From 5e02cdc7ed82ac10375cacfca6920f20f5729059 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Thu, 13 Feb 2025 00:29:25 -0800 Subject: [PATCH] Add vps capabilities --- agenda.org | 13 +- config/emacs.el | 2 +- config/nix.org | 180 +++++++++++++++++++++------- journal/20250211.org | 6 + nix/modules/cgit.nix | 6 + nix/modules/conduit.nix | 12 ++ nix/modules/configuration.nix | 44 ++++++- nix/modules/git-daemon.nix | 1 - nix/modules/gitweb.nix | 7 ++ nix/modules/home/user.nix | 3 +- nix/modules/home/zsh.nix | 2 +- nix/modules/nginx.nix | 77 +++++++----- nix/modules/ssh.nix | 8 +- nix/systems/installer/default.nix | 2 +- nix/systems/spontaneity/default.nix | 4 + resume.pdf | Bin 17816 -> 18249 bytes resume.tex | 36 +++--- 17 files changed, 296 insertions(+), 107 deletions(-) create mode 100644 nix/modules/cgit.nix create mode 100644 nix/modules/conduit.nix create mode 100644 nix/modules/gitweb.nix diff --git a/agenda.org b/agenda.org index 19714dc..e45fe76 100644 --- a/agenda.org +++ b/agenda.org @@ -19,14 +19,8 @@ project, it can be referenced here. * Tasks These are general life tasks that I need to do, which don't depend on a specific time or date. -** TODO [#B] ToughNix -I need to work on my monorepo flake which builds all my systems, and should accommodate future -systems and also should be relatively abstractable (i.e. identifiers tied to me should be easily -removed from the flake). -*** TODO [#B] Migration +** TODO [#B] NixOS VPS Migration Migrate all my services to NixOS. -** TODO [#B] CSS -I need to update my CSS for my website to look better. ** TODO [#B] Nullring Update the nullring to be in org mode, and also include a couple more sites. ** TODO [#B] Umami @@ -48,12 +42,17 @@ I want to make an analogue computer. * Scheduled tasks These are one-time tasks that are scheduled at a particular date, and that don't require regular schedules. +** TODO [#A] Clean House +I need to clean my house very soon. ** Friends These are tasks related to seeing my friends. There will be tasks listed here when I schedule something. * Habits These are some habits I want to track. They are repeated according to a calendar schedule in general. +** TODO Run +SCHEDULED: <2025-02-11 Tue .+1d> +I want to be able to run or bike every day so that I get my exercise in. ** TODO Stretch SCHEDULED: <2025-02-12 Wed .+1d> :PROPERTIES: diff --git a/config/emacs.el b/config/emacs.el index 787b8d9..f71897f 100644 --- a/config/emacs.el +++ b/config/emacs.el @@ -106,7 +106,7 @@ (org-latex-preview-image-directory (expand-file-name "~/.cache/ltximg/") "don't use weird cache location") (org-preview-latex-image-directory (expand-file-name "~/.cache/ltximg/") "don't use weird cache location") (TeX-PDF-mode t) - (org-latex-compiler "xelatex") + (org-latex-compiler "xelatex" "Use latex as default") (org-latex-pdf-process '("xelatex -interaction=nonstopmode -output-directory=%o %f") "set xelatex as default") (TeX-engine 'xetex "set xelatex as default engine") (preview-default-option-list '("displaymath" "textmath" "graphics") "preview latex") diff --git a/config/nix.org b/config/nix.org index 718fd8b..d19cebe 100644 --- a/config/nix.org +++ b/config/nix.org @@ -354,18 +354,18 @@ underlying interface and it breaks significantly less often. ** SSH My SSH daemon configuration. #+begin_src nix :tangle ../nix/modules/ssh.nix -{ config, ... }: -{ - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = true; - AllowUsers = [ config.monorepo.vars.userName ]; - PermitRootLogin = "prohibit-password"; - KbdInteractiveAuthentication = false; + { config, lib, ... }: + { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable); + AllowUsers = [ config.monorepo.vars.userName "root" "git" ]; + PermitRootLogin = "yes"; + KbdInteractiveAuthentication = false; + }; }; - }; -} + } #+end_src ** Tor This is my tor configuration, used for my cryptocurrency wallets and whatever else I want @@ -462,7 +462,6 @@ Use postfix as an smtps server. services.gitDaemon = { enable = lib.mkDefault config.monorepo.profiles.server.enable; exportAll = true; - listenAddress = "0.0.0.0"; basePath = "/srv/git"; }; } @@ -473,7 +472,7 @@ Use postfix as an smtps server. { services.nginx = { enable = lib.mkDefault config.monorepo.profiles.server.enable; - + user = "nginx"; # Use recommended settings recommendedGzipSettings = true; recommendedOptimisation = true; @@ -481,42 +480,88 @@ Use postfix as an smtps server. recommendedTlsSettings = true; # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; + # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - appendHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - - # Disable embedding as a frame - add_header X-Frame-Options DENY; + appendHttpConfig = ''''; - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # This might create errors - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; + gitweb = { + enable = true; + virtualHost = "ret2pop.net"; + }; virtualHosts = { - "ret2pop.nullring.xyz" = { - # addSSL = true; - # enableACME = true; - root = "/home/preston/ret2pop-website/"; + "matrix.ret2pop.net" = { + enableACME = true; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + locations."/_matrix/" = { + proxyPass = "http://127.0.0.1:6167"; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffers 32 16k; + proxy_read_timeout 5m; + ''; + }; + + extraConfig = '' + merge_slashes off; + ''; + }; + "ret2pop.net" = { + serverName = "ret2pop.net"; + root = "/var/www/ret2pop-website/"; + addSSL = true; + enableACME = true; }; }; }; } #+end_src +** Git Web Interface +#+begin_src nix :tangle ../nix/modules/gitweb.nix + { lib, config, ... }: + { + services.gitweb = { + gitwebTheme = true; + projectroot = "/srv/git/"; + }; + } +#+end_src +** Conduit +#+begin_src nix :tangle ../nix/modules/conduit.nix + { config, lib, ... }: + { + services.matrix-conduit = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + # random comment + settings.global = { + server_name = "matrix.ret2pop.net"; + address = "0.0.0.0"; + port = 6167; + }; + }; + } +#+end_src ** Nvidia #+begin_src nix :tangle ../nix/modules/nvidia.nix { config, lib, pkgs, ... }: @@ -574,6 +619,8 @@ because they enhance security. ./dovecot.nix ./ollama.nix ./i2pd.nix + ./gitweb.nix + ./conduit.nix ]; documentation = { @@ -801,6 +848,10 @@ because they enhance security. }; security = { + acme = { + acceptTerms = true; + defaults.email = "ret2pop@gmail.com"; + }; apparmor = { enable = true; killUnconfinedConfinables = true; @@ -840,16 +891,39 @@ because they enhance security. config.common.default = "*"; }; + environment.etc."gitconfig".text = '' + [init] + defaultBranch = main + ''; + environment.extraInit = '' + umask 0022 + ''; environment.systemPackages = with pkgs; [ restic sbctl git vim curl + nmap + (writeShellScriptBin "new-repo" + '' + #!/bin/bash + cd /srv/git + git init --bare "$1" + vim "$1/description" + chown -R git:git "$1" + '' + ) ]; - users.groups.git = {}; + users.groups.nginx = lib.mkDefault {}; + users.groups.git = lib.mkDefault {}; users.users = { + nginx.group = "nginx"; + nginx.isSystemUser = lib.mkDefault true; + nginx.extraGroups = [ + "acme" + ]; root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" ]; @@ -859,8 +933,14 @@ because they enhance security. home = "/srv/git"; shell = "${pkgs.git}/bin/git-shell"; group = "git"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + ]; }; "${config.monorepo.vars.userName}" = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + ]; initialPassword = "${config.monorepo.vars.userName}"; isNormalUser = true; description = config.monorepo.vars.fullName; @@ -874,7 +954,12 @@ because they enhance security. "olm-3.2.16" ]; - nix.settings.experimental-features = "nix-command flakes"; + nix = { + settings = { + experimental-features = "nix-command flakes"; + trusted-users = [ "@wheel" ]; + }; + }; time.timeZone = config.monorepo.vars.timeZone; i18n.defaultLocale = "en_CA.UTF-8"; system.stateVersion = "24.11"; @@ -2486,7 +2571,7 @@ standard. programs.zsh = { enable = true; initExtra = '' - umask 0077 + umask 0022 export EXTRA_CCFLAGS="-I/usr/include" source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh export QT_QPA_PLATFORM="wayland" @@ -2618,7 +2703,8 @@ for these configurations. (writeShellScriptBin "remote-build" '' #!/bin/bash - nixos-rebuild --target-host "$1" switch --flake .#spontaneity + cd ~/monorepo/nix + nixos-rebuild --use-remote-sudo --target-host "$1" switch --flake .#spontaneity '' ) (writeShellScriptBin "install-vps" @@ -2755,6 +2841,10 @@ Spontaneity is my VPS instance. grub.enable = true; }; }; + config.networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } #+end_src *** Home @@ -2806,7 +2896,7 @@ This contains the installation script I use to install my systems. enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = null; UseDns = true; PermitRootLogin = lib.mkForce "prohibit-password"; diff --git a/journal/20250211.org b/journal/20250211.org index 37a9a41..481fc5d 100644 --- a/journal/20250211.org +++ b/journal/20250211.org @@ -12,3 +12,9 @@ Today I wrote most of my resume, which is published to html and LaTeX outputs automatically. This was a kind of miserable task but I did it anyways. I'm going to maybe try to write some form of javascript CDN for my NullRing webring so that I'm not manually updating everything. +** 05:40 +My agenda is also working pretty well. I think I often look to my +org-agenda as my source of truth now, and that's really been helping +with keeping track of things. +** 18:17 +Today I'm showing my brother the monorepo and its abilites. diff --git a/nix/modules/cgit.nix b/nix/modules/cgit.nix new file mode 100644 index 0000000..cfb9158 --- /dev/null +++ b/nix/modules/cgit.nix @@ -0,0 +1,6 @@ +{ config, lib, ... }: +{ + services.cgit = { + enable = true; + }; +} diff --git a/nix/modules/conduit.nix b/nix/modules/conduit.nix new file mode 100644 index 0000000..954e5fc --- /dev/null +++ b/nix/modules/conduit.nix @@ -0,0 +1,12 @@ +{ config, lib, ... }: +{ + services.matrix-conduit = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + # random comment + settings.global = { + server_name = "matrix.ret2pop.net"; + address = "0.0.0.0"; + port = 6167; + }; + }; +} diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 6f8f314..bd37c77 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -14,6 +14,8 @@ ./dovecot.nix ./ollama.nix ./i2pd.nix + ./gitweb.nix + ./conduit.nix ]; documentation = { @@ -241,6 +243,10 @@ }; security = { + acme = { + acceptTerms = true; + defaults.email = "ret2pop@gmail.com"; + }; apparmor = { enable = true; killUnconfinedConfinables = true; @@ -280,16 +286,39 @@ config.common.default = "*"; }; + environment.etc."gitconfig".text = '' + [init] + defaultBranch = main + ''; + environment.extraInit = '' + umask 0022 + ''; environment.systemPackages = with pkgs; [ restic sbctl git vim curl + nmap + (writeShellScriptBin "new-repo" + '' + #!/bin/bash + cd /srv/git + git init --bare "$1" + vim "$1/description" + chown -R git:git "$1" + '' + ) ]; - users.groups.git = {}; + users.groups.nginx = lib.mkDefault {}; + users.groups.git = lib.mkDefault {}; users.users = { + nginx.group = "nginx"; + nginx.isSystemUser = lib.mkDefault true; + nginx.extraGroups = [ + "acme" + ]; root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" ]; @@ -299,8 +328,14 @@ home = "/srv/git"; shell = "${pkgs.git}/bin/git-shell"; group = "git"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + ]; }; "${config.monorepo.vars.userName}" = { + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" + ]; initialPassword = "${config.monorepo.vars.userName}"; isNormalUser = true; description = config.monorepo.vars.fullName; @@ -314,7 +349,12 @@ "olm-3.2.16" ]; - nix.settings.experimental-features = "nix-command flakes"; + nix = { + settings = { + experimental-features = "nix-command flakes"; + trusted-users = [ "@wheel" ]; + }; + }; time.timeZone = config.monorepo.vars.timeZone; i18n.defaultLocale = "en_CA.UTF-8"; system.stateVersion = "24.11"; diff --git a/nix/modules/git-daemon.nix b/nix/modules/git-daemon.nix index e71356e..e5e2192 100644 --- a/nix/modules/git-daemon.nix +++ b/nix/modules/git-daemon.nix @@ -3,7 +3,6 @@ services.gitDaemon = { enable = lib.mkDefault config.monorepo.profiles.server.enable; exportAll = true; - listenAddress = "0.0.0.0"; basePath = "/srv/git"; }; } diff --git a/nix/modules/gitweb.nix b/nix/modules/gitweb.nix new file mode 100644 index 0000000..51cff87 --- /dev/null +++ b/nix/modules/gitweb.nix @@ -0,0 +1,7 @@ +{ lib, config, ... }: +{ + services.gitweb = { + gitwebTheme = true; + projectroot = "/srv/git/"; + }; +} diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index 85b6a70..7872d53 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -65,7 +65,8 @@ (writeShellScriptBin "remote-build" '' #!/bin/bash -nixos-rebuild --target-host "$1" switch --flake .#spontaneity +cd ~/monorepo/nix +nixos-rebuild --use-remote-sudo --target-host "$1" switch --flake .#spontaneity '' ) (writeShellScriptBin "install-vps" diff --git a/nix/modules/home/zsh.nix b/nix/modules/home/zsh.nix index fc041e9..0c5bced 100644 --- a/nix/modules/home/zsh.nix +++ b/nix/modules/home/zsh.nix @@ -3,7 +3,7 @@ programs.zsh = { enable = true; initExtra = '' - umask 0077 + umask 0022 export EXTRA_CCFLAGS="-I/usr/include" source ${pkgs.zsh-vi-mode}/share/zsh-vi-mode/zsh-vi-mode.plugin.zsh export QT_QPA_PLATFORM="wayland" diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix index 18becfe..af2d42f 100644 --- a/nix/modules/nginx.nix +++ b/nix/modules/nginx.nix @@ -2,7 +2,7 @@ { services.nginx = { enable = lib.mkDefault config.monorepo.profiles.server.enable; - + user = "nginx"; # Use recommended settings recommendedGzipSettings = true; recommendedOptimisation = true; @@ -10,37 +10,58 @@ recommendedTlsSettings = true; # Only allow PFS-enabled ciphers with AES256 - sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - - appendHttpConfig = '' - # Add HSTS header with preloading to HTTPS requests. - # Adding this header to HTTP requests is discouraged - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - - # Enable CSP for your services. - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; - # Disable embedding as a frame - add_header X-Frame-Options DENY; + appendHttpConfig = ''''; - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; - - # This might create errors - proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; -''; + gitweb = { + enable = true; + virtualHost = "ret2pop.net"; + }; virtualHosts = { - "ret2pop.nullring.xyz" = { - # addSSL = true; - # enableACME = true; - root = "/home/preston/ret2pop-website/"; + "matrix.ret2pop.net" = { + enableACME = true; + forceSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + { + addr = "[::]"; + port = 443; + ssl = true; + } { + addr = "0.0.0.0"; + port = 8448; + ssl = true; + } + { + addr = "[::]"; + port = 8448; + ssl = true; + } + ]; + locations."/_matrix/" = { + proxyPass = "http://127.0.0.1:6167"; + extraConfig = '' + proxy_set_header Host $host; + proxy_buffers 32 16k; + proxy_read_timeout 5m; + ''; + }; + + extraConfig = '' + merge_slashes off; + ''; + }; + "ret2pop.net" = { + serverName = "ret2pop.net"; + root = "/var/www/ret2pop-website/"; + addSSL = true; + enableACME = true; }; }; }; diff --git a/nix/modules/ssh.nix b/nix/modules/ssh.nix index 5c705c9..076ee47 100644 --- a/nix/modules/ssh.nix +++ b/nix/modules/ssh.nix @@ -1,11 +1,11 @@ -{ config, ... }: +{ config, lib, ... }: { services.openssh = { enable = true; settings = { - PasswordAuthentication = true; - AllowUsers = [ config.monorepo.vars.userName ]; - PermitRootLogin = "prohibit-password"; + PasswordAuthentication = lib.mkDefault (! config.monorepo.profiles.server.enable); + AllowUsers = [ config.monorepo.vars.userName "root" "git" ]; + PermitRootLogin = "yes"; KbdInteractiveAuthentication = false; }; }; diff --git a/nix/systems/installer/default.nix b/nix/systems/installer/default.nix index d3d1693..90a58db 100644 --- a/nix/systems/installer/default.nix +++ b/nix/systems/installer/default.nix @@ -21,7 +21,7 @@ in enable = true; ports = [ 22 ]; settings = { - PasswordAuthentication = true; + PasswordAuthentication = false; AllowUsers = null; UseDns = true; PermitRootLogin = lib.mkForce "prohibit-password"; diff --git a/nix/systems/spontaneity/default.nix b/nix/systems/spontaneity/default.nix index df3dc6b..a40c53a 100644 --- a/nix/systems/spontaneity/default.nix +++ b/nix/systems/spontaneity/default.nix @@ -17,4 +17,8 @@ grub.enable = true; }; }; + config.networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/resume.pdf b/resume.pdf index c8d7f420c984d1c02b87e0a43be2a4391bc825e6..5e674f878c0ce450ca6596707896c1a8ec63e1d0 100644 GIT binary patch literal 18249 zcmY!laB0nvxbLf;}#g_H@H&)f$PB|8iw`P^*@-9&t$8q$gCS2;@M}Pb*WZ%s_MJlE1I

Y=h~*gRKs}&`ek{?gx?{NkHQ zUw(Idu=wO2y(MwZk14&MCW^cK-koD2|JNvo-LR8c>;~_L89yF~=Ot7X@0B=y#d5x0 z+56ha^D$q!wrpm4s?wDp&ZwSu!G@7V(C*kIfTj=U7!0y&t=L%ExV7l&TG6xCI@iH zRm}PPQ19~ugX{KoF|mi`gTDsvuDSnIK}qIEdBWz;m2+45?!GdwY5KyYcTbzOEtB|K zEA+`>z3u;^%2HE%tGyW#!p~gY6CO^y!OPE^|GFr)+s41URKC7h;NI5Ln{TIY)#QG% zO4|Cfk$3pYD!JfSR%P$j<%;knx&_}Vox5CPgUkl+QcHmfHO6zZ-JYF(ld3yoc7Dn< z-e;`NtV<7mj40vNfAW}@WhXnEy+WK!w1nQNC%5hDH8rMwUK)F9*90%Kv}48VE-#<` z)7`r+`A%t#>SUiQ3#9rlRm`4pbnoj;rP0}%nQhkZjyi<>XE|=&Hs7c~^Jd4Eit|4; zww#+EzAC3Ds#aHispz`%xf?HUu+?X)W_T$UT-L-cdzdw#-70nF*S7PY6`8C>+uj`4 zI5_*;#3$$SjveD|IGm`-mbFYOuoMIB2)X7o#mTMCb}wze}7!R=sKgB#G$k`kqb}X zUK2BaZO{dWiIU}Sqa-R+C!hUjb)wQG=KdPH-*3yx$}M-#JGYOUC5mmzkH&P7Ej0nr zf!>=ZM{e}v=4`xLE?m4*==`RC{cBF&eOpv9$*;r-fKRf2iDIQ0O5M80A@h|0y*2gp+o>S;<@+>OT_?*r1nhpME zQlqck%wn2#+2q;JqWK@6v0n?S@y^93Hl_kL9*xs5e|Q-QzKP$&ozH zkBo0DzBeu?Yv}r!lE$pQGI*-m3GbROH_}?y95p(d5N2k(Z{hPE_Z2b=i;H{B7e-2@ zmm9Gk)(ffV-|#x6JXhrDVx22X)E%lHtO`2lA2iqGz}_`2Rq3uG%&pgL&KimQQ~uCv zBlK(egWHCCG)-D#yd_RN>YcZs%}8F#__xCLw6I%OHhrFUOrk@DRs8;8OP-QW17+qS z39Ih-{j(Y?V*e|rb!Y)pxdqSlJ$gw zwTYJtmejtR{C?}rT8HvC3${*(TzPpubJFK-{a#7iDO)8Yjy?RKVEORhyRuuS^;82T zgYHhMJP`Lq;HO5>ixZ|fHhtwuO^5f+@Uh7_8+PfHP2&1nleM(x7xOG{yL^OObf1`O z^1TeTCzE}m_SiC=KJh>AXm#sSfBv`UxF_2FZw&Y)cmHAAVe#)D)(M?7-#G0VTfas_ zhvt(D-(`NyUT0t{KhHExgg^7yrG|MoEMt_~ccsrc-kzmAMfU2;DqY@htLJ%edV7ET zf9cwi>2n{=-8#j0*E=Q46)jHk{xK^I?i&Aod-v@5%`cPe7R=pnY_9P4n3M14&y~D# zZ^lE-8||-ZeJq^alJqSM_FU+DU9roq>FI990?9+>kzL2muv@RZDH~RBso3aZ{Prl0 zJ#XE&2Z%e=>Lx0lVapYemYp)!#ph(fa?N7S)PtOH<+|^ec$h^AIC%Vb?A}~o z4aR$?-DbOG^p4#xt4R1c-x4?ce3)67c- zy4PJ-y|j~=p~3R~hUS41o$qgFpH#mgd{vXhvf=>OoQlI-Y(IariGFDnz3|;B{Hp@% z6vkYEwh8Z6y9cW5P_sL;RA_GLZ;rJ4tuu92)lM&DXh4rK*>; z#c+*OwsYsIoGCMnrCODvCChpiPb)lQ)R%e8_t(>l0)+~>>rUScR+^n=A$F&=uBBCd z!?Ns~D>pa_C?qy1v^SpO&97ddKm^1&w4*_PQ~{=J#w$l%xi z&Al!6)~blF=_jY(dv46N-#WX>@BNiHp6thDQ(8QMBkg>(>+IAF z-+A-?S6sjJ*-7Zaj|-pb?nui?Isfe8I~;sqSK>r&lN8cay!TwbakuEaeF13E)(I? zJl{MfTDfb_azvPBAT6%;hJyr`AboPUd^d#^uYm1;m}<_;UMK>h$Z~ zH}B@`llT`|#y^9`aN+RAs0iy0R6x<6s^ zzHxlsg7XV*>wGrZ$o1`xLwk9P&F_8Qi++eyzKcqGS~h8+%k0=aLXY})uU}9(HElP) z`7%Yjq{R!pZJy2Dbg}R0(Syq)@7G%Xv)R&W_q(G`-Y<2oysOH$v!~ZD`DO6U_PE#6 zEjnB?S1`6OiIw-4{Kzy}Z@PSu&2z`r^&4Csa#Xt;2T$Fa#r-*#W!a7}wi=egP0YeN zGJF|rc1hD;mHDkJJ5;xNq2H%j=Tdt96xeyMw7Df=iQ1DhpEeLn;eW4W03{ zV@=HrOpzP1Ya=)-fbREtH%-xoT$pzhZ7JqgVEi zKigN%Qa`!#`JC_7```ba#=2kOsPoY9wjJe}=_dhb)G9m4i0|2ITb@VE8u{GtBO_B-D{+bX51<7o@F zYc6j#cqrl1z{#q2aCMV+Q@xE*_P0NoFS=eDr?;&M$Tr$~>Ici-HxpaA#ZM&}rJ9GO zXg{?|t=Xg_QR^{z^_5wBKc)QDxhb|YW|{wl(;{9|W40wF-#BL~9d>%z+It&(w?)m< zx$d?)C2^&pR_Yp^5J_$SYbTeV7Rg%cQ~I}CCv2|F@+;a`PwtA`lxh{Z#b^1%<60Nh zD&5w^9M*3+VN&!qZmD0p-RUV-k$cRnBK7+xzr1RcTC_&Xv~R!M-*o}%uT!PgO09kG zs{LYx!B)TZ-B-0tt0Z?B<~&{XTH-6`#j1aCbA@zIU*Yh@>LO>4IpMXFyu zZT#hrtzl8*oS@}_uIY=aF9u4jEfR5BCqNJBkdhK@pY2?qFb~k;) z+_Ozqow>O8)y3s?yW&?~KN;E;Y5)5{eP)8qfOBsLvj-`KvPedEp> zN;x-gTs_2_Y}U^y{^ro4PL+jX#|@ackEkV0-mrV)?+q(&{Jp^(VPM8PyYK9Qv?RsF z*6GRp3+{g2@bkv}jjcD5axAwoMR(eEu00f%?4OvuVQYlOHo4mkxknCd@Vz0HqrHvy zc3*3<^@h1O^xg>CF&tmud_B4F#&f2X5AMu3WGK%*J5%(1Sab1h#Zvd`e#{W@-$l^cKY*zI_@q<)ru$C|I&i9I{!3yVt1 zx=rwJ&Iyi_+kDqcv!FNM()GDV8!t_oJ9qvR&zB#s%lLjv z3t-H0WOlmnU1#(B#EFxi9c(xq&{H$zpN~^=&EiYDZ~VM|ZQ7@8Vof%80>bZc?&{Qj zJ^!HxXSw+Ig*!rBzBwj+c*(xZ?cKicS-hX#uuc20-)LLoS_ig8y6;QX^k#qGq7<=9 zJTY7%?n`}5&?y?x3VW|rrVo-ODWwzQpd^rXUsf4nyF|J?KiEk3cG@0RbIWF&X* z^?q4FpZ~lBCVR8Te!X1rkUF2FHAK1OCvE$$J?C|DH zg^1rSE=SJAY6n{?UTE^!y{&`e%i%-MxBq%@)A7WdY4PRKmYiYz36Cb{wEwj%V3IMr z`Ps&MrC*@sp7U?QHb{Q6aCm(%E=_y$on>zKR8CxA*>L<^Z=t~cmzVV?EdAQ>LSQ0m zd}Q^E#~GJTr9004Yx4R_fNDXXf!~sP4g;R#5 ze%RMAQR{}%Gqos255}sJ4@&HU&HOii<%p_Ha4Htrr>uN&5BtwTyLLyzJ3QfWf5r4B z$gw*gJ1p7jmhag7Pi%kr8jaa~^S&$XzdWbwvci7@fU2q{FJEc`$ktWtu-M!er<<1JI?VPNvvkyz-)2Q>&pW!vrQd^4c;bqdXB_oyPr0Q zxWbqBUYtuh=>oh<$8)m?pym(D-bqSYqzZko8j+>%3= zZqup*2SK z>_m;@KMn{!o535Z#3~({Qu?W}il0wEX7(ogm5#Ol3}>yWs-M66MA@X3%wM8Ec`w=~<(W!Stp1yE+~hymPgmc5TAV4eylxcDD$2y=ticdBVyt{oy;;NZZMm z51m{wDfLi|%Dvr*Y*z{77kt{8n`_LduCimp@#Vz_SHyO#?0J93 zY{@Pz1-^ZGHQV?95BR>>RG;CV_~M%nZYpnhw%lo_+&zCguJZ@E9|_Ht-Qd%F_2d*~ z#_siTjl%nQWS=xGQJJm%h-DkEkDSNj&-EPD+S%r;w^v<*_9N`IfyH9S+uFT8PkbI6a3|Vv;oS_EiR&LY-dho6bBLotUh>g> z-oK9~f8`bRU8|e>Gm=&+QkNWFMR~o%5l- zIHrKFaofQK4c8Ne0;Fd?l}N=Rd*~`$b~7?5)>!3U3WMoi*v!fx@I8 zJCns#oEO+{j(!;B@wMwf_qpVIV&0lxL!2uxxa^*O>mX&$ye`(NKsM*S7Ds#$(xxVvRIXSGY; z_8ZOflGD_WZtdaHZ%kj)Y8tKK-=f@D+w?-vvc2(iFSY7CdW1EnqzhODkT-nw`g4wpgv-pcL5>kAw?UB6Br1?&+BGkk0jMbFe z6U*8`>Ydi!0a7cF(n&mY3El8^dr;_X(Ht1EH@D)AV<~W1A8D&v-d6$GIaD z8z!nI1s$`TI8n0WPiKs>_7l0chiuO;^p4qk^xWqYkx_!*|7<<`Dxx>(dR5f9@6Ur} z^>5odo`3$AcTVbql-YmRyjFd$AgFyRPD$mkj#TbDK9Lk%r5}Cq*Y5=1FMA+xwqH+P z*WKmE@x8)Vn3*5iekfC!n;tI~ea-rFYs!iEfcPWd|4dxEV3OtG+uOu%rfH`2UD|3< z+>pt}o3Q_H!`|C*ZL2zG@7PkP5h28z^hxB`ThA+6d$umfn^0=L`#bZm)B=Thu@>f& zA2kIndURkhOJ@9)-OqJBWmjlveG`~};Nznn5!YjJ4l1c8GLxDbqwfEl^)IL^{Eqg* zeKqobo~Qn(NWY-U63p9tg4du<#cR&{sEM<3f@Yb|d|6R*BI>w^q@zSF@6@Mnuk}8A zTl!N(vgSp@ge@``zde<6o0gN${M%MH)Rx!%)~wg;)wl1nB7MLZU6NwG|J`{ zZ>yfKsj>LP!@E;6T|cf!4itY;bSU)7oVT9V2W^^WS0~EN(UN3|y|=h`tGh<mJROt~nN%tj{PH zaP~v<4K4FkOU{W>)#k<%@0w_dna|Rh*r+boMV9^96!t(khI5 z1LtkYu@x1Jp1>)m{Oy6}%$Jp&ku7}tABYt7THMIe47ib$Q==@v#++ZmbgpRM659j* zI|BK7?>^Wz?SjVIsZDH5W`{Z}PQG+HAGLZ~C!>d>bIe(VJAY4}c3+Tau;S(Aryux! zq*u5r@hI&7YX0+h*WBkxT*d)67kv)oJG1Hd7Po0@ovr4Wq~EL!TA<;bY4AeDlWLch@(r!@pC!X1%c21c8R7Q7yYnJd&0l$6#oq_>a)^%-AiW$ zq>BDtvfxnkEA6#uU4n-a3)b!1K3!pdezvwX2iwFfZ|-aky&?yjE1RBgoGNwn+lM9p z%;U4)*(s{J*Ib_`bojuvHKnWPam_bYU-Mo+=tAi2i&23u-|0y0xaaYqh1>4Q;}6D5 zc3$;za$4L-I~jgc$n7UjYtj_a+qDlQJ{!%q z6sqIV-XU&(} zUz~~jEw+C7gWDAfe=gi&t$(rRdu)qwlUiXBfPCExIqz zU4P#{_b}5R%RB0ut*#_}=3BRly?y59J~~Bu^ICpv?VEb1Ic9-X z%~!6YuRqjTEc|-JKz?$Jr}&-ETz?*XO7`G&jK8;Hg8YG&KuwKaw%2`3R{etabgn&# zKD3C(f?>~Pug{kLsoN_mwdIbn7iq2KUBPY>@%I#G_{7sMb*eHqe3mVksnEQ?`p=;& z^Sht@wpjV#-L9QQpHhQ=1>bbpDZP)Kbuq(!C%YHzr=+dUZfSdVdB6GvqXSG8=KVV7 zHXctbY@BRzr**Rb*00;-Cz&+8x>FSEZ1}V#DfyzEJKut<3d-SfpG#Q2N}ikkI|0gtE7m4lvAr=-~cyEo@1-CCHCi5nIX-GG^@#T^4 zAN$F?@(ZSPs{H&WSy<=0>te=PrjnGhrwt;r_8qp>FH+k4!Gy2vM%nuWKSR;k3s2ph zc(CoZv4hk`!T8PYGrHz$3l%N>F-PyG`y{gqFTPFd;gg#_|AF(&2bz1jYWB!n+;PhO zY3#T(p#*d~~AWq)|_l&d}K)PscuAHJ^l{E;(f&CRXqX}_OsX%1K2 z@aI@^TlC*eQv7xspRQWMYEr4CC9ptowLinR5VI`3+x(hYoKux38V^QH(*Dw`i^9vp2kVd`?Zt@-o(Vc1YyZjfjYY&fj-vz1hpR zWukEO_l22OGhD5ub3?ZoIe(R_t8@E&OsnK++3Fun83LD7dGilSPIz=K;C<&FUDv1I z7CkB}uMK>8KS46|R$NS2-unms(G9;cn5!5!G^jqQn7_75UbrYTAmem0*JDe?snY3J zB+80~erRnCHtFX!Un+gMXJtv^KGXddQqGya-~6QQU`dyz6Ysvs8lNk?RorErT0ZAx z^BtX%~q#Sb5P z^OZjHzW*@2UG5lj)Q^(INtd&Q{LVHiUU?pHq>`t1U%zCfad#~_!!|}H|TAH7Fa>fW>zx7=~%{W(gtIzVeE4>zN3tL^9xmLIIzJQ3Rc!+@bGzP{= z44l?2vXkbhv}{QdU)9!w z28+de{mxmQ|5X3)eDS&BV|>!~a+^1APPQ@I_4Y%ALc89=FUA@SNN!1 z`H`v6QWFood5!;sbvc7uPOB7MjrnNS>9U4vS_kveM4^wb&dSB*&A!%|zV7xD%{cXm z-b%HHkH`hqB?i@R+&=^r=9wHco9>@*B9R%T4PlC`a>2J zN=i8{vJvr`ddWUWYMqdBuUvMFTW$#J?^P9hy)>o7w3#lRVQ8%vd4G1X;nejZ>qJ(o zY}AVDpYI~05Zc!M^O)jZkC2KbB}ZB`mWIfES^mxPk%#Am{1k^7E|yBu-JkmZKhj_M zR$5L@%zRUrq0#G!bt}CzIl1TjPUrbo9_Z-&$Z%K3-J>?~PwM~j9)1%ilWs0LyKk>y zUf*A)->#4CHbj3s!*=jmq4kE?8RpM^JE;UV{7^dl!TA zcN>asoA&&*#hdKiR@S$7G!))^eD22MZ|iUCZ@!;H$&4EoAMNAMlz%C0NxA2J#+!X5|BBQ4 z>uY!Z5uF}xxA3l{`m+P8{nn@XRpm{({={|idEc29PbXZKS#CCQ?}`{3*FP6S-ml#6 z`+5Gf7YF_YUlz$r43Cm?_0Y~hj+BF|TW(399`F6fF)K_y?^_}3DJR*pNZ5YLF$_t^0l&*wDc?KwGYEuPc;6W`~BRvPaVmg z&MAf|xtmuUKD6o24TXyv{^@@z?>+gxGRW>X`@FCRvn3|In{_1Oqe!#g{H%_1p2ka> zHq?vHj!nMt#YS{?r;XYAp2XryE9FAcOkBgCU*g+f$u0CIvRk%h_hC6J$7(OJbrViX ziS+7TYkQ{FYU&em_TG{(j~;6tujV-`pZiINH1XJo>YvzjjpNmas2gkaFVF7b?OA#H z0@JEat2>QX8MyD%3w8P3+Nii;YL#i0#=96J-b1CDvJ$SCK?RdPI*pLdt- zIOk%^i4DrzYz5j1v<_w_YKL$>Se-GaKI57Eo0d7kcRY`N_#7u1ra1FN-R-FEyZJdB zrLQ(KPrsG7y8GpVCn0Co9XWHJobRW{AHR0_^7CK0)6aAjgsx{i-MAyq?SE6*^=S?3rwL|Q-l@6$PeR-) zcISl~w`#sDo*$*a_<*G#w$}8~q$le8`Ir9}kan#9me=e*cXMj(L8%XR5mR>ARFxiS z>bSf5z8llG!{RGGY}s)}wo~%7^7Z_gv6Gz2L;t<~&is7Mb;-Dz7t6~w$hHOfPT%Ci zw9ZH3UDhcfiWNyUYG>Ycf8foG4=XvhINX0|dEghG2`U1>cX6bD_zLH6C ziQnt5RSVdC)+zdGO7$H+cy5Y_|JiMVhbj*2>@aLyAQ94RChJ%x_VSkF^t=}H+r2AW zA6Oi&YgeCn&HMU^XYEFNxV-nY?k&D6`0s;krq=3(N)?K;Cr;pV*?o@hNY;y$7sDEv z0-BbHNvyK8$?osFJ%jhUv;VK<@w4q%<_inNS4~x(8^-)zB7c2Fp3z+mop-v{cLU2g z4Yu2ViBVzFt_d$<%42FYIaYG8JNH7(Nx^$RPyN>Wd0Nn{J4-BVj!usC^)eX)aklau z>pv94D|@kPR&BKl^jCjxkS?dO-o%ulZBO;;`s07Do9{d)`j)Y7snP09QL)0+N;Xs1 z-I^jk<+Z8A^||*r^P2X5uc=tMcJ&_VFOC0Z9Cj?7D7wmKeNEG!r_YZ2?tQ>hnEq7q z+`UZM8`8V0%|8lc{CHOxa!DrfwZKh|=!Mc-nb>CsPujCp+I>N3E05FCG80KbEuQ&r zcK6;pHYKTG+D{pK=2azOyoI9QPxi5PRyiq$I879A5I>w79KNYDPV!tS&u?+1ebMKF zV^#>X9lFnIBeV9yxyXpLjoClt#O`iO7r!MI)cAC>^WUVhx5;tQJ9>*5?uaxM@B3-B z5{a=h2*{h;=gzL}k>R+LibP3|(G^>?HASU;q8{1x^qVKQg# zFF5p=rSk9Z{%F4D%}3svE?-`BUN^?>Ea#f+2{pT?Iw*1Iznb%?!Tf{Dz2frU2^YU@ zE}wfKy?5{RstcP=?GJu;c47MghQf{epTA1~yF1*naqUFL*R`DNA)JXaDsLWe`+Hkg z)c;A|Z))1VL}^d=v&H+rX`GDzGu?9^-_9>jqN0n=9LVoI#b#D?VB@#Lv&(NBZGNJA zn`g(ITYK$vlA@QW*eTTNE9~gKBl3eQrrB=t#r>}zGW|I7`i=-+`Lh$Eohx0RDot2_ z-drrEUH6Oip&eUK%4@wUV{Q}nd48<$eCLUs-sf`mJiEgF>NMLq!6&+t)0@{w3!J!` z9en(9jiLA-JF=vQYfvs-EYehV%6$=Ib{eOIUo1=afW1 zOwp38167@Ev4`UL^uM1CY&KzAqLSj0RqOUCm$l~M!(Zo4xxZd|tYglUPY?DR9xi?; z!ZqoGM9GuBg(gk2q^>?>;Qq5x_LP$M) z+0(-F{=%2k=P3=UXEw;NH@*z?oGG|+3zz!xr7?yfFSP@Cby-|jG_CXBxsr9ouUa;} zurFKYS>CCWtYPXqTH-0C5|;UI)1Aevra!NFHQj0Wy8W6ge z$jVDkZ__%hI99Qy?~7xZEf&6hmf0}dr6BP`ZXTOY*)CSQ^*b&#rcBS;^;c&b=iG`dwdTT^J+cU%kfbvpfO;*!@BAB9p+7E_#yOTH;=pM zl*6)P3p0!Nl>9FJ9XO|k>0p_yx`{#we`b~GGLsD@EU}eQAx>6~+YWKQc^|TO(+cK-$4lSus?7U#Pv$)50XY^Y7rleWw|X8s{`F4cjhY$# zuRni3u_o*G>=66)igWwttMg4uN&k_;-g_bKmaFsPdt5#TxcC$vhdBxsEs}~fUpq7X zVv4fG-0DRSECh9~sAWtpxjFOq)kM!omY1?~H)>@w-r#)1^C^aD+oLe&$@|!2n0aS) zZQ0{->xp89P}VyoNgJC3Ka3TH)81ZLnt5r{<(WH5T95JmU|JcMrLcfC-)#Ep^$o!f zQo_8Wa+eu$uju&t*1{tDmHwM=W-TwjH+l##{V93Jv9lm$b^zD6SLus3Y;IPzzWDf_ zUQ6N!wXgq^d?)X8s%QJsJbC8Xm;O=8m*2A|$-Z67>*gl7B<|eu6Vf$Ze?%Xx`C>ck zuCl;-%jAsf^6tgPea(D#CEuQ~+i`rxRQ5arzHM`695!oH*OUHIUM+o8Z1GuHnbU8z zEf3z@{^nGCk5|0n_MX`XUAqqSY-4?H7F*aj!``YomNmTV;S*+-n5O2my$cnVZ)`ZX zt~z?Pn7-~vf0sN@w)T>-SYyHADc7^# zm@kSgoT|oEc$8b?>uTP9=c79xT-=p0SKi1&_X~62F9}=5*ne}U{^xz-zHEzKCRfNK z-ZrBGj;o?uKL{u}Ft0lQVfV#tsZ&hn8uaY-_4s;C@ix$s1%BY!4o861w^ zk$@imnAxMrq|g_Vb>Nc+2JOV13wivEn^xxMcC>EY*n(BEZ+!A9HO6HY|ktIoaZn7 z(Lhdj-p_D$=Z_CHzEw9iuYDM(x~e+i{J9O4fiXJf?Xyp|7B?2KnM=QG)!MFXGzl;_MRVC=fe4bkXJo6E*kWZxybKscKVp zjeNng_8RM}X|JDfuq2Dbmx_Pt`;t**Qkk{k(|+SSsXY%P{ZF6ysT^1!v3cc>^euNk znQeV)`qAufS=IMNm8-WEv}iCdVccqGJX0@3dUN*`RnB8?{-nG($7p3PTWfSCb7v-N z){%C*WJW8dg})~E`&b`8u6||4gw=Y_lO6>AO7W~s%s%_k?=^#k@1GstSj;bW>i7#3 z=`UX3aq(K)9Kp}$N^Ir+E)O;Td->8n{T8=zDZ!Vl3X|~SB9&Zt2RL5 zSg%~!>Mg99M~&F3cz&De>vQRSO<`-9Dlfiu+r5_65$U_0xg@SUdLu>V<#&@pho#eB z&(xU`%UQMM&yHnL;d8izBqyx$JmvGmjOTR5x$d(UpT6i(XlHbFP3xA6H0*ybkYgNJ z9gsTvj>E~GjmMrmdLYcRo$c%86~A9t1%`xVCG6^HS|(|c)sVGgdcurX4oQ_cjE8-B z&0W4^WNm$`xc0W>4BwHln&FXI&Wd?m&mGoj;`-r%#B^ z7nmSynZ8$1Kv1=bQE-<=W(8$zKEl75{$b6CGwH7{? zJvVL)l%6KcwJ&mKf=EPb3RljhhTFf&F1PoD%-AVvdR;QlbLO3Bjh?T6TKzt)y!+?u z%8CmcpPGHy?YZml>-fOPZk8u=xKF%D+IMHR!`yYV(|sBoSDrt|>@K;3vE8_aJurNu z{Ey`xA=XYWzgE<`6&8oaH%gY?vu|i_JoeN0aYkOzlQ8)W0;yLo?b~ZUN6TU7#T=yv zE`TCctAb$%`qkhNr=)W5Mz{EZ&p!CU!n9?mwi*V4_8 zukrXbDaEZ&XuZMm6E24xEpDvfJ|7W1%~SrBg~-K;Rva^$7u<^p{q=cyNxAoL-4Bwl zY{T!&di8{P&toN}ZTXAMd)ZZ4MN>tu9cz9X+aMtoqyFqze%!8%=clG+g}B=$^=-aV zxcgWB+nX;}u(R%6w(bw#|6327>^Df~bl=s9+^t`rThabN?e1*m_);rAyY)I6YqJ&x zdow3HU2Y0cPuc&7P2oWFiocz-2pDV?1iFzHY`$N3k)No1 z;yi~Mjf{i-o|CIuty3Tx!6Ih9L-uR_8Ms%RG<@ptd$-BUd8YhFAFo*G6W>x1 z#vdmK>JLjnymDo1a|h^G=-K>~~@2_0Wp}5utM? zd*?KAUh!KSB;GP>CCA?7oL`=Xh+hvcmCt;^zIH)etYDmM(lqJVpQ|s}>+iXE@MC>p z`+LJO-g`fvnEnv{ex?8J!^L&&uQS>*=l{9DR(wk)dfyF07U%Xa<|ppoG`iNf>h&qT zN6S*#%~(Y%nbYKNOntKaj+oYWw%G?x-HW|`X?o70VByVIR(NS?3H_QZ_UnSm^eOX1 zI1Y9EEWe}3nSS{BJI8kaa{e`?kHomjwYsHT7Fev`u+Qpxioug7A}@+A9(=?hvF1(I zo6NO#ENqRg!E@qV3ugNVPOsjs8})v7`Q(m2{MYv$UmySejivr8>2FIGJXnzRcel5h zkMP7dht3{f*XiJ2dwt=jO*X3^a@8L!OMY^fshi`cz2zyIrqM{CCcDl@y8eL(|7HiW?48l-zkF&GFx(~?LK5kdMwD_5(K!24%{TtRU_IlNV^e-3$p38n5}VKOYuFGfXR`Y_XG*2?s()K~e;*H6 zQ+3LE(ebX1!}33zUmb~%`ESUQ`bYj!#KC=TrCjsH=K0!7^)}=?-dejLuDtPi|NHo# z#ot_>uY2luXV-o`>CMakYM%V{!^mZ~Z}OJx=kGu4d+_|1&8*k$|C3K2|2(HDaI(ns z4K=c|RTtMEWMyGuttz?cP~SV*ufOSEdYr;@H)H4X=dK1U`8}iUT7CD8`wvon?qBvc zBW`E^)6m!d=Y;dUnK&b?tZ;Sg>DY=d>uhrpmx`DtAIpAGWBK)5j>kgf(>vHd_*!IM z^S>h!7{l@P`|13G$(A+OU-75y{M)gsiSw`cKG%>v=eL?3EU6QA-B)YRQoT>HUh9W( z*5L<*Kim)2bA5{bux!V)9=Qt~uZmA|E%+c+yJFw_@Pc^`mS1>p{bqIy$Z}frnd_JP zoH>6un2dO=iupt|3`NDJo0pY^@-aMW-<)@O=f`#L^#yX->qHr2S7>y)9XP(PPf~I9 zvS;x{r@jU|@13XazPL3%JN`n?9;;i~SELTQvaLICUQWv5)fJXilTJBxY9-punUK_X zx|6wwr$x=hJ+F9i{ZY?f8&~LezD&8FUHaya3WwC@^%Ki?KPchak&*K9-|@%%XJ`ZHq&(Dw2oa97L}ixd-{;>g6R?&+v}dV#O*B6x#7NK)1zOPe?=vK?(0(6 zEWhcUp8J}c`y5!x!o8~(OHX1K)>HqsB+PB`=Kag3r|?E?%S!*pU(Qto>^L%5|k9ClfWdTVpu9*+|o z{?mT?EuH-IB-hE`cZxT3pVPT0@;Ut8&u2z|1DSJ=rZ41E600qHz4zzQ+*?6wH8&dw z1t$F9J=kEdea`|p39i{)x4$shad*FbwQmv^cYXff%C^>0S2G=llTXg%dQZuFa^(F% zx2Vbe+iuweM9m3bZhs_uMyJV<1?N5fuRE|dYV|gYWqF#P{onO1@UM_RHoJ=}`}8e| z(}@-{cdNe;owfQ?)~8jv>8tF|o!raw{Ic)#u2ZXfzwXgVSLrSnWk`SAv9)y9q!fYU z4I;Tk({6POUw#?*(s1E98NU7tp1G3KzOYRZIl4kSBOyI1I51qHE%t)X!a4sGuE)#> z=9?k3dh>+YC)URCaWcM~7%?|UC--rO#4VA)rE4#Qs*9=^7BFq+y4qzbnfdBW$blp6 z_r+#$^IE!!re51*ReW#j?=Q@G6XUcMf-Y?F4dK2{TX?9{~n3uV?csGas0}XT9hx zE8jq`Oatb(JAz*CVoGflUwljCS6o9si-E?E%8yH1qE^HN&WxHC$~nXPfyeR2{0DYs zGwi<9raI5Pc&K_;q7g2buRZ=S(lmbX8SrLd#ll0 zmVzqfwRe|#pDR(E)#5t6c$JpVbq40;+>4zbg+2_*lN9&Se(L$r+O{Y;ApP5HLvh*d z6Mk<9WX|H*`m9cEyT5|)Fon)WiY#?y7+^+R_*@^>dZ7xn8jUt^3>qCTAY8$$Dh4iGJ zn2;Yozdz*#!=H*fw)Vw*r+)>!PE35bd~OIc_iOgMku#RB4n1(LK(gcj>ua{HYx4iC zJ9dpF@#nQ!-^*CUzXkp0OT_`YwEW zQ^Up&r)Qq)-n(&mt@+%Cl3V$2HqB*IdQ`r~nuD}1|R?)kw{@JlB4_s1uwDa+d2n(@0g(93+TzzDem-o3IDL)Z? zY5NK5q$`j2rhhMp5fJZFeJS*H?iV|!9}}`?y|ul)i$5?a(Dj_^uEbRp&eJ4x{Q?%q z^fl)+M^B$9F0TKx}39?U755XvrAXA)%QK4rqI8DIscM>yvkZD z-D$5>cf(@3H#SqW_jR^2dZDf@-bF9c)jq9Ub4TyI`D`fFL@8x?K4 z3yG1wxu(;0EU5QA|6)d8LxtkMb(svuxT~V#rad=#6}l}>f9>{J=lC)#rkR|Y_4;`K z%R7FvHhR_Qb2=p^-7k)+)xXqeaHFkJp_(CZ@umz3j~TkGF24*UxH&9WpE}u^d#uDv z=Hk-3CMA1(o_|}x+OBKy?#Z7Uu{CbDX791Gf0mzr(PZ^6#fxv>uASa|*>Cfq*;Bkv zaYa3xSe%g`z1);ayi32)&_!&fRjjjJDo zM+dF>yysNc&h0tw-vbz#JE!G-fHjy-?lv**T({|BVws*+c0>CTGWcW;Ak zi1(Lw~MsFTdW~r@u%b(d4e+68?!jrrWL3Z#Hi%eDveV zooi2b&AJg~A-Z<<`2`~OQ+1{C3ii~uR5PtTes0ZcGa=LR<9;eps$q93WI3W1L<`h8 z%U8WC*ZgvJpWEHcJI`1?UsH%T*0(*s?CXwTz35}XS5m7Y@?!cVBqUUCzmN?z%RRNK zd{W#k^G9N(N@5ctL&eStf1JHeecP+tW%9;bEMq28SS@t<;le3N-mG~Qlf=31o641~C(69vNgP@dmCY`helama=AP8P*rSD)f=ZX`>V9UM zTV$8$9Km<(M6I&nr4*ef{`FDeb%m0T*R0>Vwp4Dtq*SKWt-J59O9a2$HHZD*wV4xB zj=$P{+odhGn@_^!+}5{eh0lIxG1a>1@z$n$X504G!l$A;x9qt8JW=A#&lva4&GWam z8t%9Lk-Av+-0K&7I{1Sxynmd{-7vR;oXD`NO@hv2TmM@5z3? z=keuGvs^LL{R?gxt$g(?V`A8bcE3w`z2XwKnrf=g-p+~lUuSVD+_gMzDQ zZ?o9XZ^|yWI91f`Vw@{}q}0&4>dWTay16edHyU@%zO=XR&#Bb!EGECS7G$ZkKiemm(mvkT+&F4rFkt}V9_ z{;E1JO?_U+=k1RqU+1@8mUwpHKc@tf#=QjnIUnmR(k0IpZJO;l@6h|#s`r#j&GgF- z?|D=><96isEc1_Thh2B`99VGbROWP!)WnrLb$7SSNIVfVH+RK0dB;rav~!bg>1{5X zYG$oz{AyBL@Us&A%((lLP3r$e-@1^#>)`9dX4XH8;~(4-D6HA;*|0>D&2{eGhlg{_ zHh*A}<4e9;)o*=By!@lXf9bxq<4#-{2ay;XqtzG@L8)o_o-WZg$(AM-#%V^07UpK= zsfMPB=4R%G2Bu~fhQ{UwmPuyDc7#>L>IdcLmv9*>7$^kkd*-F(D;R;9!I@R53dSb- z;n9W)MhZr;cq$}IGvw+>_4Gl(CI<%Ri!7okp<=DBHn-ZF%~vnhms-gG;e6aZ730n& zx!NHw8OwJ#HmRSu|FwUSi>Zr+1EafzW9IqFa7SLoa|MlJ>n=Dv-|)o!{r2Lj%3n`R n4!nq;RQB&G`yR~DDK1GYDyb++P2(~&w=^;2QdM>JcjE#8+Zyr+ literal 17816 zcmY!laB_y}$m#HM^Eon-Z8FlzvN*dl7DPGHjy`EYyIhuCZ)&44JmiueCNLjk>#fkI}=jB`_ zV`|&(UoE$L*uG=&@AJD8w@TH<^qjLl=*0K1@3>pH`wr8Eat}>pbRYeX`o1a8*m9nM z`W88f&k0X%UAtT1wASmI@5I@h6Z`*f|B-4E-SbaEP>$_gMzgk|U(6}DnPT9_fNC4c=G<{S)++d>@`pSO)qd;!F>9`^i_tuIyX0L()hpCiCIWA^8MvsWs(Mu zE&NS#A4cA`*l^csZ`}`+s6^+CqKXab7n%kbh&JQ>Xa_7kjE!A>O!9IZ#x^7 zyL8DCxpzB+nIi8B%eb-#`0qeVX~@oBWLq-u*(?i?=k1^`CVM33{J0ZT+Mer-Z9lUFu`H#UuZ^haLS^ zWNCA9ft0}X_WS+9Z@Yt!7wq#p6?80Fz$t6$stS=p>BL?BB?m=5cJGT$UzGJlpk?7o zmn$pWZ~eZbom4QxIIlCRe%h%X#v_4}~kO|0?{orDj@S_jLCJ$sP7wXBe2%5BKj`LJ)RgkC_Y$lX)?TUqp@XU8g%e-x`F;C6dtUzhvB+R?g~w%i(-)mH z533rjsJ>OX=jIyMWVg^wQJ%fEcZ4+)Gc^Cj&zSXPSMVOAX`B4QVpZ6u2E2IO$t$|7 zI&J^%{eM%`gX7nZfHU35;#nvgHo*NQRa|GLO~g*71FIf7%eoAePk)>Li5V52*k zr*fQTmN#9GJzcH2XsZy5z@_?twd-Bi+1HERn0fDnFK@17xvloq`%6|dopPFy-&C-; zhvDzNM+&q4-g8&<@L7LD^-#+7;PwljUS2ZL4Xa%A!cJz!0ru}VG!K;Ml)s&QPW^^( zs3wc$j^kW&Dh_k8{ru4;`emxlKQ$tRR!g!9uj3C=D3&5<^* zb*9d#*y)8VtqX28JpMn?W9PfZr>=1hdyg?4k_hXay38f=O7FbOQmx9tlG}O~w-uf- z=+ivr`|D|-aG^qOUf0cHmDg1kVt3l=T7If;SeAWr<%W6B6%%dFw?B@E^}FeRi&y>?YSZ)BoV-V57C! zKSiT@*y=Xsb2&{-`LOZgY|Hgm|DBoR#^Bfg%zIYuDXsqB#wzDrI*oc+`J~q0DM>$+ zpg#SoUbozu^7vyPCkXTV-<45mn)x~I-ZIUo$WP&6^A$B)i);M;9I$p=wQHLA5BC=JiA$1Z9+J}(T3%`Yf@hcQ|AfwS+7U|AHZ|pK zX`IZSKYt?I^HbG+58kcRog!?+^mkj;jjLyq%Is(Bx9y*Hm+=|X14eFt1*hvpQF|TI zxxGTyl|NU?3hsN)r&`vZxv1*Ff#!_If|kdH%B~52kt~_*I?cuHU|iOV4}BBTuW$7f zn5T3;_Vkt;K0#A5_I5KX+TGsAdiIpc-F-VQ@_rPQ{+j#9;Q5r^G9CTzac6gZd;RhG z##KeZ_9R?L3sM$L6o81o(HoN-|1ZfBmg(D+Tz+jA$c`phUdz0$?^(&yL- z{@0VIyqd~;U^T1X-a3xo{J(drxg8GPvTT2?mrvltAJ^?aCmr4J;?|$SSMT4eep+Au zn|o(#Q!H0%UJA4+l$w_UYCIVkB3e()!7Sicvk|9+l#y&aW)tA5$}|4$y;O(;HZ`Tl#| z{olGDHhg?+DA(`4_SW8{>s_V%Z*E8l$}J8#c0@ZQk$+u?=Hs15RsZca_+K*b|GUl^ z@iyo5IY0Qzo^RWrUVr9iq2~WQ9_jL*{&y}L%&b1<vt8Wv}SVteIgGCn)i{?O$?w ziq_Y<$gaF~C9{3huBx6|Qq&rx7Q5B5=KC(+?4_Hp<=s+@)%Kp4nKb3nhb<9HmHecZ zbxdBGk-B+l(Nwopd;YbX_)QgBe?c=u^VZHwqEVSWA*-hy)x4k=R5<$)_o zgG!QryfVFR_(~|b&U+t()O1)Ik8n(9Q zq|^6Bi?2u>m1r?ptEBpH`fcYWQjtzQYH^yE`{thB_^G@0((E;TfvcxRCRc|h=l`wQ z@3efX=F{T(j|b&Hb45-1C!%-BKvP_Q|39w76_ei|mpdYN=vlJ&2GPgYKbiO5w$f|b z&fcv!>8I44Zl~4*OdB{o+5?8%}Qm za}2kMM0c(|6qf9tl)Yi=jo=$rIksYLxkt@W--G1?Mzt()6ddDbe+Fo<}OH=lHeJyyD{Pbpu!XFN|1BH7W zE8J4fZJPB-h}&4#t+;P@L(5Yp_s!ckZ@L`O6eoRQ@#IPFk6hQhlh6F4&9p+=^D+A` z-Cx0V_wP47h?LmC;U~y<{a~e%zsX|V=v&jT=1DQI%;8_|#B)!R(fQ@xLUz-sFVAJL zEB^T~ci!Q@4`e%vSAeIwPvL z`Fv#ZdgdtwKi(d+Jw5&Ht$jh0I7CucmhQTB=hhZRB?JC*&BYIG4GjM zy=u|DiuevUU57Hhkd^11^$H}H#ZPH;jrcD-*Zbux#vw|_x`5*rs%KtKYzcE z^ID6U+~)m?m=eA#Ze!ejxqvrX(;TMdG@kzd&6a2C9#%FZ|953ND*YULuFsJ2-+t2j z-0M5fVi`EDoorjwJvl;l&S@{j34cWQ1pG_W7qs}KcD!4@Z=#XlxexdII5?}Xs$Y6o zVD%}IcLkgJOShEF-`pm9WF6w}N9P9}UN5tcr;cI%>ic(XH#|LaiS3)7wDtL2Q?@C* z2xOnoe)A?zA$POqvo~{?N_b*k{P(zWAVjJE5a$Eiw+<=)FK^90s3WkZQpu?3`@E}} zI`SC~(|m({Sbim5rYq|?9=|XvOvftdCSw?(06|BkHXX>&zkVGNtyDW9y^IOEA0?nx9^*5jEW^=8_)R^Gbx)^ z-d)ju?rmI^V^(#)`H$a5udv=fcEVCB@y*+{9~`M;(mUknTv#~0T8E|TiCx7vkuTp^ z4tjb>JQp|}y5Z1$Wv1!5-;$5U^4x6R+{iJPsW#()UrL9?k*6D#W{b82EmpMPSh_aQ zwTN4?o%`?u6_<4OM;rDs-(Z-NqF7a6DIDr^`(P?po@>&&tqW5nbY3uQEfMzJ5MBSc zp|QTWLH_Qy`3sVq3)h+opAg_Y$Rv4!!RpBF`HymBAAXJDU#b`Jm%W$gzvSY__Y+*c zZ|Iut7FAtw$CUAB&Yl%(PB`yA`1`@V|%6*e%zE z%s=VatfY3|rRe8(vE&D)f<1@+|9{)K`{S}Xj}~3_KUi_ikL&RM#25|s`5S@`>9Kpg z4mG*heL8oSQL1`0bG+I@wqvGOuI`R232^_QdrilR{fUBO{zhRbnI|)PUuJIEdLqXx zJ0z<2;*ZIv>djpK##cNwPkHmh^Vmc4lNFrmkAMGgYQMT;Z-R0MV^Q>x8Dg7jTVuKI zpQzAd-S;4TuR>1~f3J?S%!0~?vq;)eJ+;A*!wOWU%Nu+ z>V`Sqn;^!)pbYK9FpO}zCrX3{;kT5p_cIVbCUDx2ZagW1Qv|N7lu zVjuol=|PR*G~RjET-kMcQ=}j6J>>qNvLf)w)>{nD<`FU_mO>j|+zPdLxq5@6nTJx! zCl;OayE@OYzl{0EpO}~Wc3DESu~<&~POIz3wlbF&9TYqICUwox2g0Z3_l8@np4r^6 z&@oUVNCY*rHM+9zGJo|qLhN!0!O;rdbF#rap$ti>nq zW%@Ab@s8z3W4!FH3IuNAd%8n)^R!JXTw{L3+(_5b=vDN8$*<+8vN7rKx7J5n6KYp~ zig>85a-FSE)AC=ZV72X@(C~ zi+Z*is2RWP+oEpdFJQ}b+@Qe9OOpL*L8wtJ$B&kaJ_qY3D%79Z_~TEaoy4=#j(Z=s zf8do+k9s2>W!qt7&gymATRXQl`O$+d^Vx4y@?5&D=-qpD_Vb{?0Ha^3|4kiVt8PCZ z%r4(Fp=GmsetD`@@!hCXiy6bptv$=3g%y zSFOD;jctpW2$#F=*OE-e6H6N!&7wX%?_rzt=I#fncnj6v9&zr!B9)>hY`eU`G>g}& zD_PKVpR%#wr>CXL2bJ7&mL5+1%&O$o)9p=sq6*_?W;HC5EVIjL>vxXL z-F*6C@`|*!`v=(`yh+-o!J-$;oANv8RbGSTTl;Fa{s%sioDz|0LSB*VMn=LD?OStG ze!NkR-SNA!q;vE3BZZ8X-pUE_5_ea11)u(&vm_;^-tO|huD8Ko>i)$aw3PDOeCwQL z{5Kwq9hGEID7a?XCN^ncgpwLv;P*7tMBLw#cwfdA)7w!mLM1 zdiio(V#gb9)a=YlH`>XTue(M%CFbn9=7uU(8LtGf^XHXrF1Yfd;sb}`7TuS3zi->Y z7a}@+N2mWom%y}DHpTV|lZ>VNJPtUleedL3uX$4Q-BpA5M*e?~xoY+pzc6ZA+2nZ0 z*C0_PD&#@T)M-f}Gq%lG!BTS~$X#68!NRob)F;2wX_wFKVhWO|c_I*>VYlk#>1wvf zO`CaTO16i5HId29UMK%1x1N2E^MQt^;^`fa9lh!nWnGptN~(#it`5~#xM#WRXIxTN)`Ddf0wtAwrq|?DdsVycm=tp@NXy^F(Hd^ecFy~kqd(i? z;#|4S-#@FanDKM@+~;rJIzNu#;t{#_Lw0|rzH~?Wj?lQR!OSaCCM1Qt4tJdxo%(8R zg5tq*HN|ps6xOj%?Rb`NuX6VE&qJnjikr{h%Fc;dz2hq%rM zdBMiKWw%0~ty@uceR1WwOIK!vzEs+O;A=+9S;mtN=@V4f-|%odCYsiGyrZ@vE6lAf z$ZX+JeXAci%6!{qb3eTnp?#gB+6K&>fuVT;C(D8AP&2uWf_MlO9;*tWE zv-ejz`0D&PT{cBF{NU|%POtO>Z4V}`O_-+2cs0{$X6&QM4P5>!*Ke7n=g851@aM04 zaZW#+qoZ#o8gzt2M};_V2xMNga9VBu+OX5*ZYtmRf2}J1?%7#z#QfJ34z_J+`4OK( zTrx5$?$1|UuzK6#t&1*QjkGD)JMjU>^V%avA3pae&lY?e8ek@*A2oGa)P$5KAA5J@*_GyvqSXiL7MP~WN9>x|^8P{N2W4;ZKN~mS z`>r@g_>1A3!;?7fl^5){kNlDnwaGDBBzc+60Uz;8M|?FRub$NqJocJln;44Zxrz8eR~VZ?IS089(*d>R8n2$Ij#RL>(wQ<@7}sqbm8@)e|O>|qn@r|2#GeYZg)8KsWfV9 zTC~d3>9Ohu{^zQ{e=jrXZ@oxZEwbv96tDVZ+rDQlhe~WZ>DDW2Rd#Ft*kx2-6Od-hW~m)&EMvy({}tw zmG0_Z;eYWXbMqGNFH!lOoEm->YNG0mCX?rNv)z5Uqs`Rgt@*ziZgb0Yt&nAJ#a>O9 zIQQYN%%N@fH@~vyxVLcANG4 zUM~IEN}iR9FIG#7eiHJLncQ?}!S**=OFm`(JDcRYQ&s0wgX{ro9g*purA4qshAuSCpRw(rq&cI*4B;T(w{zW2w^`RRS}4}*>fL=uzr7VX!)(G+x;EV zj-_!sw=HZbahSO9M}w_+fYyYW>fNdfHz z?eN3>-UnWPTGw9Nz4~N@f0=5Aa+Q^oe^>Q^%`<)6PKv#ofAW{NMyitMzT&WufXRsl z5t|rArv_UpG#-0j_}zQWfg|?K&5FzJ8qbJ!I+m*Sxh&O4aGTErzno*&-#%Xc@Ok&o z98I}fs=p)dut~+ry}$9G@F}O>6wbaw*(Z)`3-)IJxqM%Ero8LbKSDy&#HTc9UC2>w zx%fZoY+#tN#e5%cr;`_#=Nb`DaPdtO%kteN2@CDpBE@ggt1b?x;&vrS5;8BKiIjWg00Z#@;YZ2i6C zXU}Kci)dbVCsQz1gvaUB?GI*im_5Jg{M>ioa!^d3wq9oWRq^TnM5j$$`c^gd={CN1 zTU=N4Ut7%2&@JKA_C0d-4nxI$Cf92RD!UnXx#|;*7$}q$>}sJB+p;*S1T0t~{qavPkfpq|CXp?7dr$ya+3{H8qba zm?>iVG%!Ff>G;M=Jh{^xGna~lf1FmQf9l0^d&k3v!*yPrnZEz@Sw7n>(pw5%x}8k9 zqB4)KRq=^UT)Yq!R(e}Y2M|_ zM^dbiSXzdr5-f&5>I=iR8-1c&tnwCg|7wgNo*x)+B znW9Ao>+i+zueg5Tv%3F*+X+kT`*dt00z=Q46rP)ty^&$5?j5_dEY-KV3_nE-B0sNv zmT=8cuSxSjT47{Nh-2^3=0zLMyk5DXFjlE&|B=V@7I`n8=Kk>j&;1id_r>Nr)I>LY z-&gN9$DlxZPR;Lz+fOyViS1VRYnd#o%J=<<=Y*NR_M6Bx)?yh-HYQ^z+1%LD0%a(< zlCwtm>aFinCY@OkvGMVX9tU9uL6%67z?A!5+^na97I1q{-{N~)C3o_>++Eu}{U$AY zxo=tZuI(3`%ugxJ-qgK_BV4O1&ShuS)#=8Czy9s}?&B>OzvKP;y7%AzGBuvGd>;Al z{Qt^xmFI3GK0cmYR#w(?`rF&x=J_+;Zp@v&J3nGZenZH^Z`aIP&rFy9(=fMXUno@7k@h@!zC^x`aN9 z7$MEcT2o*APg)ryBl1!^+>_~uR%?XTcm8g!2Ui#0XBI7*YGD)9cq}!8rL!npBh>4^ zN9GQ%9+O?`OXao(ioRL>=&RP!jEFTHF2>9v{{r`z_a6({7ql~I&7>o%Ds1b73L8Qs z<(^5me^Cm2IPsF8@S-U}l^5pUdfuU|>bP$rW1`U0ju^SA_J4)#pKZ;rsED|8BI@Xg zHSWKbYAsdKDR?*E@W*{uR^HCzFOI3!1s#O{r%H?neg zw~0l!TPD9Y6h9++yCL_;oejP>(sH<;_2nMjmTYanpQFBwJMvLy&c|aRH>~EZf4pJ+ z+gERL9y1+F?YB1az17}XmM?dD&YLXmYiFMNXo}u)OTS#D>cE{9T|XADj0>)x{mfqXV&mWC%QWvC zTDQrj;oC%U+5gELZVtb%w|g-EIrz-m^|`9_RRs~2W8Cq53>aR zm@30~y^-16w=HD1yYuOSqPyqa7+x_tZoA5~`klA##g_L*Uc6Gq7RL|pX&gCweCPAc ztnrTp^ta6`%3=_e++U9IW>?Ik4zJ~!$o$*-{oJ=t1&>c^JCStaR$5?tOX|;! zj*Ali#y@#4H~IeWB{kppZPp$zH&nT++PU$OCfi)Qs{(T;r+Kg@{?{|xeSE{qS}il- z%A7dK!_Srk+paj1(Y5Z}QrU!JF_jye#jJmnwcD07eVd{aqd3`ALn?X=?^$22>=`R& z?e$zcMWS443Y%r{`MG8*SR^a7;wGf76}<9r>xRhqW#*F762aRSvW5tk?qFWcD7NFj zipbn8$<7JdU)wG)xi;PR-=~?=By=!rVb5d^3%46Kp9GHC+w7L@6Lu?BVsy``SKxUV z(scPy*b1Qo;TJ9bUpQlbgVR!dM|ao5=XutRoCVtuR z&yP}I ze85r=TWk7g(i8Rl{LB9fNITYl%WL+(n{>LZY3qa94H~7cUuJc%3f{}U=f?Eyu=t7( zTXvk8+bOB7WS%oOc9K(h_`kQ`nV+w@E*V$zVtLsH*|s3x>6?6**7-=hOFAWFk+N`x zPfe7K%#HY)M$sHwT`he6JkLECsd%WmrQ@6q@q7KXY5}{?Iz?Yi zslLMp*G&=OKl@Ga(2m19I}BSFNQ5+-$vT#ay}aePJ+H;wx@TqU1Bt_R?dmhlJg%R5 z)^4VFI7a?sI%cvR*8_7}m%X(6mHMVwI&$c7NaP zDZJ(m{J)mR&$eTkFDwvWHdT4b2g_(}`x?Sz=*xbaJe(m+=^g_q{KPe)(=&*c85?FIlyV z=K0;rJZBRSmzl-DQ~CYcfpb6C=aW>2>n^o#E)`m_TP^i9u79qG@vlg8V(^4DxP|0t00 z<6ULQC7Hz60yjCL7iw=6Vvi1*v}em~w*{q*JWfl?Oe6)hc;>&k=cb?RWoU7_rf)uD zsMYGW9bLaujyJj3E)>*S=)tjI^TTZ`t#7)l=X!3{_Lp1mzV35Py$}xPhwqu>`ob!n z>*#F0v9*T3JMZ>p?p*Gb2R_|gSZBEVyWx7>JLfDJ^0*G_?)z!A~_obXV$)pvps}L^dQa5vAd}!K}>yBp?Gs>TA?=E1v!?AzS>;k^ieAj9j z!kG2{&bC|`xuuYA)>N(_h6`uZXSF<=Tq!^M^DhQwU8ny?6QfmUyC>aATYO7q_PVNi zK4ZQ2`yB5zdOxf^rEg}ZsuiWwd6Tf5gy@t5Z1IN}L!BhpIjw&jx_pW6p8WqC`MzhBS8}{x z^z+4fTdz;z|5GQech|Gsd2O1E@sH@mn;Ls%O4j`S@JzPsWZ|c2xok0xmH8aqH{>)s z`91D)bL0t|v+iTMzUX|)m-lQt80sQ6o_WrF?78;>!y7BinvK{*rpv68+7h=Yar=h; z!>4PDuPF2~YH~_WjG8~OCYm$8V#mJCpDtFdG*nVwYV#xi%!e3@)+QAjF4>)nHF_5; zb1T(2z*L{rzB6`{n!Cmh_R0Sr{?VQ}m1+O>odI(^m>rZlTqjvfoH*g3?5uxp=J0Ho zB024`f`P4;rm@o0u!m2!Own%Bs#RUJuyp}P=mlO)^Q{b_`_CUZ+I8=mar-U(X8!{h zXXJS{AJIA+Kd*Yp0=4^5o)e@uHeTCx_<_X7wYM4EEeb#Hh!)vt{B(h$e8{35K330F z=e>HAS%rTS{M=6-b-i}==<0(` zAL_PvGpLu`G~z9o%%R7#@9f!zlYZL|JQoeOn(!vbw}1XovxUYrEb7;uGQKQ3<+Sp` zPC>;uW-WnNq9?w7l0NZSh#{WIep_A9)61)E1(^9cc1XUxcD~rrPx8bS3zOWw<$3$_ z?7JrWE8JN4yoIeLZ~8L-WH08^ZWpF5cU4^?oT5GFz(2pMvv2h_bDW+1%6a3}%&DHD zh0OO%vkyo&NbA>Lzna{AeOiSd!#4#1r6Nwdb-qS+>z?x+eCAveGk?E(TIlV2OV}!S zU)KDwDcE3QeOTQ(qs8p9o|M$rumq;C0tU(LQe6{-ub$YIdDf;|P5R)=JHo8TI}#R} zInG{k`rMuMeBP&&Jl4PHxf;oRKu;ij!gHYwqT8irecAg!D&s=PlBceh)XE(v2Na8+ zeDIL**nG~J2HDf~d?!zvd+x|mZIg8e#67+SF*E8`Y~C4D&pL-meRI^MEaTot2iKg8 z;|C)zJ0$i`SM=G>@6sgjV0p3giB{#?EkPT??S)(C+S+Xrwte^3NrEju=)e9olbPCI z(ho3L%)B}0-x5=!zjX@NF2>zTND*;-^|YpI&%xy<;uX(%-Cz7suCd~+r1S2760>F( z@|3(dm*M{HpzX0WHU-Uv8=fAK*<@%_cyq!2+qX5gN#wqJkdaq^lJnfY)bf8qA-}kG zKE1=E7sQgbMb~2c&o1L5e=gp9t+gYFM_pdwL6D5eYhG5%Ue=PbySJlwt@MqHCUA;< zI}Y!%p!AJ$!zyg>c4!>5-wtVAa$ zoU1oudNbX2Lmf-lx2@Gn=E=4RuQ+a7EdBY-iOKUea z+8_SfZrQajTW+-3tUJ`w@l!Q4p>2P`eJ+ph{yjA_U9Rqu zkT{?azh*IS=dYGS8{FDl_@BNzP}I>h<;=Se_0qF8-V&YGP}bJ%W}J2Oli;nZE7r~Ed$C~dxh|1i z+k38wettM-TGRZFfW%G9{T83T@N$MvrJIkMmabaqsY5*PECpJ$?BlQeD+r4YI^MA5 zeX{*t_gyy+xvw~J-SB0HbMdc$W1snc&Z*H7-EZ>ryCna|XX_;#jRYe%9yu|UPk#B% zqHjMYO?=xY`B&8P>gN>-i?^QMbm?2hx87Ah*}0-EgC2)inqT^ zHXQz7uW`?I*^cj;U4IM1%xu2IGM!+onmhBN=&Mf*w~YF2N_MxGSKsPr|CsUd%zi70 zE`Ilo_qkA>i?=n}HwVj>(C~2qV9Ur|p+%3jCZWic=9DG{9$x_%G56>p?hJ&pY$R@p3QrG zwmvs~wq@a*BYxHAA~)R3U8o_YBBk_+tLeq9H9~V)dwqWX)tmF-@g`##%~MY48C&%N zwmYf2D@ZKsj1x;6x*!+3<UCFcS^pTG+6$0ndk~Z`Cq-P zFF0CW`P&)2m64wxknFT>*PQM~_ZO2@zqYP5J#MwO`GLvD$Ge2@xTtTkaXhiNr%A~* zTDr*XjP>Qe6<_9u-TmV4ef`x8x!c<9Z?f7S{8X$ivyOIdd~BJ^sy=PY8{Hd?TCa8Z zs=KRQS@v`_OC7#_=$BAkP`rPp|H|;I?&2o{x5jTMI$W|`HR0yLHSfN7m#heoXBWEg zZ=<{P)Scf$o@9Q_6zRHp;bZxaT^wIlM~i+vxOU&sJ3oTXEzGIc-r>hH*ZTL`%Z?Xj z-kWekDt<=Bl;?SiWg~8L9QjuJafQ3iuJ)=UHn+8>1g;8i{CniXr2RXd8$FAA9Q;kt zWNUbQZjR~$n}wnx%U({k^nRJ9=-JHO*1Rk@yF}5UQR~bZh9f;LPu|`>6!KtU{AzWN zs=fENoE2a&GdO!_jxiWYIZt_UHZaFj;%S510+ITG#@g^`?4W= zsji3iG{XzEH`Z6W1{SPjH`ZA5XUB@IU)5sH>MhIm6PXs(<9lpkoxd=9NY&1HC!KCi zUEqGYKXX;-(Ul4l8CT9)a>ga^@rIsfHaBHr`_6F`Nd$zXY7CmDO*>Z8^JalQip+8MD_5R&ed)Wn;9Q z7`?`vMQM?Xfr69xa$c2NEjzK1QaF#1^Xz3JHb6ci%%w^T%NslH!+QHwRX{Bjq zmi3s+>7co`cn{O+2|kU!QU%fX^L|a3$Ys2J;WMklrkazhxm!2R+ke5+?&;b4bGrJi zx7}&0Gxs#F_^YjzJ+WaIXu%PhY8H-u7WpFOWL&h~qqzAY|4 zX`ji=z&S^>&uAK5ED+!`dwIzC+SJrbv9hs(vMY}>77JXNz1pk(-;{TmnfqDoocBII z6&*acrXf7W;6Soms!1XbezA^djH}5W;-tMS2Vxf7_IX98|yme_X2m8R2M&3?RWgZ^Qo*$Lv>5C zG823i1^p0sDEYVV?fnCXol`8W=a(+sc3taJ zlcPmIn%k=TH=Xk*v#w+7J}`;xy7Ir=Pjz2e6Btb`m&s(*PglFU>Dj^x8N(?ry9LgB zIf#0>nH#UVAG&LQ%zM7a{tsNH@%zj3n`H!F)oSezpTVziukg2&9s66qIsg4i7)n;& zo*L@unl+&>A^ez3`@GzO)YY=De{n9=yP*-d^ey`twg(qiSP0#om3VcY+5?`4q6If9 zmIlNxI?wLPawNR=TyHrS%kQgor;gew&OT7`Aneseg_pM~HQy9p;I#U@OIwO-bysmw z=URitTT4Smi3rPV%#!Ou96g z$x*`af1k9`Tc>Fdfvi<>6=zKvUGjsdcC^Xm(AJFuTf82R)??o@zlG$ zd)Ho#ePFR6qwDf&j=a;FuZr$}bCs_7o+mc(|HDn+Z+v|{ckgr8zlY^SL}Ws8E6QIU z%T$^ayW{B#Q^6N&-@nt+KfPIM-3Rd;bGLiF7vwGLtXVF%ok-f8D^?n0G0SZ!f8cHF zDwbV285hhyxi4_LuweI@=YQ_GuV8(=SG>QbWaaVVox;~UpVg&Y>6e@CC2%ObqUG<8 zojV`cFxwXVIMWxbe5B)CM_=?qufx0RCtYUz_UGrWV;{}7%(r&A=2#x)wDjqlzI#)* z7=J#$T|Ka#^YyKb8=l!qUbFpkd-5ao`|})3uP1K&84)0!_P#>s)_G~A_lL^ot$HIZ zbH*oDT6)r&AXT@;e=QGASf@Yf!t!Fi5Lt!U#aXZ?E}3ZJiMdDk<~=(s}Jp+NrNgEQ-LM6NvW zQqbqmb+diaT@q03Rk(*WX#a)3vb?Uj8n5pkFwgsPQ(R!%t+{F6Z5nm*ov-fSmiS+y zE7ZTz{Y!*k;Sc6|kGT@vkL}wQ^!#_0(!Ozhh2O)=hc^FoUo7}R*JHQnmDhS7{(Sta zU4L%gi#vM{bw>Zco|^n^i@j>3e0*ER_R5~Jw|`{siT{b2?_T`(Lw(NQih02XS(6?K zg{@ictpCf@qS;}AL;pGHm+K2Jy$rnY{|xt&I~i#&Ztj%oDv`c?;a9%kZ|ONY|F3V6 zJ*&NaS)dQWy8ae|0~3^NiZx$9+Dib6q|#+#vD6q3s=A-*;|Pn{h6G(TVNv+Y{cKKk;X+ zcgvNq;rp-g!{4z^`<}@4Nf)`L9BcC;8Aak2?|${Wp7lBB6zBU3_Sy@uELBs{i}U>7 zF?q7QqeI)lqjQ*9y?k1aKJA@*cWQIPkB4hsm*nj^{hQmxx*^`x!CcF0k>H1o>yzD1 ztXlbV`kbPlR|3{QKY20Z;q6=ECd%vkzDaF$E11}*{c&?_v-_M`4xvGj8iA^3+J%G8 z6j~NGOl-W+^5VqXbzjz7c-o77U1~V@P4(Kox${{ZlfRjM$}^wi$C%!$bN7G5pMyPi zCF`o5zEl71y1;U++BKm-@t`k$KOb!>;C`XZc6+V7<-~A3S>A7gE7$D!w`Je88+$e@ zop{r}X7_2q>~b9e#`js7@g>fmKDM0h+`Dq>#TRehKh%uup0@VhRXdGW$7CP$J}EBy z-u~wO=01_@z3a1h_r42Z&hp*)tnu-dT{cFVhT38VjGWVyl_I#}4}JD82sUD6FDN*1 zV`918&Iw^^r>-Qfbem}>cA}&7$EE~FlXnOH&G~b2-Njj_(zCeg&oKC}Eqwn_LCbSt zkfz8&Peug^4K87=$)}8FIr1~Ie^7s}fArw4I~%%AWZi5$5?m8~k9(Jw)GNJOALgBU zj*p!u6zeT)(R|uI&qsp&+hd+?+1m%#EnM?MEO(9`qp4ltFI~10x3|}(z5H~^fr(kj z=+NZUeZenNDmOWOvimOcW|^_K$4}E1cjJQ+AHH8}e}2OTy%TM$8Z*U;ZwoJ-ZSk>s z!^CS(7OyqqpCb1B>dV~~yv7sTB)&+#yf3;VH2bR9@hiH?|4!Z&{KEbIa7A!nVs4~# zvL%ap@pqP5r{d5!-?*($eZC&I+&TSW&90Y0ft6b~&YQkf;^d=P)`X3PM{ZfgdKz^k zJ9L>@dcQr{`SQz(FEcJ2mEq&R?3pV$?F-u!k)tcLGZNCHf&;@9+U{QPSvcpP!u6OL z!F)4>UMDGbcg=_=7|<4ad&u59S! z->+*TE>+Z}b!ts&>9alA-(RxdQQ8~ku-S_>oN~1 z_n!RqWY3hKv?nGdC;9m9EnCF57Ucr5ABiq%Xsg)xx5=&gL!4V z_LkCFi>6#kV7pbg^x9X}Q(XRTTP?rrWsv7g2>9^%kvHeofSsF+w(6`FGMIkgVITAT z1GPB@cfZ!AI?ug$>U7L6j{QsboT(D&o@6rNNCQu9RN1S;+uPpiT<){7zBW6yyXs77 z)J#7ni@g)Cy}PEGZYAt{XwhlQP|;=C4ULyuFDiaqRiL?j4)?ODpO*ZHeYewah4JsR zGrIetPt@L6!D!kR^_gMvZT$(HkEbp2)3iQko@|yiMQx$m%kYXxy33yF#hTTB`?}Qr z&hJmZ_R3GI{W*;o_Bui z{hxJ`^-o_cQ>UhgsZ-p0nT^d1k*7*yC;8?#8}PKf|I;P2`!GujTUW~jE?J@W+Keri z)|t%U%VZIGvG9Lg*`2Q&m_Ho3vHrfwx6{7@W+#gNYoA-fy!r+E<;aL-tFJ1YE0F9F z_qxbiwRioU=>E5Fem>2%-oI6u<3C5d>u!f1Nnft;KKoQ-6_%)D^}_OX#canDzjxW0 zY)@_7X!ciS(;4AI|6MMoZZ+R{v;4B;JdJO8)*Du+nl0Z{IPsa)d3%GVNY@8XcTVQM zDYmUOHP7_MwU`5^n-s(&L!Zjccz56aPM@~r_g}lW&d}1_%5g}>GHKcgBNsj<&q7H< z_amH}cn(deIQ~(#@RZNTjQ0}uCs>Oc*I2C6n5VT|d1biN=Cmg~_vgO-S99;XinrIQ z9p0X&o*3NPWOK8}LoLbwMBKKe$pMYr3X2(Ut$8HmI#+b6hF)NZ(BzCms)n6vA(J)~ zrkI_W_M#wDNUnLo`fHEA?kFr2_b)e*sPMUBb2jAZy!cH=*Y3xREek|sfwoHN`zK`u zm*ndEDHs{)yJZ#?mnayTn&8Ri8^IYmN9Okx>LpE*J~_{>b@lmd?!SvPWMlI3WIfX( zKMMAp&PrQt=zjkw%e=#yJOKhKUjp9>t#e=g<-N|_=+efQS)P|uvY@g_VTJ?e`|<@BjL-Ti?3f`VYx}GIudtw1 z#tbp72V8>Op#qA(ta_M|>vq<6pV2knesA-sT?Mi0zRNsp^qFw<28)_v*kgr*9)X;v z7XG<9Ph_^u`b|lKIrjB8e+p!_CbV=gyYN5O>QncnAB?Ws*GzbzoA677R$ZO?#cHPH`Yu47u%EBa=)X* zZJVC?)hpLR+)r#vf57zjV0bFG``4yp>>P|;UnPutr$|rBTBUoo?E9OEdA+C2mvHNE zj=Wo8+gR)~_sfnuRZ^z6I?vi3Xg;-U-5RU(ms9s9mP?$<={&aT)VbX(A9IYihNfHp zp0YOm^VMm!FIr@{gLQti=WV}u?o`qYtJ{)x2Q`m6H-`Et^xDp|dG@Dp`^^_$Z;AcY z)Xm#ybMnrS-!*aPbYiZ5`+6*K)?@XGO)FY18T}9a9`WP7%o4q`r&$?gkD1i{PvAUI zo>8K$eeUMJ=5w+q470LjmCq`A2ZUEwt#GfODe?dNYQ8k7&Mhn4#cHYw?yM7h*ZyOk z^1f~E6Z1XQE_3noOp-qSzS=WsR_NQD&C^O!cUzvFpq$eF>yNtpmE#w##TaTm|Fe94 zTig1A$v*qc?q6l_ugx;O{`S`2|J#Mu-dV2Q_efUIP(5gotk6cas0{~B-ne{eL7LJb zj_~9~S#p(OA5I*)9PztF`B&YM=|M%u!$qXu+rM2lNx+%s^^~4HK7U)hZ2DGreEZZR zc~r@2%}HsiW2X1GJ(#;&wjZkJ%XG=#!&Mndx4d@%A+@gDx(K2;F_qXzc}g z3-8(azz>$~F>;vb!1n&6<#f%O6+q3u!zy5ss^z3T4v$@+-t-sQ1KiV(5+7h36wR(%v-TRA8JNF%5 zb!|!G^-LRggZ8J4t3OS+TFLfV=1tkGTT>~uHY|vvbB)xN*^Vo0Si&*_OehsIXb^c3sjqmKun1NDUl2}wyQIwj-WoT|{ NXwIdo>gw;t1puCgJ?;Pi diff --git a/resume.tex b/resume.tex index 50eeed0..8ec1d1b 100644 --- a/resume.tex +++ b/resume.tex @@ -1,4 +1,4 @@ -% Created 2025-02-11 Tue 03:12 +% Created 2025-02-11 Tue 18:22 % Intended LaTeX compiler: xelatex \documentclass[10pt,letterpaper]{article} \usepackage[rm]{roboto} @@ -36,14 +36,18 @@ \usepackage{microtype} \sloppy \date{} -\title{Preston's Resume} +\title{My Resume} \begin{document} -\section*{Resume -- Preston Pan} -\label{sec:org2a32c6c} +\section*{Introduction} +\label{sec:orgfe25a86} +This is the HTML form of my resume. There is a \href{resume.pdf}{pdf form} of my resume as well, if that's what you want. +I'm excited to hear from you! +\section*{Preston Pan} +\label{sec:org6d476f9} \begin{minipage}[t]{0.47\textwidth} \subsection*{CONTACT} -\label{sec:org846763a} +\label{sec:org2a864bf} \begin{itemize} \item 📧 \textbf{\textbf{Email:}} ret2pop@gmail.com \item 📍 \textbf{\textbf{Location:}} Vancouver, BC, Canada @@ -51,7 +55,7 @@ \item 🖥️ \textbf{\textbf{GitHub:}} \href{https://github.com/ret2pop}{https://github.com/ret2pop} \end{itemize} \subsection*{SKILLS} -\label{sec:orgdecc8d6} +\label{sec:org2892f13} \begin{itemize} \item \textbf{\textbf{Programming:}} Python, Solidity, Rust, C, x86-64 Assembly, Shell \item \textbf{\textbf{DevOps:}} Docker, Kubernetes, NixOS, declarative configurations @@ -62,9 +66,9 @@ \vfill \subsection*{EXPERIENCE} -\label{sec:orge5307a0} +\label{sec:org6ef9801} \subsubsection*{\textbf{Software Engineer} - LayerZero Labs} -\label{sec:orged9d799} +\label{sec:org8ea673e} \begin{itemize} \item Shipped production-ready smart contract code as part of a world-class blockchain engineering team. \item Discovered and fixed critical vulnerabilities in TON and Aptos blockchain code, preventing potential losses of millions. @@ -77,37 +81,37 @@ \hfill \begin{minipage}[t]{0.47\textwidth} \subsection*{PROJECTS} -\label{sec:org9cd42b8} +\label{sec:orge82cd19} \subsubsection*{Stem} -\label{sec:orgef7a6a4} +\label{sec:orgfb19df5} \begin{itemize} \item Designed a stack-based programming language, written entirely in C. \item Reached \#1 on HackerNews; led to an offer at LayerZero. \end{itemize} \subsubsection*{Cognition} -\label{sec:orga262a78} +\label{sec:org4df69fe} \begin{itemize} \item Engineered a stack-based programming language featuring advanced metaprogramming capabilities. \item Another blog post that reached \#1 on HackerNews \end{itemize} \subsubsection*{NoExcess} -\label{sec:org6fefc71} +\label{sec:org93f1121} \begin{itemize} \item Developed a Lisp-like programming language with scoping, written in C. \end{itemize} \subsubsection*{Server/Website} -\label{sec:org73f6fd4} +\label{sec:orga313b21} \begin{itemize} \item Maintains a website/server with a blog and mindmap — runs a webring (\href{https://nullring.xyz}{nullring.xyz}). \end{itemize} \subsubsection*{Snake3} -\label{sec:orgb89d92d} +\label{sec:org49e5353} \begin{itemize} \item Created a threaded, multiplayer snake game in C. \item Available at \href{https://git.aberrantflux.xyz/snake3.git}{https://git.aberrantflux.xyz/snake3.git} \end{itemize} \subsection*{INTERESTS} -\label{sec:org844b368} +\label{sec:org1f6da6e} \begin{itemize} \item Cryptography, decentralized governance, Economic systems \item low-level programming, compiler design @@ -116,7 +120,7 @@ \vfill \subsection*{Let's Connect} -\label{sec:org863f885} +\label{sec:orgc9f3fcc} I'm open to opportunities in low level programming, blockchain, and cryptography. Feel free to reach out via email or Linkedin! \end{minipage} \end{document} -- 2.50.1