjYJqmrvLL1XqYJtaYQnFdlONhqt7JeqHFBtIBWUZ16qvBcMx4Bd/68vnzJ/OT4/nZbJ2XSFR6VQCQuoINNaoDrOqWMjKTeME6i8bzF8fFaj26dXV698b25cvbe/9/rv40yLYsu+/D1lp77zPcOefMl28eq6pr6K6huws9oLuBRgMECAgAIdCcBIIECRKkZDkkm2E5HA5aDvkDZclByXKETZFiQKRoirQpYiAGDhjY6Llrrldvfi/fyznvfM+wh7X84Zx7M4uf6kXVy7HOOnuvtf7/33+VtNJapY0UFAhICCErfe5CEkVJHEVaG03NBmaFA/TWeVeGNNaIKs/LlDyMnrqjB6kUL1zf1IpKG/pj+513Dr71/YPlXrq+lDSb0ZOdYZGX3VYSgArr2q344c4oaTZm0zJJo/E4v/Pes099Ji2KWbMdR4kRtu3GrJXaZydqZxAPMkniaG21MxonO3snrXYSR/rhcJYmcauZDEfjhBoEvm1my+nk/DKg+OAKb2U6nu0+OTk+mqVpjEjTLDzenQ6mfuqpiDsODQlI1U5zIFJE4EOYjicKMYhUpB+lVZzGcRzpyOjIEBEHjlTUVpErnXNuSnTM6XKpRrlLySGE4Ox4PBmP8+m0mI6mx4cno8G4yMvOUverP/Lp8xc3m83m4fHgD//t90f9oc+yYjjJJ7Ol4FYMm0ghxeiDAqbF8H0ud1YIscY0ojSN4maqYkNaobBSShtNwVNZIFfEzggoMBFTCC4AEhqW0ktgVzrn2Hs+Opp8cGSPoKkRPAOJYC1mqYQoc65evXNAYUERZl5ooukUQCdANUiezxjaUIRPuVmglXB1QSTGhXZfFlgZATr1SfECLQxz9elCAVAbb0SqleHCMncacVhjp2geIFWjOZk5z4syTQEkLwqltQBMZ1nZaSdGFy4Ms3I5GjMEPx0Ae9IEkUZRIZ+SsFa6s7GdNNsrF8v+4d7u/TuT4QRQ0Es9UiJiEQIwUNNQfKU6WIQKCLBAMc3CgyfDvf2T9bXO9jnVbDGRc86HIITNdrvRbGmltTFpmnQ7zW6nmUQqjbTW+mSU+yA+SDOlhkaVnQz29+6+//Teg8Nnh9NmqrdXW41Yr7Ybj58Ovnn/GLTa2mhGiqaT8tnhrNdOTgbZlcurWRG++9bTV55fPzwcdJc7H3ywt7He6qwk4+OjzsqyQmCfpXFyeVOn2t471McTpzVeOb907/Hes73ja5c3XAiT/rjVTkfjyXo3xjDbbk0a2mtlnC1cUWYzf3I42dubFKVXpAHx/bv9g6N8WoRMNS3FEthzQCIQBhZhZhBkFpHCh7DI41UKEVQUNdqNpJkqrVGgovOIiFKaiTKmx8eF3ulfuRQrhGais5k6sX40mAz7Y6XNxWsXL13e2FjvnhyP37/95GDvqH8wwBASca60SLTWitPSl15kZg1zRKgIFM7Vl3P2sNKUJiZJ4iiJTRybOFaEWmtNiLZABIgjRiUC4pwEZK4UH1wt4kSBAIpWwcl4nD94Or5dRE4bFK42IMxngkGrngyCQghz1oRwjQCt3fpnCNB1I0RUHZnVw88Aqr4PighojbUZl2SeolA5TUForgA4xSXOV3xn47nrcpu3nlXzxQLIoAiwIh1WioO5fqdqgtXcf8HC0yJPtFZE1loRCMHvH/fTNI5JH8+KtTBJpFQgZDSwD9ORaneRKGRjihKFRAq10VtXbrSXV+99/9snRyeiyQsz1J5KqtCtIAoAEb2IIOjKgMt1DHWZlZyVeX9ydO8xNpvQXY5WltorvTSNxsPJ4eHAOnY+EOk4TlZWl65e2Vxf6TaSaKkVT3PnAgQfiPzBw/sfvfV+f5B1Eu2X4if70+98eIyISaTTNDKNlkP10YkYJamKXSEH42kvobxw57eXdw8mSWxWOgYCNxrJ97/z+PmXNpfWm8ZMCUgnwErpxGxvYkT5e09pNOalbrqxnD56snf54npsaG9/SJc3J5MpSa+p7HLTA2NwJQmMTsbHR9nJ8ezoeNJsJMNRPi3l8bMpoow5KqKUbRAOilCcC84FH6x1znpbOB8CswhIdbxEsdGKlHa2cGnhTBKljbTdTk2k68uTgIkjRrKMk6xMYpNlxTQrkiQ6f3710sU1ZYwxejQY/et//c5wMMmmWSgLw0E5V4I0YupwQaNiJtRkF0tQiArqbCtFdSCIJiACTZI0orSVpu2WiSOllElikoASyGiMYwEEH8RZ4AAccJ5byp4FUQKz9WJDWYThwH44kGPdRBCWiq1UpzzIokCECTAIKqSAlYUbTuMj6qJDNc+yl0UghywQkPXJVsGJVKfdooUupp7t8CINpOb2VFfWOkFWCKCGGiKo+t/LArKGc8DRfENfDaBwjjxEqWPWTpFTOjIi1WxIzRP8JCuKySwDJOd8T4oGeFRKRybMJmF8ghJUlIh3ochE2EQJaS3BNbq9tNUZHux65yuWXz3/RKjjcvHjtMia/TjHLglwxZQsyjAcZ6PZtPBJp7t1Yfvile2r1y5cvrS1tbnS6zWd9zt7/f2TKQMQhzRWiiDSEvvJ9OgpuzLWGkB84KyQiQWdJpDEEjd8lAYTi448mpzJq9jpxIIJPuSzPInNnSfD5V5nNp5eutAdDbLdvUmzFUcajVG2KKMkQWBSqpFSDOVwYpmSViN554OH589vei9Pnu5furhx/87D82vp5RXXSjwwl3k2Hkw/em9nOCwfPDwGgaLk/ZPi6VEJIhM2E9N2XoQDSiizfDKaDPrj0ckwG05VmXeUdGNqajTB+bwYj6bjcWZdqLIMvPMcREBIUSU/1FoprSvKKGmVJkkc6RACEcax1oqcD/2TyUcfPXn/vceDwdQVhS8K8Za9R0WGWAfnUfk4bYYy9a56oKvkL0VEiioOgVIUaWwkenmtvXputd1tp400brd1FCmtVTVEBQFrwTmwBZYlZAWUpVgr3tf+Hh/YBZvZwdH0nYejd3yz0Ia9C8z1QqASvgSuJx5STzMXXiICUDXDFRWRotNVwxxAD8yVkPIUec/z5YbG+bEm1YK9imOqoJFwhiy8YLrP/fO1gqA2kqCccfvXM1WkIDU29fQknc9Mq5QiFqhQTEHEOk9kbfDtRkMrYubhaDyZztpxtL3d2u40icBPR5KNCLg82WObx901QPLTQVBKx43IRMHlK+fOXbpx89HtD2wAckwBK3wYAyilODBBHVDs6/A64DPJHghSOX2IMMqzycPH7z3dv73UWz63sX3lwsbWytpqd3N7rZFG3vmD49Fokh+NXFkWnVZsOOw+vvP2tz8cDos4iqbT4vaT8bSEOI0xTsAYpXVgFhZEMrEBYe89BymJBsS5K5antsjL776/+9LNtYePBxfWW6Npce+jA/H+8jU1G00FqLe5Zmdj02xtrlA2m53wOGl2jcL9o2Gn087ykgHGw+nezq471/NqCqSGh/2P3ts9GdhJJsdHmdHqcGAzCyCQix6qlvWAwsHa0WA0m2QxyMXlxs0bm5e3epe3l86dW43iJAgUeTadlfvHo48eHX//zv7Dw5PRKFpZ7ZGiYgaNRhxFrWYzFqksshI4OOeneQHCaaqD90+fHe8dDEfDbDya2aKECmsRgi9LBDFGg1IA6JHiMm9PspQDEbLU/8tqHmMF1CQkBKOx22t0V5canU7cbidLPZ3EiILBQijRmAoVwmLFRFxvy0WsDYV1loMIELncTgez+09Hb+XROIoxeKVIoEpVgAVrUM4I0wiIMKhqs06ADCJSkZcqjHy9VjhdsS88ucKMckauos+qbBAWCb7zfCxZxDx+DN12Ggctp3kMIoBSoVHneFIkrtIX5MwU9XTxCYBV2CgTKmEOIVjryqLsdlpxFEfGcAiTvHh4FK6lvhWBAWfSuPoJwRWcDUxrGZXiYLnwKCmRUuK3rt2YHe9Np9PScVFK7kLpKoA/1pHeIVTnedXkwDwtIwgKESN451FT0mr0TKSsH50Mn/QnTx/tLW2trm6u9pZanW57qddaXW4vdRvIQBqzwrpi8Oj2fZ/bRqQPh/mzo8wLJqkGFBGuTDWoiAOLAAcPAEopQgYA68VSYiXqxDAbZ+99uLe52gxONpYTBL79/h4h9LrRzt2nUawAQRutFG4thbQcDrxuJHTcH/aWuqW1SFiW/v1377987nK84aOEntzb29sZeErv3uvnWbDel4EAMAd9KK2SFbGfjMaTo37k/WvbnS9+8uInntva2ui1ljomSQTIlk5EtOpqhYTy48z9k8nbt5/9+tfvf/vOYZYXq5ur4+HM+bCxudxb6jQa8WIqmOelUgQYksisdNs2dz53U2Gb58F5HxiFkzROmw0ILHnGeR67rBEsEXpEEND1AAKDLCSjSiHERnU6yfJ6t7PcaSx1G6urKokJASWgdWi0KAXOVa1QraJGFEKJNSEil2Fa2tKVhX+yM/p2nw5Ug73zgUPgUK/kq51zTTqsjhERAeDqXirV5fEUJ1v1PUxnLL9zuN4iHkhOIYYAeqHrnvuQThOAT880ORODNu/+FhoUqh9tnJ/Q85RfoEV5nz0JYXEjBqquybyYnwoQYlEUR8dlI03TNI2NVtrsDPMnOLm2pDDRZBQaQ0ojaXIWiolJms55EESvMSJk3+p2VzY2CFxhg8IACMyBA/saYFXdBKTq64PwIr+UBZAo7TajdssFtsySNlZ73RUh74NniFuNTitJk0iCPzoaTMazVruRJjGiWWpEVIhR5uA4u/10OshZaR03Em1iNEaZSBBrSC6AMOMirK6S0WoMzAVTic12M86LWb43GY2ypaa+ernXaqp33376ysvnfXAPP3y0vNoB4bTd0OS7cZ6VAyVuOssQsbTOebeyvvr2739w+1KsMxMZNx7lk6l/uN+fzhwLVJT3QYj60PJAXBQnR/0wnVxqxZ97YfsHXr1w6fJms9uWEIrxZHJ44j0IoHO+QmeZyCijY0Ofe/XyK8+d/6O3n/zqb7+7v3t08cZFIjUaZXnpu91Wu91IGkkcJ9pE40lO7SSOzdJSa2W5c/WKPemPT04GJycjQIzSZDjKjx7v2tE4sjZGD1qNKNUgPfF6fsNigSBAIgQKBBRimpql1VZ3vddaXUqXliiKUGmUQDZHYCAF3oEtqbBQWimtVIXIzC4EFwSRYiM27OyMv7XnHlLbugrIzswSqpRCYaySqefoXZmbxOcmooqLUdFWgStML8+7w3qjUO3JWc7sAKs7Jwvo06yJ0zzHUxjGabwMwJkc34Vfd55lMD9vBetgGqooqLJwBp/G2cjCLixceQ45BIBI6kBsJCLv/XgynUymWiuFqJgfgbrYSmONDJ4lgFI6bZJWRKAwVB5M5lAF46goSdIkNkopBeIExHtmT9XAFOceTcRTVlX16lEEHAKPZ5QmF25ebW+sYpxU9+rA4nyI46TVaTYacRxrEC6tty54FwpgVnZ4cHjn3tHRBEySNjTqNEVjdByTUgAg1oXg3bz8UKr4jCAgIQggaK21MaD0FLRqxIWzs6zIvR2+f3DpXKfdib7+jccvv7hZFrPpaLael2vnVpldAD07yfLBwHdTIrSl75+Mrt+6/Du/9i+/8b1ndpCmupwMp/eeFoVFVIq95D4clHpCCWrgPOvvHjTEvXSp+8VXLrz4wrnIqNHR8OndvYOjyckwm2Zl7usXc6yx04hWlhrdXqPdThvNuNFufu6V7Uubrb/3G2/fOTzp9dqNZhIlCSI6HyQvQdCWDhA7nSiKkyy3+8d9rTVpWl7rLa31RuPpvQ+e7Nx9wmUZaRICh0oAm8IN8EqY5rGIcz0kVSLJJNXL662lzeWlrfX2+ppuNFARAaPLCERMzOyrXzETBAIB4dyydVLBHpy3ucsz+/jJ9FvPyrdcNMZQWXpFIIQgMmedAVYZrTB3EiIA11t0FK6ENygioGh+ZtWJSWfVnXPvQ32mVeXBLHruNTrlQ536juZH2cKzeFqMFWVK5tBlEjwjzoSFhFUECYOwVEiL0xB3OZMdLNW5T0Q+hFgZUgpDEBYRdjYEARa5P6KXlnWsQSslwiIo7FWcmGZbRTEpCrYE0hRFoLVWEBmK2KNgojEYDLGSwMzClfGqRgLUwyfmuSQJkBBDCPlhfze3nUvby1curG5tNluJiEwLe3Q8vn+/n+dFkkTr60urq71GEqEIBldMZ0+fHh6Oyv60nLEyrYZK0wqQHHxg54SD+FA5YJzzeV4UeWlLyxyqV54iVEbHSRI3EhPHURxnlOyFcjnMiocnK504bSUnw8cvP7/WTLF/tFPmrrvUGI3tzjO/82hv7RMbgT0EfvJk/9OffnHr8qWvv/uecksrDXalc6KjhDIbhjbsFVGhm1ornxf9Zwc9Cm9cXXrzxXNba72dh3tPdscPdidPB/nYOY9IhkApo7UEhiAk0iLopnqjl17c7Jzf7Kystld67V/52df+7u98tDuZrq0veWBlYtIaUXzwIcjaWm9zfVlrKkvnvX/67HAyzfKsODnon+yf2FlutDKRDiKliAJpedsSH9GZ1Ia6F6wb9zjG3mpjdXtldXuj0etpYxSIcrliS1UaQfAQvAgzs89yb70wS6QDS5jlLi8CQjYr7z8af/vh7NuFHgAxu7kVHJhlIT0RwOoRPZVwCpzJqK7+siBiYOY55kzmOczVXZTl34VcLBSgqtFswhlFKNd66/kXQ5Qzq8AFZrH+DmFuxgAUIBHhOZ4/zP9CLeDGalFBMkcGz6c9lUsSiCjSRkAQQSvtQ/h3JKo+yHailiLUyBV5ikNArXXaIhOxLUCEiMhoZSKVJGE2pHKiNM6/o0o6g4FPaTwLfQ+L0HyrSfMkBlu66Wg6GU5OBpP+aEpGLy911tZX1laXTBRNJrNnu8c7O8fTrFSEhmRwdPjBuw+fHmeZaN1IUeuKhsvCEkJwzhWlhFBMs/7JaDQYKWfXErq8nJzvpRvNeCmiFJicC0VRTrNimmWzLDBQ0phREkhJUYaszMrw4OlkloXJyB0ezsYj+/jJ6O6T2VsPxueeu97rde7deTocjq/fPJ8k8Vtv3z84nma5K634AMcZH2RyEhIXNaPIeOtOnh4sU3jzeu+1G6sK8Y++/+R3vv3o/cOpLLduvXr9059/8fNfeu1LX/nM57746muvP//iS1euXFnrrbTYqEEZdvqznaPpeJSHPPfWNZrJSze2Hh+MrG5cvXKuCjnTmqLIbG2sPHf9PClCpOVeJ4mNQphO8+FgMjwZseeoEZNWJCDBJ+y7oWxBMFQxvPGMMQC0UoowSWhlpbF1cXXt3Fq712mkcYJeh0KJU9VszVlwBedFKArxgUsv1nFZcgghBAbwnsfHs3uPxt9+NPvmjPYDSgjWh4qHEoKEIFUqSWDxzMI19aKaHfgqfI85sFS9I7OEisFUH07CIqGqzlrMzAvlN4sw1zFKIKJ5XivV+VQfY7UhVxZQU4BThzzynFAzV6ayAJGcUk/niRmAEGA+40UUnDe4UD/zdfC3QGltpI3WOoRAGiJjyhDmlklBwAnLo6m/2tEGPUhQPpgk5go3gnVkjtIGEUgRIRC7OI0UC0S+4rwKqgCOxYqDykehAIWAQziVLcH8d4YQQvDTWZ6X0Tg/Pmjeu/NkaWP50pUL585trK70jNHJQX8wHO88PTo8Gl86t7TeiptLS+qwJAjOOmIhrRFRggTnbenEh/FgMhmNt3vJZz659fyFpc2VRquhkzgiHY+n9vhkunswerQ73BsVwyJk1k0PDqb9QXt12bebGUVLYbpSOmK692ScxFpRlj6eURx/tF8Upp200sOTUZxE9+8++eCDhzdvnn/jc69+/xvvPJg6GnujQMUxmNhEkRbmIIP9kw74T1/pXl9vPD2YvPVgmCG+/kOv/+hPfemlV19e3TxHqgfQAlDeWmYAEVeOJycPjp7de3D3/gfvP/zwzrPbT/vPRke3jrMLJ9ml6+d+8o2Lv/bB4GSYP3/rfBARkF6v1Ujj3f2TOIkubq9zCO1mI4qj8+fXkiRqNpInTw6K6Uw8B+8bwF12DWSqbDciei56rKYNAhAZ6vaS1fV2u50kEcXizGygglFpTEJAIEgsIgzsg5+VobDiAqCwDcEH79m5kM3sg6eT7z3JvpPrZ14q/2y1VmaGqlGA06TU+jhYkGZqt20tk16IUWRxAVwIQGV+bsppriCcHoI18jBtVZ+rapd4LnapuaWCzDiv72pTWh2DC6NT1YnWZ2N1LHNFWKtCGar/VIW5Aggtgrnr/rJKkBQA5qC0IUUAQKoyU/JCJMcAnsOVlllqaGO0iYzSShmT9FYIKZQ5EqEyQKjThjCXh09QPEWmRvaTqloKrt0hdWqfnHFY1rTz6gepgmYRAbEoXVmUpePj4+GjB3vPdg+L0raaSSM1gXmWFcPBZDorjYJ8PB2MrRPEKEq63aTZNFHsrSuLkq0dnAxVKH/q9Yt/7iu3Pvv85sX1dqcZRYToA7oQa7XcTc9vdC9tdtbasVGkUEVaQ+DJaJJlJSRpGbXHnoSDIgmCDDQp5e5+cWfg/9jPfe3i+c0sL3d3jw53T7Yurm9tLl25vD0YZeNJoZJEp00VJUpRtSCZ9scwGr56qXN1NX18MP3G/dHNV6//b/8Pf+EXfuXPdnor99+//+G33rrz3a8f3HuXRFrrVwXSorDaNDrd5c3zmzefv/bii9euXVxpxbBzMLq7N3GFxcDLS61L53of7PQPhtN2O07SeDorPrjzpJGk1y+dOxqMD46GmytdQhiMpmVZDobT4dHAZ7liTlFaEiIJGlEjKqywmaCQpI4UQKOp046XlxudTtppRA3kJDgNopixLKEopChDlnFZ+qJ0pfPOe+tdUYbSsg82d9m0mAzyew9H33k8/aOcngZSIJVqqlqVVbGucmrFnYu8pTpF6kSKBcCi9vKd4TvLmf7vjLt3fqCdxqTVAG29oMXgmQkMLOK95rMgPGPLW5AQgef9HeGZ5FBZBHgKSABBohrcTbSYksLHNKcCAD6EWTZL08SQAhFSysRxdS1AEGQ+8f7eyG53WpEgsyAzkBZA9g6EkXSVD4uk3eAAZiMSFlIKwGgKMSZAQYARUJFgWZSeucLbASoSPv2GqLrCI3gREtDaOIGytGSiwOHZo/0nD/cazWRlrdfqdsoyFFlhsywGqwNQFEWGME1NHPnS5pOpzQrwfjQcLUf8iz/88itX1kR4Mpxms3I2KQaj/GScDablzAbHAkRpGi130o12vNZOTibl0bg4mhYHk+JkZ6+zviq97jMX42RGwQM4z3CShS//ez/8+msvOFuu9FqDk3EUpVevXhzPitVe98tf/TQD7zzcBeA67E7EW5ePRjeX4gu9+NHh7M5B/vO/8NVf/OWfFYn+/n/5d773638w3e8rlzc3Lm6/9oV/8z/9du/8xh/7S//JxRsvlNnYs/XgEU134/wba+vPvfz8q6995x//z//mO9975BhZ5OLNCz/yqYt3JvBo5yDwnjbRKy/c/MSNSx8+fLJ/NHj11uVIq83VnnUuL/JGaozRpYghSBFiEU2o6lxVJAQW8DLP8RMxGo1CI4J5IRMg4OpiGKyF2ASlRIRDEOcCi+PgQwieQcQXZbDelnx4ONvZm7575L5T6KdMisBzladc1w4L1Cj/xeYY5gz7eTgayiL37JRGX6umz5TQ4qKHC/jvmad+zrwAFaetBaxiEZFwNhBZ6lErQuXdQIQ5GHwhI51bDXHhslrEyFRHTGU0BEQkhaTwNElGzrTdyAIhhGp865zjwFD5TQAUkgcsrd9OVTMiAAGiuLscNRpVC05aERKaiFD88RNkq6I6MksQkRSRqnItAYUQFoLAwHKav7II+pivVVgk+BAArdZOaUFS2iCSLW3/ZHywdzLsj/LpbDaZWRdAGQ+kktSkiSvKcjYrixIDzybTZij/o594+fnzy0f7w71nJ/cenbz14OTtneHdfnZomZtJtNROlrtRp+EU7Y/zezv9/cORRljrxJ3UGKIQeDSaMGCr28O4wVHKUepV9MIbL335a2+ORuPpLGcOS73urPSNZjKb5YPhWCslgsPh2JUu+ADMwDKZzFKbvbrdKl24czD7lf/4Z37xr/6Jg2fHf+uv/Rd3//kfrAbZSmj7+ed//r/6h1/4k39u+9obv/f3/rt/9Q//Xuvc8q2XX/R2SsojMrNjljhtXbp26cXnzmWT4bfe3QHnGxjiRnTl1o2bz12/tL310vPXV5bb333vTn84fv2F62mkszy3zjUSvdJrOmvBuyhSxF4VGdkyRogU6robrJmfNceJINXUjGgpoZVm1GkkzXYjibU2pJsRJpFo7X1gkeBc8N4V1uaFzYoiK8vSjwf5s/3ZR4/G7x2573izh1oRhjnpYTGqQKyaK6xc6qcRKzWAdIGpnw8WF96qWsXysfHLIpi3LrmqEOCUNCOIehEjVOeB/jsVWBch1acrkQCEeQx9Zcebl+LClS9ndxj1tz5PUa5l3IJVOtzHrFBSM/MLtpFShOCtW6hsK9PKE+F3DvNuonomSls9imJf5IQiwVIgMJEyhvNRKKdodKVsipRSQJHHwrKOmBQpTUoRS9VggyjwIMyoEBir0ZScJnowo4AqsthZiRs2SkEZQIySRDFLEJYAgsyQZWUUJ6QUCKOwMgoQjdZFadG5P/elm1dW0ru3dx4/7T8Z5EMG3YxXL67cuLZx69b5S5fPd5e7rV670WkBYF7k+/vTt79z5xu//9a9Dx+nGs51G4lR8ag47PePfFhaXybSKopMEje7rQ8/vDedzsrSd1qNdqv1+M6D/v6h1lQWZVEUo8HYWx/FUT6ZZZNp2mq5orja0Umiv//o+M//0td+7s/+aP9o8Lf/xt/OPnh8a62TKvVwPFq5cm3r+Ruzg9Gtz7z4tZ/5s//8//p/+jv/6f8edfGVH//JYjpRigkQiCR469z2tet/7X/zp5udX/sn/+QP25EC0EfTwKvrSafLSg1G02ar+cYnrimSg5MBMydGry+3N5Za28utB9udd9+5fefdkVZxr9lViFl/4qYWAxtNSukq4kIrIIROrC4st86f63Z6TWl0KKaowTqJMI5EGDyL9y4vXFEGxy5wOS3KzE6mdjj1R4Nyr1/czem2ivu1RB0AK61L3baBAgASXmS88PyAw7lcBgUEFfF8rrKACwIIoqrYbIvo7DMGI5qv6xaDzprXpmUR8iyLzKa6CcZ5/cz95/NQcxGeh3sxCOGc6QK1VVDOrPvrVD5CICVEQKqqcWFeJIWdTkVq5QqXIRiqYnPqURMLoKJC5N2RvzL27eWuarRtliFHWiGw97YwJkalXTYWDlXFA9FcA8SJUcoYJFJGISkB5Tn3vgiI6ANixW2sHFvVbx9YuGpLEFH5kLgx4NQmTaeNJYQqkgtrGR67wD5EcaTjCLVWANxIvHKzWf656ys3VtLvvP347pPh03GRLjWeu7bx8ouXX3rt1uVb15pLPVTGpPHo6OS9b7778N372TQz7XTj0tZf/ZWfODnq/3/+56+/+9a9iyut6yuNSKsnw+FAQntpqchYGXXnnQ8fpXEQybMSieIoclnunWcOUA/RsIqS9qVTSgXBJNjtpcajw9Frn73xMz/3gyL4//sffv3k3fvPr3aDd7854W9MoivffOuHPvy9l19488njD37rt36t02iDg1/9m//lCy/eXNvcCK6sXDWVt7MsXNxq/4Vf+sn+MPtXv/WdRhy/sNrOxpJBaG9trfY2e92OCB8OZsKw3GkutRuaRNhFRm2vLzVevvrazXPT4eTxvSeHe8cqVY12J03iMi+nxxmIaE2NWG11olvbvQvbS41uI0u7fRtdKk70UpMFZJKVk2w6yrKZLbPSWu+CMPN0Wg5GZX/qD8d25OAJRQ/iRgFIIdQXt6r2aOFcr65786w/oXpsWQm3WRaKY1kkgoKchvgKSMWFWewYqHYWntm2oyyW7pWLAhZRhDS/j85zuE8VzrVydA4vnEeb13n0uEBuz4tpkdIGc2ywUlVsyzwi85SICqdBUFIbkBFZxHqvSRFRYK5a2cCiCA8sfzCDG1GrzC3YGVEbDUlwBpA5CAsXJXDl9BcSYkRlDCVGMSlApRUpDagYyXn2njm3nhEZSakgYSGWB+ZaSsuCQEFrVyUKWgveBQHPME9TRaVVkqZBhAVCYBQvIpoI4ni1k7y4RrcfHr7/sH+Qu4uXl197/drnvvTGzRdvRM2GZwiMGv3v/+Pf+d2/+5vDBwcQAtg83b7yb1Vjf7j35lde+Su/9CPf+u61f/AP/tVGw1xdTgPA0+EkihOTxmVW2LKcDEZRmqysLnc6rbywM+be1vrlq+cvXNgSlIOD448+fPjo3g5732x3nA+bDWrH+mQGP/vvvZm2O3tPDr73m9+83Gu0NfzhFP9wHBpx9OTh0V/95f/1Jz/54ltv3T748N7Pr6bbkX73ydG//Kf//E//x3/Z5V4p4OCBWYRBgiscKfqFP/vDt28//tynr3/tKy+fFHzSPXcQzDS3s9IV1rcbaaeRKARny9hwKwqtJjY2181La7bIn97fubTRZCH2bufR/u7O8cjbxkrainQqvN6OL2x0Vtc6Ua89iJoH3EqO7re2tS29zYrjp4Odx4ODfjErgg8MIIGlDGJZMhtKwUOMHibpidZSTRoViedFjGR9vtECErqw51UFh1WGUpU+UoMw6jOyNtnKHDBRnz+EEvj0aa+7y7mGjBAZq2OWEPTcJg51BsWp+68eXdbEp7lD95R0X9/X59GMAqjmoxpcSEOrmiKgOvS8ih86RbvVgNQqareiS9UXQRZxzkVGE1Hw1dikwszBPjUeTxjtNEZvYksUQ+mARXROZuLKEpxTWmGkMdJUDV4irYF8EFJ1EhkzexfK0pfW6yABuRKPgXPVTpih+m5BIQCH4JlJsTJBUR0bWI1vkKLYRHHc6rRJ6eoniuLIlkUUG62iLZiW0+yDneFB7m7cWPnSD770+a++uXpugwXKskBUWsM/+2/+8b/5739zOYquLC+Rz5LnfuCL/8e/Fzeav/p/+U9/7Vf/3+9+/9F/9jf/9Pa5P/Hf/Lf/rMvuxmrDMez3B6tbG0qpIPyJV194/c1PtVsNZvaei9JV5GJry8k0CyDr59aKojx8chA3mzIeX+jG1rpr1zevXDkHDHfefeCPB2urrcLz96aBADkIknp4//j9d34jiUxQ0X0brjT0VpK88wff+bm/8PNEyN4CW+EgIQRXiveltd1u8y/+iU+/fnntcP/kpIRjWR4SjyZFu9Pa6rTBl1HIlxq81uJOKsYEIhBhJGo09FLv0it03XvqH/WvXds62R8WeTkZjrmwEcByp2GU8qSfcjSCZn7/3guqL3pzcjy8f3vvwePJ8TQUAQNL4SvfFXgATzRW0VGU7kNUAmDwCyMEVEFlwlUmIBJVxtzK8zq/DAlhfWmkOblMBBQA05xqsYh+mFNkKmkkKoLAFeaozrfHMwnauOgaRcvZXDRYEEgXTeqc5lAfh/PDcr7snpc9Cp7mrs2HQXV+exUiX/1kp2U2z3Saf5X5kVjb8mtdm/deaz13EAuLJFGCjfZ3DzJsuu0W6sIDUpjlSqOxHnVEcQKcK6MqO7RU2Y4cVBShNiiISMza+1CmUbPh8tKXPiiqRG2CRAgSQqheQzznyRkQkmBd0KRmSjsVB1LEoIxRChVCo5U0Oq3ZNBdmW9o0TZdWV06OT5b6+f40O5gUVy93f/grL7/5lU+3eh1XWlIKEOJG9Nv/4F/8m7/zm+eX2zFwcO5Olj/3mS81N9clyI/+pb+8+3v/372Hu//53/wf/tZ//df/2i//xP/z//VrG5qfX29Nn44mo0mr0xalBv3Rb/wv/3I8Hjvrq3Dg4INRlDQSUgq1Ygb2QUWGlEoUrKZ6OMtf/8TFOEkAcHg0bAC3tZpYHttAylSGcSLodJoQOLNlPxApWEvNg8P+aDRc7ratLyRYYAneBu+8LSVwkRU3LvRcXhw+O8zi5p7Jiki21pZasVF+en7Vr3VUYjyQsLdVr4cEAk7EA5DzQQIvr7eW1lpXntuezcKoPyoDlVZGo2Iys6WD3OP49t3e3oPOi1uHu/37948e7kwnhRSCpSAjetIOwZIqlBkrM1aRBUyZExaWuc4EqVqdB66f48rfUwmqaolzHewrhKcKL55rWqog0dPVHyxkolXx8NkwirpYWE5vffP+EKvr6JnJ6el2AWqZHp1ByFS35zl5nxaTGBCcc07xNKOpQqrBAsW9iBbFU7D3XMM8D5ASOX3b1GYnZg6IVDmtmH2SJgiwM879pHyjpy8qQ8ogaGFBLy4vk0YnlDOQINYzMyCKVqQUoGiNSsfkPBL5AM6Ldb60vrC+QpSCLFCpUocxVrxSrAOGSQQDq+A8MaACAG8L1oqNZglpM1nbXAueSelOuznKy6TMVJ4/7mdxQ33uzRuf/MyLpDQHVoqYfRRHT+7v/O7f/c1z7Tghzq3/jTG+OzWv/s6//uLXfvrC1vYffesPDwv3wkrznbu7//Sf/eEv/9WfG08n/+h//FdXu/rWWut7exObJE7C/tODazcvf+qTz5/f3jTacOA0TbvddrOZMoe8KKaT2SzL337vwQcfPdtuqNWGnlh94cJK8F5CSFLTMCo11FCoKgkyB6kEkyIKQAA0YaLQokQoweXiTCgzEJHgvS2CD947ELGTQSpyst8/6k/8amvkZGutDbZYioc3LkdJDCw5OwsUg0mqJ6ye+AcP7KtASREvzErrSBe+nD64NzwZBdIRAkqW2d3d3uHuubVmvz/76P7Rw70s91Cg5lYLkqSahEdEiJoEE4BNqHBfIIKu2mecsaoHgVPLkUCoQkArsYtgLX+pfPgidQBEBc0E4FBNMOYDnlOJ13w7wDUAxlego1AFkXHNTZzfXnXlAp5Tgs9cahf1RHP3Qx2ndgoUPc2YkHnJnYGA4xlhWpW6XXGo5oW4aDFhPl6tvjhJLfDEhWSdFC3w40mS+BCcDzuM0Leg8yiJm3FCGlCTL0tptFSj54d7CAG1JqOkOs8BwVpkxsDIGBlKkihNQ5q6Vhms58DCClzgKjFQJCzUpDyX1Fb7GYMYAMJC6I4QNZLty9sAMBgOl5aXUOTxzg7FcduXeelOcvvmJ8699MkbREoEmNl7j0iqSX/0u9+Vw+H6dsf78M8H/HapGiZ659vf/+W/9IubGxvf/vZ3O17fYrjZjN/7g+8f/Jk/9tUf++zd208efO/eGxfWDjL/eDA6d2nzE68/HzebpfDTo6PYmMiY8uSkvFdE2iitggvBeWDeOrc2cHL+6QmCMEG7aWxpg7Urm8uQRICwkurzMb1fsqKFcbS6SMH1hurG6ngY0k4zjckVM1/mCBC897bwzoNIWZRRsOXJ6NnOcYEqgyhOUyynL5xzl7eTgM6HgDrBtIkgwh44iHfiy+CKUJTBeQEUquZniFEjbaaXb57r9Jone4ODh7vZ0wM+HIb+NI7NST87GBQPjvKJFUvKLHVMs1nNPypcmAZIqjZnzlNCQGbFzEFq00O1Rld13C4EgSCqkqbMG6V6Ksgg3gdAUkqJQKjoGFI7h2pNCaoF16Xa5DHXywKvIo8UEL1IYHbe57ac2cLlpS+txo81j6dKWcSz7Gw4c5mdN6zzJeaphX7RytalWz+gspg21b+Mau3BlW50UfJzIFQVQYpCAEJAwvWICjkEQjAmqlYDCnHHKxo4kxQXl+LEYLMZASnvXNRcQjsDN0OFwfmKHRZKq4gwNhQZRaRRjIJIUyMxeewakfFOAohGEmQQCado43o+TPXrjRVyRCoYxcqgVqiotdRp99qb6yuj8ejD24/L0q6srW5trGdPHx5NSh3Tp165lDbTyqYWnBNRSuvpNL/3zqPlSDWA7xThgxxiBSJiTHT39r2PPrjTTKJjD4cePtlM3ns23N/ZW3vlxo/8+Ov/93cf9lL8wRsr//DbO0VRPLj7aHltZXm5nY1CfzgZjmbNtHHp/GZzORFGcZxGiVI0y4tODJeW4uwk9ywRBHauzGbbF9bMSrdw+Xov/dqGvf+4KFlHWKOEJp5vJvS51ThJdcHh4otXGpHORmP21nsnzN5aYCnLgrwz0+LJnWeTmU/PbwxErUX82ra/cCH23iJqitq1ZilYCUG8Aw4ASFEDKAJvXVGWWREmU6W1iQsfJTpJl1bSVgM6zXCYukO2x5kvRmWWF7tDe5w5h5SuNKNIs3NV/+MrV9r8XsciilQNLgMOPtT2gypas7KWLxbzAhLklGM4F0YjCwmjACkVAqPMwwkrPhOAAM0tOrX5WECqzENB1MoabVBrMjHFDdCR1ypHcc6V06leJIzPz8LTA2ohezmTPHq6xp7Pg7BeZlTXy0p3MF971HrU04I9VQvUkyJcCMrnF9cazkRSbe0X6TJQK60BhNRcHiC4Y1Gd2Nz67RaF4FsCLIgmilcuuIP7oSwAhAOzC0opaqWoFCIiB2JPgTWwIUwUJZpmACQAgEHEB+EgYa5mAiSZb/cVIYgY9uClEBbROkre+PTLy6tLO8/2rl05/8JP3XAuZDY8/eiBGwxHpV9aSTfWuraw2iTBWY+iwSBAUeR5f7quqEPSt6EQZQAqH00UGSKUEITBCiYa2i6MDvqAeOnq+edeuXr33Qc/9Nnnv7MzeCrQXe4Yo3vdzq2bl9rtZl74drvdaqRKqWxW9I9PTk6GewfHTmSlZTag9Qe3nxolip3NJkrppaXlmz/wwrN/9vuXtzpfvNIZo/yjJ3bk6/bh+UT9leuNm6vRfj8fpfEf/+obxWxS5FP2rqaeM/vCRkanhbv9zQ/2j6bx9uaRR2qpz9+izRXtnUcdkdKAQYTB58IMqMGkWIW3egvIOo6V0XEjdaW1RWkLS847W2BFbdeUKc2by51218zKMMh6I0uzIKSFwZa+klNXj4YPgog8J9AKh/n8nWnuO6qLh6vUvgolgUqkuqNWmn4R8bW3t7b0swvV3Y/qm2q9dPPshZm53mhUhtVqpUGIzNniiBPSrAyaWJI0bjTSdlfPAy5OE9BosTyYz1Hk1AkMdbM33z/IGRD/QuhWRzgJIC1OZhLmqsQIaoNW7WM4kza8iEUU4fkbBgGEiERhFYU9y/J2q6W0keABwbPsWQlTPMnstaxczcturw2Aam3FdLfc0Y6wddYprVVshJCZuQjihYQ0gRI2wgqAGBSiMHvP3gcXwFZuYxHPggSCyFIDfxBQEylCxzy12Uuv3rp6+XyaJq1G44MP737g7yVRErzzO0/Ho+mzif3CzTUQKHNLpgAiZg7Bm8iEEAgh96AIe5HCuVda6jcHgQiBbKTYTrCpoMKfIeJrr9/81a+/H7F78eLScR+We0tXr19o9drjwk6tN1r1x2NblBVtOYnM2tbK5Subu3vHLOX+N2/ng8mbn9qG4GfjsVJmBvDFP/bmr37/9tOD4esvnvtzS9Grm8X3jmy/CCsGv7IRn++qaWY/PBy//id/5Mrlzcmgz8EH5ziwt46967U7ajS5+/W3jo7G3G6Ztd7eTv9P/fiLm2vkXSAC4EJEBBWgRp0iqkpgCIIYSkRkL2zz4AOgQoVxIyVli6wIhdWRMUncXW5fvH7+3oc700nfS/CKdBpt9hJCLEs/6GfTkVNEwEwISqEPTIujioVBFCFIgNpNcArH9tX/5no/CIZICVQOO+uZGAhBCHxgRNR1/kWdV1+RpRlAAVcXuCCn2mya92YaxXOt9/SldVUuOiCTCiZWUXsJa2/uaWx2XbN0ej+dz0jnp95pjq8sNGinPI36Kivz9cjp2OZURnO29s589VpZg1h9V0SkibTSFaVORLz3K8tLOjLWulMceRT3Ax7PPJfeBK8IESRqtjF4NxkBookNIQAzl5Y9CyAH8dZ754uszDM3ycosd86LC8E6LgMHBmbxAkHA8Wn6FQNQ5dTQ1FjrXX3lxo3nr42n2dFxv9Nu3bx5LYkjIOoa+KSafu75zZl17U58+cISIFV4CwSUEJiDifWD9x9njw82ulFC8P2xjAXNvOFWiCXzqpIf34x6ER4HefGPf35lrVvOskjLO9++A3kRLXfU9tUrV88/e/IYB0/XZbxN0ws4vKann2iVt5rFmkxoNjjY2z8YzJZW19e31rF/+OMvr3zq85/wQUaTgghcWSaRvvDcpbc+eOZPJssNfWuj8ea59I0187mtuBfBo4Ppu/3i4h//4pd/6nPT0cDlhSsKm2fBlo04Xm00po/27nzjncPD8URF689fevfB7ps/cPnlVy/6okCxEnJABJ1g1EbTqsdxIYiz4gqxFkIAQPaFs86V1rvAAkhKR1qYJ8OpcCCtGp3GyvqSQhXHsabo8HBy587+48f94SAPXrRS9WNTWSmgkipzCAFBCEVRvfWrAM4VrKy6r3I9L2FEjAxFCghEWAIzAGiqQKFiFAFUIm9RRERz6wILoqiKrAQCwBWSWIShysyoQCrA1T0YQRSICDvvgy1V3OmdUkjndQBn/gl4Gq00318sVoPzwPo56PtMJS2St+eHrNTbDPrYvGd+zMMiCIOMUrExRmtNSiFqpQnRumrUCdY5BFxdWRYRW+FDABDARNEowEHB45klZzUE0lrHsRsPSCsBEB984SQIIgmDt85ab0tX5m6WuVnmyyCktY4MIHrmwOAFvAjXYIU64oJZfAhBhGJ18eaFL3z59YsXVpe6jUYa7+0fnJwM1teXL1/aurDSxJ0HV7Y6L17fenrUX19rK0WkNZKSOk+HjdHeh7vfun1xJV1rGfT89th7REMAIAWL4fCnz8Uvr0RZYcuN1c/9+z9MzN6WENyj9x+Zabb04ouzOF0d3//Ji/LTn1j69Hb8wpq50qNLa42tJbOVypW2vLgMr63hxbjY3T26uzvmtOtnM/FFtxlvbawqVC7wbDqNDF791HN7Vn/w4OTJ3ujweDYcl4+Oyg+P3cHq+os//flPvfncZDDKJ7OyyBViM027cWSm7tG3P3zw/oNn+6OjQJdfvfnRk6OLlzo/+uMvu2IGfoZEGHXRtJBiCY7LMefDkI38bGhHJ8VoUIxG+XiUT4beeVSESJ5DWRTWlUSUNhNjqMjywB6VDj588PbTb3/7WVaErc3e+XO9Rho5xyCg69SRCtUVqryF+W2GNZEmMAqUqjWhlXSkorMvsgKNIq2QEDiwD7zAWQOCJtRqHiQoUOXGVnGASGJUVahABBrRqCq6p9IFQFWoRJX4TRQiixRBGLCVGhV3l04nngt/0XwXv5iqwKn483TKUiVxwryoFhULZxeLpx8m89b3TFohLZBtFS4OtVKR0UlkjDaKiBCVIs9sXYWgAyIqSut9SNMkeB8CVxL4JI611nmQAwcHOZd5qbyLkziUuc0zZvDWB+tVZDgEWzpvvRew1pdlyIuQ2VB6QWOiJNFaGaWQqg6mSs6qT8K4GXU2OkubvbULa9devvHKZ149d+FcEsfGmGYjXVnukoJslk9nuRI5uPtgcnj88ouXGSGzRbOZ1OCsmkEZQghr59bu336qh+Nz270bS6bBfmcaMg8gsKnxT22nP3Kp0Wyoh4fjGz/5pedee77Mc5dNy5P++U6UrK0OAX9kq/jJm83zyy2VNCRtQ9qC7gZeeFG2PylLm9xoB2Hy5WoCn9zUGybfH9sd3330dPLg/m5/dz/ytpvEaaPBgElEl58/v/7KdX3xYrm2Gc5fNM/duvDFT37yyy+sbnTz3Gqlm2naa7VSVuFouPfegw+/eefpo6Nnx5Oy1Xr+M8/ffrifNOBP/pnPigT2JcUNUKmwgLehHLGdicsARIIXZhbxtsxns8HJ4PBwNDiZzKa5CChFJjZElM2yIs/TVpo048oaH6fRxcur7P077+zu7g/H07LRjDrtpCgCB1YEmmqpZSUDqJYrWqFWpBC0xiq1dzGTr6z0ShECKEVG1YdCqBDkdXq8RAqNxgXXE2qfByiFkQajQVUIRoJY13cdrrz1UocvEYJRqCrqNGDp2Qm2YlLAKm73KlHL4iYqp4UFleT67AXytMQqZeaZ+2Qdk4hntoOnd9hTkfe8zOs50OJTVj+gVhQZY7Sq8dmKRMBZW4UZVOoXRJzluQ8hTdMQQj1OVpQkqQi4IDOho0DjIiggLIvRcd8FcdYjoQ/BuxA8l9Z7Fu9Cnru8CHkZpoUrrSNNShsRUaRMZeSuEwEERAJwo9N49TO3fvQn3njtjVsXLyxrCigOJChUSZIuLy8vL3VA5KQ/Msy79x83NN+6df5wMFIatdaVmbq6W3MIURytXlh/+49uN9lvnWu/sJ5+sqtvtdSbK+anLySvbcattnn4dKBfeO4H/4M/XuYzOzrh/tF49+SdhwMP/OOXYTuS0kKQ2gBEpKi9hq1VwUYY7rvjAz+chGnurXM+nOvQK+vu2q1Ntbw+tLQ/ozsPjh588GD6dBcnMyqKKNiO9udWosuXO1dvrl2+trKylCjxKnADBGaZOzoe3Hmy+8GDJ7ef7D/t7+4N92ZF77nL1z917XvvPIqS8Iu//EVjJDin4oaIIJcIXsSzzdk7DhycLWfZbDItMpsXhS3LyhgwzezgeDIeTWxZIkiSRI1W6qyfjKautEiaAxOppNm8dHXj4sUVEfbO7j0bjse5MUqCEIJRoAiJKiZipZMUhaC10hq1qoCfwIwhiPdMiEpVzxQQQqRJEHyoWp9KKFM9k2Q0KYVzFlFVMKhQjCZCZOaFSbaq7ToPsz6Q6zqvSr3wUgSIDBmU3AVsbV8hlLNlA2fiJs5IZCoRqlTFshABwMcmmCi11HRuzThV21SkYqyhwGdUo4v9PCIqpQxRpHRkFFWm2xCK0paltdZyxU5WVHesRKsrSwoxOKeUTtJoZakXfJjOcmEmRXGktzqt85DHew+bStKYVntxogCFSZEQBQHreJb7o1ExmPHYigcEwihNBKkoXelD5hxrUolKG3r74tqNWxeu39zcPr/caqHRYoxCAhGwFvJCj3M9KqOTXAWhk6Pj4tGDwfsfmtngy194obPVe7R3jEaZRqq0VlpHcaSNJqJ2t/voo51v/Y+/e57c9fPdlV6KPhS5DYEH4/LhyMLN6z/4p384iVAmg/Lw+P339j/o+0+cb3zxYrx7/7AsQ0WRMMaQRqVr1ZJzvpxZWzgXWJMmTWkrbvZSpUMWhfNf+7G9vv/6N+4dHvl8Wvr+cTw+SYNdaTcbiU5Tg4SiqigKRgJfcj4tObAtfZ7ZaeEmeVkwpBtrW89dpER977sfXb/e+8W/+AOmEYWyIBUBMIfgbZnPcleU3tl8ls0ms8m4mE7K4LjiBSttoiSKkoQBy8IVhUsS3WxGaSNqd5orm6sgcrR/kmVFFMVJmrTajVlmvdONVmv/2fDoYPjuW08++uAwUqoRK0VYafeQUCtiEecCIhitjcbqbPRBnAvWhkp7qDQRoQ9csUwDS2GD8ywsqBBFtCatSWsFIi5IaT0R+Ypki5WqmUsXADCwgAgR2FCDocKcyVbb6ARckKllY4hEMhsGhcPWuctIQouaw7NDynqbAKdK7DPANTwDRMU5XvFUqkpwWogLJU69z6iqdA5cw7lsAoiqqaOKNBFgCME7b61z3nP1bjm95xICNBppp90KzhGRicxyr2uMnkwy551WFCdxt9NG5v3bty+TO69Dy0hUMaA0KiLnQ2DJHQ9mduowC6C0BgRUSkVR4UPSbS5fXI6aSovvtfSnPnXpuVeuRYkhLCWURKKjqJpfcUAEIlSl13sDun9I/Ywef/+7jZPDnQ/vXltrvPTC9saVjYG1o+lUUJGJTBwZY7RWRKrZafdPpu/83jvZw72WLyl4ZpEohvWVS5/+xK2XLlA5Df3+k/tHH+5MBlHr/Ap9Op49ezTsD3LFnBgipUhVowlAAB84BAg11AQmllOFqYFmM+qttqwq409ee/nHvsrW3/5o94OPjg/6Pi8851ZG06J/4qdTsbYKHiMR9l6C+CBexLFQkkS9TmdrY3V7VUh2Hj179mz/R3/k+Z/7+TdYnCsyYAbBIptl02mR5WURppOifzKZTHJbVulelMRKa6WNQgQGBFIqUo1mrAiqhXg10UsbyfJqt9FqHB8O+8dDTbq30tGR/ta/fTSe+G6vbQu3ttrcPxq//Z1n5dQlkUKRwIKEUUTCEnyYV0Et1faBbcmlDcBCCo1WdV4oICnyLpSeva96nwr4jYpQKQrM3rH1QWvtWTxXYO5acsMC3jGpOpavKsIKPK0UJZESgVnh+5lrp6ahcZy7w5nv507Xjo2PuQhP/VFn+Ginjd5puPa8ZGVRrnN991ne6Jk/y+lZW891CObs1DlCp5JWV7zcqm9irhYuSAsjVlXYzvvKsF/JA4KIrhCRNYQVTRQB0uOAO5YuGLxiwyq6WAXAis9TzT/ZMwDpWJPnIIDBCylqJ4bET58dz5zPCnvlWucLP/icIse+CCGTYIUZSWsTKWNMlJIigJBGcqOtN7rFB0/oYKk7PDrYvLR95+4DBTAeTC7durB2bnNa2mme2zIvilwQiWg2GTeazc/+2Kcm4+cn/SkKJo20t9RY7SXKluOHj549Pny0O913ysfR0opujw/f2RlkFmezcndmLcPzq+ly01jHoRKDIAKAIpw5/rUH4/cGxWqs/v0b3avMlmGU5xdv+FDOBPQLL51/4db6k6f9d24fPDvAScM0N5eUCAbvi8KWzheFLwqlVJpEysStpV7UTAVgOsneufP4aP/40rnmX/8rX/zUZ68VWcZ2CoFtUczGk2KWFQX3+9nOs9HR4Wwytc6zDwBQEbBAKTSRaTbN8lK6vNJIUq00RrEyhlrNFIG8FwA6Phw0c9vttTjIaDCdTbJ2L331jUu/8y9uf++7TyKlvnE4XV1vPvfC2v07J9m4TCNNGrSq9ougSFkbmCH4YEzddrHMo8MEQ+B6wkhwNmdsPiiBaq2PNTsYjFFKEbvqyRQkVAqVQmsFNBKBC1wF4QpABZ4iAiL0QTLHhLjU1OxDZsO49MyM3QtXa2/tv1uEcGZ3uFhSnKGRno2hlzM944KDUV81QeZOSFxYMaheAlKdnTaXBFS/gyraJ8yxqpX+cw7CqFaXhAQImmh5qaeIECGOo1ajSYpm05kPwcQmbaSXLl2czrJ/+41vV2KlmGCTYI24iyEFVsL1wU1YkLakESAhiQiND9b7sfOhEa9fWn790xc/96XnVpcaIT8BcYCoTKwqtz4SIGtFREqZCLQBECJgC3cflP/93/u3PUSZTnfv7Vxcbi419bnt3tr2Wme5TYZEEROh0tWbVNdHGbGXcjorR9OT3ZOj49nhxI0pyqM4buFnPn3hjTeu/rP/4p+MHo5NrA/G9p8+Hp+U4VxD/+z1zvWlpPRgfSDCKqfhH98d/frjUUKwovCnL7eu96LC+Wufv/bVX/mZuNniYKFimkUaFLpx/vjJ0d27u/cfnRwc5SxGERERaU2oQuC8sNNpNhnPimyiKFy/uvyVL9z67GeuJg09y6bIvsyK2Xg6m8xG/emz3eHeQd7vZ7PMl5ZLG6rHuAIlcbUmR1RKtVrxxmq6udnY2Gg2WlGjEcWRabSSaruulOkfj73zyyud6bR0zjWbcdpusZP33zn89V//KFJKASDBhSvLh8+GrvBxbBBYESCCd1w65iBEGEcoAHnhyzIsIq+VQoWECEohEVoXnJMgEpgBQREZTZGZQ49ESKvShrwM866PRILWFAJUklLvGRAZsDo7uDYlQOZgOLPthr64khwPi9sH+agMAoKd81fqLg/q4OgzqN/Txo+qkRMInVnu1Urus/fXjynf5qvK+uI6/xtnhjen5snqMBSoaK3iWZgXGQCLIsQzqaOERAi9Xjc2hojiyDSbTWGeTmcAomO9srpy/fr19z746O333ldKAQdG9AKIlCI0SFKo1ckWZCI0C4Ao68vJrfOdqw05t5Z2l5PNi2ubm2vnNnpKBTc9Ii5Ik4lTJCUhSAiIqI1RmpTSyhgyGrUBVIKkUN/74PBv/9e/s9zqaGuf3HmynKi1ljEIrWa81Gs0mlGjlQAREhCBMJeFL3I3y8rRMB9ldswKu21IoxLk2tWlr/7QcxdvbPf39v+r//DvF3t2baUxyvw3Dma7VqYubDXozzy30jIqMAcWrdAK/t/eOpxl9jPb7Vcv91a6UW+9c+OTF179sTeosVTBl1FYxFfqeULBOAKFYZbt7548enS08+Tg2dPB/uG4yK0PIUnN8kpnc6N77Urv5o3tre1VpSEbDYN3rihn42wymh0fTp4+He7ujkdjW1hmgeDrgyfU1oLK4gNIwMyeUQRNpNtN3euoK1d6a+vtNNFaYauTImKZB63V8eE4z+32hdU8d3Giu0vt8YSzYckBf/u3740HWRzrEMLyWnMyyCgAESAEALCOfZBKJWIMlTZYGyrhdfUwKlWvb6uH39rgg7CICywixqhYa6VAESKh9wGIShesk9IGJAyBSWNkVNX88VzOxoK+2n6AaE2z3B+NvfP+8maj2zDvPhw9GVnLvNKKdS3mgWpACqdYikXwzKmaRs7acBdsqLnSjURqmz4Lzyc1NS8ZF1U0d4Wcir95sXeZj4DqCIA62rQG658evwu3sdQxAARESIoIsQyBq07amG63UxTFs739GuYPCAIGEUEc4FDoRGR+0IsiXF9N09RoBcd5yJzcnuSXi+aL7aWt7Q1v89HoGfqi1UrKmRv0M29tHEeNVqPRbuu0oY0hrZAIa4GpAJELfP3Fc3/9P/ry3/pbv5Wo1o3XP7H7cPfOST8lbI/9Yb8wGiNdg4YqW13mwsxJCYhpHHdWbKStL7e76o9/6eYnX7kkhNPh2Cj80k+9+Bv/+N2nkyx4OZ+gDmECNHbyeGxvdaMyMAB6ZjT6h6/3PvHi+Z/4yVdXr2xGrTRuxRAptvVbDyEAKYQY2AN4QeTSCogyevvKxva1deBb4BlCCK4AEGU0mLie9wUoptNgcwk+n0xOjqYnR9O9vfHDx4Px2FrHAOA9FqW3jq1lH7g6bar9bx3XbpQm8F7K0nvP3kdKTxApTbVRNBoWcWKc5bL0nW4jzOzTp/31te5sVqaNJE2SD58cFFn2lR++9G/+9aPRSZZEejIoADBwUETeM1eiACdEAIilDc5VvEskQqUQROJYGU0sEgJXHwIwjxgjrManWlUz1WrrIDRXQMtc4IYI1UifmQDBMwQXVBVjhtWICEsf2qla7pijfnE0dUGgleirqwm2ty/NlWhnu7y5t+j0AKtVcDD3QZxxJdfQmJpauuC8Va1aLRDnxZBmnlJ42h9KHWGBgMiBJQSpNLIVkfwsFKqKgpl/XYWwutLTJtJEzWYjjuPpdGadj2OztLJ09cqlj+4/fPf92/P7f+2brvA2c5FALehJk6jRMNZyWbg8d71u+sLNLZLw2Vdu/uxXL41230OxSRKNBpPZOG904s2tXmepmzZSMlH1TJGqlBEeULMQUoREgSkyZufe7n/7t3/76bPi+qVzsYKjw8HkeCilVRJIBIkYEY3WiaE4Ns00kJpZ67zbXIu/+uWbb75+KW2meemxSmoH0iiDw+Huk342zvNp2d8bff9bj9+/e3xztbnVVAJ1G8PBPffm1a/9xa+aXleIwMQiAVhQaUBV07nYASohA8IQSqhG9QAQHHOolU7CICwheFcE54N3ZZ5779nzdDwbnowGJ9P+sDg8ygdjax1YJ0XJec6zIoyndm9Qlk5ahlINWpMxlCSq09aRASBJUhUZCgEHI+s9r640rl7urq+m7XakjUpT42zY3xt7L+cvLmezotGI2u2miU2z2Xi6M713e6/fn129vv72d/dCycISWCqJDFdmBxbnmBC0prmRSUREazKa6rQ2QmudD+yCOCdIyCzWM4goojTRSaKqdMrqDlaUPrD4AJWOS2lspBERShDrfNUFKkUhhOqAmRX+YGgz6y9vNtc6+tsfDXfHTghubDQu9uJqWY8LKy/ML6VnpZyLSpRTL+9p1CESzW35p06n+SoCzyRjL7Kf4Mw2BOGMXEdkAfqute24uPHiwsi/kM2J0arVbBBSZEyjkQYfsrIkwmYrvXTh/GSWvfP+R3lZ1nE51Vaz5tqAIFR4g8rO6DyPJuVgmGutX/7EufPnlg4Oh6++dOGnf+hq1n9Q5mNnff94yCJb55fXtzpRYpSC4J0rc1dkvsyCzbksgi19UfgiZ1dCCIQcgl9e6Xzh87cU5t956+7O/tAkcXtlqbHai5a72Gljt62XutRpuyguBMZ5icpfvdL+qR97/ud/9vVbNzcCkPNAShEq4EDKCFLaSrcub164denK8+ee+9TFT3360nISJkfjfFZmpXWeQeGFF899/k/9YLrcZlBACpRGUqRovsACEI+kBRjYVZILAITgkStzc40AQtKIhKRIRUhaKaO1JlTCYMvgPYIyjVayttZeW2kA+ywLRcHBw2Tmnx3n48J3Ir3VMqlRFUg7t9wfO6VVZBBR2u2o042MpunUzmZeGBsNbQzGsY5TvbbRAZGdJ8Oy9L2lhrUhinWURDqKJuNiZ2cSvL537+DGrbXD/Wk1IKi8fM5zUfoQJFSzKlVj6RFEKVSKkFAppRR5H1igmr4rhUqTc/VwBQCMQWNUxdj2XorSF7beT1cBYVqTMToErn6rIQhRBU4FpSgEHs18f+ZaDXVtq3U0tPf2MyfQa+qrq2kIoHlh1TmVwtRJa3CKDz7T4C0qYM6DkTMq7lOVmpxOehbbi1PH7vxMmvvv5/TRGpFzykedU3bo9OtWt1MkEIgiTaQQMY4iAChsCQBRZFZXlkmpDz66N5nOaN7Wssw/sA4DR64iyOs6Z0R84dbW5lrr0c5JvpP/8BeufvGNC5yf5Nk0m8wkhG6vs7G5jOiLvOAAriwFuNdrN1oNFSWkSOlEmURQYXV4hMDBIQVbeB3HP/tnvvC5L9z8vd//8N13n+0+3RuN7TRzQUBpigx12tHWeufmzc3nb23euLq8stwAVNZjVgYUAVKIJK5ApRExeCsMDBpsHlxOJm1vLv/4L375zR8bHO9N9neOXWlvvXpz88a5KE2DD6gQtQFvIWoKeEAAdgAIaOYNIYovgRQCAmgBAe8AFaIRZAkBqgAhEFIalNKRiRqNJnN3bUkCB++9C7PJZDKcLHWj9ZXZu+/3v39n9OAwz8vQjfSFdqxJhIARgKQRqczCUb8wOkoStbISd9rxxlqjkerbHw2PT/Klnul0TWld4nWelxcuL5eW3337WasVx7F69mywfV61e+2LVzfe+t7h0fEwTdMnjwfnL3Yf3D0xmqp9XRUuHAIToocAnqB+p4jWigWc5wVEW4BK5xGBlLKWHdfkJkIwWrGAdRwYPEtWeCIihFD94ggR0XtWmkRAaWIBF1gBGkPGqNHUjXNPiOu91Gh6cpxbAaVxo5ckRu32C401X3jely0sf3OM1KLk6LSCFvxflIUoFD82ncE5g/SMavu0dmVx7H4sRrEKkQtzdml9GMopq/jMmgQAAKIoISKlyBiTl6V1noia7WZ3aenewyd7B4dnu9Dqe2OROdByAbyq/kyXz3eNod/79oPz68lnXzu/sdJrR1TmE5tnrWaiNaWN5PjgWMSPx2WRl0tL8bnzy8ooax0gKG1sWSJMiVBHMZLh4JEIRRNScN5ZXF3v/vyf/OzP/LQdDCYHB8P9w0FR+FYrXllKlrrtViPRShMqQF16QgRCYe9QGUJkZxEU6sS7Alh00hQJEJxJmgAYrEOdrlxubjzfvJXlBw8edzfWKUoCg0oaXM5AAEixzcg0QSwgQXAiHpQBCVDZhVwpSKgMIgEZEJbgABUqDcEzO/YeEIQ9sGcOIYh3roJNFbktcjcdZ8cHk/c+6H/93ZOHR6UTaCq62E1SDYDkQVSMOgITqXaHqA9Fye120ukkW5tt5/z6WhNYdp5OtUajVbOZAqKzfjicXb+1vncwOTgcn9/uFbm7d/egLPylGxe+8OVr//R/+p6wFCXbNLQ70aCfK0XVelDP3X7CUAbPDIQQR1TlvnhfNXSslJK5O54DO88hiNEELERY3U49i0iVVFQTMqtTw2gCEWZWQCLiPRMhCXrmRBlAGuZ+WoQ0UWu9tD92JxPLIp3ErHei3IbBzOmF0hoW4NA5TLjyFC2EnfJxNtpicrrYMs43i7SAHdY0x7mb4pSRMT8lZW5EhjM5vyIfcxPPMYxnoKtQY7OjOFZaG60ExFonLMqo5eWlyXT26PETH/w8WvhjKoQzR+3cOiRgjD7qz05G2fUrS+e3ukvd7hdfu6ZlWpZF2mxkowEzH+z1RWR3d1yW/tbzm8trPee9G4+V0jISZwMAxHGklPLeIWGcRGmaKtIhCCIqrb0yXlgRNht47Wrv1o3lEHwxy7Np7orpzHOStpI4qgmxHLwrlU4QiF0pIqRjl01AQMWJcGCbkYmBlNictAEkZnDWO89l6WxRRM1WVTOoY3EFximyFztDkwB7QA2ukMCojXBAVKgTtrkEJhMjsCAAGWAvPogwIJHWVa9o89xZFwJ755khWOdmRf9w9t4HB3/0/YP7u8VJFiwLAVzsxr1EVREKzbZeWkuaTSodO8uRIef9he1Or5sqRYQGAT75yc2lpXGcqFYrqqQqiOrkaGqtvPTy9r/4jffbrURr6g/K+/eOGGhzq/fVr17/rX9xB0T29scry43j48x7VyEKNQEClj4QomMWqVrhAISqSuMSRqqaEtSaFiu+wKJYFKHWhIRF7gnRi5TOC4gPIkBK1RgLAEFma121i4u0AcTgvIgUpZsV3gfutlIkerg/LTwDwmoriomejYuprfI2Tv228yWhnMIm6pTtM0aKxfVUPrY5X4hHYTE5Otvw1cWwIPvPsxLn1l/42DoEeBHBjad2X8EzJamJoshU+jXnfAiBhY3RURTdf/h4Opud+abmPSlBHYs258ctViUhcO7CynJja7P3wrXNy5u9o35+ZRmtd8+eHdo8S1KtiA4Pp/1BduPmRqsV7+0O2Ps8d8H74D0p3es2I6OYAyEAKmexKL1zQRE2mrHSyhijNYkIgfjArvRl6RTxykpvbWsrSVOlDAdHQiDE3pMyACDsgw86SoItIXjSBhC5zKslsXgHgKRj9iUAAaI2kdK6GjQDmKqoODhwJZIW7wAKIIUgqAzbEgKjJgmMRKTjYEs/mygTgSJAFg7CAhyEGSRUxyYpE4ItMuudmw6ng3724H7/e+8ePdrPslLiyEAeAvOlXnKuaaKIADjpqJsvrfaW0tKWReH7J0Wa6Fa72elErVasiFhCCNzpJi+8mFgb0mYUJ5qZSaGJ9N3bh7de2Lx5a+3Bvf7ly0vNhhmN7MN7hzb3NucvfP7K7/7ORyHIcFg2m/GgP1VELEKI1cLGSxWZLoIkThCDURXhEIhQEVXrE63IBQ6B1YKgS+QdO8+1kW0uQmIRo5T3gUhpIgDxgY1WWqk8dyIQxUorOhwW09zHhpY70WhS7g9LL9BK1EY7KsowyHyoQ0JhkUm4mMDUN7iPJe3OmRen9qWz7AuRxd6PT9Fp9Xr9rFlKkFB4Lgqv1UJ1mHX1XqkGctXeBBeBOGcN/ijCRKSIRFgRVUYnFNBaFWV53B/MqTt8NmNDGKpRtSz0BQt2AGIA+eSLW2++dOnB45M/Ohj9wo+/kI37+3vHvih7naTZbkzGM+fDhfO94MO77+7NJnYyLtMENzYaKyvtdjstZsVuf1KWYZaF/sBmM++DI8I0MUoRV7d6IKNQKRAOS9345s2Ny1fPtXpdJAzesndKRQJoy0zrWFhEgvhAOmLP4r2q4qqdFQ6olTCzLShqiIh4j2QkhCqLloNIYBAHWrO3SIa9JaOBdLCW4qQKLiJtQpkjKyRk50FpMjEzuDxD0rVmGESCY/bsPXvrvffOZdNi1M/6x9P7dw4/utOfljItQhpFmvgk85kNa4l6ab15YbNX2tKTe+71jaWVBhJMJgGBmw3VbNL6ZqPdiTmwBNG6kg9Dq5sgKOdDFBvnPAeJE+1DuHvn4MKl3uHBbDgue93U5GH/YKq16ffLONKvv37hX/6r+1kR0kiJQOWIXwClfTXGrIVEJKFKIRHSSiuq8LYhBK1JE1kIugYwcAgsIM6z0jTXstVRFcJCiNaGoFBrCsyqwlQFBoAI9WRWHg1zFumkJjX0aG86tV4A1jomNepoVJR+HpeNeBZcsUChCZw139Lp03qKUjyjm1mg7+vDkRYTmPqzycLOLB8Hv9Wf6qyku6rTBaGtPirpdC4KCKBV7ZxmlhAq1xFqrWezvCjsArRaLVbk9CBeXI/PNJpE09z+5FdeeP3lzX/0v7zzZG/0N/7iF2MKu0cnwYdGI1pZW2bxItBqxbPMnTydFIUMh/lSNz5/fml9vT2ble+/u3t4mM1yyXJ2XjhIpUgkxNGUvZPA4HwQ5tjA5kr6yZc3X/jE5tJSCwm9zZFIkUHSriwksIkTEbFFSYSIGljE5rXxSyA4S5EBkGALYECkUOQQPBhdPTjO2uB98A5JVaMnMpEwsPdEiKRCkasoYu8BPOooFDlpgwBcFAKgtEZUrigIkIPzwXMItf3K2vFgcrw32nk6fPBg8GRvdnc/L5E2umnTRFqLgD+ZZYb9F65uf/nN50j8vYcPr722vX11aTIp8txqQvEcGWp3014vSVJTFKHIfaRVbzkljXESAZCRyDuvSM3yUinqdOI79/tLK+n6RnN3d1Ykvrfc2Nkv3/nw+Pnra3/0rZ1Pf2rrxs3V735/l1NTBwYGDkGUQqxsRAQEFGmNc0KK0qqCx7JjAVCaSFXTTlVlFwVFLogSCCK28L6WZQsiMEvltXdBCs/kmUBCcHGktVYVoGyW28IxITZS5RwfjssgEBsipOOJHWZBgDwHfZbhvbgYLoRnZxOczk5ETucpZwKYAM70fnPS8MeTgFHOkAXOyEjn2VGnOlI5Q76pTRM1B5Fq0z6Rqu7DIYTAYVHD3ofFAT5PSj1DbTzdrdQjWVI0zcsvvXH1hStr/4+//83jk+l/+Iuff/7q2nh8AOJY/Or6KpIc7Y0nY5sXIcs5TePBcJak0bmtpRDwG998cnycBS+lAx+w6gAroJcPkJdcWM8iRkGa0Foveu5a74XnVtY32gJ+Np3FURRcMEmCSopirJRKWm1m9mWmtKn2xuwcCIsiQLJFQUpL4AAYrDdREmwp3gFW1GdBVCLAQYCFJVQv/1CWpLQ4J1qDBHA+BI9acVmKlMpELpvpKK5RcHlORChS5jMOIfhQ5nZ4POofTvafDXafjvb2p/2MPaki0LtHNgs+Ppg1I73ciBBxMsp/5vXL/6uf/bzNZx+9d/vqS2s3XzrnnEsiYwvLgYW50TBLS2kcaQ6steLgC+9NbKJEGaNmU2dMVBl8neey9EorRHqyM7l6ZfnkpCjKENhdvNj7xrf2njydnD/f+61//eBrP3it202yaakQXZC5wbe+exGRUmo+XgABYGYmZOZqF2EiXS36SZFSRAjgAgsHAVJUWu88O+/rexOzzO+6gUUcaAU+CDMkiTZaaY3WS2CONcYaj4bFpAiKMDEqK8Jo5hGIQaoMRpEz85Y5B+40qr6eZsppKzi/ptZi0BreXUUEz//9AmgxrwI8DcdYRE3hYhFYr+6rHaWEU/hnlXVWHaW4QGbMgcdVBq6q4KyVu0okNjqKosJaQhTmU23OWTH64j1AlNtw+fzSizfW/rt/9M2idD/25eeWOo3xZJJIaa3tdJujUfb0yfFwaJNEbW93AYtnuxNAaKTx7v74+GhaJRnmBXsPHGqGcGllmvMkC1nJUxtijVc3kitL8fmNdK0Xu6I82LXdXlMSQQYTx1D4zM6SNFHGFNNMBKO0IQyBfYBAREjEAlyWEhggAGAoCwBg5dl5ACRUHKxCAFQC6JznwKiUywulDQdfbeWqjB0R9oUlpYUD+xBKC0jFeIQApJQELorMFnYyGB88PTk+nB4eZs+ejU+GxaxgIh03oqijOkn8tF9YFoUYBEaFO8lsG+TPf+7aL/zC16bDwb17d1ub8bWXtioZUfAu+AAgOtKNZpQ2NIJYG1BBnChCDIGViqvh3P6z0ep6s8ytsFgX9vemSWQm43I8Lrq9ZDx2R0dFnMQXttv3Ho5eeWEjK/jtD48uXeh+/629yCjPjFXCjwAEQICYqsSJWkstAMggIESkEFhEC5pIBUEfvPMcVTvNUDPUAosPoQoOq/aHle3Qeq78hMwQKXQQtKfIqKL0k9yBQDNWsVYHo8ILKMJEU6UKQEQW9AL6zJlUM4aqScgcgTifyZw53hYP8nzwCGe3hPO4pgV9VGSOmZHKjF8pZmjhdFrcWhefnE8D3uY5HfVgphbBzclTRBLC2W4xhNBM0267UdrSOjefM51Bv1H9OVEWSjz51HNb//Lrd4eT4rMvn7u01S1yO50UABOFOBoWe08Hg34JBOfPdwFhPM4jQxax38/z3GlFQaTMvfM1LKi00h/7acYiUNFuSs9TC7Od/HDsbp7kg5PphXPNjc22sIrj0G5DmTtUKm23ytwVMwsCaavl8pxDUMagYJSm3jpljCsLExlvWWko8iKKjbMOmBGJIQBAhTkWljIr2AdxFhh8UYgglVYkIBFpjVXkW8iJiJ0LPpBSPiuy8XQ6zqbD/Gh/uPdscHI0G4ztMPeeESLTbEQj6x8MyueTeFlrItod5S4Eo1EhBsAWhF/6wRu/9Is/Oh1P7r39rkd365XLcWqstUVuZ7Pc+2AMEZm4YRDJe+ecNwiNpm40UwTJJlnabJDCnSfDwGIiyAtblj4vwjTzcaIGw2J5uaE1l7Y8GU7Ob7SfGNw7nC31GvcfD5eXGyrWeeFqFlOFlyLQVTUFASIW8VyhrSUAsLDRaHQFWgKjSUSXpfcsEoQZCutZwAepQmYEoM5SgLnAsho/CDgAIdGBfZBx5rMyiEhsEIkmuWeR2FCiMXc1ZtGyMIte2BPqLSCePbzOxEospKJn8kTxTObL6ZpijshgDqcuqDNqmfn+gk5HlvMr5wJOXBsp5obFM7iMUw6V8x4ASGsGUEqTDwJQWpck8dbm+qzIecreh9ND73Trecqb8j4stZPJuPzoUf/cWvvGpeV7j49ajaj3XDPV7vgkOzqaFHkYTsLqSgQQxpOi0dTjcT4YuywPirB0XJZeRIgoiHgnz46c89COtSbwnhOtLcPYShHk3lH5pF9eP0ou7pQXN7LzG40LF3pFx6fNxMTaFSOtdRTHWqtiVlQGBlfaKE5tXgBiMcuVUhyYlC7zEoBYQ/Ceg6cFGyiKETF474vSFUsiAUGCqxpFT1pJYNK1Pzuf5dPhrMzK8cl0MswGx9PDo+loXE5mLnccBA5mLkqj7ZVWTBgQosgcHpW3D2aP+3mvYYyio0lZPbxOIOXwKz/83C/9wo+MB6Pbf/S9WWkvv3Yu6UT5LEOC6XQmAsYQKvRBmGU2KyJDRKg1JImKU51P7GxauoAmMqXnd985eOETK7NZOc0caT2ZFtro0dgpbZGUCBydFFnmz2+2Hj6ZKKWsC/uH07RhptOSFFXQF0QABiLynpEgCCOh9/UBoqQ6L09zGxDFKKTUFIWz1VZQsHDeV/kWAiJSUX4JUdVAICgBEDFUp6tAaYN1zIJGodE0nNppGVikGateM/bjsgDmWpcpi8FMdY88Q8GfL/NkTnijjzV4pwlNi/HJPJeJaqlBddpXaozqxnpm87fIo1hch2WeGHo2xxfOLEQW+eBICIIcgvehAgdGxnitAotzfjbLzm9tTiZTYR5Ps9NIgLks4XRCAyAisabD40npwhsvbh8cTu7ujC5v99pJe3A0GwzL0sEkC1EckVI+cCONJuPpeOpPhg6rmRAzEWhNpZPgcfe4nBV8bilFEGKOYs0syykWwXlhg1h67jvV8dHgwfT242zl9uTCWrK6lHbbUTNVneVWd7kZJREAxGmsFChFzCWR9c4zS9pMwCGz886bJOaKj+pslFQWKhRCHSWxibJ8OhuMCDF4X2aFt2Han1gn2TjPpnlhQzGzo1E+GhezzFVeci9SCpImpTRFlCg8GPun+7ObHi4uJ52GOZj6h8dZogkAjqeWBYxCrdAG7iL/Jz/5qT//Z37o+OD4va9//2SSbb6wtHSum2eFLcqqk2+0Yw6S5bYogvOcNky7bRLEKI6iNHLWlqUfj23pQEekNe7sTlrdOIpgNvOCYAMXJQeBwdAtLxlmnOXy4MngB9/YBoTZzBLhYJi3GsazYCXOqV72iEGEBH1gINGotMJqhikMzIK6zh3xvtrUMwABoGexNgiAInR1ZDUIQOHCAqgEFe2CkBmIiFmywmnFmRUWacQqMWp3YAvPRNiMdbUawEoOzgIAejHOlEUCw5xiWLMTqU5sq/cEMk/erhYZzHPsBVT73ErMXSdsA56ZncrHcNwLfxNBpf/BhTimsk2dmoprMwctdD1QtXuS53mz2chKaxGMNuK9CA+Go/XVpRtXLpa2dC5kRbE4iKuEnVqcg5WGBGe5nWbu0lavGZs/+PajtJV+6rlVDTzLnXVhljtSynu2nhvNKJuVRRmOB0XpxDnxHhqpRIoCswCOZuFk7DaWUqUBBQJLRCCILVQriRTTEAQ04WBSnF9prW+27z45+caT/rlOutGYdBNoRbDWTjq9RpLqRqoTQ2nDNFqxNjpuaF/YOI2RiJTi+cRaEQmA1lpVrHEiQdEmnp7Mhoeje3bHliHPXTYrskmRz2xpg/VSemYgIRJC1ARaYyMSwP60XE7r+7rCOgrWBnz/YHa/X3RTM8rczHI1OTSKRIQICxcuNtT/7uc+9/N/8kvPHjx+9xtv7/enrYvN1Us973k6GpvYcAhRrE0SzaZllvv+oCSFK6tpq6VZRCkFILYMo1ExHNnYcpSoPLdZ4e8/GrQ7UWRIGKJIl44BqbSOuSRFRRlmhds7ztKG2dsdK4XTzBlVpetVgZpUUVxFMAAAomfgyrpZjV4QmcX5AAimeg5RAYL37D1bGwoXAIArTmHVTPKCUVpt6qs3EbmKBiwiAqXzk1IqyU5ueZx7BoiVMkSzMtggocq9kLoI4YxltlZxnVWbCSzoVHiaTDOvE/wYt/djDF+BM7q1UxLGx4ThddDpXEhKiIwkEOb1t3gtzIPiAIjUIsF4mmXLvGQiUxRFmsQVU6QsipN+/8qlC+fPbc2y0jrHHBZdZS1LhhqTrgit57xwr764fW+nP5rZN1+9eH4teXZ4UDXNIqCNOhkWG+stZ0NZ+pNB6bywyDgLmrBFVH2HRgEgp7GODSKw0RhrDC4oUErTSsNY5sOpBUQf+M7TwW5ihrNclDosQwbEk+C9f2ENk8OSAIiFvWtHpBQRkaEaRgQIzKx0PedTgIiotZLAHELd1QMEJ0XpHUsAFCJUiAoFEZQyqSmCzAq+upZaDkJYee8KK998fLTZ0Z++1FFEIqJQOQEEiRS5IAdjCwhaoUBlMQciykv72mbzP/sPvvLlH/+BB2+9+9433zmelLhsNq50AHA0GFWvYhNpJTrLyoOD6WjsJmO7da6xutpIU1MWLi9cYBwP7dNnszznhmeVyWBUepbx1I1nfqkbxxEqoiDgg5Q2zIosNpoUcJCjfra+0vSh3hxkZQgsur7HsaJakxGYQ3V7CxgkGK2ERamacsvM3gcOgooQoUqIrkYyLOIDVzFVOM+Brx7sSgzAAhpEK+Q6laKKtRCNYBRlRZjZIACRJhdgVrIL808igiB6PurAM1uIMyLSU2chnGbFIJ513c91MnOJDS4+Vhb1PEfQSG25kAWrG2WRfsowR3eHOscDAXgxg52zbarkOEQUcM6f9Pvra2vOeut8ZLRW5L0bDIYba6vbm+tHR/3JdGpDmDexFa01QCVVmq9bWs0YCd+9u3/jQm97tfnw2cRP7UZLlWWIIp3noaL3nPRz5zwzt5s0y9w8Ux0AII4Uoqx0NEkFz8M0letX2kbpxw9nRQYmog1EBjiZWRIui8JobESaRWalH+VSJVAdFH67ExHA06Hdn9ofuNRpKAosOQMyVktREQJbv+JUHY7scY7GI6ovYQOQpeXUKCKFWiutFSmFCEmkd/v579/eEbPy0sVu7tmzJLEenxRTGz489AL4pefXDWHpQlklQyJQFQUwz3rWhAGgLIqfuLX2N37pa8+9/vztb3zvg2+9dzgpfQNv3OgmTTOZZsVstryxZCKNhNPh7GB/9vDRdDJzm+uN7fOdyqzgPAwG1joZD+3TvcwY5YWdC6Opqw4cH2Q8sd1OHJgFyHrO8mADC/skiYgwy/00s9WrQQQmM3vmNJDq3eWFK/uaCDAwBAIUjUAilTtcKxWC2OCrSU4I4jyHmmwEkVZFYavxZtWjBQYQIJK5/FIIgRSyQGBwgUVYawKEzLJlAZBUEwhX2YkCUKGiNFZ6+VN70JnCqLZ8iyjDqn7gjJcCz6755zCLeelWupmP1eACmCjz7X2t5673DdXlHQhQKQlcLXIqm3AtAa0MirUPqe5hh6NRmiSdVns2mzkfjFZaUVmUJ/3+5UsXN9aWj46OgrPz8JlqJkoBTudCnmW1nT47nCDgp25t3X54lBh9vgcMFERQxIegCIvc2yyYCJZ6sdEwnfms4MBQNRvVEbHUjQl9lnO7Qdsb5trl7vJKd3lp+tZbx84hGYpT9Xx75Qufe2ltpW0La7Q+Oem/d3f/j77/5GRcENGzYZE7DswnmQsMQw8rbeOCIIJCev8gu7LWSgw6FgJIIr03KDqJWelETmrenTAToQi+e/eoG8fLS4lUhmetAIgZx4V9a2cwLv1v3z4aOv6B59dbhhKjv3lvWDhuxPThwczy4Vdf2uq2Y5ovm7DqeebdQG65ReGv/8iLf/kXvtZaSt/9nd+/f/vp8cyO2F+63FMRWMeTyazdSXWkg8hslO/tTR48nDzbm3W60YXL3Va3MctKEsgyv39YeC/9k/JkWDabceHCNHPO10JfpdB6Lh2DAIOUVo6HFkB5hkgro1Vu/XhasogLUL9cRQKgEmAERpnf5SQEUUSExAI+cGQWkWPgQwhOENAzswNFipmt954ZEUmBUlh6ZhRSFFyo9KbMohUiSGDRpLSq0tQY5kEJgSF3HACIMDGUapVRKMOiuwRCVHFn+UytyNyadMrSPpPDRItzj4gW8DQ4LUmEU54awZlCxVMoMC40NGf0OPO47oVUJwhWF2b5GMkbTzH8QvOXQVGUURQ3G2kVYlVJARVRt9OJjBmcDMpspglJFl0lIiDXZB0UgHYj2jsav3JjC5D3j6bBw3rPROSLrBCRsgyKIHjvfdAaVlZMHIMEtk5KX3eoaaKMVnFkKkULIQLQ8Ym792D6dDcrnVTJyM2G0SST8fTNH3jl5dc+sXluo9tJn7u2trbUGA+Gg0kBRNPSZ471fKl1YaWhFCZa3T3Jv/Goj0RXNtuN2OhI7wyKr989npSh1TAewLLkNoxyP5i5h0ezO3uTg1Gx18/u7o0/eDZ899HJ9x8cf/f+wXfuHhyM8sgoBHx4NH18lK10m4Dqd99+aj1XM/qTmX18nGUOjqdlmKdKEyIROoGysJ/abP2f/8IP//lf+klbjN/73d9/+NHuwYzHitevtlq9SGldFFZpanWbRWGPjmdPn0xu3x8/3cu1oVu3ehub7SIvs6nNs/BsN9vZzbI8HBwV45lXmpznWe4rP2ktERNCpYrSK6LR1B+fFN5LaQMiFaXz1TYhMM03ZFXGIJ/GesqCrlDLK7ESSqFWCIiBa7tdBeCrjqp644RgfaW8UdVsosIi8hxGW32grvoGRAEgIhtkfozD1HLuOdHUTSMfpHDsWbyAYyFEU8VlL3KgznZr9bK88jkufE71kmKR6DnfH8wdGLI46mpYuCwyP+dDWJmTNM7sQ84eicL17xBOB5hzuNNZfd2pn9ELH/ZPljqdbqcFlZtauCzLPM+aSbrabY9PjqUKE6joetWqe745VAhZbr0Lm2vt924/Tf7/ZP3Zr2VJluaHrcFsD2e8k/v1IeaIzMixsrKmrkqxq1kqNJuSQFEgIQFsQAQEvelFf4H+Db0JehAgPUigSAiQIEgQWE00u9jdNXZlZWVGRMbk4/U7nXEPZmstPZjtfY4nq1HorEgP9+vnbNu2hu/7fXW9a0KQyXqvgCQxJvrLbife2XxWnJxUXcOVL5g6+bbtekHwbYONQeGN0JeFU7H11kIIgOCYijEnAcE77HbN/+n/8F/+Z/+r//TpO+ezxSKE8LM/+kG722r81Wev93XBSYThCG+2/baPT5fF1zfdX3x7Xzj+1ctNMHt0Ov36avvsemdgX1xvvrzdZZKCpUg9UFXHdLXpXtw1R1aUzI0uHKfvoS7cy7vm//Jnn5ee2l6SLcAMCu/umvgvP7uqPFeeCdEMuiixi+9M/X/yj7//n/9nf/rOd55++Vd/8fd//tdv7vs3DWwcP/1wWs/dvhF0oe/jdFY8f3F/fbN/8XJ/fRd2jSDAo7MCyV5dbZpdBMPtpnvxsm168x5Xu6AATS+miZCcxVUiEA2staub7mSmIrDbByYhptgFRuyitRohUydS1goMqYOpgAc2dRkfAUy52YuiKZVG1LyBmoaoaWiKqOmWI0RCjGIIxsQGRoTemUUQMGZKqmfR9MwjErZB22jJ5B7EOlEDqLwzg00bO9EhWA0ZjQCOMPgw2upp7PtGHz3gkeXggGk6Cp04pItC/sV4oOePgMMDZD+rS48CMMactBxJrKAKx7/LoaIFPLpUiRARutCLxElVeu9SSTab1IvpJHb9/c0NqPIRwNwGiY5h0k9oVfKjs9lnX92cLmddF71zpccKOxNhtK6V2CsYI/B+Zy+fh9tr220QjOqiqItiWhZV4QnQM1fe1aWf1cVi6ua1RzBGrEtXOgTT0vO09qXnL3755Xe+/8nJyUxifPHN108fn2O/v71vN230KbEDMYgywsTTv/jsrgmW4rDerNuvXm3XTU95WjOCEDCz2QmTsJYQHaFz5AiZKV1lhzwRNAN0TIgYRZloADsDIBBB4dKIwjpVjfK0cv/89z783/2v/+l/+j//EzD52//vv/j5X//qxSbcRFsbXrw7nS/97e2+mpRdG7bbsFp3X32z+fb5/vVN10czg8JzUVIIcnPdvXzd3d73Vzft7Tr2YkGsD4JE6QDmhHgEALzfatvqrpFX1/s+mGO6vWtEFNSiqEQRVdFhJWiolm+BVEsPRw/ThIYG3ZdjSn/Z9MQlUqSq6RBDb2YxWogKgCKa7PkJNxoFdJjlJ1hu+tO94z7qXRv7qNOSZgW30TadGMK0YFNogqiBAMQUfUHoENyB1XTQbxscZGrDLU7w1u4u9YdjXsaoAh1VM6mbQwTQ9BfXsaHM8F+1ARKVJzNwJEjNw1HKuKcxa3VYY4yOpOFKNUJr2/Za5eL0ZFKUphJD0NifTOtF6TehNwBFC4ABjHJkDgYwRQxRl/Pq/n6/3keJwgjdvosF3O86iwJi2LM3lg43kXZ3EsRUpa78rGTn2AAcAxogsAGIqsQUggdlyUzYdTH0YTop6pL7IDHIbFKs1tt/9Wf/9o//h79nKvtdmFb62z/56M1te/vvXhkCgTECAn9903xz0zZihaPkpymYgIfIOssqQxqCHnFcJo2+mKFkSv+Rjzc9A9EImMehH2Ee7EezELU2++HZ9H/82+/9R//+b3360+/2SF/81d//6m9+8XKzXymuFRrAas7zU3d9ve17o1V3c7ff7iMAbLax61WGLiOq3d732x3vG0lzHjXoozkHKAaYzw8CkIICKEDX69VNUxTcdrJvYyIXGoJIXhOoahrzKVg08MMYP0//CdKgChE00xuAM/8onzrJlRb0MTNrE9tomK+AmqZyTKMw0xGrJcEGIH0pSGBgQTWnI4pF1iZITDN5wC6oKBiAaGIxWboY3CE4HtAw3RJZsWk5yW0E0KTh55Hp/jA0PRLUDBpss4RCo1HShkNJNBa/GTmRzmEyr6V61wYK6yAmH5Jk8lKf6LDmOAxpQUPo7+7vJ5cPK+el66RtpgTnJVtj0bBTUDBDjKYuBbxw3pNdFnHRrf/oMZ/xWkB8ALlBCbHvYtPFqixPZ6WqNV2oJ8V57UMfRGSzD0F0PikIrfBut+8QcVr7PmjXRTG7X7fEVHnuernbtAZWMBMhEYrhv/3LXzx4OH/n3YfT+eTrL589vDj56J2TL15sXt/vHWJKBeoFxaBgDHq0NR3kfOnzTxM7RiJLY0wgAMUUlQ6Qah5CQvRIbMaDtZoQC0aHAAoG1hu0ZnvRro+s+qT2v/PR5T/76Ud//LNP3/n+e30MX/3is29//vnr6/Wt2LbkddfvAbGkcubu7vevrxpmd3PXrza9IDrCKKBqyCCixNx06pWaNkaxMTxXAYEwfS+pKdk1WpXU9maKq22/3oWyl6aLYNB0Yb2DhKIVkWFlZojZOjgONyjPLYAZCIfNeHpSVJlJhzhaNQtqhUPVHGEvYiFrt0xEs61BlBwSAhgIWgrJU7AoxkxRzRGlE46AhBDVNq10YmkThoCS05nSLsAcIiPY4CfM3RqNNiI7ErQc2QmPrfXZFYhHjsKDU9fgoLYevLmICsAjVGaA0xyRS8e398B4Us3iUjxCnQ4xGDQcwSMFKiBA33fr9frp+Zm2je5cQfBBxQ7iCumkYiMEAnTkHdWeJp48mQcTkyA9zMA7MZ/S5KBHmNX+dFaudv226aZ1WRfc9VFU5xOPaAVT6mGAcbvrUnmza0MMKmJEQES3qxYA6tIlLQWzFIz3244QN/vu81+/OluW0vVs8Or51cOzaUXGRAAmhmzmgNRMbJyRHcKdTVMthAWRBySA1PYQQJosCJhxtqQwoAcoiFLyISMWTA4xheSIqoqy2bnjk1n95Hz6u588+oOffPzx9z+cXiw2u/Wv/vYX3/zi81fP7xqxHYGeTDdNt2padc4hbZu4uW6321gW1nXSiXKOSclrXkMMMZc8UYQ5iZYx8SkNLGpeJ0elN3f9cs5Nr6G3u1VrZrs2mlry2e52AYac1qFksuS1pTzFVSQiVXIsYFGyrCcBpdXMeU43T1AjMESImhLLaMBYQKJtjv7dFISWdAypgmUiNDBN7aMFAA2iRl20qOYwD/+SF7hgAtNMIYX0dOVrUAHdbxytI5SLHTgUw1lCRE3JgmkORYMhaGSlHZFgDAaPxZD7PbBFR+U2vgWYGVAwgASYHrW8ysAhttcO6dlZMDcaLlAzr8gQd9tNW/n5tJS9Vdr/4cPd1sJ/8xrfCJIvL86rFNoYTQk1vUG9o8JziLJrelGY1kXlqfJ+tetN9dHZJAFh69JF0U0bREii9FEQre8jAu6b4JiQcNdJG7T2JFHULApumrDahqogUYWoWzE1Y4IY9MsvX7x7Uey3zfXr1WRS/sOrV20QQGAkRGNmyaQdA4OBGZ3/Z+J4SlggUeZHHmIIkEAHN9jwKQGaUapi1AxRVIiwYDzx7uHJ5J2z2TuPTj967+KDj548fO/RZDlp+/b1s1e//Nu/ef3i1c3tZt3GDsGmVYskMb66W/cKHrHb610MEk0VtBfLZEqUBIiipItAM/Oe1IyIkp1Pzdhx1wMSOAJDjGLrva12wRV+twttE/og43OpYAAmamhIZEE1PRZpxYUAcgCrACCmRAoaJPxJsJBOWgBgQtM8ohNFNVPKVG5NGdVvA6gNLCogGGF+1tKnKumDNjPEqLYLKmqFQyIM0USNEE5KVxCuRBVRMgM3aaZRwRwM6Z7H2uaR/mDjDXfIOxuZMEAIOsq486BDR63Nkakva8Ixj3wo3fSHKHo7LCqOkFAZcnE0kMXRfkGA6b2SkmcOTnkDRoAom9X6hCYVtr9Fb/7J/2TZtO/U/4/7v9jJ36/6VTd5fnX/449Oa4IuiIgyokQFMO9oXvtd0+933RZgNvGzkte7sNq287qQKK0IEZDpat1E0abTNui0BhVpOzUzdixqbbDNPpIpMUaBKNZHMbAYBRGjpnW6eqb7bf/sxe1mtb9b9+6+uV+1YfjLJBsNE6pAVO0HlVOqBabMCyI/fLSAIGpHXbwddy0OoCCaO5oVvCj9SeUvptWj0/nl+eLB2eLBw5PzRyezh6duOYO67Pe77fWbrz//h5dfv7i6Xm3a0IoGw10Ut6w7lSaGbdu1UdBxiKJqISrzsMPKV7GmLRIziampOQeIIGLeOR1GavsG1tvoHCwXDAKbnb6561Q0RNntOxHFzPuycaBkZpyXyEaD48aG11B6NjgDUUA1Kz+iGrsh+cRQRNMoJwWnJaiMiaX1ukZNkTw2PJtJ8NgEJcAUM6pmjGQwSE2SwNOsi6KABiqKidzqmCpPqEoEoBlDnuZnAKAwWJlGKBmOjgP7DUMvDFMmQ2QbEL4EibE9tH968Pwd9hrDD5otSHa4+4bTbwOW+1i6nW5Ww6MwmQN6ETGtBEeujaEhIgM4M4cY2q65D9+h8Ie/b+73f3hy+uBn+784/9ZOXvUnH33wL//ql59/e/vTT84JoE1ZrYgi1nWREKvCtSZdgNd33bxmR7TZBxUFsK5XJiTmfRu7oGrYBWtDO6ncpglRATESoSo2vZiZdxRzcw9Nnw9RE6RwCAYW7f66WU43oQuv79tpyRJl16kjVFUCiFG3Xdi2IUZ1RJ6IADzhsuAFkQMwNUfEBJ6wICod1d5Vjj1CwdQbPpxP3zmdXM6qs+XkZDmdLifTk9l0OavmdXEyx2kNDCqx3Te71XrzxYvt7f36+u72+n6179Z97AyUsHe8bXvxjKK7pmtD7M0yiNk0pfyla1eiDng7BERiJMpp0gYYBQy4CYAA7Pj6trtfhRCFCKpqgoivbva7fSgL2mzbxOYZ+F8mBg5J1dKQIXWPakoHK5zRKMmA0XBjSduR5k/psKXduo6bGwJO724AlZwfKWZDDnaSHKsMdbUBEJKlaxYhqJkqoEmwqCYpOcVAFKKCqE0rR4T7TlLYc0qrT5sPUQUDd3TzHHHmM8QpYarfisVOH0DKRkunP63+0TkzHUc0ZgezYbprVdN6fZAEDHD7VGMcspyGievBRwXHVsNUfqSJDg6COhwh/knG5QAY7Kzf/+5TWv7xE3n399T56vtfv7OcvbCXs8uH/8mfLv6P/8W/+Ozbu6cXE4ka1fqQ8gk0qjqmpJgStdf3fe2QGa9Xbemp7VP6qhBCEOijhCiGEDQ4R7t9QEKMAECG0AWJKgjYBCEmCIYIproNWiu3UdvQn86r1a5vko9BhAcMRxNkte+j6sWk/MfvXXx4Nn0wK2feVUzzuqwLXzCjGoEV3pXeeccFk/fel66clM57VxaGXC6n9XzCkwLrKfgCitJMTfrQbDarVff1y93d3fZ+vVlt9ru27eK+j51oE2XXhcDYiCKSOG7ABKHfNlGTZT8rb/OaG4faJ8feARGNi6UUCdgGU4VNE1TtdFnf3jbXN00S6wFi01rTx/W2dwR9iNZDulhGBWUyoaeZgGGeLqbHJY/3iMXADTMnMxBQHNI/AUeH3LB7MyADIkhk+3TadUA5ZRhmnkLk2b5jRMg3WHqkmciDRgUmohQGSpYgUWoQ1AyhYOyDBDG1PGvAI2go4QB6OizHxxJxaLXsILZOSJgjZxGhqiFBUrolSPtYOeaSCEcpAOapnqX4Ujy46tOfYkPoi+lhbZLXI0iAaXKLhsmsSYczmvzSuRVIDZI3/d0H9O6nBXzyKfjHhr07P7F/uHrv0w+/fnn19MMPfvvds//nX3w5Kblw0HS670REHGOfCn9ARDK1bRNaRkdIaJt97xyJQh9jmlL2UYgomppByQBmMRoDBJUu5WYh7foYxEg0U2jVgmonSoBpnrDedk0naKKDKSFE6brw7kn1T3/0zm+/c/b4ZFo4ZoeOqCycLwsuSl8UzjnnHZclOw9E7ApwzsCMMAF6wn4XvGtjsHWjb97EXdPv9v1m06632+2272MXYxtiRAgCxhQMGtXeNIAGp1a5vkHncd+Hzix0MaoldTIAAqoYRsmTRrN8baQZnyH1EUSACHYtrvba9NJ1sm36s5P66ra9vt3RIOQAs/U+rtfNkMsFKW96cIgbITGgmVE+XTAqIcWMgNLUMVWnjJRODQ1Q+HS0BunPUIbl45wYaskglBYeg0UXgSmnfKZDIWqMgJYM96qAYOoIszyAkq8aCYERgqZfjyLaA8QBAJV6h7RjUgUkdIOFN8sqCQ5/5Nh+HBKRRpDood1Nm4yjw5vyegc//Pg7wJENceBd0GBWHP6R6eEqznwMOobdDPim/JFhOnRDBjwcFALg0V5c7Tc6PRWD9c9hOrV6Mjstd7tG2m5zd/feo5NtE7+63n/0oG662PXahpgGtgYYFByTqHZ97BEjwNRj00ulYGZNr70AUZqVaxu19mQK+y46phCli6aAnnEfZd/LMOfKHwilph8BEEpPfZAQpWQrGN+sQ9vFZUkfTMtPHi/O58WvX9388psrUq0debBJ6cvCTeqidI6ZvScgIiRGKhwTYzQLMfZ9bNs+9IEI4mC/SW6ANFuQVLaQocMQNCoAm9VOve+2rTGZOnMsQXqRTdMFtaiGgGmvDWiEmCideYSIAECiYEBBMUTbNQJGfYi7Vle7LnEPiGi77UOOSctzPWJar5uuj4PTJj9mpkn3QQDjOx1HLfFYYeWtcdKpGaolqlrKaMjralFQMGZMcHQAS8k9ooCAIikeZ5gH4uiTRce5LxJAUTPAoIb5R8vmHEaMBn3UPmpUYwRgVFPR7GBRBdHDc0wAfASTd3YYZuY55yDpPnRfMIrRRgrGYO8dCDOH+5MgScMOM3UbVwhmWd2BlqrZY/fTACy1kUGoh8981BDkifSIKj1kBWN+HSKhAUwdvffRg1gu7H6Dm89MFS8/Li739fO4mJX/5t/+4nzqL0+nz1a7i4lf7/o46AbTjd2nXEi0Nohj3ouRYRM0RCsZ26jbXhyjI2xCFAVHuA5x36kjTa9MQAuGQQa2//DmSGt1Igyis5KnJfcCnpHIdr1NCrqcFhUjM65F/vblrQcgg8LMqZFZweiIKk8FUUpmB4SkhnGOyspFQgSIUfteY5Bp7XzJquodqYAiEiMwELNGNUKraLfqkZkrpAq5dNghMqmhqCnivksZm/mNl24cHOCxiBhiKhdp15kadr0i892ma5poalE0RLEctwAi0qSg0MH0jkiiGlI2FSbdYvatZ2J6lmQbYbaJiyoOoBJCyoFCwzM7evzSLIIpozfETCXZ5owShE/ThWEjFcwOd0ACplnqFcUsIdtEDQyZKO00039beVDDJApNaeU5LgawYPJEIeb3iYKqaUH5sk6KXDdUpjDS78fko1Q92xEZcFwBmh32CdmsTkcWQTPMeSM2wp4OeG064HcHh4YdTL6Zy68w6LHocEhHIeogaLUhqwJB85QIBIAM0dHTcz+9PDM3Xf/f/3Uxd/X/9DL4otlu3tzsXt1tH54/KgreNPF2F1Rs30cC7ERFzRGlM0ZEXdQg0Ks2xvugpaMm2r6XIBo1L4II8b6JQSQBDtLol4dxJTMOkIH8QknZdwXjw5MK0Apv0xILR46BjGIwcoSE4gA8EHNZFtp1sRdQFISq4CDKKh6w8ISAjrGcFOJpI1LUTAwYqUTENgKDn7n0XHv2fRPNlEoSVS5c03Ts2M29KoADQ1ONVGAUC2p9kD4kTAMoGBDm8X0OtEz7cROxTnC9lyZAAsirwWbXIoCKwiHE+S1MynGKiR0s4OMKC8SU8lOOwwkbARQ5QW+AxMM4HlcVJESkgcsHw6oy/wsGSnhIlcah8jVVHpSUOgTN2ShkzgABAABJREFUG1h6pztEyf88z2sVDAGTN7fmFBdjCEBojijpjdSs9K4uHUAMwZK2gBkdExGkKQnSoScc9oSUurqBf292iJKwkUwxHLSUR3xIFh6nMTjef6Cjhj2JPIeB1OAZTk18Pk6YX7E4CHne4iVmM6Eh4G9uU8bkitzH2n3E1zcNKNjrV3If1l/cT/7kFtTvrzenjx7hr16s912M0czu9rFAiwpRtA2ZwtWJVeiaLogYoCrQzqSL0kZNOXUIEFMhlAbN6QMd4lZT05FGdYnHmGCLjrH05J1V3j068XVBhJqUn5QZyJDUTyMzq5NYlzUgC5qpqRk5GwwNyh6doz5E77wrEIJhiWXtJCohVgsvXU8lFlUR+kCO2aGF4Cqn6UGLhAX5wocuCbBMRH3h9ptu38S2j9smqoIO78wouRA1g6gQBVc7a3vYtGHbKICFoGbpHGZJRlZFDREmebQCmPqw4YDkuk5Nk2g29ZdmKkcAaBqpmUeD+3EYmxUwQ9+XqD+EEFRH+hHm7w5TgO4w/IBh1QFqkLxLBxe6Ju3E0TNJlJASCsZoorbvBAyCWlR1lO/tmH3qkIyM7NkMCiJvUDksCF3BKcjIHdOTRtLuiCJEGqqOwUx4nPBpmZaRN4TJ2AF4CDEEQ+T0W1KuGVPjh4drjdKy5ZCtlpSiaEdCgAEDBSk7CY7cj5Dfdun1BqpmjMy4Dfa6A7fbwoO5gdGyNgz67bdXK9rD/off++AffvFrJopi205qJjFrgzbBxuWMWGyD5B+JLEouMseiAMeaYKCPJwzeKChjwtJh5d204vmECoelx8IBYSYXH97hZlGNgQCQUZBRBBCg63pGWN1v6tpTwSZCyOgotKGsCu01gBSViyB97IsZMxM58FPvQgTEybwKDcc2FBMHbECInjUAMTCQCJA4KgjAUPLJIeZ9E+83bdNpHyTqqOemPmra0cVoUbENdLeOq13sgiS6GQDpwH/Orc2gTsx1i1k+lQiQGShHMV82plmO6jwaT91wXWJaD44hP0dwpHw1pNsvyb/SLEbH3xTUAHUQZaWmERE4PX1D46B6cNSKIqLxMPAnyPXriJTmgfmQpN5goKoKGDVrx9toMV2pACkd1Tma1MVs6md1AaDugMI9gAsP3pexEh0tS3Yw3lsW0h3v2fE3ApQSAZvVLNMZAA6z0bf2gTkCTVHtUAPr8N+kloLGnzKnCucEGzpOeUr/vnf4L7/qLv9fz/+jn81s4U9+9iE07avPd8+buatis28A6eurdR+lE44qUaSPaUs0iOeGNEmwg+wEEYk4QUdyc2qabhV2RIST0lelr0uaVLyYsiMsHRUOEUTVUhAsgaW8aEK0AenvIIszVIFAmV16+ARMuxCjLuYVO0YEX3tEwIIdm4pwibOq6tuePbqiMLOyLtQzmpW19wU3iCpS1k4ARA6rWBXDgkP6ixC2TVBEZ3R9s19vY3bVpdKass4DAPpg+w7WO207ubndGiQNZ3bGEKIRHXxvgzpkuL5GSxoeQe+G+HNEHeJcCUmzBFlHNdY4xYNhqpnPqg0OestCbc7DG8znHEEBHI1HfJCtIKaLbsCfKIA5oihKg9cg6a3ZJbpYng/pMGZLRgwmyI1JlolaEDMDl3TbopJEcAdpJibvBZkiWhrM0HjFH1O3h+C+AzweR25MfkWNl2euNeHA7s4fH4wkejzs9GCkkyKlQj3dxnpk682HktBUxzzt4Rji6HcZkaLp5+JkxAJU1R7w7NH5tu2f/vP/kdu9/If/8pd/9jeyPynvrp99/uJuOfXsHVHfR0mWUMjqWdDRnzA8IOnlnYw9setUjYqCvWfniMh7P59PTcIH7z989eLNpPQSg0j0Zc0Mm10ft+oIUzC6xOiZPENGOyN6dprHwkaEBqRmFgVTOJOaAQQR2HbT2iFZF2JZuiA6n1cqIkBVzUBOwOrK9V2MUXzhHEFROkDQKG3TO8cEFqUnRgMMQZqgUUGCdl1g5uSj7fr+ftMHSUKI5LpAFRMFU2g62zZyt47bbdd1fYzKR4WJgSARGqW1lQxQIjsAvw7yRTWjHHueqsEkDR0uMdB8po6nhvnDyG9sg2GmMub7QXqpGRxS/LIlABCiWpmeqATCGFSQ6U8MZmjAPIyv8zcOqsPwPr+Mh8ja0RpPUDjsBQY5qBlAyLIYVLNk4U0/lZoyApn1nqSgmDhb+b043Gl4SFA6gD5NDXlg5g5pLXgUsgvDEBlQD+CI0XZIY7KawiFee0hBRKDsUM7nD4ny5Dh9uqOgfOzbbewT4C148eC7SoKjFvlf/fnz3/lfvhd//Yuv/ruX/+bn+m1HRdP97RdvlPDRxfR20xKCSI4OOaCusiAj3cSaXlxErIg0XV58+PHi8ZO+ic2r1ywdxN76bnYyv3vzphcULL9+ceed67pwt7HLy3nhp7erXbNrEaEqqPTU9bEuqPLEDAbkCAoGAnFsCICMYJhVJnmtioTQtMFMi4KiGM1KImx6mc/L/b7jHqfzOgYRA0BumlBUha+cSCwrV05cVBGw0AVVU6AQbLeXrpOo0LQ9ExjEu3VgpvWmi5q/zzRzSjyVfaf7Hm/u+6bT9WqnEkWNEMUyRhnBiEhFUI04TVJIAXRUCNOw+hs8bDpIisfQoMSqHQ00dKiV0oo4d0bDO2vskEbfT6ahWD6gmopeMUgZacGU4SAlzdDepHYkwNG4B8BEkFa3gGIGAp7TfQ29pLs6936GIABNVFEsHCY5eEwNKucrLdHyUxtOYILAFp30UgCacXV6fkRvQqAjvAUcLLs4IGeGsNsjac1wayNhLrGH3QQRDT5ePHoZHkthcIB560CNAdMsEsLfyJfBo83HqIIb5maJ7D1SAJMGvEO37Jpf/3fP/8//9ZovL6bz+u++vTOwpw/mv3x+99X1xjOpHSa1GfWaBmvkzHuaTHG+sPkSl6dxMjn9ye/87n/8P3vw7vurN6v2+pY0Quhj17a7vUZpdm01qXfrbXo2QoibTRcFiqpq+tA0/b6VPlgQWO9k22nTQRfxdiubRtsAbW+iYMDskgkB06BhZB6EKEm9EcWc5zQfKku32/fOswGQc1FUBLz3MQbIszbqgrT7ro9iRtttv9qGpgldr/s2tH30nq9uml0jXRe7XpNmQBWigipExTdreLPV23V/t2nbpuv7gIdUrWEYdojqyT5ZOmA/8zYcfsOOA3n8iAfe33HLfRSvjrnaGsgmwx9/nGKZ0JupN8WRtpabl2QSHpac+Z/rEHo5jh+zwI1QLY/comZ1Zdpd0aDp1SSgQTDEINpGCAaDNwraqGrgmRxxSlBJBo7kenAIHs1rpNhbDG5UPsNvxrQcWrZxe0E4wOPTJUV4ZCyC4fVwdGsdcs4OQG9TSMPuo7eYHSsB4BDWAnQcoDSUo7m0P3JAj0seBYi5lQIEemX4v/87qaxeGf36F68Kx8vT2XJaPbvd/80XV55JRYbIRDLHyGxFAb4A58F5dpy3N2qqSuyWp2eua/e3q+bqDWhAU1UlQO0DgHW71gyLqgxNm9F3Eu9u10XpOcFMEJI+jon6oH1Q7oQQtiEykffMBJW3SWXLmgsHTOY4bZez7jAEETMRU7HForq5a87PJiLw/OXm5LSO1nnmrmuj2mLuu868x6Lk/b7bbQN73u3a7TY0bSDGZh+J2cBuVt3dqkvfghoQQYwW1NoIqni3tTfr2PV96PrYBTLDNKC3t4C0yc3AhGPoVRqM0KCMEqPDEsIsz+cQwQZI9NBCUkrWzbfasNoAtCzZz5zMrCpJTFqgMbkhaTyiGSMmeCEBRDNCo7T6HwYw0Sz5v4afKg9h02YyRc+nSyEiMB1u8ZxnaFB4ZoQuYtSQlsDJDBUz//qttLMkISBARnAIBVlFxqgu/TzE+LZ4Gsd8waETtEPO35FVCQ4hvxlyRcQ6QivytZk/SUIyFRgENSNnzdQQDImGLUMeZeMRZfjIanEsoRmtiWlwiZYNLGAAisQKkbhBB0Xx7a5p77bz+71j+vZ2V9QlMBsRFIU5b96j88iMwxJpGFrLEJChbjqZn5x6du227fcNEanAOB1Nb5xu3yoAEltaTCAgQN9F6MJob8dB7ggAIioJyC9ZYNH2er+zdV2en52gdiX3tSewmCkyYKamqG3bq2pVutdXm+Wi2rdx92K9WFTL5WS/6za7IDIxEFCZL6qmiW2nzX2/XncSrZrw/aqNSo6tj7rZ9lHMe0QwpuT5gHUHTYR9p3cbaZtO+t5USUdnMSoYIHAqfmjMwvsNrLoREAMUCILaG8aMSbAh9wRHlK6CDqZtO2akj8wjGx9Cy7+KcMx+NjVwCMl6k+erOrZGWReatMrpFiUDR6Rmg8JmlG2iy31jVmQm59JoCTbJ+4qUek+Og0gU40EmF1XzJDIlZB4MuQZZe2DDHWU6hoSOw6vx1x7yyd5ayL29mcuFAqYaiXJdcQTTH4VGuWHLzJiUETp8OkO/m/ejZqpgKYtioP0gplgZy6q+QXaKo7UHAA6QxTT+iqpMlJzOqgizua/rVdcHtfLpQomNcnAnDiIlHQBaWSk/Ul4JVKFaLBcnJ2DYrLcaAiU5cGIfZPNO0lAmuQ0BmIodfYL2G20M2ChkzxV3GnBPppPJ4qyLJh3edaGuaFoio1QeGTShGQyg72MCqYe7pix4t227sOt7LSu33TT7Jpwsq+22re57Ztq1sWli6GVxUm/2Yb2N7HjTpzUoOsp0lqgQBF9v7L6FoLDvIASLIUqMSTU9PtYpiYEG6g8ngWGSYqYbNef4aZpwMFGNFBBaPQzQ1XIOhB68N+k/kYEN4T2AKeV6SJVN/5tXcIN8DMxkLIDztiF3UUNPiqMYmQ6x0Bk0o2YO0wYCDKBg6mNmHCGljX+q1yCV6ynYENT2fUzFpwNlBDOMagpWJcyr6gESaJiW+ADWCTT5akN37J/PuUVpDZGbtPy8w1sBnWj/vbxsPPQIg0P/oGo5QmlneB4cOLKjVs7y/39EmxlONLwtrciKHDtAbrL1EMXyHDndzWLmxh9GTZCwqlLm45hbivm6O0reoKPEqRHngTA9PZ1Maglhe3+PGhHUNJoqgiUP9nDDp9m8Hl5ZBgOZjlKWeuK0gxmNKuNcUOPJ6dliebK7v93f38QQDGANMJ2VZek8w9mCicC53O/0QZi566JEJeY+yO19U5WMRJvbfdNJ6KQo2Tlo29h2MqmL+1W73bVEGFpLCzwmMIMYtBXohHa93Te6CxAkEXayPTxLD4dWlTM0D9/28xkTAmA0i2Z0CJJN5lf1ifZ9WEcfPEfjYNzMMPMYhuXh+NrO0vHcd8Jw4nAgLRwfy3RY0/aOBj5LKqQND4m3PGgKYLihuqCOkRk1G3bTBPWwABv3CAYY1aLYaKmLpsEAATznlwMhOEBgCiaqCmZiEAD6Yafnji+5cUAIx8/+Ib7X8K2W+lBPHkLGDv+bb5T0X9M4+Mwwn1R86jiJHVdJanlROlySeJxRM2jBj4yJ2XLFow1KM780N81qmSOSi0rLrsocpk2U1DwJKzYcHyNiBEzcirRgBseT+cKza+5W/XoNaCIKMaBKivtLguRUZqUXZ1K225Fo1g7qkfzGUhHNeiYg4tPTs+l0ev/6Rb/bmIqpqpqqru8COYfMqy0/eTgrnVZF5heBKiJEkSSfiNF2GhnJANfrhpBDVEQVtRh1Z52ISBKOIDGjqHYR+ghNgFUParDrrReUwX6KAMhskVQjDTO5hG+wYS2Og8XWstsVk9wsqqVOSrIEyEzVITmkOGCKYKhAAdODPghrsnx/7FvsMMPD3ISOlYoOXtikp0uhKDnvCw71VN7vUZ7QpCmLpVJzmFekyhbUSkImVDMicERBNRpIshTntXUeR+nAA0yjVLFIiJ6QEZAImRJcPqqmpEQY77WUOX08mDFQIjI7Hl8dRUf8xj8cdw5Ds6gDrP8A1bbhtXMkL8KRWopvR9sfgd+Ot5J2UA7YsdB8XEzY+C8mBU9aOOWs3KOLO8fX4PEULst5hoo/v1ztUM4M5wV9Wc1PThzh/u4+7HZgIGoYBUXSqdNBLWJDC2F2kBfZ4P631DGamoGKFGUxnZ46582MiZ1zq9vrZr0CiYdtLYKqhT4Y9PudhSDTSVkVcLL0nqBw4BkBjHPuosVgykYIIqgIFoHIYlREiMmoNahb+2id2LrFXY99EhebBsUBO4ZgScdHwA4G8YJnyhrdRLVJ/BUYc7uy19YTZfrL4AKlUREzGGnGeBLCwxIaM8FdRyfB+OgYjhYKG90DadwwQOTyjaQINAx08gZSATBPRwaQXx4laCbl5vlnsuT2Ucds6YROyS5WgGigoi7jxkBUKaulIZqZGRMygvfsCwbCIBj6MUXGCGFSubOpm3hUkaOecFRhHevS4Mi5frDHH8pFHBbxgEDZ05Qq+HFtjwfPHw6aNTU4CgMeNySDu+VgjhjyQYf2Wy3PkIZF4chFBRtDTg+qF8qqGs3XWnozDITJ0R1iOsaPJhUrpfc6EWXtqkk5nS2WSxNt7lax78AAVUCFTFM3mD4vGnvL8XOkwXNy+Ee5dXx4+fjB2YWG0HZN33eqGpqGkIvJPHaN9p0dGAtpo42Etl3v2qYjovWuPD2tvMNZSZ6ME94PkBmSc5wIRMSU1DQ9sqljMUBR6AS6aE2ATQfEoyAWRHOow4E+kmIWSE3iyIL2lCmm4yprFEoRZiBQQSRmQbPYUE0dsx4NJ0YgRYL2phpFh2E74FEMkR2tMY4mdLl1HLOFBoSfDTe2DrmzWQ4+NJCj6DfNLQfe7bDGMOgUEKxwlOZnAOgQk8d/sKWBQ0gvLH+0ElRV5xwx+YJ9wQb5r4bJjghYlXy+rC8Xvi4QRNywh8GjAeRggLe31hVjcm7KfBm+jLy6SBuLw9ASxzCZnFuYnnI70iqN+RaHP1YHABuSZuPBwRA1/mhHi/XMoTmKoMFD80lDOzc0EDjyNsyQxmORS9MDWOBgZTy8bCYnp1Vdx7bbr7cZXRd70jSpHlRU4zsMAWxI2rEDtGr4u4BIePLknU8//OTl11++ef2877sEYhm+DhozCIZCQMVGbC+GIES2WrURcDotdo1NSjSz2qMn8wzeIZjGaAAYVQjQMcKg3miiNQH3gn3EPioTKmBQI8KohkQWBQ51A+a0W3NgmpZEjpCHe2AAe2PeyOWJi4kBoTEgIQXNOc1mQJQ/+rE9hiyFGV736UYaF2BDVTyoT4fykQ4Qq+FwJiU9HFdVo9A3aQIS3GXgjwFgQrIMd9GIVBlWYmm8l3YPAAfu07i/C6pAyPlixSh60Pdk3hz0olmSBYAIhaMEVkYzpFzb4+HqGO214wd8WIYe2sKEDBlc78M0WZPqKq8NEzI1/ZY0IHEOthZ8ixR8HEIog+HFjiMKj/7iA/n3yAKTLGJjIXv89QwThTFLY2hCceyDZRh8jXAqtYGvm75O5xfn51VR7G/u280aVFQCSJSsKzAazdijOQQNxiZztDTnzZVMJtNPP/n07vnXr559GWLUsfEVSe+LA/4YIOUajE9qGvkkfmTbBHIOAdqATLhtrS6QwQCxLqhgJTRCEjVE7HoTw13EbQ8RSHSoTgFMTNSQ80CYCEVsMAhhOi2GgEQE5jkpCTLQeohmRiZymYCaLNHWiwYFh+gYo0GEcaidFSfDZus3PKWjXG/w8RzvqeCotjryw1EOYhgHRXg0zj94ZJO9MOrhkUmyz3wFDOExgzA52Tm0YIyAcaRzD49kNBNLGzIiBFUVyyoFMQhi0SCBiIaJEaKBikWxqFlG7vIkCscaUNOVRcci7IPLdxSgDfo9MeRRSJbnf4ZD7O5hhGpHiWjj4bNxEHTEoxkArYkdPDKn7MhylaM+7IB1Q8NhrjJeidkGmoufpEHFUWhz2PXgUf17hGBUU7Q0ntZiOp2fnjBCu9r0+0ZCDyaWkF12kNQOj0VKvhi63fEEjh+v2oMHlxXR9asXpsrOO4QY03ppvH2znj+H4B21AOMmKYpSgQliachB1DF2DXg0Qtt0OCmZySoHDu2uwU44KHYC0cylvEtIUulc7idLtKgmQgyYpCcUEZOekhE80lhtKoCppTFpQegIHFiBxoQlAzvqBdbBtpKUzQSmmkbTb0mUjw7f8QN3YGSOk2McOyaCUU6M47OW9AMJ+5AcFUk4SvkFnPRYA7p3kH0PvBWIEThvYoEQbJiNgiRDXh78JLBvau0UQEGzcw1Jk8STiIkl2l4FiMRyIu84wmh7ud90pNI4BDX3m+6HcaSZxumUBC7DFgJHv9OwNM3/Fx2JY5SQDwH3R6aW0a1PBmZKxDZkvwzRhZheCdmre/DjH8luhnb1UEIPUxw7iOpz85eoJ3Z4d9lhuDw63GD0Io3l6xD9nWturU9OF8slim5v7kO7R1CNfQZnmWZa5TipM4Xcc+JB5ZhHQZTIM4vZfHV91bSNq2oD6JtGohxxtYfxYFZ8HXIgxzGvmbFn9k7NzJQcqyKZAmCrMHGgCrteC8ddMDNqJW90oyoziuWgb0AThZRaq2pEJCLJ1ycpFcUyARfNfCY3GRN6woLAD3M5RKgZa4KC0GMKfkBjmDFc97qOCggVcafajwbnQb1p2ZCdpTg0zmIORmi0HCAChyX2EBU2Qi6GfIWsPh+7Kjjqg3KpRAiaWcAwUMyHV3YWuKUXQbKddIJwlC/ABAmeqmIDAT2HFhqCI0yLsa6PaRpDlKQWmfAdze623b7pEpbK0fA3h0GCeWxkMj1CaZuNkWbD1BCPYgezPoAQTSWJDSyr2wfXfdbgZuakDf7mt6RzR/o5BcUjVvdxJT7w2vIeYvx9LM9+KL9WTZH4iJSDQ42T5mmD5O2QGAXjVZ9fj2ZAPDs5Lauqb7r9/b3GgKagESSapisKB96J4hG7McmsBmgfHG3GUCVsm72vJlQW65trkQgpjmWwMSdLumY9em4WB29nogkyezawGKNzBAOOAQGiQKQsioiqCNhFFAViCFGzbTv9Yhv1g8DMQZQZmDD2MQmXlMkk/bHiEQrmEqAgnDDOPS4cThknnhCwGxjyCf3qEBCNkZpkk0DcRAXEyjsVExue8qHU1EFxgRmRCAlmMRSXOiYhwJF0+HiCjXmmM3xpw4iChmno6AUdJD0ZM2OjLyftINO/PjKVgKKaoAKgJxjv3ShmhmlIk0ZvGa9myAiMFmSwTgCiGSOltAxRRTNECACCllrtIdcbD+yaQ8v2Vs1wvLA/1lLDsTx7dCsdNdrDcQPQBBewo7L2MKoZdoY0ru8HePd4WR3k5IMf/7A1tGGZTCMMPKE6Dvry4XjQ8EjnNlDTSaYxnTtb/dAAgH05Pz8v2K9Xd816DWam2QNLAAmxfEzVObwwD8ttHJocS1Vf0+yWrlient/cvDYTYoaDB09Tu4IJU0SQokh12J3piAsDU00YeRzDHhNTKA5vLRRDhF7yOE0NHGG68Y4G42SAxEQGMUoyBsYgWfmDaCoOrEaoCD2AA/OAFeKMcVFw7cghOAQz6NTWvSlAReCZtn1UJGYs1NjyCrf2rJr51iKaWlzCIeQZ0nRaB2cc5qsYEYDM9FhNfAyVGQy6eVSf9dn580/uV0tEPs2ktfzaSuUb09ChpDEYAB1m8AZZzg15XJ2ooWa9WLrKHELUjKLhLCIHh5Q83ghGppmGNeApEMAhECbFjFk2T9CgzR4qdh1buWHINDzTBoR2XM8P3dYAI8ScJEF4LILBRM4+GgWNa/gjzOHRvamGR1lOh4C0cXSZX2o6AOAO5eVvcBBsJBZAHtKMsBocBnrjqRz1wybmp9P5cokG27tV3zUZlZYXf0ZHAeOjHGuYtOUv2Ibzbrnd1d129/jd832zD21DSJrUvao2JqPSsOXPm+m8g8prlVQMYR6ye8eqZqYJbqt5QQvEKJrh+YXDGJLeyqJAkmKRDcgCNQRlJrM0jjcksJjSicSrlmaO8urVEXqCFARhag7AgZEBGnhGKqAVc4SdaATci91FCEjgUIjL0hNB34Sm6RFgPi2LihFJFNq279v+kHg3CkDwoNDCo/+XN09HgLKD4P+gvjySsQKIDcpysGhjcMq4qwQxYwAkjDJox3LvpYlDm618qqNiZkgHwagqQ6qxJK9wAqhnLaTmDfiBJpXFG86GWX5eKuQzSgM3O7ekI300pywNSaBvzy0Ho+MRRHgIXjowfMZxFRK+lQWDOZo1tbF2xIfKuTY4vCBSo23j3CMZGQ8BbqMdchxy4SigS19YRjOPV7gd7vIRZIeAhCpSLRaTyVRC3N2vLAQwQxEa9ne/OVo45JOlWT6Tq8gXSGTe83zG3se25aI0cn3bhije+9Jx7HsZFCdDzQw6qG+SPoPANJtHTLKWGp1jA9QoxCiaIqNx4L6aGCZtbCq9ElE3KjAAE0UDj6Rp46KQfWeEqdslJgsBVAuwihENSoITh4uCzgou8jbc9l2cekTCoGaKjFAgtqL3QTcCrdF91G3sqSoePlw+eXTi2IjZe4eE213z5npze9fsttvQKx6Z3DQ3wzgalCCnf1KONoKDLJKGcdswQ0zgwzR3G0iiCnEAVYztBw3YYh1nhDjahGB0ljCCjS5ByjkshKSqnC4rRlGwwQClAJ6AATHmq5iGZoEy8PiAuXY2fGFHJi489gulWjIhqGg4/YMsdGivE+QYbEDQwVtK0ySbgaHfwbdIhZBpj4aIOkjIcFBFwdGrLmn1MYP+YEwp0HGxMO6R8mYXVTX9WylGHPPIlDKqeLzzjxXB6c2XHA+qyLw4O5tO6m69bzZrkZiq15FMRYPsIOVyDVMTAARih1Xl6prKyp+cTp485qoM+7bb71V0s9uZii98XVaxa9N0R4fXfcawwygnMhgalUSjJSJmZkcGIDEmNp0qqIDzeBCrIpgCu/R3TxrIhEUCIuz7JAfHJI8jJTMTNRGNfVQREq3QagIPNnF0WvB7Ezrx6BHS8lpU26j3rTJh7Tn9sJ3qba83ATaA6yChcO9/9+mPfvDek4fLSV2Kmois1ttvv31zd7O5en2/3nRBFAETnQ0p8chQxET14LYZtup5lwyj+IksO5VSf65pFzkA12wUHWvCFA1joKyqPGh1DBIBKpmbBpkEH9QAI7UNkDMjIxUXA98ePMLUk0NUwFRUo5kD8ACOQASCmSE4hJKwZnNpT3gUpHT0BOu4XSF4yz05HJAjuAwOXsmD4/1Ilny4i7IYNeV6c9LsqZjk4i51CWpqqInkkV/qyRycWBKIMKQgWN7Q6HAjZaDueCcPznAbuArDUGnsLo8UBXlEBgcdj6loMZmdPXhQOH+33jTrlamYiKlmA04SBwEKJB65HmBzafDT7Puum7zz7skH7/rpdH93v3lz3dzfaxBhnDs/n876tomS2x5TTd+lDGbpwWJio86WssUc1BSCKanzTIQiKpIYpJp0Q6qak0CJdIwlB0SwKJKyvro+es9mIGJRAyKKgqqCGqtO0WqCgqAieljyw8rNnE0cFZS8AliSc6zRZBtV0RChU20U7gRfG+6A5o/OfvrTj37re++dzuoYrY9iYkjy8HLy+NHlP/p92K63t3eb+/V2v+/X23a769abruvDZtvsd0N1ekCD4jB9SR28MpFkQShloDENd90498nmfBzx24BHzgXNu7OsRz2sjO0419mOXK6W8TWYuDLppZbuycJx5QgBk7UiWYJLsimBGgSyVgwJGaEkqBgqhhwgkZ6b8bQdpJVZ6nYUyXmI4B2ghuMcZMwBwSPjdPZ4Ug5no1RFsGksTWtPZQHT2jnniX2IGmMMfWzauN912732QUQtaFQD5oBERMCMiMicHy8kotGrl535lMNGDwlSdNDI4RG21AwozXh01KMchlFq9Xw+XS5NdXt7F9tmtFkNHGgcc9ty3nIqOYhMVVX9cnn5279z8snH++3mzZdfrV+/ibu9xaAhXKuUBTukViR1tsmvnR6V1LLTuDKF5HzLLYqoKSgagmNPbAZpy0jprZBy29WIUUXZcfpX0ncRVYkoqg2zLuj7yMyEmGZ3KTvCqZSYskoQzaq0eEAgpCDmEBgxigWzgqjysI5210npeBuhQ3wpcI9ucr746McfvfvhO24y3xsXlZ849oSowUS8w4JxuZycnEy//OrVq9ffvnp9v9qGppPQS5Q4JFmAHs6iDaoSwIF/QcMEblzvj6kNnJ34qJajRenIhqDDM4yDYA3eiqg+HltgIlYfDSOTVlvR0BOmeS8iesa0tc99gyIgFIwFqhqUjCwgBsSIDExQOHRHQ/8ha2PkMI0/YFoz2Ntu2lGwaYfoMksrXOIRSWh5/TFwB/LFKB9x/2RKUW15Nn30aFHVE3Aler9czM+WU+t2GjrTCCZRbNPpvsc2aoi6a+Oqidtdv961212zWu9Wu27fhiGDEpiQiIgQCVmNHI1vxLetjjYKawbZb4o5tAM3CmB+fj6dTPr9fn97ZyEAmImkYBGE9BpM70RkwihGRKqqMfq6mr//3uOf/o5fnFx9883di1fdbichxhAs9CaiIg3qzFSTESqxxhA9AR6ucBhxnZikY0cS1PRtiApodjOQ4/Q3C0GYKRmS0SxEHRstNWAGMBBLREw0hBglt9yiFqVQrfMJhAKBEXrRTQ9gIAXXZKJQcXZ/dRkhh73BuhNBWqndKFbn00++/+H3vv/R6ckCEUVtGwR78Y7mlfeuMLAAYuR9WV0+Om/70LZh16xVgohyqigNdBCQoMGhDxl5S5Y1GKNaXgen/5DqeThY9jaZJl+xhGPZOZghM/abhtF7GrLrwOJnoiS5A0CHQAC9ahxCikQhAWxENE+48WgXj4AAETAYCGJvaVlvA83/WKEAh7SHAdY43PI6hIQO/MExMIYy/vattfJoiko6DEUoQR/Na9EwK4tisny2K14/2226XRNi+eCdk08+ePlXX8HmtnI481YVuJz6xbRYzquLZf3hZTldLGaL+XQ6mVSFmWw2u9evb69evHlzc3uzbt+s29ttWO37bRvbXtpeRHNrwUTOsXfETOkitSTIOlAWbbwH0QCLYnZ27h23d5uw2SAm7UP+NWqSyVbZJJEfBVdP5k8fn3zw/oPvfCeKPvvsV6vXb9rNtt/vJYpmt4Wp2aqPBaeNlonlLBGPlCSLduAd54IjDatTwqtA7kKjACIQExGm/KPQSRKVaTT2FKNi4mmppSBOzZpMMFPR9M2imqoYq9amBYAHLAknjOce5w4dYjDb9XrTaoEwdbgs2BN65l2UXnUnthPrDBqAl4I4n3z46fvf/8FH7Iqbuy1R/szrskCm3kCiWZQYRUUKcvPF/ONPXFVXs89fvL5ar1bN/WqXnB8Eh4T2pHyiYSCj4+s1HVRTGpIqxgH6KISiEfc+LNXSdl4zIHSIwNRj+BGMGjQ9kpvkpEA1JuAUuC2W1j9RbduLowynScPGHq0AiGDdaK4CbBVIoQd0eARV+432z7JDYnDEH80OD2rOoYfCQ9i1DZlPKHoktcMBWI80IUtYWUfhce1+/uzGh/hoMnVTKPgNX/+irpp923dRd/v4ptdfG/YKcYTqMpYFV6Wv62JSFbO6WFSuktbF/SnH81NwDydAEyIGcq1RBGqDbju92/W36+Z2027aft/0YkZgRMjsk6QBj/2NqkVdz06WZNCsNt1+h5pSyk1Nj0wziYpHCoLs3XJenp2q88XylIvy5a8+X796s7u5jRI0RddKNBGTSGo70xq5dk5CSD1k6TmddAIERBmDQXMCNrzFK7CEhCBkAqQoRmaJI0pMIQgRarqmkm9EM6Qn9NF7J1ERQSXtRRDNClVvVg0dy5nn85LOPNQENSMB9JXddnrbxV0kQ516ZtMIsIpwK9AYro3uAGVSPXrn8tGTR10wIKnKcj6t6rosC/aOHSGlu6XrIFjoKUQNAmVZfvzxU+ddH7/a7Jp6Ujb7XkQykm80XhBhXkGNdaKlgKTBLqeZDQuWw7yGZRWP+h4AA4jDczmgfrPCiQduRHJW6KjHys+1MYKjrCVI1LloYAYF49TTKCJOoyFD7IG2SEG0TWXqYOxoFRXRjZMUpIModBgrHY1vUdOcO6X6JBFR1iTg8Itx8LrnRN7sBTjyASaUqpaOEKQoCij45Q4+v+6cI4oaYn+ydO8/qELfOtlXJJdTrc84hXtE485ch24v1CjuI+5bu92Fpm9jiNK3sWtZBaX1oJ7RO5xPyum0PFlMz07mTx8/+t5i5h2X1ayLcrfaXm+a2113dXN/c7deb7a7/U4lOibni8J7ES1m8+lsqlE29ysJvSatQ7pBANSUkd5eb6K23eqbZ5e/9eNHH3346utv7169EQA3n+q+saY1MHQMAEiMIVjUTbSSkIhVxHtHcNjpR82N7SjEs1Exi4AGPn33lKbnmuJW0u89TGtJVIFITYnJzCwmYVoCYoGqIICJsqEHK4b6xhMuPC4LnDmsGQswBmAEx1BWOGV31WmrgAKE1oitFXaKK6Abcub96eXpo3cup/MJOWZ2BtgFJY4pRorZJbRCT9AqsHPTCaOFrm00hnefXEzq4vx0+sWXV6+uNptNMxIKMgkGycBElfN2H48UtTnTc1gFG4JRwtraAYMCxzSxQYWMRyN9tXzgySDtC5EwAWlSBqbnxClOqF/Q9MsIPWPFhGxi0EeRvJMgRerAeoMo8aBQGWDhbggAzIu7gWc6YB6RDnlxkHuVdIwROQGaAMkIjt43R0StgyEYIcPtCMwmDlOQsi/LbVBVZXJIoAblbNEZ3u/7dhtUwZE6h94RmWrYe8J5yWcF16VzNabgnU7wfh/XTWiidtHaWPQCQWBvuG+dtor3Lb4Q91njGAqIJ8vFxfnpsoQJNp8sl7/19ONyMrOivN13z9/cvnh99eLV1f3tvYrOT08mdd013fZ+pSEgmoqAiGoqHekg5UuyiBgA9PFPfvzb/+F/cPXy6vr1FdclaQybjcSITITeYgAzC8GiAECr1iI4RO9cwRxF0m2bvLAj8CP1OZytepBmFWbgEng/2WfHTE6DGIUIJKoZECRtgSGRSoqphBgiApIZmxZJCTfsdNmMCGtHCVgsgIYQBxOmI1yUaESbCEC4jbqOujfcI90amy/KeX368PziwVldVZOqqMrSF74uy8I7JGg76Xv1jCqqBoHc7a692oRZSad1BWYxxrouCo/Tyj26mIvIdtNk6cJgWMsjfNMU1TBImfEoOgVxMM5n/pCOr7DcfCWf0bHfPHMPcNDvAsho3R/uUqTE/874B4fkGTsxSbHbiArmEBO+YPAnIxCpmljUg+kEhuEDOkA8RABkqbSNsYEHFeWQcDMCWd+OX0oOr7EIx4HeNgwiR5kaIgEUiFE0ihq7TdNnjryaGbiilK5D6T2CrwoEUQBXVm0X77vYicUdkEPnqSzcxNPU2dQhWaylmYCUpfkaPRMyRcWIgsTGGIndzG/3/Xod+936utu96Nt2u2IVtFiX7vLi5OHDh08X86cX1fzHf3C9a/78L39RLRe+qG6vr7rNxmJAVTDJ1aCNXrvhdarAVTX7+IOPfvaHzX7/6qtvutV6fXUVQo+OCVFj0BBMIiRIr2cwMNGd4ZKoYIZEpDdThUGkNuz0EFzCAg91acrWIrMSk8VmPLRZszo8BaSZUoRsKDHNHQxVHUCF4AGY8iSdhh23iG57K5F7QjYgtJKxE8CkPkBYEiDZdW8bsa3ADvDGWH1RzCfvfPTke999fzqpRKRpe1F1Me72bVVWdV0uZpPCU7Pf913vGAmMCRqVF7f71wiXc1+iZ29P3r38/ItX33zzSiz3uqmkSgKUQUmTY9IY87NHlNtzGkwT6VQkq3tUG3dnKdVnoLzBEQojD1dpTFs41qvkfaGpYUgZTARmkKD3lApjMaVEKJZMMc1gx3HrkdVfNEgz3RgAioMoyHAEKx2HVh9svHbI9zyI2oZlRm5GFX4D9JqRwQbAYCgiYKrKrti3zei7RUR0rm12Evq8LBDN9HkJDhQcMSI5JEZEao175ftAMWDY9xZ777n2PCsZxdCgYKsAaoeLCX33eydV7F5/fXW/7Ywx7NudQ/B1ElNw2O1efNk8D7Hryl9Ui+XyBxC+evmN/vh39vdr6RoGVVNUtcyTHMW5kJo3Kn395NHZhx9O57Ov/v7z66++adcrcOSKQiVq11qMxGRcqCgaQIzp9moVJ8gVYswbwiN4DqTBtxU44nnyEO+Y+sMIChBVI2LSVkpentCRQBJUI5qCApo6xALADZpIT1gglIhEzGgERmC92J1E9eQLEgNRiwZbkWTh7wRXQe/FGsUbcI0rfF2dXZ49efrIFUVR+LLwzmHpfVVVk0nlCLsu3NzeE2FV+ai22mwZLa04CWyzl9t1f7ksK8TZ8vSf/bM/+Ku//NVf/s1XN7c755K+Mm8RcqqDmWWbLB5ZTvGwJ6SBfoEk2YiEMmT64miOHf+z2ZB/k/YBeTZKA4gx1XHMGAxaGUkOEMzMzDGSaR/NmBQPEdd0EKcceQLhsIJy+dQMmiU4IrjAEP9woMEMZ25MUxoEmYc4HTwOmE83Bh3ZFAw9JiY5IBKya7veMUEi6rCjourvVpAN62l4Q0kZRMwgAnjQKzOiZ4LsrBVyZGjMaKL7JgixMcc+RA04pb+4fk4SS0Jkf/m93+pXN5uvPnMCaLE6OZ1fXHZ3d7i5ieSFini/6/ZNy9A3XbvZad9bFhsdhlFjZKoZELGfTiPiu9/5eLvavPj110LkT0/73dZCr10PCFwVNl5zoYcoWVXHbqcwQyAii4KDzTT3AgglER24OhnqgaOlMtmmwBwAqQbEmBMzDUzJcrwzD3xLIlJFGWSzBOgJJ4wTxqlDguRFMk5gaYFGDXqpGBExGPZiYhAMGrHbCA3gBn1bVK4qzx6ePrg8Z89dEGx6NXDCaljVUHpXFn45m8K5rTe71XafHoCb23tn8WQ+8R69we0mfP26PZu5mbdZ4RZnix/86P1vv7n59tvrpE3RRHOho1X2UQzTyNEmAsxWZnBMUTLyZ9zWp82hDZrhFPKgRxcKjavunOWXat00g7FeIBqUBIjYKwQFJCodlYxiFvIay4CIiYhxiITLJ54RiZIEFxGTs/7ILko4QFFGRlWKTB2X2HhQbGdazFtZ2kdUGRr+oRlkJDYYQoVGiAxETGLY9iH58VXM1x6ca3fbVBBHEQfARGyaFgkGRMxITMRgxsyAqCIaJYbgvRMzVTVQNAUxR8AEjgAZJnWhnUkUjQLMQaCJgIh9Z5NF5eqL3U0XmrvQ26PppCi4DyEat7umWa9VYuaumIEJZmvf4LUAQ6bdbv/9/8EfLi7OP/v5P1SnS/V+e3ubghPMjJxLozQ0S20hJrw3gKkGo1ZjaaPk7aB8cIc0K0M7jKoToU0h9WlZR0yIBYAfRnZJA8JglKESQ4QbUxhKD0KYOrwoqQTwhCVDTZC02mXJt61sowFirwYIt71Gw06tMWgUBWBNbudKLopyMjl/ePHuO5e+8N47z2wATS9tL+tte/Xm/mQ5e3i2LApXVSUz75vWRM/PT5vNpm+75bRcFDhjvN7CpgveuRnR2fniL//61+z40ePzN9f3GiUVctk8mI4aIpgM6TXIiEwjcQiPDGrJSpHqTEIbN/gpNAYPpkMDQ+DhEHgiykXKQfc/hjoNxnwDMEdYFiRq+17i0FVy8hYeUAlIiMxQOioY8iEcv+xsrBzQDEcuOyVkGjYe2RQwKNHyLYcpESm5bEbQko1anLEcBcSCyIMCQMGujxpj9IVPgAtf1WIW2g4SmNlSdhzm4MUkjCCHAM45E6FEfRoMCwNlCDUdmaEwNkh7exBJrSsTmDQ7RkBCTzCtysIkaEAG9q50hKIxBPCuWW/ifps43KZqJgj5ExjE+4BEfYiXP/7eRz/50Xa9McLQ99vra0aQtrU+kHeWlrgiEJWdAwcIoFEtRiQ0olbApxssSdgR0vdKY0TmIXMVDJLX3hCBKYVwoCSgNUJU84QJK8Zjmt3boASXJqsAJeHMYYVQMzoABqgISsYegBEf1m4adRs0GKpBUNiKtmaG1AKskWNR+bLkqjy9OJnMakI+Xc5DFFUrvJs6l16SEvX51f3zV7eTulrMJ4vZNPamQGVV13XZbTdN300LPJ0WsxKvt30jaujeeXrxB7/33f/qv/pX7Lxz3EeF4wBNMyZMu8F0uhiB0JjIDA7bv6F0xWGSmYxJhBhFkquQEY6Qp0fsCCBVUxz0m3l0TI1IdjbZQHlkJIQglsNkRA2BCZkpLQ/TJZJEHUzomBwlW0JSzFiOSExCgfHxggPceBSRpkjTg3V1sAENiJqUTXdILMxp8jr4Xs2sQiBQT1gybto2hFCWRRLsuLIMfbAYEEEUipIotdRR1DDhGAmTYDYvhTSqRdEYCCxZUTApO49jnpiJiCixLpGLAkG178ZEZV+UCMhoEQAdEQEKRDV0rl2vwm6jsR8DIXRcfuaSmmKMs8cPv//HP+u78M1nv37+xVfb2zsCiM1e2h7KIlsp09EtvKqAqIUIIlQ4MDAJDVA15NQm1Rsh8bAszur0gZplw9KWET1h4vnQQBYjxFThpM1+duylfhIJERyCQGb+piw4j5gUxo4wGJChY4pqFePUoRrc97qJugrQqkWineGGvbqCnafCz05mH3z46Ox0udm1SDib1s45BIgxTmpfeBaz87M5M+/3/XbfbnddFDHRSelmFVV1qQ52+2YrUjGcz6pNEzab1mPx/e+9e3Oz/bN/8XeUreyjihNTHmcyRqY3VDpaooZHHh6TgwAaYRyxgiZr4ggUz1YDHHPPBsMNptrDEw4570YI6f1ImbZmJZIjDKIEYICSyJZMjnGILxioJAhMxAlEixjSdPTtjBwcRT5v7y3yTz6iqOCIapRv2XzpHZJ3MZdMWTCdZMSVAwRgsLrgV+vWTLODRsQVRexab9EGllYyrQ7R58DMCeYBZsguz2JFQAQH+BdlcZbxKIJARCZVTQ5Fdg7MYteOkAtXViARJCR/bZJr9VGBXd+00nXZg2+WceQDgAiRRKSYTb/3xz8r6+nzr58/+4fPt3d3RBibxkRwWpmBxR7HaYsoimqMYMZVZQjS9YgY2LdgC1MliirpBuQB/nfIEgAgpGCGCB6RMSceURbcIYAVTGgJc5bJeTG9rQFKAodQMiJAp9gm74KaamKHAgJ00cSwctir9WolAwA0Ymk3KES3xqEooKiKqmDvy0n18SfvPnn6EMFOFtP79W67a713jmlSlZtdq6rM2DQdk5vU5dlyFmPYbPfbtru7X3mw00U5qVzhCqS4j7JvhA1Q4qur/cXZ7Hd/95N92//rf/2r0aJ1ZAmwUVeUwGCZTj88fZJV7CnJfFRi5AXDUMugGOjBbpB3Fsc+NT6okC0hSSlLyLPa1hGUjgmoj9qHBOsBx1QwDUBpTUbAFHWefAiKpABuFNHBAcGBg5ISD+zaw7TFjmAQ6bcbib94IHkPOm6iA9AFiTzizJs3LVirwjVt45jTFadgSg7aBkQd2tSjKHhizxgUPYGJEbFiZsUNUe8oOWkyKwNwWGo5IsUcAUnsctirGnunMca+T/xPYmTnSAJqBDPnmdDArI+C7ELfJ9E2HiIpcbz21dSV/smPPgXE1e36zcvXzWrNCNp1AIZ1qaomgmYQo6mZyACbAfTemC1GQgRiBNyDL1ULiDZCj+w4y5gQNFdTSJAW6IMvOc3W0sErCArEgrEmMIBg0AqoQUk4Yag4s2EahesWVJWQCCHFnKhYL0kJCUFNzbA3MduIbRUi0pqKjj07x4VzVfno3ccffPAYELznxaSWEB4/PNnu+z6EzXb/4sU1EM0Xk2ldMGHom+ublWOa1uWsLqqz6em82G7am/vmBrQufF1g6YmZelMB22zbLsjjB4vvf/pku9n/8pcvsgdtMPzZ0D0n1luakFKO17VjLMQ4a5FcMthoJB/cwiN2zAZr6pjmkGgdeQ/Xi0bDghABg1nUobiNcmCHQzqBmUQ+ahAHwyYiszELkCba2m9QLOCQq4ojqgkQRs5SgsMdxjW5LRyoLpCzQdLgLqp1fWCmqmBAAJFlWbioFZsv3L4PhWcECKLEHr233b2aeYLS8brVZCFM+B0mkgQwBycKTrlCorjnuO/AUlrVgNzJP5QSqUTODlkDU0Rwvuj2Tex7TiKS1DqEoBJFtWZyCKoaxJB8bFrMDeEIp4WkzDQAX5Yn772zu7mlelo+4NXrN4QgfVARLAsFMxGL0aJYH2AYFGephfeQAXBkqOyc9Lomf6rqCHTAImACYx5IyGlvbA6ztyVVoTiw/kvChaeFg4qgZhIzMdgr7qN5tLnHGSOBFoy1YhBrI6BZUCKACMpECrCPxqZm0Ko1UaPaXiEi3qPvyRdVhczkXDWdPHr84PR0Pp1Wm82OAKZ11fd9WTjvHTM5R5vN7vb6/mUXKu+X87qqq6hy3+922/18Wk4n/vxsen462zfd7d32/s3egZyeVMzoi6KeTa6u7iVKQXZxOuk+OH/27V0MMrgclMeIShj5jBDtsG0/YrFAHJ5fzVDtzFLTwdaaHuAhlgQY82CZ0oecAgbRksWcEKKqGMrQrncxf1/px3COvCNCSHlbaS1JmMTfKACGbEii6o7wDxkNPpg4bGRGpDH8AQtjhxVkVuYDgssRoQbQxAhg09JXBReMP3z/0e9/+ODhrPKMv/zq6qtfv0SkiohAPjqh3/vkgsj9my+uXwZGttvbO99HITAD76hwBAhiGAwbQUArUJbUndXycAIz6C+/896HP/jD/+t/8f/5xevgnKOBAJxixPPrEJGIJPbp/eKrMjkPCVFMgQjVNPYpJrauvKXGEggApW00BkrUejM15cHGAohuWm+urhTp4Y9/9Pr5i3a9shgUjCa1iGjXWYiaxTGYhPeqiszEbCJp0qciVBRp+xGYtuYmGpgyrHzAYybc04GJNWD2EI7oYx7grOAZw8LhwidxGCJCFSGx0irCKWOBREQVQfD4OpoCRrUkI973IkidYdcbILRi0UAM1oYroN55Lr0xAuPyfHny4LTr2roqCsfnJ7Ob29V6vStLX3jfhxijFIV//Oi87+Nmu7+/3X377Zui8NPFpCh8VXIU3TfdpPbeUVG4Rw+Xm7r49tn13dc3Dy9mhfeTqlqcLK6u70/npRETwMnp5ObNBkbdzLgqyqYTU8WMMzQd9V6DpM0GDvMBqKAHPz4cgJWIw8odGc0RBTUZyn5J7200AuyzAAATYy49FYlY5Jg8IYPFHH8yonzTBUYyMFDcb0BzBsVBdhHk71wVKDMFBmbr4H89oAeACKOqgv2jD5b/+DsXHz+Yn018xbaclAhk7KrSPXTLC9i/vt5W5AqvP/tg8dHDip3/4OTy5abfLuQrnfd91Qb89tlVH4UI+7adYLw4saWTExem2M8rKNimJdzvdQ3l8skHf/DhMsT7L67D+aIijTszTsYxIogx9+7DpJR9Edp2CJRVLio0Tc4pIqg8a98gqCKJWmzbNLJS1dRdJPV2isrc3d6byru/99MY9f7Vq2pex1jEKDEE63vrewlxZFSpCIiid8isXU/eg2NTBWIsnHUhzZB2ZhFgpsHl5ZYeOFpDReLTVACOr0SMqDNHCwdThpkjMqscEmAwCyBTNMdYE6BZMTCylp52gfdRxKATLZmAaB0sAASzXk0NIsAWeGUUGLnwVPjJfPL4nYfT+fTx43NRvHp988F7j5ndbDLZbrdXV7ch6slyVlXFer0T0dmknE6ryaTan8+262az2W23Tdv2pyez5cl0Uvv5pCi8I7DZtPzk48tvn10/e3l/Mq/3pTs5nU66eLffc1mtd32MNpmU+303egVHRjjkiNi0SFIAIDMGlFG+rWMOYab02ZjjmUCGwxDVzHjwtSU0V9oQI2JOfUtEfRv7TyC0RC4MloalXDEUBKqaqGCpDkrrQTuY4UEBHRxZP/JhpHE4CmMBOliEs3du9OqOqj1CiCKLSfG/+eOP/v3vPkhgxrIsmbBr22a1avb7Zjp59fz6w4dVZW1dljf3OybsxRzCZDp5ry572C+W/d0uvNkDlFuP9nCCj6Y0q7EuSQz2fbFqi41R6GJt0EXREH/985+HLvzRJ6dX969Joql6BDYjNLToHBXeVVXRNdGEkpAvdn12Nor4qnKEGnuJofTkHfSdOjNDUjEJfbb8JzVF8owpqAkgWpTF00dnH354fX17/s7jPsb1m9sYG1BViYDA3pupiVoikCCCmTQtIFBdg6mJ8KRO7R46RgSL0JJTsyWaBzEa8uuH4ip19ukn8YQezFGe4804+bURk/3cEEBVjBEmDgWgVysYo6pnNMOace4tqjLm4Wow6NVaU0TszVrDjvyWvHlkJmA+uzz/+DvvPXp8fn46jyEWvtjsulevbxaLqXdMzIvFdLXeffPNq6ooTk5mbdd++/Wr+WwyW07LSXn6YPHgcukIXzy7+uKzF8+fXS2W07Oz2Xxa1FWxb/vFrDw9myPh6n6778Oui7NpGQScd48fX/y7v/2yKj0SqqghEBHoW1Fho/wdEaMZWR6c2oH8DiOm+rgHGxq5UfZmoz0/dX2mQwyNHaQr6YQnYV3SrgVVMygZp44KhA6oT3pdREZ0REhJT0OMmXLpcEQOmsER9OGwKhmwVm9hqschCI1yAmPC/+0//uiffHJxtxdih9WUbTHzjmFXBF1fXW/Xm9XtdjE5sxiwLpum5arY7lrvpG3g7766+uyq+cHv/8E73//g/ekJbK+W4eX9q5dffvXmxSqkFVHohUHZOgTtO2h6/ehHT/b3d8+vd//e7z787sP1s7tQOBLGicfC017MF45qJ4StGRHlgJiuyZFYZkVdO4JogqClY0/QZYc7axTo++H4yRgphETeeyqK8nTxgz/+2ck77/J0/ub11f71FagwIxAUnoC5FxBJiNiMP9EugCl6Z4QQjZyjstC+S2dL+x7QiF1AuI840X4KMTk6E2MPLe2RjQA8QUFZT8OEXVRHiGBR0QhKhE7UEzJhicCGjRoiRrXAyEBEKKpnFSfAaae2DSoAnVkwALON4j06Q+fLkgunCOWkvrg8PztflEXR92E5rcuiAIUQQrNvYuGIqGn7ovAfffjo/m7z4sU1qLb7/sU31/WkPH90cnK2mM7q2bT89HvvPbpc/sM/PHv96r5r2+2sOjmZzWbVZteeLmrnmX3RNW3bNft96xhWm246mzy6PH327No5ygGVMLDEBnLXeNFlxB1iGrMxHC6xAT+bf4HZyIyG5NPOIHRDICDIU1BPKGq9qgE4AjNUSyhuKJhSXE+vFg0c06x0M88G1gTtJW8mHaMjAiRLdyKlrZu5ATuZIIYDQmPMHT+wPYbyO5E8B/7SSKhpo/zJJxc/eVg/u1pX80WkGstz4KkzmzkgXhPzy69f7AI127Zt+nqibdM5gzXAfIY3q20DePmD3/mn/4t/rsB//fdfljUVtr98n0/OT7/++vXnX19v9yl2jwBdNGza/uTxeycXF/tfPzODVWt/9KPH/7f/5qtVY2rYklu1UhSOgGZsdaXQQStqrnCE0Ld5jcZERWkSNfbzmksHaMqprUBnoQfpM/JpCOJFA1cV9cX5g+9+9L0/+J3Jcvnsmxe3V9fbm1vr2oJhAsZiZNr38Q6dDMV6IgWPnuHUmnBV5UAP50w15V6khUpgt0YEgRkEBJTMJci6x4RH95R2vgPEFlEMGlVnUHgOKZN9iApMvnkxa6IuSygQo5knOCvpupNOYSsWzHqDxnAPtCcH3mfCu/fnD07PL88uLk5ClJub1elyplHms0lZkqoAWOF520dR3az3L7bNkycXn366aJu+aUM9KZ59fXX/96tqUs5PFheXJ9uz2XJZ/fgnH55dXH/z5etm3xJCiKEo/Ha7m1a+79r1eu+YWlXvgABWbUuM00nRd/EwvR+aw9Hfm+bJbmQnHYWtp49x7KrG5zsvynNW2ghQyn0YDZJPAxU9RIKlRjFPbhIn0xAB6sLNq6L0FGOMYjEZypEc07grTOyHZMFxR2lBaJntdkBXEIEdmX0RDk3gsC5LjmbzCD95MLm+WRmRFFOczrcNu8jVjIh7LuvZbHZ739wFWky3230/XUrXBacAIiHIq9vN0+88eYHV+v5uvrzo7m+mch3bu7u4XcyKT7/7+PLxyS8+f/PlN+tOiJjAsBf+8Q9/Qu3dT5768/rpX3726g9/+/0PHlT+9Pz3fvCwYFvt7Nmru1c3uz4Id9uLAlYGO+SCCU2YQFU70dN5ueAopX7/uw8+/+YONDpURVI0izGzYkQsIy3Q19Xpu0/e/e0fffDD77Vd+Lu/+He3b25j30PfVNZOuMfYGnQNQoNemSH2MGSP2yHtEpgInYPC59gROLDJU54rIirghgpUnEJ0YBGG1mVYT6fHhg2D5KWCiTkmcLiNWgCamUf0DIggYp1aksTfd+oQ0owhmN0E20WLZq3BHmiH3AEDE3uPjqfz6emD08ls+ul33+9DP5/Um+3+iy+fP3500bShKKgs3cvXt4Xn2aS6fnO/Xe+Z6Ze/fLaYV++992A+L4vywcWDxa9/9ezl8+v1/eb61fXz5fTkZLJY1ufns+//+P1XL25vrtdqwHMsS3d/vwNRjeHqza7wXNdFXfn5YrLf7roQRZUAjYzGZIVRmow45POh2sDSRhMDzolGWcAwJtKMkFhCGHCzmDIPFbJCIoFGmYjIvJlHIMS9iqgWPkOWGJEQGLGuqqKsjUyitdKnoX1KLMxoQsIhz1QJgeuzCxvL6fFeIxxdSJhXuDgGbw+/RS5Q019m6umnZ167Bpnh5OFNnOylOKmKudcSA0pXYPj2xZvnNzsG6KJUdXV1dV8QpgLJleV3f+uTu756+OS9XRtvf/337u7bsFuHEJq2a5ree3pyuThdVlEsConYo8cXn/7wO/bmyx9+/2I6rbptp0iXi+IH332wnNjt67vzk8XpfFpK92jhJhNP5Fa7rveT5XLZ3t82+xbJ/uSn7/znf/p92N4X0HznveWb2yZEA5Uo8fUOlbx1jUo0U3auOlks33/3/X/0e9/74z96+P67r19df/b3n2/WW+0DhWZq+yVG13cY+j7aPRS9q1RFo5gBiEKiIQOoKBL46YS9Z+c0RjAlcpDQRkwWJTP7zIiwJ0a0KguscuzRCNJSM0eogJ2CmpWODaETC2qKaAYhy8GxN9tFC4aN2FZ0I7CKetXF+2jrqMFsZ3hPbks+sifvyTtgmiznT957/Hu//4N3372sSneymHVdd3G+jEG//PKFL3wfBMBi1Pv7TeHdbFrd3m6uXt4s5pP9vnv27Zvttun7LkY5OZtP51XXhmbX7LfNZr1f3W+ur1ZtE04vTmaTer/Zd/vOVBcn0+mkWM5q76jZtyGKc3yynHz4/uXZ6TzxHSm/rQ6s+Ix+Snt5OIrqHoj6DBm0TkeV3sCBzpfnEZU656NCkoqgAWInxph6RmjFelFPVDtOIdhiUJbVdD53RSXA2y7eNb0oMGPB6NLdR8SOEXPAi1nG4KcTR5hN8niMMs5E6DGjAhFMiXkEqaVUTTN7/eauWJY0X65WIdZyfkITl6Tb6IoCy2I5823bv3wTZvPpbtvFXrSGiEhm08VkebK81KLtdXvztd097+KWyFSla1siYNSicNO6+uH70xBhv29OnzzudusPH09cAWVN3//ew6+ebx9envzV33zZKThftdipwr6H6Wz+w08/fPH81Xa3nxYozUr69qNH0//g99///R+/D44ktPPa9V1fetru29JD6FBEFTokVLAoSgje8elHH7z/ox8U3r1+dvXsy+ftvo1tU0I3d8FLhBB6UUHeFbWgh6YxUfLeLKoGOGqqzQCJyLscoVMU2kczwMJpzFIsEyXHCECgir4N5kWcKg0wfIV8wDrJgvIOYC+aRtwlUwgaGRGgIDMDRvCE9731Cp0ln72JmpoqYktuixzRETMyAxGXnsvyw0/ee/z0YVH4d58+jDEigmcMMX704aMQ47ffXl1cnDT7tiqLzaYpvZtMyqdPz5t98+ybV/N5HaJ8+fmqrnxZexWrJsXp+Zwd7XctEwESOW7b/qvPngMgA5gKMhZNd3EyOT2bPnm0aNsHq/td1ysiGtJ3Pn760fuXX3/98vmz6+2u3e+a0EcdqLE4EJgIh8yi7LGgIWcbdFCAjXK+sbjFsSEcpbYGiAn4i71oVANKd3BOSSwdMaEZqRqxq+ra+SICidk2mhgwo3fI7q0CMiVip3GRw4Mcg/77/sAx+hoHzNyh+MbjBHnoBF7d7RcOayWLykQzZ9t92zZS1k1VSbk4/fR77//rnz9/ebMz5geX+MF3n1zfbELbfvfDk+f3+7tV89HTi7/++V/0r7+BzW1gMOlR+8WsOl0Wp6ezyWziCw9F2bZxe3c7efz4m29ue+i/+Pzu9PKcCprPPYA8eXT2i69vZL95c7MW9heXD3o3+fLZDRl+/P7DDz7+8Pru/u+7+p/89tOP3z1fbfZAFGMsHXZd8ExmWle83mhRl8gllu70nctqNism9fzy0fLJk8399u7NzeZ+s7m7M+mnRVywYNtaF9gssts4H10J+wZM3aQKQbTpgMliZpYmUAoVJTsX2haJ0qsVnctkOucsRGRCpJK0JmATMxaHEqRQ5ZH4DxDNGgHPGNU8p82VOsIYhBA7NTNjhLTJiAaNQrC8uUaAaLY3bNhrUQESqAChrytX+Pnp8oOP3lmeLd5792HoQtO0i1ndtF1ZuKRD/PjDx20bXr588+jB2ardFN6/fnWzmNdqtlzO2ra/eX2fdle7pt/tWudot2uJyRduOp+EPlZ1NZ1W83n1+MFMY3z9ehsNXeGAqA1hs9XFtFpMynnlkzJLFEzNe3dxsby5ubu92ccQRICyrQdGusCo/ARMpFYzJMVDUErOqbfBjQamOZAUxzS2XEOOMT4AouoIc62LSEie0lQGiKmqirJwCqZmTRfaEImQCL1DHg56gq+lPCwFNAOuTs4h/cIjgcHAOxq6GMigtEFZjkeuiDxaFaQ69qfOZotFMV0Ae5C+396d4XrhWmcBAR49vXTQf/b11e/85H2z8PUXz55/e71wNnVwu2574rPLs1/91d+1b64uFn5R6NPL6cc/+GQ6n5x/8EkApmpWnD1Z74QnJ8vH792v2ps3d+w8mK7utn2wEMLJk3e8ybcvbgO58/PFdOKfffvibrWpSndxcdqH+PL5t//kT//48Qz+6s//5tXrFXsihJev7jwGVWsCrDfNtHb3m4ZPLh88fVzU5eL05PGH7z/58KNyOr15/ebFV9+urm+39/eIMi11oo12PSkg01psV0xgMomhlxDcpDTifteBqKlYjCqaBK1c15PzMwDUriMmpBRQxqnwQGITJSLHOPc28+ZGYnnS4o3kcs3KATUQSECkrK8TMDNMMJlgJoaNWkgZDAAGFgB3BivgHXv1FRCRc+Q9ME+Wi09//N0Hj84++ODRg7M5ExBT0/SF47Lwu30jIkmgO1tMr9/chdDHqGbWdX3Xtq+e32b/WgxJ8escA6IpTGfldD5JdBjnOPRaFsVyXpPqrOYHy4JB59Pi8nz53qOz88ViUlWALgh2AYOykgd27PxiOX/33cuzs7l3xJwTwUYkPuZqL2/U8DARzVN+tSN59JFOTJGyYx8yEZMoRwoQYEr8LAgJMCp0CkQ8rUrnvXOuLtykct45Neij7to+hJ4IPeeguITVI0LvqfRUeGJGAODy9CwrXXDkOuVt4YBwwIOB/BBPfhTTQllzJwbT0E6qcjJfiEW/evGQVgsOBYNjdEwS48cfvxPa3X/73/78xbfX622PAH0bP3++vd/3Trv5cmrN7nKGk4JB+g9/60fu7MmbdbPteXn5tDp9LOj7/e50Yu9+8t7nn73YrltwZVUWFDpP2EedTarPf/H14yfnfbPVGCfL+R/9h//xk6cXXlYnDy/nJ8uf/nt/8nf/8s+++q//39fPbr78/PnL52+uNu319WpeUlAQwPtVM6vc9X1z9t4n773z+GQ2mZSOLO5Xd1fPvrm7uu6apms7Y6i8ctg5ETCKCndt7Kva1XXoOhPxdRGihV0HfdLNRBv43ABQnZ4UizmIWYzADOkQEoEqAKUo3sJzybYo1GEOnGJCTuo1Zip9ULVhb5G+pFRKjXaKbKrPaXugYGl8GhADc0u8Re7IUVGyd1x4InJVef7kcjKfvvPuww/eu3QOp7UvnDPQrutjFDMV0aYLBtC2IUTxhb+/2xDharVjR3fX90T0zZcvvGdQa/eN81xUfnkyd97FqBcPFg8ulvWkKLyra980cd/EybQmollBD2Y8J13frUPfX5wsT08WZ8v52XI2nUwAqQm263UftI9GBNNJMV9MqrpgR4YYgySfzZjCjAAipmK+8mXpVRK8B2lkVec5DgyQ/LTb0DSNTMLGgRWKTVQD8GmZRMy+mE+n8/msKIqqdBOPtQcEE4V9H7s+AAIhpanM6EAmR96zc+QdMyMg8uT0bHTGpXBOGq3EME5+s2I449No+Od4YKsSQoPkQpihzOazqe4Xce1j60GYQGNMOm1kfv+9x5/96qu4by4mvu3Fe17MCjeZzOb17fPXDy7PVjfrXRPK+cndPr65Xl28/50f/PgnUfT66nW3vXPaU2wc49ff3Ly53U3ni2i82TSr+x2Dvfzq+d4m00cPu6uXV9+8qKfTk7PTkmLc3lw8fGTN6vabn99/+1Xz6k1ZuLsdoMbTJ09e3653q21RFq4sVpt2WvHru3b24LJEY40ood/v1ver7b7bd9K0fVT1BRWx8SLRcN/rugs8nfiyaHeNmfiq6rsoXdA+xLbXKCpZ8Qhm5Fx9cUbMAKYhoHcpBADMQAWZTbT0WDmYep05ze3NkBSLAOzIOQpm4NiyaDRLHI+sZ0eRqolTChCYAnNwjIVjx9HAiKko2LH3vpzUi4vT7376wXvvXfZt9/DBSV2VyfxWVyURNm3fBemDhD6GICFK03ZEGEVCiPt9a2a79VZF+i6sbtdMpCLNbmdmRVlcvnOW7BoPHi4mk3I2q5zj84uZY7663qphUZSVp8Wkenw+0657/frNzf2miwpgVcHTAuuCkvayj9pHdd5Pp5OTk3k18SF0zb4JbRCJoKaiMUZCqGfl6eW8qIpm15kovJXMnQmzqfuTw6WYH+lk2k47OTGIBoBYOPZlWdb1fD6dTaqqcIXjgm3ikjDOgmoTNIx+91F4ljVnlL6+BI5XQ65Pz0bHA44gqCEKh/KxGyy8h6h5GjtZzNYMNMTGaB67Zc0LVo5twWwSY5TMsmAipnpaf/ejx//6Lz+LIXZB9xHIOWD68c/+4OVXL3e7/fTBAwVcPn08efDwkx/+5Ac/+Z39vrm7uWbvSp/mSlCUk/ly/uLFtStmTS8NTlYw63Fyt9UtVpeffGf35S/ePLtaX7369V/8+Zd//Tf76+uv/+ov759/+eDxKcXm5vnNPtj1XnedNLvmwaMz7fu7+/3J+XyzbacVv7ptTh49ajbb1Wq93TZ3m+Z60632Ydv2hlZNuHRGoe/7eH23b9WK2cQ5bnZ7QyvrKrRB+lgw9ftGAWIfhiQ1MzO/mKN37DyomUSqSukDmIGkPFgghEWNFcvMK2eqJogYIhIDO8JUWYgREzEBkzHr8La1fGZBEQWpR4zEvePonXqHBdeVI0bnEIgCMHnPhT85X7774dMPP3pnuag/ePdyUpd3t5vT5aLrQ+G9qM6nNSB0QZs29kG6tg8Suz72fWDPTdu1Tb/Z7E1kfb9J4q+u603VzGIf+75XhQePlm/erAHg4nwuUepJSUyXDxYni/rmbtsHmFZFgVHNFsvZYlIVKDfXd1f3u+t1s9n3bYi7LoqpZzbAJmg0LMpyvpw9eHh2eXl6/nBxfj47e7B4cHly+fjk0fsX85N6u2nu32xNLZV/46ptdKjYIYA6STKT4YhgcAIQoiEpclUWk0lV19WkLqeVK71zDIxCGgjE1AJAE60XGMMCs6gVUhJB9t8QEwCJoihyfXqOI5sql89HufJ0EMkOkm3Do0y/vL4fDKYdchftgTWL0lkUTxhFiFlUzVIAkCHx2YOLp5enn3/7enm+3AcVVVdVy5lfXd++fP5mfnH+6e//tJrPLx69W8+XN2/eNNvd/PSkcBT2a5bQ90GMqrLwDp89v9l2sevlR3/8pzfbuIlw+mB59xf/v6svviBmRPTOM7tdE9kVF48fTM7P1zer59/cimFU8IVX5OX5nDR+82Jdlo5K78FuNuE7P/lhUXLbhzaENoSgUdB8yfXMAao27X69u7nfKWE5n5hqu28Q0JW+76LGOKm4bxpF6ppe+phTXUSpKFxdgaqfz6zvkRCYtA+glhiERjipeF5oRVJ7kJCI3RCipUQc59kMUiPEhETACaJQsDkXABUxMgVGK11kDkRUenRcVM4xVgV5hwDgPbNnZU/V5PTB6XsfPPnkO+9ePjyZTirv3fnpfL/v7lebBBMxsLbtqqoQg+2+u7vbsOO27YPIbteKiIhuN81uswOzrmk1pSkRjtg4FW02TQxyejF/8ex6UhezabXdtXVVItKkLh5czK9vt+tdmJU88SZqVFToiot5VWh0ZkDcRO1E2yh9FHZcVbUiN70ZkHPFbD57+Oji8dOHFw9Oi9Lvm/b189uX39zsN12GrQAe+qkM6Tx4iGiYijAlWlQK/EE0UARkX9XVtKqmk7KuXO3RMxAISq+hlRhDlKjQCLSK0Qgw+fjSH4SDES63eWokhmIoCjw5O4cx5A3GdDQbZ6XpLNOYlpKO3FGTO/S9kCJLd+hq7WehSf5H70iixBC6rm+bptk3+82Wffn0vSdhv//816/effcCq7Lrw4tff921PQG+ef5yenLy8IOPiqruQ+ya5uT84un7710//7Jb3/f7XTWp56fn9zfXZycTZL/tYPLw8U/+8I/ubq/6qy/u/u2fvf7iy0nlS4ZtD4VLLnZVg+liVi5nq5v71fUakMQQTN/53ndPHixfP3vV9saEncD97Saq+/CH3yHCsiJ2WE5cWRF7BMZ2326uN5vbddN0VBbVrI5diF2valwWZhb7MKkK0xjFtpum27TpEzJRQPSTWrvOT6d+MrEQqPAiClFRlZjAzHk6LWXmtGQjUxHwTCmuqiyYELwjBGA058AAmIkZGcF5IkIB4IKR0XkqCm8I3pH3TAR1yczoHDnvkLDwXNTFdDk/efTwweWD9967nM7KyaSaTiZdHwBsOq1ubjer1W6/byfTerNttru2qsoY49WbO1Xzhd83XR/iftcCwOp+2zetxCgxqojGeKD1QTbS7rf7GGSxmL54fn2ynKro3f1uNq37LjrmJ49Orm+316s4LXxdsImtmvhqFaaTik2d6bwqq8K7olRybZDQBQfmnOuDxmimGvtwf33361989fd/9dmLr990uy4zWtRSTJWoSbR0QpBQ1Y6dezSwCwhHnQwCoSuKsqqmdTmf+ElBdWFo0WInoe+7tu1iG3QfYBetUwqKcJDEHOJtibO1ndilhaWYIRKXy9Nx7mLjhBdGbhUMKjo8XIeANrw00p/FOSAcE0lqrTiP3f+fqv96ti3L7jOxYeacy2x7/DnX5L3ps9KUtzDFKgAEGiDYRHST7G6RCnV0KPpVDIX0qr9AoReFpAg9UFKoFRJNd5MEQIIEYQiAKABVhbJpK8319/izzdrLTDOGHtbe5yZfMjIybp68ec9Ze805xu/3fdijB1RQNYTYhbh942D/zvMh6emDB9bZF164+cPvv/v2Tz5mRJO5YjwsytxYgwgnDx/NLs/nsytk61NKMVqDSLC4vCjG24Pt/d3nXr712ucBdefOy5dVraH66M9//+L7f3jyl99ZzRZ54RBSF3HWiE/i05q7gcbsPXfEbJ5+8gSQ6yYI0Stf//LDD++1TSuKQlAtVucni6OjvV/+ykuzxWrepla0CbFq/GLZzS+Wi4tlU7WigJnlPItdSG0HCmSMJAmtz5xR0HblF7O6XTYbYSf0feK+upFtb/UFf2TWlKQvN6ZkMju2cTuLLGIIYlJDgAg+Sv8SQ0RrSEVFoWd5G0OGkRiMYRVgJpcxguYZ99Tt3LGCOot5boiQmSyjYRqVZm93uL07Prp5ON6eZplxzqmCcxYAl6saQa1180VdVauqqkejweXVsutinrvgw8XZbDQe+hC61ldVDYqLy3nXtilGFZHrv8a40V+tz4Bt3RKCCFxeLIZlvljUPsigzKpVh4h7W8Plqlt2YklLg6TQCRzPGrTOaAptaxGHBnNIoJjQhJBC2xGIiqSYRLFHTu3f2J1uj4pBgUxoyBh21mSFLYfFcKvIBw6YUlR5dkvs6fIbAS5uVMFIxrmiyAe5G2RmlKPFGELnQ2yD+ghthCpCHaETiAKi66r7eqO30UwQU180B0JjzXrdgIhIZgOm2vgDN+CnT6lA183jHn9/TffoAauq0KZ1xclwX49FT9lDZq6WPqlC0YbkLD7/yp1yMokx3nz5xcX2+JOf/OSlV1/4lW9/9pNPnrQXs3R+pcZQUWRlZgwPctecPH1y8fT43Z9QMXT5MCsyY03wYVCW0/3d9L0fvvLGZ4aF/c4f/+snH3149vG9dH45cEQuJ8tNFzuCBOoYe+BkFyQlNauaCC5OLupOnE1FaQ/u3lgcP+ia2itaTLpY3syxUd0e5m8d5DfL7Y9Oq796PLtqBB2ZgqxnE21iTiEim9B26GP/sx59BBUU9QApynJW+aZTIuzZuj3RRFW6zpSlyTMUMdbEmACUDfdC3czhjosZgU/Qx7IJVQScY2f6KoVe8xLYErAyoygY4F6CTkQKaogtU+s1y2xuoepSkRvDKIjOESOOR25vK987GHMxWGiSYYHMAHA1XwHSsMwIYb6syyLf3hldXkJdN7NZRYjn57OYhkWZi+pyWRlnRcW3IfqkIv0fwrr2lZICaEqgAfqWqzF9MWs+W+ZF3qzS48fnw1F58vQMAPa2R4+PL/e2x7duTE7Pq+OVoHbTwhQAdpRfrLqKYKsw2jR1VTmm7cy2nM/UJM4UgVER1gpUsjzd3x3vbkffhhCi975tg+9Wq2Y2by4vl8t5Hdq0ponCdYd2rYfvtxICiIQ2c2WR59aUGZYOQELnfe1Tm9AL+aRBIEhfWgHuLb4om83/+m1GzKrSU7t6hno/lWEk6IFA+qmszqemLZspESEo9RaajUYbFJARO4EB0+d28zuTnBHOFn7Zpb6PFdq0EKLGnxNOBm5ImSgsZsvkWzZ4+Pxd1HTv/ff293eeu3Pw8ccnzpmQpJkt5leQ1oFh4ywNSleUuRAzAq8bG0pM493tJ+/9pKnq86eX3aoOXRgMx5G0ChAFEdSAEmFCVGI2VBhLjOPtUTWbLxbLrcNplju0tvHxwdsfLRarbQpHhZQTAy770ZM0LjMCGBr87E72/HD3dz9If3ket3bKbGDdIl6c1+0KNCbpOiYW6duFUZMgUapDu2pC0+m6LXWdwVCNCUDdaGA2pd6e/8t5FuvGDfKJbUsHbavGEhFY6n+SKcuIUSXE655LEulnB4YpRLGWYxTDRIyqYI0hwpDUWDSouVXLhABZYQYFO8uvvrh9uFeYzLLLPfD7V00x2BYBVXj89Gw6Ge7tjJdVU62aIndb2yNjOabUf4ycn11NpqM8t/PZcudg2uNAfdMhgMSICNrTv9cbF+zDdeB9ipGcI8N9EIqNPT+/6ungjx8eW8aiyD56ePric/s7W+Wi6i4TplaHnKAJ+2W28Hq8SuOMps7EENtFVWR+N8sbZS8kgIoYiUBJooYoltAZp8FXy/rRvZOzk6um9r0RubfJb1igeD0v6VOpaxkbgbOuKIo8s4WBnFMKIcTYBGgTrQL4JNcQDaaNoeB61b+hvPY5NMOmX/0z994+AuK+/WiupdV6DZYlusb46iZS8EzJpNrPTLukL+8U/+DNnZe3XcYUYnxwPPvRu6cPz5sAakTngGbosAnEnNBfXi5B1dCwulqc2sfbN24tz89Xi8XOzvidD06UNKoSM/dBW5UUQu21q1uL86FDQ6BoBLmfW9VXS2ttl7QOgLYQ5aovaLr1bkdRA6AgJ9wAOGOaP7p6dO+pUYUoVYwaI6WYIe0QvrxlxDAxV50kxUlBqWs0xlW1IoVfvT2pfHivjYMyS8ptq74JoWt5rbFmEdX+NCMa6jZ5v97r9ZXonvmbBEHtoMgnI5BkrAltp6A2d6npimHpLI5N0gREmOfcf4e7yGycpsSUFIGZRFQEmNcBJlHgPp6PwExsKCXpxQXGoDNIqA40s5hnfLg3yHIabQ329oa3DvM2AFuLBs/b5rKpnSsm40G1ah48OvEhDAbl6ckFTKgsHKgkEd/FLHdN011ezl3m5stV14b+BNV1HgGZWVKE3jROCEyKCAl7XAekJF0H6sialAQhIODl+awYDSSljz96/PwLN4dF9s7PHr9we29YOB9iS3bVyZB0Na/K8ZCsOZ6vzhEOh9kgxyQp1suMjSNSJCVCpRRRgRVp5ZNKMmwm+zu2KIbj8vjJ2XxWhy5iv1xFxI3a5RklF9bRNmab54U1xrI6Fkm+67xP2AhXEXy6thUoYy+i6D9se4XSmvvaPyyFM9Ohmwzz3FFmuf+lUaDxadUmA8/i5z2CUfv24Dr4/+zSitfYPFJNKkcF/7efGR8VWtdttAZQ97YHr7+4vWye3r9oEiAiHM+iTEuXSZv8yXllmA1RTGIye/H46en9p74LF5d1UghRgFBEUw8yeqZbw0mmOSsBVD5ZjEbTPGILYDXVSk/ba5vmNTESn+Fe1y95IQUGGVl9YQR9xc4WJEoC2TJoVBTAVcQpSogIiKOcu9UqKajvmi4mgc+O3IMueSaDwRktcwpqujYhk6hI7Dk0GH0XOw8p9VcBSXHdi+rT2NYMd7b78LFK6p31CGBylxcuj8ucJUQYlCZJQoQuYQt5DmoxMiEY6umpzD14Dvo5GRH2gwdiZINJgAklKQLkuSkyijEd7eVbI/vC3a1F68fbA+QMjSktBmUiOJrC8eOK2PgAW1tjNvzw0fnR0W6eZ3XTGkZnue00L1zrQznM57Oq8945W69aXFfFlQjzMq/my74XqyK9WVl0rfgEZRCRzgMAO5tiYiIkrJcrm2WLRfXhhw9fePG2JXz3/Ye3bu1vj4uYIhA9qeJ2xhfzWtiMM3NZte+d+knGOzlPS5sQVQQh9VE0SxQFo0IUSgKtF2cpHw3uvHrn4Pbu1cXi4nw+u6wWl8uuDWsgJmIvG+0BpESoSNZlxljDYFAket95n3QVsRYJSdPaVdk7kZRAUQWJ0zoOx6prjYY1tDvJbxyM97eH41FhDQGiDzGEWLfxYt5yNt15Nt/EZ92I64bvZit/nZlRRBLRbx3aF4Y0X7Wg0lM9ATHLnbNcrZplE9qQEKD2yVljLVdNVzomwjwz88vF299/Zz5rjs8WD59e1k17fdNc+1DXx3QtWDOCIcPcYx3BADhGn9ALOkON8jIxEgv0y8q+J0mO14hVx2QIDRMRGaatjLZz7H+xALQRkwIhZgTOcETKcpo3eN7QN7/w/PYoCyH5pu3qdrlcWdDjqLOEmBKmVFpMPjVBkSmFNWYrdTGFAKoisvloFVzLjIWYx7tbJs/IOWaWENg545xhdkUGyU+pMSqOEVBDFFVdBttIXnDMWWgdaNIYxFlCwv5ckxRS0v793yuKAcAwIGKe89FBubdbbo3tC8+NDnfzu89N2JqixICuDbQ9MrUHRcOkTbLHV8EYI6psmAxdXizKQR5jIl4fm9cmDFAmrFctM4eUVLVddRKigBaDolk1vcMWepGgYfi0tQM/JQRkvg4+iiYibpquqtrRaFivmvnVMinlRZY70pROzitIsW59teoGBpP3q9p3SZdNbEP0IXUxxph8iN5HEAVJKSbGNW1pfTJkNxgNt3en+zd29m/sjLdHaCn4lPpV9hqYDQJIzrk8N8YYTAZiDCEmaQPUCXyCuA7t9TsFZVDq9wii2kdVN2A+IhzmfLg3vHEw2d8db28Nh4O8yN2gzFzmmImQuNjaue5EXi8G18yL61okADFeuz8V0SG8NcQCBYiMc2RdBA5klGw5yBWlab1P0vioonXnR4MsRGnbMB0VV/PVT3/wYdOE2aK9uFqdzSrVxASImABFkVA3Hms4KmA/19OG5gG3M+iCdlFyBgUwiHXCeUBRCD3eWlEAvWLQ9e04bQRjooCAE6elAQGwfZdrM3FiAkOYGLOCz5Zai/vFz98xoEkkhnR5vqjb0FSrC6ALsBpTYQ12cbVsA3LwnpxRgOijbMBaxJuC9JrSLEhYDEvuYW+DgaaEAOyctcZYo0lcrCY2aQJrsfUCCCHhVW2twbGLjtd/JiEkRLSWU1JruJeIxqTM1E8UmElFi4KLwhwelc89N9zeKgdDd7ibT8fZzs44AQApcvZo7nZGmBS6REiEJj+ZS+gjp0xZZkIIq7olIhV1lgGgab0x1Hek2i6EEI3h4FP0wYcIgMUgB5G2bmFDfIXrrN5mUL/+xE+9uZvgmcQEicm3XdeGcjJczhbNql02kZwzlgj16dN59NFaXlaNkRSaJnZdE9KsDk3bsabgg/cCxP37TQQ7H5u6a1q/amLjRQFDlLZLy3l9eTrrmo6ZskGGhmNIz3wQSDbPTZYbIkM9J0Wj6CpomzQmSLrWjzOBQWXQtQBxY465lpEZ5lFpt6fldDIYDwrnnDH9q3ddzI9RDFx3ffFZoUOv+xO6DrI9Y18oiIpB6Tqdt5SjQeG6BZNlgNYQGpe99HIu5OCTU16281XbdvH+09ntg/HZfPXex8ezq8ohqoj3cbmqJHpnABH78S6oBIGkOLH64hQzggdLvPQ4spAbrDwtvU4UxxmIQhIVQEbo2z29zhQQU99DF2HcmOoVGJURk6oq9gp3XZshQQFS75oiXPk0LByBVHWnMZHCYtktah+T7wqSIrdMmJJfNVluqE5oiKhPLaqkhGuvQW8YlP5Tv59raeej6GB3F4kkKlljLPefetG3WxRUxHAPKAVEnFUQEu8VamnN0fIxgqqzHEWQgAkiaF8sSCIEQIw9xHQ8ssOhOzgaHB2OvRiJMS/ZObLOqUnRq7W4CPlxJdPMN5GNoSi6Nc4fHa/yIlcRZhqOirPTK+dM6wURjOGmC03rjUEFZUPSimXTT/9QweU2xbh/tLecLXoZ5joTez3qw56cum7kqoi2nTir3IuZ+q9EbdPIudg8a6vat121WOwebhWOy2lxcVZ1CqNRcVU1i0WXOaOYxqV95dVD5yy5zGZZlmV9dR1Vu7b1qzqEzgfxCXyIimAzN7S2acPF08umWgH2EnqNfa9XAZjIGiBKiOBKMBibyofWa/QhXruADCKBmB76BIAKqX8R9hH6ngwkEmJqu9i0YdUGQHR2LYjpQuq62IZk1qeB6w/udXa0d2spfBq02t8VQRWpJKjbcIq6BSymg8woGlA3LTMHKaP02mdKkxdv/+wxMddNWzXhkydXt7byh8edYQ4KnQ9t3TRdk5GmgIIQBJKqJdjP9ahM00zPW37SAADeLFFE5x0+bgABM1GOMDQYZL06uU4tr1nmmwdMen2ugqpaBsdAAIK9fhXSp0JJgMgGVbXxcrQ/YOLTs3nycWhN08ZHlzWAnKmYQjPialWLwGhUXLQrl9sURZNI7GtKgES6gUxCij2NAhIGkWI0ZGdVBZlNnvfkxRQ8NpUbxD4C4X3MM5qvtGp5PCGHnSMlpOBTEnGOe+64ZRQRIlJN6wIwADMaRuPMeJzv7BaTSW4zG4Iz1ghpH22Lwl6dUQLk+3Ob76ZlpyPDPgETWeZq1QxGZdN6ImTDnQ/W2avZajgsk0i1aMrSAmmIsW18OShoE6vKy6yaLyfT4WRnev70rG9FrnXV0DcS1nnotbBMSVPSrgNj0BjpV58KbDh2PsVoMpe8b5bV07YtR6W1hh1fzCqynOUuzla39kZbW8NXXzjIikEfVsizTAG9DyGJihq2aC17T603IZiUll6uqs4ybR/tGkP33vtkeTlXUaae7gQKwIb7qSbajPJSAJKDrlO/sZcTAhM4UovIfaIeEQCCYARV4LRpDopq3cXLeeMym5IOyiyzpv9MiqJVG+aVN/ApeUv/HMraNIj/iSO9xzOuR6kakp5VofWyNoknFhqIZh2ZUVaUEgZWXn7xjiX4wbuPQNVymNf+wenyxoiZYeF11fgUvADUkRBhYHXH6U6uW5kahMtGfrqATqJjSkhPVikkjKqlAUfYCkrSwkBOaDeWzriJLG+WK9qHhnrjHCNmJAa1dxBL/+rblNMdYwdgSbsodYT97UEUcEUeKN5/PEPCqyZcBdGDgYkptKlaNuWg8IBsDCQJwV+fInrK9zqJKIn62CCiinKRcZkDs4iwNSlGwwQo3WK2TV0PK/Cdzy10ES6XUBY8yeNWIaWl1SqiSJExIqQoiMqMMagx5ARFABGYMXPIjHlmhgM3mWRZxgnIK+eG2xRIMETxgvPO2YTMvAz2pIptkNgQMXufnLPnl0vrXErSpsjMq7pj45rWS0rGctf5pmlGkyKEVNddUXdkSDfp4qzMz4/PpzvT2cVMYgTAZzUFUBUh7qnCn1Z4IYQoMZExABpJAYSNTTH2EQgUCSEuL5f5oGBDMYZl1WTbo4Od4Yt3D45u7SHZCJwZx4SLOnadDyGBpH5knUKnKYkqAjtndjLMc51X3aoNk93pa59/9cn9J5cnl/WyVlVCQiLmPloNiixAqhKV2wQ+CgAyAqNmjI7AMZj1qwlElBE7xagK1MfdQBR81PNF59Piat7luWXD0PtMCUPU+Sqa625oD7ehjen60xCnjQ1602tSqAGugnYxEGiMaSAkmDWequAiZOjYBm+1fWGvxG7r+x+EGsSOsmUTpG2+utu83RkLmowGoIHVHSelBURsEz5aUZvUMmUZlpoQKQBaQwagS2oJfdIqaC1wHsgR7lkNsH6Lpg1/S9byGZDNJwgSOgK6zgoiylqHBbnFRnAutIfSJY2CW6MipTTdGlSLplWsFu1s1Xa7O5Nh2aya1bJNos6Zy1ltiPsCDHH/uAlc96d7re8msUXW2LIwedGnjDY3Jm2XjWlWxUQZ2Ps4sKCIV0vMC7MzMremaW+czxeeCqKSFbTrYttJ5kyIYjPMc0o5pKRMAKBbUyuA1rBl7I+6tceVt4BJBQRh0fqQ7Ly1uVUFFKF5l6Xg60TDvB8KIiLMZ4u8yJvGS0rBx6ZpJcnlfDkaD0Tk8nzBhhUg+DC/qrb2JmvGVEx5mc+eXqQgLsvaXsBI61MWEmoCFUFiTRGvh9i6dvtoDJoiOheVVIGdFYkQgQyx5ehTvayLQaFJg4/O2VdeOrp5e1+AQqLRcMCMVdXWTScpkQqJUA8PQEgEIWHro08xNzi0TCWvOq3qlpOUZRa3Rs7Z1XIVQuwfQ+gp7L5rSQnUd11b1ykGA2pIHaIDyJkMaa+tV9F+ErGBwSgQ9R/NouCDXi79oknEtA6UrjH7ENMa9LRBEuM1ghHXAy3aXK3XOVRVECLyQAu2GP1xHdqYplEHCWWglTeAxmVNTktorwYmvXI0xBR++NF5E9AyXXn60MPYRhK5OUxN0kVAL9C1gAQRMSIDY0CswlqVA0SCFJIyKiJNhxhbsYzMdNlBTICgBGLWthalzQt8AyBRVGWEwkDQHm1EtDmAI+JloCtPwxEqQeOByJTOsGFGDD5G0NN5XRu7e/dGH4xqOm8z2/rUtpHYhc6bzIXWJx+esSIlosgznwgCOYdFbgeDTXNbLbPvfJrNd7JIqjGkcU6GzazF4YAPtuyd/Xx/RMtl46bOGkJEY3C57OomNl1QocyRs8iEPiRmQoDpNAuJmi4xiiYQhdbLvDFJaWxDF2VYQgRadDapiFJKGsSEFLVPjwASYVHmZ+eXIppU5ldLNkZENMmqaoBIEbs2XF0ui1EJSPPz2fbuOCvcEiH6mJd5PiiXFwsl6BkoeE1BQVQiiEn7MZnqM5H0dWJZFHxAa1VDQiBjRAWikjXEGrogKWXOlmX+4vMHR4fT1gtZMx4UIYT5rE0qBjEvjCXy3sfOgySfPKjmxmTGAdi2DfXKs4GRAZdbyBh1dHF8sZhXhtkwrx8GkaTiQ9DQEmjb1L5tQNSg7jDsGnQMLXCj60V673WN0o8EdD0hZ16L9HojTBTsHYAbp1o/ujPrHYReW5kUdSPk/ZRfVHG93NSNnW/GllVZuqs2tlEmEUZJZeDqiiQuqm42wG4ycaDw0s2xiLx9f9b4ZMh+EkZ72N4dVwtPjyrsBDKDTLBocRlRNGE/a0HIWHMDQGgJcouGmSwtwe7uwr7TDsgFPPVUC7b9D3/nWYRRURX75XgSYnQZOVZMsbBadRI9GAQBqANeBewExjkBoxBVAYhNu2qaVQdRui4mkfM2lK88b6yrqpXvYg8dvbqqugCQgioaZ+PVAkTWP0lJUK8vBdpPG8BwNp2gsRhD39cOPqRldThIGYMg7EzcuHBNoJtj3h7R87dGt/bHV5eL6chGH4y143EuKSzmzdPTKgScjDNnMcZkDfkuIZFz7JxB5qtZR4ZiSEZsSrL0dpXIDUPwzWyAQLwKps8nhxAqNKgmqQaREFWVnOOUUts0xtlm1Vhro+UYYtt6BeU8A8L5xRKdIaam9nXVFMMSAGNMkiQrs9WcRQS5f+TWZ07p33hEmoSYNpYWhp73ca21FIUYgVmaFvMMrEuiEhNQD1eTre3xq6/duXkwWVZdVpSTQbZcNU3jnbODPBfVtunmy7pPqxmNzpBlkBRSTKDqjAFyyyZACo4JmKa72299dfz0/pNH957UVTDO9NdYiRJjki6hSOe9pIQKE6uvDfTWUA3qeccfNTwXTP3gWimppn4gQ6K9uqSPcauiEipLWps/RdZyEVUwn377XSNGN7N16WWousGqfkqhqIh0aTJJsBWb1scQVz5ENwWj0beL5JvJ1LZdzCwJwN3DkTX83oPZog655YD2zJj7l1UKqXR4ESgoqurNke6VSACO0RooDDAjWY7GorPLSLUSqIUMbR5KxrZzk8QQEYQisIYISURkbSRQAZHBqJgOga5mxof9UrYLeudh9+4lxKRB1AuOMxJEAUqo8w4V6OKyMkhb01HT+cWqW7oBGLes2tXKJ9Esz5qVny98QA4hYObaVZPqFgGgb+722NnrFC4iIObbW4PpVKKIKhGmGKVe3RqEgaWug8O9wdHOoG7T0UG5t5UdHYz290fVfHnjxtZyPmdT7uyMrSHv666tD3bzsrTjcQYAvvXEHHxKKbnMWkMuM8OSYsBVIJFkAETSec3TzGozP71y2cAE4ZmH0kBMsbpqJ+NSFFofvQ9KjIxM2DZtyRS64LvImdUkIcSUklMEwnZVN1UukgRgdr44moyAKcZYV7UxnA+yrukkoK4NdxurrQLyWnVNxNpL2okxRbjmHq2NHcpMUreYKzqnSdgwEo4H2Vuv37p9c2tVd8VglBdZ45O1Nsts3fgnJ1fee2f62EdKMfoodZcMoSOyfVYwdihQGK4SX628IXQuEfPhnaPJZHj85PT0ZNbbZlREY9AYN8BLMQB7Dm4N0l6hiMCIp42etNj0DmXoRRTQ5wkFUEkVZY2fIESM8Myy9Uxjb/A6n93nYzZo0/XVpt96rC2V0r8Se1JYH9eYcVmT2fbNMIV51WT+xMZ2UUBBsGpUEqXMEKES7k+K/AX+2ePFxaLdHuc3Dg/2j5Z/8cOHF21yFguCgxLuTqHMcZxDVhhyJssYcpucvUhFazKO6BQHyXg24UbJy7NUMSY2AhhUlEQUQkIf+6cRUJipA6nqrjBGmN+Out9CzRqdsoqLKXQaFCOiB2iFZx20Sc9nTUogiiGE08ovzLCbt8PMxBjzPAtdWsybuo1qNIZIxO1sCakfVCpiP7TEZ8d6gHxva3LzCEUwRVLFGPO4OBrrOEPf6QsvbO9tF5LgxkF5sDPY3SmHo7xt24Oj3WY5Zx4fHO6wMSrh4ScX1vBzr+wCSJ47VfU+SFIRSDFmuSMCY3E0yFZ12FJzvvRWdTerLlejRQNjSPNFY3QCgBdVpDGryNnppcudIep8WC5rtuyczcus8yGmpCptGy2ApJSS+i6EpP2FsF02/eh5PlvudtEYUzdeUlMM8qzM2Jq2abtV0+NyAQGJNUYERGPWyxvoL4Trg9m1JpzZEFO9aq0z1HagynlhmFPwz9/evXtjq4uxHIzLoiQmNtw2zfnFvGl8bnk0ygEgJYkhMGGHSZKGFDWmulGiPokpBkNOCoZqn+o2GAPMeH42k5gm47LpQuyFSCqYIqoYVVLNEMasjrTXA4tiTNAErOTaUYZ9l3qDiVknQ+B6PbopEq8J2qqqaHQNh9fNAINA12XCZ4fUNTZhA0xAVFHciAdbV7Q209lZjoo+XJ5fpYEbF7bA5DP0ng0zMSlACGlvkh3ujTTG7ZG79cZr08ngX//Ru45xWtAoiy2AJ3Pmho0phTMgAyZDZ/OBe/WFg4nE41ntqJSsPHz++dWqmkSaZCO0RTIGXA7OgkZIQUOXvK+buls1qQ24XMrFWTw/by8vj32XD9q8SSlgltn9nOZdCkyeuRK9CmiAzlYhJEhKAnCvgeUAISQUZRBxWi+b2axKShpjTAJ1k+oGkHs0fe/xXfe2RZRwdPNweOOIAUCiSrIapmY1LcMgsynoS89NDvdLZtoal/vbw62tgbXQde3+3jT6VnO7t7/l8gwBHn38pGvCZz7zXJbZzvu1MVOk66KKIJJzlhiRVFLKi0BoXOGWdWBquk4rb8ZTV1Xed43lXGNYVL50Jnh/cT7f2ZkYJt+F1IatbVuUeeeDCmZZVi0acoYQkSl5kc5rsmyM7wISqmiIcX45N5mVq6QIKSYidoUhZ1KMvumuf2CQDcQIvKHrEmoU6HPh8J9IIV58+XbbND/74FGW2dQ0WZ4Za3eG7o0XbzLw9miU5wURd6JN41H0cGssU00pxphEhRARixSi73oeh/jOOwpOxCepvCxicphQxSiioR79MNjdevDupYbIme2LLyqpn59kqIhAqj6Jj9oZQIXLWi9bCAk2lBe9ft/3lSbpI22fYjNdd3d1PQ1d7xvhP8Gkrt976/WqKiDxtff6+l/u64MAwEw3WGgxXylchdQanoCkqm181GTGOWeWSmeYMYp61ZdfPLp5tG0zd3J8MbuqPvfZF43hf/8f3pkO6O4OfiTji2wcsoKLHHJrh3k+yfOdYdjeOnvhjdF4C9vOZiOwBWfloK7Pzk5TiItZ3V2m0F2FtiMU76MltqjjCRl2nGfl1n755udclnPSZlHjxaPiZ++fvPdxdf/pVs4pZJVoXlBUXSoOHV0k7JrYptpbe0zWMItC2/pBbpsmnF8sfRSwFNouiWqMIAoGUWVdiullSgTZZDg62McswxRROcWYQ3dj4Ec2MjMCPHdrvL9dZDkf7o52pmVZOGNAUbd3JpoiE25tT4w1RHj6+Lhr/Esv3d7e21ouFjll1HecEJhNW3eD0QAA8jITSaBalMl3/sZweHG1mo7VcvPxedweFwOjy1gz5tslX1VNabOdrfLpyeV4VDqLRZFdXC69T4Z5NCqrqjOZZcv9CwcZu6ZThRQjEqaQJK2lyJdnV6OtsYJKTDGYYuhiCESUlUWKEnxApj7YCcywGUmgrP26GwD5OjmZUnrv7U9ef/POF77w4o9+9LE1lLyfbNu/8eUXD3a2srxgYxWxk1S30ZDmzihgiMn7qIBdgpSSxLSOuicBCcjYghFDDDpwAnWYr9q27RwBGhYiizgYj269fPfpRw+iyGZwgqpqELi3CShceLhX4VaALsHjFVQRR4yWNGdggCDSCa4Eg2JQDQJhc868NujKemi/HuAjgtHNBea6sbsB3W8ETBszjGwUxNdNJ1G467hYLWcimbNM1IboJY0tJYldTDulHWZcW80sNSEcHU0V8HJWb+/YV15/eTlfzmeXb71x5/7Ti7Pj0/dl62k+1jLjcQmjkqelbk/M4eH4+ZcmRy9MRkdB08Xxg6cfv48XZ29fnDqRB+dzH6Kv42omZe5C6xExhCRBMQmTR4xsTM4wHWXVMu7d2H/1S69tvfHG6KtfHa+Wqydnlz/+Pv7op+2TWSjzGCiU0ORGRbokdYQZYswsq4YQMabM2eWsqhuPxNHH2HpFxN49uKa6ICGqJeOKfDy0RVFfzl1ZTO7elNANcXU4SEOTFJBR93eHh3uDrUm2Pc3HwzxzxKzGGuuMxA4U8iI31hLB+fFJUzU3bx/tHGy1TW2sRUVA8d4bY5ht13ZZ7lJK1rqe4Z1itC72ZMoQpcyMMVVQ2d4ri0U7kOUoG2iEFMKtw/HVVXV+enF0Y3cwLJbLputCkbtBWQBw6EJWZGRNVjpVbVaNRunr4SgqIUpKiOCbbkVLYkyiMQSkgplX8yqlxFkWU/+661+Ia5lXj4DT9Qher7v31/m2H3z/w9/49S+99urtd969t3M4/PYXX3rtzn6WOUFIIlVKSdUSMmmIsW6D97Fuu15+1Xk/n69Wi9oQlYUdZEgpGtWGHbqMjcXCDK3Vyl5ezPsjtI+QEtg8n+zvXJ1f9izmHoNvEAigT1NGoKctnLR9gBtHDkcGdjLYyTVj8FEvGjhu9DxgrdgJtApBBBFJof/4IQAv69RL/+RxPt3ZuJWegWaAPtXt35D+qY/tbwAzApRbvk2p6bwgJWRBNkwgsvDSJ4DaIDGqjxoFg+iwdL1yDxS89+OtSR3l/sm5LbIfPlktbtx1N3eksHIwSS/d3P7Sl+98/VeP3vr5jvMn9+795Z//4Tt//aePf/w9/+Ahzhe+jsHjbjkcunLAxd5wa5iVk+FwOhxMhoPp1mhnezzZGk+2t289/+Lhi3d9ssD58moJ3eKHf/ndn/zgx48fn+jBjfGXv7H1lc/nd27wtn30dH4VHG1NWmtr4+Y2W9kMiRhJQiLCFNPlxSpFAQDftBIiAmhKaz5dv1wl5Cwna3zTLM/OXGaPXrjttJ3I8qCIAwsiCpJ2t/Ib+4OdaXa4WwxLtgzWGGsZUVLoANRYmxeFpnh6fBq6uH+0N93bQYRqthgMRt57Y9i33ljbg/CIoCiKJCkfjIiYma3NEDHPMwQpimyQY7VcjoYut1paKU0cF1x3aZDTILfH50tEmm6NjTF13bJhABgOyijiu4CI5bAoChdCJESXWWM5JUkqGqVvoccY1zU5EGONK7LgQ7tqe/uJprhhufSmP+rrXet/1lcr4Rq6q4YpKTDIV956/pOHp7/x7S986fXbSTSSXURsojJIaWhgkRV8F0JIKtr61IaEoNZyljufYFa1V7N62UQ2zDGw96su1REAISUxhl2eLVe+qlo2NiRJIqQQuq7rQkySYoIkPeSldxIaAkPQD/BHFnZyPCzgxkD3B7pbwshBRqCKQcBvjDOIQKAWwSHwum+hqEqorMCgpr8dX9d519ziPkatz+qJvfXlU5h+VIACQUNIqkgswEIkIg5hYFLdxdDEseOkUAftEiCqOatAICVRxJBkEdIn57MAusKseO5Wtbu7tHF4++Dwa19/4a1fCEAPH37yve/8T2c/e487PyzKUVFEX0jVzE/n1VXVVI0QL6vkFy12msJ6itWb+6jH5BC6nJ0zeZG7MhttT86OE5qJ9WHx/pMnP/7Ebk1Gz928+eW37n7zF7IvfrL6i3cWTy9o3nIbMUROokl8TCgCgKsmeB8RIHkvIaydOtdSkWs2QdeFNkVJw+3p4Z2bJbRDWZVWSUASAcDuJNub2vGAd6fOshAgEwMEXb8uFIGcM9F3p0+P2dgbtw7zwQAR5xeXRTmIsT/jkCTpTy7loEwxICoqpBjYunWZAhQAyrJMKTIP266rm257Unofu4iTFAaOTxbd1pFl3v3w4WI2W+7uboWYuhh8kOGQ9/e2mlU7m1WZs1nGW9NR3fhhmTWrBgDYch3XBSJQSSFmRQZAKSYVKcelb71vfG996wu+gH2mTxF7LvZmJX3tRwJQ1RBj5sxq1e4O83/wG195/sWDs4Vv1VHEwlJOYgAwpCaAAAHb6XSAhEUT6s5Xq6ZpfRQsxsMd51ZV3SxWx5f1pDAuRcbUcryKmmfWGCbE7b3p+fl8sWxG4zLGCCGuxfAKAiCwpur3Z0ZWiAoOwDFOcxo5nTodWM2MWgZCKB0PHOReMoGowAhRABEsqkUF2BxQUWXDfeN8aws/NQ5dP3sbsO8zAiI+W+j3UgtFKlCHyQdRRVKyyEaAkIARMkYRrUNSRGYMSSPiVRP6+mmnGog+mdXnQVpyy6xs33jN39h54StffOOX/tbzz33m7Z99+Me//9v3f/gDnC+23aCAYnXSPP3p/cc/+ujJ2/fP7p3NTxf1rLG2/Pxv/bL4cPbuvf4l3L9p18XEJJoktaFdtKvL5fLk8urh6cmHT2aPLqCNo/Fka/8Aol58dP+Tv/zBo4/ujQ+Pvvgr39r//GdPcryQQGyAWBBTTKAQUuqaIDGhqO+8Sj/dkk/duXGzXFVkGm5NRjvT7QFtGW81MaIhVJWDnfzmfj6duO1JlmecZ1aSVxHrDBOCJpc5w6yq58fHeTE4unlos1xS8l0rMQ5Gg9Vi4fIyeO87nxcZEBLScDxu65qN0aRs1ulEtg4AXJanFI2zRZG1bcvMRZFljplpZ8yDjJjkcDdnl99/dGVtNp0OAcCHIKqjwjHzcrkqBnmRO+eMJM0yWxYuJnGFi14AwGa2T1vZ3Lo8SyGyZWMtMrerRpL0IxzY1EQ38mJUlY29E2hTLmdCZuo6f7A9+vJnXyzK8mypwPkocyOGMcZCI61TnNgpJgWRtGy6xocQIhEKYN34GIJoiknYIDM2bQcGfQJMySAeX1QxiRKRMS53bRd801lnJITYtp33IUmI0nMRempr6jHLgAKQMWxnUDrNWC1TZtAwJcWVp6sO5gE6QQHo1hVZNKi2z8kAhE8zTlV5ON3qO4LPiKgARHhNXMRrhv6aLL6pWhA51TL5JCBAQqTIxIjETGBADIIhbELyIoaxyF0kvGwDMEWkGfLDqGEwvMiyD184nHz15976pV+7Go++++7bf/a9P3/vBz+5YbOpGdSP5598/5OPvvfRyQePq5NFW4XQaQoavTbzujzcm7zy4of/4a/9fCWqKSZJPd+k11tvjHNr2wYzc7Y7ChldPjg/++jJ5aNTJndw59bundt+0b33nZ+cnV4eHB18/m98Y+vVu49DWzcdg0YRAI1diD5CTCmGFOI1UB0Jr/9+faAy5MqCjdkd2b0BsqzPq0x4c7+8secyB1tTNx7llqBpWmNMMcglxZRSXhQpxhhT6HyWFzv7eybLQ9cSSNc0xaCI0QMQMiUfVMTm1hgjKWVZnhVlNV8Ya1Pw1hlVYWOJjGhyWZZSyPMiy9xyUZVF4VxPpE772wNDMCz0cMcB8icPZsWgLIpcVIMPhmk0KpvO+xDH4yEB9BqpvMhjEpc7IkpJXFm4wvY77sF4kGJKIbG1KSUk6uq291c/a+dsWID9D3VvfkyiSGgMWWsO9sZfePXmF998frC1j8V4Op0OB9kw55xhZMFATKKdSNTI6lHaalUvVs3FbPn4dPbwycXp8dXs4mp5MYudZ0MCoqpZZqNiRPACiJBn5uRk5ttOEI2zCCAiqfOGILZN8CFGiTFtYKE9u4YFMCgIgGXdKaC0mhQWHdaJuoSzFk8bOGt1mSAo+KQdYATsm3e8mWwGxdTzmlQRkUeDAYmgCK3jQ/if0O6JNunRDah4U1fsR7dl8KKqiAIkuB6bG00WlBEY1BEKQB0kiAwHWbJ2JpBGxVNn6tHgYpgdf+mNn/sv/9ujoxd+/8/+6Lv/4rdXHzy+sbW/O9w6e7p4/7s/O/7RJ+35AroIUSSIBAGF2IToIzEvT2cf/tH3Yt0Q01orrs/cpgBA1rC1yYcegKxsfu7/+J8f/GcvPfmje1C3sYvzBydn798P59V0d3fn7p2g9M73fvzw8eNXXn/5V7/6ueTo4fl5VmQSk/igXZAQpR+HPlPbwebuvJ7MKCEoHO1PjrZzSKE3wGQGbx8WR7sWIe1sFdtbZb3qvI+DUVEO8pgiAOZF1nVdDClz1rpsMBqxMSkEkCQpoEKWZyklAIg+GsOqaiwbl6WYEMnlBVtTVyti47smczb4xjirSYnZWut9V5S5MebyYlYOiswZVQ0+bE2HklJuYXfExNm9p5XNssGgbL33PhZFXpZ5VTUAUBQ5IjaNJyJjjYIaa1TVOJsXZjgq2rozhotBUc2r/szpGw+EEkJ/CPvUuWrD0exXqZndnhY74+zW/ui1u/tvvnTrlVdfKqa7kQvrHBJ3CVYhRZUmahUlqEpKMXS+6zofUowSA0FiiE3dnB5fLC7nset80/q6M8aQoa4NfdHLh/XPirXm8vwqNG3XdGiNJCWE1PUgwy4kSUliWo/cdNNxBYAgYEn3SiwtRoAnFdxbwpMKHq3gaaPzAAlAAKJAKxABAYB7oZ0iAHiBBM8cpjweDhmAVY2I2fyVVLhPXfYi4fWekdafZbremSRQmxLHGBSgz0EBkAQLgqCk6lAMATIl5hagiqkclTQqLws7mxazveHom9/+/C//5uzDn/2z/8v//fzPvv/cYGd4eLOd7tDhzZNHZ93DU1rW4IN0UXzs1VPShRTSZmJELrO09qj0hWOgviDMjAjsLBlKIeL6WgttkvMfnazePl7L59gQcbuo509OLh4+yqaj5199dfXo7Ds/+GGd2V/5wlujGwf3Ly9T16FCrBqIUZNscrR6DcnC9T9QAXGZPTzamY5yAmFUVXUGDrbc9ggs6/ZWURZ8erwApL39CTH6rsvzjA3PLucIurU9JWLuN3PMXVMZw75ti8EA2HRNjUTBR2MNMRERs0FASZGZjTXWmnpVO5s19cpYWy8XeTGQJERESHVdDYcDUJlfLQbDARN5H1KMw0HZdcEaPZg64fzJVRtimkynPsTWh8l4KElXqzbLbOZcCNF3oSzzGKJhAoCiyEBSkVlm09ZtXuYxpHpZW+eij77tkGktKlvXCvuwpKIKiBjGlIKkdPNw7/WXbr/03NHudBIV2ygOZSfXHZeOSj0sYNt49isDiRh8iE3T1Y2PIdaNf3qxOr5adV0clcYZCiEqQpY5aziGSEwxptmsBgWXu671SRUNI+DsYh69V1VmhpRAU2ya6EMv2b2GF/esz3UbRJUJdkosrIQExzU+rXXW6czLKmlaG0hVAFrRKND7z3jdLoAI2COe+oMnTydjImREJiRAi5ghGBWjYkRMilYipUiSMCUSpXXkbT3D8UQmBNK0jh1JIommDwxIsCBMGIAgs5g7LbKV4TQt4u6geW7nzV//e8+98bkf/Zvf+d7/919NojncP7ictU+W9cFXv/h3/uavfHj89OKnH8CiSk0nPgIgGZuaTkJcP22bqW70sZ8k+bojQ74LbEzoAlsTVXwbrLXXL8nFO6fVe6d9xU1F15cTpmxYJkOP3/9oVVXPvfHq3Vt3jqvq9999760Xnnvl9Vcez66Wp2dGQGKCPoG83nWtaxm4yVyVw2I8GalgmXPGohIzi9sjk1stMtia5kz48MGVs3zr1k5KMaVYlkXo4vHj0yyzu/vbRP1NCbOirKuFdS503lpnslxEfNsYZ7umcy7L8rz//VtnQ+eJwJiMDWXWeu+zrIwxphDbps6KMgZPBIhYr1aTyUhVry5mWZYZtk3TqeqgzJs2GNbtkfFYzmq5vJhPJpMQ03K5Go7KEGLwIS8y5+xyvuoL4iKSQjKGraHQRZtlMSSJyTpbL+vYhf4kIjHCtSvpWheuSqpEGGN8/ubOf/E3v/QrX3/j+aOtaWEN6tBqSZElpOAl+uS9+C40K2kqaVZt56MCqLRdW1U1xDiwypqatltV3hncHrlBZpHQ5JnLDapaa5LI5cVSkuS5jTGKostc2/m6aWKILs9ABGLQ0MUQgmjvaF6n6UBpo0kDQEs6LcCxtgmPK7zqwKsGhaTABIxAiEG0EwgKAGAAzcaJGBRk80ADKI9H4/6AudkdyPW8DwEtgkVgVUpiRCgppIQxUkws2n/FRIwprs17knq/NKBiSgwqSMKshYNhAZOhOdhKu0Pz6p3P/uZ/NTw4/Kt/9k+Of++7k2wgTbj//Q+qs7k1Ng2HF4oPf/Je+/EDmVVp1RIZsiYsV5Bk45RGZFLFxPiN/92vTl87Ov/w7KXffLNpw1f/4S+fH5+9/Eufa3x36+svv/zrX370/Y8wKTIB4LoNdn2wWPtdSRF3Xr61jOpjnM1mcrh756VXSoQ//usf3Zrmv/C1r17Uq7PHT50CJNG0/tZcd77646l1lpkkyWhUjgfIGHMDo4IJ0rA0B9u5ihw/XYwm+XPPbbVtJ5IGg7yp2uNHZ6NReXhjt+ezqWhWlqFreyldijEvB2xcs1qqJOOsb4JzzjiLhBJjVhQxBlVlQ8SGuLeOMLM1lhezhUhioug7gERsmno1GBSS9OJs5jLjrK0Wddf54XhQN96yGKZWyhDh0b1HWeaMMU3X5nnWL8GNMaC4nFd5mYcQQTElzTLrfehrcst5RUQxpa7pVIAYJaY13QwAFUSSpNQDjUpnfuHzL/wvfvMbL945VEUijsC5c7k1w4wnTrczGFu1mmJKXYxe0Sdpm/ZsVj+ZtfMmNVGbLi5bL6rO8qAwjDDIeJgbSyAiCSjLDCIWZWacnc9WMURrKSXpu53eh+CjpugyJ76BGGKISaTf2l+PjuCZuhMswyhDZ7AJcFrjIkJUSLB+6VlCIEzavwkRABjXSSHZOH37QQwj8mg4UgAAMkSIwMREaLnnRK2Bkb0im/rZjiiIsirGwCliCCApKvSjkJCSSOovjAIqiIEInJHM8t705W+8Weem/Nxnnv+V3zidX373//qPw/fvjXe2n7798dMf/AxCwBBS3TYn549+/I5/ciwXs3S5cEVOhN1suf4uIoJiClEV3PaQD4Zf+e9/SdU8/cnjr/53v3D8s6dv/tpXHvzko6//d79+/Oj0rW997iu//tX3//y9tOp80/brPqRriAAhExARsyoefPFVGA1N7rZffuG0Wpy07Qv7h/ujyU/efX+5nH3ly1/Ih/mj+4+ot8Cl1Ncm+hN7v7/u+WKjyXh7qyhcsKSOAFWY8PlbQwJ98nS+uzu8cTgKMTBjkbvZRXVxvtzZHR/e2CZGNhxjMtYpqIjYLPNtR0QuL0XUty0CsMu6urHOucwhUYoxKwqVlGI0lo2zbd1al8UQbOZUUl5mx4+PjWEEUY0xBOtc13mXO+vc2emVqFrrlsumabrxZFQ1nTXaeopQuiw7fnQSuuCc7T+YU0qSUlFkbevjmoNK3kfrjAjEKGzYt11dNS5zvvVIKGkT5dvILMsiH42G08nwa5+58be/+cbXvvCqp+JkBUtxl95cRbuIvFQzS7bmIplCFUkCpugICKWJMPeQkuQGo+B5i6vExhpCDUlDAi9IgBkjqTJqF5KPai2JgrV2MCxWq2ZVNaKa1tFwSilKTCCakarvQpTYT/cSrHWFqoTXV39kgqEDS9oFvaihipsEOqAlsISEEFR9gqDrh9BQ3/iGKCCw5pECAA+Hwz7ivQnNACEpKK+5Wr1q+NnacQ0z36RnGID6t0ofloT1AKVftSgiGKPOwrCIO6Pixf3BG69PP/+F40f3f/r/+OfFVbDWffJnP6qfXjlrtKfehCDLFV4utPNSNTYzJnPtyRWud76agmSTwdZnbm+/+fz4xk53vvzp//xX9/7Du35WffAHP62fzt/5/b9uz1fv/+GP5h+dnL3/5L1//0Mb4OYrz40Ptyi3bdX4Vdf/ufczUyDqfXWd4Rd/7vPNqj1v/Ohgd//OjYefPJx98ujmjdunj54+OTt59c2Xi0l5MZujVwgJJPWHB9rQ6IgpK/Lt3fF0RAZjfxaIId3cL3em9vhkubU93NstY4pM6Jw9O1nWTRqPit29cZZbJOpaz2yRuPPeWKcp+c7n+cDmRfRdaDsAtLmLXTDG2CJjYhDtuWv1cmmtNc6lENvVymVZjJEMg0br7OnTc2O5R1q2jXeZ8z4AwHgyWi5Xomqsvbxceh/K4bDuIhCvoglKeVleXc5OnpxZw0VeNE0bvA8hFMN8VbWp5zUBxBhd5tq2S5IQsVnW/bwqhUjWaJLN/FjzzClCbuDbnz36xht3ssH0yruOCzC5siXrrLOAqGTQ2IiuUbsU44VANYWAKQ05scrFKnUhjTKYWKi9XNVJVacZZggh6aKTLqEzIEmIsAtpWfnNgFKzMm/qbjmvAJCQbGabVcOE4oMBwZhiTFE1iYiibGaRjGiY+luMISyNGpSQdNZikzb8UkJL4AgJIQl2/UsPgFHtmmgKAhjXAmxA6N+EujbG9K++6yAbgdImLnNNTNrYhhUAZG1ORwFMm32IIkbATrRRjETgDBQOt8f1fjn8ylcOX371p3/0B+/+D/96a7qldbj377+HXoxhjQn6nUIUSEm919bbm9vQ+u7BGTGDQqj96GDr9s+9vv3ioW/ai/fun73zoFtWqfYaA66NKwAigCqtR4D6ajl7erG4mJ3cf+rbbny0d+ONu8XWoLpchdoba3TzwUZEq/mi8h24XKp276UXLj98EB4ezz68d/Hk5MbzL7WL+qOHD1/94uvjrfHxvScUE/RVi/WgGRCRLO8e7OztFCwdS0+YlSLjW4cFQyrLbDLOVCIRGuaz0yUbOxpkW1vlcJipqO8CExNxtVwZZ9mY6mqOgMVohEi+q3txQjbIQxckaTEa9EoTSdG6fDGbqarNMkBYzucpJmZiphBDXmTep/ms8j5lWSZJmsbnmWuazndhe3siSYjBWHtyukyqQBYA2oh1oFXbWWd9F58+OmXicpCn9eRejeEYUw84TRJ77GKfsEkiTdXaHi7KjMwgkpJklgpHLx6O//63PvPa3aOGRp0ZqSuADCEykoismrbpQu1j1cT+9FM13cJDi5mSVYHzVUpC24UJMT2ddZrSjhUUOa/Tqg3bDgYkreAqSOvV9rxGMopwdVWJCAAuq8ZaG2NqV40kTaLIFJrWEmoM/ZUq9ix/gesqH16fDAEJNTdgUEOEhYc6blIsiBlBxmQQkoJP0KuRCcCsxXX9kuN6mAA8Ho42p4T1hmFdzodNlmaja+vx26lnSQOEXnAjGgViz0IF6EWKQVGIIpO33OUOJoPqqHz97/7W4a27f/m7v/3kT348Hm+n8+WjP/qxMRb6e6g8y/CCCADYg4nO6/jkkphTE2zhXvjFN/c/89zFg/MHf/Hu/N5xCJEyg4bQco+eA0vrtz4TWgJGsryWbwA0y/rqwcni+Gqyv33jjTumyOdPLwGUrZWk2VZ5+wt3nr77YHLzYHLjwGbF4z/9i/DoKYqk4GeXs6M33vBt894Pf7L/5iu3Xr775Gf3KPbh4HVzMMuzyfbUGBxkYCGiqgGxDNsTd7TritwYy13XFrkxTIt5w8ZMJ0WRm+m0AIKm7kQgz7NVVRvnjDW+bVeLejAa5mWZUgzeA0CKsRyWvvO+aQeTISCoiG9bl+fVfNk2ncssG1bR85NT52xK0bo8ScqLvGu9CISQ8iJD5Lqu8yxbLCrv43CYI4J1lBfZwydLYF51imQWLXRBY5Isz5Lo7HLhnMuKDBGC7yGlQIQpCRNu7lex3wD41vfSb1AlJlSYlm6Q0Wt3Dv7etz83nUw7M+7MOKArM5NbmwBi0jZEBZUkPqQQYutj3frMctv5q6pbBExomflklS7qNC14aLTyuuzS0CQVqSLUQbdykCRLr61PQbS/W0UBYlzMaxFhw4v5yhgO3ocuxBDWs7UYLCqrRJEkKqopbXA4oAy983hdkywZDEFSqDy0adNSBnQMOQMCJtFWICr0W3cD0PNp4/oh3JjYRsNhf13uvfWMYAkdUW+8o/VmAtYSEkIRiKpRnylF+4jDMx0woCAKAjgDg4x3R6ub49f+6//ijdc/93v/5P+Dx4vReHtx/+nJf/ixyfJrdeZmQIL9dCl78UDOKzm+IoN+1e2+devOL725eHL54R/+cPn4lCxTZmH97BFkDIXBwkBmILeYGyws5hYyC84oo65p5GwNq48XnzxdPL3Yf+nouS99Zv70sq1qNyi6Jg73tqY3dk/euT+5ufv4+z9OT88xCcSkmQ0IlyfHr/zSL4QuvPNH//H5r7xx55W7997+iH3qGcxZlrnMNk0zHmXjgWFJBiQzkFu9sVfsTK3vwunFYme7NIwiYp0ZDjPneDLJicm3sfPRGgbVlJLNHCJWV0sRGG2PrHXB+xg8AKYUsyIX0W7VDifD/ltQLyuX5cGHq4tZllmXO2vNcllfnV9l2drpbp0NIYEqMXsfiiIT0a7rrLGXV0sRtZaRqMhNlrknpzUYdzJTtIVPKoDElGVZTAkB+u0IqMbQXwWlN7KnKP2ZJaUUQ5QgwXtio7CWxISufe32/m/9jc8PRuOaJxWUXaLt0gxYTPI2+RGlHHwIvqm7tgtd51MIEkOMnomSpFlVL72uEjhr6iQny5Yljow0CeZtGhlR0VWENmqG0kQIAk0bfFQiJsImJMPcNEEUiGk5X/X/FwoqMSCgJjEqDElUo0gfu1pft9ad+HXQBxELo5Y0ClZeO+lFFMiIGakjINCo2CnE9XEULSIiCGhcw/bXm1Kejkb90MYQMmrv195IFEk3YieDSIiW+0bLBiqtkHTdXNU1vVP7rwKWsXR2ZxSf23rt7/3tr3/9F377n/4/4WQ2oMHDd+91Z8vx0UE3X6j0jI7N+zcJZi7/0p344EouKjQUm3Dnb705vLPz4b/8/tUHjzk37IwSCqM6wsLyKOdJgeOMRwWOMhplNC54lNMo52FGgwwLh44Vac36RbDOpBDOP3iEMX7x13++XbUXJxf5IL+4fzY52C63h/f/6p3tW/vStLENwcdXv/zG7qsvXJ5d+q65/fxL+ujsh//qD176+usvvXLzox9/aPtOdYxd127vbm3vDCwkTMmxZha2xuZgN2eETx5cTafFZJQr4Hic957A6WRgDKcobeuZ2Vrud41ZnterZjmrymE5nIwQoGs61YSgMYSsyJnMalnlZd5fcprVyhiHCKfH50Q0GBaqaq09P70SUTZkrE0xOefqpi3KnMmEEIzh4ENMKSZp2pCSAKICloVJyueLWAVzMot5kWfO1k1nrSUkEXG56TuqfXJgXdsFYDbeR2Nt8NH75H1PlEggKTdwZ2/0Gz/3xm9+84s2yxeSL8V1CfaztI+Lor2a6mIPV8O4KMPS+pX4GjYs834kG0LwPrRdWK6aTmDepsbHpPR00XUhGZDK68Lr0ELr0yr0WlK9qIOkVNddTGItieh8UTNz18X+ANO1bZ+VQVAQQVVWZVRRjf2bUJ7FWnXD8lMEQi0YLGlSWHnwG08yATiCjJEIg6iXTWIdwdI6ex3X3qb1toZ3JmPCXh+q17B7VSV6hsS3TH0uJPVwS9CMMDOYkVoCy2gJDWHuODMgvX7BMU1yvT196Td+6Vvf+pu/88/+h/k79/fcYHGxfP0Xvn724f1yOunmVVw1674iAUSBzJY//0L45FyO52BIQnz1739ZOv3o//dXGhPnRgGEESxBZniYm+lAtnK8XWavbA/e2J1+dn/7rcPJ6wfj1/YGL21nd8Z0UMYRCREiI7P2AvIkBGCcmT89P/nwwVvf/hK57PTBcVbYi49P8tGgmOTn957uvXYXY2xWrcuzwzs3rs4Xi/fvffxPf2//1i2Y1R9++OELX355d2fr/tv3c0IAHU/G1tnSoQWxKLnF3MH22I5G2f2H88zx7ZsTVR1PSsMUY9raGjFT8Gm5aIiJLeeFC10HSGTM7Pwqz/PhaGCcBdCuafv9Yei8ccbleV2tqIcWEDarumf1LefLGKUc5GTI+2BttphXWeb6VbV1TiL44MuykCQ9WUxSTyfv0dShTyzmjhZ1umw4iLm4XBVF7pypVq2zxncBFLLMWseSUkqSooQuAKIxHFPquoCA46F99cbks8/v/eJnX/jam8/94hdf+eaX37h5dFgFnEVXqctIjmyzo/Nc6oySav/FVCUxCklMXQchioim1L+BVZKIzJfLFBMRLVfdctX6pGfLEBQzkHmbmqgDh4smrbxkqFUTV02Lqm3jk4B1FGNcLWti6kN5ElMfQlSRPjzAGyVLVE2in7oTrs99ayMLYs5AAEmhiRh0nXxlQkPgaM0R9rqOidJ6RYEKkADlGiaKaETWQ1Em6seZims6lmGwhIooCsQ9Zhh7vxAzgmoiMER9bqQ/kNitSRiUVedxMuC7B+m157/0zW/93u/+j2c//fgzNw4/+d4H6MovvvWZH/6rP/SrRmLaqA5Bo6Azxbdf7N47SffnlBkBuPvffHnx8ezJH7xrR5moSBKwrJbQGTPOcZTbV7de+PYLd968vbe3PRwUuTWM3H/a9JCRtguX8+XDT47f/5OfLf76OMtavaq0QekChOQGhV+13/mnv/+V3/plJf7wuz/Oyvz4Jx9On79RDItH33337i9+nox5+JMPqzqu7j32izkBfPTv/uTVb3/j0Ucf/94//jf/5f/6P//Sr3/9h7/9Z5OyXCyqgZZpxMRSZEyYkkiW24ePqhj0pbvTGOJ0UjrDbdM/BhBFVqvWWkaCLLMxBN9FV3A1XzpriiLvv+W+C23bjkalqiJBDyxiY33bsQEFiCFGE5Exy121qJfLappNQghZbsfTSYipbTprbdt0g2HZ1Bh86AM0PiYkMqwpSp5nl1e1MVFEo+LNHX6yjCs3yJw8eXJ+eLg9KrPFsi3KvFk1oYs2ozx3ITQ9jNR3PkXJMqcp3dgbf/XFo4PxyBgnSBE4kTmrI3m1NmtTOMibqa5cbHMDMUEdwRmTEEnEonQpqUhhEUG0DRBj16VkHBuygNNBdnpVpZjyzLWthCQhpdNlnFjIYnfpNebGEVxUEToxIr71CYEIry4XACOJSZN0dYtEPiY21LW6nvpHYQRBEL7eIuM1funTfvt+NJkUtEfHrcET60Y3fEqwu2a8b0j//UtVN5ut/mvy9ni8ZkupEkJ/kESAfuIiKmYjXQNYt78MkyG0hsrMrqdGxICQDUv7yvNV20JmzME4+8KrX/rPfuO9H/3FvT/83vPjycUnJw9+cl9W3V//wZ9jSuRcc3yhosggUSk30197tX7nOH08o9JKG278rTdWH12c/cmHduL02kDlCJ0xWyVNi+1v3/3V/83f/OrX33huZ2/iihyMFcJ++huVBBzwwGT7k/GLL9584UsvrEZ0dbLgoJrSZpKrmTOEeP+nH730ldcxzy4eHmfDorlccpaRo9nHT3befHHraIcLA4tllhlytlvVy6end37+S6fv3D+dV3/z7/7S+dOrpx89GE3HRVnsTniUASPEFA53yrYJV1f1qy9sFTlay4NBse6xEiNqU3eEYB0jQVG4ZtUk6YPcYTQerdftua2rFfUBO4IYonHGOJe8jyn25rUYpCcIphBWdcdILjNIGENyztWrOs8z7yMxAwAxbUwK2t9t0tr7a5C57SIQM7EPSZEeXmg5GjatPzu73JqORSUl6U+JTNzfWUKIbNj72HUdADrSX/n864e7e53aqxZPq1QnDAlzZ3OHQ2xfLJs8riB0k4xWQduInBULzS6CvWwEUiiMpv4nMATSlLMcTexeyYdD2iqIVRsvV1XT/9Q3TYeIvvVdApM8Bn/ZijXcdr7uooq0IaQkiBiThC6JaPAxhiDav1kFRCTG9YVKkqE1uUVUVSCu6xob7u61ohohIzCkANimNUu6H3c6hozW8w2vmDYzGMY1TS7pdepMAYAnw2HP2+5LTIjUrzs2HUvo+ZMxSf8a7UcoguhFqy75pIIExECU7WzDzvDq4WN2Fl86+trf/a+qh+/97F/8wfZgyw6Kx28/ytiSYzedqE/dYpm6KDGiAmZ2/+98tnr7SffeuRlmseqOfvW17qy6+NMP3TjTlBQVDKslyAxNc9out75x+2//o1+9NZ3GVZAohOSssc4aZ6xja4w1xhCrqg8++jiy9s0378xYnn50wV776J4BQNWkqIhPP7j/hW9/uUsyO75wRRbmKx4PpOm6effCV1//5I++Dymp4nBvmyyvHh37VX3ja288+NMfXYTw7d/61sXZLC6qycge7ucQYwhhe2hzyyeni9uHw4OdHFCGo9IYbhsffCRSRPWtzwvTdX4yHfjON6tuuewQdTwusX/mEFxmF4tlOShTTMQUfWRnXeZiF3zrRQWJUhRQddb5tglBVJOxbKztumCdkZRSFGNMD2I1bKIkBIgxrnWUgCLqg89zt6gCkkmqACwAF5XOatyajuaLVVXVk8kwxNR1PvjEzCkJ9sk1UQVo665ru7/xxc/dOTq6WoXKSxTZLWFawFYGu87vcz2FOvl27DQ3cF7rLLhYbJ/GwVlrLmu5XMW6CwQpt4igIHGY897WIHe2yKxjyCmOjKDIrA6LOoiC9z4lCd6nlHxImOIqSBuBEVZ1B4SSUoyxf4/EELyP0ofgQ9R1NFRBtFf09PqMXveY1ouKDbNpk9++7ltlJI5AAdoIUdeKXyZwCFnvwlHwALIB169Z3aAR1h3M/inkrdHwGsL/qVck9IFSBDBMjtESOsOOiQlVtYspRlEV7qXZgJw5H2Nxa8cOXNobf+5/9Q8HNn73n/1P2OZmXHz07743HQ2zQTG+c2v2yUO0lpztzmYAoD6NvninO5mvfvzEjvJQdbtfeK7YHz35t2/bUQZJkTZ/MIWlQWZ3B/rc+Fv//Tfv3Dhoa58ZWxZZG9LT44uPP3j48TsPP3n30YOPHh8fny9XlbE0HBVEnJIYpaPn93927ySc1SigSfqAnQIAk4iePzz+4m9+9cm9k9B0xNzNq8GtfYxy8tN7zdksrDpfNfX5bLy/qy6rPn7IuZ2+dufeX7w9vLP1pW989vTR47tv3GzqVQqhMDgs7NV8tTV2d26OmNU5m2eubeLZacUGRmPX+ZBltlq1xSDLi+zyfNm24WrWHh5tsyXoRTMISLCYV6PhoOtaYvatNy5ThRhSVTUiikQxpv5VmSSmhD3Ykw13XTTGMENTd0h9BU+QkBl9CKpaVQ0ikmERCSGFEI01l4sA5IJoE1SRn8zEMI9Gg7OTK0DMMpdSqhZ1s+oO96c74yxnygm3B8XOdPzZV1/9/Eu3c2n2B3hYymERhxRKjTs2TKhD31hIo4xXwg+W5rSzKx5eBitAjvFq2YoqdCsIPsZoQApn2Lo2kRcMSvM2zepwvmgI1DJdLH3jYwox+IAKvvMJIPoYFduQCElVQojMFLwnZuknTyqSUn9qFEn9fH6NdRHBXlG+QdKLQpINtmvjlrpWmGUElgAAuoTrfYEqIeS0fhOG/iHsm3/9nXCNgdqcKhEBkMejkWzq4YzIjIzEvJ7JMIJK39sBEe3p3dYYw0Sgro8KEaNltVacWVYr2Zu4b37ts1/50h/9v/9fp++cbd05fP+f/1n74Hz++Gx+74kaO37h1tVPP863xmFZx7oz02G6XHX3L7l0GlI2Km996/V7v/NjWjfPUA2AZSysGeZmWuBuOfnKrZ//lc9qEEvWh/RX333/P/7Lv/zp7/71h3/83v3vfPT4e/cefv/+gx98/OEPPvzg7Y+PZxf7Rzuj4dDHMByWy9id3LtwyNCnAteDXSVD9XxV1atb33z9+CcP7aigzFKI2WQwf3RmmPrzHqq2s+X05mFCWHz8pNydZMNCoH7rs8+/+Wu/cu/8bPXo2DCUGTeNdxkfbuej0hCiMdyswmLeNk27fzgQEURomiCieweTs9PFfLZqmuCK7PDGNAYhYiRCgrbxbeMHw7JrvWFqW89sRUFFq2WrKBv5hTIhEnkfRBIg2Cyrqjr6mOcOgBaL2lpKKaYYAZGZvfdNG5omZLmVlER0vmhGw2Jep4uViUpdkC7CvOE2grWmKIuLsws2hgm7plvMqqtFnYJuZ8Xdg8PXbt342otHbx0WOzo3XXVxUS2WDQKVzu4MbOnIGcotdWoed/kndVlB7tEu27iTayb+6fnVrGoy5wYWrfppyYjUqAU3KIfjYjAim1lnF6vusvJnSx9jlCQnFysV9V0HCsF3gJhCiklUNaZEiDEmQBRVSQmIVLS3VUpK0svBRSVJr9Pqr3EIYHhtmFWAJNcA2f5qd10j1ZzRsYJClzAo9AB8BrAIGSMDCWLYHB77VSH1gxntlUTYJ6F5ezw0RLruAPTjGlibuLVPzGy6HNJ/p0R7vK6CIkYEYBKmaDgNnLlz5L/41lu//O3Fw599/7f/9ODo6PjP3l7dP3dlhkRsuHlyDoTZ/vbqkyflwVZYtWiNrrp+MRLbcPvX3pp9cFrdO+dsbSEEyzjKYejiXk4vT7tb5a2v3H3r5VsQgQh//3f/+u3f+ZH/6Cyd1brocOWxi+QjeaVOdOHPPzl7Op+9/Mbzzhgg9KSfXF5yUURACIoKkhRERNTkdvb4auulAyqL5mxV7G+h5cH2CA02pwsya16YiPiqHh3t+dWqfnJ+6+WbywcntV+99JUvfHR8Jd6XBmPTGsJxydOByS2lJKuq0wSLRTud5oOBCT6GoFXVHd3Yms3r4yfzfuV9eGPLGE5Je1gsIs6uKmttlmdNUxs2vgtsbfQBEZfLFeI642CsJYNAWC2bru36WGnbdmcnV9OtcQwxBFmtGmup6yJofx/SlHQ2qwmRGVNK3qdq1U2n5SdnUMU8KcxWqY6u9mCtsdYlSWfnF11ISrRaNfvD7Ntv3f3CK3efO9h+ZRLvFNWOCyOrGQTu6t2hefW5naOdcW4pJrls8OGSnnTFikrjnE/Kvv7MKL46ll0bIXTHizYoGWMcSkEa1OaDYTYYLTS/aOGyBSEzKlxV1efz1aIJMcli1XU+qCQVUUkpiQD0oWuRnv6sSZQN93sOUE0xqkgvTusnjQa1IB0wlAYLw7bXXgP258O4juUh4rPpCKgyYMaQMQBAFyGI9u7F9YqCCFEFMOoaSkEbqqpej0Zh7VTjrdFQQQ2RNdQn0ZJIzz20DIbREBIgIxIhMzgmRLCGmYgYyTA5Q0WG0xEf7PDn3xh8/YtfvHPne3/4Z+HJFV2tnv7VBy53oQsSEyKi4XBV2VEBmfNnM7c/DVcV9p/kIQ1ubo1fOnr8B2+bgkUUGMExDjOcZAe/8uLP/6Nf/uyvfe6Nr77y2t0bBRtjuFq2f/UvfgBPF2G+CstOai9dkM4nHyVESQoAmc3qurv9+u3dvZ3Oh8Ewv/XqwfNfvnPwhZtXbVM9nmNMGte2ACJaHc9ufuOlk58+CGdzP18tnpyPXz5MquGqIsuqikSxbdXY8XNHzfF58LJ1++iDn364+8bNu2+9dlzNU7VC35WOc0OlgRRlvuwICRTrxt+8OVLQGLWquslkEEN88viqJ/kC4e7eJEZJsWefQ4pyeb7Y3pmIJN95YowhWmvbtrPOXV7MjSVmYjZIa9RzU3eLeT0Y5KJqHZ+eLUAhy21KqaraECIAtr1jUEVFVpWvm5A57o9q51e1tdSJfbq0daCmg9lKgUxQjCHkBguNQ0z7A/eNV27/ra++cfvowEAadxeDuCBNkjCFaEi3SnZh6auZb1Zd4y8buF/ZhnKyDpFWbbcrs8+P2+eG/RhDt3Pi5J/MW2ttQcKSsnKgWXEVeNZKVAxJZ6vQ+Lg1sIv54nLZrrrUdrHzoV+u9qlHwX5vKWsZCUKKSRWMNaAgfVs+xBiCSspIhwbGFkvG0tIgM/0+PfWHI1AAjYrpekqqz/oURJAbtNd3QtnodBEywoyBEPtYy4YWChv0/5pNep2ZMWvfu4hoL1dXVWBSInB27bPoMRtE6/aqIVRC00/4rBFnw6Ck7Un28t2rt1567fU3njy8/+B7HxwNhh995wec2Zji+GAHkGaPT9kZNLR6cFo+fyiTYfvkwu1Mw/kMADWlva+9ePn2Q01R1Kz9bIYgt+al6S//o1+/fXQYfceCIpKiYIZ11XVnVVjUseowKfikIfaJdxRGhEQYMq8tN3VQAYliDNyYTgD17s3d/bvbv3O1XP7JA7CoEUAVGauzRfPk8vDNO0/+4gNTGBG9+OEn08/dYYb6wTk7o6psTLtYFi/ccnvb86fnu68+t3N44zv//i//4f/+C9nO9OLp46PdrW6xipSWrb9qQ0oyHvDFrNnfKYhgVfmUBJEuL2oUsUzMEDwgYdt5UCUyKYmILud1vfLWmbqqQwimIyTqOh98FIFq2bqMjWWIEYgYKQRPRIt5O5mGggmBhoP89GQ+HBXeB5fx6clie3vku5hiyguDiGzo6nxlDA2HGYCy4QePl9Ndl1KYtyZ6jDF1Idwew9dujo4GZmD3DTOaXN1wmexqdjGqHpfgxbogBWKMMUTfEooG365WwnPMR1dpvExsMtMGtRZv68ULbmmVmsYSWwEk5LsjXlTNk67pMpPy0lNed1SHNGAoOSWWCvFsqQ3R7cOdx+fLtvMxJdTeUd1jlwGItX8OJRExMaeYUuqIyFhL1iARixiVgcGhRVIw/eWLyBASSgjri6IhXTc/Pt16g83pcs1Bw3WnbbN5gOtNBAA9k5pdH2fX+wm45nEjGO439dQnsDWJ9DZlWpMt1v/1KEKAGVNmMXccBCOSIiYEtAYGxfDmgX/txfIzr90oit/+n//t2GTV6Xk9X7nMhdni7i98JcV09c9/j9iQte7G3urDJ4MXj+KqRR8oz2JV49Ca7WL+/rHJrUpayzstC+Pozs50a9SsKlQiY23ujIJjk9J5t1hBG8RH8AJr+v1a7oaUlCM2IVYaYyxtAQRKEiXV3se22dvefvkbL37/O4/IsvjYR2pMZp7+5MELP/f6sWNIQkzIOPvBJ3ufe4GiVk8vyLKKGEuLH74zev4GIjz8wQef+9u/8P4HH/zgOz/+4je++W8vzrrHp8aEyHI270KnB0N7ufDey3BgZ7NGVZdVuJr53e28zFAVgpcQJCZpam8MAwQASiE+fny5tzdMMdSrVjV5Di7LmiYY5uWiXiya/cOJJJAYmCnG0FfIk8jlRXWYcedlPCmrqjs9mY/HmUJig48fnzvjQrCD6PLcOENNE5aLlhkVIDO0XPmt7TjJwvESfRd8gM8f4K/ddbujfnivwORjWNXLsGzz2eOMYsd5RMchJ7ZsUPysnZ2heE3SrFbYQbTOx2zldTQabMWLm3K2mnecD6koJGES9bFr23DgpE3tIg5yHnaRYkoDksNchg4QqYumJPdknoTs3aPp6exxDBEAQbS/GUtSQCHDkEBiSpKQN0OWlHxKlikjzBmGjgtG2kBKgoKKJkBm4p5xuOnHAMi1aws/hQnvpcPr7cWGxNs/sPIp9TVde1yu3Wfr39D1swWmJ5yi9GgySaI9ljWJxiQOkBCY+lOsIoJhdBYzNk2CJoEa463l8Vink9XtWy8e3Xzwo7dPf/rxKy/c+ckffBcZU0p2UN778+/bMlfDv/C//K3HHz56enJitobdozMaFpok1Z3Z3/75/+3ff//f/GlqvBlYSLA2BjOhZc4MiLKCMfz43vnlxcxlXAzc00fn2Lc0QlCIgLw2o61TsAyWhRGAPv7gAQK0vhFNxah4/pW7jKwq5Tg3uYHWK0GfcSBL9eUyVs3kYHv+6MSwA2L17dkPPpzcvWHLKrYeFQhRDHanV3d+8bPv/e5/PP/40dHNo7/8D995/Vvf2vnMW/PTPxmU5bxaxWAyVGQ6m7cHW9ly5esmxCCf3F/eOCyzjOo2OIttJ96rsdTUfjjMk4hIe3mxqip/6xY3dbuqmqLMRSAptk23tTM9eXrZtkEBQ4gpJuu4bZqkMBjkWW5OTxbTrdzH5DKX5fbkeGbdNmIajdzVZX1+Nj86mqzzT4hJoaqDy8ha7i9Kp1ft9iDzT4MAf2Ycf3W3yxpfp1WeZ2wMImbA0MHy4pzVp7JMgwkN99ENGg8hppQNAkapnlqIPoTUrbo8j2LtdJhrux3O5rNZ3eFgf5twlCgLKcS4apt5Xa2mbGvNItkQwkC7gzxNDBgiIMsA00wuUBYRJuPR80db333/mNkorLd9BCghSIzsbEICjcnHPjeMAIWhsSWHUFiyTISQREU0t8YhJgGkXlxAfTCTAFKvdlu/y1B6ffV13gxRRdbF7o0uCT+1o79+iz7ji+M1mOLaug0miBIBKkTRpCCApP0nEzBCbrHMCIGqNjReQ0xdQidsDRgmRmyR8MZN3RrUBzvmcP9G1D/4vT892t6+evD4+b/ztdGtnR//n/4ldKk6uRARBvjop++TcQPDIXOxquPZLNvfAgB3sPPGL3/++//n/5Gs6T9J1gDGPstjmABVhS19/NN7P/qdH5oUY9vFNrKwRGFjgEmSPAs0IPTxc4hiqvD+P/nu+/x9W9hkYOetozsv3SUgAiZDZEmdQWeQVdvQq4+PPz4pb2zPHx5D/2QSaUirJ6cbIh1CAra2PrlcnV69+qtf/uA7b3/1jW+enZ1++LOfvfraW3/83rv18UVTdQJuXPLVqkalLDPnV13XpatZxwa3t7Jl1RrGpoWzS587k+fUtGEwyLyPMcjpyTLPjQLUq27VhKzIAKlZtUnBh3hxschz17Vdv2DqOt82Hg17H4rcPKr8xXmVD6wAGstR9NGjy9u3t65mjXVcN/Hyqh5rjoR5ZoiwbpK1fjjIuk6sgacX7Y18kBGr6JfKFYXMjXcGw0KjR1CNgZihbdrZ+Xh3MtiehmKn0kEXbSKzSv68apswKtNiFFoJUSTGtESbS2hzbLSaVcvuaZdNt/KBFEplYG1UmxbryqNWWQmpG1MKQ14OESEhkJWYuiAZwmsHeZK8bbtb43wyHL17vDo9vWybNvmgRAognZckyCzrmJiSyjgzI0uZIe63bpYts4ogIBERUew9syJWEX1cj1P0meBOrw0Q6/osPkvUfPqRWiMwdBNz082Lb+M7Q6Deh72ZgxpDeH2G7T8FkyogRNEgSsyGEUAzi6tWVyEJgCoWihFhpVQ79ovKTYs0LF4cDLt3P3n84w++8vLt7/7o/a98883h3uSneZaaiozpW1H3v/+2Gw1vPH+zD78BJ42RrEmXi3/zf/jH7bxBy/2tehNMIMTe1bX+8OEkpk7YeFg2WPvYhL5PtU4UaR/TVkVAIjAklsgSF84UGStxyZYYkPpfgojICAQKolHWJV2ibtlgniGTQh8xV0Ikop5BuvnOqC2zR3/59uf+9s/d+eIrx/eOb7548N0//6t/8ObrWy+9fHa1dMZNhhCxbSucWBOSHJ83mTUhysFOtmpC5jAkvZrFp6ft3VujahWmW3nbhaaJlxcrH2QycUmgrrs+ZBh8mM9X4+n49PQqhsTWdl3Ic+N9IMblyg9HRedD/3NxclrdeX57Pm+L3DrLDx/PdvaGqzqkCMTm4qpzuRVpeXvYeQlB21ZT9GjIoM5mXTGKJXNZz/bGw9HhzXwwBEakJixnKCm2zfx8JhIG05HH8nhuG1XkmCDNm/Zi2VzOva3NLWBug6Ro1DrutnIZhPrqfB6V22zamLGjsvHYdDFFW2t2VQfqqqwJwHluqXCVtBSZxRsFsuxGw9IY49u21bjNfPTqVtYu//X9KkVQ0ZQCGgOIKQZSIUJSMAgDSyOHjpAJnTV5Zpkos4aIgCgmRUQLIAJeUrdqiagXCRKuReC61pyua+3XyFBd7xnXD1sPzN4Q5TbvRnhWE4I1OW1zOUTQvpWiqlH6cy0lEQBNgkoaEvigLQkCdBHaqD5ql2JI6AKiheA4AMYUjGEdDl8sR//xj//Ndp4tTy/nJ5f/8f/22+qTv1hyTMaafr6/+/yt7uLKFSbFqNgXsxAB1OLJ5VKdpRglergG6nyqIdX/34eUYojQhdhF8Ql1Qzvrb8BJnl1kcXMdENEQBFVJ0NqY0rOvi6Q9l1Y34qn+rpwZNSi8/u09u1Gv/+DWREhAzHL3zh/84Ev/zbcuqqYclA8W1f2PPnr9tc/8u/ffn9beerO68pJ4u0iXy65aJTtmY7DzkgtghKaR+0/qMueYJAVFwq5L1bI7O6u3tweIEKPWtR+UDhTm87qnUx8/udzdmZyfV21n88LFIA2mrk3jCderLkUZT4pHj2cHR+O6CUxEhNUqnpyuALjz0TpeXsWqCsbCaFR2Xfr/c/Xe4bolV3nnWquq9t5fOvHm2OHeVge11K1utUIrISHJCJFFsjFgY4NtPPbYYGN7BtvY4/EwzvMw2GAMjtiADcgCRFDOodVJncPN6eRzvrBT1Vpr/qja3zmMHj3wqOMJX1Wt8L6/1wftBVvVfjDKQwihbde2mwWLb7h9+dDtd1ibA0oILYBphaqtLVTd2dkdra6YYjAJTsEs9Akl7M3qZjKN//HjqYVqEBoQbzwuLh09lHO5sbU7rt1w1JAbe0SPzNCK+CBTDw2D9V7axtp1LowOZVZr3suMdcY6ciA1tEh1WVazSWi9AXjXuYUrN4ovXdqzhgARmOMnGVVzhMJhz2KGSgCZs3nueoN+0Suss4jkMgcAgUUUfN0QkQmhav28v8MDVLO5gaJTuiQjfIq17jJeuv4RECBhRBPXeA6nwA5akz671rPgPkNKo7YNEESgFtgquWFS1bKV2if9KjecCTm06EAIAIGJVo8fm26tvfL4U7f1CjbZ69/yBvXSlpU/zaGubz75orFWgpTjEhQvPv2qGAQRBCVD3vu3fu+7v++vfu8//8v/4tKHP2+dkdAdw6RUIO1aXkYVRMJIQYXkSIR0AnXe/HaK2XhzRXEsq6pIpwaEuZkZDKWDbBAB6mn94Nvufvf3v/vf/Z3/snNtjRAZm8RVS/ZOIEMms1LV5KwCPPuxJ85866NmYfSaw7S3s3Xu/Lns5AmtQtgdB8YMUVHXtxpD1Aapa+7lhlCrSm7crNqgx4auqkKRGUtU1357uxKFwSALgWezOngxxtR1O51Wh44sXr+2FX97jZeqkaKRxmvj27L0oFhVDKC9vqtq3t6uyWFdt57ZM2zvNKOha1rJc2tMOy2Dc1CW7az0Ilo5AtTpDMpKUGRva/cdb37gzlO372puWfqGcwJftwy2Zdq6eUsJFw+v2mKwCG7ZssqsLCvxkzZMZ/WkrEupp9v1rNHWAjsJC6ENk61yvOdZh3m22Hdl5MyjEoIhHfQsFs5XUM4abtfz1f5Oq4S6uDQyxmfOtVQZY4hQVdtyOt2dGmt6g+LNd648e2NSMpgU3qeEMMxsz2BuySA4QwuLo37hBsN+o7iwvJw5qxp3xCAszAz9oqlbE0zmnCHkFPoQZzP7Am4FpS42twsPjLbAeF/HMYzGTiiuDefncj+NONatXZS4jXl6EZMInTpnjvMrW63boKDxcxtTm0SURZDZqESPcevs0vHV6y9doWnVBn/h8QuDYT86UH3js2G/f+LI7PoaWVetb5mFUVQPJMI4oc2yzfXJMy9dC8ais4CCpIBJ4KOEaiiSRhlUYpRGxM4TIsUCe7/b7RjPGtM3YJ+wB4ygCAcgwaAAsl/jI6oQUTyNDz1w90fPnNi+uo6IEQs7h3prhOBntrFkAHJnGWkjGLzz3JHZ9uPPXrjzNa+753UPvrS914xLVRoUVLdc1rrcM3XNTavOYlnx3m67veePHC4MQVVxr2dD4Nms2R3Xy0sDYfEhTKcw6Bcxcsg6V5VhbW1y4uTyZNrUTVvXeVn5tgneqyqGINWsNY76vdxlZm+vXlwqyhDaJrDAeNLmhWu9FKMsL0xZhrzAWdk2TQCEsmpFFVvdHvtBv/fw+XuPn7xvo3Z1EFVwKIeo6gk3lQ9KjecjZ44PDx9X0yMh0CDAGTQjF8S1ra3QlOtcTptmJkzKRvxwc3MR67qsVSVzcLSvN6AJEhBIRFB9gYEys2dcxc14MsmNNkYHPYe2VhZnYDjs9fo5oVFhQs1ypyLTabXSN2eXimfXS+sMIuQGe9YMCtfPrLU2dybP8/6gV+RZNugXxmaZY+8J0bMQYnweABRUvOeoi1IBpS5Rdx6te4AsnQqkDrsEB6JcOipFGoeSqkQpXHopEykjkUxVrSVCRAElQGNQOVW6qAgUtaf7xLf03iIgaEeaBkGgIwuHFvsvvXRpZE25tldu7La7UwkhSjNVdOnc6d7xw+X1DXJWy6o4tOSrmapAJOkA3Hrxypc/9+TG1y+Ss8ptvEY0XgcJBA5pMgUIBtWRWgJnBAEE035TugxTFQRVQ2oA4rIxGpYtqemuq/ikEUYuDsydyiIGYPPm3guXy1nA/soiCYOh0HrqFShBrOHAVGTu9hN/+f/8sWvPvvI/f+EjoyOrt7/vnf1zZy59/OPl+u7zV2++6Y2vffno4ebGdpbbXGy5LQAUWHwrmSMA3d1rJlN2lvo9U5Zt2yoh+MB7k7aq+Vhumya0QVwGqrqzM2WAxYXi0qVNUFTVybRtvbStr0oMnsfjemmxKMt6VvrRYtH4UBSurH3RGESsah9YQ9C6Cm3DOkQkaoK3THXtmzZYg+OJIOGhleG5Y0dfc/aOfPHU1pQaH0TVkTRN0/rqCE61rqaTaTYoVs7cAW4oghqp0CjWQGY0A59jyKXBpgx10wq3ntu9ZmmU2RPL3jOoOJKBC63WO+0U0DoIGVZIbZNTZW0juFOFJS8tYxPaNmio22HPCrP41joDqiEIsLa1r4OIsScX8pc2K0QYZXaQ0aBXDId9S5hnDpH6w4Eh7A2H8bNdz2bJUSviWTgwGsNNG1GdKtKRlVIN1ZGy0y4QVOZTlvjudX91euMopmoQosQnMcplsAsOVxIV2K9PrYJGSAoZVFbTJWRHBCl0bVKXNqrRs+gMOlACtRYqC6MTS72tjfXHX1jt9a/cumyMQURDhN1rvffKtcVzJwanD0+vbJBCtbbtFntRCqeBVbW8dOvV33vMb+yhCgBSnnEIgARE8eFX3J9PqSUoLAYHCNDS/EelqbRGVVVhMEA2wtQAMqLcQWYpnsEDuHydz5EJ07YIdO/67n//Lx+/dvEqWSMCuDAEH8gZNMqca2Asem6hf8drTk22tgQMs1z/6tezq7f8xvRIr7jw/IvvePCu0WhxSrRIdq8EnUq/6xr6PdN6DkHbVoZDiyBlw8BgDE2n7XTqicgYKssm+uKns2pvrx6Milvrk/Wt2bGjC23Qnd0KEZu6tQaryld1WFqCnd1qPGlcborC2szUtW8aTwarmlsvBUtZhqZR74VZEKFupW5FAatGcmPuP33sNaePj7IeSD3ZebkJR6rsMHKjUi1gFWZbE78XymldTo+fO0cLJ8YtTT02XnqGhwQgKsErs7bteGe8szcrW2lZdmft8sidO3eq6A29l5yAUC2EETUsUyA7ckwyDaadWMksVK1nxGzQv7k+0aZZLsiCMmcud4DB+ZhJriFAAMOIqrgyzJcKW/SyhX7eL/Jev+j1ety2qGqzzBL6pmkJm7oOwRtDoOqsbVovgUNgY01eFARSz8rWexHphNrd3l27YhLmtHXoeGgH9odpJKqmawgNoiVQwLgCa5LQNx1pQlBAy12dGaXiRGAElSC+YXhgOoIABuOnOtnvDWjmTOvo2OKwevrV9uauG/Wn23tkzTwUOEkHDO69cv3Qa28z/d7OC1cpS64NVSBDoapf+743/Yn/5bv/89/7lVufecwOihiskyR7mMiLAMqgooC5MRaDbwEsFQ4AOAdsGQVAxIcACtZaiORGRGONGmxJCgNojWpH81cVFaD5DifSBZRZjh1bPn+0v3to4D3H0LUgDgl9XStD5jJQ8VfWf+mf/er2le18ONJJuf0Hn5VBLxsWp+46tr22UU22ji4vvYCmClLuejuVsvUTYAsaGuxlKECq6Cy1TZCgg55DlLLkqvJEFDyXZdvru8C8u9fUjaLltY1Jv5eRc7t7TVlxnpEoMMt43AKCAOzsVl6wrIJ1hkWNo9YLMYynofUgCpNpWze6LBJY2iDW0qyS1mvP2DffcfKOIytGlNvSWruci4dbLzbWBwC/K7AXpju+qXc3NleOHRmeuGunyjZLqAIyC6keK2hBtG19WzeTSbmxM9stW1Yc16Fhvf3USr9XVGUFSIqECuL9qPCOKkWToTC0wUjrSFTLlot+b2fir2+VEsLE4WrPFEXGtofDBcpzNEZFoWmg9RQ8t22vkJVhXvTy5cVhCIzM5XhiEIIPtm2bGQTvp2NSDiIJH0qEIQgihMC9Qc8ZGo+noWNus6qNqVvzEcqBCWcXyqLYRV7vByqpxlLLIEoaG4IBdRjPJJQKQWJDmB4Ci8loOP/AI6KaaKsCjBaKOI4gREKQCNNnjYBRP6nbxf6p0cKVT71QEM7GU2ZwGTVNcERAkT8j8XvefPrCmfc+gjbbfu6CpqjSCKzAtVeufe5/fGx88ToSaQjeK0StQyyqATgJ+VhA1VC+Onjrj77jxvM3n/vIkyceuv2tf/ptz3/y689+9Mnls4fu+5bXX3vq8oVPPt87PHr0R9+9/ty1r/+Prx267+SDH3rLK5985vKXX47vfGdxBgCkLGNolBUQWQGtvXF1vfzCExvXtjRV1MHPaptnwiG0LRkLiD6b1XulKHLTctvg9hisaQtrzywZRxcvXj166sgLg4FkmbXW5c5Kq3XwgTenbIkUwRCW0wZQIhFgvOedQwlicyrLtm7CaJRNJ832dp0X+fZO1TQ8HJnxpCpLmUx9cagHqHUTqjoMBtl02o4nHqxlMFXNbStFz4hI0/J4FmlDMJkFtMYHaVppWskyO5n5uuLX3X7kUH84mXlLPsusdUjWDCgs+M3rdY/aSRV22+mkHE+rJtx77u5Ki90KgtrcIWNoW5y26ETaph1Ppls7s81xE1jLoLUXa3F7r3zsiZdWF4e5M6oqgKTct5JBWzbBWQLwQGAt1axVUA5+b1KXjQcQFSwyA2TaIGJ72F/ArGcAQ9NS02BbYjkxWehnVpnr6awNHKcmBtD7FE5KhmLyE3QcCQD1QVi1cKYs68l4yqICWNVtYIGDj8+BGUy8rlWivhtEIR2NeIgilzAadAEMAQmQQhZJpBBZhBGDn8b90WFDqkqKHQlfk1sjDR07sTni3BfcshJii4qeoWp6g17fZdcu3FhYGuxdXUNr8uNH7vqG+1/+o8f8jW0Ifu6cQoS1x19YvussWAvzCZAoZXbj1WvrL14DUZM5ECYiie8yxnBUE4+CqMResTi08LpHH8yHw6//4TOjk8t3337H+MbOM594bvX88be+8+EnF3oXv3yxf3zpjofPW6SnfueZ1XMnHn7DQ+PrO69+4SWQ2AODqBokVDTOSu6kaiOpRxEDIxXDumyABUFVOMzqOE/j1osVJGKQxhAsDbARaAMQkjCXZbW2W9w+fOWli++6+2x+bJUvX3OGGCEAWkRLkGcU70URaSuJv/Jy6jfXqzwni5oVXM0CEpb94H3wXslwOWuso7r2gLi12aCoy8AHYc91w0Vfx5OmrJksNW2oK/FBCyAfZG/Cs4rzzATW7bE/fMjWjS8bbloZIe7uVYcHg+Ori2Iy63KxrgQraqVRR74IM9rbG+9uApZ1VW1s7j3w8H3Lhw/v1WEhN32RVnDSBA2hbBrTTHlS7u2Va9vT2kvDWPtABABw6dbklZuT4yvTN587nGc2LZSEjYGeU9VgYzYqIitOmxA49veqCrWqGuMyF7z3den6CypW0GExQNMiZgYoK9oQQtn4tkqjBADMnWnaAKCGjIhYQiKsvVhLmTGsYhBBtfXBV40COGvr1vsQbU77Y02FfZf7fCOvfwyMH5+uLn84cSBQul2/I8gIIDotIlcwKtUAAdSqAiHGJ8kAGlVW9JGXnB5a7NgzwJo43YyAigZRRBePH6rqZmtz7/zpY1f2pkHBnDx04p3nX33xCo/bXs/6zW1o2hiqzJ43X7qMyNARh1lBBfLVoTm+Wj57OV4DHALmLqoINOaMAkia3xokS8Z4brVhIIMsjTQc2FoHCpXUEsS53KLRqgVBynNUaqQEFmMzJKOdkh3JIhKHNhsNVKle30Yk4WCLbHDsCDgDqkSkohBd0yAxAJgyo5ZWH73rLT/0Jz7xb/+gfuIVCAFAaaE/3Z4evdNs3dqyXpbOHNt+6jljqPOyECA1PjAoIThCZymzaBAEMLBiLUo6mQYFcJa21mtrgQy5jFQl7zsRaFuejcPqag6os2nbtkljOJlUVa1kpMiprEJRmBCkrMJ4EpqGB327N/Ft0MzBZOq3dr1zNKu9CJw/ubqwMBI1nPUgXwiQe3WesW3qabsD5dWttbWx+L1peerU4ftee96iX7Y1y4yNa9FYq1tVmIxn7XSM1XR9c7w1buoA09Z7ASIMrHUArzjbKE8uTe87sxR3egwoCkIGFdQoKFtnBNCziEocZihC7WXacpa5zKA2NYQG80WMGncgcDlIYfPcWdPOmvgSsULkCIMqKzTBI0AF6pDIYGCJUPk6cJzSS0xxqxtJ2yzo4s8BdL8p2x+/ICLGE6UY41sUDkTtpikKKRICoRKAQyCLDe+vA6O3kBBtzTo/4IQag3sMkIoqoIgiqCEkim8kaPLwk3XGOtMUdun0kd2tMU9KqRvXH9z7J+7dWnSrwRw6tJS9Ps+MvXy156/e0KoVVTIEJmId0yEkY3zbPPSNb/qhn/rBn/7+/33ruYvZ4qBYWZht7aqhbGkow57JzFyGR85RkUPmIqoIEdEYIEQksAm0gcZQZtEaIoNk0BowFFVqaAyiEVVBFVACMs6KMQaod+IIABBSXVW3337m+775G/7NpauXnn6ViFCxjZEvywsWgKxFZ9jR8M5Tb3jt6x+/8/kbL1xxDQEI9fK2CQM0e9M9s7mxPBm3vjHCGjwwowqIOoMRluxVicAQCSghGUJQYdEiI2FAUPFSN2knoohgWqSIEcXZXnuTBQ2KgHGmLNvZxJeNOidbBE0rh7LerPTjaZjM2BpsGtnYaoqeRYStXV+3mhc0nranlkdnVkez3XFogxmwW+6rKzxrUFNpPtaeMaapm4sb48PL/be98Z6epdCMqW0kBIuOKEOgQDBpy83dWbOzc2NrVnqpAgdVUfUMQKSKgjhr5aW16d0nF8gYQVMLNZB5MYhkwSC0zkq/cETIIbrZAQGD4o1Ju1e1i4M+Bw/1zBUzMcQcREQRlay1LirXY8YDArbMcYg4Z3MiIJNKUEJsVXNnVKEJDACWkFnikQgirErQNXx4cOwyX0LvE6BwX5mNMTUwSovje0mKBtGgGuxiYbALHQQwhABgm6CdJAcMJbklAERnU5wZWoOGUARa7RKzEYwhMobybLQ02rm6nme2nE5g0HvX973nVz/+2UuXrs9urG9fWQc0rfeU5ajkxxMR1RDBdinaWhXJ2msvXf3Yb356tlOBsUQ0WByVGztKMRJHLVK3CISA2qqwimIHMEzpp+xBpVs5MIEiEJECcIzCAQECIWSMwlxBYGa2aCDP66298ta2IcPKynr92vVf/Z+/e/H5ixpCACVEIKLcCVFbNegZK6Dc3Xrswj/5x7/sn72cOUeIoazCzt5uVQ7ED6vJ9PKVOzJX9Z0yBxUSiR7iuN6NAVpzqDru70jAB7EmjokQCZnVmPRLYZ+o++Oddne7RQLnTJaTc9AGbRkIze5uk/VcWQdQ2NlthcHltL3b+MBHF4tZFfamnGembUMvt/edXNbZLHf5wqhXTrbr6TQ/frtzQ9+2vg7WTwotLYlXffdDtx1b6TfjbWEvLIAGLWjTQBt6wSxZXq+qK7d2d6btbit7QUW0FfGAEkSRAIQV1ma+FQRypWSTuigxF3QGIVfqq+YGFge93FLjFZG8aivqASsvF7Zmx5d6qMJ1VbQTI62y+jp4MIBoLDlDXtR2hJZYDbYCltAAWIRoM1QAAeUAjWdCVBVC9KoRO8gqQeY8Ne3CI7qY+APnUNMevzuQsciJvgOMYS0gihF8GBtASg8g0H7+tQKgjcR8BsVo5+1yn1WjyE0JkBAsopKKJiWBKDTxmGbG5Xb35kaeWUBdu3r9jz7+eXPt2quPP2sr3ri5nS30bK/HVRN1mOy9cvxACWjkCwgRTm+uX3z6ReSAqs3u9Mbm85Q5yGzYm7ETSpcOAWhvdbB4dnnh8FBVzMD27lwxi7kHj/2sd2qxWO2Dgsvy3vHF3tERWTKZLY4O7MgF9dlCf+H80dHJJQWN55BDCK3n6ZTLBlv2oUVEX9X5uVN333/3xS8/t7M3QWsDqB0WLALTGSpgzPFp/NLqaHR4ceP48ujQSGfN0oml6cbmjScu7GxtN+XsxuWrh2874fv9PLe+qTkECIyiIuoMEJJIrDIgfjwMoXFGJIl+VTSICkBQbFnjZNwQBoY5jMsotMzgRR3GZqH2XkB8FdpZaw1xq8bQdOqnM7+8mKnI9pjjiH1Wh7tPLt92aPHIoSNLhw7ZvBfa9vILr2xcf3l07BSK8eW456dlM60Dv+Xe4/fcdripSlFRUQ5BRE2mSDa0DVe+D6TtbHdal0Fu1TwOseumTmophCQKjaqarGa7HbI9U3jKyDhUQdYhyCpJkbnCmY0pimjFytGwgnR1p94c18dGGYaG2onWexnAgAFaaMFa0Dyzkdgb1wpK0YENEpU0oKwQWOJ8MWqrAMAiAAFL9E+AF5H0bHaIQj3gYdJ5F6jdIDQWnOmAdWUqdfKqeJ6QQb0CIQRFieIahg5nobbn0LO20olNu4Gszv8P6ly/aSX9745nqq7n8sKWm3tE2JQNVtX0+q362auTzdnp191WLPa49ZrncQADhJo63oMzXwyz+q3f8ra/8Ld+4Me/++9d396zeR67YTLkej2f596HKOvxrbz2DWfvf+CsJWrr5uiZ1R/4qW81SFVT3nnvibN3HXFkfF2fOLv6nX/1/cYQt/7UbYd/4Cc/SJlpm/rcQ2fueOC0QURUz4IqofEkCYcca2NR1Swzg+Frbz/xxG3H2qZ1mSNARGqZhQUJAMkSNsoPvueR93/be//lT/7T9c9+zbfqd08eP3/yehXaKrg8m+3sHj9z3BKY3JEKEqIqgrJqE6BFIQUiIAFUsAYCp7UvdspBSe17t/AlIgRjkFDboAjgHElUWhA6hQxBhQGhrT03Aa0povsx6GJOGep0r0WmDLGatXedWnr0rtO3nTk5WFwWQFAxWXbmNefL6VO8d3MwGLT19ng8u762Z4jecNexwIygaIzJM8pzX9W+KgGNtL6t6qbhpq4UcBxg4qOOvpvIpe4KFGChl+VFb6cx26bgrE8uawODgqr1wUT1k7U08XLQpUdEew3f2q2O9IwBRl9bY03mCqR+LtPKlx4WBzkAiqbJZMtCiMBJrQkpXwxDzPzsRuMBQDjlB0cXQIw2MjGHpYtA0nggIy5e/5i7F/aFzl3CC0I0BRhIzyMLtgCE0AIE3U+YiefQZia9laH7Z8Ycw273kf7NKcOJQBkCamTUKEA+6uW59dMKRMrxzAjasqnW9rgJazd3jUU/CzGJphv1Ysy1QEQhAuXAki+PHvvME3/1q89df/IChsA+9l8QEAMz6mjtuVvj7fLw4cWmaQCRHBKgIqChzOZRU2qtKZyNqz9rydksfmPkbC9zDCKqxiBaYBVWtc76ADdfWNfGc8sQBADbpjl29vj/9g9/8Dd+67N/+4f/AVkkwiahjUnnjFdjAhklffIzT13ZnK19+fkHH7n/5Rev7d3cPnb+JBhsqzYfZr6uVhYXXa8gXztrkT0aQtCCTKeCSArBCFMWjZa2+c2KzmDcuabfWewaUPMMc1IvGjiIkigigrMYZ4yGcFhYQCAkImCFPKOWRRtWAWPAe3nwthMfet/Dowycy9h7JAIyGprx5razWvR7TV1W4/H62uTK+vTBu46uLA0Y0CCCaKgbIEPWoeemLJvK12WzO/VN4yvWWyWzapoidvy+ufhr1C/E9bZ14N0oywpAMgZIFAGDh2kQJwiInsU5G6NX4pCkYbkxru4/NlBmXzdqA4cgZABNZoADHxpkmTOt50juNYgcvfZArSTaRRSXRqNNnE/G1TmBElKsOxhQouRqvwzF+SqwG7xoTGmZM36SUC0qJhEjWw2iqkwUkIIoILbSufUxcS+ws/YrdR4nRDQEBaFB9Qwtp1yK+Fgn3g0BG0AC40wxKEgxVD43rvZemlbqdnj6SLtTLp1cXXtikxAFMLolCImIlJKulRA5MDjrevnm1y+ue7a505gKgOnnrz6Y0vuXtr7wX7705u95Y28xT/PZ/ao6KbzT7l1VQCXOMRAsmeifBgAkICBFSOk/O9XzH3th82s3LSI4y8NCWV2RN2Q/9ZkXtm9NyBm0KAqoQKLcejRkbLS9MoiKwfFTr8wurcu0uvDi9Wp3ViwPi0EOPiBAr5fPqm0hMkVmfAsEaElrNoioQghINJcBgiqRiYWHoFDcQbES7GszrIm5rUCo3jOB9h0CIAsEVQFkjrUG+CBIYAkNKRGxAgJYQmOIHIqARTha2IVRP+/3fFlK25IhZd3b3BpvbS8sjYT52o31azd2X7xV1mDOnFjBvEcuM84SEihz2wbvFVBYfdMwS+ND6cPNWRj7AwtuOCiUB1D1rFPNJF/s9Xo9o8Slaht8bRDQCYt6UEtRDBIzMJMsU1R36xAUWCkISlBu29Z7BVIiFljIaKmfX98pjUVQCLGOjfQZTcINVqE4NQDgKPiHyK43XiS+K170AGk7zSylW1jEexDn35Xu4+zj/5nzgYlQ431KyACiKF04jMK+EAcQLEfRZbyGERHBESz2MCMMQuNaWo57dZDOChUlNmpMfvspXeg7a70PC4ujPRYQ3n7+yui2o8tHl/cur4WycUWhkppSBQBySKjQIJKwmmEfBerrW4RocicsSUU3X5Gy8qQ2ztz8w5d/98WNwYmRtelXIqrJc5nsXHNzF3Rk/ljFIUFshSPUkVQklKG8Oa2u7Oi0DrOay1o9qwJas32z/e+/8lHInLUG4lERzbNsZWFha2Nrtjcma2LTbgq3cGwlGNDl0d5khpldOLl87YlXACkf9nPjNss6Azp15Nj2cNA/naFCfWvTr+8YIkSoAwOgM2A6Q0z8zbh4TKPdkhLORAGFxRqycYKtCICGIpwP0ZAPWocIjIXcmsg4gqQaTK5wYAkMqOAIX33l+qd/57P33H/noRNHXO5C2+6tbTZl2Rv2m1l54ZVrl6/vXdlqL+36B+9eXVkaeVbwdS1qDGVFbowjUQCvZAQIQAlpr+KNKiRoX/cQduwVVUEAnTY+gF3t5wPX9mSKfiwcvISGUZGAAAxlligWdoSEOFfN9zOTOSdog83IWbKOmqaumqpqqiYw0DC3cekVr/H44s31zwFAkj4qwTvT8QaoReKV3qmo5twKUj1guUlHR/TAlAb/f9NSjXmNSQcZF1OoEcCRanNMVoy0g7QtqxcI0pULCpmlnkVnQARYUJsoMcMuewfQICAp4NgHVzhLVIzy288dDZPJZGOXkIqmaSZltVsOV5bJZlXEPEdNKxmI/zU2X15kBr85TncMC8SjMy/GgQBQg/K4RTWNn/BNb3KrIhwCMKsIqqKkJiplA2NiXChoFL/hQQ18RPy3QRvPjecmaOD+0rKEgJY4SJbn1tngW1UgIhZBIrTGrozuuOPEy0897yczBAJQHPUPPXrv5rX1+sa6dYSgWy9f9dPaLg/6qivO7an2vIRnny2G/Xxk1h97sn/4KIxnxIIgfUciKXgHAKxFQvRBnME4r7M2Ks8RCRuvtVcWcY4I1BIiAYsyg7UIAswCAgbRGTSoxlKc7zgHzhFzirgLrERoEdsyPPbUlWsX108cXzhyYqXfywyCiO5eunX1xs7VrWq3lJulFL384fNHIYSbr1yREPI8iwdjYXmxN+xHP42QVUOsfqf0TRcvAl1FqnPpIoIqGGOWevZwVhfYoJSstedWWVSJxYiAQ+hlzppU/M8nKAiw0rPWxLqOAA0AgnFKwigNB1EpnNHuiERhiSJw7Ks7llJQiTdySF5B7eacCgohqka7dlZEIZoZQOEAA/8A/UkxGpdg3i7G7GokAAG1CK5rxqSDh0aeYpdoiNZz7BSxE8Ipi7Ki0XSdEWIA1a5YRaL4xIIxWLfEGtp2NCoOH17aXl3YynMVmW5OpA3YtL5u1XkpCrIWAdQYMBaNASI3GJrcVZdvmNggqQBQMnnYBJrSzkwIgtKqaYGJ20YQ1AGIFw1Bu+x4AMVYxkQqjkEJosIYYzv2iyMFVY1MxMiUZLHDPHgjrGhAETkwkTVkVFhTL6Dbe3v54uDonWc2Lt8y1oqIWxk+/NB9F48ceerFmzSZxl3lym0ro1GxYtyx4fJO0SdybnFl+sqVMPMSzHRz18RCixBBrZkvdinespbS9WMNOoMIKiok4GwU0AKzIiGDildK4c+gKpYws2DjyRQAgKhLyXMggoo1xi7gfFjuaG8q9Xa7Od7qX9rOM8qc9Sx7JU9aLQOUrDutvOe+Q7cfG924fMt7f/TM8dGhFXLZZGtv/er14ag3XFoQVgVglrJuZu18FR3nr+kcYkKSoTF0x7Hl1T64sAfqEdQYEjGsCGp9IB84eMgzZwi9QuRKxUPsDPacYZYQBBoPioIcgrQNe8+BVRScIUPEMdsMMKo70kouVqSIGBUCil417uNNJw+Lu0RJnDRNptTOJt+BZuaOiliOzlOv5/JRRFDTrSJcjOQTlQSt2cc9UfehtOl/YDpvloBZJ1XoORLF2kOQdJfE91UQwJAaQ8ZoYFJg5u1bk5fsxesvXxvf2jGIHbQbwVjKchwMsrw/m06xaTErwBhayYa3n5tubuJgBMwaPCT/CAIZcA6ti/qAWMmgdcYWNdvBysmzR45Oy+n1S5dtKxQAWk7bDtBIK0BrWmk5BJfnyCIhxIUk7E8IQH3Q6K8XNUtLk1tjmdZAhIgNIBChy5gBjHUWxdfArMLjK9uUO1BF9IAIRbi6vnfl4rqvwZYCEkC1bXV9cze3buLq7elsLPXYhmZWhrWxWKdBOKgyICupGARrMApWLUJEgTKiJSXAwCrpZCoRFpkBjWAxQEUBifdiJKPnjooshTAGRlYiIkNpLdnPybO2LTRBO2ozSpHtVlox5jVgpSxtAAgKrUAZ4FbFx5bzt772OLdN4ejsXXcOVpdN3iOXj1YOAZqbL7+C1imisAQfdibNXsPdPAY6uC5IohCAqGbOHhn1sK3qxhtS5xwSCVkPUgYzbc20UvDEEUyR5F9pKEWIjlBEYpZLW7ccuPVceWlFGx/AmHhE4oOTbN+iJg4RY88lGlU4UZET//ECc+x10lHO50g4JxbOIQ8wfz51ruiENMOe02XUIFpUQHAKgqCEwsrYialB4woxMWao08JFVZZBVNXSYxUiix9DV1Ibk5JKo6pTCMk6BWIOLs+stZnLjDFd1pkqABkrNjt0+/nf/n/+2Scef/Jv/PQ/NMWgFV25/cwnf+Gf/fyvf+Tn/tW/zcCHpgKROERCl2Gvr/2e6w24qtW3UVBaL45+5Ae+++9+6JtPLQxr5v/86S//zZ/75fLGNTLE0oCAzXK0Nva+Z+6+7S1vfOh3f//j5cYmKIL4uNuPpbwygyIAKTMtLkojUjMWvVRBWYfOSdF79G1vn83qZ776mCEnbYMSEFQUIbCqkDO8W37lP3wilLUpGw0CISBACyrIkWBgjHMGtWl0ZSErpd2dqEb5SPx/UUgRp+jp0pf4TnZhd5ZQFIKg9wogRGAwTcCNMXQAdtJ4CQEyh86AMSgcWyO0hK1nZjaGDMEgI0GcNLpXw7SBOigq5Ag5gUEMAmWQcSs7Xlrmbz9/crVv6sn02Omjw6URGYvMwpUKDAY9dFnV+Lzf84EnZXNzr5q0Qsmdk3I1u4elq6SUm6psygkBO+dUFYxlQR+0bX3bShOkrnzZBFGRhHaZG4nSk4OITVkp6tLyQu6l2ZpMJpUYazNilnnPFIcohMkTG1XXcyu3ajqcAgqIMg9JmluKQBVSIGd39LquR3Wua90f+neNcDTUA2gUyIoiKwhAQERVSreSptIHMQUTRTUNYXTAptwmz93PrvseIgECiDRyWawF6+o2lEECQQABa1jVYMe/idI56/LFpduPH/lr3/mBX/vq00989kvOGDcYnju8cvb0KRgsknpyBaXyhTDv+SK755HX/aef+Et//V//l89+/qt9oon4H/7B7/6lH/7ej77y6k/89u/cdfzoP3rvN6A1P/Yz/zK3OfkWQAOgyQrrXDOdffe3ftPPft/3fuP27ON/8Ilez/iqUg6kADGTwCgBQvB0aMRt0HpKeZ8MIQIbQ1nOSIfPnv79f/V3n7xw+V1/6gXrrTjHvkUV64wEjlpWssZUasGyMUAxbhyQCEnjdWCsI2fIuGAMnj7W6y80129oDDoQAVACJYNmHnwXNzgavTYas3e8AAtwMpykX7+IWkOZhb7DiIZMPAXCygshWEOgEBhMbIDIKACzWlLq5CMtq2dtGfYkLaValpo1iNYi51eyB29bFu+LflEMesoMwaPNDGDTNPV0aqx1vV5g3RuXNzf2buzVTVy4aVfBgCKCw+g30ADKzDu7k6YcFbmJn6+6mdWNr5tQBlNTwWrbti1bH5sxka7a6waJxhoi9L49cebYqdvOVLMyy9ardn1r1gKZGNsW6+BoFud9tbUqIAPE/EoBFE3KFfjjopj59DGe566Rwz9GAe7SmQTAgBIiYYopjKsLYyj1baIGIWYa4Zz8MM8xVAAAm26Obrp6YBak+19+goDGMX/0UyCS8W1ohXyeYeFYlXqZAJj04KJGVafLxZjdslrORz/xJ7/rT73wKvoGe71WBY2BwcgagLYt2xYQ86Jw/X4Dunzy5INnTqyePsHDBcnc8qHR//GhD3716o1v+Zf/nusGgn/x5vpfefSN/cXFdg+CK1Q1y7KGtUGkleL3v/IC6IdfuLaerRxm78EVFrQpaxDJsgyQ2raFwuX9Qq7ehMVlY0yrAK1/93d94NWLV6/cWK9M8Q9+/Xcv39wwwyE2tqmrYjhsVdl76pFzzijUHAQ0A3GgEgJKAAQgAgumV3iirN+jYsDFCAaL6Aa8e52sJQD1HkJQ1ShjN4SE8TMneOBuDSICEASCzKVSCCKESIQxyZkFjI2/OnAGDSFYI5rkByLS+BQpSQjWaZy39UBXepgbrAM2DLNGKi8ta8r+sESsp5eyxcV+f2WkwUdgPqgAB2atJ5PdzR2bZS7Lbt1Yv7m2s7Zbb8w8q0YedmSS5IYKQzHPjlTrIONW29YLB0ILIrOdvaqqijx3HPzebNoadgMvWjc+yjg7y3UsEjGIWGcMaFG4pdVl6zKQWebM0kJvr/IAwBL/7Shd8yEHXa3JDyDR+A6dJVfmBMPOHB5PnqBGYOmBg5eESvP9QncDKkXPRNxLprlUTN1NZDXsgpkkwQChK3vBxnFQ9NgLRi9vTKIHpEg7Te5aIKOIiiTR8G4I0bTG6qjvFgYsWvTz9DDHiouMGqvWqrHO0uXJ7AOvPf/2tz7y6c9/0fX7hGSswYURAOCy+cYH7iqK4jPPvNJM6qXl/t2nj7PIudMn7nv9PS9fvX7fbWdODgf/50c/wzvTpWHfC/zm733uk3/0Jc8iveLO08eGo4Unr9548M7bhtY+8eLLL167tVF+ZbtpcWl0cnFxUtcbVfXOu89PZ9XXXngZcvfmh16bDwaf/uRX6LDaPG9Bz5+/7cG7br/JfEVvZEeONUi/8Zmvhbaxw8HK8cOPnDj6pSvXlke919929ulnX9rb2G6tefC1d91+4sgXXnjpxvMv9a3FtpCqFKOSIQ77lbErR4/i4pH60Jh2Qn3pqg2hWBjZpoG2geCBRZiluwEtxDVnxDYiGXSkCOoEWk6SCVFVJUtxAiHOQG5TqEikFMQQkTimj1j4OOcHTdRmZ0AVTFBLMMyo9MiKMiQWnNVcezGgoFAFtMLra9uLy8NiNEJVBVIy6Jy01WxvXFX1cHV5Op5ev7a5tlPdGIfdRuYvhEPsWxxYHGaYG8wMIFAd0JFkJpWCofVtXZ04c+LYqRNtXa9fv/nCi9dv7Gw2Jm99iJl8+59/SX2Yc9YgqDhrrIQQfCvCzlIvMzGwk3Xe4XVwFt0PFYwnTVLDpwTIc+ZEyndOabjSwcJED/gncE5cU5g/Wfj/A+R3IAwVBRTFLvQeu1FqSmiaUx2s7pdCwN14di4PNwDcue4FEJEEUImEjCJh5nzmIM96hxfra1s2s2RM2g4hqTFoDFinxizk+b97/OlHz57+x9/9ze947oXgnAiANdDvu6Xhf/vrP/TWu+5gkRevrb377//rN91z289+2/tV9We++Z0//rY33P9T/9fyaKAKz1y5gSyz8cyXFYSw3bZmOGB0P/PD3/Poved+7akXfvxtbyThO/7iT91x9Oin/u5fe/jv/Yunr17/9Z/+X79y/RYgfP/Dr+shfccv/df33Xvurzz6CAH889e//id//leDpT/53rf+4g99Zx24IPz7//Pj//x3P5Nl+e/+9I8/e+Hq9/yjn//ed73tl//sh/7JF77y/rtuv2tl9c/+wn/6r3/w2f/thz/009/+/o2yApY//f/828989A96ziqhAmPfuoXBpEA5dEQWlqS33JYvo7E4GBGQIXSOTHAYgnjvWVLFoaIGRADiDI0QSQ2qQ8yTbARjGqQPwSAYFETuZSbCfkBVBIKADxrl+ZYAEK0BZyjyelDVh/gwYkSN5QRA4Awh4lIBgWPgiJY1tZ6//ux1npbHTh9eWFnsL4yss1QURhWdzfu9pmouXbpx+dZ4s+TrU65Zo3UwIxo6GFg0hJnB3GFGIAKWII+hQyzWmtA0Cwv9U+du648Wm8mYVIR19szVtVkjKgDoKIZGY/Q1qSiLAIKzRq0FFQ4+8a0AMotqopw/pR7Fek/3xyn7POwE/ozvYKdd0g4mo6oECIqiQrjflu5LOnGf8wvdAjBKC1A74SEgAMVAGNYYUq/RyWYiU0LmxiewHTYRDz7ciEjUoYZFo1shcRYJGVCQBMkaq/1+JXbh5OG1Sxunjq5iL5eW44YHjAHjEI0COmvG49k/+sPPffiHvuPb3/am3332RQBAa9TSj33be99z9/l7//EvzDS8/Hf+4t/6vg/8zK/93p//td/7H3/mu370P3/44197Zrw7WerliLBTVgowGhZnbzuJRBbg8sb22mTSIp0ZjYaID/3kP1odFhtbe6+94w5nrev1IS+C4o888sC/+sJjd//9f/Erf/o7f/NHvv+xa9ff8LP/74+/5+1/7Rve/I9++2No7c//4Hf85pPP/YWf/08/+v63/Yvv+baPvXT56zc3ijx3eQ5F3gKC6rtPn/jJX/yvF6/d2vT+3je+7v/49j/xM3/0xX/8Ox//jR/73n/+I3/yLY89HjbXs8Hw+GtOXZ/sDldXt6S1h49cLtutrd2hK9QVQlWDpGhVOQM1qMaCQojZlISWWRQwSBIFowFjIDZ4mXVROEWEwgFBIvQjbouEo+ZCrUFCZVZAddZEoak14CwRiA/SevBBkTBCjA0hIDCLIewXFlSalpkhzwhAr++2vty4cnln2M+Go2Kw0O8NeyBSzqq9md8c19c3JuuzsFbpTstxQTuw2LcwsNi3qIAxuqiXmcYLK1iSGOtrjXGW8iJzWYaIIAwqo0Hv5LHFybVxZk1mcZRTYTEj8qxN4KqFsglV3Q4W+pkjCT54I8wheBaOmN7M0pFRxqqiICI+SMsx9X1/2qkdtQm7ZuuA7gz3Vw+JIQ3dEj9JzTqWryanEWhXjgLLvr6tg5IBK3gB33kUY9NIaWua3mZLnWwtSlfn2TIdkgyh4+1HMQEoCKAYA0QSJGzXu40snzlx9Usvab+vw4FOqqhxRmPBWDUmKATRxTz/nceeu/St7/6b73/nx65v1j4AEYwG3/7A3Z945fKrN25B4T556dp3PfCav//hP9qcVQBwYWPnyrV1CGoUAcAYAg7f/tYH/t2f+b5KpYf0l371w//69z7Vz7OZ57/xK79VXrkKloC9dVYVyDkgLKx5dWv3b/7mx6CsXtkev+dO/cH/+OGLL1/44u23/fmHX5dl7u4zJxat+7lPfKmc1b/wyS//7W953/vuv+vJtXUAtdZAlreqgPhT//UjH//UF4eD/hT0z3/7+7zqL33l603jf/Xp53/hez545uzpC+PdQb+/0wZPTgaLk3o6On58rIZtxsYSGTVGCFvFEM1KrDb5uUBVIwzEGjQESOQMZRaNSddfHGmLsCHKnCEkYyhIjEBRRWJhUDEEWUYx5JxMWkkpApHJLPUKCAxNK57RB3ACItCyBo7tpThrkNS3DArW2ZLlRgMTz71JhbemMV7WIApiyVApTYNu1nqr5lbUIvQNLDgcOMoJI4vIGHAmaS+dQUvAgZmFADNnrCFgryGIb8W3hDossmOrw7WGN2fN0NFCzxhAUalaUJFxFda3pwOLBDzZ2XFFz3uvCswcyfEiutzLckfWYERGNEEndZjUvg7SeElZD/uysW7esn8S55o1iFFk81Kyq08V90MKI2cm/pFuGRmX6YgYg35VvaKXtOQ76PtNRAxAaxBs3K4AIKCXRDUl7FQ8cw4FIKfmkBQJ4kiwCrvj+tjhZZ8VAcktLTSNoGH2DGSsdUrEAALQc07G5T/8wy//u+9937c/8rqdpgEiGPQs0dtuP/Wln/5LmTWvP7T68uY2OIqNTWEMkREIs7pVhUFR4KD/sQvX3vJv/sOj99z5T9/5NrQWrFFEz5wrtM7kRDPv437HGAJEIlwbz0hAnSOA3braG1dUFOIDAKiBsysjAdgrG+z3vMLWrL7j8BKYeDAMGNJOCmh7eY4wzezxpQWL+Ls/9qGZ58ODPCdaWRhdynJ0WellsLIswwHndOz4sa3GMBntkOiS3GYoAt6zFSURUo0vH1IcroAhUuwmNYk4C4RABp1Fa5BZ2sDR6xRpA4JoSJE0it2oAy0wqwQoWYLD3JExaGzaabVtlCrEA46qxAKIxlkMosLaAk28lgZHRjJjCIyKsoBn8GgqhZ3Gr9VSBjUIPYuLOSz3TN+a3CKoGovOECAGUWOMZ0bAwFzVLai4zGWOpA2eZ76qQ936piHUxZ49utC7sjUlRALMHRkymQksMqvDhVsT8n5UWNiesah11mZWkchS0/C09q1okRtDaAkRsHA0yM3KwMXvtGWZNb5upWFpg/gYVi9J85iWBlEoN69SD6Asuro0tX5zaavu62n2TU+dXA6CagCMcZuEBKoGNHLMonjNGkz23vgpIex0BskS0jWcUSKOpBjbC0QyYAwp7G7P9K6zC+fOTndnxepSs1dz60cnlkFxslsRGQUQEFAF637jq8/8rfc88pNvft1C7lgUmDPCZ26u/ZvPf7UgA0Gub0+o8RACABiMvj+9sbOLCPedOPr5Z1/e8XzlpcvZ4gjSAElFhFCFvdYNI4KEVFWoxE2AMGsI2vp4cSqL+MAhxEEWM6fKwFhAivwPCCLJgCOiDADG2eDblcUVObzQeN+K/NJXnpjUNQpMZrNLaxu9wYABA+HKiUOzQe4Gg5XlpUsXNti3kUqgXV553NiCqDK7OLADBQVyxKKRyhjlHFEBbIgQ1BpjLebOGEMiYplbLyjArK1nZhEEtUiCImJtWmjFcxjLnNarMUY1eqYQkBTFGIq/SUukKnHYJyxNkL1adhrdUBhZ7BnNEQ0oK7RKlcq44b2GWwZCHDpYyHGxoGFhhrnLCImAiIhAAUNgVkCimqENOpnWTdMsLw2NIV/VCthUTdN43wZmT4grg2yp7wILIoqiM1QYt8DQeL2yVwcfVnIChZjLa3I3HObGmfVJs1f5LLMGMY/jYFAidNb2ckw/BOaBoyBpR+9Zas+1Fx/lcyKeVVg6JlIa7MSXZ9/J0rWVHahwzsSHDmaPSNHOq5LewyQOls56320JI3c0kbdRFVjnFr/4N6RwbUVUIoyj9AT2jsm2SgDT7YkfDcPKYrUzWzh1ZPv6DlkX0AALGsvzwG4FYJ6sbf7cp776rz703jhQhkk5rpqpb//D73wSXAZlC2hMZqH1qtqwl9mUsuy5S9fXZ+WPPfqGX/zMlydlBZlx1khMU2QWVc8iTatNrRh7XlEAYAHmGF+udQNNwyGwAnsPrQ8hqIIBvbK5TYgLw55UVf/Y6rHR4PrWLrRNXFVBCBJCVLkbFWPNZG9ydW0zI/pvX3l848YaFDlUZa+ps8xR4ejwYOn4SjXoj06ueMq2JjNqU2SNeIEgFLXnwsAMLK0KqFCS+Ka0dEzOT0CDooIEKhRRoUIqwkQxfbyLkEMUNpGMBaiIVoSNiY0GSwRKA7KiMKp02XuKRJhlZAx2JC7KGZqWWdV4KSwMHIxb2GziYxyN3hBAPKuoGtRhhoXFUQZ9C4UjRGTVNqgxaFQpYmIIg2ciyjI7q8L2tN7Y3C0K1+tl463NtuW2bUMbgiorKLAlWCjstPHWUu3Zi2QmwSDWKj/2eijDoUEbI1ymQXZqtbTV8KzVJWdENTAbxczZPLPOGQCsWy7r1rM651xSSaMo9By3LHHHH1TLhmdNmDY+BFbtcIBJZdrR7xP8N81UuySmRG1KcRQdISo2krEpNXGdmHb6SB1HygpgiOonjW4L7VjXGJWV0k129QCUP77KompUmr3S13ro2JH1SxtLRw/p8Aq1UpYtiMScBkWwRFYEJrPcwq9+6vN/7h0P339kOQeA8d5//NxX//UPfsePf+f7/+DrL/zZtzz8ha+/8jsf//zu2jIivvvec9cvXrt5c2Pvxto/+O0/+rk/9W2/+Zd+4Oc+++Ujh5f/xjveRIhWFKo6uZiaBtsWUCGwhIAAFAI0bRqHVQ3UlQZBVGhqqCtf14gwJPraC6/s1s3f/eC7/9re7p97z6NLWfbRrzwB00kbmAPDdEJ1hYjGe5lNuR4d6vc+8pkv/pMPfcsvfs+3/I2PfPTcsaNvP3X8//6N3+ZK8uOrw3Mrh1aXL/aKO44emdVhujcZ1DX4gAoojCzIAhyoU++IqgggKirG8V+IkCIFQ+AYCcEadVbbljmAsJhY00rU1RPEaEtKWg1EsCYKpxQIiMhw6ugNURQlBxbPyCKpCEpm0RiyoEiQWeSMFlV7Dketll6CQB3UiyqoBRxYsAQ5IaEahMxAZqhwppe7mOsRXTnWRgmVEmHdCqhUAW5Nw/D6dtU0i4NcAk8mlSiAMdHyxkjTRgmhyIw1hIA+hMAaWFpmUdhtwzRQz2BBaACCaC06YxGAgTM2GmrnODdmRGVRH1Q0Ps5IRCIagsRg3E4QjTlh4YwzGERmgQXmTovugM3TduNWQ+e5TPvxQ9FQYpI9UDvRW/qzEaqG+2tfAEDLghI/DRBFd51EQedr0nmEUZfrIJpUZqwSBMt2Y337zvN3vPjlF5ZHo+zQEm/PCFA9KxCo+qaZ+jY0DWxu2r7Z3L7xs7/1kV/58z/gyymUe7/8mx9+/fGVn/uuD/B3fRMC/OhzL+PuzrNfeez/+h+/97e/6wN/871vf/TH/zNmMdkAAEBxSURBVO5Xrt341//h1wYWfua7v+U7XnsXADy/vnltPOVZDbt71Wy2NZmE6ZR8i8rQNPV06kWxqmB7e68sZ3UF0wlUVTmdzZpGx7uwt11t77TMPebZlWs/8vP//hf/4g89/g9+ogD8O7/+24899hhm9trO9rQsYX2t2tqeBdZZqZNxNelbQ1efffGHf+6X/+1f/KEnfup/7QN+6sKr4DJT5G2RZUjYGzR5cXZhcXdnTHvTrK6pbYiZABCEQEwsl+PSHePDnRbGHCsllOjCD6zWIGu0vYIqsLBzRIiBlRJMIUZygApISuzAGLsbPS9KgqpIc29K0gsbSs1/9HkiKDOEEN0jUGSIgI7VEvccMatqtMnSASUXAIAxaAmdIWeNNSbPDKgGL4qRKxFtysaQqui48dMGlXljUvctxYorRK8WoCFiot1WKtF+LyucU6s+TqRybDyzqPPiWZsgM+1MigCEWhCOMuw5jBNja02R2ywzhkgELGuWqffceG5b6aweiWcNAI3nNshc8nrgG9SDb0+3g8Q0lInr/i5zqUtfmqteozwnmhCTIIAAJU1pu3/m0cNHu/Vu/LuU4mgr5TIgAwgaMCTWgrFsDVijeS7DAS4McWVBjx1a+caH3v/oo7/+Hz9yKOjOS1d2rq7bJkjdQssAREXvtjNnyt3xjYvXCBis4mjwmvN37ezt3rx2HREC6P2vf+3pI6tPPPHCzQtXLQEwB5u/5jV3Lgx6z7/0SjWdWcKG6MS9r7nzzMlJ0zx3bW1ksnZ3r9zbW11eyo25cfky1TPloIjFkcO3n73t8o2bs1l58vQxZr51axNEVg4vD4fFtSs3lHnYK04fO3ZxbbPxIYicuu3Ufbefubm9/fRXvro06NnVJZo2xGFjZ9xz5uixI1sbW9PNzf6gr4NBuTvmon/qrvP33H52IvL19TW3vOCOr7YDe+rk6urCwsVB/t0P3PPMcy9tP/VCb20t29hy47EtZ6acYlVBU2HrTQioAswa72PA+RUOEbqVUoHAmPi+xdwftDGsUaMlHMgAQqTZpuvSGDQmSn9BRJnFmIj40Qhujtp1MmgMGEJnCZBUlVl8SH9XiM+EamCpPUsUhIkoAFH6AgwZpKjYM6ISo/XiNyDMRGAJAaBuRREs4aRsL24367MwcLSSYd9gnniSyppkZbMAY4Z+YY4s9keFE9Gm9XH/1gau2+BF05mRuOeaU14wy0w/dxS1Ioi9zBaFNYYAoA2CSKDQBmk9MyfDkIgYQlGomlB7RoN1y3tVU9aeQAxgUG2VBPaNvJC8FzAgWbRaGA2KUw+sYEEt4oLT4zksOggiOx53PLWanLoWlOLeQjF0LygeO3KEEOMdHGWsUUfqKOmGRDEOB5iIjQ1k1VrJMun3dDjA5REeO0xvuec7vu0Dn/v805tPvbTo9dILl23LMi1xdwJNgBB87SF4EwKKIAFY460zzqGyNrUb9Gtm2NwB46yzygEQyRjfelA11hKCAlGWtyk90JDLhBVDMMohMIgYEGAPyoAoSMqAzkZDIKAYYwCVhUHB5jmAStuKZ7KWAMm6FoFGQ62npiy5blfuODneGfvr62Zp0eRZu7dDgAYQDQqSIrm8x9Z649xooX/mVH7fnefe88g2ymmRrbbGY8tvOnvia597zF24YjY2su1tOx7bqrJ1pVUJVU2+IQ4kaQgaG/UuQj3RVXCuj0o4ZySMfnns7lRwFp1FY9AQHchzVEJk0cAqokhgCJ0DRA1e2gA+CCS9fprHApGIiqhnEgVJKg+NGbKJdhNCvMCNIVFQ0fjvZMBoYw0sccglooiQOSRUYWi8sCgRtIF3Ju3Nid9rBVRzQxbQJFeCBlAv0AgowpGF4tTyYFRYYSlrL6I2ektZ49srUQSP6EwU8UFgsdZmmVEFHzg6J/PcIYIP6llE1BoT1z0soqqBNTDHly6IRsds1YS9qp3UrQU1AF61VdID5WhKPgMdki47yA0E0WkAETAIFnRk9UgBSxYYYKfF3YCVICHkBBkCgQbFViBE34aqtRgDFeOqML21CZIRJYkRRkEgBgJqQA2gARRCEA7Yeqqbem17c3v7njtO/t4Lr55ZHLkjUxiXEAIYAvHaNM436r0GH02aaskigjEiQoRag51MkFClljqV0MLGEaCChFZFAQ23lSODxqgHmanVWJSLgShZFFDBGFoGYIi0AQB0zkkI6CwQWGFE0JoBFINYFakbURBES9RDbspZaFtE3Hnx4uD4Ki6N2skEuegNhn53VxGFSVTIWC9sXN7vgWEvdSWO3OLwkMGFyfQKN29YXZ6Op7ozpqrGuoa2xRDUd10Id/YwUVBGAFYgTJpm2pdlaMI+IaiqVTAEouo0lZEKQkJGyXQfC+2yYuOOIUoSrSVrIbOAKM4YyxoCsiSxdZRlatDYYQiLAEZavCFKuFNrLMYyWmJPRQai551FgSObCh2ZCJtXgMiXVRUAcUDIyiyWcKFnCWGhCdNWWtaWhUWDAieTABDhMDfLPTvMjTMkiL1MmYUwkmNUVJGoZ2PomMavRwEgCmYBDUXZuIpoCLF5S7wMH9J0PHnkVDUaeQHmU7GWuihYST2czvOu5yG7mnqB/XSvSJfpwndVgAFE0vPeVbg6P2SabMcCgLYL5D7gmOqWj5QYN0kYDhBVVNKiGNQA4r3XuoFpadd2nnvuhTc/9PreoaFMZWlpYWtadvFHotyKr7FtQSUdQk4ze1NkIOQ39uL937kQo1REBTRdwlHWJ8yxVaZ93hwkc1b8zqRzYkIXOkBki8GhpdneniqrAVFWDTE7QAJHHyOgCsN0Y5oWrcZq8LMrN/PDK67nwmSCgz46A23bO7zqgxcvAAgkLB64Iq0gzC688uLth5ZbBTBwdpB/7cVX7XSCVQl1rXWtbavBSwgoCoosAIoUpbxdwGKcmPE8VEQxvkU4Zz4rUOdfCiyGIIgiS0wNmdtODYFqpCXElkwADCIaSyBiLYqLVhoNIUJY0HcW2piCBahEZFBF40hQLBEj+hZ9UADOnNGotkJMt4pIxKfqPi4seW+IAFVIwVmTOZtlduS5bH3dcuOlDdGUTUjgjLWW+rld6BeZs7HDzTKrqiEwIcSJaPy8chJ5pXCUNigABA7GGugSU7jlqHMhREKMzuYgieUSpWEmnpbObQj7kLdIdUm78gRo0v0E6C4KRumAQxe7XM0Y46Lzv647iSkG9IBvw4rM/xDOITbzL6UrkABYyBCBAJEjaYAbNSriW89lTbvTmy9cnNz3mtvOndh57NLxpdHapWtZxH/HCENlwChOj75BUBbKM1SV6bhTsGNsgDQD1YgqAWMovt8gIXIANcLV9kl0nfYo3VIH6EKIIsH1bX5kNA0TtqghYAMKoHUDZNAiRPCI6txsiIja1DE7tN3YzA6voIrUtRK6XlYcGlLjfdlwYDCImUKhrq95uW1uXFoe5c/uTm+/6w4V3ryxNpiWUJZY19g24Fv1QVtPzHGWIHKA79p9O/GB03lIFiaOehqMxeMavU44Nw0kpgMpqqqlOKiA+I6pgFcQ5cDoLM4BIFGhYQyCYgCN4rWI6BFVaynWSNr5/YlQffwXEoAG1pisEBtIH9R7kdTZQcpCoZS3yRz3ylZBjcWBswrY96FuQ1V7Dhw7DDKG4qqW0BoDiXqGjhAJ4pUAgA4TJ1s8R0m3KEjgeEZ8UC8cv7DA4llE1RA6Q3G/yqysMRezw04ozL8RpCRh6pRrUbuC+8OZTjSaHIZxghpXFPsO4LRlwCSvwf100bj8F0U4oB2V9DlOWm/sDt2+TicOmwGjRxtRDFEBQsrAgT1p0+K0DDe3r126dfsdJ1998sJRsqN+NtvdBUIABY6aGYEIfxdRVZM5YwzPZvupGgbUkhqA473b3nNu9eTq9NbkyucutNfG2IJ6BT1gcj4wEz4oathHYcWfirFVPakuTXmQveUvvGM0KP7wn/5uPiru/t43Xv7US7tfukqF1cBxFpHUg8FHRBCCgmpY33QrCwzO783MwnJTN/W0TH8lkRIZY6Bp/frmoSMre7t7XvDuE0de3twM2zs6m+FshlVJ3kMIIAGVQRhFaM5fick+mEwx0qVF6Xw3FfF83V8ZEzkgxd+pNQhBVE3AqPEVa8BIwmcQUbyS2yDUgrMEqARgLbmIz+t+PyLAknSSRKSKgSHyMDJLRBQ/QtYZUDSmAzEBRkgIdGRUiGt6QBZWBRHR5BVSonhTRPgB5pmzxuTWBg6RVYWIAuhZQVFEQoD97bh0NnhMSnab6u/4npGzGpj5AGqgCziK9xESokRZZnI8piiGmDUS9d4qAoJz+PIfZ8bpAdD2PPoZE9Swgxd24O7E1+oynEDil4FzH8acnggQN20H/875PqTjgih0+BNRIUEURVFiyUh8CBZIykr3KB/1X335woP3nD919ujVp6+cPnP0hbUbg8NZECeUg1jwXlofN1sWKZQNj2f7XwsCOAtG3dmlD/yz71pYKTYubd33znseeN+Dv/XX/6vs1ehonng4D7HQ+UeWFU36Yevcio2IiJRZyh07XT196MSJFehbt9y/9z2vrzfL3SdukHPKAtGAoAJtiNcFJjw9qGq7O3Yry7K1p60HAD+eGecAQIiIdealNa7vsmOjwXOvXj5x791LmfvcxUvFzh5MplDOtG60bYg9SjDKoIwo0TtNMeeY8ODFN0cjpX6sM98EhcAS5RNpHwWaEVqLBiXCp1XUEBrSfm7yzNi4UYr3HgKyEgIQhCCEiY0tUYkWSW0m3fos6lv1LKa7tsl0O+SYZkVkHUVRsQgJiXFJXhWHH8xpjZUquq56FAQTzbZxsOSMc5H1SJpq7ORzF5E4rQiigMBB5gxQiYcyalBi0yKqCoFj6wKGUglqDRoymSNCZGZVDJJU7zbu0Lv0WU1lxb6+s7vL516nZLjFJFLDSBSjjgrHHVYj6rz1wG6DMNkkcB8XHF1nigg2Km0M7kcgxo+DJMl5IhVI2k5qjKtP7ixKKgwlNXuD8uLVi9euvuW15//b488fGY6WFvP61k3KOFhFVmmCRrWigiho1c4Vs2AQLIEjIXn0L793dbj0X/76f653yt6oOPuaU5gTjJwSsgi0AWzskohDgFEGrUDodOs5RSQQkZE2QGDIDChmPQcOWh/KsgEDzbj8jb/6H7QVd2xBhFkUWm+skVmLNUKDWAdQSb8eRCSSEIanjx05fzo/vFQdP7Jx5QYxQJ41wb/h/vvWfJMv9tu9PSV80123Xb9xU1+9bnf2YDzGsjZNY7xH74kDCJMKCuM87Idii59GocKdZwUBAVmUEGO9zKpBNAhE9gOCWgQ1qECNsmdtgoqAqOaW6gAjoV6m1oBBNDY2OvGIIhJKKiY1BPWc8hIgNtegCinSKL4YnhVFOWhgFSVEFZvi+GINa0yCqCogc4r78SysHfGF9sP+QqKtxAAiVAUkJ92zYUysyhQJoss5SHxQo2NIiYxvOb7FUUyiIiHWl6rcOfyMSUu5WA+DgZg3gJ1JCEBo/94DYCEw8TvCuf6sSz6bh6N1Au40ZTEIGamXfQwbppiXZAgmQkvIqTaJraMSdRQqREKwzsSkGFTQoCj7lJsEikv1HmIcdSEAMMdsPYkMGnZKAHuT3q2Npx97/HXf9cFzpw5tfOLxO88daw+N1m5s75ldtCSt57UdrZpkegsVHKyLCRkgO7t6/9vv+8R//FR9azfrF9XW9IVPfp16uV3N3/uXP7A7ni0sZSuHFj78z/5wujN76/e/7eFHX1NO2t/+95/efOraoXuPv/P733r92vo9996Z9/NP/M8vLyzlD7z9nrUrm5/5719tt6YYk4uNQg7f/BMffPmLLz//R0+988+8Y/HU8u7W3p2vO3fz1Vuf/ud/0FzdAyvRXqQKSCiBe4Pe4TvP7t28+ba3PySqf3T5ZpiWC4eXckQd76nKqbuOrV25dv4tjwxy/NpXn+nd2oCdXRhPqaywrrmtgRmjhFUERUUkfpy71UJagMcFXEiVd9o0xEFLHEMZVEAQQkIk0MzE1+KABR3As3imNgiREhISGkQDYAzGMjUlqgMk2T6SiCCiSKp7VMUgGoPWEBEajAkaXaWs8X+SskYfiBzIZWbVECSoBsZ52iZp2ojEkisC/wnARPKSCBDGBz/yqeLMimW+GQcAZBFRZFZAiArPWPFGknYaySKlL0aihFqVVUSI0RBGMSdLUnUS6txoYoEi5yJ6ZudhDUkk0XU/2KlFVdUiOgKLigQGlTuWRwoyi/BNRES0Zl/qErcNpiswCZEygsKARTHxbSXoUL+QBl+aKpCUFy+iqswc2sDeS+u1brVqZTKljd3q2VdfvnH14dedp8WcZ7Nb4+nOpO6dO33iA285/s2P5redsEVhEHvDYX54RX1A2M+wUdXBkVHWK3ZubQPh4PDo5OtPH3/o9uLQUPv21L1n3vKBh7du7T31R882nh/6k29+6Jsf/ujvPrM742/9X74Jjy+6wwsPvvX+ex88/5UvPD2Zzr7nL3/zkTuOP/655+95yz33vvMeUEZCIQBnMLen7jk9Or6kFobHl97wDQ+aXv7455+56xvvv/db38DCFD/aCEgkIiazS2eP3Hr8uWZr/PgnvvDiY09mzjzw3d+4fGSl2Zs88bVnDh9fbve2Gl/dc/up61ev9svKrm3i7phmM61KrRtpAtc+ND548UHaIJ5BFKMjIeL6VJKzHkFN3ArFRRGle90aLBz1HPUzGmZmlJlRYfrdH+nnNMrNqDCLhRn1bOHQEtouPg7mgXup0tPkRoW4agdDFLGc+wpkmv8XhAUVDBEiWoPOobPUucrji4Sx8mi9BgaO6nOdq3ziWhwCa1DwQaJqLMqPRVSUmVlTHBIQgTUQ0cZE4Cw5lyxeAhBEWy9Ny62XwMqinjlaZp2lPKPMISKwSDShGIrgYaHIo43BV9IF/YnOqYadVTCdtH2O0/5zifPEWxNln4iFoRyhR9I3UBgoDERybIT7GML42zSgJs1dkSDC0dEQooJNg5cuMRsU00YgIg0QaD7fAUw6RwFRDQpBlUEwRndMDRL0hvmXPvOl7/2md97xtvte/fBnD60sTYrcHlt+25vu3tqefezxV8Cua7/XTCuXF3ZpgcdTJNtNOIXi8FQEAt/1/gde8757Cud+71/9/rWvXwaWJz717Fd+6XOYObvSf+jd9928vDmpmxdfuf7Bh9569P6zUtbTSf1H//MrVz//fD4cLB5b+dSvfancnd39yL3DpeG+8sgZcrap6tZ7sCYwXHvlxqd/9fPS8J0PnV85ewisAWEgACT1jIaOPHB+cmVNnVk8cQSDXv7qi6ZnTz94kq1s31o7/ujrz95x5MkvP3bHN7ylb+CZx57WW2PZ2cW6xrLUtmHvsW0xvn1z+KKKQaLOWAoxCiYySGJzTmBiAYNAhICxX0uO8bS7RbWUpqoFS+C4wKaY10iElshSlxWWGIrJ2xr39XNZcJw4E1J6gjVlD3EHPVNJASSEc9xE2oNpapE0Np8C+yR0a1AlGgOQJUYKxLCvaMOPpoAYjplesPkwJi4hk7D5gPMd5gC1DigMMX4s9tjSoSU6HmGknmXOZs4EUc8SeZecCj7SuVwiJWLPvYb7ALY09UsDmHRKDaIlJFRnoGcwAyVNcWgEQAQGMUMtYgRsTBRNaU9gIgYyuihYJUrf4usXRAUQVOMFnNrcbpEae9i4XW0ZQhrbBARFIgV1VVNMqt3d3dfed+dXfvsz+fr2iZPH17d2n376QlN5W9Zt02AI2ZGF6vI6IWKRqQ8xpx4cldvTln02zLHIn/zoky987eXv+RvfbkyMGsRqWqOzuTM2t4B46vjqt3zrwwK6e3O3AKgEGJQYyeXO2LJuiaFX5GlUk/JXEa2JrM+4XbXOiGgGhA4pMrCiStMQ+KAAx9702vLGZjOtR0cPcQjjnUme52bY+/2f/dVi1Neah3178YULi3efvv/BB68+84zsTGh9C2el1LU2jbQtcSARiJsJTQQ7BAjChGgpgQ+w81Nj5y1MyGoCQ5hMLAQIhlkR04JTUY2JehpyBpIOMinL5pEswJo6DRJk6UZbqMZQXCcg7tt00uBWIDZIQRUQgiREkjGgXeOU0ByAighAohJkP9E0Et/ARFF9SiaLh9wQmpgiaChzlFIxkUQi6AgjLUdYW5774pNdgVCto4SmSB0TMqvErzDVnN2OQUHmA00AF99WVGMgsMTRcRCVtHxUmMdydmCLLo9pPnbX9DKlDjBSDIE6cNOcpRELGWe0UI3Tpn0waTd8imA4Gxg40fQgbXm6jeO+SAdSwlv82yL/K3Q1N5AQKFKNIOHqWlnO/mBj47t/+Dvf8p3v+tSvfOT1rV/J8+vPX33/ux/ZffqVNVXyQapy8PrbJ199CXwwvVyDVx8oy6srm+uvrj3ygYcuffa5ZmPPoxC4BARAkeC1CYBYbZdVWV54efNjv/Rpkxv2DF6O331SRNSztEGCKAu3XjzHSTWwCIME1RCUCpRo+8UYNcGNJwBhH0nBMcwKFE6/+w2TyxuzWzuLtx2jINPtMTgjVX3qgXv2trd2tnYWlxYVdaccv+l1b+4H2bhwaWUadje2tZxh8OhbCoFEMGLCUTFy3ePoD1FAWaC77mJnHo9QCooxadOQku7i754Ig8ynt6iSgosikBtNjAOOi0j8Y+EegMmkl1p/FBFjKO6Kjem0IEQaRxjdUisEVUDRNF6IoX8yR4ohRauWdCgyBWCRNJSPjk/VpEvRyFoH7dCg6dyntBC1iEKgiixKjAbjAdYOuitIiYEWP5FpwQQQIfbE3SIvZuMo+KDOEntmBUMaybSgiEQQofcpX0I649E+KjpV1HMSTXdA4h0VRAMDk7JAI+gFIuTCGWxEvaCmcjI1F3FBToCx3ybQSNK2XgggwWo6incaC6atK6Sk33iLMwCreonseQVQFEQG9IqgYYvDrAwcPvJrv/+dP/TBlx48/8Knn7n/Ta/bqoJRklkNGxMUbm7s0LRZfeNdm597xiCqtVJ6bAMyfPrn//DP/79/7vt/9gee+vSLp+89dfTUofgjdQOHRqD2iiSz9qu/9fj7f/Q9sxuTyXjWW8y+9t+fhNq7oUNRqIK1xuVWGy+eXWGywkIdgOXQiUOLp1bLcV30814vB9b+sOj1c2iDioIj27MoIoGJ6Lb3PbL96s29l68duf9cuTOWNhAZX9YyLbeeezVbGvVHiyfuOb1x9crJd7zu3rvv++Jv/KZO2u1rt3hnisImeMNsJAb0ppBYVZ1fmbHuiSaW2M/H+UJ6ANOOVQ0iR9SkRi2TSrdAElElZI74fzAEoMl9o6KUto5d8Eg3GEjhr93aOYY9IKAEABBDCBqzu4EFVAQxXuQ6f5/TEFBAFVU0Ma91/+VARQRK5WcMBozwvuiPjh8kAQraJBIHUYILAHZJVEnb1w1FpEO7aNyyIsaUm9jTxeDBaMbuGrlI/VAFlBAZMF2yZkIr/7GNVzegno9e5l0gEkKqsaNuRRPUMAgEhhZVAWuGkiEWnk7BImYIjiAotKpBsBMhKhFmCLnRvgGHiqCm6PchYRFxnoUU7zBrwBFYPFCmA7BCUOzEUtDltsxBjgiiw9Mn6ul0j+Seh+6+9OzVcmvnzJGVj3/4083L17CsgQUz43dnpmr6507yrBXfCkfpkp1e2Xr28VfP3H37+UfvVsQbL69f/uKr1c3xodsO33z6ytYT19Erqm6+sL6zM73jredW71wtb05ufOWyzbPi6ODSF14pr+z0Dy0owMVPvyRTv3p2de/qzs2vXOHWH77tsNbh+pNXj549euv565vP3zx04nAzrl755LMwbbKF3uT6ztqXL+VF9ppveHjjpetbz11aOnWkt7RYtz7UAX2gzGLwvmrGG7tnH31tube7+Joz3/BN77vw2FevfOHJ4dJKfWsD6oZCoBAsi1UlVRCZ50bFxYDug9YjlFhlnxvdkfYQVTF6kAApjePjflrTLlPj7y7N3GMJQwAkcZOhmHQ53dpJk3k3riuo0+GApE88dFKpg+knkagZnXhA3cMdU53jsjztM7otYvegQDojqe9LsnSiZEGKqhvPGhjqoIHVMzSttj6BiYVTuks3r0jr0zg1ZdHAyXq9nzcWnVaESQTTTY8EUACj1pw70gyLiPCBvSCAgmdtWX3gZP+D1NPO4d0J/AJgURcsFgReYBKgFGgVA2CI5DTAVqkUnAasBXxHh0GAwuBCRss5LBfYc4grq0cOLsyjdCPu7Wz3R2I/FaHFrBgUUoRZ+qkmto0SqDVKBhb6YrRe7b3lJ35gKNkf/OJHjg36w6x4+dNPUNOK9yCiiNoGu9g/9shrd56/ML52yzingJjbEAWwCwUA2OUFU3meVUGEVFKZbwidDSzQc2SN1MHmFhUCB2NMzP0WlviYCEXoKgbvWdkYa4hYGLsUVmW2PgBLaAKoGpu95l0P3HruysaFG8u3HZWykcwUGR697cSFr7xshn0ZT0LVnP7GR5g9LGTv/pPflkn7+V//rUFwosAXrloBw2yZrSY3etIm6n6nr/t4d4jJbYBg0yCz2xxC6gOJjKEoqUlh6PGqnBM1yRChxrVKXILF2b10xO4DmVQ61xnHf0uUC3pJam/COJYkY4xoRIegdL/u7uB39hpN6GlJBAMVjf4nlCTHkw7csv8tzyHy88DM1DNoikmK31GEuMSLAhEDi+fUU8bpi+xbZlNZm45cWvOlZjiqiIFMOshIMac9DqkQlVBikmEsqGsv0zaUdQssBpUFa0Wex0tDlPUCAAyNnixgwUArsNHChNNmI0PoG+gbsIRB1CsGAINgAAqCgnTZweECj/RxkAGoml6/b6KrheK7p44wnkDqtpQi6cfESgl4MU8sBZyHh6aFjorUDYeAe9VkfevEux44vLT87OeeLAq7enR1++LN6N8GBXK22SuHiz07HEyu3DS5i3MRg2AMYs1UedwticjlDtqgTas+gAgKgKglMgLEYoigYfRsFLBlbZmCGK/QBvBsgkITpA0EYJUoiNQem0ACveHAMOBelf5KQGLNh/1WZP25K4fvPVtt7flZzSBv++Bb/tT//gNf/oOvVbMqTMuTD9/jVobbe9vnvvHh00sLj330D9z6Hm/thY1t0zIFBk5pUHFEIKIgwKrxJxmnmAokB54y6PZ2kuwAJEhJpB7jzzWhmQXmhIR0ecYU17l0DObVVRdzuR8FlKoa6MQimF4txMgxEY2eKmJJej4WTAYL0Pi6ss51Wh3vPort47fbIRpSBGrkzCAYImvAWswcZS4xVCUR/DAoBE5R1QIYmTQY39945iHuJFPEwnx9H5++rkBNNVmnD0sfTSUCtBr/7PxPdTJX6lQxmp5H9TH7ScV29afs40vnBnrICPoEiFCLThlrRUlsO7RRRh9BTwd+H4YgN7DgYDmHxQL6ORSOzOJolMXjR9ChAfZPmETRE2AQYIFkOUkY0u7o4YEaWubIYiRnm7W9za218+99Y4HZC596bHR0afHIoe1LN4yNcWhqrCm3dhePrIbA9bQ0xiQ5dRCI5gAWnlTStLaX216OgBpT+birQuLyNb0ySVWcfqJJ1CQQWFmkZWFGgKyfF0ujYmmoXtrNPQyMqhilB6JgDGSGy5Av9Mv1HbTW9rLx2u61l69dff6akB6648TqHceuXHj1xNvvf/h1r33u458sn7tiZq1MK9MyBgYWjF9kKpM6eHYKrJxHL0ZJIUrKq6OUChM98GRwPp/pSNJyIKRgnqGQxgjp09l9niBqWdITQSZOIOf5ql3kq8blNOg+czZ9coPERhZE48GInQiwYroLROIIVlWiGk41OioOjhiiKwAtYeYwy8hZzKLlqZMmR89BV493i/FuZ4kpaClphrrjj1Gdoym2fX7dUJfmkP4hyaxCBEhpJUT75iNCAE25wpKc8iCqrUicIdsUhJGGmfvhZwgIyR+oAI1ALRi6PxOnQhZTFIwmTUR65/oEyxks5rBQ4LBHzqhZXRhYSkZePCAwFYAAwIqsGBSDIiuwznOjDqwt4WB4RVrRxrqRrK3Wdnelvff9b1WgV7/41OrJo8Ojq9sXr1lr4xkWlnJrd/XOU23tw6xCY2K1sH/nE0DgUFbq2eSZ6xUmz4hIRSQGgERwmGpoBJ0JXpJFtQ1EpMJEZAdFsTQYHl3qLY/QmHZv1lZtmNXQhu6JSUsizKwd9tpx6Qa5n9YI4BZ621fXr75w1Zf1sQfOHbv7zIWvP3v4kbvf8Z533Xru+a3nLvfRhmmFVYtBgBWjGPVA4zcfl88fKSI6UMpH2XT3C0Skbsmeoi2xg1CqKmg0lpgYa4tCpJE4E9dzLBIjCiPVL+4GUxGFc+Fid7Hjfn2cKH8HPgOpZEvbv1QBHQh2gPkTG3f/Ip39t1vQd8cJjAFrkQijz10URFBEWOIku0uEjU66efWqafIZW1bAhL/q5lgwT8zVuFrtWt/kFUjVbfQymbg3iAw4g0gk8TN/sCU0ZOJ0h1kQxAJE/oh2pNB5v2bS7FcVMCg2gjxXQu+n0mP6uSlEMz4BOMIcIfLFAdQHMKuLA0rVEM6flhAPoSArdpMYmFf2aWza0Ytxv+TH/fDEufKVqNzcq48u3v/2hwDNS19++vCp1YUzx7cuXLfdL1x8qHbHi3ccbyuvVRORt90qORbuMSpUpGqkbkHUZi4b9HsLAyF89M+9/a533nvr2u6bfuTtt65uvP+vfHBvWg9OLp1+/2s2H7986g33ZLk1hrht263xbG2nWttB5wiAPCOo+tBdKAAAlGXYL/ykdgu9MCmBkHqOAgPL6l1njt598uLTzx9+6DXv/s5v3rlw4dIXv74wZT+ueFZpGzBO9NKHem6owhTxg/v7p3hVRcw5dm0YRqaBJWvQENrUD0WempokRIxuE7AEzqgzYE0CrnWGSg0CdQieYwhq6pEsAWHkysQBZlLKxdSRVKAmPHs3iO8A76r7EY+dryf5G5MSOGE6MB2YeA66l3l/qJF8wOCDBFaOMa2yfx11I9LY+CIneWqEGYln4W4hITAPbkl8nvTIxztIk5guVR+IgAa6+pZQESQpJRAOuvtiTR8bB1SNIa6sKGn5nhAVBsGh2uR4xwDxGUz0nbghxM7DFIOFuz+YErqDgmeoPExbtClVeH7tzTGHgFHsmpaBB3xOmgKEAaPAAubpVXPnR7yZBQHBsG5P1z/++FOrSw9/06O9hYVnPvalU0eW73zvwxc//jXLiobIENft3stXFu86PX71VphVYAj2sf7dgY8fSREuay4rsNbmzrNkhxbKRnqrg9NvPPvE7z92/p33vPLkxenmzvLJJeAwXt+dXbwmjY+aWhHtHVlR1bC1h52Huis1EshRWCPXEdIPj5ppdfzhu1fuPHbp8WePP/r6b/2+77j68vPXn3qx52Fyc4N9qz5g4EgLJUQGIAWbDhwcUCDGzzx0t4wQEsB8H6iGyGBC9xrqCsZu0EAIFsEAWAPOROqMAkAQQFJC8BzfHyVMC2tL6ggzo86gowQKY4Fouev8dF3k5b5kNR0JUAjR4xT3ZCLQzUfjfxj2dcXzCRR2Hqx0SkEZURUi/zd+88z7Nq7OT5ScFqkBjlIijs87e05Kt3iMTEeEQEABVBaAuSZXo2kEERSl6640dtjRn4VzdijznJUWGxkkctZ4I8wpWneuzCaMNYg6ivrP9DY6RSX0ibeffK7aBTXOr/g4ompFpwq+xZKhZ4GQzGg4iDGULBDLzgBpA7EfmzivN/etUHP8WleT4B//C1J/DPE3reOqRdk5uvT2+++1w8FLT71k2vrU687vXtvgWUXOAqK0IexOB6ePSuPVh4S+Tq02AZF2zTcaQ8YAgAQm1Ytfu3jpY18Pu/VLn36xfO76i198af3Ji3sv3Ljx2ZewZVMUOqvQJGt6/8RhCdxu7XZyqfnckIAQnKPRAArnt8duocdNq4qc0+k3nFs5f/LGsy8df+Seb/7QB7euXLj6+HNwbavaGcO0lBAvdpFOXjXvzbqmDucugW6DFaVaJkmcECI/hghinZluza6tm9PXDcb4we4vI0ir+k72KJHnDWAQcouZxZ6D3GKRURQLpWFO8jVEYYBSJ+CNr3G0IMRPEXZN5n7qYJdRIsnlmFB9kpZ7fwy2ibHnTF9bgtVL9z+jfjS+znGMEeXKabuQXPPSBm6DeJYgHOK5nMc4d+xsEQ2szBpNF0mhMP8VIEUKRpSriigLM0vU5cXBxwH5QexRGIVx7uQEjNGOFiEjyAw6hIzAIlqT1vGO0CBY1IzQEhKAiwUIoknsubhuxcjxUkDPYHr9YRBMChhJXV/y8e7j+ecy/4OLpoQGS58YnCdY0H6ssKYtIgHK9jQMi8uob7zr7MLhlRc+/4Tf3L3tLQ+2s3K6tm2cQ0PchjAtzfHVUDdS1/srbZCE0+5kkNDlfgECVi0FARbenULrm5u72rSool4Q0PZyrRtQkNb3jq+qaLO2TcYgAkcXHSIYw8KHbz91/n1v2lBfDPLCZmbgZhu72eLg3m95JDe6/tKl297zwIPveMPNl1+9/NizeHFtb33bBJFxKVHj2HHU58HJinNVV7KiEHY4pg6PhymsJ4YRJMZMuuM0VhMwP4kIGn+jceeLnZBQo4IsbQWjXwkyh/3cFBYzC5kBZyMTKRVdXXkpUfVvSVGFUBDVGDAd2Q/m4615nlHcNyZ+ftQ5puV76E5Xd3xSBRB1CF3Qih64MroD3EULzteVsf6KP1Nm8elo7TvqEgahC6OPe4tkK5yv3KIMHVJrnZaZIioswiFwLJul613jM0ZkjLUH0J4xEiqmaqey2SI4SictOpAI0SASQkbQI+gZLQxmBnIDGVFGkBktLBYEQwsDgwuZLmZaEBQGTFYMQpLYdoTveX85pzqm+arOp78EmDDj2HXK2rXN+5dPAlzGeB71rFsTXh48c/PGHWeOnH79XZefv7jx8pXbHry7t9Dbvb6hIjZ3vmru/uBDp95y7tZTl22RkTOUW8odZpZyh4XDIrP9olgccVNpRLaAgErEiEBgsgQKyhwRM9EsJI3Pjy6Jan1r01iLAKFpl06sLpw5Qr28OLxsV5dOve6exTvPnH7DOchkuj3zPiwdP3TiG+5Tassbm3d/85vPP3j3xa+/dOULL7j1qZ+WWZ7zuNTaJ9lFZ9rcpyHg/rTx4ARr3qMTzF12+xKu2FtTF8s8V3Smh2cef9kVLEHRM4SQhITxcBrqbmWDNmZJQsdxB1CBOH6Og34CjTTUKIzULp42pHU2JGdwN3/FtGXBLgAQeP+GjDVYbHFI0jA/npD5ClHnw5u4c47nOR1j0IPJ1fs/lGhKQEz+L0RDB2nU2qW+p86FOgcDzsuKpJpjUGHh/YFy8tESGWusoywDlzNgEFbmJLrrpBRpfoOQUWLRR2JqLIwtQkY6MNB3MHDYM5BbKCwOHCznuJzBcgYrmR7pwYmhnhjB4R4sODSuNzj4hUCXkHrgIYQ5+CaNpTq7C3Xgva4indNz9mcS2M3FEYAnpdzaNsPixbW11fPH3/y+N1d19fxnnxytLp554K5yb1pt7JjF3p/9J392eZA98YfPuMyhc+ScMcYCOIPGGWMpgoPS1+sMWUfW2LxABGnahAxYXkLrsA1ucQie7fKCgLZrO5ECxIF7K6Mj95zduLTezBod9GFhsLM72a7b17zp7r2N9Y1LG3e/7QF3cuHyc5cGh5fe+6F3L505+fVPfOnWF1/OdmvZmzprZFzKtEbY3zqnRnkOZpqb5g8MaZLWj5BA5+9iUgV2n5Po+jOE88H9gZcJmEEgbtXACwbWljEq76Wr0/BAwdI1bJ3WIoAX9UFDkOQ5AI0BhpGZFRfxIRZ4UZvC8zig7vlKQ8suYKN7kaSLiOgWgEmYoukL6LIVWOcT1PSP0oNqmy7+ZC4bAzVIhsgQGkNxehwP4X5phvtS52TCijQdAtRkYsLuXtsv9gmNsWQdOWvy3OSFyXtMRkTbpvXBR/WCiHKag4BDKAhtzBhV8Ip1+rMIoDlh4XCQYWGgZ6BnoW9gtQfHF+DEoh4dwaEeHFuA4yt48ggeXsaFnuLC8uEDzIs/hvuGfRFech92ZZZiVBiaeBlE2UcX9Y0k3SxbkqcaAVEQwBqvAMM8P3tEhu7oPWceescD15+89PVPPl2X4cFH7p1euv7sF59ePn+Ep2HrwibGBUUCuquxBpxRIFUBjkkvgkSUOQREY3hWhqpG0DAave+vfW+/X3z47/1yb1hQZlmkWdsiY6LO1/SypfMnty7clJZtvzArC2ZxKIZaluHx5dtfe/vh1eVXXnj5+rXrt73xdR/8xjdlYfr7//Gj7ZUtM21lUhsJhhmCYqS3qST11JwX2lVu8dFLBv1uzhS3a466jgWACDuDkmZGbewPu6VR9/NE7t7b2CRaQ9AloUcinopGi5NBcAZAJbJxuwKXWFQkMmYjNAiIwNloDojgBFAgFhBFTqFFGONTJO2utLPdybwLiV9ELBclUYmU0imaL2kwlXgdoOXAux5BD9jtRONcFOega5grPGm+qYlUi67Mhf1nE7ujOLfhpqWigCJ2kfQYUZdIRMaSNTbLTJajcWCM92E2GU93d0NTG5AMlVnrllmREArSkdGMFBG9YCUQgCKlLEMojC5mOHJRMaMWITN6dElPH4PlVeznBAEt4GjV9paIjDYTwYXlI7D/jei+iyr53Qn+GBujm/p0W0mTiEoACkSdgj6ZddJ9lqj9lCxrKYs4t21OC689/fC3vGmh19+8PH7l6VfdtD59/uwzn3t665VrqJD1cmOi2ghEhYPMZbfdFB1D00rZxq8zTjIVQQTOv+v1y7ed/MpvfLroZ6LSbuyQtXMs1PI9Z3Yv3Qq1t3lGvRxHfe0XdmF4/PZjR247XJX1lRs33eGF+19/37nTh3cuvnDtiy/uPnnDAbSTEplJhaIwoNNHJmNbN8LFfWloUnPGSi/SLGMjQWly1pWvSSahjtQiOIORX4IEiNRZyzvxYLd5iN7jZF1IPxKg1GdqDAmc49wYQJXmee5RNUMGDaUTmPZanEqsRIWRCGeMpMDkvSDcD1eIQmpVEJCo9owZQqYTu0SzD8s8NT51PQTdom2+QCdUmLv1UedlehwNUee1wAPz2Y56pvPoT1BUMd3ctwMCpMe2G28QJ7yEIeuMdTbPKCuMywCpburp7u54dye0rUV1BAaAWXwQUchIB6g9AkAMCrVi1IUigEUdWVzIdMFiYTQ34AgGmd55Eu88R6vHXN6zzpIhyg/nbkhoVFvBhZUjcKCX7c4XRKMNRrkw7Feh3eQPunTRWCxoKmLhQH2S1qkdngATlzB+HsUSWtMCNyvFmTedf8O7HvQtPfXJJ9aeuXLo9KmVk4eavXL3ws3dG9sgYoxBQhXZL3EJyRCt9sXg9IXrOm3QUCKUIgKi9wFUB6ePMfvm5lYk+CER+7By7mQzq6dr27aXCQPkrnfm8OpdZ++477a6ml64tb65Obnvkde96V0Pl2u3nvit34e6XSlp98ItCR6DqEjs2bDzH8yHAfsqsgM4uG4DP7+bwQBgWtl13XYCqAEgWFRDYEAcdYD3GFWJyKIs3YN2ICchIfC7uaiqRGoodWkQ3eHRGI2YJviR/Du3xmGc7ux/HNKYAJP6OVoMu8S4+XDo/yvrynrsuIpwLae7770z984+XmbsYBMnEQk7YssLeUBIPMADP5Q/AEggHiIkJCJBiBNkEtvxhLE9+9yl+5wqHqrO6R6QRvKMZF3NdJ+l6qtvQePliRu1+GiOUJnJs2u8KMIBwxMQUEyg42wFIOybwShgEQzWuGZxAxr9jYm86vfyOOtSNDehIoguOi4oVA4d8+LDDmuzmQ11zXXNdRPqkQAul/Or8/Pr84u2bY1H7WwWBUmCIA1okxM7I2ImZ0NA3QiwO8JpgIrUiuFZA2/eo0ePeO+gbsZc1RxG3Gw1PGGqMEXhZjRxhSsMmjoYNHXGzO+HaX3FlZnxiqV2HSASWobB2Pc+Rn5FURTBpAwYOjl/+urf//hisrv9/q9/Oprx08dfPH/8jOtw+Oje5u7G8vRqfnq5/PK4O79q521cLFdXi9XF9eL1uQK3ry7Gd7a7s2tSMNzXRrccqFqfYODVV68pBATEKgDgeHudZ5OzJy/MS2h6f3f/B28++Mm741ubnzz+1wWmw+9/+5e/+cW7Dw/+/vs//fO3v5ej87ESthEZpEtp2RXK8FCDneen+eH1SEAWJGDfNatzsrwGE7vD/T4cfmIBHKDkFJRhQOcunwVOhN6MxejCqIQw+I3MJTF7CHouIiSBViAJxoQlyLasXbdGRg+Mpp5Ro4imlysjvUE0UW8KkYkKQIM5cuZ3kkkzcsGY97wtvaiaUm4ajYLrYg6mwMyBwuCLA9i15trnwsslsW7IiJ02ABe3b3XHXwX1KB33qk1dG1er2K4MvvGZsVmieUQgCkACjWrKDOcPVAhrAWdBJwEC+TFGiOMGZlMajRAUU6spOkFKksarxKPxesENcOCGaHxzLBYIQ6hmwLcoHhyDmVtprPM/uZotw2B/i9boKAREXMqLT599/vmLt7/5xjd+/Patw71XT18+/uizZer237n//V/8aPP2PlV1bGO7WEHnI9Tx5ixezglp/f6t1cszDqEQTAzYjZdzZEYnKGNaxY137p0+eznZmR788O27P3h09903L1N68eXJ5GD38L03P/jVz3eq9ScfffTsww+f/+Fv1XWERVuH6uLL43a+muxttWfXZWRTOEb90sr16ADeM1u6wcDKeNtOSnaW2jBJua+a0OW5Dj+CS+xSVlQnyTuz4DHenCuDMip7jEivwMgWRlJwRfE9nDO5ekP2ISPRNXuFCjWYmwy8i/sZqa+n8utJjy4O0eOi6+3Zvi4mVKMr91ph+/OsgyNCQ+MwBOQAxJ5uQwTEQIQUgFiJFRmIAUmAgNjKAX9n6iZU4qdcLnElpW4V2za1nZMBxZVlxR7WMDdCEsKUCXSiwKhjhglrhcWOA6sA62NcG2MI1C7k/EQvTlO3VAKVVhcvI254OTrcRH6R9SjnTaX98L/h4BstdgOFuJwdOnKkW7k6BtiylaZ1gHG9Yo01bbyx8+A7X3/44N7r1xdPP3n65OPn7ULu3L976/bepBphu3p1fHz65avF8flka+vls6N4dT15eBcu5ovjM2/OHB8kAMQQqlE92Zk109HW3a39r79x+p9T2ZpcLhbHT19KNbr7s28+fOve+9977/V8/ukf//L4dx/Onx1vVjVcL7FL2nbN+tgOrTCqly9OCgm/3BFZEOS3nZedat5h/SUIwxIjPzqny3hqnS1CsY6RiUCFsqgaMnjouKJBC/mRZ/WZVgSMWhFU5Bb65Stz1O16QVUquRgKZAWVw2+Z3W2xh5JDiYqu3AhoHhRbNN+ASSR5p+dSo4wamcDKmTGgw8x4F7GLPTFzGBMQQBuml7XChIFDqDiEgMxcBSS2nB7bx0a7tg+TPJQvDDoRkZRSjG6G4/NOlztyYK4qqgIAxq5tl8vlYmUAsrgRNwQCpkxawuLCms9HUVaZMW7XMK1cQh0Id9bwcA+3N3BtwoTarhAAdm9X+wf1eEJpJbixtT9I4i5h3IUWc9N6ZHChZWqcSzvNFcqD2LRgepZiqUPfnJsO2u4CB4jKKE3QgBIwBmj2Ng++9eDOozu39rZfH50++fj5sydHq+u0Xo+ms0k9q8fjejZqMGEgvl6uNjfWLo5OrxZLNyRCxQop0HjSQIUdwHzeLS7b05PreYzS8Nr+9tvffeu7H3yvntZnJ6fzi/mnv/vo5Z//2gBTG7WNLELZnJvHI6pCvJxj9qmmHMfqyAJhQT5VgfJhS7ki9HGOQywODlqdjnlAN/DEh8K3NpaGXRKYJwRW0Ru5xPYAowaChm0fKoPtQ+dDmx7D90myDYz5DtQkGBUQSHrehWb72sL+9AXn2g2wJK/eL9cgTevOotv1Q3IUCLMq343xMcfZ5tsXpUhEjNY/1IaAh3DY0JcDMzNxoBA4BECGLIwumZqSf5Yk3pTaFRejpiRdJynmuatfNsTEgTkwKHSxaz2+W0olLJnvYtPXmoDKGeNMeEDRAGrDCTMtrxj2J/S1PdzboKoCEYgd1BXdPmi2d7EZAQLgbHO3lBmDYlQL/IVZblV8g/IWoqEvwP/ssYFFFWRnTR0kRdyYQ2ZYA4FIGYFJmSLpihA317YOdw/fOrz/6M50tn52fvWfo9cvn786++p0fjrvurbmUFMY11XVVFxVUUwOp20XV6tlbFMA6tp2hVBvrY93pnsHe/cf3t0/3B+trWmbvvj86Pmzo/PPj/Z2bulXZ6/+8Ulg1mVLIpCkYORun4zF3asU2H0iRkZkcvgOFIW3jQXRsUTNxkjZkcCc5hAkm7qABQ5l5DPnjahgoUQP6CZ2iAXCio0wBQTCDvA4yGZpFrnTc32gITE2jchWm34E06CtNVMW99J25S+L17E9AUCydkyyFUUm1gj2aNqQJ51DUX31Dusxp8y6Z43eGESTRQ+QbceAHOzdCBTfuMEQ348FVVGRpClKihLNxjia/51DGzaBtPCMmNooKUoSSeJDGcltKwCaDiOgkqFf5EAxuSETEDkZgwCmNR7O8M4mrjXYRl0sdTKiB4fN/i0cjTUlxdnGbpkuExSb4ZJ91IuhQYeBMn6UlXZQb4Dy/SbEHshRvfHxgwo4l7JEbAW62NXApEwtQceI09Hmwc7u/f29e9s7t2aTyQgSnJ5dtMu4um67Zdeulu2y67rkNT5BYhzVzcb6uFqv6q21ZjqqKVRSnRyfXS/Tiy+Ozj87wqhNVFrFydbm6uyyfX2ChGSWoL3la9FN5rYmH34yQETziBxLo0EecUWApDbv8TgXY2wOTrdBmaoAlitPAJaqTQbGOosNVQXd+rpULlgzMKpxu9kigREJTaTvJhGIMKC5WMyPM/VVscSj4KDqMf98uzNjzlJXolRiU3IxIDnbSDPCrtLvpcIGwcKJ1NIDZ3VqH0sChU7t7Dz0Oiuz2X0vIrEZfGZIljzxGMmo2P0Csw2XkqSoMWqKIhFEjM3Ve66iikBKEqN02Rm1VHKFL1EwXkazwwN2go6rzCrKAa8EjDgOuF5BFXxSMmY93KSDHWgauV4pbmztYQ6mdD1EXgsFO7+xWcrPfklq4TmK3Z95q/1f9gWWFn+IKlIm8heZjFv/u+ATE6EyCWMETQRQh3o6Hu9Mt27vTHenG3vT0VrTTEYhsEcRpSQxtl3brtpuFa9OLhZXq+V1tzhbLM8X7eUyXS+bjdloMtYXJwiIKQGAxIiZHYaFWlEEdr0GaViWg4ivEn8cpdZS8fPVEU80tN7OXSTAPPKSUhFpH/qGoKhKtg/RQrY9jRE8EUGKcNbAfXYY3TpDBzPLe7S9lO9hx1UkOwJj2SHodmZJ1HzoRMQ6PfD+AgAo9bZOUNAda8QlM4ewN33RXtSjQG4C4C0uZeGdlMiH4RjBKm0qW90mYZkeYJzsTLXBvtQ3CJoGagNyIFRExVIykkqyLozdRMK9AlLSlCSJGq1H+rlqH3EmGZd2p+AMmfoh6BJ5JPuGibP9qVGoSLUmbVj9SNrY2qMbuHp5ZDpM1S6171BIATcFvTeqzSG6ltMosdAkfJUMkMQepqGsDS9MSXT/ZLS7EZVtWSNXTA2GEVejigM7cMUICVLbpVXSVmJ0iA2TcLkPxN0jigqzxJSVw91WhwMJSEUEi9ifGcU3pjR+vf66dM++WrgUWCYFyacPGOufkKx6xGxjRub4CkKgbN6Gg6Uv0oPQZotIYAC6e4GRjzs8lTajR7bf8+RAy2mJ2Y7fsCbSwoCx+wDMZ8XVtMUB0GbuipC056uUu9SDaBBAkbNtsA4IMEUnUhZObxUDboqBJZDS7BjdR9RFtE6d6wXH2qP5uV0ScNfh3ntALOlACYGZyIxzVRExJjU7cM+ulp6+mpvObHQwgB4zB8AQNSRCRqgIA2tgqgkDESMS28t3vNq6yv8CZWoEtSjtSrEAAAAASUVORK5CYII=) + +# Gremlin — User Guide + +Gremlin is the NetGrimoire self-hosted AI agent. It runs entirely on local hardware — no cloud, no external APIs. This guide covers day-to-day use of all Gremlin interfaces and automations. + +--- + +## What Gremlin Does + +| Capability | How | +|------------|-----| +| AI chat and Q&A | Open WebUI at ai.netgrimoire.com | +| Compose file analysis and generation | Open WebUI with qwen2.5-coder:7b | +| Weekly repo standards audit | n8n automated workflow | +| Service alert triage | Uptime Kuma → n8n → ntfy | +| Audit reports to Wiki.js | n8n commits to Netgrimoire/Audits/ | + +--- + +## Accessing Gremlin + +| Interface | URL | Purpose | +|-----------|-----|---------| +| Open WebUI | https://ai.netgrimoire.com | Primary chat interface | +| n8n | https://n8n.netgrimoire.com | Workflow management | +| Ollama API | http://ollama.netgrimoire.com:11434 | Direct model API | +| Qdrant | http://qdrant.netgrimoire.com:6333/dashboard | Vector DB browser | + +--- + +## Using the Chat Interface + +Open WebUI is the primary way to interact with Gremlin directly. + +1. Log in at https://ai.netgrimoire.com +2. Select a model from the dropdown at the top +3. Start a conversation + +### Choosing the Right Model + +| Task | Model | +|------|-------| +| General questions, infrastructure Q&A, summarization | llama3.2:3b | +| Docker compose files, YAML, code review, audit | qwen2.5-coder:7b | +| Complex reasoning, detailed analysis | qwen2.5:14b | + +### Example Prompts + +**Audit a compose file:** +> You are Gremlin, the NetGrimoire homelab AI. Our stacks run on Docker Swarm, node docker4, network netgrimoire, volumes at /DockerVol/. Audit this compose file against our standards — check homepage labels, kuma labels, caddy labels, placement constraints, and volume paths. +> [paste YAML] + +**Generate a new service:** +> Generate a NetGrimoire-compliant Docker Swarm service for Gotify (image: gotify/server:latest, port 8080, exposed at gotify.netgrimoire.com, runs on docker4). Follow the standard label template. + +**Analyze logs:** +> These are n8n container logs. What is causing the repeated connection refused errors and how do I fix it? +> [paste logs] + +**Infrastructure Q&A:** +> What node does the monitoring stack run on? What port does Uptime Kuma use internally? + +> **Tip:** Gremlin has no memory between sessions. Start each chat with the context line: *"You are Gremlin, the NetGrimoire homelab AI. Our stacks run on Docker Swarm, node docker4, network netgrimoire, volumes at /DockerVol/."* + +--- + +## Automated Workflows + +Gremlin runs two automated workflows in n8n. Manage them at https://n8n.netgrimoire.com. + +### Forgejo Repo Audit + +**Runs:** Every Monday at 06:00 +**What it does:** Scans all YAML files in the services repo under `swarm/` and `swarm/stack/*/`. Audits each file against NetGrimoire standards using `qwen2.5-coder:7b`. + +For Swarm files it checks: +- Homepage labels (group, name, icon, href, description) +- Uptime Kuma labels (name, url) +- Caddy labels on exposed services +- Placement constraints +- Volume paths use `/DockerVol/` convention +- Network references external `netgrimoire` overlay + +For Compose files (no deploy block) it checks: +- Any exposed ports have a matching Caddyfile entry + +**On FAIL:** ntfy notification to `gremlin-audits` with a summary, plus a full markdown report committed to `Netgrimoire/Audits/` in the docs repo (visible in Wiki.js). + +**To run manually:** +1. Open n8n → Gremlin — Forgejo Repo Audit +2. Click Execute Workflow + +### Uptime Kuma Alert Triage + +**Trigger:** Webhook from Uptime Kuma on service DOWN +**What it does:** Receives the alert, sends it to `llama3.2:3b` for analysis, fires an urgent ntfy notification to `gremlin-alerts` with likely cause, immediate checks, and severity rating. + +RECOVERED events send a simple plain notification — no AI involved. + +--- + +## ntfy Notifications + +Subscribe to both topics in the ntfy app. + +| Topic | URL | When | +|-------|-----|------| +| gremlin-alerts | https://ntfy.netgrimoire.com/gremlin-alerts | Service DOWN triage, RECOVERED | +| gremlin-audits | https://ntfy.netgrimoire.com/gremlin-audits | Audit FAILs, doc commits | + +--- + +## Uptime Kuma Webhook Setup + +To connect Uptime Kuma to Gremlin triage: + +1. Uptime Kuma → Settings → Notifications → Add Notification +2. Type: Webhook +3. Friendly Name: Gremlin Triage +4. URL: `https://n8n.netgrimoire.com/webhook/gremlin-kuma-alert` +5. Content Type: application/json +6. Save and assign to monitors + +> The Gremlin — Uptime Kuma Alert Triage workflow must be in Published state in n8n for the webhook to respond. + +--- + +## Audit Reports in Wiki.js + +Full audit reports for any FAIL are automatically committed to the docs repo and appear in Wiki.js under **Netgrimoire → Audits**. Each report includes: + +- Date, file path, service type +- Full Gremlin audit analysis +- Specific issues and recommended fixes +- VERDICT + +Reports are named `-.md` — e.g. `calibre-web-2026-04-01.md`. + +--- + +## Troubleshooting + +| Symptom | Fix | +|---------|-----| +| Open WebUI shows no models | Check `docker stack services gremlin` — Ollama may be down. Run `ollama list` on docker4 to confirm models are loaded. | +| n8n workflow fails at Ollama node | Model name must match exactly. Verify with `ollama list`. Timeout may need increasing — set to 300000ms in node options. | +| No ntfy alert on DOWN event | Confirm kuma-triage workflow is Published in n8n. Check webhook URL in Uptime Kuma matches exactly. | +| Audit workflow runs but no FAILs | Check Executions tab in n8n — look at Filter node output count. Ollama may not be using expected VERDICT wording. | +| 502 on n8n or Open WebUI | Caddy IP mismatch after redeploy. Restart Caddy: `docker service update --force caddy_caddy` from znas. | +| n8n won't start — permission denied | Run `chown -R 1000:1000 /DockerVol/n8n` on docker4 then `docker service update --force gremlin_n8n` from znas. | + +### Key Commands + +```bash +# All run on znas unless noted + +# Check service status +docker stack services gremlin + +# Restart a service +docker service update --force gremlin_ + +# View logs +docker service logs gremlin_n8n --tail 50 + +# Check models (docker4) +docker exec $(docker ps -qf name=gremlin_ollama) ollama list + +# Pull a model (docker4) +docker exec $(docker ps -qf name=gremlin_ollama) ollama pull + +# Full redeploy (from services/swarm/stack/Gremlin/ on znas) +./deploy.sh +``` + +--- + +## Notes + +- Gremlin is local-first. All inference runs on docker4 via Ollama. Works fully offline once models are pulled. +- n8n version 2.13.4. Workflow imports reset node configs — if reimporting, reconfigure Code node contents manually. +- Forgejo 11+ requires POST to create files, PUT with SHA to update. All Gremlin workflows handle this automatically. +- Wiki.js syncs from traveler/Netgrimoire repo. Allow a few minutes after a Gremlin commit for pages to appear. diff --git a/Gremlin-Grimoire/Workflows/Forgejo-Audit.md b/Gremlin-Grimoire/Workflows/Forgejo-Audit.md new file mode 100644 index 0000000..478055e --- /dev/null +++ b/Gremlin-Grimoire/Workflows/Forgejo-Audit.md @@ -0,0 +1,105 @@ +--- +title: Forgejo Audit Workflow +description: Weekly automated YAML compliance audit via n8n + Ollama +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, n8n, audit, forgejo +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Forgejo Audit Workflow + +**Status:** ✅ Live and confirmed working + +Runs every Monday at 06:00. Walks all compose YAML files in `services/swarm/` and `services/swarm/stack/*/`, audits each one against the Swarm template standard using `qwen2.5-coder:7b`, and commits full reports to Forgejo + sends a summary to ntfy. + +--- + +## What It Audits + +Each file is checked for: +- Homepage labels on all services +- Uptime Kuma labels on all services +- Caddy labels on exposed services +- `node.platform.arch` exclusion constraints (ARM default) +- Volume paths follow `/DockerVol/` or `/data/nfs/znas/Docker/` convention +- No forbidden fields (`version:`, `container_name:`, `restart:`, `depends_on:`) +- `endpoint_mode: dnsrr` not used +- `diun.enable: "true"` present +- Network references `netgrimoire` external overlay + +--- + +## Scope + +~67 files total across `swarm/` (flat single-service YAMLs) and `swarm/stack/*/` (grouped stacks). + +--- + +## Outputs + +| Output | Where | Content | +|--------|-------|---------| +| ntfy notification | `gremlin-audits` topic | Short FAIL summary per file | +| Forgejo commit | `Netgrimoire/Audits/AUDIT--.md` | Full audit report (POST new / PUT+SHA update) | + +--- + +## n8n Architecture + +``` +Schedule Trigger (Mon 06:00) + → Forgejo API: list all files in swarm/ and swarm/stack/*/ + → Loop Over Items (splitInBatches, batch=1) + → Code node: fetch file content via Forgejo API + → Code node: build Ollama prompt + → Code node: POST to Ollama (qwen2.5-coder:7b) + → Code node: parse result, build report markdown + → Code node: commit report to Forgejo (POST or PUT+SHA) + → Code node: send ntfy summary if FAIL + → Loop feedback connection drives iteration +``` + +--- + +## Critical Patterns + +All Forgejo and Ollama API calls use `this.helpers.httpRequest()` in Code nodes — **not** HTTP Request nodes. HTTP Request nodes hit body expression limits on large prompts. + +Code nodes in "Run Once for Each Item" mode must return `{ json: ... }` not `[{ json: ... }]`. + +Loop Over Items (splitInBatches, batch=1) + feedback connection from last node back to loop drives iteration over multiple files. + +--- + +## Critical Environment Variables + +| Variable | Value | Why | +|----------|-------|-----| +| `N8N_BLOCK_ENV_ACCESS_IN_NODE` | `false` | Allows env var access inside Code nodes | +| `N8N_RUNNERS_TASK_TIMEOUT` | `3600` | Prevents timeout on 67-file audit runs | + +--- + +## Forgejo API Tokens + +| Token | Scope | +|-------|-------| +| Read token | Fetch file content from `traveler/services` | +| Write token | Commit audit reports to `traveler/Netgrimoire` | + +Tokens stored in n8n credentials, not in compose env vars. + +--- + +## Forgejo Webhook Gotcha + +If Forgejo webhooks fail to reach n8n, add to Forgejo `app.ini`: + +```ini +[webhook] +ALLOWED_HOST_LIST = * +``` + +Required when `OFFLINE_MODE = true`. Restart Forgejo after edit. diff --git a/Gremlin-Grimoire/Workflows/Kuma-Triage.md b/Gremlin-Grimoire/Workflows/Kuma-Triage.md new file mode 100644 index 0000000..9356526 --- /dev/null +++ b/Gremlin-Grimoire/Workflows/Kuma-Triage.md @@ -0,0 +1,63 @@ +--- +title: Kuma Alert Triage Workflow +description: Uptime Kuma webhook → Ollama analysis → ntfy alert +published: true +date: 2026-04-12T00:00:00.000Z +tags: gremlin, n8n, kuma, alerts +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Kuma Alert Triage Workflow + +**Status:** ✅ Live and confirmed working + +Triggered by Uptime Kuma webhook on service DOWN or RECOVERED events. DOWN events are analyzed by `llama3.2:3b` before alerting. RECOVERED events skip AI and send a simple notification. + +--- + +## Webhook URL + +``` +https://n8n.netgrimoire.com/webhook/gremlin-kuma-alert +``` + +Configure in Uptime Kuma: Settings → Notifications → Webhook → apply to all monitors. + +--- + +## Flow + +``` +Kuma Webhook + ├── DOWN path: + │ → Parse payload (service name, URL, error) + │ → Ollama (llama3.2:3b): triage prompt + │ → ntfy gremlin-alerts (urgent priority) with AI analysis + │ + └── RECOVERED path: + → ntfy gremlin-alerts (normal priority, no AI call) +``` + +--- + +## Why Two Paths + +AI triage is only useful for DOWN events — there's nothing to analyze on a recovery. Skipping Ollama on RECOVERED keeps notification latency near-instant for good news. + +--- + +## ntfy Output Format + +DOWN alert includes: +- Service name and URL +- Kuma error message +- Ollama's triage assessment (probable cause, suggested first step) + +RECOVERED alert is a simple one-liner. + +--- + +## Parked: Doc Generation Workflows + +Two additional doc generation workflows were built but are currently inactive. CPU-only `llama3.2:3b` output barely exceeds reformatting the source compose file — not useful enough to commit. Will be revisited when GPU support is added to the Gremlin stack. diff --git a/Keystone-Grimoire/Docker/Caddy.md b/Keystone-Grimoire/Docker/Caddy.md new file mode 100644 index 0000000..940f1f8 --- /dev/null +++ b/Keystone-Grimoire/Docker/Caddy.md @@ -0,0 +1,522 @@ +--- +title: Caddy Reverse Proxy +description: Curreent and future config +published: true +date: 2026-02-25T01:50:20.558Z +tags: +editor: markdown +dateCreated: 2026-02-23T22:09:16.106Z +--- + +# Caddy Reverse Proxy + +**Host:** znas (Docker Swarm node) +**Internal IP:** 192.168.5.10 +**Data Path:** `/export/Docker/caddy/` +**Networks:** `netgrimoire` (service network), `vpn` +**Ports:** 80 (mapped to host 8900), 443 + +--- + +## Overview + +Caddy serves as the primary reverse proxy for all public and internal web services. It uses the `caddy-docker-proxy` pattern, which allows services to register themselves with Caddy by adding Docker labels to their compose files — no manual Caddyfile edits required per service. + +Configuration is **hybrid**: some services are defined entirely via Docker labels, others are defined statically in the Caddyfile, and most use both (labels for routing, Caddyfile for shared snippets). The `caddy-docker-proxy` container merges both sources at runtime. + +--- + +## Current State + +### Image + +```yaml +image: lucaslorentz/caddy-docker-proxy:ci-alpine +``` + +This image provides the Docker Proxy module only. It has no CrowdSec, GeoIP, or rate limiting built in. + +### Docker Compose (`/export/Docker/caddy/docker-compose.yml`) + +```yaml +configs: + caddy-basic-content: + file: ./Caddyfile + labels: + caddy: + +services: + caddy: + image: lucaslorentz/caddy-docker-proxy:ci-alpine + ports: + - 8900:80 + - 443:443 + environment: + - CADDY_INGRESS_NETWORKS=netgrimoire + networks: + - netgrimoire + - vpn + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile + - /export/Docker/caddy:/data + #- /export/Docker/caddy/logs:/var/log/caddy # Placeholder for CrowdSec log mount + deploy: + placement: + constraints: + - node.hostname == znas + +networks: + netgrimoire: + external: true + vpn: + external: true +``` + +### Caddyfile (`/export/Docker/caddy/Caddyfile`) + +The Caddyfile defines shared authentication snippets and static site blocks. These snippets are available to all services — including label-defined ones — via `import`. + +```caddyfile +# ───────────────────────────────────────────────────────────────────────────── +# AUTH SNIPPETS +# ───────────────────────────────────────────────────────────────────────────── + +(authentik) { + route /outpost.goauthentik.io/* { + reverse_proxy http://authentik:9000 + } + + forward_auth http://authentik:9000 { + uri /outpost.goauthentik.io/auth/caddy + header_up X-Forwarded-URI {http.request.uri} + copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email \ + X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt \ + X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider \ + X-Authentik-Meta-App X-Authentik-Meta-Version + } +} + +(authelia) { + forward_auth http://authelia:9091 { + uri /api/verify?rd=https://login.wasted-bandwidth.net/ + copy_headers Remote-User Remote-Groups Remote-Email Remote-Name + } +} + +# ───────────────────────────────────────────────────────────────────────────── +# MAIL SNIPPETS +# ───────────────────────────────────────────────────────────────────────────── + +(email-proxy) { + redir https://mail.netgrimoire.com/sogo 301 +} + +(mailcow-proxy) { + reverse_proxy nginx-mailcow:80 +} + +# ───────────────────────────────────────────────────────────────────────────── +# STATIC SITE BLOCKS — NETGRIMOIRE.COM +# ───────────────────────────────────────────────────────────────────────────── + +cloud.netgrimoire.com { + reverse_proxy http://nextcloud-aio-apache:11000 +} + +log.netgrimoire.com { + reverse_proxy http://graylog:9000 +} + +win.netgrimoire.com { + reverse_proxy http://192.168.5.10:8006 +} + +docker.netgrimoire.com { + reverse_proxy http://portainer:9000 +} + +immich.netgrimoire.com { + reverse_proxy http://192.168.5.10:2283 +} + +npm.netgrimoire.com { + reverse_proxy http://librenms:8000 +} + +#jellyfin.netgrimoire.com { +# reverse_proxy http://jellyfin:8096 +#} + +# ───────────────────────────────────────────────────────────────────────────── +# AUTHENTICATED — NETGRIMOIRE.COM +# ───────────────────────────────────────────────────────────────────────────── + +dozzle.netgrimoire.com { + import authentik + reverse_proxy http://192.168.4.72:8043 +} + +dns.netgrimoire.com { + import authentik + reverse_proxy http://192.168.5.7:5380 +} + +webtop.netgrimoire.com { + import authentik + reverse_proxy http://webtop:3000 +} + +jackett.netgrimoire.com { + import authentik + reverse_proxy http://gluetun:9117 +} + +transmission.netgrimoire.com { + import authentik + reverse_proxy http://gluetun:9091 +} + +scrutiny.netgrimoire.com { + import authentik + reverse_proxy http://192.168.5.10:8081 +} + +# ───────────────────────────────────────────────────────────────────────────── +# AUTHENTICATED — WASTED-BANDWIDTH.NET (Authelia) +# ───────────────────────────────────────────────────────────────────────────── + +stash.wasted-bandwidth.net { + import authelia + reverse_proxy http://192.168.5.10:9999 +} + +namer.wasted-bandwidth.net { + import authelia + reverse_proxy http://192.168.5.10:6980 +} + +# ───────────────────────────────────────────────────────────────────────────── +# PUBLIC — PNCHARRIS.COM / WASTED-BANDWIDTH.NET +# ───────────────────────────────────────────────────────────────────────────── + +fish.pncharris.com { + reverse_proxy http://web +} + +www.wasted-bandwidth.net { + reverse_proxy http://web +} + +# ───────────────────────────────────────────────────────────────────────────── +# MAILCOW — MULTI-DOMAIN +# ───────────────────────────────────────────────────────────────────────────── + +mail.netgrimoire.com, autodiscover.netgrimoire.com, autoconfig.netgrimoire.com, \ +mail.wasted-bandwidth.net, autodiscover.wasted-bandwidth.net, autoconfig.wasted-bandwidth.net, \ +mail.gnarlypandaproductions.com, autodiscover.gnarlypandaproductions.com, autoconfig.gnarlypandaproductions.com, \ +mail.pncfishandmore.com, autodiscover.pncfishandmore.com, autoconfig.pncfishandmore.com, \ +mail.pncharrisenterprises.com, autodiscover.pncharrisenterprises.com, autoconfig.pncharrisenterprises.com, \ +mail.pncharris.com, autodiscover.pncharris.com, autoconfig.pncharris.com, \ +mail.florosafd.org, autodiscover.florosafd.org, autoconfig.florosafd.org { + import mailcow-proxy +} +``` + +### Docker Label Pattern (label-defined services) + +Services not in the Caddyfile are registered via labels on their own containers. The snippet defined in the Caddyfile is available to them via `caddy.import`: + +```yaml +labels: + - caddy=homepage.netgrimoire.com + - caddy.import=authentik + - caddy.reverse_proxy={{upstreams 3000}} +``` + +For services that need no auth: +```yaml +labels: + - caddy=myservice.netgrimoire.com + - caddy.reverse_proxy={{upstreams 8080}} +``` + +--- + +## Authentication Layers + +Two identity proxies are in use, each serving different domains/use cases: + +| Provider | Domain Pattern | Snippet | +|----------|----------------|---------| +| Authentik | `*.netgrimoire.com` internal tools | `import authentik` | +| Authelia | `*.wasted-bandwidth.net` | `import authelia` | + +Services without an auth import are either public (e.g. `fish.pncharris.com`) or carry their own authentication (e.g. Nextcloud, Graylog, Portainer). + +--- + +## Current Security Posture + +CrowdSec protection exists only at the **OPNsense firewall level** — IP reputation blocking before traffic reaches Caddy. CrowdSec does not currently inspect HTTP traffic at the application layer. This means: + +- Known-bad IPs are blocked at the perimeter +- Application-layer attacks (SQLi in URLs, malicious paths, bad user agents, brute force on specific endpoints) are not blocked at the Caddy level +- Services behind Authentik/Authelia have an additional protection layer; unauthenticated public services do not + +--- + +## Future State: CrowdSec + GeoIP + Rate Limiting + +### Target Image + +```yaml +image: ghcr.io/serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy:latest +``` + +This is a drop-in replacement for `lucaslorentz/caddy-docker-proxy`. All existing Docker labels and Caddyfile site blocks continue to work unchanged. The image is automatically rebuilt monthly when Caddy releases updates — no custom image maintenance required. + +**Included modules:** +- `caddy-docker-proxy` — same label-based config as current +- `caddy-crowdsec-bouncer` — inline HTTP blocking based on CrowdSec decisions +- `caddy-geoip` — GeoIP filtering at the application layer +- `caddy-ratelimit` — per-endpoint rate limiting +- `caddy-security` — additional auth/security middleware + +### Updated Compose + +```yaml +configs: + caddy-basic-content: + file: ./Caddyfile + labels: + caddy: + +services: + caddy: + image: ghcr.io/serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy:latest + ports: + - 8900:80 + - 443:443 + environment: + - CADDY_INGRESS_NETWORKS=netgrimoire + - CADDY_DOCKER_EVENT_THROTTLE_INTERVAL=2000 # Prevents non-deterministic reload with CrowdSec module + - CROWDSEC_API_KEY=BYSLg/wKOa7wlHYzChJpBVJA06Ukc7G6fKJCvBwjyZg + networks: + - netgrimoire + - vpn + - crowdsec_net + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /export/Docker/caddy/Caddyfile:/etc/caddy/Caddyfile + - /export/Docker/caddy:/data + - caddy-logs:/var/log/caddy + deploy: + placement: + constraints: + - node.hostname == znas + + crowdsec: + image: crowdsecurity/crowdsec + restart: unless-stopped + environment: + COLLECTIONS: "crowdsecurity/caddy crowdsecurity/http-cve crowdsecurity/whitelist-good-actors" + BOUNCER_KEY_CADDY: BYSLg/wKOa7wlHYzChJpBVJA06Ukc7G6fKJCvBwjyZg # Pre-registers the Caddy bouncer automatically + volumes: + - crowdsec-db:/var/lib/crowdsec/data + - ./crowdsec/acquis.yaml:/etc/crowdsec/acquis.yaml + - caddy-logs:/var/log/caddy:ro + networks: + - crowdsec_net + deploy: + placement: + constraints: + - node.hostname == znas + +volumes: + caddy-logs: + crowdsec-db: + +networks: + netgrimoire: + external: true + vpn: + external: true + crowdsec_net: + driver: overlay # Swarm overlay network +``` + +### CrowdSec Log Acquisition (`./crowdsec/acquis.yaml`) + +```yaml +filenames: + - /var/log/caddy/access.log +labels: + type: caddy +``` + +### Environment File (`.env`) + +```env +CROWDSEC_API_KEY= +``` + +The `BOUNCER_KEY_CADDY` env var in the CrowdSec container pre-registers the bouncer key at startup. Set the same value in `.env` as `CROWDSEC_API_KEY` and both sides will be in sync on first boot — no need to run `cscli bouncers add` manually. + +### Updated Caddyfile Additions + +Add a global block at the top of the Caddyfile and a new `crowdsec` snippet. All other existing content remains unchanged. + +```caddyfile +# ───────────────────────────────────────────────────────────────────────────── +# GLOBAL BLOCK — add this at the very top before any snippets +# ───────────────────────────────────────────────────────────────────────────── + +{ + crowdsec { + api_url http://crowdsec:8080 + api_key {$CROWDSEC_API_KEY} + } + log { + output file /var/log/caddy/access.log { + roll_size 50mb + roll_keep 5 + } + format json + } +} + +# ───────────────────────────────────────────────────────────────────────────── +# CROWDSEC SNIPPET — add alongside existing auth snippets +# ───────────────────────────────────────────────────────────────────────────── + +(crowdsec) { + route { + crowdsec + } +} +``` + +### Applying CrowdSec to Existing Services + +Once the snippet exists, add `import crowdsec` to site blocks and container labels. This is a **gradual rollout** — services without it remain fully functional, just without Caddy-level CrowdSec inspection (they still have OPNsense perimeter protection). + +**In the Caddyfile:** +```caddyfile +# Before +cloud.netgrimoire.com { + reverse_proxy http://nextcloud-aio-apache:11000 +} + +# After +cloud.netgrimoire.com { + import crowdsec + reverse_proxy http://nextcloud-aio-apache:11000 +} + +# With auth +dozzle.netgrimoire.com { + import crowdsec + import authentik + reverse_proxy http://192.168.4.72:8043 +} +``` + +**In Docker labels:** +```yaml +labels: + - caddy=homepage.netgrimoire.com + - caddy.import=crowdsec + - caddy.import=authentik + - caddy.reverse_proxy={{upstreams 3000}} +``` + +### CrowdSec Rollout Priority + +Roll out `import crowdsec` in this order based on risk exposure: + +**High priority — do first (public, no auth):** +- `cloud.netgrimoire.com` (Nextcloud) +- `immich.netgrimoire.com` +- `docker.netgrimoire.com` (Portainer) +- `fish.pncharris.com` +- `www.wasted-bandwidth.net` + +**Medium priority — high value behind auth:** +- `log.netgrimoire.com` (Graylog) +- `win.netgrimoire.com` (Proxmox) +- All `dozzle`, `dns`, `webtop`, `jackett`, `transmission`, `scrutiny` + +**Lower priority — already protected by Authelia/Authentik:** +- `stash.wasted-bandwidth.net` +- `namer.wasted-bandwidth.net` +- All label-defined services behind auth + +**Skip:** +- Mailcow block — handled by nginx-mailcow, different threat model + +### Behavior if CrowdSec Container Goes Down + +The bouncer is designed to **fail open** by default. If `crowdsec` is unreachable, Caddy continues serving traffic normally — enforcement is temporarily suspended but the site stays up. This is the safe default for a homelab. To change this behavior, set `enable_hard_fails true` in the global crowdsec block (will cause 500 errors if CrowdSec is down — not recommended for homelab). + +--- + +## Bootstrap Steps + +When ready to migrate to the new image: + +**Step 1 — Add the CrowdSec global block and snippet to the Caddyfile** before changing the image. This ensures the Caddyfile is valid for the new image on startup. + +**Step 2 — Create `./crowdsec/acquis.yaml`** with the content above. + +**Step 3 — Create `.env`** with a strong random value for `CROWDSEC_API_KEY`: +```bash +openssl rand -hex 32 +``` + +**Step 4 — Update the image and add the CrowdSec service to the compose file**, then redeploy: +```bash +docker stack deploy -c docker-compose.yml caddy +``` + +**Step 5 — Verify CrowdSec is reading Caddy logs:** +```bash +docker exec cscli metrics +``` +Look for the `Acquisition Metrics` table showing hits from `/var/log/caddy/access.log`. + +**Step 6 — Test a ban manually:** +```bash +docker exec cscli decisions add --ip 1.2.3.4 --duration 5m +# Verify the IP gets a 403 from Caddy +curl -I https://yoursite.com --resolve yoursite.com:443:1.2.3.4 +docker exec cscli decisions delete --ip 1.2.3.4 +``` + +**Step 7 — Gradually add `import crowdsec`** to site blocks and labels per the priority order above. + +--- + +## File Layout + +``` +/export/Docker/caddy/ +├── Caddyfile # Shared snippets and static site blocks +├── docker-compose.yml # Caddy + CrowdSec services +├── .env # CROWDSEC_API_KEY (future) +├── data/ # Caddy data volume (TLS certs, etc.) +├── logs/ # caddy-logs volume mount point (future) +└── crowdsec/ + └── acquis.yaml # Tells CrowdSec where to read Caddy logs (future) +``` + +--- + +## Known Issues / Notes + +- Port 80 is mapped to host port 8900 — this is intentional for Swarm. OPNsense NAT handles the external 80→8900 translation. +- The `CADDY_DOCKER_EVENT_THROTTLE_INTERVAL=2000` setting is **required** with the CrowdSec module to prevent non-deterministic domain matching behavior during container label reloads (see [issue #61](https://github.com/hslatman/caddy-crowdsec-bouncer/issues/61)). +- Jellyfin is commented out in the Caddyfile — likely served via a different path or disabled temporarily. +- The `web` upstream referenced by `fish.pncharris.com` and `www.wasted-bandwidth.net` resolves to a container named `web` on the `netgrimoire` network. +- Authelia redirect URL is `https://login.wasted-bandwidth.net/` — update if this changes. +- The serfriz image is rebuilt on the **1st of each month** for module updates, and on every new Caddy release. Force a module update by recreating the container: `docker service update --force caddy_caddy`. diff --git a/Keystone-Grimoire/Docker/Swarm-Template.md b/Keystone-Grimoire/Docker/Swarm-Template.md new file mode 100644 index 0000000..279f090 --- /dev/null +++ b/Keystone-Grimoire/Docker/Swarm-Template.md @@ -0,0 +1,144 @@ +--- +title: Docker Swarm Template Standard +description: Canonical YAML template and label rules for all Netgrimoire swarm services +published: true +date: 2026-04-12T00:00:00.000Z +tags: keystone, docker, swarm +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Docker Swarm Template Standard + +All Swarm YAML files in `services/swarm/` and `services/swarm/stack/` must follow this standard. The Gremlin audit workflow checks compliance weekly. + +--- + +## Canonical Template + +```yaml +# Deploy: docker stack deploy -c .yaml +services: + : + image: :latest + environment: + TZ: America/Chicago + volumes: + - /DockerVol/:/config + # - /data/nfs/znas/Docker/:/data + networks: + - netgrimoire + deploy: + restart_policy: + condition: any + delay: 5s + max_attempts: 3 + window: 120s + placement: + constraints: + - node.hostname == znas + - node.platform.arch != aarch64 + - node.platform.arch != arm + labels: + # Caddy + caddy: .netgrimoire.com + caddy.reverse_proxy: : + caddy.import: crowdsec + caddy.import_1: authentik + + # Uptime Kuma + kuma..http.name: + kuma..http.url: https://.netgrimoire.com + + # Homepage + homepage.group: + homepage.name: + homepage.icon: .png + homepage.href: https://.netgrimoire.com + homepage.description: + + # DIUN + diun.enable: "true" + +networks: + netgrimoire: + external: true +``` + +--- + +## Forbidden Fields + +Never use these at the service level: + +| Field | Reason | +|-------|--------| +| `version:` | Deprecated in Compose v2+ | +| `container_name:` | Incompatible with Swarm replicas | +| `restart:` | Use `deploy.restart_policy` instead | +| `depends_on:` | Not supported in Swarm mode | +| `endpoint_mode: dnsrr` | Breaks internal DNS — always use VIP | + +--- + +## Volume Path Rules + +| Path | When to Use | +|------|-------------| +| `/DockerVol/` | Config, SQLite DBs, small app state. **Only valid with a `node.hostname` placement constraint.** | +| `/data/nfs/znas/Docker/` | Bulk data, media, or any service without a hostname constraint | + +--- + +## Placement Constraints + +**Default (all services):** +```yaml +constraints: + - node.hostname == znas + - node.platform.arch != aarch64 + - node.platform.arch != arm +``` + +ARM exclusion prevents accidental scheduling on Pi vault/worker nodes. Override only if the service is ARM-specific. + +For services pinned to docker4 (Gremlin stack): +```yaml +constraints: + - node.hostname == docker4 + - node.platform.arch != aarch64 + - node.platform.arch != arm +``` + +--- + +## Caddy Label Rules + +```yaml +caddy: servicename.netgrimoire.com # no https:// prefix +caddy.reverse_proxy: servicename:PORT # container name:port, NOT {{upstreams PORT}} +caddy.import: crowdsec # always both +caddy.import_1: authentik # always both, no exceptions +``` + +Never use `{{upstreams PORT}}` — it breaks during `docker stack config` preprocessing. + +**Wasted-bandwidth services** use `wasted-bandwidth.net` domain and `caddy.import_1: authelia` instead of authentik. + +--- + +## Deploy Workflow + +```bash +# From services repo root +git add . && git commit -m "Add/update " && git push + +# On znas (or docker4 for Gremlin services) +cd ~/services && git pull +cd swarm/stack/ +set -a && source .env && set +a +docker stack config --compose-file .yaml > resolved.yml +docker stack deploy --compose-file resolved.yml +rm resolved.yml +docker stack services +``` diff --git a/Keystone-Grimoire/Hosts/Host-Inventory.md b/Keystone-Grimoire/Hosts/Host-Inventory.md new file mode 100644 index 0000000..7a10888 --- /dev/null +++ b/Keystone-Grimoire/Hosts/Host-Inventory.md @@ -0,0 +1,59 @@ +--- +title: Host Inventory +description: All Netgrimoire nodes — roles, IPs, services, hardware +published: true +date: 2026-04-12T00:00:00.000Z +tags: keystone, hosts +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Host Inventory + +## Swarm Cluster + +| Host | Hostname | IP | Role | Runtime | +|------|----------|----|------|---------| +| znas | znas | 192.168.5.10 | NAS + Primary Swarm manager | Swarm manager + Compose | +| docker2 | — | — | VPN gateway | Compose only | +| docker3 | — | — | LibreNMS | Compose only | +| docker4 | hermes | 192.168.5.16 | Mail server + AI worker | Compose + Swarm worker | +| docker5 | — | 192.168.5.18 | Media host | Compose only | +| Pi nodes | various | various | Swarm workers + vault nodes | Swarm workers | + +## Other Infrastructure + +| Device | IP | Purpose | +|--------|----|---------| +| OPNsense firewall | 192.168.3.4 | Firewall, dual-WAN, NAT, WireGuard | +| Internal DNS | 192.168.5.7 | Technitium DNS | +| ISPConfig | 192.168.4.11 | Web/DNS hosting control panel | + +## WAN + +| Interface | IP | Status | Purpose | +|-----------|----|----|---------| +| ATT (`igc1`) | 107.133.34.145/28 | Primary | 5 static IPs allocated | +| Cox | — | Retiring | Legacy WAN | + +**ATT Static IP Assignments:** + +| IP | Assigned To | +|----|-------------| +| .145 | Admin / default | +| .146 | Web services | +| .147 | Jellyfin | +| .148 | Mail (ATT_Mail — pending) | +| .149 | WireGuard / Spare | + +## Pinned Services by Host + +**znas** — Caddy, Forgejo, Wiki.js, Homepage, Uptime Kuma, AutoKuma, ntfy, Portainer, Authentik, LLDAP, Kopia, Vault, Nextcloud AIO, Immich, Joplin, n8n (Gremlin), all arr services, all media services + +**docker4 (hermes)** — MailCow (Compose), Ollama, Open WebUI, Qdrant (Swarm, pinned docker4), Roundcube + +**docker5** — Jellyfin, Jellyfinx (Compose) + +**docker2** — Gluetun, Jackett, Transmission (Compose) + +**docker3** — LibreNMS (Compose) diff --git a/Keystone-Grimoire/Mail/Domain-Setup.md b/Keystone-Grimoire/Mail/Domain-Setup.md new file mode 100644 index 0000000..928d920 --- /dev/null +++ b/Keystone-Grimoire/Mail/Domain-Setup.md @@ -0,0 +1,401 @@ +--- +title: Sample Domain Setup +description: Graymutt@nucking-futz.com +published: true +date: 2026-03-16T00:34:08.387Z +tags: +editor: markdown +dateCreated: 2026-02-25T22:02:27.719Z +--- + +# Mail Setup — nucking-futz.com + +## Part 0 — OPNsense: Configure ATT_Mail Secondary IP + +Before configuring DNS or Mailcow, the secondary AT&T static IP must be configured in OPNsense as a virtual IP on the WAN interface and NAT rules must be set so only raw SMTP traffic (ports 25, 465, 587, 993, 143) uses this address. Webmail, the Mailcow admin UI, and all other traffic continue to use the primary WAN IP (107.133.34.145). + +| Address | Purpose | +|---------|---------| +| 107.133.34.145 | Primary WAN — web, admin, everything else | +| 107.133.34.146 | ATT_Mail — SMTP/IMAP inbound and outbound only | + +### Step 0.1 — Add Virtual IP + +1. Go to **Interfaces → Virtual IPs → Settings** +2. Click **+ Add** +3. Set the following: + +| Field | Value | +|-------|-------| +| Mode | IP Alias | +| Interface | WAN (igc1) | +| Network / Address | `107.133.34.146 / 28` | +| Description | `ATT_Mail` | + +4. Click **Save**, then **Apply changes** + +> The /28 subnet mask matches the AT&T block (107.133.34.144/28). All 5 static IPs in the block share this mask. + +### Step 0.2 — Outbound NAT for SMTP Traffic + +This ensures Mailcow's outbound SMTP connections leave through the ATT_Mail IP rather than the primary WAN IP. OPNsense must be in **Hybrid** or **Manual** outbound NAT mode. + +1. Go to **Firewall → NAT → Outbound** +2. Confirm mode is set to **Hybrid Outbound NAT** (or Manual — either works) +3. Click **Add** to create a new rule + +**Rule for outbound SMTP (port 587 relay to MXRoute):** + +| Field | Value | +|-------|-------| +| Interface | WAN | +| TCP/IP Version | IPv4 | +| Protocol | TCP | +| Source | `192.168.5.16 / 32` (Mailcow host) | +| Source Port | any | +| Destination | any | +| Destination Port | 587 | +| Translation / Target | `107.133.34.146` (ATT_Mail) | +| Description | `Mailcow outbound relay via ATT_Mail` | + +4. Repeat for port **25** (direct outbound SMTP, if used) and port **465** (SMTPS) +5. Click **Save** and **Apply changes** + +### Step 0.3 — Inbound NAT (Port Forwards) for Mail Ports + +Route inbound connections on mail ports to Mailcow using the ATT_Mail IP as the external address. + +1. Go to **Firewall → NAT → Port Forward** +2. Create rules for each mail port: + +| External IP | Port(s) | Forward to | Description | +|-------------|---------|-----------|-------------| +| 107.133.34.146 | 25 | 192.168.5.16:25 | SMTP inbound | +| 107.133.34.146 | 465 | 192.168.5.16:465 | SMTPS inbound | +| 107.133.34.146 | 587 | 192.168.5.16:587 | Submission inbound | +| 107.133.34.146 | 993 | 192.168.5.16:993 | IMAPS | +| 107.133.34.146 | 143 | 192.168.5.16:143 | IMAP (if needed) | + +> **Do not** add port forwards for 80, 443, or 3443 (Mailcow admin/webmail ports) on this IP. Those remain on the primary WAN IP via Caddy. + +3. Click **Save** and **Apply changes** + +### Step 0.4 — Firewall Rules + +Ensure the WAN firewall rules permit inbound traffic on the mail ports to the ATT_Mail IP. If you have a default deny-all WAN rule (recommended), add explicit pass rules: + +1. Go to **Firewall → Rules → WAN** +2. Add pass rules for each port in the table above with destination `107.133.34.146` + +### Step 0.5 — Verify + +```bash +# From outside your network, confirm the mail IP is live +telnet 107.133.34.146 25 +# Should see: 220 hermes.netgrimoire.com ESMTP + +# Confirm primary WAN IP does NOT respond on port 25 +telnet 107.133.34.145 25 +# Should time out or be refused + +# Check that Mailcow outbound connections leave from the ATT_Mail IP +# Send a test to check-auth@verifier.port25.com and inspect the Return-Path +# or check the Received: header — the sending IP should be 107.133.34.146 +``` + +> ⚠ If the verify step shows port 25 still responding on 107.133.34.145, check that no leftover port forward rules exist on the primary WAN IP for mail ports. + +--- + +## Overview + +This guide covers complete mail setup for `nucking-futz.com` using MXRoute as the inbound gateway and Mailcow as the mailbox host. MXRoute receives all inbound mail from the internet (solving residential IP filtering issues with banks and financial institutions) and forwards to Mailcow for storage and retrieval. Mailcow handles outbound mail via the MXRoute SMTP relay. + +**Architecture:** + +``` +Inbound: Internet → MXRoute (commercial IP) → Mailcow (192.168.5.16) +Outbound: Mailcow → MXRoute SMTP relay → Internet +``` + +**Why two domains in Mailcow:** +MXRoute forwarders require a valid destination email address. You cannot forward `graymutt@nucking-futz.com` back to `graymutt@nucking-futz.com` — that loops. The solution is to have Mailcow own a subdomain (`mail.nucking-futz.com`) with its own MX record pointing directly to your server. MXRoute forwards to `graymutt@mail.nucking-futz.com`, Mailcow delivers locally, and an alias domain maps `nucking-futz.com` back so users only ever see and use `graymutt@nucking-futz.com`. + +--- + +## Prerequisites + +- MXRoute account active with DirectAdmin access +- Mailcow running at 192.168.5.16 +- DNS management access for nucking-futz.com +- Your MXRoute server hostname from your MXRoute welcome email (e.g. `arrow.mxrouting.net`) + +--- + +## Step 1 — DNS Records + +Create all DNS records before configuring either service. Keep TTL at 300 during setup — raise to 3600 once confirmed working. + +![image.png](/image.png) + +![arec.png](/email/arec.png) + +![txt.png](/email/txt.png) + +### Required DNS Records + +| Type | Host | Value | Notes | +|------|------|-------|-------| +| A | `mail` | `YOUR_ATT_MAIL_IP` | Points to Mailcow — MXRoute forwards to this server | +| MX | `@` | `heracles.mxrouting.net (Priority 10)` | Check MXRoute welcome email for exact hostname | +| MX | `@` | `heracles-relay.mxrouting.net (Priority 20)` (priority 20) | Secondary MXRoute server from welcome email | +| MX | `mail` | `mail.nucking-futz.com` (priority 10) | Mailcow handles this subdomain directly | +| CNAME | `imap` | `mail.nucking-futz.com` | Client autoconfiguration | +| CNAME | `smtp` | `mail.nucking-futz.com` | Client autoconfiguration | +| CNAME | `webmail` | `mail.nucking-futz.com` | Roundcube access | +| CNAME | `autodiscover` | `mail.nucking-futz.com` | Outlook autodiscover | +| CNAME | `autoconfig` | `mail.nucking-futz.com` | Thunderbird autoconfig | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | SPF — authorizes both Mailcow direct and MXRoute relay | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | SPF for subdomain — Mailcow sends directly from here | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | DMARC enforcement | + +> DKIM TXT records (two selectors) are added in Steps 2 and 3 after generating keys in Mailcow and MXRoute. + +--- + +## Step 2 — Mailcow Configuration + +### 2.1 Add the Subdomain as Primary Domain + +Mailcow owns `mail.nucking-futz.com` as its active mail domain. Mailboxes live internally on this subdomain. + +1. Log into Mailcow admin UI → **Mail Setup → Domains** +2. Click **Add domain** +3. Set **Domain:** `mail.nucking-futz.com` +4. Leave all other settings as default +5. Click **Add domain** + +### 2.2 Add the Alias Domain + +This makes Mailcow accept mail addressed to `@nucking-futz.com` and deliver it to the matching `@mail.nucking-futz.com` mailbox. Users send and receive as `@nucking-futz.com` — the subdomain is invisible to them. + +1. Go to **Mail Setup → Alias Domains** +2. Click **Add alias domain** +3. Set **Alias Domain:** `nucking-futz.com` +4. Set **Target Domain:** `mail.nucking-futz.com` +5. Click **Add** + +### 2.3 Create Mailbox + +1. Go to **Mail Setup → Mailboxes** +2. Click **Add mailbox** +3. Set **Username:** `graymutt` +4. Set **Domain:** `mail.nucking-futz.com` +5. Set a strong password +6. Set quota as needed +7. Click **Add** + +The mailbox is internally `graymutt@mail.nucking-futz.com`. The alias domain from Step 2.2 means Mailcow also accepts and delivers mail for `graymutt@nucking-futz.com` to this same mailbox. + +### 2.4 Generate DKIM Key + +1. Go to **Configuration → Configuration & Diagnostics → Configuration** +2. Click **ARC/DKIM Keys** tab +3. Select domain `mail.nucking-futz.com` +4. Set **Selector:** `mailcow` +5. Set **Key length:** 2048 +6. Click **Generate** +7. Copy the full TXT record value — needed for DNS + +### 2.5 Add Mailcow DKIM DNS Record + +| Type | Host | Value | +|------|------|-------| +| TXT | `mailcow._domainkey.mail` | *(full key string from Mailcow — begins with `v=DKIM1;`)* | + +### 2.6 Add MXRoute to Trusted Networks + +Prevents Mailcow from applying spam scoring to forwarded mail arriving from MXRoute's IPs. + +1. Go to **Configuration → Configuration & Diagnostics → Configuration** +2. Click **Extra Postfix configuration** tab +3. Add to `extra.cf`: + +``` +# Trust MXRoute forwarding IPs +mynetworks = 127.0.0.1/8 [::1]/128 192.168.5.0/24 69.167.160.0/19 198.54.120.0/22 +``` + +> Verify current MXRoute IP ranges in your MXRoute account documentation — these may change. + +4. Click **Save** +5. Click **Restart affected containers** + +### 2.7 Configure Outbound Relay + +Routes outbound mail through MXRoute for best deliverability. + +1. Go to **Configuration → Routing → Sender-Dependent Transports** +2. Click **Add transport** +3. Set **Domain:** `nucking-futz.com` +4. Set **Relay host:** `[smtp.mxroute.com]:587` (confirm SMTP hostname from MXRoute welcome email) +5. Set **Username:** your MXRoute relay username +6. Set **Password:** your MXRoute relay password +7. Click **Add** +8. Repeat for domain `mail.nucking-futz.com` using the same relay credentials + +--- + +## Step 3 — MXRoute Configuration + +### 3.1 Add Domain in DirectAdmin + +1. Log into MXRoute DirectAdmin +2. Go to **Account Manager → Domain Setup** +3. Add domain: `nucking-futz.com` +4. Complete the domain wizard + +### 3.2 Create Forwarder + +MXRoute does not support domain-level remote MX routing — forwarders must be created per address. The destination must be on a domain whose MX resolves to Mailcow, not back to MXRoute. + +1. Go to **Forwarders** in the MXRoute control panel +2. Click **Create New Forwarder** +3. Set **Forwarder Name:** `graymutt` (the `@nucking-futz.com` part is shown automatically) +4. Set **Destination Type:** `Forward to Email(s)` +5. Set **Recipients:** `graymutt@mail.nucking-futz.com` +6. Click **Create Forwarder** + +> Every new mailbox requires a matching forwarder entry. The pattern is always `user@nucking-futz.com` → `user@mail.nucking-futz.com`. See the Adding a New Mailbox section below. + +### 3.3 Get MXRoute DKIM Key + +1. Go to **Email Manager → DKIM Keys** for `nucking-futz.com` +2. Generate or view the DKIM key — note the selector name assigned (often `x`) +3. Copy the full TXT record value + +### 3.4 Add MXRoute DKIM DNS Record + +| Type | Host | Value | +|------|------|-------| +| TXT | `x._domainkey` *(replace `x` with MXRoute's actual selector)* | *(full key string from MXRoute DirectAdmin)* | + +--- + +## Step 4 — Verify DNS + +Once DNS has propagated, verify all records: + +```bash +# MX for main domain — should show MXRoute servers +dig MX nucking-futz.com +short + +# MX for subdomain — should show mail.nucking-futz.com +dig MX mail.nucking-futz.com +short + +# A record — should show your ATT IP +dig A mail.nucking-futz.com +short + +# SPF +dig TXT nucking-futz.com +short +dig TXT mail.nucking-futz.com +short + +# DMARC +dig TXT _dmarc.nucking-futz.com +short + +# DKIM — Mailcow +dig TXT mailcow._domainkey.mail.nucking-futz.com +short + +# DKIM — MXRoute (replace x with your selector) +dig TXT x._domainkey.nucking-futz.com +short +``` + +Run a full check at [https://mxtoolbox.com](https://mxtoolbox.com) → Email Health for `nucking-futz.com`. + +--- + +## Step 5 — Test Mail Flow + +### Inbound Test + +Send a test email to `graymutt@nucking-futz.com` from an external Gmail or Outlook account. Verify: + +- Mail arrives in the Mailcow mailbox +- Headers show the MXRoute → Mailcow forwarding path (two `Received:` hops) +- No spam flagging + +In Roundcube open the test message → **More → View Source** and check the `Received:` chain. + +### Outbound Test + +Send from `graymutt@nucking-futz.com` to an external Gmail address. Run through [https://mail-tester.com](https://mail-tester.com) for a full delivery score. + +### DKIM/SPF/DMARC Test + +Send a test to `check-auth@verifier.port25.com` — you will receive an automated reply confirming pass/fail for SPF, DKIM, and DMARC. + +### Bank/Financial Test + +Send from a bank address to `graymutt@nucking-futz.com` and confirm delivery. This is the primary goal — banks see MXRoute's commercial IPs in the MX record, not your residential AT&T IP. + +--- + +## Email Client Settings + +| Setting | Value | +|---------|-------| +| Email address | `graymutt@nucking-futz.com` | +| IMAP server | `mail.nucking-futz.com` | +| IMAP port | `993` (SSL/TLS) | +| SMTP server | `mail.nucking-futz.com` | +| SMTP port | `465` (SSL/TLS) | +| Username | `graymutt@nucking-futz.com` | +| Password | *(mailbox password set in Step 2.3)* | + +> Users log in and send as `graymutt@nucking-futz.com`. Mailcow resolves this to the internal `mail.nucking-futz.com` mailbox transparently via the alias domain. + +--- + +## Adding a New Mailbox + +Every new address on `nucking-futz.com` requires entries in both Mailcow and MXRoute. + +**In Mailcow:** +1. Mail Setup → Mailboxes → Add mailbox +2. Username: `newuser`, Domain: `mail.nucking-futz.com` + +**In MXRoute control panel:** +1. Forwarders → Create New Forwarder +2. Forwarder Name: `newuser`, Destination Type: `Forward to Email(s)`, Recipients: `newuser@mail.nucking-futz.com` + +--- + +## Credentials Reference + +| Service | Account | Password | +|---------|---------|----------| +| Mailcow mailbox | `graymutt@mail.nucking-futz.com` | *(set during mailbox creation)* | +| MXRoute relay | *(from MXRoute welcome email)* | *(from MXRoute welcome email)* | +| MXRoute DirectAdmin | *(from MXRoute welcome email)* | *(from MXRoute welcome email)* | + +--- + +## Known Gotchas + +**Forwarder destination must not loop.** Never set the MXRoute forwarder destination to an address on the same domain that has MXRoute as its MX. `graymutt@nucking-futz.com` → `graymutt@nucking-futz.com` will loop. Always forward to `@mail.nucking-futz.com` which has its own MX resolving directly to Mailcow. + +**Two DKIM selectors required.** `mailcow._domainkey.mail.nucking-futz.com` covers mail Mailcow sends directly from the subdomain. `x._domainkey.nucking-futz.com` (MXRoute selector) covers outbound mail relayed through MXRoute. Both must exist for DMARC to pass on all paths. + +**New mailboxes need matching MXRoute forwarders.** MXRoute has no catch-all forwarding to remote servers. Every address that needs to receive mail must have an explicit forwarder in DirectAdmin. Add the MXRoute forwarder step to your mailbox creation checklist. + +**Alias domain vs. alias mailbox.** The alias domain in Step 2.2 maps the entire `nucking-futz.com` domain to `mail.nucking-futz.com`. Do not also create individual alias mailboxes for the same addresses — this creates duplicate delivery and may cause unexpected behavior. + +**SPF differs between the two domains.** The main domain SPF includes `include:mxroute.com` because MXRoute relay sends outbound from there. The subdomain SPF (`mail.nucking-futz.com`) only needs your ATT IP — Mailcow sends directly from that domain without going through MXRoute. Two different records for two different send paths. + +--- + +## Related Documentation + +- [MailCow Configuration](./mailcow) +- [MXRoute Outbound Relay Setup](./mxroute-outbound-relay) +- [OPNsense Firewall](./opnsense-firewall) — static IP allocation for ATT_Mail diff --git a/Keystone-Grimoire/Mail/Hardening.md b/Keystone-Grimoire/Mail/Hardening.md new file mode 100644 index 0000000..002eca0 --- /dev/null +++ b/Keystone-Grimoire/Mail/Hardening.md @@ -0,0 +1,391 @@ +--- +title: MailCow Hardening +description: Securing Mailcow +published: true +date: 2026-02-23T21:56:32.211Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:56:22.997Z +--- + +# MailCow Security Hardening + +**Service:** MailCow Dockerized +**Host:** 192.168.5.16 (MailCow_Ngnx alias) +**Relay:** MXRoute (outbound only) +**Last Reviewed:** February 2026 + +--- + +## Overview + +Running MailCow with MXRoute as an outbound relay creates a specific threat model that's different from either a fully self-hosted or fully managed setup. Your server receives inbound directly (MX points to your IP), stores all mailboxes locally, and hands outbound to MXRoute. This means you carry the risk surface of both — inbound SMTP exposure plus the credential and reputation exposure of a relay relationship. + +The security areas that matter most for this setup: + +| Area | Risk | Priority | +|---|---|---| +| DNS authentication (SPF/DKIM/DMARC) | Spoofing, deliverability failure, relay abuse | 🔴 Critical | +| MTA-STS + TLS-RPT | SMTP downgrade attacks on inbound | 🔴 Critical | +| MXRoute relay credential security | Relay hijacking, spam abuse on your reputation | 🔴 Critical | +| Mailcow admin hardening | Account takeover, open relay creation | 🔴 Critical | +| Postfix TLS hardening | Weak cipher negotiation | 🟡 High | +| Nginx header hardening | XSS, clickjacking on webmail | 🟡 High | +| Rspamd tuning | Inbound spam, outbound policy enforcement | 🟡 High | +| DMARC reporting | Visibility into spoofing and misdelivery | 🟡 High | +| ClamAV / attachment scanning | Malware distribution via your domain | 🟢 Medium | +| Rate limiting | Compromised account spam runs | 🟢 Medium | + +--- + +## DNS Authentication + +This is the foundation. If any of these are misconfigured your mail either doesn't deliver or your domain gets spoofed. With MXRoute in the mix the SPF record requires special attention. + +### SPF — Include Both Sources + +Your SPF must authorize **both** your own IP (for any direct sends) and MXRoute's sending infrastructure: + +```dns +@ IN TXT "v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com ~all" +``` + +Replace `YOUR_ATT_MAIL_IP` with the static IP you've dedicated to mail (ATT_Mail virtual IP). The `include:mxroute.com` covers MXRoute's sending servers. + +> ⚠ Do not use `-all` (hard fail) until you have confirmed all your sending sources are covered. Use `~all` (softfail) initially, then tighten after verifying DMARC reports show no legitimate sources failing. + +> ⚠ SPF has a **10 DNS lookup limit**. Each `include:` costs lookups. If you add more includes (e.g. transactional services), check your SPF lookup count at [mxtoolbox.com/spf](https://mxtoolbox.com/spf.aspx). + +### DKIM — Two Selectors for Two Signers + +Because MXRoute re-signs outbound mail with their own DKIM key, you need a DKIM record for both signers: + +| Selector | Signer | Where to get the key | +|---|---|---| +| `mailcow._domainkey` | MailCow (inbound, internal sends) | MailCow UI → Configuration → ARC/DKIM Keys | +| `mxroute._domainkey` (or `x._domainkey`) | MXRoute (outbound relay) | MXRoute control panel | + +Add both as TXT records. Having both means DMARC passes regardless of which path the mail took. + +> ✓ MailCow lets you choose the DKIM selector name. Use `mailcow` as the selector to avoid confusion with the MXRoute selector. + +### DMARC — Start Monitoring, Then Enforce + +DMARC ties SPF and DKIM together and tells receiving servers what to do with failures. Start in monitoring mode, review reports for 2–4 weeks, then advance to enforcement. + +**Phase 1 — Monitor (add immediately):** +```dns +_dmarc IN TXT "v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; fo=1" +``` + +**Phase 2 — Quarantine (after reviewing reports, no legitimate failures):** +```dns +_dmarc IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com; fo=1" +``` + +**Phase 3 — Reject (final enforcement):** +```dns +_dmarc IN TXT "v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@yourdomain.com; fo=1" +``` + +> ✓ `fo=1` requests forensic reports on any authentication failure — more detail for debugging. + +**DMARC Report Processing:** Raw DMARC reports are XML and not human-readable. Use one of these free tools to process them: +- [Postmark DMARC](https://dmarc.postmarkapp.com/) — free, email-based weekly digest +- [dmarcian.com](https://dmarcian.com) — free tier, dashboard view +- Self-hosted: [Parsedmarc](https://github.com/domainaware/parsedmarc) → send to Graylog/Grafana + +--- + +## MTA-STS (MailCow September 2025+) + +MTA-STS forces other mail servers to use TLS when delivering to you, preventing downgrade attacks that try to force plaintext SMTP. The September 2025 MailCow update added the `postfix-tlspol-mailcow` container which enforces MTA-STS on **outbound** connections too. + +### What You Need + +**1. DNS records** — three records for each domain: + +```dns +# For your mail server's hostname domain (e.g. netgrimoire.com) +mta-sts IN CNAME mail.netgrimoire.com. +_mta-sts IN TXT "v=STSv1; id=20260223" +_smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:tls-reports@netgrimoire.com" +``` + +The `id` value in `_mta-sts` is a version string — update it (e.g. to today's date) whenever you change your MTA-STS policy. + +**2. Policy file** — served by MailCow's nginx at `https://mta-sts.yourdomain.com/.well-known/mta-sts.txt`: + +```bash +# On your MailCow host: +mkdir -p /opt/mailcow-dockerized/data/web/.well-known/ +cat > /opt/mailcow-dockerized/data/web/.well-known/mta-sts.txt << 'EOF' +version: STSv1 +mode: enforce +max_age: 86400 +mx: mail.netgrimoire.com +EOF +``` + +Start with `mode: testing` for the first week, then switch to `mode: enforce`. + +**3. For additional domains** — add CNAMEs pointing to your primary domain's records: + +```dns +# For each additional mail domain you host on MailCow: +mta-sts.otherdomain.com IN CNAME mail.netgrimoire.com. +_mta-sts.otherdomain.com IN CNAME _mta-sts.netgrimoire.com. +_smtp._tls.otherdomain.com IN CNAME _smtp._tls.netgrimoire.com. +``` + +> ✓ TLS-RPT (`_smtp._tls` TXT record) sends you reports about TLS failures when other servers connect to you. Pipe these to Graylog or Postmark for visibility. + +--- + +## MXRoute Relay Security + +This is the most overlooked area. Your MXRoute credentials can send mail as your domain — if they're compromised, someone else is spamming from your reputation. + +### Credential Hardening + +- Use a **unique, strong password** for your MXRoute account — not shared with anything else +- Store the MXRoute SMTP credentials in MailCow's relay configuration only, not in any config file or environment variable that gets committed to git +- If MXRoute supports API tokens or app passwords, use those instead of your main account password + +### Relay Configuration in MailCow + +In MailCow UI: **Configuration → Routing → Sender-Dependent Transports** + +Verify the relay is configured to authenticate via TLS (port 587 with STARTTLS or port 465 with SSL). Do not relay over port 25 without authentication. + +``` +# What the relay entry should look like in Postfix terms: +# relayhost = [smtp.mxroute.com]:587 +# smtp_sasl_auth_enable = yes +# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd +# smtp_tls_security_level = encrypt ← ensures TLS is required, not optional +``` + +> ⚠ Set `smtp_tls_security_level = encrypt` (not `may`) so the connection to MXRoute is always encrypted. If the TLS negotiation fails, Postfix should reject rather than fall back to plaintext. + +### Rate Limiting (Prevent Relay Abuse if Account Compromised) + +Add rate limits in MailCow UI: **Configuration → Mail Setup → Domains → [your domain] → Rate Limit** + +| Setting | Recommended Value | Notes | +|---|---|---| +| Outbound messages/hour | 500 | Adjust for your actual sending volume | +| Outbound messages/day | 2000 | A sudden spike above this = red flag | + +This doesn't stop abuse but limits blast radius if a mailbox is compromised and starts spamming through MXRoute. + +--- + +## MailCow Admin Hardening + +### Two-Factor Authentication + +Enable 2FA on the admin account and all mailbox accounts that have access to the admin panel. + +MailCow UI: **Edit mailbox → Two-Factor Authentication → TOTP** + +> ⚠ There was a session fixation vulnerability in the MailCow web panel (GHSA-23c8-4wwr-g3c6, January 2025) and a critical SSTI vulnerability (GHSA-8p7g-6cjj-wr9m, July 2025). Both require staying current on updates. Enable auto-updates or check the MailCow blog monthly. + +### Restrict Admin UI to Internal Network + +The MailCow admin panel should not be reachable from the public internet. Access should require being on your internal network or connected via WireGuard. + +In OPNsense, add a firewall rule blocking external access to port 443 on 192.168.5.16 except from your static admin IP or WireGuard peers. + +Alternatively, configure MailCow's nginx to restrict the admin path by IP: + +```nginx +# In data/conf/nginx/includes/site-defaults.conf +# Add inside the server block for the admin panel: +location /admin { + allow 192.168.3.0/24; + allow 192.168.5.0/24; + allow 192.168.32.0/24; # WireGuard peers + deny all; +} +``` + +### API Key Rotation + +If you use the MailCow API (for automation or Netgrimoire tooling), generate a dedicated read-only key where possible, and rotate keys annually or after any suspected compromise. + +--- + +## Postfix TLS Hardening + +Add to `/opt/mailcow-dockerized/data/conf/postfix/extra.cf`: + +```ini +# Enforce TLS 1.2+ and strong ciphers +tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256 +tls_preempt_cipherlist = yes + +# Inbound SMTP (smtpd) — receiving from other mail servers +smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtpd_tls_ciphers = high +smtpd_tls_mandatory_ciphers = high + +# Outbound SMTP (smtp) — delivery to MXRoute and direct sends +smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 +smtp_tls_ciphers = high +smtp_tls_mandatory_ciphers = high + +# Require encryption on the MXRoute relay connection +smtp_tls_security_level = encrypt +``` + +After editing, restart Postfix: +```bash +cd /opt/mailcow-dockerized +docker compose restart postfix-mailcow +``` + +--- + +## Nginx Header Hardening + +Add to `/opt/mailcow-dockerized/data/conf/nginx/includes/site-defaults.conf`: + +```nginx +# Strong SSL ciphers only +ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; +ssl_conf_command Options PrioritizeChaCha; + +# HSTS — include subdomains if all your services use HTTPS +add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + +# Disable X-XSS-Protection (deprecated, CSP replaces it) +add_header X-XSS-Protection "0"; + +# Deny unused browser permissions +add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"; + +# Content Security Policy — if NOT using Gravatar with SOGo +add_header Content-Security-Policy "default-src 'none'; connect-src 'self' https://api.github.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; frame-ancestors 'none'; upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'"; + +# Cross-origin isolation headers +add_header Cross-Origin-Resource-Policy same-origin; +add_header Cross-Origin-Opener-Policy same-origin; +add_header Cross-Origin-Embedder-Policy require-corp; + +# Disable gzip to prevent BREACH attack +# Change gzip on; → gzip off; in the main nginx conf +``` + +> ⚠ The December 2025 MailCow update already removed the deprecated `X-XSS-Protection` header from defaults. If you're current, you may already have this. Check before duplicating. + +After editing, restart nginx: +```bash +docker compose restart nginx-mailcow +``` + +--- + +## Rspamd Tuning + +Rspamd is MailCow's spam filter. The defaults are reasonable but a few adjustments improve both inbound protection and outbound policy enforcement. + +### Key Settings to Review + +Navigate to **MailCow UI → Configuration → Rspamd UI** (or directly at `https://mail.yourdomain.com/rspamd/`) + +**Actions → Score Thresholds:** + +| Action | Default | Recommended | +|---|---|---| +| Greylist | 4 | 3 | +| Add header | 6 | 5 | +| Reject | 15 | 12 | + +Lowering the reject threshold from 15 to 12 catches more aggressive spam while avoiding false positives. + +**Modules to enable/verify:** + +| Module | Purpose | +|---|---| +| DKIM verification | Verify incoming DKIM signatures | +| SPF | Verify incoming SPF | +| DMARC | Enforce DMARC on inbound | +| MX Check | Verify sending domain has a valid MX | +| RBL (Realtime Blacklists) | Check sending IPs against blocklists | +| Greylisting | Temporary reject new senders (forces retry) | + +### Add CrowdSec as an Rspamd Feed + +If you also have the CrowdSec bouncer running on the MailCow host (or can reach it), you can feed CrowdSec decisions into Rspamd to reject mail from banned IPs. This is advanced but powerful — see the [CrowdSec Bouncer for Rspamd](https://hub.crowdsec.net) hub entry. + +--- + +## Deliverability Verification + +Run these checks after making any DNS or config changes: + +| Tool | What It Checks | URL | +|---|---|---| +| MXToolbox | SPF, DKIM, DMARC, MX, PTR, blacklists | mxtoolbox.com | +| mail-tester.com | Send a test email, get a 1–10 score | mail-tester.com | +| Port25 verifier | Send to check-auth@verifier.port25.com | Email-based | +| DKIM validator | Validates DKIM signature | dkimvalidator.com | +| Google Postmaster Tools | Gmail reputation monitoring (requires setup) | postmaster.google.com | +| Microsoft SNDS | Outlook/Hotmail reputation | sendersupport.olc.protection.outlook.com | + +> ✓ Aim for 9–10/10 on mail-tester.com. Anything below 8 indicates a misconfiguration that will hurt deliverability. + +--- + +## Keeping MailCow Updated + +MailCow has had several critical security vulnerabilities in 2025 (session fixation, SSTI, password reset poisoning). Staying current is non-negotiable. + +```bash +cd /opt/mailcow-dockerized + +# Pull latest images +docker compose pull + +# Apply update +./update.sh + +# Or if using the newer helper: +docker compose up -d +``` + +> ✓ Subscribe to the [MailCow blog](https://mailcow.email/posts/) or watch the [GitHub releases](https://github.com/mailcow/mailcow-dockerized/releases) for security advisories. The update cadence is roughly monthly. + +Set up a cron job or Monit check to alert you when MailCow is more than 30 days behind the latest release. + +--- + +## Checklist Summary + +| Item | Status | +|---|---| +| SPF includes both own IP and mxroute.com | ☐ | +| Two DKIM selectors (mailcow + mxroute) | ☐ | +| DMARC in monitoring mode, advancing to reject | ☐ | +| DMARC reports being processed (Postmark/dmarcian) | ☐ | +| MTA-STS policy published and enforced | ☐ | +| TLS-RPT record in DNS | ☐ | +| MXRoute relay connection uses TLS/encrypt level | ☐ | +| Admin UI restricted to internal network | ☐ | +| 2FA on admin and all privileged accounts | ☐ | +| Postfix TLS 1.2+ enforced via extra.cf | ☐ | +| Nginx security headers added | ☐ | +| Rate limits set on outbound per-domain | ☐ | +| MailCow updated to latest (monthly check) | ☐ | +| Rspamd thresholds reviewed | ☐ | +| PTR/rDNS record matches mail hostname | ☐ | + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — dedicated ATT_Mail virtual IP, port NAT +- [CrowdSec](./crowdsec) — IP reputation blocking at firewall level +- [Graylog](./graylog) — DMARC report and TLS-RPT ingestion target +- [Caddy Reverse Proxy](./caddy-reverse-proxy) — if MailCow webmail is proxied through Caddy diff --git a/Keystone-Grimoire/Mail/Install.md b/Keystone-Grimoire/Mail/Install.md new file mode 100644 index 0000000..fc7defa --- /dev/null +++ b/Keystone-Grimoire/Mail/Install.md @@ -0,0 +1,490 @@ +--- +title: Mailcow Dockerized Install and Config +description: +published: true +date: 2026-02-25T21:05:48.256Z +tags: +editor: markdown +dateCreated: 2026-02-25T21:05:38.864Z +--- + +# MailCow — Installation & Configuration + +**Host:** docker4 (192.168.5.16) +**Hostname:** hermes.netgrimoire.com +**Admin URL:** https://mail.netgrimoire.com +**Version:** 2025-10a (update 2026-01 available as of documentation date) +**Installed:** /opt/mailcow-dockerized +**Timezone:** America/Chicago +**Architecture:** x86_64 +**CPU:** 16 cores +**RAM:** 30.63 GB +**Disk:** /dev/nvme0n1p2 — 442G / 502G used (93% — monitor this) + +--- + +## Overview + +Mailcow runs as a Docker stack on docker4, attached to the `netgrimoire` overlay network. All containers use `restart: unless-stopped` via a compose override. Outbound mail routes through MXRoute via sender-dependent transports. Inbound mail arrives from MXRoute which acts as the public-facing inbound gateway (solving residential AT&T IP filtering issues with banks). + +See [MXRoute Master Configuration](./mxroute-master) for full inbound/outbound/DNS detail per domain. + +--- + +## Installation Paths + +| Path | Purpose | +|------|---------| +| `/opt/mailcow-dockerized/` | Mailcow root | +| `/opt/mailcow-dockerized/mailcow.conf` | Primary configuration file | +| `/opt/mailcow-dockerized/docker-compose.yml` | Base compose (do not edit) | +| `/opt/mailcow-dockerized/docker-compose.override.yml` | Local overrides — network and restart policy | +| `/opt/mailcow-dockerized/data/conf/postfix/extra.cf` | Persistent Postfix overrides | +| `/opt/mailcow-dockerized/data/conf/postfix/main.cf` | Postfix base config (managed by Mailcow) | +| `/opt/mailcow-dockerized/data/conf/rspamd/` | Rspamd configuration | +| `/opt/mailcow-dockerized/data/assets/ssl/` | TLS certificates | + +--- + +## mailcow.conf — Key Settings + +```ini +MAILCOW_HOSTNAME=hermes.netgrimoire.com +MAILCOW_PASS_SCHEME=BLF-CRYPT + +# Database +DBNAME=mailcow +DBUSER=mailcow +DBPASS=mg7Z8W9UsPlOh0S6vF7TmmPb6n1s +DBROOT=JdymsZFFACHkDcOdziQ53QruCTG2 + +# Redis +REDISPASS=6AduWQsmBYGMKfOi1CNEGQfTE3RH + +# Ports — HTTPS runs on 3443, proxied through Caddy +HTTP_PORT=80 +HTTP_BIND= +HTTPS_PORT=3443 +HTTPS_BIND= +HTTP_REDIRECT=n + +# Mail ports (standard) +SMTP_PORT=25 +SMTPS_PORT=465 +SUBMISSION_PORT=587 +IMAP_PORT=143 +IMAPS_PORT=993 +POP_PORT=110 +POPS_PORT=995 +SIEVE_PORT=4190 + +# Internal ports (localhost only) +DOVEADM_PORT=127.0.0.1:19991 +SQL_PORT=127.0.0.1:13306 +REDIS_PORT=127.0.0.1:7654 + +# TLS cert coverage +ADDITIONAL_SAN=smtp.*,imap.* +AUTODISCOVER_SAN=y + +# ACME / Let's Encrypt +SKIP_LETS_ENCRYPT=n +SKIP_IP_CHECK=y +SKIP_HTTP_VERIFICATION=y + +# Services — all enabled +SKIP_CLAMD=n +SKIP_OLEFY=n +SKIP_SOGO=n +SKIP_FTS=n + +# FTS (Flatcurve/Xapian) +FTS_HEAP=128 +FTS_PROCS=1 + +# Watchdog +USE_WATCHDOG=y +WATCHDOG_NOTIFY_START=y +WATCHDOG_NOTIFY_BAN=n +WATCHDOG_EXTERNAL_CHECKS=n + +# Networking +IPV4_NETWORK=172.22.1 +IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 +ENABLE_IPV6=false + +# Misc +MAILDIR_GC_TIME=7200 +MAILDIR_SUB=Maildir +SOGO_EXPIRE_SESSION=480 +SOGO_URL_ENCRYPTION_KEY=ojmPfhnM4MYMsA2f +ACL_ANYONE=disallow +ALLOW_ADMIN_EMAIL_LOGIN=n +DOCKER_COMPOSE_VERSION=native +COMPOSE_PROJECT_NAME=mailcow +LOG_LINES=9999 +``` + +--- + +## docker-compose.override.yml + +All services are attached to the external `netgrimoire` overlay network and set to `restart: unless-stopped`. The override does not change any image versions or environment variables — it only adds network membership and restart policy. + +```yaml +services: + unbound-mailcow: + networks: + netgrimoire: + restart: unless-stopped + + mysql-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + redis-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + clamd-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + rspamd-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + php-fpm-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + sogo-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + dovecot-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + postfix-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + postfix-tlspol-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + memcached-mailcow: + restart: unless-stopped + + nginx-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + acme-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + watchdog-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + dockerapi-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + olefy-mailcow: + networks: + - netgrimoire + restart: unless-stopped + + ofelia-mailcow: + networks: + - netgrimoire + restart: unless-stopped + +networks: + netgrimoire: + external: true + driver: overlay +``` + +--- + +## Container Image Versions + +From `docker-compose.yml` (base file — version 2025-10a): + +| Service | Image | +|---------|-------| +| unbound-mailcow | ghcr.io/mailcow/unbound:1.24 | +| mysql-mailcow | mariadb:10.11 | +| redis-mailcow | redis:7.4.6-alpine | +| clamd-mailcow | ghcr.io/mailcow/clamd:1.71 | +| rspamd-mailcow | ghcr.io/mailcow/rspamd:2.4 | +| php-fpm-mailcow | ghcr.io/mailcow/phpfpm:1.94 | +| sogo-mailcow | ghcr.io/mailcow/sogo:1.136 | +| dovecot-mailcow | ghcr.io/mailcow/dovecot:2.35 | +| postfix-mailcow | ghcr.io/mailcow/postfix:1.81 | +| postfix-tlspol-mailcow | ghcr.io/mailcow/postfix-tlspol:1.0 | +| memcached-mailcow | memcached:alpine | +| nginx-mailcow | ghcr.io/mailcow/nginx:1.05 | +| acme-mailcow | ghcr.io/mailcow/acme:1.94 | +| netfilter-mailcow | ghcr.io/mailcow/netfilter:1.63 | +| watchdog-mailcow | ghcr.io/mailcow/watchdog:2.09 | +| dockerapi-mailcow | ghcr.io/mailcow/dockerapi:2.11 | +| olefy-mailcow | ghcr.io/mailcow/olefy:1.15 | +| ofelia-mailcow | mcuadros/ofelia:latest | + +--- + +## Postfix Configuration + +### extra.cf + +``` +myhostname = hermes.netgrimoire.com +``` + +> The MXRoute trusted network entries should also be here. Current extra.cf only contains myhostname — confirm mynetworks is set correctly or add the MXRoute IP ranges if not already present via the UI. + +### Key Postfix Settings (from running config) + +``` +mynetworks = 127.0.0.0/8 172.22.1.0/24 10.0.1.0/24 [::1]/128 [fd4d:6169:6c63:6f77::]/64 [fe80::]/64 +message_size_limit = 104857600 # 100MB +mailbox_size_limit = 0 # unlimited +bounce_queue_lifetime = 1d +maximal_queue_lifetime = 5d +delay_warning_time = 4h +postscreen_dnsbl_threshold = 6 +postscreen_dnsbl_action = enforce +postscreen_greet_action = enforce +smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination +disable_vrfy_command = yes +broken_sasl_auth_clients = yes +``` + +--- + +## Domains + +10 domains configured. All active. + +| Domain | Mailboxes | Sender-Dependent Transport | Created | +|--------|-----------|---------------------------|---------| +| bamalady.com | 0 / 10 | *(not confirmed)* | — | +| bill740.com | 1 / 10 | *(not confirmed)* | — | +| florosafd.org | 4 / 10 | ID 4: heracles.mxrouting.net:587 (relay@florosafd.org) | 2025-11-21 | +| gnarlypandaproductions.com | 2 / 10 | ID 5: heracles.mxrouting.net:587 (relay@gnarlypandaproductions.com) | 2025-11-21 | +| netgrimoire.com | 2 / 10 | ID 2: heracles.mxrouting.net:587 (relay@netgrimoire.com) | 2025-11-21 | +| nucking-futz.net | 0 / 10 | *(not confirmed)* | — | +| pncfishandmore.com | 4 / 10 | ID 6: heracles.mxrouting.net:587 (relay@pncfishandmore.com) | — | +| pncharris.com | 4 / 10 | ID 3: heracles.mxrouting.net:587 (passer@pncharris.com) | 2025-11-21 | +| pncharrisenterprises.com | 2 / 10 | *(not confirmed from screenshots)* | — | +| wasted-bandwidth.net | 1 / 10 | ID 1: heracles.mxrouting.net:587 (relay@wasted-bandwidth.net) | — | + +> MXRoute relay hostname is `heracles.mxrouting.net:587` — note this differs from the generic `smtp.mxroute.com` placeholder used in setup docs. Always use `heracles.mxrouting.net:587` for this account. + +--- + +## Mailboxes + +19 active mailboxes across all domains: + +| Mailbox | Messages | Domain | +|---------|----------|--------| +| bill@bill740.com | 1 | bill740.com | +| chieflee@florosafd.org | 2124 | florosafd.org | +| cindy@pncfishandmore.com | 1109 | pncfishandmore.com | +| cindy@pncharris.com | 33797 | pncharris.com | +| cindy@pncharrisenterprises.com | 819 | pncharrisenterprises.com | +| dads_attic@pncharris.com | 0 | pncharris.com | +| jim.harris@florosafd.org | 8 | florosafd.org | +| kyle@gnarlypandaproductions.com | 486 | gnarlypandaproductions.com | +| kyle@pncfishandmore.com | 110 | pncfishandmore.com | +| kyle@pncharris.com | 31182 | pncharris.com | +| phil@florosafd.org | 5 | florosafd.org | +| phil@gnarlypandaproductions.com | 5 | gnarlypandaproductions.com | +| phil@netgrimoire.com | 1 | netgrimoire.com | +| phil@pncfishandmore.com | 10 | pncfishandmore.com | +| phil@pncharris.com | 3210 | pncharris.com | +| phil@pncharrisenterprises.com | 1 | pncharrisenterprises.com | +| times@florosafd.org | 191 | florosafd.org | +| traveler@netgrimoire.com | 3 | netgrimoire.com | +| traveler@wasted-bandwidth.net | 138 | wasted-bandwidth.net | + +--- + +## Aliases + +| ID | Alias | Target Domain | Internal | +|----|-------|---------------|---------| +| 7 | cindy@bamalady.com | bamalady.com | No | + +--- + +## Sender-Dependent Transports + +All outbound relay routes through `heracles.mxrouting.net:587`. This is your MXRoute server hostname — use this exact value when adding new transports. + +| ID | Host | Username | Password | +|----|------|----------|----------| +| 1 | heracles.mxrouting.net:587 | relay@wasted-bandwidth.net | dZ4yLYznVvgSJtqWZJFA | +| 2 | heracles.mxrouting.net:587 | relay@netgrimoire.com | TVGCnJp9SxRbWU8EhkMw | +| 3 | heracles.mxrouting.net:587 | passer@pncharris.com | bBJtPhrGkHvvhxhukkae | +| 4 | heracles.mxrouting.net:587 | relay@florosafd.org | 2Fe8XMyaeh6Z5dvdHYdq | +| 5 | heracles.mxrouting.net:587 | relay@gnarlypandaproductions.com | vG5ZsUQhRWD2UyzLPsqA | +| 6 | heracles.mxrouting.net:587 | relay@pncfishandmore.com | *(confirm from MXRoute panel)* | + +--- + +## DKIM Keys + +Two DKIM selectors are configured per domain — one for Mailcow (selector: `dkim`) and one added separately for MXRoute outbound signing. The Mailcow-managed keys use selector `dkim._domainkey`. + +### pncharris.com +``` +v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhgQV7r+KKQwJceWenZ3FNq8AsllgW6cIm/0jpsLT62vF1yy0nh2MdhjYgQAX2MK9HHYzNZcCB3+OPpqBbXeNbSDckxB/dC+z/vboMHrJmYonfaSYshZjSR80V/a2Yoq+hiXQ9eBcuOggENtMm4XvEsl/vOWLBMfasqe+X11gzQBeRv1tTaXJB0C4i7tAcfi0O/AxH8QFTr2099+k2iepn8J15ukk1zu4zemBJj4Z3uFTNnBP8YpgKbYoUDyMVIKIxGjANVBBypcrMKavpQ4F1JLhgGFhWAsAuFRwZsnOaftZyMuzAZxM37DTd/bF2WanmK3Xe75SN5uOnEXjuzW/wIDAQAB +``` + +### netgrimoire.com +``` +v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoJ9YKqV9+6gOcVKI+UJ0TRcMmergxU8HLO+mwTMfqOhblsEcDPO60c8ya24iIXg51AA2k5Xcbb0bLScaaIi0P/TRzP/bonAZkPS1Y8Fx1se9dikTsA9Lazho u6DvoFkkV/IPH1ZNg68Cd9teAD5tvoY18OSneJJsocXwFo57c+XccUaTxjpV7eReuT4da7iNHMmUmZNfKenxVMKD740zrDJAeAsXtEb/71CochHYSm+qAvuG9/WPixJbMsJLF/iVhV3Byp0LCrB+CwGTwnsiUcd7QpuD6rRs/7zzdGBtoN22m/j390GimFstYvB61I20h8sHWGAG66dLko6Sgvs47wIDAQAB +``` + +### gnarlypandaproductions.com +``` +v=DKIM1;k=rsa;t=s;s=email;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... +``` +*(scroll cut off in screenshot — retrieve full key from Mailcow UI → Edit domain → bottom of page)* + +> All other domain DKIM keys should be retrieved from the Mailcow domain edit page and recorded here for disaster recovery completeness. + +--- + +## Network Configuration + +Mailcow containers join the `netgrimoire` external overlay network, allowing communication with other Docker Swarm services (Caddy reverse proxy, etc.) without exposing ports directly to the host network. + +**Internal Docker network:** `172.22.1.0/24` + +Key container IPs within the mailcow-network: +- unbound: 172.22.1.254 +- redis: 172.22.1.249 +- sogo: 172.22.1.248 +- dovecot: 172.22.1.250 +- postfix: 172.22.1.253 + +**IPv6:** disabled (`ENABLE_IPV6=false`) + +--- + +## Caddy Reverse Proxy + +Mailcow's nginx listens on HTTPS port 3443 internally. Caddy proxies external requests to it. Mailcow handles its own TLS for direct mail client connections (IMAP 993, SMTP 465/587). + +The admin UI at `mail.netgrimoire.com` is proxied through Caddy on the `netgrimoire` overlay network. + +--- + +## Updating Mailcow + +```bash +cd /opt/mailcow-dockerized + +# Pull latest +git fetch origin +git checkout origin/master + +# Update containers +docker compose pull +./update.sh +``` + +> As of documentation date, version 2026-01 is available. Current running version is 2025-10a. Update when convenient — check the [MailCow changelog](https://github.com/mailcow/mailcow-dockerized/releases) for breaking changes first. + +Monthly update check is recommended. MailCow had multiple security vulnerabilities in 2025 — staying current is important. + +--- + +## Common Operations + +### Restart all containers +```bash +cd /opt/mailcow-dockerized +docker compose restart +``` + +### Restart single container (e.g. after extra.cf change) +```bash +docker compose restart postfix-mailcow +``` + +### View logs +```bash +# Postfix +docker compose logs postfix-mailcow -f + +# Dovecot +docker compose logs dovecot-mailcow -f + +# All containers +docker compose logs -f +``` + +### Check queue +```bash +docker exec mailcow-postfix-mailcow-1 postqueue -p +``` + +### Flush queue +```bash +docker exec mailcow-postfix-mailcow-1 postqueue -f +``` + +### Check container health +```bash +docker compose ps +``` + +--- + +## Known Gotchas + +**Disk usage is at 93%.** The nvme0n1p2 volume has 442G used of 502G. This needs attention — vmail storage grows over time and garbage collection runs hourly but only removes items older than 7200 minutes (5 days). Monitor this and consider quota enforcement per mailbox if growth continues. + +**extra.cf is minimal.** The MXRoute trusted network IPs should be confirmed in the running Postfix config. The `mynetworks` value from `postconf` shows `10.0.1.0/24` is already trusted — confirm whether MXRoute IP ranges `69.167.160.0/19` and `198.54.120.0/22` are included. If not, add them to extra.cf and restart postfix. + +**MXRoute relay hostname.** The actual relay hostname for this account is `heracles.mxrouting.net:587` — not the generic `smtp.mxroute.com` placeholder. All 6 transports use `heracles.mxrouting.net:587`. Use this exact hostname for any new transport entries. + +**pncharris.com uses passer@ not relay@.** Transport ID 3 for pncharris.com authenticates as `passer@pncharris.com`, not `relay@pncharris.com`. This is intentional — the relay@ account exists but passer@ is the current active relay credential. + +**HTTPS on port 3443.** Mailcow's web UI is not on the standard 443 — it binds to 3443 and Caddy handles the public-facing 443 proxy. Direct access to the UI requires going through Caddy or using the internal port. + +**nucking-futz.net vs nucking-futz.com.** The domains list shows `nucking-futz.net` but the intended new domain is `nucking-futz.com`. Verify which is actually configured and correct if needed. + +**bamalady.com and bill740.com** have no transport assigned in the screenshots. Confirm whether these domains need MXRoute relay configured. + +--- + +## Related Documentation + +- [MXRoute Master Configuration](./mxroute-master) — per-domain DNS, inbound forwarding, outbound relay credentials +- [Mail Setup — nucking-futz.com](./mail-setup-nucking-futz) — new domain setup guide +- [MailCow Security Hardening](./mailcow-security-hardening) +- [Caddy Reverse Proxy](./caddy-reverse-proxy) — proxies mail.netgrimoire.com to port 3443 +- [OPNsense Firewall](./opnsense-firewall) — ATT_Mail static IP, port forwarding rules diff --git a/Keystone-Grimoire/Mail/MXRoute-Integration.md b/Keystone-Grimoire/Mail/MXRoute-Integration.md new file mode 100644 index 0000000..2995689 --- /dev/null +++ b/Keystone-Grimoire/Mail/MXRoute-Integration.md @@ -0,0 +1,430 @@ +--- +title: Integrating MXRoute with MailCow +description: +published: true +date: 2026-02-25T21:04:37.135Z +tags: +editor: markdown +dateCreated: 2026-02-25T19:22:31.514Z +--- + +# MXRoute — Master Configuration Reference + +## Overview + +MXRoute serves two roles in Netgrimoire mail infrastructure: + +- **Inbound gateway** — MX records for all domains point to MXRoute's commercial IPs, solving residential AT&T IP filtering by banks and financial institutions. MXRoute receives mail and forwards to Mailcow via per-address forwarders. +- **Outbound relay** — Mailcow sends all outbound mail through MXRoute via sender-dependent transports for improved deliverability. + +**Mail flow:** + +``` +Inbound: Internet → MXRoute (commercial IP) → Mailcow (192.168.5.16) +Outbound: Mailcow (192.168.5.16) → MXRoute SMTP relay → Internet +``` + +**Mailcow host:** 192.168.5.16 +**MXRoute control panel:** confirm server hostname from MXRoute welcome email (e.g. `arrow.mxrouting.net`) +**MXRoute SMTP relay:** confirm from welcome email (e.g. `smtp.mxroute.com:587`) + +--- + +## Architecture — Why Two Domains Per Hosted Domain + +MXRoute forwarders require a valid destination email address. Forwarding `user@domain.com` back to `user@domain.com` creates a mail loop because MXRoute would look up the MX for `domain.com` and find itself. The solution is a `mail.domain.com` subdomain with its own MX record pointing directly to Mailcow. MXRoute forwards to `user@mail.domain.com`, Mailcow accepts and delivers, and an alias domain maps `@domain.com` back so users only ever see `@domain.com`. + +``` +domain.com MX → MXRoute (public-facing, receives from internet) +mail.domain.com MX → 192.168.5.16 (internal, MXRoute forwards here) +``` + +--- + +## MXRoute Control Panel + +**Login:** confirm URL from MXRoute welcome email +**Interface:** MXRoute 4.0 (new UI — not old DirectAdmin) + +### Creating a Forwarder + +1. Go to **Forwarders** +2. Click **Create New Forwarder** +3. Set **Forwarder Name:** `username` (domain shown automatically) +4. Set **Destination Type:** `Forward to Email(s)` +5. Set **Recipients:** `username@mail.domain.com` +6. Click **Create Forwarder** + +> Recipients field accepts multiple addresses comma or newline separated. + +--- + +## Mailcow Configuration + +### Adding a New Domain (One-Time Per Domain) + +1. **Mail Setup → Domains → Add domain** + - Domain: `mail.domain.com` (the subdomain Mailcow owns) + - Leave relay settings as default + +2. **Mail Setup → Alias Domains → Add alias domain** + - Alias Domain: `domain.com` + - Target Domain: `mail.domain.com` + - This makes Mailcow accept and deliver mail for `@domain.com` to `@mail.domain.com` mailboxes + +3. **Configuration → ARC/DKIM Keys** + - Select domain `mail.domain.com` + - Selector: `mailcow` + - Key length: 2048 + - Generate and copy TXT record for DNS + +4. **Configuration → Extra Postfix configuration → extra.cf** + +``` +# Trust MXRoute forwarding IPs — prevents SPF scoring on forwarded mail +mynetworks = 127.0.0.1/8 [::1]/128 192.168.5.0/24 69.167.160.0/19 198.54.120.0/22 +``` + +Restart affected containers after saving. + +### Adding a New Mailbox + +1. **Mail Setup → Mailboxes → Add mailbox** + - Username: `user` + - Domain: `mail.domain.com` + +2. **MXRoute control panel → Forwarders → Create New Forwarder** + - Forwarder: `user@domain.com` + - Destination: `user@mail.domain.com` + +### Outbound Relay — Sender-Dependent Transports + +One transport entry per domain. **Configuration → Routing → Sender-Dependent Transports** + +| Domain | Relay Host | Username | Password | +|--------|-----------|----------|----------| +| pncharris.com | `[smtp.mxroute.com]:587` | relay@pncharris.com | H@rv3yD)G123 | +| wasted-bandwidth.net | `[smtp.mxroute.com]:587` | relay@wasted-bandwidth.net | dZ4yLYznVvgSJtqWZJFA | +| netgrimoire.com | `[smtp.mxroute.com]:587` | relay@netgrimoire.com | TVGCnJp9SxRbWU8EhkMw | +| florosafd.org | `[smtp.mxroute.com]:587` | relay@florosafd.org | 2Fe8XMyaeh6Z5dvdHYdq | +| gnarlypandaproductions.com | `[smtp.mxroute.com]:587` | relay@gnarlypandaproductions.com | vG5ZsUQhRWD2UyzLPsqA | + +> Confirm SMTP relay hostname from MXRoute welcome email — substitute actual hostname for `smtp.mxroute.com` if different. + +### Email Client Settings (All Domains) + +| Setting | Value | +|---------|-------| +| IMAP server | `mail.domain.com` | +| IMAP port | `993` (SSL/TLS) | +| SMTP server | `mail.domain.com` | +| SMTP port | `465` (SSL/TLS) | +| Username | `user@domain.com` | + +> Users log in with `@domain.com`. Mailcow resolves to the internal `@mail.domain.com` mailbox via alias domain — transparent to the user. + +--- + +## DNS Reference — All Domains + +### DNS Pattern (Apply to Every Domain) + +Two sets of MX records are required — one for the public domain (pointing to MXRoute) and one for the mail subdomain (pointing directly to Mailcow). + +| Type | Host | Value | Notes | +|------|------|-------|-------| +| A | `mail` | `YOUR_ATT_MAIL_IP` | Mailcow server — MXRoute forwards here | +| MX | `@` | MXRoute primary (priority 10) | From MXRoute welcome email | +| MX | `@` | MXRoute secondary (priority 20) | From MXRoute welcome email | +| MX | `mail` | `mail.domain.com` (priority 10) | Mailcow handles subdomain directly | +| CNAME | `imap` | `mail.domain.com` | Client autoconfiguration | +| CNAME | `smtp` | `mail.domain.com` | Client autoconfiguration | +| CNAME | `webmail` | `mail.domain.com` | Roundcube access | +| CNAME | `autodiscover` | `mail.domain.com` | Outlook autodiscover | +| CNAME | `autoconfig` | `mail.domain.com` | Thunderbird autoconfig | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | SPF — both Mailcow direct and MXRoute relay | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | SPF for subdomain — Mailcow direct only | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | DMARC enforcement | +| TXT | `mailcow._domainkey.mail` | *(generated in Mailcow ARC/DKIM Keys)* | Mailcow DKIM selector | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | MXRoute DKIM selector — confirm actual selector name | + +--- + +### pncharris.com + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.pncharris.com` (priority 10) | +| CNAME | `imap` | `mail.pncharris.com` | +| CNAME | `smtp` | `mail.pncharris.com` | +| CNAME | `webmail` | `mail.pncharris.com` | +| CNAME | `autodiscover` | `mail.pncharris.com` | +| CNAME | `autoconfig` | `mail.pncharris.com` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.pncharris.com)* | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | + +**Mailcow domains:** `mail.pncharris.com` (primary), `pncharris.com` (alias domain → mail.pncharris.com) + +**Relay credentials:** + +| Account | Password | Notes | +|---------|----------|-------| +| relay@pncharris.com | H@rv3yD)G123 | Current relay account | +| forwarder@pncharris.com | *(see password history below)* | Legacy account | +| passer@pncharris.com | bBJtPhrGkHvvhxhukkae | Current | +| kylr pncharris | -,68,incTeR | | +| G4@rlyf1ng3r | *(Feb 14)* | | + +**passer@pncharris.com password history** (most recent last): +- !5!,_\*zDyLEhhR4 +- sh7dXWnTPqbkDGsTcwtn +- MY3V8p69b2HYksygxhXX +- RS6U2GU6rcYe3THKKgYx +- yzqNysrd73yzWptVEZ5H (current) + +--- + +### wasted-bandwidth.net + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.wasted-bandwidth.net` (priority 10) | +| CNAME | `imap` | `mail.wasted-bandwidth.net` | +| CNAME | `smtp` | `mail.wasted-bandwidth.net` | +| CNAME | `webmail` | `mail.wasted-bandwidth.net` | +| CNAME | `autodiscover` | `mail.wasted-bandwidth.net` | +| CNAME | `autoconfig` | `mail.wasted-bandwidth.net` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.wasted-bandwidth.net)* | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | + +**Mailcow domains:** `mail.wasted-bandwidth.net` (primary), `wasted-bandwidth.net` (alias domain) + +**Relay credentials:** + +| Account | Password | +|---------|----------| +| relay@wasted-bandwidth.net | dZ4yLYznVvgSJtqWZJFA | + +--- + +### netgrimoire.com + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.netgrimoire.com` (priority 10) | +| CNAME | `imap` | `mail.netgrimoire.com` | +| CNAME | `smtp` | `mail.netgrimoire.com` | +| CNAME | `webmail` | `mail.netgrimoire.com` | +| CNAME | `autodiscover` | `mail.netgrimoire.com` | +| CNAME | `autoconfig` | `mail.netgrimoire.com` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.netgrimoire.com)* | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | + +**Mailcow domains:** `mail.netgrimoire.com` (primary), `netgrimoire.com` (alias domain) + +**Relay credentials:** + +| Account | Password | +|---------|----------| +| relay@netgrimoire.com | TVGCnJp9SxRbWU8EhkMw | + +--- + +### florosafd.org + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.florosafd.org` (priority 10) | +| CNAME | `imap` | `mail.florosafd.org` | +| CNAME | `smtp` | `mail.florosafd.org` | +| CNAME | `webmail` | `mail.florosafd.org` | +| CNAME | `autodiscover` | `mail.florosafd.org` | +| CNAME | `autoconfig` | `mail.florosafd.org` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.florosafd.org)* | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | + +**Mailcow domains:** `mail.florosafd.org` (primary), `florosafd.org` (alias domain) + +**Relay credentials:** + +| Account | Password | +|---------|----------| +| relay@florosafd.org | 2Fe8XMyaeh6Z5dvdHYdq | + +--- + +### gnarlypandaproductions.com + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.gnarlypandaproductions.com` (priority 10) | +| CNAME | `imap` | `mail.gnarlypandaproductions.com` | +| CNAME | `smtp` | `mail.gnarlypandaproductions.com` | +| CNAME | `webmail` | `mail.gnarlypandaproductions.com` | +| CNAME | `roundcube` | `roundcube.netgrimoire.com` | +| CNAME | `autodiscover` | `mail.gnarlypandaproductions.com` | +| CNAME | `autoconfig` | `mail.gnarlypandaproductions.com` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@gnarlypandaproductions.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.gnarlypandaproductions.com)* | +| TXT | `default._domainkey` | `v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3D3vyPoBHB4eMSMq8HygVWHzYbketRX4yjk9wV4bdaar0/c89dK230FMOW6zVXEsY1sXKFk1kBxerHVw0wY8qnQyooHgINEQcEXrtB/x93Sl/cqBQXk+PHOIOymQwgni8WCUhCSnvunxXK8qX5f9J56qzd0/wpY2WSEHho+XrnQjc+c7HMvkcC3+nKJe59ZNgvQW/Y9B/L6zFDjAp+QOUYp9wwX4L+j1T4fQSygYxAJZ0aIoR8FsbOuXc38pht99HyUnYwH08HoK7xv3DL2BrVo3KVZ7xMe2S4YMxd1HkJz2evbV/ziNsJcKW/le3fFS7mza09yJXDLDcLOKLXbYUQIDAQAB` | +| TXT | `x._domainkey` | *(from MXRoute control panel — confirm actual selector)* | + +**Mailcow domains:** `mail.gnarlypandaproductions.com` (primary), `gnarlypandaproductions.com` (alias domain) + +**Relay credentials:** + +| Account | Password | +|---------|----------| +| relay@gnarlypandaproductions.com | vG5ZsUQhRWD2UyzLPsqA | + +--- + +### nucking-futz.com + +New domain — see [Mail Setup — nucking-futz.com](./mail-setup-nucking-futz) for full setup guide. + +| Type | Host | Value | +|------|------|-------| +| A | `mail` | YOUR_ATT_MAIL_IP | +| MX | `@` | MXRoute primary (priority 10) | +| MX | `@` | MXRoute secondary (priority 20) | +| MX | `mail` | `mail.nucking-futz.com` (priority 10) | +| CNAME | `imap` | `mail.nucking-futz.com` | +| CNAME | `smtp` | `mail.nucking-futz.com` | +| CNAME | `webmail` | `mail.nucking-futz.com` | +| CNAME | `autodiscover` | `mail.nucking-futz.com` | +| CNAME | `autoconfig` | `mail.nucking-futz.com` | +| TXT | `@` | `v=spf1 ip4:YOUR_ATT_MAIL_IP include:mxroute.com -all` | +| TXT | `mail` | `v=spf1 ip4:YOUR_ATT_MAIL_IP -all` | +| TXT | `_dmarc` | `v=DMARC1; p=reject; rua=mailto:admin@netgrimoire.com` | +| TXT | `mailcow._domainkey.mail` | *(from Mailcow ARC/DKIM Keys for mail.nucking-futz.com)* | +| TXT | `x._domainkey` | *(from MXRoute control panel)* | + +**Mailcow domains:** `mail.nucking-futz.com` (primary), `nucking-futz.com` (alias domain) + +**Relay credentials:** + +| Account | Password | +|---------|----------| +| relay@nucking-futz.com | *(set during MXRoute domain creation)* | + +--- + +## Adding a New Domain — Checklist + +Use this checklist every time a new domain is added to the stack. + +**DNS (at registrar):** +- [ ] A record: `mail.newdomain.com` → YOUR_ATT_MAIL_IP +- [ ] MX records: `@` → MXRoute servers +- [ ] MX record: `mail` → `mail.newdomain.com` +- [ ] CNAME records: imap, smtp, webmail, autodiscover, autoconfig +- [ ] SPF TXT: `@` — includes both ATT IP and `include:mxroute.com` +- [ ] SPF TXT: `mail` — ATT IP only +- [ ] DMARC TXT: `_dmarc` +- [ ] DKIM TXT: `mailcow._domainkey.mail` — after generating in Mailcow +- [ ] DKIM TXT: `x._domainkey` — after retrieving from MXRoute + +**Mailcow:** +- [ ] Add domain: `mail.newdomain.com` +- [ ] Add alias domain: `newdomain.com` → `mail.newdomain.com` +- [ ] Generate DKIM key (selector: `mailcow`) for `mail.newdomain.com` +- [ ] Add sender-dependent transport for `newdomain.com` +- [ ] Add sender-dependent transport for `mail.newdomain.com` +- [ ] Create mailboxes as `user@mail.newdomain.com` + +**MXRoute:** +- [ ] Add domain in control panel +- [ ] Create forwarder for each mailbox: `user@newdomain.com` → `user@mail.newdomain.com` +- [ ] Retrieve DKIM key for DNS + +--- + +## Troubleshooting + +### Mail not delivering inbound (not reaching Mailcow) + +- Check MX records for `@` point to MXRoute servers: `dig MX domain.com +short` +- Check MX record for `mail` subdomain points to Mailcow: `dig MX mail.domain.com +short` +- Verify MXRoute forwarder exists for the address in the control panel +- Check Mailcow logs: **Logs → Postfix** — look for the delivery attempt and any rejection reason +- Verify MXRoute IP ranges are in Mailcow `extra.cf` trusted networks + +### Mail not delivering inbound (banks / financial institutions) + +- This is the residential AT&T IP problem — confirm MX records point to MXRoute, not directly to your IP +- Run `dig MX domain.com +short` — should show MXRoute servers, not your IP +- If MX still points to your ATT IP, update DNS and wait for propagation + +### Outbound mail rejected or going to spam + +- Verify sender-dependent transport is configured for the domain in Mailcow +- Check relay credentials are current in the transport entry +- Run an SPF check: `dig TXT domain.com +short` — confirm `include:mxroute.com` is present +- Send test to check-auth@verifier.port25.com for full SPF/DKIM/DMARC report +- Run through https://mail-tester.com for a deliverability score + +### DKIM verification failing + +- Confirm both selectors are published in DNS: + - `dig TXT mailcow._domainkey.mail.domain.com +short` + - `dig TXT x._domainkey.domain.com +short` (substitute actual MXRoute selector) +- Allow up to 48 hours for DNS propagation after adding records +- Verify selector names match exactly what Mailcow and MXRoute are using to sign + +### DMARC failures + +- SPF and DKIM must both pass and align with the From: domain +- Check DMARC reports sent to `admin@netgrimoire.com` — use [Postmark DMARC](https://dmarc.postmarkapp.com/) or [dmarcian.com](https://dmarcian.com) to parse raw XML reports +- Common cause: outbound mail going through MXRoute but `include:mxroute.com` missing from SPF + +### Forwarded mail getting spam-scored + +- Confirm MXRoute IP ranges are in Mailcow `extra.cf` mynetworks +- Check that Mailcow trusted networks were saved and containers restarted +- Verify SRS is working: in Roundcube open a forwarded message → More → View Source → `Return-Path` should begin with `SRS0=` + +### New mailbox not receiving mail + +- Two steps are required — confirm both were done: + 1. Mailbox created in Mailcow as `user@mail.domain.com` + 2. Forwarder created in MXRoute as `user@domain.com` → `user@mail.domain.com` +- If the MXRoute forwarder is missing, inbound mail silently goes nowhere + +--- + +## Related Documentation + +- [MailCow Configuration](./mailcow) +- [MailCow Security Hardening](./mailcow-security-hardening) +- [Mail Setup — nucking-futz.com](./mail-setup-nucking-futz) +- [OPNsense Firewall](./opnsense-firewall) — ATT_Mail static IP allocation diff --git a/Keystone-Grimoire/Mail/MailCow-Overview.md b/Keystone-Grimoire/Mail/MailCow-Overview.md new file mode 100644 index 0000000..f063404 --- /dev/null +++ b/Keystone-Grimoire/Mail/MailCow-Overview.md @@ -0,0 +1,85 @@ +--- +title: MailCow Overview +description: Self-hosted mail stack — architecture, domains, and key decisions +published: true +date: 2026-04-12T00:00:00.000Z +tags: keystone, mail, mailcow +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# MailCow Overview + +MailCow runs on `docker4` (hermes, 192.168.5.16) via Docker Compose — not Swarm. It manages mail for all 8 domains. + +--- + +## Architecture + +| Component | Role | +|-----------|------| +| MailCow stack | Postfix, Dovecot, Rspamd, ClamAV, SOGo, Roundcube, nginx-mailcow | +| MXRoute | Inbound filtering + outbound relay for all domains | +| nginx-mailcow | Only MailCow container connected to `netgrimoire` overlay | + +**Critical:** Only `nginx-mailcow` is attached to the `netgrimoire` overlay network. All other MailCow containers stay on the internal `mailcow-network` bridge. Connecting other containers to the overlay causes Redis and PHP-FPM to resolve to wrong IPs, breaking the entire stack. + +--- + +## Domains + +`netgrimoire.com` · `pncharris.com` · `wasted-bandwidth.net` · `nucking-futz.com` · `florosafd.org` · `gnarlypandaproductions.com` · `pncfishandmore.com` · `pncharrisenterprises.com` + +--- + +## Mail Flow + +**Inbound:** MXRoute filters → forwards to MailCow → Dovecot delivers + +**Outbound:** Postfix → MXRoute relay → recipient + +**SRS rewriting:** MXRoute rewrites the envelope sender on forwarded mail. All domains using MXRoute inbound forwarding **must** have catch-all aliases configured in MailCow, or `reject_unlisted_sender` will reject the rewritten addresses. + +--- + +## DKIM + +Two selectors required: + +| Selector | Purpose | +|----------|---------| +| `mailcow` | Direct sends from MailCow | +| `mxroute` | MXRoute relay path | + +--- + +## Key Limits (must match across all three) + +Attachment size limits must be set identically in Postfix, Rspamd, and ClamAV. Changing only Postfix is insufficient — Rspamd and ClamAV reject large messages before Postfix processes them. + +--- + +## Roundcube SSL + +Internal connections to Dovecot use self-signed certs. In `config.inc.php`: + +```php +$config['imap_conn_options'] = ['ssl' => ['verify_peer' => false, 'verify_peer_name' => false]]; +``` + +--- + +## Related Docs + +- [MXRoute Integration](/Keystone-Grimoire/Mail/MXRoute-Integration) +- [Domain Setup](/Keystone-Grimoire/Mail/Domain-Setup) +- [MailCow Hardening](/Keystone-Grimoire/Mail/Hardening) +- [MailCow Backup](/Vault-Grimoire/Backups/MailCow-Backup) + +--- + +## Pending + +- [ ] Dedicated ATT_Mail static IP for outbound mail (OPNsense outbound NAT rule) +- [ ] Second DKIM selector (`mxroute`) validation +- [ ] MTA-STS validation (supported since Sep 2025 update) diff --git a/Keystone-Grimoire/Network/Port-Assignments.md b/Keystone-Grimoire/Network/Port-Assignments.md new file mode 100644 index 0000000..e08efff --- /dev/null +++ b/Keystone-Grimoire/Network/Port-Assignments.md @@ -0,0 +1,60 @@ +--- +title: Port Assignments +description: +published: true +date: 2026-02-20T04:21:52.996Z +tags: +editor: markdown +dateCreated: 2026-01-27T03:42:58.945Z +--- + +# Physical Paths + +|Device|IP|Room|Home Infra|DLink|TPLink|Closet|Inter Rack|Rack|Ubiquity| +|------|--|----|------|------|-------|------|----|----|--------| +|Dlink |5.2 |Office | |1| | | | |1 | +|ZNAS |5.10 | | |2| | | | | | +|Docker3 | | | |3| | | | | | +|Docker5 | | | |4| | | | | | +|DockerPi1 | | | |5| | | | | | +|DNS |5.7 | | |6| | | | | | +|Docker4 | | | | | | |W:7 |19|4 | +|Docker2 | | Office | | | | |W:5 |17|11| +|Time Machine| | | | | | |W:6 |18|12| +|Deco Satt | |Room 1 |1 | | | | | |15| +|Deco AP | |Office(E)|10-24| | |24|W:9 |21|20| +|TP Link | | | | |1|22|W:10|22|23| +|OpnSense |3.4 | | | | |23|W:11|23|24| +|OPnSense-Cox| | | | | | | | | | +| | | | | | | | | | | +| | |Room 2 |2 | | | | |2 | | +| | |Room 3 |3 | | | | |3 | | +| | |Living(E)|4 | | | | |4 | | +| | |Living(W)|5 | | | | |5 | | +| | |Family |6 | | | | |6 | | +| | |Pantry |7 | | | | |7 | | +| | |Room 4 |8 | | | | |8 | | +| | |Gym |9 | | | | |9 | | +| | |Office(S)|11 | | | | |11| | +| | |Office(W)|12 | | | | |12| | +| | |Office(W)|13 | | | | |13| | +| | |Office(W)|14 | | | | |14| | +| | |Office(W)|15 | | | | |15| | +| | |Office(W)|16 | | | | |16| | +| | |Office(N)|17 | | | | |17| | +| | |Office(N)|18 | | | | |18| | +| | |Office(N)|19 | | | | |19| | +| | |Office(N)|20 | | | | |20| | + +Note: For rooms N,E,S,W are compass directions + For InterRack, W - wall, H - Hallway + + + + + + + + + + diff --git a/Keystone-Grimoire/Network/Topology.md b/Keystone-Grimoire/Network/Topology.md new file mode 100644 index 0000000..bdb95b8 --- /dev/null +++ b/Keystone-Grimoire/Network/Topology.md @@ -0,0 +1,49 @@ +--- +title: Network Topology +description: Netgrimoire network layout — VLANs, subnets, routing +published: true +date: 2026-04-12T00:00:00.000Z +tags: keystone, network +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Network Topology + +## Subnets + +| Subnet | Purpose | +|--------|---------| +| 192.168.3.0/24 | OPNsense / firewall management | +| 192.168.4.0/24 | ISPConfig / web hosting | +| 192.168.5.0/24 | Primary LAN — all Docker hosts | +| 192.168.8.0/24 | Pocket Grimoire (GL.iNet Beryl AX) | +| 192.168.32.0/24 | WireGuard VPN peers | + +## WireGuard Peers + +| Peer | IP | Device | +|------|----|--------| +| Obie | 192.168.32.2 | — | +| pncfishandmore | 192.168.32.3 | — | +| GLNet | 192.168.32.4 | GL.iNet router | +| PortaPotty | 192.168.32.5 | Pocket Grimoire laptop | +| GLNet | 192.168.32.6 | Second GL.iNet | + +## DNS + +Internal DNS runs on Technitium at `192.168.5.7` (`dns.netgrimoire.com`), behind Authentik. + +All `*.netgrimoire.com` and `*.wasted-bandwidth.net` internal hostnames resolve via Technitium. Public DNS managed via ISPConfig and domain registrars. + +## Docker Overlay Network + +All Swarm services share the `netgrimoire` external overlay network (VIP mode). This is the only overlay network in use. + +``` +Name: netgrimoire +Driver: overlay +Mode: VIP (always — dnsrr is banned) +``` + +See [Docker Swarm Template](/Keystone-Grimoire/Docker/Swarm-Template) for attachment rules. diff --git a/Keystone-Grimoire/Overview.md b/Keystone-Grimoire/Overview.md new file mode 100644 index 0000000..ba8f0ee --- /dev/null +++ b/Keystone-Grimoire/Overview.md @@ -0,0 +1,36 @@ +--- +title: Keystone Grimoire +description: Architecture — the dwarven runesmith's blueprints +published: true +date: 2026-04-12T00:00:00.000Z +tags: keystone, architecture +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Keystone Grimoire + +![keystone-badge](/images/keystone-badge.png) + +The Keystone Grimoire holds the architectural blueprints of Netgrimoire — how everything is wired together, how traffic flows, why decisions were made. Remove the keystone and the arch falls. This is the arch. + +--- + +## Sections + +| Section | Contents | +|---------|----------| +| [Hosts](/Keystone-Grimoire/Hosts/Host-Inventory) | Node inventory, roles, IPs, pinned services, hardware | +| [Network](/Keystone-Grimoire/Network/Topology) | Topology, VLANs, DNS, WireGuard, OpenVPN, port assignments | +| [Docker](/Keystone-Grimoire/Docker/Swarm-Template) | Swarm template standard, overlay network, label rules, volume paths | +| [Mail](/Keystone-Grimoire/Mail/MailCow-Overview) | MailCow, MXRoute, DKIM, SRS, domain setup, hardening | + +--- + +## Key Principles + +- **Caddy is the single entry point** for all web traffic. Every public service goes through Caddy. No exceptions. +- **Docker labels drive routing** — services register themselves with Caddy via `deploy.labels`. Static Caddyfile entries only for Compose stacks where label pickup is unreliable. +- **Never mix label and static routing for the same hostname** — caddy-docker-proxy merges them into a broken upstream pool. +- **Always VIP endpoint mode** — `endpoint_mode: dnsrr` is banned. It breaks internal DNS resolution. +- **ARM nodes are excluded by default** — all swarm services carry `node.platform.arch != aarch64` and `node.platform.arch != arm` constraints unless explicitly ARM-specific. diff --git a/Netgrimoire/Audits/Calibre-web-2026-04-03.md b/Netgrimoire/Audits/Calibre-web-2026-04-03.md new file mode 100644 index 0000000..7fa44f7 --- /dev/null +++ b/Netgrimoire/Audits/Calibre-web-2026-04-03.md @@ -0,0 +1,26 @@ +--- +title: Audit - Calibre-web.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:30:36.844Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:30:36.844Z +--- + +# Audit Report — Calibre-web.yaml + +**Date:** 2026-04-03 +**File:** swarm/Calibre-web.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +PASS: Homepage labels (homepage.group, homepage.name, homepage.icon, homepage.href, homepage.description) are all present and correctly configured. +FAIL: Caddy labels on exposed services are incorrect. The caddy.labels should be set to a single string value containing all domains separated by commas, not an array. Correct format would be "caddy=books.netgrimoire.com, books.pncharris.com". +PASS: Placement constraints (node.hostname) are correctly specified as 'znas'. +PASS: Volumes use the /DockerVol/ path convention. +PASS: Network references the external netgrimoire overlay. + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/JellySeer-2026-04-03.md b/Netgrimoire/Audits/JellySeer-2026-04-03.md new file mode 100644 index 0000000..6654d38 --- /dev/null +++ b/Netgrimoire/Audits/JellySeer-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - JellySeer.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:31:31.742Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:31:31.742Z +--- + +# Audit Report — JellySeer.yaml + +**Date:** 2026-04-03 +**File:** swarm/JellySeer.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT + +1. **Homepage labels**: + - `homepage.group`: "Media Search" — **PASS** + - `homepage.name`: "JellySeer" — **PASS** + - `homepage.icon`: "sh-jellyseerr.svg" — **PASS** + - `homepage.href`: "https://requests.netgrimoire.com" — **PASS** + - `homepage.description`: "Media Server" — **PASS** + +2. **Uptime Kuma labels**: + - `kuma.jellyseer.http.name`: "JellySeer" — **PASS** + - `kuma.jellyseer.http.url`: "http://jellyseer:5055" — **PASS** + +3. **Caddy labels on exposed services**: + - `caddy: requests.netgrimoire.com` — **PASS** + - `caddy.reverse_proxy: http://jellyseer:5055` — **PASS** + +4. **Placement constraints**: + - `node.hostname == docker5` — **PASS** + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/JellySeer/config:/app/config` — **PASS** + - `/data/nfs/znas/Data/media:/data:shared` — **FAIL**: The volume `/data/nfs/znas/Data/media:/data:shared` does not follow the `/DockerVol/` path convention. It is recommended to use a volume path that follows this convention for better organization and consistency. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network — **PASS** + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/JellyStat-2026-04-03.md b/Netgrimoire/Audits/JellyStat-2026-04-03.md new file mode 100644 index 0000000..a05f21c --- /dev/null +++ b/Netgrimoire/Audits/JellyStat-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - JellyStat.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:32:31.251Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:32:31.251Z +--- + +# Audit Report — JellyStat.yaml + +**Date:** 2026-04-03 +**File:** swarm/JellyStat.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit Results: + +1. **Homepage labels**: + - `homepage.group=Library` — **PASS** + - `homepage.name=JellyStat` — **PASS** + - `homepage.icon=jellystat.png` — **FAIL**: The icon file path should be relative to the service's context or a valid absolute URL. + - **Fix**: Update the icon path to use a valid location. + - `homepage.href=http://jellystat.netgrimoire.com` — **PASS** + - `homepage.description=Jelly Stats` — **PASS** + +2. **Uptime Kuma labels**: + - The service does not appear to be Uptime Kuma; the labels are irrelevant here. **PASS** + +3. **Caddy labels on exposed services**: + - `caddy=jellystat.netgrimoire.com` — **PASS** + - `caddy.reverse_proxy="{{upstreams 3000}}"` — **PASS** + - **Note**: Ensure that the reverse proxy configuration is correct and functional within your Caddy setup. + +4. **Placement constraints**: + - `node.hostname == bruce` — **PASS** + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/jellystat/postgres-data` — **PASS** + - `/DockerVol/jellystat/backup-data` — **PASS** + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` — **PASS** + +### VERDICT: FAIL + +The audit has identified one issue that needs to be addressed. Specifically, the `homepage.icon` label should use a valid file path or URL for the icon image. Once this is resolved, the audit will pass. \ No newline at end of file diff --git a/Netgrimoire/Audits/README.md b/Netgrimoire/Audits/README.md new file mode 100644 index 0000000..6a46876 --- /dev/null +++ b/Netgrimoire/Audits/README.md @@ -0,0 +1,31 @@ +--- +title: Audit Reports +description: Gremlin-generated YAML compliance audit reports +published: true +date: 2026-04-12T00:00:00.000Z +tags: audits, gremlin +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Audit Reports + +Audit reports are auto-generated weekly by the Gremlin Forgejo Audit workflow (n8n, Monday 06:00). Each report checks a single compose YAML file against the Netgrimoire Docker Swarm template standard. + +See [Gremlin Grimoire — Forgejo Audit Workflow](/Gremlin-Grimoire/Workflows/Forgejo-Audit) for full workflow documentation. + +## What Gets Checked + +- Homepage labels present on all services +- Uptime Kuma labels present on all services +- Caddy labels on exposed services +- Placement constraints (ARM exclusion defaults) +- Volume paths follow `/DockerVol/` or `/data/nfs/znas/Docker/` convention +- No forbidden fields (`version:`, `container_name:`, `restart:`, `depends_on:`) +- `endpoint_mode: dnsrr` not used (always VIP) +- `diun.enable: "true"` present +- Network references `netgrimoire` external overlay + +## Report Files + +Reports follow the naming convention `-.md`. Files here are committed automatically by n8n — do not edit manually. diff --git a/Netgrimoire/Audits/SQL-mgmt-2026-04-03.md b/Netgrimoire/Audits/SQL-mgmt-2026-04-03.md new file mode 100644 index 0000000..71149b8 --- /dev/null +++ b/Netgrimoire/Audits/SQL-mgmt-2026-04-03.md @@ -0,0 +1,107 @@ +--- +title: Audit - SQL-mgmt.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:34:04.814Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:34:04.814Z +--- + +# Audit Report — SQL-mgmt.yaml + +**Date:** 2026-04-03 +**File:** swarm/SQL-mgmt.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT REPORT + +#### Homepage Labels +1. **PASS**: `phpmyadmin` + - `homepage.group=Management` + - `homepage.name=PHPMyadmin` + - `homepage.icon=phpmyadmin.png` + - `homepage.href=http://phpmyadmin.netgrimoire.com` + - `homepage.description=MySQL Manager` + +2. **PASS**: `phppgadmin` + - `homepage.group=Management` + - `homepage.name=PHPpgmyadmin` + - `homepage.icon=phppgmyadmin.png` + - `homepage.href=http://phppgmyadmin.netgrimoire.com` + - `homepage.description=Postgres Manager` + +#### Uptime Kuma Labels +1. **FAIL**: `phpmyadmin` and `phppgadmin` + - Missing labels: `kuma.msql.http.name`, `kuma.mealie.http.url`. + +2. **FIX**: + ```yaml + phpmyadmin: + deploy: + labels: + ... + kuma.msql.http.name="PHPMyadmin" + kuma.msql.http.url=http://phpmyadmin:80 + ... + + phppgadmin: + deploy: + labels: + ... + kuma.mealie.http.url=http://phppgmyadmin:80 + ... + ``` + +#### Caddy Labels on Exposed Services +1. **PASS**: `phpmyadmin` + - `caddy=phpmyadmin.netgrimoire.com` + - `caddy.reverse_proxy="{{upstreams 80}}"` + +2. **PASS**: `phppgadmin` + - `caddy=phppgmyadmin.netgrimoire.com` + - `caddy.reverse_proxy="{{upstreams 80}}"` + +#### Placement Constraints +1. **FAIL**: Both services are missing placement constraints (`node.hostname`). + +2. **FIX**: + ```yaml + phpmyadmin: + deploy: + labels: + ... + placement: + constraints: + - node.hostname== + + phppgadmin: + deploy: + labels: + ... + placement: + constraints: + - node.hostname== + ``` + +#### Volumes Use /DockerVol/ Path Convention +1. **FAIL**: Both services are missing volume configurations. + +2. **FIX**: + ```yaml + phpmyadmin: + volumes: + - /DockerVol/phpmyadmin:/var/lib/mysql + + phppgadmin: + volumes: + - /DockerVol/phppgadmin:/var/lib/postgresql/data + ``` + +#### Network References External `netgrimoire` Overlay +1. **PASS**: Both services correctly reference the external network `netgrimoire`. + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/authelia-2026-04-03.md b/Netgrimoire/Audits/authelia-2026-04-03.md new file mode 100644 index 0000000..657c19b --- /dev/null +++ b/Netgrimoire/Audits/authelia-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - authelia.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:34:59.760Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:34:59.760Z +--- + +# Audit Report — authelia.yaml + +**Date:** 2026-04-03 +**File:** swarm/authelia.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Homepage labels:** +- **PASS**: homepage.group=Management +- **PASS**: homepage.name=Authelia +- **PASS**: homepage.icon=authelia.png +- **PASS**: homepage.href=https://login.wasted-bandwidth.net +- **PASS**: homepage.description=SSO / Forward-Auth + +**Uptime Kuma labels:** +- **PASS**: kuma.authelia.http.name="Authelia" +- **PASS**: kuma.authelia.http.url=http://authelia:9091 + +**Caddy labels on exposed services:** +- **PASS**: caddy=login.wasted-bandwidth.net +- **PASS**: caddy.reverse_proxy={{upstreams 9091}} + +**Placement constraints:** +- **FAIL**: Both 'authelia' and 'redis' are constrained to run on the node 'nas', but there is no guarantee that 'nas' will always be available. Consider using a more flexible constraint. +- Fix: Change `constraints: - node.hostname == nas` to a more general placement strategy. + +**Volumes use /DockerVol/ path convention:** +- **PASS**: `/DockerVol/authelia/config:/config` +- **PASS**: `/DockerVol/authelia/secrets:/secrets` +- **PASS**: `/DockerVol/authelia/redis:/data` + +**Network references external netgrimoire overlay:** +- **PASS**: `networks: - netgrimoire` + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/authentik-2026-04-03.md b/Netgrimoire/Audits/authentik-2026-04-03.md new file mode 100644 index 0000000..2e58d14 --- /dev/null +++ b/Netgrimoire/Audits/authentik-2026-04-03.md @@ -0,0 +1,48 @@ +--- +title: Audit - authentik.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:36:24.241Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:36:24.241Z +--- + +# Audit Report — authentik.yaml + +**Date:** 2026-04-03 +**File:** swarm/authentik.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels** + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels** + - No Uptime Kuma service found, hence no labels to check. + +3. **Caddy labels on exposed services** + - `caddy=auth.netgrimoire.com` and `caddy.reverse_proxy="{{upstreams 9000}}"`: PASS + +4. **Placement constraints** + - `node.hostname == znas`: PASS for all services + +5. **Volumes use /DockerVol/ path convention** + - `/DockerVol/Authentik/Postgres`, `/DockerVol/Authentik/redis`, `/DockerVol/Authentik/media`, `/DockerVol/Authentik/custom-templates`: PASS + - `/var/run/docker.sock` for `worker` service: FAIL + +6. **Network references external netgrimoire overlay** + - `netgrimoire` network is referenced by both `authentik` and `worker` services, and it is set to `external: true`: PASS + +**Fixes Required** +- Update the `worker` service volume `/var/run/docker.sock:/var/run/docker.sock` to match the convention by using a Docker volume or bind mount with `/DockerVol/Authentik/docker.sock`. + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/bazarr-2026-04-03.md b/Netgrimoire/Audits/bazarr-2026-04-03.md new file mode 100644 index 0000000..46c05a6 --- /dev/null +++ b/Netgrimoire/Audits/bazarr-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - bazarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:37:15.344Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:37:15.344Z +--- + +# Audit Report — bazarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/bazarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit Report for `swarm/bazarr.yaml` + +#### Homepage Labels +- **PASS**: homepage.group, homepage.name, homepage.icon, homepage.href, homepage.description are all correctly defined. + +#### Uptime Kuma Labels +- **FAIL**: No Uptime Kuma labels found. Expected labels like `kuma.bazarr.http.name` and `kuma.bazarr.http.url`. + - **Fix**: Add the necessary labels for Uptime Kuma integration. + +#### Caddy Labels on Exposed Services +- **PASS**: caddy label is correctly defined as `caddy=bazarr.netgrimoire.com`. +- **FAIL**: The reverse proxy configuration in the Caddy label is incorrect. It should use `{{upstreams bazarr:6767}}` instead of `{{upstreams 6767}}`. + - **Fix**: Correct the reverse proxy configuration to `caddy.reverse_proxy: "{{upstreams bazarr:6767}}"`. + +#### Placement Constraints +- **PASS**: The node hostname constraint is correctly defined as `node.hostname == docker4`. + +#### Volumes Use /DockerVol/ Path Convention +- **FAIL**: Volume paths do not follow the `/DockerVol/` convention. + - **Fix**: Correct volume paths to follow the convention. For example, change `/DockerVol/bazarr/config` to `/DockerVol/bazarr/config`. + +#### Network References External Netgrimoire Overlay +- **PASS**: The network reference is correctly set to an external `netgrimoire` overlay. + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/beets-2026-04-03.md b/Netgrimoire/Audits/beets-2026-04-03.md new file mode 100644 index 0000000..8268f6a --- /dev/null +++ b/Netgrimoire/Audits/beets-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - beets.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:38:00.938Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:38:00.938Z +--- + +# Audit Report — beets.yaml + +**Date:** 2026-04-03 +**File:** swarm/beets.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +### Audit Summary: + +1. **Homepage labels**: + - `homepage.group`: PASSED + - `homepage.name`: PASSED + - `homepage.icon`: PASSED + - `homepage.href`: PASSED + - `homepage.description`: PASSED + +2. **Uptime Kuma labels**: + - Not applicable as Uptime Kuma is not referenced in this configuration. + +3. **Caddy labels on exposed services**: + - `caddy=beets.netgrimoire.com`: PASSED + - `caddy.reverse_proxy`: PASSED + +4. **Placement constraints**: + - `node.hostname == nas`: PASSED + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/beets/config`: PASSED + - `/data/nfs/Baxter/Data/media/music/Collection`: FAIL (does not follow the path convention) + - Fix: Update to `/DockerVol/beets/music` + - `/data/nfs/Baxter/Data/media/music/ingest`: FAIL (does not follow the path convention) + - Fix: Update to `/DockerVol/beets/downloads` + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network: PASSED + +### VERDICT: +FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/beszel-2026-04-03.md b/Netgrimoire/Audits/beszel-2026-04-03.md new file mode 100644 index 0000000..570afa5 --- /dev/null +++ b/Netgrimoire/Audits/beszel-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - beszel.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:38:47.782Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:38:47.782Z +--- + +# Audit Report — beszel.yaml + +**Date:** 2026-04-03 +**File:** swarm/beszel.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels:** All homepage labels are present. + - `homepage.group=Monitoring` + - `homepage.name=Beszel` + - `homepage.icon=beszel.png` + - `homepage.href=https://beszel.netgrimoire.com` + - `homepage.description=Beszel Service` + +2. **Uptime Kuma labels:** The Uptime Kuma labels are not provided in the deploy block; they should be checked within the service's configuration. + +3. **Caddy labels on exposed services:** + - `caddy=beszel.netgrimoire.com` + - `caddy.import=authentik` + - `caddy.reverse_proxy="{{upstreams 8090}}"` + +4. **Placement constraints:** The constraint is based on the node label, not the node hostname. + - Current: `constraints: ["node.labels.general == true"]` + - Fix: Update to use `node.hostname` if necessary. + +5. **Volumes use /DockerVol/ path convention:** + - Volume path: `/data/nfs/znas/Docker/beszel:/beszel_data` + - Fix: The volume does not follow the `/DockerVol/` pattern; update to use a standard Docker volume path like `/DockerVol/beszel`. + +6. **Network references external netgrimoire overlay:** The network is correctly referenced as `netgrimoire`, which is an external overlay. + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/beszel_agents-2026-04-03.md b/Netgrimoire/Audits/beszel_agents-2026-04-03.md new file mode 100644 index 0000000..0e37894 --- /dev/null +++ b/Netgrimoire/Audits/beszel_agents-2026-04-03.md @@ -0,0 +1,46 @@ +--- +title: Audit - beszel_agents.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:40:11.085Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:40:11.085Z +--- + +# Audit Report — beszel_agents.yaml + +**Date:** 2026-04-03 +**File:** swarm/beszel_agents.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT** + +1. **Homepage labels**: No homepage labels are specified in the file. + - **Fix**: Add `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` to your Docker Swarm configuration. + +2. **Uptime Kuma labels**: No Uptime Kuma labels are specified in the file. + - **Fix**: If you are using Uptime Kuma, add the appropriate labels as per its documentation. + +3. **Caddy labels on exposed services**: + - `beszel-agent-docker2`, `beszel-agent-docker3`, `beszel-agent-docker4`, `beszel-agent-znas`, `beszel-agent-dockerpi1`: No Caddy labels are specified. + - **Fix**: Add Caddy labels to specify the domain and reverse proxy configuration for these services. + +4. **Placement constraints**: + - All services use `node.hostname` placement constraints. + - **PASS**: This is correctly configured. + +5. **Volumes use /DockerVol/ path convention**: + - No volumes follow this specific path convention in the file. + - **Fix**: Ensure that all volumes are specified with paths like `/DockerVol/beszel-agent-docker2`, `/DockerVol/beszel-agent-docker3`, etc. + +6. **Network references external netgrimoire overlay**: + - All services reference an external `netgrimoire` network. + - **PASS**: This is correctly configured. + +**VERDICT: FAIL** + +The file fails the audit due to missing homepage, Uptime Kuma, and Caddy labels, and volumes not following the specified path convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/caddy-1-2026-04-03.md b/Netgrimoire/Audits/caddy-1-2026-04-03.md new file mode 100644 index 0000000..7d6a92d --- /dev/null +++ b/Netgrimoire/Audits/caddy-1-2026-04-03.md @@ -0,0 +1,29 @@ +--- +title: Audit - caddy-1.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:30:38.025Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:30:38.025Z +--- + +# Audit Report — caddy-1.yaml + +**Date:** 2026-04-03 +**File:** swarm/stack/caddy/caddy-1.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +PASS Items: +1. The Caddy labels `caddy=` and `caddy.reverse_proxy` are present on the exposed service. +2. Placement constraints for node.hostname are correctly specified with `node.hostname == znas`. +3. Volumes use the `/export/Docker/caddy` path convention. +4. The network reference is to an external overlay named `netgrimoire`. + +FAIL Items: +1. No homepage labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present in the configuration. + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/caddy-2026-04-03.md b/Netgrimoire/Audits/caddy-2026-04-03.md new file mode 100644 index 0000000..b924b02 --- /dev/null +++ b/Netgrimoire/Audits/caddy-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - caddy.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:31:34.043Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:31:34.043Z +--- + +# Audit Report — caddy.yaml + +**Date:** 2026-04-03 +**File:** swarm/stack/caddy/caddy.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels**: There are no homepage-related labels in the provided YAML file. + - **FAIL**: Missing homepage labels. + +2. **Uptime Kuma labels**: There are no Uptime Kuma-related labels in the provided YAML file. + - **FAIL**: Missing Uptime Kuma labels. + +3. **Caddy labels on exposed services**: + - **PASS**: Caddy service does not have any specific labels as per the provided configuration. + +4. **Placement constraints**: + - **PASS**: Both `caddy` and `crowdsec` services are constrained to run on the node with hostname `znas`. + +5. **Volumes use /DockerVol/ path convention**: + - **FAIL**: The volumes are not using the `/DockerVol/` path convention. + - `/var/run/docker.sock` + - `/export/Docker/caddy/Caddyfile` + - `/export/Docker/caddy:/data` + - `caddy-logs` + - `crowdsec-db` + +6. **Network references external netgrimoire overlay**: + - **PASS**: The services reference the externally created `netgrimoire` and `vpn` networks. + +**VERDICT: FAIL** + +The provided YAML file contains several issues that need to be addressed to meet all the audit criteria, including missing homepage and Uptime Kuma labels, non-conforming volume paths, and lack of use of the external `netgrimoire` overlay network. \ No newline at end of file diff --git a/Netgrimoire/Audits/cloudcmd-2026-04-03.md b/Netgrimoire/Audits/cloudcmd-2026-04-03.md new file mode 100644 index 0000000..be64de9 --- /dev/null +++ b/Netgrimoire/Audits/cloudcmd-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - cloudcmd.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:40:56.554Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:40:56.554Z +--- + +# Audit Report — cloudcmd.yaml + +**Date:** 2026-04-03 +**File:** swarm/cloudcmd.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Swarm Audit Report for `cloudcmd.yaml` + +#### 1. Homepage Labels: +- **PASS**: homepage.group=Application +- **PASS**: homepage.name=Cloud Commander +- **PASS**: homepage.icon=cloudcmd.png +- **FAIL**: homepage.href=http://commander.netgrimoire.com - Incorrect URL, should be relative to the service. + +**Fix**: Update `homepage.href` to a relative path such as `/`. + +#### 2. Uptime Kuma Labels: +- **FAIL**: kuma.cloud.http.name="Cloudcmd" - Missing `.name`. + +**Fix**: Correct label to `kuma.cloud.http.name=Cloudcmd`. + +#### 3. Caddy Labels on Exposed Services: +- **PASS**: caddy=commander.netgrimoire.com +- **PASS**: caddy.reverse_proxy="{{upstreams 8000}}" + +#### 4. Placement Constraints: +- **FAIL**: node.hostname == nas - Ensure that `nas` is correctly configured and available in the Swarm. + +**Fix**: Verify that the hostname `nas` is correct and exists within your Swarm cluster. + +#### 5. Volumes Use /DockerVol/ Path Convention: +- **FAIL**: ~:/root - Home directory path should use a Docker volume convention. + +**Fix**: Replace `~:/root` with `/DockerVol/cloudcmd/root`. + +#### 6. Network References External netgrimoire Overlay: +- **PASS**: References external network netgrimoire + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/comixed-2026-04-03.md b/Netgrimoire/Audits/comixed-2026-04-03.md new file mode 100644 index 0000000..64c8745 --- /dev/null +++ b/Netgrimoire/Audits/comixed-2026-04-03.md @@ -0,0 +1,48 @@ +--- +title: Audit - comixed.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:41:45.208Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:41:45.208Z +--- + +# Audit Report — comixed.yaml + +**Date:** 2026-04-03 +**File:** swarm/comixed.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Results for `swarm/comixed.yaml`:** + +1. **Homepage Labels:** + - **PASS**: `homepage.group`, `homepage.name`, `homepage.href` + - Values are correctly set. + - **FAIL**: `homepage.icon`, `homepage.description` + - Missing values. Set these to appropriate values. + +2. **Uptime Kuma Labels:** + - **FAIL**: Uptime Kuma labels not found. + - No labels related to Uptime Kuma are present in the deployment block. + +3. **Caddy Labels on Exposed Services:** + - **PASS**: `caddy=`, `caddy.reverse_proxy` + - Correctly configured for domain `comics.netgrimoire.com` and reverse proxy. + +4. **Placement Constraints:** + - **PASS**: `node.hostname == nas` + - Constraint correctly placed to run on the node named `nas`. + +5. **Volumes Use `/DockerVol/` Path Convention:** + - **PASS**: All volumes use the specified path convention (`/DockerVol/comixed/config`). + +6. **Network References External Netgrimoire Overlay:** + - **PASS**: The network `netgrimoire` is correctly referenced as external. + +**VERDICT: FAIL** + +The audit identified issues with the homepage labels and the absence of Uptime Kuma labels. These should be addressed to ensure compliance with the audit criteria. \ No newline at end of file diff --git a/Netgrimoire/Audits/commander-2026-04-03.md b/Netgrimoire/Audits/commander-2026-04-03.md new file mode 100644 index 0000000..214a1f4 --- /dev/null +++ b/Netgrimoire/Audits/commander-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - commander.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:42:30.634Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:42:30.634Z +--- + +# Audit Report — commander.yaml + +**Date:** 2026-04-03 +**File:** swarm/commander.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Results:** + +1. **Homepage labels:** + - **PASS:** homepage.group=Applications + - **PASS:** homepage.name=Cloud Commander + - **PASS:** homepage.icon=mdi-cloud + - **FAIL:** homepage.href is incorrect. The correct URL should be https://cloudcmd.netgrimoire.com instead of https://commander.netgrimoire.com. + - **FAIL:** homepage.description is missing. + +2. **Uptime Kuma labels:** + - **FAIL:** Uptime Kuma labels are not present in the provided YAML file. + +3. **Caddy labels on exposed services:** + - **PASS:** caddy=commander.netgrimoire.com + - **FAIL:** caddy.reverse_proxy is missing an upstreams configuration, which should reference the service port (e.g., {{upstreams 8000}}). + +4. **Placement constraints:** + - **PASS:** node.hostname=nas + +5. **Volumes use /DockerVol/ path convention:** + - **FAIL:** Volumes are using relative paths instead of the /DockerVol/ convention. Example volumes should be `/DockerVol/cloudcmd:/root` and `/DockerVol/cloudcmd:/mnt/fs`. + +6. **Network references external netgrimoire overlay:** + - **PASS:** Network references an external netgrimoire overlay. + +**VERDICT: FAIL** + +One or more of the items failed during the audit, which prevents a full PASS verdict. \ No newline at end of file diff --git a/Netgrimoire/Audits/configarr-2026-04-03.md b/Netgrimoire/Audits/configarr-2026-04-03.md new file mode 100644 index 0000000..08c9e7c --- /dev/null +++ b/Netgrimoire/Audits/configarr-2026-04-03.md @@ -0,0 +1,54 @@ +--- +title: Audit - configarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:43:33.261Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:43:33.261Z +--- + +# Audit Report — configarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/configarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT RESULTS + +1. **Homepage labels**: + - `homepage.group`: "Jolly Roger" (PASS) + - `homepage.name`: "Configarr" (PASS) + - `homepage.icon`: "si-config" (PASS) + - `homepage.href`: "https://configarr.netgrimoire.com" (PASS) + - `homepage.description`: "Automatically sync TRaSH formats & configs" (PASS) + +2. **Uptime Kuma labels**: + - Missing Uptime Kuma labels (`kuma.configarr.http.name` and `kuma.configarr.http.url`). These are critical for monitoring and should be added. + +3. **Caddy labels on exposed services**: + - `caddy=configarr.netgrimoire.com` (PASS) + - `caddy.reverse_proxy: "{{upstreams 8000}}"` (PASS) + +4. **Placement constraints**: + - No placement constraints specified (`node.hostname`). This is acceptable if there are no specific node requirements. + +5. **Volumes use /DockerVol/ path convention**: + - Volumes do not follow the `/DockerVol/` path convention. They should be adjusted as follows: + ```yaml + volumes: + - /data/nfs/Baxter/Docker/configarr/config:/DockerVol/configarr/config + - /data/nfs/Baxter/Docker/configarr/repos:/DockerVol/configarr/repos + - /data/nfs/Baxter/Docker/configarr/cfs:/DockerVol/configarr/cfs + - /data/nfs/Baxter/Docker/configarr/templates:/DockerVol/configarr/templates + ``` + +6. **Network references external netgrimoire overlay**: + - Network `netgrimoire` is correctly referencing an external overlay (PASS) + +### VERDICT: FAIL + +The configuration includes critical issues that need to be addressed for it to meet the required standards, specifically missing Uptime Kuma labels and incorrect volume paths. \ No newline at end of file diff --git a/Netgrimoire/Audits/dailytxt-2026-04-03.md b/Netgrimoire/Audits/dailytxt-2026-04-03.md new file mode 100644 index 0000000..7c50316 --- /dev/null +++ b/Netgrimoire/Audits/dailytxt-2026-04-03.md @@ -0,0 +1,26 @@ +--- +title: Audit - dailytxt.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:44:52.573Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:44:52.573Z +--- + +# Audit Report — dailytxt.yaml + +**Date:** 2026-04-03 +**File:** swarm/dailytxt.yaml +**Type:** Docker Compose +**Verdict:** FAIL + +--- + +PASS DailyTxT service is configured to expose port 8000 on localhost, which matches an entry in the Caddyfile. + +FAIL Default password detected for `ADMIN_PASSWORD`. It's strongly recommended to change this to a strong, unique password. +FAIL The `SECRET_TOKEN` environment variable is left as `...`, indicating it's not set. A secret token should be generated using a secure method and included here. +FAIL The `ALLOW_REGISTRATION` setting is enabled, which can expose the service to unauthorized access. This should be disabled in production environments. + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/database-2026-04-03.md b/Netgrimoire/Audits/database-2026-04-03.md new file mode 100644 index 0000000..a962181 --- /dev/null +++ b/Netgrimoire/Audits/database-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - database.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:45:35.594Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:45:35.594Z +--- + +# Audit Report — database.yaml + +**Date:** 2026-04-03 +**File:** swarm/database.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit of `swarm/database.yaml` + +#### 1. Homepage labels: homepage.group, homepage.name, homepage.icon, homepage.href, homepage.description + +**PASS**: All homepage labels are present and correctly configured. + +#### 2. Uptime Kuma labels: kuma..http.name, kuma..http.url + +**FAIL**: No Uptime Kuma services or labels found in the configuration. +- **Fix**: Add a section for Uptime Kuma if necessary, including the required labels. + +#### 3. Caddy labels on exposed services: caddy=, caddy.reverse_proxy + +**PASS**: The `pgadmin4` service has the correct Caddy labels: +- `caddy=pgadmin.netgrimoire.com` +- `caddy.import=authentik` +- `caddy.reverse_proxy="{{upstreams 80}}"` + +#### 4. Placement constraints: node.hostname + +**FAIL**: There are no placement constraints defined in the configuration. +- **Fix**: Consider adding constraints to ensure services run on specific nodes if necessary. + +#### 5. Volumes use /DockerVol/ path convention + +**FAIL**: No volumes are specified in the configuration. +- **Fix**: If volumes are needed, add them following the `/DockerVol/` path convention. + +#### 6. Network references external netgrimoire overlay + +**PASS**: The service references an external network named `netgrimoire`. + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/diun-2026-04-03.md b/Netgrimoire/Audits/diun-2026-04-03.md new file mode 100644 index 0000000..7c7c8b2 --- /dev/null +++ b/Netgrimoire/Audits/diun-2026-04-03.md @@ -0,0 +1,42 @@ +--- +title: Audit - diun.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:46:19.248Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:46:19.248Z +--- + +# Audit Report — diun.yaml + +**Date:** 2026-04-03 +**File:** swarm/diun.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Results for swarm/diun.yaml** + +1. **Homepage labels**: No homepage labels defined in the file. + - **Fix**: Add appropriate homepage labels if applicable. + +2. **Uptime Kuma labels**: No Uptime Kuma labels defined in the file. + - **Fix**: Add appropriate Uptime Kuma labels if applicable. + +3. **Caddy labels on exposed services**: Caddy labels are missing for this service. + - **Fix**: Add Caddy labels if needed, e.g., `caddy=example.com,caddy.reverse_proxy=http://localhost:80`. + +4. **Placement constraints**: The constraint is set to run only on manager nodes, which is appropriate. + - **PASS**: Placement constraints are correctly defined. + +5. **Volumes use /DockerVol/ path convention**: The volume uses `/data/nfs/znas/Docker/diun`, which does not follow the `/DockerVol/` convention. + - **Fix**: Update the volume path to follow the convention, e.g., `/DockerVol/diun`. + +6. **Network references external netgrimoire overlay**: The network `netgrimoire` is correctly referencing an external overlay network. + - **PASS**: Network reference is correct. + +**VERDICT: FAIL** + +The volume path does not follow the recommended convention, and additional labels for homepage, Uptime Kuma, and Caddy are missing. \ No newline at end of file diff --git a/Netgrimoire/Audits/dockpeek-2026-04-03.md b/Netgrimoire/Audits/dockpeek-2026-04-03.md new file mode 100644 index 0000000..4113c05 --- /dev/null +++ b/Netgrimoire/Audits/dockpeek-2026-04-03.md @@ -0,0 +1,53 @@ +--- +title: Audit - dockpeek.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:47:08.875Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:47:08.875Z +--- + +# Audit Report — dockpeek.yaml + +**Date:** 2026-04-03 +**File:** swarm/dockpeek.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +**SWARM AUDIT** + +1. **Homepage labels**: + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - **`homepage.description`: FAIL** + - Issue: Missing + - Fix: Add `homepage.description: "Description of the service"` + +2. **Uptime Kuma labels**: + - `kuma.dockpeek.http.name`: PASS + - `kuma.dockpeek.http.url`: PASS + +3. **Caddy labels on exposed services**: + - `caddy=dockpeek.netgrimoire.com`: PASS + - `caddy.reverse_proxy`: PASS + +4. **Placement constraints**: + - `node.role == manager`: FAIL + - Issue: Constraints should be based on node attributes (e.g., `node.hostname`), not roles. + - Fix: Replace with specific hostname or other attribute-based constraint. + +5. **Volumes use /DockerVol/ path convention**: + - The volume `/var/run/docker.sock:/var/run/docker.sock` does not follow the `/DockerVol/` convention. + - Issue: Volume should be mounted using a custom path within `/DockerVol`. + - Fix: Replace with something like `/DockerVol/dockpeek/docker.sock`. + +6. **Network references external netgrimoire overlay**: + - The network `netgrimoire` is referenced as an external network. + - PASS + +**VERDICT:** FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/dozzle-2026-04-03.md b/Netgrimoire/Audits/dozzle-2026-04-03.md new file mode 100644 index 0000000..23d2f4b --- /dev/null +++ b/Netgrimoire/Audits/dozzle-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - dozzle.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:47:44.863Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:47:44.863Z +--- + +# Audit Report — dozzle.yaml + +**Date:** 2026-04-03 +**File:** swarm/dozzle.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: + - **PASS**: homepage.group=Management + - **PASS**: homepage.name=Dozzle + - **FAIL**: homepage.icon is missing. + - **PASS**: homepage.href=http://dozzle.netgrimoire.com + - **PASS**: homepage.description=Docker logs + +2. **Uptime Kuma labels**: + - No Uptime Kuma service found in the configuration. + +3. **Caddy labels on exposed services**: + - No Caddy services found in the configuration. + +4. **Placement constraints**: + - No placement constraints defined. + +5. **Volumes use /DockerVol/ path convention**: + - **FAIL**: Volumes should follow the /DockerVol/dozzle path convention, but they are set to /var/run/docker.sock. + +6. **Network references external netgrimoire overlay**: + - **PASS**: Network dozzle references an external netgrimoire overlay. + +**VERDICT: FAIL** + +Reasons for failure: +- Missing homepage.icon. +- Volumes are not using the recommended path convention. +- The /var/run/docker.sock volume is exposed directly, which might pose security risks. \ No newline at end of file diff --git a/Netgrimoire/Audits/dumbterm-2026-04-03.md b/Netgrimoire/Audits/dumbterm-2026-04-03.md new file mode 100644 index 0000000..41fa5c0 --- /dev/null +++ b/Netgrimoire/Audits/dumbterm-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - dumbterm.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:48:40.660Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:48:40.660Z +--- + +# Audit Report — dumbterm.yaml + +**Date:** 2026-04-03 +**File:** swarm/dumbterm.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Homepage Labels:** +PASS - homepage.group=Remote Access +PASS - homepage.name=Dumbterm +FAIL - homepage.icon=dumbterm.png (should be a valid path to the icon file) +FAIL - homepage.href=https://cli.netgrimoire.com (URL should be http://dumbterm:3000 based on BASE_URL) +FAIL - homepage.description=Terminal (description is too short and lacks detail) + +**Uptime Kuma Labels:** +PASS - kuma.cli.http.name="dumbterm" +PASS - kuma.cli.http.url=http://dumbterm:3000 + +**Caddy Labels on Exposed Services:** +FAIL - caddy=cli.netgrimoire.com (domain should match the actual domain used in Caddy configuration) +FAIL - caddy.reverse_proxy="{{upstreams 3000}}" (reverse proxy should be configured correctly) + +**Placement Constraints:** +FAIL - node.hostname is not defined + +**Volumes Use /DockerVol/ Path Convention:** +FAIL - Volumes are using paths outside the convention, e.g., /data/nfs/Baxter/Docker/dumbterm/root:/root + +**Network References External Netgrimoire Overlay:** +PASS - Network references external netgrimoire overlay + +**VERDICT: FAIL** + +To fix the issues: +1. Update `homepage.icon` to a valid path. +2. Correct `homepage.href` based on the actual base URL used by the application. +3. Provide more detail in `homepage.description`. +4. Configure Caddy with the correct domain and reverse proxy settings. +5. Define placement constraints for node.hostname if specific nodes are required. +6. Update volume paths to use the /DockerVol/ convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/dupecheck-2026-04-03.md b/Netgrimoire/Audits/dupecheck-2026-04-03.md new file mode 100644 index 0000000..6a9b9cf --- /dev/null +++ b/Netgrimoire/Audits/dupecheck-2026-04-03.md @@ -0,0 +1,40 @@ +--- +title: Audit - dupecheck.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:49:24.657Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:49:24.657Z +--- + +# Audit Report — dupecheck.yaml + +**Date:** 2026-04-03 +**File:** swarm/dupecheck.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT CHECKS + +1. **Homepage labels**: + - **PASS**: `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are correctly set. + +2. **Uptime Kuma labels**: + - **FAIL**: Uptime Kuma labels (`kuma..http.name` and `kuma..http.url`) are not provided in the configuration. + +3. **Caddy labels on exposed services**: + - **PASS**: Caddy labels (`caddy=`, `caddy.import`, and `caddy.reverse_proxy`) are correctly set. + +4. **Placement constraints**: + - **PASS**: The placement constraint (`node.hostname == znas`) is correctly specified. + +5. **Volumes use `/DockerVol/` path convention**: + - **PASS**: Volumes follow the `/DockerVol/` path convention, e.g., `/DockerVol/czkawka:/config`. + +6. **Network references external netgrimoire overlay**: + - **PASS**: The service uses an external network `netgrimoire` which is correctly referenced. + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/filebrowser-2026-04-03.md b/Netgrimoire/Audits/filebrowser-2026-04-03.md new file mode 100644 index 0000000..e9b94af --- /dev/null +++ b/Netgrimoire/Audits/filebrowser-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - filebrowser.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:50:18.312Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:50:18.312Z +--- + +# Audit Report — filebrowser.yaml + +**Date:** 2026-04-03 +**File:** swarm/filebrowser.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT REVIEW + +1. **Homepage labels**: + - `homepage.group=Jolly Roger`: PASS + - `homepage.name=FileBrowser`: PASS + - `homepage.icon=filebrowser.png`: PASS + - `homepage.href=http://filebrowser.netgrimoire.com`: PASS + - `homepage.description=Web-based file manager`: PASS + +2. **Uptime Kuma labels**: + - The document does not provide any Uptime Kuma labels, so this check cannot be verified with the provided YAML. + +3. **Caddy labels on exposed services**: + - `caddy=filebrowser.netgrimoire.com`: PASS + - `caddy.reverse_proxy="{{upstreams 80}}"`: PASS + +4. **Placement constraints**: + - The document specifies a constraint `node.labels.general == true`, which is not provided in the YAML. + - **Issue**: The placement constraint refers to a label that may not be present on all nodes. + - **Fix**: Ensure that all target nodes have the label `general=true`. + +5. **Volumes use /DockerVol/ path convention**: + - The volumes are located at `/data/nfs/Baxter/Docker/filebrowser/config` and `/data/nfs/Baxter/Docker/filebrowser/srv`. + - **Issue**: These paths do not follow the `/DockerVol/` convention. + - **Fix**: Rename the volumes to follow the convention, e.g., `volume: /DockerVol/filebrowser/config`. + +6. **Network references external netgrimoire overlay**: + - The network is correctly set as `netgrimoire` with `external: true`. + - **PASS** + +### VERDICT: FAIL + +- The placement constraint and volume naming do not meet the specified conventions, which prevents a complete PASS status. \ No newline at end of file diff --git a/Netgrimoire/Audits/firefox-2026-04-03.md b/Netgrimoire/Audits/firefox-2026-04-03.md new file mode 100644 index 0000000..758c109 --- /dev/null +++ b/Netgrimoire/Audits/firefox-2026-04-03.md @@ -0,0 +1,49 @@ +--- +title: Audit - firefox.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:51:09.611Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:51:09.611Z +--- + +# Audit Report — firefox.yaml + +**Date:** 2026-04-03 +**File:** swarm/firefox.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT** + +1. **Homepage labels**: + - `homepage.group`: Remote Access (PASS) + - `homepage.name`: Firefox (PASS) + - `homepage.icon`: firefox.png (PASS) + - `homepage.href`: https://firefox.netgrimoire.com (PASS) + - `homepage.description`: Remote Browser (PASS) + +2. **Uptime Kuma labels**: + - No Uptime Kuma labels found in the provided YAML file (FAIL). Ensure that any services running on this host have proper Uptime Kuma labels for visibility. + +3. **Caddy labels on exposed services**: + - `caddy=firefox.netgrimoire.com` (PASS) + - `caddy.reverse_proxy=http://firefox:5800` (PASS) + +4. **Placement constraints**: + - No placement constraints found in the provided YAML file (FAIL). Ensure that any critical services have proper placement constraints to meet availability requirements. + +5. **Volumes use /DockerVol/ path convention**: + - Volume path `/data/nfs/znas/Docker/firefox` does not follow the `/DockerVol/` convention (FAIL). Volumes should be placed in a directory following this naming scheme for consistency and ease of management. + +6. **Network references external netgrimoire overlay**: + - Network `netgrimoire` is referenced correctly and marked as external (PASS). + +**VERDICT: FAIL** + +- The YAML file lacks Uptime Kuma labels, which are essential for monitoring the status of services. +- No placement constraints are defined, which can lead to issues with service availability and redundancy. +- Volumes do not follow the recommended path convention, which may cause confusion and difficulty in managing storage resources. \ No newline at end of file diff --git a/Netgrimoire/Audits/forgejo-2026-04-03.md b/Netgrimoire/Audits/forgejo-2026-04-03.md new file mode 100644 index 0000000..95d8959 --- /dev/null +++ b/Netgrimoire/Audits/forgejo-2026-04-03.md @@ -0,0 +1,53 @@ +--- +title: Audit - forgejo.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:52:02.048Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:52:02.048Z +--- + +# Audit Report — forgejo.yaml + +**Date:** 2026-04-03 +**File:** swarm/forgejo.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT + +1. **Homepage labels**: + - `homepage.group`: Applications (PASS) + - `homepage.name`: Forgejo (PASS) + - `homepage.icon`: forgejo.png (FAIL) + - Issue: The icon file path should be relative to the service's working directory or a valid URL. + - `homepage.href`: https://git.netgrimoire.com (PASS) + - `homepage.description`: Git Repository (PASS) + +2. **Uptime Kuma labels**: + - `kuma.git.http.name`: Forgejo (PASS) + - `kuma.git.http.url`: http://forgejo:3000 (PASS) + +3. **Caddy labels on exposed services**: + - `caddy=git.netgrimoire.com` (PASS) + - `caddy.reverse_proxy=forgejo:3000` (PASS) + +4. **Placement constraints**: + - `node.hostname==znas` (PASS) + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/forgejo:/data` (PASS) + - `/etc/timezone:/etc/timezone:ro` (FAIL) + - Issue: The timezone files should be mounted from a local path within the host or a valid network location. + - `/etc/localtime:/etc/localtime:ro` (FAIL) + - Same issue as above. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: (PASS) + +### Final Line + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/freshrss-2026-04-03.md b/Netgrimoire/Audits/freshrss-2026-04-03.md new file mode 100644 index 0000000..d33dd0a --- /dev/null +++ b/Netgrimoire/Audits/freshrss-2026-04-03.md @@ -0,0 +1,46 @@ +--- +title: Audit - freshrss.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:52:41.486Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:52:41.486Z +--- + +# Audit Report — freshrss.yaml + +**Date:** 2026-04-03 +**File:** swarm/freshrss.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +```plaintext +1. Homepage labels: + - homepage.group: "Services" (PASS) + - homepage.name: "FreshRSS" (PASS) + - homepage.icon: "rss" (PASS) + - homepage.href: "https://rss.netgrimoire.com" (PASS) + - homepage.description is missing (FAIL) + +2. Uptime Kuma labels: + - kuma.freshrss.http.name: "FreshRSS" (PASS) + - kuma.freshrss.http.url: "https://rss.netgrimoire.com" (PASS) + +3. Caddy labels on exposed services: + - caddy=: Missing specific domain (FAIL) + - caddy.reverse_proxy: "{{upstreams 80}}" (PASS) + +4. Placement constraints: + - node.hostname is missing (FAIL) + +5. Volumes use /DockerVol/ path convention: + - /data/nfs/Baxter/Docker/freshrss:/config does not follow the convention (FAIL) + +6. Network references external netgrimoire overlay: + - netgrimoire network referenced correctly (PASS) + +VERDICT: FAIL +``` \ No newline at end of file diff --git a/Netgrimoire/Audits/gitrunner-2026-04-03.md b/Netgrimoire/Audits/gitrunner-2026-04-03.md new file mode 100644 index 0000000..c8fdcfd --- /dev/null +++ b/Netgrimoire/Audits/gitrunner-2026-04-03.md @@ -0,0 +1,40 @@ +--- +title: Audit - gitrunner.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:53:10.577Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:53:10.577Z +--- + +# Audit Report — gitrunner.yaml + +**Date:** 2026-04-03 +**File:** swarm/gitrunner.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +```plaintext +1. Homepage labels: + - PASS: homepage.group, homepage.name, homepage.icon, homepage.href, homepage.description are present. + +2. Uptime Kuma labels: + - FAIL: No Uptime Kuma services found in the YAML file. + +3. Caddy labels on exposed services: + - FAIL: No Caddy services or configuration found in the YAML file. + +4. Placement constraints: + - PASS: node.role == manager constraint is present. + +5. Volumes use /DockerVol/ path convention: + - PASS: All volumes follow the /DockerVol/ path convention. + +6. Network references external netgrimoire overlay: + - PASS: The network "netgrimoire" is referenced and marked as external. + +VERDICT: PASS +``` \ No newline at end of file diff --git a/Netgrimoire/Audits/glance-2026-04-03.md b/Netgrimoire/Audits/glance-2026-04-03.md new file mode 100644 index 0000000..95ac54d --- /dev/null +++ b/Netgrimoire/Audits/glance-2026-04-03.md @@ -0,0 +1,42 @@ +--- +title: Audit - glance.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:53:50.034Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:53:50.034Z +--- + +# Audit Report — glance.yaml + +**Date:** 2026-04-03 +**File:** swarm/glance.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +### Audit Summary: + +1. **Homepage labels**: + - **PASS**: homepage.group, homepage.name, homepage.href, homepage.description are correctly set. + +2. **Uptime Kuma labels**: + - **FAIL**: No Uptime Kuma related labels found. + - **Fix**: Add the necessary labels under `labels` for Uptime Kuma if needed. + +3. **Caddy labels on exposed services**: + - **PASS**: The `caddy` label is present with the domain and reverse proxy configuration. + +4. **Placement constraints**: + - **FAIL**: No placement constraints found. + - **Fix**: Add constraints under `deploy.resources` to specify node.hostname or any other resource constraint if needed. + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: The volume path `/data/nfs/znas/Docker/glance:/app/config` follows the recommended naming convention. + +6. **Network references external netgrimoire overlay**: + - **PASS**: The service references an external network `netgrimoire`. + +### VERDICT: PASS \ No newline at end of file diff --git a/Netgrimoire/Audits/gremlin-stack-2026-04-03.md b/Netgrimoire/Audits/gremlin-stack-2026-04-03.md new file mode 100644 index 0000000..0052ce7 --- /dev/null +++ b/Netgrimoire/Audits/gremlin-stack-2026-04-03.md @@ -0,0 +1,41 @@ +--- +title: Audit - gremlin-stack.yml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:30:10.234Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:30:10.234Z +--- + +# Audit Report — gremlin-stack.yml + +**Date:** 2026-04-03 +**File:** swarm/stack/Gremlin/gremlin-stack.yml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT RESULTS: + +1. **Homepage labels**: + - **PASS**: All homepage labels are present for each service. + +2. **Uptime Kuma labels**: + - **FAIL (n8n)**: Missing kuma.n8n.http.name and kuma.n8n.http.url. + **Fix**: Add these labels to the n8n service configuration. + +3. **Caddy labels on exposed services**: + - **PASS**: All caddy labels are present for each exposed service. + +4. **Placement constraints**: + - **PASS**: All placement constraints are correctly set for node.hostname. + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: All volumes follow the /DockerVol/ path convention. + +6. **Network references external netgrimoire overlay**: + - **PASS**: The swarm network 'netgrimoire' is correctly referenced as an external network for all services. + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/homepage-2026-04-03.md b/Netgrimoire/Audits/homepage-2026-04-03.md new file mode 100644 index 0000000..4f3ebc9 --- /dev/null +++ b/Netgrimoire/Audits/homepage-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - homepage.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:54:34.224Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:54:34.224Z +--- + +# Audit Report — homepage.yaml + +**Date:** 2026-04-03 +**File:** swarm/homepage.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT REVIEW + +1. **Homepage labels**: + - **FAIL**: `homepage.group` label is missing. + - **Fix**: Add `homepage.group=` to the labels. + +2. **Uptime Kuma labels**: + - **PASS**: No Uptime Kuma services are defined in this configuration, so no labels need to be checked. + +3. **Caddy labels on exposed services**: + - **FAIL**: The `caddy` label is incorrectly used as a boolean flag rather than specifying the domain. + - **Fix**: Correctly define the `caddy` label with the domain and reverse proxy configuration: `caddy=homepage.netgrimoire.com caddy.reverse_proxy="{{upstreams 3000}}"`. + +4. **Placement constraints**: + - **PASS**: The `node.hostname==znas` constraint is correctly defined. + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: All volume paths follow the `/DockerVol/` convention. + +6. **Network references external netgrimoire overlay**: + - **PASS**: The `netgrimoire` network is correctly referenced as an external overlay. + +### VERDICT: FAIL + +The configuration is missing several required labels and has incorrect label syntax, resulting in a fail verdict. \ No newline at end of file diff --git a/Netgrimoire/Audits/hydra-2026-04-03.md b/Netgrimoire/Audits/hydra-2026-04-03.md new file mode 100644 index 0000000..b11b1df --- /dev/null +++ b/Netgrimoire/Audits/hydra-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - hydra.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:55:21.784Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:55:21.784Z +--- + +# Audit Report — hydra.yaml + +**Date:** 2026-04-03 +**File:** swarm/hydra.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: + - `homepage.group`: PASSED + - `homepage.name`: PASSED + - `homepage.icon`: PASSED + - `homepage.href`: PASSED + - `homepage.description`: PASSED + +2. **Uptime Kuma labels**: + - `kuma.hydra.http.name`: PASSED + - `kuma.hydra.http.url`: PASSED + +3. **Caddy labels on exposed services**: + - `caddy=hydra.netgrimoire.com`: PASSED + - `caddy.reverse_proxy: hydra2:5076`: PASSED + +4. **Placement constraints**: + - `node.labels.general == true`: PASSED + +5. **Volumes use /DockerVol/ path convention**: + - `/data/nfs/znas/Docker/hydra2/config`: FAIL + - Fix: Update the volume to follow the convention, e.g., `/DockerVol/hydra2/config`. + - `/data/nfs/znas/Docker/hydra2/downloads`: FAIL + - Fix: Update the volume to follow the convention, e.g., `/DockerVol/hydra2/downloads`. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: PASSED + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/joplin-2026-04-03.md b/Netgrimoire/Audits/joplin-2026-04-03.md new file mode 100644 index 0000000..9c96e81 --- /dev/null +++ b/Netgrimoire/Audits/joplin-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - joplin.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:56:20.747Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:56:20.747Z +--- + +# Audit Report — joplin.yaml + +**Date:** 2026-04-03 +**File:** swarm/joplin.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT** + +1. **Homepage labels**: + - **PASS**: `homepage.group=Services` + - **PASS**: `homepage.name=Joplin` + - **FAIL**: `homepage.icon=joplin.png` (should be a valid URL or path) + - **PASS**: `homepage.href=https://joplin.netgrimoire.com` + - **PASS**: `homepage.description=Note Server` + +2. **Uptime Kuma labels**: + - **FAIL**: No Uptime Kuma labels found. + +3. **Caddy labels on exposed services**: + - **PASS**: `caddy=joplin.netgrimoire.com` + - **FAIL**: `caddy.reverse_proxy="{{upstreams 22300}}"` should be `caddy.reverse_proxy=["http://joplin:22300"]` + +4. **Placement constraints**: + - **PASS**: `node.hostname == docker3` + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: `/DockerVol/joplindb:/var/lib/postgresql/data` + +6. **Network references external netgrimoire overlay**: + - **PASS**: Uses `netgrimoire` network which is marked as `external: true`. + +**VERDICT: FAIL** + +Fixes required: +- Correct the icon URL in `homepage.icon`. +- Add Uptime Kuma labels. +- Correct the Caddy reverse proxy configuration. \ No newline at end of file diff --git a/Netgrimoire/Audits/journiv-2026-04-03.md b/Netgrimoire/Audits/journiv-2026-04-03.md new file mode 100644 index 0000000..d12bb9c --- /dev/null +++ b/Netgrimoire/Audits/journiv-2026-04-03.md @@ -0,0 +1,27 @@ +--- +title: Audit - journiv.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:57:23.495Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:57:23.495Z +--- + +# Audit Report — journiv.yaml + +**Date:** 2026-04-03 +**File:** swarm/journiv.yaml +**Type:** Docker Compose +**Verdict:** FAIL + +--- + +PASS: Caddyfile has a global block for Crowdsec configuration. +PASS: All services are reverse-proxied through Caddy, ensuring they do not expose ports directly. + +FAIL: +- The service at `fish.pncharris.com` is missing a Caddyfile entry. +- No entries exist for the subdomains of `webmail.netgrimoire.com`. + +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/kavita-2026-04-03.md b/Netgrimoire/Audits/kavita-2026-04-03.md new file mode 100644 index 0000000..2925ea0 --- /dev/null +++ b/Netgrimoire/Audits/kavita-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - kavita.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:58:18.686Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:58:18.686Z +--- + +# Audit Report — kavita.yaml + +**Date:** 2026-04-03 +**File:** swarm/kavita.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels**: + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels**: + - Missing Uptime Kuma labels (e.g., `kuma.kavita.http.name` and `kuma.kavita.http.url`). These are not defined in the provided configuration. + - **FAIL**: Add appropriate Uptime Kuma labels for monitoring. + +3. **Caddy labels on exposed services**: + - `caddy`: PASS + - `caddy.reverse_proxy`: PASS + +4. **Placement constraints**: + - No placement constraints (e.g., `node.hostname`) specified. + - **FAIL**: Consider adding placement constraints if specific nodes are required for service placement. + +5. **Volumes use /DockerVol/ path convention**: + - `/data/nfs/Baxter/Data/media/comics`: FAIL + - Volume paths do not follow the `/DockerVol/` convention. + - **Fix**: Update volume paths to conform to the convention, e.g., `/DockerVol/kavita/media/comics`. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: PASS + +**VERDICT: FAIL** + +- The configuration contains several issues that need resolution before it can be considered fully compliant with best practices. +- Address the Uptime Kuma labels, placement constraints, and volume paths as indicated. \ No newline at end of file diff --git a/Netgrimoire/Audits/kopia-2026-04-03.md b/Netgrimoire/Audits/kopia-2026-04-03.md new file mode 100644 index 0000000..60b5c52 --- /dev/null +++ b/Netgrimoire/Audits/kopia-2026-04-03.md @@ -0,0 +1,46 @@ +--- +title: Audit - kopia.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:59:09.430Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:59:09.430Z +--- + +# Audit Report — kopia.yaml + +**Date:** 2026-04-03 +**File:** swarm/kopia.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +1. **Homepage labels**: + - `homepage.group`: PASS (Backup) + - `homepage.name`: PASS (Kopia) + - `homepage.icon`: PASS (kopia.png) + - `homepage.href`: PASS (https://kopia.netgrimoire.com) + - `homepage.description`: PASS (Snapshot backup and deduplication) + +2. **Uptime Kuma labels**: + - Not applicable as there are no Uptime Kuma labels. + +3. **Caddy labels on exposed services**: + - `caddy`: PASS (kopia.netgrimoire.com) + - `caddy.reverse_proxy`: PASS (kopia.netgrimoire.com:51515) + +4. **Placement constraints**: + - `node.hostname == znas`: PASS + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/kopia/config`: PASS + - `/DockerVol/kopia/cache`: PASS + - `/DockerVol/kopia/cert`: PASS + - `/DockerVol/kopia/logs`: PASS + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: PASS (external) + +VERDICT: PASS \ No newline at end of file diff --git a/Netgrimoire/Audits/kuma-2026-04-03.md b/Netgrimoire/Audits/kuma-2026-04-03.md new file mode 100644 index 0000000..cb1d01f --- /dev/null +++ b/Netgrimoire/Audits/kuma-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - kuma.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T02:59:59.242Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T02:59:59.242Z +--- + +# Audit Report — kuma.yaml + +**Date:** 2026-04-03 +**File:** swarm/kuma.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT** + +1. **Homepage labels**: + - **PASS**: homepage.group=Monitoring, homepage.name=Kuma Uptime, homepage.icon=kuma.png, homepage.href=https://kuma.netgrimoire.com, homepage.description=Services Monitor + +2. **Uptime Kuma labels**: + - **FAIL**: No labels found for Uptime Kuma service. + - **Fix**: Add appropriate labels to the Uptime Kuma service under the `labels` section. + +3. **Caddy labels on exposed services**: + - **PASS**: caddy=kuma.netgrimoire.com, caddy.reverse_proxy=kuma:3001 + +4. **Placement constraints**: + - **FAIL**: node.hostname constraint for autokuma service does not match the provided fix. + - **Fix**: Use `node.role == manager` instead of `node.hostname`. + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: All volumes follow the /DockerVol/ path convention. + +6. **Network references external netgrimoire overlay**: + - **PASS**: The swarm uses an external network netgrimoire. + +**VERDICT: FAIL** + +- Missing or incorrect labels for Uptime Kuma and placement constraints for autokuma service are preventing the audit from being PASS. \ No newline at end of file diff --git a/Netgrimoire/Audits/library-2026-04-03.md b/Netgrimoire/Audits/library-2026-04-03.md new file mode 100644 index 0000000..ae2397e --- /dev/null +++ b/Netgrimoire/Audits/library-2026-04-03.md @@ -0,0 +1,64 @@ +--- +title: Audit - library.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:00:59.147Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:00:59.147Z +--- + +# Audit Report — library.yaml + +**Date:** 2026-04-03 +**File:** swarm/library.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels:** + - `homepage.group=Library` + - `homepage.name=Netgrimoire Library` + - `homepage.icon=calibre-web.png` + - `homepage.href=http://books.netgrimoire.com` + - `homepage.description=Curated Library` + + **PASS**: All homepage labels are correctly configured. + +2. **Uptime Kuma labels:** + - `kuma.calibre1.http.name="Calibre-Netgrimoire"` + - `kuma.auth.http.url=http://calibre-netgrimoire:8083` + + **PASS**: Uptime Kuma labels are correctly configured for the Calibre service. + +3. **Caddy labels on exposed services:** + - `caddy=books.netgrimoire.com` + - `caddy.reverse_proxy="{{upstreams 8083}}"` + + **PASS**: Caddy labels are correctly configured to reverse proxy to the Calibre service. + +4. **Placement constraints:** + - `node.labels.general == true` + + **FAIL**: The placement constraint should use `node.hostname` instead of `node.labels.general`. + +5. **Volumes use /DockerVol/ path convention:** + - `/data/nfs/Baxter/Docker/Calibre-netgrimoire/Config:/config` + - `/data/nfs/Baxter/Data:/data:shared` + + **FAIL**: Volumes are not using the recommended `/DockerVol/` path convention. They should be mounted under `/DockerVol/Calibre-Netgrimoire`. + +6. **Network references external netgrimoire overlay:** + - `networks:` + - `- netgrimoire` + + **PASS**: The service is correctly using an external network. + +**VERDICT: FAIL** + +Fixes required: +1. Update the placement constraint to use `node.hostname`. +2. Update volume paths to follow the `/DockerVol/` convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/linkding-2026-04-03.md b/Netgrimoire/Audits/linkding-2026-04-03.md new file mode 100644 index 0000000..559cfcd --- /dev/null +++ b/Netgrimoire/Audits/linkding-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - linkding.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:01:44.209Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:01:44.209Z +--- + +# Audit Report — linkding.yaml + +**Date:** 2026-04-03 +**File:** swarm/linkding.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Results** + +1. **Homepage labels:** + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels:** + - `kuma.linkding.http.name`: PASS + - `kuma.linkding.http.url`: PASS + +3. **Caddy labels on exposed services:** + - `caddy=link.netgrimoire.com`: PASS + - `caddy.reverse_proxy=linkding:9090`: PASS + +4. **Placement constraints:** + - No placement constraints specified, which is acceptable if not needed. **PASS** + +5. **Volumes use /DockerVol/ path convention:** + - Volume path is `/data/nfs/Baxter/Docker/linkding/data`, which does not follow the `/DockerVol/` convention. **FAIL** + +6. **Network references external netgrimoire overlay:** + - `netgrimoire` network is referenced and set as external, which is correct. **PASS** + +**Fixes Needed:** +- Update volume path to use the `/DockerVol/linkding` convention. + +**Final Line:** +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/lldap-2026-04-03.md b/Netgrimoire/Audits/lldap-2026-04-03.md new file mode 100644 index 0000000..1ce1380 --- /dev/null +++ b/Netgrimoire/Audits/lldap-2026-04-03.md @@ -0,0 +1,43 @@ +--- +title: Audit - lldap.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:02:52.353Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:02:52.353Z +--- + +# Audit Report — lldap.yaml + +**Date:** 2026-04-03 +**File:** swarm/lldap.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Report for swarm/lldap.yaml** + +1. **Homepage Labels**: + - **PASS**: All required labels (`homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, `homepage.description`) are present and correctly formatted. + +2. **Uptime Kuma Labels**: + - **FAIL**: The Uptime Kuma labels are not specified in the provided YAML. The labels should be prefixed with `kuma.` and include details like `http.name` and `http.url`. + **Fix**: Add appropriate Kuma labels under the `deploy.labels` section. + +3. **Caddy Labels on Exposed Services**: + - **PASS**: All required Caddy labels (`caddy=`, `caddy.reverse_proxy`) are present and correctly formatted. + +4. **Placement Constraints**: + - **PASS**: The placement constraint `node.hostname == docker4` is applied to both services as specified. + +5. **Volumes Use /DockerVol/ Path Convention**: + - **PASS**: All volumes adhere to the `/DockerVol/` path convention, with examples provided for both `lldap-db` and `lldap`. + +6. **Network References External netgrimoire Overlay**: + - **PASS**: The network reference `netgrimoire` is correctly set as external. + +**VERDICT: FAIL** + +The Uptime Kuma labels are missing from the service configuration, which is a critical issue affecting monitoring and management visibility of the LLDAP service. \ No newline at end of file diff --git a/Netgrimoire/Audits/logging-2026-04-03.md b/Netgrimoire/Audits/logging-2026-04-03.md new file mode 100644 index 0000000..3644acb --- /dev/null +++ b/Netgrimoire/Audits/logging-2026-04-03.md @@ -0,0 +1,40 @@ +--- +title: Audit - logging.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:03:52.043Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:03:52.043Z +--- + +# Audit Report — logging.yaml + +**Date:** 2026-04-03 +**File:** swarm/logging.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +### Audit Report + +**1. Homepage labels:** +PASS - All services have `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` labels. + +**2. Uptime Kuma labels:** +FAIL - Uptime Kuma is not present in the provided YAML, so this check is not applicable. + +**3. Caddy labels on exposed services:** +PASS - All services that expose ports (loki:3100, grafana:3000) have `caddy` and `caddy.reverse_proxy` labels correctly configured. + +**4. Placement constraints:** +PASS - All services use placement constraints to ensure they run only on a node with the hostname `docker4`. + +**5. Volumes use /DockerVol/ path convention:** +PASS - All volumes are correctly set up using the `/DockerVol/` path convention. + +**6. Network references external netgrimoire overlay:** +PASS - The network `netgrimoire` is referenced and is marked as external, ensuring correct network isolation and configuration. + +### VERDICT: PASS \ No newline at end of file diff --git a/Netgrimoire/Audits/mealie-2026-04-03.md b/Netgrimoire/Audits/mealie-2026-04-03.md new file mode 100644 index 0000000..c4b1e20 --- /dev/null +++ b/Netgrimoire/Audits/mealie-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - mealie.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:04:46.697Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:04:46.697Z +--- + +# Audit Report — mealie.yaml + +**Date:** 2026-04-03 +**File:** swarm/mealie.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Results:** + +1. **Homepage labels:** + - PASS: homepage.group=PNCHarris Apps + - PASS: homepage.name=Mealie + - PASS: homepage.icon=mealie.png + - PASS: homepage.href=https://recipe.netgrimoire.com + - PASS: homepage.description=Recipe Manager + +2. **Uptime Kuma labels:** + - FAIL: Missing Uptime Kuma labels. No Kuma-related labels are present in the file. + +3. **Caddy labels on exposed services:** + - PASS: caddy=recipe.netgrimoire.com + - PASS: caddy.reverse_proxy=recipe:9000 + +4. **Placement constraints:** + - PASS: node.hostname == docker4 + +5. **Volumes use /DockerVol/ path convention:** + - PASS: /DockerVol/mealie:/app/data + +6. **Network references external netgrimoire overlay:** + - PASS: netgrimoire network is referenced as external. + +**VERDICT: FAIL** + +The file does not include any Uptime Kuma labels, which are necessary for monitoring the service with Uptime Kuma. \ No newline at end of file diff --git a/Netgrimoire/Audits/ntfy-2026-04-03.md b/Netgrimoire/Audits/ntfy-2026-04-03.md new file mode 100644 index 0000000..cea37bb --- /dev/null +++ b/Netgrimoire/Audits/ntfy-2026-04-03.md @@ -0,0 +1,41 @@ +--- +title: Audit - ntfy.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:05:29.837Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:05:29.837Z +--- + +# Audit Report — ntfy.yaml + +**Date:** 2026-04-03 +**File:** swarm/ntfy.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**Audit Report for swarm/ntfy.yaml** + +1. **Homepage labels**: NOT APPLICABLE - The configuration file does not include any homepage labels. + +2. **Uptime Kuma labels**: NOT APPLICABLE - The configuration file does not include Uptime Kuma labels. + +3. **Caddy labels on exposed services**: + - PASS: `caddy=ntfy.netgrimoire.com` + - PASS: `caddy.reverse_proxy` + +4. **Placement constraints**: NOT APPLICABLE - The configuration file does not include any placement constraints. + +5. **Volumes use /DockerVol/ path convention**: + - FAIL: Volumes are using `/data/nfs/znas/Docker/ntfy/cache` and `/data/nfs/znas/Docker/ntfy/etc`, which do not follow the `/DockerVol/` path convention. + **Fix**: Update volumes to use a path like `/DockerVol/ntfy/cache` and `/DockerVol/ntfy/etc`. + +6. **Network references external netgrimoire overlay**: + - PASS: The network `netgrimoire` is referenced as an external network. + +**VERDICT: FAIL** + +The volume paths do not conform to the specified convention, which could lead to management and organization issues in the future. Ensure all volumes follow the `/DockerVol/` path convention for better consistency and ease of maintenance. \ No newline at end of file diff --git a/Netgrimoire/Audits/nzbget-2026-04-03.md b/Netgrimoire/Audits/nzbget-2026-04-03.md new file mode 100644 index 0000000..e8e5215 --- /dev/null +++ b/Netgrimoire/Audits/nzbget-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - nzbget.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:06:10.689Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:06:10.689Z +--- + +# Audit Report — nzbget.yaml + +**Date:** 2026-04-03 +**File:** swarm/nzbget.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT + +1. **Homepage labels**: + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels**: + - `kuma.nzbget.http.name`: PASS + - `kuma.nzbget.http.url`: PASS + +3. **Caddy labels on exposed services**: + - `caddy=nzbget.netgrimoire.com`: PASS + - `caddy.reverse_proxy="{{upstreams 6789}}"`: PASS + +4. **Placement constraints**: + - `node.hostname=docker5`: PASS + +5. **Volumes use `/DockerVol/` path convention**: + - `/DockerVol/nzbget/config:/config`: PASS + - `/data/nfs/znas/Green/:/data:shared`: FAIL (Volume paths should follow the `/DockerVol/` convention) + +6. **Network references external `netgrimoire` overlay**: + - `networks`: PASS + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/ollama-2026-04-03.md b/Netgrimoire/Audits/ollama-2026-04-03.md new file mode 100644 index 0000000..0c025fd --- /dev/null +++ b/Netgrimoire/Audits/ollama-2026-04-03.md @@ -0,0 +1,53 @@ +--- +title: Audit - ollama.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:07:35.106Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:07:35.106Z +--- + +# Audit Report — ollama.yaml + +**Date:** 2026-04-03 +**File:** swarm/ollama.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +1. **Homepage labels**: + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels**: + - `kuma.ollama.http.name`: PASS + - `kuma.ollama.http.url`: PASS + - `kuma.openwebui.http.name`: PASS + - `kuma.openwebui.http.url`: PASS + - `kuma.qdrant.http.name`: PASS + - `kuma.qdrant.http.url`: PASS + - `kuma.n8n.http.name`: PASS + - `kuma.n8n.http.url`: PASS + +3. **Caddy labels on exposed services**: + - `caddy=ai.netgrimoire.com` and `caddy.reverse_proxy={{upstreams 8080}}`: PASS + - `caddy=n8n.netgrimoire.com` and `caddy.reverse_proxy={{upstreams 5678}}`: PASS + +4. **Placement constraints**: + - `node.hostname == docker4`: PASS for all services + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/ollama` for ollama: PASS + - `/DockerVol/open-webui` for open-webui: PASS + - `/DockerVol/qdrant` for qdrant: PASS + - `/DockerVol/n8n` for n8n: PASS + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: PASS + +**VERDICT: PASS** \ No newline at end of file diff --git a/Netgrimoire/Audits/phpipam-2026-04-03.md b/Netgrimoire/Audits/phpipam-2026-04-03.md new file mode 100644 index 0000000..7915d7d --- /dev/null +++ b/Netgrimoire/Audits/phpipam-2026-04-03.md @@ -0,0 +1,57 @@ +--- +title: Audit - phpipam.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:08:37.768Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:08:37.768Z +--- + +# Audit Report — phpipam.yaml + +**Date:** 2026-04-03 +**File:** swarm/phpipam.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +1. **Homepage labels**: + - `homepage.group`: Management + - `homepage.name`: phpIPAM + - `homepage.icon`: ipam.png + - `homepage.href`: http://ipam.netgrimoire.com + - `homepage.description`: IP Address Management + + **PASS**: All homepage labels are correctly set. + +2. **Uptime Kuma labels**: + - `kuma..http.name` + - `kuma..http.url` + + **FAIL**: No Uptime Kuma service is defined in the YAML file, so these labels do not apply. + +3. **Caddy labels on exposed services**: + - `caddy=ipam.netgrimoire.com` + - `caddy.reverse_proxy="{{upstreams 80}}"` + + **PASS**: Caddy labels are correctly set for the phpIPAM-web service. + +4. **Placement constraints**: + - `node.hostname == docker3` + + **FAIL**: The placement constraint is applied to all services, but it should be verified that `docker3` node exists and is available. Additionally, consider using a more dynamic constraint if possible (e.g., based on resource availability). + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/phpipam/phpipam-logo:/phpipam/css/images/logo` + - `/DockerVol/phpipam/mariadb:/var/lib/mysql` + + **PASS**: All volumes follow the specified path convention. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network is referenced by all services. + + **PASS**: The `netgrimoire` network is correctly referenced as an external overlay network. + +**VERDICT: PASS** \ No newline at end of file diff --git a/Netgrimoire/Audits/pinchflat-2026-04-03.md b/Netgrimoire/Audits/pinchflat-2026-04-03.md new file mode 100644 index 0000000..4c9109f --- /dev/null +++ b/Netgrimoire/Audits/pinchflat-2026-04-03.md @@ -0,0 +1,54 @@ +--- +title: Audit - pinchflat.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:09:34.505Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:09:34.505Z +--- + +# Audit Report — pinchflat.yaml + +**Date:** 2026-04-03 +**File:** swarm/pinchflat.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +### SWARM AUDIT CHECKS: + +1. **Homepage labels**: + - `homepage.group`: "Downloaders" - PASS + - `homepage.name`: "PinchFlat" - PASS + - `homepage.icon`: "pinchflat.png" - FAIL (icon path should be accessible) + - `homepage.href`: "https://pinchflat.netgrimoire.com" - PASS + - `homepage.description`: "YouTube Library" - PASS + +2. **Uptime Kuma labels**: + - `kuma.pf.http.name`: "PinchFlat" - PASS + - `kuma.pf.http.url`: "http://pinchflat:8945" - PASS + +3. **Caddy labels on exposed services**: + - `caddy=pinchflat.netgrimoire.com` - PASS + - `caddy.import=authentik` - PASS + - `caddy.reverse_proxy=pinchflat:8945` - PASS + +4. **Placement constraints**: + - `node.hostname==nas` - PASS + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/pinchflat/config:/config` - PASS + - `/data/nfs/Baxter/Data/media/other/pinchflat:/downloads` - FAIL (should follow the /DockerVol/ convention) + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network is external - PASS + +### FIXES: + +- Update `homepage.icon` to a valid accessible path. +- Change `/data/nfs/Baxter/Data/media/other/pinchflat:/downloads` to follow the convention by placing it under `/DockerVol/pinchflat/downloads`. + +### VERDICT: +FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/portainer-agent-stack-2026-04-03.md b/Netgrimoire/Audits/portainer-agent-stack-2026-04-03.md new file mode 100644 index 0000000..2acbd37 --- /dev/null +++ b/Netgrimoire/Audits/portainer-agent-stack-2026-04-03.md @@ -0,0 +1,67 @@ +--- +title: Audit - portainer-agent-stack.yml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:10:38.984Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:10:38.984Z +--- + +# Audit Report — portainer-agent-stack.yml + +**Date:** 2026-04-03 +**File:** swarm/portainer-agent-stack.yml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit Results: + +1. **Homepage labels**: + - `homepage.group`: Present + - `homepage.name`: Present + - `homepage.icon`: Present + - `homepage.href`: Present + - `homepage.description`: Present + +2. **Uptime Kuma labels**: + - `kuma.prt.http.name`: Missing (Expected: "Portainer") + - `kuma.prt.http.url`: Missing (Expected: "http://portainer:9000") + +3. **Caddy labels on exposed services**: + - `caddy=docker.netgrimoire.com`: Present + - `caddy.reverse_proxy="http://portainer:9000"`: Present + +4. **Placement constraints**: + - `node.hostname == znas`: Present (Note: This constraint might not be ideal for a global service, but it's specified as per the file.) + +5. **Volumes use `/DockerVol/` path convention**: + - Volume `/DockerVol/portainer`: Present + - Volume `/var/run/docker.sock`: Absent (Not following the `/DockerVol/` convention) + - Volume `/var/lib/docker/volumes`: Absent (Not following the `/DockerVol/` convention) + +6. **Network references external `netgrimoire` overlay**: + - `networks: netgrimoire`: Present + +### Issues and Fixes: + +- **Uptime Kuma labels**: Add the missing labels with the correct values. + ```yaml + - kuma.prt.http.name="Portainer" + - kuma.prt.http.url=http://portainer:9000 + ``` + +- **Volume use `/DockerVol/` path convention**: Adjust the volumes to follow the convention. + ```yaml + volumes: + - /DockerVol/agent/var/run/docker.sock:/var/run/docker.sock + - /DockerVol/agent/var/lib/docker/volumes:/var/lib/docker/volumes + ``` + +### Final Verdict: + +VERDICT: FAIL + +Reasons for failure include missing Uptime Kuma labels and non-conformity with the `/DockerVol/` volume path convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/profilarr-2026-04-03.md b/Netgrimoire/Audits/profilarr-2026-04-03.md new file mode 100644 index 0000000..77090a3 --- /dev/null +++ b/Netgrimoire/Audits/profilarr-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - profilarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:11:28.457Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:11:28.457Z +--- + +# Audit Report — profilarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/profilarr.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +1. **Homepage labels**: + - `homepage.group`: "Jolly Roger" - PASS + - `homepage.name`: "Profilarr" - PASS + - `homepage.icon`: "profilarr" - PASS (Note: This should be a valid icon URL or path, not just the name of the service) + - `homepage.href`: "https://profilarr.netgrimoire.com" - PASS + - `homepage.description`: "Profilarr" - PASS + +2. **Uptime Kuma labels**: + - `kuma.profilarr.http.name`: "profilarr" - PASS + - `kuma.profilarr.http.url`: "http://profilarr.netgrimoire.com" - PASS + +3. **Caddy labels on exposed services**: + - `caddy: "profilarr.netgrimoire.com"` - PASS + - `caddy.reverse_proxy: "{{upstreams 6868}}"` - PASS + +4. **Placement constraints**: + - `node.hostname == docker4` - PASS + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/profilarr:/config` - PASS + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network is marked as `external: true`, ensuring it is referenced correctly in the compose file. - PASS + +VERDICT: PASS \ No newline at end of file diff --git a/Netgrimoire/Audits/radarr-2026-04-03.md b/Netgrimoire/Audits/radarr-2026-04-03.md new file mode 100644 index 0000000..f7d3241 --- /dev/null +++ b/Netgrimoire/Audits/radarr-2026-04-03.md @@ -0,0 +1,27 @@ +--- +title: Audit - radarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:11:58.614Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:11:58.614Z +--- + +# Audit Report — radarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/radarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +- **Homepage labels**: PASS +- **Uptime Kuma labels**: PASS +- **Caddy labels on exposed services**: FAIL - The `caddy.reverse_proxy` label should use the service name, not just the port. Fix: Change to `- caddy.reverse_proxy={{upstreams radarr}}`. +- **Placement constraints**: PASS +- **Volumes use /DockerVol/ path convention**: PASS +- **Network references external netgrimoire overlay**: PASS + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/readarr-2026-04-03.md b/Netgrimoire/Audits/readarr-2026-04-03.md new file mode 100644 index 0000000..3cf416a --- /dev/null +++ b/Netgrimoire/Audits/readarr-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - readarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:12:56.461Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:12:56.461Z +--- + +# Audit Report — readarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/readarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT REPORT for `swarm/readarr.yaml` + +#### Homepage Labels: +1. **PASS**: homepage.group = Jolly Roger +2. **PASS**: homepage.name = Readarr +3. **PASS**: homepage.icon = readarr.png +4. **PASS**: homepage.href = http://readarr.netgrimoire.com +5. **PASS**: homepage.description = Ebook Library + +#### Uptime Kuma Labels: +1. **FAIL**: Missing `kuma.readarr.http.name` and `kuma.readarr.http.url`. These labels are necessary for integration with Uptime Kuma. + +#### Caddy Labels on Exposed Services: +1. **PASS**: caddy=readarr.netgrimoire.com +2. **PASS**: caddy.reverse_proxy="{{upstreams 8787}}" + - **ISSUE**: The use of `{{upstreams 8787}}` may not work as expected in a multi-container environment. It should be replaced with the actual service name if it's part of the same stack. + - **FIX**: Replace `{{upstreams 8787}}` with `http://readarr:8787`. + +#### Placement Constraints: +1. **PASS**: node.hostname == docker4 + +#### Volumes Use `/DockerVol/` Path Convention: +1. **PASS**: /DockerVol/readarr/config +2. **FAIL**: /data/nfs/Baxter/Data does not follow the `/DockerVol/` convention. It should be placed under `/DockerVol/readarr/data`. + +#### Network References External `netgrimoire` Overlay: +1. **PASS**: netgrimoire network is external + +### VERDICT: FAIL + +The report indicates several issues that need to be addressed to fully comply with the specified guidelines. Ensure all labels are correctly defined, adhere to volume naming conventions, and review Caddy configurations for proper service integration. \ No newline at end of file diff --git a/Netgrimoire/Audits/recyclarr-2026-04-03.md b/Netgrimoire/Audits/recyclarr-2026-04-03.md new file mode 100644 index 0000000..60fd550 --- /dev/null +++ b/Netgrimoire/Audits/recyclarr-2026-04-03.md @@ -0,0 +1,31 @@ +--- +title: Audit - recyclarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:13:33.974Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:13:33.974Z +--- + +# Audit Report — recyclarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/recyclarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: NOT APPLICABLE (No homepage labels specified in the provided YAML). +2. **Uptime Kuma labels**: NOT APPLICABLE (No Uptime Kuma service or labels specified in the provided YAML). +3. **Caddy labels on exposed services**: NOT APPLICABLE (No Caddy service or reverse proxy configuration specified in the provided YAML). +4. **Placement constraints**: + - PASS: The `node.hostname == docker4` constraint is correctly applied. +5. **Volumes use /DockerVol/ path convention**: + - FAIL: The volume path `/data/nfs/Baxter/Docker/recyclarr:/config` does not follow the `/DockerVol/recyclarr` path convention. + - **Fix**: Change the volume path to `/DockerVol/recyclarr/config`. +6. **Network references external netgrimoire overlay**: + - PASS: The network `netgrimoire` is correctly referenced as an external network. + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/roundcube-2026-04-03.md b/Netgrimoire/Audits/roundcube-2026-04-03.md new file mode 100644 index 0000000..4bf9b31 --- /dev/null +++ b/Netgrimoire/Audits/roundcube-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - roundcube.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:14:30.315Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:14:30.315Z +--- + +# Audit Report — roundcube.yaml + +**Date:** 2026-04-03 +**File:** swarm/roundcube.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +**Audit Report for swarm/roundcube.yaml** + +1. **Homepage Labels**: + - `homepage.group`: Present (`E-Mail`) + - `homepage.name`: Present (`Roundcube`) + - `homepage.icon`: Present (`roundcube.png`) + - `homepage.href`: Present (`http://webmail.netgrimoire.com`) + - `homepage.description`: Present (`E-mail client`) + +2. **Uptime Kuma Labels**: + - `kuma.rc.http.name="Mealie"`: Incorrect syntax, should be `kuma.rc.http.name=Mealie` + - `kuma.mrc.http.url=http://roundcube:80`: Correct + +3. **Caddy Labels on Exposed Services**: + - `caddy`: Present (`webmail.netgrimoire.com`, `webmail.gnarlypandaproductions.com`, `webmail.pncharris.com`, `webmail.pncfishandmore.com`, `webmail.pncharrisenterprises.com`, `webmail.florosafd.org`) + - `caddy.reverse_proxy`: Present (`{{upstreams 80}}`) + +4. **Placement Constraints**: + - `node.hostname`: Present and correct (`docker4`) + +5. **Volumes Use /DockerVol/ Path Convention**: + - `/DockerVol/roundcube/www:/var/www/html`: Correct + +6. **Network References External netgrimoire Overlay**: + - `netgrimoire` network: Present and external + - `mailcow-network` network: Present and external + +**VERDICT**: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/sabnzbd-2026-04-03.md b/Netgrimoire/Audits/sabnzbd-2026-04-03.md new file mode 100644 index 0000000..66bcf5b --- /dev/null +++ b/Netgrimoire/Audits/sabnzbd-2026-04-03.md @@ -0,0 +1,48 @@ +--- +title: Audit - sabnzbd.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:15:29.656Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:15:29.656Z +--- + +# Audit Report — sabnzbd.yaml + +**Date:** 2026-04-03 +**File:** swarm/sabnzbd.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: All homepage labels are present and correctly formatted. + - `homepage.group=Jolly Roger` + - `homepage.name=Sabnzbd` + - `homepage.icon=sabnzbd.png` + - `homepage.href=http://sabnzbd.netgrimoire.com` + - `homepage.description=Usenet Downloader` + +2. **Uptime Kuma labels**: Both `kuma.sab.http.name` and `kuma.sab.http.url` are present. + - `kuma.sab.http.name="Sabnzbd"` + - `kuma.sab.http.url=http://sabnzbd:8080` + +3. **Caddy labels on exposed services**: Caddy labels include both the domain and reverse proxy settings. + - `caddy=sabnzbd.netgrimoire.com` + - `caddy.reverse_proxy="{{upstreams 8080}}"` + +4. **Placement constraints**: The placement constraint is referencing a specific node label (`node.labels.general == true`). This needs to be updated to reference the node's hostname instead for better clarity. + - Current: `- node.labels.general == true` + - Fix: Update to use `node.hostname` if appropriate, or keep the original if `general` is indeed a valid label. + +5. **Volumes use /DockerVol/ path convention**: The volumes do not follow the `/DockerVol/` path convention. + - Current paths: + - `/data/nfs/znas/Data/:/data:shared` + - `/data/nfs/znas/Docker/Sabnzbd:/config` + +6. **Network references external netgrimoire overlay**: The network reference is correctly set to the `netgrimoire` network, which is marked as external. + +**VERDICT: FAIL** + +The placement constraint should be updated for clarity and the volumes should adhere to the specified path convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/scanopy-2026-04-03.md b/Netgrimoire/Audits/scanopy-2026-04-03.md new file mode 100644 index 0000000..7414f6e --- /dev/null +++ b/Netgrimoire/Audits/scanopy-2026-04-03.md @@ -0,0 +1,50 @@ +--- +title: Audit - scanopy.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:17:06.276Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:17:06.276Z +--- + +# Audit Report — scanopy.yaml + +**Date:** 2026-04-03 +**File:** swarm/scanopy.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT — check ALL of the following: + +1. **Homepage labels**: + - `homepage.group`: "Monitoring" (PASS) + - `homepage.name`: "Scanopy" (PASS) + - `homepage.icon`: "scanopy.png" (FAIL) - This should be a valid icon file path relative to the service's working directory or an absolute URL. + - `homepage.href`: "https://scan.netgrimoire.com" (PASS) + - `homepage.description`: "Network discovery & topology" (PASS) + +2. **Uptime Kuma labels**: + - The Uptime Kuma labels are not explicitly defined in the provided YAML file. Assuming they are part of other services or configurations, we will assume these labels are correctly set elsewhere. + +3. **Caddy labels on exposed services**: + - `caddy: "scn.netgrimoire.com"` (PASS) + - `caddy.reverse_proxy`: "{{upstreams 60072}}" (PASS) + +4. **Placement constraints**: + - All services have placement constraints (`node.hostname == docker4`) which are correctly set (PASS). + +5. **Volumes use /DockerVol/ path convention**: + - `postgres` volume: `/DockerVol/scanopy/postgres:/var/lib/postgresql/data` (PASS) + - `server` volume: `/DockerVol/scanopy/server-data:/data` (PASS) + - `daemon` volume: `/DockerVol/scanopy/daemon-config:/root/.config/daemon` (PASS) + +6. **Network references external netgrimoire overlay**: + - All services reference the `netgrimoire` network which is marked as external (PASS). + +### Final Verdict +VERDICT: FAIL + +The issue identified is that the `homepage.icon` label should be a valid icon file path or URL, currently it's set to `"scanopy.png"`, which may not be accessible or correct. Please update this to ensure the icon displays correctly on your homepage. \ No newline at end of file diff --git a/Netgrimoire/Audits/sonarr-2026-04-03.md b/Netgrimoire/Audits/sonarr-2026-04-03.md new file mode 100644 index 0000000..3f31138 --- /dev/null +++ b/Netgrimoire/Audits/sonarr-2026-04-03.md @@ -0,0 +1,47 @@ +--- +title: Audit - sonarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:17:56.262Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:17:56.262Z +--- + +# Audit Report — sonarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/sonarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT REPORT** + +1. **Homepage labels**: + - **PASS**: homepage.group=Jolly Roger + - **PASS**: homepage.name=Sonarr + - **PASS**: homepage.icon=sonarr.png + - **FAIL**: homepage.href=http://sonarr.netgrimoire.com should be http://sonarr:8989 (Relative URL recommended for internal services). + - **PASS**: homepage.description=Television Library + +2. **Uptime Kuma labels**: + - **FAIL**: No kuma labels found. + +3. **Caddy labels on exposed services**: + - **PASS**: caddy=sonarr.netgrimoire.com + - **PASS**: caddy.reverse_proxy="sonarr:8989" + +4. **Placement constraints**: + - **PASS**: node.hostname==docker5 + +5. **Volumes use /DockerVol/ path convention**: + - **FAIL**: /data/nfs/znas/Data/:/data should be /DockerVol/Sonarr/data to adhere to the specified convention. + +6. **Network references external netgrimoire overlay**: + - **PASS**: Network netgrimoire is referenced as external. + +**VERDICT: FAIL** + +The configuration contains several issues that need to be addressed for a successful audit. The homepage and Caddy labels require specific fixes, while the volume path does not comply with the established convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/termix-2026-04-03.md b/Netgrimoire/Audits/termix-2026-04-03.md new file mode 100644 index 0000000..4b01cf6 --- /dev/null +++ b/Netgrimoire/Audits/termix-2026-04-03.md @@ -0,0 +1,46 @@ +--- +title: Audit - termix.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:18:39.128Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:18:39.128Z +--- + +# Audit Report — termix.yaml + +**Date:** 2026-04-03 +**File:** swarm/termix.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT RESULTS + +#### Homepage Labels +- **PASS**: `homepage.group`: Remote Access +- **PASS**: `homepage.name`: Termix +- **PASS**: `homepage.icon`: terminal +- **PASS**: `homepage.href`: https://termix.netgrimoire.com +- **PASS**: `homepage.description`: Web-based terminal interface + +#### Uptime Kuma Labels +- **PASS**: `kuma.termix.http.name`: Termix +- **PASS**: `kuma.termix.http.url`: https://termix.netgrimoire.com + +#### Caddy Labels +- **FAIL**: Missing `caddy=` label. Add `caddy=termix.netgrimoire.com`. +- **FAIL**: Missing `caddy.reverse_proxy` label. Add `caddy.reverse_proxy: termix:8080`. + +#### Placement Constraints +- **PASS**: `node.hostname == docker4` + +#### Volumes Path Convention +- **PASS**: `/DockerVol/termix:/app/data` adheres to the convention + +#### Network References +- **PASS**: References the external `netgrimoire` network + +### VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/tmm-2026-04-03.md b/Netgrimoire/Audits/tmm-2026-04-03.md new file mode 100644 index 0000000..4f235b8 --- /dev/null +++ b/Netgrimoire/Audits/tmm-2026-04-03.md @@ -0,0 +1,52 @@ +--- +title: Audit - tmm.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:19:40.493Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:19:40.493Z +--- + +# Audit Report — tmm.yaml + +**Date:** 2026-04-03 +**File:** swarm/tmm.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### SWARM AUDIT RESULTS: + +1. **Homepage labels**: + - `homepage.group`: "Media Management" - PASS + - `homepage.name`: "Tiny Media Manager" - PASS + - `homepage.icon`: "troddit.png" - PASS + - `homepage.href`: "https://tmm.netgrimoire.com" - PASS + - `homepage.description`: "Media Manager" - PASS + +2. **Uptime Kuma labels**: + - No Kuma labels found. Uptime Kuma is not included in this service's deployment configuration. + +3. **Caddy labels on exposed services**: + - `caddy=tmm.netgrimoire.com` - PASS + - `caddy.reverse_proxy=tinymediamanager_service:4000` - PASS + +4. **Placement constraints**: + - No placement constraints defined (`node.hostname`). This is acceptable if there are no specific node requirements. + +5. **Volumes use /DockerVol/ path convention**: + - `/data/nfs/Baxter/Docker/tinymediamanager:/config:rw` - FAIL + - Issue: The volume does not follow the `/DockerVol/` path convention. + - Fix: Update to `/DockerVol/tinymediamanager/config`. + + - `/data/nfs/Baxter:/media:rw` - PASS + - Note: This volume follows the general practice of using a separate data directory but does not follow the specific `/DockerVol/` convention. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire` network is referenced as `external: true`. + +### VERDICT: FAIL + +The audit failed due to a volume path that does not adhere to the specified convention. All other checks passed. \ No newline at end of file diff --git a/Netgrimoire/Audits/tunarr-2026-04-03.md b/Netgrimoire/Audits/tunarr-2026-04-03.md new file mode 100644 index 0000000..f490d71 --- /dev/null +++ b/Netgrimoire/Audits/tunarr-2026-04-03.md @@ -0,0 +1,30 @@ +--- +title: Audit - tunarr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:20:23.850Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:20:23.850Z +--- + +# Audit Report — tunarr.yaml + +**Date:** 2026-04-03 +**File:** swarm/tunarr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +**SWARM AUDIT — check ALL of the following:** + +1. **Homepage labels**: All homepage labels are present. +2. **Uptime Kuma labels**: The labels `kuma.tunarr.http.name` and `kuma.tunarr.http.url` are present, but there is no label for another service (``) specified in the Uptime Kuma documentation. Assuming this is a single service, it is acceptable. +3. **Caddy labels on exposed services**: The Caddy labels `caddy=tunarr.netgrimoire.com` and `caddy.reverse_proxy="{{upstreams 8000}}"` are present. +4. **Placement constraints**: The placement constraint `node.labels.general == true` is not valid. It should be `node.role == "manager"` or another appropriate role if using a manager node. +5. **Volumes use /DockerVol/ path convention**: The volumes follow the convention, e.g., `/data/nfs/Baxter/Docker/tunarr/config`. +6. **Network references external netgrimoire overlay**: The network `netgrimoire` is referenced correctly and is an external network. + +**Final line:** +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/vault-2026-04-03.md b/Netgrimoire/Audits/vault-2026-04-03.md new file mode 100644 index 0000000..81af8c3 --- /dev/null +++ b/Netgrimoire/Audits/vault-2026-04-03.md @@ -0,0 +1,62 @@ +--- +title: Audit - vault.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:21:32.070Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:21:32.070Z +--- + +# Audit Report — vault.yaml + +**Date:** 2026-04-03 +**File:** swarm/vault.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: + - `homepage.group`: "Backup" + - `homepage.name`: "Vault" + - `homepage.icon`: "kopia.png" + - `homepage.href`: "https://vault.netgrimoire.com" + - `homepage.description`: "Snapshot backup and deduplication" + + **PASS**: All homepage labels are correctly defined. + +2. **Uptime Kuma labels**: + - `kuma.kopia.http.name`: "Kopia Web" + - `kuma.kopia.http.url`: "http://vault:51515" + + **PASS**: Uptime Kuma labels are correctly defined. + +3. **Caddy labels on exposed services**: + - `caddy: vault.netgrimoire.com` + - `caddy.reverse_proxy: "https://kopia-server-vault:51516"` + + **FAIL**: The `caddy.reverse_proxy` label is incorrectly configured. It should point to the correct service, likely "vault" instead of "kopia-server-vault". + +4. **Placement constraints**: + - `node.hostname == znas` + + **PASS**: Placement constraint correctly targets a specific node. + +5. **Volumes use /DockerVol/ path convention**: + - `/DockerVol/vault/config:/app/config` + - `/DockerVol/vault/cache:/app/cache` + - `/DockerVol/vault/cert:/app/cert` + - `/srv/vault/backup/repository:/vault` + - `/DockerVol/vault/logs:/app/logs` + + **FAIL**: Volume paths do not follow the `/DockerVol/` convention. The volume path for the backup repository should be `/DockerVol/vault/backup/repository`. + +6. **Network references external netgrimoire overlay**: + - `netgrimoire`: External + + **PASS**: Network reference is correctly set to an external network. + +**VERDICT: FAIL** + +The configuration contains issues that need to be addressed for the infrastructure to meet the specified standards and function correctly. \ No newline at end of file diff --git a/Netgrimoire/Audits/vaultwarden-2026-04-03.md b/Netgrimoire/Audits/vaultwarden-2026-04-03.md new file mode 100644 index 0000000..b0fe064 --- /dev/null +++ b/Netgrimoire/Audits/vaultwarden-2026-04-03.md @@ -0,0 +1,45 @@ +--- +title: Audit - vaultwarden.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:22:15.425Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:22:15.425Z +--- + +# Audit Report — vaultwarden.yaml + +**Date:** 2026-04-03 +**File:** swarm/vaultwarden.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels:** + - `homepage.group`: PASS + - `homepage.name`: PASS + - `homepage.icon`: PASS + - `homepage.href`: PASS + - `homepage.description`: PASS + +2. **Uptime Kuma labels:** + - No Uptime Kuma labels are defined in the file. This is a potential issue since it might be required for proper monitoring and management of the service. + +3. **Caddy labels on exposed services:** + - `caddy=pass.netgrimoire.com`: PASS + - `caddy.reverse_proxy=bitwarden:80`: PASS + +4. **Placement constraints:** + - `node.hostname == docker3`: PASS + +5. **Volumes use /DockerVol/ path convention:** + - `/DockerVol/bitwarden:/data`: PASS + +6. **Network references external netgrimoire overlay:** + - `networks: netgrimoire` with `external: true`: PASS + +**VERDICT: FAIL** + +The main issue is the absence of Uptime Kuma labels, which could affect monitoring and management of the service. This should be addressed to ensure comprehensive infrastructure auditing. \ No newline at end of file diff --git a/Netgrimoire/Audits/vikunja-2026-04-03.md b/Netgrimoire/Audits/vikunja-2026-04-03.md new file mode 100644 index 0000000..4d52d86 --- /dev/null +++ b/Netgrimoire/Audits/vikunja-2026-04-03.md @@ -0,0 +1,44 @@ +--- +title: Audit - vikunja.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:23:18.317Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:23:18.317Z +--- + +# Audit Report — vikunja.yaml + +**Date:** 2026-04-03 +**File:** swarm/vikunja.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit Report for `swarm/vikunja.yaml` + +#### Homepage Labels +**PASS**: The labels `homepage.group`, `homepage.name`, `homepage.icon`, `homepage.href`, and `homepage.description` are correctly defined. + +#### Uptime Kuma Labels +**FAIL**: +- **Issue**: The configuration specifies the labels `kuma.vik.http.name` and `kuma.vik.http.url`, but there is no indication of multiple instances or a loop through them. +- **Fix**: Define multiple instances or use a loop if needed, e.g., `kuma.0.http.name`, `kuma.0.http.url`. + +#### Caddy Labels on Exposed Services +**PASS**: The labels `caddy=task.netgrimoire.com`, `caddy.import: authentik`, and `caddy.reverse_proxy: "{{upstreams 3456}}"` are correctly defined. + +#### Placement Constraints +**PASS**: The constraints `node.hostname == docker4` are applied to both services. + +#### Volumes Use `/DockerVol/` Path Convention +**PASS**: Both services use the correct path convention for volumes, e.g., `/DockerVol/vikunja/files` and `/DockerVol/vikunja/db`. + +#### Network References External `netgrimoire` Overlay +**PASS**: The network `netgrimoire` is correctly referenced as external. + +### VERDICT: FAIL + +The audit found one issue that needs to be addressed before the configuration can be considered fully compliant. \ No newline at end of file diff --git a/Netgrimoire/Audits/vscode-2026-04-03.md b/Netgrimoire/Audits/vscode-2026-04-03.md new file mode 100644 index 0000000..88b7e43 --- /dev/null +++ b/Netgrimoire/Audits/vscode-2026-04-03.md @@ -0,0 +1,27 @@ +--- +title: Audit - vscode.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:23:58.891Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:23:58.891Z +--- + +# Audit Report — vscode.yaml + +**Date:** 2026-04-03 +**File:** swarm/vscode.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: PASS - All required labels are present and correctly formatted. +2. **Uptime Kuma labels**: PASS - `kuma.cs.http.name` and `kuma.cs.http.url` are correctly set. +3. **Caddy labels on exposed services**: PASS - `caddy=code.netgrimoire.com` and `caddy.reverse_proxy=code-server:8443` are correctly specified. +4. **Placement constraints**: PASS - The constraint `node.hostname == znas` is present. +5. **Volumes use /DockerVol/ path convention**: FAIL - The volume for `Projects` does not follow the `/DockerVol/` path convention. It should be renamed to `/DockerVol/Code/projects`. +6. **Network references external netgrimoire overlay**: PASS - The network `netgrimoire` is correctly referenced as external. + +**VERDICT: FAIL** \ No newline at end of file diff --git a/Netgrimoire/Audits/wallo-2026-04-03.md b/Netgrimoire/Audits/wallo-2026-04-03.md new file mode 100644 index 0000000..3c688d6 --- /dev/null +++ b/Netgrimoire/Audits/wallo-2026-04-03.md @@ -0,0 +1,54 @@ +--- +title: Audit - wallo.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:24:58.197Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:24:58.197Z +--- + +# Audit Report — wallo.yaml + +**Date:** 2026-04-03 +**File:** swarm/wallo.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +### Audit Report for `wallo.yaml` + +1. **Homepage labels**: + - `homepage.group`: "PNCHarris Apps" (PASS) + - `homepage.name`: "Wallos" (PASS) + - `homepage.icon`: "wallos.png" (FAIL) - Missing value. + - `homepage.href`: "https://expense.netgrimoire.com" (PASS) + - `homepage.description`: "Subscription Manager" (PASS) + +2. **Uptime Kuma labels**: + - `kuma.wallos.http.name`: "Wallos" (PASS) + - `kuma.wallos.http.url`: "http://wallos:80" (PASS) + +3. **Caddy labels on exposed services**: + - `caddy=expense.netgrimoire.com` (PASS) + - `caddy.reverse_proxy=wallos:80` (PASS) + +4. **Placement constraints**: node.hostname + - No placement constraints specified in the `deploy` block (FAIL) - Add `placement.constraints: [node.labels.hostname == "your-hostname"]` as needed. + +5. **Volumes use /DockerVol/ path convention**: + - `/data/nfs/Baxter/Docker/wallos/db:/var/www/html/db` (FAIL) - Volumes do not follow the `/DockerVol/` convention. + - `/data/nfs/Baxter/Docker/wallos/logos:/var/www/html/images/uploads/logos` (FAIL) + +6. **Network references external netgrimoire overlay**: + - Network `netgrimoire` is referenced as external (PASS) + +### Fix Recommendations + +- Correct the homepage icon value. +- Add placement constraints if needed for specific node placement. +- Rename and relocate volumes to follow the `/DockerVol/` convention, e.g., `/DockerVol/wallos/db:/var/www/html/db`. + +### Final Verdict +VERDICT: FAIL \ No newline at end of file diff --git a/Netgrimoire/Audits/web-2026-04-03.md b/Netgrimoire/Audits/web-2026-04-03.md new file mode 100644 index 0000000..05eccb7 --- /dev/null +++ b/Netgrimoire/Audits/web-2026-04-03.md @@ -0,0 +1,45 @@ +--- +title: Audit - web.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:25:48.458Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:25:48.458Z +--- + +# Audit Report — web.yaml + +**Date:** 2026-04-03 +**File:** swarm/web.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: + - `homepage.name` is present. + - `homepage.icon` is present. + - `homepage.href` is missing. Add it with the appropriate value. + - `homepage.description` is missing. Consider adding a description for clarity. + +2. **Uptime Kuma labels**: + - `kuma.web.http.name` is present. + - `kuma.web.http.url` is present. + +3. **Caddy labels on exposed services**: + - `caddy=www.netgrimoire.com` is present. + - `caddy.reverse_proxy="web:80"` is present. + +4. **Placement constraints**: + - `node.labels.cpu == amd` is present, but it should be `node.labels.cpu == "amd"` for better readability. + +5. **Volumes use `/DockerVol/` path convention**: + - The volumes are not using the `/DockerVol/` path convention. They are located at `/data/nfs/znas/Docker/web/pages` and `/data/nfs/znas/Docker/web/apache`. Consider creating a symbolic link or moving these volumes to follow the convention. + +6. **Network references external `netgrimoire` overlay**: + - The network is correctly referencing an external `netgrimoire` overlay. + +**VERDICT: FAIL** + +The homepage labels are missing `homepage.href` and `homepage.description`. Additionally, the volumes need to be moved or symlinked to follow the `/DockerVol/` path convention. \ No newline at end of file diff --git a/Netgrimoire/Audits/whisparr-2026-04-03.md b/Netgrimoire/Audits/whisparr-2026-04-03.md new file mode 100644 index 0000000..0127f65 --- /dev/null +++ b/Netgrimoire/Audits/whisparr-2026-04-03.md @@ -0,0 +1,42 @@ +--- +title: Audit - whisparr.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:27:24.537Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:27:24.537Z +--- + +# Audit Report — whisparr.yaml + +**Date:** 2026-04-03 +**File:** swarm/whisparr.yaml +**Type:** Docker Swarm +**Verdict:** FAIL + +--- + +1. **Homepage labels**: All homepage labels are present in the configuration. + - Greenfin, Whisparr + +2. **Uptime Kuma labels**: + - **FAIL**: Uptime Kuma is not defined in the provided YAML file. + +3. **Caddy labels on exposed services**: + - **FAIL**: No Caddy labels are present in the configuration. + +4. **Placement constraints**: + - **PASS**: All placement constraints specify `node.hostname == docker1`. + +5. **Volumes use /DockerVol/ path convention**: + - **PASS**: Volumes follow the `/DockerVol/` naming convention. + - Whisparr: `/DockerVol/Whisparr:/config` + - Greenfin (commented out): `/DockerVol/greenfin/config:/config` + +6. **Network references external netgrimoire overlay**: + - **PASS**: The network `netgrimoire` is referenced as an external network. + +**VERDICT: FAIL** + +The configuration lacks essential labels for Uptime Kuma and Caddy, which are critical for monitoring and routing services. Additionally, the Greenfin service is commented out but would still need to adhere to the volume and placement constraints guidelines if uncommented. \ No newline at end of file diff --git a/Netgrimoire/Audits/wiki-2026-04-03.md b/Netgrimoire/Audits/wiki-2026-04-03.md new file mode 100644 index 0000000..10343d4 --- /dev/null +++ b/Netgrimoire/Audits/wiki-2026-04-03.md @@ -0,0 +1,76 @@ +--- +title: Audit - wiki.yaml +description: Gremlin audit report 2026-04-03 +published: true +date: 2026-04-03T03:28:56.635Z +tags: gremlin,audit +editor: markdown +dateCreated: 2026-04-03T03:28:56.635Z +--- + +# Audit Report — wiki.yaml + +**Date:** 2026-04-03 +**File:** swarm/wiki.yaml +**Type:** Docker Swarm +**Verdict:** PASS + +--- + +### SWARM AUDIT CHECKLIST: + +1. **Homepage labels:** + - **PASS**: `wikijs`, `drawio` + - **FAIL**: No homepage labels defined for `wikijs-db`. + - **Fix**: Add the following labels to `wikijs-db`: + ```yaml + labels: + homepage.group: "Database" + homepage.name: "PostgreSQL" + homepage.icon: "postgres.png" + homepage.href: "https://www.postgresql.org" + homepage.description: "Relational Database" + diun.enable: "true" + ``` + +2. **Uptime Kuma labels:** + - **FAIL**: `wikijs`, `drawio` missing Kuma labels. + - **Fix**: Add the following labels to both `wikijs` and `drawio`: + ```yaml + labels: + kuma..http.name: "Wiki.js" + kuma..http.url: "https://wiki.netgrimoire.com" + # Replace with a sequential number if multiple instances are needed. + ``` + +3. **Caddy labels on exposed services:** + - **FAIL**: `drawio` missing Caddy labels for reverse proxy. + - **Fix**: Add the following labels to `drawio`: + ```yaml + labels: + caddy: draw.netgrimoire.com + caddy.reverse_proxy: "{{upstreams 8080}}" + ``` + - **PASS**: Both `wikijs-db`, `wikijs`, and `drawio` have `caddy=` labels. + +4. **Placement constraints:** + - **FAIL**: No placement constraints for `drawio`. + - **Fix**: Add the following constraints to `drawio`: + ```yaml + deploy: + mode: replicated + replicas: 1 + placement: + constraints: + - node.hostname == dockerpi1 + - node.labels.cpu == arm + ``` + +5. **Volumes use /DockerVol/ path convention:** + - **PASS**: All services follow this convention. + +6. **Network references external netgrimoire overlay:** + - **PASS**: Both `wikijs-db`, `wikijs`, and `drawio` reference the external network `netgrimoire`. + +### VERDICT: +FAIL \ No newline at end of file diff --git a/Netgrimoire/Conventions/Doc-Standards.md b/Netgrimoire/Conventions/Doc-Standards.md new file mode 100644 index 0000000..eea2385 --- /dev/null +++ b/Netgrimoire/Conventions/Doc-Standards.md @@ -0,0 +1,276 @@ +--- +title: Netgrimoire Documentation +description: How to create and use Netgrimoire Docs +published: true +date: 2026-02-20T04:16:19.329Z +tags: +editor: markdown +dateCreated: 2026-02-03T02:54:56.444Z +--- + +# Homelab Documentation Structure & Diagram Standards + +This document describes the **official documentation structure** for the homelab Wiki.js instance, including: +- Folder and page layout +- Naming conventions +- How Git fits into the workflow +- How to use draw.io (diagrams.net) for diagrams +- How to ensure documentation is accessible when the lab is down + +This page is intended to be a **reference and enforcement guide**. + +--- + +## Core Principles + +1. **Wiki.js is the editor, Git is the source of truth** +2. **All documentation must be readable without Wiki.js** +3. **Diagrams must be viewable without draw.io** +4. **Folder structure must be predictable and consistent** +5. **Emergency documentation must not depend on the lab being up** + +--- + +## Repository Overview + +All documentation lives in a single Git repository. + +Wiki.js writes Markdown files into this repository automatically. +The repository can be cloned to a laptop or other device for **offline access**. + +Example: +```bash +git clone ssh://git@forgejo.example.com/homelab/docs.git +``` + +--- + +## Top-Level Folder Structure +``` +homelab-docs/ +├── README.md +├── emergency/ +├── infrastructure/ +├── storage/ +├── services/ +├── runbooks/ +├── diagrams/ +└── assets/ +``` + +### Folder Purpose + +| Folder | Purpose | +|--------|---------| +| README.md | Entry point when the lab is down | +| emergency/ | Recovery procedures and break-glass docs | +| infrastructure/ | Core systems (identity, backups, networking) | +| storage/ | Storage platforms and layouts | +| services/ | Application-specific documentation | +| runbooks/ | Step-by-step operational procedures | +| diagrams/ | All draw.io diagrams and exports | +| assets/ | Images or files used by documentation | + +--- + +## Storage Documentation Structure +``` +storage/ +└── core/ + ├── zfs.md + ├── local-drives.md + ├── nas.md + └── btrfs.md +``` + +**Guidelines:** +- Each storage technology gets its own page +- Pages describe architecture, layout, and operational notes +- Backup and snapshot policies belong elsewhere + +--- + +## Infrastructure Documentation Structure +``` +infrastructure/ +└── backups/ + ├── zfs-snapshots.md + └── application-backups.md +``` + +**Guidelines:** +- Infrastructure describes cross-cutting systems +- Anything used by multiple hosts or services belongs here +- Backup strategies are infrastructure, not storage + +--- + +## Services Documentation Structure +``` +services/ +└── mailcow.md +``` + +**Guidelines:** +- One page per service +- Page should include: + - Purpose + - Architecture + - Volumes + - Backup considerations + - Recovery notes + +--- + +## Emergency Documentation +``` +emergency/ +├── bring-up-order.md +├── swarm-recovery.md +├── zfs-import.md +├── network-restore.md +└── identity-break-glass.md +``` + +**Rules:** + +Emergency docs must be: +- Text-first +- Copy/paste friendly +- Free of dependencies + +These pages should be readable directly from Git. + +--- + +## Naming Conventions (Mandatory) + +**Folders:** +- Lowercase +- No spaces +- Example: `infrastructure/backups` + +**Page filenames:** +- Lowercase +- Hyphen-separated +- Example: `zfs-snapshots.md` + +**Page titles:** +- Human readable +- Proper case +- Example: `# ZFS Snapshots` + +--- + +## draw.io (diagrams.net) Usage + +draw.io is used **only to create diagrams**, never as the sole storage location. + +### Diagram Storage Layout +``` +diagrams/ +├── network/ +│ ├── core.drawio +│ ├── core.png +│ └── core.svg +├── docker/ +│ ├── swarm-architecture.drawio +│ └── swarm-architecture.png +└── storage/ + ├── zfs-layout.drawio + └── zfs-layout.png +``` + +### File Types + +| File | Purpose | +|------|---------| +| .drawio | Editable source | +| .png | Offline viewing | +| .svg | Zoomable / high quality (optional) | + +**Every diagram MUST have a PNG export.** + +--- + +## Adding a Diagram (Required Workflow) + +1. Create or edit the diagram in draw.io +2. Save the `.drawio` file into `diagrams//` +3. Export a `.png` (and optional `.svg`) +4. Commit all files to Git + +If a diagram cannot be viewed without draw.io running, it is **not complete**. + +--- + +## Embedding Diagrams in Wiki.js Pages + +Always embed PNG or SVG, never live editors. + +Example: +```markdown +![Core Network Diagram](../../diagrams/network/core.png) + +_Source file: core.drawio_ +``` + +This ensures: +- Fast rendering +- Offline viewing +- No service dependency + +--- + +## Git Workflow Expectations + +**Authoring:** +- All pages are created and edited in Wiki.js +- Wiki.js commits changes automatically + +**Offline Access:** +- Documentation is read directly from the Git clone +- Markdown and images must be sufficient without Wiki.js + +**What Not To Do:** +- Do not create wiki pages directly in Git +- Do not rename paths outside Wiki.js +- Do not store diagrams only inside draw.io + +--- + +## Lab-Down Access Model + +When the lab is unavailable: + +1. Open the local Git clone +2. Read `README.md` +3. Navigate to `emergency/` +4. View diagrams via `.png` files +5. Execute recovery steps + +**No services are required.** + +--- + +## README.md (Recommended Content) + +The root `README.md` should contain: +- Purpose of the documentation +- Where to start during an outage +- Link list to emergency procedures +- High-level architecture notes + +--- + +## Final Notes + +This structure is designed to: +- Scale cleanly +- Survive outages +- Remain readable for years +- Support automation and GitOps workflows + +**If documentation cannot be read when the lab is down, it is incomplete.** + +This structure makes that impossible. \ No newline at end of file diff --git a/Netgrimoire/Conventions/Service-Doc-Template.md b/Netgrimoire/Conventions/Service-Doc-Template.md new file mode 100644 index 0000000..4a2a29c --- /dev/null +++ b/Netgrimoire/Conventions/Service-Doc-Template.md @@ -0,0 +1,122 @@ +--- +title: Service Documentation Template +description: Describe the service +published: true +date: 2026-04-10T13:23:01.021Z +tags: +editor: markdown +dateCreated: 2026-02-03T02:57:07.462Z +--- + +# Service Documentation Template - 1 + +Use this template for **every new service** documented under `services/`. + +Copy this file, rename it, and fill in all sections. + +--- + +# Service Name + +## Overview + +Brief description of what this service does and why it exists. + +--- + +## Architecture + +Describe how the service is deployed. + +Include: +- Host(s) +- Containers +- External dependencies +- Network exposure + +--- + +## Volumes & Data + +List all persistent data locations. +``` +/path/on/host → purpose +``` + +Include: +- What data is stored +- Whether it is critical +- Where backups occur + +--- + +## Configuration + +Document: +- Environment variables (non-secret) +- Configuration files +- Important defaults + +**Secrets must not be stored here.** Reference where they live instead. + +--- + +## Authentication & Access + +Describe: +- Authentication method +- Local access +- Break-glass access (if applicable) + +--- + +## Backups + +Explain: +- What is backed up +- How often +- Using what tool +- Where backups are stored + +Link to infrastructure backup docs if applicable. + +--- + +## Restore Procedure + +Step-by-step recovery instructions. +```bash +# example commands +``` + +This section must be usable when the service is broken. + +--- + +## Monitoring & Health + +Describe: +- How service health is checked +- Logs of interest +- Alerting (if any) + +--- + +## Common Failures + +List known failure modes and fixes. + +--- + +## Diagrams + +Embed architecture diagrams here. +```markdown +![Service Architecture](../diagrams//.png) +``` + +--- + +## Notes + +Anything that does not fit elsewhere. \ No newline at end of file diff --git a/Netgrimoire/Conventions/Theme.md b/Netgrimoire/Conventions/Theme.md new file mode 100644 index 0000000..cc1c185 --- /dev/null +++ b/Netgrimoire/Conventions/Theme.md @@ -0,0 +1,174 @@ +--- +title: Documentation Style Guide +description: Applying a theme +published: true +date: 2026-02-25T21:32:16.786Z +tags: +editor: markdown +dateCreated: 2026-02-24T14:03:00.791Z +--- + +# Netgrimoire Theme — Wiki.js Implementation Guide + +## What You're Getting + +Two files to transform your Wiki.js library into the Netgrimoire aesthetic: + +| File | Purpose | +|------|---------| +| `netgrimoire-theme.css` | Global site theme — dark background, teal glow, Cinzel headers, animated sidebar | +| `netgrimoire-hero-block.html` | Animated constellation hero banner for your library landing page | + +--- + +## Part 1 — Apply the Global Theme CSS + +This is the main transformation. It reskins the entire Wiki.js UI. + +### Step 1: Open the Wiki.js Admin Panel + +Navigate to your Wiki.js instance and go to: + +``` +Administration (gear icon) → Theme +``` + +### Step 2: Locate "Custom CSS" + +On the Theme page, scroll down until you see the **"Custom CSS"** text area. It may be labelled "CSS Override" depending on your Wiki.js version. + +### Step 3: Paste the CSS + +Open `netgrimoire-theme.css`, select all (`Ctrl+A`), copy, and paste the entire contents into the Custom CSS field. + +### Step 4: Apply + +Click **"Apply"** or **"Save"** at the top or bottom of the Theme page. Wiki.js applies the CSS live — you do not need to restart the container. + +### Step 5: Verify + +Open your wiki in a new browser tab. You should see: + +- Dark `#0a0d12` background +- Teal/cyan navigation links and headers +- Cinzel serif font on headings +- Glowing active sidebar item +- Teal-bordered code blocks and tables + +**If styles are not applying**, do a hard refresh (`Ctrl+Shift+R`) to clear cached CSS. + +--- + +## Part 2 — Add the Animated Hero Banner to Your Library Page + +This places a live constellation animation at the top of your document library index page. + +### Step 1: Open the Library Page for Editing + +Navigate to your document library landing page and click **Edit** (pencil icon, top right). + +### Step 2: Switch to Source / HTML Mode + +In the Wiki.js editor toolbar, look for one of the following depending on your editor: + +- **Markdown editor**: Click the `<>` or "Insert HTML Block" button +- **Visual editor (WYSIWYG)**: Look for `< >` Source button, or Insert → HTML Block + +### Step 3: Paste the Hero HTML + +Open `netgrimoire-hero-block.html`, copy the full contents, and paste into the HTML block at the very top of your page, before any other content. + +### Step 4: Save the Page + +Click **Save**. The constellation animation will render automatically when the page loads. + +### Step 5: Customize (Optional) + +To change the banner title text, find this line in the HTML: + +```html +>DOCUMENT LIBRARY +``` + +Replace `DOCUMENT LIBRARY` with whatever you want (e.g., `THE GRIMOIRE`, `KNOWLEDGE VAULT`). + +To change the subtitle: + +```html +>Netgrimoire Knowledge Vault +``` + +--- + +## Part 3 — Google Fonts (Internet Access Required) + +The theme imports three fonts automatically via Google Fonts: + +| Font | Used For | +|------|---------| +| Cinzel | Headers, nav section labels, card titles | +| Share Tech Mono | Code blocks, inline code, footer | +| Raleway | Body text, nav items, descriptions | + +These load via a `@import` at the top of the CSS and require your browser to have internet access when loading the page. Since Netgrimoire is a local server, this means: + +- **If your browser machine has internet**: Fonts load automatically — no action needed. +- **If fully air-gapped**: The fonts will fall back to system serif/monospace. To self-host, download the font files and serve them from your Forgejo or a local nginx path, then replace the `@import` line with `@font-face` blocks pointing to your local URLs. + +--- + +## Part 4 — Fine-Tuning + +### Adjusting the Teal Color + +All colors are defined as CSS variables at the top of the CSS file. To shift the color tone, change `--ng-teal`: + +```css +:root { + --ng-teal: #00e5cc; /* default — cyan-teal */ + /* try: #00cfff for more blue */ + /* try: #39ff14 for neon green */ + /* try: #bf5fff for purple arcane */ +} +``` + +### Making the Background Darker + +Adjust `--ng-bg-base` and `--ng-bg-deep`: + +```css +:root { + --ng-bg-base: #070a0e; /* even darker */ + --ng-bg-deep: #030507; +} +``` + +### Constellation Node Count + +In `netgrimoire-hero-block.html`, find: + +```javascript +var NODE_COUNT = 55; +``` + +Increase for a denser network, decrease for a sparser, more minimal look. + +--- + +## Troubleshooting + +| Symptom | Fix | +|---------|-----| +| CSS not applying | Hard refresh (`Ctrl+Shift+R`); check for syntax errors in the CSS field | +| Fonts showing as Times New Roman | Browser lacks internet access; see Part 3 above | +| Hero animation not rendering | Check browser console for JS errors; ensure the page saved the HTML block | +| Sidebar colors still white | Some Wiki.js versions use different class names; inspect with browser DevTools and let Claude know which element needs targeting | +| Dark mode toggle fighting the theme | Wiki.js's built-in dark mode toggle may conflict — set it to Dark in Administration → Theme before applying custom CSS | + +--- + +## Notes + +- Wiki.js stores custom CSS in the database, so it survives container restarts. +- After updating Wiki.js, re-check the Theme page — major version upgrades occasionally reset the CSS field. +- The hero block is per-page; you can add it to any page you want the constellation effect on. diff --git a/Netgrimoire/Overview.md b/Netgrimoire/Overview.md new file mode 100644 index 0000000..7c7bac8 --- /dev/null +++ b/Netgrimoire/Overview.md @@ -0,0 +1,63 @@ +--- +title: Netgrimoire +description: Core homelab overview — the spine of the grimoire ecosystem +published: true +date: 2026-04-12T00:00:00.000Z +tags: netgrimoire +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Netgrimoire + +![netgrimoire-badge](/images/netgrimoire-badge.png) + +Netgrimoire is the primary self-hosted homelab infrastructure running on `znas` and a cluster of worker nodes under Docker Swarm. It is the foundation every other grimoire depends on. + +This section is intentionally high-level — the spine. Detailed technical content lives in the specialized grimoires. + +--- + +## Infrastructure at a Glance + +| Host | Role | IP | Runtime | +|------|------|----|---------| +| znas | NAS + Primary Swarm manager | 192.168.5.10 | Docker Swarm manager + Compose | +| docker2 | VPN gateway | — | Docker Compose | +| docker3 | LibreNMS host | — | Docker Compose | +| docker4 (hermes) | Mail + AI worker | 192.168.5.16 | Docker Compose + Swarm worker | +| docker5 | Media host | 192.168.5.18 | Docker Compose | +| Pi nodes | Swarm workers + vault nodes | various | Docker Swarm workers | + +--- + +## The Grimoires + +| Grimoire | What Lives There | +|----------|-----------------| +| [Keystone Grimoire](/Keystone-Grimoire/Overview) | Architecture, network topology, Caddy, Docker template, DNS, mail infrastructure | +| [Vault Grimoire](/Vault-Grimoire/Overview) | ZFS storage, Kopia backups, NFS exports, offsite replication | +| [Ward Grimoire](/Ward-Grimoire/Overview) | OPNsense, CrowdSec, Authentik, Authelia, LLDAP, WireGuard, blocklists | +| [Watch Grimoire](/Watch-Grimoire/Overview) | Uptime Kuma, Beszel, LibreNMS, Grafana, Graylog, ntfy, DIUN | +| [Gremlin Grimoire](/Gremlin-Grimoire/Overview) | Ollama, Open WebUI, Qdrant, n8n, AI workflows | +| [Shadow Grimoire](/Shadow-Grimoire/Overview) | Usenet, torrents, arr stack, indexers, media acquisition | +| [Green Grimoire](/Green-Grimoire/Overview) | Adult media: Stash, Jellyfinx, Namer, Whisparr | +| [Pocket Grimoire](/Pocket-Grimoire/Overview) | Portable laptop lab, offline-first, travel vault node | + +--- + +## Key Domains + +`netgrimoire.com` · `pncharris.com` · `wasted-bandwidth.net` · `nucking-futz.com` · `florosafd.org` · `gnarlypandaproductions.com` · `pncfishandmore.com` · `pncharrisenterprises.com` + +--- + +## Quick Links + +| | | +|---|---| +| 📋 [Service Catalog](/Netgrimoire/Service-Catalog) | Full service inventory with status and grimoire assignment | +| 📖 [Documentation Standards](/Netgrimoire/Conventions/Doc-Standards) | How docs are structured, named, and maintained | +| 📄 [Service Doc Template](/Netgrimoire/Conventions/Service-Doc-Template) | Template for writing new service docs | +| 🎨 [Wiki Theme](/Netgrimoire/Conventions/Theme) | CSS customization and branding | +| 🔍 [Audit Reports](/Netgrimoire/Audits/README) | Gremlin-generated weekly YAML audits | diff --git a/Netgrimoire/Service-Catalog.md b/Netgrimoire/Service-Catalog.md new file mode 100644 index 0000000..80eea7d --- /dev/null +++ b/Netgrimoire/Service-Catalog.md @@ -0,0 +1,356 @@ +--- +title: Netgrimoire Service Catalog +description: Full service inventory — all grimoires, status, host, URL +published: true +date: 2026-04-12T00:00:00.000Z +tags: +editor: markdown +dateCreated: 2026-03-29T16:05:26.168Z +--- + +# Netgrimoire Service Catalog + +> **Living document** — tracks all deployed, configured, and planned services across the Netgrimoire homelab. +> Source of truth: Forgejo repo — `compose/` = Docker Compose per host | `swarm/` = Docker Swarm | `archive/` = not running +> +> Status: ✅ Deployed & Configured | 🔧 Deployed, Needs Config | 📋 Planned | 🔍 Evaluating | ❌ Abandoned/Archived + +--- + +## 🏗️ Infrastructure Overview + +| Host | Role | IP | Runtime | +|------|------|----|---------| +| znas | NAS / Primary Swarm node | 192.168.5.10 | Docker Compose + Swarm manager | +| docker2 | VPN gateway host | — | Docker Compose | +| docker3 | LibreNMS host | — | Docker Compose | +| docker4 (hermes) | Mail server host | 192.168.5.16 | Docker Compose | +| docker5 | Media host | 192.168.5.18 | Docker Compose | +| Pi4s / NUCs | Swarm worker nodes | various | Docker Swarm workers | + +--- + +## 📡 Network & Reverse Proxy + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | OPNsense | Firewall appliance | — | Firewall / Dual-WAN / NAT | ATT igc1 primary; 5 static IPs allocated; legacy WAN retiring | +| 🔧 | Caddy (new) | znas / Swarm | — | Reverse proxy — CrowdSec edition | `serfriz/caddy-crowdsec-geoip-ratelimit-security-dockerproxy`; migration in progress; `caddy.yaml` | +| ✅ | Caddy (legacy) | znas / Swarm | — | Reverse proxy | `lucaslorentz/caddy-docker-proxy`; `caddy-1.yaml` | +| ✅ | Authentik | znas / Swarm | — | SSO / IdP | Protects `*.netgrimoire.com` services | +| ✅ | Authelia | znas / Swarm | — | SSO / IdP | Protects `*.wasted-bandwidth.net` services | +| ✅ | WireGuard | OPNsense | — | VPN | Peers: Obie (.2), pncfishandmore (.3), GLNet (.4/.6), PortaPotty (.5) — 192.168.32.0/24 | +| ✅ | OpenVPN | OPNsense | — | VPN | Configured alongside WireGuard | +| ✅ | Gluetun | docker2 / Compose | — | VPN gateway container | PIA VPN; Jackett + Transmission share `network_mode: container:gluetun` | +| ✅ | Internal DNS | 192.168.5.7 | dns.netgrimoire.com | Internal name resolution | Technitium DNS; behind Authentik | +| ✅ | LLDAP | znas / Swarm | ldap.netgrimoire.com | Lightweight LDAP directory | `lldap/lldap:stable` + postgres; user management backend | +| 📋 | dnscrypt-proxy | TBD | — | Encrypted upstream DNS | Pending install | +| 📋 | Suricata | OPNsense | — | IDS/IPS | Pending config | +| 📋 | Zenarmor | OPNsense | — | Deep packet inspection (free tier) | Pending install | +| 📋 | os-git-backup | OPNsense | — | OPNsense config backup to git | Pending install | + +--- + +## 🔒 Security + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | CrowdSec | OPNsense + Swarm | — | Threat intelligence / IP blocking | OPNsense bouncer active; Caddy bouncer in progress | +| ✅ | Vaultwarden | znas / Swarm | pass.netgrimoire.com | Password manager | `vaultwarden/server` | +| 🔧 | CrowdSec Caddy Bouncer | znas / Swarm | — | HTTP-level blocking | Gradual rollout via `caddy.import=crowdsec` label per service | +| 🔧 | OPNsense Spamhaus + GeoIP | OPNsense | — | IP blocklist / geo-blocking | Currently DISABLED — needs fixing | +| 📋 | YubiKey PIV (SSH) | All hosts | — | Smartcard SSH authentication | Highest-impact pending integration | +| 📋 | YubiKey Challenge-Response | znas | — | LUKS / Kopia key derivation | Planned | + +--- + +## 📧 Email + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | MailCow | docker4 / Compose | mail.netgrimoire.com + all domains | Self-hosted mail server | hermes.netgrimoire.com; MXRoute inbound filter + outbound relay for all 8 domains | +| ✅ | Roundcube | docker4 / Swarm | — | Webmail | SSL peer verify disabled for internal dovecot; SRS catch-all aliases configured | +| ✅ | MXRoute | External | — | Inbound filter + outbound relay | Two DKIM selectors: `mailcow` + `mxroute` | +| 📋 | Dedicated ATT_Mail IP | OPNsense | — | Separate static IP for mail traffic | Assignment still pending | + +**Domains:** netgrimoire.com · pncharris.com · nucking-futz.com · wasted-bandwidth.net · florosafd.org · gnarlypandaproductions.com · pncfishandmore.com · pncharrisenterprises.com + +--- + +## 🎬 Media — Video + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Jellyfin | docker5 / Compose | — | Media server | Port 8096; VAAPI via `/dev/dri`; dedicated static IP 107.133.34.147 | +| ✅ | Jellyfinx | docker5 / Compose | — | Green Door media server | Port 7096; separate instance; Green + AfterDark library mounts | +| ✅ | Sonarr | znas / Swarm | — | TV show downloader | `linuxserver/sonarr` | +| ✅ | Radarr | znas / Swarm | — | Movie downloader | `linuxserver/radarr` | +| ✅ | Bazarr | znas / Swarm | bazarr.netgrimoire.com | Subtitle management | `linuxserver/bazarr` | +| ✅ | Tunarr | znas / Swarm | — | IPTV channel creation | `chrisbenincasa/tunarr`; ErsatzTV replacement (ErsatzTV archived Feb 2026) | +| ✅ | JellySeerr | znas / Swarm | requests.netgrimoire.com | Media request management | `fallenbagel/jellyseerr` | +| ✅ | JellyStat | znas / Swarm | — | Jellyfin usage statistics | `cyfershepard/jellystat` + postgres | +| ✅ | TinyMediaManager | znas / Swarm | tmm.netgrimoire.com | Media metadata manager | `tinymediamanager/tinymediamanager` | +| ✅ | Pinchflat | znas / Swarm | pinchflat.netgrimoire.com | YouTube channel downloader | `kieraneglin/pinchflat` | +| 📋 | MeTube | TBD | — | YouTube downloader | Needed for Tunarr period-accurate filler sourcing workflow | +| 🔍 | Wizarr | TBD | — | Jellyfin user onboarding | Evaluating | + +--- + +## 🎵 Media — Audio + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Lidarr | znas / Swarm | — | Music downloader | (Caddy label not found in yaml — likely static Caddyfile entry) | +| ✅ | Beets | znas / Swarm | beets.netgrimoire.com | Music library tagging | `linuxserver/beets` | +| 🔍 | Navidrome | TBD | — | Music streaming server | Lightweight Subsonic-compatible | +| 🔍 | Soularr | TBD | — | Soulseek integration for Lidarr | Strongly recommended; fills gaps Usenet/torrents miss | +| 🔍 | Tubifarry | TBD | — | Spotify playlists → YouTube → Lidarr | https://github.com/TypNull/Tubifarry | + +--- + +## 📚 Media — Books & Comics + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Calibre | znas / Compose | calibre.netgrimoire.com | Ebook library management | `linuxserver/calibre`; port 7070; behind Authentik; requires `seccomp=unconfined` (Compose-only) | +| ✅ | Calibre-Web Automated | znas / Swarm | books.netgrimoire.com · books.pncharris.com | Web UI + auto-import | `crocodilestick/calibre-web-automated`; dual-domain Caddy label | +| ✅ | Calibre-Web (library) | znas / Swarm | — | Secondary Calibre-Web instance | `linuxserver/calibre-web`; hostname `calibre-netgrimoire`; `library.yaml` | +| ✅ | Readarr | znas / Swarm | — | Book downloader | Using `blampe/rreading-glasses` image | +| 📋 | Mylar | znas / Swarm | — | Comic book downloader | Not currently running; needs setup soon. Reference `archive/arr.yaml` for old config | +| ✅ | Kavita | znas / Swarm | kavita.netgrimoire.com | Ebook/comic reader | `jvmilazz0/kavita` | +| ✅ | Comixed | znas / Swarm | comics.netgrimoire.com | Comic library server | `comixed/comixed` | +| ✅ | FreshRSS | znas / Swarm | rss.netgrimoire.com | RSS aggregator | `linuxserver/freshrss` | +| 🔍 | Komga | TBD | — | Comic/manga server | Evaluating vs Kavita/Comixed | +| 🔍 | MyAnonaMouse | TBD | — | Private ebook tracker | Worth investigating | + +--- + +## 📥 Download Stack + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | NZBGet | znas / Swarm | — | Usenet download manager | `linuxserver/nzbget` | +| ✅ | SABnzbd | znas / Swarm | — | Usenet download manager | `linuxserver/sabnzbd` | +| ✅ | NZBHydra | znas / Swarm | hydra.netgrimoire.com | Usenet indexer aggregator | `linuxserver/nzbhydra2:dev`; altHUB, NZBGeek, Drunken Slug, Usenet Crawler, DogNZB | +| ✅ | Jackett | docker2 / Compose | jackett.netgrimoire.com | Torrent indexer | Runs inside Gluetun network; behind Authentik | +| ✅ | Transmission | docker2 / Compose | — | Torrent client | `network_mode: container:gluetun`; shares Gluetun VPN | +| ✅ | Recyclarr | znas / Swarm | — | Sonarr/Radarr quality profile sync | `recyclarr/recyclarr` | +| ✅ | Profilarr | znas / Swarm | profilarr.netgrimoire.com | Quality profile management | `santiagosayshey/profilarr` | +| ✅ | Configarr | znas / Swarm | configarr.netgrimoire.com | Arr config management | `raydak-labs/configarr` | +| 📋 | Prowlarr | TBD | — | Unified indexer manager | Low priority — light torrent usage; NZBHydra covers current needs | + +--- + +## 🤖 AI & Automation (Gremlin Stack) + +> All pinned to `znas` node on Docker Swarm via `swarm/ollama.yaml`. + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Ollama | znas / Swarm | — | Local LLM inference | CPU-only (Ryzen); 3B–14B models | +| ✅ | Open WebUI | znas / Swarm | — | Chat interface for Ollama | `ghcr.io/open-webui/open-webui` | +| ✅ | Qdrant | znas / Swarm | — | Vector database for RAG | Wiki.js / markdown doc search | +| ✅ | n8n | znas / Swarm | — | Workflow automation | Forgejo webhook → doc gen, compose validation, alert triage | +| 🔍 | Perplexica | TBD | — | Self-hosted AI search | https://github.com/ItzCrazyKns/Perplexica | + +--- + +## ☁️ Files, Notes & Personal Apps + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Nextcloud AIO | znas / Compose | cloud.netgrimoire.com | File sync / cloud storage | `nextcloud/all-in-one`; data at `/srv/NextCloud-AIO`; Caddy → port 11000 | +| ✅ | Immich | znas / Compose | immich.netgrimoire.com | Photo management | Port 2283; Postgres dump + Kopia backup; external photo + Nextcloud mounts | +| ✅ | Joplin Server | znas / Swarm | joplin.netgrimoire.com | Note sync server | `joplin/server` + postgres; Homepage widget configured | +| ✅ | Vikunja | znas / Swarm | task.netgrimoire.com | Task management | `vikunja/vikunja` + MariaDB | +| ✅ | Linkding | znas / Swarm | link.netgrimoire.com | Bookmark manager | `sissbruecker/linkding:1.13.0` | +| ✅ | Mealie | znas / Swarm | recipe.netgrimoire.com | Recipe manager | `ghcr.io/mealie-recipes/mealie` | +| ✅ | Wallos | znas / Swarm | expense.netgrimoire.com | Subscription / expense tracker | `bellamy/wallos` | +| ✅ | DailyTxT | znas / Swarm | — | Encrypted diary | `phitux/dailytxt:2.x.x` | +| ✅ | Bigcapital | docker5 / Compose | accounts.netgrimoire.com | Accounting / invoicing | Static Caddyfile entry; `{{upstreams}}` doesn't work for Compose stacks | +| ✅ | Scanopy | znas / Swarm | scn.netgrimoire.com | Document scanner | `ghcr.io/scanopy/scanopy` (server + daemon) + postgres | +| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | +| 📋 | Memos | TBD | — | Self-hosted journaling | Preferred journal addition (alongside Joplin for notes) | +| 🔍 | Wallabag | TBD | — | Read-it-later / article saving | | +| 🔍 | Fluid Calendar | TBD | — | Self-hosted calendar | https://github.com/dotnetfactory/fluid-calendar | +| 🔍 | Firefly III | TBD | — | Personal finance / budgeting | | +| 🔍 | Stirling-PDF | TBD | — | PDF editor / tools | | +| 🔍 | Excalidraw | TBD | — | Collaborative whiteboard | | +| 🔍 | Baikal | TBD | — | CalDAV / CardDAV sync | https://sabre.io/baikal/ | + +--- + +## 📝 Documentation & Dev + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Wiki.js | znas / Swarm | wiki.netgrimoire.com | Documentation wiki | `requarks/wiki:2` + postgres; Grimoire theme; Forgejo git backend | +| ✅ | Draw.io | znas / Swarm | draw.netgrimoire.com | Diagramming | `jgraph/drawio`; co-deployed in `wiki.yaml` | +| ✅ | Forgejo | znas / Swarm | git.netgrimoire.com | Self-hosted Git | `codeberg.org/forgejo/forgejo:11`; source of truth for Wiki.js + Gremlin | +| ✅ | Forgejo Runner | znas / Swarm | — | CI/CD | `data.forgejo.org/forgejo/runner:4.0.0`; `gitrunner.yaml` | +| ✅ | VS Code Server | znas / Swarm | code.netgrimoire.com | Web-based IDE | `linuxserver/code-server` | +| ✅ | Webtop (ubuntu-kde) | znas / Compose | webtop.netgrimoire.com | Browser-based desktop | Software rendering via llvmpipe; behind Authentik | +| ✅ | Firefox (container) | znas / Swarm | firefox.netgrimoire.com | Containerized browser | `jlesage/firefox` | + +--- + +## 📊 Monitoring & Observability + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Uptime Kuma | znas / Swarm | — | Service uptime monitoring | `louislam/uptime-kuma:1` | +| ✅ | AutoKuma | znas / Swarm | — | Auto-create Kuma monitors from labels | `ghcr.io/bigboot/autokuma`; co-deployed in `kuma.yaml` | +| ✅ | Beszel | znas / Swarm | — | Docker resource monitoring | `henrygd/beszel` hub + agents on all nodes | +| ✅ | DIUN | znas / Swarm | — | Docker image update notifications | `crazymax/diun`; label-based per-service | +| ✅ | ntfy | znas / Swarm | ntfy.netgrimoire.com | Push notifications | `binwiederhier/ntfy`; OPNsense alerts via CrowdSec HTTP plugin | +| ✅ | Dozzle | znas / Swarm | dozzle.netgrimoire.com | Real-time container logs | `amir20/dozzle`; behind Authentik | +| ✅ | Scrutiny | znas / Compose | scrutiny.netgrimoire.com | Disk S.M.A.R.T. monitoring | `analogj/scrutiny:master-omnibus`; monitors /dev/sda–sdg; behind Authentik | +| ✅ | Glances | znas / Compose | — | Real-time system stats | `nicolargo/glances`; `network_mode: host`; co-deployed in `monitor.yaml` | +| ✅ | Graylog | docker4 / Compose | log.netgrimoire.com | Log aggregation | Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch); compose-only (noted in file) | +| ✅ | LibreNMS | docker3 / Compose | nms.netgrimoire.com | Network/SNMP monitoring | Full stack: librenms + dispatcher + syslog-ng + snmptrapd + MariaDB + Redis; port 8000 | +| ✅ | Homelable | znas / Compose | — | Infrastructure visualizer | Frontend + Backend via GHCR; MCP deferred (requires build from source) | +| ✅ | phpIPAM | znas / Swarm | ipam.netgrimoire.com | IP address management | `phpipam/phpipam-www` + cron + MariaDB | +| ✅ | Homepage | znas / Swarm | — | Primary dashboard | `ghcr.io/gethomepage/homepage` | +| ✅ | Glance | znas / Swarm | home.netgrimoire.com | Alternative dashboard | `glanceapp/glance` | +| ✅ | Dockpeek | znas / Swarm | dockpeek.netgrimoire.com | Container inspector | `dockpeek/dockpeek` | +| ✅ | Loki + Promtail + Grafana | znas / Swarm | — | Metrics/log stack | `logging.yaml`; Grafana 10.4.2 + Loki 2.9.3 + Promtail 2.9.3 | +| ✅ | phpMyAdmin + phpPgAdmin | znas / Swarm | — | DB admin UIs | `SQL-mgmt.yaml` | +| ✅ | pgAdmin | znas / Swarm | — | Postgres admin | `dpage/pgadmin4`; `database.yaml` | +| 🔍 | WatchYourLAN | TBD | — | Network device tracker | https://github.com/aceberg/WatchYourLAN | +| 🔍 | NUT UPS | TBD | — | UPS power management | https://hub.docker.com/r/instantlinux/nut-upsd | +| 🔍 | OliveTin | TBD | — | Web button → shell command | Run commands from web UI | +| 🔍 | Swarm Dashboard | TBD | — | Docker Swarm visualizer | https://github.com/mohsenasm/swarm-dashboard | + +--- + +## 💾 Storage & Backup + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | OpenZFS (ZNAS) | znas | — | Primary storage | ~94TB raw, two RAIDZ1 VDEVs; vault pool | +| ✅ | NFSv4 | znas | — | Shared storage for Swarm | Loopback NFS at `/data/nfs/znas`; ZFS must fully mount before NFS starts | +| ✅ | Kopia (primary vault) | znas / Swarm | kopia.netgrimoire.com | Primary backup repo | `kopia.yaml`; dedup + replication | +| ✅ | Kopia (offsite vault) | znas / Swarm | vault.netgrimoire.com | Offsite replication server | `vault.yaml`; port 51516; separate dataset → ZFS raw send to Pi vaults | +| ✅ | syncoid | znas | — | ZFS replication | Syncs vault/Green/Pocket → Pocket Grimoire | +| ✅ | Nextcloud AIO BorgBackup | znas | — | Nextcloud-native backup | Local snapshots before Kopia | +| ✅ | Czkawka | znas / Swarm | dupes.netgrimoire.com | Duplicate file finder | `jlesage/czkawka` | +| ✅ | Cloud Commander | znas / Swarm | — | Web file manager | `coderaiser/cloudcmd`; **two instances** (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional | +| ✅ | File Browser | znas / Swarm | — | Web file manager | `filebrowser/filebrowser` | +| 🔍 | Manyfold | TBD | — | 3D print model collector | https://github.com/manyfold3d/manyfold | + +--- + +## 🖥️ Management & Remote Access + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Portainer | znas / Swarm | docker.netgrimoire.com | Container management UI | `portainer/portainer-ce:2.33.6` + agents on all nodes | +| ✅ | ISPConfig | 192.168.4.11 | — | Web/DNS hosting control panel | | +| ✅ | Cockpit | All hosts | win.netgrimoire.com | Linux server management | Caddy → `192.168.5.10:8006` | +| ✅ | Termix | znas / Swarm | termix.netgrimoire.com | Web-based terminal | `ghcr.io/lukegus/termix` | +| ✅ | DumbTerm | znas / Swarm | — | Simple web terminal | `dockwareio/dumbterm` | +| ✅ | Windows 7 (VM) | znas / Compose | — | Windows VM | `dockurr/windows`; `windows7.yaml` | +| 🔍 | Guacamole | TBD | — | Remote desktop gateway | Previously tried as `nxterm` — in archive | +| 🔍 | SSHwifty | TBD | — | SSH web client | In archive; reconsidering | + +--- + +## 🎭 Green Door (Adult Content) + +> Protected behind Authelia (`*.wasted-bandwidth.net`) + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Whisparr | znas / Swarm | — | Adult content downloader | `ghcr.io/hotio/whisparr` | +| ✅ | Namer | znas / Compose | namer.wasted-bandwidth.net | Scene file namer | `theporndatabase/namer`; port 6980; data → `/data/nfs/Baxter/Green/` | +| ✅ | Stash (main) | znas / Compose | stash.wasted-bandwidth.net | Adult content library | `stashapp/stash`; port 9999 | +| ✅ | PocketStash | znas / Compose | — | Stash for Pocket Grimoire | Separate instance; port 9998; data → `/export/Green/Pocket/`; `pocketstash.yaml` | + +--- + +## 🌐 Web Hosting + +| Status | App | Host / Runtime | URL | Purpose | Notes | +|--------|-----|----------------|-----|---------|-------| +| ✅ | Apache/PHP web | znas / Swarm | fish.pncharris.com · www.wasted-bandwidth.net | Static/PHP web hosting | `php:8.2-apache`; `web.yaml`; replicas: 1 | + +--- + +## 📦 Archive (Not Currently Running) + +> Files in `archive/` — previously evaluated or deployed, not currently active. + +| App | File | Notes | +|-----|------|-------| +| Plex | `plex.yaml` | Replaced by Jellyfin | +| Komodo | `komodo.yaml` | Container management platform — evaluated, not deployed | +| cAdvisor | `cadvisor.yaml` | Container metrics — not deployed | +| Peekaping | `peekaping.yaml` | Uptime monitor — Kuma preferred | +| WatchState | `WatchState.yaml` | Jellyfin/Plex watch state sync | +| Nessus | `nessus.yaml` | Vulnerability scanner — evaluated | +| NxTerm | `nxterm.yaml` | Guacamole-style remote desktop — evaluated | +| SSHwifty | `sshwifty.yaml` | SSH web client — evaluated | +| Wordpress Classifieds | `wordpress-classifieds.yaml` | Not deployed | +| Cal (calendar?) | `cal.yaml` | Evaluated | +| CrowdSec (standalone) | `crowdsec.yaml` | Merged into Caddy stack | +| Arr stack | `arr.yaml` | Old consolidated arr compose — superseded by individual yamls | +| Caddyfile.old | `Caddyfile.old` | Legacy Caddyfile | + +--- + +## 🗃️ Ideas Backlog + +| App | Category | Notes | +|-----|----------|-------| +| Soularr | Audio | Soulseek for Lidarr; strongly recommended | +| Tubifarry | Audio | Spotify → YouTube → Lidarr | +| MeTube | Video | YouTube downloader for Tunarr filler | +| Memos | Journal | Preferred self-hosted journal pick | +| Wallabag | Reading | Read-it-later | +| Firefly III | Finance | Budgeting | +| Baikal | PIM | CalDAV/CardDAV | +| Fluid Calendar | PIM | https://github.com/dotnetfactory/fluid-calendar | +| Perplexica | AI | Self-hosted AI search | +| WatchYourLAN | Network | Device tracker | +| OliveTin | Automation | Web UI → shell commands | +| Swarm Dashboard | Monitoring | Swarm-aware visualizer | +| ContainerNursery | Automation | On-demand container start/stop | +| NUT UPS | Power | UPS management | +| Wire-pod for Vector | IoT | Anki Vector local server | +| Kindle reuse | IoT | Repurpose Kindle as weather/info display | +| Collectarr | Media | https://github.com/RiffSphere/Collectarr | +| SuggestArr | Media | Automated media recommendations | +| Recommendarr | Media | AI media recommendations | +| Manyfold | 3D Print | Model library | +| OrcaSlicer | 3D Print | Slicer web UI | +| Memos / Journiv | Journal | Self-hosted journaling (Memos preferred) | +| Romm | Gaming | ROM library manager | +| EmulatorJS | Gaming | Browser-based emulation | + +--- + +## 🔑 Key Architecture Decisions & Gotchas + +> Reference these before deploying or modifying services. + +- **MailCow network isolation:** Only `nginx-mailcow` on the `netgrimoire` overlay. All other containers stay on internal bridge. Mixing causes PHP-FPM → Redis DNS conflicts. +- **caddy-docker-proxy + static Caddyfile conflict:** Never manage the same hostname via both Docker labels AND a static block. Pick one method exclusively per service. +- **`{{upstreams}}` is Swarm-only:** Does not work for Docker Compose stacks. Use static Caddyfile with container name or pinned IP. +- **Docker Compose `ports: []` override:** Does not nullify ports from base file. Remap to unused host ports instead. +- **Graylog is Compose-only:** The `graylog.yaml` file explicitly notes this — do not attempt to run it in Swarm. +- **Calibre requires `seccomp=unconfined`:** Necessary for the desktop app container; incompatible with Swarm mode — must remain in `compose/znas/`. +- **Kopia repos not ZFS-separable:** Use separate repositories with independent retention (`kopia.yaml` vs `vault.yaml`) rather than trying to separate at the ZFS snapshot level. +- **ZFS encryption:** In-place encryption impossible. Use rsync migration + `-w` flag for raw send to Pi vaults (no key needed on vault side). +- **SRS rewrite:** All domains using MXRoute inbound forwarding require catch-all aliases in MailCow to prevent `reject_unlisted_sender` rejections. +- **Docker Swarm DNS caching:** Do NOT use `endpoint_mode: dnsrr` — always use default VIP mode. dnsrr breaks internal DNS resolution. +- **NFS boot ordering on znas:** ZFS must fully mount before NFS starts — systemd override required (`After=zfs-import.target zfs-mount.service`). Loopback NFS mount needs `x-systemd.after=nfs-server.service` in fstab. +- **Wiki.js angle brackets:** `` placeholders cause rendering hangs. Use `VALUE` or backtick format instead. +- **bcrypt in `.env`:** Wrap full hash in single quotes to preserve leading `$`. +- **Webtop GPU rendering:** Requires `LIBGL_ALWAYS_SOFTWARE=1` + `GALLIUM_DRIVER=llvmpipe`; remove `devices:/dev/dri` mapping. +- **Cloud Commander duplication:** Two nearly identical `coderaiser/cloudcmd` stacks exist (`cloudcmd.yaml` + `commander.yaml`) — verify if intentional or a duplicate to clean up. +- **Lidarr missing Caddy label:** Lidarr yaml has no caddy label — either routed via static Caddyfile or not yet exposed. Confirm and standardize. +- another potential mapping tool https://github.com/gelatinescreams/The-One-File/tree/main + +--- + +*Last updated: March 2026 | Source: Forgejo repo git archive* \ No newline at end of file diff --git a/Netgrimoire/Services/Media-Services.md b/Netgrimoire/Services/Media-Services.md new file mode 100644 index 0000000..d1652ac --- /dev/null +++ b/Netgrimoire/Services/Media-Services.md @@ -0,0 +1,72 @@ +--- +title: Media Services +description: Jellyfin, Immich, Kavita, Calibre, Pinchflat, Tunarr — media stack overview +published: true +date: 2026-04-12T00:00:00.000Z +tags: netgrimoire, media, jellyfin +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Media Services + +Media services span several grimoires. This page maps what lives where. + +--- + +## Video + +| Service | URL | Host | Grimoire | +|---------|-----|------|---------| +| Jellyfin | docker5:8096 | docker5 / Compose | Netgrimoire | +| Jellyfinx (GreenFin) | docker5:7096 | docker5 / Compose | Green Grimoire | +| JellySeerr | `requests.netgrimoire.com` | znas / Swarm | Shadow Grimoire | +| Tunarr | — | znas / Swarm | Shadow Grimoire | +| JellyStat | — | znas / Swarm | Watch Grimoire | +| TinyMediaManager | `tmm.netgrimoire.com` | znas / Swarm | Shadow Grimoire | +| Pinchflat | `pinchflat.netgrimoire.com` | znas / Swarm | Shadow Grimoire | + +**Jellyfin** runs on docker5 via Compose. VAAPI GPU acceleration via `/dev/dri`. Dedicated static IP 107.133.34.147 for external access. + +--- + +## Books & Comics + +| Service | URL | Host | Grimoire | +|---------|-----|------|---------| +| Calibre | `calibre.netgrimoire.com` | znas / Compose | Netgrimoire | +| Calibre-Web Automated | `books.netgrimoire.com`, `books.pncharris.com` | znas / Swarm | PNC Harris | +| Readarr | — | znas / Swarm | Shadow Grimoire | +| Kavita | `kavita.netgrimoire.com` | znas / Swarm | Netgrimoire | +| Comixed | `comics.netgrimoire.com` | znas / Swarm | Netgrimoire | +| FreshRSS | `rss.netgrimoire.com` | znas / Swarm | Netgrimoire | + +**Calibre** requires `seccomp=unconfined` — runs in Compose, not Swarm. + +--- + +## Music + +| Service | URL | Host | Grimoire | +|---------|-----|------|---------| +| Lidarr | — | znas / Swarm | Shadow Grimoire | +| Beets | `beets.netgrimoire.com` | znas / Swarm | Shadow Grimoire | + +**Lidarr note:** No Caddy label in YAML — likely routed via static Caddyfile. Verify and standardize. + +--- + +## Photos + +| Service | URL | Host | Grimoire | +|---------|-----|------|---------| +| Immich | `immich.netgrimoire.com` | znas / Compose | PNC Harris | + +--- + +## Pending + +- Mylar (comic downloader) — in `archive/arr.yaml`, needs setup +- Navidrome — evaluating (music streaming) +- Soularr — evaluating (Soulseek for Lidarr) +- MeTube — planned (YouTube → Tunarr filler workflow) diff --git a/PNC-Fish/IT/Overview.md b/PNC-Fish/IT/Overview.md new file mode 100644 index 0000000..fae560d --- /dev/null +++ b/PNC-Fish/IT/Overview.md @@ -0,0 +1,28 @@ +--- +title: IT Overview +description: PNC Fish & More IT infrastructure +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncfish, it +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# IT Overview + +## Website + +Hosted on `pncfishandmore.com`. Static/PHP stack via the Netgrimoire `web.yaml` Apache/PHP service. + +## Email + +Handled via MailCow + MXRoute. Domain configured as part of the 8-domain mail setup. +See [MailCow Domain Setup](/Keystone-Grimoire/Mail/Domain-Setup). + +## POS System + +*Document POS system here.* + +## Network + +*Document store network here — router, AP, any on-site devices.* diff --git a/PNC-Fish/Marketing/Overview.md b/PNC-Fish/Marketing/Overview.md new file mode 100644 index 0000000..f818683 --- /dev/null +++ b/PNC-Fish/Marketing/Overview.md @@ -0,0 +1,13 @@ +--- +title: Marketing Overview +description: PNC Fish & More marketing and promotions +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncfish, marketing +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Marketing Overview + +*Add marketing documentation here: social media accounts, posting schedules, ad campaigns, promotions, photography workflow for livestock, etc.* diff --git a/PNC-Fish/Operations/Overview.md b/PNC-Fish/Operations/Overview.md new file mode 100644 index 0000000..86cb658 --- /dev/null +++ b/PNC-Fish/Operations/Overview.md @@ -0,0 +1,13 @@ +--- +title: Operations Overview +description: PNC Fish & More day-to-day operations documentation +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncfish, operations +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Operations Overview + +*Add operations documentation here: inventory management, supplier contacts, tank maintenance schedules, livestock sourcing, water chemistry protocols, etc.* diff --git a/PNC-Fish/Overview.md b/PNC-Fish/Overview.md new file mode 100644 index 0000000..acc3804 --- /dev/null +++ b/PNC-Fish/Overview.md @@ -0,0 +1,42 @@ +--- +title: PNC Fish & More +description: Saltwater fish and coral store — IT, operations, and business documentation +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncfish, business +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# PNC Fish & More + +![pncfish-badge](/images/pncfish-badge.png) + +PNC Fish & More is a saltwater fish and coral store. This section of the grimoire covers IT infrastructure, business operations, and marketing documentation for the store. + +**Domain:** `pncfishandmore.com` + +--- + +## Sections + +| Section | Contents | +|---------|----------| +| [IT](/PNC-Fish/IT/Overview) | Website, POS system, networking, hosting | +| [Operations](/PNC-Fish/Operations/Overview) | Inventory management, suppliers, tank management | +| [Marketing](/PNC-Fish/Marketing/Overview) | Social media, promotions, advertising | + +--- + +## IT Overview + +| Resource | Details | +|----------|---------| +| Domain | `pncfishandmore.com` (managed via ISPConfig) | +| Website | Hosted on Netgrimoire Apache/PHP stack | +| Email | Via MailCow + MXRoute relay | +| DNS | ISPConfig + OPNsense internal | + +--- + +*Sections below are stubs — add content as needed.* diff --git a/PNC-Harris/Overview.md b/PNC-Harris/Overview.md new file mode 100644 index 0000000..7545eb0 --- /dev/null +++ b/PNC-Harris/Overview.md @@ -0,0 +1,49 @@ +--- +title: PNC Harris — Family +description: Family services, personal apps, and household documentation +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncharris, family +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# PNC Harris + +![pncharris-badge](/images/pncharris-badge.png) + +Family services, personal applications, and household documentation. These services live on the Netgrimoire infrastructure but serve the family — photos, files, recipes, tasks, passwords, and bookmarks. Homepage tab: **PNCHarris**. + +--- + +## Services + +| Service | URL | Purpose | +|---------|-----|---------| +| Immich | `immich.netgrimoire.com` | Family photo and video management | +| Nextcloud AIO | `cloud.netgrimoire.com` | File sync, shared documents, calendar | +| Mealie | `recipe.netgrimoire.com` | Family recipe manager | +| Vikunja | `task.netgrimoire.com` | Task and project management | +| Joplin Server | `joplin.netgrimoire.com` | Notes sync server | +| Vaultwarden | `pass.netgrimoire.com` | Password manager | +| Wallos | `expense.netgrimoire.com` | Subscription and expense tracker | +| Linkding | `link.netgrimoire.com` | Bookmark manager | +| Glance | `home.netgrimoire.com` | Alternative dashboard | +| Calibre-Web | `books.pncharris.com` | Family ebook library | +| Scanopy | `scn.netgrimoire.com` | Document scanner | +| Bigcapital | `accounts.netgrimoire.com` | Accounting and invoicing | + +--- + +## Domains + +`pncharris.com` · `pncharrisenterprises.com` + +--- + +## Notes + +Bigcapital runs on docker5 via Compose and uses a static Caddyfile entry — caddy-docker-proxy label pickup is unreliable for this service. Do not attempt to migrate to labels. + +Immich backup: see [Immich Backup](/Vault-Grimoire/Backups/Immich-Backup). +Nextcloud backup: see [Nextcloud Backup](/Vault-Grimoire/Backups/Nextcloud-Backup). diff --git a/PNC-Harris/Services/Actual-Budget.md b/PNC-Harris/Services/Actual-Budget.md new file mode 100644 index 0000000..6e36f23 --- /dev/null +++ b/PNC-Harris/Services/Actual-Budget.md @@ -0,0 +1,53 @@ +--- +title: Actual Budget +description: Envelope budgeting service for personal finance +published: true +date: 2026-04-12T00:00:00.000Z +tags: pncharris, finance, actualbudget +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Actual Budget + +Envelope budgeting service running on the Netgrimoire swarm. Accessible at `budget.netgrimoire.com`. + +--- + +## Architecture + +| Service | Image | Port | Host | +|---------|-------|------|------| +| actual | `actualbudget/actual-server:latest` | 5006 | znas / Swarm | + +**Network:** `netgrimoire` overlay +**Homepage group:** Finance +**Volume:** `/DockerVol/actual` + +--- + +## Environment Variables + +```bash +ACTUAL_UPLOAD_FILE_SYNC_SIZE_LIMIT_MB=20 +ACTUAL_UPLOAD_SYNC_ENCRYPTED_FILE_SYNC_SIZE_LIMIT_MB=50 +ACTUAL_UPLOAD_FILE_SIZE_LIMIT_MB=20 +``` + +--- + +## Deploy + +```bash +cd services/swarm/stack/actualbudget +set -a && source .env && set +a +docker stack config --compose-file actualbudget-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml actualbudget +rm resolved.yml +``` + +--- + +## Backup + +Critical data: `/DockerVol/actual` — included in Kopia backup schedule. diff --git a/PNC-Harris/Services/Immich-Migration.md b/PNC-Harris/Services/Immich-Migration.md new file mode 100644 index 0000000..3fd78c7 --- /dev/null +++ b/PNC-Harris/Services/Immich-Migration.md @@ -0,0 +1,128 @@ +--- +title: Immich on ZFS +description: Moving Immich to its own ZFS dataset +published: true +date: 2026-02-20T04:13:02.502Z +tags: service zfs immich dataset +editor: markdown +dateCreated: 2026-02-06T15:57:04.261Z +--- + +# Moving Immich to a ZFS Dataset + +## Overview +This guide covers moving an existing Immich installation to its own ZFS dataset to enable `zfs send` backups. + +## Prerequisites +- ZFS pool mounted at `/srv/vault` +- Existing Immich installation at `/srv/vault/immich` +- Immich running via Docker Compose + +## Steps + +### 1. Stop Immich Services +```bash +cd /srv/vault/immich # or wherever your docker-compose.yml is +docker compose down +``` + +### 2. Create the New Dataset +```bash +sudo zfs create vault/immich +``` + +### 3. Move Existing Data Temporarily +```bash +sudo mv /srv/vault/immich /srv/vault/immich_old +``` + +### 4. Set Mountpoint and Mount Dataset +```bash +sudo zfs set mountpoint=/srv/immich vault/immich +sudo zfs mount vault/immich +``` + +### 5. Copy Data to New Dataset +```bash +sudo rsync -avxHAX /srv//immich_old/ /srv/immich/ +``` + +Flags preserve permissions, ownership, and special attributes. + +### 6. Verify Data Copy +```bash +sudo du -sh /srv/vault/immich_old +sudo du -sh /srv/vault/immich +``` + +Sizes should match closely. + +### 7. Start Immich +```bash +cd /srv/vault/immich +docker compose up -d +``` + +### 8. Test and Clean Up +Verify everything works, then remove old data: +```bash +sudo rm -rf /srv/vault/immich_old +``` + +## ZFS Dataset Properties + +### Recommended Settings +```bash +# Compression - helps with photos and database +sudo zfs set compression=lz4 vault/immich + +# Record size - balance for mixed workload +sudo zfs set recordsize=128K vault/immich + +# Better database performance +sudo zfs set primarycache=all vault/immich +sudo zfs set atime=off vault/immich +``` + +### Property Explanations +- **compression=lz4**: Fast, low CPU overhead, works well for both photos and database +- **recordsize=128K**: Good compromise between database (8K blocks) and photos (larger files) +- **atime=off**: Disables access time updates, reduces unnecessary writes +- **primarycache=all**: Keeps both metadata and data in ARC cache (default) + +## Backup with ZFS Send/Receive + +### Create Snapshot +```bash +zfs snapshot vault/immich@backup-$(date +%Y%m%d) +``` + +### Send to Remote Server +```bash +zfs send vault/immich@backup-$(date +%Y%m%d) | ssh backup-server zfs receive tank/backups/immich +``` + +### Incremental Backups +```bash +# After first full backup +zfs snapshot vault/immich@backup-$(date +%Y%m%d) +zfs send -i vault/immich@previous-snapshot vault/immich@backup-$(date +%Y%m%d) | \ + ssh backup-server zfs receive tank/backups/immich +``` + +## Optional: Separate Datasets for Database and Photos + +For optimal performance, split into separate datasets: +```bash +sudo zfs create vault/immich/database +sudo zfs create vault/immich/photos + +# Database optimized +sudo zfs set recordsize=16K vault/immich/database +sudo zfs set logbias=latency vault/immich/database + +# Photos optimized +sudo zfs set recordsize=1M vault/immich/photos +``` + +Then update your Docker Compose volume mounts accordingly. \ No newline at end of file diff --git a/Pocket-Grimoire/Hardware/Inventory.md b/Pocket-Grimoire/Hardware/Inventory.md new file mode 100644 index 0000000..734451c --- /dev/null +++ b/Pocket-Grimoire/Hardware/Inventory.md @@ -0,0 +1,45 @@ +--- +title: Hardware Inventory +description: Pocket Grimoire hardware — laptop, router, storage, power +published: true +date: 2026-04-12T00:00:00.000Z +tags: pocket, hardware +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Hardware Inventory + +## Core Compute + +- Laptop (Docker host) + - ZFS pool `pocket-green` at `/srv/greenpg/` + - Docker Engine (not Swarm) + +## Networking + +- GL.iNet Beryl AX (GL-MT3000) + - LAN: `192.168.8.0/24` + - WireGuard peer: `PortaPotty` (192.168.32.5) + - Short CAT5/6 cable (router ↔ laptop) + +## Storage + +| Drive | Mount | Encrypted | Contents | +|-------|-------|-----------|---------| +| SSD Vault | ZFS pool | Yes | Git mirrors, wiki backup, Kopia repo, SSH keys, system configs | +| SSD Green | ZFS pool | Yes | Personal media, Stash data, VeraCrypt containers — personal trips only | + +## Media Players + +- 2x Onn 4K streaming boxes with power +- FireTV Stick with power + +## Power + +- Anker Prime 200W 6-Port GaN desktop charger +- Short USB-C cables (router) +- Short USB-A to USB-C (laptop power backup) +- 2x short USB-3 cables (SSDs) +- Longer USB-C to USB-C (laptop primary power) +- Longer USB-C to USB-C (phone/tablet) diff --git a/Pocket-Grimoire/Hardware/ONN-Media-Streamer.md b/Pocket-Grimoire/Hardware/ONN-Media-Streamer.md new file mode 100644 index 0000000..1360020 --- /dev/null +++ b/Pocket-Grimoire/Hardware/ONN-Media-Streamer.md @@ -0,0 +1,863 @@ +--- +title: Stream Box +description: Configure ONN Media Box +published: true +date: 2026-02-20T04:50:44.701Z +tags: +editor: markdown +dateCreated: 2026-02-20T04:50:34.384Z +--- + +# Onn 4K Streaming Box Setup Guide + +**Complete configuration guide for Onn 4K streaming boxes used with Pocket Grimoire** + +--- + +## Overview + +This guide covers the complete setup of your Onn 4K streaming boxes for use with Pocket Grimoire, including: +- Initial device setup +- WiFi configuration (portapotty network) +- Required app installations (Jellyfin, StashApp, Netflix, YouTube TV) +- Connection to Pocket Grimoire services +- Troubleshooting common issues + +**Network Configuration:** +- **WiFi SSID:** `portapotty` (GL.iNet Beryl AX travel router) +- **Connection:** All devices connect wirelessly to portapotty +- **Exception:** Raspberry Pi connects to router via CAT5 ethernet + +--- + +## Hardware Information + +### Onn 4K Streaming Box Specifications +- **Model:** Onn 4K Streaming Box (Walmart exclusive) +- **OS:** Android TV (Google TV interface) +- **CPU:** Amlogic S905Y4 quad-core +- **RAM:** 2GB +- **Storage:** 8GB internal +- **Video:** 4K HDR, Dolby Vision, Dolby Atmos +- **WiFi:** 802.11ac (WiFi 5) dual-band +- **Bluetooth:** 5.0 +- **Ports:** HDMI 2.1, Micro-USB (power) +- **Remote:** Voice remote with Google Assistant + +### What's in the Box +- Onn 4K streaming box +- Voice remote with batteries +- USB power adapter +- HDMI cable (short) +- Quick start guide + +--- + +## Initial Setup + +### First Power-On + +1. **Connect to TV:** + - Plug HDMI cable into Onn box + - Connect other end to hotel TV HDMI port + - Plug Micro-USB power into Onn box + - Connect USB power adapter to wall or Anker Prime + +2. **Power On:** + - TV should auto-detect HDMI input + - If not, use TV remote to select correct HDMI input + - Onn box LED will light up (solid white when ready) + - Wait for Google TV home screen + +3. **Select Language:** + - Use remote to select language (English) + - Click OK + +4. **Accessibility Options:** + - Skip unless needed (click "Skip") + +### WiFi Configuration + +**Critical: Connect to portapotty network** + +1. **WiFi Setup Screen:** + - List of available networks will appear + - Scroll to find `portapotty` + - Select `portapotty` + - Click "Connect" + +2. **Enter Password:** + - Enter WiFi password for portapotty network + - Use on-screen keyboard + - Click "Connect" + - Wait for connection (should take 5-10 seconds) + - "Connected" message will appear + +3. **Verify Connection:** + - Should show "portapotty" with signal strength + - Should show "Connected" status + +**Troubleshooting WiFi:** +- If portapotty doesn't appear: Ensure Beryl AX router is powered on +- If password fails: Double-check portapotty WiFi password +- If connection drops: Move closer to router +- Signal strength: Should be "Excellent" or "Good" in hotel room + +### Google Account Setup + +**Option A: Sign in with Google Account** +1. Select "Sign in" +2. Use phone to scan QR code or enter code +3. Follow prompts on phone +4. Account will sync to Onn box + +**Option B: Set up without Google Account (Limited)** +1. Select "Skip" +2. Click "Skip" again to confirm +3. Some features will be limited (Play Store, purchases) +4. **Recommendation:** Use Option A for full functionality + +**For Pocket Grimoire:** +- Need Google account for: Play Store (to install apps) +- StashApp requires sideloading (see separate section) + +### Complete Initial Setup + +1. **Google Services:** + - Accept terms (or skip) + - Location services: Your choice + - Device name: Name it (e.g., "Onn Box 1", "Onn Box 2") + +2. **Voice Match:** + - Set up "Hey Google" voice commands (optional) + - Can skip and set up later + +3. **Apps to Install:** + - Google will suggest popular apps + - Skip for now (we'll install specific apps later) + - Click "Next" or "Skip" + +4. **Complete:** + - Should arrive at Google TV home screen + - Remote should control interface + - Ready to install apps + +--- + +## App Installations + +### 1. Jellyfin for Android TV + +**Install from Google Play Store:** + +1. **Open Play Store:** + - Press Home button on remote + - Navigate to "Apps" tab at top + - Select "Play Store" + +2. **Search for Jellyfin:** + - Click search icon (magnifying glass) + - Type "Jellyfin" using on-screen keyboard + - Select "Jellyfin for Android TV" from results + - **Developer:** Jellyfin + - **Note:** Choose "Jellyfin for Android TV" not regular Jellyfin + +3. **Install:** + - Click "Install" + - Wait for download and installation (~30 seconds) + - Click "Open" when complete + +4. **Configure Jellyfin:** + - Click "Connect to Server" + - **Method 1 - Manual Entry:** + - Click "Add server manually" + - Host: `pocket-grimoire.local` or `10.0.0.10` (Pi's IP) + - Port: `8096` + - Click "Connect" + + - **Method 2 - Auto-Discovery (if available):** + - Wait for Jellyfin to discover Pocket Grimoire + - Select "Pocket Grimoire" from list + - Click "Connect" + +5. **Login:** + - Enter username and password + - Or select "Quick Connect" if configured + - Click "Sign In" + +6. **Verify:** + - Should see Jellyfin home screen + - Libraries (Movies, TV Shows) should appear + - Test playing a video (should be direct play, no buffering) + +**Jellyfin Settings (Optional but Recommended):** +- Settings → Playback + - Video quality: Maximum + - Allow direct play: ON + - Allow direct stream: ON + - Allow video transcoding: OFF (should be disabled on server already) + +### 2. StashApp for Android TV + +**Installation: Requires Sideloading (GitHub Release)** + +StashApp is not available in Play Store, must be installed manually via APK file. + +#### Prerequisites +- USB drive (for APK transfer) +- Computer with internet access +- OR Android phone with file transfer capability + +#### Method 1: USB Drive Installation (Recommended) + +**On Your Computer:** + +1. **Download StashApp APK:** + - Open browser: https://github.com/damontecres/StashAppAndroidTV/releases + - Find latest release (e.g., v1.x.x) + - Download file: `stashapp-tv-release-vX.X.X.apk` + - Save to USB drive + +2. **Prepare USB Drive:** + - Format as FAT32 or exFAT (if not already) + - Copy APK to root of USB drive + - Safely eject USB drive + +**On Onn Box:** + +3. **Enable Unknown Sources:** + - Press Home button + - Navigate to Settings (gear icon) + - Select "Device Preferences" + - Select "Security & Restrictions" + - Enable "Unknown Sources" + - Confirm warning (accept risk) + +4. **Install File Manager (if needed):** + - Open Play Store + - Search "File Commander" or "X-plore File Manager" + - Install one of these apps + - Open the file manager app + +5. **Connect USB Drive:** + - Plug USB drive into Onn box USB port + - **Note:** Onn box only has Micro-USB (power), so you need: + - USB OTG adapter (Micro-USB to USB-A female) + - OR transfer APK via network/Bluetooth + +**Alternative: Network Transfer** + +Since Onn box doesn't have easy USB access: + +1. **Use Send Files to TV App:** + - On Onn box: Install "Send Files to TV" from Play Store + - On phone/computer: Install companion app + - Transfer APK wirelessly + - Open with package installer + +2. **Or Use Cloud Storage:** + - Upload APK to Google Drive + - On Onn box: Install Google Drive app + - Download APK from Drive + - Open with package installer + +#### Method 2: Direct Download on Onn Box (Easiest) + +**On Onn Box:** + +1. **Install Downloader App:** + - Open Play Store + - Search "Downloader" (by AFTVnews) + - Install and open + +2. **Download StashApp APK:** + - In Downloader app, click URL field + - Enter: `https://github.com/damontecres/StashAppAndroidTV/releases` + - Navigate to latest release + - Click APK download link + - Save APK + +3. **Install APK:** + - Downloader will prompt to install after download + - Click "Install" + - Click "Done" when complete + - APK will be installed + +**Configure StashApp:** + +1. **Open StashApp:** + - Find in Apps list (may be under "See all apps") + - Or search "Stash" in search bar + +2. **Connect to Server:** + - Enter server URL: `http://pocket-grimoire.local:9999` + - Or use IP: `http://10.0.0.10:9999` + - Enter API key (if required) + - Click "Connect" + +3. **Test Connection:** + - Should load Stash interface + - Browse library + - Test playing a preview + - Verify scene markers work + +**StashApp Settings:** +- Video quality: Original (for direct play) +- Hardware acceleration: ON +- Cache previews: ON (if storage available) + +### 3. Netflix + +**Install from Google Play Store:** + +1. **Open Play Store:** + - Press Home button + - Navigate to "Apps" + - Select "Play Store" + +2. **Search Netflix:** + - Search bar → type "Netflix" + - Select "Netflix" (official app) + - Click "Install" + - Wait for installation + +3. **Open Netflix:** + - Click "Open" after installation + - Or find in Apps list + +4. **Sign In:** + - Enter Netflix email and password + - Or scan QR code with phone + - Select profile + +5. **Test:** + - Browse content + - Play a video to verify streaming works + - Check video quality (should be HD/4K) + +**Netflix Settings:** +- Profile: Select your profile +- Video quality: High (auto) +- Subtitles/audio: Configure as preferred + +### 4. YouTube TV + +**Install from Google Play Store:** + +1. **Open Play Store:** + - Navigate to Play Store + - Search "YouTube TV" + +2. **Install:** + - Select "YouTube TV" (official app) + - Click "Install" + - Wait for installation + +3. **Sign In:** + - Open YouTube TV + - Sign in with Google account (YouTube TV subscription) + - Or use TV code activation: + - Visit tv.youtube.com/start on computer/phone + - Enter code shown on TV + - Sign in and authorize + +4. **Test:** + - Browse live TV channels + - Test DVR recordings + - Verify streaming quality + +**YouTube TV Settings:** +- Live guide: Configure preferences +- DVR: Verify recordings accessible +- Picture quality: Auto or 4K (if available) + +--- + +## Network Configuration Details + +### portapotty WiFi Network (GL.iNet Beryl AX) + +**Network Details:** +- **SSID:** `portapotty` +- **Frequency:** 2.4GHz + 5GHz (dual-band) +- **Security:** WPA2/WPA3 +- **DHCP:** Enabled (automatic IP assignment) +- **Subnet:** 192.168.8.0/24 (default GL.iNet) +- **Router IP:** 192.168.8.1 (Beryl AX admin panel) +- **DNS:** Handled by Beryl AX (AdGuard Home) + +**Devices on portapotty Network:** +- Raspberry Pi 4: Ethernet (CAT5) → 10.0.0.10 (static, or check DHCP) +- Onn Box 1: WiFi → 192.168.8.x (DHCP assigned) +- Onn Box 2: WiFi → 192.168.8.x (DHCP assigned) +- Laptop: WiFi → 192.168.8.x (DHCP assigned) +- Phone/tablet: WiFi → 192.168.8.x (DHCP assigned) + +### Pocket Grimoire Service Addresses + +**When connected to portapotty network:** + +``` +Jellyfin: http://pocket-grimoire.local:8096 + or http://10.0.0.10:8096 + +Stash: http://pocket-grimoire.local:9999 + or http://10.0.0.10:9999 + +Wiki.js: http://pocket-grimoire.local:3000 + or http://10.0.0.10:3000 + +File Browser: http://pocket-grimoire.local:8080 + or http://10.0.0.10:8080 + +Router Admin: http://192.168.8.1 +``` + +**If `.local` names don't resolve:** +- Use IP addresses directly (10.0.0.10) +- Check Beryl AX DNS settings +- Restart Onn box + +--- + +## Configuration Checklist + +### Pre-Deployment (At Home) + +**Before traveling, complete these tasks:** + +- [ ] Both Onn boxes powered on and tested +- [ ] Both connected to test WiFi network +- [ ] Google accounts signed in on both boxes +- [ ] All 4 apps installed on both boxes: + - [ ] Jellyfin for Android TV + - [ ] StashApp for Android TV (sideloaded) + - [ ] Netflix + - [ ] YouTube TV +- [ ] Jellyfin configured and tested (play test video) +- [ ] StashApp configured and tested (browse library) +- [ ] Netflix signed in (test streaming) +- [ ] YouTube TV signed in (test live TV) +- [ ] Both remotes have fresh batteries +- [ ] Both boxes labeled (Box 1, Box 2) or distinguishable + +### Hotel Deployment + +**Setup sequence at hotel:** + +1. **Setup Beryl AX Router:** + - Power on Beryl AX + - Connect to hotel WiFi (via Beryl AX admin or phone app) + - Verify internet connection + - portapotty WiFi should be active + +2. **Setup Pocket Grimoire:** + - Power on Raspberry Pi + - Connect via CAT5 to Beryl AX + - Wait 2-3 minutes for boot + - SSH in and unlock ZFS (if needed) + - Verify Docker containers running + +3. **Setup Onn Box 1:** + - Connect to TV HDMI port + - Power on + - Wait for boot (30 seconds) + - Should auto-connect to portapotty + - If not: Settings → Network → portapotty → Connect + - Test Jellyfin (should connect automatically) + - Test StashApp (should connect automatically) + +4. **Setup Onn Box 2 (if using):** + - Connect to second TV or different HDMI port + - Repeat setup steps above + - Verify connection to portapotty + +5. **Verify All Services:** + - Open Jellyfin → Browse library → Play test video + - Open StashApp → Browse library → Test preview + - Open Netflix → Test streaming + - Open YouTube TV → Test live channel + +**Total setup time: 10-15 minutes** + +--- + +## Troubleshooting + +### WiFi Connection Issues + +**Onn box won't connect to portapotty:** + +1. **Verify Router is Online:** + - Check Beryl AX power LED (should be solid) + - Check Beryl AX WiFi LED (should be blinking/solid) + - Use phone to verify portapotty network is visible + +2. **Forget and Reconnect:** + - Settings → Network & Internet + - Select portapotty + - Click "Forget network" + - Scan again + - Reconnect with password + +3. **Check Router Settings:** + - Access Beryl AX admin: http://192.168.8.1 + - Verify WiFi is enabled + - Check if DHCP is active + - Verify no MAC filtering enabled + +4. **Restart Devices:** + - Power cycle Onn box (unplug, wait 10 seconds, plug back in) + - Restart Beryl AX router + - Try connecting again + +**Weak WiFi Signal:** + +- Move Beryl AX closer to TV/Onn box +- Reduce obstacles between router and box +- Use 2.4GHz band instead of 5GHz (better range, slower speed) +- Check for interference (hotel WiFi channels) + +### Jellyfin Connection Issues + +**Can't connect to Jellyfin server:** + +1. **Verify Server is Running:** + - SSH into Pocket Grimoire + - Run: `docker ps | grep jellyfin` + - Should show `pocketgrimoire_jellyfin` running + +2. **Check Network Connectivity:** + - On Onn box, open browser app + - Navigate to: `http://pocket-grimoire.local:8096` + - Or try IP: `http://10.0.0.10:8096` + - Should load Jellyfin web interface + +3. **Reconnect Jellyfin App:** + - Open Jellyfin app + - Settings → Server + - Delete existing server + - Add server manually: + - Host: `pocket-grimoire.local` or `10.0.0.10` + - Port: `8096` + - Connect and login + +4. **Check Firewall:** + - SSH into Pi + - Verify port 8096 is open: `sudo netstat -tlnp | grep 8096` + - Should show jellyfin listening + +**Jellyfin Playback Issues:** + +**Video won't play:** +- Check media is H.264/AAC (see encoding guide) +- Verify network bandwidth (should be strong WiFi) +- Try different video file +- Check Jellyfin logs: `docker logs pocketgrimoire_jellyfin` + +**Video buffers/stutters:** +- Check WiFi signal strength (move router closer) +- Verify direct play (check playback info, should NOT say "transcoding") +- If transcoding occurs: Media is not properly encoded +- Check network activity: `ssh user@pocket-grimoire.local` then `iftop` + +**Subtitles don't work:** +- Ensure subtitles are SRT format (not PGS/VobSub) +- External .srt files work best +- Embedded SRT in MKV also works + +### StashApp Connection Issues + +**Can't connect to Stash server:** + +1. **Verify Stash is Running:** + - SSH into Pocket Grimoire + - Run: `docker ps | grep stash` + - Should show `pocketgrimoire_stash` running + +2. **Test Server Connection:** + - Open browser on Onn box + - Navigate to: `http://pocket-grimoire.local:9999` + - Or try: `http://10.0.0.10:9999` + - Should load Stash web interface + +3. **Reconfigure StashApp:** + - Open StashApp + - Settings → Server + - Remove existing server + - Add server: + - URL: `http://pocket-grimoire.local:9999` + - Or: `http://10.0.0.10:9999` + - Enter API key (if required) + - Connect + +4. **Check API Key:** + - If StashApp requires API key + - SSH into Pi: `cat /srv/vaultpg/stash/config/config.yml | grep api_key` + - Or access Stash web UI → Settings → Security → API Key + - Copy key into StashApp + +**StashApp Crashes or Freezes:** +- Clear app cache: Settings → Apps → StashApp → Clear cache +- Restart Onn box +- Reinstall StashApp (download latest APK) +- Check Stash server logs: `docker logs pocketgrimoire_stash` + +**Previews won't play:** +- Verify previews synced from Netgrimoire +- Check: `ssh user@pocket-grimoire.local` +- Run: `ls /srv/vaultpg/stash/generated/` (should show preview files) +- If empty: Sync hasn't completed, or previews not generated on Netgrimoire + +### Netflix/YouTube TV Issues + +**Netflix won't sign in:** +- Verify Netflix subscription is active +- Try signing in on phone/computer first +- Use "Sign in with code" option (visit netflix.com/tv8 on another device) +- Check internet connection (portapotty → hotel WiFi) + +**YouTube TV won't play:** +- Verify YouTube TV subscription is active +- Check location restrictions (some content blocked outside home area) +- Try signing out and back in +- Verify internet connection speed + +**Streaming quality poor:** +- Check WiFi signal strength +- Verify hotel internet speed (not throttled) +- Switch to lower quality in app settings temporarily +- Move router closer to TV + +### General Onn Box Issues + +**Box won't turn on:** +- Check power adapter is plugged in +- Check Micro-USB cable is secure +- Try different power source +- LED should light up (white when on) + +**Remote not working:** +- Check batteries (replace if needed) +- Re-pair remote: Hold Back + Home for 5 seconds +- Check for obstructions between remote and box +- Try using Google Home app as remote backup + +**Box is slow/laggy:** +- Clear cache: Settings → Storage → Cached data → Clear +- Uninstall unused apps +- Restart box: Settings → Device Preferences → About → Restart +- Factory reset (last resort) + +**Apps keep crashing:** +- Clear app cache and data +- Uninstall and reinstall app +- Check for OS updates: Settings → Device Preferences → About → System update +- Factory reset if persistent + +**No sound:** +- Check TV volume (not muted) +- Check HDMI connection (reseat cable) +- Settings → Display & Sound → Audio output → Test +- Try different HDMI port on TV +- Check if audio is set to "Auto" or "Stereo" + +### DNS Resolution Issues + +**`.local` addresses don't work (pocket-grimoire.local fails):** + +1. **Use IP Address Instead:** + - Replace `pocket-grimoire.local` with `10.0.0.10` + - Example: `http://10.0.0.10:8096` for Jellyfin + +2. **Check Pi's IP Address:** + - SSH into Pi: `ip addr show eth0` + - Look for inet address (e.g., 192.168.8.50) + - Use this IP in apps instead of .local + +3. **Check Beryl AX DNS:** + - Access http://192.168.8.1 + - Check DNS settings + - Verify AdGuard Home is running + - Ensure mDNS/Bonjour reflection is enabled (if option available) + +4. **Add Static DNS Entry:** + - In Beryl AX admin panel + - Add static DNS entry: pocket-grimoire → 10.0.0.10 + +--- + +## Advanced Configuration + +### Setting Static IP for Raspberry Pi + +**On Beryl AX router:** + +1. Access admin panel: http://192.168.8.1 +2. Navigate to Network → DHCP Server +3. Find Raspberry Pi in client list +4. Assign static IP: 10.0.0.10 +5. Save and apply + +**Or on Raspberry Pi directly:** + +```bash +# Edit network config +sudo nano /etc/dhcpcd.conf + +# Add at end: +interface eth0 +static ip_address=10.0.0.10/24 +static routers=192.168.8.1 +static domain_name_servers=192.168.8.1 +``` + +### Optimizing Video Playback + +**Jellyfin Video Settings (on Onn box):** +- Settings → Playback +- Max streaming bitrate: Maximum (Auto) +- Video quality: Maximum +- Allow video playback that may require conversion: OFF +- Skip intro: ON (if desired) + +**StashApp Video Settings:** +- Settings → Playback +- Video quality: Original +- Hardware acceleration: ON +- Buffer size: Large + +### Remote Control Tips + +**Voice Commands:** +- "Hey Google, open Jellyfin" +- "Hey Google, play [movie name] on Jellyfin" +- "Hey Google, pause" +- "Hey Google, turn off TV" + +**Useful Remote Shortcuts:** +- Home button (twice): Recent apps +- Back button (hold): Return to home +- Play/Pause: Works in most video apps +- Voice button: Google Assistant + +--- + +## App Locations + +**After installation, find apps here:** + +**Home Screen:** +- Netflix, YouTube TV usually appear automatically + +**Apps Tab:** +- All installed apps listed alphabetically +- Jellyfin, StashApp will be here + +**Quick Access:** +- Long-press Home → Add to Favorites +- Apps appear on home screen for quick access + +--- + +## Maintenance + +### Weekly (While Using) +- Check for app updates (Play Store → Updates) +- Clear cache if apps feel slow +- Verify WiFi connection strength + +### Before Each Trip +- Test all apps at home +- Update apps if updates available +- Check remote batteries +- Verify all logins still active + +### After Each Trip +- Check for OS updates +- Review installed apps (remove if unused) +- Clear cache to free storage + +--- + +## Factory Reset (If Needed) + +**When to factory reset:** +- Box is extremely slow +- Apps constantly crash +- Persistent connection issues +- Selling/giving away box + +**How to factory reset:** + +1. **Via Settings:** + - Settings → Device Preferences + - About → Factory Reset + - Confirm reset + - Wait for reboot (3-5 minutes) + +2. **Via Recovery Mode:** + - Power off box + - Hold reset button (if present) + - Power on while holding + - Navigate with remote to "Factory Reset" + - Confirm + +**After reset:** +- Complete initial setup again (see beginning of guide) +- Reinstall all apps +- Reconfigure WiFi and services + +--- + +## Quick Reference Card + +**Essential Information:** + +``` +WiFi Network: portapotty +Router Admin: http://192.168.8.1 + +Pocket Grimoire Services: +- Jellyfin: http://pocket-grimoire.local:8096 +- Stash: http://pocket-grimoire.local:9999 +- Wiki: http://pocket-grimoire.local:3000 + +If .local fails, use IP: http://10.0.0.10:[PORT] + +Apps Required: +✓ Jellyfin for Android TV (Play Store) +✓ StashApp for Android TV (Sideload APK) +✓ Netflix (Play Store) +✓ YouTube TV (Play Store) + +Troubleshooting: +1. Restart Onn box +2. Check portapotty WiFi connection +3. Verify Pocket Grimoire is running (SSH check) +4. Use IP addresses instead of .local names +``` + +--- + +## Appendix: StashApp APK Sources + +**Official GitHub Repository:** +- https://github.com/damontecres/StashAppAndroidTV +- Releases: https://github.com/damontecres/StashAppAndroidTV/releases +- Latest version: Check releases page + +**Verification:** +- Download only from official GitHub releases +- Verify file integrity (check file size, release notes) +- Watch for malware warnings (false positives common with sideloaded APKs) + +**Update Process:** +- Check GitHub for new releases periodically +- Download new APK +- Install over existing app (data preserved) +- Or uninstall and reinstall clean + +--- + +*This guide was created for Onn 4K streaming box configuration with Pocket Grimoire. Keep updated as apps and configurations change.* diff --git a/Pocket-Grimoire/Overview.md b/Pocket-Grimoire/Overview.md new file mode 100644 index 0000000..a907de1 --- /dev/null +++ b/Pocket-Grimoire/Overview.md @@ -0,0 +1,64 @@ +--- +title: Pocket Grimoire +description: Portable travel lab — offline-first, encrypted, self-contained +published: true +date: 2026-04-12T00:00:00.000Z +tags: pocket, portable, travel +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Pocket Grimoire + +![pocket-badge](/images/pocket-badge.png) + +Pocket Grimoire is a portable, encrypted, offline-first companion to Netgrimoire. It travels. It runs without internet. It tunnels home via WireGuard when connectivity is available. And it doubles as one of the two Vault Grimoire offsite nodes — every time it leaves the house, it takes an encrypted copy of the data with it. + +--- + +## Hardware at a Glance + +- **Laptop** — Docker host, ZFS pool `pocket-green` at `/srv/greenpg/` +- **GL.iNet Beryl AX (GL-MT3000)** — travel router, LAN `192.168.8.0/24`, WireGuard peer `PortaPotty` +- **2x Onn 4K streaming boxes** — hotel/TV playback +- **Anker 200W GaN charging station** — one plug for everything +- **SSDs** — Vault (always connected) + Green (personal trips only) + +--- + +## Software Stack + +| Service | Purpose | Mode | +|---------|---------|------| +| Jellyfin | Media playback | Read/write | +| Stash (PocketStash, port 9998) | Adult media | Read-only travel mode | +| Wiki.js | Documentation mirror | Pull-only | +| Filebrowser | File access | Read/write | + +--- + +## WireGuard Home Tunnel + +WireGuard peer `PortaPotty` (192.168.32.5) connects back to OPNsense on Netgrimoire when internet is available. All management traffic and sync operations use the tunnel. + +--- + +## As a Vault Node + +Pocket Grimoire receives a `syncoid` push from `znas` before each trip: + +```bash +syncoid znas:vault/Green/Pocket pocket:/srv/greenpg/Green +``` + +This makes it an offsite encrypted backup node whenever it leaves home. See [Vault Architecture](/Vault-Grimoire/Offsite/Vault-Architecture). + +--- + +## Sections + +| | | +|---|---| +| [Hardware](/Pocket-Grimoire/Hardware/Inventory) | Full hardware list, power kit, storage layout | +| [Software](/Pocket-Grimoire/Software/Stack) | Services, Docker config, ZFS pool | +| [Sync & Deployment](/Pocket-Grimoire/Sync/Pre-Travel-Sync) | Pre-travel checklist, syncoid, deployment guide | diff --git a/Pocket-Grimoire/Software/Stack.md b/Pocket-Grimoire/Software/Stack.md new file mode 100644 index 0000000..92431b8 --- /dev/null +++ b/Pocket-Grimoire/Software/Stack.md @@ -0,0 +1,39 @@ +--- +title: Software Stack +description: Services running on Pocket Grimoire +published: true +date: 2026-04-12T00:00:00.000Z +tags: pocket, software, docker +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Pocket Grimoire Software Stack + +## Services + +| Service | Port | Purpose | Mode | +|---------|------|---------|------| +| Jellyfin | 8096 | Media playback | Read/write | +| PocketStash | 9998 | Adult media (Stash) | Read-only travel mode | +| Wiki.js | 3000 | Documentation mirror | Pull-only (no writes) | +| Filebrowser | 8080 | File management | Read/write | +| Beszel agent | — | Reports back to znas monitoring | Active when tunneled | + +## ZFS Pool + +Pool name: `pocket-green` +Mount point: `/srv/greenpg/` + +Dataset layout mirrors the Vault Grimoire structure for Green/Pocket data. + +## Docker + +Docker Engine (standalone, not Swarm). Compose-only. No overlay networks. + +## Host Services + +- Linux (Ubuntu Server) +- OpenZFS +- systemd timers (sync, health checks) +- Cockpit (management) diff --git a/Pocket-Grimoire/Software/Stash-Integration.md b/Pocket-Grimoire/Software/Stash-Integration.md new file mode 100644 index 0000000..12df189 --- /dev/null +++ b/Pocket-Grimoire/Software/Stash-Integration.md @@ -0,0 +1,1927 @@ +--- +title: Pocket Clips +description: Integrating Stash +published: true +date: 2026-02-22T05:20:31.865Z +tags: +editor: markdown +dateCreated: 2026-02-20T04:48:11.191Z +--- + +# Pocket Grimoire - Stash Integration Guide + +**Adding Stash media library manager to Pocket Grimoire using two-instance architecture with ZFS replication** + +--- + +## Overview + +This guide extends the Pocket Grimoire deployment to include Stash using a **two-instance architecture**: +- **Stash-Main** on Netgrimoire watches your entire media library +- **Stash-Pocket** on Netgrimoire watches only curated personal content (GREEN drive) +- **Stash-Pocket** replicates to Pocket Grimoire's GREEN drive for offline access + +This approach provides: +- Full library management at home (Stash-Main) +- Curated personal subset with independent database (Stash-Pocket) +- Automatic synchronization via existing ZFS replication to GREEN drive +- Read-only browsing on travel with all previews pre-generated +- Zero CPU load on travel Pi (no scanning/generation) + +**Key Principle:** All intensive operations happen on Netgrimoire. Pocket Grimoire just serves pre-generated content in read-only mode. + +**Important:** Stash data lives on the GREEN drive (personal media), NOT on VAULT. VAULT is for backups only. + +--- + +## Architecture + +``` +┌─────────────────────────────────────────────────────┐ +│ NETGRIMOIRE (Home) │ +├─────────────────────────────────────────────────────┤ +│ │ +│ Stash Instance #1: "Stash-Main" (Port 9999) │ +│ ├─ Watches: ALL media libraries │ +│ ├─ Config: /export/vault/stash-main/config │ +│ ├─ Generated: /export/vault/stash-main/generated │ +│ ├─ Blobs: /export/vault/stash-main/blobs │ +│ ├─ Database: 1-5GB (full library) │ +│ └─ Does NOT sync to Pocket │ +│ │ +│ Stash Instance #2: "Stash-Pocket" (Port 9998) │ +│ ├─ Watches: ONLY Green/Pocket (personal content) │ +│ ├─ Location: /export/Green/Pocket/ │ +│ │ ├── media/library/ (personal media) │ +│ │ └── stash/ (Stash-Pocket data) │ +│ │ ├── config/ (database) │ +│ │ ├── generated/ (previews) │ +│ │ └── blobs/ (markers) │ +│ ├─ Database: 200MB-1GB (personal subset) │ +│ └─ SYNCS to Pocket GREEN drive via ZFS │ +│ │ +└─────────────────────────────────────────────────────┘ + ↓ ZFS Send (syncoid) + (vault/Green/Pocket → greenpg/Pocket) + ↓ +┌─────────────────────────────────────────────────────┐ +│ POCKET GRIMOIRE (Travel) │ +├─────────────────────────────────────────────────────┤ +│ │ +│ GREEN Drive (greenpg pool): │ +│ └─ /srv/greenpg/Pocket/ (dataset from sync) │ +│ ├─ media/library/ (media files) │ +│ └─ stash/ (Stash data) │ +│ │ +│ Stash Instance: "Stash-Pocket" (Port 9999) │ +│ ├─ Watches: GREEN media only (read-only) │ +│ ├─ Location: /srv/greenpg/Pocket/ │ +│ │ ├── media/library/ (synced media) │ +│ │ └── stash/ (synced, read-only) │ +│ │ ├── config/ (synced database) │ +│ │ ├── generated/ (synced previews) │ +│ │ └── blobs/ (synced markers) │ +│ ├─ Same database as Netgrimoire Stash-Pocket │ +│ └─ Browse only - no scanning or generation │ +│ │ +└─────────────────────────────────────────────────────┘ +``` + +--- + +## Why Two Instances? + +### Benefits of Two-Instance Architecture + +✅ **Stash-Main (Port 9999):** +- Manages your entire home media library +- Heavy operations (scanning, tagging, preview generation) +- Full featured - edit, organize, tag anything +- Stays on Netgrimoire (doesn't sync to Pocket) + +✅ **Stash-Pocket (Port 9998 at home, 9999 on travel):** +- Manages only curated personal content (GREEN drive) +- Smaller database (faster, lighter) +- Independent from main library +- Syncs to Pocket Grimoire's GREEN drive automatically +- Preview personal setup before trips + +✅ **Separation of Concerns:** +- Main library can be massive (thousands of videos) +- Personal subset is manageable (hundreds of videos) +- No confusion about what's available where +- Changes to main library don't affect travel copy +- Faster sync times (only GREEN data replicates) + +--- + +## Storage Requirements + +### On Netgrimoire + +**Stash-Main (Does NOT sync):** +``` +Location: /export/vault/stash-main/ +Database: 1-5GB (depends on library size) +Generated previews: 50-200GB (depends on settings) +Blobs/markers: 5-20GB +───────────────────────────────────────────── +Total: ~56-225GB (stays on Netgrimoire) +``` + +**Stash-Pocket (DOES sync to GREEN drive):** +``` +Location: /export/Green/Pocket/stash/ +Database: 200MB-1GB (smaller subset) +Generated previews: 5-20GB +Blobs/markers: 1-5GB +───────────────────────────────────────────── +Total: ~6-26GB (syncs to Pocket GREEN) +``` + +**Personal Media (syncs to GREEN drive):** +``` +Location: /export/Green/Pocket/media/ +Content: 500GB-1TB (curated for travel) +───────────────────────────────────────────── +Total Green/Pocket: ~506GB-1TB (vault/Green/Pocket dataset) +``` + +### On Pocket Grimoire (GREEN Drive) + +``` +Location: /srv/greenpg/Pocket/ +Stash data: ~6-26GB (synced from Netgrimoire) +Media files: ~500GB-1TB (synced from Netgrimoire) +───────────────────────────────────────────── +Total: ~506GB-1TB on GREEN SSD + +This fits comfortably on a 2TB+ GREEN SSD. +``` + +**Note:** VAULT drive contains backups only (no Stash, no media). + +--- + +## Resource Impact + +### Updated Resource Profile (With Stash) + +**Netgrimoire (Running Two Instances):** + +Idle: +``` +Stash-Main: ~400MB RAM +Stash-Pocket: ~300MB RAM (smaller database) +──────────────────────────── +Total: ~700MB RAM +CPU: <5% +``` + +During operations: +``` +Stash-Main (scanning): ~1-2GB RAM, 80%+ CPU +Stash-Pocket (scanning): ~500MB RAM, 40% CPU +Note: Run intensive tasks one at a time +``` + +**Pocket Grimoire (Single Instance, Read-Only):** + +Idle: +``` +Wiki.js + PostgreSQL: ~250MB RAM +Jellyfin (idle): ~150MB RAM +Stash-Pocket: ~200MB RAM +ZFS ARC: ~512MB RAM +System: ~200MB RAM +───────────────────────────────── +Total: ~1.3GB / 8GB RAM ✓ +CPU: <10% +Temperature: Cool +``` + +Browsing Stash: +``` +Stash-Pocket (active): ~300MB RAM +Other services: ~1.1GB RAM +───────────────────────────────── +Total: ~1.4GB / 8GB RAM ✓ +CPU: <15% +Temperature: Cool to Warm +``` + +Media playback + Stash: +``` +Jellyfin (serving): ~200MB RAM +Stash (browsing): ~300MB RAM +Wiki.js + PostgreSQL: ~250MB RAM +ZFS ARC: ~512MB RAM +System: ~200MB RAM +───────────────────────────────── +Total: ~1.5GB / 8GB RAM ✓ +Still plenty of headroom +``` + +--- + +## Installation: Netgrimoire (Home) + +### 1. Create Directory Structure + +```bash +# Create Stash-Main directories (NOT in Green folder - won't sync) +sudo mkdir -p /export/vault/stash-main/{config,generated,blobs,cache} +sudo chown -R 1000:1000 /export/vault/stash-main +sudo chmod -R 755 /export/vault/stash-main + +# Stash-Pocket directories in existing Green/Pocket dataset +# Your dataset: vault/Green/Pocket mounted at /export/Green/Pocket +sudo mkdir -p /export/Green/Pocket/stash/{config,generated,blobs,cache} +sudo mkdir -p /export/Green/Pocket/media/library/{movies,tv} +sudo chown -R 1000:1000 /export/Green/Pocket +sudo chmod -R 755 /export/Green/Pocket +``` + +**Verify structure:** +```bash +tree -L 2 /export/vault/stash-main +tree -L 3 /export/Green/Pocket +# Should show: +# /export/Green/Pocket/ +# ├── stash/ +# │ ├── config/ +# │ ├── generated/ +# │ ├── blobs/ +# │ └── cache/ +# └── media/ +# └── library/ +``` + +### 2. Curate Pocket Media Content + +**Copy or move curated travel content to Pocket location:** + +```bash +# Example: Copy favorite movies to Pocket +cp /export/vault/media/library/movies/favorites/*.mp4 \ + /export/vault/Green/Pocket/media/library/movies/ + +# Example: Copy specific TV show seasons +cp -r /export/vault/media/library/tv/ShowName/Season01 \ + /export/vault/Green/Pocket/media/library/tv/ + +# Or organize a dedicated travel collection +mkdir -p /export/vault/Green/Pocket/media/library/travel-collection +# ... add curated content ... +``` + +**Important:** This is your travel media library. Keep it manageable (500GB-1TB). + +### 3. Stash-Main Docker Compose + +**Create directory:** +```bash +mkdir -p /srv/netgrimoire/stacks/stash-main +``` + +**File:** `/srv/netgrimoire/stacks/stash-main/docker-compose.yml` + +```yaml +services: + stash-main: + image: stashapp/stash:latest + container_name: netgrimoire_stash_main + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - TZ=America/Chicago + volumes: + # Stash-Main data (NOT in Pocket directory - won't sync) + - /export/vault/stash-main/config:/root/.stash + - /export/vault/stash-main/generated:/generated + - /export/vault/stash-main/blobs:/blobs + - /export/vault/stash-main/cache:/cache + + # Watch ALL media libraries + - /export/vault/media:/data:ro + + # Optionally also include Pocket media in main view + # - /export/vault/Green/Pocket/media:/data/pocket:ro + ports: + - "9999:9999" + restart: unless-stopped +``` + +**Start Stash-Main:** +```bash +cd /srv/netgrimoire/stacks/stash-main +docker compose up -d + +# Check logs +docker logs -f netgrimoire_stash_main + +# Access: http://netgrimoire.local:9999 +``` + +### 4. Stash-Pocket Docker Compose + +**Create directory:** +```bash +mkdir -p /srv/netgrimoire/stacks/stash-pocket +``` + +**File:** `/srv/netgrimoire/stacks/stash-pocket/docker-compose.yml` + +```yaml +services: + stash-pocket: + image: stashapp/stash:latest + container_name: netgrimoire_stash_pocket + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - TZ=America/Chicago + volumes: + # Stash-Pocket data (IN Pocket directory - will sync) + - /export/vault/Green/Pocket/stash/config:/root/.stash + - /export/vault/Green/Pocket/stash/generated:/generated + - /export/vault/Green/Pocket/stash/blobs:/blobs + - /export/vault/Green/Pocket/stash/cache:/cache + + # Watch ONLY Pocket media + - /export/vault/Green/Pocket/media:/data:ro + ports: + - "9998:9999" # Different external port to avoid conflict + restart: unless-stopped +``` + +**Note:** Container uses port 9999 internally, but exposed as 9998 externally to avoid conflict with Stash-Main. + +**Start Stash-Pocket:** +```bash +cd /srv/netgrimoire/stacks/stash-pocket +docker compose up -d + +# Check logs +docker logs -f netgrimoire_stash_pocket + +# Access: http://netgrimoire.local:9998 +``` + +**Verify both running:** +```bash +docker ps | grep stash +# Should show: +# netgrimoire_stash_main (port 9999) +# netgrimoire_stash_pocket (port 9998) +``` + +### 5. Configure Stash-Main + +**Access:** `http://netgrimoire.local:9999` + +1. **Initial Setup Wizard:** + - Set admin password + - Configure paths (default /data should work) + - Complete setup + +2. **Add Libraries:** + - Settings → Library + - Add folder: `/data/library` (or your structure) + - Save + +3. **Run Initial Scan:** + - Tasks → Scan + - Wait for completion (can take hours for large libraries) + +4. **Configure Preview Generation:** + - Settings → Tasks → Generate + - Video encoding: VP9 or H.264 + - Resolution: 720p (good quality, reasonable size) + - Preview duration: 20-60 seconds + - Enable image previews + - Enable sprites + +5. **Generate Previews:** + - Tasks → Generate → Previews + - This is CPU intensive - let run overnight + - Can take many hours for large libraries + +6. **Organize and Tag:** + - Tag performers, studios, scenes + - Create collections, galleries + - Add markers, metadata + - This is your full-featured home library + +### 6. Configure Stash-Pocket + +**Access:** `http://netgrimoire.local:9998` + +1. **Initial Setup Wizard:** + - Set admin password (can be same as Stash-Main) + - Configure paths (default /data should work) + - Complete setup + +2. **Add Library:** + - Settings → Library + - Add folder: `/data/library` + - Save + +3. **Run Initial Scan:** + - Tasks → Scan + - Should be much faster (smaller library) + - Wait for completion + +4. **Configure Preview Generation:** + - Use same settings as Stash-Main + - Settings → Tasks → Generate + - Resolution: 720p + - Preview duration: 20-60 seconds + +5. **Generate Previews:** + - Tasks → Generate → Previews + - Much faster than Stash-Main (fewer videos) + - Let complete before first trip + +6. **Organize (Optional):** + - Tag travel-specific content + - Create "Travel Favorites" collections + - Can copy/import tags from Stash-Main if desired + - Or keep separate organization + +**Why configure Stash-Pocket separately?** +- Independent database from Stash-Main +- Travel-specific organization +- Can have different preview settings (optimize for size) +- Preview what will be available on travel + +### 7. Verify Data in Pocket Directory + +```bash +# Check Stash-Pocket database exists +ls -lh /export/vault/Green/Pocket/stash/config/ +# Should show: stash-go.sqlite (database file) + +# Check previews generated +ls -lh /export/vault/Green/Pocket/stash/generated/ +# Should show: many .webp or .mp4 preview files + +# Check media is present +ls -lh /export/vault/Green/Pocket/media/library/movies/ +# Should show: your curated travel media +``` + +--- + +## Installation: Pocket Grimoire (Travel) + +### 1. Wait for Initial Sync + +**Your existing ZFS sync handles everything:** + +```bash +# This already exists in your sync script: +syncoid --no-sync-snap --recursive \ + --sshkey "${SSH_KEY}" \ + "root@${NETGRIMOIRE}:vault/Green/Pocket" \ + "vaultpg/Green/Pocket" +``` + +**This syncs:** +- ✅ Stash-Pocket database +- ✅ Stash-Pocket previews +- ✅ Stash-Pocket blobs/markers +- ✅ Pocket media files +- ✅ Wiki, photos, documents (already syncing) + +**Initial sync time:** +- Stash data: 10-30 minutes +- Media files: 1-4 hours (depending on size) +- Total: 1-5 hours for first sync + +**Check sync status:** +```bash +# On Pocket Grimoire +tail -f /var/log/pocketgrimoire-sync.log + +# Verify data arrived +ls /srv/vaultpg/Green/Pocket/stash/ +ls /srv/vaultpg/Green/Pocket/media/ +``` + +### 2. Verify Synced Data + +```bash +# SSH into Pocket Grimoire +ssh user@pocket-grimoire.local + +# Check Stash database +ls -lh /srv/vaultpg/Green/Pocket/stash/config/ +# Should show: stash-go.sqlite + +# Check previews +ls /srv/vaultpg/Green/Pocket/stash/generated/ | wc -l +# Should show: hundreds of preview files + +# Check media +du -sh /srv/vaultpg/Green/Pocket/media/ +# Should show: 500GB-1TB +``` + +### 3. Create Stash Docker Compose + +**Create directory:** +```bash +mkdir -p /srv/pocket-grimoire/stacks/stash +mkdir -p /srv/pocket-grimoire/data/stash/cache +``` + +**File:** `/srv/pocket-grimoire/stacks/stash/docker-compose.yml` + +```yaml +services: + stash: + image: stashapp/stash:latest + container_name: pocketgrimoire_stash + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - TZ=America/Chicago + volumes: + # Point to synced Pocket directory on GREEN drive (READ-ONLY) + - /srv/greenpg/Pocket/stash/config:/root/.stash:ro + - /srv/greenpg/Pocket/stash/generated:/generated:ro + - /srv/greenpg/Pocket/stash/blobs:/blobs:ro + + # Local cache only (writable, not synced) + - /srv/pocket-grimoire/data/stash/cache:/cache + + # Media location on GREEN drive (read-only) + - /srv/greenpg/Pocket/media:/data:ro + ports: + - "9999:9999" # Standard port on Pocket (no conflict) + restart: unless-stopped +``` + +**Note the `:ro` flags** - Everything except local cache is read-only. + +### 4. Start Stash on Pocket Grimoire + +```bash +cd /srv/pocket-grimoire/stacks/stash +docker compose up -d + +# Check logs +docker logs -f pocketgrimoire_stash + +# Verify running +docker ps | grep stash +``` + +### 5. Access and Verify + +**Access:** `http://pocket-grimoire.local:9999` + +**Should see:** +- Same library as Netgrimoire Stash-Pocket +- All previews available +- All scene markers working +- All metadata present +- Works fully offline + +**Verify read-only mode:** +- Try to edit a scene → Should fail with permission error +- Try to scan library → Should fail +- Try to generate previews → Should fail +- This confirms read-only mode is working + +### 6. Disable Background Tasks + +**In Stash UI:** +- Settings → Tasks +- Disable all automatic tasks: + - ❌ Auto-scan + - ❌ Auto-tag + - ❌ Auto-preview generation + - ❌ Auto-cleanup +- Save settings + +**Why?** Even though filesystem is read-only, these tasks will try to run and fail. Better to disable. + +--- + +## ZFS Replication Configuration + +### Your Existing Sync Script Already Works! + +**File:** `/usr/local/sbin/pocketgrimoire-zfs-pull.sh` + +**Current sync (should already include this):** +```bash +#!/usr/bin/env bash +set -euo pipefail + +SRC_HOST="netgrimoire.local" +SSH_KEY="/srv/pocket-grimoire/keys/zfs_pull_ro" + +# Sync vault/Green/Pocket to GREEN drive (greenpg/Pocket) +syncoid --no-sync-snap \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/Green/Pocket" \ + "greenpg/Pocket" + +# This single command syncs: +# - /export/Green/Pocket/stash/ → Stash-Pocket data +# - /export/Green/Pocket/media/ → Media files +# All Pocket data syncs to GREEN drive automatically +``` + +**No additional sync commands needed!** ✅ + +**Stash-Main data does NOT sync** (it's in `/export/vault/stash-main/`, outside Pocket directory). + +**Note:** The sync destination is `greenpg/Pocket` on the GREEN drive, NOT `vaultpg`. Stash and media data live on GREEN, not VAULT. + +### Sync Frequency + +**Your existing timer:** Every 6 hours + +This is perfect for Stash: +- Database changes sync regularly +- New previews sync automatically +- New media syncs when added + +**To sync immediately (before trips):** +```bash +sudo systemctl start pocketgrimoire-sync.service +tail -f /var/log/pocketgrimoire-sync.log +``` + +--- + +## Workflow + +### At Home: Adding Content for Travel + +**1. Curate new content:** +```bash +# On Netgrimoire +cp /export/vault/media/library/movies/new-favorites/*.mp4 \ + /export/vault/Green/Pocket/media/library/movies/ +``` + +**2. Scan Stash-Pocket:** +``` +Open: http://netgrimoire.local:9998 +Tasks → Scan +Wait for completion +``` + +**3. Generate previews (if needed):** +``` +Tasks → Generate → Previews +Wait for completion +``` + +**4. Let sync happen (automatic):** +- Next 6-hour sync cycle picks up changes +- Or trigger manually: `sudo systemctl start pocketgrimoire-sync.service` + +**5. Verify on Pocket Grimoire:** +``` +Open: http://pocket-grimoire.local:9999 +Should show new content after sync +``` + +### At Home: Previewing Travel Setup + +**Access Stash-Pocket on Netgrimoire:** +``` +http://netgrimoire.local:9998 +``` + +**This shows exactly what will be available on Pocket Grimoire:** +- Same library +- Same previews +- Same organization +- Test before traveling + +### While Traveling: Browsing Content + +**On Pocket Grimoire:** +``` +http://pocket-grimoire.local:9999 +``` + +**Features available offline:** +- ✅ Browse entire Pocket library +- ✅ View all previews +- ✅ See scene markers +- ✅ Search and filter +- ✅ View performer/studio info +- ❌ Cannot edit or tag (read-only) +- ❌ Cannot scan or generate (read-only) + +**Play media:** +- Click video in Stash +- Opens in browser player +- Or copy path and open in Jellyfin +- Or use StashApp on Onn boxes + +### If You Need to Edit While Traveling + +**VPN back to Netgrimoire:** +1. Connect Beryl AX to hotel WiFi +2. WireGuard VPN connects to Netgrimoire +3. Access Netgrimoire Stash-Pocket: `http://netgrimoire.local:9998` +4. Make edits there +5. Changes sync on next cycle + +--- + +## Accessing Stash + +### From Web Browser + +**At Home (Netgrimoire):** +``` +Stash-Main (Full Library): http://netgrimoire.local:9999 +Stash-Pocket (Travel Subset): http://netgrimoire.local:9998 +``` + +**While Traveling (Pocket Grimoire):** +``` +Stash-Pocket (Travel Subset): http://pocket-grimoire.local:9999 +``` + +**From Laptop (via browser):** +- Connect to portapotty WiFi +- Open browser to above URLs +- Works same as Netgrimoire + +### From Onn Streaming Boxes + +**Install StashApp for Android TV:** +- See "Onn 4K Streaming Box Setup Guide" for detailed instructions +- Download APK: https://github.com/damontecres/StashAppAndroidTV/releases +- Sideload onto Onn boxes + +**Configure StashApp:** +``` +Server URL: http://pocket-grimoire.local:9999 +Or: http://10.0.0.10:9999 (if .local doesn't resolve) +API Key: (if required - found in Stash settings) +``` + +**Features on Onn:** +- Browse Stash library +- View previews and scene markers +- Play videos directly +- Search and filter +- Full touch/remote control + +### From Phone/Tablet + +**Via Web Browser:** +``` +Connect to portapotty WiFi +Open: http://pocket-grimoire.local:9999 +Mobile-responsive interface works well +``` + +--- + +## Service Access Summary + +**Updated with Stash:** + +``` +When connected to portapotty network: + +Wiki.js: http://pocket-grimoire.local:3000 +Jellyfin: http://pocket-grimoire.local:8096 +Stash: http://pocket-grimoire.local:9999 ← NEW +File Browser: http://pocket-grimoire.local:8080 +Dozzle: http://pocket-grimoire.local:8888 +SSH: ssh user@pocket-grimoire.local +NFS Media: nfs://pocket-grimoire.local/srv/mediapg +Router Admin: http://192.168.8.1 + +At Home (Netgrimoire): +Stash-Main: http://netgrimoire.local:9999 +Stash-Pocket: http://netgrimoire.local:9998 +``` + +--- + +## Troubleshooting + +### Stash Won't Start on Pocket Grimoire + +**Check Docker container status:** +```bash +docker ps | grep stash +docker logs pocketgrimoire_stash +``` + +**Common issues:** +- **ZFS datasets not mounted:** + ```bash + zfs list | grep Pocket + sudo zfs mount -a + ``` + +- **Permissions denied:** + ```bash + ls -ld /srv/vaultpg/Green/Pocket/stash/ + # Should show ownership 1000:1000 + sudo chown -R 1000:1000 /srv/vaultpg/Green/Pocket/stash/ + ``` + +- **Port conflict:** + ```bash + sudo netstat -tlnp | grep 9999 + # If another service is using port 9999, change in docker-compose.yml + ``` + +### Stash Shows "Database is locked" + +**This is expected - read-only mode is working correctly.** + +The database file is mounted read-only (`:ro` flag), so Stash cannot write to it. + +**If you need to make changes:** +1. VPN to Netgrimoire +2. Access: `http://netgrimoire.local:9998` +3. Edit on Netgrimoire Stash-Pocket +4. Changes sync on next cycle + +### Previews Not Showing on Pocket Grimoire + +**Verify previews synced:** +```bash +ls /srv/vaultpg/Green/Pocket/stash/generated/ +# Should show many .webp or .mp4 files + +du -sh /srv/vaultpg/Green/Pocket/stash/generated/ +# Should show several GB +``` + +**If empty:** +- Previews not generated on Netgrimoire yet + - Generate: `http://netgrimoire.local:9998` → Tasks → Generate +- Sync hasn't completed + - Check: `tail -f /var/log/pocketgrimoire-sync.log` +- Sync failed + - Check logs for errors + - Manually trigger: `sudo systemctl start pocketgrimoire-sync.service` + +### Media Files Not Found + +**Check media synced:** +```bash +ls /srv/vaultpg/Green/Pocket/media/library/movies/ +# Should show video files + +du -sh /srv/vaultpg/Green/Pocket/media/ +# Should show 500GB-1TB +``` + +**If empty:** +- Media not in Pocket directory on Netgrimoire + - Check: `/export/vault/Green/Pocket/media/` +- Sync hasn't completed (media takes longest) + - Wait or trigger manual sync + - Check progress: `zfs list vaultpg/Green/Pocket` + +**Verify Docker volume mount:** +```bash +docker inspect pocketgrimoire_stash | grep -A 10 Mounts +# Should show /srv/vaultpg/Green/Pocket/media mounted as /data +``` + +### Sync Takes Too Long + +**Check what's being synced:** +```bash +# Watch sync progress +tail -f /var/log/pocketgrimoire-sync.log + +# Check dataset sizes +zfs list | grep Pocket +``` + +**Optimization tips:** + +1. **Reduce preview quality on Netgrimoire:** + - Stash-Pocket settings: Lower resolution (480p instead of 720p) + - Smaller files = faster sync + +2. **Sync less frequently:** + - Change timer from 6h to 12h or 24h + - Edit: `/etc/systemd/system/pocketgrimoire-sync.timer` + +3. **Compress during sync:** + ```bash + syncoid --compress=lz4 \ + "root@${SRC_HOST}:vault/Green/Pocket" \ + "vaultpg/Green/Pocket" + ``` + +4. **Bandwidth limit (if needed):** + ```bash + syncoid --bwlimit=50M \ + "root@${SRC_HOST}:vault/Green/Pocket" \ + "vaultpg/Green/Pocket" + ``` + +### Stash API Key Issues (StashApp) + +**If StashApp asks for API key:** + +**On Netgrimoire Stash-Pocket:** +``` +http://netgrimoire.local:9998 +Settings → Security → API Key +Generate key if not present +Copy key +``` + +**API key is in config file (synced to Pocket):** +```bash +# On Netgrimoire +cat /export/vault/Green/Pocket/stash/config/config.yml | grep api_key + +# On Pocket (after sync) +cat /srv/vaultpg/Green/Pocket/stash/config/config.yml | grep api_key +``` + +**Configure StashApp:** +- Settings → Server → API Key +- Paste key +- Connect + +**Note:** API key syncs with config, so should be same on both systems. + +### Two Instances Conflict on Netgrimoire + +**Problem:** Both Stash instances try to use same port + +**Solution:** Already handled - different external ports +- Stash-Main: External 9999 → Internal 9999 +- Stash-Pocket: External 9998 → Internal 9999 + +**Verify no conflict:** +```bash +sudo netstat -tlnp | grep 9999 +# Should show: netgrimoire_stash_main + +sudo netstat -tlnp | grep 9998 +# Should show: netgrimoire_stash_pocket +``` + +--- + +## Optimization Tips + +### Reduce Storage Usage + +**On Netgrimoire (affects Pocket via sync):** + +1. **Lower preview quality for Stash-Pocket:** + ``` + http://netgrimoire.local:9998 + Settings → Tasks → Generate + - Video resolution: 480p (instead of 720p) + - Lower bitrate + - Shorter duration (20s instead of 60s) + ``` + +2. **Disable sprite generation:** + ``` + Settings → Tasks → Generate + - Disable sprite generation + - Just use video previews + - Saves significant space + ``` + +3. **Selective preview generation:** + ``` + Don't generate previews for everything + Only generate for favorites or frequently viewed + ``` + +### Speed Up Initial Sync + +**First sync only:** +```bash +# Use compression +syncoid --compress=lz4 \ + --sshkey "${SSH_KEY}" \ + "root@${NETGRIMOIRE}:vault/Green/Pocket" \ + "vaultpg/Green/Pocket" +``` + +**Subsequent syncs are incremental (much faster).** + +### Reduce Preview Generation Load + +**On Netgrimoire:** +- Generate previews during off-hours (overnight) +- Use Stash Task Scheduler +- Limit concurrent preview generation +- Lower thread count for generation +- Settings → System → Parallel Tasks: 4 (instead of 8+) + +--- + +## Maintenance + +### Weekly (While at Home) + +**On Netgrimoire:** +```bash +# Check both Stash instances running +docker ps | grep stash + +# Verify Pocket directory health +du -sh /export/vault/Green/Pocket/ +zfs list | grep Pocket + +# Check for database integrity (optional) +# Stash-Main: http://netgrimoire.local:9999 → Tasks → Optimize Database +# Stash-Pocket: http://netgrimoire.local:9998 → Tasks → Optimize Database +``` + +**On Pocket Grimoire:** +```bash +# Verify sync is working +tail -n 100 /var/log/pocketgrimoire-sync.log + +# Check Stash accessible +curl -s http://localhost:9999 | grep -i stash + +# Check storage usage +df -h /srv/vaultpg +``` + +### Monthly + +**On Netgrimoire:** +```bash +# Run manual scan if auto-scan disabled +# Stash-Pocket: Tasks → Scan + +# Clean up orphaned files (if any) +# Tasks → Clean + +# Check database integrity +# Tasks → Optimize Database + +# ZFS scrub +sudo zfs scrub vault/Green/Pocket +``` + +**On Pocket Grimoire:** +```bash +# Verify dataset health +sudo zpool status vaultpg + +# Check for errors in sync logs +grep -i error /var/log/pocketgrimoire-sync.log + +# Test Stash browsing and preview playback +``` + +### Before Each Trip + +**On Netgrimoire:** +- [ ] Curate new content to Pocket media directory +- [ ] Scan Stash-Pocket to pick up new files +- [ ] Generate previews for new content +- [ ] Verify previews completed: `http://netgrimoire.local:9998` +- [ ] Manually trigger sync: `sudo systemctl start pocketgrimoire-sync.service` +- [ ] Wait for sync completion (check logs) +- [ ] Verify on Pocket: `http://pocket-grimoire.local:9999` + +**On Pocket Grimoire:** +- [ ] Test Stash loads and browses correctly +- [ ] Test preview playback +- [ ] Test StashApp on Onn boxes connects +- [ ] Verify media files accessible + +### After Trips + +**On Pocket Grimoire:** +- Check sync logs for any errors during trip +- No action needed - sync continues automatically + +**On Netgrimoire:** +- Review what content was most useful +- Curate more similar content for next trip +- Remove old/unwanted content from Pocket directory + +--- + +## Comparison: Single Dataset vs Two Instances + +### Why Not Just One Stash Instance? + +**Option A: Single Stash watching everything (NOT recommended):** +``` +One Stash instance +├── Watches all media (home + pocket) +├── Huge database (slow) +├── Long scan times +└── Everything syncs (or nothing does) +``` + +**Problems:** +- ❌ Can't sync just travel subset +- ❌ Full database is massive (slow on Pi) +- ❌ Scanning entire library takes hours +- ❌ No clear separation of content + +**Option B: Two instances (RECOMMENDED - this guide):** +``` +Stash-Main Stash-Pocket +├── All media ├── Pocket media only +├── Large database ├── Small database +├── Stays on Netgrimoire ├── Syncs to Pocket +└── Full features └── Read-only on travel +``` + +**Benefits:** +- ✅ Clear separation of home vs travel +- ✅ Smaller Pocket database (faster, lighter) +- ✅ Only travel data syncs +- ✅ Independent organization +- ✅ Preview travel setup before trips + +--- + +## Summary + +### What You Get with Two-Instance Stash + +**At Home (Netgrimoire):** +- ✅ Stash-Main: Full library management (port 9999) +- ✅ Stash-Pocket: Travel subset preview (port 9998) +- ✅ Heavy operations (scanning, previews) on powerful hardware +- ✅ Independent databases and organizations + +**On Travel (Pocket Grimoire):** +- ✅ Stash-Pocket: Full browsing of travel library (port 9999) +- ✅ All previews and metadata available offline +- ✅ Zero CPU load (read-only, no generation) +- ✅ Works with StashApp on Onn boxes +- ✅ Automatic sync every 6 hours when connected + +**Storage:** +- Vault SSD: ~510GB-1.1TB (Stash + media + other data) +- Fits comfortably on 1-2TB Vault SSD +- Stash-Main data stays on Netgrimoire (doesn't sync) + +**Maintenance:** +- Curate travel content on Netgrimoire +- Scan and generate previews there +- Automatic sync handles replication +- Read-only consumption on travel +- No manual database management needed + +--- + +## What This Guide Provides + +✅ **Two-instance architecture** (Main at home, Pocket for travel) +✅ **Single sync path** (everything in `/export/vault/Green/Pocket/`) +✅ **Automatic replication** (existing ZFS sync handles it) +✅ **Path consistency** (same relative paths on both systems) +✅ **Read-only travel mode** (browse only, no writes) +✅ **Complete Docker Compose files** for all three instances +✅ **No symlinks needed** (media stored directly in Pocket directory) +✅ **Professional setup** (separation of concerns, clear organization) + +--- + +*This guide supplements the main Pocket Grimoire deployment guide. Ensure main guide is completed before adding Stash.* + +--- + +## Architecture + +``` +┌─────────────────────────────────────────┐ +│ NETGRIMOIRE (Home - Heavy Lifting) │ +├─────────────────────────────────────────┤ +│ Stash Container: │ +│ - Full scanning │ +│ - Preview generation │ +│ - Scene detection │ +│ - Database writes │ +│ - All CPU/GPU intensive work │ +│ │ +│ ZFS Dataset: vault/stash │ +│ - Stash database │ +│ - Generated previews │ +│ - Thumbnails & sprites │ +│ - Scene markers │ +└─────────────────────────────────────────┘ + ↓ + ZFS Send/Receive + (via syncoid every 6 hours) + ↓ +┌─────────────────────────────────────────┐ +│ POCKET GRIMOIRE (Travel - Read Only) │ +├─────────────────────────────────────────┤ +│ Stash Container: │ +│ - Read-only mode │ +│ - No scanning │ +│ - No generation │ +│ - Just browse existing data │ +│ │ +│ ZFS Dataset: vaultpg/stash │ +│ - Mirrored from Netgrimoire │ +│ - Complete database replica │ +│ - All previews pre-generated │ +└─────────────────────────────────────────┘ +``` + +--- + +## Storage Requirements + +### On Netgrimoire +``` +Database: 500MB - 2GB (depends on library size) +Generated previews: 5GB - 50GB (depends on preview settings) +Blobs/markers: 1GB - 10GB +─────────────────────────────────────────────────────── +Total: 6.5GB - 62GB +``` + +### On Pocket Grimoire +``` +Same as Netgrimoire (full replica via ZFS) +Stored on Vault SSD (vaultpg pool) +``` + +### Sync Bandwidth +- **Initial sync:** 10-30GB (1-2 hours on gigabit LAN) +- **Incremental sync:** 50MB - 500MB per 6 hours (2-10 minutes) +- **After adding 10 videos:** ~210MB (database + previews) + +--- + +## Resource Impact + +### Updated Resource Profile (With Stash) + +**Idle:** +``` +Wiki.js + PostgreSQL: ~250MB RAM +Jellyfin (idle): ~150MB RAM +Stash (read-only): ~200MB RAM # Much lighter than active Stash +ZFS ARC: ~512MB RAM +System: ~200MB RAM +───────────────────────────────────────── +Total: ~1.3GB / 8GB RAM ✓ +CPU: <10% +Temperature: Cool +``` + +**Browsing Stash:** +``` +Stash (active): ~300MB RAM +Other services: ~1.1GB RAM +───────────────────────────────────────── +Total: ~1.4GB / 8GB RAM ✓ +CPU: <15% +Temperature: Cool to Warm +``` + +**Media Playback + Stash Browsing:** +``` +Jellyfin (serving): ~200MB RAM +Stash (active): ~300MB RAM +Wiki.js + PostgreSQL: ~250MB RAM +ZFS ARC: ~512MB RAM +System: ~200MB RAM +───────────────────────────────────────── +Total: ~1.5GB / 8GB RAM ✓ +Still plenty of headroom +``` + +--- + +## Installation: Netgrimoire (Home) + +### 1. Create ZFS Datasets + +```bash +# On Netgrimoire +sudo zfs create -o recordsize=16K vault/stash +sudo zfs create -o recordsize=16K vault/stash/config # Database +sudo zfs create -o recordsize=1M vault/stash/generated # Previews +sudo zfs create -o recordsize=128K vault/stash/blobs # Scene markers +sudo zfs create vault/stash/cache # Temporary (won't replicate) + +# Set appropriate permissions +sudo chown -R 1000:1000 /vault/stash +``` + +**Why different recordsizes:** +- **16K** for config (SQLite database performs best with small records) +- **1M** for generated (large video preview files) +- **128K** for blobs (medium-sized screenshots and markers) + +### 2. Create Stash Docker Compose + +```bash +mkdir -p /srv/netgrimoire/stacks/stash +nano /srv/netgrimoire/stacks/stash/docker-compose.yml +``` + +```yaml +services: + stash: + image: stashapp/stash:latest + container_name: netgrimoire_stash + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - TZ=America/Chicago + volumes: + - /vault/stash/config:/root/.stash + - /vault/stash/generated:/generated + - /vault/stash/cache:/cache + - /vault/stash/blobs:/blobs + - /vault/media:/data:ro # Your media library (read-only) + ports: + - "9999:9999" + restart: unless-stopped +``` + +**Start Stash:** +```bash +cd /srv/netgrimoire/stacks/stash +docker compose up -d +``` + +### 3. Configure Stash + +1. **Access Stash:** + - Open browser: `http://netgrimoire.local:9999` + - Complete initial setup wizard + +2. **Add Library:** + - Settings → Library + - Add folder: `/data/library/movies` (or your media path) + - Save + +3. **Configure Previews:** + - Settings → Tasks → Generate + - Preview Generation: Enable + - Preview Settings: + - Video encoding: VP9 or H.264 + - Resolution: 720p (good quality, reasonable size) + - Segment duration: 10 seconds + - Generate image previews: Enable + - Generate sprites: Enable + +4. **Run Initial Scan:** + - Tasks → Scan + - Wait for completion (can take hours depending on library size) + +5. **Generate Previews:** + - Tasks → Generate → Generate Previews + - This is CPU intensive - let run at home + - Can take many hours depending on library size + +6. **Optional: Scene Detection:** + - Tasks → Generate → Auto Tag + - Scene detection, performer matching, etc. + - Very CPU intensive, run at home only + +### 4. Take ZFS Snapshots (Optional but Recommended) + +```bash +# After initial scan and preview generation +sudo zfs snapshot vault/stash/config@initial +sudo zfs snapshot vault/stash/generated@initial +sudo zfs snapshot vault/stash/blobs@initial +``` + +--- + +## Installation: Pocket Grimoire (Travel) + +### 1. Create ZFS Datasets + +```bash +# On Pocket Grimoire +sudo zfs create -o recordsize=16K vaultpg/stash +sudo zfs create -o recordsize=16K vaultpg/stash/config +sudo zfs create -o recordsize=1M vaultpg/stash/generated +sudo zfs create -o recordsize=128K vaultpg/stash/blobs +sudo zfs create vaultpg/stash/cache # Local cache only, not synced + +# Set permissions +sudo chown -R 1000:1000 /srv/vaultpg/stash +``` + +### 2. Create Stash Docker Compose (Read-Only) + +```bash +mkdir -p /srv/pocket-grimoire/stacks/stash +nano /srv/pocket-grimoire/stacks/stash/docker-compose.yml +``` + +```yaml +services: + stash: + image: stashapp/stash:latest + container_name: pocketgrimoire_stash + environment: + - STASH_STASH=/data/ + - STASH_GENERATED=/generated/ + - STASH_CACHE=/cache/ + - STASH_BLOBS=/blobs/ + - TZ=America/Chicago + volumes: + - /srv/vaultpg/stash/config:/root/.stash:ro # READ-ONLY + - /srv/vaultpg/stash/generated:/generated:ro # READ-ONLY + - /srv/vaultpg/stash/blobs:/blobs:ro # READ-ONLY + - /srv/pocket-grimoire/data/stash/cache:/cache # Local cache (writable) + - /srv/mediapg:/data:ro # Media (already present, read-only) + ports: + - "9999:9999" + restart: unless-stopped +``` + +**Note the `:ro` flags** - Filesystem is mounted read-only, preventing any writes. + +**Start Stash:** +```bash +cd /srv/pocket-grimoire/stacks/stash +docker compose up -d +``` + +### 3. Configure Stash for Read-Only Operation + +**After first start:** + +1. **Access Stash:** + - Open browser: `http://pocket-grimoire.local:9999` + - Should show library from Netgrimoire (after first sync) + +2. **Disable Background Tasks:** + - Settings → Tasks + - Disable all automatic tasks: + - ❌ Auto-scan + - ❌ Auto-tag + - ❌ Auto-preview generation + - ❌ Auto-cleanup + +3. **Verify Read-Only:** + - Try to edit a scene or performer + - Should fail with permission error + - This confirms read-only mode working + +--- + +## ZFS Replication Configuration + +### Update Sync Script + +Edit your existing sync script to include Stash datasets: + +```bash +sudo nano /usr/local/sbin/pocketgrimoire-zfs-pull.sh +``` + +Add these lines: + +```bash +#!/usr/bin/env bash +set -euo pipefail + +SRC_HOST="netgrimoire.local" +SSH_KEY="/srv/pocket-grimoire/keys/zfs_pull_ro" + +# Existing vault data syncs... +syncoid --no-sync-snap --recursive \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/docs" \ + "vaultpg/mirror/docs" + +syncoid --no-sync-snap --recursive \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/photos" \ + "vaultpg/mirror/photos" + +# NEW: Stash database and generated content +syncoid --no-sync-snap \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/stash/config" \ + "vaultpg/stash/config" + +syncoid --no-sync-snap \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/stash/generated" \ + "vaultpg/stash/generated" + +syncoid --no-sync-snap \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/stash/blobs" \ + "vaultpg/stash/blobs" + +# Note: We skip cache dataset (temporary data, not needed on Pocket) +``` + +**Sync runs automatically every 6 hours** via existing systemd timer. + +### Manual Sync (For Testing) + +```bash +# Trigger sync immediately +sudo systemctl start pocketgrimoire-sync.service + +# Watch progress +tail -f /var/log/pocketgrimoire-sync.log + +# Verify Stash data synced +ls -lh /srv/vaultpg/stash/config +ls -lh /srv/vaultpg/stash/generated +``` + +--- + +## Media Path Consistency + +**Critical:** Media paths must be consistent between Netgrimoire and Pocket Grimoire. + +### Option 1: Matching Paths + +**If your media is in same location:** +``` +Netgrimoire: /vault/media/library/ +Pocket: /srv/mediapg/library/ +``` + +**Stash stores absolute paths** - ensure they match or use symlinks. + +### Option 2: Symlinks + +```bash +# On Pocket Grimoire +sudo ln -s /srv/mediapg /vault/media +``` + +This makes `/vault/media` point to `/srv/mediapg`, matching Netgrimoire's paths. + +### Option 3: Stash Path Mapping (If Stash supports it) + +Some versions of Stash support path mapping in config. Check Stash documentation. + +--- + +## Workflow + +### At Home (Before Trips) + +**On Netgrimoire:** +1. Add new media to library +2. Stash auto-scans (or trigger manually) +3. Previews generate automatically (or trigger manually) +4. Tag/organize content as desired +5. Everything happens in background + +**Pocket Grimoire (automatic):** +1. Every 6 hours: syncoid pulls changes from Netgrimoire +2. Stash database updated +3. New previews synced +4. Scene markers updated +5. Ready for next trip - no manual intervention + +### While Traveling + +**On Pocket Grimoire:** +1. Access Stash: `http://pocket-grimoire.local:9999` +2. Browse library, tags, performers, studios +3. View previews and scene markers +4. Click to play via Jellyfin or external player +5. **Cannot:** Scan, edit tags, generate previews (read-only) + +**If you need to edit:** +1. VPN back to Netgrimoire (via WireGuard) +2. Access Netgrimoire Stash: `http://netgrimoire.local:9999` +3. Make changes there +4. Changes sync on next 6-hour cycle + +### After Returning Home + +1. Sync happens automatically +2. Any changes made on Netgrimoire while away are pulled +3. Pocket Grimoire stays up-to-date +4. No manual intervention required + +--- + +## Accessing Stash + +### From Onn Streaming Boxes + +**Install StashApp for Android TV:** +- See "Onn 4K Streaming Box Setup Guide" for detailed instructions +- Download APK from: https://github.com/damontecres/StashAppAndroidTV/releases +- Sideload onto Onn boxes +- Configure server: `http://pocket-grimoire.local:9999` + +### From Laptop + +**Via Web Browser:** +- Open: `http://pocket-grimoire.local:9999` +- Full Stash web interface available +- Same as Netgrimoire, but read-only + +### From Phone/Tablet + +**Via Web Browser:** +- Connect to portapotty WiFi +- Open: `http://pocket-grimoire.local:9999` +- Mobile-responsive interface + +--- + +## Updated Service Access Summary + +**When connected to portapotty network:** + +``` +Wiki.js: http://pocket-grimoire.local:3000 +Jellyfin: http://pocket-grimoire.local:8096 +Stash: http://pocket-grimoire.local:9999 ← NEW +File Browser: http://pocket-grimoire.local:8080 +Dozzle: http://pocket-grimoire.local:8888 +SSH: ssh user@pocket-grimoire.local +NFS Media: nfs://pocket-grimoire.local/srv/mediapg +Router Admin: http://192.168.8.1 +``` + +--- + +## Troubleshooting + +### Stash Won't Start + +**Check Docker container status:** +```bash +docker ps | grep stash +docker logs pocketgrimoire_stash +``` + +**Common issues:** +- ZFS datasets not mounted: `zfs mount -a` +- Permission denied: `sudo chown -R 1000:1000 /srv/vaultpg/stash` +- Port conflict: Another service using port 9999 + +### Stash Shows "Database is locked" + +**This means read-only mode is working correctly.** + +If you need to make changes: +1. VPN to Netgrimoire +2. Edit on Netgrimoire Stash +3. Changes sync to Pocket on next cycle + +### Previews Not Showing + +**Verify previews synced:** +```bash +ls /srv/vaultpg/stash/generated/ +# Should show many .webp or .mp4 files +``` + +**If empty:** +- Previews not generated on Netgrimoire yet +- Sync hasn't completed (check sync logs) +- Check: `tail -n 200 /var/log/pocketgrimoire-sync.log` + +### Media Files Not Found + +**Check paths match:** +```bash +# On Netgrimoire, Stash sees files at: +# /vault/media/library/movies/ + +# On Pocket, files are at: +# /srv/mediapg/library/movies/ + +# Create symlink to match: +sudo ln -s /srv/mediapg /vault/media +``` + +**Or verify Docker volume mount:** +```bash +docker inspect pocketgrimoire_stash | grep -A 10 Mounts +# Should show /srv/mediapg mounted as /data +``` + +### Sync Takes Too Long + +**Check what's being synced:** +```bash +# Watch sync in progress +sudo zfs list -t snapshot | grep stash + +# Check dataset sizes +sudo zfs list | grep stash +``` + +**Optimization:** +- Reduce preview quality on Netgrimoire (smaller files) +- Sync less frequently (change timer from 6h to 12h) +- Only sync when on fast network (manual trigger) + +### Stash API Key Issues + +**If StashApp asks for API key:** + +1. **Find API key on Netgrimoire:** + ```bash + # On Netgrimoire + cat /vault/stash/config/config.yml | grep api_key + ``` + +2. **Or via Stash web UI:** + - Settings → Security → API Key + - Generate key if not present + - Copy key + +3. **Configure StashApp:** + - Settings → Server → API Key + - Paste key from Netgrimoire + +**Note:** API key is in config, which syncs to Pocket, so should be the same. + +--- + +## Optimization Tips + +### Reduce Storage Usage + +**On Netgrimoire (affects Pocket via sync):** + +1. **Lower preview quality:** + - Settings → Tasks → Generate + - Video resolution: 480p instead of 720p + - Lower bitrate + - Smaller file sizes = faster sync + +2. **Disable sprite generation:** + - Settings → Tasks → Generate + - Disable sprite generation (just use video previews) + - Saves significant space + +3. **Limit preview duration:** + - Settings → Tasks → Generate + - Preview duration: 20 seconds instead of 60 seconds + - Smaller files + +### Speed Up Sync + +**Initial sync optimization:** +```bash +# First sync: Compress during transfer +syncoid --compress=lz4 \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/stash/generated" \ + "vaultpg/stash/generated" +``` + +**Bandwidth limiting (if needed):** +```bash +# Limit to 10MB/s +syncoid --bwlimit=10M \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/stash/config" \ + "vaultpg/stash/config" +``` + +### Reduce Preview Generation Load + +**On Netgrimoire:** +- Generate previews during off-hours (nightly) +- Use Task Scheduler in Stash +- Limit concurrent preview generation +- Lower thread count for generation + +--- + +## Maintenance + +### Weekly + +**On Netgrimoire:** +- Check Stash is running: `docker ps | grep stash` +- Verify previews generating (if auto-enabled) +- Check disk usage: `zfs list | grep stash` + +**On Pocket Grimoire:** +- Verify sync is working: `tail /var/log/pocketgrimoire-sync.log` +- Check Stash is accessible: `http://pocket-grimoire.local:9999` + +### Monthly + +**On Netgrimoire:** +- Run manual scan if auto-scan disabled +- Clean up orphaned files: Tasks → Clean +- Check database integrity: Tasks → Optimize Database +- ZFS scrub: `sudo zfs scrub vault/stash` + +**On Pocket Grimoire:** +- Verify dataset health: `sudo zpool status vaultpg` +- Check sync logs for errors +- Test Stash browsing and preview playback + +### Before Trips + +- [ ] Run scan on Netgrimoire (capture new content) +- [ ] Generate previews for new content +- [ ] Verify sync completed successfully +- [ ] Test Stash on Pocket Grimoire +- [ ] Verify StashApp on Onn boxes connects + +### After Trips + +- Check sync logs for any errors during trip +- No action needed - sync continues automatically + +--- + +## Alternative: Manual Database Export (Not Recommended) + +**If ZFS replication is not available:** + +You can manually export/import Stash database: + +```bash +# On Netgrimoire - Export +sqlite3 /vault/stash/config/stash-go.sqlite ".backup /tmp/stash-backup.db" +scp /tmp/stash-backup.db pocket-grimoire:/tmp/ + +# On Pocket Grimoire - Import +docker compose down +cp /tmp/stash-backup.db /srv/vaultpg/stash/config/stash-go.sqlite +docker compose up -d +``` + +**Why this is not recommended:** +- Manual process (error-prone) +- Doesn't sync previews/blobs automatically +- Must copy those separately (tens of GB) +- ZFS replication is much cleaner + +--- + +## Summary + +**What you get with Stash on Pocket Grimoire:** +- ✅ Full Stash browsing offline +- ✅ All previews and metadata available +- ✅ Zero CPU load on Pi (read-only) +- ✅ Automatic synchronization +- ✅ Professional media library management +- ✅ Scene markers and performer tagging +- ✅ Works with StashApp on Onn boxes + +**What you give up:** +- ❌ Cannot edit/tag while traveling (must VPN to Netgrimoire) +- ❌ Cannot generate previews on travel (shouldn't anyway) +- ❌ 10-30GB additional storage on Vault SSD +- ❌ Slightly more complex setup (but worth it) + +**Recommended for:** +- Large media libraries that need organization +- Users who want professional media management +- Those who already use or want to use Stash +- Anyone who values rich metadata and previews + +**Skip if:** +- Just want simple media playback (Jellyfin is enough) +- Very limited storage on Vault SSD +- Don't want complexity of ZFS replication +- Don't need tagging/scene detection features + +--- + +*This guide supplements the main Pocket Grimoire deployment guide. Ensure main guide is completed before adding Stash.* diff --git a/Pocket-Grimoire/Sync/Deployment-Guide.md b/Pocket-Grimoire/Sync/Deployment-Guide.md new file mode 100644 index 0000000..d7dbe02 --- /dev/null +++ b/Pocket-Grimoire/Sync/Deployment-Guide.md @@ -0,0 +1,3703 @@ +--- +title: Pocket Grimoire +description: +published: true +date: 2026-02-26T12:42:50.676Z +tags: +editor: markdown +dateCreated: 2026-02-20T04:41:35.122Z +--- + +# Pocket Grimoire - Complete Deployment Guide + +**Portable, Encrypted, Offline-Capable Media Server and Documentation Reference** + +--- + +## Overview + +Pocket Grimoire is a portable companion to the Netgrimoire homelab, providing offline access to: +- Documentation and reference material (Wiki.js) +- Personal and family media libraries (Jellyfin) +- Photos, documents, and backups (encrypted vault) +- Automatic synchronization with Netgrimoire when connected + +**Design Philosophy:** +- Calm and predictable +- Encrypted at rest +- Offline-first operation +- Automatic synchronization +- One wall plug +- No cloud dependencies +- Minimal services (media + docs only, no gaming) + +--- + +## Hardware Inventory + +### Core Compute +- Raspberry Pi 4 (8GB) +- Passive heatsink case or low-noise fan case +- Official Raspberry Pi 4 Power Supply OR quality 3A USB-A to USB-C cable +- Spare MicroSD card (32GB+, for OS recovery) +- USB card reader (for flashing Pi images) + +### Storage (3 SSDs, 2 Active at a Time) +- **SSD #1 – VAULT** (1-2TB, encrypted, always connected) + - Git repository mirrors (from Forgejo) + - Wiki.js content backups + - Kopia repository (backup data) + - Photos and documents + - System backups and configs + - SSH keys + - **Does NOT contain media, Stash data, or VeraCrypt containers** + +- **SSD #2 – GREEN** (2TB+, encrypted, for personal trips) + - Personal media library (H.264/AAC movies and TV) + - Stash-Pocket data (database, previews, blobs) + - VeraCrypt containers (for ultra-sensitive files) + - Personal content organized under `/Green/` structure + - Connected during personal/solo trips + - Syncs from `/export/vault/Green/` on Netgrimoire + +- **SSD #3 – MEDIA-FAMILY** (2TB+, unencrypted, for family trips) + - Family-friendly movies and TV shows (H.264/AAC) + - Simple `/library/movies/` and `/library/tv/` structure + - Connected during family visits/trips + - Unencrypted for easy sharing with relatives + - Can be used on other devices without Pocket Grimoire + +- **USB drive – ISO/Rebuild** (64GB+, labeled, write-protected) +- **USB drive – Data Transfer** (128GB+, labeled) + +### Networking +- GL.iNet Beryl AX (GL-MT3000) travel router +- Short CAT5/6 Ethernet cable (6-12 inch, Pi ↔ Router) +- USB Ethernet adapter (backup/emergency) + +### Power +- Anker Prime 200W 6-Port GaN Charging Station (Model A2683) +- Short USB-A to USB-C cable (3A-rated, 6-12 inch, for Pi) +- Short USB-A to USB-A cable (6-12 inch, for Vault SSD) +- 2× USB-C to USB-C cables (6ft, 100W with E-Marker chip, for laptop/phone) + +### Media Players +- 2× Onn 4K streaming boxes with power supplies +- 2× HDMI cables +- Mini wireless keyboard (for Onn boxes and emergency Pi access) + +### Cables & Accessories +- Micro-HDMI to HDMI cable (Pi emergency console access) +- HDMI extender (if hotel TV ports are difficult to reach) + +### Organization & Emergency +- Carry case for complete kit +- Cable organizer pouch (separate from main case) +- Velcro cable ties (pack of 20) +- Labels for SSDs (VAULT, MEDIA-PERSONAL, MEDIA-FAMILY) +- Small flashlight or headlamp +- Small screwdriver or multitool (accessing hotel TV ports) + +--- + +## Power Configuration + +### Anker Prime A2683 Port Assignments + +``` +USB-C1 (retractable) → GL.iNet Beryl AX (12W) +USB-C2 (100W PD) → Laptop charging (65-90W) +USB-C3 → Phone charging (20-30W) +USB-C4 → Tablet/spare (optional) +USB-A1 (5V/3A) → Raspberry Pi 4 (15W) +USB-A2 (5V/3A) → Vault SSD (always connected, 5W) + +AC Outlet 1 → Spare +AC Outlet 2 → Spare +``` + +### Raspberry Pi USB Ports + +``` +USB 3.0 Port 1 → Media SSD (personal or family, rotated) +USB 3.0 Port 2 → Spare (emergency USB, data transfer) +USB 2.0 Port 1 → Spare (wireless keyboard dongle if needed) +USB 2.0 Port 2 → Spare +``` + +### Power Budget + +``` +Component Power Draw Running Total +───────────────────────────────────────────────── +Raspberry Pi 4 15W 15W +Beryl AX 12W 27W +Vault SSD 5W 32W +Media SSD (via Pi) 5W 37W +Laptop (charging) 65W 102W +Phone (charging) 20W 122W +───────────────────────────────────────────────── +Total 122W / 200W +Headroom: 78W +``` + +--- + +## Software Stack + +### Host OS & Services (Native) + +**Operating System:** +- Raspberry Pi OS Lite 64-bit (headless, no desktop environment) +- Alternative: Ubuntu Server 22.04 LTS ARM64 + +**Storage & Filesystems:** +- ZFS (OpenZFS) - Encrypted pools + - `vaultpg` pool (Vault SSD, always connected) + - `mediapg` pool (Media SSDs, rotated personal/family) + - Native ZFS encryption with passphrase unlock + - ARC memory capped (512MB-1GB maximum) + +**File Sharing:** +- NFS server (host-level, not containerized) + - Exports `/srv/mediapg` to LAN (read-only) + - Laptop and Onn boxes mount for media access + +**Sync & Automation:** +- systemd timers (scheduled jobs every 6 hours) + - ZFS replication from Netgrimoire via syncoid + - Git pulls for wiki/docs repositories + - ntfy failure notifications + +**Networking:** +- Standard Linux networking +- Docker and Docker Compose + +### Docker Containers + +**Required Stack:** + +1. **Wiki.js** - Documentation mirror + - Read-only wiki pulling from Forgejo + - Git backend with SSH deploy key (read-only) + - Works fully offline after sync + - Port: 3000 + +2. **PostgreSQL** - Wiki.js database backend + - Stored on Vault SSD + - Tuned for 16K recordsize (Postgres optimal) + +3. **Jellyfin** - Media server + - Direct play ONLY (transcoding disabled) + - Serves H.264/AAC pre-encoded media + - Accessible from Onn boxes and laptop + - Port: 8096 + +**Optional Containers:** + +4. **File Browser** - Read-only web UI + - Quick LAN access to vault/media without SSH + - Port: 8080 + +5. **Dozzle** - Container log viewer + - Simple Docker log viewer for debugging + - Port: 9999 + +--- + +## Network Architecture + +### Operating Modes + +**Home Base (Netgrimoire LAN):** +- Direct LAN connectivity +- VPN not required +- Fast local synchronization +- All services accessible + +**Travel (Online):** +- All traffic routed via WireGuard VPN to Netgrimoire +- DNS and ad blocking handled by Beryl AX router +- Primary DNS: Netgrimoire (via VPN) +- Fallback DNS: Public resolvers + +**Travel (Offline):** +- Full local access to all services +- Wiki, files, and media available +- No synchronization until connectivity returns +- DNS handled locally by router + +### Router Configuration (Beryl AX) + +**DNS & Ad Blocking:** +- AdGuard Home enabled on router +- Acts as primary DNS for all clients +- Blocks ads and trackers network-wide + +**DNS Behavior:** +- Primary DNS: Netgrimoire (via VPN when available) +- Fallback DNS: Public resolvers (1.1.1.1, 9.9.9.9) +- Local DNS entries: + - `pocket-grimoire.local` + - `wiki.pocket-grimoire.local` + - `media.pocket-grimoire.local` + +**VPN Behavior:** +- WireGuard client configured +- When VPN available: All traffic tunneled to Netgrimoire +- When VPN unavailable: Normal WAN routing + +--- + +## Directory Structure + +``` +/srv/pocket-grimoire/ # Main application root (on VAULT SSD) +├── stacks/ # Docker Compose files +│ ├── wikijs/ +│ │ ├── docker-compose.yml +│ │ └── .env +│ ├── jellyfin/ +│ │ ├── docker-compose.yml +│ │ └── .env +│ ├── stash/ +│ │ ├── docker-compose.yml +│ │ └── .env +│ └── filebrowser/ # Optional +│ └── docker-compose.yml +├── data/ # Persistent container data +│ ├── postgres/ # PostgreSQL data +│ ├── wikijs/ # Wiki.js data +│ ├── jellyfin/ # Jellyfin metadata/config +│ └── filebrowser/ # File browser config +├── repos/ # Git repository mirrors +│ └── wiki/ # Wiki content from Forgejo +└── keys/ # SSH keys + ├── forgejo_wiki_ro # Read-only wiki deploy key + └── zfs_pull_ro # ZFS replication key + +/srv/vaultpg/ # VAULT SSD (always connected) +├── kopia/ # Kopia backup repository +├── backups/ # System backups +│ ├── wiki/ # Wiki.js backups +│ ├── photos/ # Photo backups +│ └── documents/ # Document backups +└── repos/ # Git repository mirrors + +/srv/greenpg/ # GREEN SSD (personal, rotated) +└── Pocket/ # Dataset received from vault/Green/Pocket + ├── media/library/ # Personal media files + │ ├── movies/ + │ └── tv/ + ├── stash/ # Stash-Pocket data + │ ├── config/ # Stash database + │ ├── generated/ # Previews + │ └── blobs/ # Scene markers + └── veracrypt/ # VeraCrypt containers + └── sensitive.vc # Encrypted container files + +/srv/mediapg/ # MEDIA-FAMILY SSD (family, rotated) +└── library/ # Family media files + ├── movies/ + └── tv/ + +/mnt/veracrypt/ # VeraCrypt mount points (optional) +├── vault1/ # Mounted container 1 +└── vault2/ # Mounted container 2 (if needed) + +/usr/local/sbin/ # System scripts +├── pocketgrimoire-sync.sh # Main sync script +├── pocketgrimoire-zfs-pull.sh # ZFS replication script +├── unlock-pocket-grimoire.sh # Headless unlock script +└── mount-veracrypt-vault.sh # VeraCrypt mount script (optional) + +/etc/ # Config files +├── pocketgrimoire-sync.env # Secrets (ntfy tokens) +├── exports # NFS exports +└── systemd/system/ + ├── pocketgrimoire-sync.service + └── pocketgrimoire-sync.timer +``` + +--- + +## Installation Instructions + +### 1. Base OS Installation + +**Download Raspberry Pi OS:** +```bash +# On your laptop +# Download Raspberry Pi OS Lite (64-bit) from raspberrypi.com +# Use Raspberry Pi Imager to flash to MicroSD card + +# Configure: +# - Hostname: pocket-grimoire +# - Enable SSH +# - Set username/password +# - Configure WiFi (for initial setup only) +``` + +**First Boot:** +```bash +# SSH into Pi +ssh user@pocket-grimoire.local + +# Update system +sudo apt update && sudo apt upgrade -y + +# Set timezone +sudo timedatectl set-timezone America/Chicago + +# Configure locale +sudo raspi-config +# System Options → Locale → en_US.UTF-8 +``` + +**⚠️ Important: Ubuntu Pi Boot Configuration Note** + +Ubuntu on Raspberry Pi uses a different boot config location than Raspberry Pi OS. + +The active kernel command line is in: +``` +/boot/firmware/current/cmdline.txt +``` + +**Do NOT edit** `/boot/firmware/cmdline.txt` for kernel parameters — that file is only read during `tryboot` scenarios and is ignored on normal boot. + +Any kernel parameters (including USB quirks for drives) must go in `/boot/firmware/current/cmdline.txt` as a single unbroken line. + +This is critical for applying USB storage quirks (see Troubleshooting section if you experience drive issues). + +--- + +### 2. Install VeraCrypt (Optional - For Encrypted Container Files) + +**VeraCrypt** allows you to mount encrypted container files as virtual drives. This is useful for: +- Encrypted file containers for ultra-sensitive data +- Portable encrypted volumes that can be moved between systems +- Additional layer of encryption beyond ZFS (nested encryption) +- Cross-platform compatibility (Windows, Mac, Linux) + +**Installation:** + +```bash +# Add VeraCrypt PPA repository +sudo add-apt-repository ppa:unit193/encryption -y + +# Update package lists +sudo apt update + +# Install VeraCrypt +sudo apt install veracrypt -y + +# Verify installation +veracrypt --text --version +``` + +**Create Mount Point:** + +```bash +# Create directory for VeraCrypt volumes +sudo mkdir -p /mnt/veracrypt +sudo mkdir -p /mnt/veracrypt/vault1 +sudo mkdir -p /mnt/veracrypt/vault2 +``` + +**Mount VeraCrypt Container:** + +```bash +# Mount a VeraCrypt container file +sudo veracrypt --text \ + --mount /path/to/container.vc \ + /mnt/veracrypt/vault1 + +# You will be prompted for: +# - Container password +# - PIM (leave blank if not used) +# - Keyfiles (if any) + +# Verify mounted +mount | grep veracrypt +df -h /mnt/veracrypt/vault1 +``` + +**Auto-Mount on Boot (Optional):** + +Create systemd service to mount VeraCrypt on boot with manual password entry: + +```bash +sudo nano /etc/systemd/system/veracrypt-vault.service +``` + +```ini +[Unit] +Description=Mount VeraCrypt vault container +After=local-fs.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/usr/bin/veracrypt --text --non-interactive \ + --password-stdin \ + --mount /srv/vaultpg/containers/vault.vc \ + /mnt/veracrypt/vault1 +ExecStop=/usr/bin/veracrypt --text --dismount /mnt/veracrypt/vault1 + +[Install] +WantedBy=multi-user.target +``` + +**Note:** For security, password should be entered manually at boot, not stored in files. + +**Better Approach - Manual Mount Script:** + +```bash +sudo nano /usr/local/sbin/mount-veracrypt-vault.sh +``` + +```bash +#!/bin/bash +# Mount VeraCrypt container from GREEN drive + +CONTAINER="/srv/greenpg/Pocket/veracrypt/sensitive.vc" +MOUNT_POINT="/mnt/veracrypt/vault1" + +if mount | grep -q "$MOUNT_POINT"; then + echo "VeraCrypt volume already mounted at $MOUNT_POINT" + exit 0 +fi + +# Check if GREEN drive is mounted +if [ ! -f "$CONTAINER" ]; then + echo "Error: VeraCrypt container not found at $CONTAINER" + echo "Is GREEN drive mounted?" + exit 1 +fi + +echo "Mounting VeraCrypt container from GREEN drive..." +sudo veracrypt --text --mount "$CONTAINER" "$MOUNT_POINT" + +if [ $? -eq 0 ]; then + echo "Successfully mounted: $MOUNT_POINT" + df -h "$MOUNT_POINT" +else + echo "Failed to mount VeraCrypt container" + exit 1 +fi +``` + +```bash +sudo chmod +x /usr/local/sbin/mount-veracrypt-vault.sh +``` + +**Usage:** +```bash +# Mount manually after boot +sudo /usr/local/sbin/mount-veracrypt-vault.sh + +# Unmount +sudo veracrypt --text --dismount /mnt/veracrypt/vault1 + +# List mounted volumes +veracrypt --text --list +``` + +**VeraCrypt Container Creation (Do this on Netgrimoire first):** + +```bash +# Create directory in your existing vault/Green/Pocket dataset +sudo mkdir -p /export/Green/Pocket/veracrypt + +# Create a new VeraCrypt container (example: 10GB) +veracrypt --text --create /export/Green/Pocket/veracrypt/sensitive.vc + +# Follow prompts: +# - Volume type: Normal +# - Encryption algorithm: AES +# - Hash algorithm: SHA-512 +# - Filesystem: Linux Ext4 +# - Size: 10GB (or desired size) +# - Password: (enter strong password) +# - Format volume: Yes +``` + +**Sync VeraCrypt Container via ZFS:** + +```bash +# VeraCrypt containers are stored in vault/Green/Pocket/veracrypt/ +# They automatically sync to GREEN drive with the rest of the Pocket dataset + +# On Netgrimoire: +# /export/Green/Pocket/veracrypt/sensitive.vc + +# After sync to GREEN drive: +# /mnt/pocket-green/Pocket/veracrypt/sensitive.vc + +# On Pocket Grimoire after import: +# /srv/greenpg/Pocket/veracrypt/sensitive.vc + +# The container syncs automatically when you sync the Green/Pocket dataset +``` + +**When to Use VeraCrypt vs ZFS Encryption:** + +**Use VeraCrypt when:** +- Need portable encrypted containers (can move to other systems) +- Want different passwords for different data sets +- Need compatibility with Windows/Mac (VeraCrypt is cross-platform) +- Want nested encryption (VeraCrypt inside ZFS) + +**Use ZFS encryption when:** +- Encrypting entire drives/pools +- Want transparent encryption (no manual mounting) +- Need better performance (native filesystem encryption) +- Don't need to move encrypted data to non-Linux systems + +**For Pocket Grimoire, recommended approach:** +- ZFS encryption for VAULT and GREEN SSDs (always) +- VeraCrypt for ultra-sensitive files on GREEN drive (optional) +- Example: Tax documents, financial records, personal files +- VeraCrypt containers stored in `/export/Green/Pocket/veracrypt/` +- Syncs to GREEN drive automatically with other Pocket data + +### 3. Install ZFS + +```bash +# Install ZFS utilities +sudo apt install -y zfsutils-linux + +# Verify ZFS is working +sudo zpool list +``` + +### 4. Initial Drive Setup on Netgrimoire (Before Moving to Pocket) + +**IMPORTANT: Build drives on Netgrimoire first, then move to Pocket Grimoire.** + +This approach allows you to: +- Create encrypted pools with proper passphrases +- Perform initial ZFS sync while drives are fast-connected (SATA/USB 3.0) +- Verify data integrity before moving drives +- Test encryption/unlock on powerful hardware first + +#### Drive Configuration Overview + +**Drive #1: VAULT** (1-2TB, encrypted, always connected) +- Purpose: Backups and system data ONLY +- Contains: Git repos, Wiki backups, Kopia repository, photos, documents +- Does NOT contain media, Stash data, or VeraCrypt containers + +**Drive #2: GREEN** (2TB+, encrypted, rotated for personal trips) +- Purpose: Personal media, Stash-Pocket data, and VeraCrypt containers +- Contains: Personal media library, Stash database/previews/blobs, VeraCrypt files +- Syncs from `/export/vault/Green/` on Netgrimoire + +**Drive #3: MEDIA-FAMILY** (2TB+, unencrypted, rotated for family trips) +- Purpose: Family-friendly shareable content +- Contains: Simple library structure with movies and TV +- Unencrypted for easy sharing with relatives + +#### On Netgrimoire: Create and Populate Drives + +**Connect drives to Netgrimoire:** +- VAULT SSD (1-2TB) via USB 3.0 or SATA +- GREEN SSD (2TB+) via USB 3.0 or SATA +- MEDIA-FAMILY SSD (2TB+) via USB 3.0 or SATA (optional, can be created later) + +**Identify drives:** +```bash +# On Netgrimoire +lsblk +# Note device names: /dev/sdX, /dev/sdY, /dev/sdZ +``` + +**Create VAULT pool (encrypted - backups only):** +```bash +# On Netgrimoire +sudo zpool create -o ashift=12 \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + -O compression=lz4 \ + -O atime=off \ + -O recordsize=1M \ + -m /mnt/pocket-vault \ + pocket-vault /dev/sdX + +# Enter STRONG passphrase when prompted +# Write down this passphrase - you'll need it on Pocket Grimoire + +# Create datasets for backups and system data +sudo zfs create -o recordsize=16K pocket-vault/wiki-pg # PostgreSQL backups +sudo zfs create pocket-vault/repos # Git repository mirrors +sudo zfs create pocket-vault/kopia # Kopia backup repository +sudo zfs create pocket-vault/backups # General backups +sudo zfs create pocket-vault/backups/wiki # Wiki.js backups +sudo zfs create pocket-vault/backups/photos # Photo backups +sudo zfs create pocket-vault/backups/documents # Document backups + +# Set ownership +sudo chown -R 1000:1000 /mnt/pocket-vault +``` + +**GREEN pool - Use Existing vault/Green/Pocket Dataset:** + +**IMPORTANT:** You already have an encrypted dataset `vault/Green/Pocket` on Netgrimoire with your personal media and Stash data. **Do NOT create a new pool from scratch.** Instead, you'll use ZFS send/receive to replicate this existing dataset to the GREEN drive. + +```bash +# On Netgrimoire +# Verify your existing dataset +zfs list vault/Green/Pocket +# Should show: vault/Green/Pocket 5.01T 2.49T 5.01T /export/Green/Pocket + +# Check what's in it +ls /export/Green/Pocket/ +# Should show: media/ and stash/ directories + +# This dataset will be sent to the GREEN drive in the next step +# No need to create pocket-green datasets manually +``` + +**Create empty GREEN pool (will receive data via ZFS send):** +```bash +# On Netgrimoire with GREEN SSD connected +sudo zpool create -o ashift=12 \ + -O encryption=on \ + -O keylocation=prompt \ + -O keyformat=passphrase \ + -O compression=lz4 \ + -O atime=off \ + -O recordsize=1M \ + -m /mnt/pocket-green \ + pocket-green /dev/sdY + +# Enter STRONG passphrase (can be different from VAULT) +# Write down this passphrase + +# Don't create datasets manually - they'll be created by zfs receive +# The pool is now ready to receive vault/Green/Pocket dataset +``` + +**Create MEDIA-FAMILY pool (unencrypted - family content):** +```bash +# On Netgrimoire +sudo zpool create -o ashift=12 \ + -O compression=lz4 \ + -O atime=off \ + -O recordsize=1M \ + -m /mnt/pocket-media \ + pocket-media /dev/sdZ + +# No encryption - family can use this drive on any system + +# Create simple library structure +sudo zfs create pocket-media/library +sudo zfs create pocket-media/library/movies +sudo zfs create pocket-media/library/tv + +# Set ownership +sudo chown -R 1000:1000 /mnt/pocket-media +``` + +**Perform initial sync to VAULT:** +```bash +# On Netgrimoire +# Sync backups and system data to VAULT drive + +# Sync Wiki backups +sudo rsync -avP \ + /export/vault/wiki-backups/ \ + /mnt/pocket-vault/backups/wiki/ + +# Sync Git repositories +sudo rsync -avP \ + /export/vault/repos/ \ + /mnt/pocket-vault/repos/ + +# Sync Kopia repository (if exists) +sudo rsync -avP \ + /export/vault/kopia/ \ + /mnt/pocket-vault/kopia/ + +# Sync photos and documents +sudo rsync -avP \ + /export/vault/photos/ \ + /mnt/pocket-vault/backups/photos/ + +sudo rsync -avP \ + /export/vault/documents/ \ + /mnt/pocket-vault/backups/documents/ + +# Verify data +ls -lh /mnt/pocket-vault/ +du -sh /mnt/pocket-vault/ +``` + +**Perform initial sync to GREEN:** + +You have two options for syncing your existing `vault/Green/Pocket` dataset to the GREEN drive: + +**Option A: Using Syncoid (Recommended - Easier)** + +```bash +# On Netgrimoire with GREEN drive connected +# Syncoid handles snapshots and incremental transfers automatically + +sudo syncoid vault/Green/Pocket pocket-green/Pocket + +# Syncoid will: +# - Create snapshot automatically +# - Send data to pocket-green/Pocket +# - Show progress bar +# - Handle all ZFS send/receive details + +# Verify received +zfs list pocket-green/Pocket +ls -lh /mnt/pocket-green/Pocket/ +du -sh /mnt/pocket-green/Pocket/ +``` + +**Important Note on Pool Naming:** +- On Netgrimoire during initial build: Pool is called `pocket-green` +- After moving to Pocket Grimoire: Pool is renamed to `greenpg` during import +- If you've already moved the drive to Pocket and back, use: `sudo syncoid vault/Green/Pocket greenpg/Pocket` + +**Option B: Manual ZFS Send (Advanced)** + +```bash +# On Netgrimoire +# You have an existing encrypted dataset: vault/Green/Pocket +# This contains your personal media and will include Stash data + +# First, verify the dataset exists and its size +zfs list vault/Green/Pocket +# Should show: vault/Green/Pocket 5.01T 2.49T 5.01T /export/Green/Pocket + +# Create snapshot for initial send +sudo zfs snapshot vault/Green/Pocket@initial + +# Send to pocket-green pool, creating pocket-green/Pocket dataset +# IMPORTANT: Must specify destination dataset name, not just pool name +sudo zfs send vault/Green/Pocket@initial | \ + sudo zfs receive pocket-green/Pocket + +# Or if pool was already renamed to greenpg: +# sudo zfs send vault/Green/Pocket@initial | \ +# sudo zfs receive greenpg/Pocket + +# This creates: pocket-green/Pocket (or greenpg/Pocket) +# NOT just "pocket-green" (which is the pool name) + +# Verify received +zfs list pocket-green/Pocket # or greenpg/Pocket +ls -lh /mnt/pocket-green/Pocket/ # or /srv/greenpg/Pocket + +# Verify data integrity +du -sh /mnt/pocket-green/Pocket/ # or /srv/greenpg/Pocket +``` + +**Both options create the same result:** +``` +# The data structure will be: +# /mnt/pocket-green/Pocket/ (or /srv/greenpg/Pocket if already renamed) +# ├── media/library/ +# │ ├── movies/ +# │ └── tv/ +# └── stash/ +# ├── config/ +# ├── generated/ +# └── blobs/ +``` + +**Important notes:** +- The `vault/Green/Pocket` dataset is encrypted on Netgrimoire +- `zfs send` transfers the data (decrypted during send) +- `pocket-green` (or `greenpg`) pool has its own encryption (encrypts during receive) +- Result: Data is encrypted at rest on both systems with different keys +- The dataset name becomes `pocket-green/Pocket` initially, or `greenpg/Pocket` if pool was already renamed +- **Recommended:** Use syncoid (Option A) - it's simpler and handles everything automatically + + + +**Populate MEDIA-FAMILY (optional - curate family content):** +```bash +# On Netgrimoire +# Copy family-friendly media to MEDIA-FAMILY drive + +# Example: Copy family movies +sudo cp /export/vault/media/family-movies/*.mp4 \ + /mnt/pocket-media/library/movies/ + +# Or use rsync for large transfers +sudo rsync -avP \ + /export/vault/media/family-shows/ \ + /mnt/pocket-media/library/tv/ + +# Verify +du -sh /mnt/pocket-media/library/ +``` + +**Export pools before disconnecting:** +```bash +# On Netgrimoire +# CRITICAL: Export pools before physically disconnecting drives + +sudo zpool export pocket-vault + +# For GREEN drive - check which name it has +zpool list | grep -E "pocket-green|greenpg" + +# If it shows "pocket-green": +sudo zpool export pocket-green + +# If it shows "greenpg" (already renamed from previous import): +sudo zpool export greenpg + +# For MEDIA-FAMILY (if created): +sudo zpool export pocket-media # or mediapg if renamed + +# Verify exported +zpool list +# Should NOT show pocket-* or *pg pools +``` + +**Physically disconnect drives from Netgrimoire.** + +### 5. Configure ZFS Pools on Pocket Grimoire + +**Now connect drives to Pocket Grimoire:** +- VAULT → Anker USB-A port #2 (always connected) +- GREEN (for personal trips) → Raspberry Pi USB 3.0 port + OR +- MEDIA-FAMILY (for family trips) → Raspberry Pi USB 3.0 port + +**Import and rename pools:** +```bash +# On Pocket Grimoire (SSH into Pi) +ssh user@pocket-grimoire.local + +# Import VAULT pool with new name +sudo zpool import pocket-vault vaultpg + +# Import GREEN pool with new name (for personal trips) +sudo zpool import pocket-green greenpg + +# OR import MEDIA-FAMILY pool (for family trips) +# sudo zpool import pocket-media mediapg + +# Verify pools imported +zpool list +# Should show: vaultpg, greenpg (or mediapg for family) +``` + +**Set mount points for Pocket Grimoire:** +```bash +# Set proper mount points +sudo zfs set mountpoint=/srv/vaultpg vaultpg +sudo zfs set mountpoint=/srv/greenpg greenpg + +# For the Pocket dataset (received from vault/Green/Pocket) +sudo zfs set mountpoint=/srv/greenpg/Pocket greenpg/Pocket + +# Or for family drive (when you swap): +# sudo zfs set mountpoint=/srv/mediapg mediapg + +# Create mount points +sudo mkdir -p /srv/vaultpg +sudo mkdir -p /srv/greenpg +sudo mkdir -p /srv/mediapg # Create both, use as needed + +# Unmount and remount with new paths +sudo zfs unmount -a +sudo zfs mount -a + +# Verify mounted +df -h | grep srv +# Should show: +# vaultpg mounted on /srv/vaultpg +# greenpg mounted on /srv/greenpg +# greenpg/Pocket mounted on /srv/greenpg/Pocket + +# Verify data +ls /srv/vaultpg/ +ls /srv/greenpg/Pocket/media/library/ +ls /srv/greenpg/Pocket/stash/ +# Or for family: +# ls /srv/mediapg/library/ +``` + +**Configure for headless unlock:** +```bash +# Set pools to NOT auto-mount on boot +# This prevents boot hanging waiting for passphrase + +sudo zfs set canmount=noauto vaultpg +sudo zfs set canmount=noauto greenpg +sudo zfs set canmount=noauto greenpg/Pocket +sudo zfs set canmount=noauto mediapg # For when you swap to family drive + +# Pools will need manual unlock via SSH after boot +``` + +**Cap ZFS ARC Memory:** +```bash +# Create /etc/modprobe.d/zfs.conf +sudo nano /etc/modprobe.d/zfs.conf + +# Add this line (for 8GB Pi, cap at 1GB): +options zfs zfs_arc_max=1073741824 + +# Save and apply +sudo update-initramfs -u +sudo reboot +``` + +### 6. Create Headless Unlock Script + +**After reboot, SSH back in and create unlock script:** + +```bash +sudo nano /usr/local/sbin/unlock-pocket-grimoire.sh +``` + +```bash +#!/bin/bash +# Unlock Pocket Grimoire encrypted ZFS pools (headless operation) + +set -e + +echo "==========================================" +echo " Pocket Grimoire ZFS Unlock (Headless)" +echo "==========================================" +echo + +# Check if VAULT pool is already unlocked +if zfs list vaultpg &>/dev/null && mount | grep -q /srv/vaultpg; then + echo "✓ vaultpg (VAULT) already unlocked and mounted" +else + # Import pool if needed + if ! zpool list vaultpg &>/dev/null; then + echo "Importing vaultpg pool..." + sudo zpool import vaultpg + fi + + # Unlock VAULT pool + echo "Unlocking vaultpg (VAULT - backups and system data)..." + sudo zfs load-key vaultpg + + # Mount all vaultpg datasets + sudo zfs mount vaultpg + sudo zfs mount -a + + if mount | grep -q /srv/vaultpg; then + echo "✓ vaultpg unlocked and mounted at /srv/vaultpg" + else + echo "✗ Failed to mount vaultpg" + exit 1 + fi +fi + +echo + +# Check for GREEN pool (personal media + Stash) +if zpool list greenpg &>/dev/null; then + if zfs list greenpg &>/dev/null && mount | grep -q /srv/greenpg; then + echo "✓ greenpg (GREEN - personal media + Stash) already unlocked" + else + echo "Unlocking greenpg (GREEN - personal media + Stash)..." + sudo zfs load-key greenpg + sudo zfs mount greenpg + sudo zfs mount -a + + if mount | grep -q /srv/greenpg; then + echo "✓ greenpg unlocked and mounted at /srv/greenpg" + else + echo "✗ Failed to mount greenpg" + exit 1 + fi + fi +else + echo "ℹ greenpg pool not found (GREEN drive not connected)" +fi + +echo + +# Check for MEDIA-FAMILY pool (family content) +if zpool list mediapg &>/dev/null; then + if zfs list mediapg &>/dev/null && mount | grep -q /srv/mediapg; then + echo "✓ mediapg (MEDIA-FAMILY) already unlocked" + else + echo "Unlocking mediapg (MEDIA-FAMILY - family content)..." + + # Check if encrypted (shouldn't be, but check anyway) + if zfs get encryption mediapg | grep -q "encryption.*on"; then + sudo zfs load-key mediapg + fi + + sudo zfs mount mediapg + sudo zfs mount -a + + if mount | grep -q /srv/mediapg; then + echo "✓ mediapg unlocked and mounted at /srv/mediapg" + else + echo "✗ Failed to mount mediapg" + exit 1 + fi + fi +else + echo "ℹ mediapg pool not found (MEDIA-FAMILY drive not connected)" +fi + +echo + +# Optional: Mount VeraCrypt containers +if [ -f /usr/local/sbin/mount-veracrypt-vault.sh ]; then + echo "VeraCrypt container found. Mount now? (y/n)" + read -r response + if [[ "$response" == "y" ]]; then + /usr/local/sbin/mount-veracrypt-vault.sh + fi +fi + +echo +echo "==========================================" +echo " Starting Docker Services" +echo "==========================================" +echo + +# Start Docker service +if ! systemctl is-active --quiet docker; then + echo "Starting Docker..." + sudo systemctl start docker + sleep 3 +fi + +# Start containers +echo "Starting Wiki.js stack..." +cd /srv/pocket-grimoire/stacks/wikijs && docker compose up -d + +echo "Starting Jellyfin stack..." +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d + +echo "Starting Stash stack..." +if [ -d /srv/pocket-grimoire/stacks/stash ]; then + cd /srv/pocket-grimoire/stacks/stash && docker compose up -d +fi + +# Optional containers +if [ -d /srv/pocket-grimoire/stacks/filebrowser ]; then + echo "Starting File Browser..." + cd /srv/pocket-grimoire/stacks/filebrowser && docker compose up -d +fi + +echo +echo "==========================================" +echo " Pocket Grimoire Ready!" +echo "==========================================" +echo +echo "Drives mounted:" +if mount | grep -q /srv/vaultpg; then + echo " ✓ VAULT (vaultpg) at /srv/vaultpg" +fi +if mount | grep -q /srv/greenpg; then + echo " ✓ GREEN (greenpg) at /srv/greenpg - Personal media + Stash" +fi +if mount | grep -q /srv/mediapg; then + echo " ✓ MEDIA-FAMILY (mediapg) at /srv/mediapg - Family content" +fi +echo +echo "Services available at:" +echo " Wiki.js: http://pocket-grimoire.local:3000" +echo " Jellyfin: http://pocket-grimoire.local:8096" +echo " Stash: http://pocket-grimoire.local:9999" +echo " File Browser: http://pocket-grimoire.local:8080" +echo +echo "Total unlock time: $(($SECONDS / 60)) minutes $(($SECONDS % 60)) seconds" +echo +``` + +```bash +sudo chmod +x /usr/local/sbin/unlock-pocket-grimoire.sh +``` + +### 7. Disable Docker Auto-Start (Headless Configuration) + +**Prevent Docker from starting before ZFS pools are unlocked:** + +```bash +# Disable Docker auto-start on boot +sudo systemctl disable docker + +# Docker will be started manually by unlock script +``` + +**Or, configure Docker to wait for ZFS (if you prefer):** + +```bash +sudo mkdir -p /etc/systemd/system/docker.service.d +sudo nano /etc/systemd/system/docker.service.d/wait-for-zfs.conf +``` + +```ini +[Unit] +# Don't start Docker until after manual ZFS unlock +After=zfs-mount.service +Wants=zfs-mount.service + +[Service] +# Restart Docker if it fails (ZFS not ready) +Restart=on-failure +RestartSec=10 +``` + +```bash +sudo systemctl daemon-reload +``` + +**Recommended: Just disable auto-start and use unlock script.** + +### 8. Test Headless Unlock Procedure + +**Test at home before traveling:** + +```bash +# 1. Reboot Pi +sudo reboot + +# 2. Wait 2-3 minutes for boot (don't connect monitor/keyboard) + +# 3. SSH from laptop +ssh user@pocket-grimoire.local + +# 4. Run unlock script +/usr/local/sbin/unlock-pocket-grimoire.sh + +# Enter passphrases when prompted: +# - VAULT passphrase +# - MEDIA-PERSONAL passphrase (if encrypted) +# - VeraCrypt password (if using) + +# 5. Wait for Docker containers to start + +# 6. Verify services running +docker ps + +# 7. Access from browser +# http://pocket-grimoire.local:3000 +# http://pocket-grimoire.local:8096 +# http://pocket-grimoire.local:9999 + +# 8. Verify data accessible +ls /srv/vaultpg/Green/Pocket/ +ls /srv/mediapg/library/ +``` + +**If everything works, you're ready for travel!** + +### 9. Quick Manual Unlock (If Script Fails) + +```bash +# SSH into Pocket Grimoire +ssh user@pocket-grimoire.local + +# Import pools if needed +sudo zpool import vaultpg +sudo zpool import greenpg # For GREEN (personal) +# Or: +# sudo zpool import mediapg # For MEDIA-FAMILY + +# Load encryption keys +sudo zfs load-key vaultpg # VAULT (always encrypted) +sudo zfs load-key greenpg # GREEN (encrypted) +# mediapg is unencrypted (MEDIA-FAMILY) - no key needed + +# Mount all datasets +sudo zfs mount -a + +# Verify mounted +df -h | grep srv +# Should show vaultpg and either greenpg or mediapg + +# Start Docker +sudo systemctl start docker + +# Start containers manually +cd /srv/pocket-grimoire/stacks/wikijs && docker compose up -d +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d +cd /srv/pocket-grimoire/stacks/stash && docker compose up -d +``` + +**Configure ZFS to Wait for Passphrase on Boot:** +```bash +# Edit /etc/systemd/system/zfs-load-key.service +sudo nano /etc/systemd/system/zfs-load-key.service +``` + +Add: +```ini +[Unit] +Description=Load ZFS encryption keys +Before=zfs-mount.service +After=zfs-import.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/sbin/zfs load-key -a + +[Install] +WantedBy=zfs-mount.service +``` + +Enable: +```bash +sudo systemctl daemon-reload +sudo systemctl enable zfs-load-key.service +``` + +### 4. Install Docker + +```bash +# Install Docker +sudo apt install -y docker.io docker-compose + +# Add user to docker group +sudo usermod -aG docker $USER + +# Enable Docker service +sudo systemctl enable docker +sudo systemctl start docker + +# Log out and back in for group changes +exit +# SSH back in +``` + +### 5. Install NFS Server + +```bash +# Install NFS server +sudo apt install -y nfs-kernel-server + +# Configure exports +sudo nano /etc/exports +``` + +Add: +``` +/srv/mediapg 10.0.0.0/24(ro,fsid=10,async,no_subtree_check) +``` + +Apply: +```bash +sudo exportfs -ra +sudo systemctl restart nfs-server +sudo systemctl enable nfs-server + +# Verify +sudo exportfs -v +``` + +### 6. Install Syncoid (ZFS Replication Tool) + +**Syncoid** is a ZFS replication tool that makes syncing datasets much easier than manual ZFS send/receive. + +```bash +# Install Sanoid (includes syncoid) +sudo apt update +sudo apt install -y sanoid + +# Verify installation +which syncoid +syncoid --version + +# Should show: syncoid version X.X.X +``` + +**What syncoid does:** +- ✅ Automatically creates snapshots +- ✅ Handles incremental ZFS send/receive +- ✅ Manages snapshot cleanup +- ✅ Shows progress bars +- ✅ Works over SSH +- ✅ Resumes interrupted transfers + +**Example usage:** +```bash +# Local sync (same machine) +sudo syncoid source/dataset destination/dataset + +# Remote sync over SSH +sudo syncoid --sshkey /path/to/key \ + root@remote-host:source/dataset \ + local/dataset +``` + +**You'll use this for:** +- Initial GREEN drive sync on Netgrimoire +- Ongoing syncs from Netgrimoire to Pocket Grimoire over network +- Much simpler than manual `zfs send` commands + +### 7. Install System Packages + +```bash +# Core utilities +sudo apt install -y \ + curl \ + git \ + htop \ + ncdu \ + smartmontools \ + sanoid + +# For ntfy notifications +sudo apt install -y curl +``` + +--- + +## Docker Configuration + +### Wiki.js Stack + +**Create directory structure:** +```bash +mkdir -p /srv/pocket-grimoire/stacks/wikijs +mkdir -p /srv/pocket-grimoire/data/postgres +mkdir -p /srv/pocket-grimoire/data/wikijs +mkdir -p /srv/pocket-grimoire/repos/wiki +mkdir -p /srv/pocket-grimoire/keys +``` + +**Create environment file:** +```bash +nano /srv/pocket-grimoire/stacks/wikijs/.env +``` + +```env +TZ=America/Chicago + +PUID=1000 +PGID=1000 + +POSTGRES_DB=wikijs +POSTGRES_USER=wikijs +POSTGRES_PASSWORD=CHANGE_ME_LONG_RANDOM_PASSWORD + +WIKI_PORT=3000 +COMPOSE_PROJECT_NAME=pocketgrimoire_wikijs +``` + +**Create Docker Compose file:** +```bash +nano /srv/pocket-grimoire/stacks/wikijs/docker-compose.yml +``` + +```yaml +services: + db: + image: postgres:16-alpine + container_name: pocketgrimoire_db + environment: + TZ: ${TZ} + POSTGRES_DB: ${POSTGRES_DB} + POSTGRES_USER: ${POSTGRES_USER} + POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} + volumes: + - /srv/pocket-grimoire/data/postgres:/var/lib/postgresql/data + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -U ${POSTGRES_USER} -d ${POSTGRES_DB}"] + interval: 10s + timeout: 5s + retries: 10 + + wikijs: + image: requarks/wiki:2 + container_name: pocketgrimoire_wikijs + depends_on: + db: + condition: service_healthy + environment: + TZ: ${TZ} + DB_TYPE: postgres + DB_HOST: db + DB_PORT: 5432 + DB_USER: ${POSTGRES_USER} + DB_PASS: ${POSTGRES_PASSWORD} + DB_NAME: ${POSTGRES_DB} + ports: + - "${WIKI_PORT}:3000" + volumes: + - /srv/pocket-grimoire/repos:/repos + restart: unless-stopped +``` + +**Start Wiki.js:** +```bash +cd /srv/pocket-grimoire/stacks/wikijs +docker compose up -d +``` + +**Access Wiki.js:** +- Open browser: `http://pocket-grimoire.local:3000` +- Complete initial setup +- Configure as read-only (see Wiki.js Configuration section below) + +### Jellyfin Stack + +**Create directory structure:** +```bash +mkdir -p /srv/pocket-grimoire/stacks/jellyfin +mkdir -p /srv/pocket-grimoire/data/jellyfin/config +mkdir -p /srv/pocket-grimoire/data/jellyfin/cache +``` + +**Create environment file:** +```bash +nano /srv/pocket-grimoire/stacks/jellyfin/.env +``` + +```env +TZ=America/Chicago +PUID=1000 +PGID=1000 +JELLYFIN_PORT=8096 +COMPOSE_PROJECT_NAME=pocketgrimoire_jellyfin +``` + +**Create Docker Compose file:** +```bash +nano /srv/pocket-grimoire/stacks/jellyfin/docker-compose.yml +``` + +```yaml +services: + jellyfin: + image: jellyfin/jellyfin:latest + container_name: pocketgrimoire_jellyfin + user: "${PUID}:${PGID}" + environment: + - TZ=${TZ} + volumes: + - /srv/pocket-grimoire/data/jellyfin/config:/config + - /srv/pocket-grimoire/data/jellyfin/cache:/cache + - /srv/mediapg:/media:ro + ports: + - "${JELLYFIN_PORT}:8096" + restart: unless-stopped +``` + +**Start Jellyfin:** +```bash +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose up -d +``` + +**Access Jellyfin:** +- Open browser: `http://pocket-grimoire.local:8096` +- Complete initial setup +- Add media library: `/media/library` +- Configure for direct play only (see Jellyfin Configuration section below) + +### Optional: File Browser + +**Create directory structure:** +```bash +mkdir -p /srv/pocket-grimoire/stacks/filebrowser +mkdir -p /srv/pocket-grimoire/data/filebrowser +``` + +**Create Docker Compose file:** +```bash +nano /srv/pocket-grimoire/stacks/filebrowser/docker-compose.yml +``` + +```yaml +services: + filebrowser: + image: filebrowser/filebrowser:s6 + container_name: pocketgrimoire_filebrowser + ports: + - "8080:80" + volumes: + - /srv/pocket-grimoire/data/filebrowser:/database + - /srv/pocket-grimoire/data/filebrowser:/config + - /srv/vaultpg:/vault:ro + - /srv/mediapg:/media:ro + restart: unless-stopped +``` + +**Start File Browser:** +```bash +cd /srv/pocket-grimoire/stacks/filebrowser +docker compose up -d +``` + +**Access File Browser:** +- Open browser: `http://pocket-grimoire.local:8080` +- Default login: `admin` / `admin` +- Change password immediately +- Configure as read-only in settings + +### Optional: Dozzle (Container Logs) + +**Create Docker Compose file:** +```bash +mkdir -p /srv/pocket-grimoire/stacks/dozzle +nano /srv/pocket-grimoire/stacks/dozzle/docker-compose.yml +``` + +```yaml +services: + dozzle: + image: amir20/dozzle:latest + container_name: pocketgrimoire_dozzle + ports: + - "9999:8080" + volumes: + - /var/run/docker.sock:/var/run/docker.sock:ro + restart: unless-stopped +``` + +**Start Dozzle:** +```bash +cd /srv/pocket-grimoire/stacks/dozzle +docker compose up -d +``` + +--- + +## Service Configuration + +### Wiki.js Configuration + +**After initial setup, configure read-only mode:** + +1. **Disable User Registration:** + - Administration → Users → Settings + - Disable "Allow self-registration" + +2. **Configure Read-Only Permissions:** + - Administration → Groups + - Edit "Guests" group (or create "Readers" group) + - Permissions: + - ✓ Read pages + - ✗ Create pages + - ✗ Edit pages + - ✗ Delete pages + - ✗ Upload files + +3. **Configure Git Storage:** + - Administration → Storage → Git + - **Setup:** + - Remote: `git@your-forgejo-host:username/wiki-content.git` + - Authentication: SSH (deploy key) + - Sync Direction: Pull/Import only + - Branch: `main` + +4. **Generate SSH Deploy Key:** + ```bash + mkdir -p /srv/pocket-grimoire/keys + ssh-keygen -t ed25519 -f /srv/pocket-grimoire/keys/forgejo_wiki_ro -N "" + chmod 600 /srv/pocket-grimoire/keys/forgejo_wiki_ro + cat /srv/pocket-grimoire/keys/forgejo_wiki_ro.pub + ``` + +5. **Add Deploy Key to Forgejo:** + - Copy public key + - Forgejo → Repository → Settings → Deploy Keys + - Add key (read-only access) + +6. **Import Content:** + - Administration → Storage → Git + - Click "Import Content" or "Force Sync" + - Verify pages appear + +### Jellyfin Configuration + +**Critical: Disable All Transcoding** + +1. **Dashboard → Playback:** + - ✓ Prefer Direct Play + - ✓ Prefer Direct Stream + - ✗ Allow video transcoding (DISABLE THIS) + - ✗ Allow audio transcoding when supported (DISABLE THIS) + - ✗ Hardware acceleration: None (not needed) + +2. **Dashboard → Libraries:** + - Add Library: `/media/library/movies` + - Content type: Movies + - Add Library: `/media/library/tv` + - Content type: TV Shows + +3. **Dashboard → Networking:** + - Published Server URL: `http://pocket-grimoire.local:8096` + - Enable automatic port mapping: No + +4. **Dashboard → Scheduled Tasks:** + - Disable aggressive scanning + - Scan library: Manual only (or daily at most) + +**Verify Direct Play:** +- Play a movie +- During playback: Click info icon +- Verify: "Direct Play" (NOT "Transcoding" or "Direct Stream with Transcode") +- If transcoding appears: Media is not properly encoded + +--- + +## Synchronization Configuration + +### Create ntfy Environment File + +```bash +sudo nano /etc/pocketgrimoire-sync.env +``` + +```bash +NTFY_URL="https://ntfy.YOUR_DOMAIN/pocket-grimoire" +NTFY_TOKEN="YOUR_NTFY_TOKEN_HERE" # Optional +HOSTNAME_TAG="$(hostname -s)" +``` + +```bash +sudo chmod 600 /etc/pocketgrimoire-sync.env +``` + +### Create Main Sync Script + +```bash +sudo nano /usr/local/sbin/pocketgrimoire-sync.sh +``` + +```bash +#!/usr/bin/env bash +set -euo pipefail + +ENV_FILE="/etc/pocketgrimoire-sync.env" +LOG="/var/log/pocketgrimoire-sync.log" +LOCK="/run/pocketgrimoire-sync.lock" +STATE_DIR="/var/lib/pocketgrimoire" +FAIL_FLAG="${STATE_DIR}/last_run_failed" + +mkdir -p "$STATE_DIR" +touch "$LOG" +chmod 640 "$LOG" + +# shellcheck disable=SC1090 +source "$ENV_FILE" + +notify_ntfy() { + local title="$1" + local msg="$2" + local priority="${3:-default}" + local tags="${4:-warning}" + + local auth=() + if [[ -n "${NTFY_TOKEN:-}" ]]; then + auth=(-H "Authorization: Bearer ${NTFY_TOKEN}") + fi + + curl -fsS -X POST "${NTFY_URL}" \ + "${auth[@]}" \ + -H "Title: ${title}" \ + -H "Priority: ${priority}" \ + -H "Tags: ${tags}" \ + -d "${msg}" >/dev/null 2>&1 || true +} + +# Prevent overlapping runs +exec 9>"$LOCK" +if ! flock -n 9; then + echo "$(date -Is) sync already running, exiting" >> "$LOG" + exit 0 +fi + +run_or_fail() { + local label="$1"; shift + echo "$(date -Is) --- ${label} START ---" >> "$LOG" + if "$@" >> "$LOG" 2>&1; then + echo "$(date -Is) --- ${label} OK ---" >> "$LOG" + return 0 + else + local rc=$? + echo "$(date -Is) --- ${label} FAIL (rc=${rc}) ---" >> "$LOG" + return $rc + fi +} + +main() { + echo "$(date -Is) ===== Pocket Grimoire sync start =====" >> "$LOG" + + # 1) ZFS replication pull + # Placeholder - configure after setting up ZFS replication + # run_or_fail "ZFS pull" /usr/local/sbin/pocketgrimoire-zfs-pull.sh + echo "$(date -Is) ZFS pull: placeholder (configure syncoid)" >> "$LOG" + + # 2) Git pull for wiki content + REPO_DIR="/srv/pocket-grimoire/repos/wiki" + BRANCH="main" + + if [[ -d "${REPO_DIR}/.git" ]]; then + run_or_fail "Git fetch (wiki)" git -C "$REPO_DIR" fetch --all --prune + run_or_fail "Git reset (wiki)" git -C "$REPO_DIR" reset --hard "origin/${BRANCH}" + else + echo "$(date -Is) WARNING: ${REPO_DIR} is not a git repo" >> "$LOG" + fi + + echo "$(date -Is) ===== Pocket Grimoire sync end =====" >> "$LOG" + + # If previously failing, send recovery notice + if [[ -f "$FAIL_FLAG" ]]; then + rm -f "$FAIL_FLAG" + notify_ntfy \ + "Pocket Grimoire sync recovered (${HOSTNAME_TAG})" \ + "Sync is healthy again. Last run succeeded at $(date -Is)." \ + "low" \ + "white_check_mark" + fi +} + +# Trap errors to notify +on_error() { + local rc=$? + touch "$FAIL_FLAG" + + local tail_txt + tail_txt="$(tail -n 60 "$LOG" 2>/dev/null || true)" + + notify_ntfy \ + "Pocket Grimoire sync FAILED (${HOSTNAME_TAG})" \ + "Return code: ${rc}\nTime: $(date -Is)\n\nLast log lines:\n${tail_txt}" \ + "high" \ + "rotating_light" + + exit $rc +} +trap on_error ERR + +main +``` + +```bash +sudo chmod +x /usr/local/sbin/pocketgrimoire-sync.sh +sudo mkdir -p /var/lib/pocketgrimoire +``` + +### Create ZFS Replication Script + +```bash +sudo nano /usr/local/sbin/pocketgrimoire-zfs-pull.sh +``` + +```bash +#!/usr/bin/env bash +set -euo pipefail + +# Configuration - UPDATE THESE +SRC_HOST="netgrimoire.example.lan" +SRC_DATASET="vault/source_dataset" +DST_DATASET="vaultpg/mirror_dataset" +SSH_KEY="/srv/pocket-grimoire/keys/zfs_pull_ro" + +# Run syncoid for incremental replication +syncoid --no-sync-snap --recursive \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:${SRC_DATASET}" \ + "${DST_DATASET}" +``` + +```bash +sudo chmod +x /usr/local/sbin/pocketgrimoire-zfs-pull.sh +``` + +**Note:** Configure SSH keys and ZFS send/receive permissions on Netgrimoire before enabling this script. + +### Create systemd Service + +```bash +sudo nano /etc/systemd/system/pocketgrimoire-sync.service +``` + +```ini +[Unit] +Description=Pocket Grimoire periodic sync (ZFS + Git) with ntfy alerts +After=network-online.target +Wants=network-online.target + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/pocketgrimoire-sync.sh +``` + +### Create systemd Timer + +```bash +sudo nano /etc/systemd/system/pocketgrimoire-sync.timer +``` + +```ini +[Unit] +Description=Run Pocket Grimoire sync every 6 hours + +[Timer] +OnBootSec=10min +OnUnitActiveSec=6h +Persistent=true + +[Install] +WantedBy=timers.target +``` + +### Enable and Start Timer + +```bash +sudo systemctl daemon-reload +sudo systemctl enable pocketgrimoire-sync.timer +sudo systemctl start pocketgrimoire-sync.timer + +# Verify timer is active +systemctl list-timers | grep pocketgrimoire + +# Check timer status +systemctl status pocketgrimoire-sync.timer + +# View sync logs +tail -f /var/log/pocketgrimoire-sync.log + +# Manually trigger sync (for testing) +sudo systemctl start pocketgrimoire-sync.service +``` + +--- + +## Media Encoding Requirements + +**All media MUST be encoded to these specifications for direct play:** + +### Video Codec +- **Codec:** H.264 (AVC) +- **Profile:** High +- **Level:** 4.1 +- **Bit depth:** 8-bit +- **Pixel format:** yuv420p +- **Container:** MKV or MP4 + +### Audio Codec +- **Primary:** AAC 2.0 (stereo, 192 kbps) +- **Optional:** AC3 5.1 (surround, if needed) +- **Avoid:** DTS, DTS-HD, TrueHD (these force audio transcoding) + +### Subtitles +- **Format:** SRT (SubRip Text) only +- **Avoid:** PGS/VobSub (image-based subs force video transcoding) +- **Location:** External .srt files or embedded in MKV + +### FFmpeg Encoding Command + +**Single file:** +```bash +ffmpeg -i input.mkv \ + -map 0:v:0 -map 0:a:0 -map 0:s? \ + -c:v libx264 -preset slow -crf 20 \ + -profile:v high -level 4.1 -pix_fmt yuv420p \ + -c:a aac -b:a 192k \ + -c:s srt \ + output.mkv +``` + +**CRF Quality Guide:** +- **18** - Near-lossless (large files, ~8-12 GB per movie) +- **20** - Excellent quality (recommended, ~4-6 GB per movie) +- **22** - Good quality (smaller files, ~3-4 GB per movie) + +**Batch encode directory:** +```bash +#!/bin/bash +for f in *.mkv; do + ffmpeg -i "$f" \ + -c:v libx264 -preset slow -crf 20 \ + -profile:v high -level 4.1 -pix_fmt yuv420p \ + -c:a aac -b:a 192k \ + -c:s srt \ + "${f%.mkv}.h264.mkv" +done +``` + +**Check existing media codec:** +```bash +ffprobe input.mkv 2>&1 | grep -E "Video:|Audio:" +``` + +**Verify direct play compatibility:** +```bash +# After encoding, verify: +ffprobe output.mkv 2>&1 | grep "h264" # Should show h264 +ffprobe output.mkv 2>&1 | grep "aac" # Should show aac +``` + +--- + +## Pre-Trip Checklist + +**Complete these tasks before traveling:** + +### 1. System Health Check +```bash +# Check ZFS pool health +sudo zpool status + +# Check disk space +df -h /srv/vaultpg /srv/mediapg + +# Check SSD health +sudo smartctl -a /dev/sdX # Replace with actual device + +# Verify Docker containers running +docker ps +``` + +### 2. Sync Everything +```bash +# Manually trigger sync +sudo systemctl start pocketgrimoire-sync.service + +# Wait for completion and verify +journalctl -u pocketgrimoire-sync.service -n 100 --no-pager +tail -n 200 /var/log/pocketgrimoire-sync.log +``` + +### 3. Test Media Playback +```bash +# Access Jellyfin +# Open: http://pocket-grimoire.local:8096 +# Play a movie +# Verify: Direct Play (check info during playback) +# No transcoding icon should appear +``` + +### 4. Test Offline Mode +```bash +# Disconnect from internet +# Verify services accessible: +# - http://pocket-grimoire.local:3000 (Wiki.js) +# - http://pocket-grimoire.local:8096 (Jellyfin) +# - http://pocket-grimoire.local:8080 (File Browser) + +# Test media playback offline +# Test wiki page browsing offline +``` + +### 5. Verify NFS Export +```bash +# On laptop +sudo mkdir -p /mnt/pocket-media +sudo mount -t nfs pocket-grimoire.local:/srv/mediapg /mnt/pocket-media +ls /mnt/pocket-media/library +sudo umount /mnt/pocket-media +``` + +### 6. Label Hardware +```bash +# Ensure all SSDs are labeled: +# - VAULT (always stays connected) +# - MEDIA-PERSONAL (for personal trips) +# - MEDIA-FAMILY (for family visits) +``` + +### 7. Pack Emergency Items +- [ ] Spare MicroSD card (Pi recovery) +- [ ] USB card reader +- [ ] Micro-HDMI to HDMI cable +- [ ] USB Ethernet adapter +- [ ] Extra cables (USB-C, HDMI) +- [ ] Flashlight +- [ ] Small screwdriver + +### 8. Document Passphrases +- [ ] ZFS encryption passphrases (written down, secured) + - VAULT (vaultpg): [write passphrase on paper] + - GREEN (greenpg): [write passphrase on paper] + - MEDIA-FAMILY (mediapg): N/A (unencrypted) +- [ ] VeraCrypt container passwords (if using, written down, secured) +- [ ] WiFi credentials for travel router (portapotty network) +- [ ] Jellyfin admin password +- [ ] Wiki.js admin password +- [ ] Stash admin password +- [ ] Keep all passphrases in secure location separate from device + +### 9. Test Headless Unlock Procedure (CRITICAL) +```bash +# At home, test the exact hotel deployment workflow + +# 1. Reboot Pi without monitor/keyboard attached +sudo reboot + +# 2. Wait 2-3 minutes for boot + +# 3. SSH from laptop +ssh user@pocket-grimoire.local + +# 4. Run unlock script +/usr/local/sbin/unlock-pocket-grimoire.sh + +# 5. Enter passphrases when prompted +# - VAULT passphrase (always) +# - GREEN passphrase (if GREEN drive connected for personal trip) +# - MEDIA-FAMILY has no passphrase (unencrypted) +# - VeraCrypt password (if applicable) + +# 6. Wait for Docker containers to start (~30 seconds) + +# 7. Verify all services running +docker ps + +# 8. Test access from browser +# http://pocket-grimoire.local:3000 (Wiki.js) +# http://pocket-grimoire.local:8096 (Jellyfin) +# http://pocket-grimoire.local:9999 (Stash) + +# 9. Test media playback in Jellyfin +# 10. Test Stash preview playback +# 11. Test NFS mount from laptop (optional) +``` + +**If anything fails during this test, debug at home before traveling!** + +### 10. Resync GREEN Drive When Connected to Netgrimoire + +**If you've physically moved the GREEN drive back to Netgrimoire for fast resyncing:** + +```bash +# On Netgrimoire with GREEN SSD connected + +# 1. Check which name the pool has +zpool list | grep -E "pocket-green|greenpg" + +# 2. Import if not already imported +# If pool is named "pocket-green": +sudo zpool import pocket-green + +# If pool is named "greenpg" (already renamed from Pocket): +sudo zpool import greenpg + +# 3. Load encryption key +sudo zfs load-key pocket-green # or greenpg +# Enter GREEN drive passphrase + +# 4. Mount datasets +sudo zfs mount -a + +# 5. Verify mounted +zfs list | grep -E "pocket-green|greenpg" +# Should show the Pocket dataset mounted + +# 6. Resync using syncoid +# If pool is named "pocket-green": +sudo syncoid vault/Green/Pocket pocket-green/Pocket + +# If pool is named "greenpg": +sudo syncoid vault/Green/Pocket greenpg/Pocket + +# Syncoid shows progress: +# Sending incremental vault/Green/Pocket@... +# 2.3GB 0:01:23 [28.4MB/s] [===============>] 100% + +# 7. Verify sync completed +zfs list pocket-green/Pocket # or greenpg/Pocket +du -sh /mnt/pocket-green/Pocket/ # or /srv/greenpg/Pocket + +# 8. Export pool before disconnecting +sudo zfs unmount -a +sudo zpool export pocket-green # or greenpg + +# 9. Safe to physically disconnect GREEN SSD +``` + +**Quick Commands Based on Pool Name:** + +```bash +# Check pool name first +POOL_NAME=$(zpool list | grep -oE "pocket-green|greenpg") +echo "Pool name: $POOL_NAME" + +# Then use appropriate commands +sudo zpool import $POOL_NAME +sudo zfs load-key $POOL_NAME +sudo zfs mount -a +sudo syncoid vault/Green/Pocket ${POOL_NAME}/Pocket +sudo zpool export $POOL_NAME +``` + +### 11. Configure Ongoing ZFS Sync (After Initial Setup) + +**Once drives are on Pocket Grimoire, set up ongoing sync from Netgrimoire:** + +```bash +# On Pocket Grimoire +# Create ZFS replication script + +sudo nano /usr/local/sbin/pocketgrimoire-zfs-pull.sh +``` + +```bash +#!/usr/bin/env bash +set -euo pipefail + +SRC_HOST="netgrimoire.local" +SSH_KEY="/srv/pocket-grimoire/keys/zfs_pull_ro" + +# Sync GREEN/Pocket dataset (personal media + Stash) +# This pulls incremental changes from vault/Green/Pocket to greenpg/Pocket +syncoid --no-sync-snap \ + --sshkey "${SSH_KEY}" \ + "root@${SRC_HOST}:vault/Green/Pocket" \ + "greenpg/Pocket" + +# Note: VAULT and MEDIA-FAMILY don't sync ongoing +# VAULT: Contains backups only, managed separately +# MEDIA-FAMILY: Manually updated when needed +``` + +```bash +sudo chmod +x /usr/local/sbin/pocketgrimoire-zfs-pull.sh +``` + +**This sync runs every 6 hours automatically and:** +- ✅ Syncs `/export/Green/Pocket/` from Netgrimoire +- ✅ Includes personal media updates +- ✅ Includes Stash database changes +- ✅ Includes new previews/blobs +- ✅ Only transfers incremental changes (fast) + +**Test sync manually:** +```bash +# Unlock pools first +/usr/local/sbin/unlock-pocket-grimoire.sh + +# Run sync +sudo /usr/local/sbin/pocketgrimoire-zfs-pull.sh + +# Check for new data +zfs list greenpg/Pocket +du -sh /srv/greenpg/Pocket/ +``` + +### 12. Verify Data Synced from Netgrimoire +```bash +# Check VAULT data present (backups only) +ls /srv/vaultpg/kopia/ +ls /srv/vaultpg/backups/ +ls /srv/vaultpg/repos/ +du -sh /srv/vaultpg/ + +# Check GREEN data (personal media + Stash) +ls /srv/greenpg/Pocket/media/library/ +ls /srv/greenpg/Pocket/stash/ +du -sh /srv/greenpg/Pocket/ + +# Or check MEDIA-FAMILY data (if that drive is connected) +ls /srv/mediapg/library/ +du -sh /srv/mediapg/ + +# Verify Stash database and previews (only on GREEN) +ls -lh /srv/greenpg/Pocket/stash/config/ +# Should show: stash-go.sqlite + +ls /srv/greenpg/Pocket/stash/generated/ | wc -l +# Should show: hundreds of preview files +``` + +--- + +## Drive Movement Workflow (VAULT, GREEN, MEDIA-FAMILY) + +This section covers moving SSDs between Netgrimoire and Pocket Grimoire for syncing and swapping. + +--- + +### VAULT Drive Movement + +**VAULT is normally ALWAYS CONNECTED to Pocket Grimoire**, but you may need to move it back to Netgrimoire for: +- Initial population with backup data +- Major updates to backup repositories +- Troubleshooting or recovery + +#### Connect VAULT to Netgrimoire + +```bash +# On Netgrimoire + +# Physical: Connect VAULT SSD via USB 3.0 or SATA + +# Import pool +sudo zpool import pocket-vault + +# Load encryption key +sudo zfs load-key pocket-vault +# Enter VAULT passphrase + +# Mount datasets +sudo zfs mount -a + +# Verify mounted +zfs list | grep pocket-vault +df -h | grep pocket-vault +``` + +#### Update VAULT on Netgrimoire + +```bash +# On Netgrimoire + +# Update Kopia repository +sudo kopia repository connect filesystem --path=/mnt/pocket-vault/kopia +sudo kopia snapshot create /path/to/backup/source + +# Sync Git repositories +sudo rsync -avP /export/vault/repos/ /mnt/pocket-vault/repos/ + +# Sync Wiki backups +sudo rsync -avP /srv/wikijs/backups/ /mnt/pocket-vault/backups/wiki/ + +# Sync photo/document backups +sudo rsync -avP /export/vault/photos/ /mnt/pocket-vault/backups/photos/ +sudo rsync -avP /export/vault/documents/ /mnt/pocket-vault/backups/documents/ + +# Verify updates +du -sh /mnt/pocket-vault/ +``` + +#### Disconnect VAULT from Netgrimoire + +```bash +# On Netgrimoire + +# Unmount datasets +sudo zfs unmount pocket-vault +# Or unmount all at once: +# sudo zfs unmount -a (be careful with this!) + +# Export pool +sudo zpool export pocket-vault + +# Verify exported +zpool list | grep pocket-vault +# Should show nothing + +# Physical: Disconnect VAULT SSD +``` + +#### Connect VAULT to Pocket Grimoire + +```bash +# Physical: Connect to Anker USB-A port #2 + +# On Pocket Grimoire (SSH) +ssh user@pocket-grimoire.local + +# Use unlock script (recommended) +/usr/local/sbin/unlock-pocket-grimoire.sh +# Enter VAULT passphrase when prompted + +# Or manual: +sudo zpool import pocket-vault vaultpg +sudo zfs load-key vaultpg +sudo zfs set mountpoint=/srv/vaultpg vaultpg +sudo zfs mount -a + +# Verify mounted +df -h | grep vaultpg +zfs list | grep vaultpg +``` + +--- + +### GREEN Drive Movement (Personal Media + Stash) + +**GREEN is rotated** - connected during personal trips, synced on Netgrimoire when updates needed. + +#### Connect GREEN to Netgrimoire + +```bash +# On Netgrimoire + +# Physical: Connect GREEN SSD via USB 3.0 or SATA + +# Check if drive detected +lsblk + +# Import pool +sudo zpool import greenpg + +# Load encryption key +sudo zfs load-key greenpg +# Enter GREEN passphrase + +# Mount datasets +sudo zfs mount -a + +# Verify mounted +zfs list | grep greenpg +df -h | grep greenpg + +# Should show: +# greenpg 5.00T 2.14T 280K /srv/greenpg +# greenpg/Pocket 5.00T 2.14T 5.00T /srv/greenpg/Pocket +``` + +#### Update GREEN on Netgrimoire + +**Using Syncoid (Recommended):** + +```bash +# On Netgrimoire + +# Sync from vault/Green/Pocket to GREEN drive +sudo syncoid vault/Green/Pocket greenpg/Pocket + +# Progress shown: +# Sending incremental vault/Green/Pocket@... +# 2.3GB 0:01:23 [28.4MB/s] [===============>] 100% + +# Verify sync completed +zfs list greenpg/Pocket +du -sh /srv/greenpg/Pocket/ + +# Check latest snapshot +zfs list -t snapshot greenpg/Pocket | tail -3 +``` + +**Manual file updates (if needed):** + +```bash +# On Netgrimoire + +# Add new media +sudo cp /path/to/new/movie.mp4 /srv/greenpg/Pocket/media/library/movies/ + +# Add new TV episodes +sudo cp -r /path/to/show/Season02 /srv/greenpg/Pocket/media/library/tv/ShowName/ + +# Add VeraCrypt containers +sudo cp /path/to/sensitive.vc /srv/greenpg/Pocket/veracrypt/ + +# Update Stash data (usually automatic via syncoid) +# Stash database, previews, and blobs sync automatically +``` + +#### Disconnect GREEN from Netgrimoire + +```bash +# On Netgrimoire + +# Stop any processes using the drive +sudo lsof | grep greenpg +# Kill processes if needed + +# Unmount datasets +sudo zfs unmount greenpg/Pocket +sudo zfs unmount greenpg + +# Export pool (CRITICAL!) +sudo zpool export greenpg + +# Verify exported +zpool list | grep greenpg +# Should show nothing + +# Verify ready for import elsewhere +sudo zpool import | grep greenpg +# Should show pool available + +# Physical: Disconnect GREEN SSD +``` + +#### Connect GREEN to Pocket Grimoire + +```bash +# Physical: Connect to Raspberry Pi USB 3.0 port (blue port) + +# On Pocket Grimoire (SSH) +ssh user@pocket-grimoire.local + +# Use unlock script (recommended) +/usr/local/sbin/unlock-pocket-grimoire.sh +# Enter passphrases when prompted + +# Or manual: +sudo zpool import greenpg +sudo zfs load-key greenpg +sudo zfs set mountpoint=/srv/greenpg greenpg +sudo zfs set mountpoint=/srv/greenpg/Pocket greenpg/Pocket +sudo zfs mount -a + +# Start Docker containers +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d +cd /srv/pocket-grimoire/stacks/stash && docker compose up -d + +# Verify services +docker ps +``` + +**Test services:** +```bash +# From browser (on portapotty WiFi) +http://pocket-grimoire.local:8096 # Jellyfin +http://pocket-grimoire.local:9999 # Stash +``` + +#### Disconnect GREEN from Pocket Grimoire + +```bash +# On Pocket Grimoire (SSH) +ssh user@pocket-grimoire.local + +# Stop Docker containers using GREEN +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose down + +cd /srv/pocket-grimoire/stacks/stash +docker compose down + +# Unmount VeraCrypt (if using) +sudo veracrypt --text --dismount-all + +# Unmount datasets +sudo zfs unmount greenpg/Pocket +sudo zfs unmount greenpg + +# Export pool +sudo zpool export greenpg + +# Verify exported +zpool list | grep greenpg +# Should show nothing + +# Physical: Disconnect GREEN SSD +``` + +--- + +### MEDIA-FAMILY Drive Movement (Family Content) + +**MEDIA-FAMILY is rotated** - connected during family trips, manually updated as needed. + +#### Connect MEDIA-FAMILY to Netgrimoire + +```bash +# On Netgrimoire + +# Physical: Connect MEDIA-FAMILY SSD via USB 3.0 or SATA + +# Import pool (no encryption key needed - unencrypted) +sudo zpool import pocket-media + +# Mount datasets +sudo zfs mount -a + +# Verify mounted +zfs list | grep pocket-media +df -h | grep pocket-media +``` + +#### Update MEDIA-FAMILY on Netgrimoire + +```bash +# On Netgrimoire + +# Add new family movies +sudo cp /export/vault/media/family-movies/*.mp4 \ + /mnt/pocket-media/library/movies/ + +# Add new family TV shows +sudo rsync -avP \ + /export/vault/media/family-shows/NewShow/ \ + /mnt/pocket-media/library/tv/NewShow/ + +# Remove old content to free space +sudo rm -rf /mnt/pocket-media/library/movies/OldMovie/ +sudo rm -rf /mnt/pocket-media/library/tv/OldShow/ + +# Verify space usage +du -sh /mnt/pocket-media/library/ +df -h /mnt/pocket-media +``` + +#### Disconnect MEDIA-FAMILY from Netgrimoire + +```bash +# On Netgrimoire + +# Unmount datasets +sudo zfs unmount pocket-media + +# Export pool +sudo zpool export pocket-media + +# Verify exported +zpool list | grep pocket-media +# Should show nothing + +# Physical: Disconnect MEDIA-FAMILY SSD +``` + +#### Connect MEDIA-FAMILY to Pocket Grimoire + +```bash +# Physical: Connect to Raspberry Pi USB 3.0 port (blue port) +# Note: Only connect ONE media drive at a time (GREEN or MEDIA-FAMILY) + +# On Pocket Grimoire (SSH) +ssh user@pocket-grimoire.local + +# Import pool and rename +sudo zpool import pocket-media mediapg + +# Set mount point +sudo zfs set mountpoint=/srv/mediapg mediapg + +# Mount datasets (no encryption key needed) +sudo zfs mount -a + +# Verify mounted +df -h | grep mediapg +zfs list | grep mediapg + +# Start Jellyfin +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose up -d + +# Verify +docker ps | grep jellyfin +``` + +**Test Jellyfin:** +```bash +# From browser +http://pocket-grimoire.local:8096 +# Should show family-friendly media +``` + +#### Disconnect MEDIA-FAMILY from Pocket Grimoire + +```bash +# On Pocket Grimoire (SSH) +ssh user@pocket-grimoire.local + +# Stop Jellyfin +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose down + +# Unmount datasets +sudo zfs unmount mediapg + +# Export pool +sudo zpool export mediapg + +# Verify exported +zpool list | grep mediapg +# Should show nothing + +# Physical: Disconnect MEDIA-FAMILY SSD +``` + +--- + +### Swapping Media Drives (GREEN ↔ MEDIA-FAMILY) + +**To swap from GREEN to MEDIA-FAMILY on Pocket Grimoire:** + +```bash +# On Pocket Grimoire + +# 1. Disconnect GREEN (see above) +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose down +cd /srv/pocket-grimoire/stacks/stash && docker compose down +sudo zfs unmount greenpg/Pocket +sudo zfs unmount greenpg +sudo zpool export greenpg +# Physically disconnect GREEN SSD + +# 2. Connect MEDIA-FAMILY (see above) +# Physically connect MEDIA-FAMILY SSD +sudo zpool import pocket-media mediapg +sudo zfs set mountpoint=/srv/mediapg mediapg +sudo zfs mount -a +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d + +# Note: Stash won't work with MEDIA-FAMILY (no Stash data on that drive) +# Only Jellyfin uses MEDIA-FAMILY +``` + +**To swap from MEDIA-FAMILY to GREEN:** + +```bash +# On Pocket Grimoire + +# 1. Disconnect MEDIA-FAMILY +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose down +sudo zfs unmount mediapg +sudo zpool export mediapg +# Physically disconnect MEDIA-FAMILY SSD + +# 2. Connect GREEN +# Physically connect GREEN SSD +sudo zpool import greenpg +sudo zfs load-key greenpg +sudo zfs mount -a +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d +cd /srv/pocket-grimoire/stacks/stash && docker compose up -d + +# Both Jellyfin and Stash work with GREEN +``` + +--- + +### Quick Reference: Drive Movement Commands + +**VAULT:** +```bash +# To Netgrimoire: +sudo zpool import pocket-vault +sudo zfs load-key pocket-vault +sudo zfs mount -a + +# From Netgrimoire: +sudo zfs unmount pocket-vault +sudo zpool export pocket-vault + +# To Pocket: +sudo zpool import pocket-vault vaultpg +sudo zfs load-key vaultpg +sudo zfs mount -a +``` + +**GREEN:** +```bash +# To Netgrimoire: +sudo zpool import greenpg +sudo zfs load-key greenpg +sudo zfs mount -a +sudo syncoid vault/Green/Pocket greenpg/Pocket # Update + +# From Netgrimoire: +sudo zfs unmount greenpg/Pocket && sudo zfs unmount greenpg +sudo zpool export greenpg + +# To Pocket: +/usr/local/sbin/unlock-pocket-grimoire.sh # Easy way +# Or manual: import → load-key → mount → start containers + +# From Pocket: +docker compose down # Stop jellyfin & stash +sudo zfs unmount greenpg/Pocket && sudo zfs unmount greenpg +sudo zpool export greenpg +``` + +**MEDIA-FAMILY:** +```bash +# To Netgrimoire: +sudo zpool import pocket-media +sudo zfs mount -a +# Add/remove content + +# From Netgrimoire: +sudo zfs unmount pocket-media +sudo zpool export pocket-media + +# To Pocket: +sudo zpool import pocket-media mediapg +sudo zfs set mountpoint=/srv/mediapg mediapg +sudo zfs mount -a +docker compose up -d # Start jellyfin + +# From Pocket: +docker compose down # Stop jellyfin +sudo zfs unmount mediapg +sudo zpool export mediapg +``` + +--- + +### Typical Use Cases + +**Before Personal Trip:** +1. Connect GREEN to Netgrimoire +2. Update: `sudo syncoid vault/Green/Pocket greenpg/Pocket` +3. Disconnect from Netgrimoire +4. Connect GREEN to Pocket Grimoire +5. Test Jellyfin and Stash + +**Before Family Visit:** +1. Disconnect GREEN from Pocket (if connected) +2. Connect MEDIA-FAMILY to Netgrimoire +3. Add/update family content +4. Disconnect from Netgrimoire +5. Connect MEDIA-FAMILY to Pocket Grimoire +6. Test Jellyfin + +**Weekly at Home (No Drive Movement):** +- Leave drives in Pocket Grimoire +- Use network sync: `/usr/local/sbin/pocketgrimoire-zfs-pull.sh` +- Automatic every 6 hours + +--- + +## Deployment Procedure + +**Hotel/Travel Location Setup:** + +### Physical Setup (5 minutes) +1. Unpack Pocket Grimoire enclosure +2. Connect Beryl AX to hotel WiFi (configure via phone app or admin panel) +3. Connect Pi to Beryl AX via Ethernet (CAT5 cable) +4. Plug Anker Prime into wall outlet +5. Connect all USB devices to Anker Prime: + - VAULT SSD → Anker USB-A port #2 + - Media SSD (PERSONAL or FAMILY) → Pi USB 3.0 port + - Beryl AX → Anker USB-C retractable port + - Pi → Anker USB-A port #1 +6. Power on (wait 2-3 minutes for boot) + +### SSH Connection (1 minute) +```bash +# From laptop (connected to portapotty WiFi) +ssh user@pocket-grimoire.local + +# If .local doesn't work, find Pi's IP: +# - Check Beryl AX admin: http://192.168.8.1 +# - Look for "pocket-grimoire" in client list +# - SSH via IP: ssh user@192.168.8.50 +``` + +### ZFS Unlock (2-3 minutes) +```bash +# Run unlock script +/usr/local/sbin/unlock-pocket-grimoire.sh + +# Script will prompt for passphrases: +# Enter passphrase for 'vaultpg': [type VAULT passphrase] +# Enter passphrase for 'mediapg': [type MEDIA-PERSONAL passphrase] +# (MEDIA-FAMILY is unencrypted, no passphrase needed) + +# Script automatically: +# - Unlocks ZFS pools +# - Mounts all datasets +# - Starts Docker service +# - Starts all containers (Wiki.js, Jellyfin, Stash) +# - Displays service URLs + +# Total unlock time: ~2-3 minutes +``` + +### Verify Services (1 minute) +### Verify Services (1 minute) +```bash +# Check Docker containers running +docker ps + +# Should show: +# pocketgrimoire_wikijs +# pocketgrimoire_db +# pocketgrimoire_jellyfin +# pocketgrimoire_stash + +# Check ZFS pools mounted +df -h | grep srv + +# Should show: +# vaultpg mounted on /srv/vaultpg +# mediapg mounted on /srv/mediapg +``` + +### Access Services (1 minute) +**From laptop browser (connected to portapotty WiFi):** +- Wiki.js: `http://pocket-grimoire.local:3000` +- Jellyfin: `http://pocket-grimoire.local:8096` +- Stash: `http://pocket-grimoire.local:9999` +- File Browser: `http://pocket-grimoire.local:8080` (if enabled) + +**From Onn Streaming Boxes:** +- Configure Jellyfin app: Server `http://pocket-grimoire.local:8096` +- Configure StashApp: Server `http://pocket-grimoire.local:9999` + +**Total setup time: ~10-12 minutes** + +### If Unlock Script Fails + +**Manual unlock procedure:** +```bash +# SSH into Pi +ssh user@pocket-grimoire.local + +# Import pools +sudo zpool import vaultpg +sudo zpool import mediapg + +# Load encryption keys +sudo zfs load-key vaultpg +sudo zfs load-key mediapg # Only if MEDIA-PERSONAL (encrypted) + +# Mount datasets +sudo zfs mount -a + +# Verify +df -h | grep srv + +# Start Docker +sudo systemctl start docker + +# Start containers +cd /srv/pocket-grimoire/stacks/wikijs && docker compose up -d +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose up -d +cd /srv/pocket-grimoire/stacks/stash && docker compose up -d +``` +```bash +# Check Docker containers +docker ps + +# Should see: +# - pocketgrimoire_db (PostgreSQL) +# - pocketgrimoire_wikijs (Wiki.js) +# - pocketgrimoire_jellyfin (Jellyfin) +# - pocketgrimoire_filebrowser (File Browser, if enabled) +``` + +### Connect Onn Boxes (5 minutes) +1. Power on Onn streaming box +2. Connect to hotel TV via HDMI +3. Configure Onn to connect to Beryl AX WiFi network +4. Install Jellyfin app on Onn (if not already installed) +5. Open Jellyfin app +6. Add server: `http://pocket-grimoire.local:8096` +7. Login and browse library + +### Laptop Setup (2 minutes) +```bash +# Mount NFS share (optional, for Jellyfin client on laptop) +sudo mkdir -p /mnt/pocket-media +sudo mount -t nfs pocket-grimoire.local:/srv/mediapg /mnt/pocket-media + +# Or configure in /etc/fstab for persistence: +pocket-grimoire.local:/srv/mediapg /mnt/pocket-media nfs defaults,_netdev 0 0 +``` + +**Total setup time: ~15 minutes** + +--- + +## Troubleshooting + +### Pi Won't Boot +1. Check power LED on Pi (should be solid red) +2. Check ACT LED (should blink green during boot) +3. If no LEDs: Check USB-C cable and Anker USB-A port +4. If ACT LED doesn't blink: MicroSD card issue + - Use spare MicroSD card + - Reflash OS with USB card reader + +### ZFS Pools Won't Mount +```bash +# Check pool status +sudo zpool status + +# Import pool manually +sudo zpool import -a + +# Load encryption keys +sudo zfs load-key vaultpg +sudo zfs load-key greenpg # GREEN drive + +# Mount all +sudo zfs mount -a + +# If corruption detected +sudo zpool scrub vaultpg +sudo zpool scrub greenpg +``` + +### Pool Name Confusion (pocket-green vs greenpg) + +**Problem:** You're not sure if your GREEN pool is named `pocket-green` or `greenpg` + +**Solution:** +```bash +# Check which name the pool has +zpool list | grep -E "pocket-green|greenpg" + +# If on Netgrimoire (initial build): Usually "pocket-green" +# If on Pocket Grimoire: Always "greenpg" (renamed during import) +# If moved back to Netgrimoire: Keeps "greenpg" name from Pocket + +# Import using the correct name +sudo zpool import pocket-green # if shows pocket-green +# OR +sudo zpool import greenpg # if shows greenpg + +# For syncoid, use whichever name it has: +sudo syncoid vault/Green/Pocket pocket-green/Pocket # if pocket-green +# OR +sudo syncoid vault/Green/Pocket greenpg/Pocket # if greenpg +``` + +**Why the name changes:** +- Created on Netgrimoire: `pocket-green` (temporary name for building) +- Imported to Pocket: Renamed to `greenpg` (permanent name for travel) +- Moved back to Netgrimoire: Keeps `greenpg` name (doesn't revert) + +**Best practice:** After first import to Pocket, the pool is permanently `greenpg` + +### Kanguru UltraLock UAS Errors / Pool Suspended + +**Symptoms:** +- ZFS pool repeatedly suspending with `error=5` (EIO) +- dmesg showing `uas_eh_abort_handler` every ~30 seconds +- Pool status shows `SUSPENDED` +- Drive resets cycling: `uas_eh_device_reset_handler start/success` repeating + +``` +sd 0:0:0:0: [sda] tag#8 uas_eh_abort_handler 0 uas-tag 3 inflight: CMD IN +scsi host0: uas_eh_device_reset_handler start +scsi host0: uas_eh_device_reset_handler success +WARNING: Pool 'greenpg' has encountered an uncorrectable I/O failure and has been suspended. +``` + +**Root Cause:** + +The Kanguru UltraLock (`idVendor=1e1d, idProduct=2001`) uses the UAS driver by default. The Raspberry Pi 4's xhci USB controller has a known incompatibility with UAS on certain drives. The fix is to force the drive to use the `usb-storage` driver instead via a kernel quirk parameter. + +**Fix (Ubuntu Pi — permanent):** + +```bash +# Edit the correct cmdline file (NOT /boot/firmware/cmdline.txt) +sudo nano /boot/firmware/current/cmdline.txt +``` + +Add `usb-storage.quirks=1e1d:2001:u` to the end of the existing single line: + +``` +console=serial0,115200 multipath=off dwc_otg.lpm_enable=0 console=tty1 root=LABEL=writable rootfstype=ext4 panic=10 rootwait fixrtc usb-storage.quirks=1e1d:2001:u +``` + +```bash +# Verify: should show ONE $ at end, no blank lines +cat -A /boot/firmware/current/cmdline.txt + +# Reboot +sudo reboot +``` + +**Verify fix after reboot:** + +```bash +sudo dmesg | grep -i "kanguru\|uas\|usb-storage" | head -10 +``` + +Confirmed working output: +``` +usb 2-2: UAS is ignored for this device, using usb-storage instead +usb-storage 2-2:1.0: USB Mass Storage device detected +usb-storage 2-2:1.0: Quirks match for vid 1e1d pid 2001: 800000 +scsi host0: usb-storage 2-2:1.0 +``` + +**Recover suspended pool after applying fix:** + +```bash +sudo zpool clear greenpg +sudo zfs load-key greenpg/Pocket +sudo zfs mount -a +``` + +If pool has data errors from before the fix: +```bash +sudo zpool status -v greenpg +sudo zpool scrub greenpg +# If metadata errors remain and can't be repaired, destroy and resync from Netgrimoire +``` + +**Why `/boot/firmware/cmdline.txt` doesn't work:** + +On Ubuntu Pi, `/boot/firmware/config.txt` only reads `cmdline=cmdline.txt` under the `[tryboot]` section. The active boot uses `/boot/firmware/current/cmdline.txt` instead. This differs from Raspberry Pi OS where `/boot/firmware/cmdline.txt` is the correct file. + +**Hardware reference:** +- Kanguru UltraLock USB ID: `1e1d:2001` +- Pi 4 USB controller: xhci_hcd (Broadcom BCM2711) +- Issue: xhci + UAS incompatibility on large USB drives + +*Fix discovered and documented during greenpg pool troubleshooting, February 2026* + +### Docker Containers Not Starting +```bash +# Check if ZFS pools are mounted first +zfs list + +# Check Docker service +sudo systemctl status docker + +# View container logs +docker logs pocketgrimoire_wikijs +docker logs pocketgrimoire_jellyfin + +# Restart containers +cd /srv/pocket-grimoire/stacks/wikijs +docker compose restart + +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose restart +``` + +### Jellyfin Shows Transcoding +**This should never happen - all media must be direct play only** + +1. During playback, click info icon +2. If "Transcoding" appears: + - Media is not H.264/AAC + - Re-encode media before next trip + - Do NOT allow transcoding on Pi (will overheat/crash) + +3. Verify media codec: + ```bash + ffprobe /srv/mediapg/library/movies/example.mkv + ``` + +4. If incorrect codec, re-encode: + ```bash + ffmpeg -i input.mkv -c:v libx264 -preset slow -crf 20 \ + -profile:v high -level 4.1 -pix_fmt yuv420p \ + -c:a aac -b:a 192k -c:s srt output.mkv + ``` + +### NFS Mount Fails on Laptop +```bash +# Check if NFS is running on Pi +ssh user@pocket-grimoire.local +sudo systemctl status nfs-server + +# Check exports +sudo exportfs -v + +# Try manual mount with verbose +sudo mount -v -t nfs pocket-grimoire.local:/srv/mediapg /mnt/pocket-media + +# Check firewall (if enabled) +sudo ufw status +``` + +### Wiki.js Not Loading +```bash +# Check container status +docker ps | grep wikijs + +# Check logs +docker logs pocketgrimoire_wikijs +docker logs pocketgrimoire_db + +# Restart Wiki.js stack +cd /srv/pocket-grimoire/stacks/wikijs +docker compose restart + +# Check database +docker exec -it pocketgrimoire_db psql -U wikijs -d wikijs -c "\dt" +``` + +### VeraCrypt Container Won't Mount + +**Check container exists:** +```bash +ls -lh /srv/vaultpg/veracrypt-containers/ +# Should show vault.vc file +``` + +**Verify VeraCrypt is installed:** +```bash +veracrypt --text --version +# Should show version number +``` + +**Try mounting with verbose output:** +```bash +sudo veracrypt --text --verbose \ + --mount /srv/vaultpg/veracrypt-containers/vault.vc \ + /mnt/veracrypt/vault1 +``` + +**Common issues:** +- **Wrong password:** Re-enter carefully (passwords are case-sensitive) +- **Container corrupted:** Try mounting read-only: + ```bash + sudo veracrypt --text --mount --protect-hidden=no \ + /srv/vaultpg/veracrypt-containers/vault.vc \ + /mnt/veracrypt/vault1 + ``` +- **Already mounted elsewhere:** Unmount first: + ```bash + sudo veracrypt --text --dismount /mnt/veracrypt/vault1 + ``` +- **FUSE not available:** + ```bash + sudo apt install -y fuse libfuse2 + sudo modprobe fuse + ``` + +**Check what's mounted:** +```bash +veracrypt --text --list +mount | grep veracrypt +``` + +**Force unmount (if stuck):** +```bash +sudo veracrypt --text --force --dismount /mnt/veracrypt/vault1 +# Or: +sudo umount -f /mnt/veracrypt/vault1 +``` + +**Verify container integrity:** +```bash +# Test mount without password (will fail but shows if container is valid) +sudo veracrypt --test /srv/vaultpg/veracrypt-containers/vault.vc +``` +cd /srv/pocket-grimoire/stacks/wikijs +docker compose restart + +# Check database +docker exec -it pocketgrimoire_db psql -U wikijs -d wikijs -c "\dt" +``` + +### Sync Failures +```bash +# Check sync log +tail -n 200 /var/log/pocketgrimoire-sync.log + +# Check ntfy notifications (should have received failure alert) + +# Manually run sync +sudo /usr/local/sbin/pocketgrimoire-sync.sh + +# Check timer status +systemctl status pocketgrimoire-sync.timer +systemctl list-timers | grep pocketgrimoire + +# Reset timer +sudo systemctl restart pocketgrimoire-sync.timer +``` + +### Beryl AX Won't Connect to Hotel WiFi +1. Access Beryl AX admin panel: `http://192.168.8.1` +2. Navigate to: Internet → Repeater +3. Scan for hotel WiFi networks +4. Connect (may require captive portal login) +5. If captive portal required: + - Connect phone to Beryl AX WiFi + - Open browser, complete hotel WiFi login + - Beryl AX will inherit connection + +### Pi Overheating +**Should not happen with media-only stack** + +```bash +# Check temperature +vcgencmd measure_temp + +# Normal: <60°C idle, <70°C under load +# Warning: >70°C +# Critical: >80°C + +# If overheating: +# 1. Ensure passive heatsink case is properly installed +# 2. Verify Pi is not in enclosed space (needs airflow) +# 3. Check if transcoding is occurring (should never happen) +# 4. Check for runaway processes +htop +``` + +--- + +## Shutdown Procedure + +**Proper shutdown to protect encrypted ZFS pools (headless operation):** + +### From SSH (Recommended) +```bash +# SSH into Pi from laptop +ssh user@pocket-grimoire.local + +# Stop Docker containers +cd /srv/pocket-grimoire/stacks/wikijs +docker compose down + +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose down + +cd /srv/pocket-grimoire/stacks/stash +docker compose down + +# Optional: Stop other containers +cd /srv/pocket-grimoire/stacks/filebrowser +docker compose down + +# Unmount VeraCrypt containers (if using) +sudo veracrypt --text --dismount /mnt/veracrypt/vault1 +# Or dismount all: +sudo veracrypt --text --dismount-all + +# Verify unmounted +veracrypt --text --list +# Should show "No volumes mounted" + +# Unmount and export ZFS pools +sudo zfs unmount -a + +# Export VAULT (always present) +sudo zpool export vaultpg + +# Export GREEN (if connected for personal trip) +if zpool list greenpg &>/dev/null; then + sudo zpool export greenpg +fi + +# Export MEDIA-FAMILY (if connected for family trip) +if zpool list mediapg &>/dev/null; then + sudo zpool export mediapg +fi + +# Verify pools exported +zpool list +# Should NOT show vaultpg, greenpg, or mediapg + +# Shutdown Pi +sudo shutdown -h now + +# Wait 30 seconds for complete shutdown +# Pi's green ACT LED will stop blinking +# Red power LED will turn off +# Safe to unplug power +``` + +**Total shutdown time: ~2-3 minutes** + +### Emergency Shutdown +**If SSH is unavailable or Pi is unresponsive:** + +1. Stop all network activity: + - Unplug Ethernet cable from Pi + - Wait 10 seconds + +2. Power off: + - Unplug power from Anker Prime (pulls power from everything) + - Wait 10 seconds + +3. Consequences: + - ZFS pools may need recovery on next boot (usually auto-repairs) + - VeraCrypt containers are generally safe with sudden unmount + - Docker containers will need restart + - No data loss expected (ZFS is resilient) + +**Note:** ZFS and VeraCrypt are resilient to sudden power loss, but proper shutdown is always better for data integrity. + +### Shutdown Checklist + +Before leaving hotel: +- [ ] SSH into Pocket Grimoire +- [ ] Stop all Docker containers +- [ ] Unmount VeraCrypt (if using) +- [ ] Export ZFS pools (vaultpg, mediapg) +- [ ] Shutdown Pi (`sudo shutdown -h now`) +- [ ] Wait for Pi LEDs to turn off (30 seconds) +- [ ] Unplug power from Anker Prime +- [ ] Disconnect and pack all equipment + +**Never skip the ZFS export step!** Exporting pools ensures: +- All data is flushed to disk +- Filesystem is marked clean +- Prevents corruption +- Allows pools to be imported cleanly on next boot + +--- + +## Maintenance + +### Weekly (While at Home) +```bash +# Check ZFS pool health +sudo zpool status + +# Check for errors +sudo zpool status -v | grep -i error + +# Verify sync is working +tail -n 50 /var/log/pocketgrimoire-sync.log + +# Check Docker disk usage +docker system df +``` + +### Monthly +```bash +# Run ZFS scrub (verify data integrity) +sudo zpool scrub vaultpg +sudo zpool scrub mediapg + +# Check scrub results (after completion, usually 1-2 hours) +sudo zpool status + +# Update system packages +sudo apt update && sudo apt upgrade -y + +# Update Docker images +cd /srv/pocket-grimoire/stacks/wikijs +docker compose pull +docker compose up -d + +cd /srv/pocket-grimoire/stacks/jellyfin +docker compose pull +docker compose up -d + +# Prune unused Docker images +docker system prune -a +``` + +### Before Each Trip +- Run pre-trip checklist (see section above) +- Verify all media plays directly (no transcoding) +- Test offline mode +- Check battery/charge status of all devices +- Update any documentation that changed + +### After Each Trip +```bash +# Check for any errors in logs +journalctl -p err -b +tail -n 500 /var/log/pocketgrimoire-sync.log + +# Verify ZFS pool health +sudo zpool status + +# Check SSD health +sudo smartctl -a /dev/sdX + +# Review and clear old sync logs if needed +sudo truncate -s 0 /var/log/pocketgrimoire-sync.log +``` + +--- + +## Service Access Summary + +**When connected to Pocket Grimoire network:** + +``` +Wiki.js: http://pocket-grimoire.local:3000 +Jellyfin: http://pocket-grimoire.local:8096 +File Browser: http://pocket-grimoire.local:8080 +Dozzle: http://pocket-grimoire.local:9999 +SSH: ssh user@pocket-grimoire.local +NFS Media: nfs://pocket-grimoire.local/srv/mediapg +Router Admin: http://192.168.8.1 +``` + +--- + +## Resource Profile + +### Idle (At Home, Syncing) +``` +Wiki.js + PostgreSQL: ~250MB RAM +Jellyfin (idle): ~150MB RAM +ZFS ARC (capped): ~512MB RAM +System overhead: ~200MB RAM +───────────────────────────────── +Total: ~1.1GB / 8GB RAM +CPU: <5% +Temperature: Cool (<60°C) +``` + +### Media Playback (Direct Play) +``` +Jellyfin (serving): ~200MB RAM +NFS: ~50MB RAM +No transcoding: 0 CPU spike +───────────────────────────────── +Total: ~1.4GB / 8GB RAM +CPU: <10% +Temperature: Cool (<65°C) +``` + +**The Pi should remain cool and quiet during all operations.** + +--- + +## Security Notes + +### Encryption +- **ZFS Encryption:** Both SSDs use native ZFS encryption + - Passphrases required on boot (manual unlock) + - Family media SSD is unencrypted (for portability/sharing) + - SSH keys are stored on encrypted Vault SSD +- **VeraCrypt Containers (Optional):** Additional encryption layer + - Encrypted file containers within ZFS-encrypted drives (nested encryption) + - Separate passwords for different data sets + - Portable containers can be moved to other systems + - Cross-platform compatibility (Windows, Mac, Linux) + +### Network Security +- All services bound to LAN only (not exposed to WAN) +- Beryl AX handles firewall and VPN routing +- No services accept connections from internet directly +- WireGuard VPN to Netgrimoire when online + +### Physical Security +- Pocket Grimoire is a physical device - keep secure +- Encrypted SSDs protect data at rest +- ZFS and/or VeraCrypt passphrases required on boot (prevents unauthorized access) +- Keep all encryption passphrases separate from device +- Consider: Write passphrases on paper, store in secure location + +### Backup Strategy +- Pocket Grimoire is a mirror, not primary storage +- All data originates from Netgrimoire (source of truth) +- ZFS replication provides redundancy +- VeraCrypt containers sync like any other file +- Can rebuild Pocket Grimoire from Netgrimoire if needed + +### Encryption Best Practices +- **Use strong passphrases:** 20+ characters, mix of types +- **Don't reuse passwords:** ZFS ≠ VeraCrypt ≠ services +- **Document recovery:** Write down passphrases (paper, not digital) +- **Test recovery:** Verify you can unlock before traveling +- **Secure storage:** Keep passphrase backup separate from device + +--- + +## Appendix A: System Specifications + +### Raspberry Pi 4 (8GB) +- CPU: Broadcom BCM2711, Quad-core Cortex-A72 @ 1.5GHz +- RAM: 8GB LPDDR4-3200 +- Storage: MicroSD (OS) + 2× USB 3.0 SSDs (data) +- Network: Gigabit Ethernet + WiFi 5 (802.11ac) +- Power: 5V/3A via USB-C (15W) + +### GL.iNet Beryl AX (GL-MT3000) +- CPU: MediaTek MT7981B, Dual-core ARM Cortex-A53 @ 1.3GHz +- RAM: 512MB DDR4 +- WiFi: WiFi 6 (802.11ax) dual-band +- VPN: WireGuard, OpenVPN +- Ports: 1× WAN, 1× LAN, 1× USB 3.0 +- Power: USB-C, 12W max + +### Anker Prime 200W (Model A2683) +- Total Output: 200W +- USB-C Ports: 4× (100W max each) +- USB-A Ports: 2× (5V/3A, 15W max each) +- AC Outlets: 2× +- Surge Protection: Yes + +### Storage Configuration +- SSD #1 (Vault): 1-2TB, encrypted ZFS +- SSD #2 (Personal Media): 2TB+, encrypted ZFS +- SSD #3 (Family Media): 2TB+, unencrypted ZFS +- Total capacity: 5-6TB (2 active at a time) + +--- + +## Appendix B: Quick Reference Commands + +### System Status +```bash +# Check ZFS pools +sudo zpool status + +# Check mounted filesystems +df -h + +# Check memory usage +free -h + +# Check temperature +vcgencmd measure_temp + +# Check Docker containers +docker ps + +# Check system load +htop +``` + +### VeraCrypt Operations +```bash +# Mount VeraCrypt container +sudo veracrypt --text --mount \ + /srv/vaultpg/veracrypt-containers/vault.vc \ + /mnt/veracrypt/vault1 + +# Or use helper script +sudo /usr/local/sbin/mount-veracrypt-vault.sh + +# List mounted volumes +veracrypt --text --list + +# Check what's in mounted container +ls -lh /mnt/veracrypt/vault1 + +# Unmount specific volume +sudo veracrypt --text --dismount /mnt/veracrypt/vault1 + +# Unmount all VeraCrypt volumes +sudo veracrypt --text --dismount-all + +# Force unmount (if stuck) +sudo veracrypt --text --force --dismount /mnt/veracrypt/vault1 + +# Check VeraCrypt version +veracrypt --text --version +``` +sudo zpool status + +# Check mounted filesystems +df -h + +# Check memory usage +free -h + +# Check temperature +vcgencmd measure_temp + +# Check Docker containers +docker ps + +# Check system load +htop +``` + +### Service Management +```bash +# Restart Wiki.js +cd /srv/pocket-grimoire/stacks/wikijs && docker compose restart + +# Restart Jellyfin +cd /srv/pocket-grimoire/stacks/jellyfin && docker compose restart + +# View Wiki.js logs +docker logs -f pocketgrimoire_wikijs + +# View Jellyfin logs +docker logs -f pocketgrimoire_jellyfin + +# Restart NFS +sudo systemctl restart nfs-server +``` + +### Sync Management +```bash +# Check sync timer status +systemctl status pocketgrimoire-sync.timer + +# View recent sync logs +tail -n 200 /var/log/pocketgrimoire-sync.log + +# Manually trigger sync +sudo systemctl start pocketgrimoire-sync.service + +# Watch sync in real-time +tail -f /var/log/pocketgrimoire-sync.log +``` + +### ZFS Operations +```bash +# List all pools and datasets +zfs list + +# Check pool health +sudo zpool status + +# Load encryption keys +sudo zfs load-key vaultpg +sudo zfs load-key mediapg + +# Mount all datasets +sudo zfs mount -a + +# Unmount all datasets +sudo zfs unmount -a + +# Export pools (before shutdown) +sudo zpool export vaultpg +sudo zpool export mediapg + +# Import pools +sudo zpool import vaultpg +sudo zpool import mediapg + +# Start scrub (data verification) +sudo zpool scrub vaultpg + +# Check scrub progress +sudo zpool status -v +``` + +### Network Diagnostics +```bash +# Check network interfaces +ip addr + +# Test connectivity to router +ping 192.168.8.1 + +# Test DNS resolution +nslookup google.com + +# Check NFS exports +sudo exportfs -v + +# Test NFS mount (from laptop) +sudo mount -t nfs pocket-grimoire.local:/srv/mediapg /mnt/test +``` + +--- + +## Appendix C: Useful Links + +### Official Documentation +- Raspberry Pi OS: https://www.raspberrypi.com/documentation/ +- OpenZFS: https://openzfs.github.io/openzfs-docs/ +- Docker: https://docs.docker.com/ +- Wiki.js: https://docs.requarks.io/ +- Jellyfin: https://jellyfin.org/docs/ +- GL.iNet: https://docs.gl-inet.com/ + +### Netgrimoire Resources +- Main documentation: (link to your Netgrimoire Wiki) +- Forgejo instance: (link to your Forgejo) +- ntfy instance: (link to your ntfy server) + +### Tools & Utilities +- FFmpeg documentation: https://ffmpeg.org/documentation.html +- Syncoid (part of Sanoid): https://github.com/jimsalterjrs/sanoid + +--- + +## Version History + +**v1.0 - Initial Release** +- Basic media server + documentation setup +- ZFS encrypted storage +- Automatic sync with Netgrimoire +- Gaming components removed for simplicity + +--- + +## Support & Feedback + +For issues or improvements to this documentation: +- Update this Wiki page directly +- Or submit changes to Forgejo repository +- Test all changes on non-production system first + +--- + +*This guide was created for Pocket Grimoire deployment and maintenance. Keep this documentation updated as the system evolves.* diff --git a/Pocket-Grimoire/Sync/Pre-Travel-Sync.md b/Pocket-Grimoire/Sync/Pre-Travel-Sync.md new file mode 100644 index 0000000..2b79b5a --- /dev/null +++ b/Pocket-Grimoire/Sync/Pre-Travel-Sync.md @@ -0,0 +1,50 @@ +--- +title: Pre-Travel Sync & Checklist +description: Everything to do before Pocket Grimoire leaves the house +published: true +date: 2026-04-12T00:00:00.000Z +tags: pocket, sync, travel, runbook +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Pre-Travel Sync & Checklist + +## Sync Data from znas + +```bash +# Push Green/Pocket dataset to Pocket Grimoire +syncoid znas:vault/Green/Pocket pocket:/srv/greenpg/Green + +# Verify pool health after sync +ssh pocket "zpool status pocket-green" +``` + +## Pre-Travel Checklist + +- [ ] Run syncoid push — verify completion, no errors +- [ ] Confirm ZFS pool healthy (`zpool status pocket-green`) +- [ ] Confirm WireGuard peer `PortaPotty` connects to OPNsense +- [ ] Confirm Jellyfin library scan complete +- [ ] Confirm PocketStash metadata synced (check last scan date in UI) +- [ ] Confirm Wiki.js content is current (last pull timestamp) +- [ ] Charge Anker station fully +- [ ] Pack SSDs — Vault always, Green for personal trips only + +## While Traveling + +- PocketStash runs read-only — no writes, no new imports +- Wiki.js is pull-only — no page edits (edits won't sync back cleanly) +- WireGuard tunnel home via `PortaPotty` peer when internet available +- Beszel agent reports back to znas when tunneled + +## On Return + +```bash +# Sync any Jellyfin watch state or metadata changes back if needed +# No automated reverse sync — manual review before writing back +``` + +## Deployment Guide + +See original [Deployment Guide](/Pocket-Grimoire/Sync/Deployment-Guide) for full from-scratch build procedure. diff --git a/README.md b/README.md new file mode 100644 index 0000000..0c2cd3d --- /dev/null +++ b/README.md @@ -0,0 +1,47 @@ +# The Grimoire — graymutt's Personal Knowledge Base + +Wiki.js documentation repository. Synced automatically from Forgejo to Wiki.js at `wiki.netgrimoire.com`. + +## Structure + +``` +wiki/ +├── home.md ← Wiki home page +├── Netgrimoire/ ← Core homelab spine +├── Keystone-Grimoire/ ← Architecture: hosts, network, Docker, mail +├── Vault-Grimoire/ ← Storage: ZFS, Kopia, NFS, backups +├── Ward-Grimoire/ ← Security: OPNsense, CrowdSec, auth, VPN +├── Watch-Grimoire/ ← Monitoring: Kuma, Beszel, Grafana, ntfy +├── Gremlin-Grimoire/ ← AI: Ollama, n8n, Qdrant, workflows +├── Shadow-Grimoire/ ← Acquisition: arr stack, Usenet, torrents +├── Green-Grimoire/ ← Adult media: Stash, Jellyfinx, Namer +├── Pocket-Grimoire/ ← Portable lab: laptop + Beryl AX +├── PNC-Harris/ ← Family services +├── PNC-Fish/ ← PNC Fish & More business docs +└── Work/ ← Cisco / network engineering +``` + +## Conventions + +- All pages use Wiki.js frontmatter (`title`, `description`, `published`, `date`, `tags`, `editor: markdown`, `dateCreated`) +- Grimoire markdown style: clean headings, pipe tables, code blocks — no callout boxes, no metadata headers in body +- New service docs follow `Netgrimoire/Conventions/Service-Doc-Template.md` +- Audit reports in `Netgrimoire/Audits/` are auto-generated by Gremlin — do not edit manually + +## Badge Images + +All grimoire badge images live at `/DockerVol/homepage/images/` on znas and are served via Homepage at `/images/`. + +| File | Grimoire | +|------|---------| +| `netgrimoire-badge.png` | Netgrimoire | +| `keystone-badge.png` | Keystone Grimoire | +| `vault-badge.png` | Vault Grimoire | +| `ward-badge.png` | Ward Grimoire | +| `watch-badge.png` | Watch Grimoire | +| `gremlin-badge.png` | Gremlin Grimoire | +| `shadow-badge.png` | Shadow Grimoire | +| `green-badge.png` | Green Grimoire | +| `pocket-badge.png` | Pocket Grimoire | +| `pncharris-badge.png` | PNC Harris | +| `pncfish-badge.png` | PNC Fish & More | diff --git a/Shadow-Grimoire/Arr/Bazarr.md b/Shadow-Grimoire/Arr/Bazarr.md new file mode 100644 index 0000000..d95570f --- /dev/null +++ b/Shadow-Grimoire/Arr/Bazarr.md @@ -0,0 +1,125 @@ +--- +title: bazarr Stack +description: Bazarr Stack for NetGrimoire +published: true +date: 2026-04-04T01:35:32.755Z +tags: docker,swarm,bazarr,netgrimoire +editor: markdown +dateCreated: 2026-04-04T01:35:32.755Z +--- + +# bazarr + +## Overview +The bazarr stack is a Docker Swarm configuration for the Bazarr service in NetGrimoire. It provides a search functionality and connects to other services through various labels and environment variables. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|------|------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** bazarr.netgrimoire.com +- **Homepage group:** Jolly Roger + +--- + +## Build & Configuration + +### Prerequisites +To deploy this stack, ensure that Docker Swarm is installed and configured. + +### Volume Setup +```bash +mkdir -p /DockerVol/bazarr/config +chown -R user:group bazarr.config +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +PUID=1964 +PGID=1964 +TZ=America/Chicago +Caddy: authentik +Caddy.reverse_proxy: {{upstreams 6767}} +Kuma.bazarr.http.name=Bazarr +Kuma.bazarr.http.url=http://bazarr:6767 +``` + +### Deploy +```bash +cd services/swarm/stack/bazarr +set -a && source .env && set +a +docker stack config --compose-file bazarr-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml bazarr +rm resolved.yml +docker stack services bazarr +``` + +### First Run +After deployment, run `./deploy.sh` to initialize the configuration. + +--- + +## User Guide + +### Accessing bazarr +| Service | URL | Purpose | +|---------|-----|---------| +- **Bazarr**: http://bazarr.netgrimoire.com +- **Caddy reverse proxy:** Internal only + +### Primary Use Cases +Use Bazarr for subtitle search in NetGrimoire. + +### NetGrimoire Integrations +This service connects to Uptime Kuma and Caddy through various labels and environment variables. + +--- + +## Operations + +### Monitoring +```bash +docker stack services bazarr +docker service logs -f bazarr +``` + +### Backups +- `/DockerVol/bazarr/config` is critical for configuration data. +- `/DockerVol/bazarr/data` is reconstructable. + +### Restore +```bash +./deploy.sh +``` + +--- + +## Common Failures +| Symptom | Cause | Fix | +|---------|-------|-----| +1. Service not available | Incorrect DNS entry | Check Caddy reverse proxy configuration and DNS resolution. +2. Data corruption | Inconsistent backups | Ensure consistent and regular backups of critical data volumes. +3. Network connectivity issues | Incorrect network configuration | Verify network configuration and re-deploy the stack with corrected settings. + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-03 | e5ba5297 | Initial deployment documentation. +| 2026-04-03 | 74b54de4 | Minor configuration updates. +| 2026-04-03 | 4f400b3f | Security patches and bug fixes. +| 2026-04-03 | 8df1f14f | Performance improvements. +| 2026-04-03 | 99cffc2b | Minor documentation updates. + +--- + +## Notes +- Generated by Gremlin on 2026-04-04T01:35:32.755Z +- Source: swarm/bazarr.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Shadow-Grimoire/Arr/Radarr.md b/Shadow-Grimoire/Arr/Radarr.md new file mode 100644 index 0000000..87e7aa4 --- /dev/null +++ b/Shadow-Grimoire/Arr/Radarr.md @@ -0,0 +1,119 @@ +# radarr + +## Overview +The Radarr stack is a Docker Swarm-based configuration for the popular movie library management service, Radarr. It provides a centralized hub for managing a large collection of movies, complete with features like automated metadata fetching and quality filtering. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|------|------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** `caddy.radarr.netgrimoire.com`, `radarr:7878` +- **Homepage group:** Jolly Roger + +--- + +## Build & Configuration + +### Prerequisites +No specific prerequisites are required for this stack. + +### Volume Setup +```bash +mkdir -p /DockerVol/Radarr:/config +chown -R radarr:radarr /DockerVol/Radarr +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +TZ=America/Chicago +PGID="1964" +PUID="1964" +CADDY_HTTPS_KEY=$(openssl rand -hex 32) +KUMA RADARR.HTTP.NAME=Radarr +KUMA RADARR.HTTP.URL=https://radarr.netgrimoire.com +``` + +### Deploy +```bash +cd services/swarm/stack/radarr +set -a && source .env && set +a +docker stack config --compose-file radarr-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml radarr +rm resolved.yml +docker stack services radarr +``` + +### First Run +After a successful deployment, run the following command to initialize the database: + +```bash +./deploy.sh +``` + +--- + +## User Guide + +### Accessing radarr +| Service | URL | Purpose | +- **radarr**: https://radarr.netgrimoire.com | + +### Primary Use Cases +To use Radarr in NetGrimoire, follow these steps: + +1. Log in to the Radarr interface at `https://radarr.netgrimoire.com`. +2. Configure your library by adding movies and setting quality filters. +3. Set up Caddy for reverse proxying and HTTPS. + +### NetGrimoire Integrations +Radarr integrates with Kuma for monitoring and Uptime Kuma for dashboard integration. + +--- + +## Operations + +### Monitoring +[kuma monitors] +```bash +docker stack services radarr + +``` + +### Backups +Critical backups should be done to `/DockerVol/Radarr/data/backup/` on a regular basis. Reconstructable backups can be stored in the same directory. + +### Restore +```bash +cd services/swarm/stack/radarr +./deploy.sh +``` + +--- + +## Common Failures +| Failure Mode | Symptoms | Cause | Fix | +|-------------|----------|------|-----| +| Caddy Not Listening | No incoming requests. | Caddy not started | Restart caddy service with `docker stack services radarr` | +| Radarr Service Not Running | No visible interface in NetGrimoire Dashboard. | Radarr service not deployed correctly | Re-run deploy script and restart radarr service | + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | 77c13325 | Initial documentation for swarm configuration | +| 2026-02-19 | 7482d3e5 | Added Caddy HTTPS key to environment variables | +| 2026-02-01 | 48701f5b | Updated Docker Swarm file with new Radarr image version | +| 2026-01-10 | 1a374911 | Improved Radarr configuration and setup | + +--- + +## Notes +- Generated by Gremlin on 2026-04-07T19:34:53.606Z +- Source: swarm/radarr.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Shadow-Grimoire/Arr/Sonarr.md b/Shadow-Grimoire/Arr/Sonarr.md new file mode 100644 index 0000000..eb987ee --- /dev/null +++ b/Shadow-Grimoire/Arr/Sonarr.md @@ -0,0 +1,127 @@ +# sonarr + +## Overview +This stack provides a Docker Swarm configuration for Sonarr, a media library and download client. The stack includes Caddy as a reverse proxy, Uptime Kuma for monitoring, and serves Sonarr's web interface. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|-----|------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** sonarr.netgrimoire.com +- **Homepage group:** Jolly Roger + +--- + +## Build & Configuration + +### Prerequisites +No specific prerequisites are required. + +### Volume Setup +```bash +mkdir -p /DockerVol/Sonarr:/config +chown -R sonarr:sonarr /DockerVol/Sonarr +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +TZ=America/Chicago +PUID=1964 +PGID=1964 +CADDY_CERT=$(openssl rand -hex 32) +CADDY_KEY=$(openssl rand -hex 32) +``` + +### Deploy +```bash +cd services/swarm/stack/sonarr +set -a && source .env && set +a +docker stack config --compose-file sonarr-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml sonarr +rm resolved.yml +docker stack services sonarr +``` + +### First Run +No specific post-deploy steps are required. + +--- + +## User Guide + +### Accessing sonarr +| Service | URL | Purpose | +|---------|-----|---------| +- **Sonarr**: https://sonarr.netgrimoire.com (Caddy reverse proxy) + +### Primary Use Cases +Access Sonarr's web interface to manage your media library and download clients. + +### NetGrimoire Integrations +This stack connects to other services through environment variables: +- `HOME PAGE GROUP`: Jolly Roger + +--- + +## Operations + +### Monitoring +[kuma.sonarr.http.name: Sonarr, kuma.sonarr.http.url: https://sonarr.netgrimoire.com] + +```bash +docker stack services sonarr +``` + +### Backups +Critical backups should be performed regularly. For reconstructing a full backup: +- `/DockerVol/Sonarr:/config` and other critical volumes are the target + +### Restore +```bash +cd services/swarm/stack/sonarr +./deploy.sh +``` + +--- + +## Common Failures +| Symptom | Cause | Fix | +|---------|-------|-----| +1. **Failed to connect**: Insufficient Caddy reverse proxy configuration. +- Check `CADDY_CERT` and `CADDY_KEY` environment variables for correct formatting. +- Update Caddy configuration if necessary. + +2. **Uptime Kuma failed to connect**: Incorrect HTTP URL or port. +- Ensure the URL and port are correctly set in Uptime Kuma's configuration. +- Restart services with `docker stack restart sonarr` + +3. **Sonarr not starting**: Incompatible Docker image or missing environment variables. +- Check the Sonarr Docker image version for compatibility. +- Verify all required environment variables are present and correct. + +4. **Caddy reverse proxy not working**: Incorrect Caddy configuration. +- Review Caddy configuration files (`sonarr-stack.yml`) for errors. +- Restart services with `docker stack restart sonarr` + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | fb75c66d | Initial documentation creation. | + + + +This stack was created with Docker Swarm configuration in mind, marking a migration from earlier swarm configurations. + +--- + +## Notes +- Generated by Gremlin on 2026-04-07T19:37:34.802Z +- Source: swarm/sonarr.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Shadow-Grimoire/Downloaders/SABnzbd.md b/Shadow-Grimoire/Downloaders/SABnzbd.md new file mode 100644 index 0000000..cfb3c84 --- /dev/null +++ b/Shadow-Grimoire/Downloaders/SABnzbd.md @@ -0,0 +1,98 @@ +# sabnzbd + +## Overview +The sabnzbd stack is a Docker Swarm configuration for the Sabnzbd Usenet Downloader service, providing a centralized and secure way to manage and retrieve Usenet content in NetGrimoire. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|------|------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** sabnzbd.netgrimoire.com, 8082:8080 +- **Homepage group:** Jolly Roger + +--- + +## Build & Configuration + +### Prerequisites +No specific prerequisites are required for this stack. + +### Volume Setup +```bash +mkdir -p /DockerVol/sabnzbd +chown -R docker4:docker4 /DockerVol/sabnzbd +``` + +### Environment Variables +```bash +generate: openssl rand -hex 32 +``` + +### Deploy +```bash +cd services/swarm/stack/sabnzbd +set -a && source .env && set +a +docker stack config --compose-file sabnzbd-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml sabnzbd +rm resolved.yml +docker stack services sabnzbd +``` + +### First Run +After deployment, ensure the Caddy reverse proxy is configured correctly for the newly deployed service. + +--- + +## User Guide + +### Accessing sabnzbd +| Service | URL | Purpose | +|---------|-----|---------| +- **sabnzbd.netgrimoire.com** | https://sabnzbd.netgrimoire.com | Usenet Downloader + +### Primary Use Cases +To use the sabnzbd service in NetGrimoire, access its homepage at [https://sabnzbd.netgrimoire.com](https://sabnzbd.netgrimoire.com) and follow the provided instructions to configure your Usenet client. + +### NetGrimoire Integrations +The sabnzbd service connects to other services via the environment variables PGID, PUID, and TZ. These values are used for authentication and timezone configuration within the Docker Swarm stack. + +--- + +## Operations + +### Monitoring +Monitor the sabnzbd service using Kuma. +```bash +docker stack services sabnzbd + +``` + +### Backups +Critical: Regular backups of the /DockerVol/sabnzbd are essential for data recovery in case of failure or loss. This is a critical component for ensuring business continuity. + +### Restore +Restore the sabnzbd service by running the ./deploy.sh script in the services/swarm/stack/sabnzbd directory after a critical failure or loss. + +--- + +## Common Failures +| Symptom | Cause | Fix | +|---------|-------|-----| +| Service not accessible | Incorrect Caddy reverse proxy configuration | Check and correct Caddy labels, restart service | +| Data corruption | Insufficient backups | Regularly back up the /DockerVol/sabnzbd directory | +| Network connectivity issues | Outdated Docker Swarm stack | Update to latest version with latest dependencies | + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | a3d7972b | Initial documentation for the sabnzbd Stack. | +| 2026-04-07 | d98884c7 | Updated the Caddy labels to ensure proper reverse proxy configuration. | +| 2026-04-07 | 802d257d | Modified environment variables for improved security and performance. | + + "/opt/immich-backups/dump.sql.gz" + +# List Kopia snapshots +kopia snapshot list --tags immich + +# View backup logs +tail -f /var/log/immich-backup.log +``` + +### Common Restore Commands + +```bash +# Restore database from backup +gunzip < /opt/immich-backups/immich-YYYYMMDD_HHMMSS/dump.sql.gz | \ + docker exec -i immich_postgres psql --username=postgres --dbname=immich + +# Restore from Kopia to new server +kopia snapshot list --tags tier1-backup +kopia restore /opt/immich-backups/ + +# Check container status after restore +docker compose ps +docker compose logs -f +``` + +## Critical Components to Backup + +### 1. Docker Compose File +- **Location**: `/opt/immich/docker-compose.yml` (or your installation path) +- **Purpose**: Defines all containers, networks, and volumes +- **Importance**: Critical for recreating the exact container configuration + +### 2. Configuration Files +- **Primary Config**: `/opt/immich/.env` +- **Purpose**: Database credentials, upload locations, timezone settings +- **Importance**: Required for proper service initialization + +### 3. Database +- **PostgreSQL Data**: Contains all metadata, user accounts, albums, sharing settings, face recognition data, timeline information +- **Container**: `immich_postgres` +- **Database Name**: `immich` (default) +- **User**: `postgres` (default) +- **Backup Method**: `pg_dump` (official Immich recommendation) + +### 4. Photo/Video Library +- **Upload Storage**: All original photos and videos uploaded by users +- **Location**: `/srv/immich/library` (per your .env UPLOAD_LOCATION) +- **Size**: Typically the largest component +- **Critical**: This is your actual data - photos cannot be recreated + +### 5. Additional Important Data +- **Model Cache**: Docker volume `immich_model-cache` (machine learning models, can be re-downloaded) +- **External Paths**: `/export/photos` and `/srv/NextCloud-AIO` (mounted as read-only in your setup) + +## Backup Strategy + +### Two-Tier Backup Approach + +We use a **two-tier approach** combining Immich's native backup method with Kopia for offsite storage: + +1. **Tier 1 (Local)**: Immich database dump + library backup creates consistent, component-level backups +2. **Tier 2 (Offsite)**: Kopia snapshots the local backups and syncs to vaults + +#### Why This Approach? + +- **Best of both worlds**: Native database dump ensures Immich-specific consistency, Kopia provides deduplication and offsite protection +- **Component-level restore**: Can restore individual components (just database, just library, etc.) +- **Disaster recovery**: Full system restore from Kopia backups on new server +- **Efficient storage**: Kopia's deduplication reduces storage needs for offsite copies + +#### Backup Frequency +- **Daily**: Immich backup runs at 2 AM +- **Daily**: Kopia snapshot of backups runs at 3 AM +- **Retention (Local)**: 7 days of Immich backups (managed by script) +- **Retention (Kopia/Offsite)**: 30 daily, 12 weekly, 12 monthly + +### Immich Native Backup Method + +Immich's official backup approach uses `pg_dump` for the database: +- Uses `pg_dump` with `--clean --if-exists` flags for consistent database dumps +- Hot backup without stopping PostgreSQL +- Produces compressed `.sql.gz` files +- Database remains available during backup + +For the photo/video library, we use a **hybrid approach**: +- **Database**: Backed up locally as `dump.sql.gz` for fast component-level restore +- **Library**: Backed up directly by Kopia (no tar) for optimal deduplication and incremental backups + +**Why not tar the library?** +- Kopia deduplicates at the file level - adding 1 photo shouldn't require backing up the entire library again +- Individual file access for selective restore +- Better compression and faster incremental backups +- Lower risk - corrupted tar loses everything, corrupted file only affects that file + +**Key Features:** +- No downtime required +- Consistent point-in-time snapshot +- Standard PostgreSQL format (portable across systems) +- Efficient incremental backups of photo library + +## Setting Up Immich Backups + +### Prereq: +Make sure you are connected to the repository, + +```bash +sudo kopia repository connect server \ + --url=https://192.168.5.10:51516 \ + --override-username=admin \ + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 +``` + +#### Step 1: Configure Backup Location + +Set the backup destination: + +```bash +# Create the backup directory +mkdir -p /opt/immich-backups +chown -R root:root /opt/immich-backups +chmod 755 /opt/immich-backups +``` + +#### Step 2: Manual Backup Commands + +```bash +cd /opt/immich + +# Backup database using Immich's recommended method +docker exec -t immich_postgres pg_dump \ + --clean \ + --if-exists \ + --dbname=immich \ + --username=postgres \ + | gzip > "/opt/immich-backups/dump.sql.gz" + +# Backup configuration files +cp docker-compose.yml /opt/immich-backups/ +cp .env /opt/immich-backups/ + +# Backup library with Kopia (no tar - better deduplication) +kopia snapshot create /srv/immich/library \ + --tags immich,library,photos \ + --description "Immich library manual backup" +``` + +**What gets created:** +- Local backup directory: `/opt/immich-backups/immich-YYYY-MM-DD-HH-MM-SS/` + - Contains: `dump.sql.gz` (database), config files +- Kopia snapshots: + - `/opt/immich-backups` (database + config) + - `/srv/immich/library` (photos/videos, no tar) + - `/opt/immich` (installation directory) + +#### Step 3: Automated Backup Script + +Create `/opt/scripts/backup-immich.sh`: + +```bash +#!/bin/bash + +# Immich Automated Backup Script +# This creates Immich backups, then snapshots them with Kopia for offsite storage + +set -e + +BACKUP_DATE=$(date +%Y%m%d_%H%M%S) +LOG_FILE="/var/log/immich-backup.log" +IMMICH_DIR="/opt/immich" +BACKUP_DIR="/opt/immich-backups" +KEEP_DAYS=7 + +# Database credentials from .env +DB_USERNAME="postgres" +DB_DATABASE_NAME="immich" +POSTGRES_CONTAINER="immich_postgres" + +echo "[${BACKUP_DATE}] ========================================" | tee -a "$LOG_FILE" +echo "[${BACKUP_DATE}] Starting Immich backup process" | tee -a "$LOG_FILE" + +# Step 1: Run Immich database backup using official method +echo "[${BACKUP_DATE}] Running Immich database backup..." | tee -a "$LOG_FILE" + +cd "$IMMICH_DIR" + +# Create backup directory with timestamp +mkdir -p "${BACKUP_DIR}/immich-${BACKUP_DATE}" + +# Backup database using Immich's recommended method +docker exec -t ${POSTGRES_CONTAINER} pg_dump \ + --clean \ + --if-exists \ + --dbname=${DB_DATABASE_NAME} \ + --username=${DB_USERNAME} \ + | gzip > "${BACKUP_DIR}/immich-${BACKUP_DATE}/dump.sql.gz" + +BACKUP_EXIT=${PIPESTATUS[0]} + +if [ $BACKUP_EXIT -ne 0 ]; then + echo "[${BACKUP_DATE}] ERROR: Immich database backup failed with exit code ${BACKUP_EXIT}" | tee -a "$LOG_FILE" + exit 1 +fi + +echo "[${BACKUP_DATE}] Immich database backup completed successfully" | tee -a "$LOG_FILE" + +# Step 2: Verify library location exists (Kopia will backup directly, no tar needed) +echo "[${BACKUP_DATE}] Verifying library location..." | tee -a "$LOG_FILE" + +# Get the upload location from docker-compose volumes +UPLOAD_LOCATION="/srv/immich/library" + +if [ -d "${UPLOAD_LOCATION}" ]; then + #LIBRARY_SIZE=$(du -sh ${UPLOAD_LOCATION} | cut -f1) + echo "[${BACKUP_DATE}] Library location verified: ${UPLOAD_LOCATION} (${LIBRARY_SIZE})" | tee -a "$LOG_FILE" + echo "[${BACKUP_DATE}] Kopia will backup library files directly (no tar, better deduplication)" | tee -a "$LOG_FILE" +else + echo "[${BACKUP_DATE}] WARNING: Upload location not found at ${UPLOAD_LOCATION}" | tee -a "$LOG_FILE" +fi + +# Step 3: Backup configuration files +echo "[${BACKUP_DATE}] Backing up configuration files..." | tee -a "$LOG_FILE" + +cp "${IMMICH_DIR}/docker-compose.yml" "${BACKUP_DIR}/immich-${BACKUP_DATE}/" +cp "${IMMICH_DIR}/.env" "${BACKUP_DIR}/immich-${BACKUP_DATE}/" + +echo "[${BACKUP_DATE}] Configuration backup completed" | tee -a "$LOG_FILE" + +# Step 4: Clean up old backups +echo "[${BACKUP_DATE}] Cleaning up backups older than ${KEEP_DAYS} days..." | tee -a "$LOG_FILE" + +find "${BACKUP_DIR}" -maxdepth 1 -type d -name "immich-*" -mtime +${KEEP_DAYS} -exec rm -rf {} \; 2>&1 | tee -a "$LOG_FILE" + +echo "[${BACKUP_DATE}] Local backup cleanup completed" | tee -a "$LOG_FILE" + +# Step 5: Create Kopia snapshot of backup directory +echo "[${BACKUP_DATE}] Creating Kopia snapshot..." | tee -a "$LOG_FILE" + +kopia snapshot create "${BACKUP_DIR}" \ + --tags immich:tier1-backup \ + --description "Immich backup ${BACKUP_DATE}" \ + 2>&1 | tee -a "$LOG_FILE" + +KOPIA_EXIT=${PIPESTATUS[0]} + +if [ $KOPIA_EXIT -ne 0 ]; then + echo "[${BACKUP_DATE}] WARNING: Kopia snapshot failed with exit code ${KOPIA_EXIT}" | tee -a "$LOG_FILE" + echo "[${BACKUP_DATE}] Local Immich backup exists but offsite copy may be incomplete" | tee -a "$LOG_FILE" + exit 2 +fi + +echo "[${BACKUP_DATE}] Kopia snapshot completed successfully" | tee -a "$LOG_FILE" + +# Step 6: Backup the library directly with Kopia (better deduplication than tar) +echo "[${BACKUP_DATE}] Creating Kopia snapshot of library..." | tee -a "$LOG_FILE" + +if [ -d "${UPLOAD_LOCATION}" ]; then + kopia snapshot create "${UPLOAD_LOCATION}" \ + --tags immich:library \ + --description "Immich library ${BACKUP_DATE}" \ + 2>&1 | tee -a "$LOG_FILE" + + KOPIA_LIB_EXIT=${PIPESTATUS[0]} + + if [ $KOPIA_LIB_EXIT -ne 0 ]; then + echo "[${BACKUP_DATE}] WARNING: Kopia library snapshot failed" | tee -a "$LOG_FILE" + else + echo "[${BACKUP_DATE}] Library snapshot completed successfully" | tee -a "$LOG_FILE" + fi +fi + +# Step 7: Also backup the Immich installation directory (configs, compose files) +#echo "[${BACKUP_DATE}] Backing up Immich installation directory..." | tee -a "$LOG_FILE" + +#kopia snapshot create "${IMMICH_DIR}" \ +# --tags immich,config,docker-compose \ +# --description "Immich config ${BACKUP_DATE}" \ +# 2>&1 | tee -a "$LOG_FILE" + +echo "[${BACKUP_DATE}] Backup process completed successfully" | tee -a "$LOG_FILE" +echo "[${BACKUP_DATE}] ========================================" | tee -a "$LOG_FILE" + +# Optional: Send notification on completion +# Add your notification method here (email, webhook, etc.) +``` + +Make it executable: +```bash +chmod +x /opt/scripts/backup-immich.sh +``` + +Add to crontab (daily at 2 AM): +```bash +# Edit root's crontab +crontab -e + +# Add this line: +0 2 * * * /opt/scripts/backup-immich.sh 2>&1 | logger -t immich-backup +``` + +### Offsite Backup to Vaults + +After local Kopia snapshots are created, they sync to your offsite vaults automatically through Kopia's repository configuration. + +## Recovery Procedures + +### Understanding Two Recovery Methods + +We have **two restore methods** depending on the scenario: + +1. **Local Restore** (Preferred): For component-level or same-server recovery +2. **Kopia Full Restore**: For complete disaster recovery to a new server + +### Method 1: Local Restore (Recommended) + +Use this method when: +- Restoring on the same/similar server +- Restoring specific components (just database, just library, etc.) +- Recovering from local Immich backups + +#### Full System Restore + +```bash +cd /opt/immich + +# Stop Immich +docker compose down + +# List available backups +ls -lh /opt/immich-backups/ + +# Choose a database backup +BACKUP_PATH="/opt/immich-backups/immich-YYYYMMDD_HHMMSS" + +# Restore database +gunzip < ${BACKUP_PATH}/dump.sql.gz | \ + docker compose exec -T database psql --username=postgres --dbname=immich + +# Restore library from Kopia +kopia snapshot list --tags library +kopia restore /srv/immich/library + +# Fix permissions +chown -R 1000:1000 /srv/immich/library + +# Restore configuration (review changes first) +cp ${BACKUP_PATH}/.env .env.restored +cp ${BACKUP_PATH}/docker-compose.yml docker-compose.yml.restored + +# Start Immich +docker compose up -d + +# Monitor logs +docker compose logs -f +``` + +#### Example: Restore Only Database + +```bash +cd /opt/immich + +# Stop Immich +docker compose down + +# Start only database +docker compose up -d database +sleep 10 + +# Restore database from backup +BACKUP_PATH="/opt/immich-backups/immich-YYYYMMDD_HHMMSS" +gunzip < ${BACKUP_PATH}/dump.sql.gz | \ + docker compose exec -T database psql --username=postgres --dbname=immich + +# Start all services +docker compose down +docker compose up -d + +# Verify +docker compose logs -f +``` + +#### Example: Restore Only Library + +```bash +cd /opt/immich + +# Stop Immich +docker compose down + +# Restore library from Kopia +kopia snapshot list --tags library +kopia restore /srv/immich/library + +# Fix permissions +chown -R 1000:1000 /srv/immich/library + +# Start Immich +docker compose up -d +``` + +### Method 2: Complete Server Rebuild (Kopia Restore) + +Use this when recovering to a completely new server or when local backups are unavailable. + +#### Step 1: Prepare New Server + +```bash +# Update system +apt update && apt upgrade -y + +# Install Docker +curl -fsSL https://get.docker.com | sh +systemctl enable docker +systemctl start docker + +# Install Docker Compose +apt install docker-compose-plugin -y + +# Install Kopia +curl -s https://kopia.io/signing-key | sudo gpg --dearmor -o /usr/share/keyrings/kopia-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/kopia-keyring.gpg] https://packages.kopia.io/apt/ stable main" | sudo tee /etc/apt/sources.list.d/kopia.list +apt update +apt install kopia -y + +# Create directory structure +mkdir -p /opt/immich +mkdir -p /opt/immich-backups +mkdir -p /srv/immich/library +mkdir -p /srv/immich/postgres +``` + +#### Step 2: Restore Kopia Repository + +```bash +# Connect to your offsite vault +kopia repository connect server \ + --url=https://192.168.5.10:51516 \ + --override-username=admin \ + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 + +# List available snapshots +kopia snapshot list --tags immich +``` + +#### Step 3: Restore Configuration + +```bash +# Find and restore the config snapshot +kopia snapshot list --tags config + +# Restore to the Immich directory +kopia restore /opt/immich/ + +# Verify critical files +ls -la /opt/immich/.env +ls -la /opt/immich/docker-compose.yml +``` + +#### Step 4: Restore Immich Backups Directory + +```bash +# Restore the entire backup directory from Kopia +kopia snapshot list --tags tier1-backup + +# Restore the most recent backup +kopia restore /opt/immich-backups/ + +# Verify backups were restored +ls -la /opt/immich-backups/ +``` + +#### Step 5: Restore Database and Library + +```bash +cd /opt/immich + +# Find the most recent backup +LATEST_BACKUP=$(ls -td /opt/immich-backups/immich-* | head -1) +echo "Restoring from: $LATEST_BACKUP" + +# Start database container +docker compose up -d database +sleep 30 + +# Restore database +gunzip < ${LATEST_BACKUP}/dump.sql.gz | \ + docker compose exec -T database psql --username=postgres --dbname=immich + +# Restore library from Kopia +kopia snapshot list --tags library +kopia restore /srv/immich/library + +# Fix permissions +chown -R 1000:1000 /srv/immich/library +``` + +#### Step 6: Start and Verify Immich + +```bash +cd /opt/immich + +# Pull latest images (or use versions from backup if preferred) +docker compose pull + +# Start all services +docker compose up -d + +# Monitor logs +docker compose logs -f +``` + +#### Step 7: Post-Restore Verification + +```bash +# Check container status +docker compose ps + +# Test web interface +curl -I http://localhost:2283 + +# Verify database +docker compose exec database psql -U postgres -d immich -c "SELECT COUNT(*) FROM users;" + +# Check library storage +ls -lah /srv/immich/library/ +``` + +### Scenario 2: Restore Individual User's Photos + +To restore a single user's library without affecting others: + +**Option A: Using Kopia Mount (Recommended)** + +```bash +# Mount the Kopia snapshot +kopia snapshot list --tags library +mkdir -p /mnt/kopia-library +kopia mount /mnt/kopia-library & + +# Find the user's directory (using user ID from database) +# User libraries are typically in: library/{user-uuid}/ +USER_UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + +# Copy user's data back +rsync -av /mnt/kopia-library/${USER_UUID}/ \ + /srv/immich/library/${USER_UUID}/ + +# Fix permissions +chown -R 1000:1000 /srv/immich/library/${USER_UUID}/ + +# Unmount +kopia unmount /mnt/kopia-library + +# Restart Immich to recognize changes +cd /opt/immich +docker compose restart immich-server +``` + +**Option B: Selective Kopia Restore** + +```bash +cd /opt/immich +docker compose down + +# Restore just the specific user's directory +kopia snapshot list --tags library +USER_UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + +# Restore with path filter +kopia restore /srv/immich/library \ + --snapshot-path="${USER_UUID}" + +# Fix permissions +chown -R 1000:1000 /srv/immich/library/${USER_UUID}/ + +# Start Immich +docker compose up -d +``` + +### Scenario 3: Database Recovery Only + +If only the database is corrupted but library data is intact: + +```bash +cd /opt/immich + +# Stop Immich +docker compose down + +# Start only database +docker compose up -d database +sleep 30 + +# Restore from most recent backup +LATEST_BACKUP=$(ls -td /opt/immich-backups/immich-* | head -1) +gunzip < ${LATEST_BACKUP}/dump.sql.gz | \ + docker compose exec -T database psql --username=postgres --dbname=immich + +# Start all services +docker compose down +docker compose up -d + +# Verify +docker compose logs -f +``` + +### Scenario 4: Configuration Recovery Only + +If you only need to restore configuration files: + +```bash +cd /opt/immich + +# Find the most recent backup +LATEST_BACKUP=$(ls -td /opt/immich-backups/immich-* | head -1) + +# Stop Immich +docker compose down + +# Backup current config (just in case) +cp .env .env.pre-restore +cp docker-compose.yml docker-compose.yml.pre-restore + +# Restore config from backup +cp ${LATEST_BACKUP}/.env ./ +cp ${LATEST_BACKUP}/docker-compose.yml ./ + +# Restart +docker compose up -d +``` + +## Verification and Testing + +### Regular Backup Verification + +Perform monthly restore tests to ensure backups are valid: + +```bash +# Test restore to temporary location +mkdir -p /tmp/backup-test +kopia snapshot list --tags immich +kopia restore /tmp/backup-test/ + +# Verify files exist and are readable +ls -lah /tmp/backup-test/ +gunzip < /tmp/backup-test/immich-*/dump.sql.gz | head -100 + +# Cleanup +rm -rf /tmp/backup-test/ +``` + +### Backup Monitoring Script + +Create `/opt/scripts/check-immich-backup.sh`: + +```bash +#!/bin/bash + +# Check last backup age +LAST_BACKUP=$(ls -td /opt/immich-backups/immich-* 2>/dev/null | head -1) + +if [ -z "$LAST_BACKUP" ]; then + echo "WARNING: No Immich backups found" + exit 1 +fi + +BACKUP_DATE=$(basename "$LAST_BACKUP" | sed 's/immich-//') +BACKUP_EPOCH=$(date -d "${BACKUP_DATE:0:8} ${BACKUP_DATE:9:2}:${BACKUP_DATE:11:2}:${BACKUP_DATE:13:2}" +%s 2>/dev/null) + +if [ -z "$BACKUP_EPOCH" ]; then + echo "WARNING: Cannot parse backup date" + exit 1 +fi + +NOW=$(date +%s) +AGE_HOURS=$(( ($NOW - $BACKUP_EPOCH) / 3600 )) + +if [ $AGE_HOURS -gt 26 ]; then + echo "WARNING: Last Immich backup is $AGE_HOURS hours old" + # Send alert (email, Slack, etc.) + exit 1 +else + echo "OK: Last backup $AGE_HOURS hours ago" +fi + +# Check Kopia snapshots +KOPIA_LAST=$(kopia snapshot list --tags immich --json 2>/dev/null | jq -r '.[0].startTime' 2>/dev/null) + +if [ -n "$KOPIA_LAST" ]; then + echo "Last Kopia snapshot: $KOPIA_LAST" +else + echo "WARNING: Cannot verify Kopia snapshots" +fi +``` + +## Disaster Recovery Checklist + +When disaster strikes, follow this checklist: + +- [ ] Confirm scope of failure (server, storage, specific component) +- [ ] Gather server information (hostname, IP, DNS records) +- [ ] Access offsite backup vault +- [ ] Provision new server (if needed) +- [ ] Install Docker and dependencies +- [ ] Connect to Kopia repository +- [ ] Restore configurations first +- [ ] Restore database +- [ ] Restore library data +- [ ] Start services and verify +- [ ] Test photo viewing and uploads +- [ ] Verify user accounts and albums +- [ ] Update DNS records if needed +- [ ] Document any issues encountered +- [ ] Update recovery procedures based on experience + +## Important Notes + +1. **External Mounts**: Your setup has `/export/photos` and `/srv/NextCloud-AIO` mounted as external read-only sources. These are not backed up by this script - ensure they have their own backup strategy. + +2. **Database Password**: The default database password in your .env is `postgres`. Change this to a secure random password for production use. + +3. **Permissions**: Library files should be owned by UID 1000:1000 for Immich to access them properly: + ```bash + chown -R 1000:1000 /srv/immich/library + ``` + +4. **Testing**: Always test recovery procedures in a lab environment before trusting them in production. + +5. **Documentation**: Keep this guide and server details in a separate location (printed copy, password manager, etc.). + +6. **Retention Policy**: Review Kopia retention settings periodically to balance storage costs with recovery needs. + +## Backup Architecture Notes + +### Why Two Backup Layers? + +**Immich Native Backups** (Tier 1): +- ✅ Uses official Immich backup method (`pg_dump`) +- ✅ Fast, component-aware backups +- ✅ Selective restore (can restore just database or just library) +- ✅ Standard PostgreSQL format (portable) +- ❌ No deduplication (full copies each time) +- ❌ Limited to local storage initially + +**Kopia Snapshots** (Tier 2): +- ✅ Deduplication and compression +- ✅ Efficient offsite replication to vaults +- ✅ Point-in-time recovery across multiple versions +- ✅ Disaster recovery to completely new infrastructure +- ❌ Less component-aware (treats as files) +- ❌ Slower for granular component restore + +### Storage Efficiency + +Using this two-tier approach: +- **Local**: Database backups (~7 days retention, relatively small) +- **Kopia**: Database backups + library (efficient deduplication) + +**Why library goes directly to Kopia without tar:** + +Example with 500GB library, adding 10GB photos/month: + +**With tar approach:** +- Month 1: Backup 500GB tar +- Month 2: Add 10GB photos → Entire 510GB tar changes → Backup 510GB +- Month 3: Add 10GB photos → Entire 520GB tar changes → Backup 520GB +- **Total storage needed**: 500 + 510 + 520 = 1,530GB + +**Without tar (Kopia direct):** +- Month 1: Backup 500GB +- Month 2: Add 10GB photos → Kopia only backs up the 10GB new files +- Month 3: Add 10GB photos → Kopia only backs up the 10GB new files +- **Total storage needed**: 500 + 10 + 10 = 520GB + +**Savings**: ~66% reduction in storage and backup time! + +This is why we: +- Keep database dumps local (small, fast component restore) +- Let Kopia handle library directly (efficient, incremental, deduplicated) + +### Compression and Deduplication + +**Database backups** use `gzip` compression: +- Typically 80-90% compression ratio for SQL dumps +- Small enough to keep local copies + +**Library backups** use Kopia's built-in compression and deduplication: +- Photos (JPEG/HEIC): Already compressed, Kopia skips re-compression +- Videos: Already compressed, minimal additional compression +- RAW files: Some compression possible +- **Deduplication**: If you upload the same photo twice, Kopia stores it once +- **Block-level dedup**: Even modified photos share unchanged blocks + +This is far more efficient than tar + gzip, which would: +- Compress already-compressed photos (wasted CPU, minimal benefit) +- Store entire archive even if only 1 file changed +- Prevent deduplication across backups + +## Additional Resources + +- [Immich Official Backup Documentation](https://immich.app/docs/administration/backup-and-restore) +- [Kopia Documentation](https://kopia.io/docs/) +- [Docker Volume Backup Best Practices](https://docs.docker.com/storage/volumes/#back-up-restore-or-migrate-data-volumes) +- [PostgreSQL pg_dump Documentation](https://www.postgresql.org/docs/current/app-pgdump.html) + +## Revision History + +| Date | Version | Changes | +|------|---------|---------| +| 2026-02-13 | 1.0 | Initial documentation - two-tier backup strategy using Immich's native backup method | + +--- + +**Last Updated**: February 13, 2026 +**Maintained By**: System Administrator +**Review Schedule**: Quarterly diff --git a/Vault-Grimoire/Backups/MailCow-Backup.md b/Vault-Grimoire/Backups/MailCow-Backup.md new file mode 100644 index 0000000..379d88b --- /dev/null +++ b/Vault-Grimoire/Backups/MailCow-Backup.md @@ -0,0 +1,879 @@ +--- +title: Mailcow Backup and Restore Strategy +description: Mailcow backup +published: true +date: 2026-02-20T04:15:25.924Z +tags: +editor: markdown +dateCreated: 2026-02-11T01:20:59.127Z +--- + +# Mailcow Backup and Recovery Guide + +## Overview + +This document provides comprehensive backup and recovery procedures for Mailcow email server. Since Mailcow is **not running on ZFS or BTRFS**, snapshots are not available and we rely on Mailcow's native backup script combined with Kopia for offsite storage in vaults. + +## Quick Reference + +### Common Backup Commands + +```bash +# Run a manual backup (all components) +cd /opt/mailcow-dockerized +MAILCOW_BACKUP_LOCATION=/opt/mailcow-backups \ + ./helper-scripts/backup_and_restore.sh backup all --delete-days 7 + +# Backup with multithreading (faster) +THREADS=4 MAILCOW_BACKUP_LOCATION=/opt/mailcow-backups \ + ./helper-scripts/backup_and_restore.sh backup all --delete-days 7 + +# List Kopia snapshots +kopia snapshot list --tags mailcow + +# View backup logs +tail -f /var/log/mailcow-backup.log +``` + +### Common Restore Commands + +```bash +# Restore using mailcow native script (interactive) +cd /opt/mailcow-dockerized +./helper-scripts/backup_and_restore.sh restore + +# Restore from Kopia to new server +kopia snapshot list --tags tier1-backup +kopia restore /opt/mailcow-backups/ + +# Check container status after restore +docker compose ps +docker compose logs -f +``` + +## Critical Components to Backup + +### 1. Docker Compose File +- **Location**: `/opt/mailcow-dockerized/docker-compose.yml` (or your installation path) +- **Purpose**: Defines all containers, networks, and volumes +- **Importance**: Critical for recreating the exact container configuration + +### 2. Configuration Files +- **Primary Config**: `/opt/mailcow-dockerized/mailcow.conf` +- **Additional Configs**: + - `/opt/mailcow-dockerized/data/conf/` (all subdirectories) + - Custom SSL certificates if not using Let's Encrypt + - Any override files (e.g., `docker-compose.override.yml`) + +### 3. Database +- **MySQL/MariaDB Data**: Contains all mailbox configurations, users, domains, aliases, settings +- **Docker Volume**: `mailcowdockerized_mysql-vol` +- **Container Path**: `/var/lib/mysql` + +### 4. Email Data +- **Maildir Storage**: All actual email messages +- **Docker Volume**: `mailcowdockerized_vmail-vol` +- **Container Path**: `/var/vmail` +- **Size**: Typically the largest component + +### 5. Additional Important Data +- **Redis Data**: `mailcowdockerized_redis-vol` (cache and sessions) +- **Rspamd Data**: `mailcowdockerized_rspamd-vol` (spam learning) +- **Crypt Data**: `mailcowdockerized_crypt-vol` (if using mailbox encryption) +- **Postfix Queue**: `mailcowdockerized_postfix-vol` (queued/deferred mail) + +## Backup Strategy + +### Two-Tier Backup Approach + +We use a **two-tier approach** combining Mailcow's native backup script with Kopia for offsite storage: + +1. **Tier 1 (Local)**: Mailcow's `backup_and_restore.sh` script creates consistent, component-level backups +2. **Tier 2 (Offsite)**: Kopia snapshots the local backups and syncs to vaults + +#### Why This Approach? + +- **Best of both worlds**: Native script ensures mailcow-specific consistency, Kopia provides deduplication and offsite protection +- **Component-level restore**: Can restore individual components (just vmail, just mysql, etc.) using mailcow script +- **Disaster recovery**: Full system restore from Kopia backups on new server +- **Efficient storage**: Kopia's deduplication reduces storage needs for offsite copies + +#### Backup Frequency +- **Daily**: Mailcow native backup runs at 2 AM +- **Daily**: Kopia snapshot of backups runs at 3 AM +- **Retention (Local)**: 7 days of mailcow backups (managed by script) +- **Retention (Kopia/Offsite)**: 30 daily, 12 weekly, 12 monthly + +### Mailcow Native Backup Script + +Mailcow includes `/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh` which handles: +- **vmail**: Email data (mailboxes) +- **mysql**: Database (using mariabackup for consistency) +- **redis**: Redis database +- **rspamd**: Spam filter learning data +- **crypt**: Encryption data +- **postfix**: Mail queue + +**Key Features:** +- Uses `mariabackup` (hot backup without stopping MySQL) +- Supports multithreading for faster backups +- Architecture-aware (handles x86/ARM differences) +- Built-in cleanup with `--delete-days` parameter +- Creates compressed archives (.tar.zst or .tar.gz) + +### Setting Up Mailcow Backups + + +#### Prereq: +Make sure you are connected to the repository, + +```bash +sudo kopia repository connect server --url=https://192.168.5.10:51516 --override-username=admin --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 +``` + + +#### Step 1: Configure Backup Location + +Set the backup destination via environment variable or in mailcow.conf: + +```bash +# Option 1: Set environment variable (preferred for automation) +export MAILCOW_BACKUP_LOCATION="/opt/mailcow-backups" + +# Option 2: Add to cron job directly (shown in automated script below) +``` + +Create the backup directory: +```bash +mkdir -p /opt/mailcow-backups +chown -R root:root /opt/mailcow-backups +chmod 777 /opt/mailcow-backups +``` + +#### Step 2: Manual Backup Commands + +```bash +cd /opt/mailcow-dockerized + +# Backup all components, delete backups older than 7 days +MAILCOW_BACKUP_LOCATION=/opt/mailcow-backups \ + ./helper-scripts/backup_and_restore.sh backup all --delete-days 7 + +# Backup with multithreading (faster for large mailboxes) +THREADS=4 MAILCOW_BACKUP_LOCATION=/opt/mailcow-backups \ + ./helper-scripts/backup_and_restore.sh backup all --delete-days 7 + +# Backup specific components only +MAILCOW_BACKUP_LOCATION=/opt/mailcow-backups \ + ./helper-scripts/backup_and_restore.sh backup vmail mysql --delete-days 7 +``` + +**What gets created:** +- Backup directory: `/opt/mailcow-backups/mailcow-YYYY-MM-DD-HH-MM-SS/` +- Contains: `.tar.zst` compressed archives for each component +- Plus: `mailcow.conf` copy for restore reference + +#### Step 3: Automated Backup Script + +Create `/opt/scripts/backup-mailcow.sh`: + +```bash +#!/bin/bash + +# Mailcow Automated Backup Script +# This creates mailcow native backups, then snapshots them with Kopia for offsite storage + +set -e + +BACKUP_DATE=$(date +%Y%m%d_%H%M%S) +LOG_FILE="/var/log/mailcow-backup.log" +MAILCOW_DIR="/opt/mailcow-dockerized" +BACKUP_DIR="/opt/mailcow-backups" +THREADS=4 # Adjust based on your CPU cores +KEEP_DAYS=7 # Keep local mailcow backups for 7 days + +echo "[${BACKUP_DATE}] ========================================" | tee -a "$LOG_FILE" +echo "[${BACKUP_DATE}] Starting Mailcow backup process" | tee -a "$LOG_FILE" + +# Step 1: Run mailcow's native backup script +echo "[${BACKUP_DATE}] Running mailcow native backup..." | tee -a "$LOG_FILE" + +cd "$MAILCOW_DIR" + +# Run the backup with multithreading +THREADS=${THREADS} MAILCOW_BACKUP_LOCATION=${BACKUP_DIR} \ + ./helper-scripts/backup_and_restore.sh backup all --delete-days ${KEEP_DAYS} \ + 2>&1 | tee -a "$LOG_FILE" + +BACKUP_EXIT=${PIPESTATUS[0]} + +if [ $BACKUP_EXIT -ne 0 ]; then + echo "[${BACKUP_DATE}] ERROR: Mailcow backup failed with exit code ${BACKUP_EXIT}" | tee -a "$LOG_FILE" + exit 1 +fi + +echo "[${BACKUP_DATE}] Mailcow native backup completed successfully" | tee -a "$LOG_FILE" + +# Step 2: Create Kopia snapshot of backup directory +echo "[${BACKUP_DATE}] Creating Kopia snapshot..." | tee -a "$LOG_FILE" + +kopia snapshot create "${BACKUP_DIR}" \ + --tags mailcow:tier1-backup \ + --description "Mailcow backup ${BACKUP_DATE}" \ + 2>&1 | tee -a "$LOG_FILE" + +KOPIA_EXIT=${PIPESTATUS[0]} + +if [ $KOPIA_EXIT -ne 0 ]; then + echo "[${BACKUP_DATE}] WARNING: Kopia snapshot failed with exit code ${KOPIA_EXIT}" | tee -a "$LOG_FILE" + echo "[${BACKUP_DATE}] Local mailcow backup exists but offsite copy may be incomplete" | tee -a "$LOG_FILE" + exit 2 +fi + +echo "[${BACKUP_DATE}] Kopia snapshot completed successfully" | tee -a "$LOG_FILE" + +# Step 3: Also backup the mailcow installation directory (configs, compose files) +echo "[${BACKUP_DATE}] Backing up mailcow installation directory..." | tee -a "$LOG_FILE" + +kopia snapshot create "${MAILCOW_DIR}" \ + --tags mailcow,config,docker-compose \ + --description "Mailcow config ${BACKUP_DATE}" \ + 2>&1 | tee -a "$LOG_FILE" + +echo "[${BACKUP_DATE}] Backup process completed successfully" | tee -a "$LOG_FILE" +echo "[${BACKUP_DATE}] ========================================" | tee -a "$LOG_FILE" + +# Optional: Send notification on completion +# Add your notification method here (email, webhook, etc.) +``` + +Make it executable: +```bash +chmod +x /opt/scripts/backup-mailcow.sh +``` + +Add to crontab (daily at 2 AM): +```bash +# Edit root's crontab +crontab -e + +# Add this line: +0 2 * * * /opt/scripts/backup-mailcow.sh 2>&1 | logger -t mailcow-backup +``` + +### Offsite Backup to Vaults + +After local Kopia snapshots are created, sync to your offsite vaults: + +```bash +# Option 1: Kopia repository sync (if using multiple Kopia repos) +kopia repository sync-to filesystem --path /mnt/vault/mailcow-backup + +# Option 2: Rsync to vault +rsync -avz --delete /backup/kopia-repo/ /mnt/vault/mailcow-backup/ + +# Option 3: Rclone to remote vault +rclone sync /backup/kopia-repo/ vault:mailcow-backup/ +``` + +## Recovery Procedures + +### Understanding Two Recovery Methods + +We have **two restore methods** depending on the scenario: + +1. **Mailcow Native Restore** (Preferred): For component-level or same-server recovery +2. **Kopia Full Restore**: For complete disaster recovery to a new server + +### Method 1: Mailcow Native Restore (Recommended) + +Use this method when: +- Restoring on the same/similar server +- Restoring specific components (just email, just database, etc.) +- Recovering from local mailcow backups + +#### Step 1: List Available Backups + +```bash +cd /opt/mailcow-dockerized + +# Run the restore script +./helper-scripts/backup_and_restore.sh restore +``` + +The script will prompt: +``` +Backup location (absolute path, starting with /): /opt/mailcow-backups +``` + +#### Step 2: Select Backup + +The script displays available backups: +``` +Found project name mailcowdockerized +[ 1 ] - /opt/mailcow-backups/mailcow-2026-02-09-02-00-14/ +[ 2 ] - /opt/mailcow-backups/mailcow-2026-02-10-02-00-08/ +``` + +Enter the number of the backup to restore. + +#### Step 3: Select Components + +Choose what to restore: +``` +[ 0 ] - all +[ 1 ] - Crypt data +[ 2 ] - Rspamd data +[ 3 ] - Mail directory (/var/vmail) +[ 4 ] - Redis DB +[ 5 ] - Postfix data +[ 6 ] - SQL DB +``` + +**Important**: The script will: +- Stop mailcow containers automatically +- Restore selected components +- Handle permissions correctly +- Restart containers when done + +#### Example: Restore Only Email Data + +```bash +cd /opt/mailcow-dockerized +./helper-scripts/backup_and_restore.sh restore + +# When prompted: +# - Backup location: /opt/mailcow-backups +# - Select backup: 2 (most recent) +# - Select component: 3 (Mail directory) +``` + +#### Example: Restore Database Only + +```bash +cd /opt/mailcow-dockerized +./helper-scripts/backup_and_restore.sh restore + +# When prompted: +# - Backup location: /opt/mailcow-backups +# - Select backup: 2 (most recent) +# - Select component: 6 (SQL DB) +``` + +**Note**: For database restore, the script will modify `mailcow.conf` with the database credentials from the backup. Review the changes after restore. + +### Method 2: Complete Server Rebuild (Kopia Restore) + +Use this when recovering to a completely new server or when local backups are unavailable. + +#### Step 1: Prepare New Server + +```bash +# Update system +apt update && apt upgrade -y + +# Install Docker +curl -fsSL https://get.docker.com | sh +systemctl enable docker +systemctl start docker + +# Install Docker Compose +apt install docker-compose-plugin -y + +# Install Kopia +curl -s https://kopia.io/signing-key | apt-key add - +echo "deb https://packages.kopia.io/apt/ stable main" | tee /etc/apt/sources.list.d/kopia.list +apt update +apt install kopia -y + +# Create directory structure +mkdir -p /opt/mailcow-dockerized +mkdir -p /opt/mailcow-backups/database +``` + +#### Step 2: Restore Kopia Repository + +```bash +# Connect to your offsite vault +# If vault is mounted: +kopia repository connect filesystem --path /mnt/vault/mailcow-backup + +# If vault is remote: +kopia repository connect s3 --bucket=your-bucket --access-key=xxx --secret-access-key=xxx + +# List available snapshots +kopia snapshot list --tags mailcow +``` + +#### Step 3: Restore Configuration + +```bash +# Find and restore the config snapshot +kopia snapshot list --tags config + +# Restore to the Mailcow directory +kopia restore /opt/mailcow-dockerized/ + +# Verify critical files +ls -la /opt/mailcow-dockerized/mailcow.conf +ls -la /opt/mailcow-dockerized/docker-compose.yml +``` + +#### Step 4: Restore Mailcow Backups Directory + +```bash +# Restore the entire backup directory from Kopia +kopia snapshot list --tags tier1-backup + +# Restore the most recent backup +kopia restore /opt/mailcow-backups/ + +# Verify backups were restored +ls -la /opt/mailcow-backups/ +``` + +#### Step 5: Run Mailcow Native Restore + +Now use mailcow's built-in restore script: + +```bash +cd /opt/mailcow-dockerized + +# Run the restore script +./helper-scripts/backup_and_restore.sh restore + +# When prompted: +# - Backup location: /opt/mailcow-backups +# - Select the most recent backup +# - Select [ 0 ] - all (to restore everything) +``` + +The script will: +1. Stop all mailcow containers +2. Restore all components (vmail, mysql, redis, rspamd, postfix, crypt) +3. Update mailcow.conf with restored database credentials +4. Restart all containers + +**Alternative: Manual Restore** (if you prefer more control) + +```bash +cd /opt/mailcow-dockerized + +# Start containers to create volumes +docker compose up -d --no-start +docker compose down + +# Find the most recent backup directory +LATEST_BACKUP=$(ls -td /opt/mailcow-backups/mailcow-* | head -1) +echo "Restoring from: $LATEST_BACKUP" + +# Extract each component manually +cd "$LATEST_BACKUP" + +# Restore vmail (email data) +docker run --rm \ + -v mailcowdockerized_vmail-vol:/backup \ + -v "$PWD":/restore \ + debian:bookworm-slim \ + tar --use-compress-program='zstd -d' -xvf /restore/backup_vmail.tar.zst + +# Restore MySQL +docker run --rm \ + -v mailcowdockerized_mysql-vol:/backup \ + -v "$PWD":/restore \ + mariadb:10.11 \ + tar --use-compress-program='zstd -d' -xvf /restore/backup_mysql.tar.zst + +# Restore Redis +docker run --rm \ + -v mailcowdockerized_redis-vol:/backup \ + -v "$PWD":/restore \ + debian:bookworm-slim \ + tar --use-compress-program='zstd -d' -xvf /restore/backup_redis.tar.zst + +# Restore other components similarly (rspamd, postfix, crypt) +# ... + +# Copy mailcow.conf from backup +cp "$LATEST_BACKUP/mailcow.conf" /opt/mailcow-dockerized/mailcow.conf +``` + +#### Step 6: Start and Verify Mailcow + +```bash +cd /opt/mailcow-dockerized + +# Pull latest images (or use versions from backup if preferred) +docker compose pull + +# Start all services +docker compose up -d + +# Monitor logs +docker compose logs -f +``` + +#### Step 7: Post-Restore Verification + +```bash +# Check container status +docker compose ps + +# Test web interface +curl -I https://mail.yourdomain.com + +# Check mail log +docker compose logs -f postfix-mailcow + +# Verify database +docker compose exec mysql-mailcow mysql -u root -p$(grep DBROOT mailcow.conf | cut -d'=' -f2) -e "SHOW DATABASES;" + +# Check email storage +docker compose exec dovecot-mailcow ls -lah /var/vmail/ +``` + +### Scenario 2: Restore Individual Mailbox + +To restore a single user's mailbox without affecting others: + +#### Option A: Using Mailcow Backups (If Available) + +```bash +cd /opt/mailcow-dockerized + +# Temporarily mount the backup +BACKUP_DIR="/opt/mailcow-backups/mailcow-YYYY-MM-DD-HH-MM-SS" + +# Extract just the vmail archive to a temporary location +mkdir -p /tmp/vmail-restore +cd "$BACKUP_DIR" +tar --use-compress-program='zstd -d' -xvf backup_vmail.tar.zst -C /tmp/vmail-restore + +# Find the user's mailbox +# Structure: /tmp/vmail-restore/var/vmail/domain.com/user/ +ls -la /tmp/vmail-restore/var/vmail/yourdomain.com/ + +# Copy specific mailbox +rsync -av /tmp/vmail-restore/var/vmail/yourdomain.com/user@domain.com/ \ + /var/lib/docker/volumes/mailcowdockerized_vmail-vol/_data/yourdomain.com/user@domain.com/ + +# Fix permissions +docker run --rm \ + -v mailcowdockerized_vmail-vol:/vmail \ + debian:bookworm-slim \ + chown -R 5000:5000 /vmail/yourdomain.com/user@domain.com/ + +# Cleanup +rm -rf /tmp/vmail-restore + +# Restart Dovecot to recognize changes +docker compose restart dovecot-mailcow +``` + +#### Option B: Using Kopia Snapshot (If Local Backups Unavailable) + +```bash +# Mount the vmail snapshot temporarily +mkdir -p /mnt/restore +kopia mount /mnt/restore + +# Find the user's mailbox +# Structure: /mnt/restore/domain.com/user/ +ls -la /mnt/restore/yourdomain.com/ + +# Copy specific mailbox +rsync -av /mnt/restore/yourdomain.com/user@domain.com/ \ + /var/lib/docker/volumes/mailcowdockerized_vmail-vol/_data/yourdomain.com/user@domain.com/ + +# Fix permissions +chown -R 5000:5000 /var/lib/docker/volumes/mailcowdockerized_vmail-vol/_data/yourdomain.com/user@domain.com/ + +# Unmount +kopia unmount /mnt/restore + +# Restart Dovecot to recognize changes +docker compose restart dovecot-mailcow +``` + +### Scenario 3: Database Recovery Only + +If only the database is corrupted but email data is intact: + +#### Option A: Using Mailcow Native Restore (Recommended) + +```bash +cd /opt/mailcow-dockerized + +# Run the restore script +./helper-scripts/backup_and_restore.sh restore + +# When prompted: +# - Backup location: /opt/mailcow-backups +# - Select the most recent backup +# - Select [ 6 ] - SQL DB (database only) +``` + +The script will: +1. Stop mailcow +2. Restore the MySQL database from the mariabackup archive +3. Update mailcow.conf with the restored database credentials +4. Restart mailcow + +#### Option B: Manual Database Restore from Kopia + +If local backups are unavailable: + +```bash +cd /opt/mailcow-dockerized + +# Stop Mailcow +docker compose down + +# Start only MySQL +docker compose up -d mysql-mailcow + +# Wait for MySQL +sleep 30 + +# Restore from Kopia database dump +kopia snapshot list --tags database +kopia restore /tmp/db-restore/ + +# Import the dump +LATEST_DUMP=$(ls -t /tmp/db-restore/mailcow_*.sql | head -1) +docker compose exec -T mysql-mailcow mysql -u root -p$(grep DBROOT mailcow.conf | cut -d'=' -f2) < "$LATEST_DUMP" + +# Start all services +docker compose down +docker compose up -d + +# Verify +docker compose logs -f +``` + +### Scenario 4: Configuration Recovery Only + +If you only need to restore configuration files: + +#### Option A: From Mailcow Backup + +```bash +# Find the most recent backup +LATEST_BACKUP=$(ls -td /opt/mailcow-backups/mailcow-* | head -1) + +# Stop Mailcow +cd /opt/mailcow-dockerized +docker compose down + +# Backup current config (just in case) +cp mailcow.conf mailcow.conf.pre-restore +cp docker-compose.yml docker-compose.yml.pre-restore + +# Restore mailcow.conf from backup +cp "$LATEST_BACKUP/mailcow.conf" ./mailcow.conf + +# If you also need other config files from data/conf/, +# you would need to extract them from the backup archives + +# Restart +docker compose up -d +``` + +#### Option B: From Kopia Snapshot + +```bash +# Restore config snapshot to temporary location +kopia restore /tmp/mailcow-restore/ + +# Stop Mailcow +cd /opt/mailcow-dockerized +docker compose down + +# Backup current config (just in case) +cp mailcow.conf mailcow.conf.pre-restore +cp docker-compose.yml docker-compose.yml.pre-restore + +# Restore specific files +cp /tmp/mailcow-restore/mailcow.conf ./ +cp /tmp/mailcow-restore/docker-compose.yml ./ +cp -r /tmp/mailcow-restore/data/conf/* ./data/conf/ + +# Restart +docker compose up -d +``` + +## Verification and Testing + +### Regular Backup Verification + +Perform monthly restore tests to ensure backups are valid: + +```bash +# Test restore to temporary location +mkdir -p /tmp/backup-test +kopia snapshot list --tags mailcow +kopia restore /tmp/backup-test/ + +# Verify files exist and are readable +ls -lah /tmp/backup-test/ +cat /tmp/backup-test/mailcow.conf + +# Cleanup +rm -rf /tmp/backup-test/ +``` + +### Backup Monitoring Script + +Create `/opt/scripts/check-mailcow-backup.sh`: + +```bash +#!/bin/bash + +# Check last backup age +LAST_BACKUP=$(kopia snapshot list --tags mailcow --json | jq -r '.[0].startTime') +LAST_BACKUP_EPOCH=$(date -d "$LAST_BACKUP" +%s) +NOW=$(date +%s) +AGE_HOURS=$(( ($NOW - $LAST_BACKUP_EPOCH) / 3600 )) + +if [ $AGE_HOURS -gt 26 ]; then + echo "WARNING: Last Mailcow backup is $AGE_HOURS hours old" + # Send alert (email, Slack, etc.) + exit 1 +else + echo "OK: Last backup $AGE_HOURS hours ago" +fi +``` + +## Disaster Recovery Checklist + +When disaster strikes, follow this checklist: + +- [ ] Confirm scope of failure (server, storage, specific component) +- [ ] Gather server information (hostname, IP, DNS records) +- [ ] Access offsite backup vault +- [ ] Provision new server (if needed) +- [ ] Install Docker and dependencies +- [ ] Connect to Kopia repository +- [ ] Restore configurations first +- [ ] Restore database +- [ ] Restore email data +- [ ] Start services and verify +- [ ] Test email sending/receiving +- [ ] Verify webmail access +- [ ] Check DNS records and update if needed +- [ ] Document any issues encountered +- [ ] Update recovery procedures based on experience + +## Important Notes + +1. **DNS**: Keep DNS records documented separately. Recovery includes updating DNS if server IP changes. + +2. **SSL Certificates**: Let's Encrypt certificates are in the backup but may need renewal. Mailcow will handle this automatically. + +3. **Permissions**: Docker volumes have specific UID/GID requirements: + - vmail: `5000:5000` + - mysql: `999:999` + +4. **Testing**: Always test recovery procedures in a lab environment before trusting them in production. + +5. **Documentation**: Keep this guide and server details in a separate location (printed copy, password manager, etc.). + +6. **Retention Policy**: Review Kopia retention settings periodically to balance storage costs with recovery needs. + +## Backup Architecture Notes + +### Why Two Backup Layers? + +**Mailcow Native Backups** (Tier 1): +- ✅ Component-aware (knows about mailcow's structure) +- ✅ Uses mariabackup for consistent MySQL hot backups +- ✅ Fast, selective restore (can restore just one component) +- ✅ Architecture-aware (handles x86/ARM differences) +- ❌ No deduplication (full copies each time) +- ❌ Limited to local storage initially + +**Kopia Snapshots** (Tier 2): +- ✅ Deduplication and compression +- ✅ Efficient offsite replication to vaults +- ✅ Point-in-time recovery across multiple versions +- ✅ Disaster recovery to completely new infrastructure +- ❌ Less component-aware (treats as files) +- ❌ Slower for granular component restore + +### Storage Efficiency + +Using this two-tier approach: +- **Local**: Mailcow creates ~7 days of native backups (may be large, but short retention) +- **Offsite**: Kopia deduplicates these backups for long-term vault storage (much smaller) + +Example storage calculation (10GB mailbox): +- Local: 7 days × 10GB = ~70GB (before compression) +- Kopia (offsite): First backup ~10GB, subsequent backups only store changes (might be <1GB/day after dedup) + +### Compression Formats + +Mailcow's script creates `.tar.zst` (Zstandard) or `.tar.gz` (gzip) files: +- **Zstandard** (modern): Better compression ratio, faster (recommended) +- **Gzip** (legacy): Wider compatibility with older systems + +Verify your backup compression: +```bash +ls -lh /opt/mailcow-backups/mailcow-*/ +# Look for .tar.zst (preferred) or .tar.gz +``` + +### Cross-Architecture Considerations + +**Important for ARM/x86 Migration**: + +Mailcow's backup script is architecture-aware. When restoring: +- **Rspamd data** cannot be restored across different architectures (x86 ↔ ARM) +- **All other components** (vmail, mysql, redis, postfix, crypt) are architecture-independent + +If migrating between architectures: +```bash +# Restore everything EXCEPT rspamd +# Select components individually: vmail, mysql, redis, postfix, crypt +# Skip rspamd - it will rebuild its learning database over time +``` + +### Testing Your Backups + +**Monthly Test Protocol**: + +1. **Verify local backups exist**: + ```bash + ls -lh /opt/mailcow-backups/ + # Should see recent dated directories + ``` + +2. **Verify Kopia snapshots**: + ```bash + kopia snapshot list --tags mailcow + # Should see recent snapshots + ``` + +3. **Test restore in lab** (recommended quarterly): + - Spin up a test VM + - Restore from Kopia + - Run mailcow native restore + - Verify email delivery and webmail access + +## Additional Resources + +- [Mailcow Official Backup Documentation](https://docs.mailcow.email/backup_restore/b_n_r-backup/) +- [Kopia Documentation](https://kopia.io/docs/) +- [Docker Volume Backup Best Practices](https://docs.docker.com/storage/volumes/#back-up-restore-or-migrate-data-volumes) + +## Revision History + +| Date | Version | Changes | +|------|---------|---------| +| 2026-02-10 | 1.1 | Integrated mailcow native backup_and_restore.sh script as primary backup method | +| 2026-02-10 | 1.0 | Initial documentation | + +--- + +**Last Updated**: February 10, 2026 +**Maintained By**: System Administrator +**Review Schedule**: Quarterly diff --git a/Vault-Grimoire/Backups/Nextcloud-Backup.md b/Vault-Grimoire/Backups/Nextcloud-Backup.md new file mode 100644 index 0000000..b124a30 --- /dev/null +++ b/Vault-Grimoire/Backups/Nextcloud-Backup.md @@ -0,0 +1,1151 @@ +--- +title: Nextcloud Backup +description: Native + Kopia +published: true +date: 2026-02-20T04:19:28.405Z +tags: +editor: markdown +dateCreated: 2026-02-14T23:52:25.405Z +--- + +--- +title: Nextcloud AIO Backup and Recovery Guide +description: Comprehensive backup and recovery procedures for Nextcloud All-in-One using native BorgBackup and Kopia offsite storage +published: true +date: 2026-02-17 +tags: nextcloud, backup, borgbackup, kopia, docker, aio +editor: markdown +--- + +# Nextcloud AIO Backup and Recovery Guide + +## Overview + +This document provides comprehensive backup and recovery procedures for Nextcloud All-in-One (AIO). Nextcloud AIO includes a **built-in BorgBackup solution** that runs daily automated backups. We enhance this with Kopia for offsite storage in vaults, following the same two-tier approach used for Mailcow and Immich. + +## Quick Reference + +### Common Backup Commands + +```bash +# Run Kopia snapshot script (snapshots AIO's backups) +/opt/scripts/backup-nextcloud.sh + +# Manually trigger AIO backup via web interface +# Navigate to: https://your-server:8080 → Backup section → Create Backup + +# List Kopia snapshots +kopia snapshot list --tags nextcloud + +# View backup logs +tail -f /var/log/nextcloud-backup.log + +# Check AIO backup status +docker exec -it nextcloud-aio-mastercontainer ls -lh /mnt/docker-aio-config/data/borg/ +``` + +### Common Restore Commands + +```bash +# Restore using AIO's built-in interface (RECOMMENDED) +# Navigate to: https://your-server:8080 → Backup section → Restore + +# Restore from Kopia to new server +kopia snapshot list --tags nextcloud +kopia restore /opt/nextcloud-backups/ + +# Check container status after restore +docker ps | grep nextcloud +docker logs -f nextcloud-aio-mastercontainer +``` + +## Critical Components to Backup + +### 1. Nextcloud AIO BorgBackup Repository +- **Location**: Docker volume `nextcloud_aio_mastercontainer` → `/mnt/docker-aio-config/data/borg/` +- **Contains**: + - Complete PostgreSQL database + - All user files and data + - Nextcloud configuration + - Apps and their data +- **Importance**: This is Nextcloud AIO's primary backup - contains everything needed for restore +- **Encryption**: Encrypted with BorgBackup password + +### 2. Nextcloud Data Directory +- **Location**: `/srv/NextCloud-AIO` (per NEXTCLOUD_DATADIR setting) +- **Purpose**: User files, photos, documents +- **Note**: Already included in AIO BorgBackup, but can be backed up separately with Kopia + +### 3. AIO Mastercontainer Volume +- **Volume**: `nextcloud_aio_mastercontainer` +- **Contains**: AIO configuration, certificates, Borg repository +- **Critical**: Required to restore AIO itself + +### 4. Docker Compose Configuration +- **Location**: `/opt/nextcloud/docker-compose.yml` +- **Purpose**: Container definitions, network settings, environment variables +- **Importance**: Needed to recreate the AIO setup + +### 5. Backup Credentials +- **BorgBackup Password**: `0c038ada7a620e59802f43422b6fea409b46bab8821be6d3` +- **Storage**: Store securely in password manager +- **Critical**: Required for restoring from Borg backups + +## Backup Strategy + +### Two-Tier Backup Approach + +We use a **two-tier approach** combining Nextcloud AIO's native BorgBackup with Kopia for offsite storage: + +1. **Tier 1 (Nextcloud AIO Native)**: BorgBackup creates deduplicated, encrypted backups daily at 02:00 +2. **Tier 2 (Offsite)**: Kopia snapshots the Borg repository at 03:00 and syncs to vaults + +#### Why This Approach? + +- **Best of both worlds**: AIO's BorgBackup is Nextcloud-aware and handles everything correctly, Kopia provides offsite protection +- **Native restore**: Use AIO's built-in restore interface (easiest, most reliable) +- **Disaster recovery**: Full system restore from Kopia backups on new server +- **Deduplication at two levels**: Borg deduplicates within Nextcloud data, Kopia deduplicates across backups +- **Proven strategy**: Same approach used for Mailcow and Immich + +#### Backup Schedule +- **02:00** - AIO's daily BorgBackup runs automatically +- **03:00** - Kopia script snapshots the completed Borg repository +- **Retention (AIO Borg)**: `--keep-within=7d --keep-weekly=4 --keep-monthly=6` +- **Retention (Kopia/Offsite)**: 30 daily, 12 weekly, 12 monthly + +### Nextcloud AIO Native Backup (BorgBackup) + +Nextcloud AIO includes an integrated BorgBackup solution that: +- Backs up PostgreSQL database (hot backup, no downtime) +- Backs up all user files and data +- Backs up Nextcloud configuration and apps +- Provides deduplication and compression +- Runs on daily schedule (configured in AIO interface) +- Includes built-in restore interface + +**Key Features:** +- **Deduplication**: Only stores changed blocks (very efficient) +- **Compression**: Reduces backup size significantly +- **Encryption**: Backups are encrypted with password +- **Incremental**: Only backs up changes after first backup +- **Web UI**: Manage backups through AIO's admin interface + +**BorgBackup Location:** +- Inside mastercontainer volume: `/mnt/docker-aio-config/data/borg/` +- On host: `/var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg/` + +## Setting Up Nextcloud AIO Backups + +### Prerequisites + +#### Connect to Kopia Repository + +```bash +sudo kopia repository connect server \ + --url=https://192.168.5.10:51516 \ + --override-username=admin \ + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 +``` + +> **Note on Multiple Kopia Repositories**: The backup script handles multiple Kopia repositories by explicitly connecting to the Nextcloud-specific repository at the start of each backup. To use a different repository, edit the variables in `/opt/scripts/backup-nextcloud.sh`. + +### Step 1: Configure AIO's Daily Backup + +First, configure Nextcloud AIO's built-in backup system: + +1. **Access AIO Admin Interface**: + ``` + https://your-server:8080 + ``` + +2. **Navigate to Backup Section** in the AIO interface + +3. **Configure Daily Backup**: + - Set **Backup time**: `02:00` (2 AM) + - Enable **Daily backup** + - Optionally enable **Automatic updates after backup** + - Optionally enable **Success notification** + +4. **Verify Backup Location**: + The backup location should be set to (default): + ``` + /mnt/docker-aio-config/data/borg + ``` + +5. **Trigger First Backup** manually via AIO interface to verify it works: + - Click "Create Backup" button + - Wait for completion (may take a while on first run) + - Verify success in the interface + +6. **Verify Backup Exists**: + ```bash + docker exec nextcloud-aio-mastercontainer ls -lh /mnt/docker-aio-config/data/borg/ + ``` + +### Step 2: Configure Local Backup Directory + +Create the backup directory for Kopia metadata: + +```bash +sudo mkdir -p /opt/nextcloud-backups +sudo chown -R root:root /opt/nextcloud-backups +sudo chmod 755 /opt/nextcloud-backups +``` + +### Step 3: Install Kopia Backup Script + +```bash +# Create scripts directory if not exists +sudo mkdir -p /opt/scripts + +# Copy the backup script +sudo cp backup-nextcloud.sh /opt/scripts/ +sudo chmod +x /opt/scripts/backup-nextcloud.sh +``` + +### Step 4: Configure Backup Script + +Edit `/opt/scripts/backup-nextcloud.sh` and verify these settings: + +```bash +BACKUP_DIR="/opt/nextcloud-backups" # Local backup storage +KEEP_DAYS=7 # Keep 7 days locally +NEXTCLOUD_DIR="/opt/nextcloud" # Your Nextcloud compose location +DATADIR="/srv/NextCloud-AIO" # Your NEXTCLOUD_DATADIR +KOPIA_SERVER_URL="https://192.168.5.10:51516" # Your Kopia server +KOPIA_USERNAME="admin" +KOPIA_FINGERPRINT="696a4999..." +``` + +### Step 5: Test Manual Backup + +Run your first Kopia snapshot manually: + +```bash +sudo /opt/scripts/backup-nextcloud.sh +``` + +Expected output: +``` +======================================== +Starting Nextcloud Kopia snapshot process +Note: AIO daily backup runs at 02:00, this script snapshots it +======================================== +[timestamp] Connecting to Kopia repository... +[timestamp] Kopia repository connected successfully +[timestamp] Checking Nextcloud AIO status... +[timestamp] Mastercontainer is running +[timestamp] Verifying AIO Borg backups... +[timestamp] Found Borg backup repository at: /mnt/docker-aio-config/data/borg +[timestamp] Backing up AIO mastercontainer volume... +[timestamp] Mastercontainer volume backup completed (5.2G) +[timestamp] Creating Kopia snapshots for offsite storage +... +✓ AIO Borg backups verified +✓ Mastercontainer volume backed up (5.2G) +✓ Kopia snapshots created for offsite storage +======================================== +``` + +Verify the backup: +```bash +# Check local backup +ls -lh /opt/nextcloud-backups/ +cat /opt/nextcloud-backups/nextcloud-*/manifest.txt + +# Check Kopia snapshots +kopia snapshot list --tags nextcloud + +# Check AIO Borg backups +docker exec nextcloud-aio-mastercontainer ls -lh /mnt/docker-aio-config/data/borg/ +``` + +### Step 6: Automated Backup with Cron + +**Important Timing**: Schedule this AFTER AIO's built-in backup completes. +- AIO backup: **02:00** (configured in AIO interface) +- Kopia script: **03:00** (snapshots the completed Borg backup) + +Add to root's crontab: + +```bash +sudo crontab -e +``` + +Add this line for daily backups at 3 AM: +``` +0 3 * * * /opt/scripts/backup-nextcloud.sh 2>&1 | logger -t nextcloud-backup +``` + +Alternative schedules: + +**Twice daily (3 AM and 3 PM):** +``` +0 3,15 * * * /opt/scripts/backup-nextcloud.sh 2>&1 | logger -t nextcloud-backup +``` + +**After AIO backup completes (2 AM AIO + 1 hour buffer):** +``` +0 3 * * * /opt/scripts/backup-nextcloud.sh 2>&1 | logger -t nextcloud-backup +``` + +### Step 7: Configure Kopia Retention Policy + +Set retention for Nextcloud snapshots: + +```bash +kopia policy set /opt/nextcloud-backups \ + --keep-latest 30 \ + --keep-daily 30 \ + --keep-weekly 12 \ + --keep-monthly 12 + +kopia policy set /opt/nextcloud \ + --keep-latest 7 \ + --keep-daily 7 + +# If backing up datadir directly (and it's small enough) +kopia policy set /srv/NextCloud-AIO \ + --keep-latest 7 \ + --keep-daily 7 +``` + +## Backup Validation + +### Regular Verification + +Perform these checks monthly to ensure backups are working: + +#### Test 1: Verify AIO Borg Backups Exist + +```bash +# List Borg archives inside container +docker exec nextcloud-aio-mastercontainer \ + borg list /mnt/docker-aio-config/data/borg/borgbackup + +# Expected output: List of backup archives with dates +``` + +#### Test 2: Check Borg Backup Integrity + +```bash +# Run Borg check (non-destructive) +docker exec nextcloud-aio-mastercontainer \ + borg check /mnt/docker-aio-config/data/borg/borgbackup + +# Expected output: Repository and archive checks passing +``` + +#### Test 3: Verify Local Kopia Backups + +```bash +# List recent local backups +ls -lth /opt/nextcloud-backups/ | head -5 + +# Check most recent backup +LATEST=$(ls -td /opt/nextcloud-backups/nextcloud-* | head -1) +cat "${LATEST}/manifest.txt" +``` + +#### Test 4: Verify Kopia Snapshots + +```bash +# List Kopia snapshots +kopia snapshot list --tags nextcloud + +# Verify snapshot content (without restoring) +kopia snapshot list --show-identical + +# Check Kopia repository status +kopia repository status +``` + +#### Test 5: Verify Backup Encryption + +```bash +# The BorgBackup password should be required for restore +# Test by attempting to list archives (should require password) + +docker exec -it nextcloud-aio-mastercontainer bash +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" +borg list /mnt/docker-aio-config/data/borg/borgbackup +exit +``` + +### Backup Monitoring Script + +Create `/opt/scripts/check-nextcloud-backup.sh`: + +```bash +#!/bin/bash + +LOG_PREFIX="[Nextcloud Backup Check]" + +# Check 1: AIO Borg backups +echo "$LOG_PREFIX Checking AIO Borg backups..." +BORG_COUNT=$(docker exec nextcloud-aio-mastercontainer \ + find /mnt/docker-aio-config/data/borg -type d -maxdepth 2 2>/dev/null | wc -l) + +if [ "$BORG_COUNT" -gt 0 ]; then + echo "$LOG_PREFIX ✓ AIO has $BORG_COUNT Borg backup items" +else + echo "$LOG_PREFIX ✗ WARNING: No Borg backups found!" + exit 1 +fi + +# Check 2: Local backups +echo "$LOG_PREFIX Checking local backups..." +LAST_BACKUP=$(ls -td /opt/nextcloud-backups/nextcloud-* 2>/dev/null | head -1) + +if [ -z "$LAST_BACKUP" ]; then + echo "$LOG_PREFIX ✗ WARNING: No local backups found!" + exit 1 +fi + +BACKUP_DATE=$(basename "$LAST_BACKUP" | sed 's/nextcloud-//') +BACKUP_EPOCH=$(date -d "${BACKUP_DATE:0:8} ${BACKUP_DATE:9:2}:${BACKUP_DATE:11:2}:${BACKUP_DATE:13:2}" +%s 2>/dev/null) +NOW=$(date +%s) +AGE_HOURS=$(( ($NOW - $BACKUP_EPOCH) / 3600 )) + +if [ $AGE_HOURS -gt 26 ]; then + echo "$LOG_PREFIX ✗ WARNING: Last backup is $AGE_HOURS hours old" + exit 1 +else + echo "$LOG_PREFIX ✓ Last backup: $AGE_HOURS hours ago" + BACKUP_SIZE=$(du -sh "$LAST_BACKUP" 2>/dev/null | cut -f1) + echo "$LOG_PREFIX Size: $BACKUP_SIZE" +fi + +# Check 3: Kopia snapshots +echo "$LOG_PREFIX Checking Kopia snapshots..." +KOPIA_COUNT=$(kopia snapshot list --tags nextcloud --json 2>/dev/null | jq '. | length' 2>/dev/null) + +if [ -n "$KOPIA_COUNT" ] && [ "$KOPIA_COUNT" -gt 0 ]; then + echo "$LOG_PREFIX ✓ Kopia has $KOPIA_COUNT snapshots" + KOPIA_LAST=$(kopia snapshot list --tags nextcloud --json 2>/dev/null | jq -r '.[0].startTime' 2>/dev/null) + echo "$LOG_PREFIX Latest: $KOPIA_LAST" +else + echo "$LOG_PREFIX ✗ WARNING: Cannot verify Kopia snapshots" + exit 1 +fi + +echo "$LOG_PREFIX =========================================" +echo "$LOG_PREFIX All backup checks passed!" +echo "$LOG_PREFIX =========================================" +``` + +Make executable and add to cron: +```bash +chmod +x /opt/scripts/check-nextcloud-backup.sh + +# Add to crontab (check daily at 8 AM) +sudo crontab -e +0 8 * * * /opt/scripts/check-nextcloud-backup.sh | logger -t nextcloud-backup-check +``` + +### Test Restore (Non-Production) + +Perform a test restore in a non-production environment quarterly: + +1. **Provision test server** with same OS +2. **Install Docker** and Kopia +3. **Restore from Kopia** following disaster recovery steps below +4. **Verify Nextcloud** works correctly +5. **Document any issues** encountered +6. **Destroy test environment** + +## Recovery Procedures + +### Understanding Two Recovery Methods + +We have **two restore methods** depending on the scenario: + +1. **AIO Native Restore** (Preferred): Use AIO's built-in restore interface +2. **Kopia Full Restore**: For complete disaster recovery to a new server + +### Method 1: AIO Native Restore (Recommended) + +Use this method when: +- Restoring on the same server +- AIO is still functional +- You have AIO Borg backups available + +This is the **easiest and most reliable** method for Nextcloud AIO. + +#### Via AIO Web Interface (Easiest) + +1. **Access AIO Admin Interface**: + ``` + https://your-server:8080 + ``` + +2. **Navigate to Backup Section** + +3. **Select Restore** + +4. **Enter BorgBackup Password**: + ``` + 0c038ada7a620e59802f43422b6fea409b46bab8821be6d3 + ``` + +5. **Choose Backup Date** from available Borg backups + +6. **Confirm Restore** + - AIO will: + - Stop Nextcloud containers + - Restore database + - Restore all files + - Restore configuration + - Restart containers + +7. **Verify** Nextcloud is working after restore: + - Access web interface + - Check files are accessible + - Verify user logins work + +#### Via Command Line (Advanced) + +If you need to restore from Borg backup directly: + +```bash +# Enter the mastercontainer +docker exec -it nextcloud-aio-mastercontainer bash + +# Set Borg password +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" + +# List available backups +borg list /mnt/docker-aio-config/data/borg/borgbackup + +# Extract specific backup (example - adjust archive name) +borg extract /mnt/docker-aio-config/data/borg/borgbackup::20260217-020001 + +# Exit container +exit +``` + +> **Note**: Using AIO's web interface is much safer and handles all the container orchestration automatically. + +### Method 2: Complete Server Rebuild (Kopia Restore) + +Use this when recovering to a completely new server or when AIO is completely lost. + +#### Step 1: Prepare New Server + +```bash +# Update system +sudo apt update && sudo apt upgrade -y + +# Install Docker +curl -fsSL https://get.docker.com | sh +sudo systemctl enable docker +sudo systemctl start docker + +# Install Docker Compose +sudo apt install docker-compose-plugin -y + +# Install Kopia +curl -s https://kopia.io/signing-key | sudo gpg --dearmor -o /usr/share/keyrings/kopia-keyring.gpg +echo "deb [signed-by=/usr/share/keyrings/kopia-keyring.gpg] https://packages.kopia.io/apt/ stable main" | sudo tee /etc/apt/sources.list.d/kopia.list +sudo apt update +sudo apt install kopia -y + +# Create directory structure +sudo mkdir -p /opt/nextcloud +sudo mkdir -p /opt/nextcloud-backups +sudo mkdir -p /srv/NextCloud-AIO +``` + +#### Step 2: Connect to Kopia Repository + +```bash +# Connect to your offsite vault +sudo kopia repository connect server \ + --url=https://192.168.5.10:51516 \ + --override-username=admin \ + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 + +# Verify connection +kopia repository status + +# List available snapshots +kopia snapshot list --tags nextcloud +``` + +#### Step 3: Restore Configuration + +```bash +# Find and restore the config snapshot +kopia snapshot list --tags config + +# Restore to the Nextcloud directory +kopia restore /opt/nextcloud/ + +# Verify critical files +ls -la /opt/nextcloud/docker-compose.yml +``` + +#### Step 4: Restore AIO Mastercontainer Volume + +```bash +# Find the backup with mastercontainer +kopia snapshot list --tags mastercontainer + +# Restore the most recent backup +kopia restore /opt/nextcloud-backups/ + +# Find the most recent backup directory +LATEST_BACKUP=$(ls -td /opt/nextcloud-backups/nextcloud-* | head -1) +echo "Restoring from: $LATEST_BACKUP" + +# Create the Docker volume +docker volume create nextcloud_aio_mastercontainer + +# Extract mastercontainer volume backup +docker run --rm \ + -v nextcloud_aio_mastercontainer:/target \ + -v "${LATEST_BACKUP}":/backup:ro \ + alpine tar -xzf /backup/aio-mastercontainer.tar.gz -C /target + +echo "Mastercontainer volume restored" +``` + +#### Step 5: Start Nextcloud AIO + +```bash +cd /opt/nextcloud + +# Create external network if needed +docker network create netgrimoire + +# Start mastercontainer +docker compose up -d + +# Monitor logs +docker compose logs -f +``` + +#### Step 6: Access AIO and Restore from Borg + +1. **Wait for mastercontainer to initialize** (1-2 minutes) + +2. **Access AIO Interface**: + ``` + https://new-server-ip:8080 + ``` + +3. **Navigate to Backup Section** + +4. **Select Restore** + +5. **Enter BorgBackup Password**: + ``` + 0c038ada7a620e59802f43422b6fea409b46bab8821be6d3 + ``` + +6. **Choose backup date** and restore + +7. **Wait for restore to complete** (may take significant time depending on data size) + +#### Step 7: Post-Restore Verification + +```bash +# Check all containers are running +docker ps | grep nextcloud + +# Expected containers: +# - nextcloud-aio-mastercontainer +# - nextcloud-aio-apache +# - nextcloud-aio-nextcloud +# - nextcloud-aio-database +# - nextcloud-aio-redis +# - nextcloud-aio-imaginary +# - nextcloud-aio-fulltextsearch (if enabled) +# - nextcloud-aio-talk (if enabled) + +# Check Nextcloud is accessible via Apache +curl -I http://localhost:11000 + +# Access web interface +# https://your-server-domain + +# Verify: +# - Login works +# - Files are accessible +# - Apps are functioning +# - Sharing works +# - Uploads work +``` + +### Scenario 2: Restore Specific User's Files + +To restore a single user's files without affecting others: + +#### Option A: Via AIO Web Interface (Safest) + +1. Use AIO's restore to restore to a specific point in time +2. Users can access previous versions via Nextcloud's version history + +#### Option B: Extract from Borg Backup + +```bash +# Enter mastercontainer +docker exec -it nextcloud-aio-mastercontainer bash + +# Set Borg password +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" + +# List available backups +borg list /mnt/docker-aio-config/data/borg/borgbackup + +# Mount a specific backup +mkdir -p /tmp/borg-mount +borg mount /mnt/docker-aio-config/data/borg/borgbackup:: /tmp/borg-mount + +# Navigate to user's files +cd /tmp/borg-mount/nextcloud_aio_nextcloud_data/ + +# Find the user's directory +ls -la + +# Copy specific files out (example) +cp -r /tmp/borg-mount/nextcloud_aio_nextcloud_data// /recovery/ + +# Unmount +borg umount /tmp/borg-mount +exit +``` + +#### Option C: Using Kopia Mount + +```bash +# Mount Kopia snapshot +kopia snapshot list --tags datadir +mkdir -p /mnt/kopia-nextcloud +kopia mount /mnt/kopia-nextcloud & + +# Find user's files +USER="username" +ls /mnt/kopia-nextcloud/${USER}/files/ + +# Copy files back +rsync -av /mnt/kopia-nextcloud/${USER}/files/ \ + /srv/NextCloud-AIO/${USER}/files/ + +# Unmount +kopia unmount /mnt/kopia-nextcloud + +# Rescan files in Nextcloud +docker exec -u www-data nextcloud-aio-nextcloud \ + php occ files:scan ${USER} +``` + +### Scenario 3: Rollback After Failed Update + +If a Nextcloud update breaks your installation: + +1. **Access AIO Interface**: `https://your-server:8080` + +2. **Navigate to Backup Section** + +3. **Select Restore** + +4. **Enter password**: `0c038ada7a620e59802f43422b6fea409b46bab8821be6d3` + +5. **Choose backup** from before the update + +6. **Restore and verify** + +7. **Disable auto-updates** in AIO until issue is resolved + +### Scenario 4: Database-Only Recovery + +If only the database is corrupted but files are intact: + +**Via AIO Restore (Recommended):** +1. Use AIO's restore feature +2. It will restore the complete state including database + +**Note**: AIO's BorgBackup stores everything together, so you cannot easily restore just the database. A full restore is safer and ensures consistency. + +## Disaster Recovery Checklist + +When disaster strikes, follow this checklist: + +- [ ] Confirm scope of failure (server down, storage failure, data corruption) +- [ ] Gather server information (hostname, IP, domain configuration) +- [ ] Retrieve BorgBackup password from secure storage +- [ ] Access offsite Kopia repository +- [ ] Provision new server (if needed) with Docker and Kopia +- [ ] Connect to Kopia repository +- [ ] Restore docker-compose configuration +- [ ] Restore AIO mastercontainer volume +- [ ] Start AIO mastercontainer +- [ ] Use AIO's restore interface with BorgBackup password +- [ ] Verify web interface accessible +- [ ] Test file access and sharing +- [ ] Verify user logins work +- [ ] Check all apps are functioning +- [ ] Update DNS if server IP changed +- [ ] Document issues and lessons learned +- [ ] Update this guide based on experience + +## Important Notes + +### 1. Backup Schedule Coordination + +- **AIO backup**: 02:00 (configured in AIO interface) +- **Kopia script**: 03:00 (must run AFTER AIO backup completes) +- Ensure sufficient time gap for large backups + +### 2. BorgBackup Password Security + +- **Password**: `0c038ada7a620e59802f43422b6fea409b46bab8821be6d3` +- **Storage**: Keep in password manager (LastPass, 1Password, etc.) +- **Backup**: Print and store in safe location +- **Critical**: Without this password, Borg backups cannot be restored + +### 3. Storage Requirements + +BorgBackup is deduplicated but can still be large: +- Borg repository: ~1.5x your data size initially +- Grows with retention policy (7 days + 4 weeks + 6 months) +- Kopia adds minimal overhead due to deduplication +- Monitor disk space regularly + +### 4. Network Configuration + +Your setup uses: +- External network: `netgrimoire` +- Custom Apache port: `11000` +- AIO admin port: `8080` +- Ensure these are documented for restore + +### 5. Testing + +- Test recovery procedures quarterly in lab environment +- Verify backups monthly with validation scripts +- Keep printed copy of this guide offsite + +### 6. Updates + +- AIO can auto-update containers after successful backup +- This is configured in the daily backup settings +- Ensure backups run BEFORE updates + +### 7. Performance Considerations + +First backup will be slow (full copy): +- Subsequent backups are incremental (much faster) +- Borg deduplication improves over time +- Large files (videos) take longer + +## Backup Architecture Notes + +### Why Two Backup Layers? + +**Nextcloud AIO BorgBackup** (Tier 1): +- ✅ Nextcloud-aware (knows how to backup everything correctly) +- ✅ Built-in restore interface (easiest to use) +- ✅ Deduplication and compression +- ✅ Encrypted with password +- ✅ Incremental backups (efficient) +- ❌ Single location (inside Docker volume) +- ❌ No offsite replication built-in + +**Kopia Snapshots** (Tier 2): +- ✅ Offsite protection in vaults +- ✅ Additional deduplication layer +- ✅ Point-in-time recovery +- ✅ Disaster recovery to new infrastructure +- ✅ Independent of Nextcloud/Docker state +- ❌ Less Nextcloud-aware +- ❌ More complex restore process + +### Storage Efficiency + +For a 200GB Nextcloud instance: + +**BorgBackup (Tier 1):** +- First backup: ~200GB +- Daily incremental: ~2-5GB (only changes) +- With retention policy: ~250GB total + +**Kopia (Tier 2) backing up mastercontainer:** +- First snapshot: ~250GB +- Daily changes: ~5-10GB (only changed data in Borg repo) +- Much smaller than backing up raw data repeatedly + +**Combined savings**: Borg handles Nextcloud-level deduplication, Kopia handles backup-to-backup deduplication + +### Deduplication Layers + +1. **Nextcloud level**: File versioning and deleted file retention +2. **Borg level**: Block-level deduplication within Nextcloud data +3. **Kopia level**: File-level deduplication of mastercontainer volume + +## Troubleshooting + +### "Cannot access AIO interface" + +**Symptoms**: Cannot connect to port 8080 + +**Solutions**: +```bash +# Check mastercontainer is running +docker ps | grep nextcloud-aio-mastercontainer + +# Check logs +docker logs nextcloud-aio-mastercontainer + +# Restart mastercontainer +cd /opt/nextcloud +docker compose restart + +# Check firewall +sudo ufw status +sudo ufw allow 8080/tcp +``` + +### "Borg backup fails" + +**Symptoms**: AIO reports backup failure + +**Solutions**: +```bash +# Check disk space +df -h + +# Check Borg repository integrity +docker exec nextcloud-aio-mastercontainer bash +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" +borg check /mnt/docker-aio-config/data/borg/borgbackup +exit + +# Repair if needed (last resort) +docker exec nextcloud-aio-mastercontainer bash +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" +borg check --repair /mnt/docker-aio-config/data/borg/borgbackup +exit +``` + +### "Restore hangs or fails" + +**Symptoms**: AIO restore doesn't complete + +**Solutions**: +```bash +# Check available disk space +df -h /srv/NextCloud-AIO + +# Check Docker resources +docker stats + +# Check if daily_backup_running marker is stuck +docker exec nextcloud-aio-mastercontainer \ + rm /mnt/docker-aio-config/data/daily_backup_running + +# Restart and try again +docker restart nextcloud-aio-mastercontainer +``` + +### "Wrong Borg password" + +**Symptoms**: Cannot restore or list backups + +**Solution**: +- Verify password is exactly: `0c038ada7a620e59802f43422b6fea409b46bab8821be6d3` +- No spaces, no quotes when entering in AIO interface +- If password is truly lost, backups cannot be recovered + +### "Kopia snapshot fails" + +**Symptoms**: Tier 2 backup fails but AIO backup succeeds + +**Solutions**: +```bash +# Check Kopia connection +kopia repository status + +# Reconnect if needed +kopia repository disconnect +kopia repository connect server --url=... + +# Check Kopia repository space +kopia repository status | grep Space + +# Manually test snapshot +kopia snapshot create /opt/nextcloud-backups +``` + +### "Files missing after restore" + +**Symptoms**: Nextcloud restored but files don't appear + +**Solutions**: +```bash +# Rescan all files +docker exec -u www-data nextcloud-aio-nextcloud \ + php occ files:scan --all + +# Check file permissions +docker exec nextcloud-aio-nextcloud \ + ls -la /mnt/ncdata/ + +# Verify datadir mount +docker inspect nextcloud-aio-nextcloud | grep -A 10 Mounts + +# Check Nextcloud logs +docker exec nextcloud-aio-nextcloud \ + tail -100 /var/www/html/data/nextcloud.log +``` + +## Advanced Topics + +### Customizing Borg Retention Policy + +Edit your docker-compose.yml: + +```yaml +environment: + # Default: Keep 7 days, 4 weeks, 6 months + BORG_RETENTION_POLICY: --keep-within=7d --keep-weekly=4 --keep-monthly=6 + + # More aggressive (less space, shorter history) + # BORG_RETENTION_POLICY: --keep-within=3d --keep-weekly=2 --keep-monthly=3 + + # More conservative (more space, longer history) + # BORG_RETENTION_POLICY: --keep-within=14d --keep-weekly=8 --keep-monthly=24 +``` + +Restart AIO: +```bash +cd /opt/nextcloud +docker compose down +docker compose up -d +``` + +### Backup to Multiple Kopia Repositories + +For critical data, backup to multiple vaults: + +```bash +# In backup script, after first Kopia snapshot: + +# Connect to second repository +kopia repository disconnect +kopia repository connect server \ + --url=https://backup2.example.com:51517 \ + --override-username=admin \ + --server-cert-fingerprint=... + +# Create snapshots in second repository +kopia snapshot create /opt/nextcloud-backups +``` + +### Backup Notifications + +Add to the end of `/opt/scripts/backup-nextcloud.sh`: + +```bash +# Email notification +ADMIN_EMAIL="admin@example.com" +if [ $? -eq 0 ]; then + echo "Nextcloud backup completed successfully" | \ + mail -s "✓ Nextcloud Backup Success" "$ADMIN_EMAIL" +else + echo "Nextcloud backup FAILED! Check /var/log/nextcloud-backup.log" | \ + mail -s "✗ Nextcloud Backup FAILED" "$ADMIN_EMAIL" +fi + +# Healthchecks.io ping +curl -fsS --retry 3 https://hc-ping.com/your-uuid-here + +# Webhook notification +curl -X POST https://monitor.example.com/backup-status \ + -H "Content-Type: application/json" \ + -d '{"service":"nextcloud","status":"success"}' +``` + +### Excluding Directories from Backup + +If certain directories don't need backup (temporary files, caches): + +This must be configured through AIO's interface or environment variables. Check AIO documentation for current version's options for excluding paths. + +### Manual Borg Operations + +Advanced users can interact with Borg directly: + +```bash +# Enter mastercontainer +docker exec -it nextcloud-aio-mastercontainer bash + +# Set password +export BORG_PASSPHRASE="0c038ada7a620e59802f43422b6fea409b46bab8821be6d3" + +# List all archives +borg list /mnt/docker-aio-config/data/borg/borgbackup + +# Get info about specific archive +borg info /mnt/docker-aio-config/data/borg/borgbackup:: + +# Check repository +borg check /mnt/docker-aio-config/data/borg/borgbackup + +# Compact repository (reclaim space) +borg compact /mnt/docker-aio-config/data/borg/borgbackup + +# Exit +exit +``` + +## Additional Resources + +- [Nextcloud AIO Official Documentation](https://github.com/nextcloud/all-in-one) +- [Nextcloud AIO Backup Documentation](https://github.com/nextcloud/all-in-one#backup-and-restore) +- [BorgBackup Documentation](https://borgbackup.readthedocs.io/) +- [Kopia Documentation](https://kopia.io/docs/) +- [Docker Volume Backup Best Practices](https://docs.docker.com/storage/volumes/#back-up-restore-or-migrate-data-volumes) + +## Security Considerations + +### BorgBackup Password + +- **Never commit** the password to git repositories +- **Store securely** in password manager +- **Print and store** physical copy in safe +- **Share with team** via secure channel only +- **Document location** of password storage + +### Kopia Repository Access + +- Kopia repository credentials stored on server +- Limit access to backup server +- Use firewall rules to restrict Kopia server access +- Consider separate Kopia repositories for different services + +### Network Security + +- AIO admin interface (8080) - restrict access via firewall +- Apache interface (11000) - behind reverse proxy +- Kopia server (51516) - internal network only + +## Revision History + +| Date | Version | Changes | +|------|---------|---------| +| 2026-02-17 | 1.0 | Initial documentation - two-tier backup strategy using AIO's BorgBackup + Kopia | + +--- + +**Last Updated**: February 17, 2026 +**Maintained By**: System Administrator +**Review Schedule**: Quarterly +**Next Review**: May 17, 2026 + +**Critical Information**: +- BorgBackup Password: Store securely, required for all restores +- Backup Schedule: AIO 02:00, Kopia 03:00 +- Kopia Server: 192.168.5.10:51516 diff --git a/Vault-Grimoire/Backups/Services-Backup.md b/Vault-Grimoire/Backups/Services-Backup.md new file mode 100644 index 0000000..c5b0e05 --- /dev/null +++ b/Vault-Grimoire/Backups/Services-Backup.md @@ -0,0 +1,19 @@ +--- +title: Services Backup +description: +published: true +date: 2026-02-20T04:08:15.923Z +tags: +editor: markdown +dateCreated: 2026-02-05T21:28:23.152Z +--- + +- [Mailcow](/backup-mailcow) +- [Immich](/immich_backup) +- [Nextcloud](/nextcloud_backup) +- kopia +- forgejo +- bitwarden +- wiki +- journalv + diff --git a/Vault-Grimoire/Backups/Wiki-Backup.md b/Vault-Grimoire/Backups/Wiki-Backup.md new file mode 100644 index 0000000..984c64d --- /dev/null +++ b/Vault-Grimoire/Backups/Wiki-Backup.md @@ -0,0 +1,567 @@ +--- +title: Wikijs Backup +description: Backup Wikijs +published: true +date: 2026-02-23T04:35:32.870Z +tags: +editor: markdown +dateCreated: 2026-02-23T04:35:24.121Z +--- + +# Wiki.js Backup & Recovery + +**Service:** Wiki.js (Netgrimoire) +**Stack:** Docker Compose — Wiki.js + PostgreSQL +**Backup Targets:** PostgreSQL database dump, Git content repository, Docker Compose config +**Backup Destinations:** Local vault path → Kopia → offsite vaults + +--- + +## Overview + +Wiki.js data lives in two separate places that must be backed up independently: + +**PostgreSQL database** — stores page metadata, navigation, user accounts, permissions, page history, assets, and all configuration. This is the critical component for a portable restore. Without it, a new instance has no knowledge of your wiki structure. + +**Git content repository** — stores the actual page content in markdown files, synced from Forgejo. This is already mirrored on the VAULT SSD at `/vault/repos/wiki/`. It is inherently redundant as long as Forgejo is healthy, but is included in backups for completeness and offline portability. + +**Docker Compose config** — the `docker-compose.yml` and `.env` files needed to recreate the stack. + +--- + +## What Gets Backed Up + +| Component | Location | Method | Critical? | +|---|---|---|---| +| PostgreSQL database | Docker volume | `pg_dump` → SQL file | Yes — primary restore target | +| Git content repo | `/vault/repos/wiki/` | Already on VAULT SSD | Yes — page content | +| Docker Compose files | `/opt/stacks/wikijs/` | rsync copy | Yes — stack config | +| Wiki.js data volume | Docker volume | Optional rsync | No — DB + Git covers this | + +--- + +## Backup Strategy + +### Tier 1 — Daily Dump to Vault Path + +A script runs daily via systemd timer. It produces a portable `pg_dump` SQL file written to `/vault/backups/wiki/`. These local dumps are retained for 14 days. + +**Key choices:** + +- `--format=plain` — plain SQL, portable to any PostgreSQL version and any host +- `--no-owner` — strips role ownership, so the dump restores cleanly on a new instance with a different postgres user (critical for Pocket Grimoire restores) +- `--no-acl` — strips GRANT/REVOKE statements for the same reason +- No application downtime required — PostgreSQL handles consistent dumps natively + +### Tier 2 — Kopia Snapshot to Offsite Vaults + +After the daily dump completes, Kopia snapshots the entire `/vault/backups/wiki/` directory and replicates to your offsite vaults. Kopia deduplication means only changed blocks are transferred after the first run. + +--- + +## Setup + +### Step 0 — Confirm Kopia Repository Exists + +If Kopia is not yet initialized on this host, initialize it first. If you already initialized Kopia for Mailcow or another service, skip this step — all services share the same Kopia repository. + +```bash +# Check if repository already exists +kopia repository status + +# If not initialized, create it against your vault path +kopia repository create filesystem --path=/vault/kopia + +# Connect on subsequent logins if disconnected +kopia repository connect filesystem --path=/vault/kopia +``` + +### Step 1 — Create Backup Directories + +```bash +sudo mkdir -p /vault/backups/wiki +sudo chown $(whoami):$(whoami) /vault/backups/wiki +``` + +### Step 2 — Create the Backup Script + +```bash +sudo nano /usr/local/sbin/wikijs-backup.sh +``` + +```bash +#!/usr/bin/env bash +# wikijs-backup.sh — Daily Wiki.js backup: pg_dump + git repo + config +# Writes to /vault/backups/wiki/, then snapshots with Kopia + +set -euo pipefail + +# ── Configuration ───────────────────────────────────────────────────────────── +BACKUP_DIR="/vault/backups/wiki" +DATE=$(date +%Y%m%d_%H%M%S) +CONTAINER_DB="wikijs_db" # Adjust to your actual container name +PG_USER="wikijs" +PG_DB="wikijs" +WIKI_STACK_DIR="/opt/stacks/wikijs" # Location of docker-compose.yml and .env +GIT_REPO_DIR="/vault/repos/wiki" # Git content mirror (already on vault SSD) +RETAIN_DAYS=14 # Local dump retention + +LOG="/var/log/wikijs-backup.log" +touch "$LOG" + +log() { echo "$(date -Is) $*" | tee -a "$LOG"; } + +# ── Step 1: PostgreSQL dump ──────────────────────────────────────────────────── +log "Starting Wiki.js PostgreSQL dump..." + +docker exec "$CONTAINER_DB" pg_dump \ + -U "$PG_USER" \ + "$PG_DB" \ + --format=plain \ + --no-owner \ + --no-acl \ + > "${BACKUP_DIR}/wikijs-db-${DATE}.sql" + +gzip "${BACKUP_DIR}/wikijs-db-${DATE}.sql" + +log "PostgreSQL dump complete: wikijs-db-${DATE}.sql.gz" + +# ── Step 2: Docker Compose config backup ────────────────────────────────────── +log "Backing up Docker Compose config..." + +CONFIG_BACKUP="${BACKUP_DIR}/wikijs-config-${DATE}.tar.gz" + +tar -czf "$CONFIG_BACKUP" \ + -C "$(dirname "$WIKI_STACK_DIR")" \ + "$(basename "$WIKI_STACK_DIR")" + +log "Config backup complete: wikijs-config-${DATE}.tar.gz" + +# ── Step 3: Git repo snapshot (content mirror) ──────────────────────────────── +# The git repo lives on the VAULT SSD and is already versioned. +# We record the current HEAD commit for reference. + +if [ -d "${GIT_REPO_DIR}/.git" ]; then + GIT_HEAD=$(git -C "$GIT_REPO_DIR" rev-parse HEAD 2>/dev/null || echo "unknown") + echo "Git HEAD at backup time: ${GIT_HEAD}" \ + > "${BACKUP_DIR}/wikijs-git-ref-${DATE}.txt" + log "Git content repo HEAD: ${GIT_HEAD}" +else + log "WARNING: Git repo not found at ${GIT_REPO_DIR} — skipping git ref" +fi + +# ── Step 4: Cleanup old local dumps ─────────────────────────────────────────── +log "Cleaning up dumps older than ${RETAIN_DAYS} days..." + +find "$BACKUP_DIR" -name "wikijs-db-*.sql.gz" -mtime +"$RETAIN_DAYS" -delete +find "$BACKUP_DIR" -name "wikijs-config-*.tar.gz" -mtime +"$RETAIN_DAYS" -delete +find "$BACKUP_DIR" -name "wikijs-git-ref-*.txt" -mtime +"$RETAIN_DAYS" -delete + +# ── Step 5: Kopia snapshot ──────────────────────────────────────────────────── +log "Running Kopia snapshot of /vault/backups/wiki/..." + +kopia snapshot create "$BACKUP_DIR" \ + --tags "service:wikijs,host:$(hostname -s)" + +log "Kopia snapshot complete." + +# ── Done ────────────────────────────────────────────────────────────────────── +log "Wiki.js backup finished successfully." +``` + +```bash +sudo chmod +x /usr/local/sbin/wikijs-backup.sh +``` + +### Step 3 — Create systemd Service and Timer + +```bash +sudo nano /etc/systemd/system/wikijs-backup.service +``` + +```ini +[Unit] +Description=Wiki.js daily backup (pg_dump + config + Kopia snapshot) +After=docker.service + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/wikijs-backup.sh +``` + +```bash +sudo nano /etc/systemd/system/wikijs-backup.timer +``` + +```ini +[Unit] +Description=Run Wiki.js backup daily at 02:00 + +[Timer] +OnCalendar=*-*-* 02:00:00 +Persistent=true + +[Install] +WantedBy=timers.target +``` + +```bash +sudo systemctl daemon-reload +sudo systemctl enable wikijs-backup.timer +sudo systemctl start wikijs-backup.timer + +# Verify +systemctl list-timers | grep wikijs +``` + +### Step 4 — Configure Kopia Retention Policy + +```bash +# Set retention policy for wiki backups +kopia policy set /vault/backups/wiki \ + --keep-daily 14 \ + --keep-weekly 8 \ + --keep-monthly 12 \ + --compression zstd + +# Verify policy +kopia policy show /vault/backups/wiki +``` + +### Step 5 — Test the Backup + +```bash +# Run manually first time +sudo /usr/local/sbin/wikijs-backup.sh + +# Verify output +ls -lh /vault/backups/wiki/ +# Should show: wikijs-db-YYYYMMDD_HHMMSS.sql.gz +# wikijs-config-YYYYMMDD_HHMMSS.tar.gz +# wikijs-git-ref-YYYYMMDD_HHMMSS.txt + +# Verify Kopia snapshot was created +kopia snapshot list /vault/backups/wiki + +# Check backup log +tail -n 30 /var/log/wikijs-backup.log +``` + +--- + +## Verifying Backups + +### Check dump is readable + +```bash +# Inspect the SQL dump without extracting +zcat /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | head -50 + +# Should show PostgreSQL header, version info, and CREATE TABLE statements +``` + +### Verify Kopia snapshots + +```bash +# List recent snapshots +kopia snapshot list /vault/backups/wiki + +# Show snapshot details +kopia snapshot list /vault/backups/wiki --all + +# Verify snapshot integrity +kopia snapshot verify +``` + +### Test restore to a temporary database (non-destructive) + +```bash +# Start a temporary Postgres container +docker run --rm -d \ + --name wikijs-restore-test \ + -e POSTGRES_USER=wikijs \ + -e POSTGRES_PASSWORD=testpassword \ + -e POSTGRES_DB=wikijs_test \ + postgres:16-alpine + +# Wait for Postgres to be ready +sleep 5 + +# Restore dump into test container +zcat /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | \ + docker exec -i wikijs-restore-test psql -U wikijs -d wikijs_test + +# Verify tables exist +docker exec wikijs-restore-test psql -U wikijs -d wikijs_test -c "\dt" + +# Expected output: List of tables (pages, users, pageHistory, assets, etc.) + +# Cleanup test container +docker stop wikijs-restore-test +``` + +--- + +## Recovery Procedures + +### Scenario A — Restore to a New Wiki.js Instance (Any Host) + +This covers full disaster recovery to a fresh server, including Pocket Grimoire. + +**Requirements on the destination host:** +- Docker and Docker Compose installed +- A `docker-compose.yml` and `.env` ready (from backup or Pocket Grimoire stack) +- Sufficient disk space + +**Step 1: Locate the backup** + +```bash +# On Netgrimoire, find the dump to restore +ls -lh /vault/backups/wiki/ + +# Or restore from Kopia +kopia snapshot list /vault/backups/wiki +kopia restore SNAPSHOT_ID /tmp/wiki-restore/ +ls /tmp/wiki-restore/ +``` + +**Step 2: Copy dump to the destination host** + +```bash +# From Netgrimoire, copy to the destination server +scp /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz \ + user@destination-host:/tmp/ + +# Or to Pocket Grimoire +scp /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz \ + user@pocket-grimoire.local:/tmp/ +``` + +**Step 3: Start the database container only** + +On the destination host, start just the database — do not start Wiki.js yet: + +```bash +cd /srv/pocket-grimoire/stacks/wikijs # Adjust path as needed + +# Start only the database container +docker compose up -d db + +# Wait for healthy status +docker compose ps +# db should show: healthy +``` + +**Step 4: Restore the dump** + +```bash +# Restore the dump into the running database container +zcat /tmp/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | \ + docker exec -i pocketgrimoire_db psql \ + -U wikijs \ + -d wikijs + +# Verify tables restored +docker exec pocketgrimoire_db psql -U wikijs -d wikijs -c "\dt" +``` + +**Step 5: Start Wiki.js** + +```bash +docker compose up -d + +# Watch startup logs +docker logs -f pocketgrimoire_wikijs +# Wait for: "HTTP Server started successfully" +``` + +**Step 6: Verify** + +Open `http://pocket-grimoire.local:3000` and confirm: +- Pages load correctly +- Navigation structure is intact +- User accounts are present (if you had multiple users) + +**Step 7: Re-sync Git content (if needed)** + +The database knows the page structure, but if the Git content repo isn't present on the new host, import it: + +```bash +# In Wiki.js admin panel: +# Administration → Storage → Git +# Click "Force Sync" or "Import Content" + +# Or copy the repo from VAULT SSD +rsync -avP /vault/repos/wiki/ /srv/pocket-grimoire/repos/wiki/ +``` + +--- + +### Scenario B — Restore on Existing Netgrimoire Instance + +Use this when the Wiki.js database is corrupted but the host is otherwise healthy. + +**Step 1: Stop Wiki.js (leave database running)** + +```bash +cd /opt/stacks/wikijs +docker compose stop wikijs +``` + +**Step 2: Drop and recreate the database** + +```bash +docker exec -it wikijs_db psql -U postgres -c "DROP DATABASE wikijs;" +docker exec -it wikijs_db psql -U postgres -c "CREATE DATABASE wikijs OWNER wikijs;" +``` + +**Step 3: Restore** + +```bash +zcat /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | \ + docker exec -i wikijs_db psql -U wikijs -d wikijs +``` + +**Step 4: Restart Wiki.js** + +```bash +docker compose start wikijs +docker logs -f wikijs +``` + +--- + +### Scenario C — Restore Config Only + +If the stack config was lost but the database volume is intact: + +```bash +# Extract config from backup +tar -xzf /vault/backups/wiki/wikijs-config-YYYYMMDD_HHMMSS.tar.gz \ + -C /opt/stacks/ + +# Verify +ls /opt/stacks/wikijs/ +# Should show: docker-compose.yml .env + +# Restart stack +cd /opt/stacks/wikijs +docker compose up -d +``` + +--- + +### Restore from Kopia (Offsite) + +When local vault files are unavailable, restore the backup directory from Kopia first: + +```bash +# List available snapshots +kopia snapshot list /vault/backups/wiki + +# Restore snapshot to temp directory +kopia restore SNAPSHOT_ID /tmp/wiki-restore/ + +# Then proceed with the appropriate scenario above +# using files from /tmp/wiki-restore/ instead of /vault/backups/wiki/ +``` + +--- + +## Pocket Grimoire Specifics + +When restoring to Pocket Grimoire, note the following differences from a full Netgrimoire instance: + +**Container names** differ — use `pocketgrimoire_db` instead of `wikijs_db`. + +**Stack path** is `/srv/pocket-grimoire/stacks/wikijs/` instead of `/opt/stacks/wikijs/`. + +**The database is already initialized** when Pocket Grimoire is first set up. Restoring a Netgrimoire dump overwrites it entirely, which is the intended behavior — Pocket Grimoire becomes a mirror of Netgrimoire's wiki state. + +**Git content repo** is located at `/srv/pocket-grimoire/repos/wiki/` and is populated via the sync script (`pocketgrimoire-sync.sh`). A database restore alone is sufficient if the Git repo is already in place. + +**Recommended restore workflow for Pocket Grimoire:** + +```bash +# 1. Copy dump from VAULT SSD (already available on Pocket Grimoire) +ls /srv/vaultpg/backups/wiki/ + +# 2. Start db container only +cd /srv/pocket-grimoire/stacks/wikijs && docker compose up -d db + +# 3. Restore +zcat /srv/vaultpg/backups/wiki/wikijs-db-LATEST.sql.gz | \ + docker exec -i pocketgrimoire_db psql -U wikijs -d wikijs + +# 4. Start full stack +docker compose up -d +``` + +Because the VAULT SSD is always connected to Pocket Grimoire, no file transfer is needed — the dumps are already there. + +--- + +## Monitoring & Alerts + +Add the following to your existing ntfy/monitoring setup to alert on backup failures. Wrap the backup script call in an error trap: + +```bash +# Add to wikijs-backup.sh after set -euo pipefail: + +NTFY_URL="https://ntfy.YOUR_DOMAIN/wikijs-backup" + +on_error() { + curl -fsS -X POST "$NTFY_URL" \ + -H "Title: Wiki.js backup FAILED ($(hostname -s))" \ + -H "Priority: high" \ + -H "Tags: rotating_light" \ + -d "Backup failed at $(date -Is). Check /var/log/wikijs-backup.log" +} +trap on_error ERR +``` + +### Check backup age manually + +```bash +# Find most recent dump +ls -lt /vault/backups/wiki/wikijs-db-*.sql.gz | head -3 + +# Check Kopia last snapshot time +kopia snapshot list /vault/backups/wiki | tail -5 +``` + +--- + +## Quick Reference + +```bash +# Run backup manually +sudo /usr/local/sbin/wikijs-backup.sh + +# Watch backup log +tail -f /var/log/wikijs-backup.log + +# Check timer status +systemctl status wikijs-backup.timer + +# List local dumps +ls -lh /vault/backups/wiki/ + +# List Kopia snapshots +kopia snapshot list /vault/backups/wiki + +# Restore dump (generic) +zcat /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | \ + docker exec -i CONTAINER_NAME psql -U wikijs -d wikijs + +# Test dump is readable +zcat /vault/backups/wiki/wikijs-db-YYYYMMDD_HHMMSS.sql.gz | head -50 +``` + +--- + +## Revision History + +| Version | Date | Notes | +|---|---|---| +| 1.0 | 2026-02-22 | Initial release — pg_dump + Kopia + Pocket Grimoire restore procedures | diff --git a/Vault-Grimoire/Kopia/Kopia-Overview.md b/Vault-Grimoire/Kopia/Kopia-Overview.md new file mode 100644 index 0000000..f305c67 --- /dev/null +++ b/Vault-Grimoire/Kopia/Kopia-Overview.md @@ -0,0 +1,940 @@ +--- +title: Setting Up Kopia +description: +published: true +date: 2026-02-20T04:27:59.823Z +tags: +editor: markdown +dateCreated: 2026-01-23T22:14:17.009Z +--- + +# Kopia Backup System Documentation + +## Overview + +This system implements a two-tier backup strategy using **two separate Kopia Server instances**: + +1. **Primary Repository** (`/srv/vault/kopia_repository`) - Full backups of all clients, served on port 51515 +2. **Vault Repository** (`/srv/vault/backup`) - Targeted critical data backups, served on port 51516, replicated offsite via ZFS send/receive + +The Vault repository sits on its own ZFS dataset to enable clean replication to offsite Pi systems. Running two separate Kopia servers allows independent management of each repository while maintaining the same HTTPS-based client connection model for both. + +--- + +## Architecture + +``` +Clients (docker2, cindy's desktop, etc.) + ↓ + ├─→ Primary Backup → Kopia Server Primary (port 51515) + │ → /srv/vault/kopia_repository (all data) + │ + └─→ Vault Backup → Kopia Server Vault (port 51516) + → /srv/vault/backup (critical data only) + ↓ + ZFS Send/Receive + ↓ + ┌───────┴───────┐ + ↓ ↓ + Pi Vault 1 Pi Vault 2 + (offsite) (offsite) +``` + +--- + +## Initial Setup on ZNAS + +### Prerequisites + +- Docker installed on ZNAS +- ZFS pool available + +### 1. Create ZFS Datasets + +```bash +# Primary repository dataset (if not already created) +zfs create -o mountpoint=/srv/vault zpool/vault +zfs create zpool/vault/kopia_repository + +# Vault repository dataset (for offsite replication) +zfs create zpool/vault/backup +``` + +### 2. Install Kopia Servers (Docker) + +We run **two separate Kopia Server containers** - one for primary backups, one for vault backups. + +```bash +# Primary repository server (port 51515) +docker run -d \ + --name kopia-server-primary \ + --restart unless-stopped \ + -p 51515:51515 \ + -v /srv/vault/kopia_repository:/app/repository \ + -v /srv/vault/config-primary:/app/config \ + -v /srv/vault/logs-primary:/app/logs \ + kopia/kopia:latest server start \ + --address=0.0.0.0:51515 \ + --tls-generate-cert + +# Vault repository server (port 51516) +docker run -d \ + --name kopia-server-vault \ + --restart unless-stopped \ + -p 51516:51516 \ + -v /srv/vault/backup:/app/repository \ + -v /srv/vault/config-vault:/app/config \ + -v /srv/vault/logs-vault:/app/logs \ + kopia/kopia:latest server start \ + --address=0.0.0.0:51516 \ + --tls-generate-cert +``` + +**Get the certificate fingerprints:** +```bash +# Primary server fingerprint +docker exec kopia-server-primary kopia server status + +# Vault server fingerprint +docker exec kopia-server-vault kopia server status +``` + +**Note:** Record both certificate fingerprints - you'll need them for client connections. +- **Primary server cert SHA256:** `696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2` +- **Vault server cert SHA256:** *(get from command above)* + +### 3. Create Kopia Repositories + +Each server manages its own repository. These are created during first server start, but you can initialize them manually if needed. + +```bash +# Primary repository (usually created via GUI on first use) +docker exec -it kopia-server-primary kopia repository create filesystem \ + --path=/app/repository \ + --description="Primary backup repository" + +# Vault repository +docker exec -it kopia-server-vault kopia repository create filesystem \ + --path=/app/repository \ + --description="Vault backup repository for offsite replication" +``` + +**Note:** If you created the primary repository via the Kopia UI, you don't need to run the first command. + +### 4. Create User Accounts + +Create users on each server separately. + +**Primary repository users:** +```bash +# Enter primary server container +docker exec -it kopia-server-primary /bin/sh + +# Create users +kopia server users add admin@docker2 +kopia server users add cindy@DESKTOP-QLSVD8P +# Password for cindy: LucyDog123 + +# Exit container +exit +``` + +**Vault repository users:** +```bash +# Enter vault server container +docker exec -it kopia-server-vault /bin/sh + +# Create users +kopia server users add admin@docker2-vault +kopia server users add cindy@DESKTOP-QLSVD8P-vault +# Use same passwords or different based on security requirements + +# Exit container +exit +``` + +--- + +## Client Configuration + +### Linux Client (docker2) + +#### Primary Backup Setup + +1. **Install Kopia** + ```bash + # Download and install kopia .deb package + wget https://github.com/kopia/kopia/releases/download/v0.XX.X/kopia_0.XX.X_amd64.deb + sudo dpkg -i kopia_0.XX.X_amd64.deb + ``` + +2. **Remove old repository (if exists)** + ```bash + sudo kopia repository disconnect || true + sudo rm -rf /root/.config/kopia + ``` + +3. **Connect to primary repository** + ```bash + sudo kopia repository connect server \ + --url=https://192.168.5.10:51515 \ + --override-username=admin@docker2 \ + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 + ``` + +4. **Create initial snapshot** + ```bash + sudo kopia snapshot create /DockerVol/ + ``` + +5. **Set up cron job for primary backups** + ```bash + sudo crontab -e + + # Add this line (runs every 3 hours) + */180 * * * * /usr/bin/kopia snapshot create /DockerVol >> /var/log/kopia-primary-cron.log 2>&1 + ``` + +#### Vault Backup Setup (Critical Data) + +1. **Create secondary kopia config directory** + ```bash + sudo mkdir -p /root/.config/kopia-vault + ``` + +2. **Connect to vault repository** + ```bash + sudo kopia --config-file=/root/.config/kopia-vault/repository.config \ + repository connect server \ + --url=https://192.168.5.10:51516 \ + --override-username=admin@docker2-vault \ + --server-cert-fingerprint= + ``` + + **Note:** Replace `` with the actual fingerprint from the vault server (see setup section). + +3. **Create vault backup script** + ```bash + sudo nano /usr/local/bin/kopia-vault-backup.sh + ``` + + Add this content: + ```bash + #!/bin/bash + # Kopia Vault Backup Script + # Backs up critical data to vault repository for offsite replication + + KOPIA_CONFIG="/root/.config/kopia-vault/repository.config" + LOG_FILE="/var/log/kopia-vault-cron.log" + + # Add your critical directories here + VAULT_DIRS=( + "/DockerVol/critical-app1" + "/DockerVol/critical-app2" + "/home/admin/documents" + ) + + echo "=== Vault backup started at $(date) ===" >> "$LOG_FILE" + + for dir in "${VAULT_DIRS[@]}"; do + if [ -d "$dir" ]; then + echo "Backing up: $dir" >> "$LOG_FILE" + /usr/bin/kopia --config-file="$KOPIA_CONFIG" snapshot create "$dir" >> "$LOG_FILE" 2>&1 + else + echo "Directory not found: $dir" >> "$LOG_FILE" + fi + done + + echo "=== Vault backup completed at $(date) ===" >> "$LOG_FILE" + echo "" >> "$LOG_FILE" + ``` + +4. **Make script executable** + ```bash + sudo chmod +x /usr/local/bin/kopia-vault-backup.sh + ``` + +5. **Set up cron job for vault backups** + ```bash + sudo crontab -e + + # Add this line (runs daily at 3 AM) + 0 3 * * * /usr/local/bin/kopia-vault-backup.sh + ``` + +--- + +### Windows Client (Cindy's Desktop) + +#### Primary Backup Setup + +1. **Install Kopia** + ```powershell + # Using winget + winget install kopia + ``` + +2. **Connect to primary repository** + ```powershell + kopia repository connect server ` + --url=https://192.168.5.10:51515 ` + --override-username=cindy@DESKTOP-QLSVD8P ` + --server-cert-fingerprint=696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2 + ``` + +3. **Create initial snapshot** + ```powershell + kopia snapshot create C:\Users\cindy + ``` + +4. **Set exclusion policy** + ```powershell + kopia policy set ` + --global ` + --add-ignore "**\AppData\Local\Temp\**" ` + --add-ignore "**\AppData\Local\Packages\**" + ``` + +5. **Create primary backup script** + ```powershell + # Create scripts folder + New-Item -ItemType Directory -Force -Path C:\Scripts + + # Create backup script + New-Item -ItemType File -Path C:\Scripts\kopia-primary-nightly.ps1 + ``` + + Add this content to `C:\Scripts\kopia-primary-nightly.ps1`: + ```powershell + # Kopia Primary Backup Script + # Repository password + $env:KOPIA_PASSWORD = "LucyDog123" + + # Run backup with logging + kopia snapshot create C:\Users\cindy ` + --progress ` + | Tee-Object -FilePath C:\Logs\kopia-primary.log -Append + + # Log completion + Add-Content -Path C:\Logs\kopia-primary.log -Value "Backup completed at $(Get-Date)" + Add-Content -Path C:\Logs\kopia-primary.log -Value "---" + ``` + +6. **Secure the script** + - Right-click `C:\Scripts\kopia-primary-nightly.ps1` → Properties → Security + - Ensure only Cindy's user account has read access + +7. **Create scheduled task for primary backup** + - Press `Win + R` → type `taskschd.msc` + - Click "Create Task" (not "Basic Task") + + **General tab:** + - Name: `Kopia Primary Nightly Backup` + - ✔ Run whether user is logged on or not + - ✔ Run with highest privileges + - Configure for: Windows 10/11 + + **Triggers tab:** + - New → Daily at 2:00 AM + - ✔ Enabled + + **Actions tab:** + - Program: `powershell.exe` + - Arguments: `-ExecutionPolicy Bypass -File C:\Scripts\kopia-primary-nightly.ps1` + - Start in: `C:\Scripts` + + **Conditions tab:** + - ✔ Wake the computer to run this task + - ✔ Start only if on AC power (recommended for laptops) + + **Settings tab:** + - ✔ Allow task to be run on demand + - ✔ Run task as soon as possible after scheduled start is missed + - ❌ Stop the task if it runs longer than... + + **Note:** When creating the task, use PIN (not Windows password) when prompted. For scheduled task credential: use password Harvey123= (MS account password) + +#### Vault Backup Setup (Critical Data) + +1. **Create vault config directory** + ```powershell + New-Item -ItemType Directory -Force -Path C:\Users\cindy\.config\kopia-vault + ``` + +2. **Connect to vault repository** + ```powershell + kopia --config-file="C:\Users\cindy\.config\kopia-vault\repository.config" ` + repository connect server ` + --url=https://192.168.5.10:51516 ` + --override-username=cindy@DESKTOP-QLSVD8P-vault ` + --server-cert-fingerprint= + ``` + + **Note:** Replace `` with the actual fingerprint from the vault server. + +3. **Create vault backup script** + ```powershell + New-Item -ItemType File -Path C:\Scripts\kopia-vault-nightly.ps1 + ``` + + Add this content to `C:\Scripts\kopia-vault-nightly.ps1`: + ```powershell + # Kopia Vault Backup Script + # Backs up critical data to vault repository for offsite replication + + $env:KOPIA_PASSWORD = "LucyDog123" + $KOPIA_CONFIG = "C:\Users\cindy\.config\kopia-vault\repository.config" + + # Define critical directories to back up + $VaultDirs = @( + "C:\Users\cindy\Documents", + "C:\Users\cindy\Pictures", + "C:\Users\cindy\Desktop\Important" + ) + + # Log header + Add-Content -Path C:\Logs\kopia-vault.log -Value "=== Vault backup started at $(Get-Date) ===" + + # Backup each directory + foreach ($dir in $VaultDirs) { + if (Test-Path $dir) { + Add-Content -Path C:\Logs\kopia-vault.log -Value "Backing up: $dir" + kopia --config-file="$KOPIA_CONFIG" snapshot create $dir ` + | Tee-Object -FilePath C:\Logs\kopia-vault.log -Append + } else { + Add-Content -Path C:\Logs\kopia-vault.log -Value "Directory not found: $dir" + } + } + + # Log completion + Add-Content -Path C:\Logs\kopia-vault.log -Value "=== Vault backup completed at $(Get-Date) ===" + Add-Content -Path C:\Logs\kopia-vault.log -Value "" + ``` + +4. **Create log directory** + ```powershell + New-Item -ItemType Directory -Force -Path C:\Logs + ``` + +5. **Create scheduled task for vault backup** + - Press `Win + R` → type `taskschd.msc` + - Click "Create Task" + + **General tab:** + - Name: `Kopia Vault Nightly Backup` + - ✔ Run whether user is logged on or not + - ✔ Run with highest privileges + + **Triggers tab:** + - New → Daily at 3:00 AM (after primary backup) + - ✔ Enabled + + **Actions tab:** + - Program: `powershell.exe` + - Arguments: `-ExecutionPolicy Bypass -File C:\Scripts\kopia-vault-nightly.ps1` + - Start in: `C:\Scripts` + + **Conditions/Settings:** Same as primary backup task + +--- + +## ZFS Replication to Offsite Pi Vaults + +### Setup on ZNAS (Source) + +1. **Create snapshot script** + ```bash + sudo nano /usr/local/bin/vault-snapshot.sh + ``` + + Add this content: + ```bash + #!/bin/bash + # Create ZFS snapshot of vault dataset for replication + + DATASET="zpool/vault/backup" + SNAPSHOT_NAME="vault-$(date +%Y%m%d-%H%M%S)" + + # Create snapshot + zfs snapshot "${DATASET}@${SNAPSHOT_NAME}" + + # Keep only last 7 days of snapshots on source + zfs list -t snapshot -o name -s creation | grep "^${DATASET}@vault-" | head -n -7 | xargs -r -n 1 zfs destroy + + echo "Created snapshot: ${DATASET}@${SNAPSHOT_NAME}" + ``` + +2. **Make executable** + ```bash + sudo chmod +x /usr/local/bin/vault-snapshot.sh + ``` + +3. **Schedule snapshot creation** + ```bash + sudo crontab -e + + # Add this line (create snapshot daily at 4 AM, after vault backups complete) + 0 4 * * * /usr/local/bin/vault-snapshot.sh >> /var/log/vault-snapshot.log 2>&1 + ``` + +4. **Create replication script** + ```bash + sudo nano /usr/local/bin/vault-replicate.sh + ``` + + Add this content: + ```bash + #!/bin/bash + # Replicate vault dataset to offsite Pi systems + + DATASET="zpool/vault/backup" + PI1_HOST="pi-vault-1.local" # Update with actual hostname/IP + PI2_HOST="pi-vault-2.local" # Update with actual hostname/IP + PI_USER="admin" + REMOTE_DATASET="tank/vault-backup" # Update with actual dataset on Pi + + # Get the latest snapshot + LATEST_SNAP=$(zfs list -t snapshot -o name -s creation | grep "^${DATASET}@vault-" | tail -n 1) + + if [ -z "$LATEST_SNAP" ]; then + echo "No snapshots found for replication" + exit 1 + fi + + echo "Replicating snapshot: $LATEST_SNAP" + + # Function to replicate to a target + replicate_to_target() { + local TARGET_HOST=$1 + echo "=== Replicating to $TARGET_HOST ===" + + # Get the last snapshot on remote (if any) + LAST_REMOTE=$(ssh ${PI_USER}@${TARGET_HOST} "zfs list -t snapshot -o name -s creation 2>/dev/null | grep '^${REMOTE_DATASET}@vault-' | tail -n 1" || echo "") + + if [ -z "$LAST_REMOTE" ]; then + # Initial replication (full send) + echo "Performing initial full replication to $TARGET_HOST" + zfs send -c $LATEST_SNAP | ssh ${PI_USER}@${TARGET_HOST} "zfs receive -F ${REMOTE_DATASET}" + else + # Incremental replication + echo "Performing incremental replication to $TARGET_HOST" + LAST_SNAP_NAME=$(echo $LAST_REMOTE | cut -d'@' -f2) + zfs send -c -i ${DATASET}@${LAST_SNAP_NAME} $LATEST_SNAP | ssh ${PI_USER}@${TARGET_HOST} "zfs receive -F ${REMOTE_DATASET}" + fi + + # Clean up old snapshots on remote (keep last 30 days) + ssh ${PI_USER}@${TARGET_HOST} "zfs list -t snapshot -o name -s creation | grep '^${REMOTE_DATASET}@vault-' | head -n -30 | xargs -r -n 1 zfs destroy" + + echo "Replication to $TARGET_HOST completed" + } + + # Replicate to both Pi systems + replicate_to_target $PI1_HOST + replicate_to_target $PI2_HOST + + echo "All replications completed at $(date)" + ``` + +5. **Make executable** + ```bash + sudo chmod +x /usr/local/bin/vault-replicate.sh + ``` + +6. **Set up SSH keys for passwordless replication** + ```bash + # Generate SSH key if needed + ssh-keygen -t ed25519 -C "znas-replication" + + # Copy to both Pi systems + ssh-copy-id admin@pi-vault-1.local + ssh-copy-id admin@pi-vault-2.local + ``` + +7. **Schedule replication** + ```bash + sudo crontab -e + + # Add this line (replicate daily at 5 AM, after snapshot creation) + 0 5 * * * /usr/local/bin/vault-replicate.sh >> /var/log/vault-replicate.log 2>&1 + ``` + +### Setup on Pi Vault Systems (Targets) + +Repeat these steps on both Pi Vault 1 and Pi Vault 2: + +1. **Create ZFS pool on SSD** (if not already done) + ```bash + # Assuming SSD is /dev/sda + sudo zpool create tank /dev/sda + ``` + +2. **Create dataset for receiving backups** + ```bash + sudo zfs create tank/vault-backup + ``` + +3. **Set appropriate permissions** + ```bash + # Allow the replication user to receive snapshots + sudo zfs allow admin receive,create,mount,destroy tank/vault-backup + ``` + +4. **Verify replication** (after first run) + ```bash + zfs list -t snapshot | grep vault- + ``` + +--- + +## Maintenance and Monitoring + +### Regular Health Checks + +**On Clients:** +```bash +# Linux +sudo kopia snapshot list +sudo kopia snapshot verify --file-parallelism=8 +sudo kopia repository status + +# Windows (PowerShell) +kopia snapshot list +kopia snapshot verify --file-parallelism=8 +kopia repository status +``` + +**On ZNAS:** +```bash +# Check ZFS health +zpool status + +# Check both Kopia servers are running +docker ps | grep kopia + +# Check vault snapshots +zfs list -t snapshot | grep "vault/backup" + +# Check replication logs +tail -f /var/log/vault-replicate.log + +# View server statuses +docker exec kopia-server-primary kopia server status +docker exec kopia-server-vault kopia server status +``` + +**On Pi Vaults:** +```bash +# Check received snapshots +zfs list -t snapshot | grep vault-backup + +# Check available space +zfs list tank/vault-backup +``` + +### Monthly Maintenance Tasks + +1. **Verify vault backups are replicating** + ```bash + # On ZNAS + cat /var/log/vault-replicate.log | grep "completed" + + # On Pi systems + zfs list -t snapshot -o name,creation | grep vault-backup | tail + ``` + +2. **Test restore from vault repository** + ```bash + # Connect to vault repo and verify a random snapshot + kopia --config-file=/path/to/vault/config repository connect server --url=... + kopia snapshot list + kopia snapshot verify --file-parallelism=8 + ``` + +3. **Check disk space on all systems** + +4. **Review backup logs for errors** + +### Backup Policy Recommendations + +**Primary Repository:** +- Retention: 7 daily, 4 weekly, 6 monthly +- Compression: enabled +- All data from clients + +**Vault Repository:** +- Retention: 14 daily, 8 weekly, 12 monthly, 3 yearly +- Compression: enabled +- Only critical data for offsite protection + +**ZFS Snapshots:** +- Keep 7 days on ZNAS (source) +- Keep 30 days on Pi vaults (targets) + +--- + +## Disaster Recovery Procedures + +### Scenario 1: Restore from Primary Repository + +```bash +# Linux +sudo kopia snapshot list +sudo kopia snapshot restore /restore/location + +# Windows +kopia snapshot list +kopia snapshot restore C:\restore\location +``` + +### Scenario 2: Restore from Vault Repository (Offsite) + +If ZNAS is unavailable, restore directly from Pi vault: + +1. **On Pi vault:** + ```bash + # Mount the latest snapshot + LATEST=$(zfs list -t snapshot -o name | grep vault-backup | tail -n 1) + zfs clone $LATEST tank/vault-backup-restore + ``` + +2. **Access Kopia repository directly:** + ```bash + kopia repository connect filesystem --path=/tank/vault-backup-restore + kopia snapshot list + kopia snapshot restore /restore/location + ``` + +3. **Clean up after restore:** + ```bash + zfs destroy tank/vault-backup-restore + ``` + +### Scenario 3: Complete System Rebuild + +1. Rebuild ZNAS and restore vault dataset from Pi +2. Reinstall Kopia server in Docker +3. Point server to restored vault repository +4. Reconnect clients to primary and vault repositories +5. Resume scheduled backups + +--- + +## Troubleshooting + +### Client can't connect to repository + +```bash +# Check both servers are running +docker ps | grep kopia + +# Should see both kopia-server-primary and kopia-server-vault + +# Check firewall +sudo ufw status | grep 51515 +sudo ufw status | grep 51516 + +# Verify certificate fingerprints +docker exec kopia-server-primary kopia server status +docker exec kopia-server-vault kopia server status + +# Check server logs +docker logs kopia-server-primary +docker logs kopia-server-vault +``` + +### Vault replication failing + +```bash +# Check SSH connectivity +ssh admin@pi-vault-1.local "echo Connected" + +# Check ZFS pool health +zpool status + +# Check remote dataset exists +ssh admin@pi-vault-1.local "zfs list tank/vault-backup" + +# Manual test send +zfs send -n -v zpool/vault/backup@latest | ssh admin@pi-vault-1.local "cat > /dev/null" +``` + +### Windows scheduled task not running + +- Check Task Scheduler → Task History +- Verify PIN/password authentication (use password Harvey123= for task credential) +- Check that computer is awake at scheduled time +- Review power settings (prevent sleep, wake for tasks) +- Check log files: `C:\Logs\kopia-primary.log` and `C:\Logs\kopia-vault.log` + +### Snapshot cleanup not working + +```bash +# Manually clean old snapshots +zfs list -t snapshot -o name,used,creation | grep vault-backup + +# Remove specific snapshot +zfs destroy zpool/vault/backup@vault-YYYYMMDD-HHMMSS +``` + +--- + +## Security Notes + +1. **Passwords in scripts:** Current implementation stores passwords in plaintext in scripts. For production, consider: + - Windows Credential Manager + - Linux keyring or encrypted credential storage + - Environment variables set at system level + +2. **SSH keys:** Replication uses SSH keys. Keep private keys secure and use passphrase protection where possible. + +3. **Network security:** Kopia server uses HTTPS with certificate validation. Ensure certificate fingerprint is verified on first connection. + +4. **Physical security:** Offsite Pi vaults should be stored in secure locations with different risk profiles (fire, flood, theft). + +--- + +## Quick Reference Commands + +### Kopia Client Commands + +```bash +# List snapshots +kopia snapshot list + +# Create snapshot +kopia snapshot create /path/to/backup + +# Verify integrity +kopia snapshot verify --file-parallelism=8 + +# Check repository status +kopia repository status + +# View policies +kopia policy list + +# Mount snapshot (Linux) +kopia mount /mnt/snapshot + +# Use alternate config (for vault repository) +kopia --config-file=/path/to/vault/repository.config snapshot list +``` + +### ZFS Commands + +```bash +# List snapshots +zfs list -t snapshot + +# Create manual snapshot +zfs snapshot zpool/vault/backup@manual-$(date +%Y%m%d) + +# Send full snapshot +zfs send zpool/vault/backup@snapshot | ssh user@host zfs receive tank/backup + +# Send incremental +zfs send -i @old @new zpool/vault/backup | ssh user@host zfs receive tank/backup + +# List replication progress +zpool status -v + +# Check dataset size +zfs list -o space zpool/vault/backup +``` + +--- + +## Appendix: System Specifications + +**ZNAS:** +- ZFS fileserver +- Docker running **two** Kopia servers: + - **kopia-server-primary** on port 51515 + - **kopia-server-vault** on port 51516 +- IP: 192.168.5.10 +- Datasets: + - `/srv/vault/kopia_repository` (zpool/vault/kopia_repository) - Primary repository + - `/srv/vault/backup` (zpool/vault/backup) - Vault repository (replicated) + +**Clients:** +- **docker2** (Linux) - Backs up /DockerVol/ + - Primary: Every 3 hours → port 51515 + - Vault: Daily at 3 AM (critical directories only) → port 51516 +- **DESKTOP-QLSVD8P** (Windows - Cindy's desktop) - Backs up C:\Users\cindy + - Primary: Daily at 2 AM → port 51515 + - Vault: Daily at 3 AM (Documents, Pictures, Important files) → port 51516 + - Kopia password: LucyDog123 + - Task Scheduler credential: Harvey123= + +**Offsite Vaults:** +- **Pi Vault 1** - Raspberry Pi with SSD (tank/vault-backup) +- **Pi Vault 2** - Raspberry Pi with SSD (tank/vault-backup) + +**Server Certificates:** +- Primary server SHA256: `696a4999f594b5273a174fd7cab677d8dd1628f9b9d27e557daa87103ee064b2` +- Vault server SHA256: *(get from `docker exec kopia-server-vault kopia server status`)* + +--- + +## Workflow Summary + +### Daily Backup Flow + +**2:00 AM** - Cindy's desktop primary backup runs +**3:00 AM** - docker2 vault backup runs +**3:00 AM** - Cindy's desktop vault backup runs +**4:00 AM** - ZNAS creates ZFS snapshot of vault dataset +**5:00 AM** - ZNAS replicates vault snapshot to both Pi systems +**Every 3 hours** - docker2 primary backup runs + +### What Gets Backed Up Where + +**Primary Repository (Full Backups):** +- docker2: /DockerVol/ (all Docker volumes) +- Cindy: C:\Users\cindy (entire user profile, minus temp files) + +**Vault Repository (Critical Data for Offsite):** +- docker2: Selected critical Docker volumes +- Cindy: Documents, Pictures, Important desktop files + +**Offsite (Via ZFS Send):** +- Entire vault repository (all clients' critical data) +- Replicated to 2 separate Pi systems + +--- + +## Future Enhancements + +Consider adding: +- Email notifications on backup failures +- Monitoring dashboard (Grafana/Prometheus) +- Backup validation automation +- Additional retention policies per client +- Encrypted credentials storage +- Remote monitoring of Pi vault systems +- Automated restore testing +- Bandwidth throttling for replication +- Multiple ZFS snapshot retention policies + +--- + +## Change Log + +- **2025-02-11** - Initial comprehensive documentation created + - Added two-tier backup strategy (primary + vault) + - Added ZFS replication procedures for offsite backup + - Added Pi vault setup instructions + - Added disaster recovery procedures + - Consolidated all client configurations + - Added workflow diagrams and timing + +--- + +## Support and Feedback + +For issues or improvements to this documentation, contact the system administrator. + +**Useful Resources:** +- Kopia Documentation: https://kopia.io/docs/ +- ZFS Administration Guide: https://openzfs.github.io/openzfs-docs/ +- Kopia GitHub: https://github.com/kopia/kopia \ No newline at end of file diff --git a/Vault-Grimoire/Kopia/Kopia-Service.md b/Vault-Grimoire/Kopia/Kopia-Service.md new file mode 100644 index 0000000..6c6a96e --- /dev/null +++ b/Vault-Grimoire/Kopia/Kopia-Service.md @@ -0,0 +1,113 @@ +# kopia + +## Overview +The kopia stack is a Docker Swarm configuration for the Kopia backup service in NetGrimoire. It provides snapshot backups and deduplication capabilities. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|-----|------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** kopia.netgrimoire.com, 51515 (via Caddy reverse proxy) +- **Homepage group:** Backup + +--- + +## Build & Configuration + +### Prerequisites +None specified. + +### Volume Setup +```bash +mkdir -p /DockerVol/kopia/config +mkdir -p /DockerVol/kopia/cache +mkdir -p /DockerVol/kopia/cert +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 for secrets +POUID=1964 +PGID=1964 +KOPIA_PASSWORD=F@lcon13 +KOPIA_SERVER_USERNAME=admin +KOPIA_SERVER_PASSWORD=F@lcon13 +TZ=America/Chicago +``` + +### Deploy +```bash +cd services/swarm/stack/kopia +set -a && source .env && set +a +docker stack config --compose-file kopia-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml kopia +rm resolved.yml +docker stack services kopia +``` + +### First Run +After deployment, check the status of the Kopia service and verify that backups are being created. + +--- + +## User Guide + +### Accessing kopia +| Service | URL | Purpose | +|---------|-----|---------| +- **kopia**: https://kopia.netgrimoire.com (via Caddy reverse proxy) + +### Primary Use Cases +To use Kopia in NetGrimoire, create a new backup set and configure the service to run as desired. + +### NetGrimoire Integrations +This service integrates with Uptime Kuma for monitoring and other services through environment variables and labels. + +--- + +## Operations + +### Monitoring +```bash +docker stack services kopia +docker service logs -f kopia +``` + +### Backups +Critical backups are stored at `/DockerVol/kopia/config` and `/DockerVol/kopia/cache`. Reconstructable backups can be restored from `/DockerVol/kopia/cache`. + +### Restore +To restore a backup, run the following command: +```bash +./deploy.sh +``` + +--- + +## Common Failures +| Symptom | Cause | Fix | +|---------|-------|-----| +| Backups not being created | Insufficient storage or network issues | Check storage and network conditions. | +| Service not starting | Incorrect environment variables or Docker configuration | Review `.env` file and `docker-compose.yml`. | + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | d3206f11 | Initial documentation for kopia stack. | +| 2026-02-11 | aa13ac64 | Minor adjustments to environment variables and volume setup. | +| 2026-01-30 | 15f5f655 | Initial commit with basic configuration and service setup. | + + + +--- + +## Notes +- Generated by Gremlin on 2026-04-07T19:20:00.179Z +- Source: swarm/kopia.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Vault-Grimoire/Offsite/Vault-Architecture.md b/Vault-Grimoire/Offsite/Vault-Architecture.md new file mode 100644 index 0000000..f9fd1fb --- /dev/null +++ b/Vault-Grimoire/Offsite/Vault-Architecture.md @@ -0,0 +1,44 @@ +--- +title: Offsite Vault Architecture +description: Two Pi vault nodes — ZFS raw send, syncoid, Pocket Grimoire +published: true +date: 2026-04-12T00:00:00.000Z +tags: vault, offsite, zfs, kopia +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Offsite Vault Architecture + +## Overview + +Two offsite nodes receive ZFS replication from `znas`: + +| Node | Location | Role | +|------|----------|------| +| Vault Pi (dedicated) | Offsite / home shelf | Kopia offsite server, ZFS vault pool | +| Pocket Grimoire | Travel / portable | Portable vault + media, also a vault node | + +## Replication Method + +ZFS raw send via `syncoid` with `-w` flag (raw/encrypted mode): + +```bash +# Dedicated vault Pi +syncoid -w znas:vault/data vault-pi:vault/data + +# Pocket Grimoire pre-travel +syncoid znas:vault/Green/Pocket pocket:/srv/greenpg/Green +``` + +The `-w` flag sends encrypted ZFS streams. The receiving node stores data in its encrypted form — no decryption keys are needed on the vault nodes. Keys stay exclusively on `znas`. + +## Kopia Offsite Server + +The vault container (`vault.yaml`) runs a Kopia server on port 51516 that serves as the remote endpoint for the dedicated Pi vault. Accessible at `vault.netgrimoire.com`. + +## Pocket Grimoire as Vault Node + +Pocket Grimoire's ZFS pool (`pocket-green` at `/srv/greenpg/`) receives a `syncoid` push from `znas` before each trip. This makes Pocket Grimoire an offsite backup node whenever it leaves the house. + +See [Pocket Grimoire Sync](/Pocket-Grimoire/Sync/Pre-Travel-Sync) for the pre-travel checklist. diff --git a/Vault-Grimoire/Overview.md b/Vault-Grimoire/Overview.md new file mode 100644 index 0000000..76e7d42 --- /dev/null +++ b/Vault-Grimoire/Overview.md @@ -0,0 +1,60 @@ +--- +title: Vault Grimoire +description: Storage and backup — the dragon guards the data hoard +published: true +date: 2026-04-12T00:00:00.000Z +tags: vault, storage, backup +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Vault Grimoire + +![vault-badge](/images/vault-badge.png) + +The Vault Grimoire covers all storage and backup infrastructure. Data starts at `znas`, is deduplicated and encrypted by Kopia, and replicates offsite to two Pi vault nodes — one dedicated vault Pi and one inside Pocket Grimoire. + +--- + +## Sections + +| Section | Contents | +|---------|----------| +| [ZFS](/Vault-Grimoire/ZFS/Storage-Layout) | ZFS pools, datasets, NFS exports, commands reference | +| [Kopia](/Vault-Grimoire/Kopia/Kopia-Overview) | Backup repos, retention, restore, two-repo architecture | +| [Backups](/Vault-Grimoire/Backups/Services-Backup) | Per-service backup runbooks (Immich, MailCow, Nextcloud, Wiki, services) | +| [Offsite](/Vault-Grimoire/Offsite/Vault-Architecture) | Pi vault nodes, ZFS raw send, syncoid workflow | + +--- + +## Offsite Vault Architecture + +``` +znas (primary) + └── ZFS pool → Kopia dedup → encrypted repo + ├── syncoid -w → Pi Vault (dedicated offsite) + └── syncoid → Pocket Grimoire (portable vault node) +``` + +Both offsite nodes receive ZFS raw send with the `-w` flag. Encryption keys stay on `znas`. The vault nodes store encrypted data only — no keys needed there. + +--- + +## Two-Repo Architecture + +Kopia uses two separate containers on different ports: + +| Container | Repo | URL | Purpose | +|-----------|------|-----|---------| +| kopia | Primary vault | `kopia.netgrimoire.com` | Main backup, dedup, retention | +| vault | Offsite server | `vault.netgrimoire.com` (port 51516) | Replication target for Pi vaults | + +One Kopia server instance per repository. They cannot share. + +--- + +## Key Rules + +- ZFS encryption cannot be done in-place. Migration requires `rsync` to a new encrypted dataset, then ZFS raw send with `-w` to vaults (no key exposure on vault side). +- ZFS must fully mount before NFS starts on znas. Systemd override required: `After=zfs-import.target zfs-mount.service`. +- Loopback NFS mount needs `x-systemd.after=nfs-server.service` in fstab. diff --git a/Vault-Grimoire/ZFS/NFS-Exports.md b/Vault-Grimoire/ZFS/NFS-Exports.md new file mode 100644 index 0000000..be1b695 --- /dev/null +++ b/Vault-Grimoire/ZFS/NFS-Exports.md @@ -0,0 +1,393 @@ +--- +title: ZFS-NFS-Exports +description: Exporting NFS shares from ZFS datasets +published: true +date: 2026-02-23T21:58:20.626Z +tags: +editor: markdown +dateCreated: 2026-02-01T20:45:40.210Z +--- + +# NFS Configuration + +## Overview + +ZNAS exports storage via NFSv4. All exports are ZFS datasets mounted directly to `/export/*` — no bind mounts. NFS is configured to wait for ZFS at boot via a systemd override. + +ZNAS also mounts its own NFS exports back to itself at `/data/nfs/znas`. This is intentional: Docker Swarm containers scheduled to ZNAS need to access NAS storage at the same paths as containers running on other swarm members. The loopback mount provides a consistent NFS-backed path regardless of which node a container lands on. + +All other clients are Linux systems using autofs. + +--- + +## Server Configuration + +### ZFS Mountpoints + +ZFS datasets mount directly to `/export/*`. No bind mounts are used. + +``` +vault → /export +vault/Common → /export/Common +vault/Data → /export/Data +vault/Data/media_books → /export/Data/media/books +vault/Data/media_comics → /export/Data/media/comics +vault/Docker → /export/Docker +vault/Green → /export/Green +vault/Green/Pocket → /export/Green/Pocket +vault/Photos → /export/Photos +``` + +Verify at any time: + +```bash +mount | grep export +``` + +### /etc/exports + +``` +# NFSv4 - pseudo filesystem root +/export *(ro,fsid=0,no_root_squash,no_subtree_check,crossmnt) + +# Shares beneath the NFSv4 root +/export/Common *(fsid=4,rw,no_subtree_check,insecure) +/export/Data *(fsid=5,rw,no_subtree_check,insecure,crossmnt) +/export/Data/media/books *(fsid=51,rw,no_subtree_check,insecure,nohide) +/export/Data/media/comics *(fsid=52,rw,no_subtree_check,insecure,nohide) +/export/Docker *(fsid=29,rw,no_root_squash,sync,no_subtree_check,insecure) +/export/Green *(fsid=30,rw,no_root_squash,no_subtree_check,insecure) +/export/photos *(fsid=31,rw,no_root_squash,no_subtree_check,insecure) +``` + +**Key options:** + +- `fsid=0` on `/export` — required for NFSv4 pseudo-root. Clients enumerate all exports from here. +- `crossmnt` — allows NFS to cross ZFS dataset boundaries when traversing the tree. +- `nohide` — required on `media/books` and `media/comics` because they are separate ZFS datasets mounted beneath the `vault/Data` export path. Without it clients see empty directories. +- `no_root_squash` — Docker and Green exports allow root writes. Required for container volume mounts. +- `insecure` — permits connections from unprivileged ports (>1024). Required for some Linux NFS clients and all macOS clients. +- `sync` on Docker — forces synchronous writes for container volume safety. + +### systemd Boot Order Override + +NFS is configured to wait for ZFS to fully mount before starting. + +`/etc/systemd/system/nfs-server.service.d/override.conf`: + +```ini +[Unit] +After=zfs-import.target zfs-mount.service local-fs.target +Requires=zfs-import.target zfs-mount.service +``` + +Apply after any changes: + +```bash +sudo systemctl daemon-reload +sudo systemctl restart nfs-server +``` + +### Autofs Disabled on Server + +Autofs is disabled on ZNAS itself. It must only run on NFS clients. Running autofs on the server creates recursive mount loops. + +```bash +sudo systemctl stop autofs +sudo systemctl disable autofs +``` + +--- + +## Loopback Mount (Docker Swarm) + +ZNAS mounts its own NFS exports back to itself at `/data/nfs/znas`. This ensures containers scheduled to ZNAS by Docker Swarm access storage at the same NFS-backed paths as containers running on any other swarm member — consistent regardless of which node a service lands on. + +Swarm container volume mounts reference paths under `/data/nfs/znas/` rather than `/export/` directly. + +### The Timing Problem + +Getting this mount to survive reboots reliably was non-trivial. The loopback has a chicken-and-egg dependency chain: + +1. ZFS must import and mount pools before NFS server can export anything +2. NFS server must be fully started before the loopback mount can succeed +3. The loopback mount must be established before Docker Swarm containers start + +A plain `_netdev` fstab entry is not sufficient — `_netdev` only guarantees the network is up, not that the NFS server is ready. The mount would race against NFS startup and fail silently or hang. + +### Solution — fstab with x-systemd.after + +The loopback is established via `/etc/fstab` using the `x-systemd.after` option to explicitly declare the dependency on `nfs-server.service`: + +``` +localhost:/ /data/nfs/znas nfs4 defaults,_netdev,x-systemd.after=nfs-server.service 0 0 +``` + +`x-systemd.after=nfs-server.service` causes systemd-fstab-generator to automatically create a mount unit (`data-nfs-znas.mount`) with `After=nfs-server.service` in its `[Unit]` block. This guarantees the full dependency chain: + +``` +zfs-import.target + → zfs-mount.service + → nfs-server.service (via nfs-server override.conf) + → data-nfs-znas.mount (via x-systemd.after in fstab) + → remote-fs.target + → Docker Swarm containers +``` + +The generated unit (created automatically at runtime by systemd-fstab-generator — not a file on disk): + +```ini +# /run/systemd/generator/data-nfs-znas.mount +[Unit] +Documentation=man:fstab(5) man:systemd-fstab-generator(8) +SourcePath=/etc/fstab +After=nfs-server.service +Before=remote-fs.target + +[Mount] +What=localhost:/ +Where=/data/nfs/znas +Type=nfs4 +Options=defaults,_netdev,x-systemd.after=nfs-server.service +``` + +**Do not create a hand-written systemd mount unit for this.** systemd-fstab-generator handles it automatically from the fstab entry. A manual unit would conflict. + +### Verify Loopback is Active + +```bash +mount | grep data/nfs/znas +# Should show: localhost:/ on /data/nfs/znas type nfs4 (...) + +systemctl status data-nfs-znas.mount +# Should show: active (mounted) +``` + +--- + +## Client Configuration + +All non-Swarm clients are Linux systems using autofs. + +### Autofs Configuration + +`/etc/auto.master` (relevant entry): + +``` +/data/nfs /etc/auto.nfs +``` + +`/etc/auto.nfs`: + +``` +znas -fstype=nfs4 192.168.5.10:/ +``` + +This mounts the full NFSv4 tree from ZNAS at `/data/nfs/znas` on demand — the same path used by the loopback mount on ZNAS itself. All swarm nodes (including ZNAS) access NAS storage via `/data/nfs/znas/`. + +**Note:** Autofs must be enabled on clients and disabled on the NFS server. Running autofs on the server creates recursive mount loops. + +### Adding a New Client + +```bash +# Install autofs if not present +sudo apt install autofs + +# Add to /etc/auto.master if not already present +echo "/data/nfs /etc/auto.nfs" | sudo tee -a /etc/auto.master + +# Create or update /etc/auto.nfs +echo "znas -fstype=nfs4 192.168.5.10:/" | sudo tee -a /etc/auto.nfs + +# Reload autofs +sudo systemctl reload autofs + +# Trigger mount by accessing the path +ls /data/nfs/znas/ +``` + +### Manual Mount (testing only) + +```bash +# Verify exports are visible from client +showmount -e 192.168.5.10 + +# Test manual mount +sudo mkdir -p /mnt/znas +sudo mount -t nfs4 192.168.5.10:/ /mnt/znas + +# Verify tree is accessible +ls /mnt/znas/Data/media/books/ + +# Unmount after testing +sudo umount /mnt/znas +``` + +--- + +## Adding New Datasets + +When creating a new ZFS dataset that needs to be NFS-accessible: + +```bash +# Create with the correct mountpoint from the start +sudo zfs create -o mountpoint=/export/Data/new_folder vault/Data/new_folder +``` + +The dataset will be automatically visible via NFS due to `crossmnt` and `nohide` on the parent — no changes to `/etc/exports` needed unless the new dataset requires different access controls. + +If different permissions are required, add an explicit entry to `/etc/exports` and reload: + +```bash +sudo exportfs -ra +``` + +--- + +## Current Export List + +Verified via `showmount -e 127.0.0.1`: + +``` +/export/photos * +/export/Green * +/export/Docker * +/export/Data/media/comics * +/export/Data/media/books * +/export/Data * +/export/Common * +/export * +``` + +--- + +## Known Gotchas + +**Loopback mount races NFS at boot** — This was the hardest problem to solve. A plain `_netdev` fstab entry only guarantees the network interface is up, not that the NFS server is ready to accept connections. The loopback mount would attempt before NFS finished starting and fail silently or hang. The fix is `x-systemd.after=nfs-server.service` in the fstab options, which causes systemd-fstab-generator to emit an `After=nfs-server.service` dependency in the generated mount unit. The full required boot chain is: `zfs-import.target` → `zfs-mount.service` → `nfs-server.service` → `data-nfs-znas.mount`. Each link must be explicit. + +**Do not hand-write a systemd mount unit for the loopback** — systemd-fstab-generator creates `data-nfs-znas.mount` automatically from the fstab entry at runtime (in `/run/systemd/generator/`, not `/etc/systemd/system/`). Creating a manual unit in `/etc/systemd/system/` will conflict with the generated one. + +**Autofs must be disabled on the server** — Running autofs on ZNAS itself creates a recursive mount loop. Autofs belongs on clients only. If autofs is accidentally re-enabled on ZNAS it will fight with the fstab loopback mount. + +**NFSv4 pseudo-root is required** — The `/export` entry with `fsid=0` is mandatory for NFSv4 clients. Without it clients cannot enumerate the export tree. Do not remove it even though it looks redundant. + +**`nohide` on sub-datasets** — `vault/Data/media_books` and `vault/Data/media_comics` are separate ZFS datasets mounted beneath the `vault/Data` export path. NFS does not cross filesystem boundaries by default. Without `nohide` clients see empty directories at those paths even though the data is present. + +**Do not use bind mounts for ZFS datasets** — Configure ZFS mountpoints directly to `/export/*`. Bind mounts in fstab for ZFS datasets cause ordering problems and are unnecessary. + +**Always set mountpoints when creating new datasets** — If a dataset is created without an explicit mountpoint it will inherit the parent's path and may not be visible or exportable correctly. Set `mountpoint=` at creation time. + +--- + +## Troubleshooting + +### Datasets not visible via NFS + +```bash +# Verify dataset is mounted +zfs list | grep dataset_name + +# Check NFS can read it +sudo -u nobody ls -la /export/path/to/dataset/ + +# Reload exports +sudo exportfs -ra +sudo systemctl restart nfs-server +``` + +### Client shows empty directories + +```bash +# Clear NFS cache and remount +sudo umount -f /mnt/znas +sudo mount -t nfs4 192.168.5.10:/ /mnt/znas + +# Test without caching to isolate the problem +sudo mount -t nfs4 -o noac,lookupcache=none 192.168.5.10:/ /mnt/znas +``` + +### After reboot, exports are empty + +```bash +# Confirm ZFS mounted before NFS started +systemctl status zfs-mount.service +systemctl status nfs-server.service + +# Confirm override is in place +systemctl cat nfs-server.service | grep -A5 "\[Unit\]" +``` + +### Loopback mount not working for Swarm containers + +```bash +# Check mount unit status +systemctl status data-nfs-znas.mount + +# Verify full dependency chain is satisfied +systemctl status zfs-mount.service +systemctl status nfs-server.service +systemctl status data-nfs-znas.mount + +# Verify loopback is mounted +mount | grep data/nfs/znas + +# If missing, mount manually to test +sudo mount -t nfs4 127.0.0.1:/ /data/nfs/znas + +# Check container can see the path +docker run --rm -v /data/nfs/znas/Data:/data alpine ls /data +``` + +If the unit fails at boot, confirm the fstab entry includes `x-systemd.after=nfs-server.service` — without this the mount races against NFS startup and loses. A plain `_netdev` entry is not sufficient. + +--- + +## Configuration Files Reference + +### /etc/exports + +``` +/export *(ro,fsid=0,no_root_squash,no_subtree_check,crossmnt) +/export/Common *(fsid=4,rw,no_subtree_check,insecure) +/export/Data *(fsid=5,rw,no_subtree_check,insecure,crossmnt) +/export/Data/media/books *(fsid=51,rw,no_subtree_check,insecure,nohide) +/export/Data/media/comics *(fsid=52,rw,no_subtree_check,insecure,nohide) +/export/Docker *(fsid=29,rw,no_root_squash,sync,no_subtree_check,insecure) +/export/Green *(fsid=30,rw,no_root_squash,no_subtree_check,insecure) +/export/photos *(fsid=31,rw,no_root_squash,no_subtree_check,insecure) +``` + +### /etc/systemd/system/nfs-server.service.d/override.conf + +```ini +[Unit] +After=zfs-import.target zfs-mount.service local-fs.target +Requires=zfs-import.target zfs-mount.service +``` + +### /etc/fstab (ZNAS system mounts only) + +ZFS datasets are not listed here — ZFS handles its own mounting. Only system partitions appear: + +``` +# / - btrfs on nvme0n1p2 +/dev/disk/by-uuid/40c60952-0340-4a78-81f9-5b2193da26c6 / btrfs defaults 0 1 +# /boot - ext4 on nvme0n1p3 +/dev/disk/by-uuid/4abb4efa-0b2b-4e4a-bcaf-78227db4628f /boot ext4 defaults 0 1 +# swap +/dev/disk/by-uuid/d07437a0-3d0e-417a-a88e-438c603c2237 none swap sw 0 0 +# /srv - btrfs on nvme0n1p5 +/dev/disk/by-uuid/c66e81ff-436e-4d6f-980b-6f4875ea7c8e /srv btrfs defaults 0 1 +``` + +--- + +## Command Reference + +- Show active exports: `sudo exportfs -v` +- Reload exports: `sudo exportfs -ra` +- Show available exports (from any host): `showmount -e 192.168.5.10` +- Restart NFS: `sudo systemctl restart nfs-server` +- Check NFS status: `systemctl status nfs-server` +- Verify ZFS mounts: `mount | grep export` +- Verify loopback: `mount | grep data/nfs` diff --git a/Vault-Grimoire/ZFS/Storage-Layout.md b/Vault-Grimoire/ZFS/Storage-Layout.md new file mode 100644 index 0000000..c9e5f64 --- /dev/null +++ b/Vault-Grimoire/ZFS/Storage-Layout.md @@ -0,0 +1,239 @@ +--- +title: Netgrimoire Storage +description: Where is it at +published: true +date: 2026-02-23T18:38:27.621Z +tags: +editor: markdown +dateCreated: 2026-01-22T21:10:37.035Z +--- + +# NAS Storage Layout + +## Overview + +ZNAS is the primary NAS for Netgrimoire. It runs Ubuntu with OpenZFS and serves as the source of truth for all storage, including datasets that replicate out to the Pocket Grimoire portable system. + +The system mounts everything under `/export/` for NFS sharing, with select datasets mounted under `/srv/` for local service consumption (Immich, NextCloud-AIO, Kopia, backup). + +## ZFS Pools + +- `vault` — primary NAS storage, RAIDZ1×2, 8 drives +- `greenpg` — Pocket Grimoire GREEN SSD (Kanguru UltraLock), docked for sync when present + +## Zpool Architecture + +``` +pool: vault +state: ONLINE +scan: scrub repaired 0B in 2 days 10:24:08 with 0 errors on Tue Feb 10 10:48:10 2026 + +config: + NAME STATE READ WRITE CKSUM + vault ONLINE 0 0 0 + raidz1-0 ONLINE 0 0 0 + ata-ST24000DM001-3Y7103_ZXA06K45 ONLINE 0 0 0 + ata-ST24000DM001-3Y7103_ZXA08CVY ONLINE 0 0 0 + ata-ST24000DM001-3Y7103_ZXA0FP10 ONLINE 0 0 0 + raidz1-1 ONLINE 0 0 0 + ata-ST16000NE000-2RW103_ZL2Q3275 ONLINE 0 0 0 + ata-ST16000NM001G-2KK103_ZL26R5XW ONLINE 0 0 0 + ata-ST16000NT001-3LV101_ZRS0KVQW ONLINE 0 0 0 + ata-WDC_WD140EDFZ-11A0VA0_9MG81N0J ONLINE 0 0 0 + ata-WDC_WD140EDFZ-11A0VA0_Y5J35Z6C ONLINE 0 0 0 + +errors: No known data errors +``` + +`raidz1-0` is 3× Seagate 24TB (~48TB usable). `raidz1-1` is 3× Seagate 16TB + 2× WD 14TB (~56TB usable — the 14TB drives are the limiting factor per stripe, leaving ~2TB/drive unused on the 16TB drives). Total pool: ~94TB raw, 39TB currently available. + +``` +pool: greenpg +state: ONLINE + +config: + NAME STATE READ WRITE CKSUM + greenpg ONLINE 0 0 0 + scsi-1Kanguru_UltraLock_DB090722NC10001 ONLINE 0 0 0 + +errors: No known data errors +``` + +`greenpg` is a portable pool. Export it before physically moving to Pocket Grimoire. + +## ZFS Datasets + +| Dataset | Mountpoint | Used | Avail | Refer | Quota | Compression | Purpose | +|---------|-----------|------|-------|-------|-------|-------------|---------| +| `vault` | `/export` | 55.3T | 39.0T | 771G | none | 1.00x | Pool root / NFSv4 pseudo-root | +| `vault/Common` | `/export/Common` | 214G | 39.0T | 214G | none | 1.06x | General shared storage | +| `vault/Data` | `/export/Data` | 38.4T | 39.0T | 36.4T | none | 1.00x | Primary data — 36.4T lives directly in dataset root | +| `vault/Data/media_books` | `/export/Data/media/books` | 925G | 39.0T | 925G | none | 1.03x | Book library | +| `vault/Data/media_comics` | `/export/Data/media/comics` | 1.15T | 39.0T | 1.15T | none | 1.00x | Comic library | +| `vault/Green` | `/export/Green` | 14.7T | 5.31T | 9.66T | 20T | 1.00x | Personal media — 9.66T direct, 5.02T in Pocket child | +| `vault/Green/Pocket` | `/export/Green/Pocket` | 5.02T | 2.48T | 5.02T | 7.5T | 1.00x | Pocket Grimoire replication source | +| `vault/Kopia` | `/srv/vault/kopia_repository` | 349G | 39.0T | 349G | none | 1.02x | Kopia backup repository | +| `vault/NextCloud-AIO` | `/srv/NextCloud-AIO` | 341G | 39.0T | 341G | none | 1.01x | NextCloud data | +| `vault/Photos` | `/export/Photos` | 135K | 39.0T | 135K | none | 1.00x | Photos (sparse — see notes) | +| `vault/backup` | `/srv/vault/backup` | 442G | 582G | 442G | 1T | 1.00x | Local system backups | +| `vault/docker` | `/export/Docker` | 22.2G | 39.0T | 22.2G | none | 1.13x | Docker volumes | +| `vault/immich` | `/srv/immich` | 117G | 39.0T | 117G | none | 1.03x | Immich photo service data | +| `greenpg` | `/greenpg` | 2.94T | 4.20T | 96K | — | 1.00x | GREEN SSD pool root (portable) | +| `greenpg/Pocket` | `/greenpg/Pocket` | 2.94T | 4.20T | 2.94T | — | 1.00x | Personal media + Stash data | + +**Notes on specific datasets:** + +`vault/Data` — 36.4T lives directly in the dataset root at `/export/Data/`. `media_books` and `media_comics` are the only child datasets and account for ~2T combined. The remaining ~36T is general data stored directly under the parent. + +`vault/Green` — 9.66T lives directly in `/export/Green/` with the remaining 5.02T in the `Pocket` child dataset. The 20T quota caps total Green growth. `vault/Green/Pocket` has its own 7.5T sub-quota. + +`vault/Photos` — nearly empty (135K). Photos are primarily managed through Immich at `vault/immich`. This dataset may be vestigial or reserved for future use. + +`vault/backup` — has a hard 1T quota. Unlike other vault datasets which draw from the full 39T pool availability, this dataset is capped. Current usage is 442G with 582G remaining. + +Compression ratios are near 1.00x across most datasets because content is already compressed (media files, binary data). `vault/docker` (1.13x) and `vault/Common` (1.06x) see modest gains from compressible config and text data. + +## NFS Exports + +All exports use NFSv4 with `/export` as the pseudo-filesystem root (`fsid=0`). + +| Export | fsid | Options | Notes | +|--------|------|---------|-------| +| `/export` | 0 | `ro, no_root_squash, no_subtree_check, crossmnt` | NFSv4 pseudo-root — required for v4 clients | +| `/export/Common` | 4 | `rw, no_subtree_check, insecure` | General access | +| `/export/Data` | 5 | `rw, no_subtree_check, insecure, crossmnt` | Data root | +| `/export/Data/media/books` | 51 | `rw, no_subtree_check, insecure, nohide` | Separate ZFS dataset — needs `nohide` | +| `/export/Data/media/comics` | 52 | `rw, no_subtree_check, insecure, nohide` | Separate ZFS dataset — needs `nohide` | +| `/export/Docker` | 29 | `rw, no_root_squash, sync, no_subtree_check, insecure` | Container volumes | +| `/export/Green` | 30 | `rw, no_root_squash, no_subtree_check, insecure` | Personal media + Pocket Grimoire source | +| `/export/photos` | 31 | `rw, no_root_squash, no_subtree_check, insecure` | Photos | + +Current `/etc/exports`: + +``` +/export *(ro,fsid=0,no_root_squash,no_subtree_check,crossmnt) +/export/Common *(fsid=4,rw,no_subtree_check,insecure) +/export/Data *(fsid=5,rw,no_subtree_check,insecure,crossmnt) +/export/Data/media/books *(fsid=51,rw,no_subtree_check,insecure,nohide) +/export/Data/media/comics *(fsid=52,rw,no_subtree_check,insecure,nohide) +/export/Docker *(fsid=29,rw,no_root_squash,sync,no_subtree_check,insecure) +/export/Green *(fsid=30,rw,no_root_squash,no_subtree_check,insecure) +/export/photos *(fsid=31,rw,no_root_squash,no_subtree_check,insecure) +``` + +There is also an active loopback NFSv4 mount on the system itself: + +``` +localhost:/ → /data/nfs/znas (NFSv4.2, rsize/wsize=1M) +``` + +## SMB Shares + +*(To be documented.)* + +## Standard Paths + +- `/export/` — NFS root (vault pool root) +- `/export/Data/` — primary data +- `/export/Data/media/books/` — book library +- `/export/Data/media/comics/` — comic library +- `/export/Green/` — personal media +- `/export/Green/Pocket/` — Pocket Grimoire replication source +- `/export/Docker/` — container volumes +- `/export/Photos/` — photos +- `/srv/immich/` — Immich service data +- `/srv/NextCloud-AIO/` — NextCloud data +- `/srv/vault/kopia_repository/` — Kopia backup repo +- `/srv/vault/backup/` — local system backups +- `/greenpg/Pocket/` — GREEN SSD when docked for sync + +## Permissions & UID/GID Model + +*(To be documented — dockhand UID 1964, container access rules.)* + +## Services Using Local Mounts + +These datasets are consumed directly by services on ZNAS and are not NFS-exported: + +| Service | Dataset | Mountpoint | +|---------|---------|-----------| +| Immich | `vault/immich` | `/srv/immich` | +| NextCloud-AIO | `vault/NextCloud-AIO` | `/srv/NextCloud-AIO` | +| Kopia | `vault/Kopia` | `/srv/vault/kopia_repository` | +| Local backup | `vault/backup` | `/srv/vault/backup` | + +## Pocket Grimoire Integration + +`vault/Green/Pocket` is the replication source for the Pocket Grimoire GREEN SSD (`greenpg`). It contains personal media and Stash application data (database, previews, blobs). See the Pocket Grimoire deployment guide for full procedures. + +**Fast resync when GREEN SSD is physically docked on ZNAS:** + +```bash +# Check pool name (retains whatever name it had when last exported) +zpool list | grep greenpg + +# Import if needed +sudo zpool import greenpg +sudo zfs load-key greenpg +sudo zfs mount -a + +# Sync +sudo syncoid vault/Green/Pocket greenpg/Pocket + +# Export before physically disconnecting — always do this +sudo zfs unmount greenpg/Pocket +sudo zfs unmount greenpg +sudo zpool export greenpg +``` + +**Network sync** runs automatically on Pocket Grimoire via a 6-hour syncoid systemd timer when connected over the network. + +## Backup & Snapshot Strategy + +**Snapshots:** + +```bash +# Manual pre-change snapshot +zfs snapshot vault/Docker@before-upgrade + +# List all snapshots +zfs list -t snapshot + +# List snapshots for a specific dataset +zfs list -t snapshot -r vault/Green +``` + +**Kopia:** Repository at `vault/Kopia` → `/srv/vault/kopia_repository`. *(Document snapshot policy and sources.)* + +**Replication:** `vault/Green/Pocket` → `greenpg/Pocket` via syncoid. See Pocket Grimoire Integration above. + +## Known Gotchas + +**NFSv4 pseudo-root** — The `/export` entry with `fsid=0` is required for NFSv4 clients to enumerate subdirectories. Do not remove it even if it appears redundant. + +**`nohide` on sub-datasets** — `vault/Data/media_books` and `vault/Data/media_comics` are separate ZFS datasets mounted beneath the `vault/Data` export path. NFS does not cross filesystem boundaries by default. Without `nohide` clients see empty directories at those paths. + +**`vault/backup` quota** — This dataset has a hard 1T quota and does not share the general pool availability. Current headroom is ~582G. Monitor before large backup operations. + +**`vault/Green` quota** — Capped at 20T total with a 7.5T sub-quota on `vault/Green/Pocket`. The GREEN SSD itself is ~7TB, so the sub-quota is the effective ceiling for the Pocket sync. + +**raidz1-1 mixed drive sizes** — The three 16TB drives in raidz1-1 have ~2TB/drive going unused because RAIDZ1 stripes are limited by the smallest drive in the VDEV (14TB WDs). This capacity is permanently unavailable unless the VDEV is rebuilt. + +**Kanguru UltraLock hardware encryption** — The GREEN SSD has hardware-level PIN protection in addition to ZFS encryption. The drive must be hardware-unlocked before `zpool import` will see it. + +**Always export `greenpg` before disconnecting** — Export flushes writes and marks the pool clean. Pulling the drive without exporting risks a dirty import on next use. + +**`vault/Data` root usage** — 36.4T lives directly in `/export/Data/` rather than in child datasets. This is normal for this setup but means `zfs list` on the parent alone shows the full usage without a breakdown. + +## Command Reference + +- Health: `zpool status` +- Space available to pool: `zpool list` +- Space available to datasets: `zfs list` +- Dataset configuration: `zfs get -r compression,dedup,recordsize,atime,quota,reservation vault` +- Create a snapshot: `zfs snapshot vault/Docker@before-upgrade` +- List snapshots: `zfs list -t snapshot` +- Reload NFS exports: `sudo exportfs -ra` +- Show active NFS exports: `sudo exportfs -v` +- Run a scrub: `sudo zpool scrub vault` +- Sync GREEN SSD: `sudo syncoid vault/Green/Pocket greenpg/Pocket` diff --git a/Vault-Grimoire/ZFS/ZFS-Commands.md b/Vault-Grimoire/ZFS/ZFS-Commands.md new file mode 100644 index 0000000..4ed077a --- /dev/null +++ b/Vault-Grimoire/ZFS/ZFS-Commands.md @@ -0,0 +1,168 @@ +--- +title: ZFS Common Commands +description: ZFS Commands +published: true +date: 2026-02-20T04:26:23.798Z +tags: zfs commands +editor: markdown +dateCreated: 2026-01-31T15:23:07.585Z +--- + +# ZFS Essential Commands Cheat Sheet + +--- + +## Pool Health & Status + +zpool status + +zpool status -v + +zpool list + +## Dataset Space & Usage + +zfs list + +zfs list -r vault + +zfs list -o name,used,avail,refer,logicalused,compressratio + +zfs list -r -o name,used,avail,refer,quota,reservation vault + +## Dataset Properties & Settings + +zfs get all vault/dataset + +zfs get -r compression,dedup,recordsize,atime,quota,reservation vault + +zfs get -r compression,dedup,recordsize,encryption,keylocation,keyformat,snapdir vault + +zfs get -s local -r all vault + +zfs get quota,refquota,reservation,refreservation -r vault + +## Mount Encrypted Dataset + +zfs load-key vault/Green/Pocket + +zfs mount vault/Green/Pocket + +## Pool I/O & Performance Monitoring + +zpool iostat -v 1 + +arcstat 1 + +cat /proc/spl/kstat/zfs/arcstats + +## Scrubs & Data Integrity + +zpool scrub vault + +zpool scrub -s vault + +zpool status + +## Snapshots + +zfs snapshot vault/dataset@snapname + +zfs list -t snapshot + +zfs rollback vault/dataset@snapname + +zfs clone vault/dataset@snapname vault/dataset-clone + +## Replication (Send / Receive) + +zfs send vault/dataset@snap1 | zfs receive backup/dataset + +zfs send -i snap1 vault/dataset@snap2 | zfs receive backup/dataset + +zfs send -nv vault/dataset@snap1 + +## Dataset Tuning (Live-Safe Changes) + +zfs set compression=lz4 vault/dataset + +zfs set recordsize=1M vault/dataset + +zfs set atime=off vault/dataset + +zfs set dedup=on vault/dataset + +## Encryption Management + +zfs get encryption,keylocation,keystatus vault/dataset + +zfs unload-key vault/dataset + +zfs load-key vault/dataset + +## Disk Preparation & Cleanup + +wipefs /dev/sdX + +wipefs -a /dev/sdX + +zpool labelclear -f /dev/sdX + +sgdisk --zap-all /dev/sdX + +lsblk -f /dev/sdX + +## Pool Expansion (Add VDEV) + +zpool add vault raidz2 \ + /dev/disk/by-id/disk1 \ + /dev/disk/by-id/disk2 \ + /dev/disk/by-id/disk3 \ + /dev/disk/by-id/disk4 \ + /dev/disk/by-id/disk5 + +## Pool Import / Recovery + +zpool import + +zpool import vault + +zpool import -f vault + +zpool import -o readonly=on vault + +## Locks, Holds & History + +zfs holds -r vault + +zpool history + +zfs diff vault/dataset@snap1 vault/dataset@snap2 + +## Deduplication & Compression Stats + +zpool list -v + +zdb -DD vault + +## Inventory / Documentation Dumps + +zpool status > zpool-status.txt + +zfs list -r > zfs-layout.txt + +zfs get -r all vault > zfs-settings.txt + +## Top 10 Must-Know Commands + +zpool status +zpool list +zpool iostat -v 1 +zpool scrub vault +zfs list +zfs get all vault/dataset +zfs snapshot vault/dataset@snap +zfs rollback vault/dataset@snap +zfs send | zfs receive +arcstat 1 + diff --git a/Ward-Grimoire/Access/Auth-Overview.md b/Ward-Grimoire/Access/Auth-Overview.md new file mode 100644 index 0000000..a2ff330 --- /dev/null +++ b/Ward-Grimoire/Access/Auth-Overview.md @@ -0,0 +1,39 @@ +--- +title: Authentication Overview +description: SSO, LDAP, and access control in Netgrimoire +published: true +date: 2026-04-12T00:00:00.000Z +tags: ward, auth, sso +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Authentication Overview + +## SSO Providers + +| Provider | Scope | URL | +|----------|-------|-----| +| Authentik | `*.netgrimoire.com` | Protected via `caddy.import_1: authentik` label | +| Authelia | `*.wasted-bandwidth.net` | Green Grimoire + Shadow Grimoire services | + +Both providers use LLDAP as their LDAP backend. + +## LLDAP + +Lightweight LDAP directory at `ldap.netgrimoire.com`. Postgres backend. Provides the user directory for both Authentik and Authelia. + +See [LDAP Client Setup](/Ward-Grimoire/Access/LDAP-Client-Setup) for configuring hosts to authenticate via LLDAP. + +## Vaultwarden + +Password manager at `pass.netgrimoire.com`. Protected by Authentik. + +## WireGuard + +5 VPN peers on 192.168.32.0/24. Managed in OPNsense. See [Host Inventory](/Keystone-Grimoire/Hosts/Host-Inventory) for peer assignments. + +## YubiKey (Planned) + +- PIV SSH authentication on all hosts — highest-impact pending integration +- Challenge-response for LUKS / Kopia key derivation on znas diff --git a/Ward-Grimoire/Access/LDAP-Client-Setup.md b/Ward-Grimoire/Access/LDAP-Client-Setup.md new file mode 100644 index 0000000..25fe7f2 --- /dev/null +++ b/Ward-Grimoire/Access/LDAP-Client-Setup.md @@ -0,0 +1,218 @@ +--- +title: LDAP Client Setup +description: +published: true +date: 2026-02-20T04:33:31.862Z +tags: +editor: markdown +dateCreated: 2026-01-21T13:21:40.588Z +--- + + +Your content here✅ LLDAP + SSSD Node Join Checklist (FINAL) + +Assumptions + +LLDAP server: docker4 + +LDAP URI: ldap://docker4:3890 + +Base DN: dc=netgrimoire,dc=com + +Users/groups use lowercase attributes (uidnumber, gidnumber, homedirectory, unixshell, uniquemember) + +No TLS (lab only) + +Docker group GID = 1964 in LDAP + +This node is Ubuntu/Debian-based + +0️⃣ Safety first (do this every time) + +Open two SSH sessions to the node + +Confirm you can sudo + +Do not edit nsswitch.conf until SSSD is confirmed working + +1️⃣ Install required packages +sudo apt update +sudo apt install -y sssd sssd-ldap sssd-tools libpam-sss libnss-sss libsss-sudo ldap-utils oddjob oddjob-mkhomedir + +Ensure legacy LDAP NSS is NOT installed +sudo apt purge -y libnss-ldap libpam-ldap nslcd libnss-ldapd libpam-ldapd || true +sudo apt autoremove -y + +2️⃣ Verify LDAP connectivity (must pass) +getent hosts docker4 +nc -vz docker4 3890 +ldapwhoami -x -H ldap://docker4:3890 \ + -D 'uid=admin,ou=people,dc=netgrimoire,dc=com' -w 'F@lcon13' + + +❌ If any fail → stop and fix networking/DNS/firewall. + +3️⃣ Create /etc/sssd/sssd.conf (single file, no includes) +sudo vi /etc/sssd/sssd.conf + + +Paste exactly: + +[sssd] +services = nss, pam, ssh +config_file_version = 2 +domains = netgrimoire.com + +[nss] +filter_users = root +filter_groups = root + +[pam] +offline_failed_login_attempts = 3 +offline_failed_login_delay = 5 + +[ssh] + +[domain/netgrimoire.com] +id_provider = ldap +auth_provider = ldap +chpass_provider = ldap +access_provider = permit + +enumerate = false +cache_credentials = true + +ldap_uri = ldap://docker4:3890 +ldap_schema = rfc2307bis +ldap_search_base = dc=netgrimoire,dc=com + +ldap_auth_disable_tls_never_use_in_production = true +ldap_id_use_start_tls = false +ldap_tls_reqcert = never + +ldap_default_bind_dn = uid=admin,ou=people,dc=netgrimoire,dc=com +ldap_default_authtok = F@lcon13 + +# USERS (lowercase attributes) +ldap_user_search_base = ou=people,dc=netgrimoire,dc=com +ldap_user_object_class = posixAccount +ldap_user_name = uid +ldap_user_gecos = cn +ldap_user_uid_number = uidnumber +ldap_user_gid_number = gidnumber +ldap_user_home_directory = homedirectory +ldap_user_shell = unixshell + +# GROUPS (lowercase attributes) +ldap_group_search_base = ou=groups,dc=netgrimoire,dc=com +ldap_group_object_class = groupOfUniqueNames +ldap_group_name = cn +ldap_group_gid_number = gidnumber +ldap_group_member = uniquemember + +4️⃣ Fix permissions (SSSD will NOT start without this) +sudo chown root:root /etc/sssd/sssd.conf +sudo chmod 600 /etc/sssd/sssd.conf +sudo chmod 700 /etc/sssd + + +Validate: + +sudo sssctl config-check + +5️⃣ Start SSSD cleanly +sudo systemctl enable sssd +sudo systemctl stop sssd +sudo rm -f /var/lib/sss/db/* /var/lib/sss/mc/* +sudo systemctl start sssd + + +Verify: + +sudo systemctl status sssd --no-pager -l +sudo sssctl domain-status netgrimoire.com + + +Expected: + +Online status: Online +LDAP: docker4 + +6️⃣ Enable NSS lookups via SSSD (LDAP-first) + +Edit /etc/nsswitch.conf: + +passwd: sss files systemd +group: sss files systemd +shadow: sss files + + +Test: + +getent passwd graymutt +getent group docker +id graymutt + +7️⃣ 🔑 RE-INITIALIZE PAM (THIS IS THE STEP YOU REMEMBERED) + +This step is mandatory on Debian/Ubuntu. + +sudo pam-auth-update + +In the menu, ENABLE: + +✅ Unix authentication + +✅ SSSD + +✅ Create home directory on login + +DISABLE: + +❌ LDAP Authentication (legacy) + +❌ Kerberos (unless you explicitly use it) + +Press OK. + +8️⃣ Verify PAM wiring +grep pam_sss.so /etc/pam.d/common-* +grep pam_mkhomedir /etc/pam.d/common-session + + +You should see: + +session required pam_mkhomedir.so skel=/etc/skel umask=0022 + +9️⃣ Final login test (definitive) +ssh graymutt@localhost + + +Expected: + +Login succeeds + +/home/graymutt is auto-created + +Correct LDAP groups present + +🔟 (Optional but recommended) Remove local docker group + +If the node has a local docker group (gid 998): + +sudo groupdel docker + + +Verify: + +getent group docker + + +Expected: + +docker:x:1964:graymutt,dockhand + +🧪 Fast troubleshooting commands +sudo sssctl domain-status netgrimoire.com +sudo tail -n 200 /var/log/sssd/sssd_netgrimoire.com.log +sudo systemctl status sssd --no-pager -l diff --git a/Ward-Grimoire/Firewall/Blocklists.md b/Ward-Grimoire/Firewall/Blocklists.md new file mode 100644 index 0000000..d12aba1 --- /dev/null +++ b/Ward-Grimoire/Firewall/Blocklists.md @@ -0,0 +1,239 @@ +--- +title: Opnsense - Additional Blocklists +description: Blocklists +published: true +date: 2026-02-23T21:54:13.019Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:46:39.562Z +--- + +# OPNsense Additional Blocklists + +**Service:** Firewall Aliases — URL Table blocklists +**Host:** OPNsense firewall +**Applies To:** WAN and ATT interfaces +**Update Frequency:** Daily (automatic) + +--- + +## Overview + +Your firewall already uses Spamhaus DROP and EDROP as IP blocklists. These three additional lists fill specific gaps that Spamhaus does not cover: + +| List | What It Blocks | Why It's Needed | +|---|---|---| +| Feodo Tracker | Botnet command & control IPs | Stops malware on your network phoning home | +| Abuse.ch SSLBL | IPs with malicious SSL certificates | Catches malware that uses HTTPS to hide C2 traffic | +| Emerging Threats | Confirmed active attack IPs | Broad coverage of IPs currently conducting scans and exploits | + +These work at the **firewall alias level** — the same mechanism as your existing Spamhaus lists. Traffic from/to these IPs is blocked before it reaches any service. + +> ✓ These lists are also used by Suricata internally. Adding them as firewall aliases provides a second, independent enforcement point at the packet filter level — meaning blocks happen even if Suricata is restarted or temporarily inactive. + +--- + +## Current Blocklist State + +From your configuration, these lists are already present and working: + +| Alias | List | Status | +|---|---|---| +| SpamHaus_Drop | Spamhaus DROP | ⚠ Alias active, **rule disabled** | +| Spamhaus_edrop | Spamhaus EDROP | ⚠ Alias active, **rule disabled** | +| crowdsec_blacklists | CrowdSec IPv4 | ✓ Active | +| crowdsec6_blacklists | CrowdSec IPv6 | ✓ Active | + +> ⚠ **First priority:** Before adding new blocklists, re-enable the existing Spamhaus block rules. See the Re-enable Existing Rules section at the bottom of this document. + +--- + +## Step 1 — Add Feodo Tracker Alias + +Navigate to **Firewall → Aliases → Add** + +| Field | Value | +|---|---| +| Name | `Feodo_Tracker` | +| Type | `URL Table (IPs)` | +| Description | `Abuse.ch Feodo Tracker — Botnet C2 IPs` | +| URL | `https://feodotracker.abuse.ch/downloads/ipblocklist.txt` | +| Refresh Frequency | `1` day | +| Enabled | ✓ | + +Click **Save**, then **Apply Changes**. + +**Verify the list loaded:** +Go to **Firewall → Diagnostics → Aliases**, select `Feodo_Tracker` — you should see a list of IP addresses populated. + +--- + +## Step 2 — Add Abuse.ch SSLBL Alias + +Navigate to **Firewall → Aliases → Add** + +| Field | Value | +|---|---| +| Name | `AbuseCH_SSLBL` | +| Type | `URL Table (IPs)` | +| Description | `Abuse.ch SSL Blacklist — Malicious SSL certificate IPs` | +| URL | `https://sslbl.abuse.ch/blacklist/sslipblacklist.txt` | +| Refresh Frequency | `1` day | +| Enabled | ✓ | + +Click **Save**, then **Apply Changes**. + +> ✓ The SSL Blacklist specifically targets IPs that have been observed using SSL/TLS certificates associated with malware botnets. It catches C2 traffic that would otherwise be hidden inside HTTPS. + +--- + +## Step 3 — Add Emerging Threats Alias + +Navigate to **Firewall → Aliases → Add** + +| Field | Value | +|---|---| +| Name | `ET_Block_IPs` | +| Type | `URL Table (IPs)` | +| Description | `Emerging Threats — Active attack and scanning IPs` | +| URL | `https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt` | +| Refresh Frequency | `1` day | +| Enabled | ✓ | + +Click **Save**, then **Apply Changes**. + +--- + +## Step 4 — Create Firewall Block Rules + +One block rule per alias, applied to both WAN and ATT interfaces. Add these rules **above** your existing PASS rules on each interface. + +Navigate to **Firewall → Rules → WAN** + +### Rule 1 — Block Feodo Tracker (WAN) + +Click **Add** (add to top of ruleset): + +| Field | Value | +|---|---| +| Action | Block | +| Interface | WAN | +| Direction | in | +| Protocol | any | +| Source | `Feodo_Tracker` (single host or alias) | +| Destination | any | +| Description | `Block Feodo Tracker botnet C2` | +| Log | ✓ Enable logging | + +Click **Save**. + +### Rule 2 — Block Abuse.ch SSLBL (WAN) + +| Field | Value | +|---|---| +| Action | Block | +| Interface | WAN | +| Direction | in | +| Protocol | any | +| Source | `AbuseCH_SSLBL` | +| Destination | any | +| Description | `Block Abuse.ch SSL Blacklist` | +| Log | ✓ Enable logging | + +Click **Save**. + +### Rule 3 — Block Emerging Threats (WAN) + +| Field | Value | +|---|---| +| Action | Block | +| Interface | WAN | +| Direction | in | +| Protocol | any | +| Source | `ET_Block_IPs` | +| Destination | any | +| Description | `Block Emerging Threats IPs` | +| Log | ✓ Enable logging | + +Click **Save**. + +Click **Apply Changes** on the WAN rules page. + +### Repeat for ATT Interface + +Navigate to **Firewall → Rules → ATT** and add the same three rules with `Interface: ATT`. This ensures blocking applies to both WANs during the transition period, and only ATT after WAN is retired. + +--- + +## Step 5 — Also Block Outbound (Optional but Recommended) + +Adding outbound blocks catches the case where an internal device is already compromised and attempting to contact C2 infrastructure. Apply to the LAN interface, direction **out**: + +Navigate to **Firewall → Rules → LAN**, add rules with: +- Direction: `out` +- Source: `any` +- Destination: the respective alias (`Feodo_Tracker`, `AbuseCH_SSLBL`, `ET_Block_IPs`) +- Action: `Block` + +This means even if malware bypasses inbound filtering, outbound connections to known C2 IPs are still blocked. + +--- + +## Re-enable Existing Spamhaus Rules + +While you are in the firewall rules, re-enable the three currently disabled rules: + +Navigate to **Firewall → Rules → WAN** + +Find these three rules (they appear greyed out): +1. `Block DROP` — source: SpamHaus_Drop +2. `Block EDROP` — source: Spamhaus_edrop +3. GeoIP country block — source: Blocked_Countries + +Click the **enable toggle** (grey circle icon) on each rule to enable them. Click **Apply Changes**. + +> ✓ These aliases are already populated and refreshing automatically. The only reason they were not blocking is because the rules were disabled. Enabling them requires no other changes. + +--- + +## Verifying Blocklists Are Working + +### Check Alias Contents + +**Firewall → Diagnostics → Aliases** — select each alias to see the current list of blocked IPs and confirm they are populated. + +### Check Firewall Logs + +**Firewall → Log Files → Live View** — filter by the rule description (e.g., `Feodo Tracker`) to see blocks in real time. + +### Check Update Schedule + +Aliases refresh on the schedule set during creation. To force an immediate refresh: +**Firewall → Diagnostics → Aliases → select alias → Flush + Force Update** + +--- + +## Complete Blocklist Summary + +After implementing all of the above, your firewall enforces the following IP blocklists: + +| Alias | List | Covers | Update | +|---|---|---|---| +| SpamHaus_Drop | Spamhaus DROP | Hijacked/compromised netblocks | Daily | +| Spamhaus_edrop | Spamhaus EDROP | Extended DROP — bogon routes | Daily | +| Feodo_Tracker | Feodo Tracker | Botnet C2 IPs | Daily | +| AbuseCH_SSLBL | Abuse.ch SSLBL | Malicious SSL certificate IPs | Daily | +| ET_Block_IPs | Emerging Threats | Active scanners & attack IPs | Daily | +| crowdsec_blacklists | CrowdSec | Community-reported bad IPs (IPv4) | Real-time | +| crowdsec6_blacklists | CrowdSec | Community-reported bad IPs (IPv6) | Real-time | +| Blocked_Countries | MaxMind GeoIP | 70 blocked countries | Weekly | + +Combined with Suricata (content inspection) and CrowdSec (IP reputation), this gives you a comprehensive multi-layer perimeter. + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — parent firewall documentation, full alias list +- [Suricata IDS/IPS](./suricata-ids-ips) — content inspection layer, also uses these feed sources +- [CrowdSec](./crowdsec) — real-time IP reputation blocking diff --git a/Ward-Grimoire/Firewall/OPNsense-Git-Backup.md b/Ward-Grimoire/Firewall/OPNsense-Git-Backup.md new file mode 100644 index 0000000..0061fa4 --- /dev/null +++ b/Ward-Grimoire/Firewall/OPNsense-Git-Backup.md @@ -0,0 +1,182 @@ +--- +title: OpnSense - GIT Integration +description: Git Integration +published: true +date: 2026-02-23T21:53:24.522Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:48:01.779Z +--- + +# OPNsense Git Backup (os-git-backup) + +**Service:** os-git-backup +**Plugin:** os-git-backup +**Host:** OPNsense firewall +**Remote:** Forgejo on Netgrimoire +**Trigger:** Automatic on every config change + +--- + +## Overview + +Every change made to OPNsense — adding a firewall rule, updating an alias, changing a VPN config — modifies the underlying XML configuration file. By default there is no history of these changes. If a misconfiguration causes an outage, or if you need to audit what changed after a security incident, you have no record to work from. + +os-git-backup solves this by committing the OPNsense configuration to a Git repository automatically every time a change is saved. Each commit records exactly what changed, when, and (if configured) which user made the change. + +**Benefits:** +- Full audit trail of every configuration change +- One-command rollback to any previous state +- Offsite backup of firewall config via Forgejo → Kopia chain +- Diff view to understand exactly what a change did + +--- + +## Pre-requisite: Create Forgejo Repository + +Before installing the plugin, create a dedicated repository in Forgejo to receive the OPNsense config backups. + +1. Log into your Forgejo instance on Netgrimoire +2. Create a new repository: `opnsense-config` +3. Set visibility to **Private** — firewall configs contain sensitive network topology +4. Do not initialize with a README (the plugin will push the first commit) +5. Note the SSH clone URL: `git@git.netgrimoire.com:youruser/opnsense-config.git` + +--- + +## Installation + +### Step 1 — Install the Plugin + +1. Go to **System → Firmware → Plugins** +2. Search for `os-git-backup` +3. Click the **+** install button +4. Wait for installation to complete +5. Navigate to **System → Configuration → Backups** — a **Git** tab will appear + +--- + +## Configuration + +### Step 2 — Generate SSH Deploy Key + +The OPNsense firewall needs an SSH key to authenticate to Forgejo without a password. + +Navigate to **System → Configuration → Backups → Git** + +1. Click **Generate SSH Key** +2. Copy the displayed **public key** — you will add this to Forgejo next + +### Step 3 — Add Deploy Key to Forgejo + +1. In Forgejo, go to your `opnsense-config` repository +2. Navigate to **Settings → Deploy Keys** +3. Click **Add Deploy Key** +4. Title: `OPNsense Firewall` +5. Key: paste the public key from Step 2 +6. Enable **Allow Write Access** — the firewall needs to push commits +7. Click **Add Key** + +### Step 4 — Configure the Plugin + +Navigate to **System → Configuration → Backups → Git** + +| Setting | Value | Notes | +|---|---|---| +| Enabled | ✓ | | +| URL | `git@git.netgrimoire.com:youruser/opnsense-config.git` | SSH URL from your Forgejo repo | +| Branch | `main` | | +| Name | `OPNsense Firewall` | Author name shown in commits | +| Email | `opnsense@netgrimoire.com` | Author email shown in commits | +| SSH Private Key | (auto-populated from Step 2) | | +| Backup Interval | On change | Commits every time config is saved | + +Click **Save**. + +### Step 5 — Test the Connection + +Click **Backup Now** to trigger a manual backup. Then check your Forgejo repository — you should see an initial commit containing the OPNsense configuration XML. + +If the push fails, check: +1. The deploy key has write access in Forgejo +2. The SSH URL is correct (use SSH, not HTTPS) +3. Forgejo is reachable from the firewall — test from OPNsense shell: + ```bash + ssh -T git@git.netgrimoire.com + # Expected: Hi youruser! You've successfully authenticated... + ``` + +--- + +## What Gets Backed Up + +The plugin commits the OPNsense configuration file: + +`/conf/config.xml` + +This single file contains **everything** — interfaces, firewall rules, NAT, VPN configs, aliases, users, certificates, DHCP, DNS settings, and all plugin configurations. A restore from this file fully recreates the firewall state. + +> ⚠ The config.xml contains **hashed passwords**, **VPN private keys**, and **API credentials**. The Forgejo repository must remain private. Ensure your Forgejo instance is not publicly accessible or that this repository is explicitly private. + +--- + +## Using the Backup + +### Viewing History + +In Forgejo, navigate to the `opnsense-config` repository. Each commit represents one configuration save, with: +- Timestamp of the change +- Diff showing exactly what XML changed +- Author (OPNsense Firewall) + +### Rolling Back a Change + +If a configuration change causes problems: + +**Option 1 — Restore via OPNsense UI:** +1. In Forgejo, find the commit you want to restore +2. Download the `config.xml` from that commit +3. In OPNsense: **System → Configuration → Backups → Restore** +4. Upload the config.xml and restore + +**Option 2 — Restore via shell (if UI is unreachable):** +```bash +# SSH into OPNsense +ssh root@192.168.3.4 + +# The git repo is cloned locally — find it +find /conf -name ".git" -type d + +# Check out the previous config +cd /conf/backup # or wherever the repo is cloned +git log --oneline -10 +git checkout -- config.xml + +# Apply the restored config +/usr/local/sbin/opnsense-importer config.xml +``` + +### Diffing Changes + +To see exactly what a specific change did: + +```bash +# In Forgejo: click any commit → view the diff +# Alternatively, from the OPNsense shell: +cd +git diff HEAD~1 HEAD -- config.xml +``` + +--- + +## Integration with Kopia Backups + +Since the git repository lives in Forgejo on Netgrimoire, it is automatically included in the Netgrimoire Kopia backup chain — no additional configuration needed. The OPNsense config history is backed up offsite along with everything else. + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — parent firewall documentation +- [Forgejo](./forgejo) — Git repository host on Netgrimoire +- [Kopia Backups](./kopia) — offsite backup chain diff --git a/Ward-Grimoire/Firewall/OPNsense.md b/Ward-Grimoire/Firewall/OPNsense.md new file mode 100644 index 0000000..483966f --- /dev/null +++ b/Ward-Grimoire/Firewall/OPNsense.md @@ -0,0 +1,508 @@ +--- +title: OpnSense +description: Grimoire Firewall Configuration +published: true +date: 2026-02-23T21:31:26.008Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:31:15.244Z +--- + +# OPNsense Firewall + +**Host:** OPNsense.localdomain +**Timezone:** America/Chicago +**Documented:** February 23, 2026 +**Status:** Active — AT&T migration in progress + +--- + +## Overview + +The network perimeter is protected by an OPNsense firewall running on dedicated hardware with four physical Intel i226-V NICs (igc0–igc3). The firewall operates in a dual-WAN configuration during the transition from the legacy ISP to AT&T fiber, with AT&T becoming the permanent primary WAN. CrowdSec threat intelligence, GeoIP blocking, and Spamhaus DROP/EDROP lists provide layered perimeter security. + +--- + +## Hardware & System + +| Parameter | Value | +|---|---| +| Hostname | OPNsense | +| Domain | localdomain | +| Timezone | America/Chicago | +| Language | en_US | +| NAT Outbound Mode | Hybrid | +| System DNS | 8.8.8.8 (Google) — see DNS notes | +| DNS Allow Override | Enabled | +| SSH | Enabled (port 22) | +| Console Menu | Disabled (hardened) | + +> ⚠ **DNS Note:** The system upstream DNS is set to 8.8.8.8. If dnscrypt-proxy or Unbound is configured, this should be updated to point to localhost or the internal DNS resolver (192.168.5.7). Review before enabling encrypted DNS. + +--- + +## Network Interfaces + +| Interface | Label | Physical NIC | IP Address | Role | +|---|---|---|---|---| +| wan | WAN | igc0 | 24.249.193.114/28 | Legacy primary WAN — being retired | +| opt1 | ATT | igc1 | 107.133.34.145/28 | New primary WAN — AT&T fiber | +| lan | LAN | igc3 | 192.168.3.4/29 | Internal LAN management segment | +| opt3 | OPT3 | igc2 | DHCP | Unassigned — spare interface | +| opt2 / wg1 | WG1 | wg1 (virtual) | WireGuard tunnel | WireGuard VPN interface | +| openvpn | OpenVPN | virtual | Tunnel only | OpenVPN (server + client configured) | +| lo0 | Loopback | lo0 | 127.0.0.1/8 | System loopback | + +> ⚠ **OPT3 (igc2)** is on DHCP and currently unassigned. Disable this interface or assign it a role to reduce unnecessary attack surface. + +--- + +## Gateways & Routing + +### Active Gateways + +| Gateway Name | Interface | IP | Role | +|---|---|---|---| +| WAN_DefRoute | wan (igc0) | 24.249.193.114 | Legacy default route — being retired | +| ATT | opt1 (igc1) | 107.133.34.145 | AT&T — becoming primary | +| LAN_GWv4 | lan (igc3) | 192.168.3.4 | LAN gateway | + +### NAT Outbound Rules + +Outbound NAT runs in **Hybrid** mode — automatic rules supplemented by manual overrides below. + +| Interface | Source | NAT Target | Purpose | +|---|---|---|---| +| opt1 (ATT) | ATT_Out_1 group | opt1ip | Dad's Laptop + 192.168.5.128/25 out ATT | +| wan | MailCow_Ngnx (192.168.5.16) | 24.249.193.115 | Mail server — dedicated WAN IP | +| wan | PNCHarris_Internal | wanip | Internal subnets egress | +| wan | WireGuard (opt2) | — | WireGuard outbound NAT | + +> ✓ The mail server already has a dedicated outbound IP (24.249.193.115) on WAN. This pattern should be replicated on ATT using a dedicated virtual IP from the static block. + +--- + +## Firewall Aliases + +### Host Aliases + +| Alias | IP Address | Used For | +|---|---|---| +| caddy | 192.168.5.10 | Caddy reverse proxy | +| MailCow_Ngnx | 192.168.5.16 | MailCow nginx container | +| JellyFin_Host | 192.168.5.18 | Jellyfin media server | +| ISPConfig_Host | 192.168.4.11 | ISPConfig control panel | +| Dads_Laptop | 192.168.5.176 | Routed out ATT interface | + +### Network Aliases + +| Alias | Value | Used For | +|---|---|---| +| PNCHarris_Internal | 192.168.5.0/25, 192.168.3.0/24 | Primary internal subnets | +| Subnet_5_128_Mask_25 | 192.168.5.128/25 | Upper half of 192.168.5.x | +| ATT_Out_1 | Dads_Laptop + Subnet_5_128_Mask_25 | Traffic routed out ATT interface | +| Family_Subnet | (empty) | Defined but unpopulated | + +### Port Aliases + +| Alias | Ports | Used For | +|---|---|---| +| Web_Services | 80, 443 | HTTP/HTTPS | +| MailCow | 25, 110, 143, 465, 587, 993, 995, 4190 | Full MailCow mail protocol suite | +| ISPConfig | 25, 53, 143, 465, 587, 993, 995, 8080 | ISPConfig mail + DNS + admin | +| JellyFin_Port | 8096, 7096 | Jellyfin HTTP + HTTPS | +| Plex_Port_2 | (empty) | Defined but unpopulated | + +### Security & Threat Intelligence Aliases + +| Alias | Type | Source | Status | +|---|---|---|---| +| SpamHaus_Drop | URL Table | https://www.spamhaus.org/drop/drop.txt | ⚠ Rule DISABLED | +| Spamhaus_edrop | URL Table | https://www.spamhaus.org/drop/edrop.txt | ⚠ Rule DISABLED | +| Blocked_Countries | GeoIP | 70 countries — see GeoIP section | ⚠ Rule DISABLED | +| crowdsec_blacklists | External | CrowdSec IPv4 decisions | ✓ Active | +| crowdsec6_blacklists | External | CrowdSec IPv6 decisions | ✓ Active | +| crowdsec_blocklists | External | CrowdSec IPv4 (duplicate) | ✓ Active | +| crowdsec6_blocklists | External | CrowdSec IPv6 decisions (duplicate) | ✓ Active | + +> ⚠ **Critical:** Spamhaus DROP, Spamhaus EDROP, and GeoIP country blocking are all defined and populated but their firewall rules are **disabled**. These are not currently being enforced. Re-enable these rules as an immediate priority. + +> ⚠ There are duplicate CrowdSec alias pairs (`crowdsec_blacklists` and `crowdsec_blocklists` both handle IPv4). Review and consolidate to avoid confusion. + +--- + +## Firewall Rules + +### WAN Rules + +| Action | Protocol | Source | Destination | Port(s) | Enabled | Description | +|---|---|---|---|---|---|---| +| BLOCK | Any | SpamHaus_Drop | Any | Any | ❌ No | Block Spamhaus DROP list | +| BLOCK | Any | Spamhaus_edrop | Any | Any | ❌ No | Block Spamhaus EDROP list | +| BLOCK | Any | Blocked_Countries | Any | Any | ❌ No | GeoIP country block | +| PASS | TCP | Any | MailCow_Ngnx | MailCow ports | ✓ Yes | Inbound mail | +| PASS | TCP | Any | JellyFin_Host | 8096, 7096 | ✓ Yes | Jellyfin access | +| PASS | UDP | Any | WAN IP | 51820 | ✓ Yes | WireGuard VPN ingress | +| PASS | TCP | Any | MailCow_Ngnx | 80, 443 | ✓ Yes | MailCow webmail | +| PASS | TCP | Any | caddy (192.168.5.10) | 80, 443 | ✓ Yes | Caddy reverse proxy | + +> ⚠ All three block rules at the top of the WAN ruleset are disabled. The firewall is currently not enforcing Spamhaus or GeoIP blocking despite the aliases being populated. + +### LAN Rules + +| Action | Protocol | Source | Destination | Description | +|---|---|---|---|---| +| PASS | Any | ATT_Out_1 group | Any | Dad's Laptop + upper subnet out ATT | +| PASS | Any | LAN subnet | Any | Default allow LAN to any | +| PASS | Any | PNCHarris_Internal | Any | Internal subnets to any | +| PASS | Any | LAN subnet | Any | Default allow LAN IPv6 to any | +| PASS | TCP | PNCHarris_Internal | ISPConfig_Host:ISPConfig | LAN → ISPConfig redirect | +| PASS | TCP | PNCHarris_Internal | ISPConfig_Host:80/443 | LAN → ISPConfig web redirect | +| PASS | TCP | PNCHarris_Internal | caddy:80/443 | LAN → Caddy redirect | +| PASS | TCP | PNCHarris_Internal | MailCow_Ngnx:MailCow | LAN → MailCow redirect | + +### WireGuard Interface Rules + +| Action | Protocol | Source | Destination | Description | +|---|---|---|---|---| +| PASS | Any | Any | Any | Allow all from WireGuard peers — unrestricted | + +> ⚠ The WireGuard interface allows all traffic from all peers with no restrictions. Consider scoping rules per peer as needs are better understood — some remote sites may only need access to specific services. + +--- + +## NAT Port Forwards + +### WAN Inbound + +| Protocol | Public Port(s) | Internal Target | Internal Port(s) | Service | +|---|---|---|---|---| +| TCP | MailCow ports | 192.168.5.16 (MailCow_Ngnx) | MailCow ports | Mail (SMTP/IMAP/POP3/Sieve) | +| TCP | 80, 443 | 192.168.5.16 (MailCow_Ngnx) | 80, 443 | MailCow webmail | +| TCP | 8096, 7096 | 192.168.5.18 (JellyFin_Host) | 8096, 7096 | Jellyfin | +| TCP | 80, 443 | 192.168.5.10 (caddy) | 80, 443 | Caddy (all web services) | + +### LAN Hairpin (Internal Redirect) + +| Protocol | Port(s) | Internal Target | Description | +|---|---|---|---| +| TCP | MailCow ports | 192.168.5.16 | Internal mail access | +| TCP | 80, 443 | 192.168.5.10 (caddy) | Internal web via Caddy | +| TCP | ISPConfig ports | 192.168.4.11 | Internal ISPConfig access | +| TCP | 80, 443 | 192.168.4.11 | Internal ISPConfig web | + +--- + +## VPN + +### WireGuard + +**Server: pncharris** + +| Parameter | Value | +|---|---| +| Tunnel Address | 192.168.32.1/24 | +| Listen Port | 51820 (UDP) | +| DNS for Peers | 192.168.5.7 (internal DNS) | +| Interface | wg1 (OPT2) | +| Status | Enabled | + +**Peers** + +| Peer | Tunnel IP | Status | Notes | +|---|---|---|---| +| Obie | 192.168.32.2/32 | ✓ Enabled | | +| pncfishandmore | 192.168.32.3/32 | ✓ Enabled | Business location | +| GLNet (1) | 192.168.32.4/32 | ✓ Enabled | GL.iNet travel router | +| PortaPotty | 192.168.32.5/32 | ✓ Enabled | Remote site | +| GLNet (2) | 192.168.32.6/32 | ✓ Enabled | Second GL.iNet device | + +> ✓ WireGuard peers use the internal DNS server (192.168.5.7) — internal hostnames resolve correctly over VPN. + +### OpenVPN + +An OpenVPN server and client are configured but details were not populated in the backup. Verify status in **VPN → OpenVPN** in the OPNsense UI. + +--- + +## Security Features + +### CrowdSec + +CrowdSec is installed and fully operational at the firewall level. + +| Parameter | Value | +|---|---| +| Agent | Enabled | +| Local API (LAPI) | Enabled — 127.0.0.1:8080 | +| Firewall Bouncer | Enabled | +| Rules | Enabled with logging | +| Firewall Bouncer Verbose | Disabled | +| Manual LAPI Config | Disabled (auto) | + +CrowdSec decisions are fed into two alias pairs used in firewall rules: +- `crowdsec_blacklists` / `crowdsec6_blacklists` — IPv4 and IPv6 block lists +- `crowdsec_blocklists` / `crowdsec6_blocklists` — duplicate set (consolidate) + +### GeoIP Blocking + +GeoIP uses the MaxMind GeoLite2 database with a configured license key. **The blocking rule is currently disabled** — the alias is populated but not enforced. + +**70 countries are blocked across four regions:** + +| Region | Countries | +|---|---| +| Africa (49) | AO, BF, BI, BJ, BW, CD, CF, CG, CI, CM, DJ, DZ, EG, EH, ER, ET, GA, GH, GM, GN, GQ, GW, KE, LR, LS, LY, MA, ML, MR, MW, MZ, NA, NE, NG, RW, SD, SL, SN, SO, SS, ST, SZ, TD, TG, TN, TZ, UG, ZA, ZM, ZW | +| Middle East / Asia (12) | AF, BN, BT, CN, IQ, IR, KG, KP, KW, PH, QA, SA | +| Eastern Europe (4) | BG, RS, RU, RO | +| Latin America (4) | BR, EC, GT, HN | + +### Spamhaus Blocklists + +Both lists are configured as URL table aliases that auto-refresh, but **both blocking rules are currently disabled.** + +| List | URL | Update | +|---|---|---| +| Spamhaus DROP | https://www.spamhaus.org/drop/drop.txt | Auto (URL table) | +| Spamhaus EDROP | https://www.spamhaus.org/drop/edrop.txt | Auto (URL table) | + +--- + +## Internal Network Layout + +### Known Subnets + +| Subnet | Alias | Purpose | +|---|---|---| +| 192.168.3.0/24 | PNCHarris_Internal | LAN management segment | +| 192.168.5.0/25 | PNCHarris_Internal | Primary server subnet | +| 192.168.5.128/25 | Subnet_5_128_Mask_25 | Secondary server subnet / ATT routing | +| 192.168.32.0/24 | — | WireGuard tunnel network | + +### Key Internal Hosts + +| Hostname / Alias | IP | Role | +|---|---|---| +| caddy | 192.168.5.10 | Caddy reverse proxy (all web services) | +| MailCow_Ngnx | 192.168.5.16 | MailCow nginx container | +| JellyFin_Host | 192.168.5.18 | Jellyfin media server | +| ISPConfig_Host | 192.168.4.11 | ISPConfig control panel | +| Dads_Laptop | 192.168.5.176 | Routed via ATT interface | +| Internal DNS | 192.168.5.7 | DNS server (served to WireGuard peers) | + +### DHCP + +DHCP on the LAN interface (192.168.3.0/24) is currently **disabled**. No KEA or ISC DHCP ranges are active on the firewall. Devices likely use static IPs or a separate DHCP server downstream. + +--- + +## Installed Plugins & Services + +The following OPNsense components are present in the configuration: + +| Plugin / Service | Status | +|---|---| +| WireGuard | ✓ Active — 1 server, 5 peers | +| CrowdSec | ✓ Active — agent + bouncer + LAPI | +| OpenVPN | Configured — verify in UI | +| IPsec / Swanctl | Present — verify in UI | +| Unbound Plus | Present — verify DNS configuration | +| Kea DHCP | Present — not active on LAN | +| DHCP Relay | Present | +| Netflow | Present | +| IDS/IPS (Suricata) | ❌ Not configured — see hardening plan | +| Proxy | Present — not actively used | +| Traffic Shaper | Present | +| Monit | Present | +| SNMP | Present | +| Syslog | Not configured — see hardening plan | +| Git Backup | Not installed — see hardening plan | + +--- + +## AT&T Migration & Static IP Plan + +### Current AT&T Interface + +**Interface:** opt1 (igc1) +**Current IP:** 107.133.34.145/28 +**Block:** /28 — up to 14 usable addresses, 5 static IPs allocated for use + +### Recommended Static IP Allocation + +| IP Slot | Dedicated To | Justification | +|---|---|---| +| IP 1 | **Mail (MailCow)** | Dedicated mail IP protects sender reputation. Never share with web services. Only ports 25/465/587/993/995/4190 NAT to 192.168.5.16. | +| IP 2 | **Web / Caddy** | All reverse-proxied services via Caddy. Keeps web and mail reputation independent. Replace current WAN NAT for ports 80/443 → 192.168.5.10. | +| IP 3 | **WireGuard VPN** | Dedicated IP for UDP/51820 only. Cleaner peer configs, stable endpoint, easy to firewall tightly — that IP accepts nothing else. | +| IP 4 | **Spare / Jellyfin** | Hold in reserve. Best candidate: dedicated Jellyfin IP (currently on WAN with ports 8096/7096). Media servers benefit from a clean IP separate from your main web presence. | +| IP 5 | **Admin / Out-of-band** | A locked-down IP for emergency remote OPNsense access. Firewall tightly — accept only from WireGuard peers or specific trusted source IPs. Never advertise publicly. | + +### Implementation Steps + +**Step 1 — Add Virtual IPs** + +In OPNsense: **Firewall → Virtual IPs → Add** + +For each additional static IP (IPs 1–5 excluding the interface IP): +- Type: `IP Alias` +- Interface: `ATT (opt1)` +- Address: `/28` +- Description: e.g. `ATT_Mail`, `ATT_Web`, `ATT_WireGuard` + +**Step 2 — Create NAT Rules Per Virtual IP** + +In **Firewall → NAT → Port Forward**, create new rules on the ATT interface using the virtual IPs as the destination. Example for mail: + +``` +Interface: ATT (opt1) +Protocol: TCP +Destination: ATT_Mail virtual IP +Destination Port: MailCow alias +Redirect Target: 192.168.5.16 (MailCow_Ngnx) +Redirect Port: MailCow alias +``` + +Repeat for web (→ caddy 192.168.5.10) and WireGuard (UDP/51820). + +**Step 3 — Update Outbound NAT** + +Add manual outbound NAT rules so that each internal service exits through its dedicated virtual IP: + +``` +Interface: ATT (opt1) +Source: 192.168.5.16 (MailCow_Ngnx) +Target: ATT_Mail virtual IP + +Interface: ATT (opt1) +Source: 192.168.5.10 (caddy) +Target: ATT_Web virtual IP +``` + +**Step 4 — Migrate WireGuard Endpoint** + +Update peer configs to point to the ATT_WireGuard virtual IP on port 51820. Move the WAN WireGuard rule to ATT interface. Update DNS records if you have a hostname for the WireGuard endpoint. + +**Step 5 — Update Firewall Block Rules** + +Re-enable the Spamhaus and GeoIP block rules on the ATT interface. Apply them to the ATT WAN rules the same way they are (currently disabled) on WAN. + +**Step 6 — DNS Updates** + +Update all public DNS records to point to the new ATT static IPs: +- `mail.*` domains → ATT_Mail IP +- `*.netgrimoire.com`, `*.wasted-bandwidth.net`, etc. → ATT_Web IP +- WireGuard endpoint hostname → ATT_WireGuard IP + +**Step 7 — Retire WAN (igc0)** + +Once all services are verified on ATT, disable WAN NAT rules, remove port forward rules on WAN, and eventually disable the interface. + +--- + +## Hardening Plan + +The following items are recommended improvements, ordered by priority. + +### Priority 1 — Re-enable Disabled Security Rules (Immediate) + +All three security block rules on the WAN interface are currently disabled. These should be re-enabled immediately as they represent threat intelligence you have already configured but are not using. + +1. Navigate to **Firewall → Rules → WAN** +2. Find rules: `Block DROP`, `Block EDROP`, and the GeoIP block rule +3. Click the enable toggle on each rule +4. Click **Apply Changes** + +Repeat on the ATT interface once migrated. + +### Priority 2 — Suricata IDS/IPS + +Suricata is built into OPNsense but not yet configured. This is the most significant security gap — without it, there is no deep packet inspection or content-based threat detection. + +**Setup steps:** + +1. Go to **Services → Intrusion Detection → Administration** +2. Enable IDS/IPS, set interface to **ATT** (and WAN while active) +3. Set mode to **IPS** (inline blocking, not just alerting) +4. Under **Download**, enable the following rulesets: + - `ET Open` — Proofpoint Emerging Threats (free, comprehensive) + - `Abuse.ch SSL Blacklist` — malicious SSL certificate detection + - `Feodo Tracker` — botnet C2 blocking +5. Under **Policies**, set default action to `drop` for high-severity rules +6. Click **Download & Update Rules**, then **Apply** + +> ✓ Suricata complements CrowdSec well. CrowdSec handles IP reputation; Suricata handles traffic content inspection. They do not overlap. + +### Priority 3 — Additional Blocklists + +Add these URL table aliases to supplement Spamhaus DROP/EDROP: + +| List | URL | Purpose | +|---|---|---| +| Feodo Tracker | https://feodotracker.abuse.ch/downloads/ipblocklist.txt | Botnet C2 IPs | +| Abuse.ch SSLBL | https://sslbl.abuse.ch/blacklist/sslipblacklist.txt | Malicious SSL IPs | +| Emerging Threats | https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt | ET block list | + +For each: **Firewall → Aliases → Add**, type `URL Table`, set refresh to 1 day. Then add a WAN block rule using each alias as the source. + +### Priority 4 — dnscrypt-proxy (Encrypted DNS) + +Encrypts DNS queries leaving the firewall and adds DNS-level malware/tracking blocklists. + +1. Go to **System → Firmware → Plugins**, install `os-dnscrypt-proxy` +2. Navigate to **Services → DNSCrypt-Proxy** +3. Enable, set listen port to `5353` +4. Select resolvers: `cloudflare`, `quad9-dnscrypt-ip4-nofilter-pri` (or similar) +5. Enable DNSSEC validation +6. Update **System → Settings → General** — set DNS server to `127.0.0.1:5353` +7. Disable `DNS Allow Override` so the ISP cannot push DNS changes + +### Priority 5 — os-git-backup + +Automatically commits every OPNsense config change to a Git repository. Invaluable for auditing changes after an incident and for rapid recovery. + +1. Go to **System → Firmware → Plugins**, install `os-git-backup` +2. Navigate to **System → Configuration → Git Backup** +3. Configure a Forgejo repository on Netgrimoire as the remote +4. Set SSH key for authentication +5. Enable automatic backup on config change + +### Priority 6 — Syslog to Graylog + +Syslog is not currently configured. Sending firewall logs to Graylog (already running at `http://graylog:9000`) enables centralized log analysis and alerting. + +1. Go to **System → Settings → Logging → Remote** +2. Add a syslog destination: `graylog:514` (UDP) or use GELF input on Graylog +3. Enable logging for: Firewall, DHCP, VPN, Authentication, CrowdSec + +--- + +## Known Issues & Action Items + +| Item | Priority | Notes | +|---|---|---| +| Spamhaus DROP rule disabled | 🔴 High | Re-enable in Firewall → Rules → WAN | +| Spamhaus EDROP rule disabled | 🔴 High | Re-enable in Firewall → Rules → WAN | +| GeoIP block rule disabled | 🔴 High | Re-enable in Firewall → Rules → WAN | +| Suricata not configured | 🔴 High | Most significant security gap — configure with ET Open rules | +| Duplicate CrowdSec aliases | 🟡 Medium | crowdsec_blacklists and crowdsec_blocklists both do IPv4 — consolidate | +| WireGuard rule too permissive | 🟡 Medium | Allow-all from peers — scope per peer when needs are known | +| OPT3 interface unassigned | 🟡 Medium | Disable or assign a role | +| System DNS points to Google | 🟡 Medium | Should point to internal resolver or localhost after dnscrypt-proxy setup | +| No syslog configured | 🟡 Medium | Forward to Graylog for centralized logging | +| os-git-backup not installed | 🟡 Medium | Install for config change auditing | +| OpenVPN config unpopulated | 🟢 Low | Verify status — backup shows server+client but no details | +| ATT migration incomplete | 🟢 Low | In progress — see migration plan above | +| Family_Subnet alias empty | 🟢 Low | Populate or remove | +| Plex_Port_2 alias empty | 🟢 Low | Populate or remove | +| DHCP disabled on LAN | 🟢 Info | Intentional if using static IPs — verify | + +--- + +## Related Documentation + +- [Caddy Reverse Proxy](./caddy-reverse-proxy) — services exposed through the firewall +- [MailCow Mail Server](./mailcow) — mail server behind the firewall, dedicated WAN IP +- [WireGuard VPN](./wireguard) — peer configuration and access +- [Graylog](./graylog) — target for firewall syslog +- [CrowdSec](./crowdsec) — threat intelligence integration diff --git a/Ward-Grimoire/Firewall/Suricata-IDS.md b/Ward-Grimoire/Firewall/Suricata-IDS.md new file mode 100644 index 0000000..f9860d8 --- /dev/null +++ b/Ward-Grimoire/Firewall/Suricata-IDS.md @@ -0,0 +1,212 @@ +--- +title: OpnSense-IDS/IPS +description: IDS +published: true +date: 2026-02-23T21:51:49.920Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:49:16.861Z +--- + +# Suricata IDS/IPS + +**Service:** Suricata Intrusion Detection & Prevention System +**Host:** OPNsense firewall +**Interfaces:** ATT (opt1) — add WAN (igc0) while still active +**Mode:** IPS (inline blocking) +**Rulesets:** ET Open, Feodo Tracker, Abuse.ch SSL + +--- + +## Overview + +Suricata is OPNsense's built-in deep packet inspection engine. Unlike CrowdSec (which blocks based on IP reputation) and GeoIP (which blocks by country), Suricata inspects the **content** of traffic — detecting exploit patterns, malware C2 communication, vulnerability scans, and known CVE exploitation attempts in real time. + +The two systems complement each other and do not overlap: + +| Layer | Tool | What It Stops | +|---|---|---| +| IP reputation | CrowdSec | Known bad IPs from community threat intel | +| Geography | GeoIP | Traffic from blocked countries | +| Content inspection | Suricata | Malicious payloads, exploit patterns, C2 traffic | + +Suricata uses **Netmap** for high-performance inline packet processing with minimal CPU overhead. + +> ⚠ **Before enabling IPS mode:** Disable hardware offloading on your interfaces or Netmap will not function correctly. This is done in **Interfaces → Settings**. + +--- + +## Pre-requisite: Disable Hardware Offloading + +1. Go to **Interfaces → Settings** +2. Disable the following options: + - Hardware CRC + - Hardware TSO + - Hardware LRO + - VLAN Hardware Filtering +3. Click **Save** +4. Reboot the firewall + +> ✓ This is a one-time change. It has no meaningful impact on performance for home/small business use and is required for Suricata IPS mode to function. + +--- + +## Installation + +Suricata is built into OPNsense — no plugin install required. Navigate directly to: + +**Services → Intrusion Detection → Administration** + +--- + +## Configuration + +### Step 1 — General Settings + +Navigate to **Services → Intrusion Detection → Administration** + +| Setting | Value | Notes | +|---|---|---| +| Enabled | ✓ | Turns on the IDS/IPS engine | +| IPS Mode | ✓ | Enables inline blocking (not just alerting) | +| Promiscuous Mode | Leave default | Only needed for mirrored traffic setups | +| Default Packet Size | Leave default | Auto-detected | +| Interfaces | ATT, WAN | Add both while dual-WAN is active; remove WAN after migration | +| Home Networks | 192.168.3.0/24, 192.168.5.0/24, 192.168.32.0/24 | Your internal subnets — critical for rule accuracy | +| Log Level | Info | | +| Log Retention | 7 days | Adjust based on disk space | + +> ⚠ **Home Networks is critical.** Suricata rules use `$HOME_NET` and `$EXTERNAL_NET` to determine direction. If your internal subnets are not listed here, many rules will fail to trigger correctly or will produce false positives. + +Click **Apply** after setting these values. + +### Step 2 — Download Rulesets + +Navigate to **Services → Intrusion Detection → Download** + +Enable the following rulesets: + +| Ruleset | Provider | Priority | Notes | +|---|---|---|---| +| ET Open | Proofpoint Emerging Threats | 🔴 Essential | Comprehensive free ruleset — 40,000+ rules covering exploits, malware, scanning, C2 | +| Abuse.ch SSL Blacklist | Abuse.ch | 🔴 Essential | Blocks connections to malicious SSL certificates used by malware | +| Feodo Tracker Botnet | Abuse.ch | 🔴 Essential | Blocks botnet C2 IP communication | +| OSIF | OPNsense | 🟡 Recommended | OPNsense internal feed | +| PT Research | Positive Technologies | 🟡 Recommended | Additional threat intelligence | + +To enable each ruleset: +1. Find it in the list +2. Toggle the **Enabled** switch +3. Click **Download & Update Rules** at the top of the page + +> ✓ ET Open is the most important ruleset. It is maintained by Proofpoint, updated daily, and covers the vast majority of common attack patterns you will encounter. + +### Step 3 — Configure Policies + +Policies control what Suricata does when a rule matches — alert only, or drop the packet. + +Navigate to **Services → Intrusion Detection → Policy** + +**Recommended policy setup:** + +Add the following policies in order: + +**Policy 1 — Drop high-severity ET threats** +| Field | Value | +|---|---| +| Description | Drop ET High Severity | +| Priority | 1 | +| Rulesets | ET Open | +| Action | Drop | +| Severity | ≥ High | + +**Policy 2 — Alert on medium-severity (tuning period)** +| Field | Value | +|---|---| +| Description | Alert ET Medium | +| Priority | 2 | +| Rulesets | ET Open | +| Action | Alert | +| Severity | Medium | + +**Policy 3 — Drop all Feodo/Abuse.ch matches** +| Field | Value | +|---|---| +| Description | Drop Botnet C2 and SSL Blacklist | +| Priority | 1 | +| Rulesets | Feodo Tracker, Abuse.ch SSL | +| Action | Drop | +| Severity | Any | + +> ✓ Start with medium-severity rules in **alert** mode for the first 1–2 weeks. Review alerts in the log for false positives before switching to drop. High-severity rules and the abuse.ch lists are safe to drop immediately. + +### Step 4 — Apply and Verify + +1. Click **Apply** on the Administration tab +2. Navigate to **Services → Intrusion Detection → Alerts** +3. Wait a few minutes — alerts should begin populating +4. Check **Services → Intrusion Detection → Stats** to confirm traffic is being processed + +--- + +## Tuning & False Positives + +After running in alert mode for a week, review the Alerts tab. Common false positives from home lab environments include: + +- **Nextcloud sync traffic** — may trigger file transfer rules +- **Torrents/P2P** — will trigger multiple ET rules by design +- **Internal port scanning tools** — Nmap from internal hosts triggers scan rules + +To suppress a false positive rule without disabling it entirely: + +1. Note the rule SID from the alert +2. Go to **Services → Intrusion Detection → Rules** +3. Search for the SID +4. Change the rule action to **Alert** (instead of Drop) for that specific rule + +Alternatively, add a suppression in **Services → Intrusion Detection → Suppressions**: +- Enter the SID +- Set the direction (source or destination) +- Enter the IP to suppress for that rule + +--- + +## Monitoring + +### Alert Dashboard + +**Services → Intrusion Detection → Alerts** — real-time view of matched rules. + +Useful filters: +- Filter by `severity: high` to see the most critical events +- Filter by `action: drop` to see what is being actively blocked +- Filter by source IP to investigate a specific host + +### Graylog Integration + +Forward Suricata alerts to Graylog for centralized analysis: + +1. Suricata logs to `/var/log/suricata/eve.json` in EVE JSON format +2. In Graylog, add a **Beats input** or **Syslog UDP input** +3. In OPNsense **System → Settings → Logging → Remote**, add Graylog as syslog target +4. Create a Graylog stream filtering on `application_name: suricata` + +--- + +## Key Files & Paths + +| Path | Purpose | +|---|---| +| `/var/log/suricata/eve.json` | EVE JSON alert log — used by Graylog | +| `/var/log/suricata/stats.log` | Performance statistics | +| `/usr/local/etc/suricata/suricata.yaml` | Main config (managed by OPNsense UI) | +| `/usr/local/share/suricata/rules/` | Downloaded rulesets | + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — parent firewall documentation +- [CrowdSec](./crowdsec) — complementary IP reputation layer +- [Additional Blocklists](./opnsense-blocklists) — Feodo, Abuse.ch, ET IP blocklists at firewall level +- [Graylog](./graylog) — centralized log target for Suricata alerts diff --git a/Ward-Grimoire/Firewall/Zenarmor.md b/Ward-Grimoire/Firewall/Zenarmor.md new file mode 100644 index 0000000..87d95c2 --- /dev/null +++ b/Ward-Grimoire/Firewall/Zenarmor.md @@ -0,0 +1,159 @@ +--- +title: OpnSense - App Protection +description: App Inspection +published: true +date: 2026-02-23T21:52:43.630Z +tags: +editor: markdown +dateCreated: 2026-02-23T21:50:37.324Z +--- + +# Zenarmor (NGFW) + +**Service:** Zenarmor Next-Generation Firewall +**Plugin:** os-sunnyvalley +**Tier:** Free Edition +**Host:** OPNsense firewall + +--- + +## Overview + +Zenarmor adds application-layer awareness and web filtering to OPNsense that the base firewall does not provide. Where Suricata inspects packet content for known threat signatures, Zenarmor identifies **what application or service** is generating traffic and can block or allow based on that — regardless of port. + +| Feature | Free Tier | Paid Tier | +|---|---|---| +| Layer-7 app identification | ✓ | ✓ | +| Web category filtering | Default policy only | Custom policies | +| Malware/phishing blocking | ✓ | ✓ | +| Real-time network analytics | ✓ | ✓ | +| Device tracking & alerts | ✗ | ✓ | +| Multiple policies | ✗ | ✓ | +| TLS inspection | ✗ | ✓ | + +The free tier is useful primarily for **visibility** (seeing what applications are running on your network) and **basic threat blocking** (malware, phishing, PUP domains). The analytics dashboard alone makes it worthwhile. + +> ✓ Zenarmor and Suricata can run simultaneously. They operate at different layers and do not conflict. Zenarmor handles application identity; Suricata handles content signatures. + +> ⚠ **MongoDB deprecation note:** As of September 2025, MongoDB is being deprecated as the Zenarmor database backend. Use **SQLite** when prompted during setup — it is the supported path going forward. + +--- + +## Installation + +### Step 1 — Install the Plugin + +1. Go to **System → Firmware → Plugins** +2. Search for `os-sunnyvalley` +3. Click the **+** install button +4. Wait for installation to complete +5. **Refresh the browser** — a new **Zenarmor** menu item will appear in the sidebar + +### Step 2 — Initial Setup Wizard + +Navigate to **Zenarmor → Dashboard** — this launches the setup wizard on first run. + +**Deployment Mode:** Select **Routed Mode (L3)** for standard OPNsense setups. This is correct for your configuration. + +**Database:** Select **SQLite** — do not select MongoDB (deprecated September 2025). + +**Interface:** Select **ATT (opt1)** as the primary interface. Add **WAN (igc0)** while dual-WAN is still active. + +> ⚠ Zenarmor should be applied to the **LAN-facing side** of the firewall for internal traffic inspection, or the **WAN-facing side** for inbound threat blocking. For your setup, applying it to both ATT and LAN gives the most coverage. + +**Cloud Connectivity:** Leave enabled — Zenarmor uses cloud-based category lookups for web filtering. If you want fully offline operation, this can be disabled but web filtering accuracy degrades significantly. + +Click **Complete** to finish the wizard. + +--- + +## Configuration + +### Step 3 — Security Policy + +Navigate to **Zenarmor → Security** + +Enable the following threat categories in the default policy: + +| Category | Action | Notes | +|---|---|---| +| Malware | Block | Domains known to serve malware | +| Phishing | Block | Credential harvesting sites | +| Botnet | Block | C2 communication | +| PUP/Adware | Block | Potentially unwanted programs | +| SPAM Sources | Block | Known spam infrastructure | +| Parked Domains | Block | Often used for malicious redirects | + +Leave the following as **Alert** initially (review before blocking): +- Anonymizers / Proxies — may block legitimate VPN services +- Peer-to-peer — may affect legitimate use cases + +### Step 4 — Application Control + +Navigate to **Zenarmor → Policies → Application Control** + +The free tier allows one default policy. Useful applications to consider blocking or monitoring: + +| Application Category | Recommendation | Reason | +|---|---|---| +| Cryptocurrency mining | Block | Resource theft if unauthorized | +| Remote access tools (unknown) | Alert | Unexpected remote tools are a red flag | +| Tor | Alert | Monitor — may be legitimate or evasion | +| Anonymous proxies | Block | Bypass attempts | + +### Step 5 — Web Filtering + +Navigate to **Zenarmor → Policies → Web Controls** + +In the free tier, the default policy controls all web filtering. Recommended categories to block: + +| Category | Action | +|---|---| +| Malware sites | Block | +| Phishing | Block | +| Hacking / exploit sites | Block | +| Illegal content | Block | + +Enable **Safe Search enforcement** if desired — forces Google, Bing, and YouTube into safe search mode network-wide. + +--- + +## Dashboard & Analytics + +Navigate to **Zenarmor → Dashboard** + +The dashboard provides real-time visibility into: +- **Top talkers** — which internal hosts generate the most traffic +- **Top applications** — what services are being used +- **Blocked threats** — real-time feed of blocked requests +- **Bandwidth usage** — per-host and per-application + +This is the primary value of the free tier — even without advanced policy control, the visibility into what is running on your network is significant. + +Navigate to **Zenarmor → Reports** for historical analysis and trend data. + +--- + +## Performance Notes + +Zenarmor uses deep packet inspection which adds some CPU overhead. On modern hardware (anything with i226-V NICs) this is negligible at home lab traffic volumes. Monitor CPU usage in **Zenarmor → Dashboard → System** after enabling. + +If performance degrades, you can limit Zenarmor to specific interfaces rather than all interfaces. + +--- + +## Known Limitations (Free Tier) + +- Only one web filtering policy — all devices get the same rules +- No per-device or per-group policies +- No TLS/SSL inspection — encrypted traffic is identified by SNI only +- No device inventory or unknown device alerts +- Web category database is cloud-dependent + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — parent firewall documentation +- [Suricata IDS/IPS](./suricata-ids-ips) — complementary content inspection layer +- [CrowdSec](./crowdsec) — IP reputation layer diff --git a/Ward-Grimoire/Notifications/Alert-Routing.md b/Ward-Grimoire/Notifications/Alert-Routing.md new file mode 100644 index 0000000..884ff9f --- /dev/null +++ b/Ward-Grimoire/Notifications/Alert-Routing.md @@ -0,0 +1,31 @@ +--- +title: Alert Routing +description: How security alerts flow through Netgrimoire +published: true +date: 2026-04-12T00:00:00.000Z +tags: ward, alerts, ntfy +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Alert Routing + +All Netgrimoire alerts route through self-hosted ntfy at `ntfy.netgrimoire.com`. + +## ntfy Topics + +| Topic | Source | Purpose | +|-------|--------|---------| +| `netgrimoire-diun` | DIUN | Docker image update notifications | +| `netgrimoire-media` | Sonarr, Radarr, SABnzbd | Download and media events | +| `netgrimoire-backup` | Kopia | Backup completion and errors | +| `gremlin-alerts` | n8n Kuma triage workflow | AI-analyzed service DOWN alerts | +| `gremlin-audits` | n8n Forgejo audit workflow | Weekly YAML audit summaries | + +## Alert Sources + +**OPNsense → ntfy:** CrowdSec HTTP plugin (`/usr/local/etc/crowdsec/notifications/ntfy.yaml`) + Monit script (`/usr/local/bin/ntfy-alert.sh`). See [OPNsense Alerts](/Ward-Grimoire/Notifications/OPNsense-Alerts). + +**Uptime Kuma → Gremlin → ntfy:** Kuma webhook fires on DOWN/RECOVERED → n8n triage workflow → Ollama analysis (DOWN path only) → ntfy `gremlin-alerts`. See [Gremlin Kuma Triage](/Gremlin-Grimoire/Workflows/Kuma-Triage). + +**DIUN → ntfy:** Docker image update watcher. Schedule: every 6 hours. Priority must be integer (1–5), not string `"default"`. diff --git a/Ward-Grimoire/Notifications/OPNsense-Alerts.md b/Ward-Grimoire/Notifications/OPNsense-Alerts.md new file mode 100644 index 0000000..5482a9a --- /dev/null +++ b/Ward-Grimoire/Notifications/OPNsense-Alerts.md @@ -0,0 +1,463 @@ +--- +title: OpnSense - NTFY Integration +description: Security Notifications +published: true +date: 2026-02-23T22:00:46.462Z +tags: +editor: markdown +dateCreated: 2026-02-23T22:00:37.268Z +--- + +# OPNsense ntfy Alerts + +**Service:** ntfy push notifications from OPNsense +**Host:** OPNsense firewall +**ntfy Server:** Your self-hosted ntfy instance on Netgrimoire +**Methods:** CrowdSec HTTP plugin · Monit custom script · Suricata EVE watcher + +--- + +## Overview + +OPNsense does not have a built-in ntfy notification channel, but there are three distinct integration points that together provide complete coverage: + +| Method | What It Alerts On | Priority | +|---|---|---| +| **CrowdSec HTTP plugin** | Every IP ban decision CrowdSec makes | 🔴 Best for threat intel alerts | +| **Monit + curl script** | System health, service failures, Suricata EVE matches, login failures | 🔴 Best for operational alerts | +| **Suricata EVE watcher** | Suricata high-severity IDS hits (via Monit watching eve.json) | 🟡 Covered via Monit | + +All three use your self-hosted ntfy instance. None require external services. + +--- + +## Prerequisites + +Before starting, confirm: +- ntfy is running and reachable at `https://ntfy.netgrimoire.com` (or your internal URL) +- ntfy topic created: e.g. `opnsense-alerts` +- If ntfy has auth enabled, have a token ready +- SSH access to OPNsense as root + +--- + +## Method 1 — CrowdSec HTTP Notification Plugin + +This is the cleanest integration for security alerts. CrowdSec has a built-in HTTP notification plugin. Every time it makes a ban decision — whether from community intel, a Suricata match passed through CrowdSec, or a brute-force detection — it POSTs to ntfy. + +### Step 1 — Create the HTTP notification config + +SSH into OPNsense and create the ntfy config file: + +```bash +ssh root@192.168.3.4 +``` + +```bash +cat > /usr/local/etc/crowdsec/notifications/ntfy.yaml << 'EOF' +# ntfy notification plugin for CrowdSec +# CrowdSec uses its built-in HTTP plugin pointed at ntfy +type: http +name: ntfy_default + +log_level: info + +# ntfy accepts plain POST body as the notification message +# format is a Go template — .[]Alert is the list of alerts +format: | + {{range .}} + 🚨 CrowdSec Decision + Scenario: {{.Scenario}} + Attacker IP: {{.Source.IP}} + Country: {{.Source.Cn}} + Action: {{.Decisions | len}} x {{(index .Decisions 0).Type}} + Duration: {{(index .Decisions 0).Duration}} + {{end}} + +url: https://ntfy.netgrimoire.com/opnsense-alerts + +method: POST + +headers: + Title: "CrowdSec Ban — OPNsense" + Priority: "high" + Tags: "rotating_light,shield" + # Uncomment and set token if ntfy auth is enabled: + # Authorization: "Bearer YOUR_NTFY_TOKEN" + +# skip_tls_verify: false +EOF +``` + +> ⚠ Replace `https://ntfy.netgrimoire.com/opnsense-alerts` with your actual ntfy URL and topic. If ntfy is internal-only and OPNsense can reach it by hostname, the internal URL works fine. + +### Step 2 — Register the plugin in profiles.yaml + +Edit the CrowdSec profiles file to dispatch decisions to the ntfy plugin: + +```bash +vi /usr/local/etc/crowdsec/profiles.yaml +``` + +Find the `notifications:` section of the default profile and add `ntfy_default`: + +```yaml +name: default_ip_remediation +filters: + - Alert.Remediation == true && Alert.GetScope() == "Ip" +decisions: + - type: ban + duration: 4h +notifications: + - ntfy_default # ← add this line +on_success: break +``` + +> ✓ The `ntfy_default` name must match the `name:` field in the yaml file you created above exactly. + +### Step 3 — Set correct file ownership + +CrowdSec rejects plugins if the configuration file is not owned by the root user and root group. Ensure the file has the right permissions: + +```bash +chown root:wheel /usr/local/etc/crowdsec/notifications/ntfy.yaml +chmod 600 /usr/local/etc/crowdsec/notifications/ntfy.yaml +``` + +### Step 4 — Restart CrowdSec and test + +```bash +# Restart via OPNsense service manager (do NOT use systemctl/service directly) +# Go to: Services → CrowdSec → Settings → Apply +# Or from shell: +pluginctl -s crowdsec restart +``` + +Test by sending a manual notification: + +```bash +cscli notifications test ntfy_default +``` + +You should receive a test push on your device within a few seconds. + +Then trigger a real decision to verify the full pipeline: + +```bash +# Ban your own IP for 2 minutes as a test (replace with your IP) +cscli decisions add -t ban -d 2m -i 1.2.3.4 +# Watch for ntfy notification +# Remove the test ban: +cscli decisions delete -i 1.2.3.4 +``` + +--- + +## Method 2 — Monit + curl Script + +Monit is OPNsense's built-in service monitor. It can watch processes, files, system resources, and log patterns — and call a custom shell script when a condition is met. The script fires a curl POST to ntfy. + +This covers things CrowdSec doesn't — service failures, high CPU, gateway down events, SSH login failures, disk usage, and Suricata EVE alerts. + +### Step 2.1 — Create the ntfy alert script + +```bash +cat > /usr/local/bin/ntfy-alert.sh << 'EOF' +#!/usr/local/bin/bash +# ntfy-alert.sh — called by Monit to send ntfy push notifications +# Monit provides variables: $MONIT_HOST, $MONIT_SERVICE, +# $MONIT_DESCRIPTION, $MONIT_EVENT + +NTFY_URL="https://ntfy.netgrimoire.com/opnsense-alerts" +# NTFY_TOKEN="Bearer YOUR_NTFY_TOKEN" # uncomment if ntfy auth enabled + +TITLE="${MONIT_HOST}: ${MONIT_SERVICE}" +MESSAGE="${MONIT_EVENT} — ${MONIT_DESCRIPTION}" + +# Map Monit event types to ntfy priorities +case "$MONIT_EVENT" in + *"does not exist"*|*"failed"*|*"error"*) + PRIORITY="urgent" + TAGS="rotating_light,red_circle" + ;; + *"changed"*|*"match"*) + PRIORITY="high" + TAGS="warning,yellow_circle" + ;; + *"recovered"*|*"succeeded"*) + PRIORITY="default" + TAGS="white_check_mark,green_circle" + ;; + *) + PRIORITY="default" + TAGS="bell" + ;; +esac + +curl -s \ + -H "Title: ${TITLE}" \ + -H "Priority: ${PRIORITY}" \ + -H "Tags: ${TAGS}" \ + -d "${MESSAGE}" \ + "${NTFY_URL}" + +# Uncomment for auth: +# curl -s \ +# -H "Authorization: ${NTFY_TOKEN}" \ +# -H "Title: ${TITLE}" \ +# -H "Priority: ${PRIORITY}" \ +# -H "Tags: ${TAGS}" \ +# -d "${MESSAGE}" \ +# "${NTFY_URL}" +EOF + +chmod +x /usr/local/bin/ntfy-alert.sh +``` + +### Step 2.2 — Enable Monit + +Navigate to **Services → Monit → Settings → General Settings** + +| Setting | Value | +|---|---| +| Enabled | ✓ | +| Polling Interval | 30 seconds | +| Start Delay | 120 seconds | +| Mail Server | Leave blank (using script instead) | + +Click **Save**. + +### Step 2.3 — Add Service Tests + +Navigate to **Services → Monit → Service Tests Settings** and add the following tests: + +**Test 1 — Custom Alert via Script** + +| Field | Value | +|---|---| +| Name | `ntfy_alert` | +| Condition | `failed` | +| Action | Execute | +| Path | `/usr/local/bin/ntfy-alert.sh` | + +This is the reusable action that all other tests will invoke. + +**Test 2 — Suricata EVE High Alert** + +| Field | Value | +|---|---| +| Name | `SuricataHighAlert` | +| Condition | `content = "\"severity\":1"` | +| Action | Execute → `/usr/local/bin/ntfy-alert.sh` | + +This watches for severity 1 (highest) alerts written to the Suricata EVE JSON log. + +**Test 3 — Suricata Process Down** + +| Field | Value | +|---|---| +| Name | `SuricataRunning` | +| Condition | `failed` | +| Action | Execute → `/usr/local/bin/ntfy-alert.sh` | + +**Test 4 — CrowdSec Process Down** + +| Field | Value | +|---|---| +| Name | `CrowdSecRunning` | +| Condition | `failed` | +| Action | Execute → `/usr/local/bin/ntfy-alert.sh` | + +**Test 5 — SSH Login Failure** + +| Field | Value | +|---|---| +| Name | `SSHFailedLogin` | +| Condition | `content = "Failed password"` | +| Action | Execute → `/usr/local/bin/ntfy-alert.sh` | + +**Test 6 — OPNsense Web UI Login Failure** + +| Field | Value | +|---|---| +| Name | `WebUILoginFail` | +| Condition | `content = "webgui"` | +| Action | Execute → `/usr/local/bin/ntfy-alert.sh` | + +### Step 2.4 — Add Service Monitors + +Navigate to **Services → Monit → Service Settings** and add: + +**Monitor 1 — Suricata EVE Log (high alerts)** + +| Field | Value | +|---|---| +| Name | `SuricataEVE` | +| Type | File | +| Path | `/var/log/suricata/eve.json` | +| Tests | `SuricataHighAlert` | + +**Monitor 2 — Suricata Process** + +| Field | Value | +|---|---| +| Name | `Suricata` | +| Type | Process | +| PID File | `/var/run/suricata.pid` | +| Tests | `SuricataRunning` | +| Restart Method | /usr/local/etc/rc.d/suricata restart | + +**Monitor 3 — CrowdSec Process** + +| Field | Value | +|---|---| +| Name | `CrowdSec` | +| Type | Process | +| Match | `crowdsec` | +| Tests | `CrowdSecRunning` | + +**Monitor 4 — SSH Auth Log** + +| Field | Value | +|---|---| +| Name | `SSHAuth` | +| Type | File | +| Path | `/var/log/auth.log` | +| Tests | `SSHFailedLogin` | + +**Monitor 5 — System Resources (optional)** + +| Field | Value | +|---|---| +| Name | `System` | +| Type | System | +| Tests | `ntfy_alert` (on resource threshold exceeded) | + +Click **Apply** after adding all services. + +### Step 2.5 — Test Monit alerts + +```bash +# Manually invoke the script to test ntfy connectivity +MONIT_HOST="OPNsense" \ +MONIT_SERVICE="Test" \ +MONIT_EVENT="Test alert" \ +MONIT_DESCRIPTION="Testing ntfy integration from Monit" \ +/usr/local/bin/ntfy-alert.sh +``` + +You should receive a push notification immediately. + +--- + +## Alert Topics & Priority Mapping + +Consider using separate ntfy topics to filter notifications by type on your device: + +| Topic | Used For | Suggested ntfy Priority | +|---|---|---| +| `opnsense-alerts` | CrowdSec bans, Suricata high hits | high / urgent | +| `opnsense-health` | Monit service failures, process restarts | high | +| `opnsense-info` | Service recoveries, status changes | default / low | + +To use separate topics, change the `NTFY_URL` in the Monit script and the `url:` in the CrowdSec config accordingly. + +--- + +## ntfy Priority Reference + +ntfy supports five priority levels that map to different notification behaviors on Android/iOS: + +| ntfy Priority | Numeric | Behavior | +|---|---|---| +| `min` | 1 | No notification, no sound | +| `low` | 2 | Notification, no sound | +| `default` | 3 | Notification with sound | +| `high` | 4 | Notification with sound, bypasses DND | +| `urgent` | 5 | Phone rings through DND, repeated | + +For firewall alerts: use `urgent` for process failures and `high` for IDS/ban events. Reserve `urgent` sparingly to avoid alert fatigue. + +--- + +## Keeping Config Persistent Across Upgrades + +OPNsense upgrades can overwrite files in certain paths. The safest locations for persistent custom files: + +| File | Location | Persistent? | +|---|---|---| +| ntfy-alert.sh | `/usr/local/bin/ntfy-alert.sh` | ✓ Yes — not touched by upgrades | +| CrowdSec ntfy.yaml | `/usr/local/etc/crowdsec/notifications/ntfy.yaml` | ✓ Yes — plugin config directory | +| CrowdSec profiles.yaml | `/usr/local/etc/crowdsec/profiles.yaml` | ⚠ Re-check after CrowdSec updates | + +After any OPNsense or CrowdSec update, verify: +```bash +# Check CrowdSec notification config is still present +ls -la /usr/local/etc/crowdsec/notifications/ + +# Test CrowdSec ntfy still works +cscli notifications test ntfy_default + +# Check Monit script is still executable +ls -la /usr/local/bin/ntfy-alert.sh +``` + +--- + +## Troubleshooting + +**No notification received from CrowdSec test:** + +```bash +# Check CrowdSec logs for plugin errors +tail -50 /var/log/crowdsec.log | grep -i ntfy +tail -50 /var/log/crowdsec.log | grep -i notification + +# Verify ntfy URL is reachable from OPNsense +curl -v -d "test" https://ntfy.netgrimoire.com/opnsense-alerts + +# Check profiles.yaml has ntfy_default in notifications section +grep -A5 "notifications:" /usr/local/etc/crowdsec/profiles.yaml +``` + +**No notification received from Monit:** + +```bash +# Run the script manually with test variables +MONIT_HOST="test" MONIT_SERVICE="test" \ +MONIT_EVENT="test" MONIT_DESCRIPTION="test message" \ +/usr/local/bin/ntfy-alert.sh + +# Check Monit is running +ps aux | grep monit + +# Check Monit logs +tail -50 /var/log/monit.log +``` + +**CrowdSec plugin ownership error:** + +```bash +# Fix ownership if CrowdSec refuses to load the plugin +chown root:wheel /usr/local/etc/crowdsec/notifications/ntfy.yaml +ls -la /usr/local/etc/crowdsec/notifications/ +``` + +**ntfy auth failing:** + +```bash +# Test with token manually +curl -H "Authorization: Bearer YOUR_TOKEN" \ + -H "Title: Test" \ + -d "Auth test" \ + https://ntfy.netgrimoire.com/opnsense-alerts +``` + +--- + +## Related Documentation + +- [OPNsense Firewall](./opnsense-firewall) — parent firewall documentation +- [CrowdSec](./crowdsec) — threat intelligence engine sending these alerts +- [Suricata IDS/IPS](./suricata-ids-ips) — source of EVE alerts watched by Monit +- [ntfy](./ntfy) — self-hosted notification server on Netgrimoire diff --git a/Ward-Grimoire/Notifications/ntfy.md b/Ward-Grimoire/Notifications/ntfy.md new file mode 100644 index 0000000..0bee63b --- /dev/null +++ b/Ward-Grimoire/Notifications/ntfy.md @@ -0,0 +1,122 @@ +# ntfy + +## Overview +The ntfy stack is a Docker Swarm-based service that provides push notifications in NetGrimoire. It consists of two services: ntfy, which runs the ntfy binary, and another service for reverse proxying and monitoring. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|------|-----| +- **ntfy:** binwiederhier/ntfy | - | 81:80 | Push Notifications | +- **Caddy (reverse proxy):** ntfy.netgrimoire.com | Internal only | N/A | Reverse Proxy | +- **Homepage group:** Services | + +--- + +## Build & Configuration + +### Prerequisites +No specific prerequisites are required for this stack. + +### Volume Setup +```bash +mkdir -p /DockerVol/ntfy/cache +mkdir -p /DockerVol/ntfy/etc +chown -R ntfy:ntfy /DockerVol/ntfy +``` + +### Environment Variables +```bash +generate: openssl rand -hex 32 +``` + +### Deploy +```bash +cd services/swarm/stack/ntfy +set -a && source .env && set +a +docker stack config --compose-file ntfy.yaml > resolved.yml +docker stack deploy --compose-file resolved.yml ntfy +rm resolved.yml +docker stack services ntfy +``` + +### First Run +No specific steps are required for the first run. + +--- + +## User Guide + +### Accessing ntfy +| Service | URL | Purpose | +|---------|-----|---------| +- **ntfy:** https://ntfy.netgrimoire.com (Internal only) | + +### Primary Use Cases +The primary use case is to receive push notifications in NetGrimoire. + +### NetGrimoire Integrations +The ntfy service connects to other services through environment variables and labels. + +--- + +## Operations + +### Monitoring +[kuma.ntfy.http.name: ntfy, kuma.ntfy.http.url: https://ntfy.netgrimoire.com] +```bash +docker stack services ntfy +docker service logs -f ntfy | grep "NTFY" +``` + +### Backups +Critical data is stored in /DockerVol/ntfy/cache. + +### Restore +```bash +cd services/swarm/stack/ntfy +./deploy.sh +``` + +--- + +## Common Failures +1. **Symptom:** Push notifications are not received. +**Cause:** Missing Caddy configuration or environment variables. +**Fix:** Check Caddy labels and environment variables for correctness. + +2. **Symptom:** ntfy service is down. +**Cause:** Insufficient restart policy. +**Fix:** Adjust the restart policy in the deploy section. + +3. **Symptom:** Docker stack services are not running. +**Cause:** Missing docker-compose-file. +**Fix:** Check if ntfy-stack.yml exists. + +4. **Symptom:** Logs do not show any errors. +**Cause:** Insufficient logging configuration. +**Fix:** Adjust log levels or increase verbosity in logs. + +5. **Symptom:** Environment variables are incorrect. +**Cause:** Incorrect source of environment variables. +**Fix:** Verify that .env file is correctly sourced. + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +- 2026-04-07 | 5058dbe5 | Initial documentation for ntfy stack. | +- 2026-04-07 | 247956f0 | Fixed minor issues in deploy and user guide sections. | +- 2026-02-01 | 85da4a27 | Changed volume paths to match /DockerVol/. | +- 2026-02-01 | 9da20931 | Adjusted logging configuration for ntfy service. | +- 2026-01-10 | 1a374911 | Added initial documentation. | + +--- + +## Notes +- Generated by Gremlin on 2026-04-07T19:16:54.993Z +- Source: swarm/ntfy.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Ward-Grimoire/Overview.md b/Ward-Grimoire/Overview.md new file mode 100644 index 0000000..924b130 --- /dev/null +++ b/Ward-Grimoire/Overview.md @@ -0,0 +1,54 @@ +--- +title: Ward Grimoire +description: Security — the gargoyle sentinel watches the gates +published: true +date: 2026-04-12T00:00:00.000Z +tags: ward, security +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Ward Grimoire + +![ward-badge](/images/ward-badge.png) + +The Ward Grimoire covers all security enforcement, access control, and threat response for Netgrimoire. The gargoyle sees everything that tries to come through. + +--- + +## Sections + +| Section | Contents | +|---------|----------| +| [Firewall](/Ward-Grimoire/Firewall/OPNsense) | OPNsense dual-WAN, NAT, static IPs, Suricata IDS, Zenarmor, blocklists, GeoIP | +| [Access](/Ward-Grimoire/Access/Auth-Overview) | Authentik (SSO), Authelia (wasted-bandwidth), LLDAP, Vaultwarden, YubiKey, WireGuard | +| [Notifications](/Ward-Grimoire/Notifications/Alert-Routing) | ntfy, CrowdSec alerts, OPNsense Monit, alert routing | + +--- + +## Security Stack Status + +| Component | Status | Notes | +|-----------|--------|-------| +| OPNsense firewall | ✅ Active | Dual-WAN, ATT primary | +| CrowdSec (OPNsense bouncer) | ✅ Active | Perimeter blocking | +| CrowdSec (Caddy bouncer) | 🔧 In progress | Gradual per-service rollout | +| Authentik | ✅ Active | SSO for `*.netgrimoire.com` | +| Authelia | ✅ Active | SSO for `*.wasted-bandwidth.net` | +| LLDAP | ✅ Active | LDAP directory backend | +| Vaultwarden | ✅ Active | `pass.netgrimoire.com` | +| WireGuard | ✅ Active | 5 peers, 192.168.32.0/24 | +| Suricata IDS/IPS | 📋 Pending | OPNsense plugin, config not started | +| Zenarmor | 📋 Pending | Free tier, not installed | +| dnscrypt-proxy | 📋 Pending | Encrypted upstream DNS | +| os-git-backup | 📋 Pending | OPNsense config → Forgejo | +| Spamhaus + GeoIP rules | 🔧 Broken | Currently disabled — needs fixing | +| YubiKey PIV (SSH) | 📋 Planned | High-impact, not started | + +--- + +## Key Principles + +- **Fail open** — CrowdSec Caddy bouncer is configured to fail open. If CrowdSec is unreachable, Caddy continues serving. Sites stay up, enforcement suspends temporarily. Do not change to `enable_hard_fails true` in a homelab. +- **Layered defense** — OPNsense blocks at the perimeter, CrowdSec blocks at the HTTP layer, Authentik/Authelia control application access. +- **Never disable Spamhaus permanently** — the GeoIP and Spamhaus rules were disabled during troubleshooting and need to be re-enabled and tested. diff --git a/Watch-Grimoire/Dashboards/Homepage.md b/Watch-Grimoire/Dashboards/Homepage.md new file mode 100644 index 0000000..96c1293 --- /dev/null +++ b/Watch-Grimoire/Dashboards/Homepage.md @@ -0,0 +1,90 @@ +--- +title: Homepage Dashboard +description: Homepage configuration — tabs, groups, widgets, API keys +published: true +date: 2026-04-12T00:00:00.000Z +tags: watch, homepage, dashboard +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Homepage Dashboard + +Homepage runs at `homepage.netgrimoire.com`, port 3056:3000. Config lives at `/DockerVol/homepage/config/`. Images at `/DockerVol/homepage/images/` (mounted as `/app/public/images:ro`). + +--- + +## Tab Structure + +| Tab | Grimoire | Groups | +|-----|----------|--------| +| Glance | — | Glance iframe (full-screen) | +| Netgrimoire | Netgrimoire | Applications, Gremlin, Monitoring, Management, Backup, Mail Services, Remote Access, Services | +| Wasted-Bandwidth | Shadow Grimoire | Jolly Roger, Downloaders, VPN Protected Apps, Media Management, Media Search | +| Nucking-Futz | Green Grimoire | Nucking Apps, Entertainment | +| PNCHarris | PNC Harris | PNCHarris Apps | + +--- + +## Branding + +All badge images live at `/DockerVol/homepage/images/` and are served at `/images/`. + +| File | Used For | +|------|----------| +| `netgrimoire-badge.png` | Netgrimoire logo widget | +| `gremlin-badge.png` | Gremlin service card | +| `keystone-badge.png` | Keystone Grimoire | +| `vault-badge.png` | Vault Grimoire | +| `ward-badge.png` | Ward Grimoire | +| `watch-badge.png` | Watch Grimoire | +| `shadow-badge.png` | Shadow Grimoire | +| `green-badge.png` | Green Grimoire | +| `pocket-badge.png` | Pocket Grimoire | +| `pncharris-badge.png` | PNC Harris | +| `pncfish-badge.png` | PNC Fish | + +After adding images, restart Homepage — Next.js does not pick up new files without restart. + +--- + +## API Keys (Environment Variables) + +| Variable | Source | How to Generate | +|----------|--------|----------------| +| `HOMEPAGE_VAR_MAILCOW_KEY` | MailCow | Admin UI → API | +| `HOMEPAGE_VAR_DNS_TOKEN` | Technitium | Administration → API Tokens | +| `HOMEPAGE_VAR_OPNSENSE_USER` | OPNsense | System → Access → Users → API Keys | +| `HOMEPAGE_VAR_OPNSENSE_PASS` | OPNsense | Same as above (one-time download) | +| `HOMEPAGE_VAR_IMMICH_KEY` | Immich | User Settings → API Keys | + +API keys go in `environment:` block directly — not `env_file:`. Swarm `env_file` is only read at deploy time, not by the running container. + +--- + +## settings.yaml Rule + +Every `homepage.group=Something` Docker label **must** have a matching entry in `settings.yaml` with `style: column`. Groups not listed default to full-width and break the layout. + +--- + +## Service Widget Notes + +| Service | Widget Type | Notes | +|---------|-------------|-------| +| MailCow | `customapi` → `/api/v1/get/domain/all` | Native mailcow widget broken in 2025+ (endpoint removed) | +| OPNsense | `opnsense` → `https://192.168.3.4:8443` | Requires dedicated homepage API user with Audit group | +| Technitium | `customapi` → `:5380/api/dashboard/stats/get` | Returns queries, blocked, successful counts | +| Immich | `immich` | Key via `HOMEPAGE_VAR_IMMICH_KEY` | + +--- + +## Troubleshooting + +| Problem | Cause | Fix | +|---------|-------|-----| +| Card stretches full width | Group not in settings.yaml | Add with `style: column` | +| Background image not showing | Missing transparent CSS fix | Add `html, body, body > div { background-color: transparent !important }` | +| Logo not showing | Image not in `/app/public/images` | Copy to `/DockerVol/homepage/images/` and restart | +| New image not loading | Next.js static cache | Restart Homepage container | +| Widget API error | Wrong URL or missing key | Check env vars, use internal container URLs | diff --git a/Watch-Grimoire/Logging/Dozzle.md b/Watch-Grimoire/Logging/Dozzle.md new file mode 100644 index 0000000..4e452e6 --- /dev/null +++ b/Watch-Grimoire/Logging/Dozzle.md @@ -0,0 +1,118 @@ +--- +title: dozzle Stack +description: Docker log viewer for NetGrimoire +published: true +date: 2026-04-05T05:10:20.507Z +tags: docker,swarm,dozzle,netgrimoire +editor: markdown +dateCreated: 2026-04-05T05:10:20.507Z +--- + +# dozzle + +## Overview +The dozzle stack provides a Docker log viewer for NetGrimoire, allowing users to view and manage container logs in one place. + +## Architecture +| Service | Image | Port | Role | +|- **Host:** docker4 | +|- **Network:** netgrimoire | +|- **Exposed via:** caddy.netgrimoire.com | +- **Homepage group:** Management | + +--- + +## Build & Configuration + +### Prerequisites +Ensure Docker is installed and configured on the host machine. + +### Volume Setup +```bash +mkdir -p /DockerVol/dozzle +chown dozer:dozer /DockerVol/dozzle +``` + +### Environment Variables +```bash +generate: openssl rand -hex 32 DOZZLE_MODE=swarm +``` + +### Deploy +```bash +cd services/swarm/stack/dozzle +set -a && source .env && set +a +docker stack config --compose-file dozzle-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml dozzle +rm resolved.yml +docker stack services dozzle +``` + +### First Run +Run the following command to initialize the stack: +```bash +./deploy.sh +``` + +--- + +## User Guide + +### Accessing dozzle +| Service | URL | Purpose | +|- **Dozzle** | https://dozzle.netgrimoire.com | Docker log viewer | + +### Primary Use Cases +To view logs for a specific container, use the following command: +```bash +docker logs --tail 100 +``` + +### NetGrimoire Integrations +This stack integrates with Uptime Kuma and Caddy to provide monitoring and reverse proxy capabilities. + +--- + +## Operations + +### Monitoring +Monitor service using kuma: +```bash +docker stack services dozzle +docker service logs -f dozzle +``` + +### Backups +Critical data is stored on the Docker volume at /DockerVol/dozzle. + +### Restore +Restore the stack by running the following command: +```bash +./deploy.sh +``` + +--- + +## Common Failures +| Failure Mode | Symptom | Cause | Fix | +|- **Container log not available** | Logs are empty or missing. | Incorrect container ID or permissions issue. | Verify container ID and ensure necessary permissions. | +|- **Caddy not started** | Caddy is not responding to requests. | Caddy service is not running. | Run `docker stack services dozzle` and verify that Caddy is running. | + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-05 | d9099f8f | Initial documentation creation. | +| 2026-04-05 | 91e25326 | Added volume setup and environment variable generation commands. | +| 2026-01-20 | 061ab0c2 | Initial commit for dozzle stack configuration. | + + + +--- + +## Notes +- Generated by Gremlin on 2026-04-05T05:10:20.507Z +- Source: swarm/dozzle.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Watch-Grimoire/Monitoring/DIUN.md b/Watch-Grimoire/Monitoring/DIUN.md new file mode 100644 index 0000000..8be614d --- /dev/null +++ b/Watch-Grimoire/Monitoring/DIUN.md @@ -0,0 +1,129 @@ +# diun + +## Overview +The diun stack is a Docker Swarm configuration that runs the crazymax/diun:latest image, providing services to monitor and notify for NetGrimoire. The stack consists of one service: diun. + +--- + +## Architecture + +| Service | Image | Port | Role | +|---------|-------|------|------| +- **diun:** crazymax/diun:latest | + +Exposed via: `caddy. DiunNotify.com` + +Homepage group: + +--- + +## Build & Configuration + +### Prerequisites +To deploy diun, ensure you have the following prerequisites: +- Docker Swarm manager and worker setup +- Uptime Kuma monitoring installed +- Caddy reverse proxy configured with caddy-docker-proxy labels +- Docker Swarm stack configuration file (diun-stack.yml) + +### Volume Setup +```bash +mkdir -p /DockerVol/diun +chown -R 1964:1964 /DockerVol/diun +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +DIUN_WATCH_WORKERS=20 +DIUN_WATCH_SCHEDULE=0 */6 * * * +DIUN_PROVIDERS_DOCKER=true +DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true +DIUN_NOTIF_NTFY_ENDPOINT=https://ntfy.netgrimoire.com +DIUN_NOTIF_NTFY_TOPIC=netgrimoire-diun +DIUN_NOTIF_NTFY_PRIORITY=3 +TZ=America/Chicago +``` + +### Deploy +```bash +cd services/swarm/stack/diun +set -a && source .env && set +a +docker stack config --compose-file diun-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml diun +rm resolved.yml +docker stack services diun +``` + +### First Run +The first run will create the necessary configuration for diun. Please wait until the service is ready. +- Wait 5 seconds and then verify diun is running with `docker stack services diun` +- Verify Caddy is configured to serve DiunNotify.com + +--- + +## User Guide + +### Accessing diun +| Service | URL | Purpose | +|---------|-----|---------| +- **Diun**: + +### Primary Use Cases +For monitoring purposes, use Uptime Kuma. + +### NetGrimoire Integrations +NetGrimoire uses diun for monitoring. + +--- + +## Operations + +### Monitoring + +```bash +docker stack services diun +docker service logs diun -f +``` + +### Backups +Critical data is stored on /DockerVol/diun. + +### Restore +```bash +cd services/swarm/stack/diun +./deploy.sh +``` + +--- + +## Common Failures + +* Symptoms: Diun does not deploy. +* Cause: Docker Swarm manager and worker not configured correctly or failed to deploy diun. +* Fix: Review the Docker Swarm configuration file (diun-stack.yml) and ensure all required settings are correct. + +* Symptoms: Caddy fails to connect to DiunNotify.com. +* Cause: Caddy docker-proxy labels do not contain the required caddy domain for DiunNotify.com. +* Fix: Update Caddy docker-proxy labels with the correct CADDY_DOMAIN environment variable value. + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | 247956f0 | Updated Docker Swarm stack configuration for diun. Fixed incorrect service port and updated environment variables. | +| 2026-04-07 | 27c8306d | Updated Caddy docker-proxy labels to use correct DiunNotify.com domain. | +| 2026-04-07 | 4376b722 | Added initial deploy script for diun stack. | +| 2026-02-01 | c4605c36 | Set default environment variables for diun. | +| 2026-01-10 | 1a374911 | Updated Docker Swarm configuration to use correct volumes and environment variables. | + +The diun stack was created in response to the migration of Docker Swarm configuration files. The stack now uses a standardized configuration file (diun-stack.yml) and includes environment variables for DiunNotify.com monitoring. + +--- + +## Notes +- Generated by Gremlin on 2026-04-07T19:09:55.694Z +- Source: swarm/diun.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Watch-Grimoire/Monitoring/Monitoring-Config.md b/Watch-Grimoire/Monitoring/Monitoring-Config.md new file mode 100644 index 0000000..da0d0eb --- /dev/null +++ b/Watch-Grimoire/Monitoring/Monitoring-Config.md @@ -0,0 +1,143 @@ +Frontmatter: +--- +title: monitoring Stack +description: NetGrimoire Monitoring Stack Documentation +published: true +date: 2026-04-12T01:10:17.109Z +tags: docker,swarm,monitoring,netgrimoire +editor: markdown +dateCreated: 2026-04-12T01:10:17.109Z +--- + +# monitoring + +## Overview +This stack provides a comprehensive monitoring solution for NetGrimoire. It consists of Prometheus, Grafana, Alertmanager, Blackbox Exporter, and Cadvisor services, which collect metrics, store them in databases, alert on anomalies, perform HTTP/TCP/ICMP probing, and provide host metrics, respectively. + +--- + +## Architecture +| Service | Image | Port | Role | +|---------|-------|-----|------| +- **Prometheus:** prom/prometheus:latest - 9090 - Metrics Collection | +- **Grafana:** grafana/grafana:latest - 3000 - Dashboards | +- **Alertmanager:** prom/alertmanager:latest - 9093 - Alert Routing | +- **Blackbox Exporter:** prom/blackbox-exporter:latest - 9115 - HTTP/TCP/ICMP Probing | +- **Cadvisor:** gcr.io/cadvisor/cadvisor:latest - Global - Multi-arch Host Metrics | + +Exposed via: `caddy.netgrimoire.com`, Internal only + +Homepage group: Monitoring + +--- + +## Build & Configuration + +### Prerequisites +Ensure you have Docker Swarm installed and configured on the manager node (`znas`). + +### Volume Setup +```bash +mkdir -p /DockerVol/prometheus/data +mkdir -p /DockerVol/grafana/data +mkdir -p /DockerVol/alertmanager/data +mkdir -p /DockerVol/blackbox/config +chown -R 1964:1964 /DockerVol/prometheus/data +chown -R 1964:1964 /DockerVol/grafana/data +chown -R 1964:1964 /DockerVol/alertmanager/data +chown -R 1964:1964 /DockerVol/blackbox/config +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +GF_SECURITY_ADMIN_PASSWORD=F@lcon13 +GF_SECURITY_ADMIN_USER=admin +GF_USERS_DEFAULT_THEME=dark +GF_SERVER_ROOT_URL=https://grafana.netgrimoire.com +GF_FEATURE_TOGGLES_ENABLE=publicDashboards +``` + +### Deploy +```bash +cd services/swarm/stack/monitoring +set -a && source .env && set +a +docker stack config --compose-file monitoring-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml monitoring +rm resolved.yml +docker stack services monitoring +``` + +### First Run +Perform the following steps after deploying the stack: +```bash +# Initial setup for Prometheus, Grafana, and Alertmanager +prometheus --config.file=/etc/prometheus/prometheus.yml --web.enable-lifecycle & +grafana-server --no-auth --http-address=0.0.0.0:3000 & +alertmanager --config.file=/etc/alertmanager/alertmanager.yml --storage.path=/alertmanager & +``` + +--- + +## User Guide + +### Accessing monitoring +| Service | URL | Purpose | +|---------|-----|---------| +- Prometheus: http://prometheus.netgrimoire.com:9090 +- Grafana: https://grafana.netgrimoire.com:3000 +- Alertmanager: https://alertmanager.netgrimoire.com:9093 + +### Primary Use Cases +Configure Prometheus, Grafana, and Alertmanager to collect metrics from services in NetGrimoire. + +### NetGrimoire Integrations +Integrate this monitoring stack with other NetGrimoire components using environment variables, such as `GF_SERVER_ROOT_URL`. + +--- + +## Operations + +### Monitoring +```bash +docker stack services monitoring +# Monitor Prometheus for errors and performance issues +``` + +### Backups +Critical: Backup Prometheus, Grafana, Alertmanager, Blackbox Exporter, and Cadvisor databases. Reconstructable: Volume data can be restored. + +### Restore +```bash +cd services/swarm/stack/monitoring +./deploy.sh +``` + +--- + +## Common Failures +| Failure | Symptoms | Cause | Fix | +|--------|----------|-------|------| +- Prometheus not collecting metrics | Prometheus UI displays error messages. | Insufficient disk space or permissions to read metrics files. | Increase Prometheus' disk space and ensure proper file system permissions. | +- Grafana not displaying dashboards | Dashboards are not visible in the Grafana UI. | No connections made between Grafana instances. | Verify that Grafana instances can communicate with each other using `GF_SERVER_ROOT_URL`. | + +--- + +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-11 | ce875510 | Initial documentation for the monitoring stack in NetGrimoire. | +| 2026-04-11 | 3456a528 | Updated Prometheus configuration to use `--web.enable-lifecycle`. | +| 2026-04-09 | 8ca119ab | Added support for Cadvisor services. | +| 2026-04-07 | 9f9ca1ad | Enhanced Alertmanager configuration with additional error logging options. | +| 2026-04-07 | 71e3177f | Updated Grafana to version 10.0.1 for improved performance and stability. | + + + +--- + +## Notes +- Generated by Gremlin on 2026-04-12T01:10:17.109Z +- Source: swarm/monitoring.yaml +- Review User Guide and Changelog sections \ No newline at end of file diff --git a/Watch-Grimoire/Monitoring/Services.md b/Watch-Grimoire/Monitoring/Services.md new file mode 100644 index 0000000..ef07e9d --- /dev/null +++ b/Watch-Grimoire/Monitoring/Services.md @@ -0,0 +1,216 @@ +--- +title: Monitors and Alerts +description: DIUN/NTFY on Netgrimoire +published: true +date: 2026-04-10T19:35:18.743Z +tags: +editor: markdown +dateCreated: 2026-04-10T19:35:18.743Z +--- + +# Notifications — Netgrimoire + +## Overview + +All Netgrimoire notifications route through a self-hosted ntfy instance at `https://ntfy.netgrimoire.com`. Topics are organized by service category. + +## ntfy Topic Structure + +| Topic | Services | Purpose | +|-------|----------|---------| +| `netgrimoire-diun` | DIUN | Docker image update notifications | +| `netgrimoire-media` | Sonarr, Radarr, SABnzbd | Download and media management events | +| `netgrimoire-backup` | Kopia | Backup completion and errors | +| `netgrimoire-alerts` | Prometheus/Alertmanager | Infrastructure alerts (future) | + +Subscribe to topics at `https://ntfy.netgrimoire.com/` or via the ntfy mobile app. + +--- + +## DIUN — Image Update Notifications + +DIUN watches all Docker services for image updates and posts to `netgrimoire-diun`. + +**Configuration** (`swarm/diun.yaml`): + +```yaml +environment: + DIUN_NOTIF_NTFY_ENDPOINT: https://ntfy.netgrimoire.com + DIUN_NOTIF_NTFY_TOPIC: netgrimoire-diun + DIUN_NOTIF_NTFY_PRIORITY: "3" +``` + +**Notes:** +- `PRIORITY` must be an integer (1–5), not the string `"default"` — this causes a startup crash +- DIUN has no UI — no Caddy, Homepage, or Kuma labels needed +- Runs on manager node only (needs full Swarm API access) +- Watch schedule: every 6 hours (`0 */6 * * *`) + +--- + +## Sonarr — TV Download Notifications + +Sonarr sends notifications via webhook to `netgrimoire-media`. + +**Setup** (done via UI — not compose): + +1. Settings → Connect → + → **Webhook** +2. Name: `ntfy` +3. URL: `https://ntfy.netgrimoire.com/netgrimoire-media` +4. Method: `POST` +5. Triggers: On Grab, On Download, On Upgrade, On Health Issue +6. Test → Save + +--- + +## Radarr — Movie Download Notifications + +Identical setup to Sonarr. + +**Setup** (done via UI): + +1. Settings → Connect → + → **Webhook** +2. Name: `ntfy` +3. URL: `https://ntfy.netgrimoire.com/netgrimoire-media` +4. Method: `POST` +5. Triggers: On Grab, On Download, On Upgrade, On Health Issue +6. Test → Save + +--- + +## SABnzbd — Usenet Download Notifications + +SABnzbd does not have native ntfy support. Notifications are handled via a custom shell script. + +### Script Location + +``` +/data/nfs/znas/Docker/Sabnzbd/scripts/ntfy-notify.sh +``` + +Mounted into the container at `/config/scripts/ntfy-notify.sh`. + +### Script + +```bash +#!/bin/bash +# SABnzbd ntfy notification script +# SABnzbd passes: $1=Job name, $2=Final dir, $3=NZB file, +# $4=Category, $5=Group, $6=Status, $7=Fail message + +NTFY_URL="https://ntfy.netgrimoire.com/netgrimoire-media" + +JOB_NAME="$1" +STATUS_CODE="$6" +FAIL_MSG="$7" + +case "$STATUS_CODE" in + 0) TITLE="✅ SABnzbd — Download Complete" + MSG="$JOB_NAME"; PRIORITY=3 ;; + 1) TITLE="⚠️ SABnzbd — Post-Processing Error" + MSG="$JOB_NAME — $FAIL_MSG"; PRIORITY=4 ;; + 2) TITLE="❌ SABnzbd — Download Failed" + MSG="$JOB_NAME — $FAIL_MSG"; PRIORITY=5 ;; + *) TITLE="ℹ️ SABnzbd — Notification" + MSG="$JOB_NAME (status: $STATUS_CODE)"; PRIORITY=3 ;; +esac + +curl -s \ + -H "Title: $TITLE" \ + -H "Priority: $PRIORITY" \ + -H "Tags: floppy_disk" \ + -d "$MSG" \ + "$NTFY_URL" + +exit 0 +``` + +### SABnzbd UI Setup + +1. Config → Folders → **Post-Processing Scripts Folder** → set to `/config/scripts` +2. Config → Notifications → Notification Script section +3. Check **Enable notification script** +4. Script dropdown → select `ntfy-notify.sh` +5. Check: Job finished, Job failed, Warning, Error, Disk full +6. Test → Save + +**Note:** The scripts folder must be configured under Config → Folders first or the script won't appear in the dropdown. + +--- + +## Kopia — Backup Notifications + +Kopia has no native webhook support. Notifications are handled via a cron script on znas that uses the Kopia CLI inside the Docker container. + +### Script Location + +``` +/usr/local/bin/kopia-notify.sh +``` + +### How It Works + +- Runs hourly via cron on znas +- Uses `docker exec` to run `kopia snapshot list --json` inside the container +- Parses JSON output with Python to find snapshots completed in the last hour +- Posts success or error notification to `netgrimoire-backup` + +### Cron Entry (znas root crontab) + +``` +0 * * * * /usr/local/bin/kopia-notify.sh +``` + +### Notification Format + +**Success:** `✅ Kopia — Backup Complete` +``` +host:path +N files • X.X GB +``` + +**Error:** `❌ Kopia — Backup Errors` +``` +host:path +N error(s) • N files • X.X GB +``` + +### Kopia API Access + +The Kopia API is accessible inside the container only. Direct host access via port 51515 does not work due to network routing. Use `docker exec` instead: + +```bash +docker exec $(docker ps -q -f name=kopia_kopia) \ + kopia snapshot list --json +``` + +--- + +## ntfy Compose Reference + +```yaml +# swarm/ntfy.yaml +services: + ntfy: + image: binwiederhier/ntfy + command: serve + user: "1964:1964" + environment: + TZ: America/Chicago + volumes: + - /data/nfs/znas/Docker/ntfy/cache:/var/cache/ntfy + - /data/nfs/znas/Docker/ntfy/etc:/etc/ntfy + ports: + - 81:80 + networks: + - netgrimoire + deploy: + labels: + caddy: ntfy.netgrimoire.com + caddy.reverse_proxy: ntfy:80 + caddy.import: crowdsec + # Note: no authentik — ntfy must be publicly reachable + # for external services to post notifications +``` + +**Note:** ntfy intentionally has no `caddy.import_1: authentik` — it must remain publicly accessible so external services (OPNsense CrowdSec plugin, Monit, etc.) can post to it without authentication. \ No newline at end of file diff --git a/Watch-Grimoire/Monitoring/Uptime-Kuma.md b/Watch-Grimoire/Monitoring/Uptime-Kuma.md new file mode 100644 index 0000000..bdacba9 --- /dev/null +++ b/Watch-Grimoire/Monitoring/Uptime-Kuma.md @@ -0,0 +1,115 @@ +# kuma Stack +description: Kuma Uptime Monitor for NetGrimoire + +--- +# kuma + +## Overview +The kuma stack is a service in NetGrimoire that monitors the status of services running on the swarm. It consists of two main components: kuma and autokuma. The purpose of this stack is to provide real-time monitoring and alerts for any issues with services, ensuring the overall health and availability of the system. + +--- +## Architecture +| Service | Image | Port | Role | +|---------|-----|-----|-------| +- **Host:** docker4 +- **Network:** netgrimoire +- **Exposed via:** kuma:3001 (Caddy reverse proxy), internal only +- **Homepage group:** Monitoring + +--- +## Build & Configuration + +### Prerequisites +To deploy this stack, ensure you have Docker Swarm installed and running on your manager node. + +### Volume Setup +```bash +mkdir -p /DockerVol/kuma +chown -R kuma:kuma /DockerVol/kuma +``` + +### Environment Variables +```bash +# generate: openssl rand -hex 32 +AUTOKUMA__KUMA__URL: http://kuma:3001 +AUTOKUMA__KUMA__USERNAME: traveler +AUTOKUMA__KUMA__PASSWORD: F@lcon12 +``` + +### Deploy +```bash +cd services/swarm/stack/kuma +set -a && source .env && set +a +docker stack config --compose-file kuma-stack.yml > resolved.yml +docker stack deploy --compose-file resolved.yml kuma +rm resolved.yml +docker stack services kuma +``` + +### First Run +Perform the following steps after deploying the stack: +```bash +./deploy.sh +``` +This will initialize the autokuma service and start monitoring. + +--- +## User Guide + +### Accessing kuma +| Service | URL | Purpose | +|---------|-----|---------| +- **kuma**: https://kuma.netgrimoire.com (Caddy reverse proxy) + +### Primary Use Cases +The primary use case for this stack is to monitor the health and availability of services in NetGrimoire. It provides real-time monitoring and alerts, ensuring that any issues are quickly identified and addressed. + +### NetGrimoire Integrations +This service integrates with other NetGrimoire services by exporting data to Uptime Kuma's monitoring dashboard. The `AUTOKUMA__KUMA__URL` environment variable is used to connect to the kuma instance, which in turn uses this URL to fetch health checks from autokuma. + +--- +## Operations + +### Monitoring +kuma monitors services running on the swarm and provides real-time alerts for any issues. + +```bash +docker stack services kuma +docker service logs -f kuma +``` + +### Backups +Critical backups are required to restore the system in case of a failure. The `/DockerVol/kuma` volume should be backed up regularly. + +### Restore +Perform the following steps to restore from a backup: +```bash +cd services/swarm/stack/kuma +./deploy.sh +``` +This will redeploy the kuma stack and initialize autokuma. + +--- +## Common Failures +| Symptom | Cause | Fix | +|---------|------|-----| +| No monitoring data | Insufficient permissions or incorrect labels | Check labels and permissions, ensure correct configuration | +| Autokuma fails to start | Incorrect environment variables or missing required services | Review configuration, update environment variables as needed | + +--- +## Changelog + +| Date | Commit | Summary | +|------|--------|---------| +| 2026-04-07 | 5ea60b18 | Initial deployment of kuma stack | +| 2026-04-07 | d6fffdfb | Fixed autokuma configuration | +| 2026-04-06 | 42982c9a | Updated Docker Swarm version | +| 2026-04-06 | 9d8b36be | Improved security patches | +| 2026-04-06 | 3f791e83 | Updated documentation for autokuma | + +--- + +## Notes +Generated by Gremlin on 2026-04-07T05:32:30.439Z +Source: swarm/kuma.yaml +Review User Guide and Changelog sections \ No newline at end of file diff --git a/Watch-Grimoire/Overview.md b/Watch-Grimoire/Overview.md new file mode 100644 index 0000000..cd29fb1 --- /dev/null +++ b/Watch-Grimoire/Overview.md @@ -0,0 +1,53 @@ +--- +title: Watch Grimoire +description: Monitoring — the Oracle sees all +published: true +date: 2026-04-12T00:00:00.000Z +tags: watch, monitoring +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Watch Grimoire + +![watch-badge](/images/watch-badge.png) + +The Watch Grimoire is the observatory of Netgrimoire. The Oracle sees every heartbeat, every metric, every log line. Nothing goes unnoticed. + +--- + +## Sections + +| Section | Contents | +|---------|----------| +| [Monitoring](/Watch-Grimoire/Monitoring/Services) | Uptime Kuma, AutoKuma, Beszel, LibreNMS, DIUN, phpIPAM, Scrutiny | +| [Logging](/Watch-Grimoire/Logging/Log-Stack) | Graylog, Loki + Promtail + Grafana, Dozzle | +| [Dashboards](/Watch-Grimoire/Dashboards/Homepage) | Homepage, Glance, Portainer, Homelable | + +--- + +## Monitoring Stack Status + +| Service | URL | Status | Purpose | +|---------|-----|--------|---------| +| Uptime Kuma | kuma.netgrimoire.com | ✅ | Service uptime + Gremlin webhook | +| AutoKuma | — | ✅ | Auto-creates Kuma monitors from labels | +| Beszel | beszel.netgrimoire.com | ✅ | Docker resource monitoring per node | +| DIUN | — | ✅ | Docker image update notifications | +| LibreNMS | nms.netgrimoire.com | ✅ | Network/SNMP monitoring | +| phpIPAM | ipam.netgrimoire.com | ✅ | IP address management | +| Scrutiny | scrutiny.netgrimoire.com | ✅ | Disk S.M.A.R.T. monitoring | +| Graylog | log.netgrimoire.com | ✅ | Log aggregation (docker4, Compose only) | +| Loki + Grafana | — | ✅ | Metrics/log stack | +| Dozzle | dozzle.netgrimoire.com | ✅ | Real-time container logs | +| Homelable | — | 🔧 | Infra visualizer — MCP deferred | + +--- + +## Key Notes + +**AutoKuma:** Must be pinned to a Swarm manager node for full Docker API socket access. Set `AUTOKUMA__DOCKER__SOURCE=swarm` in Swarm environments. Label format: `kuma...`. + +**Graylog:** Runs on docker4 via Docker Compose only — do not attempt to run in Swarm. Stack: Graylog 6.0 + MongoDB 5 + DataNode (OpenSearch). + +**Homelable:** Frontend + backend deployed via GHCR. MCP image must be built from source — deferred. Two-service stack. diff --git a/Work/C9300GX-Port_Breakout.md b/Work/C9300GX-Port_Breakout.md new file mode 100644 index 0000000..6766fc8 --- /dev/null +++ b/Work/C9300GX-Port_Breakout.md @@ -0,0 +1,77 @@ +--- +title: Nexus Upgrade port Breakout +description: +published: true +date: 2026-02-20T19:24:28.054Z +tags: +editor: markdown +dateCreated: 2026-02-19T20:55:53.800Z +--- + +# Nexus 9300 Port Migration — Old to New Architecture + +## Switch 1 — AT1EU-NEXUS-1 + +| Old Port | Description | New Port | Device | Device Port | +|---|---|---|---|---| +| Ethernet1/2 | Trunk FAS 2750 | — | Catalyst | T1/1/3 | +| Ethernet1/3 | Trunk FAS 2750 | — | Catalyst | T1/1/4 | +| Ethernet1/9 | Trunk A70-A | Ethernet1/5/1 | A70 | — | +| Ethernet1/10 | Trunk A70-A | Ethernet1/5/3 | A70 | — | +| Ethernet1/11 | Trunk A70-B | Ethernet1/5/2 | A70 | — | +| Ethernet1/12 | Trunk A70-B | Ethernet1/5/4 | A70 | — | +| Ethernet1/17 | Trunk 500e-X1 | Ethernet1/26 (10G) | Firewall | X1 | +| Ethernet1/23 | Access L3 HLCI JAVELIN (Allow STP-BPDU) | — | Catalyst | T1/1/5 | +| Ethernet1/24 | Access L3 HLCI ROCK(L3)MLS (Allow STP-BPDU) | — | Catalyst | T1/1/6 | +| Ethernet1/25 | Trunk 6554-1:25 | Ethernet1/1/1 | UCS 6554-1 | 1/25 | +| Ethernet1/26 | Trunk 6554-1:26 | Ethernet1/1/3 | UCS 6554-1 | 1/26 | +| Ethernet1/27 | Trunk 6554-2:27 | Ethernet1/1/2 | UCS 6554-2 | 1/27 | +| Ethernet1/28 | Trunk 6554-2:28 | Ethernet1/1/4 | UCS 6554-2 | 1/28 | +| Ethernet1/45 | Trunk 9300 | Ethernet1/24 (10G) | Catalyst 9300 | T1/1/1 | +| Ethernet1/46 | Trunk 9300 | Ethernet1/25 (10G) | Catalyst 9300 | T1/1/2 | +| Ethernet1/47 | Trunk Peer-Link (Allow STP) | Ethernet1/27 | NEXUS-2 Peer | — | +| Ethernet1/48 | Trunk Peer-Link (Allow STP) | Ethernet1/28 | NEXUS-2 Peer | — | + +> **Legend:** `—` in New Port column indicates the connection moves to the listed Device/Port with no renumbered Nexus port. 25G breakout ports (1/1/x and 1/5/x) are carved from 100G uplinks via `interface breakout module 1 port X map 25g-4x`. + +--- + +## Switch 2 — AT1EU-NEXUS-2 + +| Old Port | Description | New Port | Device | Device Port | +|---|---|---|---|---| +| Ethernet1/2 | Trunk FAS 2750-A | — | Catalyst | T2/1/3 | +| Ethernet1/3 | Trunk FAS 2750-B | — | Catalyst | T2/1/4 | +| Ethernet1/9 | Trunk A70-A | Ethernet1/5/1 | A70 | — | +| Ethernet1/10 | Trunk A70-A | Ethernet1/5/3 | A70 | — | +| Ethernet1/11 | Trunk A70-B | Ethernet1/5/2 | A70 | — | +| Ethernet1/12 | Trunk A70-B | Ethernet1/5/4 | A70 | — | +| Ethernet1/16 | Access NetApp XFER | — | Catalyst | T2/1/7 | +| Ethernet1/17 | Trunk 500e-X1 | Ethernet1/26 (10G) | Firewall | X1 | +| Ethernet1/22 | Access L4 HLCI JAVELIN (Allow STP-BPDU) | — | Catalyst | T2/1/5 | +| Ethernet1/24 | Access L4 HLCI ROCK(L4)MLS (Allow STP-BPDU) | — | Catalyst | 21/1/6 | +| Ethernet1/25 | Trunk 6554-2:25 | Ethernet1/1/1 | UCS 6554-2 | 1/25 | +| Ethernet1/26 | Trunk 6554-2:26 | Ethernet1/1/3 | UCS 6554-2 | 1/26 | +| Ethernet1/27 | Trunk 6554-1:27 | Ethernet1/1/2 | UCS 6554-1 | 1/27 | +| Ethernet1/28 | Trunk 6554-1:28 | Ethernet1/1/4 | UCS 6554-1 | 1/28 | +| Ethernet1/45 | Trunk 9300 | Ethernet1/24 (10G) | Catalyst 9300 | T1/1/2 | +| Ethernet1/46 | Trunk 9300 | Ethernet1/25 (10G) | Catalyst 9300 | T2/1/2 | +| Ethernet1/47 | Trunk Peer-Link (Allow STP) | Ethernet1/27 | NEXUS-1 Peer | — | +| Ethernet1/48 | Trunk Peer-Link (Allow STP) | Ethernet1/28 | NEXUS-1 Peer | — | + +> **Legend:** `—` in New Port column indicates the connection moves to the listed Device/Port with no renumbered Nexus port. 25G breakout ports (1/1/x and 1/5/x) are carved from 100G uplinks via `interface breakout module 1 port X map 25g-4x`. + +--- + +## Summary of Changes + +| Change Type | Details | +|---|---| +| **Breakout (100G → 4x25G)** | Ports 1, 5 on both switches broken out to 25G sub-interfaces for UCS FI and A70 storage connectivity | +| **UCS 6554 FI connections** | Old Ethernet1/25–1/28 (fixed 1/x ports) → New Ethernet1/1/1–1/1/4 (breakout sub-ports) | +| **A70 Storage connections** | Old Ethernet1/9–1/12 (fixed 1/x ports) → New Ethernet1/5/1–1/5/4 (breakout sub-ports) | +| **9300 Uplinks** | Old Ethernet1/45–1/46 → New Ethernet1/24–1/25 (10G, connecting to Catalyst T1/1/1–T1/1/2) | +| **500e Firewall** | Old Ethernet1/17 → New Ethernet1/26 (10G, firewall X1) | +| **Peer-Link** | Old Ethernet1/47–1/48 → New Ethernet1/27–1/28 (both switches) | +| **Moved to Catalyst** | FAS 2750, HLCI JAVELIN, HLCI ROCK, and (Sw2 only) NetApp XFER ports migrated off the Nexus to a downstream Catalyst switch | + diff --git a/Work/C9300GX_2_Build.md b/Work/C9300GX_2_Build.md new file mode 100644 index 0000000..f6fc061 --- /dev/null +++ b/Work/C9300GX_2_Build.md @@ -0,0 +1,797 @@ +--- +title: C9300GX Initial Build +description: +published: true +date: 2026-02-19T20:54:08.096Z +tags: +editor: markdown +dateCreated: 2026-02-19T20:50:41.541Z +--- + +# AT1EU-NEXUS-2 — Cisco Nexus 9300 Configuration + +## Overview + +AT1EU-NEXUS-2 is the **secondary** switch in a vPC pair (role priority 10 — same as primary; tie broken by MAC address). It runs NX-OS 10.3(7) and shares vPC domain 1 with AT1EU-NEXUS-1. The vPC peer-link (Po10) spans Eth1/27–28, and out-of-band management (mgmt0 at 192.168.0.2) is used for the vPC peer-keepalive path. + +**Key roles of this switch:** +- vPC secondary (role priority 10, tie-broken by system MAC) +- STP root peer (same priorities as NEXUS-1 — `peer-switch` ensures both act as root) +- Layer 3 gateway for Vlan502 (Atom VRF, IP 15.0.2.122/24) +- NTP master (stratum 3) +- Same upstream/storage/compute port-channel topology as NEXUS-1 + +--- + +## Cut-and-Paste Configuration + +``` +conf t +switchname AT1EU-NEXUS-2 + +! --- QoS: Jumbo Frame Policy --- +policy-map type network-qos JUMBO + class type network-qos class-default + mtu 9216 + +! --- VDC Resource Limits --- +vdc AT1EU-NEXUS-2 id 1 + limit-resource vlan minimum 16 maximum 4094 + limit-resource vrf minimum 2 maximum 4096 + limit-resource port-channel minimum 0 maximum 511 + limit-resource m4route-mem minimum 58 maximum 58 + limit-resource m6route-mem minimum 8 maximum 8 + +! --- Features --- +feature nxapi +feature bash-shell +feature scp-server +cfs eth distribute +feature udld +feature interface-vlan +feature lacp +feature vpc +feature lldp +feature telemetry + +! --- RBAC --- +role name network-ro + rule 2 permit command show running config + rule 1 permit read + +! --- Users --- +username admin password 5 $5$FIEALE$VdyvYPq0DyT./Pw59UUWC9bPs1coNfermExTM9MF6BB role network-admin +ssh key rsa 2048 + +! --- Banner --- +banner motd ^ +********************* DOD NOTICE AND CONSENT BANNER ************************* +* You are accessing a U.S. Government (USG) Information System (IS) that is * +* provided for USG-authorized use only. By using this IS (which includes any* +* device attached to this IS), you consent to the following conditions: * +*-The USG routinely intercepts and monitors communications on this IS for * +* purposes including, but not limited to, penetration testing, COMSEC * +* monitoring, network operations and defense, personnel misconduct (PM), * +* law enforcement (LE), and counterintelligence (CI) investigations. * +*-At any time, the USG may inspect and seize data stored on this IS. * +*-Communications using, or data stored on, this IS are not private, are * +* subject to routine monitoring, interception, and search, and may be * +* disclosed or used for any USGauthorized purpose. * +*-This IS includes security measures (e.g., authentication and access * +* controls) to protect USG interests--not for your personal benefit or * +* privacy. * +*-Notwithstanding the above, using this IS does not constitute consent to * +* PM, LE or CI investigative searching or monitoring of the content of * +* privileged communications, or work product, related to personal * +* representation or services by attorneys, psychotherapists, or clergy, and * +* their assistants. Such communications and work product are private and * +* confidential. See User Agreement for details. * +************************ POC: SIL Network Team **************************** +^ + +! --- SSH --- +ssh ciphers aes256-gcm + +! --- DNS & Domain --- +ip domain-lookup +ip domain-name atom.dev use-vrf Atom +ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 use-vrf Atom + +! --- RADIUS --- +radius-server host 15.0.11.68 key 7 "V1P-jaynmv" authentication accounting +radius-server host 15.32.11.68 key 7 "V1P-jaynmv" authentication accounting +aaa group server radius NETMAN_RADIUS + server 15.0.11.68 + server 15.32.11.68 + use-vrf Atom + +! --- Management ACL --- +ip access-list SWITCH_MGMT + 10 permit ip 15.0.11.150/32 any log + 20 permit ip 15.0.11.151/32 any log + 30 permit ip 15.32.2.154/32 any log + 40 permit ip 15.0.2.154/32 any log + 50 permit ip 15.32.2.1/32 any log + 60 permit ip 15.0.2.1/32 any log + 70 permit ip 15.0.2.2/32 any log + 80 permit ip 15.0.11.47/32 any log + 90 permit ip 15.32.11.45/32 any log + 93 permit ip 15.32.11.150/32 any log + 100 deny ip any any log + +! --- System QoS --- +system qos + service-policy type network-qos JUMBO +copp profile strict + +! --- SNMP --- +snmp-server user admin network-admin auth sha 043A9864CA85100D231AA42F8FA9734C2B5C027F2B74 priv aes-128 365AD478C4A00B497D76B703D3AE75414E3C3C4B386A localizedV2key +snmp-server host 15.0.2.188 traps version 3 priv at-sw-svc +snmp-server host 15.0.11.80 traps version 3 priv testsnmp +rmon event 1 log trap public description FATAL(1) owner PMON@FATAL +rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL +rmon event 3 log trap public description ERROR(3) owner PMON@ERROR +rmon event 4 log trap public description WARNING(4) owner PMON@WARNING +rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO + +! --- NTP --- +ntp server 15.0.0.9 prefer use-vrf Atom key 123 +ntp server 15.32.0.9 prefer use-vrf Atom key 125 +ntp server 15.32.0.30 use-vrf management +ntp server 115.0.0.9 use-vrf management key 125 +ntp source-interface Vlan502 +ntp authenticate +ntp authentication-key 125 md5 pz5-lihj 7 +ntp trusted-key 125 +ntp logging +ntp master 3 + +! --- AAA --- +aaa authentication login default group NETMAN_RADIUS local +aaa authentication login console group NETMAN_RADIUS local +aaa accounting default group NETMAN_RADIUS local +system default switchport +no ip source-route + +! --- VLANs --- +vlan 1-2,8,10,12,66,85,100-103,107-108,121-124,129-130,142-143,145-146,148-150,153,157-158,188,305,321,323,340,342,349,353,374,382,501-502,504-505,549,551,559,562-563,600,611,660-661,667-668,672-673,697-698,701-702,704-710,720-722,724,727,740,750-751,772,777,800-802,804,814,820-823,905,1051,1127,1129,1160-1161,1551,1559-1560,1670-1674,1720-1722,1800-1802,1814-1817,1862,1865,1870-1871 +vlan 1882-1883,1885,1905,3563,3965 +vlan 2 + name TEST_CLUS_COMM +vlan 8 + name FP_Test1 +vlan 10 + name NESS_BOX_TRANSIT +vlan 12 + name FP_Test2 +vlan 66 + name NATIVE_VLAN +vlan 85 + name NESS-Temp +vlan 101 + name iscsi_csv +vlan 102 + name iscsi_boot +vlan 107 + name Test +vlan 108 + name NET_TEST_NET +vlan 121 + name Atom_Backup +vlan 124 + name Admin_iSCSI +vlan 143 + name Secman_Storage +vlan 146 + name Foxhound_Storage +vlan 150 + name iscsi +vlan 153 + name Javelin(L4) +vlan 157 + name GNext_Storage +vlan 158 + name NESS_Storage +vlan 188 + name JASON_NFS +vlan 321 + name ATOM_Backup +vlan 323 + name AT-vServer +vlan 340 + name ucs_test +vlan 342 + name MadHatter_SVM_Mgmt +vlan 349 + name Rock_SVM3_Mgmt +vlan 353 + name Javlin_SVM +vlan 374 + name Rock_Backup_Mgmt +vlan 382 + name Darrin_User +vlan 501 + name MGMT +vlan 502 + name Atom_User2 +vlan 504 + name Commvault_Testing +vlan 505 + name NETAPP_SNAP +vlan 549 + name WDS +vlan 551 + name L4_User +vlan 559 + name Victory_WS_L4 +vlan 562 + name Brace(L3)_User +vlan 563 + name Brace +vlan 667 + name Britt_Test +vlan 668 + name RockTesters(L4)_User +vlan 672 + name GTRI_User +vlan 673 + name VDI(L5) +vlan 701 + name MH_L3_DATA_HLCI +vlan 702 + name MH_L4_DATA_HLCI +vlan 704 + name Legacy-704 +vlan 705 + name Legacy-705 +vlan 706 + name Legacy-706 +vlan 707 + name Legacy-707 +vlan 708 + name Legacy-708 +vlan 709 + name Legacy-709 +vlan 710 + name Legacy-710 +vlan 721 + name GTRI_JAVELIN_L4-721 +vlan 740 + name NETMAN +vlan 750 + name l4_secman +vlan 751 + name Secman_DMP-751 +vlan 777 + name FTD1010_TSHOOT +vlan 804 + name FH_L4_HLCI +vlan 814 + name ROCK_L4_MLS +vlan 820 + name GNext_User +vlan 821 + name GNext_Sentris +vlan 822 + name GNext_VPX +vlan 823 + name GNext_VDA +vlan 905 + name Rock_(L4) +vlan 1051 + name IP_SEC_1010 +vlan 1127 + name Vic_Storage +vlan 1551 + name Services(L3)_User +vlan 1559 + name Victory(L3)_User +vlan 1670 + name BigTen_User +vlan 1671 + name Victory_DMP-1671 +vlan 1672 + name VIC_VDI +vlan 1673 + name Victory_Sentris +vlan 1720 + name Javelin(L3)_User +vlan 1721 + name GTRI_JAVELIN_L3-1721 +vlan 1722 + name Victory_VDI-1722 +vlan 1800 + name Foxhound(L3)_User +vlan 1801 + name FH_L3_DATA_HLCI +vlan 1815 + name ServMan_User +vlan 1870 + name AT1EU-JavelinCoop(L3)_User +vlan 1883 + name NESS_User +vlan 1885 + name NESS_Client +vlan 1905 + name Rock(L3)_User +vlan 3563 + name Brace_User +vlan 3965 + name V3E_DEV_HOST + +! --- Spanning Tree --- +spanning-tree port type edge bpduguard default +spanning-tree port type edge bpdufilter default +spanning-tree port type network default +spanning-tree vlan 1,66 priority 8192 +spanning-tree vlan 2,100-102,107-108,121-123,129,142,145,148-150,153,305,323,340,353,382,501-502,505,549,551,562-563,600,611,660-661,667-668,672,697-698,701-702,704-710,720-722,724,727,750,772,800-802,804,814,905,1127,1129,1160-1161,1551,1559-1560,1670,1672-1673,1720-1721,1800-1802,1814-1817,1862,1865,1870-1871,1882,1905,3563,3965 priority 24576 +spanning-tree vlan 3-65,67-99,103-106,109-120,124-128,130-141,143-144,146-147,151-152,154-304,306-322,324-339,341-352,354-381,383-500,503-504,506-548,550,552-561,564-599,601-610,612-659,662-666,669-671,673-696,699-700,703,711-719,723,725-726,728-749,751-771,773-799,803,805-813,815-904,906-1126,1128,1130-1159,1162-1550,1552-1558,1561-1669,1671,1674-1719,1722-1799,1803-1813,1818-1861,1863-1864,1866-1869,1872-1881,1883-1904,1906-3562,3564-3964,3966-3967 priority 0 + +! --- VRF --- +vrf context Atom + ip domain-name atom.dev + ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 + ip route 0.0.0.0/0 15.0.2.254 +vrf context management + +! --- Port-Channel Load Balance --- +port-channel load-balance src-dst ip-l4port-vlan + +! --- vPC Domain --- +vpc domain 1 + peer-switch + role priority 10 + peer-keepalive destination 192.168.0.1 source 192.168.0.2 + delay restore 150 + peer-gateway + auto-recovery + +! --- SVI --- + +interface Vlan502 + no shutdown + vrf member Atom + no ip redirects + ip address 15.0.2.122/24 + no ipv6 redirects + +! --- Port-Channels --- +interface port-channel3 + description //Trunk 500e X1 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + vpc 3 + + +interface port-channel10 + description //Trunk Peer - Allow STP + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type network + vpc peer-link + +interface port-channel124 + description //Trunk 9300 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-4094 + spanning-tree port type normal + spanning-tree guard root + mtu 9216 + vpc 124 + +interface port-channel125 + description //Trunk UCS-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + switchport block unicast + vpc 125 + +interface port-channel126 + description //Trunk UCS-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard disable + spanning-tree guard root + mtu 9216 + switchport block unicast + vpc 126 + +interface port-channel127 + description //Trunk AFF300-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + switchport block unicast + vpc 127 + +interface port-channel128 + description //Trunk AFF300-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + switchport block unicast + vpc 128 + +interface port-channel129 + description //Trunk FAS 2750-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + vpc 129 + +interface port-channel130 + description //Trunk Fas 2750-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + vpc 130 + +interface port-channel131 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 131 + +interface port-channel132 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 132 + +! --- Breakout Ports (100G -> 4x25G) --- +int e1/1 - 26 + shutdown +exit +interface breakout module 1 port 1 map 25g-4x +interface breakout module 1 port 5 map 25g-4x + +! --- Physical Interfaces: Breakout (UCS/A70) --- +interface Ethernet1/1/1 + description //Trunk 6554-2:25 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + channel-group 126 mode active + no shutdown + +interface Ethernet1/1/2 + description //Trunk 6554-2:26 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + channel-group 126 mode active + no shutdown + +interface Ethernet1/1/3 + description //Trunk 6554-1:27 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + channel-group 125 mode active + no shutdown + +interface Ethernet1/1/4 + description //Trunk 6554-1:28 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + channel-group 125 mode active + no shutdown + +interface Ethernet1/5/1 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 131 mode active + no shutdown + +interface Ethernet1/5/2 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 131 mode active + no shutdown + +interface Ethernet1/5/3 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 132 mode active + no shutdown + +interface Ethernet1/5/4 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 132 mode active + no shutdown + + + +! --- Physical Interfaces: Standard Ports --- +interface Ethernet1/23 + description //Access Netapp XFER + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + storm-control broadcast level 99.00 + storm-control unicast level 99.00 + switchport block unicast + udld enable + no shutdown + +interface Ethernet1/24 + description //Trunk 9300 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + channel-group 124 mode active + no shutdown + +interface Ethernet1/25 + description //Trunk 9300 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + channel-group 124 mode active + no shutdown + +interface Ethernet1/26 + description //Trunk 500e-X1 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + switchport block unicast + udld enable + channel-group 3 mode active + no shutdown + +interface Ethernet1/27 + description //Trunk Peer - Allow STP + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type network + channel-group 10 mode active + no shutdown + +interface Ethernet1/28 + description //Trunk Peer - Allow STP + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type network + channel-group 10 mode active + no shutdown + +! --- Bulk Disabled Ports --- +int e1/3/1-4,e1/7/1-4,e1/11/1-4,e1/13-22 + description //Disabled access + switchport access vlan 67 + switchport trunk native vlan 66 + spanning-tree port type edge + spanning-tree bpduguard enable + spanning-tree guard root + storm-control broadcast level 99.00 + storm-control unicast level 99.00 + switchport block unicast + udld enable + shutdown + +! --- Management Interface --- +interface mgmt0 + vrf member management + ip address 192.168.0.2/24 + +icam monitor scale + +! --- Console & VTY --- +line console + exec-timeout 5 +line vty + session-limit 4 + exec-timeout 5 + access-class SWITCH_MGMT in + +! --- Logging --- +logging ip access-list cache entries 8001 +logging logfile LOG_FILE 6 size 4096 +logging server 15.0.2.146 6 +logging server 15.0.2.222 6 +logging level authpri 6 + + +``` + +--- + +## Configuration Explanation + +### Platform & Global Settings +Identical platform and global settings to NEXUS-1: NX-OS 10.3(7), Jumbo MTU QoS policy (9216 bytes), strict CoPP, AES256-GCM SSH, IP source-route disabled. + +### VDC Resource Limits +Same as NEXUS-1. + +### Features Enabled +Identical feature set to NEXUS-1. + +### Authentication & Access Control +Identical RADIUS configuration, management ACL, and AAA settings to NEXUS-1. VTY exec-timeout is 5 minutes (vs. 0 on NEXUS-1 — worth standardizing). + +### NTP +Two additional NTP servers compared to NEXUS-1: `15.32.0.30` (management VRF) and `115.0.0.9` (management VRF). Uses NTP key 125 (vs. key 123 on NEXUS-1). NTP source is Vlan502. Also acts as NTP master stratum 3. + +### SNMP +SNMPv3 with SHA/AES-128. Has an additional trap target (15.0.11.80) compared to NEXUS-1. RMON events 1–5 configured identically. + +### VLANs +Substantially the same VLAN database as NEXUS-1 with minor differences: VLAN 103 (Netapp_XFER) and VLAN 130 (SIL_SNAPMIRROR) are not present on NEXUS-2; VLAN 563 (Brace) is present on NEXUS-2 but not NEXUS-1. These discrepancies should be reviewed and aligned. + +### Spanning Tree +Identical STP priorities to NEXUS-1. With `peer-switch` enabled in the vPC domain, both switches advertise the same STP bridge ID, making the pair appear as a single root to downstream devices. + +### VRF & Routing +Same `Atom` VRF with default route to 15.0.2.254. Vlan502 SVI is at 15.0.2.122/24 (vs. 15.0.2.121 on NEXUS-1). + +### vPC Domain +- **Domain:** 1 +- **Role Priority:** 10 (same as NEXUS-1; system MAC determines actual secondary role) +- **Peer-link:** Po10 (Eth1/27–28), `spanning-tree port type network` +- **Peer-keepalive:** mgmt0, destination 192.168.0.1, source 192.168.0.2 +- **Options:** `peer-switch`, `peer-gateway`, `auto-recovery`, 150-second restore delay +- **vPC members:** Po3–Po4, Po124–Po132 (mirrored from NEXUS-1) + +> **Note:** Po124 (9300) uses `switchport trunk allowed vlan 2-4094` on NEXUS-2 (includes VLAN 67) while NEXUS-1 uses `2-66,68-4094` (excludes VLAN 67). This inconsistency should be reviewed. + +### Physical Interfaces +- **Breakout mapping:** Ports 1, 5, 9 broken out as 4x25G — same as NEXUS-1. +- **Eth1/1/1–1/1/2 → Po126 (UCS-B):** The UCS FI cross-connection is intentionally reversed vs NEXUS-1 (NEXUS-1 Eth1/1/1–1/1/2 go to Po125/UCS-A). This is correct behavior for dual-homed UCS FI connectivity. +- **Eth1/27–1/28:** vPC peer-link → Po10 +- **Eth1/24–1/25:** 9300 uplink → Po124 +- **Eth1/26:** 500e-X1 → Po3 +- **Eth1/23:** NetApp XFER standalone (not in a port-channel) +- **Disabled ports:** Same hardening policy as NEXUS-1 + + + +### Logging +Syslog to 15.0.2.146 and 15.0.2.222, both at severity 6. Note NEXUS-1 logs to 15.0.2.146 at severity 2 — this discrepancy should be reviewed. + + + +--- + +## Notable Differences Between NEXUS-1 and NEXUS-2 + +| Parameter | NEXUS-1 | NEXUS-2 | +|---|---|---| +| mgmt0 IP | 192.168.0.1 | 192.168.0.2 | +| Vlan502 IP | 15.0.2.121 | 15.0.2.122 | +| vPC keepalive dest | 192.168.0.2 | 192.168.0.1 | +| NTP key used | 123 | 125 | +| Additional NTP servers | — | 15.32.0.30, 115.0.0.9 (mgmt VRF) | +| VTY exec-timeout | 0 (no timeout) | 5 min | +| Logging 15.0.2.146 severity | 2 | 6 | +| Po124 allowed VLANs | 2-66,68-4094 | 2-4094 | +| vPC peer-link physical ports | Eth1/47–48 | Eth1/27–28 | +| HLCI port VLANs (Eth1/9/x) | L3 (701, 1801, 1721, 1814) | L4 (702, 721, 804, 814) | +| Additional SNMP trap target | — | 15.0.11.80 | +| VLAN 103 (Netapp_XFER) | Present | Absent | +| VLAN 130 (SIL_SNAPMIRROR) | Present | Absent | +| VLAN 563 (Brace) | Absent | Present | diff --git a/Work/Cisco/NTP_ESS9300.md b/Work/Cisco/NTP_ESS9300.md new file mode 100644 index 0000000..78c8228 --- /dev/null +++ b/Work/Cisco/NTP_ESS9300.md @@ -0,0 +1,899 @@ +--- +title: ESS9300 NTP +description: +published: true +date: 2026-03-31T21:25:14.679Z +tags: +editor: markdown +dateCreated: 2026-03-31T21:25:08.700Z +--- + +# Cisco ESS 9300 (IE-9300) NTP Configuration and Troubleshooting Guide + +## Overview + +This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Catalyst ESS 9300 (IE-9300) industrial Ethernet switch running IOS-XE. Accurate time synchronization is critical for logging, AAA, certificates, syslog correlation, and distributed system troubleshooting. + +--- + +## NTP Configuration + +### Basic NTP Server Configuration + +```cisco +configure terminal + +! Configure NTP servers (use multiple servers for redundancy) +ntp server 10.1.1.10 prefer +ntp server 10.1.1.11 +ntp server 192.0.2.1 + +! Configure NTP source interface (optional but recommended) +ntp source GigabitEthernet1/1 + +! Alternatively, use management interface if configured +! ntp source GigabitEthernet0/0 + +! Set timezone (adjust to your location) +clock timezone EST -5 0 + +! Configure daylight saving time (if applicable) +clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +! Save configuration +end +write memory +``` + +### NTP Authentication (Recommended for Production) + +```cisco +configure terminal + +! Enable NTP authentication +ntp authenticate + +! Create authentication keys (key ID 1-65535) +ntp authentication-key 1 md5 YourSecureKey123 +ntp authentication-key 2 md5 AnotherSecureKey456 + +! Specify trusted keys +ntp trusted-key 1 +ntp trusted-key 2 + +! Apply authentication to NTP servers +ntp server 10.1.1.10 prefer key 1 +ntp server 10.1.1.11 key 2 + +end +write memory +``` + +### NTP Access Control (Security Best Practice) + +```cisco +configure terminal + +! Define access control for NTP +! peer: Allow time sync from these sources +! serve: Respond to time requests from these sources +! serve-only: Respond to requests but don't sync from them +! query-only: Allow status queries only + +ntp access-group peer 10 +ntp access-group serve 20 +ntp access-group query-only 30 + +! Create access lists +access-list 10 remark NTP Peers - Allow sync +access-list 10 permit 10.1.1.0 0.0.0.255 + +access-list 20 remark NTP Serve - Respond to requests +access-list 20 permit 10.0.0.0 0.255.255.255 + +access-list 30 remark NTP Query - Status queries only +access-list 30 permit 192.168.0.0 0.0.255.255 + +end +write memory +``` + +### NTP Master Configuration (Switch as Time Source) + +```cisco +configure terminal + +! Configure switch as NTP master (stratum level) +! Only use if external NTP servers are unavailable +ntp master 8 + +! This makes the switch authoritative at stratum 8 +! Lower stratum = higher priority (1 is highest, typically atomic clocks) +! Use stratum 8-15 for internal masters + +end +write memory +``` + +### Advanced NTP Configuration + +```cisco +configure terminal + +! Update calendar from NTP (hardware clock sync) +ntp update-calendar + +! Disable NTP on specific interfaces (if needed) +interface GigabitEthernet1/10 + ntp disable + exit + +! Configure NTP broadcast (server mode) +interface GigabitEthernet1/1 + ntp broadcast + exit + +! Configure NTP broadcast client (client mode) +interface GigabitEthernet1/2 + ntp broadcast client + exit + +! Configure NTP logging +service timestamps log datetime msec localtime show-timezone +service timestamps debug datetime msec localtime show-timezone + +end +write memory +``` + +--- + +## Verification Commands + +### Check NTP Status + +```cisco +! Show NTP status summary +show ntp status + +! Expected output when synchronized: +! Clock is synchronized, stratum 3, reference is 10.1.1.10 +! nominal freq is 250.0000 Hz, actual freq is 250.0008 Hz, precision is 2**10 +! ntp uptime is 86400 (1/100 of seconds), resolution is 4016 +! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) +! clock offset is -0.5234 msec, root delay is 12.34 msec +! root dispersion is 45.67 msec, peer dispersion is 1.23 msec +! loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000008234 s/s +! system poll interval is 64, last update was 25 sec ago +``` + +### Check NTP Associations + +```cisco +! Show all NTP associations (peers) +show ntp associations + +! Detailed view +show ntp associations detail + +! Column descriptions: +! * = synchronized, + = candidate, # = selected, - = outlier +! address: NTP server address +! ref clock: reference source of the server +! st: stratum level +! when: last packet received (seconds) +! poll: polling interval (seconds) +! reach: reachability (377 octal = all 8 attempts successful) +! delay: round-trip delay (ms) +! offset: time difference (ms) +! disp: dispersion/jitter (ms) +``` + +### Check Clock and Time + +```cisco +! Display current time +show clock + +! Display detailed clock information +show clock detail + +! Show calendar (hardware clock) +show calendar +``` + +### Check NTP Configuration + +```cisco +! Show all NTP configuration +show ntp config + +! Show running NTP configuration +show running-config | include ntp +show running-config | include clock +``` + +### Check NTP Authentication + +```cisco +! Show authentication keys (hashed) +show ntp authentication-keys + +! Show authentication status +show ntp status | include authentication +``` + +--- + +## Common Configuration Examples + +### Example 1: Industrial Network Configuration + +```cisco +configure terminal + +! Use site NTP servers +ntp server 10.100.1.10 prefer +ntp server 10.100.1.11 +ntp server 10.100.1.12 + +! Use primary uplink as source +ntp source GigabitEthernet1/1 + +! Central Standard Time +clock timezone CST -6 0 +clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +! Sync hardware clock +ntp update-calendar + +! Enable timestamps +service timestamps log datetime msec localtime show-timezone +service timestamps debug datetime msec localtime show-timezone + +end +write memory +``` + +### Example 2: Secure Configuration with Authentication + +```cisco +configure terminal + +! Enable NTP authentication +ntp authenticate +ntp authentication-key 10 md5 Ind_NTP_K3y_2024 +ntp trusted-key 10 + +! Configure authenticated servers +ntp server 10.100.1.10 prefer key 10 +ntp server 10.100.1.11 key 10 + +! Access control +ntp access-group peer 10 +ntp access-group query-only 30 + +access-list 10 remark NTP Peers +access-list 10 permit 10.100.1.0 0.0.0.255 + +access-list 30 remark NTP Query +access-list 30 permit 10.100.0.0 0.0.255.255 + +! Source and timezone +ntp source GigabitEthernet1/1 +clock timezone CST -6 0 +clock summer-time CDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +ntp update-calendar + +service timestamps log datetime msec localtime show-timezone + +end +write memory +``` + +### Example 3: Redundant Time Source with Fallback + +```cisco +configure terminal + +! Primary NTP servers +ntp server 10.100.1.10 prefer +ntp server 10.100.1.11 + +! Fallback to public NTP if internal servers fail +ntp server 129.6.15.28 +ntp server 132.163.96.1 + +! Use as master only if all external sources fail +ntp master 10 + +ntp source GigabitEthernet1/1 +clock timezone EST -5 0 +clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + +ntp update-calendar + +end +write memory +``` + +--- + +## Troubleshooting Guide + +### Issue: NTP Not Synchronizing + +**Symptoms:** +- `show ntp status` shows "Clock is unsynchronized" +- No asterisk (*) appears in `show ntp associations` +- "unsynchronized" appears in status output + +**Troubleshooting Steps:** + +1. **Verify NTP servers are configured:** + ```cisco + show running-config | include ntp server + ``` + +2. **Check network connectivity to NTP servers:** + ```cisco + ping 10.1.1.10 + ping 10.1.1.10 source GigabitEthernet1/1 + traceroute 10.1.1.10 + ``` + +3. **Verify NTP packets are being exchanged:** + ```cisco + show ntp associations detail + ! Check 'reach' value - should be 377 (octal) = all attempts successful + ! Check 'when' value - should be recent (< poll interval) + ``` + +4. **Check for authentication mismatches:** + ```cisco + show ntp status + ! Look for authentication errors + debug ntp all + ! Watch for authentication failures + undebug all + ``` + +5. **Verify access lists aren't blocking NTP:** + ```cisco + show access-lists + ! NTP uses UDP port 123 + ! Verify ACLs allow UDP 123 traffic + ``` + +6. **Check for large time offset:** + ```cisco + show ntp associations detail + ! If offset > 1000 seconds, manually set clock first + clock set 14:30:00 15 January 2024 + ``` + +7. **Verify source interface is up:** + ```cisco + show ip interface brief | include GigabitEthernet1/1 + ! Source interface must be up/up + ``` + +### Issue: High Offset or Jitter + +**Symptoms:** +- Time drifts significantly +- High offset values in `show ntp associations` +- Inconsistent time across devices + +**Troubleshooting Steps:** + +1. **Check network latency and stability:** + ```cisco + ping 10.1.1.10 repeat 100 + ! Look for: + ! - Packet loss (should be 0%) + ! - High round-trip time (> 100ms problematic) + ! - Variable latency (jitter) + ``` + +2. **Verify stratum levels:** + ```cisco + show ntp associations + ! Stratum (st) should be: + ! - < 10 for reliable servers + ! - Lower is better (1 = atomic clock, 2 = GPS) + ! - Your switch should be stratum +1 from source + ``` + +3. **Increase number of NTP servers:** + ```cisco + ! Use at least 3 servers for best accuracy + ! NTP uses voting algorithm to select best time source + configure terminal + ntp server 10.1.1.12 + ntp server 10.1.1.13 + ``` + +4. **Check upstream NTP server health:** + ```cisco + show ntp associations detail + ! Verify servers show: + ! - condition = 'sys.peer' or 'candidate' + ! - reach = 377 + ! - Low dispersion (disp) + ``` + +5. **Monitor polling interval:** + ```cisco + show ntp associations + ! Poll interval should stabilize at 64-1024 seconds + ! Frequent changes indicate instability + ``` + +### Issue: Authentication Failures + +**Symptoms:** +- Peers show as unreachable despite network connectivity +- NTP status shows authentication errors +- Reach value remains 0 + +**Troubleshooting Steps:** + +1. **Verify authentication is enabled:** + ```cisco + show ntp status | include authentication + ! Should show: "authentication enabled" + ``` + +2. **Check authentication keys are configured:** + ```cisco + show ntp authentication-keys + ! Verify key IDs exist + ``` + +3. **Verify trusted keys:** + ```cisco + show running-config | include ntp trusted-key + ! Keys must be marked as trusted + ``` + +4. **Confirm server configuration uses correct key:** + ```cisco + show running-config | include ntp server + ! Verify key ID matches trusted key + ``` + +5. **Debug authentication:** + ```cisco + debug ntp authentication + debug ntp validity + ! Watch for authentication failures + ! Look for key mismatches + undebug all + ``` + +6. **Temporarily disable authentication to test:** + ```cisco + configure terminal + no ntp authenticate + ! Test if synchronization works without auth + ! Then re-enable: + ntp authenticate + ``` + +### Issue: Time Correct but Timezone Wrong + +**Symptoms:** +- NTP shows synchronized +- Time is off by exact number of hours +- Logs show incorrect time + +**Troubleshooting Steps:** + +1. **Verify timezone configuration:** + ```cisco + show running-config | include clock timezone + ! Ensure timezone offset is correct for your location + ``` + +2. **Check daylight saving time:** + ```cisco + show clock detail + ! Verify DST rules are correct + ! Look for summer-time configuration + ``` + +3. **Reconfigure timezone if needed:** + ```cisco + configure terminal + clock timezone EST -5 0 + clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 + ``` + +4. **Verify timestamps in logs:** + ```cisco + show running-config | include service timestamps + ! Should include 'localtime' and 'show-timezone' + ``` + +### Issue: Hardware Clock Not Updating + +**Symptoms:** +- `show clock` shows correct time +- `show calendar` shows old time +- Time resets after reload + +**Troubleshooting Steps:** + +1. **Verify update-calendar is configured:** + ```cisco + show running-config | include ntp update-calendar + ``` + +2. **Manually update calendar:** + ```cisco + ntp update-calendar + ! Or manually: + clock update-calendar + ``` + +3. **Check calendar after sync:** + ```cisco + show calendar + show clock + ! Should match within a few seconds + ``` + +4. **Configure automatic update:** + ```cisco + configure terminal + ntp update-calendar + end + write memory + ``` + +### Issue: NTP Works but Stops After Time + +**Symptoms:** +- NTP synchronizes initially +- Loses sync after hours/days +- Reach value degrades over time + +**Troubleshooting Steps:** + +1. **Check for network instability:** + ```cisco + show ntp associations detail + ! Monitor 'reach' value over time + ! Should remain at 377 + ``` + +2. **Verify interface stability:** + ```cisco + show interface GigabitEthernet1/1 + ! Check for errors, resets, or flapping + ``` + +3. **Check for routing changes:** + ```cisco + show ip route 10.1.1.10 + ! Verify consistent route to NTP server + ``` + +4. **Monitor NTP server health:** + ```cisco + ! Check if NTP server itself is stable + show ntp associations detail + ! Look for increasing dispersion + ``` + +5. **Check for memory or CPU issues:** + ```cisco + show processes cpu sorted + show processes memory sorted + ! High CPU or memory can affect NTP + ``` + +--- + +## Best Practices + +### Redundancy +- Configure at least **3 NTP servers** for optimal accuracy and fault tolerance +- Use diverse network paths to NTP servers when possible +- Consider geographic diversity for enterprise deployments +- Use both on-site and off-site NTP sources + +### Security +- **Always use NTP authentication** in production industrial environments +- Implement access control lists to restrict NTP access +- Use MD5 authentication keys with strong passwords +- Regularly rotate authentication keys (annually recommended) +- Monitor for NTP-based attacks (amplification, spoofing) + +### Performance +- Use `prefer` keyword on the most reliable/accurate server +- Choose NTP servers with low stratum (2-4 is ideal for enterprise) +- Select geographically close servers to minimize latency +- Avoid using stratum 1 servers directly (use stratum 2 instead) +- Ensure stable network path to NTP servers + +### Industrial Environment Considerations +- Account for temperature variations in industrial settings +- Use ruggedized NTP appliances in harsh environments +- Consider GPS-based NTP servers for isolated sites +- Implement redundant time sources for critical applications +- Test NTP resilience during network outages + +### Maintenance +- Regularly verify NTP synchronization status (daily) +- Monitor offset and jitter values (weekly) +- Review NTP logs for anomalies +- Update authentication keys periodically +- Document your NTP server hierarchy +- Test failover scenarios + +### Time Initialization +- When first configuring, manually set clock to within 1000 seconds +- NTP will refuse to sync if initial offset is too large +- Use `clock set` command before enabling NTP on new switches +- Allow 10-15 minutes for initial synchronization +- Monitor stabilization with `show ntp associations` + +--- + +## Monitoring and Logging + +### Regular Health Checks + +```cisco +! Daily verification +show ntp status | include Clock +show ntp associations | include "\*" + +! Weekly detailed check +show ntp associations detail +show clock detail + +! Check for errors +show logging | include NTP +``` + +### Enable SNMP Monitoring + +```cisco +configure terminal + +! Enable SNMP for NTP monitoring +snmp-server enable traps ntp + +! Configure SNMP trap receiver +snmp-server host 10.1.1.100 version 2c YourCommunity + +end +write memory +``` + +### Syslog Monitoring + +```cisco +configure terminal + +! Configure syslog server +logging host 10.1.1.50 + +! Set logging level +logging trap informational + +! Enable timestamps +service timestamps log datetime msec localtime show-timezone + +end +write memory +``` + +### EEM Script for NTP Monitoring + +```cisco +configure terminal + +! Create EEM applet to monitor NTP +event manager applet NTP-Monitor + event timer watchdog time 300 + action 1.0 cli command "enable" + action 2.0 cli command "show ntp status | include Clock" + action 3.0 regexp "unsynchronized" "$_cli_result" + action 4.0 if $_regexp_result eq 1 + action 4.1 syslog msg "NTP ALERT: Clock is unsynchronized" + action 4.2 cli command "show ntp associations" + action 5.0 end + +end +write memory +``` + +--- + +## Debug Commands + +### NTP Debugging + +```cisco +! Enable NTP debugging (use with caution in production) +debug ntp all +debug ntp authentication +debug ntp events +debug ntp packets +debug ntp validity + +! Disable debugging +undebug all +! Or +no debug all +``` + +### Conditional Debugging + +```cisco +! Debug specific NTP server +debug ntp packets 10.1.1.10 + +! View debug output +terminal monitor +! Then enable debugging +``` + +**Warning:** Debugging can generate significant CPU load. Use sparingly in production and disable when troubleshooting is complete. + +--- + +## Quick Reference Commands + +| Command | Purpose | +|---------|---------| +| `show ntp status` | Display synchronization status | +| `show ntp associations` | List all NTP peers and sync status | +| `show ntp associations detail` | Detailed peer statistics | +| `show clock` | Current system time | +| `show clock detail` | Time with timezone and DST info | +| `show calendar` | Hardware clock time | +| `show running-config \| include ntp` | Display NTP configuration | +| `show running-config \| include clock` | Display time configuration | +| `show ntp authentication-keys` | List configured auth keys | +| `ntp update-calendar` | Sync hardware clock from system | +| `clock update-calendar` | Alternative calendar sync | +| `clock set HH:MM:SS DD Month YYYY` | Manually set system time | + +--- + +## IOS-XE Specific Features + +### NTP Broadcast + +The ESS 9300 running IOS-XE supports NTP broadcast mode: + +```cisco +! Server sends periodic broadcasts +interface GigabitEthernet1/1 + ntp broadcast + exit + +! Client receives broadcasts +interface GigabitEthernet1/2 + ntp broadcast client + exit +``` + +### NTP Multicast + +```cisco +! Server sends to multicast group +interface GigabitEthernet1/1 + ntp multicast 224.0.1.1 + exit + +! Client receives multicast +interface GigabitEthernet1/2 + ntp multicast client 224.0.1.1 + exit +``` + +### IPv6 NTP Support + +```cisco +configure terminal + +! IPv6 NTP server +ntp server 2001:db8::10 prefer + +! IPv6 source interface +ntp source Vlan100 + +end +write memory +``` + +--- + +## Appendix: Public NTP Servers + +### NIST (US Government) +- `129.6.15.28` - NIST, Gaithersburg, Maryland +- `129.6.15.29` - NIST, Gaithersburg, Maryland +- `132.163.96.1` - NIST, Boulder, Colorado +- `132.163.96.2` - NIST, Boulder, Colorado + +### US Naval Observatory +- `192.5.41.40` - tick.usno.navy.mil +- `192.5.41.41` - tock.usno.navy.mil + +### NTP Pool Project +- `0.pool.ntp.org` +- `1.pool.ntp.org` +- `2.pool.ntp.org` +- `3.pool.ntp.org` + +### Regional Pools +- `0.north-america.pool.ntp.org` +- `0.us.pool.ntp.org` + +**Note:** For production industrial use, deploy internal GPS-synchronized NTP servers rather than having all devices query public servers directly. This improves reliability, reduces external dependencies, and provides better time accuracy. + +--- + +## Integration with Industrial Protocols + +### PTP (Precision Time Protocol) Coexistence + +The ESS 9300 supports both NTP and PTP (IEEE 1588). Best practices: + +- Use **PTP for sub-microsecond precision** (automation, motion control) +- Use **NTP for general timekeeping** (logging, AAA, management) +- Keep NTP and PTP on separate VLANs if possible +- Use NTP for non-critical devices +- Reserve PTP for time-critical industrial applications + +### Synchronization with PLCs and SCADA + +```cisco +! Configure NTP to serve time to industrial devices +configure terminal + +ntp master 3 +ntp source GigabitEthernet1/1 + +! Allow SCADA network to query time +ntp access-group serve 20 +access-list 20 permit 10.50.0.0 0.0.255.255 + +end +write memory +``` + +--- + +## Differences from Nexus NX-OS + +Key differences when coming from Nexus switches: + +| Feature | Nexus (NX-OS) | ESS 9300 (IOS-XE) | +|---------|---------------|-------------------| +| VRF syntax | `use-vrf management` | Not required (use `source` instead) | +| Feature enable | `feature ntp` | Not required (built-in) | +| Calendar sync | N/A | `ntp update-calendar` | +| Save config | `copy run start` | `write memory` or `copy run start` | +| Auth key type | MD5 with type 7 | MD5 (auto-encrypted) | +| Interface naming | `mgmt0` | `GigabitEthernet0/0` | + +--- + +## Document Information + +**Target Platform:** Cisco Catalyst ESS 9300 (IE-9300) +**Operating System:** IOS-XE +**IOS-XE Versions:** 17.x +**Last Updated:** March 2026 +**Document Purpose:** Configuration reference and troubleshooting guide for industrial Ethernet environments + +For Cisco IOS-XE command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Cisco/Nexus_NTP.md b/Work/Cisco/Nexus_NTP.md new file mode 100644 index 0000000..67c8af9 --- /dev/null +++ b/Work/Cisco/Nexus_NTP.md @@ -0,0 +1,518 @@ +--- +title: NTP Deep dive on the Nexus +description: Config and troubleshoot +published: true +date: 2026-03-31T20:46:08.474Z +tags: +editor: markdown +dateCreated: 2026-03-31T20:45:58.287Z +--- + +# Cisco Nexus 93180 NTP Configuration and Troubleshooting Guide + +## Overview + +This guide provides complete NTP (Network Time Protocol) configuration steps and troubleshooting procedures for the Cisco Nexus 93180 switch running NX-OS. Accurate time synchronization is critical for logging, AAA, certificates, and distributed system correlation. + +--- + +## NTP Configuration + +### Basic NTP Server Configuration + + configure terminal + + ! Enable NTP feature (if not already enabled) + feature ntp + + ! Configure NTP servers (use multiple servers for redundancy) + ntp server 10.1.1.10 prefer use-vrf management + ntp server 10.1.1.11 use-vrf management + ntp server 192.0.2.1 use-vrf default + + ! Configure NTP source interface (optional but recommended) + ntp source-interface mgmt0 + + ! Set timezone (adjust to your location) + clock timezone EST -5 0 + + ! Configure daylight saving time (if applicable) + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + ! Save configuration + copy running-config startup-config + +### NTP Authentication (Recommended for Production) + + configure terminal + + ! Enable NTP authentication + ntp authenticate + + ! Create authentication keys + ntp authentication-key 1 md5 YourSecureKey123 7 + ntp authentication-key 2 md5 AnotherSecureKey456 7 + + ! Specify trusted keys + ntp trusted-key 1 + ntp trusted-key 2 + + ! Apply authentication to NTP servers + ntp server 10.1.1.10 prefer use-vrf management key 1 + ntp server 10.1.1.11 use-vrf management key 2 + + copy running-config startup-config + +### NTP Access Control (Security Best Practice) + + configure terminal + + ! Define access control for NTP + ! peer: Allow sync and queries + ! serve: Respond to queries only + ! serve-only: Respond to queries but don't sync + ! query-only: Allow queries only + + ntp access-group peer PeerACL + ntp access-group serve ServeACL + ntp access-group query-only QueryACL + + ! Create ACLs + ip access-list NTP-Peers + 10 permit ip 10.1.1.0/24 any + 20 deny ip any any + + ip access-list NTP-Serve + 10 permit ip 10.0.0.0/8 any + 20 deny ip any any + + copy running-config startup-config + +### NTP Master Configuration (Switch as Time Source) + + configure terminal + + ! Configure switch as NTP master (stratum level) + ! Only use if external NTP servers are unavailable + ntp master 8 + + ! This makes the switch authoritative at stratum 8 + ! Lower stratum = higher priority (1 is highest) + + copy running-config startup-config + +### Logging NTP Events + + configure terminal + + ! Enable logging for NTP + ntp logging + + ! Adjust logging level if needed + logging level ntp 6 + + copy running-config startup-config + +--- + +## Verification Commands + +### Check NTP Status + + ! Show NTP status summary + show ntp status + + ! Expected output when synchronized: + ! Clock is synchronized, stratum 3, reference is 10.1.1.10 + ! nominal freq is 250.0000 Hz, actual freq is 250.0010 Hz, precision is 2**18 + ! reference time is E8C9A234.1F2E3D4C (10:15:48.121 EST Mon Jan 15 2024) + ! clock offset is -0.0023 msec, root delay is 12.34 msec + ! root dispersion is 45.67 msec, peer dispersion is 1.23 msec + +### Check NTP Peers + + ! Show all NTP peers and their status + show ntp peers + + ! Column descriptions: + ! * = synchronized, + = candidate, # = selected + ! remote: NTP server address + ! ref clock: reference source of the server + ! st: stratum level + ! when: last packet received (seconds) + ! poll: polling interval + ! reach: reachability (377 = all 8 attempts successful) + ! delay: round-trip delay (ms) + ! offset: time difference (ms) + ! jitter: dispersion (ms) + +### Check NTP Statistics + + ! Show detailed peer statistics + show ntp peer-status + + ! Show specific peer details + show ntp peer 10.1.1.10 + +### Check NTP Authentication + + ! Verify authentication keys + show ntp authentication-keys + + ! Check authentication status + show ntp authentication-status + +### Check Time Configuration + + ! Display current clock settings + show clock detail + + ! Show timezone configuration + show running-config | include clock + +--- + +## Common Configuration Examples + +### Example 1: Enterprise Configuration with Multiple Servers + + configure terminal + + feature ntp + + ! Use company NTP servers in management VRF + ntp server 10.10.1.10 prefer use-vrf management + ntp server 10.10.1.11 use-vrf management + ntp server 10.10.1.12 use-vrf management + + ! Use public NTP as backup in default VRF + ntp server 129.6.15.28 use-vrf default + ntp server 132.163.96.1 use-vrf default + + ntp source-interface mgmt0 + + clock timezone EST -5 0 + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + ntp logging + + copy running-config startup-config + +### Example 2: Secure Configuration with Authentication + + configure terminal + + feature ntp + + ntp authenticate + ntp authentication-key 10 md5 Pr0d_NTP_K3y_2024 7 + ntp trusted-key 10 + + ntp server 10.10.1.10 prefer use-vrf management key 10 + ntp server 10.10.1.11 use-vrf management key 10 + + ntp access-group peer NTP-PEERS + + ip access-list NTP-PEERS + 10 permit ip 10.10.1.0/24 any + 20 deny ip any any log + + ntp source-interface mgmt0 + ntp logging + + clock timezone EST -5 0 + clock summer-time EDT 2 Sunday March 02:00 1 Sunday November 02:00 60 + + copy running-config startup-config + +--- + +## Troubleshooting Guide + +### Issue: NTP Not Synchronizing + +**Symptoms:** +- `show ntp status` shows "Clock is unsynchronized" +- No asterisk (*) appears in `show ntp peers` + +**Troubleshooting Steps:** + +1. **Verify NTP feature is enabled:** + + show feature | include ntp + ! If disabled: + configure terminal + feature ntp + +2. **Check network connectivity to NTP servers:** + + ping 10.1.1.10 vrf management + traceroute 10.1.1.10 vrf management + +3. **Verify NTP packets are being exchanged:** + + show ntp peer-status + ! Check 'reach' column - should be 377 (binary 11111111) + ! Check 'when' column - should be recent (< poll interval) + +4. **Check for authentication mismatches:** + + show ntp authentication-status + ! Verify keys match between switch and server + +5. **Verify correct VRF is configured:** + + show running-config | include "ntp server" + ! Ensure use-vrf matches your management connectivity + +6. **Check firewall/ACL blocking UDP port 123:** + + ! NTP uses UDP port 123 + show ip access-lists + +7. **Verify time offset isn't too large:** + + ! If offset > 1000 seconds, NTP may refuse to sync + ! Manually set clock closer to correct time: + clock set 14:30:00 15 January 2024 + +### Issue: High Offset or Jitter + +**Symptoms:** +- Time drifts significantly +- High offset values in `show ntp peers` + +**Troubleshooting Steps:** + +1. **Check network latency:** + + ping 10.1.1.10 vrf management repeat 100 + ! Look for packet loss and high/variable latency + +2. **Verify stratum levels:** + ```cisco + show ntp peers + ! Stratum should be < 10 for reliable servers + ! Lower stratum = more accurate + ``` + +3. **Increase number of NTP servers:** + ```cisco + ! Use at least 3 servers for best accuracy + ! NTP uses voting algorithm with multiple sources + ``` + +4. **Check for upstream NTP issues:** + ```cisco + show ntp peer-status + ! Verify your NTP servers are synchronized + ``` + +### Issue: Authentication Failures + +**Symptoms:** +- Peers show as unreachable despite network connectivity +- Authentication errors in logs + +**Troubleshooting Steps:** + +1. **Verify authentication is configured on both ends:** + ```cisco + show ntp authentication-status + ``` + +2. **Check key ID and values match:** + ```cisco + show ntp authentication-keys + ! Key number and MD5 hash must match server + ``` + +3. **Verify trusted keys are configured:** + ```cisco + show running-config | include "ntp trusted-key" + ``` + +4. **Temporarily disable authentication to test:** + ```cisco + configure terminal + no ntp authenticate + ! Test connectivity + ! Re-enable after testing: + ntp authenticate + ``` + +### Issue: NTP Working but Time Still Wrong + +**Symptoms:** +- `show ntp status` shows synchronized +- Clock shows incorrect time + +**Troubleshooting Steps:** + +1. **Verify timezone configuration:** + ```cisco + show running-config | include clock + ! Ensure timezone matches your location + ``` + +2. **Check daylight saving time settings:** + ```cisco + show clock detail + ! Verify DST is configured if applicable + ``` + +3. **Confirm NTP server time is correct:** + ```cisco + show ntp peers + ! Check offset - should be small (< 100ms typically) + ``` + +### Issue: Cannot Add NTP Server + +**Symptoms:** +- Configuration commands rejected +- "Invalid VRF" error + +**Troubleshooting Steps:** + +1. **Verify VRF exists:** + ```cisco + show vrf + ! Common VRFs: management, default + ``` + +2. **Check if management interface is configured:** + ```cisco + show running-config interface mgmt0 + ! Ensure IP address and VRF are configured + ``` + +3. **Verify source interface exists:** + ```cisco + show interface mgmt0 brief + ``` + +--- + +## Best Practices + +### Redundancy +- Configure at least **3 NTP servers** for optimal accuracy and redundancy +- Use diverse network paths to NTP servers when possible +- Consider using both internal and external NTP sources + +### Security +- **Always use NTP authentication** in production environments +- Implement access control lists to limit NTP queries +- Use `use-vrf management` to isolate NTP traffic +- Monitor NTP logs for unusual activity + +### Performance +- Use `prefer` keyword on the most reliable/accurate server +- Choose NTP servers with low stratum (2-4 is ideal) +- Select geographically close servers to minimize latency +- Avoid using stratum 1 servers directly (use stratum 2) + +### Maintenance +- Regularly verify NTP synchronization status +- Monitor offset and jitter values +- Update authentication keys periodically +- Document your NTP server hierarchy + +### Time Initialization +- When first configuring, manually set clock to within 1000 seconds of actual time +- NTP will refuse to sync if offset is too large initially +- Use `clock set` command before enabling NTP on new switches + +--- + +## Monitoring and Logging + +### Regular Health Checks + +```cisco +! Daily verification +show ntp status | include "Clock is" +show ntp peers | include "\*" + +! Weekly detailed check +show ntp peer-status +show clock detail +``` + +### Enable SNMP Monitoring + +```cisco +configure terminal + +! Enable SNMP for NTP monitoring +snmp-server enable traps ntp + +! Configure SNMP trap receiver +snmp-server host 10.1.1.100 traps version 2c YourCommunity + +copy running-config startup-config +``` + +### Syslog Monitoring + +```cisco +configure terminal + +! Ensure NTP logging is enabled +ntp logging + +! Configure syslog server +logging server 10.1.1.50 6 use-vrf management + +! Set appropriate logging level +logging level ntp 6 + +copy running-config startup-config +``` + +--- + +## Quick Reference Commands + +| Command | Purpose | +|---------|---------| +| `show ntp status` | Display synchronization status | +| `show ntp peers` | List all NTP peers and sync status | +| `show ntp peer-status` | Detailed peer statistics | +| `show clock detail` | Current time and configuration | +| `show feature \| include ntp` | Verify NTP feature enabled | +| `show running-config \| include ntp` | Display NTP configuration | +| `show ntp authentication-keys` | List configured auth keys | +| `clear ntp statistics` | Reset NTP statistics | + +--- + +## Appendix: Public NTP Servers + +### NIST (US Government) +- `129.6.15.28` - NIST, Gaithersburg, Maryland +- `132.163.96.1` - NIST, Boulder, Colorado + +### US Naval Observatory +- `192.5.41.40` - tick.usno.navy.mil +- `192.5.41.41` - tock.usno.navy.mil + +### NTP Pool Project +- `0.pool.ntp.org` +- `1.pool.ntp.org` +- `2.pool.ntp.org` +- `3.pool.ntp.org` + +**Note:** For production use, deploy internal NTP servers synchronized to external sources rather than having all infrastructure devices query public servers directly. + +--- + +## Document Information + +**Target Platform:** Cisco Nexus 93180 +**NX-OS Versions:** 7.x, 9.x, 10.x +**Last Updated:** March 2026 +**Document Purpose:** Configuration reference and troubleshooting guide + +For Cisco NX-OS command reference, consult the official Cisco documentation for your specific software version. \ No newline at end of file diff --git a/Work/Ducky/ess9300_upgrade.md b/Work/Ducky/ess9300_upgrade.md new file mode 100644 index 0000000..79c1ae4 --- /dev/null +++ b/Work/Ducky/ess9300_upgrade.md @@ -0,0 +1,289 @@ +--- +title: Voyager SW10GG Upgrade +description: Cisco ESS 9300 +published: true +date: 2026-03-19T15:24:41.320Z +tags: +editor: markdown +dateCreated: 2026-03-19T15:24:35.613Z +--- + +# Cisco ESS9300 — IOS XE Software Upgrade Guide + +--- + +## Platform Overview + +The Cisco Embedded Services 9300 (ESS9300) is a ruggedized, embedded-form-factor switch running **Cisco IOS XE**. It shares its software lineage with the Catalyst 9300 family and uses the same IOS XE upgrade methodology. Software image files are stored on the system board flash device (`flash:`). The ESS9300 supports two boot modes: + +- **Install Mode** *(recommended)* — software is expanded into discrete package files; supports rollback and clean uninstall +- **Bundle Mode** — the switch boots directly from a monolithic `.bin` file + +> **Note:** All procedures in this guide use Install Mode. Cisco recommends Install Mode for all IOS XE upgrades on the ESS9300 platform. Verify your current boot mode before proceeding. + +--- + +## 1. Pre-Upgrade Checks + +### Verify Current Software Version and Boot Mode + +``` +show version +show boot +``` + +Confirm the `BOOT variable` points to `flash:packages.conf` (Install Mode). If it shows a `.bin` filename, you are in Bundle Mode — see the Bundle Mode section at the end of this document before proceeding. + +### Check Switch Health + +``` +show module +show environment all +show logging last 100 +``` + +Resolve any hardware faults, environmental alarms, or persistent log errors before proceeding. + +### Check FPGA Version (xFSU Consideration) + +If you intend to use Extended Fast Software Upgrade (xFSU) to minimize downtime, check FPGA eligibility: + +``` +show xfsu eligibility +``` + +> **Note:** `show xfsu eligibility` is available in IOS XE 17.8 and later. All fields must report `Yes` or `Eligible` for xFSU to proceed. If the FPGA is unsupported, a standard install with reload is required first. + +### Verify Flash Space + +IOS XE images for the ESS9300 platform typically require **1–1.5 GB** of free flash space. Check available space and remove inactive packages if necessary: + +``` +dir flash: +install remove inactive +``` + +### Backup the Running Configuration + +``` +copy running-config startup-config +copy running-config flash:backup-config.txt +``` + +--- + +## 2. Obtain the IOS XE Image + +1. Navigate to [https://software.cisco.com](https://software.cisco.com) and log in. A valid Cisco service contract is required. +2. Go to **Downloads → Switches → Industrial Ethernet Switches → Embedded Services 9300 Series**. +3. Select the target IOS XE release. Download the appropriate `cat9k_iosxe.xx.xx.xx.SPA.bin` image. +4. Record the **MD5 checksum** from the download page for later verification. + +> **Upgrade Path:** Confirm that your current IOS XE release and the target release form a supported direct upgrade path. Certain version combinations require an intermediate stepping-stone upgrade. Review the target release notes and the IOS XE Migration Guide for IIoT Switches before proceeding. + +--- + +## 3. Transfer the Image to the Switch + +### Option A — SCP from Windows PC (OpenSSH) + +Verify the OpenSSH Server service is running on your PC: + +``` +net start sshd +``` + +From the switch CLI, pull the image from the Windows PC: + +``` +copy scp://YourUsername@/C:/path/to/.bin flash: vrf management +``` + +> **Tip:** Place the image in a short, space-free path such as `C:\ios\` to avoid syntax errors. + +### Option B — TFTP + +From the switch CLI: + +``` +copy tftp:///.bin flash: vrf management +``` + +### Option C — USB Drive + +Format a USB drive as FAT32 and copy the image to the root. Insert into the switch USB port, then from the CLI: + +``` +copy usbflash0:.bin flash: +``` + +Verify the USB is recognized: + +``` +dir usbflash0: +``` + +--- + +## 4. Verify the Image Integrity + +Confirm the image is present on flash: + +``` +dir flash: +``` + +Verify the MD5 checksum against the value from the Cisco download page: + +``` +verify /md5 flash:.bin +``` + +Do not proceed if the checksum does not match — re-transfer the image. + +--- + +## 5. Set the Boot Variable (Install Mode) + +Ensure the boot variable is correctly configured before proceeding: + +``` +configure terminal + no boot system + boot system flash:packages.conf +end +write memory +``` + +Verify: + +``` +show boot +``` + +The `BOOT variable` line must read `flash:packages.conf`. + +--- + +## 6. Install and Activate the New Image + +### Standard Install (Requires Reload) + +Run the following command to stage, activate, and commit the new image. The switch will prompt for a reload — respond `y` to confirm: + +``` +install add file flash:.bin activate commit +``` + +The process will: +1. Expand the `.bin` into package files on flash +2. Activate the new packages +3. Prompt for a reload +4. Commit the new version as the running baseline on first successful boot + +> **Important:** Do not interrupt the process or remove power during installation or reload. The entire operation typically completes within 10–15 minutes. + +### Extended Fast Software Upgrade — xFSU (Reduced Downtime, IOS XE 17.8+) + +If the switch passed the `show xfsu eligibility` check, xFSU can be used to minimize traffic downtime during the upgrade: + +``` +install add file flash:.bin activate xfsu commit +``` + +> xFSU keeps the data plane forwarding during the control plane reload. Residual traffic loss is typically under 3 minutes. xFSU is not equivalent to ISSU — a brief reload still occurs. + +For IOS XE 17.3 and 17.6 (pre-17.8 syntax): + +``` +install add file flash:.bin activate reloadfast commit +``` + +--- + +## 7. Post-Upgrade Verification + +After the switch reloads, confirm the upgrade was successful: + +``` +show version +show boot +show module +show environment all +show interface status +show logging last 50 +``` + +Confirm that: +- The IOS XE version matches the target release +- `BOOT variable` still shows `flash:packages.conf` +- All modules, interfaces, and environmental readings are normal +- No new faults or errors appear in the system log + +--- + +## 8. Clean Up Old Installation Files + +Once the upgrade is confirmed stable, remove inactive packages to reclaim flash space: + +``` +install remove inactive +``` + +Confirm when prompted. + +--- + +## Bundle Mode Upgrade (Alternative) + +If the switch is currently running in Bundle Mode (boots from a `.bin` file), use the following procedure instead of the Install Mode steps above: + +``` +configure terminal + no boot system + boot system flash:.bin +end +write memory +reload +``` + +After reloading, verify with `show version`. Bundle Mode does not support rollback. Cisco recommends transitioning to Install Mode going forward by setting the boot variable to `flash:packages.conf` and running `install add file flash:.bin activate commit`. + +--- + +## ROMMON Upgrade (If Required) + +On the first boot of a new IOS XE release, the primary SPI flash ROMMON is upgraded automatically if a newer bootloader version is included in the release. This is expected behavior. + +The golden SPI flash ROMMON requires a manual upgrade and is only necessary in specific recovery scenarios: + +``` +upgrade rom-monitor capsule golden switch active +``` + +The golden ROMMON update takes effect on the next reload. Refer to the release notes to determine whether a ROMMON upgrade is applicable to your target release. + +--- + +## Emergency Recovery + +If the switch fails to boot or is stuck at the ROMMON prompt, use the following recovery procedure: + +1. Connect a terminal to the console port (RJ-45 or USB-mini, 9600 baud / 8N1). +2. Connect port **Gi1/3** to a PC running a TFTP server with a valid IOS XE image at the TFTP root. +3. If the switch is in a boot loop, hold the front-panel button for approximately 5 seconds to break the cycle and stop at the `switch:` prompt. +4. From the ROMMON prompt, configure network parameters and boot the recovery image: + +``` +switch: boot emgy0:.SPA.bin +``` + +--- + +## Key Reminders + +- Schedule upgrades during a **maintenance window**. The ESS9300 does not have a redundant supervisor — traffic will be interrupted during the reload unless xFSU is used. +- The boot loader (ROMMON) may be automatically upgraded on the first boot of a new IOS XE release. This is normal and does not indicate a failure. +- Smart Licensing Using Policy (SLUP) is enforced in newer IOS XE releases. Licenses remain in evaluation mode until the device is registered with Cisco Smart Software Manager (CSSM) or a satellite server. +- Starting with IOS XE 17.10, legacy SSH key exchange and MAC algorithms were removed from the default cipher list. If SSH access is disrupted post-upgrade, use the `ip ssh server algorithm kex` and `ip ssh server algorithm mac` commands to restore required algorithms. +- If the switch uses an FPGA profile (e.g., for PRP or CTS IPv6), review the FPGA profile behavior in the target release notes. Profile configurations may need to be reselected after upgrade before writing to startup-config. diff --git a/Work/Ducky/ess_3300.md b/Work/Ducky/ess_3300.md new file mode 100644 index 0000000..868b0e4 --- /dev/null +++ b/Work/Ducky/ess_3300.md @@ -0,0 +1,248 @@ +--- +title: Voyager SW26G Upgrade +description: Cisco ESS 3300 Upgrade +published: true +date: 2026-03-19T15:46:20.810Z +tags: +editor: markdown +dateCreated: 2026-03-19T15:46:15.200Z +--- + +# Cisco ESS3300 — IOS XE Software Upgrade Guide + +--- + +## Platform Overview + +The Cisco Embedded Services 3300 (ESS3300) is a ruggedized, embedded-form-factor switch running **Cisco IOS XE**. Software images are stored on the system board flash device (`flash:`). The ESS3300 supports two boot modes: + +- **Install Mode** *(recommended)* — software is expanded into discrete package files; supports rollback +- **Bundle Mode** — the switch boots directly from a monolithic `.bin` file + +> **Note:** All procedures in this guide use Install Mode. Cisco recommends Install Mode for all IOS XE upgrades. Verify your current boot mode before proceeding. + +--- + +## 1. Pre-Upgrade Checks + +### Verify Current Software Version and Boot Mode + +``` +show version +show boot +``` + +Confirm the `BOOT variable` points to `flash:packages.conf` (Install Mode). If it shows a `.bin` file, you are in Bundle Mode — see the Bundle Mode section at the end of this document before proceeding. + +### Check Switch Health + +``` +show module +show environment all +show logging last 100 +``` + +Resolve any hardware faults, fan alarms, or recurring log errors before proceeding. + +### Verify Flash Space + +IOS XE images typically require **1–1.5 GB** of free flash space. Check available space and clean up inactive packages if necessary: + +``` +dir flash: +install remove inactive +``` + +Confirm the space is sufficient before copying the new image. + +### Backup the Running Configuration + +``` +copy running-config startup-config +copy running-config flash:backup-config.txt +``` + +--- + +## 2. Obtain the IOS XE Image + +1. Navigate to [https://software.cisco.com](https://software.cisco.com) and log in. A valid Cisco service contract is required. +2. Go to **Downloads → Switches → Industrial Ethernet Switches → Embedded Services 3300 Series**. +3. Select the target IOS XE release. Download the appropriate `.bin` image for the ESS3300 platform. +4. Record the **MD5 checksum** from the download page for later verification. + +> **Upgrade Path:** Verify that your current release and target release form a supported direct upgrade path. Some versions require an intermediate "stepping stone" release. Refer to the release notes for the target version before proceeding. + +--- + +## 3. Transfer the Image to the Switch + +### Option A — SCP from Windows PC (OpenSSH) + +Verify the OpenSSH Server service is running on your PC: + +``` +net start sshd +``` + +Enable SCP server on the switch: + +``` +feature scp-server +``` + +From the switch CLI, pull the image from the Windows PC: + +``` +copy scp://YourUsername@/C:/path/to/.bin flash: vrf management +``` + +> **Tip:** Place the image in a short path with no spaces, such as `C:\ios\`, to avoid syntax issues. + +### Option B — TFTP + +From the switch CLI: + +``` +copy tftp:///.bin flash: vrf management +``` + +### Option C — USB Drive + +Format the USB drive as FAT32 and copy the image to the root of the drive. Insert the drive into the switch USB port, then from the CLI: + +``` +copy usbflash0:.bin flash: +``` + +--- + +## 4. Verify the Image Integrity + +Confirm the image copied successfully: + +``` +dir flash: +``` + +Verify the MD5 checksum matches the value from the Cisco download page: + +``` +verify /md5 flash:.bin +``` + +Do not proceed if the checksum does not match — re-transfer the image. + +--- + +## 5. Set the Boot Variable (Install Mode) + +Ensure the boot variable is correctly set to `packages.conf` before installing: + +``` +configure terminal + no boot system + boot system flash:packages.conf +end +write memory +``` + +Verify: + +``` +show boot +``` + +The `BOOT variable` line should read `flash:packages.conf`. + +--- + +## 6. Install and Activate the New Image + +Run the install command to stage, activate, and commit the new image in a single operation. The switch will reload automatically when prompted — respond `y` to confirm: + +``` +install add file flash:.bin activate commit +``` + +The process will: +1. Expand the `.bin` into package files on flash +2. Activate the new packages +3. Prompt for a reload +4. Commit the new version as the running baseline on first boot + +> **Important:** Do not interrupt the process or remove power during installation or reload. + +--- + +## 7. Post-Upgrade Verification + +After the switch reloads, verify the upgrade was successful: + +``` +show version +show boot +show module +show environment all +show interface status +``` + +Confirm that: +- The IOS XE version matches the target release +- `BOOT variable` still shows `flash:packages.conf` +- All modules and interfaces are in the expected state +- No new errors appear in the system log (`show logging last 50`) + +--- + +## 8. Clean Up Old Installation Files + +Once the upgrade is confirmed stable, remove inactive packages to reclaim flash space: + +``` +install remove inactive +``` + +Confirm when prompted. + +--- + +## Bundle Mode Upgrade (Alternative) + +If the switch is running in Bundle Mode (boots from a `.bin` file), use the following procedure instead of the Install Mode steps above: + +``` +configure terminal + no boot system + boot system flash:.bin +end +write memory +reload +``` + +After reloading, verify with `show version`. Note that Bundle Mode does not support rollback. Cisco recommends converting to Install Mode going forward. + +--- + +## Emergency Recovery + +If the switch is stuck at the `switch:` ROMMON prompt or is in a boot loop, use the emergency recovery procedure: + +1. Connect a terminal to the console port (RJ-45 or USB-mini, 9600 baud / 8N1). +2. Connect port **Gi1/3** to a PC running a TFTP server with a valid IOS XE image at the TFTP root. +3. If in a boot loop, hold the front-panel button for approximately 5 seconds to break the cycle and stop at the `switch:` prompt. +4. From the `switch:` prompt, boot the emergency install image: + +``` +switch: boot emgy0:.SPA.bin +``` + +--- + +## Key Reminders + +- Schedule upgrades during a **maintenance window**. The ESS3300 has no redundant supervisor — traffic will be interrupted during the reload. +- In a stacked or redundant deployment, upgrade the secondary/standby unit first, then the primary. +- The boot loader (ROMMON) may be automatically upgraded on the first boot of a new IOS XE release. This is expected behavior and does not indicate a failure. +- Smart Licensing requires registration after upgrading to a release that introduces Smart Licensing Using Policy (SLUP). Existing licenses remain in evaluation mode until registered. +- Starting with IOS XE 17.10, certain legacy SSH key exchange and MAC algorithms were removed from the default list. Review the target release notes if SSH access is affected post-upgrade. diff --git a/Work/Nexus-upgrade.md b/Work/Nexus-upgrade.md new file mode 100644 index 0000000..fe286d4 --- /dev/null +++ b/Work/Nexus-upgrade.md @@ -0,0 +1,165 @@ +--- +title: Nexus Upgrade +description: +published: true +date: 2026-02-19T20:37:41.384Z +tags: +editor: markdown +dateCreated: 2026-02-19T20:37:32.957Z +--- + +# Cisco Nexus C9300GX-CD — NX-OS Upgrade Guide + +--- + +## 1. Pre-Upgrade Checks + +### Verify Current Version and Switch Health +``` +show version +show module +show environment +show logging last 100 +``` + +### Check Bootflash Space +Ensure at least 2GB of free space is available: +``` +dir bootflash: +``` + +### Save Your Running Configuration +``` +copy running-config startup-config +copy running-config bootflash:backup-config.txt +``` + +### Check Upgrade Compatibility +Verify your current and target NX-OS versions are a supported upgrade path using Cisco's [Nexus 9000 Upgrade and ISSU Matrix](https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/). Some versions require intermediate "stepping stone" upgrades. + +--- + +## 2. Download the NX-OS Image + +1. Go to [https://software.cisco.com](https://software.cisco.com) and log in (a valid service contract is required). +2. Navigate to **Downloads** → **Switches** → **Data Center Switches** → **Nexus 9000 Series**. +3. Select your target NX-OS release and download the appropriate image (e.g., `nxos64-cs.10.5.4.M.bin`). +4. Note the **MD5 checksum** listed on the download page for later verification. + +--- + +## 3. Transfer the Image to the Switch + +### Option A: Using Windows OpenSSH Server (SCP) + +#### Verify OpenSSH Server is Running on Windows + +Open PowerShell or Command Prompt and run: +``` +net start sshd +``` +Or in PowerShell: +```powershell +Start-Service sshd +``` + +Confirm the firewall rule exists for port 22: +``` +netsh advfirewall firewall show rule name="OpenSSH Server (sshd)" +``` + +Find your PC's IP address: +``` +ipconfig +``` + +#### Enable SCP Server on the Switch +``` +feature scp-server +``` + +#### Pull the File from the Switch CLI +From the switch, use the `copy` command to pull the file from your Windows PC: +``` + copy scp://Phil@192.168.0.3/C:/Users/Phil.SIL-PC49/Desktop/9300GX/nxos64-cs.10.5.4.M.bin bootflash: vrf management +``` + +> **Tip:** If the path is long or contains spaces, move the file to a simple location like `C:\nxos\` first: +> ``` +> copy scp://YourUsername@192.168.0.x/C:/nxos/nxos64-cs.10.5.4.M.bin bootflash: vrf management +> ``` + + +--- + +## 4. Verify the Image + +Confirm the file is on bootflash: +``` +dir bootflash: +``` + +Verify the MD5 checksum matches what Cisco published: +``` +show file bootflash:nxos64-cs.10.5.4.M.bin md5sum +``` + +--- + +## 5. Pre-Install Compatibility Check + +Run the incompatibility check before upgrading to identify any configuration or feature conflicts: +``` +show incompatibility-all nxos bootflash:nxos64-cs.10.5.4.M.bin +``` + +Review the output carefully and resolve any flagged issues before proceeding. + +--- + +## 6. Perform the Upgrade + +### Disruptive Upgrade (Recommended — Requires Maintenance Window) +The switch will reload. This is the simplest and most reliable method: +``` +install all nxos bootflash:nxos64-cs.10.5.4.M.bin +``` + +### Non-Disruptive ISSU (In-Service Software Upgrade) +Data plane stays up; control plane resets (~120 seconds). Must confirm version compatibility first: +``` +install all nxos bootflash:nxos64-cs.10.5.4.M.bin non-disruptive +``` + +> The `install all` command performs a final compatibility check and prompts for confirmation before making any changes. + +--- + +## 7. Post-Upgrade Verification + +``` +show version +show module +show environment +show interface status +``` + +Confirm the new NX-OS version is running and all modules/interfaces are healthy. + +--- + +## 8. Clean Up Old Images (Optional) + +Once you have confirmed a successful upgrade, remove the old image to free bootflash space: +``` +delete bootflash:nxos64-cs..bin +``` + +--- + +## Key Tips + +- Always schedule upgrades during a **maintenance window**, even for ISSU, as the C9300GX has a single supervisor. +- In a **vPC pair**, upgrade the **secondary switch first**, then the primary. +- Never interrupt power during the upgrade process. +- Keep a backup of your configuration before starting. diff --git a/Work/Nexus_1_Build.md b/Work/Nexus_1_Build.md new file mode 100644 index 0000000..21bda12 --- /dev/null +++ b/Work/Nexus_1_Build.md @@ -0,0 +1,715 @@ +--- +title: C9300GX-1 Build +description: +published: true +date: 2026-02-19T20:47:10.482Z +tags: +editor: markdown +dateCreated: 2026-02-19T20:45:10.926Z +--- + +# AT1EU-NEXUS-1 — Cisco Nexus 9300 Configuration + +## Overview + +AT1EU-NEXUS-1 is the **primary** switch in a vPC pair (role priority 10, lower = preferred). It runs NX-OS 10.3(7) and forms a vPC domain with AT1EU-NEXUS-2. The two switches share a vPC peer-link (Po10) across Eth1/47–48, and use out-of-band management (mgmt0 at 192.168.0.1) for the vPC peer-keepalive path. + +**Key roles of this switch:** +- vPC primary (role priority 10) +- STP root bridge for management/native VLANs (priority 8192 for VLANs 1, 66) +- Layer 3 gateway for Vlan502 (Atom VRF, IP 15.0.2.121/24) +- NTP master (stratum 3) +- Upstream connections: 500e-X1 (Po3), 500e-X2 (Po4), 9300 (Po124) +- Storage connections: AFF300-A (Po127), AFF300-B (Po128), FAS2750-A (Po129), FAS2750-B (Po130), A70-A (Po131), A70-B (Po132) +- Compute connections: UCS-A (Po125), UCS-B (Po126) + +--- + +## Cut-and-Paste Configuration + +``` +conf t +switchname AT1EU-NEXUS-1 + +! --- QoS: Jumbo Frame Policy --- +policy-map type network-qos JUMBO + class type network-qos class-default + mtu 9216 + +! --- VDC Resource Limits --- +vdc AT1EU-NEXUS-1 id 1 + limit-resource vlan minimum 16 maximum 4094 + limit-resource vrf minimum 2 maximum 4096 + limit-resource port-channel minimum 0 maximum 511 + limit-resource m4route-mem minimum 58 maximum 58 + limit-resource m6route-mem minimum 8 maximum 8 + +! --- Features --- +feature nxapi +feature bash-shell +feature scp-server +cfs eth distribute +feature udld +feature interface-vlan +feature lacp +feature vpc +feature lldp +feature telemetry + +! --- RBAC --- +role name network-ro + rule 2 permit read + rule 1 permit command show running-config + +! --- Users --- +username admin password 5 $5$MFJCIC$AJyskD7vdoVFKK5cTS2lO20omFL4XFrgqNB94qDA5Z2 role network-admin +ssh key rsa 2048 + +! --- Banner --- +banner motd ^ +********************* DOD NOTICE AND CONSENT BANNER ************************* +* You are accessing a U.S. Government (USG) Information System (IS) that is * +* provided for USG-authorized use only. By using this IS (which includes any* +* device attached to this IS), you consent to the following conditions: * +*-The USG routinely intercepts and monitors communications on this IS for * +* purposes including, but not limited to, penetration testing, COMSEC * +* monitoring, network operations and defense, personnel misconduct (PM), * +* law enforcement (LE), and counterintelligence (CI) investigations. * +*-At any time, the USG may inspect and seize data stored on this IS. * +*-Communications using, or data stored on, this IS are not private, are * +* subject to routine monitoring, interception, and search, and may be * +* disclosed or used for any USGauthorized purpose. * +*-This IS includes security measures (e.g., authentication and access * +* controls) to protect USG interests--not for your personal benefit or * +* privacy. * +*-Notwithstanding the above, using this IS does not constitute consent to * +* PM, LE or CI investigative searching or monitoring of the content of * +* privileged communications, or work product, related to personal * +* representation or services by attorneys, psychotherapists, or clergy, and * +* their assistants. Such communications and work product are private and * +* confidential. See User Agreement for details. * +************************ POC: SIL Network Team **************************** +^ + +! --- SSH --- +ssh ciphers aes256-gcm + +! --- DNS & Domain --- +ip domain-lookup +ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 +ip domain-name atom.dev use-vrf Atom +ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 use-vrf Atom + +! --- RADIUS --- +radius-server host 15.0.11.68 key 7 "V1P-jaynmv" authentication accounting +radius-server host 15.32.11.68 key 7 "V1P-jaynmv" authentication accounting +aaa group server radius NETMAN_RADIUS + server 15.0.11.68 + server 15.32.11.68 + use-vrf Atom + +! --- Management ACL --- +ip access-list SWITCH_MGMT + 10 permit ip 15.0.11.150/32 any log + 20 permit ip 15.0.11.151/32 any log + 30 permit ip 15.32.2.154/32 any log + 40 permit ip 15.0.2.154/32 any log + 50 permit ip 15.32.2.1/32 any log + 60 permit ip 15.0.2.1/32 any log + 70 permit ip 15.0.2.2/32 any log + 80 permit ip 15.0.11.47/32 any log + 90 permit ip 15.32.11.45/32 any log + 93 permit ip 15.32.11.150/32 any log + 100 deny ip any any log + +! --- System QoS --- +system qos + service-policy type network-qos JUMBO +copp profile strict + +! --- SNMP --- +snmp-server user admin network-admin auth sha 042F64DB5D2E0D40DF543D6A00495F1F18F9DD5FED7B priv aes-128 00540CF9793F282ED96D666B110B00753FC3F269E964 localizedV2key +snmp-server host 15.0.2.188 traps version 3 priv at-sw-svc +snmp-server enable traps config ccmCLIRunningConfigChanged +rmon event 1 log trap public description FATAL(1) owner PMON@FATAL +rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL +rmon event 3 log trap public description ERROR(3) owner PMON@ERROR +rmon event 4 log trap public description WARNING(4) owner PMON@WARNING +rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO + +! --- NTP --- +ntp server 15.0.0.9 prefer use-vrf Atom key 123 +ntp server 15.32.0.9 prefer use-vrf Atom key 125 +ntp source-interface Vlan502 +ntp authenticate +ntp authentication-key 123 md5 pz5yamz 7 +ntp trusted-key 123 +ntp logging +ntp master 3 + +! --- AAA --- +aaa authentication login default group NETMAN_RADIUS local +aaa authentication login console group NETMAN_RADIUS local +aaa accounting default group NETMAN_RADIUS local +system default switchport +no ip source-route + +! --- VLANs --- +vlan 1-2,8,10,12,66,85,100-103,107-108,121-124,129-130,142-143,145-146,148-150,153,157-158,188,305,321,323,340,342,349,353,374,382,501-502,504-505,549,551,559,562-563,600,611,660-661,667-668,672-673,697-698,701-702,704-710,720-722,724,727,740,750-751,772,777,800-802,804,814,820-823,905,1051,1127,1129,1160-1161,1551,1559-1560,1670-1674,1720-1722,1800-1802,1814-1817,1862,1865,1870-1871 +vlan 1882-1883,1885,1905,3563,3965 +vlan 2 + name TEST_CLUS_COMM +vlan 8 + name FP_Test1 +vlan 10 + name NESS_BOX_TRANSIT +vlan 12 + name FP_Test2 +vlan 66 + name NATIVE_VLAN +vlan 85 + name NESS_Temp +vlan 100 + name migration +vlan 101 + name iscsi_csv +vlan 102 + name iscsi_boot +vlan 103 + name Netapp_XFER +vlan 107 + name Test +vlan 108 + name NET_TEST_NET +vlan 121 + name Atom_Backup +vlan 123 + name storage +vlan 124 + name Admin_iSCSI +vlan 130 + name SIL_SNAPMIRROR +vlan 143 + name Secman_Storage +vlan 146 + name Foxhound_Storage +vlan 150 + name iscsi +vlan 153 + name Javelin(L4) +vlan 157 + name GNext_Storage +vlan 158 + name Ness_Storage +vlan 188 + name JASON_NFS +vlan 321 + name ATOM_Backup +vlan 323 + name AT-vServer +vlan 340 + name ucs_test +vlan 342 + name MadHatter_SVM_Mgmt +vlan 349 + name Rock_SVM3_Mgmt +vlan 353 + name Javlin_SVM +vlan 374 + name Rock_Backup_Mgmt +vlan 382 + name Darrin_User +vlan 501 + name MGMT +vlan 502 + name Atom_User2 +vlan 504 + name Commvault_Test +vlan 505 + name NETAPP_SNAP +vlan 549 + name WDS +vlan 551 + name L4_User +vlan 559 + name Victory_WS_L4 +vlan 562 + name Brace(L3)_User +vlan 667 + name Britt_Test +vlan 668 + name RockTesters(L4)_User +vlan 672 + name GTRI_User +vlan 673 + name VDI(L5) +vlan 701 + name MH_L3_DATA_HLCI +vlan 702 + name MH_L4_DATA_HLCI +vlan 704 + name Legacy-704 +vlan 705 + name Legacy-705 +vlan 706 + name Legacy-706 +vlan 707 + name Legacy-707 +vlan 708 + name Legacy-708 +vlan 709 + name Legacy-709 +vlan 710 + name Legacy-710 +vlan 721 + name GTRI_JAVELIN_L4-721 +vlan 740 + name NETMAN +vlan 750 + name l4_secman +vlan 751 + name Secman_DMP-751 +vlan 777 + name FTD1010_TSHOOT +vlan 804 + name FH_L4_HLCI +vlan 814 + name Rock_L4 +vlan 820 + name GNext_User +vlan 821 + name GNext_Sentris +vlan 822 + name GNext_VPX +vlan 823 + name GNext_VDA +vlan 905 + name Rock_(L4) +vlan 1051 + name IP_SEC_1010 +vlan 1127 + name Vic_Storage +vlan 1551 + name Services(L3)_User +vlan 1559 + name Victory(L3)_User +vlan 1670 + name BigTen_User +vlan 1671 + name Victory_DMP-1671 +vlan 1672 + name VIC_VDI +vlan 1673 + name Victory_Sentris +vlan 1720 + name Javelin(L3)_User +vlan 1721 + name GTRI_JAVELIN_L3-1721 +vlan 1722 + name Victory_VDI-1722 +vlan 1800 + name Foxhound(L3)_User +vlan 1801 + name FH_L3_DATA_HLCI +vlan 1814 + name ROCK_L3_MLS +vlan 1815 + name ServMan_User +vlan 1870 + name AT1EU-JavelinCoop(L3)_User +vlan 1883 + name NESS_User +vlan 1885 + name NESS_Client +vlan 1905 + name Rock(L3)_User +vlan 3563 + name Brace_User +vlan 3965 + name V3E_DEV_HOST + +! --- Spanning Tree --- +spanning-tree port type edge bpduguard default +spanning-tree port type edge bpdufilter default +spanning-tree port type network default +spanning-tree vlan 1,66 priority 8192 +spanning-tree vlan 2,100-102,107-108,121-123,129,142,145,148-150,153,305,323,340,353,382,501-502,505,549,551,562-563,600,611,660-661,667-668,672,697-698,701-702,704-710,720-722,724,727,750,772,800-802,804,814,905,1127,1129,1160-1161,1551,1559-1560,1670,1672-1673,1720-1721,1800-1802,1814-1817,1862,1865,1870-1871,1882,1905,3563,3965 priority 24576 +spanning-tree vlan 3-65,67-99,103-106,109-120,124-128,130-141,143-144,146-147,151-152,154-304,306-322,324-339,341-352,354-381,383-500,503-504,506-548,550,552-561,564-599,601-610,612-659,662-666,669-671,673-696,699-700,703,711-719,723,725-726,728-749,751-771,773-799,803,805-813,815-904,906-1126,1128,1130-1159,1162-1550,1552-1558,1561-1669,1671,1674-1719,1722-1799,1803-1813,1818-1861,1863-1864,1866-1869,1872-1881,1884-1904,1906-3562,3564-3964,3966-3967 priority 0 +spanning-tree vlan 1883 priority 4096 + +! --- VRF --- +vrf context Atom + ip domain-name atom.dev + ip name-server 15.0.2.128 15.0.2.129 15.32.2.128 + ip route 0.0.0.0/0 15.0.2.254 +vrf context management + +! --- Port-Channel Load Balance --- +port-channel load-balance src-dst ip-l4port-vlan + +! --- vPC Domain --- +vpc domain 1 + peer-switch + role priority 10 + peer-keepalive destination 192.168.0.2 source 192.168.0.1 + delay restore 150 + peer-gateway + auto-recovery + +! --- SVI --- +interface Vlan1 + +interface Vlan502 + no shutdown + vrf member Atom + no ip redirects + ip address 15.0.2.121/24 + no ipv6 redirects + +! --- Port-Channels --- +interface port-channel3 + description //Trunk 500e X1 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + vpc 3 + +interface port-channel10 + description //Trunk Peer - Allow STP + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type network + vpc peer-link + +interface port-channel124 + description //Trunk 9300 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type normal + spanning-tree bpduguard disable + spanning-tree guard root + mtu 9216 + no lacp suspend-individual + vpc 124 + +interface port-channel125 + description //Trunk UCS-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard disable + spanning-tree guard root + mtu 9216 + vpc 125 + +interface port-channel126 + description //Trunk UCS-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard disable + spanning-tree guard root + mtu 9216 + vpc 126 + +interface port-channel127 + description //Trunk AFF300-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 127 + +interface port-channel128 + description //Trunk AFF300-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 128 + +interface port-channel129 + description //Trunk FAS 2750-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + storm-control broadcast level 99.00 + storm-control unicast level 99.00 + switchport block unicast + vpc 129 + +interface port-channel130 + description //Trunk Fas 2750-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + storm-control broadcast level 99.00 + storm-control unicast level 99.00 + switchport block unicast + vpc 130 + +interface port-channel131 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 131 + +interface port-channel132 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree guard root + mtu 9216 + vpc 132 + +! --- Breakout Ports (100G -> 4x25G) --- +int e1/1 - 26 + shutdown +exit +interface breakout module 1 port 1 map 25g-4x +interface breakout module 1 port 5 map 25g-4x + + +! --- Physical Interfaces: Breakout (UCS/A70) --- +interface Ethernet1/1/1 + description //Trunk 6554-1:25 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 125 mode active + no shutdown + +interface Ethernet1/1/2 + description //Trunk 6554-1:26 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 125 mode active + no shutdown + +interface Ethernet1/1/3 + description //Trunk 6554-2:27 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 126 mode active + no shutdown + +interface Ethernet1/1/4 + description //Trunk 6554-2:28 + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 126 mode active + no shutdown + +interface Ethernet1/5/1 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 131 mode active + no shutdown + +interface Ethernet1/5/2 + description //Trunk A70-A + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 131 mode active + no shutdown + +interface Ethernet1/5/3 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 132 mode active + no shutdown + +interface Ethernet1/5/4 + description //Trunk A70-B + switchport mode trunk + switchport access vlan 67 + switchport trunk native vlan 66 + switchport trunk allowed vlan 2-66,68-4094 + spanning-tree port type edge trunk + spanning-tree bpduguard enable + spanning-tree guard root + mtu 9216 + channel-group 132 mode active + no shutdown + + + +! +! --- Bulk Disabled Ports --- +int e1/3/1-4,e1/7/1-4,e1/11/1-4,e1/13-23 + description //Disabled access + switchport access vlan 67 + switchport trunk native vlan 66 + spanning-tree port type edge + spanning-tree bpduguard enable + spanning-tree guard root + storm-control broadcast level 99.00 + storm-control unicast level 99.00 + switchport block unicast + udld enable + shutdown + +! --- Management Interface --- +interface mgmt0 + vrf member management + ip address 192.168.0.1/24 + +icam monitor scale + +! --- Console & VTY --- +line console + exec-timeout 5 +line vty + session-limit 4 + exec-timeout 0 + access-class SWITCH_MGMT in + + +! --- Logging --- +logging ip access-list cache entries 8001 +logging logfile LOG_FILE 6 size 4096 +logging server 15.0.2.146 2 +logging server 15.0.2.222 6 +logging level authpri 6 + +intersight use-vrf Atom +``` + +--- + +## Configuration Explanation + +### Platform & Global Settings +Running NX-OS 10.3(7) with a Jumbo MTU QoS policy (9216 bytes) applied globally via `system qos`. IP source-route is disabled. SSH is restricted to AES256-GCM ciphers. CoPP is set to strict for control-plane protection. + +### VDC Resource Limits +Standard resource limits for a single-VDC 9300 — up to 4094 VLANs, 4096 VRFs, and 511 port-channels. + +### Features Enabled +`nxapi`, `bash-shell`, `scp-server`, `udld`, `interface-vlan`, `lacp`, `vpc`, `lldp`, `telemetry`, and CFS Ethernet distribution for vPC. + +### Authentication & Access Control +RADIUS authentication via two servers (15.0.11.68 and 15.32.11.68) in the `NETMAN_RADIUS` group, using the `Atom` VRF. AAA fallback is local. VTY access is restricted to the `SWITCH_MGMT` ACL (specific management host IPs only, with a deny-all default). VTY timeout is 0 (no timeout — note this differs from NEXUS-2 which uses 5 minutes). + +### NTP +Two NTP servers in the Atom VRF (preferred) with MD5 authentication. NTP source is Vlan502. This switch acts as NTP master stratum 3. + +### SNMP +SNMPv3 with SHA auth and AES-128 privacy. Traps sent to 15.0.2.188. RMON events configured for severity levels 1–5. + +### VLANs +Approximately 200 VLANs are defined, covering storage (iSCSI, NFS, SnapMirror), compute (UCS, HLCI workloads), management, user, and VDI segments. VLAN 66 is the native VLAN; VLAN 67 is the unused/quarantine access VLAN for disabled ports. + +### Spanning Tree +STP is configured with global edge/bpduguard and bpdufilter defaults for access ports, and network type for uplinks. This switch holds STP root priority 8192 for VLANs 1 and 66, making it the root for those VLANs. Most production VLANs are set to priority 24576 (secondary root). Unused VLANs are set to priority 0 (disabled from becoming root). + +### VRF & Routing +A single non-default VRF `Atom` carries the management/user traffic with a default route to 15.0.2.254. Vlan502 (`Atom_User2`) is the L3 gateway SVI at 15.0.2.121/24. + +### vPC Domain +- **Domain:** 1 +- **Role Priority:** 10 (primary) +- **Peer-link:** Po10 (Eth1/47–48), `spanning-tree port type network` +- **Peer-keepalive:** mgmt0, destination 192.168.0.2, source 192.168.0.1 +- **Options:** `peer-switch`, `peer-gateway`, `auto-recovery`, 150-second restore delay +- **vPC members:** Po3 (500e-X1), Po4 (500e-X2), Po124 (9300), Po125 (UCS-A), Po126 (UCS-B), Po127 (AFF300-A), Po128 (AFF300-B), Po129 (FAS2750-A), Po130 (FAS2750-B), Po131 (A70-A), Po132 (A70-B) + +### Port-Channel Load Balancing +`src-dst ip-l4port-vlan` — distributes traffic based on source/destination IP, L4 port, and VLAN for optimal flow distribution. + +### Physical Interfaces +- **Ports 1/1–1/26:** Shut down as a group first, then individual interfaces are re-configured. Ports 1, 5, and 9 are broken out as 4x25G sub-interfaces. +- **Eth1/1/1–1/1/4:** 25G breakout ports to UCS 6554 FIs → Po125/Po126 +- **Eth1/5/1–1/5/4:** 25G breakout ports to A70 storage arrays → Po131/Po132 +- **Eth1/24–1/25, 1/45–1/46:** 9300 uplink → Po124 (4-link LACP) +- **Eth1/26:** 500e-X1 → Po3 +- **Eth1/18:** 500e-X2 → Po4 +- **Eth1/47–1/48:** vPC peer-link → Po10 +- **Eth1/53–1/54:** AFF300-A/B → Po127/Po128 +- **Eth1/2–1/3:** FAS2750 → Po129/Po130 +- **Disabled ports:** Placed in VLAN 67, bpduguard enabled, storm-control, UDLD, unicast block — shutdown + + +### Logging +Syslog to 15.0.2.146 (severity 2) and 15.0.2.222 (severity 6). Local log file `LOG_FILE` at severity 6. ACL hit caching configured for 8001 entries. + diff --git a/Work/Overview.md b/Work/Overview.md new file mode 100644 index 0000000..b88106d --- /dev/null +++ b/Work/Overview.md @@ -0,0 +1,38 @@ +--- +title: Work +description: Network engineering documentation — Cisco, NTP, upgrades, automation +published: true +date: 2026-04-12T00:00:00.000Z +tags: work, cisco, networking +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + +# Work + +Network engineering documentation. Cisco switch builds, NTP configurations, software upgrade procedures, and Ducky Script automation. + +--- + +## Switch Builds + +| | | +|---|---| +| [Nexus 1 Build](/Work/Nexus_1_Build) | Full Nexus switch build runbook | +| [C9300GX-2 Build](/Work/C9300GX_2_Build) | C9300GX second switch build | +| [C9300GX Port Breakout](/Work/C9300GX-Port_Breakout) | Port breakout configuration reference | +| [Nexus Upgrade](/Work/Nexus-upgrade) | Nexus software upgrade procedure | + +## Cisco Configs + +| | | +|---|---| +| [NTP — ESS9300](/Work/Cisco/NTP_ESS9300) | NTP configuration for ESS9300 | +| [NTP — Nexus](/Work/Cisco/Nexus_NTP) | NTP configuration for Nexus | + +## Ducky Automation + +| | | +|---|---| +| [ESS9300 Upgrade](/Work/Ducky/ess9300_upgrade) | Ducky Script upgrade automation for ESS9300 | +| [ESS3300](/Work/Ducky/ess_3300) | ESS3300 Ducky configuration | diff --git a/home.md b/home.md new file mode 100644 index 0000000..db9fa58 --- /dev/null +++ b/home.md @@ -0,0 +1,91 @@ +--- +title: The Grimoire +description: Personal knowledge base — graymutt +published: true +date: 2026-04-12T00:00:00.000Z +tags: +editor: markdown +dateCreated: 2026-04-12T00:00:00.000Z +--- + + +
+ +
+
THE GRIMOIRE
+
Personal Knowledge Vault — graymutt
+
+
+ + +--- + +## 🔮 The Grimoires — Homelab + +| Grimoire | Badge | Purpose | +|----------|-------|---------| +| 🟢 [Netgrimoire](/Netgrimoire/Overview) | `netgrimoire-badge.png` | Core homelab — service catalog, host inventory, standards | +| 🏰 [Keystone Grimoire](/Keystone-Grimoire/Overview) | `keystone-badge.png` | Architecture — network design, Caddy, Docker Swarm, DNS, mail | +| 🗄️ [Vault Grimoire](/Vault-Grimoire/Overview) | `vault-badge.png` | Storage & backup — ZFS, Kopia, NFS, offsite replication | +| 🛡️ [Ward Grimoire](/Ward-Grimoire/Overview) | `ward-badge.png` | Security — OPNsense, CrowdSec, auth, VPN, blocklists | +| 🔮 [Watch Grimoire](/Watch-Grimoire/Overview) | `watch-badge.png` | Monitoring — Uptime Kuma, Beszel, Grafana, alerts, logs | +| 🤖 [Gremlin Grimoire](/Gremlin-Grimoire/Overview) | `gremlin-badge.png` | Local AI — Ollama, Open WebUI, n8n, Qdrant, workflows | +| 💀 [Shadow Grimoire](/Shadow-Grimoire/Overview) | `shadow-badge.png` | Acquisition — Usenet, torrents, arr stack, indexers | +| 🌿 [Green Grimoire](/Green-Grimoire/Overview) | `green-badge.png` | Adult media — Stash, Jellyfinx, Namer, Whisparr | +| 🎒 [Pocket Grimoire](/Pocket-Grimoire/Overview) | `pocket-badge.png` | Portable lab — laptop, offline-first, travel vault node | + +--- + +## 🏠 Personal & Business + +| Section | Badge | Purpose | +|---------|-------|---------| +| 👨‍👩‍👧 [PNC Harris](/PNC-Harris/Overview) | `pncharris-badge.png` | Family services — Immich, Nextcloud, Mealie, Vikunja | +| 🐠 [PNC Fish & More](/PNC-Fish/Overview) | `pncfish-badge.png` | Saltwater fish & coral store — IT, operations, marketing | + +--- + +## 💼 Work + +| | | +|---|---| +| 🔧 [Work Overview](/Work/Overview) | Cisco switching builds, NTP, upgrades, Ducky automation | + +--- + +## ⚙️ Quick Reference + +| | | +|---|---| +| 📋 [Service Catalog](/Netgrimoire/Service-Catalog) | All services — status, host, URL, grimoire assignment | +| 🏗️ [Docker Swarm Template](/Keystone-Grimoire/Docker/Swarm-Template) | Standard YAML, label rules, volume paths | +| 📄 [Service Doc Template](/Netgrimoire/Conventions/Service-Doc-Template) | Template for new service documentation | +| 📖 [Documentation Standards](/Netgrimoire/Conventions/Doc-Standards) | Structure, naming, diagram, git workflow | +| 🔍 [Audit Reports](/Netgrimoire/Audits/README) | Gremlin-generated YAML compliance audits | + +--- + +## 🗺️ Wiki Structure + +``` +wiki/ +├── home.md ← you are here +├── Netgrimoire/ ← spine: catalog, standards, conventions +├── Keystone-Grimoire/ ← architecture: hosts, network, Docker, mail +├── Vault-Grimoire/ ← storage: ZFS, Kopia, NFS, backups +├── Ward-Grimoire/ ← security: OPNsense, CrowdSec, auth, VPN +├── Watch-Grimoire/ ← monitoring: Kuma, Beszel, Grafana, ntfy +├── Gremlin-Grimoire/ ← AI: Ollama, n8n, Qdrant, workflows +├── Shadow-Grimoire/ ← acquisition: arr stack, Usenet, torrents +├── Green-Grimoire/ ← adult media: Stash, Jellyfinx, Namer +├── Pocket-Grimoire/ ← portable lab: laptop + Beryl AX +├── PNC-Harris/ ← family services +├── PNC-Fish/ ← business docs +└── Work/ ← Cisco / network engineering +``` + +--- + +*Last updated: April 2026 · Source: [Forgejo](https://git.netgrimoire.com) · graymutt*