├── .github
    ├── release-drafter.yml
    └── workflows
    │   ├── build_package.yaml
    │   └── release-drafter.yml
├── .gitignore
├── LICENSE
├── Makefile
├── README.md
├── debian
    ├── changelog
    ├── compat
    ├── control
    ├── files
    ├── patches
    │   ├── crowdsec_nginx_fix.conf
    │   └── series
    ├── postinst
    ├── postrm
    ├── prerm
    └── rules
├── docs
    └── assets
    │   └── crowdsec_nginx.svg
├── install.sh
├── nginx
    └── crowdsec_nginx.conf
├── uninstall.sh
└── upgrade.sh


/.github/release-drafter.yml:
--------------------------------------------------------------------------------
1 | template: |
2 |   ## What’s Changed
3 | 
4 |   $CHANGES


--------------------------------------------------------------------------------
/.github/workflows/build_package.yaml:
--------------------------------------------------------------------------------
 1 | # .github/workflows/build-docker-image.yml
 2 | name: release-package
 3 | 
 4 | on: 
 5 |   release:
 6 |     types: prereleased
 7 | 
 8 | jobs:
 9 |   release-package:
10 |     name: Upload release package
11 |     runs-on: ubuntu-latest
12 |     steps:
13 |     - uses: actions/checkout@v1
14 |     - name: make the package
15 |       run: make release
16 |     - name: Upload to release
17 |       uses: JasonEtco/upload-to-release@master
18 |       with:
19 |         args: crowdsec-nginx-bouncer.tgz application/x-gzip
20 |       env:
21 |         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
22 | 


--------------------------------------------------------------------------------
/.github/workflows/release-drafter.yml:
--------------------------------------------------------------------------------
 1 | name: Release Drafter
 2 | 
 3 | on:
 4 |   push:
 5 |     # branches to consider in the event; optional, defaults to all
 6 |     branches:
 7 |       - main
 8 | 
 9 | jobs:
10 |   update_release_draft:
11 |     runs-on: ubuntu-latest
12 |     steps:
13 |       # Drafts your next Release notes as Pull Requests are merged into "master"
14 |       - uses: release-drafter/release-drafter@v5
15 |         with:
16 |           config-name: release-drafter.yml
17 |           # (Optional) specify config name to use, relative to .github/. Default: release-drafter.yml
18 |           # config-name: my-config.yml
19 |         env:
20 |           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
21 |           


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Compiled Lua sources
 2 | luac.out
 3 | 
 4 | # luarocks build files
 5 | *.src.rock
 6 | *.zip
 7 | *.tar.gz
 8 | 
 9 | # Object files
10 | *.o
11 | *.os
12 | *.ko
13 | *.obj
14 | *.elf
15 | 
16 | # Precompiled Headers
17 | *.gch
18 | *.pch
19 | 
20 | # Libraries
21 | *.lib
22 | *.a
23 | *.la
24 | *.lo
25 | *.def
26 | *.exp
27 | 
28 | # Shared objects (inc. Windows DLLs)
29 | *.dll
30 | *.so
31 | *.so.*
32 | *.dylib
33 | 
34 | # Executables
35 | *.exe
36 | *.out
37 | *.app
38 | *.i*86
39 | *.x86_64
40 | *.hex
41 | 
42 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020-2021 Crowdsec
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | BUILD_VERSION?="$(shell git for-each-ref --sort=-v:refname --count=1 --format '%(refname)'  | cut -d '/' -f3)"
 2 | OUTDIR="crowdsec-nginx-bouncer-${BUILD_VERSION}/"
 3 | LUA_MOD_DIR="${OUTDIR}lua-mod"
 4 | CONFIG_DIR="${OUTDIR}config"
 5 | OUT_ARCHIVE="crowdsec-nginx-bouncer.tgz"
 6 | LUA_BOUNCER_BRANCH?=v1.0.6
 7 | default: release
 8 | release: 
 9 | 	git clone -b "${LUA_BOUNCER_BRANCH}" https://github.com/crowdsecurity/lua-cs-bouncer.git
10 | 	mkdir -p ${LUA_MOD_DIR}
11 | 	cp -r lua-cs-bouncer/* "${LUA_MOD_DIR}"/
12 | 
13 | 	cp install.sh ${OUTDIR}
14 | 	chmod +x ${OUTDIR}install.sh
15 | 
16 | 	cp uninstall.sh ${OUTDIR}
17 | 	chmod +x ${OUTDIR}uninstall.sh
18 | 
19 | 	cp upgrade.sh ${OUTDIR}
20 | 	chmod +x ${OUTDIR}upgrade.sh
21 | 
22 | 	cp -r ./nginx/ ${OUTDIR}
23 | 	tar cvzf ${OUT_ARCHIVE} ${OUTDIR}
24 | 	rm -rf ${OUTDIR}
25 | 	rm -rf "lua-cs-bouncer/"
26 | 
27 | clean:
28 | 	rm -rf "${OUTDIR}"
29 | 	rm -rf "${OUT_ARCHIVE}"
30 | 	rm -rf "lua-cs-bouncer/"
31 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <p align="center">
 2 | <img src="https://github.com/crowdsecurity/cs-nginx-bouncer/raw/main/docs/assets/crowdsec_nginx.svg" alt="CrowdSec" title="CrowdSec" width="280" height="300" />
 3 | </p>
 4 | <p align="center">
 5 | <img src="https://img.shields.io/badge/build-pass-green">
 6 | <img src="https://img.shields.io/badge/tests-pass-green">
 7 | </p>
 8 | <p align="center">
 9 | &#x1F4DA; <a href="#installation">Documentation</a>
10 | &#x1F4A0; <a href="https://hub.crowdsec.net">Hub</a>
11 | &#128172; <a href="https://discourse.crowdsec.net">Discourse </a>
12 | </p>
13 | 
14 | 
15 | 
16 | # CrowdSec NGINX Bouncer
17 | 
18 | A lua bouncer for nginx.
19 | 
20 | ## How does it work ?
21 | 
22 | This bouncer leverages nginx lua's API, namely `access_by_lua_file`.
23 | 
24 | New/unknown IP are checked against crowdsec API, and if request should be blocked, a **403** is returned to the user, and put in cache.
25 | 
26 | At the back, this bouncer uses [crowdsec lua lib](https://github.com/crowdsecurity/lua-cs-bouncer/).
27 | 
28 | # Installation
29 | 
30 | Please follow the [official documentation](https://doc.crowdsec.net/docs/bouncers/nginx).
31 | 
32 | 


--------------------------------------------------------------------------------
/debian/changelog:
--------------------------------------------------------------------------------
1 | crowdsec-nginx-bouncer (1.0.12) UNRELEASED; urgency=medium
2 | 
3 |   * debian package
4 |   
5 |  -- Crowdsec Team <info@crowdsec.net>  Mon, 08 Feb 2021 09:38:06 +0100
6 | 


--------------------------------------------------------------------------------
/debian/compat:
--------------------------------------------------------------------------------
1 | 11
2 | 


--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
 1 | Source: crowdsec-nginx-bouncer
 2 | Maintainer: Crowdsec Team <debian@crowdsec.net>
 3 | Build-Depends: debhelper, bash
 4 | 
 5 | Package: crowdsec-nginx-bouncer
 6 | Provides: crowdsec-nginx-bouncer
 7 | Description: lua-based nginx bouncer for Crowdsec
 8 | Architecture: all
 9 | Depends: nginx, lua5.1, libnginx-mod-http-lua, luarocks, gettext-base
10 | Breaks: nginx (<< 1.20), libnginx-mod-http-lua (<< 1.20)
11 | 


--------------------------------------------------------------------------------
/debian/files:
--------------------------------------------------------------------------------
1 | crowdsec-nginx-bouncer_1.0.12_all.buildinfo unknown optional
2 | crowdsec-nginx-bouncer_1.0.12_all.deb unknown optional
3 | 


--------------------------------------------------------------------------------
/debian/patches/crowdsec_nginx_fix.conf:
--------------------------------------------------------------------------------
1 | update path in config file
2 | --- a/nginx/crowdsec_nginx.conf
3 | +++ b/nginx/crowdsec_nginx.conf
4 | @@ -1,3 +1,3 @@
5 | -lua_package_path '/usr/local/lua/crowdsec/?.lua;;';
6 | +lua_package_path '/usr/lib/crowdsec/lua/?.lua;;';
7 |  lua_shared_dict crowdsec_cache 50m;
8 |  lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
9 | 


--------------------------------------------------------------------------------
/debian/patches/series:
--------------------------------------------------------------------------------
1 | crowdsec_nginx_fix.conf
2 | 


--------------------------------------------------------------------------------
/debian/postinst:
--------------------------------------------------------------------------------
 1 | 
 2 | systemctl daemon-reload
 3 | 
 4 | luarocks install lua-resty-http 0.17.1-0
 5 | luarocks install lua-cjson 2.1.0.10-1
 6 | 
 7 | API_KEY_REQUIRED=true
 8 | BOUNCER_CONFIG_PATH="/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf"
 9 | API_KEY="<API_KEY>"
10 | CROWDSEC_LAPI_URL="<LAPI_URL>"
11 | LAPI_DEFAULT_PORT="8080"
12 | 
13 | if [ "$1" = "configure" ]; then
14 | 
15 |     type cscli
16 | 
17 |     if [ "$?" -eq "0" ] ; then
18 |         # Check if it's an upgrade
19 |         if [ "$2" != "" ] ; then
20 |             echo "Upgrading, check if there is bouncer configuration"
21 |             if [ -f "${BOUNCER_CONFIG_PATH}" ] ; then
22 |                 API_KEY_REQUIRED=false
23 |             fi
24 |         fi
25 |         API=$(cscli config show --key "Config.API.Server")
26 |         if [ "$API" = "nil" ] || [ "$API" = "<nil>" ] ; then
27 |             API_KEY_REQUIRED=false
28 |         fi
29 |         if [ ${API_KEY_REQUIRED} = true ] ; then
30 |             echo "cscli/crowdsec is present, generating API key"
31 |             unique=$(date +%s)
32 |             API_KEY=$(cscli -oraw bouncers add crowdsec-nginx-bouncer-"${unique}")
33 |             PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
34 |             if [ ! -z "$PORT" ]; then
35 |                 LAPI_DEFAULT_PORT=${PORT}
36 |             fi
37 |             CROWDSEC_LAPI_URL="http://127.0.0.1:${LAPI_DEFAULT_PORT}"
38 |             if [ $? -eq 1 ] ; then
39 |                 echo "failed to create API key."
40 |                 API_KEY_REQUIRED=true
41 |                 API_KEY="<API_KEY>"
42 |             else
43 |                 API_KEY_REQUIRED=false
44 |                 echo "API Key : ${API_KEY}"
45 |                 TMP=$(mktemp -p /tmp/)
46 |                 cp ${BOUNCER_CONFIG_PATH} "${TMP}"
47 |                 API_KEY="${API_KEY}" CROWDSEC_LAPI_URL="${CROWDSEC_LAPI_URL}" envsubst '$API_KEY $CROWDSEC_LAPI_URL' < "${TMP}" > ${BOUNCER_CONFIG_PATH}
48 |                 rm "${TMP}"
49 |             fi
50 |         fi
51 |     fi
52 | 
53 |     mkdir -p /etc/nginx/conf.d/
54 |     cp /usr/share/crowdsec-nginx-bouncer/crowdsec_nginx.conf /etc/nginx/conf.d/crowdsec_nginx.conf
55 | 
56 | else
57 |     API_KEY_REQUIRED=false
58 | fi
59 | 
60 | if [ ${API_KEY_REQUIRED} = true ] ; then
61 |     echo "Can't generate an API key for the bouncer. Please do it manually"
62 | fi
63 | 
64 | echo "Restart nginx to enable the crowdsec bouncer : sudo systemctl restart nginx"
65 | echo ""
66 | echo "If you want to setup captcha remediation, follow official documentation : "
67 | echo "https://docs.crowdsec.net/docs/bouncers/nginx#when-using-captcha-remediation"
68 | 


--------------------------------------------------------------------------------
/debian/postrm:
--------------------------------------------------------------------------------
1 | if [ "$1" = "remove" ]; then
2 |     rm /etc/nginx/conf.d/crowdsec_nginx.conf || echo "Unable to remove file '/etc/nginx/conf.d/crowdsec_nginx.conf'. Remove it manually or your NGINX service will not be able to restart."
3 | fi


--------------------------------------------------------------------------------
/debian/prerm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crowdsecurity/cs-nginx-bouncer/c3820efc42eba4a0ce772206e3a48ce7d353447e/debian/prerm


--------------------------------------------------------------------------------
/debian/rules:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/make -f
 2 | 
 3 | export DEB_VERSION=$(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
 4 | export BUILD_VERSION=v${DEB_VERSION}-debian-pragmatic
 5 | export LUA_BOUNCER_BRANCH?=v1.0.6
 6 | 
 7 | %:
 8 | 	dh $@
 9 | 
10 | override_dh_systemd_start:
11 | 	echo "Not running dh_systemd_start"
12 | override_dh_auto_clean:
13 | 	rm -rf lua-cs-bouncer
14 | override_dh_auto_test:
15 | override_dh_auto_build:
16 | override_dh_auto_install:
17 | 	mkdir -p debian/crowdsec-nginx-bouncer/usr/share/crowdsec-nginx-bouncer/
18 | 	cp nginx/crowdsec_nginx.conf debian/crowdsec-nginx-bouncer/usr/share/crowdsec-nginx-bouncer/
19 | 
20 | 	git clone -b "${LUA_BOUNCER_BRANCH}" https://github.com/crowdsecurity/lua-cs-bouncer.git
21 | 
22 | 	mkdir -p debian/crowdsec-nginx-bouncer/usr/lib/crowdsec/lua/
23 | 	mkdir -p debian/crowdsec-nginx-bouncer/var/lib/crowdsec/lua/templates/
24 | 
25 | 	cp -r lua-cs-bouncer/lib/* debian/crowdsec-nginx-bouncer/usr/lib/crowdsec/lua/
26 | 	cp -r lua-cs-bouncer/templates/* debian/crowdsec-nginx-bouncer/var/lib/crowdsec/lua/templates/
27 | 
28 | 	mkdir -p debian/crowdsec-nginx-bouncer/etc/crowdsec/bouncers/
29 | 	cp lua-cs-bouncer/config_example.conf debian/crowdsec-nginx-bouncer/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf
30 | 
31 | 


--------------------------------------------------------------------------------
/docs/assets/crowdsec_nginx.svg:
--------------------------------------------------------------------------------
1 | <svg id="Laag_1" data-name="Laag 1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 300.62 328.39"><defs><style>.cls-1{fill:#4e4a99;}.cls-2{fill:#3e3978;}.cls-3{fill:#fff;}.cls-4{fill:#f39319;}.cls-5{fill:#f8ab13;}.cls-6{isolation:isolate;}</style></defs><path class="cls-1" d="M144.55,236.27c32.7,0,59.49-50,66.12-111.27a14.33,14.33,0,0,0,13.85-11.79h0a14.08,14.08,0,0,0,.24-2.24h.42a9,9,0,0,0,5.51-16.48,14.32,14.32,0,0,0-3.63-27.24,9,9,0,0,0-6.92-14.54,14.48,14.48,0,0,0,5.8-5.09c3.36-5.27,3.9-29-8-44.31C213-3,208.19.81,207.88,5.1c-.93,13.15-1,23-4.46,34.29a9,9,0,0,0-16-4.13,14.31,14.31,0,0,0-28.33,0,9,9,0,0,0-16,4.09c-3.41-11.26-3.53-21.14-4.46-34.29C138.32.77,133.5-3,128.57,3.27c-11.94,15.27-11.4,39-8,44.31a14.58,14.58,0,0,0,5.72,5.13,9,9,0,0,0-6.86,14.58,14.32,14.32,0,0,0-3.63,27.24A9,9,0,0,0,121.31,111h.42a14.26,14.26,0,0,0,.23,2.16h0a14.3,14.3,0,0,0,14.09,11.88h0c-4,17.16-10,66.27-15,111.24.28-2.55.88-5.12,1.17-7.68C129.3,233.55,136.61,236.27,144.55,236.27Z" transform="translate(0 0.06)"/><path class="cls-2" d="M173.43,248.81c18.25,0,36,.29,52.86.83q-.66-6.24-1.35-12.64c-1.8-16.75-3.61-34.58-5.46-51.31-3.2-26.82-6.34-50-8.81-60.69-6.63,61.32-33.42,111.27-66.12,111.27-7.94,0-15.25-2.72-22.33-7.7-.29,2.56-.89,5.13-1.17,7.68-.49,4.52-.92,9-1.33,13.41C136.88,249.11,154.88,248.81,173.43,248.81Z" transform="translate(0 0.06)"/><path class="cls-1" d="M118.15,114.76a13,13,0,0,1-6.94-4,39.4,39.4,0,0,0-5.53,1.63,16.35,16.35,0,0,1-11.61,0,43.72,43.72,0,0,0-14.23-2.6,61.43,61.43,0,0,0-19.67,2.49c0,2.22-.05,4.23,0,6.23a3.72,3.72,0,0,0,.68,1.45,20.88,20.88,0,0,1,1.94,3.37c1,2.73,1.63,5.57,2.59,8.31a7.72,7.72,0,0,0,6.49,5.45,71.94,71.94,0,0,0,11.17.72,13.21,13.21,0,0,0,6.21-1.59,60.55,60.55,0,0,1,4.53-13c2.9-5.78,7.54-6,10.68,0a54.35,54.35,0,0,1,4.31,11.93,9.34,9.34,0,0,0,3.88,1.9,32.41,32.41,0,0,0,14.79.16,10.82,10.82,0,0,0,2.28-.73c.5-3,1-5.76,1.48-8.18A18.28,18.28,0,0,1,118.15,114.76Z" transform="translate(0 0.06)"/><path class="cls-3" d="M113.9,160.9a72.79,72.79,0,0,0-2-12c-1.15-4.58-2-9.16-3.12-13.66a54.35,54.35,0,0,0-4.31-11.93c-3.14-6-7.78-5.78-10.68,0a60.55,60.55,0,0,0-4.53,13c-1,4.16-1.84,8.39-2.91,12.62a72.79,72.79,0,0,0-2,12c-.5,6.25,3.59,11.63,8.72,11.63h12.07C110.31,172.53,114.43,167.15,113.9,160.9ZM101,146a79.55,79.55,0,0,1-.26,8.17c-.27,3.29-.41,6.58-.92,9.65-.36,2.18-.94,2.27-1.33,0-.52-3-.65-6.36-.92-9.65-.23-2.69-.3-5.42-.26-8.17-3.58-.94-6.42-4.58-7.25-9.24a18.38,18.38,0,0,0,18.19,0C107.43,141.41,104.57,145.05,101,146Z" transform="translate(0 0.06)"/><path class="cls-4" d="M90.05,136.71c.83,4.66,3.67,8.3,7.25,9.24,0,2.75,0,5.48.26,8.17.27,3.29.4,6.6.92,9.65.39,2.27,1,2.18,1.33,0,.51-3.07.65-6.36.92-9.65A79.55,79.55,0,0,0,101,146c3.58-.94,6.42-4.58,7.25-9.24A18.38,18.38,0,0,1,90.05,136.71Z" transform="translate(0 0.06)"/><path class="cls-1" d="M228.28,114.76a18.36,18.36,0,0,1-12.85,13.54q.63,3.19,1.32,7.35a7.61,7.61,0,0,0,3.7,1.49,71.94,71.94,0,0,0,11.17.72,13.21,13.21,0,0,0,6.21-1.59,61.07,61.07,0,0,1,4.52-13c2.9-5.78,7.55-6,10.69,0a54.35,54.35,0,0,1,4.31,11.93,9.55,9.55,0,0,0,3.87,1.9,32.45,32.45,0,0,0,14.8.16,8.8,8.8,0,0,0,7.08-6.14c.85-2.5,1.59-5.05,2.27-7.6.39-1.45.56-2.92,2.2-3.64.31-.14.51-.86.52-1.32.06-2.07,0-4.14,0-6.61-4-.65-7.93-1.52-11.9-1.88-7.45-.67-14.84-.38-22,2.33a16.35,16.35,0,0,1-11.61,0,42.05,42.05,0,0,0-7.14-1.92A13,13,0,0,1,228.28,114.76Z" transform="translate(0 0.06)"/><path class="cls-3" d="M262.43,160.9a72.79,72.79,0,0,0-2-12c-1.15-4.58-2-9.16-3.12-13.66A54.35,54.35,0,0,0,253,123.31c-3.14-6-7.79-5.78-10.69,0a61.07,61.07,0,0,0-4.52,13c-1,4.16-1.85,8.39-2.91,12.62a72.79,72.79,0,0,0-2,12c-.5,6.25,3.59,11.63,8.72,11.63h12.07C258.88,172.53,263,167.15,262.43,160.9ZM249.52,146c0,2.75,0,5.48-.26,8.17-.27,3.29-.41,6.58-.92,9.65-.36,2.18-.94,2.27-1.33,0-.52-3-.65-6.36-.92-9.65-.23-2.69-.3-5.42-.26-8.17-3.58-.94-6.42-4.58-7.25-9.24a18.38,18.38,0,0,0,18.19,0c-.79,4.66-3.63,8.3-7.21,9.24Z" transform="translate(0 0.06)"/><path class="cls-4" d="M238.62,136.71c.83,4.66,3.67,8.3,7.25,9.24,0,2.75,0,5.48.26,8.17.27,3.29.4,6.6.92,9.65.39,2.27,1,2.18,1.33,0,.51-3.07.65-6.36.92-9.65.23-2.69.3-5.42.26-8.17,3.58-.94,6.42-4.58,7.25-9.24A18.38,18.38,0,0,1,238.62,136.71Z" transform="translate(0 0.06)"/><path class="cls-4" d="M277.75,153.13c2,8.59,4.5,27.16,7.06,48.67C282.57,181.49,280.25,163.22,277.75,153.13Z" transform="translate(0 0.06)"/><g id="IgKKMw"><path class="cls-5" d="M124.62,74.13A77.1,77.1,0,0,1,149.15,71a54.52,54.52,0,0,1,17.74,3.25,20.41,20.41,0,0,0,14.48,0c8.92-3.39,18.12-3.75,27.42-2.91,4.94.45,9.82,1.53,14.83,2.34v8.24c0,.57-.26,1.47-.66,1.65-2,.89-2.24,2.73-2.73,4.54-.85,3.18-1.78,6.35-2.83,9.48-1.43,4.25-4.38,6.71-8.83,7.66a40.77,40.77,0,0,1-18.45-.2,10.79,10.79,0,0,1-7.55-5.9c-1.9-3.91-3.72-7.86-5.79-11.69A4.17,4.17,0,0,0,174,85.41c-.79-.06-2,1.14-2.49,2.06a71.9,71.9,0,0,0-4.05,8.5c-2.53,6.61-7.49,9.81-14.26,10a90.13,90.13,0,0,1-13.93-.9,9.65,9.65,0,0,1-8.1-6.8c-1.2-3.41-2-7-3.22-10.36a27.49,27.49,0,0,0-2.42-4.21,4.38,4.38,0,0,1-.85-1.81C124.56,79.4,124.62,76.9,124.62,74.13Z" transform="translate(0 0.06)"/></g><path class="cls-3" d="M189.15,119.71c-2.74-10.88-4-21.81-9.27-31.92-3.91-7.5-9.7-7.2-13.32,0-5.11,10.17-6.53,21-9.27,31.92a90.62,90.62,0,0,0-2.47,15c-.62,7.79,4.47,14.5,10.88,14.5h15c6.41,0,11.5-6.71,10.88-14.5A91.6,91.6,0,0,0,189.15,119.71Z" transform="translate(0 0.06)"/><path class="cls-1" d="M184.56,104.58a22.88,22.88,0,0,1-22.68,0c1,5.81,4.58,10.34,9,11.52a101.92,101.92,0,0,0,.32,10.19c.34,4.1.5,8.22,1.15,12,.49,2.83,1.21,2.72,1.66,0,.63-3.83.81-7.93,1.15-12,.28-3.36.37-6.76.32-10.19C180,114.92,183.52,110.39,184.56,104.58Z" transform="translate(0 0.06)"/><path class="cls-5" d="M76.16,242.37c20,0,37.28-23.36,46.69-56.31,2.22-18,4.67-36.28,6.9-49.5a10.82,10.82,0,0,1-2.28.73,32.41,32.41,0,0,1-14.79-.16,9.34,9.34,0,0,1-3.88-1.9c1.14,4.5,2,9.08,3.12,13.66a72.79,72.79,0,0,1,2,12c.5,6.25-3.59,11.63-8.72,11.63H93.11c-5.13,0-9.22-5.38-8.72-11.63a72.79,72.79,0,0,1,2-12c1.07-4.23,1.88-8.46,2.91-12.62a13.21,13.21,0,0,1-6.21,1.59,71.94,71.94,0,0,1-11.17-.72,7.72,7.72,0,0,1-6.49-5.43c-1-2.74-1.62-5.58-2.59-8.31A20.88,20.88,0,0,0,60.9,120a3.72,3.72,0,0,1-.68-1.45c-.08-2,0-4,0-6.23a61.43,61.43,0,0,1,19.67-2.49,43.72,43.72,0,0,1,14.23,2.6,16.35,16.35,0,0,0,11.61,0,40.65,40.65,0,0,1,5.52-1.63,13,13,0,0,1-1.59-15.48,18.38,18.38,0,0,1-4.39-22.21,11.46,11.46,0,0,0-17.42,8.1A7.22,7.22,0,0,0,75,84.51c-2.74-9-2.83-17-3.58-27.49-.25-3.45-4.12-6.49-8.07-1.44-9.57,12.25-9.14,31.31-6.45,35.54a11.75,11.75,0,0,0,4.65,4.08A7.23,7.23,0,0,0,56,106.87a11.49,11.49,0,0,0-2.95,21.84,7.23,7.23,0,0,0,4.42,13.22h.33a10.05,10.05,0,0,0,.18,1.73h0a11.51,11.51,0,0,0,11.31,9.53h0c-3.18,13.77-8.06,53.16-12,89.22.22-2,.7-4.1.93-6.16C63.93,240.19,69.79,242.37,76.16,242.37Z" transform="translate(0 0.06)"/><path class="cls-4" d="M117.08,235.81c1.27-11.64,3.39-30.48,5.77-49.75-9.41,33-26.67,56.31-46.69,56.31-6.37,0-12.23-2.18-17.92-6.18-.23,2.06-.71,4.12-.93,6.16-.4,3.66-.75,7.28-1.08,10.84,18.09-1.49,38.1-2.64,59.46-3.39C116.11,245.22,116.56,240.54,117.08,235.81Z" transform="translate(0 0.06)"/><path class="cls-5" d="M277.75,153.13a11.48,11.48,0,0,0,11.11-9.42h0a11.94,11.94,0,0,0,.19-1.79h.33a7.23,7.23,0,0,0,4.42-13.21,11.49,11.49,0,0,0-2.9-21.85,7.23,7.23,0,0,0-5.55-11.67A11.75,11.75,0,0,0,290,91.11c2.69-4.23,3.13-23.29-6.45-35.54-3.95-5-7.82-2-8.07,1.44-.75,10.54-.84,18.47-3.58,27.49a7.22,7.22,0,0,0-12.81-3.3,11.47,11.47,0,0,0-17.76-7.85,18.38,18.38,0,0,1-4.5,22,13,13,0,0,1-1.33,15.2,42.05,42.05,0,0,1,7.14,1.92,16.35,16.35,0,0,0,11.61,0c7.15-2.71,14.54-3,22-2.33,4,.36,7.88,1.23,11.9,1.88v6.61c0,.46-.21,1.18-.52,1.32-1.64.72-1.81,2.19-2.2,3.64-.68,2.55-1.42,5.1-2.27,7.6a8.8,8.8,0,0,1-7.08,6.14,32.45,32.45,0,0,1-14.8-.16,9.55,9.55,0,0,1-3.87-1.9c1.14,4.5,2,9.08,3.12,13.66a72.79,72.79,0,0,1,2,12c.5,6.25-3.59,11.63-8.72,11.63H241.68c-5.13,0-9.22-5.38-8.72-11.63a72.79,72.79,0,0,1,2-12c1.06-4.23,1.88-8.46,2.91-12.62a13.21,13.21,0,0,1-6.21,1.59,71.94,71.94,0,0,1-11.17-.72,7.61,7.61,0,0,1-3.7-1.49c3.06,18.47,7.1,51.23,12.46,100.92.19,1.73.38,3.5.57,5.29C253.68,237.1,272.78,199.1,277.75,153.13Z" transform="translate(0 0.06)"/><path class="cls-4" d="M289.19,243c-1.44-13.43-2.89-27.73-4.38-41.15-2.56-21.51-5.08-40.08-7.06-48.67-5,46-24.07,84-47.95,88.73.27,2.56.55,5.19.84,7.92,21.43.75,41.49,1.9,59.65,3.38C289.93,249.8,289.57,246.4,289.19,243Z" transform="translate(0 0.06)"/><path class="cls-1" d="M226.29,249.64h.32c-.45-4.16-.9-8.39-1.36-12.65-1.82-17.13-3.82-34.9-5.77-51.28,1.85,16.73,3.66,34.56,5.46,51.31Q225.63,243.4,226.29,249.64Z" transform="translate(0 0.06)"/><path class="cls-2" d="M210.67,125c2.47,10.71,5.61,33.87,8.81,60.69C216.68,160.37,213.79,137.58,210.67,125Z" transform="translate(0 0.06)"/><path class="cls-2" d="M121.05,236.25q-.73,6.8-1.45,13.42h.12C120.13,245.26,120.56,240.77,121.05,236.25Z" transform="translate(0 0.06)"/><g id="_5MfN0e.tif" data-name=" 5MfN0e.tif"><image id="Layer_0" data-name="Layer 0" class="cls-6" width="1283" height="1472" transform="translate(0 210.63) scale(0.08)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABQMAAAXACAYAAADiO1pAAAAACXBIWXMAAIppAACKaQGxZbMyAAAgAElEQVR4XuzdXYymaX4W9uuujquzWttTC8bRLKDu9ZI1C7Gnrc16Y8I+XRYG25uYaW8kCAtR1wF0Tcdq9UOCzEES99MWR4FIz6jWqqkOEtWKbOIcmB6CAMdE2/USJdk1Jt0IYmO8bJdw1opJvFM2ZOlCXXcOXDvunZ2Zuz/q4/34/U5G03W954+u9/1fT6m1BgCA+VK2ugtJLiQ5f/jflcM/nU8p55LspdZ7j33kbmp5I7Xeq1cndwMAwFwqykAAgNlXNrqVLOdSkkspZTXJC42PvLtad1LLnfzreqdemzxoxQEAmA3KQACAGVY2uvM5W4Ykl1vZZ1brTpLtuj7ZbkUBAJhuykAAgBl0IiXgW9W6m4OsOSMGAJhdykAAgBlyeA7cp5QbreyxqXUn+1lzPgwAMHuUgQAAM6JsdWtJhsMXgJy+Wl/NfoZ6bfJGKwoAwHRQBgIATLmy2a1mKUNKudjKnoK91NrbEwQAmA3KQACAKXUqu4DP7n4e1d6eIADAdFMGAgBMobLVDSmlT/JCKztVan09++ntCQIATCdlIADAFCm3ukupGadmF/BZ1Xoz+xntCQIATBdlIADAFChb3YUk45TuAj6bWneTDPYEAQCmhzIQAOAUlY1uJWfLmNnYBXw2te7kIIM9QQCA06cMBAA4JeW1i32WMmTWdgGf3e08rIM9QQCA06MMBAA4YWWzW81Stmd+F/DZ7KXWsa5PhlYQAICjpwwEADghZaM7n+Vsz9Uu4LOqdTclfb0yudOKAgBwdJSBAADHrGx0K1nOkFKut7ILp9adJH1dn9xrRQEAeH7KQACAY1S2urWUMmZxdgGfTa2vZj9DvTZ5oxUFAODZKQMBAI5B2exWc6aMSV5qZXnTXg4y1Fd2xlYQAIBnowwEADhCh7uAY0p5uZXlHdS6m4Os1auTu60oAABPRxkIAHAEDncB+5TSx0nw0ah1J/tZq9cmD1pRAACejDIQAOA5la1uLcmQUs61sjyDWm9mP6M9QQCA56cMBAB4RmWzW81ShpRysZXlue2l1r6uT7ZbQQAA3pkyEADgKZWNbiVny5jkcivLkbufR7W3JwgA8GyUgQAAT6FsdYNdwClQ6+vZT29PEADg6SgDAQCeQLnVXUrNaBdwquyl1tGeIADAk1MGAgC8i7LVXUgy2gWcYrXuJhnsCQIAtCkDAQDeRtnoVrKcIaVcb2WZErXu5CCDPUEAgHemDAQAeIvy2sU+SxliF3BW3c7D2jsdBgD4WspAAIBDZbNbzVK27QLOhb3UOtb1ydAKAgAsEmUgALDwykZ3PssZU8rLrSwzptbdlPT1yuROKwoAsAiUgQDAwjrcBexTyo1WlhlX6072s1avTR60ogAA80wZCAAspLLVraWUMXYBF0utr2Y/gz1BAGBRKQMBgIVSNrvVnCljkpdaWebWXg4y1Fd2xlYQAGDeKAMBgIVQNrrzOVuGJJdbWRZErbs5yFq9OrnbigIAzAtlIAAw1x7bBezjJJi3U+vr2U9vTxAAWATKQABgbpWtbi3JkFLOtbKQWm9mP6M9QQBgnikDAYC5U7a6C0nGlHKxlYW32EutfV2fbLeCAACzSBkIAMyNstGt5GwZYxeQ53c/j2pvTxAAmDfKQABgLpStbrALyDG4nYd1sCcIAMwLZSAAMNPKre5Saka7gByjvdQ62hMEAOaBMhAAmEllozuf5WzbBeTE1LqbZLAnCADMMmUgADBTyka3kuUMKeV6KwvHotadJH1dn9xrRQEApo0yEACYGeW1i32WMsQuINPhdh7W3ukwADBLlIEAwNQrm91qzpQxyUutLJywvdQ61vXJ0AoCAEwDZSAAMLUOdwHHlPJyKwunqtbdHGStXp3cbUUBAE6TMhAAmDqHu4B9SrnRysJUqXUn+1mr1yYPWlEAgNOgDAQApkrZ6tZSyhi7gMyyWl/NfgZ7ggDAtFEGAgBToWx2q1nKkFIutrIwI/ZykKG+sjO2ggAAJ0UZCACcqrLRnc/ZMiS53MrCjLqfR7W3JwgATANlIABwKh7bBezjJJhFUOvr2U9vTxAAOE3KQADgxJVb3aXUjCnlXCsLc6fWm9nPaE8QADgNykAA4MSUre5CktEuIGQvtfZ1fbLdCgIAHCVlIABw7MpGt5KzZYxdQPhqte7kIIM9QQDgpCgDAYBjVba6wS4gNN3OwzrYEwQAjpsyEAA4FmWzW81Stu0CwhPbS61jXZ8MrSAAwLNSBgIAR6psdOeznG27gPCMat1NSV+vTO60ogAAT0sZCAAcibLRrWQ5Q0q53soCT6DWnSR9XZ/ca0UBAJ6UMhAAeG5lq1tLKWPsAsJxuJ2Hta/XJm+0ggAALcpAAOCZlc1uNWfKmOSlVhZ4Lns5yFBf2RlbQQCAd6MMBACe2uEu4JhSXm5lgSNU624OslavTu62ogAAb0cZCAA8scNdwD6l3GhlgWNU6072s1avTR60ogAAj1MGAgBPpGx1a0mGlHKulQVOSK2vZj+DPUEA4EkpAwGAd1U2u9UsZUgpF1tZ4FTspda+rk+2W0EAAGUgAPC2ykZ3PmfLkORyKwtMhft5VHt7ggDAu1EGAgBfo2x1Q0rpk7zQygJTptbXs5/eniAA8HaUgQDAm8qt7lJqRruAMAdqvZn9jPYEAYDHKQMBgJSt7kKS0S4gzJlad5MM9gQBgK9QBgLAAisb3UrOljF2AWG+1bqTgwz2BAEAZSAALKjy2sU+SxliFxAWye08rL3TYQBYXMpAAFgwZbNbzVK27QLCwtpLrWNdnwytIAAwf5SBALAgykZ3PsvZtgsIJPnNPcGSvl6Z3GlFAYD5oQwEgDlXNrqVLKdPKTdaWWAB1bqTpK/rk3utKAAw+5SBADDHyla3llLG2AUEWmp9NfsZ7AkCwHxTBgLAHCqb3WrOlDHJS60swGP2cpChvrIztoIAwGxSBgLAHDncBRxTysutLMA7qnU3B1mrVyd3W1EAYLYoAwFgDjy2C9jHSTBwVGrdyX7W6rXJg1YUAJgNykAAmHFlq1tLMqSUc60swDOp9Wb2M9oTBIDZpwwEgBlVNrvVLGVIKRdbWYAjsJda+7o+2W4FAYDppQwEgBlTNrqVnC1jksutLMAxuJ9HtbcnCACzSRkIADOkbHWDXUBgKtT6evbT2xMEgNmiDASAGVBudZdSM9oFBKbMXmod7QkCwOxQBgLAFCsb3fksZ9suIDDVat1NMtgTBIDppwwEgClUNrqVLGdIKddbWYCpUetOkr6uT+61ogDA6VAGAsCUKa9d7LOUIXYBgdl1Ow9r73QYAKaPMhAApkTZ7FazlG27gMCc2EutY12fDK0gAHBylIEAcMoOdwHHlPJyKwswc2rdTUlfr0zutKIAwPFTBgLAKTncBexTyo1WFmDm1bqT/azVa5MHrSgAcHyUgQBwCspWt5ZSxtgFBBZNra9mP4M9QQA4HcpAADhBZbNbzZkyJnmplQWYY3s5yFBf2RlbQQDgaCkDAeAElI3ufM6WIcnlVhZgYdS6m4Os1auTu60oAHA0lIEAcIwe2wXs4yQY4O3V+nr209sTBIDjpwwEgGNStrq1JENKOdfKApCk1pvZz2hPEACOjzIQAI5Y2eouJBlTysVWFoCvsZda+7o+2W4FAYCnpwwEgCNSNrqVnC1j7AICHIX7eVR7e4IAcLSUgQBwBMpWN9gFBDgWt/OwDvYEAeBoKAMB4DmUzW41S9m2CwhwrPZS62hPEACenzIQAJ5B2ejOZznbdgEBTlCtuynp65XJnVYUAHh7ykAAeAplo1vJcoaUcr2VBeCY1LqTpK/rk3utKADw1ZSBAPCEymsX+yxliF1AgGlxOw9r73QYAJ6cMhAAGspmt5ozZUzyUisLwInbS61jXZ8MrSAAoAwEgHd0uAs4ppSXW1kATlmtuznIWr06uduKAsAiUwYCwFsc7gL2KeVGKwvAlKl1J/tZq9cmD1pRAFhEykAAeEzZ6tZSyhi7gACzrdZXs5/BniAAfDVlIADkcBdwKUNKudjKAjAz9nKQob6yM7aCALAolIEALLSy0Z3P2TIkudzKAjCz7udR7e0JAoAyEIAF9dguYB8nwQCLodbXs5/eniAAi0wZCMDCKbe6S6kZU8q5VhaAOVTrzexntCcIwCJSBgKwMMpWdyHJaBcQgNS6m2So65PtVhQA5okyEIC5Vza6lZwtY+wCAvBWte7kIIM9QQAWhTIQgLlWXrvYZylD7AIC8O5u52Ed7AkCMO+UgQDMpbLZrWYp23YBAXgKe6l1rOuToRUEgFmlDARgrpSN7nyWs20XEIBnVutuSvp6ZXKnFQWAWaMMBGAulI1uJcsZUsr1VhYAnkitO0n6uj6514oCwKxQBgIw88pWt5ZSxtgFBOB43M7D2tdrkzdaQQCYdspAAGZW2exWc6aMSV5qZQHgOe3lIEN9ZWdsBQFgmikDAZg5h7uAY0p5uZUFgCNV624OslavTu62ogAwjZSBAMyMw13APqXcaGUB4FjVupP9rNVrkwetKABME2UgADOhbHVrSYaUcq6VBYATU+ur2c9gTxCAWaEMBGCqlc1uNUsZUsrFVhYATsleau3r+mS7FQSA06YMBGAqlY3ufM6WIcnlVhYApsT9PKq9PUEAppkyEICpU7a6IaX0SV5oZQFg6tT6evbT2xMEYBopAwGYGuVWdyk1o11AAObAXmods5/RniAA00QZCMCpK1vdhSSjXUAA5k6tu0kGe4IATAtlIACnpmx0K1nOkFKut7IAMNNq3clBBnuCAJw2ZSAAp6K8drHPUobYBQRgsdzOw9o7HQbgtCgDAThRZbNbzVK27QICsMD2UutY1ydDKwgAR00ZCMCJKBvd+Sxn2y4gAByqdTclfb0yudOKAsBRUQYCcKwOdwH7lHKjlQWAhVTrTpK+rk/utaIA8LyUgQAcm7LVraWUMXYBAaCt1lezn8GeIADHSRkIwJErm91qzpQxyUutLADwVfZykKG+sjO2ggDwLJSBAByZw13AMaW83MoCAO+i1t0cZK1endxtRQHgaSgDAXhuj+0C9nESDABHp9ad7GetXps8aEUB4EkoAwF4LmWrW0sypJRzrSwA8IxqvZn9jPYEAXheykAAnknZ6i4kGVPKxVYWADgSe6m1r+uT7VYQAN6JMhCAp1I2upWcLWOSy60sAHAs7udR7e0JAvAslIEAPLGy1Q12AQFgatzOwzrYEwTgaSgDAWgqt7pLqRntAgLA1NlLraM9QQCelDIQgHdUNrrzWc62XUAAmHK17iYZ7AkC0KIMBOBrlI1uJcsZUsr1VhYAmCK17iTp6/rkXisKwGJSBgLwVcprF/ssZYhdQACYZbfzsPZOhwF4K2UgAEmSstmtZinbdgEBYG7spdaxrk+GVhCAxaEMBFhwh7uAY0p5uZUFAGZQrbsp6euVyZ1WFID5pwwEWFCHu4B9SrnRygIAc6DWnexnrV6bPGhFAZhfykCABVS2urWUMsYuIAAsnlpfzX4Ge4IAi0kZCLBAyma3mjNlTPJSKwsAzLW9HGSor+yMrSAA80UZCLAAykZ3PmfLkORyKwsALJBad3OQtXp1crcVBWA+KAMB5thju4B9nAQDAO+k1tezn96eIMD8UwYCzKlyq7uUmjGlnGtlAQCSJLXezH5Ge4IA80sZCDBnylZ3IcmYUi62sgAAb2MvtfZ1fbLdCgIwe5SBAHOibHQrOVvG2AUEAI5CrTs5yGBPEGC+KAMB5kDZ6ga7gADAMbmdh3WwJwgwH5SBADOsbHarWcq2XUAA4JjtpdbRniDA7FMGAsygstGdz3K27QICACeq1t2U9PXK5E4rCsB0UgYCzJCy0a1kOUNKud7KAgAcm1p3kvR1fXKvFQVguigDAWZEee1in6UMsQsIAEyP23lYe6fDALNDGQgw5cpmt5ozZUzyUisLAHAK9lLrWNcnQysIwOlTBgJMqcNdwDGlvNzKAgCculp3c5C1enVytxUF4PQoAwGmzOEuYJ9SbrSyAABTp9ad7GetXps8aEUBOHnKQIApUra6tZQyxi4gADDran01+xnsCQJMF2UgwBQom91qljKklIutLADADNlLrX1dn2y3ggCcDGUgwCkqG935nC1DksutLADADLufR7W3Jwhw+pSBAKekbHVDSunjJBgAWBS1vp799PYEAU6PMhDghJVb3aXUjCnlXCsLADCXar2Z/Yz2BAFOnjIQ4ISUre5CktEuIABAklp3kwz2BAFOljIQ4JiVjW4lZ8sYu4AAAF+r1p0cZLAnCHAylIEAx6i8drHPUobYBQQAaLmdh3WwJwhwvJSBAMegbHarWcq2XUAAgKeyl1rHuj4ZWkEAno0yEOAIlY3ufJazbRcQAOA51Lqbkr5emdxpRQF4OspAgCNQNrqVLGdIKddbWQAAnlCtO0n6uj6514oC8GSUgQDPqWx1aylljF1AAIDjcjsPa1+vTd5oBQF4d8pAgGdUNrvVnCljkpdaWQAAntteDjLUV3bGVhCAd6YMBHhKh7uAY0p5uZUFAOCI1bqbg6zVq5O7rSgAX0sZCPCEDncB+5Ryo5UFAOCY1bqT/azVa5MHrSgAv0UZCPAEyla3lmRIKedaWQAATlCtN7Of0Z4gwJNRBgK8i7LZrWYpQ0q52MoCAHBq9lJrX9cn260gwKJTBgK8jbLRreRsGZNcbmUBAJga9/Oo9vYEAd6ZMhDgLcpWN6SUPskLrSwAAFOo1tezn96eIMDXUgYCHCq3ukupGe0CAgDMhb3UOtoTBPhqykBg4ZWt7kKS0S4gAMAcqnU3yWBPEOA3KQOBhVU2upUsZ0gp11tZAABmXK07OchgTxBYdMpAYCGV1y72WcoQu4AAAIvmdh7W3ukwsKiUgcBCKZvdapaybRcQAGCh7aXWsa5PhlYQYN4oA4GFUDa681nOtl1AAADeVOtuSvp6ZXKnFQWYF8pAYK4d7gL2KeVGKwsAwIKqdSdJX9cn91pRgFmnDATmVtnq1lLKGLuAAAA8iVpfzX4Ge4LAPFMGAnOnbHarOVPGJC+1sgAA8BZ7OchQX9kZW0GAWaQMBOZG2ejO52wZklxuZQEA4F3VupuDrNWrk7utKMAsUQYCM++xXcA+ToIBADhKtb6e/fT12uRBKwowC5SBwEwrW91akiGlnGtlAQDgmdV6M/sZ7QkCs04ZCMykstVdSDKmlIutLAAAHJG91NrX9cl2KwgwrZSBwEwpG91KzpYxdgEBADg99/Oo9vYEgVmkDARmRtnqBruAAABMkdt5WAd7gsAsUQYCU6/c6i6lZrQLCADAFNpLraM9QWBWKAOBqVU2uvNZzrZdQAAApl6tu0kGe4LAtFMGAlOnbHQrWc6QUq63sgAAMFVq3UnS1/XJvVYU4DQoA4GpUl672GcpQ+wCAgAw227nYe2dDgPTRhkITIWy2a1mKdt2AQEAmCN7qXWs65OhFQQ4KcpA4FQd7gKOKeXlVhYAAGZSrbsp6euVyZ1WFOC4KQOBU3G4C9inlButLAAAzIVad7KftXpt8qAVBTguykDgxJWtbi2ljLELCADAIqr11exnsCcInAZlIHBiDncBh5RysZUFAIA5t5eDDPWVnbEVBDhKykDg2JWN7nzOliHJ5VYWAAAWzP08qn29OrnbCgIcBWUgcGwe2wXs4yQYAADeWa2vZz+9PUHguCkDgWNRbnWXUjOmlHOtLAAAcKjWm9nPaE8QOC7KQOBIla3uQpLRLiAAADyzvdTa1/XJdisI8LSUgcCRKBvdSs6WMXYBAQDgaNS6k4MM9gSBo6QMBJ5b2eoGu4AAAHBsbudhHewJAkdBGQg8s7LZrWYp23YBAQDg2O2l1tGeIPC8lIHAUysb3fksZ9suIAAAnLBad1PS1yuTO60owNtRBgJPrGx0K1nOkFKut7IAAMAxqnUnSV/XJ/daUYDHKQOBJ1Jeu9hnKUPsAgIAwDS5nYe1dzoMPCllIPCuyma3mjNlTPJSKwsAAJyKvRxkqK/sjK0ggDIQeFuHu4BjSnm5lQUAAKZArbs5yFq9OrnbigKLSxkIfJXDXcA+pdxoZQEAgClU6072s1avTR60osDiUQYCbypb3VqSIaWca2UBAIApV+ur2c9gTxB4nDIQ+M1dwKUMKeViKwsAAMyUvdTa1/XJdisILAZlICywstGdz9kyJLncygIAADPtfh7V3p4goAyEBVW2uiGl9EleaGUBAIA5Uevr2U9vTxAWlzIQFky51V1KzWgXEAAAFlitN7Of0Z4gLB5lICyIstVdSDLaBQQAAJIkte4mGewJwmJRBsKcKxvdSs6WMXYBAQCAt1PrTg4y2BOExaAMhDlWXrvYZylD7AICAABtt/OwDvYEYb4pA2EOlc1uNUvZtgsIAAA8pb3UOtb1ydAKArNJGQhzpGx057OcbbuAAADAc6l1NyV9vTK504oCs0UZCHOgbHQrWU6fUm60sgAAAE+s1p0kfV2f3GtFgdmgDIQZV7a6tZQyxi4gAABwXGp9NfsZ6rXJG60oMN2UgTCjyma3mjNlTPJSKwsAAHAE9nKQob6yM7aCwPRSBsKMOdwFHFPKy60sAADAkat1NwdZq1cnd1tRYPooA2FGPLYL2MdJMAAAcNpq3cl+1uq1yYNWFJgeykCYAWWrW0sypJRzrSwAAMCJqvVm9jPaE4TZoAyEKVY2u9UsZUgpF1tZAACAU7SXWvu6PtluBYHTpQyEKVQ2upWcLWOSy60sAADAFLmfR7W3JwjTSxkIU6ZsdYNdQAAAYKbV+nr209sThOmjDIQpUW51l1Iz2gUEAADmxF5qHe0JwnRRBsIpK1vdhSSjXUAAAGAu1bqbZLAnCNNBGQinpGx0K1nOkFKut7IAAAAzr9adHGSwJwinSxkIp6C8drHPUobYBQQAABbP7TysvdNhOB3KQDhBZbNbzVK27QICAAALbi+1jnV9MrSCwNFSBsIJKBvd+SxnTCkvt7IAAAALo9bdlPT1yuROKwocDWUgHKPDXcA+pdxoZQEAABZWrTvZz1q9NnnQigLPRxkIx6RsdWspZYxdQAAAgCdT66vZz2BPEI6PMhCOWNnsVnOmjEleamUBAAD4Gns5yFBf2RlbQeDpKQPhiJSN7nzOliHJ5VYWAACAhlp3c5C1enVytxUFnpwyEJ7TY7uAfZwEAwAAHK1aX89+enuCcDSUgfAcyla3lmRIKedaWQAAAJ5DrTezn9GeIDwfZSA8g7LVXUgyppSLrSwAAABHZi+19nV9st0KAm9PGQhPoWx0KzlbxtgFBAAAOE3386j29gTh6SkD4QmVrW6wCwgAADBVbudhHewJwpNTBkJDudVdSs1oFxAAAGAq7aXW0Z4gPBllILyDstGdz3K27QICAADMgFp3kwz2BOHdKQPhLcpGt5LlDCnleisLAADAlKl1J0lf1yf3WlFYRMpAeEx57WKfpQyxCwgAADDrbudh7Z0Ow1dTBkKSstmt5kwZk7zUygIAADAz9lLrWNcnQysIi0IZyEI73AUcU8rLrSwAAAAzqtbdHGStXp3cbUVh3ikDWUiHu4B9SrnRygIAADAnat3JftbqtcmDVhTmlTKQhVO2urWUMsYuIAAAwGKq9dXsZ7AnyCJSBrIwyma3mqUMKeViKwsAAMDc28tBhvrKztgKwjxRBjL3ykZ3PmfLkORyKwsAAMDCuZ9HtbcnyKJQBjK3HtsF7OMkGAAAgHdT6+vZT29PkHmnDGQulVvdpdSMKeVcKwsAAABvqvVm9jPaE2ReKQOZK2Wru5BktAsIAADAc9hLrX1dn2y3gjBrlIHMhbLRreRsGWMXEAAAgKNS604OMtgTZJ4oA5l5Zasb7AICAABwjG7nYR3sCTIPlIHMrLLZrWYp23YBAQAAOAF7qXWs65OhFYRppgxk5pSN7nyWs20XEAAAgBNX625K+nplcqcVhWmkDGRmlI1uJcsZUsr1VhYAAACOVa07Sfq6PrnXisI0UQYyE8pWt5ZSxtgFBAAAYLrczsPa12uTN1pBmAbKQKZa2exWc6aMSV5qZQEAAOCU7OUgQ31lZ2wF4bQpA5lKh7uAY0p5uZUFAACAqVDrbg6yVq9O7raicFqUgUyVw13APqXcaGUBAABgKtW6k/2s1WuTB60onDRlIFOjbHVrSYaUcq6VBQAAgKlX66vZz2BPkGmiDOTUlc1uNUsZUsrFVhYAAABmzF5q7ev6ZLsVhJOgDOTUlI3ufM6WIcnlVhYAAABm3P08qr09QU6bMpBTUba6IaX0SV5oZQEAAGBu1Pp69tPbE+S0KAM5UeVWdyk1o11AAAAAFlqtN7Of0Z4gJ00ZyIkoW92FJKNdQAAAADhU626SwZ4gJ0kZyLEqG91KljOklOutLAAAACykWndykMGeICdBGcixKa9d7LOUIXYBAQAA4EnczsPaOx3mOCkDOXJls1vNUrbtAgIAAMBT20utY12fDK0gPAtlIEembHTns5xtu4AAAADwnGrdTUlfr0zutKLwNJSBPLfDXcA+pdxoZQEAAICnUOtOkr6uT+61ovAklIE8l7LVraWUMXYBAQAA4PjU+mr2M9gT5HkpA3kmZbNbzZkyJnmplQUAAACOxF4OMtRXdsZWEN6JMpCncrgLOKaUl1tZAAAA4BjUupuDrNWrk7utKLyVMpAn8tguYB8nwQAAAHD6at3JftbqtcmDVhS+QhlIU9nq1pIMKeVcKwsAAACcsFpvZj+jPUGehDKQd1Q2u9UsZUgpF1tZAAAA4FTtpda+rk+2W0EWmzKQr1E2upWcLWOSy60sAAAAMFXu51Ht7QnyTpSBfJWy1Q12AQEAAGDG1fp69tPbE+StlIEkScqt7lJqRruAAAAAMDf2UutoT5DHKQMXXNnozmc523YBAQAAYE7VuptksCdIogxcWGWjW8lyhpRyvZUFAAAA5kCtO0n6um/Wg84AACAASURBVD6514oyv5SBC6i8drHPUobYBQQAAIBFdDsPa+90eDEpAxdI2exWs5Rtu4AAAACw8PZS61jXJ0MryHxRBi6Aw13AMaW83MoCAAAAC6TW3ZT09crkTivKfFAGzrHDXcA+pdxoZQEAAIAFVutO9rNWr00etKLMNmXgnCpb3VpKGWMXEAAAAHhStb6a/Qz2BOeXMnDOlM1uNWfKmOSlVhYAAADgbezlIEN9ZWdsBZk9ysA5UTa68zlbhiSXW1kAAACAplp3c5C1enVytxVldigDZ9xju4B9nAQDAAAAR63W17Of3p7gfFAGzrCy1a0lGVLKuVYWAAAA4LnUejP7Ge0JzjZl4AwqW92FJGNKudjKAgAAAByhvdTa1/XJdivIdFIGzpCy0a3kbBljFxAAAAA4XffzqPb2BGePMnBGlK1usAsIAAAATJnbeVgHe4KzQxk45cpmt5qlbNsFBAAAAKbUXmod7QnOBmXglCob3fksZ9suIAAAADATat1NSV+vTO60opweZeCUKRvdSpYzpJTrrSwAAADA1Kl1J0lf1yf3WlFOnjJwipTXLvZZyhC7gAAAAMDsu52HtXc6PF2UgVOgbHarOVPGJC+1sgAAAAAzZC+1jnV9MrSCnAxl4Ck63AUcU8rLrSwAAADAzKp1NwdZq1cnd1tRjpcy8BQc7gL2KeVGKwsAAAAwN2rdyX7W6rXJg1aU46EMPGFlq1tLKWPsAgIAAACLqtZXs5/BnuDJUwaekLLZrWYpQ0q52MoCAAAALIC9HGSor+yMrSBHRxl4zMpGdz5ny5DkcisLAAAAsIDu51Ht7QmeDGXgMXlsF7CPk2AAAACAd1fr69lPb0/weCkDj0G51V1KzZhSzrWyAAAAADym1pvZz2hP8HgoA49Q2eouJBntAgIAAAA8h1p3kwx1fbLdivJ0lIFHoGx0KzlbxtgFBAAAADg6te7kIIM9waOjDHxO5bWLfZYyxC4gAAAAwHG5nYd1sCf4/JSBz6hsdqtZyrZdQAAAAIATsZdax7o+GVpB3pky8CmVje58lrNtFxAAAADgFNS6m5K+XpncaUX5WsrAJ1Q2upUsZ0gp11tZAAAAAI5ZrTtJ+ro+udeK8luUgU+gbHVrKWWMXUAAAACAaXM7D2tfr03eaAVRBr6rstmt5kwZk7zUygIAAABwavZykKG+sjO2gotOGfg2DncBx5TycisLAAAAwJSodTcHWatXJ3db0UWlDHzM4S5gn1JutLIAAAAATKlad7KftXpt8qAVXTTKwENlq1tLMqSUc60sAAAAADOg1lezn8Ge4G9Z+DKwbHarWcqQUi62sgAAAADMnL3U2tf1yXYruAgWtgwsG91KzpYxyeVWFgAAAICZdz+Par/oe4ILWQaWrW5IKX2SF1pZAAAAAOZIra9nP/2i7gkuVBlYbnWXUjPaBQQAAABYaHupdcx+xkXbE1yIMrBsdReSjHYBAQAAAHhTrbtJhkXaE5zrMrBsdCtZzpBSrreyAAAAACyoWndykGER9gTntgwsr13ss5QhdgEBAAAAeDK387D283w6PHdlYNnsVrOUbbuAAAAAADyDvdQ61vXJ0ArOorkpA8tGdz7L2bYLCAAAAMBzq3U3JX29MrnTis6SmS8DD3cB+5Ryo5UFAAAAgKdS606Svq5P7rWis2Cmy8Cy1a2llDF2AQEAAAA4TrW+mv0Ms74nOJNlYNnsVnOmjEleamUBAAAA4Ijs5SBDfWVnbAWn1UyVgYe7gGNKebmVBQAAAIBjUetuDrJWr07utqLTZibKwMd2Afs4CQYAAABgGtS6k/2s1WuTB63otJj6MrBsdWtJhpRyrpUFAAAAgBNX683sZ5yFPcGpLQPLVnchyZhSLrayAAAAAHDK9lJrX9cn263gaZq6MrBsdCs5W8Ykl1tZAAAAAJgy9/Oo9tO6JzhVZWDZ6ga7gAAAAADMgdt5WIdp2xOcijKw3OoupWa0CwgAAADAHNlLreM07QmeahlYNrrzWc62XUAAAAAA5latu0mGadgTPJUysGx0K1nOkFKut7IAAAAAMBdq3UnS1/XJvVb0uJx4GVheu9hnKUPsAgIAAACwmG7nYe1P43T4xMrAstmtZinbdgEBAAAA4Df3BOv6ZGgFj9Kxl4GHu4BjSnm5lQUAAACAhVLrbkr6emVypxU9CsdWBh7uAvYp5UYrCwAAAAALrdad7GetXps8aEWfx7GUgWWrW0spY+wCAgAAAMCTq/XV7Gc4rj3BIy0Dy2a3mjNlTPJSKwsAAAAAvK29HGSor+yMreDTOpIysGx053O2DEkut7IAAAAAwBOodTcHWatXJ3db0Sf1XGXgY7uAfZwEAwAAAMDRq/X17Kc/ij3BZy4Dy63uUmrGlHKulQUAAAAAnlOtN7Of8Xn2BJ+6DCwb3fksZzulXGxlAQAAAIAjtZfUtXplcqcVfDtPVQZ6SzAAAAAATIXbeVj7p/2V4BOXgeXWxe14QQgAAAAATIv7eVhXn6YQfKIyUBEIAAAAAFNpL7Wu1vXJvVYweYIyUBEIAAAAAFNtLw/rhSd52/DSu/1REQgAAAAAU++FnC13yka30gq+YxlYtrq1KAIBAAAAYBa8lOU03zD8tmVg2eoupJS/8nZ/AwAAAACmUCkXy1Y3vGvkrZuBZaNbyXLupZRz7/AZAAAAAGBaParfXa9O7r7dn/6Nr/mX5QyKQIBn88J7X8xv+7pvyLn3/Ft56RteTJJ87Hd8a37bv/kNb2a+94Mfe6ePv6Of/eLP59e+/Otv/v8vvfHF/JPf+GKS5P5v/Ep2v/x/J0m+8MYvvu3nAQCex1eecf7oN19I8tXPN8/ybPO4n/78Z5Mkv/avfiOf/ef/OEny13/1Xn7tX/9G9v7lr7zbRwF4J0vZTnL+7f70Vb8MPDwP/j/eLgjAoTM1H/iGb813rfyefOs3/M587Jv/7fye3/Y788H3/a7WJ0/MVx6q/9Y/+3v55/v/Iv/bG7+UL/x/X0z2/0XjkwDAovvAyofyXSu/J3/gt38o3/ni781H3//h1keO1c9+8efzuV/5hfyv/+8v/uYzjS8/AZ5MrTfr+mR46z+/tQy8m1IuvjUEsMg+sPKh/NFvvpCP/Y5vzXe+//dOVen3LH7685/NL73xxd96oP6Nf5w8Kq2PAQBz6ivPOt//u//d5/6V30n56c9/Nn/rn/29/PVfvaccBHhne3lYL9RrkweP/+ObZWDZ7FZzpnzm7T4JsEhm8YH4eX3+S7+cz33xF/I3/q+f8407AMy7MzWr39zlyres5vu+5Tvzvvd8Y+sTU+1LX/71/O1/+rnc+qd3c/dXJ77kBPhqt+uVnbXH/+G3ykC/CgQW1fLXZ/W3f0eufMtq/sTv/55WemF85Rv3z/zaP8k/+NLf92ANALPssQJw3p93/uo/+juKQYDHPawfePzXgaXWaisQWDzLX59Pvb9L/+/80VPfwZkVznEAYPZ8YOVD+c8/+Il86vf9oZn/BeDT+tKXfz0/8X/+z/kvfuEnvYgEWGxv2Q78zTLw1sXtJJff8UMA8+DwG/H/+iN/UgH4nJzjAMB0W33x4555HvOzX/z5/PDP/Xju/srfbUUB5tFevbKz8pX/+UoZ+EaSF97lQwAz6yvfiP/QR36wFeUZ/ewXfz7jP/zr+YkvTryxGABOy5ma6x/847nxsf9k4X4F+KQ+/6Vfzsb91/Pq53/Sl5nAgqk/WK9M7iRJydbHLyXlr7U+AjBTztR86nf/B/nRj/7JmX/776xRDALACVMCPrUvffnXc/Oz/51SEFgkb75IpGSr244TYWBeLH99rp//hIfhKfHmSY5TYgA4ekrA5/ZmKfiL/0MrCjDr3jwVLnnt4w9SyrnWJwCm2vLX59Pf9qedAk+xH/u5v5Zbuzv5B/+P91UBwPNaffHj+ct/8BUXEEfk81/65XzyM3/Jcwow3x7V707yRslWV1tZgKmlBJw5b271PPibzogB4Cm98N4X85P/3p/N937wY60oz+CnP//ZfN/f/VHPKMB8OsifTfLLykBgNh2exYyrP9RKMsV+7Of+Wv6bz//NfOGNX2xFAWCxefY5Uf3dH3M6DMyj20l+QRkIzJxPnf9EPv3xq7Zx5sib24K/8ndbUQBYOB9Y+VB+5g/fcBJ8wj7/pV/OR/7mn8vev/yVVhRgNtS6k+S+MhCYGR9Y+VB+8g/+Z/no+z/cijKj3jwh9mY/AEiS3Py2P5Mf+a4/1YpxjPxKEJgbte4m+awyEJh+Z2o+feHP2gVcIG++2U8pCMCCeuG9L+ZnvvuGL0GnxM9+8efznf/Tn7MlCMyDHWUgMNW+/Zu+I3e//0edBC8opSAAi2j1xY/np77nhz3/TJkvffnXs/q3fsQbh4FZt3MmP3BuaKUATtyZmp/4Az+SH7v4n+Y9X3e2lWZOvefrzub7zn9nrn/4P8q/+leP8tk3/mFSlYIAzK+b3/Zn8lf+UO/5Zwq95+vO5uqHvy9L+1+Xu7/691txgGm165eBwNQxks07efOXgnZ7AJg3Z2r+9upfzPd+8GOtJFPgr/6jv5NP/e8/6nIBmEXOhIHpcv1Dfyzj6g+1Yiy4z3/pl/On/5fXvH0YgLlgH3A22REEZpQyEJgSvg3nGfz05z+bqz/3l/OFN36xFQWAqfTCe1/MFz55yz7gjPrSl389H/ipK9n7l7/SigJMi52lVgLguL3w3hfzS5/8CUUgT+17P/ix/NM/9t/m0x/pkzO+2wJgtnz7N32HInDGve8935gvfPJWXnjvi60owNRQBgKnavXFj+cLn7xlH5Dn8kMf+cH82qf+Rj51/hOtKABMhdUXP577nxwVgXPgK4Xg6osfb0UBpoIzYeDUfOr8J/Ljf+TPt2LwVH72iz+fP/yZm851AJhaqy9+PJ/5gb/QijGDvvt//C9tGgPTzpkwcDo+/ZFeEcix+Oj7P5w3/uR/n+sf+mOtKACcOEXgfPvMD/wFvxAEpp5fBgIn7tMf6fNDH/nBVgyem18JAjBNvv2bviP3Pzm2YsyBlR//jz1/ANPKLwOBk6UI5CT5lSAA0+KF976Yu9//o60Yc8JLRYBppgwETowikNMyrv5QPvcfvpYsf30rCgBH7oX3vuitwQvGW4aBaaYMBE6EIpDT9tH3fzi/9sf/qh0fAE7WmZqf+8RfUgQuoPe95xvzM999IzljmQuYLspA4NgpApkW73vPN+YzP/AX8umP9B7MATgRn/v+rXzwfb+rFWNOffT9H87fXv2LrRjAiVIGAsdKEcg0+qGP/GA+9/1bTncAOFaf/kifj77/w60Yc+57P/ix3Py2P9OKAZwYZSBwbD51/hOKQKbWR9//4Xzhk7fy7d/0Ha0oADy11Rc/7jmIN/3Id/0pUyXA1FAGAsdi9cWP58f/yJ9vxeBUve8935j7nxx9Ww/AkXrhvS/mp77nh1sxFsxPfc8Pu0oApoIyEDhyHoCZNT/yXX8qP/Hv/1d2BAF4fmdqfua7b3hhCF/jzReKAJwyZSBwtM7UfOGTtzwAM3P+xO//nnzu+7eS5a9vRQHgHd38fVfsBPKO/n/27jfGrvrO7/hvlMrtLM7gmyWpPOvVMpmttxMKC52ODVXZjltjsHe9la2KCEOlfVBsVeMK0xDoA2TLlp/wr3EkWxXmaTC7kWqketcGY8mztVSC6RQEQtm6dcxKlFtt2JhJmKalGqUPTAiee2Z+986cc+455/d6Pf4+tKWjz9xz3hPDY95IAPrOGAjk6pXJZwyB1NbE8Fj4yTdf8goPAMsysmZ92H/XQ7EzErf/rofCyJr1sTOAwhgDgdw8sv7+cO/oxtgZVFprcChc2XncQzoAvfnSL8LM9udiVxBCCOG1ew74PAnQN8ZAIBcja9aHI5NTsTOohdbgUPjR/S+o/gHQtYPf2O3tCLo22loXDn5jd+wMoBDGQGDlvvSLa3/dhIY5v/2wQRCAKK8Hsxz773rIp0mAvjAGAit28Bu7w2hrXewMaskgCEDMn/yjfxM7gUx/cuejsROA3BkDgRXxl3BScH774bDr5m2xMwAStOvmberBLNu9oxv90REonTEQWD6vB5OQF7c8EQ7e+nDsDICUfOkX4ejd/yp2BUs6uflxMRGgVMZAYNkeGf2m14NJyv67HvLXewA+98joN0VDWLHW4FB4ZPSbsTOA3AyE53/PnyCA3q1aHX7xR38Wu4JG2nTqyTDdvhA7A6DJPAuRo6s//2n4yok/CGF+IHYKsFJ/7peBwLK8cvf+2Ak0lqgIAEdv/ZexE+iaXwcCZTIGAj0bWbM+3Du6MXYGjWYQBEjYqtVhanxH7Ap6cmDjv/DtQKAUxkCgZ/9+3F/CIYRrH/y+8Ya1sTMAGsavAimCXwcCZTEGAj3xq0D4ldbgULiy87hBECAlX/pF2PWNfxq7gmXx60CgDMZAoCd+FQjXaw0Ohdc2HfDgDpAIBWGK1BocCrt+8/djZwArYgwEuuZXgZBtYngsvDL5TOwMgAb417/7z2InsCKHJh6MnQCsiDEQ6JpfBcLi7h3dGI6O74udAVBjk2vvDqOtdbEzWJHR1rpw2013xM4Als0YCHRn1Wq/CoSIqfEdCsMADbb765OxE8jFv/2dP4idACybMRDoimoedOf89sNhZM362BkAdbNqdXjgls2xK8jFA7ds9j1ioDDGQCBONQ96MrP9OYVhgIbZNfx7sRPIlZAIUBRjIBA1+bXfU82DHigMAzSPqANl2/f3/jB2ArAsxkAg6ulxD7/QK4VhgOa48Ya1wiGUbmJ4LIRVq2NnAD0zBgJLW7X62oMI0DOFYYBm+KPfEIeiP7yeDhTBGAgsyQMIrIzCMED9Pbj+n8ROoBBeFQaKYAwEluQBBFZOYRigxrwlQR9NDI/5BjGQO2MgsDgPv5AbhWGAepr89TtiJ1Co21p/P3YC0BNjILAoD7+QH4VhgHr658PjsRMo1O7f+sexE4CeGAOBRe3++mTsBOiBwjBA/dz39YnYCRTKv0Egb8ZAYFH3fX1D7ATokcIwQI2sWh1GW+tiV1Co0da6EFatjp0BdM0YCGS68Ya1oTU4FDsDlmFqfEfYdfO22BkAfeaTKVTFbUN/J3YC0DVjIJDp97/q4ReK9OKWJ8JtN/l/BlBlm276u7ETKMWmrxgDgfwYA4FM//DX18dOgBWa3npIYRigwjZ+zQBDNWz9zX8QOwHomjEQyLRhrb+EQ9Fag0NhZtuzCsMAFXXv6MbYCZRiw/BY7ASga8ZAINOEBw4oxWhrXbi49fnYGQBlE2ygQlqDQ/54COTGGAh0GFnjFWEo08TwmMIwQMWM/Npw7ARKNfLl34mdAHTFGAh0+K3Bvx07AXKmMAxQLX/4tdtjJ1Cqu9b8duwEoCvGQKDD735Z0AD6QWEYoDq+8jdvjJ1Aqb7q1XUgJ8ZAoMPGr3oFAfpFYRigGpSEqRrP6EBejIFAh6/8rS/HToCCKAwDAFk8owN5MQYCHX77K78ROwEKpDAM0H8bhsdiJ1Aqz+hAXoyBQIfR1rrYCVAwhWGA/moNDsVOoFSe0YG8GAMBoKIUhgEAgLwZAwGgwhSGAfpAtRWABjMGAtcZWbM+dgKUTGEYoFwjvzYcO4H+MFQDOTAGAkDFKQwDACEYqoF8GAMBoAYUhgEAgDwYAwGgJhSGAQCAlTIGAkCNKAwDAAArYQwEgJp5ccsTYXLt3bEzAACADsZAAKihk5sfVxgGAAB6ZgwEgBpqDQ6FKzuPKwwDAAA9MQYCQE21BoeuFYYNggAAQJeMgQBQYxPDY+Ho7Y/GzgAAAEIIxkAAqL2p8R3hkfX3x84AAACMgQDQBEcmpxSGAQCAKGMgADSEwjAAABBjDASAhlAYBgAAYoyBANAgCsMAAMBSjIEA0DAKwwAAwGKMgQDQQArDAABAFmMgADSUwjAAALCQMRAAGkxhGAAA+CJjIAA0mMIwAADwRcZAAGg4hWEAAOCXjIEAkACFYQAAIARjIAAkQ2EYAAAwBgJAQhSGAQAgbcZAAEjM+e2HFYYBACBRxkAASNCVncdDWLU6dgYAADSMMRAAEtQaHAoXtzyrMAwAAIkxBgJAoiaGx8KJO/fHzgAAgAYxBgJAwh64ZXM4eOvDsTMAAKAhjIEAkLj9dz2kMAwAAIkwBgIACsMAAJAIYyAAEEJQGAYAgBQYAwGAEILCMAAApMAYCAB8TmEYAACazRgIAFxHYRgAAJrLGAgAdFAYBgCAZjIGAgCZFIYBAKB5jIEAwKIUhgEAoFmMgQDAohSGAQCgWYyBAMCSFIYBAKA5jIEAQJTCMAAANIMxEADoisIwAADUnzEQAOja+e2Hw8ia9bEzAACgooyBAEBPZrY/F268YW3sDAAAqCBjIADQk9bgUHht0wGFYQAAqCFjIADQs4nhsfDK5DOxMwAAoGKMgQDAstw7ujEcHd8XOwMAACrEGAgALNvU+A6FYQAAqBFjIACwIgrDAABQH8ZAAGDFFIYBAKAejIEAwIopDAMAQD0YAwGAXCgMAwBA9RkDAYDcKAwDAEC1GQMBgFwpDAMAQHUZAwGA3CkMAwBANRkDAYBCKAwDAED1GAMBgEIoDAMAQPUYAwGAwigMAwBAtRgDAYBCKQwDAEB1GAMBgMIpDAMAQDUYAwGAUpzffjjcdtMdsTMAAKBAxkAAoDTTWw8pDAMAQB8ZAwGA0rQGh8LMtmcVhgEAoE+MgQBAqUZb68LFrc/HzgAAgAIYAwGA0k0MjykMAwBAHxgDAYC+mBrfEXbdvC12BgAA5MgYCAD0zYtbnlAYBgCAEhkDAYC+UhgGAIDyGAMBgL5SGAYAgPIYAwGAvlMYBgCAchgDAYBKUBgGAIDiGQMBgMpQGAYAgGIZAwGASlEYBgCA4hgDAYDKURgGAIBiGAMBgMpRGAYAgGIYAwGASlIYBgCA/BkDAYDKUhgGAIB8GQMBgEpTGAYAgPwYAwGAyntxyxNhcu3dsTMAACDCGAgA1MLJzY8rDAMAwAoZAwGAWmgNDoUrO48rDAMAwAoYAwGA2mgNDl0rDBsEAQBgWYyBAECtTAyPhaO3Pxo7AwAAMhgDAYDamRrfER5Zf3/sDAAAWMAYCADU0pHJKYVhAADokTEQAKgthWEAAOiNMRAAqC2FYQAA6I0xEACoNYVhAADonjEQAKg9hWEAAOiOMRAAaASFYQAAiDMGAgCNoTAMAABLMwYCAI2iMAwAAIszBgIAjaIwDAAAizMGAgCNozAMAADZjIEAQCMpDAMAQCdjIADQWArDAABwPWMgANBoCsMAAPArxkAAoPHObz+sMAwAAMEYCAAk4srO4yGsWh07AwCARjMGAgBJaA0OhYtbnlUYBgAgacZAACAZE8Nj4cSd+2NnAADQWMZAACApD9yyORy89eHYGQAANJIxEABIzv67HlIYBgAgScZAACBJCsMAAKTIGAgAJEthGACA1BgDAYBkKQwDAJAaYyAAkDSFYQAAUmIMBACSpzAMAEAqjIEAAEFhGACANBgDAQA+ozAMAEDTGQMBAL5AYRgAgCYzBgIAfIHCMAAATWYMBABYQGEYAICmMgYCAGRQGAYAoImMgQAAi1AYBgCgaYyBAABLOL/9cBhZsz52BgAAtWAMBACImNn+XLjxhrWxMwAAqDxjIABARGtwKLy26YDCMAAAtWcMBADowsTwWHhl8pnYGQAAVJoxEACgS/eObgxHx/fFzgAAoLKMgQAAPZga36EwDABAbRkDAQB6pDAMAEBdGQMBAJZBYRgAgDoyBgIALIPCMAAAdWQMBABYJoVhAADqxhgIALACCsMAANSJMRAAYIUUhgEAqAtjIABADhSGAQCoA2MgAEBOFIYBAKg6YyAAQE4UhgEAqDpjIABAjhSGAQCoMmMgAEDOFIYBAKgqYyAAQAEUhgEAqCJjIABAQRSGAQCoGmMgAECBFIYBAKgSYyAAQIFag0NhZtuzCsMAAFSCMRAAoGCjrXXh4tbnY2cAAFA4YyAAQAkmhscUhgEA6DtjIABASabGd4RdN2+LnQEAQGGMgQAAJXpxyxPhtpvuiJ0BAEAhjIEAACWb3npIYRgAgL4wBgIAlExhGACAfjEGAgD0gcIwAAD9YAwEAOgThWEAAMpmDAQA6COFYQAAymQMBADoM4VhAADKYgwEAKgAhWEAAMpgDAQAqACFYQAAymAMBACoCIVhAACKZgwEAKgQhWEAAIpkDAQAqBiFYQAAimIMBACoIIVhAACKYAwEAKgohWEAAPJmDAQAqKjW4FC4svO4wjAAALkxBgIAVFhrcOhaYdggCABADoyBAAAVNzE8Fo7e/mjsDAAAooyBAAA1MDW+Izyy/v7YGQAALMkYCABQE0cmp8Lk2rtjZwAAsChjIABAjZzc/LjCMAAAy2YMBACoEYVhAABWwhgIAFAzCsMAACyXMRCAWrh89YPYCSRFYRgAgOUwBgJQC+OnHwtXf/7T2BkkRWEYAIBeGQMBqIXZuXaYPLM/dgbJURgGAKAXxkAAauOdj94KD559KnYGyVEYBgCgW8ZAAGrlxPunw7GZl2NnkBSFYQAAumUMBKB29s4cCW9++MPYGSRFYRgAgG4YAwGopQ1n9igMwwIKwwAAxBgDAain+QGFYcigMAwAwFKMgQDUlsIwZFMYBgBgMcZAAGpNYRiyKQwDAJDFGAhA7SkMQ6fPC8OrVsdOAQBIiDEQgEZQGIZOrcGhcHHLswrDAAB8zhgIQGMoDEOnieGxcOJO39YEAOAaYyAAzaEwDJkeuGVzOHjrw7EzAAASYAwEoFFm59ph/NS3YmeQnP13PaQwDACAMRCA5rny8aWw6dSTsTNIzvnthxWGAQASZwwEoJGm2xcUhiGDwjAAQNqMgQA01t6ZI+HVy2/EziApCsMAAGkzBgLQaPdNfzu8+eEPY2eQFIVhAIB0GQMBaLb5h6q4DwAAIABJREFUgXDP+YMKw7CAwjAAQJqMgQA0nsIwZFMYBgBIjzEQgCQoDEM2hWEAgLQYAwFIhsIwZFMYBgBIhzEQgKQoDEMnhWEAgHQYAwFIjsIwdFIYBgBIgzEQgPQoDEMmhWEAgOYzBgKQJIVhyKYwDADQbMZAAJKlMAzZFIYBAJrLGAhA0hSGIduVnccNggAADWQMBCB5CsPQqTU4FF7bdEBhGACgYYyBABAUhiHLxPBYeGXymdgZAAA1YgwEgBAUhmER945uDEfH98XOAACoCWMgAHxmdq4dRk7ujp1BcqbGdygMAwA0hDEQAL5gdq6tMAwZzm8/HEbWrI+dAQBQccZAAFhgun0hHHr9e7EzSM7M9ucUhgEAas4YCAAZDrz7QnjpvXOxM0iKwjAAQP0ZAwFgEbt+cEhhGBZQGAYAqDdjIAAsZn4gbDj7mMIwLKAwDABQX8ZAAFjKp58oDEMGhWEAgHoyBgJAhMIwZFMYBgCoH2MgAHRBYRiyKQwDANSLMRAAuqQwDJ0UhgEA6sUYCAA9UBiGTgrDAAD1YQwEgF4oDEMmhWEAgHowBgJArxSGIZPCMABA9RkDAWAZFIYhm8IwAEC1GQMBYJkUhiGbwjAAQHUZAwFgBRSGoVNrcCjMbHtWYRgAoIKMgQCwQgrD0Gm0tS5c3Pp87AwAgJIZAwFgpRSGIdPE8JjCMABAxRgDASAPnxWGDYJwvanxHWHXzdtiZwAAlMQYCAA5mZ1rh53nno6dQXJe3PJEuO2mO2JnAACUwBgIADmabl8I+6aPxc4gOdNbDykMAwBUgDEQAHL23UvfD8dmXo6dQVIUhgEAqsEYCAAF2Pv2dxSGYQGFYQCA/jMGAkAR5gfChjN7BEVgAYVhAID+MgYCQFHmBxSGIYPCMABA/xgDAaBACsOQTWEYAKA/jIEAUDCFYcimMAwAUD5jIACUQGEYOikMAwCUzxgIACVRGIZOCsMAAOUyBgJAWRSGIZPCMABAeYyBAFAmhWHIpDAMAFAOYyAAlExhGLIpDAMAFM8YCAB9oDAM2RSGAQCKZQwEgD5RGIZOrcGhcGXncYVhAICCGAMBoI8UhqFTa3DoWmHYIAgAkDtjIAD0k8IwZJoYHgtHb380dgYAQI+MgQDQbwrDkGlqfEd4ZP39sTMAAHpgDASAClAYhmxHJqfC5Nq7Y2cAAHTJGAgAFTHdvhAePPtU7AySc3Lz4wrDAAA5MQYCQIWceP+0wjAsoDAMAJAfYyAAVMzemSMKw7CAwjAAQD6MgQBQQRvO7AmXr34QO4OkKAwDAKycMRAAqmh+IIyffkxhGBZQGAYAWBljIABU1OxcO0ye2R87g+QoDAMALJ8xEAAq7J2P3lIYhgwKwwAAy2MMBICKUxiGTgrDAADLYwwEgBpQGIZOCsMAAL0zBgJATSgMQyeFYQCA3hgDAaAuFIYhk8IwAED3jIEAUCMKw5BNYRgAoDvGQACoGYVhyKYwDAAQZwwEgBpSGIZOCsMAAHHGQACoKYVh6KQwDACwNGMgANSYwjB0mhgeCyfu9G1NAIAsxkAAqDOFYcj0wC2bw8FbH46dAQAkxxgIADWnMAzZ9t/1kMIwAMACxkAAaIB3PnorbDr1ZOwMknN++2GFYQCALzAGAkBDTLcvKAxDhis7j4ewanXsDAAgCcZAAGiQvTNHwquX34idQVJag0Ph4pZnFYYBAIIxEAAa577pb4c3P/xh7AySojAMAHCNMRAAmmZ+INxz/qDCMCygMAwAYAwEgEaanWuH8VPfip1BchSGAYDUGQMBoKGufHxJYRgyKAwDACkzBgJAgykMQzaFYQAgVcZAAGg4hWHopDAMAKTKGAgACVAYhk4KwwBAioyBAJAChWHIpDAMAKTGGAgAiVAYhmwKwwBASoyBAJAQhWHIpjAMAKTCGAgAiVEYhmwKwwBACoyBAJAghWHopDAMAKTAGAgAiVIYhk4Tw2PhlclnYmcAALVlDASAVCkMQ6Z7RzeGo+P7YmcAALVkDASAhCkMQ7ap8R0KwwBAIxkDASBxCsOQ7fz2w2FkzfrYGQBArRgDAYAw3b4QDr3+vdgZJGdm+3PhxhvWxs4AAGrDGAgAhBBCOPDuC+Gl987FziAprcGh8NqmAwrDAEBjGAMBgM/t+sEhhWFYQGEYAGgSYyAA8CvzA2HD2ccUhmEBhWEAoCmMgQDA9T79JIyc3B27guQoDAMATWAMBAA6zM61FYYhg8IwAFB3xkAAIJPCMGRTGAYA6swYCAAsSmEYOikMAwB1ZgwEAJakMAydFIYBgLoyBgIAS1MYhkwKwwBAHRkDAYA4hWHIpDAMANSNMRAA6IrCMGRTGAYA6sQYCAB0TWEYsikMAwB1YQwEAHqiMAydFIYBgLowBgIAPVMYhk4Tw2Ph4tbnY2cAAH1lDAQAeqcwDJkmhscUhgGASjMGAgDLozAMmabGd4RdN2+LnQEA9IUxEABYNoVhyPbilifCbTfdETsDACidMRAAWJHp9oWwb/pY7AySM731kMIwAFA5xkAAYMW+e+n74djMy7EzSEprcCjMbHtWYRgAqBRjIACQi71vf0dhGBYYba1TGAYAKsUYCADkY34gbDizR2EYFlAYBgCqxBgIAORnfiCMnNxtEIQFFIYBgKowBgIAuZqda4ed556OnUFyFIYBgCowBgIAuVMYhmwKwwBAvxkDAYBCKAxDJ4VhAKDfjIEAQGEUhqGTwjAA0E/GQACgOArDkElhGADoF2MgAFAshWHIpDAMAPSDMRAAKJzCMGRTGAYAymYMBABKoTAM2RSGAYAyGQMBgNIoDEMnhWEAoEzGQACgVArD0OnzwrBBEAAomDEQACiXwjBkmhgeC0dvfzR2BgCwIsZAAKB8CsOQaWp8R3hk/f2xMwCAZTMGAgB9oTAM2Y5MToXJtXfHzgAAlsUYCAD0zXT7Qnjw7FOxM0jOyc2PKwwDAIUwBgIAfXXi/dMKw7BAa3AoXNl5XFAEAMidMRAA6Lu9M0cUhmGB1uCQwjAAkDtjIABQCRvO7AmXr34QO4OkKAwDAHkzBgIA1TA/EMZPP6YwDAsoDAMAeTIGAgCVMTvXDpNn9sfOIDkKwwBAXoyBAEClvPPRWwrDkEFhGADIgzEQAKgchWHopDAMAOTBGAgAVJLCMHRSGAYAVsoYCABUlsIwdFIYBgBWwhgIAFSXwjBkUhgGAJbLGAgAVJrCMGRTGAYAlsMYCABUnsIwZFMYBgB6ZQwEAGpBYRg6KQwDAL0yBgIAtaEwDJ0UhgGAXhgDAYBaURiGThPDY+HEnb6tCQDEGQMBgHpRGIZMD9yyORy89eHYGQCQOGMgAFA7CsOQbf9dDykMAwBLMgYCALX0zkdvhU2nnoydQXLObz+sMAwALMoYCADU1nT7gsIwZLiy83gIq1bHzgCABBkDAYBa2ztzJLx6+Y3YGSSlNTgULm55VmEYAOhgDAQAau++6W+HNz/8YewMkqIwDABkMQYCAPU3PxDuOX9QYRgWUBgGABYyBgIAjTA71w7jp74VO4PkKAwDAF9kDAQAGuPKx5cUhiGDwjAA8EvGQACgURSGIZvCMAAQgjEQAGgghWHopDAMAIRgDAQAGkphGDopDAMAxkAAoJkUhiGTwjAApM0YCAA0lsIwZFMYBoB0GQMBgEZTGIZsCsMAkCZjIADQeArDkE1hGADSYwwEAJKgMAydFIYBID3GQAAgGQrD0GlieCy8MvlM7AwAaAhjIACQDoVhyHTv6MZwdHxf7AwAaABjIACQFIVhyDY1vkNhGAASYAwEAJKjMAzZzm8/HEbWrI+dAQA1ZgwEAJI03b4QDr3+vdgZJGdm+3PhxhvWxs4AgJoyBgIAyTrw7gvhpffOxc4gKa3BofDapgMKwwDQUMZAACBpu35wSGEYFlAYBoDmMgYCAGmbHwgbzj6mMAwLKAwDQDMZAwEAPv0kjJzcHbuC5CgMA0DzGAMBAEIIs3NthWHIoDAMAM1iDAQA+IzCMGRTGAaA5jAGAgB8gcIwdFIYBoDmMAYCACygMAydFIYBoBmMgQAACykMQyaFYQCoP2MgAEAWhWHIpDAMAPVmDAQAWITCMGRTGAaA+jIGAgAsQWEYsikMA0A9GQMBACIUhqGTwjAA1JMxEACgCwrD0ElhGADqxxgIANANhWHIpDAMAPViDAQA6JbCMGSaGt8Rdt28LXYGAFSAMRAAoAcKw5DtxS1PhNtuuiN2BgD0mTEQAKBHCsOQbXrrIYVhAKg4YyAAwDIcePeFcGzm5dgZJKU1OBRmtj2rMAwAFWYMBABYpr1vf0dhGBYYba0LF7c+HzsDAPrEGAgAsFzzA2HDmT0Kw7DAxPCYwjAAVJQxEABgJeYHwsjJ3QZBWEBhGACqyRgIALBCs3PtsPPc07EzSI7CMABUjzEQACAH0+0LYd/0sdgZJEdhGACqxRgIAJCT7176vsIwLKAwDADVYgwEAMiRwjB0UhgGgOowBgIA5ElhGDIpDANANRgDAQDypjAMmRSGAaD/jIEAAAVQGIZsCsMA0F/GQACAgigMQzaFYQDoH2MgAECBFIahk8IwAPSPMRAAoGAKw9BJYRgA+sMYCABQNIVhyKQwDADlMwYCAJRBYRgyTY3vCI+svz92BgDkxBgIAFAShWHIdmRyKkyuvTt2BgDkwBgIAFAihWHIdnLz4wrDAFACYyAAQMkUhqFTa3AoXNl5XGEYAApmDAQA6IO9M0cUhmGB1uDQtcKwQRAACmMMBADokw1n9oTLVz+InUFSJobHwtHbH42dAQDLZAwEAOiX+YEwfvoxhWFYQGEYAIpjDAQA6KPZuXaYPLM/dgbJURgGgGIYAwEA+uydj94KD559KnYGyVEYBoD8GQMBACrgxPunFYZhAYVhAMifMRAAoCIUhqGTwjAA5MsYCABQIQrD0ElhGADyYwwEAKgShWHIpDAMAPkwBgIAVIzCMGRTGAaAlTMGAgBUkMIwZFMYBoCVMQYCAFSUwjB0UhgGgJUxBgIAVJjCMHRSGAaA5TMGAgBUnMIwdFIYBoDlMQYCAFSdwjBkmhrfEQ7e+nDsDAD4AmMgAEANKAxDtv13PaQwDAA9MAYCANSEwjBkO7/9sMIwAHTJGAgAUCMKw5Dtys7jIaxaHTsDgOQZAwEAambvzJHw6uU3YmeQlNbgULi45VmFYQCIMAYCANTQfdPfDm9++MPYGSRlYngsnLjTtzUBYCnGQACAOpofCPecP6gwDAs8cMtmhWEAWIIxEACgpmbn2mH81LdiZ5AchWEAWJwxEACgxq58fClsOvVk7AySozAMANmMgQAANTfdvqAwDBkUhgGgkzEQAKABFIahk8IwAHQyBgIANITCMHRSGAaA6xkDAQCaQmEYMikMA8CvGAMBABpEYRiyKQwDwDXGQACAhlEYhmwKwwBgDAQAaCSFYcimMAxA6oyBAAANpTAMnRSGAUidMRAAoMEUhqGTwjAAKTMGAgA0mcIwZHrgls3h6Pi+2BkANI4xEACg4RSGIdvU+A6FYQCSYwwEAEiAwjBkO7/9cBhZsz52BgCNYQwEAEiEwjBkm9n+XLjxhrWxMwBoBGMgAEBC9s4cCS+9dy52BklpDQ6F1zYdUBgGIAnGQACAxOz6wSGFYVhgYngsvDL5TOwMAGrPGAgAkJr5gbDh7GMKw7DAvaMbFYYBaLy/ETsAAKCBPv0kjJzcHT5+8I9jl5CUqfEdsRMAqDW/DAQASNTsXFthGDIYBAFoMmMgAEDCptsXwqHXvxc7AwCgIYyBAACJO/DuCwrDAACJMAYCAKAwDACQCGMgAAAKwwAAiTAGAgBwzWeFYQAAmssYCADA5xSGAQCazRgIAMB1FIYBAJrLGAgAQAeFYQCAZjIGAgCQSWEYAKB5jIEAAGRTGAYAaBxjIAAAi1MYBgBoFGMgAABLUhgGAGgOYyAAAFEKwwAAzWAMBACgKwfefSEcm3k5dgYAQIUZAwEA6Nret7+jMAwAUGPGQAAAujc/EDac2aMwDABQU8ZAAAB6Mz8QRk7uNggCANSQMRAAgJ7NzrXDznNPx84AAKgYYyAAAMsy3b4Q9k0fi50BAFAhxkAAAJbtu5e+rzAMAFAjxkAAAFZEYRgAoD6MgQAArIzCMABAbRgDAQBYOYVhAIBaMAYCAJALhWEAgOozBgIAkBuFYQCAajMGAgCQK4VhAIDqMgYCAJA7hWEAgGoyBgIAkD+FYQCASjIGAgBQDIVhAIDKMQYCAFAYhWEAgGoxBgIAUCiFYQCA6jAGAgBQOIVhAIBqMAYCAFCKvTNHFIYBAPrMGAgAQGk2nNkTLl/9IHYGAEBBjIEAAJRnfiCMn35MYRgAoE+MgQAAlGp2rh0mz+yPnQEAUABjIAAApXvno7fCg2efip0BAJAzYyAAAH1x4v3TCsMAACUzBgIA0DcKwwAA5TIGAgDQVwrDAADlMQYCANBfCsMAAKUxBgIA0HcKwwAA5TAGAgBQCQrDAEv7yf/7WewEIMoYCABAZSgMAyxudq4dOwGIMgYCAFApCsMAAMUxBgIAUDkKwwAAxTAGAgBQPQrDAACFMAYCAFBJCsMAAPkzBgIAUFkKwwAA+TIGAgBQaQrDAAD5MQYCAFB5CsMAAPkwBgIAUAsbzuwxCAIArJAxEACAepgfCPecP6gwDACwAsZAAABqY3auHcZPfSt2BgDAIoyBAADUypWPL4VNp56MnQEAkMEYCABA7Uy3LygMAwAsgzEQAIBa2jtzJLx6+Y3YGQAAX2AMBACgtu6b/rbCMABAD4yBAADUl8IwAEBPjIEAANSawjAAQPeMgQAA1J7CMABAd4yBAAA0gsIwAECcMRAAgMZQGAYAWJoxEACARlEYBgBYnDEQAIBmURgGAFiUMRAAgMZRGAYAyGYMBACgkRSGAQA6GQMBAGgshWEAgOsZAwEAaDSFYQCAXzEGAgDQeArDAADXGAMBAGi++YGw4exjCsMAQPKMgQAApOHTT8LIyd2xKwCARjMGAgCQjNm5tsIwAJA0YyAAAEmZbl8Ih17/XuwMAKCRjIEAACTnwLsvhJfeOxc7AwBoHGMgAABJ2vWDQwrDAEByjIEAAKRJYRgASJAxEACAdCkMAwCJMQYCAJA0hWEAICXGQAAAkqcwDACkwhgIAABBYRgASIMxEAAAPqMwDAA0nTEQAAB+SWEYAGg4YyAAAHyRwjAA0GDGQAAAWEBhGABoKmMgAABkUBgGAJrIGAgAAItQGAYAmsYYCAAAS1AYBgCaxBgIAABLmR8IG87sURgGABrBGAgAADHzA2Hk5G6DIABQe8ZAAADowuxcO+w893TsDACg0oyBAADQpen2hbBv+ljsDACgsoyBAADQg+9e+n44NvNy7AwAoJKMgQAA0KO9b39HYRgAqCVjIAAA9EphGACoKWMgAAAsh8IwAFBDxkAAAFgmhWEAoG6MgQAAsAIKwwBAnRgDAQBghRSGAYC6MAYCAEAOFIYBgDowBgIAQB4UhgGAGjAGAgBAXhSGAYCKMwYCAECOFIYBgCozBgIAQM4UhgGAqjIGAgBAARSGAYAqMgYCAEBBFIYBgKoxBgIAQFE+KwxfvvpB7BIAoBTGQAAAKNL8QBg//ZjCMABQCcZAAAAo2OxcO0ye2R87AwAonDEQAABK8M5Hb4UHzz4VOwMAKJQxEAAASnLi/dMKwwBAXxkDAQCgRHtnjigMAwB9YwwEAICSKQwDAP1iDAQAgLIpDAMAfWIMBACAPlAYBgD6wRgIAAB9ojAMAJTNGAgAAH2kMAwAlMkYCAAAfaYwDACUxRgIAAAVoDAMAJTBGAgAAFWgMAwAlMAYCAAAFaEwDAAUzRgIAAAVojAMABTJGAgAABWjMAwAFMUYCAAAFaQwDAAUwRgIAAAVteHMHoMgAJArYyAAAFTV/EC45/xBhWEAIDfGQAAAqLDZuXYYP/Wt2BkAQFeMgQAAUHFXPr4UNp16MnYGABBlDAQAgBqYbl9QGAYAVswYCAAANbF35kh49fIbsTMAgEUZAwEAoEbum/62wjAAsGzGQAAAqBOFYQBgBYyBAABQMwrDAMByGQMBAKCGFIYBgOUwBgIAQE0pDAMAvTIGAgBAjSkMAwC9MAYCAEDNKQwDAN0yBgIAQN0pDAMAXTIGAgBAAygMAwDdMAYCAEBDKAwDADHGQAAAaBCFYQBgKcZAAABoGIVhAGAxxkAAAGgghWEAIIsxEAAAmmh+IGw4+5jCMABwHWMgAAA01aefhJGTu2NXAEBCjIEAANBgs3NthWEA4HPGQAAAaLjp9oVw6PXvxc4AgAQYAwEAIAEH3n0hvPTeudgZANBwxkAAAEjErh8cUhgGgMQZAwEAIBUKwwCQPGMgAACkRGEYAJJmDAQAgMQoDANAuoyBAACQIIVhAEiTMRAAABKlMAwA6TEGAgBAwhSGASAtxkAAAEiZwjAAJMUYCAAAqVMYBoBkGAMBAACFYQBIhDEQAAAIISgMA0AKjIEAAMDnFIYBoNmMgQAAwHUUhgGguYyBAADA9RSGAaCxjIHAda787L/FTgCAFHxWGDYIQjX4vwjkxRgIXG9+IHYBpXv18huxEwAKMDvXDjvPPR07A0pw0av7QE6MgQAAwKKm2xfCvuljsTMAoCaMgUAHv8Kian7yf34WOwGgQN+99P1wbObl2BlQoDf+6r/HTgC6YgwEoPLe+LFvWQL02963v6MwDH30k/87GzsB6IoxEOjgr45UzY8//SR2AkDR5gfChjN7RAygT87/xDM6kA9jINDBXx2pmtc//h+xEwDKMD+gMAx98pc//1+xE4CuGAOBDv/xr96OnUCprvzvD2MnAJREYRj6Y3auHTsB6IoxEOhgeKFyvCYMUCkKw1Au3+sE8mQMBDoZXqgQdWuAalIYhvJcbP9F7ASga8ZAIJMBhqoQtAGoLoVhKMd//utLsROArhkDgUwGGKri/Ef+Eg5QWQrDUIo/+/FbsROArhkDgUz/of1fYidQium/9vALUGkKw1Coqz//qXgIkCtjIJDpnZ/6ZSD9d/XnP/UNS4AaUBiG4rzyo4uxE4CeGAOBbJ9+Ei5f/SB2BYXy8AtQHwrDUIw//Z8zsROAnhgDgUW98qM3YydQqOM/mo6dAFAhCsOQvxMf/qfYCUBPjIHAoo7/5Z/HTqBQvhcIUD8Kw5Cfy1c/8MkUIHfGQGBR71z9r7ETKIyHX4CaUhiG3Lz4F9OxE4CeGQOBxc0PhJfeOxe7gkJ4+AWoMYVhyMW/+9Gfxk4AemYMBJbkg8X0i4dfgHqbnWuHyTP7Y2fAIi5f/SDMzrVjZwA9MwYCS/LBYvrBwy9AM7zz0VvhwbNPxc6ADPvffDF2ArAsxkBgaZ9+4lVhSucVYYDmOPH+aYVhWAZ/lAeKYgwEoo7/aDp2ArnyijBAs+ydOaIwDD146b1zQmr/n727jdErPczDfD/DhqwhO0ur+ei6DUjFH4lTJLup4hVSVIejNkaUxO1uUqBupBY7BVwOiYjdN1/+E8N76KJAbBTRYceL2VkE6LBtJFg/pGWlSpEjQ5xXDuqNuhCpQFYsZyNOq2pRR/DurK1sOQjn6Q8N15RE8uHHfLwf1/WPnPv9f3Cf89wPsG+UgUDT5d8aGwDnwHz+6192RBhgBj3xqeVv3RQPNP2dL/1SKwLwwJSBQNuNkg/9+q+0UrAnfvpl+zgAM+lGyTs/+be8YISGV177Wr76+ldaMYAHpgwE7snf+WfeTrL/XnvzjVz+Lfs4ALPKDcPQ9lO/+nwrAvBQlIHAPdn65qv59CsvtWLwUD7067+S3CitGABT7Ivf+EJGl59rxWAuvfLa13L51c+1YgAPRRkI3LO/++sfb0XgoXzgn/79VgSAGXDhKx9xwzDcxsrVS60IwENTBgL37PKrnzP8zb5xax7AfHHDMHy71958IxdeMc0D7D9lIHBfbJiwX9yaBzB/nvjUskIQdv2Vz/yCuRTgQCgDgfvi60D2w6dfecmteQDz6EbJE59a9mzB3LMVCBwkZSBw33wdyF47+7KtQIC5daPknZ/8W3ntzTdaSZhZf+Wz/0MrArBnlIHAffN1IHvJV4EAbH3z1bzjo6cVgsylT7/yUr74jS+0YgB7RhkIPBBfB7JXfvLXPtiKADAHFILMq/d+7udaEYA9pQwEHsjlVz9n8JuH9tzLH8vWN19txQCYEwpB5s3o8nPJ9u+2YgB7ShkIPLCf/NW/14rAHb325hv5wBVfBQLw7RSCzIvPf/3LufCVj7RiAHtOGQg8sK++/pU89/LHWjG4rQ98bjW5UVoxAOaQQpB58OOfPd+KAOwLZSDwUD5w5YMe1Llvn//6l/Oha59sxQCYYzcLQZeWMYtGl58zlQIcGmUg8HBulPyVz/xCKwXfxptwAO7F1jdfzQ999H12ipkpn37lJceDgUOlDAQe2uVXP5dPv/JSKwZJvAkH4D7dKHniU8sKQWbCa2++4fZg4NApA4E98d7Lf9txYZoMZQPwQG6UPPGJM7aKmXrv/PjfdHswcOiUgcDeuFGy+KmfbaWYc44HA/AwPvDykNHl51oxmEijy8/lq69/pRUD2HfKQGDPfPEbX/DGnjt6/y//vOPBADy0C1/5SN7z8Z9xIoGp8tzLH3M6ApgYykBgT33gygdt+vBdPvylz7g9GIA9c/nVz7lpmKnx+a9/OR+48sFWDODAKAOBvXWj5Mc/e97bet7y+a9/Oe/7NUPZAOytmzcNu8SMSfb5r385T3xqOblRWlGAA6MMBPbc1jdftR9Ikm/dmPfjnz3vARiA/XGj5L2/8tN2BJlInoOASaUMBPbFF7/xhbz/l3++FWPGLX7qZ+0EArDvLnzlI/mjH/lvnExgYrz25ht5x0dPew4CJpIyENg3H7r2SReKzLH3fPxn8sVvfKEVA4A98dXXv5K3f+gn8uEvfaYVhX0kCkNOAAAgAElEQVSlCAQmnTIQ2FcfeHmw5TOHnnv5Y7n86udaMQDYWzdK3veP/7u8/5d/3leCHApFIDANlIHAvnvv5b/thuE58tzLH8sHXh5aMQDYNx+69sm8/Zf+qucPDpQiEJgWykBg/90oeeJTyx7I54AiEICJsf27eeITZ1wuwoFQBALTRBkIHAyF4MxTBAIwiS585SMp63/JbAn75vNf/3Le/qGfUAQCU0MZCBwcheDMUgQCMNG2fzfv/ZWftiXInvv0Ky/liU8tJzdKKwowMZSBwMFSCM4cRSAA0+JD1z6Zt3/oJ/Lcyx9rRaHpuZc/lvf+yk8rAoGpU7LW1VYIYM8dqfknf2EtP/YDP9pKMsEUgQBMq3cc/5H80n/4NzyL8EDe8/GfyeVXP9eKAUyiDV8GAofjRskTnzjjzfwUG11+ThEIwNT66utfyROfOJP3fPxnHB3mnr3y2tdy/B/8F4pAYKodyX9yom+FAPbLJ1/9tbz+O/8q7z35RCvKBHnPx38mv7T5qVYMACbetd/9v/LzX/pQXn/jX+Vdf/iP53t+37HWT5hTH/7SZ3LqH/23uX79d1tRgEm26ZgwMBEWH313Pvrnfjrf/z2/vxXlEL325ht5x0dPuy0PgNl0pOYXH//r+Wvv/MutJHPktTffyAc+t5oPXftkKwowDTaUgcDEeORtj+blv/g/5Ae//99tRTkEn//6l92WB8B8OPq9+cU/+VNKQfLpV17Kez/3c8m2rwGBmWEzEJgcW998NT/00fflw1/6TCvKAfu5/+N/zROfOKMIBGA+bP9uPvDykLL+l+wbz6nX3nwj7//ln//WbcGKQGDG+DIQmEjvO/kX84vvPuvY8CF77c038s6P/8189fWvtKIAMLt2vxR835/4jz2bzIEPf+kzed/nP6gEBGaVY8LA5HrkbY/mH73n2fzYD/xoK8o++PCXPpP3/drP+RoQAG46UvPMD/5knn3Xf6UUnEGvvPa1/Pg/Ou8lKDDrlIHA5HvmR/7zDIt/rRVjj7z25htZ/NTP5ovf+EIrCgBza/HRd+cX3vl+Ly1nwGtvvpHzL/0vufCVj7SiALNAGQhMiaPfm3/47p/Nn//Bd7WSPITnXv5YPnDlg74GBIB79I7jP5K/+YN/0WUjU2p0+blceOWXPPsA80QZCEyXP/UH/nQ++p6/5cbhPfb5r385P/mrf8+xGAB4UEdq3vdH/lJ+7sfe7zllCjz38sfygX/69+0CAvNIGQhMIXs9e+aV176Wn/rV53P51c+1ogDAPXrkbY/mv//jP+nCkQnz1nHga59UAgLzaivJP1YGAtPrSM35P3E6P/tn/8tWku/w1sOwYzEAsK8WH313Tv/RxfzVf+/PtaLsk1de+1pWrl7y3ANQ60aSq8pAYPod/d784p/8KW/f74ESEAAOyZGaxT/UKQYP0KdfeSl/99c/7gQEwE3KQGDmOD58R28dB/6tsRIQAA7bkZo/9f3/fk6fOOVl5h575bWv5R/8s8t59jc+7CgwwHeq9XySa8pAYCYtPvru/MI7358f+4EfbUVn2oe/9Jn83d/4RL74jS+0ogDAIXnkbY9m6d95d97/I//R3D+7PIjX3nwjH/r1X8kLmxueeQDuqv7lJN8oef7dL6aUJ1txgGn0yNsezd/4oz+Rc4//p3Pz1v2tXRzj2AAwfXa/GvzPHv0z+Qsn3qkcvINXXvta/uG/+LwCEOB+XK/fn+Rfl6x2oyzkg608wLT7U3/gT8/scZybR2L+3r/4RLa++WorDgBMi1vKwXf9oR/On//Bd7V+MbM+/cpL+Z9fuZz//V9+wfMOwP27Wk9vPJ4kJf/ju0/mWPlq6xcAs+TmF4PT/MbdAzEAzKd3HP+R/NnjP5T/4N/6kfzQ8R+Y2YLw06+8lE/93/9n/rffupKvvv6VVhyAu9nJX69nNoYkKbXWlLXucko51fodwEyagjfur735Rv7J17/sgRgAuK1H3vZoTnzPv533vP2H864/+Mfy9n/z+ybymeZ2bj7nvPRbv5nPfuOf5Qtv/HMvOgH22vX6jnpufC35vTJwKaX8T42fAcyNR972aP707/+hPPZ9j+Yv/JE/k7d/z+8/sC8IP/3KS/nt/+938tK//I189rd/M1984zdt/wEAD+ZIzTu+74/lxPf84Tz2fY/m7cceybv+0A8nSZ74gR89sOmUV177Wv75b/8/bz3jXP2dV7P55v+br/7ObyQ3SuvnADyMWi/V5fFTN/9Zav3WZcJlrbuWUk7c8YcAvPVAnSTf92+8Le95+w83fnB3n/3t38zv/OtvJomv/QCAQ/PI2x7N23/f97317z97/IfyB49+711+cXu3Ptsknm8AJsKN+p56dnz55j9vLQN9HQgAAAAAs6LWjbo8Xrz1vxbe+tvyeD21bn7nbwAAAACAKbST/jv/ayHf7rsCAAAAAMCUqfXSrceDb/q2MnD368CN7wwBAAAAAFNjK9sZ3e4P3/llYLKdpSRb3/X/AAAAAMDk20lfz42v3e5P31UG1nPja7c7TwwAAAAATLhaN+qZjeFOf/7uLwOT1DMbQ2q9dLu/AQAAAAATaSvbeepugduWgUluHhe+ese/AwAAAACTo9bFem78+t0idywD67nx67leF1Pr5p0yAAAAAMAEqPW/rsvjK63Ynb8MzG4hmDwVF4oAAAAAwGT6VhG43ooljTIwSery+Equ18fjyDAAAAAATJb7KAKTpNRaW5kkSVnpjudo1lPKk60sAAAAALCvtlLr4r0cDb7VPZeBN5XnT42ykD7JI60sAAAAALDHar2U7Sy1Lgu5nfsuA5OkrHQnczSDrwQBAAAA4IDUupmdLNWz48ut6J08UBl4U1ntFnOkDEkea2UBAAAAgAeylZ309czG0Aq2PFQZeFNZ65ZSyhBHhwEAAABgL13M9Tp6kCPBt7MnZWDy1gUjfUp5ppUFAAAAAO6i1o0ko/u9IKRlz8rAm3b3BNdTyqlWFgAAAAC4Ra2bKRnV0+MXW9EHsedl4E1ltVvMQtZTyolWFgAAAADm3FZqHeryuG8FH8a+lYE3ledPjbKQPvYEAQAAAOB2LuZ67eu58bVW8GHtexmY7O4JHitDkqdbWQAAAACYC7VuZCd9PTu+3IrulQMpA28qa93jSQZ7ggAAAADMsa3UOqrL4/VWcK8daBl4U3mheyo1gz1BAAAAAOZKreeznaGeG7/eiu6HQykDk92jw0czSimj2BMEAAAAYJbVeinbGR3ELuDdHFoZeFNZ6U7mWOljTxAAAACA2XM1N+roIHcB7+bQy8Cbymq3mIX09gQBAAAAmAFb2Ulfz2wMreBBmpgy8Kay1i2llCGODgMAAAAwjWq9kO30h7ULeDcTVwYm37Yn+GwrCwAAAAATodaNbGfpsHcB72Yiy8Cbykp3MkczpJQnW1kAAAAAOBS1bmYnS5OyC3g3E10G3lRWu8UcKUOSx1pZAAAAADggW6l1qMvjvhWcFFNRBt5Unj81ykL62BMEAAAA4HBdzPU6msRdwLuZqjIweWtPsE8pz7SyAAAAALCnat1IMqrL4yut6CSaujLwpt09wfWUcqqVBQAAAICHUutmSkb19PjFVnSSTW0ZeFNZ7RazkPWUcqKVBQAAAID7tJVah2xnmLYjwbcz9WXgTWWt61PKKPYEAQAAANgbF3O99vXc+ForOC1mpgxMdvcEj5UhydOtLAAAAADcwdXcqKN6dny5FZw2M1UG3lTWuseTDPYEAQAAALgPW6l1VJfH663gtJrJMvCmstYtJentCQIAAABwV7Wen5VdwLuZ6TIw2T06fDQje4IAAAAAfJdaL2U7o1naBbybmS8Dbyor3ckcK33sCQIAAABQ62Z2sjSLu4B3Mzdl4E1ltVvMkTIkeayVBQAAAGDmbGUnfT2zMbSCs2juysCbylq3lFKGODoMAAAAMB9qvZDt9LO+C3g3c1sGJt+2J/hsKwsAAADAlKp1I9tZmpddwLuZ6zLwprLSnczRDCnlyVYWAAAAgClR62ZKRvX0+MVWdF4oA29RVrvFLGQ9pZxoZQEAAACYWFupdajL474VnDfKwNsoz58aZSF97AkCAAAATJuLuV5H87wLeDfKwDvY3RPsU8ozrSwAAAAAh6zWjSSjujy+0orOM2VgQ1nrHk8ypJRTrSwAAAAAB6zWzSR9XR6vt6IoA+9ZeaF7KjWDPUEAAACAibCVWodsZ3Ak+N4pA+9TWev6lDKKPUEAAACAw1HrpWxnVM+Nr7WifDtl4AMoK93xHCtDkqdbWQAAAAD2zNXcqKN6dny5FeT2lIEPoax2i1lIb08QAAAAYF9tpdaRXcCHpwzcA2WtW0rS2xMEAAAA2GO1nrcLuHeUgXukrHTHczQje4IAAAAAe6DWjWxnyS7g3lIG7rGy0p3M0Qwp5clWFgAAAIDvUOtmdrJkF3B/KAP3SVntFnOkDEkea2UBAAAAyFZ20tczG0MryINTBu6zstYtpZQhjg4DAAAA3F6tF7Kd3i7g/lMGHoBb9gSfbWUBAAAA5katG0lGdXl8pRVlbygDD9DunuB6SjnVygIAAADMrFo3UzKqp8cvtqLsLWXgISir3WIWsp5STrSyAAAAADNkK7UOdXnct4LsD2XgISrPnxplIX3sCQIAAACz72Ku15FdwMOlDDxkZaU7nmNlSPJ0KwsAAAAwdWrdyE76enZ8uRVl/ykDJ0RZ6x5PMtgTBAAAAGZCrZtJ+ro8Xm9FOTjKwAlTXuieSs1gTxAAAACYWrWez3YGR4InjzJwQpW1rk8po9gTBAAAAKZFrZeynVE9N77WinI4lIETrKx0J3Os9LEnCAAAAEy2q7lRR3YBJ58ycAqU1W4xC+ntCQIAAAATZiu1juwCTg9l4BQpa91Skt6eIAAAAHDoar2Q7fR2AaeLMnDKlJXueI5mlFKebWUBAAAA9lytG9nOkl3A6aQMnFJlpTuZoxlSypOtLAAAAMBDq3UzO1myCzjdlIFTrqx2izlShiSPtbIAAAAAD2ArO+nrmY2hFWTyKQNnRFnrllLKkOSRVhYAAADgHl3M9TqyCzg7lIEzZHdPsE8pz7SyAAAAAHdU60aSUV0eX2lFmS7KwBm0uye4nlJOtbIAAAAAb6l1MyWjenr8YivKdFIGzrCy2i1mIesp5UQrCwAAAMy1rdQ6ZDuDI8GzTRk4B8pa16eUUewJAgAAAN/tYq7Xvp4bX2sFmX7KwDlRVrrjOVaGJE+3sgAAAMAcqHUjO+nr2fHlVpTZoQycM2WtezzJYE8QAAAA5tZWah3V5fF6K8jsUQbOqfJC91RqBnuCAAAAMEdqPW8XcL4pA+dYWemO52hG9gQBAABgxtV6KdsZ2QVEGUjKSncyx0ofe4IAAAAwa67mRh3ZBeQmZSBvKavdYhbS2xMEAACAqbeVnfT1zMbQCjJflIF8l7LWLaWUIY4OAwAAwPSp9UK209sF5HaUgdzWLXuCz7ayAAAAwASodSPbWbILyN0oA7mrstKdzNEMKeXJVhYAAAA4BLVuZidLdgG5F8pA7klZ7RZzpAxJHmtlAQAAgAOxlVqHujzuW0G4SRnIfSnPnxplIX3sCQIAAMBhupjrdWQXkPulDOS+7e4J9inlmVYWAAAA2EO1biQZ1eXxlVYUbkcZyAPb3RNcTymnWlkAAADgIdS6maSvy+P1VhTuRhnIQysvdE+lZkgpJ1pZAAAA4L5spdYh2xkcCWYvKAPZM2Wt61PKKPYEAQAAYC9czPXa13Pja60g3CtlIHuqrHTHc6wMSZ5uZQEAAIDbupobdVTPji+3gnC/lIHsi7LWPZ5ksCcIAAAA92wrtY7sArKflIHsq7LWLSXp7QkCAADAXdR63i4gB0EZyL4rK93xHM3IniAAAAB8h1ovZTsju4AcFGUgB6asdCdzrPSxJwgAAMC8q3UzO1myC8hBUwZy4Mpqt5gjZUjyWCsLAAAAM2YrO+nrmY2hFYT9oAzk0JS1bimlDHF0GAAAgHlQ64Vsp7cLyGFSBnKobtkTfLaVBQAAgKlU60a2s2QXkEmgDGQilJXuZI5mPaWcamUBAABgKtS6mZJRPT1+sRWFg6IMZKKU1W4xC1lPKSdaWQAAAJhQW6l1qMvjvhWEg6YMZCKV50+NspA+9gQBAACYLhdzvY7sAjKplIFMrN09wT6lPNPKAgAAwKGqdSM76evZ8eVWFA6TMpCJV9a6x5MM9gQBAACYOLVuJunr8ni9FYVJoAxkapQXuqdSM9gTBAAAYAJspdYh2xkcCWaaKAOZOmWt61PKKPYEAQAAOAy1Xsp2RvXc+ForCpNGGchUKivd8RwrQ5KnW1kAAADYI1dzo47sAjLNlIFMtbLaLWYhvT1BAAAA9tFWah3ZBWQWKAOZCWWtW0rS2xMEAABgT9V63i4gs0QZyMwoK93xHM3IniAAAAAPrdaNbGfJLiCzRhnIzCkr3ckczZBSnmxlAQAA4NvUupmdLNkFZFYpA5lZZbVbzJEyJHmslQUAAGDubWUnfT2zMbSCMM2Ugcy8stYtpZQhjg4DAABwO7VeyHZ6u4DMA2Ugc2F3T7BPKc+0sgAAAMyJWjeSjOry+EorCrNCGchc2d0TXE8pp1pZAAAAZlStmykZ1dPjF1tRmDXKQOZSWe0Ws5D1lHKilQUAAGBmbKXWoS6P+1YQZpUykLlWnj81ykL62BMEAACYdRdzvfb13PhaKwizTBnI3Csr3fEcK0OSp1tZAAAApkytG9lJX8+OL7eiMA+UgbCrrHWPJxnsCQIAAMyAWjeT9HV5vN6KwjxRBsJ3KC90T6VmsCcIAAAwpWo9n+0M9dz49VYU5o0yEO6grHV9ShnFniAAAMB0qPVStjOyCwh3pgyEuygr3ckcK33sCQIAAEyyq7lRR3YBoU0ZCPegrHaLWUhvTxAAAGCibKXWkV1AuHfKQLgPZa1bStLbEwQAADhktV7Idnq7gHB/lIFwn8pKdzxHM0opz7ayAAAA7LFaN7KdJbuA8GCUgfCAykp3MkczpJQnW1kAAAAeUq2b2cmSXUB4OMpAeEhltVvMkTIkeayVBQAA4L5tpdahLo/7VhBoUwbCHinPnxplIX2SR1pZAAAA7snFXK8ju4Cwd5SBsId29wT7lPJMKwsAAMAd1LqRZFSXx1daUeD+KANhH+zuCa6nlFOtLAAAALtq3UzJqJ4ev9iKAg9GGQj7qKx2i1nIeko50coCAADMsa3UOmQ7gyPBsL+UgXAAylrXp5RR7AkCAAB8p4u5Xvt6bnytFQQenjIQDkhZ6Y7nWBmSPN3KAgAAzLxaN7KTvp4dX25Fgb2jDIQDVta6x5MM9gQBAIA5tZVaR3V5vN4KAntPGQiHpLzQPZWawZ4gAAAwN2o9bxcQDpcyEA5RWemO52hG9gQBAICZVuulbGdkFxAOnzIQJkBZ6U7mWOljTxAAAJgtV3OjjuwCwuRQBsIEKavdYhbS2xMEAACm3FZ20tczG0MrCBwsZSBMoLLWLaWUIY4OAwAA06bWC9lObxcQJpMyECbULXuCz7ayAAAAh67WjWxnyS4gTDZlIEy4stKdzNEMKeXJVhYAAODA1bqZklE9PX6xFQUOnzIQpsTunuB6SjnRygIAAByArdQ61OVx3woCk0MZCFOmPH9qlIX0sScIAAAcnou5Xkd2AWH6KANhCu3uCfYp5ZlWFgAAYM/UupFkVJfHV1pRYDIpA2GK7e4JrqeUU60sAADAA6t1M0lfl8frrSgw2ZSBMAPKC91TqRnsCQIAAHtsK7UO2c7gSDDMBmUgzJCy1vUpZRR7ggAAwMO7mOu1r+fG11pBYHooA2HGlJXueI6VIcnTrSwAAMBtXM2NOqpnx5dbQWD6KANhRpW17vEkgz1BAADgHm2l1pFdQJhtykCYcWWtW0rS2xMEAADuqNbzdgFhPigDYQ6Ule54jmZkTxAAAPg2tV7KdkZ2AWF+KANhjpSV7mSOZkgpT7ayAADADKt1MztZsgsI80cZCHOorHaLOVKGJI+1sgAAwEzZyk76emZjaAWB2aQMhDlW1rqllDLE0WEAAJh9tV7Idnq7gDDflIEw527ZE3y2lQUAAKZQrRtJRnV5fKUVBWafMhBI8tae4HpKOdXKAgAAU6DWzZSM6unxi60oMD+UgcC3KavdYhaynlJOtLIAAMBE2kqtQ10e960gMH+UgcBtledPjbKQPvYEAQBgmlzM9TqyCwjciTIQuKPdPcE+pTzTygIAAIeo1o3spK9nx5dbUWC+KQOBprLWPZ5ksCcIAAATptbNJH1dHq+3ogCJMhC4D+WF7qnUDPYEAQDg0G2l1iHbGRwJBu6HMhC4b2Wt61PKKPYEAQDg4NV6KdsZ1XPja60owHdSBgIPpKx0x3OsDEmebmUBAIA9cTU36sguIPAwlIHAQymr3WIW0tsTBACAfbOVWkd2AYG9oAwE9kRZ65aS9PYEAQBgD9V63i4gsJeUgcCeKSvd8RzNKKU828oCAAB3UetGtrNkFxDYa8pAYM+Vle5kjmZIKU+2sgAAwC1q3cxOluwCAvtFGQjsm7LaLeZIGZI81soCAMCc28pO+npmY2gFAR6GMhDYd2WtW0opQ5JHWlkAAJhDF3O9juwCAgdBGQgciN09wT6lPNPKAgDAXKh1I8moLo+vtKIAe0UZCByo3T3B9ZRyqpUFAICZVOtmSkb19PjFVhRgrykDgUNRVrvFLGQ9pZxoZQEAYEZspdahLo/7VhBgvygDgUNVnj81ykL62BMEAGC2Xcz12tdz42utIMB+UgYCh66sdMdzrAxJnm5lAQBgqtS6kZ309ez4cisKcBCUgcDEKGvd40kGe4IAAEy9WjeT9HV5vN6KAhwkZSAwccoL3VOpGewJAgAwlWo9n+0M9dz49VYU4KApA4GJVda6PqWMYk8QAIBpUOulbGdkFxCYZMpAYKKVle5kjpU+9gQBAJhcV3OjjuwCAtNAGQhMhbLaLWYhvT1BAAAmyFZ20tczG0MrCDAplIHAVClr3VJKGeLoMAAAh6nWC9lObxcQmDbKQGDqlJXueI5mlFKebWUBAGBP1bqR7SzZBQSmlTIQmFplpTuZoxlSypOtLAAAPJRaN7OTJbuAwLRTBgJTr6x2izlShiSPtbIAAHCftlLrUJfHfSsIMA2UgcDMKM+fGmUhfewJAgCwNy7meh3ZBQRmiTIQmCm7e4J9SnmmlQUAgNuqdSPJqC6Pr7SiANNGGQjMpN09wfWUcqqVBQCAJN/aBSwZ1dPjF1tRgGmlDARmWlntFrOQ9ZRyopUFAGBubaXWIdsZHAkGZp0yEJgLZa3rU8oo9gQBAPh2F3O99vXc+ForCDALlIHA3Cgr3fEcK0OSp1tZAABmXK0b2Ulfz44vt6IAs0QZCMydstY9nmSwJwgAMJe2UuuoLo/XW0GAWaQMBOZWeaF7KjWDPUEAgDlR63m7gMC8UwYCc62sdMdzNCN7ggAAM6zWS9nOyC4ggDIQIElSVrqTOVb62BMEAJgdtW5mJ0t2AQF+jzIQ4BZltVvMkTIkeayVBQBgYm1lJ309szG0ggDzRhkIcBtlrVtKKUMcHQYAmC61Xsh2eruAALenDAS4g1v2BJ9tZQEAOGS1bmQ7S3YBAe5OGQjQUFa6kzmaIaU82coCAHDAat1MyaieHr/YigKgDAS4Z2W1W8xC1lPKiVYWAIB9t5Vah7o87ltBAH6PMhDgPpXnT42ykD72BAEADsvFXK8ju4AA908ZCPAAdvcE+5TyTCsLAMAeqXUjyaguj6+0ogDcnjIQ4CHs7gmup5RTrSwAAA+o1s0kfV0er7eiANydMhBgD5QXuqdSM9gTBADYU1updch2BkeCAfaGMhBgD5W1rk8po9gTBAB4WBdzvfb13PhaKwjAvVMGAuyxstIdz7EyJHm6lQUA4LtczY06qmfHl1tBAO6fMhBgn5TVbjEL6e0JAgDck63UOrILCLC/lIEA+6ysdUtJenuCAAB3UOt5u4AAB0MZCHAAykp3PEczsicIAHCLWjeynSW7gAAHRxkIcIDKSncyRzOklCdbWQCAmVXrZnayZBcQ4OApAwEOQVntFnOkDEkea2UBAGbIVnbS1zMbQysIwP5QBgIcorLWLaWUIY4OAwCzrtYL2U5vFxDgcCkDAQ7ZLXuCz7ayAABTp9aNJKO6PL7SigKw/5SBABNid09wPaWcamUBACZerZspGdXT4xdbUQAOjjIQYMKU1W4xC1lPKSdaWQCACbSVWoe6PO5bQQAOnjIQYEKV50+NspA+9gQBgOlxMdfryC4gwORSBgJMsN09wT6lPNPKAgAcmlo3spO+nh1fbkUBOFzKQIApUNa6x5MM9gQBgIlS62aSvi6P11tRACaDMhBgipQXuqdSM9gTBAAO2VZqHbKdwZFggOmiDASYQmWt61PKKPYEAYCDVuulbGdUz42vtaIATB5lIMCUKivdyRwrfZKnW1kAgD1wNTfqyC4gwHRTBgJMubLaLWYhvT1BAGCfbKXWkV1AgNmgDASYEWWtW0rS2xMEAPZMrReynd4uIMDsUAYCzJCy0h3P0YxSyrOtLADAHdW6ke0s2QUEmD3KQIAZVFa6kzmaIaU82coCALyl1s3sZMkuIMDsUgYCzLCy2i3mSBmSPNbKAgBzbSs76euZjaEVBGC6KQMB5kBZ65ZSypDkkVYWAJg7F3O9juwCAswHZSDAnNjdE+xTyjOtLAAwB2rdSDKqy+MrrSgAs0MZCDBndvcE11PKqVYWAJhBtW6mZFRPj19sRQGYPcpAgDlVVrvFLGQ9pZxoZQGAmbCVWoe6PO5bQQBmlzIQYM6V50+NspA+9gQBYJZdzPXa13Pja60gALNNGQjAt/YEj5UhydOtLAAwRWrdyE76enZ8uRUFYD4oAwF4S1nrHk8y2BMEgKm3lVpHdXm83goCME65BIQAAA9ZSURBVF+UgQB8l/JC91RqBnuCADCFaj2f7Qz13Pj1VhSA+aMMBOC2ykp3PEczSimj2BMEgMlX66VsZ2QXEIC7UQYCcFdlpTuZY6WPPUEAmFRXc6OO7AICcC+UgQDck7LaLWYhvT1BAJgYW9lJX89sDK0gANykDATgvpS1bimlDHF0GAAOT60Xsp3eLiAA90sZCMB9u2VP8NlWFgDYQ7VuZDtLdgEBeFDKQAAeWFnpTuZohpTyZCsLADyEWjezkyW7gAA8LGUgAA+trHaLOVKGJI+1sgDAfdlKrUNdHvetIADcC2UgAHumPH9qlIX0sScIAHvhYq7XkV1AAPaSMhCAPbW7J9inlGdaWQDgNmrdSDKqy+MrrSgA3C9lIAD7YndPcD2lnGplAYB8axewZFRPj19sRQHgQSkDAdhXZbVbzELWU8qJVhYA5tRWah2yncGRYAD2mzIQgANR1ro+pYxiTxAAbnUx12tfz42vtYIAsBeUgQAcmLLSHc+xMiR5upUFgBl3NTfqqJ4dX24FAWAvKQMBOHBlrXs8yWBPEIA5tJVaR3V5vN4KAsB+UAYCcGjKWreUpLcnCMBcqPW8XUAADpsyEIBDVVa64zmakT1BAGZWrZeynZFdQAAmgTIQgIlQVrqTOVb62BMEYFbUupmdLNkFBGCSKAMBmChltVvMkTIkeayVBYAJtZWd9PXMxtAKAsBBUwYCMJHKWreUUoY4OgzANKn1QrbT2wUEYFIpAwGYWLfsCT7bygLAoap1I9tZsgsIwKRTBgIw8cpKdzJHM6SUJ1tZADhQtW6mZFRPj19sRQFgEigDAZgaZbVbzELWU8qJVhYA9tlWah3q8rhvBQFgkigDAZg65flToyykjz1BAA7HxVyvI7uAAEwjZSAAU2l3T7BPKc+0sgCwJ2rdSDKqy+MrrSgATCplIABTrax1jycZUsqpVhYAHkitm0n6ujxeb0UBYNIpAwGYCeWF7qnUDPYEAdhDW6l1yHYGR4IBmBXKQABmSlnr+pQyij1BAB5GrZeynVE9N77WigLANFEGAjBzykp3PMfKkOTpVhYAvsPV3KijenZ8uRUEgGmkDARgZpXVbjEL6e0JAnAPtlLryC4gALNOGQjAzCtr3VKS3p4gALdV63m7gADMC2UgAHOhrHTHczQje4IAvKXWjWxnyS4gAPNEGQjAXCkr3ckczZBSnmxlAZhRtW5mJ0t2AQGYR8pAAOZSWe0Wc6QMSR5rZQGYGVvZSV/PbAytIADMKmUgAHOtrHVLKWWIo8MAs63WC9lObxcQgHmnDARg7t2yJ/hsKwvAlKl1I8moLo+vtKIAMA+UgQCwa3dPcD2lnGplAZhwtW6mZFRPj19sRQFgnigDAeA7lNVuMQtZTyknWlkAJs5Wah3q8rhvBQFgHikDAeAOyvOnRllIH3uCANPiYq7Xvp4bX2sFAWBeKQMB4C7KSnc8x8qQ5OlWFoBDUutGdtLXs+PLrSgAzDtlIADcg7LWPZ5ksCcIMEFq3UzS1+XxeisKAHyLMhAA7kN5oXsqNYM9QYBDVuv5bGeo58avt6IAwO9RBgLAAyhrXZ9SRrEnCHCwar2U7YzsAgLAg1EGAsADKivdyRwrfewJAhyEq7lRR3YBAeDhKAMB4CGV1W4xC+ntCQLsi63UOrILCAB7QxkIAHukrHVLSXp7ggB7pNYL2U5vFxAA9o4yEAD2UFnpjudoRinl2VYWgDuodSPbWbILCAB7TxkIAPugrHQnczRDSnmylQVgV62b2cmSXUAA2D/KQADYR2W1W8yRMiR5rJUFmGNb2Ulfz2wMrSAA8HCUgQBwAMpat5RShiSPtLIAc+ZirteRXUAAOBjKQAA4ILt7gn1KeaaVBZh5tW4kGdXl8ZVWFADYO8pAADhgu3uC6ynlVCsLMHNq3UzJqJ4ev9iKAgB7TxkIAIekrHaLWch6SjnRygLMgK3UOmQ7gyPBAHB4lIEAcMjKWtenlFHsCQKz62Ku176eG19rBQGA/aUMBIAJUFa64zlWhiRPt7IAU6PWjeykr2fHl1tRAOBgKAMBYIKUte7xJIM9QWDKbaXWUV0er7eCAMDBUgYCwAQqL3RPpWawJwhMnVrP2wUEgMmlDASACVVWuuM5mpE9QWAq1Hop2xnZBQSAyaYMBIAJV1a6kzlW+tgTBCbT1dyoI7uAADAdlIEAMCXKareYhfT2BIEJsZWd9PXMxtAKAgCTQxkIAFOmrHVLKWWIo8PAYan1QrbT2wUEgOmjDASAKXTLnuCzrSzAnql1I9tZsgsIANNLGQgAU6ysdCdzNENKebKVBXhgtW5mJ0t2AQFg+ikDAWAGlNVuMUfKkOSxVhbgPmyl1qEuj/tWEACYDspAAJgh5flToyykjz1B4OFdzPU6sgsIALNFGQgAM2Z3T7BPKc+0sgDfpdaNJKO6PL7SigIA00cZCAAzandPcD2lnGplAVLrZpK+Lo/XW1EAYHopAwFgxpUXuqdSM6SUE60sMJe2UuuQ7QyOBAPA7FMGAsCcKGtdn1JGsScI/J6LuV77em58rRUEAGaDMhAA5khZ6Y7nWBmSPN3KAjPtam7UUT07vtwKAgCzRRkIAHOorHWPJxnsCcLc2UqtI7uAADC/lIEAMMfKWreUpLcnCHOg1vN2AQEAZSAAzLmy0h3P0YzsCcKMqvVStjOyCwgAJMpAAGBXWelO5ljpY08QZkOtm9nJkl1AAOBWykAA4NuU1W4xR8qQ5LFWFphIW9lJX89sDK0gADB/lIEAwG2VtW4ppQxxdBimR60Xsp3eLiAAcCfKQADgjm7ZE3y2lQUOUa0b2c6SXUAAoEUZCAA0lZXuZI5mPaWcamWBA1TrZkpG9fT4xVYUACBRBgIA96GsdotZyHpKOdHKAvtqK7UOdXnct4IAALdSBgIA9608f2qUhfSxJwiH4WKu15FdQADgQSgDAYAHsrsn2KeUZ1pZYA/UupGd9PXs+HIrCgBwJ8pAAOChlLXu8SSDPUHYJ7VuJunr8ni9FQUAaFEGAgB7orzQPZWawZ4g7Jmt1DpkO4MjwQDAXlEGAgB7qqx1fUoZxZ4gPLhaL2U7o3pufK0VBQC4H8pAAGDPlZXueI6VIcnTrSzwba7mRh3ZBQQA9osyEADYN2W1W8xCenuC0LSVWkd2AQGA/aYMBAD2XVnrlpL09gThNmo9bxcQADgoykAA4ECUle54jmZkTxB21bqR7SzZBQQADpIyEAA4UGWlO5mjGVLKk60szKRaN7OTJbuAAMBhUAYCAIeirHaLOVKGJI+1sjAjtrKTvp7ZGFpBAID9ogwEAA5VWeuWUsoQR4eZbRdzvY7sAgIAh00ZCAAcut09wT6lPNPKwlSpdSPJqC6Pr7SiAAAHQRkIAEyM3T3B9ZRyqpWFiVbrZkpG9fT4xVYUAOAgKQMBgIlTVrvFLGQ9pZxoZWHCbKXWoS6P+1YQAOAwKAMBgIlVnj81ykL62BNkOlzM9drXc+NrrSAAwGFRBgIAE62sdMdzrAxJnm5l4VDUupGd9PXs+HIrCgBw2JSBAMBUKGvd40kGe4JMjFo3k/R1ebzeigIATAplIAAwVcoL3VOpGewJcqhqPZ/tDPXc+PVWFABgkigDAYCpVNa6PqWMYk+Qg1TrpWxnZBcQAJhWykAAYGqVle5kjpU+9gTZf1dzo47sAgIA004ZCABMvbLaLWYhvT1B9sFWah3ZBQQAZoUyEACYGWWtW0rS2xNkT9R6Idvp7QICALNEGQgAzJSy0h3P0YxSyrOtLNxWrRvZzpJdQABgFikDAYCZVFa6kzmaIaU82cpCkqTWzexkyS4gADDLlIEAwEwrq91ijpQhyWOtLHNrK7UOdXnct4IAANNOGQgAzIXy/KlRFtIneaSVZa5czPU6sgsIAMwLZSAAMDd29wT7lPJMK8uMq3Ujyaguj6+0ogAAs0QZCADMnd09wfWUcqqVZcbUupmSUT09frEVBQCYRcpAAGBuldVuMQtZTyknWlmm3lZqHbKdwZFgAGCeKQMBgLlX1ro+pYxiT3BWXcz12tdz42utIADArFMGAgBkd0/wWBmSPN3KMiVq3chO+np2fLkVBQCYF8pAAIBblLXu8SSDPcGptpVaR3V5vN4KAgDMG2UgAMBtlBe6p1Iz2BOcMrWetwsIAHBnykAAgDsoK93xHM3InuAUqPVStjOyCwgAcHfKQACAhrLSncyx0see4CS6mht1ZBcQAODeKAMBAO5RWe0Ws5DenuBE2MpO+npmY2gFAQD4PcpAAID7VNa6pZQyxNHhw1HrhWyntwsIAHD/lIEAAA/glj3BZ1tZ9kitG9nOkl1AAIAHpwwEAPj/27mbm7jOMArA5yMS2boD00FcwYUOcAdhZZIFyu0gkw5uxAKT1dAB6cBMBbgDs/N2lpCEN4sQyUosX2wPzA/PI32bT6eCI73nK7TjbifbGdLa/liWL1R1lZa+Xs3Ox6IAAHyaMhAAYAHu9gSnae35WJZ7m6dqqMPZZCwIAMD9KAMBABaovd7ts5VJ7Al+rbNcV28XEABgsZSBAAALdrcnOElrP41l+Y+qiyR9Hc4ux6IAAHw+ZSAAwAO52xOcprXdseyTV3WVZFKHs+lYFACAL6cMBAB4YO237mUqgz3Bj5qnashNBifBAAAPTxkIAPBI2mk3SWt97An+6yzXNamj2buxIAAAi6EMBAB4RO24e5Zv25Dk+7HsBnubv6qvH2dvxoIAACyWMhAAYAnaafciyfDE9gTnqertAgIALI8yEABgidppd5BksvF7glW/2AUEAFg+ZSAAwJK14+5ZttNv5J5g1e+5SW8XEABgNSgDAQBWRDvudrKdIa3tj2VXXtVVbnNgFxAAYLUoAwEAVkw76fbyTRuSfDeWXUHz3GZSP1wMY0EAAB6fMhAAYEW10+4grQ1Zl9Phql9zk4ldQACA1aUMBABYYR/sCf48ll2aqoskfR3OLseiAAAslzIQAGAN3O0JTtPa7lj20VRdpaWvV7PzsSgAAKtBGQgAsEbaSbeXrUzT2vOx7AOap2qow9lkLAgAwGpRBgIArKH2erfPViZ5/D3Bs1xXbxcQAGA9KQMBANbUB3uCfR6+FDzLdU3qaPZuLAgAwOpSBgIAbIB22h0keZnW9seyn+FtbjPNH3WuBAQA2AzKQACADXO3K7iXZC/Jzj33Beepukzyz7vJGwUgAMDmUQYCADwR7aR78b/PP/O+jmbvPxIHAGAD/Q02yHrDmoybSQAAAABJRU5ErkJggg=="/></g></svg>


--------------------------------------------------------------------------------
/install.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | LUA_MOD_DIR="./lua-mod"
  4 | NGINX_CONF="crowdsec_nginx.conf"
  5 | NGINX_CONF_DIR="/etc/nginx/conf.d/"
  6 | ACCESS_FILE="access.lua"
  7 | LIB_PATH="/usr/local/lua/crowdsec/"
  8 | CONFIG_PATH="/etc/crowdsec/bouncers/"
  9 | DATA_PATH="/var/lib/crowdsec/lua/"
 10 | LAPI_DEFAULT_PORT="8080"
 11 | SILENT="false"
 12 | 
 13 | usage() {
 14 |       echo "Usage:"
 15 |       echo "    ./install.sh -h                 Display this help message."
 16 |       echo "    ./install.sh                    Install the bouncer in interactive mode"
 17 |       echo "    ./install.sh -y                 Install the bouncer and accept everything"
 18 |       exit 0  
 19 | }
 20 | 
 21 | 
 22 | #Accept cmdline arguments to overwrite options.
 23 | while [[ $# -gt 0 ]]
 24 | do
 25 |     case $1 in
 26 |         -y|--yes)
 27 |             SILENT="true"
 28 |             shift
 29 |         ;;
 30 |         -h|--help)
 31 |             usage
 32 |         ;;
 33 |     esac
 34 |     shift
 35 | done
 36 | 
 37 | 
 38 | gen_apikey() {
 39 |     
 40 |     type cscli > /dev/null
 41 | 
 42 |     if [ "$?" -eq "0" ] ; then
 43 |         SUFFIX=`tr -dc A-Za-z0-9 </dev/urandom | head -c 8`
 44 |         API_KEY=`sudo cscli bouncers add crowdsec-nginx-bouncer-${SUFFIX} -o raw`
 45 |         PORT=$(cscli config show --key "Config.API.Server.ListenURI"|cut -d ":" -f2)
 46 |         if [ ! -z "$PORT" ]; then
 47 |             LAPI_DEFAULT_PORT=${PORT}
 48 |         fi
 49 |         echo "Bouncer registered to the CrowdSec Local API."
 50 |     else
 51 |         echo "cscli is not present, unable to register the bouncer to the CrowdSec Local API."
 52 |     fi
 53 |     CROWDSEC_LAPI_URL="http://127.0.0.1:${LAPI_DEFAULT_PORT}"
 54 |     mkdir -p "${CONFIG_PATH}"
 55 |     API_KEY=${API_KEY} CROWDSEC_LAPI_URL=${CROWDSEC_LAPI_URL} envsubst '$API_KEY $CROWDSEC_LAPI_URL' < ${LUA_MOD_DIR}/config_example.conf | sudo tee -a "${CONFIG_PATH}crowdsec-nginx-bouncer.conf" >/dev/null
 56 | }
 57 | 
 58 | check_nginx_dependency() {
 59 |     DEPENDENCY=(
 60 |         "libnginx-mod-http-lua"
 61 |         "luarocks"
 62 |         "lua5.1"
 63 |         "gettext-base"
 64 |     )
 65 |     for dep in ${DEPENDENCY[@]};
 66 |     do
 67 |         dpkg -l | grep ${dep} > /dev/null
 68 |         if [[ $? != 0 ]]; then
 69 |             if [[ ${SILENT} == "true" ]]; then
 70 |                 sudo apt-get install -y -qq ${dep} > /dev/null && echo "${dep} successfully installed"
 71 |             else
 72 |                 echo "${dep} not found, do you want to install it (Y/n)? "
 73 |                 read answer
 74 |                 if [[ ${answer} == "" ]]; then
 75 |                     answer="y"
 76 |                 fi
 77 |                 if [ "$answer" != "${answer#[Yy]}" ] ;then
 78 |                     sudo apt-get install -y -qq ${dep} > /dev/null && echo "${dep} successfully installed"
 79 |                 else
 80 |                     echo "unable to continue without ${dep}. Exiting" && exit 1
 81 |                 fi
 82 |             fi
 83 |         fi
 84 |     done
 85 | }
 86 | 
 87 | 
 88 | install() {
 89 |     sudo mkdir -p ${LIB_PATH}/plugins/crowdsec/
 90 |     sudo mkdir -p ${DATA_PATH}/templates/
 91 | 
 92 |     sudo cp nginx/${NGINX_CONF} ${NGINX_CONF_DIR}/${NGINX_CONF}
 93 |     sudo cp -r ${LUA_MOD_DIR}/lib/* ${LIB_PATH}/
 94 |     sudo cp -r ${LUA_MOD_DIR}/templates/* ${DATA_PATH}/templates/
 95 | 
 96 |     sudo luarocks install lua-resty-http  0.17.1-0
 97 |     sudo luarocks install lua-cjson 2.1.0.10-1
 98 | }
 99 | 
100 | 
101 | check_nginx_dependency
102 | gen_apikey
103 | install
104 | 
105 | 
106 | echo "crowdsec-nginx-bouncer installed successfully"
107 | 


--------------------------------------------------------------------------------
/nginx/crowdsec_nginx.conf:
--------------------------------------------------------------------------------
 1 | lua_package_path '/usr/local/lua/crowdsec/?.lua;;';
 2 | lua_shared_dict crowdsec_cache 50m;
 3 | lua_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
 4 | init_by_lua_block {
 5 |         cs = require "crowdsec"
 6 |         local ok, err = cs.init("/etc/crowdsec/bouncers/crowdsec-nginx-bouncer.conf", "crowdsec-nginx-bouncer/v1.1.1")
 7 |         if ok == nil then
 8 |                 ngx.log(ngx.ERR, "[Crowdsec] " .. err)
 9 |                 error()
10 |         end
11 |         ngx.log(ngx.ALERT, "[Crowdsec] Initialisation done")
12 | }
13 | 
14 | map $server_addr $unix {
15 | 	default       0;
16 | 	"~unix:" 1;
17 | }
18 | 
19 | access_by_lua_block {
20 | 	local cs = require "crowdsec"
21 | 	if ngx.var.unix == "1" then
22 | 		ngx.log(ngx.DEBUG, "[Crowdsec] Unix socket request ignoring...")
23 | 	else
24 | 		cs.Allow(ngx.var.remote_addr)
25 | 	end
26 | }
27 | 
28 | init_worker_by_lua_block {
29 |         cs = require "crowdsec"
30 |         local mode = cs.get_mode()
31 |         if string.lower(mode) == "stream" then
32 |            ngx.log(ngx.INFO, "Initializing stream mode for worker " .. tostring(ngx.worker.id()))
33 |            cs.SetupStream()
34 |         end
35 | 
36 |         if ngx.worker.id() == 0 then
37 |            ngx.log(ngx.INFO, "Initializing metrics for worker " .. tostring(ngx.worker.id()))
38 |            cs.SetupMetrics()
39 |         end
40 | }
41 | 


--------------------------------------------------------------------------------
/uninstall.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | REQUIRE_SCRIPT="./lua-mod/uninstall.sh"
 4 | NGINX_CONF="crowdsec_nginx.conf"
 5 | NGINX_CONF_DIR="/etc/nginx/conf.d/"
 6 | ACCESS_FILE="access.lua"
 7 | LIB_PATH="/usr/local/lua/crowdsec/"
 8 | DATA_PATH="/var/lib/crowdsec/lua/"
 9 | SILENT="false"
10 | 
11 | usage() {
12 |       echo "Usage:"
13 |       echo "    ./uninstall.sh -h                 Display this help message."
14 |       echo "    ./uninstall.sh                    Uninstall the bouncer in interactive mode"
15 |       echo "    ./uninstall.sh -y                 Uninstall the bouncer and accept everything"
16 |       exit 0  
17 | }
18 | 
19 | #Accept cmdline arguments to overwrite options.
20 | while [[ $# -gt 0 ]]
21 | do
22 |     case $1 in
23 |         -y|--yes)
24 |             SILENT="true"
25 |             shift
26 |         ;;
27 |         -h|--help)
28 |             usage
29 |         ;;
30 |     esac
31 |     shift
32 | done
33 | 
34 | 
35 | requirement() {
36 |     if [ -f "$REQUIRE_SCRIPT" ]; then
37 |         bash $REQUIRE_SCRIPT
38 |     fi
39 | }
40 | 
41 | 
42 | remove_nginx_dependency() {
43 |     DEPENDENCY=(
44 |         "libnginx-mod-http-lua"
45 |         "luarocks"
46 |         "lua5.1"
47 |         "gettext-base"
48 |     )
49 |     for dep in ${DEPENDENCY[@]};
50 |     do
51 |         dpkg -l | grep ${dep} > /dev/null
52 |         if [[ $? == 0 ]]; then
53 |             if [[ ${SILENT} == "true" ]]; then
54 |                 sudo apt-get install -y -qq ${dep} > /dev/null && echo "${dep} successfully removed"
55 |             else
56 |                 echo "${dep} found, do you want to remove it (Y/n)? "
57 |                 read answer
58 |                 if [[ ${answer} == "" ]]; then
59 |                     answer="y"
60 |                 fi
61 |                 if [ "$answer" != "${answer#[Yy]}" ] ;then
62 |                     apt-get remove --purge -y -qq ${dep} > /dev/null && echo "${dep} successfully removed"
63 |                 fi
64 |             fi
65 |         fi
66 |     done
67 | }
68 | 
69 | 
70 | uninstall() {
71 | 	rm ${NGINX_CONF_DIR}/${NGINX_CONF}
72 |     rm -rf ${DATA_PATH}
73 |     rm -rf ${LIB_PATH}
74 | }
75 | 
76 | if ! [ $(id -u) = 0 ]; then
77 |     log_err "Please run the uninstall script as root or with sudo"
78 |     exit 1
79 | fi
80 | requirement
81 | remove_nginx_dependency
82 | uninstall
83 | echo "crowdsec-nginx-bouncer uninstalled successfully"


--------------------------------------------------------------------------------
/upgrade.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | LUA_MOD_DIR="./lua-mod"
 4 | NGINX_CONF="crowdsec_nginx.conf"
 5 | NGINX_CONF_DIR="/etc/nginx/conf.d/"
 6 | ACCESS_FILE="access.lua"
 7 | LIB_PATH="/usr/local/lua/crowdsec/"
 8 | CONFIG_PATH="/etc/crowdsec/bouncers/"
 9 | CONFIG_FILE="${CONFIG_PATH}crowdsec-nginx-bouncer.conf"
10 | OLD_CONFIG_FILE="/etc/crowdsec/crowdsec-nginx-bouncer.conf"
11 | DATA_PATH="/var/lib/crowdsec/lua/"
12 | 
13 | install() {
14 |     mkdir -p ${LIB_PATH}/plugins/crowdsec/
15 |     mkdir -p ${DATA_PATH}/templates/
16 | 
17 | 	cp nginx/${NGINX_CONF} ${NGINX_CONF_DIR}/${NGINX_CONF}
18 |     cp -r ${LUA_MOD_DIR}/lib/* ${LIB_PATH}/
19 |     cp -r ${LUA_MOD_DIR}/templates/* ${DATA_PATH}/templates/
20 | }
21 | 
22 | migrate_conf() {
23 |     if [ -f "$CONFIG_FILE" ]; then
24 |         return
25 |     fi
26 |     if [ ! -f "$OLD_CONFIG_FILE" ]; then
27 |         return
28 |     fi
29 |     echo "Found $OLD_CONFIG_FILE, but no $CONFIG_FILE. Migrating it."
30 |     mv "$OLD_CONFIG_FILE" "$CONFIG_FILE"
31 | }
32 | 
33 | if ! [ $(id -u) = 0 ]; then
34 |     log_err "Please run the upgrade script as root or with sudo"
35 |     exit 1
36 | fi
37 | 
38 | if [ ! -d "${CONFIG_PATH}" ]; then
39 |     echo "crowdsec-nginx-bouncer is not installed, please run the ./install.sh script"
40 |     exit 1
41 | fi
42 | 
43 | install
44 | migrate_conf
45 | echo "crowdsec-nginx-bouncer upgraded successfully"


--------------------------------------------------------------------------------