From 62b32fb484c16cbc3f78d2baee60c5c9d60cb632 Mon Sep 17 00:00:00 2001 From: John Bowdre Date: Sun, 12 Feb 2023 16:13:42 -0600 Subject: [PATCH] update draft --- .../golinks.png | Bin 0 -> 50545 bytes .../index.md | 56 ++++++++++-------- 2 files changed, 32 insertions(+), 24 deletions(-) create mode 100644 content/posts/tailscale-golink-private-shortlinks-tailnet/golinks.png diff --git a/content/posts/tailscale-golink-private-shortlinks-tailnet/golinks.png b/content/posts/tailscale-golink-private-shortlinks-tailnet/golinks.png new file mode 100644 index 0000000000000000000000000000000000000000..b0625037ba164352867bbbb53a39da50d517d064 GIT binary patch literal 50545 zcmd43g;!R8)IEsFqojg>bc3|Cq##HL(w)-Xohm5O0s;a8(hVZr($d}CAl(gf_`d7+ z56sM(dGFFC;N`|A&e?mPeI9?=w_<1y@gE`~A)!f#i^wA(-9CZ8iiq3rlkJ3NG9)BY zBnc5AMVB8NQ_iZ`t>;KPV-q1er^k?Gs2lSgS9B}UP-2B_ChPit4?@ME$pLcG)h`;y0@q|w2srQ@` zlsF^9gQUKr7Nu!vR6e(M$>Di-1U~W}m@8xr#&KG13F^vT-|`vG)nJZjn|2Jmd7oas z)jn5Cy2!o7tO4eL08HWO1Z@k>bFDJO&Hr}!5XX;1UF^Km)+QGI+uc3fQ-Brmp#HxL zCwzRlQbNRSgIR|_M=vccbS(?M8O@g{q`j{ELmV6`$pz%T<(gKy@9QdJ#;U9y-CR&R z%MzoCHnKga6Aq~?5i>or$9Q-qhNjOVCF$vNupizN{z56C!K=~z#+2Qxgh#M$R_&}P z_8)$DTXE^{y}iBPzt7H36`numGBY=SB#e%JBrq+&fV0jRkAHLds~S$iRRbfV?s%^2 z-3azbd5J!D3D$#y1A*%eHW``FL@#wEdHIi+tel(zP6xlDqoa+O1Cr$xND4H{uC(=% z73tDw173a+3U_mJyK{D|vDYc+k1VcJe7FCnqDLRfAvX=2jPPELnS#Xz8ez zTfW;aEZJ2YIfaQ=TV3`jD=RB0DFp`yBgjNB=}OcUUZ%;%bKBa@%@?e%ug48Od+d)+ z$mg)zzf|Mybc~K+&DqS&#l>~lhUNP;At6DBM#tWMpUcba<|Zya;|3vbB_-QGehMs3 zAq=NHbm0r9G-Op15~?SW>(=RG_q_60j4rC{53xHqJaFM77Q#Fk86O`v9T2GV;{TkS z8Esx}%ce|=P43&-)g}C@s%Ea}W|#em8$NP#5YgMcx`VvS%84Mm@6*@U#mJEB7n!D{ zrL|ep)a2KOQQ~gPZf9qQl15?iL^KGa+Oz#yPBGjK|@8epsDZs)!Yxg zBbs@AA_F6|RUu~xgP8KN*i6a7VzPsmnA@eiy83qA^8P8CkyIk5V?b8cGf_EFQBm`e zJVCGdR4M8d)3dRngZ1annV1qyw-aJwA|vBdlyfA)H-?HbK76R35Ky?eDa?}fDjhHH zN^_uKr9G_1>#NJND<13Sy338Wk?}{#cCw z#bMB_WUps~&=<2!cXfTe#7HbnSmOFcSU{VBne%N^8*W1ByD9S7ie{0^Kh?&@;17a~ zf}$Ro#AC<$?SH}YItHHTD`gfxtLQ+ne3n^P2qBZ-uCXJhIwOsgM;5L zjeS!U>CDa7V;MLz73t{d=-4|}@ODn!ypNs?jf}LmOf?jU1rzRW_uMREr0ZaK7M2(( zdUN`&L8~zFlUX4>bEl2oTK<{$p*jQX@i8%Ka&k#pr1ZR1xz(BjDf;^Qmb)trt!)@2 zbEnGP-Q8ZbUe=2uH`m%BG132kE}U5t7#KfAGLV8#KqV*FC)3|=^Imws!BV=b$asx; z+t9=W4;wFY?O{N0;G1%1nJmTmnpD=YwE^PB%tGm6WgGA8dU^VB(KDEqQQ*(1#YVN_#90kO-*eTog z#kQ4hvH2led;$Vo#w%(rt^$<;ZM%w%`Lqt2w?CTHxbF(NxRf7nkKk@Asi=5gx}gex zX`FM|CT?HZzfRe|3-|j|H+*!P=+zyc-Gvrv0hh0FaekP|v~ATO6~}Ab zHSTyKp*l1)l%rgrR^lcdp+`+kohbEVb#2Yxo1f$<#4AkUt*xzmBF(2kr6b7q;mQ|1 zW)WqZy}iBn_E+L!W2-N4LR*V||2A`C{zzK;{ki9sN)e;><)H1GHyuGb`vNF1tzD#P&iFMY^I+uIWvWk&(r!^6WU%RK}Ced zMyC7zycaZ?eV@SJXqIixTEyDX(eV_uzq`Bi)%g(&38aMa9Acf2${^z;UT&U~v(tw1 zCvcD6(&C|)Vo9=-LBX4SHC29oH-C)WUmGp^q$0=aprM{X3XwjdlIVZm!!^4f|ASD2 z+gCnIO1#`!SNA36-+{))^`2a!o5wAF0y#yFF48ZQ@YL?;N0tJ$_d%ZvfjI$jXpVeV zdwYlXL=DZ0)1>r8zgK>o=RrNgKWWWQ_YCFzeRWxK^YY?6&2Hu$Y1-IVgyG^`emjQO zdCTkhdPj9Nqzxj%4bN&%DQRg+c~kZA0pp$o(}0Sqsze^!&atsmBF>waLE4s$+vt1r z@DsP=>pbO^72L%Y+-l91=4RKfe@d83H)mXTj2k#v7HIRASx!C1#v9$JV!$z^1=hf!6lBmva>ty8Y>+hEZbI$ z?`Pbcz9X2KcmF@ch2)(hjjr`ys42ex{{sknKI3@j&xEL);;UCa;*_Pu#j`ft*JHL+ zk0l%(gOieyUh0ZtHVI}5rO88NGSwOie|@#VP4gT{B*0eVre- zUyBvke0X?xc6Qd%(z0F2i1gn1r{(c#regMwA3tDj04embUml?kj*hx)x^)ias2H-2 zP4Ko)kYf8Q=c`ZkHSSMeHkG;g7t3KgQt?!#_^m86YEV9YAS_NErWsOc$Hu8l7g_o{ z9FBStR3a`f;kR$QCoDDyNTWNpCu`hy=bIt7m3jX3@k2*;MtjQUbOC5#yxMSGgI`la zL{8Ceud&fD)I=bVLM-&&T}QPFv%@M&JfvAI(+Pea2nzPgU7>+hhYJ|=Mqazk6YGV4 z+qj?Wnm`R>V}Kq`ZpTD*Q?N55ASpat*CIl`{Cm9a%Nf% zR;Ts^y2EdKI~Wkt*jk5YW({Ik3=Ew!{U2a|P>{cVlg9e$RU?;@v9i-qXN(RyKD)_P z^$W{N1uZ6(T#ajcEz7C0874IJhi0Wg{)M}P&lG}!f*2SXt`?Rrk?+2Ko$@*)H#75B zVTq@^7@$918X8_2nk~O^78UDDsZD4iTG@O zeyXUjrb#RtuRaJ0vX1r^!xZT($+13siS*t(%MzJqr8^$NP+3ut``N+TK!!|XqkB!- z9W@O#&#N)xyC2Fmx8kxDs3V?W<0z}BPg9e@RW%HT z3*WT&Sn2iWu$L@r5&qbsHA6*!umG$*{M0bfv0o=u=B9#e=PDuLuShPJrIj!OX|O2xv+#TCNFv(!>=rZAB9+R%=EsKN$EFV?2uQz`LEA9Rva!uP7)|sQqyKn^clhVB}v3S3X2VQ=%J6>yVS8F47Pm zNls3FBd0<~PfxV5iHwH7y8Q1fd(kjWJ|;HyjB+z8B0^s^lvv7$ZASZ(@GdRY(sEba z(v!$^>Xvu>4V8{4rmU>A(H#p|kGH04G<0TWrwbSUe7Li@akc6%mopU2r1KhadU{Gl zL(@t#xxTotxw3vt`Yh{>&95qVu`Z=24?mSz&t&Ch$DZuo{gFcP*x&u|pQ({q_6u2C zTib&nb3jfEIBeXsw0zYn5yV0z>hUL}&zP9G|6UbPp93akAee3a{gJw((S2ZhBg~ z(GP6^eH&1?f`UA6WtH>h-t{Y&)6;ug`uet1sP`$TI5-#?yILpW>PeZkDm7#R2M zHzS?|Hq*RKprfP9F33@##fGne1QPR73-1?@Qcx^N9t?$tKPC>vB_tfoF_w|Oj#AHi zD_$Obd~y2c)*TCr*fr$#_HKZ)weBWd$jE+wQE&lYKe(R)Gr6N(0~9kByViO8Dmadd z03Uz6svMP=Z*+M0GwGLrfB>K=p^2&f1O$(S-Mwdwjg0We^Ww6G#W0XuLdBaJIM0ea zCzR3s*j94JD#p~Ns{Hm`CV%(OM>(%O#WAw5;InJ8QMgGn&3c7+sGln;POYn){XZR+ zcd8WCVI%Is=t6Ll2&a^gC&!tt!zIDPo88(KU#(IA@L-v0Lw-*GKDeL1<|LWV|K zuV`!}Upwr}r;?#a4K8a|Ha30M7z@t0X1y@VF-FS8s~Q)7RTtfvZ3Y~anPfcF`+?1N zHa33_*#q$NUyGHPuZVqe!*Kij>3NJ4JfTsML^wMu>v*N1 zf~RGP2m=G-vopOG2jAXgQIxK(PIlw2IUA?V@vJNnhFn4CqoByh$RpdSNlg+e!QOAD zPGj=?{57F89tQ8;35BNy26pV~ivhENwJ3ynS7?@VvJRISXPAVioP?~{rLQ47fYo31 z`w`{P^mMICPeP~yi9}PwzxKVi0s^(Q@h!mw=4NKurjbQO_Je7G!O8dGz_PpIzr>W*UEz1(?jJKN;Rdp^K>woNvA22)K@&*pimVD2j^s*b8zV5COLT_hQ z=tS#+4IZ2`?gnhLv9X0yPEAe{Q&X9ZTql#xbae%jeu-!eHRa?Cz`x*i=44|#cU(cg zSkD`cldh$Vii)x=B@NI0&`<@kw9~50-p}-7Vwr@iz2$>*;+dWu)OtmmExaY+Hcb9z`#?J-zFjQ=2>1g>XVD6 z)SC-lAL*2mE{Vg%!?a<(+R`{9A-ed3adFX+Sjw|5nIyY$Wf@vnXged|XzOT89UbrO=}Z4ascKBut&Nxg;0l%?EL6LqTxmQtH!*Puk6K>XyqwyzR>`}_ zl0c)B2*G=P(Hw{?lgK~dkR2TvNhK%+Imqr;nHZv(hLS<;D6b@PD5@*&@ivWSjooQu z(kl{5s?D*YveHsc28NCPPk(_v{T|y8@N^@2;jlA%<%uARO~)ePQ!TeCRGmDz4A`F6 zvnCXDa_If}VMIT_;N%K9yW&wkuzsStEy;3c>w{G}l>(9Gsp?&LEJzqpOd1JC2Qf}< zT2)TRnql7#nMtMA{<+Es>=B~P_4+7Z@Qhtd!wJK zd`vqrXC&WxqOh@`Xr^}NxMilI=K8n>bSxT~cma=t?@~-+2!D~}A@kwa+T|>62bphh zDXgcjkhdcNW3ndF*0s0@p$q&@;EOad}~W2_ciML?sc^hqc4VT zU!nO)xX}D~3ypxQ#NKZFx9dXuge^@75fPt>tW;<4E|vg9x$(#!FWiS~^joRk)T*&~ zCw%&pcBElslwRY0m~47BztjTA0FZZ5Y7nvgEUtJ7YXA%?^fE zGuINmhet=b4gVE?`}QqLaGg3;-W1@)+qZAuM0*sSrFrWqM=3`$iCB%F1cCyU;n%wD z?o|cT)i9}%E>$0un(S&uVDb zArY&|aTKFU`ouZo_1g}4Xkj1-g4 zBL0IDC8lhxHL`^(+W+1Oqo_wy^uCV{{ zgD{Rgy}Fv5g1@n|)1qx8P)k!2Q<#XiGE8c3W6b_(%+ss*OLnT(P=YG6C7F}lDNSAw zGN*%rJMQ{*A)O12P%o!`9@nn6ZBwQ$Tr zMh3$e*SN5JcW){4MUipb_wNSAD}+2A<$#<8uTE+}*hP@3jG!ZuZg#y+&GN#6PaP-z z>({T7lBW6-1Vj;zHntDYHb1v6u(GoC#D^NN#?)O^ro6FX5&k>T(b3qbzc-l0Wi`o1 z;`**ZY=I;4&)zQjRe+dS0lKX|I8#d8bNrnpSijNGrYc5!YS%suY0gceAdBC04u>O?UAr1Q-=Go z?43Kc5Vl_G;$dTd$>4eTN%)ieBRuSKk1uv-YNc6GkMZfLeCcY>#I&4=aCL+Ve z!~11?Y-Mgv?<@P>dnI{3`3^FMcBudE;h`vEs?u@2r7I2qtNZcAXM0Z%kLqT<-TbM# z&GE~Le@gUKPMhRmk}n9+$uY0G?;uTUSpF9COJCD(mFZ=_tVi}a_3-qSH5L@)QW=2_ zQMJ3vxZSZ}%j>j}DWNlKGYToquu!$9pUrIjYE^vJt|Gp=M&tYHJ9B-k@w^G2)W!ba ztiE5RsOucpOa1*NfLq$uHhg*4$Z2(9`11OSU3z3_NJUZcuYo)Y3QCeJPzfC+OIwMy zMllTFXUOPyKgUM?F;Hv1%yeAN}>ijNE;Jr4M;^)-% z;STbzF^h}w{{H^K&Tph&`upX5WuZb5K_de)2dvffX9WcXp~wqXQY2U>Il5_ZBqB#{ZPUYv@DQ@(oj3c%tHlZWT!*L*EkzM8?-P!978 zRSh-Rq6@UhIuBtgjf|H2`c!ODRZixcfy}ubtmelrC&N0oYH4xW7=2FqN5{Tv)50=C zI*wJp#UX(>G&!>g83UMuyWesDG!#GCvR(VtY=`L2nq-S0=LLg<+GT?L<`3@gnaIYQO3l@ zMJFUAWn>(W6=%hg2DKS<$8kmXtO&YCX{)O4WXI~X7!~sI@x=z)ssAh}5S&ZdohY?h z8*GEq^P(9g`ZFjZS5;{rNh-}Ei5T}ZbEl=cXU4udG*hj;T=mDB>X@$&kg29 zq+hcIHvbzbV~*~q0V&11l=ung(k2o7Jir!@x2B8>RViMhwrYTc@a0h>*47lS=b1%a zt*1_Rqvw;4qyV%4#b;;dq(06vqVSO@{S^(X%fzINzORovL!K_8WwLy2b7^V15AE3F z`}gnIxX~At?#Gwz$Ls(8K~+IG>2D7+3&(TQx$AI{Zqm}y4iC}TjJgNADZ4s5lWDVm z{fr^-4-W47GS}GOpOCL!b9CY#Auv4+97njy@635?GL)U z$&<)>p%2w{)cU{&7uVO{q=w@%YpY(oVEnPa5`R9U&w`gaOe4yQ$AF`dr);j1ymES~ zQEElcNWZ_gcd?qX%SdAg`Ueogt>wupRud>R@WAbIp-yX-CcOVRPW?DQUf z$LneVd=Vq14s``Zx)+*E!e4|~@fLMzh2uRucq%JIb!zA$B`Y+ojFgq-Y`H`651A>?W!fiHEbZ zv30b!Ygaj4`lM18s^+E-%4ZdqXO>5*NTo<*kj8Zxu^=vbgeY;MqoSTgX3rdN23Fe$ zDZHk|mQ3q!Z>Ou!yt;3!a~o;8l=JE8WcgDKW#yJ7ySj6$Pe$TtwY49TGXdUob~0du zDqmyZl2HdXbFs+&eUf+07Tc@``?Ab@WUD1O4umx+2?<7edIDafVk5@-i;oQwDc=mu z|Bn|S(JMAAY^>Jv9O=3n)ObBx{Z~G}mduvyT=n%+M95t)P9!1-u|K?g$$?8Y7lwZv zvUQF@_@&zB`Lk!IJ7FoMoScC;jCdS&2J|CjinQ3QF+n|Cx|rS-RYj@{=+X3H;!yC( z%UTIGu?q)b7giTu(2pOJAX7-68R(&$yScd#a{t;MY*T1``-9tadE@ji%Iy!jQcbHb zbh=tTs5?5ANaoSeGSD(T>zfYiSgJAOMlC8T+TY&~lo9_D9Jo%5kMGS@-`3U#VPLEV zpXzZy@+gB-#Cm9i*(2d{uG?gaC-b6XI#uM~rKkhDUgx=+d{)nkl1#%EeTvWN*?ph* zj}l!ZYs|$`n@9nx*TyK|-&A7*zMh^s&y^5WhAV^lR+nY16vbrute~K{?u=K6-NVzN zAr974??Mw7U_ar8Ge$;6XD2S_r)T*1_`}0PkB>lPN4NnEd};NU?m0GRr!}uwY6TRYHAjmxmE71!-6^zS&9M8 zYn)PfeCTD;C1c7)?GqFx|fL$US#J+oXPpqeYzc}1ofK(FC?Yb8jQ^b&$ z+u(j=Ax%Yyt`gb`WbS8Xov)jG7R;#~Hz8Jpb7=xuT$g&a3B=^3N!NYvvGTrwMt)M# zStSxC>46Y*bXW(PKoi%f&EhSfqcbC`YhrAC-0?ZF1R1%c?MZ-9 z85>>@RPjO*xouB&9x*c)@H%h%9E^o3fP<1FM`-J%xz(h`)5&KAnWNr2x{$=SbesX1 zJ+zjR=@FNb8eH_hc4wdtY@8$a%@-AOb$74JGP{MeEjiKA2PJ0dp1&q5iwE%f7&vHC$SBYWg>XrOXlQF&+wV!=oGhGz z2Y$XQWGH%1_;1fhS$-)K8-;>98c#s-qTT7t(F*WM?lSvI+lA%B_2-avZr!>nQ0Eeb zIUlRgvX#hkn*XAnSL-ckyHZdU5D*BUa%U&g+T?Frm*w6LbC%-xS%N4eKub#o28PF5 zGb$$cl-Q+bDm~*!5i%H|BW{%lAsUaL?? zWGUs<=;ggLF)=YWe-*w6izTia2t_dgGLi|_xa!XoS=#XM2q^cz4#L}7Sy?$(A@SlK z1P6iX_yCQmjJA@GBAv8^#E{5iLqo&!Bcj<~V<6ZwGuw~+hG{Hya?&WZurx7Q?MtaT z+R|hytF2|)b|tR8{L(xR%--10FzcD*el%Bv0qm~Aa=EmNg>-XcV*)~KMRoO~^IA`r z$E^PqqbfaIJBBU01Xx&^nXT7=lrZTeBwmZ%$EcN_kF-;FB@cNUBJ|8Ll4D3N_a*R{2$wmY-Iwd)rM4+iKL_N<7iYNtjTV8vV zc}sj4o}QPt?%e!eXTR+3b)E_x!Gl4>DSJS67YGCQmJgJa%MEWC<8}2)HaC z2a14_OqrSkNF=Qz8Y*dlf~*0_z$3kGkC zz}vcH*IIkknBYXq!Nq~FIC+H3Jq1f&?kUbsO9_K3Oa9!*LQopE4{=Mf%;;r}9 zAeu>Qr`!^*Wg6Sv);83X0!Ei;W*yflBar;4+va|O?)$HY`?EwigoWR~S!uX%$wUSm zTt!6(Bk7++Mk10%)L&NI(`2Hdr3I6gQ_r-gKL+t^4^&Tbb8}19hiND$8=JW`(S0Zh z2&fpPn30gGF~&!G0b#fbH}G=?4%O+@MYl4S6L#-l2x?Yctt>A3LFI&#H-ss=gITkj z7W<(m?`ifkM-LB=&fqw}VhvE6+KS-N(&9aFaZluS?f)yjQ~y(F+*&k<_;f)gr_^#H z4AiTn58xczsyX)$e*8dm;NcR9w=1aQ+}zxgGE$Spu0VMr|jyZyX$SI9o}qnY>>XLWGP)=yKLMCaU8-#n1k&2NwH^j(^DT$jG(L zYOiv_m!uE%qtEq;1>A~_x2J)ObbEP8M*j2Co9~J%^gKU^;X56Oa;A~!pQ>4yIynI# zBjb7Dvhn>3*Wu(q9eaPT4HVCssnU=!i1+pmE_Qlc&++dHdAu+m-rH8bsD9VD&>FhA zxdDYPeXB`Kt^jw3?GOc%J9lmiUOMz&T_V@2{VsNPDK9BeQZsd(+?)Vu8*t=xDcUPP zbgc?AN5FHTTS->xIi_6ob2dQYsi>*1YOTGY;F9q+-WLt6Y-sslp`dtE-~kTL zF~kAnnSqw}`(ZQg)GHnL<)WAv)9oE?nM47O=bT$31qDXDfz2Sx9{@iJP2?uSet602 zoNn?@NPaKvO|<(FY8=ZuKH}3&oc}BGXgT&6wqf+-`sPGu3n#igTC6iye58%-~|uT zY?s-a59nT*4VO(#@Bh4yR{17`2%{_lPYkcul;e5#R9}i%iM<*1r-na&ega(i^y!mI zffhWmUST;18HR779b7Jvg^I>DZrwQ((=NxHC7A_nwOK*#&4x&lFFO|p%)K4Lvpy4g8a1eP7B zleAH~A8+w{Z%rD}oTz?}W7cGu`TKWuCye6w@fH+EKFN>ub!}EHb@+U|t>MiC!a$wH ziR-{J<4TX%Yc2nD+JK%FnV5?;5Us8^yL_7Ug7IJM4R20B@&)Y)ZF6|j@-7dUe%#%= zF7#R;z+RQxr4=L=*jG78w~GW3i-rdg@p@f4j#%LYrYX|h`}`U7m>BL|eLk%>GND{h zTZ+QLsRPa0a2>F4ntYC?mR6lsX|YDx*Sh%Jl~rAm>712KUT62upGtOA=|7TI^YN<` zs8_hIEC0aCQ_cb%5T`Rv&}tHI^07do;OT(G>)Z85@pW61r}WW{a#=%1M@}I64OGc& z56cihRKA0Jz%{#GpjCEtJaY{7ku-TzYwJ3Y)Ih+xs;4MC@$j;-`3eHQco`;rPF<&{ zv!mlwk^4vwfmemgnmm9rL?2j7{(Wl$z_@m@B4VqcFc3dc#;93+0@Bm>?*xcGQ0j0Q z)ps__W@@b7bpxb^6L+JcOioT3NnLA_N5Vq90Iv{~UgIMcqIJ5*y=Py7 z+$|PLTtj#G&++MlyG3BZ}M3NEO;)LhtVj#?0K@ZJCz&ExOnU?eW%4{)Go9K69(|5~XMwoGIx>j(B1Fat%#=*w^ zrOI#|LIkxh(E+na$)ZI*CIxM6Ib~%dYwL^}@<7S7$AQfi6&38kghWK(H;v=__HRjF zg0jDQ#Z|9x6x7u2?vQ39w&HH_GuSM3 zaX*b+KncNYFx0Na=AKJ0Pfe|^p6vbe6CxfVdWOVIsJe8ULI1~(AIHaeG&D4Lc{MhT zswY`2CDX!_X)g}$Y!1K z6d7RED01kv+0p_ff+66)QB(wG8T%b?Vsw1(N?iseQ45P*I+2&;^z`5<40yuHu5WZl zj$$@AU@k6hbH;71u4Wb#jHIGU4*BPE9x zNm#EOc8;6+`y0l`V>^~OPgis_RId4$d)mj_hg;Iy{B9$;$beCFMW^9IcV&q=NX+N? z6Sx1IXQrnwPb|$$RS?u!ZzsHeud+;b3+bgsU)1M(BqVDYTL}qKSJ!!;RQf&@KTqxh zrHGYVNIxwzV`FneAx5Ca-QCr-)T>Pzd~%7G)=R6iL47JqF}HW>q?lAd803tbYVc)6 zLNc+xD!cukKkY*1LkQZ9U2ByA$RQj*i%5HKtXl88Kf<%X!GrQYXa2u&Lb?>S`-tVu zRgqli5m_R8`4j(rv!jg3E?u|I`QJCyPrj!7FE-}?ukIe$*WyBYAI0Z&;WAU}`Q*tH z1R01!OC8Y*n|2i!U^kJX9+;V#X=++@%t4sxa>el=Fi#TdKKvH2DKenskD-`*mT$reK94%Vdq1008wcMW3p*% zGHpOIrtnD}A_-72*u5Wo684n^MC;^qB#3Y*hIc%Z<{|{!tb3C5@{LFDO*GTtzo9o+ zOJ6D5=4>Ft3x7#pOHEC+U1-s&aXXCX#NuFQm-^094@TndZYD~~#koem?NWZ8#)gJu z08V#>z?&>4CI)HCd5RpC>vk6BSjs-UvtdUR*qJGOUHG(LzIJGF)oL1}7QiPtn%IZF}3JsFszlO|@R3xE9@{q^pZfdOSi8zHw1X%G)= zLYGMJ*Nanz`ygX1FE5k(f~yt`LBJ!xyW4G4G-T%Z`gIG8Qz+q!WaXShLGN0CD<$S5 zoEo8;Ob~`W1nS1hpp+ci3N+9D(Q_lmEMaUmXgm-CUSwhW(Jj|v-6Wwn=6yuor5X55!hM;6x2qeOA9@rLzF!_iv zoKN6sPZIl&ZpVYS4$wCE+kL+R71$Unf-=d@W)!7_j7-mS{T5hHG=hR8WDZ-C6;J4u zZ7L>-c%9&f$Yjvt!D+wTIZ{wHC*_-r=0`Lsy_)Eky?11v} za&Ybmx*z2h7J^4cRYL=Vn9pVLZx~oC7&lZE6^miep#tgqH8ixRGX|<(yv}=zZ9wXv z0RzO%XA0?1*5hikNv8b=@8pM0B>Cn|M8^^XPRG!Y<6x#7C=87wu=~Kdd;5ue^f^x`@__idJUh#x-x36DbI#laNN{E*tuLk!Cfs)j`$|JH%?^I{Uv~;@c0fcE z6B87^MqRPc^%0EuZ>H`VcB0G=Zd(}gy*;~+q~K%~gpnrZcPrK`l1x*turmbF`f8}B z#~RF~c^2Rret-OEYM4;KV{~$okgFDopmdSh5+A@{e7G@&h0DUm=6wlvJmKO;?{bVhGNH>aQumKu>QDuW!MrL5ew>#1oqigLUpkI6Pp1xqtAu1)XdE#x@D&?_^f6XsywVj1b>A2%BUxDp_)ymz9Grd2;oA!i z+95Lz=>hVvRk$&03@RBV_Ct<$B6VJu+S~3sBS>0Ba#%6(0-k3_n-hG*GNhOgxiqzz zqG3y_P(J3+ND@vOg_Q>H57)VAezSu81#!M$g5@TZM?&ifEq1`!nVSc_FoJ_O3(uJi z+Go)H8jXr{-jb6^^w-yu(b8r@5`lh(8>P^3eK1QwJ`0=7!1})}<+wiF70(NG*ho@D zmLmSsr!il@zQ>e=oaTPSke>m+SmnH3>vs4L2nq0*ofZgAfO+xo@w;Q#j2Bvhp%crc zDkf%ZzB$l&dwMEEh9sO43~$4^YCf%M&~^gF_yxELqfTu#?0)X?KRzM_mFQVnSs5~k zEd`#Qo?yx#CL*da?je?uk*VH=$a>=v>Y_3%8mq6bhX>Fqvzme^#SyqYRp(t-T}^nS zJ3%`dRD5k_4Xv!eDV7MWb5?T=pSXL0S^&R+<`P8G*RPm_yztudOD86=0*?Q_ErTOs zI#Qgn{LlVM&u+`r<#}0pR$i+vOC@+Fr<`XlFZO$2PsZfsF-~jC$=SkEi0+_|Y=;gp zX0_jU{iMO=49|mxg5pz543KnvTs0&_GOeMbU-u;RaHPS2)%{=BA|zy1Ibi zXlfGH(o^_GF=_D_wqt{ms+`%$Tap;2~usWOWX0<9phg(1T?*HJ_LjhcFXB++B9 zEn6wa23g+5W(S5WQNUADZV=XIhEzZ>gZUvX8w|vw)Af(2PXe5=3VIl=&J*1@D*Zc@aC8e`3gx7WZAjB z8IS$0Ts7ErIHGcp;~|Ja{SXR><(}t9kokQ+emsB*t9+I$RHbNP14CIWmQ54^bk@Ko=T-`>TrzSz6SG5Bo(hpiQp4T$S>%>HUUZv9YmrmahTa zOgI1iYXZ5`r5#WBZ)B7}_TWH#g#Of)59rbZ!bxA#O#uR|bQ4Xgqo4%Byf2u4#C(W>F)}ca zQ&0f5U_iJ)_y9jasDYJiR#FKO4m^IGoXXS@VU%r4cK=gJ6n+m%AIQt>oM74jFA>FLy@q%ZezqzC9CAJ*j;6hwY@1cXN<;$`~E-(r#2NE8&(}=U^91ys=WxGt}muMEjA29*L@yM5OJ4`3=J)3 zYA*p(z;&9zFfU)M9fNcxqC}=?(wct$bY4u@1kVz~5=8R1*!9DbTp-};FJZbF$)~QSX zVaHA-FT30T6W@ej)CoHNQ>@T@i|Om*)3`I&2)h|l z=fc8*_sN{!FjopkaREkj$55&YS6|XAWDgvmTcxF?&CSiAVF8)o{^H=^urX8T4gAK! z0*Y3f5OQsI25UXt2?*kxOaA@54~6}rF_&&FD7ry7r^|B}=I+{ps`m5A zXnhkCZu8+>=DLgU#<^bh;E`VUqVH1a`E)Td|HlgeS>o+5^cDeQe1y0=eh@XnTEgGcRW4FyDsz$8?SR`RVEA zcu5YhS%B1#biBO0U`KEB-G-6aVJ@i|D}p3DJw1Jr0EUl3`<1uS@+i}GM;mHgy0TD` zi>TV`fJD1{KDHCC8@qsloLv zu*T2M>RwbPC+l@YF}ge>k^&F(cnLi}zm|JjJs_D`Tn-Kn7o{Yy6_NRRczW7~*vQE} z68=Jp0G8lPygE8MDg~bd0JxpvbuMd$c zRelYU9ke=ws|vh1+1c6i^YgGULnA~XuRvSQby*BOL?mecfQBdX?wl#0q*hj2?{D3? zds_$w(!gNx^86U<@nhuz?ajr-)C&3q+ouEs1n7SDOYM=6Jx%EbQ>*MMG`n`hq@}x( zUiq1snE~C{-rR&7H4Bh$&ME^6|B(7$i-^FpD=I5%*Lm^t@Qe=*9>6riOchijPO7tW za-h>=aelsGWgik)1;_)@al6dBF4aKWp!GgEHT5o8F>r1WA~6I`{xmhEW@fJTr@bjG zEQCtQXtAjR5Um|1z&suTIz_Wdad8C1J9dyg?CgMkHOj@piAI0ciRSlDAvFN(2Pjfw zyYO0DJ3*5Pgk=|43L+v+Gs`YFJiOp?fGTo^Dowt^?a)jbK5(HP?0L`v2rPTxo^bf$ z7BtRlQkJOmziYT#J=M@K54cO3E;lD9?z#SF>g#W92Kab*fbz_U3qcQYJlT176C-zl zmBVO*^+g&-Qw@e8KPovB@P&Ccpfz|T6kH|%_yE{}kj7#Y-uFo=C}74!oOlRq2rL=p_D>9l%@S!8-VWXuN-9x!?j z7r5Q^H9B(+CFW-jeg8+MS{U)k&rd~J*^C5R&@r-ODPOZ9-0P5nG&v=OLx)U7WdxE* zR2;~Mv-~4RpYt)HvwnZQpl-VQrat&0t}ESCojQVplXL#if}1b|!XYFv8tK@<_DIX% zpdc@ZhyGYJ0H4Ds{YmbJ;Ko8b3oIFUVf+_%l)@%ZQG-R)a_g%mQvpcHd3n%@+t~OD zYs-ZCE!N%LJ~5IPFJ86Ij3Du+9#%7J*m<$nm3K z!N$ghXduqB$ad$cn~zbr)|?=y>_6G-U~X(|#31DU8Xo>J5vAUM6@~(qH>Asjxw)jL z4nVU92C!&C@SZ+3O?Z$E8`uIs!>iAzFC7030tPo^eJX?rI95PF0B8lwZ*wyq>Wvo| zF4CPS7|JVr_jWxHIG`UTmJ^&m2z-r`7V>|>q2qn&2qFp<6_r^@Y~x&cW##;5*lIn3 z*L+~I87UbL%#P!DniU|koKm|u5=ET$?s;0z!^P#L|kHQ^sY1+D4JBLXg~ zL4ba-eRmUkpaHSzQUZD}#s>nSsfpt$=eW!$3n!;`k&!e|H&Ak-A|favB_Dj8-F1Pa z_vq0hkmAgKcH6t#ZQ75cj^L!j-tR0oV&l_5VXE3D0ckGKasyKRW>b#OF7uR73HN(pEb z?qdAq4|^DNm4IaR?|1W)uiZO9t)k`ySnw=0tp#9DBYspr9(gTrgcASYUaG8}%P zMBUQVbj;xQ=mhk=DQIYP=(5+}VQ`!Nw^ ztK&@I)em&Gsfhgzi|$*h2JaD_$=^lflP&rlDkf7!7I|)0c^yBo9`jNkQkp&-+`e`TV}qPlULwD6CfU!BY@hK=y? z+Vt80^!jw0!uvU*eEjcodj8?u{jV}H$cXr_dpuJE^S_~xEhGJJAbwg2{a2uPIrZ_s z&+mC(c~9uSLdE~R3!J!+`I3q#S79T)U-wnpysh~}F4tf{B1usZ+y7;=;}g{=B@StY zp&=#&(#Wm)@0>QT1DmZ%cvXjgjW4Oirkkee2_$xW5mx)8kM%zEVMNJOOm-z{YVuDW z!)7J>)L7C*cnd>JgZNPrG?wVm&1O2AACYYMF@>7~zV;YOHh-L0C>kZic6`NQ9U&^8Snswk{yq5N!?vuPWA2DqDED_)2)z2?G(3JUaAq^u1J#UTUo~C@G#}g@w z-Mr;6z+N-H#FL}iiTnGhUx$9_=s8lf^y?6VAkLr}cn<(A! zyLjACC^ns1@15Vk9VJ2}dc)v*M50ktg?j9Ey-+exefFB7)z*V7T5a>=Px-<>zwbwk zRgT}g_0uc2u>2?O@9b=bj(jH}nB-DgBX|N9{toAOAqD#NP1eaMZCOXx_t%~ObdansoQxOPanxg0qE zvrF;`|DUcIWzYNZBCL=$lo+s;t4LQ&W7B2UHAN8>C(Y}>rp+ZW+bb-TvFS%FgONN? z!M5qaNv}NI|KT;FqMQlZR4D!R1frk#uJ4+Jtg9($ub7=ud=+_~*cH{0HpKL|J+tTM z{=9eXiTCyK^;LbZKm1HBJDd2$-qq-6xtmpptMmXEIR#F1Gi?|LRFh<(dB%nXyV5B~ z)xgMZe&<7(uzk`0+`6krs_y*g>U3-kt`RAZ{UTnTGAzXbF>cmg?+u~_$y3QCQZmuk{XeZgX3S+jNemxdic~K-)O-iL^tH#E{b63`n2L=f9r!XRUMAd2w96bIt92-B;{=?fu=KeF`GRdK?v&@sHj^ zZ`PXTh2Yz|*cV25tm0SwL&mQ8UCF{@k#dVfh-{}2GUraq1|dGm`XG(I!kim zG=NJ{o%gXyXI>3gcYa*o!ANn{2&svYDCL_@iyE6$OAZ0y0AXtUIh-Nwi$4*_HYaRy{E0;`76kN__oZ><^(uhMX!Y(Xp{v#epMBN8Z?DxaVov z-%Z&MDk`5o;S?O{406WSd7B326i4JOY?M#*d0mCis%mP1TU$6(63tnk)oaO%-%+#~ zId(f7x&Q(`Vq&u`Vr#K^R}W6ol@Q=v`6jlX(LH?%uJM153+dd2Gbe0GC+O&}_ORH2&7ZM{65@d;6zVp%~U7oyV-mhRRM-Aq-7$w>uVehY07$ypl(kfAmX_ax^$d<^s0Li&LKt znl{_5!3^pg+bL{#QwiU{|GD5=z))0jK0SXmzI5=t_WNC_T=S};5_|FN`MThnznz^g z1?L@+n2`2Az^wzw7f_J^cv-JR1Z{W>oEz&kF!Iqprk}k# z2Lb|h9Qws2ta1BLmdsJjG0R#=UG3qTy>XbTDA`MLJmcUy&{xew9Hh7$C;^B-LyLHr zDt&e=XINxcNW1Ai|6NgWx^8mKsCXvX4!l&)w4akZ2j`Tx`@`Gr-qOy{EtdY7n-P?A zMj7z#mW*0tUf8OQ)f-~=JcQkXDtCf{K%JK~R5I6)IIJ2`a)d;ewf}Lz0rh)^0tv7} zLt3t$quhpu08T}8v;@)qITfez?9WTX+|NA}U^IxN+9}1Fe*-2J_V=?p58;ba<+M>R zo_mKKvuI|(N%b7va6e#aJxK^RbT*@B{i48vWFG$geMY-5A;Ol4Lops>{s91c~ zFp($~YS6~k71ua5SXHQDsXf8HAj@~vCXY#-g!v1q^5*)KP~tL`OXA#?B>@AX^p^pu zL~LQ7Tl`I2_Ak8mrm%Atdvf_|dP#WUKiflHrX6czs00A_uXv-F?q<30DlqU2nycEY zLGlvkr-4h0*PfVn@UBNT661)I3lau&*Xwcv1F!)Y?A?zu2NJy`LTXV{-c*n>)C+XG zd3PtCWB&UQOOjaAjh0s6%9u{@2{K!Qr0eK%V*y>+dNTEiW_sSwVV=BgKO6)NBlG?- z!WdP=uuG<_z)xn46uxdh&@m3g#$K<-i8!~-+Cs*i{W-`ad^a^!RJ`TJ-L0$jW%$z3!(sY7CcP9^lj^y7 zJnWXs@r@&jJ5uf^I^oIH)&r{aH0%&g!RY$F9TM}C0>1!CYf+-L{!xYuV3G2AadKU` zd%po?54?~sQAsH#mcQovibtw@RoIKN`GrW%FoC_vHy~B^ktkl7MdcAq0@It=!UJ1N zKXb>~_b~%bJARfAAFN@8OFs`3r$rK}TM9uWCgw0s%V(J4H!!WovL$&Och{zy8btuM zrJN-#NxrjZD1+?oJ2MKXye0iI&fsa~yeSexWLWpk;q9|8Zwlih>Q&jylwOn&6WlYH zn)1It?oc8uC|1B$!l4-US)MiQ#mw*|L_&lyl2j(?A$>bWFD>__c6y(sa$$UeMgH}B zN8!ZZnxqzGtoE+Xh~fsTS;R}5;N`F|a%hKC4-bMOi9SsFC!WTVMS88Xw|@)Hf_l{} zApvzZQkb=(hN44FMjE1v!EDa5R)~7+iz+9n2gcFmMmV(HXV=2sHYmv4Q(B8O$&7bH z(~`cIo1@{|PAvmYen+8s9Jd3vY4lRn`pmKA&7W@jyDvzi7z>rZ#=jZ=VIHjk2EjKw zJ~zVm%{XqQA@%8-vURabYXpn$oMjD0=+h7ay~Nl-n{7fUykQw&A5d0Rz@LrEs#Fg- zic@t(!J6z#zo4ahI_(pQqm)#l3GtmB?HtHu+~`R-mOauC#CbC0(6V-0Z(*UVAuA+! zpJ|b%QprLFoF|Mn3=2d9+$1s%X~GhM(~~o!Xu%vgDVPRWRF5U&!c{rbCGS3lE{?dq zA~9@pi|Sc3IJDP}|9XZ=RgiJ5Hyq1hRCITRvn0xYuk{`!VUA2}NVQWdyK7T;)Icqx z7NyLL&CLoO+?)4VI+=EvZgCLo`KQ>u9B?rPOr&Jzww+pVt8=+L5X>7{_ij6F0rHvT z-~)2!x@l{q^HlSj_~o{n55ca&)Ul$6^8Nf`;bN2gbTNc+`&JZW5E-ynzeGsdi_& zR!ahYe!S18BC+Jzu-mYf^(b_US8+`}i zXF^Dfy1&23<5+%(z-fiSQ1yF97JeS#_>W!cePKcGbUBtk%t=6THr97f_#x_$L}e!H zLYC)paun~2oi2(s?|$g}Ju6|#O#vfw@ScCIp*Y>Y?8Ez*j$+2NR$plMa>dlvxtq>* zdvk-2vcZs3L`*zMsdFjLHK*Yoy(VX(a*(U0)|cHm@k)ueJj$IG3Hgi(OBMo6=%C$Q zT6(5rKnV4&7ZVSYXCO;YO-sqlTK1Wv!})tBhD63ny%u1uTfR@pO{)=`6@R8Cc)%Uga5Wa{y8r>-a&R^aXo z?cVB+AjmWOoqs{t8MOqGm5%kgQPnx4KaeLX7CbVjrHq!(`?_qA$u}&CX_;v`tTS_%wSzMVOtE_@_pD)x zM-RBipJF;KM!Hv%R%_w!&Cq?FGsnMsHxhsd$G)z#gfb&jnfb}17+5(?W?B1Zl;tX- z(7Ld&j6g1@$`?Jpb7ly)H#dx1DHq(yW1X@T$hQhxwZ3{}Q~D)9T!jDMgjg(ucPD9w zsWxZ|^Lr}AtyIhbH87ZvZi@s9MvbL>fe#(_NW!xDoT6WG-gDLzh{E6>&faO9q9Per zBKA|Alk!Z>z>ffq%z?E>gKk=SR%BSn{qbQ8+Q5l|lk5;D_frLJ;dDN0HElBkp5zB~ zpRp0M24^B`;2n~ok#Cp|53R)R$+}Sfl-0Gml#|rX~lo9weWngb9s5@^0K^cW)a?m)xn`35__R%EyNvOC_6I~@SJUKF3I?w)H#3u+<8+@x?)v$85Q*{-gxj`_D-BY94I0>!Sj zj+eUZkx95`|IXqDCABZJ3tyz;%xtx~z{Xneqz`k1Kad&0?=Z!k-u^U|-i1S7I4$-q zD0Gg0a@SRz#Ou8C!N@+;!=Ne1Lr#k%YHWOJq#$_Cyecv=Qua5{2OO}xH#;9EB#zorec=msU> zY}AWL_e9ALW+|;+p%ZOwzr8euB>zc6#yp~d|9{p@u@tb&IB2kR;8Rl0&w)C@Vg&^G zRg{zz@@yAX+| zz33q@Z@A}gPAA|X0twC$0=DXr{0v{}6pMv>c@Yp2l1Fvf52sRO>+0gn`(EtKgp*>l zex@u&8$MpKhy#Ft1sF?MRU5sj_bW0jr>F{UurL|O#yUPTMW$-T=M{A)jZb;J?b$+3 zZHEW68ggoFnPe@!R5ZHtvTwojsXe6;)?S&oz{AQlC6hqO3UH5G;@l59W8a^ zznY5=xiyd2cBT-AxpPpu`8VTtaC1!81*xLHPx1c2^Pr)(bheIMI-9y?EtWP^BPpCV zD&HlM>9gjg?rECIvbXxljc>E~;(WWk$WC88xf}WH$GO@tg?W&EO=L30&{=bxVZeG$R#l-gv{3;j1o!onyZwezQm(QD8Z zdypwJp?=O&RxxZ#(=@Q^Dcs%DgIcM!NG%c<5T_;haPzmSr$k}^EE93@IW&599Nt=| zBb=zMmB|0CCexn?S`#P&07^Ye0CgC2bI&NYT)T8)i;7ZMje`uULn0%@=Z-MsoOj=P z$zGLP)73tEwS^mg33U}u{b*38T{kg7WZPI@?4ic&?|cNfmPB`D)VRCH;M>UTTs!1g z+DDnhDdF2o>>!(E{6eTsJ&Xv3_QR4J;XDj^{qa4~=vKZWp?EGUE@MEuYqUqf=oUE) z{cD97RMmf?D;Nrle#WH804-v`rQ0dHA5pe=TCgPIg>^FBU$~ zwaQxQ9wYOLkP;};vpyaU2Z3}{K|E_D4t;XZ^yDb7pqSTr=o0mih!JOHTl>MF@js1{H1UdnEuOtO-Qq8mA;sG+tB=v^nN&;$zH z-$BLY)PCpb1Fs{YFPew!7qljsSe9b!3yuZ2$Pi{RhV?6}B-$ggYcMo5-X~m-ETUD# zCjQ+mld5<_+4Pe5zugBAwzK=CzY0eGPNwvA5|&XFwSs!OR3Jj83M7I?<`F}=f8ryz zC5?-5(hwsgUDf0eHFc7%VG??2QSZ#hF|yCQp9|m<7)PnCC?{{#Html17cngzNOK@g zOSWhz>VM*~z_f@YNo2Sv`yw9ay-+}Zm&w1gE<|8R35L*!`042EY~Ah1<1*8DMSS`eghMHoUR!wZ zLr4zK37EeMH(BMF79ie_(^GvE$y|XNA?JP^7apG#z+T$Ws`{`4dapGx(+vugi@52 z_%V|*bo+E5$`xS2EKy@@TprHn6#5At=3{^;6^9fc5mwHtUxsz$TPz9gOqvOuzH@I7 z73TfrHiLjsIY`*m=<{?(mRNh}?eQKxNE@&Q;!}2oVom6J0OL1SpvsOw*rg9d9veys zlH-TBp43!UYzMM??kdFP745cO1BWcvP@&Ttc$I$SKS97nr~HYzOf;jo2^ZAn4uASS(Q1P@HZ;dpfvayk9X?ije{6J%^$rStdIBP$ z4_DMh$sU0KMNBLYepB_)fA3e9(Y*<_L=920-K88#RK5Z;MQ;7@LtR*WoT_g{ro z(Q4yKo5%E;kAwyH^I0kqV)s_8v4~#vCpIq+;!BM8DQYcwpT>4w1!YH=>GCCd#6VIM4YFJB7s`L$rUzEr8NA@rv zHJ+TuW|-;LO$gSzA;+wftzIN3zijxS3(4zMcktKQdG*T&VqP^x#(x_GfNOQ{N)r8A znL3A|zuQ|Wq48aK)kqSfd&v3wb%xfV4b*ArF|t3?5F1{a{x;tJHsq*ky!JCZT<@{9 zYba-_UE0K6Wx2XIlra*uHKxg*+-Jz$s+8oBia)^361Bo8D7|r&Ln=f672Yi$W0C8k4*h!^x^9?{Y{8Wff zLZb3U7qxN-#MM*NQ)y{~wHUTYUVb4hRuTcHsrq$s2#ULI9`4^@I9C@OEE;rD><(O? z{RM9a3HYAasU};Z)Q7oL37u$YuFs!8({b{iK*y_HN=pBw?<=<9QHwE`zFkQP01ZYH zWRDjPL2>Az#}8#+q_zGGjYDi8#s%{1j*xs~Jt$PQs0jayh&seYlv9Q`6P58@R;lJ({}-dV=Ai(V24o{Ad-Px4 z6o5-PqPwS5%!yQH1oFttaOY7f>g$uLl%P_@q!mquK}!7A_eV&AZpO!Y@oD-7{ z;pBnMJ^M675gYwiN;y_gH&e#?OUwAfFn%bHvWad1(~=uhb?3@E$t(h1yxaG#+d6b4 zMS&&$K-cT`iZn;s$DRz%9&LIHT=Y|P8@dWFm!XD^vLnw zURSnM5SGw+#Z;YJ^@13e#k?xlLe6K7Dbk!iTSF_6$UTwps+~d*B4ERp>I2c|#8XaA zH(Q6cejfN*Ry)>`_Mr5RMZik_y-J$Myq5w7ESYK4bV%u+G)7|0eV`=uRhEvH*WcyO z1G~035bZtohbxDDOFbFRf~aq20i2mizr6G8;EDz`LcB6=7&P{yLq!0kGA2*e^14*o`1 z>`iAX!$8t6+I8UtX4jLyu0|y$CIh7KD2=&O2h3&qt1a%^0#wl48ip+~3sIeLqL_s}tN>D~eBhC-DhF&v{@-B^+!*E|Z2PR{XpmYu8z<#xx8!Jdc6> z{HFD2(5$p;bizA`0z}4z`9v=@}aQD!&w?&<+06;;zv zqJ8)&g^U;W_@LR&&s=HGLLP_5pe()CsoAIGucE0Q{Hl9^tklcd8tm<7z&wGlcIIpg zb#Q8s48>CS>bMeHqB65$7lX`*4uxk1=PANTWH3WGF1m-O8y{6$>%Gr%1mX%Is_GOnXXTf^k`scll+!-sTX*+^Dikl^igAtPHVeWaSPJm6lM7w z#4S*BTxL)?RG_H#ouiL5SBVc8!UW}rL_RXTB6M8~$534_Dj&y3UE9}{l!5P6vkBk8@SmE>M z;C^l+VOn)U=)9jrRcX&n0e*vb79dLbV%cNtp^G@j2jhYaY6X@OEd>#m>I_<8&M&A) zj;(aew4iG5N_DEIc=FM`+vE>`Y&NGj)e6&B6&L=88e|j}-Tj*`&NDa#TO(YiUwq;drY4BYJK32(t-LvR$-bDO3tBkJuGD0!(v4nwl|64F5|By65J?)D_vn5o z!Y=qsCm5W12mb=mEKg#IfJ6;rlkLCP>ksZclkeNxnHBQ{^{sg^Q2Mg0h7?L&dk7LfmKM2((H{aG_5bJJXfu?33`IALq_X=8-q5CM3TA?ZGGEOyBdd zmR5}+8@=?aInRi9)qlD{IMwIo&-mEOj>~>&3&o4E&RrQzt#X{(Fm%nGW-YCk$%^P$rnk>1)d#$?!!H2Qd7ai>|aZw6xH=Nu<9D;?RXS zP^vn|asrY}YO2ii)G6Pi@+d@-?pFq!Jl%y?*Q4YQNpm^gRD(jj3S72ig-8zM{X0EJ z^z4I49mI0|^f;l`K3-SxtDk`0E}{Wjw0 z@o{V6(`MmlH#r+Q@OMIeUIr&op&%FJy&vJ%8!FdLhl9)|TI#v7aHev$_ko8}w5)~4 z5pjZKU*u&?Ww29D@SnvxZL;nZ!Bij5;z5W`2*M5}m*z}u(Yzc!k{EE1Mi32vw8TS` zcm4pk^UU}%&nxwNJ9mFUa0h+|hqp>np52vu9MB7OgG8e`%rOlil);&RapW~w?OpN7 zY6`jFr*>&PhVUedkJ_af$BCeH)C*KWFA6Ma_upzN>|ufi+pphbTb$Jtu1t)!RQr8T;2bP{k!b93{dtXUvf(5at0sjWS! z_4D84xMe!P<8El-p}52D$CWY0M))@+G{-{<2Lcg29+rAQKr8CD$kgLzB}v4dIPKhm z1vf&&m3LG?4faF-zU0~=5W!w=1)rslN4=M>cosEwzM&%V9mw}=AxR2_G54iBJQ9Z1 zkQnjvN$9Ox^~B=AcY0Dy8x>V6pRF5a&99yM2CnDHWtVZ}k4yqZYCuH?(K6MoA6T?@G+dfdYv;WMtyjTZcv2l$rmQ z_)l`IZaD`yyj)i$>6S9hCTx4teu?`riNDVh<;ZANaaGI2Qc2qRV>7 z3SELb0Yp$K;6bdB)w(;?dA-%mQ&#`o`h5o~FOUF9?HBE-gzFKZC^I-+7|2-CYQaC| zD1)bl5-q~46EN`uOw4aW;50xPHVmoxjQU90zHpdBmBYsi?Oi!Ai$)jMGoWxJNgw!$710j7e{b)bnMLz- zlfZx}cdV*afB8DC36X)*wyj&eq8y^|LO7P`p|Wr9L((h7b-(>gyaVzh_Fe( zo|1J9UI-DCl7277QdwzL$I>n}FTjz5>W$X;xWz_cM?r3%Ve41J?6LClOt9|20R1JO zQ;=uP(+LSAwfrsb=t#9W4G(o&sK!&{KWt*GqHE^$euVos_XV5pVPb>Hj)87m!9Y(~ z_U@ysw87FTec@C((bVgebi4)272&c{Rc&KolE8)6cNc-O@^?!Oxu?0^!KvI*2QoZr zNc}m&y|Rri_G>4*E`DF~7ft2X`}Z#QaTL~89L=n78BzMeTsqQDGD+}Rl6%YspRKTI zBo~uDCu=TY(r4R0@vK&Q<*nyc)kD96SI2$=(#Zf@O8RPrB*zL>Ee7_m9~eBt_0WSE z)CUW~ZD;Ok5-97R)$4OY5xx6p662jbpsTO19XB36Q-y>?TFDS;#Sq<5#PoA0a=AH| z%Ig>B>G~iTNuNS~(SL@gj0CP^i6c{wNvaTP82R5U0`Df^NKxiI=j(vYGgcA&K0G$^qPvtn&ZHA_7z ze_O2(xrS?P`64QU=XW#vi?nM_a9XR9J<*`zVA4Y+lj@Dw;u`!#-4H~Ds8|#!`8g-(aRH!se{f&P_urI?};|t zVL(t`|KD$q;SrptX}wpw@&POitR<`8zIi(x%{6pcEUwFBi;8Cj!cG2;$Lz*oej1i> zeALhX&=d?A$?Wz9cW!!VUH?-h+cO+0PTslQnZ*5&o><)rWJb{poZ}8bWW> z`1yLajrW>e3g_*>5UcYtvp6qTT|Id<&7YQZ_4v|s+j~r0FsAAd^j!a`{jn>Ve67Iy z{HoGK*=eInBETUOktRw&)I60;zFyZ24fVMP35@$v6SGz{>9jRhX<59@yxT&9M za!%vFOf|_1-UZ3;mP*gJX-K{Qo>&`r>iHnpEPTZD$+(eZ1^T9Xv*6BdXrFu=%>ow zBL&>E=^<}55|+DNql*S~Oke;nbTq@%qLOcx;d|r84{UNYW12-WF#eF%@(G?NFICVR)&29a=3cX$-dVq;5EI6Szx@|B9Z3nY?8t^e7d`D77ad)eXg`w zb1u5k;zw$4Bv&iV6*zfz9yOz^S-&LGwFm^evjtBGsQ8B#8>+>AvP#~1RaUY*T>N`z zUUzcF;$~TZ3uKoO(jbBKYa6wOfy2b{{qM{2GrtGsoTaDy$OpjvZ$w}XD%vu%aBYR59wEnAe z(=fB5raFJEm}XzmgDL-mcI7QGk!J9bB;x%1T=osRPp~xFVZ(c|%vsaqyDl{|{t2<& zww|p%euzKS)rz}eeX1J~$=2-EenSM=s9&<^#q^#8kCDS0>{-Qq@%*T6yoCg@?uw zvQ+!u2UG`Zu^(5SE}s$mpMoCH7ip@2$3XQk<6D#NAH+01pFUzX5hZatNEg1t0%IO( zrcH~&t#g43Ha2J)U+?%=6`tO|*$S&rcbB(&~vak1bi$E3OUH z`i6q&h?%ilr*+4WRGw}FKWYuUu8CL{XUux-eiW4#BxHALHPEzfzE{0Eufg#>*aZjrP_Rcv+jg-W>nIW zUKIw#7)Fq(aFNm7N`}W!q^ssk>luh`B@65m8(7uQI1~KDe4LX%J#2OLtL3G3mKr~l z=zJ_4Pb#6onvPB}$|YMtu)dxvu)3k$is>%4PA|*H?j*({LPXHtoq1)<+oGjBiED1G zj7#*-!ZjANLCE4UJ7BFh0*v{|E#!vQ zIeALd7q)kf#OIks2OX?JdD*@0E5+y0P@%vXaJgOn-<-Sy<-()iaU)8+?Eie=w_0^4 zvPK)4G4j;I@EXyf@Oh2U)k}kYC4PkMQ-Ql($F-OPYWj0s;Hg7 zAS#wFi_haT0GF>j{#v# zrjfg{xm{$QYOPQEpURj_0rsJF0~%M4`$?l8O1gL#1C%D`_FSj&apez(I*uQ{PbT|I(+^`I992YUiuLBN}*w#dyF59pV_eT$)W?h_+|=~y$Y zfGxJ_+!XY@_lG(d(+c>oaY|kv3}8yg(`{mEGPqn@sMY?kv~!=;II)$NXREDcF>F@g zDvL#C;hlhDa4Gg!Dc6;g_&~N%%yd-3)U-&Ju(0SWLvh%%v~GbXPZV$%J!JHlNy7K0 zcCXThydJ@)IGf;LM^8-YJB?tF?O5!EK6zK@&CynBe!k7xM1+;J45OSZGWht0wmj(d z*vCYhNGq?6@Wmq(GW98*O6*XS;+*{jj+exMGm|DOOvzOrQ0a7kR3v1b z#!cP#4dd4_z)bwaBa1p-`9Z-0nG0sXE>4dOH=MnLK!tAuRZK~|qa;}Ot7(JHHHvxM zyErNR)O=4kfhlkEW(nn)npzrua>pfSPBbgvK-H6;o+yM!wnTvpi-&M%wAeEEN*qE& zEM3FOYWyL0$|U`#PtHKzjX(VhlDjJs##uM*>_=mjr63mNluYt6E|FXI5vRpYwoAhx zM?)URNBiK?f?D>v)ch6#DPAs{s7T|tGXBGR5MBuB5Xbahp@OzN?{neuvKs3Sz4z`I z-Dow2=M96*4QVD1gmoxFh|KLa(+O*?dK8iK*9R%UnHjaX=@f8LK|U1*6-Yl~Ov~?Q zqSX0Aa5iyL9*C6HRC?SmX}4XRNS>vGRwXL(~AL;}f%gUaW4DAsr{=(dP|9F&BC}+-!4X3)hzDQ0 ztXK0la@iKzd3v0ivbNmPsVDyadsiJ2_E_K9@`=obOw*{-2#&rcwU$&^4tpOPMZVaU z(JX8=KOd8zamI%Xzw=z(U!cC#T_wsR)mZMIc}Q=3BEu{wC0z`P<*ieq!7h+nt-t>Q^~QK{nKGqq%dq-fwG%Sl#zUT;iqj(w(L&!tE0|jm1jPL;Pvq zah*P}*-hIM;5K8Z;ZPGhXjQ|Xa>=>m^9>?uP}KU0mV;I_H9oOmsN`s*I*%A^jJPUO z9tv^+&nZrEm8}FshSPy04n2g|pqIoFO4Ja-5{9J_NXk8-g=v08nr-zvN*b^j_u|Hp zsv9Mi#GR!O4MqA<5!mFM8@ybwv|`Zwt;pG@&q|N8c;+F|UBqbWu8+A9rAQ>*`SgMR!sE6Ird?vHRvV>@vL(B zlGZbgg;AexuO`jLq!tRo7ZaZwrv+YED%_0hr1(BnTYa}ici3OWfdk{%Og$g7dG z1|lyO$DbwT-WPEyv^kXUb82mACwZg&NoD!&n?zEW9t(7AYSe;m`x`CIK+s-SYOA&) z;#r$Sni1!^&-Qy3uG7Jd<0oyYI}SB0)r-T@oM~jU0!hz0d4I1uPcNW1)=uTj?W#sP zU~<3qGW&Wr?*p39HemG$tV{ybskc;YUVa29-n^;Ah8MZxJ@n^gAxd zRSpixhRJdXQoR5%0(p;Z{6{qtC| zO^AAc1Xw$7!oZ;@Wm7HkkaMb46hh2^Bfd1m02C z5A{v;x(es{ZQ8WnmJ??s=1vDead@zUOVr9@EDz**HPlH3Tq#Uhy>1n9P+z4Q+y1HT>oKqhd=_&QEIlFwZ+}U?son45I z$lse<^}_s;deUI7=Z3-Gd4#B(n>bvWA8hksRWSSgXYmBTkxVRc_J{h`RQZPwe86&- zpM2)8{+%6Iy9B;4czT;iMpb%>%KYfJU{+EE%@DWTO0S4Vm0i5QXQx{@LW8l|f0uvb zLwlFF1J1Hm(*^5a;8MM~9Hy0U`5JVjyxnO@K<~J)@!%9P(>Rh({%7!IR^(T)Itfu; zldmrV&~KMCM6TpylY&wLbij%UXjtphSv7e@)J=hgOpWYaZnnJSoIa!FhS3IjRPJB` z@j{A-Lu#=itp~-mn^&EgTN!e4NN|azr9#2)Dm5R3WVdwu6!%jB9`)R-tjS=8a3V1O z!G{~QF-CA)iyilJPdML&V65l$Hg?!yuUqqxUD)@tv&#AT+KO4f4X)cDra<62EAdoe zOum*CFK@G!@~;&oTTn2^!5&xtWyi!t?aAa4Xv_W)xZCc^%WP0p5YUj3*^50iQMu_R7f_BW2bD^)U8achRU%s`@LVYrcdUvhyR zQ&Joe11+#EpA_Qrn32Rl=B>Lp>n<}uVws-W5HBJP1mAC7d?Edi$m6Eu#fbJjn>S8T zwk`<1+LF{`?klrgv~3F4`%b4B(}`y286n_nnxQR`*B52f_n9)YlGt`;x=VVGStowS z`UF=HR1g2~QoZ5lg&CZqK`9uU!mA9#7YRBkFfYqy-3#*FIYgZn&Q|6M zUd;Sy4d|I>P8FI8XrR(cey#TEk1;%ULt~KRv?3y(%Rja(X`p|-r7hXQvY2IWv^4(( zwQehu@ZjqW4T7M%6pW=C3Qs_k`|TFOS>%5r&bNNtV};`QZohYGA-G^R!21!?_hT{3 z8aZTV2v`4C4ozo)otIlv`1mg-1irxGhU8gITxd51 ziYC8*cbspX-GNssU^pGj%@=`MVes-&wEORF(_Slqq#Q{XXwpnAEUN1;R~tN2;^s(V?Z`K5*r{$7j)n>TPe$WgBnY?y zD$_hDM^niX^*t~EIy=bD(OK(3jLYRl_H{9!KU{Y;LA11(-w?|@wg7d!Ub+?q>KMQY zYrDB<+qwbVx`2or4?vs*GFw?SlCWW}po6Ffv_3h7g=-xZYV)tJ=+Y2@zeD~dQrJy* z?$N-|Om6`G5f%6>d*~m(4&XrpHj4{$gh1CURs}Eb;u60I6_5?fA1PwRl~E)35Nd_l zQhyD8{zo5tt3t9KH_*9BHvcibG~jXK0{q5#V1f>q1(%x>mu#O!@ZGhWQXFIf#kTDd z)pof^-u6wuJoxZ=@F+kwOfiGw>sH0DDFR`jbd&hoPN=W1PXq<^z8oCQ`#}B)Xf1@XczA zA3{}^*`>9c{-7|qnrg$Ay98oOO=NI34%~#&5L#@cX$T$rmVcnmV+mXsTBq&bkZzS@ zb3k$Fth0B6;rWeU%N#)JX|iE6_X7T9Hl~h-BuuD056>n6%dd~?X?^!^$;{x9sAc5lhm^!$PjEu5xF4rzDF1T8j z9R)5x5w|Ec!PZR^pvuY7`byuN0zRTcWea?WcKelK`_EI!HzOB3+6Zk1S_4miV&dKUg`|MJ?N#RdGA)y}kY4n6?E z0ys%GK!dyu7cuC!g^1r=9)S`Aw#1X&S^r;OUi|mpe~xr_WI*%lIe^XrP+GW_Nbq$) zt*ff)aN9MOYvSM^8WFHy0@(!wlEmr(&#^{-KpQ)05!-+(k~t_iAHXLp3?MoU!l}}r z>0p81LO40-XE$jsoaqcWucJ4*O>jUc1f3ZGig9)yzJWb&@K|eX-31V?LzdIp{QM5B zGthevz$HN`S9v*L%~%rtgHVE(1BAZ{|Mi815wPjEw;gNmf9P1)*%@f%2MDLj%Yc)= zzY^I2Y7(OW=urSBh2h!)fFe+514QxBAO>EFq~CMKVq7ZaYy2dHM& z33IxMp|wPIovfhqjgXMr@68Ou?b4i`oWwvEH~J(^LC&B|xFgD7C z=quVZB?MS`ZI>%tpfTfL7pF<^*+3o7WS1de(xSN9EdAeBBaz834U#}JD&t)A#_uhx zUrP``X@j!!Am_{+}wCNxPeGjNXQoe zHeK4T;GnC}>u07Ei0W#0K#`oNFxt|j>fi?CrM8=^z4^e?*~09gsiC1*7!)97=YuZF zFNTgXdxwU=f*Qhnc><(DfQSV!dNEXj;E;vlz|jBf6ZYc%W9T-#2{2z33UCPsu1V7` zu5ckRIXStZbiqB)T!9vlltiKc{TfUn81NPftg3vuSn<;t5652zSgaAC^Z5A*(|1}U z0dEVmem~lF3fQTc090Bq=QaarU9!UE+JMll-C`U}Sb+z8#Les7kt$sdpv5dLDtdOK z=j8=}oS-PHde6_tM=9e~98r8`X8DNiWT3<1(o);`X6g6u5NI!8WdTko1}q?AsB*S= zWOw ziGP1gn24`{eKQ0&{XCf{gmUH-bNVsx1n+Etw*h2Fxlhz)#YmsHoRhi3t&W3MN? zW9knhOM@3#48ujV{GWpz2m0|$j*Lj+92_490Iw5cwGWyP{X0^UGxD11$=d(m0mMkla{xb?cUETT`2k zks3+YeS&wd_vd*dbvfYkh=Th1$txqkxud)Uc1v)cRj+bFke|OQ*x$$Jo5~41bAn&V zqY0?BJ6E3rvb)61*$_CKc7UWEaNIoCsBXcza#ddeg8>SYtG#OgobTV+>8;8X1{O?< zaV2^K9Ld1$83W)RIMo4|myi)Pwg>HM63NKO$&vY@z(_|#L{vPN_+DFkeU7?*^zqZDAm9XvpRea%UtK(b zQoR2kw-=aW_~Rt)(yRRrLeNgH`Twf!yW_Eb-?x2Qgp87vky2(QS(&Bm(J&*4Psygz zZIcoqR7gmYm7Q$2J1d$t*&>o%_U1Y6dVa6h^ZWn%{GQk2A0h7deU0-v&*M0*^T6Kk zAv)7+xzp0pvXzDziH&4dzJqjZ7J{}+Hh{p%n+ppKt%pXjAgrGu4^$JXI5X~xORNl6uzmad|`rZ_9DF9Uj>K7L$z zm?|(h_$m!rLSO`tF{zwB4NGUcu7cY9ma!p>V@I_LLJwLL3kV3HyRnRnJL-chQ4{g& zKNqJ4vJU;zL+&Da<%-isfs3191G#x~g!+$YahsY@?(A0UVC4b6IFBYY#zwb#qs*`9 zrH`=jnBm4~ODbCB`g6J6XK3o|9A&@6M19ZYpb)}a0Oh{n)2C0P^W+4YX=`a|;dnzt z{!n?>BC>=f(pH3 z(QlGd%CT>G0DUTS)zt&jozra4BM1E=UC|uYoHaQw&uOG72{lK8dJ?+~!InTExVyWf z_CgNK%E-vWKt)cOE{WwBb|ZG(zki?D$ct`|CuA8;s_bRZj1o;kb2$7p?UdYvgoM1j zmO0#Z^+djH>iQ#M%zMaH_IX*EcS;D`Bh@@KiiN$!d=mQU7ua@S!(H<;L+fyxS3>Cd zD;UwMoPKLw;u)8{s7R%B4lVVIi=#L%2*J*DuI*RN713h-PU6_`aFKgDi9gT{ z8A&M25e7dnDt^FCiC(m_$2gEsv*6@FgFUgBT69Yl5Ekb3EgCw$gH3d>-h2I+8#-e3 zX?J^{RN-erhsrng^e}?Rx=2f1ugzxELehR6m>swBUC!7q0HS z$!G7eV>c`AY{gKcwU8{=5qbG_^vQPQ{t?e_UH9zx`BW$5D46bXorADtnnKG$@0E$d zm4#n?_BNf><~guSO5q|F)PyH z3C4jx+z88=!YiY*k2Y$$x?xjEjpC zdbGH*lIy*)yj)_0hMLk?tDiop6UKibdwecpriikITw}spz z-oetc!8#xPXVHkZteR&2D3wIaAt|Y+p3xN(<~FapCeSm{(|q{uT~ZaD|9(t%()nAh zO`cds<#LWEf3lcxJ4qj^MiF{@W$Qv@B+BCQ%`|^H)=B->Cmneij2JQ$R?#a|BTbY> z2qNVq|BoN=sO1+}OUM;$o#LOacmJP$+UexHx#Vf{h}iI)e!9}(h56Z8UZx*zLCLYf zJ9gkAZRy~1(Wnkv>tn-ge&_f-4xAS-uCd53$P=Sk^e9%uR2WCcAf1H?!Q$eZt+ScZ zxgB2yrb4oalGd!d6f3whOw?-JFy9-fOqn5z0h&VQ{!8wwL}ccqqwHB=9JE0 z<%ArqeUCnnc6-RjWu_#MNSRs=g&kWJeJ*A_bag$)gwoy8!NKMj)s{`%rV8*KrpoEa zI8_5UH(cF#s05*OlYWsQQ3MA;gO>=`lSlF7Uzq%CeIW2 z$ZxinS}F9ofKS?GKeMbS%m#YlD}oVs{ezu0P(+EhM%-I+t>B3lAT=j)afxZ+$C0~P z3i9)ha}eZB_b$wb1cn6P59yy-n!6?L8hQ9rX=xLsyl|v@vsi4Ld(NBEi^7j)hokl_ z%zu?=Vc9)6Vr*=uFBH!Ya{~s}7NH5A9K$9P=WP^y>(%)$PBlBJ5F1}O!YhDYkB}-fKbLaE9-%yLK$=caG$BP53?}B;Z%(^aQu_=m#Cx zXsRyhwB`zp{90I+@@4F~DMz=7Yvhfr!5>Yu3A)QcNlin_c6v&#F%`c*yk?~4HVsRy zdf~7;pt{Yw!90g`HnW#{t5&n`!y3QkjJSG3VGC1J1=FPS-_TDu)&3ak;--_Qb@N)y zj}9BN`NhX-D}KmtLXTk~Ld>DP{HnWmb~g5UO|2fcJ4HIZPw$>zr=5h|DbMt*YV&+q zQKxsLxBDq578J6!#+p`G+6o;yJgc+(?YHCurDi89HM6TrdeO<;>f8*;Auqa@18;9O zijGzfqT!@dslSv;;#TML&D+yOw_5c1g~Opkg5xrm`!Wq8B3!>-8NDAEFxI7TO85~& zC5OVQj+Wk4yu-^6Kas8^6!2`^$Z9p8n$wXFf6l`kWRoU1yR7eLwvC>fjUjQL@8Hly z{vwam@75Q7<#}DY;o5ddoPy#f&oBd5sDXj8j@|`E&OOdmn`o3WGfBnP75Tp7 z`be6*PSelzDmxt>afR5ec5g z_idrcv5Jpgr5|BO_~V*=Q8h4C*}~WwvD-i+X!EAc4u;89mS5^gE%vrLTm2K0=Sc4l z`MOuNe^r)=-IvqetTQAnb-4j6+dh3ED?jNT!#*bJo}X#y`(IX8?x*6B<;qSDWI&zk zenIWJomT!?UUhDVH?Ruj|men(&?K4%RvUnUn^e;HFPQ0zI~ z-to>^mmVf=f$>vZ#ZNzlQb?IyOimL&Pj<> z-A@Bk8O-Tb{f?X&Ss7SOIjh#G?hM7p3CEu|_g^6r47c5V+c#aEo^*gYH%hLOh01(j zSD1TBz=6jl(W64Hu7e81Ma!`c%H#Rn|&!p}ulz;fo0*%53h0h7q=DOuh z_IdAPbp8X1PlhUszXaN}xs-0~@i$*D)1F(T+=3%HsJgqU`(1;W@!O1|VUOe?qYDAG z>t$h&-^RY^u(yG5>A;`xk2loX4*rS>=pe#+Jh zH@!*H)Ee8v$>Kc|$~!xJ!9b^{P z8Qz}g8%sgAk|(MTPg?$===0+b2}TdYg5}O=!oNQ|XxDvC_EN{adAyISdWN2Aw(^N} z_uejmO5U*`fpPhY$|AH%hb=iiuMz?bCC7m7=NdmEU46@p-p=yjj1k4-SB# zWM!^6ZU)xDv6Rx3wr$R)#K!isrd{@8XoUVm)x%@$j&6l4S7?vM$A-?%)KdQx;eDcM zsi`??U3~`@=&0$Ksqwf$9T|47@Uol);tBrqi;G*fY|9DNwXw2q`q~!o?z_mXEi1Z| zFx|{gyl=)@T&a>oo$OMYtZZka5!7M(l3#sa#InHJ+GhLG1>|(y9Bp^#%42Uz$I@2) zURssmh{a`wWGfi12oWmGSp7^k5j^=o<#kK{Ve5d^bgrj|dDsnL`Z_RMJ;7Em635^f;_;b+f}{Kg7bmgjEga4O_;25G z2fzdD5Zoys$mqaut_7g%MXtX3F{czOsGix_jQ&WR8{Rr7X ziJEN5rK>Au^HmrSzVuT-K;yaf`g(df*W&pF<>kFl$Kgz{^??Hl{=WmTjuEFfTX}bW zMDNSFnmrChg4d;Ey;ldgB^`Rlt*y~1UJHHrw*ivTd@j3Gd5pCp30e9a_Z;b{C(t8`0gD~&_d{rMUPPQHcB@DEWOi?f&zUV^# ztn#N2-v2^z`_`;e+jNK1Tb>SRoT_F?IzIy3 z9C!G~a=|r_Im0}wW+!P*_jl$wrBgL~%yR&JRcD!RyK4qkj!6li{WaRE@$TYdva+SH z%>#C%Hv}pO971=x4;qz^3b;I}bWbYkyQ1@E_K`M=cFWu>S8OD`Q;2ZR^+bqKror_Y~*>0;mES-PeQ=m=NA?V4TV__UwoCG?v7Ul?9d%^)UoeGLgOMZIow)# z^9C~k108Pn@uLP&Frk5OWShp_iq~N10J++AiXoxmngyILW_2E||6wY|(j$QomDS(J z!Rcql&dv^hC^xrdt-y%za6{oI@7|qWU{WNr2S9?2G7Dh8BP#lM^%^x$bZs>?MymCN zkP#<%M1fO;DM5wY zoo%YHz@WUoA)*d6T0;YJgA4HWSW*56;DtFzDW&;12c1C`9e9gLyKgGNhUUv$Y!X@C-}FZf+8@E9@fgCr>?iDvUVoBRBQG z7>d^iOtbG1jzu`U#xTuHPs5sJJj2XcObY}X%mCC+U>4`vffa5a(MXi z`my||>JT*VJ+Lz%@qB8JJv=3Jb#!)xzWbpr_D;z?OF>NnB<+<3u{

1!o0wGt~m&4g;`%g@50j!FG zm3J{SOIWw?E2<){!jy!Dni__MHOb8WRoBr-8`h?6#TX%AduRZT?duIVI_Ekl+F<3G zY8F#n1A}k*d$xmG@E+)E*v*rO*s$xMrXk?Kxb@i-ILQIT2GGkbIo*9mnFAWA&?O1{Nc3^A$%}g!)xi*CklZU=e|cfpakx z58^EFZn)tYzx7zc$iP`N--zt2H9;V*0_ti*dw+VA{We!QtP`RU&YC#K+5* zl_O4Rt)sVZQ$%SJ*8a`yt3!+m`v{jU8P6EkGbh2EiDaWq#Jm&!d|zap4se-3|oNY z$T0DHW!2%Qs9d41n6x;CB))I*yG1BKJhJ;ItZ-m`w3C@x`JC?6t4TP2K$UknlzFbv zd6C1aS~soqpaT7?Pqnoq!bEhn`F1KQRdsc@!AC0Hl51pzl>LBhgBcn(NyJ!1GY3^8 zs5kGtj_>zLgivBuC|n+zT@}UW|7`C6-wTPql>i69U4@uKH2&we@whn^ z4m8ywn$Cs&5+Y&~j#4GW-4ta?OiJ5*EC2rVv*%w24tvhOE;ZM9$l;vgfAUi|S9J0O z0qseB8B&_9M5Efvd|=r|kdE!?p(dvcRMLff$BxZF4P|X~=4h{{4fd4^?j3{Vcb`|e3`+9*2T83hK!n=1A!E=+(WhAU;WT)O`nGn%D7yW4k z3N-u}6q}uH-I^oosF30VXMObOD2O*`s>ZwrL57L3YoXS_W_Rbsn1Qvlva&)Z$>+<& z%*-Y2^a?BrI7S%GefshR(Jnzb*lqeF-;W!`?o~)C@lqjNa%pX2I5Xmq_rtK;r_Z}A z2zwBzH8NLZf3_WOAVz?@JpQL!Q=*!Od|5`uI9RCMSiB8iU=I7f9j5`a>thHAQmKHTQ{9FG&F=i6!cG+C3rF`Dk_Sx?=Y@0&#~>y zQzHwmKEW%nz1z?q+tq1}wu;ttgU?sqfSY=AgzUu#N38c; z?!wSlW$M4Lsli!Kz2y$RlL6DGLpW%loQ!(>7{UceXOIYiPOUbdig9>LUVNe`;}F~M zjzfZif&v2r0|FqXN#eJLB{+&7HBC)e0z!h~Syx{I2UyxLoLq}!!oXz8C5^XWgrI`=f&5TD_)&T zKzX2?ury}6Q3BsFJW4RT_-NF%=TlQt0)m3epH0_qpj?31f`n%`@uEizmAV~s@+S@? z$aA2>AgdS*4Ow|mvK~NfjWw19?{u@;XmK&EBNvMtJM*l7(=asUUOVGol>?JIIIPc) zwtf~DgneLgqa~cWGj#UYGSMd=3N4|38!Y8BKpq~|C;Bz`a`V$!f>kEAxG5*{uUtLZ+{6y6+;P@H zyL^P-zJDreUsSFC&OP2&b~L6|Ow07!Dac>X@?WW0?I90 ziUKFliIHFfXzRA=yV~Q@s6=~vd-3Z4v9s<%+c0@b7G)_@2pit~#0+BTNGC(oLM2&cL!PN8&RgO_6)_HHC1GiT5 z)3dY`6b(P5q@0wf0)m2Kj^7-*0|^R%2yEcKK3rvg^ZmQ|LdY(k6R#nnz$Tbz&q*jP zl|6K*);#AKJoxhRW|17liI{DYd7f|IBYjWtC}F(aSoW5VPBZis5N4c+P}egweAQ@) zHA4>Y+OAxpS5)C$tF2x4%WHv%$c%&#K|8lYlM1!tTN-C%)O|iRwJ)F|x#YEUHA=JK za>X4e-_J7b=Hy&Mw<|5gUg$_4JbU=?AwtR_$Z?6Qs56?X#2< zqGVlfI62K8dhQ0lNSs;_5S}zP-lNrw@QZQ+nrhY+dr0k(#97ov-$G#%#B$`*l{fGj z-N7ny8ASz5l7oYTCr=q+6FK_xXVuX`hU_8#&A!l-CR%rDZ)BoV%oYnVtCC?$)berM%*+QL zsb(F4k`RgngnEbTr!hekUR!Y#fbvD%7kK(5;yG+(b}9mMf?AHvZ#zBxHD_i5U*u<4 zrC;}ygE(Ua@Df>IPu%fPl^41_NdX2x4(#l1#8!-LxgD}(EQ1(HhqsRXmEi(9j~}BU zvLHWyJFGb&;KwQg3Uuh}%y2?zZ!3ZPD<;*Ljz_9w?Fe*`gMdL``p%?;B)+D)dTlP- zn^V&MqH`fxkv+*+SJw#nWJ)s}Hkp~3p{0elG%T7U)Nd_td0j9tK-Ks2*RO9xXNLt! zFqIT1ocnG6=ox;Hq&O#JkL5m(f*-d3g zd?|i+DITS5?y)03NRg0;6FI;?yZ5Jq(ErG%nV51BbRPecxKd=DY$%pPYG|F`B<9H% z(IA%DHpWRuxiXDI7*@`oKYknu+@=@_7&Pk_6~1zOL)b?5v37%&4;AXs(I z|ILE21t1%mm{bM{n(hDM<{nhx28M=G@XJLbb1Ewvn-zGsJqimuX5U@ZMJ)}LI(hE` z>X|gs*v@l0y%j?6*?500c4;U6J9U|h*iX<(8|&%8Y7?zFk-$ze<8Q}SHniHcV|m%w zjA56xM~Z17l?Hy+75iovH@5;H17eR}pOf@0X%obPi*=r7)#IZ0epmCy>?>kFmpxaSHlbx3>gHNfFh42QKfUx^XnvQ zZl|W+NhSR)iY%JFdKK|xue|)FzuHFB8#p`A>Ro!0)^rx0ch>pXGL!8& z`xO-8UcLg7jX-qI-=8=ti?|9IO#; zn`4jPw18*#O16WB#%C1&fRL_*$4YkMO7360DzIil8XZc zg)*XJO7Xu4gHS4Rt%$>x!Wiy7e<;>fcHRL30w*56h$ows3JK9!?98uBYBKg$HYVqf@YkTE-o$%ib$bx zs1-PTllL=2r2-)|-0fSfZvk|HFDhyagmzRG&$RiByWsE)%%RkEracl_!=u0dHlz%dSZnU0$Jv3e2?0k}Aj zF?9IZdU(k4yhE}hATRF2^{I)AeA7F>Dh=-C0vL#DEpD;81T`I~1U04pS> zP`-LxzT5|7hMbv~l$89*%#m{*F?_vOK)?!BAfWI34qKH_E|Yv~a%LT_POc#@9sp5= z-$tK7Zr4Gu%1~8<7}7a+?kEI|_`sj^yLS)yKcgbn8wqJI5*7#mlM)j#-r#72F_qB8 zBk12$SgHLnIQRhX9$z6VK~W*3pYh?#mu?{VIC@p7P{&1y+vrXJ$qIF_vGyI$BDzp z!UB%$q(Kx;@mphG85MhRQ|MzD-;9f_qN=(1%T{ZX5~mSN9eVHK4YgMyi(wD80M{}; z9IDD2_$RSDpBl~pShbIxCQLnv%*M&O{6=yhGyegJFYacQwY9ae?B3nu*07zH)?;IB zA%P6rA+WSq=R^Eg?6LHw$DW1y9x5LNEGpa>xCA$2a-Ii@xAaoBDQXm8;z)d+<5irb zxAVaM9m(xwux}KymPNPzFm8!>DIXVvVM)|WT=vE-4d@7p{r_yfOBx!^3yw=7LgCX1OdQ31%=t8?L*`~a5~Y$bqf(6fq^fBP0!|1;Y# z=OqpI!OJ;@xcK2?Q`O+ ziOGbMbPw^2t%NaXTEsD-Q{+pL_4P;g??1)Q)H~I`G=mJ`x7z8Gx~naK_ptg=LSdyF z7CFYJuY$-!?(cXla?Tq>KuQW9&mh#RE;z7=Y2*}cvY(7b^Bz11sp$%sqscY?ZFeg? zfAb$WpmaDgG9qF(6H}45gp3Tapg=!UKX=9*#*whT3Qlra_;o1ZA{VoK|RWgiRC3GCZ?r*A~~Ge z%TS6?0Z_V|~Tfm2!y7X@aMeva?jzht#yS_dfQ6V{58GTA82zM(Q^jO+4%;>mm`8DGL zthveTEga=h^r9N!4~&++CD=8MJqgwghZf5v7c<;|A#?KEw~wTebqU=pMI8xMKVjrC zl9XMx-r3v?*qwZ=GY4G-->Vq^FxKV^GwMZhG>~&A0O=U2jVZM28gi79hiVuh7dKxN zRSAT70RR59Y&+T5T-Pq3eED7-1iUHRgjnGG>r#R7Fz)dn_=iPC8sPup(g&O05`5(1 zT!+}^FYFqp+`0+QX#_2{p_wIkwTZX1jwFp;96w1op$=I&gvgjwxSZpv8~MT}vU(g= zIOC6ct-2V(_20nq~Y;G%7en+qe6LocMWIXn)BfX@5);M7W#fz_EKgi>D z&1O`+xcvoUf5J{WVqtpPJdU81)K)>;!I#H^sRN2 zWDCRPo3f&hJeV(o>&J#+amnqq$OE_~fbY4gni}Z;BS*mZ+u>#i=9V-^se^l3vsneZ z$U9ijp3bCEEH);F2nrcg&m&H4QTAX|yC~hbkbbK2j!u$knQ~Hj?Tb@XW_YB|PPZSQ zB0@sw;K8n+4(>(d4D$NEii(cE_TiHlS&Ba4|E;+BzyIl^vt-|Vd&U#}*sQ-`JIn8g ybsuuhfBPGApxIMMZty_mCO+{(x_{V9>fHQYlj19h|P*c)AouzpB&i?|_t5)Rz literal 0 HcmV?d00001 diff --git a/content/posts/tailscale-golink-private-shortlinks-tailnet/index.md b/content/posts/tailscale-golink-private-shortlinks-tailnet/index.md index a152db9..4466e20 100644 --- a/content/posts/tailscale-golink-private-shortlinks-tailnet/index.md +++ b/content/posts/tailscale-golink-private-shortlinks-tailnet/index.md @@ -1,6 +1,6 @@ --- title: "Tailscale golink: Private Shortlinks for your Tailnet" # Title of the blog post. -date: 2023-01-08T13:51:42-06:00 # Date of post creation. +date: 2023-02-12 # lastmod: 2023-01-08T13:51:42-06:00 # Date when last modified description: "How to deploy Tailscale's golink service in a Docker container." featured: false # Sets if post is a featured post, making appear on the home page side bar. @@ -11,7 +11,7 @@ usePageBundles: true # featureImage: "file.png" # Sets featured image on blog post. # featureImageAlt: 'Description of image' # Alternative text for featured image. # featureImageCap: 'This is the featured image.' # Caption (optional). -# thumbnail: "thumbnail.png" # Sets thumbnail image appearing inside card on homepage. +thumbnail: "golinks.png" # Sets thumbnail image appearing inside card on homepage. # shareImage: "share.png" # Designate a separate image for social media sharing. codeLineNumbers: false # Override global value for showing of line numbers within code block. series: Tips # Projects, Scripts, vRA8, K8s on vSphere @@ -23,16 +23,16 @@ tags: - containers comment: true # Disable comment if false. --- -I've shared in the past about how I use [custom search engines in Chrome](/abusing-chromes-custom-search-engines-for-fun-and-profit/) as quick web shortcuts. And I may have mentioned [my love for Tailscale](/tags/tailscale/) a time or two as well. Well I recently learned of a way to combine these two passions: [Tailscale golink](https://github.com/tailscale/golink). The [golink announcement poston the Tailscale blog](https://tailscale.com/blog/golink/) offers a great overview of the service: -> Using golink, you can create and share simple go/name links for commonly accessed websites, so that anyone in your network can access them no matter the device they’re on — without requiring browser extensions or fiddling with DNS settings. And because golink integrates with Tailscale, links are private to users in your tailnet without any separate user management, logins, or security policies. +I've shared in the past about how I use [custom search engines in Chrome](/abusing-chromes-custom-search-engines-for-fun-and-profit/) as quick web shortcuts. And I may have mentioned [my love for Tailscale](/tags/tailscale/) a time or two as well. Well I recently learned of a way to combine these two passions: [Tailscale golink](https://github.com/tailscale/golink). The [golink announcement post on the Tailscale blog](https://tailscale.com/blog/golink/) offers a great overview of the service: +> Using golink, you can create and share simple go/name links for commonly accessed websites, so that anyone in your network can access them no matter the device they’re on — without requiring browser extensions or fiddling with DNS settings. And because golink integrates with Tailscale, links are private to users in your tailnet without any separate user management, logins, or security policies. -And these go links don't have to be simply static shortcuts; the system is able to leverage go templates to conditionally insert text into the target URL - similar to my custom search engine setup. The Tailscale blog also has some clever suggestions on how to use this capability. +And these go links don't have to be simply static shortcuts either; they can also conditionally insert text into the target URL - similar to my custom search engine setup. The Tailscale blog also has some clever suggestions on how to use this capability. Sounds great - but how do you actually make golink available on your tailnet? Well, here's what I did to deploy the [golink Docker image](https://github.com/tailscale/golink/pkgs/container/golink) on a [Photon OS VM I set up running on my Quartz64 running ESXi-ARM](/esxi-arm-on-quartz64/#workload-creation). -## Tailnet prep -There are three things I'll need to do in the Tailscale admin portal before moving on. -### Create an ACL tag +### Tailnet prep +There are three things I'll need to do in the Tailscale admin portal before moving on: +#### Create an ACL tag I assign ACL tags to devices in my tailnet based on their location and/or purpose, and I'm then able to use those in a policy to restrict access between certain devices. To that end, I'm going to create a new `tag:golink` tag for this purpose. Creating a new tag in Tailscale is really just going to the [Access Controls page of the admin console](https://login.tailscale.com/admin/acls) and editing the policy to specify a `tagOwner` who is permitted to assign the tag: ```text {hl_lines=[11]} "groups": @@ -49,10 +49,10 @@ I assign ACL tags to devices in my tailnet based on their location and/or purpos }, ``` -### Configure ACL access +#### Configure ACL access This step is really only necessary since I've altered the default Tailscale ACL and prevent my nodes from communicating with each other unless specifically permitted. I want to make sure that everything on my tailnet can access golink: -```text +```text "acls": [ { // make golink accessible to everything @@ -66,8 +66,8 @@ This step is really only necessary since I've altered the default Tailscale ACL ], ``` -### Create an auth key -The last prerequisite task is to create a new authentication key that the golink container can use to log in to Tailscale since I won't be running `tailscale` interactively. This can easily be done from the [Settings page](https://login.tailscale.com/admin/settings/keys). I'll go ahead and set the key to expire in 1 day (since I'm going to use it in just a moment), make sure that the Epheral option is _disabled_ (since I don't want the new node to lose its authorization once it disconnects), and associate it with my new `tag:golink` tag. +#### Create an auth key +The last prerequisite task is to create a new authentication key that the golink container can use to log in to Tailscale since I won't be running `tailscale` interactively. This can easily be done from the [Settings page](https://login.tailscale.com/admin/settings/keys). I'll go ahead and set the key to expire in 1 day (since I'm going to use it in just a moment), make sure that the Ephemeral option is _disabled_ (since I don't want the new node to lose its authorization once it disconnects), and associate it with my new `tag:golink` tag. ![Creating a new auth key](create_auth_key.png) @@ -76,7 +76,7 @@ Applying that tag does two things for me: (1) it makes it easy to manage access After clicking the **Generate key** button, the key will be displayed. This is the only time it will be visible so be sure to copy it somewhere safe! -## Docker setup +### Docker setup The [golink repo](https://github.com/tailscale/golink) offers this command for running the container: ```shell docker run -it --rm ghcr.io/tailscale/golink:main @@ -87,7 +87,7 @@ The doc also indicates that I can pass the auth key to the golink service via th ```shell mkdir -p golink/data cd golink -chmod 65536:65563 data +chmod 65532:65532 data vi docker-compose.yaml ``` @@ -106,17 +106,20 @@ services: ``` I can then start the container with `sudo docker-compose up -d`, and check the Tailscale admin console to see that the new machine was registered successfully: -![Newly registered machine](registed_machine.png) +![Newly registered machine](registered_machine.png) And I can point a web browser to `go/` and see the (currently-empty) landing page: ![Empty go page](empty_go_page.png) +{{% notice tip "Security cleanup!" %}} +The `TS_AUTHKEY` is only needed for this initial authentication; now that the container is connected to my Tailnet I can remove that line from the `docker-compose.yaml` file to avoid having a sensitive credential hanging around. Future (re)starts of the container will use the token stored in the golink database. +{{% /notice %}} -## Get go'ing +### Get go'ing Getting started with golink is pretty simple - just enter a shortname and a destination: ![Creating a new link](create_new_link.png) -So now when I enter `go/vcenter` it will automatically take me to the vCenter in my homelab. That's handy... but we can do better. You see, golink also supports Go template syntax, which allows it to behave a bit like those custom search engines I mentioned earlier. +So now when I enter `go/vcenter` it will automatically take me to the vCenter in my homelab. That's handy... but we can do better. You see, golink also supports Go template syntax, which allows it to behave a bit like those custom search engines I mentioned earlier. I can go to `go/.detail/LINK_NAME` to edit the link, so I hit up `go/.detail/vcenter` and add a bit to the target URL: ``` @@ -129,17 +132,22 @@ Some of my other golinks: | Shortlink | Destination URL | Description | | --- | --- | --- | -| `cs` | `https://github.com/search?type=code&q=user:jbowdre+{{with .Path}}+{{.}}{{end}}` | searches my code on Github | -| `ipam` | `https://ipam.lab.bowdre.net/{{with .Path}}tools/search/{{.}}{{end}}` | searches my phpIPAM instance | +| `code` | `https://github.com/search?type=code&q=user:jbowdre{{with .Path}}+{{.}}{{end}}` | searches my code on Github | +| `ipam` | `https://ipam.lab.bowdre.net/{{with .Path}}tools/search/{{.}}{{end}}` | searches my lab phpIPAM instance | +| `pdb` | `https://www.protondb.com/{{with .Path}}search?q={{.}}{{end}}` | searches [protondb](https://www.protondb.com/), super-handy for checking game compatibility when [Tailscale is installed on a Steam Deck](https://tailscale.com/blog/steam-deck/) | +| `tailnet` | `https://login.tailscale.com/admin/machines?q={{.Path}}` | searches my Tailscale admin panel for a machine name | +| `vpot8` | `https://www.virtuallypotato.com/{{with .Path}}search?query={{.}}{{end}}` | searches this here site | +| `sho` | `https://www.shodan.io/{{with .Path}}search?query={{.}}{{end}}` | searches Shodan for interesting internet-connected systems | +| `tools` | `https://neeva.com/spaces/m_Bhx8tPfYQbOmaW1UHz-3a_xg3h2amlogo2GzgD` | shortcut to my [Tech Toolkit space](https://neeva.com/spaces/m_Bhx8tPfYQbOmaW1UHz-3a_xg3h2amlogo2GzgD) on Neeva | -## Back up and restore -You can browse to `go/.export` to see a JSON-formatted listing of all configured shortcuts - or, if you're clever, you could do something like `curl http://go/.export -o links.json` to download a copy. +#### Back up and restore +You can browse to `go/.export` to see a JSON-formatted listing of all configured shortcuts - or, if you're clever, you could do something like `curl http://go/.export -o links.json` to download a copy. To restore, just pass `--snapshot /path/to/links.json` when starting golink. What I usually do is copy the file into the `data` folder that I'm mounting as a Docker volume, and then just run: ```shell -sudo docker exec -it golink /golink --sqlitedb /home/nonroot/golink.db --snapshot /home/nonroot/links.json +sudo docker exec golink /golink --sqlitedb /home/nonroot/golink.db --snapshot /home/nonroot/links.json ``` - - +### Conclusion +This little golink utility has been pretty handy on my Tailnet so far. It seems so simple, but I'm really impressed by how well it works. If you happen to try it out, I'd love to hear how you're putting it to use. \ No newline at end of file