From 7becbea4153fac4a4ed099d44d110f388eb549f1 Mon Sep 17 00:00:00 2001 From: Petar Cubela Date: Fri, 4 Apr 2025 10:57:26 +0200 Subject: [PATCH] 20250404 --- .obsidian/workspace.json | 105 +++--- .../Schulungen/20250319-pre-meeting-prep.md | 32 +- diary/2025-03-20.md | 96 ++++++ diary/2025-03-21.md | 110 +++++++ diary/2025-03-24.md | 73 +++++ diary/2025-03-25.md | 78 +++++ diary/2025-03-26.md | 86 +++++ diary/2025-03-27.md | 95 ++++++ diary/2025-03-28.md | 71 +++++ diary/2025-03-31.md | 88 +++++ diary/2025-04-01.md | 71 +++++ diary/2025-04-02.md | 83 +++++ diary/2025-04-03.md | 94 ++++++ diary/2025-04-04.md | 100 ++++++ .../discopharma/discopharma-infra.drawio.png | Bin 0 -> 58890 bytes .../boschmann+feth/20250326-Preparation.md | 131 ++++++++ projects/bvv/bind-manual.md | 136 +++++++- .../discopharma/20250317-finishing-meeting.md | 11 - .../discopharma/20250320-manual-project.md | 300 ++++++++++++++++++ .../{ => Meetings}/20250310-Next_Steps.md | 0 .../Meetings/20250317-finishing-meeting.md | 11 + .../Meetings/20250324-meeting_in_prod.md | 12 + .../20250318-OPNsense_Migration.md | 14 +- ...s.md => overview-qumulo_and_comp-nodes.md} | 0 projects/sbx/firewall-std/std-network.md | 17 + projects/sbx/firewall-std/std-tools.md | 4 + projects/sbx/manuals/Sophos-SG_PPPoE-data.md | 19 ++ projects/ssr/202504-4architekten/notes.md | 2 + 28 files changed, 1760 insertions(+), 79 deletions(-) create mode 100644 diary/2025-03-20.md create mode 100644 diary/2025-03-21.md create mode 100644 diary/2025-03-24.md create mode 100644 diary/2025-03-25.md create mode 100644 diary/2025-03-26.md create mode 100644 diary/2025-03-27.md create mode 100644 diary/2025-03-28.md create mode 100644 diary/2025-03-31.md create mode 100644 diary/2025-04-01.md create mode 100644 diary/2025-04-02.md create mode 100644 diary/2025-04-03.md create mode 100644 diary/2025-04-04.md create mode 100644 files/discopharma/discopharma-infra.drawio.png create mode 100644 projects/boschmann+feth/20250326-Preparation.md delete mode 100644 projects/discopharma/20250317-finishing-meeting.md create mode 100644 projects/discopharma/20250320-manual-project.md rename projects/discopharma/{ => Meetings}/20250310-Next_Steps.md (100%) create mode 100644 projects/discopharma/Meetings/20250317-finishing-meeting.md create mode 100644 projects/discopharma/Meetings/20250324-meeting_in_prod.md rename projects/neosphere/qumulus/{overview-qumulus_and_comp-nodes.md => overview-qumulo_and_comp-nodes.md} (100%) create mode 100644 projects/sbx/firewall-std/std-network.md create mode 100644 projects/sbx/firewall-std/std-tools.md create mode 100644 projects/sbx/manuals/Sophos-SG_PPPoE-data.md create mode 100644 projects/ssr/202504-4architekten/notes.md diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index 6df63b1..a4b0077 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -37,7 +37,7 @@ "state": { "type": "markdown", "state": { - "file": "diary/2025-03-19.md", + "file": "diary/2025-04-04.md", "mode": "source", "source": true, "backlinks": true, @@ -52,35 +52,11 @@ } }, "icon": "lucide-file", - "title": "2025-03-19" + "title": "2025-04-04" } }, { - "id": "717fd6a524c18321", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/kwa/firewall_migration/20250317_first-meeting.md", - "mode": "source", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "20250317_first-meeting" - } - }, - { - "id": "7015f217fb3c366b", + "id": "23676dcc91a6b6e8", "type": "leaf", "state": { "type": "markdown", @@ -104,12 +80,12 @@ } }, { - "id": "1d670c55bba08a55", + "id": "175e86d27cc90624", "type": "leaf", "state": { "type": "markdown", "state": { - "file": "areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md", + "file": "projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md", "mode": "source", "source": true, "backlinks": true, @@ -124,7 +100,7 @@ } }, "icon": "lucide-file", - "title": "20250319-pre-meeting-prep" + "title": "overview-qumulo_and_comp-nodes" } } ], @@ -278,10 +254,10 @@ "state": { "type": "file-properties", "state": { - "file": "diary/2025-03-13.md" + "file": "diary/2025-04-03.md" }, "icon": "lucide-info", - "title": "File properties for 2025-03-13" + "title": "File properties for 2025-04-03" } } ], @@ -306,41 +282,42 @@ }, "active": "b865e0663684cf60", "lastOpenFiles": [ - "projects/kwa/firewall_migration/20250317_first-meeting.md", - "areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md", + "diary/2025-04-03.md", + "diary/2025-04-04.md", + "projects/sbx/sbx-lab-network.md", + "projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md", "projects/kwa/firewall_migration/20250318-OPNsense_Migration.md", - "diary/2025-03-19.md", - "areas/OPNsense/Schulungen/20250305-initial_ideas.md", - "projects/phytron/nextcloud_gitlab_after_hack.md", - "projects/neosphere/qumulus/overview-qumulus_and_comp-nodes.md", - "projects/bvv/bind-manual.md", "projects/neosphere/qumulus/20250502-storage-cluster.md", - "projects/patryk-projekt/20250319-projekt-berschreibung.md", - "projects/patryk-projekt/202503012-initial.md", - "projects/sbx/orga/todo-sbx.md", - "diary/2025-02/2025-02-27.md", - "diary/2025-02/2025-02-26.md", - "diary/2025-02/2025-02-25.md", - "diary/2025-02/2025-02-24.md", - "diary/2025-02/2025-02-21.md", - "diary/2025-02/2025-02-20.md", - "diary/2025-02/2025-02-19.md", - "diary/2025-02/2025-02-14.md", - "diary/2025-02/2025-02-13.md", - "diary/2025-02/2025-02-12.md", - "diary/2025-02/2025-02-10.md", - "diary/2025-02/2025-02-08.md", - "diary/2025-02/2025-02-07.md", - "diary/2025-02/2025-02-06.md", + "diary/2025-04-02.md", + "projects/ssr/202504-4architekten/notes.md", + "projects/sbx/manuals/Sophos-SG_PPPoE-data.md", + "projects/sbx/manuals", + "diary/2025-04-01.md", + "projects/discopharma/20250320-manual-project.md", + "projects/ssr/202504-4architekten", + "projects/discopharma/20250311-metabase-environment.md", + "projects/discopharma/Meetings/20250310-Next_Steps.md", + "projects/discopharma/20250312-metabase-deployment.md", + "diary/2025-03-31.md", + "projects/VZ/Win11-autoinstall-iso.md", + "diary/2025-03-28.md", + "projects/discopharma/reverse-proxy.md", + "projects/sbx/firewall-std/std-tools.md", + "projects/boschmann+feth/20250326-Preparation.md", + "diary/2025-03-27.md", + "projects/sbx/firewall-std/std-network.md", + "diary/2025-03-26.md", + "projects/sbx/firewall-std", + "projects/boschmann+feth", + "diary/2025-03-25.md", + "files/discopharma/discopharma-infra.drawio.png", + "files/discopharma", + "files/New folder", + "projects/discopharma/Meetings/20250317-finishing-meeting.md", + "diary/2025-03-24.md", + "projects/discopharma/Meetings", "diary/2025-04", "diary/2025-03", - "diary/2025-02", - "diary/2025-01", - "diary/2024-12", - "diary/2024-11", - "diary/2024-10", - "diary/2024-09", - "diary/2024-08", - "diary/2024-07" + "diary/2025-02" ] } \ No newline at end of file diff --git a/areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md b/areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md index bc5f7a0..54d521c 100644 --- a/areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md +++ b/areas/OPNsense/Schulungen/20250319-pre-meeting-prep.md @@ -13,4 +13,34 @@ - Firewall - Aliase, NAT und Regeln - EURE FRAGEN - (Optional) Interfaces/Schnittstellen -- (Optional) (Open)VPN \ No newline at end of file +- (Optional) (Open)VPN + +## Standard Features (OPNsense vs. Sophos) + +- DNAT corresponds to Port Forward (NAT) +- SNAT corresponds to Outbound (NAT) + +### OPNsense + +#### Nativ +- Base Setup (Routing, dhcp, dns, firewall regeln, vlans, authentizierungs server: ldap, totp, local, radius) +- VPN: IPsec, OpenVPN, Wireguard +- IDS/IPS Schutz via Suricata +- backup: lokal, central instanz, google drive. Extra: nextcloud, git, ... + +#### Extra Features + +- Web Proxy (Caching Proxy, Web Filter, Transparent Proxy, SSl inspection, managed TLS exclusion) +- Antivirus via (clamav + c-icap) + +### Sophos + +- Basis (network, dhcp, dns, firewall regeln, vlans, authentizierungs server: ldap, ad, radius, azure sso, etc.) +- VPN: IPsec, SSL VPN (OpenVPN), L2TP, PPTP +- IDS/IPS +- Web Protection +- Application Protection +- Email Protection +- Web Server Protection +- Active Threat Response +- Zero-day Protection diff --git a/diary/2025-03-20.md b/diary/2025-03-20.md new file mode 100644 index 0000000..6db074f --- /dev/null +++ b/diary/2025-03-20.md @@ -0,0 +1,96 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## DoIt + +- OPNsense Schulung Planung +- KWA Firewall Angebot: Wartungsaufgaben listen und rausschicken +- DiscoPharma: Anleitungs Dokument beginnen + +## Timestamps + +- 08:30 - 09:00: Mails checken, Rechner mehrmals neustarten +- 09:00 - 09:30: KWA: Sebastian Muehlbauer kann keine Postfaecher hinzufuegen +- 09:30 - 10:00: [x] OPNsense Schulung vorbereiten +- 10:00 - 10:30: Git Repo fuer unattended.xml abchecken +- 10:30 - 11:00: Meeting vorbereiten +- 11:00 - 12:00: [x] OPnsense Schulung +- 12:30 - 13:30: Pause +- 13:30 - 14:15: [x] Mitarbeitergespraech +- 14:15 - 14:30: Phytron - z-jira boot partition voll. alte Kernel loeschen +- 14:30 - 15:00: Ninja Remote +- 15:00 - 16:30: USB sticks vorbereitet +- 16:30 - 17:00: Ticketpflege + +## Thursday + +- 08:30 - 10:00: OPNsense Config: Caching Proxy, Transparent Proxy, sls inspection, funktioniert nicht.. + +- 10:30 - 11:30: Gespraech mit Michael und Oli zu Autoinstallation, Nachricht schreiben an DiscoPharma, + +- 12:30 - 12:45: DiscoPharma: Anleitung + +- 13:00 - 13:30: Labor OPNsense Cluster auf SG's aufraeumen +- +- 14:30 - 15:00: OPNsense Cluster mounten in Buero Rack +- 15:00 - 17:00: VZ mit Michael. ISO + +## Wednesday + +- 09:30 - 09:45: SSR: Mail schrieben: Alle user gleiche Passwoerter, Mailstore Web geht nicht + +- 10:30 - 11:00: Disco Incidence with metabase instance + +- 13:30 - 14:00: Mailstore nicht erreichbar. Dienst lief nicht. Schalte ihn wieder ein. Pruefe Web Zugang + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) +- [ ] opnsense schulung planen + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen + +- [ ] radiochemie - irgendwie http challenge automatisieren +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-21.md b/diary/2025-03-21.md new file mode 100644 index 0000000..a6ed49e --- /dev/null +++ b/diary/2025-03-21.md @@ -0,0 +1,110 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## DoIt + +- OPNsense Schulung Planung +- KWA Firewall Angebot: Wartungsaufgaben listen und rausschicken +- DiscoPharma: Anleitungs Dokument beginnen + +## Timestamps + +- 08:15 - 08:30: Tagesplanung +- 08:30 - 10:00: OPNsense Config: Caching Proxy, Transparent Proxy, sls inspection, funktioniert nicht.. +- 10:00 - 10:30: Pause +- 10:30 - 11:30: Gespraech mit Michael und Oli zu Autoinstallation, Nachricht schreiben an DiscoPharma, +- 11:30 - 12:30: Pause +- 12:30 - 12:45: DiscoPharma: Anleitung +- 12:45 - 13:00: Mailstore checken wegen Lizenzen und Postfaecher Anzahl +- 13:00 - 13:30: Labor OPNsense Cluster auf SG's aufraeumen +- 13:30 - 14:30: Erstelle generische ISO fuer Softbox zwecke - kein ninja, nichts Kunden spezifisches +- 14:30 - 15:00: OPNsense Cluster mounten in Buero Rack + +## Wednesday + +- 08:15 - 08:30: [x] Tagesplanung, Notizen strukturieren +- 08:30 - 09:30: [x] Patryk Projekt lesen +- 09:30 - 09:45: SSR: Mail schrieben: Alle user gleiche Passwoerter, Mailstore Web geht nicht +- 09:45 - 10:00: Gespraech mit Thilo zu OPNsense und deren Zukunft in Firma +- 10:00 - 10:15: [x] Patryk Projekt Korrektur lesen +- 10:30 - 11:00: Disco Incidence with metabase instance +- 11:00 - 11:15: [x] Anpassungen machen an Dokument fuer Patryk +- 11:15 - 12:30: Pause +- 12:30 - 12:45: [x] Rechner neustarten +- 12:45 - 13:30: [x] NeoSphere Uebersicht Dokument verfassen und in IT Glue hochladen +- 13:30 - 14:00: Mailstore nicht erreichbar. Dienst lief nicht. Schalte ihn wieder ein. Pruefe Web Zugang +- 14:00 - 16:00: [x] OPNsense Schulung planen; gw.test.softbox.net anpassen, VLANs setzen, Beispiel Firewall Regeln, dhcp einstellen, Query Forwarding einstellen als beispiel, plane Themen +- 16:00 - 16:30: KWA Angebot durchgehen und finalisieren +- 16:30 - 16:45: [x] Patryk Projekt lesen und korrigieren +- 16:45 - 17:00: [x]Ticketpflege + +## Tuesday + +- 08:30 - 08:45: [x] Ticketpflege +- 08:45 - 09:00: [x] Meeting mit KWA vorbereiten. XGS136 specs recherchieren +- 09:00 - 10:15: [x] Meeting mit KWA: Sophos vs. OPNsense +- 10:15 - 10:30: Pause +- 10:30 - 10:45: [x] Mailstore Lizenz bei KWA nachschauen und Angebot anfragen. Infos fuer Angebot fuer Firewall Migration einholen +- 11:00 - 11:15: [x] Juri anrufen +- 11:15 - 12:15: [x] Kalkulation erstellen fuer KWA +- 12:30 - 12:45: KWA IT-Glue sortieren +- 12:45 - 13:45: Pause +- 14:00 - 14:15: SSR IT-Glue sortieren und neue Ordner anlegen +- 14:15 - 15:15: [x] Meeting mit Oli und Thilo zu OPNsense - Wartungspauschale +- 15:15 - 15:45: [x] Gespraech mit Sebastian: OPNsense, Proxmox, PXE boot von Win11 +- 15:45 - 16:15: [x] Arbeitsnotizen ordnen und Strukturieren, Erstelle Dokumente mit allgemeinen Verbesserungsvorschlaegen fuer Sbx +- 16:15 - 16:45: [x] Lese Patryk's Projektbeschreibung +- 16:45 - 17:00: [x] Ticketpflege + + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) +- [ ] opnsense schulung planen + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] bind/named anleitung schreiben; named slave instanz aufsetzen + +- [ ] radiochemie - irgendwie http challenge automatisieren +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-24.md b/diary/2025-03-24.md new file mode 100644 index 0000000..6b16f8e --- /dev/null +++ b/diary/2025-03-24.md @@ -0,0 +1,73 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- KWA Firewall Angebot: Ruecksprache und rausschicken +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- discopharma: Anleitung + +## Timestamps + +- 09:15 - 09:45: Tagesaufgaben rausschreiben. +- 09:45 - 10:15: Ticketpflege +- 10:30 - 11:00: Meeting vorbereiten: Pruefe metabase VM: docker logs, scripts; pruefe reverse proxy VM: unattended-upgrades, reverse proxy +- 11:00 - 11:15: DiscoPharma Meeting +- 11:15 - 11:45: Privat +- 11:45 - 12:45: Pause +- 13:00 - 13:30: [x] Machraum.de bei SSR +- 13:30 - 14:30: [x] Bind manual fuer bvv +- 14:45 - 15:00: iPause +- 15:00 - 15:30: Privat +- 15:30 - 16:00: Stelle Firewall Schedule bei der radiochemie Firewall ein. Oeffne Port 80 fuer naechsten Lets Encrypt renew +- 16:00 - 16:30: Besprechung mit Marko Firewall Migration bei Boschmann und Feth zu machen. Projekt Ticket fuer Firewall anschauen, Blocker im Kalendar setzen +- 16:30 - 17:00: dns drei-v.de untersuchen. + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-25.md b/diary/2025-03-25.md new file mode 100644 index 0000000..beeb271 --- /dev/null +++ b/diary/2025-03-25.md @@ -0,0 +1,78 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- KWA Firewall Angebot: rausschicken +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- discopharma: Anleitung + +## Timestamps + +- 09:00 - 09:15: Ticketpflege, Tagesplanung +- 09:15 - 09:45: Telefonat mir Martin: Er braucht usb sticks, veranlasse courier, bereite usb sticks noch mit xml vor +- 09:45 - 11:30: Anleitung Disco +- 11:30 - 13:00: Pause +- 13:00 - 13:15: Blocherer Schule: Auf Mail von Loeffelholz antworten +- 13:15 - 13:45: Sebastian Muehlbauer: Outlook Postafaecher hinzufuegen. Kein sekretariat's Postfach +- 13:45 - 15:00: Bei Boschmann+Feth reinarbeiten. Telefonat mit Herrn Feth. Sie wissen nicht bescheid. Firewall auf Platz aufbauen +- 15:00 - 15:30: Backup download bestehender Firewall. Richte neue Firewall ein +- 15:30 - 17:00: Meeting mit Simone zu Firewall + +## Monday + +- 10:30 - 11:00: Meeting vorbereiten: Pruefe metabase VM: docker logs, scripts; pruefe reverse proxy VM: unattended-upgrades, reverse proxy +- 11:00 - 11:15: DiscoPharma Meeting + +- 15:30 - 16:00: Stelle Firewall Schedule bei der radiochemie Firewall ein. Oeffne Port 80 fuer naechsten Lets Encrypt renew +- 16:00 - 16:30: Besprechung mit Marko Firewall Migration bei Boschmann und Feth zu machen. Projekt Ticket fuer Firewall anschauen, Blocker im Kalendar setzen +- 16:30 - 17:00: dns drei-v.de untersuchen. + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-26.md b/diary/2025-03-26.md new file mode 100644 index 0000000..d0b3b7f --- /dev/null +++ b/diary/2025-03-26.md @@ -0,0 +1,86 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- boschmann firewall vorbereiten fuer migration +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- discopharma: Anleitung + +## Timestamps + +- 08:15 - 08:30: Tagesplanung, Lese Martin's Installations-Anleitung +- 08:30 - 09:00: Privat +- 09:00 - 12:00: Firewall Einrichtung: Analysiere Kunden Netzwerk erst, Temporaere Netze/Interfaces konfigurieren, Auth Server konfigurieren, WAN PPPoE eintragen, Recherchiere wegen Telefonanlage: Was zu beachten in neuer Firewall? +- 12:00 - 13:00: Pause +- 13:00 - 17:30: Firewall konfig fortfahren, TLS/SSL inspection anpassen (stunden lang), vpn einrichten, adminstrator einstellungen setzen, IPS anschalten, web proxy anschalten, dnat regel setzen, ntp config, kabel einpacken, wlan pruefen (ap kommt erst naechste woche) + +## Tuesday + +- 09:00 - 09:15: Ticketpflege, Tagesplanung +- 09:15 - 09:45: Telefonat mir Martin: Er braucht usb sticks, veranlasse courier, bereite usb sticks noch mit xml vor +- 09:45 - 11:30: Anleitung Disco +- 11:30 - 13:00: Pause +- 13:00 - 13:15: Blocherer Schule: Auf Mail von Loeffelholz antworten +- 13:15 - 13:45: Sebastian Muehlbauer: Outlook Postafaecher hinzufuegen. Kein sekretariat's Postfach +- 13:45 - 15:00: Bei Boschmann+Feth reinarbeiten. Telefonat mit Herrn Feth. Sie wissen nicht bescheid. Firewall auf Platz aufbauen +- 15:00 - 15:30: Backup download bestehender Firewall. Richte neue Firewall ein +- 15:30 - 17:00: Meeting mit Simone zu Firewall + +## Monday + +- 10:30 - 11:00: Meeting vorbereiten: Pruefe metabase VM: docker logs, scripts; pruefe reverse proxy VM: unattended-upgrades, reverse proxy +- 11:00 - 11:15: DiscoPharma Meeting + +- 15:30 - 16:00: Stelle Firewall Schedule bei der radiochemie Firewall ein. Oeffne Port 80 fuer naechsten Lets Encrypt renew +- 16:00 - 16:30: Besprechung mit Marko Firewall Migration bei Boschmann und Feth zu machen. Projekt Ticket fuer Firewall anschauen, Blocker im Kalendar setzen +- 16:30 - 17:00: dns drei-v.de untersuchen. + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-27.md b/diary/2025-03-27.md new file mode 100644 index 0000000..c3c5b58 --- /dev/null +++ b/diary/2025-03-27.md @@ -0,0 +1,95 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- boschmann firewall vorbereiten fuer migration +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- discopharma: Anleitung + +## Timestamps + +- 08:15 - 08:45: Anfahrt +- 08:45 - 09:00: Ankunft Boschmann + Feth +- 09:00 - 09:30: Planung aufschreiben und durchgehen: Todo liste, schritte, notizen +- 11:00 - 14:00: Beginn, Firewall Tausch +- 14:00 - 15:00: Pause +- 15:00 - 18:00: firewall + +## Wednesday + +- 08:15 - 08:30: Tagesplanung, Lese Martin's Installations-Anleitung +- 08:30 - 09:00: Privat +- 09:00 - 12:00: Firewall Einrichtung: Analysiere Kunden Netzwerk erst, Temporaere Netze/Interfaces konfigurieren, Auth Server konfigurieren, WAN PPPoE eintragen, Recherchiere wegen Telefonanlage: Was zu beachten in neuer Firewall? +- 12:00 - 13:00: Pause +- 13:00 - 17:30: Firewall konfig fortfahren, TLS/SSL inspection anpassen (stunden lang), vpn einrichten, adminstrator einstellungen setzen, IPS anschalten, web proxy anschalten, dnat regel setzen, ntp config, kabel einpacken, wlan pruefen (ap kommt erst naechste woche) + +## Tuesday + +- 09:00 - 09:15: Ticketpflege, Tagesplanung +- 09:15 - 09:45: Telefonat mir Martin: Er braucht usb sticks, veranlasse courier, bereite usb sticks noch mit xml vor +- 09:45 - 11:30: Anleitung Disco +- 11:30 - 13:00: Pause +- 13:00 - 13:15: Blocherer Schule: Auf Mail von Loeffelholz antworten +- 13:15 - 13:45: Sebastian Muehlbauer: Outlook Postafaecher hinzufuegen. Kein sekretariat's Postfach +- 13:45 - 15:00: Bei Boschmann+Feth reinarbeiten. Telefonat mit Herrn Feth. Sie wissen nicht bescheid. Firewall auf Platz aufbauen +- 15:00 - 15:30: Backup download bestehender Firewall. Richte neue Firewall ein +- 15:30 - 17:00: Meeting mit Simone zu Firewall + +## Monday + +- 10:30 - 11:00: Meeting vorbereiten: Pruefe metabase VM: docker logs, scripts; pruefe reverse proxy VM: unattended-upgrades, reverse proxy +- 11:00 - 11:15: DiscoPharma Meeting + +- 15:30 - 16:00: Stelle Firewall Schedule bei der radiochemie Firewall ein. Oeffne Port 80 fuer naechsten Lets Encrypt renew +- 16:00 - 16:30: Besprechung mit Marko Firewall Migration bei Boschmann und Feth zu machen. Projekt Ticket fuer Firewall anschauen, Blocker im Kalendar setzen +- 16:30 - 17:00: dns drei-v.de untersuchen. + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-28.md b/diary/2025-03-28.md new file mode 100644 index 0000000..9c5763b --- /dev/null +++ b/diary/2025-03-28.md @@ -0,0 +1,71 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- boschmann firewall vorbereiten fuer migration +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- discopharma: Anleitung + +## Timestamps + +- 08::30 - 08:45: bvv. dns cname setzen +- 09:00 - 09:30: Kabel und alte Firewall aufraeumen +- 09:30 - 10:00: Ticketpflege +- 10:00 - 10:15: Meeting mit Michael: ISO Installationsstick, Neue Ninja Features +- 10:15 - 12:00: Ticketpflege, Firewall Migration +- 12:00 - 13:00: pause +- 13:00 - 17:00: metabase stuff, gammeln + +## Tuesday + +- 13:00 - 13:15: Blocherer Schule: Auf Mail von Loeffelholz antworten + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-03-31.md b/diary/2025-03-31.md new file mode 100644 index 0000000..8d58fcc --- /dev/null +++ b/diary/2025-03-31.md @@ -0,0 +1,88 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- ssr: domain machraum.de + +## Timestamps + +- 08:45 - 09:00: Tagesaufgaben rausschreiben +- 09:00 - 09:45: [x] IT-Glue fuer Boschmann anpassen, Passwoerter setzen, alter Archivieren, Configuration befuellen, und anderes +- 10:00 - 10:30: Nina schreiben wegen wildcard bei Kwa und wegen Domaenen. Telefonat mit Nina wegen machraum.de Domain und Lizenzen bei SSR +- 10:30 - 11:15: Stunden nachtragen fuer Firewall Migration bei Boschmann, Rufus AP in Ruckus Dashboard hinzufuegen, Kunde in Ruckus anlegen, ap in ruckus suchen: nicht auffindbar +- 11:15 - 12:15: Pause +- 12:15 - 12:30: SSR NAS "active share" updaten (plugin udpaten) +- 12:30 - 12:45: disco fertig machen +- 12:45 - 13:00: Ruckus AP in Dashboard verbinden und Kunden zuweisen +- 13:00 - 13:15: Pause +- 13:15 - 14:15: Disco Dokument Korrekturlesen. Kommunikation mit Lukas und Milos +- 14:00 - 14:30: Pause +- 14:30 - 14:45: Telefonat mit Hannah wegen Problemen bei Autoinstallation +- 14:45 - 15:00: [x] Unterstuetzung Alija bei Boschmann VPN Problem +- 15:00 - 15:15: Aufregen um Mails rauszuschicken, weil M365 es nicht kann +- 15:15 - 15:30: Versuchen AP in Ruckus Dashboard hinzuzufuegen +- 15:30 - 15:45: Rauchen +- 15:45 - 16:00: Unterstuetzung Marko bei der Einrichtung des WLANs beim BuF AP +- 16:00 - 16:30: Domaene 'machraum.de' bei SSR umziehen +- 16:30 - 17:00: Ticketpflege + +## Friday + +- 08::30 - 08:45: [x] bvv. dns cname setzen +- 09:00 - 09:30: [x] Kabel und alte Firewall aufraeumen +- 09:30 - 10:00: [x] Ticketpflege +- 10:00 - 10:15: [x] Meeting mit Michael: ISO Installationsstick, Neue Ninja Features +- 10:15 - 12:00: Ticketpflege, Firewall Migration + +- 13:00 - 17:00: metabase stuff, gammeln + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-04-01.md b/diary/2025-04-01.md new file mode 100644 index 0000000..1fd266f --- /dev/null +++ b/diary/2025-04-01.md @@ -0,0 +1,71 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- ssr: domain machraum.de + +## Timestamps + +- 08:45 - 09:15: Anfahrt BuF + +- 10:00 - 10:45: Anfahrt Buero +- 10:45 - 11:15: Ticketpflege +- 11:15 - 11:30: Lachen ueber Verkabelung +- 11:30 - 12:00: Mail verfassen an BuF fuer Kabelordnung fuer Umverkabelung des Serverschranks +- 12:00 - 13:00: Burger King +- 13:00 - 13:30: DNS Eintrage fuer machraum.de wiederherstellen und Mails an Nina wegen domains +- 13:30 - 14:00: 4architekten.de homepage +- 14:00 - 14:15: Austausch mit Herrmann zu Mailstore und OPNsense Bestellungen bei KWA +- 14:15 - 14:45: Quelldateien migrieren +- 14:45 - 16:45: 4architekten homepage + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulus und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-04-02.md b/diary/2025-04-02.md new file mode 100644 index 0000000..49f69f8 --- /dev/null +++ b/diary/2025-04-02.md @@ -0,0 +1,83 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- ssr: domain machraum.de + +## Timestamps + +- 09:00 - 09:15: Mit Jan Firewalls aufraeumen +- 09:15 - 10:00: Extrahiere PPPoE Daten bei SG von GE-Planung. Schreibe entsprechende Anleitung fuer IT-Glue +- 10:00 - 10:15: rauchen +- 10:30 - 11:30: 4architekten homepage +- 11:30 - 12:30: Pause +- 12:30 - 13:00: Nina schreiben wegen opnsense +- 13:00 - 15:30: Unterstuetzung Jan bei Win Projekt: Geraete Listen erstellen: +- 15:30 - 16:30: Meeting mit Thilo und Max zu KWA M365 +- 16:30 - 17:00: Unterstuetzung von Jan Win Projekt + +## Tuesday + +- 08:45 - 09:15: Anfahrt BuF + +- 10:00 - 10:45: Anfahrt Buero +- 10:45 - 11:15: Ticketpflege +- 11:15 - 11:30: Lachen ueber Verkabelung +- 11:30 - 12:00: Mail verfassen an BuF fuer Kabelordnung fuer Umverkabelung des Serverschranks +- 12:00 - 13:00: Burger King +- 13:00 - 13:30: DNS Eintrage fuer machraum.de wiederherstellen und Mails an Nina wegen domains +- 13:30 - 14:00: 4architekten.de homepage +- 14:00 - 14:15: Austausch mit Herrmann zu Mailstore und OPNsense Bestellungen bei KWA +- 14:15 - 14:45: Quelldateien migrieren +- 14:45 - 16:45: 4architekten homepage + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-04-03.md b/diary/2025-04-03.md new file mode 100644 index 0000000..d7e28bc --- /dev/null +++ b/diary/2025-04-03.md @@ -0,0 +1,94 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- ssr: domain machraum.de +- qumulo + +## Timestamps + +- 09:15 - 09:45: Arbeit macht frei, Privaten Mail Server reinigen +- 09:45 - 10:00: Nachdenken was ich mache +- 10:00 - 11:00: Linux Server updaten. Mail Server bei SSR kaputt gemacht: Reboot waehrend Kernel update. Muss beobachtet werden in Zukunft. Initramfs fehlt fuer aktuelles Kernel +- 11:00 -12:00: 4architekten homepage +- 12:00 - 13:00: Pause +- 13:00 - 13:30: neue Mitarbeiterin anlegen +- 13:30 - 15:00: 4architekten homepage +- 15:00 - 17:00: MacBook einrichten. Teste Punkte aus KWA's Unzufriedenheitsliste + +## Wednesday + +- 09:00 - 09:15: Mit Jan Firewalls aufraeumen +- 09:15 - 10:00: Extrahiere PPPoE Daten bei SG von GE-Planung. Schreibe entsprechende Anleitung fuer IT-Glue +- 10:00 - 10:15: rauchen +- 10:30 - 11:30: 4architekten homepage +- 11:30 - 12:30: Pause +- 12:30 - 13:00: Nina schreiben wegen opnsense +- 13:00 - 15:30: Unterstuetzung Jan bei Win Projekt: Geraete Listen erstellen: +- 15:30 - 16:30: Meeting mit Thilo und Max zu KWA M365 +- 16:30 - 17:00: Unterstuetzung von Jan Win Projekt + +## Tuesday + +- 08:45 - 09:15: Anfahrt BuF + +- 10:00 - 10:45: Anfahrt Buero +- 10:45 - 11:15: Ticketpflege +- 11:15 - 11:30: Lachen ueber Verkabelung +- 11:30 - 12:00: Mail verfassen an BuF fuer Kabelordnung fuer Umverkabelung des Serverschranks + +- 13:30 - 14:00: 4architekten.de homepage +- 14:00 - 14:15: Austausch mit Herrmann zu Mailstore und OPNsense Bestellungen bei KWA +- 14:15 - 14:45: Quelldateien migrieren +- 14:45 - 16:45: 4architekten homepage + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/diary/2025-04-04.md b/diary/2025-04-04.md new file mode 100644 index 0000000..085069e --- /dev/null +++ b/diary/2025-04-04.md @@ -0,0 +1,100 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + +## Do-It + +- handout: Sophos und OPNsense +- ssr: Macbook neuanschaffung raussuchen +- ssr: domain machraum.de +- qumulo + +## Timestamps + +- 09:00 - 09:15: MacOs einrichten +- 09:15 - 09:30: KWA M365 Statusbesprechung mit Max +- 09:30 - 10:00: nc an mac einbinden, caps lock zu esc, Teste Mail verschieben in Outlook new auf Mac mit max, ninja auf test macbook installieren + +## Thursday + +- 09:15 - 09:45: Arbeit macht frei, Privaten Mail Server reinigen +- 09:45 - 10:00: Nachdenken was ich mache +- 10:00 - 11:00: Linux Server updaten. Mail Server bei SSR kaputt gemacht: Reboot waehrend Kernel update. Muss beobachtet werden in Zukunft. Initramfs fehlt fuer aktuelles Kernel +- 11:00 -12:00: 4architekten homepage +- 12:00 - 13:00: Pause +- 13:00 - 13:30: neue Mitarbeiterin anlegen +- 13:30 - 15:00: 4architekten homepage +- 15:00 - 17:00: MacBook einrichten. Teste Punkte aus KWA's Unzufriedenheitsliste + +## Wednesday + +- 09:00 - 09:15: Mit Jan Firewalls aufraeumen +- 09:15 - 10:00: Extrahiere PPPoE Daten bei SG von GE-Planung. Schreibe entsprechende Anleitung fuer IT-Glue +- 10:00 - 10:15: rauchen +- 10:30 - 11:30: 4architekten homepage +- 11:30 - 12:30: Pause +- 12:30 - 13:00: Nina schreiben wegen opnsense +- 13:00 - 15:30: Unterstuetzung Jan bei Win Projekt: Geraete Listen erstellen: +- 15:30 - 16:30: Meeting mit Thilo und Max zu KWA M365 +- 16:30 - 17:00: Unterstuetzung von Jan Win Projekt + +## Tuesday + +- 08:45 - 09:15: Anfahrt BuF + +- 10:00 - 10:45: Anfahrt Buero +- 10:45 - 11:15: Ticketpflege +- 11:15 - 11:30: Lachen ueber Verkabelung +- 11:30 - 12:00: Mail verfassen an BuF fuer Kabelordnung fuer Umverkabelung des Serverschranks + +- 13:30 - 14:00: 4architekten.de homepage +- 14:00 - 14:15: Austausch mit Herrmann zu Mailstore und OPNsense Bestellungen bei KWA +- 14:15 - 14:45: Quelldateien migrieren +- 14:45 - 16:45: 4architekten homepage + +## todo + +### General + +- [ ] handout fuer jeweils sophos und opnsense als vergleich +- [ ] aufgaben fuer wartung rausschreiben +- [ ] detailiert feature liste fuer opnsense (fuer internen nutzen und grobe baseline) + +- [ ] herr fuechsle wegen homepage (kwa/ssr) +- [ ] kwa/ssr - offene Rechungen zu MacBook Ersteinrichtungen +- [ ] neosphere - ueberblick anleitung zum qumulo und dem computing cluster + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [ ] plan for beta automatic os deployment/windows 10 to 11 upgrade + +- [ ] mailstore update ssr/kwa +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan +- [ ] sbx - disney workshop - planung + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing +- [ ] cybercns bei heilmaier + +- [ ] Fuer Synology Monitoring smtp einrichten wegen HyperBackups + +#### OPNsense + +1. check franke rieger firewall setup +2. replicate config on opncentral (IDS/IPS, OpenVPN, Web Proxy, antivirus, acme ground {needs specific manual how to setup on spot}, ...) +3. test management via opncentral +4. write manual for on-boarding + - setup wan manually + - couple to opncentral + - send generic config via opncentral + - use manual for missing specific configs + - check workings of everything + diff --git a/files/discopharma/discopharma-infra.drawio.png b/files/discopharma/discopharma-infra.drawio.png new file mode 100644 index 0000000000000000000000000000000000000000..0bff1b9feb9ac916e045ab99702ef205247fd412 GIT binary patch literal 58890 zcmeFY2|Sfw*Eb#=Wym~}dFW)Gr-)-dgoBh&oMYygXBkh(lsHL>IH4#C8B@tj12U`3 zDoF_`%JlBb(9dtUf6sG2&-4E8`~AOfAD>*;zV@~EzV`aAwZ3cZB@Sh%LrKm?zGu%K zN~Er)$(}uX8TRZUnjzf>T22hU@ddw#d`xuI_uT6^IK5{N+|XCc+}AD8!5M46M?hL* z>q`$F$a%Zo|Nfo8bA?s0=- z0#X{_8td$84}R&`+q!x{uh@B`1H_y?KzAuQF-b8=(4^ty?coMGX-i5=iAjjbDM-tR zNl8L$`EAkKpiNp#8nl_B9njv+yQYJ_$KT%D#~FOw=BMrq3_b9%MPu!^n!!|13&z9S z&fa^g3CtlSAgv`JfdCJnA88FcXSAa?+6~;eqrsv!2SkDG65W2?*>0=NQNvWyQ2JP) zhAmPzNK#$HJK(tIA4l66(=AZP8|~?2;9+Nv1q0g!ZZAkiT4rlac0pS$3JTi|j@~=- zY)=a{m^ugVe9Gp+r6e5vobBv=wny6<%GbjK>+9_K`$k(2cXuHE-*rTLdqYy*{J`x= z96YewU$@=h2|oOHJ)j2DKW!=0deYg>*J-P-g6#J4pmtq*XGf=ecahiZx0VJ-Y%i-e!SDkEl|TA3vKq!K5owgaP!Z<`)fD6e`(Es zXE;+kEjbNyX~zIhA9rgR4{IN3TaO)h`J=IZ+grXRPaof)9RNFed-!>7wR)m|Tgvw8 zfC~89?;vZd*S6Tvn4J;+c4v2QBVUU93B(=HguC~kK|Z^O^=*G!Ot{%1r4`fN-1p9X@WmbbBj30fU}Oxr=xEZEvx z!`e#}%nMEZyWN+=0+^|Lg67|3Am`-=flu8H?d|C7F6!&yDIg8m4hc`NMUai$et_}t z_4RQ3!!u8`ot?A0vaq&52_ORsmI*CjHx&OC*?+|6-%IW{MgB7mMWtl^4v64`HdnR_ zhrb~AI~>aV+u?9Wmw&SY+Rong0cgmS{XyE0zB>a`jMx^7o3ouAr0428500TR_E?mM zkMp)%e|5nA;eq#-h5jXAti1z-!d+nT@bkqwyW4C0aw8B#fSa^)23XJpE41C7!`;Ih zGVJO;fNHq@@(IAlssjV>2_exf5WMHLcc`^MU_DK*>O8gZ6jFlL5+eNDGL9b~*5p!+SlBPj#!x0d}cFf|H* z{qFt;7$}63UAT~hm@3q^8yM36cEA8DgciBW!<{hL@iTVL{yR>^#2!e|2Z9UA+anP8 z{w+@g{LZdUTSM*gJbxwNUBE#5cy6&z2j@V@KmF^(DYHXBw-sGVZd*{h1gh{C^4w|r zmoS#URP=2hw@aRXlFC2ei~p3924-W+=>LzANSVLZsBMA#1&5T}G0wXc>{sKzk3_aj z!|x=rr9GRfvx}+i;(ObCa!37k^v%Z;4I=d|p0}x|Xg7$zxnq2wUpu{kR_^Y&tNC}z z`aiJ9#P?haTWun)iN!hdE3kmdPrn2SF#&rSER?Jgkq@kh_I$;y8AyPa^@g<8P!e9?gI0cr0-&K4F8?0wM~G~^%T{t+Vo5%hL~mfh(6 z`@Vp?`Z{{sn;L^u(l5CE?v?*0uC^@ZZdUQX8z9?(^o~W_HhMd8$S(NoIGo++*=hUt zF?k@_2Z>-8c(ejNJvQlsCx`^VBN-VeX9suk_4V|D(tl6_Qo_>@gLSqA7f95foYubw zAN?~j{wc5dUk`0%cCfGw4e6cxUD)_PgmG?XhjxJjl^f&dDt=? zUG$EG^amdZbnvmK3b%(O|b_OYMDA~Ey80hS~ zIU>{@TyG7wnLmYYe;W$A*%|4N-1Ju(&dI~uIT+$vJ1JSn;_XhRVSWGkEUS-)pZ8|Q z7wq0&k{RHyA(!n764>@2@dF(V{$;=IXvW^|cPBvq1;@6_aqXN7?S|q`o3}j{B%uAF z6d_pBb{_Pvn9hG@36Na`QUr$>C=X|F(D~~G~+*E^%kd9jNb2xh0DK!j#hBd=(sn{K}92{myLn-aHojk9z*;^z1JoBKhZR zwTZo#pFMQs3>}JWlD^GLZD^s}p@W#6vyZKZrxV)S4J~E|kpcK`ToL#HXw!EY{QsiT zLrKJ43csbJkVW`SNjL9yv~+9U-J!tW5x)PQX~nNox*drAG1B;-*9w`PgTa3^<^Q=_ z@#mn($kQGQdr-T1jkd3?Cunm3r4Qhjx93*2Rl*lkMo73}M8W;PYp#CRQ6b=(|H5Q0 zs7(E0@ZD{|gP-+{0 zyKLzH<)PHyXPhN>{PS*HK;9g3M7wdZgOz^?F87I{XOyiqkVvqwL1rkcJ>Zvzs=f)%|mE)w5=<2O5tv|(_y>T z;Gc8H(87LK`ttYu<~OSLi#q)xi2p%=CAs4ncY#G}$6)LR%TC+>POxk;x_?j&wZjd6 zt2^7hC!0@qD&4joY`*|i5N`2ZT(52Do;}=qkeZ0&foDEl-=BWGZ+PR0Zyx+Rj!hPh z$YGfr)$WB?78vKY4C2ifFkeX6Pl&)zFkEh9FI{QDwIpGBSL?@uYO%sYzj$M*_j)$s+$ zFC2MIWSSC5FJJ&4e!0d^FF^$TI4Ke{F^D$$8z9;BU!%JB;rprC$>nG-HQd6rH(QS9 zmDy{LpE0O|J&W9vrWGdW8C!=|AN8!Ri);|apTRHU@}?R(qr6$lS~nLD)~`rkLTF<( z%VoYVIcU-?F5o6eHd9}Q&!WyCk)te2_zGXb5DTINU^Ov~`=~hN@a0HP`w*p{rxpT` zMp5Ttg|6PqM??D{h`I|CfsXW0TEKGIkY=ihW>T9)qC&8QP zYF(s72dSjP=qJi%6ERY=CGT>aLWWbIQPb5T!HVynYy3R6WE}Cfmgf!KlkyFrr@T3J z%>%%l=cxu{s#|@#eQdl)~XwSE&vheUY16eoy|* z^~0_5Pp^R2%9)6Ua=u?$)Im0Ru6dN?RQ3n1T5XCCK+6U(A9|x&gP-FdF}IFZ^!s%> zDOt0xGj)%UwyzAk8IV5lGN+^lRyDf^@FOYZ1l_f6$}cnVcqZ!RhD^o6SkGazX8N(O zUTTZ46yW^v)na$zyxibTC+9DHg_Z?=o?THBr63=IC8hdS=e0J7pD~f`*UKeedWpKQ zQlN_pJ)Rf0lq9!?wNp6!n9$}Y2Z#GR@ke}5TU5QFV4f25+5H&d4ry}3wR8Bp0;fft z13gEJ?jVDuw)XlRg1|)5ywElM!wa7jC-e$)p<3wpJ<*Gdhlk-pr%?xdZ;p3A76~(H zrZYc6N2dcTY<`#G_oZ7mHQc1MY`zZQ5?Uc%O_Yq>MJtnmG5v^fw`_`jojra;_?+2| z_*pp~SBlB2Y}W&-uXt z3KB6Rh84c5u(L>U?Tv7&?xH#6_sx%wQ%$X`HKvy^&40==KKQ&?K+@<=VljI>>1%c4 zed5LEQIfC|306uMDVb^$1Wq$pDGNIga~5m?=?7f_BSI1$PpcsCx^9Hct>}mSPxq@L zWEtKVd9kM~)U!I+bXux>5?6Bec}`=wE3$m@yzkGk@6Eu@Y9-Hw*0yS|!H`S(6TbK_ z)NLQKSyH~LtC|ZXQH7qSwJ+lxSYyB8{UzO#GGon`FJ}C0o$viT_mm1pMr8i^scvd9 zqs*9DMmh0Vju!1bhtqD9@vlAM{xtX@*^vngT9x_IG?{z%~fJE=jxz5kyuWs zGl?u%cBT;*k1pl0a6b?l#yld^((Y4y5m)R%ok15xyT&6lNZ`iNFxZ~^@|_PamZ(V@ zIyTV$H8y%|gER|^!~Jk$%~DZ#`{vMf@g>aD5`t5|&Zzu=0+C4QYNEMyx8nGe{sq4I z#VvG^3!v`eFpYEicuGa~mpT+Ay||^6)6>-G5IcJwiAQcUq~^vYQdl~}MOtP%%tY33 zqaX)5LX9A|kBMUFoWl6jXzT$^(v0ua=VT+l6w^GQN2_ojF|k0=XkHN5^PKc@pch*G zkwoo)00$RIaX6ECGDrOUeO8_%qSCsvY@lT>_X}Mp) zNW8@I=5AVNeLcair*z)+_6c`H7fw9?;XPJjhS??|1?hvek5JOmOPX7s5wA^n4I{}o zEkcV8^m@W-EMwCACDweO2u0@L7xC!_C6b5E;FhVZaGv(OS-76yD59C@*t$EB0=Pk9 z5h8O@8nWyBDW!2gY_IaL&_9Q?+?M5RFhj>_TchI)R7%-GC<{r| z_pHZ0Xi|?Xsqc;uI2Ut-Il4+aMu{=*d5?;*Roi`I<(3i~WW5kEg_TqwRViCyT+pPq zJ)%qL%iU~?$1s{N2ivfWu(i{DN6b23Y+6=AI_wStHFiy7PW)BOpn@vun40L|Nu?Ov zC;iOV^b&D}^z{Sgd(zpx4pbkW4>cLVJgC#Fi^;IDhwaP2!pIKL8AnTSi{V^pSYbI| zJ%-Lpox87imA~y;gtN$ASRfxwY&1c&C7GetcF5{HX+1~$RPw91qogA(q2#5J@1n4V zLq{Y@S)$1MNkxQ7iGSvBMIFdsjv~gumc)y=t3!B{OYV4j$J>mLT3evX$1QF!*uV5Scpa?~y;N3iwIxN9EHfUSS;x*gNw zMibl@*;!;P1siXa7l!PHk~j`mfoK{#bNL0eKDoNRZyQx~1&REvyz%E3&N5i@2{RDy z9mx0fNz2ze+oLj~$6x2TQ8hl*IDA=w=;EubJ(qzAokEqIddGjkba}u2xxx=dJhvj1 zC}8ZD=40tYh7t=dBM!pm$(k&<50C~L%FXuP(Vbu_!FYNb#RwSEDVo`tcHZJjsnZS% zBP|y!$Y@tdgNcw=E6m9jF`IMKFvAeif?0?N2h7zrxge3ly(u;#lNvS(yv`T6_l;1W zAYC`wC)E8Mk7s(m&o*cNMcDY+kWe(K*whaRo|lZXG9vAb%;i!1>t5!c2SyzMv08&IpYk>klBL6(N1QyxL zPc%g1<;YK!kS->_%_(Eaj^ha|oa8k;LU*R45@pQ~R}1oRw>>-lf?L;++3S1*3HkH= zYlmjF*I71c(@|In%^~M(Y1@p2>DGa3fJsG=9jA@dqhY|tc^cHVjzO4!Hb9UFGx8Dl+{M15E>~`I?QIEa4@l!5YJ85~yTJBXe5(;UH|W?_n=k)A)@W_@PDdBtn%RRP|J6;sF7 zP>PMWRdE#UKxtl+qTAUyMkpWF5O9PK4m}_-Q z;|=keHd)(}b)z5D@7BWq)cF`Ksp_aP=_7{SL6b@^BjftUAK$K^i`mUs+YR{I)ipYlG)51udv~O?~1!y@Ek=kVCc?9m! zAS(=CfHFnYVK0g*5ZJ=CgIw?1AjdC{B1dp>!K4d`jqJrUPy zd}SmFjmO0I(gZg_g3RSVJ%Hg0Xx)-ypZeGsTw#S9$$sK_lrr_^P6!Z-^1#KYz3BJ% z(&={gZLRPWY@Kf6aFX*0@!D-O`xX{23iqdAL=E@|e8LysF{I=Ru|{dW<$3!TLTbh3H&sd^@)+?Ey&82Bt^vt~=bI7f zJ0k)M(DCFxXPX~J1AJR%qkx8(Pvc;79HZ13>P?Bcq^bFkkSI2CrIn}UP0Q+c(Qge1 zmy5LLU(@gYjxTWA5zj5yHDNdn{SuPR_}162C0k!3bfpfB_ovFq@pc?f*~HpqdZ#49 zpi%b?{Lhn$d`6vH+y0GInQxj6DPJ{0vud~Xfi0vmIw+g?qw3wc+Stv{vmqAMw6R2< zBpG7j!OuuROH0WpUHhs9^3_7VqTUP_&xS-&%{_F#-(& zq4nuDUhay_ji$+On~GltbGcYogU`Y*@|}En?{V`|B0$x%Y&9O-#3Q)sG9FKw=Cfs& zB_d5|xPP=V8=sEv(VLf0ZQNWscL4DZ^7wZGYdR(#$S?2LS**8YVME-`TT+vE7=I#; z4j0m0loe98g#}}>x5Dr_>(2-8V3_^5XSWDc9qbyn+P6<%_-R|Gw&5-aTcBlNVErj! zerQDa()?MLE!0$K*i_iu{4kBVQ&ILI>ox$_5BfG8RHmr&saC_(jhx^ps2{2s7JGB~ zSoc*kWgVkU>njwmb`O_xF7KkcL%zI_OAKex)^cQN&5ziHSV)q;%sOd6|J4fGD}o8x zTOoMT0mjnP0XZfoUr$0tIPxQp+G%njC+gy?!$E?ZlRSWVGcpvPzcUzKJajww?bZU# z)W@#e2>xzVXm>O#2AbozOr#a8xq~NHdm}#U_I{5|S)vSJC8*?}xmuTNsZ*O4`LZrI zGeS~uwQhY>FO$%^C34hd7*%RhhUu~MvAbKY~RI-r27qYc-LPo^Sf;KFUbGY}cc@BD660Dd} zdrS&xeIyziefQdVSFm$_uxqc|ygq(Cf)uZscro+wW6@!Yl<nZ$&Qh8uwgg zo;1IT1%25!{!MFofJ{aZu8rh9Eh6}?AIrpW7x^SQn**kGWiCr4{n=o{(@9bMcY{-H zl_}- zNOH$s>JbPPbhbw_lPtxZ^~sdZ=2{ndG5-^LrGk=-x;rfNGjF}G3C+n%-k*+GBM?f1S_8Cp8y`(N1&+_n@06-J*O*p?O%YAv z53cbr6K9MUdi|pAPoDzsY_|}8E4AZw*Gg-ys@&iAs6$m_QoTHTYZK7*3j??2X6`NrqGo^{tvO%!;l^6q<1*7@EdipY9J!d&J= ztY%9zKIw{#XzW~j!vGC2{W;Q~$aMMvKfJF-;L*uvFO(wE>-4;Ak5>!3`JsC{6+T?? z`XqYWnm?`N{#dQnbKjteQ;F1wltho`b6BhP*h>w4t}gm_OIKtg>1fmle0dw@IL9Bf zTiVYG3C~*BBLBe9b(VW1T8vLB4}j}{YwwfSk9lGOVPHmQPj0$9xUS9 zL&Is#Nkc=guF6o0>1jV4QscGIxzA1Vy4kMYgwOU-$w5u4?l>d6lZ1q-xQX>_s;LDmgyQ?Jj!VJ-Rs8#@sR6@2G}NM&2VbUSxw|; z1_G^q3e{U}8Bdq+&}VqWNo9&9o~XU-Zc!Td=WlJ~*^`qqF<#*r(= zJQmR}+H|Vu41rLmo)Rncv+-HCig#55dE|;|16=yKsZ{MloIaBe-^e)!gmLD{SC7k& z5{dXdFZbr@@6R8j-6UGVG;M?C%TJ zOQbR9DA(WP6{a2cA}(9ib_iY@!-|k*J}bNZB_%$zPAJ*kT-r0JK`%lUmO$JPZJ=~w zABN+@`T02&m|TA(bD23j)>O@IEI8V4Zo1{Z6!|=HM<3C=BFoX#H zPy#7}{PO4YlT+)Ouulvy;!=Ko6Ws|h8$_kZa&o;8E0;UZ#uYlu(=rx5TYpIWYImHi z=#VaB+oVCA_$m(PlDiyPHV?l7q)(h|&RKFi^X%*cmw|iNYkz(e<_P|9Luq|^vf}$| z*H&Dv&PC3Ty|*uQC`=|UUz_g9pGh?}?8;R1DIfNK(}yGI4u$HPWj2vTT=Xq<&Hrdr zGCeAby>~m`({Hft($lyLDq_ko=WhI`V^2Is+wL+V;F+^0vdz6Mu; z6ES*mF=8RleSc201zX~h;|=jB+Rz5O?9@Jz(wI55SXr~GT&pn7z=MJ>S%|{?SEZCZ z1K*@?(>xt+Q&b5LuLdPkytlI%4}2ta>GbuGg{P%v#8+-zu?{gd>?P{fyENav9ph@kq)14Pe#|Rf9i>xIz0!I-no##Ff-vZu ze_h6=F2da0ce-0^KUYWz-IapS@2_+&s;*bdjfQ+RxAJUPnkmYi$~tT4T2vZCq9x{` z?`L&xhVB%>Q){A$QMiGT#DaD?@lqT)v)G-;{GO=^q3`aVckfVnXKCG~Cs0vn2^Wfw z74@I&{|XEN+!ca?Z<<}x;X^)NW~AgJxQAbAEsGz2w>T&+>GYDDBW!uxB4F5WhNSsR z_{LeF2LYuK3ZF_EF$0IJva~O-*&~emxpJ9Uhg^(lAAQzHUMd=UoqCm4=*oV2qk2Sr z2G1?x0I}EcJXFz()s=>C)w>6d6B7;j$EjLW(CwR%gowCW1&uBRxe%2q6VCd%bC?+) z{FdSMJ7pb8`amnQXKQA}PKV4le|%jr!;8aw>pMAc)iH~8zvsr+?2W_?1Di@whIfm4 z!6Lx5*dL2%qO{aG5nuHzFp=}xCa+|S1POGn}|E~G3m%`?B2W5Bw8EmYm=@ec0<84cfE$m zDdGi3X{|S-S2Cje4Jo&-D)8?fu=^CgGwT5ByWTr`s8sqvZx(%R^h0kJ6Q35fP}0>Z zX;-B=#Ww&<;Z-<`9 z^}b2(%B){GLtj8gY$x=#3=wa?dq!gEE98pH`g0#LxzLCd={wIJmgvDqvia6gx?&jw zn;s(px7rOPoS-9k$i)q1eeU?Z-bVximmmK+ZC`S=JVW(L0KA~}eQbG0tEL}ZNk?l% zjGAP*z`#ov?sA^xX;GDNka)BXmbjhor5WACH4EwOJgNY9GHJYDuF3wY%g)ip6!CPA zNbi1& zpZlRHmpPf@^ffj}Q=D&LAk13Y1&C{Xyk@ZWY$D)9O8}YEjbyzVl`hA zuPUBpVJ4LMa;Fxc14jB{-E!G#D&&&*R=f^RRO5wvK3*29wq)oxeLf6w^xjy@$5Xtd zXGH>X4+d@s~L+_li(KYW?#?Fvq~+A zS{3jkf1OHDs~#1Z&Q1{+cS2_7U@ExT4d?<=NXcs}eM&I=wgxZ~qI^;cO&UPU`$p}k z2`@$XRoP2B&)dkWlnS{#l)k!X1_Tw5C zN|XKl=WN3A(*lHXgf@n~$Ck%*ZBPfO25yx{I2}WwUZyOQuu;TbK1aE7gOxqZ>PmGI z!9|mZDY;4LWh#O2rSe7~{}OLhY#hs_J15#%ysUF9);!Lk8m=L7!!d#^jZ?;g8SIS% zv<%f4$y?q+dZ$Ljvvp3k!#qug4w(xS24!s}#!^WlHBpZ^!pExIwl6T)fHx|0R=>dLURBR|97@9?SSnu9~Oj8C;t zHUbDz{*MxF#&s3s^~p&$mJQm5nv^|<^)PVH&ow+v-pTLcB>5#7V17QIPhKuv;Jisz z4ktRAe-OV`u9ZE}v6VB!5XTYfhMk`tkWcnT^iJS#as7RL&HW^=OItY$sgEvm-!lmX zma^qULV{S0F2nW7nnPKEydxisuE`+Ja|Ra}DvU=hkH$q$%oIQA@6zGA8@YGC%X87H z-ooPAJ3WR+L@P0$DhAFdeR=e?{L}sCEgMf(+!Hmr@%m!7dyJ-Rl;jbSm+hNkX)Ww8 zn_ri@;&ieGRaYXbwC@YagYkv+D_19TFCJy< z+_+mc(w(Bi$vV(MxD!xnNed(SBAWj-vtN}{js}L3Ms}CH7lOw+*4>XZJ7;4UMNVwH zf|^U=b~}0qI~12;Q-)*Y1IgZV^T+q)539dBGbB!XVA&KWMRt6h1HWrcn}bvkf7I(WXB*%sk7u*P2OAoi zJcpKwWCg09okbdmJ&K_n7jc!+GbsM6`7Am$R9g5T7ymA%7LKcG@93AgdvnHo-ft&S zaInD_$rJc?^G3rTq6!fQYs9Vs5}GzxU>&~pZT{A^Wpcw$v}B<_7a@|03E(ecDTi1q zh+-0q){Cnr$o*#e4Iutxc=U%|g~#a8d$H|@Rhh`;I;|3#_Xsxw4pg|GGmx8!$2s88 zPd9iB=Hchc9uWM{sRk_1jn|CfC?+I%C1}VKzg|9hCXS@pBYeg3bkMuYY)ZaPA?@;` zA@r?gHi|c7eK+1+vF5Z?jvXgF{_#E|VewMqwRa)N6qr^=r|Vb)){CY6bI%e;d6tV2 zX{zvM)`)HUM^W89h{&`1%|f1rS|{DL11HEN#5NaIzQ=AD?l-pvgsjv&5U3ueJ{em{ zZxfqhy*j~MT0wB^%$mQwK9L~K>9M}_=AtHI!)@*7w}cfP1{ntB>j}}kv^20tM|uWJ zw~9XA$cfRg6*uf*ghUrx4Hu7J3v1KTdX<2BO!_5^97Q~)+t(U!s>8&2NjKH_Wz)7# zh%A!#;Bab&_gm%y6f5zh@%%A31)>R>SfjDLtV^N9w-jF;;+*(4V102ooa!h`z{(e+ zFB@xL!V5tRQ8OOHj*;gnqE=mb)rskf^h}p?vv{m!JKhj|P0`0;NL)-$^f26i5PjZU zhMR^(y0cj;K0UStM)I{q#dYfX{E+d%@+1}n>hkU9raq&Vmhfx(FPAdZe$ZC)^UI8R z?D!V`2m;}wIMMah(@A%mNk}q6?kkUTMhRfz1kz&Vhr^c}xi&erCe6uu?UhDq)kOIZ zO{O-HbrsHU+^YJdo{N}zP}Vh*>F=rUE^}y)-&^hF+Hl`%V{OUx(_m@ooUYZS`!@qb zW1?{)#!XJE(?;R(w(yojR{Dp!Xj$iDz+!lPZI^Fth*eDDR8jJ;Z!i(=6K-{Ad{61<3h5teTCZqRR!ihhjAZcpyKcKi@q)yPN8y+P#MT`1t9#~^i#B3`}V2S_(Y9wf!`#x2Jg_*C~_fr9r4GMRIGa2S)tsVd{H zBKd1wM*1Tl|9GILQ)S8O(?ZlkM%IGZ1b7}@pmfa34|hSOpH~0cHMMqnbIWe)T-8w5 ztSF+*Bmf1y8tM_33o6xho{J)$DU8gb>?}omf8H0z3^g-)f|GCs{KValr-HpV(~bLJ zGz>kt%EOOu-#oEz@~Iq*B3|lrI_AK0Tn-Dv@Oco#FcCAfU*&aX?ST%MK$YPsV$%3m zJQbYbS8U4&@K&?K-RUCmc-ZFImmS>)Hj|vMRoiE16m)8+7Z+Smb9)2MP#n!yJZ*`R zIe+Hrs4K$wJ;mE`VE^bo&``ZlIx)+j?7f*AJOBod#=l115$@r!M5RtQFxZ-dY7)YS zqX10zX~ve`5F_0TTDOi(?8)Z#GV|1rzIz=n1aH_^X*Fd*J9(#2IO}^kp&(XZiQ53A z@>5s7RO!9@=mj0W)bYYxOi&Cy8dk1f=!psGt0Hih&y))x2829N?xz?3h8mo86qtdU z!HSv%l8!gH95v5c5ZMxBNzGB^`~0ATJi>c$-8+Pr_h?{ZXrG*V2q=Y~UL7tcuX;@a z$kjr?24P$%Y(4f!6iyDCdIQ#NaV~;H%N4aG4Z6A{f$MhBps#{hM3-_{?He%S|C@Yg z+k=W$SATr<0}kNh!gKKfz=Vr0$i3FxyPvAJc4fBE@Ve5wuAXr5wbiekey^SLryqUo z=mDv`VH++ei3du8eZRkQbS-UW68>LVduI0@kN`8ZiHhqAXL{;k8Fs z=QKEi-lizcH_`W1y1g+ET$~-Y1j(rWl`l`YECs%gob|Zw*+5nUQUp*YYC6r*9pZs9 zAa5}Ys7xuz+qajD`o$i8$_ZbavHr#sfAUO_R={Xz!0My%#`CTTqLnX8(2eCSY_3g9 z*&zE>GvC5)d&8$oi`jYdf;K)8D_3}k zh+w~Uc<5>Grve{e-Z)2fFcH z>lZ-0=KA5~jZ#@2QNG`5kb8`g5`t53o=)-6CdWJ}~- zPr}@kc0oOZMC-=ekZiDo>I9=QHY3+-%sDGCTx@aX3+Ll1n`PG_#tpRA8r zOO)<-2{KYEfqRV_=_1<{rZRnen;B0w5ffMCx4@bKD`uxi=2QuGdi1M{;)y(3t;NSln_dyM)*C=LX1q-x*PtL^r@rhkolT6^Q&IF90twq_K=N%K6r7eO!20M ziULUwm%;ib2FWqvKocG)aGtBakl|i)n5xncMud0;GX6v(hpzjYh&cHJqY%t|7obNt z>n1>T!sq9}{@#fO+F4PQHwDiAQT;&u7tA?_GTQD%t{FBb28+{=w^DZim|m(jY}O;pr<5 zUJ>8{@SuAU77GA+7pT6|1SMe|);s~x)}POMhtwHeOdgK}Oi%xgTyY=Qd7_RY& zega#{53L#PAxx|_dT75VRA~^20dvFUjF&)pn+@?P0HC+r@Phr31OlCG#UZCo<*$kB zt5d43?_XS10^y}C0uf3|K0L2NK8&s>>?6Uw1(9)_D-uANb|*Qu*5VH?0GA zAH2U-DuEyz%ThiCSB%=*fgixfS6AA6CI<+GxF2s};A=gK!AHxx+8D#g!4 z1*%ZZgc5Rp!vV)(x`X zY!vAr{^w^BK}OG1jfPojoTusou4-aR>K?Gi=8uEF#f#F*OenFj8BJ80wau7`Am%~T zcLx~OYx2|_rMfF8x;ONc5GF-(n_(M44LB?k+*db9VUnpKqecR(rPU4Ke=Xj)KXem; z&jOPoR`DI-6>%`kg>a*iXI1JC~GNBHvi`HG((3tit`KG_du zJR=UTmLq%Cq7Z0$aQdBk>+}jRo5$+JjKcOq7X%pq zg#{W0pZ71i>LT|}rk3()C&mt^(IF7>q!d;;{pPk86e@}5JpsdLmZXCjetrC8?XyRz z?B2pg;Nm9IDXfy0SNbhIF4zjuh!+;!*9!?Ay{Ugi!Cn+GxElW8U0M&wEffKkAzTXx zT=s?GEJNk_ra(bba&SHxAJcNF+K_P}z9N~BPLF{b;upn{mij+S^GXrsk1X5FeX7sf z;QeqHzp>*TraUi-gFvO=AaNz?c!xz$9smX-U~0V7h{%VuX)p{|35!jnF09$Y^)92w z?5pLn`a{p@BfEu*O4JXAgaGT&LL6mqbcwF~F)(v2w;iXyzSN-Z1FZC0{eG?{Nycgs zFKTrnX5o9PYl}S{?cFiztAzNz8a+0)2j)CNwW;Md^Lhl(0%-aPkOV^g06Q%dPN}jNSVD5h zVG|`BH`KuLAnMO9SLP+~UpUszEKJf*9@U)6EtCbPqy9OhLU(w%fc9aRX}16#<M*$0hGLdBb!OLVqHs7H`@{xC112Gry?5E6!?_Wj(EAimb!pM- zLjv79S6!v5tD!6YVEP4Udd`_KV~8&(0*ne-k7108FT+TBoR~F9m?)lIKID$tc8P*1>VRI6tIDJ%&r{*vnzv@q)ycY9tW~8(*};|8B_Vq{GNCm z?^U*&we<3ETmd~g#Z^t#>_MqvCashn2e0!HWa_6dRhZL5^#J`Ry0fD&Q0Iutk;zX3 zpD}}E6Nfx~a_+Lp*uolb~4x25#Fd$$cGW)4JXbkMyWliw$_!ET(S}bniczMb&dgdWnbWGKf_LVo! z*-z@=1@}uLTJmR8D0*L@=4Lawk2)aLoeuI%M;|<0_{^q48Ae|a1lAS5QgK`49dXIXe(+aoUBRE$K-FR-8!wQGc7hwic(HjMu0uGTST6Mc_3$FPGeS3Nm;DtF=_lEE+%50PkV|BZe~}mo}@6F96N}&mCyQ z`0XJp*+-(x#fH>`kvEan8^mzLPfKymhL^(57|S%dH0 z3(kxa3#pWYLWj`^|9nkz5htA3tU+VWAh`$~%)JLxO`^I}@NLA+qY3&oLRR2J_#?ts z;T`tJqgqZR#OMni%WjrWT10}`gw;Ggq*S6(?Ib$fZ2uib39XxH+sYuv!cD1s%QtAG%EEN|GJjMENmcpLVxme1d{i_c^>$ zlsQHG7!REj!@%T5wVM6+$aI3zQk8LNg0$OX_z#Pf$Of-YhFS^0&$yC%*K)@~8-tC=yn6Dy># z=hSV!PvfO1roSENCxf->BSKbBbaV2|;#`KI{9ZF;C_-+{c0mcFFt7s+;#y~5cdSr# zxK2&XU2f^)6Z>RkDc~mECRG!yU4BoJeO-j;k9!9lK^{W#Qhq*+e;@5Jm#L9+3{`D> zI&FY=83Vv-1vK-m-m`(t3QK9AN-}%Th>lq7#qpjx0aN1@DN*2W!0`rLy->s8sv9gF zf6->|CHHFW(>!s^%_`Xs? zqa>?>ArCl!T8ev6Wy{ZEG2r)qHgc^KKrEgRKJ^A}74Td3q%2&-@GK~g@?HNiH8Xym zE2*^tq|c{8bxSa3b^a`s|W-rVYgCWKs&3V={fg`ZZF$g@o+F zh9_RRA6dv~7{=Z3XWZ}bg^vOUh6Hdj;9Ver;Pf&Cx&cYwGRM|?TA2%6zAq7_EQ1ai zZsp*tbNYh(NNjVnz!fVx%l)$tzZ|{p)1i3nNWi^)lxz&vPhPte_IV5)379=-$@G25 z$H)yN=SoqEGeu=GF1<^V4?tGuiRS}037ZHgIw-wq%~tF$Iuu zsrc4^w^&1drxw7{6~ty;fRx+%eQGyXM9J$gRu>7fvKy<5$mWyWduW(C zWx7SPtD0W;`4v>EXmwv~Pyrq&ekmf)G1uiylZWq>C|5HFq1W#(j;N%oeFKqa!Mg1C z1HgwrgIop^A|>fYU0>XVqwE_XQ=xX!I@AxVGB)Gq=clytsjM&Gh)cBWg;Wg)?QE9{ z&O8pj9eNhO?37|24Wc5EO5Ot;N;0(@ASR2ml^z`GiJ|7YM;+YLbO|(?FSOa+7!s1o-<$}JH%EfNn}Y*{;vgBmvgbQ> z!-ONS{%`lySc?idRhbl6BU%pizJ0=!`{B_T zzW`Wsvlqjn*Ua6jmikwq zO!BFti)2LC<48)Q(aBLOWvmNNb_Y;4WyYZlfK}Ob1%$@KtiZTHuzHlpg0IKYb(5Zr$PdNB69eo7_aLw!X7q~*Dps^>WzMxFd zlg4LhLCID@l8&?(OnOw4Nx?^fP(5h7^Npq#6(mCMdxfj%FJRe4C`4|7fsYw5b1f~m ze7}A@K?OkDG2^5voFw?vM)^48)|`;gTogkvlYE+mFh3DtTH8`5khAe9H};PRNQR6s zJCUB`YW2}9H++qfBx( z2#=ekDnRXA{A`{q5>Id&^x`=D!x)H=fX8UWzy!tm)Ou;dNr%&5RX27w&?qOOw@M8d zgjHGyikXv#I{km;+RyMFS3tjMY8oODQ2;d&Ylzxw_+?+?&VZBE>t5A%dpU!N?aOB9Xf!v_A7G za}954zwy?5eU5S_<08)+u1zkRUvPKCySwR`0+z6elZjbQCCoePW zi>9TVu4CBeocj1UUmyO|Hd&E4vs+JQFm!pATR3Lz!fS6(6>a4HNr`4 zkWfbf^z;Tr;!OleV6oWd@%sHS?XU`Bh^3`ZUWQ-_ez_e_QV{-BT%3B!ZM6yfZD!sP zOM&fZ`*9`v2NyP0_*Yc<>b8&S<^|xP>H+D<7euo4dF(qJP^0K-g!l&5sl9vWW`|lt zlty6;i!SnM?OCWNIgq78!=it&5Jt=O(#J2GVaWdx+tFKQ-LOKhNA+1!^p>1Zv`%V} z*(Bsw#bE2h$$jW+lzgZ6Hg3umMppy^Rgaqmwjim z2o4EzCtV_m@ZY1Dtmt>pEiTccrXI24SlZX7sS1wk7+BH4MJL6%_9<++N*a=Lu4so$6EFp zI=szX-LK$l$i@ikhvtrzT;wdq+L9HYQA=s)mj-G8HNgN1G#v%2gU%`Z{YX>nC24qd z`wg!7ALobSq?Xb@OXBkj{%I7bYL;lXiw_dWS71G|ijBGTjxUPM{%|-J_C)pOgZ{&R zBdkF13rMP#^eCxs00%0pY~UO1ZG&0Qd~I^`mNW>{5f)yLWOALQ=~3%HKZ#+UFJ@I~ zG8ykluqOccS*aks0*rJKD9!7SKC}-p0MfslBN#}{|9C@T5JPL*kBW0o zbSBje*Cb!v*Hx@!Te|Ls1Yff8K`pvNq*+5C2DPad)- z3#{LT16WcJNW4Fhp8=fP%=>Op43A%MZgVvIN&$2Or`1h$^z^>CX9~V;Rrh-fGII?; zlYp5oyte(-u%8u-PiZl0SO|JYdM`EqM?9!VQVNk?!Q>AxV2~mVUtqaWCZ+X2FIgI1 z&6uRZH%bDPeL%Ye&$8&$3 zH8>x|O8gnlb)g*jC-o!TVz7}nGx1;C%wDt?C1^PWtdJF}Y(;fnD6rqV5$U=4i zo9?R{NDub>KvO_#kIyy}WZa&oJE!`Gi!Hl=H#WPG5b1gH`%gWl{7@UVFA|*38>kwz zS>QPAW9+>*=67`ZxQe(c-WY6o*h-!<;}i)`FaVI@Z>tT~k7|$J%gA6Uayr_nir-Kh zEhBOZF4A2r%lwRgFErso$cGEn5!Z|eLD(})dmI1TR-iru_5E2VY8`PTf(`hpD)YIq zIE39qh^d>~ELlWL(DmU6Mbg+mXym3V^A!&_uk zF{kR=)E0&w{VhtcPdd?&2>e^m`W=b}k8%| z%8^W=cVEH$dS~3u6)Gj>?Em`0^C*q>E$F1b2@GcP`LRBbDEdq02l=!ADgqeTLzAoJ zUZWdw_f#M*EY+liLVHp1n`BkjbLoAUl107S3yo5j0E$4rZ|PDUkQ5Wo?KkN{W4V%TAm!iRDrs8;l7v`FPDHg#Z$07{ z?CSxlYwifZ;UU$s>p&ny+-bF&C{~LtzFfP?^}XCy#?<&O^dHYY85PUMgHJzmAf>kA z)ZVBv-&efIm=#VI=MTfv`YKqm(v;LF{pYJjkbHy9Y`5w4Q?V%b7}fjYn^wizv-nrT6>7ptagJ&=umdkL`V-IBw$yIaFA^Y2yeBz!KP zD*gslF~Z^R0NWQ@G4~_4&CtYl8SoV?-evWi-DQ`_o?(P)c;}IM zKr*_ybkmFxtt5X89;GQYviDg{3va}!FbfVz#Fh`45!ld_>zDUT^}a!#ShCl~Gr&bj z$lIq-2_F9l#VBAAN^SqSZjN>a54;P9aP%3A_Ob|V(;99%vJ5zq=_`bS zwwLSpRL3tE?`1|4bIWc8@2T63Uo47roQ8?ruqkKc`sIBAwosw&o{Tg(loj!GMa4`7jXvv_L-uljdh*{B^OuHUl1SI(6M zh#ZI4`lPSX?B!m*E;yo_Dz^^tJHFHYAgNQ!t?&U$fr)d*nUOPWJ1x1$$=B)#+ZLmv zGHN#w-e;k$gdK{&>y4l?ctM){?Gv$>T@ib4#EUl%5bQZ%uUt|^0FJV+2xvXxeo%;> z^V~=-t4V9Q0R+ZRpJZ!BMP9$#1`W9HWEx`mf^X-#{T={-^b(ZwJG*cK>L-OABINUJ zfI-{s!mbcQr~g2&X4We6SxABMlDNhYm>Cb0;RxJpH)}G<5tH#POD5lKw!Pix%=aif zw(^UFRq_Y|vBtueSVe-9dc_*v5^EzrtrL2W1CnCJZ9}f`>CSs1iEsNAdc(fqCdY=B z2v>V}KRs=KUO;x}!$NX?^}5}+~5Il$)_tktKb#xWgD%NhHt2 zj`zs!3uxKyfFfi9Fpf?D7-b8fC^PuavS_dwQoUHsBvD7=m z2&;*T`zYxcm@(5%7-kYg*0Cmv8HtIG?+94xMv8taoc)3EjT>GNN3y_xS6w5J9b5+X ze@lLTzOFs{pbdS8C0zqBslV!0Z^53}2V|D5;6yeJ-&X*PQF5(4pL>4aqwp7s8b6vX zYTNFQhOcMj*mDRLS8I*Vpb1D6XbC1a7ij@K+>n!;_U&iQ)b$Rbd512UKKOYs%I6^9 z0cokTbVt<8$t}0tZ-+KB42?nM_v>{eY=K15A70k3I43pKF{{I$ZCI0aFP$SL>5O!R z-?XvVL2;vA$wq$?_1&MuY7{p*)5jVIoD$%j7n>?EoqBS`DS#sq@{EC_AyzP)oI(YH z$<6Y#SKd-=5+Y?*$d9(-)NCqzT3oUef~n2dwp8(+z1B1hDTHv|GJv=s+u=E$RSu49aD z(We^%zS$e#iH_=3S_!!N0H`9e{>_9{{FoN#&F{7~bb?ZO9Q0L-0KNU_6==Z=vxonx z(638baO|Vk`+DQ*Yor2Z>HrC-?>;kNo}Rt^)v#f0-~&>DMGJZnXT&-+z_ujaxrMv| z@&4NA|DV2r;l~xGrNX0Jnd`=VMth%wppIJIC}(ERp|b}oEyRC$JxNN_C}R|dR!Hzw zW0u2CZUY>O7~G7xo#CwAKA;p--EMC$hRAz1>unsdTK!9Hlrk4r+=20`&nvM@q*Usn z-To1aw1tvq4c7dz%rOkQI1<0?rjd>p5bO^l7mPph;kT?vFJL{U9@xNXF}fT=lh-#z ze=K{f zt-X6Hs=>|cqqYHUmvIF2L_vd4i=*WZ$GI7Rjyt6l0N}v}MEQ)TZxR}2t!P>J$gQ&+ z6&3)y`IlAuy(sJPrQ3f((bW73UWX&Ghw{Gw$Aoq|U-)d^iMCP}s7}1VDfixlEp`&b z(jW+jCcMy+UHDZKqg}1AF%#{mY3G0!@Dm#$K6qw#lE$BcB{+znYK&Rd7MyFWfc{8* z#6Ck_lfKr*6kTyY+?J^1ZS_ha ztzO2%t_Q7s?<@rUyt(#2#qz2cn$VDvBf{Qqe+v5K{o{dryif&JR`0`^YVT+qWUO2C z+7DF~xOO1oAtK40cvh$G;H9|?=R@@w#eJ%7-U4VUdpF-9g85$mi3P$bnrNC^hm z*R60>rwcpB`ob1SyhNSAtV7Gp|n(07Yuf- z0C4i%6|$~aKVP;tB?8*VmSAB7FNVvF3=V+EHaZjwwr+ z{<$z0wb5%R-L}VSZD&ZbzdOws!|%*!I}veqBvb0`-wiG9X*NfqZlSoIuru8J0k4n^ z|3k7q4<;h>w_{;$ES#g(9bw;<|A+>*>Zx({Ce9x9R@Y%agZOBHVmRd9+MRS zm{+LO&WFv8y)g8^B#6v%`@byru3Awd z4^NP8oq(`h?smB7_^(7wh=niRc_o;#7Zw5VyE;w$9>C4WMzFhwl6{$Zs!3{eG%L4G znE@?~qfj=SbSzrnpo^jyPd)t4iKrQOG9u56KPovO4T8RRdtY7eVot$aHd+*`q$um$ zst#UVri9)`8^QJZjdTZkUAnbX21?HL@QoZlCT7VJEfzi|ZL=KQEZz+KAzBLVa7h&V z8Ls%P2B^Dm_-)9SVTqrI5s@L6LsvaqiL^84dt~SZHLf*f8Wz|N!E44AEzmj##$N15 z1IzTp_vtj>n9)}}+`@nP^CMI3jJC~QUv_o|Q3R`+rbmy697?tJ{B<7#RD?^#)yLz~ zKfApc=F%k(%(^u>DbQ~ne+_;X<7Gn*D{Tyj_N9d_EH88oV$^No)fmlOX6Q11|L~lc zRF!ialqgLAOJ-G4h60jueUURQ(rKM zgv~lYiO|{%bYdyK+eN7`aPSdoi#Y#=8k*FJTLReGc<#%)wtlCt|G@OE^Dj$8JUn)H5Wpg7(C?YP%_nutie z0}eY^;dBk887?P1)hf5ciWymwSS~=wbsFJC7#GTn?Bn`5Glfss=2MUK$9_KX`@=$= zG2`A!WkKfj@XG)Fl+&Zniw& z2$y9xqPe)xh*$D8W#Q8Sl%(Zvhm4t0MP#Kc(jCRYgyd`kN}LdV#~E*uqUV*^t31La zugJOvcoNbqygp(b^(WJw_mUWONBc`bp0-!_%0szn1jZk)ABr@6YPUWc#3H>l z%=iX41gBxFZKaaZstGnKRfey7U88G^C6e*_uGIXI%`4i4w}-cz8|ggxWLw&%e7E;9 zCie_~ml$o&E}_PCMLG3l=c?!Gi+{v2Oa6?$e=;Qqy9 z8p>u@?cl}KyL}Y*PdK&aA_I>p?j1dzQ5x6>`QHvVRg3;K+}&R7f@*&%kXWJ=2-+f> zVDn!FIkG6Z=B$R(@pqdP2Y8(?y}H%Jw*OAYu%JYj^Ss%^O{$fm4(Pmvza)<)Du7GgW#W` z49Q%bNV1u3LXPl}fh(3;aua~W) zr2W$}e1QK-4~p73U$4(zzWYtPRgr6)|7HStKRjrl<0PN8U{{=qZc=(eFwS?#uWM!z zUL7Hnv>Ygl#ktvSxpIHNIzyIwwcy;yOq`Y8-GZVIDXr`n6ox79J9LQR9Yvs!@_wm> zY+MNX`JE++C5EctLrzUQycsFW7Ac2n>h|(LTJkF8J4!7E>tgr_B}cAp#e;BB?YYW` zLlVx|U-w~nJ6=_we4ay<&ssb@i0V8;02yvp z0Ur)pwT!3X(QeX}pslsk3fiad0D|ah@~h!(jl#50&JPedhemUs&4=YUAll6wZ$_5`52;>Dmf11i7{ zik)#WQKFHnm{Q{WV$W_&{ly@+4%{sNHG2nk3XYNH#qg?#QoMu&StFVWZEx2Y9ubow zhWo zJ5|KzV5TzKNjQ?Yg7DnTT%6evN8l}Vp!tf96dIS!+_8LwCL~{x%S_=&Aiwe{;1J09 zU$X-6+Y0?;pEV8}t%3|9TbFN@*ghbNwvXU0eVkx-UiWHvaE*`9B*IUSEhD40>i7S0 z0dz#RP7*_21(oWkOV8%jJ?g6rBgE?{Y}6-z_(6+_1LvvQ>f_RzaUDxCc|m#$js!dX zJ%$0P6e7VsLd+lW>WbfWmTrC1Nu=OnfX^BIGoMP>!OSSMz_iWxhNtcNePuliHwNz= z;K6(&0@{z*tJB?S*Y*B*@XHyyx)D6wL3MmQ->ucTY4Ey>mW#G>=(=)MUFf0k%`FTi z7|y7#WZ{S6MMw%^MGOvs1l#Ceo%7vgQLtO_Q0tRHc*zP~o&mfmMd>WWVQ@4gH&Idj z5edb%?(2~-=Le0LjQ63qvosx(laW&E%Q3u|TSXr{GI+E3h5Uu@zWTehdh?tj0+;`KoK?l6&r#;k^Z;rRd4rf|@uHUs0#Vt7p?)*LjzQXZ(H1RB>j9#{_X#|%TpKv(xpW)Ozm^H zPYH@cmc)f>YZ=oJR}A7F&34hWD}*l(6-kcavffUAxEBIGF9NAfJ?8^Gi9js+^2rF{`sW>!hB4@`pgnv_Oyl~rqghqK_I zh7G6lTmJ-#d;P-$A^Z8p;KJzr**dmE(|N$RsUb22s6zoJH%C%^C{R=Uzk>xHoBv~S z$9t165zHUd`uAj(S?aZLWLOs-ms|!L5~;I3D`3QQ+j=o2cf8T%H_qFUlky+^HqueK!|RpS+1Vcw4GzJXcW@zz>^+H z69dEzXh}lBw%>I)(^g|hyvO#3uAVjXV*Tpexuj0!kBd>!QFbpyI3jGbIK4jHhB#C^i(^H1`nZ$ak!c>K$T8BYVHN#b`;9%D9Pl`s_<2P*E z?m~DqqLWio_1jY)r%69G|HV61hrIzEi3z~e`Ro9c(r>3hl*a@T71fqsTATIn+HO!* z1``*+00Y5nA8!2_$UPQsIKI9Ezh%bzPws+7rU+V0N5J`YL&cxrjZsVtZVj3ej9vXO zafB}=xT`B97v;ev^HFgPn0L(ZL4>u_Q!}7S0jsE+~SXXqY{$Piz1ySXgCxl|9Lj@%ThsAIB{J_e2S?y>ql+tym?% zux)(-wIwna$fvT2h3^?(ErqzO0(>)59C(&g*;dy7L_X3k2K@t|a)`Z%mAL#J3gB^h z9icf^jhy*eK5{k9zh_|9Y~sO^}gGI|7=IVYvM(WT;DUHQzwK>86_wczL!zlO1u zBX}ILITV`ov_7vQ)H_7g|B~sk+vqVo?Qc%{?5wPc92v;hnA(@wF|eZv!o)lz6)IIC z1VDE%IjQOrEs(Ec(6FI@-ccDT^#cS3P$0$4Zws9o{|9K4EYy$}Ol2T7Wk&n)8uV5pLdJn#LnP_)$ znM^7@71i6%?^P?=t3SL)w~NgUZ`AwIUmIkrVPc8;mLkb%{qf-P6lUK5f{+2!)MFaM&}4gyktoKRE+ zABaUb4tRzYAW=?Za-re3it_xo_jMV_LG8g2bv3dJ;Hc1*u7MC>WCtv*T!5OT93*3N zz~8DKWE=+Y^JJ8HPJk6kjff?-WP{Ga9QQIH12|oHLLe{RUtDUMuiYu&Ol~@&Hkc!+k!5=0pMHzUy%_E?RHGwnGOC#*~@j;{?&Nn=n_uDA@=V@`^& z&um>Sh@gLXFlyjO|EN!oe5GfgKJsAUn>8!TcO)kMT!ZbjJ&CPhiF)>82EVns59G8n z82=Y%!;D3CioO*!C&}AB&}=CIVDd3wYRy)9ogLJnIu~UiTilNkUJYv?7CZ7k02Nyk zAgR4n4<(|v*wqLB-tvQ1H7RuRi{02pCcpKloykh1k@>mEf6{UkC!gXo;=auYDTDuc z1QbVY0ZXv6ji{cs-~MC`nx(ev?m;*^V7!$Ys8!+#{+hKQ zYP8CRPhASFEQR42eYgx!)%{eWHMYs0l3N_qb1aPz`z3|V`{BLd+WKr1erk0a7VEsi zoB;=^wrbqrTEVH&atOjuVq+(HOxWjb0Hn4D9=EamT=J5n%IAL?vmf<7)uXcE7|{QU z3cT1F$^2pjUTf8C7o5m$nZQco7ubBS$AME?oegN3(nhDJKY6803oJ+;>`+A%>vk-m zOc4J^z@FpALbAM`m6d)s9HwtZWEV8h=xo`K2(pE?(ighWQ?d^9rW5{Mh6br-NijMS zIzQhJPnI408N_(X;lRQa%~ke}n6SWFCy8-qhu12Im|GQ+v_>O8j6wYY?@cDQd4Pk` z>SL%uv_P+#3;%p>!X>@KGvQhp_!`EKz%<2jq?0(EQtFi}W8jH6@aQcel5cXGPY0yX zlX=i3Yx^T{1?Oh*`Ua$+F2Ia%{u@x{{%Zpyy>N`dIipafyZU2#a4y%Q_&E*JOLd>T z(HjLdsbUJ;!XWA!&%*nd;v07hBRd#XT?tnU2JA$ht!@KubPjz5tee@0ij(@K4U>B& z!|y^}2z5G?v5}TyuBoVkqB|Aj?}R0){9Y@v;uqWP*M{(Leb=n&3S*UD% z75Od=@M%TqMO}>^t~J^3&(+KF{`_)rywwIWJFnVMfjLuDodxo{o4np&OZLA;Iw<+* z|LRS}2WXi5MM>VkpZSy^|NUb$qn!p{Zo!GDL#mJuT+Q-oD$%IOwNr%(WN!04dMr~@oE)E_&82S>F*n$r$&H*vJD%m6e~A?W9Xa3=KUn z(Z|SNxXABo`pW^~V1b~M`bHgkl8C+qn%0=zsh}f*_gAL(0iU&js!G0*i=`9&F(8K` z!tJSj?JBoD^>(jTqGNHU#8KvDFgg+f{Akv$E2 z0l6_@(9;Y7>h~;bBYthuJ}Gy#*&c^JqjO$u)4Qi$*~g;RgiBjD6;7ka9<3-zVe`6{ z3fGIR169uh+53OvmVg@+y++P~ulF5bi*8!?%A%9T`9o+RmaY}J| z+N_ht%iTF!r>3ltaSzI$8Go;LlB5^El(t(U;kQjPiulCh@dmfA^PzMs4v})lPuz)L zr_VnB_K-(37m{F|PP`!~8NY6ZqhA%C5i=90vKBsi=9hu*j7&8MJuA-Sg zxGhG|ZY9fi8T9Mnx@y+zEw)$Yu|ob>j?VL}OUO?`KuD;|^9)1BcBg1p;H*cxLtLGm zxJ>-s$>=hb-0L40G>dp5Ow;CYJvH9vycW$tui|IaWJDPaPcE0Gl2$r8_%&nmTM5VV zqYi%-5pYeXS=Km6;^0LDTOKB|Fa+>1<>gU*7;r5mP4mAe{&;5|kEZ#?9O?A>-q|+k zllnVOadI;0=k0N(0c=6?q7*5myuo>;LnG=G2Hgep@9@l3IZv#ez7JOr1r`|Db8#MM z8+_gk;VoF|>l>Ojo!-{|qap7taLl>W{nqZG9)wXLQBn@U6TVqTox8P|>W}Ock^!UN zE(V3ehcRA0U<^nhFa76-#pKB?aUE_#}4?G{LmP}q(F;?nV zV;V{haStWu3$PA|D{7;NMOT{QoZEc=T`uOsKO$911G!m4<&i}=hkdg<}gN^x{shA!{OBEYBUPR83 zM-A#3(!nzfMy^?1=tt+UoKbd>(c^`G^SUHNyW zgPvo=uqCC*y>j^)_yEygiRu6jjW+i1t+7WNR_2$NT6~dE zKGHGViOx}zx7l11j*_O*d5goks8ion|RY7cT5fYzNS|q+C+Fcj-R(VT?%+ebKvE3t)6(&h8 z#qlc8z+#jyNy_%yEByAvT)s|iJg46(q1@J7nujQ;$9ZJ;Xx?b{cU6nhfM~w-{eh*V zyjPBqrNWT(edz1@xTt{K;P?jf=`8c z-xI^+97miVKU)m2{AMq;#xuGt;6ckL-48W?;gTpWqFaY3c|w7GAFuq;P1D5w)ohUk zIpNi%<97jCb7|aJkv8N}aX3-)V;$G>{lbJPbrw1s4#ON>F)?TE!+N@RlD%R!-~poM zqD1cFD&{4Fz)+b5i%yW*#fdYNIt=Dvz0fRqxhtr21b03wDhUs^$LreJGQhn+@#j0cTFc&`|WiHbYJ3bq zp&!0IeJk1fL>)CI6LzAyU@AJmGJz4a5T~^FlbE5Ync|o8Wb2D4*ZnSeEOdcxon(9= zqUR51A+55WQ=&P<_ThN_x=*~}@hi(r53;=jvT|qDH>_tzTH)b;8*dc76+Tbi$N$R# zg}Ga>ir@rxD$uOPr%IE$(LYh(#_7b49SfEZidP9JZCCGX(&Z?4vu={)K^KR#xNm;N z4j#rEmz}-W?STF(t@?tzi^MCm%Q?moNN zzNBm1oSqm7M!7bgu^WehZ|#vtwm@s&iufhoU)E~Qw<7Y0?-L*X>3)A_Q5$$vJ@;6e zoqRE~>9KI#BP;Gh z!xQimifGjdVxsgf{C!}fdR@h6v^`h*c!^75^9eMe`fNXluo98b^;Htzhl7JrcgIF& zU5B8+P~d+0oT2pA9|MGQXaJvJ^J7Do%hz@}>)0#-bYlb-`1$e_AD!?Z9MXK;!dfGE zJjCdDBns4~%{00}8MCw>^3tf;#uC8Z`A&w0DX($fj6f%4hd`kks_*sn_q3w7U80TM zM3l%@Wt~Kt?AG|&1Er=4k42slfB7esfGND1f1rD_*t?n~XRo}(#QQozC@gU6XD8Aq z-T3XWNfeQDnZLxLqFSA$nnYlASTi1$ z3OC}tJ0`QxIcG#WyJySJY5osjNO-iK>T>q%-e`K5hx4RaY8>~vr}-m9S@<`R65 zMKjmDj|~m?GZLI}6cc$Mpz5Q$aASVkVKyb}?W(#Nc-8GrqA13C9qzRG-hmjlnwsJz zmZz=%=IeNJMpks&*haCq$#Gc77o%W%g!U5xQ9NYhC$@ELJDsox#Xu?YoXD*eR4@1AhRMh_oEuqBb<`d!MAyk!1x z91G=XmU_A*o3v8&TQBu!dyh8d@G*PHtK!evV4`inMCa#7M5ngHNf;#keF-vC3hiK> z%qn%SH{D2#zs$bsOANq~ehrF(nOnbWVkQ`4lxODl!4I8WI&&Mt7IBQJK zk;-uERETS5PCsE;PgiXbDY;2xnesHzd+)a`Uyucr{2z=#%AyF4>ZnO)5h~ozIrrL} zaQ3Ces^P^Jnk|+ZGeplY)``ALB8kRLdBO*tc6jy0xyAIZX>IAju^K=u&Nn{m`06~{ z>(nLv74es|Ka)W+SgY2Bot&cnH?&nHcBlXwL&$MybFC^SHATXFD!V9R2cO%x5Ip^e(LfLbQyQ>!y>0e|IEc zfuDV54l47g8mK2sKmm#B_9_i!SNIHVf;NPZv z!+jGpoyb27oUKA5{{Qxv?d~epHZBw%^{M4OPy{P|fQOn?Y#0y3Wv zrnD=PFd6y|T=wK9$49Bk zZNbmoXf}Kr!-!$iAL1HEsBFv~Wn~cz6=GHz?QQSstT!o8C4`ll6md^Qyhi|t#SG{? zs+|X33(GO%H9-O-i#l#e#V>a-H=1Qt?)OkC_dG18uY4hgJF*^f(T<^sA9;+QXg)@* zA9ewUb3$BlAEDt!(SuBAM(ry`N;{l1uaFbDX30{q{WY7k_8r#>+~w>|Le^bTki6O? zA5CnpX@nFt42OrK(_$**%c@?Ng*X154*atj=~M7#R6by8e&kv{XAjV1mU0rySpUJ; zB+M+v7N4c=+jFVZY8Zs+!GiBN4_upUBEBN;Lj6iV z2O%x0?zO0csU!pkkZrMyEZ8~EpzXWWa%CrSOoEJXW}aMwgWwYMF--hJ?M;U}LDO1$ z64=Ry(ylyTp)st-?4I|k@_wV`q$*3HSAxpu^_27LC~%-*pf!`=M7(2tRx-ckp|psQ z`Cz}lviP>;WF?xH-8Wa85#LdoYQ~!mFXBEsxQPE&5ow&%N06-;2+-3!M8iE%^slYa z@$7soO^n}}{g1QA%B$JsBafejEaLkzvAN@>7@`8)w-#A|?QX&Wf_4N5+Ak*Z`M_mj zA?Mi&7c+z^CYUDSKB0|)|Lh!>;~CplS)zGMb4UKM)(L|g9v`t#!tsCIIlld`(r@0I zEr~@ZDtmd^_NGUR5#T?5#4>9JcPj-?yzEg1UXcT=5nZ*=UN9%5zi9(r(RL#3*T4!e zz4{j8bp6)US4z__D+it1z$|`52>=?g5v+@1qqVw`H1dZM?4qo%&W>=)21MI zg7m%mKc6y<5`74)s}VwT$1Bddo!{`nvPY(lhF$UAS z%jr6x;?+%E0B!@o%k1>{z^zRbu=meZ-%U*)9{^KK?|oa-A<3Hw$yZ-DN--Vo)__u_ zAE;uJfxjU;@HZUxQ5W9-JW&f=1GXM%cqnJ&p4qGeJU#PcRTIZ2uZ7+5YwxPF8=zvz zHoe)=^XPeO!ne(ZvOO2O{S!L|ypsf``-U%?h<%R&JuZe!bB4ID+7x^B+AgP@TBn^U z7r_T8W`Q?D9q`)PD%0@UaV{C#J+md^uipjy!qF0m(=ya&DH2=T`03l74|&EsK`S?x zO>6~s*5+g7LCf2->5H!t;A)Kps@*-i4F6>QH3I|9&l`{@rP$0r;FUO^`0_{kVk?Xs zv_lSB@O5EKoO>w$D!b1=6!=?Sn2u!*tiI=v4p1!bo4jtOe28)=_6FwU!vJ*G4o|*3 zPUn8Y<|$aPKFmKhe6@Jis*4|C(kraJ$)A2aaL_YX+^0f2GTz!qW(h+&~OQm_Y4&P&ff!ferCP z4-J5hh3e!40o@?rZ~jm-)>Fq7FmlC!)AcB@ zHr4l_nYr*Aw!EK+K`h1#?ByKmkIZYFfREPZmgJqs=}orV;>BV#js0*`mL zP_6?P{m&&5+?vTK+H_|#uwTxVi`o7r>qyZW^>I+1&OVxz8KYT|&_GoQfK zFjL?uG~=^X`gSFKX4K`{?(SFHjo~ZeL!3jRCBM0e99Z{4*ZqIh-pd#d8kfYxcJ;@~ z7rAmS0v}xGWjwdj2No=kKh3_ha~DDx4gfYN_p^)j#N(Mhi3W@FWo${|yT3el31i-y z{9i$b=%brU-H71F#Wvv7Ale3e$R88a{rf{S9E2g0;I?Y{;0l4*YukD8soeGA!R7bR zMXzU;J@%Wi&qAhw*gFSkB1KW3q&Vm!FeCwtMR$KHQNc9<_wmG>Bn`jIiK(lhtAF!b z5@!;wx2u$G{a_|9cDCYcChtdtw~mT-kM)0eaPvEYjbOQMkmI9{U}rWVM4X)eW`ElQ zl?*ZSEAV?=NaFKyHcLcR0Q7SrAH`xy8`=*dNJwL#1 zGzhjg0&XoAV|UkMHYBLFkWM5YjGfbSCjM2x5`keEW{=m>)uK(!SPU2b6tI11Fwm(z z5(fkcjzb(qN*r9*ef?4m%3EZf8OiOxFKsPz9XGu~t(sf~fM-8uvog1z?>_33ljzoZ zoINFznyv3@t6#|UR04#wrLhp;uCXG)j{4q)-kCL@so!nJbn~VOt;yenRGr8(pna-X zZD-1==7QCVSr^psFV4w!H0nFp12fYLl>KeQ$hXDQsw|hE`cu;+W;oOmt$(854Wr=a z;PNS^NWOPX+r{R50|l^VPX5K~O(8w>_uxARA7MH5 zdF{5RV4D`uY%xW0YK<&BHoX`e?7b9$?aXwdr$5^~2LAi4G+U@w8T3ta9>d7Doj(ia z@iwpL4H3XMhA=j>S$4_L6Qf7IU!1t~41zHc(7FpzOR8Ron6Sz%qh|Sf+V4h><@JN} zc5L;bfLy}f4zKQu=CkHIHI4iDXP5e%umIaOxRsr>D{lTTU|c$9K_yn zT~EtJdggFfuSe8dU};n7YbCraI6J-D;V3D`>lAsk=F=k)L@Mco3f}#RIbXU8_dI0x z15x2QiXdQ%+}yDgX>s6W0O?sufSZ3T3G^tXq#B`RyoXS%%``mR`MKn`tzv4xH4g~u z*EY|oy%1S-joHJp(!!XLEMmB)9WhV89inFIF>U`tV0BAa?!e^w+nR|z;~DwLQT_k~ zGg7-7D%v*!%?!6Q3vKl9{#Tbf0(@k1rgROtPPaIdG6j$3DcjC_l7-8ACUq=>J z1vw}8%1!3db@5+=YDH_dtR6AZ?=DeZ`{JI!Gc?z>>T9vZ*lH#wV?NIi_cy!x-1-82_Lb4yYrDFu}Z|4@(R=M@B>vA7gVtWy}d=d62cP~4wQ`XTk;mV3lN{a z$No`xUr;pEw_`Q1ha}R(Rf?zisMDsVzunYkbmls=c{^YB}^dTSBb8FJ+5)zY1> zzyo8X3~^7|jkIecDu9M0wl>Gt7iSO4;{i ztRoU7CQDSxzGcZwWDO0KEMt(hO_U-cON=auvLx#iBKuBx&Tm}*`}yC`^MCo=FP`gF z*Eqkke9t-G<#WDE?qfZPy>Tr5U;DmDY~?1@xbjx2M+w?%voenp_Ld+>B#jL}w#H!c zz!`5W+mt)UtV$QJQ>g$;14;<)_z`(WlTeau)XegBB;CCfcObSdr{>^-ZXqg8!SQ$B zQ^|cXjUwYOQqkSfh?8+TJl+xZCAChx8G1sX(3i@LrEDR_NsU+Qy@1p1x0Nyz9DAaT z2cxd@Gw&63j@-@JG8!jW_;dWb;_-mwDZN9}l800>=5)JBIg{VR*~P-0ZQ+fO%HrkX zT9FXyD)dV*@XZTN%s|}t)h4wWub{q<_B;#fHYVg;rk?A6+aiyTq0O@Nj)+Bi9V$u_MrKcN7Zc5tOMS3hjm>HM?!y*21c*z@(}OQ-mSxK1Sv-C}mp83wtruSg{9 z4@#T#0M7M5(uoiwB})jToWVZvuT_Kc=&;nteQ)y{&WWEgBsoV>G=N)ogrV*ac8$2P z`^>R7guuIm_R5eeH_M5KR6-QD2RzQoKh0KP#G;VwLJy~RNt3<_tv#u6D z-cAbEEJTfxK0Ug0+CP)Iy-JLYb8nlj=TE^w&rF%a=~*vkf<#_l5}W1OO3kA6w(8>v zJ+I#_KfNMvTBmT)DR2+R<-`!Wc)^d_6WkJcC+o)uL`=LYuTh1!x^~8D(#=-ky2obD zS=hsG4`b72y#r4B|6wIak{nAL{M|7RGjFZ7KbnsGyEw5Z0c46HAs^0Tf+vXFRJ9fP zB5LaQhFcUaQ`h@2zn?{=SLTuJDKEA-BeMH?*hjdYrA=!kd!q^FTJhrWhq}GDuc_TQ zY~24J9(w39LLheu=79Jvft01tn!GKLg<~pq^|-=FGGSdj8zJ|rqf|| z#2(4T5fg_&kvKBX;pal@E^-J?J9Ce|7q;_%d0qyaKNeOqyLwd&g(}n6DCdp8MHPvP z^pvV=pEK*WPf;{eUg3OqJ1QQS#2;)wOG3PuD>YiP=IaZe9OFW!`IeNo&ISo3e2y<; z0-hld7ZpP?@hCVVTh=4^+qdEpRzzb)N$_2uZowh+Uk;as1+&wH9UvkOp!hUpyxQ0TF%Bnd9V|2AnUv>ZCjBa$Vjsn>Kkw z`p)m4uhzSltb=Ytv*-h@S}70DLi9+g-3B)L(wrprKOh{2ghBwc+(q;Eg_zw_J+u+x`xeZYrI9w`nbu2;3N@L6qU~d4(j=CT0`n6QVHHMC#0pBBuy$-b6X<&o&0R^lS zR6(-Nf>I&`LAnyqkDi>Pi^Glrb1x%cFi6YY6O;~6w*|!(79U~M4$t1`d0V{5A>y!B z$16qj0?wM&q+2un!0NK|Gml{H(6O-tO~0tUnE`g351Yo;oKcnPMrUF>Nbvp;?2HV^ z)ovWiH*xtZ*u;@VM=(D&Q(qef#fg;eoh5FUc^U`|x78YZfmAc&AkpDtUFH!p z$Q*|B(H3q})F`m?HBao167V(@T7A>x^7v_a@!!NGC6Has8zce01gbJk1Qmn1i7)K| zN5mL{1dnm1i9#HN8M$PN_Z`PWv3`BP)-MCu6n;QB$scn0ML!UF?FwSMJ0N2Rf=Ldj zYp2Y~Wdx4KoH-q^82Gh}au2dxD}ci4142EmVI+{MdZxMO-O8(wjjk-nEPn`sW#v7> z7Sp9?;j34KWJ4#7r4#itr#e4o9LCVVF z94JGu*w+zOUb^@EhQ&c6_D1Gy=Tpa#@dp9qo@)B0{vKe8pA2BT51=A={!AEX6zlGy z+)_@N1mE}%ZvS0%Z9CEPL=_Ps^P;(cWSOa;rH-I5M|^-lg5nnLFX>Q)isBYa1$xXD z%QJD4SPCyFz~U-_ZO&W!b++alG8wX4jp+F;mKqC~)ZIW0AJX-ZU_#1Z!30R7t0N2r zFiq0|-iYU(cpv!xoV9@yY4YGdpv^$-grMiB$C zaYwvC!0;gJZT$ei{T-khB=3%=p2v;?uOqQpA0Pt40CQhTFIxRJf_u(gp(VV!W#WzkvK>}x@rZ%Wkej10`+j^D`V}HiIgdP+3K(7XFb%PF&Y?$Cm z4bWmTQnmq=7TeD(DkUVFt5<9ozP@^>FVpukP6=dYd3?z?!$6@D0ybv@n^dGYwF9oD z{k#COr$Ug6&&FiI**gn7w$69$Km>Fj$V>D1(v8HRR;NA6J}j}s(dD0D7**&APTXA> zY?C3Ofw}c9wN^)Kby|mA?Kp(4c!N||X9b@m0^sNg;C=w|^YI3Ec$|8Rtp!A&JOqgd zkAa#zHWD%kYAd}U_r-yruJl1GB)e_{Nb(pqJDwOi?c@WnFFLp)Elhg_w ze*9pG)%v_V2o@azEgEwzi?QgJ%&j0*=uf=wm3qPIIvDWLD*9+6c8HY)q}VDb%^*ia1+x&=F6&q)hVn{Q1cPgS~+_!OM)1z zUYChNb#=r*L)Pnn^RMcY2cDV2;r;rA2?WB$jaCi3;>C-rVu3rg#~|NScIwG)bwe;c zIlxrHnSz6%p2bZ-+(A`L}SR^6(z9aRG`J|G40)iP8#0@ zn2s!#$NLHj#flqp1wZ{k1C0q|I?Ff@RSdn$1k?p7EgZS zgJ_}y{ZG9wkct1-!`=U!a``{Qf&WJqNesT-((ixh2o}OXkn# z8;VPIPjgOeulaUp{0N1<8>gN{9~j+#!|&po5c0MO?5#$kh)NWi33(ixz7WA3W6TQK zs)ye?N<-$dJd%I57agQa-d(_nN;F%DLEkhiy{dyR2@AYHPQ(P+a-trigUl<2gp;ev z#2bWcbmP_)o#sv}HOxx@)nlk4fDYX${Y*^_L}OQS2$ps452|c8L*MoPz-MT4VmsjyIk=k3)yEG+c!hBH-KAD7eMX#UZR2$%( zUr2IPSqUkKPAk%;aKNV|*1gFm72%CKAK%Q;MJ~0=kaE^f&&#Nyxck(3WV3Fi)SiM| zW_DcpG+|?Ugrg+K9D!Kg`v`@&KkN@8*XH#MhcB-g+7iYphDDA~nB#=3|C%>*?Clxr zBxsr2*BxqnON<(w{gI)TZ1;uv?TvHuu_E~EmraC8qsTj+ViEhwh0j;*kLGG0pH-zq zI-oodViB%$)kWUel6#xLVU(E?->>t+rzJMPqi~Fq(c5;;(a*!XGH9*a)i8ML5M@EDHVEK0`J4BSS6uOeC>3{2cEhOGHy*@kJZT+F2aZ z(K+cYO);vd2<@lm;f?3XTVbt3dQq~(yO0VzIqB!g*vd4`8bqVFL>6&?v>5lAi5-z` zMmM#yRfW-y*`?5N67+%Ae=)St`*SS zm3wHNMP?&lN_Fu~LUfQ0Ewq-E_|&RU`7v_@fLkdBLU8RzL3TE(JXU_c)cLj@l(nbM zN?>lyirZ9HpLF`8tsIDqmjZ&Mu>Hvxxpsnk;^;h1W^=q{G^QhcFDrVq8M(Kp{`4iC z!U~;lGU-ZR)PCt5WL4#|c6FN7U46=XyWqs=mvuq=2a|TCGBAz4GyP>j&wsK7wO#y! zE;wm+W#)F7kD1Bet12&+hOVMl{lBe}yoJt$^XV$(5*6WK=76Wm{4`puu4J4zmCW7Eji zYGtk1SCy6G_(N5gQu*ZQP5#|c7-UBv*R!ML-z~h+%#TN1iK;QKJSwS&UY zj+KTZXWPv2GjTQ{3VSW@u}F+O7~Io3M&(KO;Y1}bXKVV3?rYYfMo2Ac3c*|1XGi0uTLd$jkaZ-<-*5YcGbd3WO>}r z{8|~?VQj1x#$%kq;UeFh^Tw9tWlV?|yIw#@*frVJkao0$BJW`*O)GaB|0+<5GwM;d z=!xEX0C{-@*YlB+dLCeQ?GikS)77%N)we9^Jg$cu?4Rq#pH6wfmD8n4InUEPZC|!{ z2YV5d8F|ezV`PLN(7IP;LPp)T_N&SqclGUvO#wUY$U^+_LZ@<)<57PZD;xG%1*Jo| zy`CON7l%&(5e5V5nv6(@@Dbnxqf0%HFUd_v5?N2qwD)gDDqQTj-{>j0&_H^?A^2=u zQ0W;mJpa}$X3{ldx?Dl%nQMTcM}x+Fxr4ebuUUsaR_^=Fb3(zEP{wC3 zLn|nlcQk2ot^{6@`Qr3d2oYT(0&9+)qdF3Rd?N5lAFf`d0*zg)jtc_4Oxua2i-WD% zgmKE8fd9{R!RP`eQEi5aRh)qPUoQ7@S!)lN0O_J6WSF8(OYg(N!&Q&dCIMUxD_sTPLm6rNES307urbgu{)O2lJ%emY#EYnbp}KmOgZ zX2upDB`TUR++3F-CqWM76ln9}dKP&y0!?6}Xw@B~2vwL_gGxdu^)q zJ}71T33mRD!o{Ygf#hhdNqfM}>HcIsJsclSq79ilb}`?dIaYWp@IV0g9mNGvIBRIJ3UbcAz*wWOgfZ3%suBJ!w2|*aiyBzhtFhl@r<06ZcV0A zi+LUI&K-|%=TCUZ68lim=SfpHxBzcmy5#OAY3Vj5e%qzZ4^HwRWD|{ze}RNI`jb5@ z8Ofr`WmPPu8lM?hC5ay4j$Q5=jm)8YR+rgFd3XtCHWc~lQJAv{%-n2Mss$|%O%^3F=j`+-JA2m*Qz4MIzD)e~NnC;mEn}Pm|we@=Mcd2Uh2KZ0fYLh|( zI$}4rn^2oJ-QxbuxkXJ{sSdv@F5keW`JXmQU6h?Eby3!`c;J-}_xhe%TJ3T7J}|Jm z01GpTYi5Mq7!nMTCTJ|Pptx_85TA^jZHYLa&05!RqLf2Qvz}ejRZH38bW!tRf@o__ zrU1A9!1@~l%xuIbC9W^FZpjg5O;=_*ax$;~u-dJ2>Ui?c7cm^Fb=mLk(+~a-;QEH_ zxY{4(W>ePNQ?-`_OD~u9zq_b?*0=8ST2&wX`C+Ui|K5u};Ht=T{aRT*eZjqSX0i(z zi+M0JN*5EQfIvB-CXI9_Wbia&0UJ!U&_NQcm|UDdiLr4YJYEA zjIK@Y(0)M#-U8aUL((gwjMUgvMZS|pjU)NTL0s1hou0sHcgbJoz->`m{Yy88f~oqu z7H~$A00H++He7~YO_-1-#so2~&hMsGhed3t9aeZ>j9b}MhgOdKkK04%RJkw*W)W?y zn5o^zEVR`Hn-9Z2+4Tl|>p6l=i|J|`l(t01(mu%FrBZXZtRi>+LW1{4`QHseB*2gC z06(ff;c!kG08hZB9wTR{rM1R>(R8|e@pZ~Cb6&rN1I@OYs#`C7?VBvM&g9CPiDD}s zJE)ZeTC__kakoiXeTNn16R~|SIayx07nSSTbe6T$R2l(z@^Yyc!RIwVNeeFBdnTch zZTDQNLOfa+(bzg<+L7{aKJF0N-8fPW@v5a(0Xgf!U+(8G;*$ubh8!w?>9!&Qf9>o1 z44?gVANNs??b6D?Q_mPzT+qIAiUUPQW~4>9j&X`q72DpppHEErmiO(Hnl8mQjhjok zF()*iG@6T>b05Ay-ICXiv`hM8JhLZDqtMDmjF$e$y)GebOr$2a{rdzDDk3QK6wTF$ zvZq7yiSMdpr_M-XHvB_80C-v@2SxyR%*7`TQ!s6zxW9krW;;=~+3uL}=qk@R{kVw8 z(Icz@H*DuZRawv;;$o+wa{C_KvWvMEXESlMF%~OIeEU|o*@{%4LZAFCs5QU25dShpDcSD?eqEjndx;o;bsU%c|#JFi^R8D#FAUeY5F6(=RG=S8_hcycn z!$qjnIW_3+ix4d&INDaCBYxHsw=Lx$S$0v!JYP7Gg803P7RG=nTqc z9H5sOwa%nb3yI4cbDukd%j;9)sI|s(GoOPpui*cvqfmb&fBga79)upo`0in#1%orl z3HX#;{MnRa&$rd0QKQ?YKaNHux z+n{g)F1~|6eZBk8XfN~xpb3K>^+2LBu!NsLcW@LE*<{}Nhyyf3yr0nl@U53PxQ?$6 z22?Rjlqk?FVPT4PC9Qu2bwp;(A zTmqmRcp*W~v97kG<1iJE+iqV;XROSSzylY`pnpZjwT>P#2Y3=#pc02B9<;RhF(z<* zL;@NK{P>lVkUMSeQvby7!{sFC2Me)q>Kk>MW%7WW(QY3ZMl-pu@cX!hkLZsHClGrX zFCRk8BG_j}rPk!f<0C=pP>3w(4PcJeCf?V{O>Ir}A&fUtFGPpkt&%0$wLf9%q2W>(d+5o*?P+>O>G+Jl? z9~g6Nmol!eDJ4;%=CcChNnI26TVgKO?DUEmZfyd3w*n{+I-I)ZPFDEX#H8M`BQHUB zcWU{QpQJ}53hnfz3Hquxx~!)DzbRXLJrAucthNK$gu?-EFjp-P5g5*`di4)g2bq&J zye`mkQ(s4Ih(JS)8Sc`WuS7pLEB$c_=GnT_H5qPZ;%!vW@tIfO+n3D<+N3x@F#A;c zr_XUYdij@Q|LLwBKB4u(fIQo=&St;!EUo~^PhDr1a5|gXd4K{?BnEvnh*!yY<*)fq ze`iS_0ao1Yj9nzs*b3S>z~ARO|H8c6yPXb)vvJprN(-?&E0}{{(em;l_h2gA<`S2X zjJb&riCi{EXyeJMK2-C0@N59cisvjuG}3-Nn8kTR`X!{#DG}RRB>N$O^D8>^v`NG+LILZ9cPjKPuwWuq2!f!#G&|Ui15xEP} z|7`QBcu63cKUq~*k@2CN20V>KvPZqetPgIf_7^~e0)uXt5q_hEv1-_jFdvT{nyz9# zp-={x^$TQn7HBh|1wDfMn=Uk5+mBKb=_+#{qurf;xQ@SCj4>IVrom zZ)dLn7qjbH=PysV`1WZUHx%&jAsjM$n|=8jb>_$9`D%0^KMN6Jr^wuZS%r-%>T&!B zPXS<+0e1^gIUx4g8<%lxhbR}_Kr9A0A@NGYYO+jvggWY<>y!wWCI#$-~}h%sYIM2 zTM=rPYeYDvHQ$FG$0%L0+B@@xL2QCE^K^>y9khqQLrx_QsF{u~X!Zg}el2NxGx|eL z(a!c#;O&MBFVL98@i{^0?h+#<6e*~Qs^OYrs845A~<4f)0BL~-TNeqwgSg?gx}tg!3~HAv>dk%pX?9iTWs6p$H_FUFQn%au#DU@dCsq%(@Hthe}XrPvXFY07JHkO33kR zz2_(@eBnlZ%|01;0tDcK8QgwQ8DfX}AZUdb!%GQwRKnk%bfAP&e@a;+U4kx2Df`GuP{mNy=z z?CeXKq~=ge)_v7?whq&XovpWl`5ZvmEI2^ZQ?tFQ4->j?)XZ_=c*s}2|$OO zXw5yLhj;&uix0j!N&Wsy>q-WLMEi~~DLdYjq0Q^4!1gnk{3!eeCyKg$iENpiBs0Dv zO1UO5OoxiDr#RP#4R!}JB(vsCz);Q$K zk#GT!5jY%yhI~U8afMq;_siL>H+Sx^8*@mhm2dwwH<_<^h%`<{RDh7b$Awu`x@IZn z3kdGmD@%#B(#n4lCSw0AnGMCf-3T~8yCV;8iF^We(l4Y-_G!?hZpnQP-r>16oNv%H zb=*5u>siY9 zt~%@%2MSNUbV}(!7N0u$oD8Gcq6s02tf1u~zQc$3j=^qmp*l>xwaDWV>+?zSopw-X zT&WtcztyQ4U)6EY(bZ($XM`tArzcmPpdI?kDcn2|WC=B^Hw#zSAIGfQkj?jR5?(SK z6W(y~J)(wBc1mQ8?jK|6_1Y17kKpQO7bN}f1D`!;y|P3tR+i=v4DBJ{|Mn*5c1~lc zWXV~wU-FZl@y#15JJWE5EsA0p3gGwTj8h$Bi(U*Oeo}{>mt5B*zfz|4o_*b+dW0bu zhXzp;G@^b?Z3qj?n@%Rbu~G#W%x{Yu$pUfE zW)vYmA=5J|pQDwmY#39MQ-=RMkJp?jK|l6Q8>$ZRl~d;0Sn@`EKK+uh=R+?)bW+?Th~-EYk__-g2!-A@gHn#*1d5dCl8u1%A0 zUUu@Y6-ra;Vz7cxiBHyA??qnYv>k`Ox{N=5zI*l3&M8u0@*Yf(MVv^OTE9NHqw3uz zYo;R*nhqHe8mF@iy+7f(zPdsCkc%TcN2{c?WtAEDME^skOWM@m0Kj>YN>`BR^w>lP zv^f(fI||co(YfLF*&j~EOm|L7RNN3TpU>Yp9mnCfwea0?iDsqNMM4W>*`iOfp+D$H z)%qBpc;}Nmt*Tt_joz6aEAb*1Dt@sIH}S6033=<6%e4K!;1JEguBPOwyy)164wDae zdj1T*ZHkvWIGto+N++W|${ZREYq9{I%ViS?TY9i&SkTlUmA63=8jZ~2X2?h&4(qYl zE8)UM3$bVq^Mz$=i!Th5a^tTd)P-b(41P|GkkTDYQZWm;N`0F$N~@P2%NvH%4M@E#!YO!vx_ps zj#iSTsU#1mzWx??Z|8!t5-m7T%XZh!RlcM=q*rHd#ZEQ3a0!A0A0k9`4jV<Ih|U$29y9UW-MtGA)O&@pSSJ853VYx@KSB^I9o_$DP#IXT? zaXVsACbR%i$+-x#S;}`ZczG6;n01ei%AMTV;XSZ1F)YFK1h!anzA5EHps1g( zz*HG>d`#s_n*WhIlf72ivB_W3_w4)rjltS^VPk0QFQri5!;yx``A)`rdySi1>L6;# zS;HxvMS-j3rwd6GwUpk!V>X&w%xr+L+B<(Ei@S zl$eo0w7CyCQBtY@bpNfW83slgFHQ8~K`m!kUb(MPrINz2tBPm4vna&7sqRUfx)`SGrm7CY6#2xexsj z509>mtMuYZ3!tP#w6XCAtR%h&*by8`P%19Aeo37Dg};RkWI8|Y-DR8ZX^|U1y30Ai zA{4Hr(p^ANV<{Jfu@p3>V~vfnqo42i84WOj$NNN8VO+RsnN^I~?Y@#*6+X*G$an>& zx+Aoa9HXwvJUm>8Sy6ULH-0gFq!;3UFM)eojz)65*sz2PXNi9i$8vqb@F@)%LNM`z zx$^$y>%Tj4tALD=6NB^21`1G;=|O_;OZ3SnlIK*`gI#<^Wlm!Bo%015pa>@hfJ?1# zjXZ9aWfIqTt0Pfww|!hz0M}vUy$wCGgCF_b%}jdv`_$nJ0Lr@05$J}woHm4%4)7MD z*lRzq{%v*FNu1QSM^P}W8+lFn`IebmOdrEz7hL^R$V0UC)biMqFXWPFs?U))79L(1 z?6cYKgql)ImA}8xJ^nWww?t`KEj=DGqU^8H>*vYek_R5ruWvdpIT=+&!7u5B4?SQv zDm4UBOXj|F4A;V1^yzDp7MX+WA0=$nX|b6UMd^Fb%d%@FVd=;R_uC@lE-m|-Ls~mT zDhN{>!Q|Wf&dtAYk*~{%IGtqtpphkxhevkW_j7cj-W{LUb3O%#F}?6h52Aw(HICTo z(#2Oi%)Bl8-~@$mQ{q&Mq*k@9oc$w#r#l?y0C9V7QozU4.`. Zum Beispiel die DNS Eintraege fuer die Domaene `vhs-bayern.de` liegt in der Datei `/etc/bind/db.de.vhs-bayern`. + +### Aenderungen der DNS Eintraege + +Um die DNS Eintraege einer bestimmten Domaene zu aendern, muss die jeweilige Zonen Datei geoeffnet werden; zum Beispiel `/etc/bind/db.de.vhs-bayern.de` fuer die Domaene `vhs-bayern.de`: +```conf +$ORIGIN vhs-bayern.de. +$TTL 60 +@ IN SOA ns1.vhs-bayern.de. hostmaster.vhs-bayern.de. ( + 2024121702 ; serial number (yyyymmddxx) + 14400 ; refresh every 4 hours + 14400 ; retry after 4 hours + 604800 ; expire after 7 days + 43200) ; default ttl is 12 hours + IN A 49.13.175.195 ; old: 144.76.93.148 + IN NS ns1.vhs-bayern.de. + IN NS ns1.m-online.net. + IN NS ns2.m-online.net. + +;;;;;;;;;;;;;;;;;;;;;;;;;; +;;; Local Host Address ;;; +;;;;;;;;;;;;;;;;;;;;;;;;;; +localhost IN A 127.0.0.1 +;;;;;;;;;;;;;;;;;;;; +;;; NS Eintraege ;;; +;;;;;;;;;;;;;;;;;;;; +newsletter.vhs-bayern.de. 1800 IN NS ns0.isprit2.de. +newsletter.vhs-bayern.de. 1800 IN NS ns1.isprit2.de. + + +;;;;;;;;;;;;;;;;;;;; +;;; MX Eintraege ;;; +;;;;;;;;;;;;;;;;;;;; +listserver.vhs-bayern.de. IN MX 10 listserver.vhs-bayern.de. +;;;vhs-bayern.de. IN MX 10 mx01.vhs-bayern.de. +ns1.vhs-bayern.de. IN MX 10 mx01.vhs-bayern.de. +intmx IN MX 10 domino +intmx IN MX 20 domino2 +mailtest.vhs-bayern.de. 60 IN MX 10 mailtest +vhs-bayern.de. IN MX 0 vhsbayern-de0i.mail.protection.outlook.com. + + +;;;;;;;;;;;;;;;;;;;;; +;;; TXT Eintraege ;;; +;;;;;;;;;;;;;;;;;;;;; +;;vhs-bayern.de. 60 IN TXT "v=spf1 a mx ip4:62.245.128.64/27 ip4:62.245.128.96/27 include:spf.protection.outlook.com -all" +vhs-bayern.de. 60 IN TXT "v=spf1 a mx ip4:20.50.178.65/32 ip4:62.245.128.64/27 ip4:62.245.128.96/27 include:spf.protection.outlook.com -all" +vhs-bayern.de. 3600 IN TXT "MS=ms64478158" +;_dnsauth.vhs-bayern.de. 300 IN TXT "2024021509350769xvfne3rv45zuft4zpkil5d67tbpvkvnjlfei3862b34yrbsj" +_dnsauth.vhs-bayern.de. 300 IN TXT "202411121019550lyjgntwd5v35uvf533roxftuvkf9hbv20okc4g3xt0umpn6p8" +_dnsauth.www.vhs-bayern.de. 300 IN TXT "202411121019550lyjgntwd5v35uvf533roxftuvkf9hbv20okc4g3xt0umpn6p8" + + +;;;;;;;;;;;;;;;;;;;;;;; +;;; CNAME Eintraege ;;; +;;;;;;;;;;;;;;;;;;;;;;; +autodiscover CNAME autodiscover.outlook.com. +selector1._domainkey CNAME selector1-vhsbayern-de0i._domainkey.bvv1.onmicrosoft.com. +selector2._domainkey CNAME selector2-vhsbayern-de0i._domainkey.bvv1.onmicrosoft.com. + + +;;;;;;;;;;;;;;;;;;; +;;; A Eintraege ;;; +;;;;;;;;;;;;;;;;;;; +mx01 IN A 62.245.128.92 +rproxy2 IN A 62.245.128.84 +mail-gw1 IN A 62.245.128.85 +;analytics IN A 62.245.128.69 +domino IN A 192.168.1.108 +domino2 IN A 192.168.1.109 +;2009 IN A 62.245.128.90 deaktiviert 17.12.2024 +;rproxy IN A 62.245.128.65 +;eportfolio IN A 62.245.128.75 +;ksc IN A 62.245.128.71 +;ksc2 IN A 62.245.128.71 +;portal1 IN A 192.168.1.117 +;portal2 IN A 192.168.1.118 +;db2portal IN A 192.168.1.119 deaktiviert 17.12.2024 +;ntp IN A 192.168.1.110 deaktiviert 17.12.2024 +;ntp IN A 192.168.1.130 deaktiviert 17.12.2024 +ns1 IN A 62.245.128.66 +vpn IN A 62.245.128.125 +;ol3 IN A 62.245.128.89 deaktiviert 17.12.2024 +;icsdb2 IN A 192.168.1.131 deaktiviert 17.12.2024 +;ics1 IN A 192.168.1.132 +;ics2 IN A 192.168.1.133 +icsweb1 IN A 62.245.128.70 ;Staecker fragen +mailtest 60 IN A 62.245.128.94 ;? +;ttwportal 60 IN A 144.76.93.148 deaktiviert 17.12.2024 +;www.ttwportal 60 IN A 144.76.93.148 deaktiviert 17.12.2024 +www 60 IN A 49.13.175.195 ;Neuer Provider old: 144.76.93.148 +production IN A 49.13.175.195 ;Neuer Provider 4motion +testing IN A 49.13.175.195 ;Neuer provider 4motion +analytics IN A 49.13.175.195 ;Neuer Provider 4motion + +``` + +**Wichtig zu beachten hier ist, dass bei jeder Aenderung einer dieser Zonendateien die Seriennummer (ganz oben in der Datei im ersten DNS Eintrag) *erhoeht* werden muss. Egal um welchen Wert; die Seriennummer muss nur groesser sein, als die vorherige! Uebliches Schema ist das heutige Datum mit einer nachgestellten Zaehlung fuer jede Aenderung des Tages; zum Bespiel: 2025032401. Ohne diesen Schritt wuerde der Dienst Fehlermeldungen ausgeben und nicht mehr funktionieren.** + +Sagen wir fuegen der obigen Datei einen DNS-Eintrag: `test IN A ` ein. Damit dieser wirksam wird muss die Seriennummer im ersten DNS Eintrag erhoeht werden: +```conf +$ORIGIN vhs-bayern.de. +$TTL 60 +@ IN SOA ns1.vhs-bayern.de. hostmaster.vhs-bayern.de. ( +--------> 2025032401 ; serial number (yyyymmddxx) <--------------- + 14400 ; refresh every 4 hours + 14400 ; retry after 4 hours + 604800 ; expire after 7 days + 43200) ; default ttl is 12 hours + IN A 49.13.175.195 ; old: 144.76.93.148 + IN NS ns1.vhs-bayern.de. + IN NS ns1.m-online.net. + IN NS ns2.m-online.net. + +``` + +Nachdem die Anpassung durchgefuehrt wurde sollten zu Sicherheit die Konfigurationsdateien auf Richtigkeit geprueft werden: +1. Pruefe die Konfiguration der 'Master'-Datei: `named-checkconf /etc/bind/named.conf`. Keine Ausgabe bedeutet: Alles gut! +2. Pruefe die Zonendatei mit: `named-checkzone vhs-bayern.de /etc/bind/db.de.vhs-bayern`: +```sh +root@ns2:/etc/bind# named-checkzone vhs-bayern.de db.de.vhs-bayern +zone vhs-bayern.de/IN: loaded serial 2024121702 +OK +``` +Der Befehl zeigt auch die aktuelle Seriennummer der Zone an! +3. Sofern es bei den zwei vorherigen Schritten keine Fehlermeldungen gab, kann der `named`-Dienst neugestartet werden mit: `systemctl restart named` +4. Pruefe noch den Status den `named`-Dienstes mit `systemctl status named`. Wenn es keine Fehler gibt sollte der neu hinzugefuegt Eintrag funktionieren. \ No newline at end of file diff --git a/projects/discopharma/20250317-finishing-meeting.md b/projects/discopharma/20250317-finishing-meeting.md deleted file mode 100644 index 0b05edb..0000000 --- a/projects/discopharma/20250317-finishing-meeting.md +++ /dev/null @@ -1,11 +0,0 @@ - -## To do's: - -- Cloud SQL dump load and user mgmt (Miloš) -- Docker licensing (Lukas) -- backup procedure for MB application db (Petar) -- Documentation/ manual (Petar) - - For example, - - how deployment works, - - what docker image to select - - how the routing in the reverse proxy is done \ No newline at end of file diff --git a/projects/discopharma/20250320-manual-project.md b/projects/discopharma/20250320-manual-project.md new file mode 100644 index 0000000..ff39035 --- /dev/null +++ b/projects/discopharma/20250320-manual-project.md @@ -0,0 +1,300 @@ +--- +title: "Metabase - Setup Manual" +author: Petar Cubela +date: March 20, 2025 +geometry: margin=1.5cm +output: pdf_document +--- + +## Intro + +Setting up a Metabase instance via Docker with a PostgreSQL application database and a secure web connection via https mediated by a public facing reverse proxy (nginx) and commercial TLS/SSL certificates. + +### Goals and Requirements + +### Software + +- Google Cloud Platform (GCP) +- [Debain 12 (OS)](https://www.debian.org/download) +- [Docker (Containerization Platform)](https://docs.docker.com/engine/install/debian/) +- [NGINX (Web Server, Reverse Proxy)](https://docs.nginx.com/) +- [Postgres (as Container)](https://hub.docker.com/_/postgres) +- [Metabase (as Container)](https://hub.docker.com/r/metabase/metabase) + +## VM Specs + +### Metabase Server + +- Name: Metabase Server +- OS: Debian 12 +- hostname: mb-prod +- IP Address: `10.156.0.6/24` +- CPU: 2 core +- RAM: 2 GB (2048 MB) +- Storage: depends (30 GB) +- DNS entry: none +- Note: for every 20 concurrent users: needs 1CPU and 2GB of RAM more + +### Reverse Proxy + +- Name: Reverse Proxy +- OS: Debian 12 +- hostname: rproxy +- IP Address: `10.156.0.7/24` + `` address (only activated in the end) +- CPU: 1 core +- RAM: 1 GB (1024 MB) +- Storage: depends (16 GB) +- DNS entry: metabase.discopharma.de -> `` +- Note: for every concurrent users: needs 1CPU and 2GB of RAM more + + +### Firewall + +I list all necessary communications and respective ports needed: + +Abbreviations: +- Metabse: mb-prod = `10.156.0.6` +- Metabse Dev: mb-dev = `10.156.0.8` +- ReverseProxy: rp = `10.156.0.7` + + +| Source | SourcePort | Destination | DestPort | Description | +| ------------- | ----------------------- | --------------- | ----------------------- | ------------------------------------------------------------------------------- | +| mb-prod | 3306/tcp | db | 3306/tcp | 3306 is the standard mysql port. Communication of mb-prod to db | +| rp | 3000/tcp
3000/udp | mb-prod | 3000/tcp
3000/udp | 3000 is the metabase web port. Reverse Proxy sends request via this port to mb. | +| rp | 3000/tcp
3000/udp | mb-dev | 3000/tcp
3000/udp | 3000 is the metabase web port. Reverse Proxy sends request via this port to mb. | +| OPEN INTERNET | any | PUBLIC IP of rp | 443/tcp | 443 is the https port to communicate to rp over internet | + +### Network Diagram + +![diagram](/files/discopharma/discopharma-infra.drawio.png) + +## Metabase Application Server and Database + +### Administration + +#### Update + +In order to update the metabase containers change to the `~/metabase/` folder (where `compose.yml` file resides) and use the following command: +```bash +docker compose pull && docker compose up -d +``` +Monitor the container logs to see if there are any errors by using the command: +```bash +docker compose logs -f +``` +The `docker compose pull` command searches for images which are specified by a tag in the image variable in the `compose.yml` file: +`image: metabase/metabase:latest` +`latest` is here the tag and can also be changed to a version number which can be extracted from the [docker-hub](https://hub.docker.com/r/metabase/metabase/tags). + +To simplify the process I wrote a simple bash script which updates the container images and removes old container images. The script is in the folder `/home/lukas_discopharma_de/scripts/metabase-update.sh`. +The update has to be done manually. + +#### Backup + +There is a script `/home/lukas_discopharma_de/db-backup.sh` which creates a database dump from the postgres instance running in the container and places the dump into the folder at `/home/lukas_discopharma_de/backup-db` including the current date in the filename. +The scripts runs weekly mondays at 2 a.m. via a cronjob. You should secure the backups/dumps to a secure location. + + +### Development Instance + +Go step-by-step through the installation and setup of a development metabase instance. + +#### 1. Setup VM + +Setup the a new VM with specs as described in the [VM specs](#vm-specs) section. The OS we are using is Debian 12. The private ip address can be chosen as `10.156.0.8` + +#### 2. Update pkgs and install docker and compose + +After Installation of the OS perform a pkg update: +```bash +sudo apt update && sudo apt upgrade -y +``` + +In order to install docker engine we will follow the official [documentation](https://docs.docker.com/engine/install/debian/). +1. Set up Docker's `apt` repository +```bash +# Add Docker's official GPG key: +sudo apt-get update +sudo apt-get install ca-certificates curl +sudo install -m 0755 -d /etc/apt/keyrings +sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc +sudo chmod a+r /etc/apt/keyrings/docker.asc + +# Add the repository to Apt sources: +echo \ + "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ + $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ + sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +sudo apt-get update +``` + +2. Install the Docker packages (which includes docker compose) +```bash +sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin +``` +3. Verify that the installation is successful by running the `hello-world` image +```bash +sudo docker run hello-world +``` + + +It is possible to manage Docker as a non-root user. It the next steps we describe how to achieve this. +We need to create a `docker` group and add to user we wish to use: +1. Create the `docker` group +```bash +sudo groupadd docker +``` +2. Add your user to the `docker` group. +```bash +sudo usermod -aG docker $USER +``` +3. Log out and log back in so that your group membership is re-evaluated +4. Verify that you can run `docker` commands without `sudo` +```bash +docker run hello-world +``` + +#### 3. Create folder and compose file + +After getting Docker Engine to work we can setup the necessary files and folders for the metabase container. +Create a metabase folder for the docker compose files in your home folder: +``` bash +mkdir -p ~/metabase/plugins +``` + +In addition create two files where the database user name and password will be placed: +```bash +touch ~/metabase/{db_user.txt,db_password.txt} +``` + +Create a `compose.yml` file which will be used to spin up the containers: + +```yaml +--- +services: + metabase: + image: metabase/metabase:latest + container_name: mb-dev + hostname: mb-dev + restart: unless-stopped + volumes: + - /dev/urandom:/dev/random:ro + - ./plugins:/plugins + ports: + - 3000:3000 + environment: + JAVA_TIMEZONE: Europe/Berlin + MB_DB_TYPE: postgres + MB_DB_DBNAME: metabase + MB_DB_PORT: 5432 + MB_DB_USER_FILE: /run/secrets/db_user + MB_DB_PASS_FILE: /run/secrets/db_password + MB_DB_HOST: postgres + networks: + - metanet1 + secrets: + - db_password + - db_user + healthcheck: + test: curl --fail -I http://localhost:3000/api/health || exit 1 + interval: 15s + timeout: 5s + retries: 5 + postgres: + image: postgres:latest + container_name: postgres-dev + hostname: postgres-dev + restart: unless-stopped + environment: + POSTGRES_USER_FILE: /run/secrets/db_user + POSTGRES_DB: metabase + POSTGRES_PASSWORD_FILE: /run/secrets/db_password + networks: + - metanet1 + secrets: + - db_password + - db_user +networks: + metanet1: + driver: bridge +secrets: + db_password: + file: db_password.txt + db_user: + file: db_user.txt +``` + +Choose a name for the database user and place it in the `db_user.txt` file, e.g.: +```bash +echo "metabase" > db_user.txt +``` + +and accordingly for the password: +```bash +echo "SecurePass" > db_password.txt +``` + +Change the permissions of the files such that they are read-only for your own user: +```bash +chmod 400 db_*.txt +``` + +#### 4. Pull images and start container + +The pull of the container images and the start of the containers can be simply done by one command. Change the working directory to the metabase folder, +```bash +cd ~/metabase +``` +and execute the command: +```bash +docker compose up -d +``` +During the startup the log files for the containers should be monitored for possible errors by using the command: +```bash +docker compose logs -f +``` + +If you see now errors and if you have the possibility to reach the server you can visit the metabase instance using the URL `http://:3000`. Port 3000 has to be open and you have to be able to reache the server via its private ip address. + +## Reverse Proxy + +The software which is used on the reverse proxy server is called `nginx`. This is a standard common web server/reverse proxy. Its configuration files reside in the folder `/etc/nginx/` and its log files can be found in `/var/logs/nginx/`. +The configuration file which accomplishes the reverse proxying for your metabase instance is `/etc/nginx/sites-available/metabase.conf`: +```conf +server { + listen 80; + listen [::]:80; + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name metabase.discopharma.de; + + ssl_certificate /etc/nginx/ssl/discopharma.de/discopharma_fullchain.cer; + ssl_certificate_key /etc/nginx/ssl/discopharma.de/discopharma_private.key; + + + + if ($ssl_protocol = "") { + return 301 https://$server_name$request_uri; + } + + location / { + proxy_pass http://10.156.0.6:3000; + proxy_set_header HOST $host; + } +} +``` + +In order to reverse proxy traffic to a development instance you can proceed as follows: +1. Create a nginx configuration file for the dev metabase instance by copying the existing config: `cp /etc/nginx/sites-available/metabase.conf /etc/nginx/sites-available/mb-dev.conf` +2. Open the new file using any text editor `nano /etc/nginx/sites-available/mb-dev.conf` and edit the `server_name` and `proxy_pass` variables to reflect your new dev instance, e.g.: `server_name mb-dev.discopharma.de;` (the corresponding dns entry for `mb-dev.discopharma.de` has to point to the public ip of the reverse proxy) and `proxy_pass http::3000;` +3. Create a symbolic link (nignx reads the config files in `sites-enabled`): +```bash +ln -sf /etc/nginx/sites-available/mb-dev.conf /etc/nginx/sites-enabled/ +``` +4. Restart the `nignx` service: `systemctl restart nginx` +5. Setup your google firewall such that the reverse proxy can reach your dev metabase instance via port 3000. +6. Visit `https://mb-dev.discopharma.de`. The homepage should working ssl certificates which are configured in the `nginx` configuration file for mb-dev. + + diff --git a/projects/discopharma/20250310-Next_Steps.md b/projects/discopharma/Meetings/20250310-Next_Steps.md similarity index 100% rename from projects/discopharma/20250310-Next_Steps.md rename to projects/discopharma/Meetings/20250310-Next_Steps.md diff --git a/projects/discopharma/Meetings/20250317-finishing-meeting.md b/projects/discopharma/Meetings/20250317-finishing-meeting.md new file mode 100644 index 0000000..9379f2f --- /dev/null +++ b/projects/discopharma/Meetings/20250317-finishing-meeting.md @@ -0,0 +1,11 @@ + +## To do's: + +- [x] Cloud SQL dump load and user mgmt (Miloš) +- [x] Docker licensing (Lukas) +- [x] backup procedure for MB application db (Petar) +- Documentation/ manual (Petar) + - For example, + - how deployment works, + - what docker image to select + - how the routing in the reverse proxy is done \ No newline at end of file diff --git a/projects/discopharma/Meetings/20250324-meeting_in_prod.md b/projects/discopharma/Meetings/20250324-meeting_in_prod.md new file mode 100644 index 0000000..853c41e --- /dev/null +++ b/projects/discopharma/Meetings/20250324-meeting_in_prod.md @@ -0,0 +1,12 @@ + +## Members + +- Lukas Maas, Petar Cubela + + +## Topics + +- Manual +- Backups of database +- Updates of Container + diff --git a/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md b/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md index 4407d8a..d445e49 100644 --- a/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md +++ b/projects/kwa/firewall_migration/20250318-OPNsense_Migration.md @@ -1,9 +1,21 @@ - +--- +title: "OPNsense - KWA Migration" +author: Petar Cubela +date: March 20, 2025 +geometry: margin=1.5cm +output: pdf_document +--- ## Base Info - Deadline: 03.05 - Anzahl User: 15 +## Termin + +- 11.04, 14.04 - 17.04 (Friday 18.04: Karfreitag); 16.04 Vor-Ort +- 22.04 - 25.04 (Monday 21.04: Ostermontag), 24.04 Vor-Ort + + ## Angebot Liste - Arbeitstunden ausrechnen (40 Stunden) diff --git a/projects/neosphere/qumulus/overview-qumulus_and_comp-nodes.md b/projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md similarity index 100% rename from projects/neosphere/qumulus/overview-qumulus_and_comp-nodes.md rename to projects/neosphere/qumulus/overview-qumulo_and_comp-nodes.md diff --git a/projects/sbx/firewall-std/std-network.md b/projects/sbx/firewall-std/std-network.md new file mode 100644 index 0000000..2c5d045 --- /dev/null +++ b/projects/sbx/firewall-std/std-network.md @@ -0,0 +1,17 @@ +## Interfaces + +- Port1: V50_MGMT: 192.168.50.254/24 +- Port2: WAN: PPPoE or Static + +## VLANs + +| Name | Net | +| ----------------- | ----------------- | +| V10_SERVER | 192.168.10.254/24 | +| V20_CLIENT | 192.168.20.254/24 | +| V30_WLAN_INTERNAL | 192.168.30.254/24 | +| V40_WLAN_GUEST | 192.168.40.254/24 | +| V50_MGMT | 192.168.50.254/24 | +| V60_PRINT | 192.168.60.254/24 | +| V60_PHONE | 192.168.70.254/24 | + diff --git a/projects/sbx/firewall-std/std-tools.md b/projects/sbx/firewall-std/std-tools.md new file mode 100644 index 0000000..b75750d --- /dev/null +++ b/projects/sbx/firewall-std/std-tools.md @@ -0,0 +1,4 @@ + +- mounting rack screws +- label tool +- screw driver \ No newline at end of file diff --git a/projects/sbx/manuals/Sophos-SG_PPPoE-data.md b/projects/sbx/manuals/Sophos-SG_PPPoE-data.md new file mode 100644 index 0000000..c8198f6 --- /dev/null +++ b/projects/sbx/manuals/Sophos-SG_PPPoE-data.md @@ -0,0 +1,19 @@ + +## Configure SSH + +1. Sophos SG Web-UI anmelden +2. Management -> System Settings -> Shell Access: + 1. Setze Passwort fuer den `root` und `loginuser` + 2. Fuege das von dir Netzwerk zu "Erlaubten Netzwerken" hinzu + 3. Erlaube Passwort Authentifizierung +3. Oeffne Putty oder ein Terminal (PowerShell neuer als 2019) und melde dich als `loginuser` an, mit dem zuvor gesetzten Passwort + 1. PowerShell: `ssh loginuser@` +4. Melde dich als `root`-user an, mit dem Befehl `sudo su` und durch Nutzung des `root` Passworts + +## Extract pppoe data + +1. Extrahiere Internetzugangsdaten +```bash +# cat /var/sec/chroot-pppoe/etc/ppp/chap-secrets +"@" * "Passwort" * +``` diff --git a/projects/ssr/202504-4architekten/notes.md b/projects/ssr/202504-4architekten/notes.md new file mode 100644 index 0000000..806c79d --- /dev/null +++ b/projects/ssr/202504-4architekten/notes.md @@ -0,0 +1,2 @@ + +- [php5.6-manual](https://community.localwp.com/t/how-to-run-php-5-6-on-local-v8-and-above/44488) \ No newline at end of file