From 3d665e5e11a0eb79ea17aec8c5b31f7bcbe335cf Mon Sep 17 00:00:00 2001
From: Darren 'Tadgy' Austin <darren@afterdark.org.uk>
Date: Tue, 29 Sep 2020 16:40:13 +0100
Subject: [PATCH] Initial commit.

---
 01-install-base-files                         |  40 ++
 02-system-setup                               | 110 ++++++
 authorized_keys                               |   2 +
 base-files/.gitignore                         | 161 ++++++++
 .../cron.daily/update-slackpkg-template       |   3 +
 base-files/cron.daily/warn-git-status         |   9 +
 base-files/cron.hourly/log-acls               |  24 ++
 base-files/csh.login                          |  45 +++
 base-files/default/syslogd                    |   4 +
 base-files/dialogrc                           |   1 +
 base-files/fail2ban/fail2ban.local            |  75 ++++
 base-files/fail2ban/jail.local                |  61 +++
 base-files/fail2ban/paths-overrides.local     |  25 ++
 base-files/filesystems                        |  15 +
 base-files/hardwareclock                      |   6 +
 base-files/initscript                         |   7 +
 base-files/inittab                            |  63 +++
 base-files/ld.so.conf.d/opt.conf              |   1 +
 base-files/login.defs                         | 287 ++++++++++++++
 base-files/logrotate.conf                     |  25 ++
 base-files/logrotate.d/btmp                   |   6 +
 base-files/logrotate.d/lastlog                |   2 +
 base-files/logrotate.d/ntp                    |   7 +
 base-files/logrotate.d/sulog                  |   3 +
 base-files/logrotate.d/syslog                 |   6 +
 base-files/logrotate.d/wtmp                   |   6 +
 base-files/mail.conf                          |  24 ++
 base-files/motd                               | 101 +++++
 base-files/msmtp/aliases                      |   1 +
 base-files/msmtp/msmtprc                      |  16 +
 base-files/nail.rc                            | 110 ++++++
 base-files/ntp.conf                           |  34 ++
 base-files/profile                            |  52 +++
 base-files/profile.d/biff.csh                 |   1 +
 base-files/profile.d/biff.sh                  |   3 +
 base-files/profile.d/lang.csh                 |  28 ++
 base-files/profile.d/lang.sh                  |  28 ++
 base-files/profile.d/less.csh                 |  10 +
 base-files/profile.d/less.sh                  |  10 +
 base-files/profile.d/optpaths.csh             |  35 ++
 base-files/profile.d/optpaths.sh              |  37 ++
 base-files/resolv.conf                        |   8 +
 base-files/securetty                          |  25 ++
 base-files/skel/.bash_logout                  |  11 +
 base-files/skel/.bash_profile                 |   4 +
 base-files/skel/.bashrc                       |   1 +
 base-files/slackpkg/blacklist                 |  45 +++
 base-files/slackpkg/mirrors                   | 360 ++++++++++++++++++
 base-files/slackpkg/slackpkg.conf             | 156 ++++++++
 base-files/ssh/ssh_config                     |   5 +
 base-files/ssh/sshd_config                    |  17 +
 base-files/sudoers.d/defaults                 |   2 +
 base-files/sysctl.d/fs.conf                   |   2 +
 base-files/sysctl.d/kernel.conf               |  15 +
 base-files/sysctl.d/vm.conf                   |   3 +
 base-files/syslog.conf                        |  42 ++
 base-files/vnstat.conf                        | 186 +++++++++
 ca-certificates/isrgrootx1.crt                |  31 ++
 .../lets-encrypt-x3-cross-signed.crt          |  27 ++
 ca-certificates/letsencryptauthorityx3.crt    |  32 ++
 memtest86+                                    | Bin 0 -> 150024 bytes
 root.crontab                                  |   5 +
 sample-rc.d/rc.firewall-guests                | 137 +++++++
 sample-rc.d/rc.firewall-hosts                 |  83 ++++
 sample-rc.d/rc.firewall-old                   |  14 +
 sample-rc.d/rc.local                          |  66 ++++
 sample-rc.d/rc.local_shutdown                 |  73 ++++
 sample-rc.d/rc.modules.local                  |  24 ++
 sample-rc.d/rc.proftpd                        | 108 ++++++
 sample-rc.d/rc.rsyncd                         | 105 +++++
 sample-rc.d/rc.tftpd                          | 105 +++++
 utils/check_dependancies                      |  24 ++
 72 files changed, 3200 insertions(+)
 create mode 100755 01-install-base-files
 create mode 100755 02-system-setup
 create mode 100644 authorized_keys
 create mode 100644 base-files/.gitignore
 create mode 100755 base-files/cron.daily/update-slackpkg-template
 create mode 100755 base-files/cron.daily/warn-git-status
 create mode 100755 base-files/cron.hourly/log-acls
 create mode 100644 base-files/csh.login
 create mode 100644 base-files/default/syslogd
 create mode 100644 base-files/dialogrc
 create mode 100644 base-files/fail2ban/fail2ban.local
 create mode 100644 base-files/fail2ban/jail.local
 create mode 100644 base-files/fail2ban/paths-overrides.local
 create mode 100644 base-files/filesystems
 create mode 100644 base-files/hardwareclock
 create mode 100755 base-files/initscript
 create mode 100644 base-files/inittab
 create mode 100644 base-files/ld.so.conf.d/opt.conf
 create mode 100644 base-files/login.defs
 create mode 100644 base-files/logrotate.conf
 create mode 100644 base-files/logrotate.d/btmp
 create mode 100644 base-files/logrotate.d/lastlog
 create mode 100644 base-files/logrotate.d/ntp
 create mode 100644 base-files/logrotate.d/sulog
 create mode 100644 base-files/logrotate.d/syslog
 create mode 100644 base-files/logrotate.d/wtmp
 create mode 100644 base-files/mail.conf
 create mode 100644 base-files/motd
 create mode 100644 base-files/msmtp/aliases
 create mode 100644 base-files/msmtp/msmtprc
 create mode 100644 base-files/nail.rc
 create mode 100644 base-files/ntp.conf
 create mode 100644 base-files/profile
 create mode 100755 base-files/profile.d/biff.csh
 create mode 100755 base-files/profile.d/biff.sh
 create mode 100755 base-files/profile.d/lang.csh
 create mode 100755 base-files/profile.d/lang.sh
 create mode 100755 base-files/profile.d/less.csh
 create mode 100755 base-files/profile.d/less.sh
 create mode 100755 base-files/profile.d/optpaths.csh
 create mode 100755 base-files/profile.d/optpaths.sh
 create mode 100644 base-files/resolv.conf
 create mode 100644 base-files/securetty
 create mode 100644 base-files/skel/.bash_logout
 create mode 100644 base-files/skel/.bash_profile
 create mode 100644 base-files/skel/.bashrc
 create mode 100644 base-files/slackpkg/blacklist
 create mode 100644 base-files/slackpkg/mirrors
 create mode 100644 base-files/slackpkg/slackpkg.conf
 create mode 100644 base-files/ssh/ssh_config
 create mode 100644 base-files/ssh/sshd_config
 create mode 100644 base-files/sudoers.d/defaults
 create mode 100644 base-files/sysctl.d/fs.conf
 create mode 100644 base-files/sysctl.d/kernel.conf
 create mode 100644 base-files/sysctl.d/vm.conf
 create mode 100644 base-files/syslog.conf
 create mode 100644 base-files/vnstat.conf
 create mode 100644 ca-certificates/isrgrootx1.crt
 create mode 100644 ca-certificates/lets-encrypt-x3-cross-signed.crt
 create mode 100644 ca-certificates/letsencryptauthorityx3.crt
 create mode 100644 memtest86+
 create mode 100644 root.crontab
 create mode 100755 sample-rc.d/rc.firewall-guests
 create mode 100755 sample-rc.d/rc.firewall-hosts
 create mode 100755 sample-rc.d/rc.firewall-old
 create mode 100755 sample-rc.d/rc.local
 create mode 100755 sample-rc.d/rc.local_shutdown
 create mode 100755 sample-rc.d/rc.modules.local
 create mode 100755 sample-rc.d/rc.proftpd
 create mode 100755 sample-rc.d/rc.rsyncd
 create mode 100755 sample-rc.d/rc.tftpd
 create mode 100755 utils/check_dependancies

diff --git a/01-install-base-files b/01-install-base-files
new file mode 100755
index 0000000..d1fac5f
--- /dev/null
+++ b/01-install-base-files
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+umask 022
+
+# Install the LetsEncrypt CA bundles, to stop wget moaning.
+cp -R ca-certificates /usr/local/share
+update-ca-certificates
+
+# Install memtest86 into /boot.
+# Only install if /boot exists, so we are container compatible.
+[ -e /boot ] && cp memtest86+ /boot
+
+# Install root's new crontab.
+cat root.crontab >/var/spool/cron/crontabs/root
+/etc/rc.d/rc.crond restart
+
+# Install the /etc files.
+cd base-files
+IFS=$'\n'
+for dir in $(find . -type d | sort | sed -re 's/^\.\///'); do
+  mkdir -p -m 755 /etc/$dir
+done
+for file in $(find . -type f | sort | sed -re 's/^\.\///'); do
+  cat "$file" >"/etc/$file"
+done
+
+# Correct file/directory specific permissions.
+chmod 755 /etc/cron.daily/update-slackpkg-template
+chmod 755 /etc/cron.daily/warn-git-status
+chmod 755 /etc/cron.hourly/log-acls
+chmod 755 /etc/initscript
+chmod 755 /etc/profile.d/biff.csh
+chmod 755 /etc/profile.d/biff.sh
+chmod 755 /etc/profile.d/lang.csh
+chmod 755 /etc/profile.d/lang.sh
+chmod 755 /etc/profile.d/less.csh
+chmod 755 /etc/profile.d/less.sh
+chmod 755 /etc/profile.d/optpaths.csh
+chmod 755 /etc/profile.d/optpaths.sh
+chmod 750 /etc/sudoers.d
diff --git a/02-system-setup b/02-system-setup
new file mode 100755
index 0000000..4924f0c
--- /dev/null
+++ b/02-system-setup
@@ -0,0 +1,110 @@
+#!/bin/bash
+
+# Re-generate root's password for longer hash.
+passwd root
+
+# Make Tadgy's account.
+adduser tadgy
+
+# Move the 'console' group.  I dislike it above 100.
+grep "^console:x:101:" /etc/group >/dev/null && groupmod -g 97 console
+grpconv
+
+# Add group 'admin', and make root and Tadgy a member.
+grep "^admin:" /etc/group >/dev/null || groupadd -g 101 admin
+usermod -aG admin root
+usermod -aG admin tadgy
+
+# Restrict access to 'logger', since it can be used to spam the logs.
+chown root:admin /usr/bin/logger
+chmod 750 /usr/bin/logger
+
+# Copy ssh keys into place for root and tadgy.
+mkdir -p -m 0700 /root/.ssh
+cp authorized_keys /root/.ssh
+mkdir -p -m 0700 /home/tadgy/.ssh
+cp authorized_keys /home/tadgy/.ssh
+chown -R tadgy:users /home/tadgy/.ssh
+
+# Encrypt the databases so they can be checked into git.
+echo "Encrypting /etc/shadow..."
+gpg -c -o /etc/shadow.gpg /etc/shadow
+echo "Encrypting /etc/gshadow..."
+gpg -c -o /etc/gshadow.gpg /etc/gshadow
+
+# Create /opt directories.
+mkdir -p -m 755 {/opt,/opt/{bin,include,info,lib64,man,man/man{0..8},sbin,share}}
+
+# Create log archive directories and move old log files.
+[ ! -d /var/log/Archived/pre-sysconfig ] && {
+  mkdir -p -m 750 /var/log/Archived
+  mkdir -p -m 750 /var/log/Archived/pre-sysconfig
+  mv /var/log/{btmp.*,{cron,debug,maillog,messages,secure,spooler,syslog}{,.*}} /var/log/Archived/pre-sysconfig/ 2>/dev/null
+}
+
+# Stop syslog from producing a "MARK" every 20 minutes.
+# -current 20200626 uses /etc/default now, this is not required.
+# sed -i /etc/rc.d/rc.syslog -r -e '/^#SYSLOGD_OPTIONS/ s/#//' -e '/^SYSLOGD_OPTIONS/ s/"-c "$/"-c -m 0"/'
+
+# Restart syslogd.
+/etc/rc.d/rc.syslog restart
+
+# Restart ntpd.
+[ -x /etc/rc.d/rc.ntpd ] && /etc/rc.d/rc.ntpd restart
+
+# Restart sshd.
+/etc/rc.d/rc.sshd restart
+
+# Keep an su'ers log.
+touch /var/log/sulog
+
+# Keep fail2ban logs.
+touch /var/log/fail2ban
+
+# Add an rc.local_shutdown script if it doesn't exist already.
+[ ! -e /etc/rc.d/rc.local_shutdown ] && {
+  echo "#!/bin/sh" >/etc/rc.d/rc.local_shutdown
+  echo "# /etc/rc.d/rc.local_shutdown - Local system shutdown script." >>/etc/rc.d/rc.local_shutdown
+  echo "# This script will be run when the system is shutdown or rebooted." >>/etc/rc.d/rc.local_shutdown
+  chmod 755 /etc/rc.d/rc.local_shutdown
+}
+
+# To clear all ACLs:
+#  setfacl -Rk /path
+#  setfacl -Rd group:admin: /path
+#  setfacl -Rx mask:: /path
+
+# Secure /var/log
+#  Set standard access perms for directories
+setfacl -m user::rwx,group::rx,other::x /var/log/
+setfacl -m user::rwx,group::rx,other::- /var/log/*/ /var/log/*/*/
+#  Set standard access perms for files
+find /var/log -type f -exec setfacl -Rm user::rw,group::r,other::- {} \;
+#  Allow group 'admin' read access to all directories/files
+setfacl -m group:admin:rX /var/log/ /var/log/*/ /var/log/*/*/
+find /var/log -type f -exec setfacl -m group:admin:r {} \;
+#  Set default access for new files in directories.
+setfacl -dm user::rwX,group::rX,other::- /var/log/ /var/log/*/ /var/log/*/*/
+setfacl -dm group:admin:rX /var/log/  /var/log/*/ /var/log/*/*/
+# /var/log/wtmp needs to be readable by everyone
+setfacl -m user::rw,group::r,other::r /var/log/wtmp
+
+# Secure /root
+#  Set standard access perms for directories
+find /root -type d -exec setfacl -m user::rwx,group::rx,other::- {} \;
+#  Set standard access perms for files
+find /root -type f -exec setfacl -m user::rwX,group::rX,other::- {} \;
+#  Allow group 'admin' read access to all files/dirs
+find /root -type d -exec setfacl -m group:admin:rX {} \;
+find /root -type f -exec setfacl -m group:admin:rX {} \;
+#  Set default access for new files/dirs
+find /root -type d -exec setfacl -dm user::rwX,group::rX,other::- {} \;
+find /root -type d -exec setfacl -dm group:admin:rX {} \;
+
+# Clean up some cruft.
+rm -rf /etc/nntpserver /etc/lilo.conf_example
+rm -rf /usr/{local/games,local/man/cat*,man/cat*} /var/man
+
+# Finally, check for FIXMEs.
+echo "There may be some FIXMEs to attend to:"
+grep -R FIXME /etc | egrep -v "^/etc/(\.git|file|magic|misc)"
diff --git a/authorized_keys b/authorized_keys
new file mode 100644
index 0000000..acb11ca
--- /dev/null
+++ b/authorized_keys
@@ -0,0 +1,2 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICsx4EY4vbDt0TXGZsW9UjOxj+s/mVeytJ7lW5rAu0gS Darren 'Tadgy' Austin <darren@afterdark.org.uk>
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCtsRUCRcju+l1TrfwGQ/PCcXBwN8bTCcmS0PYbdu13XJQ9DijTZsU7m2k8pi2fFU0VG5+C57i4FhkV3J7Ngpu0XDM4CPuoq2agRTEMXZlHu0aO8mEaPBli5oEkx/m1yinL0FapDfxMkeLDp3eHL0Gw2I0G6Kg8j4jl0pz4uYPLrrMbcWgEin+ijUE71lRXXJ2U6whCFBz991XDTkyX9a3CMAKIjYq0qTMyBGWUzHVNVPCXXa1bcK6Jj6jlkW1oowfccof3mDtm5Tef54pFAWS6yYSM+XkmCStknDInKI/fL54LnH6PZxEz2wdRXArMNk80gNyzLbOqEddnaoTaSowTIcXOUyzMrgyf/c2WZp9Ss05kgt6e+sTFqEREt1oslGP8s2rtvhRCyAaQM0X5TutqycLeNbm7duKmb4FuYvRqbi6ECqrUZ5roz5ushrtEvUY74xmo3Wt5/6piDV7VTCLUqNJNcB+rPFLG+LYUS+G1w4HZGXXgIERcHHDdvt4LQm0= Darren 'Tadgy' Austin <darren@afterdark.org.uk>
diff --git a/base-files/.gitignore b/base-files/.gitignore
new file mode 100644
index 0000000..1b0faf7
--- /dev/null
+++ b/base-files/.gitignore
@@ -0,0 +1,161 @@
+# Files which should never be tracked, for security.
+gshadow
+shadow
+ssh/*_key
+
+# Temporary, backup, sample and dist files.
+*.swp
+.pwd.lock
+group-
+gshadow-
+passwd-
+shadow-
+*.example
+*-example
+*_example
+*.sample
+*-sample
+*_sample
+*.dist
+
+# Dynamically created files.
+adjtime
+ca-certificates.conf
+ld.so.cache
+random-seed
+
+# Files that don't need to be tracked.
+DIR_COLORS
+X11/
+bind.keys
+bindresvport.blacklist
+cgconfig.conf
+cgred.conf
+cgrules.conf
+cgsnapshot_blacklist.conf
+cron.daily/certwatch
+cron.daily/logrotate
+cron.daily/man-db
+cron.daily/mlocate
+dbus-1/
+default/cpufreq
+default/crond
+default/kadmind
+default/kpropd
+default/krb5kdc
+default/lxc
+default/sshd
+default/useradd
+dhcpcd.conf
+dnsmasq.conf
+e2scrub.conf
+ethertypes
+fail2ban/*.conf
+fail2ban/action.d/*.conf
+fail2ban/action.d/*.py
+fail2ban/filter.d/ignorecommands
+fail2ban/filter.d/*.conf
+fb.modes
+file/
+host.conf
+hosts.allow
+hosts.deny
+hosts.equiv
+init.d
+inputrc
+iproute2/
+issue
+issue.net
+ld.so.conf
+libnl/
+localtime
+localtime-copied-from
+login.access
+lxc/default.conf
+lynx.cfg
+lynx.lss
+man_db.conf
+mcelog/mcelog.conf
+mcelog/*-trigger
+misc
+mke2fs.conf
+modprobe.d/README
+mtab
+named.conf
+nanorc
+netconfig
+nntpserver
+nsswitch.conf
+ntp.keys
+os-release
+profile.d/coreutils-dircolors.*
+profile.d/gawk.*
+profile.d/glibc.*
+profile.d/man-db.*
+profile.d/z-dot-in-non-root-path.*
+protocols
+!rc.d/init.d/
+rc.d/init.d/README.functions
+rc.d/init.d/functions
+rc.d/rc.0
+rc.d/rc.4
+rc.d/rc.6
+rc.d/rc.K
+rc.d/rc.M
+rc.d/rc.S
+rc.d/rc.bind
+rc.d/rc.cgconfig
+rc.d/rc.cgmanager
+rc.d/rc.cgproxy
+rc.d/rc.cgred
+rc.d/rc.cpufreq
+rc.d/rc.crond
+rc.d/rc.dnsmasq
+rc.d/rc.fail2ban
+rc.d/rc.font
+rc.d/rc.haveged
+rc.d/rc.inet1
+rc.d/rc.inet2
+rc.d/rc.ip_forward
+rc.d/rc.kadmind
+rc.d/rc.kpropd
+rc.d/rc.krb5kdc
+rc.d/rc.libvirt
+rc.d/rc.loop
+rc.d/rc.lxc
+rc.d/rc.mcelog
+rc.d/rc.messagebus
+rc.d/rc.modules
+rc.d/rc.ntpd
+rc.d/rc.qemu-ga
+rc.d/rc.saslauthd
+rc.d/rc.serial
+rc.d/rc.setterm
+rc.d/rc.smartd
+rc.d/rc.sshd
+rc.d/rc.sysstat
+rc.d/rc.sysvinit
+rc.d/rc.udev
+rc.d/rc.vnstat
+rc?.d
+!rc.d/rc?.d/
+request-key.conf
+rmt
+screenrc
+sensors3.conf
+serial.conf
+services
+shells
+skel/.screenrc
+slackware-version
+smartd_warning.sh
+ssh/moduli
+ssl/
+sudoers
+sysstat/
+termcap
+udev/
+updatedb.conf
+vi.exrc
+wgetrc
+xattr.conf
diff --git a/base-files/cron.daily/update-slackpkg-template b/base-files/cron.daily/update-slackpkg-template
new file mode 100755
index 0000000..dbebce9
--- /dev/null
+++ b/base-files/cron.daily/update-slackpkg-template
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+slackpkg -batch=on -default_answer=y generate-template "$HOSTNAME" >/dev/null
diff --git a/base-files/cron.daily/warn-git-status b/base-files/cron.daily/warn-git-status
new file mode 100755
index 0000000..5475ad4
--- /dev/null
+++ b/base-files/cron.daily/warn-git-status
@@ -0,0 +1,9 @@
+#!/bin/bash
+
+source /etc/mail.conf "etc-git" || exit 1
+
+cd /etc
+
+OUTPUT="$(git status | egrep -ve "^(On branch|Your branch|No commits|nothing|$)" -e "\(use")"
+
+[[ ! -z "$OUTPUT" ]] && mailx "${MAILX_ARGS[@]}" -r "$EMAIL_FROM" -s "/etc git status" "${EMAIL_TO[@]}" <<< "$OUTPUT"
diff --git a/base-files/cron.hourly/log-acls b/base-files/cron.hourly/log-acls
new file mode 100755
index 0000000..e5d11c9
--- /dev/null
+++ b/base-files/cron.hourly/log-acls
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# Sleep for a couple of minutes to prevent a race condition with other cron jobs.
+sleep 120
+
+# Secure /var/log
+#  Set standard access perms for directories
+setfacl -m user::rwx,group::rx,other::x /var/log/
+find /var/log/*/ -type d -exec setfacl -m user::rwx,group::rx,other::- {} \;
+#  Set standard access perms for files
+find /var/log -type f -exec setfacl -Rm user::rw,group::r,other::- {} \;
+#  Allow group 'admin' read access to all directories/files
+find /var/log -type d -exec setfacl -m group:admin:rX {} \;
+find /var/log -type f -exec setfacl -m group:admin:r {} \;
+#  Set default access for new files in directories.
+find /var/log -type d -exec setfacl -dm user::rwX,group::rX,other::- {} \;
+find /var/log -type d -exec setfacl -dm group:admin:rX {} \;
+# /var/log/wtmp needs to be readable by everyone
+setfacl -m user::rw,group::r,other::r /var/log/wtmp
+
+# To clear above ACL settings:
+#  setfacl -Rk /path
+#  setfacl -Rx group:admin: /path
+#  setfacl -Rx mask:: /path
diff --git a/base-files/csh.login b/base-files/csh.login
new file mode 100644
index 0000000..02c8c7b
--- /dev/null
+++ b/base-files/csh.login
@@ -0,0 +1,45 @@
+# System wide set up for the csh and tcsh shells.
+
+# The default search path.
+set path = ( /usr/bin /bin /usr/local/bin )
+
+# Add sbin paths for root users.
+if ( { [ "`id -u`" = "0" -o "`id -g`" = "0" ] } ) \
+  set path = ( /usr/sbin /sbin /usr/local/sbin $path )
+
+# Set path to include a user's private bin if it exists.
+if ( -d ~/bin ) set path = ( ~/bin $path )
+
+# Append /usr/games to path if it exists.
+if ( -d /usr/games ) set path = ( $path /usr/games )
+
+# Set a default terminal type if none was detected.
+if ! $?TERM setenv TERM linux
+if ( "$TERM" == "" ) setenv TERM linux
+if ( "$TERM" == "unknown" ) setenv TERM linux
+
+# Use the system inputrc if the user does not have their own.
+if ( ! -r ~/.inputrc ) setenv INPUTRC /etc/inputrc
+
+# Set an empty MANPATH if none exists (this prevents some profile.d scripts from exiting from trying to access an unset variable):
+if ! $?MANPATH setenv MANPATH ""
+
+# Set the HOSTNAME environment variable.
+setenv HOSTNAME "`cat /etc/HOSTNAME`"
+
+# Shell prompt.
+set prompt = "%n@%m:%~%# "
+
+# Use a reasonable create mask.
+umask 022
+
+# Set up any further environment from files in /etc/profile.d/.
+if ( -d /etc/profile.d ) then
+  set nonomatch
+  foreach file ( /etc/profile.d/*.csh )
+    if ( -x $file ) then
+      source $file
+    endif
+  end
+  unset file nonomatch
+endif
diff --git a/base-files/default/syslogd b/base-files/default/syslogd
new file mode 100644
index 0000000..36c0f41
--- /dev/null
+++ b/base-files/default/syslogd
@@ -0,0 +1,4 @@
+# Options for the syslog daemon.
+# Default is "-s" to run in secure mode - not accepting network connections.
+# For other options, see syslog(8).
+SYSLOGD_OPTS="-s -k -m 0"
diff --git a/base-files/dialogrc b/base-files/dialogrc
new file mode 100644
index 0000000..75f17d4
--- /dev/null
+++ b/base-files/dialogrc
@@ -0,0 +1 @@
+# This file is intentionally empty.
diff --git a/base-files/fail2ban/fail2ban.local b/base-files/fail2ban/fail2ban.local
new file mode 100644
index 0000000..a92c9e5
--- /dev/null
+++ b/base-files/fail2ban/fail2ban.local
@@ -0,0 +1,75 @@
+[DEFAULT]
+
+# Option: loglevel
+# Notes.: Set the log level output.
+#         CRITICAL
+#         ERROR
+#         WARNING
+#         NOTICE
+#         INFO
+#         DEBUG
+# Values: [ LEVEL ]  Default: ERROR
+#
+loglevel = INFO
+
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#         Only one log target can be specified.
+#         If you change logtarget from the default value and you are
+#         using logrotate -- also adjust or disable rotation in the
+#         corresponding configuration file
+#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values: [ STDOUT | STDERR | SYSLOG | SYSOUT | FILE ]  Default: STDERR
+#
+logtarget = syslog[facility=LOCAL0]
+
+# Option: syslogsocket
+# Notes: Set the syslog socket file. Only used when logtarget is SYSLOG
+#        auto uses platform.system() to determine predefined paths
+# Values: [ auto | FILE ]  Default: auto
+#syslogsocket = auto
+
+# Option: socket
+# Notes.: Set the socket file. This is used to communicate with the daemon. Do
+#         not remove this file when Fail2ban runs. It will not be possible to
+#         communicate with the server afterwards.
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
+#
+socket = /var/run/fail2ban.sock
+
+# Option: pidfile
+# Notes.: Set the PID file. This is used to store the process ID of the
+#         fail2ban server.
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
+#
+pidfile = /var/run/fail2ban.pid
+
+# Options: dbfile
+# Notes.: Set the file for the fail2ban persistent data to be stored.
+#         A value of ":memory:" means database is only stored in memory 
+#         and data is lost when fail2ban is stopped.
+#         A value of "None" disables the database.
+# Values: [ None :memory: FILE ] Default: /var/lib/fail2ban/fail2ban.sqlite3
+# dbfile = /var/lib/fail2ban/fail2ban.sqlite3
+
+# Options: dbpurgeage
+# Notes.: Sets age at which bans should be purged from the database
+# Values: [ SECONDS ] Default: 86400 (24hours)
+#dbpurgeage = 1d
+
+# Options: dbmaxmatches
+# Notes.: Number of matches stored in database per ticket (resolvable via 
+#         tags <ipmatches>/<ipjailmatches> in actions)
+# Values: [ INT ] Default: 10
+#dbmaxmatches = 10
+
+[Definition]
+
+
+[Thread]
+
+# Options: stacksize
+# Notes.: Specifies the stack size (in KiB) to be used for subsequently created threads,
+#         and must be 0 or a positive integer value of at least 32.
+# Values: [ SIZE ] Default: 0 (use platform or configured default)
+#stacksize = 0
diff --git a/base-files/fail2ban/jail.local b/base-files/fail2ban/jail.local
new file mode 100644
index 0000000..525abe8
--- /dev/null
+++ b/base-files/fail2ban/jail.local
@@ -0,0 +1,61 @@
+[DEFAULT]
+
+#
+# MISCELLANEOUS OPTIONS
+#
+
+# "ignoreip" can be a list of IP addresses, CIDR masks or DNS hosts. Fail2ban
+# will not ban a host which matches an address in this list. Several addresses
+# can be defined using space (and/or comma) separator.
+ignoreip = 127.0.0.1/8 91.109.244.0/24 ::1 2a02:2498:1:227::/64 afterdark.org.uk
+
+# "bantime" is the number of seconds that a host is banned.
+bantime  = 12h
+
+# A host is banned if it has generated "maxretry" during the last "findtime"
+# seconds.
+findtime  = 2h
+
+# "maxretry" is the number of failures before a host get banned.
+maxretry = 3
+
+# "usedns" specifies if jails should trust hostnames in logs,
+#   warn when DNS lookups are performed, or ignore all hostnames in logs
+#
+# yes:   if a hostname is encountered, a DNS lookup will be performed.
+# warn:  if a hostname is encountered, a DNS lookup will be performed,
+#        but it will be logged as a warning.
+# no:    if a hostname is encountered, will not be used for banning,
+#        but it will be logged as info.
+# raw:   use raw value (no hostname), allow use it for no-host filters/actions (example user)
+usedns = warn
+
+#
+# ACTIONS
+#
+
+# Some options used for actions
+
+# Destination email address used solely for the interpolations in
+# jail.{conf,local,d/*} configuration files.
+destemail = root@localhost
+
+# Sender email address used solely for some actions
+sender = root@<fq-hostname>
+
+#
+# JAILS
+#
+
+[sshd]
+
+# To use more aggressive sshd modes set filter parameter "mode" in jail.local:
+# normal (default), ddos, extra or aggressive (combines all).
+# See "tests/files/logs/sshd" or "filter.d/sshd.conf" for usage example and details.
+#mode   = normal
+enabled	= yes
+port = 9922
+
+#[apache-auth]
+#enabled	= yes
+#
diff --git a/base-files/fail2ban/paths-overrides.local b/base-files/fail2ban/paths-overrides.local
new file mode 100644
index 0000000..4c91b09
--- /dev/null
+++ b/base-files/fail2ban/paths-overrides.local
@@ -0,0 +1,25 @@
+[DEFAULT]
+
+syslog_mail = /var/log/smtpd
+
+syslog_mail_warn = /var/log/smtpd
+
+syslog_authpriv = /var/log/messages
+
+syslog_auth = /var/log/messages
+
+syslog_user  =  /var/log/messages
+
+syslog_ftp = /var/log/ftpd
+
+syslog_daemon =  /var/log/messages
+
+syslog_local0 =  /var/log/messages
+
+apache_error_log = /var/log/httpd/*error.log
+
+apache_access_log = /var/log/httpd/*access.log
+
+# Default for Slackware provided below,
+# please change according to your proftpd config file.
+proftpd_log = /var/log/ftpd
diff --git a/base-files/filesystems b/base-files/filesystems
new file mode 100644
index 0000000..6de0d73
--- /dev/null
+++ b/base-files/filesystems
@@ -0,0 +1,15 @@
+ext4
+ext3
+ext2
+iso9660
+vfat
+ntfs
+msdos
+reiserfs
+btrfs
+jfs
+xfs
+romfs
+udf
+minix
+*
diff --git a/base-files/hardwareclock b/base-files/hardwareclock
new file mode 100644
index 0000000..d9c2e5c
--- /dev/null
+++ b/base-files/hardwareclock
@@ -0,0 +1,6 @@
+# /etc/hardwareclock
+#
+# Tells how the hardware clock time is stored.
+# You should run timeconfig to edit this file.
+
+UTC
diff --git a/base-files/initscript b/base-files/initscript
new file mode 100755
index 0000000..b78d2a7
--- /dev/null
+++ b/base-files/initscript
@@ -0,0 +1,7 @@
+PATH="/opt/sbin:/usr/local/sbin:/usr/sbin:/sbin:/opt/bin:/usr/local/bin:/usr/bin:/bin"
+PERL5LIB="/opt/lib64/perl5:/opt/lib64/perl5/site_perl"
+PYTHONPATH="/opt/lib64/python2.7/site-packages"
+
+export PATH PERL5LIB PYTHONPATH
+
+eval exec "$4"
diff --git a/base-files/inittab b/base-files/inittab
new file mode 100644
index 0000000..e7b1ed7
--- /dev/null
+++ b/base-files/inittab
@@ -0,0 +1,63 @@
+# These are the default runlevels in Slackware:
+#   0 = halt
+#   1 = single user mode
+#   2 = unused (but configured the same as runlevel 3)
+#   3 = multiuser mode (default Slackware runlevel)
+#   4 = X11 with KDM/GDM/XDM (session managers)
+#   5 = unused (but configured the same as runlevel 3)
+#   6 = reboot
+
+# Default runlevel.  Do not set to 0 or 6.
+id:3:initdefault:
+
+# System initialization (runs when system boots).
+si:S:sysinit:/etc/rc.d/rc.S
+
+# Script to run when going single user (runlevel 1).
+su:1S:wait:/etc/rc.d/rc.K
+
+# Script to run when going multi user.
+rc:2345:wait:/etc/rc.d/rc.M
+
+# What to do at the "Three Finger Salute".
+ca::ctrlaltdel:/sbin/shutdown -t5 -r now
+
+# Runlevel 0 halts the system.
+l0:0:wait:/etc/rc.d/rc.0
+
+# Runlevel 6 reboots the system.
+l6:6:wait:/etc/rc.d/rc.6
+
+# What to do when power fails.
+pf::powerfail:/sbin/genpowerfail start
+# FIXME: If running in a LXC container, use this.
+# pf::powerfail:/sbin/shutdown -h now
+
+# If power is back, cancel the running shutdown.
+pg::powerokwait:/sbin/genpowerfail stop
+# FIXME: If running in a LXC container, use this.
+# pg::powerokwait:/sbin/shutdown -c
+
+# These are the standard console login getties in multiuser mode.
+c1:12345:respawn:/sbin/agetty --noclear 38400 tty1 linux
+c2:12345:respawn:/sbin/agetty 38400 tty2 linux
+#c3:12345:respawn:/sbin/agetty 38400 tty3 linux
+#c4:12345:respawn:/sbin/agetty 38400 tty4 linux
+#c5:12345:respawn:/sbin/agetty 38400 tty5 linux
+#c6:12345:respawn:/sbin/agetty 38400 tty6 linux
+#c7:12345:respawn:/sbin/agetty 38400 tty7 linux
+#c8:12345:respawn:/sbin/agetty 38400 tty8 linux
+#c9:12345:respawn:/sbin/agetty 38400 tty9 linux
+#c10:12345:respawn:/sbin/agetty 38400 tty10 linux
+
+# Local serial lines.
+#s1:12345:respawn:/sbin/agetty -L ttyS0 9600 vt100
+#s2:12345:respawn:/sbin/agetty -L ttyS1 9600 vt100
+
+# Dialup lines.
+#d1:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS0 vt100
+#d2:12345:respawn:/sbin/agetty -mt60 38400,19200,9600,2400,1200 ttyS1 vt100
+
+# Runlevel 4 also starts /etc/rc.d/rc.4 to run a display manager for X.
+# Display managers are preferred in this order:  gdm, kdm, xdm.
+x1:4:respawn:/etc/rc.d/rc.4
diff --git a/base-files/ld.so.conf.d/opt.conf b/base-files/ld.so.conf.d/opt.conf
new file mode 100644
index 0000000..6cb323f
--- /dev/null
+++ b/base-files/ld.so.conf.d/opt.conf
@@ -0,0 +1 @@
+/opt/lib64
diff --git a/base-files/login.defs b/base-files/login.defs
new file mode 100644
index 0000000..6975138
--- /dev/null
+++ b/base-files/login.defs
@@ -0,0 +1,287 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+#	$Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY		1
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB	yes
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS		no
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB		yes
+SYSLOG_SG_ENAB		yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names.  Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE		/etc/securetty
+#CONSOLE	console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+SULOG_FILE	/var/log/sulog
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100  tty01".
+#
+#TTYTYPE_FILE	/etc/ttytype
+
+#
+# If defined, the command name to display when running "su -".  For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su".  If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME		su
+
+#
+# *REQUIRED*
+#   Directory where mailboxes reside, _or_ name of file, relative to the
+#   home directory.  If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR	/var/spool/mail
+#MAIL_FILE	.mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence.  If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file.  If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE	.hushlogin
+#HUSHLOGIN_FILE	/etc/hushlogins
+
+#
+# *REQUIRED*  The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH     PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH       PATH=/usr/local/bin:/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+#	TTYGROUP	Login tty will be assigned this group ownership.
+#	TTYPERM		Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP	tty
+TTYPERM		0620
+
+#
+# Login configuration initializations:
+#
+#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR	0177
+KILLCHAR	025
+
+#
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK           022
+
+#
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+#HOME_MODE      0700
+
+#
+# Password aging controls:
+#
+#	PASS_MAX_DAYS	Maximum number of days a password may be used.
+#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+#	PASS_WARN_AGE	Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS	99999
+PASS_MIN_DAYS	0
+PASS_WARN_AGE	7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN			 1000
+UID_MAX			60000
+# System accounts
+SYS_UID_MIN		  101
+SYS_UID_MAX		  999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN			 1000
+GID_MAX			60000
+# System accounts
+SYS_GID_MIN		  101
+SYS_GID_MAX		  999
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES		5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT		60
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone).  If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+# 
+CHFN_RESTRICT		rwh
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm.  Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB	no
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+ENCRYPT_METHOD SHA512
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 13
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting).  Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# Most of these groups are self-explanatory, but in the case of
+# "lp", it is because group lp is needed to use a scanner that
+# is part of a multifunction printer.
+#
+# Note that users are added to these default groups only when
+# logging into a shell with /bin/login, not when using a login
+# manager such as kdm.  In that case, users who should have
+# hardware access must be added to the appropriate groups
+# when the user is added with adduser or useradd, or by editing
+# /etc/group directly, preferably using "vigr"
+#
+CONSOLE_GROUPS         floppy:audio:cdrom:video:lp:scanner
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME	yes
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD	/usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP	0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+#CREATE_HOME     yes
+
diff --git a/base-files/logrotate.conf b/base-files/logrotate.conf
new file mode 100644
index 0000000..bca22a5
--- /dev/null
+++ b/base-files/logrotate.conf
@@ -0,0 +1,25 @@
+# Rotate log files on a monthly basis.
+monthly
+
+# Name files based upon the year/month they are rotated.
+dateext
+dateformat -%Y-%m
+dateyesterday
+
+# Compress rotated logs.
+compress
+
+# Keep 5 years of old logs (just to be sure).
+rotate 60
+
+# Move rotated logs to this directory.
+olddir /var/log/Archived
+
+# After rotating, create new (empty) files with the same owner/perms.
+create
+
+# E-mail logs which are about to be deleted to this address.
+# mail root@example.com
+
+# Read log specific configurations.
+include /etc/logrotate.d
diff --git a/base-files/logrotate.d/btmp b/base-files/logrotate.d/btmp
new file mode 100644
index 0000000..1eb67ae
--- /dev/null
+++ b/base-files/logrotate.d/btmp
@@ -0,0 +1,6 @@
+# The btmp login failure records are not rotated by default.
+# Uncomment the lines below to enable rotation of btmp.
+
+# /var/log/btmp {
+#	# No specific options.
+# }
diff --git a/base-files/logrotate.d/lastlog b/base-files/logrotate.d/lastlog
new file mode 100644
index 0000000..72d09f9
--- /dev/null
+++ b/base-files/logrotate.d/lastlog
@@ -0,0 +1,2 @@
+# This file is for information only.
+# /var/log/lastlog should not be rotated as it is a database, not a log file.
diff --git a/base-files/logrotate.d/ntp b/base-files/logrotate.d/ntp
new file mode 100644
index 0000000..22965c9
--- /dev/null
+++ b/base-files/logrotate.d/ntp
@@ -0,0 +1,7 @@
+/var/log/ntp {
+	notifempty
+	missingok
+	postrotate
+		[ -x /etc/rc.d/rc.ntpd ] && /etc/rc.d/rc.ntpd restart || true
+	endscript
+}
diff --git a/base-files/logrotate.d/sulog b/base-files/logrotate.d/sulog
new file mode 100644
index 0000000..4af6449
--- /dev/null
+++ b/base-files/logrotate.d/sulog
@@ -0,0 +1,3 @@
+/var/log/sulog {
+	# No specific options.
+}
diff --git a/base-files/logrotate.d/syslog b/base-files/logrotate.d/syslog
new file mode 100644
index 0000000..cfb748b
--- /dev/null
+++ b/base-files/logrotate.d/syslog
@@ -0,0 +1,6 @@
+/var/log/messages /var/log/fail2ban {
+	sharedscripts
+	postrotate
+		/bin/kill -HUP $(cat /var/run/syslogd.pid) >/dev/null 2>&1 || true
+	endscript
+}
diff --git a/base-files/logrotate.d/wtmp b/base-files/logrotate.d/wtmp
new file mode 100644
index 0000000..5a56ad7
--- /dev/null
+++ b/base-files/logrotate.d/wtmp
@@ -0,0 +1,6 @@
+# The wtmp login records are not rotated by default.
+# Uncomment the lines below to enable rotation of wtmp.
+
+# /var/log/wtmp {
+#	# No specific options.
+# }
diff --git a/base-files/mail.conf b/base-files/mail.conf
new file mode 100644
index 0000000..c3bc0f7
--- /dev/null
+++ b/base-files/mail.conf
@@ -0,0 +1,24 @@
+# This file is sourced by various scripts that need to send emails.
+
+case "${HOSTNAME#*.}" in
+  slackware.uk)
+    EMAIL_DOMAIN="slackware.uk"
+    ;;
+  *)
+    EMAIL_DOMAIN="opensourcerers.uk"
+    ;;
+esac
+
+EMAIL_FROM="${HOSTNAME%%.*} <noreply@$EMAIL_DOMAIN>"
+
+case "$1" in
+  sbosrcarch)
+    EMAIL_TO=("Systems Administrator <sysadmin@$EMAIL_DOMAIN>")
+    MAILX_ARGS=("-c" "Urchlay <yalhcru@gmail.com>")
+    ;;
+  *)
+    EMAIL_TO=("Systems Administrator <sysadmin@$EMAIL_DOMAIN>")
+    ;;
+esac
+
+true
diff --git a/base-files/motd b/base-files/motd
new file mode 100644
index 0000000..44f7557
--- /dev/null
+++ b/base-files/motd
@@ -0,0 +1,101 @@
+# FIXME: choose correct motd banner.
+ ____                    _
+| __ )   ___  _ __    __| |  ___  _ __
+|  _ \  / _ \| '_ \  / _` | / _ \| '__|
+| |_) ||  __/| | | || (_| ||  __/| |
+|____/  \___||_| |_| \__,_| \___||_|
+
+ _____
+|  ___|_ __  _   _
+| |_  | '__|| | | |
+|  _| | |   | |_| |
+|_|   |_|    \__, |
+             |___/
+
+ _                 _
+| |     ___   ___ | |  __ _
+| |    / _ \ / _ \| | / _` |
+| |___|  __/|  __/| || (_| |
+|_____|\___| \___||_| \__,_|
+
+    _
+   / \    _ __ ___   _   _
+  / _ \  | '_ ` _ \ | | | |
+ / ___ \ | | | | | || |_| |
+/_/   \_\|_| |_| |_| \__, |
+                     |___/
+
+ ____                __
+|  _ \  _ __  ___   / _|  ___  ___  ___   ___   _ __
+| |_) || '__|/ _ \ | |_  / _ \/ __|/ __| / _ \ | '__|
+|  __/ | |  | (_) ||  _||  __/\__ \\__ \| (_) || |
+|_|    |_|   \___/ |_|   \___||___/|___/ \___/ |_|
+
+ _____       _      _  _
+|__  / ___  (_)  __| || |__    ___  _ __  __ _
+  / / / _ \ | | / _` || '_ \  / _ \| '__|/ _` |
+ / /_| (_) || || (_| || |_) ||  __/| |  | (_| |
+/____|\___/ |_| \__,_||_.__/  \___||_|   \__, |
+                                         |___/
+
+ _   _
+| | | |  ___  _ __  _ __ ___    ___  ___
+| |_| | / _ \| '__|| '_ ` _ \  / _ \/ __|
+|  _  ||  __/| |   | | | | | ||  __/\__ \
+|_| |_| \___||_|   |_| |_| |_| \___||___/
+
+ _____
+|__  / __ _  _ __   _ __
+  / / / _` || '_ \ | '_ \
+ / /_| (_| || |_) || |_) |
+/____|\__,_|| .__/ | .__/
+            |_|    |_|
+
+ _  __ _   __
+| |/ /(_) / _|
+| ' / | || |_
+| . \ | ||  _|
+|_|\_\|_||_|
+
+ _   _  _  _      _      _
+| \ | |(_)| |__  | |__  | |  ___  _ __
+|  \| || || '_ \ | '_ \ | | / _ \| '__|
+| |\  || || |_) || |_) || ||  __/| |
+|_| \_||_||_.__/ |_.__/ |_| \___||_|
+
+ ____                       __   __
+/ ___|   ___  _ __  _   _  / _| / _| _   _
+\___ \  / __|| '__|| | | || |_ | |_ | | | |
+ ___) || (__ | |   | |_| ||  _||  _|| |_| |
+|____/  \___||_|    \__,_||_|  |_|   \__, |
+                                     |___/
+
+            _                 _
+       __    |``: __    ___.   |  ,  __    __  __    _     ___
+      (__`   |``  __)  /   `   |.(    |    |   __)    |'` /___)
+  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
+  |
+  |__________________________________________________  | |  |_/
+                                                       \_/  | \
+            _                 _
+       __    |``: __    ___.   |  ,  __    __  __    _     ___
+      (__`   |``  __)  /   `   |.(    |    |   __)    |'` /___)
+  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
+  |                                     _ _ _ _  _   _   _   _
+  |___________________________________  |V|  |  |_) |_) / \ |_)
+                                        | | _|_ | \ | \ \_/ | \
+            _                 _
+       __    |``: __    ___.   |  ,  __    __  __    _     ___
+      (__`   |``  __)  /   `   |.(    |    |   __)    |'` /___)
+  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
+  |                                  __  __  __  _   _   _
+  |_______________________________  (_  |_  |_  | \ |_) / \ \_/
+                                    __} |__ |__ |_/ |_) \_/ / \
+            _                 _
+       __    |``: __    ___.   |  ,  __    __  __    _     ___
+      (__`   |``  __)  /   `   |.(    |    |   __)    |'` /___)
+  |   .__)  _|_  (__|_ '.__.  _|  \_  \_/\_/  (__|_  _|_  '.__.
+  |                                       _   _   _          _
+  |____________________________________  |_) /_\ /  |_/ | | |_)
+                                         |_) | | \_ | \ \_/ |
+
diff --git a/base-files/msmtp/aliases b/base-files/msmtp/aliases
new file mode 100644
index 0000000..a238c8f
--- /dev/null
+++ b/base-files/msmtp/aliases
@@ -0,0 +1 @@
+default:	sysadmin@opensourcerers.uk
diff --git a/base-files/msmtp/msmtprc b/base-files/msmtp/msmtprc
new file mode 100644
index 0000000..f90f118
--- /dev/null
+++ b/base-files/msmtp/msmtprc
@@ -0,0 +1,16 @@
+account default
+host mail.opensourcerers.net
+timeout 300
+# FIXME: Set domain
+domain host.opensourcerers.net
+# FIXME: Enable TLS.
+# tls on
+# tls_starttls on
+# tls_trust_file /path/to/ca-certificate.pem
+# tls_cert_file /path/to/server-certificate.pem
+# tls_key_file /path/to/server-key.pem
+# tls_certcheck on
+auto_from on
+maildomain opensourcerers.uk
+syslog LOG_MAIL
+aliases /etc/msmtp/aliases
diff --git a/base-files/nail.rc b/base-files/nail.rc
new file mode 100644
index 0000000..c366df2
--- /dev/null
+++ b/base-files/nail.rc
@@ -0,0 +1,110 @@
+# Configuration file for Mailx (formerly "nail").
+# See mailx(1) for further options.
+
+# Do not move messages from the system mailbox to a local mbox.
+set hold
+
+# Messages will be appended (rather than prepended) to mboxes.
+# This should usually always be set.
+# This has no effect unless 'hold' is unset again.
+set append
+
+# Always ask for a subject when composing a message interactively.
+set ask
+
+# Assume a CRT-like terminal and invoke a pager.
+set crt
+
+# Messages may be terminated by a dot.
+set dot
+
+# Do not remove empty mail folders in the spool directory.
+# This may be relevant for privacy since other users could
+# otherwise create them with different permissions.
+set keep
+
+# Do not remove empty mail folders.
+set emptybox
+
+# Quote the original message in replies by "> " as usual on the Internet.
+set indentprefix="> "
+
+# Automatically quote the text of the message that is responded to.
+set quote
+
+# Outgoing messages are sent in UTF-8 if possible, otherwise LATIN1.
+set sendcharsets=utf-8,iso-8859-1
+
+# Display sender's real names in header summaries.
+set showname
+
+# Display the recipients of messages sent by the user himself in
+# header summaries.
+set showto
+
+# Automatically check for new messages at each prompt, but avoid polling
+# of IMAP servers or maildir folders.
+set newmail=nopoll
+
+# If threaded mode is activated, automatically collapse thread.
+set autocollapse
+
+# Mark messages that have been answered.
+set markanswered
+
+# Hide some header fields which are uninteresting for most human readers.
+ignore received in-reply-to message-id references
+ignore mime-version content-transfer-encoding
+
+# Only include selected header fields when forwarding messages.
+headerpick forward retain subject date from to cc
+
+# Use a directory named 'mail' in the users homedir to hold mailboxes.
+set folder=mail/
+
+# Keep the comment/name part of email addresses when replying.
+set fullnames
+
+# Use 'less' for paged output.
+set PAGER=/usr/bin/less
+
+# When spawning an editor in compose mode, allow editing of headers.
+set editheaders
+
+# Startup into interactive mode even if the (given) mailbox is empty.
+set emptystart
+
+# Add more entries to the history as is done by default.
+# The latter will cause the built-in editor to save those entries, too.
+set history-gabby all history-gabby-persist
+
+# Try to circumvent false or missing MIME Content-Type descriptions.
+# Do set a value for extended behaviour (see the manual).
+#set mime-counter-evidence
+set mime-counter-evidence=0b1111
+
+# Do not move `save'd or `write'n message to $MBOX by default since this is
+# likely to be irritating for most users today.
+set keepsave
+
+# When replying, do not merge From: and To: of the original message
+# into To:.  Instead old From: -> new To:, old To: -> merge Cc:.
+set recipients-in-cc
+
+# Whether a ‘Mail-Followup-To:’ header is honoured when group-replying.
+set followup-to-honour=ask-yes
+
+# Whether a ‘Reply-To:’ header is honoured when replying.
+set reply-to-honour=ask-yes
+
+# When sending a message, wait until the MTA (including the built-in SMTP one)
+# exits before accepting further commands.  Only with this variable set are 
+# errors reported by the MTA recognised!
+set sendwait
+
+# Only include these selected header fields when printing messages.
+retain date sender from to cc subject message-id mail-followup-to reply-to
+
+# Use an SMTP server rather than 'sendmail' to deliver mail.
+# Set to the IP/Name of an SMTP server which will accept mail from this host.
+# set smtp=mail.example.com
diff --git a/base-files/ntp.conf b/base-files/ntp.conf
new file mode 100644
index 0000000..9674ecc
--- /dev/null
+++ b/base-files/ntp.conf
@@ -0,0 +1,34 @@
+# NTP servers to sync to.
+server 0.pool.ntp.org iburst
+server 1.pool.ntp.org iburst
+server 2.pool.ntp.org iburst
+server 3.pool.ntp.org iburst
+
+# Sync to local clock if no servers are available.
+server 127.127.1.0
+fudge 127.127.1.0 stratum 10
+
+# By default, restrict access to the service.
+restrict -4 default limited nomodify noquery nopeer notrap kod
+restrict -6 default limited nomodify noquery nopeer notrap kod
+
+# Allow localhost to query the service, but nothing else.
+restrict -4 127.0.0.1 limited nomodify nopeer notrap kod
+restrict -6 ::1 limited nomodify nopeer notrap kod
+
+# Allow local networks to sync with us.
+# Edit the network address and mask below, and uncomment.
+# restrict 192.168.1.0 mask 255.255.255.0 limited nomodify nopeer notrap kod
+
+# Where to store the drift calculation.
+driftfile /var/lib/ntp/drift
+
+# Stats should be written here.
+statsdir /var/lib/ntp/stats
+
+# PID file location.
+pidfile /var/run/ntpd.pid
+
+# Disable the ntpdc -c monlist command, which is insecure and can be used
+# to cause a denial of service attack (CVE-2013-5211).
+disable monitor
diff --git a/base-files/profile b/base-files/profile
new file mode 100644
index 0000000..c0560ae
--- /dev/null
+++ b/base-files/profile
@@ -0,0 +1,52 @@
+# System wide environment set up for the ash, bash, ksh and zsh shells.
+
+# The default search path.
+PATH=/usr/bin:/bin:/usr/local/bin
+
+# Add sbin paths for root users.
+[ "$(id -u)" = "0" -o "$(id -g)" = "0" ] && \
+  PATH=/usr/sbin:/sbin:/usr/local/sbin:$PATH
+
+# Set PATH to include a user's private bin if it exists.
+[ -d "~/bin" ] && PATH="~/bin:$PATH"
+
+# Append /usr/games to PATH if it exists.
+[ -d /usr/games ] && PATH=$PATH:/usr/games
+
+# Set a default terminal type if none was detected.
+[ "$TERM" = "" -o "$TERM" = "unknown" ] && TERM=linux
+
+# Use the system inputrc if the user does not have their own.
+[ ! -r ~/.inputrc ] && INPUTRC=/etc/inputrc
+
+# Set the HOSTNAME environment variable.
+HOSTNAME="$(cat /etc/HOSTNAME)"
+
+# Shell prompts.
+PS2='> '
+PS3='#? '
+PS4='+ '
+
+# Custom setup for specific shells.
+if [ -n "$ZSH_VERSION" ]; then  # Zsh
+  PS1='%n@%m:%~%# '
+elif ([ -n "${.sh.version}" ]) 2>/dev/null; then  # Ksh
+  PS1='! ${PWD/#$HOME/~}$ '
+  alias hash='whence'
+elif [ -n "$BASH_VERSION" ]; then  # Bash
+  PS1='\u@\h:\w\$ '
+else  # Anything else
+  PS1='$ '
+fi
+
+# Use a reasonable create mask.
+umask 022
+
+# Set up any further environment from files in /etc/profile.d/.
+for FILE in /etc/profile.d/*.sh; do
+  [ -x $FILE ] && . $FILE
+done
+unset FILE
+
+# Export the environment just set up.
+export PATH TERM INPUTRC MANPATH HOSTNAME PS1 PS2 PS3 PS4
diff --git a/base-files/profile.d/biff.csh b/base-files/profile.d/biff.csh
new file mode 100755
index 0000000..9a84f8b
--- /dev/null
+++ b/base-files/profile.d/biff.csh
@@ -0,0 +1 @@
+if ( -X biff ) biff y
diff --git a/base-files/profile.d/biff.sh b/base-files/profile.d/biff.sh
new file mode 100755
index 0000000..554b2f9
--- /dev/null
+++ b/base-files/profile.d/biff.sh
@@ -0,0 +1,3 @@
+hash biff >/dev/null 2>&1 && {
+  biff y 2>/dev/null
+}
diff --git a/base-files/profile.d/lang.csh b/base-files/profile.d/lang.csh
new file mode 100755
index 0000000..76d6714
--- /dev/null
+++ b/base-files/profile.d/lang.csh
@@ -0,0 +1,28 @@
+#!/bin/csh
+# Set the system locale.  (no, we don't have a menu for this ;-)
+# For a list of locales which are supported by this machine, type:
+#   locale -a
+
+# en_US.UTF-8 is the Slackware default locale.  If you're looking for
+# a different UTF-8 locale, be aware that some of them do not include
+# UTF-8 or utf8 in the name.  To test if a locale is UTF-8, use this
+# command:
+#   LANG=<locale> locale -k charmap
+# UTF-8 locales will include "UTF-8" in the output.
+# If there are problems with certain programs and a UTF-8 locale, you
+# can set LANG=C before starting them.
+if ( "$LANG" == "" ) setenv LANG "en_GB-UTF8"
+
+# 'C' is the old Slackware (and UNIX) default, which is 127-bit
+# ASCII with a charmap setting of ANSI_X3.4-1968.  These days,
+# it's better to use en_US or another modern $LANG setting to
+# support extended character sets.
+# if ( "$LANG" == "" ) setenv LANG "C"
+
+# One side effect of the newer locales is that the sort order
+# is no longer according to ASCII values, so the sort order will
+# change in many places.  Since this isn't usually expected and
+# can break scripts, we'll stick with traditional ASCII sorting.
+# If you'd prefer the sort algorithm that goes with your $LANG
+# setting, comment this out.
+if ( "$LC_COLLATE" == "" ) setenv LC_COLLATE "C"
diff --git a/base-files/profile.d/lang.sh b/base-files/profile.d/lang.sh
new file mode 100755
index 0000000..80b2e09
--- /dev/null
+++ b/base-files/profile.d/lang.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Set the system locale.  (no, we don't have a menu for this ;-)
+# For a list of locales which are supported by this machine, type:
+#   locale -a
+
+# en_US.UTF-8 is the Slackware default locale.  If you're looking for
+# a different UTF-8 locale, be aware that some of them do not include
+# UTF-8 or utf8 in the name.  To test if a locale is UTF-8, use this
+# command:
+#   LANG=<locale> locale -k charmap
+# UTF-8 locales will include "UTF-8" in the output.
+# If there are problems with certain programs and a UTF-8 locale, you
+# can set LANG=C before starting them.
+export LANG="${LANG:-en_GB.UTF-8}"
+
+# 'C' is the old Slackware (and UNIX) default, which is 127-bit
+# ASCII with a charmap setting of ANSI_X3.4-1968.  These days,
+# it's better to use en_US or another modern $LANG setting to
+# support extended character sets.
+# export LANG=${LANG:-C}
+
+# One side effect of the newer locales is that the sort order
+# is no longer according to ASCII values, so the sort order will
+# change in many places.  Since this isn't usually expected and
+# can break scripts, we'll stick with traditional ASCII sorting.
+# If you'd prefer the sort algorithm that goes with your $LANG
+# setting, comment this out.
+export LC_COLLATE="${LC_COLLATE:-C}"
diff --git a/base-files/profile.d/less.csh b/base-files/profile.d/less.csh
new file mode 100755
index 0000000..6e7b8a4
--- /dev/null
+++ b/base-files/profile.d/less.csh
@@ -0,0 +1,10 @@
+if ( -X less ) then
+  # Default options for less.
+  setenv LESS "-M"
+
+  # Pre-process some files for less to display them correctly.
+  setenv LESSOPEN "|lesspipe.sh %s"
+
+  # Use less as the man page viewer.
+  setenv MANPAGER "less -M"
+endif
diff --git a/base-files/profile.d/less.sh b/base-files/profile.d/less.sh
new file mode 100755
index 0000000..6be21c4
--- /dev/null
+++ b/base-files/profile.d/less.sh
@@ -0,0 +1,10 @@
+hash less >/dev/null 2>&1 && {
+  # Default options for less.
+  export LESS="-M"
+
+  # Pre-process some files for less to display them correctly.
+  export LESSOPEN="|lesspipe.sh %s"
+
+  # Use less as the man page viewer.
+  export MANPAGER="less -M"
+}
diff --git a/base-files/profile.d/optpaths.csh b/base-files/profile.d/optpaths.csh
new file mode 100755
index 0000000..a5aae94
--- /dev/null
+++ b/base-files/profile.d/optpaths.csh
@@ -0,0 +1,35 @@
+if ( { [ "`id -u`" = "0" -o "`id -g`" = "0" ] } ) then
+  set path = ( $path /opt/sbin /opt/bin )
+else
+  set path = ( $path /opt/bin )
+endif
+
+if ( ! $?CPATH ) then
+  setenv CPATH "/opt/include"
+else
+  setenv CPATH "/opt/include:$CPATH"
+endif
+
+if ( ! $?INFOPATH ) then
+  setenv INFOPATH "/opt/info"
+else
+  setenv INFOPATH "/opt/info:$INFOPATH"
+endif
+
+if ( ! $?PERL5LIB ) then
+  setenv PERL5LIB "/opt/lib64/perl5:/opt/lib64/perl5/site_perl"
+else
+  setenv PERL5LIB "/opt/lib64/perl5:/opt/lib64/perl5/site_perl:$PERL5LIB"
+endif
+
+if ( ! $?PKG_CONFIG_PATH ) then
+  setenv PKG_CONFIG_PATH "/opt/lib64/pkgconfig:/opt/share/pkgconfig"
+else
+  setenv PKG_CONFIG_PATH "/opt/lib64/pkgconfig:/opt/share/pkgconfig:$PKG_CONFIG_PATH"
+endif
+
+if ( ! $?PYTHONPATH ) then
+  setenv PYTHONPATH "/opt/lib64/python2.7/site-packages"
+else
+  setenv PYTHONPATH "/opt/lib64/python2.7/site-packages:$PYTHONPATH"
+endif
diff --git a/base-files/profile.d/optpaths.sh b/base-files/profile.d/optpaths.sh
new file mode 100755
index 0000000..74095ed
--- /dev/null
+++ b/base-files/profile.d/optpaths.sh
@@ -0,0 +1,37 @@
+if [ "$(id -u)" = "0" -o "$(id -g)" = "0" ]; then
+  PATH="$PATH:/opt/sbin:/opt/bin"
+else
+  PATH="$PATH:/opt/bin"
+fi
+
+if [ ! -n "$CPATH" ]; then
+  CPATH="/opt/include"
+else
+  CPATH="/opt/include:$CPATH"
+fi
+
+if [ ! -n "$INFOPATH" ]; then
+  INFOPATH="/opt/info"
+else
+  INFOPATH="/opt/info:$INFOPATH"
+fi
+
+if [ ! -n "$PERL5LIB" ]; then
+  PERL5LIB="/opt/lib64/perl5:/opt/lib64/perl5/site_perl"
+else
+  PERL5LIB="/opt/lib64/perl5:/opt/lib64/perl5/site_perl:$PERL5LIB"
+fi
+
+if [ ! -n "$PKG_CONFIG_PATH" ]; then
+  PKG_CONFIG_PATH="/opt/lib64/pkgconfig:/opt/share/pkgconfig"
+else
+  PKG_CONFIG_PATH="/opt/lib64/pkgconfig:/opt/share/pkgconfig:$PKG_CONFIG_PATH"
+fi
+
+if [ ! -n "$PYTHONPATH" ]; then
+  PYTHONPATH="/opt/lib64/python2.7/site-packages"
+else
+  PYTHONPATH="/opt/lib64/python2.7/site-packages:$PYTHONPATH"
+fi
+
+export PATH CPATH INFOPATH PERL5LIB PKG_CONFIG_PATH PYTHONPATH
diff --git a/base-files/resolv.conf b/base-files/resolv.conf
new file mode 100644
index 0000000..29a0525
--- /dev/null
+++ b/base-files/resolv.conf
@@ -0,0 +1,8 @@
+options timeout:1 edns0
+search opensourcerers.net
+nameserver 91.109.244.8
+nameserver 2a02:2498:1:227::8
+nameserver 91.109.244.239
+nameserver 2a02:2498:1:227::239
+nameserver 185.176.90.169
+nameserver 2a07:4580:b0d:57f::169
diff --git a/base-files/securetty b/base-files/securetty
new file mode 100644
index 0000000..e3667da
--- /dev/null
+++ b/base-files/securetty
@@ -0,0 +1,25 @@
+# Console tty's:
+console
+tty1
+tty2
+tty3
+tty4
+tty5
+tty6
+tty7
+tty8
+tty9
+tty10
+
+# Pseudo TTYs (not recommended):
+# pts/0
+# pts/1
+# pts/2
+# pts/3
+# pts/4
+# pts/5
+# pts/6
+# pts/7
+# pts/8
+# pts/9
+# pts/10
diff --git a/base-files/skel/.bash_logout b/base-files/skel/.bash_logout
new file mode 100644
index 0000000..fdd2014
--- /dev/null
+++ b/base-files/skel/.bash_logout
@@ -0,0 +1,11 @@
+if (( $SHLVL == 1 )); then
+  if [ -x /usr/bin/clear_console ]; then
+    /usr/bin/clear_console -q
+  elif [ -x /usr/bin/clear ]; then
+    /usr/bin/clear
+  elif [ -x /usr/bin/tput ]; then
+    /usr/bin/tput clear
+  else
+    echo -ne "\E[2J"
+  fi
+fi
diff --git a/base-files/skel/.bash_profile b/base-files/skel/.bash_profile
new file mode 100644
index 0000000..86d2b37
--- /dev/null
+++ b/base-files/skel/.bash_profile
@@ -0,0 +1,4 @@
+# Source the personal bash set up.
+[ -e ~/.bashrc ] && . ~/.bashrc
+
+# Add general environment set up here.
diff --git a/base-files/skel/.bashrc b/base-files/skel/.bashrc
new file mode 100644
index 0000000..a0b3f63
--- /dev/null
+++ b/base-files/skel/.bashrc
@@ -0,0 +1 @@
+# Add bash personalisation set up here.
diff --git a/base-files/slackpkg/blacklist b/base-files/slackpkg/blacklist
new file mode 100644
index 0000000..f418b43
--- /dev/null
+++ b/base-files/slackpkg/blacklist
@@ -0,0 +1,45 @@
+# /etc/slackpkg/blacklist
+#
+# This is a blacklist file. Any packages listed here won't be
+# upgraded, removed, or installed by slackpkg.
+
+# aaa_elflibs should NOT be blacklisted!
+#
+# You can blacklist using regular expressions.
+#
+# Don't use *full* regex here, because all of the following will be checked 
+# for the regex: series, name, version, arch, build, and fullname.
+# When blacklisting packages, you can use extended regex on package names
+# (such as xorg-.* instead of xorg-server, xorg-docs, etc), and a trailing 
+# slash for package series ("n/", "ap/", "xap/", etc).
+#
+# To blacklist *only* the "xorg-server" package, use this:
+# xorg-server
+#
+# To blacklist *all* of the "xorg-server-*" packages, use this:
+# xorg-server.*
+#
+# To blacklist the entire KDE package set, use this:
+# kde/
+#
+# You will need to escape any special characters that are present in the
+# package name. For example, to blacklist the gcc-g++ package, use this:
+# gcc-g\+\+
+#
+# DON'T put any space(s) before or after the package name or regex.
+
+# Automated upgrade of kernel packages may not be wanted in some situations;
+# uncomment the lines below if that fits your circumstances:
+kernel-generic
+kernel-huge
+kernel-modules
+kernel-source
+
+# This one will blacklist all SBo packages:
+[0-9]+_SBo
+
+# This will blacklist Robby's testing packages:
+[0-9]+_rlw
+
+# This will blacklist Tadgy's custom packages:
+[0-9]+_tadgy
diff --git a/base-files/slackpkg/mirrors b/base-files/slackpkg/mirrors
new file mode 100644
index 0000000..ad8dccc
--- /dev/null
+++ b/base-files/slackpkg/mirrors
@@ -0,0 +1,360 @@
+# mirrors - List of Slackware Linux mirrors.
+#
+# SlackPkg - An Automated packaging tool for Slackware Linux
+# Copyright (C) 2003-2011 Roberto F. Batista, Evaldo Gardenali
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Project Page: http://slackpkg.org/
+# Roberto F. Batista (aka PiterPunk) piterpunk@slackware.com
+# Evaldo Gardenali (aka UdontKnow) evaldogardenali@fasternet.com.br
+#
+# END OF LEGAL NOTICE
+#
+#
+# You only need to select one mirror and uncomment it.
+# ONLY ONE mirror can be uncommented.
+#
+# You can use a mirror not included in this file.  Many people have mirrors
+# in their local networks.  A list of all official Slackware mirrors
+# (not version-specific, so some mirrors may not have all files) is here:
+# https://mirrors.slackware.com/mirrorlist/
+#
+# Slackpkg only needs to point to the directory that contains
+# "ChangeLog.txt", and don't forget the trailing slash.
+#
+#----------------------------------------------------------------
+# Local CD/DVD drive
+#----------------------------------------------------------------
+# cdrom://media/cdrom/
+#
+#----------------------------------------------------------------
+# Local Directory
+#----------------------------------------------------------------
+# file://path/to/some/directory/
+#
+#----------------------------------------------------------------
+# Slackware64-14.2
+#----------------------------------------------------------------
+# USE MIRRORS.SLACKWARE.COM (DO NOT USE FTP - ONLY HTTP FINDS A NEARBY MIRROR)
+# https://mirrors.slackware.com/slackware/slackware64-14.2/
+#
+#
+# Here are some individual mirrors that can be used instead of the
+# redirector at mirrors.slackware.com if necessary ; note that this
+# list is not guaranteed to be up-to-date
+#
+# AUSTRALIA (AU)
+# ftp://ftp.cc.swin.edu.au/slackware/slackware64-14.2/
+# http://ftp.cc.swin.edu.au/slackware/slackware64-14.2/
+# ftp://ftp.iinet.net.au/pub/slackware/slackware64-14.2/
+# http://ftp.iinet.net.au/pub/slackware/slackware64-14.2/
+# ftp://mirror.as24220.net/pub/slackware/slackware64-14.2/
+# http://mirror.as24220.net/pub/slackware/slackware64-14.2/
+# ftp://mirror.internode.on.net/.pub2/slackware/slackware64-14.2/
+# http://mirror.internode.on.net/pub/slackware/slackware64-14.2/
+# AUSTRIA (AT)
+# http://gd.tuwien.ac.at/opsys/linux/freesoftware.com/slackware64-14.2/
+# BELARUS (BY)
+# ftp://mirror.datacenter.by/pub/slackware/slackware64-14.2/
+# http://mirror.datacenter.by/pub/slackware/slackware64-14.2/
+# BRAZIL (BR)
+# ftp://ftp.slackware-brasil.com.br/slackware64-14.2/
+# http://ftp.slackware-brasil.com.br/slackware64-14.2/
+# BULGARIA (BG)
+# ftp://mirrors.unixsol.org/slackware/slackware64-14.2/
+# http://mirrors.unixsol.org/slackware/slackware64-14.2/
+# CANADA (CA)
+# ftp://mirror.csclub.uwaterloo.ca/slackware/slackware64-14.2/
+# http://mirror.csclub.uwaterloo.ca/slackware/slackware64-14.2/
+# ftp://mirror.its.dal.ca/slackware/slackware64-14.2/
+# http://mirror.its.dal.ca/slackware/slackware64-14.2/
+# CHINA (CN)
+# http://mirrors.163.com/slackware/slackware64-14.2/
+# http://mirrors.ustc.edu.cn/slackware/slackware64-14.2/
+# COSTA RICA (CR)
+# ftp://mirrors.ucr.ac.cr/slackware/pub/slackware/slackware64-14.2/
+# http://mirrors.ucr.ac.cr/slackware/pub/slackware/slackware64-14.2/
+# CZECH REPUBLIC (CZ)
+# ftp://odysseus.linux.cz/pub/linux/slackware/slackware64-14.2/
+# http://odysseus.linux.cz/pub/linux/slackware/slackware64-14.2/
+# DENMARK (DK)
+# ftp://mirrors.dotsrc.org/slackware/slackware64-14.2/
+# https://mirrors.dotsrc.org/slackware/slackware64-14.2/
+# FINLAND (FI)
+# ftp://elektroni.phys.tut.fi/slackware64-14.2/
+# FRANCE (FR)
+# ftp://nephtys.lip6.fr/pub/linux/distributions/slackware/slackware64-14.2/
+# http://nephtys.lip6.fr/pub/linux/distributions/slackware/slackware64-14.2/
+# GERMANY (DE)
+# ftp://ftp.gwdg.de/pub/linux/slackware/slackware64-14.2/
+# http://ftp.gwdg.de/pub/linux/slackware/slackware64-14.2/
+# ftp://ftp.tu-chemnitz.de/pub/linux/slackware/slackware64-14.2/
+# http://ftp.tu-chemnitz.de/pub/linux/slackware/slackware64-14.2/
+# ftp://sunsite.informatik.rwth-aachen.de/pub/comp/Linux/slackware/slackware64-14.2/
+# http://sunsite.informatik.rwth-aachen.de/ftp/pub/comp/Linux/slackware/slackware64-14.2/
+# GREECE (GR)
+# ftp://ftp.cc.uoc.gr/mirrors/linux/slackware/slackware64-14.2/
+# http://ftp.cc.uoc.gr/mirrors/linux/slackware/slackware64-14.2/
+# ftp://ftp.otenet.gr/pub/linux/slackware/slackware64-14.2/
+# http://ftp.otenet.gr/linux/slackware/slackware64-14.2/
+# ftp://patroklos.noc.ntua.gr/pub/linux/slackware/slackware64-14.2/
+# http://patroklos.noc.ntua.gr/pub/linux/slackware/slackware64-14.2/
+# INDONESIA (ID)
+# http://kambing.ui.ac.id/slackware/slackware64-14.2/
+# https://repo.ukdw.ac.id/slackware/slackware64-14.2/
+# IRELAND (IE)
+# ftp://ftp.heanet.ie/mirrors/ftp.slackware.com/pub/slackware/slackware64-14.2/
+# http://ftp.heanet.ie/mirrors/ftp.slackware.com/pub/slackware/slackware64-14.2/
+# ITALY (IT)
+# ftp://ba.mirror.garr.it/mirrors/Slackware/slackware64-14.2/
+# http://ba.mirror.garr.it/mirrors/Slackware/slackware64-14.2/
+# JAPAN (JP)
+# ftp://ftp.nara.wide.ad.jp/pub/Linux/slackware/slackware64-14.2/
+# http://ftp.nara.wide.ad.jp/pub/Linux/slackware/slackware64-14.2/
+# ftp://ftp.kddilabs.jp/Linux/distributions/Slackware/slackware64-14.2/
+# http://ftp.kddilabs.jp/Linux/distributions/Slackware/slackware64-14.2/
+# ftp://riksun.riken.go.jp/Linux/slackware/slackware64-14.2/
+# http://riksun.riken.go.jp/Linux/slackware/slackware64-14.2/
+# NETHERLANDS (NL)
+# ftp://ftp.nluug.nl/pub/os/Linux/distr/slackware/slackware64-14.2/
+# http://ftp.nluug.nl/os/Linux/distr/slackware/slackware64-14.2/
+# ftp://mirror.nl.leaseweb.net/slackware/slackware64-14.2/
+# http://mirror.nl.leaseweb.net/slackware/slackware64-14.2/
+# NORWAY (NO)
+# ftp://ftp.slackware.no/slackware/slackware64-14.2/
+# http://ftp.slackware.no/slackware/slackware64-14.2/
+# POLAND (PL)
+# ftp://ftp.pwr.wroc.pl/pub/linux/slackware/slackware64-14.2/
+# http://ftp.pwr.wroc.pl/pub/linux/slackware/slackware64-14.2/
+# ftp://ftp.slackware.pl/pub/slackware/slackware64-14.2/
+# http://ftp.slackware.pl/pub/slackware/slackware64-14.2/
+# ftp://sunsite.icm.edu.pl/vol/rzm1/linux-slackware/slackware64-14.2/
+# http://sunsite.icm.edu.pl/packages/linux-slackware/slackware64-14.2/
+# ftp://z-ftp.wcss.wroc.pl/pub/linux/slackware/slackware64-14.2/
+# http://z-ftp.wcss.wroc.pl/pub/linux/slackware/slackware64-14.2/
+# RUSSIA (RU)
+# http://mirror.rol.ru/slackware/slackware64-14.2/
+# ftp://mirror.yandex.ru/slackware/slackware64-14.2/
+# http://mirror.yandex.ru/slackware/slackware64-14.2/
+# SOUTH AFRICA (ZA)
+# ftp://ftp.is.co.za/mirror/ftp.slackware.com/pub/slackware64-14.2/
+# http://ftp.is.co.za/mirror/ftp.slackware.com/pub/slackware64-14.2/
+# ftp://ftp.wa.co.za/pub/slackware/slackware64-14.2/
+# http://ftp.wa.co.za/pub/slackware/slackware64-14.2/
+# ftp://slackware.mirror.ac.za/slackware64-14.2/
+# http://slackware.mirror.ac.za/slackware64-14.2/
+# SWEDEN (SE)
+# ftp://ftp.sunet.se/mirror/slackware.com/slackware64-14.2/
+# http://ftp.sunet.se/mirror/slackware.com/slackware64-14.2/
+# TAIWAN (TW)
+# ftp://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-14.2/
+# http://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-14.2/
+# ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-14.2/
+# http://ftp.twaren.net/Linux/Slackware/slackware64-14.2/
+# TURKEY (TR)
+# ftp://ftp.linux.org.tr/slackware/slackware64-14.2/
+# http://ftp.linux.org.tr/slackware/slackware64-14.2/
+# UKRAINE (UA)
+# ftp://mirrors.mithril.org.ua/linux/slackware/slackware64-14.2/
+# http://mirrors.mithril.org.ua/linux/slackware/slackware64-14.2/
+# UNITED KINGDOM (UK)
+# http://slackware.uk/slackware/slackware64-14.2/
+# ftp://slackware.uk/slackware/slackware64-14.2/
+# ftp://ftp.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/slackware64-14.2/
+# http://ftp.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/slackware64-14.2/
+# ftp://mirror.bytemark.co.uk/slackware/slackware64-14.2/
+# http://mirror.bytemark.co.uk/slackware/slackware64-14.2/
+# UNITED STATES (US)
+# ftp://ftp.gtlib.gatech.edu/nv/ao2/lxmirror/ftp.slackware.com/slackware64-14.2/
+# ftp://mirror.cs.princeton.edu/pub/mirrors/slackware/slackware64-14.2/
+# ftp://mirrors.easynews.com/linux/slackware/slackware64-14.2/
+# http://mirrors.easynews.com/linux/slackware/slackware64-14.2/
+# ftp://mirrors.us.kernel.org/slackware/slackware64-14.2/
+# http://mirrors.us.kernel.org/slackware/slackware64-14.2/
+# ftp://mirrors.xmission.com/slackware/slackware64-14.2/
+# http://mirrors.xmission.com/slackware/slackware64-14.2/
+# https://mirror.slackbuilds.org/slackware/slackware64-14.2/
+# http://slackware.cs.utah.edu/pub/slackware/slackware64-14.2/
+# http://slackware.mirrors.pair.com/slackware64-14.2/
+# ftp://slackware.mirrors.tds.net/pub/slackware/slackware64-14.2/
+# http://slackware.mirrors.tds.net/pub/slackware/slackware64-14.2/
+# ftp://spout.ussg.indiana.edu/linux/slackware/slackware64-14.2/
+# http://spout.ussg.indiana.edu/linux/slackware/slackware64-14.2/
+# ftp://teewurst.cc.columbia.edu/pub/linux/slackware/slackware64-14.2/
+# http://teewurst.cc.columbia.edu/pub/linux/slackware/slackware64-14.2/
+#
+#----------------------------------------------------------------
+# Slackware64-current
+#----------------------------------------------------------------
+# USE MIRRORS.SLACKWARE.COM (DO NOT USE FTP - ONLY HTTP FINDS A NEARBY MIRROR)
+# https://mirrors.slackware.com/slackware/slackware64-current/
+#
+#
+# Here are some individual mirrors that can be used instead of the
+# redirector at mirrors.slackware.com if necessary ; note that this
+# list is not guaranteed to be up-to-date
+#
+# AUSTRALIA (AU)
+# ftp://ftp.cc.swin.edu.au/slackware/slackware64-current/
+# http://ftp.cc.swin.edu.au/slackware/slackware64-current/
+# ftp://ftp.iinet.net.au/pub/slackware/slackware64-current/
+# http://ftp.iinet.net.au/pub/slackware/slackware64-current/
+# ftp://mirror.aarnet.edu.au/pub/slackware/slackware64-current/
+# http://mirror.aarnet.edu.au/pub/slackware/slackware64-current/
+# ftp://mirror.as24220.net/pub/slackware/slackware64-current/
+# http://mirror.as24220.net/pub/slackware/slackware64-current/
+# ftp://mirror.internode.on.net/.pub2/slackware/slackware64-current/
+# http://mirror.internode.on.net/pub/slackware/slackware64-current/
+# http://mirror.primusdatacentre.com.au/slackware/slackware64-current/
+# AUSTRIA (AT)
+# ftp://ftp.slackware.at/slackware64-current/
+# http://ftp.slackware.at/data/slackware64-current/
+# ftp://gd.tuwien.ac.at/opsys/linux/freesoftware.com/slackware64-current/
+# http://gd.tuwien.ac.at/opsys/linux/freesoftware.com/slackware64-current/
+# BELARUS (BY)
+# ftp://mirror.datacenter.by/pub/slackware/slackware64-current/
+# http://mirror.datacenter.by/pub/slackware/slackware64-current/
+# BRAZIL (BR)
+# ftp://ftp.slackware-brasil.com.br/slackware64-current/
+# http://ftp.slackware-brasil.com.br/slackware64-current/
+# BULGARIA (BG)
+# ftp://mirrors.unixsol.org/slackware/slackware64-current/
+# http://mirrors.unixsol.org/slackware/slackware64-current/
+# CANADA (CA)
+# ftp://mirror.csclub.uwaterloo.ca/slackware/slackware64-current/
+# http://mirror.csclub.uwaterloo.ca/slackware/slackware64-current/
+# ftp://mirror.its.dal.ca/slackware/slackware64-current/
+# http://mirror.its.dal.ca/slackware/slackware64-current/
+# CHINA (CN)
+# http://mirrors.163.com/slackware/slackware64-current/
+# http://mirrors.ustc.edu.cn/slackware/slackware64-current/
+# COSTA RICA (CR)
+# ftp://mirrors.ucr.ac.cr/slackware/pub/slackware/slackware64-current/
+# http://mirrors.ucr.ac.cr/slackware/pub/slackware/slackware64-current/
+# CZECH REPUBLIC (CZ)
+# ftp://odysseus.linux.cz/pub/linux/slackware/slackware64-current/
+# http://odysseus.linux.cz/pub/linux/slackware/slackware64-current/
+# DENMARK (DK)
+# ftp://mirrors.dotsrc.org/slackware/slackware64-current/
+# https://mirrors.dotsrc.org/slackware/slackware64-current/
+# FINLAND (FI)
+# ftp://elektroni.phys.tut.fi/slackware64-current/
+# FRANCE (FR)
+# ftp://mirror.ovh.net/mirrors/ftp.slackware.com/slackware64-current/
+# http://mirror.ovh.net/mirrors/ftp.slackware.com/slackware64-current/
+# ftp://nephtys.lip6.fr/pub/linux/distributions/slackware/slackware64-current/
+# http://nephtys.lip6.fr/pub/linux/distributions/slackware/slackware64-current/
+# GERMANY (DE)
+# ftp://ftp.fu-berlin.de/unix/linux/slackware/slackware64-current/
+# ftp://ftp.gwdg.de/pub/linux/slackware/slackware64-current/
+# http://ftp.gwdg.de/pub/linux/slackware/slackware64-current/
+# ftp://ftp.tu-chemnitz.de/pub/linux/slackware/slackware64-current/
+# http://ftp.tu-chemnitz.de/pub/linux/slackware/slackware64-current/
+# ftp://sunsite.informatik.rwth-aachen.de/pub/comp/Linux/slackware/slackware64-current/
+# http://sunsite.informatik.rwth-aachen.de/ftp/pub/comp/Linux/slackware/slackware64-current/
+# ftp://wrz1013.rz.uni-wuerzburg.de/pub/MIRROR/slackware/slackware64-current/
+# http://wrz1013.rz.uni-wuerzburg.de/pub/MIRROR/slackware/slackware64-current/
+# GREECE (GR)
+# ftp://ftp.cc.uoc.gr/mirrors/linux/slackware/slackware64-current/
+# http://ftp.cc.uoc.gr/mirrors/linux/slackware/slackware64-current/
+# ftp://ftp.otenet.gr/pub/linux/slackware/slackware64-current/
+# http://ftp.otenet.gr/linux/slackware/slackware64-current/
+# ftp://patroklos.noc.ntua.gr/pub/linux/slackware/slackware64-current/
+# http://patroklos.noc.ntua.gr/pub/linux/slackware/slackware64-current/
+# INDONESIA (ID)
+# http://kambing.ui.ac.id/slackware/slackware64-current/
+# https://repo.ukdw.ac.id/slackware/slackware64-current/
+# IRELAND (IE)
+# ftp://ftp.heanet.ie/mirrors/ftp.slackware.com/pub/slackware/slackware64-current/
+# http://ftp.heanet.ie/mirrors/ftp.slackware.com/pub/slackware/slackware64-current/
+# ITALY (IT)
+# ftp://ba.mirror.garr.it/mirrors/Slackware/slackware64-current/
+# http://ba.mirror.garr.it/mirrors/Slackware/slackware64-current/
+# JAPAN (JP)
+# ftp://ftp.nara.wide.ad.jp/pub/Linux/slackware/slackware64-current/
+# http://ftp.nara.wide.ad.jp/pub/Linux/slackware/slackware64-current/
+# ftp://ftp.kddilabs.jp/Linux/distributions/Slackware/slackware64-current/
+# http://ftp.kddilabs.jp/Linux/distributions/Slackware/slackware64-current/
+# ftp://riksun.riken.go.jp/Linux/slackware/slackware64-current/
+# http://riksun.riken.go.jp/Linux/slackware/slackware64-current/
+# NETHERLANDS (NL)
+# ftp://ftp.nluug.nl/pub/os/Linux/distr/slackware/slackware64-current/
+# http://ftp.nluug.nl/os/Linux/distr/slackware/slackware64-current/
+# ftp://mirror.nl.leaseweb.net/slackware/slackware64-current/
+# http://mirror.nl.leaseweb.net/slackware/slackware64-current/
+# NORWAY (NO)
+# ftp://ftp.slackware.no/slackware/slackware64-current/
+# http://ftp.slackware.no/slackware/slackware64-current/
+# POLAND (PL)
+# ftp://ftp.pwr.wroc.pl/pub/linux/slackware/slackware64-current/
+# http://ftp.pwr.wroc.pl/pub/linux/slackware/slackware64-current/
+# ftp://ftp.slackware.pl/pub/slackware/slackware64-current/
+# http://ftp.slackware.pl/pub/slackware/slackware64-current/
+# ftp://sunsite.icm.edu.pl/vol/rzm1/linux-slackware/slackware64-current/
+# http://sunsite.icm.edu.pl/packages/linux-slackware/slackware64-current/
+# ftp://z-ftp.wcss.wroc.pl/pub/linux/slackware/slackware64-current/
+# http://z-ftp.wcss.wroc.pl/pub/linux/slackware/slackware64-current/
+# RUSSIA (RU)
+# http://mirror.rol.ru/slackware/slackware64-current/
+# ftp://mirror.yandex.ru/slackware/slackware64-current/
+# http://mirror.yandex.ru/slackware/slackware64-current/
+# SOUTH AFRICA (ZA)
+# ftp://ftp.is.co.za/mirror/ftp.slackware.com/pub/slackware64-current/
+# http://ftp.is.co.za/mirror/ftp.slackware.com/pub/slackware64-current/
+# ftp://ftp.wa.co.za/pub/slackware/slackware64-current/
+# http://ftp.wa.co.za/pub/slackware/slackware64-current/
+# ftp://slackware.mirror.ac.za/slackware64-current/
+# http://slackware.mirror.ac.za/slackware64-current/
+# SWEDEN (SE)
+# ftp://ftp.sunet.se/mirror/slackware.com/slackware64-current/
+# http://ftp.sunet.se/mirror/slackware.com/slackware64-current/
+# TAIWAN (TW)
+# ftp://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-current/
+# http://ftp.isu.edu.tw/pub/Linux/Slackware/slackware64-current/
+# ftp://ftp.twaren.net/pub/Linux/Slackware/slackware64-current/
+# http://ftp.twaren.net/Linux/Slackware/slackware64-current/
+# TURKEY (TR)
+# ftp://ftp.linux.org.tr/slackware/slackware64-current/
+# http://ftp.linux.org.tr/slackware/slackware64-current/
+# UKRAINE (UA)
+# ftp://mirrors.mithril.org.ua/linux/slackware/slackware64-current/
+# http://mirrors.mithril.org.ua/linux/slackware/slackware64-current/
+# UNITED KINGDOM (UK)
+# http://slackware.uk/slackware/slackware64-current/
+# ftp://slackware.uk/slackware/slackware64-current/
+# ftp://ftp.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/slackware64-current/
+# http://ftp.mirrorservice.org/sites/ftp.slackware.com/pub/slackware/slackware64-current/
+# ftp://mirror.bytemark.co.uk/slackware/slackware64-current/
+# http://mirror.bytemark.co.uk/slackware/slackware64-current/
+# UNITED STATES (US)
+# ftp://ftp.gtlib.gatech.edu/nv/ao2/lxmirror/ftp.slackware.com/slackware64-current/
+# ftp://mirror.cs.princeton.edu/pub/mirrors/slackware/slackware64-current/
+# ftp://mirrors.easynews.com/linux/slackware/slackware64-current/
+# http://mirrors.easynews.com/linux/slackware/slackware64-current/
+# ftp://mirrors.us.kernel.org/slackware/slackware64-current/
+# http://mirrors.us.kernel.org/slackware/slackware64-current/
+# ftp://mirrors.xmission.com/slackware/slackware64-current/
+# http://mirrors.xmission.com/slackware/slackware64-current/
+# https://mirror.slackbuilds.org/slackware/slackware64-current/
+# http://slackware.cs.utah.edu/pub/slackware/slackware64-current/
+# http://slackware.mirrors.pair.com/slackware64-current/
+# ftp://slackware.mirrors.tds.net/pub/slackware/slackware64-current/
+# http://slackware.mirrors.tds.net/pub/slackware/slackware64-current/
+# ftp://spout.ussg.indiana.edu/linux/slackware/slackware64-current/
+# http://spout.ussg.indiana.edu/linux/slackware/slackware64-current/
+# ftp://teewurst.cc.columbia.edu/pub/linux/slackware/slackware64-current/
+# http://teewurst.cc.columbia.edu/pub/linux/slackware/slackware64-current/
+https://slackware.uk/slackware/slackware64-current/
diff --git a/base-files/slackpkg/slackpkg.conf b/base-files/slackpkg/slackpkg.conf
new file mode 100644
index 0000000..d1e3757
--- /dev/null
+++ b/base-files/slackpkg/slackpkg.conf
@@ -0,0 +1,156 @@
+#
+# /etc/slackpkg/slackpkg.conf
+# Configuration for SlackPkg
+# v2.8
+#
+
+# SlackPkg - An Automated packaging tool for Slackware Linux
+# Copyright (C) 2003-2011 Roberto F. Batista, Evaldo Gardenali
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+# Project Page: http://slackpkg.org/
+# Roberto F. Batista (aka PiterPunk) piterpunk@slackware.com
+# Evaldo Gardenali (aka UdontKnow) evaldogardenali@fasternet.com.br
+
+# For configuration options that have only two states, possible values are
+# either "on" or "off"
+
+# Remember, the only official Slackware ports are x86, s390, and arm, and
+# slackpkg developers don't have s390 boxes for testing.  If you are
+# testing/using other architectures and have suggestions or patches, 
+# please let us know (email rworkman@slackware.com)
+#
+# Select the architecture of your system. Valid values are: 
+#	i#86 (where # is 3, 4, 5 or 6)
+#	x86_64
+#	s390
+#	arm* (* can be v4, v5tejl, and other ARM versions) 
+#	powerpc
+#
+# The line is commented because slackpkg will try to find your 
+# architecture automagically.  If you want to override what slackpkg
+# finds, put the value after the = and uncomment this line
+#ARCH=
+
+# The default PKGMAIN is "slackware", but some derived distros use other
+# names as the main directory.  PKGMAIN is the place with the slackware
+# package series (a, ap, n, ... ).
+#
+# Usually slackpkg can automagically discover this variable.  If you want
+# to override the discovered variable, then uncomment this line and change
+# it to reflect the correct value of PKGMAIN
+#PKGMAIN=slackware
+
+# Slackware packages are signed by project key.  Slackpkg uses this key
+# to check if the packages downloaded are valid, so remember to set 
+# CHECKGPG to "on". 
+# 
+# Usually slackpkg can automagically discover this variable. If you want
+# to override the discovered variable, then uncomment this line and edit
+# as needed
+#SLACKKEY="Slackware Linux Project <security@slackware.com>"
+
+# Downloaded files will be in the TEMP directory:
+TEMP=/var/cache/packages
+
+# Package lists, file lists, and others will be stored in WORKDIR:
+WORKDIR=/var/lib/slackpkg
+
+# Special options for wget (default is WGETFLAGS="--passive-ftp")
+WGETFLAGS="--passive-ftp"
+
+# If DELALL is "on", all downloaded files will be removed after install.
+DELALL=on
+
+# If CHECKMD5 is "on", the system will check the md5sums of all packages before
+# install/upgrade/reinstall is performed.
+CHECKMD5=on
+
+# If CHECKGPG is "on", the system will verify the GPG signature of each package
+# before install/upgrade/reinstall is performed.
+CHECKGPG=on
+
+# If CHECKSIZE is "on", the system will check if we have sufficient disk
+# space to install selected package. This make upgrade/install safer, but 
+# will also slow down the upgrade/install process.
+CHECKSIZE=off
+
+# PRIORITY sets the download priority. slackpkg will try to found the
+# package first in the first value, then the second one, through all
+# values in list.
+# 
+# Default value: patches %PKGMAIN extra pasture testing
+PRIORITY=( patches %PKGMAIN extra pasture testing )
+
+# Enables (on) or disables (off) slackpkg's post-installation features, such
+# as checking for new (*.new) configuration files and new kernel images, and
+# prompts you for what it should do.  Default=on
+POSTINST=on
+
+# Post-installation features, by default, search all of /etc and a few other
+# predefined locations for .new files.  This is the safe option: with it, 
+# you won't have any unmerged .new files to cause problems.  Even so, some 
+# people prefer that only the .new files installed by the current slackpkg 
+# session be checked.  If this is your case, change ONLY_NEW_DOTNEW to "on".
+# Default=off
+ONLY_NEW_DOTNEW=off
+
+# Whether to backup files overwritten by their .new counterparts with a
+# .orig extension.
+ORIG_BACKUPS=off
+
+# The ONOFF variable sets the initial behavior of the dialog interface.
+# If you set this to "on" then all packages will be selected by default.
+# If you prefer the opposite option (all unchecked), then set this to "off".
+ONOFF=on
+
+# If this variable is set to "on", all files will be downloaded before the
+# requested operation (install or upgrade) is performed.   If set to "off",
+# then the files will be downloaded and the operation (install/upgrade)
+# performed one by one.  Default=on
+DOWNLOAD_ALL=on
+
+# Enables (on) or disables (off) the dialog interface in slackpkg.  Default=on
+DIALOG=on
+
+# Enables (on) or disables (off) the non-interactive mode.  If set to "on",
+# slackpkg will run without asking the user anything, and answer all questions
+# with DEFAULT_ANSWER.  If you do any upgrades using this mode, you'll need to
+# run "slackpkg new-config" later to find and merge any .new files.
+BATCH=off
+
+# Default answer to slackpkg questions. Can be "y" or "n".
+DEFAULT_ANSWER=n
+
+# Slackpkg allows a template to "include" the packages specified in another
+# template.  This option enables (on) or disables (off) the parsing of
+# any "#include" directives in template files.  Default=on
+USE_INCLUDES=on
+
+# Enables a spinning bar as visual feedback when slackpkg is making its
+# internal lists and some other operations.  Default=on
+SPINNING=on
+
+# Max number of characters that "dialog" command can handle.
+# If unset, this variable will be 19500 (the number that works on
+# Slackware 10.2)
+DIALOG_MAXARGS=139000
+
+#
+# The MIRROR is set from /etc/slackpkg/mirrors
+# You only need to uncomment the selected mirror. 
+# Uncomment one mirror only.
+#
diff --git a/base-files/ssh/ssh_config b/base-files/ssh/ssh_config
new file mode 100644
index 0000000..0c27d9f
--- /dev/null
+++ b/base-files/ssh/ssh_config
@@ -0,0 +1,5 @@
+Host *
+	ControlPath		~/.ssh/%u@%l->%r@%h:%p
+	SendEnv			LANG LC_*
+	VerifyHostKeyDNS	yes
+	VisualHostKey		yes
diff --git a/base-files/ssh/sshd_config b/base-files/ssh/sshd_config
new file mode 100644
index 0000000..a4f35a7
--- /dev/null
+++ b/base-files/ssh/sshd_config
@@ -0,0 +1,17 @@
+# FIXME: Set sshd IP addresses.
+# ListenAddress			91.109.244.X
+# ListenAddress			[2a02:2498:1:227::X]
+Port				9922
+
+AcceptEnv			LANG LC_*
+LoginGraceTime			30
+MaxStartups			5
+# FIXME: Change PermitRootLogin to 'prohibit-password' once a key is in place.
+PermitRootLogin			yes
+Subsystem			sftp	/usr/libexec/sftp-server
+UsePAM				yes
+X11Forwarding			no
+
+Match Address 10.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16
+  PermitRootLogin		yes
+  X11Forwarding			yes
diff --git a/base-files/sudoers.d/defaults b/base-files/sudoers.d/defaults
new file mode 100644
index 0000000..e34d298
--- /dev/null
+++ b/base-files/sudoers.d/defaults
@@ -0,0 +1,2 @@
+## Set the password prompting timeout to 30 mins.
+Defaults timestamp_timeout = 30
diff --git a/base-files/sysctl.d/fs.conf b/base-files/sysctl.d/fs.conf
new file mode 100644
index 0000000..ca7320e
--- /dev/null
+++ b/base-files/sysctl.d/fs.conf
@@ -0,0 +1,2 @@
+# Increase the maximum number of file handles (2^18).
+fs.file-max = 262144
diff --git a/base-files/sysctl.d/kernel.conf b/base-files/sysctl.d/kernel.conf
new file mode 100644
index 0000000..bfe129d
--- /dev/null
+++ b/base-files/sysctl.d/kernel.conf
@@ -0,0 +1,15 @@
+# Append the PID to a 'core' dump's filename.
+kernel.core_uses_pid = 1
+
+# The contents of /proc/<pid>/{maps,smaps} should only visible to processes
+# that are allowed to ptrace() the process.
+kernel.maps_protect = 1
+
+# Reboot after 10 seconds when the kernel panics.
+kernel.panic = 10
+
+# Allow more PIDs (2^17).
+kernel.pid_max = 131072
+
+# Disable 'magic' SysRq functionallity.
+kernel.sysrq = 0
diff --git a/base-files/sysctl.d/vm.conf b/base-files/sysctl.d/vm.conf
new file mode 100644
index 0000000..db99eb4
--- /dev/null
+++ b/base-files/sysctl.d/vm.conf
@@ -0,0 +1,3 @@
+# Do a minimal amount of swapping.
+# See: https://en.wikipedia.org/wiki/Swappiness
+vm.swappiness = 10
diff --git a/base-files/syslog.conf b/base-files/syslog.conf
new file mode 100644
index 0000000..c027c80
--- /dev/null
+++ b/base-files/syslog.conf
@@ -0,0 +1,42 @@
+# Notes:
+#  When changing log file options, remember to:
+#   * 'touch' the logfile into existance
+#   * Set the correct ownership+permissions on the file
+#   * Update /etc/logrotate.d/syslog with the changes
+
+auth.*						/var/log/messages
+authpriv.*					/var/log/messages
+cron.*						/var/log/messages
+daemon.*					/var/log/messages
+ftp.*						/var/log/messages
+kern.*						/var/log/messages
+lpr.*						/var/log/messages
+mail.*						/var/log/messages
+news.*						/var/log/messages
+syslog.*					/var/log/messages
+# lumberjack uses user by default.
+user.*						/var/log/messages
+uucp.*						/var/log/messages
+
+# fail2ban (custom configuration) uses local0.
+local0.*					/var/log/fail2ban
+# named (custom configuration) uses local1.
+local1.*					/var/log/messages
+# spamd is started with '-s local2'.
+local2.*					/var/log/messages
+# dovecot (custom configuration) uses local3.
+local3.*					/var/log/messages
+# Unused.  Note: slapd (from OpenLDAP) uses local4 by default.
+local4.*					/var/log/messages
+# rsyncd (custom configuration) uses local5.
+local5.*					/var/log/messages
+# php-fpm (custom configuration) uses local6.
+local6.*					/var/log/messages
+# httpd (custom configuration) uses local7.
+local7.*					/var/log/messages
+
+# *.*						/dev/tty12
+# *.*						/var/log/all
+
+# Include all config files in /etc/syslog.d/:
+include /etc/syslog.d/*.conf
diff --git a/base-files/vnstat.conf b/base-files/vnstat.conf
new file mode 100644
index 0000000..f7ab29d
--- /dev/null
+++ b/base-files/vnstat.conf
@@ -0,0 +1,186 @@
+# vnStat 2.6 config file
+##
+
+# default interface (leave empty for automatic selection)
+Interface "eth0"
+
+# location of the database directory
+DatabaseDir "/var/lib/vnstat"
+
+# locale (LC_ALL) ("-" = use system locale)
+Locale "-"
+
+# date output formats for -d, -m, -t and -w
+DayFormat    "%Y-%m-%d"
+MonthFormat  "%Y-%m"
+TopFormat    "%Y-%m-%d"
+
+# characters used for visuals
+RXCharacter       "%"
+TXCharacter       ":"
+RXHourCharacter   "r"
+TXHourCharacter   "t"
+
+# how units are prefixed when traffic is shown
+# 0 = IEC standard prefixes (KiB/MiB/GiB...)
+# 1 = old style binary prefixes (KB/MB/GB...)
+# 2 = SI decimal prefixes (kB/MB/GB...)
+UnitMode 0
+
+# used rate unit (0 = bytes, 1 = bits)
+RateUnit 1
+
+# how units are prefixed when traffic rate is shown in bits
+# 0 = IEC binary prefixes (Kibit/s...)
+# 1 = SI decimal prefixes (kbit/s...)
+RateUnitMode 1
+
+# output style
+# 0 = minimal & narrow, 1 = bar column visible
+# 2 = same as 1 except rate in summary
+# 3 = rate column visible
+OutputStyle 3
+
+# number of decimals to use in outputs
+DefaultDecimals 2
+HourlyDecimals 1
+
+# spacer for separating hourly sections (0 = none, 1 = '|', 2 = '][', 3 = '[ ]')
+HourlySectionStyle 2
+
+# how many seconds should sampling for -tr take by default
+Sampletime 5
+
+# default query mode
+# 0 = normal, 1 = days, 2 = months, 3 = top, 5 = short
+# 7 = hours, 8 = xml, 9 = one line, 10 = json
+QueryMode 0
+
+# default list output entry limits (0 = all)
+List5Mins      24
+ListHours      24
+ListDays       30
+ListMonths     12
+ListYears       0
+ListTop        10
+
+
+# vnstatd
+##
+
+# switch to given user when started as root (leave empty to disable)
+DaemonUser ""
+
+# switch to given group when started as root (leave empty to disable)
+DaemonGroup ""
+
+# try to detect interface maximum bandwidth, 0 = disable feature
+# MaxBandwidth will be used as fallback value when enabled
+BandwidthDetection 1
+
+# maximum bandwidth (Mbit) for all interfaces, 0 = disable feature
+# (unless interface specific limit is given)
+MaxBandwidth 1000
+
+# interface specific limits
+#  example 8Mbit limit for eth0 (remove # to activate):
+#MaxBWeth0 8
+
+# data retention durations (-1 = unlimited, 0 = feature disabled)
+5MinuteHours   48
+HourlyDays      4
+DailyDays      62
+MonthlyMonths  25
+YearlyYears    -1
+TopDayEntries  20
+
+# how often (in seconds) interface data is updated
+UpdateInterval 20
+
+# how often (in seconds) interface status changes are checked
+PollInterval 5
+
+# how often (in minutes) data is saved to database
+SaveInterval 5
+
+# how often (in minutes) data is saved when all interface are offline
+OfflineSaveInterval 30
+
+# on which day should months change
+MonthRotate 1
+MonthRotateAffectsYears 0
+
+# filesystem disk space check (1 = enabled, 0 = disabled)
+CheckDiskSpace 1
+
+# how much the boot time can variate between updates (seconds)
+BootVariation 15
+
+# create database entries even when there is no traffic (1 = enabled, 0 = disabled)
+TrafficlessEntries 1
+
+# how many minutes to wait during daemon startup for system clock to
+# sync time if most recent database update appears to be in the future
+TimeSyncWait 5
+
+# how often (in minutes) bandwidth detection is done when
+# BandwidthDetection is enabled (0 = disabled)
+BandwidthDetectionInterval 5
+
+# force data save when interface status changes (1 = enabled, 0 = disabled)
+SaveOnStatusChange 1
+
+# enable / disable logging (0 = disabled, 1 = logfile, 2 = syslog)
+UseLogging 2
+
+# create dirs if needed (1 = enabled, 0 = disabled)
+CreateDirs 1
+
+# update ownership of files if needed (1 = enabled, 0 = disabled)
+UpdateFileOwner 1
+
+# file used for logging if UseLogging is set to 1
+LogFile "/var/log/vnstat.log"
+
+# file used as daemon pid / lock file
+PidFile "/var/run/vnstat.pid"
+
+# 1 = 64-bit, 0 = 32-bit, -1 = old style logic, -2 = automatic detection
+64bitInterfaceCounters -2
+
+# use SQLite Write-Ahead Logging mode (1 = enabled, 0 = disabled)
+DatabaseWriteAheadLogging 0
+
+# change the setting of the SQLite "synchronous" flag
+# (-1 = auto, 0 = off, 1, = normal, 2 = full, 3 = extra)
+DatabaseSynchronous -1
+
+
+# vnstati
+##
+
+# title timestamp format
+HeaderFormat "%Y-%m-%d %H:%M"
+
+# show hours with rate (1 = enabled, 0 = disabled)
+HourlyRate 1
+
+# show rate in summary (1 = enabled, 0 = disabled)
+SummaryRate 1
+
+# transparent background (1 = enabled, 0 = disabled)
+TransparentBg 0
+
+# image colors
+CBackground     "FFFFFF"
+CEdge           "AEAEAE"
+CHeader         "606060"
+CHeaderTitle    "FFFFFF"
+CHeaderDate     "FFFFFF"
+CText           "000000"
+CLine           "B0B0B0"
+CLineL          "-"
+CRx             "92CF00"
+CTx             "606060"
+CRxD            "-"
+CTxD            "-"
diff --git a/ca-certificates/isrgrootx1.crt b/ca-certificates/isrgrootx1.crt
new file mode 100644
index 0000000..b85c803
--- /dev/null
+++ b/ca-certificates/isrgrootx1.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
diff --git a/ca-certificates/lets-encrypt-x3-cross-signed.crt b/ca-certificates/lets-encrypt-x3-cross-signed.crt
new file mode 100644
index 0000000..0002462
--- /dev/null
+++ b/ca-certificates/lets-encrypt-x3-cross-signed.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----
diff --git a/ca-certificates/letsencryptauthorityx3.crt b/ca-certificates/letsencryptauthorityx3.crt
new file mode 100644
index 0000000..4e82cb5
--- /dev/null
+++ b/ca-certificates/letsencryptauthorityx3.crt
@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1
+WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX
+NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf
+89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl
+Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc
+Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz
+uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB
+AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU
+BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB
+FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo
+SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js
+LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF
+BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG
+AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD
+VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB
+ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx
+A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM
+UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2
+DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1
+eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu
+OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw
+p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY
+2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0
+ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR
+PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b
+rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt
+-----END CERTIFICATE-----
diff --git a/memtest86+ b/memtest86+
new file mode 100644
index 0000000000000000000000000000000000000000..affaaab955bd2442a7bbe027be5d801432741729
GIT binary patch
literal 150024
zcmeFae|%KM)jxiBbCYb6P3{5<M2)h_s)<Al8a0uK3x<T!fD42`1r=KwamA{z3urMv
zyou!IvPi}H*lMd*+tLTEC{%->Bmokjq6rq!`lv`1XSw_mg#-ll^FA~8ZZ`a|{XVb0
zp4az}M%jDsnKNh3oO9;P%$d1!o0^lCeApx{UDCWpvgI7jiJti8_j}Kiq@{~DzxnM=
zOFmrEyre_>TR>8tU%Nn>sr==7ZReUK>BLXJ`MtKYZM58XrgqcJ#ijPeo0sfb!t%bz
z+rF*eu<dK?(pt&hB-^+3o7>mVuCi%gvV7aryzO~kZ0l!y286yqNNutaLfWf}xUs*Q
zGE~cW*T%V7osbvZ=30{?txcBR>aaE0`fYPHNv<W$%q=n5#!_wULus!hd6p(h^tZVA
zPf;awYS_n%o3E5y!;`+X&9iM7`uw}LAxW*0*3$BMitVGhDZ%7n%{d>ouoRXLU;>hc
z4o`a57V6t%lZGU1ltOYesZDxeqcp7fg;t3&{dMl27dO{zM8U&8HeQ%9qiJXcINIjA
zQy<VK=^3rk$c7#IfQ?ea2erE;+iLs736uQW`prpHH#+Xz;Ac)r$VA<kdZ*E{CQ;J9
zoWKT2H)JGAbCssi8QGh+xmHfazZ<r>)J=AlA^m9gryH8mGXP56=Gw4Emh=j#rBz;?
z(a_;l<h-K7d3HH@n`^hRVd9&I6Y`o5+`3`4?G0&-<N>-QrKgtNcjwHze|8s_%2|G7
zNwRq@_~idSzOrV|{UmYH^e)nM#vsLZ(eEV1Hek8*=Ht@7qG+)1U5zuna@`j}*=aZI
z-jm)_2iOp4W#^um%qy+@Y|jjKp#%vkwnK*0lqm_TA%m!dhHR2cVgsZvW`dBi+!jn`
zDbg1+jD5@PA-2Jgz;o}vXf>XH-7N9z<IPs0;}Ls`H0h_o(EURvrKeiZ|6Kngf&WP0
zKN9$l1pXs||486}A%PRe>%Ry&*Zp=xf)swyyReTWF`_c9c0+iCT?)TIkg!_5>10$>
z$KzMAEi1z%tp29uWHjLN{}uhcBzk=G_e(m|wKF@TQCrA6tU0`Pp$(b!=@qh+b4*KC
z+hsK(hmN+ZghHi+*S@q7w3eNZ-zEv;gi5WW@=a-pmaI*Y)pkdCndh7-mz^^u_nawL
zpEIT4oGByDnNobtl(FYb8Gp`{@^hw4J!i`FbEeEVXUfcTrp!8L%FoW35<F+hf^()+
zohwBpYtYo?_*HCA{{fe<y1M;jG}`g>$NykeFtlefxOE1kSvHuK5eP^D$(V^>n{hjS
z?Z#C6CKwa(D;s6_O*BgIn`HR#n{3<=a2VI&F2%?Tq#C(_G$T9UG`xXy!xP9bvXG(}
z1MurIT!B7@6L)=$B>eU>B>$ud6Q@*64i|g#{1*)<X9Xci!WjRy+wZvbN7JUhw^Wjz
zC5!(5{ohrb!%Fbm`;Rxsr{9zKb(wj6S~8y{X;Q_M$(CoBdjmYfs_Ae5+MyOES88e{
zv=mlv#;>N%qTfR;yIk7WEfH7k=hV`*!<Zd`SW0K@3qiOKDkVjwyV@5P;FpR?(dn-C
zg@v(nx~qMmCYDZjy?xQs_oJ|;Y>@7mbA)y7cGk{@liB+vraK-<@ibRndMX;NRxW9d
z4s|49wkoDOa9EYv=1NooH#zTAPO5A<C@=Z!yUJnBl`lwA<qI<YIi$*AAFp>xl}#Q<
zpz=-s$Z?Y@*SJyWMakRx&+$~=NRUwGa}KGf`r$sOk{puOtv0*0_Dc0TDYW_6ur0&3
zH`y3)uTYOkp%nEvCYoA{_V>!#-6V<1mfcB}+5nUVY0<MSLzY%IZ0ipenxsj?KBiJ?
zzZ>Tdo!=z$$0nPArZzbyt&K*9ZQ0iUc;z&z)?JFN|DgnlS6SU`Lxn4&L!C*ddFil9
zGO}&F?T*{0Vd5r98;(Fw^yk9ADDs1XZ9p$Fdxs@)7i~@OxVvBX(}GyX5s-evUOpC$
z9{<)jxpeZBib=Km>OkAFni~u3s15$Y<=(9J;zyix?^C;{gbwQ}bu(JASH?e2cm+4D
z+1@N|1&8lV=%<x?z4hCbx<`;lx7RlZM}&jkEVcXM>LjiFQKxZPxB)3k)nmivr)W<+
z`UEH&eQnL1-D>xVc`02TfK3N4YO8~ChuVhB_R4y(Hy@M|Y_sULsOQ$#b35C*t@GBQ
z0PCsPJ6re3db#(0eWGk@1$PcS`0#*R=kQ{$Ls3r<t7YCSy&#;g=(A*PFSHGqdfX98
z8&c-=*fJu2C7P(#23%YAJ6gV!6J~pzTCP{WSJsHdTyLfNaE268+KauU8qD+YXE^lP
zUJnpl>hWY{Q9VHV6U){`PDO2hkM2$=Lq@k(eaImN?_E#$Z_*EFk%SxN!UlQ7C~arq
zWXJr&sJLv5p&VL<;WMuV>O!wa3MHXRvTZ;@2AFjr`C<X4vgMqUwxLM&41q2a2H3XZ
z>e2?N&5lB<`yv@F9HbYh3*<gZ{S}bBE(9o~mS;(gL>MPESy4|BrzEw!a8brtrKUu-
z0f(fv3D>ho&GD~EZ4s69#IpbCk($Gj+I?>$EnaGlMtN9+eElfx150WSV=ScQ&=g~o
zdA*@WY7W~#ZEM0nE|h`sa&zPyv0a5a3%Lz6<u*{rO;#4!A-CF%)M}>Pe#dPamM-P(
z$ZA2~<=Z7)eTMjUjnZ7Yt7W&Wt6pGNszr7wRB9#0!57-?QgEo5u#9lEcI^Y*F;a8r
zj+W15<m@Ab(shO3FB}FkyU#%;bWc=$CJTjg7TQTfU?i@re<u&T{*%;w4y*E~uA$1W
zLz$I2>f3D(mFVgh^hlgoVpxFM_5s8OEPr3M*;QG;J#?@a$ELsvq);OJEjopE^*K}u
zg2&xUxTC*zb-8(`tND<bSy^=>(l~Wpg^RI@?xq|yGZB;mD(+^P;i>kTG3K4_cj@IF
zQ?;dK00?63J_nGcb|3eH?LIl3KV^CVZujMao$7X9UR0r{e1Ta&m&$fuv4?(3C}oUD
zDHoR_6JaVP`RGB&MP1;Of_=k2hme)u4Z%PzU+b!ej3-Wj?KRI)HX7PY+rUNtquLhr
zYKXp;<RI*>b|Em@B-@5~{oD?uCaES337$5e4K{7R@wvy+B$EDzz$dN2ecqz(lf!BU
z<n716%EsRN2^HoHt8Uo70Ijn?#T;Y{q_96(peIaFDtnTHT%1wrY}9>OoL|gb-iH<I
zI%!4MNCTSeE!;deL34U_l|ySt4cd;v)_Hbq)9_rc^60CC%oEiGE=gJPJf7ilp$kdk
z&On#B_tcjWfv|j7A2VI|&mi|%==9FDYn!!$g*!lQXJPl;$%Sn0gyBWrd1dfqj<EX&
zf|;=U7t}k{ww9x>)$Hm%r=Pudo=t*3$f|9f%7I#umwgz6P3N#^u{TrQ=z_UZ*@gGJ
zl*d9a55r+G2reAz#w^}sgeZzEQEbk$Q$4b&9=PVxwMmj367LrP@eo9Ku1tN|YFIsZ
z%tc4xwXzu_DA^Xu)K{#e<k{YAGa1wzk}-%UqaQ{dqi+}^ON@WeUE?{MXrZ0~>I@1{
z&muMfEe<IjRH(jLS@H%-*H@7F>h}`qOdYm?2O11y@xD%9MU4)5{qQuP=MKw1&{uFR
zl-En)M@UAxB;=>}&FN_AwpZ!{D%In*P$@Xev{m`gVYzkg`zqCi{pHm8=(_r2*jnz*
z5CbrD11HRGfOnN$7+V-AvD-vQJE4W0A1*2wIUIeVQojHYsKrxD9VPnZU<xYejjX21
zb*meT;#84qsp7_~?2^`|wVviMQ=tw?irj<N1xZz~;Y6by;xWw;eyUJA+>=Q!w<js<
zTf@$pu(JXGYuj4BbcAzrY@1s4yDD3bE0sArl=b@|OQ+$E%c!hJMpW4u2h+>!=m3sQ
zo1dj^zLZ9udYziR7o&&|qq~~y#MU$T5ez<#J7~cfmVe1p_(%+egp2P@XxWuughb-w
z#%!%yUqMRzRoBB@jkazmz^S})(8i2gI973ATg$E_V-&%WUoyxxK>6{OU5Q4nfIckQ
znhlQ$56heUplG;6+RGBMC)R)ueHmFtrQR0`PYCvD*(1jkJ-{9frRd9u6Xg{<s+k;2
z!EahHL3su8&5hF$jq7>L<5yQwCqu^7?(-6?-3ODWi-#^@^$YHQE`#G5a0g1~eM$I!
zJ8w;-Gj5ou0xwp*!4^tIPZi8myX9a%eR3AbpM8P(PeL&iF*>VMZF6bemFfs7^iJ;<
z9CKz##8S|kr>j%R0ZWB#!PK{inaDsq*RFkz?$Pngn+WsK*Anm1H^}R;x&3XDwut<S
z&VRw*jZr+!H%+U(hSH=&GCcU?e{i3CeIStyzny%t%NW4nFK3ZsCiq|h7loKK$%&Ow
zLB(ie>WiSKOW|VQ$#C5w(K0pJ%Z3obCb;=%(CY|X9+24;0V)D+e-AG;7obhIanR(z
zRd`4h=^7gX-$td&tm|$w%U+(P2%yJBmgpPJsBgdr$aao|3X<XKxYCFRjRy_iE>BYy
zy@T57#dg`U_NNSC?OdW<i(1etN1laX)U_{??v=+bPJpnNk(eyV-(h)?S}r&Q3D_4?
z;TH3~ERqRJk*P$9bpR&D4m!yazV4T;O-PU$IwEBvX9XL80?vhWIgnU#l1-`zL<3TE
z6*0s5Tzq<l`ftE0`z(?0q(Icfi+E1Q>nZ(RWLRGVPT=5i3)Z0&?NrMiht`c*drDi%
zDZ0r_Y158$?O=5vO=_E5VbTtJKzkV<4cJA^>hB{SrkRKplTE~#XCjsW5q?vKW0oCC
z-3UB(9yA{5vF%WWt_H!=QJ>otbSc9$wHfu+mTknZaj|Hcx~sPJFT?u|(w0%$n_o`;
zb^jqQfdYdiSrK-06{WK2{cI$E_LhvRslO#{&?r}S*ADneSzp0xvy3+|dtqDXLh7?5
z_FP|>EoT7U-L0X4k_Ech1E2+I^pp~?v-yJ{mC>fE>u*N^rG>n>>OV%N;0YsHOMrW?
zIJa_!0rf31AkH33Ca(9%6;lGzEC6c)HcPm7T@tSa5A3Tx0;^;@6097yS?Hsx1E)0B
z)!{c)GVIJ;tB}jKUyTk@>R!QZsnN)b7BXRva&qXFR$UNZzbe8s>-TYFKAvDq4sa-G
zM}+KV_JQo$`Opa>!vq{!X9a@VWZ08?O2A&hZoKS_S_}p;rkIFRfSE~%?lTdOLrf*=
zDR*c&EXn~5ISSPmp&{k5hfwjzZY1lf55H<bqO#~U@TOD$=GZS<JShY^&b<=6t4|>x
zNgb?48tA%~AX2b8fM#Vgg?A@nX95*Tglfz%iMWP}XFq?AvYi+i^&)CqXHmQ|o}zLF
z#SD|e+h7YNSk9rB`$z|;+7azQ*9Q<a1mv<>+!VIodxkvUCtd}f)r6<8O=se*0A8sY
zb%$Pz{1LaL&l+)c;zCYB))#smEnjg_lcQ))!!ya9oP|)ecCu@SRoE0EwhA`&^uj`;
zOq?mEHCM3wGjJ{<-3Ddtpz+_(uM-}_=?J<yXL}uyAoR<lRz@Ossl9tnCnJ6_4S45L
z8gS_=p2H(%JJg%$YBq$I!~BygSP4cH5HZ_viVTICmtJ5wpG-$^(4kYxgPD8?s%_P}
z729TQvtrv)bCXo{web(5-x^7lB*IDgW+?%W8HW>A)qqOQf#{z2iP31VfdCg$+E4`I
zB;eU5v0G3Hm1bF(yI35b&rv@Fs+cV)b@gEP-@}}~%FXGL7y=%QAhq_EuaanIj5Ft0
zShj`bnihruWVc=GtZX@kVdQ3I{pPS!3p=+_)0hx;`oeNUWlpQIe!JS5Hjy2M04wz*
zU!|4=IbuqFUR9c|@>0Z%QWTh{tZ$=Yl4$7b%-I^2?Qvxt7DLt!Wqn7u=<$}X62fj2
zv$Qg&O<8|bZA&9=M}$jl{tEU8%0u@GUJ&Vr-Fw5Oc7VrCCq25+`^f-ihf5OyEa1Q_
z0J6fRsQ}zHnXst2Alm={4otHE*=qZsDHZG!4sgNHvZP=ln^qo^Jk516THGM!R<Qy7
zY`CgeM1p%dn&2k0N6`^tpx=e~_vh&edI6*tu9ZA!L-2vzVD)7$p%VIR*9q+<+X?g>
zDwD&xuHh^Ez@7h<u2M2aK61{+SOJi)O?k`@qpLrv)c*qggsv_oDlQBv9S8@(bD(xE
z__QB@0q#8hhV+^ONvVGtPSq^=e!$vfmkp6uPv~f6?TsEOMY`z)rJlTarGDcjc&z=3
zCIhw5Vv1zgN^5TN1dm4$e4@T6;0UV+X#_Tfy;Mdb#MmaJV6hHudJ20$G%CVN3S%J6
z@#<oDF10<$3J17GRT9&jAT0oZ;ItUxMVz1<NX3H7<w#jL4mDj?4Dn#%ypd;14yz6u
z&*qI~bE@shW>hF@G3ydY(I1-3D)r>y;kTUD0LVy3I0asSk4z9UQZeV+4+gkSjpBQb
zrYdhIhl5ESrH#o&xxs#@sq%KSp9N#(dJ5qls}!1k=w2{c*)C_;q?(&@LxV~=mB!?{
z=AMkhV;NsC1#q5V^41<EDIx(LYHrF4P38rn4X{HZy=ZD^q}pybig-e@pY65s1sz~j
zWqC$_E9osHfm@YbPbM({V_{o|mQ-pa>8lD*1ZQkuk*9~b*DPA0=k;ZTqT8{MpxMQ2
zd>Pq~*7p9Xt~S&Y>lkfvA8Dj|%oExROX1X#i#(wt!fZl)jBaz1<g>&4o!SxjN~L}^
zra;;OT_poW<6^7!!x>`CWn=5QNlgy4W<-a=>LnzXS<j*<*!A|~<T5?%FSQsVw9f%&
zA|6QLK3Kn%=SrUEk0Q@+%{)W%k>@3Yf_xOkpx)jbP5NE63o%+pS3EC6SF?~n-b=C@
z&Yq_{AXADiwJ@iqQkX>Kj*gkZn!d(x!$20ZK@u;1j4i@y0q3L@87o+S&WL*oE5p*I
z<<fa84I=AN-~X=5F^kN`FxH{%6<z>+TWL=jBwq-0GH2*!&d^rQP#u<PAWb9RWQHSB
z1mX&0hOQ8EGOID3=X#&#8ZUCOXS<*$;c+lR3adZjI3IGHD}WR8TPQ-ft}R?bqOxvV
zFa?Wp>aJugP+6VsKzlGv@$5>M;AoUfc7eLSme3nZ2Q{-qb(hWGSn6(ONpwd=&g4aY
z&5L}an^)#&soNJE1S0BY4<~_n?R|t6P+(g>xrMs`tGq#;pm$A;BsD8nr;|M>d1#Db
z^`RL4H3FX)QOm(dG_Qi4pUY_gW|><(XQL08u3&j!BW9F#7_!HlEQ>%Z91Hq~%OVKg
z?br2ZNFaTBB0HF(B4ly7C=0d|RCEz==J9S@Fx{HfLe0j@ruF*V_00<$`Z6M>*-Z>-
zxO)G`(Wp{4Jc+E57lfG%!9+Ila5q`xdN??1Y{?eE=ztFmD7Mt`l*UKdM%EeGmG#Al
zF!5A<1ut{7#JcvO%w;o8?p(O?)&;K6&=FV3#xD#Ba({ux8FCP3SPN&5zB-I>JgM$7
zfR>a0A8pO91NN3(W}pX!x@3RA8%SWq&=H@4Wl<{k!_lD4iFiW-n`M!-0yuUynS)%B
zftYBAf0j%WLC(iv7YdymaIkzTa~UlO=zKW<?O`G}yro>@Ib7o-jtZaj*tdj6$TwnG
zSgkDj7(KO6i_W<f{ersCA*Y29DWUZRbeySTr2*Dw7J?DPbv;3y;1zL(_B1cHkQdv2
zgcqwFZsLPUJ04>+F-;~HCqmVQk5DXV4s3@?^kH`eC0WH6_7oMmGOnmU@S=RYsOeTw
zmJ4K0d`qQ0Lp-BpJb^2QtH_NdBoTc>tg(-M;!|8$uX0kOIjKIJ&5dRT;TVGD<Q^6#
z;WwcwmCt=6Lm-bB;ivd=YCY!SF_;TOP!Ti0Dww(w^r#CkXU>uRxI4o*DFB4lHR5!#
zYdNy0!}pVYGLEdUE;Jm}G}T^+0hsbkt61LEc2L-<gODlkBoJDwE*PWp_yV<2o@g?T
zrtGtr)jH!OSk}k>12ao1C|MQ_dJd4FIwNZ$k6Y=>=n>uYKF4G(^L1S2KjSk0%{Rh8
z4}1+2og><)tHl`FA4ta9O8Nv67mt0A!=eRTGEj~Qts=e`LRR!tYz40M`<1#cA#2`L
z7E)8epwo%gk~9`%&emGmIWyIq8JA#2OouQs4LVUk1>1I*c!Wd*7sP^6|938L(N2QN
zu#wPh#-;6Q6YQ7%blwYV>bjUco5pS2A?#n{sO=nq)+9vhL}SPD1aGLlnuL)f(nYSb
z;8N2zOIs$&Bu*f5;S;v=TGBWh9Vo93WJnk~$Hpx9OLBxSf^$BCWx0o`4&(&&rL-WV
zub?#YUlz$vILY5}k~=ZR;Jyu!p5QDqUk&Bs8hR3=R|pVY!ClBs(*WKnGfrV8r|?Tq
zz%&VIZuTqmK=5WUyl*%jMS?2Wy&TWO27#mygFXd|mpiA{wvy-yTNU+P3}x7CvZrOj
zn><6D_b`5nlUvKlT?BIfd|kDd^(pn+csI(a#;-3Ugqs$+Km>JATz671!>2Fv!5TGt
z<X1coJy;#gMsQ`W6$i0C(47z*!ABzXtC3*bX?X%Z52@5e<L^MyaMwc2W4TKpQtZK9
z7~j?4?)!55BtAzeau^e=X5G`j3LkXM_s~%mcXp9;?J51c&p<1YeT$1l(8|vxF1&0C
ztxL?>&qcoCAaC*NT3W1^f}wW4YL8pk7`M04=m*Ho$O$C+1H<419K191uzh>t7sS<v
z9a898b3#Rfmqhj)x;JYEM+>?<tP)mT3Di?7fdTB)Xl{z}>*kS@=p?b1f&SEeZcM#0
zD>d1xV@b7j-=3O=VsF1j{DXCFfc4Un4^UhU*nL81NTTg52Vk(@m%OKj5Rj1wU{4O+
zb#+|aL5tMx=U+m^l3d6S_4JxSn6{T=ZL-7GZ0l&*g=mB=k*|`tkS7a0%Gpu)at5Jz
zG*{#pN%MQ~@OF`Y;aN&b5G6_4)|^(2f}$?Yng(g$UaUCg)6yvwl#5j&SJ+RBr@37p
zUd++YQ7GqM(x}#6<rT^%+xZjf^L%qvk_4aX4PAPU-0@XIlpRvgB`TX!Ky?A}U|Gk1
zf^INr-{_tORTN?VjL|R}942;jjnLE=9RvJIUVsL2jp!59jjrdpAoyw%^oy{xP4cse
zSm#6<s!9gohDLHVR~LTu{)GPga%e0(CaP_QmNs)O*%QqbCGdwL9lXd#MfrRsgXpB8
zo}ihD`%DZR+@Yk-nOK)DH=ncSPNF+e8t&YDrP+hK+^!DD$P>Jb?zPsg?YMd;qAFhM
z;XJH!8LtZ!%n*Dbst6T%rI2RWmQn;7PmZ4`OYWn%9*?({v79<l|8=MfMd&X<`?P|Y
zHf2dCL?C3ttE^9Sja6Gy_2LfKjqtS6yi^p1@v#g0y~LeNqP9ft;`QHnn#c$Kz+zLV
zB!u*s)}3eCyjZwHIl|7|y!T;$InkpW%gTFa?ombL12Dox8B-y+{6E&tHCUd8HBrHv
z!Oq#WGfZd)yk^6oVBl`Dka_7Qz=j9xtRo+QJ8p^sC2Q``?-e0YnVSavyAj$r45gBe
zxdFqXoXX;bWa_3#40t5oBtreD7@$+w(FKzj##=?vhAHa4Y_z0V8!;5-P3e!mSOvM>
z50TI<)i}<s*Q|3O#B@ikgjd$QlKi;Y2yTnmtlD^PmHOpmO{gtKQFzG`H}m@NY6nwm
z@jyT>z)Y)E10{0~d2<dSvEZI(3|>ihXouJ)Yb4;+0PUv2opZW~xY{fuKS{(XDRmD(
zoMsENMCwo$V}ucnSs50K{tsj^y{5M;`0(W4BMaYYve1>nW1%F-;~OJ=;)E$|+Y(8-
z<43n5XmEyjZa=Gd4sbKdzJnGQ)O~r+efwCFr0#Md2I<6_Dk&X%5RJ=(^N|wyYAT@S
zGhb5GI&)gEs|hZV_aD%t57Po5!7TmUBws4#0)Y<6e-a#yvUsAOu_KnPl1WIB5Aj2z
z4NCXoUpa!h9zTAv{p@xTxB&qt%E~scwD~BL@><R2vno#VdCQa9;7Ng-Z5d)VH^gj-
z8zOwBX^0M!CT&a2=7z{2FhnwaFDjKCq`fCzeLBi6^ZK-%+!!aY7r&LHA8E;jpUpW$
z<p`T3kDm#ftc(fWZP}z-S$v+bN#U0#lTDr>nRh`|<!(wyhGL56l1woMf+_+?|3osI
z9_}rfuTc4alVlc>Q-VmL4BC$<cAW9<2P=VIY)Z+7*m6-z-(({-yc$ciV5ME2$nN?^
zl5QRLA<VcXq`XC0hcU>qYtH9}GI0XJ`AK0I^i){%?%U3k?j=+d?^ENYy8|X2=O~}!
z7M@4TGTg>vR$3H7e4Z?=fE#J@C`;m^Km3GvG;NWVhsX>w>Br+|+eM@U9FYSe3!$qU
z)#o}Dwm61OTG(6SJA^G}TDF+UZ81~WB3ZG^NY?rG!Ax9WiJ5cK%x9_)<VQuhMT5io
zn-7I%5rn*F@Cu}7LC)0n^0iLwvu{@5E>jq!n`=m^yE7)T_<qL?D3}*r@x|a04?+qQ
ztv;6&-a&Ln*xmO^VcgGqOW{4yHT<uoVAXd#)f2WwBf?D7yFlyWO_CdvLmLFI__fhz
z;v_Po^^M$&rrm0Mb*4-vomD1Dfbupw22yrLPJE9bHkiSRnCg(@3}YyHsJ9qs^g+B_
zNqQ#*&ZQob8v}MX5)kVOrh#$o<DQ#D3QU4-=AE7_%wWP<#F7-AC#eTzNamxE1MTa0
zh$Q2mFlh?=y#~ol`_WWOGK^cYX)QieGG$^}T~f4TqH*!nd@!AdX((1`U<I-E<%8{b
z!9Lj#`B%CY&=q{mXxTLgvMI7Uidj|@oXVSE-3TrsWbjai$c3iU^P&0W;om~EzFca8
z`F?f_51o+HqY*>CdCfy!;dhF?GXbZ`QaP>#qDcl>^Mc-5_>`7Mk>6^P`MgQyizb;5
zCd4?!ZI<DN;PZL+z#-5}E^_BV68XV<;p_5Xi^Pi;_)c^a1seAC;&}$_bSi9=U=9OI
zgqM;3(-d`sP5sUjO47c@p%HTD=P50)+Aq<Y{vG`;5h)<%L=(<~QgS7wZdlA*JyxIM
zQ5OFVib3URA}>Xbize*h4<o)uiYX$7gF^m4N%5iiy`}h+aBTkuDJpensnWkH$;qO@
zUsbp*l-1R#DP5g6pDE5yjQ$n=NfReyc+`YR;2l4@?bc~iZ#Uk%?fb=yh^5)N#EW?q
z*?*ZiqkE8MTVAZnlL<{FZQ+^Qyy3#cf^;_{1yGm?jaRZ^Cf<d6@Z^m-7Ek1+?@>=c
z1Za?#%q`En=A#sD<d#tz{1ro2Y|N7)JZ!$@TJpJT;YK~%D~y_a2Uodi!kOH#F{Si!
z6X(7qKAoGmQitC7`;=1zGoNmmIVlG|=c=wwsOLgb&kymITXl-|^;!?ez}zEb?(_fN
zqo2(B9{s#~rhd3@vYJ5@nxM`f??<6wc;K5}7ru#l#4L!~uPpB7vr}KpH|1H5#~->$
z^!;U6^hsoCH*k9fXx28GM_mQj9oKLei20}kv{4j15AbA;>wyl)NlTG0@niLn*>F-b
z;h(a}N#*(3f75C;ADOvS=7$O?Ktie{uR;BmuVuF#tL(@DdfaOYola*1gT0&BPSM12
zEk~8h9aXMyRAddpQBjzLh`XTAT<)kiglrB_vcTNnFgT%X6i#?!wD*j}rR0z3wQE1k
zth8?82Qu}-+1wjz1(}w!$y63Q0R_Vz6e~q8g0<m6NCUCpb4ueGtndkG#6%EZbI{=4
z%aTC<xxFQ@Ls<2{Ljo0iNGc>iuU=%qO_OW(k?mp_!TZa0x$vW)T}y^b=~rbR_Az8*
zXdi-OGO%3XlPxigIjfky5e7+}ln0V8j(KSzD@=aQDXaUj0pT=Roz+}G+A=LmZl65R
zTW-HWF~sq|!E#1IK0TK6nIZA9R*Ep3Z_FY4q*^}Ky47I4Ea|qhis%GHq;BjPozu$t
ztoNu5QoH;Zdo5Hx3lb6=1QVdPMgszBYg5t8_`p2Z&qnOEB<2*lAs0u+Pp+4)G*yf<
zFh5&;e{VtEEXD%=Y^oTWexiwqsUnA<iIHK5sbUbyqH?|FSe?;JFCIwG3oG+9p&F6~
z@lo^;M;MgKTB$=Tb!t;w+7!1|nyHm$X{8>m)T>R&)~4iYrFmLuzBZ*mn^M%-5w7<A
zAhe0gmZq6mXr))2Rkqt9TXtY)T<eS<3Y;##Q|w=rAL{jQkdacif()~loV3=?y(Be?
zNyB1ei92)JvD2I-kPx9oJ|#B%!r=XE-_LsM@#hfl3D_ovOK9g@;@|w9CZcM)2Y_5s
zff{iL*czJjeDix~kLFD@g!V1`1J#f$#uRVbS;b330rnVTn&3#7CnmG!G|y+TQ%*GK
zf7LwupH{6GNnHOH(Fez<csGm2rCt&-;%bSNOR<GaSBBpr^KjB(qwmD%d>KQgdPEKG
zP&YcP=4{EN;;b?`)zh5SeR!dZrq}s=Y`^?!t|Z8c1TIBLR_BO1noAUr>NyZ%VM%Im
zG)f`W(e<>jq>pvZ?rj>2g$(~$Skel0k~w7YUX(*%B;2V0>c)n(t57OU%JZ<$fjfFP
zoJTC@&>Zu$;N(3J7qUC7P85+zA*)=hkK{rsGM9=QrW>oYeD+{%k5qaioFNq&Y>-rF
z`yv;*XfQsu_MYBSd09xsW%Up)KDMBM4uZ85(GX(`k^#}AO7=*_Mb!e7US@ZNt~UI1
z&lgLq29*~aC@dip)=+?dnd~YN6M)#9BsQLRP8-oSeK%U31CDL15Swg?O;#3v!cC0C
z7F$+|MJh8fApB-2fAr7<3Ish+kaq|ez5r1IRDi=ly-W&@F_)YCsqn_AL=zSECg}mM
z^*Ly9%nNY#X;?%vhJ=-XY~%jZFnZI`T9sF5E{Da+H{T!kV-ldVYq!?X!uy2prH<0i
z$U`N9gb&irp65eFit+ya(g;N>0OkWcrLK!)#McqZ*}LLJCv$QT${;Kd&W*eeq@{QT
z5t7Vm`k(y1;x%?u-9zOD?qm<`CYL3vn-h3_8(IT*PGm1|pd)betk)qZ_Jnw(N?Ayw
zCbFs?XbW@1C6t)CZG2DMOm;n2ri=RYJ6S4E6l<FeSoFM9#9SPKJN+zOq^TRT=w0{N
zKKQ;zX^SL=%2K1xQ#4Yk{~c~EK)Sk1DN>Yr+EOH7mAWs3&hRM0SqON^Qq;JiRj*rC
zV7~03tKWhGR`byiBTk-C0I=0jihM`S)5Ne7U~e3N78fEP#Q|gjY>oq9x3v^`13yKj
zO8qN5L9os_O~UT$I9LX_SL!r^EaO;Xoy`$h$a1T?H&H#FqAZ$3$xkesO5Ec>ha!8Z
zkHsGbGg9Olq!%TGus^Vg1S6>p@4(pcc7rIF$|#bRdM7VeR5Y3L;cYVHQ|h^wHY=P$
z6nfK%yw71h#ONKyL9~Hl2yH^=`zI`ZKv9bPnd6Is$m2!$;M6PtTM(rP_t0_d5yb+c
zIFeT7D=p5Q;9TuaslwJ<L5&>TY24vuQA<}yG_XCPr-lZ0Pl_jUdd7Ly6LD!^QwOEd
zJ_gXQ!>!mg#$Ulu_qiA#^xnu5-@y9NUe-K?Y|7R3%@1CvT#c69?NAZtlD!|x-lJ{4
zVD^XVQy4-Ro;3rJ4;Za2#~teKL7JOmZ1e?_1cs<w&4Ntn!Ane<XX0L9QtP+o3Qn!1
zdqAwTj}Cma^^@J7?W*}=bj=B0u=JxX^z_N!&F7o=3tRjxJ}jAihMmBlZvFJwM+?14
zm1w|8tDTi-`SM5D-}o8aFRn?box^Z`@*(|a$n>inQa8HJ@{U8pVaQ^(cZ{e5y_FYA
z<&H2y(FozEQk&4+qmgd#jq-}Iu1XPX+J;fwve!-?60Tdg>8$$wRas=SG(z;@911YR
z_m$(+SzjRw?N^2kv79>IlmQtxc=Zt)hIdY2^&)k_X{1aXqI95#5-7USP2j|XU~&_}
zno+~w$#{!{S1fMXl`8I!Xq&K|CAkT~g{XlOGsr;5R`5!eb29q~8R->PY*G_#POqU3
z#>}dkuM^X1n{3%p8MY>4OB+=djlBWa1iQY>&#z&3J+9c0$BCur8l6bc@;UaRY$97N
z+&nKaJR#b-7vusnTXv^ToQ3XMVz)!mTANCHV^83W6@S2m>D1y&V9BzV=mnB0IH)j(
zh63Jcx0~;*#NH-uI%Jc=c=<BCY8Un>ts!sn&F|l)tOONW4$s1L%@NIiV=~)+9?@~B
z-8i~cU&eX03uj};>sbk*ot89AARIZ2=(Y{L<WP(<d+bN4yA-8<ai_ZL1YRrHbLYyH
zdv0EtwrAAJ$evNkFkK%5UNjqa_tDkGjbr2&cP{q?k3pk}UtlZC1^sKPlkg6LdMrU%
z@*$l0jkjz-1AKHF_v@TV$D4!djS1SJuH7wrW$hQFsUC%jJ%<jl#lfn8zLJpeYE9i6
zD7g02Sf3)zpRKlC4GrK$6C45H56IX<KImdDY*JDnf%p8Pl%$D)L?ky~P6DHsk!)*B
z7Cy(e&Pd{$+unKS9c?o)lz<oAZOu6?69Os7v4rRF7{hDZzNIEb#r2I9x6;$2+r-|*
z5jPV=X1roS(#q3SvMv~{QddhiL@SHa!fsDCGmch*zKT$z*9Fp$lFG?s&Dso*PVZ^$
z9fY}BC*A^1^$WxM@;hO8*kTyW;dCwgvomKLU2cDNwgzi~G%e!R&-tMqf#(})@{_>+
zh7hY|x3a#98VdMH#cu6~kX;`jYJ=Vln^IdJ9tc02pf)F9fvkQz?phOCj-$C?)2qz+
z?%}oYoV+Hm8F6KDUK3cl#cKnxNV3CfyWrJl@+z}z<U_O5RYKCSnaASA4~AtnZ3s`E
zCH4qYO=!z*nkl^H*e^+~mV|e0FX74Ty^DH;z!{R+!b^#m$4Gq}o+uij;{q^VJF_kC
z+h>!SeyY=nD;LpeD}TXl=$p1g0{ylv@h)+>TU=fdmsiDQ6<s(d`%=iV`v&^5(cr{v
z4F%x!=pq_Z*n{E_fXq~}zpo#=2xv&=epuFI8jR;#{ytxAHU0e%*$bB|Yad`A+$+?w
z;zrL$lvfUEn@!Id&d(c;WuUp^Srwu<>aJ>xfb(%g+GA9@&A1+q4m`fWnK5V}><m4p
zbKaKQgDL7EyT%`^b}SqbUPgoIkKs&H-R{1S>nE%RWA&&2h)WNZX_NSIH9~-v4-;?u
z6)-51Mg>)dO~QfOlC;us04?uOCY=A@=utWF+K!dc1F!vUWrnz8WvEG5oe1NBd|37Q
z^fc3adVro*&88=u81NIGHs4H}j3<JQ!?j7mQ97J8PuOp3vvUR|I!|YRWs|L@P4bY+
z3xO2+hF5kWh|u{t5?hGk+Y)U^da*5W5M6kO@eL*uv_%td>I0$423nl{14QU~q6|Xl
zScn@x+rm9R9)Hd07NMV^FdL`z5(ixbDfF>Ge=$LJcIpBX>unR1zzhqt$pp#lLkskt
z2})#}EYL?BM27>tW`VvjL3Z}61xn)8ffHtnEzo%;NM;XOpes#KBC9k(tCqtA=&Xb!
zHp#;BnOMopXMsvhkb_-mfx5Zv;Pgm#z5o%GRF-a~kLOt~4<xhWP#~Aok4=z+eFYF7
zr$Of7RSy9UtyKiFu(<~*rGTo@q>#Z*_OwC@nnqt=hjsuTlgPT@r`nUq8rw@8;^Gt+
zTIY|pmxvRjO2i3LCA4Fsy1hi4AXSntFbn8X*<MoYq2CfBHAbYAi%XG-02kI?;-d#}
zCf?vX_aRa=tD=`CgO@Z>4t-fJezi`u$R$-Jx67Pa1OU`-U&zqaB4D=@p2QM{<LCXG
z(ISfZU=RK^2soeg1ygA{wE!*5z{y7h=3{}zG53ful$KhlkNKH6FcI%bAe|uoIh7c5
zic@`BcBcq`js3cLpd<PdQMBlptosJ!w(hAUwID%xbU$w1BFT<!l8Jg`lJYz4vuPNU
zx-@L{!`eb7MzvYX2ZcVxOA$-n#pvU0;L#~YbVQz0<of#TxiGdbvIS*K;vU3E*bRmi
zNg4%T>c$I(m(l@@KIN4TJZI9C#_<C%!%e!B-pd7~6&+AwBB8Z(r#6n0nlZqjvKzLl
z$L&EkorQBAoq&`jWM#7(eT9s0hnK~uzBYRa953FpC`T0|E^yCJ{NX}AJI|M*Y>KEj
zl_j4;hrF`-3ZnJTa)Mi0Q>B;_%^BPhe{`FVm={rMCOz^Py1tf(HkQjSb#GG5@jc3-
z=_rqL*3hXxq1Tx6Vo^EO?ud|0Sx>IW(730}h$rsJ6XCBBadT0xsEN>AUI?bv-i$Iu
z{E{cv+Ig^GH=q_q4X`7faR3QYi%>obgU$qqyb=#^0Px#*0NQMXueVyIpx#Ec&<V-}
zMdN|k6UZ4qi9LaqF*)`GX&R-mC!$gqd-C9ENNuu|hwI=N)Q6}3v8OS3O0FF(Ni$$l
zYBx@`YQ*e<jKZnZUx8cE>S`CrFteI@mryU`%ku{=LJxA@05sfj2M{TLhHsK_MV6#N
z3URIXvZ9gI=@h29011)%k`Z{gS*a^S6{uM!5pW~wYGt8NiQ1j0)O`wB;mr=E?lA}(
z$0jND`8|~V&gQ*x6EJX!j>;0$Zl|)SKPA_xSzlYndZ6Qfn7dtK^#1;!f<rwH!i(~5
zvLTi<*-ZMImGopR=>{`tjg|C#ENPIL^jj<Gl~|H&CaG4^+E`KqwoYu!LXuhKUUlhC
zR~D5~TAk{TuSk20!XH7wa$pc5r*^(o(7Q3T8nd7%!aBUZJ7P&cHIu%ul0J<kjWv_D
zSV<Ik6q>%uO!_mD&cgW^L~E2qzo5iAwIQDMBQX;D`U!ULv8X2}Thu$vBtNG<mFiXC
z3thlDKQD&0!o<45B5*}4X{ni{oQ1&f7*@c<ia>Ilc3CXx7BlHxE9tgaQocwMwLa=|
z!kCu>%j!CO;5PDK91z59&4SCzLsgAF9`s8LW%6?FiV^#&FBgJwevx9nGIL)n?XMzD
z6lC>s+@Cl4@3M7T{hbN9uVuHR(f2d%jq#cbpJJhhOOJ74@_?p84*M)h<2w5UO%gg=
z8LzYXF_sDhOOZE##cQI*k}fopp0Sc1izV63BzPW?>zP>6SABT>Bb8Rt@>tS4X3`I>
zq`$<HUNw{QtfWn`q$ka!{#MfVSklkUq~jPZnbqfNQSlaecdD{zH^J-F56!BdRYEw#
zcCA2@v7?_3#N%Sv9V=vjC`7bLnl{$!z;CA)H>5}nZaMzm82%pkYq)?o{AnDYI>m^e
ziW1(lw_iw77UfeK&gF||<7kZRV}fiX!z$74uo_p;O!_8~h>ON0nT;zwhBe;A+6FAn
zau0!P%%s<11ZoRv!0s6|QcXndOd1C<t|8C&vwudT%|sk+(dZvzafO+5MH~(4C`~>t
zjv+o`BHAn(SI3g>GL!b8OXbzPIhIsrCjAvjmWxGqD$vSfXqTF3FLE>zXKexX_a+y2
z#t=_rh${cwDr!zF>2ot_hLxnolG@Cq(Pt;WB!>7K6EVx8@l-775i`lgX^>ZHJj0y+
z3@FU0*fb|$80XOI)h4}HF#_O1`+cmafo9T^NU~_qfXS4`D>1|a=|UR!S~T8{CB1JZ
zO|+8UizPLgN!MFRyJAVdF_W@*$-?zs{8Od=rzrj0&eKe}PmI*GRN*8s<OrtGaHF1v
z?}q4j4#bMWxe(lVU+o#G^p<D3QrAG1(v3Bp*Z56pu+(xnVlgART2TEiM)iL%1f(W0
z4OF>QQ+W)AhAS;*lFv#S5KH<4k}T`=kq&u_ZkKAPSWrv1vJ8%8nfp(&{GEna6e!7y
zWueoEzpoTJRmG~GIc75j7)FXQ^(;;dK`)3Hz0o~{A%x+J75E;8Z^Zt1i<b$pq}65;
zt#+M-uG*bUOGwGpLV>@691KLN9l@E@ztwB>`~a`sv>3@d1xe#Rs}7cqM0eezqXHAL
zgcJB_jDW|44?PX;FySIvHaCWUh=ypE*Ke16V9HV)-5a-Bj99|Ni|$FGq2|$>YK+cu
zL5G*RC<c8z4ywnX3k8(TXB1>`1cuLQz(|I@jlE~=+qZ~;a$<w{s&B3;=kvJmiq{cE
z2v;T3nk_;vO?OpRR(2ggh!vl5=pK~Q%462r;hffqQxM?zh&%kO$y4y+KYfg?L|?{f
z+Cj7MQ1u&v3bt1EL$u^2Ae-U2JpEA$<f*$75a6UUyhSYecbxYW5N@U+9xZRYW`Z2-
zWe##3<vDFwg5;q+th~`%NXcx8mE(RB<X}G+IgG(9{}oicb(B?SwZK)KAqdGh{rev;
zqp-I(gCVKvY6~nldW#o-KIjj%=x;GW4t9Z{k4ny(idM%S$5ILc+4Nc{dldJGjXpXR
zRJA9|@oPmU^`#uPbOyneQi`^8I(}p3fk8wlDc(j1fRKnE{Iw$#+e7MXhmBiHP*_K=
zY)_nn9zc>_J=L&z&&)TEp;522A6O|LK#0=Vhk%1za|6n1BAgBU*H=S_w;wxwxk&qf
zFaPDQM-!wCQ6OYa{EduWkEP+#Xk+=cbaa2-4dsQ=(C3)vJLxkQ$b?3O6|{Q98OS`^
z9)=H~gV>7L923-Cy`HGyiFP|U<07zF`J*#`X%#TD{%A12QE8kk6?6s%8EK8qfsN(;
z>0uzRLc?b6;~P42HXD6JrL@+<w)s2xJ*`S1q6^~zNlp%Au^bt^t}(fx^@;&_+dLt3
z0bY>1jH4S_jpfO<hR!R>l57oS-h^PX@^-N|!ASSjZ4V}l3w_S95SEXlON*6Q<^-!*
zIAecDVaHrAST5vT@v*x`FSDmh4YD#y>n!{LUtf^D#(9Mu^ZILt$1ZT$jvyG`I4;^S
zK00pv*awf8)Ja_p9pN$0)*L%;enNQEt_}1?yvp*5Qj{mHGiCXTTWke;``_>}#<#&o
z1?vzZh7(Tau@&Pg2)}~;QGknl)ybm1aDV_WHNhpyZ!OB;BDVApJ6iDp6o7hqAj9nX
z{h<*xBl3btm2ag=#%<v$8%W_4GCvz-Qkxp`h35-s5?=fk(6`_fu#OVSH3q9EU7<@s
zBIMyYOK{K`#<yfFIOxo&w%Ltj?bKT|u;vj|BUyRnB+lX{vr^s$MM)r|j`<eoBg8L|
zA0QlvmIPs$2ciM{B_zcTL@Q)-UW282rC<^)&#UFp@!d|ohS^lJsMlfkJotW)P8g8G
zI4g0NjD>Dm<aRbZf!SZ0MCJu~xN088p$o&gRDCrIF%k`R<K61|?Nyg+ZQ=4naSq>j
z<#i-Aj*T{yB}&?{hOtrKSgk9ky|8=Xm!?T!DLE!@+xw6=w!@=&dF!`4Xz%)nd+oQ#
zOJh-SKl$m+J$^c;MQzDza9&@cb=GgM{*+hn!Q?ji`YXfpY`CD;$60-4Tx?>&7OW%g
z!&_UK*ImD*icYD-@X?*z;7;-tZVny6i*{6XG9=ovG01TFae@~HNQg&X(yXLR-9XO>
zP)47{^VAJsRj%J+Ihi-ffe4v|-H+S07jB(*bVF>v&n4SYy)sBsr9dAouLW^pKW%!U
zXG1RB8cM^LLkt|LLI8X&L#OW-Fiz0izTsxXFcxZdbaLDD1~9OBhWdmGmLS%8=@tCF
zKnhpUNl*N2K{wta^U%_M8!DGY?x|a;YXgpY%BCzrXDKzh>hP(NXK`0^+@sXd3SZ6f
zT&4bb+|argR+EVo_7~vI*BvNGYe!XZc$y1G#XEx!qb?6NNjL+JyMV4P@O^iq4UVQ1
zhwk0X?G;A}4ip>~jSprN-4aYH8XYP&94j40(n`s&ucY$|aKs~i8vDZkB!ZKWS6@~J
zSv24<pj}`^!>*WYTq|i6_ypb1<`!^aZR)VZ^Lhst4@Aka(8mOSRx?5h-YxPg>s>hK
ziSp}3{_rh{`ilP{>Rb15_G$l?x@(5oJtMSFn=CaZX~z!~rG_p?x^TXDW!OwVfa5K;
zV)aku`CTj1fm(usLaTV|iaYhx3y#{bTMgy3sS&zh)I#d;`NL}ojB{<dcnFvY;3`6@
zU>^b)R-cE8HFUn2usjWmXY_(kSbfoi+6jtpDjY|n$ETw%5V-recc5LYUbahk3KA1q
zT<mirkKujBFJ>;c(J^T!NE{?6-x)G;`oj|v_u;Fym-dJVI-SUk3eq?FelerLa;353
zYH{jouN@MXpfG(E6~h*Q;kxDpI1URs`8wYD#?Br6_FZ6eWydKCj69H_9o{E`^qbVp
zH3z~E+O*^Qz?a6f!#Hd)5A++Q@T~82l`Kcwn@VS_C=DG*<rb>1*aZ~x*#1my6Z#ni
zgpdphTk(S}P|zZQ0i%k8_(};NwuMJS;?LBN`L5B#F8Qw6*tv-f{*6g6{)@uy^*9$N
zytu#AoG970XonkYYKy&blx<X9GhflHm^_8;;#A{5Y!TbYauA2of?^&h7r`tF`0JeP
z4^Srej4Y4T+I`LZdob5sXwG%f8&4<iXN2mHR!tm_TaWQW{N|My#kdSBF>b`=>JsBR
zT&^iGuEHh1#K^|w+7jbpT&^oI&d25Y5~Ck31to?Pm%<Vw5tm$=E6{<}MUxr5Pe~qt
zV(E+Thf0x-#u#6dm^v>-O}HZ?AJQh<Jw62ELr2?+@d_H-0pGM9gG8~~Vl9)giL@u6
z`)XxT1d2or%kWML#i$s?(#UH`5%kb}I}4Vr#fjn(I)}2YINx=@Kv-oy-X$JiG#~F3
zkH0h@?-7rW;*nfp{Q}(7U{IE))Q`c46kPUM5E+3xY@JzBjl}U(gh%A^<GDVnEV&t1
z0_O>EAs*EzPP@PhAsjwTz%S--yRxL83BOvv`Bt+iHv4>siV>Y_1pI3}s!>^4@(&Z9
zFW?_>c%ri8uO|Fj0dL{(BxT7e6Mmh5|B1tsl_gJ`@aqNq7aZ<TmZ&DYfWwW2YBZ&4
z4lz<F0QacT)T%oPaHjy=sz%eQ`~>*10Q^9WI;(CXz)u9AK#itX4JE)#0k~X^W>j5B
zfS(G$05z&qISEiH0OGJWn69U>IA1BcKj<vFE9fY?7t4tEggBzdNav_E3!#Fbt%NdT
zOht~)g@0xAkKHD^8m`1(GB+;6ji){flqb-CqpIPeO*Gh|quw5ep;2jJ|F3F}r_4*{
zjmyA!xXt=%wFd2KNYFcm>>kIR!ejf{`}`ex7r5-Jo*Gn@%=dj5ncCOy?=t#!eJWre
zj$R!wX3bhS+Yv8XO8l@V6(^O3)kByV(9VWT_B-tCL9^0Tnum}>7Sr}W@R{FOAk+#3
zbNc+JEXqjmy9HdO^S0x?{GYbqB<@6P&#7xx>J}5xUDay$WkLF>c4C|p?5B2Tg+d0_
zIfe#{)b7I2-G=yt(aXHhYq9yq3F5IS7uY-dtc#T)IBpCPykk0tKi*dvnHC5}FR_#G
z960Vv=HWGPd)k@P-Pm}H;l&sX>B=N)?CuZG_GVy+P!=xkFY&1wSCh6?-L14lWNay(
zpH+V}l!Bp0q8g>`G_83J{%DDj-sX$u8Odtv6nZQjgME`*;Y`cgicvna3YGSy(~pGV
zcp<0W-?oW;X6R00YoT}Q8g$HJ4cD3-;xm00X(!*`uYRehCsXEMCZ>fcm^2_3@4&&)
zoAR{14dqxY!cfX^w-qOWqjYuClpd&0MIE|RLQP<8Ix<xyHj#P4_26}DFj?lk1eJGT
zj~I@;%IOS`bP&(e=^wkFA6Hw(haB;WU)hd#(dYm?endE3Sq_X(-I!^KJXW`Qpi<q?
z+f1*GMz{QWxU%SK@>C~Nl*e*#6CNF{Z>~;WL;5oYXnXlQi$CG?blVnRVMpjFsyzc=
z398>;{S&^sx_*mNN8X9sz0g*-7$AO)s?JLb%Q$zv1{*?+!4Opn=1Ga_F<U4t?9Xc`
z&%dZ-w2_3yeUYa`d8H+%y@@s#cJYmd38B}Ghj@1)sA3kbwbyS6UJK!gz5HFg1ZS*-
z(Z)3(FV{zdLoDh<l+<xveKe$?dWDCo98?@SO0(F~!Xs7v;)^w&=H(HVX*rklXkjlu
z$^_?z6>&ufn~rtm-Zlsrd%)PZ<rtN0(o3?{?u<~P;@N5Nuje@VtdCE}s9`&z^IXw+
zZgyEIbYSkgHMc|6{35m;Dlc6)4JW%7g(Esc+6mYv2QCRX+4;PC&I+q*cq5hq8LX6!
z-9yQ=*|p#N^I=ywZX8*n`H$d~%nWw9r~)F4bo>oLUZy@6=oF4>G3h8Q%Fly!M(5=L
zNns5f3Gu8gCWecBVqxS1!^J8sj7}4y4_j+t6ab?SE4DB`GBNtHUs)Kr!05{^u`oV2
zG5WFj7KRLreoV43A|{5LO*S#E1A?1<CVB<6Dmx=InAhp+7_A`!6M;Wadfh~%Y9He$
zZV1C+73U3{hsR%VBvd<UVkm46?-(E$4=@yVpM{agy}KKd*l1y70mH?{Sr}<1Mj!S&
z3nLR4eb^8SqmPNvm(^GpZea9fDHg^+6Qduy-NJAIqaXW<_YC0lLKDNyiYyE#Fx+gD
zg)!K~=+Dl#FdV?>&t9-FayZ6ifppf5LsZtohl>U-%tT`eCHR)nWmDK3kwGuPF6->T
zRa4lV0E9==3p|*E@|V##YT*=C8bc)?7tMDCMonQ?6L6Evca5FQ4!ywjRc>1RK=yMK
zu2<!~O<od32khJ*G$!Lv@_}p=yf{8Pg#fHeJvBJAo9*jHk8@14$xMbUG>Kk{!6MpZ
zE*xJT9A7@VUs+?9;;`&!3&W(jf_=by1GJ%sXm4J)RK`5pj)KwDh=xEvq2R#uRHV{3
z8D6w<T!^_EU@3rgVEafcN9~uiqiM3*o(lT&IJTHk#7!2vS~z1aFvedGG&j=M9?!TO
zpH4t<n8MdGKGn>wwTjClt>9b^!0t46tNZ~R(l%#@nGfN7o=;`?2!?~I*Tp*yRPWsZ
zvD|}2ZsQ)x+SkmAU3xq#0zGzAwl8IV)5<*L;#lTA{A3fCVHE{@$<e~H2*1(7e}H1l
zg4NdrKFv!{^OxT?Lj=}a2!3?$1FCw4M4^lbjaEl#emSxZH~K0XE3ss9UzmI!HD;kB
za8TTWIt0FPmpkspx)Bt_YN#7AqdE<rmucBQ$abXjB-}0kS`T{;nt^H3cMk}V$@rRJ
z8wLDpPd$esLT}Z!(-l3PV_@jlhO&MJ!sIjzpk`qFLUa#x*Ui9AAsUkgJY<dcfNTjj
zMSo~_;FiEZXfK2PTIPluH(>&^;-I85Oe8UF*EV(S7>u~EwzF&J#V5%aE^fbgXUf6B
zcyn4Ck<y{r1}AAYilk8->dir5fp^PCTWle_tr@R^Bz8u|8i&N;QL(P*R~S7}S5(0^
zVKhLW;d9WOOB@n~Y8TPJ3i@Gp@!^6vPxmR@=OA#%kIOktTO~x2CaRXknrIVHcy%{j
zNIb|JHN3ZgX#V8rb<uez*ep((&Uz@A=fGY=dJ(-qJ>aO1R)0uZi<1k+G}%_0{hzmE
zcEP8`we2*`*Jq!Cs!!3oG@0}%D6RMu1>ZB-KX@nT^ienMp3Fw0Pz|_Nmny0eBVG;S
zyxxll4}w8#RcWBGn6<P6Q|XZv*z_e*@zG$L3;&$qSH#l+JRNYd925?mT&?&386rI2
z0hj(LiDZn%FAyf`pZ9QnOm281x3-nnsDbeG#hYj2qLp<xbqjF60H9AscyqXrVsBx^
zzV!DBP8x@%^Kk;mi3&D`%Ywh>Vt$X2JcL<vfxd_e#JH@wKwI5TrRx91wO6;3N<<$M
zjS3Wefsfye@w0Ux$xRNTGNzHiN2#Pw(Gk;oL~*hLIQ$nOoi0eH%gNG!B&5@Y^&j%y
zc!P*u=`KG+hp$d%cf=95D!6nhHw1jI_5F3I8xK=AhvjApQ#aPxPGD%h!NPd;3=EJ*
zAX{L?x!VRHhF6tcXfCaX*Af|HKpUbIqttFc!W2pP`bXOY_1JkqB`j|VyPIvtd3R%c
zY=+cgfuJJLB3la##!B}IgO8q!Q^L+-NCSzp*=Xbl%0oXqT4cV>61}DRhH&|QDeT^E
zJAOl5KVl`69WDk$ZVneG+rm#IaQ2cLQ%4nS4yBjyP}3NE)#{e2eb4}X!oCjWHV%MJ
z5Jw$~gz6lVfUP^cm}lqQH}q*NPqG0g)i*MnTcDmK3g*JVX$}0RYr!$P$>9sV1rL{o
z<!Cs!Sv!ybAAy&&z@n`!0UfAqQ)5yC0%wpHI3X8WG=+8TrP;N2P(u=W<O%Ag3E-;`
zWUAk{lo~&0Ie{R0z>g6JZStSbtsAoytoIQ^mJ`?sB+F#lYnox6^hY1Ht*RD_PzX<V
zOxIVAK~mw@b1u?ncg)aNmeJFZ`J)n+Q<j`<8owIFz@1U}?))NsImd|1bD0=NOpHqs
z8hDPcHGVbv7JfZHBVi?ny{qx-D6PA2imSTeY-9gyuuD#`q&7`@3sEG=$Z1P9yNAha
z9NIw%K6C@IsHet-z8qZ()aR%^CkF=8Aav*3=szUmoxnKs90_=nX$Eh|@o~tQZ+{C@
zGOH+D9lW#=&<fVPWm-oP9o<K0&W(@u#dfNOQrl>&^poR4JLrx07z5PH1!>;t2+P~U
z@+0~(H@sbV^{ClU3~}}r=j^!{XKj20epb!~pN+GdP0j)y!PiLe)t2OGEU`5#BJSEs
zY{{dsHdac)0ec<)3VZ7Wdk9Mk_MVQhclo*5tAiUO!40T~jvS}!=ua4nT2eZ7<ym!v
zy%D6NE1{z_Y#3O_2jyp##CdT=k&bw2XX@x$l-c;`DG0omj;=hLjt0XMI`CatuBz4k
zLokqpRhz*PR}yFK*%)gVpPRKRyy0z0A;#M2N_qxkPD@F|UT-B`c{U~W;%}YcZ!PDK
zw8Z)Qb&Nj|--;LAbcU+Xi2c*o5y~0^<73Z%g)ucMO$mJJOl;Ew>^!W_<I{w6?8_*p
z{UNm1qK1R|1k%_@3$)AxIoVJP^m`MO&MvS(YfTX5e-`Ln6Qr;sV1twY+yuGUZVPnO
z1odI>S)jBG41EKAFeO_D5W9a5?;j9xQx+9dlfss@Z_Ob0bh1^dOD4}lb!o83WSeBt
zSjYn1V1k_N#}>$Mg3{S77HEbE%3wtnC}@HdmIILGRjIu#z$*+Q_E^nvT##KN&t`o!
z*Mg_B{h}r;6<25iLtC^4df|cJu|;2^GTnvqkD`XTM??+93pbVO0{hv%X3t6&K_JK<
zIRO(B2kl33Iv^exd5JjDWI#0c^75hPT9Z{LyH$YDkqkyOWHuPb3N_X1c$)Iqk4f76
zySY6K&~o6IzW8c<C6;s#itm&Nly(_MC|IItr<HhQeg;+4T<qCL=^-C{fxT(O9uMG>
z=APud5PR=Z{mBYfnV?j*)&gxdIZkKGISA7nisNv;LdiUKW?U#>{DFVTel*?!60B|y
zVO<M<=E4fS<=_h)<%3jwEVw_W>3;-SXo9vPh^E44DI^KnT2P#ifc9gb5`VOlz);>U
z&&Mk%d0}~dxM)-f;^HoR4o=2`RY&2$hx@jC)${c?1w$R#OL2H9=qTZ>&{&}s;kfvV
z;_49W!&hnJWoy0>ZaYns<@G}4mN*TW3;=U2SyJlgrFK>d*Tc(+^oI?w0-F7jq~GH*
zq&7113schn;2>)66D&}d339R#7AQ>-4Kke#u|QUX$Y7ZOv4Vea(XfqliU)T1)m1_{
zxT(gg9QNRaINl-jkH~6>R_#v136MOoFw_yLAyfD-n)4EagLpX#-lW^W>A@7PG(k?b
z5+KvM@?a&=*J;=i$b{80euyHFuQ!o1m@4uIoB;|+{SqwV)k)}X_>(kvnSY-4DCM@k
zqA?cVH872ny@~J@YpKDHq2g_*&%iS~ins`8@WvQ}mz>F<ayo-l6lbvXOa^z8pf);9
z2ERpC(e8#nNsP?_gOuCiDvnWh9x>=42FHRyV`Qww)lg3Q)BTtrcTClm3KG-=bys{H
zKS0omeNv5|WRPG3QN0N5yk+TDMSsXEN~TgM7!9kpauAuyWfo|*339T27U&TZl+Gjz
z^rQ*OVEaGkmB!b+OpwC<Zh<U=a<O)R;uIZLO$Vw!IujLCo74R4MV<>vD<Vt6>W|oL
zX?a?OsRDsLw+r>V3O|-#bsrUewVe~=(lTdN?Y=U4#P=Vk!YhXa0?7Bcw0MMeAAiTv
z7$@*(1ZgQkP(Y(}8dr%_8vpf9#miR~@5&P`VnfAN_{qgkZUn0g5_<%9+~(fqvLaRd
znd(9Qal0wLH1@Ow`qBhBS%U@o&IF~ikOi`YoWXt!kiKjqRTy830?}n8yomwVQ)+Xn
zpWTdP_LI-3JQq7ievcY8wovj$jpZ<V@O<8=jazw(#u;=-DGa?I*~aTC2*W*N-3)tq
zgyYv$4yN5GEW@gv3%fM@2*szc_fQ=B1;Mci_|enI*v~@7j!!>Q_?29TJ4U8~$cz<a
zj8SHp{JVJxXQ7cGG1a1x8KY55G?D}j9>7J<;2>KthL*-|2eX?H<YZf~g|?nXJkaRN
z3aDWf;Sd<M1$X%HC6>JFmVyquhzh}6fIggKNAQ$lV|0HRkL^w86C!i|hWc0|Irq!x
zQC9^~Fz>yz7V~w?B(2J$jnCF9ylo{zXpdArk1z0zHzrDnQ>$`m<1@7iw>lzmUcV+x
z6vU=@3&GJtxu#c6`9`4DAPZ{TE2RQo`Xgqn7Xd4@Hs0CNOP@8dw_;23w5oh<e1TR`
z)C9|qOYmt`#oG8WT16SX5gV7_*Q(03@l&;m>1`!<ps7$HH4E}Qp#|YFc_V8I@zGfU
z4Eyp5TY^7UULU3%LT8JwbP_6{8um|K#@mtjQe^l(U^EopfFAk^q$#fl``AYDJWQOn
z6rMPv(CwW+F!rR&-Zt9Dg|oLi<{h?p@Qe(NL3N4Ud6`;U6JoW!L^6J+R)LRjnNp!t
zjs{`(Mw_iw+;7sHk=dovPD(^1`FtJ6!&&<FuHfGb-iggd$z0>cWtFhEi(oH^8rdlL
zc!i(+*AA>QV=goFQhEpY77Chb$2<38Q<zix+PI)n&q4ScDK>T^UFIcTNf+#?8H;7#
z&#|nA-DqL=_%8A@QZPThgo&brYkQRtE>5JygLq<H9lY$`5yIH~`nLZ@H83A8>`+wN
zQ4#iMYHqLA9$t}!CWg17od{*}jd!#k0UtuW@Nc};WASmeS}kXWD&NdRHdIk&f5$8h
z@Nzxht50!ihu9VXhL^fRqx4c|xI8&icX|su=U$<Yqz#FKZ7qdc=Um9md8DmPJ5u<;
zT(@3AN$Ivtg?s1jH4=H^@LSw?FS^~O%2+N&TT~X^9qk#EQ^{7`MZ|bwDysbx?cc*N
zk?V)qkqhh%gz32mq)6-_=UAzu!_851^@cv!vN+0tAZcAHfyQL&esJ!})ZQ)Jsyup<
zYD&y2b%$|lYb!jgJVFMc7TQAit{+`eFxI}DuNK={kgF3PS?<ZT&dfD;N90w4PLS2T
zj<@+CGaX%f=+v8XZ<bQ`OG;C7!9lx^PYCO`D@$qs)V9LJNZt|_SzGBl0-4ppfIi2i
zKjgNKl2RYav?;%A!8`Uq8>!##2<N}9KjhE@(Bw*|HhZPZgh7;u*%8zYXr_Q_Wh=9y
zJ_owQOeAI&V!L(qFAdYe6S?cMEa|iuR=?$NfY^pg*)VO-!c5&mu|PVVhsKVz$A}?i
zQ4sg)$wA7Zd+6pkPJjC`rIOuC^OTyk%nQjX_2U3EMm4JRh?nlui|k5$Az+cUz!TW>
z2V?u}E*I@)t!eo(ErsD7%am5^1>SWcrQ^+R%$^S#*Y}`kk(STX#L)vOn@v={bB6MO
z4qUyYSQ#N&uN@!q#6`vy5?sI&nWJ`G-JMX|dIHq7LkGBlM*d*J?H0W9phyTK;Z1=m
zAVyVK?yGJ-#JM~0+VO_X2YQt>d<~40dLOSXRIKd<m$h55dKXPOZWU%+c^cR(%jka^
zTolL)S}7esTO!KZ=2$$>a%9u~aBjW*jx=NH?Md8oy@lz9^j1fyr|a!L08iH&%_1Z3
zLKgp5db?WaZLF!ck4Zl;i-bh3i`Lk-*a1RK&1SmYOt0L}U8a^KlAlL%lgPQ>f{|v=
zp-QvxAH=D05_Vzka-?%jcH{GTVieh`iSmv7-pRd-$L5q?nJpI1u33bhW2+^#*d2&Y
z!tD>(aTW>U&xk<V;qkCa13#$L(ijK5Uof$W8y)SULH5{c@+f4F>sv1{-%wUUecE`d
zv~jl@Spi9yfH%KGtJsHtdD=?bfi=_swXOTHgykg6nuGiKU?p@hn}YJdK_;&P9Juq~
zYu_QFo+c*##&n*Q;M&%Mg0%g$?_k8Qb)(4~!1h&)CoX>NI9<+XINybc_2GrbQ5nz!
z5H!STMzPI8wfmfxVe|*iC=fUK1*)tIhDslw1kawQ@RJEwzl6q3VS0Cf&OsJC?88rZ
zi%>gsl5iUO>P&uFm+8TimT%Ya$;+@aTYtczKj_qgcB}^4o%#=4TA3Y3s?s^OF6`K<
z<0SMay!7^-)~4-DSnVywZNGKiF}M^SR~BVsOg6_+ct}}v5$?iuUOy6eu*2};d$nU^
zZKt*^VS%IHESzKPE{rIPj$(L+9LT#5cP041eP;Czc;iglc62Ryc%NYq;wt4_bK%9_
zY@7%|E2o;f)~B{Q3lD{kpvmB4NqiF~YDowvmny5Q$0}|(f2*FV7wEHO?Lk?)+krFR
z#>zTAWj)K8P|&Xjs<t|aqr;)jNG-$%X2;4ndnH$&<Iu;P(2<v35qi*3cxuk*`KjnK
zT<B?X=M-uuhaEx3;kpLrMW-ALU8mom-zN_{f^i7#9mv(MxaMIg4e2-|rSO{hGBV~~
zb5+WLV7lhe{3p;kQltqJPZ>ha3^h>umqLRLYLa=jsv)RKE@}il(#h$0;U}J;3PLiO
zu(sH-|B-PpDarvk{2uf`wg6P=T4Y{x&1*JYxtBnqhaSSKxzNxX=R<y;^8s1s&B{V4
zI35-y(Th<Yl$NjOE=RSz`e<37OiTOxTpImh(nl6m4UlV+Q`&+_^;@c)#&z1d#YAkR
zaivh+-849pQ481bqDL^griYhaA`~t65qkH7QDHwo=H&Inmob=McxK9_=Rcy)a}{>Y
zwQF63evr_y8kUXT8tAA#zRN{t+wjhO2t<IR!HQyh;=KNF?&DT6crMn8|LoAp|Lja@
z4W>o0NDK<ORn_CML+u(;Q@HqLS`94@qug>-dz7qCbZALhg^bBh90Ub{lOj;?kY&Px
zJrAcqcG-~)a9u#m)jF`Rvub_@pU>b;nL8rIP!cx$W2B%jlh6hWTTv?<vOty9F@~Cs
zD=sshqe~5)&BX6~GcmoD!i^H93@s76Hf9!1A+jx{^mZSets_N_;3r(i^>@#9x2+Yd
zW%6<nxWQ39ILhoePG+UU2lYICfvg?YjwSdV{l+*+nlN}bL26s0(IZi{GpZhw<`1sL
zTMdcQ{0kr-w=_Q$UKj&yMVc2v!*+>yCTi)Tp;WJonPx^hR~uv6R5C|53jTlWy$gI)
z)%7oaW->`8Ffao~jT+^sQ4<UhLIMc{nY<H7U`Rrs)fR_jLK5;anIXX+g`@{8!#GNd
zZM8pt{n@8h`=G_D_#}vc*0%TtTNNMG6Q(Lu<s~xryVgGE%uEQBdVBBx-p~IA_MCn8
zW9_xqUVH7e*M1!RI?8du>QMu`=td&tHOc<VQ;<B**+4?xbfdjH;(kZ9yB0Bi_LT~G
zlwx0hEqGq1n7`REu#=>tp)5pAe6IZ=NlJ~hOiV&T?WbKtC26VD{~(UfQ~MjxiH?~r
z+I|#=Pe^oPM#}OPMj-ooQgM~XsLAlMfnTWQB;Q)0_y!z)Zpwhm;@`|I>%<jEoZnBt
zY?vkpF~+?wxS2#S5k0V#^yXl4RseT}-|X-U;p`W}nM6x4ClA_kpf$z6#_I2|1!_|L
z^^QWK1Lj)Y+tDnkQ1yNSTu>dzJrLNyd(9eL&4_|{{KoRE$#(;{dt8_Gygm?ITrw4S
zjHzP>@o^4Lh|7W9+%m7AWj=<=eOR2@!d@8d-4VBqTLv+H_MrpVihxyMD^=S5)Y$yz
zRtI&uqaHSYA3jP&*qU)D_S)k{>*XnH9VEDbICCo10&N=(WvoBaHz82B`-WL{M{ig;
zHk1@dS5#~MD?N#2_zF_V$93~pedzxqDq-_~1ZiyZE(n&6LV5?tip$-1(}osDu>1zh
zZ~X_a1*r$$iK`(t4c6_k)&wnkT<U$hfCgF`hAHl;$czNCziPKl!3}EFCjTDoLeiPD
z7C7v;wgRu+-!hD$`lg9!qp12aTg1fbS!BihXSkmE(O1ztTPA(9?KM2<#LTYWy}Bin
z^n=0ot=vQ#c9>pO-aimfETAC{Sv4uA4*24E!NE8lX&fG^0Z98pnDD>?0pTO^1gu*o
z;1o@8Rs5DPj?4fyCj6iKUkEOYgGL@KnIz#p)Zju34%V2rRN($v|0^I9?qp>a$O_2_
z!F>AQwaIkxxy7`X@jCjD3*8Xcn)D_TM6-84&ip9Y=N>slXq=3D><8#?7@d^uE^$m~
zcPl=`>!j|wxeblH!3@$Cgkgo?R?fnfAF%8L6ot(_{zIGz2j*Zi3~#VZCKJTKDH43X
z1B4^(594Bu%?NWvfqZu_Ng|wWUx^7Ige1O*w@xX*h34WW&BVcDaoFGNO~ubz3{&2*
zq05xxX74!M@#;$s*#{5c=q-+1hG-=>6gPMvfkft&_(AFyk$NWGdo}?g)Rz@Xi`>o`
zx*`HUbb;{O2aj1oqlACL;4xYlPA<ZgYS$aPV>aK#bh40f{=}S>iH~AuA7OmQz!G2#
z3gRN@M7o8|$l*3}98gXy?X_+gIPezwN#ZVk%0Yf;`}neSMKO~yJ;wYLux~LFZ!C<5
z+F608X-guVvnnxd*O+3<c*KJPUIkCkpkDzL;uIT*PlxQy>bIUF^UxG@42@y(&^n<j
zkb?|F|F{;v;F?sOYaZ6Q28uBqUwiHE_gQ@}1{WoOccPb<4c=LM=SaLW@n7bhV;FkR
z$~#fBj?pMn%sNc1bT$+$7S0MNf9EG=ApPPqXOLXBIlXhl{xh1QG;czR5z@OvdW<O-
zqS0;2JE!#S42z3;kT%t7GZ$mxv*G(X3T7-BO05%6toC&^fFW%IV741zPRm~rl^=rO
zv?@GtNS{P$up%fitYLeNj$`U92tcMFy^_K&x*#^;fuCzIPm^3xq*^4(p@|wzv%OzY
z9=qXf_`Enx*#!?!!!PS~I80)N&TI2wGp%(I0O8VV#ydL-Uc7)8C_99tR_~1RK!UO>
z86<f|Bo3IJelsrTu-`_4Ik1`9ObeS}zpWHuPr-#Tm5w<SXBZP5sHpnNUtvRk2?K$O
zb#b~u_gL5`F5b8tiVoe!Y*ugIO$2nPP9(!XepLMlr8gnx&<>Qz%LD~RYBy2`x#q#l
z-xC3YCAm_#?pwB?7k3wwJWRVJQ+ccd%)nzp^4S)JF>E0K)oT*FeQ}OpJPLpDkJ@oV
zWv8s~vbJ33f~17*)W0ge0`?hau*8{wp!G-S%3u;cm{Yja$DXHcGll>iRM$SERp1?X
zO6f@adUfVssB+P#2CH=8@$nrX5N{?Vve?&^C!#W1&DM*W#dFP=0`r&x5|&Muf;^DZ
zL8U<p8lzSrD60PS9l9)nfF~(cWCcd8VY8J%ha9GZef=Ix_r<8uf3tbCcNDf$Ldh+M
zXs2OX85|3hRoue6h6^$+RNq6z^u69DfXiu3!f%>-D@YO8O0?cMKM|DN@Z9!;am>vd
z_PUg}6Bn|7V;M<Zm*%(NzCf3{8M=!989z?{-Zlu|ZVkF?QR^6noDImq@-ZM`aPy@X
zW2KAtx~kU$5oPx{)TIB(EhyIJyCR@a`TdWOEp@K%y#79{*^JrPPeUw^dLb-2FosUt
z&WS+2O3dCn8l%`rZE=way^$(Qhd`6n&vr6r4h>OqTCKVx61N|53sC;h^LpfeMIs;9
zG7@T>@!m+>JzCrydfaa#aqC1}=s!5qW08mzTEsGrcqS52qeWD5#GfM(`C0@vw*&G0
zkqB9fpijR9m3Jc%i6SD{IZ7v#b-Nl@VDiyXnxOI_r4$?4-gp{xc?Ontheq@paSH6Q
zlUO*0Jw5>=EjF3r1+y^v4G`5?)7iMthoyz}^u0L21cfVSmE&5Woe1DER!7QM#buZS
zy;ksgy(rg1VQ6xkt4=D#Ho7v{e2$i4>YMUpKgz(wkPOY>S(_+S6k-|cQZJwd@|`vp
zP9)0!f=z+cZ@+^~z88=s6_e5w<(cuy7Zvu~6M>CRfj)d|<CY^xhI=r-^%0(0h5J@b
zw}0zRyffN|BWUly^e*T#>zxFGmufE%DO%;Cjpu3V*PbP8WPxP=s#Qt7qA}vZ;G85`
zy%}(TBZL2xzz0h$g7t6Y65>ZLp-(H}^F1*o^o>wLN>mAjRxTk?lyC|?QF$gQ(!7s|
zE+*@pOJI8>QtRg_2e_f!ra-wrX0_jvK=X6aBm2y_qINO30y>YZY#$2&EjC`USfQ3p
zQv(2?*N6p6u#}Gg=BQJ-CMiOa3p(N`isqT%Qb%Ex77#N@gv@(_{V748O_w8po<&5@
zQB@2a*wTyhVK@>(qC_K=14Rd6cz`is<ANlTTo#6o3tKGxrtN$L6OmPa!Kq5u>z1^A
zk5yb04(|(8(eHMAqhmg;>CG44=&0J?mR5ytbfn@rA38irPF5d$oMaq}?2|+@sxdkB
zyD;V}yOK0qi4v&-*8&>kGAC~=AH7!vqo5C78tH?<QWJwv>nS^TL&$k6*i3rFi66mo
zJQMCOaIE#23Z2Ta3g0Iz&h=hO3P)*lHw|v4&PP-rb-=#<`vxS823A4ul2K0dSKnIT
z0$j61)9r;Cpga@ZQPb4NDQu*Un)+lV;F1Lgy^b!d8QxLbVL8w`YA=9rM^#Q;?|T{P
z)6q*)(MzM)%modEtV3|L0G15I&%=nK?5yHx%%+$-8rER3LZ6G_;MQzf4O~NezY2v)
zkl<>qz<!3OFt!AEn@I&|535D*<yeVSj$OF+qF{3W;5+e5j9u%BOgL>*4%$}v{-H!&
zv14dJW2rpQDX{rYRJti(>2@~xE#25$5w|9xX}6`D#YaG)So>3!uE1te4eU=^%&uTr
zq6_<MYql{Rao-qZ(yT1Z?M;wg>el5Xh(wrueFKfy+7we+!@CpWK@}J(04*$q%jAI4
z2yeiO)ky95_thdcK(=i9FTQ2s-+R~5<D{fDu8Dt=vIx4w)nlKBS-ltIL(uXNCUO~v
z{JZ$`97hiho`@ejH6i04#5g(<d<av{-}{YOID@?=DU?Hxv7t%9$DRgafd`0wV4=mz
z_G_T(tGA=qhRf0eK1rP3%r8l^t$jW)KQ)3b8bCg0Oik(+AksNvnuaFM-?8RgFg2-v
zLq`smr7@<+NXL7CDbd`%u9?QLCuye>Y*@6$6)3|O#da+jSd&Tf>y^oq=rOA-XXPmL
zRvUF!-a=}FN1}6G=V_b8U@%)-%Dp#)3tiF(EL0gErm&P{f(Qyag-ru@nwXRqr9cI~
zYUcpGJ`UPyXhsvv92bJJPq~9G@qHfV+Q0*M14@%J)1<s0IbmQ{b~y5Pul)!T40$R7
z^#w<E*s)-|VGrv_8(vV}KGc8Qr0fg(UmN%UtK_(?!FW4_`D)ZFVx!*<#k@&&5jXG-
z%0GlzKR`Z8M8LgtC5xC1`LHx`oC%+08TxTxGOk4ef0+l5Psn(#28SkWY8sDO;Ah&m
zL7y_RucJF7@mU$Zt?d%NtqtoSgKYj_iV5qA{Wr&+pl`hSj~)G+|Fyx76ZEfFu<hmO
z-v$pRm`;F)ZIAjlY}i25z?a}&8T>FlSkf*9GqIv<CbDK6^uO{b-`IqMAAl1!V>u3Y
z>+KE}JY@>|4`!V3zn1^Ky<h_SI-wWxReUwARk;0sIS-P_n1X6|^U<A8gI`R@I9Ss<
z5Ao%Q-=-CxiKF0DJdS&bkI&G0NzhU$PL$(t#}Ez?ML|O1FSPrko+0D9_&7}^pdO|{
zLZn>;@fNQhFak)3%dN!-d!EB&{U*Jr3--SGb%^UHsYbE07(>WqY``pL#gim&h{FO|
z%9G993D!|dt8p~BBlXdR;SyIsgjZVB9}20aC%lcAoo8%MVFrZTBEEv87}AkxiSSv2
z$_>J23yoKH<64cGYeunsk#mUQ$hw$d7cp#G_`#3bfJLy}?4r<}PZ1Gl0%Qx8kK&+<
zjD%gBa14k3ClZ#TXV3aIRpJ|TV>&Xy(0M*bzX!gee$TP?+i!w6h$V}$-DLc?u$AT+
za1>eGON>o}Fpue14o=v_Di2>dcpm(KYmg8MZYqft?VjnrQAE27TQ5)>1OnkQ7*nVx
z(`Tuulf$sq6fQ9%R5XGZzc6;$*IgTrwmW88iyH{MsY4Hd#MlLBU&mK9AH#aZT?iRk
zN5QMpD&p{AJI!nIjRNXUEWSBH7g3zqHy#hC<c$lL)%jJZ1&&ZMs<TKP+X*Ha!fpzZ
z52%Lt%+&ZmcV_;fo)mvkrXJ#-n?=G82uq<^SYW(#*4!*4n2RBj@gDD=OJ8ai2`-*h
zl+(+?63OxHH-8b$YdKC&o?n#Xv(1{Dw=xkK$w<yZj)kZH#7hU2cT7Uk6e`DM--miG
zQ<2mD)ZDWC!Eacb{6%GyPme-)N&es(3NPVsK~HSWEyzFNr5)S0q}Tj?1-ljXt#Fv?
zp-~(us)BPZ`G3USY6mU(ulPoZBv5<NM3i`zs{&}cDx$&qo2$U+$=D6Q1fxb4;HeeA
z1uIa8`8qh>1zBiQJ02qLz=VIL7Boh^UJtrW3mU6d=s`c%g6wLp9`vLZ<WR5BgI?vJ
zOL0oyt_Ov*RO8f>zt{MY#w@-!YZXZENI_+|qXv~YD9}JXH8elC<~%aNh);$n1>cnV
zt|lRln;J+<O<$~bV$?)0Az?#qvHC*+9iJbw_y!dyuwb$2_!KEh7{v?PkiS?Pr<I+Q
z&^=6yMAFw`zO$)rWQHhCYYG=F0k0vi4Z`+fnqG*uN)MD4uoX<O!488B-U@4MP>M6F
zXmTG-jp;Dn81<)*g~P2-b1sMfy+;|{;O1niB3t6p5Ipo?WQGzC1Z6s9j&EU)QEx|P
zO~O(*%o<Qt@J(bF&isr~Z$fOKGzTSS27IvSrc#Mx)oi20v1+#{5yVMuO+(z8GZZye
zO*>0bW7PzXO%3}BP=sCmGr(eMK}_0eUW_1zR<~qumD&DOX$kG$b#OYuUj&x9S|=j#
zQO1b_1Eo$}D2B>rBmBokcw*RB0ifg5+Y$6cDoO#1Wa0r4AcwMGPQ=x;<B1hat%)@8
zUd~x%WtT+>U*LNS&26Kmw>i-C&(IPP4$4ygV9uteaNDgEdLp9!cngAER$<%h9HX(<
z;?|-?>Ua$wTm@r)3JQG5A~n1X*CPbVl9gRJX-k`1o;UiavyQgw-3w+Bc%f2s$HX6z
z14)N&Lj+k9W_48glJeKM?CVw|q)Az`MDk^;zy1|cQO~Tpn1?bj<IBIJjOdwnYC&Vv
zK?F60%ZNACx`)Y-iLn)YQK6`?rkZ-`mLIW*hJxrWWynwZ5-hfNVqNDd5~0K^$R3gK
zEF19|JL*+&PHhxTVWde3h{reAEHuo~wk~kkqSn#$_GgS0t#RP0tk(1BeKe09nEVoB
zyIL=xu=9YeKJSLI!90BtMLf!hS;fG;KcrGHM^B)*A99?GwyTKqwc_EFd>EoH2iQ<T
zP??S=_pCHZ{9DK~V7Jve1#DPAAquDhEH#T#YYBw~kV?nH9Nuc9#B(VkTa?B7%BeuJ
z?;>skmFvJIEFg)Al@b_sX|P5gqKq$aDKzAlv`(gg?IK`tYaYG*4sUva@!^%$)*=es
z$!TQu7PrnJxB!{)xF0e8H7;<8!Aw~F_q(dpyAGq;iv^P;ss0B<^XrX=L3ft!r>n{*
zQzazdHQeskvPMV;lP*+$b_8G?I+!92jG`^&L?0r4cnwWs#pq8U6Tmo*5bY7cXl(KC
z5MLs~Sz6lS<vB{k5u3SeG`*z#O+JE9N6VVbSyI?(!$*B-Rl%=NI{{RhU*Sf;A_PcC
zUn8f_#L4RUIy|wgVSv1XKtj4>ik=owno$lm25D+~iq$*e&?)<>6d{qH^B=RD_W1YM
zP0#kvk=7gzy&F1jn}kU$rAhi^69pa*{R4GrmHg_|L#{>GH*rY)PY_6hEbWp^;2@sj
zF9vChefM{NgGlr5DxC~bG;C4rGr9H`4#y$+di`z>gAyr(!@rdh1E&svI^HP*ryTSI
z?|?GECu^!oLu`)!Ajq@&vti_c@DppfNNFJ(4z7f~il;;yT_)4s%8ibG%)<6dm^E6~
zz38($`*BzGLHOQhB}!ZBG%h4ATupZz9)g8EZ>ev5f1jz=XY21XSNjtB`{I^*?U;Yg
zmJZn^-&;dCPKc{nHde$#BLpJ^bFBHhR*w6vWVSl<4|N}3_pE(AnNIs}PB8V3>c2S=
z<2UUGrCk`b1zE*7f_ft0F%*Y$6i)mO-Hso>C9OYi94?i$2Oc0@#9tDWf-NThlz=U5
zW73AIw9);?lfChnuwoC?<Urs?Ld5cmQvc*YW*RQ_HT#kR58Ou?OC@CK&$m#3tOaDI
zF@J8XHktN>OiYdwsHf!n6e^pgDKIw`^+AR5aUIE87&6TWx<CZQVYf*B9{V@1$Ao~X
zhkHWdC9x!y)3FYxcfMmcYnMd|jcK=q%rvx1jgB@RR@bxPl=Uug{i|_<oH6Bk2oM5_
zuA0Fp^j|0{pf~}BF5X=`h6qT-57EYzz-Ff6c$(dcZHrcYD+nhFJVvApC`7CPt}@1+
zc6^8vM!>AzuLlaTT0bhE{523<HfhZ~+Q%~ZzPOJlket^Ps4+LqT8O1aT>+%8)9Wor
z->RY^9hC%hQV=ZkL}j7;lj=7ME0sQlI8^V?!<I{*TZQT6lOU!pt1vi<MX9lu@F<MD
z$>A=GS_z5C%HtEX4+<smb|^GJP`MH*kxf%Cl!64wyE>q7tqT%REsKOhQDUOENC$V~
zeze{*X5>fHag%N=cVOehZ%zW%ZZM+S_hU=|R7!Bnh1uxE!0`!8og`uwKwE5p`VBz&
zae-|)Wq=vjK^o90r+s}Jb4c{spwYxHf$w6P_|Y#wf~~~6Sf>5EF#c?GS#V+TrGybQ
zWy0yb9}#v)u~SbGj})JO&MA^9#SThQf?25|6D;UzdP;)zf=HQ4Det6|&!D*-rc+!?
z^O}U9H^CAzmC@-a1=;B|toIxEyns3Z_n!L?y>RTwYY?2VOHk8B*8~0b7qG>7XP6+3
zAgint^g{#@#4pTioB>N3fSQmYsEoN3ElLT#fdp8gp$rasZ|4k9vv{4t^bv)9MFSGE
zwpyTfvdz82=yx-y6i~P)po@6VtJr1*rZ9Ip(P1)%rbFN`4(~Bn#p9cl$L?b+)nD8z
zR&|HQBMtZ}9r@^)Nt~>HOp_Zz-j+)2NEx5vjAZ)H!2tZ(PY4WYZdW4iCme^GT+QXA
zA!w6Gu60v$1+6jDW*XA-)Q64SS0SlK&&_mby&6F^dQc{pp9o{l96jg}HX9`3GnttP
z!Vr)LD-zi)HA2*-rRO{Bw<X3=$4|=~d^?WfA>NYh!GDk{y!Yt7z-I0zw6UvTqyIV6
zj$qyRM2M2qV2R0s)e$frSR^%o8#r`EqFb~#9Oqi&nmv#qUHv6!7)WdiIBh7s2`af*
zK}u&LTvV^#ig?6?DqtHAYmwavL{LO_YLVBnYV$D^a@zTWFKVO68qjDn`jwzC5*LZY
zRG91hCTuLqfCxW-CGNwsicd;X4!4oxih9+dfj^&{QIv|{<3DGV5Ew|@=p4`H(C~u_
zU3$}+S+Bm%(Kd=3tH-VWJL0C*t4|^>07e0E=q|XRGMVcsmdbx5;0883!9L1NY|bko
z!Ml~jFSv>aK9)CPq8;E>8JJpvo7n_LTHA$zvAWpxCZQ1P(7S*YtT3VZa9jzSs92bh
z!bV%cNk>RgGf*x>Q!>chY6&FZF7`q70#{6uT8L2W(&0FKHX3o*yO+YVcy$KiAff?^
z?rZ~CS%7`<XQbX!9^8b+@Q~+nktdGx$O0q{B*A{V9ZoCsDgoe4612eUB9dCTmH|eu
zlvXS2Hz>s>5^bYII~}+z1)J%JaQW$Ll7NSGhz@N*gi|hVzZ<z5(4Af>>U7|STvTg=
z<CF6pYjA$df+ADR_(?H?_0w>k>(*RIST+5p_@Pb*G9E?7Oe9H%RZR$vNZ-Wpm}w85
z`kV?V5KB$Q-Axzv;F^&E%K_3A(53@c&G$5JDtmGQOtb#O_U!&YIqg~YY+Mb;A`4eO
z9q87xVPA&yH0ia5&ae}4LYvmkUEp&^v_-_wu=~Bsw%rL1vS<4T2aj8ow<mxXELgI%
z9NFpgChSx0932ktSMIzLzt6t$_FD(u*x&zNY5%7fg?<h=Z|w8$#m(UOq$$`*WZUJm
zuL~ebWF6{<ciTk#*s}+ZT@aO!7AeRYKkPGArnLn|a=^9gaIszry{RP4OzWkVwEdZB
zf4L#eg4I$p0xkR3DR*OgS?K(2q%}}cDN#jXtb)3|7<Ac&tuu(m8AX%iO}0O@ll5A_
zgJiP2m5EPsY$J`*o_%^0fM_tznj)I|WjEm({>MIji#A)~{P!Vva9tI2sW@d5N(sAU
z!c0?`jUmW^T)P!wgRw}oThZA-^lKp==n645M(tmB>0eRt{XicSx{N4vnOIS#mE=^c
zC_C`Hj7DQrAKdMr?P1tH6<4noJV#uZLS2)#dWpbm5C|X@Vpaza<}g)Qe4#lWe3-}1
zzNH_#A2J6{gs;W&RN869qB(E?9H<ile@UU@71-*&z_sD?Npa!3;xg$tQ3WuG6KTU)
z>aU(9bmSu?bY^ars5f!6$dE2Fn4>bRHZsU2sE$l1BAMQ^ghpu4^${E@`&a0yep$M{
zw`T;p{uzP)yXaaKL)S%&4%5|fPIOH(GRScw(G@IiY?5r~&^Jk1U}ZJ6I>K9zfz8ze
zyJ03VST{m;kN_qs`94_(Of9@_`>I4GKzwcmKl1r8qX2VM0j}^?35mj6PofB|pk6MB
zdJ91!@PoMI;y@gBXMKtWgk1tr%Feu4sK0F2(Kfe^1oiSWLrum7|7U<&AA#CTQ;HGL
z-Ls46G9tQZX9oO5n~tufb@d2PyGMYUEQpYEW~lcXP)8<0>IhIZ(w3YV>OupmrL|%N
zTz5TlIt4}vT>pAzsGsAUFJvB{Lj39oP`gfpsvN+?SUWh95Y=F~FfZzO;!glqv<HrG
zQ3*EeE#*zbkWVR4`7Q)tA(axW-f2P>0SilO2@GYF;0Sg%2)4uMMr^k_itXf(CYJzQ
z+V&qj_&nl(-;Ol|aStRwRcW9e04Q_-KyyI+hSyRtdfaO}Fijn%1SmVRphED7Z%hDR
zZ2cz{DkFTw$m<-70Tz|Rz7qRwL0|>hdxly%hS&1eFI~%Lo<4Ie4-Yc6hc;-)m`5bJ
z0thiA|MJM>MIm$Yvi=y7Hwt8won)+w7J3~mIx~XBA#2HA`Z3yva3bMmB3rW+yZ31s
zPET-w4sDo#yL<#-KmKRHp54xLitteLd!U$xN+WU$mQ6BwZGyWIi_`uQ$rF*yEODt%
z7%X%<wxo=dQuIGl^QV!bj&r4mW0RFVFnPyBrZJK!_zVCh<D_0ltqGviGe#Z<=ZVC8
z@)UDMJ(4=K#CHm+p#bX<XR9T8)IjB%2M85&^Bz1#5DGtGcsV$v6H~w6EJyP}>7jD!
zG@50h9BRHXfJ8gN(T*w9{q*=H5!6bwEMJH=I0~6TN3wnSMr)Xw$;hrHdsR>Yz#Uf|
zLoo3~xfW+;sB(nZNM*Z<paBJ2pkIc-z@6KWD_DB>VIjv#H(j2ox({MAMU>iv#k45l
zLtOlIP1Q`}sRQi!Kf|qEx>T(R=JMd0Gc7oq$Jd-$!AUfhhjXq~$B9ZHt%IntI-D~t
zoHL7Jj-m<?W{T8AFyN@H=oS;Pq@qzhwOSb?Kg&aiU%^9X!$x7U5!cz2J+hu7g3|*}
zFdsFSmos<tQ-PLgxb0Y=d~0m<H-|;HbF`S82^G?ymk*nU&WT=cqba~aBhYKN5re8i
z>yBXkE2H^<P*ev*HPbaFAW?0m9Rj4(kiLUM9hR?Mh2dn~b|Vkb7lPbo!j1w>sbbP%
z&C=X_0Fh@SZMr}YWm>N~g|vE}2%7WBaJ3U79~z3pbTnnNqvAFWi@P8y?$%*(Cmti1
zvfyu1b3dX5k_>zVetecQq@XvLnuoXFuQ+bR_WON9r2SlHBg5t3fe0^y8WFA15~ZYQ
z4XpJ@qffjms)}q5FgcNs1(Xp#ItoLQOvZHmeBgKbJTcG(Q&4{@S+z2-xAV?Bh*+?Z
zPQy!pU#M%x0D2y`p^O9wtF3oxfD+XOI-qQP>$J!KBzWG~kTd{L+s=pe0VV?6eV>94
z%V7G9-J)amuiJbBi1Ee^Y1Ytayxgt5?EmNuu+Qs5ZygY(0$;*@l@ei9p4vT~?JW^B
z_G~7FWccJ57s+rX3Adjkg~GdneTh$H14iilN61Pa?3;kkEGGP2!i59JuI%k#z_@va
zzA%8XH&JazMt!k1?or;yryhL=d-lYFB39>M?Z|oy2h0BoTO?+(6KMiHQB0uIF>_7F
z1UeJXiNpf9oj-}bfcx5Af?H!w%NY}vg>H}@7dc}=6SqKDz;Gg(?d|VyCH5<KBWOQX
zMxqD=&W9y<8@J4KwCeAX_Q`zI5VaoKjpu&lo-^fo!pOBYI@h;3*H5)v`=6!Kj_fS;
z%@Ml+OsMP?RM{&;Wo2Mgf{Mzha5A1(APQ<OA*0?2WM(ija%i^5Za(+yzo6`SB0E=;
z&uY{I@Snde&OzamT5EBiADOyMiz#9yvcQZl(<fgj)XbqbA{3V%vz!363@{sXFkeK#
zEFv&dhJ)eIi_QS1PzQsr$|bFZ0>}8kID(Z0tNQNuHI%dnvmWsrA~dY9pTX>%0i&YR
zyf%p*CSMyq8Us(92)6ic2$eDo2C2~q?jOVkzECj-@704J)PgfP_<$b#Us|v*IUmx4
zZxO*Tv+9e6#zE7kzs?db4Wo859c9&KHHD85Gm`ki@M&qbL}IQ%4BEZ``a-Ko>+o}G
z$m3AnnZO<^d4zc_9hSoMU}M_J{i$i{CnpJLh4{dsAwLQQ2H3u2X}$w&pkeUT!#W0}
zXEl>uPK)^&$B@0^e5Y?L9^;(YeGUwzQ2difrWu5WSE<7QIJ`=<n?|cr{l8WtaVK;M
zq${MfLDSB!F-^G`8UZ!DKjiIjDKLXrn#t^|1z(1JXM)s>F)PnvYWX-a#E_aOtn9Gs
zM7AqC;z4JukjInhJBPg%XofLV|HkJdQT-1$Fpk5iUMX-yyAP-O6pj&8_iCH{X=u_}
zB&wp8kt>?};F&7=5=bCgj?H^$PuyV_1v=99zYxR{G>inlzBLwfB&Lru$RH1Gkmct6
zQdFFAf=Zy4X8S<8iUy<|FA8?#g9O9rXfhggI2}J=DrnqmW47g0nGkkg5HSU$NCh57
zdZx`IFiAt+lM;kuylFM9mUyB$DT!oexZR*G^BpaVYcW2=FnfTwJ54@1Dv8TGeUpeL
z{v8;ul^qrs_wgaMw-c4Yc>nIfj}w&-5|!QYgDRA8u$MiQVI(fnlEx{6ag@}md=RJX
zj?<II5tUtw7s3`C!-YqW5&fKGjvz(E=>5fCjmV!U78*1flxsuQaIH4?BIb1S#F}Cq
z!Nekc?6zX;wqfkHQlGZqJ~d@W93hWI3_{+(7!u?nt8YQ5%m9H41ANx~%6%9dL+2?c
z;^~FP*HFTK<(GI8K%DJPBxot18f)Knz_}RLG;(7>5|Kb+Vl1rD1>ir9>P#ebs2rV(
zW`D&bHA^Ow1EOIs)s_FLalaL8jh#Z6i#ER;iTM$>*FlMZ6i$KI9-i+HTR7jaJnhKC
zQXBPzx{6t&-GwXZR0}Z#L<sqrIp81s*ajBh6$PBBO2hV<bWk#FpRxtj*Q;|SS4SL(
zijjXyj5al_8;4L8lv|)rUJC-7tS;u~Cgl+eeE6LGHt;OYb7G}3G`0!*t1o&MS5)!>
zOweKuY?7Qz(1o~Sd}x&N_8j)aV?}BqjW>b*WQsp9L9Ezdk$_l`kk--l9-;bU_=)Yo
zgNuPJ>bMvb?gs+kGe<M6u&D(a&dPx~5UNCL1(#KSS9}Q5zstxFr)L-)$v_?T*l4Ju
z03?MH=u1CXAYmy)y_`jTKZ0QK&`SFg8jUD~(nMx2a?z^oNV)KJIDzAxBjv)z{NcIQ
zQCZm02}$8Wmcb8f1Amsx$Lyj_@S&Q31?Q`iSwNnrydy^RcnAj!HbmY*HR)`$P5F#y
zdwTb7tUsL<{`Q;UtgwNa*8f~!%P^Mk+M4iP-bA`h7GwJ(L_+i^7nT%N7(nsHUhuCS
zXTj|Y@y#wEtatx3bpP1)|CDef5iWXPiQfC3TEs}^K+iDv)hUpy()qP2u<1rjsKHY?
z@ByL0gUKX1(aglC18)=C1}&z*eI7&x9{C#mZmFT)4NK^^--%yf>P<m=T6bgq4g4h%
zPy2+RNge#qs{CyZx>{`PPpHdbzri>dk}#<`B%MwW<%2nk2R|C4yl<}`92!TY(0RW9
z6RPtKtoFsS{d09(X^7Y1>ujaJ=Jv^hG@!PpWB0IFrX1N}#<)+c6&iPBhXsBzFhI}|
zj|Lvgp<mj-f#q_2fa3Xot5ok&57QQB)+cFvYwbc{c!v5HgkqIEhnNt{h<U+oB$Dwh
z;guICCoH((1@}MRLEBCNTiIa_#XqXC0Bb-H>7;KGk1}^cn(bj}W<N~?>{A|$l3OeO
zVK8g7*m|T^2;sf4LU;{tHXv1)J8hH@P9^kNFwl1PBtnJ87)H*l`57T>yooyvC%uW@
zI84|;EJfpz30$-iTl=)p;8(xYX-H#YYoiwYJp}7m@Ry(l52oT`JjNn{noq+hN%Ld7
zH4FSRV>D04XxL2u`!(2L*cT_A!VcUn3%D&_>Ic);e}TJodP72eAsV$Vp@lw3n$JNx
z|M9^g8%A6jT`q;SBe>8J%yecPq=v=?KJ*n&U;Lv<#66IXS4mDZwYDs?-Aui`#(#o4
zb{t<=?H|l|Vd3D%qo8$U9CNXB#a&WqbnrJ?)^9jOv=T$pu(9@qg%QT5rEdIFYk=rL
zV_F{VtPpI<_0Uc8(+~~*EWk21nO@-we3PXCcmh6jY%!ctoq)S84U)$N9%X6pJC+6;
zSsHwYqyfxwDbi%Dj$a#i;8SAmZ%Ek6%*xapebBW+60rKR?<cgoB6R5)qaPswv7H43
z`r?QJ;{7?03}b|l97jDy=f0&MM+g-wAb#PBu%J$eiP$bfyrxS<jN%ebRG{8R`px4}
zwtd}BYRL_$c)^H_UrkOzNWO?Jj0R=KJfHjSF6DhOK%xm#(S$OZFjc5ne;wTaENloD
zH-YXKKZGqE5G*h|q+nAAnIA4ja5B1mJXl%pSu)b30fPMIAX20vCGRZ&zA3K3p$q+c
zqS6}5fe^krH5PtE)Zk$ZU!ISx2+N+KS+I8xW2pWGrxVJAO@y(8x{nx!3AGFiaLC&g
z*m5^KfekMD-Nd}{2=T_?hspdwWGqc$D=_td!J*Nl<qRGi!?NyUhw_0P@_t+t^^6V>
zTc3dsBdr@xBh;A+<*_yN9p(VzYSw$_bH#WyQx`(%_Yp*#v5+o>g(9%^d1~$irwa#?
z=o1u5LK0dAo6{Ueb~wZ|(TO2Kl4PeJ7xWn`uG{1MI00-rx}OyBgGv6^(4QZrO|BUy
zFrNA>ze|8&<b>J&T}}F9b6`A3(Q2w$h%bZQkNt4^+9u5=42(akj$nKvgb?-ZmAnma
zM2tJu3XDlD+v&ib1D@9!2t&(fF@C}n`6L5)*gr@Uh~pF}_Mt;d<pBtbFhG4vVhDPo
z8J>g?K6VnPD~!17M^wSJu%=%9AY@cQu#>TdFjdrn*HN6P0WFFB4twmdMTZuhFe-3^
z=nG)qrzj}&0q2dFmYj$u8T3vZe*s5!hA@P}%ny;`M6F1&I4Kd;%9pqe{2&pTQIj34
zHQ`kDAg;9JSXMnbzcB=(m3Ettl(pVyG)ocn=fPu%tS3BzgRN4=UQGTLsaCF@u(8K7
zRZUf-iS(7SmwraX(2eC#NQ6{=9KqnGOhfEu2ELh0y^=3o)2DKQ@6ak34Y#N{CT<hy
zbU&(dk25q2t;GI*XJ`uD8AsvUouMo7073X30O7@Da-b9Z66l17?1YH6O4xL~a+H79
z;78{v?@tI>$(M|Ak8kHD%Gyw%H<2X+loNDb(obukL=!qY%n(pePBHqMT?^IEhKv@E
z9_fqbMWlz`$)5hHP7hMgntuSe8cBYE7?LX>OCGDA$;t^EOI8-EW4YYX?8kU-(#QT$
zntu>S#TXx5W*Tx(mw*cxOMQ}LbgaAQMp{kB@=^m!vF4|tm_R6^)kxOuaPSOB22p9K
zW*I<-)%d#3VKRVFNAu|_Cb6a7`~9yfyAl8sJ8c03*Mdg|llq0&JO2Z9MACjxX^>XT
zs!b#kRL@Uz>cTc77LyQ8G4qTV(y*Fu6?CVVsYVRjXSC&8in$Om)Ea1&EKHz?yi`AG
zbDpPQI!DGitkBVJMVDA0sX++zYcNM5W&<&Xl0SVw*bO(5rbbnTjUgx+h5z8kdQ}+V
zdkA3>({IEu!s{Y2O-2lvreI0q?xrp<f?2$jXu)|#FgJ3A7JNB^BXyvjhYvbY|3SAJ
zhpQafPtDF<3Mo^m`M`ycVm9S{6E4g=W%gdc+YaA11(TugkI<3G&SIxAk36a9O>DDR
zsNVlRRhwpVG1C8NIaXF6C4)-Wm10#TQ4Or(6&{*5w9*d9;cFT>P!)!)X-vivPBM*U
zG|VN@Foy%GiE1GrVU!@euTW0Kd1tce-Olkd5Pv!1pPYqqkSLVLktZFLnIbI|S)fJY
zY$nzxl8u}n^hF}~D~|*B{UvE~WJ%^a8u_pj5}`SKF;HwJhF72-<<-&1Mj!H)Lj@wY
z<zL8s0q4fa85kRZDIW?TsMi5e)Na3`EgPlji$)8BWhP3x`C?S6hE~?jLsDa9Z3MdK
zokn-uVM}HFU=5Waqbm)ws$WzV>CJaga|*lX_y1c+L|7*j6+6AbiODNruiFkXh7#Xc
z_w-4uIs!M4PuYnu2)bjm8}`j-_ul|z6P!s)6AyktrD78x?T#+c4Ff+f#nR?YytIki
z5Kv}dJn=JG0a9RHNQJVQvTy4iKqZMk=kz$`dBhC@Em+tN2~!sOJKw=gdEY$#=J9<2
z-a!qu79%^EAfgvR9{nK`1D3@}PJA?t4a6c17+NF1_e2`>u}r1`bgWB=05s!e0z8hZ
zpqT))k#}DewBj4m(ou0^UFKn4mnjjOn2c47U*PzFKIx63_cbUEWx-4ZdXHjyTVsm5
z`}1?4cL^7%(c3VCPDha%y@{aqxiA2%wCq=@8ZVs$+~KXjmtTXD4$%s+vwu1aoy?Kk
z3~&D9&BL_H98JXt8@c}LpHn(hq%kOsxvMRv>IEmYs$+fI0VYcWmC5{g3=|g(mx+)}
zVz^>nl_8oBn@waFk4W|{ck5&)dkme<y$C<OY{?%N8Viw&-5kdfeeqkYPNx(0hM=XN
zua~jt1btOhoCgXvVu<aDiv?g@ARyo8#7*OD>rCMrgi@@a56?5^ct_3hrls^)Fj1pz
zH7WR(b1->Ru)u{68xHL5#}1Q6AGrVi`*91-J1-o}f2BK7e0(>BjYIxptZp1VlK)Ik
z0xoB0^nDmH7DTiAAO2Hsgi8%}XQNBh>fgO04UmAbfD}KPaMN0ZUWk}KW5+)3s>hD~
zeOqbvyieJSU-W{7tr8j|1<jD6t2~b!r&2Xt72V%p$9oH5@4%!a=EF@TxM-Rz;xI0P
zzcR@xX4_W8G6J*<jnTG345~O_Fvq{+g@d|Oi0~?RO=1aLt~(Z(ShQ0V2#HzQpk0^H
zyP#8&$#}SI_~8$jSb`hT_9pN3_~{03;1U)()Jk)Yb$j5UBDRroI`j;FA&ha#rzCBx
zSlG8wEQGNQ^JOcZV-ZCk3b113)+%z{PPqup0Ii7Z3lJ$!gK|~~)v*w^l1cMlgD`p+
z1U_&wye4PG;n_1%vhFT}l7s4a<v?m+UCIsEzG~VRKESj?PHD)GU#0?G%@<3-GnLEv
zU~Y<`9*O&X%FF)>1sG0}0f!{}zOCFAUjojc#t|5J7!I|?m%t~qTCfDE0{ga-3F^xL
znZZE*^;+;=oxo!}CMV)XEvyJ6=yMuF?o)T)zkMGxPD2JCCfUp12!#5`n|AZ`!G7Cp
z90-03r(4i7ZRm0%tjG0yml%cSsoWV^ii)Y~xbL%gu7dhs!SdNm0|PH0k`D4y3=9J0
z0HbV**<=)v45S>Bs>1l{N{TUN*m;pfSc(m_&4l*)KZMT({+oxjx@k2qRy%6GC(zgJ
zdRXnSe4R8|+5XTj<p6zw0`lcTjKr70aJOIChvu$%-9}@ZB{UjAq!B@2&`~+Q8DvB~
zV*xL~48y+&U+h$$0ol)iKEv^Ez7xER3C}387IrI|2hytwin~Ap5?E)7RA9*F#eIRl
z0(r1q3TuEdiqNllwPYBAKbi#u)4m*n27wRXF^s?lj)8ur^Z|{kE>IQ7r806x%b!0I
zVpc+|{Mj!>IRmjJXF*KP1Pc&iB=8Bbeb9NqK?YiDcp+sNy>6Nbw6@@gPz<l(1PLaa
zk;7aEHlGdeEDWzXP~Ec7d0|LEbLu?;?Mtes-mDRu@3V#?ZJ_s-zK(%G-RLhb<^#QP
zr=wRFgI?kP2K1a!=own~G@#ck#l`Q%L?CJ>!0}DG<QcvQ_5JVg;Dsqds+IOB96(#q
zK85%2q~2(P9-0h}O4endK__GK^Dr-#KpCgmw4wd{A`gW6Gfua}w4+!drNy1gP%zd^
zsw4?YFAK#iYT_!)R4F?AZH}(swL6Z+kv>yvJsd?JKs1*AN@&l?&eS*7{o!##L~dmf
znJ`SMCzFT)OC*CONMNS7nsuIt?JGmPqM;iHjOx5T1J#jYssnuKSfh~O3v_&qB_NXV
zMnB0Sd?8z+B;<`yNn%!kUxazef=S{A$%Y-*4<Dww9Z%@32;3StiP{YupNLp*wRqy2
zJjc%m1YbsI{J`;CtgCt}297(iNZ`9Lv}o`ntgj``hq0me#y8e|lKKVCu6{)XDyQOm
zs}NQ|VWmbwOYaN>uBN~&E#XII*eQBt1V2u}7wN%q6r6<Mzf!PyzY1GtIxj~}2n0Tb
zNLBK&8g*oy8Q)rzEcQFLvkJRmFm$yM?Mp^<8qkOB*oaOH+-g>lMK|mVi9T|38iO<q
z&ooev+?c7nAVZBA-G|3cM_cARJtAw8SxmWocw_a8CczR!q8Oj!d&}s4b`W6pf1(=R
zD`#`#l+ETgnaCT45;6ZY_s+%KGx-z<Rcr)WdUFw2K!KB^0zv7QR#V_bB2YOP4^t&k
z`lX*zFerTvgB<#*?akxVb<HEw#LA00!=&!#IUvd9JI+XwuG`K+64qD}dW%7k2Z5*{
zMI}FalLSSs2{~pnla|jmc$79(2^xV%UwWCU_!X_@CzwZHI!R%rQ6vJ7zEluKV3tlI
zGc6u7<tW&o9BjeNqc7b}!RJOfjg`(sx4pb3F^q0cPXpbCu&O&u%IQlJdBL;LO;h!H
zogm!fz>`VkO=80NE(m4l#4z_xL%pA;nq(Tpi0i!!fhQ^O!l*#vmQ)Ec{M_pNPr2pw
zgET%2tMwnVQR`2hI%BPiZaqt_g?`&R8I>*oqO&)l%cIiNjeHmB9YVp<89EQOcNNtp
zy1mWZ-i;J&v^S@wy01R>x{uJ_Fpoy*CvWPD8PUSyg{i3f(I?MX_p-o<br;rp(c*Es
zQR?Ztf$cf;=@BrE#&f!kCoh#5s>(IM6q<U>Fm>NXV5gnV9D@Y~G)6&!Z=8N5f_ee1
zPEH8f^?MG~6b?9}C_Z{vSEUSzOhz&q5&Cn{pmZsMm@Sx_x0ALlZhyO+&>&Tt7cii4
z<2pp|1+X|^(+;fv&_h(xL%xC;L&6)%r=*L(I5qc;eQziyDZ&{Ab{ByagYa{H0d`PW
z77xVv$oh94O+Ksw41u$xX{yaXH?#efS5tUFKbi;rIEDEC@nJk*ZjM4_j)n>?Jz)6^
zduDin5#PBdlrDi_H)=T+yR#^8syMp=Y<*YLQr0M{t_{eBE~MoAnoO_B`0TdjjeYx7
zTv%hpQ~5h+@}<~_CUl0r`!O$zpsUB|ac@sXT@z#K8pBcb8%RLtlUf{G7ELh+!NU|D
z8bifhH?##4+lAu-d;&2-n#*Y!RqW&3uMXiDki>gB-%zO9LwDhwc8>AqyKHP*LMpoN
zN%)xzp_Q~ydnxt?dGl!bcGPdpZz!omwXbP8LUqKQn_zSFjnOjFk(tnJJwE5i4wDx3
zhJr65ghN;8IlM7BMr+w=PwyFf2y9_S*D$2*8Pt{bzY#5mt1C+<p#|1II-J{Dy+Zj^
zU%o|e0oI^z)PkQtFtq@i!gVX6F*Ay_b!S04<_Qye;{K2JKljEvxQXR;?ReFwH}>ym
z6F9cid=z_2i(o%mrN9JYq7%JrAMs_#{N~{=#gDY8V({bA_o!arM;2?w6vvhMPY#R$
zhRrxIMlXi2pq+z40Nt}5#KC<dSQ>ucPHW2&Ow(Dg%tlcm>OPv2PVW>RWR2~ihSB9T
zlGG9nLgqL2MHRbRD>j3Q{Ss~RFA&qDYkm8l!}?GRLC3yJ1Z8O^Rt=18^d~2R#jbcn
zXXBBqOvZM2SW#A|C6Ea?L70Ha{A<CvE;9cnAlQm;im=qjTr)C3n!Jvyj&0ELY$rOO
zH*q#*Ly~W@7(i&BeVy2_#?wxt7BINgze9LC#9gbjq8K^c7rGu$Pe0t(XT{;Z#k}tN
zEK(qI{~Ua(;7M_~j~`{hvUmDd&-jx#+_!cTN)0OFa9<f8?%RZn#uDTrd=7<{7iTRa
zXjop%<UO&&$oTsVIu^-OAbdV_9hqG9!B#FP_jQUFB`@B7%ZDV)oL1a}PIqK&yBkSy
z0P>mN{uq}FsSf{c<%6}s@;@oZ=B<o>>Z?ehT{DPl9e6D_{Lmh3mubBWN4)NHV~y}b
zhw`_z86W$fq+lR8MAt186h`01)O6H2_K@A%YqX7}`KL$(&P>6a=k{+BA?YXyu5QN;
z#leH;>oOx9)8$M|ozwRP4xy)`^{=LFbytgRb!lkzw7=X*<-&J07G5y|#D%vQ_*sG9
zX(ThYD}6Jam6T*+m9w54{%C-}L^k<EP7J?{n80SDdSE;X!f0xv{n4};6D(y71h`g7
zM+Tk;jwUaCnwBH+v{Ito%s<GE3;28~uqx08X>ppAHcAAYX<~a0z6I%fFLY_X)i)-;
z%i^>8Hy?TnBLjW?G;QF7A4z@hp3aD27rrM;38CIx9oYOllI@0`3rx2%bj$W|-7Rzp
z7?R-XCcLB={Ns&R*J3L*%p1&Vn>HEWzMOvz*o<n%H_GDtW;jXOMnAg?`5MdJbkQk3
ztKwg1r5{_svAc-xxunkwCsXm*Ev(zEO)<a%*4>3EdhS%pEmQ6^4npp9ksA_O&p&uI
z@q8V^@yQSSx?dut&PPZ3iQ>4*A73g&U^CJLvV!=KGAp1*oVb7YQo&^6>Rs-meE)9f
z<KP-g=qkQ_mqIO{YziG6;R4+&aAVrpZ}0^d!)kKq)B?+@QMkf)twmaMEObZ%h0F16
zbNwzG?*Bv6<2x~oB2kN~NfoF4V*FunTcLlhEg<c3T1-QGC`?Pcs|cI+Q7JT{7s3CZ
zR%$b&Zw^!d*$NvT0rRX1tIvV&L~}LFTI=hzr^?WYs;Jid1T7s<wxA~G+M2jk`CKZV
za&E1ea*nN;B3d(LSZm5?O*!DiY$Ccf(@-65O~@M2nlf5brq)au-kK@gn(6-sRLW>g
zAX^~^@E@(2O06k+BU&?^D<(LRD?_cxk^#%DO@4>rhnI#bmD1zX;g~DwBf|7~xd3(c
zz|?_V4qSj3m^^qOWdJ&8Si*(j2?0~QM4{HfckDQzB7YK2dJfVtdGPJA>`57X+nV$o
zz8ucCDZ?l36t2gHT4(|Kcad`X2j7q5UXBmOVp$!_QV_f>g^((F_6I1Um+o#%c0yHV
z4~MP%JHDP{NyGQtE%`6>KHqK0-_^Sd0{|bt@xKCbteqmgn1R!MSklI1x=a%u)2oH~
zL%u`WcZDP0E4Jtq7<~o!9Gejau5%SvyX@=VLMH#wK)pqqpd3=Mqy?#MU;hkZ0`=f>
zqLkkeEXy=fnO@63W>@Y*f?#gJ6fE@TS?u4UZ-z5Q8?7+hK8^{#X@B@_|KJg4oY^}T
zS6mAW{mIip___$m&A@nna+-2tLa!W&eI<bJG5>NiLG`~<D$@BU1~yxPMA*Es(kzHR
z@b)19P>wr%m*YZBe1m4YH8h5Ptn`DOqt^W0_HQ+!Dj~}jDP-PaQs{$VOTR|!K)dH~
zi$JpJv;2>GvInkPTJ2iuyV8HOe~s1TyW~-lfw;f>wo^n0-{_5HNd*`@3oO{Ry33OP
zS?`~oLITNuY$RwC2Cl2AEs=c=qG>XqR4^1h>)WweF|{@trW?C)sbOLpBS~Z*#YbI-
z22k!<nxtoGU@Otdzk_ZLFIM_+kMit5fJvR?x1}k^C-h#su_8{8(ErDP4WtebsRIvC
zKAfh&Rndik2PlWXS_&s@tkGJ{v^Rfu@4b&85tJ-J$f$1h&;$~mtZi6@wxNxEjCNpi
z1@i5}wc1YQnCv?uQdsTlb`UgLFvdUyO>7zJ3WXIkC*ui+HcKayB(>6rz>YpdVEYPw
z?2?*gL|oPMqp^T;6{$7&^p3Yxhu~62>xsOJHo8X7?LU#wJ5`L^yCqUd1cO7FkPe*M
ztq?WnZ@1!vkLo-0C;Z@cR%kNxaUGX>|4GJk9s0;tL<yA4gwj|^4e^FJszgRCO7?ZP
z=!t=-OWmO-^xo9pXE&{!5a>%;ANDp5%vn-fQim_sFShuPsYxgc1y2Z71^OI_E*+Qy
z{;KoM7SZ&5WfV0f*qau&){=j!=PLThhc{&)uh3Ol?8DWRz<0A=k}r`M_-OB6NLs4E
zM#3$pCoV<X4X`wnaEWXHM{-h($TukR+thrJQ<hy8vx(LdjB8b%M6|jUoy@;u7E{i9
z3A4zoJH(rn8~ku6p4we}rB9)YISqOI4T7)q0Tb3fq1yRvo31yC|2pHw(U67#%ce-q
zVv1r_kfQUkUz&L>BoGJ$I5c^{JDO4W3^TlNSicd}xKiX)Du7^90$F59;J{)5&Y;?E
zrah+_J8E3b(k7f}ojRAA9IS`iKbqqx<aXZtWNno>Ozju1%??Un#*cb4huB)>@YWjv
zi(}NGN}6miu^j_D`oVshRxHKS3*G)rvz+)=6D!}qEmbW5AWX;ZxdpVoO9RRWQX@$&
zLNIUNLiY)5W$>H%*UVsvw~0?Jtx0q$g6EwK`t4)d_o<PO=2xTCJU|L0h~W>&IF9Ue
zcqfz(gz2MLzQ6KRF%yO%7mysSF0bZ}fSk>Y-RA&@>#2!;qTm2_$2kT*_!y<*!}2uG
ztTHlB<jk0>UIs|NuVqO1M6=nx-ifBtm47kMOkrll_+5Po8Vt9}EK;-4t67+Gm5D<M
z4gPkQ7ies>OhyF0B$)){2|3?^fI_J@TGA1Uy}dxD%RuJ8sv^6c@f~VHX)dFLoy@mz
zs*4fSi&TJ$Hqu8DbOxJ_+ix!>Ufzqk3VH{W62dCav}V4#7q=jYcltgUiPu@?9<$#p
z<Pd!a(pxR^1{}=CfvsIg)L)QgQeF=`^Y?UrDx&?45JqGIK;I$&p%p70x?dDd;lN8|
z!2PdJ@NNU*Y>LP;t;~9alJI%^z++U7kof%t_{te<Mi3eF%>&f5%zr4~C-uG`TVvxs
zyQePV?voYiKA4$t^N-Bjv7DW(F2lic!8wC`#9Xkxr1N!(T8Q9)(hm%A=>W6sh8@tO
zB3~0f3$J6-t|OY;Q`Aqe4M=Ah)Dql2m*Af(x36LuK>bAEJccr#E4LSLW{ul-yP~-L
zx+renv}uzrmK#9Fz<?K3$5$1d-qCg$$LDc%rTvQS+Rj&_8S*G8mOJ>ojZae*XlxB^
z=KMv;PW!rF5u~CCvUdW$4sc*X{JVIEytDZ~d*MUDaRKZ|kU~kb@oQT7dT4DhnKVGj
zzkA>Vx+Hw?gY)B7BYnXrf7>XFb2bgyzQ3sG5@;fUC!nV?w$lTfv%q5ZD_#fMV*sQd
zXoqAy9qN-D*t{L#u_^pp9S4Sgu0z-WP(91+a5z!w#iuZAPlFPPQaoLjMQ`YY$$BTu
zypU;;TH#W$RV5sM(hioVt8aC>jur`U*Sd`XuB0156EVn9(Sz@tXWIKTzEO*j#Wwhk
zC6M~v8#~O{lJImer$1=>3>Zrphl92~LCXec8G|8*X`kQ1X(;JRO8N)?p9bHzn*J2b
zxha_QP%!7WLEG;|K1#mdZ{u`O!B|sq;OILR>4OhmO=*IUUqcVn79R$&011mfc|Bo3
zBOQ5B!qbxUi)X(G-vqY-j{M}Nz`5aC;NE`ji}1a0+u_Jh&I9*-xc`Rh-z!{O)RX+=
zdNrrN`(F4WtUEva<nDs|IoxmHo`>5H_b%MWaBKgc`%*Oc9CRD~;uql`y!=J@Wz8MO
zlU&U!XhXQ2uY$&K8xXb<E`Q$_;Y(isf9}iBpaJyr?*AgZ2sG@5`vKhja694t4(D!c
z?Dq8Z$kHT9HvZ5zi$<La*J`d2&!x6gVIQ8iz<nQ1!gQk=t^(n@^J(w9@ytZ{Ot_Sb
zPlcCVaw>c^o<(rc?-Z7!#Z#L9S=Xt-dRKdfhru2bRR-Y_UEc8b=s4Z)LY}X~(UZ#R
zhx@kXr!;yvh5Z<AD;$-X0k>20U!uLwz;h1VD+t%&|Ia*$mLugSdh4_wDgIo;s6Hdr
zkMdJ}$&sJv5?z1Yf3D^H|1}-)>|wa!JgbLA^Dfbd(&@YvO|vtF>uHGZs^PAO%S=5L
zo_<ZlmE(OG+&6}WQ<^&wwiWKPVNTDVdg-Y!xfyUZaC$gB+wr~y?hkOymx(8ZzpuSt
zgD`rhXX6Cn*5dgCxZlI=g`@Zoo(b})@a1qz;ogVabGdM~E5M&{^u7Ym@4&qZcNp##
zq>FYB;ho@-qi}j3gM8#DEFDjB#c=E3Zn!ey?t!0N816kd(qqo_cONEi<Qm~tz;(l|
zg6oI-7Tj%c--Wvy?rU&*`kE-e9(FFziZ7Y(TwwnMu&uemy*%wy`0sF*9JD!H4qO#n
zBiw4ZZ^J!-cs>2kqWl#0KH~Mb;m>(dY4bJzkG1r#;CU48t5IqC;GY=vJ{;b+5Vupy
zzg2s-AnaJ&G4o}^8V+k&{FfXRjx8-x1q^fK>~l|rr&VJNSa2#l<T@4pX3eQ^5blR?
zdYa!v`Sq}W_4)6B@ny>VE9yt?Fx;i{Kv%eD;q>t6=lP&R^!xuUe!@EkZAY#Wt`+V(
za9iM>gVW>m=UXF$>2d!jKMC(U+E0c518x~yC0rKVg>XM_I~D#Mj-KS+it_7WI}pZ}
z7cw1V3XC}@F1Cl0;hb>vr-xG-ile9Q<S4%$7X5VollbVgBl!D~-6(5>`2Xc`nD=*V
zKNY?a?&sR`BRr=Mg644B;RwY9IQlXOIr^h_vPy~f{z6IG0JjP5PPlvE?t|L`_XwN>
z=YW&pvf!L>F1Q=vy5QCp<8(!lB&~*v_6yQbS>))?1gDpMw)cOQUXLdj0w2Pg@VW<%
za9aXL_)$Fw$1QOEaO>dox>DV?!)3wc!8ze7;O=oEJ=}J<y>JKM4#7!?v%)#xQs88`
zbhy*&Nnx>n4kzC4x&QuABRy|iwCMbi!lTk(e71Oimd_RsI9H4mk9=2AILhZIyd(bU
zcp#GN@z0)mea@5)@VGu_ibput=S=Z>ea;jgRiA%`Z@Lpe{*Cwo+K7M0=4ioA@w94B
z9lsRqU9UIeg``;&{%^!jFE8df0zK)PQu@>JI;7#RKR>1Sd+xexXjr%&&rgo06DxFF
zMTS|EcHh(a4DvgNbz&|~vN*+4r;m6;|I^A5<=%h)3GH2?^q@~XJ)`&(Z!v!{`4Ka`
zJ@j&8GDW>`e&@7lpJ??y9$h}taXj$&Obd^|kFGn_n;g+Z{BeEYjilFOVxMO%A9%$%
zW7EgHfi4F%ykhV~cnlqpDT2qpr`>csxLmya-`#$CZM1sC&?^!*lJC%*A5Hq8<_7S`
z3*YO>`1NUYSEJhp03v)r2Um!PsP9Dn&eV=0!U2E0OYleNuR6pt<JbJ=sqmlSUWVHb
z_a<CXXQx-L>vlJI<kAlJvNlhnB-cptBw3O>n`Eh>v!kc8%`;nC=A|@JySuNU%hxko
z>g@1zxqEsfZ;!XFrN=v4LU6mgXT@x($g{kqgH3<%Hg$G;Dmz-dQlV>Ut=HY{m1Xjl
zAUl#sHJ-N427Z&K_ITwYcXu~Jt3B;<_44)(uPmjz3QOhc&PGp$l)hwoj^-7R2#8eM
z(ClekN*OgTKvqS(6`Hr$wJ0m%ovL{kw{+;C@J5AZOSRr^@6tLCkdjI}8ih}Ik&;lK
z@9Fa{1z31pZ1Hq=tdduFR>|H@+1<F(-2sZi+ks><(@yT{Z0Vo{ABl2RwSWTEu#~!&
z6D4HX<?eR3%U4d-J=wB+Zs{ax(xgc;ocJLR{x~4kLqX?|4sz{W|4^5S6M-=7y$zl1
zU2Pt(CsXd|ls(<uo!vc|au*Y(w5Ne6;puDf$`dCd&-I0xk=P6RX3D+pwiPWM%Vjht
z@*sPI8;$xkd3d_c-VRV!n3rokH~Bmr-WGS;+0zkK+uA%xg?75Wx^pEJ)Y7ri)7{eo
z*3Oit_Q+SuSv^d3E#Zji^5kVezsv3Qdb&FZ+8N+=yE_^?+hY<+*B61ySIF(1D^aU6
z|BYDgwCvLgmaeZ6g>?AZmwCG79;QXZX|M@iqpz(~&d$n|wJb3e&`<$>s9KY|5e&->
zlC7iP6N9d#rLQiU(!>7Aa&^VcS}6Idrpm?CbTc{OJW!}A`?Qd0!$U5)zN&J5>C)Qb
zngvx=v$Au#rAw}_xa9imxp+>S(SFJGIXUg{X0_`jdD;ohyy>!>J2`7AmxUi`wOrTI
z&ShuK%%cAiGo~zGC2>DCJXi8N7-1&5u4qvBimT=cyamAYY1zv(X%nf|qK*|E#D!7y
ziUdU}HeX0L7G#~>t7JI>SSp4<ymBVQi`(m&37m_YTe^BYUL?^VAq?`5vem8X^2CHo
zh1Df;PTusACD~ElNsEgjZ#hw3JtDU+Z~COgbsQu7BE!5~4w^SzdrT5g=S`nfSy`!v
z!Fw(H3%$*4ogH#|*5vHmjA0>D^F&CAuUjPH0Fhydi}IYFVj8l<q@V!Qk6}o4)pBkh
znh?)CdRBILJ#C`y5r6HHh@WU;B&w~7@<&G?6;Z`VSh6H1=7l0%Bv*Xx`g2ls^%C7L
zySh6KKWJ3!Y4f1QQ9(wST+P)+r8Ib_2Y|Hl5)ZN$dLc1Dq^ulJR)Z;$XXOvePXPjZ
zVk850X;h$`Z3O2S&<J`ItQ;;bDxgG8pPt*%o+0V{%!MF(hu7`vMqA`fm+C7E<>F~_
zt-IalY0K7MOB+2M!aqY!FV3Bt5%p3dUMhRsE$(K-&PVlDb+`1%(*dt~$&_lMAqSK%
zY1e$jds<1QH+Q=y)#-2ZJ<XnWz>#u+%XGL!9W5x^+tSqHX{45Ez-ZdpEv461yJpHI
zEj_HwWJoo>jt+G8$&)9eYw?&`=V|XEKm8pmmKJnDrlT3kJsmz8l||JtPR*Wu9pKVx
zX4zC8!N7#wa+$lOZBnhf3Bxz^61iYD?fi&Nn@wq<_&@=u_O*FiCe<}}d)$pQ@(^wr
zoJEv=F2Dc6c&vdVd}!$Z_x(vMw|ZEP6*hQVR(j+qR9Ic7*WD(kgTyoC!nU>yc{OVT
zy1dKM>sQJOffkHV)M+CA<g&ubD!I0>taQXzss|v<@01&%S)ka?j!e17-R_aQJ#8)S
zWi4$jUPxC!<G(px@2Xmi6w)lI3gay_*$Owv&rL5&EKVWkk=|7-p2f9zmNvDyX(W(~
z(V8N>gu;=omY<}o;N9cyqu*ux+rYn#;<tsud-!)*7yIcK624)@Olckfm9(q`rxL^x
z&obX~@}O4LmGBgGujqnOxBv=CQ(I>*Lgb=OUk8+Mu;I$33%Vp!e`&Sb+borI`k<aK
zEpvmXq*~ANrIbnHWOcQ*$UtH9U7}zu8CZHLdWIL{+;TlDim37QtfV6FSLP~}3fo$i
zceJA`Npf{V^U~tx6;f>_L@~vsm(~_%u<9nKH)LQs(A2Wr*X^dZkipKbjGl(>&bGFt
ztl^-G*XRMh4hlji_4IY2?a)Q3Uv+o;y1bZOXe~qC5xiA9v$PU@_Kbh1u9q6JXQq@s
zHACj%ycV*TSwc$B&X9GD5^BzJkCZ+wLuQskO}jcV>7bq}rRQXzk-I%0l#w+z14)|D
z$D8HahHei;S^D%05*}S`?p1P0b){V5_PV9?8IizR7X~Q~%p!OYKpj4hP%#X^0?!gp
z6Ezm&+rwzqu4w6!i+$bQAT|dxsv?{A4kSxi&TuWOFt?J@sUVtAv`N>Ag60d&@A|2e
zrcV7Dm`&txlNR3YhC<i{wU<avQ!@$kI8vB;gc9y)@R8<0fRT|4i6Ndq9R!!FI(s4R
zs#@AHeIpuE*rKkkNEoOr^0&2VItx0Ukq6MVn!-2V(~IAz+<0?!w-E7`bL)s=MWfaF
zP>b$WTxexSBlR91#EcLkOtB(&V@+W-WDTq1pe<32WDFX_*MX`o=x9TJv~H2d(}kIZ
zh~=4=(MVC{>eB={oun8STtnSZuIXHc>0WwG%`$|dzL9wcnBQ{~RF<|j39;bNo206u
z$^}wwb&;=!`GWcdh}D4!Hmi-2&N(yX+BWn_P0gdw$_|Vd?cA$+&LX;LUQSujQD#ad
zB{kC~&B34W<v~m0ps88Yr)$1x)23;@=|*gx9-BQ?kIl}}W3zLOu<1xwT3jrpFUGCp
z6PHxGCK9OZNfHl_az*XpNsFrLB5#`St21V3KG$@^mz%4FRTfuF&C>NReyNGX<VU=D
z5w8vesi#LmqX6m}-1KQ#S*5i)aQJkEa8d2l+{IefQdeG9?u>laG;51Ml_@h&chWm+
zi$K9C`Qi;Bl@bQ}?uO=;wnnMU*V^Lk@nJma?r!OkDq0}hn_B>~y|YKEoLq;03?Gxq
zHmSO^qZ0#Db4!Eh6fK?}g!OnmE2J_=n4SiAn@5_@ZS8K8=9d;rHN}NejeC{1nUq0D
z6i=TUvUvUy$nsSko^Hxnhp-;GvZKe_?ITIuBh_{GG`B2sOG{cBp!9sTrLA+hR83ee
zYe9rm<!c}rlU`VNbscHi?GPTd<+W4lnmgNjP|W;dP`;>IszZffmm&1qCd<Xu3u@7)
z8=6st&gH8B5Yio0?TQMkSk=+eCoPy)iO$fD!aEv$4PKy7+wAV{l8PZ2+g3s9xZE9X
z6x7lnRhHC2w_{s?RD$YO)mB2bEJw_uy6R#{!$>Z!EkiX|c%g~`K1MANZ3-L^NB4kY
z2CSDrQR|ax-5rq7E2P3Mm>kg6+Pfgqx<QGymX1CUu)WKD6FOweiq05{L2>Qzbu5=E
zJiV|~cqh3qK)bsesp_8PLSEJa1ZpJLcDDIwi0hGH?OBE@%B3`95NZulX&>lSRZeKE
z>XZsQ+#nT3_LVJAKvDmW4j@|F*|Cab160#VwHRH|(j_ofP#bv~TikMe3)vr};uZ{u
zJsLH1o`^xZq_D0KqE4!XMC5VI*M`#P(O~EWfNEb)GmIxvVWS&bY=h*Q{}nW;yQ8Pw
zgJFxCuLG@G3w9yF9NS{m?!K0Glx9>PM5o3i&3ZY8LIwmjYScwlF_Ejfwpc20cX%cd
zNu)}YD)@XA(TZ@00;r2PFodUFs`3<fcY-Wk?groz#ZqMpmJ~0TKOarkjj2MnR9)$c
zVngac^T5oYek2nG*0y-i7kcDEv;}kwFppGP8<i17EpKU~ZeWzfoe}(4+Sb+5=qA;_
zvu9OLY<!WgsR>QR<5Po&s5~Dn?UoAbDlv|+xsxYGh^SlD&>6)Vz!MDv8>!^c=kQT|
zNzCd?p$>JU|JJv-Q8LKVBbRq~`npgX*fmy2uBs&wbXG}o$t*+mPRZ+D;Xy;z_O|r&
zz!pWF-QB>g*WIB@laBfpaF<lrfF9W)(GW?!0TP8I#v-DiROjh-lhHw{o5XyjaeOt6
zn{JGC0&y5fA*MRnJOL{$EOYK2X+iN<!P7iBF084>EVCP(r5&ORHAXM3@+@~ZtcoE=
zX&;o9VO&=@iFjHnpA2OPgC|jJ89FudYENeqblaA8P@(~ty4y9{=rRJVhcUmq1w){Q
zC-;7;$o$TgZfa(!7$QuM?DjRF*GY@2S|r!PN<c>ApsV(vM?xsqR!R$7+R?k+(qhaM
zz+T18AOXs5mI_PfmoAtOS<wfYm3OvbrimVi2JU8#D1?DGimkwDJrI;DAn4mXeNy2{
zXv|<^(c<9hE_r@EN=G;B<~gfW>mxm?4m5_OF9!)QCKT49Y@()Urv)ym7Lli|r3r>^
z*!;?9QVBXk0HKQ1(pnLqb2DkaXzuQ=$tWM#kqx7+x1|Fj9Yt$$O>i8#Xh$cDP{@x4
z$WRwa2h1G6Ae^sso<_m>ohwiZAtBd6CUi>`b+V8u;Dlvp3Q(uo)7`L2K&b2NVn{VD
z#L5h#WqC6MN}H%tHF7giFk!<neP?RfGIt~F-m|65tUf7I(sek<dk`EG=z4dX58A2>
z5!nkJR#Wmcg%#ly06$VVG$a@`dtmC-vQ%Sj0_kG|Cy5E{OfVlNu=s;S<Y(c^<w%S-
z5EK+y?(2k<7W(H*X{HRj6cwt4kXFWju!j~&z7CAX-D1Wgf-yloJ&0zlbp*pj)^p6m
zU{xS0>$<p}RW9%BY}8($^|B9$OyY_FJM>zfL}9Kk3*$cjjxhBX(G+nOA7`f7G&EwG
zTzgol7SnIcCx-n=gptOA+5iZ>K2w&aNTuyv-c?vG!hE3-6AuJ0fPT|0m6i}!*R$xM
zpR%gL+6t+()K#+pFXB<mX{PaSZ8@c?VL$1gtc1#CMN&;|eF-bKQdv<6)@v%OF-TUr
zq!PHV!eK1y>Tba(2umuDTXnSyTvAPEFRg2lN`vuZK?&!oq2IEiN&JSo!{D&e-PY2`
z^S{{YfuWknxI<HPiKd4!(U8W7mD9UuQAd(sg<!#KP_4G*W>0!`5vCDc9#3OBZ049j
zk(C$i5B;C$j<Shp#0u#&kao9u+$%vsL0(w1Ak!(!u-URiA{}<*VZqpjFPGI8!HO(R
zot!IW!^uv0dd?&aAUyq{*QwcgvG4iWG4I*A(<ARw<l@3wf(PW~bZUS}+zQz4KS?fP
zBRZ?oGjg$<My&>G%cQBAjy+>Kx8Ed=5Xq(^Sxc=<^OMq&1ye)}hh%4QOfE%nKu)gy
zELkFa)3lge{V9OW(86a-6FFw&i1-;Agc&(`B0uIO3^|u4OjCG%6NQ1EEGJ(i({Y`l
z;XDHd^QsoPu+7~F>z)kTd(<0@>rrpjQ>W)3zOF^C!GMmDCLc7BE6ZIRwnQwHWuvBI
z1eZI6sE>KemTO%uNyOyHwN=7SI<F4%xGDTw$fnYHOK4(8Ce-SBR}OpXT~q2^OEj;r
z+}68{G{RHZh3RUijBX<%e|n)X-9|#M<?ODiQXTrdy6oxGkq%|kJd+BXSBIG-1yP%c
zfV@1-S51>l4y#5!;hV4fimOU>ud9w`vXl@$WG<dxl$}*kDxOuP7`kXBpe1jrJ_T&a
znU+<ygt$j$DWN4mC=B=dOAaN`U#4YM7%zF?4IL!0M@bE_K~zxbl=3Mq{6tCyW9m7;
zc)EAG;YG>y27J8K883NLjYRMo5OZ>}uCFTnnvo3eMbR(ik(b;o<E3;)E(j%xC;wE#
zpPi-CrgX+M1KZLW+1ZgaxsmX^2%MI@oV+P5dDHd$EqOC?T?X7-18z%RZng^vb92iL
z0_5hps`Z!rskyExMijkOPbrVYX6G)Mvc#x<eojo{oZRy2DN&&4J(4yz*C0mzj3|H3
zbXV1s@~>(LEX<!iZ3=$$dbr@7QXY9PujYWNe52J+h6ut#rz#_zlRG6xw?Qm~KoJCY
zO#?h|y?9$__?Aq|o3aFQLxh9)SyQHE8?C+&z!v7{xm<WF2hWML<vDue<f5k(YN6!U
zO&VyXEWI(vU$3WuUndHM>qJ;oHFav$6taF)Nze<iuz}fj?ffGBIjNL=mGvS779D<f
zVX9r<;_2m=Vo#&H8}q=HHhv{T$-KOXcWPFYKRe2w6Xnm1@=s?!#yPCjVvNIz0u3i;
z_@nU<BgpVE?X=XCPVDjAj=eFm6Rr@u((shv?t$xvb0F+Q@uEeG;NMduNjH}u9AW*}
zW!$h}&g;LtA8sP@?<tm?@rb(zekbj<xvsSRI%NB7&ST#h#5ZS7%=vZtRh9?v{Qb36
z2>;uhAKXQML)yNezZv_3cp<75^Y^+%F1gZGiJcBT*boA<JxsJv^*O$<34^>Gm1-s_
zUGi)h3NijT4R6x%Vs*RIhlP6BTIzh=w5A1Brb$K$N;vHAE$q$fzuqia5IznUX|Bg!
zwHvQCN&mq6c*!I+(fgW6{GUyzZMsRKGYk~J0bj`dnQW3S)!u8(k~DRNBweh%&&Rvt
zVzYz?;E$3{qM(Zrf1wsX6?+0d8jz%`_59fHEq^CLa&mf`bTCnp{`+3s5~9T~MgE_5
zO44t%_a5N?c(zHy-z<5N|3>83>x0h%ORft|Qni-;k9fbeLXuViA;Lck@SS%`((9-f
zy?+xKzm45DZY}-8sNer+@BZVgs_OlZuR%oANynlhB|GX^WLSe>QKB6S5escJOjL3f
zFzS$lOw6cbO}bP{GVYa<ZdjD->Qq#8n~I9=rCQ}wRAf_eyJS?$#G;}r8Wp$5zVFZ8
zuOr9Fn!b<6{pb6A%z3bQe)c}=v)A5h|2XH&*?XVf)d!|`mY&Zy92j1p_HR@FmCM)Y
zI#vI<$2Pb`{-?EkT`Qc^A{W!YR>PZbbnf*G->K<^y5)VBrq`_g((Dxd^#V<J))MC~
zqyG1`e5;SGt&hXpp{oCCP24UnxA~u;`mcMI(`Te|_|F<{)b!L$F}*W2fA815J<j9#
zcdDTe_UYa~3_q;-JNWCmpQ;jUdLLK)SL?1$>v;ZOq^&c1H0k-XG(Ve`)~4U+Zq{?p
z3Ob8g&s+X8H5{Ka#@V)K>wlj5yRWW4x2T<GJVWzM|9?g8U8e2J9ya|SY5HgXSnEW~
zVblAirg!wMnx>w&;Vqh8=LenpIKyXX{hoPT!{giE3{8J$-TFF2^_P8C+aK*cThkk_
z<$pi<539X<ey<-u=lR!Yyc?>`&tdMFnqF7k{_+g<{~?_^tD5|CRdt|l{T!_NJ$3bW
zsQp;C{Hp3MKFhh6(B5TQ{$FeToW}Hyk^8hv_OSk#sQRmCJNGK;U#jQY>-Nuy8eXCM
zqdd&>M``}vqwS+h`PN_4lwZB$!1jBy<|k=>^pw_5qf7GM>Dq@h9jiZ}`a#pLDBqrc
zt#nzH^k~xhe4(78nLPc-vVOPf|G3iNW@)_T+ktVi`oJDG{}shqJL9z)w&x$w{Qdi_
zy2XZ;+lD`&;R!cuo8$Rr&Dz$RoI9T3EowU7KF(>EE#_yO=5xyu=h}GwHLBl#gXV|f
zBlY~!sB8W;UpD=pD1Twqx$m%i_o=<RZaFah!&I+DGp`$N7WMDYe0lX((DZEikJR|t
zt+oBL(cP`#muhFbjOlIC@Q<`{-ABH7{9()gfa>+tZ4U>j|J{uTroTteAFPExocv}z
zJzvXo7Slgp^+VnEvr)rme9#r^!Itk5&HvM`(=w9(PUZeGIQM|2W6#@NoO<ipKU?G7
zKslGTK36DQ^SlQ40_wkA)2nKEl~yeOzi9usZ_v3v@ch>`>~)ZurJvij{rgVM=e8@I
zdk)Y4N=9uznoN<uNfY{ojwiL(mowGg&{MR2q|M(KwLU(gjrE)4Kc?l&T8Jw7b{oj|
zyhvAVXo6P%A}!woTHm$y_A5VLqdMdtr~H*VXxVzP`q#?-y8XrSDpi|1+ddoJ?L}1n
zXX|UK=J&`B-8w>}EPs{q*VpB@Yxz^%>rJETRn%Yhu<0#Te{86${|Qa+;`gc#^t?^)
zhnikee=lcPw^r95sdWrz*lzVYNfSMe;p?<L{#>swU($HXAEV*xj%iR!<*?m3dbj3x
zKEp}vUz^ki44<L)gSIzOtdCvlpP=J&IeeJw*YbSzt6Jwwf2{iVCE8gxl0QcM+y52~
z@ci$TxK8c0^891Uuhbo1&er_gtk<KDQh$f0cjMc1ZZq}o(s0|&2ll^DYkEiPAoIBi
z<??iC_@SlF-9dfZE@o)^wH~(p@gnK=XySU<_WOVwsN3Ey((>)QTYoRnc<V2F9Xal}
z23KLYQSI;ilI}ae@J<a!_0N9wn@#^$TAt>*<+)A6Kf70bO#NS~=@VwC4>X@P{nu$Y
z*VSLB>A4&A{*?O1X?^|Eqz2cddRD(%zUwIGUZ(l9VXu1i$IE}!{LZaA-khZRvox&H
z#r(Zh>tjXT{`_hUSL$Bxx2fKz>iT1omg}}ps!y5U$25N{*Q-yMpB6p;l}dxN*BzUm
zL$tgrk3Fz`JgE6h+8>o(wEw8`emYfss2Q^QFIN4Hb?*nZYkHk^^Jn|L*ZglktjzCF
zUhlF4?^j-`=X-i}3{sv=?`Tc0@)d1^%+HltzLj<B{}}b>AGG~1<oUO2#x|?{TK{}O
z%lD%d&S{q`rgypKe^B#Zd;Z1BPj&PAkf#4=k8}S<{o7Q3UcZhX44<dzZ#ZAq;L%?n
z)bzubwaxJSF&geue`&VWKZm*5%J0>1+1_Er>ss+5tLJTdy;jTle!X6tLH-%4ze30N
z+WdV@(~Gx^bIsbpZF_9i{PlI}_(%O^sz3Xl1IN3Q)$m1M(Kf^UeM8Gve|-NBJ%8c1
zotsAfGxYpm-SU4@!|&C`@JaHI*ZghN_M^ov+TSlXX}C6jN2&d1zWYFbMAiS<Nty@p
zf1`>Um*_Q}_I{w@=e@zX-!lApwfDnjZTHl-eopGIB(47%HNVf*K<)UVpP_OW=y>^T
zJ#X7bqw;Uj`ahiE?`U{@)#lFn_i*>mnxC2aJk!kcUy$$Dws#}#JzM>GvHJ4_o_~dO
z?^dVlVaIQ6ims`tHoe2#7ESN|vk!d!xU{Hv;Q4d){CVeUpVoMrzwPR{k9@?r<?1IJ
zK0}k9c8m52p5Gxi*Y)qsnpD!TUF2%(`$NiKQFpxlgy#3Ao3&4q-=L~<v_I9>Pn(wO
zFHHxImtR-??l(GjtmezwACQkF9h1p_NcrRIju&6n@StX{c0Bm3ruPxuhphH~=B?^q
zw`QEH2%Eo;X?X^<JR6wae``j5d!=5p7(QL?uhRai$rSZ%zlxg1pLzawYVYnPHgDzp
z+2?>|TE8bUtV913UY{4L{;&0VG@0kWul6Ur?ZD@&ts1`Ot$I(#^A~A;8g+cB_4iF0
zf3)h@!(QL*IQXD$#ym~!TK}w-Q&jn6J#WKr)^Mu({Ghky?)1h3uc!7p(KJ`@!N|93
z-Ky$O``lsM?@ii%@443%?}Kf6AJDR2s?L2m(|^0__g<|oW%w>_CygI;?i7X>C_mSI
zKK!HF`O-}FncB7KU8QBYK(8;_rHWx^XKD0Y)73WZ6t_s%?6hfk@l|a-%evf^?LDq-
zk*>vQYwxtt%X^%i??t%8zC^G(ZT3ZeS9^=fRFzXyrm1wfuBDyRoi3+Xetlcl;zdhz
zO3Q%;+|tXJw%K<cu5Dpgo33Ngx5@gR>T)JNY-E>CHC$?^+SyevZ8j6SK1e4<>5GZB
z_VQ%7?s7reY_z_Y?y_r$7U|DRcKuLWk!yjS^l`1efwEJ0yPZzYv!!aYGc`4!^9sxV
z+q$$!`ZI{rSC|Wzx9LnoJArRePf>5NzWvePST5(=6sI#t+S?X)TyynR-A)%yw5geH
zw{US!85Ga<ELnV2cbopc(pJn?`?7Komg=M%tL5x#owj9HXmPGoYB_ydw8aZ`(Sy^M
z0L$BSIn>n0qf=aW+afz<NGm`Wf9SH4sl{S0X?HqBqg_j>b5t#Ii|kxUE&jE-!m6mK
zwOj_4*{-QNePeS)(Q69YuF#hVZCBXW=iQw;!Ofm5$1T>mn_6YXl&onws@MqZBor>=
z>RHm>t6AyPi5RZET#$~E>lSKKx{OIDBy=zBYFm1}EqR+d%+{N_r&xexIt|30wS`x_
z#HPG>X?w9@=+wh*EtX~3^<YX{e)VFVZ{4l41r~O;>FgT2pv+ROi6wT`kT#~}J<G1?
ztX*B^mUOo-xl*S%Xr!HQsKvXwoY<1?-trmSEW7n>n!D2azv~)xX@|ZFE>>8ZzEUn`
zPg|^Q$(kD$Me|xLiX|0Ou&?3Douyd!PT%#~GA_U7>T<JqeEn%3(EMmy(x#ykO!c3(
zJ8cVBsDrHyw|HUaVx5}Pb9uRqX&Y$MpYf(T+lVwxhPCh7>MFlaZCkQ*u~TX5(f4`U
zQ5LI_+D2dd##kHFVq2lz#hiAY!nW2qtrkoruq9*{D|aLHss5?^?X==<osM>8htpoU
zxHv2K3hi;-I)%OHKCSKA+R>R0%gRM%brmDZE#nI7%H^(o>5`&`R;K#Dy%^S#wk@_(
zOl;|jow#dpS<6|!S=DZJjO}sdZm2KS%d;bk8R+iPzMvC$Y@v0cw{0vv`rh+uTX5TS
z9^bw74VC)aF5bG_E$Ladu&B^=y-mcn(1qQLmn_jC(YD{kb{Nt^XuElQ+ta40@3d>n
zx@h4w?QM42S8aq&AFqYBmDb`#3pMX{7IC-h?AB>GT3f}Dg&xwbr=6ni0MxeVnk%eU
zTT!jec8X#ti*s=`r}}ES?r9EM-NkCrVMK?4C0FZwwjxEdq0_Bhxob{C9k`3-u<c7d
z)~*9&Z#hS{S!;S%7jt0y=HmkgW@ovs&eS;@I&ViiRe8|T1rC}<F=nyOQ*@e(h57=z
zT_>^>2U~TK9WEY^uh99@>i?_N0X=rmQ@$&gRdb|2PA_bKgY8|eYgyMRMaL9TyDpq^
z-TE$D^RFkg^NYuye*9S*YtLC1x0TzPUVOScmR+Y!M6X{qzH4F6)x2P-cdzL!UbAeA
zv;JzkPAge^Xl>9gy>OS$IHjfSY8^|pC%viMKf3fHr~~vOecRYpbllQKI!r9OrrXxH
zTe7(0)HV&aS$f-|>uoF1R=RxQb;XL&QcttVTw@2X+F?i|PkF*f&5pL!p0<w5du^-K
zDLTvDHQiHB)uKFc%1akrag91>>7w?_uPyfwtDyASUec}g(Pk^bf?8)UUR-PfHuHLc
z(5X)LlCS=`(k;^qqjjDwuZ{}Wc57NXQN%56x833KA)c&_E_UVeoHT8N>UHaWJB}9v
zwj&qQ)G9AljBS1gR?`!Qiq~tsSt&B@i)EWro!qCbthP*g74BH7Ew#4o=&eP$uPk2H
zsZFF<|JHc1|7e_Ry>MRJxo7E%^jf6XNV{9Nj;1<SUz?{^ln#Qn4J^5`t;gOvxZ*?&
z4&{p%UR}Jl>pBaam7$||mtNM(eskTmCzp5I8zOrNQ%~uAl^s^gLzW%9&TMshLDbHn
zLv?%cE<&rd_F`x+F1D8SM!~X*_fR_aT&1IbF|tjEwqCtcYqx6$+Vs7e(BEWK9#i?b
ziv4ZW9{RJ^6CPa}vd_sEKVhssKWJEQGmF2e*;9J!=-#ek@5O76y#yQNw^Y8!@C<xZ
z4yn9`;fTh=#P*rQ9{Te_@%iV&#gKDvmj9&k4V7C}p0DzVN>X{hiaq{EMIWnOzsko{
z&Q`fX<vx`wRf39rMyNgPbD6!z|96$2sobwJTg4v#SyKG}6a8<WHSGQNf2ruBK=JsH
z{@+FX5Y||%;71Isl)qGYkl|m+DzQFRxv#05sA8XYKBux;Wt@sVeyXBBMLPS8cbbYl
zo~Ghe=BWHpWuMAPDmSUv<6f0N6_NgqDu1K0O2s}u|61iuDvMOMtNe$`11i5)vBw^j
zyH&oT@?{l!yiVomDxX%_sPaRVtYV+P?QyxvnMI`U#N_u?zN@lU<#d$+6?^Pg`Gd+a
zHlWAHRn`<yxo!Tp;;%DYW2u4;m8~k@QMpP*e=2Yns{B}Gp~@ze@2SjEIbOvc`gm77
zexUz<L2Rs7d9TVlR6eR=kKdL2ul#@b|H4$B!Ze;WY+6SS8=k1)CdR#B*mE{GO{GQU
z1RKy}yh^jm6dTZEYRTjOzx46w9}AxSB-M`7xam(a-bNi=H~tjjXW)zR(7HOc@S<9P
zmkb+j(C{I3<K`(oS>=_Cd!Fo8d8Wz{jH}T~aIVxx;wODH){VVD@p*N_HxoZczD?zw
zDp#wVrSdA3;g4fA;uc2s$hQoypy3--mZ+S;a}{}=%3B#;F3%x0UPyeKJc_uUF&g++
zmCvXwP`N|pFco{Wsl1|y%Kz>WV^zMuxYy!)&=^#Ck;?mQK#z4QeMO}E^vHiEz6_0T
z*TojjSLsxFgUVbLdt9nAxroYNsd+B(>t(yj?J6Hsd6|kmKBDr0BGTWE<!<5|@lLr#
z<x322mY-Gm1j9yc|FLD>+t*OM#!b>6)b02?b8$n_Pe0H`Y5TR+wf<eHFSwp6*FL{I
z7TbPR+m03fUp-!+hAjUVCzU>mPuC7@<4?y0cr$(qcj6wrd`g+O2JghnwL{qSZo*sf
z=XioPB76S%TCwIO*o$}J7xAa~TpeJn{>Sl~_-oW@V8!!W@#pv$9-#w)<u~Ie@Jt=N
zZ2ULyE*(^C_?vi|HZ&Xl9-gTKhz<W7e}{8kQjR}&M(KU{ZXN8b{se7I=6*cyv~u_!
z{MyWN_!oHH>E-Yk?VOf(JwE^C<?ttQZnYe~3h&4DXO`pd)=p>nhv*<xOb3sdRSsW>
z*WwrOY#msv{#CdNzmGS}E}!3qf5b^=m*eMS!cUx6j{gj9)!$8R`g`yX_#B;2VdKxk
zi_yL}v+?7x2`8f6<*s-hn{XmJ{axIi->SdYn>%nf?#D)bzi7`-!YMct=i&nFL_2T9
z^7?T-ZomQDh?{UTCLF{qxD|(R8*axPm~kiW!rj=R@4apQI<W_Pu@3{T!qvDI*I~qd
z9KemZ850iT7Tkv0G2>3$g}ZSd?#HoH%H<i4jo5^fu!56u3bx>Mtl})3i>){h=VLo|
zU>EjaFZSU|T!m|JEw00e8*l(O;bu%Yh(ovycVNbyxC{5<K6EFS{W%uLV<S$)N!W~&
zaSFEJOswJ@oQthE4?VVHCw5^E_Tma$iK}r9uElk@9yj1d+=QDk;Z_{N?YILo?!-N~
z7x$xkA^nQuaRN@n3O3_poPslOCeFe+I2T)S0ebAfPVB-S47dVU;c8riYq1~K;{a~N
zO}H7i;8xs*+i?eG+>Lv1AMQu@BKj4ZZ~{)k3O3_poQ^ZFinDMI&c*q-0Nb$xJFyG<
zFyKmDg{yH5M(oE8IDi{*6At1Q9Kvn59e3a^+>Lv2AMQujQub>jHsM5^gcWSY7MzYV
zv5K>B4$i~*=&>C;uoHW+4_DwyT!pJ~9Y$P_8*l(OV!}b(ibJ>!x8qLSg?n%>?!)~!
zek%Qn6L2C<!U|5o7My`Iv5K>>73bjs^w^Fa*n_<oa0RZ!Rk#+{VLz_N4LE?CG2s^6
zibJ>!Gw#IQxCi&*J{)^W*`MRF2`Au0oP?8c3QorvI1{Tl7h7>YE<lg%*o8gVhXGgM
zN?e0$F=9Wi#|^j%H{&2~!L2xiJ22xe+>Lv1FWSkr_Wp1zHewS_z=_z5ld%P-;|!dM
zb8s%s!}+)XJ$7Oj_F^9fT!E``4X(q8{kR@C;wDTuh+A+gZpR(C6L;Zm+=KhkO=mmB
zMr^_fSixqTf-N{5XW%THgRM9Z=i>tGz)tMJUhKnwt8g{0#dR359|v$FZpMUzxCOW2
zcFedFcj0c_hx>8tsq`y0ViQin3Qoo;*n-osinDMow&FaTkL}ojUD$)Y*oP}|6|TXx
zxDF$3zyaKZn=#=a4&gT3ff;w=F5HXz(7l-bAID=OPQ*#rjFWK+w%|;x;vAfdtvC-o
zwqqxDVGs7=3S5b+aSg7;b+{fk;6~hpn=#>59K!9m12gW#J-8S5qk9ScisNwtPQ(f}
z<7AwIGjJx(!Z|n>TX6w;?7&X!!X6B`0$1T`T!U+|AJ^jmZp2Nv8Mok8+=kn62WH%j
zdvG7_N4t2ac)h|VoPd+Cg3UM?r{fH);w+qlb8$W{z;^7wPVB-y47d_k;c8ri5&Lli
z4&X-IgoC&Rhj1Hi#~ru}cjI2%hx^gJwCvYLY{H2+2`ku)EjS%#VijlM9Gr*q(PKMy
zU?=usAFjZaxC&R}I*hm;H{bwn#Ds&m6^C#eZpWRt3-{n&+=u&d{LAQ9oPZN?5>{{u
zw%`n$iB+71tvC-CpvQLXz#i<yfGcn%uEMpr4*PLEZomQDj0v~kRvf}@m~kiW#yz+f
z_u<&n%KjXWO*jE3;v}4mQ*b)Yz?oRZx!8*HaRGX4$1d!_J`A`5SK=C6ixK;AJ#N5F
zxETj=3vR_B+<_T);cnc6d(qA0c#4hKgcEQgHsfS$!Ra^yXW|^3i}P?kE<lf+*oD2=
zhXGgMYFvZsFk(Nh$BnoN6At1Q+=|<A2kyjOxEuH2esrg^onj+4;RLK;Gfu%4oQ^Ya
z7S6#|oQLyq0d`;~_FymeVZc?m8rR}FjM$F@xDhvF!a>}E+i*K(+=;tzH}1pzIQ9(s
z6&tY$Ct(FA;}mSc=~%^CI2T)S9?r*h?7%MU!CvgcmADGm;96XV5$!rRdw(;&Qrd`3
zI0-A*j4e1FXW%THgL82{E<lf+*o8e9a0RZ!HMkbn;d<PF1GpIz4&o4Q!|k{ecj0c_
zhx^eTM}J`xPQVH_<7AwUGjJx(!MWIq3(#Xbc3}_p;)<HA*Oj;m*Yo^FOt=-d<4)Xz
z`*Hm7<#JEJ3QoZpI15{G0d`;y23&<}u^$I;Gj73cm~l7m!?7on^Vx)xa57HED$d3E
z*p6M;hbwUnM%;j#a1e)Z2kyeX=$hG%a3VHi3(mwjI1fE`VlS@1)wmAV<3>!l6}RI~
z+=KgZ{E4i8tl$)!fwQm`7hnhWV8B(l7W;7kH{%xEh8cI`J{<d8);~_d$v7RWI2Y$*
zJ9c3ouEaGMaRY9`K^(#zxC{59dmif_Ct@?U;7pu@^Uz}__Tma$jq7kdZp4IJaXaqB
zJ-8poPiFmN1*hN)oQ18p06VY;1Fpig*pCCa8Mojz%(xr(;n?T1{&5mc#_3qaxi}x&
zu?zcfC9c7U8*md2;t=k@UAPzBNvwaIh|So7GjR^iLyw)<iz{$7M(oG+xB&-nBW}XY
zm~arc;8q;MZMYqGV8)%e3wPrl+>85gKf2oa7+Aq(oQzYj1*hW-oQYMOg>!H&w&FaT
zj|*^s_fH#f6K=+YgSZ8^;t+1b?YILo?!;ZV8~5N|+=u(oy}aD6#^QKv#3r186LAt&
zuo)-g6l}riI0I*56=&fboQthE59i|o^w^Fa*oj@(gT2^?0axHkT!pJ~4X(v?7_lGM
z;|3hSjkpOnW5Pk)f?IJ2x8Zi&ff;w=F5HcKa4+t|{phN!f7Dz2(Z~PCJ@6pQ_Mod2
z(Sxpv9s@>9m{Au_>!EzCqQ`&{6J~UFTDIk*HoRikW59?BGZvTNSpGp}UKKqCjF>QE
zahkW~k0l>H28@_6V{xjq<sVEwdJGsbVaD<j7v<{=XzPb6dJGsbVaD>5f8`%SK6(ro
zF=58yW4z73eVn)U(PO}f2{SsK6<(}AtfI$&5ff%CPr+CF#i{seA3X+)m@s2;O1jPe
z;mkjJ3>YzCM%{R!oPVsM$AA$NW^_*>AFJpwV8nzO%S$md|3@(Y=rLf#gc;qDw2xKv
z7%*bOjOD5SYQKs0(PO}f2{V?LS}6Z0^3h|!hzT>6m!c`(E+w$-4?PBqm@s2;8JMmA
zr;(2y14c}kvA7(}@+Xjw9s@>9n6bDd%<`X3K6(roF=58?k_qJ(mriK;(PO}f2{RU#
z^H}?KS&yuu$AA$NW^@zFyb4y)W59?BGrHpPEVYkS^cXN=!i?qRP|81=`A3fdBPPsP
zUPh<<W5`F30V5{NSX^#s{Wpnx^cXN=!i>f3b1eVa<fF%c5ff%CZvScd$C8g814c}k
zvAA8E<v)jf^cXN=!i=s`=2ftY9s@>9n9&{Q^ica)MUMd^Cd}xLCm*ZmF<``m8OzK1
z)cy(ObgJkvV8nzOi%S7*{+r21j{zel%vfBqYWXLUj~)X?Oqj8_U906kmwfaXFk-@t
z`l%>Al#f;P7%*bOjOC?f%AZX8=rLf#gc*xVkgfgalaC$)MogHoxMbJzPa+>Z28@_6
zV{v;$%YOm+=rLf#gc-}rK$Sm*eDoMFV#18YC6?Cy$>gKQfDsdBEH7JB{tL-Rj{zel
z%vfB4Xzjm<eDoMFV#18YrLmUZLOyy77%^eS^72{bPbD8c28@_6V{v;XYyTAT(PO}f
z2{RU#_gelm^3h|!hzT>6m+2~hI{D}^V8nzOi%UJN{Zq+Dj{zel%;;WR=2ftY9s@>9
zn6bD`fwlh<+DDH8BPPt~X3#!X(PO}f2{XEvl8;sN7%*bOjOAsln*WzE|L8Gb#Dp2k
z+W{#5H1g47z=#PmmX|v#e<u0pF<``m8H-E%t^ZFaA3X+)m@s2`d9(7*ARj#jjF>QE
zaXSWU|K;SP$AA$NW^~muuYy(d7%*bOjO8s4)c%=H5550Hj{zel%;;WG=2ftY9s@>9
zn6bRPUG2Y;_R(X&hzT<mw@a}8n?*i)3>YzC#^Mrp%Rh^J^cXN=!i?puHk3b`eDoMF
zV#18Y?LDmhv&lz~0V5{NSlm9t^5>9`9s@>9n6bPBU-{>dj~)X?Oqj8}J%I9GMLv2A
z7%^eS@)j=2e>M5&F<``m8OzJ=l|Pq!^cXN=!i>f3@U8#OB_BNojF>QEc^d`gpGQ7=
z3>YzC#_~2Y%6|>{=rLf#gc*z5f!h4Hl8+t(MogHoxYdm1pHDt|3>YzC#^QFqmVW{H
z=rLf#gc-}*s4M@q<fF%c5ff%~^UAymR?%a?hzT<mw_vgPzmWFPW59?BGZwd%vHaJO
zj~)X?Oqj8}ZL{((A|E{ljF>QEaSIA-e?Ix>F<``m8OvKFDgR>f(PO}f2{XD&%Df6z
z(PO}f2{RVA%dq*sl=jhMz=#Pm7PkVi`~~Er$AA$NW-NYw!t!5FK6(roF=58y=O`@y
zGV;-5z=#Pm7Pl_3{5JB@W59?BGdf@9Rj`U414c}k(Jgd(sC}%W$AA$NW^{|l$0~XZ
z7%^c+x0rmaqQ`&{6J{)KsbcfrUQVZq9s@>9n6bF+ljUDdK6(roF=58y)?Ai<1^MVP
zV8nzOi(7hG{*~mT$AA$NW-M+iW%(WCqsM>|6J{)K(PQ~b$VZO>BPPsP-1^4y-#|Wk
z3>YzC#^P33mVXub=rLf#gc*z5?^u2(`RFlV#Dp2$(lW1tRrDAzV#18YZIZ10t7#uS
z28@_6V|g1k<u4;2JqC=JFk|s^Cf0rz`RFlV#Dp2$8(Ds=qQ`&{6J{)auEE-0PW$LF
zV8nzOi(6V*emD8(F<``m8C?(ak5%*-Fk-@t#ck=V{cC6+JqC=JFk^X(HsxPSK6(ro
zF=58ymRQ#Qb>ySRfDsdBEN;tg`Mu<$$AA$NW-M-XXZhEYj~)X?Oqj8_4WH$|iG1`J
zFk-@t#Vrvn|IOs1$AA$NW-M>nrTjkf(PO}f2{V?rE>r$n$VZO>BPPsP+~&;Y{|55W
zW59?BGukg=6tBNnMUMd^Cd}vp`B+7d0V5{NSl(_?^M8}m<3U$Nj{zel%;;_|^D0<H
zj{zel%vjz=PVL`9`{*%X#Dp1(TY6gmuOJ^i28@_6V|hC|<-e7D^cXN=!i>f3@~r*0
zk&hk&MogHoxDBY~-%37u3>YzC#^UE}EPo~W=rLf#gc*z5pIZLg$w!X?BPPt~ZY%RD
zSVfNkBPPsP+``h@e+TWO$AA$NW-M+AYWb_kM~?v`Cd^pej@9!2iG1`JFk-@t<!u6$
z|Ig&3$AA$NW-NbZN%^;vj~)X?Oqj8_&8p4+YVy%zz=#Pm7Poq|{CAR%9s@>9n6bFM
zt>wRqeDoMFV#18YZ5%EC4)W1sz=#PmmbYG2{u=VpW59?BGZwdDwf5glK6(roF=58?
z*2BvG7xK|#z=#Pm7C+Br?Z1b7^cXN=!i>f3X)S*(`RFlV#Dp2$on>AHtLQOc#Dp1(
z+t6D3@1=e87%*bOjOFb&mH$5S(PO}f2{RVA?X>pSk&hk&MogHoyzR2`-%mbz3>YzC
z#`4yk%KrfQ=rLf#gc*xlH{1N*MLv2A7%^c+7t6c~R?%a?hzT<mw^X(E|JCWC*MIaF
zFk-@t?(Q<Lf>rbwFk-@t?jG{7iXH<-Oqj8_O}5Q{Kl6_s14c}kvA7kh<$sWT^cXN=
z!i?@i%s*DqW59?BGrA9xk5%*-Fk-@t#jT)i{?{}A=rLf#gc*z5&szRR$VZO>BPPsP
z-hNv7A0;0>28@_6V{wafYyV^9qsM>|6J{)aZprdDkdGb%MogHoxP7<ff1G^u7%*bO
zjODH4mH%(#qsM>|6J{)L<E#8nkdGb%MogHoye+x%2gpZ{0V5{NSlpuCmj9FFqsM>|
z6J{)ae#`PdMLv2A7%^eS;&$wo|7r5kW59?BGZwdUxBQLdqsM>|6J{)KCvEwkAs;;k
zjF>QEaVuua|1A0FF<``m8H-!xTmI+BM~?v`Cd^peHs10#k&hk&MogH|eZI`AU==+E
zjF>QE@v{Tg{=d^cdJGsbVaDRt{g(e9<fF%c5ff%~o0)&CqQ`&{6J{)L5w7;XK>O%1
zV8nzO%b$l({ujwdj{zel%vj#mTlrriA3X+)m@uPDWnKlV=rLf#gc-}9M^O7;c6#Xb
zA3X+)m@uRJN|{%|DtZhUF=58yXC7?*-%I=GF<``m8H?MvTmB&V=rLf#gc*yU6S4fS
zl8+t(MogHo_}L4~{~Gz|F<``m8OxuFQ2y7+M~?v`Cd^pe8s6I9LOyy77%^eS;-^R~
z{~P3^$AA$NW-Nb7Mfu+(A3X+)m@s4U6D!vKx5!720V5{NSp1}h<!>b)JqC=JFk^X3
zf8~FheDoMFV#18Y&$3wi_mPht14c}kvG_R<%l{7f=rLf#gc*yUqOtrT^3h|!hzT<m
zKXGFD-z6VC28@_6WAT$Emj6BS(PO}f2{RTyvts$*Cm%fqjF>QE@zXGtzm0tK7%*bO
zjO9<{DE~jnM~?v`Cd}x5Q07&ziXH<-Oqj9wDIS~u|Dt{L7%*bOjK$C2SpIhM(PO}f
z2{RTygJbzWBp*EnjF>QE@pD6#e?R%?F<``m8Oxs+QvQ#~M~?v`Cd^p;q>#10gM9QD
zFk-@t#n10p{*TE=j{zel%;<hn=2ftY9s@>9n6db2By0btw2vMGMogH|W!lFodJGsb
zVaDQTldSy*oF01pM~?v`Cd}x5R_0Z(iXH<-Oqfwk7VTEBiXH<-Oqj9w$rPvg-&szl
ziXH<-OqkI<MEh7pj{zel%vk&knYI6O+DDH8BPPsP{;ZSoe?dNa3>YzC#`34Tl)sC7
z^cXN=!i>dFdfEK{l6>?SFk-@t?pI}A1*_;WV8nzOi=Xnc_J2+L=rLf#gc-}9%TfMr
z^3h|!hzT<mKPzVK|Au_@7%*bOjPAc#eypO$fDsdBEPpai?LSQW=rLf#gc*yUI<xuT
zLq2*87%^eS;^*fq{}J-hW59?BGrC7veypO$fDsdBEPsAY?f;hc(PO}f2{XFAw2xKv
z7%*bOjOEX!sr}#4K6(roF=58?C+C#^d-Bm^z=#Pm7C$9t{r?B@(PO}f2{RTyn`im^
z$VZO>BPPsP{M?}B{}1`-F<``m8H=Cpv;04jj~)X?Oqj9!i9hB4iG1`JFk-@t#n16s
z`}@g9j{zel%vk&+qUHaYeDoMFV#18YPf=R_W8|a9fDsdBbbl%HDp*C20V5{Ng$)A@
zmhKwL%ko{r5X0r=`Neai|Bd#*Xb+6`z-SMQ_P}TljP}524~+J}Xb+6`z-SMQ_P}Tl
z{J-4;2l4s;AU^*e#OMEmMnC`mzrA8d=YF&YMtfki2S$5fv<F6eV6+EDdtkH&Mtfki
z2S$5fv<K>X;2<}q7%IQ@uX|!N9PNS89vJO`(H<D>fzciq?SauA`2V^GDq6a~=<zJ9
zEv)@|!T8$1lX#5A*?Y$uRgO@xy5?ajlT@C9hsq;Wo~H6rm7`Sb`HG4SFH|{J<xI3`
z+VCQk7L`|^y<4^6#VRjUc_ki%?XsdW3&-N+@~J9k;lX%?JWgdcj>9YE@hWHIA=n{L
zP?>|ayf(Z<<(Vqype?Trzd@y0<yC0?V#8OdsB7J;@o?;v&sCX=jkr{vqH-=;zuNHC
zDpOU?L+g7RUZyfp<uz!1Z^K<GwvJn|3EwC!J|B<5<<i#K1^86#md{anEm|EL?opYb
zG7l}ba*fI}R4&A)<F)cdDz8JUW5d^}*gRZ>)|WQit8%i+e6(e<;p<gwnir!jqYb}F
zWs1rrcr;p$^=%v4yxZ{U_yW9CTF#r%ws#wTy^6(e!Dr)X@_8yRLyIS?*tTSPmFKJ6
zfD5Fx)rYoE*s#s>G?kfX+xm2sGtm0zRF#+GRB8K$ZOf)@8@5kW(WYhlf^Dm&P0RKH
z+ZIimmTmjCO`0!Ov2Fe`w0+TrU!r2$yltcA3>DkfPr{c<+s18K%@!5gwr!cs+Qatm
z7irBc(2`da_r2)k1vbu>=gA&+Y_f;du~K_9=%`iBv2(l5Y|wL7$Cg0b^DAt)qW&m{
zXE1ya!=B-Ti=J|BCBx&2Bad?f3?EYL70zuhh8wip*0XxNvYh^*#ZqdS89t2Zw-&<<
zTJAkX_1<E*2p|8?w~lew&1rDIo!#JWl*1oCcvXY@smd;uM^yf(a?q<AT%*d<RgP78
zfy#81(^Y1xT%dBP$`vZhRC-lzR(XfY@W<PNw#{|Uedsj}?zJCw?#K5ySBzWb+{WSK
zv=Mx9_&9B_TZWBm(N6HaVdK1Zh#kYmwP@TghmX^S^7~=q&d|ox(E7yryI(t2<FIjW
z&_?;pVdK894gC0F<L=eClZTD#*M>i1*tqv;db5X(d)7@lMrz#C)K|~?P}x_fwCZ?J
zS8t3Cq;Gwtj`13|T6L^XkJq@vb?~}g<M!QMj;pPU*IxS9>!tRbY0uuOJbR2$c?a<=
zif<>jefmz~w<-QtV%ule6WjheK>T*ax3az6ruegrw|(>r#M%Vh*NE-)=6+&(jd_6h
zcE!IY)*`yS#P3wRkN91R_Y>Re#KGs6%VNjpBZ%#||5W1lC_aXGt>Tl3?U;Tlu^od?
zBerAanZ)l`JeSyx>6Z{!6nkQIzw0FKSKLKx$G#q7tzOqhY{#y55!-S3!xxqF|8d11
zV*I};-atH{_>07LTplF0WAe9&Kdtz`i0xSXBjV2}evtUHihn_D$Js}S|6TF#iBDHN
z=7Ms5s)`$lzpVIK#M%_y@x*5-o=m(&aSQP|ieFCrD#f#jzpeOO;`<c05zkY6CGmeM
zzK-~Q#cPP|wd2FYS@8zqMT$Q`{E*_$5HD3cNc@Q6ZxR1V@epyJ;-3)zS@A=PZRxE%
zN^JYcUx;lxobcMR&Kkv&h;6$%iP+Z5G-6v9rx9B}zmj-R@!7=IhvySpA1)yNmf|jA
z>#MgDzee$D;vvQFCANP15V7^!M~SW9HWDvXoQOLVf1TL+ClkL(@h^z2fBr|Y^}z>J
z8s?R;ZO?}ipQQL0VtXIaLTuaKX~gzE=9R>@j295ME54HWF~wIYK1f=7%Zcr{bStqP
zTW%+|W6PbycHFp&*w%~nzfH%E1NSiA_V<qwAFcRP#I~Q_OKkh*w}@@O`w6ja|Gy#r
zisHwJZF@fW!m_O&D4sw(U-7ZTwk}R2w(awU#8)YP1@Xg*&mrzs+)8}C;x=OIpUV~7
zvDvoItBJ=e?jg2g<|^V76t5+=Wr@U}SKLo*>*Zs_UsC)D;#VsE9Pw<$Um~`B`Fq5+
zeg2%-`r$Xk=PUjlv2BxoCjOz~Lta<Tzb)^P#J26(G1->uT9u<U{$Od_z=_268Z@2Q
z*6-=Wc5I(b{659!6MtOs#l&YQem$|R$A!eUT+4`Up1X-{J-(UvBE_qScPPGtc#+~e
zi62zlPy7ePA0ytUc(dYh($>+v#I{X-gV^SIh<Lr?pAy^g{6S(nhWwg%v*LZkwk&@k
zwr%oYy^dI0uTgmlu`SmG;@2yFHt}VOpGTY(Pb0SFI)~V{&kKlmE53x-*4G<|A649~
z*p}}Wl|XF!=555bZ{9&{+vlCc_B!5AY_H@0Mr`}w=ZNif@GHc2T>U1o^~n&iZNv8y
z+q!!|@u5<0<lXT1LNC^P!Jk~*;HJqlFKci+75_@*VU;dzr+=1vRsN{ba7lyvlN>LP
zP<g99QB06WtK6#Giab%}<hpW-;+LrWtw*i>XPnjGW~$zqDtD;ev*bA{=c)vi%TyMt
z^s02JT&MCDmD<CWtF~<S{YdW*RaR<;{D_LZHyqcc_tB~|#CyS79lPsItxlur{8-OF
zG_206>gpV!IuHMyIxkgQw$c4Tb^bDJI<@(+Iu+G9RQ+dtXph?b)Yq{O?MIDJ=PXU<
zXw|9B^SY;Lnsv)=ZOvAl<435|qB>JXXscCqrjIb4^Hpc&2z6TYrg_!~ZJnw*bL*z_
zOdV{7FIQD{=8aJ2EY(>sLY+CP(>_9-3$<LGb#<PspI@gsJ*v~EVvi@QGe>paF~W4t
zQJp(RsIyRY-Zw&>H>%D(suNWH*8D72osa#UI-l3}Gxh1teOh(?*7j_5&QzT*k5Ffp
z4)otqoxios+vmC#y-|2Tb^g}&Y;~so19eXM2kK1w2kOkbSg+k9%+HyZ{QWvV(LDES
z6^woTf#n*$zgwNGI!{%d+Hvfhr#847es|zFW_8}E6?tM^otZ~9xQ%-c)ERe_UiS`C
zAF0mY>SwF-PSttE2z46trem(^{H^tF(|N1vTsT6VcdL#cq0W0$r(=XVYgMOfggWok
z_I$nS{JmwrLv?N+p-zM9+%-a-J6rUbLUn4}>hN`H{qy#z`n*3voh5o>ci#wg4%UnP
z_7UnlLv8(RggUQNo!ukUIYD)PKSG_g+EyF%n*aBfeZJ=TaMh_De}?zZ6-Slt1D~!s
z!`IiBc<r`2_TJ^$f2Ypdf{q)icjA-OslA?Bos*xcda84}iamzUkJUL<b!LxH=OwE1
z+7arss*WF_&T;zCwN!QN{Zsw??EP-}o}^eV)#+88TU6{(drkR3T^)a-UQ_gZ?YQw|
zb?gt%cRfj4XVp!oMRh(}SEn|ehldW#&s5d<OkJH?A3mrLb@o20nCC9%lIjd!r}gW?
z4rJdRp-x40?jNDf@&7=bX4QFUgy{s;d1Qn-t5v6=?e8zwyZ(VXQFV@ZlIh%8*UxwV
z19iT-LVss?lIhg<b5-kWvg*|KQ(LEh{;j^J(1*|3`kJdc(?_WDdex~8t7GrS>ZkLr
zQ}uc=tj@)1>$m@Ppskgf&iuMMpFgs}o&Bgj&*_6oZGKj3I_-6JY@UZt$G#xx8dj(N
z{h@7#U23aOb!z*?eMdC7D<9D@sjjVF)mb${omSOZ`y_4EFMH5D_t#Bl`BNHP|DFS{
z%QipNY5F_xusV<GgMa<{3To@#x;jtVKdSTH5$dc^od-s!)Ac;(_SDt+X5(M43;R|3
z$402LL3NJsb^Uz!Ur(n;btcu-d9t?pRA+Kso$ZJH^>n)QVR(97op@-2o2Wi~(|^`&
zKdLipggQ}m=8aItzI1D^tMgCe8{D4XJh81N)wy<rI#t!VZG<`lnxFU8)k)(T+}HI-
zhWh17s`J4S>I|vQr$?xhRp$#M)Y+pt-x{G#(+l-?^%3e+ROgo?)M-(jKa5bPp{ir=
z!UNmbBM0m65$c~Ab;rzuROcxp)Y-26;#niq*`_)tj!-A5&eRd=45`lPBh;z1^4%7H
zE3jkTvR^;(nBZ<IzZ0t+$2zp^5B}<jbsALXoVvD#*RgML?H$CWb#=Zmw!wYpm-^gs
zU%BsCoiW4eoJ5_K`h%t&pRJBQIy_-IcO2B<ez;5Tuh<8zj{WVjy{@f4j%jc&9#-dI
z)#<FObFu1d|M?TAqqpJi+PXS-HvIK;4pE&OhSixeY&!P$xVP2S8NPqnJRhn$chuGS
znR@KfhYs|!)v->zyROb}_v;*ro%-9-_Yd?>gX(;|uFe&I(%;=5)O+gh9jK#4b)T=R
z)BZ<&Hhw_wzj)tU^t0-GwXV*i|D(Ur46CEn<Gx#0XYW4!oi{&mI@(;^kL&8(tUB9&
zdZ5nu6{^4^Tsp@28^*Y%qsQnMqsF<-r!+V(^9|$NZF(*!Zq{?Fj~(M0<y5VpO-skP
z_?$6rr|P&N{e4dL2K0Q7jH}1FecE8!HO;C%cqI)7#rgJe&TDwKzMr>8pX&CiR5k2h
zpggOi4|Dy}9_wXN+Z8>(L2<ZI(@~o<l;id^xB-oe8rQ68W|g_BH%n!Op08*=Kc(ka
z9;<0+nj1C0of>cF2CS5uH9V;CN%pDE3e97@Wt<z-@J8irQb`)`-aXDWHA$7tHcn-Q
g+MJ{5j8_|O%{aHp+N+LnN2@E6`lG7xS@ZpW0P9cI-T(jq

literal 0
HcmV?d00001

diff --git a/root.crontab b/root.crontab
new file mode 100644
index 0000000..924f67b
--- /dev/null
+++ b/root.crontab
@@ -0,0 +1,5 @@
+# Run the hourly, daily, weekly, and monthly cron jobs.
+0 * * * *		/usr/bin/run-parts /etc/cron.hourly >/dev/null
+0 0 * * *		/usr/bin/run-parts /etc/cron.daily >/dev/null
+0 0 * * 0		/usr/bin/run-parts /etc/cron.weekly >/dev/null
+0 0 1 * *		/usr/bin/run-parts /etc/cron.monthly >/dev/null
diff --git a/sample-rc.d/rc.firewall-guests b/sample-rc.d/rc.firewall-guests
new file mode 100755
index 0000000..45bb749
--- /dev/null
+++ b/sample-rc.d/rc.firewall-guests
@@ -0,0 +1,137 @@
+#!/bin/bash
+
+# The name of the main external interface.
+EX_IF="eth0"
+# The name of the VM-Private network interface.
+VM_IF="eth1"
+
+# Disable ICMP redirects.
+# Note: Redirects are used when a router believes a packet is being routed sub optimally and it would like to inform
+# the sending host that it should forward subsequent packets to that same destination through a different gateway.
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv6/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/send_redirects"
+
+# Flush old rules.
+iptables -F
+ip6tables -F
+iptables -t nat -F
+ip6tables -t nat -F
+iptables -t mangle -F
+ip6tables -t mangle -F
+
+# Delete any custom chains.
+iptables -X
+ip6tables -X
+iptables -t nat -X
+ip6tables -t nat -X
+iptables -t mangle -X
+ip6tables -t mangle -X
+
+# Drop invalid packets on all interfaces.
+iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
+ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP
+
+# Drop unroutable IPs on the external interface.
+iptables -A INPUT -i "$EX_IF" -s 127.0.0.0/8 -j DROP
+ip6tables -A INPUT -i "$EX_IF" -s ::1/128 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 10.0.0.0/8 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 172.16.0.0/12 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 192.168.0.0/16 -j DROP
+
+# Allow all loopback traffic.
+iptables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -i lo -j ACCEPT
+
+# Allow all VM-Private network traffic.
+iptables -A INPUT -i "$VM_IF" -j ACCEPT
+ip6tables -A INPUT -i "$VM_IF" -j ACCEPT
+
+# Allow unrestricted access from our IPs.
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.7-91.109.244.11 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.78-91.109.244.79 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.239-91.109.244.243 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a02:2498:1:227::/64 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -s 185.176.90.169 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a07:4580:b0d:57f::/64 -j ACCEPT
+
+# Allow packets of established connections and those related to them.
+iptables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# Allow pings, but ratelimited.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+
+# Allow certain types of ICMP informational packets.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type destination-unreachable -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type time-exceeded -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+
+# Always allow SSH.
+# Note: We never want to be locked out of the system, so also accept on the standard ssh port, just in case things accidently get
+# set back to defaults.  Any connections to the standard port will just get a 'connection refused' message, unless this happens.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: DNS.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: HTTP{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 80,443 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: FTP{,S}.
+# Note: This is a very permissive configuration - it leaves the high ports completely open.  To close it down,
+# change the last two rules to "ESTABLISHED,RELATED" state; but this will prevent ftps passive from working.
+modprobe nf_conntrack_ftp
+echo 1 >/proc/sys/net/netfilter/nf_conntrack_helper	# Required to allow nf_conntrack_ftp to actually work.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 21,990 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 21,990 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 20,989 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 20,989 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: rsync.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn --dport 873 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: SMTP and submission.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 25,587 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 25,587 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: IMAP{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 143,993 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 143,993 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: POP3{,S}.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 110,995 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 110,995 -m conntrack --ctstate NEW -j ACCEPT
+
+# Service: Bittorrent.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 6881:6899 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p udp -m multiport --dports 49152:65534 -m conntrack --ctstate NEW -j ACCEPT
+
+# Set default policies.
+iptables -P INPUT DROP
+ip6tables -P INPUT DROP
+iptables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+ip6tables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+iptables -P FORWARD DROP
+ip6tables -P FORWARD DROP
diff --git a/sample-rc.d/rc.firewall-hosts b/sample-rc.d/rc.firewall-hosts
new file mode 100755
index 0000000..905629b
--- /dev/null
+++ b/sample-rc.d/rc.firewall-hosts
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+# The name of the main external interface.
+EX_IF="br0"
+
+# Disable ICMP redirects.
+# Note: Redirects are used when a router believes a packet is being routed sub optimally and it would like to inform
+# the sending host that it should forward subsequent packets to that same destination through a different gateway.
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv6/conf/$EX_IF/accept_redirects"
+echo 0 >"/proc/sys/net/ipv4/conf/$EX_IF/send_redirects"
+
+# Flush old rules.
+iptables -F
+ip6tables -F
+iptables -t nat -F
+ip6tables -t nat -F
+iptables -t mangle -F
+ip6tables -t mangle -F
+
+# Delete any custom chains.
+iptables -X
+ip6tables -X
+iptables -t nat -X
+ip6tables -t nat -X
+iptables -t mangle -X
+ip6tables -t mangle -X
+
+# Drop invalid packets on all interfaces.
+iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
+ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP
+
+# Drop unroutable IPs on the external interface.
+iptables -A INPUT -i "$EX_IF" -s 127.0.0.0/8 -j DROP
+ip6tables -A INPUT -i "$EX_IF" -s ::1/128 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 10.0.0.0/8 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 172.16.0.0/12 -j DROP
+iptables -A INPUT -i "$EX_IF" -s 192.168.0.0/16 -j DROP
+
+# Allow all loopback traffic.
+iptables -A INPUT -i lo -j ACCEPT
+ip6tables -A INPUT -i lo -j ACCEPT
+
+# Allow unrestricted access from our IPs.
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.7-91.109.244.11 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.78-91.109.244.79 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -m iprange --src-range 91.109.244.239-91.109.244.243 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a02:2498:1:227::/64 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -s 185.176.90.169 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -s 2a07:4580:b0d:57f::/64 -j ACCEPT
+
+# Allow packets of established connections and those related to them.
+iptables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+
+# Allow pings, but ratelimited.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-request -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type echo-reply -m limit --limit 1/sec --limit-burst 5 -j ACCEPT
+
+# Allow certain types of ICMP informational packets.
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type destination-unreachable -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type time-exceeded -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+iptables -A INPUT -i "$EX_IF" -p icmp --icmp-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p icmpv6 --icmpv6-type packet-too-big -j ACCEPT
+
+# Always allow SSH.
+# Note: We never want to be locked out of the system, so also accept on the standard ssh port, just in case things accidently get
+# set back to defaults.  Any connections to the standard port will just get a 'connection refused' message, unless this happens.
+iptables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+ip6tables -A INPUT -i "$EX_IF" -p tcp --syn -m multiport --dports 22,9922 -m conntrack --ctstate NEW -j ACCEPT
+
+# Set default policies.
+iptables -P INPUT DROP
+ip6tables -P INPUT DROP
+iptables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+ip6tables -P OUTPUT ACCEPT		# We don't firewall outgoing connections.
+iptables -P FORWARD DROP
+ip6tables -P FORWARD DROP
diff --git a/sample-rc.d/rc.firewall-old b/sample-rc.d/rc.firewall-old
new file mode 100755
index 0000000..7b020f8
--- /dev/null
+++ b/sample-rc.d/rc.firewall-old
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+IPTABLES=/usr/sbin/iptables
+
+# Flush the tables.
+$IPTABLES -F
+
+# Drop bootp ports.
+$IPTABLES -m multiport -A INPUT -p tcp --dports 67,68 -j DROP
+$IPTABLES -m multiport -A INPUT -p udp --dports 67,68 -j DROP
+
+# Drop netbios ports.
+$IPTABLES -m multiport -A INPUT -p tcp --dports 137,138,139 -j DROP
+$IPTABLES -m multiport -A INPUT -p udp --dports 137,138,139 -j DROP
diff --git a/sample-rc.d/rc.local b/sample-rc.d/rc.local
new file mode 100755
index 0000000..d4e6c24
--- /dev/null
+++ b/sample-rc.d/rc.local
@@ -0,0 +1,66 @@
+#!/bin/bash
+# /etc/rc.d/rc.local - Local system startup script.
+# This script will be run when the system is first booted.
+
+# Start the MCE daemon.
+[ -x /etc/rc.d/rc.mcelog ] && /etc/rc.d/rc.mcelog start
+
+# Start the qemu guest additions agent.
+[ -x /etc/rc.d/rc.qemu-ga ] && /etc/rc.d/rc.qemu-ga start
+
+# Start GlusterFS daemon.
+[ -x /etc/rc.d/rc.glusterd ] && /etc/rc.d/rc.glusterd start
+
+# Mount glusterfs volumes.
+for MOUNT in $(grep -v "^#" /etc/fstab | awk '/[[:blank:]]glusterfs[[:blank:]]/ {print $2}'); do mount $MOUNT; done
+
+# Start the vnstat daemon.
+[ -x /etc/rc.d/rc.vnstat ] && /etc/rc.d/rc.vnstat start
+
+# Start fail2ban.
+[ -x /etc/rc.d/rc.fail2ban ] && /etc/rc.d/rc.fail2ban start
+
+# Start the php-fpm FastCGI daemon.
+[ -x /etc/rc.d/rc.php-fpm ] && /etc/rc.d/rc.php-fpm start
+
+# Start SpamAssassin.
+[ -x /etc/rc.d/rc.spamd ] && /etc/rc.d/rc.spamd start
+
+# Start proftpd.
+[ -x /etc/rc.d/rc.proftpd ] && {
+  /opt/bin/lumberjack -u logger -z -r -i /run/slackware.uk-ftpd.log -o logger:ftp -mp 006 -l logs/ftpd-transfers.log \
+      /data/sites/slackware.uk logs/%Y/%m/ftpd-transfers.log &
+  /etc/rc.d/rc.proftpd start
+}
+
+# Start the rsync daemon.
+[ -x /etc/rc.d/rc.rsyncd ] && {
+  /opt/bin/lumberjack -u logger -z -r -i /run/rsyncd.log -o logger:mirror -mp 006 -l logs/rsyncd-transfers.log \
+      /data/sites/slackware.uk logs/%Y/%m/rsyncd-transfers.log &
+  /etc/rc.d/rc.rsyncd start
+}
+
+# Start netdata.
+[ -x /etc/rc.d/rc.netdata ] && rm -f /var/lock/subsys/netdata && /etc/rc.d/rc.netdata start
+
+# Start the bandwidth bar generator.
+[ -x /opt/bin/bwbar ] && sudo -b /opt/bin/bwbar -f /run/bwbar.txt -p /run/bwbar.png -t 1 -x 800 -y 8 -b 2 eth0 1000
+
+# Start seeding the torrents.
+grep "^seeder:" /etc/passwd >/dev/null 2>&1 && su - seeder -c /home/seeder/start-seeding
+
+# Start libvirt.
+[ -x /etc/rc.d/rc.libvirt ] && /etc/rc.d/rc.libvirt start
+
+# Start the lxcfs fuse module.
+[ -x /etc/rc.d/rc.lxcfs ] && /etc/rc.d/rc.lxcfs start
+
+# Start containers.
+[ -x /etc/rc.d/rc.lxc ] && {
+  # Proxy ARP is required for the LXC bridge to function correctly.
+  echo 1 >/proc/sys/net/ipv4/conf/br0/proxy_arp
+  /etc/rc.d/rc.lxc start
+}
+
+# Notify that the server has booted.
+/opt/bin/pushover -a server -t "Successful boot up: ${HOSTNAME%%.*}" -p 1 -m "$(printf '%(%d %b %Y - %H:%M:%S)T')" >/dev/null
diff --git a/sample-rc.d/rc.local_shutdown b/sample-rc.d/rc.local_shutdown
new file mode 100755
index 0000000..0629673
--- /dev/null
+++ b/sample-rc.d/rc.local_shutdown
@@ -0,0 +1,73 @@
+#!/bin/bash
+# /etc/rc.d/rc.local_shutdown - Local system shutdown script.
+# This script will be run when the system is shutdown or rebooted.
+
+# Notify that the server is shutting down.
+/opt/bin/pushover -a server -t "Shutting down: ${HOSTNAME%%.*}" -p 1 -m "$(printf '%(%d %b %Y - %H:%M:%S)T')" >/dev/null
+
+# Stop containers.
+[ -x /etc/rc.d/rc.lxc ] && /etc/rc.d/rc.lxc stop
+
+# Stop lxcfs.
+[ -x /etc/rc.d/rc.lxcfs ] && /etc/rc.d/rc.lxcfs stop
+
+# Stop libvirt.
+[ -x /etc/rc.d/rc.libvirt ] && {
+  /etc/rc.d/rc.libvirt guests_shutdown
+  /etc/rc.d/rc.libvirt stop
+}
+
+# Shut down netdata.
+[ -x /etc/rc.d/rc.netdata ] && /etc/rc.d/rc.netdata stop
+
+# Stop the rtorrent instances started at boot.
+grep "^seeder:" /etc/passwd >/dev/null 2>&1 && {
+  pkill -INT  -u seeder '^rtorrent .*$'
+  printf "%s" "Waiting up to 30 seconds for rtorrent to exit"
+  for ((i=0; i <= 59; i++)); do
+    if pgrep -u seeder '^rtorrent .*$' >/dev/null 2>&1; then
+      printf "%s" "."
+      sleep 0.5
+    else
+      break
+    fi
+  done
+  if ! pgrep -u seeder '^rtorrent .*$' >/dev/null 2>&1; then
+    printf "%s\n" " clean exit."
+  else
+    printf "%s\n" " failed - terminating."
+    pkill -TERM  -u seeder '^rtorrent .*$'
+    sleep 2
+    pkill -KILL  -u seeder '^rtorrent .*$'
+  fi
+}
+
+# Stop rsyncd.
+[ -x /etc/rc.d/rc.rsyncd ] && /etc/rc.d/rc.rsyncd stop
+
+# Stop proftpd.
+[ -x /etc/rc.d/rc.proftpd ] && /etc/rc.d/rc.proftpd stop
+
+# Stop SpamAssassin.
+[ -x /etc/rc.d/rc.spamd ] && /etc/rc.d/rc.spamd stop
+
+# Stop the php-fpm FastCGI daemon.
+[ -x /etc/rc.d/rc.php-fpm ] && /etc/rc.d/rc.php-fpm stop
+
+# Stop fail2ban.
+[ -x /etc/rc.d/rc.fail2ban ] && /etc/rc.d/rc.fail2ban stop
+
+# Stop the vnstat daemon.
+[ -x /etc/rc.d/rc.vnstat ] && /etc/rc.d/rc.vnstat stop
+
+# Unmount glusterfs volumes.
+for MOUNT in $(mount | awk '/fuse\.glusterfs/ {print $3}'); do umount -v $MOUNT; done
+
+# Stop GlusterFS daemon.
+[ -x /etc/rc.d/rc.glusterd ] && /etc/rc.d/rc.glusterd stop
+
+# Stop the qemu guest additions agent.
+[ -x /etc/rc.d/rc.qemu-ga ] && /etc/rc.d/rc.qemu-ga stop
+
+# Stop the MCE daemon.
+[ -x /etc/rc.d/rc.mcelog ] && /etc/rc.d/rc.mcelog stop
diff --git a/sample-rc.d/rc.modules.local b/sample-rc.d/rc.modules.local
new file mode 100755
index 0000000..08581c2
--- /dev/null
+++ b/sample-rc.d/rc.modules.local
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# /etc/rc.d/rc.modules.local
+
+# The Linux kernel source is the best place to look for documentation
+# for the many available kernel modules.  This can be found under
+# /usr/src/linux-$VERSION/Documentation/.
+
+# Almost all necessary modules are automatically loaded when needed,
+# but there are a few exceptions.  Here's a (not all-inclusive) list,
+# so uncomment any of the below entries or add others as needed:
+# Note that you could also create/edit rc.modules-$version if you
+# only wanted specific modules loaded for particular kernels.
+
+#/sbin/modprobe tun            # Universal TUN/TAP device driver
+#/sbin/modprobe sg             # Generic SCSI support for SATA DVD-RW
+
+# Load sensor modules.
+if [ -e /etc/sysconfig/lm_sensors ]; then
+  . /etc/sysconfig/lm_sensors
+  for MOD in $HWMON_MODULES; do
+    /sbin/modprobe "$MOD"
+  done
+fi
diff --git a/sample-rc.d/rc.proftpd b/sample-rc.d/rc.proftpd
new file mode 100755
index 0000000..fa5ad37
--- /dev/null
+++ b/sample-rc.d/rc.proftpd
@@ -0,0 +1,108 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/sbin/proftpd"
+ARGS=()
+PIDFILE="/var/run/proftpd.pid"
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  # Note: this has been changed from the standard 'pgrep -f "$EXEC"' as pgrep doesn't match
+  #       the process because proftp changes its argv0.
+  local RUNPIDS="$(pgrep -F "$PIDFILE" 2>/dev/null)"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  env -i -S "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  # Note: this has been changed from the standard way of doing things because we can't use
+  #       'pgrep -f' to match the process since proftpd changes its argv0.
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    sleep 2
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+      kill -KILL "$(pgrep "${EXEC##*/}")" >/dev/null 2>&1
+    fi
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR
diff --git a/sample-rc.d/rc.rsyncd b/sample-rc.d/rc.rsyncd
new file mode 100755
index 0000000..1e2cb16
--- /dev/null
+++ b/sample-rc.d/rc.rsyncd
@@ -0,0 +1,105 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/bin/rsync"
+ARGS=(--daemon --config=/etc/rsyncd/rsyncd.conf)
+PIDFILE="/var/run/rsyncd.pid"
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  local RUNPIDS="$(pgrep -f "$EXEC")"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    kill -TERM "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  sleep 2
+  if checkstatus >/dev/null; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+    kill -KILL "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR
diff --git a/sample-rc.d/rc.tftpd b/sample-rc.d/rc.tftpd
new file mode 100755
index 0000000..0e56d2d
--- /dev/null
+++ b/sample-rc.d/rc.tftpd
@@ -0,0 +1,105 @@
+#!/bin/bash
+# Version: 0.2.9
+# Copyright (c) 2005-2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+
+EXEC="/usr/sbin/in.tftpd"
+ARGS=(--listen --address=FIXME --user tftp --secure /data/tftpboot)
+PIDFILE=""
+
+checkconfigured() {
+  # This function can be used to perform any pre-start tests; hopfully to insure the daemon
+  # can start correctly, before actually trying to start it.  A return value of 0 means the
+  # tests were passed and the daemon should be started.  Any other value prevents the
+  # daemon from being started and an error message will be emitted.
+  return 0
+}
+
+checkstatus() {
+  local RUNPIDS="$(pgrep -f "$EXEC")"
+  if [ ! -z "$RUNPIDS" ]; then
+    echo -n "${BASH_SOURCE##*/}: ${EXEC##*/}: running"
+    if [ ! -z "$PIDFILE" ]; then
+      if [ ! -e "$PIDFILE" ]; then
+        echo -n ", but .pid file does not exist"
+      elif ! echo "$RUNPIDS" | grep "\<$(cat "$PIDFILE")\>" >/dev/null 2>&1; then
+        echo -n ", but .pid file is stale"
+      fi
+    fi
+    echo
+  else
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: stopped"
+    return 1
+  fi
+  return 0
+}
+
+startdaemon() {
+  if ! checkconfigured; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not started - pre-start checks failed" >&2
+    return 1
+  elif [ ! -e "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not found" >&2
+    return 1
+  elif [ ! -x "$EXEC" ]; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not executable" >&2
+    return 1
+  fi
+  "$EXEC" "${ARGS[@]}"
+  return $?
+}
+
+stopdaemon() {
+  if ! kill -TERM "$(cat "$PIDFILE" 2>/dev/null)" >/dev/null 2>&1; then
+    kill -TERM "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  sleep 2
+  if checkstatus >/dev/null; then
+    echo "${BASH_SOURCE##*/}: ${EXEC##*/}: failed to stop gracefully - slaying" >&2
+    kill -KILL "$(pgrep -f "$EXEC")" >/dev/null 2>&1
+  fi
+  return 0
+}
+
+case "$1" in
+  'start')
+    if checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: already running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'stop')
+    if ! checkstatus >/dev/null; then
+      echo "${BASH_SOURCE##*/}: ${EXEC##*/}: not running" >&2
+      echo "  Try: $BASH_SOURCE status" >&2
+      ERR=1
+    else
+      stopdaemon
+      ERR=$?
+    fi
+    ;;
+  'restart')
+    if checkstatus >/dev/null; then
+      stopdaemon && sleep 2 && startdaemon
+      ERR=$?
+    else
+      startdaemon
+      ERR=$?
+    fi
+    ;;
+  'status')
+    checkstatus
+    ERR=$?
+    ;;
+  *)
+    echo "Usage: $BASH_SOURCE <start|stop|restart|status>" >&2
+    ERR=1
+    ;;
+esac
+
+return $ERR 2>/dev/null || exit $ERR
diff --git a/utils/check_dependancies b/utils/check_dependancies
new file mode 100755
index 0000000..29e71ea
--- /dev/null
+++ b/utils/check_dependancies
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Version: 0.0.2
+# Copyright (c) 2007 - 2017:
+#   Darren 'Tadgy' Austin <darren (at) afterdark.org.uk>
+# Licensed under the terms of the GNU General Public License version 3.
+#
+# This is a quick^Wslow dirty hack to check binaries and libraries for missing
+# dependancies using ldd.  Only those files with missing dependancies (along
+# with the missing library information itself) will be written to stderr.
+# Redirecting stderr to a file is advised, since this can produce a large
+# volume of output on a system with many missing libraries.
+
+echo "This will take a while..."
+
+{ find -P ${1:-/} -regextype posix-extended \
+    \( -regex "^/(boot|data|dev|etc|home|lost\+found|media|mnt|proc|root|run|srv|sys|tmp|var)" -a -prune \) -o \
+    \( -regex "^/lib(64)?/ld-.*" -a -prune \) -o \
+    \( -regex "^/lib/(dhcpcd|firmware|modprobe\.d|modules)" -a -prune \) -o \
+    \( -regex "^/(opt|usr|usr/local)/(doc|etc|include|info|man|share|src)" -a -prune \) -o \
+    \( -regex "^/usr/lib(64)?/(firefox|java|jdk|jre|seamonkey|thunderbird)-.*" -a -prune \) -o \
+    \( -regex "^/usr/lib(64)?/(locale|qt/plugins/.*.debug)" -a -prune \) -o \
+    -type f -print0 | \
+  xargs -0 -r file -N -0 | egrep -a ".*ELF.*(executable|shared object).*dynamically" | cut -d $'\0' -f1 | sort | \
+  xargs -r ldd 2>/dev/null | egrep "(^/|not found)" | egrep -B 1 "^[[:space:]]" | egrep -v "^--" ; } >&2