From 181da3c38af9e237a5b15e9133e9615e2be13f12 Mon Sep 17 00:00:00 2001 From: mg Date: Wed, 5 May 2021 10:59:05 +0200 Subject: [PATCH] Aufbau Jenkins (#80) keepass vars playbook jenkins java jenkins in inventory Co-authored-by: Michael Grote Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/80 Co-Authored-By: mg Co-Committed-By: mg --- group_vars/jenkins.yml | 36 +++++ inventory | 6 + keepass_db.kdbx | Bin 43262 -> 43406 bytes playbooks/service/jenkins.yml | 7 + roles/geerlingguy.java/.ansible-lint | 3 + roles/geerlingguy.java/.github/FUNDING.yml | 4 + roles/geerlingguy.java/.github/stale.yml | 56 +++++++ .../geerlingguy.java/.github/workflows/ci.yml | 70 ++++++++ .../.github/workflows/release.yml | 38 +++++ roles/geerlingguy.java/.gitignore | 5 + roles/geerlingguy.java/.yamllint | 11 ++ roles/geerlingguy.java/LICENSE | 20 +++ roles/geerlingguy.java/README.md | 67 ++++++++ roles/geerlingguy.java/defaults/main.yml | 6 + roles/geerlingguy.java/meta/main.yml | 42 +++++ .../molecule/default/converge.yml | 13 ++ .../molecule/default/molecule.yml | 17 ++ roles/geerlingguy.java/tasks/main.yml | 41 +++++ roles/geerlingguy.java/tasks/setup-Debian.yml | 16 ++ .../geerlingguy.java/tasks/setup-FreeBSD.yml | 11 ++ roles/geerlingguy.java/tasks/setup-RedHat.yml | 5 + .../templates/java_home.sh.j2 | 1 + roles/geerlingguy.java/vars/Debian-10.yml | 6 + roles/geerlingguy.java/vars/Debian-8.yml | 7 + roles/geerlingguy.java/vars/Debian-9.yml | 6 + roles/geerlingguy.java/vars/Fedora.yml | 6 + roles/geerlingguy.java/vars/FreeBSD.yml | 7 + roles/geerlingguy.java/vars/RedHat-7.yml | 8 + roles/geerlingguy.java/vars/RedHat-8.yml | 7 + roles/geerlingguy.java/vars/Ubuntu-12.yml | 7 + roles/geerlingguy.java/vars/Ubuntu-14.yml | 7 + roles/geerlingguy.java/vars/Ubuntu-16.yml | 7 + roles/geerlingguy.java/vars/Ubuntu-18.yml | 6 + roles/geerlingguy.java/vars/Ubuntu-20.yml | 6 + roles/geerlingguy.jenkins/.ansible-lint | 2 + roles/geerlingguy.jenkins/.github/FUNDING.yml | 4 + roles/geerlingguy.jenkins/.github/stale.yml | 56 +++++++ .../.github/workflows/ci.yml | 82 ++++++++++ .../.github/workflows/release.yml | 38 +++++ roles/geerlingguy.jenkins/.gitignore | 3 + roles/geerlingguy.jenkins/.yamllint | 11 ++ roles/geerlingguy.jenkins/LICENSE | 20 +++ roles/geerlingguy.jenkins/README.md | 149 ++++++++++++++++++ roles/geerlingguy.jenkins/defaults/main.yml | 51 ++++++ roles/geerlingguy.jenkins/handlers/main.yml | 12 ++ roles/geerlingguy.jenkins/meta/main.yml | 30 ++++ .../molecule/default/converge.yml | 21 +++ .../molecule/default/http-port.yml | 24 +++ .../molecule/default/java-11.yml | 6 + .../molecule/default/java-8.yml | 19 +++ .../molecule/default/jenkins-version.yml | 27 ++++ .../molecule/default/molecule.yml | 17 ++ .../molecule/default/plugins-with-home.yml | 62 ++++++++ .../molecule/default/prefix.yml | 24 +++ .../molecule/default/requirements.yml | 2 + roles/geerlingguy.jenkins/tasks/main.yml | 67 ++++++++ roles/geerlingguy.jenkins/tasks/plugins.yml | 63 ++++++++ roles/geerlingguy.jenkins/tasks/settings.yml | 86 ++++++++++ .../tasks/setup-Debian.yml | 46 ++++++ .../tasks/setup-RedHat.yml | 45 ++++++ .../templates/basic-security.groovy.j2 | 28 ++++ roles/geerlingguy.jenkins/templates/proxy.xml | 7 + .../tests/test-plugins.yml | 0 roles/geerlingguy.jenkins/vars/Debian.yml | 7 + roles/geerlingguy.jenkins/vars/RedHat.yml | 7 + 65 files changed, 1571 insertions(+) create mode 100644 group_vars/jenkins.yml create mode 100644 playbooks/service/jenkins.yml create mode 100644 roles/geerlingguy.java/.ansible-lint create mode 100644 roles/geerlingguy.java/.github/FUNDING.yml create mode 100644 roles/geerlingguy.java/.github/stale.yml create mode 100644 roles/geerlingguy.java/.github/workflows/ci.yml create mode 100644 roles/geerlingguy.java/.github/workflows/release.yml create mode 100644 roles/geerlingguy.java/.gitignore create mode 100644 roles/geerlingguy.java/.yamllint create mode 100644 roles/geerlingguy.java/LICENSE create mode 100644 roles/geerlingguy.java/README.md create mode 100644 roles/geerlingguy.java/defaults/main.yml create mode 100644 roles/geerlingguy.java/meta/main.yml create mode 100644 roles/geerlingguy.java/molecule/default/converge.yml create mode 100644 roles/geerlingguy.java/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.java/tasks/main.yml create mode 100644 roles/geerlingguy.java/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.java/tasks/setup-FreeBSD.yml create mode 100644 roles/geerlingguy.java/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.java/templates/java_home.sh.j2 create mode 100644 roles/geerlingguy.java/vars/Debian-10.yml create mode 100644 roles/geerlingguy.java/vars/Debian-8.yml create mode 100644 roles/geerlingguy.java/vars/Debian-9.yml create mode 100644 roles/geerlingguy.java/vars/Fedora.yml create mode 100644 roles/geerlingguy.java/vars/FreeBSD.yml create mode 100644 roles/geerlingguy.java/vars/RedHat-7.yml create mode 100644 roles/geerlingguy.java/vars/RedHat-8.yml create mode 100644 roles/geerlingguy.java/vars/Ubuntu-12.yml create mode 100644 roles/geerlingguy.java/vars/Ubuntu-14.yml create mode 100644 roles/geerlingguy.java/vars/Ubuntu-16.yml create mode 100644 roles/geerlingguy.java/vars/Ubuntu-18.yml create mode 100644 roles/geerlingguy.java/vars/Ubuntu-20.yml create mode 100644 roles/geerlingguy.jenkins/.ansible-lint create mode 100644 roles/geerlingguy.jenkins/.github/FUNDING.yml create mode 100644 roles/geerlingguy.jenkins/.github/stale.yml create mode 100644 roles/geerlingguy.jenkins/.github/workflows/ci.yml create mode 100644 roles/geerlingguy.jenkins/.github/workflows/release.yml create mode 100644 roles/geerlingguy.jenkins/.gitignore create mode 100644 roles/geerlingguy.jenkins/.yamllint create mode 100644 roles/geerlingguy.jenkins/LICENSE create mode 100644 roles/geerlingguy.jenkins/README.md create mode 100644 roles/geerlingguy.jenkins/defaults/main.yml create mode 100644 roles/geerlingguy.jenkins/handlers/main.yml create mode 100644 roles/geerlingguy.jenkins/meta/main.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/converge.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/http-port.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/java-11.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/java-8.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/jenkins-version.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/molecule.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/plugins-with-home.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/prefix.yml create mode 100644 roles/geerlingguy.jenkins/molecule/default/requirements.yml create mode 100644 roles/geerlingguy.jenkins/tasks/main.yml create mode 100644 roles/geerlingguy.jenkins/tasks/plugins.yml create mode 100644 roles/geerlingguy.jenkins/tasks/settings.yml create mode 100644 roles/geerlingguy.jenkins/tasks/setup-Debian.yml create mode 100644 roles/geerlingguy.jenkins/tasks/setup-RedHat.yml create mode 100644 roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 create mode 100644 roles/geerlingguy.jenkins/templates/proxy.xml create mode 100644 roles/geerlingguy.jenkins/tests/test-plugins.yml create mode 100644 roles/geerlingguy.jenkins/vars/Debian.yml create mode 100644 roles/geerlingguy.jenkins/vars/RedHat.yml diff --git a/group_vars/jenkins.yml b/group_vars/jenkins.yml new file mode 100644 index 00000000..19b5d441 --- /dev/null +++ b/group_vars/jenkins.yml @@ -0,0 +1,36 @@ +--- + ### geerlingguy.jenkins + jenkins_package_state: latest + jenkins_http_port: 8080 + jenkins_admin_username: "{{ lookup('keepass', 'jenkins_admin_name', 'password') }}" + jenkins_admin_password: "{{ lookup('keepass', 'jenkins_admin_password', 'password') }}" + jenkins_plugins_install_dependencies: true + jenkins_plugins_state: latest + jenkins_java_options: "-Djenkins.install.runSetupWizard=true" + ### oefenweb.ufw + ufw_rules: + - rule: allow + to_port: 22 + protocol: tcp + comment: 'ssh' + from_ip: 192.168.2.0/24 + - rule: allow + to_port: 8080 + comment: 'jenkins' + from_ip: 192.168.2.0/24 + ### mgrote.restic + restic_folders_to_backup: /usr/local /etc /root /home /var/lib/jenkins + ### geerlingguy.pip + pip_package: python3-pip + pip_install_packages: + - name: pykeepass==3.2.1 + - name: jinja2>=2.11.2 + - name: markupsafe + - name: ansible-playbook-grapher + ### geerlingguy.ansible + ansible_install_method: pip + ansible_install_version_pip: '2.10' + ### mgrote.apt_install_packages + programs_extra: + - graphviz # für ansible-playbook-grapher + - sshpass diff --git a/inventory b/inventory index 5be6053e..497b5e12 100644 --- a/inventory +++ b/inventory @@ -12,6 +12,10 @@ all: hosts: pihole2-test.grote.lan: pihole2.grote.lan: + jenkins: + hosts: + jenkins-test.grote.lan: + jenkins.grote.lan: ntpserver: hosts: ntp-server-test.grote.lan: @@ -70,6 +74,7 @@ all: gitea.grote.lan: pihole2.grote.lan: ntp-server.grote.lan: + jenkins.grote.lan: test: hosts: dokuwiki-test.grote.lan: @@ -84,3 +89,4 @@ all: gitea-test.grote.lan: pihole2-test.grote.lan: ntp-server-test.grote.lan: + jenkins-test.grote.lan: diff --git a/keepass_db.kdbx b/keepass_db.kdbx index c1d64bd24fc759493d8b7d7d692d9db15f77a0ec..c6e463a89e05a1c50161a654bdf1b99234aa6457 100644 GIT binary patch literal 43406 zcmV(qK<~c;*`k_f`%AR}00RI55CAd3^5(yBLr}h01tDtuTK@wC0096100bZab{`r5 zrzXVA9f6m`)TWWV?_gr-hK zM4CPbY+*m?|Ek~?l(>9oZxJ5b>&rbEsKH}LJ1Kfpw5@>)bx}m058B7C(qlv7#ze*r@(mPtD&3eTOnYg4In|1ZC>eEh4>fCu_)^mnJ#Hgw2OJfbbzlq9?+j$iNx~oWb zxf#$owM!mp0SHU8bM3~XA>1bs~Ye*p}rAfj~dZGxTxozbjEG$PDQ>EeV zd^Jco5~rQEVkwN>KCvT}Q$MTlk28XQN!vG&>eeJme#^RWuU?Dq$kCt*kDeCqi)=q* z#=hxQUBi#OnMpc=$Gi~N2@k;Ir9L8GKvAr&_QDwWJ-0sDl1VSM09lghC=emqyhoI@ zUuiyYdY0jhWl_1#!&X>@tgv)5lOEugA*BsS$(#AZ`j%Qi!3o2N>ld7 z3gka)(l_5|OS|AlH$=YNRrja2A+m}1v)({o>+GbDlSA+Skp6$U1^9x?lEET8m41K5A=5&TtuBI?R;$`~hy1d_d2A?|9WVL}sr@1feszuE_vj1M z=0RcSWP*tHb2~afsd6*H(OB=p@nm8HO#}upq*udEd&cH}05|i;>KCLuENi9|`kJ}# zAJ-`+^wyy$Z;AkyNk@uUaJRX!{fJdX!uK|;xUe3Gh#-YA$}ZY1o!5DiVl6oQo64Ev zn&v`#M?#Kp%cjBQ8Ghb9GM{*)yz`D6pkW}uWY*nDwRGH(k41TYqc|u;?lZ~dq`d%R zDxjTYhH<$+0dJH-k*tmkL) zP{z0s1zKGhd9!1*I; zi2Gra|$|ZQWSS`Xg#`%( z(viz*bg(C*qYB)H%u3h?9Q2JS?b&iM-A^u=>i7AGD!?$-ilCjcpp*mT=|q%JT0_$v zf+>+2Tq9rzWh0QiJl23YbsLhN6d{WVAqSw97;7K6U0jea;N4je&h+NBf@7IC>J58u z{|yZ1>3C0Xc-*c8|GhsS5T2*_tcg3kKY6%uqM$lZMMlKj^D@PS5@NcR*Qrks=kGzi z>}YE$0oj_Gts^0qj@VFti_rR+)qQAEbO#RUsv%)cT2t+F3t|zYgbi*MecKR`37vz} zAtY6?qBv5Fl@&3QGXLgn`S7u#M*GaM$Da$0HVujIsLjeYPkHb<)hi?leag$xxWZ#E zgCbBcZw@>WR?ZvP5O9S}cnlFu&3<(s`AI|PkX=Hn0#6qKR;c}CYa1lB4cUV<(4ylN zYb0b~3aNtDV{uFIXhnr_5r4g+h0wy0oG7rkGA9xZubV{(r?(;qPyeX_FgrP$mmVZ5 z5X92>Q`%w!)z{eN=n3tdvCKlfJRF#*{)Ip|jwN);lpbzg9n+z8kt|CkOD~G@tQ54Z zy*hc*dh2~x-nKnbW{mXTxew*=Mj8*r#f|qe#d%fk+PLh6Bsa~Lq03?8HGMI@rH4J{gdiuWT~1?s>hBj@_a#4 zmqI2ADY(t65>ZSO(O=k$66;CSh?eY$(9cy&rKP*2I;gXHD-hIN;j10E@P*JRftjDq z%N~IGTQVKS0or*C>wfI?Z`z-+{<4(ht(BFOOzg4L-wmR^p4S8;M}Z|axf*2CQn|NW zE1yIa(h6h^H&PCo$A!RHmriUeGK)u3i z8|Po%<;5gUu4LO**dWk7k?mBrgu0_3*P_d-zK|cMeyRM z;tEWzB&JHs0_Nkh@eVo5jJ=871cKXLvVr|730+r42W-8CWNBaC#5{0nY3d?MO6;FA zFS+1bn~(1#DHU?j9J&cDqU*~sfE)6MmeEH;G3aa&cI%d!RUsP9vj@ZD$7y}_jOy!I zqYuVO0=o9pAwU{?1g;!psfk39nJ;ntSMH?`V?>ag7leMj{d7GV6N!R_4#^}7gsHWB z%d$UGJ`i)EePLPfZH(KRK44u+*U_fBoIo0=V>-KCK^GLopbphzrXjPX{So${vP{R8 zS)WWxT%fNi8|Oz5u<%N*xyWD%zuAehkO}(*+YynmL2GOokbk-%?RtN3R~ekho@2Y_ zNm5e@okI^dKH+&p0z?QJc`Z9kbF}2dj#hn0L@{Zk){+yGq1TWAH*xv6U`X2fXnSSl zeix7@o5eA#T_`15B%m+9xwL`htr!v3J}g||PljZ>%=jb^xSwfu5OYY3rR`&y61RBh zv?tr@PQ6r|xpBAkYSds1^hPaY;cO^Lzt~R?pp|;>DI|>-<(52Uif9%$@dqY@27W+L zQ@lK_>q+lkhmq>1~Rj*E) zL7I)3=qtY1=7Pe|h&~I!wly`Uv}_6Jl0aa;KUXIM=pT?0sL)em^0=@-)_t-}U!uTd zldPJ!f-{|}Z$#Q+RA9e+DYe8Myy!&_#9u0EiZw))byfR+blpU?MZXVN1Wu1!Zl}oo zHbOV7GL@@#l_CDH z^pm7QBfQcfgwGFdwi)p-ULJO(CE9m!BeI5fFK7SLn6} zU0DZoGm%sPx#>3iCpfu%V;cg8?nY_2*r?l-^=+k=O1{1%2`CPL3+Simy6y zrLg@y41(H{;U@`bbV6E6i-nX8Ch@yMD4&Q|C=*S_=Hs6CKx&naS*d!Hl5zzBh|_Jc z=1tE&UNc-Fe^u7#$?k7MnZFqk?k_Kibw%D1fg|c72NA<|d)XATfm0>541lrt!e138^~8GJyt9CXUl}AT-(gWlKaF zE|WM#XG;@~apUsGa~s7cqCI$O{~iN)f#+@8JWXwn3ncJoO=8rCx+g`<=sS{$-bNSzQ{gkhQ_Wn~oFgP8DJ=L94?~ zO5ZAm7?s60nMg^ToxQU-ljOs4!@+w>8U!JfuH=Th13O7cYJrp-(5BJ99FzYUr1^Xi zA1iGwnISRlbYXpkrJiD-@h=WD2sS5D(ds<|LyO3LHU4#GA)T9694Z?4-|&)y7Gs_I zQWvI3v$lrSUN0IV2ep7&mFA99`gdAaUGl~XL>+G&+(j_x<5XY>E8Rpg?{~6525+qO z9g{(+c%@};U(8OhztB%CPF_1t2^A1aNsZLq&?2WpZ)ZF<5esTnyO}w9?d*#nwAeBe z&GML*swB9R^B_o>tks)5#m7|&9EK%A&SEglZdCQ1zoa<7q9KY_`qtmtv$ch`_bL+< zE9{xi$$K=f5@p6AF95d+(7cp{@4dj`CA1FC-am#JxxL%mRD?bw)t_|!@53z0ZK9Z$ zuKYUN?Nq`X{^%XReK!=YSt7(USW~&jAdlOE$7J@i> ze0{dPcK&lHg<#X{N1Ui;&XE`Jct5wT-^+MU0ot3`5V!h%cbN>o$tk#^#YO@TTzlBo zx$Kt;*vGm^Wk>mIl?yvVxC9%j%j3r1{dUt{7bbiwh1FS9Hkq6XMeFOl&Y1o3%T|wR5!Sok;dCG$L-2fG5z-}xv7NLdWS>{2~#rd zLu&k)Ws0e2D~%oWZlPkMpGY1A@!w&cqBKPgy7IT}<0oWPyt*d;NhK{|x_ZUgC>?Dl zb*RUPQh8X^UD%CH(O;xj_L9hXSm91o>fN3uaHQa&GQ)-FS*8a zVId_?_%HDgxU@cbU^Az}V$MJ4h#v?cX*fM*!G(0C=25D)sqEiFLsbXQ0p06~+hUw% z?R8uIZPe`W1%GM6Elba|jm^Jaq2AvUCW>$h+k&Bo;HJ`>bcY z5>vWn9Jms!l}3l=prt}fo>o({b(i3ld#OPge-gVrK0oFTW;YcnpqEI=FDmc2c@N1~ z5p#{`ln*ksNNLGQLjXBJsX<=tRuR{~K`pbCUL;etoLn<0)bv1G$tuYxa!0ec zRT1!X=EWt+orRI6-X7tGkKpx|;?wnCvF@J*8$-}*xDpDw03P%Vy}0ioru>V=#ijuI zUoyFF$Xlh~5`JJUDy00i0@kX;El-n13Tv*=#_y@s`#YeE^sqAcuOKUFB|5P7S@0M%~sb7efYLjSY$v3AaQ}o=Wj~l z^*Kug*Q&&+9LM$%FfsAB>cr5K2y{gWEoCDK!N6fSsU;Ge3r$nzq{Ou=mb9- z!5M_%?RV%=_70hn7R7~lZu_l+$uv^co`qe;nS{5xQz`)GgM!KPv(H8YE1;niO|SBB zH*{YhTjdS;o!#9tBAk0u_RTM&BbEv7>zTX)j)`AL4C`J3aRVK#qm*@Z%d<$ytL;r~ znf-W5DqIuH3HMc%0H#wyqQ`J2%5U23t*4FfA+a;_j?d7Yazff(OLORLh1=>;6$8my zgy91B@3g+WrDnfQi6MhU*IQn7ldOl@qnlE*pyf?se*=Zk zm`S@3oE#{4X>WIC?byM(E)%0uIQAU2~lg`9e*uZrfdoV@cI#p|6mU}4aXz^k{)KlUd-Co4C~ z3Ee7UP_^x41+NB!pCz}{G<*1`8lv4@3X(XV@;Lz}uxB#sF-&6m_k5qHD<}_Vkht?i zZJi7_9X8Sps0Js!HtiKAaA1%D`|eQ34)~5#GGlA_xODVlf~IL%aw@usrXo`?;D~Jx z4B*hYK`(<&>bCH*%w&yO?K+DHkRy(OY93}*f86(_aScbDGFzi(>2HrsSh;<5xJn;F zZ3irv*8ic;){KA-o>@>LEt@O-;rpct7hSgIV0!;!TDs8Ba3oTcK-ZYnI;iTTT!nL^eUlM2x00STX9cpdP#WB=BDYcDuin zRu{+y3Yp{VBxw%xqaFSb$?)2ILK4Nt+#CP!RS~O-kz4HRA@no+&f~go45E0F(7QAo zWoXzZw}Nq$<4@h8<}ih_W1wPLe$wb@#D1#uy2)u02tRZs-A4+TdM`v@5Tj8mPmPA< z&g@fN9_036dm?js7Wa)DZ#AK+!Dc4pw=B&|CG!(>RwFXLvI-yYAhR_arqN3@KDj(r zqznNr=-Vv*3W1|~M|(Uqs!&`2azej|i6ymMssvMc6cg?BYmOUsiXTy!t#)s$a&maP z1q5WVr;9;BR{!FcTT^yiWRFJ>sUFOhwl(220RFzy?EpUv#*aSIzQw~u1C6iCG1Ty- zZ>bliiEss@dCgvvM71wf#fY&-15xJ)EXmJ|ff9eeA5HCUXg#NprX=t5>F!bul8X2X zICn-NK|~Z(v)-&DsHf&GlG#No=f6-W|rB5j&9>*!8oGV;jV zFyjdnQPM?cmCo)HRA$0^kt{8fs}L|YwP8XioE9}$zAOpSW`x22zl&SV&f5z{ZV)s3 ztiwV`5nVjSsltx@E-(Y6Pe^yE*%YtyoA-HbXihyB)fxyelJSnIooVX=UP%IjKYy-F z8D4*n?mb~uk6l?v0@px+W&;tt!s7r!Yqr3==;#&Tb#gFH#m;hRYEi#LtnO%0_5P=M z9Q#c8E=VqjbsD2wX|D8Kc(V%H{R(Qii|clQ;gcV^NfXMSB(CRzkj4$(ipz89OJ3 zIA5aHY&G#x>FLqB^}(AH*B)cj7k~Yyf!usmbZcSt0%N^?n0JRLW2yU5jK2L=B~=Ms zSmvUv=lwN|tRoX*ebWH08C1p0`OHDtJeFnPF6d-bLNFX!QR7 zYNMelcGElchLUpgypcxF$`hiBA_Ruys$SVY_4-| zcX^i0e3SOytBiMPf-ZleDj0HDG5>3dc8~3YjDM!gUAkhw!aT4|09W>TF@Q=ua2M1@ z)$JtiQu0Ptn^x$Lt0=N!^^4O$Tk9;5+!0E0HrG2Y;NlW9CbG|0?+VwT$b#^AF$i=C z3}O_HUrra@YVeJamXZl5;bu?Jq@%8woDow}dXHMQo z7MC0bY>6O(G|0WHeG|j$*{p2?QmcN2*2mIBJ7l+s5$PA_eY(LQIelsyR8MdYZ_HmL zs2j}_6J))!SlqZ7&?0R?@nu3X3D9$!IZNXH%y6xMXt#;eT}#~BQ* zHrYJ(QO(?E->maz(1l^(|9zDBeB162eiHUdZd724kzNn^07%{T(qS5Fq4IHEr~MVH zAnF0vg1;y>V?WduK7UORpjcd;7~UXqBPcma$Q5b%_jqEwyIPS!DnY>kQ+Xu!DLziz zL*8NCl)il9BCq(Sk31u;68_Pgw5aSIC5MBjJ93XN-Vb{vJ0SK-l7O5v@8Iwy3$!8cOT|K!~GeN-V?o zUM~xntuzG)1H*zXFw&^xBOK3FsRvss*7=xi2NKf20aKQsG(FvT|IjzX$hE|5@Oia` zhJR6$orrhonwa0RPCxUD8rn>~7s1E^AF)9MY2XP4QO2CS#*|V&pkb9OyC*2T9Fh%( zIzmSM5nzuRzxFwa{=ttwS|gW!25qGy&qcvK3cg<2NtWW@%dgQ>qPIglB53&l&d_R)o!n4o`q zAG@B0e4A(K5|Rnc znnFW}ggSyvM|1Mxgy>rF2f!5a>ICD4+__xMdHn3V0eXKk+>-v*_lt zM5RJ6GP7kC|32LO@>P-ICE4wXz{L9M$jemG=ebsaes>ip{?11PnS(4?dJOhQmHTmqWBNr1W*dc4Glv4k29eII!e9=x0I z(IqFFIaVcB@TMV3G;J(ms<59XY1kpxggHAvR~xCXqA3a@L_`6Cy7nWl)dQWf;Kqfs zdKZar#*O3sq|I_s4jiiwo%@>ES^s@VL++kt%v(u3 z#d%C95lEk|jHcy!FE3%UnpGbSmuHg$cy$tSKfiOn_zgKzfFZ|)iEpI{a~Xr;wk)!_Y@9@^f;ZCEO*>-k ze0cb(e+c5fu2o+^=A^bEC;}ln*`RHSud_jJmP5|kkWPFH11~ejvXPvwm(gLnZH8TW z>UZtoNE=Ce!t+njfZ1STkdB!XK4w)cKH;qM+M30~^24qOLW*Y}F>{AKo?MW2KB3@b zii?{jel_x3b&59()ghF}{ViT6yHcM*3WZfi*D0`gpn;<1Q3f|(yC z#P1coE#;Xv0LkGfN&6vhJR~BpUplj32TQBr(_es~Pd{;wuxxgf4n0mdmPCQu4X1WT zULmCyh11c%(-s^=(`ee?Lcj9uHkyewzpk4ctCbpiz$=_sfx7>r&xh5{=splkc@|P- zI=Ig{$<;|qM!K}HBBjSW=NcZf(-9#uDQB^XDh@`4Yz&@}aB9ONhP)n41-F(=nF+r! ztRs@cg+bHbGN{_QdH6!;aiMHg`-Q?3>=-Xl?GrP42;^9l5^4GG)!D@|mRt+fS~@Fgb=oWe|kKFs6urW9hDov2_>z zhVtPss(KMUOe7WQ;Kgo_+3`6t+5!oH!^L zh}Ij4Xs6Gc4rRKxTg7)r#`r6>_fnWA(WRKzB7+V zA%Dr{(`*C7NI{Xd5w?x_oT$u@X%-=!dq>887sN37nobdw!GWyy6A)8X02u1QIIYy1 zjmjS-tqTaQBb;^{9qH^H!IrWZm8j;RpB{JHemGGQrQmlqceY|AYbcH-I=@y}*Yn#I(Ih57(cM{^5PaLfDGr|!jcdv3FZlHe)C z*tB#3)+h#489gEj7t0m76%(W(IyD2ljnUc(eA>oc$dz0b%a^8+%pqdRI!Ff`lb?;4 zG%D^^q{xw{Rzb}FHOzhpvK6MOoRm)F)tjNx$y72R3s64suF5E{eQ*(yc1c*yHF7bnE1R`J7-nR#&HdNxeS+eaUnh9KyB0 zstK$_&a4M?N)|7|58_TSSBMXBN*DbyYctbJ^v&m~=@wJ~oCxj^ofKr6bM$=0<-!O| ziM}dhokGSgHz1`Tn9c4Po?%X_|MfX91s5tv&aNW# z7>R5?q^LFI2T`OtW2M?kO9Yq5xW$L`oltVl+U2m|sYZs4)cE|+EaX+CY2 zFS-0B`tJ>@*A+tWn5Q%Wam^3!)C037%?%{wLNm!G6RxbLaW>@iLar!IuGN?jl-mj& zb>!eN$1`KGZym<|ipGlOfo#*vN^LEPi&tl(Y`RD~!1d3^ylwF=r?H~rGiU&uEl6}V zn+!)|L?^gpkVNX*Er3q|zEP#4EX$Bl^e{z~9FQw1KQf(;={u>fCN~XvNqP>5ZOI%H z>t{a50!xGylfndDCDetWI6y5g&DIT1odv1sMscBth%&%BB(i`g ztj@W%BEe-XjZuSGmRB=GhzEyKGC-?IQns*+vnZ-ES{|03?39|`Ag^sg_odRVlN87a zmK!`|b0}Q~dKV~^jNqe#ErloKCYjy}zEiyGzOv-II9~a^K@6!zUh3vsNnAh0@>wQ> z8&H%&Xl_Vu;&e%lOq8{fFF-M+KxRL%j)}Ink=NwWO&3tnF^nC8%wgtlBrf-UQSgDY z?K5m793#C-#DW@R!p`Pj?NEWv!1dGoD1q_{27+SPB?Pn*J~|Q}xDGBNLEN?%I*4$@ z&{t=~s9c3l4s=pe0{#r)sxLYP^N> z&@Mn#K*3?f=Vw9C^pK&_8o}Lc?1UmgJ1C9LWdV7zpu;wgjF^i5@H9QNNw*%eB`IN@ zZleMKEkU@Mr~g0yfAIn0@h-`jWoeZ}!!Bw}^ZjnT({&KY#QD}?ntwe=a5Fk2@ zS+auyK87BFlyHnj>#QGFUnH{F-EKbSVk?VhR$2tYJWMd7*s!T0wsbO-F1BYGgYod2l^wqY*E1vN=KG`NR<{ijL& zp$ZkChK39Zs{^yJn!Nfe5)GU8zE~7e^Es?3uqs)u%CaAwQZ%w{KCV}=VTHwwEp=DG7L%G@bfPj%uXEqQGkFo5F%18^kZhH>% zhZ;ou(6D%6E~M)tL*j{=fnePFeZ!8>8;q75A&sl+VWOd<*=!+M;L3Qi@=*KUoQYWY z_`e^!4`0{F^PGS;m~5j6;e>zZK;Dh+a>F$sc(WGj^0=@YObD4A7>d9?=jqYy?K|?R z^)FpHeMXu_74iHotnG8n9hlKEFD#eV96GBPJ~5wxD>@In>G{Ww-CD#aaZu`a^MLys ziE@r0mJ3jJ-xVDv+{y6D*UK%~70b*-lz5bkK2`@Ytsh@xOpxuoE-{H#&Od{CW!VjH zvuCJRB32vH8^K#gU{=rA*lZ@9kAzZ(| z)I`G#?zGsF7v5{V#y9Ty^)OtEZzv)@a<%DSv?Qt7d3-&8oY>-+@688GS}VuJCUq2P z^)Vk%ah#ns%r&+WJ{5Ks>0?rcVk@2ZWA>Ejy{{hTuDBdI$2)l&Zv~X z4@iP>xa$gew~tW8po76`wghLHU!iYogA88otXJ9W3-|JT%)AWkC_*6qS3Ahg*WL9- z4is|Ut;%r*?9D-F02#S`Yy!J}I?@6p$6&W@5u^$n*N!+!$3b;E>Nl zAN1?icV(uu;1_s!e(e(DZZ8Zr#w9YS(p%ez=%qy!%iTagq=?Uuil3mKXEoQlIbpd> zko1SoZ}0yJYrp&q5n9g>eL(S&E^ZKzm#GXnc0sBJcsi`%4pTdY0_-y4ZiXfZZ&Lvi zBw-1Wf_f4(I4S>ydVFz!wQ5oYXxSMZ-=Wz`b|-p{i6>^9+{R_mRMZPgZrO-eS$|mp zB3QyK#4{{U_Mp&y9M<@@ASn=WhyLJBAxKf(yH?E{3t8| z_L^RKe-1)o)5=_*{GfCZq;NqrLotwsa(2^mbk6_Ln}=*(yB!>5M6J@?DG$4Rq-z}5 zt3u1uY$&#MD%c`6U?KoFqwJ8!g<7dTpcl>@0Xt(l5Kg^&b-;=rIzbUcfFmHDw=um* zs2qY!N|&$?&&^|PUfW)e20uEdwhTo3t7`KWpZ2p^^P6m+`x)$4si-~SK81Wq0<3d| z7`zyA%}hp%wdY`iSR2Y_cD-XZdoUGD)~xEBKdH^_n|a%&Xv;}e6w|lKoWtki`V7BJ za8kw^3IHX9@d#N{tA%2ixM0owmZWDOD)T;sg42vaqX4d{f$1G7)vEsEyq?i5nJ=NU zKhbQp;qNmHI>C!S{w3K6aAt!__MNYD%@d*9lFHi=u8^joXD8{@B21ko>%=THsrj_dYMa5zni#kl@^8wACcet&NU2GlkNQkax^SbeGEr<2popt>Z_?2iHECS zOMXYvome$p1>S@K*wAEK7OWZP30-g=Z>u$e)q5JoTNqOtdk%JOg5EdSfL*!Lk}D^2 zdZLF}FJ9~4Yb`VN__Vs5ovah%tlYnQefKOjRRr7G*6v|wQT zfCE-8dD>yCd?9xc@kEx0`UBhxF2p+%TfvO=V=|!=q5<8Hk`rllWfb(Xu}0;6tX&mH zC{JeW3JoAn`@>K0yBa9Dkv$UxovK*)d_n+N)^t0;+D z9Z=(f>Cag)9=VWv@R|QMY5vO8q^*(RSk7A^I9UAi1d~u53h9Q2*2q!9!^NE)Q+*$! ziRFBxMVaemCGdp$@Mxn@QCw|lGL&f!cZ2s#*(COy{=~opD^-4ipp)%j0hDuAcQ0W<0Vmt|@Om;x{Jq4M#`?|&8-cId@G4aN zqKg8Y_N6M0bZt3u*Bok~o@WgD1Q|=85`sDDnLTD&=CSSJ)m`Vo&dkWQ952{NtuG5?v(doPSxOUqx=N+U<~LjFrYlq0`Q4z=$Q z%rcD&f&qi(WD)Lm@x2X$p6y4&<#1mn%UFVP9wh_BDB~EpP9&yhUd6SuE>xZ*VB3%d z9->N(c4_%({3QY!yvw1A7 z3SWh#?+$*P;7VlYd5>%HHsYTL=oQWa2qq`9&Y!wdyBvBhsTHyk0hBLVjsFb)8mgMs ziu~QJV0x|bv*|iHuzq5*WJ8kpZnf=tgFfX)U*OVYh+{kpJM7wJ-O6aV$*c%9PQMLZ zC0Jw!F;`G)ZVo)goX5x1=HhvCO7(Y=$J^m&$%DTcIdp!veEHL4nIuvjo@Tb_Z?ZHM zyY?>UT}fTv2bZDgr@zKqMp}VM-Pf~*3$!@RX9v|Lgk5zGJU+TJwg26+1Slajwd!Vj zYT&GaAkM7@syC%bRLv@aB-P&Em55AR2vl3A;$!nJ9t{V|AW?X&1(%7yps|6!A*~vt z!oNK^w4%0CuanZivB_HzIN@!UrdS?lM=#PS5^d0izM#`W6mGa_wFwMLt16Umh)vRq zjyD0Qlrh&3drB!ZHrxnPgsPQfF8%3=baSor$Txsw8$?ZcsJhf!$VQ?9acJs5?>7v$nBPdaN{=rv*ib$A@7FcVKr4i!~BXGxMo;T8J7LfX=Oh zmJnI1R~9xn(hUq}ds>gt!$KU{IX<7Q#<2@iF=ZQ#2|n&di9X4`+4$At+6C*9>B({X z;Bc<_pr9K`U!48GK{U(6Nesfpl_ej$37AA{^~6@j|LF$Wi6PMMd=KQUpnpN$Qilaf zhmpaAVarS$DX0y$;{5(l6F5cJZ=F_$y1Fe+r0-enVE6EE%GiNR&PI9~ApMxv zA>=3#Qwj^jPCt99Hv@iTylwdI0Y;tVx`y9oz-?5L|X zBB*YWNF{1y-IsRpu}a2KdEXdfq#NS!4W9OeeAOq@n~Ofti;U=(T>b9T+DLb8J+dm( zb_^9>(`TiJ(!6Ky_-wwyz~QsVR1?DOe}$?ETIu50a0;lXgp8cn%B>4Ea+eQc%BCWy zDvJpsLI~cEy}^Sljv1MAX5k+asJFR_0y!s#FJPB6-+OX22vE`FvYT&!! zL9n1}EJGYZ0UK~QfbEE;|KYh;wB<5CoJghMtO6x@EDv-AjOJJPaYSJ*V*-#_xUCra z4eh(NQ4n|!l=4?S_zt`1rRZo967_qh&Z`vRIZCp%O9q^V3RfOE=oMnCV~KJcQGeWL z{sB~nQRo*$=@Yz5pBgJ^k*7E8*Ks+}AMkvb3gQ~8kECnz) z%z0w&zT@ISLnWs(V897;>UJii1LB!!<-#RkM~#bLm`IYyxg7PV}-n7xDj9#rAwS>60j8UdS<4TH!fnH+GItn3ZU+EYim$85NhaVo)Ns|(EeDqP2*(F4d#Jj`0szp(tGZAmMRDY_<8d5?_oX;Qwq~w5vlhA(teemUMkw`Id+bh!sNKGZr2gI;fIW zsPSq&PVa`&+b0m5ZI$Z>vDBG(TS;X^SB^hCNMU!>$kk5E6Mwaim?6hvbXmso{~Bj# z5-3hVBs4J)zE)_9nO=4;1iT+4_STM6B*}HZ3EVnAAu4OWqR(b81Vo1*xf-P3@qKuj zra{`=Z$=RM7DHZ)RvyC8^x`k*lPBcor4nQDQtFPb&v?9fJZs%xXq8mOH7<{Eb6VVD z`&px%N1#0M56NRP){V?Uw;I3bsWyX4-IO+{gu*mMGA0W)@p6H?o@w3u?5X}i>$%5V z+t-XxkQK=4p`VlKeBjU|#%>}bR20LhB=09A7N{JdB>4u`GMbEps9dN$Xg!$aDi2lU z);&9QU``&7sE2_~)qrlV3>Np9o#L8%uoV?Fg_Pa9s;6jo1bGZDhmyDaJ}TRESDHMT zovy^AsKpgNy>QVj;`qoS$`9SHB4k2TCD6es1;wP!8#0v&nv(E(-jT;G8jpp2n8_e$639#rO$6>+gT!$c)nt<4Z=FceW97k%;Mz!$ z;5k{2tM%J7_#0 zZzOnMzr>hSPqpv+?=!}fDnl=YxiysQvDEw*#TidJb%GYq;Uok(g!38=SEj?TfR}JIB2EzQ+-(K#+kjZ#lK4^{BUSWxX_4 z>yzM7zSmrl*FEo2s?lSuPD4nS?pwS7Fc&d@uN$lKS?BzcTaR*IpXF|^n=4t#7 zU~<7bIEkaoN=xEbOwU_J&M!#x!NEIOe)4jJ{!nckIW6A+V`nv~5awICzzxOv4T*d$ z3v`>EP_%MY8;}Q1iV=4lDIw2=Q$W4}()52c+~4bi&q?t)HXUZSk+Od)m}SK|b3mYg z2g_-Ir>55QD-o6qImBHM-=%?eKl^Z0x6EJwkl{c{hft$OqG~cT=tL5$#Zes6^yoCK zQjv<7@?AENWi=E=w~2bz9AHS_pG5~coXV!CqXQ-X0|2KrCu3&73j!EJFTvfPx`tch zi#~Qk0JDb`|8&ZSENNGWvh9>?8JmRGB-i@>>i)+6ZJ5f)u=27saR*jdfswFZ>$gO! zQB z#^fE#`feLxL4jgW9EKbMT*69lwrcasr(jFYk!m+&_rN6|1BE6dgiQ{Sr*^@uZ~R?= zBeU3TKq3wy=~r7#Vr7$?XR;N1{g8P2UeH?Y!w(BTec|fcxhF@GM3LGXyky)R4=tSN z4WLCJYSgCgvuym7%2vK4P{bpAF`Kf!FJ1*og1MtDak07NF+FG~Qq@%QU1hH(K!e8= zN>$oPTyE3fX2umgvZ+JU?80R&dk0t>mG9V!T-xO+W(g#k6Bc4ZVvFmK*^ba)H!sPd zm;CNN1L(~LRnU_xDZMmLVC)d@yK{B~FdUixCi<`gf1pXm^nSt-O?h$* z+*u}+nJ58y1QX7#Bp4G@nk^R~#5~tskzmxfLE?uloi9W!a|ru0BJJ8*i-xPyZd$PyVr$S)>&Rjg<$!3cCg;mKl zqOF#j!{AA?gJy)k6A}O8S~mMl*clENH0zC?@<(;=F%e&tge#hem2%IsTi5{`!(NRt z;>)C+qNwy%0p3-Yv}r*X^gjgA^gSl4MycKzfYFI1R7MHm*=UQGrU9!J`06nZygP=e z+h|Vs_pi)1_<8hgoe!3!HmW1^<`5i|n|$jpplT(vNS>054P%Vv-jDb&w;u|;ov{Pt zPdPGlkeOD@vOu8ToeFAxAtSaq@WU$ukZ4vluxaMiD|a2CiT5SBjb@N6R_U?4aCvd# zvXCk!VDRS@9?SY##V{2UbdvdEkvz`$;(4C`QspHAFq?nJ+>%^%9Vg^ijueiuXY~QIUhRi>qG_JIoQ4)Ao z!C!@3{lCH=fV(Z##%KuTe2pm#&4RhXi!~uPXs~~9XkoC)fA+ec{H?MFpwxJzkFvC) z!(+rhrRj9CLEV>EIj z$7{!?=~Nr93yH4c(CZoE*58RZ*BOrH`c5^)i*lo;t>N<()+$&Jd#+S9o>s_-Q$Uls z@~xlO_P!;%@<$1F#I3nG_DZ`5{2GTN42s>u+v}82C!tJ&VB3EJGnDs@E`rH6F2RJ; z9{yz2@*ugmBjv58Q>z-+%o^Nrzz;7DnE!4mL!i=*`vBh0|HcGICbyvDBFV6kgPJs` zbF*e$h@r2a=tRVk@(!Xsq;ig)|xb;}uYxrJlzI}+~iLKmFfBW-B#HsatV7Hd~mX0|f~ zHJE~13<>oiPxv|K_mVKqU8K*LJmQ9xKe*FzgDm*@?yQ1up581vd71RtFY2<+gGEDP z1~a`njwn->u+~bn_f~Fw(DdklLOZp^ZUMVn+z7mrFIXXy!;Das2qo~CNDmU64J7?cXN9y-30(9lINjoy zA^sT8)Y;nClDZ$<48D&Qj|p&4$%PdWW6`4HG@_-lnNqAWLDTwr>x;yT3IRR<`${UP z0L=}uGZYh=_&}=oK7SLNe1#^`zd{^aKJy~U|CxfZlidkF<&{_!H4jT`ruczmD{RN+ zKjXrZ=;r+jTm-JHx`Hxgn#Q|_$8?1<_x5?5336o-|OfL~V!z5vd&Ar`pfWmfU#JpFfRE_{O_~6vjsn?LqIX z&X!`cTpigFZ@L(VbOSCE2O8Ue+#fZtr=r~`=Tg@psIe7YKIMeWnnYoFMAc0hwLq+w z!ua*`%%10C><@pGUR1vKa&UvRf;162M6ZBFEZ zQ(0}HsAnO$UcJYN{>*DUJ{d*;94e7tV}Iu>sKueU z4Rh^^&_0-I42n-z+ficStMJsnf8Zqcqgk;$@Lweq!COgk=A-HWV!%6{w0yq)65;P6 zHBu}aa)&m1G~y4Shb-WP6-{+~9Xw37>fLqY&4TqCkJ{w-=T~MK=M;{-s_)$U#0=)7=%VeDO2c z6$bozc|w$1M!>>704A(xud|Jjac-d;-;HWn{ehg*bk@=KPNw)gxayO%Hk5B5(N6Ki zc80EnoCCv(oiftz55ShdY&Rj0D7*FKBEu=!O#vMwD%gY=fiLy(PD+3~sSc@7qXTW| z7{Ivf&zdcUGT7BKk1df=RZyD$nbHaVUXh5C&mXwcbe8hD z>b;Ce6}LbwbSe;da91TZaf*um>as-mfowwB?o%{N-;9=782QtarD&v1Q+zW3$Zhfw zEk9Ub*pjtSfMP_A07w{o#bTA%R8amRNyfY?AzDWmmipjn?VAzAE?-l?l+V1j?BkXgElW)hrjtaX$+J4>o)+M?A!uf-W5qHauSs3(uu5!gCrkO;wcVuv@!#-zwTM$H zItn4PK2w+N(STwMNp$V$1ysEA>LJ+9n$m@7 zXhNUE--;-tQ&%{YeouHt-kTNmqo&jtP2*c<1Y&~6QP|fef1z0z*IPP9$g?&S27S(i zgnq<&RxXj`zvt;=_@%j-5F;Yt5zB2YsECo5WWKWax$kR)$1fY@f=8Ps>} z7>S02lTM-$0R`#|4%}P=BBxX36Zi&)O)S``e~=I&+Uv`=xOw~#wE5lG2`qMfB(Qoj zEpT&W(aPTwEjR}cLowyeuksT=MllAFd3drkPK6e5=Yr^TX5 z-1Uf1LCVHcwV!EYj(l*>*-p1&(m=6j3zE4Av^Ny_h)PJ!x2;XPu_xr_m9~A~(k4{K zDV*Se8VysE^?7;b1xJ}Br()c%5au)Wu7HEAyqip}k2z>v^N?lJ=zp^6L zkpOE3rwoH+rwB9sg{*rCrdl0yd&tQ8@2r<^u6q&uDxE{MKfSiVuHb)#3NLtV^b7e* zqQ8VQ=`IH-!Egwb3n6#}3t~>BHknH%-X2INeiFQrOT}^wo|qU&KL}=#JkP|H1zbe0 z0PbLoa8@>j(r?T=1NZnbYA&r7p^NEEg3qaWS8U?tplkm{2*d+&%b;@IMWG*4}IKtE?6+-hK|&^?Ll?;l&tTO*oq zHzakCm+=LlDOvk1)%W${r>Z#}L>m^9GkAh$wxoofK)u12Paw#1p|Uzdn9z7gI=zm9 z(U<2xRs6dSXkRE1Jqt$z5PBFkt0f$hWgQ6I;Z96+Cf+KZN-*k%XFLd~l@~a$#I~$v ztMWl*qxSL4+Wrf^Nexd7+on1g!RUU`^W-Dkb{8uZg!zSeRl&x;VO~bCz={J^w;afl zad=y$5&f#of%)|Fr8pddI8$7)r3Z>%ESc@9z`{8-t(Aqg*}w4jqp{PM-QM#^csWvl z0AeauGXa|sPyWk{_kAvM>Ww$Y25*SJqzwsUh}F(=55qXjXK%v?rO>y$z;O03(F+zi z_?7QIDSi{dya7M0hou=}<&}wA%XZ|RdC*|ES2uT8-|;UJGt-yzfuUGV6XHcseTT&w z{fZ-r|e(IAC7E;WO{CqNL$X z>0H$OU|%Znfd!$)i#XQw*=_}kX{HH{bhcS9S>oHkCTK%v-O!E2y^IHfZX-O`%^|~- zQs5k1V#1S}L-i;|=60dtOM>>>@TGBw$HB54N-45d*Ru0SG^YJOgBXOeHVj;@ex)q&utMOygES&QB^USVx`HUvs zNwrMx`gwVE+H8z6kilf>#3-FinlH3A?TlbwN^5864Yk*7H6A&)hpfxOck{W#;{@HC z5&V#E_o1U;_1(~k~8e|Fz74(ol`+WZ? z`Cy>hFn!*q1-0B;{}8P6l;R28`n%4s&@3qTJ9KZgj~Ovwd?`Wr&h^&eUTJ1MTgA&Y zE=La7dqjyDMId1<*Wj1YeEwXdKiLsYM6(Bxa|nUXH&DqIJ_z?%gM&`YR@JVd!5tKU z1|z0k;QY&q)3fC*3g)9Zl=Y@UidQ$u>F)N{gA{Bue@={D^iF?^;2>ssA&`heu3u>` zw>o9jO3!Z6*>X@qYJBqc)Eq6+5495o9uw*7xWV$S=@2;5azCF_L4A z-|+SU8U_NLie0RCsuoNFPcTlP!p7-;(v2r?{tW0CVl=3^4qEFjH?soFh^Si&^yGie zMsoQ*##b}W!LQ_&lR9*SYgN2&+d9#7^MBoCL*sL--pQl z(pB$_;-R5~8VP>1Ja7PI5fR<^r)5|@G&w;g1O|3YqyI{B+X6vrv;5oez#`Q705_e( z%7TO4n?*hy4#qGIPB^Bl-?H*Ai(#9Qg{aGFm(m@alrDplBc$TbE+#9RIV8HO5zl=bE0oNTKMYYLSSGGKDij$~}&KD-|9;}8TrU{Ml;7p1R>dbb(08KRkYrmRtF#w{_L za8EIBlip2f8DhnUW%j|B$GjIke@9!zPoNn5D{*Sw5bnv+04pHrWJUHvj+p`12FlOb z)>PZzj{?U2luNGuzL?5Z)-PYCY=~)1Mi*HN^IZB27;q2Sn6s8)Q+X&Z@8A!n;$xLL zLvPITv&p6FuD|;ZzQ$2qKrG?vm9isKP4^Rx`Hyd323ULZ79!ju`G~T0F#XZU*jd3X z45<+jqftHlVi9puQ+M(_b-mD{14ho1%7MxA{#~FwQ1QPJaLH!-%2jf*t-{XL^-``i zVEEHDXA&o`r!()faV3zYf$Hy*DBV!Anh;+YyWr7}(<}A{<_ucMNlU4-DFNHe`vnk;Y43D^;jc&v zZfCSYl!Dtd7x{d@ra}NErRk)-&X}k57q(k222Yjdjf@Qk?B9Fwww$tJKarw~P7oKe z1}G$zcY^3KTqo8VMfHQ(Y2k|7gf&@}wEm13X;NR-f3bpjY7)W!`m8@G#x&386uA50 z+<3vJqLTv2Hn=VA#jW_rxaEDm#mh{nV*>WGM$gM1%^Ih5&%Lk)Q=R*2HMWR9zckfC znc8UFc+n&0WRy0Gf@FP=JX-RIuF)Kg*>QR4!5>i}$=(9+IhbSzU2(_U-<2f{EXX>f z^7axXcsL5v@qA{*^u^2rH(8#|R#TeXy;+I&f|~)aO35QNmVq0bOlIOyKdEzH zlx-{@^c@5TtO#UPqe=@U-$FJIiWe#UOt_rG0QXC22=_WQvClrqV zu$E>hR83|54-eR78Pt_-_XR$C?#910>r+^&=@PoHL$;APnTx7KbU3NG_E?Qf7|_$| zoD(Bvo~x)m%P78N4xe9f*uxM>uzfC6g^A*(5PIDn%}oh3ryk?tjqT1NPRgt?u%IIg z9oAjba&&ZMwP{r;- zm}Lq|#y@Oo_4mIsctJW5;MdTzS33Z9`zig8q8F0OxVR6Ud&Fx&y6)gB{0YpUS4+Ss zc)yg2TmP2T7zCo?2GJxbM))XtZWmK#>?kpv2hVfEqiHT^>J$cLzk%U<3l0og*SSHW zK5nRCxPJBoQWz~XQ04xqH+nc&Tz1i;9Pva+sJ9#Pa!$&oT!<>iBmWLo-{qW}`(IC; zs&y`7U3P@cPR7H|VJF#B5`X)I-zdyAukWvI#i#sV`@KTts&%c7GsVHC;ux%H#1@MZVV4#@#gr0Yn_~<5KzxsO zI3{1ALM0|`gakQ4-LsfgjpD%Gbtn4~=?v)(QSO1KF-_t0=;WLgtbh(LQ4_Kc?-(+V z#$f@dG}Gqv;e|$$EF}Or|G$|L6^yiQ?n5jygpwZ)c;zEugw zFCXrao})Q%l|QI12d@H2x@tp~xj&)$sm>tSomRT~K@Vle5|?(th(VTK3U#c!(O>_| z&g_V@Jz~H8D9ZT(U5G=$&7%HHJpP@oXU*+~Zqb{v-E}~Ie20dBaGvAY z4AI14j^vx&f@8l&COg_1;O;dmhQ$X{7`hvKqopb?S|qd`!Xasxx`q+A{J0($_qm~1 z^-B#v#^84JUV|XRN6Z%)qgcTj*ho9y#%f5%7%qji*`HlGwFT)1Xi$&{Mogx}KE zocU=*vtRp;E_x!-=~R8`ko?n5pNU*xJOfJh zk>+@*HpC;8x#X#`>h1heD}i@6rmQ{73}IkIb7K+k4vaX`m1}RV)DR3|MqI=*OPP#t@Pe)bXfi+T_fW*K> zfH|xb6B9?7c)c5GBM~Jp5uVD23QHs`2?{&gR@J^XwY}i%v0zQ;(fE*tb(K<|I#kf; zslyZ>FH>q>34hau{vfT}i3~H*wJM~pBg4h`wg1T#Q~nD+P3s!t7q`Xc;tom>Iw%fXCU*{*O$q1+9a{(&{8GYkr~!XM(C>QrK%sWX!DWj=3Wg&({VPoDTaFJW^^g4K^9)GbCLpp90`o6)Lbm1I79KHRqH z=o9U0Lvom*7mk#Z%@akMV`vjn+kIOZHF&tPi1*x7MeS~?%iR-;EiO1?>`Q_iQ0=P-#hrWo}~^1Hah=lJ+$G?4$G zhSw+jk0xc>GjZ3?*TcJ66(BL6mo>3H#OtrPWCTYC82mN|laFW znvg-KrS({SrOxVE_HPKO1f0n8a$~fu;=TFOE@}BLe?P67kbu&tB3fSbSu0*|IzWd6WhyKdc~oIC5m7a z|Cdqf-pqKvu42FzVngDbe!%3Q!m%ZhZW-TI;G5se&oM+*F8?n9UILuk;RkFXCa?W` z1O(J|D(ai{-DiqfK*)OmR$S0s`V-s14u+1kjE-08$WAEKNJ@IM)_@TClDd*>lmeG& zrsx(MUB&iV42JiwnTQbW?pSH=yK)&F!p<$@u3azsg6}O}ORAD%rh*vUVn(M$6$7B= z>={4CN@xK#-|tDzkZ0p~^Y~y4-<`Pu>da9CWv+6*#Vt;XzI}Blra+MI-q~OBp zQWpnM=%63l@+4xW+AO3|6UX!Q>_&D3867&h-#YpKlsRrfK==~M=9fc_%)ION-_xG zW~r*_h3xt~SA>OWDaa-Dyy%BywR(=k}MQen9CJO z2!V6&9#bEJyZBcg|Ln-DT~z#2P;;yTPQmU!_6DyXRJKX`9wY-qAtI7Eu6kz)5km5y z{pNOo1b9C8%C6evC+R+O*jp0;_rQAFYRz6|CIw{`ev6}lPT+qWLl!xFO$oNj*py`3 zbMT?;Xj*pOFN8IdzXI?(qft%0JNn!8=@3nyQ#zv4qy&RoAL;PQ7gWM@cG;4%p`+wa z<;eNB%VV>asaMEVw62Bs$Axfo`lp4(Nv$Qq{GN0QqtX$(ddsW@mP0zH&7c~Z1w4)H zotukX)sCHT)E@OP%f(|pP%5$Xew{w9H|M=&UNqzWxZY!GZC?CrRNC9}Q;P2$UpjwaO_^Rlt)+%;n&m3#2tVd%61GFa@!jIs2;JxdYvhIF6XW*gy)oqA1|6{r> z>4;2H!A9~bcm~CgdUKVg8I0-j!abp>5moNDI+K57CF=5={hFCerB8!vGpN&bi=>6S57~b;)uKIHO1`iWnfy;U(?hTwi63WC7A) zlcM>U>~ly?sn0LUy(Vn;cvplTsaI6#%oEwXP5Ll4v+`T{5D}LcWu$EQ;#p*_Lf+!a zaOHDR+J+`&Vzgr-ovD>rHBev$cjjW#?Rc8{IvwsPVEZ5ZDi7Rk0Zd*bCO~Sqnop3q z$Z~$5A`-n>)5F@OsP3$A-65r>#CRft(r6{_oVV3S(w$7& zT**xBylVEqlb*f;pm$|uOf1;l~4 zT4>?wkuY!4yF(&W2s7u$LoiNa%6{#+TO@hqSZwaqWU1Ty$xH)HwyGZ|c6hE)pMx`| z05-W4W40A!Sidg$bsgD|CNFA`V?~eb8O#(2zJ|A(ud#bTBXQAk9qETk&*1P2h-OEt zDTkGDkAyY?d&g7jVMUGnjycGa64Y*x2EXb;zG z672uKG2bX|0?VgtS^FQ5!i9|C(6<&@G7vh@3UvjBuAvXH!hLF1mdBNg`|TJFHzZ;! zc%=b>R^LAQ^p20Ey^=c)*Cs>E;($xPc*!7OGI8i*@dP0OHlnE%Wf%`GQ}L6IJPM?n zC}?mb&qH0+CzXgEgLy(tUVWSyg^?<5jk;NFoQ;uuo8&FHhF=_wA*~)nJT>sZ=)PbC zV)3_@CP!RtP-A~aAC_IRDbyFY`92ZQ1;>$3g3c@kvxx|u)M->JI^q{AxB$_GVMwL> zv=+zx*@Wt+0zfR(;+FSyzpd%_ew`>~ z_&j|YTWP@N_a5V?R5Uv_UrBQLXu_sn&lar@{!*aBj6Y26Y=u_!B{NqR5{7;dgU;ug zi&*N0elWhKdQ_sWgU4Dk7>8J;{}}myb0*~B-kkQH;{#8*X5gT84Pb-*I6;tQ>!(#K z2bMI3)J(;vdVrECS7+Idc=5Q>#$M~f)(XKtFcC1fXvSqD#s!vRP!dZPH#%@qQafq* zaHv6h4OVWaclv5pf9$rw67n|aTvKUzy~}!?M$ShIp3Qlo$f`i6pl>#sC1G7Xo&5*zAd!jk^}4^A9xspm)S+uEKd^#F%HS34Y`uQ~p~)vE zE`<-LPp<_rJQrteG?^bKMBvx_hGp;C$vFxtnW_A<7l4 zeQhrqbe75v9>PsfYLUL&lKIbT1`sjGgPk%uzAA>Fg9;5-#@d`xHM;g2myfzS&Q?<= z)Qa}^pK>81awiZbMd}ShOAbM7*%lpzjnpQ9s|v6+mMx$n-x}?UuQRIZ8Us98cI)@I zKKj%coWi(v7z8{N<%_+#oN5tSSr$j7p#R!?>S8gLL3TH(*rv7IguD^aZgk>K`J|NM z8IWU+T9#o`Me>$8U+*LSdD}lH*df8ssScQsl$D;H2O{>WD^_<^91E+HPamITj4Q$c zIL(rpqgr2@p;PN<@mZ(yV|y;(l05eO6!XW*Dq_2|f2;b;%)vZK(qy7xh@J7!$Tjqu z)l(#6huK$>V04YLK`#qqsX^&Vm#6;R4__*SyP)R_St*9$+8GB`u;z$&De=Xi$8r%Q zw+d#y60jWojAr0RZkn96^}BQiREG8A0=&}r-`jgbzoez*Bd3XLOmkC*SGk{7)!5WP zHQeF~Xkj5YnsfrSqys0e?!^fxjUE?O5N=aX7H6w*lsp-d!L?g0@JC4n%0c=#BeNAc z7CqP>aXPiaN?*Uy8+fSkU>8ygh8bnXfxFQr2sTsz@n@Jd~y45y+Rj^1wgYd5Ty~_oPsfsjm6${xm6nUy3e@ydO(nAgpX@h0C1&B zi*+PYXle1*z9)Eyu@36_EEgaR^Ww z#h~u;?mTu5a`iX9_0es8t?Mw>7HMBL1LbMA2B z=MwyP%=iB`(=vV*vO#BX6>`|JPH2)W5Szx{^$OZSsq?Sus|;ty_4Ef9$bq!r;t<8J znt;Sm&T9)Tvy0leL(y9u3nUCE#tXIc*{Q4TAmVXriXzy;abJ`@tn9Gr4b>Ax{ z@c?nCG!*y~LS^ZLOH}$MSBvf*Mjv*Z66eINi!RHwO41p~;bBvqn&vD^4tNbsH6K6s zzmlCZioPEFSeRS;qJ-f4eYrUJQxRc-ph%U;<3QOas@7#cZWw}l6kz+0MJc4cgsjwZ z(S8lmF$$DEk4GVyyr9JqT|xz;700f#uTonJo$ab5d6zK>07p`+1+uzZWX!(#K@#;b zn(S2X2`kJ7o?q2@osyV&JG}2(oZI&UJqn3r90mv)}@*eFckO+k5STZeucXcllWX`Dz*;VY zZDEBmAhHM>f!Wo_G?`rViMDe?Z3Oq)v(!KDoJm}rm|Tk$ue_hHVtaA)*di-F9e%@dYJ5?6I) zVUzfgQ)qbNM13{FI}cNdaIQ0AZ~>Whfu-0@8(1~(s{_S0p6eQU?M3+jL6t^hP(j6j z1hKbI#5W&e`H#6fBu)+AsLiNg-I&rXE)MKclk5efNhRchuX-Rb+rYt?7t#CCt>_S+ z(uaK_!Z;tva(*yCX_ZC`1N$`Yn9OnocU>ccI}CB?M79S{%*JP0RoaD5KdiyCG6>0x z_~Igr5=v+59cAdZicHyl6$O95QJ_59pi$J_<|f%|uu>$D7#*mB+~;HS?u z<_t$q(VxfTaDcyV9#md7jb$F5idw|%5$enI0RQy%%_2&*2M&V+Fd4q2BY4C7;Gyf{ zA!6M7vvf9m++ty`}#D zqv)vPgxLDNGmv!a?>jLgfQ6PGcqxHMCn_k(5m>&ybjkMmd9D%4K{t;UM@z^C8>9Ry zd6=&T8>W%P=+REyd7?#Q3)=gDgk_Qv(kciv$Tta1J#-xG;9jnbN+#)AsB!_NJ6f@> z?tPjQfIb95lJRS~7Y3g#*%aVhyT@6x$a+|io-G3;ZP%5;o^v6U1h||X)Pc^z2>HKR zeCR!!1#ZgX4D)a@Cqr%6^D z8%3#U5xeV%rghO^DI>9pVsl)FpG5Q|I`*Tqk=rsaJ46Z3~-AJDmP!{1o54z!L~C!!Iu4iNioXYa&?j^C$`nZr0=4P3 z`hGd!J$_G2&cI*1Kvzn|o9_@uFy)mn!zWf!6WTlK1i6o0z>eI9 z_FWay{%1<9Jo~Sr!WZh}Zcz1?!^7LfaAjO2@z4e^WHHS8xW)=XNeOxd#29Y3CQ<&n z;W_HqQmYO5xSh(V^nERN59}jV6ak|O(EtFM^M)m4*-yKSm{Jk^l4vIaU=LSf3)2^L zNu(?2;%la$+*trtKZNr8T4H2DBAkvQ(?@=oZkqf^<%!%5oR{Ue$k!~u(f`ny%@aHC z{E$H5MXq_Q{nmH4V(LP*zw9$y1!l8L8WhjqrJ}|S)9_cIjrUJ#NcV3b;mFSQi&iC{ zh9T&6R{uptnC6AKIQqp$1YTDW5=!Ke-hiRG13Zkj~13CFqS~S1xa%) zOtKWCS9lrsh_+Afd$s6ZPs`VKwcu|=MAx$Ei8`YN!#xWS04vQ+6&%{#ceEt|%u>F7e+$r^s zxub2?+-ARMiTvOnvVko)R27P%_xsY@XrC%x89L@t05!`M%|0Us`-VO+5 zjd|!u48GsX5?~t4)lW3o(!0>BgzD2qCkRWV-9eA@Klwy9A4bS?R4jH{LmyH;-0aLK zpyIG-y1t9ak$ebizt!~EP8F)7bqKJ7z0KUC*C9d2&l=ih`V}1Py$<^)eD8&4Sr+)90Qx&A=B%;u(^%*;*^ zw6+X>zc0Q*Zh0UvsSGkD@S)-%1RC952PMGNp48ti_x) zd)z-oA<~awNq3cIn)^yUqiN5@lA0E^s4l|`;a6S@u#&RXUFE+hVG1{n7WKi7|oBuopR?U`m*qypWjVg@349Fz9uL zcU>3gXo4orjqnt-Icz!-^ST(-LyCfJNM9OOcDn6k&6&|M{9O+ovC0hOtJkM()IVh$%N(?gj%SGLAs*R-24za$}7rWzn>B-m|h!Iq;eLc-$d+%G`nf?pjItqo5B zT`eE-O~oNpA>~}%*pIW@THz zLX41xG!@20fJ-G+ayyx0hwmR4A7}vv=AB+?ZOr9(nbR(2)iN zQ>E3$JF*LJqVdRC($*v@oPlKkZeYNA3qL2sV`8<~)S zsg2%6OW@3zPtXV%D;^<;S1!X5u<|_R+`|dE?Ccld7-1rB`N<>}L2)3OGim!7nS(nQ zVCNt+1yW9@_X7{C0HlnM0Y)W?5^8EmCD6VDpoOzds6ar2EgDlZN{Av0dFR9*UOp@A%^K#YK0XtMkBM`6 z&3VEguDcIvawmI=F%cF}rRI(eCm(B+{&v-5^;%H(^04o@s4Pxr^$5=d_V7hOo_dV2 z*0BIRg|VI-E5MF|FygQ5YWsiTFx5je!S;X>OAF zGjkegGJj6w9#9{91sniOt6;Jg?%4Ha>%#vCRv6@gO0-nUtk9&%VrRIfafNxM9cV$9 z-a&q2p+kWRX*#VCNtz3 zJz6j=uH@iN^grUG2Wmn=jN-&O8?a*@7+v!|K7gwpCt+n`mR}`X)d?Ouev?eal&}AD zVGF!j^H%l*hT#a|me4HmsopSI<5S@L`mM0oEs0P3&GFSrMQf}B^+Z2WL6XVT^bo~N z*dly2!2g<=q9iVsMmCEvBt4Kv$}Gz?E zgVgqtb=npu4PM@ntW%JoU8_fOM3JK76+{=7=W{O$N?wC{7#L7aiFbCg1HDYy-Jf)i zm88<~j80Sk@5a9{*cN|kPGyM*#R82_I1FGE7*{f*QjMwuNiqc$31##+DQGsE*uxpi z*}nHQ{M$d**G9-qE;gOUH`U0Np%cS`BI~kih`Tn1a zb&p4wQM9SdHCh+#AN;(J~BB z7oVTi>nJdK!F;QW{@x_lExS5-$a!5o_n^z-$d_56B-<-<-d~wlC!m4EU^sjqt$*Fp zlXW4qb!onWRhZ4ez-)d=peE;@LdB!5ZMt`w{;rn9^vLyY)BrRwW$=fuH!roTX0(+( z$OK}kGwD)tpXT$a0Z<|)$%X*AQg3wi6EpNDJVl&)d8>a2? zAIwjnpYjU;nxwjx9#QEnJa-kgm)$EoT3Y@!apLePq@3q>p2z>no=K{lm2?J<1HuFp zSvMn~URJxC^*fW{^2OHbSrgh=pV}vA?D#)nOEn(?2^kW<;HfgUC}tmf;zu3zZBaxQ zgJP2UHc2>(=A$X%5;p}32SM0O@}3h|6F(;>%>uh`J(z}FqoU?HO>gIKDZ4C1f#Y=% z6q0GNai_-NC@v604Q)TzdgQP>x=4*7%m~>`xGO3V$ncx$BirXFe7B|181(bmd_-UE zU|Kemj!iWZ*H=6ca?P%cMIj~aJ=Bld3Y%Hd*dvyQ0FC_q z?G3Iac;Y5KYzAg#0Z;M_=%tc30lfE|j#OtbnQns#wN)Cz&m`Th7M*uA2~+l_t){Fq zvuY{+6}jd#DEE|o8scbR{E-QO4?_&}G~cg20^#BbsYKoRah47=*R*%QLR&l53Z_0v zceR>?5Z}=Y$euqFR1=R^X4_|Gox_OKcWfou;S4|c;5()lJc94Z7b5#&U+#V(<+ZO& zPinwl^+xA{B5VNCq$qC8PS{?dLCjY2%aPmuf%j+sz>!4hX z{>@)+hh!{pq}2u7#ua; zPT5q<6!USlZX{xbIr9C#eJa*QW;Z?-3J*UNY<}|R_hPNR3EtY~oScy-2ZfW7d3c$5_rBA?_i(B;oV+rEvly zbCKffqwEz*)!cRXKy8A$>%x`D;rPT`hGgP#+m=GZM(Dlgv5f=!Ehn-o&}qz0vhc)N zvRYapyI$<~xtZV+YcY92pp3$pOgl%No$w^>r-02}c^lV6A2)mLm0Y`+l9iNPd}IX6 zap_2X_|@^IsBXoFY2klXpumia_Y;~)C-VuH-AoJA$;Zbh%F$=Qy6I`Li1gB=+f;6@ ziWRXSoruvP^B}07&@1U+K51LtMIkilxJpd_>6_> zx(lWzQMzi;@5b`WbQ6rzb29CnW!jIeSdYC8117Ic(nD$(^2D?hp^!<>x!6|jKxKGJq_{YDDXva{`jrlIyL)}2o?wnL%PhK-w}tcg zC>hw;Y|KIx3W9rNJS&486$ zRYn?Ix-p-s2lKuxN=rD|K~cGXet+PoFxU2TRO?=rUFpM z1GNk%=qUNG>RfW)IwHy>HTq*CC7G}kU>MY|M=|o>(`z2@P-q`U=!yAY39X$8TC|IM zo96Knz#>|J#Jrvd#P^wg53T_+Q>F%Nvc7L4v82oE%|D-+)VCQ>2Aaqz#jQXN(YLFk z=ea$V?oemb1OV6PErVjQ+C}q{phJwYP61UZs@6F}FT+WH5K+mV^)jPJhjr~2v`@%v z_8i63X_ti`l!}1J$5M>Tl44GTTU>q8vsG-&6fLP3RK_%j)PGgelFz?EQaiPv9=4G_ z$J@S}U(d$IDuS-*$A8c7m??1PAF$_;A-mDIuc9P$2EY`xd}Kr8uX z%LGe1?gq@>g!FyrDAJHoqzS8Ft4QJEfqEzYErrdJj(1^jU{pda8|w8o@)ROMRZY-b zw-|%gPBGU~&G?bnifCupqw=;rk{!n5A8VgmzIW3oqgAgM135?hMt>NwbZhe3Zvtl7 zGnCZT4tQHz*IKelbMuSu;^@o~c2`?Fd2s3yC{G^WPh3utY%=W4r1j~z7dZJm?2j{8 zg^kqzTK!!P;d1XDQbdT-*HX96u&G6ySFz}qYc`ve^#SlZqVFZZzh~L$ zDL$g5?-@`6BBSs;XajkBVl3uPX;MX>)>5WUQ$!EyAo$X(YL$b8HP`Gli=Zk70HI=Y zW7QYzjqfdn7Wyhms2Fvq|J0Z*&+y=+v(v+n-0Nj@@aXCsP7sm zxnlem`}ZXOyq>6I1>NKvPz#ZAx(l;{R~(9leQ>ya8d#sl&V(s?0YlRn47*o;V(M7h znFR2}l5qb1!^KPPI!flo!lRz7U6*wkYE~NBtIq*)r zD3)$WZ~gS!)=u)J9mB?ErfZHRaXKSD0ROWa5$bqXms%Gc6;7{ANeF-0W#Qnw9Z`$# z^>jAiOy6^520wh0`nD2{2wCK}8oUt~(n~!rNiK0J8mu%EGEsfjMfJcw5yEVr1;!8m zlsrAi@fPG^Ui)5&U-=kms?y+@oyigrof7soX9XdPHmU=xAk9n&$73sz)ydzH-U?C2 z;z$B#-RBbADH1OZb+Em;p+s>?LjfPj>lB?=yZcE85gfhkJXj1i{E`RLWk{fkcQ(c# z&~A1;Dg?MOVJth#Jb0ftHxpqcF^?sNvCK(Ej*TJFB8k7^&<$s#f9*igL-^;_eR^8U zAO|7P6cO`H4L-UI`qex>p7unEQrQAV?mDTpR1 zgta{3=tcTQDcs;EayCpkSX`SUe6jQGGXE?43J$}mz{U{TnNeQ@hNA8fFx<~fQK+X& z_~1|I`tl4?g9j#n^)e>lbFg;VE~lejO|E**uSv>7dx~X|7PwFvpK{g~fJ%TOiLB}N zfEGX8f%DS(EQk_MEbo(|NCLa|r)BFw99;i>6K$MPdXGw&nz;vGxv+%x`8sByoLBLt zcV16~thYLMhmEdhUbh;v4|5BQ4S7AgzA}ZH#YB~Hz0sMOP}I;P%vi$8=W$GsKbHz_a2gV>MiBG+^bZBxb-6j^`{fEB#Uzg4g-a{q#^a(hpp4D`2t8e zGsMVEb%Sa5S(&?y5PaA>E?Pml2z{8Ivl%;Z?x->K5&VP_51>iH*K_^0t ze4k1TKf!IfWt~IHGpie#rKaRJ7#h=$E{1&1~s5C0Ic|{r4Rj29p~k3oxou`2^ElP8IFTz zmx+|q#Q-r2d0O6!Z4S>*M%XLbDY)S`0=W=Q>2MHVPuzS>UYMQ0kG`|-_Mio--%N_g z^(S!}2A`+%e*I}7IJ213Ce1~O4EwBsoHq3a`FXB|c-wktkP~JmZ~)ev=VS|MTNlW) z?Q;_h4|HBlJ}%y;v9v3+Kdb8sM>Z=kvF{VFE8dxCG>X{0_*nV@{BA=2Y-5BqJ{o=u) zVxy{CG>3X6xkXvVpZ1sj0YuRpGCvv2Ipi5dti<>Z8(gv}U4GCRw0&(la;oB~qZSGl1CDXR>Fr&;u5gj6uwHM2gg?I?i3l{XZl)OMjZGkUkIGYa! zAiz-WweNGFqb`3nGF30KWIlDe*Y@RyS}0DX^S2c*oTTbn(oxekwWjxO*pA|v;{gWEBg4?!4m(Hu@M@ok?j=va%>b|7;lbACI<_@AMF&V- zqJF0k8qd2Fr^h!OB7phzaC|c-&!OIXbIq+}H3R%XHAd=FY$ta4#V0p^TfEuS`XlP) z8|=~m57zIkW03&&Ir(l#NCSda%6V_@i4Fb;P?ZZX-mPwWUi#m>5S~wNN%#jWn&0|R z&3!C!JjnOq>B-`SHj#u~Rs*sOzaIe6L{+{{+*qtnW<0j`&HO|z(}V~EQ1moR==AcU zad&C70RNkJen1*qw8$Y_CMXBwGy%-633|f#<3|rox%2{P@dlF90ktJ;o1Y3Z7bX?J zuvQ|OF5(gIBcx|+2xk&F(Bpm7obsm4BHA#Soybcpm@AH_ z{SCDK9&(OWiYji0Ra#%T1Y-3@Zqo2gU;5k}WBdP1D{@ErC1&wboRPmQs=s*^KEaDe zP?OUixTn;5>_Bu%KMUOD&6Sjzrvv5DQ)HSfVtwNI=IfcPB++-|at9l_g$`lfCX;wZ zaHe_So;76C1)cDGW~~FrOkGZ2j?@94-L|S3IMD9VLT2G59cQ}#gVi0;lg1lo#Sv6n zPk}SD&wXb1c!^N51x~j)(Y<=<_yRJk$9!oQKiKVv6<<=q=m6SQR$Rnuj}vtc_?FZW z0oLZ7eyvc0P;cCkup%^mZbaGjI5h&1a%_BPF1ygZj*$ZyV2)@*VY5>@Gph3Br|RO` zzW{YHHGcwymHI8TzH+(bBo7fPeM;CNs@3@;^9OKnHPo5Qz!}%J2#87dmxED8@ldQb zeq^Jl{C4CP3j5bdtM`H9kscr&GSJ8IC`xmilioL4k7D&9cPOaoaBpbrQL-G z-(@6QE+!36q5N}j*;Z6CFRPF4?T!AlNw;baCBJo+7Rku&Sd&YT13=5*#ToDsK0iZ3 z_Mpc{i`!LgGW`{uFs}u4=(-!+G2UHYDOE<8zKL|T-L0k_j~jgV15al9sV~(+ZZVr< zd5TwKG}~KR|8tf2b%eBA13&pTesSa|%%dGBMcIgk@=t;pxfBqtXHy$*SehDeufsp z{2f)M?(~lgC`9M&i8;P;Dh7=>%P4#`X0fpdV$_SIk{6_AuO#2jMJ)d}od1RTTP6yU zf=T7d<#rqe)>{RaU}TC-XKO%du2)vj`N!VdU<@1bnzYmfFSil7g++2P#CX)mF2h7b z=WFHAYZZ{+sZl{prG192Wi0+IAw|o2{3r?#P7`$=xLrI0ZT=lR?Ota(+KxI`>wLt6 za-o@DlUF9}vI`5(v1s=p&^3{;o1M+FE)LRWgv9nyiubC-i`4_s!a6a8Ume@v)1Xdd z1gRf@q6B{bzQqWw!oCuNGwgIcNACuAV;mS-J=DBp%@rF~<%(WsvSe`;)=A{K$W%Hz zBUy1MXj&CRBI8?8VJ%T=InFanZng(pRD8(CjLwrpZk{kih=C!fi-E(w6`$#ZK4e7V z+vpga^;V3T_=?`dxI)RII+ioS^te2;=$o$?=1kClD{&cNP|~G` zFkt3Qwl6o!%go8h#4pGPS49{_SJ<7Ad;WmyyEhEiW-;2vyMM5>2^w_bj$Ed`iQ?_% zc_SN^xRK<4jfsCt#D~&O{f6t>nkkCit#@hdzp-iZ*{<0{q7Ae2!FQ$FyiQ(3Qi{qX z5TxCFTNf9A1FwujYX%M`m1bNF=+6#D7%>fG>|Ut4kmQ4SBgZpP{&yF+H}p0tfMaw` zLmsamrt*_F5|NBNN#?VWp%`|5K}gA zMr}VqU;Dpog9RPhes_3aP3Srl%uv-Mc;hy>LiCiU7d0DBy$KsYWSGU9zEkW;QPn1n z>A|ScP^er+`tdlSzkd=U4s@!Jb-pPa&VjJ77Eo+olw4#|f74GGEHj@_h*> z&$EIIK3`Cf$X~s?t_b)kYR(XT3w-e8fsribAOfEHKQdWENy1tEFLWu0>CQtJ5Zyno zsx}1W9cCm(o{EtWtaS|p6xzK}QmlC-uBbY{O<3&28vvN90of-}J zZVytY)mo$|FPJn0>jlVdcKPKYe0?nwd|~@S!@O%0kwZlnU3)YZjSE_6*PfgQ;l~bb z0V|FZk?8=={0#e{DoKR>Xx1eMch3m=-EwHCHSv* zmcB+!u;&^!Qdwr1J{U>?CZO$Hanndorrzo|({{4nKZ2yuSO$Y(WLdBj%5RYA%uLj- z2;}IPtx5{nBPB(2dZHF;(|79dX^ey(%E@a8JLwe$%dy;>&DtYFm{oV)xJ zPnlq_vCr6a;iCJ$3qsc!Qe(3zxF6VP!3QOy2b8&U_hjjWl!;cr{GR}U`-56fT$_Wt)B6#@hs`GNUoDtXe=?X2d_*xid_qb zwLWC3to9)#jrUhlJ6|&ff1({ZVSa%o`V8<3*kDya`uHTj^=&@~vIj)U^_}t&$)&5^ zB!&JU)yFU;2%!P*OCVXJYJ64tf>t3PZ__SPLU_{^$yg35Srjv0628h~7$nLlS)#*Z z8t6Ook$#dkYVP!aZ@hW{O-sro)e>1BD1ba~;FaagZy>%qABhm`C})3_2{-$9Yn`9GH7nMigE0rV5@QK$hB6?U@dE7 zLk>ntIVDTnlMXvHGLMMSM#6{%n#g|nb+>4m&g&@9=rQ!|Hb^vG--KJk-!~I?%zfl? zQvhJe$9NIfh8p4$la#4DL2{VsLn?a0Ruk4=ZveD}Q;tA2omT(-5{OBuQ)uD)g#EKlUue> zY*^UL3+`~;D0PW?2VW=#{zB1&Aa*2{Dk{fjbm3zwPi{ur+QG#B18exvso~uB)>-tU z+GAn3jQ3;Jui>JKZES`U>O$d3UpU4MV9BNQTE2$AbWOaHxQR0H_44*MY6B6YX6SgR z*EOWX9CSK9-gdDLxBJP{W(gmz^Bc_RwlZOgOF;sb+1$A~f${JsHc_5MPh5&jQ{~zs z9LIf|gnOzQ7Y{!knzoQfb_s0E+5!i!lJ+fJ)uSY>B6d`5O>Tr}l`Ygi&|4|mC3v7V zOMF)$txICoAyw%4g!GDXWT$9G3T9$)2Si9mFt)?BA*G-)dL81bB#F!91qv~VMj^wH zaqQ-y6Zj>N(x_v94#(WZ&wEGWRWqsppn)yVr4hWI+WCmQ zz}gL4-8bQ6@#L`fBn^hQnDi*@1vCttqc{NzL3Qa$QACD3Vj0QOJgz8TwksfBX4BI3 zIedBL;q`DC`5f*vKS5TTRQX|b^EECKyQkM^Wbtam~qwoJLGM!X-FD5IC-mua4G#OPS$Zp3lF4(8a z@)EP0ia4J<7`do=ay?a9V)BDXvTY+5>PRod6G^m~^`>QO6u~!-6eoclm6E%_LjKO` zp2lHX7&#MUFDR0(18a4qL5L}N9tq-E*PmHkk<>*Kfj7%q973YhF33&nxaLvn|_@S(t%vVTBwf6oIJN$W=Ux{XDv0t|#ZSLOC)EM*|IN1u8M zhO;)?w-Js?g|*`3XdW2mWG(yu9{-!{Oj&OSeH-d_``GrF{dakS-JO(-)vJMXM-IYoFkfEPUBd#QV{rr$u9mqB2uXiBK1lYmfKkFWfzp~$_zS+=2+bkiv zG%_7vn+Rmoa{Cj>)`O^?2!ZU{`rOSS+c}bqgkwtJS|ey@c+_rKqo_6c+2`ryXklqXt9FE-5U5@ z4%a3$Qiu6R6m}gt`)WVaJ2m)RnJv(SZQETUQRmDKd&Ifbx`AvtBa~4GRLJcHw!&Uu zjU0xh;$Mce(-QQrch4l)F8lA%PWhJ)|1OdCA`>`R*OD4KM%oRY9>ZG|xzN;BEs#P3 zdAuD4e*=K~I<1*h;=5={2lvOzAh4q~1{Es8&>Bex^L?8;^KRCgM5W{pz89^)O2QX> zKNFHkR$kxB-PI*Kma)$ExnRdm?YHGWQls5`2H`QiC-c%06<@NcKEjq1Q?oGcPHo~$ zYs^8;m2n1LdS4hyJko1YCerXoVO-r2r4TKe1y1U_GpJ9D@ypfRKFXAD%bm>IH;+V5 z$zy;@CJL?WojAR$GB6NJ&B{4dG_+XsQ0a67Jj0$+j!JtCkgokzf93`2` zxV$jMpdJ_2@|VFIPV;p#4t?4|qu+Zmg_o{uTF{8v-{s$qno>F1aDL>YRPLI_R};KY zZ2cfB>v5=-~GORq)`Tj_Za>q#p#INR_F^|!z0LlX$s z_52kFDa@(`yLE*nX4r2_vc%Ur;5w;OwODJhNJ8axmJSiPrsL8D+&XOS*_YwlltUbTpS86wEizIx_h>E-*y7zAyL}LT$yL8Y zySg2qu~l9NB6xYC2ljn-t*p*J<4XE5f$2p=DV2lb7c%VwtRFF%w8m%RmMZaM!^Vvt zQ%yzwgP;YcM4m1Rs-+PnR2kFM!;ypi0^!1yNSr>KGdaofu+QMk?R}@jB&SO>jhpDUS(}PwAo6$Lvv*UIdhakQ|2Oh zlAU1Rn1ZW{J42bA@1OY^(J(w7X{?m$btBN=*mameq2tr7r@!of4eY~y4H+d2iY%Ey z5N_{N6C5A=O5vo-15a!*L&i7%8VXWo7>*hNmkbTOzwU-!c+P!(EABI^OnI2;Mn}J8 zbyVrlN$&&llsq?j4d-Yuog`hU8L(F_fnt6&8UV}pZ;%@{b}(CqFLlc&`%P9h4L$z` zZaT}{&L2|KIY6G2k(asagQ~Y01fGOj3!@?`IA~?vq{pHI+m!I2TKnOcbHF$zJ?JkVm!YdS+zWWu|4<+`SVJuf9rA>1{s5C1iS4)eL}BshoZIEGEkaQ0H{~}tJ1dM|)wve&UiB6`2 z_Qs1#Nch@H9K9KNq}t_G?-5*E3WodErcItHbyzQsZ&*1c@dj%aeifI`W)V2|ehyCZ zwyIU#p>VKQd%X=#tp#=i24x#W2#nk)Y^oKTl*N5-yNtA~ z^09DnB!p#Vk-c@-;z@FfF8m&Z#IHz&8qcGQcSTJi+?09yW%kw=$zq4miIT7M=46DV zm*9TZi!+MKB5Sl!f$FM$f59CAfvCr=V&%gV!mBQS->q>mFF;P49P%>3)%RozI+1%& zPt8S-(zYVwHkt^SWt3>{An&_xL^|SITk|MeEj9&%n|ufAs_NS;CGyOCMyexT+O;-G zWFec+4lTso+N^-mJxLCbM=tp<6-$zx^dt2y`1X6kSP8y~yMC&E(q9VbF7cP09m=__ ztb`U?2!bhVBR7xUG~tK8M^!b9Nd&)@z8~^Tpk5Kr%Rw zlbbvvu?q?+q}1+@Ls#XY#};bL z==$K=koIQcs#4mZ@Q7>z+w5NyaokiTS>=Nu0Za*-=Jd5B7#259?m#nhZv zbA{-+wOAB$GdiPC-tVw!WAS6XhrZo$Of_2yc7fV{3?HsE5upd8#U~ava3DK&6~|NO zPsdi^P(e(0@56+Kz}jsLT;2zihwmtnQZu!X1k43k1n=LAfi80oGR_@%lKW5WN}64{ zIDI9Tu7_(axsz7``a19E1@a1t-s0)BL)cdW{b(6JEkvD5_L;+Yivi<4+m2joWH~aaiUbnB1n}H>0PpJ*8@a|#KzTNEdjx3k|c0s() z^pdbEuEqDJ{)SUy53o90K|rJ#gN#&KFz;nih=1K(|C4@XYpO1D9b4FgYX$I+z}x1Q z3u{2J-`nlwKX7p~bFL;R%PzdJ(NPy;2>k9Y@A8$|uu)v*vG%@5>`NkdE@r2Y2Fe)W zzj%1BLKwLva0;;Cz?fjPBagHRv7(Cc74xc1Ge_}sRTOUWQX;jOP>%-{r?jcqf9NQr zmo#<&)w-KiF>g@=Nf?*}ra-M~K0rV=o*#y1b(-CY=<BP0NGovPTup-o<#jMzi_a?QV=(8y?>RWZHw`z;(!gjuR*}6gXX4eS|0apWw{HO#f09oo4f(6c*YW3HY4ikT zp8Mav>_T6d&JlTx4Y@gL4ZDJNT9_|+*?q~QeoXSw_6++rwce9uvBGlTF9gOvJg`t0 z_}o8bz+ROWv@DyMH^4ZY6hS-P7RcB+=lYnv&T$FWJuGi^2 z)x#!j28XGNORW>ad;o%MgfRGtP3%Ntifo89Ua(Km2%ogR^CYppMM z)Epk}W?a7kh)e=b>BHUBGT0wqOLcs27Wiz5V;{6Du!=DpZhq)Jj`|f&g}?dkk@5RN z(^R?8El7WCw-S`arB?^KqqkWYjt*nWvy_$?Zd9d;G-PRlihM{}SMJm(M$(w1~?vzzfT1!+i%E2}^{N95KlZr{M17&E`MrRAyNim~Ct z%~zjNHxAi-=+8gS7W!SDBU}(sXDmgkwMEO*jTw@e8`th)?h-U+P`h~st?vhW>8iA? GlBe3r>MM}| literal 43262 zcmV(sK<&Q+*`k_f`%AR}00RI55CAd3^5(yBLr}h01tDtuTK@wC0096100bZaAk1t0(z{XX|Pz^1Y>mIw$DC_PC+^)H8@ z0s%x`s=wpHGG;OD#Ay54I<`YCS=} zf&;i?X?}kS1ONg60000401XNa3QQknN0YGMc~WRU(g=^Wv~;ko>#WFYR6ur&G-!%u z40T~4Yp6WXj@OO7hBQmBm?f1D|E3b!rK%)I(t*Sm&UywkBjvXU2e{Roi@#whsPVcf zP^o~j;*Vtm%(_wQ7Y<8f2HthfSxQbP;8X~atvDfuZaRrCDkbn7Ljk`t=Kdve;30<5 z2nZO}P7fC!jhTMdcWJdD=!z&xGx5M^BJsieL5Q5fR4rr3i1&G}jgk&;z`^KSzbp zNalPTiPs46O&;m^Z<2cF+_4&nj*^0wH1O@yStiA(zHolNU16CwA76gG)6L8o^dVY8 zTnf9lM8!;&VDo}rE(~7V4i#*A>$VqSv2@8I`J+fO!3NH%V>6c{+&P8=5X}PEB|vy= zPpRD=B#w}($j+_mxyd6~(CcDE-1+)^FZgtzM6n!H_EA3`Fo2M8-@*)Yf_IKg5FF-R zPl9kR&cvk}a_oA4HDsdpw^LpckMr@*#kcjJGf!DcO z(m*cx1l~E!fq5w=|1^?rG@&Zl@kPpa(-yh)CRU(JNg{bFK4^Pv}k~ zz6s=xHNR%2SP{wFX-H2L^MEb?3MY9h_8|sk`Sx`>mG8$-xvYTntANM9&I3&$;&A@z ztcEP}PXWK3VdMZ(=Ac|A-KB1JTnl&Q>8?d$Yk!Nhie2k0SMp>;El9RxIEJosSpNn0 zC`oYCorei;a{hAf6FgPgBy^+DQ@f*&&9kt^)=HETt#>wndXj0c@Z{BXnejsEM+!HSFa zB@Wwtf0A*ueDgyh^M*DZXeN6I)6gca5)Orh&+cm@idG(gz$P4*Xv^n}1j7x*46-5cCXZl^YCSr;`(`=ON~^&NdY%47 z*6H+qimRqxK5a*xlMuYeBvL&>4WVbTWiOq_yL9GcFfW=$A5}mtY=ICPyLQ&|P>b_t z00CZNed${cBOMZ|#xNMCxFg*YraXR$qG_WhvYnfZ>vhpfPs451A%Pj-Wh(5lP#saX z1cMZxhvCrUmwbpQkh7#*5l|_giS1^IlWM(Bu;QHj5_yyln?;ghhXYyZqu(nZFY!f@OhQBYpLaEh1?xVU40*~)l@ z&C_5`0L7U{E$-3qblJaaqm38;M+0QcogD{s>9 z$Q~aRV)7J2*3OSHziO*5VB`>QEle3`lR+JZO~tXkKe=(-Db1W{TL%?eubW|wzC2vd zoWcVTkOC~30wDntieJy%YZ~zAl|h|WQHX@kzWAM^4pA2!}XeShNp6XN%eTADB|M0mFp=ei1!@%)i!9zndMiD(P6~PPDM7a=?_(l=vc_GLRC%IfCnW@G2fufbEtWJIGO9Wd~A^Nr16(jQBs!S zY<6iT1?f~DQbfLT#8Cs~(;z?-n%yfgM6%$AoZ7Yqj_@X3)dX~I#^gfoAS^)2=xg=l zHEg4>tHRx(t2}AM>T!0yQQS}C1yJ-n4)K1tFN4$m7KG+lu%R^O?%dD^sRI_*hk~VTrgip=l_CEL7?lIcC)1 zi*$e7LpW;xXqhalbVD;jKOOepc)Mj`=XYFUCh4VmK6XX*tt?q4_Rjexsmole&~{j6 z+ox|xU+j*a`3S+w6t?+^Wor9*7M9@|;R}zAX_^Du-qFeh3epa~e9SIE?GukdvvZ~L z9jIa*)qh!%Op|6Zto-k^A6sB`N-g-WCpv2Y-&+0Kq)prIEnBa`5?=nGCHup-=YR%a zUzD-WW-FL%>|&hW=b0KyK|=l`a$$!^fcuymFdV4}Fuqt0L)unQ7PK_SUR>XsWZ&#c z$~xT~0Yu;OHWL}42RlWfBoho|XSS2GkA~YKZJ?OsHDHdf(s25fBY|!^S2@`u9hw)q zSe@4~w7>~;!3JK|eGZbCuO^M*dGWak><=gURv8zT^B2NwgH|=LJ}LzwH-CyKuK?oq zkvJ~E`xZ%FSe9sI%7w5D801Rsu@62DA+xmZOX!LtKx^jwN?P>G^-sPg>byea8UK$PZ6;1u4^w!cCn-$}K&jhr}jZ%e?9nZ0Vn{LN6Ts0~iU7H{I%!8`tlCaAyG^kMw`pKF0 zkz%b(n_spYYI~BIovra_(DgSHx?!MxjdXagU|B~Cn_CymtoC;Ej^YvpNg>qX--W&^ ze3Kd@@eY9XLoH^xu_zbX;*2};uZWTpW?Th=^g;C0phqnMpu-ZSOG-gUI4;%8@u-BF zcv|zeIKB%Ac=7G#NI=r%n?*>?y1%e6S?U=Js1chlQf9OZNN-Dz5b8|ke36#UAeb#) z(~2ZvvxTKQAM5%c89F+|2R|0%G#1=L5H?T@w#N7TUfRR>2{-hTuTV*K7zjbQ?Jf~P zabNOk@_0I*$f6^M$R!_7ait^|NJmJsMs85{3lSHwYfz-wOuIwIh?{p@VpF4y4Zf3c zViTPjUsAdJ^P_Aux84&R?pvA)F3Y$=eoKvpglgM^^Kjo_Y~U8$-4`FP0Ha_nU+DugJUBGZ1e{H=I<*}`5c@&dvV2{UVS%@d$HyQ(tf~^xnI8uQ;P+9_9I)Y9x z!hx;^YD`A;5EM+zgyJIc`*1$}& zDsXj-)epqV(x8$^I|CGx58+6Yhi~M821d~0Gm$e~7t}DZ3E{-iK{X2ff{jWVE|z*x z$d!o@<7p@yxK|-K3GPW`GQGK)8K?7 zAS2CLPnnHY$dDT`!JZP@5Mj<@c&6l{R&CpfWhPXl)t?}b7#Z#h{Dm(_@e8qd%%F*; zv(7!nUf~$avd;7!HcQ20L3TG0g`*8%mVc`@iQpd#J(UiaB;G0GG6KklR-=ZvuBpgE z_51AtbVrYc(qyu89M{1Sv1%~bhgFPCD?UDzZZ-)n91KVlgJ}s9AC=2s2o~Wu*+dy_ zu1c-_)rm*Y2LGMA?E^F27>37?%;zVp{Dc;M^a@79)_k3F5`Q98htzPLM}KtREwc3f z6IuN1B8u7S)_^qV9UgqSxOnYR^}+qig4GqMcg%wN`S>RL2Lu$`gi~~6DC=atk-YV@ z^190hOqv=IZ--HZTTyPtG^@sj0vrIpDy}YxZKGgp>!P2V6-DQJ+&1us`udwnejNI9 zun94cz}-`F+Repo0ynJ!b>c`^D*`-9SydlF@>s*bDW3>3&3iZ8mp+}mU&ow zqGaqwvTN1wHr2u^(M-f1$hR#n7Q>yXA$<|a>8FkE>knpU0mp;Adpf`5}=;NuLR<};#W&k{1vQXol%vzPw+(kO!h7Qc=K3G<;ctN zeea?U=#~_URTto?euXR6D)NL{S`fBSbL9I(-ynGgMZb#U>Wa?zXU`0**Pw|lZTk&{ znv3N+cJP_^)GohG#PBKWE5N&2KLGn}Q+9uTcncpA`1O_TJdLin5~5k-zWeAcsDk+B z)YVla2s@sGWw_h4&o56NtLy%(#{k=b(G@TtzY^qKdp4)I=H%|q}QADd5 zd+=Jryq(yQBN;Q$izIS2>BlkcoK#K)#AB;9NB-VGvKNCMV88J0tW_YulQXvS{~j8q z+T~gaFe42SKkjA7$gTNLG$KLMbrw_UzQ{q?mqS#~t-Rc`Ge0O>W;gH0S)(3$8SiA5 z1!N<=^dZ&;?=zJh$LV^a3Iqu)Xg)aI464oam>E!lQfP0&OmPrGvIK zshlMjb1}+S$#GQ^ih|mDwJeV8?Z#EJ8~ozNl|-rGXnHh8n!2GRbN~^)JCf24*GPk} z*9Yi2@SUC$>lG(0rd0BfTtu^kG_CM3lGTZ?fan;DtY%-gO|jJ+0VA58=z2?^%N_jX zg&;(aYIZ^45ADWa#F(Tuhpd=5(VKKv#t;A{iuNq!=YI0@(n`OugyxQgr;+`;46OkEIZ%ruI3voI8b7uQ4TLFJH(YLDN(1%+I zr?%5CRNl}W3{M`=c z$(clYG*$wlTM!gcQ81#BT@OB-tZ88Q(J3J4PgpS}mN4V?^EggK%BZ)#>G~6@ptx~? zzAi3)0btT;6WxL|$>4Xl3w4&-%AiW?g7i%mB;c($Q)rG*(w{*S1$P*Qu^hj|{l?6C zy~n@;nJ-QNAZ6qs+#5e?WZ(dFRgH;Fn33hR@}aJG^HwA*eU8<@=R2_E5<)?>7n5;?eXD6IXK=M=ocBrLawo-}=*)Tc4h$ zzCUvessBHA17O7*5g&{$JW_d1M!ZsCYer}DeI3?KQnGE$TXo=m6qCMxS?r)ZT3wM( zweJx&OSh4OoNE(t95ZxT%?#_LgWX1=p_dL$R*z8=;mmu&C?XOr?f)em$AaVF-c?S( zx~az{7OdnDX7oWLlBDV%vLRv((AD$@EA9a2M)I{bkCMWVvs>Cq`#CK*n}Xike>iE}NN4KK=Gq587Cara>!89bUOT0NCF zF2#RsWQz0h*v;Jl!#PhWhy|ZCv%oojqqxZiV5rYD7$(7n$b6AZI3iKKVdRJFXOIZm zgKxQjj)BuJ6vm6Y^GX9XzO0Wu@8y=M4zBSatth_+SzWHPb;q`SmOg0_1)bJ4FNI$R zHX(Xrec5ZNSBlO(WXZU!lbc#1A3XopGbBQsIY8$039N-ajLI?XLd2C6*8k@6164}W zhTu#Rkuj7nJf>9B$DB04kYYzn@uR=(BfGz%Wpx01WUfi{V!=Nq7bF?s`|s-EFccmrq<@nPEaF^GZKwT@IWnUkS6=C0J`d>d_z8G7Z;U@qj zcS6ulQ-?SNqM$>^TMB1u_KfYjMc}SA0uh0C!a`9BJ3$t%(j#08q~P zmfV7B9|(rTaZ@X%Rhf%MFgM;BC>Ba)Q8N?s zW_WRuHRP8EY+C4Gpx86^#+kdn?Jw*Kice-v)fW*ksaROaG77l==2}{tw-b&N#lRQ- z`-4oBZaMevlTRI%VqY1~8Z)6?*V3>v<7=#URTA3ZE=XsQ1i3*eh0~r|KWV;#@#`~+ zvSl0EqxOMc~tz-?A3~gtbauH0&dALI~Tv51|vrr?URNPdZ%5^@u** zgDsDc%h$Wpq}uOnYTMd=$x}!eu1Su=I<9TzAq`grhYJKl@7_2{`qj%)D0{cEJ^Z!8 zi$FAU`4;TQ;{AZEiKu0S7G_ZXy<1tU!Xg5wlu7qY1rCUAg?Ib3!P_-tcMu#aq?W~N z>0`&T?5?c(L71(Z^^{;75;Zja+ULJ8Dt3-Gk&z~(ef?*Y${b|A>Ciq>SZLHhWp1-> zexuqB?&-d+@X9I=H%RNy&0p*ji?h6tC=%=OxYF;Ue>*WYQs>oU!PaMK!OF!}E0r>S z-`Yn;eH!^?CrU{67kgU>Wsi+T;~D5ZqoMOYtC#j@R*;plA-R*zrRej`xA>l#2GLJw zsR5OA&#s952J~O8c!bzYjU@_n`7nuIQUZK3Bl4V*)iICf1REnmxH!6GVqbr80PA>t z9_u1EO0v%FO|6t<&sKOZR&%g`vG|R***+)vT{v82;Vu8sp9^0)>uO4YuShd`s`na3 zIWCNl#e1bv_E$MSZDi@4WfRxWd(Br{b6YwEfO*Jobmm~HW;$iCX54^0|EYMp9YFun z7U5X}EHeCVDBf%IRM-*ofM(eE0&FHs#c=8u$x0s2zyPs#idF1167kd@{~UIrqUYUi@E%BR zGC4tGWeQP+ZZg9YUhb3lKo%Gm=od`b;!KFxR;ZzLBl=2TQ%{wuH3n{CM)WJ)tRe=v z=2RG!jp`eOl*{x0QjHZFmwO@%K?j?XF7j4m_py1vU5hRg^~v)QH)BIEKo2TAQ?`*G z29>k7<4zssC92gR_Ln3)#RwN`BBHbmV9WBR5#X`cTr1b)9h(zow6ps1Dt=F<$n{9w zsDi=AZ=OwrQ+0;rbg0lHXB3m{opgFkVJeYnsO)9*R zmx&tKJ1$W0devqjUtnv}r4N-WXOp(Sv3-r7qMzhH=D-);0*_wyF~o*8o`cRl60W-F z%h+ljDwBR9=iE_{xyp7|!rFEr2)l<{TdO4Nc37HeIDTkH2XM%+pTML zBkQ*!xgbuSwH;PiW`o|#!Jxj&_5)?2so)NC@hNGvqN48_Bi>tJBP4;6 zD1>+*=aMqDXzuE3$l&;C;izP>&#tyLkWC|CH&bK0Z0Pa986aE7bPa3(^_+X{?aS^F zFI?#(!LaV^u3wWedL*bRy@ulM1+)@udm~vzlp2v#c*ooyf6p_1Ik_{jn^6jxz zCck5UU$PmciC~YOpF&I6va%!%?4Qz;og_bM2#G`79z#mXA&s!-^&5EN6O7!0`znq% z;Ft`07#gW!<=H8fPL0Cu&U>&YVn6c-BC#(6z2f+T*BKp7p%imHCdLM&|^Rd_L`` z@Qs#li9gX&&y9GZ;bC!P7?m{cDczMUsTeN<7C-hF2`wlx;z=BOQU;5ON^T0J#!PBD z4;=JH5+w)jo^2>W<(eqzi5Lg~>9$5Hjm(}pqXj@k@X2iUwCS4v7ihba<#i)X*bcCEn z6*J__F}~F@8M!!8s{)Lo?Qa7Y4p+?Ae3N%x_qC(x%LSLuKItuTP`~X%nKrbQo zFVqgXa~#Fbhe*QPI}M-YYsV~Yj+8m5Fu|X#x+w3LTaNjY{Uik36>&anNl~^qF<({e zX3EPk05a#3#j;$c{aE;)4zd+)MiMUWt;opl_P-va6+faMxaEMM$WS^$6MWUDb#b(UQLu18buhUuP_&!WIA5+<1a z*qRK)>$L_EGA&60?^hU|@cT2WmPRgq69YCgz(~i(JPx}v0Nv`rn`;#McwZ^qgUyIp z>fIX{k2{lU?q*7b>W|=7)~#{P1H(@^?Z|rMdg5^>mC5|(iyrsGMxyBGFQg~hHRjAS zm44Z{4h`vb=Cs0ysTJ*vkg;iSKmmh6+pg^7cHHzG7QDzOwcBj(WSQ-QafiEOS0K&W z>?vADGV$IOW;-nDD$vZC07yEr-&5MFi{-$x!V4L~k zPo<=r)VOIaSnKry?B0$OvM@Ub&#V?3{41T|JE)!3qdxY(mX~)=I{fE>e#Rp=f)wPg zl6jkij{f1VDM7h<*uHLDwfw?a$Xt(_ckJQgkv6r|LcM~27MVQ`PBU{;)wlhlIh7#m z)5G^2d!=_pP8z&71K|t7J>mK&SbH#s0IUMTi3S?t%x?ssVr#}8G3{$VLqbPhBuf+0 z(!zrgGjS+fESj?R z#*e#jOVO$ZbAOHU42@_w5WWgw9mF~|eh%zV=SA-URz}QRKT-e5=qEBb3s`xc8t zyk$eti;L%J%BpZocWgwDn-+j92jnw`Y9kI9*3Tu?Yi{Akf??xd9L0;hV$&-+$)*_R zwN~A1`iqo`9xAQI8aN|+JkNveOxnoMsLDW>f5K*K?kSUnfx_6_ocY{AxBM&Ww@3nw z#I~0jmH|PNV%=5-)doTm16a?GkI*7P7U-N;bh8oyOmqUW*4nP%BbkIuhCv$vH1OD& zanRIYzAS+UHW?!q0~}&f+(g!rrDo?Zd@tUKa7UMMT8(Ud3iaIVEV??-0WgwvK&S92 zK~8RIUk_E#h~~??6CVJ(s%5?e1rXjA6Yoda#wq5AF7j`9OK|aA8g{e4;OB4)vXEF> z-%-tdQd|CcEx+C=KC#(S{b&W+KWM^d8IAAZOFHvgqnyw-R|xUuU-^$Ye(-+7$!dY8 zhT&Fj7VD39DtrkAQtx&f{w1FZro6uc${Wt1dV;G5xSkqf@Fr$tU;%DM@XjKwL~$F= zsS8&)PEub{l(yCNS}Ji)|^lo;%oT>Svmx zO$P8$$i_EH0i1jk!cfXWU7Ueg5BD?NgqtZk&{@GYRK4wkQaNT}t^(1XREuf;_c07n z#g<&nLsLsE1EKi_;nM)TSS$XM??wJz)99PDKh_H@SS~^>*m(G5rPzx_QoJy<)VFZL zkR@8SPB|2eC;sOb{kVxro$$<8gETWE<8>NI!)CP5$x|H_5Cr6g=3{(ui3z>e;dnd$ z|3^D!^I*yv9(R2~C9Tu#2ye}y=IHAgicQUXq+Qt(n&0`8V{?Q=W8JFpC`IT$b3WO4 zhRvqHx5H?cbbK%!3+b6j%uU^$?_({ z#Dhbg-X=A(HVKAFBLA2T!EBG;sw@Q&T6ucdR`p2{xzuRIbao_5b9`B7+2NQ3uA0A(lllt3V4dJ_O@bKz@AW$X~Q^_MaMq6 z+;u^4Q0g`Eds_m6jJIO<1r{wD7-7e;4twZR#z6~PLp@=qeN8?*#-!;rR6(&4u}ftt zXXF0`p^V0nrn1E%a;KZdGhcllh(D!ngy855bOqUZt2XP@ zv4b~-E@H1-i5)t!)K$k2Qjm6U3S2dY*Qtlue{fHAn;c(2yB8KS^UfaqF7Deh65dayzmZQK?l-lOdIP#0{DQwxip@ zQ=DhSE?8d9(_d)kWtOxbW~(jQajH_#{YM6b3g<8P!=;SH{(FF-g6b3{5-O&J^pkMQ zO8ETj-{~nPF6o`Ij5{yA`gQB2SDJO)Vy=M1|JY?Sd}4k6r+iYUD=yKb;>&?tB+ z>-N%-HXQg$`}#F_>r7nBO3L=W16mnhmEij$nquS&$Vq4kROylRERl5{QF7MDV34KJ zcKOXitubGg!ctQJr+Hqgn*gY;NpDb2XLBr$29ts)*DobEI$pWzMWvXzIEkQ*n zhKkR4C8`$sAi)ORt}q995-2pW%maa|LG)`C|Km1E3arPD>`Ywpd>7e~L2k#SQq1HL z9dqxG2f!cP!#cw4YIR%DuU%{*%g)y?3W_b9EI2uI6GC4f*p6x`uN7?O<;IJ3)u$75 z-cIwQkYrs&D7^jRK7LG}wlafcyXX*+ zt}=h)4+vbn7oZAPO58ZmKHV@As-MxglwGb-kp=s~dkt2T`uaW?>9484|-B zK=jUr!;lwTFw*#2Ki{%J3O`ag=2DlFI+-ofP?}FeQp;-Wn)J#ig`Dpb6$;}`79yRi zc=xZ1ig}Uk2362a^5%F zLB^BL^a4$iKuhaKiPS4;FL(AtZUBLsMraAk6cC}r{4HV^?t}So&LP->Ot2?J;d9^~ zye!yKEG*%>l!;saR-DLSaPaaZ7o%f7|8wVsBO)$~?OOjEoM}e;0Ii8gf8hv8Zb;|J zL*Pl740X^t`-un`#kbjf?|rz9S1-p{2Ch+J%h9lvL`<{h0c(3IGYEvqkZZaOL>gW6 zSk;3G594zC;EK2|Jn%Y~SPH)_CQWvA)OaxF5Jkrn1#*8Vy9tGu>TIu+e)qwFo9NSo zpUyRjuK1hb4V}n&Z~sU0HqHQl3aP5|w}Cc){BKrX_ctPx}JeL28^P zqEUvt9`~R*RfA(%9{y`5V$WEB3gAKCz{1ES%~M{>F#>o8hfnbi!afEf8Z3< z!c488#p3^}hdooCj^M~aWlW}YkdJ;@u~Z#TIJuM17?05y&p1^mnpF1ps6*0*U!Mxe z>!y}Cq?=!}`3m)pj=e&BtYA#CnQ2^1_PQ2P0bU%W{6PicNkkT_GF=Vc5rBea+fXgq zshvSsqoDL+18u7fXK&;fFp|Xv(efk&LS5T}g+~`a9d$S29wNWkF)i=A%-=OILRc`M zUoG_cDCq2FyUNjPcS|7nrRxu24x?+W0U}4dgN1?m+Q+X^VBsIb+F7yyqYf~Z#?weK zj4>oMGg;JXl>MNg+qUNo612!LJtcMd!$HmIjzoAoENB=mBOO#>1&tAuGm4EG z>ohNpSb}uyf<#eRKgliIFDeCN=|!)u{_v6=iN42rG*rdc5%L_ z8WgHi__<}=l2yhLZ+XI(wFW($GxVnKl6)^aph#7>z6Pm^yNL~*QXT}TO7p%Z0&9=e z&W_)REv@~W!#IhcE`o3eqs3tC4-quDFiDMfRc%3PCcz>O0&?HwC1Z`6l|?U?F84E? zBb9YnF{_)3PFU*fQ|FuZ6*5eVa@q@08*O@R#&!d6X~i^ICi}u_?Hm@f?dAoye#`Y2 zJ+(y31uK-tN0s1Ww6J`uOFKOl+;)AoTODpP+N@Hzh|H)_sLZg%4cTG>&uL4DJhH*) zUS^`|3Xj$?D03+r$MQR*MwX6&luke}|0+Nv+(e-L9KF!VmOh97{Z~y=#XK+kf(6Do z!Ms+t8K|PRL2cbl%k0-M#6c*H=AGY}c(QpxRFN$SUQ$UhM*Ccer+Nh>8P|#T7TO!~ zZz;9~N&K4SD+d8e_zJ^Ah+WF94agAveq6GWSPua?;gCU`-`$Po+XI zE;Mxq^~a`1pMKF?c>kcw8`Eqo)x0aJZS_KWrH?TWax)6@unOy>cGNU7O(o`TX+lK% zF8qf##Ib5sGfDw0)5ti&9S#POm61(RD4M?Kjw4DZ#Ygua=LKU}7W; zxW!Yk@YSWT&S6|jNV|8(dTK%;1+gK6Oopv<*@ji{={~&0RSNcNJ< z2yEl4wdFHHU1IUi(Vp9tIUcpv%SF(IOQT$gpX#vQ!f((@8OXx9W!Z4imH_(srvmOp4t7<#4VO zo2@=c!6f_4m3j?&!iMx%aB7R~K*5Q%?RkR(@{6z=|!+{8jr|ozmR?42eJiY() zl(Nvaf}Dz+l10jxxM ztc~5@{$h=gvQ43~T^vGLx8^nC(aSPPD!K>shP)M`7NO=dBGe38o6KCq)7E?RMr@m8 z-KoO8n4Qt2Bz--+Z>KK;eHX*e=s?C{tA<7{Qynbx+ z=et%YZy>iko`s$r-J5r2x)FnKVice2`}5p+lA>`;z-2#Q?XO>C7D|XRm##vQ=tv%- zZRP!LXMw0){`>t={>TZ>t{$B|FTHKAMoeb+cQmWkc!o3F`uO3Y@)4cG`tkVuayL-E zUFvhnk-N-TUVEqQ+tUmMW7TzJ&Hthw{(Jz<5>3v!D9;1eER;vajsD#o@na<3o`fiz z*$3u-Ef6#PV=EsSoYrDz6Cl9DQPnv?kJw72;GJ@0!}51@;1R7?xx+6t^(d;za8{55 zx+yKTT%qQ0aXmSKdl|hiUET<8T}fvD?h<%xMd}Ltmi!)SAm&fB)G06Tx`AR3NqJs& zL<*C}zNyY!6PL=T(!FIQFElc~V!RyHXeBr~L~ylT&ZF~`A;1FA?UK*XHFYK{%wE%T3Q}c;^9ppxO37TN%kb*}VpxIOGEYLqBG#1IIQY`jNAcshW^&pU zf#ImnStX+4_WVD0#4!R~C=f>s96Drs;lvPuoqtMwB)pIvXlMDV+=j1OM%8(1s5M9( zSaFEa9<08~Dz4>#(HaECCw(G5T;>#m8X^AJqD>kj&C|r5YViZ8=w@#rG!nNWYC*LY zU58tMzHWdC^WOv6*BtjliEOr`Qg67EX6FY_3)-by0l5H-Pone<7}rM@Z_n{Jp6~|W zaX#3fQ)xEMg1t(m;3CtkL3uj@!n7FC<9T5TR|LdIFF-CE3DI20a^I^VAoHeOgmZY3 z)7>46XRj^T!?sTB6RGIfI9^xIxfR%?SH7OXqLf4auD7*zf<}-04v~b)p9c3JyB2ovH5Z>;_$@1BPZ~K*_7bT z&g!BGZMWqn!2I;@%wH+YC|34A5|hu6;y+|q5B+wcz0b&Xv_03wIF|vXV30v^&CbKIzL1%Mw`&VCL=udrhQ|6i)jJW6%ysOCEO6a4euogIc8BRCiM0tjHjQUCV z5)5VMoXOhq1H#;wUg@KrC6>aV9YRz4fFySqc$|qEKo-gBZGqoQ`>zd-Y_Dov@lfH#y#3uhmLUk zUxjMh9P?OBQ)3mx;+UPjEq0Co;SYUXF5X39Sr(lc|An_6=-kbjO+9cs)F%}Ah7?ma zsNUaVme91c1X{f+06(TaI2BwN9psYSu4L#K7?) zTgf)xLZg*AUv#vyOJq49JE;MJmKRGFXCdX=AT4fh0_RSL)jBlJ^yT00Cgmi(CTrj= zK&xqHa;}%Z-jUgU8&Fz0K{2oLLBAKdau#xtkukv)U_-H`qE8x40p4G5ibH^n@zOds zZLC%Dh7UM=r+fi(11u!a3?t#9CMu`c854eL%_{=3sV81NULH;}-dA&Z+YHB;okIAj@SA573+U>^*_C3JV zz)=8a8SQ-i7r8ycG- zO~fhbF$jh)cO3~E53d#WC`*d{P?Kz?YZ*h^wcOnbUvXGB?o5%}EQm5HrE6kTXK`Ww ze)KxyTMSFary%DnEet9W_e^X+7q~0)FFQdSZY74xqXc?Ui&=MC;>-xSqaV7TGvaG{ zOCif<#wmmQP1>A?rNv!*07P!xMj2o@Kj81+Vq-Wz62yjp)iH4=&w!}AiBsN{IzJ?b zU{F^TTfBZfu&K6}QX|EB%f}cWj6*sJH_nYi>#o;Amq(T_bIPHP2`rU!+6jFXJnpuS zOFQFV7!u`g#QRg~@1&9qD4_QlZ$U>Q%;yHV(PHh8lx=_8jkW4{#@#`{G4#hqti^_* z@fpBi;#S=SOZmv-lR}>y6aZ`3+N{FfkGCN*9Uz>k^i)+^WMyVT3u%Ri(n)`Wh=bli zhR&bt($oWngCr;@bZJEWHsxWv0>H$p{i!mi9Ex+yZC4^Xzv^j*KN&@AW3E+u>bd?C zZg~>lnj28`%89G2vr1qLZl$lVACOUA?cdaWH^?#kj;qb(-#BQ-PVMsFs$-(a8)-{g z%3j&q(c2BX!@e{S;!kyR?{p zpA>B437a*avR|_Eg0%PzMVrmD{7>dvPUV9c`B8YZWzzZ?0}mF!q(8Nwgy&TG#Yw)(__$TaOP+Gd zWL*4p3g|YCDr*!*cVP#M_dce(Q0`en&6pG=5E(k}6b}xl8dl z7wWRR#%^a&yZAZfe{EA2;5!F+cHiD=-MV&PakLTr4a<9UI(EJguKzQYPQl^xnI&?c zDB^oErRPcICA35r<&PdOXXpRh=me3WAbJVJ2 ztX$)$AuNx1!%cq_4V_Hsn4{2|JtzDv>E#>z^k}4Fel*}eFtobWC@F4_zXtJpvg5L^ zXc8*~%6&8Bw|<@{w%yk`gC=+)^lA@?FNIz1c1(-^629A$mtJrtg;V9WNWwm?>`=Sj z=8U`=xecmaTnn+ZS6;xOg|Sk|RoLTaAj51t(7MeK``7nyD*-VbWPZ-o4}M0UTwpYsLHYWoPh?Ld1^_N0WONB4af%0)K*Jlz};8C<5n2 zDon40$Zm0_d*5+5G-<2D7#~(;%Sx8o z6uvcPyN{3oG4;gEyl^Dy`uu>2TZ0QUD|LTv?{o(DwTOT0G9l0dU5xs%SLBo2b6Gc! z3+J!fFZzj;g&U1I?YrKtgb*@RnkaPfcy8&0A&I-+7ZVKH&bh+IH#XD5#U2%26oFI} zR+K%4B^*)GX{R@+(uV~gcAi{2*fntgxZdgPtaVps@C=dk@gxA#LM{sTO}Za$cxQxn zL@kTanlm}8iTIM7g`|J@?)EFyWW~(vy?p$Qu?b(ovlBAR`w7*?JmbVTLY`HquwCcs z49*THV@~(m$_S$YB5w=fl0zCo?vvF^FNi=!!2V%d)>W4%$CAT{xe5pUahJIDu47^J zRUYh;9fYXS0dL6jfEYc#LanM@_YdEEeP>IXe4^eq3O!bK_nfF@ z4J2L&Jx8~u;S}>-f%D)vEuIbCXUp?BTaH9BXuRkO) zQSmx^&;BM5>MU?}YuzIk48iTmAN%B7^dK|p|5&u%VA#Pd2L`fta>ly((|YE`W!1=Yjja?tWp+_UwY?s z4D!V|8%GP-QmU?^{x`)G>)t=>*AP)dC*3&7BaA}o4{q0Z`zPHa8~fNxj7g3Y3RN%& zkG@VMOOGhNtPyz2T^rVH%Uya{+i>9YdnjIp6P!E1wvIVr#Y$=qP%| zhbE&K_rCIaX?t{xXoMZcxT9m{mCeis)9jjoIPyk}~bv?X|g4m~Z<;Mgua71J(@U@%<(?)Z;jI6KH7t`QNm1 zbLxDkgXZ%USBcw}4BNgN50fZDNt2?-zLjI(IBv1`NgkGSe1zj*BLf}}YRvGH)7R*< z5M6PAC3W1<(nKcuMPoCMVkc1`Q&H77hvpCMl+_mR80{%~56ObYz8nbQpm!^Du#3*n zjncDBQp&OpSfrjf-RK#oLxy6oZ;koe|EOACh zCGn*L+8S711Paw+Vbdvx>ZSwup0MgD0Fr)XcefPMS!JIY&2CszB7l?f zGe>9#z51E($W9L+L)A|&(|{h(T5rly(cFGY4{y8<{_jCu_w9HpX3nV6cf4~gFCuo> zZDtRk6OiOzV0bN1{$x1-MQTpq;n9w|mKh~Yc9=;3)0)QwBi|aL8=|E{F9%i!@gEEq z-iXHqicV{IFXDpD+xhq?Xm&ZuIHJxE!5W!! z@xFbDWehJecaoq!)vbOu_IAt(K!F#9erTq=zwOTU8Fd3$8u=dYVMw4wJ;r{sAV~9q zpEAXit9uTR2Pf=2{$c<79Z*QwTXEEwDX(*U!lgEre(oR&b)osT;ZLog@0$PKXQ7M%UUcMe1lK6~AMqY==cvsc2ia{1iZvHlR$ktdZdXHtnA13Z{;e9<* zJ;a*l6pwyet-|mJKpGxJBxp)vtS^2SWp)I3FAS0 z$5gz@gp%8ht~qqWHJar?b3#<&N$&lo=J!v1u-BhU8)VK?HPXd_>jrnaUb{{J+$!18 zl&p{XP7$9Cx7Szy=qGJtfNb+Q0VkPY4UP?|{ncb#C9`wJK4!gzZzl?aG$Acf8qvb6 zJ1%eKORSYJ@pA7KE*2e;7YH7oUPx6r;7ztLPWX>gj!J4Kw)##{7Jot8=TJBXJBg>} zmxWJPS|Xxk0zhAM&oviZCA~r-7K%>R|6}-?=K_wVtqu_1-v+9-V(1$|SL{>j?Jfxc zfsH!__T|YZT42_+FD;(FIN3}F(U2!9xr&}B?FWY~;KNwRO~MgZEYjy_ANKA z%8==U+&H$NWe^R>8#;3?cp}o`F7%u5LxYn^D-6}zw#WGPyE3Z0X0UR+2ZTADQuy;{ z(#%FsZL|Qog&(l?(c7BWg_8DG)OAOf2YClR#9ptksP2> zP@8OTt*%jdSSTA}xPXCf0oBX~#7;`=5F&mG;V3!uH;Z~e znSrEy$sykT&Z-J&{a-RQA*s+cX*!RG$xu~CxY$5kyi}5#M6-FPE0P@8I8b;iQhaLX zqg~y)hm6C)--|=ncM$1fCXqfMduQ0R$Z-z&h3G*g!@@Uk-Va*1CB_J;J0B|BCE4cs zNtZVXM52+^0vIXGWtWsX3NT)?ma5-mXVg9*#SC8^gF_aN0?Ogv2Q8Gjv1L^K>N4#W*Wi%JW}P_G70{K3-^`@X@Z-Zwoe|u7kfpdj(w%Vh_MFX@ zdYH7U=5+BhhDJxTMP|*oQC^CLPZRVy4aGeqK~V|QY%>5q(*xtY6G>5GY+rAmpuy$U zIGDf-?3-F$n1RyKaG1^lxu|06o{n1o0j8kCxCZ3wOP}fHl^QT_+6XwuKQIN@$^3sb zdsQ}H*yNTQKvY`g%+;y71J~Cx0Q~YfBUA7J@4C#ys*2+id9Q*kaL4?0QOwOU(gQ22lh^2@hYT?G5;<7pSDYg) z9~+sXzUux-jEt226hRtf4+V)kU<0e?xzZP1fUdqF{veQ;LaGY&5pSKQpmjcD`phR6hXqK%dPy)KA~PYl zxCj-rcW~k^-n^0Kq@VR|#s-tfQA~6E+a1sE_UXl&l?08+dj((xS(&O$7{iMVAAfDC zYfs@2I}rFdh8E0UFqOV8bB{jj14OvEBwn53%B+p{x^^_JH=|M`)Y+;koH1|q;kI_NYfaG4XF*H6O5=32ei^*)gNoZ!#W8p=XE8F&O2y)&Uw zV2(*?E2*n|ViN?%7he4Xi~}1;H^+?<$%r=n1;bAhctbIOoKNjA@*aft7F8o8pVWZlDi5`6J(aXqMDAWJFvnq!U1qT|Lv3;haLYr>*W&OScL& zf@;{Lj1%69JYPdv%M_JX<37wUayZ{p1P$d_z6{D_;F&_X6D)&oBs0kR^B{{9eO7UW ztmO(KlqFC~s4Z>MSW|Q<&Jg<3V#yRP)ntaVJj+ApTQg(V0q|gL%4+h4VSYa5@v%aQ zyGYJIF|f2QWYpm4D~ONtw09%ZlOYxJ>6%WuJ;G*j$3bvE(kp|6-LVboIZn}yNS8Kf z9nc+EDZuRn6^X2iR;-2QGW$}$Jzf?zIP^uBzfv^p`Oo)!-CCLn7UR3QoQ4<_9kgeT z3zbjV)QT4M>;OyZs~PI5c|TBk2k`o(>^=#Q=O6IJKgA2o_#qXg^3v|c&R1hz8z|b@ z3{`LsRXsL+o~nm+YHhHOf zAXuKwKHPhUiB`+eB)a^(4;Ya0c~lngU|rT4_yV;62{KlzA(7q_xsCRgt{cT$f7Stt zVEzt?ke}GuOMkzob6zn*CH$5-r7!c3M=gX=krLCGpVqR>24AOC!oMHU_#OXj-BZSM z?^5#$bUaL>VeOp8V|O$?M#fdK$c1X5qOd3$>xsCu<~)q<3W~0Df!sMs#zEkEbFcuT z6PM$qx^D+g})6J~h15mXogxZST9f05`mt35Z)<+$XhDl}ttQ>v$XYtP9eWk)AY zTABUrkudFJyO)J*#g8|*Bdkfwe=V!T-uyQw`m*-oNd3~yjZwF^7ly;8aFwKNl{MY_ zGV6hY!y4A>%K6=L+zfh^{D18S9dhJDJJKt`m@zvpY;=pHii}$UovQHJj|2LI?0EAK z)ifUrjDfKA7+|2w6ygz?h}P*Z3@I(ikGuwA;_SM=3teg3!=+JqciU*7;py36GYqj( zVt-|y&`P3>uwpjodEGXX?k(ilLr3TG)sU)NmJ-+XJq$9$)Dcv`RstvGvBLH3!a}fFxw8uEK0` zSmQ=<*6#EXe`ZtJ5qU1O=>szh$3zlQ$QgAVVXkhE8*NML-+i|6@JB*{#xFY)^1L(6 zcO%%%ohMQ!7b+EsVxJbi7u~B&URJBV>$OiYj+GtIrJrSrqt)hAIhv7r{C2>H{-W~m zBc?U|fPAGk{w)WWp8)sPytGQgfGvVpMdR6q*odLS&q$Unmln4zuKWlR=+*5u)Rt2# zI~zOwKf5x~o?i-)Lln8yAQpqT%?c<^^}ny9C!F0)>k-9lkq9u;Wo_Vp#;OqDwT{A= zY<-ixvrQI6P^_|NLe6%;^_BwkTLG-ZREElt$e5$MpITvw*MR6gk|(oSU~rN8IZEn^ zz9KoGTIXM{^LjtJm?9|v4pZAMhkzwX4RFe=w7h!s>^s0 z`|)mpR({`Hv-h3Vd>cMt)O}vcLaaJ`qH{LPHs$Q6K29w%M{fOL6 zNtG?!u8;2ZW9xH^oxb5D?#E+*joBopXU^6bF1BWxK@;Jsq=o3#HnSm|qH;Lu@H3vW zdrwU=ssq;p=+1PhThaoFO375?>RrJ;ClwFJ=eQ`;n9NmH-waU1pb+7|;POJN6@P|9 z)o5D|3d?Ew0XD4m)zd5*yF;BFmCov%{NrnjlN8)GKoNis3VQ zj6`TEhKE?6dApK<>8ji$W8c}YkQ53hOvC>|`yO7zX(`rb7@bR8%PK4^@JOiV}Yh z*C>87wiMmtdLaEw8#M^+rqkT2-Ux^eswX>Sd!Az$1~3n>Ib2od^m;@3AHan8=rnjm z7o!))CC`w8tG3W@nv>p}L*rvS3J{@meR@Q#-^J@I6mzPs-&7LKj&mvf(_+wpT$HwE zf#274f(QL-pXs|%M|)v>ZdpdOc3&fDWm0kctX`ni_V+6$>i;Bh1uX(N=EPN`JXbvy;3MS#HiMK*5L~rEk1n5{+T_I<9k1r>s z5ZF0IQCk0;g3#sCwZal_yad)}TlH}WHa`db1`HJKLdJ&w2Ph&u+>|M47lnM@93Q;- z*APH+lS=hwy`s#r{gz}eRAMlB8F)}R=8MFs?6f-5%<>`h!aE3_fkLhf!n*!QH_Hn` zzc(TZ-1-kUGou{zxFZZYb;~B_L^ZC|>?a3se{uvuIZ4?{vO|*RaBi50z``ewe{4)z zkA^tgz$DZW)g-f+7q!U!H{p_8=iV#t&|Qq*fo|iGennrrGFa);|LHDWIN3aQqaRfW zeG1YGD4O!ibLEI`k9%oKccqA=i|%T)SfFgv?E>8b9_v}(6$K9G7g05|oYn6-5c%}UT9&6!L1HXJ)Fq4W3aehK&vWVfu= z{OeF(bk+_WvR?;e@ngqC-set!5fY6|A1EQ7>104__ixN$Vmef%iv(v#-ncdz6o7Dl zRB&ZaOW7lBB@#o|HOv`s9P9UrT$)qoM$os^&xDuds2Kf!IhS=W_89)yIKYUuraf+WWH3fI;TNRe8y08ot&VtZCxpfl!BfFtq9@jqU}2ulVZEf@Q>uH+&BTTKTn$9=51c)# zO-#VmrLSQk8$R?oZW;o-%d>7?UqLxk1+lN|dstQLe<`pOi7hS@Dk!NT+ACn!xtKxU zhyNkgs1qo@o4Eo5Vz;Rku>}g_(L(fsRQCJMCbmI2Z*Bd3<$3G$oH&oI$1;k`X#OZc zW}WMZEW7}(XU8T}QaK<|v(|r5e2hQUkPt?-(08zrv!tQykjhImHQn4u0(!0$AsC`|&e0Ni$ z80F1yK+#3WCSRKPDO#J)U|*NKXzu*rP+$Fm_VWf60bW)& zig{wt=(I4L>%W!n`?n@o?Mpq}%@jE_3C&B>c?`G$ z$-F2^IE+EjvoIGeK}^OC)n>|N!!?bOK2N`5%91=8kEVdWO70tFA$A*MJ&uIuO{@q$5n_>eqO@pv~B;{Blq{j(AC+ z)SDq-QE+(HEG1ZAQV@Mas7DgF2PqcP-V!j6<*F{PkOFxpA?_SY{(aU*31G6cQ!;vW zR6?U4kA|3RReElPQ&SS<&X9k$yy&USYef`cvmy?>BDOho%#}xrd}1vyFZw}_gRq)Q z@bFS3qcmi@kzC89ReZ(`e1D5ByoFAWW~)2iz`lJ@at1<>PEldu#||q+LfndFhNBSi zd_d{K+E?LwMR@xdQe)~T3ut_v1`CK+?M@#U`bxTU^m`w~b(59U<3su*5PhR!ibT-G`)% z9Doclk;JuwLZGR6J^bDlM#qL5yOSo;QdP#%Tp-r6=a{M5!yCTt)FrIVRymTh*?pT3 zMTDxNJbWJVny_45peKyhJLZQsO6gkROa3wzw<0dKu{z*8#_75m>XKW1?_|#Xt9N0T zFI_L9(&1@LWP?8BxZ-Gg9(~?U zJ2G+xgV+XOou+q30ny0a+Ip(3By@2qXjaX@27d{3e$EMt`zJPzyc$98rnBRbIf$|+QT@n9G(}QA&me2o(VKr8qYuP(nH!r1eI#H$K3H=8G z@%CLJWXOuSt&encx^;oqdx)XFt_He}v$Y6iXO6Cb0(Rm5(sAn~ofWxxUy5rmb5m2V zS>YYS>y>1b7HR+(wB;EA!~N>avs&xpyD1kRol6Ukp6C~f{-Yv{eI=;-^DII=R|@y{ zkdLs^q5EP)Z%k=xwA~=chPLFScdP~&&W8cSN7gQW_CUAoWloXXd4i8iyuobSW#1o; zvk&#n-S=w+vO45)z=*-IoniJGp%xtlpKZ~vg`9a?2ULukpJ5#(wuwpS8?)2qf=QrI z&K@gJpUzoHo0cHU$($Sj-U=R7CuWrm`{L%J^$kP4|BbV{`3Vz;FucMgSnwg$*4jQ^ zw@gbkCxAM&!hRA6p|zQ78{&r}^2de}a+gPi_Q08Hw`a~NZ-NQuRO+cAC%on;_(h%N zhm!@j@UiQ^!XPR`n9I9AS;`l8KfEGUBOm8{VfxHrjR+F^Ay%NlBkq7ec?fH;nb+S- z)t&9(OxHQyH)q}+gBuSb$&SY_vmjI-!koZcn8X91)|x?g{lAO){lUS!h$Wu@E{q1K zadOypf8dCPZR9MD280kz1{YbwW_;2~q*-Y{F?-93^wp#LBn>V&Boz-#S^%MqCN2TG zlR-2Z79S2hZ+A|iJP~B;HMr=XElC%4_s)E{tE#bHBE%~-PA1am74__xNONClH!5yA zIgrj1l$rEFE>i-KQ)6sK&Vq zud|WJ(RXxG_sM9OR{lzO#C-W#9vsC`!BzTQ?ol0mbe9#|%}&2a!4B!bghGe}P&2u< zpwfErJf^IACriYA(X!7#I4Mm?6ydk#v6Y7Jw5N@*qsSX!4|7b9Y&GlL+eUq`z@pFp z;`6eCsf$SnIl&F9_XP*9B$<19Xmp#xC4Rua1S@P|vo(p->=~30JcNVCF0_G@O6uCk z?L~{b`Zj55M~etJaqb&1eo3vIz>mOXUo2ZO_R}h^4y$~yKIFgksz>4omoG`{cu~Ur z3}eQoY*DmgyiS? zsXupe^C6j*B}Wfp+kL-)0tMfG{@f^>28v@=?IwC+s5~v@bAe?3g8Kz0=>T&8mpped zRg?j8IU1zV227yma*_VUXBJ0b!d|LnB<$v^_vhK@=yPz%dF{tu$&3S%yr3!IVALrk zlQ`96l~-;DwNpr%C|S&DQ0V7>(xX+Dsk2p207ImTWkXo>uLoYXsxfZoWQ5(cnO(0l z+8Y>9kF~efcmG*pYsj@3;Eh!M4@~2~jl$3NWD*~dY_b@Uv4lpOG(Tt|n~zH6j{C1Z z;F|rUh>`PZyu$2BTkig0GDo?Q$*OS6^-OIDQW-?90q9CFbu{}T>%kM22G7S4*cy1* z#VL>?BxFj1EK?!OATA=Kwoyl(%RK?)NzI)Pyz9U)^eDZHQFd*#p`;fi*BC+HsYqv4 zgM%m^ml0fD)m(3ti^DZP7+4{;RO8CEF%Nmqp}9Nt-niz-?n>&xltnu~jWix;HaWJC zMKArv0v9^%B8)A;^AYp#Ww4dsDpc5>AaBA&?4j%rYokH59a=JqS5M2OlZe_8z6^HX zj(cRtcO#+)oSy{YE;XCd!^0$nxhK)+((~i+sJ)t!N6=-f!m+)dBQFeEr`l|=FTO8~ zdlC^{pU22QQv(`fJ$R##MYyfT6UHt6)bYK*(<(JtOaX8vSaz$->l?$?8={LeX9(l# zQ>fYOZnf%gvA|lfCpzpj%F=$S^$Yfn>+NyCNjj;KF$EtVwvs{{y?nCVc_#`EbfhD` z<_rCIiX6q#&DUG;;}J9C22@x|jf%tbtotX-#tJj3`-67BPMYB;AgfNT@*vRPzk_-9 zbGiNof*h2)+{WYFpidC@VwUHD%-4}fL&00ckPmIaf67jC=*54M6GEc5Zbp6(UBrX# z6Oih9oEa^1Ms@y-ZWIKi<46pZho{W-5SnUOF*54R`gKkCSu z13S&p=3fK^KZfrokX&_U zd;7*?Wbd}A6vtqZfGvBpL=i5qS5%WH;+G{Ok|?|-{4hIq7bTyT-jRnTR3NAg+$suv z$eJ#{z^n^~=JC8@$p&4Wb$OY3V3BhThp=3Nrxpe{uJh13yd^u!R|PNlrZ}1~C4kA} zp52nIyUUKQ-8!XaFiUw5+0Z@!g8h^BspDvC7t?>IL$90xM{TB42dOgC8X^56D7(tzJx4O02V=4QI^roo+p3(e8;E{v$9|I z$`i<_btcDLWcurTF-NAV=517){6?Scu_3-$OGGL^-FGzq&FKaoppDsRt0@;O ziMt5$LAoHe*Txj~OGwKCTxW;(gc-Rq-VcMFH8c2gNEu@aW1~4q?oYKAEt_BzP$imi zd}RSV1OxdCP$3esT+o?XU+|z6HYLUGB&$HQ6=%HrwV{l7X$!PU3D4mV zNT3q1KD%Z9!N#2@wTXBGEBF7kMwo|bg7pVzUGdrajmw#Qxxdf>|&y0=;2cgd*f5jLg7F?MAs!ph9nETLv%bJ%fA-@ z9nEav<%>NI|An_5U7Ng2u{5GE3DyAU9#=a5l&OM7E6yT&|8*mOX6aWxnQ~Ma2^ZZC zW*hOc>!5el1W*5dPQc{2U3JNpCK7VX?cg4w*2yuZunzbgR5#pC{|%OpBo zU*^YWe(ys*P-9l5b(^sFSRb>YkFxXBd0$>|lMc>gp_4ZMFyjUe{mbhU6hE=DV-kl4 zJRGR{wt}hv1oLIB!hxt>v@K1w3G*rKHYX^6oX+4jMqDfvfAqG4?(TPMA82t+ z-y0TlXAO*vbg8~VsST^>#u>3*837sXK6v3&$@v{oANTZlQ3k@l4=v%D#W@IRj#L&E z09|3o?_5dFci(v9%eNM+hNl>WPp{a6O5{2QBzNdB&d01j43?|{! zk;Z`G<850c0YJ*u7s8;ibk8fIDnRc~@Mvn*-9Wl<>XmX^0d;q6TD{`Rl0r}SyF0bG zE*Q8BzGL!K>76S5*zJOIt`7>9JuCFy?CiG3tztZ_mI*ZDjXl|wK~=grn39Bc5t zFZugHhKT)hI?VX|6P_?ddtanR&^ZgSxMp|ReaoEz0t-uKUY+krcIORA8$x@0WJw!_ zMaB1tUpMeFrPk=oLK#Ht;9Lw=$8DgoHe@s&cRORoK(z*<8NNgT4b71_te5C9wp`jHdfDtk6Yw_3IebHkpjYXTti;e|IjpiYCc$S zB3m+YwwCB%HbItMMNIWiaxji5fLja9f_YP`6d=G_y;HBfE3wC+P`-4=Wqa~Xqy~Ov zmv4wkqSUtAeiL?6T#Lt_%*l94|3WfmBWCrp2#bDW81@kMI{AmbdEE*6QU@TQx zF)(J-E2`MkZAg)>h21i@>q=H4;agVkx4Iy;ZjSK7j~vnr_+y(K%30n}kKe6c4^t9v zuGu5L<-^ZOIFSqqc}SVN{#Af6ct?v>UVEi2UN;TEFl`c4 z5xAe5&l}Okz1trM4Y;vmNm}!iC!})%i=D}xXj%KD4qh? z4<*k{qbY-xkv)HeN@XNXvUF^WroaekvLK2!Dr?K&?Bv~Q{L?C?!8h(iYgiWE1Iw}E z)kX2h)@Elp>Spv1PVb_MNcAWf!t3w>QZS$yhM`t7X_t=m9ESr8;J=!6xqi}jx=GbE z|NUagQ>HS?w9cQcjj(DS2TORr_SI0kxhcB{J~?=X+(AoNnn7reCDC{bE?-4W>mxq{ zAE6-1%`tvGgvG>l@}doNvXH<_H*1RFM>m{akW731e#1hMM8r(;VNJjS za|~0t30eu6B$6A30hm;~urC2l5R6OK?}9N{Xx;OzddV5`!nm`E9xb4$b98vy-+Q0M z7}zdZz^rP7MNWko%U=THf>uOZ9HcYYQ^@K2Z69nTc%-24O-&Rg_$4un4W+_298%6? zb~##VhF(6lI1LgIrYaVyKNz)AcLBAG#}*q1nVo~~q4AHr1e1t#He)jljwXQ{9eiQH z3WEH+gycT;#yso~8SK!rQ$YIR4-;(ubb>VsB>;Y7N zV;PQP(SEoe(I>6agIA`6cZVw}Rtlgqz~yMP+*YTH8xyOseYIF*Up-MLHbK}jirM6L z8E5N0f=yv=)g$^-d76=dS(dDcc;hoR z!Q-~`2vVWI-O&{rD5#s;OQM*|m6`1RmGKkv}f5#5lu-C5DH zlt+l7C?t91z!NV*88#61;3ZEHxdv`u%+s3v6W5vyn;x7~_`iLaW69S@p$Y!A*oSt4 ztx^jCIuvq5XY_7Da0U8K6)J)8kW=ce6Ur*DIXipl$V+>jW#CDmPm=qK=HWuvQKz`V zscUwa;1Mg)h8kLj&+b5Xh$#MQyYo9CWgxIEL$^7*FF^9OZ<08=FB)h3+#eGj9$` z2`7^RF8yM2>bvlVx$P??@<-E}&GwgNC)PMul11dl+tuI-%H}{0Q4JG0g~C8N4n5sM zZ8+Vy2TjqN6<%B-_eEp@C!d%}iU@oM=CBg3XXseR3pEW@RPR0bdmjz#n-?ZZboE>o z6Ce-=f6Qw44_-tNr*-1lLh9q*u z2VXh|an}6@5++r*%1sap|>s0bt1z?_zz6fU$>0-k&;Ppla zq{iou*CV{vj%|Bb>=rg2?m|8({p9825?~65Og_T9%Gi8h)iNvO;_;pWvT9PRU$zu& z-GYChCqW{fuLJ)cGxi7{{4x9M@31qAm=Os1_PE9?_uuietPGmVvcazr2UlmV%{PB) zeYC4OUG}E;-#Wuh5p?;&*>r{`<{(u}WFJFiH+~=O_^t*ZCU4TW8+D(RHD0*Q{LA~a zh>kcLN8;t>QxSYomIt#ziKB4Chf3V3yb`=Rf%*$@%xi<38OPF2**a!RwC34)0nMW{aL&5Jk$6c>=0^L4Z*YoF0nN8R|i zg3X3!Tsd>b+beA*qXLs7NTKRkMcJlTcy=^D+>ksYOwwmLT6k$E?c$S=;=uQrRzlVB zN~XwJM*F2pzBtzB|6Id4dKS)4;vuL<%iS%b@DM6BoQN|T3y z=PUnvY4%BIpuZzd@y^iSW&WVn^vdpfM<#}J5&VS7PW;Do z|1fvKko%$_1>R7Emm|94{cJ1}t4V)t1y;961Km@B!%#>XNg@WvS5rDm=PqGT0(VG$ zK99YoRr4>%7};O8O$>^%m`iosC6^1(>~(zB_G$a{g7b>eA^6IORoZLK z`0+toT#NEe)4$Be?##GjA$9wn!ndgi8xLC|!T=x@-K#+k25qi*+e}WcQP=#twx<`@7v?ic=d}s0z3`CT47*O33f2hOZgYfjBOo+ z0Ozj&lw%l%iKQ0Gxj6I@46{j_tS;;ZE2n;2*h9HM#GPz>!#oP3;Q7{ok{gWp?{f|2 zlv-VtwQ~T&Y&Y@sfiJ&Mep{J2H2JU@IC^Pango+v_10L-E7r}Yj^@PtcGj|zLU z>HsI^5d(m-CYmw` zAU~kIODg?dBKi?3S%sj-7(}x-*P@xY@`SXaeG9cE#e&{)Sn@~XBH+x~`u^a$7lDW> zSvb|=r=FAt3_KwjmESSnV(i*C{JGM+n03xTV^zfG%5hTEzP-MM<3ygBp$8}P?{B^Q zKud-g&|62h|Ll^7r^~z?KuQd>810^eJvA^^mXO{pwY5O-3}{1 zE~q{g7S(gs(|U5`;uKWseLQ2TUM`ofh^p*!-Eq^#66$?&u;F)W%W^+|jeqvzf*imt z04)MWp0LANNp|sXE+DSA!Lt77JyOv*rLh-f-xj-`8nC>1yT zlWx13@n<$LA1TUau<0WpP5x4Y^)!^h*PdUkV+MJ1g02peU&5MnHxRS6^3G9uXSBk( zcUPAr*BCZXe~S#L-&JS&Duk8!bn$x$Ug9Z($lz_)yc_6#EI3!wro9prKq1(sZ)2hs z`;3Rn#-{-yx~?%D@f}HWWZUmDYn{tr60CYZL_$VLQq}P1#Bz33lE&`_8j}I?d3BB~ zH80bMM}5EcR|-AW$=OXgqvXjL)MfD`>2t?i&&*r#)px<&%BTyhDLKLrK^E}Zknz5- zbdL{XmIYLG4MkkYuYi=b&)u}w8iz7!UUD?N&BI70zA^pe0DuC9MyMdKO#L@A`B2I1 z)#D;l*5h6M5=!*lowYc><6O9_o7bcGq}a<_u1MV3oiDO4fK2k$Ya%$kVd`MmtO)$M zv=~43*!{`WVSY+yE+KL~u{M2@J}!tY@J_!Sg9|wi0Ka$d&?gmYSGlFvrlCgopa4#} zG%AeChdI|DjhXN1GN3wnFC^u)kc19Nz`WBB^Dt#3K(O0u#ydhHq49535lhW;4YiA6 zd-+?!!ge}&HNDI)8PqpVhO_@K6I)}5kqid1(*GrsIRlIGHc>#PJ^+6SE(`QZkkNcZ6Yym20Te3S} zc77}X$_K`H1OKI|0de8Du$Ef(&8B?%EfgYy88>U`1F6{OBs&RPfL-^*_o&7l}w(ivo}0m`Dbj$eDh(!+Ty4W&4D@m zJ)y=>**L+(xyoWuy7%9PnhIfsj8pIU`6RE?ZeEbyd^4}B7OJ_tTI@g4o<}XPSv`VC>^QZrmv$5QX5XE zHUDewxva_ezzkEB3(WIYc?d>`PBosz9-CiHTt~H=Fjjq+YY>l`{wi@%_Q-$p7k(;o zRkA$P+s7GpCp?Vtw-0^Iixx@@c&}FmJ)=LL!gq(h;KYJQaXhxXLoqA$a@@L) z@})UHLam-|+=}1!?T-m{7~a#Els=UX9j4x(ed07T*H+Zj;nDMZl*rnpMH@1ye_lVE zV3{n#u%$5VVOh874BsJ+;M%P9)Ls)J89K*g&#uGa3^4lC`u@!nv z18wWEo!)K9W>U|1xM@eE-J3t_tDHDefoH`iOm4`(Rg@m%W_6G%QAHrsl2*0|TfT;n zg$yHnt-4ejy*x5Q$H1W)fB8m-jE_(iWEjmwb@vk&S$C${*v%B)kX#Y}#@BC23~=1@KZRn-7W#vv@ix$qOY2Gvbs(5!hDUCV3$zD_v&(t3S7t> z&&{KgCoK588*NC^Xvq%r?Y*k8?bxk<>5K0)$l%eudLS#b&?LenmuUToP>(rZ52bTO zbh1Lx1wp6I%`0-)nLzI-+t}w6^Ru8KrR+|CIyGtNVvqSB=s9hJZTjJ-KVi39KMtdN zt^;k@A>_U;K?zlW*U0A>=uqshbiYUGA)@Tw_UG-AE&pat&?Crj!(Li(f8Sm(48L8N z9KUVjwiaji+fq&!SUR14i!(9==e@HB#n6v3b#NuOGy~a!bZ{e!OA0TtP``Ht(Cr#{ zVPM_oCAJ5fe$rUabL+MmA8{G}G4@}E8eM9YeM1Hlt<5;9#ZEUL+GS$jU&7Nos?n#) z4Jl6KQ8mDO1PdNoAv*Z1<`h<9@`kW_Z;+<&&XYE#MWbS4B=he9w}DlI=E&f&xTxou3(Z24C_9bVD7ZK`?)RUvOMoqD-EA0*UQ zbWyga6)2X4z@Ze~tC}-(7CcwIqmsl-=~=ye6i>UVnVUpqSRz1UwDmjRW}y z-D=l0m9C!Cbb#s#ZYf_xKXwV2KdC4OrCBV2p5qY!sgq|UUxLYsXe0|@XIj09HQzfs zm#Yhp|9s6e171IrDW|;wzJvL{u}wc8w<2XT8Bo5F15)^*D55Q92G>u^e(2AfRD9x_%BH-Dq(MC1NV1e9! z%DxOrnH%aXC;r9Z9U`#QzstMQUj@LnEW$;6lB~M1rBTvExTF`wb|jGnCo<~Nez1KV zEdBn&->xBnnH<)fCc2I zLHOdz4;HSMVq(V}sF%pRq^JkM?+}zfwqG13Z;0_1|B-ZNO|-WCOJfxwjJk7Pwa5~p zU2OwFFO{m5Y+_tJN6R(t(Wnl}6nP2;*J~WVQwuZiZf;`v@4vGX!G*0a@Bl^zhe*G? z6*#nT4g8g@iR5p1??d9%_NGF~Eq2j{_#nxY1&dS-eTF{IzG0-2J&g&S*xTYwbDCzR%hguTN^D!d;(ezMDV{3r(ka&GVR@)u7f~B*f zZuB2NgQ|x@vPhaTMJLPN4ez=dA|52bf^YyT29!1Q+VnB+ZI0B_xgGjBV-f9hSG@%( zn6{(F4Gr$Zg0G@&;z7Xxa=*H>1$r+9BxP1F0yyr`9=Ww%iR%iiIhgZ>2Xgw0*=p6A!HxE*!7{_l%zGEKh?YOsULqXqG*m?DF3kY@@EiHhaZW zzBtJ7n{Gg8{#UBRamnp(pVk7JiYk7##*iUU>iW#9_o9ypD51$3R^^S(Sm{vu;6i+q zHy{MaXHh7iaq6tU&bc7O<(Y$9=#V=<_i!_<;8l6k5JF5w#(=&%}d=pd$vP}Zrj%&@>-GTu@-<`y+Xogl{AGsg@81H0LHl22v@E( zc21>lau6tPr5kz<8Z@(}R`Y?;o-=x$oS|-$H4a>7vaP#6Vy;OppFB-NosW?gmVEfl_L8<-%9)|i zJHl8kZH_q7Jssj*@J4a5M;gMSm#zrVSt?T8P(}#6|G{D+n&0q3ctEWBhL{r%;hgg=JOJ}ALrtMDea}9J++l&8UPA=Ed$#K{x ztCBu7m%(yJd*|xwl4f~0k}~~8!*)s32L9=Ch}@8P34IUjSbvQ4S*Bt&6SFmihLaP}Fhg(Fr2!8s^F;@SPvMcdl^Z1%Ej+90^_) z?@Or&Om{i9suO8g2|N5the)ZVPukoB`sqyV|l4Fw1#>VKnaDAqrI7t)194=pl*I7WWj$ zK9aUBy5*1GSATWjB_<@5D>iUW9*s$=rxUaVg6S*?GGd^sxs&}b*n*)Jsf{XfH1h~a zWIHw%^Dx)?l0F_vJI1R?S|jM1a5iq@ZOkA<9TA( zd5n3TF8WOw^;MJw;)LjDCkp@3f|4=OPPD1TL7A&<4vcqfy)>cH?&&sCCGnLRwmzUn z!6+?2f`VQeBf2yveaes(-1wvg8yZsRf$7#_bY1@FlUBcwnn{D%xTR1&z3ouByz;t) zJO0Q8t-dlvN*W6Izk26eInqtBO+<(xP=iE+F>Dz5b(shxX*vH_R^)CtJ!XrgAc(_) zG^ONQ!kh}^Escgyyqa(gG={Wcx#b=+m^!#0U-|7AbYHlqxZwh``%sfVCg`Zs4yMG5 z$SH;&4-H=2}Sq4FGSAqNlT!o=G_Y5p92PjlzNt`G6y9i7CUJqnB<%;04@&~AMG4`vT$ z;(|{^db50mO%IoG!>>?sZ+Ti75B;FlFX#UveAvOa8x4&x-IiIsV|UiasXRpCf(`s^(c{+_h1 zgQhZ#I%-PaP}y`*ZdFwaWmpr&YVdZ^?r#G(?8~lioTANUkejVnKVV$C;ZihUWMlD- z^u7Gg#LPZON8+5?U{g7zH{4f7{5WNaLwcE45W0t9TwDL$$K@Rj4tc9Y;;Gg z&132Dm}Wjvj;Aq-T9uxrv{ee(tr|Q0Dh&$hV4S7B&{E4pZK3evv3r^~SQM6|+aHi* z%vnoM0T0Gh!HASR^I6{Lx)G%}Qs82?WS5MNH}Pf*BeP!vvyxFgmTb=>tYlph=Q?&l zZU?SDFZVecJN-Twmsn6i4$ThjfHJfvgdj5C8Z=!sXduZ&Ii=n(HSPgDYbwI|?~2Lw z{GAc`c9`*k09U$WW_Z@i!w zgmQh}$pp0CJj1uCk~NA*0u2s?Xl}KG7&i!KG>^*jT^qEi^!i{X%QTQetI&O5^;ms* zaD?FkcY`}E-Dct8I2G*dbxf#dD?*pebWpU5hJ><4gk8NFFX_(6_G?-Ks@pnVI^~(3 zP!Be(&Q7kmYP1LL-7ayHcin~aUM}sXr2_Pq$441$MScc8{k&7U!xKX{&Ev%| zbk}B5ccyAySDb%qAo#~jXFBf-_ixgmtdmK;bFM441c}yrXQyOOxYfi8#tvAYFr5W6sL^EKA7dp!2 zX{azd{xo-pav~B;3vg>oKT)Q$8X<^AMg? zUgKT5#q^Py+yA8c#~uNh3&dlkE@rj^O5|||!+*oUUUtW3b5E4Gp>ZAF&4Pv-C{RQr_M}fv$B!Bv z&0%p;DpK%7GqC({S4y>VW}!sGAsRYdoi+d&@!xymdpp<7w){#yFsu}a`ed~=VBT;j zX|`U#DCA=@ChP198>e!$9T_n{qEs9VC$5GOHkS9mGW29y$Cm5MQ$9vy``(AZJ(~Kw{bc5ZqWLhNKS9JLGdwwF#ev}KBU7b zebv=Ior8IlTa^DXyX|au^pT<1eB%~457g`cVN;S~LFzbSr9JT#9w#tDkcCxdh#y(F zYRw2K&2X{XZ%HhdRaIyv!>a=;>`Wiwy^NR6X1B76c37w-rn@Uj$BFTfxmXm56K(of z+D6_JYj`Yf&DemBXKKijU;d&R8d}*HwnL7-%&>BcI_scR_<|6<<<~C#@w;_Jg#Z=Y z$?4|`B^bOHuE?xO5)gBBe}8d2GQW7n=Dq^>9s6y*>xDg-_`XDV5QT6nsGD)Y@F2FF zp3;C@JQ!*3KhkJ^A)7ylnyLq@!Bezs7!U$JYqZHnMJ;ev3NW4v4Z~xzZB@PW!mr@K z7$I4CeX2~&p1_=LMESPmboOM-d*ILFe`G_TXVWTN!N@dP{+Qgbuz9pc))$F0Ez;Ss z{9@vaEl}<`qVTR@WhJxij%{51$Lr1e@~%e< z%K1iz_}cX!zG);}`yFcNSIl*y`6aKq{T zy8Wusb7t;v7Qk%o=XOh^iZB@$IM6ME%5cQvNn<%)wI7^`iW6I)!EyJOf-0&k8aHU> zy2f~6zWpZXpHYG7oN~(*R8Ah&;PRJ60t_f$iiB0nVLqpOpz|^6Cern&hg&AW98ed-V{+X!Nha?)uIqoV*`(ihWN1aw&H#B zkgm^2ph(JLm?f3&S=brSV#wKuQW#QanY^06jgyWcMf-alyYN1c@zyH>C!59#k!_;E z=POZgp4QVaqT8pzueZP#!cdWa_nOyu``fvzom%sAnk8}NuaCVLhy~6K{BkYX2QMVw zw^Fe4ttI9Wh+Z^~Z*OV-K|jFN7MN{X<>!1H2(E{Wy$FPZVdK$jx6oG1%7tf;c$f`9 zDDHFSMWWvcZR4nBiK>Dwh}g=jnw$EImH2N5h0af#$wy-1OjjCd!7oondjAH;DXU!6 z3SYVX93z;Vh-e38jj#GnP;`}M-{bpXm=}@IpK=V2Y*|rK@&&X#ZA-#8A#=}NtZulF zdWaok9S*8T86wk@ba<=lqA+K2g`IS=Zm`%}3^LGpbNzR5bycKt;Lv^YAR`E872FOt z>`OC}K@$$cWb)&+Egcri%AtGT@yn+UN^LQ_5*KNo?6YAQB0QPnN7ef8Wq8U)ed z1Ee`X6o{qp?(YROHMfG#x7)cph}T5~kM)SD;?)A6~9U~O~u zUPvex2=SVx^8Le`Nt9*E$QOm`f3YO41wd)lItX9c1tcSA9csMZl0t2Y7*j8@dbA2W zGlo+x*O^Yft5|J%%u6D)*1&^{m5vF3FW)KgXe5NyNknZ@fa-s)&^!ZW8;d#i*w3vx zI2}1Y^@g6C)J+1TZpuPDJXcVqL1UrWGZxmPv#L^3Qr|XXkePDodL_Y~YulG%W(g#3 zwcUra$XZi+V5c^IQ0YXy$G6BEkm5oEsc>HV?hEfcKkfzwNC8VDLDp^N)}#YpfeK zGU_-jm`z7d;Lhm>(OKq|i!0KHnMa+QZvS}htrAgG%hw9g?hS4Ng0`Sj*+7SM5sljA zQIsU3<^u*z@Kw}CZEg^Id1<(#AyTQS9Q=88>vk|}?uKI33>k)j%`w~+zZ6FCuwXdz zCdFXX(x~DG9NKKmIPrgf+e6yq;dCf@s%qDR+BJEJBxkkHr`+X*q)s)Nelc*VFtP*0 zKE`3^Qqk?={eA*Fn!Y{CRGRjbFxbVgO=8?NAHd?72M^;>=er#!wsQYf#^$*#((MB= zu#cf(+eOTmSF3pKoHtBFwN%6vr(qUAELYLxF{2 z^ST#HPKMUd<^<8>bH`ygJzsQO=@_{jl2DPk_U~*GK6Z@8EsG6S*jXC4*SfGEfPz~^ z={T-8$uIYYBA~$=YcClHCH+^K8#YQ+DUA}y0;&qJJ7yiF*{idqjT0Cr62e}ZP$Xq3 zdK+^3Zi1QC0Y84k?N85CGk`xw6kbdk;B1w|v>jUqMK7jC_Y}kJpm_)OoQD zw=!r*BB+1p=E}R+N5VA4KLc69T)BEEPkmZXGnoLi_WxU`>j#rv0y*tM$t?{0{th@#&$`XM@ zUnw2(30}S$3v5ExNNt^Zy%|)k%ay*?=*UY5-(>8+mMqi_g{Sv z`XUCKWRSxbtMy62H7d+ep@O{3rAC+_Gvcmnal^0E1J{cQc<|A7lU*69II7 zy;AH^nzi{{!{#(*(O}?k1(A*VQ2^@tygRR@G$}m!DfwEI-kuVv+hvQ+BhoW>gxyX; zEdUO|^$R)s>i5THqOBYznJMRKA~`O+9||1`X|^M{Sl8RyD>hGe|6_{l<}Clu!>0(PIfFJ478gUC-2l8j-djwN!(I z*k13RaYhdLHXSykBmWt+v;z)%i_@|(0s<5jfPF=Fok?*j^iSR$HeVLIa1!Sm-EC72 zbqi2$kx6Mg=+Rg}uN@EuSCU{X=rzuC9=@Cq-|}79@|KA@YGw+Rl?XCvufiU^h+;U| zR)F2T^#%VIpT&G6?*fm4)-(;ySQ@;QfU3T{HWMH3iKwB&G5XneunpxK=)SaPdq# zps*-l_(Ea%`})8+Bpwi%u-czmK<4I)6i#JO!H|MW-?PQTGarHBgEaq3@b^5 zw}(z&%Sfln)kjzh{b)k9e;nV&{u*RqK3r+|rt7pOcL3Q87zbGJ063Wp6}=ajrk6VbHztvZ2ORwJ*;%Z7n!Tez zzKuS4A3=lTyQX9KJ>WbHx=*KjiH(b(Bw3#AMuk)L-|NhWb6_B)2+sWHxr8uPi232MfgLlCamONCcxE|1kvi^ zasm&m;W>o^G|!MRSUqI?EY}uU{ryIVp(EW%$sLDvo$9T}vi^*+K)>qxXZa)NcYD#P zL<@Yz8N&*Ed}8`VJbaw%5n*3uM0$B%omhTzQP1~o-k^OUfE;C#ANz7B{{u-4-5=+c}EiN(dzk#VLOvmtu>ic?5v9YQ=;V zlq#+8L$^c0zf_Q$y`a}7V*IGVi-2WgDv@;UqNM<(d4gqgyH2y4^t@B|Z7-5BkymXv zE-VU#uGuCltpT--rwIR}KdMo0dQ9c-90ve4@{tx|*ILz48;&naliMC{oYuFtm^|v) zxO3KX#?K$ejMP;fQGPm6eL%O;r8-9Q9!h3V#dIkZc+6wLPySmpE^T#X#-WAjVWfXx` zj9}ocjX}qHY)rX%FG(|^Lj_HCO6B`KU8kkN6}d_cUq_+}xhp$zaT-nYYqN%53QQ~U zN0IMO1u=}Sci9>{Nx2p!qL041igwQG*SOQAl=~0H7T@p$da(Hl<-*lsPmvTM+Yz|r z;YTDq4QXy!69g{_tCIQg;!6!{(qD(iGRvPX)Z8!AXDNOX(Q973S}IBB=g;U4bom1G z8PV^M_RoH`6OKWa@chp+++gvgAN59~og=1}g6B?5_-kZha23CRpy~GF$rOW#sg-Cq zv!ql3nWAva@0&@V4&aM>dqS%jz(x%41na>~Y7R>6jM$@UkHKKsA(n5xhndoyey6&q z>EIU#5rJ28}O(ilWq z`CD68y2Gon z1^+o%bwz6Ld)gVzOMN#i&~39jG0gt{0L>r@bEei zu4{5TX{9*MUiS+Y$KV#qete02GveJM&gTKcx-UB2ob)OKSkPvNGqI_8 z;}eo@5~!`druG_khGTxH`u0);M*%<0GhMyV_SIjsv3?bBn?p9+Cr49Pz@7B_1sZXu zEKb*t)0R#}`L|J8@T`X>Xe4lNWfd+gjnS(thTvGlkN^Kd&42f`sN7jnUxwkTY>`?) zuY6s&#c`qOLNX!5=sul7u@*p6GqipdIeyCzu1r+918t`&2{dDfBi*Wzyujzl8Znih z;|g5J;ztsH3qU1drxB_JeSxt)B9CAOchwX4(vkOt^*o=}f`xl`Ss&MYd=Lm4%c_i) zQ}JV@uR4eK7`rpX62jxA1gAAaC_Hq9c_II2`fCh?f@_A-BDdVh$x3%{7~FkYM2kp2 zz$#qf9Wm+h&mG;^7hp}X09a%l_pzX%gM#EE33Dh!z(*N{>Kc0ee({h4CV|)QQl9`o zR)Cz2p`l`cW=@!E4*OZ2kgd~HZ%d>t`t!Wc8rn|ywP`@IPe^nK^91F{EPoLfL~1v- zBpS(?%tjuS^>E3AejC$-DIEfSWjAxpRxlJzzYj6H&E+4l+>Sc)5A$H0 zl@dP)=LKcNJssqpb2b@ZTR1MDVQb5T>5#U?E(oz~JscM)k);gm2<}Ezx132tC8(&c zi_yzG#s3FQ|Cm5&2yojRCt54NfUay3$?1yBreTtQ-d?dba0c5xrcFDp>i`fO_pS|G zNUX7ctlUb&n02;l(Z@ZI4oh7gUy$rSsxLIEO=W5wE&r!$P6%q%y z&(cfeNRdlz^u~2*HuUtUg&u8GO}Uyw^37`!vHO9VyjP-OhHRyOBz4B|CH0`^w#Zlk z(~{ayc_CW=?8hHP4z%s2lPMiKJ(w?~|61@D^;YRMPmjRRgE!JtrMAL06OJ2f4d>-( z7CKJ?{n&{Gb@NaQ)wYR1K+QsLg4?3~kS@bJ^a{Agf%9(B6eQwTBZDGzCj^zUJLj!u zEc=BPNH$L4&}CyCnBzsXY{4J*X0|2bVL39GT|=t=Bjc2uv!F;bYcS-irK6Yl-GwXd zrqisYe%5cax4S?9nN@IVEP|`&r(3HwAIr+iJ)3|xWn?8O!OAW%1QWi|nnzbN!1WtD z;~6G|h8H~q7hFOThI7@dqfWy~jaQZ8j^+yo7z?*;lhuW{3En>#BEnoRY`AIa9wnkk z>j#f7o6M$XP54>hMYQ6D_iY}gm@H(=Ib?&_BNnq0YlG1?jA4=xrm(N-XD~heYf)MD zcb?btIJ-`Qlp;6xH9K_Hfv1m6HhgV3@q|sCd1*Z$y%}m?FMwyAz$zEZ(8!13j@*ac zp<_G`oXv;Ua$t1(ciOsgH#a{8p%p^fo#` z-M<#pR!S>;!bAmY!yk8ncSqatPQ{s{`vET>R@f>s?;M zifU|T^KE)!8nNQTjR%L&GiFU@5YTi4w=X3j`6LQzCsgwWcWPU_UR}tMS_(A{USu1A zqIn=}E2S@{!3ZQ+Np;+Zf9q ziY|{9A&&1Hc{N)2P&Rx3$RLy99MR=MaNdOk?;yQ8!J@tIIIyJOEmb?SApG=IVVnxh zcMXhb9*X(;muq+f1y@x0aMeRbE`N~-nsVAR%aU^+Z#A9>hk4^nlCw3kkTjA$J_RaZ zjU4#NtUfU~onTdb1cYx!DX^~IOYltWL$^$Bo(>4=d`WK3ip2*#sp^6Pl0@q8ukmb8 zzqUU!_fm@bl&?f=S*POKnz7tl`r@(WDadH74<^mT$TKAqyi6h>;=#Vz;YTVd)@lne z=9f|OCB2bZTHkO5H6!jU$_hAV)?2H6K6r56;L?pMYy#f>(V6?2EFoM}e@NHZ$^VAE zuB{t8c}0a#pe;}XBl2x zUI=fw?)fo!y(&~>1$wQ}>dM3P%5+MI{i&S`zbvE1HW!LPPV~eGf)!UgEhMH{0Wh!r zus`f))r{718TLgAHqFr&MPBMRa8-T8j-eNu$X{47op_FOPmrpbF=6x9u5(n_@$nrG zk4?nplMHWBBomp?^n!KLCT~0qKU%mz4wZd~p!ew<4QEP@!M^%FaOvLJ)kaXn%pTT3 zUmt}XR_R2=vlO@2x-Oa^pXCZ;^JorRt4k5eg(A*36Cd?=ePPyLbRU} diff --git a/playbooks/service/jenkins.yml b/playbooks/service/jenkins.yml new file mode 100644 index 00000000..c5cdb782 --- /dev/null +++ b/playbooks/service/jenkins.yml @@ -0,0 +1,7 @@ +--- +- hosts: jenkins + roles: + - { role: geerlingguy.pip, tags: "pip", become: true } + - { role: geerlingguy.ansible, tags: "ansible", become: true } + - { role: geerlingguy.java, tags: "java", become: true } + - { role: geerlingguy.jenkins, tags: "jenkins", become: true } diff --git a/roles/geerlingguy.java/.ansible-lint b/roles/geerlingguy.java/.ansible-lint new file mode 100644 index 00000000..acc82551 --- /dev/null +++ b/roles/geerlingguy.java/.ansible-lint @@ -0,0 +1,3 @@ +skip_list: + - 'yaml' + - 'role-name' diff --git a/roles/geerlingguy.java/.github/FUNDING.yml b/roles/geerlingguy.java/.github/FUNDING.yml new file mode 100644 index 00000000..96b49383 --- /dev/null +++ b/roles/geerlingguy.java/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.java/.github/stale.yml b/roles/geerlingguy.java/.github/stale.yml new file mode 100644 index 00000000..c7ff1275 --- /dev/null +++ b/roles/geerlingguy.java/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.java/.github/workflows/ci.yml b/roles/geerlingguy.java/.github/workflows/ci.yml new file mode 100644 index 00000000..20fedd09 --- /dev/null +++ b/roles/geerlingguy.java/.github/workflows/ci.yml @@ -0,0 +1,70 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "0 7 * * 2" + +defaults: + run: + working-directory: 'geerlingguy.java' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.java' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint + + - name: Lint code. + run: | + yamllint . + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - centos8 + - centos7 + - ubuntu2004 + - ubuntu1804 + - debian10 + - debian9 + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.java' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} diff --git a/roles/geerlingguy.java/.github/workflows/release.yml b/roles/geerlingguy.java/.github/workflows/release.yml new file mode 100644 index 00000000..1f2b08ff --- /dev/null +++ b/roles/geerlingguy.java/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.java' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.java' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.java/.gitignore b/roles/geerlingguy.java/.gitignore new file mode 100644 index 00000000..8840c8f0 --- /dev/null +++ b/roles/geerlingguy.java/.gitignore @@ -0,0 +1,5 @@ +*.retry +*/__pycache__ +*.pyc +.cache + diff --git a/roles/geerlingguy.java/.yamllint b/roles/geerlingguy.java/.yamllint new file mode 100644 index 00000000..f2033dd2 --- /dev/null +++ b/roles/geerlingguy.java/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 120 + level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/roles/geerlingguy.java/LICENSE b/roles/geerlingguy.java/LICENSE new file mode 100644 index 00000000..4275cf3c --- /dev/null +++ b/roles/geerlingguy.java/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.java/README.md b/roles/geerlingguy.java/README.md new file mode 100644 index 00000000..8a38f794 --- /dev/null +++ b/roles/geerlingguy.java/README.md @@ -0,0 +1,67 @@ +# Ansible Role: Java + +[![CI](https://github.com/geerlingguy/ansible-role-java/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-java/actions?query=workflow%3ACI) + +Installs Java for RedHat/CentOS and Debian/Ubuntu linux servers. + +## Requirements + +None. + +## Role Variables + +Available variables are listed below, along with default values: + + # The defaults provided by this role are specific to each distribution. + java_packages: + - java-1.8.0-openjdk + +Set the version/development kit of Java to install, along with any other necessary Java packages. Some other options include are included in the distribution-specific files in this role's 'defaults' folder. + + java_home: "" + +If set, the role will set the global environment variable `JAVA_HOME` to this value. + +## Dependencies + +None. + +## Example Playbook (using default package) + + - hosts: servers + roles: + - role: geerlingguy.java + become: yes + +## Example Playbook (install OpenJDK 8) + +For RHEL / CentOS: + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'RedHat'" + java_packages: + - java-1.8.0-openjdk + +For Ubuntu < 16.04: + + - hosts: server + tasks: + - name: installing repo for Java 8 in Ubuntu + apt_repository: repo='ppa:openjdk-r/ppa' + + - hosts: server + roles: + - role: geerlingguy.java + when: "ansible_os_family == 'Debian'" + java_packages: + - openjdk-8-jdk + +## License + +MIT / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.java/defaults/main.yml b/roles/geerlingguy.java/defaults/main.yml new file mode 100644 index 00000000..3f51462e --- /dev/null +++ b/roles/geerlingguy.java/defaults/main.yml @@ -0,0 +1,6 @@ +--- +# Set java_packages if you would like to use a different version than the +# default for the OS (see defaults per OS in `vars` directory). +# java_packages: [] + +java_home: "" diff --git a/roles/geerlingguy.java/meta/main.yml b/roles/geerlingguy.java/meta/main.yml new file mode 100644 index 00000000..fd4651f7 --- /dev/null +++ b/roles/geerlingguy.java/meta/main.yml @@ -0,0 +1,42 @@ +--- +dependencies: [] + +galaxy_info: + role_name: java + author: geerlingguy + description: Java for Linux + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 7 + - 8 + - name: Fedora + versions: + - all + - name: Debian + versions: + - wheezy + - jessie + - stretch + - buster + - name: Ubuntu + versions: + - precise + - trusty + - xenial + - bionic + - focal + - name: FreeBSD + versions: + - 10.2 + galaxy_tags: + - development + - system + - web + - java + - jdk + - openjdk + - oracle diff --git a/roles/geerlingguy.java/molecule/default/converge.yml b/roles/geerlingguy.java/molecule/default/converge.yml new file mode 100644 index 00000000..c99558da --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/converge.yml @@ -0,0 +1,13 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + + roles: + - role: geerlingguy.java diff --git a/roles/geerlingguy.java/molecule/default/molecule.yml b/roles/geerlingguy.java/molecule/default/molecule.yml new file mode 100644 index 00000000..74907107 --- /dev/null +++ b/roles/geerlingguy.java/molecule/default/molecule.yml @@ -0,0 +1,17 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.java/tasks/main.yml b/roles/geerlingguy.java/tasks/main.yml new file mode 100644 index 00000000..b2a6dedf --- /dev/null +++ b/roles/geerlingguy.java/tasks/main.yml @@ -0,0 +1,41 @@ +--- +- name: Include OS-specific variables for Fedora or FreeBSD. + include_vars: "{{ ansible_distribution }}.yml" + when: ansible_distribution == 'FreeBSD' or ansible_distribution == 'Fedora' + +- name: Include version-specific variables for CentOS/RHEL. + include_vars: "RedHat-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_distribution == 'CentOS' or + ansible_distribution == 'Red Hat Enterprise Linux' or + ansible_distribution == 'RedHat' + +- name: Include version-specific variables for Ubuntu. + include_vars: "{{ ansible_distribution }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_distribution == 'Ubuntu' + +- name: Include version-specific variables for Debian. + include_vars: "{{ ansible_distribution|title }}-{{ ansible_distribution_version.split('.')[0] }}.yml" + when: ansible_os_family == 'Debian' + +- name: Define java_packages. + set_fact: + java_packages: "{{ __java_packages | list }}" + when: java_packages is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +- include_tasks: setup-FreeBSD.yml + when: ansible_os_family == 'FreeBSD' + +# Environment setup. +- name: Set JAVA_HOME if configured. + template: + src: java_home.sh.j2 + dest: /etc/profile.d/java_home.sh + mode: 0644 + when: java_home is defined and java_home diff --git a/roles/geerlingguy.java/tasks/setup-Debian.yml b/roles/geerlingguy.java/tasks/setup-Debian.yml new file mode 100644 index 00000000..802c88c9 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-Debian.yml @@ -0,0 +1,16 @@ +--- +# See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863199 and +# https://github.com/geerlingguy/ansible-role-java/issues/64 +- name: Ensure 'man' directory exists. + file: # noqa 208 + path: /usr/share/man/man1 + state: directory + recurse: true + when: + - ansible_distribution == 'Ubuntu' + - ansible_distribution_major_version | int >= 18 + +- name: Ensure Java is installed. + apt: + name: "{{ java_packages }}" + state: present diff --git a/roles/geerlingguy.java/tasks/setup-FreeBSD.yml b/roles/geerlingguy.java/tasks/setup-FreeBSD.yml new file mode 100644 index 00000000..ba668728 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-FreeBSD.yml @@ -0,0 +1,11 @@ +--- +- name: Ensure Java is installed. + pkgng: + name: "{{ java_packages }}" + state: present + +- name: ensure proc is mounted + mount: name=/proc fstype=procfs src=proc opts=rw state=mounted + +- name: ensure fdesc is mounted + mount: name=/dev/fd fstype=fdescfs src=fdesc opts=rw state=mounted diff --git a/roles/geerlingguy.java/tasks/setup-RedHat.yml b/roles/geerlingguy.java/tasks/setup-RedHat.yml new file mode 100644 index 00000000..13069452 --- /dev/null +++ b/roles/geerlingguy.java/tasks/setup-RedHat.yml @@ -0,0 +1,5 @@ +--- +- name: Ensure Java is installed. + package: + name: "{{ java_packages }}" + state: present diff --git a/roles/geerlingguy.java/templates/java_home.sh.j2 b/roles/geerlingguy.java/templates/java_home.sh.j2 new file mode 100644 index 00000000..4859c4aa --- /dev/null +++ b/roles/geerlingguy.java/templates/java_home.sh.j2 @@ -0,0 +1 @@ +export JAVA_HOME={{ java_home }} diff --git a/roles/geerlingguy.java/vars/Debian-10.yml b/roles/geerlingguy.java/vars/Debian-10.yml new file mode 100644 index 00000000..bd058c22 --- /dev/null +++ b/roles/geerlingguy.java/vars/Debian-10.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-11-jdk +__java_packages: + - openjdk-11-jdk diff --git a/roles/geerlingguy.java/vars/Debian-8.yml b/roles/geerlingguy.java/vars/Debian-8.yml new file mode 100644 index 00000000..8d620e47 --- /dev/null +++ b/roles/geerlingguy.java/vars/Debian-8.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Debian-9.yml b/roles/geerlingguy.java/vars/Debian-9.yml new file mode 100644 index 00000000..17e49bf3 --- /dev/null +++ b/roles/geerlingguy.java/vars/Debian-9.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-8-jdk +__java_packages: + - openjdk-8-jdk diff --git a/roles/geerlingguy.java/vars/Fedora.yml b/roles/geerlingguy.java/vars/Fedora.yml new file mode 100644 index 00000000..47c5a018 --- /dev/null +++ b/roles/geerlingguy.java/vars/Fedora.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - java-1.8.0-openjdk +__java_packages: + - java-1.8.0-openjdk diff --git a/roles/geerlingguy.java/vars/FreeBSD.yml b/roles/geerlingguy.java/vars/FreeBSD.yml new file mode 100644 index 00000000..0d712eb4 --- /dev/null +++ b/roles/geerlingguy.java/vars/FreeBSD.yml @@ -0,0 +1,7 @@ +--- +# JDK version options for FreeBSD include: +# - openjdk +# - openjdk6 +# - openjdk8 +__java_packages: + - openjdk diff --git a/roles/geerlingguy.java/vars/RedHat-7.yml b/roles/geerlingguy.java/vars/RedHat-7.yml new file mode 100644 index 00000000..64db5790 --- /dev/null +++ b/roles/geerlingguy.java/vars/RedHat-7.yml @@ -0,0 +1,8 @@ +--- +# JDK version options include: +# - java +# - java-1.6.0-openjdk +# - java-1.7.0-openjdk +# - java-1.8.0-openjdk +__java_packages: + - java-1.8.0-openjdk diff --git a/roles/geerlingguy.java/vars/RedHat-8.yml b/roles/geerlingguy.java/vars/RedHat-8.yml new file mode 100644 index 00000000..d49b6f4d --- /dev/null +++ b/roles/geerlingguy.java/vars/RedHat-8.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java-1.8.0-openjdk +# - java-11-openjdk +# - java-latest-openjdk +__java_packages: + - java-11-openjdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-12.yml b/roles/geerlingguy.java/vars/Ubuntu-12.yml new file mode 100644 index 00000000..8d620e47 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-12.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-14.yml b/roles/geerlingguy.java/vars/Ubuntu-14.yml new file mode 100644 index 00000000..8d620e47 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-14.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-6-jdk +# - openjdk-7-jdk +__java_packages: + - openjdk-7-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-16.yml b/roles/geerlingguy.java/vars/Ubuntu-16.yml new file mode 100644 index 00000000..0a0bd820 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-16.yml @@ -0,0 +1,7 @@ +--- +# JDK version options include: +# - java +# - openjdk-8-jdk +# - openjdk-9-jdk +__java_packages: + - openjdk-8-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-18.yml b/roles/geerlingguy.java/vars/Ubuntu-18.yml new file mode 100644 index 00000000..bd058c22 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-18.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-11-jdk +__java_packages: + - openjdk-11-jdk diff --git a/roles/geerlingguy.java/vars/Ubuntu-20.yml b/roles/geerlingguy.java/vars/Ubuntu-20.yml new file mode 100644 index 00000000..bd058c22 --- /dev/null +++ b/roles/geerlingguy.java/vars/Ubuntu-20.yml @@ -0,0 +1,6 @@ +--- +# JDK version options include: +# - java +# - openjdk-11-jdk +__java_packages: + - openjdk-11-jdk diff --git a/roles/geerlingguy.jenkins/.ansible-lint b/roles/geerlingguy.jenkins/.ansible-lint new file mode 100644 index 00000000..55572942 --- /dev/null +++ b/roles/geerlingguy.jenkins/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '106' diff --git a/roles/geerlingguy.jenkins/.github/FUNDING.yml b/roles/geerlingguy.jenkins/.github/FUNDING.yml new file mode 100644 index 00000000..96b49383 --- /dev/null +++ b/roles/geerlingguy.jenkins/.github/FUNDING.yml @@ -0,0 +1,4 @@ +# These are supported funding model platforms +--- +github: geerlingguy +patreon: geerlingguy diff --git a/roles/geerlingguy.jenkins/.github/stale.yml b/roles/geerlingguy.jenkins/.github/stale.yml new file mode 100644 index 00000000..c7ff1275 --- /dev/null +++ b/roles/geerlingguy.jenkins/.github/stale.yml @@ -0,0 +1,56 @@ +# Configuration for probot-stale - https://github.com/probot/stale + +# Number of days of inactivity before an Issue or Pull Request becomes stale +daysUntilStale: 90 + +# Number of days of inactivity before an Issue or Pull Request with the stale label is closed. +# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale. +daysUntilClose: 30 + +# Only issues or pull requests with all of these labels are check if stale. Defaults to `[]` (disabled) +onlyLabels: [] + +# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable +exemptLabels: + - pinned + - security + - planned + +# Set to true to ignore issues in a project (defaults to false) +exemptProjects: false + +# Set to true to ignore issues in a milestone (defaults to false) +exemptMilestones: false + +# Set to true to ignore issues with an assignee (defaults to false) +exemptAssignees: false + +# Label to use when marking as stale +staleLabel: stale + +# Limit the number of actions per hour, from 1-30. Default is 30 +limitPerRun: 30 + +pulls: + markComment: |- + This pull request has been marked 'stale' due to lack of recent activity. If there is no further activity, the PR will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark pull requests as stale. + + unmarkComment: >- + This pull request is no longer marked for closure. + + closeComment: >- + This pull request has been closed due to inactivity. If you feel this is in error, please reopen the pull request or file a new PR with the relevant details. + +issues: + markComment: |- + This issue has been marked 'stale' due to lack of recent activity. If there is no further activity, the issue will be closed in another 30 days. Thank you for your contribution! + + Please read [this blog post](https://www.jeffgeerling.com/blog/2020/enabling-stale-issue-bot-on-my-github-repositories) to see the reasons why I mark issues as stale. + + unmarkComment: >- + This issue is no longer marked for closure. + + closeComment: >- + This issue has been closed due to inactivity. If you feel this is in error, please reopen the issue or file a new issue with the relevant details. diff --git a/roles/geerlingguy.jenkins/.github/workflows/ci.yml b/roles/geerlingguy.jenkins/.github/workflows/ci.yml new file mode 100644 index 00000000..86d07be7 --- /dev/null +++ b/roles/geerlingguy.jenkins/.github/workflows/ci.yml @@ -0,0 +1,82 @@ +--- +name: CI +'on': + pull_request: + push: + branches: + - master + schedule: + - cron: "30 7 * * 2" + +defaults: + run: + working-directory: 'geerlingguy.jenkins' + +jobs: + + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.jenkins' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install yamllint ansible-lint + + - name: Lint code. + run: | + yamllint . + ansible-lint + + molecule: + name: Molecule + runs-on: ubuntu-latest + strategy: + matrix: + include: + - distro: centos8 + playbook: converge.yml + - distro: ubuntu1804 + playbook: converge.yml + - distro: debian10 + playbook: converge.yml + + # Test other role features. + - distro: ubuntu1804 + playbook: http-port.yml + - distro: ubuntu1804 + playbook: prefix.yml + - distro: ubuntu1804 + playbook: plugins-with-home.yml + - distro: centos7 + playbook: jenkins-version.yml + + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.jenkins' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install test dependencies. + run: pip3 install ansible molecule[docker] docker + + - name: Run Molecule tests. + run: molecule test + env: + PY_COLORS: '1' + ANSIBLE_FORCE_COLOR: '1' + MOLECULE_DISTRO: ${{ matrix.distro }} + MOLECULE_PLAYBOOK: ${{ matrix.playbook }} diff --git a/roles/geerlingguy.jenkins/.github/workflows/release.yml b/roles/geerlingguy.jenkins/.github/workflows/release.yml new file mode 100644 index 00000000..9cbaaab9 --- /dev/null +++ b/roles/geerlingguy.jenkins/.github/workflows/release.yml @@ -0,0 +1,38 @@ +--- +# This workflow requires a GALAXY_API_KEY secret present in the GitHub +# repository or organization. +# +# See: https://github.com/marketplace/actions/publish-ansible-role-to-galaxy +# See: https://github.com/ansible/galaxy/issues/46 + +name: Release +'on': + push: + tags: + - '*' + +defaults: + run: + working-directory: 'geerlingguy.jenkins' + +jobs: + + release: + name: Release + runs-on: ubuntu-latest + steps: + - name: Check out the codebase. + uses: actions/checkout@v2 + with: + path: 'geerlingguy.jenkins' + + - name: Set up Python 3. + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - name: Install Ansible. + run: pip3 install ansible-base + + - name: Trigger a new import on Galaxy. + run: ansible-galaxy role import --api-key ${{ secrets.GALAXY_API_KEY }} $(echo ${{ github.repository }} | cut -d/ -f1) $(echo ${{ github.repository }} | cut -d/ -f2) diff --git a/roles/geerlingguy.jenkins/.gitignore b/roles/geerlingguy.jenkins/.gitignore new file mode 100644 index 00000000..f56f5b57 --- /dev/null +++ b/roles/geerlingguy.jenkins/.gitignore @@ -0,0 +1,3 @@ +*.retry +*/__pycache__ +*.pyc diff --git a/roles/geerlingguy.jenkins/.yamllint b/roles/geerlingguy.jenkins/.yamllint new file mode 100644 index 00000000..3a49cd8e --- /dev/null +++ b/roles/geerlingguy.jenkins/.yamllint @@ -0,0 +1,11 @@ +--- +extends: default + +rules: + line-length: + max: 150 + level: warning + +ignore: | + .github/stale.yml + .travis.yml diff --git a/roles/geerlingguy.jenkins/LICENSE b/roles/geerlingguy.jenkins/LICENSE new file mode 100644 index 00000000..4275cf3c --- /dev/null +++ b/roles/geerlingguy.jenkins/LICENSE @@ -0,0 +1,20 @@ +The MIT License (MIT) + +Copyright (c) 2017 Jeff Geerling + +Permission is hereby granted, free of charge, to any person obtaining a copy of +this software and associated documentation files (the "Software"), to deal in +the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software is furnished to do so, +subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS +FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER +IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/roles/geerlingguy.jenkins/README.md b/roles/geerlingguy.jenkins/README.md new file mode 100644 index 00000000..2b74a955 --- /dev/null +++ b/roles/geerlingguy.jenkins/README.md @@ -0,0 +1,149 @@ +# Ansible Role: Jenkins CI + +[![CI](https://github.com/geerlingguy/ansible-role-jenkins/workflows/CI/badge.svg?event=push)](https://github.com/geerlingguy/ansible-role-jenkins/actions?query=workflow%3ACI) + +Installs Jenkins CI on RHEL/CentOS and Debian/Ubuntu servers. + +## Requirements + +Requires `curl` to be installed on the server. Also, newer versions of Jenkins require Java 8+ (see the test playbooks inside the `molecule/default` directory for an example of how to use newer versions of Java for your OS). + +## Role Variables + +Available variables are listed below, along with default values (see `defaults/main.yml`): + + jenkins_package_state: present + +The state of the `jenkins` package install. By default this role installs Jenkins but will not upgrade Jenkins (when using package-based installs). If you want to always update to the latest version, change this to `latest`. + + jenkins_hostname: localhost + +The system hostname; usually `localhost` works fine. This will be used during setup to communicate with the running Jenkins instance via HTTP requests. + + jenkins_home: /var/lib/jenkins + +The Jenkins home directory which, amongst others, is being used for storing artifacts, workspaces and plugins. This variable allows you to override the default `/var/lib/jenkins` location. + + jenkins_http_port: 8080 + +The HTTP port for Jenkins' web interface. + + jenkins_admin_username: admin + jenkins_admin_password: admin + +Default admin account credentials which will be created the first time Jenkins is installed. + + jenkins_admin_password_file: "" + +Default admin password file which will be created the first time Jenkins is installed as /var/lib/jenkins/secrets/initialAdminPassword + + jenkins_jar_location: /opt/jenkins-cli.jar + +The location at which the `jenkins-cli.jar` jarfile will be kept. This is used for communicating with Jenkins via the CLI. + + jenkins_plugins: + - blueocean + - name: influxdb + version: "1.12.1" + +Jenkins plugins to be installed automatically during provisioning. Defaults to empty list (`[]`). Items can use name or dictionary with `name` and `version` keys to pin specific version of a plugin. + + jenkins_plugins_install_dependencies: true + +Whether Jenkins plugins to be installed should also install any plugin dependencies. + + jenkins_plugins_state: present + +Use `latest` to ensure all plugins are running the most up-to-date version. For any plugin that has a specific version set in `jenkins_plugins` list, state `present` will be used instead of `jenkins_plugins_state` value. + + jenkins_plugin_updates_expiration: 86400 + +Number of seconds after which a new copy of the update-center.json file is downloaded. Set it to 0 if no cache file should be used. + + jenkins_updates_url: "https://updates.jenkins.io" + +The URL to use for Jenkins plugin updates and update-center information. + + jenkins_plugin_timeout: 30 + +The server connection timeout, in seconds, when installing Jenkins plugins. + + jenkins_version: "2.220" + jenkins_pkg_url: "http://www.example.com" + +(Optional) Then Jenkins version can be pinned to any version available on `http://pkg.jenkins-ci.org/debian/` (Debian/Ubuntu) or `http://pkg.jenkins-ci.org/redhat/` (RHEL/CentOS). If the Jenkins version you need is not available in the default package URLs, you can override the URL with your own; set `jenkins_pkg_url` (_Note_: the role depends on the same naming convention that `http://pkg.jenkins-ci.org/` uses). + + jenkins_url_prefix: "" + +Used for setting a URL prefix for your Jenkins installation. The option is added as `--prefix={{ jenkins_url_prefix }}` to the Jenkins initialization `java` invocation, so you can access the installation at a path like `http://www.example.com{{ jenkins_url_prefix }}`. Make sure you start the prefix with a `/` (e.g. `/jenkins`). + + jenkins_connection_delay: 5 + jenkins_connection_retries: 60 + +Amount of time and number of times to wait when connecting to Jenkins after initial startup, to verify that Jenkins is running. Total time to wait = `delay` * `retries`, so by default this role will wait up to 300 seconds before timing out. + + jenkins_prefer_lts: false + +By default, this role will install the latest version of Jenkins using the official repositories according to the platform. You can install the current LTS version instead by setting this to `false`. + +The default repositories (listed below) can be overridden as well. + + # For RedHat/CentOS: + jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo + jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key + + # For Debian/Ubuntu: + jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/ + jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key + +It is also possible to prevent the repo file from being added by setting `jenkins_repo_url: ''`. This is useful if, for example, you sign your own packages or run internal package management (e.g. Spacewalk). + + jenkins_java_options: "-Djenkins.install.runSetupWizard=false" + +Extra Java options for the Jenkins launch command configured in the init file can be set with the var `jenkins_java_options`. For example, if you want to configure the timezone Jenkins uses, add `-Dorg.apache.commons.jelly.tags.fmt.timeZone=America/New_York`. By default, the option to disable the Jenkins 2.0 setup wizard is added. + + jenkins_init_changes: + - option: "JENKINS_ARGS" + value: "--prefix={{ jenkins_url_prefix }}" + - option: "JENKINS_JAVA_OPTIONS" + value: "{{ jenkins_java_options }}" + +Changes made to the Jenkins init script; the default set of changes set the configured URL prefix and add in configured Java options for Jenkins' startup. You can add other option/value pairs if you need to set other options for the Jenkins init file. + + jenkins_proxy_host: "" + jenkins_proxy_port: "" + jenkins_proxy_noproxy: + - "127.0.0.1" + - "localhost" + +If you are running Jenkins behind a proxy server, configure these options appropriately. Otherwise Jenkins will be configured with a direct Internet connection. + +## Dependencies + +None. + +## Example Playbook + +```yaml +- hosts: jenkins + become: true + + vars: + jenkins_hostname: jenkins.example.com + java_packages: + - openjdk-8-jdk + + roles: + - role: geerlingguy.java + - role: geerlingguy.jenkins +``` + +Note that `java_packages` may need different versions depending on your distro (e.g. `openjdk-11-jdk` for Debian 10, or `java-1.8.0-openjdk` for RHEL 7 or 8). + +## License + +MIT (Expat) / BSD + +## Author Information + +This role was created in 2014 by [Jeff Geerling](https://www.jeffgeerling.com/), author of [Ansible for DevOps](https://www.ansiblefordevops.com/). diff --git a/roles/geerlingguy.jenkins/defaults/main.yml b/roles/geerlingguy.jenkins/defaults/main.yml new file mode 100644 index 00000000..73bf5da2 --- /dev/null +++ b/roles/geerlingguy.jenkins/defaults/main.yml @@ -0,0 +1,51 @@ +--- +# Optional method of pinning a specific version of Jenkins and/or overriding the +# default Jenkins packaging URL. +# jenkins_version: "1.644" +# jenkins_pkg_url: "https://www.example.com" + +# Change this to `latest` to update Jenkins if a newer version is available. +jenkins_package_state: present + +jenkins_prefer_lts: false + +jenkins_connection_delay: 5 +jenkins_connection_retries: 60 +jenkins_home: /var/lib/jenkins +jenkins_hostname: localhost +jenkins_http_port: 8080 +jenkins_jar_location: /opt/jenkins-cli.jar +jenkins_url_prefix: "" +jenkins_java_options: "-Djenkins.install.runSetupWizard=false" + +# Plugin list can use the plugin name, or a name/version dict. +jenkins_plugins: [] +# - blueocean +# - name: influxdb +# version: "1.12.1" + +jenkins_plugins_state: present +jenkins_plugin_updates_expiration: 86400 +jenkins_plugin_timeout: 30 +jenkins_plugins_install_dependencies: true +jenkins_updates_url: "https://updates.jenkins.io" + +jenkins_admin_username: admin +jenkins_admin_password: admin +jenkins_admin_password_file: "" + +jenkins_process_user: jenkins +jenkins_process_group: "{{ jenkins_process_user }}" + +jenkins_init_changes: + - option: "JENKINS_ARGS" + value: "--prefix={{ jenkins_url_prefix }}" + - option: "{{ jenkins_java_options_env_var }}" + value: "{{ jenkins_java_options }}" + +# If Jenkins is behind a proxy, configure this. +jenkins_proxy_host: "" +jenkins_proxy_port: "" +jenkins_proxy_noproxy: + - "127.0.0.1" + - "localhost" diff --git a/roles/geerlingguy.jenkins/handlers/main.yml b/roles/geerlingguy.jenkins/handlers/main.yml new file mode 100644 index 00000000..005440b9 --- /dev/null +++ b/roles/geerlingguy.jenkins/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: restart jenkins + service: name=jenkins state=restarted + +- name: configure default users + template: + src: basic-security.groovy.j2 + dest: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" + owner: "{{ jenkins_process_user }}" + group: "{{ jenkins_process_group }}" + mode: 0775 + register: jenkins_users_config diff --git a/roles/geerlingguy.jenkins/meta/main.yml b/roles/geerlingguy.jenkins/meta/main.yml new file mode 100644 index 00000000..c5fdff47 --- /dev/null +++ b/roles/geerlingguy.jenkins/meta/main.yml @@ -0,0 +1,30 @@ +--- +dependencies: [] + +galaxy_info: + role_name: jenkins + author: geerlingguy + description: Jenkins CI + company: "Midwestern Mac, LLC" + license: "license (BSD, MIT)" + min_ansible_version: 2.4 + platforms: + - name: EL + versions: + - 6 + - 7 + - 8 + - name: Fedora + versions: + - all + - name: Debian + versions: + - all + - name: Ubuntu + versions: + - all + galaxy_tags: + - development + - packaging + - jenkins + - ci diff --git a/roles/geerlingguy.jenkins/molecule/default/converge.yml b/roles/geerlingguy.jenkins/molecule/default/converge.yml new file mode 100644 index 00000000..68a57b91 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/converge.yml @@ -0,0 +1,21 @@ +--- +- name: Converge + hosts: all + become: true + + pre_tasks: + - include_tasks: java-8.yml + + - include_tasks: java-11.yml + when: + - ansible_distribution == 'Debian' + - ansible_distribution_major_version == '10' + + roles: + - role: geerlingguy.java + - role: geerlingguy.jenkins + + post_tasks: + - name: Check if Jenkins is running. + uri: + url: "http://127.0.0.1:8080/" diff --git a/roles/geerlingguy.jenkins/molecule/default/http-port.yml b/roles/geerlingguy.jenkins/molecule/default/http-port.yml new file mode 100644 index 00000000..1f4bba2c --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/http-port.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_http_port: 8081 + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Ensure Jenkins is running on the specified port. + uri: + url: "http://127.0.0.1:{{ jenkins_http_port }}" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/java-11.yml b/roles/geerlingguy.jenkins/molecule/default/java-11.yml new file mode 100644 index 00000000..2118b633 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/java-11.yml @@ -0,0 +1,6 @@ +--- +- name: Set the java_packages variable (Debian). + set_fact: + java_packages: + - openjdk-11-jdk + when: ansible_os_family == 'Debian' diff --git a/roles/geerlingguy.jenkins/molecule/default/java-8.yml b/roles/geerlingguy.jenkins/molecule/default/java-8.yml new file mode 100644 index 00000000..5baea724 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/java-8.yml @@ -0,0 +1,19 @@ +--- +# Debian. +- name: Update apt cache. + apt: update_cache=true cache_valid_time=600 + when: ansible_os_family == 'Debian' + changed_when: false + +- name: Set the java_packages variable (Debian). + set_fact: + java_packages: + - openjdk-8-jdk + when: ansible_os_family == 'Debian' + +# Red Hat. +- name: Set the java_packages variable (RedHat). + set_fact: + java_packages: + - java-1.8.0-openjdk + when: ansible_os_family == 'RedHat' diff --git a/roles/geerlingguy.jenkins/molecule/default/jenkins-version.yml b/roles/geerlingguy.jenkins/molecule/default/jenkins-version.yml new file mode 100644 index 00000000..4c779f20 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/jenkins-version.yml @@ -0,0 +1,27 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_version: "2.220" + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Check installed version of Jenkins. + command: rpm -q jenkins + args: + warn: false + changed_when: false + register: jenkins_rpm_version + tags: ['skip_ansible_lint'] + + - name: Print installed Jenkins package information. + debug: var=jenkins_rpm_version + + - name: Fail if version doesn't match what we wanted. + fail: + when: "jenkins_version not in jenkins_rpm_version.stdout" diff --git a/roles/geerlingguy.jenkins/molecule/default/molecule.yml b/roles/geerlingguy.jenkins/molecule/default/molecule.yml new file mode 100644 index 00000000..74907107 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/molecule.yml @@ -0,0 +1,17 @@ +--- +dependency: + name: galaxy +driver: + name: docker +platforms: + - name: instance + image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos7}-ansible:latest" + command: ${MOLECULE_DOCKER_COMMAND:-""} + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: true + pre_build_image: true +provisioner: + name: ansible + playbooks: + converge: ${MOLECULE_PLAYBOOK:-converge.yml} diff --git a/roles/geerlingguy.jenkins/molecule/default/plugins-with-home.yml b/roles/geerlingguy.jenkins/molecule/default/plugins-with-home.yml new file mode 100644 index 00000000..3cf5779d --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/plugins-with-home.yml @@ -0,0 +1,62 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_plugins: + - ghprb + - greenballs + - {name: cloudbees-folder, version: 6.11} + jenkins_home: /tmp/jenkins + jenkins_plugin_timeout: 120 + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Verify JENKINS_HOME is correct. + stat: + path: "{{ jenkins_home }}/config.xml" + register: jenkins_home_config + + - name: Fail if Jenkins config file doesn't exist. + fail: + when: not jenkins_home_config.stat.exists + + - name: List plugins directory contents. + command: "ls {{ jenkins_home }}/plugins" + register: plugins_contents + changed_when: false + tags: ['skip_ansible_lint'] + + - name: Verify greenballs plugin exists. + stat: + path: "{{ jenkins_home }}/plugins/greenballs.jpi" + register: greenballs_plugin + + - name: Fail if greenballs plugin file doesn't exist. + fail: + when: not greenballs_plugin.stat.exists + + - name: Verify cloudbees-folder plugin exists. + stat: + path: "{{ jenkins_home }}/plugins/cloudbees-folder.jpi" + register: folder_plugin + + - name: Fail if cloudbees-folder plugin file doesn't exist. + fail: + when: not folder_plugin.stat.exists + + - name: Ensure Jenkins is running. + uri: + url: "http://127.0.0.1:8080/" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/prefix.yml b/roles/geerlingguy.jenkins/molecule/default/prefix.yml new file mode 100644 index 00000000..23d12fcd --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/prefix.yml @@ -0,0 +1,24 @@ +--- +- name: Converge + hosts: all + become: true + + vars: + jenkins_url_prefix: /jenkins + + pre_tasks: + - include_tasks: java-8.yml + + roles: + - geerlingguy.java + - geerlingguy.jenkins + + post_tasks: + - name: Ensure Jenkins is running with the specified prefix. + uri: + url: "http://127.0.0.1:8080{{ jenkins_url_prefix }}" + status_code: 200 + register: result + until: result.status == 200 + retries: 60 + delay: 1 diff --git a/roles/geerlingguy.jenkins/molecule/default/requirements.yml b/roles/geerlingguy.jenkins/molecule/default/requirements.yml new file mode 100644 index 00000000..8fbe7cb6 --- /dev/null +++ b/roles/geerlingguy.jenkins/molecule/default/requirements.yml @@ -0,0 +1,2 @@ +--- +- src: geerlingguy.java diff --git a/roles/geerlingguy.jenkins/tasks/main.yml b/roles/geerlingguy.jenkins/tasks/main.yml new file mode 100644 index 00000000..26b920eb --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/main.yml @@ -0,0 +1,67 @@ +--- +# Variable setup. +- name: Include OS-Specific variables + include_vars: "{{ ansible_os_family }}.yml" + +- name: Define jenkins_repo_url + set_fact: + jenkins_repo_url: "{{ __jenkins_repo_url }}" + when: jenkins_repo_url is not defined + +- name: Define jenkins_repo_key_url + set_fact: + jenkins_repo_key_url: "{{ __jenkins_repo_key_url }}" + when: jenkins_repo_key_url is not defined + +- name: Define jenkins_pkg_url + set_fact: + jenkins_pkg_url: "{{ __jenkins_pkg_url }}" + when: jenkins_pkg_url is not defined + +# Setup/install tasks. +- include_tasks: setup-RedHat.yml + when: ansible_os_family == 'RedHat' + +- include_tasks: setup-Debian.yml + when: ansible_os_family == 'Debian' + +# Configure Jenkins init settings. +- include_tasks: settings.yml + +# Make sure Jenkins starts, then configure Jenkins. +- name: Ensure Jenkins is started and runs on startup. + service: name=jenkins state=started enabled=yes + +- name: Wait for Jenkins to start up before proceeding. + uri: + url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/cli/" + method: GET + return_content: "yes" + timeout: 5 + body_format: raw + follow_redirects: "no" + status_code: 200,403 + register: result + until: (result.status == 403 or result.status == 200) and (result.content.find("Please wait while") == -1) + retries: "{{ jenkins_connection_retries }}" + delay: "{{ jenkins_connection_delay }}" + changed_when: false + check_mode: false + +- name: Get the jenkins-cli jarfile from the Jenkins server. + get_url: + url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}/jnlpJars/jenkins-cli.jar" + dest: "{{ jenkins_jar_location }}" + register: jarfile_get + until: "'OK' in jarfile_get.msg or '304' in jarfile_get.msg or 'file already exists' in jarfile_get.msg" + retries: 5 + delay: 10 + check_mode: false + +- name: Remove Jenkins security init scripts after first startup. + file: + path: "{{ jenkins_home }}/init.groovy.d/basic-security.groovy" + state: absent + +# Update Jenkins and install configured plugins. +- include_tasks: plugins.yml diff --git a/roles/geerlingguy.jenkins/tasks/plugins.yml b/roles/geerlingguy.jenkins/tasks/plugins.yml new file mode 100644 index 00000000..dbc2a2da --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/plugins.yml @@ -0,0 +1,63 @@ +--- +# jenkins_plugin module doesn't support password files. +- name: Get Jenkins admin password from file. + slurp: + src: "{{ jenkins_admin_password_file }}" + register: adminpasswordfile + no_log: true + when: jenkins_admin_password_file | default(false) + tags: ['skip_ansible_lint'] + +- name: Set Jenkins admin password fact. + set_fact: + jenkins_admin_password: "{{ adminpasswordfile['stdout'] | default(jenkins_admin_password) }}" + no_log: true + +# Update Jenkins so that plugin updates don't fail. +- name: Create Jenkins updates directory. + file: + path: "{{ jenkins_home }}/updates" + state: directory + owner: jenkins + group: jenkins + mode: 0755 + +- name: Download current plugin updates from Jenkins update site. + get_url: + url: "{{ jenkins_updates_url }}/update-center.json" + dest: "{{ jenkins_home }}/updates/default.json" + owner: jenkins + group: jenkins + mode: 0440 + changed_when: false + register: get_result + until: get_result is success + retries: 3 + delay: 2 + +- name: Remove first and last line from json file. + replace: # noqa 208 + path: "{{ jenkins_home }}/updates/default.json" + regexp: "1d;$d" + +- name: Install Jenkins plugins using password. + jenkins_plugin: + name: "{{ item.name | default(item) }}" + version: "{{ item.version | default(omit) }}" + jenkins_home: "{{ jenkins_home }}" + url_username: "{{ jenkins_admin_username }}" + url_password: "{{ jenkins_admin_password }}" + state: "{{ 'present' if item.version is defined else jenkins_plugins_state }}" + timeout: "{{ jenkins_plugin_timeout }}" + updates_expiration: "{{ jenkins_plugin_updates_expiration }}" + updates_url: "{{ jenkins_updates_url }}" + url: "http://{{ jenkins_hostname }}:{{ jenkins_http_port }}{{ jenkins_url_prefix }}" + with_dependencies: "{{ jenkins_plugins_install_dependencies }}" + with_items: "{{ jenkins_plugins }}" + when: jenkins_admin_password | default(false) + notify: restart jenkins + tags: ['skip_ansible_lint'] + register: plugin_result + until: plugin_result is success + retries: 3 + delay: 2 diff --git a/roles/geerlingguy.jenkins/tasks/settings.yml b/roles/geerlingguy.jenkins/tasks/settings.yml new file mode 100644 index 00000000..64aba58f --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/settings.yml @@ -0,0 +1,86 @@ +--- +- name: Check if jenkins_init_file exists. + stat: + path: "{{ jenkins_init_file }}" + register: jenkins_init_file_stat + +- name: Ensure jenkins_init_file exists. + file: + path: "{{ jenkins_init_file }}" + state: touch + mode: 0644 + when: not jenkins_init_file_stat.stat.exists + +- name: Modify variables in init file. + lineinfile: + dest: "{{ jenkins_init_file }}" + insertafter: '^{{ item.option }}=' + regexp: '^{{ item.option }}=\"\${{ item.option }} ' + line: '{{ item.option }}="${{ item.option }} {{ item.value }}"' + state: present + mode: 0644 + with_items: "{{ jenkins_init_changes }}" + register: jenkins_init_prefix + +- name: Ensure jenkins_home {{ jenkins_home }} exists. + file: + path: "{{ jenkins_home }}" + state: directory + owner: jenkins + group: jenkins + mode: u+rwx + follow: true + +- name: Set the Jenkins home directory. + lineinfile: + dest: "{{ jenkins_init_file }}" + regexp: '^JENKINS_HOME=.*' + line: 'JENKINS_HOME={{ jenkins_home }}' + mode: 0644 + register: jenkins_home_config + +- name: Immediately restart Jenkins on init config changes. + service: name=jenkins state=restarted + when: jenkins_init_prefix.changed + tags: ['skip_ansible_lint'] + +- name: Set HTTP port in Jenkins config. + lineinfile: + backrefs: true + dest: "{{ jenkins_init_file }}" + regexp: '^{{ jenkins_http_port_param }}=' + line: '{{ jenkins_http_port_param }}={{ jenkins_http_port }}' + mode: 0644 + register: jenkins_http_config + +- name: Create custom init scripts directory. + file: + path: "{{ jenkins_home }}/init.groovy.d" + state: directory + owner: "{{ jenkins_process_user }}" + group: "{{ jenkins_process_group }}" + mode: 0775 + +- name: Configure proxy config for Jenkins + template: + src: proxy.xml + dest: "{{ jenkins_home }}/proxy.xml" + owner: "{{ jenkins_process_user }}" + group: "{{ jenkins_process_group }}" + mode: 0664 + register: jenkins_proxy_config + when: + - jenkins_proxy_host | length > 0 + - jenkins_proxy_port | length > 0 + +- name: Trigger handlers immediately in case Jenkins was installed + meta: flush_handlers + +- name: Immediately restart Jenkins on http or user changes. + service: name=jenkins state=restarted + when: > + (jenkins_users_config is defined and jenkins_users_config.changed) + or (jenkins_http_config is defined and jenkins_http_config.changed) + or (jenkins_home_config is defined and jenkins_home_config.changed) + or (jenkins_proxy_config is defined and jenkins_proxy_config.changed) + tags: ['skip_ansible_lint'] diff --git a/roles/geerlingguy.jenkins/tasks/setup-Debian.yml b/roles/geerlingguy.jenkins/tasks/setup-Debian.yml new file mode 100644 index 00000000..5a2ee13b --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/setup-Debian.yml @@ -0,0 +1,46 @@ +--- +- name: Ensure dependencies are installed. + apt: + name: + - curl + - apt-transport-https + - gnupg + state: present + +- name: Add Jenkins apt repository key. + apt_key: + url: "{{ jenkins_repo_key_url }}" + state: present + +- name: Add Jenkins apt repository. + apt_repository: + repo: "{{ jenkins_repo_url }}" + state: present + update_cache: true + when: jenkins_repo_url | default(false) + tags: ['skip_ansible_lint'] + +- name: Download specific Jenkins version. + get_url: + url: "{{ jenkins_pkg_url }}/jenkins_{{ jenkins_version }}_all.deb" + dest: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + when: jenkins_version is defined + +- name: Check if we downloaded a specific version of Jenkins. + stat: + path: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + register: specific_version + when: jenkins_version is defined + +- name: Install our specific version of Jenkins. + apt: + deb: "/tmp/jenkins_{{ jenkins_version }}_all.deb" + state: present + when: jenkins_version is defined and specific_version.stat.exists + notify: configure default users + +- name: Ensure Jenkins is installed. + apt: + name: jenkins + state: "{{ jenkins_package_state }}" + notify: configure default users diff --git a/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml b/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml new file mode 100644 index 00000000..746903a3 --- /dev/null +++ b/roles/geerlingguy.jenkins/tasks/setup-RedHat.yml @@ -0,0 +1,45 @@ +--- +- name: Ensure dependencies are installed. + package: + name: + - curl + - initscripts + - "{{ 'libselinux-python' if ansible_python['version']['major'] < 3 else 'python3-libselinux' }}" + state: present + +- name: Ensure Jenkins repo is installed. + get_url: + url: "{{ jenkins_repo_url }}" + dest: /etc/yum.repos.d/jenkins.repo + when: jenkins_repo_url | default(false) + +- name: Add Jenkins repo GPG key. + rpm_key: + state: present + key: "{{ jenkins_repo_key_url }}" + when: jenkins_repo_url | default(false) + +- name: Download specific Jenkins version. + get_url: + url: "{{ jenkins_pkg_url }}/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + dest: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + when: jenkins_version is defined + +- name: Check if we downloaded a specific version of Jenkins. + stat: + path: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + register: specific_version + when: jenkins_version is defined + +- name: Install our specific version of Jenkins. + package: + name: "/tmp/jenkins-{{ jenkins_version }}-1.1.noarch.rpm" + state: present + when: jenkins_version is defined and specific_version.stat.exists + notify: configure default users + +- name: Ensure Jenkins is installed. + package: + name: jenkins + state: "{{ jenkins_package_state }}" + notify: configure default users diff --git a/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 b/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 new file mode 100644 index 00000000..c1d0758a --- /dev/null +++ b/roles/geerlingguy.jenkins/templates/basic-security.groovy.j2 @@ -0,0 +1,28 @@ +#!groovy +import hudson.security.* +import jenkins.model.* + +def instance = Jenkins.getInstance() +def hudsonRealm = new HudsonPrivateSecurityRealm(false) +def users = hudsonRealm.getAllUsers() +users_s = users.collect { it.toString() } + +// Create the admin user account if it doesn't already exist. +if ("{{ jenkins_admin_username }}" in users_s) { + println "Admin user already exists - updating password" + + def user = hudson.model.User.get('{{ jenkins_admin_username }}'); + def password = hudson.security.HudsonPrivateSecurityRealm.Details.fromPlainPassword('{{ jenkins_admin_password }}') + user.addProperty(password) + user.save() +} +else { + println "--> creating local admin user" + + hudsonRealm.createAccount('{{ jenkins_admin_username }}', '{{ jenkins_admin_password }}') + instance.setSecurityRealm(hudsonRealm) + + def strategy = new FullControlOnceLoggedInAuthorizationStrategy() + instance.setAuthorizationStrategy(strategy) + instance.save() +} diff --git a/roles/geerlingguy.jenkins/templates/proxy.xml b/roles/geerlingguy.jenkins/templates/proxy.xml new file mode 100644 index 00000000..95c0a1c6 --- /dev/null +++ b/roles/geerlingguy.jenkins/templates/proxy.xml @@ -0,0 +1,7 @@ + + + {{ jenkins_proxy_host }} + {{ jenkins_proxy_port}} + {{ jenkins_proxy_noproxy | join(',') }} + + \ No newline at end of file diff --git a/roles/geerlingguy.jenkins/tests/test-plugins.yml b/roles/geerlingguy.jenkins/tests/test-plugins.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/geerlingguy.jenkins/vars/Debian.yml b/roles/geerlingguy.jenkins/vars/Debian.yml new file mode 100644 index 00000000..3e2ea9f2 --- /dev/null +++ b/roles/geerlingguy.jenkins/vars/Debian.yml @@ -0,0 +1,7 @@ +--- +__jenkins_repo_url: deb https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }} binary/ +__jenkins_repo_key_url: https://pkg.jenkins.io/debian{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key +__jenkins_pkg_url: https://pkg.jenkins.io/debian/binary +jenkins_init_file: /etc/default/jenkins +jenkins_http_port_param: HTTP_PORT +jenkins_java_options_env_var: JAVA_ARGS diff --git a/roles/geerlingguy.jenkins/vars/RedHat.yml b/roles/geerlingguy.jenkins/vars/RedHat.yml new file mode 100644 index 00000000..6fbbad1e --- /dev/null +++ b/roles/geerlingguy.jenkins/vars/RedHat.yml @@ -0,0 +1,7 @@ +--- +__jenkins_repo_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.repo +__jenkins_repo_key_url: https://pkg.jenkins.io/redhat{{ '-stable' if (jenkins_prefer_lts | bool) else '' }}/jenkins.io.key +__jenkins_pkg_url: https://pkg.jenkins.io/redhat +jenkins_init_file: /etc/sysconfig/jenkins +jenkins_http_port_param: JENKINS_PORT +jenkins_java_options_env_var: JENKINS_JAVA_OPTIONS