From b33d54d7235293ec75248507cab5563dc1410f33 Mon Sep 17 00:00:00 2001 From: Sharad Ahlawat Date: Thu, 1 May 2025 21:19:17 -0700 Subject: [PATCH] May 1, 2025 update --- configs/boot/loader.conf | 13 + configs/etc/ctl.conf | 30 - configs/etc/defaults/devfs.rules | 7 +- configs/etc/defaults/periodic.conf | 19 +- configs/etc/exports | 4 +- configs/etc/freebsd-update.conf | 3 +- configs/etc/hosts | 32 +- configs/etc/login.conf | 8 +- configs/etc/ntp.conf | 20 +- configs/etc/profile | 1 - configs/etc/rc.conf | 69 +- configs/etc/rctl.conf | 2 + configs/etc/sysctl.conf | 24 +- configs/usr/local/etc/pkg/repos/pkgp.conf | 6 +- configs/usr/local/etc/rc.d/gstat_exporter | 51 +- jails/config/atm/ldap.conf | 15 - jails/config/atm/nslcd.conf | 3 +- jails/config/atm/pkg-list-details-old.txt | 12 +- jails/config/atm/pkg-list-details.txt | 12 +- jails/config/atm/pkgp.conf | 2 - jails/config/auto/pkg-list-details-old.txt | 22 +- jails/config/auto/pkg-list-details.txt | 22 +- jails/config/auto/pkg-list-old.txt | 2 +- jails/config/auto/pkg-list.txt | 2 +- jails/config/book/cps | 8 +- jails/config/book/pkg-list-details-old.txt | 24 +- jails/config/book/pkg-list-details.txt | 24 +- jails/config/book/pkg-list-old.txt | 2 +- jails/config/book/pkg-list.txt | 2 +- jails/config/calibre/pkg-list-details-old.txt | 22 +- jails/config/calibre/pkg-list-details.txt | 22 +- jails/config/cam/pkg-list-details-old.txt | 20 +- jails/config/cam/pkg-list-details.txt | 20 +- jails/config/cam/pkg-list-old.txt | 2 +- jails/config/cam/pkg-list.txt | 2 +- jails/config/cert/pkg-list-details-old.txt | 17 +- jails/config/cert/pkg-list-details.txt | 17 +- jails/config/cert/pkg-list-old.txt | 2 +- jails/config/cert/pkg-list.txt | 2 +- jails/config/ci/pkg-list-details-old.txt | 10 +- jails/config/ci/pkg-list-details.txt | 10 +- jails/config/ci/pkg-list-old.txt | 2 +- jails/config/ci/pkg-list.txt | 2 +- jails/config/cloud/config.php | 8 +- jails/config/cloud/config.php.20 | 51 - jails/config/cloud/httpd.conf | 26 +- jails/config/cloud/pkg-list-details-old.txt | 89 +- jails/config/cloud/pkg-list-details.txt | 89 +- jails/config/cloud/pkg-list-old.txt | 2 +- jails/config/cloud/pkg-list.txt | 2 +- jails/config/common/12.3-RELEASE.bzip2 | Bin 281897 -> 0 bytes jails/config/common/httpd.conf | 26 +- jails/config/common/pkgp.conf | 2 - jails/config/db/pkg-list-details-old.txt | 13 +- jails/config/db/pkg-list-details.txt | 13 +- jails/config/db/pkg-list-old.txt | 2 +- jails/config/db/pkg-list.txt | 2 +- jails/config/db/server.cnf | 4 +- jails/config/dns/dns_update.sh | 63 +- jails/config/dns/pkg-list-details-old.txt | 14 +- jails/config/dns/pkg-list-details.txt | 14 +- jails/config/dns/pkg-list-old.txt | 2 +- jails/config/dns/pkg-list.txt | 2 +- jails/config/elk/pkg-list-details-old.txt | 19 +- jails/config/elk/pkg-list-details.txt | 17 +- jails/config/elk/pkg-list-old.txt | 2 +- jails/config/elk/pkg-list.txt | 2 +- jails/config/git/gitea-restart.sh | 2 +- jails/config/git/gitea/conf/app.ini | 71 +- jails/config/git/gitea/options/license | 25 - jails/config/git/pkg-list-details-old.txt | 12 +- jails/config/git/pkg-list-details.txt | 12 +- jails/config/git/pkgp.conf | 2 - jails/config/hass/.tmux.conf | 12 - jails/config/hass/hass-upgrade.sh | 4 - jails/config/hass/hass.sh | 15 - jails/config/hass/heyu.sh | 15 - jails/config/hass/libffi-3.3_1.pkg | Bin 40080 -> 0 bytes jails/config/hass/pkg-list-details-old.txt | 16 - jails/config/hass/pkg-list-details.txt | 16 - jails/config/hass/pkg-list-old.txt | 1 - jails/config/hass/pkg-list.txt | 1 - jails/config/hass/setup_jail.sh | 4 - jails/config/hass/startsessions.sh | 31 - jails/config/hass/x10.conf | 264 --- jails/config/hub/httpd.conf | 26 +- jails/config/hub/periodic.conf | 8 +- jails/config/hub/pkg-list-details-old.txt | 58 +- jails/config/hub/pkg-list-details.txt | 58 +- jails/config/hub/pkg-list-old.txt | 2 +- jails/config/hub/pkg-list.txt | 2 +- jails/config/hub/pkgp.conf | 2 - jails/config/hub/smb4.conf | 36 +- jails/config/hub/sshd_config | 14 +- jails/config/ibm/pkg-list-details-old.txt | 18 +- jails/config/ibm/pkg-list-details.txt | 18 +- jails/config/jump/pkg-list-details-old.txt | 16 +- jails/config/jump/pkg-list-details.txt | 16 +- jails/config/jump/pkg-list-old.txt | 2 +- jails/config/jump/pkg-list.txt | 2 +- jails/config/ldap-mgr/httpd.conf | 14 +- .../config/ldap-mgr/pkg-list-details-old.txt | 18 +- jails/config/ldap-mgr/pkg-list-details.txt | 16 +- jails/config/ldap-mgr/pkg-list-old.txt | 2 +- jails/config/ldap-mgr/pkg-list.txt | 2 +- jails/config/ldap/pkg-list-details-old.txt | 12 +- jails/config/ldap/pkg-list-details.txt | 12 +- jails/config/ldap/pkg-list-old.txt | 2 +- jails/config/ldap/pkg-list.txt | 2 +- jails/config/ldap/pkgp.conf | 2 - jails/config/mage/pkg-list-details-old.txt | 56 +- jails/config/mage/pkg-list-details.txt | 56 +- jails/config/mage/pkg-list-old.txt | 2 +- jails/config/mage/pkg-list.txt | 2 +- jails/config/mail/pkg-list-details-old.txt | 27 +- jails/config/mail/pkg-list-details.txt | 27 +- jails/config/mail/pkg-list-old.txt | 2 +- jails/config/mail/pkg-list.txt | 2 +- jails/config/mail/pkgp.conf | 2 - jails/config/mail/postfix/main.cf | 41 +- .../mail/postfix/protected_destinations | 7 +- jails/config/maps/pkg-list-details-old.txt | 14 +- jails/config/maps/pkg-list-details.txt | 12 +- jails/config/matrix/pkg-list-details-old.txt | 19 +- jails/config/matrix/pkg-list-details.txt | 19 +- jails/config/matrix/pkg-list-old.txt | 2 +- jails/config/matrix/pkg-list.txt | 2 +- jails/config/meet/pkg-list-details-old.txt | 18 +- jails/config/meet/pkg-list-details.txt | 18 +- jails/config/monitor/alert_rules.yml | 10 +- jails/config/monitor/httpd.conf | 26 +- jails/config/monitor/pkg-list-details-old.txt | 84 +- jails/config/monitor/pkg-list-details.txt | 84 +- jails/config/monitor/pkg-list-old.txt | 2 +- jails/config/monitor/pkg-list.txt | 2 +- jails/config/monitor/prometheus.yml | 29 +- jails/config/nivi/httpd.conf | 26 +- jails/config/nivi/pkg-list-details-old.txt | 62 +- jails/config/nivi/pkg-list-details.txt | 62 +- jails/config/nivi/pkg-list-old.txt | 2 +- jails/config/nivi/pkg-list.txt | 2 +- jails/config/pg/pkg-list-details-old.txt | 11 +- jails/config/pg/pkg-list-details.txt | 11 +- jails/config/pg/pkg-list-old.txt | 2 +- jails/config/pg/pkg-list.txt | 2 +- jails/config/pkgp/make.conf | 16 +- jails/config/pkgp/mypkgs | 4 +- jails/config/pkgp/mypkgs.orig | 19 - jails/config/pkgp/nginx.conf | 34 +- jails/config/pkgp/pkgp.conf | 6 +- jails/config/pkgp/poudriere.conf | 17 +- jails/config/plex/pkg-list-details-old.txt | 12 +- jails/config/plex/pkg-list-details.txt | 12 +- jails/config/plex/pkg-list-old.txt | 2 +- jails/config/plex/pkg-list.txt | 2 +- jails/config/proxy/haproxy.conf | 266 +-- jails/config/proxy/pkg-list-details-old.txt | 15 +- jails/config/proxy/pkg-list-details.txt | 15 +- jails/config/proxy/pkg-list-old.txt | 2 +- jails/config/proxy/pkg-list.txt | 2 +- jails/config/proxy/pkgp.conf | 2 - jails/config/proxy/syslog.conf | 5 +- .../r-automated/pkg-list-details-old.txt | 27 +- jails/config/r-automated/pkg-list-details.txt | 27 +- jails/config/r-automated/pkg-list-old.txt | 2 +- jails/config/r-automated/pkg-list.txt | 2 +- jails/config/r-db/pkg-list-details-old.txt | 14 +- jails/config/r-db/pkg-list-details.txt | 14 +- jails/config/r-git/pkg-list-details-old.txt | 23 +- jails/config/r-git/pkg-list-details.txt | 23 +- jails/config/r-git/pkg-list-old.txt | 2 +- jails/config/r-git/pkg-list.txt | 2 +- jails/config/r-git/pkgp.conf | 22 +- jails/config/r-ldap-mgr/020_mod_ssl.conf | 11 - .../r-ldap-mgr/config.php.phpldapadmin.github | 654 ------ jails/config/r-ldap-mgr/httpd.conf | 584 ----- jails/config/r-ldap-mgr/php.ini | 1937 ----------------- jails/config/r-ldap/pkgp.conf | 20 - jails/config/rachna/httpd.conf | 26 +- jails/config/rachna/pkg-list-details-old.txt | 16 +- jails/config/rachna/pkg-list-details.txt | 16 +- jails/config/rachna/pkg-list-old.txt | 2 +- jails/config/rachna/pkg-list.txt | 2 +- jails/config/rishabh/httpd.conf | 26 +- jails/config/rishabh/pkg-list-details-old.txt | 16 +- jails/config/rishabh/pkg-list-details.txt | 16 +- jails/config/rishabh/pkg-list-old.txt | 2 +- jails/config/rishabh/pkg-list.txt | 2 +- jails/config/sharad/httpd.conf | 26 +- jails/config/sharad/pkg-list-details-old.txt | 16 +- jails/config/sharad/pkg-list-details.txt | 16 +- jails/config/sharad/pkg-list-old.txt | 2 +- jails/config/sharad/pkg-list.txt | 2 +- jails/config/torrent/pkg-list-details-old.txt | 28 +- jails/config/torrent/pkg-list-details.txt | 28 +- jails/config/torrent/pkg-list-old.txt | 2 +- jails/config/torrent/pkg-list.txt | 2 +- jails/config/vm/.tmux.conf | 12 - jails/config/vm/create_taps.sh | 119 - jails/config/vm/cvm-a.sh | 64 - jails/config/vm/cvm-b.sh | 64 - jails/config/vm/devfs_rules.raw | 8 - jails/config/vm/devfs_rules.txt | 14 - jails/config/vm/freebsd.sh | 79 - jails/config/vm/gns3.sh | 71 - jails/config/vm/pbx.sh | 70 - jails/config/vm/pkg-list-details-old.txt | 6 - jails/config/vm/pkg-list-details.txt | 6 - jails/config/vm/pkg-list-old.txt | 1 - jails/config/vm/pkg-list.txt | 1 - jails/config/vm/r-windows.sh | 68 - jails/config/vm/setup_jail.sh | 4 - jails/config/vm/startvms.sh | 66 - jails/config/vm/ubuntu.sh | 62 - jails/config/vm/w2019.sh | 68 - jails/config/vm/windows.sh | 68 - jails/config/vpngw/pkg-list-details-old.txt | 14 +- jails/config/vpngw/pkg-list-details.txt | 14 +- jails/config/web-datavpc/020_mod_ssl.conf | 11 - jails/config/web-datavpc/httpd.conf | 702 ------ jails/config/web-datavpc/php.ini | 1918 ---------------- .../web-datavpc/pkg-list-details-old.txt | 8 - jails/config/web-datavpc/pkg-list-details.txt | 8 - jails/config/web-datavpc/pkg-list-old.txt | 1 - jails/config/web-datavpc/pkg-list.txt | 1 - jails/config/web-datavpc/resolvconf.conf | 2 - jails/config/web-datavpc/www.conf | 423 ---- jails/config/web-diyit/httpd.conf | 31 +- .../config/web-diyit/pkg-list-details-old.txt | 53 +- jails/config/web-diyit/pkg-list-details.txt | 53 +- jails/config/web-diyit/pkg-list-old.txt | 2 +- jails/config/web-diyit/pkg-list.txt | 2 +- jails/config/web-rockwood/httpd.conf | 85 +- .../web-rockwood/pkg-list-details-old.txt | 55 +- .../config/web-rockwood/pkg-list-details.txt | 55 +- jails/config/web-rockwood/pkg-list-old.txt | 2 +- jails/config/web-rockwood/pkg-list.txt | 2 +- .../config/web-scvcc-rental/020_mod_ssl.conf | 11 - jails/config/web-scvcc-rental/httpd.conf | 702 ------ jails/config/web-scvcc-rental/php.ini | 1918 ---------------- .../web-scvcc-rental/pkg-list-details-old.txt | 8 - .../web-scvcc-rental/pkg-list-details.txt | 8 - .../config/web-scvcc-rental/pkg-list-old.txt | 1 - jails/config/web-scvcc-rental/pkg-list.txt | 1 - jails/config/web-scvcc-rental/resolvconf.conf | 2 - jails/config/web-scvcc-rental/www.conf | 423 ---- jails/config/web/httpd.conf | 26 +- jails/config/web/pkg-list-details-old.txt | 54 +- jails/config/web/pkg-list-details.txt | 54 +- jails/config/web/pkg-list-old.txt | 2 +- jails/config/web/pkg-list.txt | 2 +- jails/config/web/pkgp.conf | 2 - jails/create.sh | 12 +- jails/jails-restore-httpd.sh | 42 - jails/jails-update-cert.sh | 44 +- jails/jails-update-pkgs.sh | 39 +- jails/pkg-list-details-server.txt | 75 +- jails/pkg-list-server.txt | 2 +- jails/update.sh | 86 +- scripts/gstat_exporter.py | 791 ++++--- scripts/zfs_health.sh | 8 +- 261 files changed, 2451 insertions(+), 12859 deletions(-) delete mode 100644 jails/config/atm/ldap.conf delete mode 100644 jails/config/cloud/config.php.20 delete mode 100644 jails/config/common/12.3-RELEASE.bzip2 delete mode 100644 jails/config/git/gitea/options/license delete mode 100644 jails/config/hass/.tmux.conf delete mode 100755 jails/config/hass/hass-upgrade.sh delete mode 100755 jails/config/hass/hass.sh delete mode 100755 jails/config/hass/heyu.sh delete mode 100644 jails/config/hass/libffi-3.3_1.pkg delete mode 100644 jails/config/hass/pkg-list-details-old.txt delete mode 100644 jails/config/hass/pkg-list-details.txt delete mode 100644 jails/config/hass/pkg-list-old.txt delete mode 100644 jails/config/hass/pkg-list.txt delete mode 100755 jails/config/hass/setup_jail.sh delete mode 100755 jails/config/hass/startsessions.sh delete mode 100644 jails/config/hass/x10.conf delete mode 100644 jails/config/pkgp/mypkgs.orig delete mode 100644 jails/config/r-ldap-mgr/020_mod_ssl.conf delete mode 100644 jails/config/r-ldap-mgr/config.php.phpldapadmin.github delete mode 100644 jails/config/r-ldap-mgr/httpd.conf delete mode 100644 jails/config/r-ldap-mgr/php.ini delete mode 100644 jails/config/r-ldap/pkgp.conf delete mode 100644 jails/config/vm/.tmux.conf delete mode 100755 jails/config/vm/create_taps.sh delete mode 100755 jails/config/vm/cvm-a.sh delete mode 100755 jails/config/vm/cvm-b.sh delete mode 100644 jails/config/vm/devfs_rules.raw delete mode 100644 jails/config/vm/devfs_rules.txt delete mode 100755 jails/config/vm/freebsd.sh delete mode 100755 jails/config/vm/gns3.sh delete mode 100755 jails/config/vm/pbx.sh delete mode 100644 jails/config/vm/pkg-list-details-old.txt delete mode 100644 jails/config/vm/pkg-list-details.txt delete mode 100644 jails/config/vm/pkg-list-old.txt delete mode 100644 jails/config/vm/pkg-list.txt delete mode 100755 jails/config/vm/r-windows.sh delete mode 100755 jails/config/vm/setup_jail.sh delete mode 100755 jails/config/vm/startvms.sh delete mode 100755 jails/config/vm/ubuntu.sh delete mode 100755 jails/config/vm/w2019.sh delete mode 100755 jails/config/vm/windows.sh delete mode 100644 jails/config/web-datavpc/020_mod_ssl.conf delete mode 100644 jails/config/web-datavpc/httpd.conf delete mode 100644 jails/config/web-datavpc/php.ini delete mode 100644 jails/config/web-datavpc/pkg-list-details-old.txt delete mode 100644 jails/config/web-datavpc/pkg-list-details.txt delete mode 100644 jails/config/web-datavpc/pkg-list-old.txt delete mode 100644 jails/config/web-datavpc/pkg-list.txt delete mode 100644 jails/config/web-datavpc/resolvconf.conf delete mode 100644 jails/config/web-datavpc/www.conf delete mode 100644 jails/config/web-scvcc-rental/020_mod_ssl.conf delete mode 100644 jails/config/web-scvcc-rental/httpd.conf delete mode 100644 jails/config/web-scvcc-rental/php.ini delete mode 100644 jails/config/web-scvcc-rental/pkg-list-details-old.txt delete mode 100644 jails/config/web-scvcc-rental/pkg-list-details.txt delete mode 100644 jails/config/web-scvcc-rental/pkg-list-old.txt delete mode 100644 jails/config/web-scvcc-rental/pkg-list.txt delete mode 100644 jails/config/web-scvcc-rental/resolvconf.conf delete mode 100644 jails/config/web-scvcc-rental/www.conf delete mode 100755 jails/jails-restore-httpd.sh mode change 100755 => 100644 scripts/gstat_exporter.py diff --git a/configs/boot/loader.conf b/configs/boot/loader.conf index 02a9b09..cfb3d52 100644 --- a/configs/boot/loader.conf +++ b/configs/boot/loader.conf @@ -103,3 +103,16 @@ vfs.zfs.vdev.cache.max=134217728 # https://lists.freebsd.org/pipermail/freebsd-bugs/2013-April/052301.html # my 8TB's don't support NCQ TRIM vfs.unmapped_buf_allowed=0 + +#https://forums.freebsd.org/threads/bhyve-passthrough-usb-controller.67760/#post-431968 +#https://forums.freebsd.org/threads/usb-passthrough-bhyve-windows-10-guest.86669/ +#vmm_load="YES" +#pptdevs="0/20/0" +# need another USB PCIe card in the server if I want to pass USB to HomeAssistant + +# kldload cpuctl +#cpuctl_load="YES" + +#wireguard +#https://forums.freebsd.org/threads/wireguard-in-jail-with-kernel-support.86791/ +if_wg_load="YES" diff --git a/configs/etc/ctl.conf b/configs/etc/ctl.conf index 4408e64..300314e 100644 --- a/configs/etc/ctl.conf +++ b/configs/etc/ctl.conf @@ -4,26 +4,6 @@ portal-group pg0 { listen [::] } -target iqn.nas.ahlawat.com:f11 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD11 - size 128G - } -} - -target iqn.nas.ahlawat.com:f12 { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD12 - size 128G - } -} - target iqn.nas.ahlawat.com:f13 { # auth-group no-authentication portal-group pg0 @@ -34,16 +14,6 @@ target iqn.nas.ahlawat.com:f13 { } } -target iqn.nas.ahlawat.com:f12p { -# auth-group no-authentication - portal-group pg0 - chap user secretsecret - lun 0 { - path /dev/zvol/ship/raw/FreeBSD12p - size 128G - } -} - target iqn.nas.ahlawat.com:f13p { # auth-group no-authentication portal-group pg0 diff --git a/configs/etc/defaults/devfs.rules b/configs/etc/defaults/devfs.rules index 85262d3..a72db44 100644 --- a/configs/etc/defaults/devfs.rules +++ b/configs/etc/defaults/devfs.rules @@ -13,7 +13,6 @@ # references must include a dollar sign '$' in front of the # name to be expanded properly. # -# $FreeBSD: releng/12.3/sbin/devfs/devfs.rules 338204 2018-08-22 15:55:23Z brd $ # # Very basic and secure ruleset: Hide everything. @@ -87,6 +86,12 @@ add include $devfsrules_unhide_login add path fuse unhide add path zfs unhide add path 'bpf*' unhide +add path 'md*' unhide +add path 'md*' mode 0777 + +[devfsrules_jail_vnet=5] +add include $devfsrules_jail +add path pf unhide # members of group uucp can access all usb and tty devices [usbrules=100] diff --git a/configs/etc/defaults/periodic.conf b/configs/etc/defaults/periodic.conf index 6213c09..760e6e8 100644 --- a/configs/etc/defaults/periodic.conf +++ b/configs/etc/defaults/periodic.conf @@ -13,14 +13,13 @@ # For a more detailed explanation of all the periodic.conf variables, please # refer to the periodic.conf(5) manual page. # -# $FreeBSD: releng/12.3/usr.sbin/periodic/periodic.conf 370770 2021-10-07 19:46:04Z asomers $ # # What files override these defaults ? -periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local" +periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local ${_localbase}/etc/periodic.conf" -# periodic script dirs -local_periodic="/usr/local/etc/periodic" +# periodic script dirs. _localbase is being set in /usr/sbin/periodic +local_periodic="${_localbase}/etc/periodic" # Max time to sleep to avoid causing congestion on download servers anticongestion_sleeptime=3600 @@ -32,6 +31,7 @@ anticongestion_sleeptime=3600 # that output. $daily_output might be set to /var/log/daily.log if you # wish to log the daily output and have the files rotated by newsyslog(8) # +daily_diff_flags="-b -U 0" # flags for diff output daily_output="root" # user or /file daily_show_success="YES" # scripts returning 0 daily_show_info="YES" # scripts returning 1 @@ -109,9 +109,6 @@ daily_accounting_compress="NO" # Gzip rotated files daily_accounting_flags=-q # Flags to /usr/sbin/sa daily_accounting_save=3 # How many files to save -# 330.news -daily_news_expire_enable="YES" # Run news.expire - # 400.status-disks daily_status_disks_enable="NO" # Check disk status daily_status_disks_df_flags="-l -h" # df(1) flags for check @@ -182,6 +179,11 @@ daily_scrub_zfs_pools="" # empty string selects all pools daily_scrub_zfs_default_threshold="35" # days between scrubs #daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold +# 801.trim-zfs +daily_trim_zfs_enable="NO" +daily_trim_zfs_pools="" # empty string selects all pools +daily_trim_zfs_flags="" # zpool-trim(8) flags + # 999.local daily_local="/etc/daily.local" # Local scripts @@ -252,7 +254,7 @@ security_show_badconfig="NO" # scripts returning 2 # These options are used by the security periodic(8) scripts spawned in # daily and weekly 450.status-security. security_status_logdir="/var/log" # Directory for logs -security_status_diff_flags="-b -u" # flags for diff output +security_status_diff_flags="-b -U 0" # flags for diff output # Each of the security_status_*_period options below can have one of the # following values: @@ -301,6 +303,7 @@ security_status_ipfdenied_period="daily" # 520.pfdenied security_status_pfdenied_enable="YES" security_status_pfdenied_period="daily" +security_status_pfdenied_additionalanchors="" # 550.ipfwlimit security_status_ipfwlimit_enable="YES" diff --git a/configs/etc/exports b/configs/etc/exports index 15cddb2..15d2dbb 100644 --- a/configs/etc/exports +++ b/configs/etc/exports @@ -1,6 +1,8 @@ -V4: / -network=192.168.10.0 -mask=255.255.255.0 +V4: / -network=192.168.10.0/24 /mnt/ship/pxe/FreeBSD11 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD12 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD13 -alldirs -maproot=root /mnt/ship/pxe/FreeBSD12p -alldirs -maproot=root /mnt/ship/pxe/FreeBSD13p -alldirs -maproot=root +/mnt/ship/backup -alldirs -maproot=root +/mnt/ship/r-automated -alldirs -maproot=root 192.168.10.13 diff --git a/configs/etc/freebsd-update.conf b/configs/etc/freebsd-update.conf index 7965941..47cf866 100644 --- a/configs/etc/freebsd-update.conf +++ b/configs/etc/freebsd-update.conf @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/usr.sbin/freebsd-update/freebsd-update.conf 370439 2021-08-29 16:58:35Z kevans $ # Trusted keyprint. Changing this is a Bad Idea unless you've received # a PGP-signed email from telling you to @@ -15,7 +14,7 @@ ServerName update.FreeBSD.org #Components src world kernel # Example for updating the userland and the kernel source code only: -#Components src world +#Components src/base src/sys world Components world # manually run - git pull in /usr/src - before recompiling the kernel diff --git a/configs/etc/hosts b/configs/etc/hosts index a0909e8..c36c832 100644 --- a/configs/etc/hosts +++ b/configs/etc/hosts @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $ # # Host Database # @@ -13,26 +12,31 @@ ::1 localhost 127.0.0.1 localhost -192.168.0.10 nas nas.ahlawat.com -fd01::10 nas nas.ahlawat.com -192.168.10.10 nas nas.ahlawat.com -fd0a::10 nas nas.ahlawat.com -192.168.48.10 nas nas.ahlawat.com -2001:470:480a::10 nas nas.ahlawat.com +192.168.0.10 nasv1 nasv1.ahlawat.com +fd01::10 nasv1 nasv1.ahlawat.com +192.168.8.10 nas nas.ahlawat.com +fd08::10 nas nas.ahlawat.com +192.168.10.10 nasv10 nasv10.ahlawat.com +fd0a::10 nasv10 nasv10.ahlawat.com +192.168.48.10 nasv48 nasv48.ahlawat.com +2001:470:480a::10 nasv48 nasv48.ahlawat.com -10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com +#10.1.0.193 crucible.ad.inseego.com i01bitcru00.ad.inseego.com bitbucket.ad.inseego.com + +13.56.245.15 rwe +54.241.30.152 rwe-gw # # Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend # -# According to RFC 1918, you can use the following IP networks for -# private nets which will never be connected to the Internet: +# According to RFC 1918, you can use the following IP blocks for +# private internets: # -# 10.0.0.0 - 10.255.255.255 -# 172.16.0.0 - 172.31.255.255 -# 192.168.0.0 - 192.168.255.255 +# 10.0.0.0 - 10.255.255.255 (10/8 prefix) +# 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) +# 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) # -# In case you want to be able to connect to the Internet, you need +# In case you want to make addresses available on the Internet, you need # real official assigned numbers. Do not try to invent your own network # numbers but instead get one from your network provider (if any) or # from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.) diff --git a/configs/etc/login.conf b/configs/etc/login.conf index 8af82a7..50a2ba9 100644 --- a/configs/etc/login.conf +++ b/configs/etc/login.conf @@ -7,7 +7,6 @@ # This file controls resource limits, accounting limits and # default user environment settings. # -# $FreeBSD: releng/12.3/usr.bin/login/login.conf 369215 2021-02-04 03:15:28Z kevans $ # # Default settings effectively disable resource limits, see the @@ -25,7 +24,7 @@ default:\ :passwd_format=sha512:\ :copyright=/etc/COPYRIGHT:\ - :welcome=/etc/motd:\ + :welcome=/var/run/motd:\ :setenv=BLOCKSIZE=K:\ :mail=/var/mail/$:\ :path=/sbin /bin /usr/sbin /usr/bin /usr/local/sbin /usr/local/bin ~/bin:\ @@ -49,8 +48,7 @@ default:\ :ignoretime@:\ :umask=022:\ :charset=UTF-8:\ - :lang=en_US.UTF-8: - + :lang=C.UTF-8: # # A collection of common class names - forward them all to 'default' @@ -130,7 +128,7 @@ russian|Russian Users Accounts:\ ## #standard:\ # :copyright=/etc/COPYRIGHT:\ -# :welcome=/etc/motd:\ +# :welcome=/var/run/motd:\ # :setenv=BLOCKSIZE=K:\ # :mail=/var/mail/$:\ # :path=~/bin /bin /usr/bin /usr/local/bin:\ diff --git a/configs/etc/ntp.conf b/configs/etc/ntp.conf index 5468a28..a3c7bac 100644 --- a/configs/etc/ntp.conf +++ b/configs/etc/ntp.conf @@ -1,5 +1,4 @@ # -# $FreeBSD: releng/12.3/usr.sbin/ntp/ntpd/ntp.conf 365704 2020-09-14 01:20:57Z emaste $ # # Default NTP servers for the FreeBSD operating system. # @@ -20,24 +19,27 @@ tos minclock 3 maxclock 6 # -# The following pool statement will give you a random set of NTP servers -# geographically close to you. A single pool statement adds multiple -# servers from the pool, according to the tos minclock/maxclock targets. +# The following pool statements will give you a random set of IPv4 and IPv6 +# NTP servers geographically close to you. A single pool statement adds +# multiple servers from the pool, according to the tos minclock/maxclock +# targets. # See http://www.pool.ntp.org/ for details. Note, pool.ntp.org encourages # users with a static IP and good upstream NTP servers to add a server -# to the pool. See http://www.pool.ntp.org/join.html if you are interested. +# to the pool. See http://www.pool.ntp.org/join.html if you are interested. # # The option `iburst' is used for faster initial synchronization. # -#pool 0.freebsd.pool.ntp.org iburst +pool 0.freebsd.pool.ntp.org iburst +pool 2.freebsd.pool.ntp.org iburst # # If you want to pick yourself which country's public NTP server -# you want to sync against, comment out the above pool, uncomment -# the next one, and replace CC with the country's abbreviation. -# Make sure that the hostname resolves to a proper IP address! +# you want to sync against, comment out the above pool statements, +# uncomment the next ones, and replace CC with the country's abbreviation. +# Make sure that the hostnames resolves to a proper IP address! # # pool 0.CC.pool.ntp.org iburst +# pool 2.CC.pool.ntp.org iburst # # To configure a specific server, such as an organization-wide local diff --git a/configs/etc/profile b/configs/etc/profile index 69c49eb..7469975 100644 --- a/configs/etc/profile +++ b/configs/etc/profile @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/bin/sh/profile 363525 2020-07-25 11:57:39Z pstef $ # # System-wide .profile file for sh(1). # diff --git a/configs/etc/rc.conf b/configs/etc/rc.conf index 9ed43e1..8b3453f 100644 --- a/configs/etc/rc.conf +++ b/configs/etc/rc.conf @@ -1,6 +1,6 @@ zfs_enable="YES" -kld_list="nmdm vmm ipfw ipdivert linux64 wg" +kld_list="nmdm vmm ipfw ipdivert tcp_bbr linux64 wg" # Do not mark to autodetach otherwise ZFS gets very unhappy. geli_autodetach="NO" @@ -18,7 +18,7 @@ ntpd_sync_on_start="YES" ntpd_enable="YES" powerdxx_enable="YES" -powerdxx_flags="" +powerdxx_flags="-a hiadaptive" smartd_enable="YES" nut_enable="YES" @@ -30,42 +30,56 @@ firewall_type="open" firewall_logging="YES" firewall_logif="YES" -# /interfaces +# interfaces/ cloned_interfaces_sticky="YES" -cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48" +cloned_interfaces="lagg0 bridge1 bridge2 bridge3 bridge5 bridge8 bridge9 bridge10 bridge48 bridge22 bridge99" -ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 up" ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso" +ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up" -vlans_lagg0="1 2 3 5 8 9 10 48" +vlans_lagg0="1 2 3 5 8 9 10 48 22" +#vlans_igb0="1 2 3 5 10 48 22" +#vlans_igb1="8 9" ipv6_activate_all_interfaces="YES" rtsold_enable="YES" ifconfig_lagg0_1="inet 192.168.0.10/24" ifconfig_lagg0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_2="up" -#ifconfig_lagg0_2="inet 192.168.2.10/24" -#ifconfig_lagg0_2_ipv6="inet6 fd02::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_3="up" -#ifconfig_lagg0_3="inet 192.168.3.10/24" -#ifconfig_lagg0_3_ipv6="inet6 fd03::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_5="up" -#ifconfig_lagg0_5="inet 192.168.5.10/24" -#ifconfig_lagg0_5_ipv6="inet6 fd05::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_8="up" -# to avoid asymmetric routing - keep ip for vlan8 disabled -#ifconfig_lagg0_8="inet 192.168.8.10/24" -#ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" -ifconfig_lagg0_9="up" -#ifconfig_lagg0_9="inet 192.168.200.10/24" -#ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_1="inet 192.168.0.10/24" +#ifconfig_igb0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv" + # required for lab servers netboot on vlan10 ifconfig_lagg0_10="inet 192.168.10.10/24" ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_10="inet 192.168.10.10/24" +#ifconfig_igb0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv" + ifconfig_lagg0_48="inet 192.168.48.10/24" ifconfig_lagg0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb0_48="inet 192.168.48.10/24" +#ifconfig_igb0_48_ipv6="inet6 2001:470:480a::10/64 auto_linklocal accept_rtadv" + +# to avoid asymmetric routing - keep ip for vlan8 disabled +# updated DNS entries to address the above concern +ifconfig_lagg0_8="up" +ifconfig_lagg0_8="inet 192.168.8.10/24" +ifconfig_lagg0_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" +#ifconfig_igb1_8="up" +#ifconfig_igb1_8="inet 192.168.8.10/24" +#ifconfig_igb1_8_ipv6="inet6 fd08::10/64 auto_linklocal accept_rtadv" + +ifconfig_lagg0_2="up" +ifconfig_lagg0_3="up" +ifconfig_lagg0_5="up" +ifconfig_lagg0_9="up" +ifconfig_lagg0_22="up" +#ifconfig_igb0_2="up" +#ifconfig_igb0_3="up" +#ifconfig_igb0_5="up" +#ifconfig_igb1_9="up" +#ifconfig_igb1_22="up" ifconfig_bridge1="addm lagg0.1 up" ifconfig_bridge2="addm lagg0.2 up" @@ -75,6 +89,17 @@ ifconfig_bridge8="addm lagg0.8 up" ifconfig_bridge9="addm lagg0.9 up" ifconfig_bridge10="addm lagg0.10 up" ifconfig_bridge48="addm lagg0.48 up" +ifconfig_bridge22="addm lagg0.22 up" + +#ifconfig_bridge1="addm igb0.1 up" +#ifconfig_bridge2="addm igb0.2 up" +#ifconfig_bridge3="addm igb0.3 up" +#ifconfig_bridge5="addm igb0.5 up" +#ifconfig_bridge8="addm igb1.8 up" +#ifconfig_bridge9="addm igb1.9 up" +#ifconfig_bridge10="addm igb0.10 up" +#ifconfig_bridge48="addm igb0.48 up" +#ifconfig_bridge22="addm igb0.22 up" # adding IP to bridges does not work #ifconfig_bridge1="inet 192.168.0.10/24" diff --git a/configs/etc/rctl.conf b/configs/etc/rctl.conf index 7f0649b..48335d3 100644 --- a/configs/etc/rctl.conf +++ b/configs/etc/rctl.conf @@ -1 +1,3 @@ jail:ioc-jump:vmemoryuse:deny=4G/jail +jail:ioc-ldap:vmemoryuse:deny=8G/jail +jail:ioc-monitor:vmemoryuse:deny=16G/jail diff --git a/configs/etc/sysctl.conf b/configs/etc/sysctl.conf index a2117ad..a2931e7 100644 --- a/configs/etc/sysctl.conf +++ b/configs/etc/sysctl.conf @@ -1,4 +1,3 @@ -# $FreeBSD: releng/12.3/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $ # # This file is read when going to multi-user and its contents piped thru # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. @@ -72,10 +71,10 @@ net.inet.tcp.mssdflt=1448 net.inet.tcp.nolocaltimewait=1 net.inet.tcp.path_mtu_discovery=0 net.inet.tcp.reass.maxqueuelen=1448 -net.inet.tcp.recvbuf_inc=65536 +###net.inet.tcp.recvbuf_inc=65536 net.inet.tcp.recvbuf_max=16777216 net.inet.tcp.recvspace=262144 -net.inet.tcp.rfc6675_pipe=1 +###net.inet.tcp.rfc6675_pipe=1 net.inet.tcp.sendbuf_inc=65536 net.inet.tcp.sendbuf_max=16777216 net.inet.tcp.sendspace=262144 @@ -98,14 +97,14 @@ net.link.bridge.pfil_onlyip=0 net.local.stream.recvspace=164240 net.local.stream.sendspace=164240 net.route.netisr_maxqlen=2048 -net.raw.recvspace=65536 -net.raw.sendspace=65536 +###net.raw.recvspace=65536 +###net.raw.sendspace=65536 vfs.zfs.arc_max=51539607552 vfs.zfs.delay_min_dirty_percent=96 vfs.zfs.dirty_data_max=12884901888 -vfs.zfs.prefetch_disable=0 +###vfs.zfs.prefetch_disable=0 #vfs.zfs.top_maxinflight=128 -vfs.zfs.trim.txg_delay=2 +###vfs.zfs.trim.txg_delay=2 vfs.zfs.txg.timeout=90 vfs.zfs.vdev.aggregation_limit=1048576 vfs.zfs.vdev.write_gap_limit=0 @@ -114,13 +113,14 @@ vfs.zfs.vdev.write_gap_limit=0 #vfs.zfs.l2arc_write_boost=402653184 #vfs.zfs.l2arc_write_max=402653184 -net.inet.tcp.functions_default=rack -net.inet.tcp.rack.tlpmethod=3 -net.inet.tcp.rack.data_after_close=0 +###net.inet.tcp.functions_default=rack +###net.inet.tcp.rack.tlpmethod=3 +###net.inet.tcp.rack.data_after_close=0 -# Verify RACK +net.inet.tcp.functions_default=bbr +# Verify BBR # sysctl net.inet.tcp.functions_available -# sysctl net.inet.tcp.rack. +# sysctl net.inet.tcp.bbr. #Cheap Disk Issues kern.cam.ada.default_timeout=60 diff --git a/configs/usr/local/etc/pkg/repos/pkgp.conf b/configs/usr/local/etc/pkg/repos/pkgp.conf index 9327ae9..f09118a 100644 --- a/configs/usr/local/etc/pkg/repos/pkgp.conf +++ b/configs/usr/local/etc/pkg/repos/pkgp.conf @@ -1,18 +1,16 @@ FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", - enabled: no + enabled: yes } pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, + enabled: no, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default/", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/data/apps/certs/poudriere.cert", enabled: no, diff --git a/configs/usr/local/etc/rc.d/gstat_exporter b/configs/usr/local/etc/rc.d/gstat_exporter index e3182dd..a1469d8 100755 --- a/configs/usr/local/etc/rc.d/gstat_exporter +++ b/configs/usr/local/etc/rc.d/gstat_exporter @@ -1,44 +1,27 @@ #!/bin/sh -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# the two lines below are not just comments but required by rcorder; service -e # PROVIDE: gstat_exporter -# REQUIRE: NETWORKING DAEMON +# REQUIRE: LOGIN NETWORKING +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable gstat_exporter: +# +# gstat_exporter_enable (bool): Set to "NO" by default. +# Set it to "YES" to enable gstat_exporter_enable. . /etc/rc.subr -: ${gstat_exporter_enable="NO"} - name=gstat_exporter -rcvar=${name}_enable - -GSTATEXPORTER="nohup /usr/local/bin/python3.9 /root/FreeBSD/scripts/gstat_exporter.py" - -start_cmd="${name}_start" -stop_cmd="${name}_stop" -restart_cmd="${name}_restart" - -gstat_exporter_start() -{ - $GSTATEXPORTER & -} - -gstat_exporter_stop() -{ - ps ax | grep -ie gstat_exporter.py | grep -v grep | awk '{print $1}' | xargs kill -9 -} -gstat_exporter_restart() -{ - gstat_exporter_stop - gstat_exporter_start -} +rcvar=gstat_exporter_enable +desc="gstat_exporter daemon" load_rc_config ${name} + +: ${gstat_exporter_enable:=NO} + +pidfile="/var/run/${name}.pid" +command_interpreter=/usr/local/bin/python3.11 +command=/usr/local/bin/${name}.py +start_cmd="/usr/sbin/daemon -f -p ${pidfile} $command_interpreter $command" + run_rc_command "$1" diff --git a/jails/config/atm/ldap.conf b/jails/config/atm/ldap.conf deleted file mode 100644 index 91d0546..0000000 --- a/jails/config/atm/ldap.conf +++ /dev/null @@ -1,15 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -BASE ou=people,dc=infra -URI ldaps://ldap.ahlawat.com:636 -ssl start_tls -tls_cacert /mnt/certs/cacert.pem - -#SIZELIMIT 12 -#TIMELIMIT 15 -#DEREF never diff --git a/jails/config/atm/nslcd.conf b/jails/config/atm/nslcd.conf index 654aabd..791f368 100644 --- a/jails/config/atm/nslcd.conf +++ b/jails/config/atm/nslcd.conf @@ -15,7 +15,8 @@ gid nslcd #uri ldaps://127.0.0.1/ #uri ldapi://%2fvar%2frun%2fldapi_sock/ # Note: %2f encodes the '/' used as directory separator -uri ldaps://ldap.ahlawat.com:636 +# uri ldaps://ldap.ahlawat.com:636 +uri ldap://ldap.ahlawat.com:389 # The LDAP version to use (defaults to 3 # if supported by client library) diff --git a/jails/config/atm/pkg-list-details-old.txt b/jails/config/atm/pkg-list-details-old.txt index 72525fa..f26815f 100644 --- a/jails/config/atm/pkg-list-details-old.txt +++ b/jails/config/atm/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____netatalk3-3.1.13_4,1 -pkgp123____nss-pam-ldapd-sasl-0.9.12_1 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____bash-5.2.37 +pkgp123____netatalk3-3.2.10_2,1 +pkgp123____nss-pam-ldapd-sasl-0.9.13_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/atm/pkg-list-details.txt b/jails/config/atm/pkg-list-details.txt index cd3458a..f26815f 100644 --- a/jails/config/atm/pkg-list-details.txt +++ b/jails/config/atm/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____netatalk3-3.1.13_4,1 -pkgp123____nss-pam-ldapd-sasl-0.9.12_1 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____bash-5.2.37 +pkgp123____netatalk3-3.2.10_2,1 +pkgp123____nss-pam-ldapd-sasl-0.9.13_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/atm/pkgp.conf b/jails/config/atm/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/atm/pkgp.conf +++ b/jails/config/atm/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/auto/pkg-list-details-old.txt b/jails/config/auto/pkg-list-details-old.txt index 1f2a8ea..5f51a72 100644 --- a/jails/config/auto/pkg-list-details-old.txt +++ b/jails/config/auto/pkg-list-details-old.txt @@ -1,13 +1,9 @@ -pkgp123____bash-5.2.12 -pkgp123____bash-completion-2.11_2,2 -pkgp123____nginx-devel-1.23.2_4 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____py39-ansible-6.1.0 -pkgp-freebsd-pkg____py39-django32-3.2.16 -pkgp-freebsd-pkg____py39-gunicorn-20.1.0 -pkgp-freebsd-pkg____py39-pillow-9.2.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 -pkgp-freebsd-pkg____py39-tkinter-3.9.15_6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-devel-1.28.0 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-django42-4.2.20 +pkgp-freebsd-pkg____py311-gunicorn-23.0.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/auto/pkg-list-details.txt b/jails/config/auto/pkg-list-details.txt index b14680f..5f51a72 100644 --- a/jails/config/auto/pkg-list-details.txt +++ b/jails/config/auto/pkg-list-details.txt @@ -1,13 +1,9 @@ -pkgp123____bash-completion-2.11_2,2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-devel-1.23.2_4 -pkgp-freebsd-pkg____py39-ansible-6.1.0 -pkgp-freebsd-pkg____py39-django32-3.2.16 -pkgp-freebsd-pkg____py39-gunicorn-20.1.0 -pkgp-freebsd-pkg____py39-pillow-9.2.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 -pkgp-freebsd-pkg____py39-tkinter-3.9.15_6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-devel-1.28.0 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-django42-4.2.20 +pkgp-freebsd-pkg____py311-gunicorn-23.0.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/auto/pkg-list-old.txt b/jails/config/auto/pkg-list-old.txt index b85253b..4601069 100644 --- a/jails/config/auto/pkg-list-old.txt +++ b/jails/config/auto/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano nginx-devel pkg py39-ansible py39-django32 py39-gunicorn py39-pillow py39-pip py39-psycopg2 py39-tkinter sudo +bash bash-completion nano nginx-devel pkg py311-django42 py311-gunicorn py311-psycopg2 sudo diff --git a/jails/config/auto/pkg-list.txt b/jails/config/auto/pkg-list.txt index b85253b..4601069 100644 --- a/jails/config/auto/pkg-list.txt +++ b/jails/config/auto/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano nginx-devel pkg py39-ansible py39-django32 py39-gunicorn py39-pillow py39-pip py39-psycopg2 py39-tkinter sudo +bash bash-completion nano nginx-devel pkg py311-django42 py311-gunicorn py311-psycopg2 sudo diff --git a/jails/config/book/cps b/jails/config/book/cps index 0f15266..f0f3de0 100755 --- a/jails/config/book/cps +++ b/jails/config/book/cps @@ -19,8 +19,8 @@ name=cpsserver rcvar=${name}_enable -#CPSSERVER="nohup /usr/local/bin/python3.9 /data/calibre-web/cps.py" -CPSSERVER="nohup /usr/local/bin/cps" +CPSSERVER="nohup /usr/local/bin/python3.9 /data/calibre-web/cps.py" +#CPSSERVER="nohup /usr/local/bin/cps" start_cmd="${name}_start" stop_cmd="${name}_stop" @@ -31,11 +31,15 @@ cpsserver_start() $CPSSERVER -p /data/big/app.db -g /data/big/gdrive.db & $CPSSERVER -p /data/fiction/app.db -g /data/fiction/gdrive.db & $CPSSERVER -p /data/movie/app.db -g /data/movie/gdrive.db & + $CPSSERVER -p /data/art/app.db -g /data/art/gdrive.db & + $CPSSERVER -p /data/home/app.db -g /data/home/gdrive.db & + $CPSSERVER -p /data/general/app.db -g /data/general/gdrive.db & } cpsserver_stop() { ps ax | grep -ie cps.py | grep -v grep | awk '{print $1}' | xargs kill -9 +# ps ax | grep -ie cps | grep -v grep | awk '{print $1}' | xargs kill -9 } cpsserver_restart() { diff --git a/jails/config/book/pkg-list-details-old.txt b/jails/config/book/pkg-list-details-old.txt index fa1c5c8..1a91689 100644 --- a/jails/config/book/pkg-list-details-old.txt +++ b/jails/config/book/pkg-list-details-old.txt @@ -1,10 +1,14 @@ -pkgp123____libxml2-2.10.3_1 -pkgp123____libxslt-1.1.37 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____py39-ldap-3.4.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____rust-1.64.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cyrus-sasl-2.1.28_5 +pkgp-freebsd-pkg____libxml2-2.11.9 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-netifaces-plus-0.12.2_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-pyasn1-0.6.0 +pkgp-freebsd-pkg____py311-pyasn1-modules-0.4.1 +pkgp-freebsd-pkg____py311-python-ldap-3.4.4 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/book/pkg-list-details.txt b/jails/config/book/pkg-list-details.txt index 0dbeaca..1a91689 100644 --- a/jails/config/book/pkg-list-details.txt +++ b/jails/config/book/pkg-list-details.txt @@ -1,10 +1,14 @@ -pkgp123____libxml2-2.10.3_1 -pkgp123____libxslt-1.1.37 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____py39-ldap-3.4.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____rust-1.65.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cyrus-sasl-2.1.28_5 +pkgp-freebsd-pkg____libxml2-2.11.9 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-netifaces-plus-0.12.2_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-pyasn1-0.6.0 +pkgp-freebsd-pkg____py311-pyasn1-modules-0.4.1 +pkgp-freebsd-pkg____py311-python-ldap-3.4.4 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/book/pkg-list-old.txt b/jails/config/book/pkg-list-old.txt index 5fb392e..8b00d87 100644 --- a/jails/config/book/pkg-list-old.txt +++ b/jails/config/book/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion libxml2 libxslt nano pkg py39-ldap py39-pip py39-sqlite3 rust +bash bash-completion cyrus-sasl libxml2 libxslt nano pkg py311-netifaces-plus py311-pip py311-pyasn1 py311-pyasn1-modules py311-python-ldap py311-sqlite3 rust diff --git a/jails/config/book/pkg-list.txt b/jails/config/book/pkg-list.txt index 5fb392e..8b00d87 100644 --- a/jails/config/book/pkg-list.txt +++ b/jails/config/book/pkg-list.txt @@ -1 +1 @@ -bash bash-completion libxml2 libxslt nano pkg py39-ldap py39-pip py39-sqlite3 rust +bash bash-completion cyrus-sasl libxml2 libxslt nano pkg py311-netifaces-plus py311-pip py311-pyasn1 py311-pyasn1-modules py311-python-ldap py311-sqlite3 rust diff --git a/jails/config/calibre/pkg-list-details-old.txt b/jails/config/calibre/pkg-list-details-old.txt index d58afc6..07d3822 100644 --- a/jails/config/calibre/pkg-list-details-old.txt +++ b/jails/config/calibre/pkg-list-details-old.txt @@ -1,11 +1,11 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____calibre-5.44.0_6 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xpdf-4.04,1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____calibre-8.3.0 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xpdf-4.05_4,1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/calibre/pkg-list-details.txt b/jails/config/calibre/pkg-list-details.txt index 3fb7fa8..07d3822 100644 --- a/jails/config/calibre/pkg-list-details.txt +++ b/jails/config/calibre/pkg-list-details.txt @@ -1,11 +1,11 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____calibre-5.44.0_6 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xpdf-4.04,1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____calibre-8.3.0 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xpdf-4.05_4,1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/cam/pkg-list-details-old.txt b/jails/config/cam/pkg-list-details-old.txt index 33e579d..23096b0 100644 --- a/jails/config/cam/pkg-list-details-old.txt +++ b/jails/config/cam/pkg-list-details-old.txt @@ -1,7 +1,13 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____motion-4.3.2_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py27-pip-20.2.3 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____dejavu-2.37_3 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____gmake-4.4.1 +pkgp-freebsd-pkg____libgd-2.3.3_13,1 +pkgp-freebsd-pkg____motion-4.7.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____v4l-utils-1.23.0_5 diff --git a/jails/config/cam/pkg-list-details.txt b/jails/config/cam/pkg-list-details.txt index 1a52908..23096b0 100644 --- a/jails/config/cam/pkg-list-details.txt +++ b/jails/config/cam/pkg-list-details.txt @@ -1,7 +1,13 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____motion-4.3.2_3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py27-pip-20.2.3 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____dejavu-2.37_3 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____gmake-4.4.1 +pkgp-freebsd-pkg____libgd-2.3.3_13,1 +pkgp-freebsd-pkg____motion-4.7.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____v4l-utils-1.23.0_5 diff --git a/jails/config/cam/pkg-list-old.txt b/jails/config/cam/pkg-list-old.txt index 3a4bfa9..1ca2228 100644 --- a/jails/config/cam/pkg-list-old.txt +++ b/jails/config/cam/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl motion nano pkg py27-pip +bash bash-completion curl dejavu ffmpeg git-lite gmake libgd motion nano pkg rsync v4l-utils diff --git a/jails/config/cam/pkg-list.txt b/jails/config/cam/pkg-list.txt index 3a4bfa9..1ca2228 100644 --- a/jails/config/cam/pkg-list.txt +++ b/jails/config/cam/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl motion nano pkg py27-pip +bash bash-completion curl dejavu ffmpeg git-lite gmake libgd motion nano pkg rsync v4l-utils diff --git a/jails/config/cert/pkg-list-details-old.txt b/jails/config/cert/pkg-list-details-old.txt index 3692cce..ff6ab38 100644 --- a/jails/config/cert/pkg-list-details-old.txt +++ b/jails/config/cert/pkg-list-details-old.txt @@ -1,8 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____go-1.19,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wget-1.21.3_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____go-1.21_7,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____socat-1.8.0.3 +pkgp-freebsd-pkg____wget-1.25.0 diff --git a/jails/config/cert/pkg-list-details.txt b/jails/config/cert/pkg-list-details.txt index f1647df..ff6ab38 100644 --- a/jails/config/cert/pkg-list-details.txt +++ b/jails/config/cert/pkg-list-details.txt @@ -1,8 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____go-1.19,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wget-1.21.3_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____go-1.21_7,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____socat-1.8.0.3 +pkgp-freebsd-pkg____wget-1.25.0 diff --git a/jails/config/cert/pkg-list-old.txt b/jails/config/cert/pkg-list-old.txt index eb679c1..dbdafc5 100644 --- a/jails/config/cert/pkg-list-old.txt +++ b/jails/config/cert/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl git-lite go nano pkg wget +bash bash-completion curl git-lite go nano pkg socat wget diff --git a/jails/config/cert/pkg-list.txt b/jails/config/cert/pkg-list.txt index eb679c1..dbdafc5 100644 --- a/jails/config/cert/pkg-list.txt +++ b/jails/config/cert/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl git-lite go nano pkg wget +bash bash-completion curl git-lite go nano pkg socat wget diff --git a/jails/config/ci/pkg-list-details-old.txt b/jails/config/ci/pkg-list-details-old.txt index 6f4da6c..fab1ae8 100644 --- a/jails/config/ci/pkg-list-details-old.txt +++ b/jails/config/ci/pkg-list-details-old.txt @@ -1,5 +1,5 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____jenkins-2.377 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____bash-5.2.37 +pkgp123____nginx-1.26.3_3,3 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ci/pkg-list-details.txt b/jails/config/ci/pkg-list-details.txt index 1970ca7..fab1ae8 100644 --- a/jails/config/ci/pkg-list-details.txt +++ b/jails/config/ci/pkg-list-details.txt @@ -1,5 +1,5 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____jenkins-2.378 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____bash-5.2.37 +pkgp123____nginx-1.26.3_3,3 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ci/pkg-list-old.txt b/jails/config/ci/pkg-list-old.txt index aaf032d..bda807d 100644 --- a/jails/config/ci/pkg-list-old.txt +++ b/jails/config/ci/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion jenkins nano pkg +bash bash-completion nano nginx pkg diff --git a/jails/config/ci/pkg-list.txt b/jails/config/ci/pkg-list.txt index aaf032d..bda807d 100644 --- a/jails/config/ci/pkg-list.txt +++ b/jails/config/ci/pkg-list.txt @@ -1 +1 @@ -bash bash-completion jenkins nano pkg +bash bash-completion nano nginx pkg diff --git a/jails/config/cloud/config.php b/jails/config/cloud/config.php index ae550d8..3fb2dc0 100644 --- a/jails/config/cloud/config.php +++ b/jails/config/cloud/config.php @@ -12,7 +12,7 @@ $CONFIG = array ( 'datadirectory' => '/mnt/cloud', 'overwrite.cli.url' => 'https://cloud.ahlawat.com/', 'dbtype' => 'mysql', - 'version' => '21.0.3.1', + 'version' => '28.0.4.1', 'dbname' => 'nextcloud', 'dbhost' => 'db.ahlawat.com', 'dbport' => '3306', @@ -24,6 +24,7 @@ $CONFIG = array ( 'instanceid' => 'oc7suxvjiy9s', 'htaccess.RewriteBase' => '/', 'filelocking.enabled' => 'true', + 'memcache.local' => '\OC\Memcache\APCu', 'memcache.locking' => '\\OC\\Memcache\\Redis', 'redis' => array ( @@ -38,7 +39,7 @@ $CONFIG = array ( 'logrotate_size' => '104847600', 'ldapIgnoreNamingRules' => false, 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', - 'mail_smtpmode' => 'smtp', + 'mail_smtpmode' => 'sendmail', 'mail_from_address' => 'nobody', 'mail_domain' => 'ahlawat.com', 'mail_smtphost' => '192.168.0.100', @@ -47,5 +48,6 @@ $CONFIG = array ( 'theme' => '', 'encryption.legacy_format_support' => false, 'encryption.key_storage_migrated' => false, - 'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS', + 'data-fingerprint' => 'a20b20d2fb1221ec403a5f7c65828557', + 'mail_sendmailmode' => 'smtp', ); diff --git a/jails/config/cloud/config.php.20 b/jails/config/cloud/config.php.20 deleted file mode 100644 index a0b7c37..0000000 --- a/jails/config/cloud/config.php.20 +++ /dev/null @@ -1,51 +0,0 @@ - '5OBfApfc/+tJzU/4n+F8e+PzOfAStP', - 'secret' => 'IFX9kjXwOk4L21503pLACwa2Dadv9JzHNSu8XsnTogmwb5Tr', - 'trusted_domains' => - array ( - 0 => 'localhost', - 1 => 'cloud.ahlawat.com', - 2 => '192.168.0.59', - 3 => 'fd01::59', - ), - 'datadirectory' => '/mnt/cloud', - 'overwrite.cli.url' => 'https://cloud.ahlawat.com/', - 'dbtype' => 'mysql', - 'version' => '21.0.3.1', - 'dbname' => 'nextcloud', - 'dbhost' => 'db.ahlawat.com', - 'dbport' => '3306', - 'dbtableprefix' => 'oc_', - 'mysql.utf8mb4' => true, - 'dbuser' => 'nextcloud', - 'dbpassword' => 'mysql__nextcloud', - 'installed' => true, - 'instanceid' => 'oc7suxvjiy9s', - 'htaccess.RewriteBase' => '/', - 'filelocking.enabled' => 'true', - 'memcache.local' => '\\OC\\Memcache\\APCu', - 'memcache.locking' => '\\OC\\Memcache\\Redis', - 'redis' => - array ( - 'host' => '/tmp/redis.sock', - 'port' => 0, - ), - 'logtimezone' => 'America/Los_Angeles', - 'log_type' => 'file', - 'logfile' => '/var/log/nextcloud.log', - 'loglevel' => 0, - 'logrotate_size' => '104847600', - 'ldapIgnoreNamingRules' => false, - 'ldapProviderFactory' => '\\OCA\\User_LDAP\\LDAPProviderFactory', - 'mail_smtpmode' => 'smtp', - 'mail_from_address' => 'nobody', - 'mail_domain' => 'ahlawat.com', - 'mail_smtphost' => '192.168.0.100', - 'mail_smtpport' => '25', - 'maintenance' => false, - 'theme' => '', - 'encryption.legacy_format_support' => false, - 'encryption.key_storage_migrated' => false, - 'updater.secret' => '$2y$10$jAnC4Ha3RI2CL.IlhYluSeeOuKMT4itq/ViSiH1Q9DciUXfB3YSYS', -); diff --git a/jails/config/cloud/httpd.conf b/jails/config/cloud/httpd.conf index 6724eea..9f85f9a 100644 --- a/jails/config/cloud/httpd.conf +++ b/jails/config/cloud/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName cloud.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/nextcloud/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/cloud/pkg-list-details-old.txt b/jails/config/cloud/pkg-list-details-old.txt index 2aac1f2..3cff7f9 100644 --- a/jails/config/cloud/pkg-list-details-old.txt +++ b/jails/config/cloud/pkg-list-details-old.txt @@ -1,43 +1,46 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php80-8.0.25 -pkgp-freebsd-pkg____php80-bcmath-8.0.25 -pkgp-freebsd-pkg____php80-bz2-8.0.25 -pkgp-freebsd-pkg____php80-ctype-8.0.25 -pkgp-freebsd-pkg____php80-curl-8.0.25 -pkgp-freebsd-pkg____php80-dom-8.0.25 -pkgp-freebsd-pkg____php80-exif-8.0.25 -pkgp-freebsd-pkg____php80-fileinfo-8.0.25 -pkgp-freebsd-pkg____php80-filter-8.0.25 -pkgp-freebsd-pkg____php80-ftp-8.0.25 -pkgp-freebsd-pkg____php80-gd-8.0.25 -pkgp-freebsd-pkg____php80-gmp-8.0.25 -pkgp-freebsd-pkg____php80-iconv-8.0.25 -pkgp-freebsd-pkg____php80-imap-8.0.25 -pkgp-freebsd-pkg____php80-intl-8.0.25_1 -pkgp-freebsd-pkg____php80-ldap-8.0.25 -pkgp-freebsd-pkg____php80-mbstring-8.0.25 -pkgp-freebsd-pkg____php80-mysqli-8.0.25 -pkgp-freebsd-pkg____php80-opcache-8.0.25 -pkgp-freebsd-pkg____php80-pcntl-8.0.25 -pkgp-freebsd-pkg____php80-pdo-8.0.25 -pkgp-freebsd-pkg____php80-pdo_mysql-8.0.25 -pkgp-freebsd-pkg____php80-pecl-APCu-5.1.22 -pkgp-freebsd-pkg____php80-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php80-pecl-redis-5.3.5 -pkgp-freebsd-pkg____php80-posix-8.0.25 -pkgp-freebsd-pkg____php80-session-8.0.25 -pkgp-freebsd-pkg____php80-simplexml-8.0.25 -pkgp-freebsd-pkg____php80-xml-8.0.25 -pkgp-freebsd-pkg____php80-xmlreader-8.0.25 -pkgp-freebsd-pkg____php80-xmlwriter-8.0.25 -pkgp-freebsd-pkg____php80-xsl-8.0.25 -pkgp-freebsd-pkg____php80-zip-8.0.25 -pkgp-freebsd-pkg____php80-zlib-8.0.25 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____redis-7.0.5 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php83-8.3.20 +pkgp-freebsd-pkg____php83-bcmath-8.3.20 +pkgp-freebsd-pkg____php83-bz2-8.3.20 +pkgp-freebsd-pkg____php83-ctype-8.3.20 +pkgp-freebsd-pkg____php83-curl-8.3.20 +pkgp-freebsd-pkg____php83-dom-8.3.20 +pkgp-freebsd-pkg____php83-exif-8.3.20 +pkgp-freebsd-pkg____php83-fileinfo-8.3.20 +pkgp-freebsd-pkg____php83-filter-8.3.20 +pkgp-freebsd-pkg____php83-ftp-8.3.20 +pkgp-freebsd-pkg____php83-gd-8.3.20 +pkgp-freebsd-pkg____php83-gmp-8.3.20 +pkgp-freebsd-pkg____php83-iconv-8.3.20 +pkgp-freebsd-pkg____php83-imap-8.3.20 +pkgp-freebsd-pkg____php83-intl-8.3.20 +pkgp-freebsd-pkg____php83-ldap-8.3.20 +pkgp-freebsd-pkg____php83-mbstring-8.3.20 +pkgp-freebsd-pkg____php83-mysqli-8.3.20 +pkgp-freebsd-pkg____php83-opcache-8.3.20 +pkgp-freebsd-pkg____php83-pcntl-8.3.20 +pkgp-freebsd-pkg____php83-pdo-8.3.20 +pkgp-freebsd-pkg____php83-pdo_mysql-8.3.20 +pkgp-freebsd-pkg____php83-pear-horde-Horde_HashTable-1.2.6 +pkgp-freebsd-pkg____php83-pecl-APCu-5.1.24 +pkgp-freebsd-pkg____php83-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php83-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php83-pecl-redis-6.2.0 +pkgp-freebsd-pkg____php83-posix-8.3.20 +pkgp-freebsd-pkg____php83-session-8.3.20 +pkgp-freebsd-pkg____php83-simplexml-8.3.20 +pkgp-freebsd-pkg____php83-sodium-8.3.20 +pkgp-freebsd-pkg____php83-sysvsem-8.3.20 +pkgp-freebsd-pkg____php83-xml-8.3.20 +pkgp-freebsd-pkg____php83-xmlreader-8.3.20 +pkgp-freebsd-pkg____php83-xmlwriter-8.3.20 +pkgp-freebsd-pkg____php83-xsl-8.3.20 +pkgp-freebsd-pkg____php83-zip-8.3.20 +pkgp-freebsd-pkg____php83-zlib-8.3.20 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____redis-7.4.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/cloud/pkg-list-details.txt b/jails/config/cloud/pkg-list-details.txt index 5c69490..3cff7f9 100644 --- a/jails/config/cloud/pkg-list-details.txt +++ b/jails/config/cloud/pkg-list-details.txt @@ -1,43 +1,46 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php80-8.0.25 -pkgp-freebsd-pkg____php80-bcmath-8.0.25 -pkgp-freebsd-pkg____php80-bz2-8.0.25 -pkgp-freebsd-pkg____php80-ctype-8.0.25 -pkgp-freebsd-pkg____php80-curl-8.0.25 -pkgp-freebsd-pkg____php80-dom-8.0.25 -pkgp-freebsd-pkg____php80-exif-8.0.25 -pkgp-freebsd-pkg____php80-fileinfo-8.0.25 -pkgp-freebsd-pkg____php80-filter-8.0.25 -pkgp-freebsd-pkg____php80-ftp-8.0.25 -pkgp-freebsd-pkg____php80-gd-8.0.25 -pkgp-freebsd-pkg____php80-gmp-8.0.25 -pkgp-freebsd-pkg____php80-iconv-8.0.25 -pkgp-freebsd-pkg____php80-imap-8.0.25 -pkgp-freebsd-pkg____php80-intl-8.0.25_1 -pkgp-freebsd-pkg____php80-ldap-8.0.25 -pkgp-freebsd-pkg____php80-mbstring-8.0.25 -pkgp-freebsd-pkg____php80-mysqli-8.0.25 -pkgp-freebsd-pkg____php80-opcache-8.0.25 -pkgp-freebsd-pkg____php80-pcntl-8.0.25 -pkgp-freebsd-pkg____php80-pdo-8.0.25 -pkgp-freebsd-pkg____php80-pdo_mysql-8.0.25 -pkgp-freebsd-pkg____php80-pecl-APCu-5.1.22 -pkgp-freebsd-pkg____php80-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php80-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php80-pecl-redis-5.3.5 -pkgp-freebsd-pkg____php80-posix-8.0.25 -pkgp-freebsd-pkg____php80-session-8.0.25 -pkgp-freebsd-pkg____php80-simplexml-8.0.25 -pkgp-freebsd-pkg____php80-xml-8.0.25 -pkgp-freebsd-pkg____php80-xmlreader-8.0.25 -pkgp-freebsd-pkg____php80-xmlwriter-8.0.25 -pkgp-freebsd-pkg____php80-xsl-8.0.25 -pkgp-freebsd-pkg____php80-zip-8.0.25 -pkgp-freebsd-pkg____php80-zlib-8.0.25 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____redis-7.0.5 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php83-8.3.20 +pkgp-freebsd-pkg____php83-bcmath-8.3.20 +pkgp-freebsd-pkg____php83-bz2-8.3.20 +pkgp-freebsd-pkg____php83-ctype-8.3.20 +pkgp-freebsd-pkg____php83-curl-8.3.20 +pkgp-freebsd-pkg____php83-dom-8.3.20 +pkgp-freebsd-pkg____php83-exif-8.3.20 +pkgp-freebsd-pkg____php83-fileinfo-8.3.20 +pkgp-freebsd-pkg____php83-filter-8.3.20 +pkgp-freebsd-pkg____php83-ftp-8.3.20 +pkgp-freebsd-pkg____php83-gd-8.3.20 +pkgp-freebsd-pkg____php83-gmp-8.3.20 +pkgp-freebsd-pkg____php83-iconv-8.3.20 +pkgp-freebsd-pkg____php83-imap-8.3.20 +pkgp-freebsd-pkg____php83-intl-8.3.20 +pkgp-freebsd-pkg____php83-ldap-8.3.20 +pkgp-freebsd-pkg____php83-mbstring-8.3.20 +pkgp-freebsd-pkg____php83-mysqli-8.3.20 +pkgp-freebsd-pkg____php83-opcache-8.3.20 +pkgp-freebsd-pkg____php83-pcntl-8.3.20 +pkgp-freebsd-pkg____php83-pdo-8.3.20 +pkgp-freebsd-pkg____php83-pdo_mysql-8.3.20 +pkgp-freebsd-pkg____php83-pear-horde-Horde_HashTable-1.2.6 +pkgp-freebsd-pkg____php83-pecl-APCu-5.1.24 +pkgp-freebsd-pkg____php83-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php83-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php83-pecl-redis-6.2.0 +pkgp-freebsd-pkg____php83-posix-8.3.20 +pkgp-freebsd-pkg____php83-session-8.3.20 +pkgp-freebsd-pkg____php83-simplexml-8.3.20 +pkgp-freebsd-pkg____php83-sodium-8.3.20 +pkgp-freebsd-pkg____php83-sysvsem-8.3.20 +pkgp-freebsd-pkg____php83-xml-8.3.20 +pkgp-freebsd-pkg____php83-xmlreader-8.3.20 +pkgp-freebsd-pkg____php83-xmlwriter-8.3.20 +pkgp-freebsd-pkg____php83-xsl-8.3.20 +pkgp-freebsd-pkg____php83-zip-8.3.20 +pkgp-freebsd-pkg____php83-zlib-8.3.20 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____redis-7.4.2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 diff --git a/jails/config/cloud/pkg-list-old.txt b/jails/config/cloud/pkg-list-old.txt index 2adb475..a83b4ff 100644 --- a/jails/config/cloud/pkg-list-old.txt +++ b/jails/config/cloud/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo +apache24 bash bash-completion ffmpeg nano php83 php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-filter php83-ftp php83-gd php83-gmp php83-iconv php83-imap php83-intl php83-ldap php83-mbstring php83-mysqli php83-opcache php83-pcntl php83-pdo php83-pdo_mysql php83-pear-horde-Horde_HashTable php83-pecl-APCu php83-pecl-imagick php83-pecl-mcrypt php83-pecl-redis php83-posix php83-session php83-simplexml php83-sodium php83-sysvsem php83-xml php83-xmlreader php83-xmlwriter php83-xsl php83-zip php83-zlib pkg redis sudo diff --git a/jails/config/cloud/pkg-list.txt b/jails/config/cloud/pkg-list.txt index 2adb475..a83b4ff 100644 --- a/jails/config/cloud/pkg-list.txt +++ b/jails/config/cloud/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php80 php80-bcmath php80-bz2 php80-ctype php80-curl php80-dom php80-exif php80-fileinfo php80-filter php80-ftp php80-gd php80-gmp php80-iconv php80-imap php80-intl php80-ldap php80-mbstring php80-mysqli php80-opcache php80-pcntl php80-pdo php80-pdo_mysql php80-pecl-APCu php80-pecl-imagick php80-pecl-mcrypt php80-pecl-redis php80-posix php80-session php80-simplexml php80-xml php80-xmlreader php80-xmlwriter php80-xsl php80-zip php80-zlib pkg redis sudo +apache24 bash bash-completion ffmpeg nano php83 php83-bcmath php83-bz2 php83-ctype php83-curl php83-dom php83-exif php83-fileinfo php83-filter php83-ftp php83-gd php83-gmp php83-iconv php83-imap php83-intl php83-ldap php83-mbstring php83-mysqli php83-opcache php83-pcntl php83-pdo php83-pdo_mysql php83-pear-horde-Horde_HashTable php83-pecl-APCu php83-pecl-imagick php83-pecl-mcrypt php83-pecl-redis php83-posix php83-session php83-simplexml php83-sodium php83-sysvsem php83-xml php83-xmlreader php83-xmlwriter php83-xsl php83-zip php83-zlib pkg redis sudo diff --git a/jails/config/common/12.3-RELEASE.bzip2 b/jails/config/common/12.3-RELEASE.bzip2 deleted file mode 100644 index f136d66c56d54d32edda583d8bdce4f5dd8bc20e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 281897 zcmV)hK%>7xT4*^jL0KkKStu_u_yKpyfB*mg|M!3Y|NsC0|NsC0|NsBa&)Kbee!ma< zc;{@qk=SF;{oAFucLN;&0F&uO2b+7Dxw-W?ra2apdy0MG$LdpQnKvAy7sqSk9tkwjY6=V8ZMCsm@QDRqGH%<1o9j*=pD z!l4pOnFt6fy)*#G#k~h`1d7|RH(K90i=UKYJd)bkR*t9)ljsypj1QCNh*q@AXI>n5kMZX zB#}W>D!nu{iY3xUh!UzO08tT8fO-Q7LW*6D*k$U5r9wgg4?qs=BDyj~0s&D_l`BBN zhR40(>76S*XaE`!Dk7kO0=?bAyZ{3l+t_YVfB*n!008QR00BS>19jr@cmNfUlz=D_ z73&I(m<3d+M_kt1&@}CA_23jIlJEyg6R$mu`1&H+J^*tN;Kg008$C^__9O zJ-yoZz2|cFghk69H>&56$JyrIbGsWZ$!W8Dj~8bzz3>OOczvGgcecv+vwHBZ#9LGC z&KAw=(XA@)aOu;x&JF;c^z_}jZ?}Q&JRR+88*jTbV+dS>< z?s5*kop1{a%-Cz(8uhKc?%T(m?H#?kySsaM0^Lj4ZX3Plw!JRZZIN~Wo!bT-S8lsy zwwSJW02!z{omw{AwzhZAdH`QvUnK)kN`+6ew=*lvyWLko)hSFPOjT;ZN12C+<*Z02rV(`paI?k)TujcUjTFlg*q74*bcJb02M$- zSG;%t1JZz`&uY=9vhV;oP)ZI@a?Ah@8K|H^=+mdC000UT)6hLoY`_3|4i^RNz;-fS zvAL6)*ehPQF+dw&zIVpnQ===+=XTX)L#7?x@wK@qpcUy|vD45FyV2YhicH07~D!aV7=#v>_*h6it zve?>S(>gV*?%)~Q-EKE>XR)L0_a8?%HAgh(af-grJ7;qd=htl5#dvFyT?;`F?4=UN7=6khu zP&;-q>$h=Nwzlrg*za|{n$)XYt6z1y zs$*-bw=>8sGh(LXwY=hZMJIa_o9FtdLUH*J?hHqcVo15pfYz1CwA>y zO>1DKwPrg9Lw1_v&uw+-KI{nrR8dMEnKk6;nO4Vb9BiRVflF#88KR=KJ8kzJNZ+Etlz0 zFJJ%$sZlq1?`#M>a+IFKAiWaRHANd>%&={#n`msU zTMa5(w)FHO>l(xrLA}F{)-*Jw6*myKYQb01*n9FK2;(QmvS= ztgQi|LG6N_XcXIRnnuA{?5;f~6PiokAgmZgym?8phfLYu&q6c6*IcQVNo}?>C;8tyg*J1rVr06z?jhtB^f-sAp#_Oh?|jb$k||BUVLn}0Bo|-%HL1@iWRkuT=u>Xx@ zKe1Bn{P*jd@2`osrOKm-}G@6L~;VOE-A4L(I&GGV~C#Vhx8^ zPVo^^B+XER6eixZ;~2#k#k$3sp>uTj#xZvgjbgBq%|s`=c@K3aO-Z#v9$g6_!K->N zB}FJVFH{~)LWq$@AS%14f}BgjG!?4`6eB>mr+c`FyO)}}nyQ*s3V9o9Lo?0z^Ec9vmA!O%nBHW zf|R8yidu6F!2t|1oXlbZFyl^&f`bfkCKRY3)Zqajk`NFSsSptWkxZlzG@?XBMO2fF zIXRe+5knA^i$yUOWLY&XNreSKW*JDKnU)Y`7-D3FBTUpYL=;m7Sd&oFP(;M$W`ELJ z5)n`|I*sfx5|JnvB0@GmW2DGA!88mMffGQJ0T3}X6eKdy0Z@=ZQBZN|HNXIfY%w~S zibp~XsA@wDKv5|mq#|e~px}-{jAAhuBmn^i97JDJN+3v}Ef7SW_DnJ+fGkD|3{c*0 z&y5R|D59Q#I+FttKjI00y+A}Tf79j{zuBPDK@5=x5(Y>gF0)8W#D+l@5nuHL4(NEo zdu!S1phMpSEWnT}1p*-{8U!hzB1C(Gm;jV2(6vo0Kt!xS6cj#qdS#+4AUk*evwg0Z z!D)jShTXTXSCzliU{A&;g2}-bFM`2|_61G%X_n87QMlf<%-rrUc1RDGC67c_5}rVsb*V zqGEG0%rHo$ijq+6JVgvsktSF{9Pk^`ES{v0HMj+G^H zS&BdJe_MdyxA=^$FD*+mib_XE|CId`LoYTA5KNSv)?)pBTfrL`Pxkj+P;Im!uxmfv zg~;K5&QA2WugQ2}NFqdRL=X6zIG=~+#C_kovdkrd0%x@Up3JfPkkl?W;i7dc*$Bkp29|B8tFOh~;k{c3nzu=f*62`}Cp&34^ zf5rcEKMpz~@rPX#g6XZ?mh$EN2%t|t9CwgTXe2@M`XD#0e#b)MXuq}%k)s@AfA2*H zpniUMTp@~Zd`>@gGeLnI% zC)3#cK*=iia~4 zyd)kwC}+(gqQaw?)?zu+0z{4ULPw$mK~Q1khrY-46Gz=IgUdD1WR@X zfuM#Wk{B3coT1KSK#7r<#bTNbqZ$KAh&foOj2ZD9q0ea|vLlG3!r_HCoD4~aF|^oX zbOoYZT0|VU;y@ybbsR{OHJS{Gn+l5&O=Jk5=w450#MU^bqe;BP#I)9Qj5%p>#DKu0 zjSQV6se9GFW}v8nfq}fbbS@$(tgzG)HWUj9j3}3mY8*^WEEFP4BtbR?M1+BHAx$L8 z8U+}EaLLvNlW63Pg<_is5EOF(hA`}Ghe)TX1?Y5WJ?76t4#tRK17s>ygB&816bB?Q zM6l98fIyK^q@Oi}#^O0(YraNdnM?wN%gu#GBbv(&8lkeVtWrh>((y%}lak5lONS$o zGQvqQgd{+|64zO^MX#6B@_BpTo0J}bK{PahQBgG%1uX~WvZ;t;`?eycp$vr`O0=v( ze3{DZ<*v|`ZATkmajN}!E};qXvJiyJJveGU78cl!`HVWmkb?_mBuxQGM&*YMXT`;& zG>EpooSxq;n~0=}Vkw{^s)&u5GE|WRMFhnS5W__i1w>3FK@IX* zP*Ri>1x*yO6ID!0MFj-`0X0;iK{7xUKbtU#f|!Cxy^)7g#PHV0lh^iW=WT{%gyvw< zVSr~$FscfsNQt6kDOr*zq6n6VfPk5)m~|LQ6Hi<+ASh|n7(GNJwg?N@55iVjv=kh@z?B~?s>OEnO{RLMzA3sg-M!3|8sAX3c4Nl_C?5EM|96;uUHL{${b zFjG+s%23o0@d=n+V^{pVGNzWGsUjL=lglxxR)UhKIE=nOJU&lPtKGhZSVl6Gk=H46 z3{YUrh;L* zVB}Oybs%yHCiHp_lhMEr421VUB$7f&NT_0PCn1mpDk9fi- zaHo{oUUmk~xgrcA_yr9LU$ZQknex}Sj;^ZH%$AB7k5%X_vO^398Aw@CDIkD9uQDoS zqN2-WQK*J;U+rngS~VtFIMW#Z4N~h^=gwi8Z4<3B7mgA_huTyCW#=AS2z`; zHfglefdNlTDPu(7R%Q%e5$rR|j1CJkGMOeUEHJ|q%cNmOu<_Dm6cHx&>sc8=5fo&O z3~CXf#)3HD5Q#!T#z;6rCjzRXs3@BVDZ1g3#AT4gR76gT{(3lrTga;*tekSdki!B9 zsw$#dLgNP^v^YADFRTSq7|-T-7Dn7sM%ru{t4Q*G=*^iDMOBU%P?L<|HcnViTT@X| z8Y+t@s{DDCBt%rOimB%@FB5!x@wc zl-5x0DlmM0DkcyaXslP&5(v%cbyF`|<`(~Mv`ehQ3CO1jr70Q$C@6uYN&=b<=0wCy z5YVrl{eGH1zy1oOm!=S5-bTYjP!d!g6=4ZfB~etz zxA@rPLfc4-6K@?X-_z&+MZZ1|A5l6R4_OzH*~8<{gi~#~_DS>BzlYvLy<2B- z8a%CgRJ;zJbiEO9ho3!gvH2`e{e*mBpU8F;*eX?G^P&Yx5Fk5=>LOlc9j0>;)TR8HBF|d&p@~)Vo145HYB-2?9*Sh$zGq&`+dSyn#_i7^+1H zOu(cECZnl2j7KX-+MBH=Ls4^uWd;PTQ8klgR85Dh#Bu|gN|FHr@}buug%nPO2++W= zb)2c91R;SMf@B(s15^)bl@8#6bFA(y*CZYiP6GFF-+g}jSm+^%2yLa|1LR%`j=Gcv zEh9-qB5ld?$n6~BOc*W{VMQR(9wY{dL*$KS9&o3o2loB>}oM^>KUl-U5n5743U z_L>={6jDkdAwmL#vN;YA6vU7TN__hA+<}fQ4se~xS(-DI`MkAI})Pnp? z{0J^n4I4WOm^14+Ek0%tIcIlGkinVpA>ibT=kklO!G%Y4MiEPf37QS|mJt$#_gzj*Pzbh5u?n321CR& zbU_SZm_X3TrJ@-VOv-RK6flFX;YH2nLCn@fu}sN?iI4*F`&@|uK(H?qfbvz+R6tLG z6K2AqM2yPM&^ft7km1DILsE%wrt;Qx0x@F(j6LH%Y&jZ@vu5F|_Wu;op!(|ziL_lK ziE`RW28hh2;8V8-A*|eOC5b6*th76g#e)c1iyJkT^vp>Z!-3;Vq(IvzZXQfY6nT6d z0jJw>c@cB{8st)d@MU5}mWHSbAz~q*ii(M-P$H-qBATV5X#|jv3W$P5W(Y|jpqL4X zC?*LBMy6tbtoLo>o;CwNEk+$*y;A^vh?9Q?FxeP>!Zej;%AUuOTEYDrP|*h3D?~Tq7T*5)+O; zFFtsIK#w0nxWJMhJMSOk{Aron(z#P3XL!`x5OhDWY(y4p?TnAlK=rpLNr)gM>taXO zL#g?3wdgjB1;^3YO!*oEfJ-q=0`r(?>l8}}4c@$CeoOHTK?D#%tmJ<;Tgsg%F%`t* z4oI#BFB1$Kk`NXUT`0%j=sYiP!=UsSs)-2cVS?#z*EtY6M7s+TS#!^4oV|Nxw_tmw zWKRTo`YSCdFu@Mq2{Rb{aD+h~y!p(od%Ab)00|fgFv|Ay^Kj?L-e<(+q=qCjWk*?i z8)3Q9@adUdQ(5DBSYk6a*L2l;2(HR4j50c!s>FM&$e@;Gfdu=@0K5_;4CQSCTxL5+ zjk?D1AP~*LQA0>RuV;@Qjwos-nuM>e0}Ce^ngS>)ib80p27rQ6V1OlwA^6;ID3GBh zOHO2vGko~vs|cz2jL8V5Sb}O2qI#lh#1Mhh?FR4(U}nvRKZ~w64g~fmId)^F7x2^?2UW+0k z{al!as3KZQA}NZZA*N}jprV9{Bq*Xu37QIG0;-BBqDGj2peYhkikXRnF#N}c8=#HG z5D^f}h8SaiJy}x(M3hMfY|4sV<9=Lqti+;1vM)`eN}d!1P&km0F0<-183#;UsHy~r zjm|{HA(@3^P~l4lt1q@qXb>JOX;GPACK&<-QUyqg zXdsc|I0OEP<`hJb>hh#Df2NQoedWND+-fst8(hG1l&1T+OwED%tE5lvFjBo081 zMNL$ZLkI+_&iL!sju9v*9$*Znq)3DcAdsM>NLU6H7&y!Vib_b5iM578OoUQNAweWF zAxETh3M7&m4w*t7b2Q{(K#D+9EU5?*5;w{2Q5xy8O9myBMNrLH4v2& z#6b~5Nl_6(P&7ouL_1>wW+)0tNQ9awh$v!)Vr?bsg#$!O3W5DxQm;rFvNWJE>W;KQ z{MdAjQ&Q9tM9l$F1k@D-BuQ0MRMjN|LnM_k1VqSD5kWA-(Nfg21kDtZQB+V=loH87 z5={e5R8Ulr1XW5!F+mkAB)~%wLo$#=cl%$FJ zEJ%=#(fB?3H%HGHhe#BY=)&)}RP4VMqD1u0AuP!fLNLNqUbCjO=<@n6vnH~xxjv{> z1`@q}+@1W(%+Q+W0zIVXOf#=tXSqCxYKW?; zs;JjaOp>C%7C3sopNnbRjCc)!y#xJjX+}0fyuX~Exq+t7kq<=A&w=5brcUPYdt6Z(GXgU+BN>p2s3S7V463X!#HxzQna40;sIfX=t`ZQj zB&bM+81|GyKoh5D$D`Co6$K4cR3A4~atqamrU8#f+q)4A!bzUK{atu-%V}0E45+A^ zhJOd-liYnVR8>*5^}B4}y}h9mE@>CA|Z_=Z1==K8ekiU=#f%w!0jZ1!`W{= zlG6&HFYDFx9;^$`swe65`*6GE8NRwe#-G%HNNx;yE;dbl5Xtd0a#8vAL%DDG^2MqX zmF|`;{eA9fTvrdw2>-1zaRi*xK8d)ly ze%LegU*lTrkk!G!^q3rw?8dc>U)rmjX0~6UwCctxf5>K@!^TPwUmv6f1yf8l3^?@? z?PNxQ)!lX{_!kbl*tkS)2Fm^e*K zZ0_H;YJnaq|B*yj6tPfbU;UM8>|yw7dmxnUjn5A~K}KV%sxn2WpZrKe1t^a0h%piL zT@;jFBnYZ--6ZJ4o!F9anxZjk<=JxG11*)X4x%EuG)udoKB|iG$UL zK%-waKhA*&O&xhQ@PDw0QUukY!mr9Z7#JZ&XI-@K74pv zanAMB(cOhDBwf{__!llmO0ttyQ!1KjtEXeX7eTmbU@r^kQ)kVguI+hh==AFw!3^4w=oikMsl2%)$+NB1Xf<9A~EeyF^G2iYYi1DR(umN>;UAp+}MCtZ{I`Jwyyh zNWW^@xgkLZ?1cguVuS&X0vr#iZ|?BG@2MKSk=pwx7ajS)?0uP`Mkg+T+5!rw`LMMn zlO0}4rtK|U6PAr&!QdX%5=g@F$;E|R!qm%x-(>37Y5eEQ%hwhhBFJ}i@Nwj(B3yl5 z68hwVN#M93IXU~{GC)AEf!T2$Me%MteX2xaU2~8wLQLv8x(@_ccwU5kJde6LInk6K z>RpOpq20E-e75H)<^`gm72XJ7r~|5gcFe$%Q&Ng|Xz1A!oMU}3lM*_4UB&cYGUY-z zXM1pgw>NX4sOjhC75jqR`-P9j0^h2xHtAeQqp^Y2B4jNVCF<;QgjAbhL5ixY*AR*; z(uJ{`jJ9QIt86`FFxy+3vb9AVA=RvT!aZ;@gi1+{yX>OTboU6dTaM0FoV$r|AIzdy*p&fj32}YC_xY z>EZNFsj8OL;=X-4po?=9Qu(mzfk$Q+YvrXktY%l)U1j~VtXM^Po{JU#;e$ao4s#9-xq7i_M^VQT9lkmDeDgm-M6|K8{%L;G zzepbJPXnlz4w}xRM~^SJvXM*IrAqBQzKhZL=*Ezb0`{-YvBC;5o7lXo;3MxFeb0?> z=(BqVz*nDiD3VDei3uunB)o{#*0hZGddK_vhI{y*~;~zL+<} z?I_ z{A=W3)2tm%8T>T^h;`iWgd^g(JYfdlfq+;IKupajB&FF92@+!)=}4YQ`S2%JdVXDn zk-jiM?2~c3hWtq1&x^?=cU}Z*c^wr_a7L}cepG{M|0?l0+q;c=Yc=*iJ^Jmm?t5_+ z$^{f$Q-}s9U$4HWE52OhThGD2mg#gP{C|>`mXpSP){V{AzO4ApD;>9MQ0i3`K~+Fe zYAmLU!x=K|RO`6(y-G}2G0bT!At71HoyY8+_JMId(`TrG*4w|<&~^^^P}Xn8tVTbB zQs=|J+P_hOvG-*vXjcL0ay&0+sV-&~@seIcTb_(nhZQ$hT^GwF+wu2U%&{RE9Su7$ zKA&OOJYjOZY-btHLcKVV43Z3QX>7R8WHzi8mJJmwKOX|Mld!5Pn0YpXrQAFY zLbgMpXAsgw`Dff>Uf&;K2s?d;$DJvrP)vBDM7Rsio?`4sAcUB1=vT+~yqu9uNfbko zxt|q1qqod|WsD8eSqE9F9Y}kPSV?4ls0LO;NGMvO1&sJ|vF~1Bj2_BtLw%Bj(eKqn z5%;Ay^Xlv157Eq`L38VH+w2XHTp_vzMGjC5Z$n}kyiEyji5VU{&%$(1;p#a2n9hXX zv3=&Gb+}t`D^@=E|Dh2vt)UH2LrPZ5_iZ;q7jcgv%W_w;U0qR)ja*>xkkN9(K9%oW ze0psEHRLZ{wwnEaHyI7CogZ6msEwsJzackomrP_3=9@Tu<1gTTK2tF=@2=hsCo{Tz zEM745ppA_ZMu@9{P)P;>HQ?{g?%WnIi1N0Fm{|EKyo`8`En|>^9VY8soB14wjaZ7c+$|%p zEwUHTnU%1whh5m+RpDt}u$*IRqR1&7^e25(mH|-g3~!1*l5{%42f0-w1H&y z+m6mCcyBMX?Uk1Z*(lM)QPt&7fkz`ve|D<7*OgUORa8|JCKMR!srr{gvd%}#2y-6X z-OY2N#8TQn7!SLZ-H7j4H;CL$wc!XV+l{p~<#1##!QU;f&&Ksb@L4ViTa~wduU@&# zpxp1IDooNmjX7JQGLD1UO>mT*Jvd6#t7XBbu2ti5467Z3k?Ld1j^`Ur#}Y8COUA&8 zDs5JwlH?u+_lP0B?ZuA2l7oUrd;G-igp$$;AadhJl!`dm+Ztz6o7xqc!EiG;IWY3- zF6>=ffFyqdLCGCwPRW>jU__Iji`*@cd~ppCxnuB8H8lSn(jcT7mb2qt23pOwE#G_+ zE5mw0M=JK|yi6`GcHL&USzCEL|2pu5RPQ(xNFhetbr#i$Sn}HNykP@#-r!cMC<-ZR zqbhWLJbe2#KQ~k;Q<;+GTMA=5RZHQZprh$wwNfw|EFvEy>{-ragxBxNUI~=wfp#S9 z_We`GqZ@Hnf>n%TeR0QpvyW4WAw?)MRHJHThP57f=#HDuh3=1CySKZ? zzW=5wfYtSE_qn?V+T%ire zO;M}9a#6^%igH#t8rnXd>Qr6O_~>uVqh#1v^Nf)2t#4|ZO!*F<^m!#7TKayP!SB?3 zUytQ5@asyQvehSlf9a#PaS6{Wd{e|{Y4-=Dkd|Bdl^T4L4=E+tn zC~n%vK&pYo2u}1da&H4Ah%=%yq zor!md0ZB)NW9{V|m2GCI+JpFT<#MvR_qN#DVIHJFfGTw|Vh!Nr zZSJjMI2U46agYrVYX6X=T~LM!-FoAfBD|llA=Da#2=aIJg^aI&rS}#TG?5lS)-${a zzX!(X>|eXR{_i`vOoO{`0v&?By`@Y72gwgY9BL9H!yi02%+_b$82=*VdnrKSi)vgfLSJssZ72Uj0VM#Gjg>Z zW0ry)GqX(pOefUSXRl6;cL*^NR9B0e0by0IpT{)P(S>A(S%SX-N7JnRm(R`D-Yzg6 zs3d}^uY5b_Ze{Fg4f?3Nd{y;IX1G^Xktu~M(|gbAYc)vuWI}3~<$nS{A>%Wi$lI^k zA0@*Yvu-pwYgJbE+QCqo7DAnquDQy_YOIY!P{jHB$H-?ljOeZ*M`Qz;J3qr8$uX;^ zX!=S!lnVQ`9-03Roj+IIw=5UT9Fx3(5q2@dsP~{VRe4}RpX+ug+s`=B8jb)1&Hx=-NelhHxE7>aU5rRjTW-n6-r%%4{2+4Cr9dqW=bP-47=OW47wF$2la`YFEaYeSB%L zwpm?yrY5cBYviR9dF+<{J>B!Z?o_e}&_>-0Ora?zyrI1}CNVVG2_z4^us4}%$jqSL zT9r$)xX`jA&(8lQe;qj~)V6GBzutGv%N9+BMGJA@F2QBH-NfInuA)^ei>ZqC;l3Ah ze15$!io3U0CvVyLVhBC@y8k1`gseOIPg#e+qvT>tU}^*lJNaqGFikSx;FtjZCXGeB zIcWFx`eqt-1Lzw>1PCPNka%BA-+NYyCk%-l;ZP&P!F`8fEqw2IjX`7!W~<-es_bo$ z`^s;;e*OjINT0Fi`SsfR3~Tmpug{zV5bfpc=q4&Wym53s28lf^W1Fh)ww!~Kg)BVO zcpr4BKP8RQB0eWa=}Jx33-&MmUY`7WHQ+BDPlizVo7|zt#AVxV{CnfHWyq~}!(a{t zUbim8yd{lunojBrUj%G@F@3P4hz+67zMksy?9u3fW%c~8pgVAVa46+zsk_$7FifGd z)h)O;X*3^%DoXg)@gGi)z8G>PlO<;Q;B`X#%OuT5W)~hh0(Qb=^QSB4jib*cYEl<& z@{%@RyAxM^!;?6U+Ps|5JS($Yikp-)_X$1P%6g{3wp*7>GPVx)xM)%l!dj0OSkri` zZFD>aCOBMy^DhHbehhKkMk1vA;g4w)?j8PTrnckr%T@%t5_eWW#g*=V9M%Sg}?wrJ`)$)$?e>SIza)+g2D{y}X#+7}b=v zm7X{a1v_|hcWLoiR@(8yJG@2_@Ndc6PVF(m(yKV=<^Jb|q68E`PrXn?AfN-N275N$ z+_g&=c7NBd&h7l%KgDMH+mcy$`0+2@R{UjTDp;)jJ7yI_Q?91tp?*qQn|eAhFw39H z`uQxs&RJ~#mNClWJv&?S!0Ga7-QDHar?1=Bn>8>HOo2O^9pk{J0})lKRi zB@o`C1$_~J@YKYW2yAMLm%;S)RZ&$EYMYyaxPOD1+)}<}$xHtv@wVJ5kb915QE1Ne{9E%x$pbv zecs>f-Z|(kIdQSl%(r#V#p+8F}HilQzxGT@?Iu~G}4s*mY4@bZ6;k8hj3Pd5f4 zPh9z+us>XN!haX{SD%*;9rVAwrueNERz}(H(qnslpqiPg|nWN;nU%gQp=|b z*^ZqDZj@h$SeM-{SpUWky`Fl?le~baZY!YMiikH6u%x4tN2_V4= zqaup0m-N{j7KM<_d{%T9jc?mcRu!u%NmB&{QLs5`4gT@)tDGlhEx&7=e5Tvqbz=jT zv}+^ZWf#LTAs-0JipwjE4QnczOl|Y&ti;$2f(E&=-sD3=rv6rsQ%7_q8bU>2B4lWS z_x!@5okNSn_~01R7{}ZE*j7K61*1NHJA9g)_*DKUjAQR2V`EJkeN=ncR#Pp1CQliC z``5qcrSeW^c7JQOzuDCIJ%_0U1|g=$6epSB-Yieg<3q7@h`~gLB!GflEOqJq`+9g+ z`!?95f57qGxif$CM6m3Ink-+u&GdwV)oqwLsxPA|XoU1h_r~lR;`PiH z@7JQO0tg75f28DEYm^|=`D=glo9=t-zAFpxhZy#2Bh~r)YNU#tn0+pV3_2KdKK@90?Z2xr*j4#8nWT05qmAJ+OlkS zUFFdYIN0?dz59ymo_0}AeO5jzYVK?7wv451__ME~&2HFfkmNrsFoH%f{E)T{!)sXx z=&luXL!T`dwd!MqmlO~gwyCEd=;CJdiG4(1^8DvD&+-2oq2@#p1M(H3{|Guh4j0Ng zPAPnxp5B?o`%bOB;%X6Wctmj7-y>dG3qBOu6>j0mE9XvKG+$3%9_WHTkM^f95#v~g zk7KS#gQki!XEw7(7I;b3MO7?s0vurCrA_Di*6&}6IF@0LVx9;^+Z&EaS~YIIl}b>} zSBwxY@8G?|)ivGXn^j_*zO~tX&=gR|c3UmgcG6PUyB*9dRFcdXQxpEE5 zk+L!hDv_zCV*Tv?sZ7HFqCYp>mx#* z=a1ac{Sxv1`}~jB?VRn8yOm%=s|RyaY)~;ES6gk1G`}`5=J@9Yg*>k4IJQ5lcAT$i z8I;O+%9eT8z8AF*eC6xGu!h;(L6HKbAQrDR%>@thd*LW2Y`+z&EmA_5%l1NZVjG|g zjKE;GLqEkepL93W?d!graBBWvHF4L@PDXQ1_X>{*&zcfZegCt-^>s0CHBXAx$}pU~ z6PqXzst!tBS(L78cn6aS$q7ENX!eELP!-98`cS zDoa6JU^1x~Z~CL}rc|S_-Y>gGsb}$df70K1lKhlq`gHub-m+L}i^DZ5WJo)!-JYGl zjfT4{)w4};Td%R((^RV8F3YuJIaLk+$q3KuYcCOj5mEVJ^FUvwF9`h;;i`|m z7{?e&5%hG(lF_}g<(U8jT&{gHE&NIH@l-e) zqa_i(0*328=o+s@p!eEGIXhi(`KD+!ffPip4ax_*D8v;+0lQ?WyT5q2@Yd&x7C~0P3X_!^OO(dG;tGA ze|j;ADlZ(#iatK}wQDOXkeMTA=tvLvcCn_$aK-T12r^{hpH^r0AH^U;2_$dJT7lAe z{a73h>64+M2t~pLGX@cmP*KL89o-9(nJ&*WH01Asm{L_poZae!C7;a@_40Q5B6SYI z5OT9$injV>V2(1s#A-Ph+om_Hsk_|6rpF4czNTA?q^#swqOee7w7yX#Op zO5;Y!X(79~vS)gdNXcp`G9%}n7pQ1aQyM1YvM3sUMFRsE6AHxoXQTW3{TP59WkP^y z0i;i}F{z1RqU~<+X*92jOdnrMc@#Yyy&Z7ovbe$e=k(tWKg${S)w1H}s_C_8tQP>9 zGvW5Q4r;qxefq{DfA4t6UHItu9wk0rdiIS8i&l8~@9?R9gnjS#nbI2()22Fz-(6e{ zbF+iL4VTq3zkl?=Q^(T?)kU8quW#_SzO!CFsf2%6AlK_^rhAuy4cQK_y_Np9L9y|_ zOmF;}BW6kd<+^4s;eOUh`%4&o-#_6fkb57=4Yd3HC{{IPMrI~XHcmMidoRH!9AUwh zRM1(TtTm{N{?=tSsE9u;`#ty^beuW8R~k6Djm1e+eH9tsdfeo04!HiH-v7z8V@RyM zI5#25$$)*bq`b`<6Sg`hSo3#GTw!McYd}HrtGBl8mtH*8YilObz2sS~CG~$s4VO5x z?x?$)2L3g=+G2l$2-$9FF;q~Ro*Jce7}-kWU3XHSKB_?o8x^hcFPGwh7+|(TDEcgt z@Xj~%)chlzu&$6n>x`a7A36^xj(zYx7~9P)@sIQIQN>5+k5OBV4G&qG734s`E>G`-!kLi|(bnPoZo~s(#rIam`P?D9u&fSDEeEv3px{hpyE%L%B_)6~!OA6IC zbYP5|ZHR~mk|S)-*@5tZwsUJA2>XX4>Mkno2F8C5`%i@6@YCsBI<0e^ShcFEo^@MvYT zDQZ!*Or4&6^DQ7s?LIiyI_5tpuCV?71IRA|3a~c{?y0tRSk=cwae%a*D=I6>X%S63 z+W2)_XNsh`7k^DFIdLjbYw%pP>~89(V;8$tyR_#CMRFrI)p}rOlykC1`s|B0iMwj? zMKRteK~?vhLBWxONf(4Prfbi9a$B0L=Jv_i)itjal(gTwnJd$DuP$1T=U2XOfATUQ z+`IA71J2*G=JV|F4dr&zzs8ePxz_+KSUReee$V}n@5BBx#S{B`^Cb*!F&YpPyi3sZ zVFZug-=ZI987Cs!P`$f*xjW4tSwAFOzY%$-3i+3!O}L?q?$eReY?BV{k1x%efoy{S zML@d0REgb`%O*0ZC1A)<(rA>Blwx1p5m2i)qLlsGTnKB8qLEykr3NWizF53Q^D9n+ z845~_%?DCA)Ini{2*io~>YSMj{FI6i==3?h26PIz%Jq3e0zx@(@Eb849** z_bdFII5kOPqG#s2L~F}tz`T9<u;)$qx2TW{6H=55)e)>`aXqU z$}2jt7a3Q~*?&^u)nl^ql?NwmdZD#=FPr7!>EPw;wh$K9x^OCOs|*gU8kY3>)M1=q z+1l$YcF95^*AtFL+#G~#wbtXV*+y9{idac&b=w^qq_UPUZbsZ{D;yys8fB5%;N^~3 z{J+of*ngAwZa4CwL1z3Q&ARM-P;j@0AlK&4)%j;Zy{DZB43r2 zrZSZ)bF1dC?cEuva>a0VjRsNQk*Bjn?}rikC-eB;zu5V2q4zN?-=wo7PzS7kjsgWz zWExaT8UZRKy{e3$3%w7l`^_;Y&FSmskDuRTl+4{oWyd?n5y0g8Q^j27e`gZY4oi3C zd1Z4^Xv})gimqA5YRvKYGk(9g{14~Ycj%sHdvdIlHLm~hG2-Bg%Z8^qV+U=k4>V&q zwAF?5e}WQ+sbui;K&OmrETHNrcCWULg2t}fUI#I^);{B8T$M|^-)#0n2C)acq#HA!M z@;9ev8E{MoeAtCeSj;CazhzZDZx&KSV zkn0=BL?spdIo$(91vA}zz%~Q`B#s3Vnp4eG9?S!>9y<2<&YTeWyqR8F7)z4njG0wb z(ABGei1aNZDpY*zT_(5Nc4bqveRT(P39V-R2VUAgovym3xtOgYZSXoKu!hE-yqDm$ z&p%&8Pi2ad;S826%T!wicZ7&TL@L>>$@A-^3v2RM7)0*=Et8Eb8{JG_!2DBr%%StD zNpbGot`-%lHxrm-Ap>`=eZ6-|h*sKMu&qZ;5*`>zggBAwf~u!xo*xP8+gf|wm%&Yt&lbZmShbTgEtcR$W-BzRQMI4L zDmlAyWcg~EW>(0|%F*=0>&!7rGL3aJuXK{QO{({5sJdF*!(HFT!TgG!cUJlK%qmRP zENlJi$E#>o77BY=iz{XDRkyw`+p#<Sox~s3= zsOc6+7!5@eB+W%#M$TV@Wq~z*O>Gs2Ga|*1-lqePn?TiM z%E!|F$;y5d%h7D8fDX(eBV7F9@qdf3*`fNLQb6XvAEm*is-+Qab>KZ znRq)XiH&)oxQ5qnYv<>U&>cORO~kvm%2+VLx#Jl9e$JYX)e4K3^kO#^y@ob&wfz;) zA!mDSU%!%u;~rnpeDvhlvxbiAkPO|Ej}R;RuRwt@xN)&-HqNfk6}MaQR$WMPIy%_n zBB!ZYZ8DoN^S2nScM7v1F2!uoyutc55L(IO)M{~yb1S7(c8C9vNrw2m6j!D>pES>&kaS4;KtQSs(q`; zSjZ}$TB1~XVD??u_Wd@Q%cV(lXntsH$XkfY=8*?BP41J?Q+hS{NHA*1Eq{^I#o zQ*X@!XC06wvi|oM;l1iwx@c&#oRQ~Fi3|th_o0@nd1!hpYu2@}UjmTn>^D$Y?c#1{ z?eDjyJ}fZLLCjH6R8U;i8y!XRj8#QfvQQm$@^jb6BiU{2&RLI7M?Lm+UzM32E+bp> zG)wb#UR5Q(WwN?l{4DH-Q;Y5AW2?7a_r%T^HShvPyRU-N-L>9pd(ICxtD#~~oBCj1))5n~{Y!Li#W3LkhU27x7yRzu3*US=*8dCcI#9?<<~t5T z+>N)En86iaOH0*KRVhjz9r*p3xEe|hmQ;-tg>Dl9Vj^1JWKl5(+3Y)X8(gioRE~}> zKSok4YA_acoSCp2*BKprUei_HQqjY^SP%VtLgg6i16|- zUC|`j=v+3ntF>q?7Ul6UZjIUUZELx_tdfl#xodj!z7{OG>s+S5OR7Z#QY9E8=j@My z1K2ci;^7BB!%*B37VU%yDb*&WOxCC3=<8iaEb3dma~xFDr*^N^DNCJ!mrfnn;_=YT zK~IX9xnioNkG;;NrVSn!X-U^2srsz^VqvHsi4^uJ+FQ2p%a8rBxvjGnsV|oU#8czZ-;|k&2ee_H8yv&x3co|G&6K7+(M-5 zUK#8r$@s@xz};Fp*MA3u>=i}A(yFS)9W4j-t?h5IY{G)}bTfq)$Y9;Qn9nGh6y?)b z3wai*;`P*h3>$v4oR|`_^MGe?*%(EuSdGzu;qF|DTE>V`}#W^%n6$|id zAn#mQ<6^L1F{f;L%Obr^910Gr>AEj%_jN$(RJBMMXj~%{X*O#;+*;r|gc~sk(qX;(pW#I4Re63xLv0ywJ&1@j= z#>g+k#9w=1@mHx}v(TFt6^4kJEUP$|F5iBe8z#RUM(td6)Km(4-^oy){i%+F~2AkJd7l{`u~_2RKOgY1Qh#eS41cPu?`{b|nwNBULC zlOV;1gbHJaBacjfS1<|u+0IR;=RkOVo;D&dL!+FjOm07tS9{%)_}|qL-+o_=Fc8GOF(pjLE!)j zpU+?IvQP*N+3xMqu4rP^l0O)~-Mr#HZnM;Jort1(IjGT#u#i{-5d=joOchobP#KY< z^z84(2NnW^;Sf=u!G^nf9qr;ctiZvO_kEeO;b3~N!bhuFfFq?=sAwez`i|umPAZ{M zBc`!@^#^Sd6$|}+y5EG51VIa}7AsiecWG=7!bz{=V*xVzCq#;(EXF|ID4Ynjcx4ZF zb!28JnJX#_iQ{|ioc%TS;a(bLYD$#@#@IHA84TqqJzo)95b`{XFo`HgAczQp0#T9z zn2HIBiKYS}Vj2<%Vic5yAt_)Y5+H?%CKzCeXqaJ$fq{r2h#-O>i6R;ZVi*D#h=>?~ zh>0c^h#-g}We6ewn1Ui12}p^82nZmEN)jPrLLeXrh=K-Wk|2me30Mjuh=KwFA|Qxh zlprD!5+KrIKL{AiqwwC1e`JsEM&I`MEqw9179@%wsDYm%$s^ScdH9BCf&yUU0>RPf z&~4pBF$25|GFJ$opvV-|BSuJMgZ2*Iz7NI}wwu)+}m^#ny-i-G&aZj6@t~nnLC@k)f8OI_<;Zy-3>K$ne86ENez5QvgDvw{AKQG;SX+AKgMfHvB*0NNz@sBz-x zB*6o}(cwY?o;_isWF&$?CH97Y&n&-;cy_?x9N=`Z0E3^tSUq#MlIiUFul(g~nCpFp zVh9C@C>(?kK-7C5vA;ztB(OWmnyu9qvkh;uxuonx2!x0Zri2}JP9d(b2&7~);fG1P z4Y0_Nz}9OZ-upb?vnKJ9H&fXTn6I)i(na`^NhJ1>S!N->S0ScHdJ*jhj1Jvd493nV z9Y(c^GzY`%yvA+a-+}7P+HDDLHp7v=zJ$IV$MV$c4C7po;mGra*qO~vd@W=9m9i>x(SuJ@8`epVVX8?nTA>AUx zq{FUx_aM6q0;~|*rO}Co;KXh;2#|bA#1#h&ed0JZfVeS3dR2 z4rr(FD=ErOVu9sgorPg=Qnu2gK4UyseC#&}dhxN<9%L2fL3PKr8hmZIy&(XtDE)f} z)p4=^dBf{^ryGWJn8GwcnNCG?6c#LwK!>pJXzpM~8%_q-HE&sO)2IGdMX9kvk=$3+ zo|x^f{IsrJyt?_U-gI>G!m(QkbearV3XL0$cg7fGU^s`{vA0Wg827v9R8OcKhMPFp z@F$3gWVB4@zWLNxQkH6J`Kx0J@lwHCVPEbhhEeDoNe+rFeANxQL0z`V42wB)p9)LI zWtz-tT%fh(dAW8l-p{HdT=l8OOK2SEcNM&C=^C#VbFAJawi^kd8q>4C*QAXdz? z)ajTc!Jt0ePK zV6WU~rV!n@GYpe=-(u2VBh%6R`Q^K#Wj2+lKm$0UjDWicL~x2kpaqyHQ$z@c5R48; z9q{5Dz8~FvGQyHr=~*krpFWg)^By#b%80^pjBtNZt@NNm?JkD?QdgyEk(w>f@_6x& zG4kTvl?~8mrug-8Rd0s7rZ#mTj)=qP)nKo}MK05J5EA>RX!zKo3W(5~bM$BaaaAl1 z&n=XJfoERpVvt?MQhV|au=6N%aoA;wcW2q!yP^WJA%XPwWozo4rzXd_h<-PWQAi44 zhW0ZQq!KuzG4wYQ%N-IbF<}wfvx6g&88un+!1vyoXG$>d4A6$zz;Jo3Jbi7Fu~ zLDHFM+?$ET@p~@@{HlnVrXxGWqR}N-8M5h;L%DK^8!%>xb)eU*6Y0 z&rvwV^!SwTlCF36KFuXv5Jnjv>O7ZpdI^TcX!SW=$WA)f1*+K3ubx(x6Pl{Jh{sNr z@tV=O^?EGl^w?InBuay3tW4sYt~p-5>tnq7OlC&>AHn!p+l-U4T|wj{>(u-DII>|i zR8Y2k21s)eL#bU&i>Hkz4G~suHR{A*^7)KiN&<;o?5#S}xgvukN!)N)nnZyCMI7B$ zQDz`{VF)tHCTkTHBj*{-DtTYcRNnsg!BcCt_(g2yhElJ-`nFVZ2Ba|BfCy^0rte8% zQ;}TxOSgSS~KZXrg)N#rxHZ7o*&8P@j&FI zb@J7$=DG}q3MXb&Vw3KZUYk<(LuNF&RWW!#oZp+hCmn}xhl6p@39ZXs%fAI@Ih5Y$ zv61k$8x4hE-dGtKI7CrU_z=-nkK~li1iI65D*mM}yw)kFy8{POUP>B0Ze~QUu&5|i znlo`EP@%mKB&i5!okyz)S!!EZ!HwhwISAN`WX{x9E3HS@1yM$1Of1mj9~E{G<+E%y zied%t)WPd91q=XD=VD|~om03$!x$&P=f0{QTtG53FR=6riVh5Qy<6Agh5ajydlag! zF}HMsA@}B)_WJZYY9c{v!pwhrTXbJkDorFp>&%z7z(gS3$h6HMBHY+fG)E`2ywePNA(us3ZwruXy5e{>#~}R+J|bVuuDiZA z;x3z6GzG9^`H~2CxgBQhF40wOYC5L-YUWbXt*`0V-J_zJT(Vct;fUCl8KmpJd&m|| zjf~4wq+3Xm&Khbh5dwvm)X%jvVQjO>R%9AoIr}uB)>$W|j$Y$vuwieqD!3FFU&4KM z>$~QR<7sC$q!Aqi%dqNH23chEe_?K(Y90{wpUKcH-{(5ta zn~UMf1_t5;oCv;asp{>KlaZ`(CQ4Y%VY%`@S^Qikx1I5z3YKxWa!cY;8uH|?haf1c z?_QlwG(b^ALmcCFR&H7~D@{uUuv=@TcJ6;uC0{@yYpEgfeCu8&;-ua|17?YD!Uqff zZj8BC`lX>fX{@NqStZJ-#yW%o>V$6zrZBvIQAj*!W{)?_&?dq4CkNq zztcz9EDm2!Qe(8MzS?L{=h5Zun^$M9{c zGF#(X$`(D_(JZ!)7_y!;akkBmUWP_n6%$g_uB$~+ORn&LM(tZ^x1uzwtX^(REL{y| z%Di2{b-VPpeN{+0>nkDC9lg0%+?bjkW@~X)gFJ~- zC(7im#D*>isw%s-o?^S868QLyR;<0-{j!w%IsUrDEb*dj#Qi8I>`LwQAZ%@#nc=@) zipd%@T?9n`kcL0XrnM0F-lvTG#9(t_^tJk7CX7tZsvT#!zmV1UDZfcE0|o~TCaO{P`A_Pt{Tg$*`*@8FNs3}7-0v<^Bhr;63Qz^uIXvIR=TAV z(#EH+K7-aO#y;ty1P_*8-{y)Zl1X2+cEn*rBl7h0?1nN_?9l*ipAToJ#mKh3U0*lX zg*m75)5NjLFr~wHAyE)W0|D+NtcX$1A^A7v(LP z!L%fs1BC(6EvuqYQ)xx>y|^doXl(OE1JWpWVa`U{p=Eq(MLc9Ctfs!Dh(QoPYHd!w z)vSt&)L*p=7v1*xhZ7&q$$@K90>nkB^zBMoa%>p*mVsbYDxvbKKwlo&WRFS5DTvk0 zXJ1L}--mZbUA=mYX1N&|2@IOHaCQ%3rot;$@67yf(88XERSyYIsE$s_6ZYm0Re%z|DV~Ik_ zqdEQKpj{Mb0}7%p`Gxt+wlE?(3fOOPji%s`@re~!vM{8XTHJk{gBI;eKWnnZh?HBq z`+gls$u8o`)m2q`-oC!e(4-66g;T0tBZi5U^-!=bR@Wm?SsHf1_eYH2gDPnHYF!Gc zZ$m8*n#F3jNzj0tKo7byN>>@kMvRh_$Qn>76og^xlp8R@MDpw9shW#>vH2i~_GZllU-(LZSE^ ziw}<@_ak95mMh_h$4{qjs2I%5RnxT&x%eyGr|dQArMNq+Lz>i1 z>h#O3FRH)Ye??KS^4Lk)MAQ3QSFyTrRG;R9jHF$vv8q&^rIo2?Ek$uZaD&lT!PVQQ z%Xh|lkVHM&yvvCI1UYQwve=VD6hkzHtSuj14N+Nb2!vsjV;wcMbz=#}iT4|zZ1MD} zS6P3rg*+nMoz1F^j>|FCO)xbG8x@|Zqu-=&1E(i$=PRjGc7z<$*mRCamJLq?Zf;CU# z^J>+*)7wh|z0QfJ?q);vtGg5Lf5V{4=mw=tOAgEARIx$T6-41_(-`O!nSyb_c zn6d4m>OH{={0=zg=C~P_ZWV|lBpy)48e$eU)ZVDJ(rs&T2&T*+E%#?fm^}IecO+Em-hMUPL3Re`(6F{uZD|{=reFQ*L z%wOaCeFuCjuiX>YVgjQoEOgoxY&7rSTqJf!dBpuielSE3y5g1zVj{y?#(oDk9#g+2t4!cP%t*RAz1@*m)Iz?D!aW6(ZzA z;Ujm4K}Fi5KqrQ(HY!x5cOnvCw#Vq}@$eJu9emGlz23cGp+Cc164$GK`qlPY)^7MJ zRH!g0psFRMnIb9gxEWD=M5^SM(sdA)VGS^Ni2azv%Fz+*Bl}qNM4)=p| zh?~SdE|iM7tVzZ*8G!YOG_r4=uU%%`=S|+Vmts*M!60A?epAF zhq3-on^(-xcKsBWi>a!9Yf}Y5WohN5g_}; zf<%&nNG0)`BkChWE}=7f%Y6l;hf}AW5Jby82)&wJJdiYtmZ+6SSe)=9vbG2iJ31;f z*b_oR+u(B)ujM=@-|MQ075+1GhWQ(akUZg`LSrxpqea9-9YjYeDK`4Mx;vnsbZC^; z?BaFsI|TBnRJm1DHyBHDXFf_Qsv>&Ms(94fF1~IDNN0T`Zl>{1#GFfyjB(G)>HW?f zD5nDr=L0OXpLwb#gC7rt5JVoaO_%{nWY60XQtkTtLzsn2Lz@yz(BY;v}& z>VReu!0kCe!$dUZ>l4*!Q6Pd?K+S|TI~gdGv#o8FY7x?CqF6t=H$<9Mh}{BUhbXji#VtmM=Iqt#L@pHeBPZClt^UV% zc06ckJBZ8ekv3)Usum=KW5wRbo5An1p;m0eG$hK=aCNe)VXJhF>PED7EQ$NtT+i-E zkbE)Gc=Xu4a`1((_Q#jM2h01t$?V~m$F8S>7MM5ce*>H@cZ$ZgL0Nxga4DVlO3#Ee zy)=E_)$W5sP59gkN&djpVOim$L*brV?#OXirt&;nl_4?F+;y&Qj;bqCG93=cq?R8< zz9=2JsPkV&R>*IZPv5qKh|ZnHFh)Ph)9?}R>(^tgzMnoI~c5-Dfil6&p|sNFq#ZaW3oznSy48peO=`qLm^%X%H`epPxWv zpuXa2%tNB*yMb2Zj=R>`?9P<5I`gB>N3>wapW$G%6B&CC$%#VrQF@JCH0{H`CXv&y z(p{LP!l9I~f^8&OJD`okDpo`lM2XPsTlisLP}Okl%&)Ri-3H}TkxkG^s#wGyN-vOD zTfWcMWxEf*;7G^c?CYynDdOz6SLN{X(|W0b`X+62vr)z^6b^)lqAKbhsvT?H=JFC+ zZQ1s>h4W>_qN`N)+GwLkpRrD&afXum++n@86;@ft;{S0Yv>?-dFqi^jVMC=(4^?z>x#I_iruSOJq3}`Fv*1&Vhlh zPmOIA3dO}qWg7^2#`YdU9Y}%={2o6yqlfK}bf7<{tZk8N4zGsc67%b@iEC?$gj7D_ z+5Z1$?66z~2=-%fAD{}04@(4kp2=GLS3D07i%d7V+v5bHXIJm)w;(Cs2h8wHW$ zCm+&l9`e>b=cJ3`#gFiVW>Hu)sk+Ue&Q7KlWi=!+RJBl_nnRgaL11juEU75e%-sJ` z;J+dw%J-pk9@wm&F*gtiT_~J|K@Rj)4e=QO+)M2yhj37M9vF|&(Ma-+2D&%j5AX-_ z%*0hq6G25%K}gx3(7o2&Sc{{K_ZyKCs!_iaju!x-d_-eF!8y~VSL9$c)a-UIA8qtcIwN)FVM{`%o z9{&0tkj;w1zM}HmttL!9(2z6%iYs@zf<+%(>&Cq7e_3kA6CQ%exIeU^>-kNgv{Ptk zBUYLKUDB$k+!8t-v$$degQ3LFHaT;p_(b@>N&I|FaLxxEPs{L-NfJUy0)2_<$B$ij zew~ILA1U$vUX#bMMAQm@r2g+tse+05eV;ms#Wr%D6CxRrZ#d}R$HLL#FpQ`NDulZ` zj}4&{gn@b->rk{(2al}tlh{fo?nklj9T71V3jBmjA-L<|;l4n=*5KX&_!nyR9tkLdb5BhIr1k}smbjYs!yjDt{l0-wrzk7#>OzRDyH z!=XT|wU+w{tnMf{9(vt7JCC4@?(dSJsOTujI7?M0DE@obr|73q6id&k`FT6iVD0Jo2Y(>S|}9uJ3bsXcslq*PZ!P?6(RxP(aClGV~|}$BzZ}D zxg%$4h%s^8=x_}9Y#>Q>zNMjA32f~>^&Wzus!?V)TelvP_rg@sp6Py#aEEu8ohu}J zzW`&N)|9z97ZYr`7heBTAcs>%GyQ^T&g)ac9aWzn#(a;-IG0dAI0;k~cBqj=@$+Di zfRYXbUbGTXm6T5}sGw7*?-4QFZQx{zJPmpiRADaJsI7DE>Xc4$x*Tb2uB4aYIr_iK zFdnurbTQOr+B*Mr{_azsxpi-A&^;tVU%GRmSp8wSmBspWkNXy z(~@&5RfortT|+}EgKi&sP~auNepGWZviiDDHLnptMTkj8M7Ubz6KOF>sRjozWV}-z zDlyrEaf2IIP08}!5TeLa0|gb7RD_%?T4g8Vsr274>((cq!N3#?KNp3LiF%-6b7(YN zPs<*kTW#4k&q03l))*Bc0rDaUbpj^E6T{i+=Qr{7A|axpnv?V2o&C@WEW2;5jQ8(` z{3Ni#%YKWs11BuR9 zj1lLImb3GC>x|dkSAzLRnx7?(H$JrX1Rh9t;%N>dcTafZet}6CQ1! zW`k{KB?#8R;K=DM0?v}#^B80fSoljR1zL>*h9#YfjweAzKNN5yYQ z3YSR{nNDkL?!x*2;$x$t{e zfv=+u_p_Loe;r%UHncoMfIwu?IkOZOJ=A)0&ayjDP8TRd%S%|7jd15D*V8JK0zDZ_ z-=jS|{F-)Mc{Wb7L3c(m+jXXsLO3sJ(q53n=OzCS%@Y2j`S3YcZH2Nm=i!P{hQr1s zT)_h^@JKEON6=U}rktdEI#~~s!#ge9aVNiXCxXURRX4uk#o;>%thGi)LPXST`Z`OS zzo)RXx9%&*Bh}aD^?uSt0>nNYw4z`Fa?Hp?xL~4EiING3DeFGIf7$YR`5J0bKPKM} z?Ym?6)Jjn~eunWQCaPf)qSOjOIr2q5+>}d&&1waaOp5mTG5UD&`Tn5m!{s~cqs{A^ z4V?g|+2kC~Dh2zrKOwCBM}|x29?CUC)O8-a7mU3TMqfR@D>IvS9&m9D^r%-v+@O=j zFVBsJQ0GJtd{=UMBHQ3gio_pkOiJ75S6LA7#`4X$VJivo=AY!`KPBV(F-yL;% z%}qG1k|nAmjzE$RVI0MY2p!{k3ks)FmjtaaOHd?o@;Z3`R0%`#S@G0BQF%E!@bc?! zo*FGq;@eNrxJII)0EJ#==?+?b-ltA)1>wkcX{j<6-wk@YJn?{+=4`iNzGc1vfuM6E zh=CChLX7KZ-lv##pOk)Lu+T}hp1B(ceezY2#L#k(HJx-T$Y17PC5g)zC4%+t-rSrb zi6!8;u&w0UM9d+M)WrhC&K&1Mejrqz||l`HruIHY(m8Tv_{Zv*%L0LQ?ulh%gEG~M{fA? zMmWa7X*N+s9)r#Biixjrk%cDP$q$G=xZX&Ij`b7N9fPsSA3^8JiQRtj6I6WAR!C5V z5+&8K;MRDf4qDE*c<`0VhW>sI5Ei5r2G+??Q5(OJo&I9{pE9XZsSB#Z6!P*k*P zN_{wAL&UgqqhQq#Ie#U`2rLWV*=6q$`@mL+a0$@5y5n9^^oK@e3FNX(5SEp$q`7?7<2gMyhV z0R>qxKECZH@X#rVxYqnLvBOwT;`HylpMwuv+cn1yo-$a~4g~3s$0jWRYb!Jr63R%A zuA$sq#W;&(8mDQ^gxT%9*i6eI{Mzb=5M=)4@IfmzK*)R-4S=uR6#2;#tfLo|;_yPP z2Pv5!2(qP(aI8;bL1p;-y+u*-c=(lKV=f+Ht*4g*SCmhL=gq!|&w1gb0M&oKhi#c+rrGsPf88&S-ut6;-I9X$t6<59qKen%3& zV5r)LK=A#}iDMsv!DFrskMClcFse6+fQ_^HnHqTDqeedtP6_;?tZK8)=v zkQT&{lvgXxoEaGfP}IKz#xbH;;4y2D<31yl$KU9%^Epgxh~TGJfH)nO^1$H_=sZr1 zSwhk6@8Ds$hj+RPCz151kkQx(gAMbyM3?hn+fHtd{Rb_Gb$AM3@Htd{ER6<6RPWF| z9>BPmK=~rMOi9ckUZVq9@WY%sH`R(Vm9#~}HaZ0xpfxXMn&i6Thqhz`=~-KVDvBCG zG*8KbKb{?N4b*;&ue;B>(SZ~V2;hEe+pDuq`i({A#XXQ2*@abgW!86EYan!|1J1H8 zm+kn4N+0y+!ccVsjM5=V5koLg5Wc|w|ulOdo(P-u-ngg~t*oOF9)(K%?JiiZ)l6_f7q zGwt1!Gv@nw|Cymo!jDsnd1r#sBas!&^6z^3{=V39vFBb@_$L>T5=ww;Hhh{=gra)uPG*)i)u;50fzpFvZ0TqIa!Lj;%(`GU;Umd6Zh*m z|3@$LqInM=?z^*Rt`v`jveEc{O%GVr`F}1iRve6kr8~jyl$q6PgWn5JgiFIS)9~|N zWsO<-VIZG}`*Ahg=Pe(Mjd=Nxel2{~`93aftD%ySq@if4Uye*8*g$SxWZXG&T8x|| zaD>TyjlUa4_r>!^*8%(y!z4!#PzSb7y^J`Yl3WiA;-K$4j%TE5rU*HsWYyoY=-$B| zjODHx+g&u+vCM%#3FodY5zr&$ZsNwxD7+1j-w9oI4g6^yad3gP>zJXxTCuJ9l8twG z#pu*wjPj8O^`r#|^UB$`$U6NKru7|+ZQbK;XVay*z>{Q!so`5k5n#fLV83O*I+VxF z)6Jt%#8E|Bb#IM549cp@ObCn0Dw`O=_Ne0Plrn;%Fs^|Yo}1>J(o1}Ydh zxHU`4K!GJ7de^ad9ag-ImnC8X-su$+)9-Qen=6bWiH>S3{g zB#C-z#+-9I@rdQ1Ws|9X2&#g_S0qI+|KIwJut5!)sxO&3B3C9d5m9T=VJE{ z&83Htw&VRc#O<{{oog^A2HDObHB=JOipMyrDVAwHAc4$1x5@+2;8^NL8U|IQY9LZF zbXRXhQ6cHh{2?tA9K^oFTkt9MM>+-%dWI^78j@NF+_A!!!Yfp>w$ciy2!~*-OtqO^ zl#hGTs8r{ppEuK5Qkwc8y_j91gr=(vj>@0D(UM}5=oNOo4vpOprelr%7#>}>^{uFO z2fTH>OLj^yvfY*R3r(W_E3H)ZQd>K1TjdUxz>fa8+x%a;zu2JXJvn*kJ5)GvH|;O~ z0RS7AQmI%{4XcgYc2hxyjH8~$m$`?^viRnL|;Z_wV&v#15$ zNWwi8UD4~UH4N{*=wNn}F#v7y5d(1}j&lP?e}hMILB2Y{b(Q5 zs?PqM9wIms;2t-Pj}g`93u)KVq-N#s%D9_wmrnM8#Z_pBtj0UPh4^peTCT>a56NZj z^CO!x{=H5@IV}0?mI}+UBnkj33JRj069%fpzS*hGg>tpAuLP#?u&R8wMs`%b8+tIE zD+*cn-E6edqohp&ppnhS(y@iLEk||lOA=3}rFljv%5%zAEQwOsWWL@gXWxJZbWNhE z+b*p()c&v=6@C`)Y3N8iM7C<8_Hl!KC|r3T(dX-kU!RX}rE%uBjtq?%kS0W>ArEah zuJRm*@J~LB{$5FhYL=)-igl1iX#-C6B=24v*G|o|$Kp2r4~6TV`ymW;cSKZz-PvC( zvd2_d&ru|?qW>pPAIq1#f4aYXLts$6x<$M^EU((N)Aw$IX@JT;vaEFdZqwMU!$T_c z^vw`LT0E0;T8c)SA=L_G$tb8pE~{bgl=LsFt2pawUy(>cP$3O>#mHj`z^aJtQnm-j zde`o+Nd=?Bb-4XDv)rtM0r`J82cVr22Yn&vXkPY=ad@klT_^E8_ z%yfrl3<&x2C!vl#a{!fcM^mV!Xo4D+R^wpR^q@hzhbr2|6iI^NVf{F+X{3d`I1RsB zeP@f!Zv$KIB#K_}FhL*-sPf9-q^q5m>Xgh7K`?zVK@0@&;Vc%{nn2NPMX%I6({8wS-=prUy->V7Cg|~KP_6KhAr`yl8Z?Ksm@uXAAR+HT9qoF7*RSl679?;kua!>_6bo@A9DHjcv4nUQd6o zmu!-e!sGQr`!-ZRPoVIK`TEDljE~ujI`{DIi@7Ya(x!cJ>E&DL`CCrcubP@|0XI&t zztFAJf5~|Z#c$I70y-P@QV&`Cvke#YZ5{`vn!41jle9oXK3_60G4BeG++ngj!_Duv zuZ@$cvbx~w7KPKC2r+=#Tde!YnoKavfcO>R4{~fCOuC|zTd)SwD0iZr0S48M`*L0_ zyH}j7&cv1?A4lh>9-q658IK0_^xfK!JnAwsL(lTRL*{)Y^&8BX!JtC~+PB4$77woK zkRS{8fLlagkE!jI)caMHG^qwqlU$dT`bt8O7S$sGz<&pOS&X-BjcbXotlH)S?3ambs@*0j;PWAC*x{L7&U?eGwis#TxXMQJ zHM^0UX$RTY;W58O%Z=M&`itE)JT5qYH2BKM(Vm`*RFa}=P_abNpft2PVyAkEMI;Nk zgxRr#FjD&l`9*@HFpJ)ft!ccI+cq66B0$ONP>`67CUe+<6`moinMnP|5iVVlI$OCy zidLdDSo@Y;#JzLx+4tX0k+R*V11jU0jQ~49#J>#)vpKU-E5PtC^E~z6XZt6yZ+OqI z+?;YcXXO5Lc-Pir;U6gTL-rlK{C9g_6Q_-%h}tj0?0LTJ&QYrTJ!W%nYqFK0rwks!rBX(akV$naZEa8T zTv%qMpT-o%DHBH~Xs0ZR8Lt1PgFG7U-z;Nl#;7Cm1a8-YXd$d|@(?IjZqXg}>9+$v z%=~9A{JuFGeyxEveW@)W>E)KK^LfiSdWdFhAbCn7B7p)j2?(I7DzCwk4lsu$%yM+z z`-Z>^^XD|12^I`?HqANAZ0-3Yx#1bzj~ncQ#|3(uvN!ZZZVJ3wcMnzRHNzvgQE+AT zi zHdr4RO+p9euKz@fN-C!s`;)&ku&@ofv40TCv#0RpEVi_Q+w)N|B5Rq&4MP zTC+dtQoRK*CeWc)T`;6_QP-tvx>dj}T0EdJ$TC(KSmnV*79Wbs>3OT@lNh!a z>eg9ww;~8oL=a;_h+HYM=-M~MhJ7P)@Gp*gSX(Z2ES7vB1ZINYp^KY7FC8lh-+gtA zEEbyD72WFBWTY)D#T=(ri+Em&Mo*oNntILkLi{E>stT~a%P}ErjasWrX^AMV2gQbD zEVMG5FTK>gr11z`$&*pPG!i8Qx!ujt?v_DsSg&?RNFmG@FJ7jDmzq^(PNv5xHpZ6C6x3f>qMON&R4Rw8 zsKqNdmm2V@;=Nrs#4l9%t*rQH;gtHuz}=zZoSgbNizL#0qVI9$C+~^-3U$42l&ek; zp4t1J_vok_&P8M)iB?(4w+;(#W#8|qG^M=mKFKULe3`)Y+(&nA-!0^;9vt4en3FED zr!UEgi;vU0MD$6k6|%eQJgqC2N5_>*DZZtqRI`=(mrfp^o_(c~w1Tbh8%!$o=rvB| zE73Y7eK$-<0_VP@ck5s}gJ1H>QR-vOTs0^xnDOAM#Ks#-G3)YRu2I-zYc|0Ns8K?s z5-Y=zeeox-ZK_*~E^IU1W!vj%txM6Rg0)z%a8rEQ1?)cczUyq1&0j;?LykLbh-XG~ zSLDFQ>F}!>R<5--E9;3O3ZRO9<`VVhz0jWwA&!4%>cmJ`-B|dlO~|UL!3pE*nU6*X zKjR&B3un037d6<)pk+o-Ri|c|2Jt4LRQfblw5_mAPiOc_`6_1Evs$>_3Fn2$?KYUm zJtFD47uH!OB0aD);|~Dohk=S6o&ARpg{I@1X^DzZZg|&$Lm6eF%Oh$M#iHZFAnI+4 zyFtq>m8$kO>~Zwr&50zziZyrOQ`6;yZ=K3+s=XdKhfPhF28P>p+n=g-ij%`_$uz?( zbomW?ZTzb1eH<c4w-Me+6Ry9Z)urJ~1a!U~3;aEz!k{kO`}_ z>?Dro##A2S1wwKeq}`E8JmlF3f)pN6JsT@nw9aJ9n$(Vq7jZ?)b(Zo8(YIC?6VSLC zWRJVDB??U>h#{^Wisef*h0agp5J3`B2soCxCAmyj?yKX0P^9@H`(nOKnQJ6?FzBYk zLuuQ=wwkKuT2jcDyHQ~BB}aaoaH}%86Dzx8KzFLyRJyUVM}&yHzddgOM8fir-n=vL zY=lLFEQe-;lTey%QHN4S^MmQO_4I1aT`VfSWjpCLQ@5cQP3jm`@$_%Ujoi5QGE3b$ z%~}dw%!57^3kK!V%6bM`J`R23+7| zw!JV|(pRG6RQ&zFYbE(AvLWfSK{y~4DkfrOW;ZWYxJO;mKP4{p63~!UuOxRK>`NXg zoUO)QibXM9QLmRVm`1MV6vOh>SsE4;Od3`y5W>kan{;Hn(7eB<3zl@x)#m{HZ1UHR zof+FD!OFaXCMtkIy4Mv*L~NOvX5U6?JXbMeZeirB!z~63=b{gG4RqT|g{RVd$C%lF zmpioA>3a$;HAq&*7DQi?$iT{qcoxdGH-8Ja*S@QrD8!c5+2y>R6)@@~)!+`q-uX9% zMBuee+d++EuOHs;N|LWeCz1&ZV4AAJuI~~qt%Vev%Is|_>*iBq{>#(Ko2$l~Y)efp zgILF^Wb_{NP`f@QY*e=uZB?G#UzZ6Pezx-28N(~#vg_5B`PUlOg8`X^1u{?~0Y$f7 z?yF~fdusL{p-?#abD~ey!){;uyx*sOLE7=S7<@w}C67cHoR;cZ=#JT~p5mA)smrFr zD|*&*BI=#aG0+_1p!X2a(-m(aYi*eo2!T9wH05_a3CJ`#BGUOY!o5ORG%EE-_LXd% zUQM}_u)3*`LgCmnNMiD_-0)p;dSS`;6ATiesF$g2KMqHEWo6!IIiQk}5#^yO+2cHG z9KVOxt*pLNLC@Z}OtCWL@$s^|8n0zd1w|Cd)UFd>$kgj%9o(&oBQbjQK}Edo zsrSy4vMQXpbjY@vU6i9YHzP@KBXiHkS&;k2J>rA;WMVi5$S8-4x)RSKYuVv5YkuU@W74rYZDY zi1O^0TK6ocU9g)nGY#N34RtyBDmp6a*XYh!*04-jbPyRVWGIQ8;eXI9jPy7PGHhQUoiKqx{!+{B}jg=sNgmp|O3t0cD$8?qQ8#AbSl8|) z&y%mKJAH;0p7>pXo6*M0EgZnwrb$H7PP(E`^ZUKf(Z#N{5t)!FoqfIi7)udO9K#i@uD`U#NK(d*R<@zruKH>CtYgQBM-L+C~Bl?K9}?FRgv8=Bp)6+ zorZA3L~0$>A(xi}sS_2O>!irww3>@~23MnLD^E!sH`~nE4_Ra*so{V5BXP*`)zDknVJe>PS66rGDj@KSE7W0IXWLW0io)KeVpo7V@m zbX|b<7dw)EFv83gt|CIBOH$*KM$LvXqCz(BRCd(x9kwXudRdzpw{Vq&v^5tcve2zz zBm{mP-fp?d`xjNI?Pl7e46L@Y<>B%{);aCjcNtH17+tNQl*JWRmt#CW$s9|X-S`+6 z!B)#~ec)E2Xvw@C*Zg(w-}DjX!Bb|7-weKrP=&`0MzTduuI5-lb=|($!cQTldF19X z*44%`_J5hDoO>sZ-$;S8M?V%l76)sb?LTh_o(_rH)E}YioPEkd$@wRbCYa>gb`UP~ zQIXx64980($~B9mR|Y0WnDB@r6z_?($F0EYeYDW)YRu2FyY}gy-uZlTa(_N`;mEuv zf20hBIfc)=GnjL6QLW;&f}A#|_4I z<3i;osgzjNR^3<7l_-{SD{L^rloi-*WFS(vJ;lL+Jq3)!=Ul5 z4@Sigl;PC5?Mu^WIw`F9zV7`;gaTBS5P=y95>Vq_^ZUI`F)y6HLKUyJT7BykQAuCte|2#z)b$oILSr>1{8vVm)iPA8Jg9*1 zOFa17owZU2hr&**Gk+D--=aB0Y~(q7B$|$iS*tg!6NE_N5ltBjarY4xPUs*<_ks7A z&l-0dTplCe+5#L~U_i4v1wb>$j>UU!!5<5rpbkLl+Srg!WiMsKvMVWmGji^>H zE)wy>q}W|m(d23+jAy{lMIdgyGZM`-)m}B%SNB%>;Nxo`%IljWs#W>=;Z2cKW|IbvirEoP#?w}j z7g4cK4P(KyR`%6NSd_nWB{U#%>K{8XabI)SX-Qvf3c}Z87o#XDmybK76wYE$wIC69 zBw2nemXh*TKp89sG!T0$4iMHz2n`MW$76;GbY!-m{}EQ73QhC6H{AJ$QBdV6UMW-8A-LpAo%Vl3gaT0H9j}eq!9&Aj@tGm z6ad0vkrU@N@Tcoyo~Fri2g(0el{h~-qCo_coEe07kuTx1*b*%YS7Db(9dH{oQaP6ro?)3PJgtzNNoX}R3Al($CN5i*CCo1Cp( zaaL5~z75jLE1KEi^@d4yae7X|2@BC-I5LpvZ1*Iv(-6a|#D3Kv*gV%b();xL9ja*G zDncDv{#eU+VqMtLuLSQ?E{5ru2SUu+9f#2ug=&%poAJxWV+7a1yA?YWtHfQ?O;}7P zMusKQ#uc2)d?=8RaJ1)rTWcpu%ce&~!zejjl!PsccZvGZ+VD5810z9T`vzQOM#SG{ zf3L4thS+XeM3Cso@h*xL5?#(iFBdIHTB!)wuTv2rwl(gu{GM`(&q(`pbD@b`9zKO! z3lY-)uYkA5Pv!f<=iRHf-FP8RJHE~c$loz2Ob_GkyY-;4p^^x43kN=BSce|+4yy!- zG}q;PG-o`%xT@BI-U64G5#K zg5`se=W=MZM5@>wQ=d^O?VByEhjP44(MLTCz0hMXMZ2rYOid{sbH@T-6;BN@NORXL zwc7)_Ix1|u(t_)5b#gMZ_QJSIzE*uLXJ0qvAQHuaPEXIxO)6)mj%A~cHr?fv>)!G4 z*xWJTN+QQ!G#uN@A`9?sU0z}^NMiaRV`F1eZq!qfb;x@2l&gdHEUKL~7x`?W{x(Xg zx@%5)bXzlJbL@jJ!oxp_tYLKQR(s#gKjHKHF%CJSW{wv*wtfj@dQru zI6)x=7cS^ULi3LML&?DejGa2zxu1+ajSta;G7C{Wr}VfL>dxQDcl7P~7Konp*U4b` z*L9DI#!QMq1!mSoSqKJqFp$!2wE1Ydug@aLYtg@w0@9%3! zk^;MaI_7jh;N?-%%_msnWr(7hAi~MJY{}zFmp_|y2+N$(gLERnDP_=wj59+5pxmqE zo|kLl?v`w9GTvcdiMBktnR6+OV$I>dsa^L=rl^}L#OE0_;isQ^IfCT-93P1d2?(9+ z8e?&}8R@LfHSOymj|MNJ77dLHF^)4}X#Tlg_G5)X9%mauCHDBEG30qKxZ-`tktPmK zdhfR$gE{N?sQJCr20+-L?h4!YrtO41K@?lSd2_r7(2L?k(84bW$^Y!YnWrod<&t{U1t`mB>WX20ej@ju< zt)h5WYIe-#*49(=t*dk)qtAR^ZnAeB^exL375gwY#~kW>hb3teheoKe#c@#QJB=_3 zvF2mwS3n_8?d#+pimoGW0{>lc(D{2+1C@N=#w@)|(#7x_Dx~o1P-Pe9nT`^YEgwDgi)}2sc_H*LTy%^iDOOOHXwX9z zzFKrG7vZbM-4gKd@7}>X^Ls$}bm)|i>x-g+7m9f&{eRcL>dxm2ow|s)OI;8`A^0BD zg!lP2bv`Gt5(g~7f%#nP<-*&S^tTtSZsmIOn#uid&j>(eg(P!C(cNz$41C7GZDD!1 ztq`d}K{VV%u`}q=japyTFBWZGbwJt}+sSJ=Rw>BGLzU)jFB!+p?8Zm`BWn1f!l3!;4f3$y)hC~g? z-&dGgBVI_l8y-d}I|p-zT~VfOBX#H0E#1CqDUw zmD*J24uP|`3OMH`yRD9@v&&`}TDZpuvrJ3NE2(8Es%vwfWTP9UTrH^U^)=L_`*flR zNf1J4jB4u2nyYmk>s6~5S}Y-2pSJS~s>-R3)-1J}_x;4QG6r2PTeJF|l7i4=x2g9^ z_>9=Bx#^a*<1-gaUbPiKWlzPX=i{z6>#*bazxe&Ern|Nv_y>oLI)Gjd zt7sC%Aid@tbH><~8FJ6AmaVq6u)t-*gY1e@-0FEMVq%b0bxCY-<_cG2nZ?OYg_H;- zer2bQ6I-ZMs8w!^r!GDyX?=9;{4YxUVA+^z;HKDlopz+ZBq0K6UWmclUxQ?Bi)vNw zWOc!0(XqGER;)!=e=o)t%SdKR(o~9D4ucE5n#t_HxWcX2VWF2Ucy2S{%|Rg*!XZb! z%&ahhQ4Vfx7+6(OtZ6xJ(C=Fo=% zn3pi5|33ltOD77k3&&0$`oEY3Ai@Z3oZD9H_Ft6h%~qT>b~LTpLS z6h<8gZN@4KNJRMLIFr#WtciO94~i5;7!sRcc01J64N|u6VaIu!q`6KsT{$duAsL*t zCjG87#(Hz-dTZg@4K!5q<;>9_5>Tge>mU z`g(1-=th;hm?tYV8|ZZ6@Zd|3*_AqJpNj&sC7qTblWsks%>C1`nJ*7cqmldP4o-BRDMtk_jh%%Gx zHXMy?Fg;hEke6@?ao>*Rs$FH|K1X#7F|jK9J8Xp8 zZ>jxmjoB*sqvEW1U`YFG0?$IEIeGqv@i&kTaSxup{k9-gg^^kQ%l^Hu>LX9b(qK;e ziUvIX9b9N<2}Wjr649bhu>?XLkCg#?G`rfvRIOuJKJ5jBU}Pz5+sZ-9{?cpf#P+oD zWR5>jgS;9LKxPhZ?doUS)35bnRyA!Kte3?F<)*z2s~(_5$yUy__Em7PWVlxcS8oQ1 zf;)*GZWn!2TuDWjn@3~U-6O6ub_DX81GKspYK=?b)$Cun)kn-=sQ3A21GPRPp~^+I zJ1#kl1H>=Y!%2Z(sm(R?*|TuHv1;jK!C}a`U(cAvRq%2pb8{4s)*gEf4{0kKw*qz? z*Dowz9TPOsxrt8AZn(<75JcahyLR1UZJ*e`r&Rg$0;I8El9|9AzAw%5Iw)l(AlirU z@O|;BwadQ9#(B)j&8^wkVhBlxOj>9)U$vnu2mF33dSm z2N4-o$|}a;8&kY&DwZ;;s65$zZzi8Cr7n&CUvH0Pbfw||>@XavmN2L!UJNm+ZlTB- z>xDIIuXb>*chs-TUFu7#oVB}ea_KtcZ>_Xr!P2Phn3+OY6Qzn-I>xh0Eg7@W4nUr9 zyH%y7AxrAJ0RUV426H2qriK|lb=r%_M zNU3VDt+kR%a@~5m!=GUi&->yVv-G|8*jB5!m<%2?RA$NFzdP&*tRla;o zFLarat=<-9#69_4+RZCk+Ul!Pw&rE{zi^38a+W?X$wakL@9Eh9>a;AC{RdM{I>Vhr z)v1UmRh!4g)hblGCaS8d;vZ9sC3^+^2F3v#XA|R==gS>6DcXp@Q?GULNRcR5g^2-s zX*4{@mhv5e6A(Tf{^|mzj*mSD9{$#6g>L8|YgeJFwqh#>gp7Drcsz4%!=@ZEbB zaJ8WD-x}L(W|>)=M7k2ML3xcNt2`|4jF+1U&e+;`%apU63{X}jVY_}zaL?4xl;X(Dccgv$XMHHosD9wtJe5ao`t2o+ zQrip`+aUCsTwk9{ zrrKI!D^9dawr6!QJhsBYajDe!doR&_EZFglYUOa#mVHDlCa8iJ%Om3NRa=X$J}TgJ z>0-Wz+Fpx%$6sXSgj^Q5F(^TP-!S~UB9Gv$oqM`pnM6QeKa(u^4Y{R@b4g7c+-=B? z0^qu=Y1*?`4P40~V?2ChG+uDB2w44gO>@Vg$}d|lY(~Zjf*^&n<*>hRltc2A(U@XI z^9Hq`N>HFEM?*ec@vYTX;7fuLE|N8a^V3e^vb2UCRS^QR)5(;JZ?Lh`pGkI;C#j%t zR7vlvG{t)|s%UWwJ+%6qw(dtQx{FsTkyw_!D91v&(8>pohElU(ywIOaZ`t9VlLXsr z-h;&}c3wRLj4u^ciiWvjwKp7yMMyuuY5FP1_!OBQxUH`fcWs<9J4=mgX~%J?blhV3 zY+KZZjh-Dl3dJoX`tSZZ3aUGw|AV(j|-Hu6Hkg6xy7+Ch8{7G3(ZKv|u476KB`@15IMJP)1A(XikQn9C zK83?~AaE93K^y}br{tjEf~8x}7Ui98S#-w)9~YDqTCQbNuZ3=g^$4CrO@^GV9{Th~ zcv(Ui4~u!MJ8HYSpQ^@Pz3nLZxgdJ>JS#IHD2rOc zdA*i5Sk-1;q!KICRyjC5P!zlDk9e_-k(621O?KJK%B zu{V=-2fItTh%$UUM7Y6%$g=YBa-Fd^XKq!`7c1r5+I3&EBIWB?aEnVEVea))Y1v8X zgMG?+{4w!MZ8>4=`WYmqsnWyvoW+_JxkWV%3nd5yNN$i;|1{(1`3dGi%WLqNeAH8p zo50+Ja1h|Lravr3eIcDQtK8eVl<}zFW0mxDW5_jy1Mk1Uepgl4HASkeRD#)^kXU6~#^mLn9VstZq$2@8rn9g=z>nvq)`N)YMXHW|Ks!aE9*n zQ}X#wqyZSdFef!r=hTIrjQhg9-)ms}blL!jw?oH61wM=OFVhGuAxETs2LyjtKN_l9 zr9Df&*lD(oxh^@v_+l?=CH4f?$MW~TKdu`3nk&=E)yG*JCf({LcXv_l+{h^w@N6$y0LcXzMZ(8u&qm$%w6@fBS$Su*`roUipSrLvBLKSap&R)RGfI< zy;j3Ne|@k!o6y>3S3q~dq>}lC2gmI94S5ddLLs^!kR|byI5bC_?f7`hbR@N9fi7ED zBI&)7>@AHYCVP_lzAJnc^>8<5U`C~;zF69wN>7iL9DQ*Gj}0Ebii6}Z2~2wi{yBD{ zy%&)I?jD_9I_imS85K;l*$$bX;o!(oK^ASjil37mmUNo9Ph}Y+F`-o+E7}SsRNnTf zirT!XB`6djUE6WhQ_gn2hFl&6B5RBk&+PoS^kFH5q{fkN#fTyj;Z42G?`JUxodb3U)CYqwC|2) ziOR9gDgUqA@UJfm ze&Yjo>3&V+;xU3DC18eNG)A!#5#>7=+rBlN)*N8g#|ET$V||8e#>3t+S~=iu_p#8y zhsNdu;rOWHyS>%8x_z;rMj8S-#_>3u(0Aw-a4%NS#gK=&m50?1CJ*|$*2EA)Fa$FI zK^T>oBIC})H3HjnZE8s)aaS22cFny)&Q`#Q>knY%`YmFnS-V`#v{)agkXk2B!Fy5J8o@8|WNs+lh~VOPLwt$qjMA%i|nx zqfLos3@kGS5OJrFd)BlzCvEUKze}k>EiCgH)xK9;65}Rbw<(uAWPaV-;^HC12Os6= z!ht5Y)Fym8$0ko}60_(>i4-;?vdfN11!rBPcu-eHx^bwk+q2f^S>;C8AZ$1pfr-d1 zJ4HVU_7?(te-Y%=Q_!PCf*yKI2? z9O5(M99G?NVux;y2Q!!JobDe|C*79qN=0qJ)9QAORiU z6GNuwbyXEF$$??F3$NJHP@JwKD|=N599`Y$XYw7|Ey+X9Q=7~w%O2~9WX z_H#PDc}H7b&9RukuWfVBcfGHSubJ!GMuFRbjYp0J#0?5(TvQJ9Dm&0nHyClSW(+bN z*p-obD<_J&V?tM0()ifq z_`XlO%3GE#voW-arFSYQL1Ce9Hrd-EJdInja_MB0Sokiv?!J-QrgAD~Q6SHW+;TmQ zzQSc~G07M;(%%bN-T&bNS5$hvSK#%+~gJKt|ea0eu3lJ>9mkHj-1J z#2gD2_M!em7jlR6b=x%A)%4Gac~$9t9V_U(eYPdw?A&&b?HrNr#CrHR)F9K&8IK%Z z8gP@?tO+v;+;ydJdfsB@znSSxI@$+P>~^8dx{^=fSV>Kl6vWpi?Y?%wBL(<76xXs7 zfor`NRpf#WXwR`#>YI-)R z&>Yugjt0|8T!$;H3*c1qfv+aR)oMOP=MGP%!DID4VX^R5?fK&Y3Nu!svjysI-rZ4e zO%mgbBB~m$w^G6j7`E?PoXvEG9yx*XU1TfEt^WN62NTlrdV1b1VuW_aJMBU(cGh%E z*+c0#^oJSVZUFJ`;f?)m`fU1o>h;hq<)xGOW$*iwobb5R_4nRyY7DG|AJI8z9UgpN zqrj8KRywIJOIm59J?2>9AU{pUB`H|@|9wk&PK`xY_qDY$o~{X~SNX(6#|J?6!Z_Gm zA1w;=UnGhyo9hdm!*k&(;6j485v%EaC!U8Q)@B)SDAJHYk3EHCAp*4f_f-p(J9u;M%3a;b@+uzIBeE`fC&uYElON_INqlG+&S4fT!p@`bo@RTfoZ44|C&XN<|0$f5&NF#qY zh-@bXaD{r~DM{VXk}8-pE|xr%!>UE2?IehRDEqLJr(7 zo4buM4@c;GAk<4GKNIY{)q&%4!vL!C?r#$!A$QZH%RBkF!(390)8q5UkX@5yY9Te; zZ#5By#bwVQbO>WrxV5jwGPEgjHBT{bw4K7ZuWcMW3UOR`zk%|Tzr}ZfrkO{6I#xF3 z^Iv%9>p89LYIgqXnzN$UCmrnyugO{!>9;#a>+hN|4p!t@t*g}&9Z`R zT}sLsW5wG#vt49HL}t-@F&Dxrb7H>r5q4&e*$4Tgen}PVLpTR^lhDiVc#0If#h*to zJ&&_A!CO^&y;IgpmyQEa&V1f#s^?N`F}7&taK(B&$*#x;laC)vzfouo_=^2U4ft-RRidl!~rz&n3=%uj+!R;wmC z4-0oQ^hYdtiQ#1wlMK1iZxslfzk01#$CR(bF*oVB?_89&K+Z4qY46t-Gt%^%LNP8G z)75OD28*(cO!jEtc0%nIIh$hk%I9J7XI1p6H=?>Mpe^~sl18cPLHxNuoG&?TjnUfs zQBy0mQWPjx3E5^Awmd8;HCR!XH?cflt3HTF^;gER^DWL7&x4{frkOgXl{V{Z=JdMF zc9D%amfA(oqIs0b;3`_FTBpkq(MXldmQ3F-Z2u#ms$cG}4GDx>)`z=en#<&eAl1F? zU6X5eb$Cjt(!-0s+tiQdi0N0p((U%{^lg!CVK$8tJ^AR|$$mK_=<8-Xon*4N^mr_7Al*8Cny@K{;ozfBo|m`F z3zeU*AB(R0wQD)4uK`eh92op$z_3_cgeQf9+gD4J%ouNn_u;P`I9XrFZ}5=qK*mti z{+R)oenVC7>eyuhXXDE1e2?W6Ti@S3c)lYW+Xi7;FwSJzJK}!TslCO>pjI-9_mCu5 zR272QL$r$KLt=K}T;WEFEiTEf**Vu;`pV!)7ksTj;BnQSi4k8t)W|K>JjJB09af(3 zNbA*cter|x^VKKRo0AdJzX!-D$*KHT=Drxxt6lqYkDEc_uK8QBcIuL5o58l=v#!2$ zhXoZKSx|A8*ZC$G@u_Fkx&2=7?~tw=z7dz>mwx!a4V3#HFl_t>4ml$G3f>0Wga}!P zBoXYhlf98dFf%aWv)@6+wWj&&dJey_*b zAAbx@N!|MQk{>xhACfQ87|RB+5lW%QAAXhme(S!7Zxwz#y;&L$7PQRO_v|%BKX-zy z(`Y|mT0`^;Ql&2#C+PPce*sc@T(@#EmP2>v^Bj~K=FEtrXGb|$i$Pyug3*k(7Q9&hu_XI?G+IICKAU4#Q0cV zL7h*k!o)Ul@)@>*s;cc}UFlKfyPEC{aFjj&g}7hx|Ao(X2e;!@57p~Gtis{_43HJH zXP!~#J~(`tbM*A@{Xb9k^q=Yms1;A+Q*bHP0ag746dR5ILse0FW9|Jr4OCI+lN0vi z>3>H9qlp41ZB>UN*0iCGQ5S^n!1%O!r+0_OmtaB|SK***J$B!F{V+GeLu|SFC*+5o zA&<>giROX3h{y}0pLO4+Z};;N<`#mHC~zkdsm2kPjgE;>yzS+Gn+hJBXrJn@ggN1d z9FN)uyub+1`PcEu8G35c@V%SgQn#iF(5{HSs{_Abodqe@^5?oQ2q???E0XiR ze5ARn7^yAg;R`ZU?#`vgv_m;yNoTX}k?*5OF(UtixFiRknJ4y%`e#0A-Hy!cL#%T! zsY9tuCmHbyCKxPj}6yCG0tx*~tU5Cc}MX#7)ZgsE{M zv44NlNA{Dw)iF?IOBi@BC*066_k5J|#4oYFozEy=rt=vA1tL#vF!z#fs4CGg&j^xUb>ByVyH!VA**9<+be^b(bs0Y_3e{WL%j7>s_6ymfz87T8ExYH z3h~#T_MX^l8RW@b!74sp4^&f}wJu?H6k9%bOjY*YdHIiitaf2rLv7G{g0PZ z5LqcB1`OIJh!BeiKvrpK()l!|tKr+DroUy_TR~^W!3$t}w?fXi&}qiMZZq_K@1->N zspDKd&nR@oJ?{hlQR{zqS0Qf*u@jy7Yu4tTWrCoL8~*RlS7am=3!|II0tw~k!TY?@ z$zXJe54A9cnFp^-CUy;-u{k~s5~+-w-zNU}4Md^%_-~jUtMq+w*Hux-!g7&G8gyKH zigF--X!_u8!HUvi)mG@+FS;G8kqH<#8Zc<@yD8qXrB~MH0$L>}SMZDMh?d7C@Q$JifW(KFD=6qut)dQ~4p+b}wz-mZ|z}`an-fZgYg~_Ahyv zDIkaBKIpZiBadxL1R)-8Oy5XfQJ{W)h!eY$o~R@9^PB1Vbod>&LM~oE)V1m(Mh5SQ z_Rnnys{q<%Lpxw}%(#Q(a7#7>+IZ5(W}~AiQcFIoHJl>;i*dX2{&udPUk*NQzW0jk zeZPD=zmt^8?mwbCQPED1#eof_m-SgXJ z*!drKxiKx;xg5s2%(&|$kKS9zv~zmd{6{2dD*EajMckcv`o`=4ULC1dG=LQrwuBEIarP}AAA@}Fc5dq#=j&6!;N^tHZayq zEb5EmyB@KI;D4ichRq5;YHrkluJ}+a{mRS24!mBG z58EXC_t&lr>f5dv7S$UEbx>J1b40kDO$tW_u!YKRPu{k+Q|kYSW-|dCha=1O@vV_}9if_|w`WW1Ehz6O;)8u+t|K5!z+&^Auh4 zQcS4!Tdu31i4-Aw4nAnvnu7m0^NbYW#dBI4oMQRB=SOHJmGd#NcT9YXG|Z;)}gg9~!Y~4vFpEuOiBhf5XQ5S4Zq+%KW9uTR17PeF{SM3~0&b zhab^N?CAQc+lsNln8%VXAu|^FNzVPl7TGlI{M7LuezuYpCJEWlp5De18@^{%oo!&U z<2gf8?OL!}6ZMw#B1`XLRqFj^0V$ zOw+NGB}1E$jjD6iRUs2YR4BN$>XhQOZmuw2z5JxM4V~E&7u^0&<@q=(^nP^>ror#E zxu<>KJPMvu2sy{k=)2!9m&-$M6Pd#0_x z<32MUA4>RihYn1tbx^`Am3=?V#stqECS3@;d;c|E@NQ2S`!vfK{!6#?UtGG}%vCow zA2gGuTqRcL8K|tx!L6e|6mXQj{zgKFLjxt4I0xrU+~~I5-l#Va;Z|2;wXoR(IHtWjkv&!EF>}$E|_9K$xKX1N)ZeM zfon4{F_Ms(L;VC5L4gTKaT(`=7?K3b4bshTKxvVJ3Ql0is$!^OhyZComcOGcR-yrd zR-6gyT1ljW3JMAY+zt_6bYYlKWE25Zkt{$&2|`m$NK7@XaE7KDV1klTC7`NMijp|T z2@cg`BdUx@YJn(S7qHf-yHlfcST8aw@2%CndMCk#@8|Aps_u{Xto}?}i5M^3)31wX1l1w5uK~$vxh$l;IvJ(*l>l4TJDmrN(f(8hfX(Wav3jik>C`$gn<(5(Y z9Us@xui}s7{khofw4(NHM5MAtMARG`e_A7-=r+x_gf!>mbBwB0s%4JRX7DiH7WJWLWLjNkuqkX`3b^lCZ}a)G#MEb z(16ggB~6||MdGZ2L$<${_sf^NtvgUw)*m+CJi0s(^U_S{@&fc7v$K>cKyp|r`BBGE8qLz(N8C`s62g_M@P4#-PHaN zPV>Cz>jUamLIgwPL4oxz-#MRr5riawsxP&D&-Wfr=>G5L^ZsAa^85-;aQyynN3NN; z)bzEr|4*^~(S1W+nqm5XTXb2lYvX3Jip9|4h-8 z{-X{`f6uK$1+2yy17(E;{5krzU{OTH{9oyx;`wiR{gwTrqIIB%nW%ySy%UlpG*LlI z43s`u>$F7D)6Qd3MKQU;Nr)+ki7EBsn3U3lL_thbEffGLRkZ&-Q z>Oq7fEK*cO8*>nV$uR$O0PDUqoCPkdl%^&ZRz$2J5p#w_Ni(<{0v73+bB6WBX{;oo z0{+Y#9ZQKx5<)<^Nu{W$jX-$t{zUyg+5`1<%sM{~%Kj7g`+U#upday1STHJ+0we#8 zDrAV&3rYbHpULc78I+1?7Dk3D87){ukwHzJdhOp_Fr);NkNDVWi0x!V<{30a zOi)1;vkFp-Ai^+=%pQ>BRWmdYL0zy0mBOiFV%GF%kqTlUsN%?)t!p#}jEW%0stJl( zre(?LrRCJY$khlW9GDy)(x8;FU>M#+PdLrFwa6`6sVk;XVh z5Y!naO**n-W;diWPDVpvhVwza8Q*#}#j8`QhYKQ^f|^W>V%3!q28%ebn5?j1k=K)s zreY@GgBh9(vNxL~p$qYjjA_UJN!N{1U4I%~64QIGNn}5Y$ulOl3FS=#Tj8T;m0+{34&ZN&?tM=paXd46lC%5}9|3({3OaHgw zmgqp=2k!)*+ZCm?U*q_cN=Xe2f281G1U%qt<{db07`7y3r(eT5yB)(1mZAo2^(sNd zzW5V+B+fG~Mnt$A2CpV9P8q=xHr0qZ;-X4IaiD={QEvXg9G0t>WXoC*&HP~HyFn{J zG}4Sx85nyFyEBmiv~nfiJDeq(dw=fu5bf>a-3VmjB-qB;7hQIgK*T0p80NV>-dr9u zNBOthN4W3G-vR2pS7PkZ??a&YJoa2_b8h(?Y;B2J(`p4dWMkkj%?<~%h&&P@?m9w( z1V$J*LIg`;$Z1Ro)C>|tIL;Cg7)s#=5Mcoji3CI$hHnfUl`w-)Ia0BPVJJg7lSQF} z2pAzE$To}y5(G-bBtj7cXu(4WSO_qM!b1o{30NT51VmuSXn--32wWw|)Mz1161Y%A z8pLpv(I4WF(GG|M2@`N=gFzzU1A!4H1v23=1CsH#Jmcy8U+@3A^THAlDFvlnpA6J!F^53`O#TG@XXpJVP7mac#*Ucv4=wX8NG008yFU{KpJ#su-!vv*jAcMR=2|V9>`p&jDqk>uxopE6DvW-4zK!U@dMH&|+?pMk8_z5CK}t(+IjCcY18Vfj8?f zKMPJCzuE&AjNsmRjREQ71HJywrw}&6#|8nBPiK=I!LXCpntK*)k_ra(#F%6e1f3zi z+|yJq1{ecG6%hp`4G0j}O5{tGW??Rq&Gtm`Va8 ziz+@T!e2~*gv7BS43bRtv!{*`X!5=@i6Qpxv9B$VtQdHah@Oxr(ip_PVIzSDjQg!< z!*b|m^24Niys*{6YC{L!;hoOe<2z1_hIq+_^BIUKc7!=KAps_gaEr9icG1$&$z(ug z`)SBJMG8l=u=)p%4q-%QJA}w4 znGc%B%P}Z}@Zed#))8yau||t zFesTWAo9&jiUxnxq$wFLmwJaA`yX!)O>Mt)qP}QlUJ90 zXxGN!?%)fFK~5}!mg@eQt0K!$GXz0VM>BeCgBRktK~y7?ja&wh`8{<^SmsR8vq!hk zAzgi#x%7C%ykfXfF80QiL=V(nCXFm1QmH<)X}oZ(HS^U^dP~4 zaDe2)L4;y!dNGn+DHuT>eCahaGKqUcN|=C6hQWsZ{q+d~1k@O!D<5B(p1gT;!;v+! zn4>*Gkb%i>cpn7nSV)5$Z2;KSga(G~v>?a}u?kb&TVvN}Mr?g8z)VDTEPAOvH1R78f`=pn@c-WId!g1r)aQB@U1 zS~SeH3~+gv8VOFHE(xdzc=B{0Y9dIGf^Ks?801A0L^47{=m`vgA}UDSWTe7>xqX(n z^y^-KEGDH=zp4izFoB^AHvKf789K-)daMhigB$y^9k8qwQB4hgI|YC>iJ)_s^?BZo zI!jB#B$GkS%$NidP;oSMNshHg_b7X==>|6gTxK-FLnfN(26_(ZpyN*T(IbeP(Y2Us z$N`hX85E8$RxT_E#@vJN6lENcPC48tSJ}j4X$$1l2Vof^jEp-6Z18Q8e3w$y0T>UW zp#oEGX~h`$Tr{MBeFeeSPqs=YkZLHB#0u34h*2rMr1J)Q_cXJ))%J? zh9J@3rk&fmQfk16ieVG7KAm()hp@@v9NZl(V#)fd zhD46~s2B0hL0n~@Mi}TO8Uw((#;ax-ACK4KL*rOQq@OwKO(xX+c6$DG=ubb|^%4=P z_>?{#OcJl98mdjyZ=Hm4D&JqgAeQ_(KZu@Svb^vSlA+qI$kit0PU81h@^E*3OUt=Pkl{%cPrT9aY?X;rc zIX=&fHGjG%zFw0+6oW8@2#jC}s(}Uk0ahM;o<4s$ftItR&iEF0VL!>Ov4s!Zg%vzd zJ45nE`PA?cWW7bOXG5XxhIT5*a5xYsaB&>wFfp&`)n()vL!n?jG2DM@%%+du%nG*f zyqX^x|7>jh**kP^uR}zg)!}{cg$d1?>XuzN)`#X)8Avtand-Q8L)jUACxf&els@OG zLqR-e^BMdgeqVwZliY|QRmQob&P}L&7fOt$?yT-39$tTqvE5mks-(_;4Nvpk`}O@5 zBoRqq#;5*et#4YV#{M;g{v13!2eo0G^(ryn{ueD!KO(516;xAJS2%oPg+V^06XxT~#?svwVOVMK;&@F^mVr?M zr8E9l_WZVd^kfXgH7J5AidDIsPg$&xdmpvar$KKfoxbV&SNpNEe`Z$uJO0j%bn|+3 zLtY>u%!-MnR24q)fMK=m)2Hj#{_gnq{NKa#ezWwRk4Mn}83i@_q%vxNCIiw$J){Q5 z&(|K_+GwH$z2-Q5SLR*rnlT|~?{Dkd#J}N#h}8W=9~a-fB`QXr@Djv5(y3G9TRlDs z5cjakux<PUmv zeX=z;%9TK;;zdSHS_@#)PA*^=~2d=1m#hwwlwIZi+zhICUj`q=55f0tYJ8+#h%E1g_0 zo~x1WeM4yf%^up$$_86xJQ9}N&ar+|#ye`?5VBm4PZTje9xMm2`xu4*BFw2au-G2oNGx%J>pRbR>UQQ@QIl%&nO%53E2w{~&y^?!R4yU(Z2-dsHm_IX6B z(zy5i_+fW<56NV==xi#!5Ov3or!1$#AD@$umr26R4hD#A@x$uH(oG5cJ`nUtxKaHb zBU{_F*^d#M(Qe5i0iNwEdcE3cxE{*%@AmaAOJ#b>v(f$AqY$(!xsZS2N23#{Ub9rD-$eDOu^M`fP2|F}B<-e^(6KWKO--Kc>t4ckZ0O zQ*ulyhUoYZKm^56muIY1^@01o40KcPy?$d2MSBv*yX@sog-a*-Zm{rf;pF$f_Wy@= zt=lcuel>mY7yU=8*bj-Gnp(e4#6GtFjStD(P9%}h?W>T3Gde3g8W4y(ELJgsygGIQ zA^cB3f0d)j@c#t3OHTw8U!NSk9SPQH@9j9gv%qqtlJeUJK%Wt=fT?$)HX9-qLi_uD zeX&atowg4}Rj9mSdD~2&I+@F=BhoKgCF6Y%VIjh(A*Sapg}}783dr4iNYn9tB&&}m zc;hBgP)qz2Za5O}OqEmKuLT8G_<6n6bR5_o{Zi$fhFN_yg<2LbOfhv$!Y`{C(%Fo> zdRf*-(r-Py^i-}X-b!_mkc9QHpIliG;-Fl%;#R9#`RVoQ+~yxIT|IH=ZwWYlNenTR zebCI+JiLW?d8;jlSJ~;0)=Zw>r%nc=Q4Do&@|(G;tPPugf6M9KiORYagjH5s*5V!C zUaw4(da;jE(tPw{yE4Div*P9Oba-w)+dSG$bh19axOwJB!q8HlNa*ISn8(rKM`e^M zR;=6fQ*D;gpB@#L>;3vCDvu^6O21bvyCqhfPky}@>2l#i#_z1S!RIkMoMH6N;Pih6 z9cZemtF|(ViljzH6582EWK+Al8?+uR{9$LmJM`;{@YV8Pp?y~0qcdRA_}FAaq$XX= z;;S?Uc4lN1RYyFb_Zhxk>mo=JMDOe){(bI>@z z_L71dP9LN{v+!Iwl!+q1gZ)GI#Zd%Q)a?Fs2qX|9r0hFZzmAoG8ISQsQIY!>?Nswe z2iy1*x=Ow;t0CC?`2*ATc{fM8&3PS+h-=v2z}$>ttka4aL7+(O`#j&0|5yCK)92IU z@7MZyZ@&BQzWeXK`~EyI!=?-OnggqdzdqOpD~{+6=<0b{KF4Ftfx;Dw$Vpe-{Lpa# z9pohlY+LF4zMg+9#bMC-#>yM>kq%7C0{f;&$)xN1{LVnw&3$g=1w`ycWjto~NU3gZ zdZZOPr~Pi({J%aU%nhw(oRi9O4HGcG32^ouE1&#t$TlzyK5FQi7d6sW?O6P*FOD=FsbL+vLuOq6a!?vBgpRZ`-bVa(M4rCkLOO%@J=A0h3okch=z(L$iO zA+kcmgNsQRkjyM&lA0GT!V*a%1FsL@U;WniZ2W(dLsrtHSEGvRc?-wc?TizoY3Gp( z*TovdC_%&rwq6NuQEJrl73Vk~x}hSZgj2}%$b+cS^ZKjw$nnyKSALsF9tCYBgP~x7 zP&W|F=UUO~{a@RW{dl;ajc71@{}+I7r4BUHOA&l9B|eowolJ?84f`qLxOLLYC< zYB;v011CI-evUJ}^^^8SSw=sT?uhXueURsB@{&v9@>p1Y5&bvgR2^-1{U2xRb3eD& z*`JqH$qMQ9>_2#@gq2jc4F}p)Dz`GUrv6VS1FOm1`eV=AC9B9lMXJIEwUi&gVcY)r zqIHL<1h&7=vg#!$m9sO3uUHA~Q6MRfsN_%S&kt@@mR@PXzqeQ4#b`hoAa-R849pAAj%BM89tBa75+dJweKNH=8s!<3f+NZt6(W+Zev~ZzSDu-6%>s z8Tk2`tS;s7%&3C!SH}gf6}NucMn%;_o(G>BZMhbnMsz_6yT6(fw3LP^o%y_SD)VEk z$?BYHpM9fQpN^a%d`qc9c4FFiz2|rGe09S1NowWwU$%`nYkbYQ+rAnnS5^=vja{S} zO4*u11uF_l$dAzt)Q%vb^JHHX+wBgdozTQN_i>@RoP+Joc2y*8J43S~&$@X^S078} zynfwkl@p%>3)*!j3uqRp7qipK_$-SWH1tvNJvJ+*D-&FqzWuz?s!?r0X$KZ_dr`s|g0 zvdBDN9@SrE2tJ3lYpdct`mM3lZ)3YF%vS?`=jV#?rP34Q8DAkVYBcDAAUY{r7aTom zg;$Ywh0n&t)M+liEMUHRHG88-RLta{b2x|~&>O()THBP@kgwt+!0n-tgHobKU+$TC z1k2+Kfy;YH+llAhd!3V8(N!K7P8TI3gJ!gsT;E53t5neh7RF!k)^FI=`PnYn8hQpy ze(?CeSIhAqKz_YjeR?kTbo(ZvjK2?vJptqnDXv_>{GF#DU}a?Z;7Jp9yAKUSF{SF` zN-zk=<>zZdSmey8z}sW#qO}$mSr}Hag(#w2^rF*Etuz}M$+&BZxM(*3Qi2*DiMcuB zFHagZ6f;sB7C4caHQCg3 zB?cQHH%?y{CcU>lKdBx(k#%3F0t5YkZY#wgLMC z!Jt6+edvew;RG*&94(R&5CLF+1pPtzomD3S%>cx~Da2tYOqwM(f4w2Hx#L7gXEcpa&hDr^C1O5GTnG@>x&A6g+>%3zu`kjO#YAe_I+gRC!~rW$Php>R)CEW z4n8OCx*}-!xFDdFCDiae7@3SS zIodO?SwYBw*%-}z+%Puun3<8&P|FfX3Xm6BLbs4wm=uMU4N#TYJYy6jd^xB_wNpH^ ztUSjpxd#LDc!h)qSVUjQ{*&g;0~?>(9ewco)MXYL4w3>K=j>?9@ik!(f~uIGS-n28 zBv8Nh3;o@`D2N@A?ng}j227On{ZZvFh*zKIyt~l{mS2XWGk|J0gvtsf;k~F^a>m1t z>#FM-t^csJs^cT-)3h~LLe4VxoFZr^{SZG{5cAr|s>U_%%>Lp@>05=s3#Xp4ePJ>bpX#o8s0-&zw1WDr_!1mWqz+=*E zJa+s5h*^E`XnE4o0+9SqMw$Etz988jF?pwRr7#3t=W-Cy`49v<* zz~Ge;CUV?XR03;M1HzZk^qr-a8BN;HURrF26E#QJXqP`Bb6&l_GF&~xM1caHq6vyZ zoRLgDSY#h*eZhtOo+5M>mhv2@XLg{o1iz5dDrz}T5x{}gnt0_=tgtzaJWm1i$O~e~ z7aNT%r9;J3+ANR~!UUX}V9heA8C(4e4=3VsOs2Gz!Wx)GAanG99o92hA#Of!*MAmJ{qYX^jx$4Mu~s z?K;f|5~G3SELg3lyFI!Hm6&Fl3ymY7s**p;9|jNd1o=98eEu-CuVVMT?q2u3%j-G_ zc9|Os)YlRv4`%eJ@t8#9Vr45NdJ6)ef&FqIcCpc?PM>#FAqYkggdqq*8sP{)OzFL~ zoEM`;21=rgC_s`tN1(@%B$7ex+>ZVG_qTVrh=_=Yh=_=}I+OrCZ~+bwJSSk0<-*01 zCU~#>-Kmd@ztYtKf%qz%|tWxG-JZF*2PN?$v#ckxvN2z0h#C--vMuRbhNJYF( z*V58qa=*`B`Ev2@I3|Sq7b0k^7^@RJ1{w& zG7!LW!+B`t!X(Wm$QPypC2FChfm&KARPVQ-f_e_UpGN=ZvJYVa;&Rho7$TAi`pX2b zakH<|c5Tp9TzpCJ>wy$41BFyA-m1bI4F?#GP(w)rSps2+>0d)09@vm8GA31FkQf<~ z7_^*>!HR$l$^xRDf4{xUZZucYWN#Hkw^+duBO|DQQ5eshnXHzcqV^o9-Z;lFys*sN zNSQBj873wLWyKB9Cstj0oVj%}ImE0hAXib$UOA|m9$IZJ?~U^V(Xo|#_2Iy?$|MWB zOihJ+gP05{07IEmr17u-%hYq6YZ{}n7aT&-nB^oy9*0V!z+wnMbkIEri2%gi&|rz0 zgo17EP%}|u;&D7GlQ7wN131;w^DLY2W$_gug=R+4Mh0clmcSC#Btm8gYxl%FCTVeX zY-TafSD{r^RYlbRiH0U2!<9+Hzl5{NImUfkcyJ0uo{G!`)Hn$^JjH zuBy4@*0s7ZmZ^BkFjKojBjm2{$g*MHww2PI)Dz;OgZ_wb@*l46tu3Ke#X8m^fr0Gq zs2B+F_;QxK_IL-n2y78pJs-iz{ctzDY`20k|L5!1P%!ys_Y3v4p38JTuex?s1=@4GS{)&60C7!X2nEXv=u^RNBZ&(~~M%(@WuRC5o z!MOV645x=QZ(x7x3t*37HFNJ*KW%V&A=gG!>(ODf0X5td^#Et1z z-{aZNnHiJ^%xqNg(8i(nR{x97I^S#9cutUy4K@Zn-nXhG4{&wXy|?Zo&SW}A#O3qdRQG+| z3psEo<2%rWJ6HGDsgji8Q0s-f&_cUp&&IZXF8G+;3n~<^Z^=|_RiPx;IM1BN<@0)t zV-o{h6iA4R4}AIO1CLFz@!q@79G&3vpjLS4nTTi0`TJFTEHeS9^Y<#|kISBqLvCNh zcE*ss;i}S-uH_j^{H>>B7g1ZPt6`?voU@X{)O3(RkGg5Z3vPq;vCo_4fV(X!5Vgve!tjv|m>C&UtA%y!ahmN|7&KZEy`YGEPNHwv7-_ zS4GM_k)A!@ef3_vt!-8!^8ZDW?ul5hDn28@bYjfexct2W}rXvm^`{?X#4)dp!^LC=!%_&2k)>mFp?=E zQa8O>J$J$_UW4N*8BA!tfp$+!F0 z^z`*FgS1pXr9qWUkL#UhE{fQK&-%XisP(0XjZejY(0}o&pZ)M}>Rqe;r}w|t_`Fa6*9f9k{k2mAl`zx!eSr~OZp z|3CWQ_J8Gn$^U2e|DR=_>;I?!lFsk-Kj?oa{67EuKl6X4|Mryf{q6sc{onR~>VLBz z^m#x0KimIj{Xh2q@AZG=^mYHm=iUDw|5yHh{m=Hl>i_qD{Qp1ull=en|HJryyYv6_ zf4BL6@$diQ|5ty-{av1K^}n94{U68utH0ar{r~FU|NH*e`~R!Ou|Iy3tpHJrh$Cv*1 z>HlZ>bpOu#fAs$U`QQ3~)&G0v|AT+=|JDC*{g3*8|9|j*yZ%qR-~X=9?*E_q`F|(= z5Bk6V-<$tm{vRLwAK?E_{m6g8{(s&7Gyg1q)BpAVTm1{L`+s--Z6EkFeZSH8|8M(W zsjsvB|M-9YpTGW;zy1{d|NG7UfBes%{rwUDgZ%INALW1W#Qm@Lzw_t(ClC8&|1 z{onRK@N~c9AA-Rp$ZI<$5J8q5#*fBJ9!IsW@!`w#wRO8-JNo7Rx>dG-a79{A1B!fTuS|m4aq>Hv1TkJ!B;RhYO zD4*InxwK8_A<dpx_TksXe`?7%g@<&jFe`fga@U(Rfiq zm~yspMH>dqTxKTLI2k;Hef!Ot+>4%S!0S)VI4IVG0Krp^G3F%J`?xJ-V`n?^H&t=;`*D5PN5A{p> zA!4uN2l0N_{pbEAVOa?K6P6vYwIx&wsajNQqiRC>5bXl9ohS07>f(!$8Xb%ExBoz~0>9(Whp<^xzhdO8Q_8 zZ=afcmtPFFh08GHMB%XM;PL4bM>t#=O7ozoHQ<}~Dx#Hd?Ccf@7^bFBt8rx)lYqRs zrOFXCd1I84I)M5Z?M!)=e3y`Sz1|odL9Ep1YF11zR*ocuYLI(KA_YQ%CrzB(NYE2u z-As3XuNWYj#09Wi!$PLT2wFtw%L??g@btnJEmUYxTZWEn7p$vgoal*V0OqeM8}wXe zLRN0(evcT#WNqu?#_xDXl{3KL95#5-nB1A8tn>&(w{=}TJhmn`;Bb20wib}0yc&ry zGM62uBenAmt{P>`@#YgG%vr%mWMv{vYU{T8$`pIhs8kA*QCZSoJi4ekiX6Hnco(AD zE@%CN9ccvy(E|mBu~IHFrm5|53~-4+y0WE~SC^W}+^EW`zBU=E9mPssZ^YW7RoTb5 zRDy)mL}dlx|6BgNA!}5w`fz{vR$Ar&sODj~hK3GvKAO40*k-!G^78U6>4}Mt zCb)^M$nxlLh)Sp)J~}j6K{@og3#Pv)sh@)Ns0|yE2FHd?(f^)0e0ua#sO{1?M_I6( z+D@+??>FZB*eUX5>4YGJh)5wJL_#wINEJv-ttg)cL*b>k-JlA&kqq*yq}SrmzN*nL z6uiTi6heiEi+|1FJi>ViowXM1Gd5p`TNy)tM=G8kW`V6*%B~N0H~3Ef`JkPhvul)iU-MnX&)Y$sJ{m!?Zxx_ht(0}#R_^I&Sy9JTj zD#PqY9ajBLI;rSp6h3`__qiJ$yi`L_e2jHK|I1=^BuBudIiJ{r_w!aB#et-#`mBu8 zPRZ=Oi|*cS5$=eRVPemwa5my;1tp>)lh6Jp!B@rhs;+o!GjO5{Ty-DjLMvP(E9GPO zYoD-7jl1y%<=uX$AjRH;N0Jj2CBg%Bk^jpn3@nLDXLf_k@Rw^6sN!q@TBu#_3%)wiuK=idpUUpr~J$Vb$at+t^2$ z@dnSw_8#7FBo%z8Ay#SsnN&p4`A+DSO_dP)Pq7L6P5h+_d)8F~T$d*OY2gqw1|p`~ z$(3j-EU(ae1IDVVtD^=_lj}Y&WJw<8g7xwl=)`Qb;*$1KhE~tN} zuHRfg{1AkT{I;W_xX}g%D_1t7vR(~}nduim!gw}%3vR?>lPHXb)ye3>uI4#V{3%>9 zcKU_p07S}(_9CLmCXY+HzIMNn-z|+Pcm?8~F-nQ-d&3joz(IO>2I!c~d7_G&78L*x zBz8t*;zR@|5+`Ca^Dv3rZXLuwM|z2^2_GL`*~l z5lj?J6%hpl6;Ki^NJ$kD6hutH5mWBW%rYb(NI`&OowJ5gs|>?~73-Mri!M}l+# zP2vxY2$Y#Y_@V9d{)cp&{}XoGe1eZ~6KB!+cP>2}_YCG$XF2suPhVWIWXzVdho+LE zS--Su<`JqlAsb{t`r0mKV@>;%GPrj8a13jgriQF)A&abwKb(3xagD4ZZI5kB(Io|h zgG@lm^C;eydTU7A-{uqeit+R1~I2 z99qy|`bg9V8_EqrHru5ttrd}=)<8^Pxw@P1Mpa<#W8q>Se?aq`Yfsgcw|EI4Iw)i?V;f0*AsG5M zY)~CJ%wH4&T7`oS7&~|wyP^bPG_{E-`IVE^wTPmWim!7jtzz>UI&&3E?pz1Av3BVa zC90((MrH0h`cucxQ%C@v$I;Qzq;o6m4-ZH{EZ8L?blNtuQQ9p^wG zH_X4I_*B+ld2Bqk;e&3x@i3)ud+hRLWsViVIb1S&_^1IQ8tdT{5DCagcOyEA2u!YF zWyvW5NEiz`m?QJ1^K@jGUUNmQPJFYiUi1-v1aj!Z397WP163V%kI(cRF-;9+2EuP7 zjhHNkmc*tB|6loI;Rs>5e+`1j6nz_L!Dut%@Mj10d5GFY3?dg-2k0E_HWD(-X@glL zkV)x|RaF%wSAu>#5f}L7d>{oo4I6lX_9MBLPtbICuwbsLo6Qylv})DW5!=aLUOeDi zz46ytv?L^5RFP_uR5*$xwX2uSwB_-4jKlZKKv0B08VtX9(V}h^xxHE30~Z#NKgNd8hVK##7E_tVR;N;|n)yHs$J0F^Q~7 z%hTLqF)mfS;}4NmY~fVPhnFh~Gnq~%YG)2=a0}3?&NG-#0}k<<4`{@aD(n%BT{fdH zWgMKXV$!#Q_|y!=s1i|Ec#H(Gny0FTF0lr3=Bp<$hljvf$+|ef7_e$Hc4|gk%{@4! ziHa%HwS#YrTiswpX3Sd8&hZnBL*g+>T%3!UIu{^_gNS$BZ<)$gGY^!fE~*xE61P}uZWU(Ua&57TyuNNTLY2m5h@9nR@Utl0VlZwbP>d*bRw4w=JS7R~8)<8JG2P7g01Hm$g4JRq=MoSeB37(%~+fxQIKjecNorLJT@KUHXhN5BvsoH zkKFovEL`8F)1`D?CN`X9W$h}=L_sl^xz=hPXgkg%;}LTC$<8rzb1N};h{MisZVk*? zqYmzo&73MYFrg!PnYVkS@;EAO__0o^#B*Chs))e9+9|ahHqAscX&I&8P`TtjZ?l zBQ9o)P1Gz=Lh({AFF7zvXBeEMF>!dIHdM|p5gAeBVe?v!g1bSlfyS}{^7L}^9m6tM+WYMe?hlR)QM z)LEL0!^BoyY9X#6;-s89oFw|FiI>bh$hljBkOBl+vlZ@v$ ztl}-z>5?V-GgDkRG3SR~p$`{{kvRMq8X@Z(JJ)d0aM0)M1R+MPhtmWajafw_46Rwy8=C$^gN&J!vg!6stu$@C+OoWD4M?s@NntR_1woDZOn%W z7=KJW@a)v#LNj&|o{Z~S z)_ae+e8A$GVdQt+yz|0DQKRH@!~yRkOUp?C%2bS#qp*&ubzggqo@j`I1u+5kyrN0Y~fWqjXYlEDTQ@ z0wM|~DnsYD8h@S~)cYeu8Z*AjUH8~T$bXl3@y-YM7#K*fM_qgakZ*arHbB*=2nN_; z4qGcIB4RbGg`|=~5e_&dVLMN8@b6;DVk?px!?B__3uvp_Kt58^MOdBsm37 zz(bE_I7se}OlB;>tA%C^h^Hzh2J0SicMOh1gty5M33lU#$Jjm0`&>Z?C+Embefj>= zZrp#nX4@+Wo(VRFQA9l-9zAl6uI1`-t~}h=;}jkooc{j&_E9=lJaT?+H|Wv<(Kp6Y z%p4QGhM1A@_mkz;P?0i{O}%s*VZBQZo@i%rr*Wpd^4d7%zW5Ue?IuA6S!#k*N+i?f z-fMuXe<9;b*UV@4<6I*QH{u_UPcNbm{GBZwke?9~MT?$E8qj5| zaVW%_2-IuI6X)iQI08W6K%XSc|I9g@4fhO^AFrFwV#*Tj%i%haJHR1 z9V4jMXp)bxh5IFW>mtvf)hcfH|IZlz`CKd0^W33hk9g-Tlw&MZlU8g(49n{sR#5IZKw03`CF*A7#{%NhFd{e|@0s*!xFBD15F^c*uf535k)2NGg0F-n(c_!J~fInhj-zxHjy|&H^~U zpm@%;mJZ!-HLZZ!IM+2a6{Og(UI-UVe15Cc<;`2pvweKCilWuk*3q0~UIr4Ws6s5p zGIJ=bQ{vFhMldq7iK@vMr-6hZs-*0W3VLx)qLZB5;ss_d^7n6c^Mx3?QZtFo=Q5si zHg0a?IVQ4&=1t^4R}eE{PEKnOAdxcmGK48E5y4kf)tor`tR8G)bZWeM<|dY^&X(i{H-3NUUo5}+AJhJw|114s%X9ntAkDx3 zt20I7f3WS~gH`|M3qScXAeuM-BC%qOi2rj-6xkZM$MA^F&iJgUxX=6SM#{*Xz9bxE zAYPMW6-#HqF}7N*qm!Am3#XlBs3*V8L(rh9j<^3FNe zvjVkvX#dc}9(-Mi!Y8-bl+VB~LH37GiP`07i{oi8l>`xd9$MAWX`JS>CTmD-Cc%La zM!J^kQc8?$W<)Rb$oO^WXyyZxGognY>L^bf&O}RNwRYYmUYm&sMJdChFmWzKhJ=U2 zh}|IHS>}q+sgGS|XH#U?7b%f5&h(1VZ+h8?3LpY2NJ+xL?B2+AdR?S5o)PHJH3e75a1MIIbn`E zDj9tUwiKjC+KB2zbLxh))`O~vZFpDK0wISoIKn$}*jPGX9NdR8k$~|4jR@R0f4er` zEg8VyKh2ufzh&+vqJ!!cjqVIQM-e?EeluB_q^V5j7n-bNFPOR*cX@2QV7xp)jfb`X zgFt-0|Lnowfswv)=%^h_c?uCC_s$D+RXdQP<6AZdFnYxZ5IKZ)C~?yrAg-~&4pCrw zZ;lge5K{Htoexo6Yk-wR`9%z@Y`+b*YRk)ru2TEaUs5tlK=J2ew!70J`$#R(k5b_A z;LK`fW17aaXlFTm=Q+k{j%0@#jDG3VQ@ON?3;<>eGdOCJNn^-nGvFSmOWq`3P4H9E z)kbzT-_S_G2Ag+&E;iVZSV5Z-SBx_G8bTLuS&1KO8DKT%Sg(p%@{<^>!^s$>(g9%2 zQFSi&!O?oBms~eAeR^b65C@SIeKvaX*`Cbm)s|PsEONdXWKX|L?G-nQ#R5cAAxA9B zBf$}Z7JwFDNsVy5YB0qSfmmaKr>(Lb+S7td;Dk{i<3^R^G1xO}K~RMBgt$ou(`Z7P zF`*l_OLt4k9udSpK_>Y{cZ%%|IO)@F%$eDkGY6T`qc75Pd3-Em7mQaY zJo5DqUQ)(jbJ-vfYKR#dKc^DmZv&Jeb%hZ!w(nsfu3irt(FJ?!EN@x~Pi~?TT8Kju zAVBGPx`V;S~snFL;T~Q|6-8 z)!4fdyGZs447{ZSlh$yYxMmBeW*bwAZhB;j6%ifUs)>x)a1_B2f`+YGZ<5n2=(UWT zMK-}h5nPcQOpKv;YBAfM)W5m56*m2k@#?dVFB6^B@orVPnX9>J=N)b*2nH;o#}>Qe zGY;A0#x7EGm2cl2x@Mq;dYYjv(r)F02B6FjzayhF0O&TS7}YL1QmwEnnwJPu)d{MX z4#6Tof=6>wJXkPi)a(>C=WS?{rpA~)0=O2FVO%iei0kKZUi#-32*oX7mt>vd$D6N~ zUYxHCaDcd7x;7=!xC1UZcoz^wVV75p{3v-7QwJaNWW=TO-IiET~79^!rX- z1c^BZVz4o9X8&nJhF_=Gk=lMk~qX9(x0zVien;el5TaJyIqo!}K| z7!;{^>s0rDv#o1FjM66J5$f4ssBFB-Wqm{Yb^lI?h7P?c#{=lF7dU-+75tozNZjwy z$7^UHIRQc@L)1f}ffd?g=Q6z2nUzT%O+Fd}x&6X-^-H6yNl$l8!bagEaFMutZIW6B z3%l^=m(2Q^r31n!mYOG-GP2GolNl{$6tu!ILS$t@QWQf>qzqu$vXG>9Ry9aFXHFPQ zk;l_*kY!R)lr8yP=^4@#g(Yk!IWzz~#B&!?Wv)w7==Pl_Tx zFt0H~kfG8c+A9M4@m&&U6}|~S3QnXV{PGl$`Z zF^K5-6rtOCb`4&VYD{!72Pa)MRrM*)fvR+juEO%^hOCV zDQuGpE+Xj{Ok%XKisl=o+DVS`mT_J&$D&R6it8ncGm7WJUFk7LM3^IP={v=0lb;dV!XDs~5)v?^3Xp>&E^9nIURtYL=k*r% zpACt8i5K0K^zWXTo1gOylp*qFhqY2GsT%x8zbm!DnTCzYB$7!a%ciu^X>&B(l1U_# z1R%Ej3v7}}B$9uK{fF!H{jcl=^gp^>dOyH^&C#PGg&3Q!DI~;iQV|4QA*f9e#T?mc}3Pl>x;|W*{D`}sBBQ}>OXQ>e#>?2+mCik zyN)r@uokGRPvyhres7)9fBTr&m{wUylYv&OmD*bh$VMvAHys+PmZI@!?*%I=T9%P5 z8qFC&W@89pBdHRHTESe)kv8(}Vwnh(YB!Ryj7)??jY#Ai9Ept)*BSM*UhnVTUwk+! z^;VGghvWBtF4@Li;Q*lrQV7pf2P6+4a={eEoa*Qdq8s5*;|-b6foM|Z7!44x^3<7s zwZ^bK&S-|hzQ`#!Iq=+p^z*+tb)v=Yj-Fy;&J@Z{;#^}GF^6OzrV=>>dF55S{tH2JZts7T;|~C>-;hIM{?>GfR558!oSv#k_k&7 z_=U_Szmww}zpGaMC+tExTs;3NUwv5SMb(GNXAu66XWe(NyzdT#iGMOuO`kuyj)DM( z^YZx0tBL7)(Nxr4GQ@|ZMP&#h3pRG3#D|h7a7cJ~@AwHA7ATmU6AzEb!}^c2{c>oo z@k^>2Dp6_ZB6LTh*02}Zv$e@(0h(;Lwe>vb$5_o(lr=FoZZW5cRQM)_DwR--BX^ux znZyLK8M2^+l9gpEnlqDmSfnVJ&RktWSw{<5dCs+r)mcDm5=q7e6iij&#i0*&V#*q& za&vPE?}fYkg6QBcBTy$rl={Nd%sQ>HJ5;Ynf4vr%T!B4m6gYb`Q$xILC4ex{^+4kDR`E!qyFFFD-o< zbfVe*Q#}5Bs5uA41Y-}9FgVgC5mbhof$iOs__mxEI3R{=;hP_|j4ot|#|?;%&rUTkJ_3fk zcVFR-+hZlTOwH5R6k$b;uER2fu%V~sO-2Nh46m9I8MnP(tnxV$^*~`jt0WLkHpidJ z#QT*C)L$VZjd9-7gJ~Y45PX?^b+%w*HZ$3aTmnSEvN{e~8ZWcUO@12hrIp#rLE#xnM6anriJAx| z>al=XuB^*!s;m&sWfxQ%5efkiooI}4%RRNEnd9RJYAiBE_6p53(@8O2@2-uw6nW^Q zz*9;eJ$ca`nCp{+>HQiPcOBMH)o|cyp9<>P^xTu5A)hDMZS$@hdqOZ^jlf>5aD;Di zSZbu%MrWtw-ETK~Bitx=3eo93NS-sH5Jw4}I2_7(rHbd%rRNP63-#!-d$iYGYdK00 zjHb+Z{IvA%bPXh(@}!>b|2I0>k39_SA4sPpPG2Tj7Z8GDmDADDt4y<#GmKTyS3zH} z#J)L_(nsyqf(ZfA9H=5y{P8;FF1G5+cg^%*Ym-=4QNUGQ==JLqIAUNOXuGU)M04xK z>o2rW_4bOyQtc8sdXiogF1TZ{LZ;GAN|t-BsN}u0TEn94kqK z0zS4NU56UjHboClb}CBC>x#$N*6a7tjoK@=?sw<%%I5>en*>KumE22p6K`;?#7xV9 zv)P?#)1isA&;&x_nVk}T#P$>*zV77hU7=U zQvpM8p}7};r6N9rMhYE#4c(hf-C1->C)ySTf%yvWuU1rx^<1FX4( z%gVK0=(Y_Ab)q$+V{$CYPKyd0(QbOteL{s9qCTciPJQ}Xq~_+=>FkR2OUWh#eD%H# zdsy?vc`kfLdHA4V8JQ4m2CHX=i;P_aZbqC%I#);p1V5glD(hYli;Qz2Q} z{%7bD-_hH=-TYs-}$C{V)c_oBgqsbgaaSkH7afY2z!7O2_I-`iP!7mYB5yV-=Y?Hl7;%QuBk7%*ta*URFI4*C>ts^Sj+;$?UH&2#1*$TLqL3X4 zE=zKwEsJ`Qxi##w6Eq2uEMT}y*@6>V{%FqPw6fuDSl1Vct%O`Fp)g{NIyZ516$qg( z0t^uDF_Hr?OziG3HYNxLQBo09-}Pi(=7e5Z933PtYzCLxpXGkCMyxdv4SaRmV&G`8 z6YJX-1AhqVfi1YF#vYI%f+DCQswNV8KWRfap^lJES`$LGT zRx#~9r1i_UTo3R4_5H|y0T&=Tu?ruM#{%B@ew+v;K3Z@%hV&H*gvsIEKPdo8kJB9p z;sk#@1N9z^Et&8j5wT(oy)x(OY18*kf=K83ll;a)P28*KYA$>s5r{6{>H7?x&41Q#ABIp+D;7@4ZgS-QKss**@V zSnF=3fhj{jr_)|rs9*@GbX_>{SI21HvzG=7qy8~;|WHOZ!CRt?Wreh!VF!6fLT<=tlQ7A##v-Pp14+KJEhI2jDUkE3s9(}?!iAcbid z)T_IaA|POFvlO9vm6P1gj;Z({k2?xGb)KUmBVQ^jhJumK9dma$DYA0DV!f!2@m|zM zg$#@}iV)9#eDwsge>poT5!fkoT@h}G^01})zTAhp`EAptU#F_t*fh*MJLO=^3Lvoz z)xd~}^R97>Vy^EIrq2<~ZVPO{!2~w=?Z$kZd^lNFf1%yI5O8C1c-xtmwFIe`C^rwCOD5WMo5s zBuCgNVa!vQqz_yUGrkmjh7DM>Pd2X4HsN{&Iz>O1w|Hp3%@cKtX1?`=-<@qQv2$l$ ztm~guK;n=@F8M@BDx$Mjbg#Ef&nIa~o>F&JuK=XHA|Xt5eT&9IA=A_%1$s?<1$`vx zC#!-c7s3I$9%3taHaiHOx1XR_AVZI8F8TWpKEr&ToHbnZ%+VhKN<4>Pa`HMef#!#Y zUzri~iriBIE)d=6{$sy#fd-JjDcjxS+wzoI@c18T@fv%)?p__aCC71RoRh8w@km+0 zSI8`K%L4D81IB5w7iEotg=?{?(`B{ErT$R4*|=A##+h4Q{0tRg<+N6$nr!3o!&k6S z^$OsK>_zH1^j~qdevfvZU49mX?9KUNLLet%@s#6)U1JxFRj?(3j)D$?3F}$LRMyp!|M=98pe zsXb!7$u&v%5@)nlDLVV%rtw>)o|*gki}ccKwrI^RVZ1m;NV35m?l?*DN%SXJx>0ud zMPV0Id-jKDxQfg6&YB~5t>U$Y5n;DvZ`v;;yd{@dt&y}_BOmtUF|vY?5);Ug=TcmFPV!YDI48h`1gc1B^wK&t9?fpRur^6c8CIp}an?KC>rtbBq2-PWj}CxLWEN z(NU8ki+!(-s1K?)nd|Hybp8H6m&=`J7(bBfuBkqbj9a~9=(M(~JS+0FYGs#}3SwfS zn6Nf^{Ex_I8D|%w#{ByCdwiD(wAu}y($*KGEw5j7ecoRV;f|TE(Jq7vm^2L-bP6=_ z1`E;*JyE?Qx5V(x;zaH+1RiB^l6-5-d`T zTh(G(pyul@1sp<*O{s+v;_lWbFybJ<#6;B9)-!K;*0rTtiq4(Wz38JA8cA8apmTS1 zl%67La`}qRGl{~C921Iq#ud(C;tUFTnwqFECpvE*55~@9TMdqQ5I%;-m|^>fS;t`9 z#@#or#;U5Oi$3hw-`&}VoQ-Ts>FJL9U-NkcK>3q3N+(kwc>2DckE^eu5tO+w)PD_m z*}^6>SzvLZBc3|5I!gw6sXk~5W#y5XcrbE+xsx2rxKq*8c%0?G##LpES9q_^Nzo_LE8>pH1m`US`+<}3 zS41)uOAP;Zi+4uDZ{xe4E%jSgo=X~YoaY(Mq+D?I704@56$BEw%*G-Bdjv$z1MzNCqd`N6q0k}} z%ahPP`KsWt@tD4@idW0}UQlLel6oh{#tOf&NFL*+%3*FidT^7ADLkbqK#&1uLwN*1 zjY1%j6otdC{&S~1wN+*wSXh@b!SWTrQv&V(sGtmcKNlQK75ACZmI#i&=O$hvn>h;U zS??9pa^%X`Gj#OzZ+H-{GHa7mSVTM` zAYn{X4%^qMQ`9xlgRwlg#Y|L~8Tetx$r1JHF$|+^lw6NATiCF4JYYjeh&GWB z70UBJTn17WVlpZ?%o;f}i5@4-5zk1hXt5EEmb0Zsyq0{_`ThBGJGkWaqQj(6f!c`9 zl}&=a0lQv1ub(N`xQFc*=JOE|8WIDaUQ7oNNyCpt*M$MMTHQJ9lBh~Kv zt^JW&Meg_`vP}|uBE}w2&PjR+2JlEdd+*afhsS%rv~6o!A)k~S%-%hT9`#Eika3TK zsHm0}{r|7;9>Hx{@OlVK=|pK0QYRh4wnlMS z#c-G4i>gngR>=C{L}ZhQpK|=G3+zdxGw6D0?k(DF59dD#&-Q;;-f*8NF?C)%NS-e+UTi(TS-cFR zE*O1s`h`_dRdQxm89c)BEKrab3F!>NT{e94)e6^V=;SiZB2CGVt!$95u5oBe4;gf_ zibY{1bRbLD=Y>XQ&1VS=mrB~@+2gWTQwNR}*JtOQ;=-R6@+lkjRVI;3IW8+Q zl0}9oSk~e>9M?MfVF~QMRVFGf`drMTPg}&9&Q@;TrvyFbRx+OxjNL3wY+~`8&Tk3f z@hLi3dwB}Q*r&?P$%~9$Ze~%ZPG1;TiHv6uu9YlSEz!JADe36v2Q5z#A}o}Z;YJ@A zzZMs*YO?$fW~9gi?>u0vC;$AY+fIMYoR|z7{jfj;vFZMn!$%vw&(mDY%)Ct3+8k9o zYnd1irbR$qL+sh4ASp76IBKgE7xcqbin$F=tnDVTL+?e%{3qU6^&n$a-1q-5aokB2g-ob-t4KO3;@!Q#%&zs^aXt(jM z-j#wa?qaUq<6}coEzKj8bK~}C+cOMoh~xN$4LjyJ=0kxY{XB#vvqlVK8TJ&EW%NQ& z#v1S|2shEWWf2XLQU02_a{AF6t;S36W8RatmBdU^cFrsI2|GoCI?TYcGiWn5@2T5k zqZ?`8!+l-q#obNa+pgE4?fHoZTkEJK9!$Je^{mp-p6^s4ailIL$wyrCv)i{HsTTG+ z+Ic0j1e@zLwA)x`T4`mcY8d`EL{Swa47-8*8)4y);>W!l5-YlWIP4D5d-;H{7 z{C_@i-^UyAp4l%${Nabdhw+Q^jAu%2)z#IRr(kQ8Of;7AUlAbIo5ed>Cd7(7_X!eq zc=aUuL*^v*ZniQ+94Ms3Q?HUEa{970X@P`3SYvHkv%c5wc}2tLrMCW1_WQ3{d$mdF zL+8`lmu>+pV+Z=S=#8S1D!m$UwdU*e?Cj4id1tqd80nUC6B)c_Yd4xrox%`B79Glg zq3vM7uo;KBf(Wo7J2v@Zn{0|rOBDt><%+DfBA!SE-=?#zZjDPbHQ`NlA~nPv*%gSS z0~|2*QNnV|GR{%&6fyK7J-C>hX!hoRAtR`26=49|c5tjGdM{|C6gO-{>d!puy0n`w zw{{YajO;^aewl2QDr!aO)T0okCqfi?P%8;(p8^J&2T}-CE1E}Hd6-k3>bxhIl72`_ z`t#@{9WCsKvZ4GVp#k@%g z2q<*QHeq`j(K#YgYD9MIc#3NjHX`3KO^A=}GIY5_Gs8O<2_3j|-Nq{R@T})AoaY(M zSldMZH_kssE`ZxXm~P{6N0?@C+jFWI8{xoEwrG|TXP7(Q-Y6ncX za7q53?^b`PZ-^Gy*qbE~f_AJM1ne{}FCRnZ+H zu!`av#cK|!Gl$YE=?}@mE5bEN=M~O-bFxe|qQ0S6q`@bgR+%N~C8AHQ97WPEZEbXm zs#-;HnqAU$OQwBc+AG94i@uQAC#+oxtrBU>R`?{!7{dg26{0hXf|{e0w~L6eiWBV26KnJz-u4E7} zRQpelSbDp>mdq+GQ+MI4KCF>V%c)sJ=@ud?BCTMJSI<~^R-SLSFiFvByx<3CvzSXPf1CHip5|43{1k533ZG@ z4=5*cxeUXl2ktHyFar50oCUt3%1Qt}g#d3^75xWoY}o_?MUjLj+M6Xg0L4cD24_~zl#iUNY)sZkh)}G z>(f_}J%)oP*f!bcr&C(bc0?*rJX0^F64`CY*9mDxs1*rhNAkOi zn<1?#EtrTIghFB<$zFPm&@PgiTjdblbIT|ohJR>7c3?CmUyj0Lba;Zfcl7EzMPOA_ znyMajGGktw9bags#7Dr}*O-3wnVm;yoDF|+ElVSNZl_;uP-dUlj9rn z?|zuz+b?-AaRumAxw2s=Bu(`!WMr4#C~hx-$Wu-qjfQFI0N_=)*A!ji zm#!U&OU841^fMP}>Tc9euRzW0BScPpD2%bz z0C{!?Zq2BU!#vJ9(HlD|mgia~dEM(2GN&GLV?~g9dyyJCeF=eyN_;ZCVTGDHMTR#q zUnWrbVGlHXV+=569Q5``)IfTceRk*t7WplO-)hM5s;a80orZfXtD+^!MXE3$P_3w! zM52WZ`f{t7!xTrM5!GPV2#dkoi0`!`YDDY8BmAeIogEHd-7s``K#c$tP}0&BKop5c zkb&dU*{blx1Ag8&-+VN*(@iwA&dVG$=J-#Nol(-5sLq zPZH(yL)Dq^pS&pY&DIpm)Xg7T(8n9&7ASbIMj7%9c^22yE7gWZ8}ydfFTJ$1m*gqc z(S0P^ZcgDtawZAa9<*3slN?odSo3s;4S8dZ(&P~|2!@712<%dtrth(=f?t(UA zk-=Ka_FYC*l%)ttPVX(H=9B|4#EO8bAQ6;@K!Xt&8R13s<(}0CS|f&86V?XtTCuEB zv>gBna=@)9_$T&!UEdF7Ue#B<%a32EP@`L+uf~mny<6;X6wwzUL%2}s!z=n0cJ^!P z$9H9AmRRAISuTb8(08O8mo_3WvX>Z!K36johd$GAdBry7i15aF*yk&u64!1KjnfN= ztS>ZWhI^sx76~=;fP%YG9wL?%(+Y?t>+{u~y?K?ESz8=2%Q`9$yV`sB^84-+jUft9 zfit3JCecpa zed30pPB+;ReNkPavG9||QCLNKMQn^BwiWhm7YS{KI3(sQv+~0}GvOy>XfCO8jbX%H zVZTc#b&BB_Lu8oeq*emL7^Rk8C|%NX(k{_jZx$C$Vf2d6Sg!GS?G1XR-6t`2hiI(w z=?tRUE~##eA&*UZB*Q#0izJ$*-5K~tF=8vPNV{}KiDRckW3C!upG27R4WgO~TWF>` z1uRr{c~7_GexrHFGBy!b0ID%DPd~51stc4QulSYM;wwT)@aY*(D!=}*(C^<1VRG(kEyAxhIFq_n zvI!**3cX zvWSCPLuYdFcZ6%ztW;tfk<7n60F8O{)l zI;w$hAmS>qn?@e1H&=ox-DlpuvWU!;l(;x5vfW^cO^{0kJcocn554j-%_t{V87xL2jq>ef6<88gjdN^R)*^ROwET;T6 z;;D&r?8I%eR=SN!n2K8Vy!!AJ_?%o#nB^d*{{OqD3?+R+hF@wVMAHmruQu(%o#KS- z#L~i_XsvDA`Y|J(tyOd1cNH!K@r%Yd_D;T=GVQ--FV1IzjhM#)|Z(wF>_MO<7T8rgE zcq~6O9J0z--Oww08TFemM6d~7Z=W3RX^uC&En>GzE6?8+8^v?$C}Yxy^A+zz+9+*! zX~wTxYi1Z@D;x??4>;6R^u95SVlJ_VyJ4X}*bB)W=tlM=gv5B{C~-xxiY}}57dVPx zzjfrKTxirO#48R+s_Q4e?Kn1f2-xI8$OsNRQWyW^Ty8% z=6HGj4jvC7$BZ(|X3acfNK%mJo_EW?L2>nd9j+W5#vuaWNSb^}qewK-;wi4>ys#7~ zBmq4&vjXXTdeK7TDd%C?yoD3o8mO@iD9sUu?i5?liYI7kM*i7A1Uwk*(^#RgLF6gw zMaVnP6VKn)e*XE_k>|!&%BdH~2}h~NY3*~E!{Zp7VzGF}fp9VRYxm_=-Ky%}G2*H||Uk6*%|21VvO;MHNWMnPpCP@zUkfo>!twFHU_ukzDz* z*k72AsOjuW??dkfVEnLVJM+$`KD7cqw-e(FJoi2BY{gx>zQgJqUY#y*i#u~mqoh_h zJu$h9IxtC%jTK)UBC)u|8f9JLx2Y@6E4nlDMjK(S7g(;nV!e>fsyw?`TIm6|FF>Y< zn#B&GLy9Avw`-bTZmvfgnB&pus>-DC3!KoP9lbah0S**6%9g$>LTD>5!nhA%1q(HGE4OER@`ghV~p|B z9r@Qy^zXL&<(66Jo>?Z6NEr$m{gyL>!9^j2HFOG9o%&L)!J;~b zU?4L#m@ti`De0VVTj|{lV;H-I>Gb=z+)bSujt@CBY-Cg-999oI;oZCl?zvT|o`>Mt}#W$Wpp0Q70pA+8p9-< z#bp;8l=nr-GK)mGiK0w1DQ6YoCn(}Bu~~FUq+ecfUOf0ogjPv8i^4L82;CZ^0$Ivf zYt<*0ZPIHg-6oM)!z7*J)fjc^9A%e?x<%8T(C5pdJ4NJ-5#B2(vk8$q4bzx^arXyc zi`I}pde4*i{-4GGZTY;>)S;T2P|TwDrt&}L>Ps(M|0Mo5(QnqB;}x1#$mgl@ltiq&HT`! zV(O$DvLfFZm{CQ+%@LgD3V6<9bB97i>hlqt8MT9u_|w#8>ZaVu6)$g$PA--a2snZ6 zmY2$(+dIzO?Q#{;{4BEB&QX-+#83seFg_*(sZ~&jcj$=gHQ|XN2NO`Cf+i)gz@tyU z=M}MrWqBgQ3uJ8AEBg#KB0B|hCV87LY-?F;3@+nhf{_?)nfZk%a51AkCmi&_Ji>jDq((atd7|ygwPmjiOm1If$1`e+^Gv~*dR}YGF&WM67{)F!f@o|8yF&&IhR1D} z`}l-T*g)<4mbddl7jYui_ib!QUgVy5<%X#{Z56(nU#Y{-UwS-|>Xw-#O9Vu>uk$HlC_$C%m7FzOHxsF#*(CxQj{SXF$)4`!$GCyf)-tnh-eW3;%Gq=jIh^UE|;NN zP+Qxf-R6J)3FezaI>9>Fx8{^y97V$H#ql=9HxADNc~M zrUD=_b&S2wxI_wsLV#ORyH`8X)*n<|wC4wOnPu0Ek-|>tF+kc3z*8__C~bM(dEvpH zm#kG)MAUdbrLmE&$ll8D4=&MQmRCDxnlOsj%`I(`!q=i*qV!3-ODf=dSYHZ^rw!YRfC(j#*_~xwI>YyFwc{wIExz z0}AN13yzbix~iJ0rt;^d`8i{B?w2{)+@+>j=XQ&?IbCAw%rq1;!$~d85wV?ui;7%O zw?ZS!bdtwFp_(JBXrVWvYS+WhrgM&5xZeqd@WV5sXtwsy>3XHxUs$dpx}$9pch3Zx z_1+#5dGC@=#aAhFl1y(t-Z9GYzn5PcX^wg6%vLEo{F3wXN$U?twZlkl6fs103LFtS z5g){R6Q>hST$|MrNgz7w1~qOs#e)?2J{*K=o|Hc@`)@EcE8h_S{(pgeb}V*Blv+h$ z6{IzWe@MOQFh&_tX%C!RL*kR?43gm;;%1C7N!}|sXBG2?v0FvbE0|>tk!ux{Irc?* zBI1Q(rlAjst9b7Kqv%aMmkSn01RZXBDhgNjOJ{vWIxC z@m!_Xc&xF;9ip*^7(+C+>lLD0B<~EO?3ZYEWje}b=$&6DsTxnfJbN!v<*D_0(JE1W z2eY9Mib<4?fqk{774Fr)b~2;b%bNQhvrn-+7JTY=sFx`PLpm2*bS%QT(UCXDnB6|a zt35%PMkUcQx5(l^wT_yJ-ngB{nH3q7&s>)KpE+j}PM_)F)AubzHtnQ9;A*{Wx*?=W z2kb+e*P4BZfnL44`Z5SJY0%7$r1zNTBwr3B(R8AB@O9rgs=USus}DB;7pJme@tn>w zDduFTc@a|ibg=iF32Vevy^6C$*_5VlF0-7?$OLMLme~?(RcS&K1c5x6PNRVh~EIO^H8Qx*>j9p$af_DnW<3sn*FNXis zUd%1=3L3D~d`^d#n&(Wx08>}I=LLB21rzJK4iPqr5PsWVwQE8v#h{)p+0R}|bRbz!05@&AJmkv0jn6T?JZ=#GJUr0o^a9+>0TO}%#Y z+t+>f-(9!c4e*QX*057N5jR+Q3PdZXowV7w&KpGx*k*{&NQjx(f*a8UP1V+~eK5}a zFQn%=N^_`X4TvDNzOiktxy7nFLmyaoip%8{=M~eC%pHRU;BqE&(mBT*?Ssa1oaZ^l zPG>FPLm=M1X*G)HWVuP^msoEWnB$U6^@{kpRy+!X#*KoK+N>*_h9=3Hp^pJzgD@UU z8MGOIOc|sdakOpQe$%~GRaH$`SxM`!RCK*kae1WnrJh++&p59*vq{D(Tg7F^RGPyr z(!v<{M2FYFa>6}TckQ;_`OWUK`Nngc;?Ci9Ljjlq7lmta)F?z+KVjDO^xYB1fT!_# zP6CF#$55+#)6piWJtDbB$tEc3mZ)|N8vUCpuPpDKyfKVo?-<9kSXAOeFl?}9rs0~M zyK{m}w2ISQl6pmCE&nqYZu|Jhj@~f5!$QbP5{b?%bmV4XSJtz0)h!O1yof;=Y$)zc}`~rY-bpI#wJH`VDK%C z2W}n&jWVGVQ4{XakBr^KhltjE{8l^*(XXrb58N-R!*rY@tX3%Uioz=>eA0bL>w-@x zuGBk4(Jo=SGE2!OFgXqTQ*VGU7+DQ1r8bkQz}IP8}B zVaz_XV-<`xhOu3dq*z5`4-t4vICQ|3-WeqA6^dRF*(Z2osa2{^5bloAT_WBqP2#*H zble3~$oG zMO3wiEwquNzV43`A92I&;GYmGC@Ls(QypGQv)IgJnlOvbscc&G>7446Jxph9MzQmY zi&g!Cf3dRyKXRowh*%{lZ4H5A7Xw$1DSKP+?I9#@^Mfu(LL(6u~^0 z45yC^Dy7w}FkzuOu7H{@_kAMnP95_>?@-zXt4^yJ${5yD)Y-Lpz%dS@F`0!AcZ@ig zm@yX^5hzWZ)wr83_jrrBICsqly+dlG=<7J0Tn#5M_EjO9&NGEC8Fw={%Dl`%F>!(A zxEuc@+wZom$a+JGI>Sp?$FJZRSY{L%hlhVSV9oO_y%vYQ-EwtGhqqk3H$v-hH zF-tZK8w?mXEEqK~Vb=r0vktn<-&D1CcU5%nZ-hO1B-=Qwl6cz`ow|Nzo;cAb+~>s( z$vfbUQgla`e})_Q+s7Vx>#jQMrn>2dQC$*rNxWA4-QkNNJl^DQ6;7-gXY4-^(4+NnMD^@U!zUf?AnXui(yXv*M>UlJ8sw8 zhJ?o)amP(?*XWNMSVfdu;Ep2k^*;uF*sXh_-eC~dA_bQqhFGE@lI3nsZIPBuInGd& z=I)6yJCSt?+J$n{IUu3?Ftd|YB==&AM#Ek=M1|8mxLC##8TxsGS1iRiqEaq`%!4y% zXQ%_(0dD6Ln1R15lVM)U#qdj1b%#j4KKT$PA|DsPGS`op(k=Fj2(KRaz42b{Qg|2B-w%RLsWOK|wn?67*(_qSM_6GEQf7`Kv4&A=7t$Y1 zBDIRjEXrD=v{*%bQFlq=FC3JzhFU|nM6*XJG)IW92-YqDs6bc0$jK%#cjg@-+ABz{ z(q@w+u}Ri0BDumHVzY~gtYWuI4AORr(ikM-Cyn!=-7bkS71k?!V!Oq3N!}eI=##Wv zVT@KjQ5tr!S6`+YTRf3GW0U0`MM<K!F5+5i46x*KYFrhsq5?) zUn4ZXd+&94WGm5mDGg3qH^52lG0 z#Dwzmw-~no;JzX1);|#=*koM@qeg*h+Jn)fK($>5qeg*GE;BFCUd-jIgjm~k{xbUN zY2{t1ZZVA*9wA*^5fNj?7h6_4gTQseW;`SPoViQJA|oiuoaEaPZGF@ojG%L(vv@->4t(10v7O- z-n9+3$RXW(KaOk0uZDX4K0FM4yHmW6cd|q2c0C|ym1s&OQSaGh)rqLe9z_@+hzc^G z9JZ2ymfsZOpz;;vE_tA69>_G97!$6@b@=F5Fh2}~qnE=KJkSe!>rWb^RV!mULvK1O z3QjwEH(hw7=^$kZHA;#y^_*4Q&dzw`3N__{hoGZ_HBa->v{L0kR4sPri&iLzTB2dP zlHGw=h?xExcTRRTV+|XM0;9ea*(dv|&!@Leik{=fR5-mxjx!u(Esm#6jjAi{P^`@soX3C!m zeSrsrdjRl0FqCQh+=t?iu1V%J^0CXGh8V>^J(Qsj0<77E<@IJpDX8awA6s6dGw-$t@Gz zndbkJKX*0|>H>$PAow3<@;O4yHe?xF&za%*qOZt-~=tK&qFRB=8;)yr|JWHlM>U5doZ zBJy`ec)>+|?&|9DWK|#~A=y##FD8K(hFSjAb)v~+upp3GAmnOEs?mrUsGM-KGBPkI zt64&gq7=x+NdnnhJATfsw$ERy&4s#pIz!^udklzm5s@&XTvzqa6P}_NaIw#q7*R0i zYh3Xq;X*#1o)Hl=nenkHsR%Lzq&xZc1HYGXFg@Wn;&ZmS@I1V|1bVUNtPP;Qv7_er z`>)``3`;cAGv4;pkkCaF5fK#3i3Cd0QZrFQR0eq7M_+~Kb_>tL?(ukjHj&HNLQU`h zJxqMvN{ z|4OIw*2t=gs4CFE8j$#JVGd8)6Zz&+K??O}krKn#&^*5xQyO-thaS$9H41m!P6eJ2lLPUbrl}Qb>?m`VVm^5Z&l*CCg)K(%$ z(q;t+FeNqgr4H&*CXi{_RZ@3%fKF*86+_c|9oxx0qO#8VoZ)jA1tgY2)m2qr#ixC} z9#+&zJA5BgkaBilfJJ6N9C*h80C zU_{<362*{Vr~Me{l7B33XmR{d07vB?uXrt~B~#<+Bw%SU-o3 z|2YNl2bH*V`+BSJ?%mll+o(^59hv?*Og8B4)ey?ND@R_pu3G+hiCXYu@=p4BIZ z8$+7Seohx(v8nV%HSs6TovZs4ZhnWuWr85)SL+NoUHWAS`(6Z|GRcQP*2GXEl!Y| zN(xsThItL2y+ ze*`r;d?&)A?$5}QzcrKjWDJTbOHt{(`u*L`=$f?oI&ZdfoaZ^t+VwGRoN}=)8nE+Awn4$lVLZ#sRjgL+@?ht^G_%kcFKQU!@l zXjbf%FVEE9I+x4BUvVERFbHjD?&~6W{UZQ-)iK!UI;sJ!frU#C2ZyuFMDzPSzP$;c z{W?12JZBnB;R;SCv=c>#$DhDm+ElXKE_GegKDjaoO<6EhX~`)H7_zLgH?x`6q6BEj za0ut^qFjoCYMt{7+hwjRV8)Yf5lH;(GS!(DG&gAw`qQn5UngZ1c5LQeeW+d`IqP%; zuKVW#N1ag<-C=IpG; z4uesW_A#kF$Q8t8wAQQN5iz@8Z&eQ2q#rhRI#gZf6&=-aU!GP+= zeE%N0AZO5c&3YJ*lsk0ui!@6-o82NQ)opH@7p<@JnymWW`Ru3SXP?s0Y_`yBk^^Ls z6y{;H*@Q$yMg#Estp<+rbr{GgI`1a8OTe;qf~ye}@O*vHl)k>?s6yD};CJd(6|j;c zV5puQkPGk42HD9E4w~r>m$gw^E+@G|Y5F{h$D3E^KVS9#4iG+X@L%mi*Ft|}0)L{6 zprCuqDGNZa@IZmSoiu_3DFq+CLI8a-Xb^&mT!b=NGu3&hcz6k1=#m6O`WcQ5b;IWV zju`7WR=Erg`ZZ)w-Uq(KS_5_;3uDKHvJmU@j+IvBQ5iD2zAD%-1G%D zB#`auHXXHV3z*H;&=9E%I!4k6*j<~DNd-hU1HTVJ4YFsnzV=Bqylxx!8HHTc>f+B`9GQXRHi7=4VD zK>Pbn%;aX9X`&X3l~ab^`zU9!kk&~(5KQ1|fag9R7CW^MS&YQ-p5^PF(DBJ0t#~$w zdrBq@mZ5*sJ0W?v*GTZ0Nf&Pl+XU>wx;E}8z4|8Dc{KakSFGpD3+7B=jdDG;_kVf- z@3POfS~;`FUo38gz7@g=o^3FVLzD#VhVN021zs?7tPUf>UmKY6gzr5gpQAgnoa!Xg zLmA*`O@vJ+bI$`_{?snu9d6uUhOl`ccfzRI#@IuYHpDPNh#Ev827@vX@8E&w?>F`{ zxb@Mfj##rJWIZ9jmz5q#P0yp`!^%5I`y}Z!zL~-jwn>Bp3or!!DLCw0ZA-A^M+j)~ zzsbcE=sh8nKAxjzOCuWY+uFH>_xo1!&T3aUbqZrY#vsLOL#O^w5+t)$Iv5nmY*$(sGk?IW19 zzm9^Q>=O_81Mla39YTl?KbHZK|6~2wPtT+NL-Zm8{Rh$oD8djSK`=asFAgX8$p0aj ze(54B`HUbUYcnbeEK??yF`=vsD`3)5m~BjQN+WRw5m~$~8ZdZ&4Sha@Se%cAR+K64D!-bs|q$C=Kb35|({n8ytO zQVj(Im_t%gM#w3MaEYLT%qSuQ2Fie#Pt*MGli82tvWM@^xI_9icsaYhzDDfyG*`&% z%N6kWX7szy2N;@fHLIzze)VU?1}4)+nFE3NkXH zkV9+*z(8;TaFrJU0fa&SZWBTh0>s<@j5??Z$?*XOI=+qY!HxWrPE(49GpuMr5&Ivp zX4Oc3`3sHiqv~3nP?`HP{|hye{kXs&!ac|QG6?^0Bv^_X2{9uw#G?$ynhPyWMz841 z8<0|#5siUaTFIG$ZC1wyAl%ghMi6e*>-liv4Ljh_a#_X{#;a%amZMC;x0t`1G{vnc z0Cr7%<;JmRre-h~Dz^s1Yjhd^6BBG>s4lSm@&iGcRGh{gQ9$@95$bn#Rb~>{?(y!? zqw`t8M6+B_HqX@3N6YV?KDdLX5sK;}&kWWWD%t8q<%Ch>+*aZu+|^j4a`z76n2Ygr z6{zv8Sd4GJ&>mniEfcd1jSLUj(YLY3!N25^ zNjM>Twr&rpQ7ED{q^b_4DQORPw`gMtw3x^!TM0qZS)>v?60St_kq;M(cvV#JDT@#( z1OojI+4i_PxUd5owFDec(47(W!Io{dGrJs}l(kK?3!SN;}JsTov% zUAX7R^WQJ?!(_gTU0Ks>h>;{_Qi2jo$}qFkTxWYlAp79+gX19oJ=pYKeguno^eWfR zSTF%yv~3>NTix@s3xAtNhQfccr`;8C*SC#tYW8LfJ>6Yz$o=$ie^O>R8>?4DoI<`c`>(( z3B0*GN_P(+@1)d+b`j5)oiT<;xnWuLzT1(kU?1OnFv5MEZ1KG&!ld_U-7PvU=Ep5o()pG+c=9JB~?#U&NZgJPZN}w= za#r1xH$|9zJ@o95jGA&s6p|8gXSxv%j$=fTNf8L#Qc25_TNvg^N|0LJFjCx=w?k<< z>~0cC8-{qyc;ju!Gj|5oGZi4&6oko4WK3zvCcQAsW1ouJo)D_daSSpikif`C*;w0c zw#QV`q$7uaDYkrm=zOk~Nv;*)5)Z%kN#GVWP7^^#{isKDkl<2zQxCJ|hjotkAMm|1 z?UY5Kw;&h+(-t}F>H&Hqs!&NI#m9XhE?cP2dGg%$b)S7l1_2vv0#0!A^o^_fVZ4K6 z3!;wY(Ub|f*wG}8|1OEXTH@Biv31t^&DH}Fi*kfdzyYT=-an7e9^+Z_zz{S%=s_K1 zMr@bmr%%_MmY}aYVF49O-8mHHj0_D#N{Z)7N<~Kknz^D`C9O(4>S3%t-drR>Q9$b^&zWT{6=h^;h`iosGo zf8KhEOWkMcK2FkM?)2<6f!?AU&EpUO6%b|H;t#|`u^SBf zLxWHUKxRT|AbWoZD=Zri(louYcaUmuLt_jdrseXazp9V7gVhBzyi?tdH0#PH_5l)T@ zdJ=6ma225hB0jp=CAE`-JT2#?&XH85$!OX;LS!0`$737~{~OR5{)Jp15CiwX52yj0 zb^nB4;TN4O4VE&Q8AUGU-!UL8y+ZF>AU@??%V(O{#+-umR&Lz0wz}I0t`+gD?-#E6 zIVCl_Lf`4;8f>Y=))vg+xPmf@%0mz=Vi=1 ziVkV8)0%n10ASD`SLo6791;oWPo*LH8ZnGMI(mPT>CkvxkIBJrbRKG(4f@ zt&zOg+KHUWxkUt$l-;^>giJ^?vHlbyV28;O(lQ78tw#7_lGJWgL<7%`L23Eo30jC) zXkf1OfvH%pV1wD?won-?Z)c>tdcX^o`k4!m+=CG}+B>ZM6-O+RT5-E|oalk`Or%X) zDTCJ}IuS29dGFgiZ#nHjI#4gXNkQ~htdxSJ1u|O9$a;vxajZL!`w)tfF^~BC*Y7Wu z`;1Y`zG8oXqKGMs2invGkVQfiq(v&FH4rEB?Il83iXjMyRHlI%CLI81P=y+lm8O8D zX-NpBqzbB{2&q^gpn{l)NhL54AMyeNBCp;arBh&XqNc^)5LGrKfgt&)cfK9xuD!m~ zX}&ukE+WXsIE6 zhaRtZg}fjd#0Z^g1%zqnobW(P1rW6+XkBD#)d&Owut;5$?ISR-q@xhbO9KZmFtQ9> z#4y8zON9c$Az&{c70c2)7vCLZ19&5V0HhR50tWx`YAH2R9WyQ2xc;vnyXVU;`hVkN z!q9@Cg-`SKU-?9rr!pUF?3#P^}84F~B-CsN!&5idLkxi63L z-R|pDU^SCO5VatOgy$+t=>Mz= z6+$jxw^r6kkwr{eyXyYhe`Wsa@1?8=g^R&3|49Du$8FE=-*4#yosEA=e=;M`D0T|} zK&OQTdjrOiUpTq_`6kh2j92QU{i-t29TEGIPLR?svMnOG#V75Ocj$~V%_cEjBCv~i zx$LrkK&#e`Qn6v`_obw&v=isl?eXQW!i)h0068%21E(Jo3@CF7!93K*&8 zxQTcQL(vidFi?YNtT3UJU4?HImc62~i@$9m$c{Bh$~Q^cFC=#94-s1TiqR(B(q{}J zxJk-Q(s86*MP&}#(Ox)4(Pb5fbeN-Lc#7UDc&*ZPiwLX|W8y1>YZaVUp}bbnSjAx% z2<(#>xk;B)ogvhvzY5T(D$Q~RK)rhQ`h@AT@E=z=Dj(m%yO*H8CcKg-Px1Bq}<#1RJ< z!$X?IpG0dGiFdBv5p}1g(Osgu#b7JK zOty>C@=1(Vv3Y8#&+M|&&L2`Xivm~4T0n3Wmh__AW@wJX=?HP~4#g9#4-F6)JM$|`U3M_ zYs3UY!iJIR!B<-!R%yA^+EEj>;ECygq==@j(&5u?8i)HK$9H+!3U(T}sJhf&D+)_W zsJmWQvz-193tHx~`F>0!dW4c2loIpyC--Ux4MN09a&OZX5JF7nD00f`JyA&>;Zi_T zr-*$AUIA4|rU-2E(&}6VE9*AEiX`vJMBSH3!~Qaf(0D^(-jo?*u~atlH@HtgM90PT z*wwfc`}hW%O{(B`8HT6RyJ^5Z3yRyp*z!>}QXo|GU^MsQcU!3n)}mvpL#OWmCTYxq zpR|2(Xmx2$0T8qw@vHx~;(vGS6X@4)aO76xfEvvyqu1-P{+PER4nLUpmtVpe#02Z* zNtp-)L<#AW5A5}g4ue7y5d^gH6CbjjS8BNYO|{sgH;oI?4pPigNv}h1^MiM|XEUH! zRNv*QGAOE*t#|a#sZu?@3;tu?{~muQkDIx^Kbn>-s;O17VFSxH^u z@Q!=w)hAeRmq@QDtYNo=w})hyr0XSajiR}V)-H)P>lMs7MtUXJWVMRM8uyCNNVGC%YKE=(*3*eIM~5-gWh!^WE#^#(4Q}=|%LON)BAn z8VdJ&Xs=kWwa)&yZx!!J>+eg)DLN(3dKpD(lgdf>bc?)J5cs1AtRc*%QCuaoSEM@S zC2bZ6^heC{MfWi4jjUe8oi~fsCzMyR9n#7xtX@eoipek8_K|)cK0Wup*NAqDt}$Cf z+>^El@QmW|7V=k;PbjQ+i`n>a$L--o?Ii^h>K>1+w=(Stn23G_gvdkBpU8P@op-j< zoo>tFY<{8s6D{adVTwX9hS*qv>cZAmqIVyrmC72(hyjiTB7S2poZ44fnjJvtl#r1D z8UXtgPp6vs7p@2a?^H;lZ9ZB$OHr~&0Y}+iOe!AZ?kV??50*pNc^P*w>fOR!1>y`G z#UIK^3s7=_k+kicYZQydYK+gS-Jw|MD<+zK)+O9`wb!of2+qBI*q6 zP=p}pL*h7OPS)Z|Ba*EJE`NxA zvAo`N5&6YF)9(jrfY}mmG4I@pI!g zi7?csRA`nv=GrTGy2Xq)N#ky?=$7eo70Np!NV-L170$6|%vnWg7ldGzV(k}rcuCbK zNMen0OPHN!Er@Zj+f@k!cg7tK0M^-}Qt~EVSzbLI-`0-tWGS zu9QA;Uc{d?nBf)GCJ8?PlmEW6c2%H<;OJ=jFe3}Oi8PO{_~lX*y4UOKWW62+#>wGrw(;h3w_fY<5VD? zv_Mh_{mpN%|f$EvV_z@4(D1cU>1`^2v^sES`!1Ju+X*zvc= z{ziJd8;y0fE}|e7pW))tJE939hdm5!Lsg_1D5_**2ALDKt{7DvY$z;yK45>7=EDB_ zd-zXZvfI)SeyIjte+_0DAWe=S3>ix*LNFx~5i$iKD#a2}EXi2uq(soliNTLqaxcf9 zk?GF{=B^CsI!Eh<&U36$Qhyx;0C@6$+`93Ul;Or$LkgCC^C#(kwpt_crJPsnQqdeF z{KA${$r(dLm?fTns}Ixtm)+$YXAjkeGCxydS1DkRWM2rbi7|@bTw&Ag?G>CnZx`z$ zD6BQ_x;cwDyQIM__erEy2+*aZS4mA0c1h1foF$xBczGp?On#(o6|`5HIZ4thtTc<2G?>MCMZz|U>+XxXIYtn{Ch0Lo7MplS zFv%t<(66*}1tX8n?%si3h71bN1xTjvRS!)&NzS5Z^u8~@$he&T0#aBdg4rpML z!djz%Dbk4a^ddYv`xG1C zE8Hn`M*F1p#iBGuyF=SwKYCBi%Bk{(A}5%ht)&8;=3C~Y{7pEhrG*bLp}H$*d8G4( zA5TP?r0st)!{2Zou+}b#JR{Ptjdw}-d3F0DzA=64tX5xbC&Jr)l=mZ_8$;a{j5Cz? zB&~~xKN0@)Rt*#ml>m^Umaq;lsoHtV!nR+B{#sJ z=oobm>hM5yUWRMu>rwqhY$sgvP0NB&3B9?Zl6=#x7>NS{{C!zOVuGU)WcT zy{phl{+K^(M?P_p0AxTI5E&R_wmxvP!{8X`{iTL`b6irbNq%=lmx5SUXuMHvd1tNH zf?T4)?`adxz}ur|J}^>qXir1qwd_LRc#byd{Q-KT992 z8pVF$LqwY+Xs;1|yLDpqw2-gIe#cdCQ z)hATANy1Libc*2{G^H0vyb*9p>l2u*YT7F-;k9utV4}ih-{%$P zD0O#t3Sf!769GfUEYax?oL9f;7uC#Ir0Jc!Sio>Q5gVNW%7epimjqZSa75fGLWQEZ zi?mizURGWbeNkB@%vc_^g?GO%m~R!DI`+XQDSE|>SF$eYZS02d;v1u~Owz{$nMxfg z*a~8L!RR=^6z-_Q*SrfDzA68L>I_>%082*D@9E6pZRdy$G;`uz6%gnWEn zpNB)|hsU?ZC%GncqWVKfzNEWYrRI#{yTj^+@mxw-d(UPRqV72PIDeA|ljit|gfSC;?;>w03;>jgUc-^dk~Gw7bd{Qn<`qG~hq ze5SoyR8AKTvq01U@s?qF3hEen6(qb9Q(49@P@Sr0-EbFe&^Gw;}65+5NXR z7v4?wG7Bl%qDK=WVPJgXa%4NZPSof{DL_qp%n>cIzL*s*Pj{4(^|E>%sd~TF#th zh96uQMoC9l2S3djemcbdPprgvCXmV{!UyDqpxB2m&09UEvd-V~qdgiArWoqhiDy6>(&$G+!;F+ZJ|G@4ZK zsRcD85d_f0gcMJpf}}kbETSeknFd8(!OpLaEd|na=ueQhKhAQAl7Lu5>`_hV%@TS= zXAg=@qOyxfds6qL_@(hj2|g&%Cn)rb1bpj+pCqt{D8V0T3i+hzlv+jEEIgv?O1X=g z@7IW8j3T!UvD<$B67ZA6G9_mW;^}ghDC@aTE3{TgbV$Dkgqb5au2SrblIGLGPRQ*Sgqg$O`2GKz>0d9WqPFz(it82ZiugtD z?-r#ohpb-9)*ELJM4O{{xJie?-oxDbzSmu|irppxw~OA72|VJoM`X84IA;xUC1t00 zzA(y$k$tbuJmS7^#5u$172~X1?V+|4RIsZAN)&>Ih>eS)O=!6E^K02q;3#j4zq_xYdZg}_(RA~Q@#zm_R*=Rk!d*P?&9?S>#q361x56vk72+$bJfg8l_^s@H zC)(OCPi$5xc89VXr1MGZ72jyLqUedf3LH3kJsxmZKgF|&Uy{nET>sE{YCA&^Q$SJ& zbQtz~HxY~y|?M@R#J$4k)~C-rs2KQ-7c zh0;upgeYoUA=bc*{K`ZhD8KB%tbf-})LM|%N9I22eVc0}5BVDl5-P~IJJbLx`b?t# zNShfAAk-)@mD3*G3^*N_7dEtif=wc zDex?6$&fjbkpw*MN{o{|fh>+OMz0~v&4?EgflWw$W8ZLBr^6qhj)W6J1o`Mn_Ep0| zx4`n1_6pxpq*g%>;vc*#J0~+v@1Y`ie{!8jf)GWEDytp-HGL1m;h)AFgL`dRUH!Z~02pDgOCIrw)u`x=}*P8t&frrp*L28OXVPeaviI;Ii>P;*hU~G;u z9SbGt2GYssj2y=iv+6KTgoZLTM}LaUF#HI@y>nw}=}HkNA%_(tS*{S85MZ*1sUgZK zCnfX1dq_PxnWBWJ3X8PPqoD?o!3};_A$~+5K4kjCSb4*6fD{UD1u{0h#5eS&r&@{F zp9l?=6ResP&m&9?oY7MRlOU>+edhl%qFn7D`@jV!Z)gfvG>Rm0kI6i? zew7y;**yCK^-(G^_J~xVl+W}+o0=*W{`afSNb&_do*{H}=S$V6!wVL>?W!;ZZ~k%* z`aT$;ob2fNv>&zzG>RwDiGL@7aGZxNhn1 zGDSW?Qa}<2o1I&B-BjGZlY)t3p6@j!d-d94qFF?>Ob7*q5{FS^LwB!4=ptG?e72~W zLaaMBs4^3{J4ChnHErzfv9If!OlWo(R~8Pk8NfQ=Y>H~k?X`&{B%Y7Btl``f<+S+6Gsy5ohXFA`P-v<$&dKUvxW zm;>=Z%+dupZ;B;7VKnobbsLPdOM;Wv$wbLSiRMKToC7*n;+`;nEWG+p zEkA>J1XV}Ck`0(95XA-iV_b#-u%kvNz?Cc!sIFTqTVVo34H(qhZ}jGk>EK`!`IXf_ z506kXjH1~hSSY!b+H0SmG2}5u)*!E#~c80U38@)zAh*-KzYyn!LFyg34p zoT_=#X?wv7?XZKn4E(%|LPpIF`awMeR7}+qycD1m`5(fuICYy*M7FY_x4M)z+@(_N zND#K_Y);}Dy+k{nM=j^Yf&tY9P4l}^;s;Z5P&Pa2=DauO&X%_b0ia|y@iaqOnbBlS zb0THypz$KtNkxJut_ppS@rF1Rl%x9SJkuJfAS_SRcNKA8h^m1ROF>2%{;{nQ@AG_r z0;bO?uizxdF&ROXJCoeVCL#VtlAz+3Fxa~oWNO%Qrs){QJcta4h<9*l@m1yLcc)ju zpz8eNM|#rKIAcMEbVJ06gaQ6&v=s?}P<-GmHCL z4F-bBsvjt>%e4Y_+p#$$cdoI8PmwqPh)S}r1h$oW5J7;>@cd;^YJTqGv!5=$Qs&cM zU{L@EK3y&x>&EoQ*QrF*3PU7F_-St41S#D1_=kSmZ0Dq5e1nlsQ^1gnT@Q#{FGSc5 zM%L+1Sgt;Jf`BFd-4(xj&%k0r$AA#RR41^9R#Ltj6iaBRoklz8K8$cT9YLt>C*1uM zE5B>3H7fBwXJyX=0RsLs+&HeVjD^T|M6^zxdF`C9Sb0W4{l;1re3QWd#aa7`gSf!` zDeP#|;zS>Z^N{3d)5(g&2kj+a??XcUav$5jKPT_$J=TNwVto;!^Ct+WwSno3^N&L& zngS0P^}|{7lpLaT{em=po|1st3^vWgLie4c*( zn?71m_I|FKA|n16+`5LSprT}|no0i2fVO-gM0&tDCY`Ge%V^#?IDOL_S8S=6lFZPP%nkyp-%WDyQ^*TpGu zzHk)UD4IUoYKDnLHz=BoXuF7(fTfFtbjZmYlD)pr@iWL2(5*8wo0Lc*Ppe-a(Q?j( zUy^J2%(o9k=mDoWD>BJY~*aADBcK$k+AfRZV z83@5SlHv34v*+|uqIE;xvX2O!Kuy{QM%%VqJA9$i4x=cd46|o;G7W%;a501gh>Nz5 zQRX=s!Sa(gGZjR;YQFaOz!bqm>Ae;-SrK*DRQ-PR8mrBj-wW=2%x@909Blc27~I#q zR7^3QU)bCgFd`_DDj^Rs>W{U?r@judL8MV1l4hP2f*K=|>!j9^T0I9DU<5gbF}&Qnlio4sGi z4OP$X>L|0cpql91Q}44;Nfqi3z^r6=m<5B+5&qvopE!9y`hElR6nicTU9)PXqu6Z^ zkmEl@fSeGi5TQaP2kPnhzjyYy!|$$H(q~jOL>JsxQ7U3<8$0_1OCNc+4IjtqmrtBB z9B4P|5TN}lw;ot1ofwA79j05usH9>7gnrGUrHl|#=Hx4^(;cw32sy`jdCSZCBUa14N1d0W0Q7vGMPOf%UAmm~w7{L)Ocd+|Z zOg&u=0gJKe>D8}JVVB$1{-|M|VX4mkG4iDoSS_hUqJ>sO5(2>hK0+v!*5vrpw@`k7 zP&euTPb(nSqiL)np#lgeGelNm)IknM2?Kh&e^KSouz~ssq}YsEg&;i8Y5ZZLINpG} z{TRGV$0fHTK3e%pCmXfn(}A~Rh8Wu0N^EVBAy?LKd2Ize+oxbDU{j*SZ^-ib`%qIW zo^rx>hCroOMo#DQ-*Hb~qd^nI#CDJc9qinqZ46*b75Wc*;9x&IP}e?~H3P)-lz#z- zL|>Fpai^sV`wrkgxc8XjB)@@1MaWgiI{d*_i}&k2CV_WF-g!SxTf;?EWR2epJ?ZuP zi`jnn$MkU@qfS2Jp55#EKQtUG#;_nkI$wqANW(tXuGVfZGf)x7^Mp5zPTy$Tnlcf< ztvtl9soX@6^3Z|Krt2D_HIpK*+|T)VCEbuabMRkhnyQB?$h2I-(@Y^)LJ>n}8Q{OJ z6yEv_FvI3Tni-4D2gvYt4UC&Md<}e!V3%Eb9y1pZnz6OEx?Y!R`9AbI8F;KYIo{0^ z%W1Wk9SqU%Fzdp+iW1=?&OjSgA%SBWggPJ)qR9aOSksVLPEMpfSc{`k<3k8zb-maF+V8q|PTA)Up1GgI|`$_FA|cFnPnlN@Q+9=ICn zgFzwY)q$RLcblK2bl?sSpfGqDQT8Knh-=h`xH=DE;ZjI;W$4@&_^xb*aYXzPL(xN+ zd0d?p;g9tC&7}DwavyZ^gph{B!>56UW;AM#cf|3YU{k!@JAQHK{=xGO#<@G6NhMx2 zY)JUZ$kU$1-Q6%#M^^fPi z+C7>2V7Tx&+H;+%CqCWPiM#?Rkbo~|V@N3V-0SS!?IpXjEi`NiotN&0&|VF_flZJM zMM&C+AiA|gBh8RQQXqzk2=2y^Qek%(nJIcmWc0uafNnog<{U!^PpGaXLZ6-w)h?j~ z`1GVd9d>T~x?{q@gkey@TxxxgGQos6su2a5us9b|lC-pAua0`BbqG)$=lB1d&p0|u z->_grCVq8Hd}aQ>*_xIKU+DeJLor`1^w@1*SU8l?+5~w7) z_^B5?{I+Jg1^S;MLs1ViyS+ntpOy~~&DBKUkrq)U1k{3ILL>nX2#RPT zT9i#Gr4ndDv}n_3%I7R1s(h*s?)i6J8DX9l9Rl$Mjj1Ya&@f*Vj715RW);z+Qa2fJ7^_4kH8}t2MA95C`q(K(D~h0w{rJ zU!L6D5diNcg$hel1|Fg7BdT9L^_pA=9N zQ9SA-CI%&gU*BD2G{m5){Qo0BeB0jxp~5DOdtvR>PKoCCswLuy+xLYS?!j}?W@2nI zHx9Sa)LazQem$MKw2@?8hhkI&+I2gO{w-@Gjl!2=8E`xd)JJ>=%c0oWJ})ni%ohPi z;W|8exD$0DZHBI|vLvE|a*2p4b9@L2brB?B0_-%9Lw`@1RTsvRT>?iV51NpoDO9SK z%M!*Nerw~*=5bLwjhh8rNTO>|HG-a;+rGD`9tPL;a4V#Pwm5#UwHP^OeP@9m_ztJz`+g(h+=}`PYWQ?&QL`YDOFLZ(J#@gbV6Y( zZ}oHfGc3H$Pr@YhgQO-95~2ZcR960hZP0QaemxJtc}Z>MA{Fv+mudJ-UvN$ zL{d5qu3d&kev_#X=z{@HJw+3*Qi)(v-=}`AeFn>9qGqCJWZVdZ5SB19ISV|{0pQ4j z6QNLY8=Q%xGRJX$Q2|W1aq84^Ba)V_R9TuRm}n!=Z&54?Zgz!uOiYnOSoL!HOL~(+ z6MqdY)u;l`O*n5V@{O=xH^zsFj#I8yvb^+A2j(FHFbE{SMzkaX<^(#r=>FCQ4H^WbM*aZ93kO8^4LE(}2y+2+e{eC7>M0*T> zq-BWq09Zh$zaM#lxlTUaIyD}MT3~(;?hk#9AU~EXp<=Wm5V1k;h)sl{J>(bL6BGK% z9jpuPr56G>g7o;@G@d2Ifm8)5xnh4N0ff^3B&OWzrUt|3v35CxgwAp4{cZ)oae;Fm z*nOup7MFpDJ_sKn{EZO->z0Fk2WezSs}0HGbIzNe+M;On7g;D?C#rXd$m|$iUd1NQ zto+H}$Um40a2|P4&{3fWQ?Q_JYYIb@d1O((gX6P)AD+P7z@uFCAv$hQ6`E$9m zx!Ir3v|btXHk=w5$G0L{pFGL_ayNakj;qbM}Z) z&mlj#`v=0qb7|zF_WS=g!kdCVo%S+iT*n_?p$85Dp8tyk`%OnyUkTtEp%h3^DZku& z#5Q=I)A$)Eo}-VTE%uuo2lFx^Fg`vV_X4Q%2J(Y~9JNKpd9 ziGCsvOiiX?%Gi8C?kn?o?qZ@%rqzzZsQ19kPy=8oxgrOc)?<;Z)fz~jYQN4wXLt6|}MI0TB6081#J z#&sQywHP~N)DhNmIR1#DZVPp%S4vkK9SjKbQ}Gjg^s9p9)&|Tu4hv-xy@&{e(GYYI z1R@(aYcbXBI!|Xdc(2F-@N?h+BlMTa@?vzpknqD*CHCTn=*$iX+|X{_rUH=op~?Pv zGguiZO$k6yQ%0e8JCPm2Ni|Aq`f%ra(sLA=mF5HE2cd$%!a31`#-7b9ulCQcZnBqbg_@SBJ(pVyWajMeEidS;~0~&m4Wr z3xTQR@%T2x&8$Bc0e&?^+rP;rJqh@aSL#mx6YW1ZcyP=?q9~tB$UqHVoC7j748cqT z^8w#85573eK?K-9?NL6&JOu9hxM{Ztk_gCL#8VQaRAt1>=Cno?4Lz#|=Aq1X3&ka{ zG*L7!spM{0qI7CGI}}c%F96_U^94ZMrG3;2LIRp7pQBekcuw^b=dwU_dmD!0C?o|i zoRmu~C*=EfiU)>N4j>8O7U?$78vNVS7@Lo$+WfX$;!dMg0i@OtgU=?6u0K>ys^vM6 zFd_W}yK_R=B!o|{1Ff$4;pMc`5YqDjPxlmr@PLx$%j}MU`JIE#CueIMhm`_Br?}Rg z0%J~;*%0S`Y3`9jT2VgeRKf)y)F*#=tsd+WVl`zGcnUb>C&Z#)cb{Nk(rq^XbIYj> zlr5PCH4!rn$a7yUJ_O6wLp4=C3SM%s!iasiG9d|w-xtcgOw7&HLZnclrQ-B{PE7I4 z;(U5hHykq05_|rC!_E4E^M73;JrQ{k0HBJV=zLoJ+)k~ir9e`b;q9Ol_7K)Z6R`M> zyIWd`Ur7Z|3_DDeOPHa5-l7K4-Gv}WY&LRz`tRj|k@Q-Qkq!5KzwMEghPL}GZ?MG} zko><^2WC(;m)!o8xC5?`$(Vt(fOE zQeq>gox~uhjxGVfkw_Gf7|2Wgxevw@$6G%Kn%^zf!Y{W)F*;i>YJ_USgO?U~FsF5+ z9#<}VMrxEV5{Y5~iyd0cbK1n;pV3Z%6ip3hJ(*%|G(T=b;{cc$nSt_=UnC8IK@?4} z+i!~6deh;+F^Z}M$|b5HCHe9`so3p8M&(RYw|4H#wV;5aojwp!%83;Zkwk%Tt9~^S z0w%5&`8_&$|CG-~6Ih~ExbJ!VKQ8#m0-~W1MuesAQmNP-(P;S(HEjGbXUKAp>kC+UyoKRNsK&2tYOzpv^)r&WL=Y?;4J1BQwAC6G)Xe(QNuzPHJ|TTz>ZN3aN-+j6*oXnOiswrLJ#Q#7O13%QmC3HrbZ%I zA)tU9lOZs}0};YwN+?In7)d^x87Yrnw;xSg`feV0b%&&F+!h{UqGju64Xb14W&s5M3R>Z_!hVI z-E{m{_4+tzrhYui@&})%1DJ@Sq9~kHThrCv-bkSa4+DwlJfy9vw$!PS*Rnt2^Y(M` z{_Vfw`8?bIui5hdllcFS*|_#6%2EkWpwou~PbRGNY1yk@&7Zpsdo*p~?z80g^7r{Y z9VHc2KJ{fo<1{k6BXa_P$9yoP$pOd;3JOsFV39b3Qono&{<#3^SE0e0k)fcVdYqUC z9AW%t`=9anH}#R)N*Y(@le?en=|I^5M^Qlc<)G^i91kLX-s(TE`FES2>IU~Gs%MEz z7Unp4&wD{&YuIeduNpBs5k1I7jAU2nML%EF?wY8D%6}YBIHr~I{f_MY{|}ZPZpwbS zx9}w;XYghH{W;i&i{({6!D5}~tgc4G&tB(5Kq^u~pn%~Z=jfkN6n@0~pBM7-*0)f% zc<((Q-2W!J{;NPFTn1{9d@_>?UR; zpplU)LW*aVKu?eCwpAZbJn`vyE46B*R@8Ueo7cObz~WCq_qF`rFC){pzC3;LQ4r02FuUjY z-nTQ*KBTl~qwF8$Fh}B@p4@hK6WWW3i$qIOF7GWyQJaHYIL5O!8oF`D{7lzyrM0l%8!p3> zHt|yk&Ff)kxMt!#A^J!sYJ6r#e&Xe<#Za*YlvGg*5h8X$iw-Bso^Dq=K4Jq0Ne5^8 zzj9CLHK+D4f_$mzNQd*M^d<*%(+j^}rVu{RjK@>hx)bgDmNM7zA;hvk&Vl1wB$3JBzo>=z}^|HMRmb%pJc(Tky2qGUiFe;J~DPWODuBd}@Bay6Q z))P-eBrZq_Xb|q?#|<&*+YaC6=|5-RYgM_`-+(bSLQ)=|xgMQ+9teQU18heSlu)_QoH7 zQ0`B}_I!z>pve` z36b4e^p3Fj^>jQR=;3nHK|Q&6tjt8--9(#3cbBn!ZMrkT#QHy{od6^r1@F#v!I%C=9}3j1Ls&uO2)G*vLpB z``y{~$vG$c4dG$#AEy(ucRjsELkUL`8tAI1C+P*Sw#y$DtXk5!j`rXhb)qE8L^YZS zYd=7LF_!+I)I0QfhVy~Iri!MDjFf(BOehN&n7U&KSRA8qH<}SPP9UXVim9h#*Rn4X zCgs`jADUa+Y}v$z1|~p?9$w7lv(QLX0-!Du!j>79*e~HKF6p;q@WeA7nttswn&m~BIGn^@)|s=^51=R zyJKyzZMMs9U~SgN)}^3)hHUcyl)YS-vPcHq zIQC<(*zxCCWMTAgC;Zqu25M_s)_p!Cy5}ddLtv1PaC|(hxlU%_!wfLm#vj=-wq#2# z_8Jg|B{#)XMAB0gF0M%CGeu#7QRJQ#ge{Q}(4-2Gh;U6eR2#zhLfvAbu7YDF=v|_! zs*!1Uv$(Ar7*Y}yxX+MbRXK5M;luDCY7bs5}wACRU z-E@x3!!n^QJNSdPsTs+}`IwR;Iu5f%Ki$mwADNo^*BijvAesa;HNp}dn6p07Oaqi8 zPIX2lY(U)xK_s`@%btD1h=BmI_jOCo=xAx6)_xGgr>JKrsM2mc^&~xopA*P|yk`H& zz@4>Y1Bj3U4YPdw5I{U`Pxkz0>i5IEN4~C-PHt}M!6zP~5)wvtrCWB|?DGUnFz)>O zOX<|(2bn4^8Qwzc1TZ(yu{i-oQJGf^ow5@MK$*gzT&RZ`WZ2kb9*4|`ozt*|Ti0qI zR-R#im_Rm9ndW{k9y#CF>fbL|=z1j8l^l5ZSl>yzMZrf$OR~9{+AFB{+ zzZ@l)ovc3#@htbwJZ`*pPlP>H_Glb2hK6E-P8$vJA2=R!(N-s_{x*FkCJ(Z7rvq>f z-bRju6GH24mMX8Z`mnSixhEgqU!DCQt_V1%MGtrW1o?dP3ZDhG)l$zM(6MFQt zd?iJ&wChyqS0zwsL2-)5MvfYD9`(vt7ORc}C_N2iM3@4?J?#fR9UKZEY)3Nr+2j)h zBHLrZ*`tY1xjaNh$8$(BAU3v9wap6|P4D9e7~e(2T7W+X2#VmY0s;dfHt6mVfjFle zi(}6>BSRyUIZ*K-@cShM06}b>s5|Zym&Y}=L!p`+HWWknZDF!3Ge|9AyLSYS+|SW~ zpy2kWByh3t_^P~(uRLDAMzuXcISeIDEqj*>ySQ0N+t>!T7|mEBT{?MTImV5~+c2rWv5Ww1YA%++q)TNI%N0HIhBcNszg_dE1 zh0uF41w}RR6i1R!572ysPJThm-0!1adyVQd3!3hHUOkOYaqtVO5;B$UB*>~MqWNDM zEx_t3sX*^9BTBIuwkwNUN0|iLItoO{Z<*}#8K9~*-O5)tUJ%o1gJU0;9y)ioxx%Ap zg-rS_>y|%zzGrh(d;?38Vip(&+uYvIA$o_*UkDv&TjC3>8ZH@eged}yGMHu!q7=_y z)(bKVO}ov@gh7Fp7zp%SA?`&3Z&-y9{*0%;5o@Lcuu zB%O_|{Ram5>bREz=$bC25}}Z2LTH-* zOC2Cm+F-IG2ivHsuqIFqGzV*OeZWQ*F%O^-5fmH;cbO)CnDNXgEJ}_9KyEh# zxb?j6d+piJV{K0C^4D8(Ok+DpHpbp$D8YuDy!`(#Lzx)Q%gYX^ERHE)A{J(H26mU~ z3X=7>+)@w$YY2r=BeXFuJsi)ypMGZ?dY5DKNb;iw;1UCE>QuX4eJlO!)@50oX)I_q zi4hSn`st{|%Ny?2ca#Q^*~%Pbx#zP=&gUg~G;LQSvIK$$$eDO<+HTXyVsPjxQ;6a` zY|-ekdK;5cxkQ%js69&x;@qeuy69XoGHNaw&1kmjnD1rU5(+qqqGW)~Bte{|*HpnO zEtTu23=ld(P*EPD<$9eTAlvR;`5g8r>=>{`fzHGp-Quw(KoHslg2F>18}1not6}A& zQwvrk#$1MPmZCy1gpt*&BQ)8>9!Om<-x_A(3ku7KnGM$q<7;15t=a7`xJld2YRt$p zDzpSC+0j;<`7PlDv23y{aAR=7u4!zIsq`aSo0s0up#$BJ~kFcS}cZ1MLs{0`++MZ6O!8C^kAXeU6(U`Vet!VzqIJ!>B68z--3mn($!(o(J3rK$~N zSj4cv%X%b0)rqP|9~?MEslHENn&MAsB!wH6wur-lw%HrQD&>eRnBx`cJUk1#=X=!C z&n&@)MiVgt;-b|+yQ1KN zf~sjNtl^4n0_%xOe(Kg%ERls6(twDCJL=3pL~u3k5wvo-1{?eO4J@%Bz`-)QB3k8N znaz<0EkQ9Ssp$)t_L4$(n|dg!z%FLoIA-k#LNP`P(4r~|x1r>(au6h8X=(~vYUO6v z(j*?DNrHw$Fq}R=iw||Ql8zy4WPxzv6>e8?bUa1q&v8{sdk9DbjEv#ZFPoBbEyB{g zWS)bkoW03%Rjtnpfqhj~7P8V3il8+IdCk+m_mixbSq5KFYDuQD=&FlxYJ%&;*(Kz* zB0iPoB_?1m{Gbfao-!IG^MpC8B zr#ZWphSW3XqKva<;;L}uoTs*VWFDxUl?rZkLkwvuL^by-WSFvi^TrI^P%Ym(Zx z_N>LzEGt-LiPxpGw>Q3aS#af)eKgLHsPA*%jEG~nD{az;iw`N4C8E-Th*7*Abs# zTyt9IZ1i>4dFPSDUmImDsyS20t>P~Fbx*c%Hf)I96q-{(tTZy#NMW?*bDYO`ano5k zi=o9G-8MEEhR_ZPHPcHdn7EsjE-VakY?RQ3l#C4B3Ppy~nKO$CL{f?hNZjp$4~9;t zVX@vy!?YD)9t!myGI?zd3CS@y@WHj9!5~Q3h*4C~p;L6R6s{|=pPA8lF9l{gqWERa1$-cSN1OpN=XDh@VNc zh27m*-`d07&b)c@`1hw~@$;kRH-#OBhM>%hN%8w7HVk+Pxa@g#8iig5klo3tk68$|wPbN*cq_?G@sCwMa@J~B~kqr%#b?(RPVYiY9pABHF%4$q3I%Kw?i8v?C1WRN)g(Y#N!=j|d~E z6Dg&8B=7BhXzWXi81tt+aSu{xOf!Sk!&^MBBujp?hb&3#8oSlMW|U1t+S#e;rmTOD zZOwm2%V#DAK?y-9D59SL*R#=Eyn4M7_A3yu{h+3i>)3|E>ZK7&k-{JLOApPIWCrYq zCF4Vc{>p_gg&CdpX9?_Z&e&A6GMRo0A~RJrGbB@3Z?XzP&F+A1e#NF z&1QfhR2@HOSp%r=JqK!hRGj9rBd0A215F^6Czi8nNFYRstc8S1i4~BniA!s)c5%WB zMC<)f4kRu`JW#D@f#!(BI>^rnBF6^Bc^kg5@yU$xj3`jAXDP0P4^;q4f3<##Mc z&jR&6E;?*z79qlUBT%_2WIgjU!_}vl`mSI@Qo9J~O(FQDI3e+X+=qqdJV#i_Jp?Z# zcwKoh+!-E6K7;Z{4v;lqd^z<-Fkr$G-zX=P7#=Dc)gwSK3JX_|n#Y8aba6I@tPKM$ zvvHxgk@6uJ%pe+w6AH^e;ePtV`2mt9r8BU@uOHKM5g=g$Y4S>KG=>E6thi8p*`7zF znxoSXc`q{cvj*Njw^Y6qDxx$wxyWhl6o!C=1SS~E)TohA#eCj=%RP6MCuB?hkL~n& z^3OW9wKR<=LxD-vm8isbp^@HwU)ibuPs9Lf0Det%Qyv{-)y!8% z!jZAI-fC%^8TV#NjckL8Bw)zwP$yh>_0TpKP;_M2&Kj+CBCWXN8wPSgwwHERVYqrl zvpC}p)7nHG%5*q2pyw0FN(PIETD>!k8`I7kLg%n%@H90#!WLkPRI6>J#}r6cQp^7>A~| zQH)+0=A<;+Nd7jp{%YehD1V=+V3mccs!SL6d5X~Q^7Dt-his61qaYG6s!WfpjFb5+ z(Sl^VDj1A_q=+$q#zz8DBxs>0RxJ!d{5Bsa1_tx07!NaAgf|1ILWE5c21)MuPw+|@ z1QA&_V~vvqD|8RCQ08(72{!LC9YN^%z;QOmXCGmnXNlqcMYEIb2+fhFOi{ZkprC_{ zV`t-^nxEpU7-(FaQ~YQ8R5kt-G{)MwEdWsPaLBp~kq=62&jVy6>L7rKf)WTuB|H58 zUrhtm4~#)FK2b`~0w)pG-rKR<`&_4tv9L_dHknfiW{PKin>XriJb zYv;tkteldT4h+bMVw#O%fmWWJCYKh$gl!1C(3_WaIjGxy+H7Wqs;9M zCxI3@+=vY>_*nP&v>7G2!?1zQO-NzM792Sts+S987@Gtgh0Y$PBqhEEE+MG36ICv& z(R+Jn`3*y^T>8yP_H#X6(&}zTdT367R6ymh>tX!I&%XLNL~A_#t_BrJB!EgmTg1Vmj7J~Gj`SEr5Rg+6FDs_QQNUmWizrQQ zLja+;Q&d_JipK`4LKG11ijnEw)`pQZ18QMlMaha7gz}^ZJ|Ucm&^8IxmHrcd zn*c-oxT=YuP?D~M{il5$55|CaN_GvH;6d#?dQSybLE@R3NKG;f2<8Jd_h8h40;S{8~MnM6#G5rr<=P2(=vg&~)@tt+l6 zyvAHi$}$nN2Be`39ciw$6&qUE$PYO@7;w(o+bQ05OFILmxh(AorMpH_3?5>E4UbCn z%=xo|jO`A1HC-EJ)+<-`IM(-Td=%?s3JllAXeroVs@J4F)A2hwn5bM0@5Hc zXWV=|NhF&Ou*4G^ZGq+*q7x`}UYZH>m|UIOkCf?`{FQOkWF}EqKVj=N)Y2BQm8dCO z?|U9%cEITarRXH*+!=RvE(O;W!`(|vypZ!Sw|XAIVF;Da5Q+JEIgqri_KmHTV?a`U zx+glHHb=3XsS#QbsXv;EgGbiTbkJ0CA>sya{!2qX&)-=%yp5V$-S_ksXg9{C_e zO+tlqc^1!E)5My(dJU%&-gIJMaTx^&0K!C-#?@ro3qVLk>wr8G|LL#^yXfNE!(1}d z8+&ItNrgB^z7TO0b|2B;l&W3o-3q4&xt3yrqCql==LmyFAV`=#tZ=H4VoEDiRD~#Y zwKQr)VgQAeL=Aq7K>sub5*r{s2MC4@0Ej07^W-8x3nje}_nShpO~OiYU9}{0AIhMf z;KcDd56RUbBoLIDF|YH;zppwMj-uaSz8K#D@$XvInOi zEP?@bEP6NK->Ye&ZFwD3X+xL{5LH!9MLX)*f)&9kyYq z;QT@GHHOF?DbpN*A-;ZN0Im4cgd+(ccAf`5R$sGuo5{qQhAk8@V6p26bZ-D#mQ+3J z9_5T_K+^fYXFzcIFh0#>UC2W?%p(e2mJHuE-=_fI^Sd)AhK?%xw>#n-fES<)B}zh- zDWlmL0ZNnw6i^ExA}2&joIer6s4ieb)J1pf=5(+K+->#~S{;kgyJIU{y3NA_gOMD9 zz;V$>F(7#!MilbG?}JAm%!DH$A^LA+w-?Z^(2EMBB(*vI4geG=T-=Myi*U$>*o;t6 z-gx?7as;H6VB$8c7$O-mouSDQ?->?41?~x-4o>4-nFYYtkN7&hz>7px9#Cro2Qkzb zVSz4G94u1UPmCRZBK`v*yz?A$2&Qi1UvYs0a+{ziU0bmJMoHo=pz&2qL@p-{f3~1BKE@3JJL9W^hMK$S*XRk(Q8vf3**P|@4!qP$K~pmw;0E26`O`N_E3goXXZ7|=$pd-{oNfcEm>awI#5CV--boHG)Kp$eX&5Y&+Zzf`Vv z&PtWjLmG_wn!Ti$Ad2#v94L=QXfN2Y57;6)+?edoN# zR=+t3q$?~FXTq%_7b+AL2vMLQHUt5;SV%PoM(@J_nFgMmOq6@X7@3hlqy%E)ac2a) zVxZGm2!a@d395&pZbYO0K_*G__2BS|8vK7(tRzK{7F8xA;?d!|wd#f3;g=vzDEiNMDMboSo0H7^Ps3}2oMIsIo zDBBDim}MAD3{WuWe$8kkCN4n-Ln2NUs|HYD2$i3tSMSRRS`%Veh#{>;Jo;wKhx%*WS7#%7Q?$(ERhaw1?(5e$*xlI7=?lqa2A9nKshfmS!C{M#; zHnAK`!Ayn1a|nzKq`sp-8kazs=Jy6*f&KGi+~CjhaA5=p^@xEt)*rv%QP$03AIYpg zuZp~9xi_LRF}SftM+{Fl41_M0BI?{SQqkQi0Qs>;tT7A**^gL!f3W{wXnb^bJN}!{ z&qLvci^9U?F=JTK=Jzw-$-><>^6X1ZX7ggi#W2hnp}@p_rJm1JgdFAs0pVaV+WoDf ziA$3J_2vs*VcGa+C^umlbdDY2xhjLkL&IhS1T;|}o2HN*6(^MA034k@5}G`ZUL(2U1t*X7ljQpy$7yT*2qSQcdoXCH3u#=VZz9ekc=T1II64& zI}rNP)jnPCp4!X1v8){#Uh@L#>a%!G3R|H~g$bJHj$J>7b({?9Oqpfeb18Kzd!?k= zzFugLyQz(vc_GOLUma@f4yEB@Ei`LSbdfgcj<+P7a-5Eco@hwU9C4-_gOfC=nc`?W z;kP%&_b92(9B7b@hj$6#)ex0Xn4IAahETQ&#Qy}vuB$MdFrl^;Zj+gBo~T_mtf`y^7RF3oH+;gI%|V-ym@Ijjw>G{AjZZ*E7<2) zJ|!4Blxwjez(9$NI~^4MC&O=Dh(O{4gf|GFcrEBj6E&U*qedaL!7XN7O)-t0dX;C3 zyD^WR$6Oi1Q+1r;O`O4^6>36Ao*L0C!GoQfzB5`#M^9Yp6yk%GZa!Zu-sd%OzF#;t zxJ-%+ME=Ua88TJ?S zkA08f=u6Rhd?{I3wmk%m2J;QwCimKMcMq(Gyg8-`^V0X8gs0}|DAYg;rvuyO0&Z~h z;!=HQS8?D}sU(3@Nl{FPtWi(R{TuW8Kt69-`h(Llq5ZDsnX~48ni2_+pJ`8L9mvUO zYxMo8B#=5M+&~cCjxow$9EeyOg*~3H+&NYU_x>T^zEmjgo?>h0mHOh`BMAQ&8oFGfT%r;QB}Ax2gJO_~e;%qc`%Ij8@}EbS&$`uXSdKxMS$M%h zu}uANb7^SukMD7oU#>?F42el?OBo#n3$N0jNyBS~sur7NN?|S?VaJoD0hw5DwqL{4e3Gmw zQ+yX7e$tgNKp=tu=zxd?I;^xB-m3`;!8r~J?v74Aw2 z(jA5E*wxMDG;gYihj4E$8qPC$%fl6O%(WU8AHwHv`4M|Z&DXPm=e-uKh3jiTUUR!t zZenU|gY<#qkp>j{5eOXxia2zJT4>e{ehKk+lFB#r{3uJW{}vr%7BCIWc5F`XW&p ztV*)@9h)dY2LzVYpk1=pFXv$ilK@R0%UNm5VANIVTMcH|s-Q^$K`DBOe~cT2QCu=< z!2a&yLQykOOv*7Rf(#@h>hzyg)=Xf5k){HW87PQgqKIXf2$5tUkf|vMg<>coCXxsw z2|yYNpoT_brYpln38W&e9xNiA&$H?!s_B@NQqrpC2Do&Jz5xBIhw#z9*` zX*fg2!{ygQ{Ndgt%7zk!fyltZ$JTitB4A=25bu;#jaM)wybfn#Z-R_~kdhG~p$Zyn zysi+5O#)=D5~V9ZP}0zm5EBpx6-pEcsp2GuqEOs|z!0C~lOx=ANc@MAhs)L#p0o(Q z2c#op8*RBE4_4^)WRugnYC4{xvMX9d%?hUO5Sql)Pi_>v|EQkrTg zI|rrt4WF0sHkfkZ^S@7kw#OUo>S-Sauv*seDUoo<3`fnjw5sCp7ma7lrN|7?hR8t* z2&Kjm59;OW;Q+qrI`N#VBRngVk)p^mu#tEe3}EWQ!H)Wi%aR3WWKoDk$`E9NC=gHBRL&?-3AyA_zU9|Iv~i3)Dw}s@;br<6QW$U ze%{*1$q-wr4>aIdpeNoQ#eqc040}kKlq-nk4X0qmUMS3&(pFdPM=B&t==ok0mIZ7? z$f!~QSpkBU(yFpTy4Yn%uJr_@f&v{)GY5=7UX&=*aA0E>W+W)kk^QD^nr7JAon}|+ z9Ld%#XC3+0&AH;~o+Vn*Rz&ulc7_{VY#TDQlYYu`2);E7L?IaeJORFC&mHxEW+*+f zN?C$4UQH;Z7PSN4?#~!0pX|!n>d42(bGu56#Y+LP`H=9uK#zvEd=%s68Bx#18U`ci z*VVFgHWvSOq97Oa&tL~VdBu)^^&SfRsP5T*2s_5Y5G3i;G#7Ut3%8f8ii3D(9Tabq zvD_-AHJMBJ#lszom@pcHDmUN5PIn6Igor}^N+n-q&cwvSd@p{ z&tqqEL+m~IV>`x5$fG(&eWzP_*ETzleq1iyt*r_+(4$0YHmgKvU6_=1M84L9grf?@ z%`H?mGKEk?tYa1`DQi?4=Vgq^328&PzH<>0QI*`H`f(Tj>3R)4Qqlgg~ z7NAToN?6xL7p#_8iET!+)6g9|?V34Lxbu@uBcTtQ8^{&t{)hnj1+4g?jCO8c&!XwU zv~krgYtP_(SV%m}=>>^yGqJaDf)b8HErnmWd*p$v%8X1pdh}@6P4XKyMhPLs!zva_ zMARTIhxK6ovtDAGHRpfysAO#+FzBQcO7#p5uCPT&sVNaofh8spO^boa3VEkZbE`G9 z3ce zNUY57QYeTHZ88Ka-o!$p1qh%`YY{%AGeIr@K2gHr+Q4+8KX1820+ARHAS z0Z9=}B9tsbRSHo+1VW)oK?D-e>4B=**i!5d?=dhv&^GQU-fJim$jMO9cw%}TnGQ4% zlt>>O16&vIfNf#i0YYWLfOpa8ukh<{_(URqP}MI=o85RX<{>J&5vZ|6^gP57}>?za=pU_H|$KJp1(6;hxf2WVLnUHThSmTR15u_ZNT>W&Nr3=?${-pYr{m?$9i>&JMluB#E;qa9&u-IM`!EO< z4_gWixfpRZxb_{=fQgD3nvb36VWL*4rk09gh$d#3V3CR?5~iYHAtZvJYw~-$ojL&# zK``JowEDxfaX@t$jyat>j%QE7Po8EW;B0vL{|rx`+-9!<0d(S{o7w1-k8fk3f%lRi z<{2xHBt3Ii7-p^#lNN`dE8Gz)i)@5N5O%y{yVH%Ls zx`QPGF|}Q=fL7v+V9{VgG}uz2FeY%54G`dHu+~sv5MbEk52jX%kdIwaqZ*Q9V3A0h zs!K%RRxzfE4zkAK6p9U4i7XVcMvZ8+X~RZ`Ai`*wtf9%N%$p1&GgG4zD;*h;1XU$) zqH5#Hn;eoT;vJNh$pW<`AjUDOqjAim_v`G(urnK{1g6X<`!yB*sc}U`pX#R)XF6JQ^$k{F#o^kYF0F zRjF4KccVfw5R3t_MO@1*V031C>$b3eG-Qyv^y0_|QC?FTw(;EQL*WJ~RS;2`gyoeG zO+gS<|yhxq7QA3)s)@Cu0j1=k(C9KS%HJH$AF@mThAhn|nP(>Of!e+H=Sv3rK z9>OB3l#pqlDJrI7A{r?wDoQA-LG+0@l#D|+2M-Md6Fl0G)j5TR4XDVAMiEao@GcYY z^#3v19R~gcdI-@X5sYCBp4^!HrR#cddcGA^Rcqh2`OL$v;NE2c6R%O?dojIvmJ#nK z4{m#l31~rK5guyRupCSpPez9W&JegWOq3#(Dpym9#UxI%Xw|v~^Ga4WLO96*jgV}K zvC4*K3muA95HkXehD6{t6A2L*n=tTw3yqApduLCcOQoUMBzz6Fs$2 z!2xz$px|KYxg1zq9{(W&gpa)0(fs`y7%nrDx1eDNFΝHq|W@)fCohl1PXx5YfSb zg}3n57uF&)Xl=QJD8jYu)M12)D70^TE-<%&mZp+t2nwdU5NL3A$sO57H%tmJb0sV{ zqYOa&P=&^Cd4wASaucWsz{N<2AOc9x=)l6j45KkjE|{3mLr74`FtAcggh5>_l$Jm& zSPZcY8-q!vk(8xGM1vfXGZ~l|Uqr)0gVi^ zJC|!)*XiDZIV>UMDk>OxHMhHub7U3_V@IL+pu!P*`|pNkW>G)4;aYX?J9jtQI>ttg z_BN-40YN}ZL})M*wiuhsoel{VJWle0`B=#B@jh5;+j>HRFny)3*hkMCZnCMFvdE+Y ztiTF)3y@l~!g~7nG!VoAUpXqC%R~hQK@?^f5d%OJbj)ao49ptL#VVRef`!b=41h4R zFsiCrNFXx|A%@6oQyS#3)?{XM{r|!B9zCVzXejTR2<}IQA}t3K1_z!KUQ(3kB8D9X zIUD;Z#PcZj5eX3FN0?}N!?AgH@i(56fezzzT|`hj&}Bf3K#+Odw?KU+f#gCK>>%vD zA!sP4M;&GL}=8vFJACj?-9--4>Ds<1hI4e0pOGVcbC-hcw> zj7hanO1RM}g%nFr+gMdD7!Y7mQewxcGDRp$Y9du|6d4d_-yjWxV;e&s){NDLd^%x~ zlwWqR)dCyk#u6ZDPY(PsG7(*4v2w}vVC4inch@@{c?b`lG4z-(=J?2f&Rtlk@m>TK z7in}*Qh=oRN#I0Nu4gu9+>=a!7ST`uD^bJ`n3C-N(fCXTe=nu1%L9gD{)mm$_cFEt zp`1b^fvl2@D}#yArAAf<^1>|vL78EJ0Ps)T7c4Yvl`&AG$JubQ<=}5Ex&z=x8yg*i zp?#etjDj!FWJm%)Rf1uO8TNHt*lhiK)61M9=!I;Eu32K#D?r0B2{MIeVWz^O(Cg*dBpaHBoYv4DJUr^CL0qI3=%RaDXdBoGASvnN)j?DDXdBoGASvn zOG0!9KNfssC$KD#@jnY1q+4s&s11ev>LiFW^?qVS7ucyA7AqPSonm5AQzp8Yyic$W zxSUSfqtw7?VG4tVi`dJaQ#!%KqZc9x+tEW4`7QvP(f4~tV_l|zp%nI)hH z8WyET>p)sNDj+T;#_>B4%(h13X{_EvNRlig3m+e#={B4AiaFkKIm?QP3`qn)L&#>q zP*}ns0n$(&BoN60krnoQ2@Qsoh$4xGJtqbc+}WZCi8N*CGfMZ-a>Gnw(9!Dc4Zvl* z41wu;lg>pd-kUh&w>!F$L>7=)jlk z?78g@IW(ThI!X20CEza=4&~h;Ptua1RMAKgA_W4TfZ^zUhpYtkc<`pId?V;pq(6*a zR!aJOJsMjD@G!rLl1CvIMJ>GmwI90NFfuZu#56ld0qKS$2rYTHS8#_}f~mwKS9n-4 z%7_kJZPG1Bj28jC4g ztiK>5{+gx8f{CrVGK7d#dHC`H?GQ{^K!y!kGPjT@X3O0HQJDUMP0tD&_NfSXKYASXX-P^!VghTC~cpRoNb@g*k zJnaE~bEnvvbRENL1iwOot{@oxU~RwE_Szq<6=3kd%bEcQ2vBkc) z_eb8dx1h?)MozadfhgG_<^oO&s2{Q<-`6dYZ?;sW8N0CXt#F@bHI;TsZb7SYUHpj6 zH{84`GBHDTLBS95hsm6uAKUwSS-y6T`9urGOpJ(^#wcJZj;z~Pu)eZpCB~7x5 znG<0nSumj-$dNV`>VaZHt0!gEl&am8B#NO)Mhp3F)Og64CKrW8Mv~(r;x^_(b5@kK zV^yM-E5;wn2Ld92Z=Xk2`3b>dgC$y!;DbIZcnEOKhaW4R<9vojY13|S$ULqE2Dd)j z!**2lYXnCQ_3jDWQP%Rr;2@(+-S8<(@jWrmTx`wSJ*%lX1Gk2-ImeE7p0>6=2efYM z9u7Cdn}?4E=q0ASe7o3B#Q&ruYD2qTQtbtz|BURWkDJw2U@9Cmk6N%i@XgT zCq8CmnAZ;6^M*OE8x%(7RyJdH8Ph2Wi3@1Php?GK4Cwq}D{a3imer!D<5<;g^zC>! z6yW<{Rx=vGm^_*)t&C}%lGnJm<*x?K?+z-+3~MtBgY|wiwm7DSb*Z76iO6Y&nWx?A zy}ja%wDH8-&N!^c8;zl~ZIy@1jUtbktE=SAqafDd9O8tcD_x&v8g1_GiyY%w(~l1U zTz698fTbBzDjZaZbjyx0T@>enqfM_l4RaB~76wQW@23%{h|uF($bDW@?1uP!YEI*^ zUfGzEMjdRL)KJ_kJFE9F#@8-1+xJ2P8&6N`zmrzFBEgQj_Ri2QOO((bvauWXGXj_w9|9baDBBQHCveq3Jv4kl*#qoX`S z!$#i>We8{)CzGuhq4sMj6XQlDM)+zD4ATr5gKUuFR*7K14}kH!MY?0B82I#|)Y-vi zBab((vj^s6VAzILf}VYdR>t(pNv1+9X%Jw>8g)iOlXVA=6H8G>_Chphg@OV!CmaA* zDy~?1$TO!H+chSfc6(uuh*s$qI}Xhu4&$KL9OjNEi$Z|y0cS*oeKPLhgAQgmTCZoFh@a?(;Z`$7n8NXZw%L)Cym zuFuJfoQZc~>0^H8BzX>!8g?>xk+aL{i&^2+nA_*fRUsS?AAM>(Mh{G*4jYduG~*ZE z$p7H{e?ODJG?VMGdthPTi==GKGW8y#en#;6u(0MlXL5;A9ubgjh77s%I3nL&i44}| z5uG(UD!$7oUeuh5DNRvzzP)=>qtts~*{)(dp7Y%l9nIzUc#<)yGMFYI(*hh(W^i{D z{nFdacf8`xmF=;wXQW2itax}XHt_3-J{|SML2l4s_Z`CHF7=C8x)>yj2oi+#aamNt zr3YtAUlCjH?VY@-lQ{t8vO?uK2%!U*kOyCFP`dB^W$OpoZgF zfZrF^!^B|$fg8?Ve2p?G(jiC*fF=lX!$yl_fFh>UO)5r50+fOXtjQicxG4mD->x-y zhc9~wk+8P~A83_cPVAYWkA^qen7o`?YZ#FpkISpuIJ;quwjE0;LvkE~3w6EZ5@)BU zI0sbYlFhLL1U8#$*|+M$Y&@5nTjci959=Dx#Z$t4Fz$2V92_Hg3|b(;O$NOJRdz5m z8#U_%%Q52@4K^6zA-EBA&npqkfszeBRGlG1v{x4eLegeiJNmPa4d8c&q*AdB9djHt zgOD1}SCh5b`n}%*j>3^JV;tRILqIUf!GbxmMv9>vkin7EvbahUo-lWfjCvC+C|%Qz zT{VHj2U#sOkWnNHL`Eu+1mO`ViD)>G9j80Ilj8jrAgiW^1PJ^5O0YPn?%p{gRa(k0 zf5VX6Q8F08dMLlGi*qT^fm3Ftpo>Kiy|*o;8K5|>#p=Q0SVwN|L!6*;kibr8QtIPm zV}IcR7)q1|22{yK@-*osUahOkj-!asW{sxgn7}=VZeKTGb@IzhVto4LXTSC^f#a^F zSO+C2k<;Z2Vg%qZ*|TaUX%%u2J$l1KFsCBMKtl^kg)|^*F+`*(KxBeDQ~HJwSr4|$ z(SJuaw}4L00vW$$v#M{3Tzqh+bo`%&u*2nZPsDG8$X6}AKAXq zTv*?o{&=zB&mGi^b;RQ8k4|R-{kOjvzE3>&k*VJ>;+HSjy>yY=p8ck`z48}b``dHk z`$cqo!+r^<(Gy#SPE9HiNxN3rX{MaBcXHvLJFA`dkaHd5qwwRC;ix(A*3fST<7Y#z z+nC$HU=D?VYI|4N%rR=rQ4bhFFc6<3%>9X|Xg@50-fq|{l7Xk`#5wZ(x>J#FHaY?QBqQ~Z zcbtz12doCU`>SVgbZs(w4->egA;_gVev&yV^|Be7!0AlLZwvx1$T`Uy6RGLM<9Dtp zAZvs7p##)9_2QWRv4SudH8TKsaN-Y ze(*z7@0vSqOb8}b zBTR+{Vi=4~1(*b28M1Yt(NUJ7kj%=UC8m>BG=RygJ4XhxlquPftOB$!Rm9N^wAg8> zNGy4;4*O&fB8=E@h71*>MJ0;`A7OkTPm4mjlz(^Rrb!j`lgZ_g3Amx8%1)aI$bkZe z!5}2#5Fg(FTLuyq42Sd+_=>stF{Z{bzhM0rpRBn}S@Fuu-kXS;%H|Erfue#&?rI>! zggBm>%)%IdNBVhljAfH^PFLC4chF~3JKE&x^13t<`pf@BZWj1M{ zub5%`55Y#NVbiuMt;E7Q7&T+I+_6!z6Cs#kV#g51Fd111rSnJiMaLW>Fnl{#3FXS! z7$fR@DB&EEhEqc*u>;d)j{Un2G=zjW2q7Of{_$12@+3{w;v{(k=xL@u`K{U?jTiI1 z6Gnp!FuEC#lik6igx(!RdWx&86g<$dmigx^*~~eCU?*P2{US)2`(x{L7#X*7QILrG z+zTyi9*r*FK0}cRNM?Kay;XsExzr4r)J${x+W`XEA8)T6Ki-_JOS+0l2$j(Ay9clw zJ24w+k|hSV(GqK~t5;n4mRhjOh`YujL?@Y~Dyo?MMF3zgjTA|N0BEqu2MCMP5y}H? zHWxz0;6-*BnifxaG4K@5tf_>JQ%kKH3}KxZX_+Ez_G9e~Zw&AmJm8C?bJJtU+ENB21I-$UF+P(MqwM#dO-xZO z=fbvmLxp>_ny`6)rS7DW-Qt6G#LWx>DVnTLh$a|y1OZ6|8~1>8M(Nkq(~0YlkUwE- z8?IP4k@CUSsMm_V;w{K53z5Lej4Dy?TRdWpO0U|bh%7FpmA~pHVLJ)$_a?V)!uqPa zpk6%1Q@(n{z3+x>YFP2$UNv3ZBCOPkilU&i1_4c&9uZT%-f=C5OZ%@iRN(H}MVU!= z0G#MDaK3f?jXUp~Mwo%z&NKF&Fo4<^4dAlM(bRUmPb0g;1~0mhAzXX}5@5SXTy>Zr zljzX4&(_e7i0hIJkp}NHKM&L1zgYo4K=o@N`->#k)3*(~!=Icyj-uDz$VJSMJ~Dvw zlXL3|GlGd?IFWicQux8>Hg#;0{}ckL3MhlLgQ#y@gGxgZ83QxO!R`t`q@q%ZN7NtK zR1Rd~0T^D6!}e4m76JiAlTWA1sC$dTjFSV^kRB#34~5ToSrWua6xcwf0C-W0om49{ zmX_{9z=^a_G~cXpxhcOK&NxF&(pl0`@a4*>TY z4ngS-XFX$?yID5)c4BNe6LKff2pLiosSwgJEhkMCy~Kv1f#sTPX!`OR zX!T`OVfHPZxqC06*TrvpZ}zxs6ev$LQ9XjEw4=F66r2#)Kulrn*yP|&@gz3#VNsYW zjTx+SiYK$q;8(17QEldCu;glRL)iu277nyw3Lt?=kS0Pz3Vl$NgXX(`zZySuf@GY= zLtoP*b?qK|w9P>UbY1TakYF1aF0P!a*EX*LE9c84) z2q>Z_8l@PZ!NM}lGzKHz3M2vGXLCLW-czvJAPMKk&w+djGc^|mpppox5P}Zf)sPT$ z0sCGIGJK||94g)k8jD}>|tgAmn78YOvrvF!7ea07UB14x5cZXd&0 zU4@`En0!@<^t$Y3%vk*-b21?bUg^(%8o(j9^>U`GL>SO(SXjdGyQUK}uw{a6#=m~rKP@GT%*On-@*%Nx>pgIhuI27AutZM#T*?DrhY_yIZuD1Js7 z@k%#93y>M%^#P#lCye(s?)c#Dt=!o*;YwEuHuc7gO$pPpR+^7Fwk~knSAh#rkpiI5 zbz)^wefsld2AUEU_MsS?L>YE6(lAksOw1e%@F!Z+d~=^r>+wP)wvx@Oi&R~~WXNcu%i(L(cqTa7fZsjC#3fkLALKv&K(DjAK>^lC#> z3IsmzEyh}9Rs@ETVn;7JNsxdh9I$vpDAX@Lf58 zLL3rENQT(CVpupd4ZM8O7bnoXdifele4M!1L#(x?*^NZ_u|4G|l(JO)opl)1v2|r* zeZO{4TkJ!9XqAL2m7R$h)zM7096TFK+~HVbB{;w__SNB|25Ts@dUtfAYj2xf7Z9B{ zAg(fFSl2Rhu6^E}XFj(ABLg@I3PWlXaeX<5z7T!1j0e~-<6xkLfX)oUu{Ypi^aW75uP)MPI-*e(EPCk$TZtS%an?9veJ*YFvpKw;kAwVc<2JV5~c?0fZiQd3X~83>kx3ZH#whQ+ZP!%%!DG^>^5Jt~l|}we70}bD?pX zcof2-qUx;hN?S#q1aRnJII~)j6{nX?VHG3>L5ZVMDySUO2XoY_Uat7 zCUr^Hm@Q`<&^OuE7n#B_@yAr`_S-E{Gf?};NE?bjR)UIQes+pVkxkm2Nk4YuPh#%PKn zC%yt`8ohODoJa>d^Az#DR_mGL7zW|1g=aB>fC7jPKaD_`C`uq<`(}jFO~W`NRPYkb z@K0h<5R8xgDx36N>hTGkc(r9o|wp?fYt^A6<`6>*McciA%WmB*#)l3 z$Kjm=o*_WF$*3COL=MEKkji(O_fuy2AkCeP9GVV*j2jaVJ)Uf)hHSA8&uA+Y9CJcO zu2feL5O;Zfp92lJkbq4SuI5&vqEu`l@FGC~p|Hrev4d(rEwRbbz|GCQjX4?Mhb4*Z z<#HjN6O?O5M;a_f4f1-7*kB>B(D&bt_s;UrcRQ^O#IkKpK!H`Eh!My;VP%62RIqSR zcIqEJM%G#! zS4*LYi4x_)a9ub}97g683c;SXn&rZ!j7C`3%x6b~vR#g9LPt&GHP=&&BB8G2Jx?7u ze>^*6fweHo0l_0(5NyVW2J_(?9VczDY?FI?y}!rdEN;BqQ1vS5)1r6ZkU)8=2?PST znek87>l|TSkm8W8n!SZ6jbjgzfu5iOK`5tBZ>deU1-ufEF+e_rorn}$h(m%kw(+{; zUvf4Z$>Fnz9b0D%I6Z;hfnrlN5#!Mg7^RK&43<0V4b5T9K}U890Tx9H2tg^5lqng( z)Rm1)iN!E6u+d5uQiZXg^uFgLgD#8o-XkM&H#P{vKD=U=lA%F%I32rXp!VB>H4t=7 z4$`1_Pz=E>ci&TtAw)IL4i=^8f<=$91b3%xYSv4>Zdhzw3*2hhGj!((@VdYs8)nQj zn&3!77MmG&+l)IIqI0Go$cUF_j|SQJ8rbzP216FkmwpEm)>*0=9ASZt2Zn;#j>nAa z%-S_?2aL7ON81X*$c7y9NYZy!5Y?`jPKnWadC4~S#zW*)z6|$@?=pL?9fL5=V!Rqd z^UmBnZ_Ty_SxE=r?(}Tp)O-3Nnjcop%i=6$^78FiIz(VrEl5n(Mo9%&aO5#1r=Zp& zt#ynH6GLv!EJGUQFeT_R23?nf4nB!*B8@fiV7%rAUsvPXWP)z$#o(huV79wU(rttwRU%wB=TK(xk*d_P?cUk`jc z4RHILg|p6c3=!fF4-}~F8wpLI;+|8-c}L4V7S9iJ0PH-#(d99DYAR)>%(`Os&U{Nn zobh8MXJf}9K?D*<1$EFwj@yF6ZkjWNrr02s4mRU!oIGKjZ2ox8l}b%TI*|AVfTV#G06kfBaIoDm9OkNDnrJUU4b@9) zv7*F75H3vO0P6@bEHJ6s!Ptedha-TaB4)VGrXEf=suRQ0of+d~GV{M%oIcaGwSqD; zt4%6LMNAA~Qys{XT>u{6L7b;ap52Zp9hGnPaYbaZz;=f#^ZPyz`)SR(4gDK?&M5r(1~l# z4UJ~QIVTUIfMytmY1bQaWMFkb2P3Yx#4yZi5n@RIz|n4qCb;qG-+q{oiq$6!gJhgQ zlw-(2tQ_sN(HCTn{={k)fnUW%2;5E#Y6OD3=V;n8P8OW0CICY{VZ5%0hzSjlLg~Q;p zv3H8M+&8JoWMgg z`MqdcJM9EK)M%r3Z{5_PhsCnIBI_TRQ=ZLxdY53`|A9>mDKmR0Os%VlY5E2Z7!~(vErpHfhFO zSV)lDa)KO|b=-5H$lQ2Q^y4KOZ)Ebo6Nl;Y-4dgdbMUGp~m{WJrk#aGlsY5NbCM z;eo@$&a7GMF`t?9QnQqz7SP(8vz3Q3x)(MuRXyGW)xx`q2gU~z6@vNozRolmgAYsR zBPGETht@TXv2-oZQZb={xL?a6r(#buN}jk5UKT2f5h{^pkcFi`3m}p%C>Inufz_A@ z8N~7}rHZHmR7w#)Ax%_J-uh#xaZ_0iBN2FpTi2#UnYRH;*%=tf@hcN}n1Jx{%nbCW zv_+B~7n7)+qeI4PCdMKJtjxp#MnuVsL>U7EIotWo?X_COp_hG%sZLlJ(ND5?2t$N) z?=>ODb8se63E{6Q1~)TARaUE6LcqkzFGmSsRKD1u=0JEE>tV&$wbMgN8|TAr3T?cG zX0Igp;|voVOv`M@!3H$03iBE{QYgZO<>)9Sbqp>>7C<9fbDf~oCok4!^|v}x714yxTJIBmV1cQ99%cS=gRMI9Dd%{vt8i+R;H zHN!G!?QykOU~@t`nJ7uB7S);hzkbJ5cp9~INm3)SYTJc*Up1O;e8QLbV&wE<*80tB z21AUddYW%c4<;ggkb;OfsKx9jK}{Iyn%@=0PPe61xJ6w|aDi~}Z&CGO3K&yt+g3@a z3a~-OL&uzUvLI^4Z@&WhF8Bn7wkj5im};W1qihS~YBwv9-^&wB4JVYmLWgdh&e}t- zYQzeqIi1RDW&%5krJ++`n?m9WCKtD?rfP9UQ;D2SW)YhRAV4jGH(;bo1G4VYhNM>x zBF=NJjwovIFb!xBjvSQUi)p;T(h9_&ItOyjg@sE=3w=u8Y+ErGups>)XbHC-|qY68yQ5kg9Rvon95u`SpYr z@BzTx((BCwkVMGXCb6=s6FDGV;7(Sn>>$}xN~X_C;i{0T5*T2I5ZGoT94&gR#J=&o z&grSN+lma*APCts&nz^>U^P(dq8=3FgTG)ah9R2Gg*kXT_L<3~oD(s}}jzezN@k6fw zXgP*kLe;gV4&FHy4Rf+MI|veN$2~GS6#Q}glJz|SC&W%jWc4I1VBq994xk(e$qBWk z#{ke^2d4iv${f;A+DpnMbp#>{Ki6+Th(Ua(-dGSl>dIz7$NXqb0w6s^N1kW)TFkH- zpaWnJ^|2K4grG-rG8IwkYSQ_A6Sv|Vf|Mw9QPeo%-WQ78pE~{I2ZGFk<-(yiWm=iEB+z`q995lUdhMs zK|$es=CBC3jKk+A-NyKVUurS;$0o$aC`e)&Gwi%W9@<)sMIrlXqxp$Tc#@zo^ZdC*gc%^@Bp5BV7BU75TVbLggHwkX zo6&?xOSzJ8kp6}dlw#q}=w~!F1DR1`F+NrzPJp&dmg>SH5OqB0C9(HWepbWwyW2E>Xf3o{^Ss%WCa>I>pOH`b%` zNDBwN`;YP$Ldb`-x^6=}$HkRXRjR9oo_Gv3I)rm=4HUl924nHqw@-%3kYYEEPczyG8J&9kVBc;PSG}up1j{te}q6SAl#H z_}wfgxO8vKWO(CG3EKP1!!|r;3~m6R4+vbUJm(jR7)!P^ER8>gm~pQGuBkXSS8g_l zdk?Sx+-#F_4iYs5m@sfCat|gBdQ%Nf93e5<;EwjX^6$2rqu{@W&Ns?w*=$|5%R;N2 z9l}s>2t;l}FnU2%prRj*LP!S?MHY@l=ad{JM`uYW!n(41%*u@hSBy037Pd>CLN&E+ zphdZkYh_prp;;Cq0K0$y!a}oZ;>84W2qB2L5mIWS!YoD3@;k*H=?Oge!}p~9P6rSi zl%3Zxxsd>)Bf;UXw&6ZIc1)2)K% zGJ81abmTse*RBVrluTTGnsjCQ%)@5PbcIC*VKzY@gIH@LDqyOrGQA8$KxjHu526FA;oHEXSkHmbCCW@A9z@ik z4_5l~hoHL|rx+MJAt-kM6>EjU!LXuSO`T71@j5AXJOY>9D*VBx`3YRh|D5k{6YOEJp^#>V0-ErdF6y*U%joqRJ} z;J}ns9d4BsksBI_K>D`uhfe+ev^vQ8B6-MLptYFgUJ)>a_~iu3_64j`VK~4ga(6L8+;q5kc(GYhP!Et4 z3}~YEFp%|}0L&9bY!LU4TUb<>Foin%5qm)VR4A1d;)L{C1Drkk_-~rZGV&ehDp8?{9)|b_pm6t2 zV}SLTV4#ETg$juAfJ0Rtd4ZLz_(jl!Ycj!S7zBx&Y#NEv>~dT;|iu4 z6qbTE*`rSn z?8AI_SYfRIL=@)7au zDC}5(tpsh;iV_Kp>B1ruMgn<>MvpMpD!RK1T_xkmXgC`t?GommB}179ohySd%CV6s z$4i6so&a=d3|1m)6s7gGM?-!mG#aDN$RnYiQ~VdoeP=w_Y=C;Q4Q6gCV9=|FLw*P#2p3l6%_k&?NckDJBK`dN7-zQLD!%?)+I*+)Mi+La%(0P$L1cGdE zN2UpFNz`xP(X@>eKxNYpmT2#R86L3vJ#w*)w8k-;965w!aI+DU3zP`PQ1%T628E=l$c@yFxrc7z}i@U z#NFx+SnHmELtP`T;_W^Gt<>X|TkAdR)yp&=R3BtdXb}BoK6+Y#E9SD;!5}z3!V1Vd z4o1rDow2=I$x*biV~|xN)tKp^p%oj_6KAlDUg1y6A=ii*8#((w*hZ~Oyd^Sm zsxczm9{}tWe9#kK;G}m(eg_}sAiB<4jL#F-s5+AwinF2NgsNN78)c zW}x?y8V;@j%!+#Q!{$EKDN|&JQSv-FhF}Iz5H$y2Tx^mc_?)OgatINUBt4cm?TbbA zvB-GENRdvVMC2SY(dN_6k&MX>Kxzs)A<^$4vyqTn7>F^P41jyaaB^YWTez`d#Sl(P z!FR=e0z^QWt;C<$H{+<0tDGK+>R+J&%Zuvp3CTq945+9pp}w*rI(&ix0mSS@dqlw% zGU#rDHkk7gLxM|%Wyv`pV2qfZ-OYYS5=0U$-y}dJW)M*h{T1e2s@5$_5FZFQCDS70 znssX2Z`dm!L6R*6!ABqz0_UjQSP@n)aO~X)MN>vWNJw7X zmgZ*wb}cTC8#sN7UpENC1WAC08_lYAFU_M=%0uCTI0!;TQzsaWMNczg@IbxCU>Sxa z-Gqf_lr}Oj3jz*^z$Kx#FO6qR!^fVu)HINdyvfAHq*9useQi%iSlH?}Y%(m_XhT}K zX3_wM4-r=t1A}0R=D4{Vi_i~l5Njr(0PNtB2!uB>5Yrr9M2arM#oJ=aA@w3%)K26O-YpRfvzqi4rV$JyeB-)P|*x6^X=!X zX|cdKkhj5CyraW*BXk}CY-V|#Lf-3id6ChZ9XK_e++WPhX7DJIHr_1Ijha1<8Nuu_(K;3D5@C+dgCCh%!;Ir05QM= zfIB8NAmG^qnYe=H7FQ&+g&^FP%UKM88rknnieT2jYrshWZH^0Tswc8`LV7Nx6p1)aQ1YNi@(w)>MIiDi z2RNZDW@W>iJGV)Zaz5+LRPFc8)fYOXi^6uW$pxTUzPSMg1F;ka93Bc88d{}y2|XS= zn5KO^M}}h^p~_T_n4heut!@+XXdV~p`?l+p2k#|Cq+$swiGr%3s%C~6nUJ6$2w8w4 z0V0V|X(?E1I^@hASX0Y#^*7HOSso`%(o(ty)wAk` z)QMPAw5D+A=d;G%4@Bq>>DlqT=yI`7IvChYP{Z(e4NNA^k5Q7?#9WmjORDPb0kX2P z))t1)&IN48g`1NxK$XTcMQ@7(ahA@&9k8a`aMB}P1KzIp2n(3nFWUn_Dxhb9-umaO zj$b>?R@%p6vmF|mG$d|LrdzQ!I}vNQs9sv+XI50#w4OD4Vr-tgYXo{w)l)~Kz86N8 zNWj9Js2IxQX_E&+lV(RUjo79mN(WfM@TJB^2D?jY=9dXPI%GvY9jAbpV(`25A~87> z_7O6fK+xLmSWzU^g^Y$^gq}BW{aX<6);A&gUEyF2t8DMClFObPOKL#S={pYlYZ((5 z0{k}}9yT6mW37Q!XG@-#6Ec93?%_W{cr|WhQ#gLOr($ZaT-|jesLMuaI!|gG0!Az( z<0YPO?h+Le_ZYlPNsH+&f@hOYg_Rcta4?A$%M)k3>Z5){xE>;the(q|X446*+dCO4 zgy5hz5pW*j1|$uJ24{VA=TV%;j{<~se*4YrGBJrABY`*Gs_C9ZBQ0YKnl>q25T13j@Ij5Ur3T0l=uc-UBN9(3xg5ZE+WKOW+$ z83c!WOMwCsM;QT(Ml= z9mHa^ab%$pNYE~XGqJO{!p z2ZPY3nzE5N+Z!Oq2-=c1HZn#<5n)OQiH#71k(|IY43L`2CaJ?E!zwY!AmeM?%7U;P zak3uwT}0KAEVx*lvK_EBtSSyA4QPehexwLu3INzU379?DI6zH6K~yKlpHP})jBOT1 z5qX`8d|~U0_O*29x%}Dh!UluetMt~MwV>?7f%3!Lb1BVRHkO7OO$R&4B%8;8xgtBF z2H9GQfhI_4q1iQ-+?a<(X{n4Oi~y))CSwS*7lxWxGiE^N0zyF50-`+#DW=M*qb8ps z6^^nH`-=vtgp3>=tRrxZD9}jONY<%}m^eZULq%-(d&CT2F9RUX2?jKz4yzj(KOI)I zA*#`$MhEQH?8765A%kpjI5g5x@M8gp;iM6)YH-9(C*&CpwMyeQL2`3~4IGiPq9b3$ z$#o3h_A^GLCuoto6v9$k*%@~Q+5w{DuT5i0CfKqrigsxJ)*GbvO@1gW8PtK(O)|*X zR;*k~vbB^k%xr3xSVe`lnuU!+yE^j3?haTK5j2dY2oT2|bm%Q%o2B5h8%Vhn6B^Jp z6K!=QY-%0OrkW?5=F!e#ge?>C&yjfC#z=4?9U*c=1DlKyH0b7VDjt_(P?*rzHi3|E zp$>Twu?YWf0O-L%aBw(N)ayJvyEPV?Adw7E%tAgA?7-`kcP)HZJ?QA(^mT{R_O z8qR?@soqv-olwA-kbQum6*6IfT+`TG4&^D*hMJlmX5TiI#|se$VGMQYjL)-;t-a`? zikQ`F6HPHL2dM;)0Adb^@L#0-N6H<13Z?>tq9ySBgdk#`5wy!P$!Q`YGD2jk6RH4t zKmbIj43h;Cq(KW280b*+gk40zGO8s~A_$r$R)wIYrhy7TiJ+*1>O78gnFQg;KGOAq z9}Z7vNO>qG(g+CQ*8G#isv3n_goRUR&0xAD0)(Uc8~Ck5xHTCeqYMf=Pvn-?cZAf4 zUhkQ(CnPWv;J{>3z(g?kqM2|%5!30{jfla47#$0r&r)jbuwUYS9Z))h2b!uJ146i*}ayaW%E1;k

Exd?#3+?Vx@H z)O|-{1TE}{br3GF;jHs}{%<26TqFocbpSWexx{HD^ZB%e7u$O4nQB2W6C|BpH-xd;6y7;;tzAQ_TG4<&qfqgX%lPQ%MHAKI37t;yyTDUgX6njXc#0 z%O=yqt4<9wOt+>^x>tyBftqAfA{+A6(8rz!2v90cW0JI6K*>YIqE@Lsv=PV|pRAN^ ztY#=f5lPt#Ye?Jop`$`VCP@0f(qrnvBwYer7h&<3hW}*h>^Q+}q2^aK<#Pvw`sAXH zmaNgsu6t1W%{QLl4I z@tuLCVG|gk0(iR&#ZWZ95)A4_8-QqL4JPfG<*FefqZ$N`GUCnQ6)~a36H1Z|RsxJ; z6F|p1Ij={&b0c1yD8|MVhg5)Rff#lwPQfh|oAz)WCgUP|8q&9XMA%UTL%Rnp#)3jK z42T&bG{oABBN|L?j+BkvxNuGI$hD_DpAP~VEO9Or zlosl}Yk7v;1_=yu5VMy?YYeI zjG2!F6ro4E7-zgBO0}HVnUrqXVaL|HM7p36}5o{?RKzK5Fow8!r(e`n%&=wJ1rk+9xi zSYaT+->Ab0dfo|S^q$+4c^8M5M=F`TEXN8>5TW(A2he>8zE~#7X&OW#MJWP;W+sW0 zK#292aQlvvh6h+bJtknJa~cnpIFWvDt3d+EK{{4CVMVhtZA4C5a||-Ur!v;EM$rFX z)9VdiIntQKKs~WROKbjfZMv1*W_2es`^`bXPn5s_z(5Lvax!{ZLZ!5|6JUFDDiD}N zm}E>YD-uKNOs+$JVR4CJahe&wb{n*&B0iXMkV7Fw6%@@FVD(MaRd6cMIYAYTf5q`8 zijh`)4F>`}!U5VR6iZAaNGo3v{DGmA1-q0Yo=kFPI6#ev(Ad^sr0J(Ee?Z~svn-(@ODQMDeYp5cXSQv>N3j(P@^6>{bq z>#bcxR5hJtKgV<@*k#ZM<6rnm1k3T`36iqRRU-iI6cZpor2&Wm9f_zH9YJeP*R%aG zvcLtuCSk|8x6kPK9d|HUG>_m&{S;*$pBfk;plX3qQJ=Cv4H?zHEq2k10z3IAkv&qJB z2N>Ja@@P3fnMR2B)Bbx&>!@#e z+hRtYkUV%ML88gXf-%p@na|y?(0K9D0$$4Sgr@7H{M=+77$y&w*Q9kGxyUI`ihIO{ zsd>UC3{uA!pjje$!i%@+J&T>tddc2Hut1b02>|(*x6_Z29sp-Rn7^pWL5dGlA~gZp z1Wmfe%wnVWvU^QV!+CeGbQdAhv+cSC6csWN1a?qSR1yd@971)5@ubA(Z&6f9^wz*S zk;#ZVo1Mk15o3z9U3z0``aKHfX{(hKv! z<#&@L7u-T)0o;xIfCWCZ0Zk|#=wcc-4_QY=lacK6_n!vAxkAOxpg@WI0(XgCbhJQV zJMpcDuTH`W2?#!j3he=MA(Dy}03q-s^(2Il_o{dEWcXnszUmXQ53njr`Pu;GKjnQ{ zp+bZR6f?vy$qfobpisa{1d$O0KT#aXq9BnbqEqqQLjS~rp)UymD?pah6C@}Igyul3 zkRk+vQz3AbL%ailG$kR!DdL8_^lB(#7#H1QmAo8maV{Npdw3`~;ZvxDNQyy$1v=^L zf%9f+N3tt?BZfj!DbxlAaXK0|qtw_8;uN-PmN zCz}S~>$%mI`%T0;?YOtVptVD!;dnsW3a%gv09XRR7Y9SBKdkg;Fa-x(1du@DT^jX# z-#69$J}ftJ_>h3aeZ)yIht6L)4y3Ua2kyiSb;hu|Yk^77vXwt9=3724B&s2Rr!c^# z5h`b4lDe?IWGt?cu2aGYdlf9Yi#984dIo?^VD1xk_%|*<(E?~2A~DhMB^>eAbSHu{ z1-oRJdD+GWM{(GY$f%;Ah15j@oCMT$Tm6*Ncvq;_W{?zz!@AEtk;)jEAfnfr&wDel z*x435)SL~ev^F|$Fp!|WL`Z@*YgCX-Xr#xOGR7nbzgL#ZkGsFpRa&4HcoacQ64TcU z(efG#%x1m4R!c!75)j#sv$XBpa>#UolqX3kUH&rfYhUvep$fIgyx~ZH^hm zuRH@~5kW-(REFfvsmP|Fq-|oCU1W6+EbJ5@B*E7J$VUTI+|cxx*oM>A?+rYKV`$w7 zOg{cxPTXW1LrVG}>CPK~rXX5FAZbW|!T{pKo*Tg6HNp>Tl0w21VAv6YF)?t%fr3S0 zk|?HOEJ$Q!kYp;H!P@H?QW}KDk);R`I7tQ%h=t1=NciLpFxuq9ZkMcw4z>r3IL?{t zFJeTxZ|G z?170k!J&lGG`RSl^VqsH#vFtE!!w;4_I`Q|Xs!V(6UyxBHkR33q?uqH?M zOk^ZAKHczIsA>!>zZ(ac)a}(m@lM?6{;r2R_H<1oM8L&OEh$Yj4BgKOv?2URk3JL{ z4TL0@`5K|OrQhQvJo)WuZmk;|O}sd$tTS$_vg>}^itYxliOc}A79FOPVJ1aUGEyJ5 z_-J2CPtxay_VjpVLy}SGwx=^O!!jZa0F(A=@Z)L1BODmn7{(efWRO=)2*U(Hq8KWW zR9q-TG#bQ+nNlGqx`bp=ax5fP1zxajFY^i)cq zqNNnS#nePwFq*|)k%bvYs=WRlBE#ukC#cHCS?%Mv>Pw^Ra$vLx9_e-@i_CA9%c5a@(Djwg(&;7 zy@s5KsG=Z<{ARvGw^yF=)(K=}szB=dyiEX!xk327y-UD)0JZ`4$EAUKY99~8T95}! z7TB8s-f9zcEQZin@=K8$5R6Zd$#KOfj53HYx14|;I>9doGkM{!j192ZKnkZLI0Os$ z^ccH{YBKSjFHzcYqH{LVi`snT59?&0mQs?Etr#4glamNPaI12%Ca{7C$Xnk-T_Ps$ z=iWeu2Tp0eIcr^ZaVMbH#nrLkPeu-9HyFq_Dit-R(BN?UVNk0&jko8i z)Itzr0)e5RrU+tEDv1UNmLmwy6W@vt@|jWN=aa6r?*=KyqJYlCH|SSk&k*uXAP%Ke zCr(~XpK0K0)MWR4IggCjzfFC2*hHO|vry%?jIzlXVA!#R?!K}Cr`%$g;TU{MV0-2Z zm@SP|+J4g1(BbmhjM27bFJb&x+e7=(sY21t1Z#8n`Jsr1##Y+U zNJ2v*QH*S_R2aPpBa*``26R|ZjuJXIT^g6CY6Ng!rNX)^>kAU(KBiRp%3_wp{UfU zN-PA8B{6Dn2>(gyC?5Dc)FFp{Cf^QtW*}$oE&jDqN&xDDfX=K6q5mFj_>iGJ8&r$;hhDe7ebXPdrqFPW-o>+pZDw-ln43je)%m*cqBQp|&qGXC;C=x0} zS`s8mRH{&=pe7iUpr<4ZhN2p3hL9#HL8gL&l%b%R8lW(c$QY86hN2JxVu}MNB&2M` z$PBWiC{loFN(upqrKG9{0v9A&VhRe$a!OK^p`k*uQy`*+X`!biLm;Z9GIFSeD2QT- z3MmYM$SElrT2v{(fWj!DrKCy(p-;d#cw$f-w*f<_{DsS!$)E>vK#+o{A{dIQf-0t} zVuq!JQX(Qr1PwGnP}EGn8by2juIkZO*DxI{CYQeET`+AICqo2Kd?gTCroL3eDClMe zjB+Z;eEHVmOtf+98B#5BLm=N{d4nOmUG91$y>{rZsTj&`&Hce*8Y&uL&$>^g5Hav$Q?;{~_vUfp*qmhyP zUxfQf+QZ<{Xp|UZN4=`@5-0Z*fZKayAqqWs9;@k(N1!41+X)SFdJfCA`%H{(RYsBL zc*~YiLuUyeSr5&Vo=RN~J^}NoHwR(jk%CyFI=b#qWG1v<)TE(Ra}Tr&LN?BZeifQR z^?1V_ei)y}iPxp=ssuUpPY$!apkElMZO>USPziwQB~wabwObid?u!e>5vl`MMIp46de@@an3FCJr8e=3K%I9 z@@5)`e|@I7eyy0jI=VL=5@XSKHWc(qT5Y7xA8IiDYN{3+ddz)4O7;juRQrVN*n~R* zh6N=Q#hr3{tfh;}T7Y}I2zHczma_;{`ItV_W)Uehfe=QEjeI@*^cKtTskV>m`*qhf@H$88&G z5E@%V)c#B+uqGfuQy|2V{QruE$0Kp2-y=FC)l@{eZkX~T-)d+h z&hj)_#*E%{I!ACfA>8sX*ln?!OQsBj;#kwAZb-^mVxqv=CXHc%l|dF!frzE3MYT9F z$r#J&`-pu;hAoUmV30QE138LN8vM{`#1EPwmS=47;!X` z7!P9*-8%~>C@_c}phFSxz!%x9eWS!K*yjd+n8~H|VGm>KE$eZry|dFMb$8v8JpMhIgEI;g!h!M4n^Gjqu;@o^ zI(ei>0BmhY*rUpyBfNT#Wy7>j1rDlSvepf>(-4vP!cba=_QFx2w!hEG;fpMLVOdd8 zW;r#ZFz7KK4>05qc}_VvJ#*Lf7tis0Tmj$*?<^joPYIY9fe!5rkZcQrF4N8diXqg) zg0m^@^4Riy$DG&`VNWm$r*0)tm28Doh)uL^KwZh>k3C1PQgR(OYjq&vqNYCOOvYkQZi2Qzy zwgkX|w6Df!ZnlGvND)W|!rea?bS^`DkjB_x5274k{gVL+G_Yx>oddE9_Q!lehzoN- z#MKD;NkzlDRf*&L1DqDL9a z{2l;*z+!bLq<569Xu^Y4n$xH?5d)Isw7F@bq9LSBZwGSdx5o4v&6*A%Vhxtz%8IR# zxHnK6h09?Js4FDM8W%Gk^=(0}3{z0CP$wCP?r8&1n9&2T=&&{tgBO!WEG|gIw!q>< zQKAC?g8-p5CImF3Mx^2HC%zpzSv|N{i9503e$LBE<62MQ_>$Wm4i zY+9i*!QIP|)6Uy+(ey<>8ygb)u7`A*O?HQS>E||=n?<3+4*hU$1lcB-4s5zvY$6EA zFtTY3%pFL%0WlG|Ue<_LS1<1Pb<*f=;9M?;OK>1l!?qaboDT!_28q3k@cJhRuEXN%cMmax;t4pJR{?7FGrO=S6_Ny0| z9nOZJLJ@{{&Z@8ORpdbANk_b}*%uRFay?1wA*2aOpzVZ_mOSQGn=vxbp|P{X@syz; z8Cu?}o@jc>7|ym=NT;I07@~+`15zP`!~%w(CJ2aSJ~PDj`SN&C5(AP`zKqM7C9o*rRS`vS*FPLG7V~-Hip#!EW z56npv9uPz_<9|0RGJ`D%*jjapUUgWSX}JS$v4jfIP}%bwp}1AZN7)IIB>*r=6#Ha5 z!$Kc8LZ+mB|K-IH4sC(?a1Mp$KUB1_Dnvwq5{KLvV9v2a<4=+gM6RF%SA=R%W)^}V z(VO0obcwMNAt(fiP^D-o2~t7H49sE-WuVCvGEf>&93)qSJ3=OTVFA$NVe`T{Pz?wo ze%GGFk;&K~$e)_A$y!QB;CV0YK$CC@*o=^(iV8~p4d$eE8n=u&ABnPz_FrMj88aS+5P4 zQqY?YW+R3&)@3P?YaJGm)QTH`68kf58(kn164KBze#j4?zqLmu9i#j%`#Pwe-2VQz z02j(&Z$=I?)?WJDX;jPcKb z`2kvH4A?SJ-(H=F589d7=aXO6PwXI=`xDPlCEf0P26;UbD zc!QIoJRcWcL$$9(Z50eAEEN@=EkHMnD)eHHmO<%tr*?31nQHVtQe`n-X;OlYW zo+hz+?++MsS_7W^?wFbhf%mkU{@JWTIH4}b91o)Vf10r&p_yRL?Yz-Ngk9gEB1I)u zNN`BiiXvd2M+25V1q(#pz|(sqhj#wl@i--57@}fdzau?#(GQaK^14Y<{qoJrRz?rY z7$+#ch?Xm&c+`!oo;eWnNQqYN!Tjq5Zi&L`N7_bwS36|jq#t)+Q=DPWnTm;LMC6mvtVFG>B14HX<&xgd(H# zDOzOZ16k=%aJd=7b&1yd^g(pbCh^ZsWDOz4Z48{>gg`t6sR4E)d~LY7+?X%CcASob zr##qHgVux1XU6f3?fK9^X`g_Il+67FRP??@jOO!>6>6Au*k4Z%x}ct;JNVBUhY1SQ zKZWJxvg@~5+i9NTt{m@MQ`1Tu5uG%k5zPtz5a+m!(9eL3wgv1uI8nHIwaw6TNeVkU zE|%P8>P!lusmD^DwD*iSvl6&7i4FyTM1oiiSY>Q#*IWyj5|m_YkYA(xGV4#85(y$? zZbZ-GJcCyF;|h&YP>ZCgAXSeyX0BsG$bJ=QFG1%N^afC93O&{-ED$w-eWB)XaA?|o zvVRajcyPQ_jW5JWVP4?YKz?O{buj?#EXoIw2eUU@IjC!0dj2dSndaSgpqy{3Lp?!I z^hS=j*Of_$V|l2zzET*NDO*mmQoG_9q=5q{KP*4bC&mzZPD8--2a*k`FoIZ!sHTd7 z8Dg^?Mu{?TsQJ(dFf}a7bS%0WEhdmL(HxRcvE0vG0_p;1$`Jn!gHi^Oh%zyd`DDl_ zLI!|7SZGp=O@P#TPPn~vx#=k73<7DcO9Ef!2>VS0Hlt7&p@biwam3(bOp)V7s@{P_ z_l!r@p5Xd~3T6t16^FQ<7qVXk{l9;OpFH-O$i8ATwk=kMHDS5 zNKm0g14s=NEfGZ}R4hzDL=iPZNl3&2MI|9hBjY(MN~J4964DVOe;Esf5>gbbK|qwa zL6QYDl%Yz{6d=(Or7D!8RU{=)6axeT8i5QZDS%o4X;mU3LXwmkKnRd3k*JWR2p|H8 zf}or93CA@=NfL*T=K{2!p|%#VGQRI0oW8AVUazl=uYr-wU@+$6B2IEC+j!H%%@Ypn zNWKjcLZHkrX|%gSj0tmiT{xJ?6!350e$(PZ)b=C_N_)^t3dIhkR}eM3wgRr0dRt-L zG?W~1>uv4!J;^bmv`$RUX>G)UF+gB^{K*a-08h3#?eF*TlRR=hZ=fJ7D9)iUbtS_7 zS6CV&IXpousOM1=8r0hl+M3z4+rpZXHb~tuGuPVa{?mb})u8-@bdD{jUczv8)|Lr) zIMr2Gk79;u#dkfl4`w)I_6Xo4Txnb_@|fz9Wmg3n(o))-Ge>%9%G8Bs17YI_wyolC)*49ck_k?h1obXG59 zKuQb8HuXkbTBlyT3^7tff@u(dH4wY+GDyL+KLUD$=ZW*DYYqvph$D@r917wrl$xlh zFy*a`G*WGi!Dk$AOM{LBG%Xm?9(X*e(dswn9>Mhi_z^!02lGXLl>4!wAR>rq2I~}9 z3{$=9*l>oZ9$vFZPf_olx#$l~g_a~hZe6F~L(TO-vj`B-6B9uZLV6yY<(V#KVVGoR zIG|{RA3-L69h(>v!@*D15lKrBpb9Fjm;vh~284(bxT=5(b%Cbw2&DyBh;FY^5Qr&C z7=UzWA`8FqI;2S3P-`I=q42Wh6nj0sM~TvS8jqyV=Z;K1L)b)>G*lH=zVEK3hVV`z zB4P+$IvEm)jG;9&5J3S{QxDZCkQ9Y9R7es;5I`kNYaC)`0$RSv#D!uJNrH-GDOLNS z;uBF#6w?F+O-o5NOqz!jiWI16WMGJaWr&&tqDYCb$cm;Fb}Lv}5>^fx!A8g!BjZ$( zkyh9W#84Z?4`LlCUvVl#7-AsZ@ByH}8}b9|>NG?XDM&MLemmKx@#cN!r0#JQNd*-Wol-8uo+L{c#4+?}Gg5C28nkePxpvl{Zxz-vObGVH!)-3?UC$#9WZPKB<8AVXlg8eB zu)AT&(j(ChZY!C}l855nmp(Rgiw!iH28Y2Zvf~>9G9@lk5|Y$1j00gF2DLtm7EcgU zA#)&MAAg~s?bEDo+=ji_Zg}GgK-^KnQ~>7e4E2*yHr@h3D}QmFMFPzcqgumJsW&Qs zcdPx-DfYz1C4l5lb*pD5@M`LX2mKKfm{(rm8Wb@=<*aI+V9dn8f`e#gDHEssdJR;P!7);S1qPMCq+BcsLHFmj zPZ0NeqmuCbKCf2-WGV9y)SD?gAS=neX>%lgXmeQ#5|VtIuQ7HbR;h_AfJ z#l}*C313tnA_00!aDg(M`?bb`By5p%D!}}+wU1CBF_@VKH(1(5MMAf>3dYuLr6vGF zevhB%Uz%YAXo8SW*U3-+;|7IOw^yGYq zCb%&*c@eVMArbp@=%oFJE@C?LKgyH4!EuCaagC|8Ttt*#4qe=?V=eU5rf3L@%5HJyCEiDm_IGVeUWrI|VDLqGN z-oGJ$ndQhi(fn8SpPOU2#N-7V_1#^tB#ZprDJ1GzHY1&5Ln>4nR72c4?|^2QbN&DHZkYBnvkKaS z7Y|Ho3}lO@_U~y^1;!Lnxzz75Lc%!J$Obd8*!0%2M25g>c6d;Jx+O;6`hBLKP7`WY zJ<8SOArnO$J2E0~TEyhgk-3y>#1Uy14BM_Y&9i(c7{)VPTfFaf!nfx1vEuqZ+>vZ& zP;aS?LZQ5dGD{qzj^M61%C%Tgc0(##ACA zdU`%6RC?qw1N0g98*Uqr^_^WtlGR;XAPgOXm_n|13}RlIh0-bLk~~rmhGD`F zRZ~XFk{2B0HDy&$Iy=DepKcCJQ5wR-A*xnlD6bHVN_pjI_=`Cxs3~ABM%|cKocqQL}Gjt>qPbm zdLeKCnMYkpay7kHI~uu5YKU%Jby?ha=J(vX>N+%3D5nV(DKDLI`L+Nk02yY*gzaQ0Q`}-e6F0<(jzkQsQ1k@)f7eb})4ZZbOF0^YQ3nK6 zRS(HzUuuh7uu-cHU_73Y4uQZ8!Q37f?=dUbhdrGVl1w29PX=rA1vDC_%?U)t$~(q8 z!iVwZXpFMbJ^6190|VS;%_mP2g8_NR$o<-2pRN3v2{~lu8jpd; z&p?-i2kkvg3@b?+LW?l?gNcz04xCMjWSx&hZ6p{^6)59zEO<&2gN3s>8DA(=ypW#o zH6Q@M+i{fr9yV@V-Zb z!OE>Yw>0{%rPB77i=~BR^}H-;U2D6sPe~yVemP#GiU$Xvv>NF0RKaT0wS!%NLJfPT zpWgiQTw$!qnf-DaJ+yc1VNdnWI=sgBrn@J@&b!k42NlrNJCAa+o}{(+g@J5wL9xbT zlL-iuU=j>}&uGI#G)QTa8AMb>I9Nl@aYQAil2Y>#^x_UejR#1Inci3$)>!LKTj8iR zC9&jC8c8x*FDx;oL99s@L6T=&bBx*5jAAv04-D!98Zc?MkS1FiMPn>PY#2xo)r+RF zi5uF_lMFLSBY}x73{ggo9m`wtxL35rTW21y(*eI8I_;X}kimp;V~v?bW3IuWrQzQe zpexy&$Z%8-cX%5x(!`7kG%@L|CRq^8K%8u-(VGT?S+g)gcjJY>OTit_+Ub z2VZx=V;&1u2#(Rc4_Lyg8V#EP-(Yx~LuTS$uZ9O95wtbeelqTQ&Jo9BIUpor3vMby zh8bovh@B?`N%Cmq&+n(~{Bf2?6$a~##%R_e<26z9|5xf9kQ{%E{D;^@zItbKvRI3Z zf^nBT{>r@`7*wyJnE#Ro^35ur$lBBS>*qDjcomQB8HGei-@3&j_p=NP!wZCNr}fw_ zQ&@D&yEV~g4?Ip5zd|r5d_(abNsD#Q(=BOhI}4XqOGInPp2^qo{!+Vs#z-G$VX@Ds zC+$z@f*ZgdfB| z3ki_O%@(Q*3<5I=tz{&HdQBy+u~Ny5G)YH;7&28%!LY+-7-Ko!^b$NFTTPx^Q8TICA!BZ{VGP3DRz;AVu>SnL$Bpe{8Y)RYvWiTr z|ys8z{9L)DGL3C zV}ylP>yZmtk-9<8v5f?qVEXf+!wAQl2y&2| zOmnn`&104f6^+fMX~DL}HVs+2Q$Wkm&cdd*&4V3b0y9jgqeQA52BOmPkVj1f8?gwb zfQiLiR}5Kln2ffJ-OG&4W-JG0tnM=@*mrD=G7uZ!bSsQ*+}}*&b{Istji_AW-kc<) zpvj@g83_j}mv|IasK-s)y^@U$12?M^V@k1(kXx_{<4;;!>u@O?xs2c#Iib$a%&_Q#fofPL0UKw>dal?yXyg{3(s>sUL8{QnoR1}H1 zG8!g>ij8#*Yim&!r;sB@7Bput;2NT$6=>dI(v%5CPE$cthKbH20ibk75N=G0I>s|W z7RurO<*&;m#uiM*bYN|aR)l%tCIpi#u*#okF9hsz5T zNAML9dwG+lVK7C;qb9k{n%afQ}}#|oW@8aiIx zq2WgZBrE;*+M3%8&WF>3Bam^qA55yMF;>El3W;NEn8{^f5b7XCMh!Zpq!`nVC89x$ zY{blTO{l@0I9Nj@95$(lrNazxvm&>Nm8_i0E!x$PVUA`&qbk;_5*PvqD4>Y25(zg1 zC;==`9-oBr?OS9;nu$aw+#2f%F;4BiRKz#MHF`3=kbdx!EE@lgtu~s4<|X zsFnzp%!+y*XQN_&KSv@WRW;%fD5i*Uz|2os1Liua8FGj_cLV5Xp@a~1fyk!6(rh;jAesn0 z=knrt6A;$oQpD!a4TRjEXQbp0f|(OB6c9m56oViMYXKK^%^ zk4Nw@Y=uN1*ueO)Auq*-sBZrayFW@T0TG<1E!2jvOfG4m*RRwX9%y zv*Vh6ya#NH;@*k_djVkxL?cl(P!+e!6YIK$FfxlJb14onQ#k_$XpmrMP|yjm$l#J2 zH44HMQEApSSw#_O&NOReZbFIF!AhyT$6=HC=OD6j<7KuD8JmhR0U*dj42q34jt}8w zY!Xcdq(fSnW5J5E49Z5(GP+zH3~Cl_){;wBQHq8RFjWy2@p1_wfe`~40i?#$wL!CO z6~Hex&Z z@|8flA+!|4)Daa_5K+?;BqA`B=K&mr5|k;HB*q$IK=9)NwF9VV7?PGHC_;vvX*y3J zrr-@^j=TKBfLxWR!L-0@Q=8hlmw}u?I89-idJWw78u&>LxU>^%IGGlNJsT}BAy4W< z&*5P7qsH1{juy%zLr85c{2-Nd&Qbcm2#TF(K3B_yL;Xe|5v?ELsEv=YSay@f8ciW& zW1U!!e)6_{uhe{hviyVo1Pih5J5G;_%pBd>{H7(OlAd^AUJVpNbwqrdY zJ1gZj-)$fUXGxw^{qeaBYuAs; z8cV-!AMQDKU}|r^@XZPm3P_0?ZrH_)AxR9FDkW#CL!zkSkyl#GOdKK*(&}(*Fkurl z`4ky{lP8ij|KE8D>^ly_qkf3zpkbBa1KQ9P)W&r;46KXd;egJ@Z{x3d#v0ImtwTrY zBw46~xTmk%MeX2b82ZhRrY12j@F?FQEYe{ldg3+jIK;ak_T)Oy_B)FrOFmtn)Q9M=rt)F9?JCt{CwbuB2zYsGlATB7 zpH!c8hb;6D=8q5TgL+Y{YKtxwBSC6@|M)_@f+yJ@G3_K*;)H?t9suM4{JO#K>x@c+ z?gQ*UegX+iYoeIQbW!S~f9W^@ow*wAWF!+^QcIRJ1QL7=7!L)+V;B)d9i-Hh4UMkv zEQXY%YgKBf8jWz7wTJb}ASqm3!S3RFunPX>D^sTe}I zI01O?s%BDYRD@c%%1$1tF+CSm^uB$=YZ^w|Hx5X$oo8B`oK-q(%s?*Y==B3{@z1{=|mhHEi^uh;AIU!!h;g2n6VZjmFuJqDPW-3Dcbr=B-s~I(6e*)&0)1 zSrGK(7dsr0WLc6ja-t}JgviD=mv^cLmWXofn4!$w(A8z^gU-mu~o;Lu}%lISO$fu)rHA*+n3sON3b9ri|zm5~A~H365C7dziJ$JU$qN zbe!ajWRgkbhKpp9NRUYhB#{rcE|v$k1?b86y`hhlp!!B2XwOWmPfRKr`-|=2W{P{x z0|!rI>ps#31D6ymF(N>TVKK!9)nc0o>9D-0p-{qKl+o_aQW_Ar`g%o63R&gng=xMd z&vfS${`}rUn8iD@9_84?`iX5?sQXZ2+Xfrwq z)w^aCr5#xc1Bf}vA`pa7O}{rsT9XJ{y4e#bI5meD?~94tWbW2r#5K$t+^qUTusH!(0AFUL#s)i{rW(k5I4`hBb1a z~_KAABOXYQZRjdwhgOKK0v`I(&7U|F&JM+a-& zoA*fKCwP^yzWzy?^!OisAqEdaWnHeJ6#bhTG18?&LNh=efEYI-3QInl%KvHI2Ep_9 zkH7c~Mv&7$ui^kURBuhumJ>6nqaD#L#@L6E`2PQOKZ=5eAD#*LthC~6{)4e>L9Lri zPQ%z{ST1deQ}IfT%A|~dOZ-jM>ZXO8OyY1i zV-EXU_$o4t4qC{GL`0#2mNo`lrerZZ^Z}Yn^xeeXY2YX-6oN32K6P=>_$@`m8xv9; z=Pdsu(DAZmQ!+ozhN;3~8yuPw=tyM;K~Fj=oS1DfmowD5lVLN6Ycq6#S^<019%nK?V151E0?E2HiqZ}>_2?M{5Gkkvx< zqxc*0?DAA)`fs~K!)D8o9lC9GI%Y=D>NC_#(m5!Q>yAm)C3BZ44*Cm#~{e?$e6!&g-HPk0!0ZMn0X1MHo&;b(C9umnFpXejJvxH z;h~-vKfZPim)>~Q>`)-jqXA5WVOkqR5j)p^w}*m{b~q4m1#@IH=#;_`9`#j4G{|u z%5lYPJP>_HQ=!0p#~^bM!6=M@K_L+Z0ZHfa$C^PN(-6Rj_>4md4%xGpWwR{6+^M>n zGN_W~&wT8J0Mulo%&{ht7Q+d19dTiyfr1B^&2H1EG8Seqh>R*S3=<-dG;0G0z=+EL zs%X&`7*J$jL`GI(MHZ}8!bT1nD-lYo2^w-ta?%*qr$-pC1?6r{Uu=dGO$}EVQD9M# zb(afM?jB| z)I(lom#EAqXA~u*2)lao&I~qsOn&%K+r{rjb~+KeZ(a?BWz;YZ~m~f{e`$<~GpeB}IbzMF!oFjDgEJ zcCjQzisU@l*E?y{71WKvxrpTJ2oWl!7@WBpS0h5lu2Ybo0U|>KEa}y%f}TXWL&pChB@J6q;(gSoX*)REA84XX(s0HaYiu7U zg7c-Cj?Tg|O2JWgR1~LuNfNANopqw62XKLw6FYeaAkb@k4x935<-D~dR_lH_)rHh! zYf`t^E^Att_O6ph_jpuXG^Ri~XTuXZt*pqW`$?QLgqoqS*`=NFO5NC4`DTzN`$l$C z-Wo?|=y$dojf=#U*rd-5yvuRM^#Wcbh{#9`CyB#<#6asjObeamjv?e|ftlatw`-O5 zTs^>@uE?sQ?X8E%B#Hx|D(DBA7CPRNBurz*k7m8s16ojxLyg!P2sUI7Q}PV*A&QLh z8MC9L!V9|-v82J@fsB%Jx_~j+k%mCnO+ej|kx1MGAgk&MFnPd`5X?f=6%#!n(aEYo zdLD`?m_L-9DwLvtrG$o*p@azoYGJr4hagV6V9*>4%|MugL#A06n-6$q_d5u5KMviU z>?Xw`hSztJ0`GVpTj*>oSxIe#2}{Yj*E#T zO#_)5bH(v;1alt}0OF(qOsWu2FFtA;HWlt<5iL{I!l-g*dDnJDPcZiohq(ElKPI>Y zL_i~f$3xW!!0#p_i5TjK3dP}e=EJ<2Zs|0*80Hc>&eyjxj^h)#9}+ycmlI+0ls^c8 z;VwfIDC!W`al;x(6!wu2eTO5ohgfRv4FjU;Pe+dA^UZ}P#-ClNvCht^Bq;&}q)o~ON*j^X0ir~p7@0`IP|GdoHK1{jA!MKki2Pg*x3CO3 zokCLRiis#gB{ElWppjtFh`I;^2^^DB8bShurFoECiWZa@hFCOf475290|KVlEeK?2 z0A}Pvrl_MS1&yKam}$1)anoD26rLF6KvTq+nG_kTUdYDwI_RC}Ifww94-{PoJX_xv zH$s9S2x2F(Vzf14Q!zp)DppZdu_?9Hs)`sv5K0?L?X7K$DlM(O_bR2WRlBXWwAJR~r*@>~G$5wEXL zU3|2FX;>03IRF+RDXuh55~+sqp#4>t3UU+S)y+}G_z3btc{$@%1Y=^CRvh`d}N_p;zP7s?yIHo)caq@xfXV z)!JzAP3Ssdvb1wa^pQoS!86unTNPMIV$@wbgIR6*Cv@)iI+rDLEl5DBz{QAu-au68 zotP?7`n1ShY}G`V>jPvu@`c%kdC2r1ork~9>l`D{k=mQbu#Uqv3zr8<#k&BZ>I%Ll zi7fH2UlefxMC}An_|fJQd5(>DixjaD&$DRrF9 zm7OPZQ64(#z%l{fD(UW_Zfl9-#WX#?-%6PX8%@ihZ3951wfkg|P>%ZYX2EN*v%k^B z0!#l<9;7NOe}c=?#gs7nn|;EqJ_5SY8z{Pl{4Gkmdua9cQ7E^#UxhfuejgIOV)aO; zRtj;~RMY>n!GpzW_pnSqP=Is4lt07KBWE?Q`c&G|U{6;>59edf;M3c38Y!e;)TC+j zfbT@Bde*1H2F)0cpnKnM4h`O=jvF<;Ve58qB4>y@q87o=9(SvsY)8MiC!< zO43>ugc$`mtmo>Xrd0DY(ADV$TcbU#8fImEc%F))<8qCe7Rt)U2Q!cO-mj^<_t~_q z{hX9>?{m5OpisV##;aT7dm4 z-)zQ&UQ=;_+Ejk$?yar?mlVjHnzvuQw|%A%$#ck6h^0>;Qf5LoA|upsa79rB6%dB) zGXdX;0jhd>eT5#oz?L1~s68VMNN8XV=W+&WUtIhg`_|B?@^YlAkYMXV4k>tO?8QxQ z`c6#uAW>v~$VHr3hNxB`P$o23$32ECNIjh?W##3HRY12x*e7GU_!Ul1u@DpWw$Z>3 z55*k|#pFUmqTC-5Iu5`$D8$Cr50vk31uO7D0jW2G#WSihdvdZ~U5Xr5I>tlZV>KPk zmhyZoP1auPuw^|s2lI_P%gxh8iuLgv8^AR9J6p<@~wFz|1FeGN-;x4pc|cn$LYW zx_If&d^4NC<-56`MA_Jd$>wZSoL6Xf-nR3!YJwCGX zR8J%&EYi^{rWS}~)6p^qScFl1{5#}>OwDbYdhBBCOT2^Ly5sS>YJ#J~Z^_YVH|g=flfUy19Nhj~DK8aMW%p%Kj^O2kts17|lZ zMJ-o`&VDu7-5^=`&A{XgcsDTTiNQ6JmmUgM6fE4?1P&h<)b;9{8EAloZr_*$`((hh=u?!SLK+_2Y^Z~KR6I*Jt>5w9B)mz zdn^J*R#5CudiPTk|7kTRJ{Xi<8_01ieDa68^PAkyXzx~w_?`Rfc7Ggh*P66$9ekNo zf&ly?Wou?4Ch_!X%x%8lcSoPwb&j@q{u7edSHDpjRNj&oY!trE3rN(^XiPd^qre)- zG>ckxHyphFh;^**lF%i<^5pqyA&aZW%h_QrLf*dwCSB7W4dhHI!kgNJeJXbiH;s&3 zenq`jh|#z!`w4?+6%7FZY12U62SK`ZF?S>XIz93@f-EFevh2M*wPSeQ;Aiy)wQ+@U zN#dr!JfP&ZXD_VvgwxCyN%m0md-yT9iuA`|d|EIO?LfzJjti?UNIC z4)5j`u|@C&{9QmhzvzB~*w#x{`?T?Hr9Ke%6mvfO4m;&=X>Bjkjhpc&*hBmut{+ym zTQTBK;{O{a4z@Tq<2Gy3H0`Wl%U|Hl=-Yk5c?LG@P#kPo-aUtf%R$-=%4>feg~Mmy z#ah84@d#goQg>DxLWWnZh-$i(K9Ed*ZVKF(c$!$y_cHqGgg^1WlWZq^yX z3w>R?{H47P0ZFC4oF-`(4~r^n4H*ZUR{LKRWo~;+oEcS%b9PCDnpZX1t-C_pyVeC%4G6ib(Q8V}i5_z>i*S*jfccvpnLT$yq*3 z$1l+dVj^t`OX}&IL#+GL!VnJ=Mc+{)o6?&qU^Xa_!I8yH5H=9rtiW(nUW$z34RLal z1*PFCl|3#c==z2*H_=|?)|V!X1IE>i#c>&o6upp}q^oGfs~;B9u7@Rwfo26 zg>*Y+i~GjY=~;=TQikACSdKG}IbAj9N!qaoSqUv(Bv>2i^{BVk(!E07BeShAq`<%v z?iov7I8cr0wIYBKa=vOK3^@!7C_IE=K^lxNpr{#g5=1g(fDEjDZ0;bLb7q-WUMgpr z;LQ*$$_AEz;l&E3a^v)ubIRpza8`DlT+&&ryIe19dYZt0j*$^%a->|D&ctMb;L*Mn zs(7WGk;RdYsFX^>)lYPEx#f+#g?+X_O(0l7&3lJ1h4ZNS5pGKu;4DV@E}pFvN0h~Az3F*r_R=%>fNo@oh|>#GTXwd0ip zW6|DU=23@tsoy_}p>KSaf7zeS%_zxxgSV1p7(SeGmqNY5_Fp{T2our-kXGQo|CrHz z{>@jigeh$x+CT+P$`hT}h|hf^qElt+!G}+U`Mo5azZn{_fDc#I(VRvzN<1j5@SZ|l z`zgvID~K5Sw3oa|yi~x=cbPKw>eGcVvE0imcE&H}n%}sIDbv-`WPsa$b^Z=9{*IaO zzrks07T3H_K<1)=ZM^s3_R)H*Z<#<6bShxd_>Vz?KwiJZAT_JEpIT1+>nSL0zj$nF ze{1~LGEaW=iG)2!P8?)%mSqC}%;P)yRk#wt9jnxPi6QwVGV0CJ1i@x3JXl;G^K?W^ zThrlfkz2dEzqz{XT2W&3t7s%5w*pg=M>RM0GeYK9;lXf*G)9X&z8{iE8N>aU6CXb9 zwQ81Ii^6s%4+Qs*{$=Sfz5Hp*`=V7D2TPG6)SRNo#JfhNtK{#xT6`{y7j!*A8%Bp; z)JqT>tc_3k70l#wg?CmOd)X%X?w>4VEs9v07OAR(4sUWDf;lzd&7QH;@;4sJ6t3@x`wvG)kQpAqMV*tbH`_A+W zs}+#dn`oWku<9%!{axudNAl10yWu#I?3l;PFLD}P#cNK zjy=K7@Kwr#l1_a@?Kt10D5>;x_4f<9ioVthz7N!t^o6LYrp#rjT2aql|0J@^@AWW8 zE^k;BUO~#%DFy6(!^sk2w-)U*eZb`qCIxWchvT%9@_w5dI}tU0Ip}Uh7xiuad0NfQ zL|M5m5|X?nr7t37$jF^7NeBSpK2A(e{@aGXsQNhZ-!t6Vh||c7|^NnxbOA)YkqA_$cy2h?z|-|SUSqcb<;9Ozulh2I6Z47#P- zFV#PlT{V=t#M_Un!A8J89LBt!EtC8ytn4Fgs5W~<+=x;dx-ch9a-qR2aMzB8f9Az_ zEN(<)PV&anzvsq+W+Rhoy7RDG2ibvHQxAZiHqMnv{tU~fVdft%IJN7~g?SPw zDQAgF3Vc=Lwn3U^a{l#{U7rml#dGe`H#m@SItF|V$d$^?4^D0&chAKzG4rg(G}36b zUE6BAYMaf-I|ALqmT_F@`J%4-I}=9pwr5_NJkJFeC2oz^ALw)4cfh%~e+hHRvWdaH ztaCc-5Ym`BJ|)Ew>GAGG4@`$vqYt-(=Pcj=%&QD)vfb%OTCLs%x1cqx`8?>rPWcKG zl#W?K6E7u)KZi&|&qKV0TYV|+o(oi5L}J?#+Mzf}IIHQ3$dHJc4!9xOi`GNaVznDo zJ_CnyUTl^F&#-$$yd3DK%;YpLNmRwfk=9%Wd46^lGq@qNFp&vChMpMuujL>Aj?4VnTbyti zkkeQDTXp+f2K|T%Ck}_!gOWHHs&Z&AO{Tkp&**khuJ{`@A=9RXAFE?B>{1hybOvWa zPIY^ibP$M(ayG-yPraWoXZt}E&KVD5NUZPmCXPZb_I2{SmeA8|awwm>iqhwZbNQH; zt*YQj^YFZ1mOJAW+(hP4RoxOHh0t(f-S}B! zUU^^J#wep^pif)HSt`Mhr^Y8Ko9pmtA{^%^jBa}KHpZn}@JH+sWH%}*-Zddgiq|fW zb^DQ*pK(&98GNJ{D9@slFKkzfi1}bO$Z&b*dTLH#NnP}3;q|uUa-K|H3Blkfm29hk zqLzDnKq<{qiH0B8cNhAdvx!>bEzxPEZb7INuVQ2QrV>%|^EH08S~a~S1gq5o9&`+F6i0I2lX}*T57Uy{-k?Sm48EgHFj^f_823{8hJp+*-QBTF( z{GllEN|QOTq$Jxyb%Ys%`Pu?;D?U4!r|I;_q(|E*Y3X?VGe|gZvqi;;cRO7>-o*P?+`y`6g+^q7pLVQb&X z)myjqz#_2zurFKV?=m;IGqzpwJMx=xy|smO|eV6%OTgp=uK@$aT&sqYkL=3U|{W z@fY<&@^TOMv-^?qt<@D*Coa}jwK4S>J#xi*rl=`5uiv+KM&Tj0@C-yq5ZAVtJDCk3 zPV*a#QTl{lf`4;s3;A4=_dGGt?Ts}rY3BmvN&T`|qVSJm)r!<-V?LJ%thwB^gqM3k55fXxp_nDAirj#`Wc;^lbaIC~@OI}-lq8a}dhDb27 z;;=`*GHs zNOOx#BD6Q8bzEj1e#0`%@Hb;7OE;f zyPy5w@@IIcg!g31Z82-czri6_E`2Y^r)`;�>-<-=Mb%C?y5jSfExTMTdb=VY-*< z`ew=zAJWr)4G+&tNT)S6E4hyea<#Mj&Csl+y=*a#JMN2Q6&}$2qNoUIFz&YnW(4X> z*?yF-Sx}0wA^er4!pqHq2mQG&gq#%X1bky)b0x83dS^2(d=r+8SqFw@pyoKz-?1uH_ zNO+ml!I}GK%rJm4?uXWYkJ1wswPrp(^}QH>28EYRe^5=9+-5rdKspshqW1(t}|m*#An7j{%O?>p~i=q!nJ z@9TCZRD8&&C-2KwHL7xp=VbwOXP&R2SCz_YzNV7a!wOQLs9kuOTRPkC&ur9L*ETNc5{eoBiA7%EOr=qUVEmfqT2DQ{8^#3G_Y&he6+jn&oFITKc; z983%;*ZYcSZBW-MjcaQX`Z?bs9p1|TQ1<55?pVVd8#v0G*Be&PfO0SJoY{T|WUH6v zJn91}D`0SRB46SfKLNSx$s%?&M2{tA*ln*!DHqhaGaAuoWNXD&v_Ug-rGK5AvI;-% z@_jL-4pk*nKdzLPQqPoFUMc5L$0?)fBe+t!Khi&LZH7L&!Uuy3+ZC&D3>m<2w0ib=>*|xNg){?1y9a>X5jOce1u#o zH8ccVZBjtmmwBLPu-ao_M0rB|TX*rUwd5F8-drT;?ex<|!HY|S-nx=ZwqNO>)}Gdz zni-yvgEO{#EpVe;>Dxik{hVndR!f#kr|wK7;*CFZ}6+vNt+3K zySnlYMxA0#{at?!_CQJ?b94$&qw{al)ESt)GwlZ<_f@V%nBb%uJnAV>+5iDZ5cz6WWq>c zQA3-fyDq&YkJF1&7hW6d3SP0Lf92Ma2w8u(wj9X_`9^d!uk}ro_m@dS;^cJ$$cSSB z2LZG+O$cCZ4d9crhGJP_!3%ZBIw@K@puT`S-0gs z(cW5YcG1VliGn9n7B{VD;=X$73f^`s*WKnC)-pYP73nB!$c~_1ben()Tw)UAqSlRQ z05n`=KimEkAUj5{y)^Oku|LFF(nQbmdJs>#d!^}53za0as(xh8TXFr9RT0)PM2ezI;KYIiG{g z1-N?R8%7M;=PWW!Z1SNK;p5EqsS&(0MiAiD&dB9NEY^b2zzC@6k2bggE(`_NrAcIg z^K>cisK`)NCBEAtvX+r*A^{?9Q)U7`i6+2}ulEGNz1Tin0_kRq^!X_=td zDvT}0;Y1bdruIR9<=2-3rLF;txW8uaSj2hSu`X<0d1W%O?(@cAXnABm?*vfxu+e62 z(&Hidr5;>}dx%*Vu+$r;^$QA*V5s}61i(ROvn!8jg*cgG`L64pQaN=Dv1_P<-@jbf z++{1<1M8`J`ZqnBKA-0K{;`3c<>lL1L+p}S6$w}j#&G;GnEPm`@!>#!VcvS)DnsDx zV+bqZk^8K}vchbj(uK;o)JpYWqgi|zO`uDXrGu{ozqy>C_Z7y&%xGf9giYc#AU|je zcrW}e;z#keOi4wKy_>V<51-I9iL@gGoBMdKrRQbBwe%x(e~H>ZlQ7CG3%{^HK zU&cjQH1_Q;X`>sxO`oLe<>vyP8gSf&>;&XA^_laiKLnDZ+G zRJ-VfvEAqfGBTc+|JgW6HIte^!Jrsu69d?-!;LJ3xdHtY+-1f0rk3p^;##k@1#pVv zr&_Y)k8Q;H!-U2@e!22{i6wRSVTMkyJo$LVk6a{*3-TTlbGB1qDGE+T-C`d1MVQO^ z;mE@7)eP0}amJ6@<<1P;){H`+;9S{HS2Vc^qxbn70E(6ROp;DAsh{Ch3feM6zG@h^ zak%3nnjlbEq~1kLH)cBCL%u)^%S+N`?q%<78>3ytsli+?SJ}kBe<3 z)ptA@zeGrcpt8#y(ygoSNkH|?<#`Q|g-q37lmN5=<6gX_D;m6Z8dA<6lFD!POv(7$xuQ}WUby>QJ; zx$@QbC8ZjvV~R<=LTpUsFeW?SGH97FEQP%utkfJzR~%JQ6|DzI3-QE#VCf~-*Hkp%!22E4fB?C;+tanYwwEabAvpME>XN+v9% zTh~vG!5E^_YV+KxSyu_T9USqb+n}z6AekhUviWT5lxqrbn8FaHaM?r3ktyGFDvR%I z!3NM?&-C&`J)tB*lENt)&=^on2G>KsNyU+;yDsze)uIYre~P&xi5JaKU^X4fOOurtQf@Gy6VHM!J7Q9YP%#jUBIwq` z-wK^2aBDk5V~8+3iP* zBgp+6AYLfBwvSi7Vw}_ztukXAqBRINW;H7YRc$dNH?V#DNv5#B$Sg;EpMjx_lo?cp zmhLPEhY{TdKzHSFJkahk!~}~cJNaR2E4}O?OA?!4Qg3f_^S9V_Ccs##XsEQOsYljS ze5xy4zW)COSzgbcC|_P%UtcbtUY}k|uCGn6J*$z)wYB84hWh&2a-_U`Etz~)tCyEY zBH7ZBbEOHqVd80?WLGe*lAYbn!2wfRMJ-5f#Nn}_PhEhS zg;&QZfpO;E1h^4$qTtQfe;XEls>QHd>|Vf=a`gJ*Z@Upri|MBH1SR9veCcR6-2m+a zlOI82l+9blOOZ34_R5e6`{-@^cfIxg^$U3e{2@a8c&w#;2*D0(54E?qwf}#ywRQL= z|8y{upWog-!~=`AGhSeU&e&e1oOK9UeKr>4^tyUvZF;$UVfk3G7vA30DR0CWZ*nwR zPCgs|^z=mkYDvndKQbLvel{*Os_bd?b+wX|{>CAWYA-bddpus5AIq`M2tTEP}-`L*Rp3nX)o7&#k`2Xtg`2Tl;A3BfSqz%~H^`BMnVKjRz-X3d@=Xc;q z#zL`{XNK`uV|%DE7HfBQ3eV5OZ*8x}Z-6!6hn{JWaw@=L&ve^i`R(oI?d|Q(gzW6F z2KY1OJp8t2yZ@W9#yYTS5ee?pZr4kgT8_@ zl)P#DF^$s=47&$Uzpuz+8Im&{>SncObm-)6vXlJldcpHx$C<~8C*J^>teQK%I&n2 zLH9YD!sC9maKFrf?93E@BQ0I401kE;2L~J2CNM;J5e*fg$m+%-3)n-7xx^+N+IODl zdM^|&xuWbyIYl6PK46%^(x{E_RJE2=?EcAtdJHxd62S@k&?H5C=_}$tV@f}*0Zyia zQS((9j0XI4!=#m-(4L8kmh|XwM_Enss#?-W60&s8JWi|rPmzK?* z*3O@Th99%%U?Ks)_PussYYF1pfGw|qrhvc)Ui7Um(}uz+B0i*I3c71(F%s23nF*gDM|US@Ma_eAP?lt*sza0Ax}q|hl`$Geu1$+Xio7vQs){orB* zI_ghEu-h#)a~q>3=8iAOnf1ms_Ca|ceoSR|IKM3%kHcinD7chWplrBENhwU+ z^rJiIOOQ)Y!}_|%CZ3nGdyO;l{Jv^IdaF`EIlD@%ER}o$8jZXUqZ7`v-C}5Ew-9D$ z7=GVyPIgD-2eHs{9hI0x8*Fg)%<3LEP@$p1ScsCrDK}3OAdQ zEro@l{f`2{Yilgt0-rtMYP|CrkybV}AJsvS7HdJuo9TRw zl!(*Ietl9HTY{{<4{~YzT;cpSHXhV{yl!>WCFPpot@S7@K2q5 zJ zaZqTeRGYLFaG(1f|3AlZ#a>W_a$|FCV=%=Q1eZ3fuUrjYyc{9F^!0t(TEN>hw^k>+ za(`9FR&B45>v)lzZR}VYA1BbX1aon7ovts{#01U5@^awN-KR3uq}yn#lyeUR-f;Il z+bZgQ*%w?tczpHhd1^*4LC_ zWcF7oq%it%XKYCD1kRZ{L|SASzLaOQ~`*>gO697C?8H(aNWzuPyph(>K&5!`eNRx-wk?dpR&Usni! zpbZBwx&ok3BnV0R`L(+P6uZ7%%xbFm;)pvsh%z2pz>iFFChp<}PeyZhem*uL!<6KUO=cL z*)ZMNkqqQ*x~rED$#F=6?Eap}KGG+MHPWfSAg!U$bnOw6 zDbM@S2(F%9&uWddpvp zu(;E)qiZVp=O=*PDI?q|5e!nm5~iN#8#q0)meT$|CK!MJ(|gmi1~zaTkVPJ6v_VdZNy7XqQJT?;JRricl;h6jnLF^C zhBBr<`6Tq%tygU#pZ!A3xbWD<C+3jAV$wlppN%WxyV9j$O6 zX$h~94sxx@lyncVveTmSN#F+#JYDBFrI46}UUP8|?q(JD?C%;Iw{^82D@h?p?+l`+ z6aW6$j**gtP3d8e&+iMpX~|9UjVzF{cJYQPuR|4*xQU;>|C1neS4VRgHfku9S>BO( zn@_r4-XysPfa_q|klq)bfDBE|%Xz}#k>Nic7;dPbJfnBZg>Qcl6ZvN&aw(&d(XuJz z+{<Z62JnlQ}fFW=gmDN0&khLZo9fOtwaA4wO>7gkYg2?A5==C$&=wJ*J*qkD4_VGq?!2wR zV=MR~)eI9BCd;>8#qhHIHn-~4@4%Pew9{n@ShIRrYsEQit``Hd&!YFAOY1Wbe};FF zE5U?fJI*5wqzQKr*llBkU5jZ}=B_uz2(sapU~X4U^keug`fKWZO2RtO=OoH#=CO&A zKTd3&^$IJTqUHOu^^W>eH!cGtBT_0Sr(-$Zi+GQT71gVALy}_QPt^hJu89<1E`INO z#c!|0RSXXIOV1s!Aj0p_TspBizVw$u)u*F;U=%iI{ z#%QdkArA?p$jECv`r=FO)@DwDOM2W7os95BjXc~8SwfGtAmPlM#aYPg-QXQ|a!V&l zFhB)xM)Q#lV*DU^XYcc}80bsK`yWw?6XLPx)PBmKjH$o>fpjzAS4i9 zgLh+T!WHRM>iimKR?arG^wba83R7n|H!LKA`k3U%HU9}W3s5SROU;J%&eO6VsQ!F4 zhCG?dwiWtONd9-m^CV0Ne*K4P&A~V#t%r^rFSiQ4Q36JhGM!JZ3~(A-!6KeN9689e zV}wjKZ$8&wCeAz77JIVm8|0i$eq-+JuSCDT+?n{#hP6GJ+{^uHuEjF|DPbVCwrdIy zWlUjP@-+>6ee5;qd{v@?Ek`8ene!9zL)Gh%l%UkCDfQybWSKn67L%}~@tcE>?hOdd zZ6lZ@dvBz>3If7c)7zLm<})3Z)c@=`4!#W|`%N~td7`@;*9@;%@8hUnQ#lQYbIQXO zcWnq-v^-H<2%=pBX>$hj%1K^px}cnDeWcFm*pyRdT|H1%2*a1cH(}GwTwf}lX;!P?RG?8mGiMmVjB=;*pgePc zZutCGzcn6U*H)pSJ?*7j16pe>3Zs8Az$N$s(~AzYZnE`6XBXVp~A8@ zbwNl(O{@Qex)9VD+L~Nnq^j+cToXkIOQA`Z(wDF0M>eOmtpu@2f}Voj1m+Y#4RFoBTjy?CBw?&IGKMz0< zw!>F@%O<$Z`#At{au zp~~|zX&ziwc04?QQJA@hJv!N}z;8)~*=rlA-0E=C$zu5_GfsU$csbusQn+E8Sp6zd1n$4XZx;oIVc&I62H{MDvRKX!YPhNTP)m4rpe0W)~POG<3~GyX)}ecEM{d-KLJmTmUVM&9qb?@1-1he&7*HSGcxy zSvnXQQ`9R`dSMJZl=9rhgY!int4C}m_&1nQP0>^|gz0hqbu-qdgK6I=)|O1f4rXVD z!LpF-#%_NV9j?jMh(Pu~PI`P#9*c!m7Q9st7E#w2FqeDP`;%bYajE$u^Sqf#k#^SO z=R@%=u1PPLE9l;C%Y+DGIkC>9sleETNyH?%%$FTZ;=Vm?Wp&Z^;yGD^twGGzJtvCV z7937XN%^ABJL^>4b1v6V@Wyc}d?%tMtV>fj+>}mDNU%&~)To6QzC*8>=Ae+66u0rj zI{oVh`fuKYMX0IApg1MHqk;W^hcc4BU_V_rPevg#RPvp>%(NF*l$f7gA9aA!!UzJ$ zbshx0ZYX}~(@@jd7rJ-R^91+Z-LEvb-aI&4b>yr>w#KuZw^4^YK4=!@9PL ziHGF{GO>MI-(U#HOA$t~Gn6^JaQ}5@jGX*Flb;0(mMa-)St}`h-x-E)TmC!o*Vodd{46eOSA@04!tmj?+&Q3a`~v4J_HVl~oTu%?fic;8UG`)s1!g``0H}jD=Z> zODVlZ1x|gtA{(b;G1dA{emCi8@jgj=arHEBo_DslkkFcVCV5R}3n zaZAj-xmfnq3!L+|hxyR_Fv-V7^tj}_;qvUWm&Fl}SPeUvtl1#4fPY=&xy-(s%kIp~ zJ4e6X*ZFVhs{hLTc6 z(KRz3fXxuya3ZkLm{Qlkjqm!MSy7vSBNxyVe*7uYmGqh>F;W6KJk3npsefJlZLHF7 z%nlI?n_n;vI=QS$Vsvo!F{ zi^`zYJt_oJ-Vv1Djqz<%O2nA*z3xYDqsqPPob|)LL}0`vN`CiR?D=bY^awOvZc}7lr zbpw79ep`AubQRgk7(RAaev6oMbO6(>DOt}y@xIPAd1RR}|GeB~t|20fiOX=x2VZ|q zLJg;b=hq>x@_n4YAp#L&%L$sM;oK6-$b_Gl3_$bHp9eT=_IT=nGFx1YD(c03xAO87 zq7hCw1NcI{hU{p@qJtQ^^7Cocc6@`8e%|1N!xp=xYTX+x6(6j3xcgpjypGBO*C+G} z^&Pv1=vFk>z+_AatN!l-lvbt=nzc=Ui;*+NHna6P2w`#RW!0l&cIev`?ZC2jT%~mu zkAA~~fVRXwXyJzg?94q`d{#LxnB5)csErmw#lRf6@zai--=)rCK8=Pa_cRF!TLiVV zy6~Lugv1Da#?RI|UEHedVWcvzE$nAx2;!I=>8Oz!?z0v8Dsd;3{#_y0!Z0<5CUm^| z>)&@SzS=0*mY5=CYXbM@`r7y11?3~zhRv@@z0;??1x(g?m+Mt?O{EYUT-L{?fm)`q z&_SM@%9fszF)5jxBo9ZQ?xi3;pLc=tF?V9U0dct!mS(0uZeI?>%Ub7LOhhoo-C9cz zwALAHzW5yc&GfO)H`ysvNY)o6lClx&S*{7w;Jc({L@h7#-?x5{S-Sv9POuvk(r0Oi zM=qe*kklp!4@ADOM}C@j=9|k>*U|aHe=?cX@Z0fsrRW0FP>VYPoqsxFvY989s7W#` zpi-YV5>{6xzC0EE3%#z@__cW~+|)bSinyw}`~f_cyVeacR|2E+z>U6-xD;RYBz}T+ zIf}p;IlJ>1ay$+G4iSU@i@kO0+lP-2DX*|prUYJK0;E00{&)KlqbNR%G&q15&ttev zoIVvL;`9q8bg@lY>r>7FqJRr2!#MN5VrY?aIFfxlan&DLk6ZNM6_zwRVc?;2idQV6 z0GA)0gE`2HF#p2oeAgDc)Ggams(8XPM=-7t?RC4>6YuY?Yl1zRjdpOyfFQe#u$(YcemnOC@C9V`p(m#k26xM zmfm^}nrjJ4ssN-T3JT7gj8G|qS``R_0fY(cfoGPM&Pe`V{jnYi7aeZ&Nq}gMGgqmt zIi8opBaB_Mpg!RJgmL03Hgv~@Nsx2;TNGAydsr}sA=2H(5W(h~CV=CH8GJIl&}(k3 z0g@WQ$l+dgUgG>R4DhmJO>SkKh+m`u1;EGtKS~ zocH^kV63Yn0%js|QQbQsoiQB}zGC+^;p3r01$MccI=*pN`#^6um%Z*R z+~fU(Hh-mt(~>^;GQZ6v>IWLycin0AA30fGyp|KfrpkOa`Mn%tH8` zM}M+|w{PdX5>LL?{CRfa8knzuD~n*oS-Ng7`(?V8v7{oE8}e}e|HthqBgMB*MwK9!53))d)%$L@S#0^MxR=bu}d(vG#^(G0)SqXthP7 zsQnoCz=c*#(XV!*|Dr@N=UQ#;6MwP4L+o|Y%1 z>SBy_;oZGVLwsh841dx7bf9z%j2EYIaLy>hVd>{@w`V=*$c&V;&#(KYz53oY$H|BW zS?CiRQ_n%v%34UeobK(fIA2E8{y)Ur)#+ zky$`#JTBp*rhw%ZvJ45UF1&HjdC(91vKEBM1JmK%-wTqZPLstGz!cmKB)u#>bcE@L zJI&CBvyQ1*-YJ*(HSd1_Q9!Q0b5n&7POKuQP?$#N29ja|f+EqF5m9CqI8R0)A3A8CPEIvT#DD?di{ zIFcw}z(1=MP4VZ|UGGJ7RhbfBZUK@R3y(Ath~WHUNr^I1Kt;`i3?I$sj+PWWL)v@x zo~aJxP|$~ronQk>p={af>~8@;)JZEA89|u;SEb8^9x|g(9~=Acm$tYtpYrx721``~ zobf}q@S3~4P8sg(JgC<;tGtAXlKf&oK@d?8K|?SfOr`{`5kv=C6KSxa5O4-NKRNeJ zhi9eeP05!Ny%SJJyJ@OJHg=ptBm<2X8Xz(TvLS;rqBTkLWvUGj{Ee+#GBFY1m9{J} z3lU>&lDu&lk^==s*u+$XIT8@rXdx;_Ou1PDBr!M+wS=W9RQS@iHI9w3GRnyr6G^Q} zW7H*3GYDolILwM%Wo0ts1X@~vQ*=ED2hd0Be}!KmB9mnNU$gjq^hGWHY~i^-5oVqv z#5jQnbs^m}_Y$OtvR??}jAOdnT1y-V^b9q-blDND?drV{n|gVKwy3P66{#*b(lLRf z`wv_GA5Xt5Br5s6ElV{t6uz#y$WH?EB8R-SE3i?q>uTyRG8j@a6-x&yE6VRw$ci~K z;-kztEh8VW&{SqXVN*b-%#kKg&}r6YNTCBs=^Rs0ppkJ=(oCVGVrKEpl-5M3$g+A( zCS{=lvN>k+l?jEgSZ*R@R{};xCT5#OF)NvY3wKPwh_;oOmkeZJR%kLTQo)O}mL`n- zMm0gMtz`_P%cfT;4}z~CjvoEHc-YCiha1T3?B=tso;abB(Blh0^a#~6mZXR{BlD5o z0vO`Se*=Na=UAA_@lWrO8W7+Rk1CHzYM9uRKJG@GtTjw7@0@lVhS&yn@ygEv{8R7mLhs$XIO_o;X_&bP z7A*lDt`h}ong>o~(m@d}nS#WC)K^;^yp1NA+#BnVfzh0GW!vTUJ0j#=37`$$3%~s&>`G~ zg#fz`fxXhwI$R**Gor!xvzJdOVN(x_)=?rHMnxiGAY?^`D;9$)M2J8vL>|hukhf7L z)F#@AiWU?=O6wqj7|Lx?I^!$jbnq-9QsF`1K)#(XsMus{#AUu9f<)#=rO(9f z;Cuzy!h_4fo(3HsLo*LgPNCOfc84#Ct&Fanln`l?9ZBP<92`@FM;p*rWMxw; zJh2(5LAE#Lby1LZkgV6FnX3F))rBDSQ6ki6fK_m5D~!xp$v-;OgVfz zE-meLq%3ss=sF0Zk{$^GlGymDJsv%J!rdL@!^No~5{IUF@iV4)W=>ga(F7E^3BY`( z^cOBVnSv<0iQq&Md=f3Il3_dL6`1-gXTx~dE2ZiUL13cnWGcXtI4y$pnOyHZaJw^f z!tsFzk>7Zdh(NSJ0~Jc_3T{8ZJQyvfOp<;%0nS zB@#x`xG>!lG?Bv)1S#HSodGS<0%8F(C~vay&sc3(Xr|sc1@`EfwgrPTjquLYRCt$g zp|PHJX&Hr$F0qSen`$`Wc+OpIm(zG-Qb5rsXBi|}m}WB14^a-B>-*D_A~uMMLt_NB zPYgU`lQT5%R$MqP$mA-ABH% zBh)e*02zWnUohjLLwlF9+v46uj*$X*nC(Fd>dBO^ArXXB4tRB>IAB=!-E9->@X(Sk z!E1uWB0K4T90q0>G6Ku7F73BmlArZeWz>Fd&Eu7g%9KGJ7}9{eDKW=llq( z4G$R{(I2dd2&jWYWNi04*_|*$nR!^SDhp!q+Zh`5%?ypUx62=7MZ%v25)hK_T)sD~H21Fd=7U~)$za3Q+G zBP_v!fsCQo68tWmanb`;UmR~nmJ3mB8Vta1kvqT*z~5!U&g^$D&eLO>8hm@s9}l}Y zVaw!cwlp2yAo5d4^=0(T^b-sMI;6tLVX!*suE_ z1mTRv@DL@2@*G~}M7yeTE_!gTk);O1Abe|_i9}qpx*Y0^32L!S3Y!)fj}(Dp9K(o2 zS*Qkz=s_|t{ty(vN%_jH>DjtVDPZe-lQSU+oSAb>cB)3i2|ZpTt|jCa!54;s;jMCF zZtTPe?7NtZj3Fc-gubB}cJEN?S&K;AoEdq2T5OSt>?J*0xq)k{(0G_So^Bw4H>kIq zHg<5&0|Hz{fK^S35F|Y+@V8-sWFd#f0uUZaQ9?`-NP)x2e)Um0hiHg_P$v!oOksyF zs>${IP@FJsiSyVWkU|e4dYc|gb9v~UEII)n62a;}BU9lfm^TJvkCWRtF|5}wT7u3( z2#3&;;?YA(@^6zy(yzZAWF&Yo@F@MgqE)^T=z9Pi=e*$ zcKD%^k4>=L@wnJaxLt=1`jgS%x$!y?(^1kB!F?lz2C+ib#<^HQ);PUiyP4z`i(vJ- zn5){@MaEvi%%1-lzkby@e4a@4RI7)u>@MvHn3#(KW#hEC=CNW12+E$(8(MvpIH<-< zbcIJ)2xbi`CnMZkiU8)(1ITy`>wCv+IdAC9j5^>gR<&^)d?3YRkcYs_+>$kuZO|M$A@gKomM6qOFj{K4%#g~?bZ59i+RFXO~HCx zKX(esY$W#+a_Ef8vYg?mWsTJWA!2Y$_Er{aKY40~B8?+d$IuQrkmCwyC_)62oRN`H zN`{H{hiuLuZM5iN&J&nsu=XBc>wJT3B!HeTOljJcWfHh1i0`1UUPmuA*!+k?eX zM~HJUF}$sXIRuF(wXL;-QEFT+54G%6YX}cTt>b97I`c4;Y3Z3~PkX%M<7E!r7Or2x z3!Y*kL7aH$IBC`*=c}(7Y@y^^;wQa<4<2!dXag~YVoik7YkD=| z^LjgY?71Bd=a*dTlEB^&XAn&8$h$eA#I?3S3ds^fVdW^s8|%;C$8It}=;GDO4&#h^ zgYgv}HH8fM=CsS{Y7X0vWR171FtS1BA;IUD066K9WZlZpn;%aAAZq5e4+?nhG`6FZ~^NU*hCzq( z9<=EHULa&pP(~zTG(AI5#U@Qd@x$|xO+P2pBWN z+hmZE2US-f(u>@?U%qJnHb&@C?Y^AJi&rCEyB*Jp{bL09hj48HR=mgOha$%^j}JM} zQ6V7YPO$ASWdt`6W_v;RqvwG85ZP`h_Q9}?!X_elaa`W88-@#PLtu7ckcZ$!289yY zDS@-pVkyvwk|2T@KC~TrCo7#Fagw`B#u%f}1oFcP0%!*u9>OqSB3!E^>dNFrdUGW{ zJReiX%@@X7M2|Z&f>zI2Q}_kw>mx1i<*LuPw69U3PK^F5nYlnVzl_b1)K2hJqqnJm=LFRnsdwQZ23K<~N6F_U>iWgQIY28t=u&ovx z84PW_d8sh85iI;2Hi(*mp;U~MW$)Fyj5c-dAeR}|5N8>z8wAm^MFSPyHySLmgLeW3 zo=Q0E%#GZ_7|dHXX8Gdg>V_I%fXpZv!F&TJ6jBJakd1_eirHb3gRCPrplG;bdN}5s zk8e|sCUT5#oC$0uEdMnQ?72#vZos$Ts>> z#YF_hqM>&=sNQ=eyDkA@~??zmTUu#!n?BEK&B(ZR%)XbR>T zn43+CnTs(tn8lJdHW?`lEX5xF^AE}HA?6;AF?vs_jRu_e>3yIJ0j2q>UpqwZI{l}B zzdbM!^5Cvilr0JoAt?*!?b9R=KoBk=gpnZ?G(DV2@@qJo59&PUoaaX~+ILR-EKTMu z==@xo4c2*)?UIyEW8K(ch*W4EBumCB9Ad&@VM4-3Ns-KESYe@4(FURG0A9Rb7}c!C zx4b@R4}k}w9;_yBI%vabFY&{{JdxA=9XcZYDI(x$4S+wwcKh&yDg~w=jK9YUFk)s! zmMOGdaiiT?-|w;;XM9GQm|Cn_s-H8|ol6@{KgU$E4Kg-1IV6EUG(Nn;CLz{|0!bkt z#)>=PsPz$s9lDN2Tuh#g^2Im?m+5rFY*JJAo)2!e&5|~mI=?eGC~zno-%+3RIy+N@ z#8#Z*m6eKd1wRW7#bA1Fgy^HEZu)u>aAC%k4M|F`f88xHV-CruL2aOYNswb~58jF& zlNX(=5h@NwSBQ`ycNGvBP-qA>@MBT^gPd`rDlxYbwrftP;F0AJyc-JomXZCc22BqBlz@43afEgCSV#N7{^ z%=ez1S|6%|bW4zup{2hj)ZAh8_*2}GkgxdWmoFE!qN^>&8V=y2pV7SY8qT-QPx>M*K+eK7)hsN9j-_=^*jpHZq+(r{VMZ zJ7-fsbO;xadF%#5*x;(Fr?X&HMb}!_jk7~?b`E~e*nYV5=ew7mGCukJjS7hm%!2YQ zsX(E!d*S7u;y*cu90=?O#$o0oDf2%eb9h6POi$C8#2*zVVAFn{iRzcUQtkR~*cmj1 z60rN^HH%(znZ$rFWI@5);zeE6HmW%*5Jb{3Lh68UeF7YWE|(;X^_^-P4u^TQ*aZgZ zXUU*;LPExdhkm0!ZZ=Q5&ARQ^P~e4eNev5uh*9K4BtfHYZjAu1Wl-r#I;E9hCYuA+m-NeI?zjH#Fe1?IE}1R z!WxL8Bm!9F6TE_8F(RN+1-y?g&=gGiJQC0C^?{+!$n4yew35-3%IzXfySKd|(D;C8 zbR7YHq8I2PLUo-7S%F7s<~vf^9|K+&8=gib!p0atWH%A1B0if5DGg#}DH3ERR4pY0 z4M7kAGa(ca6s;>%z|^w@$uQLtFtJ2M5EM7!JtnY}G-i4WO&=y$vgnWT%@i2g4K$ld4Hh}~xQ14@t_>(_wWeh?krkn`*}i&! zM!Dr(o8t+$2b`IiG^m8*%XAtC2c~6Y%1Nm)O>uXuHe?}7OoNQmMHuimA-l6i5RN!n zjRvqlfrTP%JXswy?iQ(N_qm2_%p6EWX$ar?`n*m)D&jZCHxpbdqfIx#tk$hGNvtzg zR;sWr5tX(k5KNU+kunfzpQ~ChYB1w;#Mc7Qa55ihq*sr9-f&_g4NR&rqZ*B1%Dr_!+;$s@-VMDXOft5Cw7*xne-aEJx5gQX|6JiL#5xq&PFYz#g zR2LbQ84g2D5iJZwWSJo4lUJ61tImUdy1v-UFAf8x2B1H_0I{5a1tRl__Ztj4mljo; zA%~vk8qsuSg2w5@;x;zz7YtDpbNIcoofG5n z$FZED@0Yw6g_x!s1TC)9{#hut0BErUkpkxxO0gv^=1?1N>Tv#l%ibv5gpx_S zJvOxV>WYtX&>};?`-FBLzqIL@frb`QWFb+%PzZ&-St7mWhG&79Mg=uQAw`Zf5=2m! zWHU)A1ZeNdc|d9!^GYe{gM+g{^rB}wA6oacImlN4km!IINfQd4Asl{|13?dg>M$Zi zG`tJ|B3ypHJ70fxKyja*8ozFq4&|!A2E?OHtz1j@SsTVg3@VoMFxhE2RaZ_5AATv- zb3HOuPk%$8@NOjfwKf3fv& z0e#?+h{isaoo3C3c_OK$;Ev%5htC74B0FJW>n>yFJgnqGsKg#zoz?Ym?4&}2ZO9hL z!43kl!f?k1m4L>fz_n78Q8phru@iBu2n4|jD{vnushOajilZoN_SK-09a`qC@0hAK znGnx@j6)Ra9wd;R4Qvk57qko$*AQ-MXp%KbLdhXUWc;cC9 zh}&8U;Z=}?Y=jz2tgfaWWQbDw#Sahqqa#=4s3G97L+d{>JBRjG!fhO%kT0pMaz^h) z(0;A{FoPH-XigH-AgAoi2EfFeRK!IPRgr-)ky&MlAAOb8O`)x3q>?w&jv|1Dc8AaK zI5ZeRspySGLm))kVr*_W5s^rcWEg9ghN(4_<;2eY9)ACE?=A7CnpfrY=k1M8HtMb- zv*`P?uN*xf>mMj*U38)Q%)*MAm^>idWO^sB8THBf_UxxbXNp#_Wz1e0Cr736#p?sc zCeJFN(;)cdx#Lx_v9b4%Q=<1CF`OExi>$qRN}AjoI}BA01Bk5MQ06P%W9Z4{02nYC0QJ^-My%3qF=GIA5_2Xm`60*Y5J6-;3b#mL z#&#gt*wM+{z~tv_rya^r;eRg&wjBAPE3+4$L<)IPE-!O%-j{+E5h7+ta}os#$fQRU zQA*3JCR{+6Xn{_L%{uXeK(C~2Fi7ojx^!@Fo=;A)kV~+=mv~hB4%*Gun>t`00Wl=8 z1Oi#c)Lg@$wkIs}RWZK8@vQ9rTs_AG0mlOZV`<*)?p+xZUo^h-a8)z35$cpCjShir zvS8(rVnYH6pq)1XyIpgWchE|1q(vZh3ukD0T`Ht1M{pT{=s??PGKKB9nBAZ;Gr0w~ z+)z#siXtRV(OI2Zf7-FK5E+1ar%qzZCKdqHsGU|IDw_~6=M-LA)0-7AS?Mr|adIZd zON1*F3g|?{kbwfBoya_egE5iO2e}3Id}C=8MH*Nk+!KKG^l?yeGVDkIkSXcg#Hm)T z(+y!YP&n;g-4T5DbRP~_N-o=-rrqgjleQjIeHgBB5Dq2WE!^zzG|V4PQ`}A7S)Et0kviKA{e|aCfIKs zHsOZ=US*#rd@#HOCj)DU*gG-oyI9fWRO)ARSzR zk(Nja;A{rL3|5ANSR9>*y@kUNtl`k$&UeA4^=gcv>Qc9lfZ`hpCT6oALo|%$aMYnP z8!aru!HD5{bg;UiZV*7&#zeG{$%i>{X9PsN4w1`@@_M)+V_I>7j|eBhv7nnz!?o_9 zCA(a>nGT^omiujpW)2IXf(uZnyKG_DlQ|&*agl(xh;HMJg$>qm54P)DVZ+sLnt=gO zqUi20ipD>Giff>oOq?R~AqKinqfbfWmhe3UL@SEXu*8mp3}+HZx0Ak@Sh-Nn-)XoD zx!mk}GNx@iV{^!rw^>>vfpNs;lOa?KtW?ea3_VD1RP@n7*AaR8R-V8>`RT}c-T8TNO4FPa#$d& z7?`j|Ty0|(J4k*;hDG$P3oa+12Uv8G$5CQf-6e)W5HhZq#`&R%0KD(&bI7npv#IA*MKx7b+smP5`R(9#+1#kh zG9gaYzYnH{1X8R+JRKcpiJdL0LDCq=+XE*7PZc8tlRzU{E;51-Sh05+6Cq8l)i@A1 zBO=Y#`?V)#a_lm*j3>S!<6z-Z5G;-Y&G1@!I%>dDT&<9-ENR>sK}sYN1&}LwL_AAY zV`mvGMliBmIZYb}ZdfLvu)W6GEaJHU&iZ!T4Z{_Qq05Qa4B|xy8X!YJ3w^fRbuD>y zi8nX1;`DNP!?>x7y3TD-6vxLqV*2Tc5htxTNdQ3>cm#AAT)$3nf;C%sOK?GG8r`h{ zmD0j-qB#g~P>_LvzONum?cFyC6);rSIp4QEs_jUs?04Yi!`Xd4%k{5aPPtcz|sWjWN>VDhW37Cr|94qoQV7j)=vkoRmMc^b{QYi-rg4IWT2CzWo#k>m-ePMA%eF9ckDbq#Zn}NloxGJ*R7F)+e*OF|rn(M% z_HrDtZbtm&LKUUBK%T2Rj*cz)rgF(W5Ee$CVYa!K7hBYTQ>~|HmTJb&xqb6vST|WZ zNDN4Uj0{48<1oV|w8kexC_xz6@N?Xti?l;viz`B*)-%TS&P8ovK_He)**JAmO&%H? zr>_pC{7AAVBDozC=BMf0IOjRQV=S0ScIZGrjtVRxlR|^++|-@(a?UGtB)#k>ug5!i-{PLRf7vVW8_v7m!FDd~dP&bcPv7}Q%< z#1uPXx3M%xm9xR6jw0Qsn1vV{P{qb$SQyg4Co3rDIKaI|3Y-i?Rx1+_37)rAmO`I0 z-d^*jwcW$GrnuqCX_Yf_S0il>cijvA?Cu6eTZkq`fmBGzGa`~vN&&3Ro%DCvsu!ip z1ks_Kv)Z7EHKnbWFb%NO(T$Z0AZSp_iIh3R4p`!w7R|s)*@tJJ8b>4U&>C5B%eW@qST7XoK4{A#KMw^6v@S4=bCtcQ&awo)z- zLofj+qX+=KL57bCVm~qKxDVL@!9uwMN>R!h@YF^kGaBdQgoKD-! zd@$6TONFG4!N87rHn-0?n$b!;(Q0{ung_8pi)GTBl8nS4ghfTp84yJqc&Y}l#6l$5 zwZh0K2;%{7qf1B_6$ESuCldoedyadDZdafk8FFXc!!Z>+Y>>7Wcw+JAi2FNhMfs9DT4+SxdX2*!s z4QLrH)!r@B5XC;vMx7e3I7VK*u=0)-P3%z!Lkn?}P&r|-v9b05IbLl8JscZ3V)eeq zY`uHQdlQ{%w5)<*@zPb-m5+s=P-t-pBqdQ1B-Bv^ys%>%K&nG!$rK2d7l0je3e(5| z`VD1a8jS#=p*f&l#5Rc!C&2DwwGyjNI>P~>I`RZ7VC^ZO)i2L^fxw-+3iv}_ZA4vq z{yArv05K5-QpEQ39FMH*aqxuuHG#+Jz!46;eEmnmH0+MQnx26ln^=b;D9D6~Q6*AA zB?v`DA|et+MKMh(kD7a6@gzKeHmSf$hM8yv1~Gu4p+wwpDq(!thK{6j28%J?j!gzC zWfBo060Af@e9xf_gg~(Lg(2gN=^+YQj0g^}4)b7Js#GJR?YwB{{NUJ8E5rV*l1a^=_4tpV2xt7h;o#k6 z6X?A>A$kEJNG$M#gLN8><{PrxYNXWa+#16So!gm`vfOUnt(j#s z(IbXb<%S1=Z+sOtv}zo8#$M%b871!<_!iR*!INSLAm33Oms;7-ZYu)!jf zhG7a0Sfqk&U5H;EVkCXp7^gsL zRS0-4Vv?C}vYtlS%icde00=q?UuYN-5NjyKKz#4JjgG8AoF>_YNtEY^6BlHJcERX5 zx1F6ndoVzuNX#M{A&PPyn-I`$6_~fE!-~z3BOK6WG20x6PU;xbIGbqK53mN-tSB&= zI&6A`8G$q{e(smN--Cq?T3k@5^%Dn0F%A=9$r`3XHynhDv9}iyZV?4il?oDtLN|)x z2$T@4Iz#1CL%^J9D11|mtqTw&V{027oDv7xB{3!~qLFF8vLzahTJ7zZIaoZ_RbO_B!%Fc?QKTvjSgxn4^sM1>?hi(SrG zH-_)xGmthum%OT=eKWrM9UE^~tj1!{pBEX4hZY=c#&=HcPAZ!?aMp;8EY8mn&T5!A zn&TNG;MWT@u2W9)3?<5wQHC!KWRXZJ3JBX1SisaF8KXHSW|T3IxMn7TJt(Chbwg%` zNLVufPy~cT90A>bHfj_Q@DO%UiFS@taYzSw&VG*D0skfm*%A>v(0uVZqD=6u4a2bp zi6HG#C^jOa(a*1l%5N!Isd871qud`E%L%|9Lq?=*f^9}d|16Eg@~b3F-j-xUrBoQv z7!nQBf$8UmcbKm3VU6S>VakdxL@&@*Pk4Z&FNy>_$l&8%%o_YU;X~y25^{`(B7oHq zF-si^kWui=$Se-Gnd&%)aCDbFXHmQ~9qR&bu$xGmddAl(;R+gU1E~Qh;}dC8@JeL0 zDpF1)U}{n%{S%)IFxf5+My!`8)*6w?Y>Ys9Sq6+OFtRl|qADjzpg_r8z6iToY#xUsvJf;0 zkSZgN7DHvVnT5Z4LlpJGjeAaPEO{Pt*fZOXBA=Xy-Gq2BjX|Zs{4pMMAdk!NH0{U1RnGmH_XI&62^`dyx_*&F0iJHO%23q9PHla==#+CtOIzS0%c_$;;zp5=}PS z8Z?klpd@km#%acM+q?kgG1wCta>!OzHyI<5g2@wNZDTRqh>Z-XwILAD1vX$ti*dPW zi!3402Q$F|$vd4!5kl1g!5RWUf?}x%V38SYbyC(gm9mXYmscSayaYQYw~}RK6c|hx z+>H_vCfPESWn@voRUpS)jdQ&b8|K8BA((?u;&zOA&E`$5W15{#rm1p_!Hnk9sS(C@ zNoE|yWNOheAsd{s%X1KGc19Gc1~N7Yp|C0lXm3?4Byo{QWsSCw(+5gQF@r^8DpHkE zr1)47hDnr+NG;tl(i{^r1YJp3aK&3|Atnh3v87}f)wMk&BMFjYF|>qjYUZHAyJK;L zvdZeLDA6Rgm9ub_!pPDQK+)j9?jSl)Fhe*XhFsV!9YF+dsE7@=h$w)HV#>nXVL#oE67CMcCe0f505^^n1t~W`(5+U7%+b$>1Nc4@a1Bc|R zL>h-wM+j<)ox}qW)hSYSnH`ry6896ab*LMgjz={u5M&hRMG%Ph`{QBkFzOvn{_^t! z#!{5iA*c-!z9bn^ui}C6BppfC1acCQIuIB_tLuV=0+Cul2b)ZxsB%<@RLE9@4_pFh zg+qb_$thThrQ8XU6c0!MDnL=2}4s)oESxaba(alFk#(rOV9 zpc&Lsrp!i$u?W)Mr6O^o$c>PCJi9(Re&=B1+fs0kR9IItcqn2Cwc$WXGAR4(&;!OQ z3rT)t=mYBt%|9vgN34u0%nY!~qX!SoFwCfoV722&LJ=m?K0oQhgm{I_LbmHO zlG8bBG`k>7ma+j-LM0Rt+rEB`tD%P|7D>X3?tNqqmcfjHPrRguBxc0S28>dJQaDw* zs)nwX77aw(3_Ut|C$MOxNMwu{!8jEwNnsGxwK_^=oF@HJ9Ikswh+KuoLVeP8VRYO8^O1|ky@8ja4f#s%SZEnLwa z?fd=jdEtO!m=xt_a5(Q7!?+)CH?I*Kuh2rmhe1wI_Q1{zb<9dN19Lx3E9W~4hc+6_ zA6eh-h1oWNMn}u?XN@vC7WU?PBEJI+5kA%!eo_u+z*(BA++yymx5lf!2K!6U{xA(&MjORCf+{EDQiC33E8O4g$0T+_X@c1F%3qpNv$YG`VtO7PBg%VlepGJx@o-CZ08t58M}$n^OL4! zY~&vqaknsUiB;1cf(my)lZ-g2mZ%;|U`Hzu@a`ll)7T)v1hbZdS|JLuigh5=CBodMhoN=2*`xRVy6Oe#6!;Bf6>f)Y3z4&Iq>YpLTKkVM zWE%rR7>yCujTR0@vgWfS6JQ30f#ifoG6td^hhS!o!I5O1M4~VV4$vmm^BdPo(#Ut# zu&xa$_b^i7=h)FAo)Tc3N@1xm;2}GcttY92Aj!!oLjw*o2=~9%NOpk^$5lN(?&o(6 z9W)z6)*%o?;TxZnTXKB3o<;s}JhE`IbP%`VtsI;}I5h$R^`|51CY~^oK#_^nEx`19 zd)p31*P~6?0Spt(4ae4Oc#ZV}p_XczgrI_%QVK{Y7)^N{pPiHCBTS(}{Kr8A9;F2m zEePlhO(#-BA{APX13)}YO{9>9PB_q^u=oK)K!h0TV4fvwi1o90V4@B8?l_cV6y?l2 zp089yPlO(*(I?R*20?^G34%7`#%n-B{ZpLc8DvDk6^Q|bL4;Anlsprn+-glRqRFLc zmdYf?!MGAfC7~V5MA=(}LgXZ1;<)cx51~eLd6|ManC4YgU=*r!`7|572xe7dneaYy z^7_8We%tn)Pkx~ABC&fZWE3Yl`CV?K>r9jK5HuJs+r;Ng?;yqG$PF^J{&BBQ;U5|i zhoFG!4xsCXB@_2ym|__gL$y6UXvm;=iPP`&;lItNdw%ogtzRDOy_wf`f)Y&iUC;vN zl@En5$$_1&0mP1L((1GgMYVW;k1k7^vj|8`ajEqXj?Y7`JPd;d4g0#dZWH4;rml;uoMu)soo!{pT= zh4ul@$d}EIU_`w%y2lzKgjY9zj#boG-`;uAJh1{NqOPF+9=tOEzmPYE_4k^Ps|Q5| zkq`3g#>zOph9B6*Kq|pdoVtuY!=tMUPvZHCsx8?jnxuZ?eSjhZ4PzAc z)T$2upR+O_*?-n+1My_>AOzSCL2O=o_~;g!crv73u71zZMh=|{1&L=Aw^i)S%tK*gvcmj z$41buK^cTFz|VR9qgkU*OxaXI`l0$h>8fd)G)B@Y(e}+X%ny6&~94B3Z3rYd$&-msc1n9y8wt`g*fGWUEpbh`G()-WJ7Y!PTL?TO2>NtAX#=XhX z|0^B>2fs8r0xLj7p+o5p#1jyo7<*+(2@%>d45BciMF50t88Q%lZp=))Cp)kMh6n2Y3`Ca9{_j1WaZM3hZXQ3MPG9AnwQ z3Pr{$K70zYKtXqyO=KWRRmYFb`|m*_;8FgbjEUEJBR0yt$z?)Yyg3j&3MsIiXcVvZ zMG7Ebh=(EpfS+V*ux1kd3JQ)#`~I_3022U_i0Q!*frK{CL(Gd7pmn)BARi^;FN=uC zTTkIAmpV7?4>#g4IDa*4h2tU4sZ668B3{$vKc@gxaT+5FkTl3$3@AggrX2 z4ixLK?Y28m6*#~W*d+h}!nDKYKz?$2GUQF(KGXP&JRbzcDfJmY8_h!nG-Q}Cl`E)e zo=n!9On5?nQriYh{P~UVQ&49pmXXaj6dZu*V0z#OPfR#*v~4m)<;2O(ip3W4Afsk9 zodz~)gld!}lk`Fb(v+I+X?uxc5Rf9%V{b7z`8L#15S>4Y*0){_!@8(}5a|wxQ0LRM zEZs1I5ePvsRU%9y$<*NUh=RQovWE$;iV5WX__U3}CU+Q_vH=@n5&<<4DHE#2Sisw- zR!WJ0Dw{G4pnRB=A57q4I1JP)W7am>i56w7!KtRLPU-_@IgV;G_7T7VtWdx=mTDv* z&p+9}9^p$AfX z$^PFTf!CR=?>Bl*ag%1;A7e6aR3u<9ypbO`0*;av5EcN{l-8oipRFnz4xtUmJ%;`{ z+l|(Rq%^A7=wEz7h~y9ru~!p5*V%V;B*Kb4C`?GM#sWK7KQEj!k@UdSq%WVV)v)Wt z4U}0eH*5gl*_C{JX%VVSvRy@(krWhAy2CXm^|_9%FVAO*z!;aX49M#*Nc}P!-Uwq- z2aFoif#Eqqo{x6TuKzw9Fvobxe$rZU^bl%(wg#v`(46fX0u6YgB!tY5+63qN3E7L> zE+A3SOPtg|OV}sREGIe8W#D?EIg`t@^=6+4Cw96TiP1YvJ4g85myRNRy}N^`^~QoF zK9CenOX&RT?mnN@hipw02k^;3Nr?q9Q49*3$0G#s1pxTtlpl@<(fw8bANy&0^aw!g z1l~~(>LdEg9M1_W_r0_82i$8Pxtt{v8G9dgZXJ+i6$TBWG#as{Y_c*ZGOEbTlQT0U z$~I<)LxUJiOlw9VR7C1t=8PyJD@4^98G(jFmMqj&EPi4`21t$*Faz{{6h*_d98X3} zBsDIt0u7qM5Q8%q$PYxPRhW{14b3GxfWVLs7(FPIFQudC5G9g*mQ zc95WG9@uyo5MhcW&Ppa>iiw|>knlwARI3srLlV^#BS!#0bYJd}Dbvg|LnI-+ybp}a z;yqkF%^{kc2-f9{K1%rVYwPNfo%B?}C%-ex^+@+^kjkrgo7dieH+u%7UX$B zfc(FDpMOtz)z`pu1KKEuX?qSLt7F$=8@x;*bt)T)^g^qqWNOUU2@N>Yq}V(B&EfIc z5!ukd{7Qj$q5oev_ct|lDzd=6S#cWKh^B4jYg-#RGOV*WS}hq z?DK3qldwMzlW&5iBdgda>V!AIoxeGk%jAISRLNaVpx&`kh2pK-TJp>+nHU;yF*>VA z5Z(LStRJc53`Z$IUSWqDx|+&CjJsafD}`9kJA1lj@Nb$5L-I(*{a|8lbxj<@rp{ z8dhBYJ5PQJfid!gxdtT00`w14&1RmM+>t?$k&I}}AU>OcSD=Ns*(?{1ePNJw3hIgB zaD~rj#Q6|ApE=Mwdh;NngEND+v{Mp9(3CL}Q7HW6ao>#D1R5%la)NQ3mBqDI}{doblsc7YOjlvKfo|qM|*7A-Goa+isc*!-6Q5FU?)XXuMMOGzd z7{&>m++H*^8)1l+(F27Wkw{4^Bhw;C8^@7^E{N^{gpt_6hl!^|)Kpa^CFMyY)z6vQ zb{y`*S2INLBp|fGD4P$gi19r7LWDs1kQq?Cz~lkwgfbA-P97N?Vso=12uP8DkcdZz z7c_kZRNUSZ?&9u?yDyYdytpq;VX>mco#Im5ZE-2??(XhRaf%docQ5qu`@i?*BwyxE zl6!JaZcdV!x!+Kaa>-aksnJKJymKxWZFAjEq7zMi7p>$`FENE(YmMgn&|*me2_6d$ z;2y1RAD#v)(4xm(@`gr5w!jaZR_b63#x9A|MQVt$z_bJ|deLg=2C;D;{}%2yby*-% zpz?AGY8@&u5L@(*WXN+v=^I)y#ABG3Lmt`Q&Sr-`dwm7)0b{%VsyPI)vtC^?W~MlU z@5RFNJ@tEH;Gili**n-61 z)j35aCE%xLu;csi<+0(#WF-CZAu5UZ+}LxHGx(wkvk--GF?cm`Re9{L1iwwpqE?EN zMKy}8`Q5!GGDQ`CnbG^z2l(|f65c9*C`pxt)vlqDt(D-Y*hkG}g*i@Y?yXI$giy3w zfLK>kG^u!atJ`tg@2C=%A9KB!@S?{CHsr-|V@oqqUk2ol>&93wb5B#Mu9YhKiS+Bn z@=@MHHb3~4Gq(T1vmcTVv(@{j5H;A-J#Iocc`&a&P_dcj_#5MK)5J4OtUv?AMRkwT zK2N7tDIFbXtxgq7#64O*_dhCKk^2Y>Q)YL*Gs3HTIJTl(g!Qq|lwPw+isiudZzrs~ zJbF`V^4k!s7~A0e`IfS2l0_^#b57mX0MDU3%|02XyG?|T!=5(N#rwhNXt))5xD1#N zB>FzAg_saD5?NCeTaS%SQ+GUMVj^~Z5%F=$%A$l^WoB$AE{?MK{Mj%eOsq$QE)4@I ztKSnnwvg3Y$%HHwB5N?Q?#p*ixm8ipi8yLyW*s7}I+f-@E^rJqj0K9xH~scK{>OWZ znPCc&4iGKEmfeX4)1?!@-cuG|oq}lOU{jzpG&C_`d!kzl7JLYZRzYHBR6hyU|K*{y zQND96L2M~y5e91S@vwU=#}#{1VR#1MxgocjZbTH{d%2lOQ@-DR+VLyw_8F3iE<>f^ zpR{cIbk39;Cv=_v!=-Ot?mJ0YWhf19_0sW@8{s3UnhseBt83=Cn^pT)sd#G%9yK7e759!2Wp;% zp{VD;+OZ(7suOhimgsF zgce=1u}zncOyb1G;fypDl4-_WJN5T&t5-g_ zQ6}p%PCCxbAemWsUH>@Is=5RgX%6Uf zO2TQH5upRf9BA?egPXK)E~+tnjFtG$Td;K>6#%p~1!j@`lM`iGZj_rzGv z>}&3xU82hB@CMg8H>4gf(Z#`6hKEEyLXXLwrtAVQ1*l)^QcFspi40m$RO~0?Fd-p+ zOA4J{I_Lg%4<~M{HG&e1q6mF&-+bW)y|INiwDjZ1al zig$IR66V=Yv7z69|B^geu)=7YOqyD0Gt=6r4rt)goFu#Ico@`Do)qTy+E+B1cqbQ| z0ug%=S|Rqit(dNKy`=JV~@nMoh9>lH&Q-aF_Jyw0JV^5QI_^;!!QHk4*&Jxm6q}&bUf)w*a&ax&^ z=7M1O74$y9ULp z*(gphES}EYd(v3Ie6fGP&i9NCg37vIHkVVXRM)OW9F@n9otF!z)4q9WS_2m^I6nsW z-gJ7da_rNHm+#WhumG05{&npqhpg z?eTr~0HPY0)D@UZnIFD#Wu`2rWaK9P%{a~}A1fWQ$i_ZCvtU1?-pI=Tuh7uZ2!k(sRtUym>Vcz?FghcIuL$`@Mg?y=A+g}UwJU6r0 ziIKQNDY>uB4>9M*j=_T#E}2*(%k`X=BoPf6JSm%UC!+G&b|Tx_+-lDXC6S@P(V9)) zf#iu6Lu9pk29y}zShchqle>d0h-m3eUv`%MBOOVv<(QbX}SUUHk^=$k=I8N(g|}oQ$#AC>9C{L*-#^J{k=BhNy3g2(}dSh*Vb~SAhhNx zcgIOPXKB2-f>GG5SvBi$W6($*n{DdXB+L$>SyYyUi5aE}H!K%8v{nhJwpXeM_rV0k z%x)wQes0U6=7QWQ^{kggv^lY=`R?x5J?_cppfvF)qG`<@+%CHp1`-Q{K*a_rN|=ON7=ENGio|gAEqS#ZiNR4ro<%Cy zWYg2bYOmR5+zCMTiuVpCeZZa+o*;9e7-ja@r^?RsL!m;Oc8)C&ZJ>h_{NpKQx&J}K zueOv~`%8|dd}7aj88^x?ks*kS9Of7yzcNU2$5o`_CwL5Nn!|%jXkuvs-zQNe_h7XYwFL|1v|&?=GEy__q`Z?a_KLC9 z%gl)a^VI;@id1oQxIk(}DwX1|B_bY_j8-yc42oiN1n_93KrZAIOwr8HgAcA;7MKCG zV`}Fq=s%y8c(z`&21K#KmG{Dtn5p*GgcyAd(LXKZymq7NSBC^6`})d$dGz~yo3LPj zi4n2<`Y?YPL{0Hr3?rnb_4Ac;X&z0=$8H_W)y=MvyE|i+?l82*ov$Jxv=(#XOV$4X zl7z4dZJ>2=%ul);>}rWlva>Q~I2jt0!;cpU4N-pm`kYHqAv%kL!^utuhJnCJqEUke zsNYk`aZvGKfir3V;PiYh7ci0j10JU&@E-&L0l}TfP&EZhFA0LaAl^LLcg}Ef9EPo#y`ie0ys`Wl<}!p%%NNr0%u?$^yj}pkg4(OX<`OjkGXI z#Yh-hJdW&3BL+$4*l_s?72NNSzyDIYJ#55O7`8*=tYhvm_9A(z1m~VQ*|XRCD5m~U z&ebnz5JC}+k@i(@y?qPE%|@)AiLs*el;ex0tm*YX*u96648S;VJda7$>G$67!oFLo zq32IrUzUE?ZHyDYDGGdkTMydK9UxXV6=jcG0E)iBJYIX1?_q7{N`yK)JZ&X~1Q2`@ z()k@PK!L_!8=7dn^VH`0_44)3RcG?eWGk2;g3LMj1lnW=?(NNeEhKHOH=9HQt#zjJ zSZGO|oi5i)E+jcE3~kHrEjwB`|B#NrsTwJFHTp^y@_e!UEwA%t@n1Ry{+`P!o7dw) zGqOoLgR#6IN&SbS@HZ__U*QXlvyM!XnxV;HbswUIxsRmH4$EU&c$m2`a0gFs#?`w* zKBzjCU0dTN8^t|Cah@2Vs-GS^e7V|H;=OIe*k*9uu1nj8Awqw?SjaWh_kH)doBu+q zyYGUnvasTpx>d3D-E952)0@ZQN@cK6n=P7tb%cZ&(OAcr4tfglR~i{vOERlYi?7>t zOp=E!syqrgW-Ye^|p?b_>~9_-^M$ZE@mhnfiw8 zX=Iy$t9zY{@Nt1tO|2stR-iHBuW;5ssr2B=svW}zZLcG_`^{Cjfs%E!29@U3KYx}F zg@wE76Mi!7z<+5eBe!3}5wcgx;sywVs4e^umvW4;Q800kbSi}i1rGjJT>te1P;{+F zSI7SHc_U;}Pu)BcLhat1iFYrqS`r}PvP+=gFXTJDVLL{xwXXKh6u_n26z(+nYeawV zb{7Qimq$l~u4{B)_f!d#FCj`ej<1q6rf4LmVJ}qtGMZ>6z$ByXIA3f3?N}UFvqcWb06|FJ{4a=^*ZYh?o zIrIn}jbmMb`o)1haztf18srD6BlIln)5dU%Wz-_FFEl10Ia@zGK2M8KU#}kX@M>QT zeDq^FD;;r3-hq(J=8_K)r}9LnSCR6yjbY)We<|s2_f2+|nJ<{!GN_eg*}82~iIOQr zXQVSi!Py?}-=M^B91!@re-kQa7o9)tshQQBkiaoP0{_+aFZ&v-!m64@e&)T?*6Fyd zvqdOssJhH4&lf3vl0)P@Gy4x1EqI?7bR4E$$_~ILd_zg4 zds+%EM;ghn*agNsIzJ-7 zs32vQVd{%>3(mE$Xw}J(hao3Vgb9?Y79Fv92{rsq=3m>ZUi$YzbNyh%45p7u5sq-0 z`y~ZiILv+--C4Mx1=+|&`p+(p#>(?83+;r2ovhYVH{I`R^+`# zz!=usG?{`yUPmmNUGq!?^^?^5qY)-tnS_FG>`H$B9$5JYar_bNq?0zFwuL9s5=*d=W#HGrR>@-Ni~kYz*-|FW znJnZ_Kc2`3NE2o3AD4mpBMJ<01QL2kXM{C__M&(va>rENdm{C0>vb6ASWfzPaf>#M zMsj76A|&ON;!9;3Ryi<&7F-g=R@r8}*xUWR~?nFKnhL_g!nI9Ftw%ICi^k zfsOe5UPF(!(0zE9=@vV~qLL{;AvwqAZ4z&4Zvm-%<^c6GnX`@sy@mc}x|c zr#H$#2p@J4%>U@c`CH2;>yPr>ozI`MfbTyfB^Pj-NXMzZYB-2cu?QcTlnSNL5)#{y%w3lKwiZ7iBLhhH4O| z($kk4uHYGCbN{qiMKwG z&9hYSJAc{3c$oC_M)czcpaOn7;s04n87rhI$ODz#U~)770(z*IEcxEjE8&k4y)mHSyVL> zZaLA(9A2}l7J5j|76kwSa3cT!rXK)_>c8th-{3#e1$baC&rAbgrU3w0KQx1PGt7qe zS`QHJ-SD4u`n?0WUZ*1f0D9Mu{_EvkxRd{?{3j_k+c|4#;_5|L>{pcYg0W z04WCmp!iS2{tx~Wy8qyR2fuIOMBf4P^d0^a{{Mh1fF{4*{@vGqa^%)x-t^qUg^=yO z2?RL5@3S76hG{zd@2LMTm~$?*e*eGm-k;R}Yhe6m<3Dtk75z^E0M`88cZ%sPxBssN zc)v^U0w?Og@&66~v%}o-pXeAAi{;4wZuhu_EZ*zzJCg|1^F?t1S^Jvi3js)Kn1Qag z!&25VbL-7HyXecsxsAzsj#Z(0oNl(;r@!-CzjZyVcC~iRwZYt_^T_i5WZ-HFCp9yz zWVcrRZnaQa7}-x!{$XkNla=?q2c+IkGkjG?kJlAj-DQ6N<-&7)CkLyjDmkm8)5_(*#yFcK4AX47l7r^Jv`SfysE;YV zX=kh_iwyvxstUx|3Is#A$z&wY=%b(2(xmkt9DbX-IisxFBIzLjY*LGCP>2ps$`l`GN01tggYTslUX5AEY*3WM2Z}k1nfD{|2tq|ifBar(W7uvOgT(O*7LqI zq+zfl&Xlm1j7)REPz1s2VEr z#2q8fdt}YWFf~Xg0sx49{~LKYbdnbE(*TA@f3`FW0NpKOTu~9%^!yyEO&X0)=^oen zz{UWO001OHqNUUTYLpyN7yv*KfIL$a1xVv&CnmAT=TcIhlc4%vZz3y4v9WaKkIdE2 z3mUyf*VS+JZw~HnXWiYesp|B146&D3`WwGPif;JQO_cnGgQN|&Dk&&33aMiRxE2pD z&3n6C)zPrO@KFc5(!qJaP}K^gcz@6?8SEE7u-iP~Hb=iW?^tfw6MOtdvld?^zk_i} zCFz=n>;&*rmIM>f1Oz^z&?S}R6VZTUV`)lhf|%QJu<1mBa;!+auyA3107?|sj$hVi zqq>V0pZO}zbXXZqs=m^@EVi8paGI^5n#g@A+gJSz0ngRem#c^4d{R46DG-!w$NB(q z!fn>L;r=McskF5FVQI0a1PwOUZ!)AW1T2n?AWx9=Qxq#QUUn$6`;hwQMMfi^TC|w* zSb>d}5u2Dbj$^!*3^1Vuk!m~uP!p5`_&}{aiiWMCmJh%-Kpw#{3F81niRW4XV@u@V z=-?4ym;ssrsO(|Lu|O4ZDh@y}cCFvo5SwxyOC12|)GrMvlah+6V#?8O5#mrGUL=SA z729H%v@n-O(FVJRmB;`}2oMVpM|BwkH?^B7$=?Or!1j+_^gJa5hP>8I|`_~C7 z#4#$82Fenn&hl@cNFYVzmK%WvengF`_b=v%>%Zbum(1~@LO{Jww~QJpY2x&l@7Zgn z@7C&*Z-m7C&rvzPkCc|1hrLaRGG+z_-v~i@31@7&dK~nF1rZpita=n4iAXQ;ykfT5Kz}18 zukG=&;&ws+uEi|~ODt`0OtMxwFBnva^96TrJbp0FXpp6*)}$uasMiPzG&D_EvZ-S= zf%r?lL?D_xp%E916#T2rHQEEcUx8+x=D(hNtm)d)I3rLVRAD|zOW61XM8)JzW@;3Kawto_4~j5)MXsYor-~IB_SjwmRiS z0@*|w@((#V7{K(X5@<}ITBBXfR>wUSR#2TvVz^N<#;v}FnnF?QvroOm~tqGrB7iHI5l4f&{cG~1R@Zu;84k2!Ja$e zPW*V4Fv;d`?Z`rgrMpSe)W&-Ac9fLPi@d4tWrK!!{7RwNym<+n9DVx2jMcXmsc15B-Unt;j+Ka}m<7O^hIFkdspeON9!Hlx`?)0*rU!QEQ-v69mmE&_b?>d)L(C-+A+?1|!2nA)0<+?6AxM@PDb2sPEi< z_Fq3}HF@fw&liuv%%IW~7}Zc=>omNR--d}u7j<_`B^^~G{E;Z5g!kY(@qyC0%&xm@ z-@22w$As^C)XRbHOGO~E^n*Ars2FN0koc)x$m25G-;4DZ4P7f06`L88esmlMFpNBt z5flwbz=Z1IzAzjI3V{u>$%!0;-3~dSk4Q`gC4shN>Ov5JazN!eC`%pXKrWMHtqiM) zW=lahnA(LN2nH%ZHB~?=P*6@@FfcJuC7kKY7!#NaMe>~nT^1f29+yhF5Go6%Ii@*f zGUyA4AfOMXHl{YxlXXdgNVbY==A#m@Y1WG7CB{i6=F(|v1 z8S8>;z*vXBj0oiz8;39S2Tef_P)s1mgFjBvm+W*;ubu3?h|UbW=jO3qIL}<8p^iXd zC8;`HE0>TKgU{D!-vzRkd?Jp-->L1cHVayNW~)^Vxvg6G$kBtfmCexL{xNQLE>y0@1^3g*~AIhX;{oRSdsvKej_~wvDiwr1)6MP zFK@&(i-uo&c(28MP*uHTfpKq2+p5Tls-(2`iZ#0xiOk z@S+IcZO^yx$_=#lBSQp&&I}MwQOQk}$=NJb1Ipbckqy8^LQ3v&PWpx!*0QEN)u{4s z%PYnAketUSy}iL$)2l_UF}2cGf=_wh*&JTOr`&87EBxKBsw`+9xSN|axuJyBo0m2A ztm!7lNp-`X%zL!`f;SztKB3p5IB@$4i)0L{J1Lyuq6c6eXf&9b=S!5%^xG~tU&b#L zQ3ZM?y}+qa0KwEi!Q^w6ru&wS%Jx<|UQTX#nP@WW4w}Xs3n=s1R*-Er zbviDc7xq2&CgKJ%>7>ZNS&m~_8ET_!#wqmE_Ea!wY>>o+(a0!E4v%~x$}fy#pbEyD z?$mrcy-J@H;@_$c%!cVt399&a%lhHv4ZU?^3a{Y{k7jVQAwj6yk1H2xU3()m`zKr z?}R*7%n#=<+96r1_k)h-g;HXl#YD69w!y>; z>(}U;1lEzLFkM(ke$ELB<*bTxLULj#kqnSilZ@$6V)g!?bILZH-$#znFm5ujM1$p6 zJj2*Gdu1LZMn)-0ru>EY%n8bURx_VZ?Ykr%vDOy7Lc(f+<__6ZQ>WO@~Y= zvGmKpZo5H+5x0o;9eiIt`iC~8H3wu(Urfm+5h4iAD^qmDx9$#y`EA4dOiv;0=eesZ zpiVqFjrH6F-)s6HR{FPv!BEvPLB1cYkderkHVBCwpuk`k@jD_@!rHXXR&&Dl+Qk(jsH01n5 zX?W;u-g53EfrKs;cuz5xH~h!`A5&oK=90;cZtZF9nTX~!tJlzAOvVj|2opFOb8ljd zF|PiWk4qTobvXVkW=hH43d0Pc=W>=JCmtUmcQ~^>>CVP)^SR%`x3K+0w`S*&5-IfC z&Ko^>ep&T>dKyXM)}Q%jg(-u7V~{Hm_MCsyUW!plVq$FD7(at^0WGn;EzGFje}5(_ zR%RRYD@-gtU^2P1@eZE)**7#u_du2;xP=af)gEfor$EtTl7YRzC2;!n!mhnXFb8>1UokH%t}xgxoN?>+rEzU*x7*%* z_L&9qn`(ExpNp|X!9c~g7qrUrEd2e06%85<<}#QHY?;4inQy|`2-8Ym5jsC{v*7cp z#YYztVydZQM&0s1+ZCR1WhfMvBMLQ1t!yrKJ?;%=)BCp~dDOxfeASSW)|w1c(IRdA zc-9i;M@E=tM46eT73nHkMMD!}NzB}ve^ymIDSzFMWc96Xhkk@&a0IJmxHyw{Wae!=XQJgBTY;pVtaGs)wT z<7)mc%jx{Q`4^9w!0~HaTdRC)^6!}@^QDT){kO9HlE~7DQ%;QoxzF5~KX+swXCjMs zn<5woi#?wXbX3=!cO%C7ZXi{T)&2U!2hk^8tYvN+Sq8(#gO z%j!nCz#64pmo;~PlZxi0PS@I(ELw{Vfol$GkBZ}Rt6wKWx_WQPrzLxAa1`S_I}iR8kDX zQlm|OaThT}cxY?(er{USC3XJxi7+C?FzEfq4qHr|z)OdqO9XZP!>`1rvHF)tW{{Un z%U_b;L>7mJAw-5DykPzsVI*V0b*6Fk(eZDdKK%~7g^vx7b}PrMbNcv_yxMK%bKN0y zGLdZkoSa-%%byX=(@z{wlua0CHuwF}aDrJr6hVz-zMnI2CPdFBKs+bX>Q_MosGxoz z-_LsE!H*d1Q8({TI9sha&rF04Dn?PcalM+n##}~8Rz_1p)R6JUmEubsa07+`6~s3x-Q#<7?kWNU4y_xGnI7QThQ| zK#$GOmCrZd@Q%wN9|JGtRgm1NLl#RpbOF3TC#yV^`)tc0*ZUvps=FNc_k@=d z-2*?e?oV^F`I5hNI0-eI`L*%hOX+d7u6}e7`Ha}IdheKVJ}go0#X8Ts@BGn6z3!YZ z{*gON2nhbcUf0-O$G{9Q|F$sru{R^pGAqUGEaRr!Bp6`~T9NxR1)dFizrZ82Kud(}9r7rBxlN%g*q2ofB!)ZsJGf%Ol>PhIHK8v9Y$i>$188b4__GHmfwlyvZJk%F`jd8#+Hed8JiMCu#|NCBe3-4 z3$~6JaUGrV>p)O2t(>9byn=2&Gc=^=P6k(D=u_-}IeEUU<^o~s2Ve4O#@+OdS$h1Z z%K`7atXL8ooT7jx*m2EGtPibu7*(}C^-)GMeY7OAd=9({D!pGkzS)^F-@&>ooV}mAIq>Oj z;j6nu)o9F0m2L|Z`SkLM_BzedekF!;db9P;yC_-Q`&gYu@6I=dviKA3eIqwt=iMt= zZ;>*>uzNbXFXblSxre)S+)H)_HicrRvxrTT5gp{kNI$$~`0b12p-Bis8(d@9jo};h z^WtvFSTk?uk^YuxevQdqxc|YmeiN3QeCZ>akKdcI?u|)xd;}j1e}^6}4kVPM_{Q&} z%M`_Z6AN|Ips4pH)&`(WN!(}Z=(Z=5(en_|$gkq--#b1 z%dzpGimX zMk;FuZb>(E23`9Oz5PI{#E@9*e=Iro!CTQ6UX-(1HZQ_-w$jb=r63e=y7`7x@iyC= ztoPBWQd#KP&F{r#9;nKY170T>3QJaikW@FF32F>cN&cIB2Q^Qk-y!RsH_t2 zDfjM=`fq`NQGpQgcsa>iE($2{FFoV5&~Qz=BznJ*$P;|aW9F2lwBvX-t>LKSuoDlV zG??Hc+Q^zeg^26NJrVA;oo>lqd)*F@p7?cgEj>kb{msx1O6ZXR12upL9%dKohbTJ& z0%mLxAtm*`m4%r>zbbpc9{B_jXha0ZFt#_4(qH}Cw1w7}Ob zZ!8=p)oXthT9}8O$=z!!U3|426O-pfdMs$~13yecYi`{D8G_ABFm_+e=R8t;%AaYL z)(KBm^Aa)__nw~mE*4^n+MGIF-y{?XG)#D^6}`Hb-b;(fKR;^kapXFttW;^YFz8NL z{+y`Nv33~7{nMgmoxt9ry_Fg%&9PEtI#{>kgwX0R(3q;;v{)Ff3m#Ok+Dc8)ZP`+5 z7-luJRUhh0O;zYyOv?L8Hn{FMnvc)(w`5cv9j*-br-&n65weJ-9Bl)yIiAg=)4-b! zxmH(0Jv^VGzC_2;gh2T`=P{Whlcu${7d`Z+W>Zvni}c6uX-PmQ^)Kx$ob}%pLn03_ zEIs*_GF#YAZ|qR2T=lGwKS}74ewK{QC3#&-|Qq6IWhhvXa}=%bw_NuHllfI4_)sh%cWD7jQE>s62BO3B>q5cD7>K} zIRiNE;47v=Z&^jHV+conDwi1N`8GALyXXobh-zu+O(px+azhj-zZmBn@ z{KEMXIF1_&^##fu&21NCZ}0Uz;|KBgM=rH)Mfl3blQ_)kvTtk5tTbzD>(>nfjV4Hw zHT!J)hR`E`UQt-F @|nYJr;_sO8Fm=vGIVy8z6FpmJMmC2tQ7Wd5Id3TZ~3QUZt zj1ljH6)vIJrC9Dx2&V~Mk*0@tQtxGe#Q692%5>$~9&5_sORARDZexZYH4kA~G z6D|EXfk?PhUxv`JNoeqA4qg^{65?#X>G>BdcjI+?t+==P75DCKcZ&Y$Q_rbg7Ts%J zrkVZTS|!>|Gq0gyhT(EUbce2bW&XG4xmEqXw!)N`(bMO8W z4iXA8tgjuZ!u8u0w`^W$*|Mhwt+}m^6BL+AC8ypY!7Bv9b$e5^#(&H#vI>LA$&)z+ zh)F2@ZiI@^LnvuS?z2J%@>i5f1E=$k1c|e5M<$gd5+-g9{@i+v6BAQXr5VX+niWVhv_Eb zMunDhS8%H21yOod)y;7vBk{}RqDqY8xL{`DJw2O^kirrrzg~ir%&p+m?74xPK$5+u z6dFY}B>tphxvG6-X6;#yu58w}`&lHr^UNC2D*Ra<>9imj2-K~WcuY)!yh%))x~B@y zU6QaWdz+HqV*3s>!(5_ZeG}C&24N1J%x72)ZzgR(+Cwp@>9^+aTF zv9o4I7a#_2bU|a&s{XsyY0);j!SJ-lEZKFD_|oKAZzGxT0|a;{KEq;h$nm$Ui7H)w zew_G7ycP!&9$kH19i5kNgZf>fLo6Jy+Ick&aB zw7e$KMSiH;e3aW7q>%N{GIwAICv6_slQpP>+r`AE|Dk+&r}gw#G+q3rXHkfv_f%QT z(3%FbAJ5O*HbIv7P(u9k;6_d+s~qOKs35bSxaV8BK-FR<`A#1!#sw)MPOaar(vJNs zS*zx)Q|heK4!a{(@&jN=_&H|A?VIlX1+?#Ji>Fhc_v*KtVfb6V#u+?f*;|3=E;poq2?^c1p{PJ z*-e0SMq#jVVPW8~0R#gkBG^IfCLKA+ct7-#I52XZ7)~6qN{tIXfZ$VjUewQnmc4B(r0< zKhZwEEXKYL*>x)bHo4h>IT?j3cv=z~A;zKkd;jRzgk#^>{6tqM<+`hFcq!u3Q$p9V z5{2Z4e5k$E9Y}gHv852uC8%=uFJX>Z;A+O)<>UpYdOVmm-Ajeg=n1^5m(6gYuN1bp z(ssQf3ByZz*)|#9&M|6c<=TpPp&t!-P3){%O`6)Qw(R#%m6o>W!uoM4=6K8rGbfV! zd?;B7o*k>5otA~ut-6ZNix~tr??02c*j(n3N^(}tO8X5Z@s6ZWAF<_aCj zV)hdU@|>hMYm_)eVtQ|m4Y zPs|bo2(hE^N;nmHDwx)+&Gp|h8jO!*y06j}Suv=Yaa2UBqYpPjPm+&hEfkTGb=;#^ zQAiNNDm(P~yd}I_P#4}N+{lQq#Es%;D7K^mhHCxYi^(X^%~N^;$^$7&3MO*j1G;Pw zpeB7V%^)JGOe>2PRjZf_joc3wEhbt7RG@P0TOX8F`bB!tBz)gOaEucp8V%1$0%5u} zU=S#66ggxXK|+WpfsoAf9#HBvG$j)G(d!s*AWuZVqMSs?L(4gnl8^LQ&?87Fy~k?y z{`$B}G`WvY0`>nbT-2=fPmP-i6c0Co8qy?6m*i=l_R3L!=|^2rj3Pj3KvvBpO%;)O z-QE1rxaY6(^=uIEm^_fhJsye{^({D$JhXBJK%tDJlx6jTsD7=gtRHr+QGu$xmDOkPDR$ zLvtOBVs-QOXnyc;>xPtZ3(goL7A)1?rDi5tSwJM-eb(Ul#1u`Hu)MfOG)&3d^WNK% z!#xfr0w#J?nOYf$jGN#hYYKgI z96veA0XYYgkkCprNnve5m3y6@$L*h0d<`W%;}s_r2sr3bL9JITa>9nPFY>8`(v2+P zhj}qQCRVoIvaY5;Ll(t}(2@oJLpB92a00vW1B3Jytit53hr2T_(mEND7JL5C1ZWL#er#7|E2j|H3eC(VYFmB{9H&)Nud*O?g3&UTb#cNJGtw+>cLFeB*;`I&%zTB=jA(j^*{2{ZP zS&;iiX;es?z4ji8YC7w1vQe00aAD@e(4IJP1oA$2r4)!dJc zZ&~T|fB|1A;#o6t!t_q0$S_VJEnEGitW-g2-N)zswx-;$m&-?xd;iM;`Wd)}rWup# z!K5RgwkjzH|Jv#x{4fnC>f^sE81u{ZruQX!Fn?`;WvRkKw^kZaI?2px)QY9|0vwT* z#Ocd^+A=*+3vLwg&8Jv(kdd3&b=qFgQXv#xkq1b#LR%qIpZYg|HuRaBnc)CFCA5sC5UKl)x#= z{VV!j62@pmgM2fYz#e->r0os!@QPgq)J;f;^Xb~Et3&kU|8rKAG6$cs<)V&r9o;y7 ztzRxq&yV;k+QUjn^^LTC>pV1I!o|a(Ok*En7I-H{Jk~X+9*VaV(9{v_(RJwE%^OBz z8(^;hB+d$EY|vucLPEc2z%au9PS@I|OAIP5J~-7dF-25+ns;ms2HQp0>Pt)wCi9w+ zHscmEoDHliaJvLm#8diS{`H~mUuggSrg!X^df5&T)blmi9%gylmZK-C3lqg5DFI6SBWLHq0WKiyJOwfwGp;cfYWXX%K{(!!qJZ_aN zS)sDBCLoE27W(*tm{#j-_?V~S&j z%F?=ZMpPH)3cJ(Mu?m-;>FrjQ6RtWx+9_D&twS0YGeY0plYcs`!A;CtW-PqV?y1EK zO(hyb-ckyRhke!BKj#E`6+cFbRjOG|Kr5MORvLG-*Nb*5B1*Z7vovIhaxHvz|N`U!R3DswF1VCl3n++1gTAA^W=Qp5x_>my*~s{?1QA!XuKx z9C{JSvXoeRwsL!a^?mCTiz+*B{nG=bDT-VCe!y(tV1I_CTDvy2hL3g3p`en;kr*ft z4Ipt2EB5V}>)*lu`q*K10g{+JsOn~qN9vZi7WwqsB1A>3xDn6J@WS`QP4=uW1WX3> zMu<6)Pba2ave4{(e@mwnw7g8PsR%Rk@JZ0b1ehsKJ#(FH3>$woHaoguF){HPB$K`r zIymMZaLtE2wu~!vCvbRn>??UYqtAz!8?S3Iy=TaPYGq?{1234)*)$EFv;At4+3vX5 z`u0LFvlraZM{_S(FcgsJslu@z{tp0@Kx@CkgrI;Rk|2>1M2Lcg6q*!$=X5>-$)O)9 zK`60eMg#a1mM$5Zn;+{gTv1A9W>G+~NV!78QiRySVnzW%QQ&YoQ96G~=6V#Amt3Gz zQj;Wtia@0TiYyomAdDcv2tp2m3ba91%LNt_3#nw9td?rB%21l7h_hAL9~KFdQpzXw zvMy4QMvRekWVwRjg&0y@LRr~llFA||qUXR+<;pOUIVkxiiLx$F(sJQ+mnkQ4;Bs7| znzt}8oD^ZY$zeo%>NG)gFmzC+#-)d}T)|@Gq4JuSEKzd?1CSv5I2AM9vS#|6w95ur^MSW!vuD6#aC z#fldwSixe$Q^9g*VJs|Bk?}B33@oCK#TF>AvHp^ZE-X^S!5>;jvHi!r8EhR%egz*Ejh0Jm~hd2h$Mkwp`54Y=BtW*{#s;Z)@hDmy00}N%P3jiC}1C$KG>pVwDa8K_ydx5|lpb7z` z0kQ{Yl*y68A{7xeEJJt($yVEW27puZm(VBMmFI$yV(4JHN&7iP#GO(0qk)k-p_yWR4q3PKtu-Z(u$CwcJ)KqlK9a@5g}1?uwa9_xS9ELu%@7XY53B(|Cjiy} zlkk08z$y&qKqy=W)CTQb>-M&we`pg0jQ)_|JRXNCwNX+;wY~L!D@%L|Wqd?*6d)Hu zo6gN(B(wsNRYd&Y#?Yt`_>lAs3OY0o;2weOPoN*#A5`Dh({CZ+g+Tnm77c)466Fqn zyQfwh)Ks)6?Ad@Uq&Eh=8B<~{)9iWLZd{$&cp!Knh zOAld%hyZg|iFO);oYP1B6M*P|Si+x7-1{dEQvWWREfcZXSW^9F`9r z!il|YBE1f7K9UnL1&CE3avKqV$%O%|MClJzG{=#teq61i^gukjk?kb(JV9?3!TN)!H!6-E$GWBu?Jbd)^PRI8B~em|Qc$d{EziG2{K{|U^queM z`kWa~d2P46W?%0;#UBIJ{BQC&mk-$_{z)gmEo%jX=r{|9so3|vXTfKso{v}R#^=m? zK-OR-{hkm50MY>Cw6<-*RcwYw6^FPGW5`H{)=;1*ds1dq7@r-h1r=hIRVHFWr+3Vl zx$WM<=3<^}+H_d`tNVO>e@J|x@x#cC&(1!x+;nI#a)*d6oH83_!QK~v7W5BbCRgV! z9gioRO{!be$P-d1zIJUu2N(kvfMlLN3>(&{XM|iCSD^1>AUi>-cv-~70G-w-fz+ZO z0P%t$B82{f25KkfRFX&Q`CqH~cRr&G_5Chff;t0^9FPFs9!buQOlJ7^b&Neh3EfNm zNhD@ZqmK>4xZi2nG{~pd%6@GQHC$@owqlykhsK-CPAO7&VUV;Q79ls)*O>ebt4bo0 zkA?&-%=+Fs_SU0j@14GeH}+KgTTT_CTSvc6eB7R4;}m&APb_ok>#`e-p&-IV_NVk? z-L~dMAHbrE3NoJ|VlGbmfAk^5`BO>zJFv&`8LaU`A3FP~!_0fU;qd;5c4T&@?geuP z1CcWTDIXP%J5?s);`yuFQ2B6#!{FeM@RQN?#mYeEU{JvfvCKETq&!ax*82LA(~ZELL&cIO@UGCfCIpPN)z2Hdm71sl+`eU z22fELVIyuvEGfKlA@$;G#+hK;S;4Aiv9`@HXH8ZH0Q`&?-0-PHS)fax{_FX0aQ{)S zCV4U)79RuJo!y4Sqf*C52JLdptjPY7##>mFV7kUiG40W@jGeA(_!usJb2G+oHwK5d zqmt&vXZ&=_rf)*gslRTiBMF`@vSx4NGdM{F343%kHPJ=XSo9-EM?g)oAo;Pz{qDj5%I*nZe`o3uw}`Fy>d{sH|Eez<6zZMHL} z>_-VaE&{rTU|VE<(u2DFe`l8r_Uif$4;c(-9{HVsTGPSP$Tm{>yxBilWL?f-$z$sA z@tk~o*^IGb%+6QLsxb05!C|SbY4p}t=E+}mGpTaF0a5(McQ!F5MGF*q)T*#m%DzXi zD&`07qQ!5E{+AC|@a#Y5?mHfP8rJqL$>~=7g|z#4{Cb&QG%8rV&p&^%GB9e>wk*N@ z#b@=~BD@)|_)22t1p_xx4$rO4a~jKNa9#?iVvZi1fy|8_giwY-1G6drT zixtZiD^~-1)j|zPls7AHZnag8PLujPomFw znneT12fRi+0*oX5R>;%^+1MevGxv|TAkF(?Ae|ekQ z*#7yja$}lRn1_ra8RXHsK3IpS3}=_g8t8~zPVYJO9D~QJ{D`bFnH=GnhVunx<&m?y zRluBK4h5qzH17qSk98jN>E!r@1F}*3Oxe|cE=@JxjwFeyX|fp|>jb_brQJy?D}X3? zLP2mP1LO$tu?rM_g8H6WUW=60)U^E1&$Rw~_8pVpY)k~%L#I`fS0Dnlpe(ZLh@mJ|;eD-pj>yd>`h48)zq7e{^P^)ctU0xXDDi7k8s6pQE%TdSp37Tr z@Fv8+&v~`ZyEM!1u-Mzh^gcu7u`X~w6{xVG<7#f-PV z!y02AGg`+n7=pOCy^wm_%@;~yjY2-ig>E?lRc}YzfX&5GOZ6s8P;p2^V{ter!2Dk4 zV`6yCA;?7!G}pK<+g$O#vo{ezU(@=pzWu*^nwcL_nzeXS*el!^-l#vwA@qoM1wKLm z;RhS9qO6v5k2l2jo<>EFGm^x~MSX_F$*bv4c7_j#&3~G^|0}DEp2CH?u`E%Eoy{GJ zGmB~8@pm%*ChWc?HaIS8-0Cn_K|-OHgOIQo6dSRFzUBr{{>Ps`Z()CcH5Ot)U^M_! z<&XrU8&va7@fIuoxM~6}3qbdk>UKFZevv<^XSCGrYFxxU{}Ymc#4sRoYC~A4CST1t z=XKq2ag)J-uEw$yV$Q^Xb_XL4;5N|XvUz}-x{wm9g0OgN?dM7>3gQ$zzC0S-%ZeW3 z`1aQ<|E`Mj`dBb*X#V2mRfGY-w}U8Uu!nixFu=na)^!LVQ|}!^bAk>lP>PEnVAvOd zqmAO)7xnJrLttMvAzps}PD=8dzLPcAd&{nLcPwgddrwXNlFd4vhEm&h@HRLzxsqJy zwT8X6;y%>Owx?CCswz8dE$su*YOyoThOd4&#N-XBRwS=1QquT|53%`U#)I3_dy(DX zI77e+4#D!1tUZ;FiDUOs{MmW_Be9g%uZQ+@GK81a-B@3=ACGVlC4md~LJlY>s2Eyk zejwTIC{-5!W7RU!V%n{D~>_nUb+uMM-XZPNi^r4)z#(9~FbZjZab zSWlyaf!G{$M2uV$Ms6}^gkOj!QgGt6NrX{IjsQGI_#nVh(N z*Q5BynR+%hV;o|}uYa<3)wcRLeop#z9GjNyshN(yMy=d$lF~%4N|KEcQsrx0!-Y^5 z)haF)GlY8(7hJCFP^8w*I{NOt@7BD$|E2y!*T~i%IQJBTo4rqE&xzopUl@#^-T3*& zuWoCu-R&-Z&I=iWLBr|ed>sNSw(x@ocvcV#!mxC~))NMhoE{7gLiJ#-b#!3rb;7?O zbBEJP8n;+edKpzFIq}i!`5AXVX8%F%Iw<4VaC@7xJ||(Zo{Wqc;hD2zLm~AUo11AA zYFNzR^U?H28D1IiS)DC^2heI{{C2J z;kT)=<%#Stcs%ef;KltdAD zEpG*Kd_iE+1aW>Gq!5Z14NZ9|pc>h}NswXiYg8X-5(p0dm~EgogNXiyOIBpLRY5Dx z$Bt*kJ=ZjI0K`vgA)XjhmLRdz&ujf9-m4m|_qjd?({G(w8u?M2kt;W_DM#MWo;Bva zDr=Tp2Mvm?$f9S;^j^vfkS(w13kfhzghz2sT1v_0Cb6VO9rHywZn#;MQ(^DhrEtfv?vGkrFhEWLyu?nXXuO%0 zeqd`sR48Cz(qmXA+uG2ntNRJnoD_J-qFAGw4Neb~xvqs8lsp(H!DFK)=K33!G;{1Z zCy~Lzh95C++((gX2R#vU)L2Ea1a={vz&ma!b?Jog-w=M9-7dy9ECeV(t9hr+9h%i<$MLVJRkPm2M);gp15Odce!~5-()xL|E>YOJSh#x67As-#`A;uS+*@Icb<5}YpxG6ixgN<@hHi2=h(sV zY409|k8zP+G1aXEj-X1%x?HsRYu6N24fC?9R$>meG~l)daonF%(4w%aAh{OhPnXa` zj5|t_iYNNlYw5-(n@(EaCq=-nh2S|ukW*WY0T5*Yhth*EnFhIJl?E|%k~I80J$ zj4Teai%`V~)uAbAp^Ji+VZ&aJMt+t*2~IRO^|qtQ71-Xzo=yym1(0B%xN+2$lo)hR zKtB*j{{WVH`han{za^o=HboaMSYX30idVEylLAf(7tJ%&V9JRXxRLXk%;qNg5REac zMb2aG@Z`RUi`FY#kErkDV|q;U+}C><1Hr}g#Ag+9>)zHVv7wYnL7zYRgQ$4lXu%8CvysoQDNWtPg0tY27XPK6jy?HcFe0-9J zCg;A?aB{w*vG6QtVCcVEg7L@1m1nl1Q^Ez8D|=-rWXl=HJ6t>cC9^(aDa`8^bGdJrxLZS> zUQCX`P){2bm}G!RH7yE@RgOU$2#pD7U}aFgXB5jwI%t8NLa^Ej5(&qLY{13w*Ka+g z;22IF0vuuvo(MrwyhqD^TucoCq$vzTFeX4yz`&~Aw}WH_u9;&B0pJjjHNJKW7S)&{ zQ;iZb;W390t_Yy{3!}rrj#Im8+HFvLGG=Ph>|bGLY`|n5suYC*QNYMNAPmzm8#(HY zY^#^OA^8pT<2YSd!CMX#Q!>|^+rzLs9pwrDq6`?8Hf5#=E|v=BSV}Vo4B=4#Y3KlO z1jg<&cSlrcXVK`w$JYOLidHU}Q4*XU+^Me`OHD4+@o7lVTEP+$VynDSxaDN#xF`)=IK`nQj9JD5EWoVo6s z`)f~=6f$mD#r*x&Bc-82Wk7@5dW?iZ78Xe?mnC7KwuUmepCO<^aH5cCZ%vu~feoLM z8`Hf+&=I3930{>IRYg@*Ra6yJRct=Fybd6H(cVMS2c$N7j~T#6eE#lK9!Dg!9@YL14CD0egj&-%lITjQzHTY|v| zBY|aDSPBY+<%PuH@ZZE6LW)BuOK3k>QIHn^mX|*~?ieh>m05Uib}!P$JbjZgyB0bR zcv}6idM!a+W~6aFxI$$MLs%YAurC9EE*-`5Ps$d71A$*X%v=$G8pA_ZnAGeid-!vt zQ`L$Q6=eCNNl17?$qw={6&{wKOkYF@IqDRG>? zxaojZuqHx`y>dh_=SsB;#v0f%g#|T{1qcaqKD7x9!5HUhqV!f#?&mL~In5K3EpAj> z&c*FXTUZXEARjkFmE#(gHH>rte+*tGqlVV~`}di;%-sp4El}h!xuE&w>$Tp)S=I9* zE5fz4dbf`Ib!AaD0k8`N69NdeM%FlcgHFr~`;0}NCgzpSlOKTMWu@-2}s3DaQf0;6=rFIYm{xI=LUN8)eqs zHSKf60HEPWC^A%_M9G~!2cazL%e;RIFG$+n^RzeRtS&Y$K*}oeCzi-F4HXKRgGgg} zZ5FIBiK|w1=ml!(F9##PuEWy-o&)Hx%I?(i@6hkmGJ!4VyRtl@C>7`xF;)vweR}c$ za1tF*atiP^9OE`JrnKLy8_|)Wq36=duYb1)(DxK@bT;z2Ocp!y!TrAvgiHEvqTLEE zt|-S4tS7rQCVE8i^;nmJ+7-k~tBgVK2So`zaHKy7dxaFJLWa6Sa~k*tMk=g@ugd>E z`w8`*Bc}&_pdJlls?#FRjYb!g>tI-%%&5aK0nulT>E3o^ca1}oSR+k z&eHYsn|($_j47G?i;;Z2&$Oqn++1KHBoN{C_!UT48@DCMS%_bz@ETf;N}j+xp%Q`m z2Mz*GK&Unaxi!oUs#Hpy9{1ohVQ`vuZM~}X%5b6T5R$Ip&{1kWSm-Zfd%8Zu z;2!z~k#x+?;W&1`5nJ!@4s?@5DCBcJXT!hGs zP-GcE%37lRFbvjscHx?|5*0Qdf3^>Z8>$nZfL{-=^#Mf&pdk6-HCWa>;iV_qQs~ju z^^HF@a(eObD~E@>GrWc-zKpoB_^xOv?mgz7gy%T+Ul82T_FLQ?9Srsq*&8p<7Ap&d z+dXuP>>rae2ET0?8ktDZw?;KAK1KED_-6Rx)t5jeXi+~YJ!-jEHd3qOb&-GIk-FnN z$|muKVHc2KK95TEx*wz!;pKi@RV%@$12*SU3eWfV2LV4`zqoGKBvD3B3aWq&gAY(> zM}%gWNk|x+lP#;q>NzGO4sAXNi4tUUM3^h?UCM~E<-SSk-Xvdi`A#vc8pdKs0C+HwYe5L6qlVEM!A5HL{)Fn?f^nC=ZhnFaQKvlPw;-WB`* zP=7F%cPYY-=9=tyR3ON#fW$vIN1EZ{A(n2Cv$&Z#_=go&3U>@Zr>98bfU{%do&719 z_u;M%PG>Tg`^}ggT4W1hRqrgMu4ys4{KM}nX) zX}l*LrK}c`PN(k8U#De(Xjm3RApn3VB^WpqTwVCeCwHR*RLoMwO%1|;!Q6JC(77yH zQx@)h&f<9uTj65Fu4?^V>Y5g1->Fy}iCWUh@+6 zzq4!3Wh5EYJTb-t%Ma-VV08`Q~m=^xp zAA356Vu1QTp{M;JXY`RV5e3yM#A65p@=~%$C=gH~Dgc!PpO#X-BtJ zxAkW|{;c24VE3%bo&EaT@~)-tUzgiqB=voYxl;U}n+k7td$CvktAA2bACyF}MExQ8 z|2zRU2%I~V#{ahDtv1bmORko@GUa$u9lDi0_vgRpKF@~3c*wxFivcL$cKyw?zH`hP z2t%amAq%IFJukqvr~Qi+q&=X}R3Jo1BA_vp2!ufp5)eWOERl=$$`kYql2#ZXP#QJ@ zNEM)hBnR?{(qFN%AI)V#8D%Y`2yzOGoA4A6{SX)@_!I*|z!pFt1PG)O0*ORGU@>DO z6(B(nC{Qi~1sYXk0bn2KC`tkdLPQxN5fESkC?JX;BOoM%VlY8MFaw%UK|%~aV3Khu z0wWO;Fo+2jA}D1V5AF#yQO3j!%5o#aH) zL|9Qu4WkGp1Ocdtuq8;aAPB=qU@{XJ1PvjeWFd@L5o8Jo1S$l^07^0tXeCzTv?QWP z7NjIplthXol4w!|5@8~Xgt{Q0qAZZ1C{URwlmCH96GDiTB!N2!i9|FB0*Hc0brKRv zXe39zgd@2J{*S8T+h66Ood&u8XZkL{|Jy+6RiWGB%o0W6anN>7ATcfN`!v(6aGaBVv1Cf#Ud!AvV{AW zOC==@A5@ErloU`P@zJKA@!&VSXf22ESLL)<~1d<2{ zh!T{g1i7%mLY#%k6M~RrjLRcZSXh=|v?5@v6qaVBkz`z0Q_Ap5p-CroB(jP~$wiV< zf>5EzUgR*4L;)cx6p}Eakp~2lg$gKB;w(jqC{l`1D5Q!>3Mf*MDJT@7M4(YfDJZ2B zN+~F!P)QakEK*3ID58>u5>in33k0Hxk@GBEp(bRZN+_g~Oo~L5P^BP`DJazbBj9Xc z!9)1VAM_fNaL6oa@0#|C9JuYTSY4+kCM@3nG}GE#RK{v zA?OK#K%5ItOPdSX3388Uy@hl17tB#u#i`lScmQjm-!=vdC&^*Pz^q|Ibdd@OF*YV< z&6R@~F$hgyQ%HI9Txd~gHh<|UeBzJ$hLhrGr6VO}A>G_i5hP}%fv;5qPu=RI#jTJy zK^7;0nlmlXigMD0hfe$hG*8V>t=6c+cZ;n74Jxn^)C|mXSqBX=Vdtq5i!v4+u?c~g zAOR=J0w07C6A?s2{v{5>&+i-)^yR5geVajptQYkJ;g<%jTLJjg9iy)Xe!r{nOB|Ihb$A9!(a z{rHzc6-?-LKH0<)f z3t^$p;OaO$nKt!lYA2n_?f==S)OvnQsmG(7qvh%R&{OoEvC>m+4|Ha`rzQ*AaG%{> zf!v+w$LM+pa0(}I@mUj@PM}~U@@m%!`Qu`+1LQ%A>7C$xKzibRLVVEjDkhMKVBpe< z$aY>{kUZF6?#DUKaS|!aW*RE5W{>Q9-uJEnSWYq2U=LeKheYoXaW|)g_DTSIJh4Pz zEL7*Mz||!Tn#*mr+NmTGNkmM{%1I=W9IaF&P!qjt34(D}wS`EsTy=QZ(yqGk(~i>{ zsM{P>RMvVSj-ZSSkO~|<$og|#cX;wItfeU1e4CUy@HcOXxKU*$;@saxh2YZ9Rtsh<;p{tW!%Cm8ez86x@ppRk_HyluS{c^jEsCZfK5vThp4L1I z@fAI|TayzlPWqpwMUvUAK?#b0QA!Hy_I4A2V3l21l*g4=2JC$B6&t|l3@Ycz(? z4R`#)77je-@d*rg0PqKZ@`x~VgTv>|NG@=gPnaGL4FRkie!x)37lzQQ_<8Z4cRP~b zFYvKz?`=;e85G5=c|Qqd3|P733qvW)WCagV;QW`?OfyspwTzlngS}bZ#vmM$+qkR)jRH|G{@&(-nu*e*tmUw?ff}qUn2XZ+@)5!a6 z3G)Nmia(c*tEdg&L8mw39jUNFlL-VQ9lM0{`M3|-b>7NPK|A82}Uoff0a;#AFr= z2v$JSNen7d5g8cBA~A}RD)@uPJ^&MNa)IyHoILrzFDarUv!LXk!iUUIB#-7T7D$k~ zkF=p7D55BoMG}N4DFWpJ36((%!2yGxVB{PE%$*HllYTprC%wAXZVNq1qOYi>LbJ6zrR`i@AZaZ zLH3_#>Hlzfk6|7^toaX}XZjTXik~8%+{v(egXeM|jPegz9zJ_R;{1Na@s{nA`p(EZ zs&_8s8=au`X@EObtXH`@@cqh7Ab?P`)lk6@-tek4gaWXUUjTY0pZR`lo9eE#7Lcmi z0{+f<>h1}GMnopK8kZh1Xbw9*OKEKuPi!=9;wkBI(eZrOGiyU95$DU#<*xFe zE)X0-b(8r~{X_b{kc$@evjK@ng-89AmH~f<`MM#nLI@%mNPkJ!^xiO>0T_}-L>Q1z zM1mkG1_VQ`prS+|NJ0%TDg+1h`M-jX>bN)%Q3_H}GV2hYSH8G(WW5)bbm3YKA)?fy%&hlvOk z1l+;Y3JpRcgM;R3nU803FIW}7m5i>L^qs#?9a%2?#8RxELRahu|!NGdk|4H(d3Gt`k z;1ft5hB(RX4FLP=_XVMp7%84YP%1}H%nm`^Z4TMpB${?v*r_{I_u8qH!E6WVKhkzJ zOW+f22o}Ns(O^NSH3pcWj6_P#ZuZq3m|P1aW^vX06a&Qs=fr8zl`d;oK3nrdKJ)X_ z>R3{?obMUCN>} z_i3EEEUZOTcbM^z;mpCD9~rG_vHPAMQYSo8t7>&TP4$DPSAEmW`)ABkP-z3l zOwZaD$D+A1(3$k|&$!HEmXQbGAVw)541kdfRFIPv-{GzIw~OBF;p>JMq3}O}UrhM> zReFcgB2YYThCyrdFR9#sVgUbse!|WpD8r(H3EK|xZF&}=R*99;j_g1qAEvYjs`N}x zb-c3~_6H&g*`w;C!K?I8fIh$sfwyi#hn7(XM@20dGUagUf$(Eha@p-fy>2>|`{nR_ieo`m8O1mWw(xN@(0?P{^ zmQtVBbl}7K_u~SdRp0tC^nKY8vHL@CuV%~o7dPv_w|l3=r9O2e z(R90~^Pk3)B^}V!pg?K>f&L&Zgb)w!P@z%(riBEM|KFAn%x0-x#7^ZzbN-U$ z6gNQZ0|CXrae#o}2nhP1P5=Qz)P6^g`1yXfQQG|Pb^X6**#0beU+2m5dw=!cbiEg; z|8@A@PZnN}d*f&8eJ@wvdVa0Ezj^ih??3W+o+9J=-Iw?CJ>RtLKMvm)&iOuXr_Am> zK5wDL{Qs|=kDuq?v)A-JZtJ1@o`*f{_5L3}?D|&!pX1r{{Z7xt;P^e~ugA~t_S^nW zU;n>{@_)DYU;VuQCp-UT5BS9W!T(4T|1bBzm7kVZ zvr%Bj`lYSi{@@^>mqrqZ4m%=9iU2zh2tYzOij&0wK+vSZ1OCjP>=02vGzf|aj1dBE z1N-6q?!Z6y|BS-${}_MTe}Mm)Pvk$h_|NTwZ41A?1ji>~Kk|BoKgx0z6Ce8#fA~x2 zBSRbF-{Ba6NYqNG=O_H~e(1#{86zM28XL~b?1O_3CLTxfXoVbJMjW$bjA-hP#vI5r zVsKcta!8^1#TjZQ3S5p)-?1v{G>QK~2qIB2F@ZSuZ51%jgNqA?nP$EXL5SliNfN@6 z$t($_OHnDtGp?0hs$|ug{@1?lpF3ub?`x)uz74&V%azoL5yMqun*z6^rXn?^1c_}8 zAZi0>Fb7}W97sdi*f4ggAMXBuAJf#{2!DsxqYN`LjKYlF=s<0_{r*@7PgC82)p*9ZbU4}9K{5;$S_L(g4rNO)BY_=k_sJW5nt@LbupQ~ioxm#Bo!}F5Q26z5rED4 z^U8#Ibw?Y3$PHgK1P12@jbJ!lJstTx6T>zPKsrkRfj)1i=zKUzxUP4zJ zOcn54fB2#D!So+{^*9TE1q=!El%c#gR|J?&1vU@>7 z3If=IS^r+BXrnWNVQvUti=HCz0|fu$Nr;m71;dHz{}&ofq6Z(pM`1ZhcusPd5Fi|f zF-Tkx3V~#W9L=Yhne08tgPs3!in|mJ9B+SE=w6^QL=7OINH&@8HZGi*XsuSOofO&t z!_s55S!G_AXRPa-h|Y;V|Cq|+ZYF)Mc_EaI0)+;tx$LF-6XwWq>$MHy5Jb!ZqYQ=U zVVYf%5P8QCy#@he!?L}-uL5s0j~-LWi0E^#l5T*ay?m^i!&!_J^Ch>3v?0{XyQPh!BdMOm#sr#>atk`VX(@ z^?z&mR8bT^w{zkBlQ+?S-_WDp0ysV3BR7o797lK*2T*L}(7)sCJOq=eS)NuMp^t$w z1H;Ckc7XlyNJ+?gzOFw|Kt%t|1P^=!g*7m+rd0=JEG*>-(JEf7W+d0 zvI70bIK3=52z`Vkfg(gq7e?cDRm*|<-2qwt51%%0xv(Mv|Hn&GDGh-{D8x^D0?!&> z`zS+UjS5P}lqwVzL#Qki+5-U82h(7(5-)TVX_Y4u+*2+sl2K8w!`gV-IC~9chtw(a zi;x znvie=?;PZ{FfT+y+(090AbGt04hm8n=j4(l$SW2u^xjWj!>6X&mz6UoMy#Pc(Nbp4 z2d6MC1|h`)1W0E%xuhh_Z<+m}eF-KQsANRwJ`Zj840hKGR^a;ZTFDj=>&h!r$nFa>T4iTkvT%7JHygW zzJT*tyg9X;e|{Q87wbdC>+YW~*@b>n88Ppy*2O^tpNO{E%PZKA(xhUQMD#vGlY1DA z3KTUKBbAYR$Y;(vtmw5$nCYM9EBm@}M!a#U!Glv)kF2~n+cPTe+|c0wpo9_(8ZSHG z<<(v?q=vbN?yvoHT`8=<(hjg=&6Q8QqmU}ctzTeGROTqr3t!XmD_rV5;(+SILA zYMNtCvE`>m`Wi!8kc3+*!9_MKXoO2=hAuUu0abb8xJiyCQuQw1K3VNmrvOwFMtpPS z|IN%81^js ze*`%H$z0#&*GdQv`x+mU{7Y%m&eP4U)=HOat>kH&?x1yZaKL4V_>~v%^13faXZz`J zncc0gz3BQZa_DioZs{q8QwUkqpb| zLpxp}?>{f}SgTf?=bdqCtaVjZu5q@AhW>!mg+w+%fO8P3BsM_rfOhhTazk_;NHpyb z?GWV#aSvoeLL7sH7D4!=l1?{?q8+zujceEZ_R_t%Y1q@-bx%BBT=m@sGro4i(%Jc- z(1)5Kyzf`?-%25nEvP)uQ4UaJn`TJ%?NZeZbBJOg><4`FIt8qTn21+iggZ9lR;r@c zvh*UJ z4k8{9a)RhD5Zs5S_<8yHckR*ZkNsPEyp)e%DDlPg=3kb&rT{B|0cM7KgyaBlK+MW# ze--Q*<1C@$Ng=0}dGv#DUv02MMf2omYs4|;gD%y6IU&gmkZrY)Y|{)<3n0FhkZ400 zW`hj#2c$zthdGefUb!K*`DKq*F_#rrUPw7X+8H3&hY<{cj3B#W9=9RZh%<)6v_jy~ z1t9DVNM?hyLvK8s@86#t{JU|-mD1F6X>MMbtb;TdK|tt-oI@MDL@L#sLoNtv zL(j&@h5UiyA*Y^XItK(Y%bl3d9aj*_`t_E6TJfW>Jcwzc>=lCq8mgt@C!sY zLG8<3rZAh<3G+8q%_~EhwrMq}qOr4!9Vx1%qs{DynDN@tscqt)dj0AkNdt1xEZ@HSjO$gGmO_ z3n1ztu6)k3kg^PRkZywBs45_|kXHcOyYmi#mf1u*L@Y3aLzEfu5bT28y>q_3?`p^w z1w=Il5=Tfk2ld1}vWRLA5)I-Vh+-k%z&pe!9j?|G=14UL2y+n6wmVh1%O1X`vsY}= zsZ^EG3nyhoAhm_+s$T%H4lR|_1UW%;8L!C-h+3;eg?AxOO(Gt`8AviANQU_{?hg5L zBpci0%^`kao^`?vH@o7pxbs1lh&dtKu-U>6?KrjJYvw}{3K;`vhB=6P2xoK`8=$vj z6hjrJ)pxghL_BxB$Y+`k5OyI$XojHDAh8RBIUwdCgdAUGTQ%)_X}5&L@C@=Rn1$jN zYrI2!H1S@fHi%Fu2VxhVR)}rc2V@-NgPro}2C)uDaliFziLO3x7=&$?ZOCYlq8HT= zzihF8m(7^JvLWTBggl6Eo#GfF<1!f1AyExt9Rl7})$eVF#5jm$+bD;eLcqEW$aI6o z#62=W-39dEhLH;(-yG<}ZnW)|eA#Q6`QdiVZPAedp-t|n5Ej7zb+o=ps@7DlYr$^l zDXx}lX8A-e@C!iCBo{$!ULlk?A;wV)L^%cX^1wSWNT`x?XKi#L=@8o}(1wIP2wdAV z8tbtRF%ZEDL5{%cAw)6-3)N+6;?^O$4FReRh;)L{4A58{^n#FZ45A)5=flglc34|3 zA{j(5+ookTm|XofI@Fls{s zpmm^zmqD$e97HQwAnn>AnF>LBqA{#Oz{v&e5X>6HG$F=X+qJE=$an{z1T;awGKhGH zb;%15=!WqNjUpQ$>_X8FVi}`7a>uit4gBk9hAp&1eMZ3SgCs*&dAHF)Wj4idkYp!}aS0Cp3>>tsW+4iIn+;vPgYA;>!r?Iaq5#7J&~avq@L zD232zw$TmHXbq5Y5YYyxGa-G*Yz(37L99cP8G`6B5X}YwY>;ia4`uIeJ#;})4`42W zz~qJ^9CU-2h0t3eNHalE4k8_*9f)LuL=-}X@WexO7(tXm(F#GlLrEa*5UxSN4q_RD zkW@oWdxNNkB!d0OXAs^YWF63H5bu!;L^}}FR6>EIL$pIu3q&&^nGKLsLo^zoxebyI zq80<99k&;_FoS{_45Wjk8IZ{badI8VYC^;>5b7bkLrOuh3?Skm&^IB%4#+MIA{&FC zcG(6SsI}q;>q8w)s$cIr5fwV(p9FVk-ZiASIbQ+MlLs*A>P+*5hH9?XN*~B^_ z!VY2@5WEdgYY^Tcava1oh;j{(a6*W1gLD)_c!khqBo___!-N_j;RbOIfw2q3JA*_R zh*}}ML%IwDScSO<5e>nb4x!#5stq%UT!#@2fyoZ&F`bZg5bs@VL$pJ@Lq6y_A*v1{ z7Km;Nh-DDoA=w6z4)*9ABpHI}hd|09nj0Y4hEWZnstn>C$TQf6eb8$V;vupM2Baux zf}$M*q8J9~HbJot@eYV=kYs}hE<-qm`;fm~mHe-R=Ba}siZ_x;J*OZ;-vIodr~j$# z%NvdvmfK5g#s|d3+HFWOjOQ@s6mymP3@@c=t4Qn~`2r#y?SZr$5cYpw3yJ8GRFfqk z{N=@gs>=Se_l{G5C=vY78Y4e7x_$FBzz_!!SO|yzqcK3G z!V~$4CnTL>9|wy36@8uT^z)YUp>$>(mt*(A4Te0nP&A5wbion+ry&{*AJ9;BZ&0W} zi1w#YF#)Oq31tR_atGDxQ9%U}1yqJn!w>_qm&g!QHtx~>9)A6+ACZ`Q?|q-= zyPms2_9R2WmTi#4(Y?1JFUb3nus$e4ST^ptXOPLY(y@RIw)5M-hRgr$zIi(7Q^Z-> zv-VHszs3ALd_Cqa+l_N8lL(uThoHmAd#~ruuh6&-x9qSrhrX&dcLWXptMlJEXTN_v zZp|#7^NF&)1{pXaVNQG<<+?rYjF>Ka^E_nk2?1x}`iFs94$GPklp_p_Ngd@KIA7)H&|S{XHL46 z>-Dvr?VPZVNyDp!dnlZ={t7D#U-Ux0-Q#@R-n6@F)OcN*C?<0abHwZUA7?cpwqqfz zT}YhTu0~_-yzue!xvn~`ho9WblkA^1U4Uu?r%V5`l_nTg#D*WYidn*J<+*DNATyXi z68suf;%cd;BM~ahH6lVqeny19^pPw~$0lW-{Th$vpkG@}ewW|Ip6oMExmCmwBhT+A zHx}Nc==Y-IU8VF5k&TnrH(T}_k8z!e*ieBazEg$%hRZztI=-b2sqPv`0;`>Kb=m=Whob-WA6qfDbr}zzO4q=Qim+k+QFMU1|>t`OrLqqn|trjRM5rC`@BfoVg`D7q$P;M@+$%9b}f zhtBQpXLA-61}xhy<4{kX`m)>+(e6Byyhq0Q{y$G0&xnIW(8|`%6w=(TRZ92#LfYHL z^SOBJw&VWqKXablv3vG=DsnsC=r*T??BBKVD)TDEj>KOoGB@G8CGXXx^EPrug(H^2 zK|3M_d8O6Q6gf*$ks^9ma_{{=hyKZqco=xrt1G3DA=|u=Z%F)dB>`t{$J>_m<#VmJ zzeS^40=IFxm>;lc;?Hxp+I*Q@OMGne8hhptGA?Y*{6!Xb?sikFmO7|~l;?z=ttx42 zP@COE3ByM6lPtWNRy0kLiJJ_!>qKZe1Fi_WHMXgzaJMYg4Bl#R3yTdiHzJY^I?x<# zBDoeF!-6z8shqJW_nk8pC-$VYc8^^s#RA}sdmh-uK&0VYRSxwQ+Hk6+xBk|JsbdLv z78^E9JG-P{v==S*Qn?eUGe>Snkvk-hi&1H|I$cMUP|9%bj~s;He*YMzU>+Vj)&V ziv-cQg`|t9KbG=vOeW6{;P2*@)!{$aUs6x9J zjd2U5-D;n|sa!sBaApdbCfjI}_sG(aJN8(+aTj0zNqWS%*T>r1SgFn$bCakSq&%x# z>c}N~pbUTb+3#dsuHhPIKYxi2b@wLE;xGkJU4e7O*}FGyeUXm=u~0f=-7L-x_kJd4 z+L#8X<29OLoXUCn-Q`$lC5=d`|)sbFAn$j7q$MYn84QLkbY0tGKlE_!6<}Bqx(ow2xh=jz7 zmf4fu1E6RYbDGd>00ja!jUp)ZN?WadXf}XFkWqkXS_%`+5Xp?qd72`bTT4gy_{kke z-$pXejqB8H%$WdQ%;Y(fHv|?YNf_ChtWLjq$iAcQE+{#hIL70^6&I zksi;KjpAi=aj=9OyTK4^qRY0BlCgHFK!PL!IQ^ou_DT;9N5;5TNUkBV!B}3#7+j>! zW#`DOMH%d>OR)i*7Sa@5?TFSgMl3~K!!kzS9c#Kb-%IL4BO*df z*%EwMc7fXpQl2YTq>Wu+4B8GR^`i>LC)rErG|pm$K3sMamICU+)MWAJ&5Xpn(zsu= zcm6QCEPPE~FEIcC*wM#-rPMhc9<>W-TD?%W1M~ZN{)fHa1#enmFCQ%B!wX#Rn}4o2 z*W|EmsBL0T$HVu{`dVJS72C#*IThXqwM26g_F-mbzupVm`aJm1&Id@8Wlhwrg{!k` zoONUMsJh(NMc2}iXZqw!>XtQ`7E2CWRKMEd^p&yv$li$mUbp=@;5hK_{UG^izu2`L z&Wpoe>37bbDcQH|yL?kai@W+rO1XyVjN>7L-_Lzl9d_-|zrRln&10rE9q`#_z0Yzy z@rQF*gHS7_qM|^PBL1$GLL<<%->jG1y0dQ8PkEUuT(PxngG8u~cDq4K%GZAd4wE9L z)%|bct%bC&|5+}jZEsuSENP^NFry|tJQjT<(pH7<{xGhyi#JwGtV4ZyJ(P7y zGWG~bBD_70>TIDwLv1&mTdPBHleeOyXf~C*l&<*A+`g7=Jhmt@K%Lek)I3@0yV6fM z@5QQXT+aoZW8uFKnyMrvZDovI<&k|xFG%H4S$ICrzO4A=y_Vo@*Y3wLRJJ=~zV%L+ zx*-FHZ8*b5k9dxfR5RwbU9zo4_0kkcA;UYB^K7*n(kIEV6j>I%*yCK6oWbJSVq-+K z$dAeCmHB8rws6J-3$@g#7gyaLe?wol?E3|8!}HE0o;P7|!fBDN^7mt+#ou=+1$I zw@Fj9nFe&{b4!Kko|UhTXTJ&JRKV`;lU{d3Z_Hqo?tnfE8G|mSNFcgBRK{(L@YWSU#pcr#`v5>N<@-^{)$3+RgS$SU4Et=K=kU0arbfjmzW}k^_xeh zr;sx0*cC>;$RvVmrNmbkbdWuV`KImC-HCO7lza7zN#}a!?xM zpfDY%oD@>g#T}r7s&f-T<(j;*V6xM;6fJg5(Gpe}ccrUQ)RmXj2 zVh7T^*SBE>ooJ+gBcBhB z`1wS6_LX1fJAP~-*HxUR-TA=vz^((MW3<&vVxPTrKeAUKy<@sZ-b+M^KF>dY_~~|d z)W;NBk;ru-b~>ULkm&~Wj?KvugfHqr>Q>vFo!aYb%C!~}zBH&O9y}j9Z>vloYDHxZ z@ClwtfGoUb7Vp^8vFrMY4Z{l#f8AQen9`Y3!DoIzOWb8!56|kFU8}vrt9AT@tzDjR zHMDK{UV~6v?U^DJ3h)-vQ5_4ZrWNv-vPc#Hn%SGs zH+e0Zsf~6^oXQ`SPIS3V`4~>os-o0M4QPra>2`u%g{yoN|04l?biZu4ngIxgXFHC^ zMhWz(GxJIacNzagw;{@NK+nr2MP+mcvJZ{ZE#}$~xV^zNISVgi+#F{1fBB@5%kF0# z{0#VnNCy4THBV|`i=L({fRZygL-)@eIyk{M=8Wwr$ignjlJgaG+2-^|f94uOzbd1B z;W}U{yXm@<`jwVCx;mC|>xeC+X-sHTMQ;QOj^}N=3+N}kiXltEGVomESW$2UGANE} zZEI>96>*vJXFQ1`k!Wrlmk+&+2$p8dr++;=UEs^CA@5OHzrl6gCFBuA4HVxEOS_O-elj7^HDK>p6T37nmSGNgk)wcf6s+V=4Zln zk%do^y5)V_g?B(W3DLvlF-Rd}k1hk$m(z?&1ylY}n3M0-NOO}_Q}jq8 zA;1sHl4`&3oY2^0EH()Z-htGjJ_|sJ=ERHgm`LR_kUdPG&R(Gdn+q{fx@d7-v2J5z z+^g>uN#IPRE~U$oBst-nfod9Of)b#m4nZ5KhoP1gGSXusWliXSFIz0zV1$L3I=~%5 zVkn`aTw_2hTcgtjQi>zi##=nEkwFPZ`b1s~N(cxX0$Vf}*K}uWQBak3Ab9udiF{3< zuh)=9YEGFl(vEttda%?kU_^{az-Ij1WUvj z6eG~JgW0NRVevp(Rs_y{F}y zp0N)1+zh!I7FEjnR2+2YV(rSX(+3v#J@LrAFq+?Jct-m6*0pyHpCvzjtgRn-_<7C` zl=Bm5B2V-)$JhMoDZ>TduW;MZ@!T|`CvEMPn8jOatyZ1N95Q%jJJ@vbtmi&khDNZb z(RV*T+HY)Rk=jUI!QJ!Ka_#H%d;j7s;)MZeG91#vS@JP+lZX?3lfvsO2+1j~&BY}< zx1NNpB}*X!fRD;1I8}`FN;{A#kuAEXbwIMNMH?Ar`iPRVdh3npAiJ-bXFHCE-`p6x z&r*NA1CL{4dy$VUGQHny5Z**}lg|{tm*xF>4oO4G1YQTdi}4`+KN_`b$dpA-<_7+$ zOTYIE*9K%2rm&l9*MOdDq*VnW6}Pnd_3$Gb07>ui7)l|>v$@V64k&SXayv^nvJ_to zlrK*_PDhgNpSHS`!$9~}h#y`LiUk-2wx|r2Q)C_K^Y1H;DO5@Cmt1iXqC z@q#pH)r+1mMGwk$ts6VBry$BbCvO^473yd@5>a$B7O+LA8%~739=@#S{oAxnXswP3 zeo`F%=8*J+g)Pa0G^I@rh>7Z#!?yn;TNK(3|Ti-;nUG44XLxm6Z8FiW9mZ5eK2gs?dS9@n3IbA0%&WNt-N z()9F8Q0P7Sw(^b87z;^ISQ&LfAhD~KXR zcGdBv45gdAkn!z(L*Z_30i&Cf%Zx!rj1N&#!N3qWn;;vcr*!uGz4YU)^qqdPv4hAs zb#nzF{=&88x-xfu^Kd4gaA+NLS8pWe=$NyBlWbOl@*s}@E#)n-WB2j8rvNUUuqJJi zU~!F>dgq*e&TI2HI6m!0D9@1)h(e6zg>)oXa#Yjq{-G+<`uetdk4_4GpB5+GwfU4x>`*yQ<-H&iQbL@5>1{)ZDdIyXoUm#JMSwr%+}^u<@vBJSlpQ3lBWa^L zR0v}}ru-#H9}{U0l?5AAml8oIC5u#xmG~2q01TN+fg&MmJ7aDR?G*R0mD0VO>qHi^ zfkM{_K(XZ7@?6QDPd9!IDv3PGxF)hUMM5}_HU4@JjV4IbT_fixZTDk_U}!2JhW&M> zrt{Ng_q(ez2i=~pIoY~t@%@yyeytxab;P&)SuoK2>#y&-p8t@?>$-i&J01svfGtbI z>!p15i?R`iDdhQna*FigAsz?=cWt1fS~{Q`fPu_90_IDQ0*XMCV5nw^X4kNcR)YPZ zavH}=X_VGmfKhy?QyN@7;S?<#sq>cvkK^D58bOoU=-Sj#ud(H?e)Nx)?nETlL}>+@ zMj7ZMM6|F&KJJyC0M?8G01WU`K@2cZ^o}dBg}lI?`5@j{Ba=PI*2X%tQ~{(fAc4Um zKG3wJgXgeavcmF73uDpY+>8Qn}Z{F*oy1<%Smu=DDM-N&z6cH77 z;AZe3@?D1H`KRLhG{eVH*XRHJ)K=he;rre0-~Z9Jz}jL#HqU!~y0i0S@@3<73ilv; zW%Wb6n0xnkcQ2ljHD@pKbA9?pwd+6!IH|#g$?i|b9 z-IBv8dO?Xy{-WXVZi70z)7yp}dQW5X%s6QZ$`2@m^R{cgRF?{nODAWG4ITt zhtRn8L!|SQjxVQv?)1vsJz`HT0oCIBHTTg+bFZPtcjt+bc1ZyDik;Ym5`lcxbY>1Q zl*_z+Yjz+K`)`hYjQAKYD#E5YttMQL1n|;Bz*1MoAs+#1?nKf!4;7}K^-`CqN7>sR z7O!#S2F-bmR#EGD0_~zAXsq-8tyOwew>~g8y!Vq|P=W!reMG#5?{!ArF3uNb3on&j zEE64W&jt#ZmAT^4Pi4r>8WIwb8lvw+tQSbR29B4(4}8?9eUQ5h4BNudNxYG)t4&fl zVYxWPUBO2B(juV>$Zizl-l@u^R5*4O6iX3Lvf*{z$`TKoA72e2)1V8ydG^!peAnw- z*mJ_qGi{v50`Z~?sYvaLADadj7s!H)%08?-n@W9NJAdg0?qc1d^lCatqbXQq5jQN` zD}TYsWGz`7jZ>VAW#WKU!;m@;yW5vM>mGT&ApHYhIU2qMl~bj|*@T`;MS4hc`K;%U z&z=3;*&Ep6rPsE1O>%Z>%fht^oozX3M;o;lbnsMS-QJ_cUPtfZtIUrpY*B8Q_oPta zn#mYkLe~mgk>!=iUubl#uhL^Kd=+n}My;kdG7?;Uq}T#u<`#GgzQ5V-J4YfwHP&K z;dI${?Xk1h^JRQ)h+OG^;NgK>|K9=!4)(qM;D8={#J87iJ7OVq?jd_VKGshg^f=8? znvq|ZkCKVy}#Ld?^M`sZ$4ek7v&l%SX_IwTe^jbsEwguDNHxM zs2Go_2%MNU-9J3|UMRY?^F4Nj&VAZNuj08U`e+fsCi1sL3OYQTg+95sWJJVNI)geo zeVJr`8#wN}CbSm#NUv& zmXTOD4ACW^5u-8|vB=4JzZDT2yUAl`HYu z_KIW4bv@a51KL9pI0Q@Q)Un|+FZod6`#Iln3sbow*O2hx)8A!M<#|$rZJ;?eFY$bd z?%Saa`&T5OJRFGUHAoJW)CI0pw3f|(RBuwss_%c*(ur-6FND=LtY+RIU5--AJ?y4l%t<9!q3xyf}>_nqxF`exKoU|+4v22AdEs2 zPBUAcQC;pg;A)T||9+jy7?mwLyy32pPr}iAu)Y-$; zC}I;EwK(sJAvIM<3U1aDDs=oM8Sbi`A;w%gER!lLqH374pr~Kbp}3GwGZN4{9&=AK zWN845GO5BMEmb6bub-96LMEP{ZK7BC6A2>kjbt0D(nOvs3Xa4TEP*I^cDMM@6~^H6 z1xpIG(O&d4LuC#1Eg4W$A>GVaBuGTc7!=-?K3BsGjmZAVoD=HA@#3uE^{Qz$d#9~6M&=W-w!D6tbO0{*n z4Y*Ozi~HFCZk~`W+&B}kL1QCD=EfRX>?Dw)Q>1gi?>UfU;3k5JB*NW?Xg}^fWjFltf^XJ)8%IZ?ojU(B!xJIkUvmIL&CsbPb3RRij%3c`Nr_ za?qARv&)lQiv>CrQ-%$s`<}0LOz-M%m7Xs>pF*wdoHuW5om*1ff`}UGYMQ{st08D< zbJJLjiPMU43*ivYx#P;)XRjX5=WPG?!Nd>$taJTkzUA^XnS8+`?;}PM$)yKXUClFA z8@AS7ZTnu&??h|cs^>>?_9sJ7sCW3liQQa_;c;pIQ}<&lVGMuW+CP*FKV{(-(um)E z`1&8wDXpqx%3`7Z5R$)8tEg!Azmy#b0B^xel68=jmLkn%T|FBB)62gy?@ered_Apg zr$2iESTbyLP(HL&TeK8x&bX`?S4lw+48Kt_mZ5sT(?9!NxZHWBlp0k;mDhD4??u>` z($7=KzOn}rti%VsUpi8RG>0;8CEsgfu*EY=vV^j22m}^p9ohk zE~59dly=5xs>7X8f43H+?QD%Q`j!l~I*g`D2FWMrw~499unnzy?n7)5{wlklZBHy} zqsqh-(* zQbEhjVHc{T>E|~+Dbas!N) zuY1gjJ4Vc#-*j%j$yT={EE=e23ZR>bHWN{jnV~%K zF=Zj?-zAk+c`jHron*sj$sc_l+O!smI5?VgWJiLrTxFQa_(lkDjT$W(M1R<_NW8KW z#UHg?yXPKpcH4=A|Ez+zp!XJ@1it#)t8;;q{ z;oAlN2Qt4i%Q@;FVcT+s_V|X2{K(Q~e1q0=w@#6owM1v8X6TydGzLXDcE{n{9HoxE zX`sAIROb-_HL3@Bim!Y*MU}rJ0?B@KRV==m7j=ZP*g`VmP{CU&@?(S9_tdl}pzWr@ zw3#V;MNVK70p#6SKNN=%SM0Pl{2$acy7zXv8XSNHoaBcSyKX!oWmw%mH@8rmbXaBo zUhOiFA)+`F(IV@uL7Xr=O1AkILQq5A7>}RyXLGGZ6o)}3WRPmLp&CIk%aibDh0xB# zziZ36u9-B#8%)y2u@T4l&QN-s!%KqxjAqY7*iY93j~~S&lY3xMuF+Tl~(3t?vN)=AgL2j%eTUd*7SvnRHzPp0u z7E|Jn>WMtwlY*a~l$2m4KJ;-RTmWR~3PPBiw(Ar(t_v{P)3dULS~}~`-YbPqDW%G) z8QxH-o41QBq_-(%@Z1x6}#X^*)%boisFL6K)75QJ!6+Pnt|CJN(z)O%7Ei)DKe zez-S3(+Lbt!k3y9-dXc#XaY+PAj*moFC27%lnLXDtXsMV%;qG*9=kNB zoiF?bO*_vHAm3}aZ6E>O#WVGhR#a6BQnNi&ItH*|95AqxKA?Ihc1hxDHyI8$j{;C`aXm2+JxA}4&345ft^A@&k zHybpc^h$>^TEY8Wg*q3}nK#$xYezeU+|OX;x-f5&3hB#98BS8ZvDfwT`Rkztc1Pof zmo7I@I_9#rAu1E);oF%eO7~M!@1xG9B2S04R2xZVM)9&}9qUcXMM_)P1Kvrk#Uzzu z4LOreq#Y{%aQj7f{#CL&jXsF<477+4P}&(f=rk%DHJ0?fXjyL{`KMJ+zhW4>>3!F)%S>gZAx zAF(EoAv(w~NAV1NC1TqP5Juv|H&$`oxsEKbJ$@o=kS>2|c^Q?{WFFo_=D9%iMUN%7 zPSdKYsgtnf4DRB5BW`Letz2nOBHWaYGacmUC!gDTdOt@Xc~VU`c`*(H4ES`eDPie)yL6@(R%^Xy4qs@-p+Eu43p zTJ!|Pg@{7_D?Atxi6{)PQ6hxr44G^|y5-0XXV`{kHh1kkuM4^46vCfnW-4%p0Pqk3 zS>?oh%OyzNO{fQ3s)yA%EI)P2UYoe*+p`ym7V3J-W9BEZKKpALf-@S$(3?DlCiG#-s=h|nXOP$C!vQLe+`^ebR}36)OJfzPH)K@rX{2G_4} zHvFGygn^qohIDAjB1M^yMr~&vQl~s!77k++J~UMQuV3u)gZ9WrOt3S$m%ZYr!rzSl`H_sZE%T}$R3 zkJCQeucy#oDm*+zSNVX#*om$L`Zxw9oU-iZ>&!hr{!n*mPv_M0k`0@GfBWdv#@6{i zzI-)v<4o(tAp2XV@BUmjer>`a{^`y3^kD_#H<>dLS4*ogjiZ7B`IZGbT`t`3xrF2l zXB-&1IteYLtG5ayc!J@eIApe#!Z3#naz2h6p!MJ^3(MEt=#$#e`i)vh`$_~$MK`R4 zjWp2TuemU}Zu8)pM(`5?skto?OH*w_CWX@rQf8xSPQ*qstfPf=L76set2jjE?Zzo% z%nNARP!RU+eNs4ufu2J*$A| z(!B+cE4z(?o>vLiIg6TOlZa?~h!NI~JL41!VE#s)(N!9r=?6)i9Upunh2`C@%8%=> zOY44kwd_+%%8PHGU7zjP9Uka6HDPnU6fO4jrtKZl|MhFq!Rg;RHs1ep z_4h{dK!}dni@#O{r$*zs?5ZhX0Wq)XgTk&YT9;2#TQef$?b_r4w5=h<0-F z?+~F&aXm=?CxQvRA*}ZfCIbyzbWi01eo~pvcA6^Et4|4}0U+KBaz#nm;x%W=^?6QO z*<5#pvBo0w5W4EU*45gA;onD6IVwpc5ie314MEHz3W?$r>Hv5Shf=DtIY#V0ZmX6k zt%|gt>A%`UxL}8z#lWKmK^aFT8Qn@N02~6A($$o23rR^aa@%3(-raP7dQ=b!_(t;xSGdDU9Q;*V z(v2ZD@EatqvcB#GB zCyio?s%gvrEZ9Rv^8Y zU@X#Ipv&mHzOepi2?Q1mxd{w1?ir8AERiLMLI4SB=iht0tKS6DzxPyrI9s+J%u6Ys zrF70^$*XCy(8ClTYOZ5finL0DCmxtH3YKyez3BQMpJg*(1cmBYCnD2WF-*H?y2&c- zQJDv_g_P*<>~`c#Mi5VWKHG_Bg-lEM)}meU!n_1HiGVk4a;UQ>KM>uq>-aO1w+xlt z81#6B;W+MRa29Y)v^&=(*K5S?m6mJ=cs%#d1qS&Uks7sO8T`Q>BjRN_G+C^OVoOTY zc{DvJfey(a1u9{x1@iGPNGdxi*8v63&WNl_1MHrK*N`C;^Ac6N6l!a61~@_2?p`&A zP6aZ=e%-@nY>f;PkuJl`L;x38s6(+M5^(EHAhW5RAq!SWE1zvevQTK1&}=NEz{0a| zFiV+~2Kay;l9>rosx?n(`*aO68SMbTe$o*{i+E$M4McsXv@r!8sPYR|^=$xw|!6;tA7#x$;7Ct6FBC4pcA-!+;l9{~mu!d8W1s&+~67!Z#HyjT_w zz9xt-0i-wv*zt2F5S6jKS!(>Mf|@iA)FqDb06Z?$teFP=n_^*%uLi9n3fg8fQ?8&X z;H{t}c`ke27f4(r5()IGY%f_-w`4t$Koj7AOB}H)H2DD{Fq4tQ^93KV8zPme04-HA zV5b_bM^oD9UFan$do0%(Yj(?J$*LGT@{ZO6n86$LE)a;vg9=|h(-wD z76N^TnMV`k2CzJr_;g;L7~r`TCvS@u6SWP0&(>2 ztWy4j%x7zWCcFqu5vw+#p1o)x12C0yI3->b98J5rd+LPS2Q(X^MSy#eO)vqLmxN_x zsH9-nm>B`pzW^nzi4NJ33^imQIfq{eT*DZ|$cn>MS) zbM`hPe_dgGZQFLF@ZGKulT>-vXIJ$4Lvn*qw(aTbZw6&Lm$f*9(k7kDWvZn(oAX&= zq&0!mP_p4EZquR;-85%n0b+mA#ObptwU+Z3Y`O^TR6_k~Lj0xg!YAy*w9?d?CJ_t*D1U`~AwX z*%1ko;UU;40DS0G#jw}XcOH#)@#JIMN47G87`y#B^#i4Ok@2lPMP*~_X0Wa zd*uEUU7d_70Q)_Fe7KIe0f-v*#I}-*rC!~TFAE1qmwk?BnaPLbbPDqmxWc9ul0my% z=1T~+0T;F-Lb#E5`q1_JQ#9^UQ9SJnpa%%?Ay2e=K$8eD;Y^Ae+FSb3;FJ=z7<}9w zElx3BO~t(o33n*YBVu*b#h&svdtM#JYN(u-*f8iPwQ%1T%lRTf;CNi+IIa)URT<-# zJ^@XZ80_cuB^(rkG_9|j_rD+?c0^O~k~o?=sFVu7SjzAgK$MM>Q}$gW?KZ}B3VYo6 z0^YmWT z5YlP9T9zQ};94PXppG5|jmekw@qs&du1RP^BV7iL{U+#hfM6?R%i=~ra5ps$k(}^6`^WizT3eBRTQRBey<(zu@zBb9czX>`>x-L(qso zXTdXIeo5so;ktPOU%qQ81bI2G;$qSaFO4$}+Emj2Ia7i$tqK6BG0?It5Q8G5HdMGa zr3;L`gcy-v9oK?8tP&5-&U2cvWf3>jk)k^e7#{)!tm>cS;Qi;aC3oNT7C|Wo@N;J= z9fAi66DUH!{SJWpSH>6tN!WrZ??nGnTH@7oN-+C&d5qq_4nJ7!WPg1Y%{zWt(!3

Ndr>R8bcbEeWgJ==lQA!|U74}^e^HLta+LDhnAcJ}`g_YGuDkvzJ;e5sp9}Mbni?;zi?k93+G- zmS>A*c}@0c1)?dwbnm@RHnY$u8DKz`6ZS$2yer6rIKZ|5!^t1AD}XMsS%-&k=S-B* zU@)*B1>M<)QHV@B_ZebJuR#}-koU!rK=X$-&}aOB3)B%3 zn@AT3_oL8;>v8#Z$b4cYaSYxTk~JJZm5sSE2qh4jqjFx6DBJ0jC}c=$zdoqOSR{Z# z&j|SJ8%vOGF`$p)g(TU1-XhS99-uXh$()J+@VZsWuRyLO!T^L-Gctg289$)7!4ef) zNO&%A1^1I`NWraWCU5qi2l!iyrbq^@0jS5p(7Fnu{`=}BJZn)I#8+_{pH7LTLm%lO z$<(tG&*K2_lK|d=-TrzuYcf9j{DLgJkW`s&K3e(H)DG5A&I_wCM*T`!hT^XSq3d7% z-RJVOaLJ-^7Q~iw1477O$rGp2HESyV4(N^TV{SY8@$m+LLQ^miqZD)9{iRB20;?UC z;WDH06Trq$MhX_7TpV~c4rYj9_%vt;-7xB0Ki|R;i|l7#M=Er+Ye@c|ZOmOs4=9Uw zBPry1d`lS>;^=*9N#$#vJ7Cak09*n|JT`O%M+Qw0m@s_|l6wM~`4YEfLaeuh64q@Z z?0OYNNrFqwkn#=Dq_vxPi+!2$N~?`m>y&U`QsqM=NcX@!ejc0x---v0O609jdKJv* z94sb6af&6rT$iriMt5u57YVcF{RTyhqjX#J_(o0$tdKeT&J8!N!}G91NTjGh6-Dbe zkZL-k&lA{4J=lkE(9PKWrbrTY*A?I^XcYCY?VkSig?@cdl){<^iasHsY>;Z&sH}zU zok*8VjLr`ZR~V7V@6QM}Iro&Qdy}*%ro1Yw!W4s~NuuSx0Qy@OSvL zI&#K*Cm}>PpbJzs8*}yOAGGLSCtgK2(q?rd0+yWwIT6osyz)_Y%I#Axw~YuPzfcV# zNxvyRPZlkL>^&bWiw#g?_Nd&<_usID+Wi5`U>%x!$ayx}Y65kZ2f)%L=&2v%OEIp6 zDQ_V;8$U>-+^B`wDlnz2g}Lmva73#ii;|O%?@K+m?VorSl+Rpn`1pVeh{)U#3sn1A(X##sf-_ivB{D&6Nz(W+Lf!vx|OWE_Xt(Hkz< z{asUI*|NtmtB&xb8?(~_(QaRz?-yjTlGq9p<>C}+yeTCuyo@10og5fs2y z04bGa)GeeDOWCB?O>85l&zRFJfi+9dhi{{_gP;4cIF+_C0o@g*&O(@?O%Vx(*sMu8 zI7H%sn@)#1WFdi^eY02Mcyv6u)vk;h^p;DYL~Z5MwTG;QqQ~iACx5YB=8V8 zmEbvn>}N76iZU|<@ZUoUfMgu!X)bF9>6UyC@*R5iBYaFPZFVFy5)!O0$S^sVXQ&0Q z^V7&DLLpbb?}@B090%?T|VNZfH&w1dM2$PPARz&+J4K^pQbm^qwybAS&Pn z1`Qa9G{Omc2+kSb9z-5qAX)~a2JjRVz!i|7kUt^2aEft-3D=RWU_hwCXExE|fMw&> zkr13LKxVyiE>l(r8U^y&7*2AJmcm$+ew42A7psA>ia}Ezu_ZxbwI8?)_&wl0Mz;=YXeHjqPC_bk~3&70(MbUc6 zplc_3+ZtvvGZ`aJSU1>UAkNO>XYXwwBlu83Wfn+|(yN3Z6>^%BP2_pA5ea)kfE9yc zOOAHsJc4xkfZ2m!9gnc{SIdVtUr3x-JN5W-L)JR$Z-3NOeU*Olz4G1KXPYnlmutEE z@29RG4jZlCS^BbiL3IcDsrB=-6_*0`XRSEO<16+C^^HfIIM8tQ{F{=7<=4-wyI0IB(Fhln;-eo#DU#FhBp1{@0P-0M$u9 z-zg*QM|gJZnuaQr`m}<>*D1<%JXQSrqV)QOzvOtI=Ol#pv=4qhb8jtMY@g(^tmw$3 zX;`b^bk_93e+NnnUjM0eWY6&RO=&+j?D}hY;f1UGvGuk=e@^P9y-gE*I0cb`7rr>KZREGZ0kM`eaahBr6MM+5fBPPhYZ9H8C&P?{lk8Y z8y_Xb<>&ScIImV3%#)6P!cTE754`jJdD%0aWAo4_&W;T`SG|A#Pn`Fdn^2S#zwRo< zN4YIz`IYSG21kp3bYBgW1e(lm+_`wCNAcJ>-vy8L(^AVFKX7+n5(b|iANjOLeC|Pg zyJ*fCQ9XGdf9m|gPUck2KaOEv28>2F-24rf4;{R8u;a+3(mRLTLasgxj|oglUpsv& zdWg53nJ#P%|B2Oes=R}|JIMqc#n_m_`0H@^M-l{;%^n$dDI_W zvP0ic-|y4v(-9XV*WUg4=lOm&T?%ZDG3sL9{6JqFXZ-BGd+#k>T^qZ#%)bIsNw$Si z`TJ{5-`ieS-g+@Ku^=MwRQaj$*5ccAro*L6r+<2T?P=0z>E*x9Zdd#m5;*^7@1|8f z?#r02g6t=F#9HQw69xFMpGZsvEo$5EKduyb|6U^g;}q`~l5Ntxmp@Hb8nKTk2d zc776@cIpKC?^g}(Vm)Er-9J|Q>HfMf)gEp5@JMH;RW$wDZvNP_ht7zcUd!AGv1t^oT!qge%iK-_$lb%;%ni<@3$`P@5O@7JMw*9ugtZnyv;qZ z)89um@*z2K)W2xw=@V+sl`AFQ<|~~%I)2?2p!@be$EOAz#PsCpKTa34+x*%!y*5o* zu&yP3XkUAP;z3})Yt*MVYuoNjdkj7OVNuRWJ+8$s(@6zfN|WL5CyDOodurxB$PMRA ze>@qpUxLLy*!KPR1tG2KGg~>yZ!*^`JNK>U(@~8&&DGz^%XjU*O9$h*efmcb==xF znLnf%Zrp!b@Z`nInaaaWhd)Ozx_Uou{Kujl#gk+Ui*T2)?e0DH{8{bA~A>9voO}f859QxbBfl|Nis&zwf>rrZvEu zJ1qX`C)b~kJspLQ23?|gm~LqCH`&#sg&wn-^HF4Brg+IK9pt1A6rR(y9=r5*`O!76 zDbvxfJq&JM|8&D@epf{PUWI%eywdEUN+FQVA5=eyz;vru1MOCR)?@4eE0(dHJ_ zgm`88@)rJRKHnw8f8j!%Z`;t|3uak4JcX~%_gPwcdPhT4)|mg#aX4jBmbpGW!!=k& zR9oj;EJ0~o^J}kN(UeugRI3GVaeX#ON z{jrReE7rj|#CFJ8F_Rp(Z_Lu$iy}-XXRhI3SY_sv`!1_aH zcj@fxEwK%C7ahpMN3QvLXGCoOZ~jZxuiJHfj(UviJPOeq8Cv6fE?DJ{EidrZsQ&Z( za?u>s{3rP3-`cKn-1Xe+Ods4)zx^-hOZQ>DCwOm~!SdFB{(ciV+K_nWoBgOFYbRad zKCqQYaOr%VLZfN=M{EO?imTqv`sG@wcLN}cSFl7^Cv$2b;{(lk)w;dy+!@> z(p_R>mgivp)3~GmBk4?_p>E$dj=_i-GfMVlM#_?qCHpdq3@w%@q^#MJgtBil%nWT~ zsVLbiq(UkR*{ZRWA#!FWy2OlB zhx+?Rzo=f{N+KOHL-r2(g`Bt{D6FAjKU_pTpDQDsVJtA3giDZPA2YNV+>p5)h}cp5)rxT zQhk>3#>J)B!Ajivw`!tGy;pAJh^B;Rje~FNSi0&>jbo~wEmrB8Pu+uR9ABj3T9yhf zdXMkF@X98&UzPn&eNsxih?ul#4=#;pPjnF5o_b!`=6c4uNWpitEy5P8nzqw#T-Ke^ z${dXy56u_MA5%0M4Dms(_AFd4-&dTc5f!kQr)ZQl=&*kJ&kcRy#Iy`6Ni`Lfy$7%D z)422K#-^!58>q{BUUXF&1-sIxSI+AnlW^=(({MO(@s+g?K~i5Lti@+Af%eeg(z#t;wDaq_sCL?zgg>&u4bZ zt0sgi`F5PRpzFH-y{7#$()U9H`!A$<_|@k3@fquvaE5( z?frXCD7%;K^^Z)wsV1Lm^W9eXZWlpl_2Z0BO6{P>NdBK& zo2nHSGhZK^I$!SHb)!^QXaBYiO-YUTO^Qi#rkys$`ufJ!eWe{Yx>qpX=`kjnhM`|a zV=2!DIVHN?4rlhtOPK8ND{ku#*d*;FP@2W~LvcPZq~K;l^Q4HIJ6ObKwt0*`JUxP) zT2|c2xn|n61*4y3kR%t9VSzrodfD=fRFQ>3QopRAh~RkJ8$H&6qJ6}xYfj>kF2e#x zvNx1cqg&T4&X2L5t=mXh6#m1Lewcl4uD@Ijdyids zEqXv?$Jh==;3P&TDV?V!GRo9KZr3r!k&-W`&$IUgCXo@t$ZTt*QxZ65^^ZrK#c$HX;_gy)_)9Y*mZXZ7f&z;XSkA z=qLv`6R0%X3RhYT$5Ig|m2ZiNJF42MZQq=-T2OB5viF44c5zmAnwmJdu$U^Nn!1@b zp(#Nr&a@$pZPvE0C#$C83DzqjF5Lwe22Q9|MhP6o>Hg^hWh zPv6DsnW7quX;%2ODYW&n5$4x=p?!V{uFshE&P)&Vve_=!A z$5kEEe=jUPB=~r0y9SunAR^y<{{%LJ4GCX2nfHbJj@S<=%v7R zVUShDX~(ev)ODCo=-`1;lnOp*M}p^RWtkb$CVV{H3ZG$W4wJECtRQ$D=>!-B)}Z>h z16NQPOJ#AtX*HsA=wf+RU@h3S9*@FrB}Bj&gAzv5k-Nm!5d=SXzR<}4x&!)|BZN(8 z*)kEtb`$IuxM|oXAjcA#4FpFGk(Q(0_;L_kd3%&~;4`fkP5um1lmL2zC?^frmNGE6 zt`>y|#uOMHxI+?LKO=(SAPSj{DG&)*y#g)O|KobHVn3@idUV@WW+?*?1)K=@f#eAi zTRxfdha*84=Te@F(5w)+twD#VM&(ls=t6Gz32;krQ7v+XqckxQnku~e zn<9fKm4LZHUR7H>3;ZK#gZvz674XjrWkPVi&~Nz($iJ&J~+!J=-4QN z=Lzg{Z+X_yzEh&j-Hgy>!b*TCOa$kc=it(^QxV;?cH%4w$92!V0o2T(B*9k_d4(AR z$zw?yG^$Yf_o6f-w;@`A!Sg zxd5ADMhcp~%GNuj;JjtMOCx&iYw#2N3^N8dll((jAp?!|#)GjE;|&3+OpFdN$?S)0 z46JXdEElfQV2p>sr7$xF(Zn?AMd5%AD{~6OVzvXClW=*y@q2@!VO4*FgQNAUf7`o? zoOd}mZ?etM5ze1TJUVmD0x^ln`*b;AKN6qzrIh+f-2tUbhDULIRCHKT*r*g>bATfM~c47Jh(+dE3a^%&0YW0wc1Uhu4eAD z+27)RwrEEQ8D1A#Jb$WoE+i;=SO%Frc>guLA%V0?`8vFhX?BVAywKe!9EDoLlcpr> zaJ33^cr&jP?c1Z9QSV!}42e_boU&fGecZD~Ee;jvb`xQlB%2VB!iwU)=3m>8EJ+Ph z{Ms_+%Rf6GkK)VIY8L%xGry-RrCY?4)*s1w9&ajmsMEYQ*!whh(|Esm;SZhB{oxuZ zGXhkWlNiCWsXOJry+526^pd}igihIL&4tU8lKI!YlagXK?DoaP2mix#Owl@G_1oAF zmNya8B8&sAKEJDQ?jDG`>*jVMWpcv7uETWTbzmqi=S&noDk-9rjT=>P5Vem4-Nte@ zijFIE0;H?r_j#Lr0+z8#(>B1K@~%2H?}(!s4)Gq;I9ai#+9YQ z?sNhMx6D*u>IiHD;8bxUX)0|UO3f7Q5CG1PxH`69iZJ>lLK;Dq;flQ}(*Iiq+w}-l z#<2b9!QdP>J`8R$4Y1&!0m+R7V|p0GhS4YtAydTDhXf{h28>Mndf+Cg5v3d_RDyK-kN^qZmnmqyDz&>so z?;Jf~55R&iKsY4;9E)^c9l!_|i&K-kiOr>Q0aTDD%V6*i^@A~?5=Qe}P6!hOWO*gv z>4DK2|9Q9%;0+*^wo54=Ljv501_lCI7Dtu{!UJ&XgqtCmPn82XVKkK;LDB=N-~W^# z7?pF*rNZX9V1j^{3)ib5&vGI{>cSf|eaJ@g8xjVO3G~T89?jk#g2Mg8UaoJ-kLCiC zZ9)V1GiRaB0LzFW2*04liJ@S@_B=>A34kY16Cj9DyPIRoy_f)Sc*?a0mDQ4>=)T5a z@Ch9GZ88c<2pB)%(wxP9LV~9$h?ZXjrb39BphslLKqnN16{-aQ&~IJN36|}KV4xCL zfgr-h2XHsCNeGE&h|bjIn$;j0Hjb}q5&Zx*Jxf=Cme5mJFdJP*Cvy!eVkqJ#s8TFz zNmc6jN?q9R0u1r>!UT|s+SQf8;L`y}18;5-RQsCh-CLKS3cU5-W@by4X`RBs(o#LBs%cjLTPo@DQ*WL3DuJFv~rd zCWcm0P?F|mAE!u~Mz74CwM*bZ-;syXBiQgMigf}A-NPU7dBjlzwlt1gFXD^Pz&dy; z%mLlG9jZ&sb zg93_FC{0-oA!IZSXd`2|(}1Qoh73rBP!E{MehEW3CiFPyZn$7lXc#TtJ{&tL4Vy(N zJR{+s3JnPnsVz*X9IS9~Gs`2Il0fK$+n(#HMvqEDA)F#ZqJoQs8`;ujm?e8UiY|eU zcq4>n7)s1U|3qj9k!mmxMp?yv@Vuu;;A=^C{Cfz#(g-jO)0#?ZV0QyrNG}SUpkW}X zyW!#fm{!__WpAw|@f%q73P5&9$i*9fpJ_Cg;ztXOK(PXd?V2R`u(xr(T}OHb>4HbA zn44&gZojZfR+WIeuocx}`Q<694wS2j%Mi6-gX0cV%Yam{H-kSJ4H^(UTk>D!;GKp# zfhE@kqU(Z6GLV#FazPi~3f7-FX33W8b`KEanToYtiazfs2ea-EOCBjVJovd})K*`M zTDW#rab>%ctN-ZTJtbNyyl=0D+IbpR1z2S6vUR-tZ1!F`HC?s%mG^V&`PkKhytVH) zFDkvTp3-z*NQkKF*wHu~n$dMlXE^51eU?`}&$#8KI=DA>$nVA=Y6R>G+D-gTgNwZm%LzjMsdGH;DhF_ePH5;>U2a3 zA0aUXWHRPS(TDOaO`bov`5cY^xw285@NOOEQ9}oj4sf#|;PZs?&QK5{6yZ@24H1U* zbV#}#$PGSCHI(p5l4S&_pRfq{V_VQ*WdQ%(U%Y);AUHZQLGi^+L$jjCj3DLs!^Zp! z0dD{dC_rXHf%EfhFPJd}ooHtOdpZe){iF%R3AMw(yh%D{?>jOCPAaIu#khiO9{7z- z$XdX}Cxpo=X+v{R1r6;v!3k|}E6^y^;;mH%0CJJRRYOh`76p8RCJn@6@UBV%DsiSp zkhcfi(IGTF38XAIh%(R-boi8jHKc>ou^EC@1L6e)c$pM>(i92uBoq@|vpTe4zTEgX zn`@%32gnaCkB@CKXFzzDqCq=OaRIEJiyvGQ=v5$3BEtHGb%v185W`mj&(?-k2^-js z|4@ud?h^*$2O)>cg0XDjrVD0KtRNJY6Ji2g1ayoL>(LcpIddWjY(o%jL2p+D$(uf^ zgAbDg#|+tw18kPe;%eQqgT{z980_XE%2}ZSScrnCFpji+I+@4ObSExGKR08 zG=OY^7tU6cVmv~&LbZ^?Xo7{I7gfWI6AFVUp|Ut&@L*ROloa?kI=8V}IFA1h=s(a| zLYkALN}tffpMl;X42}F9rj6lQPEDRm`3pz-Wp>P0AD}F(t~~{E1Gt>)%%BEg=`j7! z!5Huc0u`J#NE;9YTi>*7yJj+=JL{1T^`t=LSCWV9ijs7!{W%~WgXuF5Y!U%rJL^S5 z6-9-*;RC)|pD=s|Tc-(+Wj62t$VR;a95`9McJmG+2;M%=drV+q;9#wE-^ItR-GW$Yx@5H zU+8j1X})sQ$B?iDM@kW({lw9{<1`A?oMav2GCJ0eR+iC$YN-$%#OG)Mv3mq8ej=?O z;gky$sZQ@yU(nCb>-pbS=(;4M-_A#_J%vk^1B3`<4wy!eHPGMH)nFju`T;+Q=ESOl zE$31^!5Lem&?k#3m7Biu;w1I~9~67H*w7tP=fzEx^$4AD*#=9<4$r3mq4;j^@!z5G zRPnWIq#S*>_cICaeqTy9%jKSu1Mh1C$%ZCeIbKCG6M;lmTziui)yNp4gtX5b(dHrrW@!|WGurGcGWOhmTpKx$`^0Q>^6=zERc9G2s zt3xIJobJAh_QRr<%RHfn zwNBR)J-=Gq*$oAkE>Cc(eMpnft@b{jc|>_}p$8fNw?q2L+(tM;A6Zass@NaL(bnRb zpZvHm8~VnR9#STVuQ_jdE4`_|*ET?CF2y!YXw!0=nex5&Y|^VCB2uw;Ie5W1NBH@h z%84hOw5y(_TLlFAT;#J+rH#%zb}8AMn0hF}n3fshz4Mi<((y-0Q3+3pw?tNAOQvuS zMhR;vd#vZ--a#yf!`%q$)Y?aEvmWH1G2a1lm0XPP!|+>#au>8}kwOS)L8)2zL<|gu zP*(PW`w|aMSO{IwN40zg?;-*RJ!csUOXX#H-4XjqpjHA+)-0QK<`p_{SNj++)ZH zIfR~kasl)Y5Mwze2r;#4kueAkBKhHr6e%cfT^9)5dtmKz5E+55U>OE~CN$uX0{G~1 z5(-l=&2cyT41gg+w5LxRdU1WGrvwBl&Os47v8Nn2Bm=Kg=%kR}1j$hxGTen9@KkWy zBWuCkN?$LQMEc5JWN{G-A>W$oc7fqZ4A9_!)jp1YkmO68*hBG$*$6zYC$Zg9gwL=P zfE_JtXNn}#lN(UPho0bmawoCPMucnjm8+-9V9gR{@VxFP-Qygx_anZ+9?q^8z6l2H zTAEj%h?)RYx_5EaA~J=oA|a?>{Y0>RP4mNSggWl4PoS6ykhO+V5BiFqg_a~j2B@)I zB55V*I^j#Pd<~o{Q!II$q6gk^fPAv03-58FkO2|2xDn~UMQFCY*8kj^6ew|u2EqIV zD;`2`E7<5Di>Jr*MJq{T3qwejfiM=*gObx*qRxQe>0d0`0S>IKd#ZiN1gVT zY2W>b6Ds-<`WIM3cVXXGqj1IWkHg?H!R~Iz^br#g3P-Clg!JJX93V*uv0h%d8v$a* zr78ekS}2lW*(ZzpLY2Vw6mQ*ZAOMHf_yY2oTObL5{~H@gsD)kO6AGp~s?fuH?IsBs zGK~mek%Czyc9dR?zK4b5zP=doeRE}*Hv6?&4*Gi~IGa|VaG~W9h5yR)AuLF0d9okx z=IB*sN&T3TCVf*GM-=hGCcvmwAoZsr_|5ENn-og5nX!c5K!`5W6~O&ro+%bZ0wN>D z81K8)S5b(uZ5Zl6=1JIWVc-iJH7$bM6NO3OU%}LoD4$Hxu^bS9f^19xT*C{-%m4@g zy;e;7b3eHS6KWTf(5IV*VPJA|VvpoC-e|1GX!~#&k10CH3RDrsNx=r=lFE*0R}*0Q z5M@TWaYATExMvK38S2C@LN@8MXmSnOTj7rauY;%%5NYAE=K$+U35adN1lUF2J zA_o5O`CAIf9T*7EuJj7RPtqZAHf#dAqa!lU}~>O;g=kGnLeV{ z6ygl+0QFN+kOWRMj4yLV;AMaHRnU928*LvsN-s6q@kpU#4?bHDX8F*YvE{J+^ceCk zp(tQ$l%u#gB4~5bbnKZ~woKq=^E-3PK&6AwOw9A3Xg4`zQYa>7*Ff3?jmh}>PNj=4 zS$~%*vKS5?&WK}d%9FDEk2liozXt@~RwzO7zmQcBx{WDZ#4fRxz2y;1Mo$GMX+W^B z8OXZ$c?eKwk8me>*)pMMs}V`aYB+-ZlE$x3C??Ez2u29Qm8%-U>bd7RlD{*K+DAHi*Ro+Ue^Fo+f+(wJ|@xVX|`cd`b~N zbP+=3g zf8(5O0RBNZ>ky^`b=;WDTabQW#{HP0X)Neji}$6e!q~+d1}D(G2M35w7z=7}&rrxF zF&PwtQGaOH*z^EnLZXm9Qih9LQRjxtcVU0ArC@W5kQB@tH>L!De;<+v?Ro&_Qa0ge zL#7I3pBKpv!m#wTKrqk%7-WJsUxZMf!2}89mrC#%w;K}5pl72c>=~ahf~5&gB5D8` zh3x_XVAg=(3XCV}rbx=-@CEYBeVDPRO2PcNEOkUCfM(zzTq6wGplQiNP?V{*Eg z8!E$&%Tja+{hGu@P;JT~)Q2zK12Iik!BJDh;R!>S#3(BWc_9HAU~d9}Hi{{3RQ8zQ zs7CUg-2kG5gG1^?q4n=qA61KxB|^i*h>(D&7|T-{X3cc?$x#rLh1t{{X{ea{Njh@e z!IS~Mk#&-yM_~7YCmO~9pfdnMX1H08Ff4n4a}vvzss~gyGenOWAVpvq<1+*UOt4=C za1-+E2-Y`?6suAu#xz{_)>E$Kmq7A}4cfZZti@Cv2iE*ao%P(d{Fy}i)fLa|Uv z;sIPT*@(~qV=m+-L73H+%C+mm|GS|CZ-6NvBv_we(K@qf>~ebC^l;q! ziXuJAu2WiyKj!MTvMa{>?MsoWHDOtHEmpF3cF5lw+W+p^<`YLIE&`(F3%wi|w!;p*e9vao%zlS?;MY;2A*|E2@cv&>kOydyI8XfaA|4 ziyFc0m+>FcjrD#^7O}9nM9GDeI_npZR1_B9PM`W+_TP^DgeOp}vo(dm?#qeAGZ}fL zLE7#K8kZd|1FN|<1ia>%Uf4Ooq$<MWyvQ)HVh25cV zSg3&HN2yBzsN_NVEU2DPPZe{u#65801cPkCVyBYLg>=do*CGlw_hgOasb^-#&4P=5 z1V2gZgh@0!0Qh0~7B{|8U1$l(RKQ-s9vRKY28<%pC5AW)(G?lc*eX;h2YnCINq{aJ0+k*6SquP+TsBe=n&~YMv&1kt1aJ?!hw9E@f{^Y9L z%p)0tz3I87j)I4}-fAhYm>{*IP+vTcRzLk<@#%Zdr6QxCKbX^z$}{4z`GkdhdePX} z)&0K$=6yf9@0PE66TQ`he)Cq}K{rZ^l~r!z*jmH7%}?f@8!?0gW<#j-@ttiOr?tcn ze=fT9x%rL1V@m=4!Lwto0`+f;;(AcK+W2W#g?b*yrIb}Y;li8#NfQGno_#By|-fXh6J&Vz4&--)1Qn8OF>!E zqzDGz(SKw{o`Rq4iXX<#MLxNH(DeA$`Dod$kqZst%W?O@^Tsab`|o{v{gD2-UaP}K zy(J;BMaNgF{2|h2IwGO)Nho>+ za){mvBeK{b2NX=Y@`&wb?dEd02GTK3EIW2YhL*?l6(+$wM4c)%zA4f9y=?55JP_@8vvKFn@cC@_#Zk3PAMWO%M=dznZUNb z8TP>pP{5^2Wnu6EIpAKjP#BkC_!=T^tg~1cU;V;%)42O&aweMTE=|)8=MGokuvBc1 z{)bQ&S3IdkkyW`-Hh}i^%PYa$1q3Q=mG=Lb0y6FTa5yJqF-G+WG1Bc^=#V{~_+y)s zIDCv`kc?cg?VvW104a8wg)JpUnuG^j<@+z-Vwf~yEsY11+w>jr(16DboK zGiZHSqYOtvQW%V+*t;R+QY6|d!m1@Ev$ViWQH_2mSU3&h2aLz@r2ydDEZs)ro`)A9 z3v?6Q6v^BO!XSLTD9DGvJjR92>yFTdKzReKdk}+lp}TY2Y!nXqn73l0*kc0laKAbg zOyl1JpB|TW1M?aef9TBnAo)P%f+RCQb_UIe?)eGHF9T;Ym1>C4V0+m^7?g#noP8hA zmEg?LVl+fZ$DovkYZ(IRuMruNC!iyN9|qGp94CMZ1DXkS{DXj0j!SAX$A}pLhv;B~ zpj?7X3>;YHB|wxdES7^aK7nEgL)Ncw49<5*2Z2=JF3AkggHp*?r&Jy;+-m_i8V08P zo{^AxHYsd2;EoyL^b&cK zU!GFvS7>%3wE~&|!ovbE4O7F;U_9p}#9@+;EJnQ)IswZ$bUuuGBcLb3!66{yJ8;1? zS}RRo_C>+ndbAfAdnx%T3LZb{TD!oF*u>zKfm6-gc*_5mb4L(Dv_V?9w+oE%QZzDr!C)K?8MSOJTnZJiY+{9x_WY#SZ^3i9IHuEJ+xa z1FdQn#SWvk>oHGN!U9>ws02)$Br{ZOoD>>!1_k+kIG;xZhys=~v<7@Dip|Y4M_|W|ZR`MEj|8;?Hv= z!{y`+kJ4&E@{XZ`|M2{Z7ECm({Cw!(O>|tKDz*cUpKX%H}H8 zt!q55>)Z$Dx+TQd-aU?aNv&R!`}FVf&vma(Y1$;FOf}BekhDtrEr`DSM?!PEa;RUl zzH$7vDc^W?^Upmle7vLEJ^;%QF?{yTU4mhav0E}*`(Y_df|#k0%tWSXYfU$7*HYEuv1~Sv zW7WR2dRJwYmbeE)?0M=uFPKjHiAL|;k6lt!_tnWPx$w`xjpnvKPAE^@9o}Qu@=U)Z zd}8l(d8z-MtKZiTg%|ur^>9>+Rg3a0)HYP!SQybh7rl^Fk4G-9XDxUvj$W`|EnC}` zL`?d;oIO|2Gc3hx96hoBV1R#fG^I7reB#p{{WULr5k_}?+sP0`Lw%p6zWC)^EVhA2 zao^y@sGc7MtTm6T{`=MWdb*?jK0MBPUFUFotFzZ$Gl8^&UY4qYIeFpoqY5UpmcsbN zkmVpw&(f2arrUX9w$_R72B#FhZJ!Gdn6#N?9-}-J&NyJX_B?;Twi8mJMqNYv5+xep zwrMKYBl?tCr;qltjU*SX?E-tULO4Dr>X!yhX~g76bS%=u_WGZgL<+?){21R8`Vv*{ z==Ki>s)g-c!=B_hM*X+#$E&4HQK3t#i&>i!jNIAj2z!NWS%z1E=}0q zKGd0`b{$nBY|vJ2pcmcPEGm083p^N2q1!3PC zibHRYePOD(*cICk4ye~yX>S(JxGikCd6_rKNL=xHNW6#5+#^@Nw6ada#k_MX?pjw` z8+-f(3K-+fEt|hzvz@qhzkCqir_j9m;`=v+=Cu}%%aHO%pOJ9qSlyM#ZJ%x{;@qr- zDPJ8mI?qQR_TSc>&oIwRDcQMWf+J^FrFVTClTgQMoQRd{?*0=dp@PpNx}3%Hxc{06hvjo1^!is_n{IGjs7s#-M`z-#Z~b4dx{?d)8ieT9sQ* zT5MaA5tg!0{~n)U$-z;Da8xpubacq5>Q>Qr@dLIeNV`8SMYnli6+L$G`$~qUt0q<4 z9qc_5q-H&C5M#*`)F3He&W<22@KvcYCg;F9F4kbeBzi1~(Q?Vt$mncvFD}Ot#)WT4q{MH#eKT#yXQua&#JW|Qgp*=Q@yvRAebmQ! z#iaFDQx;_#@#huWPi+gooaZ?ed}QIi-Mf<*PWjcAGn!@vr{6s~I#bZOx^XtZf2k(! zz*!Vu$uALshqbSULxT_PaoTz+^XxIduo5s4r-%Hmh)ae*L`_ zcO7APqJ%%b+kA(chQdpVtftTQ8mcqi{o(m&x6aZF1D=gZo%cJ=9Jam1&`nx*?OsIV zMk5R4PkY??BX?)bz@|Fi;cPqlW`D2V@mIWK9ZEtX%I6Mnu5@2V5Sj8cGHF=p1jX=B z*%-#`v=}x{cHRx!T32AI?zH`FW83z$(MrqLV?i3X3871eZOgPg3!QDUqvxykrxQ+p zEo$cRl*@`qDXkFF_7clvDtjHqrN7j%w=_?5{rjb8<&j#`K-k?;41roO>)jX2M=M(? z(sc0E+h4oSrWWNT8MkT6Zp4rClhDczN2g8Feb&8cy4xDf1$(IJo6{Y$iyds#Z0+q! z)x>SA@V1WhBJx$$BC-R)mh3oB*Td=IkTBvP7yU(!p|x_MnKU5)%N%`w4g-65%S78KP1@Y=Aw?cw`irN_}0QQyw#glz1SdVZ>WD&h#DGf68$T5 zDB*1-V!NmBR>Cgj!mEYjHZzaof0p^h-M{=PDkkNR>t4c*FE;v87`upyxrz3(NmWs~ zPVwjFbTeh|OuE?x(!WOgjDJ_tEV!$^;KSR^Xsy+pd;Q~3`o*SymI;;`cgj?vC4c=D zSNUkp+Ti)Y*OI3g6@)x_w?PSWa65?+uoAJwCE<(dI*ThhhO#JXI+6YSC*NXca5x9nYl6y2%}oSbF^UTYjvmugzzPcf1N2$$TX<$YcKJtlW6QBklBh z&kjot{gyR9zIwvcK;(0F*Tj8`%R3ye)cMskZ#ADyZr-vrQPZxFZ`d*sGk*0!?%IBo;zoN^ht&4I4B6l`**;LzL-Z@{+Ftc-v z(h1B&_H7~F&!Dx+w(R-ae|P9x-TrDG>Q=_B=DF?sUELcc!w#VfS2bd8uD`lba?9K` zv195;eGz40FuulSk8m=PN-fPObdnaA+HIa#yRpYNW6O&9#SaH;?O5MmrLH=SIDLq_ zf9;``q;GF&ufN*hr@eiLns4p+otxcq;eOk_D{JSg46Y*AC25nlT-1pY( zJ@X|i?VVk>NXLWHpc@r-S3diP-su{fbPcXsm;ZR+P-~#S9x;t@xZ=HS>{bh>eOi&% z4?Ta7NvWsX`OIaPIOm&ZFRi*L2Ok=AkWkgJ88*Fj;o$i#O26__b@aOqhpS(Z%>VMn zU-7F_aTaHvUaUIfm%|5J&vRj0qOFv#o2ZoL_g49?m;Me7+-_6)pM$Ns>ObLeQq69u zztTangX9r`+U8LIlOAHt+V!-U;zjHh^N%|>2}+0lGaH?Hcu zr3&btxR$otE2v!i091Qn-w6lAbPp&ITYUSqkeB1XsYl(;96YaIS+d=?;qKM!!T6HM z5%ci5Tv(BNjRa7B)!*D-|{?7SXx6wC3VhUICY{mi)^KKX=+D zccIpzE;{S<^5QMM?&vE)iPz5`PL*IxM>Hi?e;%XqY46yrYDgVEmoP8d_L4Oxpde{p z{(CJZKt`h5(beZ$#%|=tb!yYhP`8eK0`}e4&^I*PweCF^#{P3>-|kP~YwDw?UO3+6 za;}_ScP#MG=C3{rLDJL9(FyK)2Zn#9DP}kxUDSShNxbG(p61gln$H~cd$!YWJ--n@ zm1eg??|}S|^1F@c=CXA`OeBvq8kZJj&u?bdp5#+vcuL)};^qC6LLDI~)%FGb(jVRV zKjd>r`)!_4sw?b9Z1CS-=i6y_oTAnEB-I69Yusm{x%}ZvEeF98y{TKu`lC>A9wqwk zo`dM5^VPnOw(7lAaZjrLD}I3B8RX4c$W2i*{LuRJ>a}xA16`dd)8qwpEk|d<-BKOH zfY{u!{K->6HF2^An3A>vpOKLroh_<^+Fwq|w#+Uf^X4vl43GXzi#dxo*;HptN0|3- zJ@90j-S)m!F(4|LkR&INo?_OS_9vd`8z3V#pd4Id-Ku!>vy$1NM`k}bCii|8u5XWLnkgvSU+rZzQr9#{7NH|}lDuZwEFG5d8k;>3yATE^U?gO>y&PsiSGRQi+O%8I+) z|5XT!`1ZzSxta0E-@o;(J*t1J5@qw<5h30sX1r_5IdD^dYin0W<=IN3jTC3;oQr;k&im<1)V#wd9;0jS8c6uCeXad^ z$hD52n^|AW5=!+#yMNoWHKl0NEr{@L#RFGk-4U~AbpGzPhCyUfP#E|qV{e7G^i_`g{est! zrqZ%sL?{Lq+pnc1zY^?9ec6&cuQ(V(b4+_GX4;P zo;5c&4Yryde0%3hM)W&L(Z$)pjH+WNeu{cz7x-GdwChY9=%+Ojme>cLyBzEjbu` z^NG{%73A1|YEy4*Rm3GKe4oj13^gd&pS7f4XGYrDY4`A2E4pz@M`$$iq34EtAM#MS z^4Z^KPe#uOH~Dg4s9u~>>}dT)<(m*P)G~=|UX`dgs*V3?#`ekAdcmg}p=x0FU5+ny z?XsYhgEivLuvMdZenyp)E<);s#MKUTWl*pw{s51%|( zu6)lV*oHl#>W>XSZet+FBg4|)gzxT{JQ&&Y=7mXGUq!_O`xQG&KV#3}bbHb_Owt2v zc>Iq#tuNm<-0fVj6fFsn#Y=+%mVFsY)}MM>VzTL3&N7y^&cXkOjj zoBC6Kr?Gz=&AIc#;jF76Dq8w^*NNW9>)a%f%-$78^1X?YwqLMBPcA|aX+b~@Q z#MbuT7uGXOy!*%B;`CRj7Wf?wr{0nIN&2nAugR|*V}Xd|THgQ7cP;gq?;KPvCkdimV5&zCJoP4bmV)2%nX$~FH zwnCrO`<{8g{QkG-`a>VCw~jnJ5;gntv6+6fMVra}#;XRr7qTS$8Z$O`-}*M0)pVOb zqq$hUCOKds>8_w6$Kr(e;`Hyl)5%`b8(ANncmDWmCBBMc{#=zcZ5e;+G^0|B(R+V8 z?!++G>WJ)Q(5WvKS48e+J&_pL_0Z?xphE26(uG+@jl6x5mqS80k$hWR{a$N9foJxq ztyT^bE?;H4ri$KN+)ha}oXa`dt$6Y<-OqDjAWd56ukSbCK}#~c3J-Trk9?fI&bL)1$t*9mfTg=W;GJ4qyF`D| z>|>(q@p;p|ppT~>uk>Ke{10Y^kj<4MDr&4GBJT!IGal#(v7AkE$yWyw_PqFSeEh@F zeV8bYtd%KZR0L&5%}*LXm~lg-^T_4+-?C{JD=g~e)*0ZxW*vt5hAPgk}h11{dARAh>)A-YxmBrIDKc;(Z=I!!B1RW>7>q;l)YHo z>a_3rV~yCFjUM-BrOhSeT%HprPtNiLmy*@pPP$3${S~%UWM`W3>CV*Sqy};LuQ*-R z;U)25hSYJDlCM;wjt3WWypG^T$znseRK3aE%EVL4S32pm;D;ivQFxV8Oz{-)lHJKk z{U*;W_lWC%De*H->pB!-HK#Z5>z(AHhbhKYVO9H1$6vB|H4ZUGj|!(7ZOH^(@&UxPz)*fer}jMQl>3McW)nj#e>pITiVI;PgPp z%|{iXN&5cdrndqFGXw9xr2r@#?s#qFPq|X8il0 zhqG*}am)?!mA-qo7LSyu@MH+LxFBz~m;|sbb*+8*4oO`ZI+{kFz z#GNS4+4SRpWb1-oecm|FuHyEF3V|IgI^T9C^J`bGZvL*2&E9#m7a^i=uHintep62$ z+9Bg8H+zKt5>ZP6`e~gzwzkXN9jY)|8P_a`oQX zU5`pK+NSrXc*nS`YN35aK)5cdJLKwV<=YC5edmsXvv&OCY}Q z3&8HvRM7Z&Z_rVqFM-HIo8RxU@FX{>S*V3fR!u{#Z0+CMvPH=<3;0~>54x;9{$>n` z9N&L$UD$N-qUaY+oce?vTa5=9sHE(uM8QcND)rT%n>S~OvD*)6*Dt_|r4b);$h5PB zohRmh2U~Td%t?Gzuc@jB4v3dID{(4R@91vbT)WR1ydGYh$-SS( zBnK$n2MrZ~NsN zkBo+R;`*E~*@TMd4k^r+>}dXr{IT4Bm4PiV+`M=qTyfiS!kR}=%pnJ2zvaiO{ThRO z9NeMxbM1!Vf+9&7{2Sf>zI3(mevd&Y@XCE5Wz}@VZi@cXJz6f1K_8tHd6}4Pgbpf< z_ttw>RtnJy%Ld055$)BJ9-0@m4sTCa*C=05tY32-y)*51(ym^7E`0` zp2T@~_P^SqjoGC(L#60e_2))deSWdsNq>W^CJwO|oif!kt*Gh3j~?6(zV!ajf3Cw? zw6pZdZk?GzjSCOq4DqP56I>_?p2C?cKKUbExU0nJwuRBOu7A<#wG#}fnRaR zir>P>M|sRTfF$hr1o2;3%V+` z2K~k-(=wVjO}B2A=RvJ*7O+{_hDUi831cnWg-k8APHd8R$5;HqhQF@OIOr!S`Ng)J`>~sdrideRvr}#QI;?1638&(X zkE;vYQ?8b8wfB6lv$0E~GmUk9u0EroTv~GP3xRZvxEHzNp2aR@SJU?9Ugg)We<~$| zx0R4Qc2SUZvoz%y$uqf`s^U3m)9`dtWnU8YrFekjPLrYZQf-&wiyawzm0q6v;2Wcf zx+T==>k=rnetfqXvS;pA`%Rb2ccy=?R%$!ma&%T&P|RG^kJx#w-2new%h3(c?My) z<}5a%qu$!D{(0Y>msNW%<@*GWnvFyo@_xVyj0#d9O%Gvj<=f1tszI^2A4zacT zO_S8&V^i()kNgIcxiJz@Jx4GqKOmkoz5^ z5PRATDEuitrUCnY@2gIIQ>(?COe`)5?cXGfEggto%pvT=`-r)Top6`aOvuly}i>_{G5m*38nvpA~KduR`NF+S;9E7k85-cbn z3PF;5{^Ni`P)4Pe6(tI;&@8b@KO&?Y=?SEOgA7Pdz1ZleL_pEY1PJt|{SOL-OgBB^ zObVeMzG$iyDM*kYECM7Hg2jSGU}pJCa>QJr?WrQDg(Xw0#eQ$nT{a<8UX6ZpW$zk+ z8TUeQ*1OVb>e3Z;C?MU0wQZ=dQt(Cv2W6BlK(i1a#0Uuxj7{O5&Ztd7SM_&YiQjNE{7ZT>V26 z4DqWBUdGCbT-eIkV}dPeU5i0#C9lj>ndL-t0gdsd;Rzi-_(en_f>L7$g9T z2f~7a5)cg%$in+X@b(*b;lu|A49^m{^Gv}FUrUmIe#juExI=oK064j65cbcrNl0&Y8)2v;yDI?c>Y1E!^uq<+(KTq&g`TZ83a_KEUk0q{p^idWfN8<49^Y+*8tn65>`m|N)oXd!- zFwxDTH>sn%i6rtzo^XF?p+dKu3W5ab59QYUcfmM*Q1^CU_tl!$d z;C;`Sr531`P=p8JrhsE9RiGe1fdzO2wkRJkhOJ!!kYIi*Ky3;qn+wUXun~cUppWCs zz+(hM@wk#mW$I=^z{vujG?DU!{(j01BM3w12patXvNlxmHB;=j*-k+(zt437tr;rg{)tG96=Sz`;&nUeCnB+~v0w-`3 z2fgx_vOv0dxrHKdLpBe=r!a}e0|zlk_q+fuyz^+KL=9NJC(t+`bvSu5e4Diyq5d># zXI`nrzZ##v7Jc33tG_lzcp&qrC;KT29fevvTj(zY{q-kxDi;aw8Cd^9*$J%%=0Qy0 zYMCg!W5fUWJl5qwv$)2@`G794)Sr!CjP-I6qLPp6}tK@%e&;QEilsH#j`KcKE zYi>lZdhD#66i^NT+dHRA%&c)s%N&{cvWdbW11f?X>p1WQJkOMXah$!*U{4*;qF*sn zly7f8^YMZ9C?1q{tg3M{bTwOTTO1ala-aspL>Vrw_(1YoroeRX685E|Zrnb=^m(>y z+mMe`0J0)OydbBF2++`fS5FJSM2~j;UCIm)yAejY)7X`cT}}G8cyg9+0di0!TEs~U z6Ls^$eeU2`>EW#oxaysa_351R>?jC?Ss<_hf=EG02_z^DE?acDofZepnzZQW zvfqa4jAEk@k%azPj=0kch!I6-2nl3~2q-XsSRx|Dl@u)tBGP?)SV+iCDMt?)WpGZJp1|;LVHS6_QVTrd zVk~i@SlFzZgfu8Vhh(Rcs5pvA55P{MDCeFrW?D8x4K{=UVJb*avQR~lJxU>2BES|w zii8NH76}3Xks!o|<8euSVGiIqZNjgtAtHMQ;kx);h7=lqV04bg(jR0npNn&A;TnwsB0BTBQ!viA0 z1=9d3D`g7}1|Xq;Se8^}o7(_eb^Z8;V)d{~ksMO=hmhbrp#r5D#?QnjOc{WI;qI}; zV)97=$Em?p8!c14g@-R~M1@j{Be<&qi2(s8m8c}d^1$u!+Sk2^B(*G5ffJJ3W*7$i z-iIwy55%7W68yc}bS73Sq49XNyVv9u$Xt_n=h3zDq+4JLK42Zh<@4;5K zkt(SP%*U!FHAodjQYh-MCmi)wv(_RfQ%y8|T5GG(dunYTf`s^$38b`%rAf{K_tdr6 z(E8GgOBo0*A0@NmIR?QHppao`0Yn6!9FUZhGSYORGD|QEkp>h75)?uaNi2nqGe~4B zh+rcCM9@mbl8S>xjA#@rmgYkYfhLkoV+jG|05kWP@bKwSe7xIB9f1SIspcNd1jR`v zRZ-__t>5~XGCn0uC@xT8TbC?7V5K2G$BKpQ#z4K6W#Pr`y1%p7rMjKVl0AGt%%OZvPLYG875DS_(eStM0bDW9vLp~TPr%aH# zqj2ZzFNPgmp_nrU7=egDNJU_ffdw;M=f~aa#1qxh(Fx;WqdMmfb7mcy+s`wvEJ$Qj zP3ZAdl_^j+Po2e*@k3w5NP&JofKqSHSXH09l|%#{>ra}^bvqKG|+-4a)xl~)PY*h zYUSy9S`_6cV~K<140=k(W0kmb7R+1MmK}6-&S;4UmXr`ov|$riNlY{#kVXs$X^}|C zrKADATTZRmID})QAW)150ThZLfFFzy3;_cHfml|3EAH{}T3J3~ee_Xg!qU!t1L4zm z&C+P>25=HshvLZdcbLo0!pCy|orHPo$+X3Chi;P*Bt7$jizKxq$UV9?-K59I^xs(K zzrqbeP5j;?ZME;1#h`&vN(i0VgCz85I_4s?Za&Ob)96vK5JeDHuf`e(Ad^03zzvMN zNfYW&ilkLZ3c;dG6h=tYr#&{YHxv)lLgTdV=kZq1&=3s{_WCpgC~kw)GAF_az{nUX z8&*LrS|Qz;S7{wi;GAHpcCzyAS{hB^VD5$qh@cD>9z2A@%1NNGMo(i!>DVlnjW(d=qhUZExm=(I z+t$miU~SZalXL}=h+rg^l&I2BHrPQ56re1$;x{2qa44Aqumq8;t<$+1R6!8BE_FZ) zs@PLJ3l`N5m#wJm<0IV(PbP_h-Xazh!^;`6P7u>Dr3O!P4~M#&&XF^z9MWv0nNm!Pamd%#>Usfz=3(#6u|ZVn0ANvj=ab>3@GL!A z%6}I=-Z`yaDF48UQA&wa)};IBJVPXb>CC|m@9QVO#)wahgQ5qG|3|Zhn2GU8)oPxa zl*jUnWiU}PQ`tCLRJuAm24&47F_A>MS(S4m7crIVbJEd}6+C!PLEscrwbF*mHgma3 zROGhMtPW1C=^sUT6Wi#Ao5*~m9`HN@gu*TG8uiEK0M+22d6f4=yboMNs3QrS5)Cue z@Yt}Tf(oF_G8^(~$igGY^==<+$(sBQ=pqMR!cAmY4?l?b-qL+yoe4Ws+h!VQ{si3tATM zAyI%NM1-9}4cC}GB%DSvp!#sJd5DIv+bt>0q4 zS=oXTDGBieJ0S3cLWbmo1g9NQkp$^)0p#|V&*nfp&jzMQ>|V03hi~KCBM3g=1&X| zq;NegLj)4Ch(Lgl0f2P&lF$dAKX2*l zD3kK(^!dhE!o}rP?|sT*ggXv6#sHsiXb{*1ctK7U)nGDsoETu;z#>*Cgh{jW?c2w+ zoy;atIJDPm1%wb3OkW^e5)=WPE?)zTmBR?3mB{g2pqj+y7#s?*j<=I46FUK(x;;4p zvRa8r76HYZSD>F`ye4IdlQrWkC6bJ^rfaaHCPqi?Ff}wZ7bZ$Hy26GF3luKp%Y%Eu zA;s@RUY)ha^c+-db>mFWztMT;#xpmJUTr#l>E|czZaLpoI+aP(ekbFP8U$4%TYei` zy>aGSeeYV==68HWd#lkc9Fv#2dR3g2h^tUd3#tInuB`)LG9iGV;SHelgdGZPR6e(s zc~y1Ryz5*k9F|vDWK%P8!!rgB#>|?N1#IgZuUfAen-(=vSm#2-%)?^E(=yDC4(!Y@ zDkad7wfEH4C z7Y*;4Sq?!-JED%L(l+o>QzJu((xx{{YHG@L%PnH5L7H}U#u4|Hw8pIT!p)0yn8HG& zuV6k0h(Ul*FeX#2d1=#m;t*}Vj2M!O-*9MOd!mXjooSJZg4r2l=(D@6autTU_0M4Q zIlS$Qx9m|pF>vRb7|&4h8V#>Nqk}owi!clkA$oqvlFjX?vBsN@;~8ma+SzzFGK-jl zzO)b@z1(&;AzE*rztE$4x1IXXPrY_XAMa~Yfu z9s6t3wW!U!o<>I<%%eS*PK|QstK8(daa$fT&vtWxM3Rgdvy{2R8f${)+4Y?iZE~w4 zc^AK2t#q_j-bMB{E5Vd=sc0G4I5n+y8$^Iue*i-dK}81n^$i*AuXC!@oz82KmIgth zvQ~xTWxJJeCJnqeF`3&KLz-&Z#(39k{JQcvF{(ASt7^{nj>S7<-0)^_V6mA(#IlN1 z*w^)(TRhdamt|2y&E#EtuAPk8N*vlP-rh!`*0V9Td2wZxx!^a?24!$(t>jf|rnZa4 zFj~enT<|Wz=xjOZgToA}9t!9vis8|nbishUzAV$HZ@ZA5s{2wqP`67546u$sB0<`P zZF^wQzO+$MsYO+?X?R$tMkSw8OF+nIeaNH|^qb9hO^m8jqu4x>dYzV4q)a3Fxy(#S9n-tNGOlb9q_=yt(J`!Gczn$ z!PiDz&bF#@V`BZ2QyOTw%afGVPMw(~aYrUQndhCJFDX$sl}L%?X$2{E5{wF|3O4L7 z!EeQZVC~_21UuF^dA*$kuu2x5MGc?=q|rcS7!>Lhe1=ZXVCzwqB!RGYcA|fG*F~vn zguz0)47X`4AYWVsN1{;Fb; z;#_1|ke2}wRu}-_9jP4|JLyLM|(n$>Vm0EgH35b`KMG8L{9=zeNvB-Su>8gJS?Lk2M;1-lY8wXNFo zP@{QTp@3iv2xkXD{dIn=qQV1)C&$|D9>-4SRL|2As&7(d)#i;R_dATw9J9`lWKhV! z>|~NVmoQN>OpVRX#TyIdXJYHkSdG@Sa49aS6gDj*5|pEALgxo2#tz12Lo>M$syHVd z%#8Ck#jtK@ZeYRDM`KdvMrWyw4Gb27hUVq@cAOcRnIVImjYkF#BIXRtwVIS}TSM`g zx5xamH8TInB2KOAZ)BcAppnR}=rSr`n)B2i(C_A>!tkN%z19*2BJ@-f5s^?uOom6) zh=N90TL~d)UGkY;rDd2$o`f@|aKdMU5d0`AB114-EWflM(htJ|iiH$Vp+zL2!E`>C zzhJpWsVzk%iZsn4dIc>dN$%1tasYk;z@aliO@$I?fDbaC%rG#2o=QIVc5(0z2();1 z>-4Ikl`Jh~MFxS|xG!JxK*YuP%m+9{fIvHUhcxlPf%*OaG+(>pq&|W-ArGjcpj?zJ zP=!jj=zWGmOkz~Gi^icuMSZpuQG+7IO376yw5kfJQ8l4^^}+2TJDvm}AV`o13j%nB zMdn%)j5(viWRp%4_C7HHK|Mf)U}!t;i*T?kNd%D!2|*1)${UCXArU4P!pJv-h_w-h zo_Yl^P_`N(F^V8+7XX0=og_&2gamy!8udw6uTJaP!AbOY{~MMmsWmq=B|P)vGtB#n z<~If$^urMjGxLo}qBs^5HvV(iD4OcTh0Y!R=&8kmkVshH8u4+sJ`NC|zo`ze`V*5O zm3F44R>RVgFrc>kw#MGbtG?TI}Cge?Oqo>+QR(q!^Z&Np{3wfs6hvg_Zv-nUS`ad z!cV!!8JR4}i^cHo)(LZoFNu^&$k<%cRtruv@popv)4EK%o6F_f(VZD)sqYE${U=%O zS4})3pCdY3pi@CC5F!$Wk7CjYkb<6_>IW7d2sb1iUW?GLPn7=ZhY_+Q{OYQLqJ%(* zpmEqJ2Uial%lN*|yL0_I_+aT(e0ssauyCptc=5e(i5rIiLGp#w-|>}z;9cph1TZe_ z;huWpEMuM_GnGE%P5BmlL1!fDi=m;>PKxVTKokC^BRQSuG6fPBs_t zhhX%fI|W3RC{aR+l6*zPwFM&bl30{cUsO7gjK4!B3`Qsyc2DKXN9X%1nK?!uKikL# zmG9R;Kq3Sn3<3ks-ajOHjeL(dVm~-?bo2n9FHwjXkRV0jQ`l8hDM)$#-~G>P21Zb^ zQ0U{qX!H}N^s&~3azH(F6a+|Y2r?>!hmav40$7y>@OlVB5Yn%repK%Y)R=gJg29}+ zGjEQ2QxVj#wkq%+h{7l(v!nQlqiTq%MMVlJ-bdV2B8ctf*d7o$h~kc(L`BFTBfbwI zICv;Ivr@=c&ZR~oX%)5%MIOq=ExBTvNLx#L_r^vGWE8YCDIa`D(xkLc%t_fJBBc7^ zLL`J;8#KPM7R-+Dv9u-{Fi*UwmUdRdpC870v5^K3#)BiX10uS}?(lXWB5qYl7?K#G zRY-kFDA3Z6zQ`B^MnFjfkPv|p;#T#Va2tQ4nkiD1BOf#4+->=OZ&L&L$0-i7^3*HY z?E3p@Ao;ToOy063Nlq1eUeqp8rG@T;gsn zvFT`?Gp0pLEK-L}QmiqptrbdS-Yisp&x_M|pQeNLAK7T)cqKoJmv~X?bz~9e_FlqR zuWYCxL7&~2!3&GlL<|^#x#&T%MQ=6AeUVZp`=|yIg%uA6$*LnyFUt5WgC?$0K=Hte z4+rjhnhor|*`XR(erabR6e=8=6k->|w;t|}%Zx&2ne$x8Q?yQ5XM;q_jtx5uvCctq zDJlFmKa&GIs}_o>I<_kYEM_*jkyV2pEMVB6WGF6x97uqs9PR=j0RTVL@Vrt%D-vYBVj2E@Bs6+0&41uCNB6)r;U2{6K3MfXrmz;s9_} zGOLv~WG!V<#k&S;##&JrU3-QE(QwnYNs*al7S!%kXj3Mo#`0jXLZVcIDKjQz$|}WR z%>RjmqK(c*=_dFlY2sKdejt}80;;mHR8*SMtwF;EkET5*{P7ItgF&PpwfpTPl9eR# z$k2IX#GhO{k(`GS=jdCc#20xer4=Po=LqhKDvD5<^5Vv~$F}v>NCg>w^x8DRuDU_u zj7-=<@zn|y5y^D(iY8GiOG!NxER^@dW%iwhxM1`~*?dpRc?aNlB=V5^^M83ED3kIQ z79`LA57J~|`e-aD`}|Gl`U_j$s_lOdrzFGFv1g+NLdFaaZYyiF*F#fAr6yrC!C@a` zK*-`owD|A{B#J^fFrlE7gB9x_I#K~MX*|#0Fo1r*Evpc)-vo+Ch$OH92w|Z}EQ%^3 zw?{E?Fd(psS^;Q*JAxR%bqh#`>nchrB&3xhDNs>P?6d$tp}12;`U-gX)65@Hb|`^` zrSti57wohweh)p~^4?g^eV5aY=+WA?c;Gw`{YETEt0=kL%+z4YPS-bV*xZE_lyJRe z&IF?dg$__)b_Ep;gJr8M{&R@Po+06bPTF9Q{ub@S(Mj!_gGoR)R1k#Hg$EqGhOj$= z_^_6|Q+Hj04LH$q2$B+#U*26FJ%eFVaA%0g4+~=j0z@vjEMt?Z4%Yyx2?zy1-bl(q z99+0Ut%(Rh0Rx2t8(C|?ps=R(TyctMX+V$471o)uXT+Da+eunkMa;$6xn&s?SwV_v z4^SOyVs&-DB!o!E=S3+g*PP%!9XV*^0kfzWqZR-gRT%|^Oo#!dwpD$k{s*|8B8nQ)&-D%7mg4ECD2gB^Xj#13;7#mQYB9EeipJlm>zjpvwdW2qYO8ArMH1m|=sR zz;s9;f`|wq5CaSdvPd9;Pb4KsD0^~z2dYEcL)SvC1Biv9#`NfStYG1}@A&}pPJy;^ z1{Pt&x(Im)9Qa4!w@ig+D@EH4A)s9sV8ThQc@s9R5(S8ZutPE%aZp19pp+Vf+ZF`l zcY7xeE(Bn9plSfZf?W*Z^I16)JA)X+k&H;@*4hY~06f@SgoGzSo5QIhC=Z;+1tuNJe)XW1;i&^g{%cZS2U-S>kIIZ#wvL%_It!fH#kNG{*^CjUt zpeN7Iw0nVdLLUd&=D2&TJt{>P$tTW!ZJO_@B#8;j5t}`R1_8^8IupQzf;Tr*u*jik z_4TN#B=>Mei_ThFPnyt6Aev9ondx6McQwbL^9*c5Sjon|Ay6cIroI7Rd1n_XAbGOf zdrJIf3K`5YJWtoFKVN^dG7tBCl&0T-QKN=rXs0TnH9+SIu6I1ZwV#2Ywn>$fqgELm zzB>>a~3j*~vuvT?K;Mcz}$jKsgPEYlPZ73+@!6?8`AVxcvzMZ_;)3JkWnd=o} zG?Ie?otUN71~a)02ppVK_f0_U&gX6et01oc$RLk2?}LPcHjNsI zGRV~|EL2od^bONMLY7dH8`QlaZ>bggS=Lr1$4{2Uc)#L$T156dHuC z=v3~!U`iGgC@|Vf*s@H+L%`N9l}Ncn$f#8$QF^{Gh34C|CLxF{3W0y8LlR(FAt@1> z8GykEV#QS(JiR@P#D@=K>*AAB$PoqPRs>^gjlm z4srr)ifAj5_&rn4!kkI-Fu1D4Rb%QoI49rt;e#PI=Lj$-&CHJk0!8hlUW~(us~m$= zLI=pQSWux=HL_e)%L^rAZA^>+A*&G2P7T5t{Tvy3c{o*>Uj?{n-Wiqo*ttAyCjV zX@w&s6jBk90-&JOA(n70*5GFYcj9c|xQ1@yAi8sgCPks9lT<^M%(gtXG+i;zPTR(m zsLJ6-o{%_e5t{1ocZS3bfrJq7e4&-IkP7$O*vCQHpFl3ucKA<|!$#zEcWuw)&|OlC z@9XyA^ZR`cr0en?$n&Zw-xn;Ty#QDUEWs%Q!GW+q$q?7xLge&>MuX4Eu}!er`Rf$Z z4FDB24)cDB=?vQi@>@t*0fPhtRA76=>oS+X?~trodvi{^0&@5!s5NTxLbKL<-L3+f(&p2 z4;-MO_k)k&2f%>v$|b)IxsExM$c{=tH-Rx06c77KKkO*5qVq&3&X1I$hJ~bIXJD96 z0u(JnC1e7a3520$Is}tL0T^Q^asiSg%TW>$2zr4GWX4HY5`zSVLXbfgK-$JgDloa3 z0ZD|Okg^rk_eVA*%FTP(HvOZH7awC}3L;20q;&_~q{9H+8j>AAGMEBEATWyq@(@^1 zT)kOENTsZiVbT8mBPhWvDFTD_g}Sx*@<*-Q1|a#u2)QYgV+2a;wV*&q79AqLXfPGhJK&!LSp^s@Nh08&c@BWMPfhlzz!)Hs3jZVmK!V8_BN8N4 zB#{y<2&%C}U?NBiU<(N%kQ9lK{=tI z^=LJ_pd`aG4jT>Mj5(5+L4mX>ZV_PvFd2~a^4&0j!lyH{RELvuc{BAWsLC~X!ogIk zM1GGUog~!nK@vnnVk87)K_Z9|j6@_tL5v76j7UWGb7?Ua`67FQh2nta5P^@=nXuep zO4VH-Q93(Qk18w#WB`aHNk4L&fv7NNq9@P17)2&n_nn2Hs>D#RxkRuZRSP646`BN) zpn;Z<%?I~^fi5wE=h^*MKD4Qj$wTN%6rMu|>}+Iz-hNa6Kdkz7Z4{^R{r8e?r!^<| zlr2D^H*144nG;L_lMYIQnoJ&)3CSlA!U8Z@6JVod_9d36sY)G82sd}6PQZ!wl!gz% zMaAJ6zL(mFWk+vIBsu>Llu4~7ty*?P_)QqmD`V-1d>R7H(+MNMeH;OTAP0Hu21Gz0 zsb5REUeaG|py@PT3Y$tgom$XOi+x|P4OaJWeZgf;^FSL558`3K#?`@FD&FrFPsb*G zF!M7*L(&960AWNZ2$WQRto51WET}1X%9{dWELBWcusFw5Y{!p&n*q-SbCK996#pc2 zMN3H* z1}|e5EM#86pc7$53BjUnGuETkwv^9~H*`Nh%6zlTl%$awC7{A*`cUpA(2yo^Q1+V8 zI$42F!lGgN&Cyv<2fRSOks3kabGK+Svd z6LSDSNf1ILLJWu?AVy0{6$%Jcg^VREC?Jsr1cCr+d07J>tk%8`0}!C>Ev|!R@H7eK z?M~7kY5LR6UJHK_ls^D4(bRaEm614yNZO|t3ZZbYw@|ef2t<$xWZWgxq)=Ih6V6T~&v0*` z6OfSU45^zyX_yZIGRR;+row|^fL-B0oX$9-{ILC)0fC`n2zUQ5P=H+cVq_mIWQ-O> z@^At1S4=qh;e%%8DX2D}k0%-9JH$MlqTo&7$DXZ zkwK6nN=ZdTDv@OgUr}iblt8HkN)loXp&*BSmXrX3gKAJdKB=aBx>!JM1c4Nx&BCYZ z*^(GQ6E@4{b)-v~1oKu;kd}~H6$Cu|b@;!Jm-#6p_S6sfim^u(C7~fk;HY@(l%K|k zoFQrGon(+L*GI|#d4dW+f$!t$*IO*3$N>BzNkW4N4E**?9uha5fk>o_s!)jo0+b2E zD8t%-X)pwXBLG2!iy`mfjuOcbV1g1bdj7tHS|kvy2!aTosd0oRAPPhQga?KhGoyJ; zNsOIbGDt*ONW2L|#Hz{eGEs^s#`e#QFY}(zrY!?!*n|uNKtwp1L)+dyj5@*zzjRZIAXfoFO;oQ&Yx$?`d(izbkkmNUwbn9+9+M>l@D<#e7 zr5jObw;b^4wY)6u*en${5wMaRFpl3=p+i)Hm5qayS(+A+o~uuR_7u(!)G%eY8(SEb zm1$o7pI-JH{pHk3FPF)Jp7@_>ME6Vr?zYUqR~J@}Z5LUSb-5yAE+~-KtUiZ0#u;LMFI#ggAxFs z#zHJoL1YwUPe8(=im3o#9A+4c&7X$%_-L2e!!@eA^A_N;SP+m@_+A`x+EyI0Mnl8t z=iV7@Bsy$Jd1vdGU`XixlA=I@Pp<7p#DXOwt-(FCZ5m zlpskYQB_n`4}u|rf%+}p<06sx^9?kY>=WXAN;V6gz>1C^SjAh0j*bbs1uUQt%6mzi zoe-ViL`f74zDnJ^$Dc5B1#odVR^42;!3{3BiIJiKH+m0;w-+=tW);l8nV%3v?h_C= zAB12dSttx777+V@5;2m90tgs|1_4D$N7)ZApgj=`)HsjkJ%P`T(hs9F;z{#)duNL< zS@oK@fECMBWkx^XKiu3%2=s8;JChvCUBfz zc(FUz1gU1WEpcGAe6T7=3Sbc^h>6@qIMM@n^Y71np+gKP^oY>R8W>@mWr3PUd)xq9 zjtj{nTxC(LufD&0{5>2|!I4NTQF!kq?WSBAtx`Iyg9S9PY?Sv2R>ELWfEUL(!Sn~d z3YUS{7ody-sChk~EqlDOv8Ib-N2i3#cgigi){ z*?OG5Er}>99NqmG9(d74Q%?{$5J3oLys*5G+=haViLZie3!=dU5R4(c%rFo@VhAyi ziK;?}G?bMKBqb`qz(XW0s3hfvAY?ZPXd@_-M!?$zC!>1M(W6UrAKRIvhc6&ZN&M4g zKe={eIjcz4)O_Y_j5nt~pXkeE5rS?AIi_$g?v>QFHtKa`10NlGbET*h1;u*i1FEMGK?&Yx5i`Xn;d0!Wj1MKlgpUkz`2x2V;FeWO(Q$TkFfr#u81Q81)dbHu z%%f4Zl9UXhKw>Bv&Bcpx17++DdUYdC{4 zY6wvl7NCmxWuF1#0ioU4-1QLBC=3xqNFo%WDJevhQyZUh=h!_!d;F%h?7=U9vo4%4 z$b&P>^U9`zTXYn_M+HStj}PZX@UxWIP_Hu1MYK=S^NnZXiAa@eK%TJxL@R*Eii%5vgA7Z- zvK>Z67?Ua(DhYrJ7kI!!0MWf`a5tD3>t&9m&6L>Mlq^EgC{sI~Ln;)2g9J1LqNJBH z;SGp<;F94eK-g?KmS{BuHF!fL#CFUCh#^W7G7k>7b&kn`2Am+8A_oPbhu9XNj*1j) z4hI5c7)eTJO&XI>rkMkPat?E>10$dj3Y3Tev@WHZoiH;&tQ2u329T0qWUXl-P`j80 z1|*1iaF>k~4cx&B67~d1Jc1IlII#JAY11*y8n=a8VvMB^7_d??Lo<1!YzbwR#wC`yWu;o>QfeSD zjtmeLQORh@fIW|g)%|eJ8>I0+T{cPjhKWd%fM#Y_F+G~Fetj9BK;_ZUj=bLqz#+EE zuhbATKhp!bdn$Q)l;p}Ia{uPT&l5fBd(tM9N|Y)n$bv`=CUOW9j11JJ4Xwf**J_uMJcYh)v7l!&6ZOeL#T1dTOSr*wq$D zu!1CsStb2|u%L)UK?mib$q1i#1cgD-P}nvv1sn1J@CIERG8HJ@^`_`*V1kLrAy}jY z0@)fBmAecfQ5T^1DnPYJmR7B;9#o8C z#hA#DrSjs{WKl6rFv`LKuZ8H}rG69cSjnhr&4f0oDv9r_d>;dL6(DzEVaZUL0TkU` zzpyBB2m;`6b`Z7@5+f93SpXnG%eC{map1o#UC6vs1l*@^L0j`FOBW7blF^8TO`h$&`Sh+v9*c_8OXJm zIi1i_1e`R5lCk6K%OKj8>AjOZCspvZ@e7CDsN%jy2zJ;_-RuLj3 zVv!93WrU(b4MfPe5ikHlBC^{92<*v5VI@K{Xd(q_R7lrMAnK6_ftuD6HMufIN<#v{ zWeBlM5nJU!J%JJ=KpIFaKEKEmThcutK|uv@hH*Y{`?hpTzH<w7)QMg>5&l`-n=9v zz~D^nE+Ay+P|~Dn8i@?C5MtE|89<&aNNQj!xPqK`7s-JSSK{JNCW7=&fItvMgc1+~ zgk9kTec1uikDHGjs%2^h#83=^140@)yLj%nU*f*+PNZ?+Lw_Jn-5B=o(|}XXb1)H8 zq16DmR4^!5E=Nh3VvojU{Ybboq2VN8LZwhV>>rxUW}4Ad?nlo=sT4y>N~nBNqHjX# z8xoP~R4+ygRYn$tuVSHf|Mv^Y1K#xXNeqYNDoOUf(yEWQ_IVj6K`^)N<9rl&G(D8^ zDoGQl0IG(LAf*r+T&UHg8^uS46JQcSfd$scLV~RiOa%m(76n*PD1GV?l?w@AG#T}5HV%Ve!hm>EN%aPUVk{6`1(s;GcCs)oag0S%jL{`hOZ#-Y`Z4`_U0Ng8 z_cf1_2wv8>Q-EX*d)R&-ukM6}@@b%|K$_IK3fO!RM#npNcP@7r25|!cMH~o2vKlBS zVZj1pAo|vXD98g>ckjp54RMe&aqwm+@DdYEP|e>i;QuKK7!O~1{xiKp#7?X}u)@&T zgF~|mfoJwihqGKvpnx!~N7OYzi89!fI0JboIX+$F%PAfX42Q&)AbN93+bAL{z* zL77x|WiWtp2z@bc?Ct1!Ox8>M(2$T-Fm-&!Ne5c+2qB7~CV@b-9+#erb3GD4!A96a zDoUobW%@F?li?py{`>v+)B4s&D)rvUky0ozQPJaS11JGXj_{A_tuO&<7ZPI_sSrT`RC16ac-C?bNO z9)tqGKxsf&L{fzW1U*5Nl)x&(1gwN8koASY!UGi+MQxHodYl0U2^Jb5f*0G{B;Lc3x;r5lMfkrVEB~oTdy8xuZFBygw=WJ`>J_wmmeoY|`ePY=uAiu-kr^cE2YgOs%SBBH$?&UCS#Z9a2$ecXtqjNDr z#Yf@b%}pfWMMRG=b`*|4{!FZrQ6q27En!t*F?uHQz@R80=c5H8!4N_g3I!-Zz_3_| z8hs;nvDE0d9*r$PwO8Vvv^exaO8kzOercP^t9>Sw5*=ly(VNW77$}p(Vqk1MpP=eF zUc+n>M_TbB?up&`p{Mx2#|uOJF#V9X^1xHZO(W&lHaW-`!#9O5Myv}+@Q>B#C`b$j zK!Fs26d*tuhk$#NN5W&BVlQxVg}Uwxfw$MehF(Lsu{=gN&PpX(#s|Qheq6?+G=x;d zgP$qwo{zHl90UwjCLv^63-Act+87us0J!pAn}r9OAVyHRWB$_Cq+tMwcq%1@R1gWGrW}^g*3=8cQL<|JrnxHVigr!O_fXt`!{)^8A*S9iGIWlFZFFLC= zPMx~s=X~oy&bLfw$jw?&_ZqQSZrehA_XLPA=m|Qo&S?UX1P~BO9F%B^7?qq`Dince z)KbnC4Q<8&bAZ6oK;S5ACQdY@pu-K)p@I%+c2dnH(#ka~W?m*KWywOs;|vYx%;pUJ zLqVcJ5DaKF4vh$731|l(HU_8_0wAEY1O=oiVWb?+Fe^04b%tOikij7VR3uYYh%iD@ z8i9d=P%e-%5kq#0b)x z3k(6N4U{fkm`n{C10ZDxHU*0=>;VjvfIT&a13KuTZLBdMit58mNhZy4qQTI^V9p&g zKqQDJVP^o2{B=K)8zG~GxM@Q$_EGpIozQ4PC% z*;XC%sn9Se4Ah;)BEc02Q>ASfL4+phSQ>*do>M_Y;3fvB1`t5&WSode7D>z_%~UqT zNpNuT7jq@lsR$Jwx3WaIV`vu&ux$*2jEXL`GO{Yc-E^@YMV!S%xiXFHPn4uT&qD=B z$r+Y4j@H6QsI9G)GbON7F?4JJeFhedqJ;Ga&17vn6EXqnftsiWMMnM+aWEb1s4y8p zkVe5-1q4tSQ0_i&&iXxZsA1WW;WHqhi47EQ#0YX(GdOn%N8l>oC58$jnzFW%q#II0 zIZ2=R5W-3^fOHP$rlF;rV%(C2NN5}d%}iL4f|C%{upFfk1RG#kqEZt9l3>9=pk)L| zgrQ+UkTl7pCJvGmaiMI6DiTB*2ns+%heQK2%$H`2l&}oSNfa;y3Jy%bFquh2L0A*$ znoKTOpp{Yb?%$X!Mrs+kIf)RnU zwiDN&yM`HnfS^Q0Rlu@PR8SNM!9gS_P`>xU>?DACbP7Y)O02+FObpZD=Q@jA=rloL z21ix4gcf{w8s?`^4F)g*Tf2O4K+lP zGIw(G_vr*>Pg;TVED>kHkUm$9%&4B_{Y54OApr5hPJ)NGML4qf90i*9@bsa}1w^JG zfh18pWqQP&tn53oQghhz5 z#pN8QQr0LBkv4~@AY>>3jx=%0c`!u`LGm)$>^M0=DIV?UHZx}%u4_0Hx*66@h7hXr z!Q2!Ss9xzT0YZ=(M-w9jvlc)@a6*!-5d5cR5I!K9HNz5t;RA=6y86NjNTx9of*5Ro zG$i7u{vGq^8)E6J(NOt)$ExS2oJ}c?Ha=f9zETNDTD@>kZ7=$!H zx+?wo9Y0QB&r2=w`2lAE@)naQs8W;dDJY^Yq)||oDnwh9v@(34Vg)A@l zF@m9;GE*{~P{?L23lvASJV^GeoEmOuS)_I=oJ!_0FGQlGF;KK23WMQcy12!45K4wA zniw<#6l4q*kq7jii8Dh=e7e94lK=|?fWRpfHVFg^L5wybFcTP50x1HF1rY@b7+3(T zv|559!AU_P4gkVfFh2tVWJF|`S;LqGpdf^x$OtC@f(#I$LB@sv!W=;eOvwfelK!kz z`Ndn}*d#`@Oj205QF1H@43Y~L2nnc8cOrmDi6OYsQ%fL4E``?l8+vKI;F*NPBeTY9 zDL`LJZJQ&~gdDWK3bS zCKs{>;hrW;XJkAB0?v5a;M%|0rKFmcEe%RCRG6qGko14%sIriHrG4F|hxrs8FDkRD}$J2murU zLO@9Yi2(^BfJguzl_0SQm&GY4R|MlMfgr!RKgv?@swbx~UySh} zu@WDyl0U`HAEN~QuUjTcA0bcZyg3t2-eAU))sQbvdVvLDDF`DVvNC~H2Colm*i1t- zoKcm`5BL`OnEqd#4Q1cE-RRTcek%5)c1fYj#;35Nh_#8$3y;KLp8n{}`}eXbE9vqp zLJUHC&4)M`;ZQI#nHn%EK?ExbWkG5Q0JSnANF*ThhgKTaLup)x<%mcuBf|^rHmX0eClEFV%mf`^#DMiUh>KB3UVV|neK4{ox{&*dWDr20 zjmTmaC{%hSBi0c@3k4VuNCZ%X6)@E15{lB);EzOM6Q<_LL)LRQG(*7wWMcvf2r?o9 z!YLyJgB^$gp^_L1hCp9r0QzE;ppSxb!xnR3SiljHG!#OFpn!-y86=1>N2oZQrh+UG zKtRAq2CyiwFc4_6D5(`HAfkaw&1T9LJc%Ams5RH%`JC|I#9T9l%+QS%=uciJ4qJHHVqgTP6ui6H_J2diOYkqqh}dI$laGz{jHUUCLs&twz-%wd6t@^?U$bBqQyF;;VHJZAgb3<`;8ImWg;7F@spX$V zDC_f9N&=hSiU?nAxPgmiz#6X~e+9=v0;1N}@K$1os)?jadpvQKF zAv6gj5J<2%LV|&UL?NBc)S?G0HDXsFN7Vjki!xLt6v9tzp(@rQ<&k6-7Q%>1fsr9t zAY!seOPQwSf!Jz?tymx-^z-h8r6CkP!k<0| z-pG8EgJlUgJ!btRRjb$^yuJrv{EC0PL6Kxr0P$d}paU`27C?~*c?v9o$vXd32Iz4U z=UEX6LY4|jM)M#ZsDL1%iUR~6!wMEasMI20iW-FC4AiE`c&C^Yd#L#?nQcdCe`Zzr zaRnA+P`KA)xKc=*l@ zsoKYP-*o&_GZ3OcY7j&n6hKrF#KA@ssyF8>gWpw(elP@(M@kPAXE8V|UYEjrx6G9f z**nx}rc`aM@eCR}T;CTeE-3C+D$9T5*UK@Mtx>FB2L$JwuyICvZeJm>&6(2!OGx6C zaIMCqGeJ7QXc$2l1hHU46$7Oin-wwa-y2s>x6rn9OF1u@cw(9rYKy8C^60(qn#ot- ztr#(?_+p}xgIY~#dS%XMSfA%wtdMU>%~H-DEyrW2_z*egklUKp&_q)#wXC zaYA-L*rDrC3dn*VG)rR%eFjkZ#IT=zAW)#AQtB)|Lh{l~QZnbvx~J@`Q0<{n(7#Y@ zz93*k%h^FibCXHtox@VH9HW+O0za-dBlc_Uj{SX`FoBOMz=gvJ1N1qOXl(pJZQe{E;Rf9llU~+=D7f>g9v5vRZ`v`ZQ&F%s}Rh8fU}M9!7)Ve#7H^Eu3m1%gYaB^Dw~ z0f3*%&N!yF2h5U!Orb#!kQ`_mgQF=)&>04NGbRj^5vr)6?t&@<1O`YT&7d?P@#-E! zsm~LnD+LbqDD?Hy&&Xu4^%O2tq^MCUwcNUWM^A-$%$`XWNl+Rd#=ZP|toW(B9Zb|P z)f9)am(RIjiSz`VejRA);_XkRG;BM zwu0FRJcJLO_e5S?u@&hxh#dTner6-<{XdH)5*r8{r)3dUcwW<@^-WsCYaWUUF(ZgX z7%(6+8}i2zGwckU3reW~nl^m9Rb8Fggep?roNHPwe)BLHhz9`qWYBj2f=z`0p!fs4 zY1(w&P9EG)NRUoI5lLiNp+XbmHMQX|Q#NtO&8tmxgtNRno01a^3Ls9Msep&*OA7&1 z5b&i6(E%VmY?7fENGcgZ!ZHjI6GaQ(MWdvwO%@a#p(>)oK$K8qV8B2@LQQmWuauQz+hq^kiwD|NJ6YaFi}+_BnERR6^sD{Ggkp^EFz*t3;}`+5QbP# z*g}M%rVbYnU?46+fk3pBISt$fL|~I)K%|1jg2+^pK;!`sp=+QlzdA}z0+Rm-AxKBS z@C6CiTry6f*Idi?1q|e&+&l>IXEf6-0Z5msNfOt16)Y{nBIN@JDQ%%gik9B_;Sq_L z$|aFxwaYGvc?)J(Q$Z{Z0WpxIj6##4z4;IewB6G5O{y4B#NBa43NBGnMFD~WNhJmn zgbEfDgeWASiJ3zLq>~T$5pxEw@wbthlJt3Ru$CsC&InST#4S?oh5=0pofPx5U1cDi5EeruB7+W=RV+_>H2x>{K2DK1DCK@w;TRp(f!{qc}6F@p& zg)!Us;A}pKCzHukBl+TyfyW%h%`ps+sy$xX5%GfoPl+H75*W~@T(sg5V3{_uB>ThN zV#KJPw0oEy;YG`?Sdz*tOi_;~j(DDbEc}PDEEfLpA!M*u=rkYRIMuQLjYsDGO}&d_ z@eS-xjzjm9T%w9Uu@x3(P_X`jzGLLXe=ccg*rcBo)o8I{Z?e8}hS?vNXWnFCl}cl0 z#s^^oei`{ED~}j=HnT%ac86GxD15p+W}Vwhk#r$B8J+-KBopj`UF8&`m=S{W1Qqa$ zK??yq6KF$S6d?nbNIpHfY_4)z=1&kI>2@YPrCg;@_4P< zJTL(X*itZn$V9NIB2$cONc_Lr_AZCyXsZRMa#<8l#q(ZA{z{)RiRtx+Wf%E*;K-&1 zBRARf-vm8{3uRU78_0d0%Vem;EvfvebHXGKgrSfz3s7$W_u7byemY82+%y~162@u! z1}jnW%dm+9twM`f53cN~RJ@WY{UG)VfkZuwo$3>S=IHFBD3F__1W8bMVEcFh9K?(h z5da7-d=*n*uULa&3*-hb*peV0tRsLr(1|kzksMnDPaIl83?c&(2*Mz_*GNTj*zs7_ zMh0YbiZT&FfFKNs5+IQV0tz4?!XWTVLLzq`wn2wx8z!d(1T5DN4HyIF%7yVb;4+yK zcUdi005X>vgrbCL_If_jFkg@u24zD!V9-?HEIIXT)O)-y zi*b11FE(<4Y!84mp>8Cp1x1VmAV|SU_5ozD6ak>nXbp$1&^tULhH;I+#t;w?g9H#j z5J-Xo0w^HF5-JQ7ArQ2;7K;>;jaQ9PNqiOwa)eW&s@#W2cjvg`gmDNA2%`oDLatY` zf*(!HN)bYUQYC3C1QZe_V1csv-qXTv83ZVBkEF;$soXCE%qN+#VK516Zxk(f#qK0t$_KhSGfS^=qc~MNY z8z^02vB~0AY>>1qf0YvP#fCofr`e1Q4Mp z1t)<9NjAXsNi_puz)=AO5JT84DH0Ilb>A1SCvJr&@0ZOq?qY>T9mNMw^whptnMkWe zAac8*XK*Nv3P@PzVYZdE(5wy$3^$Anr2QsokxbEYxvXHxjANOUm46)6ajuGVbWN&J z0fRXtL&aZvV3j?yZ0X2dIb)cyn_7je;(ccGPc+`LckOX9>NT$#VA90(8uXgJn!CSv zFHGu_aFI+D3_C&E0w3S-DVAwV`DQU_!unB(w8W? zLTK|WEKs>hP^8?HYF1tIGQg~B~kPWBypQ-p=Soo!>8U>yv0Scc#rEF)^_gz?{DOgJ0`vL2wO z8V7$6%fFCt1V=XdJqF{J-E@!`G2eEo@(P4SVF#=P39z3%+DIrury=xELE^M%z;M%6zo_ZM0z(Jb zd573I=_LR_eoF_NP_J_5(Sl?ZJdHO4pwVg>?=M#{s!}n2rP*@Q{xw(@q+|$EC!Rdm zi6c`BN$BKO01WP%VKt;a~foN9!AER z4Y;~uli#yOo1gQ~ZEZs`<<9k)=Hf3Uu3$I9WK*i(if#=qT(R`+uIZE~dn|Ls8r@uA z+`)x7OP7yLGchJ6(-5$Fh#^2h4}*EvR-BoA=H&F-p@@E zgGa0?FnZefa0w57BW;qQNOt2JVpKir`tZ&It1$^XHbDo10NRQ}3Z)jJim;T+O|wyr zjPT6CPD&`qzU#1=AMa6?A38{#^Muuh4lb&eFJPjkOpJu?90BXT#Fcm)gokHc0t)NV z>dd-bVhj)QP<11&;?-@$bQx*?tOz)qUsb|m!y~HT!$&m-g#mP_!*GPa;uA!`SCm8? zFoMu1i67SQIpE%8j&LuiEPDY^q9O?vWZXeB!JrF#Rf6_w6~-VZoHplX*3(ON6qd!!@6>T_oUephzuwQ%)p3L^gV&>K$D<`8`@T8b{dpqFq{Pzv&vvum}bRZ z0#qD%z{2#V@a%wyT^~XaJ{beqQ_;P*a#Z+9D58Jdam(HP*Yx*mAC{iBOdu8*^6Sm9 zcM;(Ycz57(7nK1j4tRF;R=%G%e~eU+0D%xoPHHvy?}2zF7|<3muz)%wur>1FY90cx zlx#39)q^pZ!uKt67>RRR23b*P*7?+47%+Nsy&MLEa5tbU(NV(*3&;GNUaC z6tcpLnwp~{AZTEQ19`m55U}w8aZVG-_DS^*A%OWI(KPSTW#fi2-j|rZ?wnP@?-Ga$ zofA41V8`l-A~B2I6x31Ym>_ibybu$O1@#0g40|Cew>vV+Kl9NROnb zaSTvO_EWL&u_u)x<#`fNe7-D>Pmjo4?R2yWhg%Lg=^6`PT8w3;t29kv* zubBT-Zj(KijuyOWVE4aL`!@qo6z)l1Mtk>r<128CF+9h=d@C8zurfHqZjzDEW;)j`R&Km^= zan`{?f&+{<0NLlrPbh6`1{4`ksuUU#X<8sqp+q^rq-Hg?$ym_?ubafkZ-^aF1fCgv z(3}B`7zT}ZTo5-9)$7Yp$U-U95#hux+9AB3t(nYmHS^x2+G=C`Hzi$x4bS ziYR{dMJW<56!Mc6DC&_#kI5Aa1VFf(^ch(n5*tR>y{U-}mBlRmK__7B0C`o65e1Sc zJ$sqYJZ$uMOh%~wVv;OfNg?vu@ZwJ88m4t73=*MGK%q(kwJIwCLNFKya9}5hWDQbK zNeU^dC~rZD7gQ}@GWjmKg^@3XB#RMZ8ErS9Su{Hcfj~oO8n-a8HHiYiLju$oXelv* z>>U|ML8T^WFu)L#LZN^mfF%kW22IgLpc!+%dZKKM41Y)eg#li$L~e#iTq2VK$A_^Q6O_tXMGE{;q}%1F zLlb1obQ7nCZzUv2*w~uj$hm0mi zaHXgN1|&j?tqLQDVfTw3iHMJ1ryp;_Xz$bETbFRB;Nds&Obu8D9Y0=;Y zV0bWyhLWlxLQ@PVK+jvilAwZcXdO-JyBC+An%#U?>W0tj>&%&_5%hcJUN?N=^6DQD zRgDorB!meM7$Ia>vi1qz2XSlKq)2wo5#<2vAb3z!=`Vj(1oP9GReMi8`yU9G);2Wb zoy`XP5f=GiB)8hoChXpoKKzFqZ-79CNOa8y0R^9WxS>}WnaT%XaB=~H$OsGvKy~L% zRu`+6!?suE7`<_OC5lXj6u3V^cTCN^ad78#J{OI1z2--@MM`nWy5&x|El<#`JJYVW zEm-bOO<#ks*1P;52Ogn zR2B$|s)EI-C}_598!WlHP_cIILX9aF5XN~IhYw@o4*GYOcqN1Z& zvly##(9tl+tn868#Wo&q$4@V5_F>lf`hse3a3_sw|uxlau}Fs*6o7t5cPw%(K4qqKtj+_tn9nyG+|uijzVW0YXDu zgK`lJNMJxz#RY;zj1WyV*A-N#V_2nZH92n=G*yYQyx8G(6DWuyhHNwr72>=q11^q3 zHr(KCb}-yDxXX4?prD|kl9;i>lM`_Wk``!0#3(-u;?cTO2oOu4qXsQWY87}c90^8{ za@<4=1*rxS$G320Yz$}%V7Z}2hEZDE#V|Fl+u?k2ylr!GnHU&%Rl@?tOqdK762<3~ zG|w~0NLe$}Cm8^dOddhBl3;QpY{MlSAAFo^1kH%5C~PeqQ)~!JXhKQKl||cQniypO z!WL8-7DGV=D}#fgJhW9-Vy|QI){#bqG+fPXtr|AS*%*Zp)x(MsFb;(<7A$K*mnf4S zefMCB;`G6K7&o@CwU9YTu#Zt6LL%^}g5IkN`HMC-O@-cDE|@Zz7n`wj2KcOV!D53# zgy5=$$1G`zUlx|QX&Kx0I3t1}wbqqq+ ziC~c-7#ii8V-TWP$j&k{Y4P>5J_c#NmQ1GBO5W9?7Yti^Zflrkx5xD+KTHM!#G6*& z6ogkN6kRb38_^lyv7{*4Q8c2kmNikR^SN^PhKZvDh9b)td1tmp5AZ)9YA&g_Dx*ws zuY7{aw`B2yGK-mFT*6w+C3TiZN+hf)yG{N%w*$r8zMYG9M$mC{rZ-PasBZ+SF0@KDGC5q&BxffE4+al`MhyDn1Cn%6YnC^o zdW;w-x>1Q&z0BO1WMbBvO^SuEYDPrV!o~71OpKcrwo)>SWp9z1VKs_O7n03VGYmMx zwbis_#I3kxmUJ|cK}O+;4R0Z|GUg{Bnv-sIsh~M;w%D<}w5`o9m}@e2rHQU*M_4!z z)x#v^IeKL6Fd(3en>6;+E+YEJ6m#?zI4WstMbyJQ)?CjPg{REa(f2y~Vw#%j?8c^~ zpLgK}F>Z^WebAOLpl=IQXJ!>Fh#$S4Z{mprbk zqR2fEaM&ePGz5t;d_@FXMA~h z{N7JjzeAb)!>vy{SGa6|hUH7}z;PP(^LK;rj zf+|(1K#63CVjjkqlTy)aWq8o2yamfk78=PKL6d$7w0rECj!fjT zN;0)9ax9cDVI?HK$GdeD6g(=zRICb%ii3k>d->XtyNy=`^TEh^Rp&np@=HjGm0J}B z$ihbP%o55rB=SXa81;-!2y_nP%@;%=(?U?|dfI!EY(XD5aVQ{zA%#IVV-!G&3j$W~ zN*Gak%*^|Z7=+5AswAosr7ao+D9!*xiW&xjL4ly4g`^r#T2MBSlEp$q{Y3~*T7rjE z?|?`mAMEcbF2pLBl&}c0B#@OR`lLu&I10!pKyn0KTFw9{Mxa26tRhoH3QPrEe%8tQ z?xTmxkhmSJf)F4YB^Z|od7>uBq3Vhwl%FI{A*CfmVc8>w5+)xFW8t9Z4oXV_6?{Tw ze0o6DT0(*d$9BiA+j63e7{JWBSVYYSJ6)ufH7ZCL7e)e=Dk%Wb^~V&M8yp_(I<^IT z1cQ`tf=|omDS7u(i1?eL1A$d)wCW#s(08wN1JLwkFk69f8exF-Z&rK^YK?gcwvPAwU@m42r_`qKZT}D9EWMOe|R! z7-KOC$+U*h)~NwRLs%AIB@io7p)6z>0-?0nAxQ-iW~wM!SRf!IKtjT7wvtjy8shh; zmXgJz0Y#LHih|$?U|}`^nlk`0gP_!yW-y{yqBR?|%1vrw(b&fEM!BUaRJPe`g*l&Q zD@i12Or=_*=evE5!lL=M;#|q*@}#l)56pHt-m3-5DEuPr>nNp5c=MZe+(Y6$cA)S% zPHSQ1)`&1hT$YS9loI)@sg##2ixQ!KhnV||~bFd&(CLq*2p^cvDFg5fXa06<4 zEu#>L%H~@t1vZ~L^IdXGn8`^|RTPk-pq4R@aQUVU%p?&IABwV}+wTk{9fAhE`m)UB zTdxcOV?Wtr?ktH=co>Q#APA%+OJBSe5<@ElDUgP+HTmy)DquwvMGVkn1UGXaU{-&Gr8hUSta|A`6;hSraGXaer*&!> zFqH#UmM2P3jl^*SFu*m*kTBof`TLrbZ^J=`btR=nv7HgD#7@OXlJH2#j&8IrylroU zWXz<7<7aP=S{umrRmVtor2tFZSq^vJ@hBrR84NX6^ zO()SClj@wm#W{YXm^dI{4(NzWP#!^U86kkjs33(6FbA`UIjp6^1S23W5h@@Q?HX5+ z6B_l#MMu_X@asX#I=!;HIK^Bca*xON_?I8O_!18;>J*^E+HD2FAa_u~Fg24lfiVOG zAwdhKN)`}R zTHg62YiCOzDta?pQAfn+#Bd>3Hsl)y0ZOZb5#k7j@I3%=-vl9?B-*0$rz92;BoE`M zMHNdFDG^CHHAndr8^siofKX@f0vQjN(+S-aR!9m0gjo_Oov(ZeC@c^lMMc@0S%3}@ z1`0y2AFuwm-}S!t@2tq0A3NGPLYKlYxA(L8KECD@d#AjnmG~-!E~BEPv?;69*Zhj^ zzu;_Kz;ebBw&?l^C{iGs#7CfQL{6Y^Aeg)+6%N#S%Q6W4$aZxV;SZi@I4%(nl@0E| zDe2=ltMqbmD4~{4KjS--;8dw8DyOgWa3}P9`9=5nJ)oGBl3@IjBlMImze)DUVc$(< zN>I$ez^C4ZU=ufn29ipe`O=22M@=uqanm#vLg)ISh7do^l9Bs%BV ziE@%!h2=@4osL(3-yUl}u-LMU&6oNLcBK4&O``APw0r5?`t1j;H-|L`5fb4MuBX$~ zNNbfgh=wN)VD$&6MlgXA1OPwWE8~QL)RYhddHTT@)d#K;<}ec=G$+$wHE|udN4X-W zji98#3?Shf5`sh(0*F!wC5RxIm|aFDS3JENY|R zh~T0qsU;MOK|)0-DpDi}Bv}$LAq7Yg96sX?3ER?X?yW|24XK49Xd(fzq)IDa=?JTr zJ;%}=y910k1CNE`Zzz6r_+;$X_2P4~tKHSi=W|H`VgmyUGMDmzM9+d*K;k3>J{$Ir z!Jj8>b04dxBJfzL5$V_d$Ek1W9_dJvmm)SO8)Yt@g_6ThwUSXsj3wTC3O?Exm`IJ& zK)Q%7{T(+SF%-^l=AK|qzT^W3-LbFV&~|!B?DFjg_Qt(@C8Zf_J*waQJyymn;LO2G z7NoI^Eh83Q@hn^kLqU>d1Sn<&CQQJ}!2xh)187AZu)g!O?`Ua*7bkBtZV?`y-0%H>kw##;5I1@ATI>$*VhDmC_cADu0e;MI3B< zJfzd(H@NCFJV$9p%^t9Gr?e-op-~v01qBxc5adWI3^Lg&0ab*lCG4Lt=!f<_vj_We zQoWC3@v)OF&m5MK#Y2@xyu6Dk-;?3w^vGgI;EoS_%A`d<8T7ZQt@e+&s71o4w)65z zXrt$3@gZ^5CHQtbpgZ6aC72k7Ab}?F^!SI6^G6yhgv=eWbAha*#w1P{*y8_rReBDH zCI}kTkkq7>`K7)>isp&*{W0g;rjZX_7Cd3VD)aB@3^6%?`hv=!?uhjZmX{^^gRi~7 zF^DoK^ahbqWfUMqk$^}!=qeCr4+Q~W;_cG#h9Q_SGs|>iR(;H3sYOr6lPb(6BBx49 zQTE5c$ARS(7i01Tl!4(B&LJuJgumBt1)4z89nBwh7(dRVEzIs?{Q}~$rqsg z!mUJmcJ~%s?i*7uXbYpDEEFO{)$KDZBqGQYr;{}kCKnWKFp3=YQ58(#{$@Wd)<{21fD_#?) zAWRPkArd2)A<|3=8x8|R)u_HVL7)(8dvjo~C)a?)CjinAAq*Co2?(kxkzlY{6oRV-W~?@V z!>QZ=Dk*+>x0Kf@uA5r;m5tatoG?|!3l=U=@-EUxc+Z+u8I(CF)`iJ<(BlovgB6uk z3vgc1H!jXgKl8|rkiZ+}90bM+UTKQ1bxl~R>Lr_pB`i4rp*CR(K_G+}L}Dl^!X^M- z_PSV4cV=Tp1`FT=@C)qpyq9Rz3ga!-?)db)`xzO}11rBiBfd8Ta^+zqa zbqV(rkz#`gkMNyB(gD%HuL7uLx@`)^#YB=pV-_$=AqJTm0L(!>@D)iGKn{Ie4upuJ zp`Ocn5xpNz=Msm&Y?-Wa^3TU0!_LNjnz968J*?kK?3fKCn! z$+7^yG|vY{g+J2_2j?h+1V345xpb1tGf(|&L||b^r4Ripl3-E?D%f5Klj0Zwa%^mrFlSTKWKeLhx2oKb1C4Q8PS$r_aXp&ec|H?fc6y}HSM3a zLtVYR{!*~`b1&FhzQfW#!xQVL)lc{E>&SdmY*_Ea?B=U7W}38o7%+B^<mmZZJ9Pw`y_53*gf9A5DLXk5+Bdp=QkMWN`ZrvlqSgYkL3iy{ob=LeX1FigE+T|YIzeC6KSqO7h+U(ko>Wl!t2CU0TP zA1UrsHq+8woo|#sSXeoTa1bFxAqYYgrt7|DMytI4GhdIz{Pd^3(Ee1C& + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.ahlawat.com ServerAlias *.ahlawat.com @@ -561,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/common/pkgp.conf b/jails/config/common/pkgp.conf index 787f4ce..dd2536e 100644 --- a/jails/config/common/pkgp.conf +++ b/jails/config/common/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: no, diff --git a/jails/config/db/pkg-list-details-old.txt b/jails/config/db/pkg-list-details-old.txt index 6ab5a0f..e8873c0 100644 --- a/jails/config/db/pkg-list-details-old.txt +++ b/jails/config/db/pkg-list-details-old.txt @@ -1,6 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____mysqld_exporter-0.12.1_6 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mariadb114-client-11.4.5_1 +pkgp-freebsd-pkg____mariadb114-server-11.4.5_1 +pkgp-freebsd-pkg____mysqld_exporter-0.12.1_25 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/db/pkg-list-details.txt b/jails/config/db/pkg-list-details.txt index 332e6c6..e8873c0 100644 --- a/jails/config/db/pkg-list-details.txt +++ b/jails/config/db/pkg-list-details.txt @@ -1,6 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____mysqld_exporter-0.12.1_6 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mariadb114-client-11.4.5_1 +pkgp-freebsd-pkg____mariadb114-server-11.4.5_1 +pkgp-freebsd-pkg____mysqld_exporter-0.12.1_25 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/db/pkg-list-old.txt b/jails/config/db/pkg-list-old.txt index 3167549..b64343f 100644 --- a/jails/config/db/pkg-list-old.txt +++ b/jails/config/db/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion mariadb105-server mysqld_exporter nano pkg +bash bash-completion mariadb114-client mariadb114-server mysqld_exporter nano pkg diff --git a/jails/config/db/pkg-list.txt b/jails/config/db/pkg-list.txt index 3167549..b64343f 100644 --- a/jails/config/db/pkg-list.txt +++ b/jails/config/db/pkg-list.txt @@ -1 +1 @@ -bash bash-completion mariadb105-server mysqld_exporter nano pkg +bash bash-completion mariadb114-client mariadb114-server mysqld_exporter nano pkg diff --git a/jails/config/db/server.cnf b/jails/config/db/server.cnf index 19be077..c9f7dec 100644 --- a/jails/config/db/server.cnf +++ b/jails/config/db/server.cnf @@ -44,7 +44,7 @@ skip-external-locking key_buffer_size = 16K max_allowed_packet = 64M table_open_cache = 16 -sort_buffer_size = 64K +sort_buffer_size = 4M read_buffer_size = 256K read_rnd_buffer_size = 256K net_buffer_length = 2K @@ -58,7 +58,7 @@ innodb_io_capacity=4000 transaction-isolation = READ-COMMITTED innodb_log_file_size = 250M innodb_flush_log_at_trx_commit = 2 -innodb_checksum_algorithm = none +# innodb_checksum_algorithm = none slow_query_log_file = /var/db/mysql-log/slow.log diff --git a/jails/config/dns/dns_update.sh b/jails/config/dns/dns_update.sh index 2be9fec..f53bd51 100755 --- a/jails/config/dns/dns_update.sh +++ b/jails/config/dns/dns_update.sh @@ -1,59 +1,10 @@ -#!/usr/local/bin/bash +rndc reconfig -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# +rndc dnssec -status ahlawat.com +dig @127.0.0.1 ahlawat.com. A +dnssec +multiline -#SIM="-s" -#SIM="" +rndc dnssec -status diyit.org +dig @127.0.0.1 diyit.org. A +dnssec +multiline -#rpl $SIM -v -R "2001:470:480a:a1::" "2001:470:480a:8001::" ./namedb -#rpl $SIM -v -R "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" "100.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.8" ./namedb -#rpl $SIM -v -R "2021120700" "2022010100" ./namedb -#service $SIM named $SIM restart - - -service named stop - -cd /data/namedb/master - -rm /data/namedb/master/*signed* - -declare -A ZONE_PEM -# ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["xflow.org"]="xflow" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc" ["inseego5g.net"]="i5g" ) -ZONE_PEM=(["ahlawat.com"]="" ["beyondbell.com"]="bb" ["diyit.org"]="diy" ["datavpc.com"]="dvpc" ["mydatavpc.com"]="mdvpc" ["rockwoodestates.org"]="rwe" ["rockwoodranch.org"]="rwr" ["scvcc-rental.com"]="scvcc" ["inseego5g.net"]="i5g" ) - -for ZONE in "${!ZONE_PEM[@]}" -do - PEM=${ZONE_PEM[$ZONE]} - - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create mail.$ZONE 25 3 1 1 > /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create mail-backup.$ZONE 25 3 1 1 >> /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create $ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE - /usr/local/bin/ldns-dane -c "/mnt/certs/${PEM}fullchain.pem" create www.$ZONE 443 3 1 1 >> /data/namedb/master/tlsa-$ZONE -done - -NEW_SERIAL=`date -j +%Y%m%d%H` -#NEW_SERIAL="2022022635" - -for DBFILE in `ls /data/namedb/master/*.db` -do - ZONE=`echo $DBFILE | cut -d/ -f 5 | cut -d. -f -2` - - /usr/local/sbin/named-checkzone $ZONE $DBFILE - SERIAL=`/usr/local/sbin/named-checkzone $ZONE $DBFILE | egrep -ho '[0-9]{10}'` - echo $SERIAL - echo $NEW_SERIAL - sed -i .orig 's/'$SERIAL'/'$(($NEW_SERIAL))'/' $DBFILE - - #/usr/local/sbin/dnssec-signzone -S -K /data/namedb/master -t -o $ZONE $DBFILE - /usr/local/sbin/dnssec-signzone -3 $(head -c 1024 /dev/random | sha1sum | cut -b 1-16) -K /data/namedb/master -t -o $ZONE $DBFILE -done - -chown bind:bind /data/namedb/master/* - -service named start +rndc dnssec -status rockwoodestates.org +dig @127.0.0.1 rockwoodestates.org. A +dnssec +multiline diff --git a/jails/config/dns/pkg-list-details-old.txt b/jails/config/dns/pkg-list-details-old.txt index e89449d..da59c6e 100644 --- a/jails/config/dns/pkg-list-details-old.txt +++ b/jails/config/dns/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____bind916-9.16.34_1 -pkgp-freebsd-pkg____ldns-1.8.3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rpl-1.4.1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____bind920-9.20.8 +pkgp-freebsd-pkg____ldns-1.8.4 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rpl-1.4.1_1 diff --git a/jails/config/dns/pkg-list-details.txt b/jails/config/dns/pkg-list-details.txt index 6cc688d..da59c6e 100644 --- a/jails/config/dns/pkg-list-details.txt +++ b/jails/config/dns/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____bind916-9.16.35 -pkgp-freebsd-pkg____ldns-1.8.3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rpl-1.4.1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____bind920-9.20.8 +pkgp-freebsd-pkg____ldns-1.8.4 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rpl-1.4.1_1 diff --git a/jails/config/dns/pkg-list-old.txt b/jails/config/dns/pkg-list-old.txt index 29f51bf..2724ecb 100644 --- a/jails/config/dns/pkg-list-old.txt +++ b/jails/config/dns/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion bind916 ldns nano pkg rpl +bash bash-completion bind920 ldns nano pkg rpl diff --git a/jails/config/dns/pkg-list.txt b/jails/config/dns/pkg-list.txt index 29f51bf..2724ecb 100644 --- a/jails/config/dns/pkg-list.txt +++ b/jails/config/dns/pkg-list.txt @@ -1 +1 @@ -bash bash-completion bind916 ldns nano pkg rpl +bash bash-completion bind920 ldns nano pkg rpl diff --git a/jails/config/elk/pkg-list-details-old.txt b/jails/config/elk/pkg-list-details-old.txt index 2252a09..8a50f15 100644 --- a/jails/config/elk/pkg-list-details-old.txt +++ b/jails/config/elk/pkg-list-details-old.txt @@ -1,10 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____beats7-7.17.7 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____elasticsearch7-7.17.7 -pkgp-freebsd-pkg____kibana7-7.17.7 -pkgp-freebsd-pkg____logstash7-7.17.7 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____bash-5.2.26_1 +pkgp-freebsd-pkg____bash-completion-2.11_2,2 +pkgp-freebsd-pkg____beats8-8.8.2_4 +pkgp-freebsd-pkg____curl-8.5.0_1 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____kibana8-8.11.3 +pkgp-freebsd-pkg____logstash8-8.11.3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____pkg-1.20.9_1 diff --git a/jails/config/elk/pkg-list-details.txt b/jails/config/elk/pkg-list-details.txt index 0bfc543..7b41310 100644 --- a/jails/config/elk/pkg-list-details.txt +++ b/jails/config/elk/pkg-list-details.txt @@ -1,10 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 +pkgp-freebsd-pkg____bash-5.2.26_1 pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____beats7-7.17.7 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____elasticsearch7-7.17.7 -pkgp-freebsd-pkg____kibana7-7.17.7 -pkgp-freebsd-pkg____logstash7-7.17.7 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjdk11-11.0.17+8.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____beats8-8.8.2_4 +pkgp-freebsd-pkg____curl-8.6.0 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____kibana8-8.11.3 +pkgp-freebsd-pkg____logstash8-8.11.3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____pkg-1.20.9_1 diff --git a/jails/config/elk/pkg-list-old.txt b/jails/config/elk/pkg-list-old.txt index cac4741..edd9d6c 100644 --- a/jails/config/elk/pkg-list-old.txt +++ b/jails/config/elk/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg +bash bash-completion beats8 curl elasticsearch8 kibana8 logstash8 nano pkg diff --git a/jails/config/elk/pkg-list.txt b/jails/config/elk/pkg-list.txt index cac4741..edd9d6c 100644 --- a/jails/config/elk/pkg-list.txt +++ b/jails/config/elk/pkg-list.txt @@ -1 +1 @@ -bash bash-completion beats7 curl elasticsearch7 kibana7 logstash7 nano openjdk11 pkg +bash bash-completion beats8 curl elasticsearch8 kibana8 logstash8 nano pkg diff --git a/jails/config/git/gitea-restart.sh b/jails/config/git/gitea-restart.sh index 2f21cbf..f6d91e9 100755 --- a/jails/config/git/gitea-restart.sh +++ b/jails/config/git/gitea-restart.sh @@ -14,7 +14,7 @@ Q=`netstat -LAan | grep "*.3000" | cut -f3 -d" " | cut -f1 -d/` # 1537 is max stuck recvQ qlen limit when logging start: # sonewconn: pcb 0xfffff804b9f73d58: Listen queue overflow: 1537 already in queue awaiting acceptance (30 occurrences) -if [ ! "$Q" ] || [ $Q -ge 100 ]; then +if [ ! $Q ] || [ $Q -ge 100 ]; then echo "restarting gitea stuck at $Q" tail /var/log/gitea/gitea.log kill -9 `pgrep gitea` ; sleep 2 ; service gitea start diff --git a/jails/config/git/gitea/conf/app.ini b/jails/config/git/gitea/conf/app.ini index 441db70..510b731 100644 --- a/jails/config/git/gitea/conf/app.ini +++ b/jails/config/git/gitea/conf/app.ini @@ -1,94 +1,91 @@ # # Sample Configuration for Gitea using SQLite -# +# # For information on the available settings, consult the online # documentation, or see the accompanying file app.ini.defaults, which # contains the settings incorporated into the gitea binary. -# +# # This sample configuration runs Gitea with a local database. Before # running this configuration, make sure to change the SECRET_KEY and the # INTERNAL_TOKEN at the end of this file. SECRET_KEY is a password of your -# choosing, INTERNAL_TOKEN is a 64-byte random number in BASE64 encoding. +# choosing, INTERNAL_TOKEN is a 64-byte random number in BASE64 encoding. # Your can generate the token using for example: # openssl rand -base64 64 -# +# # There are no pre-configured users; the first user to register becomes an # admin. In this sample configuration, the HTTP server only listens on # localhost. -# +# # If you'd rather use the web-based installer, remove this conf/app.ini file # and make /usr/local/etc/gitea/conf writeable to the git user. APP_NAME = Ahlawat GIT RUN_USER = git RUN_MODE = prod +WORK_PATH = /usr/local/share/gitea [database] DB_TYPE = mysql -HOST = 192.168.0.53:3306 -NAME = gitea -USER = gitea -PASSWD = mysql__gitea +HOST = 192.168.0.53:3306 +NAME = gitea +USER = gitea +PASSWD = mysql__gitea [indexer] ISSUE_INDEXER_PATH = /var/db/gitea/indexers/issues.bleve [log] ROOT_PATH = /var/log/gitea -MODE = file -LEVEL = Info -ENABLE_ACCESS_LOG = true -ACCESS = file +MODE = file +LEVEL = Warn [picture] -DISABLE_GRAVATAR = true -AVATAR_UPLOAD_PATH = /var/db/gitea/data/avatars +DISABLE_GRAVATAR = true +AVATAR_UPLOAD_PATH = /var/db/gitea/data/avatars [repository] ROOT = /var/db/gitea/gitea-repositories # Gitea's default is 'bash', so if you have bash installed, you can comment # this out. -#SCRIPT_TYPE = sh - +# SCRIPT_TYPE = sh [repository.upload] TEMP_PATH = /var/db/gitea/data/tmp/uploads [security] -INSTALL_LOCK = true -INTERNAL_TOKEN = 1FFhAklka01JhgJTRUrFujWYiv4ijqcTIfXJ9o4n1fWxz+XVQdXhrqDTlsnD7fvz7gugdhgkx0FY2Lx6IBdPQw== -SECRET_KEY = BeyondChangeMeBeforeRunningBell +INSTALL_LOCK = true +INTERNAL_TOKEN = 1FFhAklka01JhgJTRUrFujWYiv4ijqcTIfXJ9o4n1fWxz+XVQdXhrqDTlsnD7fvz7gugdhgkx0FY2Lx6IBdPQw== +SECRET_KEY = BeyondChangeMeBeforeRunningBell IMPORT_LOCAL_PATHS = true [session] -COOKIE_SECURE = true +COOKIE_SECURE = true [server] -DOMAIN = git.ahlawat.com -PROTOCOL = https -HTTP_ADDR = :: -HTTP_PORT = 3000 -ROOT_URL = https://git.ahlawat.com/ -DISABLE_SSH = true -SSH_DOMAIN = %(DOMAIN)s -SSH_PORT = 22 -OFFLINE_MODE = false +DOMAIN = git.ahlawat.com +PROTOCOL = https +HTTP_ADDR = :: +HTTP_PORT = 3000 +ROOT_URL = https://git.ahlawat.com/ +DISABLE_SSH = true +SSH_DOMAIN = %(DOMAIN)s +SSH_PORT = 22 +OFFLINE_MODE = false APP_DATA_PATH = /var/db/gitea/data -CERT_FILE = /mnt/certs/fullchain.pem -KEY_FILE = /mnt/certs/privkeyr.pem -LANDING_PAGE = explore +CERT_FILE = /mnt/certs/fullchain.pem +KEY_FILE = /mnt/certs/privkeyr.pem +LANDING_PAGE = explore [service] -DISABLE_REGISTRATION = true +DISABLE_REGISTRATION = true [openid] ENABLE_OPENID_SIGNIN = false [other] -SHOW_FOOTER_BRANDING = false -SHOW_FOOTER_VERSION = false +SHOW_FOOTER_BRANDING = false +SHOW_FOOTER_VERSION = false SHOW_FOOTER_TEMPLATE_LOAD_TIME = false [oauth2] JWT_SECRET = 3giTtKAIflI_e9ixoU6ELHfxGaDkvFwHxDoPZQyZ0ak [ui] -#DEFAULT_THEME = arc-green diff --git a/jails/config/git/gitea/options/license b/jails/config/git/gitea/options/license deleted file mode 100644 index ebec6b1..0000000 --- a/jails/config/git/gitea/options/license +++ /dev/null @@ -1,25 +0,0 @@ -BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") - -Copyright (c) 2018-2019, diyIT.org -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met: - -1. Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. - -2. Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/jails/config/git/pkg-list-details-old.txt b/jails/config/git/pkg-list-details-old.txt index 21a651e..7e1744c 100644 --- a/jails/config/git/pkg-list-details-old.txt +++ b/jails/config/git/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____gitea-1.23.6_1 +pkgp123____openldap26-client-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/git/pkg-list-details.txt b/jails/config/git/pkg-list-details.txt index 3fad522..7e1744c 100644 --- a/jails/config/git/pkg-list-details.txt +++ b/jails/config/git/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____gitea-1.23.6_1 +pkgp123____openldap26-client-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/git/pkgp.conf b/jails/config/git/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/git/pkgp.conf +++ b/jails/config/git/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/hass/.tmux.conf b/jails/config/hass/.tmux.conf deleted file mode 100644 index b370482..0000000 --- a/jails/config/hass/.tmux.conf +++ /dev/null @@ -1,12 +0,0 @@ -unbind C-b -set -g prefix C-a -bind C-a send-prefix - -setw -g mouse on - -# Set the default terminal mode to 256color mode -set -g default-terminal "xterm-256color" - -# enable activity alerts -setw -g monitor-activity on -set -g visual-activity on diff --git a/jails/config/hass/hass-upgrade.sh b/jails/config/hass/hass-upgrade.sh deleted file mode 100755 index b993671..0000000 --- a/jails/config/hass/hass-upgrade.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/usr/local/bin/bash -source /data/homeassistant/bin/activate -#pip install --upgrade git+git://github.com/home-assistant/home-assistant.git@dev -pip install --upgrade homeassistant diff --git a/jails/config/hass/hass.sh b/jails/config/hass/hass.sh deleted file mode 100755 index 5d2b8ed..0000000 --- a/jails/config/hass/hass.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./hass.sh under tmux - -cd /data/homeassistant/ -source bin/activate -hass --ignore-os-check diff --git a/jails/config/hass/heyu.sh b/jails/config/hass/heyu.sh deleted file mode 100755 index 80667a8..0000000 --- a/jails/config/hass/heyu.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./hass.sh under tmux - -heyu start -heyu info -heyu monitor diff --git a/jails/config/hass/libffi-3.3_1.pkg b/jails/config/hass/libffi-3.3_1.pkg deleted file mode 100644 index 58ac910ec0552379ee898118749c606dbcf0cf64..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 40080 zcmV(rK<>Z&H+ooF000E$*0e?f03iVu0001VFXf}+m;aniT>ur3#pLN(Kwj16ra$Ry z+4=rp-dC_U!xFzO+p`_yZE?cS9qS1QsNqNQrORTr^h-6@=hgW|xvD3nbZeVJnS4mq z54XDn@Voo^TbB($8gv+dzxsMNN}Z7ogn{oWBdpuG5x*UKOSo0uzeRIWEtkWiWEYn) zd2+TQQ*G@|66$mJ#b8z#g5%)kILg|QLcSx>HbK2(mPu%YkTB!Dr~SEGfG%9Gko1nY zD<7vQ&dAZKlwQdM#uQ`ac_WQi?(@M8U8?88VS|!jj%RKZrR%EdUaSklZ>WXxph!^5cp^kxR|O~ZF|N3E;V81vn)qW(+os@<^vjJ;k-f1 zfAx_F>#&qnypmIz)6X=`R{zCGo9b*ACx|&mtsReGE9=p5n?AD6KB9+{nlfhBkGnnaAD23SSPSO?9M#Zl#w0p!L5MV$9qi4LiwtWqXFi$2OLeY!qU z0S8uqBplBy&l~I2*OZbxOF`sC{P%*{W5eeuRU1;Z6`PQ%a z)nl;{-ak~p^5FW&e^mB|_=P#?(7q?(8bj_wA;`4)(JsYZ-I4Z|nxZ#=3|5tUBaF5K zWj(smO|dmE5Zf==`8cNs=pr(@zN`Ww+1HanIcX3xD$-~EEv)=RC?yFkHHjbt4*=um zaj1ft4of?g)35|}`7+}oOqI;z+2f?EAx#8$E;LGPp1uDdu|W^l=I^nHMYYJOqVeCJ z?=ErzmwCb^tczhq{AuO!Ly-5i=2v}-vqM6_R=AsqhRDmN?b>11Rt^nWXJC1`U42(5 zUlHB+Qr|gs(~A?lbZYVQ>auVpp&&x#*St?q*%7DU_^k}_Cx=1cXOym6?~rT+DZZ^9 ze{553*kq4`SA&J;V*W*%QG$8GADHs!WG8RZ6n!mR{UvxRL`Z~ok;9sG#bJ3EaMb${ z#0N_D6z-kFSb{LD6CI4FNeI~RvAt;P?*#`G-Vpuv6&O`s!o1Vz3PS{ev;*U8WKy{o zmxI3`05{B;?XH%mlROt6=^BWbiw!Tuk+EI6KNk=LLv82q$ZUFM;B!#>jl&b^Rak^) zvKC?dB8R;c{SgynjJ{)n{uC1_i~eAEWad`LBOr9;@Zb3iojuJNfX%_}o%ZV^M*yYy zqcgQ+vsts~5J-s~Rb^x`7$#P7a1y|T>I$Bl2o?WQ97UfHrh*KHl?d@DdQALB6UTRu z9~vIEiE3CH9O9giSsIxXY2>ZC->61^2F4sBsGL@VLQAg37ZUla>td_oVxHhgE8#JZ zmoAW0!>z{wz~04;8mA*+ad4mmee2A2THLLpuGcy`2b2&N)E^*S--(x{ocdXuBQ0l1 zK>g(|33IG_)AkhVF`P7xnce%KCJF^_jtjV;Zs~i?41?5&EN#NMh#~iFIGRMy|N5k? zp?_Pend$~#8CDYIt$Gljo9T(3K)1H${AmK}2L#G6v+DQ3$Wql(vdwTYfQG<@PZHwm5Wzfx}^!2(UpIe#?O@5IP` zwd&e`ico2?r_n_V;h?AQ9)TCi6~O7lhHDuP&0JKC$XQ9>>+4Lvx?7EuZUirurgQc)9CGjx7T$(Gcdl?=JBf-895&uGM+3 zHRf-OU;5VVeK9hNt&W(DHCXws^5m2Xlt`T;dFi3V>8%t@yM8+4pwT7etU*es);oRT!{koxU=@bX|N87Jpl7sxw*Hz2(EAi> z)-)0dI=3wU+c4-orlu`-0#}(pSwU=?BMRFjek)j7^54JL)tu1F&EUDmFvc`X*TOW8 zl~Uz*dEgW=&{XWVAbKCY`yXqHlAdpBk+8Y@$BVs3`bHRHI*-{D<~R?ILM8cwZ<)BK z877}(Lb_VR0*&qYL749+{CtGPFe09)IB>P>=iSk9n&ek87+QL4s!lwmgB+c%<_J12$87 zu?0I~hGwny*)jr*3USzNn}#T4#0m4CEK4lT*7l}NoVenz80l?6a^9J^q<7dO=iz^E z6M>j%SIF6M6N6zUVUipFny`Y2i%1YA1l|uE$|@Uf)fH^WADPf9kDP8Jp_%SK2l>hj zqXu}zWje+1y$Tv=4_$8`JB0(u*C)+LpcoFa9_~BhCuTn(-irYL`2_X=)YHH3z&+h{ z^mX|dRD<@N{h<|{GiCuOtnZ0?b-Iq`gs{mnv!rdzHHSI^P4b8RSn3S+#Cco# zT7fV)wiM+0F|*YE%}9r-SScD3aO`+Ed3iTo)jF~B90MFz3nn9zJ#6Ky!^pZsuZ~-2 z_REA&0F*h^&e0tIJ9%LV3AW_Ti_c-}trAI&p<)*+Z}{A@x($$r3sw}l=w1yhd7KGm zl%9-Hl~WW0Ln$m!^CQXhcL;0RKihsTwvLrEk2}N6naeb)2YFcg1~OTqZ>^xnq_DTy z_x9r3tOzV$D!hquGJ>qnz}S?{j8B@O_j3$d;%mA4*F?htP`!oiWF>wa+y}37)v?o* zBO#L9myPs0F{Yc7Ib{F#NXDk>e7f2CyTG3!tJN)+hMAAnfxoK`tQ|-nOp$a(LkWc7 z@VJ6&cgRIDcn>9yc%y8V3q8>ADxtqU)%(0Ibbel?C`kvfc7p7FB+41w#|n#Z4T4kp z3_XPOgi1pU9}ygMhaR|-R;1Y6b|#$NI_Pg`Xj3h1Y&5z_%mgwtt?}wNYFUy^U^bKM zgxeRd?47Hs$UJDSohlHwez`;lVMsDdttlx{_oqzKE~L+g@vM4ZNh3FtgH~YfCoXp7 zFRiM%i>`cX6v_n$mMwdKbWz2o)~hUI_KSiFIfW&jB)3iwRxEH>g1V-2D4TZbdraWs zl(udLFq{&DpPm2WEtKeJUUFiT^>NSPT=)!AsvS89(Q|(chIeSfQ!nenyeuzVRefL>L1R3|()UPd#z^NnktoDn%EgCFQZ2xQ#L)+P`SPs&*dclW z9XPT!qDa&qLH38fzb=(q9L&YObL<1;zjcVDvE2?b#dFXm_zC-WZ|v>cIUk)Ne6|aF z(?N_XGY|$BhyDX3GHdV4P=VLAe7^JPKiGCk{}mLs1a3He83$xK|9ek;jIhsd2AA*R zyV0&XIejD}d;n5`hAzC3#{b2%>SUEo$=FytFQQIDV-RS@vvp(&c|I{x<+}EKtm~9@ z8;*ehkhmQES7q_^rBLIrfIt>QI#vxlncbot9;_&4`f{Df0fW5o{;w;$Yu_s;uIBvV z;tlF&51P5dh|b+Pn(Ty_6d-B9Ba~d>mQsD3(f?69D%fjujWMf^rEgV0^Harv52c5G z!DBwmQu*<53pim%QAN)kkF_9?+zzwg%JRbXgcQ2ZlFUrfKHu#$Q~bfJJGLXhKl9l( z-4TBOq|;*&LXL;vv0D>&f*^I2U3uBK+49@+6COO;-DmBM(Lu~tF1GPg z!)JV;&-sWC=Jt=Cmt+DOz2cO0fC^7&hOS-9(;0Kvp4A*s=dTwsM<QIf#q)oiFWFyDEP>p@3?^tJs{KKY>5@ z_~O)l-z}k7rW-m~o?yv#Hl$QW5)2UpcIc>eftDOs#sN~WLxKTbsZx2r_3M?(w%TWe z8`}gwDMf9lv2QC^We#ALSeUgWvFlU9FpbF(fnMb*pIbV5dPq)~B2B*QxBLE*WoLM| zAG&7{;Jiab8u-DRfA`c}r1Cuya>37r?#N$`s`EO|a0v2vUv}w)$MTYt-e0MP9&cKL zMD#IE?bOO!#kn__H?_G+P(kM%s9pFcdRt46H&u-J9ET6|S}f<&52%Me>5C>gz|+*F zv2#~oB|Ix${YBs>sLiI^mZVLq0hzuC&u8DZQd}sZ+~`Nmals zZ0td$&JMH&O+oHxvEh743Uf!)nzZ*fLxYwHu()Laqh9%k6#z*oszFu%f-p)kydX3-tkE1* zcI~^z8uR2puiHCzct=<_gB=XJ9M-FQnFxBKAYT>W8@|UO@cLlSuxSsdu!hc)j`+() z85sU<+V*GrM-vk8pM#csY{p7!wp24f7P!%k)J=GsSnL3~=OU42{O|(Dvzz^cSdQ~w z+hng(oS{Ktv*jAoZ$7rt!1V@1`;dDk-)heFId3s_pXzrCFRAY$sX^IJIgG7KZBgq} zWf~B<5|pc;xAhHB(+#%~R)4Y8Rm?QeY*b_lk=BKwi#hnQ4HQylsqHrh{lJD>CF<1~ zc;#aQgN$^x6~=sAFDJq6e~OeqyR!D9@j3-hsDv<&^9oj|Adw!Uv2!Yf zX?q(t{XSfQ9|4A*7nxclA9}twI7lUjF^81`6|Cv%Pv`z0&9jk8Tbw7n2iJV?{Uwl9 zw;0aDbTry@rJ@2e*qKmWSsqDK_W1i!vY{h-o#};ielt3m;b_bI{l&|1Vgu;8_-Na( z`)4q_{&!=UEoq?uE30%LIjwVLEcF72I}xc%QpYeS+@!4QMD}u7PY=2DRnC94l=Vze z*pA`(7=yTZYD8|jyb%SQg!#1dO3&CbBTn1hA~Ja`La<9@tv`LANe!+l{DFB{#$_U@ z8YZ}mMr_*SC2TbePe#i*&5~P>f?551$wex<3~>~!l-Ffh!EKwV!`lWd1KJ>qXIthrjinqDs05?!KM883nmvI?HSm1*gQk+)Y){8;E7J&RQQeCEulM=BV z9ObX1i7Z<(PFx`H;NQ(i7zOL9h;_wqzbfP{~7QE zfEUQbYxIK*p;+nyh_mVe5?b{6cguOlNWmnj?a%gh4?}%9S5(;H*T^@*;s7ynrgXbZ z`9)d9d{dwDLs`K()M|X6)I3d!vZ0taaZihFC1K{j^y*K|S)WT%$?cCMA07NbrGvdq6x-$tchc;^B{E_roKhDHn@%Ie6)(O z-(yeln}#bbUeA$;)(?Wmy4&D?L!H$KaHcG@+BN!@-~BfL7)L_>7Mc%4V=_xQdKSME zT9Kjp@c^crWFDGGZ{-g{jU8rnqNKlnH1IL=+>5<4ikpKHa&T!s<)en3w2`yWh>(QC zcZsRaop2?U^3TdhW$eE&+7*o z7zkgz{L={Op|}6e+Gkb+VonJl`!dr}G5IQdFwhyelvdG}y5DyVre{r&#p%9%V@Pk2 zFJKHQQT_&o z?>}OHY%C?f3s(uqpB`G8!6I1@k|k71A<0jxQenv27$bmBq`JX6wqM~H`t1^mKi$?VmZ@LFJE z`%h9E`&O~CkZIC0(BHOkXiQ`I^kuuPM@Lu5fBV7_@Ff2Akt!vHqMo^)Socq;x$g-xbmreR_xnm>#veRov;OA^jElnD3=R}#&B`v9VU}sdO3%+6v+Rrg zae+w)z93gO6vi{oS_vHjEckQH3!K z#NvJMn>A^lqGaVFpr%r{vAVUUX=CV=G{xjGP?d}HzWGEDT+ zTNOEYI{wUmHRcz0$J?W@&Kk)W1QZ(9@U~0wwznLT$gM7T8(oCfn|&^n3pbxVy^-nOHux&D-Q^%% zh8!$;IBcnXf;pYDp`gJ_&zBv0yTNa4oS)Rw4qarfUBD&yUsP)N*axHGl-8SslBH7q zHr2o%vQ8#bE8m`w2Ys~jcMoQ9Oq+JZT+)bW?{EFD0|*RmEEWUP0zKZhD5K8rT9 z`pCQ0xJx`SxLZs;V5IwCw+#*!RSOXa2gO1vb+IImRGyDijo;7gELGH|(u@Q=I=sjP z)w?}=9-LLblzfgZb z4Xh5QmO0}Xa*$tgl5S?6rZp3y5AE3GO{adc-8&#eg36yjETiTiEwQUK7B$`hX^H3` zlv_EVFh^aWz^2!kE&hK!!l#sLe&l%bGybFzi%>AOgyUywzI6iL1|uZESa8Kz_c#A5 zLG5L3DYpa!E^nXe;lu!*0h*5xjF)90TtuWJCA@xobq$vm8FydxE>q>=x*5~OmBt{R zex9>&v${6o*BKrRz#(!6M%~TCZ+7EI;ADp&cg-IVw^D7FMnF!i)@f}$cTDCYHaslMnfIY)Y_V&ghymdch-^GPTz zGA7E#iv#nIthF;yQbfOZ?W&0FnBd(V9Ole-h8ihl;O0K$%eo87h)OV5mi1k&gz82c zTE<5?)jIhl2G!m{$MqoJ**E>wURnd?RWVj~aC!S4oo3sGm&FSItu|rU(vi8!I3#_K z5NK~Z%-uc2Uda~zmLB_Mh0vDVH^q7$l0okSv5nD!I-@P8*^{mO3Jw=>7#HmIVWp|X z4(|p}?VOPdxgGwsr$8SIR(72s|4Pz_k^5$|b#d)@;2kcHC-M&ilfZ!Y@TB3=j@Y?>gkKCk*ZRQ->oztu^Fl;1aT@^7E*#h(GC z+tL2S?8_wBUBgc`idR;F$F7Q!cI2^T!@Y1Dj80e%1<&y_-UVjs$^t(E_S!*)dQNn; zqo5G@+w{Le`#`6c<@b)IeOuZA@uuu*DkBfV$*j8&APO24K+T(zyk%%($sk7AZGSj7 z{RrK%#Kld4IhKQ!(?-Om$@AWKbjRNST+}hcd*MjRaJj;yYoJ`_+PNsp#xYkNqQPG% zK923g&k?h-2$WS8J~Hr$-LFD4&hizYZJwJmT}@T@u!i3OJ@K_5jNV0vNA3C31A=nl z$+*y7trmcz-dwG51n24EfAgtWJFUj}C*|UMGB|(g5}5FY?MXz?n~w4^ zE_W0)e@V+FHdeGK6Jm|$dINYRVctnN;r??Yk>s?5iPK68jDz{0UnPj$b{0pG#UfP@ z8xQ1Zr2*HM|H}wqJe%MOJLk&2YHJb5#gvt@u%}S%Gb;+7AtV|!DEDJ>gHxsm-)?2a z)ww)7A#2gB(LtQ+5mH9_Le4&i`pZG+ecr5u!ja&QS?zdYqS_T%6pmn<`(^}DfKhhL zAa>oi`HdQyZ>R|XVfAHa>r@4a*xEZ`4eqMSE(}_5Qsvu@{zPGb?1Mff&>Yr?=?|Jt z>3{KOU2-bJNZJS4Snp0o_pa#ekX$x#I4Oj{FU1H{K7GOL(K6_3VXuAKt?EP4TLl!d z?9s{L4Zq22{jA9*o?EwJ*-dD^5UruG`jccF+`>)otLsXlxg=xZnkdD>soxt#BE})A zFKHKkR5vYw%p8BLUS<5ffxx%cwi0k|Q7kB!HJ*ZqxsdRG=9(K9f27IWlZ1=Kmf(;C zLumQGJ-2IgwkCc#;8nj5Nn)!|Xm1OvN0TwmGtsry=@QxQ)*URzy+?bxa*$7&EhgsT zp6FmR2EcKPkbaMgnV_nnWaru$TFe$D))c&<%Gj?d#b4NaJ=NsJK0|iqF^*{STp28SPbPwL-NqjJ`i3lh%E288`=JPVPXzZ20(|TmD=vM|s>j7VOBid7*uPe7JkL~dv%3k?Vd`e=X zcF0qc-lu=KbaBEFfT7s~m;>Csv~iVm$OAAt;6Stx)U4XM+)g3i5AZ`9nSNvXQu6P9 zF_`>X0>eB)1J{aK2dDNP9)$K9Ymn{E%vn3+pcP4{!%5Rk1(rDF>!1ZfH{0kqzPxo- zQVytW)3UNwo$czJl<@|yq_fpwk?~J(`7Fhr6Lj~P_=t0eno*Hr5{1UW5cn|+&MSCl zqwx6p|0ui0WDeSv+{_dQ+wiJ~4bb&CNLo&rZUk`}(j*t->Xa>2_gaM&nsaGi+)8!@eN8Hr(*4?Bjc_!gOKQsyum&fzUsyfekv)S!drj z2n(djfF)c_yj`X?c!7c~GAtcDsOo8VsTUy=R3B#JUjdAvXeCCKSKuTPZ-0y>4V%md8X5Dk(>l)wd+ zT9PqkRnZoMsI6@(c?UgiH>3fveaXZd|1aWw0y$daHLE2XlBN9NShB zBqK0;bVW!l0DV1I5<1`;aX9~&ZHS{AvJ9qIG}`>${BOV-#qPbl5f?~CjGfw$GrdZFkk)Urykqz~+HDUoPc}QVY z!>VE%_2H>`wXN1eOq0~jD7Q-5iN~{kU_GGNKKpXPtI3|{}|Ca4vHMnnud>J|cMls$0P3|vOw1XO?Yt&=VtfC?# zSm1=3zmAz1X>Hv|QTxJ+_^SY!J_k1+Q_e?|?QX*>*LFA!zHwThEU`eW<>ZS#5D@wB zwV2S4fIFP8mgUFt_im+_z2`_(6=m-L>OZ%pe-cKI?S-8hP&H?A1}$3L?T-Ll4zN}< zlEsRoendQ3u_V)HA4DwOC$O2`rh>&9%4IxXroE1amj~*73;zNleH!i_&uWSEArb1A zO-S34J1-wScok7rFNL9L_9Mv0$9kqc;*`j3dEw@xj2<&r>_yx%ffA@3z>QH+AWM3Y z(IFD>m%lYJ^Z@y%^uY5F0uY0RBAgOI9`aXIhZHK0OB4qRti{wvdI-48WXnK>Ogamy?RPng{ zzMPTSVyVi4931LegqWYl*cE@LN?QBF8;yX6VQ)t!Lj*=Gq$#e9=rx-5ISxIm;)O zzJ{W!Q2T%H3p&p*E5LIM#>~(-iZ*sG>aQ@aaDza+3jW~rDSqO{0JxflX-eMK+t`n& zH&$xDkbSQP+vjgEv+eKpbd1H74l2`X==h4SpteV~cU!`O8{(&ZbG(5O9_n77Et9zi z5fp(~vW?JcLu-(QbV+{J*~X9vd1QT`CB?EZVtXc7)$RzV9+NR)D=to2c!Z=L)c`V% zO>)%^g^0wk597I7i@*gq`V_qgUOIj3M>+d>4$}2w>4ug>RC@UE2hx0L94w>i4(NAp zWPdoJD%aaJB%V=5Ao7_l`+|L`x!7Mu`BdVU8j`bM33K0ftf-rv@IONsr8H~0)7{ty znV{)!vifeo;WYRL7v4K&hF`tP3(Q5fb<|@7M9fXb&9wt^l_;)tiVYNf#=>~b_1R7j z1Wb7uvT!SeoF!%6%G)V;(cNH(K0-}&$rL{myrWbZ*6bGVffoAzgv0G7TTwX>P*p~u z;p~#?Yq1omgRRl7mB`k#I4A9-R5(9h0MtViTo!ojjjsq`=3@n`6S?rAqb_0b?)dP2ZTzOAMLhB$dy$joHc7x z#0GgT)ZC{d^L-1Aju(?)8Ot1xo5@SCB4H6~nDW>!)o}~Fa~_Pyt-&bTMumRPvEb`W zHH+Tzkbg7sHBnl(aEMD7bVjFjworfBX+OAd`}+DQEAjB|Gf6s)b1*ho#)VKb?&{lf zWicJirhf6N)cAARVw5XK_xLGWsF^rkh)K3C7s-81Dq3i5T^UaFifx8ir~^NX#nL!a zM3&N?jZA9GwJYg20GZ+hJpDhi>~NtsSRD?r)`r5U;LQh(=Wrec1-Gek+y;B(WGb1v z6*|xZ`rJL}lh%RjJsx$J3fQIr>3m;xgpEUJHr_zMvVg1UnhZ~rPdg1B@~AloydsS0 zv!L*YyCP3X*;PLDaPr0&u_{%H?3jMO+zDpImucsgv0P>~7B=Dyfp+X=mVpU@a1f=v zgr24{Sm?q&^1-;XGKe{*kr**n8)gv8Wl{TEk>uSqpZ~luysB~4afSg zkElbWc!4Solv(p;29Ik^vhquMs%c7am}}}TkJSr$_%G(ZS>V%X8{uf>#48a-S1=WH ztd0^_tJo)42GSGY(J+$b%wXp|ahTJl{!<2Yo&&_hH`$Y71x{7;jbqmiKJ0O%a zYqaW!GZj~hEG4dub+i%|S~iD_X=ZR$?idat1J>|=;|4-GSDRYkgCx~G4@}4?#x?~czyurhc(umH znGS&1;c8ZY-NhL!mqId~2p5Dw`u|i`Aq0FWFaE5qd>7Z^fVa0&UZ(`Ji zJsLGjy1m=)jCrT6u+rKBp)@WsPx9em{H5Swp-tGu@e}NFl8R*}>KSA=dm;aX<4f^( zrZIMT%XG>&O@-1w`sJ-D;oKHI(tg;I<=geT+|USE5u5^Zk2J1^3NMs$n`0N0(h*JZy_G1bW;3`7zVrjyp ze=!x7BZn&TLINK*V<_v&P7PWT%-2*EAG3YX=&BHl#;)6h_66$wanWcN4YT zO~uc6`f0_JRimxqCPM?{b{G!v<#Z-&*u6uz5!~(nLkDzhL(d|uG+m<_ICVAC*4kzq zHW7vQV*cC>?KUreWa@IM|H3xKDRaRo9{s3n(0t-zEuXZ{QnBU?3=((12p^yb_Cg7J zW>9Cyuao1XxLFoCtTUYc&^^?cEUDSA%B1`I zUX-W3g}$LAD$b@kM%hWH%6+AOSwAyE2CIsl%Ixl)A43Dhgw)}#LB zXVP;#ukwLGz!>+-HkAIg^vN7xOLOmBZX9FcyNu#u?@f@GU)~%h^JIc9{?2@g0;|`6 zzv$^2!q|e02blOwI#|?7AvF&BXbPLiZP$D(!EW@aMYDs84#h;UQ$F!1_1`A}T)wF~EP5it&D2^VJ?vUr!dqAn_XDbormK?Cm4=EZDKmXA%sp-T%kxusKo%RMBmFv%YoTO7{YU;SdXGit3B1K4I8?4d?7TxkC;#ox zwS80osJ#UJC*Qyf=xxSfrEL1M+f^c*sd0YS-rIr*689bmIH^dhrFVoCSHl;RkOQ(X znKLYod3#@%(cZ6<2eIt=+d^9GSjr7uilruXG(!HW=wLysFg*k$r3%~r=KBiDMMjBc zQILo57Pvrcp^kDZYkxlcP%QPD>IQ2bLWO&+t3g|j<#5q#SZcAI=I>(L=lHt{vp>Vu zPjx^A+U$4Q_-%^3m>5IhPsy72!;J){>b3|<04A1-YlAl(0W2?dURQPv{K@Z#k2tEaR@1r zIn#ysbSQj5%^{Td@480WkJD1#Z{-@8hkRM8ofu0kN2M&`#?l*B zUg0ne8g-pMA1o<1uYNd@>+94Nb?6SErE{WX0nyqKE>#YVu}P*zb9Y-)F|QKx`QhaB zTqV_K9+-xZk@EO^Nll*T+}_Vxu9k4-i#YG`;5^uaCCitIi>}5^ejkiHblz*bdErUu zzkJ-xYWShcEnr;HO7<98f8|pP4uda>54`z@iZ#Nio77X$+7|p@COuS1TsjM9I#wS4 zgSf`HI+09$ojV|(CA^S%0R4x3g2Zod^-BzHe;c;^uMAtlSZM03y4l@gIjck7s9!4u z3L*rw&gTJzX55X=0pP73U^8R!^!l4h!t_G^G$GZP?_OgcB%Z!%4;O<9Ql3jgJ_;md z;b~|q7NsbeuuzmrVFXGQ|NWEZ#dJzH49~baRAR;+ zW4kamZ36dX8*( z0=E&9_35&*22WFv<&PS#GK!JNCW)T)UR9+4h&csIv-11UCPm|)5NYiR>3Glw#2SU3 zCO#zi#=xWuBM)ELHMl@s2U#y6ng}Ch^Du3eZI+3@huvA7gBe5=Rfr(DZh69b7!Q}< ztyGO`rvFqEtftB(;|r>V);XoWX^f8+(;~{;&_H^ongmTw>^)_I7}?GQp!Ji;aEQ_@ zo31^2;ppZn0R#oKeWmCLtmF1+Z6-K?ACxZl+IdxJf59J{(j1Hy>q^~BC9T<^L&sf$ zCse2%Uo95_lxN0h8VL$2N6wj{3f*K;@%^-E4rIJ!{T;>%U$G zEjO8kVRw#OlFS@9PG5ELy3;^s&W(Nc3y4s6G>U|qmFtg3C1?W-rk%g=ot6TQ1lj7w zJ;z7F=YnhAvFGk!Flmsh9Vg)ur6I0ZC^a+Y{R+fn@^O|U*Jv@Lu8PhqkA%~CI6`7V z5L@@7c>m52tHIWs^DmqpjKNJ{c`;Xe2fgrPxYM(ogn;t3O(*iFwJBejZKy2^zf>o= zwFQUU15L}qBLB|n;)`M+P?NE>B!nr3uc=vb%8jfRm11`jz?)S1tS23-=s||dr{fzbiE@M= z9&o48xskn97^>Kp&*DWWn7)LPh(Oa~o5W9~F=cl|_Ksx*Wi6SN?5Z4hP4!vur5)b9 zYVEo{@rswol&1vwe9xlf9_fm! zwZ>Eui_;q%yYh{&2GyUiOv8eoUs)-kK?tcAc|& zq>8;`opcc-V5LuQ$Y|O6x1>l1Q01RnX{g@bb8brF@Q1ZWb|s-rudTXs~ zPK*3#4Sj@4C6WvuZ#&GlsE-$vy@YZ=Nd$softx^aD=MDO_VwdNf+K{G#rn@t0T)I7 zKuG-A-0}VGqw|s-j>QicBvQK1*+HW#e!~hx-rN(3h}VN=dTFF1>`FFEq{v*8O(k^) znG&HK3#<&@^ZLYIT@0FGHNlUlx{HHA+2zswOQj$i>_)wIfg$J!?A^rm>%5v!Ud@tT z4aFB|glt&c2d(XUMEn<7cnRs3mS8{LnD~~#Djz-qi*V-ioZHBA9D7ssXbG>gLhi=m zxnv<(K_XYez5^b40>(iw6R<2u%oiBl8WO}%ynKx*C`+(cl}&js#0ms7;^D+dT-y+l zX_?-K^FtlSibfTOim&(<63Lt>Nbman?r|DOMoG7l6EoUo31ek^hv5jLL0YDqg3XOMc zmK85&=z95&mTZKr-U@tsv9|Tgcv)|Ms_Bgk3-w-c_PnKRo^j0Vs29Q&mII5uqX~o4 zSenj1JgnTaaD`M7LPpErBeP?esVGhc{{%G=0F{E5ya(H6Nb$AUt8gWP2)(J-*Y~Di z`4>jA7{V^TA)-CD5x9Qg6qvcoZ2A_xXtqiYM%RazM`k!7b!gwnzMHwfQ?~a=Q_ANo zmQ(s|nJ)X_eZan6yl{m%jU@e&mm_#gj%Py#7PC@3cCnsKYD;6`$<#}{*=k;JP zyN&1pM0LjI-=p(Wd+LbN<-byK%wk>N4J0#?OJgUv>ba=DSTs=@)?vwPj_3~-4(d#! zd^*?r6lM68zpEkD4))`FGQ!>#WuRt;Eb#7m*Ru9){GlEf%XR_vb1H$X7rnB3qn>hD z81E&0%lLNvPWO0&27_k*K&vCH7(p>xG)q;N%}bVz4P| zHP_elGmHpZ$aE$N_JG>_eq;eYSOLOr@@dVtKC76==M~qPW!K^w)4LLS$=oYt+*tyH zxgjI}N&LKU2{Y3*`yshG!o=6R&ZSQo)RcHD5&g5>-!#u+ znWJA7EdbHs!hIo7e^@Lfn@i7p=P%~bf0V>_Bi*~P8JCBr8|hBT7peK~j%d2{0|Kc@y+WSPu!-3oSvUnNLKP(Dx$3%njdj6fT zF)H0Q2qU%Zwb<7CsLB<89^1-ZP!MatA)A8`#zW6{U)|-m2V1t8+h1)r1jM@9xTE}o z)u}-|nnP@Rd)iIFQ~xGcwryhzpzj&_Hl>gZ`fn=+Imp5Bui8`GcPKdyoG~X z&Q9O}U+`BsICi^)9<88I^8M~t=rOibJL2n)8qfLK)=5vQgQyDn8(_b2VDLJR-G)#P zwkikkl|m}>*0~reiB(?>0tLxHKlZOUaXv4PSd|c4-H;oa6u zz7#Ay@EKe1*_oAwzv8)Pa^Zl;zIi_V1UT3i@K$1$$T@>)58AFO3Q3wRPD`d1icm z*Ry6*??E7T1Lyy>LW6=Wtht+(7+XzO{yr{1iaeJFbCcnS7W_Iuer$`s4=(OcFT)8xH8NQD{ zY#wAg#>+UuEnljkZ48WAJ_e=N+7C7Y^i`d%W02X{=NBJhAu|{k>4_YQp+jpyb&#d7 z@5l72WXXM1t470l?ut(wub+e!YxgUJ;O*?)%4q3nz#81yE2ReRZcSi%ULrcnuxMu? zMO1^!EknO<2W$6)=Hn3RM6BrEzKziWI5CnEl~@jJvKOkOlhNpXl-lB+VDNpU3^sxl zSnH5B$L6JThci|2KV5sPnjlnD6{8vZYB=o}rnYeJ>o2jO{pvgkOO^AqX-L+&82V<) z=;Y4gc2xjTuJ_iOBWG_qAJK6`o(FBfD0HWsfyo)+=q@Jq3I=XXW(+P=Y*C*aE6ppz z=XtFY3#(#meTaGD(+sihV7(*yfIdp`{y#NlEL2(Dhxo*b{e&wVSlH-Vau`ij;*fwo zC&eaNFtfH+GMZF8=l8g1d}q=XnBnObRkP9H71`0w9w7?X5)95Xt>do^YKB~Bz8lBz zCCv1Ipcp*t*dT0>!WR&fMY4B=4vaV=M`7wasmOww$8Za2-KlqrLV0}aRrKIHzcu-b zj(iG+A&M%CF;x<+{lL+JFx>OFVR`23@A|Di3BTHK8RacG^W7Tx^boEA@b(s5`kE_7 zT3T7WH_!10a}DV-e&b&K(>qk@&V`IChz`zA{#Dr9a6bO1si#m@9?QV0)aQ#Us~j$a z&&39s8-}bwx97xayCn8fC$*raR46AUEO!^Ftn`EKprH8i{g_HX1+1yHzO*+eyP6hW z%0S!bCTGIYP#eSe7O=!F3-L`$+b8kKqlxPFnCeac&o?YzV`U1`JtGj13YMRn85Ucc`{vyDITA+^%hSl-T|uj;x@VU2IBWtpEz7~ zjZ?nF=uyLS%;|{VZiYn~9%4>$chq5Y=p>cIV3@1z{yL@^e)>n<%D{4VbUq;SoF{(@ zP_ouPT_ua%upF-gVI%NM+Lt9ujR(2~>8>Nd1}bkS7QlX2nN*nzfg=mf{}d>AfSkR) z`$PmM+zizDd>`_84CS!*C&AtNrYpH2H&qk7jk^*ph{#6ZpiwCuH`Njni*IR{?oC-w zMeZR8+o+grXbpSGReXC|aVds5gI+iR6dAvIA&`4`imhLe;sED~$IxM%1W`e47^JxF zdQYZh$_VR;i5qHXuy7+Cuws7Qw)jFEzh9kKCEJJhbc_4F9@ znrH|Bkp2@RGDtoA5|`EcbUzYd6^H{WnWWhW#o#|($Audf`pSm#!mubIa}Ob}t)CXk z`TNPRW^4|S3+^kw-e5Xzu$nu%Yz{sCJjy3aqGnmuh6QnIIPHlk{r0a7X;$oMt zLwOpuF8oy%na5QU1sZP3lA|MS3}O5Xh(mCHM{i25)?YZw58@{W=e=Zx^I)!RAkiYB zB_dX=QUBUg470tGypHq;e>ds_)G5I>wz}q9s1yj?M#1s>h1*i0jwn-m1AkQ1iErTc zUFY?{%>d1sB6{Nl>yVej>)9(8bNn^iZD&zb46t@C#BwC}gc<=jvT76yK-h#egVdYx z%o*hi;t&Q;03uD{-!eubn}x)mZR)nqMwMbn41J?R76^`>0Nj`ZGZY;8`;vk5q}pc1 z>MyCdTxk0g)v|K(B&fJ`F5x?pzsz(HxBoE~y~^G+|JV`i8YX+yQ*bQcI5{BTZ|)>H z&4gBR?j^0W9Q7&9%M7H>uL_P!ExOk=miBk=`4aR&; zQ-f)*@EK?&-}l_G*S5W;Pc321AIfWJ1Ul|w{ypB^kr?T;+SUFk_9-v7alOB3b#}$UY$HP)|LZ@V{qTj>i^>C zBWAm@o`7W~^xCssg!kaU*6&B{f0xWiv9{iz z$UR7eG+Q1XqKE|^$zPpc#tb0Hx+YB^BwiiIl);$D!-Jb*T+~8Wv&Ciik0~Mc%rmrs zaTfD7)z?Q-foQhwN_gxgw6m6VK_QLRits3{2$wOFl+6V8Azf+M^N^YFqkR>`FB5))$M!rXB(X<(X;Lx(&TX&i#N8`j~0r@z+_4D@K2IgXkdVU~GQhM8OOCBjVH`M;jYE{}qDRQ<2GUoU_E ze9Tu9jkT2CH%uxJ0$rZ?6Mhh!yjS5bRe+qkDS4Sg=N#C92@mQ&S4jiI)ic4RGF8OQ zFZ0yp>3BGV$kishSvH(x4E$a;noPH3NyMC{}C8pNrfI97_9ASitBIQ=Xv^Z7Nk62 za-}JjSC!0SD32&GdG2Ol(2I6ta>Ao_93w4-aYk`r_(VMkAKDgyEjAk|#pbD#pD{s1 zbDZlk_xKfcn%yJRU$XP@Q{yT};?>s;N{w0Y;?p=H_vt-U^0W(%fUyA#Mi8XX*SZ1? zJ(y;@tQqZN%#T&@3z7h0oMx2V%)1}n)sfH`gJqvcw0Jl_RpRAnphVhPWm?Lxy#BIC z9X1f}?~A{8Byo3&$}?F~HC|H~x#O(n`-XnP6%!knI%7uKE)*!SOqk5QDH{Vzn1&sq zvIMp(A=ITR+qF(KIb&3@y$l5~^$?9-4mP@QrE%zi|F|+c273%JsT57@b|aFCi2c@K z?g-x-GIAtQ~~YL^xGlD zDbX3fmH<+j^cyaye+2_P$E!%=`<*QnPRf$wg@LJ)BM)kj zk4%4yFAJA?`1jKAW!qW%WCoUSOob*$S+?+N`NA?7EF~sUFdket`vYkvVE5(CX9ldX z(O-f#6>u3Ra@Cog-_w?95zJ;VSRCGIHMNrWM%uCNMKJ$BrRMcbY(Wfgiu541z~(Y{ zf0a`HC(&aoB5{D-AIW~Z;t{~1J5qE5V=W7dA0*gPB6YOAm%=VI$ds}Y&FnHO*Qhv zC%SV>;oxVz;#HXb3WZvRfMR*B0%^iI$ZYMenfQfS4DPTyL2twO&C>-M09O`&N9OctK^8y)dKNDqu_lC2pNPkCVahFR zoz`1E;-&ED6{YB+VD21cYDylULB8&IS+Fi2c%aEpALXjY{7Jtn?HMSv!Q zIceL2=o7~M27(&nH>+!=QvAc_Fs{l6@5waQ&HWqG1Qxl2Jn_M#SxH($X43;9LLxqf z;j;5nHb_GNgy-~&azXc@J);ffLf17I$~I*LB@A|g|Ls}mV#gOski`+t62M0|-)Aj> z&rhRGY5E`EPu%Ofcyv_Lu90geuwVvxD0L3WkVt(p<^F>>AgH(Y=5^Q9@RF>ca6kdU z2A!hsuLeTM7jS(D`#{)ryGh}Fs+(!?kbJIEqQ?W`2kuvgVpmW4nhjCL@4;jkPgg_@ z{;~^W8emQ!M5uxsX?)Q3s-trG3z#ZIxW1sfm^opSFAgyxvVE-4a-Gsz=1Dkeb424f__O5U;w?V5u>jdpCp)(EBN3CK9nw(l7<8u&DLROqt zG7Mj0i$2NdN^NYZg-wWsE0&%B$-OBL@$X|AI(%_v(#O7dK^Lap3vazcAX{VME`Sf? z|Jq0Rx+hlDV&{AVCF~nsMyY-hmb7DK7wB8EWAkLD?5l#uFe#mz$p_wxti-|P9V2@m z4jZj)y|9}fLx(e23BJQD?@?OQ1Rdj^I{p3qH2a}3%)$y{5>Jj~0|kq`3C{K_`yo!g zuUs5A-Vu+kWFLny=4mw6bK(;BuMiWb$`F>}H+%%Bjf7A1ERBEEtQ9-nchD7M(5tXS;*&KP9@+FFQe+mLZ4sxSn^E_lKc zD9uY@=RKLXNU+#z>Q%|IAA&o6BRS3SZC z$Lb(6onyPq1_6rVtBrm^geEGyO|aVn=(sv9K1pXHU%ueutHO zS|`M$Iybrzp1xE$^FVg687W0_Zm++((qvsj$}F^NENCfR_ULl)QLXBTsIrGLr+h;Y#tcxp#JH#V3e{yx z&Tq=?yl^w@h2v-;S-8(o5Oxmbn>5T$ZT>7{KW}Pk((Z%{?ZODFk7Xh1UkmfU&04y> zxN%T5v|EJz$?hr^afxqY;|MM8K)_`;OIEg)ELsqm(faYZS_C$~CFVQh3QNbIa58V& zVXHOEqg-HPzYv(vGvn=9lOe~qlURGCaY*gkE6lUsAx|ky27?WmqPy^O2lOUNQ0_K% z$`Zimlsc0hqd|7Rj&v8Cr7iAUwsp%?Ax0Psm*&%IDp(m&WNG45xiM=E-cyc-Kps-% zdEr=sb!T;KxeJ*q#i!j_)O7rqa!dYw$?wYrV~ zTU~yUBQ>kj4OW15x>F%8@NxS{#18n?>?!8sY}-ZT7C=l56@vyUqU_fWRWY<{WXQ>t z$`kaqKtJWA-a>-j55knhM%257=;J9{Lg)=TDdR;*s_Uo zM-RJW%lnp zP8Tq2y)t+kFBY&9I4|(kA?Im!+EM3HO7NNfeo3uH_&><0vQ4MLYn=MOF{Uyd*m29zQrxmYt?xE#H=Bb6KRebD0BMXv{!=a-CFpbvQwv0jgVdq_`QB61KS2#g6#3$C)~s-W zC~*Ns*%u%F!W%$#^5$ql@<$$06u+J$5r%(q2r%=JBirB%g$I^mA>{W0J%1jf6!{sT z#$siBkptcDQWOExVw-snpwM=b5SHA7KrO57pF7KBD;8g!1ZEXUQgT;+BH@}1v zr&aw8bl=adAQ;v#apAd@wzO>ku6l@E%|VuCa|wCEGP01H=?CD#=DD(Mt5ZR$&rhV# zG5}UI^o$2UwmmOMaLn91Qr@`10%Ml*Cjyv!6pL=`^^dnHKYs2P1bNT|vPm-fx{K8L z%{7=U?oWh)ouTU0WB!%{C!2U3^y+N)HvA6)SyaaPElAT=3g2tvpXxsC$=(@O8{iZ& z>gw>6HUX}Su>-!|>JgjN*s6=UgGFYO(+biDkq~&oLsXl2+u@G#Qfw!{s?rFRB;_l+ zhFla;zsFZuxJmVK5*@DwF&CbgRTYmH5DfNT!0DtrA3AE;fr;N_C2C?{?I_KFtdcNm zu!)AS;MNL12<=$|JV`;5l|*`bNYLm{N)q}d#h+WoUKYs{_z_uu?49uSgynN|rLuh0 z?nr&9fh-U!3Y1fAt0n^F-S*SQm5MJwbRB5JHF=j+#zfc_JP}XXoz-hf(v(8 z)xG`F`2d3*Y%1!&H;%fD<)rGA2(Woe`ZeQ6W+{7h*+TL+SgthZI(qsv&H(W^&Eqqt z$Sn*l(=PJoHJL+DGxj5?yl%p`W{}UD=AwR@zjRihZ8oaWx0q&I8o>SKj&A*sy9?aDN!^PME%;`*=`Pu_ zEL!sMs6?BPP~9$o?!9AzUm*m^0qJNSdhYzT7>K}!$B4>10&Wf~j;g0vs#MKWcLF0) zW&wSxOT=%l7$qM|dXYnH`kx43{*G?4K39~2=wkQA=?AiQRMJ6tF-Z@l0h{c4yN%Csb z_jHXWffuZGxUh{xHPn>6qu@L)y|8swil>qX68b>$~L3N*7%XLZ@ueO7J&r!K|E&*fh(DQ;>NG`0?bc9LB z{#Nb8*ioSyGCRcN%HASfc?#VuO;h@Y6_|TW-OQ(zIDLlv^@6+pqMm-W%1-59!ae$_ z+Da1e?KZICtj8m$gC`lIegAqTC-BWbh$Bp2}Peq z&2JuP7r6ye&u0zHQaR1C0!C;aS^yz8T*L@8?Sz5e*FviXZ_l4Xz-twM}lx+v6haMeMw*2Z4!|bHjF!rJTx+@`E)%c9KSyEhSmt~`SyGdWf~pIC#vH|#O8?#T1lnK-D%9|;r|nkoS)`4g-;5K^npWj~Xm zI@E(yNP)MMC8WZNFRBJOD|rJ2xc6y8K6dxTG@}XwS5zEhX>u#6ycfoX+S<# z1YY>7X{Xoq+pb!-zK7#-(FhY~y*gS(5M&7`-+jn-FIx-cTILswG!1pFA}O@-S~sV0 z&EP5+2{JJK2QIJc)%_!*I=cqlx#>gz7}?;V?>tkR2@=ZVUHTMBQi>km5aFB|7dI4a z3nio#t|p`XWgiH5zg#?l*+$r!Vp@iKnXXS?vNgFzSGZ!E?r7e^_Mi$^n_i7DHa-r} zL+%5tJA5W|BLVAPps#QH%Nwi?k*m?jw+fFDins`Kl}-i%B+b zjE82%G*;b!K?9^K!CCw-LhJGFMyMqIsy3nrt_;;r-%-ZFR&GaHlF26bL>q3Z^6aNq zrXrH!Y8d1FsO&p>$UpNu?R??Q3ZN z86dJZiHFZZ>xl->?=P+G3-Cnbv*>}C!GgnXjh@`VROLh~*NaZ}#Fl<+PPE_JQJ*Lv zxvL8B`M8_?k!hD~`BrcCDPF|A!pfvPe0;Z;!B>N>v962!n zg;HG2Rh(E2v$FXx^&!{Z+>;`? z(R1?mkFqXx(Wj}Isy%}=pJhy)Q3r2nuIc1ECr+Rl^|+(0t76*6m+mp~)Kk-QYyy#G zw#r2=fSK_MF21B!PAe5^27a5Zfo4vt`3{qN%U8F*-Oi?QW+MID%JoaA!OpwJD;+~ql=8W-nt%^O1Z~m_9 z;PEwn3QF2{hw<$!SJ8epy{&A_*>6`i40lCPBXnx-=^unIisGG1sh@N1C36;|y>b}e z>;hnwBwR-xm~4ai+;6N_e!LtkzD2m1D-f)oqO>Mr5&M;b1tNhqzOk61GpvNk>=sf@ zNB`FICp8r*u}X;9XLE>67y8grwPp1KMaU^c2HEW5d%pb_NFxjWZ$p$z-OaRXt}#Br zX>%OSmX98lz>{>JUvI)Znu39tp*5V?eY3F}R4J4H+JZp~@v~;;A zmy0l9=SaNn?w0OCg3n!4$)Dx!8|x$D4WAuZcl|cq6E7TXgfT##`NJZjh?u45Pz!$Z zNEH?;aWtY~)tyi1P-yoy*(32I-7|vMk+`_272<1`;{G6yJU%C?RW|q}Z3FrsFKh%w zD6_ZP$%VFQL`bPoBhDg@|U)O1+iaNP(z8T|~8FZQlj4HllWeiasA0)1uCk=_UFoTV$y<%!e*no$yz1i9psVzVnUcDu?(t zD0dHZZn}+ie+ZXqDbN(DD@$PbfHOWl+B<)CiitU~(oQ2&703~l1(7lk z2UVQ#jT@-)G_K_2KcM*x2^-5Ryx|()d>7v)NehhUepi)c_Oz`FhTm9D1jDH*XMzK# zO|NcjNO@d9C^X&b4R07@tk_VO7qZNwKFuk}n~pc1sZT4ibgkYo!N7GNX6QK$aqFr( zn~9Q7l6MQm@ixUeZFdfRYOB&&;{xk?od_}oY7FVXsl7GG=v;b#2Amda4)v=`zurgX&wCsWq-@x~ zHvd2OvGA^a|A)M7D!9dsR~D@ZQX?9Vjohc0Ro^ti6Gz6=XsN)M?`%PWDXh{CAU@wo zCwp%W5mhIGH+9rO=YTBl^qi*>tKUX>u<&>lIjb5*E-R}(^|G1F_C!e3uJ`a&&ic}@ zUB~3g7S%~t3AStWbJ%ug0+GE8Zm32lnk;1H63#gemD|gTg!|a_p2gu4Ha|m{4DWDz zBbT(nmTMKbN?ly#R$}bco@xALdvS5^6L~yZG=OFcQXR@HYQ&g5)oc8sh#Y$wPozryo4I5%AqJAf6axkIK3Pk{z^;9n8WPpCUKEWf1d^a>?Rd~?l8`HcFWVy znl5kshFS|q?WY%K*%5@56yd(JlEWjo#Z8mWDXiA1K$k0XW_P-Z0Mik3UNjv6!X^oT zobiJ$Vs6pKyxn`vC4(`joI;V;mhu&~LkeEdD^Co?>033Wt&kKa94@3Vw`V1JImMo~ z0^H0WAro=vXS?e?QtUA0$t^S!hRb#+$TJaXzOtjil-KyMuj41L+S(B4e`vx7kMWMi zwMffUH^GO^(Zvx|(D|1Ulku5h2=i!N4!>!I_i<95gvLEf-bT~NXUQ1YZL;*UQ*YLg zU?8w|=s(@(3ols|n8DllRTVVvIXgc%7aOzEc>rZZTg{@NDkL>v7A4L*?yyoAe;$*+ zjrK9$TRppA5d!P4{wTyClWB7{B+}S{-q8W7(iC$nWEUxfpNq)mV z;VqH$-N_%HQ2nC1yFODxaoLHK?#2iF{5ouGgvXCzs4&tnx~GY>)TBc47?*qxSyBC# zt=N@XujT%QwHMI3eN`{`$kp(>tzn>Y45JGmmF{k{)NMAU^t?i*Qx?23k-o`+c6`o;~BlZBKS=m)>o5j}OZ19OdlXV9lU zh+F&smOu7H9@&XQ2@o{kHFhOzIy_LG?oFHjL)(5b0TZ+TT=S?*R8#Z|?A=A0yy~Zj8X=Ljy$xhDxLihYfd!!n@a`MQp=d&=kuo+fz|_zu znwE+CT=q>VGkqwDmMhn^h2%MSjr%k^De?SQd#J&o=&Ss}FLvvalTxZl3Zd2IYxFAf ztn(pUN+^W6doIIl5V+RxZ}pBt&a;hNVda66-SC5D@_UQYN`ap^uj)_kRD9oscoTeDIKsqU?KoLIpW6?m{D7`GqhuU5=JZ=^0WZ)0s+4 z*jlyk-C}CGtr*<$po?QFEzFD#;vVHG8uPh9pSgx`>UvM%>5U_GR3@EB1FsxLTfUUN zk1+j$=c-Q2i&uYe(YMZnQn;;?cSYcbk6wwo>kAd|*B_{|Y=K7wck$aZJ~G;R2#qZO zYq_)+x`kE-n}H^Is&Pz{8Z2@PVyE?x+^j;bFf(}_3o--3QP0kD*D(r7E3P759lBgPNJmTT=niQ56u!hC7EvGkly3e=mgeum6l1!4JIvZ3SjUDNi zIr%HrG#S^-$jigYFe52f(k&|*54(+&*G_zmT>mpciT7ZCy9LkN`M;dsEZHBEMG5@} zY2zl%9WO??LqXTk$1fP@dbeuK5#Ti?%0mOI^8g+KwLv6%^C9kX?EmB1_>F_NKS?IkAQn6zQ3WvQvHsduX^?BA}; z9E$vr2u|cN`~JqEz5G6SlF?(q#Q*hxTY%R)(wBZL2E5(r=*ZZT$DN#TQD(;xs1L)Y z0u;;daK;HzDH_t4;u{rA4<^{2{p?JYe#Ux4kHo8scQDQl8qkH`VT!?10FzC+pZ{3o zFi3Rq5X)}VK%1<{Y(uqD)5kc=ean^^@cxj7Ro8MECXHS%S)?YvV-?`F9AV=31 zuz0w)R}RPs$LsTF#2Ta}%j3hFt_5yCemGJvEYvSvOJ0deHl343tFPJX^j3|%;{jcV zIG}=g8cPd3VoGn6EfP=*=Hln1NV*&}wW8e8kV~n1v*xVlmnc$6?#j0zMkXlkDs*|b z!Cm`(wM!AYktUS=t$+|Mb_O3L6xs!zTWG_Gd&_~!NhGc{g5>%57&bNpkObMDrpPwH zck9z`71s+fmBhe+ue_=<^Tyw>wd+G6Vht_=to7g!Q%~fe5M%PaOJwHBk4qqR0 zDCojkt{lWz3_R>mS-9lLLpAu!G-Wr)bPq+(p7yq^Q1Ri(Lk(DwTHE`e`TBSh9eJM( z_I-b?uhthUc{!WQ;7ZAa79AnUO##w`L7#Ip%@)^@(C0B0P7w9Ur}K!dBCdM0`r-zX zkTiAgFNlMry2!K>G4nE0^h``ZSJ>GlYnJ49b(cd;Gi~&mluX7JY+VlQ&Ewv0egdL5 zD=>~gdFXPIeyYjxnl)I)Qzk}m4AP{){IUW5u>tu<)=LZdjkpD8H-!wsuSNJAs~x$+ z#e~qnK&fqI-se5;j;RJV)x~TzZSK<7wNx)rc#2ya(l*?{lDs}D-t8tTHj6Tao}L`w{?i76>WWK26#e0E1K14PU%`!^>G5i>Ks zNwz{!PUijZDFr}>tbnu9;$>9_TxH3QTpIS3>u%#(QvAaVE{20RV+Dc+LfD2_B8H=7 z-T_D_=x4v%p9g3josG({?Cv6zQXA<3x}OrWD${gm3rwtTs1#k+yMZNP6V@)niY(ip zj^$3L(%*+I|5cHXB6Dy;>s|Wpe29R;TcoLG)2^GN@hc4C$h~F5<$0l!boseVF~`B* z_aml_e@`pwn1j-YPWX9xbJH_3eR={KO{!^c@VgXxx-NUepOicF`CHo4+$0Zyc(sWq z`7<3JpqOl|3`_r2MN~Dkuq2DB)e+SIMb_!birE`WUZDI5a8&F3Kcl$P2}mqX2tq_e zsf)>;@@2%=qz)}N-;m4Ysr|=;o-Td#JA3FIHo%uy>{2&>`MV~o_>8#H-BSHlEo$v_ zv5da8h+o8^oV_V~^Uqi_dskNg$byW$fdH3@4~e8a%ba~rcV8{Fh~yrPjjcbLpbB;8 zQOaA>hZIDZr6fe$pPC?3Q?efWJJGMbXAvMfDO1T;rx|OJ7%MT0uGXXevR$9=Y&=}Y{Rr~m|e%h!Ny=AY>dAMjbTACqEbmeX%5sMX` zH_x?IR-3bz_FU~2ll|huNmte4HU{td*$C6)vLQ7Jm0>g-*-qe+N8~PBrT}F;a%1dR zxIXICVDT{M+&{ft`fG0xPz@tMLbZkBnp8aDqmfztW?^&brL|LB{ApMU{DK=#4T zxt4$Go*9u3wWo{eO!Ik!WrL{`d_1nBHU#L@P>)_)2G9(+E}js&3!c_Gd1slZ7N>&5 znblNIdhsDSggKpbGNB(bpQ{Mj$y0pTw6PKhqdIxmeM*~lo%etRplhabg_JrXTSkr- z(qfG=`m@vDTm$44i(&@!d`K!%(ZPVbSpS}Po_0!I+bA3rmSI+wKB4EdOgGl1Zc<%w z=Td;m6A!IuGrhEH@`*0oqVVh0^GI2Je#-^H+dC^}#fhiFBq}C9HMz7J0<~4H445bw z?ss~+54L$9(1ovf4(MF1D0r%J>=02NnbE$^A#3#^f7JU&4s4=53H>s$fZi!-Wz-&I z<-Gx8rWQYJmH!1$MZje+q4R*6|Hk?TyY&oeotk_khK;G{wIpeSnH5O0C4WjuARwO~ zEUfeqeP&ES(G3m$!L+G}!;xv9DWi0It=%RMOmOQflB&v%wSi^sFh!*Oud|nKEf{+H znFKN~0wf8?xR~(tqS;LhFdL|2!fSW2fsY)4}?hU8jmu+X6vA!9)}7% z@M?~x!oFDl_|`fCbqFGgj+=wlB&Uoo&CU6#c_!hy))6)PiZcuyjjV+762%S;PF`!< z5c}?MjJ3X8RjBPvyoOmtO3rMa@wzMLKebPEnGuGUah1UYNF>rB1c{XE{_?4D4O?of zF^GSGELFglx9Dn47nq>bg(q}=4TEEqD(ViX#kRyVA`(JqWBiNql2=}-EHl+Q-2!PwHB>`@TSEoRt;47VuHW^escS z=bKB;0Zte6a2OC5XvwZZ5stW??wOr9%dtBd%~fTs!KUD5eUwXXcCx4tn#XgdP1oY~ z!{*-WDd&6E^f^TK)S(gGx@d|KMBPD- z4^PxM2#Y9v0+3?9Q;P zKOSQ_aG`l?vW>jcK_1{x%#G2zFB8?noG;|YGeMbTgrLx2@NIAs6-ZE&PaM$x@ zYr)b<<(C7o&%*D5foPZTd0J1^Wa+Wv`H1rAs=z)TN*Jef5ewsQBUt-1VhOglaZaFF z3WgjA-vG|GiX*a!Aoav4Z;_3B_tE=iMCWN)^KVV?8IC&Ym5>z(M z&OYskpi&^{hm?wX}O zlH{MY?5i^%Ed;j%)Chp8q!L-B7HJD|++NE;1Dh)}ji^MY2B&_Ws4KX2Z%lU6+UWCd zr|CYK)UauN$CJ=tkF{jEzq!YN7Q=y+ge7)yTTUkJjh&$JUkj+RPKA!0-P6pa0~Pn* zBv^Ir&bUQ)AQ&Otp6-w*dlhQ8bf%oYe4eUih44h`$@QPTBxme41_RLPixo2qc_vV6;P21^Z*h_QrnHY zn!r!6;datm5_duKHas*OnmjQKetbDRd6})%5EF6?q)dBf3q}$-W}ffk+D(>{m3sj8fU_~gX;YzQ0p)=)I+F`-X00N@?|tnn z Co!=KoB!<|2MvV8pu77_T70*wje^wc<0V7?q|Zi0Y#Jkq5ouEEq!*A;)xCF8&?{_}?v|`3oZi#9&r9n8Uf+}cniqY!BAU>N6n{~1 zT=rLS{KjqcOVeTa-jvLmk9%t)E$+X0+rVJ-m`QR`-(DB!u}dV59A2-vO?Q zqr|)Fsf@wZ=SD^lIY_r5Ye1Y}J-tjP;9XnTp{9ePGM23H>`z|N3Q}cn9U);*lKwJ` zfxDBP_z#DII_H>-%8Lbu_(Wezt@$N{K-~57s>sy4=|5~6P5;y(Z#EAg5GfmYKj~<{ z3>j<#ue$$!SD38{T+`?x=$)Put{ng(M_l`|xCH@*P-pNGa0*})1lrZ>fGKsr;}kBj z+Il8A**vvPM#G7=aaUJg+tl`)d|G(DpXljq?*Zs#{Q59iE7AZDw8t7UW}j_!r_9j1 zG&C8AlcXRM8&dX4>v5UB)=3#4EWm%l0gZmtWH|->?_E_crop_d9K0O z2L4A+^g(_A^}|1Z#WR~Q%w@-1#r%XpV|Y-aBFJXVS{O|Fz~LLWMiP$9sB{B^rBC_L z==Nc9LZegxm+wW|!_r_}GKGFZ$IOLW8nIQ%o=(6R_MiZYJOrdl7>0?3#b~Ho{bz}O zhs_QZwi#gNnjE%$&12c4eb9b~0~zFGoL3~Y+dRM7Fd1CkL!2HiH_92NGJ(-|A`Ex4 zZ9u7|Gz1W+RmD3ED`NvThm*X@C$GZQllH+c3C~9M=6?O2P#_ zfA+Riehi``*chwl zdRb4$FXZUGdF#h|jJ_gLZaDCoQQ;%;1si?%Wucj+iaiJa6Gw?o^AAYpt<6ez%@mj9 zhY8L#znj(09~xoZN#a`Rn&wIUf0Z+Y+#XqzqHPh}PhB9ZgH&>H%#*eUPr5a|aAlcw zhUFr8d8Mm=-QpYD`dyWPp8iTDQju&zXu@|xYGxj-6zjSSb^ev2O<-*)jzFkI3Z|76 z2X*@*N{K(*pL|n7qLtNe!0utp61ZRISBMo0&dLbt<_Y%wk&0l3q z4#B~t>7A??;pf%%Eojh1)8=R!_vd2qG`;UAN|#^>9_e1`l7+nUnRc~l6TVcQtA?BE zIQ?~LDZxdCsxi0^ST=(fGp-XDq~5MI_8*wzbl(I`j6F@mJXr*3I_My>@ulw~&4hmq zJLfD10?kh2gW6WDHslz9vQ&{jeLU_57%1Q6PMprgoOR+?b61r3h?(A*Jmy|)I^!6w z`wHE6eUBd6?6ntg9+ZmRs-hNKe&4jDf?oCySWUD;2^%;S4&|L0sq?yX?W8$Z7|$^; zIxTEIDpApgAb!gV?V8AhhS}O&KW&F|5Whs)@`1AyX}Z&hPBAYV!oMy(xn;P+LpSRr z9(Q>;oRX!k3B+F-LrNkdF))M~@X4&9i|D%H`xTTHDI4%s$uM&qR?oP)y=G`Z;zm#QRY!5$b%Hv`&(0QX51Eb*?IMZyg*w+ob28)530bUfykkoY6c9+9L;Vqu zqL1{#1oAN8V_kR!n+(K{7JH)ai}&4PrNZDe;evshGsYd~r&mVcJji-fGqY8E(P`;1 z4wJ9*;mRH*_vf+*tGzzty%}kzR)i0Ez1i|us+5OXv8E#A#Ggz0H=omvION$w4qM?j zv1H@>%RveWu}UuqE#>iHNTKkoWT@{0h5Rq5<8j7bz^Sykp3KlkzZo)P+NMQJqIu;f zaqiJ@L3++?%S3N>*1M!z>S(jh|BIr zVF6%45th|vw55{Ma`+P2y!i~3{Qq`$KgE4BR2K%0n8OnuopUc!$qw}>n>d*H*wI^t_EaVX?A%(jR-ng=d>)RZAkm+F ziR^JIOOCc&+tVEp>qt4lCgWXJ%0D(?N)qm!Jw(%tOiz3A)lzvP9n{*Gi1{4YXzaTI z;7a=#|I(P@%)HCc1#g|aNE(j&3jPbR&^W%!)8#cfxbEs&+~EYQfn7F4PFl2%PzxHQ zN5(iqHWk04ZMJaTHx-LLj9|%LelnX?k2>x(T6{mY1t#5++ijBJT2%N&GL;eYQ^+5v z0<^x+zz&p0rkJ-f=1xlfTj#&TZaU3UiB0z2q7?TRd4k)c(HqR=l%d#z27+7H_0enn^6}XV}>K-+;!9FcRLr-7M zz7wJ1P03~Q7-hseUT3Pj3guE~% z=8Ov`BO`1SMLkWRyiTPYMv&i4rIo)^2fMz1Byc- zfy#rAlnT93=OP&K0~qf~vvNNdSBj72OL9==$1NM{38}(ETS^R_`KD>k-16*XSLDI8 zL?yp0dmMO!ri-~YQ4_gj6pJTX1ppGHSFg31z>k%_7`&)oBO4)L8gQO*gTq5@ zQdc0297S7UXCJ$&qmD~U8YHcbIDlj^?~Wy~p|fGI6j6%&|3yC@=sM4DpfL*2JeBhW;zL6F}=Z?tbqr(Q<7{lGw~Vf0!5n3yve zgOglG(MtN!^H4xRsst-nc?850SCXb6T_i8|Vn_W-Yu>)i`62rW{w@hBzq!l1yc<7q z0m|uSu>@LB5>72otvSY;zQ$yT+n7?kz{WD2QKS|HXGky-+O4SbQ80=O z8_vH(S&pKj)B>I{{!o}ezd3i3M$EjkMHSWf!W}R!@)&(;K9zn9_C{ix@-}z#it8^a zAlY;XfsuHn46LelN{63J7$g=5w#f~tsAH)!>2+z=sJ4E}*ye#xKT}k`9qmo5blxNQ z5;BfICn}F*>Ln0NBp;w+|F)g}CO{Ljmb5rL1x&vJGw=`vCkamg>}H%L zuWUc$OL$dLm9vZu7eunmO-tw>SA)52suj_X-q5~>l%-Wnp$*BNEFn+L zg5tE>mTL#F+xMQ3B8ch5LkwsEiHcKkC2&#P!i~zf`Am%(+bz1p!F$t~qKn?1+r7TE zJA!v)P)2zKcBtrCl@nDI+x0C4p!)tId`-oo@&h~UrL++w>GCj-6|h4Jg@^HwjU*7k zGV=-j&$Ab2%@%r%fMt#jVUK=;))kpUP!bhx+B)yksJ0`|#*iczGQ0nrJ!N4$vbzTv7_~0&#^jGNlw9~av zb+jHJU;MW0qcv9h&cEB)Qw?lPs++M3KbKxjN3qhc!T@_oZ<5)4f=~oQ0UXERU4`(z z4t*VZhK9Ct^bq~rR>{9UY3vY_ia&@@sVPEP&k9YKI~^5>!*>S}szIMDXiOAtWatS40W^Us25b)OYaG5H*M^^_Ps4hfD6{3@tt54@hLDeYPauiCJe99lj%|LAWH}D@r1qHTq_n#kdZ}emU{6ikf`D7&nn` zd0L?#r+wyegwcxrao0(PA~GT-&2%`fUy{?TVPK{{8U*}o+AD3%cJ|hrNh3n{`v6Dm za5>U~Fsw&LzUPcef!Xqe3HQV>b1#TI?oyt!nn^Y(*|AALD}WZz&jM&f0L2qY-lp}p z$X%app8`nC!VOq)2HXOZ@sE{(kQH@wC;Ujz4~AWeccR#J17?`M$`yAs-n!e1IAN19}A`!DIyuAy5mgI+c^UM4QQifok zKK1FC)5{&R!x0Pbb^4dr%TOUxc~cvM8sVlV-3B-VUi%IBDY6VQ5~UuP^%vl`!u0l%S#G5UHyOj^*=Z@>YZQp{m(f%`umuQirb{Fs6M2Sy6xgL{ZUwkOX~7 z)BjvSdw$qB?^_R(NF>;ZibpnTs-L~I`lVi}fMmHcx*}q0_y}=1(+1XAS;T?`9v6sO zbEf#UcV;EnX3jbFG0oFAI`^a%ayot)H=U+Qp_6`hCy8wg5=D*W+UxcFWb?jjnlhU6 z_z6!!ef1#psIoN!S3)KKG}Y!&?j zrk6>+_BObai%2jxLibKBh|>umcar5?_P2CNhN1qwo@2Wjm83t1OL%uHO(*)af0#CD zRWthPt!OaBYSI38VN;sT3s;=UVeg=-GvjsBTo zHc|O`Z4s0(zs?zZqk{$?Q=H+^u1yon)V3%GsqMj&8H=NQ>15p@Q6`027<9(Yo={!B z?pxJ@2g2sCIeUuhBJv(WRQ)eX$7J42^u7K7CT{*rEVCS`xoZ#^Z;C>Nkn!F|3{rwP-G)NaIw+D}wYLK;)M$svS zX2ezuagw&dTa#b}5uQna)BXio(cpvf2{kzv#3&aj`Ph=BI?2NK2SLc{bT87rkq!_c zYcsF;UwU$4==9N48PU(qezh4t3~4CJz+)owdqmn);Zu-xX~4ts-~CyBaa#ld0m$|y zYUr~<(R2(~t6esV0pwzv$YimQqt0y3j|hc$ZkjhqLbi6|5DGVw|Fac&TRD#qx&)8< z;|g)&%1l^23<&2HUDa8uD68#Qct?gG7(ZC?(k}+TY11`B_^cZAOHC_P_OUlb&zfIwOtcTkj2aMz%@hXdIodxPmA(6#LSqRKYIsQg6dd}1Hfu^(x?*TR|gk$#EC%g5Wvg8JFaJvKk8 z2S6+3dtbzOLUuJxFdmHa5@)ZA^-#X*R_|UW5M&K<`j_r|$Tp-n(~qw);5n4wN}{4< zr-i3`-yw06JY#+-AXQ{XJ#v{wpwS=^o3mfhwhg3nH8Ho(AjvVrEDODd5_ZBJtkZeI zK#CMCS%?BKepPDFQmqLj@Kx6uC>9110_dSvsC~v=@r6q;81PV>U+fP1QZZIBaD=bZ zsDH_OhXJ;e!9tR2nBF^n#{bX5NiG7O)0XP2y_2G8DKPMf;C#n6<=Y_gzJg865Q#B{ zHAUFBkisSVb?9(o1F|7>g#hEB3ODxFSlSjOT}Y?-UxKyNnO}7=LpyP4npiJw|$hNl=JL zf`jiKWu|)9!j%njFkm5ytAKJWWh*RHE~F?sY^-Gr_+fvYlGO(Ii^UftL$_GDeD*7T z_!e8`OZS1IIQeX{g#+)PV+O;PT9T+HtR@tDYkbzY&wN@|P`wrMY>{>$;-YM!kr9%e zO8&k#vmF~r1iqt@rAI-jKFjWya*{9u{GND23|Q)hPI-oOYFH@(=TABMLnEU9)K zgQ_ihlCy! zhk<3o-xa(zHpP+HUrP!^`S2*gRl0kgpf7Ed9bYLyK@C^T^vnD=8jb4{V;S(ezXpt+ z7oG4!N|GRN@CB$iHv)gChG4q6J?pF3oKn0Zo?7#qsrojcppWcxceJVn4{+hhX?r+Z zlO6&^&Tl~#(@uKu#;DLW>BMZ9H&816Bl*t1N90Hqy}OU*Xt{s*H->%pWCruDf$b-F zCo+~Kr_ph{8w|H_wO#v2i=)WMScHX}x1L>JsCl?exLr2e6DIL--CoV1M2oxZ1z5UC z7Vu9&Ccp$opZ-e=t=Hm#+p%0D?Hk6i6qB!5tSnO@+V(1&9hj#UEb;i3Kb7mEYX_h~ z(;GE=QU0hUi$?Oz=5qxbPo0MvqxuhpE0J)TQ>>Cxf<8VI66N+pKMl(ulF2o~{(yt; zT*hBFXr)y{JFR(Ypw(2cj4md#0be_<`bibTs)SPBkwxS0k)2Ha#=Y`YawdKbt+v1y zH|kMAWE5@{LenVg7}4nY3F(_h%;T)cJ~u?(MM%gxd1R}>oHQDp;MLL;U_|hc@KFz; zl*VD;G61=#=Pqf*NI|XfQ33XopoV@!3g~IIlU8Wkrigi@pZxuc2*#D@$S~Y=8Z3hKjS)KX5gd?b&QH7k7^bm zMo=K0jkXk0(32Qtmy25(Ag>&MFXMR!PeFoseAn|On!)`ZX2*NYDq=OqBYB7MKJJvx zc!MVhUGI+09tn#k-&Dz;h`A=Kp#w=~(b0H4oja|ZMS&?fx(2Or@9z`|^{>a1hlM1Q zk%u8}iybA16!+2fBy~~E1B#gfGloDA$F_@CUfFBybK#H=S>@MXXtYXy*(Y9A5BbUW zvj~k}RI8omHYMXgR?Zh|E-;ls>~kWux?*$=F3K^N0;y;C7ot-bIn_G*1=qtgs0+%9 zqrR;qw=kJ}U4rGVe1&or-P z@xHP!p{~{dt_$<*BwJ&=(v3UEhvA8x(U`lTnKT@%!Y!^JV*jNw>pL4a=>cxZPZ(br z{ROSD2@W)ac5Z2GbbnLc?6P~~2*18WD|R+W*a?NO}IdfS+~lzL9>iWQA0-ja-v%qtFD)3$(#KktERr+m?ll`vI@Ng9|8 zHk>4~RZgQV7y?-D%0jxOAU(^!+|5@WQx;xW94UCjL6|x*AK@szx?cYkqRm9}Llt)y zyioU3EeN=nrM1MQp2M}I@ zKmMOWEM(em?7IG}mG#NQb?w_=bYv${Ss34L1CTDyEGnQWoeIP2q*mZLWC2K>6}|Gv zqx7jgQK$VP_Vj`;8oV`6z@s`j{J1z2dupmR_*Ph=D~+@xd$&6ejnk^SSODS1N!ZYhq z!##~vjF58!`pIVeozSdNGBto>ndUeaAop9Jt+notN(RV+;j!APsaP<^rPeJc*hO3q z5YgHBR3H^}Di4ezu9;z@J5+#{j81*jsTg2n@5r2r(Uty|S3Jpb3~}%e#jJu@l*K9@ zMoZ3#GSTFDGe)y}R@3BIdQ3n|u^261neQ{uQy->-kmro9y5Kd&>I!VtQIT)5cY}gN z8LM;JEMB#^tLdLIHg_Hl@48>>fr*0nC6qa1PUL6Skdyx6-|pWJ=WjX9mwAyQ5Tf_S zG!C1z9~QqB8~CH|0&SG2*k&fVLk;$HMk+N)IZn4mXB}Ce@(&^{^i6EtB za}#@Z@;&gZS55@JCYbQ>gAGbd4!e7T)pvEUfs3m72`kgdjWo_Fve>Df*-ZMsxtd=X z;J0B4-F~X>ClgdL;It@JH6x{*L90yvvre7(`fRxWDCOh^915Lcy`a3DvqYgI$moh= zWME;EP^FDDr0-SXP0Rm-Nb=M|USN+pI^WHur_HK#jOD?SPszf9hb3>gy{BR@0o*9m z@Vf+>=v(Ar`xt9=?&|6Xqw#u7s0DrHW)+(_8}fx}BurrBM$T04=2wlcS7NTob_7Nw zk?ME6tANZ|ub{*yfR#9!F>{h*QuyA-G@0S48px>TrjrUAT*`P^PAv9eflgj$aeTA) zGd;_l2b343G#*6twi|c!%_$T$=$&6G9+m?tRh6?{K0NotQHhavB2?6;!FAk~CGcHM zv8yNyU-J8_%|QheQ$bA86r6M^Q76Y+7ZNQt^r>)df&ocLhy!ixIP}#dz&iZ0FIs+( zS``8kvU$w?Y2#vxf`v=@hC>q(lE!G_h}8ko5W_iE*BlN7HnC+DX~9QiXCd#>JHsaw z>1edi(s5Z(^A)g46FkR{ln!@s8xlERz#HuLfyZ0aea~4m0qU`fdzKb?q!p{Z;K_)u*2wY8;m;3t%30j3)&|W)*{Do;1+Llt&Lt z{INw23JM!r4Y%SNUOzz(^aioN4Iy0jbx?bs5E+_Xi!TO7cc*)%-?D4$8) z6B>{Cmy3l+n^(PEpfA>QMKQ;n{9=zeIq?WucIt*=mFTKr9vX@W0`7HzdOd`6mYJb^ z2PU+&hz0$4@vjlABed5_$5K;*_?JaKqNa0k$Oc6$uz6FV*Q_?1Dle_>R0D7a^XlmI z#WiU_$96%j6V;Gx-b)jOm|Q8BUFuF$MMYvQ&0(uZs7mv2G)=%PX~T`{eu0aP%Ra-u z-TzwkTDgz1yGNqlXuURoQ-+eub!#L}GabAmHp__@xA=F?s&I_f?FgFnX z@tPPEo)fg$2~maR8Pgs~yYQ`SdKcAGmQIPi=0plvxm(fyA)(`n>~fmuYRx2YFFTR4j7Y%Vx?CKbxGh_|0wGh$bUF~W#i9Jj4OxYV8#?s*Rv8yV<^hE4AH zs>iF8(+Oo*rB(Lw`XWxPoy?_X7S8N0O#$kP;o%LQcF~A)pJ&Zhs!R6XR5JwVAu8Ife-z7nzaz=z-vJXZ0tNz# zsS$nu9S;|FAt!eOg%ZcEWFqyEQ>xlW0W}mcSOs9Z#@mfrA?#l38D@_AY-8l z_Qb7l!e=7uh8|bpp6a^VB#yf4lZ5)RxRuLKMA#Upgf7rt39riVw%3 z5@Vdo-jk|Xy-|A|h_tv!`~_Xk7*?O6^&qNk0J{Z8X;Ey?@G;IqkH2N46|_IXc)KgG zZefFnnfCA8+JNyaKi&4?>$VPcLGb4jRa`y59Nir7Tq3IBu~U94lYqSl4zv_>>D_am z$_so<8+_-HoV;&Mx>BnXNBXD<_j2OH(C8!eTzsd*`=)y()(3nFp7th(+a0?%FzHIi z4Wy79O+<(?=Nk1 zvs(JG=#EK{9+hyrhU>)a_^mQT?)F~t?=gVv{sJw1voUwBC9sH719XkZ*IG$b%uAS& zR}~7d)iz}mfC#9$*DlQ}NQ!PGqdrt*7ZSMg-Q#SX_l$DRNohmyC!Se*$r(W5EjTYt zrL>=jVrun8sMHJ(nwMI9+h%gMbb&?udqL7(qc|{kh1oB*CoQPXvv)bgoH>&a5=7fT zT}tOJcV?r~+wQ1N2C_sL!T89aFuR4aghIZ;-N;6-0tv2MC~@4xPkq)t+ZAnTfn#9X zXQX8{D*o!j>(ea}N`d?#foMd<`hA*7&cdcF&?s+w}LCO!jGji14$=qyTx@Ejg2FU7K(rsmg*K4^=*PjnY9 zzgW5cl5wbkSk?Vw52S;eV$aoDI;O`8q$Mm=KB-y0iAmnOi!7 zB(CWWwz$2HvyEzBIo4z>;iz#e;mwOG#A_wvMuj__bIRI59G~Ra<~)$U-q$j~t(F@| zn3oh7=Ql;hubeFU4-1VIx7Zep_j_*{3-ZveRPA6333T26HNN)L5mb-yx4lpjvsVDo zTB)n+&9&jTcxVZ2F!wJ z?4(*v1`KHlh*b8Dqj!;>z@cC8B>aWly(SA!!(s2x4puJ`rcPcb2dg-F#p8I`d7&fy z$6ibZWBYQ{jU}mD<<$fF9^+ClYW?E{UB!6Ky*!ST6{n5b86(XFE|G%!O5R10bOUT@ zVpgiG_qMWrI`P({8MfE?kx2^|Fv?=_-}@eOU!$t;TKX;ee3sHCsUBdTR}1^_Xt}pm zX5Y@;Qc^8QBMVTFO81P{@s55FY@?U;&IY3J-f-sxsCTjrA4U)hLnT4Ypna^9)SMyn z?rH-FzqdY956W`(K$tJv6~~;qB9t9=Pk(S;z|U z%&~|Pv{i-~Oo%2X2iY)0h;izdEo_TEhe*SLmkxGXJwnhiJ!|*-CEZWnS`JXV^JR6iJjdD+8eP9 zp%6%SfnV$N#KPi9^f?U$Q$S>dm03PTU(_Tze$nQnoI z-wB-heyn$Aj5x!aL8ZLjzTMFll$4IRr-L z{cLtQnx=RS(C1Gn0zgFNb5}{Hf2=0nz{79X%hOZJiJ@&lWaEU01QX<=@X;X@W4Tq< z*i72ni}pc6RzBl$$8Wuc$Y-LR9XHholsXItYl#-&gGP)wbs|3>fCq?5g$=s~mucFe z54iKRb|0i@{Co0CMV1|I&AV5PQtg6tqL+G8Px)A7gI$xkM2VDM6`hWSH^o$4|5+cE zRxL{LX82NIJBjFw&f~XMFg)NT_Hz_(g=mj`9Mh+#MUFSdcBI!_cfM4aXmS=p4KH`|Mhsmh4!%U4 zD~t?c;upG2jrTEV4i$vz3%4;#b~S$jsJoj?*yxE8ii{@=M<9e9!GEd^Pz;bMbZo!i zOk6VlU%h(H!V$HSl!bCVN^<-#`Tzg`0Db8DWc^}6x&Q&`xB`H%3hzmUow3Ac`vL#} I000D8T4z~BjQ{`u diff --git a/jails/config/hass/pkg-list-details-old.txt b/jails/config/hass/pkg-list-details-old.txt deleted file mode 100644 index d3e14d6..0000000 --- a/jails/config/hass/pkg-list-details-old.txt +++ /dev/null @@ -1,16 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____gmake-4.3_2 -pkgp-freebsd-pkg____heyu2-2.10_1 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjpeg-2.5.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____python39-3.9.15_1 -pkgp-freebsd-pkg____rust-1.64.0 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 diff --git a/jails/config/hass/pkg-list-details.txt b/jails/config/hass/pkg-list-details.txt deleted file mode 100644 index 654fbb3..0000000 --- a/jails/config/hass/pkg-list-details.txt +++ /dev/null @@ -1,16 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____gmake-4.3_2 -pkgp-freebsd-pkg____heyu2-2.10_1 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjpeg-2.5.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-sqlite3-3.9.15_7 -pkgp-freebsd-pkg____python39-3.9.15_1 -pkgp-freebsd-pkg____rust-1.65.0 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 diff --git a/jails/config/hass/pkg-list-old.txt b/jails/config/hass/pkg-list-old.txt deleted file mode 100644 index 38318af..0000000 --- a/jails/config/hass/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py39-sqlite3 python39 rust tmux wget diff --git a/jails/config/hass/pkg-list.txt b/jails/config/hass/pkg-list.txt deleted file mode 100644 index 38318af..0000000 --- a/jails/config/hass/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion cmake ffmpeg git-lite gmake heyu2 libxslt nano openjpeg pkg py39-sqlite3 python39 rust tmux wget diff --git a/jails/config/hass/setup_jail.sh b/jails/config/hass/setup_jail.sh deleted file mode 100755 index 1081df9..0000000 --- a/jails/config/hass/setup_jail.sh +++ /dev/null @@ -1,4 +0,0 @@ -# requrired to run other configured scripts -/bin/sh /etc/rc -# launch tmux with jails -/mnt/config/startsessions.sh diff --git a/jails/config/hass/startsessions.sh b/jails/config/hass/startsessions.sh deleted file mode 100755 index c088b4e..0000000 --- a/jails/config/hass/startsessions.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -session="sess_tmux" - -# set up tmux -tmux start-server - -# create a new tmux session, naming the window freepbx -tmux new-session -d -s $session -n hass -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./hass.sh" C-m - -# create a new window windows -tmux new-window -t $session:1 -n heyu -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./heyu.sh" C-m - -# return to main window -tmux select-window -t $session:0 -tmux selectp -t 1 - -# Finished setup, attach to the tmux session! -#tmux attach-session -t $session diff --git a/jails/config/hass/x10.conf b/jails/config/hass/x10.conf deleted file mode 100644 index a1c9721..0000000 --- a/jails/config/hass/x10.conf +++ /dev/null @@ -1,264 +0,0 @@ -# Example Heyu configuration file. Copy this to file 'x10config' in -# directory $HOME/.heyu/ and modify as required. This example uses -# features which are new to heyu version 2 -# and which will not be recognized by heyu version 1.xx. - -# Note: This example file describes only a few of the most commom -# configuration directives. For the complete list see man page -# x10config(5). - -# Anything on a line between a '#' character and the end of the line is -# treated as a comment and ignored by Heyu, as are blank lines. -# The various configuration directives in this file can be in any order -# except that ALIAS directives must appear before any other directive -# which references the alias label in place of a housecode|unit address. -# See 'man x10config' for additional information and directives. - -# Serial port to which the CM11a is connected. Default is /dev/ttyS0. - -tty /dev/ttyU0 -check_ri_line NO - -# If you have an X10 compatible RF receiver connected to a second -# serial port, use the TTY_AUX directive to specify the serial port -# and model of receiver. Supported receivers are W800RF32, MR26A, -# and RFXCOM. There are no defaults. - -tty_aux /dev/ttyU1 MR26A - -# The CM19A is both a receiver and transmitter for X10 RF signals. -# The MR26A is a receiver only. -# The CM19A is USB and the MR26A is serial port - -# Base housecode. The default is A. - -#housecode A - -# Aliases: -# Format: ALIAS Label Housecode|Unitcode_string [Module_Type] - -# The label is limited to 32 characters in length and is case-sensitive, -# e.g., Front_Porch and front_porch are treated as different labels. -# Each alias may reference a single unitcode or a multiple unitcode -# string (no embedded blanks), but is limited to one housecode. - -# The optional Module_Type is the general type or specific model number -# of a module currently supported by Heyu. (Knowing the characteristics -# of a module allows Heyu to track changes in its On/Off/Dim state -# as X10 signals are sent or received.) The most commonly used modules -# are the standard X10 lamp module (StdLM) and standard X10 appliance -# module (StdAM). Other modules currently supported by Heyu are listed -# in x10config(5). A standard X10 lamp module (StdLM) is the -# default (changeable with the DEFAULT_MODULE directive) -# for housecode|units which are not defined in an alias directive. -# A module_type should normally not be defined for mutiple-unit -# aliases, just for the single-unit aliases. (The module characteristics -# are associated with the housecode|unit, however referenced.) - -# Some examples: - - - - -# Note: Prior versions of Heyu used a different format for -# aliases - no ALIAS directive and the Housecode and Unitcode_string -# were separated by a space, e.g., simply: -# front_porch A 1 -# Heyu will continue to accept this older format for compatibility, -# but its use is discouraged as modules cannot be specified. - -# Scenes and Usersyns (User-defined synonyms): -# Format: SCENE Label Command1 [; Command2 [; ... -# Format: USERSYN Label Command1 [; Command2 [; ... -# The label is limited to 32 characters and is case-sensitive. -# Scenes and Usersyns are both semicolon-separated lists of -# commands with their arguments which can be executed or used -# in macros as if their labels were ordinary Heyu commands. -# See 'man x10config' for the features and limitations of Scenes -# and Usersyns. -# (In the current version of heyu, the ONLY distinction between -# scenes and usersyns is the 'show' menus in which they appear.) -# Some examples: - -SCENE blinker on D5; off D5; on D5; off D5 -#USERSYN normal_lights on front_porch; on back_porch -#SCENE tv_on on tv_set; dimb living_room 10 - -# parameters, e.g., $1, $2, which are replaced by actual -# parameters supplied when the scene/usersyn is run. - -#USERSYN night_lights dimb front_porch $1; dimb back_porch $1 - -# Define the (writeable) directory where the Heyu state engine daemon -# (started with 'heyu engine') is to write its log file 'heyu.log.'. -# The default is 'NONE', indicating no log file is to be written. - -log_dir /usr/local/etc/heyu/log - -# The entries in the log file are similar to those which appear in -# the heyu monitor, but in addition will include an entry when -# a script is launched, and unless redirected elsewhere, any -# text output from that script. - -# Note that the log file will continue to grow. Manually delete -# or trim it from time to time, or configure a Unix utility like -# 'logrotate' to manage this task automatically. - -# If the Heyu state engine is running, Heyu can launch scripts -# (or any Unix commands) when it sees specified X10 signals. -# The format is: - -#SCRIPT [ -l label ] :: [options] - -# where label is an optional label, tell -# Heyu under what conditions to launch the script, and -# is the script command to be executed. -# The '::' (two colons) separator is mandatory since the launch -# conditions can be quite complex. -# See x10scripts(5) for details, but here's a simple example -# (with no label): - -#SCRIPT doorbell on :: play $HOME/sounds/barking_dog.wav - -# Users have the option of running either 'heyuhelper' in a manner -# similar to heyu 1.35 or general scripts as above with the -# following directive. The default is SCRIPTS, to run general scripts. - -#script_mode SCRIPTS - -# (With the choice 'HEYUHELPER', a script named 'heyuhelper' on -# the user's path is run every time any X10 signal is received -# by heyu over the power line, assuming the heyu state engine -# daemon is running.) - -### The following directives apply when a schedule is ### -### is uploaded to the CM11A interface. ### - -# The file name of the user's X10 schedule file in the Heyu base -# directory. The default is 'x10.sched'. If you regularly use -# more than one, list them here and just comment/uncomment as -# appropriate, e.g., - -#schedule_file x10.sched -#schedule_file normal.sched -#schedule_file vacation.sched - -# The MODE directive - Heyu's two modes of operation: -# In the default COMPATIBLE mode, the schedule uploaded to the -# interface is configured to begin on Jan 1st of the current -# year and # is valid for 366 days - through Dec 31st of the -# current # year or Jan 1st of the following year, depending -# whether # the current year is a leap or common year. -# COMPATIBLE mode is the default. - -# In HEYU mode the schedule uploaded to the interface is -# configured to begin on today's date and is valid for -# the number days of provided by the PROGRAM_DAYS directive. -# WARNING: The mere execution of X10's ActiveHome(tm) program -# under MS-Windows, or having its resident driver running, when -# the interface has been programmed by Heyu in HEYU mode can -# cause problems. See 'man x10config' for details. - -#mode COMPATIBLE - -# Number of days for which the interface is to be programmed -# when running in HEYU mode. It is ignored in COMPATIBLE mode. -# (A shorter period can yield more accurate values for dawn -# and dusk.) The default is 366 days. - -#program_days 366 - -# Should Heyu combine events having the same date range, time, etc., -# by concatenating the macros for similar events? The default is YES. - -#combine_events YES - -# Should Heyu compress uploaded macros by combining unit codes for the same -#housecode and command and eliminating duplicates? E.g., -# (on A1; on B2; on A3, on B2) ==> (on A1,3; on B2) -# The default is NO - -#compress_macros NO - -# The user's Longitude and Latitude, needed for dawn/dusk calculations. -# There are no defaults. Don't use these examples - put in values -# for your own location. - -longitude W121:46 -latitude N37:16 - -# For dawn/dusk related times, Heyu breaks up the schedule date intervals -# into subintervals, each with a constant value of dawn or dusk time. -# These directives instruct Heyu what value of dawn/dusk time to use. -# The default value is FIRST, i.e., that on the first day of the subinterval, -# which is most convenient for comparing Heyu's computations with actual. - -#dawn_option FIRST -#dusk_option FIRST - -# The following times allow bounds to be placed on the times of Dawn -# and Dusk computed by Heyu. For example, setting the value for -#min_dawn to 06:30 will ensure that an event scheduled to be -# executed at Dawn will occur at 06:30 during summer hours whenever -# the actual computed value of Dawn is earlier than that time. -# The value for these directives are specified as hh:mm Legal -# (i.e., wall-clock) time, or the directives may be disabled with -# the word OFF, which is the default. - -# Timer options DAWNLT, DAWNGT, DUSKLT, DUSKGT used in the Heyu -# schedule file will usually eliminate the need for these directives. -# See man page x10sched(5) for details. - -#min_dawn OFF -#max_dawn OFF -#min_dusk OFF -#max_dusk OFF - -# Directory to write reports and files other than the critical files -# The default is to write them in the Heyu base directory. - -#report_path ./ - -# Replace events having delayed macros with new events and new -# undelayed macros when possible. (The purpose is to avoid pending -# delayed macros, which are purged when a new schedule is uploaded.) -# The default is YES. - -#repl_delayed_macros YES - -# For test purposes, Heyu can write some additional files when -# the command 'heyu upload check' is executed. This directive -# instructs Heyu to write these files. The default is NO. - -#write_check_files NO - -START_ENGINE AUTO - -alias Kitchen D1 StdLM -alias Family_Room D2 StdLM -alias Hallway D3 StdLM -alias Kitchen_Table D4 StdLM -alias Stairway D5 StdLM -alias Study D6 StdLM -alias Dining D7 StdLM -alias Bonus_Room D8 StdLM -alias Living_Room_L0 D9 StdLM -alias Front_Door D10 StdLM -alias Living_Room_L1 D11 StdLM -alias Living_Room_L2 D12 StdLM -alias Piano_Room_L1 D13 StdLM -alias Piano_Room_L2 D14 StdLM -alias Family_Room_L0 D15 StdLM -alias Chime G1 StdAM -alias Main_Garage G2 StdAM -alias Side_Garage G3 StdAM -alias Front_Yard G13 StdLM -alias Back_Yard G14 StdLM -alias Plants_front_house I1 RAIN8II -alias Plants_front_road I2 RAIN8II -alias Lawn_front_road I3 RAIN8II -alias Lawn_front_garage I4 RAIN8II -alias Lawn_back_pool I5 RAIN8II -alias Lawn_back_house I6 RAIN8II -alias Plants_back_garage I7 RAIN8II -alias Plants_back_road I8 RAIN8II diff --git a/jails/config/hub/httpd.conf b/jails/config/hub/httpd.conf index f67adf8..170d5b5 100644 --- a/jails/config/hub/httpd.conf +++ b/jails/config/hub/httpd.conf @@ -553,6 +553,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName hub.ahlawat.com ServerAlias *.ahlawat.com @@ -562,16 +570,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/hub/periodic.conf b/jails/config/hub/periodic.conf index 8e27c42..9eddc0c 100644 --- a/jails/config/hub/periodic.conf +++ b/jails/config/hub/periodic.conf @@ -1,4 +1,4 @@ -daily_rkhunter_update_enable="YES" -daily_rkhunter_update_flags="--update --nocolors" -daily_rkhunter_check_enable="YES" -daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress" +security_rkhunter_update_enable="YES" +security_rkhunter_update_flags="--update --nocolors" +security_rkhunter_check_enable="YES" +security_rkhunter_check_flags="--checkall --nocolors --skip-keypress" diff --git a/jails/config/hub/pkg-list-details-old.txt b/jails/config/hub/pkg-list-details-old.txt index 6eeb813..3d916dd 100644 --- a/jails/config/hub/pkg-list-details-old.txt +++ b/jails/config/hub/pkg-list-details-old.txt @@ -1,28 +1,34 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp123____samba413-4.13.17_4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____ca_root_nss-3.108 +pkgp123____pkg-2.1.2 +pkgp123____samba416-4.16.11_6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____p7zip-16.02_3 -pkgp-freebsd-pkg____php81-ldap-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pgsql-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____rename-1.99.2 -pkgp-freebsd-pkg____rkhunter-1.4.6_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sshguard-2.4.2_2,1 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____unrar-6.12,6 -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pgsql-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____rename-1.99.2_1 +pkgp-freebsd-pkg____rkhunter-1.4.6_3 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sshguard-2.4.3_3,1 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____tmux-3.5a_1 +pkgp-freebsd-pkg____unrar-7.11,6 +pkgp-freebsd-pkg____wget-1.25.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xorriso-1.5.4 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xorriso-1.5.6_2 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/hub/pkg-list-details.txt b/jails/config/hub/pkg-list-details.txt index 5916c8e..3d916dd 100644 --- a/jails/config/hub/pkg-list-details.txt +++ b/jails/config/hub/pkg-list-details.txt @@ -1,28 +1,34 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp123____samba413-4.13.17_4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0_1,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____ca_root_nss-3.108 +pkgp123____pkg-2.1.2 +pkgp123____samba416-4.16.11_6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____p7zip-16.02_3 -pkgp-freebsd-pkg____php81-ldap-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pgsql-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____rename-1.99.2 -pkgp-freebsd-pkg____rkhunter-1.4.6_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sshguard-2.4.2_2,1 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____unrar-6.12,6 -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pgsql-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____rename-1.99.2_1 +pkgp-freebsd-pkg____rkhunter-1.4.6_3 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sshguard-2.4.3_3,1 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____tmux-3.5a_1 +pkgp-freebsd-pkg____unrar-7.11,6 +pkgp-freebsd-pkg____wget-1.25.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xorriso-1.5.4 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xorriso-1.5.6_2 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/hub/pkg-list-old.txt b/jails/config/hub/pkg-list-old.txt index abf1555..b22c766 100644 --- a/jails/config/hub/pkg-list-old.txt +++ b/jails/config/hub/pkg-list-old.txt @@ -1 +1 @@ -apache24 apr bash bash-completion firefox-esr fluxbox iperf3 mc nano p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc-server unrar wget xauth xorg-fonts-truetype xorriso xterm +apache24 apr bash bash-completion ca_root_nss fluxbox iperf3 mc nano p7zip php84 php84-filter php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-pgsql php84-session pkg rename rkhunter rsync samba416 sshguard sudo tigervnc-server tmux unrar wget xauth xorg-fonts-truetype xorriso xterm diff --git a/jails/config/hub/pkg-list.txt b/jails/config/hub/pkg-list.txt index abf1555..b22c766 100644 --- a/jails/config/hub/pkg-list.txt +++ b/jails/config/hub/pkg-list.txt @@ -1 +1 @@ -apache24 apr bash bash-completion firefox-esr fluxbox iperf3 mc nano p7zip php81-ldap php81-mysqli php81-pgsql php81-session pkg rename rkhunter rsync samba413 sshguard sudo tigervnc-server unrar wget xauth xorg-fonts-truetype xorriso xterm +apache24 apr bash bash-completion ca_root_nss fluxbox iperf3 mc nano p7zip php84 php84-filter php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-pgsql php84-session pkg rename rkhunter rsync samba416 sshguard sudo tigervnc-server tmux unrar wget xauth xorg-fonts-truetype xorriso xterm diff --git a/jails/config/hub/pkgp.conf b/jails/config/hub/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/hub/pkgp.conf +++ b/jails/config/hub/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/hub/smb4.conf b/jails/config/hub/smb4.conf index e4af145..5084d9a 100644 --- a/jails/config/hub/smb4.conf +++ b/jails/config/hub/smb4.conf @@ -57,30 +57,18 @@ valid users = p browseable = yes -[imax-4k] - path = /mnt/imax-4k - read only = yes - valid users = p - browseable = yes - -[movies-4k] - path = /mnt/movies-4k - read only = yes - valid users = p - browseable = yes - -[movies-hd] - path = /mnt/movies-hd - read only = yes - valid users = p - browseable = yes - [movies] path = /mnt/movies read only = yes valid users = p browseable = yes +[tv] + path = /mnt/tv + read only = yes + valid users = p + browseable = yes + [tuts] path = /mnt/tuts read only = yes @@ -104,3 +92,15 @@ read only = yes valid users = p browseable = yes + +[cam] + path = /mnt/cam + read only = yes + valid users = p + browseable = yes + +[media] + path = /mnt/cam/media + read only = yes + valid users = p + browseable = yes diff --git a/jails/config/hub/sshd_config b/jails/config/hub/sshd_config index 2cdfe38..2d2a3ab 100644 --- a/jails/config/hub/sshd_config +++ b/jails/config/hub/sshd_config @@ -1,5 +1,5 @@ -# $OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $ -# $FreeBSD: releng/12.1/crypto/openssh/sshd_config 338561 2018-09-10 16:20:12Z des $ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ +# $FreeBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -62,7 +62,7 @@ PasswordAuthentication no PermitEmptyPasswords no # Change to no to disable PAM authentication -ChallengeResponseAuthentication no +#KbdInteractiveAuthentication yes # Kerberos options #KerberosAuthentication no @@ -76,13 +76,13 @@ ChallengeResponseAuthentication no # Set this to 'no' to disable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and +# be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass +# PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. +# and KbdInteractiveAuthentication to 'no'. #UsePAM yes #AllowAgentForwarding yes @@ -105,7 +105,7 @@ ClientAliveCountMax 1 #PermitTunnel no #ChrootDirectory none #UseBlacklist no -#VersionAddendum FreeBSD-20180909 +#VersionAddendum FreeBSD-20211221 # no default banner path #Banner none diff --git a/jails/config/ibm/pkg-list-details-old.txt b/jails/config/ibm/pkg-list-details-old.txt index f29eb09..ccbb89d 100644 --- a/jails/config/ibm/pkg-list-details-old.txt +++ b/jails/config/ibm/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____hercules-3.13 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____hercules-3.13_1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____tmux-3.5a_1 diff --git a/jails/config/ibm/pkg-list-details.txt b/jails/config/ibm/pkg-list-details.txt index 421c010..ccbb89d 100644 --- a/jails/config/ibm/pkg-list-details.txt +++ b/jails/config/ibm/pkg-list-details.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____hercules-3.13 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____hercules-3.13_1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____tmux-3.5a_1 diff --git a/jails/config/jump/pkg-list-details-old.txt b/jails/config/jump/pkg-list-details-old.txt index 8597a53..390ef25 100644 --- a/jails/config/jump/pkg-list-details-old.txt +++ b/jails/config/jump/pkg-list-details-old.txt @@ -1,10 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____guacamole-client-1.4.0 -pkgp-freebsd-pkg____guacamole-server-1.4.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____guacamole-client-1.5.5 +pkgp-freebsd-pkg____guacamole-server-1.5.5 pkgp-freebsd-pkg____libqrencode-4.1.1 -pkgp-freebsd-pkg____nano-6.4 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____openldap-sasl-client-2.4.59 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____wireguard-tools-1.0.20210914_3 +pkgp-freebsd-pkg____zip-3.0_4 diff --git a/jails/config/jump/pkg-list-details.txt b/jails/config/jump/pkg-list-details.txt index 770e301..390ef25 100644 --- a/jails/config/jump/pkg-list-details.txt +++ b/jails/config/jump/pkg-list-details.txt @@ -1,10 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____guacamole-client-1.4.0 -pkgp-freebsd-pkg____guacamole-server-1.4.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____guacamole-client-1.5.5 +pkgp-freebsd-pkg____guacamole-server-1.5.5 pkgp-freebsd-pkg____libqrencode-4.1.1 -pkgp-freebsd-pkg____nano-7.0 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____openldap-sasl-client-2.4.59 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____wireguard-tools-1.0.20210914_3 +pkgp-freebsd-pkg____zip-3.0_4 diff --git a/jails/config/jump/pkg-list-old.txt b/jails/config/jump/pkg-list-old.txt index b701cde..12c1496 100644 --- a/jails/config/jump/pkg-list-old.txt +++ b/jails/config/jump/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip +bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard-tools zip diff --git a/jails/config/jump/pkg-list.txt b/jails/config/jump/pkg-list.txt index b701cde..12c1496 100644 --- a/jails/config/jump/pkg-list.txt +++ b/jails/config/jump/pkg-list.txt @@ -1 +1 @@ -bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard zip +bash bash-completion guacamole-client guacamole-server libqrencode nano openldap-sasl-client pkg wireguard-tools zip diff --git a/jails/config/ldap-mgr/httpd.conf b/jails/config/ldap-mgr/httpd.conf index 9dd957d..0b84a5e 100644 --- a/jails/config/ldap-mgr/httpd.conf +++ b/jails/config/ldap-mgr/httpd.conf @@ -546,6 +546,8 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + ServerName ldap-mgr.ahlawat.com ServerAlias *.ahlawat.com @@ -553,10 +555,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off SSLOptions +StdEnvVars diff --git a/jails/config/ldap-mgr/pkg-list-details-old.txt b/jails/config/ldap-mgr/pkg-list-details-old.txt index 5f3db04..e97a98a 100644 --- a/jails/config/ldap-mgr/pkg-list-details-old.txt +++ b/jails/config/ldap-mgr/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ldap-account-manager-8.0.1 -pkgp-freebsd-pkg____mod_php80-8.0.25 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____phpldapadmin-php80-1.2.6.3_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____self-service-password-php80-1.5.0 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ldap-account-manager-9.1 +pkgp-freebsd-pkg____mod_php83-8.3.20 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____phpldapadmin-php83-1.2.6.7 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____self-service-password-php83-1.7.3 diff --git a/jails/config/ldap-mgr/pkg-list-details.txt b/jails/config/ldap-mgr/pkg-list-details.txt index bc5c9ef..e97a98a 100644 --- a/jails/config/ldap-mgr/pkg-list-details.txt +++ b/jails/config/ldap-mgr/pkg-list-details.txt @@ -1,7 +1,9 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ldap-account-manager-8.0.1 -pkgp-freebsd-pkg____mod_php80-8.0.25 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ldap-account-manager-9.1 +pkgp-freebsd-pkg____mod_php83-8.3.20 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____phpldapadmin-php83-1.2.6.7 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____self-service-password-php83-1.7.3 diff --git a/jails/config/ldap-mgr/pkg-list-old.txt b/jails/config/ldap-mgr/pkg-list-old.txt index 91d77b6..d809a88 100644 --- a/jails/config/ldap-mgr/pkg-list-old.txt +++ b/jails/config/ldap-mgr/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ldap-account-manager mod_php80 nano phpldapadmin-php80 pkg self-service-password-php80 +apache24 bash bash-completion ldap-account-manager mod_php83 nano phpldapadmin-php83 pkg self-service-password-php83 diff --git a/jails/config/ldap-mgr/pkg-list.txt b/jails/config/ldap-mgr/pkg-list.txt index 5db2805..d809a88 100644 --- a/jails/config/ldap-mgr/pkg-list.txt +++ b/jails/config/ldap-mgr/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ldap-account-manager mod_php80 nano pkg +apache24 bash bash-completion ldap-account-manager mod_php83 nano phpldapadmin-php83 pkg self-service-password-php83 diff --git a/jails/config/ldap/pkg-list-details-old.txt b/jails/config/ldap/pkg-list-details-old.txt index c0eba4b..70863c3 100644 --- a/jails/config/ldap/pkg-list-details-old.txt +++ b/jails/config/ldap/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-server-2.6.3_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openssl-1.1.1s,1 +pkgp123____ca_root_nss-3.108 +pkgp123____openldap26-server-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ldap/pkg-list-details.txt b/jails/config/ldap/pkg-list-details.txt index 6b19117..70863c3 100644 --- a/jails/config/ldap/pkg-list-details.txt +++ b/jails/config/ldap/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp123____openldap26-server-2.6.3_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openssl-1.1.1s,1 +pkgp123____ca_root_nss-3.108 +pkgp123____openldap26-server-2.6.9_1 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 diff --git a/jails/config/ldap/pkg-list-old.txt b/jails/config/ldap/pkg-list-old.txt index dbfd3c1..a63f462 100644 --- a/jails/config/ldap/pkg-list-old.txt +++ b/jails/config/ldap/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano openldap26-server openssl pkg +bash bash-completion ca_root_nss nano openldap26-server pkg diff --git a/jails/config/ldap/pkg-list.txt b/jails/config/ldap/pkg-list.txt index dbfd3c1..a63f462 100644 --- a/jails/config/ldap/pkg-list.txt +++ b/jails/config/ldap/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano openldap26-server openssl pkg +bash bash-completion ca_root_nss nano openldap26-server pkg diff --git a/jails/config/ldap/pkgp.conf b/jails/config/ldap/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/ldap/pkgp.conf +++ b/jails/config/ldap/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/mage/pkg-list-details-old.txt b/jails/config/mage/pkg-list-details-old.txt index 30d6b7e..025ea21 100644 --- a/jails/config/mage/pkg-list-details-old.txt +++ b/jails/config/mage/pkg-list-details-old.txt @@ -1,29 +1,29 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____dbus-1.14.4,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____git-lite-2.38.1_3 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____perl5-5.32.1_3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-IBMQuantumExperience-2.0.4 -pkgp-freebsd-pkg____py39-jupyterlab-3.4.8 -pkgp-freebsd-pkg____py39-matplotlib-3.4.3_5 -pkgp-freebsd-pkg____py39-pandas-1.5.0,1 -pkgp-freebsd-pkg____py39-pep517-0.13.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-scikit-learn-1.1.2_1 -pkgp-freebsd-pkg____py39-seaborn-0.11.2 -pkgp-freebsd-pkg____rubygem-pkg-config-1.4.9 -pkgp-freebsd-pkg____rust-1.64.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14 -pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9 -pkgp-freebsd-pkg____symengine-0.9.0_5 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____dbus-1.16.2_2,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____ninja-1.11.1,4 +pkgp-freebsd-pkg____perl5-5.36.3_3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-jupyterlab-4.4.0 +pkgp-freebsd-pkg____py311-matplotlib-3.8.0_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-scikit-learn-1.4.0_1 +pkgp-freebsd-pkg____py311-scipy-1.11.1_4,1 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____py311-statsmodels-0.14.1 +pkgp-freebsd-pkg____rubygem-pkg-config-1.6.0 +pkgp-freebsd-pkg____rust-1.86.0 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____suitesparse-cholmod-5.3.2 +pkgp-freebsd-pkg____suitesparse-umfpack-6.3.5_1 +pkgp-freebsd-pkg____symengine-0.14.0 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/mage/pkg-list-details.txt b/jails/config/mage/pkg-list-details.txt index d22b0d8..025ea21 100644 --- a/jails/config/mage/pkg-list-details.txt +++ b/jails/config/mage/pkg-list-details.txt @@ -1,29 +1,29 @@ -pkgp-freebsd-pkg____automake-1.16.5 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____cmake-3.24.3 -pkgp-freebsd-pkg____dbus-1.14.4,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____git-lite-2.38.1_4 -pkgp-freebsd-pkg____libxslt-1.1.37 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____perl5-5.32.1_3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-IBMQuantumExperience-2.0.4 -pkgp-freebsd-pkg____py39-jupyterlab-3.4.8 -pkgp-freebsd-pkg____py39-matplotlib-3.4.3_5 -pkgp-freebsd-pkg____py39-pandas-1.5.0,1 -pkgp-freebsd-pkg____py39-pep517-0.13.0 -pkgp-freebsd-pkg____py39-pip-22.2.2 -pkgp-freebsd-pkg____py39-scikit-learn-1.1.3 -pkgp-freebsd-pkg____py39-seaborn-0.11.2 -pkgp-freebsd-pkg____rubygem-pkg-config-1.4.9 -pkgp-freebsd-pkg____rust-1.65.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____suitesparse-cholmod-3.0.14 -pkgp-freebsd-pkg____suitesparse-umfpack-5.7.9 -pkgp-freebsd-pkg____symengine-0.9.0_5 -pkgp-freebsd-pkg____tigervnc-server-1.12.0_5 -pkgp-freebsd-pkg____xauth-1.1.1 +pkgp-freebsd-pkg____automake-1.17 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____cmake-3.31.6 +pkgp-freebsd-pkg____dbus-1.16.2_2,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____git-lite-2.49.0 +pkgp-freebsd-pkg____libxslt-1.1.42 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____ninja-1.11.1,4 +pkgp-freebsd-pkg____perl5-5.36.3_3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-jupyterlab-4.4.0 +pkgp-freebsd-pkg____py311-matplotlib-3.8.0_1 +pkgp-freebsd-pkg____py311-pip-23.3.2_4 +pkgp-freebsd-pkg____py311-scikit-learn-1.4.0_1 +pkgp-freebsd-pkg____py311-scipy-1.11.1_4,1 +pkgp-freebsd-pkg____py311-sqlite3-3.11.12_10 +pkgp-freebsd-pkg____py311-statsmodels-0.14.1 +pkgp-freebsd-pkg____rubygem-pkg-config-1.6.0 +pkgp-freebsd-pkg____rust-1.86.0 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 +pkgp-freebsd-pkg____suitesparse-cholmod-5.3.2 +pkgp-freebsd-pkg____suitesparse-umfpack-6.3.5_1 +pkgp-freebsd-pkg____symengine-0.14.0 +pkgp-freebsd-pkg____tigervnc-server-1.15.0 +pkgp-freebsd-pkg____xauth-1.1.4 pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/mage/pkg-list-old.txt b/jails/config/mage/pkg-list-old.txt index ebbfd67..0c5949b 100644 --- a/jails/config/mage/pkg-list-old.txt +++ b/jails/config/mage/pkg-list-old.txt @@ -1 +1 @@ -automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py39-IBMQuantumExperience py39-jupyterlab py39-matplotlib py39-pandas py39-pep517 py39-pip py39-scikit-learn py39-seaborn rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm +automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano ninja perl5 pkg py311-jupyterlab py311-matplotlib py311-pip py311-scikit-learn py311-scipy py311-sqlite3 py311-statsmodels rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm diff --git a/jails/config/mage/pkg-list.txt b/jails/config/mage/pkg-list.txt index ebbfd67..0c5949b 100644 --- a/jails/config/mage/pkg-list.txt +++ b/jails/config/mage/pkg-list.txt @@ -1 +1 @@ -automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano perl5 pkg py39-IBMQuantumExperience py39-jupyterlab py39-matplotlib py39-pandas py39-pep517 py39-pip py39-scikit-learn py39-seaborn rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm +automake bash bash-completion cmake dbus fluxbox git-lite libxslt nano ninja perl5 pkg py311-jupyterlab py311-matplotlib py311-pip py311-scikit-learn py311-scipy py311-sqlite3 py311-statsmodels rubygem-pkg-config rust sudo suitesparse-cholmod suitesparse-umfpack symengine tigervnc-server xauth xorg-fonts-truetype xterm diff --git a/jails/config/mail/pkg-list-details-old.txt b/jails/config/mail/pkg-list-details-old.txt index 84c241b..744ceb8 100644 --- a/jails/config/mail/pkg-list-details-old.txt +++ b/jails/config/mail/pkg-list-details-old.txt @@ -1,14 +1,15 @@ -pkgp123____dcc-dccd-2.3.168 -pkgp123____dovecot-2.3.19.1_1 -pkgp123____dovecot-pigeonhole-0.5.19 -pkgp123____icu-72.1,1 -pkgp123____libunwind-20211201_1 +pkgp123____dcc-dccd-2.3.169 +pkgp123____dovecot-2.3.21.1_3 +pkgp123____dovecot-pigeonhole-0.5.21.1_1 +pkgp123____icu-76.1,1 +pkgp123____libunwind-20240221_2 pkgp123____libyaml-0.2.5 -pkgp123____pkg-1.18.4 -pkgp123____postfix-3.7.3_1,1 -pkgp123____rspamd-3.4_1 -pkgp-freebsd-pkg____apache-solr-8.11.2,1 -pkgp-freebsd-pkg____bash-5.2.2_1 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____redis-7.0.5 +pkgp123____pkg-2.1.2 +pkgp123____postfix-3.10.1,1 +pkgp123____rspamd-3.11.1 +pkgp-freebsd-pkg____apache-solr9-9.2.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____lsof-4.99.4_2,8 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____redis-7.4.2 diff --git a/jails/config/mail/pkg-list-details.txt b/jails/config/mail/pkg-list-details.txt index 56a3771..744ceb8 100644 --- a/jails/config/mail/pkg-list-details.txt +++ b/jails/config/mail/pkg-list-details.txt @@ -1,14 +1,15 @@ -pkgp123____dcc-dccd-2.3.168 -pkgp123____dovecot-2.3.19.1_1 -pkgp123____dovecot-pigeonhole-0.5.19 -pkgp123____icu-72.1,1 -pkgp123____libunwind-20211201_1 +pkgp123____dcc-dccd-2.3.169 +pkgp123____dovecot-2.3.21.1_3 +pkgp123____dovecot-pigeonhole-0.5.21.1_1 +pkgp123____icu-76.1,1 +pkgp123____libunwind-20240221_2 pkgp123____libyaml-0.2.5 -pkgp123____pkg-1.18.4 -pkgp123____postfix-3.7.3_1,1 -pkgp123____rspamd-3.4_1 -pkgp-freebsd-pkg____apache-solr-8.11.2,1 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____redis-7.0.5 +pkgp123____pkg-2.1.2 +pkgp123____postfix-3.10.1,1 +pkgp123____rspamd-3.11.1 +pkgp-freebsd-pkg____apache-solr9-9.2.0 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____lsof-4.99.4_2,8 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____redis-7.4.2 diff --git a/jails/config/mail/pkg-list-old.txt b/jails/config/mail/pkg-list-old.txt index 8bfdd9d..7fcba9a 100644 --- a/jails/config/mail/pkg-list-old.txt +++ b/jails/config/mail/pkg-list-old.txt @@ -1 +1 @@ -apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml nano pkg postfix redis rspamd +apache-solr9 bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml lsof nano pkg postfix redis rspamd diff --git a/jails/config/mail/pkg-list.txt b/jails/config/mail/pkg-list.txt index 8bfdd9d..7fcba9a 100644 --- a/jails/config/mail/pkg-list.txt +++ b/jails/config/mail/pkg-list.txt @@ -1 +1 @@ -apache-solr bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml nano pkg postfix redis rspamd +apache-solr9 bash bash-completion dcc-dccd dovecot dovecot-pigeonhole icu libunwind libyaml lsof nano pkg postfix redis rspamd diff --git a/jails/config/mail/pkgp.conf b/jails/config/mail/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/mail/pkgp.conf +++ b/jails/config/mail/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/mail/postfix/main.cf b/jails/config/mail/postfix/main.cf index 194df47..ed1b4b6 100644 --- a/jails/config/mail/postfix/main.cf +++ b/jails/config/mail/postfix/main.cf @@ -27,7 +27,7 @@ # # The level below is what should be used with new (not upgrade) installs. # -compatibility_level = 2 +compatibility_level = 3.9.0 # SOFT BOUNCE # @@ -282,7 +282,8 @@ unknown_local_recipient_reject_code = 550 #mynetworks = $config_directory/mynetworks #mynetworks = hash:$config_directory/network_table -mynetworks = 127.0.0.1/32 192.168.0.0/24 [::1]/128 [fe80::]/10 [fd01::]/64 +# the 13.56.245.15 is sms.rockwoodestates.org - mail-relay.ahlawat.com +mynetworks = 127.0.0.1/32 192.168.0.0/24 [::1]/128 [fe80::]/10 [fd01::]/64 13.56.245.15 smtp_bind_address = 192.168.0.100 smtp_bind_address6 = fd01::100 @@ -713,10 +714,6 @@ mailbox_size_limit = 51200000 allow_percent_hack = no swap_bangpath = no -# path to the SSL certificate for the mail server -smtpd_tls_cert_file = /mnt/certs/fullchain.pem -smtpd_tls_key_file = /mnt/certs/privkeyr.pem - smtpd_tls_loglevel = 2 # These two lines define how postfix will connect to other mail servers. @@ -732,7 +729,7 @@ smtp_dns_support_level = dnssec # "mandatory" for authenticating users. I got these settings from Mozilla's # SSL reccomentations page. -# https://ssl-config.mozilla.org/#server=postfix&version=3.4.8&config=intermediate&openssl=1.1.1k&guideline=5.6 +# https://ssl-config.mozilla.org/#server=postfix&version=3.9.0&config=intermediate&openssl=3.1&guideline=5.6 # # NOTE: do not attempt to make TLS mandatory for all incoming/outgoing @@ -740,16 +737,26 @@ smtp_dns_support_level = dnssec # mandatory connections either. There are still a lot of mail servers out # there that do not use TLS, and many that do only support old ciphers. # Forcing TLS for everyone *will* cause you to lose mail. -smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 -smtpd_tls_mandatory_ciphers = medium -tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 +smtpd_tls_auth_only = yes +smtpd_tls_chain_files = + /mnt/certs/privkeyr.pem, + /mnt/certs/fullchain.pem + +smtpd_tls_security_level = may +smtpd_tls_mandatory_protocols = >=TLSv1.2 +smtpd_tls_protocols = >=TLSv1.2 + +#smtp_tls_security_level = may +smtp_tls_mandatory_protocols = >=TLSv1.2 +smtp_tls_protocols = >=TLSv1.2 tls_preempt_cipherlist = no - -# allow other mail servers to connect using TLS, but don't require it -smtpd_tls_security_level = may +tls_eecdh_auto_curves = X25519 prime256v1 secp384r1 +tls_ffdhe_auto_groups = +smtp_tls_mandatory_ciphers = medium +smtpd_tls_mandatory_ciphers = medium +tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 # tickets and compression have known vulnerabilities tls_ssl_options = no_ticket, no_compression, NO_RENEGOTIATION @@ -757,8 +764,7 @@ tls_ssl_options = no_ticket, no_compression, NO_RENEGOTIATION # it's more secure to generate your own DH params but using mozilla's # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam # not actually 1024 bits, this applies to all DHE >= 1024 bits -#smtpd_tls_dh512_param_file = /mnt/certs/dhparam512.pem -smtpd_tls_dh1024_param_file = /mnt/certs/dhparam4096.pem +# NOW deprecated - smtpd_tls_dh1024_param_file = /mnt/certs/dhparam4096.pem # cache incoming and outgoing TLS sessions smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_tlscache @@ -770,9 +776,6 @@ smtpd_sasl_auth_enable = yes smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot -# only allow authentication over TLS -smtpd_tls_auth_only = yes - # don't allow plaintext auth methods on unencrypted connections smtpd_sasl_security_options = noanonymous, noplaintext # but plaintext auth is fine when using TLS diff --git a/jails/config/mail/postfix/protected_destinations b/jails/config/mail/postfix/protected_destinations index 27ebb65..b2ead6c 100644 --- a/jails/config/mail/postfix/protected_destinations +++ b/jails/config/mail/postfix/protected_destinations @@ -1,4 +1,9 @@ # not everyone can send to these destinations # we restrict some of them -ahlawat.com good_senders_only +ahlawat.com good_senders_only,reject +beyondbell.com good_senders_only,reject +diyit.org good_senders_only,reject +datavpc.com good_senders_only,reject +rockwoodstates.org good_senders_only,reject +scvcc-rental.com good_senders_only,reject diff --git a/jails/config/maps/pkg-list-details-old.txt b/jails/config/maps/pkg-list-details-old.txt index 1eae6a7..49c43e0 100644 --- a/jails/config/maps/pkg-list-details-old.txt +++ b/jails/config/maps/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____npm-8.19.2 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____pkgconf-1.8.0_1,1 -pkgp-freebsd-pkg____vips-8.13.0_3 +pkgp-freebsd-pkg____bash-5.2.26_1 +pkgp-freebsd-pkg____bash-completion-2.11_2,2 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____npm-10.2.5 +pkgp-freebsd-pkg____pkg-1.20.9_1 +pkgp-freebsd-pkg____pkgconf-2.0.3_2,1 +pkgp-freebsd-pkg____vips-8.15.1_2 diff --git a/jails/config/maps/pkg-list-details.txt b/jails/config/maps/pkg-list-details.txt index efe67b8..9d006b4 100644 --- a/jails/config/maps/pkg-list-details.txt +++ b/jails/config/maps/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 +pkgp-freebsd-pkg____bash-5.2.26_1 pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____npm-8.19.2 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____pkgconf-1.8.0_1,1 -pkgp-freebsd-pkg____vips-8.13.0_3 +pkgp-freebsd-pkg____nano-7.2 +pkgp-freebsd-pkg____npm-10.4.0 +pkgp-freebsd-pkg____pkg-1.20.9_1 +pkgp-freebsd-pkg____pkgconf-2.0.3_2,1 +pkgp-freebsd-pkg____vips-8.15.1_3 diff --git a/jails/config/matrix/pkg-list-details-old.txt b/jails/config/matrix/pkg-list-details-old.txt index d8ac1bf..4d49076 100644 --- a/jails/config/matrix/pkg-list-details-old.txt +++ b/jails/config/matrix/pkg-list-details-old.txt @@ -1,9 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____element-web-1.11.14 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-matrix-synapse-1.71.0 -pkgp-freebsd-pkg____py39-matrix-synapse-ldap3-0.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____element-web-1.11.98 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-matrix-synapse-1.127.1 +pkgp-freebsd-pkg____py311-matrix-synapse-ldap3-0.3.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/matrix/pkg-list-details.txt b/jails/config/matrix/pkg-list-details.txt index 2b33a7c..4d49076 100644 --- a/jails/config/matrix/pkg-list-details.txt +++ b/jails/config/matrix/pkg-list-details.txt @@ -1,9 +1,10 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____element-web-1.11.15 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____py39-matrix-synapse-1.71.0_1 -pkgp-freebsd-pkg____py39-matrix-synapse-ldap3-0.2.2 -pkgp-freebsd-pkg____py39-psycopg2-2.9.4 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____element-web-1.11.98 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____py311-matrix-synapse-1.127.1 +pkgp-freebsd-pkg____py311-matrix-synapse-ldap3-0.3.0_1 +pkgp-freebsd-pkg____py311-psycopg2-2.9.10 +pkgp-freebsd-pkg____rust-1.86.0 diff --git a/jails/config/matrix/pkg-list-old.txt b/jails/config/matrix/pkg-list-old.txt index 16a2720..c2ba3bb 100644 --- a/jails/config/matrix/pkg-list-old.txt +++ b/jails/config/matrix/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion element-web nano nginx pkg py39-matrix-synapse py39-matrix-synapse-ldap3 py39-psycopg2 +bash bash-completion element-web nano nginx pkg py311-matrix-synapse py311-matrix-synapse-ldap3 py311-psycopg2 rust diff --git a/jails/config/matrix/pkg-list.txt b/jails/config/matrix/pkg-list.txt index 16a2720..c2ba3bb 100644 --- a/jails/config/matrix/pkg-list.txt +++ b/jails/config/matrix/pkg-list.txt @@ -1 +1 @@ -bash bash-completion element-web nano nginx pkg py39-matrix-synapse py39-matrix-synapse-ldap3 py39-psycopg2 +bash bash-completion element-web nano nginx pkg py311-matrix-synapse py311-matrix-synapse-ldap3 py311-psycopg2 rust diff --git a/jails/config/meet/pkg-list-details-old.txt b/jails/config/meet/pkg-list-details-old.txt index 6a80c55..597899e 100644 --- a/jails/config/meet/pkg-list-details-old.txt +++ b/jails/config/meet/pkg-list-details-old.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____jicofo-1.0.877 -pkgp-freebsd-pkg____jitsi-meet-1.0.6155 -pkgp-freebsd-pkg____jitsi-videobridge-2.1.681 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prosody-0.12.1_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____jicofo-1.0.1118 +pkgp-freebsd-pkg____jitsi-meet-1.0.8339 +pkgp-freebsd-pkg____jitsi-videobridge-2.3.198 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prosody-13.0.1 diff --git a/jails/config/meet/pkg-list-details.txt b/jails/config/meet/pkg-list-details.txt index 4709318..597899e 100644 --- a/jails/config/meet/pkg-list-details.txt +++ b/jails/config/meet/pkg-list-details.txt @@ -1,9 +1,9 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____jicofo-1.0.877 -pkgp-freebsd-pkg____jitsi-meet-1.0.6155 -pkgp-freebsd-pkg____jitsi-videobridge-2.1.681 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____nginx-1.22.1_2,3 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prosody-0.12.1_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____jicofo-1.0.1118 +pkgp-freebsd-pkg____jitsi-meet-1.0.8339 +pkgp-freebsd-pkg____jitsi-videobridge-2.3.198 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____nginx-1.26.3_3,3 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prosody-13.0.1 diff --git a/jails/config/monitor/alert_rules.yml b/jails/config/monitor/alert_rules.yml index 1e3d3ef..ee974d8 100644 --- a/jails/config/monitor/alert_rules.yml +++ b/jails/config/monitor/alert_rules.yml @@ -18,21 +18,21 @@ groups: summary: "Node {{ $labels.instance }} is down" description: "Failed to scrape {{ $labels.job }} on {{ $labels.instance }} for more than 1 minute. Node seems down." - alert: High_cpu_util - expr: node_load5{job="node_exporter"} > 6 - for: 2m + expr: node_load1{job="node_exporter"} > 10 + for: 5m labels: severity: warning annotations: summary: "CPU {{ $labels.instance }} is high" - description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 6 for more than 2 minute." + description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 10 for more than 5 minutes." - alert: High_disk_util expr: gstat_percent_busy{job="gstat"} > 90 - for: 3m + for: 9m labels: severity: warning annotations: summary: "Disk {{ $labels.instance }} is loaded" - description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 90% for more than 3 minute." + description: "{{ $labels.job }} on {{ $labels.instance }} loaded more than 90% for more than 9 minutes." - name: Probe alerts rules: - alert: Site_down diff --git a/jails/config/monitor/httpd.conf b/jails/config/monitor/httpd.conf index 1622852..a51a151 100644 --- a/jails/config/monitor/httpd.conf +++ b/jails/config/monitor/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName monitor.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/monitor/pkg-list-details-old.txt b/jails/config/monitor/pkg-list-details-old.txt index 4d1c493..4a24400 100644 --- a/jails/config/monitor/pkg-list-details-old.txt +++ b/jails/config/monitor/pkg-list-details-old.txt @@ -1,41 +1,43 @@ -pkgp-freebsd-pkg____alertmanager-0.23.0_7 -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____grafana9-9.2.4 -pkgp-freebsd-pkg____influxdb-1.8.10_7 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-bz2-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-intl-8.1.12_1 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-opcache-8.1.12 -pkgp-freebsd-pkg____php81-pdo-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php81-pecl-memcache-8.0 -pkgp-freebsd-pkg____php81-posix-8.1.12 -pkgp-freebsd-pkg____php81-readline-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-simplexml-8.1.12 -pkgp-freebsd-pkg____php81-soap-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sqlite3-8.1.12 -pkgp-freebsd-pkg____php81-tidy-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prometheus-2.39.1 -pkgp-freebsd-pkg____telegraf-1.24.3 +pkgp-freebsd-pkg____alertmanager-0.26.0_9 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____grafana-11.6.0_1 +pkgp-freebsd-pkg____grafana-loki-2.9.2_11 +pkgp-freebsd-pkg____influxdb-1.8.10_27 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-intl-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php84-pecl-memcache-8.2 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-readline-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-soap-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sqlite3-8.4.6 +pkgp-freebsd-pkg____php84-tidy-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prometheus-2.55.1_4 +pkgp-freebsd-pkg____telegraf-1.34.2 diff --git a/jails/config/monitor/pkg-list-details.txt b/jails/config/monitor/pkg-list-details.txt index df8bc20..4a24400 100644 --- a/jails/config/monitor/pkg-list-details.txt +++ b/jails/config/monitor/pkg-list-details.txt @@ -1,41 +1,43 @@ -pkgp-freebsd-pkg____alertmanager-0.23.0_7 -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____grafana9-9.2.4 -pkgp-freebsd-pkg____influxdb-1.8.10_7 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-bz2-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-intl-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-opcache-8.1.13 -pkgp-freebsd-pkg____php81-pdo-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-mcrypt-1.0.5 -pkgp-freebsd-pkg____php81-pecl-memcache-8.0 -pkgp-freebsd-pkg____php81-posix-8.1.13 -pkgp-freebsd-pkg____php81-readline-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-simplexml-8.1.13 -pkgp-freebsd-pkg____php81-soap-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sqlite3-8.1.13 -pkgp-freebsd-pkg____php81-tidy-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____prometheus-2.39.1 -pkgp-freebsd-pkg____telegraf-1.24.3 +pkgp-freebsd-pkg____alertmanager-0.26.0_9 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____elasticsearch8-8.11.3 +pkgp-freebsd-pkg____grafana-11.6.0_1 +pkgp-freebsd-pkg____grafana-loki-2.9.2_11 +pkgp-freebsd-pkg____influxdb-1.8.10_27 +pkgp-freebsd-pkg____iperf3-3.18 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-intl-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-mcrypt-1.0.7 +pkgp-freebsd-pkg____php84-pecl-memcache-8.2 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-readline-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-soap-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sqlite3-8.4.6 +pkgp-freebsd-pkg____php84-tidy-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____prometheus-2.55.1_4 +pkgp-freebsd-pkg____telegraf-1.34.2 diff --git a/jails/config/monitor/pkg-list-old.txt b/jails/config/monitor/pkg-list-old.txt index d303802..23ef967 100644 --- a/jails/config/monitor/pkg-list-old.txt +++ b/jails/config/monitor/pkg-list-old.txt @@ -1 +1 @@ -alertmanager apache24 bash bash-completion grafana9 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf +alertmanager apache24 bash bash-completion elasticsearch8 grafana grafana-loki influxdb iperf3 nano php84 php84-bcmath php84-bz2 php84-ctype php84-curl php84-dom php84-fileinfo php84-filter php84-gd php84-iconv php84-intl php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-mcrypt php84-pecl-memcache php84-posix php84-readline php84-session php84-simplexml php84-soap php84-sockets php84-sqlite3 php84-tidy php84-tokenizer php84-xml php84-zip php84-zlib pkg prometheus telegraf diff --git a/jails/config/monitor/pkg-list.txt b/jails/config/monitor/pkg-list.txt index d303802..23ef967 100644 --- a/jails/config/monitor/pkg-list.txt +++ b/jails/config/monitor/pkg-list.txt @@ -1 +1 @@ -alertmanager apache24 bash bash-completion grafana9 influxdb iperf3 nano php81 php81-bcmath php81-bz2 php81-ctype php81-curl php81-dom php81-fileinfo php81-filter php81-gd php81-iconv php81-intl php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-mcrypt php81-pecl-memcache php81-posix php81-readline php81-session php81-simplexml php81-soap php81-sockets php81-sqlite3 php81-tidy php81-tokenizer php81-xml php81-zip php81-zlib pkg prometheus telegraf +alertmanager apache24 bash bash-completion elasticsearch8 grafana grafana-loki influxdb iperf3 nano php84 php84-bcmath php84-bz2 php84-ctype php84-curl php84-dom php84-fileinfo php84-filter php84-gd php84-iconv php84-intl php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-mcrypt php84-pecl-memcache php84-posix php84-readline php84-session php84-simplexml php84-soap php84-sockets php84-sqlite3 php84-tidy php84-tokenizer php84-xml php84-zip php84-zlib pkg prometheus telegraf diff --git a/jails/config/monitor/prometheus.yml b/jails/config/monitor/prometheus.yml index fc10187..d8c9a93 100644 --- a/jails/config/monitor/prometheus.yml +++ b/jails/config/monitor/prometheus.yml @@ -1,4 +1,4 @@ -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2019, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -34,12 +34,33 @@ scrape_configs: static_configs: - targets: ['localhost:9090'] + - job_name: 'hass' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: /api/prometheus + # Long-Lived Access Token + authorization: + credentials: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwMTgyNzJkMGM4MDE0MDI3OTJkNDFmZjFkOGFjYTQ3YSIsImlhdCI6MTY5MDg0MzQ1MywiZXhwIjoyMDA2MjAzNDUzfQ.7V9ElJkYzW1DRIHIp3GvopVN4pC5X92Ozqs-I9cZ9_c" + scheme: http + static_configs: + - targets: ['192.168.0.7:8123'] + + - job_name: 'sunpower' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: / + static_configs: + - targets: ['192.168.200.172:9110'] + - job_name: 'haproxy' static_configs: - targets: ['proxy.ahlawat.com:8404'] - job_name: 'node_exporter' - # scrape_interval: 5s + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: /metrics + scheme: http static_configs: - targets: ['nas.ahlawat.com:9100'] @@ -50,6 +71,10 @@ scrape_configs: - targets: ['db.ahlawat.com:9104'] - job_name: 'gstat' + scrape_interval: 60s + scrape_timeout: 55s + metrics_path: / + scheme: http static_configs: - targets: ['nas.ahlawat.com:9248'] diff --git a/jails/config/nivi/httpd.conf b/jails/config/nivi/httpd.conf index 9786c46..25e99a7 100644 --- a/jails/config/nivi/httpd.conf +++ b/jails/config/nivi/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName nivi.ahlawat.com ServerAlias *.ahlawat.com @@ -559,16 +567,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/nivi/pkg-list-details-old.txt b/jails/config/nivi/pkg-list-details-old.txt index d8a27ff..2fc485b 100644 --- a/jails/config/nivi/pkg-list-details-old.txt +++ b/jails/config/nivi/pkg-list-details-old.txt @@ -1,31 +1,31 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bz2-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-opcache-8.1.12 -pkgp-freebsd-pkg____php81-pdo-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-posix-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-simplexml-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-xmlreader-8.1.12 -pkgp-freebsd-pkg____php81-xmlwriter-8.1.12 -pkgp-freebsd-pkg____php81-xsl-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-xmlreader-8.4.6 +pkgp-freebsd-pkg____php84-xmlwriter-8.4.6 +pkgp-freebsd-pkg____php84-xsl-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/nivi/pkg-list-details.txt b/jails/config/nivi/pkg-list-details.txt index a912bd0..2fc485b 100644 --- a/jails/config/nivi/pkg-list-details.txt +++ b/jails/config/nivi/pkg-list-details.txt @@ -1,31 +1,31 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____ffmpeg-4.4.3_1,1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bz2-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-opcache-8.1.13 -pkgp-freebsd-pkg____php81-pdo-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-posix-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-simplexml-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-xmlreader-8.1.13 -pkgp-freebsd-pkg____php81-xmlwriter-8.1.13 -pkgp-freebsd-pkg____php81-xsl-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____ffmpeg-6.1.2_10,1 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bz2-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-opcache-8.4.6 +pkgp-freebsd-pkg____php84-pdo-8.4.6 +pkgp-freebsd-pkg____php84-pdo_mysql-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-posix-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-simplexml-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-xmlreader-8.4.6 +pkgp-freebsd-pkg____php84-xmlwriter-8.4.6 +pkgp-freebsd-pkg____php84-xsl-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/nivi/pkg-list-old.txt b/jails/config/nivi/pkg-list-old.txt index 537b1dd..06854b7 100644 --- a/jails/config/nivi/pkg-list-old.txt +++ b/jails/config/nivi/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php81 php81-bz2 php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-gd php81-iconv php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-imagick php81-posix php81-session php81-simplexml php81-xml php81-xmlreader php81-xmlwriter php81-xsl php81-zip php81-zlib pkg +apache24 bash bash-completion ffmpeg nano php84 php84-bz2 php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-gd php84-iconv php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-imagick php84-posix php84-session php84-simplexml php84-xml php84-xmlreader php84-xmlwriter php84-xsl php84-zip php84-zlib pkg diff --git a/jails/config/nivi/pkg-list.txt b/jails/config/nivi/pkg-list.txt index 537b1dd..06854b7 100644 --- a/jails/config/nivi/pkg-list.txt +++ b/jails/config/nivi/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion ffmpeg nano php81 php81-bz2 php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-gd php81-iconv php81-mbstring php81-mysqli php81-opcache php81-pdo php81-pdo_mysql php81-pecl-imagick php81-posix php81-session php81-simplexml php81-xml php81-xmlreader php81-xmlwriter php81-xsl php81-zip php81-zlib pkg +apache24 bash bash-completion ffmpeg nano php84 php84-bz2 php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-gd php84-iconv php84-mbstring php84-mysqli php84-opcache php84-pdo php84-pdo_mysql php84-pecl-imagick php84-posix php84-session php84-simplexml php84-xml php84-xmlreader php84-xmlwriter php84-xsl php84-zip php84-zlib pkg diff --git a/jails/config/pg/pkg-list-details-old.txt b/jails/config/pg/pkg-list-details-old.txt index e9baca8..f6d53a5 100644 --- a/jails/config/pg/pkg-list-details-old.txt +++ b/jails/config/pg/pkg-list-details-old.txt @@ -1,5 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____postgresql14-server-14.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____postgresql17-client-17.4_1 +pkgp-freebsd-pkg____postgresql17-server-17.4_1 diff --git a/jails/config/pg/pkg-list-details.txt b/jails/config/pg/pkg-list-details.txt index f8891ee..f6d53a5 100644 --- a/jails/config/pg/pkg-list-details.txt +++ b/jails/config/pg/pkg-list-details.txt @@ -1,5 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____postgresql14-server-14.6_1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____postgresql17-client-17.4_1 +pkgp-freebsd-pkg____postgresql17-server-17.4_1 diff --git a/jails/config/pg/pkg-list-old.txt b/jails/config/pg/pkg-list-old.txt index e889c2f..01412cf 100644 --- a/jails/config/pg/pkg-list-old.txt +++ b/jails/config/pg/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion nano pkg postgresql14-server +bash bash-completion nano pkg postgresql17-client postgresql17-server diff --git a/jails/config/pg/pkg-list.txt b/jails/config/pg/pkg-list.txt index e889c2f..01412cf 100644 --- a/jails/config/pg/pkg-list.txt +++ b/jails/config/pg/pkg-list.txt @@ -1 +1 @@ -bash bash-completion nano pkg postgresql14-server +bash bash-completion nano pkg postgresql17-client postgresql17-server diff --git a/jails/config/pkgp/make.conf b/jails/config/pkgp/make.conf index 880df0a..e144feb 100644 --- a/jails/config/pkgp/make.conf +++ b/jails/config/pkgp/make.conf @@ -1,3 +1,17 @@ -WANT_OPENLDAP_SASL=yes +#WANT_OPENLDAP_SASL=yes LICENSES_ACCEPTED+=DCC WITH_CCACHE_BUILD=yes +DEFAULT_VERSIONS+=SSL=openssl31-quictls +OPTIONS_UNSET+=GSSAPI_BASE KRB_BASE KRB5_BASE KERBEROS KERBEROS5 +OPTIONS_SET+=GSSAPI_NONE KRB_NONE KRB5_NONE LDAP LDAPS SASL +#pkg level configs +mail_dcc-dccd_SET+=PORTS_MILTER +mail_dovecot_SET+=LZ4 ICU SOLR +mail_rspamd_SET+=HYPERSCAN +net_haproxy_UNSET+=DPCRE2 +net_haproxy_SET+=SPCRE2 +security_cyrus-sasl2_UNSET+=OTP +shells_bash_UNSET+=PORTS_READLINE +www_apache24_SET+=AUTHNZ_LDAP +www_gitea_SET+=BINDATA +www_nginx_SET+=HTTPV3_QTLS diff --git a/jails/config/pkgp/mypkgs b/jails/config/pkgp/mypkgs index 96aed25..a8dd0c5 100644 --- a/jails/config/pkgp/mypkgs +++ b/jails/config/pkgp/mypkgs @@ -4,7 +4,7 @@ net/openldap26-server net/openldap26-client security/cyrus-sasl2 www/apache24 -www/nginx-devel +www/nginx devel/apr1 mail/postfix mail/dovecot @@ -12,7 +12,7 @@ mail/dovecot-pigeonhole mail/rspamd mail/dcc-dccd net/netatalk3 -net/samba413 +net/samba416 net/nss-pam-ldapd net/nss-pam-ldapd-sasl www/gitea diff --git a/jails/config/pkgp/mypkgs.orig b/jails/config/pkgp/mypkgs.orig deleted file mode 100644 index b82ece5..0000000 --- a/jails/config/pkgp/mypkgs.orig +++ /dev/null @@ -1,19 +0,0 @@ -net/haproxy -net/openldap24-server -net/openldap24-client -security/cyrus-sasl2 -www/apache24 -www/nginx-devel -devel/apr1 -net/php81-ldap -net/php80-ldap -mail/postfix -mail/dovecot -mail/dovecot-pigeonhole -mail/rspamd -mail/dcc-dccd -net/netatalk3 -net/samba413 -net/nss-pam-ldapd -net/nss-pam-ldapd-sasl -www/gitea diff --git a/jails/config/pkgp/nginx.conf b/jails/config/pkgp/nginx.conf index bad0306..1ae88f0 100644 --- a/jails/config/pkgp/nginx.conf +++ b/jails/config/pkgp/nginx.conf @@ -42,9 +42,20 @@ http { } } +# https://ssl-config.mozilla.org/#server=nginx&version=1.27.3&config=modern&openssl=3.1.0&guideline=5.7 + server { - listen *:443 ssl http2; - listen [::]:443 ssl http2; + listen *:443 quic reuseport; + listen [::]:443 quic reuseport; + listen *:443 ssl; + listen [::]:443 ssl; + + ssl_early_data on; + quic_retry on; + + http3 on; + http3_hq on; + http2 on; server_name pkgp.ahlawat.com; root /usr/local/share/poudriere/html; @@ -67,14 +78,20 @@ http { ssl_stapling_verify on; # verify chain of trust of OCSP response using Root CA and Intermediate certs - ssl_trusted_certificate /mnt/certs/fullchain.pem; + ssl_trusted_certificate /mnt/certs/cacert.pem; + + # async 'resolver' is important for proper operation of OCSP stapling + resolver 192.168.0.5; + location /data { + add_header Alt-Svc 'h3=":443"; ma=86400'; alias /mnt/poudriere/data/logs/bulk; autoindex on; } location /packages { + add_header Alt-Svc 'h3=":443"; ma=86400'; root /mnt/poudriere/data; autoindex on; } @@ -130,7 +147,7 @@ http { listen [::]:8001; server_name localhost; location / { - proxy_pass http://pkg0.tuk.FreeBSD.org; + proxy_pass http://pkg0.pao.FreeBSD.org; } } @@ -187,7 +204,6 @@ http { server localhost:8011; server localhost:8012; server localhost:8013; - server localhost:8014; } server { @@ -216,13 +232,5 @@ http { proxy_pass http://update5.FreeBSD.org; } } - server { - listen *:8014; - listen [::]:8014; - server_name localhost; - location / { - proxy_pass http://update4.FreeBSD.org; - } - } } diff --git a/jails/config/pkgp/pkgp.conf b/jails/config/pkgp/pkgp.conf index d50ccf8..ac09580 100644 --- a/jails/config/pkgp/pkgp.conf +++ b/jails/config/pkgp/pkgp.conf @@ -5,16 +5,14 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", - pubkey: "/mnt/data/apps/certs/poudriere.cert", - enabled: no, + pubkey: "/mnt/certs/poudriere.cert", + enabled: yes, priority: 100 } diff --git a/jails/config/pkgp/poudriere.conf b/jails/config/pkgp/poudriere.conf index 59f0ba3..7dae615 100644 --- a/jails/config/pkgp/poudriere.conf +++ b/jails/config/pkgp/poudriere.conf @@ -47,7 +47,7 @@ BASEFS=/poudriere #POUDRIERE_DATA=${BASEFS}/data # Use portlint to check ports sanity -USE_PORTLINT=no +USE_PORTLINT=yes # When building packages, a memory device can be used to speedup the build. # Only one of MFSSIZE or USE_TMPFS is supported. TMPFS is generally faster @@ -66,16 +66,17 @@ USE_PORTLINT=no # yes - Enables tmpfs(5) for wrkdir and data # no - Disable use of tmpfs(5) # EXAMPLE: USE_TMPFS="wrkdir data" -USE_TMPFS="wrkdir localbase" +#USE_TMPFS="wrkdir data localbase" +USE_TMPFS=all # let ZFS do its caching magic # How much memory to limit tmpfs size to for *each builder* in GiB # (default: none) -#TMPFS_LIMIT=8 +TMPFS_LIMIT=64 # How much memory to limit jail processes to for *each builder* # in GiB (default: none) -MAX_MEMORY=8 +MAX_MEMORY=64 # How many file descriptors to limit each jail process to (default: 1024) # This can also be set per PKGBASE, such as MAX_FILES_RStudio=2048. @@ -160,7 +161,7 @@ CCACHE_DIR=/mnt/cache/ccache # by specifying the -J flag to bulk/testport. # # Example to define PARALLEL_JOBS to one single job -PARALLEL_JOBS=8 +PARALLEL_JOBS=2 # How many jobs should be used for preparing the build? These tend to # be more IO bound and may be worth tweaking. Default: PARALLEL_JOBS * 1.25 @@ -200,7 +201,7 @@ NOLINUX=yes # List of packages that will always be allowed to use MAKE_JOBS # regardless of ALLOW_MAKE_JOBS. This is useful for allowing ports # which holdup the rest of the queue to build more quickly. -ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py* llvm*" +ALLOW_MAKE_JOBS_PACKAGES="pkg ccache py* llvm* gcc* rust* node* firefox*" # Timestamp every line of build logs # Default: no @@ -282,7 +283,7 @@ PRESERVE_TIMESTAMP=yes # Define pkgname globs to boost priority for # Default: none -PRIORITY_BOOST="llvm*" +PRIORITY_BOOST="llvm* rust" # Define format for buildnames # Default: %Y-%m-%d_%Hh%Mm%Ss @@ -317,4 +318,4 @@ PRIORITY_BOOST="llvm*" # Set to track remaining ports in the HTML interface. This can slow down # processing of the queue slightly, especially for bulk -a builds. # Default: no -#HTML_TRACK_REMAINING=yes +HTML_TRACK_REMAINING=yes diff --git a/jails/config/plex/pkg-list-details-old.txt b/jails/config/plex/pkg-list-details-old.txt index 777a78a..c1fabb5 100644 --- a/jails/config/plex/pkg-list-details-old.txt +++ b/jails/config/plex/pkg-list-details-old.txt @@ -1,6 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____ca_root_nss-3.83 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____plexmediaserver-1.29.1.6316 -pkgp-freebsd-pkg____python27-2.7.18_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____ca_root_nss-3.108 +pkgp-freebsd-pkg____jellyfin-10.10.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____plexmediaserver-1.41.6.9685 diff --git a/jails/config/plex/pkg-list-details.txt b/jails/config/plex/pkg-list-details.txt index 539c9cd..c1fabb5 100644 --- a/jails/config/plex/pkg-list-details.txt +++ b/jails/config/plex/pkg-list-details.txt @@ -1,6 +1,6 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____ca_root_nss-3.83 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____plexmediaserver-1.29.2.6364 -pkgp-freebsd-pkg____python27-2.7.18_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____ca_root_nss-3.108 +pkgp-freebsd-pkg____jellyfin-10.10.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____plexmediaserver-1.41.6.9685 diff --git a/jails/config/plex/pkg-list-old.txt b/jails/config/plex/pkg-list-old.txt index 8aa412a..fd70194 100644 --- a/jails/config/plex/pkg-list-old.txt +++ b/jails/config/plex/pkg-list-old.txt @@ -1 +1 @@ -bash ca_root_nss nano pkg plexmediaserver python27 +bash ca_root_nss jellyfin nano pkg plexmediaserver diff --git a/jails/config/plex/pkg-list.txt b/jails/config/plex/pkg-list.txt index 8aa412a..fd70194 100644 --- a/jails/config/plex/pkg-list.txt +++ b/jails/config/plex/pkg-list.txt @@ -1 +1 @@ -bash ca_root_nss nano pkg plexmediaserver python27 +bash ca_root_nss jellyfin nano pkg plexmediaserver diff --git a/jails/config/proxy/haproxy.conf b/jails/config/proxy/haproxy.conf index 78b5567..d666428 100644 --- a/jails/config/proxy/haproxy.conf +++ b/jails/config/proxy/haproxy.conf @@ -13,25 +13,25 @@ global daemon maxconn 4096 +# limited-quic + ca-base /mnt/certs crt-base /mnt/certs # modern configuration # twilio is one of the sites that cannot handle the modern config -# ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets - -# ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets +# generated 2025-04-25, Mozilla Guideline v5.7, HAProxy 3.0, OpenSSL 3.1.0, intermediate config +# https://ssl-config.mozilla.org/#server=haproxy&version=3.0&config=intermediate&openssl=3.1.0&guideline=5.7 # intermediate configuration - ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 -# ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets - ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets + ssl-default-bind-curves X25519:prime256v1:secp384r1 + ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-bind-options prefer-client-ciphers ssl-min-ver TLSv1.2 no-tls-tickets - ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 - ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets + ssl-default-server-curves X25519:prime256v1:secp384r1 + ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 + ssl-default-server-options ssl-min-ver TLSv1.2 no-tls-tickets # curl https://ssl-config.mozilla.org/ffdhe4096.txt > /mnt/certs/dhparam4096.pem ssl-dh-param-file /mnt/certs/dhparam4096.pem @@ -52,7 +52,7 @@ defaults option forwardfor option redispatch option http-keep-alive - option http-server-close +# option http-server-close # this would force target rotation and recommended for websockets option httplog option dontlognull retries 3 @@ -66,6 +66,14 @@ defaults timeout tunnel 3600s timeout tarpit 60s + errorfile 400 /usr/local/share/examples/haproxy/errorfiles/400.http + errorfile 403 /usr/local/share/examples/haproxy/errorfiles/403.http + errorfile 408 /usr/local/share/examples/haproxy/errorfiles/408.http + errorfile 500 /usr/local/share/examples/haproxy/errorfiles/500.http + errorfile 502 /usr/local/share/examples/haproxy/errorfiles/502.http + errorfile 503 /usr/local/share/examples/haproxy/errorfiles/503.http + errorfile 504 /usr/local/share/examples/haproxy/errorfiles/504.http + unique-id-format %{+X}o\ %[hostname,field(1,.),upper]-%Ts%rt default-server init-addr none resolvers mydns @@ -85,14 +93,17 @@ frontend stats frontend ft bind :::80 v4v6 # ssl-min-ver TLSv1.2 ssl-max-ver TLSv1.2 - bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem + bind :::443 v4v6 strict-sni alpn h2,http/1.1 ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem redirect scheme https code 301 if !{ ssl_fc } + http-request redirect scheme https unless { ssl_fc } # enables HTTP/3 over QUIC -# bind quic4@:443 alpn h3 ssl crt haproxy.pem crt diyhaproxy.pem crt xflowhaproxy.pem crt dvpchaproxy.pem crt rwehaproxy.pem crt scvcchaproxy.pem + bind quic4@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem + bind quic6@:443 strict-sni alpn h3 allow-0rtt ssl crt haproxy.pem crt diyhaproxy.pem crt rwehaproxy.pem # Switches to the QUIC protocol -# http-response set-header alt-svc "h3=\":443\";ma=2592000;" + http-response set-header alt-svc 'h3=":443";ma=86400;h3-27=":443";ma=86400,h3-28=":443";ma=86400,h3-29=":443";ma=86400' + log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc @@ -108,8 +119,11 @@ frontend ft http-request set-header X-Client-IP "%[src]" http-request set-header X-Client-Port "%[src_port]" http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Ssl on if { ssl_fc } - http-response set-header Strict-Transport-Security max-age=63072000 + +# https://hstspreload.org + http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains" # http-response set-header Content-Security-Policy "script-src 'self'" @@ -123,19 +137,24 @@ frontend ft use_backend bk_ahlawat if { req.hdr(host) ahlawat.com } use_backend bk_ahlawat if { req.hdr(host) www.ahlawat.com } - use_backend bk_ahlawat if { req.hdr(host) www2.ahlawat.com } + use_backend bk_ahlawat if { req.hdr(host) www-backup.ahlawat.com } use_backend bk_ahlawat if { req.hdr(host) mta-sts.ahlawat.com } use_backend bk_ahlawat-sharad if { req.hdr(host) sharad.ahlawat.com } - use_backend bk_ahlawat-sharad if { req.hdr(host) sharad2.ahlawat.com } use_backend bk_ahlawat-rachna if { req.hdr(host) rachna.ahlawat.com } use_backend bk_ahlawat-nivi if { req.hdr(host) nivi.ahlawat.com } use_backend bk_ahlawat-nivi if { req.hdr(host) nivedita.ahlawat.com } use_backend bk_ahlawat-rishabh if { req.hdr(host) rishabh.ahlawat.com } + use_backend bk_ahlawat-rishabh if { req.hdr(host) rish.ahlawat.com } +# big / 1-fiction / 2-movie / 3-art / 4-home / 5-general use_backend bk_ahlawat-book-443 if { req.hdr(host) books.ahlawat.com } use_backend bk_ahlawat-book-444 if { req.hdr(host) book1.ahlawat.com } use_backend bk_ahlawat-book-445 if { req.hdr(host) book2.ahlawat.com } + use_backend bk_ahlawat-book-446 if { req.hdr(host) book3.ahlawat.com } + use_backend bk_ahlawat-book-447 if { req.hdr(host) book4.ahlawat.com } + use_backend bk_ahlawat-book-448 if { req.hdr(host) book5.ahlawat.com } + use_backend bk_ahlawat-cam if { req.hdr(host) cam.ahlawat.com } use_backend bk_ahlawat-cam if { req.hdr(host) cam2.ahlawat.com } use_backend bk_ahlawat-ci if { req.hdr(host) ci.ahlawat.com } @@ -154,29 +173,17 @@ frontend ft use_backend bk_diyit if { req.hdr(host) diyit.org } use_backend bk_diyit if { req.hdr(host) www.diyit.org } - use_backend bk_diyit if { req.hdr(host) www2.diyit.org } - use_backend bk_diyit if { req.hdr(host) xflow.org } - use_backend bk_diyit if { req.hdr(host) www.xflow.org } + use_backend bk_diyit if { req.hdr(host) www-backup.diyit.org } use_backend bk_diyit-grafana if { req.hdr(host) grafana.diyit.org } use_backend bk_diyit-prometheus if { req.hdr(host) prometheus.diyit.org } - use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org } - use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org } - - use_backend bk_dvpc if { req.hdr(host) datavpc.com } - use_backend bk_dvpc if { req.hdr(host) www.datavpc.com } - use_backend bk_dvpc if { req.hdr(host) www2.datavpc.com } - use_backend bk_dvpc if { req.hdr(host) mydatavpc.com } - use_backend bk_dvpc if { req.hdr(host) www.mydatavpc.com } +# use_backend bk_diyit-kibana if { req.hdr(host) kibana.diyit.org } +# use_backend bk_diyit-maps if { req.hdr(host) maps.diyit.org } use_backend bk_rwe if { req.hdr(host) rockwoodestates.org } use_backend bk_rwe if { req.hdr(host) www.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) www2.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) sms1.rockwoodestates.org } - use_backend bk_rwe if { req.hdr(host) sms2.rockwoodestates.org } - - use_backend bk_scvcc if { req.hdr(host) scvcc-rental.com } - use_backend bk_scvcc if { req.hdr(host) www.scvcc-rental.com } - use_backend bk_scvcc if { req.hdr(host) www2.scvcc-rental.com } + use_backend bk_rwe if { req.hdr(host) www-backup.rockwoodestates.org } + use_backend bk_rwe if { req.hdr(host) sms-alt.rockwoodestates.org } + use_backend bk_rwe if { req.hdr(host) sms-alt-backup.rockwoodestates.org } # use_backend bk_beyondbell if { req.hdr(host) beyondbell.com } # use_backend bk_beyondbell if { req.hdr(host) www.beyondbell.com } @@ -197,12 +204,12 @@ frontend ft # Fallback for non-SNI clients acl is-ahlawat hdr(host) -i ahlawat.com acl is-ahlawat hdr(host) -i www.ahlawat.com - acl is-ahlawat hdr(host) -i www2.ahlawat.com + acl is-ahlawat hdr(host) -i www-backup.ahlawat.com use_backend bk_ahlawat if is-ahlawat acl is-diyit hdr(host) -i diyit.org acl is-diyit hdr(host) -i www.diyit.org - acl is-diyit hdr(host) -i www2.diyit.org + acl is-diyit hdr(host) -i www-backup.diyit.org use_backend bk_diyit if is-diyit default_backend bk_ahlawat @@ -215,7 +222,6 @@ backend bk_ahlawat http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-sharad -# balance roundrobin server srv1 sharadx.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 server srv2 web.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN @@ -253,16 +259,42 @@ backend bk_ahlawat-book-445 server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN +backend bk_ahlawat-book-446 + server srv1 bookx.ahlawat.com:446 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + +backend bk_ahlawat-book-447 + server srv1 bookx.ahlawat.com:447 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + +backend bk_ahlawat-book-448 + server srv1 bookx.ahlawat.com:448 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + http-response set-header X-Frame-Options SAMEORIGIN + backend bk_ahlawat-cam server srv1 192.168.0.54:8765 check server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-ci -# http-request set-header Host cix.ahlawat.com:8080 - http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/\2 - server srv1 cix.ahlawat.com:8080 check +# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.ahlawat.com/(.*) \1\ http://cix.ahlawat.com:8080/(.*)\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://cix.ahlawat.com:8080/(.*) \1\ https://ci.ahlawat.com/(.*)\2 +# http-request replace-header Host ^https://ci.ahlawat.com/(.*) http://cix.ahlawat.com:8080/\1 +# http-response replace-header Host ^http://cix.ahlawat.com:8080/(.*) https://ci.ahlawat.com/\1 +# http-request set-header X-Forwarded-Port 443 +# http-request add-header X-Forwarded-Proto https +# http-request set-header X-Forwarded-Host ci.ahlawat.com +# server srv1 cix.ahlawat.com:8080 check + +# roundrobin or leastconn or iphash + balance roundrobin + server srv1 cix.ahlawat.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv2 ci1.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv3 ci2.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 + server srv4 ci3.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-cloud @@ -302,7 +334,7 @@ backend bk_ahlawat-jump http-response set-header X-Frame-Options SAMEORIGIN backend bk_ahlawat-hass - server srv1 hassx.ahlawat.com:8123 check + server srv1 192.168.0.7:8123 check server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN @@ -322,100 +354,88 @@ backend bk_diyit-prometheus # ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN -backend bk_diyit-kibana - server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_diyit-kibana +# server srv1 elk.diyit.org:5601 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_diyit-maps - server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;" +#backend bk_diyit-maps +# server srv1 mapsx.diyit.org:443 ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header Content-Security-Policy "frame-ancestors 'self' https://diyit.org;" -backend bk_dvpc - server srv1 web.datavpc.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - backend bk_rwe server srv1 web.rockwoodestates.org:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 http-response set-header X-Frame-Options SAMEORIGIN -backend bk_scvcc - server srv1 web.scvcc-rental.com:443 check ssl ca-file /mnt/certs/cacert.pem alpn h2 - server srv2 sharadx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell +## server srv1 192.168.0.77:8080 +# server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell -# server srv1 192.168.0.77:8080 - server srv1 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-ci +## http-request set-header Host cix.beyondbell.com:8111 +# http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2 +# server srv1 192.168.0.73:8111 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-ci -# http-request set-header Host cix.beyondbell.com:8111 - http-request replace-header Host ^([^\ \t:]*:)\ https://ci.beyondbell.com/(.*) \1\ http://192.168.0.73:8111/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.73:8111/(.*) \1\ https://ci.beyondbell.com/\2 - server srv1 192.168.0.73:8111 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-git +# server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-git - server srv1 gitx.beyondbell.com:3000 check ssl ca-file /mnt/certs/cacert.pem alpn h2 +#backend bk_beyondbell-repo +## http-request set-header Host 192.168.0.75:8081 +## http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2 +## http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2 +# server srv1 192.168.0.75:8081 +# http-response set-header X-Frame-Options SAMEORIGIN +## http-response del-header Strict-Transport-Security +## http-response add-header Content-Security-Policy: upgrade-insecure-requests + +#backend bk_beyondbell-dashboard +# http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2 +# server srv1 192.168.0.92:8080 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-vault +# http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2 +# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2 +# server srv1 192.168.0.93:8200 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-web-moonglade +# server srv1 192.168.0.74:8000 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-web-moonglade-private +# server srv1 192.168.0.74:4000 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN + +#backend bk_beyondbell-r-windows +# server srv1 192.168.0.85:4000 # server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-repo -# http-request set-header Host 192.168.0.75:8081 -# http-request replace-header Host ^([^\ \t:]*:)\ https://repo.beyondbell.com/(.*) \1\ http://192.168.0.75:8081/\2 -# http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.75:8081/(.*) \1\ https://repo.beyondbell.com/\2 - - server srv1 192.168.0.75:8081 - http-response set-header X-Frame-Options SAMEORIGIN - -# http-response del-header Strict-Transport-Security -# http-response add-header Content-Security-Policy: upgrade-insecure-requests - -backend bk_beyondbell-dashboard - http-request replace-header Host ^([^\ \t:]*:)\ https://dashboardx.beyondbell.com/(.*) \1\ http://192.168.0.92:8080/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.92:8080/(.*) \1\ https://dashboardx.beyondbell.com/\2 - server srv1 192.168.0.92:8080 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-vault - http-request replace-header Host ^([^\ \t:]*:)\ https://vault.beyondbell.com/(.*) \1\ http://192.168.0.93:8200/\2 - http-response replace-header Host ^([^\ \t:]*:)\ http://192.168.0.93:8200/(.*) \1\ https://vault.beyondbell.com/\2 - server srv1 192.168.0.93:8200 +#backend bk_beyondbell-windows +# server srv1 192.168.0.81:26900 # server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-web-moonglade - server srv1 192.168.0.74:8000 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-mazes +# server srv1 192.168.0.171:8080 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN -backend bk_beyondbell-web-moonglade-private - server srv1 192.168.0.74:4000 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-r-windows - server srv1 192.168.0.85:4000 - server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-windows - server srv1 192.168.0.81:26900 - server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-mazes - server srv1 192.168.0.171:8080 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN - -backend bk_beyondbell-mazes-backend - server srv1 192.168.0.172:8080 -# server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 - http-response set-header X-Frame-Options SAMEORIGIN +#backend bk_beyondbell-mazes-backend +# server srv1 192.168.0.172:8080 +## server srv2 rishabhx.ahlawat.com:443 backup check ssl ca-file /mnt/certs/cacert.pem alpn h2 +# http-response set-header X-Frame-Options SAMEORIGIN diff --git a/jails/config/proxy/pkg-list-details-old.txt b/jails/config/proxy/pkg-list-details-old.txt index 9867ab0..385cd0c 100644 --- a/jails/config/proxy/pkg-list-details-old.txt +++ b/jails/config/proxy/pkg-list-details-old.txt @@ -1,9 +1,8 @@ -pkgp123____haproxy-2.6.6 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____base64-1.5_1 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 +pkgp123____haproxy-3.0.9 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____base64-1.5_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____pidof-20050501 -pkgp-freebsd-pkg____socat-1.7.4.4 -pkgp-freebsd-pkg____turnserver-4.5.2 +pkgp-freebsd-pkg____socat-1.8.0.3 diff --git a/jails/config/proxy/pkg-list-details.txt b/jails/config/proxy/pkg-list-details.txt index e00cb9e..385cd0c 100644 --- a/jails/config/proxy/pkg-list-details.txt +++ b/jails/config/proxy/pkg-list-details.txt @@ -1,9 +1,8 @@ -pkgp123____haproxy-2.6.7 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____base64-1.5_1 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 +pkgp123____haproxy-3.0.9 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____base64-1.5_2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 pkgp-freebsd-pkg____pidof-20050501 -pkgp-freebsd-pkg____socat-1.7.4.4 -pkgp-freebsd-pkg____turnserver-4.5.2 +pkgp-freebsd-pkg____socat-1.8.0.3 diff --git a/jails/config/proxy/pkg-list-old.txt b/jails/config/proxy/pkg-list-old.txt index 977722d..7544133 100644 --- a/jails/config/proxy/pkg-list-old.txt +++ b/jails/config/proxy/pkg-list-old.txt @@ -1 +1 @@ -base64 bash bash-completion haproxy nano pidof pkg socat turnserver +base64 bash bash-completion haproxy nano pidof pkg socat diff --git a/jails/config/proxy/pkg-list.txt b/jails/config/proxy/pkg-list.txt index 977722d..7544133 100644 --- a/jails/config/proxy/pkg-list.txt +++ b/jails/config/proxy/pkg-list.txt @@ -1 +1 @@ -base64 bash bash-completion haproxy nano pidof pkg socat turnserver +base64 bash bash-completion haproxy nano pidof pkg socat diff --git a/jails/config/proxy/pkgp.conf b/jails/config/proxy/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/proxy/pkgp.conf +++ b/jails/config/proxy/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/config/proxy/syslog.conf b/jails/config/proxy/syslog.conf index a2ae348..5f45b19 100644 --- a/jails/config/proxy/syslog.conf +++ b/jails/config/proxy/syslog.conf @@ -1,4 +1,4 @@ -# $FreeBSD: releng/12.2/usr.sbin/syslogd/syslog.conf 338146 2018-08-21 17:01:47Z brd $ +# $FreeBSD$ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field @@ -14,10 +14,9 @@ cron.* /var/log/cron !-devd *.=debug /var/log/debug.log *.emerg * - +daemon.info /var/log/daemon.log local0.* /var/log/haproxy-traffic.log local0.notice /var/log/haproxy-admin.log - # uncomment this to log all writes to /dev/console to /var/log/console.log # touch /var/log/console.log and chmod it to mode 600 before it will work #console.info /var/log/console.log diff --git a/jails/config/r-automated/pkg-list-details-old.txt b/jails/config/r-automated/pkg-list-details-old.txt index dd67ef9..a058ce5 100644 --- a/jails/config/r-automated/pkg-list-details-old.txt +++ b/jails/config/r-automated/pkg-list-details-old.txt @@ -1,10 +1,17 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openjdk8-8.352.08.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____ca_root_nss-3.93_2 +FreeBSD____curl-8.8.0 +FreeBSD____gcc-13_5 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____mariadb106-client-10.6.18_1 +FreeBSD____nano-8.0 +FreeBSD____ncurses-6.5 +FreeBSD____openjdk19-19.0.2+7.1_1 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____wget-1.24.5 +FreeBSD____wireguard-tools-1.0.20210914_3 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/config/r-automated/pkg-list-details.txt b/jails/config/r-automated/pkg-list-details.txt index 73b999d..a058ce5 100644 --- a/jails/config/r-automated/pkg-list-details.txt +++ b/jails/config/r-automated/pkg-list-details.txt @@ -1,10 +1,17 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____curl-7.85.0 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openjdk8-8.352.08.1_1 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____ca_root_nss-3.93_2 +FreeBSD____curl-8.8.0 +FreeBSD____gcc-13_5 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____mariadb106-client-10.6.18_1 +FreeBSD____nano-8.0 +FreeBSD____ncurses-6.5 +FreeBSD____openjdk19-19.0.2+7.1_1 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____wget-1.24.5 +FreeBSD____wireguard-tools-1.0.20210914_3 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/config/r-automated/pkg-list-old.txt b/jails/config/r-automated/pkg-list-old.txt index 9c721d6..556edaf 100644 --- a/jails/config/r-automated/pkg-list-old.txt +++ b/jails/config/r-automated/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion curl htop nano openjdk8 pkg sudo tmux wget +bash bash-completion ca_root_nss curl gcc htop iperf3 mariadb106-client nano ncurses openjdk19 pkg speedtest sudo tmux wget wireguard-tools diff --git a/jails/config/r-automated/pkg-list.txt b/jails/config/r-automated/pkg-list.txt index 9c721d6..556edaf 100644 --- a/jails/config/r-automated/pkg-list.txt +++ b/jails/config/r-automated/pkg-list.txt @@ -1 +1 @@ -bash bash-completion curl htop nano openjdk8 pkg sudo tmux wget +bash bash-completion ca_root_nss curl gcc htop iperf3 mariadb106-client nano ncurses openjdk19 pkg speedtest sudo tmux wget wireguard-tools diff --git a/jails/config/r-db/pkg-list-details-old.txt b/jails/config/r-db/pkg-list-details-old.txt index 8f9962d..f6ab2d6 100644 --- a/jails/config/r-db/pkg-list-details-old.txt +++ b/jails/config/r-db/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____htop-3.3.0_2 +FreeBSD____mariadb105-server-10.5.24 +FreeBSD____nano-8.0 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 diff --git a/jails/config/r-db/pkg-list-details.txt b/jails/config/r-db/pkg-list-details.txt index 439be63..f6ab2d6 100644 --- a/jails/config/r-db/pkg-list-details.txt +++ b/jails/config/r-db/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____mariadb105-server-10.5.17_1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____htop-3.3.0_2 +FreeBSD____mariadb105-server-10.5.24 +FreeBSD____nano-8.0 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 diff --git a/jails/config/r-git/pkg-list-details-old.txt b/jails/config/r-git/pkg-list-details-old.txt index e29bce9..9303e20 100644 --- a/jails/config/r-git/pkg-list-details-old.txt +++ b/jails/config/r-git/pkg-list-details-old.txt @@ -1,12 +1,13 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____git-lfs-3.0.2_6 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____gitea-1.21.11_2 +FreeBSD____git-lfs-3.0.2_21 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____nano-8.0 +FreeBSD____openldap26-client-2.6.8 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____zip-3.0_2 pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 diff --git a/jails/config/r-git/pkg-list-details.txt b/jails/config/r-git/pkg-list-details.txt index 7777806..9303e20 100644 --- a/jails/config/r-git/pkg-list-details.txt +++ b/jails/config/r-git/pkg-list-details.txt @@ -1,12 +1,13 @@ -pkgp123____openldap26-client-2.6.3 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____gitea-1.17.3 -pkgp-freebsd-pkg____git-lfs-3.0.2_6 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a +FreeBSD____bash-5.2.26_1 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____gitea-1.21.11_2 +FreeBSD____git-lfs-3.0.2_21 +FreeBSD____htop-3.3.0_2 +FreeBSD____iperf3-3.17.1 +FreeBSD____nano-8.0 +FreeBSD____openldap26-client-2.6.8 +FreeBSD____pkg-1.21.3 +FreeBSD____sudo-1.9.15p5_4 +FreeBSD____tmux-3.3a_3 +FreeBSD____zip-3.0_2 pkgp-freebsd-pkg____wireguard-2,1 -pkgp-freebsd-pkg____zip-3.0_1 diff --git a/jails/config/r-git/pkg-list-old.txt b/jails/config/r-git/pkg-list-old.txt index 2e75a7e..330bcff 100644 --- a/jails/config/r-git/pkg-list-old.txt +++ b/jails/config/r-git/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion gitea git-lfs htop nano openldap26-client pkg sudo tmux wireguard zip +bash bash-completion gitea git-lfs htop iperf3 nano openldap26-client pkg sudo tmux wireguard zip diff --git a/jails/config/r-git/pkg-list.txt b/jails/config/r-git/pkg-list.txt index 2e75a7e..330bcff 100644 --- a/jails/config/r-git/pkg-list.txt +++ b/jails/config/r-git/pkg-list.txt @@ -1 +1 @@ -bash bash-completion gitea git-lfs htop nano openldap26-client pkg sudo tmux wireguard zip +bash bash-completion gitea git-lfs htop iperf3 nano openldap26-client pkg sudo tmux wireguard zip diff --git a/jails/config/r-git/pkgp.conf b/jails/config/r-git/pkgp.conf index 86e5a9a..9e1b26a 100644 --- a/jails/config/r-git/pkgp.conf +++ b/jails/config/r-git/pkgp.conf @@ -1,20 +1,12 @@ FreeBSD: { - url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", enabled: no } -pkgp-freebsd-pkg: { - url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, - priority: 10 -} - -pkgp123: { - url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", - signature_type: "pubkey", - pubkey: "/mnt/certs/poudriere.cert", - enabled: yes, - priority: 100 +Beyondbell: { + env: { + SSL_NO_TLS1: "", + SSL_NO_TLS1_1: "", + SSL_NO_TLS1_2: "" + }, + url: "http://pkg.beyondbell.com/packages/default-default" } diff --git a/jails/config/r-ldap-mgr/020_mod_ssl.conf b/jails/config/r-ldap-mgr/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/r-ldap-mgr/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/r-ldap-mgr/config.php.phpldapadmin.github b/jails/config/r-ldap-mgr/config.php.phpldapadmin.github deleted file mode 100644 index 20e60ee..0000000 --- a/jails/config/r-ldap-mgr/config.php.phpldapadmin.github +++ /dev/null @@ -1,654 +0,0 @@ -custom variable to do so. - * For example, the default for defining the language in config_default.php - * - * $this->default->appearance['language'] = array( - * 'desc'=>'Language', - * 'default'=>'auto'); - * - * to override this, use $config->custom->appearance['language'] = 'en_EN'; - * - * This file is also used to configure your LDAP server connections. - * - * You must specify at least one LDAP server there. You may add - * as many as you like. You can also specify your language, and - * many other options. - * - * NOTE: Commented out values in this file prefixed by //, represent the - * defaults that have been defined in config_default.php. - * Commented out values prefixed by #, dont reflect their default value, you can - * check config_default.php if you want to see what the default is. - * - * DONT change config_default.php, you changes will be lost by the next release - * of PLA. Instead change this file - as it will NOT be replaced by a new - * version of phpLDAPadmin. - */ - -/********************************************* - * Useful important configuration overrides * - *********************************************/ - -/* If you are asked to put PLA in debug mode, this is how you do it: */ -# $config->custom->debug['level'] = 255; -# $config->custom->debug['syslog'] = true; -# $config->custom->debug['file'] = '/tmp/pla_debug.log'; - -/* phpLDAPadmin can encrypt the content of sensitive cookies if you set this - to a big random string. */ -// $config->custom->session['blowfish'] = null; - -/* If your auth_type is http, you can override your HTTP Authentication Realm. */ -// $config->custom->session['http_realm'] = sprintf('%s %s',app_name(),'login'); - -/* The language setting. If you set this to 'auto', phpLDAPadmin will attempt - to determine your language automatically. - If PLA doesnt show (all) strings in your language, then you can do some - translation at http://translations.launchpad.net/phpldapadmin and download - the translation files, replacing those provided with PLA. - (We'll pick up the translations before making the next release too!) */ -// $config->custom->appearance['language'] = 'auto'; - -/* The temporary storage directory where we will put jpegPhoto data - This directory must be readable and writable by your web server. */ -// $config->custom->jpeg['tmpdir'] = '/tmp'; // Example for Unix systems -# $config->custom->jpeg['tmpdir'] = 'c:\\temp'; // Example for Windows systems - -/* Set this to (bool)true if you do NOT want a random salt used when - calling crypt(). Instead, use the first two letters of the user's - password. This is insecure but unfortunately needed for some older - environments. */ -# $config->custom->password['no_random_crypt_salt'] = true; - -/* If you want to restrict password available types (encryption algorithms) - Should be subset of: - array( - ''=>'clear', - 'bcrypt'=>'bcrypt', - 'blowfish'=>'blowfish', - 'crypt'=>'crypt', - 'ext_des'=>'ext_des', - 'md5'=>'md5', - 'k5key'=>'k5key', - 'md5crypt'=>'md5crypt', - 'sha'=>'sha', - 'smd5'=>'smd5', - 'ssha'=>'ssha', - 'sha256'=>'sha256', - 'ssha256'=>'ssha256', - 'sha384'=>'sha384', - 'ssha384'=>'ssha384', - 'sha512'=>'sha512', - 'ssha512'=>'ssha512', - 'sha256crypt'=>'sha256crypt', - 'sha512crypt'=>'sha512crypt', - )*/ -# $config->custom->password['available_types'] = array(''=>'clear','md5'=>'md5'); - -/* PHP script timeout control. If php runs longer than this many seconds then - PHP will stop with an Maximum Execution time error. Increase this value from - the default if queries to your LDAP server are slow. The default is either - 30 seconds or the setting of max_exection_time if this is null. */ -// $config->custom->session['timelimit'] = 30; - -/* Our local timezone - This is to make sure that when we ask the system for the current time, we - get the right local time. If this is not set, all time() calculations will - assume UTC if you have not set PHP date.timezone. */ -// $config->custom->appearance['timezone'] = null; -# $config->custom->appearance['timezone'] = 'Australia/Melbourne'; - -/********************************************* - * Commands * - *********************************************/ - -/* Command availability ; if you don't authorize a command the command - links will not be shown and the command action will not be permitted. - For better security, set also ACL in your ldap directory. */ -/* -$config->custom->commands['cmd'] = array( - 'entry_internal_attributes_show' => true, - 'entry_refresh' => true, - 'oslinks' => true, - 'switch_template' => true -); - -$config->custom->commands['script'] = array( - 'add_attr_form' => true, - 'add_oclass_form' => true, - 'add_value_form' => true, - 'collapse' => true, - 'compare' => true, - 'compare_form' => true, - 'copy' => true, - 'copy_form' => true, - 'create' => true, - 'create_confirm' => true, - 'delete' => true, - 'delete_attr' => true, - 'delete_form' => true, - 'draw_tree_node' => true, - 'expand' => true, - 'export' => true, - 'export_form' => true, - 'import' => true, - 'import_form' => true, - 'login' => true, - 'logout' => true, - 'login_form' => true, - 'mass_delete' => true, - 'mass_edit' => true, - 'mass_update' => true, - 'modify_member_form' => true, - 'monitor' => true, - 'purge_cache' => true, - 'query_engine' => true, - 'rename' => true, - 'rename_form' => true, - 'rdelete' => true, - 'refresh' => true, - 'schema' => true, - 'server_info' => true, - 'show_cache' => true, - 'template_engine' => true, - 'update_confirm' => true, - 'update' => true -); -*/ - -/********************************************* - * Appearance * - *********************************************/ - -/* If you want to choose the appearance of the tree, specify a class name which - inherits from the Tree class. */ -// $config->custom->appearance['tree'] = 'AJAXTree'; -# $config->custom->appearance['tree'] = 'HTMLTree'; - -/* Just show your custom templates. */ -// $config->custom->appearance['custom_templates_only'] = false; - -/* Disable the default template. */ -// $config->custom->appearance['disable_default_template'] = false; - -/* Hide the warnings for invalid objectClasses/attributes in templates. */ -// $config->custom->appearance['hide_template_warning'] = false; - -/* Set to true if you would like to hide header and footer parts. */ -// $config->custom->appearance['minimalMode'] = false; - -/* Configure what objects are shown in left hand tree */ -// $config->custom->appearance['tree_filter'] = '(objectclass=*)'; - -/* The height and width of the tree. If these values are not set, then - no tree scroll bars are provided. */ -// $config->custom->appearance['tree_height'] = null; -# $config->custom->appearance['tree_height'] = 600; -// $config->custom->appearance['tree_width'] = null; -# $config->custom->appearance['tree_width'] = 250; - -/* Number of tree command icons to show, 0 = show all icons on 1 row. */ -// $config->custom->appearance['tree_icons'] = 0; -# $config->custom->appearance['tree_icons'] = 4; - -/* Confirm create and update operations, allowing you to review the changes - and optionally skip attributes during the create/update operation. */ -// $config->custom->confirm['create'] = true; -// $config->custom->confirm['update'] = true; - -/* Confirm copy operations, and treat them like create operations. This allows - you to edit the attributes (thus changing any that might conflict with - uniqueness) before creating the new entry. */ -// $config->custom->confirm['copy'] = true; - -/********************************************* - * User-friendly attribute translation * - *********************************************/ - -/* Use this array to map attribute names to user friendly names. For example, if - you don't want to see "facsimileTelephoneNumber" but rather "Fax". */ -// $config->custom->appearance['friendly_attrs'] = array(); -$config->custom->appearance['friendly_attrs'] = array( - 'facsimileTelephoneNumber' => 'Fax', - 'gid' => 'Group', - 'mail' => 'Email', - 'telephoneNumber' => 'Telephone', - 'uid' => 'User Name', - 'userPassword' => 'Password' -); - -/********************************************* - * Hidden attributes * - *********************************************/ - -/* You may want to hide certain attributes from being edited. If you want to - hide attributes from the user, you should use your LDAP servers ACLs. - NOTE: The user must be able to read the hide_attrs_exempt entry to be - excluded. */ -// $config->custom->appearance['hide_attrs'] = array(); -# $config->custom->appearance['hide_attrs'] = array('objectClass'); - -/* Members of this list will be exempt from the hidden attributes. */ -// $config->custom->appearance['hide_attrs_exempt'] = null; -# $config->custom->appearance['hide_attrs_exempt'] = 'cn=PLA UnHide,ou=Groups,c=AU'; - -/********************************************* - * Read-only attributes * - *********************************************/ - -/* You may want to phpLDAPadmin to display certain attributes as read only, - meaning that users will not be presented a form for modifying those - attributes, and they will not be allowed to be modified on the "back-end" - either. You may configure this list here: - NOTE: The user must be able to read the readonly_attrs_exempt entry to be - excluded. */ -// $config->custom->appearance['readonly_attrs'] = array(); - -/* Members of this list will be exempt from the readonly attributes. */ -// $config->custom->appearance['readonly_attrs_exempt'] = null; -# $config->custom->appearance['readonly_attrs_exempt'] = 'cn=PLA ReadWrite,ou=Groups,c=AU'; - -/********************************************* - * Group attributes * - *********************************************/ - -/* Add "modify group members" link to the attribute. */ -// $config->custom->modify_member['groupattr'] = array('member','uniqueMember','memberUid','sudoUser'); - -/* Configure filter for member search. This only applies to "modify group members" feature */ -// $config->custom->modify_member['filter'] = '(objectclass=Person)'; - -/* Attribute that is added to the group member attribute. */ -// $config->custom->modify_member['attr'] = 'dn'; - -/* For Posix attributes */ -// $config->custom->modify_member['posixattr'] = 'uid'; -// $config->custom->modify_member['posixfilter'] = '(uid=*)'; -// $config->custom->modify_member['posixgroupattr'] = 'memberUid'; - -/********************************************* - * Support for attrs display order * - *********************************************/ - -/* Use this array if you want to have your attributes displayed in a specific - order. You can use default attribute names or their fridenly names. - For example, "sn" will be displayed right after "givenName". All the other - attributes that are not specified in this array will be displayed after in - alphabetical order. */ -// $config->custom->appearance['attr_display_order'] = array(); -# $config->custom->appearance['attr_display_order'] = array( -# 'givenName', -# 'sn', -# 'cn', -# 'displayName', -# 'uid', -# 'uidNumber', -# 'gidNumber', -# 'homeDirectory', -# 'mail', -# 'userPassword' -# ); - -/********************************************* - * Define your LDAP servers in this section * - *********************************************/ - -$servers = new Datastore(); - -/* $servers->NewServer('ldap_pla') must be called before each new LDAP server - declaration. */ -$servers->newServer('ldap_pla'); - -/* A convenient name that will appear in the tree viewer and throughout - phpLDAPadmin to identify this LDAP server to users. */ -$servers->setValue('server','name','infra LDAP Server'); - -/* Examples: - 'ldap.example.com', - 'ldaps://ldap.example.com/', - 'ldapi://%2fusr%local%2fvar%2frun%2fldapi' - (Unix socket at /usr/local/var/run/ldap) */ -$servers->setValue('server','host','ldaps://ldap.beyondbell.com'); - -/* The port your LDAP server listens on (no quotes). 389 is standard. */ -$servers->setValue('server','port',636); - -/* Array of base DNs of your LDAP server. Leave this blank to have phpLDAPadmin - auto-detect it for you. */ -$servers->setValue('server','base',array('dc=infra')); - -/* Five options for auth_type: - 1. 'cookie': you will login via a web form, and a client-side cookie will - store your login dn and password. - 2. 'session': same as cookie but your login dn and password are stored on the - web server in a persistent session variable. - 3. 'http': same as session but your login dn and password are retrieved via - HTTP authentication. - 4. 'config': specify your login dn and password here in this config file. No - login will be required to use phpLDAPadmin for this server. - 5. 'sasl': login will be taken from the webserver's kerberos authentication. - Currently only GSSAPI has been tested (using mod_auth_kerb). - 6. 'sasl_external': login will be taken from SASL external mechanism. - - Choose wisely to protect your authentication information appropriately for - your situation. If you choose 'cookie', your cookie contents will be - encrypted using blowfish and the secret your specify above as - session['blowfish']. */ -// $servers->setValue('login','auth_type','session'); - -/* The DN of the user for phpLDAPadmin to bind with. For anonymous binds or - 'cookie','session' or 'sasl' auth_types, LEAVE THE LOGIN_DN AND LOGIN_PASS - BLANK. If you specify a login_attr in conjunction with a cookie or session - auth_type, then you can also specify the bind_id/bind_pass here for searching - the directory for users (ie, if your LDAP server does not allow anonymous - binds. */ -$servers->setValue('login','bind_id','cn=admin,dc=infra'); -# $servers->setValue('login','bind_id','cn=Manager,dc=example,dc=com'); - -/* Your LDAP password. If you specified an empty bind_id above, this MUST also - be blank. */ -$servers->setValue('login','bind_pass',''); -# $servers->setValue('login','bind_pass','secret'); - -/* Use TLS (Transport Layer Security) to connect to the LDAP server. */ -$servers->setValue('server','tls',false); - -/* TLS Certificate Authority file (overrides ldap.conf, PHP 7.1+) */ -// $servers->setValue('server','tls_cacert',null); -# $servers->setValue('server','tls_cacert','/etc/openldap/certs/ca.crt'); - -/* TLS Certificate Authority hashed directory (overrides ldap.conf, PHP 7.1+) */ -// $servers->setValue('server','tls_cacertdir',null); -# $servers->setValue('server','tls_cacertdir','/etc/openldap/certs'); - -/* TLS Client Certificate file (PHP 7.1+) */ -// $servers->setValue('server','tls_cert',null); -# $servers->setValue('server','tls_cert','/etc/pki/tls/certs/ldap_user.crt'); - -/* TLS Client Certificate Key file (PHP 7.1+) */ -// $servers->setValue('server','tls_key',null); -# $servers->setValue('server','tls_key','/etc/pki/tls/private/ldap_user.key'); - -/************************************ - * SASL Authentication * - ************************************/ - -/* Enable SASL authentication LDAP SASL authentication requires PHP 5.x - configured with --with-ldap-sasl=DIR. If this option is disabled (ie, set to - false), then all other sasl options are ignored. */ -# $servers->setValue('login','auth_type','sasl'); - -/* SASL GSSAPI auth mechanism (requires auth_type of sasl) */ -// $servers->setValue('sasl','mech','GSSAPI'); - -/* SASL PLAIN support... this mech converts simple binds to SASL - PLAIN binds using any auth_type (or other bind_id/pass) as credentials. - NOTE: auth_type must be simple auth compatible (ie not sasl) */ -# $servers->setValue('sasl','mech','PLAIN'); - -/* SASL EXTERNAL support... really a different auth_type */ -# $servers->setValue('login','auth_type','sasl_external'); - -/* SASL authentication realm name */ -// $servers->setValue('sasl','realm',''); -# $servers->setValue('sasl','realm','EXAMPLE.COM'); - -/* SASL authorization ID name - If this option is undefined, authorization id will be computed from bind DN, - using authz_id_regex and authz_id_replacement. */ -// $servers->setValue('sasl','authz_id', null); - -/* SASL authorization id regex and replacement - When authz_id property is not set (default), phpLDAPAdmin will try to - figure out authorization id by itself from bind distinguished name (DN). - - This procedure is done by calling preg_replace() php function in the - following way: - - $authz_id = preg_replace($sasl_authz_id_regex,$sasl_authz_id_replacement, - $bind_dn); - - For info about pcre regexes, see: - - pcre(3), perlre(3) - - http://www.php.net/preg_replace */ -// $servers->setValue('sasl','authz_id_regex',null); -// $servers->setValue('sasl','authz_id_replacement',null); -# $servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); -# $servers->setValue('sasl','authz_id_replacement','$1'); - -/* SASL auth security props. - See http://beepcore-tcl.sourceforge.net/tclsasl.html#anchor5 for explanation. */ -// $servers->setValue('sasl','props',null); - -/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5, - blowfish, crypt or leave blank for now default algorithm. */ -// $servers->setValue('appearance','pla_password_hash','md5'); - -/* If you specified 'cookie' or 'session' as the auth_type above, you can - optionally specify here an attribute to use when logging in. If you enter - 'uid' and login as 'dsmith', phpLDAPadmin will search for (uid=dsmith) - and log in as that user. - Leave blank or specify 'dn' to use full DN for logging in. Note also that if - your LDAP server requires you to login to perform searches, you can enter the - DN to use when searching in 'bind_id' and 'bind_pass' above. */ -// $servers->setValue('login','attr','dn'); - -/* Base DNs to used for logins. If this value is not set, then the LDAP server - Base DNs are used. */ -// $servers->setValue('login','base',array()); - -/* If 'login,attr' is used above such that phpLDAPadmin will search for your DN - at login, you may restrict the search to a specific objectClasses. EG, set this - to array('posixAccount') or array('inetOrgPerson',..), depending upon your - setup. */ -// $servers->setValue('login','class',array()); - -/* If login_attr was set to 'dn', it is possible to specify a template string to - build the DN from. Use '%s' where user input should be inserted. A user may - still enter the complete DN. In this case the template will not be used. */ -// $servers->setValue('login','bind_dn_template',null); -# $servers->setValue('login','bind_dn_template','cn=%s,ou=people,dc=example,dc=com'); - -/* If you specified something different from 'dn', for example 'uid', as the - login_attr above, you can optionally specify here to fall back to - authentication with dn. - This is useful, when users should be able to log in with their uid, but - the ldap administrator wants to log in with his root-dn, that does not - necessarily have the uid attribute. - When using this feature, login_class is ignored. */ -// $servers->setValue('login','fallback_dn',false); - -/* Specify true If you want phpLDAPadmin to not display or permit any - modification to the LDAP server. */ -// $servers->setValue('server','read_only',false); - -/* Specify false if you do not want phpLDAPadmin to draw the 'Create new' links - in the tree viewer. */ -// $servers->setValue('appearance','show_create',true); - -/* Set to true if you would like to initially open the first level of each tree. */ -// $servers->setValue('appearance','open_tree',false); - -/* Set to true to display authorization ID in place of login dn (PHP 7.2+) */ -// $servers->setValue('appearance','show_authz',false); - -/* This feature allows phpLDAPadmin to automatically determine the next - available uidNumber for a new entry. */ -// $servers->setValue('auto_number','enable',true); - -/* The mechanism to use when finding the next available uidNumber. Two possible - values: 'uidpool' or 'search'. - The 'uidpool' mechanism uses an existing uidPool entry in your LDAP server to - blindly lookup the next available uidNumber. The 'search' mechanism searches - for entries with a uidNumber value and finds the first available uidNumber - (slower). */ -// $servers->setValue('auto_number','mechanism','search'); - -/* The DN of the search base when the 'search' mechanism is used above. */ -# $servers->setValue('auto_number','search_base','ou=People,dc=example,dc=com'); - -/* The minimum number to use when searching for the next available number - (only when 'search' is used for auto_number. */ -// $servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); - -/* If you set this, then phpldapadmin will bind to LDAP with this user ID when - searching for the uidnumber. The idea is, this user id would have full - (readonly) access to uidnumber in your ldap directory (the logged in user - may not), so that you can be guaranteed to get a unique uidnumber for your - directory. */ -// $servers->setValue('auto_number','dn',null); - -/* The password for the dn above. */ -// $servers->setValue('auto_number','pass',null); - -/* Enable anonymous bind login. */ -// $servers->setValue('login','anon_bind',true); - -/* Use customized page with prefix when available. */ -# $servers->setValue('custom','pages_prefix','custom_'); - -/* If you set this, then only these DNs are allowed to log in. This array can - contain individual users, groups or ldap search filter(s). Keep in mind that - the user has not authenticated yet, so this will be an anonymous search to - the LDAP server, so make your ACLs allow these searches to return results! */ -# $servers->setValue('login','allowed_dns',array( -# 'uid=stran,ou=People,dc=example,dc=com', -# '(&(gidNumber=811)(objectClass=groupOfNames))', -# '(|(uidNumber=200)(uidNumber=201))', -# 'cn=callcenter,ou=Group,dc=example,dc=com')); - -/* Set this if you dont want this LDAP server to show in the tree */ -// $servers->setValue('server','visible',true); - -/* Set this if you want to hide the base DNs that dont exist instead of - displaying the message "The base entry doesnt exist, create it?" -// $servers->setValue('server','hide_noaccess_base',false); -# $servers->setValue('server','hide_noaccess_base',true); - -/* This is the time out value in minutes for the server. After as many minutes - of inactivity you will be automatically logged out. If not set, the default - value will be ( session_cache_expire()-1 ) */ -# $servers->setValue('login','timeout',30); - -/* Set this if you want phpldapadmin to perform rename operation on entry which - has children. Certain servers are known to allow it, certain are not. */ -// $servers->setValue('server','branch_rename',false); - -/* If you set this, then phpldapadmin will show these attributes as - internal attributes, even if they are not defined in your schema. */ -// $servers->setValue('server','custom_sys_attrs',array('')); -# $servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); - -/* If you set this, then phpldapadmin will show these attributes on - objects, even if they are not defined in your schema. */ -// $servers->setValue('server','custom_attrs',array('')); -# $servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); - -/* These attributes will be forced to MAY attributes and become option in the - templates. If they are not defined in the templates, then they wont appear - as per normal template processing. You may want to do this because your LDAP - server may automatically calculate a default value. - In Fedora Directory Server using the DNA Plugin one could ignore uidNumber, - gidNumber and sambaSID. */ -// $servers->setValue('server','force_may',array('')); -# $servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); - -/********************************************* - * Unique attributes * - *********************************************/ - -/* You may want phpLDAPadmin to enforce some attributes to have unique values - (ie: not belong to other entries in your tree. This (together with - 'unique','dn' and 'unique','pass' option will not let updates to - occur with other attributes have the same value. */ -# $servers->setValue('unique','attrs',array('mail','uid','uidNumber')); - -/* If you set this, then phpldapadmin will bind to LDAP with this user ID when - searching for attribute uniqueness. The idea is, this user id would have full - (readonly) access to your ldap directory (the logged in user may not), so - that you can be guaranteed to get a unique uidnumber for your directory. */ -// $servers->setValue('unique','dn',null); - -/* The password for the dn above. */ -// $servers->setValue('unique','pass',null); - -/************************************************************************** - * If you want to configure additional LDAP servers, do so below. * - * Remove the commented lines and use this section as a template for all * - * your other LDAP servers. * - **************************************************************************/ - -/* -$servers->newServer('ldap_pla'); -$servers->setValue('server','name','LDAP Server'); -$servers->setValue('server','host','127.0.0.1'); -$servers->setValue('server','port',389); -$servers->setValue('server','base',array('')); -$servers->setValue('login','auth_type','cookie'); -$servers->setValue('login','bind_id',''); -$servers->setValue('login','bind_pass',''); -$servers->setValue('server','tls',false); - -# SASL auth -$servers->setValue('login','auth_type','sasl'); -$servers->setValue('sasl','mech','GSSAPI'); -$servers->setValue('sasl','realm','EXAMPLE.COM'); -$servers->setValue('sasl','authz_id',null); -$servers->setValue('sasl','authz_id_regex','/^uid=([^,]+)(.+)/i'); -$servers->setValue('sasl','authz_id_replacement','$1'); -$servers->setValue('sasl','props',null); - -$servers->setValue('appearance','pla_password_hash','md5'); -$servers->setValue('login','attr','dn'); -$servers->setValue('login','fallback_dn',false); -$servers->setValue('login','class',null); -$servers->setValue('server','read_only',false); -$servers->setValue('appearance','show_create',true); - -$servers->setValue('auto_number','enable',true); -$servers->setValue('auto_number','mechanism','search'); -$servers->setValue('auto_number','search_base',null); -$servers->setValue('auto_number','min',array('uidNumber'=>1000,'gidNumber'=>500)); -$servers->setValue('auto_number','dn',null); -$servers->setValue('auto_number','pass',null); - -$servers->setValue('login','anon_bind',true); -$servers->setValue('custom','pages_prefix','custom_'); -$servers->setValue('unique','attrs',array('mail','uid','uidNumber')); -$servers->setValue('unique','dn',null); -$servers->setValue('unique','pass',null); - -$servers->setValue('server','visible',true); -$servers->setValue('login','timeout',30); -$servers->setValue('server','branch_rename',false); -$servers->setValue('server','custom_sys_attrs',array('passwordExpirationTime','passwordAllowChangeTime')); -$servers->setValue('server','custom_attrs',array('nsRoleDN','nsRole','nsAccountLock')); -$servers->setValue('server','force_may',array('uidNumber','gidNumber','sambaSID')); -*/ - - -/*********************************************************************************** - * If you want to configure Google reCAPTCHA on autentication form, do so below. * - * Remove the commented lines and use this section as a template for all * - * reCAPTCHA v2 Generate on https://www.google.com/recaptcha/ * - * * - * IMPORTANT: Select reCAPTCHA v2 on Type of reCAPTCHA * - ***********************************************************************************/ - - -$config->custom->session['reCAPTCHA-enable'] = false; -$config->custom->session['reCAPTCHA-key-site'] = ''; -$config->custom->session['reCAPTCHA-key-server'] = ''; - -?> diff --git a/jails/config/r-ldap-mgr/httpd.conf b/jails/config/r-ldap-mgr/httpd.conf deleted file mode 100644 index ddc7e3c..0000000 --- a/jails/config/r-ldap-mgr/httpd.conf +++ /dev/null @@ -1,584 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -#LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -#LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -#LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -#LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -#LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -#LoadModule http2_module libexec/apache24/mod_http2.so -#LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -#LoadModule rewrite_module libexec/apache24/mod_rewrite.so -#LoadModule php7_module libexec/apache24/libphp7.so -LoadModule php_module libexec/apache24/libphp.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin rishabh@beyondbell.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName ldap-mgr.beyondbell.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride All - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName ldap-mgr.beyondbell.com - ServerAlias *.beyondbell.com - ServerAlias ldap-mgr - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/bbfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/bbprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/bbfullchain.pem" - - - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - AllowOverride All - Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - diff --git a/jails/config/r-ldap-mgr/php.ini b/jails/config/r-ldap-mgr/php.ini deleted file mode 100644 index 0fc6c5d..0000000 --- a/jails/config/r-ldap-mgr/php.ini +++ /dev/null @@ -1,1937 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 256M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/track-errors -track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 2M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename.extension -; -; For example, on Windows: -; -; extension=msql.dll -; -; ... or under UNIX: -; -; extension=msql.so -; -; ... or with a path: -; -; extension=/path/to/extension/msql.so -; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. -; -; Windows Extensions -; Note that many DLL files are located in the extensions/ (PHP 4) ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=php_bz2.dll -;extension=php_curl.dll -;extension=php_fileinfo.dll -;extension=php_ftp.dll -;extension=php_gd2.dll -;extension=php_gettext.dll -;extension=php_gmp.dll -;extension=php_intl.dll -;extension=php_imap.dll -;extension=php_interbase.dll -;extension=php_ldap.dll -;extension=php_mbstring.dll -;extension=php_exif.dll ; Must be after mbstring as it depends on it -;extension=php_mysqli.dll -;extension=php_oci8_12c.dll ; Use with Oracle Database 12c Instant Client -;extension=php_odbc.dll -;extension=php_openssl.dll -;extension=php_pdo_firebird.dll -;extension=php_pdo_mysql.dll -;extension=php_pdo_oci.dll -;extension=php_pdo_odbc.dll -;extension=php_pdo_pgsql.dll -;extension=php_pdo_sqlite.dll -;extension=php_pgsql.dll -;extension=php_shmop.dll - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=php_snmp.dll - -;extension=php_soap.dll -;extension=php_sockets.dll -;extension=php_sqlite3.dll -;extension=php_tidy.dll -;extension=php_xmlrpc.dll -;extension=php_xsl.dll - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[SQL] -; http://php.net/sql.safe-mode -sql.safe_mode = Off - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -;

is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[mcrypt] -; For more information about mcrypt settings see http://php.net/mcrypt-module-open - -; Directory where to load mcrypt algorithms -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.algorithms_dir= - -; Directory where to load mcrypt modes -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.modes_dir= - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; If enabled, a fast shutdown sequence is used for the accelerated code -; Depending on the used Memory Manager this may cause some incompatibilities. -;opcache.fast_shutdown=0 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/r-ldap/pkgp.conf b/jails/config/r-ldap/pkgp.conf deleted file mode 100644 index 86e5a9a..0000000 --- a/jails/config/r-ldap/pkgp.conf +++ /dev/null @@ -1,20 +0,0 @@ -FreeBSD: { - url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", - enabled: no -} - -pkgp-freebsd-pkg: { - url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", - enabled: yes, - priority: 10 -} - -pkgp123: { - url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", - signature_type: "pubkey", - pubkey: "/mnt/certs/poudriere.cert", - enabled: yes, - priority: 100 -} diff --git a/jails/config/rachna/httpd.conf b/jails/config/rachna/httpd.conf index 67ecbfa..606d5e4 100644 --- a/jails/config/rachna/httpd.conf +++ b/jails/config/rachna/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName rachna.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/rachna/pkg-list-details-old.txt b/jails/config/rachna/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/rachna/pkg-list-details-old.txt +++ b/jails/config/rachna/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rachna/pkg-list-details.txt b/jails/config/rachna/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/rachna/pkg-list-details.txt +++ b/jails/config/rachna/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rachna/pkg-list-old.txt b/jails/config/rachna/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/rachna/pkg-list-old.txt +++ b/jails/config/rachna/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rachna/pkg-list.txt b/jails/config/rachna/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/rachna/pkg-list.txt +++ b/jails/config/rachna/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rishabh/httpd.conf b/jails/config/rishabh/httpd.conf index 0a74ed9..986218e 100644 --- a/jails/config/rishabh/httpd.conf +++ b/jails/config/rishabh/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName rishabh.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/rishabh/pkg-list-details-old.txt b/jails/config/rishabh/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/rishabh/pkg-list-details-old.txt +++ b/jails/config/rishabh/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rishabh/pkg-list-details.txt b/jails/config/rishabh/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/rishabh/pkg-list-details.txt +++ b/jails/config/rishabh/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/rishabh/pkg-list-old.txt b/jails/config/rishabh/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/rishabh/pkg-list-old.txt +++ b/jails/config/rishabh/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/rishabh/pkg-list.txt b/jails/config/rishabh/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/rishabh/pkg-list.txt +++ b/jails/config/rishabh/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/sharad/httpd.conf b/jails/config/sharad/httpd.conf index 2201fec..c95792a 100644 --- a/jails/config/sharad/httpd.conf +++ b/jails/config/sharad/httpd.conf @@ -551,6 +551,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName sharad.ahlawat.com ServerAlias *.ahlawat.com @@ -560,16 +568,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/sharad/pkg-list-details-old.txt b/jails/config/sharad/pkg-list-details-old.txt index 79fe5b9..4e1ddb9 100644 --- a/jails/config/sharad/pkg-list-details-old.txt +++ b/jails/config/sharad/pkg-list-details-old.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/sharad/pkg-list-details.txt b/jails/config/sharad/pkg-list-details.txt index 87bcd3f..4e1ddb9 100644 --- a/jails/config/sharad/pkg-list-details.txt +++ b/jails/config/sharad/pkg-list-details.txt @@ -1,8 +1,8 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____pkg-2.1.2 diff --git a/jails/config/sharad/pkg-list-old.txt b/jails/config/sharad/pkg-list-old.txt index 943fd00..b98597e 100644 --- a/jails/config/sharad/pkg-list-old.txt +++ b/jails/config/sharad/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/sharad/pkg-list.txt b/jails/config/sharad/pkg-list.txt index 943fd00..b98597e 100644 --- a/jails/config/sharad/pkg-list.txt +++ b/jails/config/sharad/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg +apache24 bash bash-completion nano php84 php84-mysqli php84-session pkg diff --git a/jails/config/torrent/pkg-list-details-old.txt b/jails/config/torrent/pkg-list-details-old.txt index a1e7cb9..3e4dc25 100644 --- a/jails/config/torrent/pkg-list-details-old.txt +++ b/jails/config/torrent/pkg-list-details-old.txt @@ -1,14 +1,16 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____mesa-dri-22.2.3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____qbittorrent-4.4.3.1_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____firefox-esr-128.10.0,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mesa-dri-24.1.7_5 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____qbittorrent-5.0.5 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 pkgp-freebsd-pkg____tigervnc-1.9.0_4 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xterm-375 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/torrent/pkg-list-details.txt b/jails/config/torrent/pkg-list-details.txt index fd914b4..3e4dc25 100644 --- a/jails/config/torrent/pkg-list-details.txt +++ b/jails/config/torrent/pkg-list-details.txt @@ -1,14 +1,16 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____firefox-esr-102.5.0_1,1 -pkgp-freebsd-pkg____fluxbox-1.3.7_5 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____mesa-dri-22.2.3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____qbittorrent-4.4.3.1_1 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____sudo-1.9.12p1 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____curl-8.13.0 +pkgp-freebsd-pkg____firefox-esr-128.10.0,1 +pkgp-freebsd-pkg____fluxbox-1.3.7_10 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mesa-dri-24.1.7_5 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____qbittorrent-5.0.5 +pkgp-freebsd-pkg____rsync-3.4.1_2 +pkgp-freebsd-pkg____sudo-1.9.16p2_1 pkgp-freebsd-pkg____tigervnc-1.9.0_4 -pkgp-freebsd-pkg____xauth-1.1.1 -pkgp-freebsd-pkg____xterm-377 +pkgp-freebsd-pkg____xauth-1.1.4 +pkgp-freebsd-pkg____xorg-fonts-truetype-7.7_1 +pkgp-freebsd-pkg____xterm-397_2 diff --git a/jails/config/torrent/pkg-list-old.txt b/jails/config/torrent/pkg-list-old.txt index d531a97..fca878a 100644 --- a/jails/config/torrent/pkg-list-old.txt +++ b/jails/config/torrent/pkg-list-old.txt @@ -1 +1 @@ -bash bash-completion firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xterm +bash bash-completion curl firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xorg-fonts-truetype xterm diff --git a/jails/config/torrent/pkg-list.txt b/jails/config/torrent/pkg-list.txt index d531a97..fca878a 100644 --- a/jails/config/torrent/pkg-list.txt +++ b/jails/config/torrent/pkg-list.txt @@ -1 +1 @@ -bash bash-completion firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xterm +bash bash-completion curl firefox-esr fluxbox mc mesa-dri nano pkg qbittorrent rsync sudo tigervnc xauth xorg-fonts-truetype xterm diff --git a/jails/config/vm/.tmux.conf b/jails/config/vm/.tmux.conf deleted file mode 100644 index b370482..0000000 --- a/jails/config/vm/.tmux.conf +++ /dev/null @@ -1,12 +0,0 @@ -unbind C-b -set -g prefix C-a -bind C-a send-prefix - -setw -g mouse on - -# Set the default terminal mode to 256color mode -set -g default-terminal "xterm-256color" - -# enable activity alerts -setw -g monitor-activity on -set -g visual-activity on diff --git a/jails/config/vm/create_taps.sh b/jails/config/vm/create_taps.sh deleted file mode 100755 index a4490f2..0000000 --- a/jails/config/vm/create_taps.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -ifconfig tap81 create -ifconfig bridge1 addm tap81 up -ifconfig tap81 up -ifconfig tap81 inet6 auto_linklocal - -ifconfig tap82 create -ifconfig bridge1 addm tap82 up -ifconfig tap82 up -ifconfig tap82 inet6 auto_linklocal - -ifconfig tap1082 create -ifconfig bridge10 addm tap1082 up -ifconfig tap1082 up -ifconfig tap1082 inet6 auto_linklocal - -ifconfig tap2082 create -ifconfig bridge9 addm tap2082 up -ifconfig tap2082 up -ifconfig tap2082 inet6 auto_linklocal - -ifconfig tap4882 create -ifconfig bridge48 addm tap4882 up -ifconfig tap4882 up -ifconfig tap4882 inet6 auto_linklocal - -ifconfig tap83 create -ifconfig bridge1 addm tap83 up -ifconfig tap83 up -ifconfig tap83 inet6 auto_linklocal - -ifconfig tap84 create -ifconfig bridge1 addm tap84 up -ifconfig tap84 up -ifconfig tap84 inet6 auto_linklocal - -ifconfig tap85 create -ifconfig bridge1 addm tap85 up -ifconfig tap85 up -ifconfig tap85 inet6 auto_linklocal - -ifconfig tap86 create -ifconfig bridge1 addm tap86 up -ifconfig tap86 up -ifconfig tap86 inet6 auto_linklocal - -ifconfig tap1086 create -ifconfig bridge10 addm tap1086 up -ifconfig tap1086 up -ifconfig tap1086 inet6 auto_linklocal - -ifconfig tap2086 create -ifconfig bridge9 addm tap2086 up -ifconfig tap2086 up -ifconfig tap2086 inet6 auto_linklocal - -ifconfig tap4886 create -ifconfig bridge48 addm tap4886 up -ifconfig tap4886 up -ifconfig tap4886 inet6 auto_linklocal - -ifconfig tap90 create -ifconfig bridge1 addm tap90 up -ifconfig tap90 up -ifconfig tap90 inet6 auto_linklocal - -ifconfig tap190 create -ifconfig bridge2 addm tap190 up -ifconfig tap190 up -ifconfig tap190 inet6 auto_linklocal - -ifconfig tap97 create -ifconfig bridge1 addm tap97 up -ifconfig tap97 up -ifconfig tap97 inet6 auto_linklocal - -ifconfig tap1097 create -ifconfig bridge10 addm tap1097 up -ifconfig tap1097 up -ifconfig tap1097 inet6 auto_linklocal - -ifconfig tap2097 create -ifconfig bridge9 addm tap2097 up -ifconfig tap2097 up -ifconfig tap2097 inet6 auto_linklocal - -ifconfig tap4897 create -ifconfig bridge48 addm tap4897 up -ifconfig tap4897 up -ifconfig tap4897 inet6 auto_linklocal - -ifconfig tap96 create -ifconfig bridge1 addm tap96 up -ifconfig tap96 up -ifconfig tap96 inet6 auto_linklocal - -ifconfig tap1096 create -ifconfig bridge10 addm tap1096 up -ifconfig tap1096 up -ifconfig tap1096 inet6 auto_linklocal - -ifconfig tap2096 create -ifconfig bridge9 addm tap2096 up -ifconfig tap2096 up -ifconfig tap2096 inet6 auto_linklocal - -ifconfig tap4896 create -ifconfig bridge48 addm tap4896 up -ifconfig tap4896 up -ifconfig tap4896 inet6 auto_linklocal diff --git a/jails/config/vm/cvm-a.sh b/jails/config/vm/cvm-a.sh deleted file mode 100755 index 52236f3..0000000 --- a/jails/config/vm/cvm-a.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./cvm-a.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=cvm-a - -exit - -while true -do - -bhyve -c 4 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/cvm-a \ --s 5,virtio-net,tap97,mac=00:0A:0B:0C:0D:97 \ --s 6,virtio-blk,/dev/zvol/ship/raw/cvm-a_data \ --s 7,virtio-net,tap4897,mac=00:0A:0B:0C:7D:97 \ --s 8,virtio-net,tap1097,mac=00:0A:0B:0C:8D:97 \ --s 9,virtio-net,tap2097,mac=00:0A:0B:0C:9D:97 \ --s 29,fbuf,tcp=0.0.0.0:5997,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm97A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -cvm-a - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting cvm-a in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ - -# bhyvectl --get-all --vm=cvm-a - -# cu -l /dev/nmdm97B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/cvm-a - docker partition -#zfs create -V 128G -o refreservation=none ship/raw/cvm-a_data - root partition diff --git a/jails/config/vm/cvm-b.sh b/jails/config/vm/cvm-b.sh deleted file mode 100755 index af8cf4a..0000000 --- a/jails/config/vm/cvm-b.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./cvm-b.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=cvm-b - -exit - -while true -do - -bhyve -c 8 -m 32G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/cvm-b \ --s 5,virtio-net,tap96,mac=00:0A:0B:0C:0D:96 \ --s 6,virtio-blk,/dev/zvol/ship/raw/cvm-b_data \ --s 7,virtio-net,tap4896,mac=00:0A:0B:0C:7D:96 \ --s 8,virtio-net,tap1096,mac=00:0A:0B:0C:8D:96 \ --s 9,virtio-net,tap2096,mac=00:0A:0B:0C:9D:96 \ --s 29,fbuf,tcp=0.0.0.0:5996,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm96A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -cvm-b - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting cvm-b in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ - -# bhyvectl --get-all --vm=cvm-b - -# cu -l /dev/nmdm96B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/cvm-b - docker partition -#zfs create -V 128G -o refreservation=none ship/raw/cvm-b_data - root partition diff --git a/jails/config/vm/devfs_rules.raw b/jails/config/vm/devfs_rules.raw deleted file mode 100644 index a8e2c84..0000000 --- a/jails/config/vm/devfs_rules.raw +++ /dev/null @@ -1,8 +0,0 @@ -100 include 4 -200 path vmm unhide -300 path vmm/* unhide -400 path vmm.io unhide -500 path vmm.io/* unhide -600 path tap* unhide -700 path zvol/ship/raw/* unhide -800 path nmdm* unhide diff --git a/jails/config/vm/devfs_rules.txt b/jails/config/vm/devfs_rules.txt deleted file mode 100644 index 7bdf288..0000000 --- a/jails/config/vm/devfs_rules.txt +++ /dev/null @@ -1,14 +0,0 @@ -# devfs rule -s 200 add - < devfs_rules.raw -# devfs rule -s 200 show - -# add to /etc/default/devfs.rules - -[devfs_rules_bhyve_jail=200] -add include $devfsrules_jail -add path vmm unhide -add path vmm/* unhide -add path vmm.io unhide -add path vmm.io/* unhide -add path tap* unhide -add path zvol/ship/raw/* unhide -add path nmdm* unhide diff --git a/jails/config/vm/freebsd.sh b/jails/config/vm/freebsd.sh deleted file mode 100755 index af69f1c..0000000 --- a/jails/config/vm/freebsd.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./freebsd.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=freebsd - -while true -do - -bhyve -c 2 -m 4G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/freebsd_1 \ --s 5,virtio-blk,/dev/zvol/ship/raw/freebsd_2 \ --s 6,virtio-blk,/dev/zvol/ship/raw/freebsd_z1 \ --s 7,virtio-blk,/dev/zvol/ship/raw/freebsd_z2 \ --s 8,virtio-blk,/dev/zvol/ship/raw/freebsd_z3 \ --s 9,virtio-blk,/dev/zvol/ship/raw/freebsd \ --s 10,virtio-net,tap83,mac=00:0A:0B:0C:0D:83 \ --s 29,fbuf,tcp=0.0.0.0:5983,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm83A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -freebsd - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting freebsd in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -#-s 3,ahci-cd \ -#-s 3,ahci-cd,/mnt/freebsd/FreeBSD-12.2-RELEASE-amd64-disc1.iso \ -# set boot_serial=NO -# first in boot menu option 3 and then /boot/loader.conf after install - -# bhyvectl --get-all --vm=freebsd - -# cu -l /dev/nmdm83B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 16G -o refreservation=none ship/raw/freebsd -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_1 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_2 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z1 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z2 -#zfs create -V 16G -o refreservation=none ship/raw/freebsd_z3 -# on boot -#ifconfig tap83 create -#ifconfig bridge1 addm tap83 up -#ifconfig tap83 up -#ifconfig tap83 inet6 auto_linklocal -# -#zroot mirror /dev/vtbd1 /dev/vtbd2 - created during zroot install -#zpool create -f ship /dev/vtbd2 /dev/vtbd3 /dev/vtbd4 -#zpool create -f data /dev/vtbd5 diff --git a/jails/config/vm/gns3.sh b/jails/config/vm/gns3.sh deleted file mode 100755 index 3688259..0000000 --- a/jails/config/vm/gns3.sh +++ /dev/null @@ -1,71 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./gns3.sh under tmux - -# disabled for now -exit - -# clean cached state -bhyvectl --destroy --vm=gns3 - -while true -do - -bhyve -c 4 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/gns3 \ --s 5,virtio-net,tap86,mac=00:0A:0B:0C:0D:86 \ --s 7,virtio-net,tap4886,mac=00:0A:0B:0C:8D:86 \ --s 8,virtio-net,tap1086,mac=00:0A:0B:0C:8D:86 \ --s 9,virtio-net,tap2086,mac=00:0A:0B:0C:9D:86 \ --s 29,fbuf,tcp=0.0.0.0:5986,w=1280,h=720 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm86A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -gns3 - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting gns3 in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -#-s 3,ahci-cd,/mnt/linux/ubuntu-20.04.1-live-server-amd64.iso \ -##-s 6,virtio-blk,/dev/zvol/ship/raw/gns3_data \ - -# bhyvectl --get-all --vm=gns3 - -# cu -l /dev/nmdm86B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 128G -o refreservation=none ship/raw/gns3 - -# Install VNC -# curl -o turbovnc_2.2.5_amd64.deb https://sourceforge.net/projects/turbovnc/files/2.2.5/turbovnc_2.2.5_amd64.deb/download# -# sudo apt install gdebi-core -# sudo gdebi turbovnc_2.2.5_amd64.deb -# sudo killall Xvnc; /opt/TurboVNC/bin/vncserver -name gns3 -geometry 1920x1080 :4 -# systemctl enable ssh.service; service ssh start diff --git a/jails/config/vm/pbx.sh b/jails/config/vm/pbx.sh deleted file mode 100755 index 83bd058..0000000 --- a/jails/config/vm/pbx.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./pbx.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=pbx - -#exit - -while true -do - -bhyve -c 4 -m 4G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/pbx \ --s 5,virtio-net,tap90,mac=00:0A:0B:0C:0D:90 \ --s 6,virtio-net,tap190,mac=00:0A:0B:0C:1D:190 \ --s 29,fbuf,tcp=0.0.0.0:5990,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm90A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -pbx - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting ubuntu in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd \ -# -s 3,ahci-cd,/mnt/linux/SNG7-FPBX-64bit-1904-2.iso \ - -# bhyvectl --get-all --vm=pbx - -# cu -l /dev/nmdm90B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/pbx -# on boot -#ifconfig tap90 create -#ifconfig bridge1 addm tap90 up -#ifconfig tap90 up -#ifconfig tap90 inet6 auto_linklocal -#ifconfig tap190 create -#ifconfig bridge2 addm tap190 up -#ifconfig tap190 up -#ifconfig tap190 inet6 auto_linklocal diff --git a/jails/config/vm/pkg-list-details-old.txt b/jails/config/vm/pkg-list-details-old.txt deleted file mode 100644 index 2e52918..0000000 --- a/jails/config/vm/pkg-list-details-old.txt +++ /dev/null @@ -1,6 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____bhyve-firmware-1.0_1 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a diff --git a/jails/config/vm/pkg-list-details.txt b/jails/config/vm/pkg-list-details.txt deleted file mode 100644 index 26c5817..0000000 --- a/jails/config/vm/pkg-list-details.txt +++ /dev/null @@ -1,6 +0,0 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____bhyve-firmware-1.0_1 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____tmux-3.3a diff --git a/jails/config/vm/pkg-list-old.txt b/jails/config/vm/pkg-list-old.txt deleted file mode 100644 index 2eb3cf9..0000000 --- a/jails/config/vm/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion bhyve-firmware nano pkg tmux diff --git a/jails/config/vm/pkg-list.txt b/jails/config/vm/pkg-list.txt deleted file mode 100644 index 2eb3cf9..0000000 --- a/jails/config/vm/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -bash bash-completion bhyve-firmware nano pkg tmux diff --git a/jails/config/vm/r-windows.sh b/jails/config/vm/r-windows.sh deleted file mode 100755 index 70cd9d5..0000000 --- a/jails/config/vm/r-windows.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./r-windows.sh LTSC 1809 N under tmux - -# clean cached state -bhyvectl --destroy --vm=r-windows - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/r-windows,sectorsize=512 \ --s 5,virtio-net,tap85,mac=00:0A:0B:0C:0D:85 \ --s 6,ahci-hd,/dev/zvol/ship/raw/r-windows_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5985,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm85A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -r-windows - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting r-windows in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=r-windows - -# cu -l /dev/nmdm85B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/r-windows -#zfs create -V 256G -o refreservation=none ship/raw/r-windows_data -# on boot -#ifconfig tap85 create -#ifconfig bridge1 addm tap85 up -#ifconfig tap85 up -#ifconfig tap85 inet6 auto_linklocal diff --git a/jails/config/vm/setup_jail.sh b/jails/config/vm/setup_jail.sh deleted file mode 100755 index 3c4e67d..0000000 --- a/jails/config/vm/setup_jail.sh +++ /dev/null @@ -1,4 +0,0 @@ -# requrired to run other configured scripts -/bin/sh /etc/rc -# launch tmux with jails -/mnt/config/startvms.sh diff --git a/jails/config/vm/startvms.sh b/jails/config/vm/startvms.sh deleted file mode 100755 index 04ae719..0000000 --- a/jails/config/vm/startvms.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -session="vm_tmux" - -# set up tmux -tmux start-server - -# create a new tmux session, naming the window freepbx -tmux new-session -d -s $session -n freepbx -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./pbx.sh" C-m - -# create a new window windows -tmux new-window -t $session:1 -n windows -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./windows.sh" C-m - -# create a new window ubuntu -tmux new-window -t $session:2 -n ubuntu -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./ubuntu.sh" C-m - -# create a new window freebsd -tmux new-window -t $session:3 -n freebsd -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./freebsd.sh" C-m - -# create a new window w2019 -tmux new-window -t $session:4 -n w2019 -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./w2019.sh" C-m - -# create a new window r-windows -tmux new-window -t $session:5 -n r-windows -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./r-windows.sh" C-m - -# create a new window gns3 -tmux new-window -t $session:6 -n gns3 -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./gns3.sh" C-m - -# create a new window cvm-a -tmux new-window -t $session:7 -n cvm-a -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./cvm-a.sh" C-m - -# create a new window cvm-b -tmux new-window -t $session:8 -n cvm-b -tmux selectp -t 1 -tmux send-keys "cd /mnt/config;./cvm-b.sh" C-m - -# return to main window -tmux select-window -t $session:0 -tmux selectp -t 1 - -# Finished setup, attach to the tmux session! -#tmux attach-session -t $session diff --git a/jails/config/vm/ubuntu.sh b/jails/config/vm/ubuntu.sh deleted file mode 100755 index 86caa27..0000000 --- a/jails/config/vm/ubuntu.sh +++ /dev/null @@ -1,62 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./ubuntu.sh under tmux - -# clean cached state -bhyvectl --destroy --vm=ubuntu - -while true -do - -bhyve -c 8 -m 16G -A -H -P \ --s 0,hostbridge \ --s 3,ahci-cd \ --s 4,virtio-blk,/dev/zvol/ship/raw/ubuntu \ --s 5,virtio-net,tap82,mac=00:0A:0B:0C:0D:82 \ --s 6,virtio-blk,/dev/zvol/ship/raw/ubuntu_data \ --s 7,virtio-net,tap4882,mac=00:0A:0B:0C:7D:82 \ --s 8,virtio-net,tap1082,mac=00:0A:0B:0C:8D:82 \ --s 9,virtio-net,tap2082,mac=00:0A:0B:0C:9D:82 \ --s 29,fbuf,tcp=0.0.0.0:5982,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm82A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -ubuntu - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting ubuntu in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci-cd,/mnt/linux/ubuntu-18.04.3-server-amd64.iso \ - -# bhyvectl --get-all --vm=ubuntu - -# cu -l /dev/nmdm82B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/ubuntu -#zfs create -V 128G -o refreservation=none ship/raw/ubuntu_data diff --git a/jails/config/vm/w2019.sh b/jails/config/vm/w2019.sh deleted file mode 100755 index 7577832..0000000 --- a/jails/config/vm/w2019.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./w2019.sh DC 1809 under tmux - -# clean cached state -bhyvectl --destroy --vm=w2019 - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 16G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/w2019,sectorsize=512 \ --s 5,virtio-net,tap84,mac=00:0A:0B:0C:0D:84 \ --s 6,ahci-hd,/dev/zvol/ship/raw/w2019_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5984,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm84A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -w2019 - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting w2019 in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w2019.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w2019.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=w2109 - -# cu -l /dev/nmdm84B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/w2109 -#zfs create -V 128G -o refreservation=none ship/raw/w2019_data -# on boot -#ifconfig tap84 create -#ifconfig bridge1 addm tap84 up -#ifconfig tap84 up -#ifconfig tap84 inet6 auto_linklocal diff --git a/jails/config/vm/windows.sh b/jails/config/vm/windows.sh deleted file mode 100755 index adab4bc..0000000 --- a/jails/config/vm/windows.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -# ./windows.sh LTSC 1809 N under tmux - -# clean cached state -bhyvectl --destroy --vm=windows - -exit - -while true -do - -bhyve -c sockets=1,cores=2,threads=2 -m 8G -S -A -H -P \ --s 0,hostbridge \ --s 4,ahci-hd,/dev/zvol/ship/raw/windows,sectorsize=512 \ --s 5,virtio-net,tap81,mac=00:0A:0B:0C:0D:81 \ --s 6,ahci-hd,/dev/zvol/ship/raw/windows_data,sectorsize=512 \ --s 29,fbuf,tcp=0.0.0.0:5981,w=1600,h=900 \ --s 30,xhci,tablet \ --s 31,lpc -l com1,/dev/nmdm81A \ --l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd \ -windows - -bhyve_exit=$? -# bhyve returns the following status codes: -# 0 - VM has been reset -# 1 - VM has been powered off -# 2 - VM has been halted -# 3 - VM generated a triple fault -# all other non-zero status codes are errors -# -if [ $bhyve_exit = 1 ] || [ $bhyve_exit = 2 ] -then - break -fi -echo `date` - restarting windows in 5 seconds - press ctrl-c to stop -sleep 5 - -done - -exit $? - -# -s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso \ -# mounting the USB HDD as an attached drive to the system -#-s 3,ahci,cd:/mnt/windows/w10.iso,cd:/mnt/windows/virtio-win.iso,hd:/dev/daXp2 \ -# daX being an NTFS drive - -# bhyvectl --get-all --vm=windows - -# cu -l /dev/nmdm81B -# (This uses cu() so press ~+Ctrl-D to exit) - -#on base system: -#zfs create -V 32G -o refreservation=none ship/raw/windows -#zfs create -V 128G -o refreservation=none ship/raw/windows_data -# on boot -#ifconfig tap81 create -#ifconfig bridge1 addm tap81 up -#ifconfig tap81 up -#ifconfig tap81 inet6 auto_linklocal diff --git a/jails/config/vpngw/pkg-list-details-old.txt b/jails/config/vpngw/pkg-list-details-old.txt index b9fc7aa..b6c4ee1 100644 --- a/jails/config/vpngw/pkg-list-details-old.txt +++ b/jails/config/vpngw/pkg-list-details-old.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____git-2.38.1_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____openvpn-2.5.8 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rsync-3.2.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____git-2.49.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____openvpn-2.6.14 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 diff --git a/jails/config/vpngw/pkg-list-details.txt b/jails/config/vpngw/pkg-list-details.txt index 05447dd..b6c4ee1 100644 --- a/jails/config/vpngw/pkg-list-details.txt +++ b/jails/config/vpngw/pkg-list-details.txt @@ -1,7 +1,7 @@ -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____git-2.38.1_4 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____openvpn-2.5.8 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____rsync-3.2.6 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____git-2.49.0 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____openvpn-2.6.14 +pkgp-freebsd-pkg____pkg-2.1.2 +pkgp-freebsd-pkg____rsync-3.4.1_2 diff --git a/jails/config/web-datavpc/020_mod_ssl.conf b/jails/config/web-datavpc/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/web-datavpc/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/web-datavpc/httpd.conf b/jails/config/web-datavpc/httpd.conf deleted file mode 100644 index 2c6523a..0000000 --- a/jails/config/web-datavpc/httpd.conf +++ /dev/null @@ -1,702 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -LoadModule http2_module libexec/apache24/mod_http2.so -LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -LoadModule rewrite_module libexec/apache24/mod_rewrite.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin sharad@ahlawat.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName www.datavpc.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - -# can't set this if traffic is passing through haproxy and being redirected to ssl already -# RewriteEngine on -# RewriteRule ^/\.well-known/ - [L] -# RewriteRule (.*) https://www.datavpc.com [R,L] - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName www.datavpc.com - ServerAlias *.datavpc.com - ServerAlias datavpc.com - - Protocols h2 http/1.1 - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/dvpcfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/dvpcprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/dvpcfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off - - RewriteEngine On - RewriteCond %{HTTP:Authorization} ^(.*) - RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] - - - SetHandler "proxy:fcgi://127.0.0.1:9000" - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - #AllowOverride controls what directives may be placed in .htaccess files. - #AllowOverride All - #AllowOverride AuthConfig - #Controls who can get stuff from this server file - #Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - - - Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" - - - -ExpiresActive On -ExpiresDefault A0 - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - - SetOutputFilter DEFLATE - - - SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding - RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding - - - - AddOutputFilterByType DEFLATE "application/atom+xml" \ - "application/javascript" \ - "application/json" \ - "application/ld+json" \ - "application/manifest+json" \ - "application/rdf+xml" \ - "application/rss+xml" \ - "application/schema+json" \ - "application/vnd.geo+json" \ - "application/vnd.ms-fontobject" \ - "application/x-font-ttf" \ - "application/x-font-opentype" \ - "application/x-font-truetype" \ - "application/x-javascript" \ - "application/x-web-app-manifest+json" \ - "application/xhtml+xml" \ - "application/xml" \ - "font/eot" \ - "font/opentype" \ - "font/otf" \ - "image/bmp" \ - "image/svg+xml" \ - "image/vnd.microsoft.icon" \ - "image/x-icon" \ - "text/cache-manifest" \ - "text/css" \ - "text/html" \ - "text/javascript" \ - "text/plain" \ - "text/vcard" \ - "text/vnd.rim.location.xloc" \ - "text/vtt" \ - "text/x-component" \ - "text/x-cross-domain-policy" \ - "text/xml" - - - - AddEncoding gzip svgz - - - - - -SSLUseStapling On -SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" diff --git a/jails/config/web-datavpc/php.ini b/jails/config/web-datavpc/php.ini deleted file mode 100644 index c04b984..0000000 --- a/jails/config/web-datavpc/php.ini +++ /dev/null @@ -1,1918 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 128M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 2M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/web-datavpc/pkg-list-details-old.txt b/jails/config/web-datavpc/pkg-list-details-old.txt deleted file mode 100644 index 79fe5b9..0000000 --- a/jails/config/web-datavpc/pkg-list-details-old.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-datavpc/pkg-list-details.txt b/jails/config/web-datavpc/pkg-list-details.txt deleted file mode 100644 index 87bcd3f..0000000 --- a/jails/config/web-datavpc/pkg-list-details.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-datavpc/pkg-list-old.txt b/jails/config/web-datavpc/pkg-list-old.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-datavpc/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-datavpc/pkg-list.txt b/jails/config/web-datavpc/pkg-list.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-datavpc/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-datavpc/resolvconf.conf b/jails/config/web-datavpc/resolvconf.conf deleted file mode 100644 index 710615a..0000000 --- a/jails/config/web-datavpc/resolvconf.conf +++ /dev/null @@ -1,2 +0,0 @@ -export search_domains="datavpc.com mydatavpc.com ahlawat.com" -export name_servers="192.168.0.5 fd01::5" diff --git a/jails/config/web-datavpc/www.conf b/jails/config/web-datavpc/www.conf deleted file mode 100644 index 92ff8ff..0000000 --- a/jails/config/web-datavpc/www.conf +++ /dev/null @@ -1,423 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www -group = www - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = 127.0.0.1:9000 - -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = www -;listen.group = www -;listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 10 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/local/share/php/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /tmp -env[TMPDIR] = /tmp -env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/jails/config/web-diyit/httpd.conf b/jails/config/web-diyit/httpd.conf index 064f8a6..3119e08 100644 --- a/jails/config/web-diyit/httpd.conf +++ b/jails/config/web-diyit/httpd.conf @@ -178,6 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so #LoadModule userdir_module libexec/apache24/mod_userdir.so LoadModule alias_module libexec/apache24/mod_alias.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so +#LoadModule php_module libexec/apache24/libphp.so # Third party modules IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf @@ -551,6 +552,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.diyit.org ServerAlias *.diyit.org @@ -560,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on - SSLCertificateFile "/mnt/certs/diyfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/diyprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/diyfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off + SSLCertificateFile "/mnt/certs/fullchain.pem" + SSLCertificateKeyFile "/mnt/certs/privkey.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/web-diyit/pkg-list-details-old.txt b/jails/config/web-diyit/pkg-list-details-old.txt index 6a5e330..a1a22eb 100644 --- a/jails/config/web-diyit/pkg-list-details-old.txt +++ b/jails/config/web-diyit/pkg-list-details-old.txt @@ -1,26 +1,27 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____blackbox_exporter-0.22.0_3 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____blackbox_exporter-0.26.0_2 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web-diyit/pkg-list-details.txt b/jails/config/web-diyit/pkg-list-details.txt index d7439dc..a1a22eb 100644 --- a/jails/config/web-diyit/pkg-list-details.txt +++ b/jails/config/web-diyit/pkg-list-details.txt @@ -1,26 +1,27 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____blackbox_exporter-0.22.0_3 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____blackbox_exporter-0.26.0_2 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web-diyit/pkg-list-old.txt b/jails/config/web-diyit/pkg-list-old.txt index e6a5ca4..c77dc63 100644 --- a/jails/config/web-diyit/pkg-list-old.txt +++ b/jails/config/web-diyit/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion blackbox_exporter nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion blackbox_exporter mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web-diyit/pkg-list.txt b/jails/config/web-diyit/pkg-list.txt index e6a5ca4..c77dc63 100644 --- a/jails/config/web-diyit/pkg-list.txt +++ b/jails/config/web-diyit/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion blackbox_exporter nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion blackbox_exporter mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web-rockwood/httpd.conf b/jails/config/web-rockwood/httpd.conf index 58d7479..844ecd8 100644 --- a/jails/config/web-rockwood/httpd.conf +++ b/jails/config/web-rockwood/httpd.conf @@ -178,6 +178,7 @@ LoadModule dir_module libexec/apache24/mod_dir.so #LoadModule userdir_module libexec/apache24/mod_userdir.so LoadModule alias_module libexec/apache24/mod_alias.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so +#LoadModule php_module libexec/apache24/libphp.so # Third party modules IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf @@ -551,6 +552,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.rockwoodestates.org ServerAlias *.rockwoodestates.org @@ -560,16 +569,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on - SSLCertificateFile "/mnt/certs/rwefullchain.pem" - SSLCertificateKeyFile "/mnt/certs/rweprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/rwefullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off + SSLCertificateFile "/mnt/certs/fullchain.pem" + SSLCertificateKeyFile "/mnt/certs/privkey.pem" +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) @@ -599,6 +612,60 @@ Include etc/apache24/Includes/*.conf Require all granted + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + + Options Indexes FollowSymLinks MultiViews + IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 + ## IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 + + #AllowOverride controls what directives may be placed in .htaccess files. + AllowOverride All + #AllowOverride AuthConfig + #Controls who can get stuff from this server file + Require all granted + + + Alias /docs "/root/docs" + Alias /board "/root/docs-board" + Alias /common-land "/root/docs-common-land" + + Alias /cam "/home/gate" + Alias /SMS "/usr/local/www/apache24/data/SMS-list/sms" Alias /sms "/usr/local/www/apache24/data/SMS-list/sms" diff --git a/jails/config/web-rockwood/pkg-list-details-old.txt b/jails/config/web-rockwood/pkg-list-details-old.txt index 577cb51..fb74905 100644 --- a/jails/config/web-rockwood/pkg-list-details-old.txt +++ b/jails/config/web-rockwood/pkg-list-details-old.txt @@ -1,26 +1,29 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.12 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____vsftpd-ssl-3.0.5_2 diff --git a/jails/config/web-rockwood/pkg-list-details.txt b/jails/config/web-rockwood/pkg-list-details.txt index 27b1072..fb74905 100644 --- a/jails/config/web-rockwood/pkg-list-details.txt +++ b/jails/config/web-rockwood/pkg-list-details.txt @@ -1,26 +1,29 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-pdo_mysql-8.1.13 -pkgp-freebsd-pkg____php81-pecl-imagick-3.7.0 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____apache24-2.4.63 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____mc-4.8.32 +pkgp-freebsd-pkg____mod_php84-8.4.6 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-pecl-imagick-3.7.0_5 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 +pkgp-freebsd-pkg____vsftpd-ssl-3.0.5_2 diff --git a/jails/config/web-rockwood/pkg-list-old.txt b/jails/config/web-rockwood/pkg-list-old.txt index d2139df..654d5a8 100644 --- a/jails/config/web-rockwood/pkg-list-old.txt +++ b/jails/config/web-rockwood/pkg-list-old.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pdo_mysql php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion mc mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg vsftpd-ssl diff --git a/jails/config/web-rockwood/pkg-list.txt b/jails/config/web-rockwood/pkg-list.txt index d2139df..654d5a8 100644 --- a/jails/config/web-rockwood/pkg-list.txt +++ b/jails/config/web-rockwood/pkg-list.txt @@ -1 +1 @@ -apache24 bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-iconv php81-mbstring php81-mysqli php81-pdo_mysql php81-pecl-imagick php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 bash bash-completion mc mod_php84 nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-mbstring php84-mysqli php84-pecl-imagick php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg vsftpd-ssl diff --git a/jails/config/web-scvcc-rental/020_mod_ssl.conf b/jails/config/web-scvcc-rental/020_mod_ssl.conf deleted file mode 100644 index 3fbba40..0000000 --- a/jails/config/web-scvcc-rental/020_mod_ssl.conf +++ /dev/null @@ -1,11 +0,0 @@ -Listen 443 -SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 -SSLHonorCipherOrder on -SSLCompression off -# SSLUseStapling on -SSLSessionTickets off -SSLOptions +StrictRequire -SSLPassPhraseDialog builtin -SSLSessionCacheTimeout 300 -SSLSessionCache shmcb:/usr/local/etc/apache24/ssl_scache(512000) diff --git a/jails/config/web-scvcc-rental/httpd.conf b/jails/config/web-scvcc-rental/httpd.conf deleted file mode 100644 index 6cf5e87..0000000 --- a/jails/config/web-scvcc-rental/httpd.conf +++ /dev/null @@ -1,702 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See for detailed information. -# In particular, see -# -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/access_log" -# with ServerRoot set to "/usr/local/apache2" will be interpreted by the -# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log" -# will be interpreted as '/logs/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/usr/local" - -# -# Mutex: Allows you to set the mutex mechanism and mutex file directory -# for individual mutexes, or change the global defaults -# -# Uncomment and change the directory if mutexes are file-based and the default -# mutex file directory is not on a local disk or is not appropriate for some -# other reason. -# -# Mutex default:/var/run - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -#Listen 80 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule mpm_event_module libexec/apache24/mod_mpm_event.so -#LoadModule mpm_prefork_module libexec/apache24/mod_mpm_prefork.so -#LoadModule mpm_worker_module libexec/apache24/mod_mpm_worker.so -LoadModule authn_file_module libexec/apache24/mod_authn_file.so -#LoadModule authn_dbm_module libexec/apache24/mod_authn_dbm.so -#LoadModule authn_anon_module libexec/apache24/mod_authn_anon.so -#LoadModule authn_dbd_module libexec/apache24/mod_authn_dbd.so -#LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so -LoadModule authn_core_module libexec/apache24/mod_authn_core.so -LoadModule authz_host_module libexec/apache24/mod_authz_host.so -LoadModule authz_groupfile_module libexec/apache24/mod_authz_groupfile.so -LoadModule authz_user_module libexec/apache24/mod_authz_user.so -#LoadModule authz_dbm_module libexec/apache24/mod_authz_dbm.so -#LoadModule authz_owner_module libexec/apache24/mod_authz_owner.so -#LoadModule authz_dbd_module libexec/apache24/mod_authz_dbd.so -LoadModule authz_core_module libexec/apache24/mod_authz_core.so -#LoadModule authnz_fcgi_module libexec/apache24/mod_authnz_fcgi.so -LoadModule access_compat_module libexec/apache24/mod_access_compat.so -LoadModule auth_basic_module libexec/apache24/mod_auth_basic.so -#LoadModule auth_form_module libexec/apache24/mod_auth_form.so -#LoadModule auth_digest_module libexec/apache24/mod_auth_digest.so -#LoadModule allowmethods_module libexec/apache24/mod_allowmethods.so -#LoadModule file_cache_module libexec/apache24/mod_file_cache.so -#LoadModule cache_module libexec/apache24/mod_cache.so -#LoadModule cache_disk_module libexec/apache24/mod_cache_disk.so -#LoadModule cache_socache_module libexec/apache24/mod_cache_socache.so -LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so -#LoadModule socache_dbm_module libexec/apache24/mod_socache_dbm.so -#LoadModule socache_memcache_module libexec/apache24/mod_socache_memcache.so -#LoadModule watchdog_module libexec/apache24/mod_watchdog.so -#LoadModule macro_module libexec/apache24/mod_macro.so -#LoadModule dbd_module libexec/apache24/mod_dbd.so -#LoadModule dumpio_module libexec/apache24/mod_dumpio.so -#LoadModule buffer_module libexec/apache24/mod_buffer.so -#LoadModule data_module libexec/apache24/mod_data.so -#LoadModule ratelimit_module libexec/apache24/mod_ratelimit.so -LoadModule reqtimeout_module libexec/apache24/mod_reqtimeout.so -#LoadModule ext_filter_module libexec/apache24/mod_ext_filter.so -#LoadModule request_module libexec/apache24/mod_request.so -#LoadModule include_module libexec/apache24/mod_include.so -LoadModule filter_module libexec/apache24/mod_filter.so -#LoadModule reflector_module libexec/apache24/mod_reflector.so -#LoadModule substitute_module libexec/apache24/mod_substitute.so -#LoadModule sed_module libexec/apache24/mod_sed.so -#LoadModule charset_lite_module libexec/apache24/mod_charset_lite.so -LoadModule deflate_module libexec/apache24/mod_deflate.so -#LoadModule xml2enc_module libexec/apache24/mod_xml2enc.so -#LoadModule proxy_html_module libexec/apache24/mod_proxy_html.so -LoadModule mime_module libexec/apache24/mod_mime.so -LoadModule log_config_module libexec/apache24/mod_log_config.so -#LoadModule log_debug_module libexec/apache24/mod_log_debug.so -#LoadModule log_forensic_module libexec/apache24/mod_log_forensic.so -#LoadModule logio_module libexec/apache24/mod_logio.so -LoadModule env_module libexec/apache24/mod_env.so -#LoadModule mime_magic_module libexec/apache24/mod_mime_magic.so -#LoadModule cern_meta_module libexec/apache24/mod_cern_meta.so -LoadModule expires_module libexec/apache24/mod_expires.so -LoadModule headers_module libexec/apache24/mod_headers.so -#LoadModule usertrack_module libexec/apache24/mod_usertrack.so -#LoadModule unique_id_module libexec/apache24/mod_unique_id.so -LoadModule setenvif_module libexec/apache24/mod_setenvif.so -LoadModule version_module libexec/apache24/mod_version.so -#LoadModule remoteip_module libexec/apache24/mod_remoteip.so -LoadModule proxy_module libexec/apache24/mod_proxy.so -#LoadModule proxy_connect_module libexec/apache24/mod_proxy_connect.so -#LoadModule proxy_ftp_module libexec/apache24/mod_proxy_ftp.so -#LoadModule proxy_http_module libexec/apache24/mod_proxy_http.so -LoadModule proxy_fcgi_module libexec/apache24/mod_proxy_fcgi.so -#LoadModule proxy_scgi_module libexec/apache24/mod_proxy_scgi.so -#LoadModule proxy_uwsgi_module libexec/apache24/mod_proxy_uwsgi.so -#LoadModule proxy_fdpass_module libexec/apache24/mod_proxy_fdpass.so -#LoadModule proxy_wstunnel_module libexec/apache24/mod_proxy_wstunnel.so -#LoadModule proxy_ajp_module libexec/apache24/mod_proxy_ajp.so -#LoadModule proxy_balancer_module libexec/apache24/mod_proxy_balancer.so -#LoadModule proxy_express_module libexec/apache24/mod_proxy_express.so -#LoadModule proxy_hcheck_module libexec/apache24/mod_proxy_hcheck.so -#LoadModule session_module libexec/apache24/mod_session.so -#LoadModule session_cookie_module libexec/apache24/mod_session_cookie.so -#LoadModule session_crypto_module libexec/apache24/mod_session_crypto.so -#LoadModule session_dbd_module libexec/apache24/mod_session_dbd.so -#LoadModule slotmem_shm_module libexec/apache24/mod_slotmem_shm.so -#LoadModule slotmem_plain_module libexec/apache24/mod_slotmem_plain.so -LoadModule ssl_module libexec/apache24/mod_ssl.so -#LoadModule dialup_module libexec/apache24/mod_dialup.so -LoadModule http2_module libexec/apache24/mod_http2.so -LoadModule proxy_http2_module libexec/apache24/mod_proxy_http2.so -#LoadModule lbmethod_byrequests_module libexec/apache24/mod_lbmethod_byrequests.so -#LoadModule lbmethod_bytraffic_module libexec/apache24/mod_lbmethod_bytraffic.so -#LoadModule lbmethod_bybusyness_module libexec/apache24/mod_lbmethod_bybusyness.so -#LoadModule lbmethod_heartbeat_module libexec/apache24/mod_lbmethod_heartbeat.so -LoadModule unixd_module libexec/apache24/mod_unixd.so -#LoadModule heartbeat_module libexec/apache24/mod_heartbeat.so -#LoadModule heartmonitor_module libexec/apache24/mod_heartmonitor.so -#LoadModule dav_module libexec/apache24/mod_dav.so -LoadModule status_module libexec/apache24/mod_status.so -LoadModule autoindex_module libexec/apache24/mod_autoindex.so -#LoadModule asis_module libexec/apache24/mod_asis.so -#LoadModule info_module libexec/apache24/mod_info.so - - #LoadModule cgid_module libexec/apache24/mod_cgid.so - - - #LoadModule cgi_module libexec/apache24/mod_cgi.so - -#LoadModule dav_fs_module libexec/apache24/mod_dav_fs.so -#LoadModule dav_lock_module libexec/apache24/mod_dav_lock.so -#LoadModule vhost_alias_module libexec/apache24/mod_vhost_alias.so -#LoadModule negotiation_module libexec/apache24/mod_negotiation.so -LoadModule dir_module libexec/apache24/mod_dir.so -#LoadModule imagemap_module libexec/apache24/mod_imagemap.so -#LoadModule actions_module libexec/apache24/mod_actions.so -#LoadModule speling_module libexec/apache24/mod_speling.so -#LoadModule userdir_module libexec/apache24/mod_userdir.so -LoadModule alias_module libexec/apache24/mod_alias.so -LoadModule rewrite_module libexec/apache24/mod_rewrite.so - -# Third party modules -IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf - - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User www -Group www - - - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# definition. These values also provide defaults for -# any containers you may define later in the file. -# -# All of these directives may appear inside containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin sharad@ahlawat.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -ServerName www.scvcc-rental.com - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# blocks below. -# - - AllowOverride none - Require all denied - - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/www/apache24/data" - - -# can't set this if traffic is passing through haproxy and being redirected to ssl already -# RewriteEngine on -# RewriteRule ^/\.well-known/ - [L] -# RewriteRule (.*) https://www.scvcc-rental.com [R,L] - - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # AllowOverride FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Require all granted - - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# - - DirectoryIndex index.php index.html - - SetHandler application/x-httpd-php - - - SetHandler application/x-httpd-php-source - - - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# - - Require all denied - - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a -# container, that host's errors will be logged there and not here. -# -ErrorLog "/var/log/httpd-error.log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - - - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a - # container, they will be logged here. Contrariwise, if you *do* - # define per- access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "/var/log/httpd-access.log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "/var/log/httpd-access.log" combined - - - - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/" - - - - - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock cgisock - - -# -# "/usr/local/www/apache24/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# - - AllowOverride None - Options None - Require all granted - - - - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early - - - - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig etc/apache24/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml - - AddType application/x-httpd-php .php - AddType application/x-httpd-php-source .phps - - - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile etc/apache24/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -#EnableSendfile on - -# Supplemental configuration -# -# The configuration files in the etc/apache24/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include etc/apache24/extra/httpd-mpm.conf - -# Multi-language error messages -#Include etc/apache24/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include etc/apache24/extra/httpd-autoindex.conf - -# Language settings -#Include etc/apache24/extra/httpd-languages.conf - -# User home directories -#Include etc/apache24/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include etc/apache24/extra/httpd-info.conf - -# Virtual hosts -#Include etc/apache24/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include etc/apache24/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include etc/apache24/extra/httpd-dav.conf - -# Various default settings -#Include etc/apache24/extra/httpd-default.conf - -# Configure mod_proxy_html to understand HTML4/XHTML1 - -Include etc/apache24/extra/proxy-html.conf - - -# Secure (SSL/TLS) connections -#Include etc/apache24/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# - -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin - - -Include etc/apache24/Includes/*.conf - - - ServerName www.scvcc-rental.com - ServerAlias *.scvc-rental.com - ServerAlias scvcc-rental.com - - Protocols h2 http/1.1 - - DocumentRoot "/usr/local/www/apache24/data/" - - SSLEngine on - SSLCertificateFile "/mnt/certs/scvccfullchain.pem" - SSLCertificateKeyFile "/mnt/certs/scvccprivkey.pem" - #SSLCertificateChainFile "/mnt/certs/scvccfullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off - - RewriteEngine On - RewriteCond %{HTTP:Authorization} ^(.*) - RewriteRule .* - [e=HTTP_AUTHORIZATION:%1] - - - SetHandler "proxy:fcgi://127.0.0.1:9000" - SSLOptions +StdEnvVars - - - - SSLOptions +StdEnvVars - - - BrowserMatch "MSIE [2-5]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 - CustomLog "/var/log/ssl-request.log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - Options Indexes FollowSymLinks MultiViews - ## IndexOptions FancyIndexing FoldersFirst IgnoreCase VersionSort SuppressHTMLPreamble NameWidth=96 DescriptionWidth=16 - IndexOptions FancyIndexing FoldersFirst IgnoreCase NameWidth=96 - - #AllowOverride controls what directives may be placed in .htaccess files. - AllowOverride All - #AllowOverride AuthConfig - #Controls who can get stuff from this server file - Require all granted - - - ErrorLog "/var/log/ssl-error.log" - CustomLog "/var/log/ssl-access_log" combined - - - Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" - - - -ExpiresActive On -ExpiresDefault A0 - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - -ExpiresDefault A31536000 - - - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - Header set Cache-Control "max-age=31536000" - - - - - SetOutputFilter DEFLATE - - - SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding - RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding - - - - AddOutputFilterByType DEFLATE "application/atom+xml" \ - "application/javascript" \ - "application/json" \ - "application/ld+json" \ - "application/manifest+json" \ - "application/rdf+xml" \ - "application/rss+xml" \ - "application/schema+json" \ - "application/vnd.geo+json" \ - "application/vnd.ms-fontobject" \ - "application/x-font-ttf" \ - "application/x-font-opentype" \ - "application/x-font-truetype" \ - "application/x-javascript" \ - "application/x-web-app-manifest+json" \ - "application/xhtml+xml" \ - "application/xml" \ - "font/eot" \ - "font/opentype" \ - "font/otf" \ - "image/bmp" \ - "image/svg+xml" \ - "image/vnd.microsoft.icon" \ - "image/x-icon" \ - "text/cache-manifest" \ - "text/css" \ - "text/html" \ - "text/javascript" \ - "text/plain" \ - "text/vcard" \ - "text/vnd.rim.location.xloc" \ - "text/vtt" \ - "text/x-component" \ - "text/x-cross-domain-policy" \ - "text/xml" - - - - AddEncoding gzip svgz - - - - - -SSLUseStapling On -SSLStaplingCache "shmcb:logs/ssl_stapling(32768)" diff --git a/jails/config/web-scvcc-rental/php.ini b/jails/config/web-scvcc-rental/php.ini deleted file mode 100644 index 464dd99..0000000 --- a/jails/config/web-scvcc-rental/php.ini +++ /dev/null @@ -1,1918 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it is -; much more verbose when it comes to errors. We recommend using the -; development version only in development environments, as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.sid_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 4096k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 30 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 128M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it is automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; For production environments, we recommend logging errors rather than -; sending them to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. We strongly recommend you -; set this to 'off' for production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; This directive is DEPRECATED. -; Default Value: Off -; Development Value: Off -; Production Value: Off -; http://php.net/track-errors -;track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on Windows). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P & C) should be -; registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive -; are specified in the same manner as the variables_order directive, -; EXCEPT one. Leaving this value empty will cause PHP to use the value set -; in the variables_order directive. It does not mean it will leave the super -; globals array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 8M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a media type using the Content-Type header. To -; disable this, simply set it to be empty. -; -; PHP's built-in default media type is set to text/html. -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to UTF-8. -; http://php.net/default-charset -default_charset = "UTF-8" - -; PHP internal character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/internal-encoding -;internal_encoding = - -; PHP input character encoding is set to empty. -; If empty, default_charset is used. -; http://php.net/input-encoding -;input_encoding = - -; PHP output character encoding is set to empty. -; If empty, default_charset is used. -; See also output_buffer. -; http://php.net/output-encoding -;output_encoding = - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/php/includes" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside -; of the web tree and people will not be able to circumvent .htaccess security. -; http://php.net/cgi.dicard-path -;cgi.discard_path=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If set to 0, PHP sends Status: header that -; is supported by Apache. When this option is set to 1, PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! -; (shebang) at the top of the running script. This line might be needed if the -; script support running both as stand-alone script and via PHP CGI<. PHP in CGI -; mode skips this line and ignores its content if this directive is turned on. -; http://php.net/cgi.check-shebang-line -;cgi.check_shebang_line=1 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 4M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename -; -; For example: -; -; extension=mysqli -; -; When the extension library to load is not located in the default extension -; directory, You may specify an absolute path to the library file: -; -; extension=/path/to/extension/mysqli.so -; -; Note : The syntax used in previous PHP versions ('extension=.so' and -; 'extension='php_.dll') is supported for legacy reasons and may be -; deprecated in a future PHP major version. So, when it is possible, please -; move to the new ('extension=) syntax. -; -; Notes for Windows environments : -; -; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) -; extension folders as well as the separate PECL DLL download (PHP 5+). -; Be sure to appropriately set the extension_dir directive. -; -;extension=bz2 -;extension=curl -;extension=fileinfo -;extension=gd2 -;extension=gettext -;extension=gmp -;extension=intl -;extension=imap -;extension=interbase -;extension=ldap -;extension=mbstring -;extension=exif ; Must be after mbstring as it depends on it -;extension=mysqli -;extension=oci8_12c ; Use with Oracle Database 12c Instant Client -;extension=odbc -;extension=openssl -;extension=pdo_firebird -;extension=pdo_mysql -;extension=pdo_oci -;extension=pdo_odbc -;extension=pdo_pgsql -;extension=pdo_sqlite -;extension=pgsql -;extension=shmop - -; The MIBS data available in the PHP distribution must be installed. -; See http://www.php.net/manual/en/snmp.installation.php -;extension=snmp - -;extension=soap -;extension=sockets -;extension=sqlite3 -;extension=tidy -;extension=xmlrpc -;extension=xsl - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = America/Los_Angeles - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -; Use of this INI entry is deprecated, use global input_encoding instead. -; If empty, default_charset or input_encoding or iconv.input_encoding is used. -; The precedence is: default_charset < intput_encoding < iconv.input_encoding -;iconv.input_encoding = - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;iconv.internal_encoding = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; If empty, default_charset or output_encoding or iconv.output_encoding is used. -; The precedence is: default_charset < output_encoding < iconv.output_encoding -; To use an output encoding conversion, iconv's output handler must be set -; otherwise output encoding conversion cannot be performed. -;iconv.output_encoding = - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING -;intl.use_exceptions = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -;Enables or disables JIT compilation of patterns. This requires the PCRE -;library to be compiled with JIT support. -;pcre.jit=1 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(). -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = Off - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on Windows). -;mail.log = syslog - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Records communication from all extensions using mysqlnd to the specified log -; file. -; http://php.net/mysqlnd.debug -;mysqlnd.debug = - -; Defines which queries will be logged. -; http://php.net/mysqlnd.log_mask -;mysqlnd.log_mask = 0 - -; Default size of the mysqlnd memory pool, which is used by result sets. -; http://php.net/mysqlnd.mempool_default_size -;mysqlnd.mempool_default_size = 16000 - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -; Timeout for network requests in seconds. -; http://php.net/mysqlnd.net_read_timeout -;mysqlnd.net_read_timeout = 31536000 - -; SHA-256 Authentication Plugin related. File with the MySQL server public RSA -; key. -; http://php.net/mysqlnd.sha256_server_public_key -;mysqlnd.sha256_server_public_key = - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if -; your OS has problems with many files in one directory, and is -; a more efficient layout for servers that handle many sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/tmp" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the be-all and end-all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 1 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users' security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Set session ID character length. This value could be between 22 to 256. -; Shorter length than default is supported only for compatibility reason. -; Users should use 32 or more chars. -; http://php.net/session.sid-length -; Default Value: 32 -; Development Value: 26 -; Production Value: 26 -session.sid_length = 26 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; is special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. tag's action attribute URL will not be modified -; unless it is specified. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=" -; Development Value: "a=href,area=href,frame=src,form=" -; Production Value: "a=href,area=href,frame=src,form=" -; http://php.net/url-rewriter.tags -session.trans_sid_tags = "a=href,area=href,frame=src,form=" - -; URL rewriter does not rewrite absolute URLs by default. -; To enable rewrites for absolute pathes, target hosts must be specified -; at RUNTIME. i.e. use ini_set() -; tags is special. PHP will check action attribute's URL regardless -; of session.trans_sid_tags setting. -; If no host is defined, HTTP_HOST will be used for allowed host. -; Example value: php.net,www.php.net,wiki.php.net -; Use "," for multiple hosts. No spaces are allowed. -; Default Value: "" -; Development Value: "" -; Production Value: "" -;session.trans_sid_hosts="" - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.sid_bits_per_character = 5 - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -; Only write session data when session data is changed. Enabled by default. -; http://php.net/session.lazy-write -;session.lazy_write = On - -[Assertion] -; Switch whether to compile assertions at all (to have no overhead at run-time) -; -1: Do not compile at all -; 0: Jump over assertion at run-time -; 1: Execute assertions -; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) -; Default Value: 1 -; Development Value: 1 -; Production Value: -1 -; http://php.net/zend.assertions -zend.assertions = -1 - -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Throw an AssertationException on failed assertions -; http://php.net/assert.exception -;assert.exception = On - -; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; This affects mb_send_mail() and mbstring.detect_order. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; Use of this INI entry is deprecated, use global internal_encoding instead. -; internal/script encoding. -; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) -; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. -; The precedence is: default_charset < internal_encoding < iconv.internal_encoding -;mbstring.internal_encoding = - -; Use of this INI entry is deprecated, use global input_encoding instead. -; http input encoding. -; mbstring.encoding_traslation = On is needed to use this setting. -; If empty, default_charset or input_encoding or mbstring.input is used. -; The precedence is: default_charset < intput_encoding < mbsting.http_input -; http://php.net/mbstring.http-input -;mbstring.http_input = - -; Use of this INI entry is deprecated, use global output_encoding instead. -; http output encoding. -; mb_output_handler must be registered as output buffer to function. -; If empty, default_charset or output_encoding or mbstring.http_output is used. -; The precedence is: default_charset < output_encoding < mbstring.http_output -; To use an output encoding conversion, mbstring's output handler must be set -; otherwise output encoding conversion cannot be performed. -; http://php.net/mbstring.http-output -;mbstring.http_output = - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; "auto" detect order is changed according to mbstring.language -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -; Default: Off -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 1 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=1 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=128 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=8 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 1000000 are allowed. -;opcache.max_accelerated_files=10000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -; Allows calling OPcache API functions only from PHP scripts which path is -; started from specified string. The default "" means no restriction -;opcache.restrict_api= - -; Mapping base of shared memory segments (for Windows only). All the PHP -; processes have to map shared memory into the same address space. This -; directive allows to manually fix the "Unable to reattach to base address" -; errors. -;opcache.mmap_base= - -; Enables and sets the second level cache directory. -; It should improve performance when SHM memory is full, at server restart or -; SHM reset. The default "" disables file based caching. -;opcache.file_cache= - -; Enables or disables opcode caching in shared memory. -;opcache.file_cache_only=0 - -; Enables or disables checksum validation when script loaded from file cache. -;opcache.file_cache_consistency_checks=1 - -; Implies opcache.file_cache_only=1 for a certain process that failed to -; reattach to the shared memory (for Windows only). Explicitly enabled file -; cache is required. -;opcache.file_cache_fallback=1 - -; Enables or disables copying of PHP code (text segment) into HUGE PAGES. -; This should improve performance, but requires appropriate OS configuration. -;opcache.huge_code_pages=1 - -; Validate cached file permissions. -;opcache.validate_permission=0 - -; Prevent name collisions in chroot'ed environment. -;opcache.validate_root=0 - -; If specified, it produces opcode dumps for debugging different stages of -; optimizations. -;opcache.opt_debug_level=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -[openssl] -; The location of a Certificate Authority (CA) file on the local filesystem -; to use when verifying the identity of SSL/TLS peers. Most users should -; not specify a value for this directive as PHP will attempt to use the -; OS-managed cert stores in its absence. If specified, this value may still -; be overridden on a per-stream basis via the "cafile" SSL stream context -; option. -;openssl.cafile= - -; If openssl.cafile is not specified or if the CA file is not found, the -; directory pointed to by openssl.capath is searched for a suitable -; certificate. This value must be a correctly hashed certificate directory. -; Most users should not specify a value for this directive as PHP will -; attempt to use the OS-managed cert stores in its absence. If specified, -; this value may still be overridden on a per-stream basis via the "capath" -; SSL stream context option. -;openssl.capath= - -; Local Variables: -; tab-width: 4 -; End: diff --git a/jails/config/web-scvcc-rental/pkg-list-details-old.txt b/jails/config/web-scvcc-rental/pkg-list-details-old.txt deleted file mode 100644 index 79fe5b9..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-details-old.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-scvcc-rental/pkg-list-details.txt b/jails/config/web-scvcc-rental/pkg-list-details.txt deleted file mode 100644 index 87bcd3f..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-details.txt +++ /dev/null @@ -1,8 +0,0 @@ -pkgp-freebsd-pkg____apache24-2.4.54 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____pkg-1.18.4 diff --git a/jails/config/web-scvcc-rental/pkg-list-old.txt b/jails/config/web-scvcc-rental/pkg-list-old.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-scvcc-rental/pkg-list-old.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-scvcc-rental/pkg-list.txt b/jails/config/web-scvcc-rental/pkg-list.txt deleted file mode 100644 index 943fd00..0000000 --- a/jails/config/web-scvcc-rental/pkg-list.txt +++ /dev/null @@ -1 +0,0 @@ -apache24 bash bash-completion nano php81 php81-mysqli php81-session pkg diff --git a/jails/config/web-scvcc-rental/resolvconf.conf b/jails/config/web-scvcc-rental/resolvconf.conf deleted file mode 100644 index 81e67dd..0000000 --- a/jails/config/web-scvcc-rental/resolvconf.conf +++ /dev/null @@ -1,2 +0,0 @@ -export search_domains="scvcc-rental.com ahlawat.com" -export name_servers="192.168.0.5 fd01::5" diff --git a/jails/config/web-scvcc-rental/www.conf b/jails/config/web-scvcc-rental/www.conf deleted file mode 100644 index 92ff8ff..0000000 --- a/jails/config/web-scvcc-rental/www.conf +++ /dev/null @@ -1,423 +0,0 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) -[www] - -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr/local) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www -group = www - -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. -listen = 127.0.0.1:9000 - -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 -;listen.owner = www -;listen.group = www -;listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = - -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. -pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. -pm.max_children = 10 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 3 - -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/local/share/php/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; Depth of slow log stack trace. -; Default Value: 20 -;request_slowlog_trace_depth = 20 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_terminate_timeout = 0 - -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 - -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -;chdir = /var/www - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -env[HOSTNAME] = $HOSTNAME -env[PATH] = /usr/local/bin:/usr/bin:/bin -env[TMP] = /tmp -env[TMPDIR] = /tmp -env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr/local) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M diff --git a/jails/config/web/httpd.conf b/jails/config/web/httpd.conf index 1fd6ad9..c91c545 100644 --- a/jails/config/web/httpd.conf +++ b/jails/config/web/httpd.conf @@ -554,6 +554,14 @@ SSLRandomSeed connect builtin Include etc/apache24/Includes/*.conf +# https://ssl-config.mozilla.org/#server=apache&version=2.4.60&config=intermediate&openssl=3.1.0&guideline=5.7 + + + RewriteEngine On + RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/ + RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,QSA,L] + + ServerName www.ahlawat.com ServerAlias *.ahlawat.com @@ -563,16 +571,20 @@ Include etc/apache24/Includes/*.conf DocumentRoot "/usr/local/www/apache24/data/" + # HTTP Strict Transport Security (mod_headers is required) (63072000 seconds) + Header always set Strict-Transport-Security "max-age=63072000" + SSLEngine on SSLCertificateFile "/mnt/certs/fullchain.pem" SSLCertificateKeyFile "/mnt/certs/privkey.pem" - #SSLCertificateChainFile "/mnt/certs/fullchain.pem" - SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 - SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 - SSLHonorCipherOrder off - SSLSessionTickets off - SSLOptions +StrictRequire -# SSLCompression off +# SSLCertificateChainFile "/mnt/certs/fullchain.pem" + SSLCACertificateFile "/mnt/certs/cacert.pem" + + SSLProtocol -all +TLSv1.2 +TLSv1.3 + SSLOpenSSLConfCmd Curves X25519:prime256v1:secp384r1 + SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 + SSLHonorCipherOrder off + SSLSessionTickets off RewriteEngine On RewriteCond %{HTTP:Authorization} ^(.*) diff --git a/jails/config/web/pkg-list-details-old.txt b/jails/config/web/pkg-list-details-old.txt index ecf1c69..9a4b9dc 100644 --- a/jails/config/web/pkg-list-details-old.txt +++ b/jails/config/web/pkg-list-details-old.txt @@ -1,27 +1,27 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____bash-completion-2.11_1,2 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____php81-8.1.12 -pkgp-freebsd-pkg____php81-bcmath-8.1.12 -pkgp-freebsd-pkg____php81-ctype-8.1.12 -pkgp-freebsd-pkg____php81-curl-8.1.12 -pkgp-freebsd-pkg____php81-dom-8.1.12 -pkgp-freebsd-pkg____php81-exif-8.1.12 -pkgp-freebsd-pkg____php81-fileinfo-8.1.12 -pkgp-freebsd-pkg____php81-filter-8.1.12 -pkgp-freebsd-pkg____php81-ftp-8.1.12 -pkgp-freebsd-pkg____php81-gd-8.1.12 -pkgp-freebsd-pkg____php81-iconv-8.1.12 -pkgp-freebsd-pkg____php81-ldap-8.1.12 -pkgp-freebsd-pkg____php81-mbstring-8.1.12 -pkgp-freebsd-pkg____php81-mysqli-8.1.12 -pkgp-freebsd-pkg____php81-session-8.1.12 -pkgp-freebsd-pkg____php81-sockets-8.1.12 -pkgp-freebsd-pkg____php81-sodium-8.1.12 -pkgp-freebsd-pkg____php81-tokenizer-8.1.12 -pkgp-freebsd-pkg____php81-xml-8.1.12 -pkgp-freebsd-pkg____php81-zip-8.1.12 -pkgp-freebsd-pkg____php81-zlib-8.1.12 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web/pkg-list-details.txt b/jails/config/web/pkg-list-details.txt index 9c719c1..9a4b9dc 100644 --- a/jails/config/web/pkg-list-details.txt +++ b/jails/config/web/pkg-list-details.txt @@ -1,27 +1,27 @@ -pkgp123____apache24-2.4.54 -pkgp123____apr-1.7.0.1.6.1_2 -pkgp123____pkg-1.18.4 -pkgp-freebsd-pkg____bash-5.2.12 -pkgp-freebsd-pkg____bash-completion-2.11_2,2 -pkgp-freebsd-pkg____nano-7.0 -pkgp-freebsd-pkg____php81-8.1.13 -pkgp-freebsd-pkg____php81-bcmath-8.1.13 -pkgp-freebsd-pkg____php81-ctype-8.1.13 -pkgp-freebsd-pkg____php81-curl-8.1.13 -pkgp-freebsd-pkg____php81-dom-8.1.13 -pkgp-freebsd-pkg____php81-exif-8.1.13 -pkgp-freebsd-pkg____php81-fileinfo-8.1.13 -pkgp-freebsd-pkg____php81-filter-8.1.13 -pkgp-freebsd-pkg____php81-ftp-8.1.13 -pkgp-freebsd-pkg____php81-gd-8.1.13 -pkgp-freebsd-pkg____php81-iconv-8.1.13 -pkgp-freebsd-pkg____php81-ldap-8.1.13 -pkgp-freebsd-pkg____php81-mbstring-8.1.13 -pkgp-freebsd-pkg____php81-mysqli-8.1.13 -pkgp-freebsd-pkg____php81-session-8.1.13 -pkgp-freebsd-pkg____php81-sockets-8.1.13 -pkgp-freebsd-pkg____php81-sodium-8.1.13 -pkgp-freebsd-pkg____php81-tokenizer-8.1.13 -pkgp-freebsd-pkg____php81-xml-8.1.13 -pkgp-freebsd-pkg____php81-zip-8.1.13 -pkgp-freebsd-pkg____php81-zlib-8.1.13 +pkgp123____apache24-2.4.63 +pkgp123____apr-1.7.5.1.6.3_4 +pkgp123____pkg-2.1.2 +pkgp-freebsd-pkg____bash-5.2.37 +pkgp-freebsd-pkg____bash-completion-2.14.0,2 +pkgp-freebsd-pkg____nano-8.4 +pkgp-freebsd-pkg____php84-8.4.6 +pkgp-freebsd-pkg____php84-bcmath-8.4.6 +pkgp-freebsd-pkg____php84-ctype-8.4.6 +pkgp-freebsd-pkg____php84-curl-8.4.6 +pkgp-freebsd-pkg____php84-dom-8.4.6 +pkgp-freebsd-pkg____php84-exif-8.4.6 +pkgp-freebsd-pkg____php84-fileinfo-8.4.6 +pkgp-freebsd-pkg____php84-filter-8.4.6 +pkgp-freebsd-pkg____php84-ftp-8.4.6 +pkgp-freebsd-pkg____php84-gd-8.4.6 +pkgp-freebsd-pkg____php84-iconv-8.4.6 +pkgp-freebsd-pkg____php84-ldap-8.4.6 +pkgp-freebsd-pkg____php84-mbstring-8.4.6 +pkgp-freebsd-pkg____php84-mysqli-8.4.6 +pkgp-freebsd-pkg____php84-session-8.4.6 +pkgp-freebsd-pkg____php84-sockets-8.4.6 +pkgp-freebsd-pkg____php84-sodium-8.4.6 +pkgp-freebsd-pkg____php84-tokenizer-8.4.6 +pkgp-freebsd-pkg____php84-xml-8.4.6 +pkgp-freebsd-pkg____php84-zip-8.4.6 +pkgp-freebsd-pkg____php84-zlib-8.4.6 diff --git a/jails/config/web/pkg-list-old.txt b/jails/config/web/pkg-list-old.txt index c7413e7..1b2c3de 100644 --- a/jails/config/web/pkg-list-old.txt +++ b/jails/config/web/pkg-list-old.txt @@ -1 +1 @@ -apache24 apr bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-gd php81-iconv php81-ldap php81-mbstring php81-mysqli php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 apr bash bash-completion nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web/pkg-list.txt b/jails/config/web/pkg-list.txt index c7413e7..1b2c3de 100644 --- a/jails/config/web/pkg-list.txt +++ b/jails/config/web/pkg-list.txt @@ -1 +1 @@ -apache24 apr bash bash-completion nano php81 php81-bcmath php81-ctype php81-curl php81-dom php81-exif php81-fileinfo php81-filter php81-ftp php81-gd php81-iconv php81-ldap php81-mbstring php81-mysqli php81-session php81-sockets php81-sodium php81-tokenizer php81-xml php81-zip php81-zlib pkg +apache24 apr bash bash-completion nano php84 php84-bcmath php84-ctype php84-curl php84-dom php84-exif php84-fileinfo php84-filter php84-ftp php84-gd php84-iconv php84-ldap php84-mbstring php84-mysqli php84-session php84-sockets php84-sodium php84-tokenizer php84-xml php84-zip php84-zlib pkg diff --git a/jails/config/web/pkgp.conf b/jails/config/web/pkgp.conf index 86e5a9a..ac09580 100644 --- a/jails/config/web/pkgp.conf +++ b/jails/config/web/pkgp.conf @@ -5,14 +5,12 @@ FreeBSD: { pkgp-freebsd-pkg: { url: "http://pkgp-freebsd-pkg.ahlawat.com/${ABI}/latest", - mirror_type: "http", enabled: yes, priority: 10 } pkgp123: { url: "http://pkgp.ahlawat.com/packages/pj123-default", - mirror_type: "http", signature_type: "pubkey", pubkey: "/mnt/certs/poudriere.cert", enabled: yes, diff --git a/jails/create.sh b/jails/create.sh index 764b410..6e9aef9 100755 --- a/jails/create.sh +++ b/jails/create.sh @@ -8,6 +8,8 @@ # # +SWREL="14.2-RELEASE" + JAIL=$1 JAILHOSTNAME=$2 JAILDOMAIN=$3 @@ -45,8 +47,8 @@ echo "Name:$JAIL / IP:$JAILIP / Hostname:$JAILHOSTNAME / Domain:$JAILDOMAIN / Us #rm /tmp/pkg-$JAIL.json if $I6CONFIG; then - iocage create -n "$JAIL" -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" - # iocage create -n "$JAIL" -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64,vnet0|accept_rtadv" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + iocage create -n "$JAIL" -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" allow_mount_linprocfs=0 boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + # iocage create -n "$JAIL" -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" ip6_addr="vnet0|$I6NW::$JAILIP/64,vnet0|accept_rtadv" defaultrouter=$I4GW defaultrouter6=$I6GW resolver="nameserver $I4NS;nameserver $I6NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" # iocage cannot set static IP AND enable SLAAC temporary properly iocage exec $JAIL 'sysrc ifconfig_epair0b_ipv6="inet6 auto_linklocal accept_rtadv"' iocage exec $JAIL "sysrc rtsold_enable=YES" @@ -54,7 +56,7 @@ if $I6CONFIG; then iocage exec $JAIL "echo 'net.inet6.ip6.use_tempaddr=1' >> /etc/sysctl.conf" iocage exec $JAIL "echo 'net.inet6.ip6.prefer_tempaddr=1' >> /etc/sysctl.conf" else - iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json -r 12.3-RELEASE vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" defaultrouter=$I4GW resolver="nameserver $I4NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" + iocage create -n "$JAIL" -p /tmp/pkg-$JAIL.json -r $SWREL vnet=on ip4_addr="vnet0|$I4NW.$JAILIP/24" defaultrouter=$I4GW resolver="nameserver $I4NS;search $JAILDOMAIN" interfaces=vnet0:bridge1 allow_raw_sockets=1 exec_prestop="ifconfig epair0b -vnet ioc-$JAIL" boot=on host_hostname="$JAILHOSTNAME.$JAILDOMAIN" fi iocage exec $JAIL "sysrc firewall_enable=YES" @@ -112,6 +114,10 @@ iocage exec $JAIL "sysrc sshd_enable=YES" iocage exec $JAIL "/etc/rc.d/sshd start" iocage exec $JAIL "service sshd restart" +# reset MTA back to sendmail - dma does not seem to handle the relay to MX server properly +#iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf; cd /etc/mail; make all install; /usr/bin/newaliases; service sendmail start; service sendmail restart" +iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf" + iocage exec $JAIL "cd /etc/mail ; make" iocage exec $JAIL "bash /mnt/common/snip-sendmail.sh" iocage exec $JAIL "sysrc sendmail_enable=NO" diff --git a/jails/jails-restore-httpd.sh b/jails/jails-restore-httpd.sh deleted file mode 100755 index 5c334ce..0000000 --- a/jails/jails-restore-httpd.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/local/bin/bash - -# Copyright (c) 2018-2022, diyIT.org -# All rights reserved. -# -# BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") -# https://diyit.org/license/ -# -# - -echo "checking pkgp jail nginx instance is running" -iocage exec pkgp "service nginx status" - -#all_web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc web-rockwood web-scvcc-rental ldap-mgr r-ldap-mgr monitor) -# fpm jails don't have mod_php installed -web_jails=(ldap-mgr r-ldap-mgr) - -for i in ${web_jails[@]}; -do - echo "" - echo "## checking $i JAIL configs after Apache and/or PHP updates ##" - iocage exec $i "diff /usr/local/etc/apache24/httpd.conf /mnt/config/httpd.conf" - iocage exec $i "diff /usr/local/etc/php.ini /mnt/config/php.ini" - if [[ "$i" != "ldap-mgr" && "$i" != "r-ldap-mgr" ]]; then - iocage exec $i "diff /usr/local/etc/php-fpm.d/www.conf /mnt/config/www.conf" - fi - echo "####" -done - -echo "" -echo "check in output above if php.ini or php-fpm also need to be restored" - -echo "" -read -p "Return/Enter to restore httpd.conf files, ctrl-c to abort? " RESP - -for i in ${web_jails[@]}; -do - echo "" - echo "restoring httpd.conf in web_jail $i after Apache update" - iocage exec $i "cp /mnt/config/httpd.conf /usr/local/etc/apache24/httpd.conf" - iocage exec $i "service apache24 restart" -done diff --git a/jails/jails-update-cert.sh b/jails/jails-update-cert.sh index a021779..b341ba0 100755 --- a/jails/jails-update-cert.sh +++ b/jails/jails-update-cert.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2024, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -8,16 +8,18 @@ # # -web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-datavpc web-rockwood web-scvcc-rental ldap-mgr r-ldap-mgr monitor) +#web_jails=(cloud hub nivi rachna rishabh sharad web web-diyit web-rockwood ldap-mgr monitor) -for i in ${web_jails[@]}; -do - echo "restarting apache in web_jail $i after SSL update" - iocage exec $i "service apache24 restart" - # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. -done +#for i in ${web_jails[@]}; +#do +# echo "restarting apache in web_jail $i after SSL update" +# iocage exec $i "service apache24 restart" +# # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. +#done -ldap_jails=(ldap r-ldap) +./jails-update-httpd.sh + +ldap_jails=(ldap) for i in ${ldap_jails[@]}; do @@ -28,6 +30,9 @@ done echo "restarting haproxy in jail proxy after SSL update" iocage exec proxy "service haproxy reload" +echo "regenerate dane tlsa records after SSL update" +iocage exec dns "/data/dns_update_serial.sh" + echo "restarting nginx in jail pkgp after SSL update" iocage exec pkgp "service nginx restart" # The majority of TLS/SSL servers require a full restart to re-load the certificates if the filename is unchanged. @@ -38,17 +43,20 @@ iocage exec mail "service postfix start" iocage exec mail "service dovecot stop" iocage exec mail "service dovecot start" -echo "restarting ELK in jail elk after SSL update" -iocage exec elk "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs" -iocage exec elk "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs" +echo "restarting synapse in jail matrix after SSL update" +iocage exec matrix "service synapse restart" + +#echo "restarting ELK in jail monitor after SSL update" +iocage exec monitor "cp /mnt/certs/diy*.pem /usr/local/etc/elasticsearch/certs" +iocage exec monitor "cp /mnt/certs/cacert.pem /usr/local/etc/elasticsearch/certs" exit -iocage exec elk "service elasticsearch restart" -iocage exec elk "service kibana restart" +#iocage exec monitor "service elasticsearch restart" +#iocage exec monitor "service kibana restart" -#iocage exec elk "service logstash restart" -iocage exec elk 'ps axww | grep logstash | cut -f1 -d" " | xargs -n 1 kill -9 ' -iocage exec elk "/root/start_logstash.sh" +#iocage exec monitor "service logstash restart" +#iocage exec monitor 'ps axww | grep logstash | cut -f1 -d" " | xargs -n 1 kill -9 ' +#iocage exec monitor "/root/start_logstash.sh" -iocage exec elk "service heartbeat restart" +#iocage exec monitor "service heartbeat restart" diff --git a/jails/jails-update-pkgs.sh b/jails/jails-update-pkgs.sh index 7367338..037e5f5 100755 --- a/jails/jails-update-pkgs.sh +++ b/jails/jails-update-pkgs.sh @@ -1,6 +1,6 @@ #!/usr/local/bin/bash -# Copyright (c) 2018-2022, diyIT.org +# Copyright (c) 2018-2024, diyIT.org # All rights reserved. # # BSD 2-Clause License ("Simplified BSD License" or "FreeBSD License") @@ -24,8 +24,10 @@ else # iocage set securelevel=2 pkgp iocage exec pkgp "poudriere jail -i -j $pkg_jail" - portsnap auto - iocage exec pkgp "portsnap auto" +# portsnap auto +# iocage exec pkgp "portsnap auto" + #git clone https://git.FreeBSD.org/ports.git /usr/ports + cd /usr/ports; git pull iocage exec pkgp "poudriere ports -l" iocage exec pkgp "poudriere bulk -f /mnt/config/mypkgs -j $pkg_jail" @@ -41,7 +43,7 @@ read -p "Return/Enter to continue, ctrl-c to abort? " RESP for i in `jls -N | cut -d " " -f 2 | cut -d "-" -f 2- | grep -v JID | sort`; do echo "######## ## JAIL:::: $i ##" - if [[ $i == "pkgp" || $i == "debian" ]]; then + if [[ $i == "pkgp" || $i == "debian" || $i == "r-automated" || $i == "r-db" || $i == "r-git" ]]; then continue fi iocage exec $i "pkg query -e "%a==0" "%n" | sort -d | xargs | tee /mnt/config/pkg-list-old.txt" @@ -59,6 +61,13 @@ do # iocage exec $i "pkg upgrade -y -r $pkg_repo openldap24-client" # iocage exec $i "pkg lock -y openldap24-client" # fi + +# the other 3 pip jails have packages installed via pkg commands which also install the rc.d scripts +# if [[ $i == "auto" || $i == "book" || $i == "cam" || $i == "mage" || $i == "matrix" ]]; then + if [[ $i == "cam" ]]; then +# iocage exec $i "pip install --upgrade pip" - use py39-pip instead + iocage exec $i "cat /mnt/config/pip-list.txt | xargs -n1 pip install --upgrade " + fi iocage exec $i "pkg autoremove -y" iocage exec $i "pkg upgrade -y" iocage exec $i "pkg clean -ay" @@ -74,14 +83,18 @@ done cd /mnt/ship/book/calibre-web pwd git pull + # in the book jail run: + #pkg install py311-netifaces-plus + #cd /data/calibre-web + #pip install -r requirements.txt cd /mnt/ship/plex/PlexConnect pwd git pull - cd /mnt/ship/maps/networkmaps - pwd - git pull +# cd /mnt/ship/maps/networkmaps +# pwd +# git pull echo "NOTES:" echo "" @@ -91,6 +104,16 @@ echo "pkg autoremove -y" echo "pkg upgrade -y" echo "pkg clean -ay" echo "" + +echo "" +echo "update pkgp now:" +echo "iocage console pkgp" +echo "pkg update" +echo "pkg autoremove -y" +echo "pkg upgrade -y" +echo "pkg clean -ay" +echo "" + echo "# iocage stop ALL" echo "# iocage start ALL" echo "iocage restart -s ALL" @@ -101,4 +124,4 @@ echo "iocage exec cert \"cd /root/acme-dns;git pull\"" echo "iocage exec cert \"/root/.acme.sh/acme.sh --upgrade\"" echo "iocage exec cert \"/mnt/config/backup.sh\"" echo "" -echo "iocage exec hass \"/mnt/config/hass-upgrade.sh\"" +# echo "iocage exec hass \"/mnt/config/hass-upgrade.sh\" - deprecated, migrated to haos" diff --git a/jails/pkg-list-details-server.txt b/jails/pkg-list-details-server.txt index 012e4ec..a7cd432 100644 --- a/jails/pkg-list-details-server.txt +++ b/jails/pkg-list-details-server.txt @@ -1,30 +1,45 @@ -FreeBSD____bash-completion-2.11_1,2 -FreeBSD____grub2-bhyve-0.40_8 -FreeBSD____rpl-1.4.1 -FreeBSD____tftp-hpa-5.2_1 -FreeBSD____wireguard-2,1 -FreeBSD____xorriso-1.5.4 -FreeBSD____zfsnap-1.11.1_1 -FreeBSD____zfs-stats-1.3.1 -pkgp-freebsd-pkg____7-zip-21.07_2 -pkgp-freebsd-pkg____bash-5.2.9 -pkgp-freebsd-pkg____debootstrap-1.0.128 -pkgp-freebsd-pkg____git-2.38.1_3 -pkgp-freebsd-pkg____grc-1.13 -pkgp-freebsd-pkg____htop-3.2.1 -pkgp-freebsd-pkg____i7z-0.27.4 -pkgp-freebsd-pkg____iperf3-3.12 -pkgp-freebsd-pkg____mc-4.8.28 -pkgp-freebsd-pkg____nano-6.4 -pkgp-freebsd-pkg____node_exporter-1.3.1_6 -pkgp-freebsd-pkg____nut-2.8.0_13 -pkgp-freebsd-pkg____pkg-1.18.4 -pkgp-freebsd-pkg____powerdxx-0.4.4_1 -pkgp-freebsd-pkg____psearch-2.1.0 -pkgp-freebsd-pkg____py39-prometheus-client-0.15.0 -pkgp-freebsd-pkg____rsync-3.2.6 -pkgp-freebsd-pkg____smartmontools-7.3 -pkgp-freebsd-pkg____sudo-1.9.12p1 -pkgp-freebsd-pkg____tmux-3.3a -pkgp-freebsd-pkg____wget-1.21.3_1 -pkgp-freebsd-pkg____zsh-5.9_1 +FreeBSD____7-zip-24.09 +FreeBSD____bash-5.2.37 +FreeBSD____bash-completion-2.14.0,2 +FreeBSD____beadm-1.3.5_1 +FreeBSD____bhyve-firmware-1.0_2 +FreeBSD____ca_root_nss-3.108 +FreeBSD____cmdwatch-0.2.0_3 +FreeBSD____cpuid-3.3_7 +FreeBSD____debootstrap-1.0.128n2_3 +FreeBSD____dmidecode-3.6 +FreeBSD____git-2.49.0 +FreeBSD____grc-1.13_1 +FreeBSD____grub2-bhyve-0.40_11 +FreeBSD____htop-3.4.0 +FreeBSD____i7z-0.27.4_1 +FreeBSD____iftop-1.0.p4_1 +FreeBSD____intel-pcm-202405_1 +FreeBSD____iperf3-3.18 +FreeBSD____mc-4.8.32 +FreeBSD____nano-8.4 +FreeBSD____node_exporter-1.8.2_2 +FreeBSD____nut-2.8.2_1 +FreeBSD____openseachest-23.12_2 +FreeBSD____pkg-2.1.2 +FreeBSD____powerdxx-0.4.4_2 +FreeBSD____psearch-2.1.0_1 +FreeBSD____py311-gstat_exporter-0.2.0,1 +FreeBSD____py311-pip-23.3.2_4 +FreeBSD____py311-prometheus-client-0.21.1_1 +FreeBSD____python3-3_4 +FreeBSD____qemu-nox11-9.2.0_1 +FreeBSD____rpl-1.4.1_1 +FreeBSD____rsync-3.4.1_2 +FreeBSD____rust-1.86.0 +FreeBSD____sg3_utils-1.48_1 +FreeBSD____smartmontools-7.4_2 +FreeBSD____sudo-1.9.16p2_1 +FreeBSD____tftp-hpa-5.2_3 +FreeBSD____tmux-3.5a_1 +FreeBSD____wget-1.25.0 +FreeBSD____xorriso-1.5.6_2 +FreeBSD____zfsnap2-2.0.0.b3_4 +FreeBSD____zfs-stats-1.3.2 +FreeBSD____zsh-5.9_5 +unknown-repository____speedtest-1.2.0.84-1.ea6b6773cf diff --git a/jails/pkg-list-server.txt b/jails/pkg-list-server.txt index cb53671..e42a550 100644 --- a/jails/pkg-list-server.txt +++ b/jails/pkg-list-server.txt @@ -1 +1 @@ -7-zip bash bash-completion debootstrap git grc grub2-bhyve htop i7z iperf3 mc nano node_exporter nut pkg powerdxx psearch py39-prometheus-client rpl rsync smartmontools sudo tftp-hpa tmux wget wireguard xorriso zfsnap zfs-stats zsh +7-zip bash bash-completion beadm bhyve-firmware ca_root_nss cmdwatch cpuid debootstrap dmidecode git grc grub2-bhyve htop i7z iftop intel-pcm iperf3 mc nano node_exporter nut openseachest pkg powerdxx psearch py311-gstat_exporter py311-pip py311-prometheus-client python3 qemu-nox11 rpl rsync rust sg3_utils smartmontools speedtest sudo tftp-hpa tmux wget xorriso zfsnap2 zfs-stats zsh diff --git a/jails/update.sh b/jails/update.sh index 76fbed8..9f1451c 100755 --- a/jails/update.sh +++ b/jails/update.sh @@ -8,15 +8,17 @@ # # -SWREL="12.4-RELEASE" -SWRELOLD="12.3-RELEASE" -SWRELOLD_patch="12.3-RELEASE-p8" -pkg_jail="pj124" +SWREL="14.2-RELEASE" +SWREL_patch="14.2-RELEASE-p3" +SWRELOLD="14.2-RELEASE" +SWRELOLD_patch="14.2-RELEASE-p1" +pkg_jail="pj123" pkg_jailOLD="pj123" +/root/FreeBSD/scripts/freebsd-update-mirror fetch -d /zroot/pkgp/update --currently-running $SWRELOLD_PATCH -m -# NOTE: first time for new SWREL -# remember to update pkgp.conf files to new pkg_jail +# LATEST: Decided to use pkgp123 as the repo and pj123 as the jail going forward as all jails run the same SWREL +# NOTE: first time for new SWREL remember to update pkgp.conf files to new pkg_jail # find ./ | grep pkgp.conf | sort update_jail () @@ -30,9 +32,12 @@ update_jail () # zfs list -t snapshot -o name | grep ship/iocage/jails/$JAIL | sort | xargs -n 1 zfs destroy #fi - iocage exec $JAIL "freebsd-version" + iocage exec $JAIL "freebsd-version -ru" # freebsd-version -j 8 + iocage exec $JAIL "rm -rf /var/db/freebsd-update/install.*" + iocage exec $JAIL "rm -f /var/db/freebsd-update/*" + if [[ $1 == "upgrade" ]]; then # FAILING: iocage upgrade -r $SWREL $JAIL # freebsd-update -r $SWREL -j 8 upgrade @@ -40,33 +45,42 @@ update_jail () # freebsd-update -r $SWREL -j 8 install freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron upgrade freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron install + iocage stop $JAIL + sleep 2 + iocage start $JAIL # post reboot install, reboot not required in jails freebsd-update --currently-running $SWRELOLD -r $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron install # iocage update fetches update based on string in json which used to get updated as part of the upgrade workflow - cd /mnt/iocage/jails/$JAIL - rpl '"release": "${SWRELOLD_patch}"' '"release": "${SWREL}"' config.json iocage update $JAIL + cd /mnt/iocage/jails/$JAIL + rpl '"release": "'${SWRELOLD_patch}'"' '"release": "'${SWREL_patch}'"' config.json + iocage exec $JAIL "[ -f /mnt/config/pkgp.conf ] && cp /mnt/config/pkgp.conf /usr/local/etc/pkg/repos/ || cp /mnt/common/pkgp.conf /usr/local/etc/pkg/repos/" iocage exec $JAIL "pkg-static upgrade -f -y" iocage exec $JAIL "pkg update -f" + + # reset MTA back to sendmail - dma does not seem to handle the relay to MX server properly + # iocage exec $JAIL "cp /usr/share/examples/sendmail/mailer.conf /etc/mail/mailer.conf; cd /etc/mail; make all install; /usr/bin/newaliases; service sendmail start; service sendmail restart" else + echo "freebsd-update --currently-running $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron fetch" freebsd-update --currently-running $SWREL -b /mnt/iocage/jails/$JAIL/root -d /mnt/iocage/jails/$JAIL/root/var/db/freebsd-update -f /mnt/iocage/jails/$JAIL/root/etc/freebsd-update.conf --not-running-from-cron fetch # let iocage finish the patch install +# read -p "step 1" iocage update $JAIL +# read -p "step 2" iocage exec $JAIL "pkg update" fi iocage exec $JAIL "pkg autoremove -y" iocage exec $JAIL "pkg upgrade -y" - # iocage exec $JAIL "pkg upgrade -f -y" iocage exec $JAIL "pkg clean -ay" # iocage exec $JAIL "rm -rf /var/tmp/temproot*" -# iocage exec $JAIL "mergemaster -a" + iocage exec $JAIL "etcupdate resolve" iocage exec $JAIL "etcupdate -t /mnt/common/$SWREL.bzip2" - iocage exec $JAIL "freebsd-version" + iocage exec $JAIL "freebsd-version -ru" # freebsd-version -j 8 echo "######## ####" @@ -77,26 +91,29 @@ read -p "skip initial preparation steps (y/N)? " RESP if [ -z $RESP ] || [ $RESP == "n" ] || [ $RESP == "N" ]; then if [[ $1 == "upgrade" ]]; then - echo "#### update of $SWREL called" + echo "#### fetching new iocage root image $SWREL" iocage fetch -NU -r $SWREL fi #iocage freebsd-update is failing in jails - echo "#### iocage root - updating" + echo "#### updating iocage root image" freebsd-update --currently-running $SWREL -b /mnt/iocage/releases/$SWREL/root -d /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update -f /mnt/iocage/releases/$SWREL/root/etc/freebsd-update.conf fetch freebsd-update --currently-running $SWREL -b /mnt/iocage/releases/$SWREL/root -d /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update -f /mnt/iocage/releases/$SWREL/root/etc/freebsd-update.conf install echo "#### preparing etcupdate archive" - etcupdate build $SWREL.bzip2 -s /mnt/iocage/releases/$SWREL/root/usr/src + etcupdate build -s /mnt/iocage/releases/$SWREL/root/usr/src $SWREL.bzip2 mv $SWREL.bzip2 /root/FreeBSD/jails/config/common/ - echo "#### iocage root - cleaning update directory" + echo "#### cleaning iocage root image update directory" rm -rf /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update mkdir -p /mnt/iocage/releases/$SWREL/root/var/db/freebsd-update/files - echo "#### preparing poudriere jail - okay to delete poudriere build jail when prompted" + + echo "#### preparing poudriere pkgp jail - okay to delete poudriere build jail when prompted" cp -r /mnt/iocage/releases/$SWREL /zroot/pkgp if [[ $1 == "upgrade" ]]; then + JAIL="pkgp" + update_jail $1 iocage exec pkgp "poudriere jail -d -j $pkg_jailOLD" else iocage exec pkgp "poudriere jail -d -j $pkg_jail" @@ -105,18 +122,10 @@ if [ -z $RESP ] || [ $RESP == "n" ] || [ $RESP == "N" ]; then iocage exec pkgp "poudriere jail -i -j $pkg_jail" # check options are updated in /usr/local/etc/poudriere.d/$pkg_jail-options - read -p "update pkgp packages first (y/N)? " RESP + read -p "update poudriere pkgp jail packages first (y/N)? " RESP if [ ! -z $RESP ] && [ $RESP == "y" ]; then - if [[ $1 == "upgrade" ]]; then - JAIL="pkgp" - read -p "upgrade jail $JAIL (y/N)? " RESP - if [ $RESP == "y" ] || [ $RESP == "Y" ]; then - update_jail $1 - fi - fi - /root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only -fi - + /root/FreeBSD/jails/jails-update-pkgs.sh pkgp-only + fi fi read -p "process all jails (y/N)? " RESP @@ -138,19 +147,24 @@ if [ ! -z $RESP ] && [ $RESP == "y" ]; then fi echo "update -OR- upgrade base system by running:" -echo "freebsd-update fetch -OR- freebsd-update upgrade -r $SWREL" -echo "freebsd-update install -OR- pkg bootstrap -f ; pkg update ; pkg upgrade" +echo "rm -rf /var/db/freebsd-update/install.*" +echo "rm /var/db/freebsd-update/*" -# echo "rm -rf /usr/src.old; cp -r /usr/src /usr/src.old; rm -rf /usr/src/*" -# echo "git clone --depth 1 --branch releng/12.3 https://git.FreeBSD.org/src.git /usr/src" -# echo "cd /usr/src; cp ../../../../src.old/sys/amd64/conf/diyIT ." -echo "cd /usr/src; git pull; make -j8 buildkernel KERNCONF=diyIT && make -j8 installkernel KERNCONF=diyIT" +echo "freebsd-update fetch -OR- freebsd-update upgrade -r $SWREL" +echo "freebsd-update install -OPTIONAL- pkg bootstrap -f ; pkg update ; pkg upgrade" + +# echo "rm -rf /usr/src.old; cp -r /usr/src /usr/src.old; rm -rf /usr/src/*; rm -rf /usr/src/.a* /usr/src/.c* /usr/src/.g*" +# the reason we can't delete the /usr/src directly is because it is mounted in all the jails +# echo "git clone --depth 1 --branch releng/14.1 https://git.FreeBSD.org/src.git /usr/src" +# echo "cd /usr/src/sys/amd64/conf; cp ../../../../src.old/sys/amd64/conf/diyIT ." +echo "cd /usr/src; git pull; make -j8 buildkernel KERNCONF=diyIT && make installkernel KERNCONF=diyIT" echo "reboot" -echo "pkg-static upgrade -f" +echo "pkg-static upgrade -f; pkg update -f; pkg upgrade; pkg clean -a" #echo "rm -rf /var/tmp/temproot*" -#echo "mergemaster -a" echo "etcupdate" echo "/root/FreeBSD/scripts/zfs-prune-snapshots -vn -p 'ioc_update' 1d | grep removing" + +echo "bectl list | grep 14.1-RELEASE-p3 | cut -d" " -f1 | xargs -n 1 bectl destroy" diff --git a/scripts/gstat_exporter.py b/scripts/gstat_exporter.py old mode 100755 new mode 100644 index 78e6303..3d48868 --- a/scripts/gstat_exporter.py +++ b/scripts/gstat_exporter.py @@ -1,411 +1,396 @@ -from prometheus_client import start_http_server, Gauge # type: ignore +from prometheus_client import start_http_server, Gauge +import argparse +import logging +import datetime from subprocess import Popen, PIPE from typing import Dict +from importlib.metadata import PackageNotFoundError, version + +# get version +try: + __version__ = version("gstat_exporter") +except PackageNotFoundError: + # package is not installed, version unknown + __version__ = "0.0.0" + +class GstatExporter: + def __init__(self, interval: int = 30, grace: int = 30, sleep: int = 15) -> None: + """Define metrics and other neccesary variables.""" + # save interval, grace, and sleep + self.interval = interval + self.grace = grace + self.sleep = sleep + + # save the version as a class attribute + self.__version__ = __version__ + + # define the metric labels + self.labels: list[str] = [ + "name", + "descr", + "mediasize", + "sectorsize", + "lunid", + "ident", + "rotationrate", + "fwsectors", + "fwheads", + ] + + # define the metrics + self.metrics: dict[str, Gauge] = {} + self.metrics["up"] = Gauge( + "gstat_up", + "The value of this Gauge is always 1 when the gstat_exporter is up", + ) + + self.metrics["queue"] = Gauge( + "gstat_queue_depth", + "The queue depth for this GEOM", + self.labels, + ) + self.metrics["totalops"] = Gauge( + "gstat_total_operations_per_second", + "The total number of operations/second for this GEOM", + self.labels, + ) + + self.metrics["readops"] = Gauge( + "gstat_read_operations_per_second", + "The number of read operations/second for this GEOM", + self.labels, + ) + self.metrics["readsize"] = Gauge( + "gstat_read_size_kilobytes", + "The size in kilobytes of read operations for this GEOM", + self.labels, + ) + self.metrics["readkbs"] = Gauge( + "gstat_read_kilobytes_per_second", + "The speed in kilobytes/second of read operations for this GEOM", + self.labels, + ) + self.metrics["readms"] = Gauge( + "gstat_miliseconds_per_read", + "The speed in miliseconds/read operation for this GEOM", + self.labels, + ) + + self.metrics["writeops"] = Gauge( + "gstat_write_operations_per_second", + "The number of write operations/second for this GEOM", + self.labels, + ) + self.metrics["writesize"] = Gauge( + "gstat_write_size_kilobytes", + "The size in kilobytes of write operations for this GEOM", + self.labels, + ) + self.metrics["writekbs"] = Gauge( + "gstat_write_kilobytes_per_second", + "The speed in kilobytes/second of write operations for this GEOM", + self.labels, + ) + self.metrics["writems"] = Gauge( + "gstat_miliseconds_per_write", + "The speed in miliseconds/write operation for this GEOM", + self.labels, + ) + + self.metrics["deleteops"] = Gauge( + "gstat_delete_operations_per_second", + "The number of delete operations/second for this GEOM", + self.labels, + ) + self.metrics["deletesize"] = Gauge( + "gstat_delete_size_kilobytes", + "The size in kilobytes of delete operations for this GEOM", + self.labels, + ) + self.metrics["deletekbs"] = Gauge( + "gstat_delete_kilobytes_per_second", + "The speed in kilobytes/second of delete operations for this GEOM", + self.labels, + ) + self.metrics["deletems"] = Gauge( + "gstat_miliseconds_per_delete", + "The speed in miliseconds/delete operation for this GEOM", + self.labels, + ) + + self.metrics["otherops"] = Gauge( + "gstat_other_operations_per_second", + "The number of other operations (BIO_FLUSH)/second for this GEOM", + self.labels, + ) + self.metrics["otherms"] = Gauge( + "gstat_miliseconds_per_other", + "The speed in miliseconds/other operation (BIO_FLUSH) for this GEOM", + self.labels, + ) + + self.metrics["busy"] = Gauge( + "gstat_percent_busy", + "The percent of the time this GEOM is busy", + self.labels, + ) + + # start with an empty deviceinfo dict and add devices as we see them + self.deviceinfo: Dict[str, Dict[str, str]] = {} + + # variables used for checking for removed devices + self.lastcheck = datetime.datetime.now() + self.timestamps: Dict[str, datetime.datetime] = {} + + logging.debug("Done initialising GstatExporter class") + + def get_deviceinfo(self, name: str) -> Dict[str, str]: + """ + Return a dict of GEOM device info for GEOM devices in class DISK, + for use as labels for the metrics. + + Sample output from the geom command: + + $ geom -p ada0 + Geom class: DISK + Geom name: ada0 + Providers: + 1. Name: ada0 + Mediasize: 250059350016 (233G) + Sectorsize: 512 + Mode: r2w2e4 + descr: Samsung SSD 860 EVO mSATA 250GB + lunid: 5002538e700b753f + ident: S41MNG0K907238X + rotationrate: 0 + fwsectors: 63 + fwheads: 16 + $ + """ + logging.debug(f"Getting deviceinfo for GEOM {name}...") + with Popen( + ["geom", "-p", name], stdout=PIPE, bufsize=1, universal_newlines=True + ) as p: + result = {} + for line in p.stdout: # type: ignore + # remove excess whitespace + line = line.strip() + # we only care about the DISK class for now + if line[0:12] == "Geom class: " and line[-4:] != "DISK": + break + + if line[0:11] == "Mediasize: ": + result["mediasize"] = line[11:] + if line[0:12] == "Sectorsize: ": + result["sectorsize"] = line.split(" ")[1] + if line[0:7] == "descr: ": + result["descr"] = " ".join(line.split(" ")[1:]) + if line[0:7] == "lunid: ": + result["lunid"] = line.split(" ")[1] + if line[0:7] == "ident: ": + result["ident"] = line.split(" ")[1] + if line[0:14] == "rotationrate: ": + result["rotationrate"] = line.split(" ")[1] + if line[0:11] == "fwsectors: ": + result["fwsectors"] = line.split(" ")[1] + if line[0:9] == "fwheads: ": + result["fwheads"] = line.split(" ")[1] + logging.debug(f"Returning deviceinfo for {name}: {result}") + return result + + def run_gstat_forever(self) -> None: + """ + Run gstat in a loop and update stats per line + """ + logging.debug(f"Running 'gstat -pdosCI {self.sleep}s' (will loop forever)...") + with Popen( + ["gstat", "-pdosCI", f"{self.sleep}s"], stdout=PIPE, bufsize=1, universal_newlines=True + ) as p: + # loop over lines in the output + for line in p.stdout: # type: ignore + ( + timestamp, + name, + queue_depth, + total_operations_per_second, + read_operations_per_second, + read_size_kilobytes, + read_kilobytes_per_second, + miliseconds_per_read, + write_operations_per_second, + write_size_kilobytes, + write_kilobytes_per_second, + miliseconds_per_write, + delete_operations_per_second, + delete_size_kilobytes, + delete_kilobytes_per_second, + miliseconds_per_delete, + other_operations_per_second, + miliseconds_per_other, + percent_busy, + ) = line.split(",") + if timestamp == "timestamp": + # skip header line + continue + + # first check if this GEOM has been seen before + if name not in self.deviceinfo: + logging.info(f"Adding new GEOM to deviceinfo: {name}") + # this is the first time we see this GEOM + self.deviceinfo[name] = {} + # we always need a value for all labels + for key in self.labels: + self.deviceinfo[name][key] = "" + # get real info from the device if it is class DISK + self.deviceinfo[name].update(self.get_deviceinfo(name)) + self.deviceinfo[name].update({"name": name}) + + # update timestamp to track when this GEOM was last seen + self.timestamps[name] = datetime.datetime.strptime( + timestamp.split(".")[0], "%Y-%m-%d %H:%M:%S" + ) + + # up is always.. up + self.metrics["up"].set(1) + + self.metrics["queue"].labels(**self.deviceinfo[name]).set(queue_depth) + self.metrics["totalops"].labels(**self.deviceinfo[name]).set( + total_operations_per_second + ) + + self.metrics["readops"].labels(**self.deviceinfo[name]).set( + read_operations_per_second + ) + self.metrics["readsize"].labels(**self.deviceinfo[name]).set( + read_size_kilobytes + ) + self.metrics["readkbs"].labels(**self.deviceinfo[name]).set( + read_kilobytes_per_second + ) + self.metrics["readms"].labels(**self.deviceinfo[name]).set( + miliseconds_per_read + ) + + self.metrics["writeops"].labels(**self.deviceinfo[name]).set( + write_operations_per_second + ) + self.metrics["writesize"].labels(**self.deviceinfo[name]).set( + write_size_kilobytes + ) + self.metrics["writekbs"].labels(**self.deviceinfo[name]).set( + write_kilobytes_per_second + ) + self.metrics["writems"].labels(**self.deviceinfo[name]).set( + miliseconds_per_write + ) + + self.metrics["deleteops"].labels(**self.deviceinfo[name]).set( + delete_operations_per_second + ) + self.metrics["deletesize"].labels(**self.deviceinfo[name]).set( + delete_size_kilobytes + ) + self.metrics["deletekbs"].labels(**self.deviceinfo[name]).set( + delete_kilobytes_per_second + ) + self.metrics["deletems"].labels(**self.deviceinfo[name]).set( + miliseconds_per_delete + ) + + self.metrics["otherops"].labels(**self.deviceinfo[name]).set( + other_operations_per_second + ) + self.metrics["otherms"].labels(**self.deviceinfo[name]).set( + miliseconds_per_other + ) + + self.metrics["busy"].labels(**self.deviceinfo[name]).set(percent_busy) + + # check for removed GEOMs + now = datetime.datetime.now() + if (now - self.lastcheck).seconds > self.interval: + logging.debug("Running periodic check for removed devices...") + # enough time has passed since the last check + # loop over devices and check timestamp for each + remove = [] + for name in self.deviceinfo.keys(): + delta = (now - self.timestamps[name]).seconds + if delta > self.grace: + remove.append(name) + logging.info( + f"It has been {self.grace} seconds since gstat last reported data for GEOM {name} - removing metrics" + ) + + # loop over the GEOMs for which gstat stopped giving data and remove them + for name in remove: + # it has been too long since we have seen this GEOM, remove it + for metric in self.metrics.keys(): + if metric == "up": + # skip the up metric + continue + self.metrics[metric].remove(*self.deviceinfo[name].values()) + del self.deviceinfo[name] + self.lastcheck = datetime.datetime.now() -def get_deviceinfo(name: str) -> Dict[str, str]: - """ - Return a dict of GEOM device info for GEOM devices in class DISK, - for use as labels for the metrics. +def main() -> None: + """Run the main function.""" + parser = argparse.ArgumentParser() - Sample output from the geom command: + parser.add_argument( + "-g", + "--grace", + type=int, + help="Stop exporting metrics for a GEOM after gstat has not reported data from it for this many seconds. Defaults to 30 seconds.", + default=30, + ) + parser.add_argument( + "-i", + "--interval", + type=int, + help="How many seconds to wait between checking for removed devices. Defaults to 30 seconds.", + default=30, + ) + parser.add_argument( + "-l", + "--listen-ip", + type=str, + help="Listen IP. Defaults to 0.0.0.0 (all v4 IPs). Set to :: to listen on all v6 IPs.", + default="0.0.0.0", + ) + parser.add_argument( + "-p", + "--port", + type=int, + help="Portnumber. Defaults to 9248.", + default=9248, + ) + parser.add_argument( + "-s", + "--sleep", + type=int, + help="How long should gstat sleep between reporting data, in seconds. Set this to the same as your Prometheus scrape interval. Defaults to 15.", + default=15, + ) - $ geom -p ada0 - Geom class: DISK - Geom name: ada0 - Providers: - 1. Name: ada0 - Mediasize: 250059350016 (233G) - Sectorsize: 512 - Mode: r2w2e4 - descr: Samsung SSD 860 EVO mSATA 250GB - lunid: 5002538e700b753f - ident: S41MNG0K907238X - rotationrate: 0 - fwsectors: 63 - fwheads: 16 - $ - """ - with Popen( - ["geom", "-p", name], stdout=PIPE, bufsize=1, universal_newlines=True - ) as p: - result = {} - for line in p.stdout: - # remove excess whitespace - line = line.strip() - # we only care about the DISK class for now - if line[0:12] == "Geom class: " and line[-4:] != "DISK": - break + parser.add_argument( + "-d", + "--debug", + action="store_const", + dest="loglevel", + const="DEBUG", + help="Debug mode.", + default="INFO", + ) - if line[0:11] == "Mediasize: ": - result["mediasize"] = line[11:] - if line[0:12] == "Sectorsize: ": - result["sectorsize"] = line.split(" ")[1] - if line[0:7] == "descr: ": - result["descr"] = " ".join(line.split(" ")[1:]) - if line[0:7] == "lunid: ": - result["lunid"] = line.split(" ")[1] - if line[0:7] == "ident: ": - result["ident"] = line.split(" ")[1] - if line[0:14] == "rotationrate: ": - result["rotationrate"] = line.split(" ")[1] - if line[0:11] == "fwsectors: ": - result["fwsectors"] = line.split(" ")[1] - if line[0:9] == "fwheads: ": - result["fwheads"] = line.split(" ")[1] - return result + args = parser.parse_args() + logging.basicConfig(level=args.loglevel, datefmt="%Y-%m-%d %H:%M:%S %z", format="%(asctime)s - %(module)s - %(levelname)s - %(message)s") + logging.info(f"Starting gstat_exporter v{__version__} - logging at level {args.loglevel}") + logging.info(f"Starting HTTP listener on address '{args.listen_ip}' port '{args.port}'") + start_http_server(addr=args.listen_ip, port=args.port) + exporter = GstatExporter(interval=args.interval, grace=args.grace, sleep=args.sleep) + while True: + exporter.run_gstat_forever() - -def process_request() -> None: - """ - Run gstat in a loop and update stats per line - """ - # start with an empty deviceinfo dict and add devices as we see them - deviceinfo: Dict[str, Dict[str, str]] = {} - - with Popen( - ["gstat", "-pdosCI", "5s"], stdout=PIPE, bufsize=1, universal_newlines=True - ) as p: - for line in p.stdout: - ( - timestamp, - name, - queue_depth, - total_operations_per_second, - read_operations_per_second, - read_size_kilobytes, - read_kilobytes_per_second, - miliseconds_per_read, - write_operations_per_second, - write_size_kilobytes, - write_kilobytes_per_second, - miliseconds_per_write, - delete_operations_per_second, - delete_size_kilobytes, - delete_kilobytes_per_second, - miliseconds_per_delete, - other_operations_per_second, - miliseconds_per_other, - percent_busy, - ) = line.split(",") - if timestamp == "timestamp": - # skip header line - continue - - if name not in deviceinfo: - # this is the first time we see this GEOM - deviceinfo[name] = {} - # we always need a value for all labels - for key in [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ]: - deviceinfo[name][key] = "" - # get real info from the device if it is class DISK - deviceinfo[name].update(get_deviceinfo(name)) - - deviceinfo[name].update({"name": name}) - - # up is always.. up - up.set(1) - - queue.labels(**deviceinfo[name]).set(queue_depth) - totalops.labels(**deviceinfo[name]).set(total_operations_per_second) - - readops.labels(**deviceinfo[name]).set(read_operations_per_second) - readsize.labels(**deviceinfo[name]).set(read_size_kilobytes) - readkbs.labels(**deviceinfo[name]).set(read_kilobytes_per_second) - readms.labels(**deviceinfo[name]).set(miliseconds_per_read) - - writeops.labels(**deviceinfo[name]).set(write_operations_per_second) - writesize.labels(**deviceinfo[name]).set(write_size_kilobytes) - writekbs.labels(**deviceinfo[name]).set(write_kilobytes_per_second) - writems.labels(**deviceinfo[name]).set(miliseconds_per_write) - - deleteops.labels(**deviceinfo[name]).set(delete_operations_per_second) - deletesize.labels(**deviceinfo[name]).set(delete_size_kilobytes) - deletekbs.labels(**deviceinfo[name]).set(delete_kilobytes_per_second) - deletems.labels(**deviceinfo[name]).set(miliseconds_per_delete) - - otherops.labels(**deviceinfo[name]).set(other_operations_per_second) - otherms.labels(**deviceinfo[name]).set(miliseconds_per_other) - - busy.labels(**deviceinfo[name]).set(percent_busy) - - -# define metrics -up = Gauge( - "gstat_up", "The value of this Gauge is always 1 when the gstat_exporter is up" -) - -queue = Gauge( - "gstat_queue_depth", - "The queue depth for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -totalops = Gauge( - "gstat_total_operations_per_second", - "The total number of operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -readops = Gauge( - "gstat_read_operations_per_second", - "The number of read operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readsize = Gauge( - "gstat_read_size_kilobytes", - "The size in kilobytes of read operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readkbs = Gauge( - "gstat_read_kilobytes_per_second", - "The speed in kilobytes/second of read operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -readms = Gauge( - "gstat_miliseconds_per_read", - "The speed in miliseconds/read operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -writeops = Gauge( - "gstat_write_operations_per_second", - "The number of write operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writesize = Gauge( - "gstat_write_size_kilobytes", - "The size in kilobytes of write operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writekbs = Gauge( - "gstat_write_kilobytes_per_second", - "The speed in kilobytes/second of write operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -writems = Gauge( - "gstat_miliseconds_per_write", - "The speed in miliseconds/write operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -deleteops = Gauge( - "gstat_delete_operations_per_second", - "The number of delete operations/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletesize = Gauge( - "gstat_delete_size_kilobytes", - "The size in kilobytes of delete operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletekbs = Gauge( - "gstat_delete_kilobytes_per_second", - "The speed in kilobytes/second of delete operations for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -deletems = Gauge( - "gstat_miliseconds_per_delete", - "The speed in miliseconds/delete operation for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -otherops = Gauge( - "gstat_other_operations_per_second", - "The number of other operations (BIO_FLUSH)/second for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) -otherms = Gauge( - "gstat_miliseconds_per_other", - "The speed in miliseconds/other operation (BIO_FLUSH) for this GEOM", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -busy = Gauge( - "gstat_percent_busy", - "The percent of the time this GEOM is busy", - [ - "name", - "descr", - "mediasize", - "sectorsize", - "lunid", - "ident", - "rotationrate", - "fwsectors", - "fwheads", - ], -) - -start_http_server(9248) -while True: - process_request() +if __name__ == "__main__": + main() diff --git a/scripts/zfs_health.sh b/scripts/zfs_health.sh index 0251e3e..819b69b 100755 --- a/scripts/zfs_health.sh +++ b/scripts/zfs_health.sh @@ -102,12 +102,12 @@ if [ ${problems} -eq 0 ]; then #scrubDate=$(date -d "$scrubRawDate" +%s) ### FreeBSD 11.2 with *nix supported date format - #scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $15 $12 $13}') - #scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) + scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $15 $12 $13}') + scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) ### FreeBSD 12.0 with *nix supported date format - scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $17 $14 $15}') - scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) + #scrubRawDate=$(/sbin/zpool status $volume | grep scrub | awk '{print $17 $14 $15}') + #scrubDate=$(date -j -f '%Y%b%e-%H%M%S' $scrubRawDate'-000000' +%s) if [ $(($currentDate - $scrubDate)) -ge $scrubExpire ]; then emailSubject="`hostname` - ZFS pool - Scrub Time Expired. Scrub Needed on Volume(s)"