From da86d2fdf50dc8b8a8489815df185e0a75cb7123 Mon Sep 17 00:00:00 2001 From: Roger Gonzalez Date: Sat, 29 Mar 2025 16:29:20 -0300 Subject: [PATCH 1/3] Add Proxmox LXC prerequisites guide - Adds a new guide detailing the steps required to install YAMS in a Proxmox LXC container. - Updates the installation guide to reference the new Proxmox LXC prerequisites guide. - Includes a note about using unprivileged LXC containers for security. - Adjusts the date in the new guide to reflect the creation date. - Places the new guide early in the Advanced section. --- content/advanced/proxmox-lxc-prerequisites.md | 44 +++++++++++++++++++ content/install/steps.md | 8 ++-- 2 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 content/advanced/proxmox-lxc-prerequisites.md diff --git a/content/advanced/proxmox-lxc-prerequisites.md b/content/advanced/proxmox-lxc-prerequisites.md new file mode 100644 index 0000000..939b42c --- /dev/null +++ b/content/advanced/proxmox-lxc-prerequisites.md @@ -0,0 +1,44 @@ +--- +title: "Proxmox LXC Prerequisites" +date: 2025-03-29T10:00:00-03:00 #<-- Adjusted date +draft: false +weight: 1 #<-- Placed early in Advanced section +summary: Required steps before installing YAMS in a Proxmox LXC container. +--- + +# Prerequisites for Installing YAMS in a Proxmox LXC + +If you plan to install YAMS inside a Proxmox LXC container, some specific host-level configuration is required **before** you run the YAMS installation script. These steps ensure Docker and the VPN component (Gluetun) can function correctly within the LXC environment by providing access to the necessary TUN device. + +> **Note:** This guide is based on the solution discovered and shared by forum user **Bobs_Manager**. You can find the original discussion [here on the YAMS Forum](https://forum.yams.media/viewtopic.php?t=212). + +⚠️ **Important:** Only use an **unprivileged** LXC container for YAMS. Privileged containers pose significant security risks and are not recommended. + +Follow these steps on your Proxmox **host** system: + +1. **Access the Proxmox Host Shell:** Log into your Proxmox server via SSH or use the web UI's shell access for the node (not the LXC console). + +2. **Edit the LXC Configuration File:** Open the configuration file specific to the LXC container where you intend to install YAMS. Replace `` with the actual numeric ID of your LXC container. + ```bash + nano /etc/pve/lxc/.conf + ``` + +3. **Add Configuration Lines:** Append the following lines to the **end** of the file. These lines grant the container necessary permissions and crucially mount the `/dev/net/tun` device from the host into the container. + ```ini + lxc.cgroup.devices.allow: a + lxc.cap.drop: + lxc.cgroup2.devices.allow: c 10:200 rwm + lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file + ``` + +4. **Save and Close:** Save the changes to the configuration file and exit the editor. + +5. **Restart the LXC Container:** For the changes to take effect, you must restart the LXC container. You can do this via the Proxmox web UI or using the following commands on the Proxmox host: + ```bash + pct stop + pct start + ``` + +## Next Steps + +After completing these prerequisites and restarting the LXC container, you can now log into the LXC container's console and proceed with the standard YAMS installation as described in the [Installation Guide](/install/steps/). diff --git a/content/install/steps.md b/content/install/steps.md index 05ebd2c..7991094 100644 --- a/content/install/steps.md +++ b/content/install/steps.md @@ -9,7 +9,7 @@ summary: First steps to install YAMS on your server YAMS only needs a few things to get started: -- Debian 12 (recommended) or Ubuntu 24.04. If your OS isn't ready yet, check out these guides: +- Debian 12 (recommended) or Ubuntu 24.04 running on bare metal, a VM, or certain container types. If your OS isn't ready yet, check out these guides: + https://www.digitalocean.com/community/tutorials/initial-server-setup-with-debian-11 (this tutorial is for Debian 11, but it should be the same). + https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-22-04 (this tutorial is for Ubuntu 22.04, but is should be the same). - Your OS needs to be properly configured. That means: @@ -20,9 +20,11 @@ YAMS only needs a few things to get started: $ which docker /snap/bin/docker ``` - You **won't** be able to install YAMS. ⚠️ + You **won't** be able to install YAMS. ⚠️ -Don't worry if you don't have `docker` and `docker-compose` installed - the script can handle that for you on Debian and Ubuntu! +- **Proxmox LXC Users:** YAMS can be installed within an unprivileged Proxmox LXC container, but this requires specific configuration on the Proxmox host **before** you run the YAMS installation script inside the container. Please follow the steps in our [Proxmox LXC Prerequisites guide](/advanced/proxmox-lxc-prerequisites/) before proceeding with the installation steps below. + +Don't worry if you don't have `docker` and `docker-compose` installed - the script can handle that for you on Debian and Ubuntu! ## Before running -- 2.39.5 From fd3c2fc8cd1834e4165dd65117a827dc3e90f2c8 Mon Sep 17 00:00:00 2001 From: Roger Gonzalez Date: Sat, 29 Mar 2025 16:29:48 -0300 Subject: [PATCH 2/3] Adjust documentation weights - Updates the weight values for several documentation pages. - Ensures content is ordered logically within the advanced section. - Maintains consistent weight numbering. --- content/advanced/add-your-own-containers.md | 2 +- content/advanced/backups.md | 2 +- content/advanced/lidarr.md | 2 +- content/advanced/port-forwarding.md | 2 +- content/advanced/portainer.md | 2 +- content/advanced/prowlarr-behind-vpn.md | 2 +- content/advanced/proxmox-lxc-prerequisites.md | 4 ++-- content/advanced/readarr.md | 2 +- content/advanced/torrenting.md | 2 +- content/advanced/vpn.md | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/content/advanced/add-your-own-containers.md b/content/advanced/add-your-own-containers.md index 7b6fa41..f8f1ee9 100644 --- a/content/advanced/add-your-own-containers.md +++ b/content/advanced/add-your-own-containers.md @@ -2,7 +2,7 @@ title: "Adding your own containers to YAMS" date: 2023-10-21T21:41:29-03:00 draft: false -weight: 1 +weight: 2 summary: A complete guide to expanding YAMS with your own Docker containers --- diff --git a/content/advanced/backups.md b/content/advanced/backups.md index 065b0ba..696a7e2 100644 --- a/content/advanced/backups.md +++ b/content/advanced/backups.md @@ -2,7 +2,7 @@ title: "Backups" date: 2023-01-17T19:38:39-03:00 draft: false -weight: 6 +weight: 7 summary: Everything you need to know about backing up and restoring your YAMS setup --- diff --git a/content/advanced/lidarr.md b/content/advanced/lidarr.md index cefbc8a..b586ca4 100644 --- a/content/advanced/lidarr.md +++ b/content/advanced/lidarr.md @@ -2,7 +2,7 @@ title: "Lidarr" date: 2023-01-31T11:20:14-03:00 draft: false -weight: 8 +weight: 9 summary: Lidarr is a music collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new albums from your favorite artists and will interface with clients and indexers to grab, sort, and rename them. It can also be configured to automatically upgrade the quality of existing files in the library when a better quality format becomes available. --- diff --git a/content/advanced/port-forwarding.md b/content/advanced/port-forwarding.md index 936295a..793b5b4 100644 --- a/content/advanced/port-forwarding.md +++ b/content/advanced/port-forwarding.md @@ -2,7 +2,7 @@ title: "Port Forwarding" date: 2024-12-30T10:14:29-03:00 draft: false -weight: 3 +weight: 4 summary: Everything you need to know about configuring and using a VPN with YAMS --- diff --git a/content/advanced/portainer.md b/content/advanced/portainer.md index d9f8ade..cc245ca 100644 --- a/content/advanced/portainer.md +++ b/content/advanced/portainer.md @@ -2,7 +2,7 @@ title: "Portainer" date: 2023-01-30T15:46:05-03:00 draft: false -weight: 7 +weight: 8 summary: Your visual control center for all YAMS containers --- diff --git a/content/advanced/prowlarr-behind-vpn.md b/content/advanced/prowlarr-behind-vpn.md index 7cdae5e..7ee2af6 100644 --- a/content/advanced/prowlarr-behind-vpn.md +++ b/content/advanced/prowlarr-behind-vpn.md @@ -2,7 +2,7 @@ title: "Running Prowlarr Behind the VPN" date: 2024-09-27T16:44:00-03:00 draft: false -weight: 4 +weight: 5 summary: A complete guide to routing Prowlarr's traffic through your VPN for extra privacy --- diff --git a/content/advanced/proxmox-lxc-prerequisites.md b/content/advanced/proxmox-lxc-prerequisites.md index 939b42c..118abd0 100644 --- a/content/advanced/proxmox-lxc-prerequisites.md +++ b/content/advanced/proxmox-lxc-prerequisites.md @@ -1,8 +1,8 @@ --- title: "Proxmox LXC Prerequisites" -date: 2025-03-29T10:00:00-03:00 #<-- Adjusted date +date: 2025-03-29T10:00:00-03:00 draft: false -weight: 1 #<-- Placed early in Advanced section +weight: 1 summary: Required steps before installing YAMS in a Proxmox LXC container. --- diff --git a/content/advanced/readarr.md b/content/advanced/readarr.md index 1c62748..6d9055f 100644 --- a/content/advanced/readarr.md +++ b/content/advanced/readarr.md @@ -2,7 +2,7 @@ title: "Readarr" date: 2023-01-31T13:52:34-03:00 draft: false -weight: 9 +weight: 10 summary: Readarr is a ebook collection manager for Usenet and BitTorrent users. It can monitor multiple RSS feeds for new books from your favorite authors and will interface with clients and indexers to grab, sort, and rename them. --- diff --git a/content/advanced/torrenting.md b/content/advanced/torrenting.md index d9403dc..1fda152 100644 --- a/content/advanced/torrenting.md +++ b/content/advanced/torrenting.md @@ -2,7 +2,7 @@ title: "Torrenting" date: 2023-01-16T14:48:14-03:00 draft: false -weight: 5 +weight: 6 summary: Everything you need to know about safe and effective torrenting with YAMS --- diff --git a/content/advanced/vpn.md b/content/advanced/vpn.md index 09bb078..98867d8 100644 --- a/content/advanced/vpn.md +++ b/content/advanced/vpn.md @@ -2,7 +2,7 @@ title: "VPN" date: 2023-01-15T21:16:29-03:00 draft: false -weight: 2 +weight: 3 summary: Everything you need to know about configuring and using a VPN with YAMS --- -- 2.39.5 From cb560afc06ba03f5801954aaef52c02d4a92e660 Mon Sep 17 00:00:00 2001 From: Roger Gonzalez Date: Sat, 29 Mar 2025 16:40:35 -0300 Subject: [PATCH 3/3] Add example configuration image - Adds an image illustrating the final configuration. - The image clarifies the expected configuration file content. - Improves the clarity of the Proxmox LXC prerequisites guide. --- content/advanced/proxmox-lxc-prerequisites.md | 2 ++ static/pics/proxmox-lxc-config.png | Bin 0 -> 18590 bytes 2 files changed, 2 insertions(+) create mode 100644 static/pics/proxmox-lxc-config.png diff --git a/content/advanced/proxmox-lxc-prerequisites.md b/content/advanced/proxmox-lxc-prerequisites.md index 118abd0..ee2fbb5 100644 --- a/content/advanced/proxmox-lxc-prerequisites.md +++ b/content/advanced/proxmox-lxc-prerequisites.md @@ -30,6 +30,8 @@ Follow these steps on your Proxmox **host** system: lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file ``` + Your configuration file should now look similar to this at the end: + [![Proxmox LXC Config Example](/pics/proxmox-lxc-config.png)](/pics/proxmox-lxc-config.png) 4. **Save and Close:** Save the changes to the configuration file and exit the editor. diff --git a/static/pics/proxmox-lxc-config.png b/static/pics/proxmox-lxc-config.png new file mode 100644 index 0000000000000000000000000000000000000000..91dfa537fbe9eb9244bb6b09d4a993ec7de1c797 GIT binary patch literal 18590 zcmb8X1ys}j`!_$xBu5WXK*uiZ5$k2B^;b9 zRM+u=SIExT`hg!;+_aVDa4H8FH-IO2Hjke^#=)tIyK(yR8t|O(m5QMo4i4$p^M6;m zU5YJna8!g;6&~w)nWAEU=66YrtgTy{k zIDZ_3W3sV$yW;#O`GFN|Dhc^CV9UUs>oEP4S|9b#CoAlC z?g0;9M<@fW6V|7H)z|2QO7F!KI>-Yr={G*x8 zjb`}*fitG})|`LKy%SMqe*Qh;{;YiP60pT@%Y~y#IDu%&MiKfH%%A=#VjS#An6$+K z*=bxh&e!8p6eOf3_~v1GKd8adn)@p(kcXG4ubhq0H1M=p?A_)4tvd_xpVT2S8dzr= z4a_OR>y%oYOB0K^A&WUC(09Qkp$(s!?tX2a`jUNCHQFuiMrTrHivMS8T>PEn#iB}Q z&CEWS*Gy)L<9_&sga!W0=6kp{#f+_Mhk&2=PT^RVfq!*_j|dEsf9!67!Dh}ebbz`1 zS;J1-{W^umnP8KqVfx-*wx)z+0{I@$ebpebX1&<6TeRXLzGc3K%djEV&zR#hJCSsQs zPxJa+f&0ZtDS&SLhs|GXJvR()YH@(U?6|O8JomkxA@KK&?x2g`CzqBYjlQto^~Hd` zb`^VC3oVXCmt&(~xtGMzNtjzWZ?vvO3+Pc1eVLx{Vf_B~;{Wdaw7^%|qD$yc$8N)G zOw2QOv`z-)A5r5^vC1c~>P06{p8U9zQzOv>4J5r-o4YJCaEq(K(`Id&@qH5*wy-g- zXiu(|Rm`o6^)#`2nT>IiIOIKYsWWaR9-t*L9E=v;$XqcCG&OomO^=BbC_xBgCZ5!= zBDM>>0u8r)MP`UdOyG)YWu~U78GC7g0XRYKruU4G*1{OIEka1T%ImCF2t%DX(G|tW0_)Ua^m?`!9K-j6 z`=ej9rOCogT1q&kbK9_jVWXq{TRl`q`*NwdLrOCUmO24X`YFB`fmJ0B8-7}1{C8i> z_-W-|_R|s;-&4$*7UJUc1Yz26yei?MUzv37q~~Ok8NtlMRK*->vka|N-|swWaVn=1 zyF6_!2Q%SrOWk`=ULSJ%QDe+4i?f<<=1U7%Msi`5hLNwPM3msAaC+Hz-xV4y1~BK` zt=?^tQ5%P+pHu{tnHsomUu-XcXh2&M9FeTAMBPO@${j;_XaO?Y$jDC4?3&l-6QI=Z z%DL~EvzGUjFG`Q^x>b|31Ivu$G+4|E$@gQl6od8T%rah;91pSza}Ip*q#M}J#kTy_ zSr0#5Ml!x zI2JD>e=af{H!mr8V0E$xu#CqEfHg2OUVN7HRnlmCxq^1<=#_dO>lpZL{?z8b=7ioL zi_TcF#8=`fmXn{h%ipPIz|G67nD8VayrSoB*POqz-$hFmv_Y3c#2%whbfVIv#UxPQ zD`4$_rVDZ>UG_suTrBA%b~Y$}jDHHxaD?*!ERR>2!^tv?j3FxJ6P7HDWwfy1LHy!<;6T(&mob09UOZ6NDGlmOGIzRb8 zvBRJzUVJM9sUG$gEy2>NHCc@_qi2k%Fn1&n51tLaijmN}IQ|3vjG*BYn}|-OFRf3M z<)F~Y`Fp)<-oLx=%iUG#dMM>EepEL{9stfD+Dw^7UwqM8T@!yhFbWgQzce^wFWyV*Z z!4 zlEjPL0oT^<+4q*m9P~^SL~#h21t+U;Sslc?=Sbn_*`>?TS&6+J?P}0YWtnbF)?o1Q zOntd6U#yiIuzfH^c()Fu|IaBd;V%+LZ{92w_rAyFfn_zY$L5>RZ{)`-g=sVtkY;T& z&oJ>Ci-oVdL~++>6<#OCIXhb#2_hdNRoKR&de>#0vmTc91$h#O@t0mdpuA~f4fX@y z^fY>9_U*4nHz+f{ctXSWTk2XNmlxrfJyG;3=XTlitW04p^$I8G@6e~aM#bL+U6Q|l zt{$;`ZWcCP4aO`_XwG-BK%R3hOfv&|Qsh4va!XL)Ew~5(O*NDR zO5;CV?dLw^#Qdfh=d613Kzq5Qb?)KgHs}{Yg9#xozou*!bn(pZfKEY_<6?AXnnM`r zH$~j1=hu>ZBSW0uXvssiy9;X#;-CsCwGmuRiGDJPa=vN*uCv(B|NR*M5psRotv%~* zJiVc=Qhkabt{inMU6hk)ZXasEt$1|aGj!?1%JUDxpW5M+o5s6J=p%jEj3zb3xzU;M zuCCs|9CDsn&UUi+~|Kds6BrUK$Fk^k@o zn#88|We?)Yg!41X9o+r~V1%Og-dRn(4=!S=3=3)WdTD+=QaJgZrp@{s$NLMjPF&Q! z#7w^4|1Y5MukSz@XjMrph>7lJ;2m63A+aE0+>yMZC+rpZFu|Fh`Qm($B@DC`HY%bn z16}EfC$0qMhmUFrdCHjOE7IiUjAv$t-Ul+-#m>c7CQ5!~ReR5Rk)vz&iYXLUvW zz{HhvPWe4OTYo%TzuA4oEc)_7{WR#)R;PE+*9JvTtGFtJw+ug8w_}WHUd}ef*;J%kr#ZLN&M}rWGT{V8*jK# zZuLSghabOCORKwQH2+~*SZHN(f}I@?m)l--a=MJb`nP@77=ot&n53Vf#{>#trL&ldzE!Ulok%jTbfYis1HlaAR3TSXjc$3r1(D_W z_6`01>T0UyVYlY|J`-nsMbRGvjHir3-FS^69QKY?jK+tTNWXc5B)Z2WvdY7=Z4hBc z9OPb&vVQmm@j9Ah#JSMASt0bJ2s+_q&~5#-jKky|Y~xCa6l6O!i+Y>d?$O8YEqa`z z@4aHDj>#WIShI@S$9@zUO^c=#?S?7Mtk9|^h$Gxh9QvB-T#|T_mgwY+FB7zXYtV3A zxy{bD8sKXC$zM#=A5nAejm^VT)kdbbyjynhgOX=hpw^|%ytR(bGFSFm(HDt!826#8 zS*>Ey;O}4A<2OR644aA7i*uoPPU*=UVH#Zpp2#Lq+t?q)3eGVv0PHy2Tx|WF9)gw- z#Z*h=Xi=4lS-1mG#hBYbV#KtK;^Y>zXP!6y3sX2@G1Yfx(HX@H1G**+fUu$>b|9*% zso}O?*Q?c}enN|bf3wTCsW1j_6S0G>BeDwq$d;0vsl+krRJuo&)XfVO=(5#YGsN4o zJ+i@?(B3Z%I59jv+}ncJ{h%A3F*JyMkpElfpl4}pP#d+7<8I_@711Adj>#@EX<tsIp4;TZ~abV-lI)wrDkeVH}DM{fh(R6+nO)*kY@5M3Bhyk zy4Td?X{Jkyt7E(FOPG>0@tWTzGr3j0JTg~e!zC$DaRv90J$v@o8IgSG0$a&gzgxd! z&*B-OUc-v?u%|>lz7)=#_X9!xF47{|W|q=;INNS62fE`<0ED08=&kF2ucuQi{P1ctQZlcyJXx`r=Z=RgI7j^@yqBv+OHnpklFyhA^iOVl z=lbzg^2o=BEtOZy;#&M~^l7L_X$EcdWC|EP4H}+Jo1^VhzLU8fADjGnO$|VKqAGsy zZ5)?L)(A0Uof+P$>6nZH07#~^SxqEBdpsqS5?I4*>~i&Lv`cC%ckuQJl~T<0prCr% zmrZ-l?RTgmg_WmGEk4{ycf9I!5&jgCCC}*dUaw`8Ll;S2@7Oi>Y4MtF7PwRJ-7qtV z>8sS_pek%?lza7t+DKF^yI~74AykAIF^Pc2i0!6pz6n^Zwc~KOyrtO)+`LO%W_JT{ zo}Nag)drqw|5zHV(p3PqfeUS(d%eRgG59id@5LfL3xGvWG+g`dC>3{PZcOpUFHSZ2 zWxRP3#I5_u;%(lik=CqBbY7X)*j3yX-A$Vp;|STR!tPW~{pJlQ85MyKOb*`eEo$~G zwg7QaO*?12Zg`38UC{5eg45o9p!rjhrRet6nVI6sFOnZBIUyhKyeIeU~-=dits(kGf^)h(ByKIgnv=BU)3{C;#?9xNw0 zz372(X$WFC+IU|$h^*V%VzMxBN5D4>h8g{oK}F<{m14jL*NcJZq_dE^Q+l^fz(_Q% zU|5NPP6f3hXRiZPiJ0=6O4Q6lymF~>y_o&%`}v|>v=&5GA9$lFf`kRSpIgeIH{2SY?w2Yjp-}`4(7gKXC1ZZxoT))mCk7%T}8IsoTb8V;f=%D;z=+ znD^<K`Sqbh;bPy+1hEDo1UMp%kV5e2hfY)eZnEN&d zm9B|sbBn$lw59dzhqImW8SH6e(|tmZv~j9DMe7yn=hZ*C?fChD27wKC>b~p?gzxxF zldrqSZrQ?tF?Cq4YXe{TkpR9?Q(SYPc;M-aal-CN5n^c099s_J<4!~Aj4J24sUL3p ztb{c>K=9|tQN;FWF)DcV8|qPXb4_ECzu~98BwMILQjvz#t}o<8f#w<9cm3=qo<`~^ zYJ4)_c!RVJ%P8J;Z{FB>9GOfX7@&Aif(nE?Fq{3MjVed~ujmGx3Dbb`C;Eqm5Kf#e z!?&!dK?|}s$@Qj#hQ+6TItgE^##61nqEE*Lyro*jAT2-PlDkp)t#(ddS@iKLIDFx& zr(v>RkWW_q%9Pm(F=_r$Pde*&w$#JN^8Km0W z$|j;N`q&!5)xX9L=3>_!Mtk!0kM7{Tl9sRbslntu0B!2Y*}ogJPiO6qw~oRPAf7q& zjof|$d=zU+MOlE;{F~RwMrW^1{{(@5*>o#2%EqrmID9?%bDc?9BGE$qS8QTKY^6~ocgX!mrMnMrgH{}0m4SIlB2K301({MI1$ z)_)Ff1eqM^3mhINPK#5Mf2o*cc?SIFu7GFk0}xVZh4{>WHRXe>1kSyC^gnqExY85j zrT6woWXW2hk{bLCM4=SNa$KM*!a2!Sk3q>O*Ghkbf&YE0fe`NIQZ{Yl&A$E?J?{olP_ zQHBBca{1QF9in@r4jv0_S|7=)d9G5r1hn7&_|Rr`Wj7-KktA~tx0;#ovMrX@_^61`!R;6=y123ek)SOP-+a%BQV2Ndx#KA%31Psx@0(9N)w5@X zw8fhA@gBV_M-pa(zN#^OhC(%6gY(3RZ>InBs%`Sf2UPWc<||UEQ_ZA1U3cOR zAkbiG(VO;eW>eFz9%>rQ`vq%F_POcu)ieZTo?_hAX&L-oN?w#LEHS!#O$33IYt?wt zue{UZn9l5Cv~Uf6FkKKgS4jj71Oon|Kk0|m@bDM?h^D9`{H$q}>v=?2CDbrFqn%1EQdpTi!tl~DKtiz6+V*Jit{rR)8LPLa{v^$1s zGf8%t@6$yuibikfpi_vPprgV8W@~=6AUT0C8T~ZVdG-Ul1HTS4l{|S!5oPZ?Gw>fs z=GK87vaV7O!tHtNhj2tFtHIO>oMjiBWj^!CWH68jWDxZ5na4ckh8ft%Y`s zTce={S%HFBT879WKmP)hk@SgC>|haSHINEg7hhEV;7(WJL{3YvWnd(`-a`3?= zdL$vdXHBR}Wcs+KvlYGdu>S5jG>|dKsQVBb-WGOj8N9~=p{_Y_kvI+TFZ9HePKGKd zxVshg(Ke3m0?7c#Y6}nkWbLMW2|VwXc6mkTGf^#`oy{=|U19@iyubZ}+_3+S2eOm3 zILes^3p8WT6cys$AU(RP0@iP!e+E56sjaRK@zsnT=Z6Xuq8xT#CLe}qb$$Wm!vI)C zi@X2wTEpz&%x<-e$CQtrYwPPkJi@t&l_3Ie^)yPAfI!)d1EaQ}6u5zU8YH(wt6h@#GwsK95D&!^uR`+!r{s=_F2{aM%(iY$yWgQRX9iIY^@}1WwS+m5#Y^j3 zA^fGZ_Q^nA&TWKxVMLlMTax+yj=d_#2e%3 z{CG!pr)d175AM`gMV`p^;1q>}t;#-n>r2v#%@`>ncXbDSSv&0pvHo4KaBxZB=rKN$ zJ-d}e)*^L>THb?sIxyr<1074wZbs1rnPjEF49-S{@>}K#rr%7F>2bmGOm%$b{#}?z z*LN~J`xV$RizsQ)37}2?*0M!mXYKd8`SdHGu{QOyV)pLSgi@YFydU__r$*_tzvef7 zWV>hz9Fc|*e!QA4kc3!l>)Iks>6>%MxpPRAH%A0n^K`sed1wmG0NHZo?KIh`ON2i{3p2ka zFrN*iCtIeR8F;#B;USyDXD*K3D{7meNeeyLoTM(RG*0L3n;Hyq_e_(EIC6zTf;?k4 z`I=kKv5V%zzy~zY#k!N)d4uypp}J@JgG4UOyhmz?W-fsUO-ok0R0ZD?QM}Cn_gb&> zM;u8U9#X3djUj33U#23rV0dG0vF~zen0%Re-(k}ePVn~b}^%ec5A-^Iwt~#exsUp_B;LfY8Jj~ zimwuYKy~s+LLRILgj)C63XR^Xt${7`r@;P?-$`%3Tc{`5I${uqZ1qf!bq8d}@eTeS zoNe%|N4J16qbp*cA>W&zC1EF96g%3IcC`Wn!XFY1>fPJ`MrUnlZEuwtMNoF5?u>ZPSMdnfM#8K-;B5eti$ z&3b0u{Z}B}UcV3PC(RD>XmFTmuP5}Bfr4+4yTJy^x@tCAtSo3EelJz zzWw4E@L=I4=)zZW|IFLrL#`XJ`M6dYa}>3kBXI%UtU&;=$5UGGxCW)x+<9>5$w3-A zvKX!E`bRp4vuxD)3up^K0ZNUWukByl_D8z9w&P zveVZg0Vn03{$G8taon1atQ^s(h(|uB{<$a-T~rFDiT^}xqvy8%gsorp3<#JxEFUYdvEus<|{^wj7;sC~Kkdv2S;aXu@Xwq0v;inPrxF8LAeuc5W0 zU4)SHfZYOvo)5m?S@Yf?Szq|9N`XwDdQLHj5lfr7-?c$%($AWu?3@j;!9cso5sc%Y zaZC-=4(cz@kv}SiVt{;EDtetQddd;j!#GSc$-<{RPV;4-aQ7&5xCW2E+j6;n?We;r zy?I;=*Ipb6s?NXSD8fI0q_FDtI!b4H2;}+k>HFKq_ZNP)cTklz zW%NheuSfMZ1ekOW2M~sI7}}?tm&#lcJI^8CWm>&K0v@p3*K4Gb z?gdJmW2p|_OvB#m=|}F_4~(V1=!b{I!g2Ube6}8kbXaGx?AJ7XKj#-0jtGnUJB%FK zx&~h_4pgfkOu_>mKMZpe+V17lu87xA+a4@G(3{?k4De-k1>l@oG#j5c6C&OT`u&Kd zTwmt{LUpjtw3m5tudP7?t1eG6m#}mQDzj1+62`LdIzlZIQt6)-+n-=`JJvq zQ_xoS{afjaaK#s?$Z;8C?iw+51bH<;h6Z-19*Eh0{pn-kl}KJ<&^mRGIEj5nNNjp| zKl{cJbvZhw4o*AeAhA{Vwx7Op$X6yAHbFkn^xA^7oXq3M$2;cd@L{JsxiKG1+h}}+ z@2ZcmM-6so!t=y1WX4AP*Pg`4fG7T8+O*l+B6KvUt#~x}BxmYl5~j(uxzE(l_-rfi z?WxH3dFzTz$=Zz*C(5QdConk2Gd8;NZqwSmxNL{|mta^Cszir*@Hgt+bWWh{Vejl< zFEXmsY5EMlf~?5%tX?%D=yaB7ID@i1Ca8>MrymC!JSq!nm0(Iqfje}s_~aR0rR z*XgxBilo@Sfxl$2L=SoFx*STKEn?n#T8yBitU7E`Vwk=wFUBvPBNZK((eNRbY06(v zZUe$_rVSK{JA%2&s6+Gt+6;6vfV&Mp&I0{nr_^b(`NtKLYc|oe3lg&>#sjwmfX?oc z=x=ISmmR}Zzn!ft*9G5eNoZd+_>OTFl15dUqvN7ob2(01qdW(u!$q%}0a}>j!*2H31kg_$G1-s}FeaNExafSsJ)8fkHil`2na`;gb($cL zm;DJmikjqV7MlPoqt2uQn{xH&ZEhXR*DxcGmo6J5Ua@1V_XSGFR z7V=;gG)~<^H2~SxhjkcpEMk1i$IjNafvl>;upz}4Qy*AhFeZyED@cc!D3!D#4&8DB z#EwJi6%{{e$Waeq-l2DU7!x(eZ#m24G==WbPtPyV{L}jTJ$bHa$WN3W`AuQ$@Uzw= zw(9Y8zZ_60ey+CW5aj;+)!q(k5R9NGo4Z~j;>V&JxnYd|uw&7ux;r=c`}HRG(~bHq8QA{e1>LJamJ9p9 z+u;j{Jeq)l+|s7Jf0|e5LsYUaXXdxwtCOwMd3Qeb$-he>XWKs+d>uCSK#gG@2btAj z#T$=2Tf1zf3w_2{GPd+F(+5)Fx;0Sw`NG#7_bFC}3}IsvhYB(0%{9HN+7RCw#q$t@ zW%(_*kVh|DaZ&bygjlH}=j&8xOfB$m(2SpLa`TnyX&dcu)D3nHb#D@-`^1))7z6#j z-!sQa=nFeL;oWwKPTLB3vE%WmUqqM`*_3Z)`bF4N66>3HVnkaI-Q2xHpU;->NrAU- zzbAw_lw}XCfymL>txP$NRyWBMkMa#x`Il}%X0dfMb3E8r51Ho-KE?jaDds6^lSS?V z0;0Io9VPpB!l=sL5*u&Ry(+($OXC>+nCTHStVbB)eiGUTlD{;0cXnoB{^~$K4r8-m zPW}0QhJ4ZQxAIP6-R4CeUNRsC2b@VGm!A-jPnPx%V=wjJ8T&S&9Ib=E=f{twUe5td z=XFbvrJ3biXC*0;%~Ju&e%OAS0T?96 zy0Vo78^`Tnc13G;Z{gfBXrY6a^<$aUR+Cc-B zIw#Z=FT^S{sfzFEyLVt%QB&WPYGU>!SsCX++4YuEx&I8_`epTaKSJ#Kw0Yxn zPHpz#Mf9o!&=+=`heE0FBA1HFq^o+ z98H`oQMj`sKv`)3_DQd4rCVnTca^4?=Ix$%a}x(|MB+UXv4&$7Ii3^n_!B*d=OtLN zHtW7h0$s-Txp_#P6}Wd4=Nc6b^Z0GZ0es?tYHdMtpXp(= z+HxzO+ZwwcBvt?MQDw=jK2ZxTU9r>)*oL(h2n!q%)q-FZr2&&0v-h8lTY#H4cn%{< z{M6HM)j~}~Whlf>O-*YBIrGrpCQgkCqaD|r{EabgwcqERX zr2RfMV5@w|lR5jRIz-2oBqh4X@2q`y{`}&}CT1>wq6T2H6HiWPuju7}*J+mG^nB;= zqhm)8(#G=|()ZOPPR%VmC0e5`*72+f_ZHuKoaOT<8#tSgJ5>Gon6=h)Qzt^Y3!t(s zamxo79FjESo_C2=n(Z?fqQH_yKWXl7jY7hw>?2$2r+rA*pL z!q0=7iKQ1f_PA9my@oe7wiGTyuxe+(R1%-rQX>+WbOQ>@@3Oa-#=p18l+LE`%c`xr z%*$D95;Q}MejTankUvU+-u`3iY!6WFHd~Vwm4rWHnReHnFR^R8;5_&wTC{-2x=CA8 zVKW{hI6xPC-gPw5v=w7dKE7T;G9sloLi`|DZg|H%27boKfSsfy>Wp|N50G(=Z@E>c z9b$qXWSkJ{9YDVJ-Qoa?@rHqL_x)bw%}CI=WwsLT+gICxA|87w3($b7>z7#wb)wOuGCVR_Si-Y z_Cp=Q0%iX|6JtxzuhQgu6HhJ5Ba1Qi^zEik#>!BOo;yG*kzFH zVFKq)5!aL0Gh#0zfJH^FuAMY0OSvM8+P7;ylx=L zdnDsg%zXv0+;KcS61eZ-ufL+nuN)rUn)6V+@5yNsb)J>iU0?kx8vM%#t}p&qZv7%5 z4S)4}9~A%Q0daJd{8vooancxnVfz>66dEGM^zQge2LHfH>N}w3ng=RlRwr-SJDeUO zld5jp^V=k%gqi(Sn(0!4>VkiD;cZO>^t2?;2TQ*Uct^}G=uj=(h^3>rdN+(LB6qX{qK` zA2%{u&Xt7&!ikS03HDmgF2#!hB0KFW9FAskV!&#AGw& z3g@Sf)gWyJKSH#w$7FM$y&T{=DD&sP+g_@>AmUdIVLO}E*?DOjPuw7<7vSLF{$bKc zh0RXi6F^MjP^4e~{ph|Dl2{+__y_ZEo6WsETGKi&$b%o4 zRTEaT+Sx<~Kj1Y@xI{h7+Z!7{E@U47Wqtra<@Qe`KwGO&E7zC%181~=k&#`#=l)QS zt|5(5#Df?>^;>$fpaGqWEqsBH8N3d2*6nS~^22$OVSPL08}=Zzr`NLL?U7!^4ntW-Z^ zf#7SW%SCJ=C4(PCC(T(rqIZf;)UaR5CokpiY8ZTM4-o6YAI0vdXO7K;F?STpF--X} z;mf6VG|ZHmG#=9SvEPdU4X#SScuu>!sFWgl_ewVHqK8M0WuGH%SMJ;0tuxlg(IX() z-GBL4%*@}WodNw&Is3A1ww?^-gY8KMDiv!`Uky-$XudyU6FH9|VhGN9HA@$r{C>xX zb6vyt@;#HVZ~Ig!m9wc?<5aZ$qrRf*zkHVK`+ZkIHB_l&qO>y};;&->`3xW^arV8q z>`2e~b`H7JFpUxAl)keyUg!nir-HL*b!FR>Y}Ra1ZiUn?K^ML>DPVd}cc$l7tLu{C z@y&A|8Lnu+%?lu{t+_Ss@o36?nKeSh5pN&kZe*T4XYO6q zwG|i}1HK&x@LO9&6MqbOcg+o6*q0YhEKT~q_l5S~(n`N3*ZSqJW%4e+uoyF?)ZzLN ze{{&z@4?$es{?|MzE~J3w5wFp_B2{Du^BZnUfu*nQI0k1m$Zfc2!?!#_`%NhR6G+b zonQc!qoZzcwh_kI0s}+nwd4c=fMRSN+ zmY4P+3@6t4y!<}5m>c;rRswI2_M_%NF-UdK8HU=mnldhY-zR-y&WOs}cC;{*y z>RAB1uA^CFRiFVT`vH(gLL2EW$BRrlpC*kAqdG2iTnBR|0bSv3+4D}FxEDrt@bSN9 zm2**X7xty;g^?o%0meDVPoQ#K)0JZ{rLx->;P?y^PPk<%}3y}I7~fj%~vbVH4R-pOL3?< zD0>R|6e*PSKyldu`^i2>0o`EY!B$tN`{WU|iLZ^7QTjkdUTcLd*HoQiV)+cDnM{Wx zWB(y^hpaPndSE6_N5;GN8}X%M&1*V+<_qo7DYB1CZF=$KF~P{~mE=xYOeNxb6?q`Z zbEicfu;WPBG+R&WmImN!2iO0)nm)j6I_2+YwD!~H6IBb8)<$-K8Ysv}#t_*nE z{b__YgN6Fb54-ziy-t7^E$FWqbFiGQZTgC?RH4T6tM7e-7Vj6&4G6 zj{NZ;#AeTgwhB8jZlJ!mg+GX!EA)T`_quWC#}BmS4->>eSPmmqg!~;<^3p9TcZy1H zmo^5y#`Q$UZ%6A^otSrIMHVMgI1{CpmhP!$;Y0wt=6l{92p8UNI;hhJa#~K1p@g zcPrY07ps}e;IGnBEWXm?s5%i`fmPdK_Er9lJJ>%hL=gi)C(VBB`#N z0*i^)EL+E(tDM5}6!Dra0LW2J8o6DpW421LYh%0F?dh{wLI&r)~GZsjcw!sFXdtQ9SEkX|;<-8-w41XIdl9Z-COnQN<~G z!bz6dnAgj3=2eD~*I!kglI|pK-aJK-lAE~$`>RR;`vgOF-`2hk_T@0mK#Tnn0%C-< z)d!*C-Fhhgo&cM7^#)aumXa@fBS4Xto%nv@U8M6!Ze7uKYMXeJ2bT&G#MOU@e>6Ur zw@Mc5ONc()yib_*&F}Q=j~%Yn&PTtyaD2w(M<2M{nT zcmDP|qDTLcPqQbsahKdsH|>5Ns$V;oqIJ!5PrzEtu8Z2r)M&oZlSpe=bW_swuee_BKHmvsys!^PZK{v!FTT>P3c~)V;`YAcntR zGyD~h)mrk@l_kd!>W!%(TbPBNl2Yq7sC8Yt_F8iMPZ6dPY0Thp?MKx5O>&DF3m^}$ zx~LX&NrlsnOeVFLQ&XYoT$fJo?7`zNpbr-#XOg|=>Ot!-R-S;k(SjR#C|~mO90EPo zRz4q^^1+I-vSmBPI*vMNCIAyF44?lmI7uI-;`DyiE?GH^rT^Be(z>j1HS(h8bY9st z9v>Be=6rv=eS`R5n4mREew44IxJxG^yV7?_6D_f-W zLS|&Wl=T*LTaFsQStyv?M)+yPne7zVltbqrOLii#gJaG`$osHWBbDx-rk0X=hPcJp zO_ep44_1WHY$@n;q|$|4IZJ@3-}Z{tyt>VlQi}hJMFL=8;G!!Vpjbo}4UDqzku$_~ zkG~c~o}?ZQQbfhTmeu6Y@VirRj%&_7(iww{iO&cDwf7iXgQZK;9)uvlI~Doch|k4= zk$3Q)VJa8SIY7Gts4ivwa^BzDN@B@+W^HP5aewY?ew>-x5Y;l_-j!{=ZdB z7?w1D-mt#tszxvV4}OH+)eTDapPfJb$@M4FitQqmlxl$f0g3(oXrTR!KV=@gQHo_y z&K@`5z7R|d8ywyIM@t!dd?a+~3kvf8wO_X`3|K6NZ17_K0Z@>&tH?3nS`ZU!2D+$m zP&pZcHU`|DW~E8f@U5oAsqXiyO25h=D*i>(?KZY`&l)6PcW&vD^X;}Vh6#66wYQ&m z-7rb~Ut?MZ;y!;fBm8_gPsl%eAu~o|)nde7N88|ClyLV>|H5SadBGC5=7#^?6%v&K z=o`*w0jhy%0)m@B2?p43zmP-A&YK^zPn8cACu;0p0k{YS6$$Qe%QBycO@gO5y%}R3 zCJy&C`L@l)Mgq8U{Mxsm_`3XJ)5`n0;1)?2lrh5LkQC-uis6Q72S|`qU?u& zA$*mVGGD%fowEs)Pr5g$51YcL0Bs2^E|Nh$V7eX*C=u2&Q24w)fFGaeYB17P2;AUh z_x;LN)wc1Go-O^3T3P`&;fQ~%BGS?7k%EjiL%z?n^B^0Y{wPJW@P zs$2e4hXkj4GL?tZSY}G4fSMNvFz=IKR$sYU=YtD0cU+B&!&fYyor&mXZ3YKk4z@KK zLpaV$(|I@|Ntfid?2J{Y*oVmi3+`u`{0@zsuV2)y%?xt!X+*C_4erdsJI9GzT!;@# zviJlvM7rLSkmL|qL<7Z{lJ`tL zAf-LSN{EE+$19}ljPPt)$b%Rb<5 za@Swc&*bl9#%U$p=TH0j?b-vedc{Cnr6mnO{YQ-|_Nq{L2EH-Z-!uED(al<5nwIY+ z(&In-YV)i3H>y@rF9!OiRMq0nX=@k0WeBVQ``N-G$`NEPO#Xh5Wg7&lVwRTgu~F}3 zv?4`kArBM3N&G2*FwI#sPrQ~_D%T|5^JUGbrioP+y1^meNM^T(000ACYaCQmV zt;xXQ2H`ducS4euzl*I0^>gYJgU&oFPkK$Ny;~OKal_ZwsapW*>sfMDw~Gs(NwJ2w z5kw2E=j#Ko_H6yb;<`*QlDLBs9egLt^rACpHuGgXkBj`PX3JJTsXi}o&QhZ4LmuoV zpuON1kOG+a>T`&e5sFx|i}-0JbCF#Xt}K|FEn|{2Bc(FuR=cj?{%sauT+%O#K%1lg zA23BGV+`NuWH691Y0cr-5wSnjv;PVxXM`uOf$-2#;WFedW~@0g&CS1KB6l8fTW;IafE`P|ec zQ)6=h0Pq9Jj~3-OcMNu9<^AjTGJsBSo)z}k^tu%h4|)(Jk=yI$oG}R^=yfxf@gh5d zD<1RD-YmTi-D>@%(Y@clG|-)+)%o$L+l>PMoon__ZOIeyY{ZPmzw4KGchY`XBO6E+ z#Ej%RcGyxl_?RJT!5Sl4cQPZC6L}KR!SS+yx<}Z!^kDN*R*)?QI-~?owdGWA=E9~w zoJuN%wa!ljIE;_yoZ(l`WefHU^i0L+d4(Aui$8CUESrPNJp1=*o$_K1j%LPS4sC^C zQmDu10{qXd-Jj4cjnvK8hiz52ZRH^W=XF;PGqsU~!54c~**lrDtC^0eb6^ zkNIAs4LCDl5U7yW{Q+eOZyFs-kxGbQhpG+K<7W+9Qy)+yS`r74Dz(Te*X6*n=UwSt z8M}74*iJ2qTz7@Ihd>&PlI(W%5`GepJ^&(INdYD(`|Ec|DkYyCjXat2<4xJI)pbc5 z4|{h8H5Sc@oF~ZF3PIyDK9?B+r9DG@)u53YCS3Ng58nGY4Hkk~`!tco&SUeAwGPor z^mFJT$CF{cExNlOIDOeg^$wrd z+mCAEj)T_66VJxua{RB(xQv4Yjul!VO3O>YaOwV*B-IyG=7YRP>CEWUNG>;Q!-3`| zi(FSADH9lc)C-qdtIrXx_A38_CSR08NQ*O(jMZr?YkpcXCIG&b+S){3 zWmeZlX%=ge*}11fO_-1_a|^Pkf_O5-CoYpm7}5g5H4h_Q=Dx=R7>Hq31EzL=BOA{| zOpe)F50Js4J=&^boaB+Xg0Fr_zsT|hE2HnVNx7aUu5e({=(g21Y0UDIT8$ z(&Ovj+6#xuzkpVcvq#l8k;=|+$FGN5q{UnJ%bw&wXC5Z8_lWfDPbt)sp|{c-%^!wA z^f=F1>$cP{qEtX1RjLkJH2E=5i9GbEF6$6#C}0|TvfdTiqpslo7O0Z}Ja;~q@Y_2Y zm=f@X{(OPuuA1a%NPhXmR;L{%TGL2fCV^nes=FK~0)@y$5+nQ${^3n{luS<4RBpG# ztS|arFx{gr*Qr7ltZl@#vR#_?<4A$?>JinKj*GC#)Tk)H+#4F=^ zasO45xXhu@|KL~3VeqAu2v<2D{~(NHnN*+*RBHA1Hl(I!Y0V9ai6lR6lU#r6Nt#mG zGDrptDXd**yhjr*kyWv_W&8{^zp8o4D8*e!vUWb_yQGvO8ZPOdu>=exWcQ!L-2nR| z?WT7%%Q<%LYxH?+sUk7+z1%J3pU%L3sd6=i&C_NkAMCMn%kYZ9or9v;%wJSJDt`UG zE@0)&6(q9V9iZUCdUWn@_xRWC1y6S|Zb$J3z|PWadlvap!{ad8Nr4B+%C_Ss;&Z3S zVbR(=Rod;SpuLPC8rKzx2@v^8#K2lw_o>!r7-vo#{=h{uN|MHGAi3C1 zQfY;}UyQ}J*^ITkMvZ1Zvj$3ocA!N^8%Mv_MN`pLAprw@mI86f7^8vU%D+Q1{wb3E zClDQeXZ}xJygqzAA!zlBs0+9ax@k_0)JBoM^#Znp;FH5?f(J#gn4xU literal 0 HcmV?d00001 -- 2.39.5