From 52230f38758348e1e0916d7b85bb1aa186248d60 Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Sat, 11 Feb 2023 21:29:21 +0100 Subject: [PATCH] Created specific directory for oracle cloud --- .../oracle cloud free tier bastion/main.tf | 45 -------- .../variables.tf | 22 ---- .../README.md | 63 +++++++++++ .../design/requirements.png | Bin 0 -> 55081 bytes .../design/requirements.py | 24 ++++ .../main.tf | 107 ++++++++++++++++++ .../outputs.tf | 0 .../variables.tf | 67 +++++++++++ 8 files changed, 261 insertions(+), 67 deletions(-) delete mode 100644 examples/terraform/oracle cloud free tier bastion/main.tf delete mode 100644 examples/terraform/oracle cloud free tier bastion/variables.tf create mode 100644 examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/README.md create mode 100644 examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/design/requirements.png create mode 100755 examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/design/requirements.py create mode 100644 examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/main.tf rename examples/terraform/{oracle cloud free tier bastion => oracle cloud/connect using ssh to an instance through a bastion}/outputs.tf (100%) create mode 100644 examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/variables.tf diff --git a/examples/terraform/oracle cloud free tier bastion/main.tf b/examples/terraform/oracle cloud free tier bastion/main.tf deleted file mode 100644 index fb18840..0000000 --- a/examples/terraform/oracle cloud free tier bastion/main.tf +++ /dev/null @@ -1,45 +0,0 @@ -terraform { - required_version = "1.2.9" - - required_providers { - oci = { - source = "oracle/oci" - version = "4.107.0" - } - } -} - -#################### -# Networking -#################### - -# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn -resource "oci_core_vcn" "bastion" { - compartment_id = var.compartment_id - cidr_blocks = var.vcn_cidr_blocks -} - -# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet -resource "oci_core_subnet" "bastion" { - compartment_id = var.compartment_id - vcn_id = oci_core_vcn.bastion.id - cidr_block = var.subnet_cidr_block -} - -#################### -# Bastion -#################### - -data "http" "local_ip_address" { url = "https://ifconfig.co" } -locals { local_ip_cidr = "${chomp(data.http.local_ip_address.response_body)}/32" } - -# See: -# - https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/bastion_bastion -# - https://docs.oracle.com/en-us/iaas/api/#/en/bastion/20210331/Bastion/CreateBastion -resource "oci_bastion_bastion" "bastion" { - compartment_id = var.compartment_id - target_subnet_id = oci_core_subnet.bastion.id - - bastion_type = "STANDARD" # locked - client_cidr_block_allow_list = [local.local_ip_cidr] -} diff --git a/examples/terraform/oracle cloud free tier bastion/variables.tf b/examples/terraform/oracle cloud free tier bastion/variables.tf deleted file mode 100644 index 8d19fa3..0000000 --- a/examples/terraform/oracle cloud free tier bastion/variables.tf +++ /dev/null @@ -1,22 +0,0 @@ -#################### -# Oracle Cloud Account -#################### - -variable "compartment_id" { - type = string -} - -#################### -# Networking -#################### - -variable "vcn_cidr_blocks" { - type = list(string) - default = [ - "10.0.0.0/16" - ] -} -variable "subnet_cidr_block" { - type = string - default = "10.0.0.0/24" -} diff --git a/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/README.md b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/README.md new file mode 100644 index 0000000..fbfcba8 --- /dev/null +++ b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/README.md @@ -0,0 +1,63 @@ +# Oracle Bastion + +Simple example to create a Bastion in Oracle Cloud. + +1. [Requirements](#requirements) +2. [SSH configuration](#ssh-configuration) +3. [Further readings](#further-readings) +4. [Sources](#sources) + +## Requirements + +1. VCN +1. **Private** Subnet +1. **RSA** SSH key + +For a Subnet to be considered Private, it needs to have associated a Route Table with a default route pointing to a NAT Gateway. + +> **Note:** NAT Gateways are not included in Oracle's free tier. + +The default route table created using Terraform does not contain this route, nor it is possible to create the single route in it at the time of writing.
+A solution to this is to create a new Route Table **with** the default route above and attach it to the Subnet. See the code for details. + +![requirements] + +## SSH configuration + +```ssh_config +Host bastion + Hostname host.bastion.eu-amsterdam-1.oci.oraclecloud.com + HostkeyAlgorithms +ssh-rsa + PubkeyAcceptedAlgorithms +ssh-rsa + LocalForward 8022 10.0.0.230:22 + User ocid1.bastionsession.oc1.eu-amsterdam-1.amaaaaaazsnap6iazqwiktq2b7i736d5cgc2vnswuypa3iey754rlj4yyrvq + +Host instance + Hostname localhost + User opc + Port 8022 + +Host bastion instance + IdentityFile ~/.ssh/id_rsa + IdentitiesOnly yes + StrictHostKeyChecking no + UserKnownHostsFile /dev/null +``` + +## Further readings + +## Sources + +- [Ridiculously powerful free server in the cloud] +- [Always free resources] in Oracle Cloud +- [Oracle Cloud Infrastructure Provider documentation] +- [oracle-terraform-modules/terraform-oci-compute-instance] + + +[requirements]: design/requirements.png + + +[always free resources]: https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm +[oracle cloud infrastructure provider documentation]: https://registry.terraform.io/providers/oracle/oci/latest/docs +[ridiculously powerful free server in the cloud]: https://medium.com/codex/ridiculously-powerful-free-server-in-the-cloud-dd4da8524a9c +[oracle-terraform-modules/terraform-oci-compute-instance]: https://github.com/oracle-terraform-modules/terraform-oci-compute-instance diff --git a/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/design/requirements.png b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/design/requirements.png new file mode 100644 index 0000000000000000000000000000000000000000..325269a61ffba12cde20e18043d75d1998532a0e GIT binary patch literal 55081 zcmeFZWmJ@3^fo*eDydS^f`oK;jFQsQEh^0r(jAJ3ii9*$(#_BfBO+ZAL&MMwL&LxT z@8S1+d)NEn`SPyyJZt?C*B}h%KKI#sU;EnE-nU<0sVNZPQsP1&5CX-QvYHUc?JwZ3 z?Y*1eJ4JscXuu23J7on~$kp|qUro8u5XcjVqU;N8&*ZHcD`Ra1RQp~<1Bdd%2e;b@ zGafa_x0IB%J8YSleVs}8YyIvkZ=AJ&?N-wXrP&s#5BY6&A=!toUS!2{4um#2I?#^G z{SAI`>IZEcPvN&(K`?%dU+tw%RJ*o0CUO}GJG0^i)`zy9Zg z?{9FfUq3$Vy?%Ml^O55E^`1P>t?Sp8dzRNPPaglzFaOVh{g0FUPhk8H82n#_o(YL- zHz7}CX60pZ5V&}up5&x7nQEG_O2a|Y8xSdbzC;xpOG^ujAE?os$Y>e*j+?l5$T^>U zSIHgzT5#Y3ZJN79$-p~0^=FIF?;itX)W^=?BtQ=%Rbn}&S) z)aXec-^ErN&!#bAz#RRR3)c&;1^+qW^3~FW$yKh9yF1g&bkY7Yu?ZpM$;ogYlKbXO zY13v`wl`>ls*jpo+5F~oA1MN<6$+8wDF0ooh4p=5VQ?9__*;-pqjwpZw6o1-4mo)y zndMcn*=x>`dJlRbOB`Y;JNpEPF-KG^mmU`)C}_q?jx+6TyT%+#Nk zy4LLzs)gG`^ke)sx-vteQEVjN{>Xi++Wwbs($S9-Z(Rc$Ek*xsNohFg{_|~k9N}^D zS&-cr6YO!39kW&e}%>MbF=DfUs$;MmpAFMRUWHya^@8pGDn=fF(%l%GQyhC^51RkU;Y+Q#3ePUw;nlgK#@7*eE^vI`7C zN4p%w-PbQw5vdA@$_4F@I)h$MC7>Qm7}z4Uuv)@dE3RXJ<%uM#Z5#WB__v z>TPe0U%juOS@++}5W+Qatl;^{RC6=Y1^Vi6=F51kzG75~NwdIZh~v2{#uh9u3^(Q1 zA4nR5b8>KKR@cVE|DA7sxPwPJgt%C5cz70dCY2U4aSwT&ln)i>vmBJYOMUU(Xm`$EHaTo7{62 zz4qn#u8Jp{zCwiI@{aEWp7HIcM4W^%$c3(>X7`R}s=ZpH?zrHQISc9KmzdO%Jfdb) zj52Ha*bzbPdvF%pY-IhibMNWhP%?IA#i7aAo>92Lym4*kSWt*z9>?kxuMFaQvGg+A z@iAewyE|>wMgnWE8nrkdW|jA=;#U*zL*0B1e~Ocfy5ZcRQLU8<=MMun$p+F6miAhg z^pOo$zbI3y4&jboC>1W5sI0(17Ij)l75|3!{Tx?59^xL`7=vKk!g#L9YNwRunSlo9qI;oK&xxxaZ6spE&wWK)dFyuRFT)`#LS;0iCJ-)`z&*6O5cHg4M zlGD&sEI^1$sKn*u_5Hm)SUji0zuK&bOdM$*;qW1C;9UlkJTvz(V zIpH?SDjwCWxy*J%DO7SL_cYkxv;TM;+}LZQsP61&nRjr|r`mCQx+%U+iAga^+M)XW zvZ0HMi(*vjo!iq5K1NYluDHqu0rELGkgV3O35?wH=W9u&48h5=V;_w}-{3rNEZw~q zCLfJ>{^8_UQ8Tx_1>ck9Kw7f#9QZ(NjJ(YC5tFVQfDsX=6B1XtNm+1 z6LtK#u(4uC3mYcIp^p}YOo~cMD)t)ecfrXk2IkyLw@lsP-$$ETo zl*dJZZtDTo06rHP&!k+h6s3(0l|R#FR@77^kDqF;k;>zN{O)-5GikM=jKGgZjYnpb zKHTz;l?(P?3y3WE z>w4><%0wFUG;dz<1(8u zw6midr;8$_VT{&<=C^luD@A45RIJw3ULr=~*|4_}_&-IC&*`7aj}>X@q2AeBTF(iN(}qD zhmV`T%^@CX&#OJV|Yv(asS}SYm0RyR06sH_-c8cUZQXH&zZ}b|dQeRs2+65xY!j@(IDKt0)1!?Ismp0n>%E@wqE$iAdirp`4e!Fo zeZp;SEg>x+QP6%Lq#zR9V6|M>Z26IJYqP4j9O?#Yt#VRQyk>j6Tm$tk9_9aUSECrQ zkryETzVnNzKjp!BjAEQ_+!3XK!*r#W^~;z0>rDvSTG#nTgJA{$L?e}6X!zac6Pau+ z{q8e+O%4rEm5V+Yqzm-aYeN6Eakc1ioMA4A(WQBsbW{y^SA4epz_o-!~{r%)@`$M9*fY0)BWt6p&5 z#3N<1dtX6Ztb2ag^;AKDr2%_Padod9S6K(JfZ;!;P5z!}hmg21S@Qn{SQ2GG8VEdL zNT4qS+4@>6_#cJg|6o<6R~E=YUO&`whu2+grk0&An}GEizW@>FCbq(U7|~FjV_R8T zehJ&w%~oQ{Vg%aH17P6WU&6!j2?&*t)+qz+zvToVkjT652mUkn|F2S!Wd8}MqYOJ6O4L%y_BvZ#@p%8tG~1AQ^ExgbfsLwkb&H`&!U}0;8=}9u zEG{mrsL;my(1=A&H)LG z1V~^B`s)MTHRw@scKPZaG|$>p8DAm?JI-AQ|qN^jBaRgKSjkpfFboU_r^{yi08d zLKQ2yE(!}jg9CD|d4L<8NTv1t_@ZZzz}?-(F0w<+NvVt)T2NQX8+>C8Uv`mrt81=e zLAj@>y>pMTQSC5`ZXIispt3tLC}u@(gJUayRg4q1A>R7T2wdX}5C;P}7^AzIF%HQl{vk18hQ;n}jfntM^2N}oy5+%( z5%nC0u_}*=ebS0*CE!Dp*Vl*(GHbca^nZzbyuaVJ5*w;jeftiMooR!FP7OnwvOAp! zBkVsrLayIzyhvs*1=nHGSxj#dM^D%12NWZ12N`qG3Aty)#<~gV+=oE^ z0*3KCE}ET0CLrOBMGCh?rhM^hAuD-J>5q(xxrEy%b?%}_gD|6N)c`X;;JPqS20jrd zVbv&K{rxtd@)j)yJy9-&?JKMbUC9f~~#hohEIw|Ti^^EoS`Dd;u?vX29*!RJD}T5Jm6ld`n)HHDb}cA$=% zQwyw)#Ev!vZBoOs!I599s*!%iJ+&TN7`HROq9Xgx;S^~bWh3CEJQm5J5c9&43!J(b zwrI7G*&qcGa@IKeBcRzP2Lf-HP_lT-Yd0+$Ed6%Zx~^Nt$YUd}j|r?gf4%Aqn|ASR zsn=%ZHZFg~Td10LLK!D9hW$HVJ+$7E80cnq#a4Zi*V1=&n1klnJ` zMqEEq>ch9WpFW#w@IoMSTC%|K5zB6eb7xEka(dvJQg5$=34Hu->c?gczL3sGxWNkz zra7xUR_8ZzpY`>|VD)hzPq-HxA&^~KM`@XAxDoIEsws3!AhF1>PYkn7Q=XG|__tlw z-mt6|hIny&C%HVp9oX^y^~L3FswRUPY9iKF{+|0UNZzC zE$`HZ55dRt+<(7LH;kUGXH|@kqN~h!3o=J618#97>d_;2 zd&36U@XxGIw+E}tzo_LNhv=vp_bdz?@!X0W3r2WVIbYI|tI-Us7~SCK z6e%mIkeC3-;voPvXQOfAkP>rvQXMum%Av0E zMR>eLC4a=G>SuCH09Tr1lkX0?J??jxIUj#^lsMH5$f;}Bb$4Q-`>F(Wa?9IJ|17>t zTQ|LXHK2IP!3-AP7ff+*+_wp3z7Sc=9cSx0mn^vpa=9EQm3-A zBt6bcj}9`khIu1{DPPHVuA#>%Oa>b=lwm@rUcbtIJblW5Uybm_FmQ>9RU9crF=D(; zjSx%lJde*EdI^bD=+TDNU-M*faYnkFif#e|BF}iuh&uaCe*-w)Fxvp3O$U(piF&OQ z=1=*=u*~abp3!vOAbFV%mG>M=9Ewr8NoUOM01)na*dM&$w;kEw4f3|i7>OC0cs5jQ zSNCHvfK#jFV;Lco;6f~@0xMzWFw@>ARVf64ypaZ-m^$OXQ@etAE1oox)*MSBB4pHj zmcBFcs>5_F#7XN`gO}%EZ<08K7X?11!3N&YR%q2*}9Lb=Ue~1;V0BnA%c9 z4URYfE^frebim(}QH))AUA0P~X6DKlCj`JdO;>sdl9FIMLwWII1Dz@-97R@KGYBzixUO4 z_GWzV)!R34g%k9b>rhGndHXq+-gNdzk;P_6ScvN;MTxE)L|mz;(d<>8jg>yTm7p`g0K<-?PnPWxO`u*ga9POXNu&EZ~Y$XSq!Dg++xNQ(hg3oxK zY(JsrP6aYbmPTlGkUZ7BFjE0XlV5M>iARBdmlM|T-RzVx=bIq!Gvb`N^vL8kqT2d3 zXzlK3cz!W9v$*iCqE5(+P47g%)=979^#y@c6_9RI#2N!+2MEE!Rsr_F-rB(4`_v6s zLNouQqs?h1wfnJH_`%K)7rOIHJ38Insy-x(WLD2VrF|A zKcK4B{Z>!w$v|LGg20H3Vbe*Yf4T~v(XEzdx`tw4?!ok)sN#Sz+kY>wMPoq9d^rF_ zVnbjQC!*}a1dj#V{|srma#Aelm;TF|!0S*=u{Zs#;mQe8SSCpQa{(l{aviTtxo0bL z3luoPqS_ahoN*2p4T^>CY294RATe_Khu(T_+u!z0-K2D3>ONv(eDZ4vlZ@TgegM>~ zJqFX097;lZ4SSvV;L?wu#P=lCY}T4@&en(h^k)mLm4X{s4X!k8`y6UKBl*u;={^JO zmlqWw!(vXnpjT1@E%}i)3Zu3HHdKN@N7r2Fz=zpb9QCa^Rp{BhXEo71;k^YSd0fTz6uJtoG4qLZxW}21`kbRwY)f}K>oZY41GZ95p&w5GgCk+Dk@v4Yq2m{ zSSf;>DFPNTPpcgtw{WqvuEHTpVDj-q_g|(YRTP7&Ad>i+L!H~1R$!M8tnw*`XIbj( z`}XHnKTPP5fVOf3xY>!n0N0^5T){d=d4dib$=U;-!$ZSNggidCqyY4PUUE$*wjvWE zOU-pR+RWl~bz9rj4)ez5Lb<21HUbXz+q4u2&CNc5%`jeXCd6+_Na7d~Ur=UrMK7mZ z`!Y&kZi@Gq@Qx;pNsaaFRH^WU7A?3o(9s|UT)XRwG@E+awj5d|@6H{Xj^GDV;`pb> z3W+Ll<*k4e1GHUpm0+a=B>Q@^2FjU(97+6=ASNs_6E#J*I_@jE94y6s?laPXn{XrR ztkkLN{O66`wE^M$1QO!&QL(cD2Sn1CmSFYfWT9QK606aYGv*&JaZ%Ahw%v$r75hrx z_pqzI_TFw(J}k+h^c{y`YiFmAK+{M%>w+au5cNA*VIgrTEM%s z9IDDrW~BqT>JzIc;8MDSV71kOZ(lD1#u}Dz+y2op>l+wQNo1?8(x&MY{4Ch}H=6=b zth@k_?Z{i#rYTH@dL4F)!nMPYFeK;B!kHN3_?+Hp(pbtl{>vkM{xHKP*Z%K7SJ`3* z6AI?s{DXHO&v!`ngnW^v6~jCEp4)#WF3EoetXZpL(de1-=JP;$<^n=cVQ?7p-hvE+ z`VsIf!ELQhcYEUtiMg-$?}98TdKb_l6?FSD-fIP-1oz%gr>EH!xi$in!-ODKoNod% zCg|JQ9qvP|tg8&8Bepya&h{>RRHZn8-NJzxn5!+?q9T8h8wi|!w!i}nv@fFt9N#m$ z%Nvj!lFJpH&K`0>+c9N?(ZA5&z}xaENpa<3DN~*67%p76(?pRu$`KI-*M$%dIB_1P zyB!}9y#|M~4oP}kv(4^u1@d^xg^CsAiG|t*T9hDs>uO^kUK7~=4b|dC)W}Bdspp^$ zc>5BGT|CkAz`V7DJB2lMu^hTpAJ45UjAi4W{wC)%Y>0=)6lkPt|4iI7qqwfG5jP+Y zWHJXOd?`z0BctMnz4S z0Jmw=eOxcM^PO8`nkCsiF7d!w-OIQ*GK=mw zC-&_XTPn?bl<#I3QZJTC;-A)%mf+uk^0QNOt{QfSiX$vY?q z-fB+zkz${#SeJ^1^ysW_GhxjdNZvjnH^aljzp48kd>vKYsB+L$cO^xW)9yLUe(P%w z?_PE;)`i(yEbF%SH6=GhM{Bu{f;p7Pi+h%xE?`@YYH4DNZj)mj;*5-p%k-PRnC@71 z(_DupZlh`rS8nl zKK#$Oui?%9VAn7`a&GKqsC-xmA)Q9O%7h&kA5m1#vSErEeSBRkS6|$BaHftx$byS3 zx_Pf0+Q452TV_@07D~G9|DE7}-E@9TCFYw|SLdZ0A1~a+sF?n$Hr~Cgy0Wy)<2_to z!&MF(_B*hFa~px5%gW?%qY6VrnrwSM5?p)ibh=U0>hj~wJGkZ=US82E%-lu==F9sQ z-Lb6Me0r~snu&7ab ziNo!o9NRk{v2`HLfvYY&?2YWTtv@Y9#=D|DSz z?sij@*nJBz8ldY|+e}qE$JzqZ?(I2U646pa-4FMdl?}t%$5{jV&RwSZCHW{Kt|`HF zo{tn~Vr1MJuSSk*#C9)Cp_|b|#SMuQSC{u<*iF;@Lc(i&ef?7e=y`S%TZk{{Bx;>8 zn#GfDDyE>?gzWP;Sjg_U?qNmE&Yu-%7kJ^39jzh7E!dQGvu%-rR6?;_Chg;$=O-8T zyuI`1bAF-L>F@Re^T28^9?D9}s?j zh-0Q3ZAzQ;%ihiS9DAeJxwuMb#N8(9Ewm*=DpVw205ZJ>OB7M!j@o?*2O+z~WRjICdmmhBb#c$0C@zuQ`i z4P6CdI-ciQR%C?>1~;}xuK+0W2MT^5T}285m%(fMD~s?ZwcY&}&uNsHlw@TdDYQN1 zI8|?uJDe?fc(_jd(IDJy>mOouz?+m+*A7$9$$Djk+H0!v9mFc>6z1Ss=7!T5HCs0` zDlT{Hxw0;U2H=N)XcS3^uqE3gqzurD&Qap2Ow+lOidK5Ys zB5cv&_IPo{T=SYrsCOlN)LXf#lmREz=s@~baSt?8d{33(c4i3CO5ac3s|boa)HE>9 zQEx{k4+oT(^R6k#9}q8M7&tH+H^U&kdPYU(XRn?F1$8bv8;Oetg}i(Bj?aLiJUA?@ zSfOvSq1v9%mn_nMATT%Lf^K?qD6__By*yW)dKh}tKRrD?)UA1yEuaOuH|3=-9RN|Y z=@50<|AgX1OI_S`+n!LkZd5bI_w>}qpTC{|6R1x-rXo*@ zNdQ2t;u<5yx*m{%+~|nFng)N)+MuR7K?Lx9i3kn-8m{D}q~faG&2mbS#4E%sW)Z4e z7zVzpq@r?_1YocHCJ4e;VgnSR-@fqQtc7^Yd58xmZz! zu6cJ5(E+udO2A>VRB^ae81CnX&#meUZ)&KSnp{Tz%l0WaE?;KrO>QW)2^~GFDRU|t z4oLZz?RGFIgL8aZa1{93gz)kpO;xHRoYMdFH}vcM`zeOPQ17+CW+&863XP#44R5I_ zs)Xk3WXt)g-`?*$jo*KBxXi@)kdoh4KXO$rDlb+4p0eOK68C%Ud$F7OHW`JO$Se97bD>e_8? z(a9B@jCZnq6$Vb-EQE-1Gjq^djYfRIps>2Q*rc^xl}S;|>G1tZj?d**A}n8%O-9^H z7t`py?R|6v7cP12w7s9*9Q4`l;{10Ma+8K81vIQPBjky5Rbb;;`E_-e@~R}zUSUui zYMv2~=l+Q*)ff(DALG)mu78s*z1U3kaCfPUQ4uu5|Nd>4@L%J;w&loh2N9EE{qjYc z_PWc3VOzIO5l8V*TAAWOoMG{?^tTJ;0q+!7S2q28+p1naps)Szcme{YysXNNFDfOR zPQ0LR-14L&f=1B2EITU{wh}7ijww*C8M2ts<2E_uS}1NI9D^JCp9?iQ9mM_D$=!P0 z{3o~~m-u^;no7r1&3qZ}V1IBZV~qr!Cm(EbDaQ27o)$=DCO*fQ0vElzAvYZ?rp4Vh z^M}_{@8W1}Dxt%k0>*bGu?Sk2REE z6rWnS@sosItbTZ~-g|w6H^bFd8`U;^ znnOJ|R~KjUY+Npi696_O?cqJHi&V>He_j5mMaBa?y(i{(*7UT|=ft5WhoC*27V6IU z!%ajq)tKwbVe2#@VJ%jfoMP)ew(|xURN=FL;t>&n&%${PelDS%1xy8<*biy0ct*vP zEHwv3B^7TfvYadLt*d{Vf1NHQD}z3VZ6O_h_mFdQnTjABPx`}Px{6VZ6x~;#2MCx3 zn@RN+Cpzg29&&;vXVpBsZ1Ra>6crsVQxY70YxVM=KBs+fHJGEJ4@N5e6fFbcRq!1HW_GVXAxx zuW`_CaN1_OfSJ;vRbhIVnf>bWe!WKXu8g)&sQ;4V``*a8H;Pf=)Z=Lzy1fi?-_}h% zM+;o6ucT7cR#z8I3LP$Nk&>e&`e&e>hX(8)kDOIwi0LW6kj?D7lVeWue(x#=)O_+7 zD`=>fIAlZDDnKhm3&6f!o!8oKfK8J){33(0G zk>EMv*Do&)Hz5xK)2L}NQrRAtuF-r(OHL3c((!8=*3GT|#E)I2*YB@Fi& zDM)FdFqu(mh;bHQbt||e4|DKBtwBA<@A}zZ>u%HCUyP-Tb-|>A@A%w{^<2KD$jHc+ zTj%PhHe0bh@eEI&Mn^@xGc%);JTxt{Q;Y}GA4%PZ;M**h5)SPntT<_IpQ)vR8gJWM z`)l>XxjXvhgg>^kMY_Mgc*>(_XFd^&EVuV5*7aHWyGN9g?SuBGtn%LOwqO;`k7w)} zTeaM8`VoPpyDdqyHJ;rd^%Qtg|78f1vGKAq2Egg*ph=`J$_)hSaJJOW$_pKBLpKX$jXi2u8)}j(d>6=f=D;4i6qt zOIYk@73y(WVM)T|U6yv!pN0_SYqP;%o2Q>XjS~fkfpPJv2CEu$vC**ArN-#Yg^aqw zao)VaW@t`dqvqe@+z2|!{eXX*^Nfd$QAxWcTrKC^WA6>5q^lAJfEaZx48-44Dp!1*{x4r%W*^dQ;Js3|fPh zc~g^&=DUULgH-@RTXU~|fl;};mzeX@A3<&#g0+jQHC7#QAw)Y7k0s@ynbPTbJL_IM zhxx#*dt;OoqY89R^aTRK>y&h|Cs)s;&?y>GS=>Jbj2hmpj~>Aabl^XZo#{ZKCuGdq znyU)bF)6PMkBAbwm~Ks_moM)T5e>+)DIc#5w!+U3r|Zm&3JRGzML&mQX90?0w#%O0 zWm2@AZj>u<019ks)ux31>72puXrh#bRYk-Roy1mk8XB#|Ot3x%+p1{=X@OeAb!o)F z<*21gC7+td{BP*$2U8F9q1%ZXd4H-wqjyti;Z%`L^wEHNp$X!}e1=>=lE}{Vx>gh; z!DER=ub$ECDYB7z%u-rMqt}7uex-rMG*mfN199{&_GzR>zifF z{TR%qR~(m+FkT)u@52m)mE*|lt3#b9ETN&HMwM?a`?uGb7!+7?!9Y_0)|ilxP*4I! z3-xA9f%2*T6iO2C`et&8rGuKhc0r!2CClsO_<9Wn`*OHx4uQP`PyZQ~A^h967m7>Foo!zzhMKgtP0=l-L7rzDmUn2$VmZ#d1-fPfO)3j})n#al( zmX?-5I7BlwS8pzG2%yef?66Hx3G`vj`bX9gpoe5uG}T4i;p2w(K4?FRNG43<;?Ew+ zjxlm0QV+^kiDIlX2HRlrlOIBG0^qY?aAwngW&x?F@i=Y#tbq9z%OBr8D{f|ITr}22 z%sE-j0_HrQkhS2a(H84Ac$}16`uU&`0R#GJAgV*-xag#uV`8h0dM5%#9TPBiD{D)Y zc5MaSIt8E)IBGv-KV4re-S(|r4B<;5V7L1V$sS*bv^Db!q+Y1`y4Xy27RIPZ1AVUw zBo`hq?kB~IW?*2(0yL>az58B-8{K72fUvIgn(F^~H6t+H-Mum3g@=QG*1pvWzdy3O zJ6>u710+1k$k^C;tY~VyP#sz~y-WH%D=RBIlst@Dh*5xXNhbGJd9-wi^+*xsC#Se3 z*KYvm(xvVAX^+rJ!p!Q_bR;C^MM1&AZFz$zkIh*bhqY$-lz%fGc`w3g+fe?phFddh zO<3l0wawV)vzS4hCzKZ;3sh62D)jdj42;ix zv`aMIhDT{CELFt4mr7gi*bNS9AXHObFE)@)i!AzvhTbVsRX}BF@Yu=PPELq?KuP(C zlG3?-^APJ5AmlJ@J~v12;E-Lh>;g9P9BAg{GO~ZCL<4%oyiZ?=J!DTbESB0CT4#(Ma^Rl6@c}1 z6eV@7_Xp0~uA=f%#QF4Jel$z{$(E$u-?Hrcqu1SxzTBn2Rfo_T!lii7mK>VC?^RHjOQjNiBBub&@ zXb?Px zB|2kJKvRb-QG?%1&s9(Lg?gK7Ysci{RF;-LJ|8}Xu5!PB|DFe#VDKVa^8%Rp;L=e4 z*Yg|1gy#}GyHgKa8D^UW=K<@6blwLd2iyJo_n~1l2V4w)v~ShNu~k`KwC_mzQ21Wz z6OR0vCr_&0J}ffm`D7;Lw{Jc~4;&h_ zrGQw-ZQA($xHs|BCr`87WO1MN^OdlH!m-Ye-WC5i>C!qP=(30DO{J3BRg=6uJ;lhm zfNz{0t}pVx&UG|Kq$6|u^8!=Va*e9ZHKKD=b=X3SSg#*In+SXJnWM~aGw#$g^I_rV z+|^HCqfLxWuErMTC(_Mwf01)rUPxX1!MNZI3|R{#2^C#cegq`OsKzq3g(V3DV04#Z zmBaZ=0-Y9@T%k#gL&R%82h6F;x&8hyi#mSlw7Jn46V)QamuR=P z`vakx_QO5sL86Lom0?vCm5^SM_QZJS6}D+CCKza8&!2syP#G8)6PDoUol76e?!lf- zRl3qjf!rqK|A*1+10y~C{7@TSPClPe@}8K5U1oSr-%lc}<$E!z#PNxVzDt+Xrl$D| z7RPhUX9^56*zsJn3{TLy7pn1XsR?s*81+R;cDBV?Zc?E(>Vij}IhulY`h2BhG(OD1 z7~xQAl3jl4-#dQdz`br<`yO?9K|l+{hsN#I^Rgol9M@fjmc#GcZW^U;TI!EBtjs?Z z=oH4f^1g>>GAaTa*8GqU2ZQRVkMpZ_wA3HEuq!hSA^ikof zpzT;TJs_n}P`oI4rCp%iwL1q_Ep6xE;@ZL1Ra{+GaBrudgF)omcLT5_QH=Q@J9<#* z7QU7Y3K9_$C1o`nnWK;P{clO)(rcTfWC@M$XqUcezw6}c%qLN6SUkM`eP-?SwR)Na zkm`o_G8F(NCvYD}pwTjSFNfKFJ2H^$Qs+(wTpLjv{BgU{bW_u20aqU?L}Sr1YokJ zmgA7iOA5NB^s8Gz+khFJ>a;aPzvIQdc3Z*H1=Ti0}j!I_~Y5q>&`_QbqTnMZ}HFG zmR_V^1qBA?a>=_Nyqe5Fxx(kFnl~baRAAO>(OKI*J1q5iOT5d34V}Pxl%fC z7#rM=0NA7PY1uT&mwePgj`_{<;SJ6(|1k+)n0$rz^0#%wfH(Rc)o8J*ii)SBFernj z22KE5{^;dWIJRp&SdJtQqnw(Y$lh`RKR6%Ed7!8=wdn^M3tuZ57?6emU0 zZxSRrBPl70Mh0^1{xaffYjY$Ub~YnG**A$~C!me$GACuHoTUS^1mHBTBdxVnD_@(L ziDLX@p))-wHC1rR4@sXgJm8r!Tjw`*w=W?k#uYQv))UWVsINa#Vg#4#(FGn;Q(lfs zL_~M8NJJOieF$u^pRGJStt4zaBv7}!x2Rxs-Ij3rbJgM(CV!A_#+3lAQ9>2~daP*`h%KDZX993c~6>;e9EWvk{Qo zZl*~N+g2sg@`!=_`LBilDnYC1v%+L1ARp{;oCXN@u(Dx<-5^`g08p4A&-)d4Wa8E) z8X{WWFe^qG7N<(Ow3j^%IX^s~9InWTtpdbmZ*Nc7(HK?lH4K=ftC-o8n15hrXXmY} z%Y#`5FzBycWIRz8Xl86&gg{)SO!?z*AFj*EHrk_dEI@Zcku8RCy>D|&20<}iu9F04 zUL3pWYsAu)iR@pXx(gMVCiTB&B_ktC5%b_xylyT0m&YE_rV7H4B`%mDxgZ5Vk52li zW`!LS3bn)UPy^bgKTc(KzQ|IjpFb4%A}E4d%Jp)3A_5^^_AXl~6G5j{HMz zt+PDp_VYP;+&~g{8AodaYTJRIRlbdm@^W$%*YgsD*z*BU*mH7nZqtB(aP!pH7n^?t zht<#qC#OL3K)VpKWDZjE{X`X^oz?r24Q^^s2PS65Mqi4UA2)Q^km`#pI(hngAjxND zW`ZJ53UCa-?fIK8{FF@Hwhj+IDcT6jaTsTHW_4*vNWyX|hW+IAjf}=hv}!USGN_ONO0a9ewOyXDrrW!pD$Isx;SIWPd}&k1FDWOSXJ+%9aee^LGy%Znkv zwKJQ~n?Xr&R)g7Jh9Pt83x(`kTU*tEx^~$47Rd7UpX0NU#d-k?+=!ft=Y?LOalB=` z!#UWqbhpXL$x+z9QpM<;s*RDV%1RXn^uPRrDwtjbjVLz#R*uEnx4ai82AKT`U+k-E zn}`B#A-&za@qmP+(tCM7f;v|LE+y%GtTweXH}@~w=%nAI;m%!zg!@wG;L{K+oy5z4 z8wsG27$9b8@|gM#7jqSJo%6?Wtk z`Na!TA3`-rqfQAKL2=!X5d~w$24J3p;2e6q!`J+EYxCA=N|xf($czc=tLYgUGBShd zw`C^NeoiLlP9be6Z8M=TWusrOxJR18R8q++l31?vjiTJy5aUDI{^ z4vozpE=T*4{OxYY5Qgx(o_6vsw!=JY`QdXFJ1+tz=gSV&{o07#U z8K;q`s3^`(ebfCqg@>$Ae$i!kPS#+x%A!(O-Nfh@P!Wbw9T1Z_`Ww4 z+n#45t)veP)GKFKC$aJHP{56t(!|&pkK!+g^FMzymrHQMDD?=6j&DUgTs*)a)Kkl0 z=o=Fk&Ug6uh0}J=vw{@DGuVKiLY{TJZ^Kvm0u0|P>Jkz`=?0{EP>A@SoodYJWP(-t zOiT5Xmgj5?g$F32AI<#Lc-15yb`cU@WKgxRHjh9a%^zSsAPZ|?W9fb!;qvnBZ9hO8 z1Okbneb)O+c4B;-kWSQl{EJ3@e*S!VIvRzTDffz&PAlr=;G`R}u(d64&~tUwKB5%F zC1w<7XBTA3&fCNLnvu6#%Cme-3q2_^Xb7*UsHlm6KY#LX-{gAfUq!#Q<=@<2Sqr8D(8fE-pL^tP|JmpVmzOs&RY z226mk@_f{0yEy;%BDTR(A~n9IMri$^^v-NE=cBJAlrS*$W^a~hVSc^Zv(Q%wH+l@K zb;~Z#w~d6W@QrF-`^9em!D2yeTG&9s?6NY_70;boIISaC`t!qwjUK09kIfZ=<#sYo zQkeGj5_wOqmngu|ttczgvGzUMu&^!IIB&qsw{JM!p!GXG9c*pGTe%-B?Pdmq&q~m6 zb@MT*a>!JD_bIZnawMMH^qIiEXCrt%&YI%C{|ch}8Hwd@KH7+}MhoR&`M3U;nRkPm zC{#cTw&45>lRxD%kF5iR5cIxxQE7p{vGG>Mode5(gc6B?Ncso&#N2l>u9rSP*|~pk zKuURwO|PtC*tQGwOu+3nl(Ic7y-vO?;WRqdjc%Kkxm+dzBFrH@G@`b>m8`@_$$uP& zGMxz;PpPSCZrv(0m>M^?vIxLFKBi}sJ;+S+Ia-HVS{}C=@H))YmQ0V=+Z%DVUdO=m ziQqr@<9Zdk_CPOM%3{Q{=e~F`VPGKN4!yhwU*R+Y!1!cs@F{`c!r}rh;$~KH@%HYI zOn(tNc}vTc=wBVUVa8lF2K>Ed*Wi>_3l8=C)YpHJS#=;qloOSZl5%vY_$pMFEe?m3 z5#UNd%fbympWHkzY6A_`G{Fx2Q0X6gYx5V4jS|7_O0hSSO^hqQ<3mV|)!h5THid1@ zP&PNcyy{3oT#gUD4DRA7A6WJ!mB#>Ghy-$y@FM?Tj=lJD`&5mC4aMke%iGauj3Les z(SYOc^YX-D-61-M+!xOtC0olbhT+3SFbfk9N1Ra`u2VAV+9u)eNNFP~Ds*xOAi zP5oY?guVC6m%Ha4j-($!KizluGn7RwRWqyTwM0Nka#TY|NCe#R#{vXmJ-4`dv3n_l zA^VoGMYA3DJ#1VF%%tI7A0q>&VU_N)-h1>ljx!v#Z>uel-#~w8*^v zWMH?>O*Xwj>X3m|xN$|bBRZ90eI2)fa0g{n?0p1MAE{I!c;1;+xY~LU_u%o3=ON%R zQkoR%#dnM5g`Jw8PBECWBvRm~_p~U|No>aRe(V!xqo%8UyJC$7MEa(slM0(-%J z@mx17Nq`0*y0Z@m-oyOp{euHM;-&2*;cn&6BBJ8wXA3Yp$Uk0nZgs*V^c9*U#M#M> zmxt$#Fp%+{JpjqtB!;d^W%w{|@W!edH`G?3>;lQA$d-9XV%dt{0H@ z{E?Pfrn32|rmh}=JzECHyOfo6f}RD>uCU`*)_CM;3cl(ofgoeMJ^UO3)8xQMA>H>t@NWp%PRp92oCf$(Qh+H+DBV^DX_T- z!NmAQmSI_=+*|YYrjWf`!edC_O*&IlCtQQ8q~DGOL}igZ7T`j?gQ ze*KDyohsDM7jqgSnUP}p-a5~r-}rZ;P0mYC#kI1#K!r(Cvgs!J=Pk&;&lRCs$lq+W zd_<5}x^un+*?6kMKmzc_ECk0nad2?N7aO*Yjg2Yl?yIP(>cLIma1-+~eF?zzGefTA zy>K9HpIYYuoJVhiiOK&JAkxE!?a(pD$IU2kPu5m-U80^0yt0S?2I_k)>NinGJpk2VVeR!YJ$m1n4_&_j>Us~ z?RvAR(bf>c4Mq?r*XbI>qs<;*5cWowLyCDGj;LfYFJqQ;?I@*e|L4JMw?TmTFMh(PPE-qb}y9x@qy7rT|wM!UyNX%Ew?;-*`7S9BO1rL`kEG!&Q z)fO!oP}fv8)nTepIP%|zjAzg*B~HWY{r%&W^*v3^DAQ(7|MSt}q9PSHnPyqpWD$4Q z-@jVK2Ec$h1k!yQ7mo0DmX;A)rl^Jj)LJUxBB_CDfhV>rHJv8x8};2?rlwDAbu zhpR3TJvb&T;;|Q1T%6)i(d2Q`|M&jl$aYmlMUtr1>*$<5lDIrIRn-gF@Mr#9wSseU zEA-s^<3CJNY49n#o^QGEk1kA_X@QXH>!q*I;Q*K`7dWXfB#u9TIiO{P7nGrIyF6gGiIpt zr+q(bUirU|1cW@<3ol0{DSfBT7CdMHio_v{jO!bH<^GH3*6~cUo3e$toCd#DUp|5p(0>kzOq^0iA~oXFdJ3kmO|Q;{9_|I_T$BbF0E> zWQ7MEH@9P7E9*B(@p%t3GvZhu(m{4Zmv|&S*?Mdi;Ig`nqG0@+Cb+`h*QwFr-XJ~t6SJyt>RA&aw&(DKN{-{dXstnFe9m0Zm z1O)e=9HhwFycK6`^z|3_78QTL;Q&V3?k>f_!`s{2#3TT%3K87LxAL(+e)(H^=~JkX zfZhTW+Wg}^bdcfX;;7W!(d5?6!QVvRJaNeEpi;DyNd4 zm)`QvS9gGvUiYl6uQMbGs@0*>U$ZRg>jUtYT8H>2QY;65|2v z#Pn3FVXqEvtt18Js*e0uV)=Ad_dij&Yiqdu9?D8eYlDfGOP6fUkxfp!CI(r{O|_WO zm|%O(a+m_SJjj{eM7(mV!BixjAdH`OaeK`bYxn{cRkPM2d*H)^SndF^+;MbvwggQe z8hOk17Mft|>%`vz(5%O5Q)_Bo1a@Yc^RTcSZmmiOqV35`$*8=VTxc8p+AZxQz^y=m z+2V7~DZnV_9%G43-tA#CBU^LY9 z^b-Rc@DU0%h?}RmBPy^8iwL4_orm-zMfPoMZUTP=@Ad1owKXd5`_iLl$*7`=+gvs_ zv&9YJSd@Mk4u>6=k4Yl(%F1jFEeDnlL8lI-sA!IR5iH~e;x4la}CNydF+YQGvV z3+06%upsbL1#w6Ghs%LK_J}mgQ;}n|>U&Y85Pj~Y+D^918Y0x+%6*Tx$9x%yK~mO0 zNA6c`GgfOKo!2OR;N!G0-eA*mm2|zbzTW#m+$ZR}gq#%J!FI&UZ10laA0NCufbT~Q zb}klx134y1qsCR2=(vWv@GOuJ&Gb){F(+p&Ptat!;_{1Ki~UTkWkg_pK3bI$b%w(#NTV@#oG%6;zvNmgz#_qy83JG~ql=3R z@A=O5WQ({WHJK9jM6>9C7ZSRMyZb9;n|?aPCxq`jtG&Mkh!TOs(CZg?)y6P1Hpk;7 ziQ*HipzemPse%Wu&aD3VD@G$;B;WgA>&M9)wlCF7uBMn?25qTz#;-4Kayt$+>-C0% zwdhVwdkmZgv{W8m9v&}L^kFEJrd&`|k;7tAv(nQzB8|TR$L*=%XR)%c5SESlg- zW-i%_w6}4X^aKR8aQ#zY;NqpGq^*dGK!ODcHTbU{Wu8PyPz0;bKz92b*Tje$%R8C3sSo1Wg%)zy{D6&(Qqp|(mnCOR7H@X}F5#Yj_=jv*5eULeGtA0HoG#kM_R zxcLj)q*6AxGjfzYqWAdVjhS(#6)Sy$>(=E2QaREFiST#x1KkiQ2H%8IM1%|9+)>8HQmX|`*)hK#p`lO!rNuvZT2I%12?=3?NxtunjZHi}S=6bmqPc(kbF$p^=f?f0V4%={Ow=nE^;nrIGW&Z#vF+XwCgp`adCWw@)F$Q4 zsb2DOIxYdD&1TUGenToI?SPJ*KPB6}XS+tcAr9fa>r>X_*g#%6X`qmd>VM4Az6Y0o zTmO1{x7I%tUelprn?TxG(E>%JbG6Y{S9ilG@qvtI7zpb>g%oFkm2B|-yC)X#lnOV_ z`{U2@)Q3_PUO+}bp3?*`Z*St_{ZsDiRZbuFxT1Tf_SKXQNSaVLpgth#pY%;w3)D<& ztKd3A!(c}aPXhqg0O0OG_z)>9m9x&Gga-`mjH0XOZ4ztv?%RIM*4Dd#+uoU>ESW~P ztqnoy@bXkdp-eEl5Xi-QPM0&ry)-M+M>voC$#;7bk~GRw9}DRNWA|UThCdkmDo6Ey z*iFE%{l9O8_y{!|2~eyI!dzc$O&p)tsZBfIFJ>2PY@Auc)HO6&87_qvYqq(Bg+7bOZ+n=?zFzBfM(A$LySihkT(J7lbPykqGv!GF@Z#b3i z(c*ck$+@+2`J8^LG?~ZJrB#83WOrhF3jA04;;yA$5FXKks9=DNP8+3IvwNa@b#lJR zphCU%_B6RJNK$flwtDf<&F@F?&d!%k@vffUGOdQCwbc;N3#!F+dA3%T;P~h`ADR-I z5=AD+NylTdp4LKn1+Q@c<{!w}s%(5X5!m}l1l{Qt+)jI5n7pcLFung06Ep5!Wm0W3 z^VJ;O|Hbwc0k4ITgH-=&(UcLwpo}a5msS0F`>*dzdeRR@2rT_K4`@d7=3GUm9?Vs{ z#XegyJ3t1w7+f~S6&%sEBQUF@70<)*4XIiY}byDO^odKprKc* zmN;YmJze86$;cTmlJX3*TSt{Nli#3)GkSV?&E%<51cwEUv$B|~p)# zpX4B~u52-qU}X>jjb9Cm&Nd9&ny{H~pig2jpkib_#_J6u?sk$G{w*ObU8GkR?hp$c zrXM_jHh0`MYCtcp}}KVr>eS^ zp`Ko71|YNkOhzJJM%~&QMFoW_Dp_PwHQPCWMUQ=s@s^jCP)Nhk(EQQgW$ZJ(D$|CG z;4xJg=q?vbZaUIn8nI`qSC;}b5tTUIXYKFv2lXwew~N4!5!uzOTROf}D_fwrA2cjh zY)OjFCa;?6?~lUBD(Crb0!;K`3U{K0h9#%f+i<@JNCXF$t3LokP(>BCKi3q`gbk+E zc)%M&*vi`K$>YxH>36GN04p=!Bik#Vs`~e1--7L@w$@jSx}UFh+*$G-Bp(M8?Ca@` zPCE&)skaAzmW#M-HjXc?wQ8akwm0`)o}8F}77OSopdL=!<#nTBp_Md-+GmS%^SrwO zfjR{Wy3*!{XA$n;H&GDau$gY3o4e_+*=Evhv6!q5>hl?nHM!w&=(>=M=CZo8+=Jp1 z4z=mY1CX*mR|UKE6;JX!b3)+XYlN`+jMjJAx5u$4@tfiTJ#7juDjNnQY&o`8Qo zRnZ-f5|QI`X?Z=L7epOj7mQ7facT2%Yf75p>jKb7ZS_`H*Kld6gc84jg{205{F${T ziJ)^*p82JFXlPy-f%E3{;!0wb{o$bwkF%4b^X<{+y{D zfiBjoBu-Bu2MFG&tYfgY%ElISTOB zRVDVW7j4_wU9TB>)V-pmieUz=y1EJ2Z;47$xOVSO=|R4?R>Rf}M>2;~0*}L|jixEl zV2x~>Tgl^iiw)*R*QqS;Du}`wKy?m9(!Js0@+lzU$ZS00%h6v%N0X+8#=W_weZ>*1 zyza>!ld;B{{()8c1Qz$B?B4hNV{gC)fX~+eh$f0m_zf&#`)$+t73<=M*CSpFSp9B) zq(`0|rK|+TxU;*1eO0VgBkZ1$o7;VxJOw<|m<&YAdk{KeswW}!!$``DA4*C|iYaKe z+&O9Z>mBQqq=~{^Yr7tO?K(XKcTnz-p0O2-TzIyYMdV5DD%`nUUG)jBtFR^IUGhyF z*K5!5d(k6pF_uLc+UR$?JX7G5$W^LU26$KqL=oV7>3`WaAuY@xqrr~E1p`B5(pt3e zG2F5xhX%hN2r$kT@2l?^S+<|v8E(D?YwiyheOQt)iC{CepSmUts$LnOVYZl#C2pf5 zAdkFwcrg}VtW@7c4IS3vF*Gm{;~}NU_&m6XmB)Ji__k&%VmK3wjGh3NC_UwHY8L=3 zEDamnyb5W7;DK=yBZ=UXz`$l7yW`oxkac8I@ZWTvYHGd}FSp;^rHVfy~pml~qwwzm>WH!w z?qBSjwhM?K@y*afd;k!q09XRTqtK)n-BWVs_4w~EqU5nLr86r{`j;Unq&8`P`H|4n zxJK$6K3%7OW-W`@ow?)}*lVAB!9A1chv8uwFVHDgNH~#a86ov$0)>=a)>f;DkDA(J zIA8)w^d2O%Sxz^{_A7#ER&X;-H7m%{G|hc;-d zPG6w1hY~ScG}n|6ky23eI&MNGUCZ=Lp5E~o*9v{gaX^kAxOLvL;wO&4z{EeaAF5x} zBNxCFe)4$vkFv?4Fqq2+or4I$x7vWv%T)JUTJ{9@KaI!oUuw3@h|LTvIGt{=^OCLz zafQd&NpsAT(Q3B1Mw$Bu>Xh=+ee`vGZVvWgrzHGCL%$?L(BXT~PP;5fYU3FLV|46A z6ZHxE#Cdu36hS@0&|9jTB_d-%ylJL6_`A!uPK_%&7r6d(ae2HWDV{iQ5& zP@E?6(%M1(_l=;aBvz9-$zMmB^`oF zEVMZz94EQ+Cgs(YX$*CNsr9Wy1dz|yMw`z$v|%b_V0B2dF;0U-kd5DZf9(|dImqt^ z6G>;sw}k+tHd$G@s29zSrC?hf~8Y+DiLZ7lqPf&SV&UMWE%nI2`Yoe54h1Y>6ST5ZLJwNXh| z_Q4Y>2D;pRBol;_02lTE=R>L~W2Ibeb(2$LC6WJdG2^|ncubmO9Z#&=8jDO?{h`wF zR!ZNywZB5##a8<2E)1h%(JnCbHWkpiHq$w(-+E-G-wo6Q`23$-03rg_wY3!*)J*ff z@YAA%z#RPKq*G$nV2si1dkifkabXEvo4ry&wLZpTunasYUz{AGf4ag$38f8|l9l^8kzqghGz^(kSKtnsB8ecO<7vHbI7|CITR0p-M(+fPaozZKez^ve8c@Y!m zuU+9qA}j4gfF%``nfd9yVf#Z968>xa#NW2F+}uR1pXH0b`{5-g^x5(>G;Z@z32}pv z3fNr5dZ=2SzEHC{KYD&}^!$gd`9e$lO&$nQw=8^G{c<+M==C%r#`f^!G`^*_x^|b} z&F`q7f5P%(sjhUbMw#UCXW67zTL?ldSa|r`e0h--lD|@ee@}O*tg~cNC}JC1*kr;I z2+^j-W!71^c_L60(BNwFa6LFrba4~MrocJxIG2}IyjB0ppFA1&XW+S_9@(@Ue3!un zyQ6RL>TS_FPf%xZC|pQ0u;7vb37!HnE&R86luEc0w}kg>gM6XVcp|EPL&Dm?W#do2 zV#wqXLvkF$4K7KMEOe;lYQlC_7>=ny*u7FCx{IttH3^@?o$8ofR7`60+&N^;EOGjT zvS`JYPFm*sLb+2b=Ob?Ip=wcjStztd1~o$kzNbJGnp-_lqxlE+dh6XUX{!AY+pZq~ zFi%(#ZI9>unPr!_wZWwAtWxq~24%&Eo3(D`$fQ6=Y$Z9>yc-j5o3uD_CejZS*!{L^ ztE(3H(F3c&A3DBXKZ>DMzk$m=P=Dix@qxe80mtxPZvkQoLWhe)ZHiV`o-a_Sa>XE^ zN`_0nUs+oNFxa@c1tkRsH#aqJ)jv23tnd}MibCC$1~377f+k^?JoC>h!$coTmAQ-; zkA8A&Z?M;3R+`Ur6s^lwq>74id32}Sq@``0wIYA6Hk=P8Lj+XE_Bk;K>nThvUinv1 zqwmow$$W|I+akI?85ca?-}xgFFHgdxBtxS=>2fB`wL3DRzkc;`m_(392?~B7G@V;s zBrw)7U)(Pcm)7K)2}59LazSS2*C0czC4*q>|JtD;3ZquLyQ$jzoQn_-B zdrt!_%9fI})NwdKy|BHL{rchM7SC@cU$orlw6wGUa-daaR=_v}JpQtl;OSMPhfzSz z%sNRJU6g<xjeC7e@|`rs4Sg(8l7if=vKiLoP+) z@iR#}bXz=E0TZ;mZ2iClp~o2BYu8gmO5D(2x?j5`CnR9=f$a^g_5Bmb2(G9iIkg-Y z3mdhck+BKkbZZcX!|siF9^JBCyhCd2+>^UPPm~@sy51AnxgGf`=#7@kSNFEKYP+9mny4BBXpO}tcQn5=&&|E zbK7)|#Q#i6PR@jvoF?5YNlsSM>*!(=bTE)35AgNO0fKwREA; z>2C8|Q=qH0KBtz;j#7)9mooyQSWl-$=%H2OW zP$%B@3%ZSk9~0N}dw4 z?`S3(Zr!^&MlF8VOC}+4noU;fj^Re^&w=@}#2v&8`QV3v#diF%O?JX=v1saFD#elok*j+qIeipVtwaD*|Q z*X2sPR2L<6y3IRC<sadCTt5)~e2s;Jg@f;We#XyaD=+AyCvHlOmPd%-OZWh^ z4Gp(Hndm1bM|WBsotze_l<6dVSpz+cI5{iV1sqRLK>du?KN>D{CVpbQg!Eo3&DrVC zZkIO-OM**7yS&^p+>~c7v;Q18ps;u;b72}fMovc3MJ*#EqiCwIu+WNfUD~LmsL!YU z9DrKH4$mVG8&Lwp>C2D~;m$0wY(V>#C>A}Pe2xgge|Q|nt&udp>3g3iKWPMg&ht3f z;!7FqXv3xR!vW0wVJ+3QluDpFs8geO%w*lfRTBBp*zX76Gq8}(PY77n#K)MDNIRd# zLkY|`S3}f>)A*F@;yV{dlnPT*!y>?y9+7#q?)yj!q+#{Q(PU<8N{geDNK48oHiTr+ zkWmt%_0EsYgE^fTM5M%r&;UXQl0m={sV7Ht<%)>5;QMotbRU@%h?eKwfp=<;EC;I0 z)!pvFUJ2CF_P$?FAV7*D$`pN{ztJn(zNmIfti>A_Kwamx8okx_@_%)HKcbObK?gP6 zV@J&|05K`BGjOnR9iN^a7Oj|CSZH>j_#w3oOUSF$aV;56qjz~8-vk8&zVH3u!(bs4 zq<(Xy@gtzGV!x!F^9C>}kPHNN*?sjoGC`&Y3F4=yyjfG70Hz&Zm`v zoO>BGTjQB6wrNN&g?~;K!z@Sa;=Gx2pTlEZv(wYRr-r8l+ZX2MQc7fMi*>VLzU;F1 zEY@Fb4A)kSn37oK>R9NJ^9ZA*f=W_LA|mR_+RDCsc|@O>Lq$1s?^SJM7|`OAeVkC1 zCg6Q~Qek8GIEEW;;GO>c3M;BC^SFLNVrXK+?XYwr*?AT0*Kx5?VAxcLp30nvfq8WG zQD*#=utdq{`_gasXWe5ST&2uqO=o+y`#Y>|(Ea!4Hm1fV6yDPB>b=G``l_N@eLV0_ zzGE0zn+~7w`P?Y1#LGjsGYzT1w1~+jv3Shc0qAh0F|td4U%fN3x}9%l5)(vgxhhWk zUK-dzkuRC)>1ALu2`hO4!++l(`jU*YYqqCq&vwVN(Z}5Gx)xq8X7(d=ll=)lrBAH-Cod3i>lHrq#8ktQG3+GwxchPM#I3;(%ZqHVWt!3o(=aWYl~O{WwDvKVYnj zdhazmf})%-1-&BiA>t-)E9_mip7zn6B-298uuOlH>Tw!f<8iHKGhawh)wgH|5PP_` zM+Tq8RtJtU?%R0hWOm!WE_Z2UQXJ3sdmzyZ08+YORcoz^)W?t*{Ri(vR57L)Z)~n~ zuH*;8^C~s{NG>Tacr=X0`T>7of*?D2N%`1~8Ewf?P=()*iv%;n=qTNOd1_Wx=7EZw zk7Z-+({QHOI~D;)bBoJ*adSIgRz^*psXJj%>q@0G3znb|<)+=DO4MX=x#H^hoc>Z) z#L&>>b1f$->bS{4zoB9?$t6_PX*LuOWl^p6c@2KkhQV4iGr`0l)r#gAV8Lhy*ry z(1)n>^j;TS%D{oeEdspqR8d6A{^3`W)tZ;tR)5yF9ZwI6-o}u;O9Gz`{sY`VHE3c7 z_;|j24pCts*|;F@UduzObWQiHlO2Xq#&Cp{KD%e;5%<<^u7PaeUv^razG)y z`)GM{GSGJ3O0v*KPj-Vq+BMzf1RdvAF9zT~1ND~=3<8-2teSUhQK=StAcnA_N^bk> z7fCgtA;EJk=CaUo>{x zsmr|yX{N8lQn{l*sV56ypN7|JWImc$n+lpiZMU9I7EhIHz{2awZbXo0!2Zh^O$SQo>Ay@Sem>$g3fwwqJs`VVja*1F6bF?hHZ>-|zOel%fGeO+i;;VCgvIK=N$ zQLR|qI1oo~D(5Z#-H`V=jc-t)#`)d1nIU2NhM5^^v>g-P=e`DkZ~%=2*sp{_M=I2< z*yLy;5~3Q1z47&kJuG3G;Md&t0Tn@o0TrE8GT;mZ8h!>!4odgIo5X!x{`i{Y#G?8k zF~B)q0tB1L;ey8y>DTOD`t2AaLk4$@TUDE-DQN1OGJRg;i3)iuyx zU++`a#LE*0`3WB_#InE0rc*1LsXYc8Z$A1SD^ue+0f=8^cL&1t3Z6Oy8A)Vpx#n(i z|IO)sbwy4kXNvpyPqFO!9B(8M`IL{Bh~x~uy)XSeWT@4xf2 z@F7IB(2(%Zu;82fFJy`v*RFD<#IFM|gmnd97}yvZ=1@@fh>ACQT;uZF`}**E*xBBa zII@i@Ck|?!63AW~#;!HgLj-;EHi2w_iTX}^ck0&cP2O`x%=dM-88Yoh56IF+(ntx= zY?>A~2$>Yx%?P*0W3OX}^W&)D430KAbeP=lH)GlEwPnjrykV?^L*==R#;{C+(O)?- zTw9$M?D%*80s#?Kk|Zd5*Y5H1#BN}V@@?Le)rszC@nK?tH@td5qFLWyoC1xG(euTS zX?S2(h|5No@72*7C0zGHQ#q#;K7BxzgoB~dl1hO@{7v&hTJSnjYfPJK>nz3=M#g9L zj;cxJCk5W}X8UBAOg1x91b%E{8Wn-_*1x~|hxSm|EvG3FJYdKlk!hdp zU~SGSr;Vqu+wm&U9UTg|0C7S8r)*{UVR-K{M5-PUCFyWGel_m{sb?+bFB}&K2FLQX z_8)!oPHo?5^j<`*nq1noj89O+dU|Tm`YAjln9tFTWUK_JVhQM1G|~b>oA+gciS)!; zYD~srw>3u*2KP4#jGhq@A8oKhK1c>FNDJW8^yVm;FV(rNx~vUQ`96CN_m0sBr)z0B zC_&H6i7^5`7cx=Bd2f8P{T*Rs;Gn`LOMggE&>^L9Hwy~z1cMD}{D(ajSo5`A9we2b z_sEeF6tGD~(>1aFXsO&L&Qjd9bu3|2)E7vh#PZ0Sf(FHfiHM{W0%)F_r za8$4X@gt3y=@?H|g>XO&85S*ls;a1Cx-^1Fp}z$kDdCVpCOB)>`8E+_X=!hBRVxU? z;FH-qo2zCdu2NR7EOK%XwRl}?6`d9(gKU3#MCAv#)?z5CNrr!oGibSwLJFdGCo75Z zazv(2#k?<9cD8y>SU5Sz{V1rtK}m{<=FQJ1v)u1q3d=yDy@LtotQ&xiRiI$wFOeGL z@oW_!?aFtUz`V5=N}Q-vjt8W6|8N!1b=%pF(MBslWCAII;4B`e{TjzkI{zLyes6tx zO5ahCLIcQ#&`{YP+4TH5-E5n0fZ6!0B7Z(i;hS2_G~uuB?5Db4u9TT?F#dmuh38@VPsK7z|M!Kv!w4f zXAo|U=KFYRpX4g{nrjLpFK%s~;6>7v)jKI!I=l&hEd5;#K)2{;)&xyeQni9f89Hrfo&1<=*YNM%Vi7jj+8F&@@XM4PadB9ZN1ki z8H`rQ|3`GH``N)G5UKV3y2uS56u92P-39p7&ie3a_*@B)?}XjAQsDxnDplg3 z0z;U{3Z8_G4RJyN%Lx%;`8kzyxe&hxuuWekz}Bf8ZG*b(05bvqk(-eJhWPpFGc+?m z)fsdxI&f<b4D&RG*Y5VZ8+6{H-vQ)4t;1L*tl@Q9(;5-h}x>@gknxj@#NL56y#= zmXv6vn9TO?Aafed(851V9AUb@18|-KX+lC$VnR|yDk7vDq72W$0oVUPWj+YU|GBq5 zTTz20-|6TS@N4#n5`cb>@_k58FpJd>un=49cN(0b&1 zX%L(Ojpru0M)pS<2w)92$b_1ZS-7mOE)1*>pY2ZnoU@@|PHHhTFKIlj_6cd?vh{n? zMsy5Y$wIqXpDTPNpI!jtwLbH7_Md4b(h3Z{`KY7svh&Ydjf)H0#Q3oz>cNGli82K? zrf}#Jv9WaqfWj)`e&K{eMLb+D5ug04TUXiueVJgKCDeW@&kDe%+3mt3ninmy9Vnjz zSw#SgT|jd;S2(*KLmR|;dS>&UcmKOu4RJX;TfoG$(Qe^0fV$O=(XyrzY6^OiA<~e5^b3dz zHg-I@AqDeK#Ui-~-8PA?C3MpL)h6Sd{1)%a8)Y{<$3IlCiz;)F((&QkoH36 zx3aSK-H%N8d$B+1%Md}IXZLpu??qHWcAUbe-#3e!hsdN?PoGxeg0z@O2~dWiq^vwH z`aL8F&HJ2+ms;z%mq~_I;WaWU;)KPx)l{Lhg@x2gJo2SZ5_&-BNi~Qv<>u%1YsN%C z=_Y=9e7>d$RdR1PT{i-0>xpj`NxoLGvN@kz3i+4m2?PduZA`fO#@Frd5=@yT#VsVK zMh~WVIygGCdEQZgE-Aa<^Q-r}(p?57RwgE5W(U{JbK0xtO0IOj`v&#zdceJw4Gf;` zlnLF9&_RDGCv=`JJQ*iE^LLMrS;8btdB({oV=0%MplZ1v2) z!KG1ZD~F(e9&;PlyLa5f303WF4zXmp@zKduHr-M2@@Zg}F@y=0uqG;i(OB1lv~I@@u( zKYMX3?G8gr?U7F#T0f4BfM$AmTp>PzYShPIJGDpPvu1c__h>Vo&lO_HOoN++5(`#* z@Og&Qb2<W0z1p&@yyq|tu&!Jz|PYMpoX zqd{HE^BZnRIWjmTBjc--tSnF(pb~}Y_ie`nb=KOhyZyPeRcmQC>$8*mNb__2xWmaf zmmI>5AP}13@5636ku!H9 z3LOYjDG<7)gvUVGpUp?N#m&X-KFwz+b#tzyX{U$n1rmbnm^3bw%5S#ye!oRr4vm2S ztY>1N4&d^i;WF-s#0T;B-1npuZi9Ixurs2c3k8RXSiN8ijTw)~c?{rQU8xQ@FY!xZ zp+;3)2?{Cb6{@=7xPCU6Q1Ba3T1_rRK#Kxl)5djl;b`dK0xT`Cs!RNKyrzvp}D^l35oT8J`#9M0}z= z+RyorEZ%*nv)1(4?y0fI$|vTtcbQE=M6tK0$7P^d8Ghu;05|Gc)0N)4P)V!=!R)7} zyVuIpw6bM?tNn}e#gQeyM>IJc3Ij=;t=>1XGFVz%<@f2668^n->+w8vXJf~}#6*s! zzjFZA)y2+5eLm8v^XTJapg7yxYJE%@N8sQ`v%-^6|0+=_b@_;?riJ$O&u6vO)kjB% z*A4Q5fYK(yq1^trPEzjHJ)2asUGL#0o5~;2xtJnwRws<1Ly6E$N6ouEm5GobSVeX3 z@@ZHOq)nTYXb$k0y~Atuk(Q8_Jv}*dv3GX0bK07>{r9_~ZS(jvXf%@cKHQ)CAL8Te zRZGsNDkx6p2e02*QIM_-nBE-y^cYTmlAD)TZ3X*+VF0RPUMXBIw!n_C@=-`Z8-x(G z;u4)Y?`t_7i}6x&+@QR{)P-7+{Qi$c&bxo2^ESce#ljCx4h9L7>zk{~>m zmSrCj3V&Xl913dd=?agzu0jFtJIyqn|7R_Jdcyxzb6Qro~<#PuT@)k zWMA>;(7xgwrLcKGVJJjF5%1X(DwF&BCUY^d&!0cfZoguhgJ&cxW|EjCm8!PHY5Rz{ zqL=+<(hI&4i_{YU^yTO4t5)|@rOAzr4eYB-Gc|$)M97kXK^9pXD4Nr0^Nhq0zH4gn z!%%9{^$N~Pn4+S}OZzJTjtA|ILB*#35_y;;tCcWy>Fy3XN5iFw*2n+Uf1pEWX*opAe zMJA8)(^`DCW|A>5U*8btf1s&>lZT=#PA7OX#iGIzayCPLks|kh>zXVh(g@K4-G9W` z=1LujfU;i!fB(WzDr}UGwOGQSuo#6@?T*_g?2=L@Q8=onhxr()jf;x*H8XK)qo7 z_Qy-aOL&}(eR!NU#l}wN38sABeA>7^uWSSH8R&VL9&b}aWLEmK;LUNxi_RM6bs^_w zFE1332HN(chH$RMa5N#(AP5-<{NMvyZcGEhJvsTgSl|fG8*u)v&uPac=s&!+x+W&> zrPJhzl0LjYlTR`>ldqKf?|k1zy8#>jauph67=OpjMA8qsZctzgc-sk*lh2Qi{sg+h z1WHM~R}EZL*FewQwZViNmbcaV%X$98gY%tZa~(@}sahz9_TWVwaR-_?C<;qhNCkg5 z+D9k^Fs|NyFc>VS*X4~lIR0Ckza_2hMD2Tav{6Pqif9KLbvTQU95HXR{%J7x7`2AF zdac!b9JUj)%1><$E-usIa0c_jLd+lv_KRC!6Y10n`}qT%Zy z3&P{;Y;VQF%5-klf2G2L7TQt;y^f9q*9kbyEes5T;R*w%0deAEYdA<(mKw$Y-lg!9 zNoMnz7!~z_rd}@SCdc~N)K=E&a|VXu5#5m*4IT;71RtRnuo~`lAXeq|3v-x_o?J~x zhpfq%61TBgjjMz68C))-YWy&SQ?#|$?<+cbhuaPsHV@r8#UfyJj<6qk-c%s@N!$6j z)C=Af|FGAS?fLQRnk@|BD>OpPla0j$eFPLxAeSetRu-QgN0ki_TfGtLm-xFuc3d1 zLdpQERWsvaW-o?iEZ)NE$lAorTGbRZlFw2Fntix-c4&paN4A5Z%nUKwKufdIo&_(D z|5~(zPox{#_@}EB#G*Jx&B}iZzd_sGw0G7nhhB`3)C^`zLWuhL(rzG>FVZ$v>Cki7 z7Ul4dVkB^Ch%u%Qw~1TJ!>o8m&-QKi z1E~2ecOl}vzEGp9C%O3%TFox)SOrpHny>@ zuAG0~3c4~$EP=b&{UycF(3@sHBwqSjtS?8XaB!_+=U6E(b0PMs8krS>t>o=}_ss(x zBsFKGT;LLz8Wa%xuN%Tk4mwaR4<4<*Ii9?njiHSMuKU!aIJ#va7tf+ankkS7^hLGju! ztmXV~MF<(0#C}Uvc?<*FKGIM~CmC`jbCcVx&pN{O&JMJNIc=v#-f|TjEh9u}hU`yV z8lG5K7>k3WJ@t6xb=L<`VAo0F+nq@v7EIg%e}4-t3|*ZPloKp>7u@g8GlW`;}=Woi{tP?Xit5p&_jTo22l_NLdMTimrWV9P8u;56;3;^7}0#FE%O1A$rJS>};3j*+odaIn!t zY(kVSZ|ut_@5h`>Z2ksfi7O-k8ZP7KK{rrZA^O7`V=EoK%lLRTioBdUJAMdc#16<3 z1XA)PB~R}|_aD^GY#QQ^{>4{`;))dS`65DB8v$8ZfEBPfH;^$Qplo{?v zK?xz`E;n@!$qV=q(g-4!?}6MyAeso)41;KQe<#p6ve|_@$Y#LVIT`)TF%MOB5MRTG zUjv^b1c!ive?XNS9{j)&_|^Mx1MtT?_%UwqtDObR(8CoD&S84^!wwb5F#P(zw|ba{ z|2tRzdttcHegzqE=*E=nW$OLe&&ZGQo^ewwY_Zf6GV4!9Y$+SyJ4bb*8@< z`R5sfYTVjcE$3dToDNUzHYRpKcJ@5kDZK2aofn+hrpb_G!dg{HBH-?Fw6i+0{t`1t zg)yFM3pG&#RFrW?r19~3E)_>+{u=q>_4H(OZ*%WwNy&r^2V70sn^3?F^0N&7^f|^4 z>o()wkx9vo$#Ua#G6R(?-kIC=Kudk+Sg2Mf7u^$qd~m9&TKFIy$R;DR*tj@)t;EgC zZ6dVhiAsek4b)6DZ+Yy`Mr*WOJ)E~s7Gn-|t+hc7vIEn@K=^ArBkP#Dyb8Ya{}H9j&jIY~$JmJFGUoQ;}`sjWa=W$HP804;883Xc!v ziTg_6egqMh1F{$=eEdRKqzUio73px(1$<7+eC`MO2J`i}Tq1jy6O$9w6Ovs}o}HW? z9-JPo9J>i;`cg;)XGsLd46HnP|J%r+P$n)Z4IdxJaepz|FK4`XCnZYBeith*C$~(a zjq<|#cinNTU3Fb9P36o21$@xeN?_Elv2lVpZDEf8Ha3I%`)7xbX!>DeE%L*RpgF?% ziQUBbh}*4(`d}WF*rQh6=$zeO_=m!MymxZE}S$hg{aE2Gq_q$)C(qXrgdf13Hv7-vu2yg2asxX2-HOd*SX?w6i zBtyKs<}6lz^5cU;$N18PA!vW$ZCTG8)ah@rycp^pHTJW=N2wrA^3hFYE>k()Tm6P| z${)z=e7P@OU=R^>ownzwIp~q%ZPCx{(|7U z_rs2ChW&(1LG2PzRPe5G^KgvWKUY8|G_3W)Xv^=9NKG|+@^T{&&uk~sxuc`A?)}u6 zCD(psIvpKu3G4=B!QHjD@+U2i!XIixlQiLr=Fj37t1Hu~Q`q@*VQ3bODN>Wa-tfju z33>WL=sBlkRN5XReOscTk(u4zQq57Y8h!Z6>Z`jG7?qZ#G!r^kR2NU!!_D6G6RskT zu$m=tdo6A)Vy)+lzAo~rf5&}OZ=j!^rjx`G`?0E${odx!P9at=O)+g$WNekmZCuLS z4Q|1M>}w){aS0BS>)On;s_9?8K;ngw#0}f7ua8CDs?5%6vI(ZKIxm@><*)|m6Z50M z8uq{6IKv7bzB>-gmIY`FZGC4d?_j~x^rvgutnY^Dv8NV$?8iS-W2r2+w~xFmWaz*V z1V|BS-q=UQ{vi+F-#i-NviDcf2X_dcP$l;X}^Q#efQ>8kwx`@H=HGkrmox(pV_8r5TE&dN&Pb$9Dgn z{Jgk>55#?{Q040;J~t@NMr4wGk1GlZXUrhC1U)Y1wmiu(D3 zVurh5zFtveI@JU-$Z7b_P^qvw?bXBAFn|<^(b3VP6A6+>PpAjk&*s?c65D9Uc2Qv* zRtNqvmYTDS72QHF={F)4R#+H!za2uh43AMX9W- zS^JsxITUa7et|zQSfle5liu?*!EI$U>Bp3GI3Z)Km8`6e4#!7Tm5#?p&mA0&r;!qp zUK8NsscR%?X=#9-I6SrH1Q94wr#*$h7Qo;?DSYmV$cs0QB=3dq5r5b!l-X1F;7u(n1c}Zu?f{K$q-* z)BX7twz{S)VE%li-ZLX`V5I+m>PmbOSNuzCbJ*F9)J0dt=j@NeO$;& znDzR&0yHg6EJTrvB8*cJR5m2{M^#nPR#JH@%&hE%B1x;|y4Pm6YNDZWNq`ReJ5!*r zDJy&N&;N`YRkD|}As%G5m2s-u7YGdv#%J>!p(c@G=VVn8-h@l?5Rl{-E4MyV$~ffY z2=vlyrNQRNppvR*;_}z>$QEuzeK9G?$rlmhRh+s#KK0AvD=-y};eSTQ?aHg1oyw2T z?2eC|9PJ&-tC^Rl2qPuNWK`vBgq5V!-HeP>tb~;;q%=Pp=jNQv934HspK<GfR`uL!ReT0t=)mP zCn~Cus;ZIT3#$|IUqSRk`+Rn8Fv^bX$InK+q5!G(7M1d~VWZ$?S5`e9Pd2a?l?ABp z-eSTa%J2Y#m5mK{-#6S_sja$uYl1{?2a^o+kws?RV5p4)_;E2#T=`<)Fp#mCevQeI z)Zt)-IO8*XZ>ujvT)B4U8ns)O!WQWKKmDZSUccn#*e=0BHZ)Op#U7?7dqmJ;_d{2y zulnwgJ8T!`=kJjZnO8n^uCb+MVPlSDH`-Xyx{>{|Gs+&%C*fs>#Inob>dNemW0Kdd zOLc4>WOANbUFzje9)(=x8#AZ;0YgyvJ$H}>t+K*$|1Lf~@^r0}`|f3gN@S#qlPzzd z$$m#b3M+4j{QSN>_+MD=$wt?lvwnFl)eiF-+cP=YgS5hLKZ&14 zjQ*p!bCzxnAM>xbBYOecT-z^k#Xyi_#P~%^I zqfW%v5IsMs9C$lIeNr;{#mlms#Ki2x>_&O!xUX8_!cuitQ`IFy<*zOpt@z0K(imf> zAMIN}=iZ)gRc>l|Ep-!e@s(gzHYS{sWcDHjk6<<9zITxtG)CMwBYC&QzIo6T9-m|=SI)y|Vk6-$2RZ*O{vbY{w9Ls2H* zVo%gtcYN!{GUH^NiI6bdv|%=Co4p=?AM73M zoy{Qo6x_P#be|-^TTEAq{+Wp7lCZ20=4!Xeg8PYtaFFi#*Wzi$XbUr=TJtbbJ*X%0 z6Z>F3>j)S4iUWS-*2Lr=HWSGn$K6*#w8570-H^Id8W_~9`8^TI&khq7JF0)9{@AnZ zoMK^Nw0%Q}FBWlaqHmp&xEu$Zm|~2E?WA=9p+NvlH-+TQX(|P&mp8Vyvz+C zOuJ@AFQI7Ay!=plkX|ab>Va=NtGp#AR+$OB(I31C3vU z{i`PazL~D=YI>uI5L`zk+Eid(4}0>y^K*xTYngOAupWu41~W+TMfr5I0(+F6NI;95 zpFC&nTCr0=%#_1}I&)ah2wtmlzYsxnMk8i{_)lX=d9x3D334W~$nJ>Y@!;e#f{ikO zf$~@kZ@)o^q!q9V-9eAO^6|>;BpQgTY3o{(R8TSfRTLJE%5;oV5lOe7o(&!pNoo7} zh#W5wr|L#NId9w&!EMz^jL$JTT! zMWXx~WdWJC8mIf6@Cy$*j%1m^Xumsf)j?FS1Bs9g#zCSI-ICto0^D_#BfGzk{X@ci zrUk-^#;LBR;pXqCZ!M^|m~2ww>nk`&k1Ke8rGK)sF|Z;*0m7+fyS9d*5rxSW6o zXF=98w~^ejp~xK`h>8NEgR4lrvc2v>YeAUN+2EGa^=oc*;qh3fKd?GCuj;99dI)ZWYJERbQI52dm%8La zKPledFGH>vso#D~OnB?;+}@!yDk^g4geP4t@}KZWM{|q&Kf%m4@#V|CoVwU{^S^If ze>-zdn-lKi<4v$_t%cq?vAh8<@k8WF)T+rQvaP({UOLLqS2O0i!*}c)Kl<6;mZAC~ zXk&`ArG7G`J|oWOPYPnXy4k$9e{glY;GW`PWnf<5EaWin>Yw5YJ%I@;shRyS@!2T2 zX=F@kb#+Z{`t(&qR$T7ujmCD!%=zxQwfY;t6r1|c=plur%?sxbL8iR`^r4|)eUJYY zCpmU{ey}|m9bN0=BS>7lAu7?mkW1@Mkt8!ZRZmUEo6cO((J^pRuo`^AL#8PIwy5x+ zqx6Tat*-&GqN0JYf13k~&r|6BZLDHdW8_YeMNjXlk!N_Ae>xSjb?eM=!|fi3p(Z+# z+_ueChmi+U;aYd^eS7{qbqi&mpBj0uq3rW6Y>DWV)iv=bRw1o>lchhBY@)98>=KKZ zI3=db&p!=MJp+HhcewY$c;zb}D&UvDY5HYX@%+1zRFG!Z?11jhjeyGNQ5%{8LSfX^87V6*xMU(I9hnEs-l3H>d|Vv zjsc)SQJK&H8O`u|2lI_X7TboIp4^{NcGrfB1pc=cfQ+dF89MsUha@lm=%N0>Q`0j_ z2`oSSOvu#I!cPWGI3Rv07{@v|tiHN?|HYuwyC2*E-xg|~MXiLVK4+$pj{BUdR zmEK=sc~MG2WwxLKfB(?vY&OM1RuVyJb_IMG`TU3L%dY^%sHU8a?a?NikvKlwLl|8% zQCWE&5R=dG28D0nK~`wo+SzEd6&CxLXr+L-osRa1gy-nI$xN^@VXdoB|7mdR7B8l9 z?nd)UDY`B6I_0gfz1X?jecX`71&x~OPIyhke9P~fOW5PGS+1aA&1UlHM(UG!{wNv= zL**nW$T=?O*6}vmc6$I`Xbc@49ddhSm(y3#qso5NIgEi8-)yqXZO9!@gvMy2`W2|F zi;t1|Q_FyPblTY%zVv<{i3$<&3YkpKj3D`Xs?qehbWQx-$f(lI6NduTx@Q`pAv%!& zD}QaPB>|iQ{L@5Qyu(co@ae%Hk_I;|Bdhl*C|S6V6KOz0znzXq&1~?C0zJIA+FY!v z?UdVzoL2V3Aj&G2gY>8lzlck{-#5ftS#&m zC1|Bz{KZCL^s?5``cC=rj>uvCo=@BF0Zj3)5dVE-gRk85L!j26pPHCx1u=eLkzV@i zQqEa>uWzs>rp(?3{3oPSU^`fMRV*VVMJ31G76t(912ccOTLza9cLiC$ck_c@cFdm? zY%=csaZfY(DDTvyl;tJ-i(KbwO;yGmF(+OCL+B+Wj*c-(ws;SYtcUyR3{_DN6{6xb zzwUXgwdr-pIWhr_5yn$+*m=!L`+RD+*=q0P;oEOlfY?;tVl-Ct(0U9@928oOY*~ek z@%(vmi;21i1qO?3|D8my$cV@Nto0fu*VdkfwCcW6w(4$3G)j??A%w6D zxb4}+pr5LpVsbt$qt2W{_UKM~n;-SX6rHM>% zjuNT6__5tapY$Lsx^pD`Z3Vu?&HD0!nS8_YB+AJT{i}YE=EoDBr)!YlK(5us_`-R9 z7k^0~+}_TvwZ;6BwuzZC62FR7f&kA~d+t%9_8g;n#o^0~WI5XGOtD+@zYKqbD2*~j4RtA#E@!eX15k!MY3CuUx-t`xzB^}g- zM5T7A`+JMwhWuvV@fhVSgUqbIZ=kTC2zp)?6yy~a7h>$}521egaPOiECOmSd0K{W{ zE?Bm&4-g31ewMv^ca6&9H8mOl>#N^wK(g@sdy$zncDrIX$S&@N|mWAH-D^9bd540G2vOsq2u05H3qlN7i#Vlu$ARZ zo#jj~()Sg?6Y(3bpy@oT$7euIF0zNF%M0bVzH;D%{NCcVo;&s%&rz$9m7&d9XM#zT zKCA;AGrJCmOhaq8_^3*{9OK<(_}1I} z4jPxaYr`+X`T<4lewske>-2>7p$Ucucx)_WwzsHg$u{S~@-%lpOa2;{C#47&RZdM; z)9D$k6g|t+(R;(L)1}!-*Cq>2Z+b}Q?UIh25)!i+%{J3ECIsOaFogWBE;mQ=P4bSH zvaeC{kac$s(lFLgP|?3*2*Y_FUDFG|MN9wANrNs20kzJvcN2MQ4AcmUr(D%iB@{XL zuAzOsg|eMC@aY`xTK8EM)Xm0z`id=$e#P1J5LH!z)zxW*21Pqnl^G;eX=|9J5zK{IW zr*z}SWs00kjn(kh1oj=1>V2!az6tA(+YCAWwl<^>V#6;c1KfV_U^$uft@L!+U97|d zT5?o8S-!mHz!Aq=eJX>w}F( z6UL_rn&)CH?63at?$?7oA1wIQd4)spROeBo5+*ALig86D!?d)(AuLZN-VTV)F_}ro z@%J|%4gVFVZ*B` zD~Cr#o}4=#ZjLs#*7_%;ogp5@hC8pEltD7FrXn9pDMEK|U(dICZH)P&uyDnc<{LW2 zk8+jf>r>@1i@Pt%{tWf^?(TlRW4NwmrlruG{_0hML6wp@gf7fz{l#^gi-@u^& z@!31FMjEdD=z6uL+NsAFupo4BAO0A49{EC(sB>O{exKd%a^pa zmW2R8Jj6f`#n*Q%=V}tVWm`N1kTlkXxKvP5W&u=bvNZXTIG>(vzH9E**IT9~sb>-w zQaB2dH}S&WD%n{l92=P}c}^CPuvqBnnVX#&Rbxl&q?*YgX-P|iXK`jAWi4JQP?6)` zl}av2!mXXFR~4VbU>V70w>y^NW=og!D*hvr>%m7wgWI-D{SWTKj<;|3zXaNH<9nhG zPPJx%)+M9FCWi?hzzADYoPUSU&o-R^^9+#spwCYi+-kecKi1Ug@M$_`!ygKq&CYQQ;qm&(K}e)1ey$~R zKX#{h>`8HDSDo^b0LlR1X;hTG23)_Rx}LgAqmnG_pQO*?(s_p4@i_6_&+xmhvaCK* zuqUOw@X>mFEp~ZzX=129TUzYZ)|B1BO8WkWS=)yoYs=hA^W9-}u3OcUvH8Xtqn`BK zcwB+3Kk5QftBw~_`@1x&<98m}DK7K7Y8=5SnkYktPm=AvTFUgGQ*h-@b@{rjD%bZ4 z6YD@2n|P#1=bRro<*+wFbrd%(^JSEA{R(K{yLS(kb0IVMYIjXR4;@cNhW5%~QnLb^ zgwAd9*DDs;UJX&-3ysJMbCVQt24pA=av)208W zOidZq_)1C5fz)bYd3U3VJ*R7Xrb}8r^HmUf?eZ?q#GkX{mDk3fW5LCxH2EoEGBG?c zIvn#$o+H|A9U8Md%)c4!K2|k}R+&+q&*pZK{ZAXjmOpyyt0Pap6^ANVo7OF^BNP~b zbRy+-j{6?%SCTsJ8`cZh{E=l#JL9jPKAR*1T`jr2>#VeT@=cx;A~K4?74PE6CHfyq z=WV11Q6nz>J~P?4o?t()FkDjv68%UvH$GB3~mqURx}_T>l-c4Smptg5O? z+I*8JJkjXb?j}t|7qAb9|Co-h?R!X(F7L_G40GP?3E<@p$@ij7X4mVTpS6 z3Z0uKqetq~L~X^317U5;HC5c9AbXyvhP-+&%$0gFExHgEvw!(X$$Zd**a2d^sUp2eKqscO<#|K2jkJzdy@G8ml!pP!5itFy|6sSD z0H5JJ{V3n{V*s4G#U;F46w5`#Vcar4NsC!e!tLM+o2^Lk{N&)f$i14Fc+esImF46f zLzX*=lys5ejzMI-?0W8Eot1%LL?BYn510F0c*b*ypC#%bCac@!QPkx2b##`Q5kRVj zv!;V0LK1s&QZoy5Ys04LW6TWWQvFHwigq0;y(Qs+j8yoDW&@a8TjP&h?_VQdy2f-Jl^PR#d}|E5Ll!g25{tEExP&7sJoH5wmPnFpHxIs zifCE{)C^rR8ISxODj5wcN^XR>fx!7NLMz)WC6?!&X6eRqnhIUbJG0tj@&W^mKuS*g zHx_n^sU>_s-OUSQotp2OqKF{;_>Vh)E!{J4JF=}Hdd)qSt#=p&2pU+;`mqo*wdm>c zme7Gr)l_gCBlNB5t6<+sQFFuN20;qdrB-fx4t&PK62Xf?yVb`h?HLwaHJcfZ8B(gM z>xt<&)e*-Ye)4|F6o!%a1Ad)dh4J@VDDap4aXp|Ee;%w@vSMgrw@otedkbRo6Xz?y zLk+tBm>b3c#wz)kcLQKLR%i6Y>p_(2B%6xP`!@155hbbT-E{bzBco|z$B3AmuCIKP zH{BK0D`e6SX6HWww+Uu`a=>Zoei{uxK$z7v`j_|~)vx$s`E}oH10ii{pwlRCMxSE* z?GVsKzz+=&pC0aQoCegGX;hh3XBSazE!Eqls9)yz>kT>p-^u zRf-hpbVHKxgCB`io00O zOmk(S4lS>WK>&JM=?(#-oAR-pkiMVb6krXGBVPx_maFci|DwPk6SOg0KHqO^tezs< zc>lIv9K1Ko8j@8aevknex1RoTzUqc4lu8hlJaSP-zh0ZBbpwoNe2%|lf49)TJ{h$( zoMY*eD*FroA`Y=#G3)Cs;^N|ek%w-BZ`M=v$#LIIGGhjZ|1Njj6!NgCzj^)YeA`du z zDuc{x!!}*ccA=q6b~(pVKAe`0o}Mm)up=^mH*)L2{yOtTJs z25lF%cr7=Fc#p~#0LvaJX|7a`T`{atbzj5wg zN3o!OOONDDKTIs3@N6K)*Wu4f%liF+N(~Q=R!=$Td+xzm8_RY=lJYPFw~lP`O_8Ba zdScQY0b>xBkdEJWW;wR<;H&S*`ZLX8*51-Fm%(J;oIY9k8jQuE2XaN=p2!E$(L$S& zw4|mf*)GYWb^=#DEpvtLd()&qxRs?NGDsadw5W;ZB|W-@5ypFP0f3x@%#Jy#n- zo>~lQWe!_?HXgN3aa)FwWmfzP;~^%A+Bm;0>mUnWGIP2bEvrewHEDtmP9xvYxz*{P z5>Y^an8tK%F<;m}m8JGu9n8jQ63yE^y@()}5)o;)-+BG}3Q74KKWuZvYNWfly|FcB zd`}MKI+P;$+>uFa&CMBno?1B*7#jP{)2oEaz?-kTop$w371NyOhWIqDBgb498XSTs zAyZs--j(j>&_eOxp+CACdNySG`s_A&J2XzCDOnu(l4ptOdvx8jo5P z{G}94*H?IStAokeictY6v?)V$99t6(4-y(qKdgyqN_CH`uCuJbNRnz8ly-d3?@3@4a@@M5JI&7*9g;7jEs(0Xc6sG^HVcY{USWz`~k=_u#Px@C&-nh2s z4Kmnho2DTE0uA?V-nk6QK`nFrIYWzfb5LAiA&N}O+JGIp==TxK>GHpe^RoU~LTL6? z_UxrT@Fh!bM;qMMGV$sl$ZB<0e&%&xF=s~(i0i^{R$Je)2=Bm$T;*UKB5%4AvL-Gw zCP0U+b}}7(D8U`|3hog1TX(>Ffc`c}_hTIL1av!oAlq54ex_s<&^&Lm-S?Klo^7C@ zRLS~OCAT~a7qSlD;LBJOg~I)PEdy#!39l;qvd^PZSP>Qqaxc&Jx1+g_Nu^ilSXkJu z%y&0tzn|UpaDP4oD!izWed8C;M1mlJX?pw(V#6LD*bikbMrSj5{dbAOP_|hpRP?bz#RiUSxvCW5BNR1eA1~(#n>Ayr=V$yP|2zI4hlnafZ z2!CtkfV;PGG)XkSl||plfBNZZMdFP$0|OIYpySN46;&m}6y-?xzA$i82h?ZCee=%i z1)=2#J+Q_6>=ufNTQJEUBr@z->VzxP3h~n~4;&gQE!@&Fr?b+O3a=2PAiK)yd1t6^ zT)8*S`ONEnPtODPs!I2|1QvpvT)Xc6p*{dM#QM8oP0$diohtB>f!pE8QrW@5=3YR8 zC+0>X6C1`_b7C6sO|LnJMyfX)8rnezsuq&O1!%aQwrPX81IgLN$*S+GqOtyt&c%{dZ@NGwN@3xu|#l=IAHF{xfWd6=DjO4SrGS;@Ft;ov`^9o6R zgpUhbSw;zK2%=Q~B4g4O(x4o#YqixE1dAZ9oL<=fZ>*K4$N8Z0t zi=wHDaIGrO8}5DqnEd`WDNImb%FSqcD$+MN`ehzbbk@0Gy|Vu^c^cVtW&54tCxlWK z(^hFmmHF~wOa4UcA8B0lfUt2m(uTdqdYMrpDJF{omnHa7{M!KVZ;_3MGftdrVT{3OT20;2wO1d#Z4@hxrjeV;;FRg&8nAKWC?{gu~4Iycf)mXRf%HthxHJ4&G zpnw`%XU~)OjgO-i7nVQ=H9{XKop%>8I5dQEy-zNk=rY3#e`RSRCnAGY=cf^f0E4fw z0r?EDB4|aB$Lzs-y8hI(q3FC*Fd#m4O?npf6BE`GX-}@#W_C60?fI|}AQTitUuTKp z0dV8YIe!B{bz2?aZo~G&$hjRf;#EaL0x4Iw)(TgL<-c8-jkw@`EaKh!4xDwmJtM7f50Ym^jSNsNhE87$ARk#(oz=v+;c*@7>p;keiB! zY1|ODY(4nYG!_(|vf8s82t4exa{cW?(w-78fh9&7JW#wY21p=5{xx8DQ_O(+9G1QO zH7Dziy_s3|%>sVn0YsQgj%5Eqe=dP<_4%oE3yUqcNDz2Wa8ZdeIbg!jY=G^j0?wtz zdK15*KtNd7Y31t_pb{hs$y?5qW7caA{+fIHOJHEtKce{Yt$NDNSO0ixO8H3?tXnbC z&i>>_fZY~%(4WXIc?Um%AYEdP<<1&}!U~5I{eQG3kHHT2pSJ-j8|zu6RDM>1t=|z~ zPgqZOQ#437_5QVc`rV)GMo@8_6-4Az?HyfyzkGD;WR)VLZrv(e%uO27YWYhP{Byzb zw38dVlvXJD@#7U2Ze%-%0`B4zVz{?}fYq#?Uz1Veuz6|o%N-FlxnV=e`^A}|9X7UE z76K`-*bvm*hx6z?{K#7r>`j&RAY#8--33CWvG4qTewYLuR~B%>igBP0rW!dPS~!u z$RZvh)>~Lwj#zOSZ`yftdH!^08+-m)^zEW-%#9K?wSE>fCm-Wdgnn z`<(!=!(Hmqv<*EU-GFodL%M0Z#hZ}3Z;2O~0+a##fz(n!`gdUb+j^;~BH5XMX?i&& zy(EUlggyj*j^Rlw-XGq|`i_B--YMI~pt5_RR}V;|{<GDda>{-LR>4Nxg7oM{G}%Ac!8fuq7T^VuO%RnZKDin+v3B}DkAp0`#Qcs$(qwHQ9%-7xhFxh|*+n=4QCOQB{9=9#08ULzHy3_Lo+8 z!vbqyT9R}$e>Sm55PUALJ_gjh9ZwSv zRyZw>$*%qulzpdj@{enx7mU+0^eu!8qNffB_Xsjxhvy+}8RWod06Kyd|HxM9x;uqw z7Cq^P**uPHhUy$n5I~*}J4S#`XX1$Faa{l%8)5>3&u&%7+EhSNqgwpA)4s1frbrO% zR{m_I7s0JGJ`k3QO6lPW5)!S9kE__-zx$ZYG%m454>tFNp1TJm_eCK<)EHws% zIWsHM=M1|qoQAkTl;fwTYBe^9aw={Perm?)sQO4bJV9yT27zWH=}8p^hNL~Mv}fmM znDiHKn)JJw-_!WW0#Xlh8SeQhcs6J)tJ2mb*;O;K9KW`+*^!# zObkTn9Gvo0v5(wGz!l;X;rCWJ8RV=PnmU=gc5dd?o^bRvb zsX7x)KHgJ<2^eT9XeoBz`#`E|u)L73dNJnsMPA$_IX!)LcB{_Zfe^1*{y)>HUVF5f1hK{=VDKAAdGXx|Uq~1`;-5be4AdB@6(9X^ z{aaMQ4JRYM$oPJi0?wBxB@tRA$`m|j zFq^OV6mZ3e5FDs*o4H(q>-QCjj2EN?c6Z$af)Fdk<)WiGF>-_3&Rl`AW-jEx| z#5}MW<<&=j`$2E7{60!PhF0|T(=E~9-$6~ThK8Ts?0)`E6AK`lXHzC~f@P$_Is2PnitulJ;w0Q^VzS@s zB%A4fHYbAmUFiO5H;VlQb3pl@s*>yMD+0)biiPynUsV;C~Fd z>xnIQ8rv0JPdAU37(@mcu;8{ue}FEwM=oAV3ubXT4*&P>whI#y65tj*JUohGgIaZ^ znVDhg*4<5r*4x@d-6`HD1pOW;3{86^_aAo6 z?Xsr}%hn3=qq8@=rxAN*>#~Of3)m^QPtJifzAQohE$vOj?~ZLARQ(#tYCE@}!CSs> zUwP?uUvZK}_PK-_s|CZ`2mSm}gm|P958e;+U52_8*w>9Pzkl}ctt96ZR2`v;U*i0G zbZ%`wjZ9f~*~hAXKz*O|wcFmwA7#xLKD(=nMlt#BEpB_m&h2%OsJMOV&T-+kgTbG! zJp212rHa09(5K6sW_o6OpLt@Fzxt7Aheq<+c5h&xfYH`$-0@=O3T|tg_cPPnqL@2{ z>-lN(+Z$&L2yQ;3vRD6lxI_aKv-R!ma+lxb8tzH_JLB+wiJrMX#9^ql< zMcgTj&mmRGElANnRcL+r;@({h4`-Pk?EP`Jh! zoVFp)gthhCIgUeZeSJesOEZCqf`W~_PS)!q)tA3Ta5C@z^bH{J7Ukg`w3?aVPn+sU!T1^#v?W)WFNa>!?CFP`5oo zfAYv1cTB8N+noYn01WrI7skWI*-l5B{C2Z*WxfP7K6f#9H1iGPeG9A{g>Jol&@2_h z<*@YfeDSEbc#vOJMTzye0u3)IHB<4DMKBQkEfc2fd2UIC#~PQzyDpSD%tk|<2mO>3 z^tYhV+SxtQFA;8R_=nO++f?STXQIQj_77s&jhCC9;p!|~b=+=KV`sAu$Ll^+i9AHl zGrX$Y)e$Oj-i-rhE9>gCC@`ySd{V$BnuG%?T>f%jhY^n^{pmWw?iA(|)#^p%>LI^6 zI+kY{D|vYj4-YZiF|h6tGn)&*;S&kkGS6Y*KebO$P11xa#(#Z2)EN?+(6tBfg&(baX}M^eo~pJw7JT0@tJ9q7#xDCj zxHFceV(oEFu^EhnhJhw(A3webYmfD+DRrC|`Wnk9D4p{BdGPaJHODix=>-O2qN3*0 zW#@~3$^sb^&kiua074Ez99lKNL`AUF})nF(L z{VfTn>)cpplsrBA&=9dJl8uQXZtaPnw3R`(%H=*|)vfz;yY`l46ZMlWi}}fej8HM% zu9&SMne`l_u6F7wpva_>hxfHTb=>o_gEfbh51vcqU1uR z{FsPGXvTh8;S0ZicVwAj+i^U5mN<6%=X7twQj>KJ`B~=D*99Q3`^8fBt_KH>2uV(a6w_QtgdppgYF($$pEjUMio}ixIGFEBA{148cStmWlfQc zIT&1K5eYJl(6-%}!f`&H+RO~Y!opNp@(~RTjUn4(9YACUfEgGrf&+EyMsPD@Rt#>G%wvTS>VPj)qVoEgTT@e?dO znjfkx1C1>_BJyZ`QZ@d|ryAG!=QVDpV@1HxkxNGRy+Re2eY}YZ0e19Z-#%|@B8*U` zqN0LsQSyFyUv_KlwwoHMUvrJv8InJqS#EZ{Q_lo*8ZjKs885eNOD^Rb4${!-e*dJlow?3tN{ zqy_9$Nf8kVZpXRz&G$DeY_~3&h;lS)U@7=EFI$=O@;J;V8E6@{Mys6Q{~dUy;9Xt; z?`UahoyUtwnXP};9h9AQE6X4G{`@&paV*o{H#wJoN7e_>-b&P8)hk-#y=vUA1uvz{Oz=VH`n4As|2zx)5So2)H5Wq1Lnb9AW^z2`;^K7Z z+oo;tL1iar{&g=vpH~HaUoH${V;9{Ty zW3=KOEEVIKqmfs67G1sjCm@z5`GxUjIX~<*$m2)v5gd`dEXGp6+i-=mjk51v*cPLuwY|0RR7iL5mUFpke6S*K z&CRDQ){#IyI38~(4_Y2yT^6lh?U;-ojd@rpcE?sZU9QDlyTm5rEI*vyl)rre4!e;~ z(G!czdAq5IdpHN02yTiP8afII$+jsS)=TxLN=z2GjQ{iP29eCW5Z-g_EVbf;t;5Wy zDG@s+i+-k5Y zyLn4X2iND553(p`x91G{Z9q&3F_A3)S<;zXebcW^Zrzos8@FLtYtiSeKN&i%&~%UD zr{MllWMudQ^!Uuo^ZnyY2s@$U-n)KlaGYCJ=N+9L3Jj_V$;r@+tOl{2Z-LK|mpjGl z)Ddx*T!TQw$IlX*q`3}eMX)seB8iWW?@d%ybek?lf9t$Ads|1yA1b`_OA1JP5RA}; zggFn(L342V!f}Y8-s?Wddng__GcCHfQ)ti6X{Z*cF-VDv_6_$#YnOE6)xPxk2?UhN zsj%;sK!li$iQ35n6d`Rsf(dKL5MXMGs41xy7ngC+rRCH}V*i<$+b}iJQQt!X#drPU zB0s+%SXO2Z2gldP*XekJ2De&8mN{4b4bDAccHIw$-4iGc%Q=n(~6bPk#K!aXA}wb;$ehJ0x1- z!H;AQ&Wg!~k&!o=H8JabnCjgH=xUuo%8=UYW1LqiE&jicgUh`YQxy;T&?(HjM{ z65rvz56odrm!OXv=*wnK9!a52vVUlYi6c%F9V@MY$o%t%U$c67ZHI5!?yAOR$(Az@CN#;Q zQ$DHB%gd{&&ik@(K6(e)7skFR+ZamXtt`|@sXK})wo}c5=^YNJl+%& zqw(_#NiLbPJXq;XwwtWd+7B(6a$U~bqSjD8K5Ib4qBO+pW>dKi?cT;V8jwsnoi|BDX*#bmI-Q@xF>}~zQj9P)_&0Q#C?|JW_=ZPk-0!+KPrf-(w7#gQsd~B-DI*FO z@0Yq-8e6vrKjRDDV#1nsUGms3&nchVtJywj-jmN{tT^Z^=;m8jG*Os7p4r4dwxcN|EX+SK&d>DPev5M%s(ojN#pd^Qnr)Ad*cFH> zxVZH@!oRdGDi(H_YaH*172Wd(E=LPF6~SUq+!?`A^)bTQtEFT1nXpi1V!@TwyOv;T zsiUJ!!p9_8nVBX=F}#ROlZ&f=&^|uvKs$+X=7p|VU%F5;T7TRDt>jlGVZv)CF&pQG zNJ4`SLnCuZ#_MQEyB}ck-h?Oqf|qH*L;^Glaa04F|9S_iZ~24g5R{?S{pWS4bRGi^ t#Q(e)wQB#f8vnC5{^z9pzwJgf+MA-kDiH!*RbVvGL> [ng, rt] >> b >> vm + u >> i >> b diff --git a/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/main.tf b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/main.tf new file mode 100644 index 0000000..07f46dc --- /dev/null +++ b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/main.tf @@ -0,0 +1,107 @@ +terraform { + required_version = "1.2.9" + + required_providers { + oci = { + source = "oracle/oci" + version = "4.107.0" + } + } +} + +#################### +# Networking +#################### + +# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_vcn +resource "oci_core_vcn" "vcn" { + compartment_id = var.compartment_id + cidr_blocks = var.vcn_cidr_blocks +} + +# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_subnet +resource "oci_core_subnet" "subnet" { + compartment_id = var.compartment_id + vcn_id = oci_core_vcn.vcn.id + cidr_block = var.subnet_cidr_block +} + +# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_nat_gateway +resource "oci_core_nat_gateway" "nat_gateway" { + compartment_id = var.compartment_id + vcn_id = oci_core_vcn.vcn.id +} + +# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_route_table +resource "oci_core_route_table" "route_table" { + compartment_id = var.compartment_id + vcn_id = oci_core_vcn.vcn.id + + route_rules { + destination = "0.0.0.0/0" + destination_type = "CIDR_BLOCK" + network_entity_id = oci_core_nat_gateway.nat_gateway.id + } +} + +#################### +# Bastion +#################### + +data "http" "local_ip_address" { url = "https://ifconfig.co" } +locals { local_ip_cidr = "${chomp(data.http.local_ip_address.response_body)}/32" } + +# See: +# - https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/bastion_bastion +# - https://docs.oracle.com/en-us/iaas/api/#/en/bastion/20210331/Bastion/CreateBastion +resource "oci_bastion_bastion" "bastion" { + compartment_id = var.compartment_id + target_subnet_id = oci_core_subnet.subnet.id + + bastion_type = "STANDARD" # locked + client_cidr_block_allow_list = [local.local_ip_cidr] +} + +resource "oci_bastion_session" "ssh_port_forwarding" { + bastion_id = oci_bastion_bastion.bastion.id + + key_details { + public_key_content = var.ssh_public_key + } + + target_resource_details { + session_type = "PORT_FORWARDING" + target_resource_id = oci_core_instance.instance.id + target_resource_port = 22 + } +} + +#################### +# Instance +#################### + +# See https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_instance +resource "oci_core_instance" "instance" { + compartment_id = var.compartment_id + availability_domain = var.availability_domain + shape = var.shape + + create_vnic_details { + subnet_id = oci_core_subnet.subnet.id + } + + metadata = { + ssh_authorized_keys = var.ssh_authorized_keys + } + + shape_config { + memory_in_gbs = var.memory_in_gbs + ocpus = var.ocpus + } + + source_details { + boot_volume_size_in_gbs = var.boot_volume_size_in_gbs + source_id = var.source_id + source_type = var.source_type + } +} diff --git a/examples/terraform/oracle cloud free tier bastion/outputs.tf b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/outputs.tf similarity index 100% rename from examples/terraform/oracle cloud free tier bastion/outputs.tf rename to examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/outputs.tf diff --git a/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/variables.tf b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/variables.tf new file mode 100644 index 0000000..f5de454 --- /dev/null +++ b/examples/terraform/oracle cloud/connect using ssh to an instance through a bastion/variables.tf @@ -0,0 +1,67 @@ +#################### +# Oracle Cloud Account +#################### + +variable "availability_domain" { + type = string +} +variable "compartment_id" { + type = string +} + +#################### +# Networking +#################### + +variable "vcn_cidr_blocks" { + type = list(string) + default = [ + "10.0.0.0/16" + ] +} +variable "subnet_cidr_block" { + type = string + default = "10.0.0.0/24" +} + +#################### +# Bastion +#################### + +variable "ssh_public_key" { + type = string +} + +#################### +# Instance +#################### + +variable "shape" { + type = string + default = "VM.Standard.A1.Flex" +} + +variable "memory_in_gbs" { + type = number + default = 24 +} +variable "ocpus" { + type = number + default = 4 +} + +variable "boot_volume_size_in_gbs" { + type = number + default = 50 +} +variable "source_id" { + type = string +} +variable "source_type" { + type = string + default = "image" +} + +variable "ssh_authorized_keys" { + type = string +}