From 47280cd08905644f5e28645f6b7f64346e8bab5f Mon Sep 17 00:00:00 2001 From: Ronald Loyko <108372764+ronaldloyko@users.noreply.github.com> Date: Sat, 8 Oct 2022 03:27:13 +0300 Subject: [PATCH] feat: add openvpn-as (#750) --- public/v4/apps/openvpn-as.yml | 95 +++++++++++++++++++++++++++++++++ public/v4/logos/openvpn-as.png | Bin 0 -> 14997 bytes 2 files changed, 95 insertions(+) create mode 100644 public/v4/apps/openvpn-as.yml create mode 100644 public/v4/logos/openvpn-as.png diff --git a/public/v4/apps/openvpn-as.yml b/public/v4/apps/openvpn-as.yml new file mode 100644 index 0000000..9cfa81d --- /dev/null +++ b/public/v4/apps/openvpn-as.yml @@ -0,0 +1,95 @@ +captainVersion: 4 +services: + $$cap_appname: + caproverExtra: + containerHttpPort: $$cap_OPENVPN_PORT_ADMIN + image: linuxserver/openvpn-as:$$cap_OPENVPN_VERSION + hostname: $$cap_appname.$$cap_root_domain + environment: + PUID: $$cap_OPENVPN_PUID + PGID: $$cap_OPENVPN_GUID + TZ: $$cap_OPENVPN_TZ + INTERFACE: $$cap_OPENVPN_INTERFACE + volumes: + - $$cap_appname:/config + ports: + - $$cap_OPENVPN_PORT_TCP:$$cap_OPENVPN_PORT_TCP + - $$cap_OPENVPN_PORT_UDP:$$cap_OPENVPN_PORT_UDP + cap_add: + - NET_ADMIN + +caproverOneClickApp: + displayName: OpenVPN Access Server + isOfficial: false + description: Full featured secure network tunneling VPN software. + documentation: https://openvpn.net/index.php/access-server/overview.html + instructions: + start: |- + OpenVPN is a full featured, open-source VPN solution that accommodates a wide range of configurations. + + **Important notes:** + - The provider of this image (LinuxServer) has decided to **deprecate** it in favor of WireGuard + - If you are using CapRover version `1.10.1` or older, you will need to **override CapRover's configuration** to use the newer Docker API version `1.4.1` (this can be done manually or by running `echo "{\"dockerApiVersion\":\"v1.41\"}" > /captain/data/config-override.json`) + - You need **access via SSH** to your server after deployment to modify a file (only once) + - You may need to **open the ports** `1194` and `9443` on your firewall + end: |- + OpenVPN has been deployed **successfully**! + + Before you can start using it, you need to perform some steps. + You only need to do this once. + **Please screenshot/copy the following instructions before proceeding:** + + 1. Go to the **HTTP Settings** of your deployment `$$cap_appname` here in CapRover + 2. **Enable HTTPS** + 3. **Edit Default Nginx Configurations** and search for the line `set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;` and replace `http://` with `https://` + 4. Go to **App Configs** and paste the following snippet into **Service Update Override**: `{ "TaskTemplate": { "ContainerSpec": { "CapabilityAdd": ["CAP_NET_ADMIN"], "Hostname": "$$cap_appname.$$cap_root_domain" } } }` + 5. **Save & Update** and wait a minute + 6. Go to https://$$cap_appname.$$cap_root_domain/admin and log in using user `admin` and password `password` + 7. Navigate to **Configuration** > **Network Settings** and replace the value in **Hostname Or IP Address** with `$$cap_appname.$$cap_root_domain` and update the server (if you get an error just refresh the page, log back in to the admin page (`/admin`) and proceed with the next step) + 8. Navigate to **User Management** > **User Permissions** and add **New Username**, set a password, make it an admin and **Save Settings**. + 9. Log out and log in as the new user + 10. Navigate to **User Management** > **User Permissions** and delete the `admin` account + 11. Access via SSH to your server and execute `docker exec -it $(docker ps --filter name=srv-captain--$$cap_appname -q) sed -i '/boot_pam_users.0=admin/c\boot_pam_users.0=abcnonexistentuserxyz' /config/etc/as.conf` to block the `admin` account and prevent its creation during container restart + + Enjoy your private VPN! + variables: + - id: $$cap_OPENVPN_VERSION + label: General | Version Tag + description: Check out their valid tags at https://hub.docker.com/r/linuxserver/openvpn-as/tags + defaultValue: 2.9.0-5c5bd120-Ubuntu18-ls124 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_TZ + label: General | Timezone + description: Timezone for the application, find yours at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + defaultValue: UTC + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_PUID + label: General | User ID + description: User ID that the process uses, run `id $user` on your instance to see the ID. + defaultValue: 1000 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_GUID + label: General | Group ID + description: Group ID that the process uses, run `id $user` on your instance to see the ID. + defaultValue: 1000 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_PORT_ADMIN + label: Networking | Admin GUI Port + description: Port of the administration interface. Should not be changed. + defaultValue: 943 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_PORT_TCP + label: Networking | TCP Port + description: Port of the TCP connections. Should not be changed. + defaultValue: 9443 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_PORT_UDP + label: Networking | UDP Port + description: Port of the UDP connections. Should not be changed. + defaultValue: 1194 + validRegex: /.{1,}/ + - id: $$cap_OPENVPN_INTERFACE + label: Networking | Interface + description: >- + With bridge networking, leave it blank (or enter `eth0`). + If `host` or `macvlan`, set it to your host's network interface, found by running `ifconfig`. diff --git a/public/v4/logos/openvpn-as.png b/public/v4/logos/openvpn-as.png new file mode 100644 index 0000000000000000000000000000000000000000..4ec3231354e2ee91c20be50fec7a5f4ed2eee283 GIT binary patch literal 14997 zcmaKTWmFtpux%281^2--!8@tazDHpABaiJxN`uK&a%O||4dS3$f13SOUh!Y|d=s8T zkHU~fuYGR?&xuDeumLj&5hkej|M*9VeP)-P?qXP~N_Cq`e~paEH4qTkUqE#xSjP)t zQ2Hx?y7u5M-tv-l!15$DYer?_91O1~l_YWUU60Ol142-eJd zx2B51-DT#MX@Stw*(^NFon2L_#78J}Zl3)i zmd{jfa{Hu2D3kfKVA-sx=vExTd(r~^F{(Mj2U@@PbhSl{lQU44z#w%zb#=9=h&Yw2 z^@VfcMc>7dINayn@7FW5LIjlf(KvGQKch7c7;<%!bdRx}hnQSSypywvs;8BF<-lQI zp02v9S8!$bReP*lxgCF1GuJC#d39p>d{^%J;{BD^9XXz#r|IYkqg>U=UGm5di50JF zJ=beFEAP5OUDK<$r4yg2r=})q0AqTQZsS-X2k*K@=DmC1{O{wt%xMe19)p4LX1G~$ z>QK{_`3l)5FDrys2+8wJ4{hSM%Y3JtzKr&-pAUb&s;ng>E6==yE))FCPQRZ?wB{Ay zzlAJCaca(pIKK=Qhz`+_vt&`2L)DBUwPcD zYaW6X@P+QEr*FJnNWNe1gS-3eqeP2ivk6)6ecmGuX3Oq%%H^tL5aiYIh*BnpgtcBa zP0lXsW1oEgx965hE9<7H?NQKPP|vPd>;1b2W`wD3`GVR~&naPKG-$aGs@x)AcKJqd zl4;G?{_cA*w?MVgNv0K@7H^UnELg3oBca8jfy3Js?#IaSUE4BxyRVcw6 z6{6PNtZC^clu$MHdc{FSq0Z~;^L$n@&tYlP&8K3uyaA`$104f}5Lb=MrcR`aP1Lsm zg^osCqsz*pc&FBBzX!eXPo7HQDUfoUDw+|wmI}h)*y_^5rK*d2Bw)Z?FfaY2hpK4vdah0mTfhNQ5yaah9d5u1%h-yhHWg~LYmu<+<8VH^nlHlE8+~}4zTLN2D%70>U$x*}8z6xscJQhr-da76eJHU#- z{F_E4!-Rp9^8Fl>aHUiX_iycg+3YD=!-4j)+vw8{d7wcKDvBPK0GLW#dd z=<@vPTAIQU_A6MdfIgmvI;G=tI(3GCjOMu!B{0)iS{lAuQexr3QeX-=?Z*3jEo=^& zzP8BauJ&fQz%J{v2#YQm59+;)P6ox)6!wjZTG>9L;p&PqgyLD_Q{bKCF*m(5HMjB7 z4w4yS_aBv3jc*GCxF26Wo?(B@UhWf>mRmVYYQLSKekElVpnftr-f-TtYxkNSx4LW-<$%=7s` zP3epRhWwN2Iu&MlRScb&k+JiKX+b!;dBNQX_2>FM_cH~y1p9c}(U{oF)YD4j6!Xdf zMPt{%>Cyh85$qxD?&so?rof~N@j%c+vkjG6^Sc%g?MZmi*6=jYw>$m2oK5K0*V9rJ zEe~Licm&!8`~`~DIMYsX)QkM+Fi`=!Vjtg@yHS_hcb4s zy{8btxV984?(iX8KW{b@NplG1cvvt11y4@tgc^oix`@;6E+SCTLA9A9O?B=vj9QIB z-gx^pk1et4lbRV(f;F!%7VS&~NvJVA@QdlroIV;N86rN8X>_;q23aBFPu+ry;<@g zrN)rgd`Z4(@I}ycVKF(ojZ^CGXfj8QWb_ zzr)+`+zM+P_X+h30yS$(mhKQuA(GglfFMUcTyI*Q7y@35WTK}0#@xqL62-uAEE&UGaM&X38 zo(}Uc5>;#A#|RKi)R|#2A*b-g=&m}x?jHGWt))J*`dXbjWq7+Hv^ytOj?2)BOi3{> z8}4;h=R35VnU%2Hc}R$V&#~MTHr*2()o(XdFZHI%0F~48GmE60bT z@>_e#KS6Mw;1QPLNvxbOU|Xr6zySrs9=RF({0YyuKjn+SjB6`X`ta61D+^EqHQ|qR zDMOY}*o{o!muzS$5#(?YwCPlck6RKodqIk3B56^@>QHT(`IG z8@*HqQl3U?Ormexqw7A9UfNS&boQI(CQjQ2{OV|vof_-H=(K?f4?O+6-1%kC)=C3a zPag8m z>yT^)Sygs-6t)j&>m^>42eM9qYwy;x<-Y9Mb>_#asSDH_Q6r}^fbE{=c;(@0P~4XM z`P=NXSM>KG38gwOvk^%wSfVZK?s~K)K`op|qXWiAIMdC&M|%P|R}jojpVTt2;v`Dq z{)saVH4$^@nB@DjJ=VIYN9}|9n^~NS2E29`DfV%?BJE-ztYmW=F0MAMR>nrtW^S;Q z9n~`k<4i0&G+Vu?ri$bOL3;C=cMx{X*N&$;YmY{rH0;jn#1UDS!l`4gm!#G zT>Jj3OUoY!Khf9QXACJ8F}VEM_L$TmrWRh3w(4z{lnBVts|vCfrCy?q^&@NFodh}gm83E|oH7m6j^yv<{0?H) ze?YqOTx8pNG%#5OwVDaFWu7|B<3&h5ZIsqf+M#CX^e&=DrfCj7@e@(#GP@5-NTKca zaK^?B$)OeyA03>j4HnjPmM@KTqD>)w0nJFsD95__WtRAAX$K#bEcZx<=WlcD?#C6C zDElZw@hT>At#1S6W={~si@?lPc0L{T?Kd-8a=J(_FWK6iG%A*^MAFrkM`LA3rv?Vg z$MV(%Q@$SGR2JlEY!Ts3nY^JP>-pM+0m}B2;W>QMUA| z%Fyq*@i9@4XAZ$AQH`K^Kk1TYUsS%f z-*AV5hV+9xMMS>#83s6Cd8uJsGKy3Lu6W+v`^PMQW_t;e;)O9z>p*5-b64}@IYN4( zG%<$Mk-zkUzwhBZ(@YYnFk(cDfjy=3X^C!;dOL9xDN5N5VJ=dUfG62S|vE1J9~1j)Gvj ze)!|*+&;V054Q*J&;Iy_<6pKm`mcQhJzpO`I9!{H4V;H+#-hJDUUZlA2Nh)}sGaNA zV|`%zDPF7#%j}2KVes7$tyTdV5(^vsQm3+|Tb!2oHxI=$f?o{lcpTdZ#tpTG$^$%o zbI};+723VECcJZ2lo>|h85!u53$9P`s;fRm2mWthvgKn%SA1>crlxdheURPMyrPKg zs4i8gd5%`m0ORRa(-6ugajo}?v%hXT%0PhD1{&-qcO!+~NavhS{f~Xu+GZ@jGnAf| z2;0im1E#gM3@${s-p{<})AZi@u2~x18t~=a>DWg;#q*yI*JWZX1XycrOc9LF8g-do zEJ6=Fw>!_oQ;F`_9Zp4Z=+#xh6M`!E*Zs+qp-MVqUWgikAo}^lZj51If1yr?-<^>n zL>P(*6_AE%LC*1hqzlS*%MAxDPv4SrpWrC~keyhz-0m|b60dBvtsj$nFLJp@krI|@ zFlvj-QE0GL`y3EOokeUd9~)?YgoDaQ`2bWI*J0D4C7=1b^$0x4t9Z%2nuzrtZS+=` z>~`l>ozGS&iZ!-&|47AZRc?B9&iI!qqDq01B$qb9;XJL|b;X0f7)gll)2 z%8+fAE86Y~n{JW1-;YB#?uuz6Cejn)4maQS%tYivP5}sMx7Uo|_DU$ywp!deJ&2J0!JOMQu~}~9 z`7AsxSzdddS0qK^c+Lk0Vxm-)G*Cs`dN<8zp66}ZA|;LksYr!RBKf&N7GcBU;@B;< z{!%ZlJQAA%BBPL1{zhOQS3L=IxU$vD(R%Fq zbXZb*tdY0{piQY`j?O4A)_(F(M#8^2vY`8Go#8>YDNNvP=AmJuJD;o+ysHd=AE=;0 z0Iyg2o9$m4mA;PU^294!<%;7i0TJ`q{QQXE8#E}sOZoY`QMh7nJz;+$?YD3ZODhCF z&u=H8MrFHWI+MCNCgc$RLgpnytLM<)#YtFDEMig|`x6Hr%aD|9Q2uEkE20~5?k~qKiuy0@Lyg(S-xBv8y%c!_qbI*iRr@H-cMonhkjj6 zcHBJ@P}UZynVrSXg*F-NluKxt12FLcxgHjf<}wI1=!jNrla$pP2bewG_ODH}S9saz z`lXVqn2#`4%wUI8q!AMtTPg5LUvMm$>elh1Az4qx0uKzdvT-ePW&l(D^3 z!7H==C|WQ^YbC~G)ays%j~e<~0j=&l(E=Tdw8e~dsDRVa`P&3Z*I92t@4PPm zKAAOb1o={i27sjz3i9}!U+xD~EJtEXfQ_F7Sf%Y9C31o|^%lMQ{{7*bBZY)PRaGrd zNw#JE)NgMld-d+&C5KSCZB;cts5^ea=S=#~Vl}gus^OaxcA6$z`viF&Zwx|MiVT8% zGsb1S*&cI}(@!h}CrsYrw_5o!upSd^zx1^hFph4czw#+Q3^-&3Me^hNLo|qzmBZ2^ zHuEpX*!F*JoznOVK1P_nT()}+#2JvyB_esWM$>Yb0Y*5Fm*_@NiUeWn^YzBML^Y#& zQsKqg4X40_r1OQ_uU4`v-VPJ>AZJL0H-l0tSKCmMt4Wz^N|2Jw9`)nwJegB%REutj&|B({8FcHdG!##qTpJ4PyO4i%;Eag@v}FizbOGs zHXR=Hc>`qvyLSGFa40Xv8i$UB0C%XS7`>L?(mz*sX^W|*Lj|#oZqc|ELQ(WyPe%J7P%{eogKU#QqJ z|4g%dyK!MeeT&0Ks!jd9;XTA8hs%+obAhri1R^wmIAwenW<#e!ihurM)nkMfomPby za!h-?7YG|inEPo7@?0zBL;&X}oW-XQ+rGirvIb6X z&UlBvsu=`v-&QVo%RfkGVp&yO)f5F*uwF42=Wl;?TE>)P$(mo}4j!2oNvQhK+9?%M zk^hv~m4m7^gEy%oj%96)Dl$}SVlD3NN*6DBTbFd8E%#Emx!J3T47UFpgWaDfQue{i zX`{~$7xD=pXBd$?MU%n4q@v95>9P@U?7wALnvg#VnCLq4Uv`+V%myy%-|07+{+33p z`-OYB{1fU-(eY|)5`z(GsOO&+SNU=Z_t+BF zt6vOD-()ggjb45^skUZ#tk@~5(d{s-bj!(S7JLp>F>9HSVq2~$r-pi=1QF)xE)tFu znHFYW@yHsR=rU&Mf_azB*+T9#%0XK$=u1zMKi| z;pbYKuAn$?=S5j)v0HsR3Z2?bwymYT0Sqiwo$N|p_k z7Vo!&4mC{0H_vTTBlcnbl$oj4p^Mu4t?L|@oR7?8A{D~Yo?T@w=+cDpoPWPuAPEp_L(4-koiL93CvRHv5z^|C5tnA;*ZDc9RAez>_q}KH3<^()1%{3E`B|R7N?Lai z^zsu_jinD#&Dwf=rK5bM415$T%km|hHh+to-LK=sqt@E=v?@eXi8^ySJ=t~#Z8BYI z8+q^E`5yT*e&XrT6DkVdlzKmm?21Vfj%0CbdMW`&`c^uZ zI<`M&lwOs&p4cZGPbP673(VTe@};oDvMA=`zm5(HA5APAsWMHR9S@ z?L7wTXZa>q`FY0WdJSg=3iKbSR+aKXpJPQ1eY_Sh*n++x&h5?P)2|@WHS@(O+QLqE zWaItEypmS=KA%ZFK8$1czjWg4*y8W~Isl?<#VUVDYx3CvsIWLdA`kb=qJ#x&RE8ud z96v0TS5x5?H?BJXyMNk@gbL|FIUEw23_KWrTzM3+oP;;31S@tJI3pZ3!QM1&=$vjfqsl!aa!|kgK8=3r}xUhwMZ%R z5@}QQv#KSA65Qt{qi|G_nSGZoA$%j+x@F|0sOD3$!y{gG#0j|jL~-}ijn7f}aZs%_ ze`}Z!!BfhLw)?@ zE30BA%eY3|H9=~pkdMklXwb5W6Oa`&^FRrJ?VnvaPp}dnb%PG38IqE|yC8hkY4;jG z;k?JP;6{zwTp#6M$n~su>$Z0VJ#muX?)h`+eCN`<2cqM--WHd(Vn(Jt@LVg|?m@ZK z`{!)UE76aka{8xYRSc%buIVUJPi1Y7a%%))!Tpb_?btT4t*2Br5}M%J^BjgltBP$z z+i;qukRB7eb$t4A7?A^HY|*J~Z2=AkDRgKY*!6Dj?=wds+HO=J?XorawJc0Z-cniQ zNv36@(f!=lW(Za%#r-ir&#tCI_FIT+)Dly0Y+0@a*uB~pH5>-_9sG@)zUZJ$YKa_g z;X09gcM=5QQYRe~jS_4i4(RU4yrKB=6(Mt zn60%&23C($WxCmeWN09+Ll}{XKr64Gf3M7hbJOY(C7Y z!amv9(_(`PYB#m3)+>sM6=qoIG#Joz6zjcVZ}>U=WGPr=>vc1WwC}I9qByK+GSE2Q z3X9R_6_*hO29$D}+BG@QlRq`W$A1*s)G zq!jcYRm@HKLI2wOxfOhg+?+Ki?2~VIdxvt;A#o{G?7@jW2EThjxEwf}0b2{D{HJ%# zk_rUY5*GoNF|I|ASEmH{a{9p{<$z1$T6&655J=V67M@e)A6+L2WLP@G1Phe32+k7Z zrIRUPi{{*Y85Dh`*ll}A)-qJIJth~k*0YxFXd$ivY1Bq(CRcLf+ZEsPY}8`)qmD^} z)ez$&7V;CmN~mE%NRt6vP_BJ3+TQG6y?m<4g30gsN^$QCpeQ3hrC-Ehf}b>wJ?Qh7 z87)x+W@7k2mjKu83Tq$1@F?;RIZThE{B!=(Nsf(~E&Bt=PlCN;)3pOd}B zV>c1IP@ViCV;`TMo`qX7jTu7&1vDL0t#-mUX@qO~ayolLj;%>y#adosUnp_w-Vppq zM$e%|LB#ooZiNHzQ}K#@gu9mG#%VpkoC|$_l?P<8Z_lAMp%sJ};)qypxvnM9Z7RhM zehjV#@Yek4{VHYAE5(hQCBPT^uPnG%0~FInA|F>97wY5H5YrzH_Rq4_M;^L{h-c;J z4`CKAzoOglV<#JlA-nu^uBP;-IWUD^Q*9|3WHLZ_jFF7b?zNd-N-oYDm#MYCx~SW4 zm?Coca@`4OwitK(561a%haAihDMLA(HXZs4jY^pf0l_T}x-g6$-`-bX-YCtgX+oy# zj0B&aL0%E0P3kNRVOYpu-E+H%JH3q-51-JhW!KEprlkx7QL45GiKrp$R4sN38-3|x z1gcDM;}{h>92C9&9~|@_Zhup3w04;~fYew=1*vgjT=81_zQzBVj&#!27}m}vWxFYC z?ARTG+Gbj@nA)Rq`FAxHVJio>zsOWd2RDIg7`yk|FUB>~3r7{^*atXL%FvfzK$3^U z7=n$ByWWMP&ohu<^7+D3Mb9JW+P%w*|pCPo74sw7pn?e(v zQ*1;NN{fKejrP`vbiv*DNq{Y?S&*fg6a&6o_fZ5`J z7PNzGTMY~e;3>Y%0`y7^y;xieL0{m?e}4{5rbSRVW|T|-eaklb2313D=ch1kbv&Fb zfQ#BHFkMf^7@B~-uZ?xeX-8!Vh0(9w<}f+$@6{msJNkGG#Ke{F?9T= zWx*7kEVBJv7w?VnggN6e$Bd4kV%l+>fY)}zri~~)Skd;vHmbam53I4&(`@xeSl;Xl zSp%yWoF$GOcbcMjH_xnQHmd&Ir^6rkcAg4vuhGrf2uPAC2j?;zznpbNoBSo<+dbVs zyd2HEF4zjL;>E&Dt5FkyOkT^>}(Sf|sb z&qjww7+N;uN!Ighl+-b*=^^y0ec#9lz3^mVxz0pP?R;bn z_xVJb@ohouK~%1u2PnD5XqMUIeusv1>)iLJ7^11bn~GHE11(rm2a`e>>J&ulr(L3WAvFB3sJNB*GWMmUj!>u8IK-U&i*&+2(8tT|(M1K8l6LSBvAr zq>Nj^gm3ZXqsWr=&Cl;iF>%JR#bgkHwj+VwHcqj5uj#RcZ;Z1FYlz`c6och0t)|QA z(s{=-46S4W8YGSDNzd2q^@VJ@P{wCZT&URrG}4Z^#>%3M<|edP1BUUaVQknsp{Pd& z8Ikt+Pn4m7DT|xGg3a4-u$BlxchNmBETGM-v8|5F9|D2-02MD597u=8Xbc zeMh$;u})}tkybD&X)u_|8hNv8Ms)wPN&iqH5)vHgbu9l(eVq)kF^d>=mt+6?tt#bQ z=Y5o`R5y9X9zS!&G3>*lNNi^M4JYQ+o1a+yCUmc6301a=wwoyB4C7QHR4=uFj&D;w z)+XpDBsplql+ij*CRa3Dy^Qs}Pg>q6%tU{lBJ`_eiMDLsqKlH^*M3F0t7YH$dx}B} za4-J+p|9L$!weq!X*tpE&glht6L|_VU&fDzr$g&ql0~=%&R6}8Wii|pc=4y>gW{k( z@{V1DQ6GfTSWU^o4TsD5**}qQCR0UWY*lCr^|-7Ag??UX0eVN&R{@N2LgIAdby0Tz zL?OCRDGmXf1)e@h@PLEc)vs%*WCr5N)hj?8$*bcMoMu`o`U*!{JoS?6UIg0ee)3E7 zK3oNWiJ&!&rB8a#7zr{hJ!(rsO6;G63HyetUQcM=hg|7= zt_*&ocO;MLxNxWK57%-1QMCQsFEtxJbhKfRY9uP5_D8qr@<#*%W!f4FXuPExg6Ow8 z#yIoFEtVJYBid!czg-Z=mxjp}ki9h>CeGbiK(t5&o0e6FO#acVwe(D=^6}sLz6w~q z-ra}HO(!~~>)>C~dHHxdH>g%!7}+9zT|df4JsKnPV7kI;@h^x!gh~2FC}<4^)vGZ| z>Q4cVD6&}W3$b3RVb{Tyx^aMYzMP(hJk`2>b6|-=prZy1q!_E8$_nREeM{I^BS+_# z*Uuo2AvO}^lqZTE!YS%-!_COCWZEypw;Owl20$m*TWbVc$E1&!2AWp#eXTYso^uoz zKJc+PCM=nCd7=T7@jF7A&@F=(vcq{_o`1|hgO#-2x>@Y;DHiS{G4vbp+-2~k&Xh_7 zuFETr4BqSdmHe>2T?VCq7vi1Q>h}_NQ2Hph{PKfB7IFC3a|jc6FX+glu{`<>>e3<&I+9CoBTTIAgLi79?qWXvDs9<*RXZi*9 zD=L5J#w5s9(s{PZ?+8lRFA67Ivlko}?Hsh*wm4v@CEQ?45}JP1k<}PrD5YF5g}mA~ z2HrnvWM)Z{n17NJjH%JYzlHc{M*_l2M9!+dVQLaF&Hk6ER~KVC+w|p-HM1X8V-?IJ z+N1@MuFQa@SM!nu8)gGB7~W10eS3N zEe~#xEFu+AJZAq){|!xn_G@)#TKd#m^2=cPc@z@-@4N~b1JE9GJ1&YP=hGwdUC^T$ zIxxz$%bI1*bXcx2d3MCwe>0vWJBQ&r6(@}`Z0IF$cs;wL%ehHXbnYi9+J@alx+*?J zWs38rf8gnmfOS_{T9C+S0eKv4ssFHJCd)xK!4|6`ozucI;3Cc z)92(6*yNBNK=D&>qc|D`D-uO<5afh?QV&|j zbCcOxkpVJZ&NK9bdQuWw=W7g`UChXh~_dcL-I%OdV3 zs<&*?U0}MSoT;*idDK?QjW30^+QUQ>RX&tu@mS!vx>KmbxStd?Uuu+axJn~$J6GZk zM2R-|GU+06|FT1tfRQe1mP9i$;zEmf(_c_uuCs71PRm+;fc6+S>iDKCQg?Zje8z0G zU+M{Sqg{N`K_fr!x^-tT&3=0-6E^`c>Nb6S35y+_A43 zh|X3WbHnVmuN6skYUTCkz#P+0*FWwOPmiWXAR_6rwHA)*dT7;6gkQdo5pS^uHK3p5 z+PtZ)rFVUsnj}Rd*fw}CU7B7xZ4zer13wood!;IxsN9z5YKo@qhaF+~>1wv}NDux1 zDv-15s-2ku1K>zqHiznkm8@E8so#XtF^hi>^gl%RwS6l9@uTeQF4bZ-Il>Uc!uEPl zjU&ou!)`20r9l6Y0cf|!;>n{TEl0-n+pXJ2Oaw7TIs%rD{fAu%1@mn)AqKAGZoA)$ zJM^xa#J6~Nk5SK5}+VKbCpz4?)CY477(Lh_w`_`s-^Vf3HZU7bgLSA7}^VdfTZ;~xOPj|8kaA;zvA=IPjnGXvaY z>&65%FRP@F*)`2vz&y=sPD85~t=x-I?j~>jsh20Be+U6+DTj<3du5F}bkX*1Xhq{G zYoY1{n1{`dm(>$qp+eTE^wbi9FFJ{MepESijk`_AZKjKXETjihyd<13HHshSbJ zapO)I9dlEqw18a+nzkFIY*LwUYurX2dF|McPzP3mhcJXi)4WURM4RmeDzso|CGG4u zP1~MttyWPXlzvmiej?SsqI^8}!LR>*I`MPnbSNO!AVhQyV^V#afIa zP1LVeqpg7T#a_DV%F@XGzL`U^>?99e`^>>K^ZH5=`MjD96-B#c=4R)|YLgLY4jj^A`3n@I5Aqyl;e~Nj|btUoLH!)9Wed{(k=x^JKtjWv~8-K3Rtwta;J65h)oae zO#AgMcE7X2+-`)|7m6H0Cz5ugpA*Qt%59P|6-Rd{(v1g@M)2mIx}twgYL!C zJN`+_&94%r+ydW{O^iUeE;7xhu@x5a&bY6)Z+Qcc--H`jy#F#L0NJLpAAhR^=5Xa% zM@A?pG;?oIuI0*CHuujCB5jmdqPXp+*J}HTC$yer!x#3?p-e)yelW9`7;(V})Gvm6 zeHo_8s>2Xv>#B2>6tCk^%s62-z8w^uswBtgABt01shZck@1c<9ENOclIG@FtF9-YJ zQXRBlbN@PB)vy@JVCkt4v8;!^=EL}F?2Ccbg!=e-;Q4bpP*L2i9M6V7@M+>3-bYr(DZA9joYje$q(a@s8x^+4=>_j3UoK-e4QO!|$3@dS+)= zznq+z_Xs9QFS+^}8V!LR`1XlwvT56IUPDnsgrYfW@I&G5Tl%GzmXvl1oFM914#v+l1S<54@NfLQQUlq;y_jEoL#3DdGYJ;9i(dimDlm_~>PZ?l z(kn#K8+dxeg46l80NTSnCBBn?*<4iqQimX1Wc(%k=8*J?bu|;irJkm}aaJ$2Pfl9y z@lWsg4|KZu0AON{c(BN6*INB8T+u$3s%dBEv2w@!F3J(Mj8UkxdxjdmOEqx~965fc z+7G5(LX%&Vi))&REfg?K87ckMlI;lOD35|u9PR_%Gx*3F_^IH4C5v}|m?{UJ zVkN5qm=X(1lCcMdj@P=M9J?7B4MAjH;rbJ$@dHnN&1Tph-`QyI1$7mSP5e+NN zA5Whf+~?)Sk7sYwRat+Y3TRH#cSXQO{As|SG3^{*Hf+}!hE-L;wvy-0>El)>=QX?P zpM9hHIV>%7Mv3^iveNde=V~Ft7x5zmtw?};E@j!QFI8>n#o1-(W5`BlVTJ7ih)%B+ z%qyZdSD!;7UM;NpL-qG(o8{Any%*1kj2MC$WiFmL?EGq5 zg3;$FC0oZ6E(o)lYY(!`@QVtO#Su-=yc4u6oAejl);{_WTBwSc(!GJIiQ`}Yzr&dif$GDn<6~$9BvG+x3H)A@^ zwbG+;bheY6elQFp!8zAbvY+wUx|;4h$G7tXp&HVBvnT7PN3ua(n;Z85p?Dph4fRX7F6V?gjI7?)$(xeQxbFPUUAG zj;er#&nsE`MWOIY+8&bi++~b+k*BNunv;4f*bFZxLjnK3{ge3eb_B=q%R1CvJwiX0 zAg0%scU~i@@dBL2;}0RUGMPJRS_`seuhsU;DZ<}M4yIB5W|#THM&=4!CE38FP0RI@yG-{GjEnV2Vr(%9Ske2YTQD4_MzfiS`NOzonuXOFuvS zEY86J=1l)I027R614)trtfm^zf`BjMMy6-l`sBS!ns4k*%MKw!cnIYih)j1{CV+{5$ih=KfC5{ot*lQCaaDFbpH+ zvXCz3BOVuo;KY}G{>C`2(5t(cZnDFqU;D+t?*cDv`6>l5|2e`k*fOPszBB(t3OV;mtP zvAqW1xJ=l+BdF4(&{Mhm}Fx_uYs(P9g&S4E+56{I1~~p zXU*#1>)IHU_|9c()9K60X^Jlie^mRedkdnsQ!Z7=ffaOmudL=HlY#HcjONCq?4aa$ zE0xHb9b)8Q>_bqacJa%Lz@m`i(f&q%{O>V3e*?Ng?THMLs<=aX=3M~=sQY(>oyeQV zJ&HF4S|`vM(eXC%^5GmTpy&wb!*_B`YIrb(nUcF`E@r3Z;;#J$lnY#+0|yy)cJCE@ zH%wa}QJ~RdCKEpt41l3d1m)KD}436tCL6@iZW8e@EWNiK_fVie*-bU8zA`-QA0f2?z~>Np()UxslIXr`eFp9v}07s zA;OT)OGeuWv8v<@nTMjW*rL==lhG=iUZKOgx{?6jmEj7sNlpN~H1y`BMf8{xGCwG4 z5o$j5M6?m|g4CSd6rA0M(9W+o0S`l1$gkSP3i}xPscHVUM$90Vop}aUk^GB}NO+%A zx>>}|r-MjxP88|-E0RiUuKc!s?1+7zM1p#bP`2<$q1Rz7WWNbPw`;C@pIP`tN|+!t zI+O7jsY+?6D!w4wvUQy>haI#bcHD@5f1yzHfRD6E_dTooQmt(hADU)fJuj*XP{&^o zW+iAhNiJ#dbXF;KfLBAp=A4Sv$$Y=1lD>Zvj$6X>kwhsnoA{I4jSpg$CcZJQzJ$X zN{g6(v(dKCMCh-*+bJipNX1-U!#(vLnvG&Iem2RsDI^PWA5<-s(EQgAH}9JqKI$$h zWxdK3y?OEgy_%Tu-)p{wooMwn_d2`Qo!II$Gi*A5HIoM!{70=nKLE1V{4x v^UcOb%m0^{|3Aku|Mx8Uf8Vg0^5l1jbdqS}(q04{H+?51E-zLsVi5R0&(vfE literal 0 HcmV?d00001