From 96832b88cabd8048e4dbc083de0f11a626b02109 Mon Sep 17 00:00:00 2001 From: Thom Dickson Date: Sun, 17 Oct 2021 13:27:44 -0400 Subject: [PATCH] Init repo --- .gitignore | 1 + README.md | 9 ++ docs/index.md | 7 ++ docs/wgflow.png | Bin 0 -> 54800 bytes docs/wireguard.md | 310 ++++++++++++++++++++++++++++++++++++++++++++++ mkdocs.yml | 30 +++++ 6 files changed, 357 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 docs/index.md create mode 100644 docs/wgflow.png create mode 100644 docs/wireguard.md create mode 100644 mkdocs.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..45ddf0a --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +site/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..069a27b --- /dev/null +++ b/README.md @@ -0,0 +1,9 @@ +# Thom's Documentation + +This is the source repository of Thom's personal documentation which can be +found at [docs.secure.garden](https://docs.secure.garden). + +## Contributing + +If you would like to contribute to this documentation, open an issue if you +think there's something that needs to be added, changed, or removed. diff --git a/docs/index.md b/docs/index.md new file mode 100644 index 0000000..b54ea9f --- /dev/null +++ b/docs/index.md @@ -0,0 +1,7 @@ +# Thom's Documentation + +This site hosts various personal documentation that I've written for mostly +personal use. + +On the left is a list of small documentation snippets. + diff --git a/docs/wgflow.png b/docs/wgflow.png new file mode 100644 index 0000000000000000000000000000000000000000..515b611e987edd6951d9e5f6cf630dffa25228b7 GIT binary patch literal 54800 zcmeFYWl&sS@GUxny9FnB2ofN8a2bLG4ess`+#P}k8-lw8C%8L7gF|p9IKhMaJCoo4 z*8TSCy>Iu!ovJ|9;bhL)*gHR0nA-XAp=2_ya{Z*lxmA7`RB{BBAM`VsGx^ZscSJa(8!UwX(BuHZgKAW3_j( zNIw=N1%aqQAKr_pdSo1~xO?Ew+##Qyq>jG6$eXU>M7=CUVVL)X5M{|9B^vl{6 z#=aj*bza>n{XIJ38S7A-hJcHkNU3~L)A}nZ!Iktq@YzmOo<+sM{r5?HP1p^)_WnJ- zswT>df7g^g8d1yrcTp@Pgzdi@5efeHjgY@B3=qi262G8dLm}bepr%-IiL3o7vrHu5 zUZs#k3+k8ZjTCmeb#--4)HF1p*1|TlxzD{d3PIuF;lWt0DX`~Qze{(oNE|Gn}5 z_2~YOGmit``kBYaPQU1YXH2py!?;}vfh(=4=Gd2fx)`bd`JUbrn^I7=wRFUH5NGc}|Bu6qjtyry$khS&DiOYT!&UR5Z((Ce1vg_i1o~DW- zW`I&uP_WT@l4Q6&WTx5qBxP!z^=A4JlPq+z<-krfTiAE9-CI$!JeMwkQRzpMuEOD3 zHXcsrPMTY>(l<#G(|=#&Vud;cncqBHzdz~hqt71cU#u@PBJP(MzZ{?>x!H&uKkXyR z&Q&j8Y&z-i^Y}YhgiEnnOw9S3sj0H#4(`S4Hhdg|8dJo@`h$;1B>w_SPy4f7>}ide z>}30Ww8wg&<#+w|8fl5DPLqL{jc>8$zgrF}`i9?%jQckHx0U3a9L8WhR{FcEqv(_r zhQr1B+V^uqBZ6V`^Vbej^5oT@7JlLBMFNoqe9-6_^rQ8w42AVQjPMmQc$IR_X38`M z2sCstE7Q_j~PxW5#-bMH8R$>&52kGvWiMnU@JY|~)- z$%qE_$&(cgVGS0d!0wOr$E`JQ&)(&Y?EB2B*RnCIb0XSkCp6jQ81J+Dv>A)>UAz9} zaI$~w_HgHT{a{i8UaiFd4GRl_^G+`{^Y>p8zAXQ9ID$-{s54SMvBbl$e*7v}+u|=& zE*K&fyb%+8IQ=$J7Y-R+t1{xv`-V)-?}dX!DIBaQoEjY~e8)ED`(rrCH!KkTWMH}Z zT&dY<8&acL;Z<$7=KGMQ}NSD}#riIeFVh4Psq0jSUV{=UNZr1(j(3|*) z;<)mk2QwuqMBgNZV#6r?FkaAiV1${l<|lwRXTNKO#L-greAmjx_Z;2$)#6H4XSY)L zeTwRzHJG>wDzt!|(Mk%Y+2HDyYjcle+~S&#-sNk4F|@C@p6S-HZx0$5F^JNxw@#1I zs)=U1M^Qq`2=;kz+>+23dm#gHqHtqRUP&QelxP~|SyPvFeJ>5QumZPS6 z{}T0ues_ayXQCz6e>O9%fDm*a%$E0W4Ze`C<0{Y0HkNAi| zNJ8P1{>xEI_9tqEp16rp=eq)@{?G1>R=EH0PZft?BW`PJFy4?@Qnbxv;NW!LL@`NB zvLhJB)eX2j@J9)c zrF>>8RV!1cv1wVc`>xxJ@kWDn09)kykEh3bIsZ6Ev6)h}$qrwsWfv8Vi$61D@@ZTw zac$}qx-oRJg!jGL4Q-_2p@Pae_qDaP)pjeSKIfwv^KG|8hYPjn3kwT{CgS2f6D3oZ zduwYk-pBj!W!!ZWw-s8oXpuzzBsgo$&SCpEB%FnL3YjgpWA|I}iol7~Oxz~q``#;` z-fUuT&KWc&{Lj|F3BcB_4pR%ygnjSw)XI1YGUQiT>uHEVeovn88ymt{;UdouO~!A7 zvB~eyIW0OOdwV?qOlj)6&J^|~wVD0ioyJ{u`loDj5?B#2&nMpFrp*fD$1JxYS3UmGGlFH5UM)P$5z8O?I1_zhq zpF4*~8`u2wavUG;m)@pA=8wj@TTc{vrc3N;IL~#pio{{ZLh!zMmGE} zLW#|3tJVyPo66^Y%&hNi3&-zb8REW{sa{MopPhh5#`ApuO6|7nG%P>gbXH_MQs*$1 z!50+q!ay<%tNe7;dkS3_;a>K`LS%>UN&mxbjPY32!(R`<6p^*SgG&2I09mV1DyWQm zddd=9|Ant8-`ij!)&~qNtyJ(?g zJ|Xw`9imkD{4yc`@?b94X71qhxOK{5XC#$oeAlh@4Cc!FzwEzIxBg{(^XA1;CX8w2$(B+5!78Z(76EY#jF(|EX0s}fv=0c+qd4_%f`KHc-Z zZF+v%QyvQ*@%cOWsqNyIX48sRbBxtO4MB_hNkoI~(l@Iq^QMQt{3xi^8;1*=ydI~D z4^Q_BFh?y@XBhzY34i)E`H8}G9=fph{}Z<&TY!^E6Yt-1V^Mv7tvZ{RnnXRPpdpNL~7CLXS7 z!a_o}1qz!+Q`iZf@7Mh0$HCY1!Cg~|B4Lx?vIp`c&}FFwn6M~v-~%L~;jU$i6YnLW zh@nXh9pBGkiECZe4*fTfRgE|MyE?_yDs)o^@butTJvRM4&PSh9^$~_OW?hU4@+MC(R zZMfKhpxtcBkY?xIt*_3u%f8p`d$Z-p{O%nj06TkUGNX*@F-GN754`obIhJ`lCfs-L{UFZ_QOpRhuz5^3YfPyk#mRPV46y zdcM-VIXxSQ(Tz0ZRJUOO2vW3K*{sRk1-6_)#LOkv#lAEB)7`J$y;aKF#DSn#e&u+l);={X6_Z z3D`)DLIf-1Q>&Xg^~9_IAt{Xy|4N_DVl--+oBO`GBoG)sN|y<{bsE#M>AjBXZRIyr z|H5b|z?o8xGky09P*a2-;e$g7$DdT>BfH+MF-tYt1$N%d*Oi8PEjs*ICo-{o6tAX!UQ;_5% z84ePPQA)}Ar%6TWDkq+br>8|8Lsw|&I-KU~2qJKC=aP)QV4)j4WJ~R{-qjJ1(q}9- zoTQN~#PJZ*J>|~!S|9p9ecMATFitOdyeR^blB8jF}bh(_Mfv-o)>s)=sy+UoD|U2R=(y~ zH72->0ftvSOB|-}wiwIci9WC2t6}$c`y_h!clf~Y<}|J#DJYMD_}y{m-cn=ZKYIgN znBL`&i*MYH{c0N`g|CZ8+|Ez=beu4Yrs>u_GAoEiE(Z_l&aPuhCxbfp@Yr@}aNrheY zX9&+YUBTh2GkbOA@Bm3IoYQ+E)wbw>x9?x0^l)-4COS6d*uWOMU8vhZs#jln>&R_R z9$8}Q`*^8Qc;bF^i9kye_Fr*1cK80uT^omJNuP>$)1Euh1D%Wy;DjL2` z(gJ72#p&liHozlc1mn=%H;ApYxWXGV2bZvg+O8gAVPf8jFjkX^8ov7x`I;G&59J_( zo@j|fb_jRu;7?hD3kb3>iG+JY!!&Ry#v_}TnZRd`NfK5hne@xHxNd`@4}@wX(@}5+6!LOI1toaE6D5nE#$B;_K#JorqKfGq{Tm zbyAyE6Z4ew9GU)94gG;q4T4b5Y)T&PhK^;zpkpc&QrRjP{m&=-?{ zmztVN*TJL446m%B0`?>dc7U(>+4%t%dXiacaJ}=izweFaTRX6Mu3ZOr8!tX(EuiY! zz_sNBl9xZ$_B+ADr*Y#TZ73d>KOGC6n=crP=^Yu)* zO-FJlP%3`b1_B41qg6`?u0A~c1k*1tYETuLUAgV%tBe>eHe}W612nZ43swS~l?!AF z9U0%cwbCPUwhmu%=2yW>_!Jo!e_7f0F`nNUJ&tVFlU^8f=ila#eg(flO;ts%J|?s= z6^3;pyzfo<{xi$QZ=Bp$=z;ovjTyMmaVBW27}e0Oa71Mu7CFBwdovIlN`30At&;Gf z_gCaqmXo{SGx>DC{uzx%)}W}*(#l68N+Tn=XC=2ezbl4wXicAQx|Hdr3dho6bew_&t9!RO6W$--(*}(V4MC_-s9R|1+SYbvx2c4K za0Iw{GFM~%I!6iSpnN9mE`sP*m{RRBR*6S@ET0m`gKs)leGuTr0kEV1_1Y{RfUe#^ zmd%JgFro5PnD>3cgD}?irE*y~wB_#4ETFHsiTd3BJ(0UES3Y~QuQ1eCCb%u5>O;ym zC5dL3ih$N?&{U2;WF1z@B0EtBv40r1#P{S5=wfx~0<7avs-Jl^dw2*BBK6i=!b9}f z_|#yITH2s3+JW9lqX~KCRr6irQ3YX%<_;xd5}IO8>{N>Hl!w1(>fU@s$YTL`I2y%v z0}d7{>W`zwH4+>V-#ae#@0#jJB#4x?3IoZdOlnNYu4wPg^2ngR$Dg*JRjAxIHe%HN zFw!;ff6_i|yOTd4xOi>FzKDQ;s4hlYex$H#)5Bx$)+*l3e}g%nkW)I&0J+5!CF&$` zmB4lHNz^DVusRj%y#EO=b1j!AhHq# z(9Qk8i-b-=hwgWS2;jt7a*zG6LMU)vnnvk1pe{<=;YmRYM&&k$^Sr1XvKo0D#ZT;&5yGXP7ujZrOF%%-V z@jZn{AEOS5kWEc_&xaCWv8dS08rT;+r~%&B$71I@ftdv*Hvo;{ ziGIG_%?55}UNH@4Pz>U@I&j3rb!P~D0E-fjtfBDRx$ZwFlanmydPP0M?d`g^^SpW; z<|P;_z-6mjS21vl-=Nzb+gc4*AG27>XKk zHcL9QB$E317!5s@0OMtUIV)ccn zIyogh_vN>^mXY9~g1$dXZihM)Id{W6o&<6`|7;VFGY&CM?StL}yYz;6qDmj% zT!%P3-eI1u2gM@vV)k_HO)CD_Y))BaqcedOw`-l)4R$NKvnBZH3Ym6n(Qox1%or^o z?-9-1`HSHG>OH%sVIm?w48$N~v{t<3-9FPr4XnoD-4{WEbN8h3bDyuA0K=n#~xqwF7Pl9l+DgvacTSV|ggC^3rse{>k&2->2WX1iC zC+fOPkb$FSumq$gVh|u$BF&WEQgWhxT4^Dvu0BZ=lMKY@={g@5i3I8!pmuLDnaFvX zZ+4c_DpE5ADm*3%S17Pn9%{BovC8P^$ zS{)?{<&yXw5Jt>D)S4T4manbtFB2V4FQEiV(Y?>x80_HhPrX{b5sdM4veXtqJO{&unC?n@y zukU8ROK_451WJN_pgu%|)`r~zO^F<-*fEd&0(P?utx1?<3eZ{faQnpz&Z{F?#-OP1 zVk)N?wNj_&Ta!d5V#(u`{Bg2%7xQ_&J2u7%QaD+;P+g>mK`GAK1_7?o&INT*tjQJ% zvQ4?jvC3L!V~-}Z2+g%(xvB#%-L}zL8ML-1MJ@p{P=hFy%$cc8C|8>7&jHXY^q+5o z*`g5S(-U*7ZOE;A0U-CIu%F73#lY4$zrTwBWM1Q9oDepU;NPDnFj)lb2&l_ploY`i zE*d1Ji7=-je#d&sOWngZ(d3xhFr)W16a&?VTTdoJ!+_l2ZV*Q)P{_sO`a=)fF~|W2 zR1*kC*+dQ?>QT!oI$R^jIDHVh1C@3v{-X#KxjWtrXbh-T#Dq34K__#mD&^`2n}9#5 zD+hlCt*@Em!gbDKp|}62I6y}N01dfCmoZmiH%!^EA-D+R9}8hN@()f1UA zzESLA=d(xgzk+aD&Q@(txy!hlvd?!OlLCg z7Qt9Y7?&PXO95g7P)X>~&7zJu?%$oZhrtx?*xUUIxEyzj*0)VYjVK zS$Nee0xl^SoAqZ>rN#ikbfGSI>~#I5R(I^BH~sgSNCY2_cKP_w7fYV384YF7 zUO_gRbP2?V)U~!NE)v>$p%G6*OGZp_i|Z33gJ&Rl&@wK(Q5uF74d)Pf^8N3UO4cWq z#e(bFgF9OGvAP4p@MF-EZ4TXp(ECorqW?7uP&9${3j7X71%f*-nQfmo1 zdW(h3u@ZGFu4FiS212^RH|vhxQHoR_Pr7-*`4(gg!kvh&mfE(|XU6N_H)8%IL3?2; zOfyb(QBgS_RQP$44TEI+k+0-Kd>Sgx(KdqG5^~=>8ns1a25mvVG_^rkFNb@<5Gz2A z35jqg*(xhx4b36-5awVOLUi-7j37WZPuIWp5cIe|VgxjEexK`1t*NQ*a}PmHpvl(a z+6o5RY7%Y=bH70ER;CFk{dni<3`e2?oost3&^z1xSgs>~>_Z2DVjjN{&p%(cUl*G6 zhD$|WGG2vZ9!wUEXY#uKNl?^9fk|@acS7h$K;!gXH2v#-J>}=Nk9`(%m!p#k7L6I9 z+9(h5QN8|Daa&bZZ}4boDn@N!)!YfOp1+-_wY4=+gkXUhJ@t4n0)GTeO~u|Un}*+m zRJqd?;o1ozEn3CZEM5hN&4B};q};;D>yMNtNkmWURTA?n$A>E%yE7+kSNwCqUDAEf z!Lzj4ca@a@5Qh&b0Hy#_adBZdI%aRIdOJUROUn%DV~|c$0>noW0$G+gGJ6Dal$Z!PQ4jDQguMQyNYF}Zx-rk;A;hgXz z7x;R`T_f(=%EH0|P>A16Hrm_26!8;Wzl&ECj$X2Bt(CS(u(&*U#}-XbZ$ALkN63Og z*U4GO-Lh|m!d6=S$DLm)i7mML-j;Z|R)%!3Nk0&@2KyrIg1CPCX#8^R}f{g&af=bA&fQLA1RFRG%D zVCVQf861gNqer|7E5u~!6@o#b4BC@s%}X>)%$|`{=Nv0i^O2M^8*mlSLlJzuaEKzm zX9gr0RJ|6L9yN{n_mPAeIc`UbDCom{iJLcPn>PoQLG$%C^lpdqF_eCqK`c5v+pW)P zO8A23Bg9dp+=P&D!GWDZ+odZ9{>y+H=W(IvKQlJ#JL#>ry|Ls1U$Xt~aDk>4GaOAhd?Doy4>MSqbSLnPR`e)mY_sT3V3703_(NAZ$`g!K~u zgGq0nvC7oTMcv$ZtY^PRPkyUpo>}g^xBHOW(wctcEetfZ0J6b4@mQ{75Xoa(!FcNB zat2dUkl5ao*sUPAZx4N=VnauhQ4V!#n9K`!h>i6fchscr+_DK?@F&lYYGK zS>IXH)7=;``-aj>e*7D@jn5+^&YIQ6BtW&d^8y zc%zq*=y5po3#?b#bk@(R+3J?Kf9ZOlZnDxc0|J%Jq#fwr_CN4|#vWOT6f z;6xH!cyfU*+MRfX=)`yNq3cG+OP(b#^a>u?4|Hnzxo{M!+yM?3XtO)>-gwgkcC1{h z6Y;`lpD60N$`uElz6mhcRO1#CWd?uTeVD3QUZr0^}eBQb0F4acZ__#{oXyBhFCP! zMNu6e5g2VjG9L-&W^n+oPnW1jONR%otP%m8aR|^Kbr=_F{ASSU?Qp%)m*zB&4*Q(u5vNq%*_bA~xI5OOl zg{2{GcwPMQ)UH(QEV45V12&6#M75z8*>hdrHpicrBWEv7Tc;VnLR@rCL>(O{EEZ^o8cjyDQ*RBU8Af6%DDZrWLxu9*l(NYc{iE;P-^AsW zxE&3%Sx=wOxABpT3tdC1GhckF*FO7!?96K2Vc@@_YcBsaFAvG^XffMyn5A)>Z;TCN z&x@4jlV)tajmB?);~So=uH3p^bpWZj%6di-Xu0cWSS5Rx>ooqz{~+Pd-vRV``x0>D znt^2{TNbTKpj;r~Oqhy+G|(dYu+(&t3~TFIN0!ygF409_{!RPt?W`s%4G{6S!TGpO zI5;9Gj9Kwr+4_w|Kd#G5R7nVD{iUs~J9eQGt-7+{!^Bx~! zw}B?qp_FMn2dAVUf2=hhr5UxT56!a}*I{@4;|=t!=p|$QD3bNuJlW0eD}nY8Es!N3 zYeO575%lE53(yzJ3Hzb`K?r7Iy^~`u~oUz%SN8zoKb_sSQAd6v11TPxGg=u;wk$T_g~2KkkZn z(fsUN1km6nK-aRIDa8Z^vH~cC>?8n$kf8%a9Q*!Q5j)7I!+Xspw!sTmqcU!M*rZ1o zR^~r!kc!oDX1VI=Axk}utJD1QOc_mPw-*(H-r3*b%Xo7!h45YTOz3NToY&HGws=y0#3P(FQgxw*EWK|csd@Xw{PQ*LgO_!MDR7cq(; zV%I%4F(MrN3dN>yn7sE~ny1^ZTcLsGFOCItujcE93%Yb}8Y2=B1D;j50)Ro|#C?>kj8_Xf3CTV% zQ-r~!QSq7I^$$d?9+Ih|n-uesFKTP+NE#TPh>CK_5cI^Oh(!jfd5LmuzO@5jj&8lQ zOq+1YX6MJ@-ehN7nimK_&;T5`WCMNVG{OkL$ABK>mf2i_#&2zC$~}nDYeCPd&l%;8 zZp5gTJM5!A;sj9#W_>`0Xbb*LrP|!?*6hcF&mL+=AVz&$xJKF{oU5JC-T?~Qtr;^)4=kyIfuNn$yJ)TrcC|UvxCeI?V-s41#vh8*{rtW{9R=%-U`b~Ms6yLuC>w2hp z)8`Z0UOmg}e(SddLIJl67kvARqR9E!qjL^M2#YTgVh2KjmT(ipvI~;#C4_?$)9 zdW!%jZq`8Gmus~t5)<`Zb)Gxa%rpaBwfH8VI5bM$dVyowdl`@qo!#`Zja@Cc;kO{2 zRtWjkJPK;w@PC!E(Uk?c**3e5yLTjj=k$farY8~wVALGYQ#2!gTOk?-4nnP=9(24lFmN!~>mPtEkoIK6C9GOU#FhRV5h zs+q7$uG7I{pWTh0%eEb8m;tKwck!7Hj8UFnpoP0`D)6mNIG6rM3_c=J^2&QX^&VpD zhSk!HEb=pG%F8s{L#JYEf2&`N>A(}eAOmhl!*qSPZ&j9;>E(^`9xTmG@{0n;1|WBi z8Kbi!TV4SUMNj$An~}H7RE|Ojp%6oc0B@>~;|F&n;^BMDMxHObSo9rxphI1--c)Tp zhw7yn(BtBj>UuE}bg*MOYz8zNq=l69EW%vBACaI73$Gi5Yo98bzs zoIdBX5^!jlys9XQg>0zZbr%mE4@IF4Su2}?OW~MEY*{?a;#F%$#d&+P&Bv-e7mr@^ z8c@y%C}I_1GR?M6Z5bo#@88b(cpO-8u|3zjnSeyTGCKj2$dv`SToz$UN%JVtkxNIm zX|3-e;f5cIBW*wu6b0Ua#mB%vAAi$j%%%7bo@lUVUt`91jcWp4*PDA@j+&&ew!LCq ze*uwVTfgW@5~hkWZf~=_FQ$%)XM_Ce{)K%Q4kt)-oe7Mv=b_)cPYDla%HNBM>H&C& zvSz|Esr5`~@7A}}RM5+>(p(8-W+B1!5t<}3i8?+Nq79CgRaNsGiU>= zvPl*HY^!QCeZ~Ad)GI2LuM+aSDa{ilwh0!OxfOo(mCCdYu3B12u(L(&2nw7(;l-sL zkkB{=Ah2iG?M+YXxfM|$2I?Se*$2`FBSka={S#`jDSjeT1=^(={H{E7N@_M6pX5$d+QL?d|y`z0$B0$OM4c7@! zb-BCtN2*$Xz2so76AF;muMG>)T=sqYCtVbP=-z+8HZjD=c4?%X!;O%Xg3-)el$+$8 zE>)B=-N(% zUlkAVKm~zBt0i0^4o`nKkUX}7ks$d<|&|DS z@_=5-N~zn=+|t??-8~2RTi(FQs{R8*8V<*f+*uDR5A6*5VzV2}5{y80JNGM?Q|YP& z#1nsK3q=i_1HX({7VHq<=FVAiHjCZO&K`xeA_tl-<_IKQkl|vC`E!FA6#E-&EYtwK zJ4f5{^3P8RTT#JRiO>@>1!@Ds>Z3(1bj~c;?DfC1O$bZ5a7kV%zz!0X68+BppIkRz zcXZ1={l%$yO!DB4xQwgYMAr&+6AX_h;)RJih=%(33!q8Y9pk4t>;WIM2lG9AV2agc zCziaZLJ*5bP3^h%Dh?sLOxJEeksu#exn6xIRskQEEdshR4Na+Zu=tGAW1wb<5ikGS zrw*=jY8o`J|9RPG8CiOA_*jPXz(KB{E7wYhnjKSAb_$I5hAI&tLemE5T-l{=;9jPi zC#S`LUV9vA@C3f7PBtCFhKY->VFpW08BG*{-?d#b^h5{WEd93_3(5uJ7D&{Gif$J5 zX9Z3ZTtGlC7^Qhg`&)l^@s?>e{TKixmDZ@`b%;=wv9K#rC^n`G{~W>A0TA&m3ETIi zL_i!o4g-q3$x?l5!(y(uxS=5p!k=3VoISA7C%59oU6ksm21;IN(y%JuIbWs?dFdSv zl{s9KLsJ!8pbc2p#%b6uI222V7{nvxUnxUDLLk+o?+LeYKJD@qMtB3!k zl$HZKjM<07xQv*!Wl#Kpbe8^1vh{3cvzhQ464UeZscoePz5-+HlmZ zGPnG`S=RzNzo5MF;0{i4Oso6(cqK6z|n;g+~r*2kroaHl%3{{BdnieYV+wbm6)ZpdQBG^ zRtDMNJ4wO0nfN1jfLneb5+&k~uUc0@FTTzr{jkkl7dn?+TOcY2D`(G#xjVFKNgYeQ zRQxspnod@2DR;cnY^StVr`d7l5i^zuWd*Kgbg^kWuQ(Xh}FcI;eo6#{0ZQm^&{~CahmV=l@4aLh#0d}p!;C*gW%>9b{ z5||TEyfW2FhyR;uspmi7k`u6Vu4HVX&nH9ebrTZvhLG;{_{MFUCoXO@^_I6Es*j0# zv)|YWQ0?c{bpP88{=8mAJ3x-;Ft?Eyt5=^}5J)rai|g6P2p703n~{Jqj^vg73?{h9 zKQEESZbn!p*czKR)Gqy`=Y9KS&u#*yr>EPTKu-KBZzuqDc_$FCn_c1M8Yffk^p zu>;gjEI{of04o4PQrB?08=(YytGY9Iu>1pJqxkqTZ5C@GYaBfNm$cbH9nCk7%I1}& zwgoU2HqHTO-@kYFrF%;T_-ev`ulps&6>n`Z13YJ(M^K*n3=8ghOPiW)8t>2Q?nK=g ztfk74K4750&eU;%zE+81Rw+KCz@t&G0-Z-#!!nlxDz@bCKoVrPrA)7ckMFUiKXH@fL5%G_m)g1%TPFiy!|$@E8a}n~0y++w z&mR9}Q$AMrOz=tyXcWMi`e*0h)7}>qoqPZ=TqPJ6Su{?RR@7%%Zb}m06y{F9dSULg zhxZ~gsllmI)*d^MK{`JbV;>aGjg{VT)7@dfsT449?4q!8Fr6+Nm;}jb1bbo!1g&lc zcZD)^#T)3KtJO0GxceR_-i#c}q{D;kBvKK(c3k;%h%FC3&X52AEeG`AnL2?Dh0DPI z<4Lj;9$i%jcb`=xuheje(Wx9xD!TN(d~^fqzfa0RNUrB;Zvfr~WblnZgCH6PAm`C>M#ZInHOr^UGMH;6|93bVh^ngp+y#D;gd_|YV#$}lEvGuGAA~MK zQ+&8MIoCq9|0}5Y7UL61D2`nGGS(Kc)Q)JV2JR&Lwk(rvJvO}ZzlouM~S^|!(j}!_p4g}0UY@R`c$-W(k?C{LN8pFGdS-|w8I1NRI6y2i_ zFwJ)6P)L2SHTa?Xnz&F7^;Wfb>NfYfV-qO0m|qE>krqASk}NP^{T;qmyFaMJ&c~sQ z3<^6A74^<;#u$d*1k-lHsv)!>7-d!BGX;vN&A^6HZWbiGcre#R2P>5T_3q`yI2GG$ z#lfv>3=cgny69!vO}-KFl~MY;R$%Bl4C*m!(bP3hyu!z6ND*s+h##paede*OhD~wz zHrPX2T5#_fLr1g&Co>Cp?POcNfQg+ZFPYjbv1TkNyg27S`>OzSutnHj|M4zcr@K1~ zbedHbi#;@*ZuSuTr<&SEOq{gH&(Av_y`C;+6t|W{4k~Chzk`78wv} zPIiD~R&)e#?IpH~;9h0~o@um@u5bV-#&fMqzQShgezrk|2tmvGakuO(!bG5aI#Zs2 zQ-9VE4+Pe@;s{iayQvzTRzjj}hn$UF-h>hhVHrZb=8JTei}C-+@z*ziVU7M}`%)^T zR^5G|aF;`=18+6H7H19WHNB2dSt3u{c@E|YSSg6*7EDqH5sJ~U4AW4+2Y9IY;&%z@ zix(KfcoP^%by{)mqBR$wXZ)US90DgO#ACg^Y|jOn-uUES)5&bd-F#{sx!r0F1E` z3_jPoul<%+vwzvuxm#$(n7}d2FetyEQivfYR+Ym+{?St93vbsgJU*D9IsgsmrK8i7 zF;09AIHZFtj{tLx0SU*^#|_=J}KFMCe)`KGxTHOehS^ z2!cYrg<6oDZ`&bRLPs15*JMuAHK_%?H40LX(*3i$o4lg=V{#G|WLTf~8vc0R<AJ5+9&vaU}L4T?r^2y^^Ck#4*zaHft*9SnV$ zJ6eMR{HE8m=z{x@Mz+8C!szPaC2EWkNYEBS9N<@@c5F2f&gsc`ZO{2dpUz9=FqF+; z&C3k2F)rgb?HiAY^^}yY?~ZZNWUc8ZbdmwTCl$Iec(?m+89-I9UiqN+YtQR`9cg|^ z?6Ch!2qeN>s$`OzE<-1^=c32E8@T=*vy0QMvI8TgQf|D!EM^QQ)`XOoB5@6&~HF#l3(kN3bBckot@o(+FP07Y(_1*8Xgi zqPA0nNy`4oai-Kv6nO9!XcXlIV1GJk2i*+Ru89KeBSDhxYtTsoT|NhI;ebuAJ0@KJ zKHcDC#n>JNd1l@;1@#v_KB+=TvSZY*bh+nz%GNrR)Q+fKvY=O+%)b4Xq@%Jg!?%9A z;3wcAg;IZB{PrQG(ta-Y>P6*g~ttBsXn< zf3ZLM=P55FOWt+0!dLn7+}etdrnO|Wxx>t^(ZJd5B!gy0xoq&U83%#_hWcE}7!`@i zq~uD)q<}}b!;SGxqmX*oKn0&52y7VmrcW(mv|};~R}VYo>AQG|{b-=?(EO^~!~-c0 zuh+i)KiorfTRq4@yegP7**Bv&B%i+cx~w|3NzPHOE1HqVJIirc_Kjr>({g6f&XPr^ zV`{I&f}RD1MxwQtg+LDopg3V+{gSLK`_^G6&49s#gfL2MSkT~bT1q_KumNk9K(Y|J zD4fR($wcyWV!0}(D@7QdGenVGtoWtX7i83?{dH$|E6N~9T^E6>w~!IhknG2;>+5xf z-92!Q29LNVNsqnVXEs)<*E^+RWk)Dgde5%sCzq0&MIfBqnXz3%dpKPdkgigOk0niHmN);q~#zRZ$Eg&iAXcjop`tFE-s0XSIE5HX4ps z?YIyWMtw`k6dcGGvNYV+h|Ip?<@+FOK9q(2=7;K|GpU$h8yB&tGd7TZ!%@`mDDMk5 zc!uQFgwl616mg{T5}d(~h8~mw{KF1}^TIoQ3rp%+^=bt*FQs;9ZiNG!GiVXJ?8HPp zpszBKer3sa}_)2&47CRiIFN;=TG{GqY+&_SuLx zpcRe!DGGG}lhn~MKii=Gupf=5PclFZ!GaR};Li3Ex#x^3e*YD5#bR*FTi_UxQsf#h zUt94uEvE!l4sm20>C+Pi4w9)c4da=nGD>Psu6$vyv%oOn9bgZV%%J#vpmY00{UH&) zC-+7G_ZmD9YR0eEbGZ5fIFF70Ks{Jcy=#A}#Op&^?v9hKgB%!oiD3lBfFD)oTcrAu z8%G*l^sV~htBaKVm(22aqy_-~p|`)P2Z6>GvKt(k55`6ro^6P-`LJJkWjj!@}W5I&DLC^IJ0p9p`6I}a6Gg{4u?a6AQ2uu;F z6VV_RpkPJP5(GrwNKk90LWe3M(!oTP56N=dV)jsE^IU0*zOPh=3_aFV)OFT0h5{)c ztWYVP!fI`ehsu5i!{rb~0f~S>qSP2Ff&+p~w30pdoA(7U4S@(_YlDPdq5W%+`zeu36+~lsdDvUmfBX(R}4s^~%|TA>mfmP{FL2$BmE+ zN;anWZG?KO(gH5RCIq59mp>9kbsE&a@ViVQuV`Pkk6r0FIGkl&U8NFxzG#>8A3Ol( zsdj^<1inlL=1>+^7xEhHSkZu6Ow%YKtv5gFoVR7!tv zej#R$x|0+-Gzww(=^D0770GJW-J^$ZHtC3G^KJWPFcH)YzczCs!oQM*Rz_z*2 zvo{}UT(~w%?9T@+BnVN@;^HZTm3Qn-qr@R9Y-$ts$Q$*crBm5{Q#*-p_vFDHfb=BPESZGGEPuiZI4g|wF3 zn)F7dAg}Ts@nG6hwnlOo&#Yyn0Tbn~HWJIT$^_LKB>y&pEueeZHl5Jqji9Cvwzl}$1yoS_3`iZ%j zA*mh5mc91!SiIVJug(O?B0FOW6RGkzln%k1`4+!GU#J3gJZysR2NTe4PcM>t ziz7sk+G+{)Qb}?(o?(PPPnNH2n-5!L#(DCN}%$oLs zIUaosH`3jWtkgAa)=+MmG3@^BYXfa-S3~iL|lia zM5+j~VGj|8ga|3L@OD;s%2q~tR{N|y4<#GsPBKse?KU{=aSx`}2~oun*)ZJB zP-Al+(~O~SOo(gZNC#htoiNyW8nXumsWVLntZ&$^BZ~E+>f4g28mtrVtMeTcOejC}z&nyp*u;H@R!hxGN6{ih&BC(^*IP|# zzd`{UctftmES(LBn&W8tK|hTWJs1vd`@@r}2lt^z!n8dn@oU5G=2u=l{Ak9}n-`@q z2MFPRB7`aB(94zj7RS||RDM9Dq7Tc*cbYR+j&c?ES?vC@`R`VLSuT!rh{8ll^eLgQ z?pWy}X;m2Axgo5Y6sjwkV)kgjE0nCdqJmY*B>t1Fu=J-pu}4j(Tp_T~pgw}FNQj!N z{&rV9fEGO*RynG7LS~|tJa0v8-;V5H6&zRHhxwNSLHDS4 zuoGN&>$0t6W#e!J-`BTYORpf$Em65&`EMi$a417;QS|CWq>Sxk<)_0Q1H%nQfj4^O(!7MGwT``uwhkbdRl=846`$n+9 zF5}?j9SC6e$#W|kUcb&GZeKx|vyHHa@wI_ixip!q7GhM`0#E2!_IPvL&w6lTr@?>Y z@IV|7KZyQ7~Ua8EA~Il(z) zz=b1n2iM^~m4$`3NE#paftGxa+Prd^ss=SGoF`^{#80;GmEQ^3lbWcr4m zC5&SUWrfQs@uYX*!5S>b9#d6Ko&BOFO2WE7kgxh{^ z82U<$U_U0{fy(!tj2!)Io?Ogm%%0w~jktG1&s!AS$3J=C(m!cpakTWmfI$p46V*fP zS1xG^=)_E@3NA}Q1Pfovp%PqqLXO76Xd-!LX?B7ugbKk%y5cCdxiqUAey9gGy3wyF zSUKDr*zfZ)CDV+aZP;CN0mCq6_4J-q=Iau(zz2I8$~u zgd>O){GsKItTzc+8kn%wM?GWIDnqG|y<9`3gw&!!>deaqc)VFHd!E57>>~ghOd5Pk z9*DW_@LzoYwObDY9Q?S2CabP<(~u+jz-#uG#IMb|D?$Nl6EC4<)(@Ogu3m4?4%!cE zRUZZkGK}f7_2DpF%E_e(*?>}nam_yqC)knv(>o`GP(2yhfrYfVwa8}njuprYOkJm( z?~`))ngy38kdCY;@l~R_8&w|%UxNIsq18qYzmsW(Jb?BgD`ATc*tpmUwQS#rdhTbC zFJ8>iHKmpW#~i*t{a#M45W9|$hn2HO{eW07yd0RX(rOh4kDbpVc!H?{#4+TPs6X-rwlb2~+q3bbY#1Ds5j??aov&2?Yih_cI#MigsXQEgN2ZJ`!^ac=ECa~;0ceNNI$tB z6g=%v&nd#ZI!;I+f(ZJH_+7{6+8Na~Q=_BuwF4edR{}3N2v*B|&tz13`JV8k=ugaS zPc{hW^+!+ar^rbPop0fN_+Vr^3%roONRr?Vx5-$jet7XrS?o_&KUP*&`r|0#eL$1f zh_kV8UGw8(5jSoJuw=vve|>Sx9P)Ofw?H}KnAA+c_sK#M7%4!!rqGZ&N+@Q3{v<$e zHz4hh+!F&d!~N>C>RCuDRy$1Up^>jGPW{rWeyTqxkdo^YZ?NlkA^#yXf!q|GqvcR_ z1J5AmN>QuW__u6Qu?ZDJJFpBIS~bqNH6GsYx}-=sBAJ39TmC;tv93!1hRG zKe>2dbE!f^pwyYA6)sC>g7xrWg2kH1gELerd_b(-3*PJ$E|VH;q2zxy9q~ur6a4ij zmP35C8H#(m(>s^pHU7hnO+53{P6YEh@gY;ngQq6{+qqatKMBL;Wh%5S)OS36?m;nO zt4W?T)PKkVXnE(Xo=lQ#2Cz?j&`|CDr$CuT}*_KX3~ z>pXP)UKptX>`t)TKkiBZ?i5<`p;)WK6u9ry&;C95ns#%c2Ekn#xyG)cEC8)$spD9% zdfs82JgmzZViWY41_%vRNyRgu3V^RKjhZtTX8*vC;Gx6nyGHEG{3jOYL)ND)KViyV zU*UqeANY3|_e$*q#>_lCNT6!ED+p!BZtE@I;m@Y^zrGb$b8lE zn1$2W?~i6vg-9HP*7^lrX-qrbnh=^NqJt^7_{1$y1wk=BT2Oj+J0c zU^!dXyVM}KcDxqwibS(i1r%NDxbBr^gT6?D#He?OKbrc65taUv8O8n=UY^ZE85xuv ztb{^zK`|k#Nj)+RK19SM>F>v``Q;QC11}F21DM;01C$Elepi3~SAr=}>g_jLbz()}it|Xh6CkVVB5woqIb@_;%rJZOKl^@TIb}p2 zGGTAM*>!Awa36)H^M_g;%WfM7eQBr!Z1{CHKN({@uz_=6@)yYv2}`mot*wE8Mv)Aq z-JSL}J$zh7={;m#E^2XO32q7sDBG6Tn1F=I)r!#&HK$NC06ubcLkUhtN9XvIJ{)jw zP_VLMfddSUjuw?2qSk80k3_&A<&GEK8W2e0wB~Gd^57}A4Z(~>_|B2?Bxqlg!Z3Su z(hLcG7tlp&Szq~J8?oUIO%=e1XJg9A$%#BZl&`n@d7&E)B$oRw1Mrriyg4}kon{u` z7n6&$u2i$zoe~61Y8ZfQC4f>A-S4dA%f+L9#2Vmu>*^zmhBrLl}k`*-yX_Q!)Y z(!9{@$bv8lh~aBeS?B>yY2il`nxlZ|bG3#kCeEa^e|B*JNRBozu}|TrEH3$07&tlM z&$jPT1N5;-1w0G!m1?cjiMj2F;~5ydi~?isBu4)t+<`cTqS3^xz{z=qUycz)2dT=q zrS#R$nx~f};#l95A|osB?5}1iRX=O$dQmSL5;fO!iMZ@;87dQ|2O0Z)cl>8o$!@dX z{MVlV98)jJ$Q%DKJ&`aLfIR*cEeX`umb-eja|a`dc|fe zOcT$t<{dI`n}3z-33Sf|b6Xn3*7gW`Fc&;HG)yD>WTP$bED(tf{-1KC%g1jAN+j>% z)gmTv@s^Yj&s6gMv=P6QaekaX303b0;=}vjw+Csk2NhGkBWS~{VQ!m zOz&O>8ioJ6IyBu`_4S&-RR>^WCNyRq<~m$d`BLdA9EcN;n6}$cGWc)H4Lr`aOOd&s ziAdRt>c&60r-6L>@ZCM>2$*_>*?XvdJ{VcX3IFgx7gW$c9@+adD8?kCr&mYCs$4N| zlSI>qGZl-7D4@F=mg?n82&B1XFc(m$j9G{mDt{9hiP?;29AqJ+UTSbeKtghXg6QZN zE7X>7-QC@3IrFJW3;*Yr_CI?|hSwATBQF_hplj!e(9SH=KM7eh9t+(w>ZgQHksSxC zmi+|Xos}(C^A2!n(j78#a)2*Z^LSRbsls-JRIAk!%cNSJb>`;f4Db{ZRlj@Xsa}gW0l! zxw<1}@UZ7aMe5O5@*CUR@PchAW{b7_yiV?<4-d@QvdL_2jct^GvbViRDLGmU`~n3H z4V~Wj0IbPes}}>{+zdL~8Kt13LxNypVSUKz;rnOQ9;g}$JKhdeeYIPwZ~|3kRRi$|?l zYXusqJ|{2exEJ*qqO9HDUK(8Nn}fF1ko81Pb-~L!m6A-9Cu0I&V**05$M?+AN=eg- zM8xb+YE^-S9W31?&VnFt9w*wJI-!l=bL^a~{%+tg)43^aceag&N_0V*;dNoosKK%F z`-R$%gT=b1Z)Y}J2G<)!5?@exy4(F}0~l8xR6?9k7=#O+52$E_=LyP3L28;Kd8sM|Q0i2$Wjfl=1Dq`K(A9ttFkJ=ucvma7JBO`@Z zT3b#A7?=$gYnjkhU*T~4hhd4ljd{Yxfrv&F!AcTYe1PR?U6JHog|~T${1daQN69LzXhD((B+M7|bdORB~t#_ann2cRm@3)$* zLDc(SEdZzCQvK-hqOBuIFH7%Oi8{*1{VTo{4mV_tQuM7sRbO(%ddD43*_V`n*E<+o z#`U}F>M%pC25gL$R%U_wbM^>)R^*7SBNwuwB07A5JD8@envv6EKud8Sa6HId&0eG1 z=8dLVXCrcX*rN5>q;`E>HcXc^Ft9l}HkxMVpd!x~|%-rldrbHo|WcmE)R z8ylUJG^kd8ta^8`$oKUtm1$VKF@aLPX8?n0nchGg*;(`W7fO|4T+v|E-rmT)s>osm z(Evd90a|}8!bb0d1DiipRPZ>9XLeK+3L&rM$t2FVAOmb#p7tQy4>R7Tq%>l*dEVd ze|1o2=jyt-V!yu8>lNJK=rh2X?_f;!WPCyUn{Vzs4fhC0yO80z`lIvxQC12OUj=0JScEs?wbfSQ@jV6|skZQM82vrY ze?@}cLj&-_B&|NwV28l}K?BruyA^tx%~xCz1ZUD^r_R7f%H(GB2iGAS(EM)nf1c!a zKSzDetP@otGOk0Qpd2YG@zMO(q)j|KSaWb%C zrdvJ?r}e_821h&-O<2QKA|kRVtrJ*$fr+ zH}eBogI$*0R`egAG`cTT`Ih-)b|;I;5Y1ezb+~rZ+q}*|q%S~}*4!3I8YIxrOooxW zzMDI)9@@0gEaZrv9VC!6i6~F8G3wlIaqcnDG=Ih{X)>AtsMfa`F3?DBpa2nf$o8=2CU4*A76UoQIZ@a`b_p0oFGTdXRmf=N{>!Gc5wa~HL5Q{ zxvV<2vB3_(`FeB5x)_34iC^P`5|dkEVmi#mvOae`07(N~z4?H2 z27Cf2`wRU1{8(6(*rFlct5qIwaA@6tE*u9X@6)rsd6IxQyjYxYRzo)Cm&bpm+x67^ zdcqU4^}Bj`NYAzsJ=*&U!n8fax??^0!z9hWlmw#@<$}0MPP@(LQK!d10TWg>l@sCF zOIgLVAH$KawC^hIH_$_KM#^kE{N2>5dz~KBo?&AjKit}yY6K~iY4HrD;06mm%th2% zXWGxVX#I2FF>`3uVn=>a7a`y`Lhn!$>#Ki^bdM8Id zXCed)JP&Fu?r^cOT6OH@#YwUfo+mv8&Ib{!PmkZpJX$~XsI{1W`YgUh4X;uY5CBOs zv>J~D?z-M+vhdr>Bh$vC?cq18M=MOThTom;&;IP~ zjg{+?0d7B-0=e{|SpqTBNHW3apFVwZJ}~T!5HHs$-(2*{^f+|$ygg8Ex(LV1#d@A_ zA1pa?b$fKLR%bJuJ4^D$x%bEB$9U^uO2YHw=Of(xo#2tmP_m&29yggUm{bv6UW|=zz7F8qn~nPn9#jp#9|} zn|eWVaj>Yg%H9in#%?m7k}6BU*h&p9RPxa!29n#e^fzsKvjUbg(e)meav8k>&innj zf?QT}_-8xJ_VZCaIfY6?9)k&yuXK?|c_hUG@8vejTNmW*YhM@FbAMUKLzynV1xAKU zE7s7t@#9HfyWa)->|jFBMrV+t8{zHwZy(Z9(n5_I!WS=8vOKSm-3Zy+{=qgP8HhQB zT`8|qSpZwFa&f{RoWgx-Dyr2{!8(J}&GM7o;-3n2W$?^xOK?vb`p@2DJGdNYbbB1t zrt+#*WP%Ti(3&cQgg22tM_Q1Okkp#z9+J0~j?d4#JA<&~a3guJunpSG6XvaYPq(mM zwTx!)H(@?=oG-d%Nai{+?aA9V?Da&FmmlTZ*@;ld6{x$t25`gO=^$}p#3+8(QUi)Y zZg4O4#um;0w*6TEYjCUAt>H>*F5sgu2QZ3sSubnqFwoO1ot@jO!(0L5U!_UTf2~CW z#_;v2qA#z8=gs0O+|J;eE)sQi{Q%ub)49&P`B)YfJSt+XrEbNlY9b>E8LI)#-JQj@ zTUyE8y>4K+En3q>XlRe~4(d)1;3nB$Na3rkkmX>D0-!BI-r*zZ^=}0jkiP-RY ztQI7->7lVy1&4z6Vdx{@1f-o4eSlaGq?Ul>!`T}AWi(MchpYeyLRfX}-t6P&0{a!$4eP?`LpMUo zH^RacVVS0`_4kZcHewR5#4Rk|=5yNG+BV-<2o{vp{bXbeAV<7zL`tC)5cqJsUrlnb zaCSq`_TcWLT=v^?i_uXQ8;SiC+ zG-1`qrVkXMq0Wz4EM7e;U$2R>h0E=wVSF<5p-KUrR@>+ zI`1NY2NIyY*y3?{`rYFrU;;dgRrDLYcYlhD0x?g;LamnOe#R!LslpQ?r_JsNQQFNQ zqW*!%nEOKg_CU7}&P3r_yi)>^9N(=K&C|aKVx*-uA2NWIwF8A#VZXs!kb%(Zd_aHm zXD^b+ahram(Ri!yxc}g#ZrSma(z}BNKuifr3`1YO+rJG91J(&zVM;jGfW0Opgt>ds z7GwBN{oCpeKn5b-6&#t~D8ReW8Vc{*8=2lDAPAb8o@|U}huvDI+f?~VMNAdF+CLvC z4ilt2+e<~f5Su@@yL#DiK*r|MVtyeA^+4=c(1qXw1}-#ud3M@YiflUjf@0jWpO9DJ z-jB6-Fw17#!2lMa;KIT!K(xy=w5=R63;4;KA0OTvU%ZM2hP=9^58P>-MK3R}vp5eO zP2V|kEy z^dZH|xqIAHtEKT?ZWb3^mw& zb&N&W1VZlE9|5E196i8F?udojKH$e)Jl`^^Hz|G_@LmSO#l`jU;0C+V*$e6A7p%zw zpJ?O3PJPZ)+>KHdhGmbVcl*m;n7~Xsavy?_4|mby{Fu4oEFhkWX3=NJ<&btqBMuh0 zLO?U_w-zE|=*AU`xB}fJB_}s9rIIZoetvjx_fj=VU?W=;VQ07DqiTcmL5jAf{Z)i^ z(El(;t0IZX1orJwKM9B>B#VNZk6liF3)KX^3|cMUKM@K#?OSy{YQ=5U{tVORg7_^0 zi41w9MEFr#reC(GV0#RO?dnjnQkcEV(K6r^-eB>#&a&!X|^}qUv#;3QB-gtq!>6ix-QX36e(sT@q3hYnfd|BHbC8UcziRFH@K;4 z@k;eu+*x&2P!T{)3zZ7Wv_0fTaa2;!z~mR6p2}*`O#5-Me{oM*MYbGCbkmQbd!t~} zj%+AHB-B%iSAz;2^Y5;=s-KEDpgf7!cDV3V+~9VaDbz?!e68(*KY>cAIb1{jAIkK& zV73O*!NTi4U~Ud>T)_3$?-EdGt_5y+*nv|1UFdTrhX+|p?+J^VpmcvFd_#P0I~IVj zpUEEdMUiv>?UT0f`3=Cq0Uq_;l8l4aw7SE0W7Ku7;`6WZT$iZ6L3uD6fNmcL8TFsz z9*sp22IZotXzHI$4>M8w1sb6pIyo!FXw1U2sHLS1k=twGM5XhZ5g-IsU!&!lrWEs@ zL%A|VFEZMrx5_dThz4lK{`^u7V$feJy3ueb+w*^nei;0bOn=C&*4!XKnJR9m195hQS*hS;6yrFcMPZjOu`WzQ{zJkZUHdlzhKuHK4Z6d<+rICKU+NTz|@b=2Tp(t25|ZGvDYB^ z`})BgaIHB=fJsto2M5-(-rGaw3sS|H|Cird61ZeoR(Uv}@s>tE})miJ9A^ z(_|*j4`1VHl8ucQ>; zrdp^qFKOR<4Dv*v@-0l}jKTcLhXAhaVhs`MylqMz2hrW#nKpS?qt+G$A~g7;>8$sk zU0lFM#-eH%+x!p47W3;dAb?~!^jeOvu=bk~C)+0+w$IHmumygAu%(v{;*;rABcC_gNfG4!Q3~|23|8 za=kuX>{GWm7LJ4ZpSz>@f@%D>252Q1g)gn|%bHGS4_&{pD?R*z=CtejHH5<*XULuk zWUK!cnEAKkow}n>rP4!ZIzRH+H=WBQ8&WWP4xfN z0iD8g)l%)Atm#s0BX8LDCP3cMOv>HJetdNF^(!e-`Pyt0R32NIKI*PrBzIWxQV!Gw z6r^T2#>Dp?HJA>yxrm42WW`ls=vqIQr($YW)e>a&+2&Rty!3%fuw8b#U(Rt%?^3NY zaJPxoNR47&ZW=aTzo4cj0Kr8>krIvm{+vREMrlwww)f*tZ)qk70GQS*XIpO%L&6T8 zz4TPqV-J>$ChcA8LJ033orsT1c)il>29wHVJ2d5du}{!s>ilzQDQh;Qo+=vHFXg)e zZo}S7kf&_y#4U4K>*N8*r(DQrNg~z%>PFN+wdc2`;aiA}PuYMEA-ix!M+d19hutbq zFAJPd!%+5}i(Nw{quvYdmoSJ>@55oPPc==xMn@+K@`P7Eba+FhSgL)rmYzxrp^!=#CWr>&5;1X+M$ty*4fCC-DYMuXOsCfa|dky?b7T#e!mJpIWmdpp`mKf>Io!T$%01ey^>@t z#jXO@zbEp>t4*C(n!f5s=&yJGz=XZk9W9X0OgWPI+IH^@4IpIS@3|R(ye@n^SJ3+f zvcAwYE!Z_@KKIe5^lzBP;gpjbtMk6AtNQ{O*Te0R0x;~2GDq>#{%~h@zs6P|6P$31 ztzJY=sp&Lsdq&+OP38X-Zwz*JnFLpoUtNv4J7R@=a_Toie0sJK2`FyL{sbE+)$(P? z=Ie`GyHAe!7;JB?t+^7`)7ngls8Re+6TUa-VTwO8Xq>1mNT{iEZ9}(LYGbM~fD%o_ zh)vSh71TPb8Td4FrvQ8 zR4thJM5zaH=rC>QLP6gR<^~AdpYIsP_C}$J1B*y}K?WRkubbvTot8#@0H|DF4DH1; zoQ&<=8vKZb3%ie}|Ipk2nMd>V=6YvithwQyy$6K*U{WF}dZO;m41h>k4Z0DW4?y0b z{pw_;@mwdU2xRPjExPz>-%jMM0UZ-&ih_X9md!1isTzRLmg|}p%Qy(gc`+H)SVr?M z7aN_Po!@w~qz)%9Ok22kUj97ybc^m0{^2?MHy_Rk3I~m~;nNI1*I2~E=&{%IIRAcE zNmSK4FTk+K&&wNRpRgsXw>(9ErUdl*AbA)A=*ckim4DZS1JN^vCQ47#!ZYW1jY`NW z8*?pe_fZA00WO$zx5_wmm-pHlm!$>8$^QAgNCoPQQ_=s#pME$P0mb!o7K4oUl{YrT`w>VV0U$m>&y`!T-__K z-19hIg@VVJF%p|_EuK58)yduFdW8N@R=~?@uYm4NbdOdZ&LAhQla0QLc^#DOM21qaf-7a6-=_BtF4 z=A$f>aWaIqg(o1^3z^EF8;0`5g(wbhyQ4l@&knSwYj6=6g=rH|gss>|DR2%$`$mN= z%CLH3;Sd#T5%Bk}fBP_4$j2uD+ouN6L8d5Ly%Ik-`PYkIp*6Ke@MRFPuMj zytJu0700Cc96)y+M{Sa8PpQs}15I?pa^1FI04DY}y9stJE)szpb07QYN1+yXwD(QU zBmg*GJK+Y{I)J26@J7})e{4L#q9CW0VQmw^`jiy-HPIuedIUHHcY!JjX!Y`#=g(yr zWP2(9K**rN*oUVZm;f2vD z^I*7ZRP`JEeE@W4y~Vwy!P3eD7a0ub#C;m5>+{HOJ=>n$CB2g?JM+Q**Us{SMhmCSFwG|=Z>}Wn^(!3AT{9<2 z{Hq;EIbzg#gF1ROZHDH6n%-04c0WCC;3Mbzb-nq+SgSFMTf1Hzy|lV*;&>DSF9!4O<U~jg( z2Shc|&dRE6?&o+{R~vjxT5d16d6lC6)*QVLw5<7wKWCCBU}+Ji+FxUd;d@S?>=OL} zQkB~HR!_@YPH*22mvJHAt9qHXW%JjI0F}CDtLYQE`MZ&^eFo`e`EL^h;pYaW7Tq-9 zyWr68I+VZhJT*-@o=beL#d^+t3$=P-Nd;wB(bjQABko04{r^?Jk-Me6xnzF2i$q*y z)v0R?h&7h89Ye`&tG^2t>#c^myTzW;>NDk!8K2 zQEO_xYoL-G0DczL8rUYvei}6*)hvv=1i{(Lm)l5Lcp6`XY~L)0%PW$3P%^YSoQz4~nrLnQPO2G=d?Sg{CqP1J_9R%L`TGG1L@G1# zo;H^i`@Jz^%Se$iueNA-ygZyF27=_34x|guoz7X@o^PYB0zh1tD9`cj9>BCbwPS{y zoP-ykUUlV2vq;exe8)!?qka!NmrJ|fbH;-SJ+^H@hST40@!vRe*eri+9=`-z_>}!3 zjx1L!V$l;~>5YDzu~FTkQ2_YEuN6Tl`^0@z7zFfJ6)*6mG{srWCoVw+0F6Wxac~lT zABy1Na*H8X?mF6S(E_gN6<;0vHurN%qQr?y9DL6>GGQo>h-OD|7& z&8gig$a~dd5}2&i;SX%>J1~4PdFj=bO$jyj79yRg5UTJ4=Mi54}j@R9f?@z;V8*&!nR)+`Z4t7{K&IkF>k*JDo}pxx z!5EkS)dH|%w79qUvl$Q6pOgBNgRGzP)k&W^x91g(z@1(FV7Q(p$cy0lJbFQck($)t zl&`K(NV|rI(E!nGyRHvOXSCo5J(jp#@IJCOMzkV6i;!+RL7v-T!%n5?CsNdbK*W^~kcJk!A57TzdAEMQ!ecDwEXP6Y5dA#jVLKmz+m;$88FV)XP8W+lz(Z*QYp z@iM@O%WM!saJx--PqO@oI%GDt@*w~cDc5u!K3)hFxA>8Z^vz&;QIpF@6omVHE#IeM|2fq zZuF?_$CgcCq$5$d+fj3_c)5vwv@e>FB-&q~Bb39y=V==ZN!_;4?ooA&E60!N+sVp0 z*euJK0nfNxv{yM~bj+bdiB-VUcifeg>yj2ZY=FI!hkB5$Os56<%a2f?Ilxc50jnsc zGOgwe(cc=+QxQfkVn`4^yK74Y*fVGjV}0eyt-Qbi+Pu%^yNP+UAS!sVH9YAV&q9N z#_H7#@JXR&M}OJ<#5~fWu`l2r6e--BgwmhmlyRV5pH<}K$Uj@?-M;oTXYHv|Y(k9s zrl%3M$e){2bsC*>CHXF-aOuL49P`I3`o`BrDWk|N8n`g;og_|P;(DS?&kHl0%2kQ) z%9hs!Xll6#t*drjo0ddk$`-Rk(B&ed)a|DqxQ2!z{*>T-5D># zz7Qd*lUqdp2$K*rll6Y_Vxi?PtMsbh{Zz8 z33Lt9JCxG~Ll>(5dPCp0*TU6Q&#ggnqATRCd|89tQ_RY`n~qWBk5EN zhuW)#XakAa#jHZ|58b@TR-K*AhOe`Rl&J9+Jo6=z}Yr0vISsGm$%jN%&5KJO>+#Sq;;d%QI<=QfB+Q)!;k0r@lc87$l5_;;kp7w_uM2m7!IS$q7R=PKY+DTS`Vt1kG-}*zu<#no`R?;w}Uik_a z()&Y^leCNbdSad;IAF|uFTx%JZOp*&$!c>NNXCuyrWt#r;;3P>T2gexVtkcCV>A01 zIvuk5A*dOy-|N*IZzC4$WNt{I>^6yrz{&|l+x2I99Y05`W_rC$J{a3|<@TK4r7#xHd4nhl1qeXb%Y;(LX zw5rxM!(4e_nmBxdEI*sim*}G6&NXSQEEh~pG$KeDFJzb4SCugcyZ-LaQUduVI|>CN zw{w`@D&CzJ6xM+{8HNCgrnhsN8LY4F6B%J4R5gsBp=kbf2CYue`f~FtZQj>7Z!qk- zSWe$JA(laobrBzs3P0>5C@mSt`bHLD6K$}(mEZj! zjU*@;cLhzE{p-tEOS>IG2-qPW;lakSXP-U>=^nEw7qRcmvteC6Q;=`ri`=MI2-&heE8_e1*Mv|!xKn1Y>Cn#w} ztUM=*sCUNsvy1vsvx^Ly7 zj^O=T!6t)=N0RG8lE{68IbPWv+B zETwoNM2MTeCAU$_1)8n#CPQpbjAhvxpSf@S!U1AFePFRz*4h=0(pvf^gV?tBQ!tj` z{Lk70U3NUCZ&DXt4)+f$3oNA2=Nx^Io@f?3$+0ROS$X% z8i^jUl79-aTmQZlRTihBTFT7e0T;}0Vj9+Cd;aTlqm9fyFK!E(&@HdI;d{OVd!kF# z?wCq_$K8CD(t(Vi)y7?KdudN-UkazbFWOpH1iquOUeUzmvoz}|W-y6RyBw4@uVKGT zQqFw&amWTJ0*5gQB!Ff9ObI9UEsB3(eTupLlK#d?R%v&LWwLrELG`XM2O~=ki*d{c zd(cV0Xoi2m0JZCH4gjWT4Ij^NzT?ur`g5Y1~uNRUH0xR>-$pJU1Qo>n=OIXG7wZ<(BrP_kI7cbQUAVyOS zTQWlOgJEJ1B`-2|-_>it`1aKfN=oGR`0{09+6rM=?a%E%9mbgJU|Gf|VDzNVaUL`V zL%WXK5lF)4&Rp%^-TjI50<*VY3;t#GG%Nmnf8%CiWb_@{H#29v4vNtstXf>rG74*8 zWKOygqQ#<1g?=rLV3=4I#I8V6<0`nn7`}A%t54ENQ^l;<4LNn zFe{0iDIv;sI8y;ErHaXVu#TA6_s9Qiaz7fZ9QyT;%VG)r&ot~huC1#fdH1AkY3LR_ zU$oWqZdZjRj$+3hnA+D;_1-FObGh!WEE+hmyUe`}zkhoxXr*I*w==RoA%q|TbN6Y% zr_f_`1Uc2@C}!mm9_I+cJ)qAgC>%rZz2r-ESok*07eFkp@%*ouW_sVx(G+y|Ah<7U z6*Wq1xp)HwYno+2`A!s;Cfp!{3A@^Qwz4DC>3PQINRl zOX^pjy!~^w2~}2Mj$WmGhynSyL1NrtIL%0$@W+!9MbJCkY+t4FpA zcLf3oR=CyD7qZRB$XF(XNR(*RzRfb+U0OkldHk;ap^;*ni|gCEHALHz7w)E&3;WvR z)K=YCWoHB-P}VVRk;S`k8FBCf%~$BKJ_ap`OJK9ChwNp5AhZ3|V-~_08W7O zznA~iKUq`up?9ieYxvLYq~o0*OZOFOyPn?(@3*k26woa%Iw5XP@@)og7C&tR_@bmsK#&v=kq+q&0qO4U?rsDGq%Dv}x=7!>F#e|-0$=J z|9-uHUe{v5LauY4d+*sZbIi;>rnEi$H+z!xhN+1QOjbM!;X@%+j%tofq7_2?ZuRn)bJT9}LheJ(uej5E=cB-E< zO8{k|R^_)Ze|M!IW6Mt2ALg5}0>;m58HhWO4zw;Jy(3LF>TSQnMH2l)r zU+4E&gTkFtPq%w3pO*IFHEk};F8=njJfF-m=b+K;za~r8 za<3fT^Oax-Q)zcpS|`N!i$HRG`kk}Is+HfjDwX}z3C zvQ_OuNgXUNqH{afZQt1;nQ)K~US`T`c}4)46k$G3|NdQKcyO3$X<|!pE!fA593G}e z4jb*xXoZv%8+-pyfYj$j^_|XN1HmU<#}4NST8{M{Bc=|3)4Hf=BUQPLAmmq2_aa?- zfSC~y0#}PUvFF5ZJ2xrgAN~488-%%_%ps*f;QO>$$4?}PG{asRy56N~bQucwC-zYQPwMNFrL!R8prp)H1%KGZ zMoxFs&(*1-o02HnUtlnhjHV7!A-q zWqF-=jL-SGfv73(+Q=WxFTMV5tLM83DplB%u^b`ZEV#;$%HlNA(itnVmyueT@6?Ol z+73V+#m8=_M`}T4)@g(&!~z3|tFgAZ$ye& zzIz_t_$+6}4`$o4Esx#9gDr9Cr#ZM81oNbZFDxk|BBsKY^Jj~@FQ`v)3~EFOoTV zvAEnMF6-v15)i~jt6#9t`7JO%hoFsmEAEB8ZZgRk-YQO_biO{(C->m{EsKM4476Vm zP%!A?6fu#J;t}6G7zWO~c!Pa5jYH@j_yfo>$ce~n3)@Z4P_!oL51s*wD*FjaA37>v z*V$)U2)Wi4`BrP=-5!0=uTz-^o1u&|_nz60ba|+}NG#(@T|~WrsC)XE68|%U`|8(R z&eb)0Ea;sF3VMf&G~{EAi?+2^9PI_($;N2m=Bs$A2SA$GfG|oMr-4Q(>%mV%rSA-g zJdj!^0~N^q(QbVt4!4_wl$6sDv1BcF)mAUf;e>Q_zkRv-q3YnNCoUde&m9<7rA98V zB6uZ%edp)l*jDqWISBSSIB~zviTr|B6;(>TON{M^y=<7RqDpQMAW)?CM4>s3hQ>sD zqlqy5hV3&$_daj^;r!j56B23B0&UF(Ov$d%#gE|VN(~)*$3C1IIx_5S{lA%$ikflf zR^@BM$7aa{CkbTgX@c_;;c0}Y zo3yKu5j#AEV>FMtEW&j+PcHNu<={eN(m6q>ktS8rTd&vr1xMK!=c~Yv`tK0M44OXo|T7>UXxr{6C2#PyLi!cC? z=Gzkv-8Xi+`^XY79|7DS?%0S;kESL!Tvbg)7LxE{YdZw4jL;?hD&-2oZ`KGzT(p14 z?b)031?79$O2a*vF1itzZkjUn^LMDMvqO?< zwxAFTiI7BSY+Z)ilEFCP7Z47~U>SZzL1Bf$dz@qjc4=1E?8ZkgrZm^Dn3@_h)~YF>0xN`Nz9{b>H(c*0NxGNvPMTBldSkc(|TC2PZgE2dzv{ zf8ARWK#jVtD{*pTcpjQk_d{I8{7j3s5^1Xt@SG2GyC{uMod zFL6W#M${L=%u2{0SB*3zD}Nd4vq}Har^JCiQ2G_Y{$~w|3gDq;_FN}pf zIusEh(6(lp$b|6v-(}jyv4=oJ7p;CzHBINkbO^dSZ0|H7{gquFp62HFp0c&eE_8Jc zh`Q_Q7Z9zWMnpvkufFt&={bK-ujYvpP{+7kjJ~my`ts$=eP!DHgl6%0g`=UQqL zgNnu$j>q!kEsqF7n85kp1+EeU*4_6J*G`+XQVCIRJn@BQl~0j>SO(v@`*x~|V)T@j|?K z(N-mpSc4R;4a#bdl5)Hlp&S210d9dw&}1Mi1FyVWO;<)CsKsWk9W*4n{Q^JoHsz#g zG*hBLgvoIi=f~#;o<)Fo@J|xPeqE8J=W+)ZeOwMX%X3v3Dc|)=0KD|%kTLh^{JHvzI`EEprwrp zDYLz-2*GY441ffnFrr=G%M*W3^g6A(zTSW^V>-ltj~Aqgr6fkAsAt1;FoiufSu%vW zuC+?a_8*Pt1K2`iS>KXgX4M`J>ong@JsGNf)F;ir{t-YLm}T;}81M?Z-LSCy4N?8R z6GcJ>N8sTIT_4>6A>MC0u+W&W zCl0dlFbPNo*5rKUwH~s0)>9Pkq6V+BEif=+XJ?1H%CVs* zW7pcbK?@V#2W~ko-E>gwE0~0f_J-VBMucT2q-%sgL=358KCKEyFxxz;m2nFofGOVr z4v>Vu5Bidk1Zf3fMVRC9vqB>sW+Q$GhW9;K7`GA3qO zF|xcmb+izQ7Wn=7@5Sy(xs+i^%CwbW}B8gwb_CtbBPSpZzTTb;u=%at@}df zTAQ=9=~vpH=4zc)3|H!(1dkp6$!NH}nmT+eMo)OQoeyFAcX|&;IxJNjnWl`B89r5! zISGgIVH&>|)+Nw(Z^hLa`RuDs%cI^@+@O4qRyJrl^qUq&4kckzD3_@*6Q4c|#-ru; zS{gh7zwA4ra2f^TU4kqR^k*fQ;zb)#z8GI9Rqq@Qb$O#HDXc_(?A1Kp>O6rbUIREv zm}D(q8rtq)17YD!deD9y|20~AjiG^#TnwqLs5Wgoh1a6n->Py|AhQfjP#_PL*VTVfht*^s{MS( z^Qk_)SmQ*A=&<+Ar4BE9A`E`cRmW%YT~s4k;kBU@DZIk`tj&*Fg5(ak>XnrrQ4DNF zuJVCZtIQ#A=Av9Xid`BAS|$0!h1+H&%*;w>l=9OQ8sf;fM}6uaVC6YPBtZ@$y9KR+ z&lAxUn@AwycrWb!lovJrtUbWnMn+~SMDUW7nuCLz!QP_~T9Vq97B#&STTt?($Bm&9 zknZ|fMt6uMCw~Z>rWnh4JtTuL(Oxa2ZnE!*vvd}k6G=cB%fJF`lI>dM+N4w@56_n7DSn z$X;1{mCKiQxJ+=i8+^3!!zzsj7|9Y#h2Ce9NDApK_W?UV9vNmsJI|=tA0|u>`p9_QPg*R!defSk$B@a2#%Uu?x3YOSY+2xA_HR_6Bd^MCy4X=U!7sn+=1L%mOr@Y*I3 zU*s5q`w|_#$*iN<5ulJX8;}Obhzo;SyF4*u04cIN_YWZn5DV&1EX;JydL^ZnVSoi0 zne0#L;C*p!1gV%HQeqbYP74d616p)KXNX zmxR;zCocY^;37s!#=b~EP49&xj#y@b;b$PIdIohWC}u;TetH!Fu+%nqYb20|6eP?} zTVA)FT`D4oXQf(@Fc3UOPYS9MP8bVJ2nx4v_0p2R$LkZt zg{^7FDc=w}()WYiTH)B$v&!f!Qjjcl_BPZ}YFwqui$~Ad>LzOE(Two!# zXE%uQp_fe}EDF)abwP7X0DM%p_s~DX%a<9_ns;-m>6-SgG0Q-*m&^liL{N=0n_#tG z5^pMOTiU{*`iBqo@w8_YO&}Cdezu)jV}D0VcgWFLyQ~fIfZ}oh zy_Yg?-og_-Z%5qVZWzP)pIQKqcXBR%86|nnzMqBU@!Oao*1PcPLdUfdYt&{xz8A@D zHWi>=KEbPiRYflRHs`gGX5hRhia~+m&yXuvM$q}n*s7xzdh5ex8q#5O~f;E zVLY;b+dn_K_7aKowp|uUf1ogi30HNf`7hN0R6dyFL*&!ZyH-A%cOw@xi;J^!K|xJ0 zs{vY6SyWJ11SG{W2wpfh%)#Bb6px2fn}b*_VnMWsNH#x?&|pFvUhCx8N4(b6#zfi5 zuehv(K_UXqD4=Pd0n#phTT=SZ-9@GU&1SqG_qd|~x^XZ~W&c7)Y>NBS+gFBN{xD}2 zuOd)a>nCvN$na0IbYRkLUA>3D*ZPrO-0G`-zyCFPAE;Sy6A5z`YCB**p!fkA4y~kN zAVK)?2dl?9#`diUX$=cUMVZ4VQQ$3MQ+<9q)bQG6`&_?*l40RTn9s03@zoW}f@UVj z>DsChX7-Y@O+BV_-yohIa|^T5Jl*%0>%{z^bxmM#qI z;_5Okeu8*IL-#s0z*y%0$!1!{>y_Oj;ABK^CB!x845KQbwLK@g2`&0y0!hDo9qch* zP{SDYp7h&(>FI(=M{Qm`lAKoblE2Qhye>)k>{$7dHoK+?M`SQDsSgF0>~XZ zY6XwGKy#yY7F4U0$6RT4vEcr_aj@+cp=} z6g%YESV(=U0{Hvat{QI*Qt5;=gVu#JOS{nw%?tcl2MRf39g0&jeAT9jxFpfJeIJ6q0|%Y9rjx1-MQ4-g{lc8e=hdIe1^2U*ET2F9+UyKL48_u;fdbIl5{nCZ-Q} zRnM|kI)g-Kwnq9E!x8B>%pH#16a&;H?B)Ye;jphg(DYKJd?F4K@vo3(j4cYTFB0jP zuy18;R7PnG^_R;->_EH3>~GTRR9s~4-*;csvF->{BPDFMauiCngc$L3{z6h~G$%Nj zGwAFy0g1ZzmF7=-x9^M_tDy79sAP?}y+P~IUbauBs?+jummLef;1*u!S->E~ildKJ z zpoW~nis#9ANN(KR@1V?QhUpgtV4vJBp@>sF+P?Ku+d2rXjhxn2IKxZl>)G>FQ)QBx zR+&+2>tYuxd#XlIWuf|oR6?;0H(HVIfvl<@hC`xrFR%N9w)U-sW(47B^V7-rk?4hr zYYdac9jqdB%qbs!8$Gbm?{7N*b#L-4p9JX5x2Xnqsf`;R64>~L_eg0z){!zi9OdhvJn;M)Frkj7 z)pH<6fzvnW$`B8jyFgogeR(LTu3*^Hh5W=ra&evU5;QRHHfTiOw*2e~zl|ZhWy_$I z=z+PL)>(XWxLWufr#m~ z6*pSw6F4x9No(gfos(n=sJ{h z&X4{qt0-p3+TX<3e-W-(Q`4MlNlMciq>!wA-d2;EjWthNNimNE z>VGWAy4SveZ}G^LqV3s+b8Z*`t`Gq=VSl3T`Z7)jr6;v}8!d?|56@t|n^jQZ8vpvN zQf!}s3#02DX~*^tywCI63)ScN4H<9kEs~=c0zt*hS?q8!WB6e~__CMZM}s@zd>RP^ zhNnPpW$7B!a!X0+o!2!a2>DoN8kw#Jo5u8S2%ByoJ9co1yc&k_`bqc`)gaceccHr2 zd`hy=aqj+T615F6BaaB~Q=@4|v*~-b6JOb+IXqrv98$a5GP|jza;bB>$*I}aeF%mN z(r4jgm;W%E;WvKJ`Yz0k3F=x`j)C;{+nkfw;$u{-sLiR$i0y(-qj9x;g@a?CG^06v zk(w8=a2<=Sk|2I2fDTfU)r1*(uTxA%XX3O65WZHJvA9PuH;lUd--8tKG5Z&7GHAbc$&$N z=|H+G^d^61r1C)h zwJu)Rfn@hE2|H*t!Q<1`5lD)VsA|+wB|xM1m4{EIT#y2{po1OIC(h^vL@;2I;>M{L zAIWa_uPIeQG<$*B)D4AA&stTEI8psRS2lE51-@@149u%QHf;0HRS7uk5qIXy2oo?66^FA>U3l!#^n0`~rxddfx!c5tL>F3hlOxvasKa^?xPl@s zMIAP>ymLHm8bkZ#tTO3bVMit4WQWgks+Srk%_wEmQvJ; zi9GlWHwMPbK{g1*N;ZlVgf!7wXN&KJLOUM}zkK*Ck}5y2Q=msje?En>l)QDC&AyvW z$lSBHk9U&fX|FVc>7iChy$Ww|?v=0J#cMXXeXc{@1I>2>yDArY}^=(&K!*N!C? z$9NeStT`Uit}>7$a<;787KHWD=kKKo(ECu$0quCd2?2kFX$%<={gs#e9I zix-b-A|TL_+(2uxK0$F)B^e0h#O&AZ;X)8T?*kG{*zS2~2&MA^M#xm{wG(%GRr9o3 zgN3eV7ccuI5}TvDsk(aUWqLhlHZ_F(4XRx;y63HX+HhWx~8Vyq2eF%po-^=>CRJ+Cvnw10L z(m%UVHEy#-XLe@2=0oLOKQWiT*Wbh9iZajQ{Eq$;{h}#B2HNl5D&c9vL!l75o30O0 z=vd3B0V0vk`d}G7?5@(31Ybz<4H+Y*Xa8E^oSLJ7->u2D9m32(|K#`pDQ-maM18T)H?lsZwfzNinX-kb^5?|9C5@WGz@zr9rQ<)Bv%}+b>xGIrg8W(D3r0QC~#rH z9fRqi@F=luhz6p9O&skoxg) z^Lw~4NfQQ^rBgTa(lAEg=2gb1MR7F-3D4@JHuZthB2)7fF;gQ}$&}xWX{O`Vio}7E z9fj4)5HSiWU|aud!Ep7{bZ?aS@+rN+lE~V&LU?aw-&my#wAPV%7p1~oH;d45 z>dM!oP&_=}6ll>YMaFyjU>tC(>_v8V_H?Bs%BSwQL;glSjqtMAsg zSK1PI*j(7OB`q#KrOOz6dKwRSKVP2D4s&nufkRq3kzE*X^AiN+uWi+eQ!%#l>hG&} z+vF~(wBd&_;GQ zs{UD-bPGu`sMuOyJ_sm|r|sOpDt{J;$d5>R^a6yH}Y{&=W z@&1qq%vxFLvP8QEgUpW$6Z!=i0o;Je-UkLc4#IEb_+48M2pC7@u5b1b2>9z45qal* zPK$d7h^z6%-!puMp!6r=Uff3DvXTTKwico^j{WrcA2fxIivy{2M9L3XwNJ&pB!Q}f zdOBlhsKcpTAGf_Ad`i#zEe8^E(VJ|1;j#t8$=l<&8MNm#x!&LzsTurJy-DCfcVvrNFqg*bq@{} z5V%oPwmAND6o{a2&>rjvnEGxcbU4nP85@r-x%MkzJl4NZubkhw?VWGi!frf~t01>`5jp zJ_iMoJGOciT$jY$=EY0K~}Ng z1K5#5ET0)9!k`hlaFjG%h=V(sFH4&)SW`VWCFympbb~GhE~eSO|M;6drttJlW{BY{I&1jun6v=76b#EVXK-;eYGA++NL>h~z|YV*`xXT0_=k0Z z+ktoTZToI(L%h_SH=eS#tpV>?3|bRFO7Z=8piIFm(jM%z2Ud81aqKF4{5HC1<`+|M zHy7wRsH*zO-VUA-9Km>_93G@sj%U;L;7$g~OnL0DZhA;F5(UCr|rR-NOs6+i9cv5*;6(-`bKdaB|vYl3D z7IjMB&=&L<=Dv813bIZZ~+W*Y$S0ru_Bxh2@10PV;Eo>u-VgR@By>*8er@dW+Qa`N5;PE#CJL% zIFciqv>*`YJj9Lp_;5+Yb<}#(zsg}ZANJeWetzHh)vSK!nq!fkZa829S-w4N5d~36 zKr^v8*D=fVKSfT2HTbXut61e2fya1^nZO4$lbpD2g|66bq*;sj)n{tbZt&5qX-=p0 z?4PWrv!o>QOU?Iyu4C93P&0=CcmGDG0MX z^b71C;0_by?as-mZda5biTWnTgFv0?fpT*xST)-7OVQR-KwoQsxg=;+4YE%xVx%w- z*29M*0qRDrQKl=}dJ!vNzYaBfzbZ%ILYPXVjN$jndX6~=kjsbDYP z3N!v;k)IaSczAe5L&;cx4h?GToM)B!d-=3q6J zA5c7i*OqM38XueQe7wQ}tiK+?1V@PB^204zpdkU*#&=~F`^8)W-U|-7(bu!lCnpR) z`L5-XeVhc>H#R1<^~&g~ZD=}dYZfAlicrhk_L*ekYO+Cc@B-y}kdNixH3ioU`D>J? z)Y28SAdX)^2x=^KN9c3K3u$xYntFaSy>ljz6f$?Tq-KXyPLgIg{l>&x=~4RM6BJU@wEseMh9c}EDkMswqZB_nAJkp$^=Qq~DBE`1M>?U&8hn{@PAl~^rz z<DuLIkbDgCq*orj#&gQ=C`VInv1mu)yZXSoAPtcd7q@Z~H2lJ*!xjCqQZ(Bx+B;q9BNkC2WyJ2}a%XR)% zZ*C5F=^%_PcYSY$8!DWf9zJT@HzDBRZJ>7(JG8=ZJ>Cf}KRz6?B|EfB9$nv64IMDj z(RH+cS~7aLi#Y~os5?UpwdQsJdWxBv&UW>5MMh)Eau*}EBkIr*^OEr+Uo?$=A0GJM z>t`~s%V&Z)=wcuEO0=N}gJYut>I_{}`W{lZrZ78iI!Eu%%;4Ajq^P9=#4hX}cgLYD z;I|DfMT1}{7Q=QfnFJ?H@Wxg;zUQtD_x8q#%Gi>fi`jWwL(f5yPTfZjvqPZ2Hn@LtFNe$eCb z{u1y_dfc6j#Y7*UZutkcJl@;ap7dF}U6Uj>02mNmyma(7zz#ilK()#qz_pskIRxkd zG0T`K#@4HILRj>>9rW6_t07X?b=}t^z~=Vc$;LnOe{?5K^}G4}hIbA$L5Tvc2O^MF zM~~CNsl?aj<$50Ek>BJ6UVv##Gqy|t4Y?MGI@H6t{9G%kW*jO)YP=;0tW6G1^+?=@aH}Qv3KZam;w|4TQ;1GU|qn`7L6foa_A*b z87)wy`yOxK2JU}CPq4nvF?Y3%qn=-_QP(igob)z+z_gI_O^^$XbN7t0J!%9mn8jId)2^aJn>EPt4;B#zW zL;UFwTEu-S`?l|U{)^xE|5)K8Fj?M<2&5r?cjoeP@#V@fxzL_(e+^2?%UOMn+PtA& z+wq})%lcJ+%vP%RGr{{a9J9g1AkYPcbH;mIRfkwiZSoV;`HBV=6{t`(1zk1DOgbJ{ z9(Y7z2Z&lJqnL1;6V&cqtwszR&Q-773qI-uHXJs?0l}LhiQec1m-F%Ued_dXSGyt{ zz_LtOx2%7qJ8D?kznb4YSnxhzHgiAn@&$aXkIR=Wf<#d51{o=wTKV~IOJBBHGSQI0 z<7%Y^*ik`INy$pR$9|?q?-rV1(Hu`Ko5&y)JU-wp}-V@XMc z@12u4eK6PYyH*8!_pAGUgH1QPdu1NSm$etObjSCXOWfU!M`yv>sd$s4;^=D;PNqgo5W$J=jl?t*%}Eu%$~ zNdA`#HDO(}yH#l(tA8X*$+B{kfwG_!M{}hQR8~?to;H?W`-J~cF(&4qyU=jiS}{D- z`EQ1ai`4ye#yoA6$-l0#O{iGn00O~Nm3%L(!c-D<4$z^|bQ$U{UR!>CF|%R2u149i zw~qUQEH8WZHFVo+7QHaRF%2>H=OgWjd^ybVr#2}QFbR`WQ)2>^Y4r`ijeSV)5feRi zjU-Ckt^eI6g5enPJgB-fdYc0mEq0_c=SD&lsYR&)56!$htUk^)oYofX-o>mP_9Fyi z!738rIY!8kpbpx+b7!c~={Ay~ttkJi!a7LrL=?}W+|SxiHHb1M(?3txKW^2BQ1e~M z5f_ODUkG7}ZgGihQ|4jlBmBYYMq}#Z^)>0xrStw|Cg+xSvwj*%J8%(Mi#ct*3PX9@ z$k1Q1DkO2(GLO@#H;bqF)$1%Y^fZ{Hy6qoK_WjT=1k{8fzwzkecF(8uUH|a?{Zvr^ z+H4Fs%q!d27#Hi^r`%kU<+Tb`P^zKgV`1gJe7Bi+!6exq&&1%^V%oM}vy@M(T2R0L z@axyFPXdmd-m8au0tI?al1k^>t}XV#rgzJ7`(I@pk6TPCy{}py{-*qS27xRa`_Llc zyP-)*rm;iSF4v2endGuvubQ!cN2V7q6t^dJ6@fEDA1!Nt$ z6NN2}S(CpynzYJIvW<*N=#G6$n{TYpNq7ca=;`PxMh>}jGL6J45Hn2sLnjKvsKmtN z1)1iaNe;>~a#JLw7AGc*G7C@||H{3EgFtGZU#VcpNlU*g)^}exPql^rn$_6I*L3#x zG^BpPZt863FyC&$%Pye?FiR%#x;F;~1u^CG5@Vph{Hm}^^_N<1oroiKcadKYbQk&< z7#N6po!{@iam{Stqo9{g}1AO-&-)=DjhF^wK@ZO-gIq{L&gL zErI3iSCe;)_b*upB!Dhl9$}@CZ_N^1*})6HFL@(%219i)o*xR1Q1YK` zABPdLSy<%BC$Ro0YjBYi6H}c6D)sQBA{_8dTWiTn&mI2tJQ9q+_qVB^(d!7|e9Onz zj!N=lk?_ys)b7MLCY#`FYc%}n%I@J|H|0B~myVb(s}XXElBFOw@O!Jx0p+5cF@@IcVUGyAd$^ z=hk2~o@bi3wQiDB;v@8jn;7H#;67|;XynTmyz>#!7_Vj;d>-qXm>({nO46)9=NF9O z#tafF7!yeVFL*HZAyvS47BxjfTdEHuJLiC9{IH=kqJJ@yA(~P5fO8y#oATe8OID-k+=ItWiottA6+p7TVxctY>K{VXB;w z>_zpewMEWHyqnIEhNhc+83KV^F#)+FC*MG4uh{tOPzsoCe@^ncb1Xsn7V6!a^f{9D zziRpUHFMZAUUw@)o3N~P%Sz2@eaXnkklFLe)m@v?uNcqn=l^7vdeI8EfQNsX4n~Z* zii~`DobXa~?P7ne<}DZ}zAZPKfB2ARnes}9M=n0}UT%4{;>ig~%#!t6U`Q|?#&QLH7EH${tbVt5i`4r7~wUe6?G7CtCn@0X@oNnTrm9OTexmlg8BWpF^IgcG~h`H|S z6ml*lmn7NM&jc-iXD>@_C<_A!XU|e>Kd*7(F09B0lvdJYjr~#%&>fz&Nf{ek&S;97 z=W8)@?4BodH>(jFPCO}}^wdFvA9P}__wxJ`>M$@LN&jJiMNnr2Qu2dNKXbNf51`mb z9VL0W#k}NX8`V6lo$R5awSkvQGe7_R(+sWA4v5%aysrSSp3l^Bm(dF$e*Qcom7h#~ zsTocMuoT6dBZ3DmEh`@)Nwez0`X0=4`yO|pFu54>x3z5&@#%gB%C>O* zbcI5-8nClJK7}lgj3`jOMpJV-k&7Z=3Bf`G&rudQf3NYC$L(L1<=7(gI6nOcr5I97 z?_ZSGH2RAkaTP8rNSQ77`!Ja9%9ZV2pX@cuO@2Se3Ee(g5&fj645oU1u%Iq4xFEl> zvO@X~13a<0cPsEnmUE$qkll)wpMU@B&CU4|9hGS)&~Do)-Sinw8`ij3SQcCjGoaxp zQwv|8wC*o@9@pLPdR{x8gGrZuzoy_35CFj!^?1vpkeImInE{|Cf*hF&)UeH(Rpgrw z_sI6-$oVdGENH|m*r^XDvZJ354CuS8b|MdR2D9#r{0iEgzb>H=bpX+hO22!xC}Qq7 z=xhUwj_Y30OY(d16{WvgYbZ$bt^Pnm!`nFWrE1mcPxK=d_iyfndu-?i^+DX z_bhHbs%Mpz;>~gpLL&dIsA|5_L->yduU{6z2C9Fw095^al#LNn_ovJayBB zr^@44B!%C*d#<=vW-O;BadN8Yy00T8z35LLPdXs{7zGdi8STF9PzoqtOTj_(sC@@! z_?=4NWiS;Dxnb;%*$06AIi;i$_dZ1rFz7WZ_}%~nX=j;*Dd;1Q5qe0rGgj})J7dEk z>I?X4pfB77tkrmhx%(KFP0bv;&y~es!ndrlGG-YcN!gK$0eGZR*;unCQJ0$|wN`iru7FI>&ek)Evj~U&P9#UD#+O3JOZD^~A7{fKCj>;Ha#R`puJbacTJ8 zVla=V$mIea=7PXL*qTew{o+km=Xt}7XtAOSBN zK=-|FTmd+e44NmO0Asu2Hal37F#uncqlh?1)?x&U0I~ZH(AfT7hx7Bq#X5B|P*dIV zz%GuA>|1F*Tq076i5W8jB11VqJ28!#1E(n3(ihMziZ!1mfB8}ZlpLmB?b8*r45HVpl=Z9dYB14<_b- z;BU{ljA3YKm?-G~`;81iVZO3H=R&Pi{gI0MOgWWSwaw?(JBij08D8hRbgbnW?d>IT zuR(7jmAX3a*(UG!@^TCvH_V!)MH!IEiL;t4Qe7P$ZSwZr%MlsdjaS;%Hwxei$Tl?Oz+fEoNGwdXJ&k^!yD z#`aGi{Us&S@@(fWNYkJzl&bzF2*@gpsnP0(DvMDm&?Qk>T>K{OVW2IjWoNlzD=^IoYLeO&0xe>q>*V&%r`#Ra)eSV2~7L zW!2?O73tnqO_tni0n=W;Uu|YJlKu<$=K1OAuYi+yN4kA!HCJ5>oWBTS42fT-ViHp$ z0}0M}z+UK*{mDJs8Po5N_t)FzZR6&i(W*bIpg24R=@6^29Q68)xVib!RjR*ZQA^ff z8m%~eHdxJhniVf@4jN>=K)i^}wC{Zimt#A_X)wUHqY`N&AXcuteVf>|ad=odn%T4W zMWP}Z+xQfM}MW$M)~u> zvCN(hLjD`PA58kqZ2NIEpn;z1;i9ipQ==ykCsO2gO-)U^GyoR$c#^)>iKE8g;(yT*KLJp>Y-9il8XHyu6%> z;^g?te>tC9TZ^b#cfwA(tHR?ud*#OrUUwO}I%{_n(BGmLD5(y{C8nKf#+jI8?QNwg zpPdfV@HnlPfqtzezy{O2dL;yvr<+|Q)nYAGbfWG8zxx{$H2SR{0>G4l{=!A}ExNgt zmA(L&tAkmBV6#etTcnW@AURgV`4kfJ!ZQshF;f#0f?XiY;6l~UhS_+R6|OYDRfre{ENWr;`G{T<|7I>{xn{-L6$mwK^( z8}o}4=IIY00oho=z{i9@;za)6AN*fihX*nARBoRS zj|VlZF5Q literal 0 HcmV?d00001 diff --git a/docs/wireguard.md b/docs/wireguard.md new file mode 100644 index 0000000..45057be --- /dev/null +++ b/docs/wireguard.md @@ -0,0 +1,310 @@ +# Thom's WireGuard Documentation + +This is a basic guide to setting up the WireGuard VPN with a main server and a +couple client nodes. For the majority of this guide, I will assume the working +environment to be Linux. + +While this should be used only for personal reference, I've seen this solution +in production on both my [personal website](https://secure.garden) and +[NixNet](https://nixnet.services). + +!!! note + If you're needing to implement a VPN solution for your infrastructure, + please consult some extra resources for best practices in your situation. I + can't guarantee that copy/pasting this guide will work for your situation. + +## Introduction + +### What is WireGuard? + +[WireGuard][wg-home] defines itself as "an extremely simple yet fast and modern +VPN that utilizes state-of-the-art cryptography." Before continuing, let's +break down this statement. + +A *Virtual Private Network*, or VPN, is technology that allows a multitude of +computers/servers from all across the world to be tied into a single *private network* +as if they were sitting in the same room. This provides a multitude of both +security advantages and pure networking conveniences for system administrators. + +WireGuard also claims to use "state-of-the-art cryptography" for security. This +means that data transmitted over a WireGuard network is safe from the prying +eyes of third parties. Explaining the exact specification of what WireGuard +uses for its cryptography is beyond the scope of this document. For those who +remain curious however, the [technical whitepaper][wg-doc] states that it uses +a collection of: + +- Curve25519 for ECDH *(Elliptical Curve Diffie-Hellman)* +- HKDF for key expansion of ECDH results +- RFC7539's construction of ChaCha20 and Poly1305 for encryption +- BLAKE2s for hashing + +The above cryptography can also seen being referenced in [The Noise +Protocol][noise]. + +### Why Should You Use WireGuard? + +WireGuard allows multiple computers/servers to be tied together even when they're not +in the same location. This technology has been increasingly used by the +typical consumer, but its original role of large scale network management +hasn't been forgotten. + +By linking servers from around the world over a secure connection, we can +easily pass information between them without having to worry about security of +the applications or services actually sending/receiving this information. + +The classic example is being able to route or load balance incoming (and +encrypted) web traffic to a collection of back-end servers. This is simple if +the computers are in the same building and the thought of someone sniffing +traffic between the load balancer and the back-end isn't important. When the +servers are in different locations however, the communication has to be secured +somehow. Thus enters WireGuard. + +## Description of Equipment & List of Materials + +For the purposes of this guide, you will need: + +- A server with a static IP address +- Some client computers to be connected +- Some basic knowledge of the Linux command line + +## Installation + +!!! note + There are two parts to WireGuard: the core code that allows transmission of + network information over a WireGuard interface, and the user-land tools + that allow you to work with WireGuard. As of the Linux 5.6 kernel, the core + WireGuard code is included. The following information is strictly for + the user-land tools. + +The WireGuard tools need to be installed on **both** the server and the +clients. This varies depending on the specific Linux distribution, but for my +case of AlpineLinux on the server and ArchLinux on the clients, and the tools +are included in their respective package repositories. + +**Install on AlpineLinux:** +``` +apk add -U wireguard-tools +``` + +**Install on ArchLinux**: +``` +sudo pacman -S wireguard-tools +``` + +Debian based Linux distributions would use: +``` +sudo apt install wireguard +``` + +I can't suggest using Microsoft Windows at all, but I would especially not +recommend using it as the server. If you're going to have a Windows client +connect to your WireGuard network, you will need to fetch the installer from +here: +[https://download.wireguard.com/windows-client/](https://download.wireguard.com/windows-client/). + +Download the `.exe` file and run it. The installer will walk you through the +rest. + +## Setup + +### Simplified Overview + +This is the most important step of this guide. WireGuard needs to be configured +before it can do anything useful. + +Without going into unnecessary depth, WireGuard creates 'virtual' network +devices on your computer. Traffic sent over this device is sent to the server, +then it's forwarded from there to the correct destination. + +As an example, if **Client 2** wanted to send some kind of network request to +**Client 1**, it would send traffic over its WireGuard interface to the +server. The server would then look at the packet of information and decide what +to do with it. If everything checks out (the user is properly authenticated), +the server will bounce the message to **Client 1** (the original destination). + +![WireGuard Simplified Request Path](wgflow.png) + +All of this routing logic is handled behind the scenes, so it's not crucial to +know how it does all of this. What *is* important is that each of the clients +have to properly identify themselves to the server for the server to route the +traffic. + +### The Configuration + +To set up the above configuration, three key-pairs and configuration files have +to be created. + +#### Generating Keys + +Asymmetric key pairs will have to be generated for each of the devices on the +WireGuard network. + +For those unaware, asymmetric key pairs are made of two pieces of information: +one secret, and one public. The secret key goes on the device it belongs to, +and the public part will go on the server in our case. + +To generate the keys, type the following into a terminal: +``` +wg genkey | tee privatekey | wg pubkey > publickey +``` + +The above command does two things: + +1. It uses the `wg genkey` tool to generate a private key and save it to a file + named `privatekey`. This is the "secret" part, so don't share it with + anyone. +2. It then generates a public key using this same private key and saves it to a + file name `publickey`. This part doesn't need to be kept secret. + +We can then print out the keys that `wg` generated: +``` +cat {privatekey,publickey} +``` + +Which prints out two lines: +``` +2FKu9/7RppQsW+MhejnJVu9bzIRbmJj3zWe1Gj/fZHs= +eOnnVahlSaHpjAv9w1My3u6azw5T4OtWGMAMlLSgzSM= +``` + +The first one is the secret and the second is the public key. Make note of +these because they're needed in the next part. + +!!! note + Remember to generate keys for all the devices you plan to use. + Keep track of what keys go to which device. You might want to save them in + separate files for each device. + +#### Writing Configuration Files + +Once keys are generated for each of the devices, we need to now tell each of +the devices how to connect to each other. + +!!! note + `wg0.conf` can be replaced in the following examples depending on what you + want the network to be named. Just remember to leave `.conf` as the file + extension. + +We should start with the clients. This process will also need to be repeated +for each client you choose to connect. + +On Linux machines, edit `/etc/wireguard/wg0.conf`. You will need +root/administrator privileges to access this directory. + +In my case, I would run: +``` +sudo vim /etc/wireguard/wg0.conf +``` + +Open the config file, and the following needs to then be inserted into the +file: +``` +[Interface] +Address = 10.0.0.1 +PrivateKey = + +[Peer] +PublicKey = +EndPoint = :4534 +AllowedIPs = 10.0.0.0/24 + +PersistentKeepalive = 25 +``` + +In the above configuration, a few things will have to be replaced: + +- The `Address` under `[Interface]` is what you want the IP of the client to + be. This has to be different on ever device. I suggest starting with + `10.0.0.1` for the first client and incrementing from there (`10.0.0.2`, + `10.0.0.3`, etc.). +- **``** needs to be replaced with the **private key** you + generated for the device earlier. +- **``** needs to be replaced with the **public key** you + generated for the *server* earlier. +- **``** needs to be replaced with the public IPv4 address + for the server that is going to be facilities this VPN. An example would be `108.177.122.100`. + +!!! note + If you're more advanced with networking, you can substitute the + `10.0.0.0/24` subnet with another local subnet of your choice. Be sure to + know what this means before you do it. + +Once the above process has been repeated for the other client, the server needs +to be configured. + +Open the same file on the server (`/etc/wireguard/wg0.conf`) and add the +following into it: +``` +[Interface] +Address = 10.0.0.0 +ListenPort = 4534 +PrivateKey = +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;iptables -A FORWARD -o %i -j ACCEPT +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE;iptables -D FORWARD -o %i -j ACCEPT + +# Client 1 +[Peer] +PublicKey = +AllowedIPs = 10.0.0.1/32 + +# Client 2 +[Peer] +PublicKey = +AllowedIPs = 10.0.0.2/32 +``` + +As with the configurations on the clients, some values need to be substituted: + +- **``**: the *private* key generated for the server +- **``**: the *public* key generated for client 1 +- **``**: the *public* key generated for client 2 + +### Starting the Network + +The essential configuration is now setup, but nothing is communicating with +each other yet. WireGuard interfaces still have to be created on each of the +devices. This can be simplified using the `wg-quick` utility. + +To turn on WireGuard, run the following command on each of the devices: +``` +sudo wg-quick up wg0 +``` + +Now any information that is sent to the addresses of the other devices +(`10.0.0.0`, `10.0.0.1`, or `10.0.0.2`), will travel over the secure WireGuard +tunnel. + +## FAQ + +## Troubleshooting/ Getting Support + +WireGuard is fairly robust and hard to break, but there are a few steps that +usually catch people up. + +Below are a couple common issues, but if all else fails you can ask questions +in the `#wireguard` channel on the Freenode IRC server. + +### Check Your Keys + +By far the most common mistake is getting the WireGuard keys wrong. If you're +struggling to get WireGuard to work, remake your key pairs. + +Be extra careful to note which key goes to which device and that its pasted +into the correct spots in the configuration files. + +### Check The Server's Public IP + +If the WireGuard clients aren't connecting, it could be that the wrong server +IP was used as the `EndPoint` in the client configurations. + +## Contributing + +If you would like to contribute to this guide, the source is hosted over on the +[NixNet Git][nn-git] server. Open an issue if you think there's +something that needs to be added, changed, or removed. + + +[wg-home]: https://www.wireguard.com/ +[wg-doc]: https://www.wireguard.com/papers/wireguard.pdf +[nn-git]: https://git.nixnet.services +[noise]: https://noiseprotocol.org/noise.html diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 0000000..ac7053e --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,30 @@ +site_name: "Thom's Documentation" +nav: + - Home: index.md + #- Assignment Instructions: instructions.md + - WireGuard: wireguard.md + #- License: LICENSE.md + - LXD: lxd.md +theme: + name: material + features: + - navigation.sections + - header.autohide + palette: + - media: "(prefers-color-scheme: light)" + primary: red + scheme: default + toggle: + icon: material/lightbulb-outline + name: Switch to dark mode + - media: "(prefers-color-scheme: dark)" + primary: black + scheme: slate + toggle: + icon: material/lightbulb + name: Switch to light mode +markdown_extensions: + admonition: {} +copyright: Copyright © 2021 Thom Dickson +repo_url: https://git.nixnet.services/boots/docs +repo_name: boots/docs