From c5f22f48b90e12e02e804a3cb8799aff5dfe6a20 Mon Sep 17 00:00:00 2001
From: Philippe PITTOLI
Date: Tue, 21 Apr 2020 23:01:09 +0200
Subject: [PATCH] Baguette, first real commit.
---
config.toml | 10 +-
content/_common/header.md | 14 +-
content/_common/menu.fr.md | 12 +-
content/_common/menu.md | 13 +-
content/_index.fr.md | 21 +-
content/_index.md | 314 ++++++++++++++++++++-
content/blog/2020/new-homepage/index.fr.md | 32 ++-
content/faq/index.fr.md | 15 -
content/faq/index.md | 15 -
content/projects/index.fr.md | 41 +++
content/projects/index.md | 36 +++
sass/style.scss | 17 ++
static/baguette.png | Bin 0 -> 35396 bytes
13 files changed, 447 insertions(+), 93 deletions(-)
delete mode 100644 content/faq/index.fr.md
delete mode 100644 content/faq/index.md
create mode 100644 content/projects/index.fr.md
create mode 100644 content/projects/index.md
create mode 100644 static/baguette.png
diff --git a/config.toml b/config.toml
index bd3e56f..34ac70d 100644
--- a/config.toml
+++ b/config.toml
@@ -1,5 +1,5 @@
# The URL the site will be built for
-base_url = "https://thunix.net/~southerntofu/dnsmanager"
+base_url = "https://baguette.netlib.re/"
# Whether to automatically compile all Sass files in the sass directory
compile_sass = true
@@ -22,14 +22,14 @@ languages = [
[extra]
# The common part of the title (appended to page/section titles)
-title = " | dnsmanager"
+title = " | baguette"
[extra.forge]
# The baseURL for files tracked on the forge
-browse = "https://tildegit.org/southerntofu/dnsmanager-website/src/branch/master/"
+browse = "https://git.baguette.netlib.re/Baguette/website"
# Homepage of the forge
-home = "https://tildegit.org/"
+home = "https://git.baguette.netlib.re/"
# Name of the forge
-name = "tildegit"
+name = "Baguette"
[translations]
[translations.fr]
diff --git a/content/_common/header.md b/content/_common/header.md
index f4cdf9e..24c1b94 100644
--- a/content/_common/header.md
+++ b/content/_common/header.md
@@ -2,11 +2,13 @@
+++
dnsmanager
+
+
- _
- __| |_ __ ___ _ __ ___ __ _ _ __ __ _ __ _ ___ _ __
- / _` | '_ \/ __| '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '__|
- | (_| | | | \__ \ | | | | | (_| | | | | (_| | (_| | __/ |
- \__,_|_| |_|___/_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_|
- |___/
+ ____ _ _
+| __ ) __ _ __ _ _ _ ___| |_| |_ ___
+| _ \ / _` |/ _` | | | |/ _ \ __| __/ _ \
+| |_) | (_| | (_| | |_| | __/ |_| || __/
+|____/ \__,_|\__, |\__,_|\___|\__|\__\___|
+ |___/
diff --git a/content/_common/menu.fr.md b/content/_common/menu.fr.md
index f72df88..0de16e0 100644
--- a/content/_common/menu.fr.md
+++ b/content/_common/menu.fr.md
@@ -1,16 +1,14 @@
+++
+++
-[Accueil](@/_index.fr.md)
+[Baguette OS](@/_index.fr.md)
+
+---
+
+[Projets](/fr/projects/)
---
[Blog](@/blog/_index.fr.md)
----
-[Source](https://github.com/kaneroot/dnsmanager)
-
----
-
-[FAQ](@/faq/index.fr.md)
diff --git a/content/_common/menu.md b/content/_common/menu.md
index 0da4a27..53da75f 100644
--- a/content/_common/menu.md
+++ b/content/_common/menu.md
@@ -1,16 +1,13 @@
+++
+++
-[Home](@/_index.md)
+[Baguette OS](@/_index.md)
+
+---
+
+[Projects](/projects/)
---
[Blog](@/blog/_index.md)
----
-
-[Source](https://github.com/kaneroot/dnsmanager)
-
----
-
-[FAQ](@/faq/index.md)
diff --git a/content/_index.fr.md b/content/_index.fr.md
index 9b73c0a..0466665 100644
--- a/content/_index.fr.md
+++ b/content/_index.fr.md
@@ -1,23 +1,8 @@
+++
-title = "dnsmanager - libérez vos zones"
+title = "Baguette - un OS, des outils, des services"
+++
-dnsmanager est une interface web pour permettre aux utilisateurices d'enregister un nom DNS et de gérer leur zone. C'est le logiciel derrière les coulisses de [netlib.re](https://netlib.re), un service qui fournit de noms pour tout le monde sur Internet.
-[netlib.re](https://netlib.re) est sympathiquement opéré par [Alsace Réseau Neutre](https://arn-fai.net), un Fournisseur d'Accès à Internet neutre et sans-profit situé en Alsace (France). Ne sois pas timide et viens poser tes questions !
-
-# Fonctionalités
-
-- [x] Comptes utilisateurice
-- [x] Édition de zone en mode simple et expert
-- [x] Mise à jour d'IP automatique à la DynDNS
-- [x] Multiple zones clientes et parentes
-- [ ] Délégation DNS
-- [ ] Authentification tierce (LDAP, OpenID Connect)
-- [ ] API client documentée
-- [ ] CAPTCHA?
-
-# Installation
-
-Se référer au [dépôt du projet](https://github.com/KaneRoot/dnsmanager) pour les instructions d'installation.
+# Baguette OS
+La page n'a pas encore été traduite.
diff --git a/content/_index.md b/content/_index.md
index 7199029..1c07d90 100644
--- a/content/_index.md
+++ b/content/_index.md
@@ -1,23 +1,309 @@
+++
-title = "dnsmanager - free your zones"
+title = "Baguette - OS, tools and stuff"
+++
-dnsmanager is a web interface to enable users to register DNS names and manage their zone. It is the software powering [netlib.re](https://netlib.re), a service to provide names for everyone on the Internet.
+# Baguette OS - concise overview
-[netlib.re](https://netlib.re) is kindly operated by [Alsace Réseau Neutre](https://arn-fai.net), a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
+Baguette OS status: Work In Progress.
+A beta will be available circa mid-2020.
-# Features
+## Objectives, for simple users
-- [x] User accounts
-- [x] Simple and expert modes for zone edition
-- [x] DynDNS-like automatic IP updates
-- [x] Multiple client and parent zones
-- [ ] DNS delegation
-- [ ] 3rd party authentication (LDAP, OpenID Connect)
-- [ ] Documented client-side API
-- [ ] CAPTCHA?
+BaguetteOS aims at provide a simple unix-like system, with an **unified web interface**.
-# Setup
+**No command-line required for simple users.** *let users be just users*
+Simplicity should not only comes from an interface, but be inherent to the whole system.
+If the OS is simple, there is no need to hack it.
-Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
+**Unified interface is better than features.**
+We will provide the basic features then build up.
+We do not want a patchwork of very different software, each of them having their own particularities.
+
+**Online services.** *day-to-day use*
+The web interface should cover online services, providing an unified experience for main usages: mails, calendar, instant messaging, personal website, file sharing, etc.
+
+**One-click management.** *service installs, updates, etc.*
+The web interface should handle basic system and network configurations, such as adding users, dhcp, DNS, backups, etc.
+
+**Well-known, reliable software.**
+BaguetteOS relies on robust and independant software.
+At no point the user should be forced to reinstall, a borked configuration has to be easily fixed.
+
+**Hardware support.** *new or old, fast or slow, it doesn't matter*
+We provide support for RPi and other small cards: if our kernel runs on it, it has to work.
+Minimal hardware requirement should be around 100 MB RAM, 50 MB disk.
+
+**Documentation.** *simple, reliable, useful, all-in-one-place*
+Similar to the OpenBSD FAQ: updated, complete, concise and well-written.
+
+## Objectives, for advanced users and contributors
+
+**A knowable OS.** *simplicity at (almost) all cost*
+Any interested user should be able understand the role of every part of the base system: no compromise.
+This means having a very small and consistent set of tools, easy to learn, easy to remember.
+
+**Basic system and network management.** *with the simpliest tools ever*
+We provide a web interface that should handle basic system and network configurations, such as adding users, firewall management, dhcp, DNS, backups, etc.
+CLI tools are available to manage your services, they are design to be simple, consistent and reliable.
+
+**Robust system.** *for real*
+Static compilation for system tools *(at least)*: there is almost no way to get a borked system with an update (yes, almost, people are creative these days).
+
+**Officially supported and documented services.** *so you are sure to get them working*
+We use some services for our own personal usage, so we will provide support for them.
+For instance: gitea, postgresql, a building plateform and a continuous integration tool, etc.
+
+**Simple to contribute to.**
+We want fewer and simpler tools as possible: Baguette OS has very few requirements, and automatic verifications.
+Baguette OS do not suffer from any cumbersome historical decisions: no overly engineered package format, no stupidly complex tooling, etc.
+
+**One need, one tool.** *this time for real*
+Installing an application or a library is done by [package][package].
+Other methods are not supported **and the base system will never require them**.
+We avoid to rely on `pip`, `cpanm`, or other third party package manager and dependency tree.
+More on that in the [technical section](#technical-choices).
+
+Starting, stopping, or configuring a service is done by [service][service].
+This program alone is used to manage services on the OS.
+Users should not be required to manually configure each software; instead, most of the configuration should be done upstream using templates.
+Users should be able to change the default configuration through command-line options.
+Manual configuration is the last option.
+
+**Slotting.**
+[Slotting](#slotting) by default helps to install many programs with peculiar library version requirements.
+No difference between stable and development versions.
+
+**Easy to write documentation.**
+Online documentation is written in Markdown (thanks Zola), and man pages too thanks to `scdoc`.
+Every tool is shipped with a man page: no man page, no integration in base.
+
+## OS content
+
+- kernel: linux + headers (but most of the system should be kernel-agnostic)
+- libc: musl, but any other libc can be easily added
+- init: sysv init
+- /etc/rc: CRUX-like
+- coreutils: `toybox` (or `busybox`)
+- shadow (todo: check if not already included in busybox)
+- building tools:
+ - LLVM + Clang
+ - autotools (for sysv init and libarchive)
+ - libarchive
+ - `m4` (required at least for bootstrapping)
+ - make: `gnu-make` for compatibility reasons
+- shells:
+ - `zsh` for users (not root by default)
+ - `ash` (because of busybox) or `ksh`
+- documentation:
+ - a full hand-book like the OpenBSD FAQ
+ - manpages, written mostly with `scdoc` so anyone can contribute
+- our tools
+ - services: [service][service]
+ - package management: [package][package]
+ - packaging: `packaging`
+
+## Inspiration
+
+- OpenBSD: security, therefore simplicity, no compromise
+- PFSense: system and (even advanced) networking administration, yet through a simple website
+- Plan9: everything is a file *no seriously guys*
+- suckless and cat-v: simplicity, code readability and reusability
+- morpheus: static compilation for the OS, demystified
+
+# Baguette OS - detailed explanation
+
+## Features and objectives
+
+
+## custom tools
+
+- [package][package]: package manager
+ - basics: install, remove, search and provide informations about a package
+ - rootfs creation
+ - used by `packaging` to create low-cost build environments
+ [package][package] knows the minimal set of binaries and configuration required to build the target, so it only installs the minimal environment to perform compilation.
+ This environment is low-cost since we hardlink binaries into the building rootfs.
+ Inspired by the *proot* tool on OpenBSD.
+ - slotting by default: no need for custom environments for each software
+ - packages format:
+ - .tar
+ - meta.spec
+ - files.tar.xz
+ - db format:
+ - world
+ - installed
+ - [package-name]/[slot]/manifest
+ - [package-name]/[slot]/meta.spec
+ - configuration:
+ - list of repositories
+ - authorized package signing keys
+ - packaging variables (cflags, makeflags, and so on)
+- `packaging`: create packages
+ - uses simple, declarative recipe files
+ - create build environments to test packages before validation
+- [service][service]: service management
+ - add an init script for a service, for a specified domain
+ - example: `service add wordpress example.com`
+ - the init script verifies if a configuration file is installed
+ The configuration file is created if not present.
+ Configuration templates are provided for all services.
+ - the service can be installed in a specific environment (read: a custom rootfs) ← NOT IMPLEMENTED (also, environments == domains atm)
+ - example: `service add wordpress example.com testingenv`
+ - `service` provides an unified way to configure the system
+ It alleviates the need for manual configuration. For example, adding a wordpress service will automatically change the `nginx` configuration, create a new database and a new user in `mariadb` for this specific service.
+ If several `nginx` are required, ports will be registered and automatically managed for each instance, no need for user input.
+ Behind the scene, it's a simple token system with configuration templating!
+ No heavy machinery here, and we'll keep it that way.
+- `build.cr` (temporary name): Makefile creation
+ - create makefiles from simple declarative configuration file
+ - can replace most build systems
+ - FIXME: design something using .spec format
+- `tap-aggregator`: quality assurance & test results aggregation
+- `webhooksd`
+ - automatic verification of the recipes on new application or library version
+ - automatic cross-compilation (x86_64, ARM, others will follow)
+- `libipc`: an IPC communication library
+ - currently used for
+ 1. the administration dashboard
+ 2. the web interface for the services
+ 3. `todod` (a kanban) 4. several other tools we use for collaboration
+ - provides a way to communicate between clients and services
+ - uses simple unix sockets behind the scene
+ - transparent remote communications
+ - clients and services do not need remote communication
+ - any client can join remote services via any communication protocol
+ - any service is implicitly accessible from anywhere, anyhow
+ - C library with Crystal bindings (other languages coming soon)
+ - we create services, not libraries
+ Therefore, languages are irrelevant: you can use any *library* in any language.
+
+
+## Technical choices
+
+**Linux kernel**, but we are lurking on the OpenBSD one.
+Linux is compatible with most hardware and software, it is fast and we can easily compile a custom version to remove most of the bloat for server usage.
+Still, we don't want to rely on Linux-specific components.
+At some point, our system will be kernel-agnostic and will be able to run on any BSD as well.
+
+**Musl libc.**
+It has a reasonable amount of features, it is efficient, provides reasonable binary sizes and static compilation.
+Musl is simple, reliable and remove all glibc-specific functions.
+Others can be added easily, which is useful for compatibility and comparisons, through [slotting](#slotting).
+
+**Bootable system and rootfs available.**
+A bootable system to install in virtual machines or bare metal, a rootFS to use BaguetteOS from any other OS, including non-Linux ones.
+
+**SysV-style init + CRUX rc**.
+The init could come from toybox or another minimalist project.
+No systemd BS.
+
+
+**Slotting.**
+
+**Custom file system hierarchy.**
+Our FS is not FHS-compliant, partially because of the origin-based slotting.
+There is a strict separation between core system and third party software.
+- */usr/baguette* for core system programs
+- */usr/bad* for unslottable software
+- */usr/third-party* for other software
+
+**Crystal language for system tools.** *Syntax and productivity of Ruby, the speed of C*
+It is as simple to learn as a dynamic language, while at the same time being almost as fast as C.
+Technically, Crystal is strongly typed which catches errors at compile-time, but with type inference so it is not cumbersome to use.
+Applications are compiled in a simple (static) binary, easy to deploy.
+There is a good documentation, we used it for long enough to tell.
+Technical choices are reasonable and documented.
+Finally, Crystal has a large library with all we need for our system components.
+
+- coreutils: busybox
+- */etc/rc/*: forked from CRUX
+- Building tools
+ - LLVM + Clang
+ - tar -> bsdtar
+ - webhooks (libarchive), cpio -> bsdcpio (libarchive)
+ - autotools (for SySV init and libarchive)
+ - m4
+ - make: gnu-make (since it is required for many projects)
+ - `crystal` since we use this language for our tools in the base system
+- shells
+ - sh -> zsh
+
+## Still in discussion
+
+For the simple users, we want to provide an unified web interface to manage the system and online services.
+We currently use `Crystal` to work on service back-ends for a variety of projects, we are satisfied on a technical level and we are productive, it is highly probable we continue using it.
+The front-end is still in discussion: we currently use `livescript` and it is way more usable than plain JS, but it is painful to debug.
+
+So, we need a language for both administration dashboard and online services, here some examples we find interesting for the job:
+ - Purescript
+ - haskell-like syntax, with a smaller set of notions
+ - strongly typed, with type inference
+ - good documentation
+ - useful compilation errors
+ - no runtime error
+ - Elm
+ - as Purescript but with way fewer documentation
+ - less generic code
+ - still very young
+ - WASM
+ - seems to be a very young tech, with no real good language or documentation
+ - Zig has wasm as a Tier 1 support, we should investigate
+
+# Providing software: the right way
+
+The usual way to provide software is to maintain a version of a software or a library, package it into a distribution, then provide it as *the* OS version of the software.
+In the long run, software and libraries change, which is no big deal since maintainers verify the consistency of the different versions provided by the OS.
+TODO
+
+**Problem:** what happens when two programs need a different version of a library?
+
+**Problem:** what happens when two libraries are compatible but you want both on your system (see libressl and openssl)?
+
+**Problem:** what happens when you want to provide a **very** long term support for your users (see companies running decade-old databases)?
+
+Baguette OS has a simple and safe way to let users and maintainers provide packages: `slotting`.
+Official OS packages are installed under `/usr/baguette/`, for non-essential programs.
+Here, the slot is `baguette`.
+Any package outside the official ones are in another named slot.
+
+TODO
+
+**This in nothing new, however not often used, and still maybe the best way to handle the problem.**
+
+
+- usual directories under root: bin, sbin, lib, boot, dev, proc, sys, home, mnt, root, run, tmp
+- etc
+ - rc
+ - services
+ - environments
+ - templates
+- var
+ - cache
+- srv
+ - "env-name" (see [service][service])
+ - etc
+ - data
+ - cache
+ - run
+- usr
+ - local: things that are installed by the local system administrator without using packages
+ - baguette: things provided by the system that are not necessary for it to run (and boot, and restart, and do system things)
+ - "repo"
+ - lib
+ - libexec: try to avoid using it whenever possible. May or may not stay.
+ - bin
+ - share
+ - man
+ - include
+ - bad: things that cannot be properly installed or slotted somewhere else
+
+# Roadmap
+
+We currently aim at providing a rootfs with our tools, when we will have enough spare time to contribute.
+
+
+
+[service]: https://git.baguette.netlib.re/Baguette/service
+[package]: https://git.baguette.netlib.re/Baguette/package
+[packaging]: https://git.baguette.netlib.re/Baguette/packaging
diff --git a/content/blog/2020/new-homepage/index.fr.md b/content/blog/2020/new-homepage/index.fr.md
index 04bd865..8aa57d5 100644
--- a/content/blog/2020/new-homepage/index.fr.md
+++ b/content/blog/2020/new-homepage/index.fr.md
@@ -1,11 +1,33 @@
+++
-title = "Un nouveau site pour dnsmanager"
+title = "Baguette - Présentation du projet"
slug = "nouveau-site"
-date = 2020-03-30
+date = 2020-04-25
+++
-Aujourd'hui, nous ouvrons un nouveau site web pour dnsmanager!
+Aujourd'hui, nous ouvrons un nouveau site web pour la communauté Baguette !
-Il devrait fonctionner correctement sur tous vos appareils y compris les téléphones portables. Si ça n'est pas le cas, merci de nous le signaler ou de soumettre un patch.
+Baguette regroupe un paquet de [logiciels et de bibliothèques][baguette] ainsi qu'un système d'exploitation : [BaguetteOS][baguetteos].
-Dans le futur, toutes les nouvelles excitantes à propos de dnsmanager apparaîtront sur ce blog, alors reste connectéE.
+Parmi nos applications phares :
+- [notre système d'exploitation][baguetteos]
+- [LibIPC][libipc], pour permettre aux applications de communiquer le plus simplement possible
+- [Service][service], notre outil pour remplacer `systemd` et `openrc`
+- [Document Oriended Database (dodb)][dodb]
+- [dnsmanager][dnsmanager]
+
+Pour avoir une liste exhaustive : allez directement sur notre [dépot git][gitea].
+
+Nous publierons de temps en temps des nouvelles du développement, de l'OS, de l'infra sur laquelle nous faisons nos builds sur ce blog. Stay tuned!
+
+N'hésitez pas à venir discuter avec nous sur [Mattermost][mattermost], bientôt des ponts avec IRC et XMPP, stay tuned !
+
+[baguetteos]: /fr/baguetteos
+[baguette]: /fr/projects
+
+[gitea]: https://git.baguette.netlib.re
+[service]: https://git.baguette.netlib.re/Baguette/service
+[dodb]: https://git.baguette.netlib.re/Baguette/dodb.cr
+[libipc]: https://git.baguette.netlib.re/Baguette/libipc
+[dnsmanager]: https://git.baguette.netlib.re/Baguette/dnsmanager
+
+[mattermost]: https://team.baguette.netlib.re/
diff --git a/content/faq/index.fr.md b/content/faq/index.fr.md
deleted file mode 100644
index ff2cd82..0000000
--- a/content/faq/index.fr.md
+++ /dev/null
@@ -1,15 +0,0 @@
-+++
-title = "FAQ"
-+++
-
-# Comment installer dnsmanager
-
-Le [README](https://github.com/KaneRoot/dnsmanager) contient les instructions pour installer dnsmanager.
-
-# dnsmanager supporte-t-il la délégation ?
-
-Pour le moment, dnsmanager ne sait pas déléguer une zone. Cette fonctionnalité sera probablement implémentée dans le futur.
-
-# dnsmanager supporte-t-il l'authentification tierce ?
-
-Pour le moment, dnsmanager ne sait pas gérer un serveur d'authentification tierce (par exemple LDAP). Ce sera probablement implémenté dans le futur.
diff --git a/content/faq/index.md b/content/faq/index.md
deleted file mode 100644
index c29fd65..0000000
--- a/content/faq/index.md
+++ /dev/null
@@ -1,15 +0,0 @@
-+++
-title = "FAQ"
-+++
-
-# How to setup dnsmanager?
-
-See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
-
-# Does dnsmanager support delegation?
-
-At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
-
-# Does dnsmanager support 3rd party auth?
-
-At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.
diff --git a/content/projects/index.fr.md b/content/projects/index.fr.md
new file mode 100644
index 0000000..823a508
--- /dev/null
+++ b/content/projects/index.fr.md
@@ -0,0 +1,41 @@
++++
+title = "Projets"
++++
+
+
+# Nous contacter
+
+N'hésitez pas à venir discuter avec nous sur [notre outil de communication][mattermost].
+
+Des passerelles vers IRC est XMPP sont à venir !
+
+[mattermost]: https://team.baguette.netlib.re/
+
+# dnsmanager / netlib.re
+
+`dnsmanager` est une interface web pour permettre aux utilisateurices d'enregister un nom DNS et de gérer leur zone. C'est le logiciel derrière les coulisses de [netlib.re](https://netlib.re), un service qui fournit de noms pour tout le monde sur Internet.
+
+[netlib.re](https://netlib.re) est sympathiquement opéré par [Alsace Réseau Neutre](https://arn-fai.net), un Fournisseur d'Accès à Internet neutre et sans-profit situé en Alsace (France). Ne sois pas timide et viens poser tes questions !
+
+## Fonctionalités
+
+- [x] Comptes utilisateur
+- [x] Édition de zone en mode simple et expert
+- [x] Mise à jour d'IP automatique à la DynDNS
+- [x] Multiple zones clientes et parentes
+- [ ] Délégation DNS
+- [ ] Authentification tierce (LDAP, OpenID Connect)
+- [ ] API client documentée
+- [ ] CAPTCHA?
+
+## Comment installer dnsmanager
+
+Le [README](https://github.com/KaneRoot/dnsmanager) contient les instructions pour installer dnsmanager.
+
+## dnsmanager supporte-t-il la délégation ?
+
+Pour le moment, dnsmanager ne sait pas déléguer une zone. Cette fonctionnalité sera probablement implémentée dans le futur.
+
+## dnsmanager supporte-t-il l'authentification tierce ?
+
+Pour le moment, dnsmanager ne sait pas gérer un serveur d'authentification tierce (par exemple LDAP). Ce sera probablement implémenté dans le futur.
diff --git a/content/projects/index.md b/content/projects/index.md
new file mode 100644
index 0000000..1bd1ad5
--- /dev/null
+++ b/content/projects/index.md
@@ -0,0 +1,36 @@
++++
+title = "Projects"
++++
+
+dnsmanager is a web interface to enable users to register DNS names and manage their zone. It is the software powering [netlib.re](https://netlib.re), a service to provide names for everyone on the Internet.
+
+[netlib.re](https://netlib.re) is kindly operated by [Alsace Réseau Neutre](https://arn-fai.net), a neutral and non-profit Internet Service Provider based in Alsace, France. Don't be shy, come and ask questions!
+
+# Features
+
+- [x] User accounts
+- [x] Simple and expert modes for zone edition
+- [x] DynDNS-like automatic IP updates
+- [x] Multiple client and parent zones
+- [ ] DNS delegation
+- [ ] 3rd party authentication (LDAP, OpenID Connect)
+- [ ] Documented client-side API
+- [ ] CAPTCHA?
+
+# Setup
+
+Please refer to the [project's repository](https://github.com/KaneRoot/dnsmanager) for setup instructions.
+
+
+
+# How to setup dnsmanager?
+
+See the project [README](https://github.com/KaneRoot/dnsmanager) for setup instructions.
+
+# Does dnsmanager support delegation?
+
+At the moment, dnsmanager cannot delegate zones although this feature is on the roadmap.
+
+# Does dnsmanager support 3rd party auth?
+
+At the moment, dnsmanager does not support an external authentication service such as LDAP although this feature is on the roadmap.
diff --git a/sass/style.scss b/sass/style.scss
index 30437f7..e780d43 100644
--- a/sass/style.scss
+++ b/sass/style.scss
@@ -1,6 +1,13 @@
@import 'mobile';
@import 'widgets';
+.banner {
+ margin-top: 0.5cm;
+ float: left;
+ height: 5cm;
+ // margin-bottom: -1cm;
+}
+
.nav-menu {
font-weight: bold;
> a { margin: 0 1rem; } // Spacing entries
@@ -14,6 +21,16 @@ header {
background-color: rgb(239, 239, 239);
}
+// less spacing in lists
+li > p {
+ padding: -1px;
+ padding-top: -1px;
+ padding-bottom: -1px;
+ margin: -1px;
+ margin-top: -1px;
+ margin-bottom: -1px;
+}
+
article > div:first-child > h1, section > h1:first-child {
text-align: center;
font-size: 2.6em;
diff --git a/static/baguette.png b/static/baguette.png
new file mode 100644
index 0000000000000000000000000000000000000000..a8ac7eab4660e598f1a3dec6941df80941bc2b26
GIT binary patch
literal 35396
zcmYg&1yojB*Y$&RJv7pif`UqyB8`AZ2udg^Afbe$fOI1gqS7thh#(*xf`A|?NUL;r
z|Lf@ezW;m2b=>jZ@tl43*?aA^=9+VEL)2Ao5fji6pin4cB}KWrDAYL;_~U_x1OMgu
zYng8N7nXyJk`^BP&jZgi82&%LouaM-3dPif{K2s4b-D@vk;745$5GSP+|kAOnHlPi
z@uO$9Pt8m%jhPiJpP9MXKC^aUzN5p;&&w+q}Y9g!>ncb)C|ST
ze~q8-8XxanjxAyoiW#LOC#~h0xIFG|r!|+vdAzm|w)zZ@iC3YM(6m*#jYFYrW=5Zg
zRbvACp&zkALZMV)4C{ow>1(6yX?#s+@f%vqPye`=LjzbvEq;%nRTCDuRe
zWy2pTs~=c|`pkG@cuM1`L%(ai98;XxdKSVQ54WFJ*QZ?WeD%t|M+ML0dGe%uv>C0O
zoZNF3+FG%t`(G8Hv+X`w(38O3OmKY!h3wClGw?b9*2
zdlnqf_J>|{(2h9!n&XsKv(R?c(XGvXQD&)NBUfft*5>^pjv*sT`3Pm5SfQsk%q3k@
z&Ip>G&?VR!8Ln_J&F7f79fCMME&U_*!yY_)Odn{VMr@H7gTh1@*6yaprrtffu?CRVgQ~I^Vo89y%VBz?%Dd{#=Q|
z+u!3F9)-bw7q-X)J5t#qc-~3|pXh679eudAz?+Y+44xE=MY!BNz5Mf9F1EUPU_KGD
zN8bak32HUb(>1*nu_Ss+_2N7{U_E*mU_mDxoD*Yqpxx(@txm%f9BiSbKu7nsC&jm{
zebZ!!(O8%)Fj%i;o$~LNDVVaSu~E?-5+_;sVg~x1#EuE_BWCDN@&oo4)Y{QV#8$e
z#~j<``d2oM+`FGI-~36rsQC@UwJFE?@9YVbqBGx36Qhlt)R3R&-`)&J>@ZTurYlNI
zUo_33CDTWRn(ChNjIK4WOUcQ_do(9qCi|0!6BsyuV7>RW;G~jb|JTn!^%Onol{ivl
zXB^K@(kwj1b6{nc_2WAo9S@qkVB2PG>-B2lfwVPC`e;uFGLUCob>LIHa+>J0MxDw-
zoT+LF?`wM1>KabuUI(L$%l(XHJZGYGYmLZnQ7ENoPxKm<{FmxL-Tt=O*0Lb6j7B3r
zS$>=CZ48v#PbRHp(U5XON1UVR94tK8lyt1QnshtnmxCh^fK%}M9};A;B5sGgqTAgm
z9~@AbVEjH)A?)%}sNTUTc)
zDkVvF&8l(!jn1z0eRh3FSOvZF306#_TJ#+S%bj#DBRmoP$Rc)OZ>IO0VHnn|=hAAo7x^<;`FfTmiX$rUG1FeM0&G$UCKSyjsR
zrl<9$OYe0CLN5jpk}=0)P`-4GqlSa6!LT_fynHLTKd?*i`u%smGL}nk$WDZ9_YF(Z
z^nASY$sUQwgDUv7;NgMCyx$Z;^D
zsoO=Za#x7Wg@O9)-P!FWd!1|&WC_o$>uV0Mei4!%s&Zr)sl|h6A$Gq;-v7-@l#w>q
zx#AXfouRcfADrztovLBV+jDA-KHXuW2JubNac})EP|sON6cO$0AVXcG>JbXKOL@>K
z5K+Pv%}So>`s`UwKeDW>6r16(Me>o>p|whnO0vsh<)Z{m@=sSW3U68azF
z_RlX#A7zQW`PLX_7XN@G1cmCGf8C{WyGizwSH`YI8N1T!bCM0n+|4kKE?us;c`Mg;
z>VqP|doQUoOE9@dhD%ZLsQc>iU
zL<6Fb-EF)QrVBp_Q~2!1DsTl~vwrJJ#VvWCGh|L&1m~z9+!;D#F!RLJV8_ADxK67#
zyJ(_f^z|aLhdmyQRPkYj{Qb)#8zd3WJTb!+y(ra~P!?2o&S7Mee9WoCAk*;Opi+2i
zDe(<*NM6Mj%!ZA;o0~A8tpc0W?xgKC1PddUqgIUN3)P8CKGBlrWPX_8BT_NNJl?5J
zebP^FrPQ?a+%z
z_EO+VoN5S(%6!M7`)cuJkd$=jMNUj4Y}v?5GGxj#W-70FrBJXbi6|tAqZ&^3vMePo
zqmad8{X>XG!+~_a9L9IlctrH#+V@F?cG~6q&y-8UC?h-9efk}1!hO$f0c07OjXu4(
z{3`wx$@o>0&Ps;n)#f{P4A0sQolrFNu*JTI3$hpuV(?mH!og56NVZyqN$pLFjY7hc
zQU`AzS=6s?rm(igN9~|PkJj!q8`e4J-+Tl~jG%Ei^b;|Q9-o+%-V+%6<8Wd-jC~pr
z$3aB*ViAR+wREl^+4=>W6yr^cmVWnuPc%4x?DvMD8laey3tnlCftHK+Z=AFR1)Uuy
z@gX&F`T`RsviFt*oT5n1e?=e-)9{{+q`0*>+B>^?%UBxy%%N=K&ze=K<0+-)3R6gH
zhb%9$XqVZQ;<47AapMGuKFgb?do@rot*B2AunUE{P2JNL`dfZ};d4Mr!E;8aZ?RUw
z?NgC2S$>ST1sOr|Lh^kdFGh2U-~+z=p&o(mDB)b|Cv`pmU_`IEOat&rtm~cj`e7nw7FlpJF1sv1F-i}ON{b5=R7I!%x?-h
z?Y|3nI!7O5zrFt)U{Gt!4tJ@z6J7v(JGntamF2wWwmcGs5!GkVWY3wM6qq4R?iY;qzV-!+t;
z3kW&gpX#z`%ho#Q`y)Wl6*a095IrTP(@%c=F=Y|q924ZkcEevTaQz*3ONE~3=n&U9
z8K?U?WLOQEX!eD<^&!!m(8?(UxJ%A5uWK34_?PPN+6GE;z0C5I!fL+G-F2Ut_DjJI
z8U+Ewk*ZEuG{Yh4;aWX-fjY*d4fevMqv^*4cd&2nm+G?#n)>&p$?gjxSt|uJJ^%Ai
ztSbpx*+^aCD&~ZbqU7PU76g~XbdyY~(^(mAN^(sw)XJ>o0zA_|?l6P!CLL5aM0*Uc
z40aFzo>;3C>8e27z^<3@mm2W`d-9&3~ca)!rCJ(D84?94XImhKEj
zd@b{cL-t4}XNq|=ITRwic56d>MB9Dg6(cbW(7wl%#57weaGp$$KS*Hf4R(VyA*(WK
zgOcGt?0+mD0eiTAbg%s6I^DeLg%_KjNUy~C*tnZ`nUN8|IA
zTi77NC2a|x_Ve8#JNa>X&!UOnT{V>bQ9kCKhLPsm9LdxCD7sNy`}+9*JgyqTz!1~B
z-qUV~vF?1kK&Os*^)c_uKz57{CFe|b&a`1C`m?12FTWcj*M72=-;5AbWt1_7D5+wz
zvZG<5d&`p;p8b`2!-^Fzp*!>!`}OE$VI3ZF8|NC0GAoMFB1Zzguf|nl7YRt{#;NB}
z5SyU_jlQzx@r?JZ=Zv9eqdmII!Ye4(W>eW{Q_k99<2Puv;q?$7eLh}Kg`U)pmLZx?
z)HL~S$Hap?2d3)31F)s}`u%uS0_XUNW1_JIUZYh-gH3r8{A0eA%$q|dCW>k(tn<;S
z_nka{MPDx>9s_wT1uHi0d-o>$FCk1WlCsUb!U03um=Lra(mF)iD40vc+h^ut2;J&T8`l)5PF5Btz
zWcOS;A>4>Z3&)pSOP8m)YAv^Sc1TPVg}=QC7;;pC{H$?s&j12l1LGte$LO2tDkK!w(zTrb#VaC*LTR=$z$;v)5d-`?#6G8yr{y5
zBkWrJgv|4Bww3QiwnZt9KW13#xqNxwai-6b=5U&b&~cAH`lZ(`RF4LIyL8qBUm`=!
zf*dlc`U(Ar-KDEMu?Z0s-)>&=(D!R)9Va6_mS#y^YQ)87aLqNJuI=>tkoN
z&yi`wb}{`u0ik)X=k50%K}g@w|M+EqFhAxsR?U^vi^f>;VG1FYQ$`WG^2PffEMi;<(cVhMJOeIzr~<%(eX(Mq
zM3PVU+XvO!en|wDAK-9@&`<`3wNDwf$ta=r%kI69isAX1a_OuG)*mA3rg=yN`N
zv`-Qx1?S7wA;aRAKP>&&F@zJY7?Ec@FJ@w;ihwYf%f%%1$PPf-W|b?69NMKL_mIR~
zKVp9llCw^ko$%1jny&RxoCMo?+1h{rsSP>?lmoT$xrQIt#0PJ7!OKh{*%!=W?XG7*
zF-8_1QqGg{^%kWFG2{deY06I&8k|y?m1}ZgZo)h;HpdVZ_+qwP2oCC4_C~msE;Y
z#?Z2oh>*9VF`)e9)U2tIGM35{psZTfzOv9{=QGAP%O{Fz($_`7vY9&9O-=Q>F@+(?
z7xVXnS7|5J+>7#2)M5U}xqQ7GNMaZ&)HiGu^vK8#@5Jv9cMO(yxnWMFWoOy3{gjtE
z02EEWM|P0c@aY*Jqr$FO4O2#Ac^N6jPy|lXC0@~~_~Z0Jf8piW6be;&*!3Ln%Fdm<
z9dt$WU;LV7+%{FxXOB}uBJwv4ao=C8!|1oEWZ}4UYE2_!Y4`gNz5mmJNfsA&
zO?2QKO~&rec`J7_z0BktV#pYlmz1(}dCaIgiGuz$K{R`roUMm%(mM-Q;t0YI(A{M`
zhD@i@r^*-8WBDHZT}!HaoS*wyMQ#W!9^wSzIEmDZBLK*LM)UE{k0yDa21Q7hw0j3;
zcP%O`hw@%T)~APXUF@P}@GPChnmE|!hO(RHHug>7-ef~>>XniV6DOsc&|0@2z9H(9
z7tdxx0Q>TDlv(Hgbq&KlsaLm)XH;!>yW^VWhdT4zUk~_J3XO1J67YqwY^nB
z%Kt&zWwky3`W~l>u_<%8%{QVX&B&K5OLq8mOFM(B#(?v
z^#3sMi>uby1FyiA3n;WZza3`kc%O;xJ#|PC_vrinUT8Ay{*pD6vM-89#=d`pmzz5x
zwS7Edhl+cBKV6LMjKR5vcpeVQ&=<@jbRZ^An%-mNAlb2D@BUqx7Q7^g#{mlN#*U5;EQAYvZEp@Ke(sFGr$*W&C
zF$#;Pi#=IG#SQJaG~M6EnYTmZY2s>^GqGD9{D4n0dIdrzu$5JQfw=X&>m3AX0os3O
zH%tk!EBqqO6e8DYvqW-a7{NeVO3@#vq<#G~W`os)9?C*9z(#<+@f0uO`<yZQ3Lh0<^Yi0Bz9hgVG&2>MXez5`MW9CSTlHf_0peTT
zVO_MW?fq=!5;cdGNC35f?Kdqf%f4R_rL@-u0=ode5fP)KRKsJ~nc1#zOjqg$K1=Tj
znH##7v7*cgR3C(lXOn>@7XJ~KRX|&ZpLtjolGYs0_XMi25zNO-kuD4<<`4RIZEHE-
z#j-CS3r9A(NJLV~JYHft@MeI??ygG11Fj$L`GzYRPjiaRAXVrGj7C}xSgl0i1pQ*C
z=l`ymaqMhDSnyOw+>5|~$2~Ti7{g!8Ni=)H%!m2x=pJ&cZDdyRf#C_v^^vx3qAE=*(Qm1rxYUH?qsz{
z%S1j{;Y#9^QA>J0iCU!s14F@mLKx$bNI>9c+*h-MNk@Io?Wz__8X}cP!^l3+;B0frlBRDpGHq_$aj
z%BmGH6t4WL<;4IZ7P9DH+NTs_B!K=qzB~I
zW0Q7#=qopzceaSoWNvF2Zp))vK4)&eX~w_hrSmJI^5v0bT&z^`|X$p*HVu;b1mA
z|3tXNeINL@1z2|gJsED_a4l-SFBDr&?X=7XJ1*MItHo<(Ge#ZXfDfk>o+QnAs`m{D
z5I$G{=(Iih5+hSm<{PCy#k-zaNL0K3`~oxrqy_aG0tsoxF*rD_Vovk+?&}?&qDTS>
zT43hJ_(Brjb4vUFE4~Q&@slM**5}OP^H~hW`j7w*_uD22oR9#?1iHLAWbDPig?hRldd%^4>o0_cdZvJcg3!o}!
zRiEe_U4}^hepfU7)Ih-kifmdgHgOO2Lkp`P*7#)X`{5M>{}%8E#{0vOUit
z*<;N+21CT>lFr1YTBM$5`3FoxUOTd;MzR}dH^P}GLexmxPr5oFSF4HpqL>E({B#P@
znFqleq+F<+9Px#e-@IFCxh#^B0uofh2~Kj8`Heq(SD7l$BymrT*Uogt$1n6B{xpiQ
zi+uOS_x;&mjh)rdhm9&uiAy%JzH}T69}QimUuLim6;lZJsWKKhSKIA|)yQ6EWw<55
z0G-&ufw`E)gb$q%mQ}_q5l|vXz!-NwQ@njAaJ=YrERLKgM)KDi(%xRj$3}P@0^LQ2
zUhW%R%QZJ|9y^q`z2AyAjtze$U}vz}MEG979U-0ue5U?cF>c0FUy=UPX?-SU;d>hm{wcEt&WPjb~k6^ve
zu%;6FQP^iC5m(I&{_gCqjzNJT=aY0m?T6@pr-jAOPoutrJBjL(m@cxLktt`btD-90&Yh>7%p5SJva0_C56Dv>JN
zp}e7(`4hU*dHIPHT2LuphBHF0Q=*H8<3w!PfmNsLT(SGZ%*F9OgXui|HY?;TwMXjTuUlPQ8Mh^GTh?QeO@M2NfhF{L2G8xEZhB
zyh)-$NUqLk?DLuljkvEs9D}3Fl
zb(bu}c@ZUN`%#uT5H}rb#=7GtN%#~b`pHOLG)lehH_cz(4tMf;D?BDF-ea^keNiQm
zm%8NVxj-DE{G`5wqg`*iY;=2%L8D>aeMZmw+)!TKUR;3TTFNfaU5P`8KPuqT_v$^D|sfV7tuaHXqGnBfvLej
zI24_$)gU0M&dv~&IAY+yB(drVT#Y~QAk)cRf}-_Ln%{bj&0V;9F|UzDw+gx?_lRTN
zr6`+~I3M`J8LgbRUFW|tQI|!An>+%|8PR*8C#M8zbERDEusyia@PtlMcT1dC5RQY1
z^L;M4C*8~T?!HvY_Z4Q{L85JC5vVYY9tjKzH2hq(|B7s8T*BtY-gn#Hes{w97Y9c&
zxZiymS+;k=To&z?m+uv(saKToSlhJI5yNKh|MJGy<5yDoM>jP=NsCXD-uQXDUb?^4
z85m?X4~&APx31ZMd}KO0EncX>Goln$x3hxTd^>1>Rh$z2wSBFWfSL|vG+w{lm_2v3
ztySr5Fn1-!RPTjr*2Dqd&D^u7k*8*s3IJ1^JKnw+l2({;9tdfKO-X!L6B!p3%0c*e
zcA*T^)-!|d;xVA#rXTQQhJ1YXpmdLJ6L
zIKxFjTV(vA^^p#*i}-4X3gO`n?u0~$mrE_Z2&XP<(N7%j!>lFf{VSqm_R`dw0h+gB
z7~cNlSvUv06Tbczg^cV(UWA|~Awoz1pt_->|5)$98WVBz;HTtQ76a8Xx#bd+w?3|r
zHKXGL@AtscD%#cc5a9Yg>7e`^8LsfBxxY~KMH(iE*azB=BG`Gkki7OTVR!$re@ing
z$k$@jTCQIk*Wy(<K{1GLoJWQCi0TI?`tM0&Q)7cxT
zL-=fcdlvj|ig}U7ig|x@#eyh+?iIY;sPU~n)wiy;Ff$VRBN@|Ja5e`deC!0~QMq
zdVA!2dJaAj0YVvz-b2-L5^|eU&jU5)v{$w9TB!Kwu~^G(J5nbiAyN;Fw`AF9)cHqb
z_@L>xr)e;Em}$>g{V(x9zOm*5`71Kv^~zcH5E0JjMGbC0Ph?bI*N!eU
zy*}Hn8=CFti{}z!P-6eNcT*Qk+Fv6_1bUI()?qb92TfoEHo)`Y`*}{lcX4OT&FhIhbiE2dMAMADO|a(-W#!@fgN=`D~DshI~MktQI@;
zQ2;!pWn>rpjz!%k(3DoB`p7?N$tVyVCIxaSf2sO)?h)OzD1=#BB=XZQZ+MlO*r?u@
z3B(dQUtjI(HNJs{zB)(m`n9WmeqS)ty6!Kf0!rn-h6}G#rtR=JlnJVzm4;Q(K^RBS
zE+9(7kCp=as(z08TqyP=-Zb)hm}0VnzHUz*LaWAzz&*`qM2qJfNaiqk95B?x`QCeD
zjVYlsl@vqioZe{Bqu*+0hF*5T!+d1-@%-AE(5fG%cg^BMIg_D(AFbtq9i8`J1HK3m
zH)b|f=}^GmFOm>-3duoLCV2eIxbf!#9Mewm01f3kN=@4Dil@D9REV+oHW%KshnaZ%
zn@M1?R2elLb~L1#)54^a5KVHwcpgPy#`wAdC|M$DSj-`wo`NAA>b~Mpu
z#<(&Ve{O=r$Q0a_Ni8kTjaZXPZ7Hy=d{_k75U{d)=W$|BJT{{edF0!8-x$;DK+54$
zFrZ2w2-I6F@bCO3txXB)`ug(#+{~$wRhP?L;YC0I_uKPnB}SL)_U5-~>Wz=1*qJ%R
z@Go^JmFQ&p6QWrw&CfM}ccy6P3niTGW=xGPrRZ%3ELw>xi=G(o1E-TB>d#F{80(bQ
z;=wfjILXBjkr1QEuZp5fD$R#P^xJ{*tYFfn+rNyM3|b>?w?A0hh4^)r^iZtvry$jErrR{xzh68gc6VS%HSuB%KCK8RUWr
zYGJ}FwooQPtNoSIh^SfhhC&HKL>lZ$QqkjqF~8VHo($C_bDG$pT5P(Bo-OubQ^09~
zbjvrrR4_skey#(mt?-HM?*FfNr<#EPXi7|;lRdbc(P9#1RH+NIV7b&$bnqNRI60ec
zEZ-sVCj$L{mz0tlZ9%D6bhSgo$;T9=NRR{ehWU{Sbdtvj4AuSx12e%edEY^+9bBCJ
zLGn#&av{;+iTLN>&_NWWid*`4
ziMsUfyfyDDs9hgOjmN?%lr|1EMXM@UQ^h85O&
zgj+8(H5r6^F07S&L&%pbW-1b#YhVzPya)*DtGgUr
zF=vpc(A_wTPtSmwa-K|GFN~whMpu~sJDcgs(V2Hq)&t4EK{`bOYd^d$t;-Vp0qHLZc#AqcKzh8Dfh5e$db#yqHNAkA3mmnF~HoV}?6Y
zt1#x(4ps;7QZvIfOMRZ>0g#~!ighfjSMl?U&HBvCIULpT9D$hY?6yt&Gi49zvHZwq
zPB**p#q-rd4$btBKQIjfjb9qI#!rq6N^0e6T0k%c!k`A2-M|TH1UhWa#K%rS2Rg_-
z%ff3?>cEs!*V5@VQpIRgLU$m04YBisUzkzkO4jawSy~YB)@2r6#twJ1
z#499u^UCnlA9j6lp}hnrA?bjCJ!~MkHC<{G4uO_dl3**9d{qtYJbmZDmsKVaVIYil
z=AW_sT%>Q9imWyZ&^tPxJm8jC}x0iH(pQoLVM>@==MV
zv-r(i?1ux2LPZZu)`~|UCY!?3hCoHj^i!u`55FAA;5n-PdF62+wVYldHHf4v9X-D7
zeXa*@Dod8SNyyy-o9*DN%`csI@sbbrQO{zOEkvsS1vFM1vt^6D1GI$*^#(QxC@3Dt
zK7T<3C?#k5yV0**ukb1R6vl?!XqFED@|xWz6*EmmB2W)ZV|`rM4@#eE`DFf+lWZ-X
zf_TRQi5#TbWd3>Y!q`z8_m&C64f)&JB|hqAI6&D!F;QR{2wkx_ujpKJ1Nf5=Hm9e7
zPIpJ1+=nHKitf_G`3%mP1Q)LWNH4{oPd*K?vEaz$g2YRgrgL6V_Ef&%uF)HRBmBR{yCNc`_MPhtlvFb`oz`wUa|
zT@5w02u}V_K47!`PE)(t<>9PFBmgwx7!!mWhEc+9t{*RE+Q7OCW_r|*KpIM9!Xxvd
zeqe^b=!y}8)}E|MGTem^5gY|vAZxnAsULmwEQny^C3RYaMo;K
z&osCrpDfMG0}YQ5GJx_CnNZ>P5h%{ue&yKT3iI0nvZ#U23STh4CqVI8kzdaGk8q!!
zK+xwi0csAdyIGrJ8VAkb
z-6aCcfQ*eQbzbF(%HCn%Upi7#G@B(9BzOe6Bi#Csh(8NcD7)+jb0*$R{d9;$E+X)y
zVL)XBt3!3=FgCS<0ubSYR?==({7ZD{1wg6Yvo^Rj_C^&t`1ZxpwbNosP
zu>b^1^V{^0tH=jD=`Il5eVPttAw@r1(ip2GS;32n3i%l_(cUjVP!_cbOHB!3kMXjx
zxkddNR6YNf_pyIJUl@lpfR|=;WXe540R!Rmg4-e=BQQ&^iSTQ<9N?RxGPq
z5Wgwra&O80;Rkbc`?{2%O3s})w<6`6U_=Kkc7cxJi7+=nKAkZml-azdOGLsrB^$e2
z6g%pP>+H*+jFWW0F38S!!-vVP#NC}sJ#V)EI$40>``sT(#{M7@YuR`b0^iOC{%y}1
z8?vCA;ZiW+wyo1pBbcd&FO}lCLz~Wl>!Lb^)TWv58_dfWH$5{~}t2%vHpWJrjxv;npqQ#KANoI|405Y(#S*~;?86!@+a?UV}Uci|u$n%XrShIpU@N&x
z0~fc)h8G8Z`AG5YblnwaYx77}CFWOQ?3jEv)YHQbnR6P%&<{Xe&6|phZyNm3M?Ip{
z*pGAa$)?pQ%GB(}c_kbZ*HnM1C!|`yN9p58F9@MRWm8_3?lssW3kuAM^IbXVvj)<`
z!`Vtjayoar8M01dcSeP5VzsS!B4lpscy`f7h8LWakgAt5f#g
zJIri3g@~hFRG?|pH69siCFE$DgirgBYYgB@zp)kjW0-&P`Brws{G6g{84H_))4-a{
z;>1x76LOqjGgmW%%Nki|D-UNrD)JX`Dp?uBXR<1Nzi&b0tEV4b{8eM;nsZ{q0wJT$
z(Q+AC@!+4>h51iQp}yEr8pBJg5p%2^RmtqR5OU;!5ORx?q@j<^m!3WR3^X00JM-v@
z(u0co65g*iJC$ugbFAdN_$O-L6>^nLyI&0hU((x^(
zpPy%75Dv9$+fZR0#&j6FVSnBKW*=IJ?}z**({G^KgMd$UpXXX=6^DRWN8ksotCe(D
z0&%uNf?Bn0FMRsK+CfUg#AP6sTDq%Nr~*nH6yI_)#_%658?!s;7r?JGBCb!c!9&nvJQ2vtk=;)-AM
zeC?iwg!9UQcUoiSjPb_3$T+lq??}+=V0dj2P3d}`$5%dB8jTY-(9U@@gydiDAuFl>n733|>~Ia1M$Ec_sBX+cGSEQpChZm5{a_lspWw%`PrPCpi3
zme`y#5@76n`GS7yk!xzzRK5e(UH2?_DKHrTFy)Zwxmm-rT>QumZxSL%!(mEP)ngHB
zy_*58>MvMt&{)h}XR**!G>Lm9TBWL0JB{~7zxS7D>$(giA5vLD&vk%|#AIcIqzw#NFAG
zj2-A);aU!2kk-VJ4!PMsZI#VE01xYXP(ew>za5=f*sJ6E{#KG~P$~_RqGFvm?jTz$X>cV4T0ItSG2C)6}
zEe2>eh&+v(UM`GeXIHVac)EtDsjg=kZna(?CeAkCoAy&A6>A$(5#oN#x(8`vNvG3>
z$FDg?nZD?ET0Ut`0V-p&nibS*_Lu5TXt*m7e&`NeItl1O1uvXw%U0_}T8>&=?7*MV
z2BW(qT}3XY!0vZ>uGje&8LQ(2B_Z-j^}vr<{Tp45cznKxLTr=rrZ6HF+ad$fz=A@8
z5dLNzzNBlj#Ar}52PTJAR0qUPe5B(VQLe>o$o&~t^N&}vuctdOJVP`Yuf9}+>A|iU
zUa9E={vU_1yJ);uRPYCVjR6L@vH`wz_ZtU}itrNwlir%R`!MjRl}ea4KEHvG1>~fcf#bt!BpJZG+
zT#}kenipUc^%WO~nZ_XQ_S!}kSkzatJtallfJQI1sd8(R5Ubkis1p*DZ?=Kld4`Xe
zMKE92cWVaVVFx0HVu+3(jGTAte}2HFp=;p&M%j9DW{VqST7?Y(I~^{-AkBzPL}GgX
zP4KfM*(u%}qhYE}QZBafWoLIa@|#W*_GP48fOnC3e_={#OilHhPMd}k1jO6?tG-_e
zm1njfn+>lFr~cS!Yjl#2439HQT;P2MV~Q&bh@qt92bJKw`Wa}0^D62s`JgVk(-Hv-
zgVsS{HDQW9eu`-KFz4_B`-KdHL-|QOPC-<|trU+}B3{}Fq)+2ecKNna^Kobi8?}<9
z(39FC8pc3eek!&X*$
zXTi812toJP{)|HGy(S0eJl6UaSn8d@r@yiADNIK{I)xOY_%AI|TFhO=CvXTMLisY!
z0c=1%aIX_0weC;e(}ZrivT|0tH9vAXO1Let?;^>|)$;0DCn9)3JpUiTiv`!`(qfM%
zB33P>gpsWUn(FSyp=*nHaR4GDYB-_2T{;shPga!%=kDiY$I&%T%O&;K1iIcL{bER@HigT{!+#PW+SoE~7p-Gbr6~td|IEx&{Ey#z_w>
zF`#UH67RC-?uvYyPND)Zir8no@-x3J7fpl`%0>kJ}8EoiAY74
z@x30V(ttqWd!&_wY4?5~*{^@rblq~PsM>s2
ze-4G|*O4>G3&KyjodOeeR}zywqwJTpciv8DKUtG+j(C0gjZ2|i0Je4bGJ7!ARim+{
zu0=noKNLD0-?)mTEAT|XQD6iYLPJ^l+NN?77UcW=2i!^TYETW6m(tqb$nk=@>n4MI
z={LtIC;2A;Go~S;P_-u~%Fq!O9KDl3G;Y*HeiRgYe246(_hDUCg&sD8tbw@4K`utE
zpO?5AdtJZ0@V;8-M5tVz!~D_(N;fQ_Vs4Y5X&)l+^?1-|&7nLT7C~kp4m)eFLDl}n
zDPp@~fieBq9K2kJo*v;TN(FTM1^ag`idd_Kihw(SKXu!nf^neHCYpUv{@HLvSI`+p
z6fJh*6(-?!d_z{2sKRM`1|%%dSV9@!^aEd+tMU02UfY4$1DTaV^(q_UmL(_bhNaLP
zzyxfx_vd>5-3&%eP=o`K$SX*r_$gHVoUGA`49H59)HGhzsfWoDHfIx|67>&bc%9HE
zn130xEKHb31k8g4?q8xp2a*@`=TIobV+?ID_zXpjSBoFr!6$?}$~!^W4K=rB7O*3b
zOE)YPgi#}#wnvD@0yjX}yJ+nDZm9=V{RP;?FFjJ^TGypC=JFkKwA`t~#c>B+)R}(z`KVASpj)1?VKrw@&JwK|Pn=K)93yB-V?FhHAMTUwW#g4u3
zlZiog3Ei#!sR-e5FcT=|aP(qh_HYJBH>TflmYPsNXm6VyAn6tZLeQU@aU#!+z!=##&4{p?*grTVgT=Sp%t(0+a)*nt61
z%~rXdJp|nV5|_FTuh1VS!YJhyX>|ev?MMSa=2lS0!~_=^$aCKrQ0f`8*rjI#8%wkN
zRZX&!$5t<3y-}3^kp6edpLlPmYk{e-67?}x;&x^dhI!TpHKtr^O=7}{{NUU#3Gs}x
zB8*}jyzD=oDk_)FetMTTeOyKiL9Upyei?EuZ#DN#=qG}webSjnZUo8QxGWsjpiAiU
znql@556Zih6|Q$2V)~h^`OM~sxiWw{6`~wf6c=*CH-4Dv4~Q9kQz%~D6`zSM2E_+c
z1pz=)o|d3o$2iYc`PK@s`S~72m^>%w@rRD^SL&Ud|DxMM`FJ#
zWZK8^cfNzG%nI!iL%Ler6pd&s{`yC?nD3KMsVFxqlw7(F3<++M8VG&duMl39ZzoQWuxazbv?h#
zyQJH$|MGF1&UdiOk@%`o&N+TvG$mn6^QP_@;g=OX+kFGhs1-eNAx54J9gOxBB8T@92jY`yk
zrNo(KLiPNUx>Qo7ahXieDRX`vQ-j?`>C49{kZphN2G{T*vPEyc!LJ|K&f2k1{KDU2
zUY^Ys`^F;pTinEO<^A>h_qi(w)0ac=+JZ|+b1FVlfL1Eav_cKXNRfsDzZzS^3nDb)(t$!lIH_P+p?56*O2I!s
z3d$gIvB7b#ilVIi+`55wu(+>y3on;}b}V#b;lb=m5tup|yF6rs1HKxBL`ca!YCgMo
z?Bq{QT`NS$wiMj^Rc)v?xg?3o+vQPKjT#ij+9Fcm>*Zl8O1&0eO_ThzOBzayRvnEW
zT)INtF-c6eR6;rrM+hzfApY!&Pwbq=$wfrht7V|+5F|%i42U6XjsN@`k!u)}%LSXz
z{D#ynJ@slL$_=pE2-$%4b^XR7?%l2GrbIaQtjLvPX6ug>D^*qh
zOgF1sZj@rYSRd6c{&<>2MCbzw-s<1ynGf4k;Dh1FG+l&pfqG;04R{&Ofh?Kd$}*Pu
zTA@q;&&aRxj>Me1mGth*`@Et*Kp&UB
zf@$rY*@1V|nrswQS39xPyK|_Pz4#Td9fNTQF&!D+MqC82fwLR(CRi7he7z+7b(g4F
z(>|DX!nG1j-9$TWGlD)5^UZ3RCs5_@<_L{#>?iE4YX%~BJP{xbCLhva@=m*pwicvw
zmsu&zZkvz2>G6Nsp%v_*U%F((R?LkB?5#95y`%(0Jh0y)`{C)<5REmew4l%Wtx1SW
zwAoT8GSPF%lZt+2(Rjd*ky`AfJ`x^h_`%V5cnxyU$Bk+kA|jH^O9SyMuC$VcA9Pmp
zKeG>9g1c?f(c{!E*@SvAx@cewD8xmHI{4kNCt^SKrTuvOgDBkh2|pO}2oxN;oo@_?
zak+CKR2*u8Lkpmd@Y5@@Q=Nskqa=pG18Z$pkW%$u*LJ{JJ8D85d
z;#sY-q6>5<^rJT)87kg7vbu(#^1q(GtkqbCa~O$1N7vXdmU4olzgTx}qH0YNo~N
znMZ7sK?=8`vBwWo`)27SU!X6KQz3u1#nju@w)zP;3kM)(^uVv5f2;BVR}+}%&)`AR~2qADm3h7_SAGEVD{
zaDUHBLKd#oAr_4tDz#Xf@d{X=XVLn>xvvz!#|d)oqZ4tyxjG4EQ#(}cFcn=RhS7tp
zNE)VjblpaOQ}K`cGJdm>{f1bd>SpjY2L(o6WD{=ix=Y(O`}xi92xSby{g|=jMxFY$
zV7MWJ{U00mugi_R>H1XK6Nag<`X=|umWhcDac4OGFoC|%s=$!ALBxlpkAR6SO(mjB
zCCbidE8U+24W`E;CXzs`_&D4H#3
zDL=d0RC(_erJtWTfQLA~8|=J&ZEBT(@j#EZ&nzPTcjr)}>yO~bif|_T4{~R_*9J5U
z10f#zjqkNXe5P4S@5y*?^eglI0uBdNOTjXX+>Yxtf*VswRwns{ejWX0q_c?{@JF
zZnLcKW_XH0#%`C&Y_=r)6*-1$MgQlHB{3sg;ltbTRmPQDURT|W?Rqb6I>`sW*Uqb-
zjEvo{F+K-RJ45{h%Rc4PxTlPt5pQ_0HK>HQ0*hKd>Rmb2#QCVb7}hAA04q9nIxBGX
zvof5HkPZxrh?EHfhY2rvV@G}2XXI+M=^_7qwR2}!_D>SCf$~PTZ<6vwD?+m|fCoMUeXhfv7Q-p6c_B4m$5X72jR;s;*P<fG=enCeA#p4*jU+({DM%i1pEw+|Oe0@k
zCil2N{@1SeW`N3ipy^&rT3CnPf3sjjr0wfBsCOE2J2qzNwDDVTR389Ai-@V~1vLK*
z=u5Qj^ar_yR#27?9kX}l!8!+nLll&YuAu$`>Q(|Q?7t=_-^F;47JW_74L$t-J22Zp_E(fuf;ZYEkYJgE
zZU>Ud6)GU^zqPjS>a>{$lUAe`+RMF1xk25Si=k5aq+|pS-rFl(TDNA|8;k&R&4`WnR|r|Fz$(
zvD{q#uXM@*w5+ZdV_z1J(gOn#R%`2QZNe)mj~&1{rFI9ADUfmds#`jjZ~lq{^$nVU
zcDz?=YiYv+MiIGAiZiW^Vjuh;pqvF}4#@xy+Z)wvO%A|ehb6A=WF*fN|B?{#&jA1tN62)>d{nQ~kY=J}EqJqqt(cq*LpL
zC1Zp(Aw0+`u&r~q;Y5_@xwq-x{rKl#LdboPf%>1%^98TngBLa-27E6#F94d==@Ak$
zpwrCvG7-8TkAwh^Epzxd{P_4QupAmDiy#e-NM&scdlul7s_rnb>kM{g7OD|D-R*b|
znnIyWb79eTO=~`W`4s@~RRHxA>0}zi2c~BE5jK@snDDBH&Z>w&y|@%$TPfgqsk1E;
zL{H}>BZAPTeqZZuM$@&0DZhBqGt4aw1_wZ?xoRU%f8n9zpiAZVd{TR<;8*SlM_;K_|~__Y>Opp#9fu>LUk800Wd4cl@OW-BNc`M}h(YrYRY&
z8~TGmYcHIekK(TXFQ1M}`;s5YsDAD>6#x$$QrRjE;wsXr5_+W(HmgDb2X^Z-6dnb>
z0^L8{a5(5#Wq#aPC?a6n?g5hh>hZEPp3yvDB{fXQn_y;N76FJ*Q#18>UgPNkV64st
z^87NNT1)U9SwRDeb;r){(T!+D
zd5czBW}CxMiMjOzkNNQxEgh@CFy_iSt_HMI&o9r4c&Ahe2MWYu9fw{f3fKjHSmVrQtD#woKgXBoCOF#@4-u2Jy#Gf
z*Yk15>{0SQ{eN0SA*$>9hDY>gQE8sGf}jN#2S5y7Z*7c>=>=lV22jeDdluemOssf|fl9+Z^85Ch;}ZtDNUqW7CoXcc68M
z&PN`MfRF-ebpc*e4-{ZomjASK70CiQT=@@WEKY{9@t~s6Oa6j{9F^A@=&w9h*9*qA
zIVhO5{ikL}_f+Q_ave4r^)8&MK)DLYkHZA(uu%VG@8yc;p@wwdmN}S0Kiz4(k^sQ`
zESSbN`fpU(6gUQ7!3-=~Qc3l@ak(G1g*qTGP|BLAIz7Bz@tId4hL*c87euI#833*Z
z&nMUvFztWn)e|YZs$S~z_=D+j_a4V)ITMu&*oOlFf5Bc!fZ7?M(mYTwhy$s9%$_6#
zd{IPR0-`oSbnr3m3un`25JlIVsbS;({?cL3sB>wD?USDTcq<I1Bs)9)(!`+wo686YEw9
zR2oq6IkJ_j4)l_MX;*6vu$V904kn8~ZyQ#~VvLQFf^9)ycWUW_75z=8jhUzhe-zh1
za@)x3HE7`g0w8-2C1$;#2!DE~m3@>Ji~{WWPR0GD&eot(=oP5d;o4{WUS9@^#9fA!
zd_g7F{~7}0JujNLl(Jg6u0ur)pY{Wu(PqiwRTQ>Tpr?{PZYU{|Uk72#fB5$+UnGWU
zTd3(Ol+Jyb1+bIbu_|%qHIr~qE=zfI^!RNT1)K;JGJXS1%PoLxhWZu(M+^=&)Fj8m
zVs&%aDHXEb05o=11+;V?u%?LqWg~4q^Dw5m3y2H<3<%
zj-T^qajR#Bv>*<$&_80M8|by`DImo*3RPQS>`WGA>}x`3V=lF+txIRSn}Si6fx|b-
zK@;P}r7l;EJ5Swhc7dVF1wFD5`8`qQ!*^Dh+4=^ok=f={0$7|O<~B77wExO|kh=-a
zP%FmQ241gbI8iT9>Fy{Xr$CjPH6YFEzb`nY&R+@pIJL@31+30|QI|ahf{46!*P$ku
z+>^~64CgR;;0aH-xU7#6}Rz`!~p3DNb2kDFEi+}>@wc#vEbkJ@q
zud8rZ-^gNWhUq}1IqIqg!2iSl+75yQg
z^sJS0(9EwEB>6xW5E!On%e5qv&oeomz+5=8e_KMLc1Bgd$J7!cccDoU@uY;N+SOaa|U#4zevQgeX>^&Y?-ah^G)0KTn3?
z7S8j8uVx+AhL2KH_6?W9OWN15#)C;
z`1Fa=t)v#5g&?0tq*=j)It?sI2GJ4tP%q(|EC#2v@?PnX`(l?vh>Az`Y*uO6$cSt4
zY-eUhGH|H)`|llWNG|oqv)v(2%$`~GnM7(dP?iLqDMUtfhsVtu9-Hu+QNBP|3RSe4ok$l
zlWzUv<0)sCUwzqZvGNN`9o`SAr<*yeG?b?{&0V+953dU<)o|-xcV}{8e<>m#7<7m~
zSDR(_sfo+@WQ7F?sajN?sf{!&PT(PuBT4Z1@$kS`*)rWn!o^e6_iec`vzi~wBGSK^
zQXhZKz@y0+;0P}=Z`}W(nRd-$!=KWxd^{*kEOeHu?}cKSwCkx!<4MwEHj27HJT=rqnlT^!^Ty`wqvtMf
z<=9tOs2qp)D{}E+Erm}0e^=8@2EED%3ckX7(|r}*Z3;ZH$S&d9PT5e{+wdzlT2f~I
zihIdB7%Pw@+^Fy;EyVc)W6v9m=<%w+{OSsBv;QpTJ0vjhTlVUr7|RWOTl)0a@iOa^
z$K4W<7zwP`Ls9<;rcYS_Th5xX=@(kGEtK8RT#ar(IV*H1X186nnx&
zzdads@4aqB*rrCtqs>BYYqdzVB3nk%oW?w^z5RW#9GCuw)pavH*kZp%)W@r}w9!u6
zXrRy&zE>rv?9g
z3V2BUdCk@6v1naWGly_5Sq@YX^Nxfhnd?-|5h2OSCuh
zI&bMG7PJ?adq!I!qItxBBhl8kDRqrYhYm!pz2Gc)v%_ZQn>s{X7WaJqGJ5C#aikrO
zidkc0NUvwh&97MGg4?kh!jc=b@hx0Ahb(`{5`&~H4@o5EP}=f~oBClHK^Q^2Vsg4C
z9G%*Zqf)DxkLFvtbK8+Uv|&voaEPCX7{#8cs1$%V`BUZzVC^EHhXW;`0~-E68}Z}#
ztl!KvFJRrZ#LV5>xcORY+s8a=U^WVqEgcmB#S!#(mF*$YrA8KG2fJS=6v6k_*l|}-A6k)buz+IW=s6;56cn*Va|%kFN4Z*
zUXOQ~S#OlaU#`5Spqz8tv~Tb3>i|atI#OUnk4a&&jmfnSh`IYRFvky4Gs|7@rqPn8
zoLr*v_97?sq3u7sJ`)E&2)^_QUK^3=rj_dE=NG6tBE$B$;aTmLEvk6B*i?pM8cMH-_94=C-^R$N2O8{#uhW5y0CP6bR~E
zcEfv9hR&UCgi$#;M<`&%=VzjJQlvjq=nL@9lwOpzHKvX}mFngU$$o*1%RXbv9hIrb
zA|Q>KwJbI+#r(0xJiX+VwCd$w>AoXc@_RgdC;=s}CrMnr`6d+7V(V*(|Y;lWx`iInCOXT>hyK=K~fm1|WtgCY_cRX({1{oEV
zUrj-mLg&;mOrCI0FvYnaT+bXbYx#^v`#0w9nn?Sr9ljlTxt;)59L0IXISJTS>$yWQ
zL8D#$o1bj)VHSVOFF1hxL6rC{UOV@^
zXrbk=3$ze6c{gNU`DYs7o}Zm8J-nI__;l)aK;r=u!!J3}Qt?~MG{KxCAA(As6;x&s
z*n+V!Fo3oRv+u64yBOMFaNn~>Bu`JQ58%hWn*N{LIWo4akMs3Po{C^)aXO7{WFs=V
zUR}pHFlqR~GMk}by*JA4SHSC!u!@nbCoFUz00Thpf>+>RsU|=8=WZa%*bG%RP
zwF}8t0gle+Y)&%NDuci_uLO=5!7pNpeyC
z@wWQGXPg&<77Kbf#1IA^C}->BgB=O=1IAJ?vO1oiqxox6!w=|E0$8EJiw%82B`jb#V2sZO#4lf$M&DGLY_sHYq};wpD1P@a6X3Xv8v#K6V=^-6ZszM_hv*6
zX^73+2tatTJCL*AfVBYKn-5k}B&^0A`FCZb3sEFxbEWt`7>OAnD4apwQW?776=<9m*9o#)f3YVUWE0!xo0K)`{AMJeU
zt1K}}-5`P(?07{{n5U$Kd3%|f)8Wias;-6ZDu@(KEP!bVR)RbkFrtwcicFn<7^}Ya-MJ?iTq^mJ#ISj{ONS6Ul^q*
z?L!3a!{NaO0SyQvrFbqS*2^ju>g!o5o>$wkv)s;{?IR-~v}L{)mqM5T#6M(rf`b91
zv+_!#GHu#obu*NO>E5baxZWOl<-+1(c78q84Tq80at;p5wZ~z5BoicL78wNbND~Yu
zBoj_=y!C)CImlr{bzw7fqUN!~*TY1Ak$lip@+CBYj*;HtM_tocW1z6z9oDuy0fN2#
z=Q3Alv7i(q#S@;`_kB~bVDe|%CEi#7x9v!^^L-(X@f6z|c1
zw{^VVlnPe4P8}pZ2h4Do10xVF6TcT*R^?QLmW&KdBt1Q+(r-MN^z>NtQJgS_4L3V~
z|DbyDD`cN<8#cf6gm17r3;N7*H_b=e!RY17vY$Na$spEF*d+Fs&A(MM6%p+3qw~#y
zF_%;+R~JMLxWl+M-1fbe_s7arB4Ch4uK{y$En~TN+UvI9vDnZC-GV+({>Ea7h
z!dd2Fw6{tjGX!Bv<_D%;%Nqyea#x-LKs2^HJNgg1(tR_S4GAl!$&-}&a#f0(hFS;|
zI{p|aoqc_i7W3nn`jHwkEOGMp
zqKv$6x7L{O+W18LeNGR?Ui3vaTLQ42BDLdZ)+M3KSv)L*?fmms
z(rT#2E`9D~k5OTlkX-BUI{bj)BVlBM{pq%~R8b_`W*1c>c&5_Cc73?_x@E-pjRpKJ
z_7mfZogW5GqqmKcM$!2c}|^po9i30_UzilVTI_o=GesK-Y6yEyJ
zI!76{QC%C%i_$WkLdu_=vViKCvHc;oeRq+UN>p@p${B?`L0DJL*dmHNn8>?TV
z+aLb0)>H-nUOG@Nn)r%YuJmZ=eIlP~S{E~h8F#o|u(_Ey6*crwT@#b8NDiw+BP-e8
z_p2oRDe8NOh%XMOL{#|3+e{uIA>;y_#_aZ?2rx!}(LdRsSE%TqNw~BiclWm~_TJ9W
zr1ao$^drV!-7^*r9ct3{6#YBXrl0%`^eBGxhGa#r-OR?W{723#u
zB1rrt^uP`UXd<_F=3N#Nqi;>_TWy#Gx9w`@F|pm8aX+C-{Q3eeN@OM(Mo^ATK-~i`
zwsM6;-q}PzLhvX~Mm3TMW6deTq}xH&2Le?!ry@h)kCQc9>7^j}4#0CG=gFgJgnU_|
zgyomEmY=;WrQY`sUYmS=H3M|+!J<4xatG!u{rulfwQ5}3r$QS)Bhs$EKGL6}Da=gw
zW?L;mfRjURt^R$9l4R141uKJ#j>*Q}<-F-$;7JZ(*&i56_iFCbGta;=sGVxZH*R#uomt@5zYYht`_o$)p!(zp0U;yz-+_%jw=VA@S4Yu&_rs%$}y}ekiNHz_=9za7LyI>=`BHaWUgsn&6hGY0Nj_~m$y6Kxadoe;va6YuoI5F
z2l}?k2L!y=w~E7)F-4;>!H)w3>;=_Vq6^-*3i$Hkz6noe)=
z!8Lh`hkYeOe#ud$7z8|1WpDK?XCg8rtF$?Wr>!ob!4ll85Pv~hrdQ+GtB&la|rOP#3xIM|8}&p^@eA%I2{a9#kuW;SUL
z>>_&Rzvde5g9wkCA4U7%s=QW$hmr@2YU;{O&3opNRNaKJ17LWpWFN>w0rkM
zIQ|ue@g0Y#Co&>qm1)<*(_iG`?;l|CfVC4FbTNP_Z^)SgLBtb2;05nd1Cyo9=}k-f
z*z3y#j9seVO)hN`LZVOXH_&7V_`tP#dT>l1`Dq)e@21ns?bllTz?iQ!O?PYPq8BUC
zK1}u`1s~TeG}MX#)kJPS9TUdaZ#|On>aXfvUL=S9!k<66oWHqjlp<}|T%LSA?MTi8
zS)A>N50Aj$kn6N(|HNA|c33dIX17ddL>n(ENR52i8mUX!$5@H`GbQcc>U8Kt=9%1j
zHLt8Mmxx$qrh1*kQx06I{z5}n@Fh?8vlrm-m=gCn-q#?;K%vZ+WN!i)UmvHH0m}3n
z@lGIe7+$;s7_%qEsZObucH_AN0{eYrum=sBt~J`J&w-|O1~4NK-^V@qIpltQFWms{
zL$As2qDA?A7VF*Lx-VS@1d{&x?e&%VfFJNTZ10nQIT;TMTtR1nop>d7@XveMa`Wf*
zcG`o$DsrOpZK{A2M;l-VMBD&BLF|aOTw`r^{jv4X=e6%3vKUM=&54a)A%Rm+hD9)H
zoUeRP603bJZ94R0jrQ1%Fq=-x{Vs2Ot?dF|78JYpm$g-sJKtJ601C6R%+&Q=XECTcnbL5+(+;1oHQ|`nDsz=ru!ZE|c>_m3$q>S$r!~lMPkVvkWpgc>J9<
z=q5yu3Yz=K#a$6AdEX(h+eh|{FaeDc^Iyu*ShJMXbT%xX&hl{W1Txolvoz?-z>WfU
zs0T2Id|?IEAjT9A=q%0a$FnLfqg)x>AA)OF#n)wrBl+Gf^3bvQpmWOKPllN*HWLM(
z9g;xYeO6{xmo*tVZZ}F{oy;PHC%&`y7o;00W$}}M{He(L~y^^
z<_F(<9C3SdLKnU^>Thc8j&9zb2>U0v$?ENS#9Exi++kIHm>S@*b)w0uy(VlWemPZK
z3+BX@AuG#m@Rj%8ok0tGGdtVbX^M$ld|qtUq$I&EjwC$t<-ay3s-7?YNDkMtG&)l~
z!1{60LdB~-ffQD|6%dlgC%0=>t(>4mWw$OrY_D+Bb2JA;^vKfj2*5x!*6l92-Rcnh
zcZ)J-1hi+3$BPEA?!IKggWC(vVPD5)brxd-h5i>taBA~VskMdaeS%Lp3p0FfWbN!~
zOPjb*9+&+6{AhqeV9_aBE4^;x>w6bx^~sO$n^_WMJ&e=+AL$ruFaoK3CUTWl^T~eY
z>8(HvIZRFe#PHJ;gENEwq5XzFE8)RQeoa^XnXC5^h6SSIh1vDwpE3r?pH18pel9U)
zsZ;nrTTid$70O)~6>j|i!f=8VW1bIyTL;m48#m(qxAi|QGvJt*sy(hG0Q>c3#21xl
z=9Q8_%4zHhYVRRg#>LAaB#jY|?y$bvEo&nt9R^oVwGTAaHKzbj!*71oXTQTH?~
zeejoPU(hQ~DW}Qj%|RZQpz{RF1~f4^z5Y72mlK(kqOMRY-URpHiKaeSts@b$@a28Be~6kV!oA60AtgBI^lg&sKd74YyHPl*%!SSy|*qkJdN{Ve{y&~(el|?@o21+q+=SEjRdR^
zpa8fJ+CUZxA{Mj)wAtF#FSYl)}w_9|f2NlR-(n
z)^1h`AtKP8Iru$5ba!o?Pzs(Yt+ep;6|Whl=f-p52+}3W*`YPeAGYa*Qi%@p1<-xf0e8((=@
ziBClDeRBCL(Z=e~J8bi5LcP3U!&h-FL5G
zh?@+C3%XCw}C;{qYF>9{t`a|U3bY;BmzUY4mk1|aE7Ae|>
z;|k+VodgeRmL_&ZKWpb-d!$ZF{vNj>Ac`SKujl)kdEH*VFq-!;;2?+MS)CF3!<
zX~saED#-Ub*k{IX@#Tz&|3peS8S8sPfk2$8LK6ktMlNvrnNX-28)3q03OIV4s{rtg
z--M&+bey5IYL>3?I=HdP$_`QPSp_{2kdj_~ep?v8GsL>oM~zPwD(d~|0GtT>wqIuE
zE)_;F9;rlCqwWf`>Mxn;Bg++h)!nbwU0Q7DtjOR{vI{7%ai*vzYEJmJ#G-ZvI6Fc;
z2A!+&6gLL~IJZB_mRvzXh!z+sSU9gL&3H(LpG>=Gb#8a#PpbI)JfC)OFb}fJ^G%s=
zk%kb_WNtW>v>=8p`Fgu`*2Zxu+xja>1`IjVOP0Hy_{8VCd==LFU@)pbAX=dG7lln1fjH%&*{0<|nD
z*qvr2UUAHHVXBGhR*Z_oTvh`Au^DT>^k&bl2iDFkIjx09H>0
zvFk0jTXUM)`cmo9i52KCVT-xmlt`9&V!pQ61t2+j2XjC*aGMC+m%9bFx<5Budg|#{P$mh}Q
z1LG#6R)JJB-FA~Gm@Wm?Cr*Gd?9&dp^ca{mEOZSQbd|2gHmQtDP9j(Rcxl&
z$t4UR|BB6Ol_oTOF2BOgF-XeeIzy}OXGuL%ELR96D7T@}Yxp|x?^SWiUUo%wKR~YV
zx!HJ_%jcctz;J!BD1OVzF9dOd{O`xENP~3oyR$c7d5?=&kv=vmr=R$MA07>~&yGR12FjQQNkpBAv(M4F}y;=aF=pa-7Mi`B!ks+RV~=n4@q
zKfN=`=#^|nxX2n;1Knu=M#z7`5%JMF#5;b8S`W^lC4)zS=%PAQ^lIs|A2
ztr(ugN&~o1tx2#a4kF09;cgh>P5GD0>k?eFx@pQAkZUwWWLyZ*QWsn;!?mbt(_~DA
zs(}C+?TG)A;(7=QMLiCr}ZECg)Jyr2-uHzK}KtB_Cf;sJbW?DAm(KhOO
z-bj#bj)=O!r4y?}g*J?n0_XMpgI2tCq&Av4kpLt}P2n+%x?uM_9b790YRC#UJW6I-
zcy-Z<+N=Ep&o66Bdr`vmCT>^z^H3Y94&z!fh^yWSQo=z^^M{mr9u(@9gAY^Do_lXG
z&5nU89iJQ#rgoBbjuZ|(Au0RQPD_7+jk*^F9HJXQDbAqcHY|*Q+9+zXpP<}6;pdp7
zbbE@S-sPTcKD$y3mLJ(L8?pztxopJ7Hs+Ov736zlQTUY#fPvH|2GlKJ{Lv!`1Q}M^
zk;GN_;8{SXm7!`v&>d5qeJuJ2Y>jo30AKuskqwZ*d=r{)prVlxKP)yOhZXr?M>&=5
zADX2mnc$Oc7d1`~E5mA$$W$t++FSz#3Mj{(5REwEx`M)+&{kA^X0xYgw`wA=RZSwo
z_`#mvdPqa9*X{E}CF$kY)(~2;C@pC)G|LSv?^;}PYY6s<0D?sl0Tp}@+{k%i)1e3l
zZ*1e8CW%1XRXlY)Tz%nu4R|Wl?BB6au~2Y<78tQzPHuWf^|
zYL4eRonFU{c+ibmyL)!=J2OG4fjv7z1YJi78Ti+3vJ&6y8f$2cAK3VtS18?a?MD=X
z5$n&uOLd;RXG>IY=@_{*E3t;DDLngk1#d$KL!+BY6v*wm9vq1`y{L&6mj>Si|7A5-
zg~f{9-l-#OVP&LKf_#lRC!}YWKxwZgjo!#$i7)KIf%4x<@O7)eT{f^LJvv`Ni-Vr>
zmyExBv+YBxD3T|M%{fz63i5w~@DEVPY#ZEQMTvXEX_&=MM)0LEg@4QnBxL>@E0M%V
zlb1=#y5KWn*%`+gz`9ajR;5IE8Vi3sQJy^w;gmH!t0RYlkd#_L`UxTQL@WzZ!e4<+
zVcc@=ZfEzp^b8qDd7Q9;GcNm2O9mieH1MqUx3$v#{$gGI=_Iip6eVO_r-aKXImPT#
z7eR)l7KuXXE#N&9>@iK?ktASZJm1#RCzd}8T3FEH?;YrC+2;S@cXC$ec)qah1LBcABdYQsmipfwjR~;%=daRQ;`BGgZVHHG}o_9auF=A
z{zdUmI?bom6dQ_ejGSt3upIqNE&fA(ze=!N#PJpyjUq!JOllQfK}-e{QMMudqY-iD
zC(T2}Hj-WoKB=r10kX`JM=wnn{Z}U;dWe@mrQkj1xPG&+Mb9&z{1w$k?pkJ`LvvIz
z_kX#x!M>?7z{J`9
zX!Mv!d1ba@zbVq5<1MjnD{vBt^_>~S%1g^u^JV&KnWDDB%mde5`*60X4|AI;h9x55cm7FM?gs^eV00vs?l#y>P45G|3YRQc
z{L!h7o=w)M*%a#jY7E&v&?T|B>3#x;&3&QQ3jf`*Y)6FcCHw7EF@GTpN|@xOu8y^V
zqXui3wVb)*&=)^oy`c!x;p=`rb;efsn#=3AlP<>OYrUQx!h)^biiWztye5Mf2FRj%
zAUoY22L-Wb{m7GZSaoi;VB4R{EoXvkI*s$1U+fqFx7W9A#_C&;cosc;*8%Vo;9
zR~(Tj|4mCNO9}hDEU5nEw60M*=Uw2^^9QAcc+0|1nN
zu;ScK4CbB10kQ&@LcPwPR=Eu~M1m(z5);?{)qgS5!b}golKtFq2@l4jZA_efb=y}v
zo*>xloHmhRiElrq)f9`qWXl|QhPS&vdE%p5Yi)i*zJu;I4EiE7+NKQsrR|SyG#^Iu
z^Nrm@)I;ak@B|bwo9|!eP@Ci@52#BYZpi;uFqUyl6r09{cTdj&QkMMZ6-b9WXJu^(lNRjK#E`HZam!PxM<5lJ)U}^<
zO?~+qh!TOw139|0Xe7&xQm8ra$s}CTG=p!uUtajLm@*`XqDq`aT%soF#2tmb>^k2jYp2DOpU-C=^P^pnDb%JAHvCBBhM(j^|le)XL$^IlrGkWk_A9L=}D<
zjN04!*?cU$EKn%zF9qvvR=O`=2!V&1aAFvs3-J=yJkrFNIr+t}Z^}jhbYw-Z?xiYI
zIO9ZyLaF2n{nM`Ih<+-eXLu+Rz>igWOwB$ZD1{Z66-Ix!0uVvM2oAQ4_Umfa-*WuSHcyk4KlPYl;YkN*B8<56jWGdwba<
z_fn#2cM&r4i!}wg&I}e`*DKATei9tMJB1O%oWtFI0v>jj;3KEM1-=2|WrwK^H6i!w
z!HJn#qb6P7%q<|4NpVSVGfQJn*wx&?*bb)DKcK+j@#rWhFSsYKNe9CiQB&Je{%BKM
zX1y`w2xHJZ=@pWSZFw3u73ru!A^!OOC7yeuFn*N^ouoeu)`se6v_X6&4i-*!#gV!I
zo(mS$u{7OoN~r|HMWDJY1H9&x+0Z7cgh?dpNogRVL2X
z@83xaY9-?MvDm76-`c{iW?ECgd```szclxs^G$bZg-#EUP);L}pDqs9dU^2;!g0`frWVE2KGA*zZOAkH-RQ6s9L>pWUS}
z0-EnPZ=iuj=T<%OfvJ9?lEmgQ;9FoxK7bI_D`^DIJ1Rd9>sM`eRy%*!_?p@h~WU_X$6!q?YJ#qfU#J9Jk@aUWOFP_yIUe2f5hv9
zGYi4ZvsTYKCyAe+lxOqUYyGt5^7KdA*;SY{Gjs*DD%fm~#7dtT!(X>JAUy=vln8lo
z-=&~<=AKuO6!8)bK4dWaCG6@rmEPTjmZ=X9!#)XU%qK;0hp#ZY0bJw7p@0Dyg#=29
z3|;5S;i@|X)YJv4W4LUc>*!+WjvsEbMS+*Me7pG?Xz`4_KJo3$mG;cz{d=G9DJ1&E
zm$JnJq_n~r;G;_!j=jpyW%W?ZJP&L?>8M$(314h`xTA0f_>n3wnA7?}7~ok*4$v9+
zpTHn1jq$K45g)4@HML&DIIny->oRpEliPGZ_D>S4W_JEq2y6L$FJ9+VY1D36erL`n
z>p@^Z{U4|mmiK$)bj+)rcstj4`y^hx87sv;c%$pZBwZ4X#Zp-J;IhFNHUtx=uvd9L
zvRb-MJ$
zaQP}xPz>wg>weuqdE9$svKK=dGaVMI1qO1FvXC&$e?h8~(>qARU=?}X)YRjx7sO#h
Wt>ztJFNa{@KW+8f=rUD{(EkrqN)1Z@
literal 0
HcmV?d00001