rekahsoft
/
guix-north-america
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rekahsoft:master
Branches Tags
rekahsoft:master
rekahsoft:keyring
...
pull from: rekahsoft:keyring
Branches Tags
rekahsoft:master
rekahsoft:keyring

No commits in common. "master" and "keyring" have entirely different histories.
master ... keyring

10 changed files with 344 additions and 552 deletions
Show Stats Expand all files Collapse all files

7
.gitignore vendored
View File

@ -1,7 +0,0 @@
# Emacs
*~
# Private ssh key used for 'guix deploy'
# Note: 'guix deploy' will generate a public key for the provided private key
.deploy-key
.deploy-key.pub

11
.guix-authorizations
View File

@ -1,11 +0,0 @@
;; -*- mode: scheme; -*-
;; This is the list of OpenPGP keys currently authorized to sign commits in
;; this repository.
(authorizations
(version 0)
((;; primary: "F7BD DC6D BBE6 B16B 2C71 1A02 5FAB 9938 E05B FEC8"
"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022"
(name "rekahsoft"))))

7
.guix-channel
View File

@ -1,7 +0,0 @@
;; -*- mode: scheme; -*-
(channel
(version 0)
(directory ".guix")
(news-file "news.txt")
(url "https://git.rekahsoft.ca/rekahsoft/guix-north-america.git"))

130
.guix/guix-na/config/balg02.scm
View File

@ -1,130 +0,0 @@
;; (C) Copyright Collin J. Doering 2024
;;
;; This program is free software: you can redistribute it and/or modify
;; it under the terms of the GNU General Public License as published by
;; the Free Software Foundation, either version 3 of the License, or
;; (at your option) any later version.
;;
;; This program is distributed in the hope that it will be useful,
;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
;; GNU General Public License for more details.
;;
;; You should have received a copy of the GNU General Public License
;; along with this program. If not, see <http://www.gnu.org/licenses/>.
;; File: balg02.scm
;; Author: Collin J. Doering <collin@rekahsoft.ca>
;; Date: Feb 24, 2024
(define-module (guix-na config balg02)
#:use-module (gnu)
#:use-module (gnu system)
#:use-module (gnu packages bash)
#:use-module (gnu packages shells)
#:use-module (gnu services base)
#:use-module (gnu services cuirass)
#:use-module (gnu services networking)
#:use-module (gnu services ssh)
#:use-module (gnu services web)
#:export (balg02 %system))
(define %automation-user "auto")
(define (balg02 efi-boot-uuid)
(operating-system
(host-name "balg02")
(timezone "US/Central")
(locale "en_US.utf8")
(keyboard-layout (keyboard-layout "us"))
(kernel-arguments
(cons* "console=ttyS0,115200" "console=tty0"
%default-kernel-arguments))
(bootloader (bootloader-configuration
(bootloader grub-efi-bootloader)
(terminal-inputs '(console serial_1))
(terminal-outputs '(console serial_1))
(serial-unit 1)
(serial-speed 115200)
(targets '("/boot/efi"))))
(file-systems (append
(list (file-system
(device (file-system-label "root"))
(mount-point "/")
(type "btrfs")
(options "subvol=@,compress=zstd"))
(file-system
(device (file-system-label "root"))
(mount-point "/swap")
(type "btrfs")
(options "subvol=@swap"))
(file-system
(device (uuid efi-boot-uuid 'fat))
(mount-point "/boot/efi")
(type "vfat")))
%base-file-systems))
(swap-devices
(list (swap-space
(target "/swap/swapfile")
(dependencies (filter (file-system-mount-point-predicate "/swap")
file-systems)))))
(users (cons* (user-account
(name %automation-user)
(comment "Automation User")
(group "users")
(shell #~(string-append #$bash "/bin/bash"))
(supplementary-groups
'("wheel"))
(home-directory "/home/auto"))
(user-account
(name "collin")
(comment "Admin user")
(group "users")
(shell #~(string-append #$zsh "/bin/zsh"))
(supplementary-groups
'("wheel"))
(home-directory "/home/collin"))
%base-user-accounts))
(packages
(append
(map specification->package
'("nss-certs"
"recutils"
"openssh"
"tmux"
"emacs"
"emacs-guix"))
%base-packages))
(services
(append
(list
(service openssh-service-type
(openssh-configuration
(password-authentication? #f)
(allow-agent-forwarding? #t)
(authorized-keys
`(("auto" ,(local-file "../../../.pubkeys/deploy-key.pub"))
("collin" ,(local-file "../../../.pubkeys/collin.pub"))
("root" ,(local-file "../../../.pubkeys/collin.pub"))))))
(service static-networking-service-type
(list (static-networking
(addresses
(list (network-address
(device "eno8303")
(value "216.37.76.55/24"))))
(routes
(list (network-route
(destination "default")
(gateway "216.37.76.1"))))
(name-servers '("216.37.64.2" "216.37.64.3")))))
(service ntp-service-type))
%base-services))))
(define %system (balg02 "3AF8-9E67"))

1
.pubkeys/collin.pub
View File

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbkiHEE2y85M1qkOBG9p0nuplkFETuMmRudDJ2ryf2gakD1NGMbKz82EHWWyPagkXMHx0tw4TZyV/AOq2LqzH8ZVDAj+QOO2wkFIRIXr3rsZGeMO9kpaZORwdTMTABRPcIg+KteWXe7Qq4I1H3izSuIIbyOW2wFdHkMxWAJEGr2L/q8qMlYbCbDwj1v7AQQRUjy8a0pTyG9eZ6kmc0bVxuFGAsvKtJSPpYxFNNGr8f2EY977DkmHK146B+Ce6Vp9wFDV5PwIQOFnZFXLDoYkI/ndshW+7+LQKViYP/ftIMTt4LC/0BC56heHOKkTCE3FHo4W/0zxfJdcLLkfRoev9T

1
.pubkeys/deploy-key.pub
View File

@ -1 +0,0 @@
ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFxZRNws6tt/YwAvTzfEtsPBPsrBluYxVt8W2xpkYUem69FGZNyzg35yHRtUOQ4A2MRHS3wn5TO/FNQlKrj/Dd3hht3MLwP2Ilk7NnGMu+kFLmUSbhn9i1kHRMjCvJHkWA== collin@rekahsoft-mini

351
README.org
View File

@ -1,351 +0,0 @@
#+TITLE: Guix North America
#+AUTHOR: Collin J. Doering
#+begin_abstract
This repository contains setup and management instructions for a Guix North American Build
Farm.
#+end_abstract
* Install Guix on debian to be used to bootstrap the Guix os installation
Optionally, the below steps can be completed within tmux or screen. Tmux was installed and
used in this case using the following.
#+begin_src shell
sudo apt update
sudo apt install tmux
tmux
#+end_src
Following the [[https://guix.gnu.org/manual/en/html_node/Binary-Installation.html][Binary Installation]] section from the Guix manual to install guix.
#+begin_src shell
sudo apt install -y guix
#+end_src
This installs the Debian's packaged version of Guix, which likely is older then what's
available upstream. As such, update our installation of Guix (following the [[https://guix.gnu.org/manual/en/html_node/Upgrading-Guix.html][Updating Guix]]
documentation specific to foreign distros').
#+begin_src shell
sudo -i guix pull
sudo systemctl restart guix-daemon.service
#+end_src
* Define Guix operating-system for the machine
See: [[file:balg02.scm][balg02.scm]]
** Bootloader configuration
For this installation, debian and its bootloader Grub will be left in place. Because we want
to retain Guix's interactions with Grub (eg. to allow for restoring from failed upgrades to
an earlier generation), we will have debian's Grub chainload Guix's Grub. To do so, we will
need to manually adjust Debians' Grub in order to add another menu entry, and set it as the
default menu item.
Below is a snippet from debian's ~/etc/default/grub~.
#+begin_src text
GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8"
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8"
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=1 --word=8 --parity=no --stop=1"
#+end_src
From this we extract the necessary guix bootloader configuration options (for serial).
- serial-unit :: 1
- serial-speed :: 115200
- terminal-inputs :: console serial
- terminal-outputs :: console serial
*** Manual modifications to Debian's Grub
:PROPERTIES:
:CUSTOM_ID: manual_modifications_to_debians_grub
:END:
Modify grub config on debian to add an additional (and default) option to chainload Guix
grub.
- Add a menuitem for Guix in ~/etc/grub.d/40_custom~, where ~<EFI-UUID>~ is replaced with the
efi partition UUID.
#+begin_src text
menuentry "Gnu Guix" {
insmod part_gpt
insmod search_fs_uuid
insmod chain
search --fs-uuid --no-floppy --set=root <EFI-UUID>
chainloader ($root)/EFI/Guix/grubx64.efi
}
#+end_src
- Modify ~/etc/default/grub~ setting ~GRUB_DEFAULT="Gnu Guix"~
- Run ~grub-mkconfig -o /boot/grub/grub.cfg~
** Network configuration
Using the a snippet taken from ~/etc/network/interfaces~ on the existing debian installation
(below), we can extract the necessary details to configure Guix's static-networking-service.
- Interface :: eno8303
- Address :: 216.37.76.55/24
- Gateway :: 216.37.76.1
- DNS Name Servers :: 216.37.64.2 216.37.64.3
- DNS Search :: genenetwork.org
#+begin_src text
# The primary network interface
allow-hotplug eno8303
iface eno8303 inet static
address 216.37.76.55/24
gateway 216.37.76.1
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 216.37.64.2 216.37.64.3
dns-search genenetwork.org
#+end_src
** Disk Partitioning
:PROPERTIES:
:CUSTOM_ID: disk_partitioning
:END:
For this installation we are using ~/dev/sdb~ (a 1.5T ssd which is faster then the
alternative 3.6T ssd in the server).
First, we require a variety of tools to setup and partition the disk destined for Guix
installation. These could be installed on debian, however an alternative approach would be to
use Guix from debian as a package manager to temporarily provide the prerequisite tools. This
can be done using the shell spawned from the following command.
#+begin_src shell
guix shell parted btrfs-progs dosfstools
#+end_src
*** Create disk partition table and layout
#+begin_src bash
parted /dev/sda mklabel gpt
#+end_src
*** Create partitions
A simple™ partition layout is used for this installation, consisting of an EFI ESP partition,
and the remaining disk partitions for use by btrfs, where btrfs subvolumes and a swapfile
will be used.
#+begin_src bash
parted /dev/sda mkpart primary fat32 0% 512MiB
parted /dev/sda mkpart primary 512MiB 100%
#+end_src
*** Create EFI partition
#+begin_src bash
parted /dev/sda set 1 esp on
mkfs.fat -F32 /dev/sda1
#+end_src
*** Create btrfs 'pool' (file-system) and subvolumes
**** Create btrfs file-system
#+begin_src bash
mkfs.btrfs --label root /dev/sda2
#+end_src
**** Create btrfs subvolumes
First mount the btrfs top-level file-system.
#+begin_src bash
mount /dev/sda2 /mnt
#+end_src
Then create the root subvolume, and a subvolume for swapfiles.
#+begin_src bash
btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@swap
#+end_src
Unmount the top-level btrfs file-system.
#+begin_src bash
umount /mnt
#+end_src
Mount the root subvolume.
#+begin_src bash
mount -o subvol=@,compress=zstd /dev/sda2 /mnt
#+end_src
Create nested subvolumes for ~/gnu/store~ and ~/home~.
#+begin_src bash
mkdir -p /mnt/gnu
btrfs subvolume create /mnt/gnu/store
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/var
#+end_src
*** Create swap
#+begin_src bash
mkdir /mnt/swap
mount -o subvol=@swap /dev/sda2 /mnt/swap
chmod 600 /mnt/swap/swapfile
touch /mnt/swap/swapfile
chattr +C /mnt/swap/swapfile
dd if=/dev/zero of=/mnt/swap/swapfile bs=1M count=32768
mkswap /mnt/swap/swapfile
#+end_src
*** Prepare ~/mnt~ for Guix installation
Create ~/boot/efi~ directory for UEFI boot and mount the ESP partition there.
#+begin_src bash
mkdir -p /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi
#+end_src
Both root and swap are already mounted and ready due to earlier steps.
** Testing
To test the configuration in a vm before deployment, the following can be used.
#+begin_src shell
$(guix time-machine -C channels.scm -- system vm -e '(@ (guix-na config balg02) %system)') -m 2G -smp 2 -nic user,model=virtio-net-pci
#+end_src
** Manual Testing of bootstrapping Guix from a Debian VM
To correctly test this deployment, a environment that mimics bal02g should be used. The
closest to this is a VM with debian installed, with an additional virtual disk to bootstrap
guix onto. This will enable validating bootloader changes required to chainboot Guix's Grub.
This testing could be automated, but was done manually as we do not expect to have to
bootstrap a system like this often.
*** Setup Debian VM
1. Using ~qemu~, ~libvirt~, ~virtualbox~, etc.. create a VM that boots using UEFI firmware.
1. Create an additional virtual disk that will be used to bootstrap Guix onto from Debian.
This disk should be ~>20GiB~.
2. Ensure that there is a serial device attached to the VM.
2. Install Debian 12 on the VM created during step 1 (this can be a minimal server
installation, no desktop, etc..).
1. It's worth noting that for some reason debian didn't setup a efi boot
entry for some reason. Not sure why. To create one I used:
#+begin_src shell
efibootmgr --create --disk /dev/vda -p 1 -L "Debian" -l "\EFI\debian\grub64.efi"
#+end_src
After which I would have adjusted the boot order with:
#+begin_src shell
efibootmgr -o X,Y,...
#+end_src
However, in my case it was not needed as the boot order had debian first.
3. Reboot VM; further configure Debian.
1. Enable serial for debian grub
Modify ~/etc/default/grub~, adjusting ~GRUB_TERMINAL~ and ~GRUB_CMDLINE_LINUX_DEFAULT~ as
follows.
#+begin_src text
GRUB_TERMINAL="console serial"
GRUB_CMDLINE_LINUX_DEFAULT="console=tty1 console=ttyS0,115200n8"
#+end_src
2. Enable getty over serial
#+begin_src shell
systemctl enable getty@ttyS0.service
systemctl start getty@ttyS0.service
#+end_src
*** Test Bootstrapping Gnu Guix from Debian
With the Debian VM setup, we can now apply the documented bootstrapping steps.
1. [[#disk_partitioning][Disk Partitioning]], but with disks adjusted to match the testing VM.
2. [[#bootstrap_guix][Bootstrap Guix]], ensure ~<EFI-UUID>~ matches the VM efi partition used for Guix.
3. [[#manual_modifications_to_debians_grub][Manual modifications to Debian's Grub]], again ensuring ~<EFI-UUID>~ matches the VM efi
partition used for Guix.
4. Reboot
Following rebooting the VM, its expected that:
- Debian Grub boots first, has "Gnu Guix" as its default selected option, which boots Guixs'
Grub.
- Serial access works for:
- Debian and Guix Grub/s
- Debian and Guix linux console
As this testing is occurring in a VM, its worth noting things that are NOT expected to to be
testable.
- The network interfaces are not going to match what is on balg02, so its expected that the
networking service will not be able to start.
* Bootstrap Guix
:PROPERTIES:
:CUSTOM_ID: bootstrap_guix
:END:
Using Guix on debian, bootstrap the machine using the configuration in [[*Define Guix operating-system for the machine][Define Guix
operating-system for the machine]].
** Configure Guix Channels
First, fetch the most recent channel file from the target machine.
#+begin_src shell
curl -O https://git.rekahsoft.ca/rekahsoft/guix-north-america/raw/branch/master/channels.scm
#+end_src
** Create and Bootstrap System
Create a ~bootstrap.scm~ file like below, but where ~<EFI-UUID>~ is replaced with the efi
partition UUID.
#+begin_src scheme
((@ (guix-na config balg02) balg02) "<EFI-UUID>")
#+end_src
Use ~guix system init ...~ to instantiate the system, but using guix time-machine to use
pinned dependencies.
#+begin_src shell
guix time-machine -C channels.scm -- system init bootstrap.scm /mnt
#+end_src
** Post Boostrapping
After guix has been bootstrapped, its useful to do an initial ~guix pull~ using the same
channels that were used during bootstrapping.
#+begin_src shell
guix pull -C /run/current-system/channels.scm
#+end_src
To ensure your shell refers to the correct guix after its been updated, run ~hash guix~.

22
channels.scm
View File

@ -1,22 +0,0 @@
(list (channel
(name 'guix)
(url "https://git.savannah.gnu.org/git/guix.git")
(branch "master")
(commit
"5a95cf76e1d0f9fdff5b232b42337c657b76d1d4")
(introduction
(make-channel-introduction
"9edb3f66fd807b096b48283debdcddccfea34bad"
(openpgp-fingerprint
"BBB0 2DDF 2CEA F6A8 0D1D E643 A2A0 6DF2 A33A 54FA"))))
(channel
(name 'guix-north-america)
(url "https://git.rekahsoft.ca/rekahsoft/guix-north-america.git")
(branch "master")
;; (commit ;; Pin to <commit-sha> if/when required
;; "<commit-sha>")
(introduction
(make-channel-introduction
"c0979ad86fdf0b403c60d5767328cb862ecc00ef"
(openpgp-fingerprint
"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022")))))

22
news.txt
View File

@ -1,22 +0,0 @@
(channel-news
(version 0)
(entry (commit "c0979ad86fdf0b403c60d5767328cb862ecc00ef")
(title (en "guix-north-america channel with authenticated updates"))
(body
(en "guix-north-america is now a channel (which primary is used as a means to distributes configuration).
This channel takes advantage of support for authenticated updates in @command{guix pull},
which protects you from attempts to tamper with this repository and ship malicious code
instead. To ensure you only receive genuine updates from this channel, you should update your
@file{~/.config/guix/channels.scm} to include the channel introduction:
@lisp
(channel
(name 'guix-north-america)
(url \"https://git.rekahsoft.ca/rekahsoft/guix-north-america\")
(INTRODUCTION
(make-channel-introduction
\"c0979ad86fdf0b403c60d5767328cb862ecc00ef\"
(openpgp-fingerprint
\"F8D5 46F3 AF37 EF53 D1B6 48BE 7B4D EB93 212B 3022\"))))
@end lisp "))))

344
rekahsoft-212B3022.key Normal file
View File

@ -0,0 +1,344 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBE0JkwwBEADhh0exJx9tBJXEulXa7/JrfDK3hwZt42W3NDHHuJsyWdOeS9hz
AW/MQNOERHdwY/Q2H8sjtKsXyQ4BIe3O2SyjfzDHGYhYSFiihdXYhmmdka2MwNL6
glg3XEpnUKRGsTqHRQgIBAOEG9q3xJ+u8j10PcqM1eNxai88sLJ9vdwymuzpEm/d
tWhTReZB0wy5T9IHJEHhqAnvZ7sYLnkAJZQRkw7ondMrK4MnQrgVxdrZv68Vuiuz
IXwg27WAireuvw4JjpLRSwujzQnFuO2R6fW/lIQ5oomaaa649ijtrrMEZfVBO863
kv3eo7s6XM6xdDmYbbU7oXAFm0dhT1kaJTH1BBXzM1DRljwIC/qj5DqIRVKUANjN
bUb0cfg/FpvenBXQ0umSCW91TaQn4EZXvqu+2exMr7PmA9/RTI6dBNJPwTbeGqQe
TZ6IN4meFlJWNLhh04vtZzfH2DjqEOLIb5S6mVK3u/eTmv1rCRnFI14MY4PUOq4u
tKlDjw5pVxq0AY3dZXQsnfQRGkelHYHhoS7NVMCUkiOmYHVQC0i5TwsWEdTcbL7C
PvIx92qXz2XRwSwJPsEEDIz0QOIBiBiFhsHhOEZ7VpOzj2RwTV/mdGS3DjW2+vuY
Rjv9/SFB17QfUEKnSGwpDZ4QOVx54KtyHvI1L4UjLGuhgKzpoqeJOSU6yQARAQAB
tCRDb2xsaW4gRG9lcmluZyA8Y29sbGluQHJla2Foc29mdC5jYT6JAk4EEwEIADgW
IQT3vdxtu+axayxxGgJfq5k44Fv+yAUCW7ZFpgIbAwULCQgHAgYVCgkICwIEFgID
AQIeAQIXgAAKCRBfq5k44Fv+yBG4D/9vlOe5yNEeUhn+Q40nRZDtUxT6by1PHVrK
n/dwOwYxqfJxD7Wn5ba+JJ5Cqd2b09o9G9IymwROGsqftM08I+GHyzM4wA1o57JZ
Brmx/phd7HKSrZhs4Gz8bEQ+zqQyo9QmVqGu1IXwxuEGH9vdj+pbt+9+mARsL8HI
ObUaa8X18uy+DSe64ZZ6WkUa9WlkIkbcvAUi36pw6csCNJOXJpkHv109y7iRqq60
3YD3yqI8DObMjmqG4nFi3J90swqRXiygvnKV0lhE8xyRY4GhPKUwLB2q89RCLSJ6
k1JKAGJW5HV+ru+SQzNViwhbWc4N7klmi3HFaISPtfXCTlNAianHq8RjQNYR+53q
bSZAnCsq5e+ae/sgAWKzQM/8UjInOZgmstrqBzzY5ikXZZwLe6IjshKYa/8HmIxG
Wium/ZyohAIMczpWdxUYDL6fUEKVf6fZRr8te1Rlp4xBJ6xC1n3WUDxUtAzI8AqV
/vrqfOra53kHePIkMAlSf+6drO1TwzLCUNsjAVasDsOyCC+tEqEHD9C5+rXDtQVJ
XuyHIQ7b5Pzjp3ZverguIFLTF99dbiv/2sLbjZvOA5aQIrY1VgQjRINNmIUpEsXx
s989ASs1wnK9L6kQV9sWpVtmnXnQzOmrfOtScvuRmXZ5ylU6BKfZ82LYLE3zOT7N
TVyWDMoMBLQsQ29sbGluIEouIERvZXJpbmcgPGNvbGxpbi5kb2VyaW5nQGdtYWls
LmNvbT6JAjcEEwEKACEFCwkIBwMGFQoJCwgDBBYCAwECGQAFglR4YFwCngECmwMA
CgkQX6uZOOBb/shFNxAAqInmaEKDBZn92OXaxWCK0I5QmODmQ+a12teFMzL93CuU
9vO5wNl6bp1D/Im9EBIgH65tykcrwivIShBclvA5f9YT0yuUgtHV1sJpObUXGxFO
h41lJH7TalF0mcMK1udz9yVDScBTj9JWDb250mPUs6d1JS/R6fq+l0iRNY1BqEC5
Ju0G7j8e2aDL7wplu9m6T7rm2JZBREKXd78nM21Dlixbu2whTRwVI6jjLLjmBMJN
ArbvFjCpw5wPV4o5U9RrMNy6tjRgu6tfS9UVwvlLL2al5GWVqyVpPeB3C3hG/IpI
6Rtiuf81Icdw9Onri5gGfakhjXPoyg09s14ILHr5XKFau3mBedsv+vjAezdQHNYm
Rxo8tBIs3QYnLEiVfOeBRMD0tFvPmPkiwofHqR82YWp0T2je/8tRFsCneZqMpenu
Ft85BvxiRW+RMUJZBt8RWUaXW/6PpNjpmMKs1eMQVrrAuJ3ma2nEuITxB8BZUH0m
DUNijYxUH2m6LvvanjrWb6gPLUsG5w9chk6AswsJ8jKfed+hP1wlp0tBHz4vWiex
/rrCN7E2uigVo3lbagCAVQnFwbh8sPTZmZ/34x2vKG2Zpq4V3XVSVrlDsXtCEL6f
IvIGeTCZu++gC5IiBkvE6CrX/m4+76d2SuepaCaU5xhpODetUScj1xsC1kW+lJC0
L0NvbGxpbiBKLiBEb2VyaW5nIDxjb2xsaW4uZG9lcmluZ0ByZWthaHNvZnQuY2E+
iQI3BBMBCgAhBQsJCAcDBhUKCQsIAwQWAgMBAhkBBYJUeGBcAp4BApsDAAoJEF+r
mTjgW/7IPeYQAJQRsn6EXbZgz+xclh+ZoPmmMUu/+Fx2tgkIku4ekpGiApYJVWju
L1UYjhIh6Ia8RfYfzd6lyXMyWQjV7VuoNd2dms2TkM0KRrxQMjzETST1ZU4nWEFR
9KJoWD4nTZUgTLPqtUj0F4pPEzJkHaTT/kfPfAx0U5TaHe5W5dB5u8BGCmd+oX+R
AbkYDWB0dsNHfak6MMgrAPY4FxLIPAvDBjiLThIpvr9RE6GPwbNCKaXXNALuSvRG
CwcT7LapOx1VYxqMLEGHJOb+tDPRZKjgzmEOJSgji6+iXXriFMPGFY7oA0S0+zBy
rJDkUebx8sG+bZoIGOfMIOKv5B4aqWnp3/f5JGdX6Yi3ABCHVrJj2gfsoXGPEqmq
iXM0QyVS2lYQ58KJiy3kuFK3zWO+ki/6b9RRGNlS1e14PyO+bjmSH92NIdE0UQ//
KWSFSdPVVUsZqGtNykzaiMLmXsLRZKMQQU5nD3NRPhHRg78fc8VhUmHhtJGMHcnF
AAS/eTDDrRhPkVoETD8olgmKnj/ohSMDqmTq9oLv4J25UOWG3C3WPB7eFQ9+pq3o
AEg0XFM2dCzclu58GNg+7DwVs/l62+AT1RDE640RVWXi6xAhiZuylOseML4PYnM2
AWupOubfDIdrVDQNgN4yJM4qEoPQLw/d0MsBrsRQcrG+LfZRkB9OHIeNtDJSZWth
aFNvZnQgKEZvcnVtL2NoYXQgYWxpYXMpIDxyZWthaHNvZnRAZ21haWwuY29tPokC
OQQTAQIAIwUCUom5eQIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEF+r
mTjgW/7IjmQP/ibjIiC8uXoP4S1NAI0arVu1sntmenpXUQ92ao18NDyT5CMKhOsi
aN7PLO67MvIUIHL7WDIy4vknbfsDf7q1JJ5u4cOxqi4KvawPXSmgQcCvFCdbMPG9
tHvtdPRpenJeLJ1mik8OKXewqWLH3jGUhTa3WcyXBAQpOnsjr2A6EDXJQ/Sjp9Yb
+0wB2DOfZaEyrH/Exw9lgK3e5aRJwp+QrhU7JTWYxZcH8XuU7AWWiMir3xGmlVi+
Yv6SISCDnNuyrpfIGqQXdzwwqY1dnpPZjjBMcg9WmP+lygftJAs9RhD2ViduPAiv
Yu5xGP+GwsdJ4YgdnzyJhoym7HqQ3+jtFyLUU7ANfxQ2m6mezjZMyqJCrIQDn6k/
pm+SWu8PQUqByiuPzE0wNkcQrAHWhcYPq3aKIRDiV4tlIWTTUr8tkOaOGcdIqV+J
eNKyaRUEyb9ImmMV5HW0ZMhdlxOzhuKqdsk6l9kN8BJu6pedkuJOU1HKG6phdrHc
i41lJhlHe8SkIoWODoNxq84pmuPH5Ohxh3x6jghu9/cFO1s4QZUsrBGbb8WGhwbQ
Rf/OfJan2XNl3D/AeLVlxPkaslqyRRGt9FFpFOn55gQL64bOA/+zQiQB1Jmj3gQ/
lysFoGNAdFZdjgbcRvrSRdnXiSRAwJh3MlXtB6Vy1RFJ4qgKw3XoeMWbtDVDb2xs
aW4gSi4gRG9lcmluZyAoV29yayBpZGVudGl0eSkgPGNvbGxpbkBmb2N1czIxLmlv
PokCUQQwAQgAOxYhBPe93G275rFrLHEaAl+rmTjgW/7IBQJcCzbIHR0gSSBubyBs
b25nZXIgd29yayBhdCBGb2N1czIxAAoJEF+rmTjgW/7IXeYP/Ru3kjg8tesGch36
grWfwpH5hQCNTZ+6Yj2J+j8kGpZVuSmemvRrnC24m1PgHv+d40Fjs12R8ekxmmMK
9Zhsa3anUOIsFCu02CBmJRnZtJk0Kr0v8z4HkEsfXO+b2hr7eDDtqAnbnpE+PcWk
cItnzMo0gRI/wqTKKvfZKed8TFPyVP859K/k/0wI4xGeEvY5V3Jvx1K5vTsHb1+D
bsfA1GG+qY9zZ27zmfgJk6TxA30rIqgO93oVbk+DY8ycecz7q24oukwydnV9JRDp
PApYz+XVdKjIykuU5RwJ/UuPKMcRvjCaAuIh1k81Ecv/mIOFuzszoibjx/esudSY
6nPTYIqHcwLimShu+8wo7b90sWebIODXhU31JeF7tr0GC3GBXTaaAtGzMInOoKr1
EKpdm5SZpnqZ1hfCLfcKGUje1xOymH/a+kiIsSSDB64XMYZUemWRpNZ1HpL7Pl+C
rYIBqOGFkbBPtrvLhv4w0QjT5t9REMJM9p8xicqWl3eVaOzYfXhnEXUtC3w236Ul
604sGD9JiXw1F8JlclaWUd1kii3DTElIS+88nyHk6H1qqEMG9Rs1A9NeldyAnuSg
UGwqJcjCxCnT3gIhIgqZSxwlYOvcGz1NpyKdZAcQK8jAayQVy3CjkWY+pRSioRnD
f7GhGhWCJ6SY/dxi9k1fHnoYR+dC0c/fz90BEAABAQAAAAAAAAAAAAAAAP/Y/+AA
EEpGSUYAAQEBAEgASAAA//4AAyr/2wBDAAoHBwgHBgoICAgLCgoLDhgQDg0NDh0V
FhEYIx8lJCIfIiEmKzcvJik0KSEiMEExNDk7Pj4+JS5ESUM8SDc9Pjv/2wBDAQoL
Cw4NDhwQEBw7KCIoOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7
Ozs7Ozs7Ozs7Ozs7Ozv/wgARCACDAH8DAREAAhEBAxEB/8QAGgAAAgMBAQAAAAAA
AAAAAAAAAwQBAgUABv/EABgBAQEBAQEAAAAAAAAAAAAAAAABAgME/9oADAMBAAIQ
AxAAAAEfOkKRaiF0rQBWapBR4Gg2uQqK0QuGOK6y6WBisolHmlQCkq6Ihw42k1Ch
lqFRmy9iYjnXBCBWixp2GszprsddjGyitmbrLe+JblJUc6qSFLmxrITI59t7n0ds
kBKqZfTm/wBOMpizVZqQqM2aVyqudz76edaA5c5U0AzrAdOO1c4y2xqoSzrNWyxg
566+OrEMSgpKwsY/Tnt644asY0IHqXh+x+zOx2dx1tLLUIyBZFqU6ebzFMS0jqYD
wzqP8u7GesE2DleRUW1jzPXgGClgpeA01LoZ3qc+o7SXQoYYGnlevIFxq5oqSsCd
VoIOS7PLsR0vd3ZtnK9x4vtxbhmOK2Z+pxy6MHlmXY59nFuiSZOpgdORS8Vq8Laz
xxs50UvFZvTmrxn2Hm/N9OQrixBwKySqkhmNCVjPQkrkGWZrG1MnrwXstEiup0cS
RXS6+OnoufRlLErm157t5lqgiAVeCTXJFTZtcu21jRQwG58z15KWDqpYVCZrE1Wy
LJs0+e93n1aBXPlu3ISUqYpUn//EACQQAAICAgICAwADAQAAAAAAAAECAAMREgQh
EzEQIjIjM0E0/9oACAEBAAEFAj3E99hj+hmZAmmY1UInqFsxa1VGXrMBg2IVzP8A
VwZrD1F7IUzWGlWh4s8TpA+JnZR38bQQCL1B3NRnyKkN4nmaC7EVwwMsqDTtZ2Ts
uGVprF9IilDLrcSjj5iVAQ1AxuOpjcc1tTbvDL0yPUDDLWCDoVrlpadUqGzpAYWj
Rpb9GSwWpCfDcE2hAE9yvphOV/RQexcJU281lhtzraZdtrxbNHM5H/Y4ImIMCtTi
IenGyUjL+RUCWHHmbH6CpbLVyK6DbPYuO3OewFsiZikRG1gOYa9eSKhhhgYOlfcx
Lfzxk/jdlrrrcmzYYVsTMRe2f603ZmMoozLVgdtEH2xLBKOq+VyDcyjA1mINRNu/
Zr9q/wBazG9h0ALpEMf9c610sp4/SU14NQyw7BMyQd4GMUMZQ8sTYpWFnjWfmM2J
yrPLeGiXFQLsl1B+M5PuVkhFYtA7IanFiw+rGwHJte0Y5UGZk53+QcGtw4AAHRis
1UTlIQ1/T7PErxOauvIzMzMBGc/B9hyIl338iNOO288OLBVPHiEdcioPLKtDjBg9
5mfjB+PU4RIaKYTmY6vwqsck+/jEExNTO4BKh0voLAJdclK22ta2YZiH4r9zPUHv
i/pfi5itTEsYPn/P/8QAIBEAAgIDAAMAAwAAAAAAAAAAAAECERAgMBIhMUBBYf/a
AAgBAwEBPwHay/wrL50UUVyeEJZocRrlFbSWVo8xLLLxQx4W8T0ejxH/AAVkhRtY
W6VFFaSIkvvCLta2PD+8Iv8AWfBni8yfJCdDnZ5MeHyToTy3iX3pZeEia984lFZk
rJeuUNWxu9q0jo3Q3ey1hlj2/8QAHREAAgIDAQEBAAAAAAAAAAAAAREAIAIQMDEh
UP/aAAgBAgEBPwGy/AcfYnbgy55Wx2aDZi0tjZudEaEKgjWjcmOxghueA74iOOO5
gqPNq5Dhp5B50WzMfOK1lHHsFQfeWVRByNE4ArGuexBb/8QAJxAAAgEEAQQBBAMA
AAAAAAAAAAERAhAhMSASQVFhkQMwMoETIqH/2gAIAQEABj8CXSJf6eDZqUQrY4ey
Vx9kNZ4aviomDPPJgl5NpGJZ+B/ZQYdvdvBC35JvTi0U7JqNGjJ1fTcEPFSt1LaJ
RLN2Vm32JfLqWGdStVTONomv4MLhUMjd8QZqpGqtoSbxXb6fu2XbNmvJ0P8AZEa9
HUtW2N1PPazdLh0sTKEu1os/JDt1rVQ572ng48yN9kVfU7siLyezJPu8QZvVnTP4
6Pxn5MG7ZXB02zbZsgdFNTSqWSan+jXDKtpmX08NWljdvNpT4aNEwTwjsNe7Tynu
YZg6lld0YZhO/V5+ym9GGOTHDKIvu+jV37J4SyfsatS1wz8Ev4+21dtEtzy//8QA
JBAAAwACAgIDAAMBAQAAAAAAAAERITFBUWFxEIGRobHh0fH/2gAIAQEAAT8hTmOc
jpwe+Rdp9GKl0PbZoXqMhaErwibbo5K5sZp1TgVYciSz2WuG26KnGdWx2ehHGtCG
OROM0/ajKo9hWlyIsNGwf7BL5SFEbT+h6dROmUYXPs0NCHL8E5YE0oqJlxjodPZ9
A68HZa1F7Nhv8Q0P4JwgJ7w36RVqd2l8poQyOuwkxqZXYsqqNw0Scm2xVaP0YrA1
yGs+P6YoZ3hPnd7EygzzDptKWiYQrVyEKNi+HtDaROeTdD8G01KhdE49C0J0BKzk
m5FSQpGAZ9DDzbktFX7F0/h/hi8MXTmm8xowykLDAjQ2NUI3PozXCF3Cb+BT6hKV
G3Tx5GrgPtCxfkXJ1KE6Y2Tg7SDzpiZrUO122X5ZLjxyg93cL0J0EVUYfqm54uYx
yQMMxIbRttBeWJ+YVOVBm8X+BZGyjxFnheA5gUgyJ/0EdjdrsgpJJdITsRGInQmR
mOTfYaHCyL+jwJNFvYynsXgOVnoTXQlm3Z9D8MhJL9E8PQ5I4T5g0mCiZWgocKIY
mJ2xJjIcvZSv0MYWCvmyStv9JVPVVMX0NaY2kYfEY41SNgwdyFyPbzXXIUxV+WN5
1eiDpU4DrO+DtY/Q3HT0jNzdcmqvwxd616IzGVNaiaYQfWkPsvBkDostimxGeXCg
ywrrb+xK4YThykxJsSTMAryCJe+fQt8sDNI7wgMlEXgz0SXyjJXmjKj0YIMRcCv7
Kf8AgOUPoZ+iW+CdwDTEwK4PPs3BcKchrJ8IsB/WYnsJXcGOOaEQ4WZCYX+nYFHh
o/8AAVCOyN6b40aKxYNDoJOJ8NziGvfk3iXRo8jxhUzTHbRIKbFEZwM+GgfPCbZr
SuOg6FzSti1JlNo9Fch6+B30J8FoZfGlgaWmfLHz6EIMR//aAAwDAQACAAMAAAAQ
E4BVmScvNElwvCWh9jKZetyoFoACIvuwSyXebZr0l6hNvy0W12FgEQtXCWsatY5H
wQ2FpVagnq6w5h+gU12mgC9VdgXj/jGA7cCoXDptfT6G5egyr7ug9konj2VlepQA
JsgKXmCg/8QAHBEAAwADAQEBAAAAAAAAAAAAAAERECAhMUEw/9oACAEDAQE/ENW5
gh7hvKdGkibPEPMIyhvLxSioTljcagxObUYQlxxI4ycDE8LVuLQg0JHhzA1BjUmp
ejQZ8FtnSi4L90zDwjrg5FRHpSQ6d8F4VB8xbLzLWHzRq2eBSQSREJUQj1FrBogt
ifC0itGJvo3Dzp2zxMp4RBBMVfEUGsfBsdYiE38GqzBYajHrxfxFkUuD1iTetFUk
1k6yBKsUpdaU7UPWCSExHoRNEXa7EUQlWUXNwjgaIU8cxSiQ9u7mMuG7M8Iavb//
xAAdEQEBAQEBAQEBAQEAAAAAAAABABEQISAxQVEw/9oACAECAQE/EPkNgSX5wJjm
/Z3ySyzpZ8BZbxi0t4myZ04wf148VW1tF/pDxN42PD3qt4zEui3/AD6HjONLS/Uc
/ES8HvmBZC9gb7eHk/Z2i/EHklnB5oQj8t14vDxl7fi/xxOLFsMU4fvG3n6wwm35
fyffZYLJnL+RJsx+DLLJCMshl4exyJJwPM5/eBAjEmwR4nvHn09QfLxZHkp7jmWW
fCcYw9vRwvP5J42T/tGuQwzucbbbefv4FBH0oiOfjejWBn1//8QAJhABAAICAgIC
AgIDAQAAAAAAAQARITFBUWFxgZGhsdHwEMHh8f/aAAgBAQABPxCssCFdNcvUGKXK
Jg131LpvLp3EFB3CgvbCXYbqoYFIK7Wz7lNFnkSWA90yxTBUVndauAs9AcwiysvR
X+IDLx5YC3mW33LlFs67hZ4eaga0E1mUxI0KbOMTFIN3a2DYb8iYiFkvq9fmFZ8w
hlB8P3Fdrvv9f4gwgW4Cku1xVNPLUMNinJyRKVM2F+oqKC59xEMni9y73XwiqcIV
5dNm5QAzbsZhMIHNoqKJSFYwHXbKgDOKD/Ms3f8ANUfbBxkbGlRMu1NP4bhbsolh
iAJo8gMPuNOr5FAu8yH8nEDpPMPYzIBOcq34ZZkLReoJYHTNXL0+UtQABoMBBrL+
aiU17kcoZYjsjVG/W5l4iqTUohHHD4ZpRPjfJ4lLAdgrp8x76iylRaGqhG1BYDni
5UbZdXmJQDovdzCAtaQgAOJgmT8EfeMz5hfFBBioDQIvSjZslcaUU55PTKjLcdBs
iYqWrhrbvYB4bl3K0ehbprmMZCYQqO4qKXbA2oShhA8sFVl/HmE3KWiBhzeh9wgN
aYt1LpJYYg4nGmojOF2N/EaX3mjyJvwbL4X5qvqUawt9FGf98yi6M0aitTpcvUMU
7i0jRurglm4S+lUahDUYWrsl0G9bEmZIYUpxHLsalZJYdngQqSBRpE81MUDVMvUp
2tGa8a/MMHRj5I1oRvHDliQqbWXD2wS0B2aYMxS+biQlqKA8/wDkC2C6a3Mo3AlA
G/AmrNWuULULAqiZ2HN1AijPjhmAxUzaXiUAg/cOfxEWGg8Bgj+2hPb/AJiOUlu2
fEe2hqkuXmL35m64WVo/mKGlTY8HMQXa/BiELq/v5g1fqPDJ0jE8AzhOIHdSuNir
aMIWyql0ASPyDEaNrPtv1FGoHPIy5kd1RFouVxjEvFo6tco1IpDO4MUDkTFlPF4E
HBBY8KxAceLTXwJUUWc1LQB+cQwi7Y7JWlk3BwsXUbEGARgcvctSh5WLVYLpa8Sp
SpwPEwhEcG4NhU4Ytc3jUNVfa/6lndzBBXu9EFrwUQN8oxEbBeLIRECu1IAoqiFm
W5b6l6LL8cJZVKWnMoVZhohKXPKRfeHnUL00jVbmUbX1MwKx21DcUtlw5Wo08A+4
A94Fw9YOHxK0v8wYNkV2lv1ATkyHTZ8ysBSh43ERSh6hxhTXbG0S6ckLIJb3qCRp
b2TBC3q4gpks5JVQBsf1LwotbG8xaJh21AbH0hwn7jVkBo684H5jRdsUcEMkFlLj
0jQK+SZwHhdrGY2+Zumm0lNRXsf4lFAzu4WLsWr+YgFs8xEyV2TPLTCXiLgrSm0E
UnqxGwzlfqIAbQ1cANCwXxDoEabgS/RfKpmDZOsTZHy2ThaHXCO5gOyc1K8Qz0e5
ztDyznUPm5eFH3dRqCVJfMSwOI8O/M1tIlFmYF2jTyzauoNkS6WfcykSu5mX+TBs
0eI8QfxHADlMhvjZ3EKjWQmPes1Kkt1ANGogF1M4bP7jUbvTo0Jfo4xFpS+5QmRH
FM6alm7dQirs1Bh5JSAw/wCzEhyw68RCmyEPMwSpreYqm/VXU39iS1j+loCtkpWo
SiC1fc//2YkCLQQwAQgAFwUCWCk+SxAdIFVwZGF0aW5nIGltYWdlAAoJEF+rmTjg
W/7IUPsP/1umo3mcvLrTKTSXe0Wu9zdxwrfk327XZ+MecPobJN7lSHuktwFAbsHk
qt68ovl/eCu7d6jyWWXsafNdZRC6xbnleIen+N8r7FdkgEOyy2JSca0k/Q6amZ/C
BTmXsQb2dEcr8DE6OntbJFUavzDtZEZD+KjPsw1TUUjc1FWphYC02OzdQM/CWWtm
VJl1vIoxokseGl57+9a86QFfwF1iB513LDQOWFrim+ccdc3U0kMIzNj1CSMm7yJw
wSxZwjJ7D32A/SVyStAhIrcxQv29ues7hDTpMN4qMwVCzRhvbT5e+57vCkfWSqtk
eoc//3XTVLLIQjS7CCt7Rp3pQ4u+ttgh7Rp4JZVBL8UaL7CAj81zQ93w23N6YXp7
fz/2WN9pPitl/p0oRzUy3HhZkwU9XKTZxJudrMBwZSpx3UTwUcbTLD1ahrmRV0mT
mWWR7TTRxKGG27Y/EByLsEw4qmRqoKf84im0tyBctm5VlewyVM1mBYWRVjWh5PRk
TsPzVE9Tw67ulC+a+P8mXWpR1N6xFfK7h710P1DBFf/GRRbZ0XKy6/Gl8Ypy1LXX
hH6/G8ReBiLtYQmOe150VYryqjmAKfLCQK8JpEdgfw3BAfAcYHrATxeavxEpUlsW
1gopzRuGHUv7zSiWtjewD7tKnzuW5kzI/sZYNqzLmpZPT7p93IUL0dcJ1wcBEAAB
AQAAAAAAAAAAAAAAAP/Y/+AAEEpGSUYAAQEBAEgASAAA/9sAQwAbEhQXFBEbFxYX
HhwbIChCKyglJShROj0wQmBVZWRfVV1baniZgWpxkHNbXYW1hpCeo6utq2eAvMm6
pseZqKuk/9sAQwEcHh4oIyhOKytOpG5dbqSkpKSkpKSkpKSkpKSkpKSkpKSkpKSk
pKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSkpKSk/8IAEQgBGAD2AwERAAIRAQMRAf/E
ABkAAAMBAQEAAAAAAAAAAAAAAAABAgMEBf/EABgBAQEBAQEAAAAAAAAAAAAAAAAB
AgME/9oADAMBAAIQAxAAAAHmzRGoMYqJGAAOgBAAAIAAQDA6dSxZvCMBjAQDAAGA
AAAFIQBABQG+pqTm8NMAGAgGAAAAAgGAICABrUBdaJUvFTABgADAAEAiQJs0lYxI
AIa1DqhxoclAAMBgAASYjJAoAqy4pEKkVLcFbaigzeUdA4YDCgQGBnYxQDqpQYjo
BEqSlqINdZpazecKBlDAAEZHOipysmxjlKaC3GqMlQcQVWiay4AKqKABiEchJRRp
KyKhEAUk6JbETDAumly5QUDAIYUEnHWp0TXQVFKWZnPZkkEiOyAQCNdQDNxiqBgE
AwrEwrvmtooasZVgZJx1zpB2QABBdUVGEMdMACAZhWVehnWi0AyrGUBmcKc1nRDG
BIyizGABjAYDOXS5eqaosoYFDsBHEnOaJQASMosxgAdOABlVy1vnU1JB1ruAJYyY
4bIs1gADIsooyhhQMAGE3FmsuVZ3KjdrqJOQE6DQ5iLnWEAzIsoZiMoBgADm1WsB
BJZuI4aLnomt05Ek0RAMgoYznqhlRoaUogJtGxRIlk2HZhLVmg4ws0mue80BRIAM
59QGXL0RoBINRLYzNQqtUoStGKIpy815giiQEUcmorHLtHStjgEuC3LkSVUGxsTL
tZSSZyhjcIBiEAzk1FYS9MvXFlDA4FqXAqqEaGhCh0ohrkzkiABAOiOTUVEdeb2m
gwA4FiWVzqyzQSQOOikBgyqIChKkBnNqRTjrze00AAOSuWa0luhWt3IZRcjqUhCk
AQxCAZz6k2M6Ma7a0CACK8ld81qVZaWTBQkayVlEJa1m0SIAM7FoRrm9VajEBEeb
aRvK7WaEw7Ek094I5YyreXTNskQDEKpizorQYgMKxzeSzaXVaGSNCuiXze3HszrG
MjSXTNsQgAQ6mGXWiChFnn13Y3zJjZRoqKNTojSXx+/HprTjtUQ5bEIAIDR5ILHT
A59Z5869PG5s56wSi16I6TWXnPP9PnvU24dbxoAokBDMibKlZFjosWpjZnz6eljV
UkhQ2NSoDzt5y9HB2KWue9ee7zWIQDMpctTSGZ7yt5W8qWZY5dPSzqiSiyxjjE83
vxvrikRGdJbjbnquewCjJctZqyemZ1kUQFLnx6d2daqhGhYxHBrOfble8MQpQKnN
JdeetMbuOfpiOmVU5pQVcrOnqRy6dGNdEUJaGBicffjW81csQClSgClI0zctQHYC
lUoRnTstL59OmW4FYzNOTrid4jG61mtZvWRUAoFQwFKoQx2ApcuexXZpZ0Y1vjQq
s5+vLLUmVDoArUaIBgNCgnNUoAAAAApQ0zrq575u3LOxK7GAh0IxoAAABMoJVKQA
A7AKImaaIrUaFAwBAYAAgBauZzoAQAAlISgRVlWSpYDAEAGAAAAOwP/EACMQAAIC
AQQDAQEBAQAAAAAAAAABAhEQAyAwMRIhQDJBQlD/2gAIAQEAAQUC+yP3x/4F/DZZ
dP6H1ZeL2380u+exPlcuFiE/kl3hRPE8BxK2xd7q5JekRiKAo0UUeI9MekONFYXf
w6nUSK4JQHEZ/dq5Jke1wtGpHEevg1P1prFovg1GUR650a36j+abHE9og8WeSLzq
b1xt0tRXFdSG2sREhkhWWyLs1e47lyN+QihlNiQiQ0R8hPGr+oLlWKKP4l62rDgI
rHj5TfrheULb/SxyOxC3L0S4XmItjR/STEM9oUmJ2r9rDH1/nglmAkUUUUPtD9Ca
wyPRIhLDEib4XnTFtn6mirHCn4pngypDl4nmmJex9efrhn3jTFt10IWaKs8ExrL4
5d4gLbP8r1mxM97VhsvgazEW2XWp3FieFss/TTsZLC4KwhFll4nNIkrOhPNliwlS
hKmNFYXEmWWWSlSTvUJxx5HmeQhEYkuokXmuC82WWWajI/rEolYSIwIxrGs6hHCl
fPZ5EiP6WfEUBR2a0rllSaFJPhWbyxdrg1JUtybFPfY3vi/WVls1JW1trYp5ve3m
Ga2Tlhb6Kyp8DE8IW1sbt9Fs8meXyJkXl+hyb20Vi/jsjqUeSpyv573/AM+miisI
fxf/xAAjEQACAQQCAQUBAAAAAAAAAAAAARECEDBAEiAxIUFQUWCA/9oACAEDAQE/
Af5fXzlI96nC9Zb6zLeQ996sHqSTuyT+jfnTYsdZS9L3yVWTzychY6mO6qJxtjd1
jb7Scu/InPUx9ZIvyJs6vrulZYWx95JvywIaE4wNyeSEcUccsd/Aqujqm83nVgUo
kbkjWgjrO1JJJJOp/8QAIhEAAgICAgICAwAAAAAAAAAAAREAAhAwIEASMSGAUFFg
/9oACAECAQE/AfzY+gg74+hw/sa/I6YEOukuOkPWyvrFqrep4ww6qDgaOGh1gQVy
ddRy8XDTn4EwVA4mHTUQaFDSLAp+4uROLaQFsNOKyYDCHzUrVQlRmeRgttfP3DUj
I+YKrKwouksLBRigC67jj4KLtKKKLqf/xAAjEAAABAUEAwAAAAAAAAAAAAABETFA
ABAgITASQVBgYXCA/9oACAEBAAY/Avi0+pLCvD3mlKxYXKQmE3VqPAQXLLJHAzXE
TIZnJZXCLN9Vd3A4z5PTu+OAyEzB+GIuGv6OPqH/xAAkEAADAAIDAAMAAgMBAAAA
AAAAAREQISAxQTBRYXGhQIGRsf/aAAgBAQABPyH/AC0bInz3NL8Cy+i/4FxfhWU4
Ir56LbDqeCd65rCRML5HgY2K2Idj34JeoTaYkbnFZmhoWIQhCEIQmH6fWLpjFCi6
I2dHonVmCwxUoiExCEIQgxSXexs8xKSYomPt8SxZSEL4md0x4OYnQ3Y1DhEGh6R6
RYaIQghBZnNqM22MeNIggh+C30NRRs6DX0O4WZlYXxmzEJC4LEFMmI14JwE6rl4Y
ovi74uosris2DW/9nThDyhfE/wDQvtiaQiSc2bBpKu2IIIZRC+Mmj/DVT2BpX3Df
SmhulEjKMbZKhLWWe5L4W6OySyg0QZ/TPElfczFiFVE3oF2tf8wl0NuD6GuCi4b+
spLt+ErUE0MI8Ihnc2yTkv8AJB/nq+hJdm6Dt8TFn0TLhBIYYa8kAsvHUlN1Ctdo
h+Eg72w6kSg8LDyhtlLxYJTFPBCE8HThBkNv1mzRODyjuIWCEIQobqiPAXdZt0xP
7goumxvYRrA1y6R/EIQnMDbIehhdCfoggTFu0MsZdDCII+EuFgpCZ/8AQwdCanQk
NOMg1BL6ZATG7pR4I6djdyuSYLmwSTzsfCqE0L9EJsf2Au6QtIQ9aROCw8rEhYvx
hqf0PTQusUsa2GxkG0kbfyHgQosPKLCRDsOXNG3ElGnA4xUilKaCWjz0RU8woSd7
wWHwl4D8BR4vQgO2JMTys2d6xd1/o9rWDv2JTmXwAvh7D+xnoitCKD20UJddk9vs
0f8Ag7snt/oaJguS+AF9H9zDR7opCwsYhMXP0SLEm+8rl4XYnilNBwbH9jJqjViB
S8Es/lELDP0D8QWHwfQ+8GN7wZ7hoh1xRMQilK5a6LL7EI9H0IVPp8H0PsUDXi5e
LJwYpSCNFxOigbnRWJtdH2CafuGabNlwiB2qej6gsksUguSwrI8kZ0MS++MIdJja
J6ZL0zVj4pSi0sc2v5Y16CR94eaXMxDZeDW8R+H3C+hYZJWdZpDf2VvrRFwEphcQ
hONNE+jZSIhBoTfyUR9HoaLNjeITMITlSXMIbNlFKi5aptYT5lzhCcBBJBu0l2Qn
zLH/2gAMAwEAAgADAAAAEN9sp22yTSSSSSTwT32//wDtt9tsSTPkl8ASDRLbbCbZ
v9gkNxCbLJJJJKrL9+eZcJZZbZLJZKBN2p4G4BLICDG/lZZPcNeMmQAACO5G6ELv
B4E12CQSZKtxtCrTMj52m923WToiFrfIki82l9n6PpY537bKbPum39u/JY0b+vJs
5t//AL/DmSWRt6JfdzrZf/m/GEhJ/Jye/wD2UTSmhfBI1cRkyexnTAMbm+0Ib1kt
SnhBj++n1lcRhqN6f4lE21s9hSDMNRDT3CiA/olr+Wbf7QTcwcP23XiaaLSGobeO
Rr+1kgtl/wABaakfez7/AP5gmRNceABpvZJxvbMOAt4LC5BNesqkNLFcAQpr8GNv
bfqyyl/tMoFo4xJf75zSQGVkA78Y9JLajrpv6oziv/Uo5pZv99sUwIEm6XSS5LK5
txWgGAE/8R8n17hUotP8QAFSq70ZYdE0lQC7QhUnXLgATmP22rN+w+iVok4oANZ/
4gLhWXgg1ojk92fzZegBBSwobWzdMCSR0Y/LtE/bb/2SW/McCQVo3/bebZ3/xAAf
EQADAAEFAQEBAAAAAAAAAAAAAREQICEwMUBBUXH/2gAIAQMBAT8Q9b8t5V717aL3
UT9rWELD9cwuWEIQaJxvmSITTCeZC4ZwPkYuN+Nicb8ixCNcD8SXFLDbQnoaJhD8
XQamtFFaZNsPxbUPgT0fRKofBS62+F5EqbE/CnC4pS4WXoNPEhDxHilE80o/C8LW
mLG7oUH8kPs2ZBZb4nyoQxws60N8bytaFwt7lKUT4IQmt9iYnrW43vMPC8Ce8HhM
uKXKNtaFztDZhrFKXKWXwIQguZ7hZaJohB7IasWwtqca0NF2P8Dbi0QmmSmSYxCV
8DwxKGvHzBcPRZjyuhoU/RK+xNPrS2hquhuxjQ8IT4YbDDympuOhIyI66F+hI+sp
tvs2NiEGih04PsLW3FSjG0SkSKslQhMiYeEynbE3KblG4netTaR1hJ4T+A2+EaEQ
hCYpRFNtBCZSp9luoQxYbSVYwbsiXZXwpcG6QmKUumG6L+mzIVlZRMaMb6UiUc4v
0Upc1FLqhYUpSmxERhGRkYhQN1jiLzPVSl1AbFbWNlLyvH//xAAeEQADAAIDAQEB
AAAAAAAAAAAAAREQICEwMUBBUf/aAAgBAgEBPxD7EMe8ITEJrMTWE1MfVNJ2PNKP
6niE+x4QkNdNKUve8UTG9JiEIQhCfNS4pSlKXRlKXsSw+qYbL8CGPqQx9b2TG+w+
tfIb+W9CEP3FOOhfGsIg1pSnDGLvqOMPpUIjzCH0whMI4y+q6edKIQfxUfSsMez7
GLpWXsxiJ0wS6Vhn7sx4T41fHwGfu0o8LSlykQhCbrDHt4PnC6EuCEIMeyZRsuzE
x9HglxmMY+hi2nFE8NbeD5E4B45HusPajPEELEITNwvB+qKUb6XhaJKGLCelyuXB
YGqObgvUxCwmfgn/AESKYLS60dFhoUEOheDw1iV6T+Zvp94JKCy8NPwPXg017qk3
4LIC6E5H0X5E0abINlY0fp/EbL3OSLw5HSlEyIuVRI+hKuEEEtKVkZCEIn6IZcLJ
o5SG4hP0/ANNPnZM/EegQOcQIfpdKXEJiP8ADnC4g06QjXg0lj0RG0QtOThHL8Ev
6TKlC5hNYU4ZDlFIiCDCbQv4QtuIWo3/AASITSb3ExCHJWUQQJoqHB0KPBJk+aER
GgS4IJE7lj//xAAkEAEBAQACAgMBAAIDAQAAAAABABEhMRBBUWFxIIGRobHBMP/a
AAgBAQABPxCI8ESx52O7LLJLLLJP4yyCyWMQGeFmW+NbWJZYbbZhh48Nt8m2zLbb
b4ZxZZDbGS82fwT4z+dtnFrPT7hW222fD4fg7noJ3LT/AOi4azx7C5zdMs8719Wu
B4PmefRhy/cLgZ6D6j+72MYlklkz145c11IMZ8ec/gP4Yk++C5+PnucMOH3nuWZ6
JAz7jhmffMjOjmYDi9ayhf8AIwjXfX3JJPgwcQmwMRdl0s8CEP5Z2ktSef8A1PGP
gBDPfayD/wCy/TPsnXq0nPXqd4rocQmM4R0uYs2Tw428WTZidR48gQIFix5BknwP
oWz+92L+IOriX3O2MGdRwfjP9yh9rcAfJcM35/1EO/4yBzmy1Jl4kVmHhmvd18hB
B/DBTiwk1INOrNED1CdSml3BJhdMug9twPrv9gz8HN3Jyd2D11cEc54x43BusWb4
B5CyyFz4k0PbKmEKmxWBHxR8U2D5winDZfQkq+ZAca2yLjxABhIJ4pHcDCTi6RsQ
WeTrxtyA/PUO81YhxDIiDwLD3H7/AOSbwkGMWOnmyR0yx4Pd6JnTwR5PGNk8B9Rc
ZHDvfkb4EMM4kgeCw0Nsg/V1PjiWULOYPDpZEPMeSIsgTN6oHVwvSZHTGJZkR42f
FkR6s3f2SY2eEIcTy8h14fAw2xEB5sCdMLkOctisP1C6/wBop2T9usv9xsgLmOcA
/sJwjYZ8JNsfcYQ9RBJOII8TxOUXSLLIPGRx40Y+kmfyb+MMXwW/BD2HuJDET3y2
GnAdp1JU0tCZBla4v3Eju+PmCax962Eo9nzEYdt0E8S8RDZyQ8DClvk5OCyEfhuv
UoOhbZBgE7/bSYcgTXcM8BOPe3FPi9IaP5KHTvHuQXyPQ4n4R1wnc3A7uLPRYEHP
TnEzwReoc+GxPHgEOXv+ZJuA1sozleY4WSHxLi9wyIHN2g/ITB4jmI1uCDhmA/cO
9twZ2FnEObM8soGOc9YcRhPM6tE5rDM8CA5vaTjlyxqr1ZeFs98QbHhSn2mAk6Ji
cQeBZ46TYmWMdbhI4RT6yjjh+YQHbZcS7hjdfPolzGH5JDnH5y1n5C3Sn4Z5yEXq
XEdT4km/rJk4jwvjILky4u1oxYRxikY07F14JI2ivMVeR9QNeD8SZpjID/qzORu0
Y+rY7hjc0HmRp546iZr9lLeI8MeCwUYGHMNuqITLIZ33wl6LfhJ77EwEz0H1HLMe
9h7yGGfdzWR1pIY1M7zqT/FHELcX3xJYDwlSvLbb9eSeNhsGQcdw5u11/lw29Pxa
6/JMHS0wyXoZBwkCBPDpzch/sYRyD4CwXHNz1erKfXLMQJy4zyXPh8Ob0gZ1DmWJ
cVtttt6OOJFV4npnUzHYHn/ci45s19LAxhrthZjz1DCu+n5cCy92r3Gjw9Xbw3Ag
TY+o57DBcBE22Z/q5cL3EY3WFOe58EttgODJS7se28yAuk2bgcw/5SJ8XRilxyLa
cxd8c4h4yJ0mBcW4Y4fwewi5h6icfdqo8cx5uw9j3c57bj367kD3zKL8kC9CLCjm
PubthWn1I3WjbPcP1SDNunh8ktL3knMONhHHu/d+4WOU6/Zk9XbDbbi59wnglDGJ
X1xK8nckbujNgCvWQcTl/wATF/Cjy/d9a9rks71Yhl6mbYkh4DsuRhv1fqPtMDfB
LG+kGx+yVlRiQesk3SwM4PuAAQYX2XgXc9s96RAcD8+7/E9Q8LL4JcjX3S8Ty8Ed
mHoazdL23/EXSTYR1d0Wrk29EI/C4d2GPJFx7w+4TN19ytlz5PAopcQ+0p6lv7Gq
3x5v4ZaJctDA+rMo8AoHnLTrt5jnhmxLM8389QZmj5I5oJbbEvCEdbcJv+o4Oe4x
sczHbObbXclqPDbEQg6LNyOCEeGCcD/MI57lGRy1eZzUjA8H/Jc4BjqIMJ1McMH3
bnUtIeYbdQsxWfLOzbtZW5OLZ5kVV7YZHhn4llOi0+C/U468AvIcbLOfq3e2z2MP
z3fpJZpqIMEQei59BuBaEfwmWuTcHRG6o+hGmkDoNxmiETRH8lnqH6tkym5bN78H
LXpnHZGe4R6fCb+TagSA54MuYufu7Bx+/DCVJwTnJ9AQjy5n4B8wXLy2L1ab7wdH
JGfdr1YsQhM8JcnV97l2Wfa4fd9xtJPxdLT9g9kfBfo+p4Lo7m26HRK9cFmu5sJ7
bBc3MK+7As/gnEL6WNkxmD3bcOyz7L7oL7tGQbpe/mDEb9wL3AjjxkFnnP6GscQ+
cs8EWX1Z+JN+7fzcg869PuDMDXXxChWWWfweAsss8Dx//9mJAjcEEwEIACEFAlgp
PbUCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQX6uZOOBb/sguFBAAsCxc
pa2xfmEyiLHkkB33VKvlhK0orJnE2fRY57NcSeDNbAn8ii9jqXZdIrPIKPO+mgQ+
iOOAoMKSQzJ+hsiE6fYi/usUTUFGXlUsKn/9jzdKx0MK9wyzGjuhI+93r43QwAxY
xwjFWNRKaMcmk6SHf6fxb2QR+ufcdbkRcqA1sULne5phXW6qGiePDZErRFQBGhif
JfLz/EOIJA/bpOLctvIhrTqoorEv/gcrFqWX/tjumbJxWti3mGxk6HfHJ4BVeBTp
MRQ0k8LuvWRjaNQxTvqhLvbl915h4VVzJjMCWeS+IE3fcs5FCO//sNDKsAoYtl1q
FpZLrsjqBd0zji6J3uqJIuViVCIckpZKwYR/hDpDzAM32hW1eBW4CttmkjxLNrAN
8va9ML65SVN8+HOPPckXI+XteYB/YiBt8WS8OB9/lgnOG1ihZgr3tRaqESn/7g5m
OoK8Pmsh3BNlZRysJa6sm8BamX3+6e4GJmlXSaUEnw8hjMuwvda4WQaWYsAZG6S6
D/lZAFdCjljVR+3hxvBX/tT5kCLLpv50DnBkWFhmnnbpkrNgclrLTMgLMDhWuXtV
naA29iIDZ/ANlL9DcEXVZcfiolv3f8sDP8to9OwkO7SZpHnlFu+CKj+/2LkIEwnX
+xy32BpJpY4SVj+63cap2qx9iu8VosLAgFc9Ndm5AQ0EWLIy8QEIAKe8nqR+Vc0m
REmZ+ZdayDGX4Ck4LDfDSYrIvMG6ukFyB1j6dIfTZqMU3weeAYzIWdgPVo9T/mjM
xADIaUbCBElVsGpf8nMAIDBozVrfnJPz3c8/ZFTAsJ85xUkNSkvnWYdCysAxhGTx
XkyZ/haj4ucmn5FZF+mQ0rf6ae2unVVkeHZBhQXwqOJ+4Pcm+qA9KQwtzhX/PIMp
N6FWlzrhXYqR3VgxYHU+5GQ1PIcMw42ehfVBmGVOYfM84oad14W8OAGv2q/g8Bpf
+TVr3hLG3QSZ4gm2OE3UTOJW+UfwUBUPWc9rnOAYnwe8cA7sjjf3xqQnK/D5wWt0
VJhfvio4U7UAEQEAAYkDbAQYAQgAIBYhBPe93G275rFrLHEaAl+rmTjgW/7IBQJY
sjLxAhsCAUAJEF+rmTjgW/7IwHQgBBkBCAAdFiEE+NVG868371PRtki+e03rkyEr
MCIFAliyMvEACgkQe03rkyErMCI0YQf/cbuGQWoGDFrWNQiNhzMVxdr16nXxMEPE
8uk/6EQsj6/QzzqVJ+4V3ZH05gRHX+31ORtALV62e9Is48BxRUPce0CnloL8NZ2a
aeWkA5StVM0PvJQ2qCPKyqJSeYFdvNVll0WL2n4+nwo4c3zAkEXfxajyFfiKOkXf
749Uplb+HN7u5hrJTidh427C6/uZ6exyF+9cKUHk1by0MVWDfbJqoWUqXhKDAgGI
2E97IVWDxme6/vrHqE02OLvHV3MrRj/v6/By0UCt7D5AfyWP7sUi1SyFz5Gl+YC5
QB6oAS737+Np8bHGli7gD57iJNPakSBUyFI7RlsdssWDuh/GdY/A2qdgD/9Ol2E4
EhCGK2q+Qsf1tOKg1Q1FaMi2U64RV+DaVMbGgXMum44+JUii0dG93NA/gKQQTOUb
GInM0JrjIeEDPhmmmEie+NZZjLd+82PKKWbT2S2ST6+zPU8OXr1PdBFelopOQ7Kf
a6+IioY0t/U3rfO5km1GZFHPJSMThx9sSnCgx5kcpnp80bVtk+o33SzkDiwfFvpn
62nGLvGtXRXbGFjcsL09AA+m4BaRXwqvUfJv4jIE6O0dJK38oVhbYY1tNHoGbMyH
Q2mF5wvNrA53tJLRtuQlmgla57SltA59NHtwhJcG8NZ5tXAIjfZHRffhFu2RyFBc
nqofeH+nSiQmbFFKrQOt8BG9Nh+2xXIKTjmRWGpOOP/hmPOimg4/wmnfL6kKE5aJ
RYtkScpQ/sl6YPxH+ZAGpwf8XH3widqKE7Keao/XRsxv5lSlwTrGOcZvo3rZSEZt
Vryf8iDm1izMdgV1YdXHkIumaRlCxAETIZx1zE5Ed5VuMWzldQ6R/XQ8mnAtuOuX
FKrKHTCrGJD0OG/YG3OzuNtcyvpIeB2xge9bCu5QYwU2AzY1nHapWHTSfuCv2nxd
SCIeBskeRyFmC87TFd4Hk73OfYqpYLT53AkMrSCsi9guUrm4mQLDK2YyQbKfZLU9
0KHBUYnw2ko1HeMTqgwSWqHEK9Wd++a2nsfT6A==
=clJ6
-----END PGP PUBLIC KEY BLOCK-----