From 2c3514fe15c9ba2063681cad2235abd153caf503 Mon Sep 17 00:00:00 2001
From: Andrew Hayzen <ahayzen@gmail.com>
Date: Sun, 14 Apr 2024 18:22:44 +0100
Subject: [PATCH 1/4] headless: remove ssh key from unpriv user

---
 nixos/modules/headless/docker.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/nixos/modules/headless/docker.nix b/nixos/modules/headless/docker.nix
index d781ee57..a705d2ba 100755
--- a/nixos/modules/headless/docker.nix
+++ b/nixos/modules/headless/docker.nix
@@ -60,8 +60,6 @@
     # Define the unpriv user for docker
     users.users.unpriv = {
       isNormalUser = true;
-
-      openssh.authorizedKeys.keys = config.ahayzen.publicKeys.group.user.developers;
     };
 
     virtualisation.docker = {

From b2407edb7b021dac348ca940e1d4f641fabcb8e5 Mon Sep 17 00:00:00 2001
From: Andrew Hayzen <ahayzen@gmail.com>
Date: Sun, 21 Apr 2024 16:07:31 +0100
Subject: [PATCH 2/4] docker: use fixed high id for unpriv user

This should keep us consistent for backup purposes etc.
---
 nixos/modules/headless/docker.nix | 38 ++++++++++++++++++++++++++++---
 1 file changed, 35 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/headless/docker.nix b/nixos/modules/headless/docker.nix
index a705d2ba..cc12306e 100755
--- a/nixos/modules/headless/docker.nix
+++ b/nixos/modules/headless/docker.nix
@@ -58,8 +58,40 @@
     };
 
     # Define the unpriv user for docker
-    users.users.unpriv = {
-      isNormalUser = true;
+    #
+    # Set this to a high id so that we remain stable
+    users = {
+      groups.unpriv = {
+        gid = 2000;
+      };
+      users.unpriv = {
+        isNormalUser = true;
+        group = "unpriv";
+        uid = 2000;
+
+        # Map the root sub id to the same as the user (as it is unpriviledged)
+        # then map the remaining uids high
+        subGidRanges = [
+          {
+            count = 1;
+            startGid = 2000;
+          }
+          {
+            count = 65535;
+            startGid = 200001;
+          }
+        ];
+        subUidRanges = [
+          {
+            count = 1;
+            startUid = 2000;
+          }
+          {
+            count = 65535;
+            startUid = 200001;
+          }
+        ];
+      };
     };
 
     virtualisation.docker = {
@@ -73,7 +105,7 @@
       daemon.settings = {
         dns = [ "9.9.9.9" ];
         no-new-privileges = true;
-        userns-remap = "unpriv:users";
+        userns-remap = "unpriv:unpriv";
       };
 
       # rootless is too problematic as it requires services to run as user services

From 1fdd01863a94f3346c91f7802463cf75dd146d34 Mon Sep 17 00:00:00 2001
From: Andrew Hayzen <ahayzen@gmail.com>
Date: Sun, 14 Apr 2024 12:29:49 +0100
Subject: [PATCH 3/4] scripts: add a backup and restore script

---
 .github/workflows/check.yml                   |  12 +-
 scripts/backup.sh                             |  55 ++++++++
 scripts/restore.sh                            |  61 +++++++++
 tests/files/ssh_config                        |   6 +
 tests/files/test_ssh_id_ed25519               |   7 ++
 tests/files/test_ssh_id_ed25519.license       |   3 +
 tests/files/test_ssh_id_ed25519.pub           |   1 +
 tests/files/test_ssh_id_ed25519.pub.license   |   3 +
 .../wagtail-ahayzen/db/db.sqlite3             | Bin 0 -> 823296 bytes
 .../wagtail-ahayzen/db/db.sqlite3.license     |   3 +
 tests/vps.nix                                 | 119 ++++++++++++++++--
 11 files changed, 257 insertions(+), 13 deletions(-)
 create mode 100755 scripts/backup.sh
 create mode 100755 scripts/restore.sh
 create mode 100644 tests/files/ssh_config
 create mode 100644 tests/files/test_ssh_id_ed25519
 create mode 100644 tests/files/test_ssh_id_ed25519.license
 create mode 100644 tests/files/test_ssh_id_ed25519.pub
 create mode 100644 tests/files/test_ssh_id_ed25519.pub.license
 create mode 100644 tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3
 create mode 100644 tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3.license

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index ea5986b7..99cd7019 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -36,9 +36,19 @@ jobs:
       - name: git diff
         run: git diff --exit-code
 
+  shellcheck:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+      # Shellcheck should already be installed on github runners
+      - name: install shellcheck
+        run: sudo apt install --yes shellcheck
+      - name: shellcheck
+        run: shellcheck scripts/*.sh
+
   nix-flake-check:
     # Run after pre checks
-    needs: [license-check, flake-checker, nix-fmt]
+    needs: [license-check, flake-checker, nix-fmt, shellcheck]
     runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
diff --git a/scripts/backup.sh b/scripts/backup.sh
new file mode 100755
index 00000000..33843295
--- /dev/null
+++ b/scripts/backup.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+#
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+set -e
+
+#
+# backup <machine-name> <user@host> <backup-dest>
+#
+
+# Check that rsync exists
+if [ ! -x "$(command -v rsync)" ]; then
+    echo "rsync command not found, cannot backup"
+    exit 1
+fi
+RSYNC_ARGS=(--archive --human-readable --partial --progress --rsync-path="sudo rsync")
+
+HEADLESS_SYSTEM=false
+USER_HOST=$2
+
+# Check that the machine name is known
+case $1 in
+    vps)
+        HEADLESS_SYSTEM=true
+        ;;
+    *)
+        echo "Unknown machine name"
+        exit 1
+        ;;
+esac
+
+# Check that the target folder exists
+USER_DEST=$3
+if [ ! -d "$USER_DEST" ]; then
+    echo "Failed to find backup target"
+    exit 1
+fi
+BACKUP_DEST="$USER_DEST"
+
+# This is a normal headless system
+if [ $HEADLESS_SYSTEM ]; then
+    export DOCKER_COMPOSE_RUNNER_DEST="$BACKUP_DEST/docker-compose-runner/"
+    mkdir -p "$DOCKER_COMPOSE_RUNNER_DEST"
+
+    # Backup all of the docker data
+    "$(command -v rsync)" "${RSYNC_ARGS[@]}" "$USER_HOST:/var/lib/docker-compose-runner/" "$DOCKER_COMPOSE_RUNNER_DEST"
+fi
+
+# Ensure the filesystem is synced
+sync
+
+echo "Backup complete!"
+date
diff --git a/scripts/restore.sh b/scripts/restore.sh
new file mode 100755
index 00000000..5d2f165e
--- /dev/null
+++ b/scripts/restore.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+#
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+set -e
+
+#
+# restore <machine-name> <restore-source>
+#
+
+# Check that rsync exists
+if [ ! -x "$(command -v rsync)" ]; then
+    echo "rsync command not found, cannot restore"
+    exit 1
+fi
+RSYNC_ARGS=(--archive --human-readable --partial --progress --rsync-path="sudo rsync")
+
+HEADLESS_SYSTEM=false
+USER_HOST=$2
+
+# Check that the machine name is known
+case $1 in
+    vps)
+        HEADLESS_SYSTEM=true
+        ;;
+    *)
+        echo "Unknown machine name"
+        exit 1
+        ;;
+esac
+
+# Check that the source folder exists
+USER_SRC=$3
+if [ ! -d "$USER_SRC" ]; then
+    echo "Failed to find restore source"
+    exit 1
+fi
+RESTORE_SRC="$USER_SRC"
+
+# This is a normal headless system
+if [ $HEADLESS_SYSTEM ]; then
+    export DOCKER_COMPOSE_RUNNER_SRC="$RESTORE_SRC/docker-compose-runner/"
+    if [ ! -d "$DOCKER_COMPOSE_RUNNER_SRC" ]; then
+        echo "Failed to find docker-compose-runner data to restore"
+        exit 1
+    fi
+
+    # Stop services as we are about to mutate data
+    ssh "$USER_HOST" sudo systemctl stop docker-compose-runner.service
+
+    # Restore all of the docker data
+    "$(command -v rsync)" "${RSYNC_ARGS[@]}" "$DOCKER_COMPOSE_RUNNER_SRC" "$USER_HOST:/var/lib/docker-compose-runner/"
+
+    # Restart services
+    ssh "$USER_HOST" sudo systemctl start docker-compose-runner.service
+fi
+
+echo "Restore complete!"
+date
diff --git a/tests/files/ssh_config b/tests/files/ssh_config
new file mode 100644
index 00000000..364688c9
--- /dev/null
+++ b/tests/files/ssh_config
@@ -0,0 +1,6 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+Host vps
+    IdentityFile /etc/ssh/test_ssh_id_ed25519
diff --git a/tests/files/test_ssh_id_ed25519 b/tests/files/test_ssh_id_ed25519
new file mode 100644
index 00000000..d0ed7f9e
--- /dev/null
+++ b/tests/files/test_ssh_id_ed25519
@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBwClEXAWm/c9/42a0VdvVowOxAkdiJUFyeqUwkNP5ioQAAAIj3ZErF92RK
+xQAAAAtzc2gtZWQyNTUxOQAAACBwClEXAWm/c9/42a0VdvVowOxAkdiJUFyeqUwkNP5ioQ
+AAAEAwbllncNKWZCOFyHkejkA4GZNBl9O6IKQf3pKpMj22SHAKURcBab9z3/jZrRV29WjA
+7ECR2IlQXJ6pTCQ0/mKhAAAABHRlc3QB
+-----END OPENSSH PRIVATE KEY-----
diff --git a/tests/files/test_ssh_id_ed25519.license b/tests/files/test_ssh_id_ed25519.license
new file mode 100644
index 00000000..7a058e16
--- /dev/null
+++ b/tests/files/test_ssh_id_ed25519.license
@@ -0,0 +1,3 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
diff --git a/tests/files/test_ssh_id_ed25519.pub b/tests/files/test_ssh_id_ed25519.pub
new file mode 100644
index 00000000..61f2903c
--- /dev/null
+++ b/tests/files/test_ssh_id_ed25519.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHAKURcBab9z3/jZrRV29WjA7ECR2IlQXJ6pTCQ0/mKh test
diff --git a/tests/files/test_ssh_id_ed25519.pub.license b/tests/files/test_ssh_id_ed25519.pub.license
new file mode 100644
index 00000000..7a058e16
--- /dev/null
+++ b/tests/files/test_ssh_id_ed25519.pub.license
@@ -0,0 +1,3 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
diff --git a/tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3 b/tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3
new file mode 100644
index 0000000000000000000000000000000000000000..23f580ab381b137079010eb7326b6e36507e82ee
GIT binary patch
literal 823296
zcmeF4349yZedh-U2|^?=wq+T%WmynpMM7*+GXo3`%Cb$1uuY4kEQ+*5ADs+=Avh8)
z0RtU&(<~?@P10-IZQ5?L+iuTf+ooxE(`(ahw%JXSZ11MW_DJuvO_OYsbeptE`sx1P
z42}UXASuRbDCb8}Z-6)N|9}7YegAjO@p$I+tZr!G)pE6{8sQjs8|QLykA=e=$9<Ik
zf0+I^f4o!l!Q1*qN0;sMppPHrCWOf$IveEQ#nSu_{)_xS@PEgDoc{~{qx|pjzsdhH
z{{jAe{Lk_K)k-i(5#m7r1V8`;KmY_l00ck)1V8`;K;Wy1z)!#NYpA&Ie&ZyC-}A;{
z3cuz06$;;c{RIlIU!S4SxE`layS7B(v+Gp~pIB#~lk3wIKCpf}g`ozE-xFqQa}WP%
z3c2^t+Wd3YNA?vzAOHd&00JNY0w4eaAOHd&00JNY0=F=MON|M#eyT=+m<aH%<Mxle
z*&X=5{BH-pVeA+9@8+Kg{(A6lgFhH72dDWT3l8%^{z1OPe<JXsfo}`c17`!j9e9kt
z9ylD}gRdF;%-C;_eec+tZ($lR9RxrC1V8`;KmY_l00cnbU!B064VUMre?_fn$_4Fe
zt)>}<Udq?*YjB?9uFGoPQ1wE#T-B6{n%4^DyjC)*SKW6GdmePFbz@DbXw{-#tLfzu
z_kq1{@ErFyW$HDpT2ok9sg_suf_7is^XN$PWKC16*)>JW=|;I)tLWJacU|<vT4%N5
zik7P><{?z^$gTKXIa^aGs29nIJ*r1+<z?DeC}&m5Md{>XMqe&hFRT{ImurS<XnSAm
z7}#~zP-_=LFL>lGjV;l`&wG}-PUNfQdPS{J!7ix<CaRb*wYy*ENw$nN)w6SE#&;29
zckaAe%9oX*p0BC~0jqJpa{n36iIxO=6uhRGVSS~^^uB7RI90+`)v`uSX?==Ld(L*%
zk!eP@Tqsa7%Aiv>Bln*0q+Mo(nQ3g*RttuPJTX_(xNNy(5M9N%TG6EFlxMkRomn2{
z1DAB|a#gDtRo%>^S@e72o^%(Zjunx#=j3Ku_Ad5R49lrXc`?U2c-C{WznCmVr+~g-
zz;nP>KsWzRF4$>Icb@Z%cd4k+!}snxS9@ZaPS4nwXTRS>#k`k)ALqS&#uFW36=T-U
zs;(7sq<T+Bee=_9k7s<O2~y1!^^!sjhU0cW=Na!}!`xyQ$w;I3aieb-ePQ&%=sf=<
zFY?dx_Xa=3dq&0Jhk_ps{&esMg5S!&KWGGB7`<=woul8z|LEACjC}+Dma(4-JTv+;
z{3l0$Ef5RvV_z7%H1@*SiLsHfL!+PIE5YI5!~Aatel_r};QfKO1&qMQ`wT?{2!H?x
zfB*=900@8p2<#vNcY62jb=5R;RY@yS^C;ctJ#^63T%NGiNzL|I40!kKF=zj5$}R-G
zdqU<nbFFi9w|9@VH0UfBChqWt_PNYCdTUKPzQ=pd0hgiX^SZ%8wm8*_4+XvV?C!)q
zc$fF!J@$o!wd#EBecpqI?9pr?(NY}kJ=t1UvSq-LK_{7p!~47k58KtYB+WJDYwq?Q
z+~;)m&^_LR`|T&%%g_hz^d8*Pd*)!&d+<?vWM}Etv(}6BrX0B5JaDh~-~nfy;a(fq
zQf&W0@4=WoJu7}s?)UeiVrg1y#C^RAOw(A3PNm-$_8yM5GO;c}T&!!=t2w&Fadk~M
zYI{T8!y$(R_wM%|Zr6ieB&D@_rBGIL<Rk3cJ$t=}+rX{!Rjow+LyOnDO~18Y6tP_s
z3E4BWE_;~aUHiP_?W%39_G_&Vd-i(|waZ~%FX+B#aA(N7_aL<&bA8@CFcQ1(^X?t*
ziPuXx?Fu`2$L-!d`&>*B`_E!-zr(v{e>=up_1<PCV%K5Vf0l^9)4ThSi@wosTUU_x
z?%vysWQhWMyn7D0R;WR+|K=4WYGGq{dG{P{$F_w>yQ0m+Ovf%u2VJMKU#9Y#ZJS-a
zS}m6ity<7a7e?;%?m6gUade%izM`6uK6_(n7QnoYG<?8&@Mx>f*+mZ1aqJg&hVJqn
zYI}v*Wtf52WU*E*YV1EV(POVo%MHxXy_;H{{Q`i=g!)@)bT7w$g8vBri~Nu9Z|2MV
zbNmy$z~95WgP#okQSgJop9+3|@ZSb&!RLd=g8PC)fxij-O5n!=-yWz1P6ebuaO|JP
z{&?&?V{aX+k3B#3_}BwuzR|xO{ngQ*9(~8?w~l_@==ss-N9RTb$^<_k00JNY0w4ea
zAOHd&uyYCQmb~1)y*=yyy`q;pbkMfux3B-l1TVK|54&f_7FU6z^ex1`nREF&Cg|${
z_O-JVynWouh4yu=|L=Ur%iVLJcl{rDkYabYWB0t)%N@MOc3a$9|L=`b^dVa`o8h;X
zI(v`woNTS)*|L1^;Q=R^hWlPaClA}ywj|B<f9MdM-RE%j?g!|^e%p!m`hWL9I<u$e
z%#jF1K5B~`xc)zKpeN<P_5VF#N_oIh=kEPIHn8=7<bH~b+0wJ(_pJZ-?xQrlkX!5j
z$bCHu9M=E)_j<X*(Pk!2>;Jp%r39h=1oz)V@vVBW7It0h|9kJI^DW>#>wmhYKz`fQ
z$-J{>TmRp6mn}ov`v1N?UT(ZqwXJ1;d;Nd^ousl=4u|#sUAw*9-h=(?|Gjrm{CIbK
zd)ZA(dv4FZuJ!+I6tlk-W3B&rmZ-UWHrM~VgI;d;q2Bd>fFk!=k*p%`93!zqz3cxy
zqZE6%727ss&n|m(d;Nc>-_+5w{=Z{{Vh?n$|9AT+?qJXQKQv7K(IRSJ|A&X@#8I2)
z^{xN+cnNpQD?01{+dP!bKKuIrF1M{VZR`KtF3Q5*>KGF@^}jCOyfyzJ>#%b>WLO3Q
zAOHd&00JNY0w4eaAOHd&00JPeIe`z};dLEy-Idb{nxR?mwLHz9|9A60#qobY0e(OL
z1V8`;KmY_l00ck)1V8`;KmY`G4uJ=}bAEq1mXn28OwbZyJf6!+=>&aOQ>vIvt1&Sf
zJ4A_Gsn|+3D`~NGHk*qlVrp85CB&?(X|gH^D`L)Lt^fay<3G>;-Oec>ECB%!009sH
z0T2KI5C8!X009sH0TB2y2>3jE{8iebV8pY>#oih41V~ws|MwjKPyA>2kMn=Q{}KN?
z{IBxA#Qy^S)BKO~@8JIvox~3afB*=900@8p2!H?xfB*=900@A<%^@&EI~w?1z9HJf
z!0#F!qOA-3uAyPttH9-Q`-W+A0y+*4({2QG92%ni2mCJYFl{+NU%f-L%YfhI8KOM}
z{PdMJ4)FVjX`cW(=NYEm0qE!+qTK*oem7hHyZCb){o)4%KmY_l00ck)1V8`;KmY_l
z00cnb1_?9{xdL1xI^_=qj{5ymfy&B-+^VG1)>KJOJRr&f{XB5t^y(=!lX)tW&y*jK
z$`_wGS9x;o>FkNePvoZ`zj~=OU6)rEs)h8?(i2aw8R@u?POM3ni>HrEf)pPY;^UGS
z7Uju!YEn*3$mv)-owhaxTvM;Uq?I1a7wJz*Ok~T&zVz|Lgdj;$BF&!vck!R6=l^f8
zfJhDkAOHd&00JNY0w4eaAOHd&00JPe(+P}tLVoj70lWXt-L})sg?%6Z0w4eaAOHd&
z00JNY0w4eaAOHei4gswHzZ`my1pyEM0T2KI5C8!X009sH0T2LzTY~_5{{I7`2e`mb
z2Yxc}V}W<@U*!LR|GVJc;D>|%Gx*<wKf`}~?EA;wKKAWn-$Z)@ew6>c-~s+O`CsNg
zz`u|GIsU)$@1h+7zmI=A|2F<x__y%a_}BB7`HTDoUgH&hnLoqN@lWzo{4rkUkMdFe
zAis|f@wfA%{7~>;g8vl!`{1X7e;xd@;2#EmC;02ZpA7zJ@P~rm8~pdde;53w;MWHm
z!Iy*eU^%D<v%wdGXM?AMCxe;bqrr4A790;A4(<u^L4VK__~*dq1D^?eBJi=mp9FqC
z@R7i;20j@0#lU+5-xqj$;BA3#3A`n6E%5rl<-o<jg@6`N0?UCjfw{nwfvLc;fE+j)
zhz1S@_60(L+XJHk@7O<&eQxaU#{OpP&&K{>>?32pGWLP7Ul{wDv7Z?G&tq>Id&Ah3
zv5RBp$FgHDj4h4Lk3Bi|*jRc@8hdc;fw6sKca8C5BV(@7FO2^E=qE=%Hu}e-zc>0D
zqaPl9|LA*1-!uBI(H|cD-qG(G{npX9j$Rx6+R^%GX*56jy3ys)h0&9v)1${n6Qf5*
zk5E<M2LwO>1V8`;KmY_l;44XB*yD0b+y|_~|FRDM(>lDL9YpRIt;7GY4)3!LzrYRx
z_us9<&s&H0T8IC}4oA74vkpIN9e&0-{4_gEa6e@o-eVp9t9AG<>@d##q;>cS>+o*t
z@Z;?85ce+Y@MG5DN3Fw;u)~Agf3^<qv<~mE4nNEeujPKoI{ct@_yOzi{p=9szRx=R
zC+qON*5P~D;RyF1t;2t?4sW*(-^~t(xqojRzRNm%r*-%ac6bf<HtX>1*5Th-hi_wt
zA?{nP!@so--(nrUnH>&s-((%W(K>vCb$BZ~JixuhI=tCBe7$ve6FVH_-e?`JTZe1b
zVVxZ!T*Es2n<0<O6?uahejN)Byxt7I)(l@Z!<SeXzG{Y7%<!@qUSi??x)~Z~STn;a
z3-7;Zh7~g`n_-EC`-)~*FvAOGc%Fs#>1McQhIunw^?Lj+jRiRtWLdDn&g@mq@O5UW
znBmv3@ZJ~A@C7q`-VC2(;XTV{c+L#Zn&Go7ynD$E7tQdD87{EUeVT>C&#*9b$_(et
zaLx>8S$Nk;Gkn?%XUy;^7Vde{44*K=j2TX|@Xixv__!HPnc-tB-2JE-K4ON)&G2Cs
z-f_$fC(STzhA9?$l4h7NL)i@DEWABthLRbIW+<@mwxeb^VTR*o_z(;E2hH%cW*9ZY
zBP<LaHpADL;UP18fQ5mBW*9NU17;Xz;n;pNyx$D>nc;mb9NlY%_nP57W_ULXcZJOG
zE;HO?hIg{izuOG&FvHu;@HQ5X@Mah^!+;r%vCubahP%wrZ-yf*9QK*vuo(`q(CcNP
z+hc}qucx{HpPT;}N4x)j>?_&LB5x1?0T2KI5C8!X009sH0T2KI5CDNMlfW*whufRU
z=|;I)3%ESofw^){tE%iPyZ;~LznkO#lJ4&RF8@LPope9{yZJBhpXL9S|24YH|1<o%
zzs%er4gw$m0w4eaAOHd&00JNY0w4eaATW@?u-8xb_JihOIA9)z#(Z8E-N5&aTF2pC
z)^W&hp7xGdU%fu_t7q6e&|e4i`st4YTIW0->qvh9(ChO1-PZd5Jshp}KgRzl|2zCI
z&~yFovEBmU|A7B>{=@wL9B3j=fB*=900@8p2!H?xfB*=900@8p2;4LR?Cp;r3j!=K
z-vMx&?*O>XcL3ae7Hz%);P$bP!z>tLLI3mr*82b59RDT$6a44s8o;OdKjD9${|Nu9
z{CnwXfS=-j5%>RZT17%J2!H?xfB*=900@8p2!H?xfB*<M6JT%d`^+5xhRq!ShHN_k
z44bR}A#(=+uetp9nmYh^%pCyeet+u%fTy_ufXCzav-Lmz{+}~!#DV|_fB*=900@8p
z2!H?xfB*=9z^jD-*8i`TnnXE300ck)1V8`;KmY_l00ck)1VCUgfq?HHxZAn6aQp+o
z-}3*?@cRRo$KE=8=g?X2+eSa{e{>`>`mpCit`EBIqa?q<9q-XI`hSPt*b}wwuZ`Qn
zzR;<0S3}fGIqgdByjsea6*X7XOG=@fSL!vbs^~c-D<|UGikj$6aNmiA%+z8gJTpI?
zITw!fp6-*6gip=)CyRuSM4CB8qKzZ_eIbQRI_+#ywp=o_lA#z^E1GFqd?l-;w3Xhx
z_ikd^AU%Uk?2(8>uYKM9zR>u%>+6pi>PkWDwV?O=zNSTsQ;*MPoGIwJNLZ)x<+W;f
z{?uZ4era|#{LI44+|<Hy_+(}|JhilVYG$4k&1L2n9|}j*tf7}nilG;^NI0h&8vE21
zr3B@b^IFy*P?4~qT`^3Jo#?7osYb$=)M|E3tsapCA!?VU$WmTYidwCv=1IS$plKE<
z=>^g;oteFmc_OornLm*^(=MxBfK@tK6%9|bbPFbvnfaN;nW@>?<z{4NnsRA*Mn`)K
zj6DanZmgN^wq?CdbgKn59|_lrYN0^n!}U^4&zH1Zn?v}-Q<)Pd$=I&+j~ovR(P-o8
zkS|o8ay2fRzS_3I^81QbE$X!z)lW_7d}cl?uCA=et5SBbz`fnxJ2>G0&6XDr7GspU
zY@&wu=pDY$1!{P;p2Fm-<$9&oZp-FZR*G~yCJR|1tJF*S#ZFdM^4-k>EX~iHUTSv`
zy{R@)+FJ@swY|F_|7h7mC78V37s{ty4YgAO>ujf}y;YHlXXR{K(oD<x65rua4Sk7v
zs-UIOW_+KB6aEKp^Mzg{<L5Rq-qJ+yS42t3uB@h=?Y@0WcK0dU%;c6pB)Tq)nqA-Z
z-DcO<Td%#}$C~yuyT0Dj%{JTL!Z+&rZdSk0E@ZzseI1UOwrTw)Jy~@0HQY1X9;h7z
z8<+Qtgc|-S*ZR?p$Cyye!0z%*R6UL=#?{11A|~~;-(KmvH)+Ye>Dz6(V}aS{*>kfw
znkn9^qo;{?X`*(%`%YizH1$++Pr=RVs41-)RMJUVPRsFlufN^p&^$~N1}W&Z*Gk8%
zY~@8wVt&LIN~c}dlbt4Eo$Z)kGcD<h^*c0=zC_z<ByICvS!bqhw^Jx{a?v+y>1!(;
zfh{%|^7*^^{l1a9%NNShn7iCl`Mo~W_Cqx-Yidqh>3BhJ(t8H^LvO-9oxP6HD`0oz
zXydls_StsF9<!D@BWywyB`ue-8EhrEbC8(><a>>?l69MOo~KU4lXk5i?BF!h**Xhb
zi|SM&YtuqD7n9@_q0@u(iQd+<*<l{gm$uVzH^|0Ts6GX(XjUZ6Ec<*kx_)lV7n+)K
zT|d@op=O2k)>@}#dd~zLTB@UprjPeGyRXEM)`inyh4JOL)o0wpp$8vyEt_C#7Yn+f
zDK+h4T`Og^p0A!RggqyZl+>d35J^TG%PwE&=uy|YYU*q*riyx=w$Nu&>b?kfm)_P|
zv?H*s8c{11+xkeByVgg{*1=~<w4iIW?&@2XMREVXzh6fT2!H?xfB*=900@8p2!H?x
zfB*=*+6V-OKFE!^ALsaZP!CLvT^RjeyYBXX%zxT{pZ6v2L+;00|F}<Z@7e)n_dNRL
z7~wkm<w!%;k-)XpM%5QOd)D=)2hGc4m({$X>V<5%s##Z2v*kj8Zv4}gvd+c7EhUn>
zFQaWqW?PrmIu>qz1Ho=ZN3NOeCO6*fw}|^M$M#+NG_N0TS#t;O=7lh?Dt837mPhnt
z<Kl2gNxL}n`h4?pDXA)(-xX&vis&34Tc2rEth-d>eSXsc>nuDz*fTn!+j519YOD>o
zkQ%mb98e|Zv<gery3sWFL5*fY^AQb_E7gnHHN9YavSzSoCv97L@HO5j$9a|<TPGqx
z00g#2ASMroo;)z9yEFSx>lUBb`Mkezd)yZ~aKP0ln!Q@*Oy?8d-FtOTY^%rWzV#!@
zwg=~$JyukV4Tm!OH!O&G=g=w#`#5?nD)~bD_q*P7pi>NX!ZenB*yT_N7Qd}BRMcAS
za=A(!W9tDxQA%~);3}v!gFOeTm+W`3=;1!<R`r@vtJ7#^WxrA`7ut`^(ODL|IU`EA
zs#htG?xZmrO-iB_X=c+gQj+6cMlwSTb#*lo?lpqWu!r_8(M`JEQ|z9ca-POe#~XB%
zsaf=Hv$|?I+IZkFJ+Jj(*YjGP!CkRG>d0=DORMo@LW^7X^gHQ-%?fQkKx<ZX=j=c&
zwwvIc)XWKbvZZHb&b-DKy857No$uV=?}+qekfpy-&PuHaqPh}G%4+A<en)D!X|%&V
z{Z67Ss@`%*s7_kO(X%#(4*A&q=IgFbL+NDQL-BrxM$<{Wt)|n9xjidsKeTI~S2k}|
z+l89BZa#Hwm$}nOd!Ewmc2dcHk2>0T>H&H{HRfu(Y}USmAqw55RtoBhR#1vm_XQ=H
zSjok5u@$r89R$3NmG6*nW6f5*JBTqdZJXFb9Hv?1$TJ6hp;*kdo;Iu8LDC^=sJrSN
zQf#aGJN6B%70YVp)42b?y{Q4DKmY_l00ck)1V8`;KmY_l00cnbmLh=X|8J@4g0Ua~
z0w4eaAOHd&00JNY0w4eaAh0b0SpRPe8-zdr1V8`;KmY_l00ck)1V8`;K;V`lfc5_^
zRb4O^1V8`;KmY_l00ck)1V8`;KmY``MF8vnZDE5D2!H?xfB*=900@8p2!H?xfB*>G
zQUn6b+S_g^lVL0ffB*=900@8p2!H?xfB*=900@A<4H6il^lttinAC^)FIpdNPz92M
z00@8p2!H?xfB*=900@8p2!H?x>`(%~)HqC*ec&v6{@>02703S-|JfaCD$D`_5C8!X
z009sH0T2KI5C8!X009u#5`j_AURNfk8|7-v9q=6R&y{mpRb^k<`rpUDo8v#vf0F+*
z{v-Um`490wza^ze1Ogxc0w4eaAOHd&00JNY0w4eaAaHXCj1Bqy_qgh%LOFZEH#+3<
z?{T>`TG$WmqR+csZZ((l1}M#5SEasE&}(a+UG!~_i=`j7KC<NQ5sKaIr_|Q^|BpES
zOLPU`v;3#{KjQzI|FfH8JhXxU2!H?xfB*=900@8p2!H?xfB*=*@&vpdzson|ak<<>
zX6R)R!z}Qy!0qw){cQd3;=e@e|5rYLXaoTe009sH0T2KI5C8!X009sH0TB4g6YzLO
z%=JI^|NqL@1uOso5C8!X009sH0T2KI5C8!X0D+rHAh7G_xnbYKoL}RIg7*gYkBrfm
zpRoU<1W&o|_GsJ$#|{0w=bN3a8UEj{w>zJCWn*{!{O~uvvKpZc1V8`;KmY`8j6h>{
zo%e-`CtZ!AUdm}#E~|M%)eG5jRZ}WzUc01gm#bRMsOnimFPF?XMb9astfp2pHL*$h
z<0lp}Q;V7K%=~obTsX2x>OSp}@TvJtr6S=Y5oRix6^X7dtp|OflP6u*4;bo7LE9w9
zO-?`7G=FjG@!8Cl3?UoBddbl8S~Wa>YB4;&G&>u9W?^P-YGFBiGP4|>T3S3cGf#Tw
zGV_ZMh1-_*OD$xc$Sh>$Ph`&Y=gi8?iW{D0i55)rX69!WXQpOnmz$B9X;N>mJL76a
zi-a$!)$E#DJt7IwwuPo0wc6!!mCSD^kmXK_==zyPZ6wq<e%5tuU!SMstL1tnTP_qd
z(@QE^wW!x>%wNni%walb**9AX`ld=^R$JB5O1-3Cv{%VMy@_VUEX~iHUUGD=fuh?m
zsoxC;YG)PGDszOeb`_gNbd@|3rJbv@H`Zd28U${LK;v@b61Ci+v##|UX}MjFs)#EI
zDIq20Ew#?c!M*;#hSSp}wDP;brq^Y3B-+R~>b}s+RC51z`Yb`tCB%3_*ixa>+bMLb
zt58~5-C%iJ@>JBz4PzU%+|@rRa$JhZNm<=efm7QluycMlSn4h%k*M|j|ED?r(>K&E
zkQf9&00ck)1V8`;KmY_l00ck)1VCU16X3o3U2Hc%wXjyM8PB+__5Wu%{Pn*bTxl>3
z1V8`;KmY_l00ck)1V8`;KmY`8m_Wd@zjFb=T>rcI&$0dgKX=2bAOHd&00JNY0w4ea
zAOHd&00JNY0wA!139vs0;GrLD|9?0CdGqi8?O=mp8VG;@2!H?xfB*=900@8p2!H?x
zfWVCt@On6Q0f002|M&5KY_9+L&+?z*|Azky`idVA009sH0T2KI5C8!X009sH0T2Lz
zTZVww<9GR3FwBA>7I<0UVS&4I|No<G{r}NhrdTi(1V8`;KmY_l00ck)1V8`;KmY_l
zphMt(&y-6Nr1-cHAD6_iC{M=IlTu<LA*Q9I)V}}k;{TkZU;Kao2!H?xfB*=900@8p
z2!H?xfB*>GvIO>dru<G90c0^LCQ{b^|6k<zFW#~RgyA3n0w4eaAOHd&00JNY0w4ea
zAOHe`33xp&zb8QFUHqpx`o#|jfB*=900@8p2!H?xfB*=900@A<tAs$%HO%etkL(cy
zL0l-84R-&ZyX{p{I1~c}KmY_l00ck)1V8`;KmY_l00cn5k%0C5{}(v^3y!A|2?8Jh
z0w4eaAOHd&00JNY0w4eaAaF|)81lGW9=Emr{}S#0e@hnz#)AL|fB*=900@8p2!H?x
zfB*=900;~q!2bRpd;dSdy_MrX$bSc);|~OXH~5Xg#{>TycyHixAU^ijW8XXW?AYz2
zzdrh%qtEU7{I2)z%I(_g|7HJW|6L>RA9-mc=KD+E5BOg2`G<dUcxjj)`fo#5h9<p#
z?tO<>@$U9~z@vL&?oYbk?mp@IqU*<8x+}u{7G>u6^F(5ZJD8cetmX|>FJ#MAO%P&9
zrKTB5Ma^qU`Ep6CDq2oA)RltPv!h{ZGM1PSWGN9(&&#A|sYg#jsgx`Af@)}%vVvM8
zwe^*PUR%?0ifZ)hlPA(?K}e=Dang69N1uEnYUG5R5~gCL=2(xKcvFpjNmHuYCB3GX
zOOBRE2}u^`BvNsvM@5VTi)E6}mkUgdcBP_MuPSR=p`sYt6~}_5QYk4V%!>}7Bt^~T
zl$Cnnf|An;T8mdjs}}XzAoG%GL6(#Af`dNM)Mr-UC0)Br#@39go;9eTigC4~)tri(
zl;e_+I(3xvo$V>Epy;KXc10m^rnCi3$yPP0+(9*&6i8z#GeHV_YEnuo^^%?~=QO2O
zsOML8t&mf4=jjh*bpPE9axi%!5s%AhIX+Hm4s_ckrIeyp%{#cIJRzr2v1IbOhe)c}
zBNbQFf<azw^2wG<hE_66EUbJ@{wvy=dPy(Wt4<cl2{A4uXCEZpr+aiKl~w(Uk}Ves
znuWWf8f)fvmC<+9788Vo@bqg*+gy*fgp#k8>y<8j8~Q{%kxEOkC!(aQr%_9?U5j4Q
z4P7lLIn_{|Y>LNX2_cz2LV6zTu_<oT<0vY~iDcs0!z8Nph{o*T+fKAa=&@8f7Ee6<
z8qzEF=(U<pO{aEKQj3o65Q~d)D*4zUl1}$Xi%M3lQ2$oYU(zmV)s=G1S%Z)k(}^<=
zkOrkkgJ3qdt|mfmP~Eh%i%+BzLOhwAK1fQZx|ND)rD=>=rkav1Xlkim=|@glVzHzs
zJ{KV^J-#lcx*Ke*zEac;)?`=9Ri#J`uxk3H)xMo{r&6LQ$DTbvx_hcqOe)zmwM2si
z8y>9I)akLPA=R=~z2fZk@rjfyi0RbnFzJ21r{sy2UbBJLs|C_cjmRjQT`Q5L-onY$
zWI8S<q|AO&+0);MvROk#8s5684p2kh^634fCfQ>d^&Hes+v{b30zs7K_K|{~aYKwL
z^$NAQ?r}rgXxxZTB-61(QqJ7xP%McC9_qbv7JSx~ZbT;*OC_GzOKN($22r%+x8|~B
zj+l-u+)H|1?7<^+Rh%_-pjs={3x!VC>P(FKKtZ{ObYAY(DWqE?ty*WQ%9qV5Sgn?e
zrqS(QWTT;oF_g&eg}eKW7N~`^CMj&DLXCFoI^}eFK14cuCO$&a0(!&xVrk*YyGY-Y
zJrELRp$p~g1xs<KnK{#xsHa-mLyEFJimY~Ewku0pdo*FqtJxovs}A!6#!yVB)020S
z+VLK>tr-;=s10bEVlpMDyGi!t9$6X`s7=vy;9^}XX*KHT$|ahus5%YGG&EQPplR`D
zr55F6^4J}e#nGNDB<kKa8t=@q#p21t?Ie7tM_6nLJEInbxbWC*L)@Mxr^rLs=mlS~
z)y6B;@|CMf$7)BaG|b9L@dQsA=2{wPJTWIIR@vE*rWDmHN<k~-jWs7T<YYQ23r_|~
z$x>4ZH5^Mxy+%_VbLPDjMbv}Ji6;W2=uAsd%C3lM+ln4RObEisG1Bv5OHZ<?=Ms&y
z)CZE6nKiFft86Hunx~niBcgbMCgQ@>C@Gt1DN9f*y;#?&KW|Rp%xSGcy@=!lC>~2B
zlCj5kk&2To71S0?${j$3a$YZ)-Ib#bF)789kNHVQtFDFCRMOPZW>c;hjs>Cqm#~}|
zAq}m%7Fu&6Q-fBdMc5{F9gD?fDfyI-l$>o9g(g7OjJDI9w@^t^Dv^}rr-p~PLr+fG
zF*1s+ZntZG%#=EzkrHxDO3n-oaUrrPSJX?SBBl^enp)Gkh_!Ilnh&oQ)I1FnWj*U$
z*%C31$ELibiYPZ#NgY+qb(c9BkXk2e#AG~`mIV)~IMi0LVKWwEDLENC>L#WnVK!r7
zV*w#0lc6p`cc>TLhJph5P%LHb|MxMD|Cr;V9FZUZ0w4eaAOHd&00JNY0w4eaAOHfl
z3W0m*>OjoznzL@Q(B-bMTA@pVbopz@dj9_(IsPASmBPSI5C8!X009sH0T2KI5C8!X
z009sHfvpnodG`3}$q13%|HuCSTcw6{AOHd&00JNY0w4eaAOHd&00JOzYZ74V{}KKd
z=>9+d8UAnhKjnXq|8@SCC;~qq00JNY0w4eaAOHd&00JNY0w4eaJA}Y6ZQ$VdyM}$V
z2ZP_`at{yF777$G<f9D`Sj5mUZC^kUZXfMIz#`m3w6%cW?;oaD0{kw&x&QwN|2~fY
zEdOWxZ}9Kq|B3%N|9|)o?vMh)3=jYT5C8!X009sH0T2KI5C8!X00EBk4bkG>H9Rsh
z<TBU)bRmF64AF%FGh&FY1h5FVw;AE~3{wPM5E!Nee!n{~@*27hpmM|S_I_^USNNg8
zw|V}H`$t^r*cJAVt9n1@{nW@l-*4V1Y~S~ICpZeCmSEtx_gk7OD8s+IQEj(y`t{8E
ziIGr4UUpscnfr3v{=k8`g)Z9`-@Yrpxz%dT@syrxZbC~Ra#CzHC9JHN`_*nu=aVNE
zGE<A0@Y4Lu>7`6~W_~(zE*#mK?2XwI37?wZs^&=eNQ7;w+si@EMIH)Atc_>sb9CLi
z{y2g3Yp(S}eIPsA-1n+!;%w<r#1w&()R?{4n@K;?1m{3(Gto|kwKDE!vzZP?sAWHK
zcx-)&IEcide&ZYl=S4mhPsSucTg}}Fn}@#)Hd``gd%QMM9f@9(*N^)`n&x`rxcS#a
zZlu6Bl6JZYXL0KB*-UqX7;K>Bv8>X`?ZdSBv_^mDB0PU;F+9ICI~#sxVP<Y>VL5y<
zvmBmUT0Au~PnpbR<`=283|8u>Y9aGPW+5|wB6DVowl$54hNqe2f?2AW`I*I;soB}(
zW@KjC-fa8rw`a;WxV2iy)-*@gYwHjDLTAsqu4lGhaa*df6Wge&ZPk&zuV-6DN5YrX
zD*gF_>JdqZwyT*KR@7SUa=A)A&`u!BT`4-%t!%S?w}^dLp8MgQKL%e5tv})mEib#?
z=<jn5rxC_#Xm;-yoGLTeJq8PH%Rijd-B9g1DA-yx-^6yyaqio9z5~I+e>DQ@cdbv;
zEaskN*LtRJ7UST-)+jM>TD&U8lWIDxZmlst)ojcT^SSM3-9Jwmtc$frr?b?~qwD4M
z$B4|F=DL>bBh%^e2h4K^C$KLb(y3HBEvs7J;$g73)mct7$qimYY^K5XH=BBkFwnw&
zw43F^01r+>nC*RCv~hX;Q9?d+*0sLx29S3$py5|ZCd9Om(z13J?4;-^>%qYuI8eq$
z&Ys^5!0D#K<_uA`|KAAz`yBrz{`2$<z^CXPfWP4Xm?H240w4eaAOHd&00JNY0w4ea
zAOHd&u=5FcJ$}~+3w$gXX2B2(ye#mr!0qw){nq;bcR2oY{3qz`|KH)i$bXvu82<-5
zzksk11V8`;KmY_l00ck)1V8`;KmY{3$_cR5{m77q9{aZz|K>+)^>2Q(mj7OltM&f>
zN38q*pP_32ALIXo|9$==U*!Z*d=LNu5C8!X009sH0T2KI5C8!X*y#k=5})4xXQ7XU
zL&Ih`#6q{%47>0DyZA5B`hTYv3-*Bk2!H?xfB*=900@8p2!H?xfB*<=hk(b!na}@o
zw{1rnG9Ul~AOHd&00JNY0w4eaAOHd&00OrP0rvhs*8jIkZNW|u009sH0T2KI5C8!X
z009sH0T9?80j&SG#|=^-00JNY0w4eaAOHd&00JNY0w8cJ5eSg6F8-4o{o)4%KmY_l
z00ck)1V8`;KmY_l00cnbRY2elw~yQJ^1A|sa#k&@m21W`9=86+^Z&1c%0&@C00ck)
z1V8`;KmY_l00ck)1VCT|0&M+%ocmdhe>bo34+Q@{_`cv<g3ku;4*YT8djrn~++#mG
zW{gRrA0Pdp(Q~7FcK!EVg<TK$|Iq(Nzc}*OBkvf=jYNE(@%@zVs_(eZHT;3$w+zn>
z-#+xwq3;<|hQi)I^M1cK>wUoU|2#kEsd|pOzu^9``<vXS-C@^Xy58w3xCHM1QP$h~
znXC<QdyY-5ma9cU5R!^oH_D16hzTJf#S}r1<B}l7$A$Q~B!)$KGM<`@r6y!Kl}ree
zRl97WOIA|Egq(Jgji)79OiW(1%gTMSamRe)u~Z@^Pgd-*al5RLP$bDY-&isoPo*cz
zcG*~$tgMJJIp$<@Ocdl~a<XKXmHK2QM_DnRN+sh*izIuf#aUGJl5Xf~!6`FAPRLSf
zvS4PGD`#s|F&#rwf+UJm$e2TB$%%A=m<y8^?6NjPMM+3AK*|1mNmi1jc<ktT)6izV
z8yK3LNXcnIO2zacZuikC5+FNeg^qeDr(LP2dCe)8WGW@5#i=zCI@uJ8Ga;5<DHn3=
zvqIu}RZ|A3kmJc@Dw8J_XPPQvZ56e(@?}LW7+STY8u}$oxuk2CYmSykqLfUfS4qvW
zrWzY6Awj6983<0Ii9{lq6elziJ=7H4kQ9MRreeo)L)_kDQ#CDX=;ad8N_Dx=AlFS!
z$Z@hFaXi~2-ql(Oy|ecwC*o;Al#|C-dc?aLtSRo~z$6|QQ|ZKUwMX3EW@V9B#f6j;
ztC*aOCF93m*CTFkwz8N~M3LODud7K;#DtWPN*q^u#5)ZlA;@A<5tH$RlQ=niIwl_f
znjUd`MVsPO+fL$QQjQ6-^dgBLvQ^xMmCZn;Qj;&3ZE&Sf&QndNZ8e>wZdQs>|LRa$
zAuT4Ub9~+|+vOz#JLTkrKs{Vqo_x+O+vOtCpiVh4k&X$mgfzKqm+kToQ`V_dPE4d?
z)JUYsb9Py~b5KEPAQ2s$BQcRorjv4f@~mCf?in-;4d~EGRw9zg$!G1dcDEqM7|<jV
z6V!ZTNojJ)E^GG*OV+79Bqro^LXOKv7fJTeRI`3Ja0n8JCxm$Fu`@&5VR`DZnm1Iv
zpckogqn=$NN%m1$)eD-krq<T_-6BCPI3}fIQwyXa*{4BJ)Ld@-l2%<Q*R=7HT6E}l
znF=W#mmfJzD#TtD)OvGTK{HG%sONMxfyUMNQ_qlmrcXYlRJCH6I@_vN%F)19F0t|q
z)+8mQg;S(yxldD)ROISevV`4RQ7UD<WGEN3t4dM5q7<}J-WUK#OvjRo^Q7~|KAj0F
zU8SmJRVrYwffP}oaiUyuE;9`P(vx$f^+camnH90nET>YdXj%HK6><X<Nr~hWv!rOM
zPZ9ZhF1J-ZLOPy4b&~X)>C+P<Mi=ZQtXB$UHK!2Ag1S-|;1xnbj6eG{DOCFuN=mj|
zx!Uy4idHS^wHlGCDKtgQmJ0=I9CH|3nYRfvwoc8E-adz=>5Jv^9UYF$Qt5OecJe7w
zak9@eLCLPEB{pLywOn^aTT?IT<+`)?(g-G{AAgdRrF)f8=bTk5x}g^Im$YUx8eou=
zPCoer>FDzY8p@kxs%qqBIYl*SibvBRXGN)WGWl4B6!rB7G&b1!gBn>hKtm!fK0fVO
z9O}2ppPB_xSbyMLMJejIV^5tR9eoX&dQQ`qtVV1(cfF)vtPijznNA4{kCUdp1}(&!
zntGaZsca~v`UZ|k3k)gw<P_=bhaIEVa;2+>Fk9Y$VkV`OeEcy|bhNMLrPe%L$*G3w
zOgfR4h18=YeyC4;!(Kn0O2kw0!;cJc_Z*ut)O=nyXd=)VWMpc2G`NZMuWurdn4pD@
z97~ADN%~MndczE3w9t@J@rP+#Iy$wY)-=j4#`?}$O*0I=ly~GKr70&-I!00twxlFt
zTc+N-pqDN<87IjpDIp)7v_?QHrwvV$M4A8ykEVyXgYE7hTdtCYaX~R>{<*5UYAA+o
zIQLUxlC6oJN|Az@Ry9}(V$^!ueG!}MSGAf^)y*lklkFlQN~TUFNz>ULO{tdCS8Ik+
zsjn3D+M3mrH5$|gb)iBk9+%U&|G%xv4-f(Y5C8!X009sH0T2KI5C8!X0D)VI0M`Gv
zRCU2v5C8!X009sH0T2KI5C8!X009u#76GjPw}lNtAOHd&00JNY0w4eaAOHd&00JOz
zOA)~O|CXvQ7z+X*00JNY0w4eaAOHd&00JNY0^1@G7;134xZmf7e$n^V;h*q+hW6>3
za2rG4;C_T6yZ;^Q$$%ukrzdI$eO*`Amwch4M_t!1np+@PJ6R~~z;;E@ihU6aCl)eO
zi<$7^)Z??6aHQ{iBzz>I=OSU+*+<K3)$shO#qj*n>}>d%g_*gjh2`+c%yM{YY4Oy|
zJZYNC%r8C^j+9r<({?k8lN_DRmPr?F6l7ejXpU*Z3z;V}3z_*7nKR)??mTTB!?v*L
z2sLerhNoG&1=I4G`I*I;soB}(W@KiXa-z~~o<XO`ThkkjtuGFTo;={<%spdj7YhW|
z+%e4jZo<~7bd<N$(S5p+SYPmk4jgc;Cwr=<ljzi-%Gg#du+3y5;Y(_jcHgNUp-nxa
zo!VQPpE<phAw;!8J->0H=+ye@;n332LFHwemvn7hqKJJ_^Xo6KKVv%P8xNVK?@Q4a
zG1twa@BFrq<jdte?c7ykHAZ{x=&L&IGsQN*%9e9BR+21tSP>+)9aY63jMhdYSytQ*
zv<*^M^-F9Ys|}Nz#yB;VuvJN2t)aOg8QV?8EX5XGwlTJT$`_h@(A5|>oz$e+*)~RD
zd&f{qQ4&&4TuG!?d(O``>tbepI&&@@={egc9SNVB?@PrjZDtdRjyy&EulW;OKeNTg
zBzD@#GmQ)D8DHr2%dYi+SsptUwnI(N)-p=ITCP`W*1;?%ZSuBC+j4GAZl=5VTNCQf
z%)+uYX-3O5n)P4N#<T15zR-gYy4JIu*3+rJp89y)q2+WEZ>!z3Dy}mOupz+SP4^aS
ztByIjKIaRKkGs|ncS=^&O7#`h+|bA@n(cesp=`F(+bW#7k5Q*N$87y1wf%av&^ag4
z=1-lTA<A*SZSLf|gXRn{1q46<1V8`;zDfv~bI;qpN(zf&f&d7B00@8p2!H?xfB*=9
z00@A<S1AFk|G!Er9>oR$5C8!X009sH0T2KI5C8!X_^Kj+_5W8@b)&E#00JNY0w4ea
zAOHd&00JNY0$-&B*!thif1cyNL;-$400ck)1V8`;KmY_l00ck)1V8`;UQGnN9>2@u
z@o;{u|6fhjin4$J2!H?xfB*=900@8p2!H?xfIt@kuZQcb|2gdc*98Y(KmY_l00ck)
z1V8`;KmY_l00cnb)kYvd1#+?H|MB$ytF3BL9uNQl5C8!X009sH0T2KI5C8!X@VSP$
zKp^09v*-U^{1-X;#SaL800@8p2!H?xfB*=900@8p2!Oz=kAT<X^1Ipne?0&H>Z@Fo
z2n0X?1V8`;KmY_l00ck)1V8`;>;&-l|LipI83aH81V8`;KmY_l00ck)1V8`;UY!K6
z{(p7WD@p|dAOHd&00JNY0w4eaAOHd&00MRbc>do`1D`<v1V8`;KmY_l00ck)1V8`;
zK;YF$0Qdi2o%M=RfdB}A00@8p2!H?xfB*=900@A9odDMVb{hB$0w4eaAOHd&00JNY
z0w4eaAOHfdP6Al}zdGv`r2+vE009sH0T2KI5C8!X009sH0XqTq{(rzd&AF%fXM*ny
z{Q0hzM*h_Ii@v*u7l*#z`&ZtW`_En9%>5H3dbT6w{)x`#Tlkaf<SlIcPBOi5@A|X8
z(9%&?<G5bRX;%z2pVtkA9kiToXho&Ga$d_Cik?$6DVNNNxz)ZjXHG0+rWP~dnfd9=
zxp1WKyn~KN_|&{Z%1HP~q@7_Tx<0pF^@WZebzPq^)Rls^QYhyY7HB1-dX@6&i^w%i
zS)6)&HWQBYoo5;7xky+q8CqVehUZT$hUb@NXT#4d%*;(KEQe2Kmcvs^i>GGhNz+_r
ze(|AjBwMD`C8JXe2l<7}6Pbm~{E5t&-drncUSrv^qf#-dgfbEhPqXw3rj;}EGmA4*
zv$M<1$jmh5Nrhtx`wg{c)FIt0*Cu+Sjic+TFQgoEHBOt=eOb*Ls$S5GWLr(CY9*?3
zy<Aev2v+AYO<c_-lkq_byK8<>sy=mA^$$pHmW5ell4_*ZU*`*HWb%s}n!KtP46Ulv
zDq2<%vny&$62t)+e9hLZcG9@1;WnX2v@x-+_(E#T)mU<{-J+5$7YfwCOzJr$E3Kx~
z)uh&Kxta3CjjY~Cmy^wAdIq{Hd$Rbk^{?@TiezzdpvCn{p{(Y#oU(FNsn>`(`H7rM
z#&X%D>|pl`o7=sS#tp4^5Tr63T7S_OdY;NKGq4QVs-_xL1l3SdiB&a`&Gopr3F!IF
zO?ObVp~ao_)V=Lpe_<rlIB?9ht~prh&>U^vrL2~-YC)-#sVh@1Xjhe(6w9VoH9@JD
z^o!l~(AM-^vp`GpGpCo@9rl34onBze**X=yoq1QgrY_E=HNw7jmnRavcGvpzzR<B_
zt~Z`Ad;bAu4v1cE7PUDN3`o`NH~YKUjm85qoO<+2YBjs2R*#5+5N(emRF2Df&RFa3
zxarKArsvlT$5Xw9?`ThSDYr9gr;%j2E0NV1Y&v>$BWd>tn-5RXH|5r!^MztD*Eg0O
zYR1&$p#0oMHDb^H#%jaR4SRL;!ng^QWoyIX9CagxUexR!V6V(8o$9WaYI?q;<*W(E
ziKj9rPErTlllYP2VIkVn8m``m4od8#qsJ>Zx1}lIq^sADH&@n@XlZlmw>!1Y=41A0
zj#@X?%#o(qS~r>HFnZKNm74w%HPhBiZ-9}Vge}{;N5r;#d!}f&tm)<1a#d40ayMq?
znp&goqSc$kZJkN9v9!MI3%&lRYkkxlA3F2B*6h4BH8rkQ*mS8gMODOfBAZPoWQy&d
z)t~Ji*tV<J>hAlbS^0YmV;#J0V&AxZ{hTj!ik2PXfP#@yR-V=Ps=Sg+B>VDM+N=aU
z3N|p+N=fsEht|*1Y>kYvW@~+UQWaYZffns_T287$EZdiIaWm@%Y1+Wd9+5~C_y2d&
zN*cC+00@8p2!H?xfB*=900@8p2!O!NA%Ok=Zw^;z1pyEM0T2KI5C8!X009sH0T2Lz
zokRfZ|D9ADumuD_00ck)1V8`;KmY_l00ck)1a1xiJpX@lxI!xkfB*=900@8p2!H?x
zfB*=900`_P0$Bg=q}qTjAOHd&00JNY0w4eaAOHd&00JOza|mGle{;A(D+qu92!H?x
zfB*=900@8p2!H?x>?8tM|L>&QfGr>Z0w4eaAOHd&00JNY0w4eaAaHXCVEun{xI!xk
zfB*=900@8p2!H?xfB*=900`_P0$Bg=q}qTjAOHd&00JNY0w4eaAOHd&00JOza|mGl
ze{;A(D+qu92!H?xfB*=900@8p2!H?x>?8tM|L>&QfGr>Z0w4eaAOHd&00JNY0w4ea
zAaHXCVEun{xI!xkfB*=900@8p2!H?xfB*=900`_P0$Bg=q}qTjAOHd&00JNY0w4ea
zAOHd&00JOza|i^O+S_i9ZfFGo5C8!X009sH0T2KI5C8!X009u#83Y3UAL4@CEH`?`
zuGa_O9{9_#H;jI0<Y`}V=(~nq@cx|p*W3?sv;NO)&DLwrUt98pqEXkIE*k1eL0c_X
ziwX-?b*+%={#HA&keOP{gcqkCpUs3L-6tdABN06p3F{?8%WKu}{Hew8{L<`f_?d;7
zxv7Qa@X5?_cxq|!)XY4onaj*CJ`|4B%2h)tS94m`CP+ebs-UiDg-H04TFtJh)gzKD
zN838-v}vAVT&-xGG-9GFNmaX8*Q*-Yv{Eh??84c#vYypyk+7j%G3+OD+NxSF7|JEJ
zP`4@W&3sKOR1_xL$-6g6Ma^r9Baem56Pbm~{E5sN8$y<x5j4drMwN+1!_zG3f=PR3
zer9oIYIb(H8JU?T2-$+BmXwlO9As;>vH#jLzR>fBU5y#Nl+&)X>&(okpw|q&lvnhk
zWv!A;#<i7LJlU13+^qJQ`RUBL9-EbcDk9-i^F4`K0ejO&qSx}*PWeKI54*lT(CvZD
z#4bbX1N_ek-o}1tuY=2K-ca>Iwp`VemZmMyuhmx!-6(Xi7rH!fwOTGJYA#pRYUFH#
zT$%Ko*RmV<QckO7t9r%I%cXvoEvTg&t3$IwEuZZ5>OSTjIIMv>z%U)6X8A?4VQ=n@
zMtPI6GH-m)?v1%}wx+PaG``nNB_*t8RXHJdB`bA%W7oNUZ)~Zsys;~>vp1%%y>>V>
zci6?5&82p+pc|T^){V0H-88mivDl^X;<eM)qNXRmNi{vW>ulGTO1CF>o$KueI+f+r
zqdHXH&G6*BZYcHY2K{kw<#qSxub_`z(5Mj%YDz|#PAhAgN+XJLLAyFQrJmDDhEAgh
zjXW)FqLk`1-|*7>%;}{}w6T0G;tP$ByVkW<r7{OF-GR9+eeU{R?5o<Y)2w!D)Y_>n
zw^b<34u9)4-PEA;YU=f!O&V=<{p_^^zR<yguIqJs;cVq%AJ01$iJh^PhJF3A3)0eQ
zSGGwR*eqhLe3?O3E~{0dn(rU*%@pNAZVRc@f}vGQs-a)fluNpHnL6&?=|fAAcBMk|
z3&rHnJMD?m^y~j@Z3=d4rE1*1UiXDg9d$KC(}7nC<-EcIYERXxhMHH{e?6zHCUR10
zHIeO0u+ns==6s^>e6Iql@9s;+e9y`%5^YH9hA*U%Q7;ZKDqE&`X^AGA=2*+@6Vq9B
zRZ#owd);RC4c4`RseM9Zb?n+OSuOTi-RT*6yHzEZim3^8HP*(_POA<uyPcqabZjZ>
zF}p3n5cgUTiLR^HhI}DWbX_l+okqVY{W1COE~Gy}Z_l;$zVIf_-}=hlvFeqaIIWa(
zG*WfV+L&*69eu-WW@i7`Yn`HLLMpeiD!1vj(`E<wMms^jZ?u&4_(oe|pl^5_eWNYc
zZ`|4d-)M`#H@bZT&;Q?ALnf>R0T2KI5C8!X009sH0T2KI5CDPg5Ww^Q+o1*-5C8!X
z009sH0T2KI5C8!X009uVwFqGSe{0njtOWrO009sH0T2KI5C8!X009sHf$b2$^Z(nS
z1{n|l0T2KI5C8!X009sH0T2KI5V*An;Qs%uRbQ|c1V8`;KmY_l00ck)1V8`;KmY``
zLx8RSUBUNr^ot)5009sH0T2KI5C8!X009sH0T9^11lEtahUTshO(n19%f(Ceid@WJ
zy(pwE)WpI|@np4bXsf!Akk#j=*NV&MXN2b#FG%xeXRet4r|0##;?oySO)tyK=btFd
zNlWrvF(W-UJr`Sk>FM*Q7Awh_LV7KCZlQcG_Uuc~oqKv!J$qU|rO#ZM(J$-gq$kAO
zlWVKFbMu94A+0Z;ov%K3R=zNEzN|m@WMyron7cGvoWHbETDYp7ovAOMdsa|S$nA95
ztMdGcv`|>dJiWFo8HJVNX?^y@)2n8>C(>e8diLr$X>Bbl<tfjn&(BZK#GgB#m*y6;
z@j2<~wYlOG=jVzu@ww?GVSf7bOY`R+KR@@<6s4KE^4xS*T$UCt%#?)Vk|4#$1(|-s
zqC6Q-P0Fc>L_8@c<GBC7gIyb@fdB}A00@8p2!H?xfB*=900@A<D?|Y6|5pek)PMj8
zfB*=900@8p2!H?xfB*=9zz!yW{r`4w<-jx$009sH0T2KI5C8!X009sH0T6hF2w?sH
z3W0<g5C8!X009sH0T2KI5C8!X009u#!36O9{|>Gkm<9qM00JNY0w4eaAOHd&00JNY
z0<RDO-2Z=tKtc@&fB*=900@8p2!H?xfB*=900``00$Bg=;L3q%AOHd&00JNY0w4ea
zAOHd&00JQJ3K78b|E~~8r~v^G009sH0T2KI5C8!X009sHfgMaBFnSy3cl{&h`bYn7
z`S0-kyzic&OWt>Q9(7;u{Bu3R{R_8x<AoT#;Qdfb%JprnPdM%b0*#St&-y|qqpn6&
zFXgl=tL17@VZo}d6>>^N&1;IDQ{r+inOn(byH8h7EM%q@GvS%}>CCxsr2Ax_Y$SYY
zzBf@Md?eD$BNA;Sug86%e9YBQO<QVO*3io(rFk^d74({+m-32UY+9Cx%R*u$o^?p9
zcbn&sLK&#eGS)$aS==iXiLU3a$9$n!%yqqNs4E4{LC_(p&@^yy>hal3IO33^&8K2i
zsU9L>y<}*4ts0&`wHTgXnw<?lvoJF^wXhsMnOP1mWS+<@Wadv~&V(bE)x4qVg>1R1
znKi*Qk%DM=nk8B=bDWu<S)7@gon3B5W~Lt^E9xtTZWOdg_>x-9uBp`{k}O2q8B&VA
z;&-fK7CBg9)>h4`v@IL5QqEnCgbnSA(at>DIC)+2g)Sa<HR?_-V#Yc9i6~`bSuMHJ
z1Gz1+x}meQll6N{OR=NJwB?-L=Gy-2qAzs(xciN#oZO}@J;-RTv7raG<#(hTsfEg#
zx}q6+RxK#yYEG+0!Yk!+p<Ubmdajn!YT2q@VZBYC$L+uVfG_m?VOL|u#JN^3Y6=US
z-E2il2<iB0t}EHsb^BJ=xqgRgsjwWXE3vZ|tuI_Z=nEY_?7E&cy{Jp1>&qLu-KFc?
zj`WeQWLNX>^<iH~JK<`)XjXi)LuG?p%^V@Aqb%yR8XKXSLztq)Q(8KvB{xX>a<?yR
zkg`v!<q#W4w5yPH^y`z?hkT(ECtTNFHoam4xeZRezT0CqNXatabcC8(T0Au~Pdeu^
z^NZBJ%_&1pHPoJFN2i)h9fmxI0cKmnTv0a^Lod=uM;1^&RMgsCPn6@lpWX@cGuQwE
zAOHe4n*i?r-)zFr4+0<n0w4eaAOHd&00JNY0w4eaUwHy-{eO&mC&&LU{>}U>e_Qak
zf^Q4X2f4tz18ae!W1k#*=h&sOhe!Wq^!=l68J!*Fcm3L~Z{4-HE9CzJ|9|wq&VO*^
zuSR}&WOd{<zQ6MQgm2Av*YJCWmxu2g`jw%pLz4GX-XHcV-ciqoJa6^PddA!za=+|8
z>iV?nhg=2M1osKbcFRAHH716*gXyW}h3H&4TN4B!u4L7UZm0$QCGC<{T`AWzNs!{>
zLVR2j!=gMHPff<92`MhglKfa>+(AW5QFA$^DXf&#qE>TKAxcs@AsuTxL@JK<SRpBT
zNjG%5o5ikZJ4p+1S&~wT#)Bk%s7G3CN%sqi6X`UGNl!IiOM){kL3Ytw5ahI?Rw{+7
zO14}mH1C+3chl%LxuYssPAB3IH=?9U>`|4n?l}-gwWgF;9mR!IT1w0`j*$4t9`U3l
zUMSNYJxwv6AgC#&vQerR3QoFGi9|Y)e7bR%bj|hXN;v7Nlq>ZDU8{FgCZtnIX{zxW
zQg*CIne3p<Nk>wSCt~U2jYFg()}tfdsvpHFpObtdnNCXLvBm==-}a7XHN~28O0k^N
z9C65LF`Y^rYaDctmdp|q%6YA1RIfVaEhl2hl<-(1LelN_(ac*^47GNlW)M1ZlVXvS
zIH`!oWASwSbmIW2c)q9jf^xZBy|7v+UskHxdGa$Yrx<0Wq-nXDLXQcQ@=gs#oQS1j
zQbL+;gh}UAx6XLlX4WdTo!S~HU2!a3Oi0RNYPzxCK~2hRx;brCtrv{8nGVfYoS@bl
zkEI@O+)rwb_gIrO)wD}#R+FO=F%eHC;?s?N4z?tenof{e|3RFJ<xBM0(ffsobV`cF
zq-PrUk(%WmTVzG0JB#^}QZJFWT~PAXa=pUth*h*|^QL2e1(HgMXiIaAy`=I?kIJ}N
zyc^S(O35)noNU}n`o??onf`pC*~*=aNePKWJaMjZ4+-l%!mO*Lr;U{6z0<08NjGn#
zQcqSTW;rEarW@k~PjzrqVInCDLP}5?ca!SNJ*q_umc2XdK&y52@Jgjnuc{7hk#dlP
zcp`nO5gOtSEwyq`b49&G!;Pq9s~T%dW`v?<vs$gD*m7~gkw^=2DwS#6HN@RBH)W{#
zyl#-L7`1_XUdxf!6q_}qU#!zZSB#INo|sJCW~{Mih}(B)szy1}9cVTPZZLod6A6J@
zcItTJ&LM8^F_JQ$tRfjnQR~!<B|%IGNg=67F(KiUtDKUPiTLrx?jCv3CZCXE3XMl`
zC;50hC5egSjXQeeg)VtX5fgISNj@g0sXmT3Zts>CXz**>pOBb*+%f-{AWQMYWaG9W
zZqKnP_TU2*K4BBysPHsqlQ&E@c)Kt)QCrS~OD?8k63svwLAx+DMw{^9Vv7keo`_F2
z0(N1Vs`Lmumsyk&i4^5LW*4?sctS`hlH?4Wo?@X=Pc}yF!d<m3$ch+~V@|b2o*s{r
z@GiS>S5=$BlC!Xs6llKI@Y{sD>RFaVW_G`DEIpBy<z!5Lq%lImCz|yvqy{{&(`Py<
zpxKQOr!LQD&z**bHgQ=@Dq=F;-%6M;HO+)H*%-D9+r7*bPKb`C({K={saa!)gkvq!
zWxMI63pFQ`lT=k{auTmSSG$L?T!pyM-!RDJWP+y8>B)x2E^PNOQ#eKw=iUi52`AFB
z7>g$xZW5MTCQGf}k+m{5W;sd9X@OkiXv0O4hgy<@doapN7KKEb=64+R$nE)!`81B%
zi*CLEARX~!QclOF-r%Hy8pfsz08$a7iFi7m{5n$6p24@Q*wB6{o|fZs=Ji9|c-#Cc
z_4`%oi&^(AZ($8X`BPt#OvFxoEvacwneA%g^th}+(*|=8F^5-UO;JlZb6(<969PGH
zIyL(;DSWau(AgEnl%je;v!*rHL&0pYVh_1GY9m(^<C&KRm2yjzQxj>kfgQU_YTA_T
zMr}YkHIYgsQc3aQE96>_PO-W%$2s=FvOinU)RH+x>n{OG(*Ty1CNG=qp()+z_tK(B
zeUV7Bd?(ptB1w&V@{(P))9s}MNu-`DCiIVRvD8FTpb<DZS+~h{^?E5WPWj4?`6d!_
zGMSh(?6Nc~ZueOO2RF)>Mi??0`~PkE5(E;000@8p2!H?xfB*=900@8p2!OyXO91Qt
zTej+8I0%3M2!H?xfB*=900@8p2!H?xY?%Po|64|dgdhL{AOHd&00JNY0w4eaAOHd&
zaLW?F`u~=#Iv5TDAOHd&00JNY0w4eaAOHd&00LVkfc5{DQ6V7+fB*=900@8p2!H?x
zfB*=900`W&1hD?UWvdQ`g8&GC00@8p2!H?xfB*=900@A<mI<)G|Hs|7<>W{R0w4ea
zAOHd&00JNY0w4eaAOHd&a0?P(_y1k|7diUH4+ww&2!H?xfB*=900@8p2!H?xfWWJd
zfY-yhJna6zi+>YGzxV+G5C8!X009sH0T2KI5C8!X009uVsRXWghPi!QL#@?U4BaSb
z&%Ycou2!_jWH?e$t7^WgR@Nd9g(H{LLfwpgxbnz?Rx`>~Exc6HjqoCUdH87M5tc~L
zF}anTkdv}8c|4&e660|xofua|EjFG^3sP)FT#cubQsnh7TKE6|h~xk0rWO#&K>!3m
z00ck)1V8`;KmY_l00ck)1a1<6gPu8m@@l?Zyi~8q#r)NaLh3?IEW8v?R_lhgstXBO
z#ryv^2|m<<00@8p2!H?xfB*=900@8p2!Oy2B4FMB|8tK2^BrUqOaTE9009sH0T2KI
z5C8!X009sH0T8%B0{c8ueo2tx<AO}TVNsrprzYjpL?WJ)lX3k0zZ=Af<RAb7AOHd&
z00JNY0w4eaAOHd&a0?O$xWB;da!0t}Rrh<{kwA6yJ9oX?|5^VdBX9Nn7uO~0ANME0
zA9O!pD_pST{($Z4;E$B>KMX$muW%+<;=c1=A)6b`f}sD{jmmtb(l_>8Px?Y<qV7go
zFXgl=x$|l%Ush^bt)`btigu-<S2ZQ48k(ZY*@Tox#JZDk>n9d6Q;V7K%=~obTsYEw
z)=@zud}_WoVI+JcV#_QNefWA}ICLuN=1j9{7YjNwp>CAT?@CWLV)u9M-vmqEpZ!WP
zMZO>a0wAy*0*%G%kN85DkGs}gW=D5f%^Rv-$kJXwN=40URqc{)_RMOfQY~N7atig<
z1^p8BjfSGh33WA_NDdM@*4<SPN~Ub2+v>ariL!3oK{^s`2-lDMLdtPh<MhVms@Jrt
zqURJTE~InPYJ5;m!WPTYt8a7rn-ZqY4{yn4Rx!-xTwD^fSur=r=7+XubFaS5ZEi}C
z&FSmMd?AfEzqm2yY*nK{J;&T8kx0vNEw(bq><71Kwu8#eE$;}C@ww}hBcX<iynoNe
z*3(v6McrWbua>Jyv7FPYs=+2K*+fdx;_>XDvP8C6mQ6F*ykvt^M55QuUQhc%$B(<;
z^r)e(6tqFc4vOdA*eu23)Z??6aAZ(A)*5NQu&`b-H0nCS^QRWW^Gma{;b#_R=B5^w
z!zVM#;i;v?Q#13Va4s{yNE?g|G&{UfE*IK5D5b6H!fb|U=tZsTe3|ks8Or%uxfBT-
z+7-iow&k+@)-7b7$Sh>$Ph`&Y7p+;OXn2|>S}@B$Ge5I9Gc`NA+>FdjlX0z9+)>X8
zZdXl{$u)%~+p<olp3PQr${^afay>;Z960J;KW@6Pq2}|tp|FFNqd9C*$u_aDJ>Xcc
zQC>N(WexU;60t*kWhI?dQ<_pQ=@<LtxogeJUz(pez0{s}_ochRd@O(N)56&F7|eE|
zYun7eSY}6}e2g1yj(Ls5b=en+MqTTNO%Ly$o_Bw{(Cy6KCt3cj#mEKiY9xF~t!CHM
z>XEn*ZF`g5pUIw9dh$uN-|y_J3|r+jn?{rh@T=PyxOb$Cx&QyzhdKJi4+ww&2!H?x
zfB*=900@8p2;3S3-V}HFxsj=F9H)czxO04563xe*)00wSLKc%^BK2~la)EY7kI@>i
zq8e*#qjW(KME0MpQ*&CyjFjkesb0*k=>@i#x<Frzs#>ZQtV>92nMsnV*h)4l(Vpt*
zY&JI@PsG&mv=B>-i&<IIWK|GW#2nLFC}-6I+qPX~df5K%O!}#EQDav)%zUfrDqR6^
zI#nyw^DOxqC1*+POKpm0C1DqL>7!AtYxHeRt<hzHN`0lE*VgFr7p;X$d96kXR@Fj{
zrKnd6bfwrT{ZXd(C{tX%T%rpdli^amP@u0ht=ut)ov*ExFDrUUDQcy<U0Y3K>un{c
z)v{H+!Y;9qk_eONTzBrMZLY0Vqc@6iZW&0xE@=G`bS1JQWu;M8SWPrdUe&8LL+O;f
zE4jMCDT8*;SK8OjZ5OTDs?F=?trVRc)q+m6%d4Fjx;ECX#`b4oL6u?XCAxT1WL4hQ
zyHd`XuJruNFPJ<2zd)y6=<NCb0%3f?+V$T$Gicv`E1{mVQf+1L{}*WU|H$h-?D>B;
z|9Ou85(W4H0T2KI5C8!X009sH0T2KI5C8!Xcr_95di*Yr$K&_2`~N=v$2tCU{3rO2
z^1sFZ68~QMiXRXF0T2KI5C8!X009sH0T2KI5CDO%7=cmW5a;*bQ!lZnAN<4Y%O3V|
z*U%8>^6zo8_ecC*_IbBk&E>{CEXCgD6A^y5nVzK?aj}oPDM=upa$~OV;6{IA*MIc?
z?~yO~-ZuP)!_!0G=Y50czqx<Q^&PE$+{d}!-A=LH#&)D`j?BAmj@p}`bv<?c1@rZ<
z>#n}nzb==n7gh`9%k0@9`)ghHc<!6K-<TPcj=eiG_$@2@J7D(LqU_qtCz!04$TolD
zs%0X*!sPJE*`O?1Qd@foi@hSa><c~lq<cNn$1Yzj*DKaLT57>iYZvTA={w1N!(fVi
ziJ5gwqf#;0+o=xa+X_ymVXNhwx_-_Vl4bY$!M<{~klBmZisRloxKyn)O%pnA#%<-b
zz>-Q&sI}j|l4QB_`V~C@rDhHGm|FKMg3<N+uRrSxjgPyomHP_OTR-f(G}v|<x|?n{
zmB;=Zo^yTM{ki$dnq6qC)x7`uk}tG8?rLQEUU;ps9WScoGClOxe7{%|q}7$Q-1TxR
zOLer#t+@q<-7f|!>3@NhrDb;8^Q4z@cVA!hg-(-+va^Y6<(k2~LrEuABw;0<=*|B%
zo0!+9V6bVeq-0j&`WbrBnas*>VpgSGH57^MU6M-*<~x<W1|Dh}*!@OjZz`pgxzew3
z3l@`CF}X-|UA?|wwu<ZZzE;7ipf}$~2e*n=jcwW^^}giWD$3v%ZQ9z`)Tj`8jh+Tw
zRqF*qv9j-dEx5~l`ZRRCf@?484UIJ{XJvyfDcYF5e%co*o^&;eeePlQ?ku~CRxRq*
zMmMb{mK6Vgd*=e*#&O^IUAzGjfL}8F&;tTRQ7}aj?}ucHrYOp$B~h{@+Ex-90f8k2
z3j`<t)Wea}t}NP4;<QPcw29lMN!vWzyxcZTlQd3~G)>=E-?g7>E^V5A?yh%fdrdFb
zq?h>G`_Js`?(72~rP!&&{#n;CX8-^H{{G*Yox$!7W?)`#GE?T2+1SUsH)$Jd?E+S#
zTbqlG7r7LfENJdWE+6$qnvl<#HRVI&kslM!R}y(Cmrt&e(AFzU$P#|d8L6Id9gJQ+
z0zZ|G9~3VwUs+CSWpVXKe@vYy6bp0J`GVylx1k$d^_sVFDyizV8tp0J%At@>Lh0<u
z6l+s(SU4bfdBz(#c+jyDwsajfa#yKy;py%@i%qnv`r4oZv-!rvkD&Co_|$f711HDn
z73yKk?Delc+z-#;*W!+!dj;+gFeDOqIS45G|9xKwfB)r(hB1%;5<mh-00|%gB!C2v
z01`j~NB{{SfoqI_%PIQZbp5~Z-w5yz{viP*fCP{L5<mh-00|%gB!C2v01`j~*EfNP
z=n~TY!^$ow%~m_APJ&kM|6hXj|E})@Q9Tks0!RP}AOR$R1dsp{Kmter2_OL^U{Amy
zIs`KRU%0{kIF=#-B!C2v01`j~NB{{S0VIF~kN^@u0_%eS-v6(Udc-V{01`j~NB{{S
z0VIF~kN^@u0!RP}^dg|l|Ht+JdNIOdNB{{S0VIF~kN^@u0!RP}AOR$R1g>KOPSGj&
zgT5spD849!j|czU^MCsH_8krUwEwHVcf0?_^{<XMh5ki+Q51!{g-7l3^ew^0f%tcg
z5s<T&&wC@~afdu>*)vDo->uy#!|q7xCONrEF_$XjQv7Bx220`D?tA|j3@st8``Z}o
z4I3C;Ub=kN8yO#WJhN!oy2jwuUFUP%x2rKkxT=k6DlG}9RZHbgELw&C>eLpc=nUH#
z54M}BEVo)xqf;Uq(Ula!hF!O24;_lK{loZ;ZTM`6EA_lq_PA+DXO^Wl$$IXBahE%i
z4W9<xpJ%x(wbm?Mtr25fb*Di-Hjha4TJvcL&*iqhjaio8od-6HY<eRXW*wK@mWzdM
zHl(hTLMxS)wDm2XQc^B6mrKs``nq`uKi~Zt>gHoTll6M)=1cg{V+3#flK*l8cG9{L
z61DEp*DZu{dIJI2F05EC!rqROb^kMiA&uD<-g~u48-j6Xy$S%PPypln<psLC>Pq+B
zRY`sG)v7i-QZBq}^=^jPu_kKWev01-)V%Lro9so{Y*opHRBLpk1*sLCfr||~7}^F6
zUCL?~3#Z~5*_}1?oUm){119W)y9mv81e)!+E4)5UwXR=Eb8}fq%1d+hTfiCISR;N9
ztM2ZbKVI1tM6Jordj=^lL(7IXqQ-{(0LL!Zy^)16hg`Ox<6Cn{{Xi8J^GW!>Y}cm$
zbKNg!H4bg2>IXikHAB@(ZKvvI+Gokh%cs4O5+v|I?*!O&QL0G!d@?t0*d9}jNNj|k
zU88t&z}1B_51{_o<;S4KiervTTY9Tjl@UVf2{Te9U(ThhZBsR-Y5dHp?U6S()UWM{
zR!>ijN9u*^h~iI1F4w$~+1akU4cc5zeADW7-3UL;QamxS@6c2<wichO>TRt8uBd;t
zxDyeSG1~=t^<G!IVD;YKu2;X(?GMT2KeyWDPj3LYx-DgM^YG8SVSirrI58I9zWNo^
zHE8!{MqCIv^;Goohf$)s_L1W1ERS72=ZQ$;4uM{(?K5?<X)K^_($6Kn*{Rx;FZPDb
zQVoZMUzFpQABBEv#IE0>ZG+zhnq2*<OtCyym@|B%q8Iuby3_6%$V!@+6T+rb$Kp8u
z|LR%}dLaQMfCP{L5<mh-00|%gB!C2v01~*K2;lwy^;BD^6$u~#B!C2v01`j~NB{{S
z0VIF~kigXu!2AEJ<Az>H00|%gB!C2v01`j~NB{{S0VIF~t|tOy{Xg9Q?|P~+)QSX<
z01`j~NB{{S0VIF~kN^@u0!ZM>36S^yV)!Ki{=q*afCP{L5<mh-00|%gB!C2v01`j~
zNMIcja60{dod3TLD;85i0!RP}AOR$R1dsp{Kmter2_OL^U?PC`|0W>#5eXmxB!C2v
z01`j~NB{{S0VIF~kia@5fcO9Fuu?H4B!C2v01`j~NB{{S0VIF~kN^@u0ww}@|8D|<
zACUkOKmter2_OL^fCP{L5<mh-012!^0%ZMvG5mi8_y_-x01`j~NB{{S0VIF~kN^@u
z0!RP}Ac6Hpz%9B3pWl!B|E;%*#e9$e5<mh-00|%gB!C2v01`j~NB{{~2`KOXzbAyh
zXFY}`NB{{S0VIF~kN^@u0!RP}AOR$R1dzb>PQWF)1ZDp}G5mc2{=q*afCP{L5<mh-
z00|%gB!C2v01`j~NMQXDaJl^I{r^is_@(uiAZCOFkN^@u0!RP}AOR$R1dsp{Kmter
z2?&DIsr>#wB>sUA9t}Mfd_&-(|1-Yt`ewXOdw$pThps!FGY(n&1F=tdP)vx4-poXw
z;HMVi6YxLc+1}Q8^yMcYCs#b)NNLO=KTvB_rSs>?3!QSUUTL<Z(o%Ursy7#;MyGXw
zekj$dr9vi`k<zJrH$&lrlgFkePE19oXZBA$9F29evjmJqkIZy8k41OHh#rs-i_6n1
zZf~RsqR;deU1>HtAivbPutYpd`HYm$Cko|mqJ$5uQGB<+t0!Udq{+ChD4EKsa$`ZN
zmWsvsRK8r5x+e4fD@?{5c<sqBPe^9hiqji;1Zw7R@0uxBI<;n_R7qtLg=DeNHHY`D
zF$Yt;)uk&AvG|kcR~+8R*qGyKu~VL_ccs}?;V&?SCnokCn(Ezvq3uR%&>|P4R&?gb
ziRjGip+nK5$EFWY96K33ICU~QF?-_3^b7<%JT-G-XEatX&q?)Iv?HDGXbw=!v`5dD
zTR^_GBbCj@`Qz1cr(Alh-E3H0JGDir-6=0F#iC#(k&nEm+B($=jm|Zjb>5&V)uoOE
zd6*BVp6pWN5+z9<n>sLcY-(n5>UcC(eGJ-fv&1`)tD9Wd(f!2k7$rG9Gks!u;?SX!
ztZ-^SWUh7r7L0JLC7rFcNux4ghO@)5<+jwal*i@WE21~Dkax&sOKa_v+ou6kM=H(N
z8nyN*xZvh4kUk`to-Y<ssUqJXG-KhN-P@~X)Gea5(P}OPkWmL*Ym+O2H?j!o7kj8b
z*KD1huQ$(?lw=@*Vk%uM=kr<n1b%8Q33Ly-N)8rBNMrEwk9Z>|A&sdXX%G^GekGmD
z=PT)qz4)J8i+FRWRU|WW5PHw$*Lx$UL1?XqP})MdrdTS@XH%6z!O*d2^(wq$EsDFw
zTt&Ls4{{j0{De1BgB+wDIq;Vzfu1PmvxWI;#UA=w){;WEkgH^1a*M^E@?XB_jpXx=
zH;r1lYmKVC&Yxg9Z8~brlXXOv?xklhO|Govc1-Jzvk60Q42N6LWtPev`#x8@u8jst
z$7Kd!Rra!Wtz5(9dT@29;!njhChbi1Tys~hURS*{;!i_7)*Rm2)2#hOsxR#_*L+5;
z9_cv2;WH0_<>k()5*d-!9J<n6T!injrr|s;KXUnX-pJ&*<I*I(nwJ~3Gt2Nrw^3SZ
zH5Xb^yIoRK;W?^hG(F*M?6R1hnSNka``X?kl=YG|1SCn(j)xBD58VgjK9s1}$XIlU
zlQ$GSaxBUpYe-VHT~fY%w1?vI#O24KyBfFat_&yD@}wj5e6o<v7v{U?{MPPW*6Lx`
zkiQxP)Igtm`0@pB<P0RSZ0U1VLs}K3mIT$;CVhqSRU?xqCgv*TboWHwyw*gzg<eB4
zCf8V;?Efdi%YS_T|MK6DV?-o?1dsp{Kmter2_OL^fCP{L5<mji0s$wy|5xt+@%R7N
zLVchHB!C2v01`j~NB{{S0VIF~kN^@u0<Qo8{Qdtc02M<b0VIF~kN^@u0!RP}AOR$R
z1dsp{xYh{h@BeZB|Fu>(s0Rrk0VIF~kN^@u0!RP}AOR$R1dzbXMS$G@2O*dv{5m20
zdH5IpAps<S1dsp{Kmter2_OL^fCP{L5<mhkH-Sk<zp!a|!-U@_ihlon%|(eUwaC^7
z+_khkSBIsF8_V^2Dv`>JBr+qZWHg!Gohj~4<#xf!=f!N!>D((qkii?f1d*z>PAq2U
zpUuG9?**rm{Qh6K;pI*Z;~@bgfCP{L5<mh-00|%gB!C2v01`j~*AfA8|L+KYO$dJr
z{)K-?00|%gB!C2v01`j~NB{{S0VIF~kid0E;AZErXqryo2s;P;Y8jawpxpm|7xw=P
zfA_je5CtOvB!C2v01`j~NB{{S0VIF~kN^@u0=)>hoPN=vuK(u<|C12@KKu*+kN^@u
z0!RP}AOR$R1dsp{Kmter2_S*>L%{76MW@5%6#ew~|9JnueySETK>|ns2_OL^fCP{L
z5<mh-00|%gB%l$n-2dbJe~k_P2NFO6NB{{S0VIF~kN^@u0!RP}Ac6Hmz%>6K@Bi0N
z)nX<{00|%gB!C2v01`j~NB{{S0VIF~Gy>ZFe-Mhq@OK3G2mg=&5<mh-00|%gB!C2v
z01`j~NB{{SfptZ|Cpv|Q)EHTqBkTW*u=GE!{=cp&7?VK)NB{{S0VIF~kN^@u0!RP}
zAOR#m2>6^4zjpucAou^c{~xvtB!C2v01`j~NB{{S0VIF~kN^@u0_%-{%PELXr&I8g
z_y58T>n%OZ2MHhnB!C2v01`j~NB{{S0VIF~kN^_k2?X5-gpeaIIR4I&cm25QzQAh(
zoBZRxU-kLCXFQ+v1l^B0KjL~P{6^qcc&}Cd+xcHsF<9$i_hay&;+6PwA8>r~m5BTA
zC8nHQ@p&VqF^Bv>tx=WEpDQnP%C&l>*^)|2<prtUT#y=_)`ik?TWXbR)lx2zsZ{2x
zg>HtzhbNCsO`MpDPS5P0dN>;EW@iZ)iyoQjZXS#7h%pJVxIDJv^+pyzbh)?amUOn(
zt~DD(cp;HVSCff!H$lRO)+pRA=<4D*FGwJ=vfCRuKH`vzwh5H#%}Tj05!vZVUP>p*
zIkRlxsorvJLfDHWWVO@9;`>(up2$N<hd_n3&(v!jsZ?I>H0kFOFN1j{t!2V5%jp%r
zH<C;`E`>Ygxw>Svv6cwG#8NsjvG357u`MX)B3f(JShUvYNDERcI&<VibY}L@q3F?L
z(}yRHos1rwIvJgqJ#l1u20|U4nmMsE8mpHZ3(L@yOO<9-ibc<sTa{Dg){bN%5!VCE
z&P+crI~9k^e%or7zPx3n=#88l5#_0_m3LaImgX*y`kSlF6>_OemQR;lSO-_HK5LMk
zHK>_G`x;&;cq3(yINL>H?W|Pdnq;Y%PRvycsgzmf{j16B7O00*lMBdAuH?ND3FJOv
zFL%DyYIjOY%X9Tw`xKxpcS@<bY_*z8=goreT19Y=P~9b4oj~->D>-lE0T7+F7u`J9
zP`b?dx%qr0owl&uv5HhnfbIfSQ;@Y|B?}!o$g=Oy;VOWOr_m{OE-cXwrjjaTQkm+!
z8RXC^>bk}0F4E)yTD>b7Z)6&@4%#DZ*OwPcQofQ*&J`>IeX9sGICob?%s|SkR?^<c
z6C>iKh`p3ftK4YU%N;VBoR%(d-D`0!kx9;#tEJ^e?TneCmx)yRmu`b%X^qjlXJHBu
zBmJH_hQ#9ctfV|-xLHG|PWq;jp-U$v!YAIeaV6=EjEp$mQL}XD#KN4o@Nt&8O=nK*
zuc|9wDtAulJ$Ndcwe;YScU4*<R_YkB+-TPp8d6p7>nHD<nmh<22{YU~7EQ##ud%#X
zIaRB3!%KHp-B$JP)H-!;bTMdy;Ix%#V~_c09lFF=bgtQ~YbwF#RJjdpO7Hbx*lH|D
zZL8sOs}5h*NYWkYe1{LwmYSv2l$~mxE7cmMMX9lD6T2;u@v>Bv+Lcyqi8O!fSr(cl
zk^ywfv1qm2kvg?SiH^&VgmiwX2Hz#S9|GRy#LXRrR+rj%e{AZ&)Um0V$*JQ|-;V*7
zrlDVBjVm7APwbA-uM^WV(<i1U4jnql3a9piI<4Q-PeHy;@ZsUR&nfz4b<IKH!h^Bc
zniljP5)5P7uv=+KP(nsCD>j=E$AXqJ*P<D|7nzeVU!AJg+H)$K24Jh?YO6dC!%FY#
zKw)E>GCM@SHtCly{d)I<)rYxnjMDFa>6G4iKugejOT8(m-!A#n^CT6YH8U*NYj8z3
z=izH%kNo%(a2@3;Z8=WX|8s=?MF@W!{)K-?00|%gB!C2v01`j~NB{{S0VIF~)+GUX
z)VWF6B>FaO@cV8L`ru~RCknoa3ID_<K{)Ie5{U%7?@1&b_ca$Ka#wu{{&$rA%b7}~
zG9!u1NGcgkW_M?byHmMc*<?PME7%>$C5x$is{0Z31cmfmrIM1;#Y&}`$)(H1L^_wO
zWF;wEP9)}%)fsV<u)*)&0D{AcV87rab+bVee5~2*wBY|o$$u2n)odc2PDr_ACR44X
ziaGdPE|im%VmY0xq{;k$NBD1r@IS-9@DB+f0VIF~kN^@u0!RP}AOR$R1dsp{xZVl$
zJ2#2y0}ZFwxxr69;P3yh_i9D`NB{{S0VIF~kN^@u0!RP}AOR$R1Xd@2_y4OiLJK5-
z1dsp{Kmter2_OL^fCP{L5<mjiI|1_h|IOZqgz#s=<*+aGC!sfo#)IDvem?lRV6Ojv
z_P?Y5V1J<R*ZVH^<pbXeJO`@-hWx+hf6AZqeZ%)w-y!e!yuSg?_=g0L01`j~NB{{C
z0wwv7TNpSu!L7<eX4{q8XO_!!DMI*=D=8~;(FIdW>SA1_4lKO|%W;+FYf`;x`oUmf
zcP70nUrgsy>Amtnw=k4c&rn;0UnjQB=SU@O1LTXDLh6WozgrlbRRfS!Qi*?&E?TwJ
zYR=bSCDF4|Yp&UrN{#X&EbLleZk6k{5p&5@F|kjchKPI25etTh<+J5Zxn&z9k<R2(
zhvoYq$OGmec|(xOa;rrbBZL*hN{=@il3l!9I*~6H4$Jr2#mgDuEw!Y1sRe6lsf&Kv
z#mg285b>CN0OGyctS?(yET1N8W0KXnstPYw`K9)fRH@C^Dz-s$sbnEPAx}ZjqB&@$
zR4FgPx_R~5;}WY0+Zd@-p^%u6_uIutm&(<up&r|IF*49n62&9(B*d_^iIgQq36?V?
zErzudyNKyrv6xQf<$Vxw(41KkmX51+YWA%uRm`SSiR1DFG;j^HvY;F^&`jyfveddz
zh2@4XoT_!&hTM9z(Nro|Oegot_dwJ!RgV@m4OO?;gvIEjYOT|3wM$F2%4xf_pe&Kk
z?UTnLj8<V<7%M4T+R03|n9mgCy%0oWqXp>+Cy~o!^Vy^Fm|GY*qNV{&7go!wbjSsq
zgG`i9z?iHR2bb?+`FyD^H5NLjtSO~-6^n^XF1J^{8`M}jlvJv;yi{+Ns}Pj*F}4A+
zsbns5ue=AUdP>za-)t=sJsE4`>DG~elq9Sun|?sv4N@LbBT0*MQk8_tvP<bgsdH+1
zajpSPfcBfc(}Q(%Q<?nzauH%qTViHPH2m6HQEFEqRfN{LPcA?(t@<^A>9t(25G0XF
z<&yj4yls#*wV~9md@hwu6bf<<f@p0>Q_`aifomF?Uv5Iq!WgA>*VSeP7$*}Y_>W~+
z)sc)qFap48lD3T|pG+r<nS*i$VrcD9i2-AX7Gq5VNNQIulgZ?u3rkxSB?@{ps;CXU
zp<OG?7IP_BGFeVRjIC-tGevn=r?O?=c(bsoW-9%loCG(?<d!X!>m68)SG@wr;>>h8
zap?Z4Qe7fzTvy2AmUenFaEWL056KA#ykH6pV}En$f}Yrt)LN{y$(rMB@&%yMtk>ak
zCLir0ldiRx+9!`fWUVV>nP&B%dK9}LsbU7cNs#-0-2ab2z&|8_1dsp{Kmter2_OL^
zfCP{L5<mj$mq0M^L7`792;oxje*f3~JG^zz``k~u-tG9R_-(Nex+UljexdI_1pZs#
zYd-)3ILCkd0o<=eS2@4(s5ep>7v+=u#y{$#*S7u;wpp*zT~<nSbLlKRh@4}u1+1p$
zZFeTJ+LbIJ4IBJe9mrM_st@d0R9Sfh_ADAV?O9}X)6df;ySc%xWcflG9;Q~|WsJUO
zk=5^9ug#0B=Bu3MN^*k@IhfQ~{K<P(UgM37k2{_U@;eV%&)>B^giqV<MP!Y@w(_v<
z0McuJIjusvZtqirw-E4Lu-t%$vDR&2R2j<a!&hK$5DuoES+5;p2>LbeYNE-n*BYn0
zY|a#y%PX&jraI}k6y&cm<z=V#RF;0!K55Tr$>xpOBD|R>6j>G9`3b*ad)3*Q_B@55
znc8_1GM4AaP;K!`n^#`tjZ98Do}Azts$Gm;dHlL<W3`KNRn3(=dgrQ%-vtpGid|ye
z8_gB&jTDzBS5A5(r_&C(%{K$(We0nIL*Ad0_dw@rRoHl`P)-%0qk>n@dPl{Z3%}B<
zkK!%07fd#R4Ry{t(YkKc$#!a*Cg_n0D-U}k>9pgi4SYrOj;w<DBH>fE70a7kRfPhu
z?)9mwj<y%eb+|@he=xZAAtAB>pzfIDcEf~&r#g!e)x4b;+uX@qOqxNnMc<WMec;XV
z*;*Cey^yH~*2A<mjN2iR(@V95Q_xqco47H_b+QZ9@)Fr&47O0xw;E#`HIbzF_lbIT
z%7$x@cN{h*orUo}>oAV@<fV(<3l}n2rqYE%5?<1=IyIOI&)fDo1{>}z5FgIa=nM{|
z8R+kP$aYb2d1~c^H_`;zXZS0};AY#cCG)9lVJ@TY=x1;cKDq|+Ha$W~4ca>e8_yW*
zu<H2vYw>#^YC-}Efy+0p9QQ`DS;y0peD7|!a%{VTU$gDs4SrYE!LPEVo^e1oY-<c1
zqWva=dWUIuks7+)A8<27V?U-xUTtqZ-H$O_Wdl4&Rhv|xj~n_9p5*(ky74DxsBYg$
zi^voSeay&kBVt_Mw6ez=c?fpwp5XgmZJ%_QU!ZO7SAsconQS&;+3;8Rh;4t{JBXo=
z)l3N#?vydQ{~x~p$36@RAOR$R1dsp{Kmter2_OL^fCP}h`X+$$|JQf@Vs=OX2_OL^
zfCP{L5<mh-00|%gB!C160bKtd+W`_l0!RP}AOR$R1dsp{Kmter2_S*>PXOQlum3v6
z43Pj5Kmter2_OL^fCP{L5<mh-014pzKehoRfCP{L5<mh-00|%gB!C2v01`j~>z@G5
z|6l)gj2R*UB!C2v01`j~NB{{S0VIF~kN^_E_y5=ikN^@u0!RP}AOR$R1dsp{Kmter
z39Nqt`2K(W*D+>@1dsp{Kmter2_OL^fCP{L5<mh-0Pp{?4Ilv|fCP{L5<mh-00|%g
zB!C2v01{aL1cIJfq2IMAghxWl{m=A|_jv+$20!Y1()&B!kZaNN8P6;j;NP`R!1KK8
z*=t|r8Wnn;cfPPjQ#8BQ33#3t|F@#?$?8)sZ)9xD@zlvqd9E&<D=&1)wfb^fYPCz`
z-%G9Le64%A@WshvQxhkqq9-Qy9h!>9y7|YVJ7TqJELv-Hqy?!JojGzMIx~CdQ1s}r
z>BAGpPDT$-os3S*o;Wf+0|5_D&79a7jkTBO7Hgf3R4p}{o!We@Qts56jdm<L*KF3c
z5MWqd0-0x5w`)m{NtHFkBZ-%6<<8DbKQKELJvMb<>e$rG<kWFE`EutJMa6QANB5JX
z$0(5LnduYL6Ne6+WQ9}vLGDsZnwMHF&|5Dz7M9BkQY?D5+^U=^w{|2GaXz!kGT1db
zrA}>8Dm~t8aF!XPW%+EmQ*QBrxa0BQgfRcgx5}eWxjm7}m_w*Fs?z!PnR=}wm4Hu^
zelB%u9HnHpBf^*D>`K!cDUUnkSsH{{wk5)=BvosjW~;qatDG(^0Y|8`QmRmytEBRo
zu9m`Yu{JwBvw!Mgt<A0>WGs4QriVRg08B+JE*DlB-be+6pIk-wnPsVUfhe!!BuUDY
z6Wx`+uvX=km}`)(`o!W--m<djjf{^wR<eArU?tRD=@)GK1#5(>>lm7?PN~_dO3>c5
z9tC<6xVEZNyV9yHk&Yr3?MUZ4{MDposC%jX5PwA*v!YIGzqXZD$m!~FhDx&~(RRDG
z@Ns!zMe;_Tm~vc-*t97sv<kiVg;TXoyQC&ts+Qp@OjfI@bV|yVmK(J*HVJBe!sl4c
zv98YcB3b*X?Ao2to8+!)jgcAzxv}`A>`K)enVNDudD^B48YA>f=Qn#bL}Q$*YKv5E
zl>D1-X`}|MZ2+><GJS=bVEn*J#S=N1UZoFa7ows@?SA<};j_^5&Uqv0wBu5^TMgKN
z7e2Ep@2kSBC~bFIwZ?)z$fdGbeYlJ&EjAA0+~O-g*0D3llPe3}NNq}#r7O53Q^`WM
zSj^1X0MstTiwxuyU4UxfE4=LDa%SbVWSA9=!z_G9skPuMQ@f=8SE)_LbQrAig+w_a
zCDm_?>T%ujaa;XXJ4-}^cB?&UK1>9RvPV`*-bfpCU*Pduz4Qds?+J6+e5z0`%(FVM
zx?EUm0;;R_6+{iahD^-9u{gf}|Dj#Hcp@Z#1dsp{Kmter2_OL^fCP{L5<mj~W(08k
zzkf6Icw!`g1dsp{Kmter2_OL^fCP{L5<mh!Gy>%QUkv|~0RP}05<mh-00|%gB!C2v
z01`j~NB{{S0VJ@V2>3<6;D^6pFi7VAi{Y09_y_-x01`j~NB{{S0VIF~kN^@u0!RP}
zAc1vA!0CiX0Fc*1!iz%qufv}UKNoI<?+-^q-wFL*=$)bYP$3i!{#Ec3!KZ>JgWLPR
z-T$TjxA#BVzoYLveP8Z-OW&*db_Bi`_;TQFfw{nV;8y?N`@iCU&Oh%@`5nH$@ICK)
z+V@&t(bw<&y7!abw|eKjd%U-J{=xGl&$~P=&)puu{U!Ia?y@`K`d8PBuJ^hgbERE^
z^J~uMozFPuoco<o$4ic{IX>a|QO6NSOngcFn)pfajpCzXPV|D@9)IbF+=7@Lza191
zYQP#z%S-iUxe6;wEW%njljTNKDUYh<QF>tHL2w!^-d?U&tsYQlGT%N6=JDihXKT_q
zSnHty3q!#YKqNXTiE1TxodCO$>}^%4F2O<;S~;;)$~fEOiY?P^uw|OHvTet}c4+iA
zB3COUL5WnYVDkfDwKeXbDz*HnLi%ajQ5wZVk5`+O<waQhOG`p67(POD<s;OJTck}h
zBxO;ya@*((7$^5cSi&ZAma@U&u;QTBmc9raiLcfbcZT>Oa2U=;XiXWdX+3eKn-7BN
z*7&VdxwJSZRW;4@Q|x{?J~(nK6RTM;nTpM{V#D-lHcT1)yzxG;*)nu1k)#<AG4#W>
zd*SHN=mx4nU4TOqq898p09M244NQw#OzfB(wP?qbV#yS##T+iRD7GIg2S+v#U1}LI
zBhu8*$w{zDkKIDm%{N<%bQ!#Mn{UpfII5Rt_kl}(;ua>=>cj+_-6j+_rrYYqkeb{^
z?*X^uo?A!~Rv(gz$zgaL97ggt(~R1%oD8HwR$<YQv$7~D9NkN!-^_9`nX^O;4r7V~
z%fjTqQs5opcZ0)l_GY5rWKG2Lrnx;}nxDLhS5DWNv6WAc&?I*62ERS`-egR|;AzT)
z^DQdA#(WIErlfS=OaXke6E|_G865fibg#iYcnu|;G|N-XMahsIDWFNkb6_@{b+V**
zLzawgnpI3$4!kMTu9*&Gz;tlbNhI@jM5<;qn5GJE)UFAGLfYI&NjybQdm~dw%2h+A
zP&Z8~rc5Dk$`op*0|~0|Mxv0nBMLR6p;0i3r*F^{&ex>6-n&sdS~R>13`g=ea2hpJ
zUZi3?q8M{3HDg{TEgakl#zV;)RGpfoCR8ySre<NP6o!<xiii|MNr6(^cY)b(Hq3PL
zhD@ez8dpr2O5T)-)Jz9<fa&09m}unfh(yh3*AN(u?g^<14NX{83G1i98k1CNYCG7c
z$3wbQgNH7c_Zd`tbj=1IT{q{ma~t@K6hlnB!GR^fSq}_=_26hw&BBbCN*{`WQ9K>g
zrK@I~YEm?`RWa1{s)n3YQnWP+h65u(CQ`Lh^^woJwt&g#o_?xquHIaLFBz>1o$`X#
zA(O%=Esa8PYBSiU$NQN`vj<aZ^4X;LFui6UCfew;b0heS6#I#Evjfp@v`*X!*2%Fx
zEek_^&}Kp%XfcJIxdS}16MbAB1|L2V&g*u?i_65|#iycs?Ya%TM)&loxfoouWOVyP
zgk}@avZ3_V+S9X9DutA1Zl$^cTs8(DJ{!(!gW|<yWANg$(Y<!vLbC~|*%(~3Y;^mP
zn~8nVPqR5KU1+zZP6t-*Yilix6v9xelqPQi^YoaXrDAqqnHXJeR9sjdW*3%*!DaXc
za2d(_NfKszl7qoG9tPv#tdC|e-)wfIR=w6Zt?5^aqNHpj1g4`!A5(8MX4-l4pkmIH
z8_k(+&U~mJ%;RYvQEjv(nmNOrePB3J^isue->^JaHcBRCQ7ELM69KSJj(M4AlRZ;y
z^zbVlOt;B{2{(A$<pYo5yq8EfnG@{>+Z|qFoAxk0FcxU{K1_^Sw8NuVG979$sTn3h
zEsD9pa&W{$&aajcGjekE^Ia}tGv+E+DpI>$Dpwb4^sZ6)9DPVx4;x&dJm#eF989Bj
z|HcH;&oPH$!_;XuOd9>XQ3RVULk^-#Ga#bq2Xg;^RQRY6{(ZRnzZiZvoC)6&`s>h#
zL#@!>&_Ku${6_Fg!DoU8g0B8A_rI%uzCYdX>ibIHQ+@kkr+{w;z7lwU;F-W{1F3+^
z|5g9n{QG_1@%^%|>bn*854h+pdGGe#?)jeQMb9sK&Uy}chTJc?|HS=a_ZfG}^=;Ru
zT+g_Uxi&h#>HI9*^Pg~Tb9~G3NykOU0Y^mqYw;uEMe)^QMhpty6#f_l(!b5}5G1oT
zKFktkqX<hEKHVmh(fQ7SVUjI7N^*t&jLKvX9vHrhHraZ!Qm*Uw1j@&4G8uD+M(<+G
zbt48{H6w#9m@yT)855!uY?jGzyET3n(W2WBIm)M9G8tw^_r$3p(#xu&qjuqwLa=7T
zV@f8&ZF)S;^qF0lO0yFgfWe8WH9IlQMyH)J8HGoRaiZPqK{7C!r)4q#k528NnVf63
zPS4ky=Q`!K-i4`!P!;XdQM#ORUM53udU^*-M>SFXSUPI4!IKQf;K_1QO;k^olUmGq
zCS@`#k4)|$iK)j`H<FlI#`%oMWKbS04jHl|1hjh6yhv$MCc|-hY{-<C>S4}H@gYMp
z_?R+Measn=@?n__$|Lz9J{Q%&kP9gsmC0b7+_T+~MY{uQ32SLQ#A+@|i_<b0h_mC{
zO?hZOED^I88IHlrl!@lWQZags$YfL=EpF#?(OgI}M*D(HhUDUun`X1nYA!D+>++ZD
zYHgAu(R;~}sCtN2>fJIKn#ZQyEG=7SmYS_Q8LYvb<!9^8a<p;J$z%Y}Pr6B>w!S1;
z8^>)j8On!72MzV7RoyvObvtA-gb$|&O_fFrSyH+w8N|WVR8z#1C7_zdWHN#ejtuhE
zL+prH)o4g2gLXW<jVdJ7pj9BPixcF^r$xgu8LUV0+n7j$EmO%`dlhS@(_qbn>ehoY
z8M23x+lW+yDbcFiZIsD?y=7=XQ>(EgUQwBh)dRx=oJ5YHVnT*!FyVA@?1;%7G8v&a
z4GyScRA%JheKHxEr)OhSL8V!*D^IJ)$CgA^pQaD5G+DZZ`j}a>IV1}Z>hMWek)A$j
z)=h1KF~GWwHQbLV(O6=-rA;(e0lJMP+JV<Yw0n=o2m{^BCKRb4-M|v(z9%TIt;AEg
zbadk-skK-$KDMM67avczIdqZcx0TVNmfd18TD_vZPKm~7^^C@7^@w)haY}0|q17`K
zq17YKjtdZHI87;X*lk+V&hub7nrGdE$=1?XcAitLEp3Bq`Z~+)XTdt2B>jXbu(7f?
zE`!~cp)Is-$%5OOPVynzfujS%TUdRm$C);2(N-*&D%FDFCLix;fyJi5EkucWm}nsX
zefJqSHa5MPo}CPqHjR@MDPMc&e{mP+Jxky{ad<OR*TtWSB}XkS`<|u}fvN8jfhA)b
zVRr)}?74R{$*zk#N!HePWD$Hvi<`9UTadru4FGjhOOtglPmgWl(p3+UO5^iX%af-S
z7cM{b5Z7u9XBmDBTt@Pn)P#6@Efcly?iv`6O>d+b&})Lk(yw=|F)7yzJ&}I&o>SmG
zad;z3sEa?#%Ra(_5`pE{B?7BI+X%boA;O+}H<EO_xRb1Heeaaqf`5zh?UbaZWlKJ6
zslvg5VXm@Fm9(Wo4Y;Z?RmtshV6cgf{AzTy0#apAogTlFayM>op^12aY&a9$Pj(84
z-Ul01<X#It`N=z(BC8hzZSgB9eoUy<kKr}@B_0L8<k+2rtksERV)oel2zYFb-=Sxv
zB|`(mUIWJmNABP=;GiltuU2e$wH#M!v+-46vt{TGO&KvDg6PrFlW;V-=XR<>eOs;F
zz>`wbOX>8(-~cbanJkM7<EoY`_x}OMcZK7Qi-Py4cig+nyCwXO;lB+3zVDCvYJJE1
z#`@ynPdUEo__X6W$Hnmb!ap9q;QM;G0&@hC;XA_a(BFstH1tB~gP|V_bwaNR?GMF6
zq2NCS|04K>;0J;~7CaYxBsduy4&DyW4*sG4YyH37|4aRE?Y{ue5RUfm?%&>jQ{VUd
z{%hYK_kFhS{V<#0VqYlmt-y<cPX^u-cskGsJQUa)hy^_Uzw`gO|BL>Q_}}G!ga53*
z;y>oU+dtqB_`dD?wC@*u&-%{!O1}NRxbFs^;Qf2=SG~XM{kZq--t*o^y`tx@JTG|O
z<9UOp3A-4MdA7L!#r+rV&$&P5{#o~%+^=)byJy@vchvQg>rY)Db-lqQx%Rqlb$-kF
zSI$3le%kpV=i8kZomJ<IbGLKA+3)zSqvE*NG3>Ze{J-K~ieD5zEWS-VC%#6U6dd0b
zi#_He;Gu2=Ho3&2qstAP@YXFZam>;69!+?Qa-3aXv|m*3^2m2<;m0?+#Jt1)E=%|^
z@1w3A-DF`o5<mh-fDj0|{98mi0+X*k(hV;EfXK#IQc$G@tPdgum7vSNNhAY0`84PI
zwzz~Ke|Q9LaEV(*Zob<CH@n0k(Kx~FD9Cy8hbPJQOgFj2LGf1BZs;tr>99-OBI;Af
z?xV_$lg94d;1Y*L^AxcIN+}Db&g+_@r!Y+Y+JC!COpCTNz3zmuQna7YwNE+5!jqXL
z`b@Bi+gxH&w3(W9&#f+TM6^u78mIO)ldbkD2iQrtX;Nb}IrHSHyQwDoc~X1eTg4u+
z+gzyK%2DHqw72EOJ6vK`w4KjXp!H##w3Mgf%rlg7N+~;qI>{(Y>%%bbC__UUXBnlb
zvw2EUN-5>)fb=d&8qzRPC~=ERjEkmeL8G)XEK`7XDaBk+I$>vosxnUN*-6Wcb9jcS
zCi8@yyOdHE6kdDM`95)~)G!TaN5mzLiq=UtL$s0FO|IFl9MMB-)iy{ou}qZNM$c-P
z5i>yfnC8F4ltMi)fxGoampCBu^ID=*v2_~D7OKl`y2@td2n)>5G1){FTc)0Dq?dus
z9Fsd~!?c}Ba))w=JBh~ScB<GqDdaYK8k@-<5gN;Oj>oOaA?`HVtc(rxG}hS~x6pFy
ztc;r}7Q5*eHz`NhN%&b4H&S4h$rLxx=4PHY5vC`$&X5Qx<t)5Dy&*^&fN9P{KRu&m
zenTH+XETu@pd4Vqxd{k<s?j_x!ADEY6A-*gDGQ>`8t~ADY?xT!rbUK%1TI=+m@eQ{
zidZ=M?7$I%amKGt1|YxxKjW?m;eQDKdHD0;4}{+WvjC*<Ot=`{8uo<#HuPfX3!#sN
zekSxLm=W+`Xm=<|=LCE{_}<_fgG<2&gL{L~{(tTN%l;SoKi>cD{%89y_Am4w>Cg9X
z?fZXyf7bW0zBl&G_l@^O0{<BJM&OSEp9y?8@Q%O}0V!}KuqUuB5cL1E|Lbsn{{jD-
z{mcGW`N#d+{UNxw|IfY`d>??j`!l|WeFuC=-$tL``#taf@cx<i%W!}HQ{LBm7re(|
zcEO<c2AE&)4bN9RpMX34XFcaV^PUGilb(cUi^u2wU+(|p{;c~$?w@c!0V(1i5<mh-
z;NOM-e1#fxr0A_=8|Hq&j}nC6hTcBzNU{4#we(9$DeJV=(l0_+KHx}^J4?0b3ox9G
zIFdAErP=7ffZVyTBniI-qiE8RWMTOupI45s(EO1XV6+={BuRL__;YYWwZ)O3ry#%D
z5q^`(NU+$n=(9=@3rdSV12;3990?MQe*QFkncC_YrD5okI^j1cj!_mzDf^UC#sVp2
zzfJ{=l1NIyC#ld~G?e}ZNBA`ueMcR;SUm2)uPO&vQ0~C5P|UkXWUlmi_$n~u7@^_S
z$ymZC=s8DNaIN^`N-+zq6@QGTF+u`sWgn%cJ84*$iUto3;HBfD@DVC*CkxCS_+{k)
z3(Xz)C8~NS3C@*%nDQQ0!wVmxyw!I;U?_Z0DbWK8AAm0ccRJL0a>Dy*E%I~Yg!fSv
z#<_69FDivv(qtB$@C!6LH_uJ@d76NAVw><@_#T;d*iB#)-lH61p~;tUjo;7Frf!*x
zCcK-T#yaav_*ojuZep46Gs+=$8g=dpeP;aA^fZ>KVZw9tG}h@~!n<fJyLn#1JC#GG
z(~zu$pQ5L+%-Rxul3t!R^Rt9^zzuKKVLJ~?c)N1UbRs&<M)(OT+&ZU9cpI%o<5VKy
z&9s%8Ck_eED#fM~2yde8+%O?Xcq46|rujd@8)&|kxjw=(N;wNmYCuu_G!<u@zau<F
zdjfs3j<7;oEI&O*xU3X$0fi^&rJ+r~5iSk7#A(MWGj0TV$R!?jtU8%S_|ffPC&t(b
z^;r+(O5`R8{K$YyyjSc!|K;`DK$y77+?FTk`Bt5_a#1m3vS`PtYtwtX*HKx$Cz?DC
zH99PsCy`u$nj00Z6GqM}<rW_2phn}OX%fg;`p8S4@v#iO$biVt@#rWeEF77r(S}}Y
zlc>$%Xl;g<L}J%z8)u>}aYF1dFJnnDU?(6Kr>W+e^m$RYSrrYMu65qTBE65bn;=nF
zj&LVbr!bs`t87HHOm}#UX4rLNLyacTW9Gss#ekiVHU*NV-Ut?GhTY~J%u~H~@Au2}
z8JzuF{MRbS*h%Tz>?(Qxe+pjzm!L~ZiZ*ZKAEgg(xtH#bz|}k`8s4(MMk(S0znZop
z{T=$NXndQu<|m;;&Wg5g#~)S>v9Rh3a(ch~5UpbC@4_FXE!y-0@L5`imS20HP>NZ2
z?dRFYp#vQfjlbbOMolfhwLU_VviVi@jB-F#uKynTFuiWgzmh&g8FN2~K1k;OZ|*xP
zgufpCLinBGQ{h6mKlI;2pN4n(^Pw?#pa1pXuLj=%clrl|cLjs}-|YXL{tv=E{{8*8
z^?kGNclzGlw+znshXjxS5<mh-00|%gB!C3|of3%2Q*`35;YqJHeV9GE-7fD3qj=Kv
z=$D&AtQk%!hU^PIE9NE=vy!O14-5x}`3J=6Y+`0IEKh*RNZ#_mSX0NI{6@)B<Wcz^
zuukr=d5p}-G<u9H9!x9u9GTP0d&K3v;4z#vKXz7y^R^r1F|ge-q(6(+WRpkCQTc8-
zJTS~ZndWpVCVLbU?q-P-MojLIcZ12MLG8)4s)QWeEEnP6);RYVTa!TVt7CEj3<gIG
zPqjG_%!n+114c{*E#zd-&l_d3_|29f{kgX)gdW}@(*<wR=BMDA9R2Qor%V>S8O>Xt
zjB~<x^R!~l)age!iF)C7nJj@5Pnw>ht73J-L76OoGn6zwSl9Hzb6#crkGM=$zZuS&
zpS5#hIonaimT6TV7IR89+X0!ZgEKg4cq*^T)U4t%Spa7^Ykp3z=~N!MN6EAM5t*!i
zGg`DhyyvtU?8!nnV9(U*PwzRsoc)kYR>X;?O^^Cj&79>OGFcF3)1dbFpO?E?CQIPJ
M59alE3`TwbA5_)#c>n+a

literal 0
HcmV?d00001

diff --git a/tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3.license b/tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3.license
new file mode 100644
index 00000000..7a058e16
--- /dev/null
+++ b/tests/fixtures/vps/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3.license
@@ -0,0 +1,3 @@
+# SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
+#
+# SPDX-License-Identifier: CC0-1.0
diff --git a/tests/vps.nix b/tests/vps.nix
index b17fcf71..38a56db6 100644
--- a/tests/vps.nix
+++ b/tests/vps.nix
@@ -5,7 +5,7 @@
 (import ./lib.nix) {
   name = "vps test";
   nodes = {
-    machine = { self, pkgs, ... }: {
+    vps = { self, pkgs, ... }: {
       imports =
         [
           self.nixosModules.headlessSystem
@@ -21,26 +21,121 @@
       networking.hosts = {
         "127.0.0.1" = [ "ahayzen.com" ];
       };
+
+      # Allow test ssh authentication
+      users.users.headless.openssh.authorizedKeys.keyFiles = [
+        ./files/test_ssh_id_ed25519.pub
+      ];
+    };
+
+    backup = { self, pkgs, ... }: {
+      environment = {
+        etc = {
+          # Map backup and restore scripts
+          "ahayzen.com/backup.sh".source = ../scripts/backup.sh;
+          "ahayzen.com/restore.sh".source = ../scripts/restore.sh;
+
+          # Map restore fixtures
+          "ahayzen.com/restore/fixtures".source = ./fixtures/vps;
+
+          # Map the test SSH key for backups
+          "ssh/test_ssh_id_ed25519" = {
+            mode = "0400";
+            source = ./files/test_ssh_id_ed25519;
+          };
+          "ssh/test_ssh_id_ed25519.pub".source = ./files/test_ssh_id_ed25519.pub;
+        };
+
+        # Extra packages for the test
+        systemPackages = with pkgs; [
+          python3
+          rsync
+        ];
+      };
+
+      services.openssh.enable = true;
+
+      # Setup IdentityFile for vps
+      programs.ssh.extraConfig = builtins.readFile ./files/ssh_config;
     };
   };
 
   testScript = ''
     start_all()
 
-    # Wait for docker runner
-    machine.wait_for_unit("docker-compose-runner", timeout=90)
+    wait_for_wagtail_cmd = 'journalctl --boot --no-pager --quiet --unit docker.service --grep "\[INFO\] Listening at: http:\/\/0\.0\.0\.0:8080"'
+
+    #
+    # Test that the VPS boots and shows wagtail admin
+    #
+
+    with subtest("Ensure docker starts and wagtail admin works"):
+      # Wait for docker runner
+      vps.wait_for_unit("docker-compose-runner", timeout=90)
+
+      # Wait for caddy to start
+      vps.wait_for_open_port(80, timeout=60)
+
+      # Wait for wagtail to start
+      vps.wait_until_succeeds(wait_for_wagtail_cmd, timeout=60)
+
+      # Test that admin page exists
+      output = vps.succeed("curl --silent ahayzen.com:80/admin/login/?next=/admin/")
+      assert "Sign in" in output, f"'{output}' does not contain 'Sign in'"
+
+      # Test that wagtail port is not open externally
+      vps.fail("curl --silent ahayzen.com:8080")
+
+    #
+    # Test that we can backup and restore the VPS
+    #
+
+    with subtest("Access hostkey"):
+        vps.wait_for_open_port(22, timeout=30)
+        # Ensure we allow the host key
+        backup.succeed("ssh -vvv -o StrictHostKeyChecking=accept-new headless@vps exit")
+
+    with subtest("Attempt to run a backup"):
+      backup.succeed("mkdir -p /tmp/backup-root")
+
+      # Run the backup
+      backup.succeed("/etc/ahayzen.com/backup.sh vps headless@vps /tmp/backup-root")
+
+      # Check volumes are appearing
+      backup.succeed("test -d /tmp/backup-root/docker-compose-runner/caddy/persistent")
+      backup.succeed("test -d /tmp/backup-root/docker-compose-runner/caddy/config")
+      backup.succeed("test -d /tmp/backup-root/docker-compose-runner/wagtail-ahayzen/db")
+      backup.succeed("test -d /tmp/backup-root/docker-compose-runner/wagtail-ahayzen/media")
+      backup.succeed("test -d /tmp/backup-root/docker-compose-runner/wagtail-ahayzen/static")
+
+      # Check that known files exist
+      backup.succeed("test -e /tmp/backup-root/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3")
+
+    with subtest("Attempt to run a restore"):
+      # Check the home does not contain restore key
+      output = vps.succeed("curl --silent ahayzen.com:80/")
+      assert "Restore Unit Test" not in output, f"'{output}' does contain 'Restore Unit Test'"
+
+      # Copy fixtures to a /tmp folder so that we can ix permissions
+      # as environment.etc.<name>.user only affects files
+      backup.succeed("mkdir -p /tmp/restore-root")
+      backup.succeed("cp -R /etc/ahayzen.com/restore/fixtures/* /tmp/restore-root/")
+      backup.succeed("chown -R 2000:2000 /tmp/restore-root/")
 
-    # Wait for caddy to start
-    machine.wait_for_open_port(80, timeout=60)
+      # Check files exist
+      backup.succeed("test -d /tmp/restore-root/test-page/docker-compose-runner/wagtail-ahayzen/db")
+      backup.succeed("test -e /tmp/restore-root/test-page/docker-compose-runner/wagtail-ahayzen/db/db.sqlite3")
 
-    # Wait for wagtail to start
-    machine.wait_until_succeeds('journalctl --boot --no-pager --quiet --unit docker.service --grep "\[INFO\] Listening at: http:\/\/0\.0\.0\.0:8080"', timeout=60)
+      # Run the restore
+      backup.succeed("/etc/ahayzen.com/restore.sh vps headless@vps /tmp/restore-root/test-page")
 
-    # Test that admin page exists
-    output = machine.succeed("curl --silent ahayzen.com:80/admin/login/?next=/admin/")
-    assert "Sign in" in output, f"'{output}' does not contain 'Sign in'"
+      # Wait for services to restart and second occurance of Listening at
+      vps.wait_for_unit("docker-compose-runner", timeout=90)
+      vps.wait_for_open_port(80, timeout=60)
+      vps.wait_until_succeeds(wait_for_wagtail_cmd + " | wc -l | awk '{if ($1 > 1) {exit 0} else {exit 1}}'", timeout=60)
 
-    # Test that wagtail port is not open externally
-    machine.fail("curl --silent ahayzen.com:8080")
+      # Check the home does contain restore key
+      output = vps.succeed("curl --silent ahayzen.com:80/")
+      assert "Restore Unit Test" in output, f"'{output}' does not contain 'Restore Unit Test'"
   '';
 }

From 48894654304a0c32501a7eead16229f1b654a7e7 Mon Sep 17 00:00:00 2001
From: Andrew Hayzen <ahayzen@gmail.com>
Date: Sun, 21 Apr 2024 19:39:33 +0100
Subject: [PATCH 4/4] docs: add more info around how to test via VMs

---
 docs/commands/testing.md | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/docs/commands/testing.md b/docs/commands/testing.md
index ab99b0e2..104f2439 100644
--- a/docs/commands/testing.md
+++ b/docs/commands/testing.md
@@ -4,8 +4,27 @@ SPDX-FileCopyrightText: Andrew Hayzen <ahayzen@gmail.com>
 SPDX-License-Identifier: MPL-2.0
 -->
 
+# Test with flake check
+
+We need the sandbox disabled as we need network access
+
+```console
+$ nix flake --option sandbox false check -L --show-trace
+```
+
 # Test in a VM
 
+Ensure that you add the following snippet to the configuration of the machine you want to test in a VM.
+
+```nix
+{
+    ahayzen.testing = true;
+}
+```
+
+> Note that if you are testing http update any `Caddyfile.vm` to use `http://localhost`
+> rather than `http://mydomain.com` to access locally.
+
 ## `nixos-build`
 
 ```console
@@ -31,11 +50,3 @@ $ result/bin/run-<machine>-vm
 ```console
 $ ssh -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no admin@localhost -p 2221
 ```
-
-## Flake check
-
-We need the sandbox disabled as we need network access
-
-```console
-$ nix flake --option sandbox false check -L --show-trace
-```